[X2Go-Commits] [x2goclient] 31/31: src/sshmasterconnection.cpp: use new PKI-based libssh API for public key authentication for libssh 0.6.0 and higher. Fixes: #1119.

git-admin at x2go.org git-admin at x2go.org
Sun Mar 5 23:22:27 CET 2017


This is an automated email from the git hooks/post-receive script.

x2go pushed a commit to branch master
in repository x2goclient.

commit d46c15e51682f61afc66ff2b5505c50ce242a67d
Author: Mihai Moldovan <ionic at ionic.de>
Date:   Thu Mar 2 09:14:04 2017 +0100

    src/sshmasterconnection.cpp: use new PKI-based libssh API for public key authentication for libssh 0.6.0 and higher. Fixes: #1119.
---
 debian/changelog            |   2 +
 src/sshmasterconnection.cpp | 124 ++++++++++++++++++++++++++++++++++++++------
 2 files changed, 109 insertions(+), 17 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index f1bff6b..796376c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -129,6 +129,8 @@ x2goclient (4.1.0.1-0x2go1) UNRELEASED; urgency=medium
       any address. Fixes: #31.
     - src/onmainwindow.cpp: check for sessionExplorer->getLastSession() to be
       valid in all places but obvious ones. Fixes: #499.
+    - src/sshmasterconnection.cpp: use new PKI-based libssh API for public key
+      authentication for libssh 0.6.0 and higher. Fixes: #1119.
 
   [ Oleksandr Shneyder ]
   * New upstream version (4.1.0.1):
diff --git a/src/sshmasterconnection.cpp b/src/sshmasterconnection.cpp
index 0ceff00..d0bec75 100644
--- a/src/sshmasterconnection.cpp
+++ b/src/sshmasterconnection.cpp
@@ -1197,7 +1197,7 @@ void SshMasterConnection::setKeyPhrase(QString phrase)
 bool SshMasterConnection::userAuthWithKey()
 {
 #ifdef DEBUG
-    x2goDebug<<"Trying to authenticate user with private key." <<endl;
+    x2goDebug<<"Trying to authenticate user with private key.";
 #endif
     QString keyName=key;
     bool autoRemove=false;
@@ -1215,13 +1215,40 @@ bool SshMasterConnection::userAuthWithKey()
         fl.close();
         autoRemove=true;
 #ifdef DEBUG
-        x2goDebug<<"Temporarily saved key in "<<keyName<<endl;
+        x2goDebug<<"Temporarily saved key in "<<keyName;
 #endif
     }
 
-    ssh_private_key prkey=privatekey_from_file(my_ssh_session, keyName.toLatin1(), 0,"");
+    QByteArray tmp_ba = keyName.toLocal8Bit ();
+
+#if LIBSSH_VERSION_INT >= SSH_VERSION_INT (0, 6, 0)
+    ssh_key priv_key = { 0 };
+
+    int rc = ssh_pki_import_privkey_file (tmp_ba.data (), NULL, NULL, NULL, &priv_key);
+
+    if (SSH_EOF == rc) {
+        x2goDebug << "Failed to get private key from " << keyName << "; file does not exist.";
+
+        ssh_key_free (priv_key);
+
+        return (false);
+    }
+    else if (SSH_OK != rc) {
+        x2goDebug << "Failed to get private key from " << keyName << "; trying to query passphrase.";
+
+        ssh_key_free (priv_key);
+        priv_key = NULL;
+    }
+#else
+    ssh_private_key priv_key = privatekey_from_file (my_ssh_session, tmp_ba.data (), NULL, NULL);
+#endif
+
     int i=0;
-    while(!prkey)
+#if LIBSSH_VERSION_INT >= SSH_VERSION_INT (0, 6, 0)
+    while (SSH_OK != rc)
+#else
+    while (!priv_key)
+#endif
     {
         keyPhraseReady=false;
         emit needPassPhrase(this, false);
@@ -1238,44 +1265,105 @@ bool SshMasterConnection::userAuthWithKey()
         }
         if(keyPhrase==QString::null)
             break;
-        prkey=privatekey_from_file(my_ssh_session, keyName.toLatin1(), 0,keyPhrase.toLatin1());
+
+        QByteArray tmp_ba_passphrase = keyPhrase.toLocal8Bit ();
+
+#if LIBSSH_VERSION_INT >= SSH_VERSION_INT (0, 6, 0)
+        rc = ssh_pki_import_privkey_file (tmp_ba.data (), tmp_ba_passphrase.data (), NULL, NULL, &priv_key);
+
+        if (SSH_OK != rc) {
+            ssh_key_free (priv_key);
+            priv_key = NULL;
+        }
+#else
+        priv_key = privatekey_from_file (my_ssh_session, tmp_ba.data (), NULL, tmp_ba_passphrase.data ());
+#endif
+
         if(i++==2)
         {
             break;
         }
     }
+#if LIBSSH_VERSION_INT >= SSH_VERSION_INT (0, 6, 0)
+    if (SSH_OK != rc)
+#else
     if (!prkey)
+#endif
     {
 #ifdef DEBUG
-        x2goDebug<<"Failed to get private key from "<<keyName<<endl;
+        x2goDebug<<"Failed to get private key from "<<keyName;
 #endif
         if ( autoRemove )
             QFile::remove ( keyName );
         return false;
     }
-    ssh_public_key pubkey=publickey_from_privatekey(prkey);
+
+#if LIBSSH_VERSION_INT >= SSH_VERSION_INT (0, 6, 0)
+    ssh_key pub_key = { 0 };
+
+    rc = ssh_pki_export_privkey_to_pubkey (priv_key, &pub_key);
+#else
+    ssh_public_key pub_key = publickey_from_privatekey (priv_key);
+#endif
+
+#if LIBSSH_VERSION_INT >= SSH_VERSION_INT (0, 6, 0)
+    if (SSH_OK != rc)
+#else
     if (!pubkey)
+#endif
     {
 #ifdef DEBUG
-        x2goDebug<<"Failed to get public key from private key."<<endl;
+        x2goDebug<<"Failed to get public key from private key.";
+#endif
+#if LIBSSH_VERSION_INT >= SSH_VERSION_INT (0, 6, 0)
+        ssh_key_free (priv_key);
+        priv_key = NULL;
+
+        ssh_key_free (pub_key);
+        pub_key = NULL;
+#else
+        privatekey_free(priv_key);
 #endif
-        privatekey_free(prkey);
         if ( autoRemove )
             QFile::remove ( keyName );
         return false;
     }
 
-    ssh_string pubkeyStr=publickey_to_string(pubkey);
-    publickey_free(pubkey);
+#if LIBSSH_VERSION_INT >= SSH_VERSION_INT (0, 6, 0)
+    do {
+        rc = ssh_userauth_try_publickey (my_ssh_session, NULL, pub_key);
+    } while (SSH_AUTH_AGAIN == rc);
+
+    ssh_key_free (pub_key);
+    pub_key = NULL;
+
+    /* FIXME: handle SSH_AUTH_PARTIAL correctly! */
+    if (SSH_AUTH_SUCCESS != rc) {
+        x2goDebug << "Unable to authenticate with public key.";
+
+        ssh_key_free (priv_key);
+        priv_key = NULL;
+
+        if (autoRemove) {
+            QFile::remove (keyName);
+        }
+
+        return (false);
+    }
 
-    //not implemented before libssh 0.5
-    /*	int rc = ssh_userauth_privatekey_file ( my_ssh_session,NULL,
-                                               keyName.toLatin1(),
-                                               pass.toLatin1() );*/
+    do {
+        rc = ssh_userauth_publickey (my_ssh_session, NULL, priv_key);
+    } while (SSH_AUTH_AGAIN == rc);
 
-    int rc=ssh_userauth_pubkey(my_ssh_session, NULL, pubkeyStr, prkey);
-    privatekey_free(prkey);
+    ssh_key_free (priv_key);
+    priv_key = NULL;
+#else
+    ssh_string pubkeyStr=publickey_to_string(pub_key);
+    publickey_free(pub_key);
+    int rc=ssh_userauth_pubkey(my_ssh_session, NULL, pubkeyStr, priv_key);
+    privatekey_free(priv_key);
     ssh_string_free(pubkeyStr);
+#endif
 
 #ifdef DEBUG
     x2goDebug<<"Authenticating with key: "<<rc<<endl;
@@ -1283,6 +1371,8 @@ bool SshMasterConnection::userAuthWithKey()
 
     if ( autoRemove )
         QFile::remove ( keyName );
+
+    /* FIXME: handle SSH_AUTH_PARTIAL correctly! */
     if ( rc != SSH_AUTH_SUCCESS )
     {
         QString err=ssh_get_error ( my_ssh_session );

--
Alioth's /srv/git/code.x2go.org/x2goclient.git//..//_hooks_/post-receive-email on /srv/git/code.x2go.org/x2goclient.git


More information about the x2go-commits mailing list