Mercurial > dropbear

annotate cli-authpubkey.c @ 1674:ba6fc7afe1c5

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
use sigtype where appropriate
author Matt Johnston <matt@ucc.asn.au>
date Mon, 06 Apr 2020 23:18:26 +0800
parents 06d52bcb8094
children ae41624c2198
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
74
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
1 /*
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
2 * Dropbear SSH
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
3 *
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
4 * Copyright (c) 2002,2003 Matt Johnston
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
5 * Copyright (c) 2004 by Mihnea Stoenescu
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
6 * All rights reserved.
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
7 *
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
8 * Permission is hereby granted, free of charge, to any person obtaining a copy
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
9 * of this software and associated documentation files (the "Software"), to deal
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
10 * in the Software without restriction, including without limitation the rights
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
12 * copies of the Software, and to permit persons to whom the Software is
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
13 * furnished to do so, subject to the following conditions:
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
14 *
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
15 * The above copyright notice and this permission notice shall be included in
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
16 * all copies or substantial portions of the Software.
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
17 *
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
21 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
24 * SOFTWARE. */
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
25
45
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
26 #include "includes.h"
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
27 #include "buffer.h"
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
28 #include "dbutil.h"
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
29 #include "session.h"
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
30 #include "ssh.h"
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
31 #include "runopts.h"
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
32 #include "auth.h"
551
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents: 550
diff changeset
33 #include "agentfwd.h"
45
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
34
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1122
diff changeset
35 #if DROPBEAR_CLI_PUBKEY_AUTH
1674
ba6fc7afe1c5 use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents: 1459
diff changeset
36 static void send_msg_userauth_pubkey(sign_key *key, enum signkey_type sigtype, int realsign);
45
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
37
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
38 /* Called when we receive a SSH_MSG_USERAUTH_FAILURE for a pubkey request.
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
39 * We use it to remove the key we tried from the list */
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
40 void cli_pubkeyfail() {
551
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents: 550
diff changeset
41 m_list_elem *iter;
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents: 550
diff changeset
42 for (iter = cli_opts.privkeys->first; iter; iter = iter->next) {
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents: 550
diff changeset
43 sign_key *iter_key = (sign_key*)iter->item;
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents: 550
diff changeset
44
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents: 550
diff changeset
45 if (iter_key == cli_ses.lastprivkey)
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents: 550
diff changeset
46 {
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents: 550
diff changeset
47 /* found the failing key */
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents: 550
diff changeset
48 list_remove(iter);
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents: 550
diff changeset
49 sign_key_free(iter_key);
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents: 550
diff changeset
50 cli_ses.lastprivkey = NULL;
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents: 550
diff changeset
51 return;
45
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
52 }
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
53 }
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
54 }
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
55
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
56 void recv_msg_userauth_pk_ok() {
551
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents: 550
diff changeset
57 m_list_elem *iter;
406
2448ae3e75b5 Fix leak of keybuf in recv_msg_userauth_pk_ok, courtesy of Klocwork
Matt Johnston <matt@ucc.asn.au>
parents: 215
diff changeset
58 buffer* keybuf = NULL;
45
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
59 char* algotype = NULL;
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
60 unsigned int algolen;
1674
ba6fc7afe1c5 use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents: 1459
diff changeset
61 enum signkey_type sigtype, keytype;
45
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
62 unsigned int remotelen;
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
63
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 74
diff changeset
64 TRACE(("enter recv_msg_userauth_pk_ok"))
45
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
65
1122
aaf576b27a10 Merge pull request #13 from gazoo74/fix-warnings
Matt Johnston <matt@ucc.asn.au>
parents: 1094
diff changeset
66 algotype = buf_getstring(ses.payload, &algolen);
1674
ba6fc7afe1c5 use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents: 1459
diff changeset
67 sigtype = signature_type_from_name(algotype, algolen);
ba6fc7afe1c5 use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents: 1459
diff changeset
68 keytype = signkey_type_from_signature(sigtype);
ba6fc7afe1c5 use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents: 1459
diff changeset
69 TRACE(("recv_msg_userauth_pk_ok: type %d", sigtype))
45
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
70 m_free(algotype);
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
71
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
72 keybuf = buf_new(MAX_PUBKEY_SIZE);
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
73
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
74 remotelen = buf_getint(ses.payload);
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
75
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
76 /* Iterate through our keys, find which one it was that matched, and
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
77 * send a real request with that key */
551
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents: 550
diff changeset
78 for (iter = cli_opts.privkeys->first; iter; iter = iter->next) {
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents: 550
diff changeset
79 sign_key *key = (sign_key*)iter->item;
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents: 550
diff changeset
80 if (key->type != keytype) {
45
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
81 /* Types differed */
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 74
diff changeset
82 TRACE(("types differed"))
45
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
83 continue;
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
84 }
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
85
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
86 /* Now we compare the contents of the key */
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
87 keybuf->pos = keybuf->len = 0;
551
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents: 550
diff changeset
88 buf_put_pub_key(keybuf, key, keytype);
47
4b53a43f0082 - client pubkey auth works
Matt Johnston <matt@ucc.asn.au>
parents: 45
diff changeset
89 buf_setpos(keybuf, 0);
4b53a43f0082 - client pubkey auth works
Matt Johnston <matt@ucc.asn.au>
parents: 45
diff changeset
90 buf_incrpos(keybuf, 4); /* first int is the length of the remainder (ie
4b53a43f0082 - client pubkey auth works
Matt Johnston <matt@ucc.asn.au>
parents: 45
diff changeset
91 remotelen) which has already been taken from
4b53a43f0082 - client pubkey auth works
Matt Johnston <matt@ucc.asn.au>
parents: 45
diff changeset
92 the remote buffer */
45
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
93
47
4b53a43f0082 - client pubkey auth works
Matt Johnston <matt@ucc.asn.au>
parents: 45
diff changeset
94
4b53a43f0082 - client pubkey auth works
Matt Johnston <matt@ucc.asn.au>
parents: 45
diff changeset
95 if (keybuf->len-4 != remotelen) {
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 74
diff changeset
96 TRACE(("lengths differed: localh %d remote %d", keybuf->len, remotelen))
45
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
97 /* Lengths differed */
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
98 continue;
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
99 }
47
4b53a43f0082 - client pubkey auth works
Matt Johnston <matt@ucc.asn.au>
parents: 45
diff changeset
100 if (memcmp(buf_getptr(keybuf, remotelen),
45
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
101 buf_getptr(ses.payload, remotelen), remotelen) != 0) {
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
102 /* Data didn't match this key */
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 74
diff changeset
103 TRACE(("data differed"))
45
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
104 continue;
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
105 }
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
106
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
107 /* Success */
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
108 break;
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
109 }
340
454a34b2dfd1 Fixes from Erik Hovland:
Matt Johnston <matt@ucc.asn.au>
parents: 215
diff changeset
110 buf_free(keybuf);
45
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
111
551
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents: 550
diff changeset
112 if (iter != NULL) {
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 74
diff changeset
113 TRACE(("matching key"))
45
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
114 /* XXX TODO: if it's an encrypted key, here we ask for their
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
115 * password */
551
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents: 550
diff changeset
116 send_msg_userauth_pubkey((sign_key*)iter->item, keytype, 1);
45
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
117 } else {
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 74
diff changeset
118 TRACE(("That was whacky. We got told that a key was valid, but it didn't match our list. Sounds like dodgy code on Dropbear's part"))
45
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
119 }
406
2448ae3e75b5 Fix leak of keybuf in recv_msg_userauth_pk_ok, courtesy of Klocwork
Matt Johnston <matt@ucc.asn.au>
parents: 215
diff changeset
120
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 74
diff changeset
121 TRACE(("leave recv_msg_userauth_pk_ok"))
45
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
122 }
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
123
1674
ba6fc7afe1c5 use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents: 1459
diff changeset
124 static void cli_buf_put_sign(buffer* buf, sign_key *key, enum signkey_type sigtype,
1459
06d52bcb8094 Pointer parameter could be declared as pointing to const
Francois Perrad <francois.perrad@gadz.org>
parents: 1295
diff changeset
125 const buffer *data_buf) {
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1122
diff changeset
126 #if DROPBEAR_CLI_AGENTFWD
1674
ba6fc7afe1c5 use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents: 1459
diff changeset
127 // TODO: rsa-sha256 agent
551
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents: 550
diff changeset
128 if (key->source == SIGNKEY_SOURCE_AGENT) {
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents: 550
diff changeset
129 /* Format the agent signature ourselves, as buf_put_sign would. */
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents: 550
diff changeset
130 buffer *sigblob;
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents: 550
diff changeset
131 sigblob = buf_new(MAX_PUBKEY_SIZE);
760
f336d232fc63 Make _sign and _verify functions take a buffer* rather than void* and int
Matt Johnston <matt@ucc.asn.au>
parents: 669
diff changeset
132 agent_buf_sign(sigblob, key, data_buf);
f336d232fc63 Make _sign and _verify functions take a buffer* rather than void* and int
Matt Johnston <matt@ucc.asn.au>
parents: 669
diff changeset
133 buf_putbufstring(buf, sigblob);
551
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents: 550
diff changeset
134 buf_free(sigblob);
669
a8367733e8cd Slight formatting change for ENABLE_CLI_AGENTFWD if statement
Matt Johnston <matt@ucc.asn.au>
parents: 668
diff changeset
135 } else
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1122
diff changeset
136 #endif /* DROPBEAR_CLI_AGENTFWD */
669
a8367733e8cd Slight formatting change for ENABLE_CLI_AGENTFWD if statement
Matt Johnston <matt@ucc.asn.au>
parents: 668
diff changeset
137 {
1674
ba6fc7afe1c5 use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents: 1459
diff changeset
138 buf_put_sign(buf, key, sigtype, data_buf);
551
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents: 550
diff changeset
139 }
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents: 550
diff changeset
140 }
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents: 550
diff changeset
141
1674
ba6fc7afe1c5 use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents: 1459
diff changeset
142 static void send_msg_userauth_pubkey(sign_key *key, enum signkey_type sigtype, int realsign) {
45
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
143
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
144 const char *algoname = NULL;
1094
c45d65392c1a Fix pointer differ in signess warnings [-Werror=pointer-sign]
Gaël PORTAY <gael.portay@gmail.com>
parents: 1032
diff changeset
145 unsigned int algolen;
45
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
146 buffer* sigbuf = NULL;
1674
ba6fc7afe1c5 use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents: 1459
diff changeset
147 enum signkey_type keytype = signkey_type_from_signature(sigtype);
45
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
148
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 74
diff changeset
149 TRACE(("enter send_msg_userauth_pubkey"))
45
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
150 CHECKCLEARTOWRITE();
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
151
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
152 buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_REQUEST);
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
153
1122
aaf576b27a10 Merge pull request #13 from gazoo74/fix-warnings
Matt Johnston <matt@ucc.asn.au>
parents: 1094
diff changeset
154 buf_putstring(ses.writepayload, cli_opts.username,
45
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
155 strlen(cli_opts.username));
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
156
1122
aaf576b27a10 Merge pull request #13 from gazoo74/fix-warnings
Matt Johnston <matt@ucc.asn.au>
parents: 1094
diff changeset
157 buf_putstring(ses.writepayload, SSH_SERVICE_CONNECTION,
45
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
158 SSH_SERVICE_CONNECTION_LEN);
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
159
1122
aaf576b27a10 Merge pull request #13 from gazoo74/fix-warnings
Matt Johnston <matt@ucc.asn.au>
parents: 1094
diff changeset
160 buf_putstring(ses.writepayload, AUTH_METHOD_PUBKEY,
45
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
161 AUTH_METHOD_PUBKEY_LEN);
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
162
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
163 buf_putbyte(ses.writepayload, realsign);
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
164
1674
ba6fc7afe1c5 use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents: 1459
diff changeset
165 algoname = signature_name_from_type(sigtype, &algolen);
1122
aaf576b27a10 Merge pull request #13 from gazoo74/fix-warnings
Matt Johnston <matt@ucc.asn.au>
parents: 1094
diff changeset
166 buf_putstring(ses.writepayload, algoname, algolen);
1674
ba6fc7afe1c5 use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents: 1459
diff changeset
167 buf_put_pub_key(ses.writepayload, key, keytype);
45
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
168
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
169 if (realsign) {
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 74
diff changeset
170 TRACE(("realsign"))
45
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
171 /* We put the signature as well - this contains string(session id), then
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
172 * the contents of the write payload to this point */
762
a78a38e402d1 - Fix various hardcoded uses of SHA1
Matt Johnston <matt@ucc.asn.au>
parents: 761
diff changeset
173 sigbuf = buf_new(4 + ses.session_id->len + ses.writepayload->len);
760
f336d232fc63 Make _sign and _verify functions take a buffer* rather than void* and int
Matt Johnston <matt@ucc.asn.au>
parents: 669
diff changeset
174 buf_putbufstring(sigbuf, ses.session_id);
45
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
175 buf_putbytes(sigbuf, ses.writepayload->data, ses.writepayload->len);
1674
ba6fc7afe1c5 use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents: 1459
diff changeset
176 cli_buf_put_sign(ses.writepayload, key, sigtype, sigbuf);
45
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
177 buf_free(sigbuf); /* Nothing confidential in the buffer */
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
178 }
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
179
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
180 encrypt_packet();
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 74
diff changeset
181 TRACE(("leave send_msg_userauth_pubkey"))
45
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
182 }
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
183
551
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents: 550
diff changeset
184 /* Returns 1 if a key was tried */
45
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
185 int cli_auth_pubkey() {
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
186
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 74
diff changeset
187 TRACE(("enter cli_auth_pubkey"))
45
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
188
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1122
diff changeset
189 #if DROPBEAR_CLI_AGENTFWD
560
52d7301e46bd Agent forwarding works
Matt Johnston <matt@ucc.asn.au>
parents: 552
diff changeset
190 if (!cli_opts.agent_keys_loaded) {
225
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents: 215
diff changeset
191 /* get the list of available keys from the agent */
560
52d7301e46bd Agent forwarding works
Matt Johnston <matt@ucc.asn.au>
parents: 552
diff changeset
192 cli_load_agent_keys(cli_opts.privkeys);
550
61c3513825b0 Talking to the agent works now. Can't interpret the pubkeys.
Matt Johnston <matt@ucc.asn.au>
parents: 547
diff changeset
193 cli_opts.agent_keys_loaded = 1;
225
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents: 215
diff changeset
194 }
668
405418f7dc5e Fixed compilation with unset ENABLE_{SVR,CLI}_AGENTFWD.
Andrey Mazo <ahippo@yandex.ru>
parents: 560
diff changeset
195 #endif
225
ca7e76d981d9 - progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents: 215
diff changeset
196
551
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents: 550
diff changeset
197 if (cli_opts.privkeys->first) {
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents: 550
diff changeset
198 sign_key * key = (sign_key*)cli_opts.privkeys->first->item;
1674
ba6fc7afe1c5 use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents: 1459
diff changeset
199 enum signkey_type sigtype = key->type;
45
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
200 /* Send a trial request */
1674
ba6fc7afe1c5 use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents: 1459
diff changeset
201 #if DROPBEAR_RSA && DROPBEAR_RSA_SHA256
ba6fc7afe1c5 use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents: 1459
diff changeset
202 // TODO: use ext-info to choose rsa kind
ba6fc7afe1c5 use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents: 1459
diff changeset
203 if (sigtype == DROPBEAR_SIGNKEY_RSA) {
ba6fc7afe1c5 use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents: 1459
diff changeset
204 sigtype = DROPBEAR_SIGNKEY_RSA_SHA256;
ba6fc7afe1c5 use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents: 1459
diff changeset
205 }
ba6fc7afe1c5 use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents: 1459
diff changeset
206 #endif
ba6fc7afe1c5 use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents: 1459
diff changeset
207 send_msg_userauth_pubkey(key, sigtype, 0);
551
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents: 550
diff changeset
208 cli_ses.lastprivkey = key;
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 74
diff changeset
209 TRACE(("leave cli_auth_pubkey-success"))
45
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
210 return 1;
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
211 } else {
552
de3653483ac0 - Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents: 551
diff changeset
212 /* no more keys left */
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 74
diff changeset
213 TRACE(("leave cli_auth_pubkey-failure"))
45
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
214 return 0;
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
215 }
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
216 }
552
de3653483ac0 - Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents: 551
diff changeset
217
de3653483ac0 - Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents: 551
diff changeset
218 void cli_auth_pubkey_cleanup() {
de3653483ac0 - Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents: 551
diff changeset
219
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1122
diff changeset
220 #if DROPBEAR_CLI_AGENTFWD
552
de3653483ac0 - Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents: 551
diff changeset
221 m_close(cli_opts.agent_fd);
de3653483ac0 - Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents: 551
diff changeset
222 cli_opts.agent_fd = -1;
de3653483ac0 - Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents: 551
diff changeset
223 #endif
de3653483ac0 - Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents: 551
diff changeset
224
de3653483ac0 - Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents: 551
diff changeset
225 while (cli_opts.privkeys->first) {
de3653483ac0 - Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents: 551
diff changeset
226 sign_key * key = list_remove(cli_opts.privkeys->first);
de3653483ac0 - Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents: 551
diff changeset
227 sign_key_free(key);
de3653483ac0 - Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents: 551
diff changeset
228 }
de3653483ac0 - Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents: 551
diff changeset
229 }
68
eee77ac31ccc cleaning up the pubkey defines
Matt Johnston <matt@ucc.asn.au>
parents: 62
diff changeset
230 #endif /* Pubkey auth */