| version 1.10.2.1, 2000/06/12 02:37:38 |
version 1.10.2.2, 2000/09/01 18:23:24 |
|
|
| #include "dsa.h" |
#include "dsa.h" |
| #include "sshconnect.h" |
#include "sshconnect.h" |
| #include "authfile.h" |
#include "authfile.h" |
| |
#include "authfd.h" |
| |
|
| /* import */ |
/* import */ |
| extern char *client_version_string; |
extern char *client_version_string; |
|
|
| return 1; |
return 1; |
| } |
} |
| |
|
| |
typedef int sign_fn( |
| |
Key *key, |
| |
unsigned char **sigp, int *lenp, |
| |
unsigned char *data, int datalen); |
| |
|
| int |
int |
| ssh2_try_pubkey(char *filename, |
ssh2_sign_and_send_pubkey(Key *k, sign_fn *do_sign, |
| const char *server_user, const char *host, const char *service) |
const char *server_user, const char *host, const char *service) |
| { |
{ |
| Buffer b; |
Buffer b; |
| Key *k; |
|
| unsigned char *blob, *signature; |
unsigned char *blob, *signature; |
| int bloblen, slen; |
int bloblen, slen; |
| struct stat st; |
int skip = 0; |
| |
int ret = -1; |
| |
|
| if (stat(filename, &st) != 0) { |
|
| debug("key does not exist: %s", filename); |
|
| return 0; |
|
| } |
|
| debug("try pubkey: %s", filename); |
|
| |
|
| k = key_new(KEY_DSA); |
|
| if (!load_private_key(filename, "", k, NULL)) { |
|
| int success = 0; |
|
| char *passphrase; |
|
| char prompt[300]; |
|
| snprintf(prompt, sizeof prompt, |
|
| "Enter passphrase for DSA key '%.100s': ", |
|
| filename); |
|
| passphrase = read_passphrase(prompt, 0); |
|
| success = load_private_key(filename, passphrase, k, NULL); |
|
| memset(passphrase, 0, strlen(passphrase)); |
|
| xfree(passphrase); |
|
| if (!success) |
|
| return 0; |
|
| } |
|
| dsa_make_key_blob(k, &blob, &bloblen); |
dsa_make_key_blob(k, &blob, &bloblen); |
| |
|
| /* data to be signed */ |
/* data to be signed */ |
| buffer_init(&b); |
buffer_init(&b); |
| buffer_append(&b, session_id2, session_id2_len); |
if (datafellows & SSH_COMPAT_SESSIONID_ENCODING) { |
| |
buffer_put_string(&b, session_id2, session_id2_len); |
| |
skip = buffer_len(&b); |
| |
} else { |
| |
buffer_append(&b, session_id2, session_id2_len); |
| |
skip = session_id2_len; |
| |
} |
| buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST); |
buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST); |
| buffer_put_cstring(&b, server_user); |
buffer_put_cstring(&b, server_user); |
| buffer_put_cstring(&b, |
buffer_put_cstring(&b, |
|
|
| buffer_put_string(&b, blob, bloblen); |
buffer_put_string(&b, blob, bloblen); |
| |
|
| /* generate signature */ |
/* generate signature */ |
| dsa_sign(k, &signature, &slen, buffer_ptr(&b), buffer_len(&b)); |
ret = do_sign(k, &signature, &slen, buffer_ptr(&b), buffer_len(&b)); |
| key_free(k); |
if (ret == -1) { |
| |
xfree(blob); |
| |
buffer_free(&b); |
| |
return 0; |
| |
} |
| #ifdef DEBUG_DSS |
#ifdef DEBUG_DSS |
| buffer_dump(&b); |
buffer_dump(&b); |
| #endif |
#endif |
| if (datafellows & SSH_BUG_PUBKEYAUTH) { |
if (datafellows & SSH_BUG_PUBKEYAUTH) { |
| /* e.g. ssh-2.0.13: data-to-be-signed != data-on-the-wire */ |
|
| buffer_clear(&b); |
buffer_clear(&b); |
| buffer_append(&b, session_id2, session_id2_len); |
buffer_append(&b, session_id2, session_id2_len); |
| buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST); |
buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST); |
|
|
| xfree(signature); |
xfree(signature); |
| |
|
| /* skip session id and packet type */ |
/* skip session id and packet type */ |
| if (buffer_len(&b) < session_id2_len + 1) |
if (buffer_len(&b) < skip + 1) |
| fatal("ssh2_try_pubkey: internal error"); |
fatal("ssh2_try_pubkey: internal error"); |
| buffer_consume(&b, session_id2_len + 1); |
buffer_consume(&b, skip + 1); |
| |
|
| /* put remaining data from buffer into packet */ |
/* put remaining data from buffer into packet */ |
| packet_start(SSH2_MSG_USERAUTH_REQUEST); |
packet_start(SSH2_MSG_USERAUTH_REQUEST); |
|
|
| /* send */ |
/* send */ |
| packet_send(); |
packet_send(); |
| packet_write_wait(); |
packet_write_wait(); |
| |
|
| return 1; |
return 1; |
| } |
} |
| |
|
| |
int |
| |
ssh2_try_pubkey(char *filename, |
| |
const char *server_user, const char *host, const char *service) |
| |
{ |
| |
Key *k; |
| |
int ret = 0; |
| |
struct stat st; |
| |
|
| |
if (stat(filename, &st) != 0) { |
| |
debug("key does not exist: %s", filename); |
| |
return 0; |
| |
} |
| |
debug("try pubkey: %s", filename); |
| |
|
| |
k = key_new(KEY_DSA); |
| |
if (!load_private_key(filename, "", k, NULL)) { |
| |
int success = 0; |
| |
char *passphrase; |
| |
char prompt[300]; |
| |
snprintf(prompt, sizeof prompt, |
| |
"Enter passphrase for DSA key '%.100s': ", |
| |
filename); |
| |
passphrase = read_passphrase(prompt, 0); |
| |
success = load_private_key(filename, passphrase, k, NULL); |
| |
memset(passphrase, 0, strlen(passphrase)); |
| |
xfree(passphrase); |
| |
if (!success) { |
| |
key_free(k); |
| |
return 0; |
| |
} |
| |
} |
| |
ret = ssh2_sign_and_send_pubkey(k, dsa_sign, server_user, host, service); |
| |
key_free(k); |
| |
return ret; |
| |
} |
| |
|
| |
int agent_sign( |
| |
Key *key, |
| |
unsigned char **sigp, int *lenp, |
| |
unsigned char *data, int datalen) |
| |
{ |
| |
int ret = -1; |
| |
AuthenticationConnection *ac = ssh_get_authentication_connection(); |
| |
if (ac != NULL) { |
| |
ret = ssh_agent_sign(ac, key, sigp, lenp, data, datalen); |
| |
ssh_close_authentication_connection(ac); |
| |
} |
| |
return ret; |
| |
} |
| |
|
| |
int |
| |
ssh2_try_agent(AuthenticationConnection *ac, |
| |
const char *server_user, const char *host, const char *service) |
| |
{ |
| |
static int called = 0; |
| |
char *comment; |
| |
Key *k; |
| |
int ret; |
| |
|
| |
if (called == 0) { |
| |
k = ssh_get_first_identity(ac, &comment, 2); |
| |
called ++; |
| |
} else { |
| |
k = ssh_get_next_identity(ac, &comment, 2); |
| |
} |
| |
if (k == NULL) |
| |
return 0; |
| |
debug("trying DSA agent key %s", comment); |
| |
xfree(comment); |
| |
ret = ssh2_sign_and_send_pubkey(k, agent_sign, server_user, host, service); |
| |
key_free(k); |
| |
return ret; |
| |
} |
| |
|
| void |
void |
| ssh_userauth2(const char *server_user, char *host) |
ssh_userauth2(const char *server_user, char *host) |
| { |
{ |
| |
AuthenticationConnection *ac = ssh_get_authentication_connection(); |
| int type; |
int type; |
| int plen; |
int plen; |
| int sent; |
int sent; |
|
|
| debug("partial success"); |
debug("partial success"); |
| if (options.dsa_authentication && |
if (options.dsa_authentication && |
| strstr(auths, "publickey") != NULL) { |
strstr(auths, "publickey") != NULL) { |
| while (i < options.num_identity_files2) { |
if (ac != NULL) |
| sent = ssh2_try_pubkey( |
sent = ssh2_try_agent(ac, |
| options.identity_files2[i++], |
|
| server_user, host, service); |
server_user, host, service); |
| if (sent) |
if (!sent) { |
| break; |
while (i < options.num_identity_files2) { |
| |
sent = ssh2_try_pubkey( |
| |
options.identity_files2[i++], |
| |
server_user, host, service); |
| |
if (sent) |
| |
break; |
| |
} |
| } |
} |
| } |
} |
| if (!sent) { |
if (!sent) { |
|
|
| fatal("Permission denied (%s).", auths); |
fatal("Permission denied (%s).", auths); |
| xfree(auths); |
xfree(auths); |
| } |
} |
| |
if (ac != NULL) |
| |
ssh_close_authentication_connection(ac); |
| packet_done(); |
packet_done(); |
| debug("ssh-userauth2 successfull"); |
debug("ssh-userauth2 successfull"); |
| } |
} |
![[BACK]](/icons/back.gif){kind=icon}
Return to sshconnect2.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh