auth: Make ssh_userauth_autopubkey legacy.

2025-11-30 13:01:23 +03:00 · 2011-08-25 09:54:26 +02:00
parent 21261270e5
commit 89253fd22a
7 changed files with 9 additions and 176 deletions
--- a/src/auth.c
+++ b/src/auth.c
@@ -1435,177 +1435,6 @@ error:
  return rc;
 }

-/**
- * @brief Tries to automatically authenticate with public key and "none"
- *
- * It may fail, for instance it doesn't ask for a password and uses a default
- * asker for passphrases (in case the private key is encrypted).
- *
- * @param[in]  session  The ssh session to authenticate with.
- *
- * @param[in]  passphrase Use this passphrase to unlock the privatekey. Use NULL
- *                        if you don't want to use a passphrase or the user
- *                        should be asked.
- *
- * @returns SSH_AUTH_ERROR:   A serious error happened\n
- *          SSH_AUTH_DENIED:  Authentication failed: use another method\n
- *          SSH_AUTH_PARTIAL: You've been partially authenticated, you still
- *                            have to use another method\n
- *          SSH_AUTH_SUCCESS: Authentication success
- *
- * @see ssh_userauth_kbdint()
- * @see ssh_userauth_password()
- */
-int ssh_userauth_autopubkey(ssh_session session, const char *passphrase) {
-  struct ssh_iterator *it;
-  ssh_private_key privkey;
-  ssh_public_key pubkey;
-  ssh_string pubkey_string;
-  int type = 0;
-  int rc;
-
-  enter_function();
-
-  /* Always test none authentication */
-  rc = ssh_userauth_none(session, NULL);
-  if (rc == SSH_AUTH_ERROR || rc == SSH_AUTH_SUCCESS) {
-    leave_function();
-    return rc;
-  }
-
-  /* Try authentication with ssh-agent first */
-#ifndef _WIN32
-  rc = ssh_userauth_agent(session, NULL);
-  if (rc == SSH_AUTH_ERROR || rc == SSH_AUTH_SUCCESS) {
-    leave_function();
-    return rc;
-  }
-
-#endif
-
-  for (it = ssh_list_get_iterator(session->identity);
-       it != NULL;
-       it = it->next) {
-    const char *privkey_file = it->data;
-    int privkey_open = 0;
-
-    privkey = NULL;
-
-    ssh_log(session, SSH_LOG_PROTOCOL, "Trying to read privatekey %s", privkey_file);
-
-    rc = ssh_try_publickey_from_file(session, privkey_file, &pubkey_string, &type);
-    if (rc == 1) {
-      char *publickey_file;
-      size_t len;
-
-      privkey = privatekey_from_file(session, privkey_file, type, passphrase);
-      if (privkey == NULL) {
-        ssh_log(session, SSH_LOG_RARE,
-          "Reading private key %s failed (bad passphrase ?)",
-          privkey_file);
-        leave_function();
-        return SSH_AUTH_ERROR;
-      }
-      privkey_open = 1;
-
-      pubkey = publickey_from_privatekey(privkey);
-      if (pubkey == NULL) {
-        privatekey_free(privkey);
-        ssh_set_error_oom(session);
-        leave_function();
-        return SSH_AUTH_ERROR;
-      }
-
-      pubkey_string = publickey_to_string(pubkey);
-      type = pubkey->type;
-      publickey_free(pubkey);
-      if (pubkey_string == NULL) {
-        ssh_set_error_oom(session);
-        leave_function();
-        return SSH_AUTH_ERROR;
-      }
-
-      len = strlen(privkey_file) + 5;
-      publickey_file = malloc(len);
-      if (publickey_file == NULL) {
-        ssh_set_error_oom(session);
-        leave_function();
-        return SSH_AUTH_ERROR;
-      }
-      snprintf(publickey_file, len, "%s.pub", privkey_file);
-      rc = ssh_publickey_to_file(session, publickey_file, pubkey_string, type);
-      if (rc < 0) {
-        ssh_log(session, SSH_LOG_PACKET,
-            "Could not write public key to file: %s", publickey_file);
-      }
-      SAFE_FREE(publickey_file);
-    } else if (rc < 0) {
-      continue;
-    }
-
-    rc = ssh_userauth_offer_pubkey(session, NULL, type, pubkey_string);
-    if (rc == SSH_AUTH_ERROR){
-      ssh_string_free(pubkey_string);
-      ssh_log(session, SSH_LOG_RARE, "Publickey authentication error");
-      leave_function();
-      return rc;
-    } else {
-      if (rc != SSH_AUTH_SUCCESS){
-        ssh_log(session, SSH_LOG_PROTOCOL, "Publickey refused by server");
-        ssh_string_free(pubkey_string);
-        continue;
-      }
-    }
-
-    /* Public key accepted by server! */
-    if (!privkey_open) {
-      ssh_log(session, SSH_LOG_PROTOCOL, "Trying to read privatekey %s",
-          privkey_file);
-      privkey = privatekey_from_file(session, privkey_file, type, passphrase);
-      if (privkey == NULL) {
-        ssh_log(session, SSH_LOG_RARE,
-            "Reading private key %s failed (bad passphrase ?)",
-            privkey_file);
-        ssh_string_free(pubkey_string);
-        continue; /* continue the loop with other pubkey */
-      }
-    }
-
-    rc = ssh_userauth_pubkey(session, NULL, pubkey_string, privkey);
-    if (rc == SSH_AUTH_ERROR) {
-      ssh_string_free(pubkey_string);
-      privatekey_free(privkey);
-      leave_function();
-      return rc;
-    } else {
-      if (rc != SSH_AUTH_SUCCESS){
-        ssh_log(session, SSH_LOG_RARE,
-            "The server accepted the public key but refused the signature");
-        ssh_string_free(pubkey_string);
-        privatekey_free(privkey);
-        continue;
-      }
-    }
-
-    /* auth success */
-    ssh_log(session, SSH_LOG_PROTOCOL,
-        "Successfully authenticated using %s", privkey_file);
-    ssh_string_free(pubkey_string);
-    privatekey_free(privkey);
-
-    leave_function();
-    return SSH_AUTH_SUCCESS;
-  }
-
-  /* at this point, pubkey is NULL and so is privkeyfile */
-  ssh_log(session, SSH_LOG_PROTOCOL,
-      "Tried every public key, none matched");
-  ssh_set_error(session,SSH_NO_ERROR,"No public key matched");
-
-  leave_function();
-  return SSH_AUTH_DENIED;
-}
-
 ssh_kbdint kbdint_new(void) {
  ssh_kbdint kbd;