Mercurial > dropbear
comparison cli-authpubkey.c @ 551:c3f2ec71e3d4 agent-client
New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Mon, 06 Jul 2009 12:59:13 +0000 |
| parents | 61c3513825b0 |
| children | de3653483ac0 |
comparison
equal
deleted
inserted
replaced
| 550:61c3513825b0 | 551:c3f2ec71e3d4 |
|---|---|
| 28 #include "dbutil.h" | 28 #include "dbutil.h" |
| 29 #include "session.h" | 29 #include "session.h" |
| 30 #include "ssh.h" | 30 #include "ssh.h" |
| 31 #include "runopts.h" | 31 #include "runopts.h" |
| 32 #include "auth.h" | 32 #include "auth.h" |
| 33 #include "agentfwd.h" | |
| 33 | 34 |
| 34 #ifdef ENABLE_CLI_PUBKEY_AUTH | 35 #ifdef ENABLE_CLI_PUBKEY_AUTH |
| 35 static void send_msg_userauth_pubkey(sign_key *key, int type, int realsign); | 36 static void send_msg_userauth_pubkey(sign_key *key, int type, int realsign); |
| 36 | 37 |
| 37 /* Called when we receive a SSH_MSG_USERAUTH_FAILURE for a pubkey request. | 38 /* Called when we receive a SSH_MSG_USERAUTH_FAILURE for a pubkey request. |
| 38 * We use it to remove the key we tried from the list */ | 39 * We use it to remove the key we tried from the list */ |
| 39 void cli_pubkeyfail() { | 40 void cli_pubkeyfail() { |
| 40 | 41 m_list_elem *iter; |
| 41 struct SignKeyList *keyitem; | 42 for (iter = cli_opts.privkeys->first; iter; iter = iter->next) { |
| 42 struct SignKeyList **previtem; | 43 sign_key *iter_key = (sign_key*)iter->item; |
| 43 | 44 |
| 44 TRACE(("enter cli_pubkeyfail")) | 45 if (iter_key == cli_ses.lastprivkey) |
| 45 previtem = &cli_opts.privkeys; | 46 { |
| 46 | 47 /* found the failing key */ |
| 47 /* Find the key we failed with, and remove it */ | 48 list_remove(iter); |
| 48 for (keyitem = cli_opts.privkeys; keyitem != NULL; keyitem = keyitem->next) { | 49 sign_key_free(iter_key); |
| 49 if (keyitem == cli_ses.lastprivkey) { | 50 cli_ses.lastprivkey = NULL; |
| 50 *previtem = keyitem->next; | 51 return; |
| 51 } | 52 } |
| 52 previtem = &keyitem; | 53 } |
| 53 } | |
| 54 | |
| 55 sign_key_free(cli_ses.lastprivkey->key); /* It won't be used again */ | |
| 56 m_free(cli_ses.lastprivkey->filename); | |
| 57 m_free(cli_ses.lastprivkey); | |
| 58 | |
| 59 TRACE(("leave cli_pubkeyfail")) | |
| 60 } | 54 } |
| 61 | 55 |
| 62 void recv_msg_userauth_pk_ok() { | 56 void recv_msg_userauth_pk_ok() { |
| 63 | 57 m_list_elem *iter; |
| 64 struct SignKeyList *keyitem = NULL; | |
| 65 buffer* keybuf = NULL; | 58 buffer* keybuf = NULL; |
| 66 char* algotype = NULL; | 59 char* algotype = NULL; |
| 67 unsigned int algolen; | 60 unsigned int algolen; |
| 68 int keytype; | 61 int keytype; |
| 69 unsigned int remotelen; | 62 unsigned int remotelen; |
| 79 | 72 |
| 80 remotelen = buf_getint(ses.payload); | 73 remotelen = buf_getint(ses.payload); |
| 81 | 74 |
| 82 /* Iterate through our keys, find which one it was that matched, and | 75 /* Iterate through our keys, find which one it was that matched, and |
| 83 * send a real request with that key */ | 76 * send a real request with that key */ |
| 84 for (keyitem = cli_opts.privkeys; keyitem != NULL; keyitem = keyitem->next) { | 77 for (iter = cli_opts.privkeys->first; iter; iter = iter->next) { |
| 85 | 78 sign_key *key = (sign_key*)iter->item; |
| 86 if (keyitem->type != keytype) { | 79 if (key->type != keytype) { |
| 87 /* Types differed */ | 80 /* Types differed */ |
| 88 TRACE(("types differed")) | 81 TRACE(("types differed")) |
| 89 continue; | 82 continue; |
| 90 } | 83 } |
| 91 | 84 |
| 92 /* Now we compare the contents of the key */ | 85 /* Now we compare the contents of the key */ |
| 93 keybuf->pos = keybuf->len = 0; | 86 keybuf->pos = keybuf->len = 0; |
| 94 buf_put_pub_key(keybuf, keyitem->key, keytype); | 87 buf_put_pub_key(keybuf, key, keytype); |
| 95 buf_setpos(keybuf, 0); | 88 buf_setpos(keybuf, 0); |
| 96 buf_incrpos(keybuf, 4); /* first int is the length of the remainder (ie | 89 buf_incrpos(keybuf, 4); /* first int is the length of the remainder (ie |
| 97 remotelen) which has already been taken from | 90 remotelen) which has already been taken from |
| 98 the remote buffer */ | 91 the remote buffer */ |
| 99 | 92 |
| 113 /* Success */ | 106 /* Success */ |
| 114 break; | 107 break; |
| 115 } | 108 } |
| 116 buf_free(keybuf); | 109 buf_free(keybuf); |
| 117 | 110 |
| 118 if (keyitem != NULL) { | 111 if (iter != NULL) { |
| 119 TRACE(("matching key")) | 112 TRACE(("matching key")) |
| 120 /* XXX TODO: if it's an encrypted key, here we ask for their | 113 /* XXX TODO: if it's an encrypted key, here we ask for their |
| 121 * password */ | 114 * password */ |
| 122 send_msg_userauth_pubkey(keyitem->key, keytype, 1); | 115 send_msg_userauth_pubkey((sign_key*)iter->item, keytype, 1); |
| 123 } else { | 116 } else { |
| 124 TRACE(("That was whacky. We got told that a key was valid, but it didn't match our list. Sounds like dodgy code on Dropbear's part")) | 117 TRACE(("That was whacky. We got told that a key was valid, but it didn't match our list. Sounds like dodgy code on Dropbear's part")) |
| 125 } | 118 } |
| 126 | 119 |
| 127 TRACE(("leave recv_msg_userauth_pk_ok")) | 120 TRACE(("leave recv_msg_userauth_pk_ok")) |
| 121 } | |
| 122 | |
| 123 void cli_buf_put_sign(buffer* buf, sign_key *key, int type, | |
| 124 const unsigned char *data, unsigned int len) | |
| 125 { | |
| 126 if (key->source == SIGNKEY_SOURCE_AGENT) { | |
| 127 /* Format the agent signature ourselves, as buf_put_sign would. */ | |
| 128 buffer *sigblob; | |
| 129 sigblob = buf_new(MAX_PUBKEY_SIZE); | |
| 130 agent_buf_sign(sigblob, key, data, len); | |
| 131 buf_setpos(sigblob, 0); | |
| 132 buf_putstring(buf, buf_getptr(sigblob, sigblob->len), | |
| 133 sigblob->len); | |
| 134 | |
| 135 buf_free(sigblob); | |
| 136 } else { | |
| 137 buf_put_sign(buf, key, type, data, len); | |
| 138 } | |
| 139 | |
| 128 } | 140 } |
| 129 | 141 |
| 130 /* TODO: make it take an agent reference to use as well */ | 142 /* TODO: make it take an agent reference to use as well */ |
| 131 static void send_msg_userauth_pubkey(sign_key *key, int type, int realsign) { | 143 static void send_msg_userauth_pubkey(sign_key *key, int type, int realsign) { |
| 132 | 144 |
| 168 | 180 |
| 169 encrypt_packet(); | 181 encrypt_packet(); |
| 170 TRACE(("leave send_msg_userauth_pubkey")) | 182 TRACE(("leave send_msg_userauth_pubkey")) |
| 171 } | 183 } |
| 172 | 184 |
| 185 /* Returns 1 if a key was tried */ | |
| 173 int cli_auth_pubkey() { | 186 int cli_auth_pubkey() { |
| 174 | 187 |
| 175 TRACE(("enter cli_auth_pubkey")) | 188 TRACE(("enter cli_auth_pubkey")) |
| 176 | 189 |
| 177 if (cli_opts.agent_fwd && | 190 if (cli_opts.agent_fwd && |
| 178 !cli_opts.agent_keys_loaded) { | 191 !cli_opts.agent_keys_loaded) { |
| 179 /* get the list of available keys from the agent */ | 192 /* get the list of available keys from the agent */ |
| 180 load_agent_keys(&cli_opts.privkeys); | 193 load_agent_keys(cli_opts.privkeys); |
| 181 cli_opts.agent_keys_loaded = 1; | 194 cli_opts.agent_keys_loaded = 1; |
| 182 } | 195 } |
| 183 | 196 |
| 184 if (cli_opts.privkeys != NULL) { | 197 if (cli_opts.privkeys->first) { |
| 198 sign_key * key = (sign_key*)cli_opts.privkeys->first->item; | |
| 185 /* Send a trial request */ | 199 /* Send a trial request */ |
| 186 send_msg_userauth_pubkey(cli_opts.privkeys->key, | 200 send_msg_userauth_pubkey(key, key->type, 0); |
| 187 cli_opts.privkeys->type, 0); | 201 cli_ses.lastprivkey = key; |
| 188 cli_ses.lastprivkey = cli_opts.privkeys; | |
| 189 TRACE(("leave cli_auth_pubkey-success")) | 202 TRACE(("leave cli_auth_pubkey-success")) |
| 190 return 1; | 203 return 1; |
| 191 } else { | 204 } else { |
| 192 TRACE(("leave cli_auth_pubkey-failure")) | 205 TRACE(("leave cli_auth_pubkey-failure")) |
| 193 return 0; | 206 return 0; |