/* the heart of the whole keyboard interactive login */ int ssh_userauth_kbdint(SSH_SESSION *session, const char *user, const char *submethods){ int err; if(session->version==1) return SSH_AUTH_DENIED; // no keyb-interactive for ssh1 enter_function(); if( !session->kbdint){ /* first time we call. we must ask for a challenge */ if(!user) if(!(user=session->options->username)){ if(ssh_options_default_username(session->options)){ leave_function(); return SSH_AUTH_ERROR; } else user=session->options->username; } if(ask_userauth(session)){ leave_function(); return SSH_AUTH_ERROR; } err=kbdauth_init(session,user,submethods); if(err!=SSH_AUTH_INFO){ leave_function(); return err; /* error or first try success */ } err=kbdauth_info_get(session); if(err==SSH_AUTH_ERROR){ kbdint_free(session->kbdint); session->kbdint=NULL; } leave_function(); return err; } /* if we are at this point, it's because session->kbdint exists */ /* it means the user has set some informations there we need to send * * the server. and then we need to ack the status (new questions or ok * * pass in */ err=kbdauth_send(session); kbdint_free(session->kbdint); session->kbdint=NULL; if(err!=SSH_AUTH_INFO){ leave_function(); return err; } err=kbdauth_info_get(session); if(err==SSH_AUTH_ERROR){ kbdint_free(session->kbdint); session->kbdint=NULL; } leave_function(); return err; }
int ssh_userauth_pubkey(SSH_SESSION *session, const char *username, STRING *publickey, PRIVATE_KEY *privatekey){ STRING *user; STRING *service; STRING *method; STRING *algo; STRING *sign; int err=SSH_AUTH_ERROR; enter_function(); // if(session->version==1) // return ssh_userauth1_pubkey(session,username,publickey,privatekey); if(!username) if(!(username=session->options->username)){ if(ssh_options_default_username(session->options)){ leave_function(); return err; } else username=session->options->username; } if(ask_userauth(session)){ leave_function(); return err; } user=string_from_char(username); service=string_from_char("ssh-connection"); method=string_from_char("publickey"); algo=string_from_char(ssh_type_to_char(privatekey->type)); /* we said previously the public key was accepted */ buffer_add_u8(session->out_buffer,SSH2_MSG_USERAUTH_REQUEST); buffer_add_ssh_string(session->out_buffer,user); buffer_add_ssh_string(session->out_buffer,service); buffer_add_ssh_string(session->out_buffer,method); buffer_add_u8(session->out_buffer,1); buffer_add_ssh_string(session->out_buffer,algo); buffer_add_ssh_string(session->out_buffer,publickey); sign=ssh_do_sign(session,session->out_buffer,privatekey); if(sign){ buffer_add_ssh_string(session->out_buffer,sign); free(sign); packet_send(session); err=wait_auth_status(session,0); } free(user); free(service); free(method); free(algo); leave_function(); return err; }
int ssh_userauth_password(SSH_SESSION *session, const char *username, const char *password){ STRING *user; STRING *service; STRING *method; STRING *password_s; int err; enter_function(); #ifdef HAVE_SSH1 if(session->version==1){ err = ssh_userauth1_password(session,username,password); leave_function(); return err; } #endif if(!username) if(!(username=session->options->username)){ if(ssh_options_default_username(session->options)){ err = SSH_AUTH_ERROR; leave_function(); return err; } else username=session->options->username; } if(ask_userauth(session)){ leave_function(); return SSH_AUTH_ERROR; } user=string_from_char(username); service=string_from_char("ssh-connection"); method=string_from_char("password"); password_s=string_from_char(password); buffer_add_u8(session->out_buffer,SSH2_MSG_USERAUTH_REQUEST); buffer_add_ssh_string(session->out_buffer,user); buffer_add_ssh_string(session->out_buffer,service); buffer_add_ssh_string(session->out_buffer,method); buffer_add_u8(session->out_buffer,0); buffer_add_ssh_string(session->out_buffer,password_s); free(user); free(service); free(method); memset(password_s,0,strlen(password)+4); free(password_s); packet_send(session); err=wait_auth_status(session,0); leave_function(); return err; }
int ssh_userauth_offer_pubkey(SSH_SESSION *session, const char *username,int type, STRING *publickey){ STRING *user; STRING *service; STRING *method; STRING *algo; int err=SSH_AUTH_ERROR; enter_function(); #ifdef HAVE_SSH1 if(session->version==1){ err= ssh_userauth1_offer_pubkey(session,username,type,publickey); leave_function(); return err; } #endif if(!username) if(!(username=session->options->username)){ if(ssh_options_default_username(session->options)){ leave_function(); return SSH_AUTH_ERROR; } else username=session->options->username; } if(ask_userauth(session)){ leave_function(); return SSH_AUTH_ERROR; } user=string_from_char(username); service=string_from_char("ssh-connection"); method=string_from_char("publickey"); algo=string_from_char(ssh_type_to_char(type)); buffer_add_u8(session->out_buffer,SSH2_MSG_USERAUTH_REQUEST); buffer_add_ssh_string(session->out_buffer,user); buffer_add_ssh_string(session->out_buffer,service); buffer_add_ssh_string(session->out_buffer,method); buffer_add_u8(session->out_buffer,0); buffer_add_ssh_string(session->out_buffer,algo); buffer_add_ssh_string(session->out_buffer,publickey); packet_send(session); err=wait_auth_status(session,0); free(user); free(method); free(service); free(algo); leave_function(); return err; }
int ssh_userauth_none(SSH_SESSION *session, const char *username){ STRING *user; STRING *service; STRING *method; int ret; enter_function(); #ifdef HAVE_SSH1 if(session->version==1){ ret = ssh_userauth1_none(session,username); leave_function(); return ret; } #endif if(!username) if(!(username=session->options->username)){ if(ssh_options_default_username(session->options)){ leave_function(); return SSH_AUTH_ERROR; } else username=session->options->username; } if(ask_userauth(session)){ leave_function(); return SSH_AUTH_ERROR; } user=string_from_char(username); method=string_from_char("none"); service=string_from_char("ssh-connection"); buffer_add_u8(session->out_buffer,SSH2_MSG_USERAUTH_REQUEST); buffer_add_ssh_string(session->out_buffer,user); buffer_add_ssh_string(session->out_buffer,service); buffer_add_ssh_string(session->out_buffer,method); free(service); free(method); free(user); packet_send(session); ret = wait_auth_status(session,0); leave_function(); return ret; }
/** * @brief Try to authenticate by password. * * @param session The ssh session to use. * * @param username The username to authenticate. You can specify NULL if * ssh_option_set_username() has been used. You cannot try * two different logins in a row. * * @param password The password to use. Take care to clean it after * the authentication. * * @returns SSH_AUTH_ERROR: A serious error happened.\n * SSH_AUTH_DENIED: Authentication failed: use another method.\n * SSH_AUTH_PARTIAL: You've been partially authenticated, you still * have to use another method.\n * SSH_AUTH_SUCCESS: Authentication successful. * * @see ssh_userauth_kbdint() * @see BURN_STRING */ int ssh_userauth_password(ssh_session session, const char *username, const char *password) { ssh_string user = NULL; ssh_string service = NULL; ssh_string method = NULL; ssh_string pwd = NULL; int rc = SSH_AUTH_ERROR; enter_function(); #ifdef WITH_SSH1 if (session->version == 1) { rc = ssh_userauth1_password(session, username, password); leave_function(); return rc; } #endif if (username == NULL) { if (session->username == NULL) { if (ssh_options_apply(session) < 0) { leave_function(); return rc; } } user = string_from_char(session->username); } else { user = string_from_char(username); } if (user == NULL) { leave_function(); return rc; } if (ask_userauth(session) < 0) { string_free(user); leave_function(); return rc; } service = string_from_char("ssh-connection"); if (service == NULL) { goto error; } method = string_from_char("password"); if (method == NULL) { goto error; } pwd = string_from_char(password); if (pwd == NULL) { goto error; } if (buffer_add_u8(session->out_buffer, SSH2_MSG_USERAUTH_REQUEST) < 0 || buffer_add_ssh_string(session->out_buffer, user) < 0 || buffer_add_ssh_string(session->out_buffer, service) < 0 || buffer_add_ssh_string(session->out_buffer, method) < 0 || buffer_add_u8(session->out_buffer, 0) < 0 || buffer_add_ssh_string(session->out_buffer, pwd) < 0) { goto error; } string_free(user); string_free(service); string_free(method); string_burn(pwd); string_free(pwd); if (packet_send(session) != SSH_OK) { leave_function(); return rc; } rc = wait_auth_status(session, 0); leave_function(); return rc; error: buffer_reinit(session->out_buffer); string_free(user); string_free(service); string_free(method); string_burn(pwd); string_free(pwd); leave_function(); return rc; }
/** * @brief Try to authenticate through public key with an ssh agent. * * @param session The ssh session to use. * * @param username The username to authenticate. You can specify NULL if * ssh_option_set_username() has been used. You cannot try * two different logins in a row. * * @param publickey The public key provided by the agent. * * @returns SSH_AUTH_ERROR: A serious error happened.\n * SSH_AUTH_DENIED: Authentication failed: use another method.\n * SSH_AUTH_PARTIAL: You've been partially authenticated, you still * have to use another method.\n * SSH_AUTH_SUCCESS: Authentication successful. * * @see publickey_from_file() * @see privatekey_from_file() * @see privatekey_free() * @see ssh_userauth_offer_pubkey() */ int ssh_userauth_agent_pubkey(ssh_session session, const char *username, ssh_public_key publickey) { ssh_string user = NULL; ssh_string service = NULL; ssh_string method = NULL; ssh_string algo = NULL; ssh_string key = NULL; ssh_string sign = NULL; int rc = SSH_AUTH_ERROR; enter_function(); if (! agent_is_running(session)) { return rc; } if (username == NULL) { if (session->username == NULL) { if (ssh_options_apply(session) < 0) { leave_function(); return rc; } } user = string_from_char(session->username); } else { user = string_from_char(username); } if (user == NULL) { leave_function(); return rc; } if (ask_userauth(session) < 0) { string_free(user); leave_function(); return rc; } service = string_from_char("ssh-connection"); if (service == NULL) { goto error; } method = string_from_char("publickey"); if (method == NULL) { goto error; } algo = string_from_char(ssh_type_to_char(publickey->type)); if (algo == NULL) { goto error; } key = publickey_to_string(publickey); if (key == NULL) { goto error; } /* we said previously the public key was accepted */ if (buffer_add_u8(session->out_buffer, SSH2_MSG_USERAUTH_REQUEST) < 0 || buffer_add_ssh_string(session->out_buffer, user) < 0 || buffer_add_ssh_string(session->out_buffer, service) < 0 || buffer_add_ssh_string(session->out_buffer, method) < 0 || buffer_add_u8(session->out_buffer, 1) < 0 || buffer_add_ssh_string(session->out_buffer, algo) < 0 || buffer_add_ssh_string(session->out_buffer, key) < 0) { goto error; } sign = ssh_do_sign_with_agent(session, session->out_buffer, publickey); if (sign) { if (buffer_add_ssh_string(session->out_buffer, sign) < 0) { goto error; } string_free(sign); if (packet_send(session) != SSH_OK) { leave_function(); return rc; } rc = wait_auth_status(session,0); } string_free(user); string_free(service); string_free(method); string_free(algo); string_free(key); leave_function(); return rc; error: buffer_reinit(session->out_buffer); string_free(sign); string_free(user); string_free(service); string_free(method); string_free(algo); string_free(key); leave_function(); return rc; }
/** * @brief Try to authenticate through the "keyboard-interactive" method. * * @param session The ssh session to use. * * @param user The username to authenticate. You can specify NULL if * ssh_option_set_username() has been used. You cannot try * two different logins in a row. * * @param submethods Undocumented. Set it to NULL. * * @returns SSH_AUTH_ERROR: A serious error happened\n * SSH_AUTH_DENIED: Authentication failed : use another method\n * SSH_AUTH_PARTIAL: You've been partially authenticated, you still * have to use another method\n * SSH_AUTH_SUCCESS: Authentication success\n * SSH_AUTH_INFO: The server asked some questions. Use * ssh_userauth_kbdint_getnprompts() and such. * * @see ssh_userauth_kbdint_getnprompts() * @see ssh_userauth_kbdint_getname() * @see ssh_userauth_kbdint_getinstruction() * @see ssh_userauth_kbdint_getprompt() * @see ssh_userauth_kbdint_setanswer() */ int ssh_userauth_kbdint(ssh_session session, const char *user, const char *submethods) { int rc = SSH_AUTH_ERROR; if (session->version == 1) { /* No keyb-interactive for ssh1 */ return SSH_AUTH_DENIED; } enter_function(); if (session->kbdint == NULL) { /* first time we call. we must ask for a challenge */ if (user == NULL) { if ((user = session->username) == NULL) { if (ssh_options_apply(session) < 0) { leave_function(); return SSH_AUTH_ERROR; } else { user = session->username; } } } if (ask_userauth(session)) { leave_function(); return SSH_AUTH_ERROR; } rc = kbdauth_init(session, user, submethods); if (rc != SSH_AUTH_INFO) { leave_function(); return rc; /* error or first try success */ } rc = kbdauth_info_get(session); if (rc == SSH_AUTH_ERROR) { kbdint_free(session->kbdint); session->kbdint = NULL; } leave_function(); return rc; } /* * If we are at this point, it ss because session->kbdint exists. * It means the user has set some information there we need to send * the server and then we need to ack the status (new questions or ok * pass in). */ rc = kbdauth_send(session); kbdint_free(session->kbdint); session->kbdint = NULL; if(rc != SSH_AUTH_INFO) { leave_function(); return rc; } rc = kbdauth_info_get(session); if (rc == SSH_AUTH_ERROR) { kbdint_free(session->kbdint); session->kbdint = NULL; } leave_function(); return rc; }