mirror of
https://git.libssh.org/projects/libssh.git
synced 2025-11-30 13:01:23 +03:00
server: Use new pki infrastructure.
This commit is contained in:
Andreas Schneider
@@ -129,8 +129,10 @@ struct ssh_session_struct {
|
|||||||
struct ssh_kbdint_struct *kbdint;
|
struct ssh_kbdint_struct *kbdint;
|
||||||
int version; /* 1 or 2 */
|
int version; /* 1 or 2 */
|
||||||
/* server host keys */
|
/* server host keys */
|
||||||
ssh_private_key rsa_key;
|
struct {
|
||||||
ssh_private_key dsa_key;
|
ssh_key rsa_key;
|
||||||
|
ssh_key dsa_key;
|
||||||
|
} srv;
|
||||||
/* auths accepted by server */
|
/* auths accepted by server */
|
||||||
int auth_methods;
|
int auth_methods;
|
||||||
int hostkeys; /* contains type of host key wanted by client, in server impl */
|
int hostkeys; /* contains type of host key wanted by client, in server impl */
|
||||||
|
|||||||
32
src/bind.c
32
src/bind.c
@@ -333,8 +333,6 @@ void ssh_bind_free(ssh_bind sshbind){
|
|||||||
|
|
||||||
|
|
||||||
int ssh_bind_accept(ssh_bind sshbind, ssh_session session) {
|
int ssh_bind_accept(ssh_bind sshbind, ssh_session session) {
|
||||||
ssh_key dsa = NULL;
|
|
||||||
ssh_key rsa = NULL;
|
|
||||||
socket_t fd = SSH_INVALID_SOCKET;
|
socket_t fd = SSH_INVALID_SOCKET;
|
||||||
int i;
|
int i;
|
||||||
|
|
||||||
@@ -392,42 +390,20 @@ int ssh_bind_accept(ssh_bind sshbind, ssh_session session) {
|
|||||||
ssh_socket_set_fd(session->socket, fd);
|
ssh_socket_set_fd(session->socket, fd);
|
||||||
ssh_socket_get_poll_handle_out(session->socket);
|
ssh_socket_get_poll_handle_out(session->socket);
|
||||||
|
|
||||||
/* FIXME */
|
|
||||||
#if 0
|
|
||||||
if (sshbind->dsa) {
|
if (sshbind->dsa) {
|
||||||
session->dsa_key = ssh_key_dup(sshbind->dsa);
|
session->srv.dsa_key = ssh_key_dup(sshbind->dsa);
|
||||||
if (session->dsa_key == NULL) {
|
if (session->srv.dsa_key == NULL) {
|
||||||
ssh_set_error_oom(sshbind);
|
ssh_set_error_oom(sshbind);
|
||||||
return SSH_ERROR;
|
return SSH_ERROR;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (sshbind->rsa) {
|
if (sshbind->rsa) {
|
||||||
session->rsa_key = ssh_key_dup(sshbind->rsa);
|
session->srv.rsa_key = ssh_key_dup(sshbind->rsa);
|
||||||
if (session->rsa_key == NULL) {
|
if (session->srv.rsa_key == NULL) {
|
||||||
ssh_set_error_oom(sshbind);
|
ssh_set_error_oom(sshbind);
|
||||||
return SSH_ERROR;
|
return SSH_ERROR;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#else
|
|
||||||
if (sshbind->dsa) {
|
|
||||||
dsa = ssh_key_dup(sshbind->dsa);
|
|
||||||
if (dsa == NULL) {
|
|
||||||
ssh_set_error_oom(sshbind);
|
|
||||||
return SSH_ERROR;
|
|
||||||
}
|
|
||||||
session->dsa_key = ssh_pki_convert_key_to_privatekey(dsa);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (sshbind->rsa) {
|
|
||||||
rsa = ssh_key_dup(sshbind->rsa);
|
|
||||||
if (rsa == NULL) {
|
|
||||||
ssh_set_error_oom(sshbind);
|
|
||||||
return SSH_ERROR;
|
|
||||||
}
|
|
||||||
session->rsa_key = ssh_pki_convert_key_to_privatekey(rsa);
|
|
||||||
}
|
|
||||||
|
|
||||||
#endif
|
|
||||||
|
|
||||||
return SSH_OK;
|
return SSH_OK;
|
||||||
}
|
}
|
||||||
|
|||||||
59
src/server.c
59
src/server.c
@@ -54,7 +54,7 @@
|
|||||||
#include "libssh/socket.h"
|
#include "libssh/socket.h"
|
||||||
#include "libssh/session.h"
|
#include "libssh/session.h"
|
||||||
#include "libssh/misc.h"
|
#include "libssh/misc.h"
|
||||||
#include "libssh/keys.h"
|
#include "libssh/pki.h"
|
||||||
#include "libssh/dh.h"
|
#include "libssh/dh.h"
|
||||||
#include "libssh/messages.h"
|
#include "libssh/messages.h"
|
||||||
|
|
||||||
@@ -89,12 +89,12 @@ static int server_set_kex(ssh_session session) {
|
|||||||
|
|
||||||
ZERO_STRUCTP(server);
|
ZERO_STRUCTP(server);
|
||||||
ssh_get_random(server->cookie, 16, 0);
|
ssh_get_random(server->cookie, 16, 0);
|
||||||
if (session->dsa_key != NULL && session->rsa_key != NULL) {
|
if (session->srv.dsa_key != NULL && session->srv.rsa_key != NULL) {
|
||||||
if (ssh_options_set_algo(session, SSH_HOSTKEYS,
|
if (ssh_options_set_algo(session, SSH_HOSTKEYS,
|
||||||
"ssh-dss,ssh-rsa") < 0) {
|
"ssh-dss,ssh-rsa") < 0) {
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
} else if (session->dsa_key != NULL) {
|
} else if (session->srv.dsa_key != NULL) {
|
||||||
if (ssh_options_set_algo(session, SSH_HOSTKEYS, "ssh-dss") < 0) {
|
if (ssh_options_set_algo(session, SSH_HOSTKEYS, "ssh-dss") < 0) {
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
@@ -155,11 +155,11 @@ SSH_PACKET_CALLBACK(ssh_packet_kexdh_init){
|
|||||||
}
|
}
|
||||||
|
|
||||||
static int dh_handshake_server(ssh_session session) {
|
static int dh_handshake_server(ssh_session session) {
|
||||||
|
ssh_key pubkey;
|
||||||
|
ssh_key privkey;
|
||||||
|
ssh_string pubkey_blob;
|
||||||
|
ssh_string sig_blob;
|
||||||
ssh_string f;
|
ssh_string f;
|
||||||
ssh_string pubkey;
|
|
||||||
ssh_string sign;
|
|
||||||
ssh_public_key pub;
|
|
||||||
ssh_private_key prv;
|
|
||||||
|
|
||||||
if (dh_generate_y(session) < 0) {
|
if (dh_generate_y(session) < 0) {
|
||||||
ssh_set_error(session, SSH_FATAL, "Could not create y number");
|
ssh_set_error(session, SSH_FATAL, "Could not create y number");
|
||||||
@@ -178,31 +178,32 @@ static int dh_handshake_server(ssh_session session) {
|
|||||||
|
|
||||||
switch(session->hostkeys){
|
switch(session->hostkeys){
|
||||||
case SSH_KEYTYPE_DSS:
|
case SSH_KEYTYPE_DSS:
|
||||||
prv = session->dsa_key;
|
privkey = session->srv.dsa_key;
|
||||||
break;
|
break;
|
||||||
case SSH_KEYTYPE_RSA:
|
case SSH_KEYTYPE_RSA:
|
||||||
prv = session->rsa_key;
|
privkey = session->srv.rsa_key;
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
prv = NULL;
|
privkey = NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
pub = publickey_from_privatekey(prv);
|
pubkey = ssh_pki_publickey_from_privatekey(privkey);
|
||||||
if (pub == NULL) {
|
if (pubkey == NULL) {
|
||||||
ssh_set_error(session, SSH_FATAL,
|
ssh_set_error(session, SSH_FATAL,
|
||||||
"Could not get the public key from the private key");
|
"Could not get the public key from the private key");
|
||||||
ssh_string_free(f);
|
ssh_string_free(f);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
pubkey = publickey_to_string(pub);
|
|
||||||
publickey_free(pub);
|
pubkey_blob = ssh_pki_export_pubkey_blob(pubkey);
|
||||||
if (pubkey == NULL) {
|
ssh_key_free(pubkey);
|
||||||
ssh_set_error(session, SSH_FATAL, "Not enough space");
|
if (pubkey_blob == NULL) {
|
||||||
|
ssh_set_error_oom(session);
|
||||||
ssh_string_free(f);
|
ssh_string_free(f);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
dh_import_pubkey(session, pubkey);
|
dh_import_pubkey(session, pubkey_blob);
|
||||||
if (dh_build_k(session) < 0) {
|
if (dh_build_k(session) < 0) {
|
||||||
ssh_set_error(session, SSH_FATAL, "Could not import the public key");
|
ssh_set_error(session, SSH_FATAL, "Could not import the public key");
|
||||||
ssh_string_free(f);
|
ssh_string_free(f);
|
||||||
@@ -215,35 +216,35 @@ static int dh_handshake_server(ssh_session session) {
|
|||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
sign = ssh_sign_session_id(session, prv);
|
sig_blob = ssh_srv_pki_do_sign_sessionid(session, privkey);
|
||||||
if (sign == NULL) {
|
if (sig_blob == NULL) {
|
||||||
ssh_set_error(session, SSH_FATAL, "Could not sign the session id");
|
ssh_set_error(session, SSH_FATAL, "Could not sign the session id");
|
||||||
ssh_string_free(f);
|
ssh_string_free(f);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Free private keys as they should not be readable after this point */
|
/* Free private keys as they should not be readable after this point */
|
||||||
if (session->rsa_key) {
|
if (session->srv.rsa_key) {
|
||||||
privatekey_free(session->rsa_key);
|
ssh_key_free(session->srv.rsa_key);
|
||||||
session->rsa_key = NULL;
|
session->srv.rsa_key = NULL;
|
||||||
}
|
}
|
||||||
if (session->dsa_key) {
|
if (session->srv.dsa_key) {
|
||||||
privatekey_free(session->dsa_key);
|
ssh_key_free(session->srv.dsa_key);
|
||||||
session->dsa_key = NULL;
|
session->srv.dsa_key = NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (buffer_add_u8(session->out_buffer, SSH2_MSG_KEXDH_REPLY) < 0 ||
|
if (buffer_add_u8(session->out_buffer, SSH2_MSG_KEXDH_REPLY) < 0 ||
|
||||||
buffer_add_ssh_string(session->out_buffer, pubkey) < 0 ||
|
buffer_add_ssh_string(session->out_buffer, pubkey_blob) < 0 ||
|
||||||
buffer_add_ssh_string(session->out_buffer, f) < 0 ||
|
buffer_add_ssh_string(session->out_buffer, f) < 0 ||
|
||||||
buffer_add_ssh_string(session->out_buffer, sign) < 0) {
|
buffer_add_ssh_string(session->out_buffer, sig_blob) < 0) {
|
||||||
ssh_set_error(session, SSH_FATAL, "Not enough space");
|
ssh_set_error(session, SSH_FATAL, "Not enough space");
|
||||||
buffer_reinit(session->out_buffer);
|
buffer_reinit(session->out_buffer);
|
||||||
ssh_string_free(f);
|
ssh_string_free(f);
|
||||||
ssh_string_free(sign);
|
ssh_string_free(sig_blob);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
ssh_string_free(f);
|
ssh_string_free(f);
|
||||||
ssh_string_free(sign);
|
ssh_string_free(sig_blob);
|
||||||
if (packet_send(session) == SSH_ERROR) {
|
if (packet_send(session) == SSH_ERROR) {
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -207,8 +207,9 @@ void ssh_free(ssh_session session) {
|
|||||||
SAFE_FREE(session->client_kex.methods);
|
SAFE_FREE(session->client_kex.methods);
|
||||||
SAFE_FREE(session->server_kex.methods);
|
SAFE_FREE(session->server_kex.methods);
|
||||||
|
|
||||||
privatekey_free(session->dsa_key);
|
ssh_key_free(session->srv.dsa_key);
|
||||||
privatekey_free(session->rsa_key);
|
ssh_key_free(session->srv.rsa_key);
|
||||||
|
|
||||||
if(session->ssh_message_list){
|
if(session->ssh_message_list){
|
||||||
ssh_message msg;
|
ssh_message msg;
|
||||||
while((msg=ssh_list_pop_head(ssh_message ,session->ssh_message_list))
|
while((msg=ssh_list_pop_head(ssh_message ,session->ssh_message_list))
|
||||||
|
|||||||
Reference in New Issue
Block a user