comparison cli-authpubkey.c @ 551:c3f2ec71e3d4 agent-client

New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
author Matt Johnston <matt@ucc.asn.au>
date Mon, 06 Jul 2009 12:59:13 +0000
parents 61c3513825b0
children de3653483ac0
comparison
equal deleted inserted replaced
550:61c3513825b0 551:c3f2ec71e3d4
28 #include "dbutil.h" 28 #include "dbutil.h"
29 #include "session.h" 29 #include "session.h"
30 #include "ssh.h" 30 #include "ssh.h"
31 #include "runopts.h" 31 #include "runopts.h"
32 #include "auth.h" 32 #include "auth.h"
33 #include "agentfwd.h"
33 34
34 #ifdef ENABLE_CLI_PUBKEY_AUTH 35 #ifdef ENABLE_CLI_PUBKEY_AUTH
35 static void send_msg_userauth_pubkey(sign_key *key, int type, int realsign); 36 static void send_msg_userauth_pubkey(sign_key *key, int type, int realsign);
36 37
37 /* Called when we receive a SSH_MSG_USERAUTH_FAILURE for a pubkey request. 38 /* Called when we receive a SSH_MSG_USERAUTH_FAILURE for a pubkey request.
38 * We use it to remove the key we tried from the list */ 39 * We use it to remove the key we tried from the list */
39 void cli_pubkeyfail() { 40 void cli_pubkeyfail() {
40 41 m_list_elem *iter;
41 struct SignKeyList *keyitem; 42 for (iter = cli_opts.privkeys->first; iter; iter = iter->next) {
42 struct SignKeyList **previtem; 43 sign_key *iter_key = (sign_key*)iter->item;
43 44
44 TRACE(("enter cli_pubkeyfail")) 45 if (iter_key == cli_ses.lastprivkey)
45 previtem = &cli_opts.privkeys; 46 {
46 47 /* found the failing key */
47 /* Find the key we failed with, and remove it */ 48 list_remove(iter);
48 for (keyitem = cli_opts.privkeys; keyitem != NULL; keyitem = keyitem->next) { 49 sign_key_free(iter_key);
49 if (keyitem == cli_ses.lastprivkey) { 50 cli_ses.lastprivkey = NULL;
50 *previtem = keyitem->next; 51 return;
51 } 52 }
52 previtem = &keyitem; 53 }
53 }
54
55 sign_key_free(cli_ses.lastprivkey->key); /* It won't be used again */
56 m_free(cli_ses.lastprivkey->filename);
57 m_free(cli_ses.lastprivkey);
58
59 TRACE(("leave cli_pubkeyfail"))
60 } 54 }
61 55
62 void recv_msg_userauth_pk_ok() { 56 void recv_msg_userauth_pk_ok() {
63 57 m_list_elem *iter;
64 struct SignKeyList *keyitem = NULL;
65 buffer* keybuf = NULL; 58 buffer* keybuf = NULL;
66 char* algotype = NULL; 59 char* algotype = NULL;
67 unsigned int algolen; 60 unsigned int algolen;
68 int keytype; 61 int keytype;
69 unsigned int remotelen; 62 unsigned int remotelen;
79 72
80 remotelen = buf_getint(ses.payload); 73 remotelen = buf_getint(ses.payload);
81 74
82 /* Iterate through our keys, find which one it was that matched, and 75 /* Iterate through our keys, find which one it was that matched, and
83 * send a real request with that key */ 76 * send a real request with that key */
84 for (keyitem = cli_opts.privkeys; keyitem != NULL; keyitem = keyitem->next) { 77 for (iter = cli_opts.privkeys->first; iter; iter = iter->next) {
85 78 sign_key *key = (sign_key*)iter->item;
86 if (keyitem->type != keytype) { 79 if (key->type != keytype) {
87 /* Types differed */ 80 /* Types differed */
88 TRACE(("types differed")) 81 TRACE(("types differed"))
89 continue; 82 continue;
90 } 83 }
91 84
92 /* Now we compare the contents of the key */ 85 /* Now we compare the contents of the key */
93 keybuf->pos = keybuf->len = 0; 86 keybuf->pos = keybuf->len = 0;
94 buf_put_pub_key(keybuf, keyitem->key, keytype); 87 buf_put_pub_key(keybuf, key, keytype);
95 buf_setpos(keybuf, 0); 88 buf_setpos(keybuf, 0);
96 buf_incrpos(keybuf, 4); /* first int is the length of the remainder (ie 89 buf_incrpos(keybuf, 4); /* first int is the length of the remainder (ie
97 remotelen) which has already been taken from 90 remotelen) which has already been taken from
98 the remote buffer */ 91 the remote buffer */
99 92
113 /* Success */ 106 /* Success */
114 break; 107 break;
115 } 108 }
116 buf_free(keybuf); 109 buf_free(keybuf);
117 110
118 if (keyitem != NULL) { 111 if (iter != NULL) {
119 TRACE(("matching key")) 112 TRACE(("matching key"))
120 /* XXX TODO: if it's an encrypted key, here we ask for their 113 /* XXX TODO: if it's an encrypted key, here we ask for their
121 * password */ 114 * password */
122 send_msg_userauth_pubkey(keyitem->key, keytype, 1); 115 send_msg_userauth_pubkey((sign_key*)iter->item, keytype, 1);
123 } else { 116 } else {
124 TRACE(("That was whacky. We got told that a key was valid, but it didn't match our list. Sounds like dodgy code on Dropbear's part")) 117 TRACE(("That was whacky. We got told that a key was valid, but it didn't match our list. Sounds like dodgy code on Dropbear's part"))
125 } 118 }
126 119
127 TRACE(("leave recv_msg_userauth_pk_ok")) 120 TRACE(("leave recv_msg_userauth_pk_ok"))
121 }
122
123 void cli_buf_put_sign(buffer* buf, sign_key *key, int type,
124 const unsigned char *data, unsigned int len)
125 {
126 if (key->source == SIGNKEY_SOURCE_AGENT) {
127 /* Format the agent signature ourselves, as buf_put_sign would. */
128 buffer *sigblob;
129 sigblob = buf_new(MAX_PUBKEY_SIZE);
130 agent_buf_sign(sigblob, key, data, len);
131 buf_setpos(sigblob, 0);
132 buf_putstring(buf, buf_getptr(sigblob, sigblob->len),
133 sigblob->len);
134
135 buf_free(sigblob);
136 } else {
137 buf_put_sign(buf, key, type, data, len);
138 }
139
128 } 140 }
129 141
130 /* TODO: make it take an agent reference to use as well */ 142 /* TODO: make it take an agent reference to use as well */
131 static void send_msg_userauth_pubkey(sign_key *key, int type, int realsign) { 143 static void send_msg_userauth_pubkey(sign_key *key, int type, int realsign) {
132 144
168 180
169 encrypt_packet(); 181 encrypt_packet();
170 TRACE(("leave send_msg_userauth_pubkey")) 182 TRACE(("leave send_msg_userauth_pubkey"))
171 } 183 }
172 184
185 /* Returns 1 if a key was tried */
173 int cli_auth_pubkey() { 186 int cli_auth_pubkey() {
174 187
175 TRACE(("enter cli_auth_pubkey")) 188 TRACE(("enter cli_auth_pubkey"))
176 189
177 if (cli_opts.agent_fwd && 190 if (cli_opts.agent_fwd &&
178 !cli_opts.agent_keys_loaded) { 191 !cli_opts.agent_keys_loaded) {
179 /* get the list of available keys from the agent */ 192 /* get the list of available keys from the agent */
180 load_agent_keys(&cli_opts.privkeys); 193 load_agent_keys(cli_opts.privkeys);
181 cli_opts.agent_keys_loaded = 1; 194 cli_opts.agent_keys_loaded = 1;
182 } 195 }
183 196
184 if (cli_opts.privkeys != NULL) { 197 if (cli_opts.privkeys->first) {
198 sign_key * key = (sign_key*)cli_opts.privkeys->first->item;
185 /* Send a trial request */ 199 /* Send a trial request */
186 send_msg_userauth_pubkey(cli_opts.privkeys->key, 200 send_msg_userauth_pubkey(key, key->type, 0);
187 cli_opts.privkeys->type, 0); 201 cli_ses.lastprivkey = key;
188 cli_ses.lastprivkey = cli_opts.privkeys;
189 TRACE(("leave cli_auth_pubkey-success")) 202 TRACE(("leave cli_auth_pubkey-success"))
190 return 1; 203 return 1;
191 } else { 204 } else {
192 TRACE(("leave cli_auth_pubkey-failure")) 205 TRACE(("leave cli_auth_pubkey-failure"))
193 return 0; 206 return 0;