diff options
author | Aris Adamantiadis <aris@0xbadc0de.be> | 2009-12-20 18:05:02 +0100 |
---|---|---|
committer | Aris Adamantiadis <aris@0xbadc0de.be> | 2009-12-20 18:05:02 +0100 |
commit | 2e22d6ef9931156d837f6747aa9e46943bc51edb (patch) | |
tree | db9269139bbaa5d736923e3a65801be5cdab4d01 /libssh | |
parent | 6509b6e7421f480e481d087d613f334779cfb38b (diff) | |
download | libssh-2e22d6ef9931156d837f6747aa9e46943bc51edb.tar.gz libssh-2e22d6ef9931156d837f6747aa9e46943bc51edb.tar.xz libssh-2e22d6ef9931156d837f6747aa9e46943bc51edb.zip |
Add key validation in server side authentication
Diffstat (limited to 'libssh')
-rw-r--r-- | libssh/messages.c | 10 | ||||
-rw-r--r-- | libssh/server.c | 7 |
2 files changed, 12 insertions, 5 deletions
diff --git a/libssh/messages.c b/libssh/messages.c index c6cec583..6d0d62d8 100644 --- a/libssh/messages.c +++ b/libssh/messages.c @@ -220,7 +220,7 @@ static ssh_message handle_userauth_request(ssh_session session){ if (msg->auth_request.public_key == NULL) { goto error; } - msg->auth_request.signature_state = 0; + msg->auth_request.signature_state = SSH_PUBLICKEY_STATE_NONE; // has a valid signature ? if(has_sign) { SIGNATURE *signature = NULL; @@ -231,7 +231,7 @@ static ssh_message handle_userauth_request(ssh_session session){ sign = buffer_get_ssh_string(session->in_buffer); if(sign == NULL) { ssh_log(session, SSH_LOG_PACKET, "Invalid signature packet from peer"); - msg->auth_request.signature_state = -2; + msg->auth_request.signature_state = SSH_PUBLICKEY_STATE_ERROR; goto error; } signature = signature_from_string(session, sign, public_key, @@ -241,7 +241,7 @@ static ssh_message handle_userauth_request(ssh_session session){ (digest != NULL && signature != NULL && sig_verify(session, public_key, signature, buffer_get(digest), buffer_get_len(digest)) < 0)) { - ssh_log(session, SSH_LOG_PACKET, "Invalid signature from peer"); + ssh_log(session, SSH_LOG_PACKET, "Wrong signature from peer"); string_free(sign); sign = NULL; @@ -250,7 +250,7 @@ static ssh_message handle_userauth_request(ssh_session session){ signature_free(signature); signature = NULL; - msg->auth_request.signature_state = -1; + msg->auth_request.signature_state = SSH_PUBLICKEY_STATE_WRONG; goto error; } else @@ -263,7 +263,7 @@ static ssh_message handle_userauth_request(ssh_session session){ signature_free(signature); signature = NULL; - msg->auth_request.signature_state = 1; + msg->auth_request.signature_state = SSH_PUBLICKEY_STATE_VALID; } SAFE_FREE(service_c); leave_function(); diff --git a/libssh/server.c b/libssh/server.c index d465c81e..bb260e3f 100644 --- a/libssh/server.c +++ b/libssh/server.c @@ -760,6 +760,13 @@ ssh_public_key ssh_message_auth_publickey(ssh_message msg){ return msg->auth_request.public_key; } +enum ssh_publickey_state_e ssh_message_auth_publickey_state(ssh_message msg){ + if (msg == NULL) { + return -1; + } + return msg->auth_request.signature_state; +} + int ssh_message_auth_set_methods(ssh_message msg, int methods) { if (msg == NULL || msg->session == NULL) { return -1; |