lib/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2025-11-30 13:01:23 +03:00
Code Activity

server: Use new pki infrastructure.

Browse Source
This commit is contained in:
Andreas Schneider
2011-08-22 14:29:39 +02:00
parent 245a354187
commit 4de4520559
4 changed files with 41 additions and 61 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
include/libssh/session.h
View File

@@ -129,8 +129,10 @@ struct ssh_session_struct {
struct ssh_kbdint_struct *kbdint;
int version; /* 1 or 2 */
/* server host keys */
ssh_private_key rsa_key;
ssh_private_key dsa_key;
struct {
ssh_key rsa_key;
ssh_key dsa_key;
} srv;
/* auths accepted by server */
int auth_methods;
int hostkeys; /* contains type of host key wanted by client, in server impl */

32
src/bind.c
View File

@@ -333,8 +333,6 @@ void ssh_bind_free(ssh_bind sshbind){
int ssh_bind_accept(ssh_bind sshbind, ssh_session session) {
ssh_key dsa = NULL;
ssh_key rsa = NULL;
socket_t fd = SSH_INVALID_SOCKET;
int i;
@@ -392,42 +390,20 @@ int ssh_bind_accept(ssh_bind sshbind, ssh_session session) {
ssh_socket_set_fd(session->socket, fd);
ssh_socket_get_poll_handle_out(session->socket);
/* FIXME */
#if 0
if (sshbind->dsa) {
session->dsa_key = ssh_key_dup(sshbind->dsa);
if (session->dsa_key == NULL) {
session->srv.dsa_key = ssh_key_dup(sshbind->dsa);
if (session->srv.dsa_key == NULL) {
ssh_set_error_oom(sshbind);
return SSH_ERROR;
}
}
if (sshbind->rsa) {
session->rsa_key = ssh_key_dup(sshbind->rsa);
if (session->rsa_key == NULL) {
session->srv.rsa_key = ssh_key_dup(sshbind->rsa);
if (session->srv.rsa_key == NULL) {
ssh_set_error_oom(sshbind);
return SSH_ERROR;
}
}
#else
if (sshbind->dsa) {
dsa = ssh_key_dup(sshbind->dsa);
if (dsa == NULL) {
ssh_set_error_oom(sshbind);
return SSH_ERROR;
}
session->dsa_key = ssh_pki_convert_key_to_privatekey(dsa);
}
if (sshbind->rsa) {
rsa = ssh_key_dup(sshbind->rsa);
if (rsa == NULL) {
ssh_set_error_oom(sshbind);
return SSH_ERROR;
}
session->rsa_key = ssh_pki_convert_key_to_privatekey(rsa);
}
#endif
return SSH_OK;
}

59
src/server.c
View File

@@ -54,7 +54,7 @@
#include "libssh/socket.h"
#include "libssh/session.h"
#include "libssh/misc.h"
#include "libssh/keys.h"
#include "libssh/pki.h"
#include "libssh/dh.h"
#include "libssh/messages.h"
@@ -89,12 +89,12 @@ static int server_set_kex(ssh_session session) {
ZERO_STRUCTP(server);
ssh_get_random(server->cookie, 16, 0);
if (session->dsa_key != NULL && session->rsa_key != NULL) {
if (session->srv.dsa_key != NULL && session->srv.rsa_key != NULL) {
if (ssh_options_set_algo(session, SSH_HOSTKEYS,
"ssh-dss,ssh-rsa") < 0) {
return -1;
}
} else if (session->dsa_key != NULL) {
} else if (session->srv.dsa_key != NULL) {
if (ssh_options_set_algo(session, SSH_HOSTKEYS, "ssh-dss") < 0) {
return -1;
}
@@ -155,11 +155,11 @@ SSH_PACKET_CALLBACK(ssh_packet_kexdh_init){
}
static int dh_handshake_server(ssh_session session) {
ssh_key pubkey;
ssh_key privkey;
ssh_string pubkey_blob;
ssh_string sig_blob;
ssh_string f;
ssh_string pubkey;
ssh_string sign;
ssh_public_key pub;
ssh_private_key prv;
if (dh_generate_y(session) < 0) {
ssh_set_error(session, SSH_FATAL, "Could not create y number");
@@ -178,31 +178,32 @@ static int dh_handshake_server(ssh_session session) {
switch(session->hostkeys){
case SSH_KEYTYPE_DSS:
prv = session->dsa_key;
privkey = session->srv.dsa_key;
break;
case SSH_KEYTYPE_RSA:
prv = session->rsa_key;
privkey = session->srv.rsa_key;
break;
default:
prv = NULL;
privkey = NULL;
}
pub = publickey_from_privatekey(prv);
if (pub == NULL) {
pubkey = ssh_pki_publickey_from_privatekey(privkey);
if (pubkey == NULL) {
ssh_set_error(session, SSH_FATAL,
"Could not get the public key from the private key");
ssh_string_free(f);
return -1;
}
pubkey = publickey_to_string(pub);
publickey_free(pub);
if (pubkey == NULL) {
ssh_set_error(session, SSH_FATAL, "Not enough space");
pubkey_blob = ssh_pki_export_pubkey_blob(pubkey);
ssh_key_free(pubkey);
if (pubkey_blob == NULL) {
ssh_set_error_oom(session);
ssh_string_free(f);
return -1;
}
dh_import_pubkey(session, pubkey);
dh_import_pubkey(session, pubkey_blob);
if (dh_build_k(session) < 0) {
ssh_set_error(session, SSH_FATAL, "Could not import the public key");
ssh_string_free(f);
@@ -215,35 +216,35 @@ static int dh_handshake_server(ssh_session session) {
return -1;
}
sign = ssh_sign_session_id(session, prv);
if (sign == NULL) {
sig_blob = ssh_srv_pki_do_sign_sessionid(session, privkey);
if (sig_blob == NULL) {
ssh_set_error(session, SSH_FATAL, "Could not sign the session id");
ssh_string_free(f);
return -1;
}
/* Free private keys as they should not be readable after this point */
if (session->rsa_key) {
privatekey_free(session->rsa_key);
session->rsa_key = NULL;
if (session->srv.rsa_key) {
ssh_key_free(session->srv.rsa_key);
session->srv.rsa_key = NULL;
}
if (session->dsa_key) {
privatekey_free(session->dsa_key);
session->dsa_key = NULL;
if (session->srv.dsa_key) {
ssh_key_free(session->srv.dsa_key);
session->srv.dsa_key = NULL;
}
if (buffer_add_u8(session->out_buffer, SSH2_MSG_KEXDH_REPLY) < 0 ||
buffer_add_ssh_string(session->out_buffer, pubkey) < 0 ||
buffer_add_ssh_string(session->out_buffer, pubkey_blob) < 0 ||
buffer_add_ssh_string(session->out_buffer, f) < 0 ||
buffer_add_ssh_string(session->out_buffer, sign) < 0) {
buffer_add_ssh_string(session->out_buffer, sig_blob) < 0) {
ssh_set_error(session, SSH_FATAL, "Not enough space");
buffer_reinit(session->out_buffer);
ssh_string_free(f);
ssh_string_free(sign);
ssh_string_free(sig_blob);
return -1;
}
ssh_string_free(f);
ssh_string_free(sign);
ssh_string_free(sig_blob);
if (packet_send(session) == SSH_ERROR) {
return -1;
}

5
src/session.c
View File

@@ -207,8 +207,9 @@ void ssh_free(ssh_session session) {
SAFE_FREE(session->client_kex.methods);
SAFE_FREE(session->server_kex.methods);
privatekey_free(session->dsa_key);
privatekey_free(session->rsa_key);
ssh_key_free(session->srv.dsa_key);
ssh_key_free(session->srv.rsa_key);
if(session->ssh_message_list){
ssh_message msg;
while((msg=ssh_list_pop_head(ssh_message ,session->ssh_message_list))