diff options
author | Aris Adamantiadis <aris@0xbadc0de.be> | 2014-04-10 17:46:10 +0200 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2014-08-06 09:20:49 +0200 |
commit | 1f2c61d6add01c4671ba8a638471d7e0b7a77c13 (patch) | |
tree | f8188a734f70872f83cf08c8932b7b4018de8562 /src/auth.c | |
parent | 1d97f75b0aa3f47a0dc9589af30570103b35c490 (diff) | |
download | libssh-1f2c61d6add01c4671ba8a638471d7e0b7a77c13.tar.gz libssh-1f2c61d6add01c4671ba8a638471d7e0b7a77c13.tar.xz libssh-1f2c61d6add01c4671ba8a638471d7e0b7a77c13.zip |
buffer: adapt auth.c to ssh_buffer_(un)pack()
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Diffstat (limited to 'src/auth.c')
-rw-r--r-- | src/auth.c | 542 |
1 files changed, 91 insertions, 451 deletions
@@ -182,25 +182,19 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_banner){ */ SSH_PACKET_CALLBACK(ssh_packet_userauth_failure){ char *auth_methods = NULL; - ssh_string auth; uint8_t partial = 0; + int rc; (void) type; (void) user; - auth = buffer_get_ssh_string(packet); - if (auth == NULL || buffer_get_u8(packet, &partial) != 1) { + rc = ssh_buffer_unpack(packet, "sb", &auth_methods, &partial); + if (rc != SSH_OK) { ssh_set_error(session, SSH_FATAL, "Invalid SSH_MSG_USERAUTH_FAILURE message"); session->auth_state=SSH_AUTH_STATE_ERROR; goto end; } - auth_methods = ssh_string_to_char(auth); - if (auth_methods == NULL) { - ssh_set_error_oom(session); - goto end; - } - if (partial) { session->auth_state=SSH_AUTH_STATE_PARTIAL; SSH_LOG(SSH_LOG_INFO, @@ -234,7 +228,6 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_failure){ } end: - ssh_string_free(auth); SAFE_FREE(auth_methods); return SSH_PACKET_USED; @@ -359,7 +352,6 @@ int ssh_userauth_list(ssh_session session, const char *username) * before you connect to the server. */ int ssh_userauth_none(ssh_session session, const char *username) { - ssh_string str; int rc; #ifdef WITH_SSH1 @@ -387,47 +379,12 @@ int ssh_userauth_none(ssh_session session, const char *username) { } /* request */ - rc = buffer_add_u8(session->out_buffer, SSH2_MSG_USERAUTH_REQUEST); - if (rc < 0) { - goto fail; - } - - /* username */ - if (username) { - str = ssh_string_from_char(username); - } else { - str = ssh_string_from_char(session->opts.username); - } - if (str == NULL) { - goto fail; - } - - rc = buffer_add_ssh_string(session->out_buffer, str); - ssh_string_free(str); - if (rc < 0) { - goto fail; - } - - /* service */ - str = ssh_string_from_char("ssh-connection"); - if (str == NULL) { - goto fail; - } - - rc = buffer_add_ssh_string(session->out_buffer, str); - ssh_string_free(str); - if (rc < 0) { - goto fail; - } - - /* method */ - str = ssh_string_from_char("none"); - if (str == NULL) { - goto fail; - } - - rc = buffer_add_ssh_string(session->out_buffer, str); - ssh_string_free(str); + rc = ssh_buffer_pack(session->out_buffer, "bsss", + SSH2_MSG_USERAUTH_REQUEST, + username ? username : session->opts.username, + "ssh-connection", + "none" + ); if (rc < 0) { goto fail; } @@ -485,7 +442,7 @@ int ssh_userauth_try_publickey(ssh_session session, const char *username, const ssh_key pubkey) { - ssh_string str; + ssh_string pubkey_s = NULL; int rc; if (session == NULL) { @@ -522,82 +479,28 @@ int ssh_userauth_try_publickey(ssh_session session, return SSH_AUTH_ERROR; } - /* request */ - rc = buffer_add_u8(session->out_buffer, SSH2_MSG_USERAUTH_REQUEST); - if (rc < 0) { - goto fail; - } - - /* username */ - if (username) { - str = ssh_string_from_char(username); - } else { - str = ssh_string_from_char(session->opts.username); - } - if (str == NULL) { - goto fail; - } - - rc = buffer_add_ssh_string(session->out_buffer, str); - ssh_string_free(str); - if (rc < 0) { - goto fail; - } - - /* service */ - str = ssh_string_from_char("ssh-connection"); - if (str == NULL) { - goto fail; - } - - rc = buffer_add_ssh_string(session->out_buffer, str); - ssh_string_free(str); - if (rc < 0) { - goto fail; - } - - /* method */ - str = ssh_string_from_char("publickey"); - if (str == NULL) { - goto fail; - } - - rc = buffer_add_ssh_string(session->out_buffer, str); - ssh_string_free(str); - if (rc < 0) { - goto fail; - } - - /* private key? */ - rc = buffer_add_u8(session->out_buffer, 0); - if (rc < 0) { - goto fail; - } - - /* algo */ - str = ssh_string_from_char(pubkey->type_c); - if (str == NULL) { - goto fail; - } - - rc = buffer_add_ssh_string(session->out_buffer, str); - ssh_string_free(str); - if (rc < 0) { - goto fail; - } - /* public key */ - rc = ssh_pki_export_pubkey_blob(pubkey, &str); + rc = ssh_pki_export_pubkey_blob(pubkey, &pubkey_s); if (rc < 0) { goto fail; } - rc = buffer_add_ssh_string(session->out_buffer, str); - ssh_string_free(str); + /* request */ + rc = ssh_buffer_pack(session->out_buffer, "bsssbsS", + SSH2_MSG_USERAUTH_REQUEST, + username ? username : session->opts.username, + "ssh-connection", + "publickey", + 0, /* private key ? */ + pubkey->type_c, /* algo */ + pubkey_s /* public key */ + ); if (rc < 0) { goto fail; } + ssh_string_free(pubkey_s); + session->auth_state = SSH_AUTH_STATE_NONE; session->pending_call_state = SSH_PENDING_CALL_AUTH_OFFER_PUBKEY; rc = packet_send(session); @@ -613,6 +516,7 @@ pending: return rc; fail: + ssh_string_free(pubkey_s); ssh_set_error_oom(session); ssh_buffer_reinit(session->out_buffer); @@ -647,7 +551,7 @@ int ssh_userauth_publickey(ssh_session session, const char *username, const ssh_key privkey) { - ssh_string str; + ssh_string str = NULL; int rc; if (session == NULL) { @@ -684,81 +588,26 @@ int ssh_userauth_publickey(ssh_session session, return SSH_AUTH_ERROR; } - /* request */ - rc = buffer_add_u8(session->out_buffer, SSH2_MSG_USERAUTH_REQUEST); - if (rc < 0) { - goto fail; - } - - /* username */ - if (username) { - str = ssh_string_from_char(username); - } else { - str = ssh_string_from_char(session->opts.username); - } - if (str == NULL) { - goto fail; - } - - rc = buffer_add_ssh_string(session->out_buffer, str); - ssh_string_free(str); - if (rc < 0) { - goto fail; - } - - /* service */ - str = ssh_string_from_char("ssh-connection"); - if (str == NULL) { - goto fail; - } - - rc = buffer_add_ssh_string(session->out_buffer, str); - ssh_string_free(str); - if (rc < 0) { - goto fail; - } - - /* method */ - str = ssh_string_from_char("publickey"); - if (str == NULL) { - goto fail; - } - - rc = buffer_add_ssh_string(session->out_buffer, str); - ssh_string_free(str); - if (rc < 0) { - goto fail; - } - - /* private key? */ - rc = buffer_add_u8(session->out_buffer, 1); - if (rc < 0) { - goto fail; - } - - /* algo */ - str = ssh_string_from_char(privkey->type_c); - if (str == NULL) { - goto fail; - } - - rc = buffer_add_ssh_string(session->out_buffer, str); - ssh_string_free(str); - if (rc < 0) { - goto fail; - } - /* public key */ rc = ssh_pki_export_pubkey_blob(privkey, &str); if (rc < 0) { goto fail; } - rc = buffer_add_ssh_string(session->out_buffer, str); - ssh_string_free(str); + /* request */ + rc = ssh_buffer_pack(session->out_buffer, "bsssbsS", + SSH2_MSG_USERAUTH_REQUEST, + username ? username : session->opts.username, + "ssh-connection", + "publickey", + 1, /* private key */ + privkey->type_c, /* algo */ + str /* public key */ + ); if (rc < 0) { goto fail; } + ssh_string_free(str); /* sign the buffer with the private key */ str = ssh_pki_do_sign(session, session->out_buffer, privkey); @@ -768,6 +617,7 @@ int ssh_userauth_publickey(ssh_session session, rc = buffer_add_ssh_string(session->out_buffer, str); ssh_string_free(str); + str = NULL; if (rc < 0) { goto fail; } @@ -787,6 +637,7 @@ pending: return rc; fail: + ssh_string_free(str); ssh_set_error_oom(session); ssh_buffer_reinit(session->out_buffer); @@ -820,69 +671,6 @@ static int ssh_userauth_agent_publickey(ssh_session session, return SSH_AUTH_ERROR; } - /* request */ - rc = buffer_add_u8(session->out_buffer, SSH2_MSG_USERAUTH_REQUEST); - if (rc < 0) { - goto fail; - } - - /* username */ - if (username) { - str = ssh_string_from_char(username); - } else { - str = ssh_string_from_char(session->opts.username); - } - if (str == NULL) { - goto fail; - } - - rc = buffer_add_ssh_string(session->out_buffer, str); - ssh_string_free(str); - if (rc < 0) { - goto fail; - } - - /* service */ - str = ssh_string_from_char("ssh-connection"); - if (str == NULL) { - goto fail; - } - - rc = buffer_add_ssh_string(session->out_buffer, str); - ssh_string_free(str); - if (rc < 0) { - goto fail; - } - - /* method */ - str = ssh_string_from_char("publickey"); - if (str == NULL) { - goto fail; - } - - rc = buffer_add_ssh_string(session->out_buffer, str); - ssh_string_free(str); - if (rc < 0) { - goto fail; - } - - /* private key? */ - rc = buffer_add_u8(session->out_buffer, 1); - if (rc < 0) { - goto fail; - } - - /* algo */ - str = ssh_string_from_char(pubkey->type_c); - if (str == NULL) { - goto fail; - } - - rc = buffer_add_ssh_string(session->out_buffer, str); - ssh_string_free(str); - if (rc < 0) { - goto fail; - } /* public key */ rc = ssh_pki_export_pubkey_blob(pubkey, &str); @@ -890,12 +678,22 @@ static int ssh_userauth_agent_publickey(ssh_session session, goto fail; } - rc = buffer_add_ssh_string(session->out_buffer, str); - ssh_string_free(str); + /* request */ + rc = ssh_buffer_pack(session->out_buffer, "bsssbsS", + SSH2_MSG_USERAUTH_REQUEST, + username ? username : session->opts.username, + "ssh-connection", + "publickey", + 1, /* private key */ + pubkey->type_c, /* algo */ + str /* public key */ + ); if (rc < 0) { goto fail; } + ssh_string_free(str); + /* sign the buffer with the private key */ str = ssh_pki_do_sign_agent(session, session->out_buffer, pubkey); if (str == NULL) { @@ -1306,7 +1104,6 @@ int ssh_userauth_publickey_auto(ssh_session session, int ssh_userauth_password(ssh_session session, const char *username, const char *password) { - ssh_string str; int rc; #ifdef WITH_SSH1 @@ -1336,65 +1133,14 @@ int ssh_userauth_password(ssh_session session, } /* request */ - rc = buffer_add_u8(session->out_buffer, SSH2_MSG_USERAUTH_REQUEST); - if (rc < 0) { - goto fail; - } - - /* username */ - if (username) { - str = ssh_string_from_char(username); - } else { - str = ssh_string_from_char(session->opts.username); - } - if (str == NULL) { - goto fail; - } - - rc = buffer_add_ssh_string(session->out_buffer, str); - ssh_string_free(str); - if (rc < 0) { - goto fail; - } - - /* service */ - str = ssh_string_from_char("ssh-connection"); - if (str == NULL) { - goto fail; - } - - rc = buffer_add_ssh_string(session->out_buffer, str); - ssh_string_free(str); - if (rc < 0) { - goto fail; - } - - /* method */ - str = ssh_string_from_char("password"); - if (str == NULL) { - goto fail; - } - - rc = buffer_add_ssh_string(session->out_buffer, str); - ssh_string_free(str); - if (rc < 0) { - goto fail; - } - - /* FALSE */ - rc = buffer_add_u8(session->out_buffer, 0); - if (rc < 0) { - goto fail; - } - - /* password */ - str = ssh_string_from_char(password); - if (str == NULL) { - goto fail; - } - - rc = buffer_add_ssh_string(session->out_buffer, str); - ssh_string_free(str); + rc = ssh_buffer_pack(session->out_buffer, "bsssbs", + SSH2_MSG_USERAUTH_REQUEST, + username ? username : session->opts.username, + "ssh-connection", + "password", + 0, /* false */ + password + ); if (rc < 0) { goto fail; } @@ -1536,7 +1282,6 @@ static int ssh_userauth_kbdint_init(ssh_session session, const char *username, const char *submethods) { - ssh_string str; int rc; if (session->pending_call_state == SSH_PENDING_CALL_AUTH_KBDINT_INIT) goto pending; @@ -1552,78 +1297,18 @@ static int ssh_userauth_kbdint_init(ssh_session session, } /* request */ - rc = buffer_add_u8(session->out_buffer, SSH2_MSG_USERAUTH_REQUEST); - if (rc < 0) { - goto fail; - } - - /* username */ - if (username) { - str = ssh_string_from_char(username); - } else { - str = ssh_string_from_char(session->opts.username); - } - if (str == NULL) { - goto fail; - } - - rc = buffer_add_ssh_string(session->out_buffer, str); - ssh_string_free(str); - if (rc < 0) { - goto fail; - } - - /* service */ - str = ssh_string_from_char("ssh-connection"); - if (str == NULL) { - goto fail; - } - - rc = buffer_add_ssh_string(session->out_buffer, str); - ssh_string_free(str); + rc = ssh_buffer_pack(session->out_buffer, "bsssss", + SSH2_MSG_USERAUTH_REQUEST, + username ? username : session->opts.username, + "ssh-connection", + "keyboard-interactive", + "", /* lang (ignore it) */ + submethods ? submethods : "" + ); if (rc < 0) { goto fail; } - /* method */ - str = ssh_string_from_char("keyboard-interactive"); - if (str == NULL) { - goto fail; - } - - rc = buffer_add_ssh_string(session->out_buffer, str); - ssh_string_free(str); - if (rc < 0) { - goto fail; - } - - /* lang string (ignore it) */ - str = ssh_string_from_char(""); - if (str == NULL) { - goto fail; - } - - rc = buffer_add_ssh_string(session->out_buffer, str); - ssh_string_free(str); - if (rc < 0) { - goto fail; - } - - /* submethods */ - if (submethods == NULL) { - submethods = ""; - } - - str = ssh_string_from_char(submethods); - if (str == NULL) { - goto fail; - } - - rc = buffer_add_ssh_string(session->out_buffer, str); - ssh_string_free(str); - if (rc < 0) { - goto fail; - } session->auth_state = SSH_AUTH_STATE_KBDINT_SENT; session->pending_call_state = SSH_PENDING_CALL_AUTH_KBDINT_INIT; @@ -1660,7 +1345,6 @@ fail: */ static int ssh_userauth_kbdint_send(ssh_session session) { - ssh_string answer; uint32_t i; int rc; if (session->pending_call_state == SSH_PENDING_CALL_AUTH_KBDINT_SEND) @@ -1669,29 +1353,17 @@ static int ssh_userauth_kbdint_send(ssh_session session) ssh_set_error_invalid(session); return SSH_ERROR; } - rc = buffer_add_u8(session->out_buffer, SSH2_MSG_USERAUTH_INFO_RESPONSE); - if (rc < 0) { - goto fail; - } - - rc = buffer_add_u32(session->out_buffer, htonl(session->kbdint->nprompts)); + rc = ssh_buffer_pack(session->out_buffer, "bd", + SSH2_MSG_USERAUTH_INFO_RESPONSE, + session->kbdint->nprompts); if (rc < 0) { goto fail; } for (i = 0; i < session->kbdint->nprompts; i++) { - if (session->kbdint->answers && session->kbdint->answers[i]) { - answer = ssh_string_from_char(session->kbdint->answers[i]); - } else { - answer = ssh_string_from_char(""); - } - if (answer == NULL) { - goto fail; - } - - rc = buffer_add_ssh_string(session->out_buffer, answer); - ssh_string_burn(answer); - ssh_string_free(answer); + rc = ssh_buffer_pack(session->out_buffer, "s", + session->kbdint->answers && session->kbdint->answers[i] ? + session->kbdint->answers[i]:""); if (rc < 0) { goto fail; } @@ -1728,64 +1400,41 @@ fail: * authentication state. */ SSH_PACKET_CALLBACK(ssh_packet_userauth_info_request) { - ssh_string name; /* name of the "asking" window showed to client */ - ssh_string instruction; - ssh_string tmp; + ssh_string tmp = NULL; uint32_t nprompts; uint32_t i; + int rc; (void)user; (void)type; - name = buffer_get_ssh_string(packet); - instruction = buffer_get_ssh_string(packet); - tmp = buffer_get_ssh_string(packet); - buffer_get_u32(packet, &nprompts); - - /* We don't care about tmp */ - ssh_string_free(tmp); - - if (name == NULL || instruction == NULL) { - ssh_string_free(name); - ssh_string_free(instruction); - ssh_set_error(session, SSH_FATAL, "Invalid USERAUTH_INFO_REQUEST msg"); - - return SSH_PACKET_USED; - } if (session->kbdint == NULL) { session->kbdint = ssh_kbdint_new(); if (session->kbdint == NULL) { ssh_set_error_oom(session); - ssh_string_free(name); - ssh_string_free(instruction); - return SSH_PACKET_USED; } } else { ssh_kbdint_clean(session->kbdint); } - session->kbdint->name = ssh_string_to_char(name); - ssh_string_free(name); - if (session->kbdint->name == NULL) { - ssh_set_error_oom(session); - ssh_kbdint_free(session->kbdint); - ssh_string_free(instruction); - - return SSH_PACKET_USED; - } + rc = ssh_buffer_unpack(packet, "ssSd", + &session->kbdint->name, /* name of the "asking" window shown to client */ + &session->kbdint->instruction, + &tmp, /* to ignore */ + &nprompts + ); - session->kbdint->instruction = ssh_string_to_char(instruction); - ssh_string_free(instruction); - if (session->kbdint->instruction == NULL) { - ssh_set_error_oom(session); - ssh_kbdint_free(session->kbdint); - session->kbdint = NULL; + /* We don't care about tmp */ + ssh_string_free(tmp); - return SSH_PACKET_USED; + if (rc != SSH_OK) { + ssh_set_error(session, SSH_FATAL, "Invalid USERAUTH_INFO_REQUEST msg"); + ssh_kbdint_free(session->kbdint); + session->kbdint = NULL; + return SSH_PACKET_USED; } - nprompts = ntohl(nprompts); SSH_LOG(SSH_LOG_DEBUG, "%d keyboard-interactive prompts", nprompts); if (nprompts > KBDINT_MAX_PROMPT) { @@ -1823,25 +1472,16 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_info_request) { memset(session->kbdint->echo, 0, nprompts); for (i = 0; i < nprompts; i++) { - tmp = buffer_get_ssh_string(packet); - buffer_get_u8(packet, &session->kbdint->echo[i]); - if (tmp == NULL) { + rc = ssh_buffer_unpack(packet, "sb", + &session->kbdint->prompts[i], + &session->kbdint->echo[i]); + if (rc == SSH_ERROR) { ssh_set_error(session, SSH_FATAL, "Short INFO_REQUEST packet"); ssh_kbdint_free(session->kbdint); session->kbdint = NULL; return SSH_PACKET_USED; } - session->kbdint->prompts[i] = ssh_string_to_char(tmp); - ssh_string_free(tmp); - if (session->kbdint->prompts[i] == NULL) { - ssh_set_error_oom(session); - session->kbdint->nprompts = i; - ssh_kbdint_free(session->kbdint); - session->kbdint = NULL; - - return SSH_PACKET_USED; - } } session->auth_state=SSH_AUTH_STATE_INFO; |