static int check_authorized_keys(struct ssh_key_struct *client_pubkey) {
#define MAX_PUBKEY_SIZE 0x4000
const char *authorized_keys_path = tmate_settings->authorized_keys_path;
const char *token_delim = " ";
FILE *file;
char key_buf[MAX_PUBKEY_SIZE], *key_type, *key_content;
enum ssh_keytypes_e type;
ssh_key pkey;
if (authorized_keys_path == NULL)
return SSH_AUTH_SUCCESS;
file = fopen(authorized_keys_path, "rb");
if (file == NULL) {
tmate_fatal("Could not open authorized_keys file: \"%s\"", authorized_keys_path);
return SSH_AUTH_DENIED;
}
while (fgets(key_buf, MAX_PUBKEY_SIZE, file)) {
if (key_buf[0] == '#' || key_buf[0] == '\0')
continue;
key_type = strtok(key_buf, token_delim);
if (key_type == NULL)
continue;
type = ssh_key_type_from_name(key_type);
if (type == SSH_KEYTYPE_UNKNOWN)
continue;
key_content = strtok(NULL, token_delim);
if (key_content == NULL)
continue;
pkey = ssh_key_new();
if (ssh_pki_import_pubkey_base64(key_content, type, &pkey) != SSH_OK) {
ssh_key_free(pkey);
continue;
}
if (!ssh_key_cmp(pkey, client_pubkey, SSH_KEY_CMP_PUBLIC)) {
ssh_key_free(pkey);
fclose(file);
return SSH_AUTH_SUCCESS;
}
ssh_key_free(pkey);
}
fclose(file);
return SSH_AUTH_DENIED;
}
static void torture_pki_publickey_rsa_base64(void **state)
{
enum ssh_keytypes_e type;
char *b64_key, *key_buf, *p;
const char *q;
ssh_key key;
int rc;
(void) state; /* unused */
key_buf = read_file(LIBSSH_RSA_TESTKEY ".pub");
assert_true(key_buf != NULL);
q = p = key_buf;
while (*p != ' ') p++;
*p = '\0';
type = ssh_key_type_from_name(q);
assert_true(((type == SSH_KEYTYPE_RSA) ||
(type == SSH_KEYTYPE_RSA1)));
q = ++p;
while (*p != ' ') p++;
*p = '\0';
rc = ssh_pki_import_pubkey_base64(q, type, &key);
assert_true(rc == 0);
rc = ssh_pki_export_pubkey_base64(key, &b64_key);
assert_true(rc == 0);
assert_string_equal(q, b64_key);
free(b64_key);
free(key_buf);
ssh_key_free(key);
}
/**
* @brief Import a base64 formated certificate from a memory c-string.
*
* @param[in] b64_cert The base64 cert to format.
*
* @param[in] type The type of the cert to format.
*
* @param[out] pkey A pointer where the allocated key can be stored. You
* need to free the memory.
*
* @return SSH_OK on success, SSH_ERROR on error.
*
* @see ssh_key_free()
*/
int ssh_pki_import_cert_base64(const char *b64_cert,
enum ssh_keytypes_e type,
ssh_key *pkey) {
return ssh_pki_import_pubkey_base64(b64_cert, type, pkey);
}
/**
* @brief Import a public key from the given filename.
*
* @param[in] filename The path to the public key.
*
* @param[out] pkey A pointer to store the allocated public key. You need to
* free the memory.
*
* @returns SSH_OK on success, SSH_EOF if the file doesn't exist or permission
* denied, SSH_ERROR otherwise.
*
* @see ssh_key_free()
*/
int ssh_pki_import_pubkey_file(const char *filename, ssh_key *pkey)
{
enum ssh_keytypes_e type;
struct stat sb;
char *key_buf, *p;
const char *q;
FILE *file;
off_t size;
int rc;
if (pkey == NULL || filename == NULL || *filename == '\0') {
return SSH_ERROR;
}
file = fopen(filename, "r");
if (file == NULL) {
SSH_LOG(SSH_LOG_WARN, "Error opening %s: %s",
filename, strerror(errno));
return SSH_EOF;
}
rc = fstat(fileno(file), &sb);
if (rc < 0) {
fclose(file);
SSH_LOG(SSH_LOG_WARN, "Error gettint stat of %s: %s",
filename, strerror(errno));
switch (errno) {
case ENOENT:
case EACCES:
return SSH_EOF;
}
return SSH_ERROR;
}
if (sb.st_size > MAX_PUBKEY_SIZE) {
fclose(file);
return SSH_ERROR;
}
key_buf = malloc(sb.st_size + 1);
if (key_buf == NULL) {
fclose(file);
SSH_LOG(SSH_LOG_WARN, "Out of memory!");
return SSH_ERROR;
}
size = fread(key_buf, 1, sb.st_size, file);
fclose(file);
if (size != sb.st_size) {
SAFE_FREE(key_buf);
SSH_LOG(SSH_LOG_WARN, "Error reading %s: %s",
filename, strerror(errno));
return SSH_ERROR;
}
key_buf[size] = '\0';
q = p = key_buf;
while (!isspace((int)*p)) p++;
*p = '\0';
type = ssh_key_type_from_name(q);
if (type == SSH_KEYTYPE_UNKNOWN) {
SAFE_FREE(key_buf);
return SSH_ERROR;
}
q = ++p;
while (!isspace((int)*p)) p++;
*p = '\0';
rc = ssh_pki_import_pubkey_base64(q, type, pkey);
SAFE_FREE(key_buf);
return rc;
}
