[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH] messages: emit pubkey failures to callbacks
[Thread Prev] | [Thread Next]
- Subject: [PATCH] messages: emit pubkey failures to callbacks
- From: Jon Simons <jon@xxxxxxxxxxxxx>
- Reply-to: libssh@xxxxxxxxxx
- Date: Sun, 19 Jan 2014 19:03:40 -0800
- To: libssh@xxxxxxxxxx
Hi, Attached is a patch, based off of v0-6, I've used to ensure that when public key signature validation fails, the 'auth_pubkey_function' callback will be invoked with a signature state of SSH_PUBLICKEY_STATE_WRONG. Without it I believe that one using 'ssh_server_callbacks' can not be notified that there may have been any such problem during signature validation. -Jon
From 2ace6d8cf4a82325ffa51e69f9536a58ccf835e2 Mon Sep 17 00:00:00 2001
From: Jon Simons <jon@xxxxxxxxxxxxx>
Date: Sun, 19 Jan 2014 14:04:03 -0800
Subject: [PATCH] messages: emit pubkey failures to callbacks
With this change, errors encountered while processing public keys
in 'ssh_packet_userauth_request' will be propagated back up to the
user-provided 'auth_pubkey_function' callback.
For example, if signature validation fails, the user callback will
be invoked with a signature state of SSH_PUBLICKEY_STATE_WRONG.
Before this change, a failure in signature validation would not be
made explicit via the 'ssh_server_callbacks'.
---
src/messages.c | 19 ++++++++++---------
1 file changed, 10 insertions(+), 9 deletions(-)
diff --git a/src/messages.c b/src/messages.c
index 77bca2f..826130d 100644
--- a/src/messages.c
+++ b/src/messages.c
@@ -812,18 +812,21 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_request){
uint8_t has_sign;
int rc;
+ msg->auth_request.signature_state = SSH_PUBLICKEY_STATE_ERROR;
+
msg->auth_request.method = SSH_AUTH_METHOD_PUBLICKEY;
SAFE_FREE(method);
+
buffer_get_u8(packet, &has_sign);
algo = buffer_get_ssh_string(packet);
if (algo == NULL) {
- goto error;
+ goto end;
}
pubkey_blob = buffer_get_ssh_string(packet);
if (pubkey_blob == NULL) {
ssh_string_free(algo);
algo = NULL;
- goto error;
+ goto end;
}
ssh_string_free(algo);
algo = NULL;
@@ -832,7 +835,7 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_request){
ssh_string_free(pubkey_blob);
pubkey_blob = NULL;
if (rc < 0) {
- goto error;
+ goto end;
}
msg->auth_request.signature_state = SSH_PUBLICKEY_STATE_NONE;
// has a valid signature ?
@@ -844,7 +847,7 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_request){
if(sig_blob == NULL) {
SSH_LOG(SSH_LOG_PACKET, "Invalid signature packet from peer");
msg->auth_request.signature_state = SSH_PUBLICKEY_STATE_ERROR;
- goto error;
+ goto end;
}
digest = ssh_msg_userauth_build_digest(session, msg, service);
@@ -852,7 +855,7 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_request){
ssh_string_free(sig_blob);
SSH_LOG(SSH_LOG_PACKET, "Failed to get digest");
msg->auth_request.signature_state = SSH_PUBLICKEY_STATE_WRONG;
- goto error;
+ goto end;
}
rc = ssh_pki_signature_verify_blob(session,
@@ -863,11 +866,9 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_request){
ssh_string_free(sig_blob);
ssh_buffer_free(digest);
if (rc < 0) {
- SSH_LOG(
- SSH_LOG_PACKET,
- "Received an invalid signature from peer");
+ SSH_LOG(SSH_LOG_PACKET, "Received invalid signature from peer");
msg->auth_request.signature_state = SSH_PUBLICKEY_STATE_WRONG;
- goto error;
+ goto end;
}
SSH_LOG(SSH_LOG_PACKET, "Valid signature received");
--
1.8.4.21.g992c386
| Re: [PATCH] messages: emit pubkey failures to callbacks | Aris Adamantiadis <aris@xxxxxxxxxxxx> |