version 1.285, 2018/09/14 04:17:12 |
version 1.286, 2018/09/14 04:44:04 |
|
|
return 0; |
return 0; |
} |
} |
|
|
/* |
|
* Format an identity for logging including filename, key type, fingerprint |
|
* and location (agent, etc.). Caller must free. |
|
*/ |
|
static char * |
|
format_identity(Identity *id) |
|
{ |
|
char *fp, *ret = NULL; |
|
|
|
if ((fp = sshkey_fingerprint(id->key, options.fingerprint_hash, |
|
SSH_FP_DEFAULT)) == NULL) |
|
fatal("%s: sshkey_fingerprint failed", __func__); |
|
xasprintf(&ret, "%s %s %s%s%s%s", |
|
id->filename, sshkey_type(id->key), fp, |
|
id->userprovided ? ", explicit" : "", |
|
(id->key->flags & SSHKEY_FLAG_EXT) ? ", token" : "", |
|
id->agent_fd != -1 ? ", agent" : ""); |
|
free(fp); |
|
return ret; |
|
} |
|
|
|
/* ARGSUSED */ |
/* ARGSUSED */ |
int |
int |
input_userauth_pk_ok(int type, u_int32_t seq, struct ssh *ssh) |
input_userauth_pk_ok(int type, u_int32_t seq, struct ssh *ssh) |
|
|
Authctxt *authctxt = ssh->authctxt; |
Authctxt *authctxt = ssh->authctxt; |
struct sshkey *key = NULL; |
struct sshkey *key = NULL; |
Identity *id = NULL; |
Identity *id = NULL; |
int pktype, found = 0, sent = 0; |
int pktype, sent = 0; |
size_t blen; |
size_t blen; |
char *pkalg = NULL, *fp = NULL, *ident = NULL; |
char *pkalg = NULL, *fp; |
u_char *pkblob = NULL; |
u_char *pkblob = NULL; |
int r; |
int r; |
|
|
|
|
(r = sshpkt_get_end(ssh)) != 0) |
(r = sshpkt_get_end(ssh)) != 0) |
goto done; |
goto done; |
|
|
|
debug("Server accepts key: pkalg %s blen %zu", pkalg, blen); |
|
|
if ((pktype = sshkey_type_from_name(pkalg)) == KEY_UNSPEC) { |
if ((pktype = sshkey_type_from_name(pkalg)) == KEY_UNSPEC) { |
debug("%s: server sent unknown pkalg %s", __func__, pkalg); |
debug("unknown pkalg %s", pkalg); |
goto done; |
goto done; |
} |
} |
if ((r = sshkey_from_blob(pkblob, blen, &key)) != 0) { |
if ((r = sshkey_from_blob(pkblob, blen, &key)) != 0) { |
|
|
key->type, pktype); |
key->type, pktype); |
goto done; |
goto done; |
} |
} |
|
if ((fp = sshkey_fingerprint(key, options.fingerprint_hash, |
|
SSH_FP_DEFAULT)) == NULL) |
|
goto done; |
|
debug2("input_userauth_pk_ok: fp %s", fp); |
|
free(fp); |
|
|
/* |
/* |
* search keys in the reverse order, because last candidate has been |
* search keys in the reverse order, because last candidate has been |
|
|
*/ |
*/ |
TAILQ_FOREACH_REVERSE(id, &authctxt->keys, idlist, next) { |
TAILQ_FOREACH_REVERSE(id, &authctxt->keys, idlist, next) { |
if (sshkey_equal(key, id->key)) { |
if (sshkey_equal(key, id->key)) { |
found = 1; |
sent = sign_and_send_pubkey(ssh, authctxt, id); |
break; |
break; |
} |
} |
} |
} |
if (!found || id == NULL) { |
|
fp = sshkey_fingerprint(key, options.fingerprint_hash, |
|
SSH_FP_DEFAULT); |
|
error("%s: server replied with unknown key: %s %s", __func__, |
|
sshkey_type(key), fp == NULL ? "<ERROR>" : fp); |
|
goto done; |
|
} |
|
ident = format_identity(id); |
|
debug("Server accepts key: %s", ident); |
|
sent = sign_and_send_pubkey(ssh, authctxt, id); |
|
r = 0; |
r = 0; |
done: |
done: |
sshkey_free(key); |
sshkey_free(key); |
free(ident); |
|
free(fp); |
|
free(pkalg); |
free(pkalg); |
free(pkblob); |
free(pkblob); |
|
|
|
|
int agent_fd = -1, i, r, found; |
int agent_fd = -1, i, r, found; |
size_t j; |
size_t j; |
struct ssh_identitylist *idlist; |
struct ssh_identitylist *idlist; |
char *ident; |
|
|
|
TAILQ_INIT(&agent); /* keys from the agent */ |
TAILQ_INIT(&agent); /* keys from the agent */ |
TAILQ_INIT(&files); /* keys from the config file */ |
TAILQ_INIT(&files); /* keys from the config file */ |
|
|
memset(id, 0, sizeof(*id)); |
memset(id, 0, sizeof(*id)); |
continue; |
continue; |
} |
} |
ident = format_identity(id); |
debug2("key: %s (%p)%s%s", id->filename, id->key, |
debug("Will attempt key: %s", ident); |
id->userprovided ? ", explicit" : "", |
free(ident); |
id->agent_fd != -1 ? ", agent" : ""); |
} |
} |
debug2("%s: done", __func__); |
|
} |
} |
|
|
static void |
static void |
|
|
struct ssh *ssh = active_state; /* XXX */ |
struct ssh *ssh = active_state; /* XXX */ |
Identity *id; |
Identity *id; |
int sent = 0; |
int sent = 0; |
char *ident; |
char *fp; |
|
|
while ((id = TAILQ_FIRST(&authctxt->keys))) { |
while ((id = TAILQ_FIRST(&authctxt->keys))) { |
if (id->tried++) |
if (id->tried++) |
|
|
*/ |
*/ |
if (id->key != NULL) { |
if (id->key != NULL) { |
if (try_identity(id)) { |
if (try_identity(id)) { |
ident = format_identity(id); |
if ((fp = sshkey_fingerprint(id->key, |
debug("Offering public key: %s", ident); |
options.fingerprint_hash, |
free(ident); |
SSH_FP_DEFAULT)) == NULL) { |
|
error("%s: sshkey_fingerprint failed", |
|
__func__); |
|
return 0; |
|
} |
|
debug("Offering public key: %s %s %s", |
|
sshkey_type(id->key), fp, id->filename); |
|
free(fp); |
sent = send_pubkey_test(ssh, authctxt, id); |
sent = send_pubkey_test(ssh, authctxt, id); |
} |
} |
} else { |
} else { |