diff options
| -rw-r--r-- | TODO | 2 | ||||
| -rw-r--r-- | auth.h | 8 | ||||
| -rw-r--r-- | cli-authpubkey.c | 26 | ||||
| -rw-r--r-- | cli-runopts.c | 10 | ||||
| -rw-r--r-- | cli-session.c | 2 | ||||
| -rw-r--r-- | runopts.h | 2 | ||||
| -rw-r--r-- | session.h | 3 | ||||
| -rw-r--r-- | signkey.c | 22 |
8 files changed, 39 insertions, 36 deletions
@@ -2,6 +2,8 @@ Current: Things which might need doing: +- default private dbclient keys + - Make options.h generated from configure perhaps? - Improved queueing of unauthed connections @@ -84,13 +84,13 @@ struct AuthState { }; -struct PubkeyList; -/* A singly linked list of pubkeys */ -struct PubkeyList { +struct SignKeyList; +/* A singly linked list of signing keys */ +struct SignKeyList { sign_key *key; int type; /* The type of key */ - struct PubkeyList *next; + struct SignKeyList *next; /* filename? or the buffer? for encrypted keys, so we can later get * the private key portion */ diff --git a/cli-authpubkey.c b/cli-authpubkey.c index 61b17d9..9d36bc3 100644 --- a/cli-authpubkey.c +++ b/cli-authpubkey.c @@ -38,29 +38,29 @@ static void send_msg_userauth_pubkey(sign_key *key, int type, int realsign); * We use it to remove the key we tried from the list */ void cli_pubkeyfail() { - struct PubkeyList *keyitem; - struct PubkeyList **previtem; + struct SignKeyList *keyitem; + struct SignKeyList **previtem; TRACE(("enter cli_pubkeyfail")) - previtem = &cli_opts.pubkeys; + previtem = &cli_opts.privkeys; /* Find the key we failed with, and remove it */ - for (keyitem = cli_opts.pubkeys; keyitem != NULL; keyitem = keyitem->next) { - if (keyitem == cli_ses.lastpubkey) { + for (keyitem = cli_opts.privkeys; keyitem != NULL; keyitem = keyitem->next) { + if (keyitem == cli_ses.lastprivkey) { *previtem = keyitem->next; } previtem = &keyitem; } - sign_key_free(cli_ses.lastpubkey->key); /* It won't be used again */ - m_free(cli_ses.lastpubkey); + sign_key_free(cli_ses.lastprivkey->key); /* It won't be used again */ + m_free(cli_ses.lastprivkey); TRACE(("leave cli_pubkeyfail")) } void recv_msg_userauth_pk_ok() { - struct PubkeyList *keyitem; + struct SignKeyList *keyitem; buffer* keybuf; char* algotype = NULL; unsigned int algolen; @@ -80,7 +80,7 @@ void recv_msg_userauth_pk_ok() { /* Iterate through our keys, find which one it was that matched, and * send a real request with that key */ - for (keyitem = cli_opts.pubkeys; keyitem != NULL; keyitem = keyitem->next) { + for (keyitem = cli_opts.privkeys; keyitem != NULL; keyitem = keyitem->next) { if (keyitem->type != keytype) { /* Types differed */ @@ -172,11 +172,11 @@ int cli_auth_pubkey() { TRACE(("enter cli_auth_pubkey")) - if (cli_opts.pubkeys != NULL) { + if (cli_opts.privkeys != NULL) { /* Send a trial request */ - send_msg_userauth_pubkey(cli_opts.pubkeys->key, - cli_opts.pubkeys->type, 0); - cli_ses.lastpubkey = cli_opts.pubkeys; + send_msg_userauth_pubkey(cli_opts.privkeys->key, + cli_opts.privkeys->type, 0); + cli_ses.lastprivkey = cli_opts.privkeys; TRACE(("leave cli_auth_pubkey-success")) return 1; } else { diff --git a/cli-runopts.c b/cli-runopts.c index 0f5c67c..285c51d 100644 --- a/cli-runopts.c +++ b/cli-runopts.c @@ -89,7 +89,7 @@ void cli_getopts(int argc, char ** argv) { cli_opts.cmd = NULL; cli_opts.wantpty = 9; /* 9 means "it hasn't been touched", gets set later */ #ifdef ENABLE_CLI_PUBKEY_AUTH - cli_opts.pubkeys = NULL; + cli_opts.privkeys = NULL; #endif #ifdef ENABLE_CLI_LOCALTCPFWD cli_opts.localfwds = NULL; @@ -271,7 +271,7 @@ void cli_getopts(int argc, char ** argv) { #ifdef ENABLE_CLI_PUBKEY_AUTH static void loadidentityfile(const char* filename) { - struct PubkeyList * nextkey; + struct SignKeyList * nextkey; sign_key *key; int keytype; @@ -284,11 +284,11 @@ static void loadidentityfile(const char* filename) { } else { - nextkey = (struct PubkeyList*)m_malloc(sizeof(struct PubkeyList)); + nextkey = (struct SignKeyList*)m_malloc(sizeof(struct SignKeyList)); nextkey->key = key; - nextkey->next = cli_opts.pubkeys; + nextkey->next = cli_opts.privkeys; nextkey->type = keytype; - cli_opts.pubkeys = nextkey; + cli_opts.privkeys = nextkey; } } #endif diff --git a/cli-session.c b/cli-session.c index 0ac120e..8b58526 100644 --- a/cli-session.c +++ b/cli-session.c @@ -126,7 +126,7 @@ static void cli_session_init() { specific exit status */ /* Auth */ - cli_ses.lastpubkey = NULL; + cli_ses.lastprivkey = NULL; cli_ses.lastauthtype = 0; /* For printing "remote host closed" for the user */ @@ -95,7 +95,7 @@ typedef struct cli_runopts { char *cmd; int wantpty; #ifdef ENABLE_CLI_PUBKEY_AUTH - struct PubkeyList *pubkeys; /* Keys to use for public-key auth */ + struct SignKeyList *privkeys; /* Keys to use for public-key auth */ #endif #ifdef ENABLE_CLI_REMOTETCPFWD struct TCPFwdList * remotefwds; @@ -211,7 +211,6 @@ struct clientsession { mp_int *dh_e, *dh_x; /* Used during KEX */ cli_kex_state kex_state; /* Used for progressing KEX */ cli_state state; /* Used to progress auth/channelsession etc */ - int something; /* XXX */ unsigned donefirstkex : 1; /* Set when we set sentnewkeys, never reset */ int tty_raw_mode; /* Whether we're in raw mode (and have to clean up) */ @@ -227,7 +226,7 @@ struct clientsession { int lastauthtype; /* either AUTH_TYPE_PUBKEY or AUTH_TYPE_PASSWORD, for the last type of auth we tried */ - struct PubkeyList *lastpubkey; + struct SignKeyList *lastprivkey; int retval; /* What the command exit status was - we emulate it */ #if 0 @@ -279,7 +279,7 @@ static char * sign_key_md5_fingerprint(unsigned char* keyblob, char * ret; hash_state hs; unsigned char hash[MD5_HASH_SIZE]; - unsigned int h, i; + unsigned int i; unsigned int buflen; md5_init(&hs); @@ -296,10 +296,11 @@ static char * sign_key_md5_fingerprint(unsigned char* keyblob, memset(ret, 'Z', buflen); strcpy(ret, "md5 "); - for (i = 4, h = 0; i < buflen; i+=3, h++) { - ret[i] = hexdig(hash[h] >> 4); - ret[i+1] = hexdig(hash[h] & 0x0f); - ret[i+2] = ':'; + for (i = 0; i < MD5_HASH_SIZE; i++) { + unsigned int pos = 4 + i*3; + ret[pos] = hexdig(hash[i] >> 4); + ret[pos+1] = hexdig(hash[i] & 0x0f); + ret[pos+2] = ':'; } ret[buflen-1] = 0x0; @@ -313,7 +314,7 @@ static char * sign_key_sha1_fingerprint(unsigned char* keyblob, char * ret; hash_state hs; unsigned char hash[SHA1_HASH_SIZE]; - unsigned int h, i; + unsigned int i; unsigned int buflen; sha1_init(&hs); @@ -329,10 +330,11 @@ static char * sign_key_sha1_fingerprint(unsigned char* keyblob, strcpy(ret, "sha1 "); - for (i = 5, h = 0; i < buflen; i+=3, h++) { - ret[i] = hexdig(hash[h] >> 4); - ret[i+1] = hexdig(hash[h] & 0x0f); - ret[i+2] = ':'; + for (i = 0; i < SHA1_HASH_SIZE; i++) { + unsigned int pos = 5 + 3*i; + ret[pos] = hexdig(hash[i] >> 4); + ret[pos+1] = hexdig(hash[i] & 0x0f); + ret[pos+2] = ':'; } ret[buflen-1] = 0x0; |