105
107
if (session->userauth_list_state == libssh2_NB_state_created) {
106
108
rc = _libssh2_transport_write(session, session->userauth_list_data,
107
session->userauth_list_data_len);
109
session->userauth_list_data_len);
108
110
if (rc == PACKET_EAGAIN) {
109
111
libssh2_error(session, LIBSSH2_ERROR_EAGAIN,
110
112
"Would block requesting userauth list", 0);
155
157
memmove(session->userauth_list_data, session->userauth_list_data + 5,
157
159
session->userauth_list_data[methods_len] = '\0';
158
_libssh2_debug(session, LIBSSH2_DBG_AUTH, "Permitted auth methods: %s",
160
_libssh2_debug(session, LIBSSH2_TRACE_AUTH, "Permitted auth methods: %s",
159
161
session->userauth_list_data);
303
305
if (session->userauth_pswd_data[0] == SSH_MSG_USERAUTH_SUCCESS) {
304
_libssh2_debug(session, LIBSSH2_DBG_AUTH,
306
_libssh2_debug(session, LIBSSH2_TRACE_AUTH,
305
307
"Password authentication successful");
306
308
LIBSSH2_FREE(session, session->userauth_pswd_data);
307
309
session->userauth_pswd_data = NULL;
308
310
session->state |= LIBSSH2_STATE_AUTHENTICATED;
309
311
session->userauth_pswd_state = libssh2_NB_state_idle;
313
} else if (session->userauth_pswd_data[0] == SSH_MSG_USERAUTH_FAILURE) {
314
_libssh2_debug(session, LIBSSH2_TRACE_AUTH,
315
"Password authentication failed");
316
LIBSSH2_FREE(session, session->userauth_pswd_data);
317
session->userauth_pswd_data = NULL;
318
session->userauth_pswd_state = libssh2_NB_state_idle;
319
libssh2_error(session,
320
LIBSSH2_ERROR_AUTHENTICATION_FAILED,
321
"Authentication failed (username/password)",
313
326
session->userauth_pswd_newpw = NULL;
325
338
if ((session->userauth_pswd_state == libssh2_NB_state_sent1) ||
326
339
(session->userauth_pswd_state == libssh2_NB_state_sent2)) {
327
340
if (session->userauth_pswd_state == libssh2_NB_state_sent1) {
328
_libssh2_debug(session, LIBSSH2_DBG_AUTH,
341
_libssh2_debug(session, LIBSSH2_TRACE_AUTH,
329
342
"Password change required");
330
343
LIBSSH2_FREE(session, session->userauth_pswd_data);
331
344
session->userauth_pswd_data = NULL;
542
558
LIBSSH2_FREE(session, pubkey);
545
/* Wasting some bytes here (okay, more than some),
546
* but since it's likely to be freed soon anyway,
547
* we'll just avoid the extra free/alloc and call it a wash */
549
*method_len = sp1 - pubkey;
553
if ((sp2 = memchr(sp1, ' ', pubkey_len - *method_len)) == NULL) {
564
if ((sp2 = memchr(sp1, ' ', pubkey_len - (sp1 - pubkey - 1))) == NULL) {
554
565
/* Assume that the id string is missing, but that it's okay */
555
566
sp2 = pubkey + pubkey_len;
634
struct privkey_file {
635
const char *filename;
636
const char *passphrase;
640
sign_fromfile(LIBSSH2_SESSION *session, unsigned char **sig, size_t *sig_len,
641
const unsigned char *data, size_t data_len, void **abstract)
643
struct privkey_file *privkey_file = (struct privkey_file *) (*abstract);
644
const LIBSSH2_HOSTKEY_METHOD *privkeyobj;
645
void *hostkey_abstract;
646
struct iovec datavec;
648
if (file_read_privatekey(session, &privkeyobj, &hostkey_abstract,
649
session->userauth_pblc_method,
650
session->userauth_pblc_method_len,
651
privkey_file->filename,
652
privkey_file->passphrase)) {
656
datavec.iov_base = (unsigned char *)data;
657
datavec.iov_len = data_len;
659
if (privkeyobj->signv(session, sig, (unsigned long *)sig_len, 1, &datavec,
660
&hostkey_abstract)) {
661
if (privkeyobj->dtor) {
662
privkeyobj->dtor(session, abstract);
667
if (privkeyobj->dtor) {
668
privkeyobj->dtor(session, &hostkey_abstract);
618
675
/* userauth_hostbased_fromfile
889
* userauth_publickey_fromfile
890
* Authenticate using a keypair found in the named files
893
userauth_publickey_fromfile(LIBSSH2_SESSION *session,
894
const char *username,
895
unsigned int username_len,
896
const char *publickey,
897
const char *privatekey,
898
const char *passphrase)
946
userauth_publickey(LIBSSH2_SESSION *session,
947
const char *username,
948
unsigned int username_len,
949
const unsigned char *pubkeydata,
950
unsigned long pubkeydata_len,
951
LIBSSH2_USERAUTH_PUBLICKEY_SIGN_FUNC((*sign_callback)),
900
unsigned long pubkeydata_len = 0;
901
954
unsigned char reply_codes[4] =
902
955
{ SSH_MSG_USERAUTH_SUCCESS, SSH_MSG_USERAUTH_FAILURE,
903
SSH_MSG_USERAUTH_PK_OK, 0
956
SSH_MSG_USERAUTH_PK_OK, 0
907
960
if (session->userauth_pblc_state == libssh2_NB_state_idle) {
908
unsigned char *pubkeydata;
910
961
/* Zero the whole thing out */
911
962
memset(&session->userauth_pblc_packet_requirev_state, 0,
912
963
sizeof(session->userauth_pblc_packet_requirev_state));
914
if (file_read_publickey(session, &session->userauth_pblc_method,
915
&session->userauth_pblc_method_len,
916
&pubkeydata, &pubkeydata_len,publickey)) {
966
* As an optimisation, userauth_publickey_fromfile reuses a
967
* previously allocated copy of the method name to avoid an extra
969
* For other uses, we allocate and populate it here.
971
if (!session->userauth_pblc_method) {
972
session->userauth_pblc_method_len = _libssh2_ntohu32(pubkeydata);
973
session->userauth_pblc_method =
974
LIBSSH2_ALLOC(session, session->userauth_pblc_method_len);
975
if (!session->userauth_pblc_method) {
976
libssh2_error(session, LIBSSH2_ERROR_ALLOC,
977
"Unable to allocate memory for public key "
981
memcpy(session->userauth_pblc_method, pubkeydata + 4,
982
session->userauth_pblc_method_len);
984
assert( /* preallocated method len should match what we expect */
985
session->userauth_pblc_method_len == _libssh2_ntohu32(pubkeydata));
921
988
* 45 = packet_type(1) + username_len(4) + servicename_len(4) +
975
1041
session->userauth_pblc_s += 4;
976
1042
memcpy(session->userauth_pblc_s, pubkeydata, pubkeydata_len);
977
1043
session->userauth_pblc_s += pubkeydata_len;
978
LIBSSH2_FREE(session, pubkeydata);
980
_libssh2_debug(session, LIBSSH2_DBG_AUTH,
1045
_libssh2_debug(session, LIBSSH2_TRACE_AUTH,
981
1046
"Attempting publickey authentication");
983
1048
session->userauth_pblc_state = libssh2_NB_state_created;
1053
1111
session->userauth_pblc_packet = NULL;
1054
1112
LIBSSH2_FREE(session, session->userauth_pblc_method);
1055
1113
session->userauth_pblc_method = NULL;
1056
libssh2_error(session, LIBSSH2_ERROR_PUBLICKEY_UNRECOGNIZED,
1114
libssh2_error(session, LIBSSH2_ERROR_AUTHENTICATION_FAILED,
1057
1115
"Username/PublicKey combination invalid", 0);
1058
1116
session->userauth_pblc_state = libssh2_NB_state_idle;
1063
1121
LIBSSH2_FREE(session, session->userauth_pblc_data);
1064
1122
session->userauth_pblc_data = NULL;
1066
if (file_read_privatekey(session, &privkeyobj, &abstract,
1067
session->userauth_pblc_method,
1068
session->userauth_pblc_method_len,
1069
privatekey, passphrase)) {
1070
LIBSSH2_FREE(session, session->userauth_pblc_method);
1071
session->userauth_pblc_method = NULL;
1072
LIBSSH2_FREE(session, session->userauth_pblc_packet);
1073
session->userauth_pblc_packet = NULL;
1074
session->userauth_pblc_state = libssh2_NB_state_idle;
1078
1124
*session->userauth_pblc_b = 0x01;
1080
_libssh2_htonu32(buf, session->session_id_len);
1081
datavec[0].iov_base = buf;
1082
datavec[0].iov_len = 4;
1083
datavec[1].iov_base = session->session_id;
1084
datavec[1].iov_len = session->session_id_len;
1085
datavec[2].iov_base = session->userauth_pblc_packet;
1086
datavec[2].iov_len = session->userauth_pblc_packet_len;
1088
if (privkeyobj->signv(session, &sig, &sig_len, 3, datavec, &abstract)) {
1125
session->userauth_pblc_state = libssh2_NB_state_sent1;
1128
if (session->userauth_pblc_state == libssh2_NB_state_sent1) {
1129
unsigned char *buf, *s;
1133
s = buf = LIBSSH2_ALLOC(session, 4 + session->session_id_len
1134
+ session->userauth_pblc_packet_len);
1136
libssh2_error(session, LIBSSH2_ERROR_ALLOC,
1137
"Unable to allocate memory for userauth-publickey "
1142
_libssh2_htonu32(s, session->session_id_len);
1144
memcpy (s, session->session_id, session->session_id_len);
1145
s += session->session_id_len;
1146
memcpy (s, session->userauth_pblc_packet,
1147
session->userauth_pblc_packet_len);
1148
s += session->userauth_pblc_packet_len;
1150
rc = sign_callback(session, &sig, &sig_len, buf, s - buf, abstract);
1151
LIBSSH2_FREE(session, buf);
1152
if (rc == PACKET_EAGAIN) {
1089
1155
LIBSSH2_FREE(session, session->userauth_pblc_method);
1090
1156
session->userauth_pblc_method = NULL;
1091
1157
LIBSSH2_FREE(session, session->userauth_pblc_packet);
1092
1158
session->userauth_pblc_packet = NULL;
1093
if (privkeyobj->dtor) {
1094
privkeyobj->dtor(session, &abstract);
1096
1159
session->userauth_pblc_state = libssh2_NB_state_idle;
1100
if (privkeyobj->dtor) {
1101
privkeyobj->dtor(session, &abstract);
1105
1164
* If this function was restarted, pubkeydata_len might still be 0
1106
1165
* which will cause an unnecessary but harmless realloc here.
1152
1211
session->userauth_pblc_s += sig_len;
1153
1212
LIBSSH2_FREE(session, sig);
1155
_libssh2_debug(session, LIBSSH2_DBG_AUTH,
1214
_libssh2_debug(session, LIBSSH2_TRACE_AUTH,
1156
1215
"Attempting publickey authentication -- phase 2");
1158
session->userauth_pblc_state = libssh2_NB_state_sent1;
1217
session->userauth_pblc_state = libssh2_NB_state_sent2;
1161
if (session->userauth_pblc_state == libssh2_NB_state_sent1) {
1220
if (session->userauth_pblc_state == libssh2_NB_state_sent2) {
1162
1221
rc = _libssh2_transport_write(session, session->userauth_pblc_packet,
1163
1222
session->userauth_pblc_s -
1164
1223
session->userauth_pblc_packet);
1277
* userauth_publickey_fromfile
1278
* Authenticate using a keypair found in the named files
1281
userauth_publickey_fromfile(LIBSSH2_SESSION *session,
1282
const char *username,
1283
unsigned int username_len,
1284
const char *publickey,
1285
const char *privatekey,
1286
const char *passphrase)
1288
unsigned char *pubkeydata = NULL;
1289
unsigned long pubkeydata_len = 0;
1290
struct privkey_file privkey_file;
1291
void *abstract = &privkey_file;
1294
privkey_file.filename = privatekey;
1295
privkey_file.passphrase = passphrase;
1297
if (session->userauth_pblc_state == libssh2_NB_state_idle) {
1298
if (file_read_publickey(session, &session->userauth_pblc_method,
1299
&session->userauth_pblc_method_len,
1300
&pubkeydata, &pubkeydata_len, publickey)) {
1305
rc = userauth_publickey(session, username, username_len,
1306
pubkeydata, pubkeydata_len,
1307
sign_fromfile, &abstract);
1309
LIBSSH2_FREE(session, pubkeydata);
1217
1314
/* libssh2_userauth_publickey_fromfile_ex
1218
1315
* Authenticate using a keypair found in the named files
1333
/* libssh2_userauth_publickey_ex
1334
* Authenticate using an external callback function
1337
libssh2_userauth_publickey(LIBSSH2_SESSION *session,
1339
const unsigned char *pubkeydata,
1340
size_t pubkeydata_len,
1341
LIBSSH2_USERAUTH_PUBLICKEY_SIGN_FUNC((*sign_callback)),
1345
BLOCK_ADJUST(rc, session,
1346
userauth_publickey(session, user, strlen(user),
1347
pubkeydata, pubkeydata_len,
1348
sign_callback, abstract));
1369
1486
if (session->userauth_kybd_data[0] == SSH_MSG_USERAUTH_FAILURE) {
1487
_libssh2_debug(session, LIBSSH2_TRACE_AUTH,
1488
"Keyboard-interactive authentication failed");
1370
1489
LIBSSH2_FREE(session, session->userauth_kybd_data);
1371
1490
session->userauth_kybd_data = NULL;
1372
1491
session->userauth_kybd_state = libssh2_NB_state_idle;
1492
libssh2_error(session,
1493
LIBSSH2_ERROR_AUTHENTICATION_FAILED,
1494
"Authentication failed (keyboard-interactive)",