lib/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2025-11-29 01:03:57 +03:00
Code Activity

buffer: adapt auth.c to ssh_buffer_(un)pack()

Browse Source 
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This commit is contained in:
Aris Adamantiadis
2014-04-10 17:46:10 +02:00
committed by Andreas Schneider
parent 1d97f75b0a
commit 1f2c61d6ad
1 changed files with 92 additions and 452 deletions
Download Patch File Download Diff File Expand all files Collapse all files

536
src/auth.c
View File

@@ -182,25 +182,19 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_banner){
*/ */
SSH_PACKET_CALLBACK(ssh_packet_userauth_failure){ SSH_PACKET_CALLBACK(ssh_packet_userauth_failure){
char *auth_methods = NULL; char *auth_methods = NULL;
ssh_string auth;
uint8_t partial = 0; uint8_t partial = 0;
int rc;
(void) type; (void) type;
(void) user; (void) user;
auth = buffer_get_ssh_string(packet); rc = ssh_buffer_unpack(packet, "sb", &auth_methods, &partial);
if (auth == NULL || buffer_get_u8(packet, &partial) != 1) { if (rc != SSH_OK) {
ssh_set_error(session, SSH_FATAL, ssh_set_error(session, SSH_FATAL,
"Invalid SSH_MSG_USERAUTH_FAILURE message"); "Invalid SSH_MSG_USERAUTH_FAILURE message");
session->auth_state=SSH_AUTH_STATE_ERROR; session->auth_state=SSH_AUTH_STATE_ERROR;
goto end; goto end;
} }
auth_methods = ssh_string_to_char(auth);
if (auth_methods == NULL) {
ssh_set_error_oom(session);
goto end;
}
if (partial) { if (partial) {
session->auth_state=SSH_AUTH_STATE_PARTIAL; session->auth_state=SSH_AUTH_STATE_PARTIAL;
SSH_LOG(SSH_LOG_INFO, SSH_LOG(SSH_LOG_INFO,
@@ -234,7 +228,6 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_failure){
} }
end: end:
ssh_string_free(auth);
SAFE_FREE(auth_methods); SAFE_FREE(auth_methods);
return SSH_PACKET_USED; return SSH_PACKET_USED;
@@ -359,7 +352,6 @@ int ssh_userauth_list(ssh_session session, const char *username)
* before you connect to the server. * before you connect to the server.
*/ */
int ssh_userauth_none(ssh_session session, const char *username) { int ssh_userauth_none(ssh_session session, const char *username) {
ssh_string str;
int rc; int rc;
#ifdef WITH_SSH1 #ifdef WITH_SSH1
@@ -387,47 +379,12 @@ int ssh_userauth_none(ssh_session session, const char *username) {
} }
/* request */ /* request */
rc = buffer_add_u8(session->out_buffer, SSH2_MSG_USERAUTH_REQUEST); rc = ssh_buffer_pack(session->out_buffer, "bsss",
if (rc < 0) { SSH2_MSG_USERAUTH_REQUEST,
goto fail; username ? username : session->opts.username,
} "ssh-connection",
"none"
/* username */ );
if (username) {
str = ssh_string_from_char(username);
} else {
str = ssh_string_from_char(session->opts.username);
}
if (str == NULL) {
goto fail;
}
rc = buffer_add_ssh_string(session->out_buffer, str);
ssh_string_free(str);
if (rc < 0) {
goto fail;
}
/* service */
str = ssh_string_from_char("ssh-connection");
if (str == NULL) {
goto fail;
}
rc = buffer_add_ssh_string(session->out_buffer, str);
ssh_string_free(str);
if (rc < 0) {
goto fail;
}
/* method */
str = ssh_string_from_char("none");
if (str == NULL) {
goto fail;
}
rc = buffer_add_ssh_string(session->out_buffer, str);
ssh_string_free(str);
if (rc < 0) { if (rc < 0) {
goto fail; goto fail;
} }
@@ -485,7 +442,7 @@ int ssh_userauth_try_publickey(ssh_session session,
const char *username, const char *username,
const ssh_key pubkey) const ssh_key pubkey)
{ {
ssh_string str; ssh_string pubkey_s = NULL;
int rc; int rc;
if (session == NULL) { if (session == NULL) {
@@ -522,82 +479,28 @@ int ssh_userauth_try_publickey(ssh_session session,
return SSH_AUTH_ERROR; return SSH_AUTH_ERROR;
} }
/* request */
rc = buffer_add_u8(session->out_buffer, SSH2_MSG_USERAUTH_REQUEST);
if (rc < 0) {
goto fail;
}
/* username */
if (username) {
str = ssh_string_from_char(username);
} else {
str = ssh_string_from_char(session->opts.username);
}
if (str == NULL) {
goto fail;
}
rc = buffer_add_ssh_string(session->out_buffer, str);
ssh_string_free(str);
if (rc < 0) {
goto fail;
}
/* service */
str = ssh_string_from_char("ssh-connection");
if (str == NULL) {
goto fail;
}
rc = buffer_add_ssh_string(session->out_buffer, str);
ssh_string_free(str);
if (rc < 0) {
goto fail;
}
/* method */
str = ssh_string_from_char("publickey");
if (str == NULL) {
goto fail;
}
rc = buffer_add_ssh_string(session->out_buffer, str);
ssh_string_free(str);
if (rc < 0) {
goto fail;
}
/* private key? */
rc = buffer_add_u8(session->out_buffer, 0);
if (rc < 0) {
goto fail;
}
/* algo */
str = ssh_string_from_char(pubkey->type_c);
if (str == NULL) {
goto fail;
}
rc = buffer_add_ssh_string(session->out_buffer, str);
ssh_string_free(str);
if (rc < 0) {
goto fail;
}
/* public key */ /* public key */
rc = ssh_pki_export_pubkey_blob(pubkey, &str); rc = ssh_pki_export_pubkey_blob(pubkey, &pubkey_s);
if (rc < 0) { if (rc < 0) {
goto fail; goto fail;
} }
rc = buffer_add_ssh_string(session->out_buffer, str); /* request */
ssh_string_free(str); rc = ssh_buffer_pack(session->out_buffer, "bsssbsS",
SSH2_MSG_USERAUTH_REQUEST,
username ? username : session->opts.username,
"ssh-connection",
"publickey",
0, /* private key ? */
pubkey->type_c, /* algo */
pubkey_s /* public key */
);
if (rc < 0) { if (rc < 0) {
goto fail; goto fail;
} }
ssh_string_free(pubkey_s);
session->auth_state = SSH_AUTH_STATE_NONE; session->auth_state = SSH_AUTH_STATE_NONE;
session->pending_call_state = SSH_PENDING_CALL_AUTH_OFFER_PUBKEY; session->pending_call_state = SSH_PENDING_CALL_AUTH_OFFER_PUBKEY;
rc = packet_send(session); rc = packet_send(session);
@@ -613,6 +516,7 @@ pending:
return rc; return rc;
fail: fail:
ssh_string_free(pubkey_s);
ssh_set_error_oom(session); ssh_set_error_oom(session);
ssh_buffer_reinit(session->out_buffer); ssh_buffer_reinit(session->out_buffer);
@@ -647,7 +551,7 @@ int ssh_userauth_publickey(ssh_session session,
const char *username, const char *username,
const ssh_key privkey) const ssh_key privkey)
{ {
ssh_string str; ssh_string str = NULL;
int rc; int rc;
if (session == NULL) { if (session == NULL) {
@@ -684,81 +588,26 @@ int ssh_userauth_publickey(ssh_session session,
return SSH_AUTH_ERROR; return SSH_AUTH_ERROR;
} }
/* request */
rc = buffer_add_u8(session->out_buffer, SSH2_MSG_USERAUTH_REQUEST);
if (rc < 0) {
goto fail;
}
/* username */
if (username) {
str = ssh_string_from_char(username);
} else {
str = ssh_string_from_char(session->opts.username);
}
if (str == NULL) {
goto fail;
}
rc = buffer_add_ssh_string(session->out_buffer, str);
ssh_string_free(str);
if (rc < 0) {
goto fail;
}
/* service */
str = ssh_string_from_char("ssh-connection");
if (str == NULL) {
goto fail;
}
rc = buffer_add_ssh_string(session->out_buffer, str);
ssh_string_free(str);
if (rc < 0) {
goto fail;
}
/* method */
str = ssh_string_from_char("publickey");
if (str == NULL) {
goto fail;
}
rc = buffer_add_ssh_string(session->out_buffer, str);
ssh_string_free(str);
if (rc < 0) {
goto fail;
}
/* private key? */
rc = buffer_add_u8(session->out_buffer, 1);
if (rc < 0) {
goto fail;
}
/* algo */
str = ssh_string_from_char(privkey->type_c);
if (str == NULL) {
goto fail;
}
rc = buffer_add_ssh_string(session->out_buffer, str);
ssh_string_free(str);
if (rc < 0) {
goto fail;
}
/* public key */ /* public key */
rc = ssh_pki_export_pubkey_blob(privkey, &str); rc = ssh_pki_export_pubkey_blob(privkey, &str);
if (rc < 0) { if (rc < 0) {
goto fail; goto fail;
} }
rc = buffer_add_ssh_string(session->out_buffer, str); /* request */
ssh_string_free(str); rc = ssh_buffer_pack(session->out_buffer, "bsssbsS",
SSH2_MSG_USERAUTH_REQUEST,
username ? username : session->opts.username,
"ssh-connection",
"publickey",
1, /* private key */
privkey->type_c, /* algo */
str /* public key */
);
if (rc < 0) { if (rc < 0) {
goto fail; goto fail;
} }
ssh_string_free(str);
/* sign the buffer with the private key */ /* sign the buffer with the private key */
str = ssh_pki_do_sign(session, session->out_buffer, privkey); str = ssh_pki_do_sign(session, session->out_buffer, privkey);
@@ -768,6 +617,7 @@ int ssh_userauth_publickey(ssh_session session,
rc = buffer_add_ssh_string(session->out_buffer, str); rc = buffer_add_ssh_string(session->out_buffer, str);
ssh_string_free(str); ssh_string_free(str);
str = NULL;
if (rc < 0) { if (rc < 0) {
goto fail; goto fail;
} }
@@ -787,6 +637,7 @@ pending:
return rc; return rc;
fail: fail:
ssh_string_free(str);
ssh_set_error_oom(session); ssh_set_error_oom(session);
ssh_buffer_reinit(session->out_buffer); ssh_buffer_reinit(session->out_buffer);
@@ -820,69 +671,6 @@ static int ssh_userauth_agent_publickey(ssh_session session,
return SSH_AUTH_ERROR; return SSH_AUTH_ERROR;
} }
/* request */
rc = buffer_add_u8(session->out_buffer, SSH2_MSG_USERAUTH_REQUEST);
if (rc < 0) {
goto fail;
}
/* username */
if (username) {
str = ssh_string_from_char(username);
} else {
str = ssh_string_from_char(session->opts.username);
}
if (str == NULL) {
goto fail;
}
rc = buffer_add_ssh_string(session->out_buffer, str);
ssh_string_free(str);
if (rc < 0) {
goto fail;
}
/* service */
str = ssh_string_from_char("ssh-connection");
if (str == NULL) {
goto fail;
}
rc = buffer_add_ssh_string(session->out_buffer, str);
ssh_string_free(str);
if (rc < 0) {
goto fail;
}
/* method */
str = ssh_string_from_char("publickey");
if (str == NULL) {
goto fail;
}
rc = buffer_add_ssh_string(session->out_buffer, str);
ssh_string_free(str);
if (rc < 0) {
goto fail;
}
/* private key? */
rc = buffer_add_u8(session->out_buffer, 1);
if (rc < 0) {
goto fail;
}
/* algo */
str = ssh_string_from_char(pubkey->type_c);
if (str == NULL) {
goto fail;
}
rc = buffer_add_ssh_string(session->out_buffer, str);
ssh_string_free(str);
if (rc < 0) {
goto fail;
}
/* public key */ /* public key */
rc = ssh_pki_export_pubkey_blob(pubkey, &str); rc = ssh_pki_export_pubkey_blob(pubkey, &str);
@@ -890,12 +678,22 @@ static int ssh_userauth_agent_publickey(ssh_session session,
goto fail; goto fail;
} }
rc = buffer_add_ssh_string(session->out_buffer, str); /* request */
ssh_string_free(str); rc = ssh_buffer_pack(session->out_buffer, "bsssbsS",
SSH2_MSG_USERAUTH_REQUEST,
username ? username : session->opts.username,
"ssh-connection",
"publickey",
1, /* private key */
pubkey->type_c, /* algo */
str /* public key */
);
if (rc < 0) { if (rc < 0) {
goto fail; goto fail;
} }
ssh_string_free(str);
/* sign the buffer with the private key */ /* sign the buffer with the private key */
str = ssh_pki_do_sign_agent(session, session->out_buffer, pubkey); str = ssh_pki_do_sign_agent(session, session->out_buffer, pubkey);
if (str == NULL) { if (str == NULL) {
@@ -1306,7 +1104,6 @@ int ssh_userauth_publickey_auto(ssh_session session,
int ssh_userauth_password(ssh_session session, int ssh_userauth_password(ssh_session session,
const char *username, const char *username,
const char *password) { const char *password) {
ssh_string str;
int rc; int rc;
#ifdef WITH_SSH1 #ifdef WITH_SSH1
@@ -1336,65 +1133,14 @@ int ssh_userauth_password(ssh_session session,
} }
/* request */ /* request */
rc = buffer_add_u8(session->out_buffer, SSH2_MSG_USERAUTH_REQUEST); rc = ssh_buffer_pack(session->out_buffer, "bsssbs",
if (rc < 0) { SSH2_MSG_USERAUTH_REQUEST,
goto fail; username ? username : session->opts.username,
} "ssh-connection",
"password",
/* username */ 0, /* false */
if (username) { password
str = ssh_string_from_char(username); );
} else {
str = ssh_string_from_char(session->opts.username);
}
if (str == NULL) {
goto fail;
}
rc = buffer_add_ssh_string(session->out_buffer, str);
ssh_string_free(str);
if (rc < 0) {
goto fail;
}
/* service */
str = ssh_string_from_char("ssh-connection");
if (str == NULL) {
goto fail;
}
rc = buffer_add_ssh_string(session->out_buffer, str);
ssh_string_free(str);
if (rc < 0) {
goto fail;
}
/* method */
str = ssh_string_from_char("password");
if (str == NULL) {
goto fail;
}
rc = buffer_add_ssh_string(session->out_buffer, str);
ssh_string_free(str);
if (rc < 0) {
goto fail;
}
/* FALSE */
rc = buffer_add_u8(session->out_buffer, 0);
if (rc < 0) {
goto fail;
}
/* password */
str = ssh_string_from_char(password);
if (str == NULL) {
goto fail;
}
rc = buffer_add_ssh_string(session->out_buffer, str);
ssh_string_free(str);
if (rc < 0) { if (rc < 0) {
goto fail; goto fail;
} }
@@ -1536,7 +1282,6 @@ static int ssh_userauth_kbdint_init(ssh_session session,
const char *username, const char *username,
const char *submethods) const char *submethods)
{ {
ssh_string str;
int rc; int rc;
if (session->pending_call_state == SSH_PENDING_CALL_AUTH_KBDINT_INIT) if (session->pending_call_state == SSH_PENDING_CALL_AUTH_KBDINT_INIT)
goto pending; goto pending;
@@ -1552,78 +1297,18 @@ static int ssh_userauth_kbdint_init(ssh_session session,
} }
/* request */ /* request */
rc = buffer_add_u8(session->out_buffer, SSH2_MSG_USERAUTH_REQUEST); rc = ssh_buffer_pack(session->out_buffer, "bsssss",
SSH2_MSG_USERAUTH_REQUEST,
username ? username : session->opts.username,
"ssh-connection",
"keyboard-interactive",
"", /* lang (ignore it) */
submethods ? submethods : ""
);
if (rc < 0) { if (rc < 0) {
goto fail; goto fail;
} }
/* username */
if (username) {
str = ssh_string_from_char(username);
} else {
str = ssh_string_from_char(session->opts.username);
}
if (str == NULL) {
goto fail;
}
rc = buffer_add_ssh_string(session->out_buffer, str);
ssh_string_free(str);
if (rc < 0) {
goto fail;
}
/* service */
str = ssh_string_from_char("ssh-connection");
if (str == NULL) {
goto fail;
}
rc = buffer_add_ssh_string(session->out_buffer, str);
ssh_string_free(str);
if (rc < 0) {
goto fail;
}
/* method */
str = ssh_string_from_char("keyboard-interactive");
if (str == NULL) {
goto fail;
}
rc = buffer_add_ssh_string(session->out_buffer, str);
ssh_string_free(str);
if (rc < 0) {
goto fail;
}
/* lang string (ignore it) */
str = ssh_string_from_char("");
if (str == NULL) {
goto fail;
}
rc = buffer_add_ssh_string(session->out_buffer, str);
ssh_string_free(str);
if (rc < 0) {
goto fail;
}
/* submethods */
if (submethods == NULL) {
submethods = "";
}
str = ssh_string_from_char(submethods);
if (str == NULL) {
goto fail;
}
rc = buffer_add_ssh_string(session->out_buffer, str);
ssh_string_free(str);
if (rc < 0) {
goto fail;
}
session->auth_state = SSH_AUTH_STATE_KBDINT_SENT; session->auth_state = SSH_AUTH_STATE_KBDINT_SENT;
session->pending_call_state = SSH_PENDING_CALL_AUTH_KBDINT_INIT; session->pending_call_state = SSH_PENDING_CALL_AUTH_KBDINT_INIT;
@@ -1660,7 +1345,6 @@ fail:
*/ */
static int ssh_userauth_kbdint_send(ssh_session session) static int ssh_userauth_kbdint_send(ssh_session session)
{ {
ssh_string answer;
uint32_t i; uint32_t i;
int rc; int rc;
if (session->pending_call_state == SSH_PENDING_CALL_AUTH_KBDINT_SEND) if (session->pending_call_state == SSH_PENDING_CALL_AUTH_KBDINT_SEND)
@@ -1669,29 +1353,17 @@ static int ssh_userauth_kbdint_send(ssh_session session)
ssh_set_error_invalid(session); ssh_set_error_invalid(session);
return SSH_ERROR; return SSH_ERROR;
} }
rc = buffer_add_u8(session->out_buffer, SSH2_MSG_USERAUTH_INFO_RESPONSE); rc = ssh_buffer_pack(session->out_buffer, "bd",
if (rc < 0) { SSH2_MSG_USERAUTH_INFO_RESPONSE,
goto fail; session->kbdint->nprompts);
}
rc = buffer_add_u32(session->out_buffer, htonl(session->kbdint->nprompts));
if (rc < 0) { if (rc < 0) {
goto fail; goto fail;
} }
for (i = 0; i < session->kbdint->nprompts; i++) { for (i = 0; i < session->kbdint->nprompts; i++) {
if (session->kbdint->answers && session->kbdint->answers[i]) { rc = ssh_buffer_pack(session->out_buffer, "s",
answer = ssh_string_from_char(session->kbdint->answers[i]); session->kbdint->answers && session->kbdint->answers[i] ?
} else { session->kbdint->answers[i]:"");
answer = ssh_string_from_char("");
}
if (answer == NULL) {
goto fail;
}
rc = buffer_add_ssh_string(session->out_buffer, answer);
ssh_string_burn(answer);
ssh_string_free(answer);
if (rc < 0) { if (rc < 0) {
goto fail; goto fail;
} }
@@ -1728,64 +1400,41 @@ fail:
* authentication state. * authentication state.
*/ */
SSH_PACKET_CALLBACK(ssh_packet_userauth_info_request) { SSH_PACKET_CALLBACK(ssh_packet_userauth_info_request) {
ssh_string name; /* name of the "asking" window showed to client */ ssh_string tmp = NULL;
ssh_string instruction;
ssh_string tmp;
uint32_t nprompts; uint32_t nprompts;
uint32_t i; uint32_t i;
int rc;
(void)user; (void)user;
(void)type; (void)type;
name = buffer_get_ssh_string(packet);
instruction = buffer_get_ssh_string(packet);
tmp = buffer_get_ssh_string(packet);
buffer_get_u32(packet, &nprompts);
/* We don't care about tmp */
ssh_string_free(tmp);
if (name == NULL || instruction == NULL) {
ssh_string_free(name);
ssh_string_free(instruction);
ssh_set_error(session, SSH_FATAL, "Invalid USERAUTH_INFO_REQUEST msg");
return SSH_PACKET_USED;
}
if (session->kbdint == NULL) { if (session->kbdint == NULL) {
session->kbdint = ssh_kbdint_new(); session->kbdint = ssh_kbdint_new();
if (session->kbdint == NULL) { if (session->kbdint == NULL) {
ssh_set_error_oom(session); ssh_set_error_oom(session);
ssh_string_free(name);
ssh_string_free(instruction);
return SSH_PACKET_USED; return SSH_PACKET_USED;
} }
} else { } else {
ssh_kbdint_clean(session->kbdint); ssh_kbdint_clean(session->kbdint);
} }
session->kbdint->name = ssh_string_to_char(name); rc = ssh_buffer_unpack(packet, "ssSd",
ssh_string_free(name); &session->kbdint->name, /* name of the "asking" window shown to client */
if (session->kbdint->name == NULL) { &session->kbdint->instruction,
ssh_set_error_oom(session); &tmp, /* to ignore */
ssh_kbdint_free(session->kbdint); &nprompts
ssh_string_free(instruction); );
return SSH_PACKET_USED; /* We don't care about tmp */
} ssh_string_free(tmp);
session->kbdint->instruction = ssh_string_to_char(instruction); if (rc != SSH_OK) {
ssh_string_free(instruction); ssh_set_error(session, SSH_FATAL, "Invalid USERAUTH_INFO_REQUEST msg");
if (session->kbdint->instruction == NULL) {
ssh_set_error_oom(session);
ssh_kbdint_free(session->kbdint); ssh_kbdint_free(session->kbdint);
session->kbdint = NULL; session->kbdint = NULL;
return SSH_PACKET_USED; return SSH_PACKET_USED;
} }
nprompts = ntohl(nprompts);
SSH_LOG(SSH_LOG_DEBUG, SSH_LOG(SSH_LOG_DEBUG,
"%d keyboard-interactive prompts", nprompts); "%d keyboard-interactive prompts", nprompts);
if (nprompts > KBDINT_MAX_PROMPT) { if (nprompts > KBDINT_MAX_PROMPT) {
@@ -1823,23 +1472,14 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_info_request) {
memset(session->kbdint->echo, 0, nprompts); memset(session->kbdint->echo, 0, nprompts);
for (i = 0; i < nprompts; i++) { for (i = 0; i < nprompts; i++) {
tmp = buffer_get_ssh_string(packet); rc = ssh_buffer_unpack(packet, "sb",
buffer_get_u8(packet, &session->kbdint->echo[i]); &session->kbdint->prompts[i],
if (tmp == NULL) { &session->kbdint->echo[i]);
if (rc == SSH_ERROR) {
ssh_set_error(session, SSH_FATAL, "Short INFO_REQUEST packet"); ssh_set_error(session, SSH_FATAL, "Short INFO_REQUEST packet");
ssh_kbdint_free(session->kbdint); ssh_kbdint_free(session->kbdint);
session->kbdint = NULL; session->kbdint = NULL;
return SSH_PACKET_USED;
}
session->kbdint->prompts[i] = ssh_string_to_char(tmp);
ssh_string_free(tmp);
if (session->kbdint->prompts[i] == NULL) {
ssh_set_error_oom(session);
session->kbdint->nprompts = i;
ssh_kbdint_free(session->kbdint);
session->kbdint = NULL;
return SSH_PACKET_USED; return SSH_PACKET_USED;
} }
} }