diff options
author | Andreas Schneider <asn@cryptomilk.org> | 2011-08-16 18:53:18 +0200 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2011-08-16 18:53:18 +0200 |
commit | 25a21088090dcb18ef6f0b12a47bd1db6b871153 (patch) | |
tree | 53ce5494c0dc3157fb445aa6f0ab4b89142553b8 /src | |
parent | 9b84464748d5d4cd67b7868a6cfba5664a169503 (diff) | |
download | libssh-25a21088090dcb18ef6f0b12a47bd1db6b871153.tar.gz libssh-25a21088090dcb18ef6f0b12a47bd1db6b871153.tar.xz libssh-25a21088090dcb18ef6f0b12a47bd1db6b871153.zip |
pki: Remove session from ssh_pki_import_privkey_* functions.
Diffstat (limited to 'src')
-rw-r--r-- | src/bind.c | 12 | ||||
-rw-r--r-- | src/legacy.c | 26 | ||||
-rw-r--r-- | src/pki.c | 140 | ||||
-rw-r--r-- | src/pki_crypto.c | 54 | ||||
-rw-r--r-- | src/pki_gcrypt.c | 36 |
5 files changed, 153 insertions, 115 deletions
@@ -172,7 +172,11 @@ int ssh_bind_listen(ssh_bind sshbind) { } if (sshbind->dsakey) { - rc = ssh_pki_import_privkey_file((ssh_session)sshbind, sshbind->dsakey, NULL, &sshbind->dsa); + rc = ssh_pki_import_privkey_file(sshbind->dsakey, + NULL, + NULL, + NULL, + &sshbind->dsa); if (rc == SSH_ERROR) { return SSH_ERROR; } @@ -184,7 +188,11 @@ int ssh_bind_listen(ssh_bind sshbind) { } if (sshbind->rsakey) { - rc = ssh_pki_import_privkey_file((ssh_session)sshbind, sshbind->rsakey, NULL, &sshbind->rsa); + rc = ssh_pki_import_privkey_file(sshbind->rsakey, + NULL, + NULL, + NULL, + &sshbind->rsa); if (rc == SSH_ERROR) { return SSH_ERROR; } diff --git a/src/legacy.c b/src/legacy.c index ac9ace14..32855577 100644 --- a/src/legacy.c +++ b/src/legacy.c @@ -27,6 +27,7 @@ #include "config.h" #include <libssh/priv.h> +#include <libssh/session.h> #include <libssh/server.h> #include <libssh/buffer.h> #include <libssh/pki.h> @@ -239,12 +240,19 @@ ssh_private_key privatekey_from_base64(ssh_session session, const char *b64_pkey, int type, const char *passphrase) { + ssh_auth_callback auth_fn = NULL; + void *auth_data = NULL; ssh_private_key privkey; ssh_key key; (void) type; /* unused */ - key = pki_private_key_from_base64(session, b64_pkey, passphrase); + if (session->common.callbacks) { + auth_fn = session->common.callbacks->auth_function; + auth_data = session->common.callbacks->userdata; + } + + key = pki_private_key_from_base64(b64_pkey, passphrase, auth_fn, auth_data); if (key == NULL) { return NULL; } @@ -266,13 +274,25 @@ ssh_private_key privatekey_from_file(ssh_session session, const char *filename, int type, const char *passphrase) { - ssh_key key; + ssh_auth_callback auth_fn = NULL; + void *auth_data = NULL; ssh_private_key privkey; + ssh_key key; int rc; (void) type; /* unused */ - rc = ssh_pki_import_privkey_file(session, filename, passphrase, &key); + if (session->common.callbacks) { + auth_fn = session->common.callbacks->auth_function; + auth_data = session->common.callbacks->userdata; + } + + + rc = ssh_pki_import_privkey_file(filename, + passphrase, + auth_fn, + auth_data, + &key); if (rc == SSH_ERROR) { return NULL; } @@ -40,17 +40,29 @@ #include <sys/types.h> #include "libssh/libssh.h" +#include "libssh/callbacks.h" #include "libssh/session.h" #include "libssh/priv.h" #include "libssh/pki.h" #include "libssh/keys.h" #include "libssh/buffer.h" +void ssh_pki_log(const char *format, ...) +{ #ifdef DEBUG_CRYPTO -#define ssh_pki_log(fmt, ...) fprintf(stderr, fmt, ##__VA_ARGS__); + char buffer[1024]; + va_list va; + + va_start(va, format); + vsnprintf(buffer, sizeof(buffer), format, va); + va_end(va); + + fprintf(stderr, "%s\n", buffer); #else -#define ssh_pki_log(fmt, ...) + (void) format; #endif + return; +} enum ssh_keytypes_e pki_privatekey_type_from_string(const char *privkey) { if (strncmp(privkey, DSA_HEADER_BEGIN, strlen(DSA_HEADER_BEGIN)) == 0) { @@ -217,16 +229,64 @@ int ssh_key_is_private(const ssh_key k) { } /** - * @brief Import a key from a file. + * @brief import a base64 formated key from a memory c-string + * + * @param[in] b64_key The c-string holding the base64 encoded key + * + * @param[in] passphrase The passphrase to decrypt the key, or NULL + * + * @param[in] auth_fn An auth function you may want to use or NULL. + * + * @param[in] auth_data Private data passed to the auth function. + * + * @param[out] pkey A pointer where the key can be stored. You need + * to free the memory. + * + * @return SSH_ERROR in case of error, SSH_OK otherwise. * - * @param[in] session The SSH Session to use. If a authentication callback is - * set, it will be used to ask for the passphrase. + * @see ssh_key_free() + */ +int ssh_pki_import_privkey_base64(const char *b64_key, + const char *passphrase, + ssh_auth_callback auth_fn, + void *auth_data, + ssh_key *pkey) +{ + ssh_key key; + + if (b64_key == NULL || pkey == NULL) { + return SSH_ERROR; + } + + if (b64_key == NULL || !*b64_key) { + return SSH_ERROR; + } + + ssh_pki_log("Trying to decode privkey passphrase=%s", + passphrase ? "true" : "false"); + + key = pki_private_key_from_base64(b64_key, passphrase, auth_fn, auth_data); + if (key == NULL) { + return SSH_ERROR; + } + + *pkey = key; + + return SSH_OK; +} + +/** + * @brief Import a key from a file. * * @param[in] filename The filename of the the private key. * * @param[in] passphrase The passphrase to decrypt the private key. Set to NULL * if none is needed or it is unknown. * + * @param[in] auth_fn An auth function you may want to use or NULL. + * + * @param[in] auth_data Private data passed to the auth function. + * * @param[out] pkey A pointer to store the ssh_key. You need to free the * key. * @@ -234,9 +294,10 @@ int ssh_key_is_private(const ssh_key k) { * * @see ssh_key_free() **/ -int ssh_pki_import_privkey_file(ssh_session session, - const char *filename, +int ssh_pki_import_privkey_file(const char *filename, const char *passphrase, + ssh_auth_callback auth_fn, + void *auth_data, ssh_key *pkey) { struct stat sb; char *key_buf; @@ -245,34 +306,28 @@ int ssh_pki_import_privkey_file(ssh_session session, off_t size; int rc; - if (session == NULL || pkey == NULL) { - return SSH_ERROR; - } - - if (filename == NULL || *filename == '\0') { + if (pkey == NULL || filename == NULL || *filename == '\0') { return SSH_ERROR; } rc = stat(filename, &sb); if (rc < 0) { - ssh_set_error(session, SSH_REQUEST_DENIED, - "Error gettint stat of %s: %s", - filename, strerror(errno)); + ssh_pki_log("Error gettint stat of %s: %s", + filename, strerror(errno)); return SSH_ERROR; } file = fopen(filename, "r"); if (file == NULL) { - ssh_set_error(session, SSH_REQUEST_DENIED, - "Error opening %s: %s", - filename, strerror(errno)); + ssh_pki_log("Error opening %s: %s", + filename, strerror(errno)); return SSH_ERROR; } key_buf = malloc(sb.st_size + 1); if (key_buf == NULL) { fclose(file); - ssh_set_error_oom(session); + ssh_pki_log("Out of memory!"); return SSH_ERROR; } @@ -281,13 +336,12 @@ int ssh_pki_import_privkey_file(ssh_session session, if (size != sb.st_size) { SAFE_FREE(key_buf); - ssh_set_error(session, SSH_FATAL, - "Error reading %s: %s", - filename, strerror(errno)); + ssh_pki_log("Error reading %s: %s", + filename, strerror(errno)); return SSH_ERROR; } - key = pki_private_key_from_base64(session, key_buf, passphrase); + key = pki_private_key_from_base64(key_buf, passphrase, auth_fn, auth_data); SAFE_FREE(key_buf); if (key == NULL) { return SSH_ERROR; @@ -335,46 +389,6 @@ ssh_private_key ssh_pki_convert_key_to_privatekey(const ssh_key key) { return privkey; } -/** - * @brief import a base64 formated key from a memory c-string - * - * @param session The ssh session - * @param b64_key The c-string holding the base64 encoded key - * @param passphrase The passphrase to decrypt the key, or NULL - * @param pkey A pointer where the key can be stored. You need - * to free the memory. - * - * @return SSH_ERROR in case of error, SSH_OK otherwise - * - * @see ssh_key_free() - */ -int ssh_pki_import_privkey_base64(ssh_session session, - const char *b64_key, - const char *passphrase, - ssh_key *pkey) { - ssh_key key; - - if (pkey == NULL || session == NULL) { - return SSH_ERROR; - } - - if (b64_key == NULL || !*b64_key) { - return SSH_ERROR; - } - - ssh_pki_log("Trying to decode privkey passphrase=%s", - passphrase ? "true" : "false"); - - key = pki_private_key_from_base64(session, b64_key, passphrase); - if (key == NULL) { - return SSH_ERROR; - } - - *pkey = key; - - return SSH_OK; -} - static int pki_import_pubkey_buffer(ssh_session session, ssh_buffer buffer, enum ssh_keytypes_e type, diff --git a/src/pki_crypto.c b/src/pki_crypto.c index 5345e946..64ffdc07 100644 --- a/src/pki_crypto.c +++ b/src/pki_crypto.c @@ -39,8 +39,13 @@ #include "libssh/keys.h" #include "libssh/dh.h" +struct pem_get_password_struct { + ssh_auth_callback fn; + void *data; +}; + static int pem_get_password(char *buf, int size, int rwflag, void *userdata) { - ssh_session session = userdata; + struct pem_get_password_struct *pgp = userdata; (void) rwflag; /* unused */ @@ -48,18 +53,13 @@ static int pem_get_password(char *buf, int size, int rwflag, void *userdata) { return 0; } - ssh_log(session, SSH_LOG_RARE, - "Trying to call external authentication function"); - memset(buf, '\0', size); - if (session && - session->common.callbacks && - session->common.callbacks->auth_function) { + if (pgp) { int rc; - rc = session->common.callbacks->auth_function("Passphrase for private key:", - buf, size, 0, 0, - session->common.callbacks->userdata); + rc = pgp->fn("Passphrase for private key:", + buf, size, 0, 0, + pgp->data); if (rc == 0) { return strlen(buf); } @@ -208,9 +208,10 @@ fail: return NULL; } -ssh_key pki_private_key_from_base64(ssh_session session, - const char *b64_key, - const char *passphrase) { +ssh_key pki_private_key_from_base64(const char *b64_key, + const char *passphrase, + ssh_auth_callback auth_fn, + void *auth_data) { BIO *mem = NULL; DSA *dsa = NULL; RSA *rsa = NULL; @@ -224,7 +225,7 @@ ssh_key pki_private_key_from_base64(ssh_session session, type = pki_privatekey_type_from_string(b64_key); if (type == SSH_KEYTYPE_UNKNOWN) { - ssh_set_error(session, SSH_FATAL, "Unknown or invalid private key."); + ssh_pki_log("Unknown or invalid private key."); return NULL; } @@ -233,8 +234,10 @@ ssh_key pki_private_key_from_base64(ssh_session session, switch (type) { case SSH_KEYTYPE_DSS: if (passphrase == NULL) { - if (session->common.callbacks && session->common.callbacks->auth_function) { - dsa = PEM_read_bio_DSAPrivateKey(mem, NULL, pem_get_password, session); + if (auth_fn) { + struct pem_get_password_struct pgp = { auth_fn, auth_data }; + + dsa = PEM_read_bio_DSAPrivateKey(mem, NULL, pem_get_password, &pgp); } else { /* openssl uses its own callback to get the passphrase here */ dsa = PEM_read_bio_DSAPrivateKey(mem, NULL, NULL, NULL); @@ -246,9 +249,8 @@ ssh_key pki_private_key_from_base64(ssh_session session, BIO_free(mem); if (dsa == NULL) { - ssh_set_error(session, SSH_FATAL, - "Parsing private key: %s", - ERR_error_string(ERR_get_error(), NULL)); + ssh_pki_log("Parsing private key: %s", + ERR_error_string(ERR_get_error(), NULL)); return NULL; } @@ -256,8 +258,10 @@ ssh_key pki_private_key_from_base64(ssh_session session, case SSH_KEYTYPE_RSA: case SSH_KEYTYPE_RSA1: if (passphrase == NULL) { - if (session->common.callbacks && session->common.callbacks->auth_function) { - rsa = PEM_read_bio_RSAPrivateKey(mem, NULL, pem_get_password, session); + if (auth_fn) { + struct pem_get_password_struct pgp = { auth_fn, auth_data }; + + rsa = PEM_read_bio_RSAPrivateKey(mem, NULL, pem_get_password, &pgp); } else { /* openssl uses its own callback to get the passphrase here */ rsa = PEM_read_bio_RSAPrivateKey(mem, NULL, NULL, NULL); @@ -269,9 +273,8 @@ ssh_key pki_private_key_from_base64(ssh_session session, BIO_free(mem); if (rsa == NULL) { - ssh_set_error(session, SSH_FATAL, - "Parsing private key: %s", - ERR_error_string(ERR_get_error(),NULL)); + ssh_pki_log("Parsing private key: %s", + ERR_error_string(ERR_get_error(),NULL)); return NULL; } @@ -279,8 +282,7 @@ ssh_key pki_private_key_from_base64(ssh_session session, case SSH_KEYTYPE_ECDSA: case SSH_KEYTYPE_UNKNOWN: BIO_free(mem); - ssh_set_error(session, SSH_FATAL, - "Unkown or invalid private key type %d", type); + ssh_pki_log("Unkown or invalid private key type %d", type); return NULL; } diff --git a/src/pki_gcrypt.c b/src/pki_gcrypt.c index 6cac8f68..5470d118 100644 --- a/src/pki_gcrypt.c +++ b/src/pki_gcrypt.c @@ -603,9 +603,11 @@ error: return rc; } -ssh_key pki_private_key_from_base64(ssh_session session, - const char *b64_key, - const char *passphrase) { +ssh_key pki_private_key_from_base64(const char *b64_key, + const char *passphrase, + ssh_auth_callback auth_fn, + void *auth_data) +{ ssh_auth_callback auth_cb = NULL; void *auth_ud = NULL; @@ -622,20 +624,16 @@ ssh_key pki_private_key_from_base64(ssh_session session, type = pki_privatekey_type_from_string(b64_key); if (type == SSH_KEYTYPE_UNKNOWN) { - ssh_set_error(session, SSH_FATAL, "Unknown or invalid private key."); + ssh_pki_log("Unknown or invalid private key."); return NULL; } switch (type) { case SSH_KEYTYPE_DSS: if (passphrase == NULL) { - if (session->common.callbacks && - session->common.callbacks->auth_function) { - auth_cb = session->common.callbacks->auth_function; - auth_ud = session->common.callbacks->userdata; - - valid = b64decode_dsa_privatekey(b64_key, &dsa, auth_cb, - auth_ud, "Passphrase for private key:"); + if (auth_fn) { + valid = b64decode_dsa_privatekey(b64_key, &dsa, auth_fn, + auth_data, "Passphrase for private key:"); } else { valid = b64decode_dsa_privatekey(b64_key, &dsa, NULL, NULL, NULL); @@ -646,19 +644,16 @@ ssh_key pki_private_key_from_base64(ssh_session session, } if (!valid) { - ssh_set_error(session, SSH_FATAL, "Parsing private key"); + ssh_pki_log("Parsing private key"); goto fail; } break; case SSH_KEYTYPE_RSA: case SSH_KEYTYPE_RSA1: if (passphrase == NULL) { - if (session->common.callbacks && - session->common.callbacks->auth_function) { - auth_cb = session->common.callbacks->auth_function; - auth_ud = session->common.callbacks->userdata; - valid = b64decode_rsa_privatekey(b64_key, &rsa, auth_cb, - auth_ud, "Passphrase for private key:"); + if (auth_fn) { + valid = b64decode_rsa_privatekey(b64_key, &rsa, auth_fn, + auth_data, "Passphrase for private key:"); } else { valid = b64decode_rsa_privatekey(b64_key, &rsa, NULL, NULL, NULL); @@ -669,14 +664,13 @@ ssh_key pki_private_key_from_base64(ssh_session session, } if (!valid) { - ssh_set_error(session,SSH_FATAL, "Parsing private key"); + ssh_pki_log("Parsing private key"); goto fail; } break; case SSH_KEYTYPE_ECDSA: case SSH_KEYTYPE_UNKNOWN: - ssh_set_error(session, SSH_FATAL, - "Unkown or invalid private key type %d", type); + ssh_pki_log("Unkown or invalid private key type %d", type); return NULL; } |