Mercurial > dropbear

comparison svr-authpubkey.c @ 1110:83025b7063ec

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Turn checkpubkey() and send_msg_userauth_pk_ok()'s algo argument into char *
author Gaël PORTAY <gael.portay@gmail.com>
date Sat, 02 May 2015 23:17:43 +0200
parents c45d65392c1a
children aaf576b27a10
comparison
equal deleted inserted replaced
1109:2c646a65a1e3 1110:83025b7063ec
68 #ifdef ENABLE_SVR_PUBKEY_AUTH 68 #ifdef ENABLE_SVR_PUBKEY_AUTH
69 69
70 #define MIN_AUTHKEYS_LINE 10 /* "ssh-rsa AB" - short but doesn't matter */ 70 #define MIN_AUTHKEYS_LINE 10 /* "ssh-rsa AB" - short but doesn't matter */
71 #define MAX_AUTHKEYS_LINE 4200 /* max length of a line in authkeys */ 71 #define MAX_AUTHKEYS_LINE 4200 /* max length of a line in authkeys */
72 72
73 static int checkpubkey(unsigned char* algo, unsigned int algolen, 73 static int checkpubkey(char* algo, unsigned int algolen,
74 unsigned char* keyblob, unsigned int keybloblen); 74 unsigned char* keyblob, unsigned int keybloblen);
75 static int checkpubkeyperms(); 75 static int checkpubkeyperms();
76 static void send_msg_userauth_pk_ok(unsigned char* algo, unsigned int algolen, 76 static void send_msg_userauth_pk_ok(char* algo, unsigned int algolen,
77 unsigned char* keyblob, unsigned int keybloblen); 77 unsigned char* keyblob, unsigned int keybloblen);
78 static int checkfileperm(char * filename); 78 static int checkfileperm(char * filename);
79 79
80 /* process a pubkey auth request, sending success or failure message as 80 /* process a pubkey auth request, sending success or failure message as
81 * appropriate */ 81 * appropriate */
82 void svr_auth_pubkey() { 82 void svr_auth_pubkey() {
83 83
84 unsigned char testkey; /* whether we're just checking if a key is usable */ 84 unsigned char testkey; /* whether we're just checking if a key is usable */
85 unsigned char* algo = NULL; /* pubkey algo */ 85 char* algo = NULL; /* pubkey algo */
86 unsigned int algolen; 86 unsigned int algolen;
87 unsigned char* keyblob = NULL; 87 unsigned char* keyblob = NULL;
88 unsigned int keybloblen; 88 unsigned int keybloblen;
89 unsigned int sign_payload_length; 89 unsigned int sign_payload_length;
90 buffer * signbuf = NULL; 90 buffer * signbuf = NULL;
96 96
97 /* 0 indicates user just wants to check if key can be used, 1 is an 97 /* 0 indicates user just wants to check if key can be used, 1 is an
98 * actual attempt*/ 98 * actual attempt*/
99 testkey = (buf_getbool(ses.payload) == 0); 99 testkey = (buf_getbool(ses.payload) == 0);
100 100
101 algo = buf_getstring(ses.payload, &algolen); 101 algo = (char *) buf_getstring(ses.payload, &algolen);
102 keybloblen = buf_getint(ses.payload); 102 keybloblen = buf_getint(ses.payload);
103 keyblob = buf_getptr(ses.payload, keybloblen); 103 keyblob = buf_getptr(ses.payload, keybloblen);
104 104
105 /* check if the key is valid */ 105 /* check if the key is valid */
106 if (checkpubkey(algo, algolen, keyblob, keybloblen) == DROPBEAR_FAILURE) { 106 if (checkpubkey(algo, algolen, keyblob, keybloblen) == DROPBEAR_FAILURE) {
171 } 171 }
172 172
173 /* Reply that the key is valid for auth, this is sent when the user sends 173 /* Reply that the key is valid for auth, this is sent when the user sends
174 * a straight copy of their pubkey to test, to avoid having to perform 174 * a straight copy of their pubkey to test, to avoid having to perform
175 * expensive signing operations with a worthless key */ 175 * expensive signing operations with a worthless key */
176 static void send_msg_userauth_pk_ok(unsigned char* algo, unsigned int algolen, 176 static void send_msg_userauth_pk_ok(char* algo, unsigned int algolen,
177 unsigned char* keyblob, unsigned int keybloblen) { 177 unsigned char* keyblob, unsigned int keybloblen) {
178 178
179 TRACE(("enter send_msg_userauth_pk_ok")) 179 TRACE(("enter send_msg_userauth_pk_ok"))
180 CHECKCLEARTOWRITE(); 180 CHECKCLEARTOWRITE();
181 181
182 buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_PK_OK); 182 buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_PK_OK);
183 buf_putstring(ses.writepayload, algo, algolen); 183 buf_putstring(ses.writepayload, (const unsigned char *) algo, algolen);
184 buf_putstring(ses.writepayload, keyblob, keybloblen); 184 buf_putstring(ses.writepayload, keyblob, keybloblen);
185 185
186 encrypt_packet(); 186 encrypt_packet();
187 TRACE(("leave send_msg_userauth_pk_ok")) 187 TRACE(("leave send_msg_userauth_pk_ok"))
188 188
189 } 189 }
190 190
191 /* Checks whether a specified publickey (and associated algorithm) is an 191 /* Checks whether a specified publickey (and associated algorithm) is an
192 * acceptable key for authentication */ 192 * acceptable key for authentication */
193 /* Returns DROPBEAR_SUCCESS if key is ok for auth, DROPBEAR_FAILURE otherwise */ 193 /* Returns DROPBEAR_SUCCESS if key is ok for auth, DROPBEAR_FAILURE otherwise */
194 static int checkpubkey(unsigned char* algo, unsigned int algolen, 194 static int checkpubkey(char* algo, unsigned int algolen,
195 unsigned char* keyblob, unsigned int keybloblen) { 195 unsigned char* keyblob, unsigned int keybloblen) {
196 196
197 FILE * authfile = NULL; 197 FILE * authfile = NULL;
198 char * filename = NULL; 198 char * filename = NULL;
199 int ret = DROPBEAR_FAILURE; 199 int ret = DROPBEAR_FAILURE;
328 buf_setpos(line, pos); 328 buf_setpos(line, pos);
329 buf_setlen(line, line->pos + len); 329 buf_setlen(line, line->pos + len);
330 330
331 TRACE(("checkpubkey: line pos = %d len = %d", line->pos, line->len)) 331 TRACE(("checkpubkey: line pos = %d len = %d", line->pos, line->len))
332 332
333 ret = cmp_base64_key(keyblob, keybloblen, algo, algolen, line, NULL); 333 ret = cmp_base64_key(keyblob, keybloblen, (const unsigned char *) algo, algolen, line, NULL);
334 334
335 if (ret == DROPBEAR_SUCCESS && options_buf) { 335 if (ret == DROPBEAR_SUCCESS && options_buf) {
336 ret = svr_add_pubkey_options(options_buf, line_num, filename); 336 ret = svr_add_pubkey_options(options_buf, line_num, filename);
337 } 337 }
338 338