annotate cli-authpubkey.c @ 1920:1489449eceb1

Check authorized_keys permissions as the user This is necessary on NFS with squash root. Based on work from Chris Dragan This commit also tidies some trailing whitespace. Fixes github pull #107
author Matt Johnston <matt@ucc.asn.au>
date Wed, 30 Mar 2022 12:56:09 +0800
parents fe68c0244b97
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
74
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
1 /*
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
2 * Dropbear SSH
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
3 *
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
4 * Copyright (c) 2002,2003 Matt Johnston
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
5 * Copyright (c) 2004 by Mihnea Stoenescu
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
6 * All rights reserved.
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
7 *
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
8 * Permission is hereby granted, free of charge, to any person obtaining a copy
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
9 * of this software and associated documentation files (the "Software"), to deal
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
10 * in the Software without restriction, including without limitation the rights
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
12 * copies of the Software, and to permit persons to whom the Software is
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
13 * furnished to do so, subject to the following conditions:
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
14 *
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
15 * The above copyright notice and this permission notice shall be included in
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
16 * all copies or substantial portions of the Software.
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
17 *
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
21 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
24 * SOFTWARE. */
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
25
45
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
26 #include "includes.h"
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
27 #include "buffer.h"
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
28 #include "dbutil.h"
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
29 #include "session.h"
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
30 #include "ssh.h"
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
31 #include "runopts.h"
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
32 #include "auth.h"
551
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents: 550
diff changeset
33 #include "agentfwd.h"
45
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
34
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1122
diff changeset
35 #if DROPBEAR_CLI_PUBKEY_AUTH
1675
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents: 1674
diff changeset
36 static void send_msg_userauth_pubkey(sign_key *key, enum signature_type sigtype, int realsign);
45
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
37
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
38 /* Called when we receive a SSH_MSG_USERAUTH_FAILURE for a pubkey request.
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
39 * We use it to remove the key we tried from the list */
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
40 void cli_pubkeyfail() {
551
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents: 550
diff changeset
41 m_list_elem *iter;
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents: 550
diff changeset
42 for (iter = cli_opts.privkeys->first; iter; iter = iter->next) {
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents: 550
diff changeset
43 sign_key *iter_key = (sign_key*)iter->item;
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents: 550
diff changeset
44
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents: 550
diff changeset
45 if (iter_key == cli_ses.lastprivkey)
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents: 550
diff changeset
46 {
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents: 550
diff changeset
47 /* found the failing key */
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents: 550
diff changeset
48 list_remove(iter);
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents: 550
diff changeset
49 sign_key_free(iter_key);
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents: 550
diff changeset
50 cli_ses.lastprivkey = NULL;
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents: 550
diff changeset
51 return;
45
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
52 }
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
53 }
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
54 }
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
55
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
56 void recv_msg_userauth_pk_ok() {
551
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents: 550
diff changeset
57 m_list_elem *iter;
406
2448ae3e75b5 Fix leak of keybuf in recv_msg_userauth_pk_ok, courtesy of Klocwork
Matt Johnston <matt@ucc.asn.au>
parents: 215
diff changeset
58 buffer* keybuf = NULL;
45
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
59 char* algotype = NULL;
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
60 unsigned int algolen;
1675
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents: 1674
diff changeset
61 enum signkey_type keytype;
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents: 1674
diff changeset
62 enum signature_type sigtype;
45
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
63 unsigned int remotelen;
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
64
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 74
diff changeset
65 TRACE(("enter recv_msg_userauth_pk_ok"))
45
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
66
1122
aaf576b27a10 Merge pull request #13 from gazoo74/fix-warnings
Matt Johnston <matt@ucc.asn.au>
parents: 1094
diff changeset
67 algotype = buf_getstring(ses.payload, &algolen);
1674
ba6fc7afe1c5 use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents: 1459
diff changeset
68 sigtype = signature_type_from_name(algotype, algolen);
ba6fc7afe1c5 use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents: 1459
diff changeset
69 keytype = signkey_type_from_signature(sigtype);
ba6fc7afe1c5 use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents: 1459
diff changeset
70 TRACE(("recv_msg_userauth_pk_ok: type %d", sigtype))
45
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
71 m_free(algotype);
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
72
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
73 keybuf = buf_new(MAX_PUBKEY_SIZE);
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
74
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
75 remotelen = buf_getint(ses.payload);
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
76
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
77 /* Iterate through our keys, find which one it was that matched, and
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
78 * send a real request with that key */
551
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents: 550
diff changeset
79 for (iter = cli_opts.privkeys->first; iter; iter = iter->next) {
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents: 550
diff changeset
80 sign_key *key = (sign_key*)iter->item;
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents: 550
diff changeset
81 if (key->type != keytype) {
45
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
82 /* Types differed */
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 74
diff changeset
83 TRACE(("types differed"))
45
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
84 continue;
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
85 }
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
86
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
87 /* Now we compare the contents of the key */
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
88 keybuf->pos = keybuf->len = 0;
551
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents: 550
diff changeset
89 buf_put_pub_key(keybuf, key, keytype);
47
4b53a43f0082 - client pubkey auth works
Matt Johnston <matt@ucc.asn.au>
parents: 45
diff changeset
90 buf_setpos(keybuf, 0);
4b53a43f0082 - client pubkey auth works
Matt Johnston <matt@ucc.asn.au>
parents: 45
diff changeset
91 buf_incrpos(keybuf, 4); /* first int is the length of the remainder (ie
4b53a43f0082 - client pubkey auth works
Matt Johnston <matt@ucc.asn.au>
parents: 45
diff changeset
92 remotelen) which has already been taken from
4b53a43f0082 - client pubkey auth works
Matt Johnston <matt@ucc.asn.au>
parents: 45
diff changeset
93 the remote buffer */
45
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
94
47
4b53a43f0082 - client pubkey auth works
Matt Johnston <matt@ucc.asn.au>
parents: 45
diff changeset
95
4b53a43f0082 - client pubkey auth works
Matt Johnston <matt@ucc.asn.au>
parents: 45
diff changeset
96 if (keybuf->len-4 != remotelen) {
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 74
diff changeset
97 TRACE(("lengths differed: localh %d remote %d", keybuf->len, remotelen))
45
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
98 /* Lengths differed */
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
99 continue;
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
100 }
47
4b53a43f0082 - client pubkey auth works
Matt Johnston <matt@ucc.asn.au>
parents: 45
diff changeset
101 if (memcmp(buf_getptr(keybuf, remotelen),
45
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
102 buf_getptr(ses.payload, remotelen), remotelen) != 0) {
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
103 /* Data didn't match this key */
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 74
diff changeset
104 TRACE(("data differed"))
45
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
105 continue;
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
106 }
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
107
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
108 /* Success */
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
109 break;
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
110 }
340
454a34b2dfd1 Fixes from Erik Hovland:
Matt Johnston <matt@ucc.asn.au>
parents: 215
diff changeset
111 buf_free(keybuf);
45
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
112
551
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents: 550
diff changeset
113 if (iter != NULL) {
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 74
diff changeset
114 TRACE(("matching key"))
45
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
115 /* XXX TODO: if it's an encrypted key, here we ask for their
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
116 * password */
1675
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents: 1674
diff changeset
117 send_msg_userauth_pubkey((sign_key*)iter->item, sigtype, 1);
45
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
118 } else {
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 74
diff changeset
119 TRACE(("That was whacky. We got told that a key was valid, but it didn't match our list. Sounds like dodgy code on Dropbear's part"))
45
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
120 }
406
2448ae3e75b5 Fix leak of keybuf in recv_msg_userauth_pk_ok, courtesy of Klocwork
Matt Johnston <matt@ucc.asn.au>
parents: 215
diff changeset
121
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 74
diff changeset
122 TRACE(("leave recv_msg_userauth_pk_ok"))
45
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
123 }
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
124
1675
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents: 1674
diff changeset
125 static void cli_buf_put_sign(buffer* buf, sign_key *key, enum signature_type sigtype,
1459
06d52bcb8094 Pointer parameter could be declared as pointing to const
Francois Perrad <francois.perrad@gadz.org>
parents: 1295
diff changeset
126 const buffer *data_buf) {
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1122
diff changeset
127 #if DROPBEAR_CLI_AGENTFWD
1798
8dc43b30c6bf Define _GNU_SOURCE properly, other header fixes
Matt Johnston <matt@ucc.asn.au>
parents: 1696
diff changeset
128 /* TODO: rsa-sha256 agent */
551
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents: 550
diff changeset
129 if (key->source == SIGNKEY_SOURCE_AGENT) {
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents: 550
diff changeset
130 /* Format the agent signature ourselves, as buf_put_sign would. */
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents: 550
diff changeset
131 buffer *sigblob;
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents: 550
diff changeset
132 sigblob = buf_new(MAX_PUBKEY_SIZE);
1682
a53e7d2d60be rsa-sha256 for ssh-agent
Matt Johnston <matt@ucc.asn.au>
parents: 1681
diff changeset
133 agent_buf_sign(sigblob, key, data_buf, sigtype);
760
f336d232fc63 Make _sign and _verify functions take a buffer* rather than void* and int
Matt Johnston <matt@ucc.asn.au>
parents: 669
diff changeset
134 buf_putbufstring(buf, sigblob);
551
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents: 550
diff changeset
135 buf_free(sigblob);
669
a8367733e8cd Slight formatting change for ENABLE_CLI_AGENTFWD if statement
Matt Johnston <matt@ucc.asn.au>
parents: 668
diff changeset
136 } else
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1122
diff changeset
137 #endif /* DROPBEAR_CLI_AGENTFWD */
669
a8367733e8cd Slight formatting change for ENABLE_CLI_AGENTFWD if statement
Matt Johnston <matt@ucc.asn.au>
parents: 668
diff changeset
138 {
1674
ba6fc7afe1c5 use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents: 1459
diff changeset
139 buf_put_sign(buf, key, sigtype, data_buf);
551
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents: 550
diff changeset
140 }
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents: 550
diff changeset
141 }
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents: 550
diff changeset
142
1675
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents: 1674
diff changeset
143 static void send_msg_userauth_pubkey(sign_key *key, enum signature_type sigtype, int realsign) {
45
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
144
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
145 const char *algoname = NULL;
1094
c45d65392c1a Fix pointer differ in signess warnings [-Werror=pointer-sign]
Gaël PORTAY <gael.portay@gmail.com>
parents: 1032
diff changeset
146 unsigned int algolen;
45
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
147 buffer* sigbuf = NULL;
1674
ba6fc7afe1c5 use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents: 1459
diff changeset
148 enum signkey_type keytype = signkey_type_from_signature(sigtype);
45
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
149
1897
fe68c0244b97 Use signature type not key type for debug message
Matt Johnston <matt@ucc.asn.au>
parents: 1894
diff changeset
150 DEBUG1(("enter send_msg_userauth_pubkey %s", signature_name_from_type(sigtype, NULL)))
45
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
151 CHECKCLEARTOWRITE();
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
152
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
153 buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_REQUEST);
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
154
1122
aaf576b27a10 Merge pull request #13 from gazoo74/fix-warnings
Matt Johnston <matt@ucc.asn.au>
parents: 1094
diff changeset
155 buf_putstring(ses.writepayload, cli_opts.username,
45
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
156 strlen(cli_opts.username));
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
157
1122
aaf576b27a10 Merge pull request #13 from gazoo74/fix-warnings
Matt Johnston <matt@ucc.asn.au>
parents: 1094
diff changeset
158 buf_putstring(ses.writepayload, SSH_SERVICE_CONNECTION,
45
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
159 SSH_SERVICE_CONNECTION_LEN);
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
160
1122
aaf576b27a10 Merge pull request #13 from gazoo74/fix-warnings
Matt Johnston <matt@ucc.asn.au>
parents: 1094
diff changeset
161 buf_putstring(ses.writepayload, AUTH_METHOD_PUBKEY,
45
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
162 AUTH_METHOD_PUBKEY_LEN);
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
163
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
164 buf_putbyte(ses.writepayload, realsign);
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
165
1674
ba6fc7afe1c5 use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents: 1459
diff changeset
166 algoname = signature_name_from_type(sigtype, &algolen);
1122
aaf576b27a10 Merge pull request #13 from gazoo74/fix-warnings
Matt Johnston <matt@ucc.asn.au>
parents: 1094
diff changeset
167 buf_putstring(ses.writepayload, algoname, algolen);
1674
ba6fc7afe1c5 use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents: 1459
diff changeset
168 buf_put_pub_key(ses.writepayload, key, keytype);
45
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
169
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
170 if (realsign) {
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 74
diff changeset
171 TRACE(("realsign"))
45
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
172 /* We put the signature as well - this contains string(session id), then
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
173 * the contents of the write payload to this point */
762
a78a38e402d1 - Fix various hardcoded uses of SHA1
Matt Johnston <matt@ucc.asn.au>
parents: 761
diff changeset
174 sigbuf = buf_new(4 + ses.session_id->len + ses.writepayload->len);
760
f336d232fc63 Make _sign and _verify functions take a buffer* rather than void* and int
Matt Johnston <matt@ucc.asn.au>
parents: 669
diff changeset
175 buf_putbufstring(sigbuf, ses.session_id);
45
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
176 buf_putbytes(sigbuf, ses.writepayload->data, ses.writepayload->len);
1674
ba6fc7afe1c5 use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents: 1459
diff changeset
177 cli_buf_put_sign(ses.writepayload, key, sigtype, sigbuf);
45
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
178 buf_free(sigbuf); /* Nothing confidential in the buffer */
1821
df8d8ec1801c added option to disable trivial auth methods (#128)
Manfred Kaiser <37737811+manfred-kaiser@users.noreply.github.com>
parents: 1798
diff changeset
179 cli_ses.is_trivial_auth = 0;
45
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
180 }
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
181
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
182 encrypt_packet();
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 74
diff changeset
183 TRACE(("leave send_msg_userauth_pubkey"))
45
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
184 }
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
185
551
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents: 550
diff changeset
186 /* Returns 1 if a key was tried */
45
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
187 int cli_auth_pubkey() {
1696
d18fa38c1fd4 initialise variable to stop warning
Matt Johnston <matt@ucc.asn.au>
parents: 1682
diff changeset
188 enum signature_type sigtype = DROPBEAR_SIGNATURE_NONE;
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 74
diff changeset
189 TRACE(("enter cli_auth_pubkey"))
45
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
190
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1122
diff changeset
191 #if DROPBEAR_CLI_AGENTFWD
560
52d7301e46bd Agent forwarding works
Matt Johnston <matt@ucc.asn.au>
parents: 552
diff changeset
192 if (!cli_opts.agent_keys_loaded) {
225
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents: 215
diff changeset
193 /* get the list of available keys from the agent */
560
52d7301e46bd Agent forwarding works
Matt Johnston <matt@ucc.asn.au>
parents: 552
diff changeset
194 cli_load_agent_keys(cli_opts.privkeys);
550
61c3513825b0 Talking to the agent works now. Can't interpret the pubkeys.
Matt Johnston <matt@ucc.asn.au>
parents: 547
diff changeset
195 cli_opts.agent_keys_loaded = 1;
1676
d5cdc60db08e ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents: 1675
diff changeset
196 TRACE(("cli_auth_pubkey: agent keys loaded"))
225
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents: 215
diff changeset
197 }
668
405418f7dc5e Fixed compilation with unset ENABLE_{SVR,CLI}_AGENTFWD.
Andrey Mazo <ahippo@yandex.ru>
parents: 560
diff changeset
198 #endif
225
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents: 215
diff changeset
199
1676
d5cdc60db08e ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents: 1675
diff changeset
200 /* iterate through privkeys to remove ones not allowed in server-sig-algs */
d5cdc60db08e ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents: 1675
diff changeset
201 while (cli_opts.privkeys->first) {
d5cdc60db08e ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents: 1675
diff changeset
202 sign_key * key = (sign_key*)cli_opts.privkeys->first->item;
d5cdc60db08e ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents: 1675
diff changeset
203 if (cli_ses.server_sig_algs) {
1681
435cfb9ec96e send and handle SSH_MSG_EXT_INFO only at the correct point
Matt Johnston <matt@ucc.asn.au>
parents: 1676
diff changeset
204 #if DROPBEAR_RSA
1676
d5cdc60db08e ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents: 1675
diff changeset
205 if (key->type == DROPBEAR_SIGNKEY_RSA) {
1675
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents: 1674
diff changeset
206 #if DROPBEAR_RSA_SHA256
1676
d5cdc60db08e ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents: 1675
diff changeset
207 if (buf_has_algo(cli_ses.server_sig_algs, SSH_SIGNATURE_RSA_SHA256)
d5cdc60db08e ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents: 1675
diff changeset
208 == DROPBEAR_SUCCESS) {
d5cdc60db08e ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents: 1675
diff changeset
209 sigtype = DROPBEAR_SIGNATURE_RSA_SHA256;
d5cdc60db08e ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents: 1675
diff changeset
210 TRACE(("server-sig-algs allows rsa sha256"))
d5cdc60db08e ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents: 1675
diff changeset
211 break;
d5cdc60db08e ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents: 1675
diff changeset
212 }
d5cdc60db08e ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents: 1675
diff changeset
213 #endif /* DROPBEAR_RSA_SHA256 */
d5cdc60db08e ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents: 1675
diff changeset
214 #if DROPBEAR_RSA_SHA1
d5cdc60db08e ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents: 1675
diff changeset
215 if (buf_has_algo(cli_ses.server_sig_algs, SSH_SIGNKEY_RSA)
d5cdc60db08e ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents: 1675
diff changeset
216 == DROPBEAR_SUCCESS) {
d5cdc60db08e ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents: 1675
diff changeset
217 sigtype = DROPBEAR_SIGNATURE_RSA_SHA1;
d5cdc60db08e ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents: 1675
diff changeset
218 TRACE(("server-sig-algs allows rsa sha1"))
d5cdc60db08e ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents: 1675
diff changeset
219 break;
d5cdc60db08e ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents: 1675
diff changeset
220 }
d5cdc60db08e ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents: 1675
diff changeset
221 #endif /* DROPBEAR_RSA_SHA256 */
d5cdc60db08e ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents: 1675
diff changeset
222 } else
d5cdc60db08e ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents: 1675
diff changeset
223 #endif /* DROPBEAR_RSA */
d5cdc60db08e ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents: 1675
diff changeset
224 {
d5cdc60db08e ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents: 1675
diff changeset
225 /* Not RSA */
d5cdc60db08e ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents: 1675
diff changeset
226 const char *name = NULL;
d5cdc60db08e ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents: 1675
diff changeset
227 sigtype = signature_type_from_signkey(key->type);
d5cdc60db08e ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents: 1675
diff changeset
228 name = signature_name_from_type(sigtype, NULL);
d5cdc60db08e ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents: 1675
diff changeset
229 if (buf_has_algo(cli_ses.server_sig_algs, name)
d5cdc60db08e ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents: 1675
diff changeset
230 == DROPBEAR_SUCCESS) {
d5cdc60db08e ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents: 1675
diff changeset
231 TRACE(("server-sig-algs allows %s", name))
d5cdc60db08e ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents: 1675
diff changeset
232 break;
d5cdc60db08e ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents: 1675
diff changeset
233 }
d5cdc60db08e ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents: 1675
diff changeset
234 }
d5cdc60db08e ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents: 1675
diff changeset
235
d5cdc60db08e ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents: 1675
diff changeset
236 /* No match, skip this key */
d5cdc60db08e ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents: 1675
diff changeset
237 TRACE(("server-sig-algs no match keytype %d, skipping", key->type))
d5cdc60db08e ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents: 1675
diff changeset
238 key = list_remove(cli_opts.privkeys->first);
d5cdc60db08e ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents: 1675
diff changeset
239 sign_key_free(key);
d5cdc60db08e ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents: 1675
diff changeset
240 continue;
d5cdc60db08e ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents: 1675
diff changeset
241 } else {
d5cdc60db08e ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents: 1675
diff changeset
242 /* Server didn't provide a server-sig-algs list, we'll
d5cdc60db08e ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents: 1675
diff changeset
243 assume all except rsa-sha256 are OK. */
d5cdc60db08e ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents: 1675
diff changeset
244 #if DROPBEAR_RSA
d5cdc60db08e ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents: 1675
diff changeset
245 if (key->type == DROPBEAR_SIGNKEY_RSA) {
1681
435cfb9ec96e send and handle SSH_MSG_EXT_INFO only at the correct point
Matt Johnston <matt@ucc.asn.au>
parents: 1676
diff changeset
246 #if DROPBEAR_RSA_SHA1
1676
d5cdc60db08e ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents: 1675
diff changeset
247 sigtype = DROPBEAR_SIGNATURE_RSA_SHA1;
d5cdc60db08e ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents: 1675
diff changeset
248 TRACE(("no server-sig-algs, using rsa sha1"))
d5cdc60db08e ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents: 1675
diff changeset
249 break;
d5cdc60db08e ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents: 1675
diff changeset
250 #else
d5cdc60db08e ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents: 1675
diff changeset
251 /* only support rsa-sha256, skip this key */
d5cdc60db08e ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents: 1675
diff changeset
252 TRACE(("no server-sig-algs, skipping rsa sha256"))
d5cdc60db08e ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents: 1675
diff changeset
253 key = list_remove(cli_opts.privkeys->first);
d5cdc60db08e ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents: 1675
diff changeset
254 sign_key_free(key);
d5cdc60db08e ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents: 1675
diff changeset
255 continue;
1675
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents: 1674
diff changeset
256 #endif
1676
d5cdc60db08e ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents: 1675
diff changeset
257 } /* key->type == DROPBEAR_SIGNKEY_RSA */
d5cdc60db08e ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents: 1675
diff changeset
258 #endif /* DROPBEAR_RSA */
d5cdc60db08e ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents: 1675
diff changeset
259 sigtype = signature_type_from_signkey(key->type);
d5cdc60db08e ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents: 1675
diff changeset
260 TRACE(("no server-sig-algs, using key"))
d5cdc60db08e ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents: 1675
diff changeset
261 break;
d5cdc60db08e ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents: 1675
diff changeset
262 }
d5cdc60db08e ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents: 1675
diff changeset
263 }
1675
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents: 1674
diff changeset
264
551
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents: 550
diff changeset
265 if (cli_opts.privkeys->first) {
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents: 550
diff changeset
266 sign_key * key = (sign_key*)cli_opts.privkeys->first->item;
1675
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents: 1674
diff changeset
267 /* Send a trial request */
1674
ba6fc7afe1c5 use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents: 1459
diff changeset
268 send_msg_userauth_pubkey(key, sigtype, 0);
551
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents: 550
diff changeset
269 cli_ses.lastprivkey = key;
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 74
diff changeset
270 TRACE(("leave cli_auth_pubkey-success"))
45
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
271 return 1;
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
272 } else {
552
de3653483ac0 - Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents: 551
diff changeset
273 /* no more keys left */
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 74
diff changeset
274 TRACE(("leave cli_auth_pubkey-failure"))
45
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
275 return 0;
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
276 }
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
277 }
552
de3653483ac0 - Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents: 551
diff changeset
278
de3653483ac0 - Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents: 551
diff changeset
279 void cli_auth_pubkey_cleanup() {
de3653483ac0 - Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents: 551
diff changeset
280
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1122
diff changeset
281 #if DROPBEAR_CLI_AGENTFWD
552
de3653483ac0 - Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents: 551
diff changeset
282 m_close(cli_opts.agent_fd);
de3653483ac0 - Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents: 551
diff changeset
283 cli_opts.agent_fd = -1;
de3653483ac0 - Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents: 551
diff changeset
284 #endif
de3653483ac0 - Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents: 551
diff changeset
285
de3653483ac0 - Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents: 551
diff changeset
286 while (cli_opts.privkeys->first) {
de3653483ac0 - Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents: 551
diff changeset
287 sign_key * key = list_remove(cli_opts.privkeys->first);
de3653483ac0 - Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents: 551
diff changeset
288 sign_key_free(key);
de3653483ac0 - Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents: 551
diff changeset
289 }
de3653483ac0 - Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents: 551
diff changeset
290 }
68
eee77ac31ccc cleaning up the pubkey defines
Matt Johnston <matt@ucc.asn.au>
parents: 62
diff changeset
291 #endif /* Pubkey auth */