From aa018c1484ce053bf88dbe066988b5e39a2c0317 Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Tue, 23 Aug 2011 19:01:22 +0200 Subject: auth: Make ssh_userauth_try_publickey() legacy. --- include/libssh/legacy.h | 1 + include/libssh/libssh.h | 1 - include/libssh/libsshpp.hpp | 6 +- src/auth.c | 154 +------------------------------------------- src/legacy.c | 20 ++++++ 5 files changed, 26 insertions(+), 156 deletions(-) diff --git a/include/libssh/legacy.h b/include/libssh/legacy.h index 80b8fac..1905e89 100644 --- a/include/libssh/legacy.h +++ b/include/libssh/legacy.h @@ -31,6 +31,7 @@ #ifndef LEGACY_H_ #define LEGACY_H_ LIBSSH_API int ssh_auth_list(ssh_session session); +LIBSSH_API int ssh_userauth_offer_pubkey(ssh_session session, const char *username, int type, ssh_string publickey); LIBSSH_API void buffer_free(ssh_buffer buffer); LIBSSH_API void *buffer_get(ssh_buffer buffer); diff --git a/include/libssh/libssh.h b/include/libssh/libssh.h index f37f839..89c4258 100644 --- a/include/libssh/libssh.h +++ b/include/libssh/libssh.h @@ -512,7 +512,6 @@ LIBSSH_API int ssh_userauth_kbdint_getnanswers(ssh_session session); LIBSSH_API const char *ssh_userauth_kbdint_getanswer(ssh_session session, unsigned int i); LIBSSH_API int ssh_userauth_kbdint_setanswer(ssh_session session, unsigned int i, const char *answer); -LIBSSH_API int ssh_userauth_offer_pubkey(ssh_session session, const char *username, int type, ssh_string publickey); LIBSSH_API int ssh_userauth_password(ssh_session session, const char *username, const char *password); LIBSSH_API int ssh_userauth_pubkey(ssh_session session, const char *username, ssh_string publickey, ssh_private_key privatekey); LIBSSH_API int ssh_userauth_privatekey_file(ssh_session session, const char *username, diff --git a/include/libssh/libsshpp.hpp b/include/libssh/libsshpp.hpp index 03101d3..3c82e58 100644 --- a/include/libssh/libsshpp.hpp +++ b/include/libssh/libsshpp.hpp @@ -211,10 +211,10 @@ public: * @throws SshException on error * @returns SSH_AUTH_SUCCESS if the pubkey is accepted, * @returns SSH_AUTH_DENIED if the pubkey is denied - * @see ssh_userauth_offer_pubkey + * @see ssh_userauth_try_pubkey */ - int userauthOfferPubkey(int type, ssh_string pubkey){ - int ret=ssh_userauth_offer_pubkey(c_session,NULL,type,pubkey); + int userauthTryPublickey(ssh_key pubkey){ + int ret=ssh_userauth_try_publickey(c_session, NULL, pubkey); ssh_throw(ret); return ret; } diff --git a/src/auth.c b/src/auth.c index 93f62cb..dac187a 100644 --- a/src/auth.c +++ b/src/auth.c @@ -42,6 +42,8 @@ #include "libssh/auth.h" #include "libssh/pki.h" +#include "libssh/legacy.h" + /** * @defgroup libssh_auth The SSH authentication functions. * @ingroup libssh @@ -627,158 +629,6 @@ fail: return SSH_AUTH_ERROR; } -/** - * @brief Try to authenticate through public key. - * - * @param[in] session The ssh session to use. - * - * @param[in] username The username to authenticate. You can specify NULL if - * ssh_option_set_username() has been used. You cannot try - * two different logins in a row. - * - * @param[in] type The type of the public key. This value is given by - * publickey_from_file() or ssh_privatekey_type(). - * - * @param[in] publickey A public key returned by publickey_from_file(). - * - * @returns SSH_AUTH_ERROR: A serious error happened.\n - * SSH_AUTH_DENIED: The server doesn't accept that public key as an - * authentication token. Try another key or another - * method.\n - * SSH_AUTH_PARTIAL: You've been partially authenticated, you still - * have to use another method.\n - * SSH_AUTH_SUCCESS: The public key is accepted, you want now to use - * ssh_userauth_pubkey(). - * SSH_AUTH_AGAIN: In nonblocking mode, you've got to call this again - * later. - * - * @see publickey_from_file() - * @see privatekey_from_file() - * @see ssh_privatekey_type() - * @see ssh_userauth_pubkey() - */ -int ssh_userauth_offer_pubkey(ssh_session session, const char *username, - int type, ssh_string publickey) { - ssh_string user = NULL; - ssh_string service = NULL; - ssh_string method = NULL; - ssh_string algo = NULL; - int rc = SSH_AUTH_ERROR; - - if(session==NULL) - return SSH_AUTH_ERROR; - if(publickey==NULL){ - ssh_set_error(session,SSH_FATAL,"invalid arguments"); - return SSH_AUTH_ERROR; - } - enter_function(); - -#ifdef WITH_SSH1 - if (session->version == 1) { - rc = ssh_userauth1_offer_pubkey(session, username, type, publickey); - leave_function(); - return rc; - } -#endif - - if (username == NULL) { - if (session->username == NULL) { - if (ssh_options_apply(session) < 0) { - leave_function(); - return rc; - } - } - user = ssh_string_from_char(session->username); - } else { - user = ssh_string_from_char(username); - } - - if (user == NULL) { - ssh_set_error_oom(session); - leave_function(); - return rc; - } - switch(session->pending_call_state){ - case SSH_PENDING_CALL_NONE: - break; - case SSH_PENDING_CALL_AUTH_OFFER_PUBKEY: - ssh_string_free(user); - user=NULL; - goto pending; - default: - ssh_set_error(session,SSH_FATAL,"Bad call during pending SSH call in ssh_userauth_offer_pubkey"); - goto error; - rc=SSH_ERROR; - } - - rc = ssh_userauth_request_service(session); - if(rc == SSH_AGAIN){ - rc=SSH_AUTH_AGAIN; - ssh_string_free(user); - leave_function(); - return rc; - } else if(rc == SSH_ERROR){ - rc=SSH_AUTH_ERROR; - ssh_string_free(user); - leave_function(); - return rc; - } - - service = ssh_string_from_char("ssh-connection"); - if (service == NULL) { - ssh_set_error_oom(session); - goto error; - } - method = ssh_string_from_char("publickey"); - if (method == NULL) { - ssh_set_error_oom(session); - goto error; - } - algo = ssh_string_from_char(ssh_type_to_char(type)); - if (algo == NULL) { - ssh_set_error_oom(session); - goto error; - } - - if (buffer_add_u8(session->out_buffer, SSH2_MSG_USERAUTH_REQUEST) < 0 || - buffer_add_ssh_string(session->out_buffer, user) < 0 || - buffer_add_ssh_string(session->out_buffer, service) < 0 || - buffer_add_ssh_string(session->out_buffer, method) < 0 || - buffer_add_u8(session->out_buffer, 0) < 0 || - buffer_add_ssh_string(session->out_buffer, algo) < 0 || - buffer_add_ssh_string(session->out_buffer, publickey) < 0) { - ssh_set_error_oom(session); - goto error; - } - - ssh_string_free(user); - ssh_string_free(method); - ssh_string_free(service); - ssh_string_free(algo); - session->auth_state=SSH_AUTH_STATE_NONE; - session->pending_call_state=SSH_PENDING_CALL_AUTH_OFFER_PUBKEY; - if (packet_send(session) == SSH_ERROR) { - leave_function(); - return rc; - } -pending: - rc = ssh_userauth_get_response(session); - if (rc != SSH_AUTH_AGAIN) - session->pending_call_state=SSH_PENDING_CALL_NONE; - leave_function(); - return rc; -error: - buffer_reinit(session->out_buffer); - ssh_string_free(user); - ssh_string_free(method); - ssh_string_free(service); - ssh_string_free(algo); - - leave_function(); - return rc; -} - - /** * @brief Try to authenticate through public key (deprecated). * diff --git a/src/legacy.c b/src/legacy.c index cfe8bc0..58ee1be 100644 --- a/src/legacy.c +++ b/src/legacy.c @@ -40,6 +40,26 @@ int ssh_auth_list(ssh_session session) { return ssh_userauth_list(session, NULL); } +int ssh_userauth_offer_pubkey(ssh_session session, const char *username, + int type, ssh_string publickey) +{ + ssh_key key; + int rc; + + (void) type; /* unused */ + + rc = ssh_pki_import_pubkey_blob(publickey, &key); + if (rc < 0) { + ssh_set_error(session, SSH_FATAL, "Failed to convert public key"); + return SSH_AUTH_ERROR; + } + + rc = ssh_userauth_try_publickey(session, username, key); + ssh_key_free(key); + + return rc; +} + /* BUFFER FUNCTIONS */ void buffer_free(ssh_buffer buffer){ -- cgit