aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAris Adamantiadis <aris@0xbadc0de.be>2013-07-01 00:08:44 +0200
committerAndreas Schneider <asn@cryptomilk.org>2013-07-13 15:23:33 +0200
commit2ab7f2be75df1432fa7caad39ea40518ada95af3 (patch)
tree51f87fe91da8723fec775de9b1330d99f9e916af
parent47a4eea827adcd1bc1c42646827c1045c156ad4e (diff)
downloadlibssh-2ab7f2be75df1432fa7caad39ea40518ada95af3.tar.gz
libssh-2ab7f2be75df1432fa7caad39ea40518ada95af3.tar.xz
libssh-2ab7f2be75df1432fa7caad39ea40518ada95af3.zip
server: add pubkey auth callback
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
-rw-r--r--include/libssh/callbacks.h23
-rw-r--r--src/messages.c13
2 files changed, 36 insertions, 0 deletions
diff --git a/include/libssh/callbacks.h b/include/libssh/callbacks.h
index 6c031276..bc3eb79e 100644
--- a/include/libssh/callbacks.h
+++ b/include/libssh/callbacks.h
@@ -182,6 +182,22 @@ typedef int (*ssh_auth_none_callback) (ssh_session session, const char *user, vo
typedef int (*ssh_auth_gssapi_mic_callback) (ssh_session session, const char *user, const char *principal,
void *userdata);
+/**
+ * @brief SSH authentication callback.
+ * @param session Current session handler
+ * @param user User that wants to authenticate
+ * @param pubkey public key used for authentication
+ * @param signature_state SSH_PUBLICKEY_STATE_NONE if the key is not signed (simple public key probe),
+ * SSH_PUBLICKEY_STATE_VALID if the signature is valid. Others values should be
+ * replied with a SSH_AUTH_DENIED.
+ * @param userdata Userdata to be passed to the callback function.
+ * @returns SSH_AUTH_OK Authentication is accepted.
+ * @returns SSH_AUTH_PARTIAL Partial authentication, more authentication means are needed.
+ * @returns SSH_AUTH_DENIED Authentication failed.
+ */
+typedef int (*ssh_auth_pubkey_callback) (ssh_session session, const char *user, struct ssh_key_struct *pubkey,
+ char signature_state, void *userdata);
+
/**
* @brief Handles an SSH service request
@@ -247,6 +263,7 @@ typedef int (*ssh_gssapi_accept_sec_ctx_callback) (ssh_session session,
typedef int (*ssh_gssapi_verify_mic_callback) (ssh_session session,
ssh_string mic, void *mic_buffer, size_t mic_buffer_size, void *userdata);
+
/**
* This structure can be used to implement a libssh server, with appropriate callbacks.
*/
@@ -272,6 +289,12 @@ struct ssh_server_callbacks_struct {
* gssapi-mic method.
*/
ssh_auth_gssapi_mic_callback auth_gssapi_mic_function;
+
+ /** this function gets called when a client tries to authenticate or offer
+ * a public key.
+ */
+ ssh_auth_pubkey_callback auth_pubkey_function;
+
/** This functions gets called when a service request is issued by the
* client
*/
diff --git a/src/messages.c b/src/messages.c
index d1e88765..d7d06ac7 100644
--- a/src/messages.c
+++ b/src/messages.c
@@ -116,6 +116,19 @@ static int ssh_execute_server_callbacks(ssh_session session, ssh_message msg){
}
return SSH_OK;
}
+ } else if(msg->auth_request.method == SSH_AUTH_METHOD_PUBLICKEY){
+ if(ssh_callbacks_exists(session->server_callbacks, auth_pubkey_function)){
+ rc = session->server_callbacks->auth_pubkey_function(session,
+ msg->auth_request.username, msg->auth_request.pubkey,
+ msg->auth_request.signature_state,
+ session->server_callbacks->userdata);
+ if (rc == SSH_AUTH_SUCCESS || rc == SSH_AUTH_PARTIAL){
+ ssh_message_auth_reply_success(msg, rc == SSH_AUTH_PARTIAL);
+ } else {
+ ssh_message_reply_default(msg);
+ }
+ return SSH_OK;
+ }
}
break;
case SSH_REQUEST_CHANNEL_OPEN: