Radek Krejci | ac6d347 | 2015-10-22 15:47:18 +0200 | [diff] [blame] | 1 | /** |
Michal Vasko | 086311b | 2016-01-08 09:53:11 +0100 | [diff] [blame] | 2 | * \file session_client_ssh.c |
Radek Krejci | ac6d347 | 2015-10-22 15:47:18 +0200 | [diff] [blame] | 3 | * \author Radek Krejci <rkrejci@cesnet.cz> |
Michal Vasko | 086311b | 2016-01-08 09:53:11 +0100 | [diff] [blame] | 4 | * \author Michal Vasko <mvasko@cesnet.cz> |
| 5 | * \brief libnetconf2 - SSH specific client session transport functions |
Radek Krejci | ac6d347 | 2015-10-22 15:47:18 +0200 | [diff] [blame] | 6 | * |
| 7 | * This source is compiled only with libssh. |
| 8 | * |
| 9 | * Copyright (c) 2015 CESNET, z.s.p.o. |
| 10 | * |
Radek Krejci | 9b81f5b | 2016-02-24 13:14:49 +0100 | [diff] [blame] | 11 | * This source code is licensed under BSD 3-Clause License (the "License"). |
| 12 | * You may not use this file except in compliance with the License. |
| 13 | * You may obtain a copy of the License at |
Michal Vasko | afd416b | 2016-02-25 14:51:46 +0100 | [diff] [blame] | 14 | * |
Radek Krejci | 9b81f5b | 2016-02-24 13:14:49 +0100 | [diff] [blame] | 15 | * https://opensource.org/licenses/BSD-3-Clause |
Radek Krejci | ac6d347 | 2015-10-22 15:47:18 +0200 | [diff] [blame] | 16 | */ |
| 17 | |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 18 | #define _GNU_SOURCE |
Radek Krejci | ac6d347 | 2015-10-22 15:47:18 +0200 | [diff] [blame] | 19 | #include <assert.h> |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 20 | #include <stdlib.h> |
| 21 | #include <stddef.h> |
| 22 | #include <stdio.h> |
Radek Krejci | ac6d347 | 2015-10-22 15:47:18 +0200 | [diff] [blame] | 23 | #include <string.h> |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 24 | #include <errno.h> |
| 25 | #include <fcntl.h> |
| 26 | #include <termios.h> |
| 27 | #include <sys/types.h> |
| 28 | #include <sys/stat.h> |
| 29 | #include <pwd.h> |
Radek Krejci | ac6d347 | 2015-10-22 15:47:18 +0200 | [diff] [blame] | 30 | #include <unistd.h> |
| 31 | |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 32 | #ifdef ENABLE_DNSSEC |
| 33 | # include <validator/validator.h> |
| 34 | # include <validator/resolver.h> |
| 35 | # include <validator/validator-compat.h> |
| 36 | #endif |
| 37 | |
Michal Vasko | 745ff83 | 2015-12-08 14:40:29 +0100 | [diff] [blame] | 38 | #include <libssh/libssh.h> |
Radek Krejci | ac6d347 | 2015-10-22 15:47:18 +0200 | [diff] [blame] | 39 | #include <libyang/libyang.h> |
| 40 | |
Michal Vasko | e22c673 | 2016-01-29 11:03:02 +0100 | [diff] [blame] | 41 | #include "session_client.h" |
| 42 | #include "session_client_ch.h" |
Radek Krejci | ac6d347 | 2015-10-22 15:47:18 +0200 | [diff] [blame] | 43 | #include "libnetconf.h" |
| 44 | |
Michal Vasko | ef112d7 | 2016-02-18 13:28:25 +0100 | [diff] [blame] | 45 | static int sshauth_hostkey_check(const char *hostname, ssh_session session); |
Michal Vasko | 30e2c87 | 2016-02-18 10:03:21 +0100 | [diff] [blame] | 46 | static char *sshauth_password(const char *username, const char *hostname); |
| 47 | static char *sshauth_interactive(const char *auth_name, const char *instruction, const char *prompt, int echo); |
| 48 | static char *sshauth_privkey_passphrase(const char* privkey_path); |
| 49 | |
Michal Vasko | daf9a09 | 2016-02-09 10:42:05 +0100 | [diff] [blame] | 50 | extern struct nc_client_opts client_opts; |
| 51 | |
Michal Vasko | 3031aae | 2016-01-27 16:07:18 +0100 | [diff] [blame] | 52 | static struct nc_client_ssh_opts ssh_opts = { |
Michal Vasko | 30e2c87 | 2016-02-18 10:03:21 +0100 | [diff] [blame] | 53 | .auth_pref = {{NC_SSH_AUTH_INTERACTIVE, 3}, {NC_SSH_AUTH_PASSWORD, 2}, {NC_SSH_AUTH_PUBLICKEY, 1}}, |
Michal Vasko | ef112d7 | 2016-02-18 13:28:25 +0100 | [diff] [blame] | 54 | .auth_hostkey_check = sshauth_hostkey_check, |
Michal Vasko | 30e2c87 | 2016-02-18 10:03:21 +0100 | [diff] [blame] | 55 | .auth_password = sshauth_password, |
| 56 | .auth_interactive = sshauth_interactive, |
| 57 | .auth_privkey_passphrase = sshauth_privkey_passphrase |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 58 | }; |
Radek Krejci | ac6d347 | 2015-10-22 15:47:18 +0200 | [diff] [blame] | 59 | |
Michal Vasko | 3031aae | 2016-01-27 16:07:18 +0100 | [diff] [blame] | 60 | static struct nc_client_ssh_opts ssh_ch_opts = { |
Michal Vasko | 30e2c87 | 2016-02-18 10:03:21 +0100 | [diff] [blame] | 61 | .auth_pref = {{NC_SSH_AUTH_INTERACTIVE, 1}, {NC_SSH_AUTH_PASSWORD, 2}, {NC_SSH_AUTH_PUBLICKEY, 3}}, |
Michal Vasko | ef112d7 | 2016-02-18 13:28:25 +0100 | [diff] [blame] | 62 | .auth_hostkey_check = sshauth_hostkey_check, |
Michal Vasko | 30e2c87 | 2016-02-18 10:03:21 +0100 | [diff] [blame] | 63 | .auth_password = sshauth_password, |
| 64 | .auth_interactive = sshauth_interactive, |
| 65 | .auth_privkey_passphrase = sshauth_privkey_passphrase |
Michal Vasko | 3031aae | 2016-01-27 16:07:18 +0100 | [diff] [blame] | 66 | }; |
| 67 | |
Michal Vasko | e22c673 | 2016-01-29 11:03:02 +0100 | [diff] [blame] | 68 | static void |
| 69 | _nc_client_ssh_destroy_opts(struct nc_client_ssh_opts *opts) |
Michal Vasko | 990089e | 2015-10-27 15:05:25 +0100 | [diff] [blame] | 70 | { |
| 71 | int i; |
| 72 | |
Michal Vasko | e22c673 | 2016-01-29 11:03:02 +0100 | [diff] [blame] | 73 | for (i = 0; i < opts->key_count; ++i) { |
| 74 | free(opts->keys[i].pubkey_path); |
| 75 | free(opts->keys[i].privkey_path); |
Michal Vasko | 990089e | 2015-10-27 15:05:25 +0100 | [diff] [blame] | 76 | } |
Michal Vasko | e22c673 | 2016-01-29 11:03:02 +0100 | [diff] [blame] | 77 | free(opts->keys); |
| 78 | free(opts->username); |
| 79 | } |
Michal Vasko | 990089e | 2015-10-27 15:05:25 +0100 | [diff] [blame] | 80 | |
Michal Vasko | b7558c5 | 2016-02-26 15:04:19 +0100 | [diff] [blame] | 81 | void |
Michal Vasko | e22c673 | 2016-01-29 11:03:02 +0100 | [diff] [blame] | 82 | nc_client_ssh_destroy_opts(void) |
| 83 | { |
| 84 | _nc_client_ssh_destroy_opts(&ssh_opts); |
| 85 | _nc_client_ssh_destroy_opts(&ssh_ch_opts); |
Michal Vasko | 990089e | 2015-10-27 15:05:25 +0100 | [diff] [blame] | 86 | } |
| 87 | |
Michal Vasko | ef112d7 | 2016-02-18 13:28:25 +0100 | [diff] [blame] | 88 | #ifdef ENABLE_DNSSEC |
| 89 | |
| 90 | /* return 0 (DNSSEC + key valid), 1 (unsecure DNS + key valid), 2 (key not found or an error) */ |
| 91 | /* type - 1 (RSA), 2 (DSA), 3 (ECDSA); alg - 1 (SHA1), 2 (SHA-256) */ |
| 92 | static int |
Michal Vasko | 650011a | 2016-02-25 14:49:29 +0100 | [diff] [blame] | 93 | sshauth_hostkey_hash_dnssec_check(const char *hostname, const unsigned char *sha1hash, int type, int alg) { |
Michal Vasko | ef112d7 | 2016-02-18 13:28:25 +0100 | [diff] [blame] | 94 | ns_msg handle; |
| 95 | ns_rr rr; |
| 96 | val_status_t val_status; |
| 97 | const unsigned char* rdata; |
| 98 | unsigned char buf[4096]; |
| 99 | int buf_len = 4096; |
| 100 | int ret = 0, i, j, len; |
| 101 | |
| 102 | /* class 1 - internet, type 44 - SSHFP */ |
| 103 | len = val_res_query(NULL, hostname, 1, 44, buf, buf_len, &val_status); |
| 104 | |
| 105 | if ((len < 0) || !val_istrusted(val_status)) { |
| 106 | ret = 2; |
| 107 | goto finish; |
| 108 | } |
| 109 | |
| 110 | if (ns_initparse(buf, len, &handle) < 0) { |
| 111 | ERR("Failed to initialize DNSSEC response parser."); |
| 112 | ret = 2; |
| 113 | goto finish; |
| 114 | } |
| 115 | |
| 116 | if ((i = libsres_msg_getflag(handle, ns_f_rcode))) { |
| 117 | ERR("DNSSEC query returned %d.", i); |
| 118 | ret = 2; |
| 119 | goto finish; |
| 120 | } |
| 121 | |
| 122 | if (!libsres_msg_getflag(handle, ns_f_ad)) { |
| 123 | /* response not secured by DNSSEC */ |
| 124 | ret = 1; |
| 125 | } |
| 126 | |
| 127 | /* query section */ |
| 128 | if (ns_parserr(&handle, ns_s_qd, 0, &rr)) { |
Michal Vasko | 650011a | 2016-02-25 14:49:29 +0100 | [diff] [blame] | 129 | ERR("DNSSEC query section parser fail."); |
Michal Vasko | ef112d7 | 2016-02-18 13:28:25 +0100 | [diff] [blame] | 130 | ret = 2; |
| 131 | goto finish; |
| 132 | } |
| 133 | |
| 134 | if (strcmp(hostname, ns_rr_name(rr)) || (ns_rr_type(rr) != 44) || (ns_rr_class(rr) != 1)) { |
Michal Vasko | 650011a | 2016-02-25 14:49:29 +0100 | [diff] [blame] | 135 | ERR("DNSSEC query in the answer does not match the original query."); |
Michal Vasko | ef112d7 | 2016-02-18 13:28:25 +0100 | [diff] [blame] | 136 | ret = 2; |
| 137 | goto finish; |
| 138 | } |
| 139 | |
| 140 | /* answer section */ |
| 141 | i = 0; |
| 142 | while (!ns_parserr(&handle, ns_s_an, i, &rr)) { |
| 143 | if (ns_rr_type(rr) != 44) { |
| 144 | ++i; |
| 145 | continue; |
| 146 | } |
| 147 | |
| 148 | rdata = ns_rr_rdata(rr); |
| 149 | if (rdata[0] != type) { |
| 150 | ++i; |
| 151 | continue; |
| 152 | } |
| 153 | if (rdata[1] != alg) { |
| 154 | ++i; |
| 155 | continue; |
| 156 | } |
| 157 | |
| 158 | /* we found the correct SSHFP entry */ |
| 159 | rdata += 2; |
| 160 | for (j = 0; j < 20; ++j) { |
| 161 | if (rdata[j] != (unsigned char)sha1hash[j]) { |
| 162 | ret = 2; |
| 163 | goto finish; |
| 164 | } |
| 165 | } |
| 166 | |
| 167 | /* server fingerprint is supported by a DNS entry, |
| 168 | * we have already determined if DNSSEC was used or not |
| 169 | */ |
| 170 | goto finish; |
| 171 | } |
| 172 | |
| 173 | /* no match */ |
| 174 | ret = 2; |
| 175 | |
| 176 | finish: |
| 177 | val_free_validator_state(); |
| 178 | return ret; |
| 179 | } |
| 180 | |
| 181 | #endif /* ENABLE_DNSSEC */ |
| 182 | |
| 183 | static int |
| 184 | sshauth_hostkey_check(const char *hostname, ssh_session session) |
| 185 | { |
| 186 | char *hexa; |
| 187 | int c, state, ret; |
| 188 | ssh_key srv_pubkey; |
| 189 | unsigned char *hash_sha1 = NULL; |
| 190 | size_t hlen; |
| 191 | enum ssh_keytypes_e srv_pubkey_type; |
| 192 | char answer[5]; |
| 193 | |
| 194 | state = ssh_is_server_known(session); |
| 195 | |
| 196 | ret = ssh_get_publickey(session, &srv_pubkey); |
| 197 | if (ret < 0) { |
| 198 | ERR("Unable to get server public key."); |
| 199 | return -1; |
| 200 | } |
| 201 | |
| 202 | srv_pubkey_type = ssh_key_type(srv_pubkey); |
| 203 | ret = ssh_get_publickey_hash(srv_pubkey, SSH_PUBLICKEY_HASH_SHA1, &hash_sha1, &hlen); |
| 204 | ssh_key_free(srv_pubkey); |
| 205 | if (ret < 0) { |
| 206 | ERR("Failed to calculate SHA1 hash of the server public key."); |
| 207 | return -1; |
| 208 | } |
| 209 | |
| 210 | hexa = ssh_get_hexa(hash_sha1, hlen); |
| 211 | |
| 212 | switch (state) { |
| 213 | case SSH_SERVER_KNOWN_OK: |
| 214 | break; /* ok */ |
| 215 | |
| 216 | case SSH_SERVER_KNOWN_CHANGED: |
| 217 | ERR("Remote host key changed, the connection will be terminated!"); |
| 218 | goto fail; |
| 219 | |
| 220 | case SSH_SERVER_FOUND_OTHER: |
| 221 | WRN("Remote host key is not known, but a key of another type for this host is known. Continue with caution."); |
| 222 | goto hostkey_not_known; |
| 223 | |
| 224 | case SSH_SERVER_FILE_NOT_FOUND: |
| 225 | WRN("Could not find the known hosts file."); |
| 226 | goto hostkey_not_known; |
| 227 | |
| 228 | case SSH_SERVER_NOT_KNOWN: |
| 229 | hostkey_not_known: |
| 230 | #ifdef ENABLE_DNSSEC |
| 231 | if ((srv_pubkey_type != SSH_KEYTYPE_UNKNOWN) || (srv_pubkey_type != SSH_KEYTYPE_RSA1)) { |
| 232 | if (srv_pubkey_type == SSH_KEYTYPE_DSS) { |
Michal Vasko | 650011a | 2016-02-25 14:49:29 +0100 | [diff] [blame] | 233 | ret = sshauth_hostkey_hash_dnssec_check(hostname, hash_sha1, 2, 1); |
Michal Vasko | ef112d7 | 2016-02-18 13:28:25 +0100 | [diff] [blame] | 234 | } else if (srv_pubkey_type == SSH_KEYTYPE_RSA) { |
Michal Vasko | 650011a | 2016-02-25 14:49:29 +0100 | [diff] [blame] | 235 | ret = sshauth_hostkey_hash_dnssec_check(hostname, hash_sha1, 1, 1); |
Michal Vasko | ef112d7 | 2016-02-18 13:28:25 +0100 | [diff] [blame] | 236 | } else if (srv_pubkey_type == SSH_KEYTYPE_ECDSA) { |
Michal Vasko | 650011a | 2016-02-25 14:49:29 +0100 | [diff] [blame] | 237 | ret = sshauth_hostkey_hash_dnssec_check(hostname, hash_sha1, 3, 1); |
Michal Vasko | ef112d7 | 2016-02-18 13:28:25 +0100 | [diff] [blame] | 238 | } |
| 239 | |
| 240 | /* DNSSEC SSHFP check successful, that's enough */ |
| 241 | if (!ret) { |
| 242 | VRB("DNSSEC SSHFP check successful."); |
| 243 | ssh_write_knownhost(session); |
| 244 | ssh_clean_pubkey_hash(&hash_sha1); |
| 245 | ssh_string_free_char(hexa); |
| 246 | return 0; |
| 247 | } |
| 248 | } |
| 249 | #endif |
| 250 | |
| 251 | /* try to get result from user */ |
| 252 | fprintf(stdout, "The authenticity of the host \'%s\' cannot be established.\n", hostname); |
| 253 | fprintf(stdout, "%s key fingerprint is %s.\n", ssh_key_type_to_char(srv_pubkey_type), hexa); |
| 254 | |
| 255 | #ifdef ENABLE_DNSSEC |
| 256 | if (ret == 2) { |
| 257 | fprintf(stdout, "No matching host key fingerprint found using DNS.\n"); |
| 258 | } else if (ret == 1) { |
| 259 | fprintf(stdout, "Matching host key fingerprint found using DNS.\n"); |
| 260 | } |
| 261 | #endif |
| 262 | |
| 263 | fprintf(stdout, "Are you sure you want to continue connecting (yes/no)? "); |
| 264 | |
| 265 | do { |
| 266 | if (fscanf(stdin, "%4s", answer) == EOF) { |
| 267 | ERR("fscanf() failed (%s).", strerror(errno)); |
| 268 | goto fail; |
| 269 | } |
| 270 | while (((c = getchar()) != EOF) && (c != '\n')); |
| 271 | |
| 272 | fflush(stdin); |
| 273 | if (!strcmp("yes", answer)) { |
| 274 | /* store the key into the host file */ |
| 275 | ret = ssh_write_knownhost(session); |
| 276 | if (ret != SSH_OK) { |
| 277 | WRN("Adding the known host \"%s\" failed (%s).", hostname, ssh_get_error(session)); |
| 278 | } |
| 279 | } else if (!strcmp("no", answer)) { |
| 280 | goto fail; |
| 281 | } else { |
| 282 | fprintf(stdout, "Please type 'yes' or 'no': "); |
| 283 | } |
| 284 | } while (strcmp(answer, "yes") && strcmp(answer, "no")); |
| 285 | |
| 286 | break; |
| 287 | |
| 288 | case SSH_SERVER_ERROR: |
| 289 | ssh_clean_pubkey_hash(&hash_sha1); |
| 290 | fprintf(stderr,"%s",ssh_get_error(session)); |
| 291 | return -1; |
| 292 | } |
| 293 | |
| 294 | ssh_clean_pubkey_hash(&hash_sha1); |
| 295 | ssh_string_free_char(hexa); |
| 296 | return 0; |
| 297 | |
| 298 | fail: |
| 299 | ssh_clean_pubkey_hash(&hash_sha1); |
| 300 | ssh_string_free_char(hexa); |
| 301 | return -1; |
| 302 | } |
| 303 | |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 304 | static char * |
| 305 | sshauth_password(const char *username, const char *hostname) |
Radek Krejci | ac6d347 | 2015-10-22 15:47:18 +0200 | [diff] [blame] | 306 | { |
Michal Vasko | 4eb3c31 | 2016-03-01 14:09:37 +0100 | [diff] [blame] | 307 | char *buf; |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 308 | int buflen = 1024, len = 0; |
| 309 | char c = 0; |
| 310 | struct termios newterm, oldterm; |
| 311 | FILE *tty; |
Radek Krejci | ac6d347 | 2015-10-22 15:47:18 +0200 | [diff] [blame] | 312 | |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 313 | if (!(tty = fopen("/dev/tty", "r+"))) { |
Michal Vasko | d083db6 | 2016-01-19 10:31:29 +0100 | [diff] [blame] | 314 | ERR("Unable to open the current terminal (%s).", strerror(errno)); |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 315 | return NULL; |
Radek Krejci | ac6d347 | 2015-10-22 15:47:18 +0200 | [diff] [blame] | 316 | } |
| 317 | |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 318 | if (tcgetattr(fileno(tty), &oldterm)) { |
Michal Vasko | d083db6 | 2016-01-19 10:31:29 +0100 | [diff] [blame] | 319 | ERR("Unable to get terminal settings (%s).", strerror(errno)); |
Michal Vasko | 11d142a | 2016-01-19 15:58:24 +0100 | [diff] [blame] | 320 | fclose(tty); |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 321 | return NULL; |
| 322 | } |
Radek Krejci | ac6d347 | 2015-10-22 15:47:18 +0200 | [diff] [blame] | 323 | |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 324 | fprintf(tty, "%s@%s password: ", username, hostname); |
| 325 | fflush(tty); |
Radek Krejci | ac6d347 | 2015-10-22 15:47:18 +0200 | [diff] [blame] | 326 | |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 327 | /* system("stty -echo"); */ |
| 328 | newterm = oldterm; |
| 329 | newterm.c_lflag &= ~ECHO; |
| 330 | newterm.c_lflag &= ~ICANON; |
| 331 | tcflush(fileno(tty), TCIFLUSH); |
| 332 | if (tcsetattr(fileno(tty), TCSANOW, &newterm)) { |
Michal Vasko | d083db6 | 2016-01-19 10:31:29 +0100 | [diff] [blame] | 333 | ERR("Unable to change terminal settings for hiding password (%s).", strerror(errno)); |
Michal Vasko | 11d142a | 2016-01-19 15:58:24 +0100 | [diff] [blame] | 334 | fclose(tty); |
| 335 | return NULL; |
| 336 | } |
| 337 | |
| 338 | buf = malloc(buflen * sizeof *buf); |
| 339 | if (!buf) { |
| 340 | ERRMEM; |
| 341 | fclose(tty); |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 342 | return NULL; |
| 343 | } |
| 344 | |
| 345 | while ((fread(&c, 1, 1, tty) == 1) && (c != '\n')) { |
| 346 | if (len >= buflen - 1) { |
| 347 | buflen *= 2; |
Michal Vasko | 4eb3c31 | 2016-03-01 14:09:37 +0100 | [diff] [blame] | 348 | buf = nc_realloc(buf, buflen * sizeof *buf); |
| 349 | if (!buf) { |
Michal Vasko | d083db6 | 2016-01-19 10:31:29 +0100 | [diff] [blame] | 350 | ERRMEM; |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 351 | |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 352 | /* restore terminal settings */ |
| 353 | if (tcsetattr(fileno(tty), TCSANOW, &oldterm) != 0) { |
Michal Vasko | d083db6 | 2016-01-19 10:31:29 +0100 | [diff] [blame] | 354 | ERR("Unable to restore terminal settings (%s).", strerror(errno)); |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 355 | } |
Michal Vasko | 11d142a | 2016-01-19 15:58:24 +0100 | [diff] [blame] | 356 | fclose(tty); |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 357 | return NULL; |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 358 | } |
| 359 | } |
| 360 | buf[len++] = c; |
| 361 | } |
| 362 | buf[len++] = 0; /* terminating null byte */ |
| 363 | |
| 364 | /* system ("stty echo"); */ |
| 365 | if (tcsetattr(fileno(tty), TCSANOW, &oldterm)) { |
Michal Vasko | d083db6 | 2016-01-19 10:31:29 +0100 | [diff] [blame] | 366 | ERR("Unable to restore terminal settings (%s).", strerror(errno)); |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 367 | /* |
| 368 | * terminal probably still hides input characters, but we have password |
| 369 | * and anyway we are unable to set terminal to the previous state, so |
| 370 | * just continue |
| 371 | */ |
| 372 | } |
| 373 | fprintf(tty, "\n"); |
| 374 | |
| 375 | fclose(tty); |
| 376 | return buf; |
| 377 | } |
| 378 | |
| 379 | static char * |
| 380 | sshauth_interactive(const char *auth_name, const char *instruction, const char *prompt, int echo) |
| 381 | { |
| 382 | unsigned int buflen = 8, response_len; |
| 383 | char c = 0; |
| 384 | struct termios newterm, oldterm; |
Michal Vasko | 4eb3c31 | 2016-03-01 14:09:37 +0100 | [diff] [blame] | 385 | char *response; |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 386 | FILE *tty; |
| 387 | |
| 388 | if (!(tty = fopen("/dev/tty", "r+"))) { |
Michal Vasko | d083db6 | 2016-01-19 10:31:29 +0100 | [diff] [blame] | 389 | ERR("Unable to open the current terminal (%s).", strerror(errno)); |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 390 | return NULL; |
| 391 | } |
| 392 | |
| 393 | if (tcgetattr(fileno(tty), &oldterm) != 0) { |
Michal Vasko | d083db6 | 2016-01-19 10:31:29 +0100 | [diff] [blame] | 394 | ERR("Unable to get terminal settings (%s).", strerror(errno)); |
Michal Vasko | 11d142a | 2016-01-19 15:58:24 +0100 | [diff] [blame] | 395 | fclose(tty); |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 396 | return NULL; |
| 397 | } |
| 398 | |
| 399 | if (auth_name && (!fwrite(auth_name, sizeof(char), strlen(auth_name), tty) |
| 400 | || !fwrite("\n", sizeof(char), 1, tty))) { |
| 401 | ERR("Writing the auth method name into stdout failed."); |
Michal Vasko | 11d142a | 2016-01-19 15:58:24 +0100 | [diff] [blame] | 402 | fclose(tty); |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 403 | return NULL; |
| 404 | } |
| 405 | |
| 406 | if (instruction && (!fwrite(instruction, sizeof(char), strlen(instruction), tty) |
| 407 | || !fwrite("\n", sizeof(char), 1, tty))) { |
| 408 | ERR("Writing the instruction into stdout failed."); |
Michal Vasko | 11d142a | 2016-01-19 15:58:24 +0100 | [diff] [blame] | 409 | fclose(tty); |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 410 | return NULL; |
| 411 | } |
| 412 | |
| 413 | if (!fwrite(prompt, sizeof(char), strlen(prompt), tty)) { |
| 414 | ERR("Writing the authentication prompt into stdout failed."); |
Michal Vasko | 11d142a | 2016-01-19 15:58:24 +0100 | [diff] [blame] | 415 | fclose(tty); |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 416 | return NULL; |
| 417 | } |
| 418 | fflush(tty); |
| 419 | if (!echo) { |
| 420 | /* system("stty -echo"); */ |
| 421 | newterm = oldterm; |
| 422 | newterm.c_lflag &= ~ECHO; |
| 423 | tcflush(fileno(tty), TCIFLUSH); |
| 424 | if (tcsetattr(fileno(tty), TCSANOW, &newterm)) { |
Michal Vasko | d083db6 | 2016-01-19 10:31:29 +0100 | [diff] [blame] | 425 | ERR("Unable to change terminal settings for hiding password (%s).", strerror(errno)); |
Michal Vasko | 11d142a | 2016-01-19 15:58:24 +0100 | [diff] [blame] | 426 | fclose(tty); |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 427 | return NULL; |
| 428 | } |
| 429 | } |
| 430 | |
| 431 | response = malloc(buflen * sizeof *response); |
| 432 | response_len = 0; |
| 433 | if (!response) { |
| 434 | ERRMEM; |
| 435 | /* restore terminal settings */ |
| 436 | if (tcsetattr(fileno(tty), TCSANOW, &oldterm)) { |
Michal Vasko | d083db6 | 2016-01-19 10:31:29 +0100 | [diff] [blame] | 437 | ERR("Unable to restore terminal settings (%s).", strerror(errno)); |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 438 | } |
Michal Vasko | 11d142a | 2016-01-19 15:58:24 +0100 | [diff] [blame] | 439 | fclose(tty); |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 440 | return NULL; |
| 441 | } |
| 442 | |
| 443 | while ((fread(&c, 1, 1, tty) == 1) && (c != '\n')) { |
| 444 | if (response_len >= buflen - 1) { |
| 445 | buflen *= 2; |
Michal Vasko | 4eb3c31 | 2016-03-01 14:09:37 +0100 | [diff] [blame] | 446 | response = nc_realloc(response, buflen * sizeof *response); |
| 447 | if (!response) { |
Michal Vasko | d083db6 | 2016-01-19 10:31:29 +0100 | [diff] [blame] | 448 | ERRMEM; |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 449 | |
| 450 | /* restore terminal settings */ |
| 451 | if (tcsetattr(fileno(tty), TCSANOW, &oldterm)) { |
Michal Vasko | d083db6 | 2016-01-19 10:31:29 +0100 | [diff] [blame] | 452 | ERR("Unable to restore terminal settings (%s).", strerror(errno)); |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 453 | } |
Michal Vasko | 11d142a | 2016-01-19 15:58:24 +0100 | [diff] [blame] | 454 | fclose(tty); |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 455 | return NULL; |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 456 | } |
| 457 | } |
| 458 | response[response_len++] = c; |
| 459 | } |
| 460 | /* terminating null byte */ |
| 461 | response[response_len++] = '\0'; |
| 462 | |
| 463 | /* system ("stty echo"); */ |
| 464 | if (tcsetattr(fileno(tty), TCSANOW, &oldterm)) { |
Michal Vasko | d083db6 | 2016-01-19 10:31:29 +0100 | [diff] [blame] | 465 | ERR("Unable to restore terminal settings (%s).", strerror(errno)); |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 466 | /* |
| 467 | * terminal probably still hides input characters, but we have password |
| 468 | * and anyway we are unable to set terminal to the previous state, so |
| 469 | * just continue |
| 470 | */ |
| 471 | } |
| 472 | |
| 473 | fprintf(tty, "\n"); |
| 474 | fclose(tty); |
| 475 | return response; |
| 476 | } |
| 477 | |
| 478 | static char * |
Michal Vasko | 30e2c87 | 2016-02-18 10:03:21 +0100 | [diff] [blame] | 479 | sshauth_privkey_passphrase(const char* privkey_path) |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 480 | { |
Michal Vasko | 4eb3c31 | 2016-03-01 14:09:37 +0100 | [diff] [blame] | 481 | char c, *buf; |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 482 | int buflen = 1024, len = 0; |
| 483 | struct termios newterm, oldterm; |
| 484 | FILE *tty; |
| 485 | |
| 486 | buf = malloc(buflen * sizeof *buf); |
| 487 | if (!buf) { |
Michal Vasko | d083db6 | 2016-01-19 10:31:29 +0100 | [diff] [blame] | 488 | ERRMEM; |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 489 | return NULL; |
| 490 | } |
| 491 | |
| 492 | if (!(tty = fopen("/dev/tty", "r+"))) { |
Michal Vasko | d083db6 | 2016-01-19 10:31:29 +0100 | [diff] [blame] | 493 | ERR("Unable to open the current terminal (%s).", strerror(errno)); |
Michal Vasko | 94e7c2d | 2016-01-21 15:57:57 +0100 | [diff] [blame] | 494 | goto fail; |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 495 | } |
| 496 | |
| 497 | if (tcgetattr(fileno(tty), &oldterm)) { |
Michal Vasko | d083db6 | 2016-01-19 10:31:29 +0100 | [diff] [blame] | 498 | ERR("Unable to get terminal settings (%s).", strerror(errno)); |
Michal Vasko | 94e7c2d | 2016-01-21 15:57:57 +0100 | [diff] [blame] | 499 | goto fail; |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 500 | } |
| 501 | |
| 502 | fprintf(tty, "Enter passphrase for the key '%s':", privkey_path); |
| 503 | fflush(tty); |
| 504 | |
| 505 | /* system("stty -echo"); */ |
| 506 | newterm = oldterm; |
| 507 | newterm.c_lflag &= ~ECHO; |
| 508 | newterm.c_lflag &= ~ICANON; |
| 509 | tcflush(fileno(tty), TCIFLUSH); |
| 510 | if (tcsetattr(fileno(tty), TCSANOW, &newterm)) { |
Michal Vasko | d083db6 | 2016-01-19 10:31:29 +0100 | [diff] [blame] | 511 | ERR("Unable to change terminal settings for hiding password (%s).", strerror(errno)); |
Michal Vasko | 94e7c2d | 2016-01-21 15:57:57 +0100 | [diff] [blame] | 512 | goto fail; |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 513 | } |
| 514 | |
| 515 | while ((fread(&c, 1, 1, tty) == 1) && (c != '\n')) { |
| 516 | if (len >= buflen - 1) { |
| 517 | buflen *= 2; |
Michal Vasko | 4eb3c31 | 2016-03-01 14:09:37 +0100 | [diff] [blame] | 518 | buf = nc_realloc(buf, buflen * sizeof *buf); |
| 519 | if (!buf) { |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 520 | ERRMEM; |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 521 | /* restore terminal settings */ |
| 522 | if (tcsetattr(fileno(tty), TCSANOW, &oldterm)) { |
Michal Vasko | d083db6 | 2016-01-19 10:31:29 +0100 | [diff] [blame] | 523 | ERR("Unable to restore terminal settings (%s).", strerror(errno)); |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 524 | } |
Michal Vasko | 94e7c2d | 2016-01-21 15:57:57 +0100 | [diff] [blame] | 525 | goto fail; |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 526 | } |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 527 | } |
| 528 | buf[len++] = (char)c; |
| 529 | } |
| 530 | buf[len++] = 0; /* terminating null byte */ |
| 531 | |
| 532 | /* system ("stty echo"); */ |
| 533 | if (tcsetattr(fileno(tty), TCSANOW, &oldterm)) { |
Michal Vasko | d083db6 | 2016-01-19 10:31:29 +0100 | [diff] [blame] | 534 | ERR("Unable to restore terminal settings (%s).", strerror(errno)); |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 535 | /* |
| 536 | * terminal probably still hides input characters, but we have password |
| 537 | * and anyway we are unable to set terminal to the previous state, so |
| 538 | * just continue |
| 539 | */ |
| 540 | } |
| 541 | fprintf(tty, "\n"); |
| 542 | |
| 543 | fclose(tty); |
| 544 | return buf; |
Michal Vasko | 94e7c2d | 2016-01-21 15:57:57 +0100 | [diff] [blame] | 545 | |
| 546 | fail: |
| 547 | free(buf); |
Michal Vasko | de581a8 | 2016-01-22 13:15:35 +0100 | [diff] [blame] | 548 | if (tty) { |
| 549 | fclose(tty); |
| 550 | } |
Michal Vasko | 94e7c2d | 2016-01-21 15:57:57 +0100 | [diff] [blame] | 551 | return NULL; |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 552 | } |
| 553 | |
Michal Vasko | ef112d7 | 2016-02-18 13:28:25 +0100 | [diff] [blame] | 554 | static void |
| 555 | _nc_client_ssh_set_auth_hostkey_check_clb(int (*auth_hostkey_check)(const char *hostname, ssh_session session), |
| 556 | struct nc_client_ssh_opts *opts) |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 557 | { |
Michal Vasko | ef112d7 | 2016-02-18 13:28:25 +0100 | [diff] [blame] | 558 | if (auth_hostkey_check) { |
| 559 | opts->auth_hostkey_check = auth_hostkey_check; |
| 560 | } else { |
| 561 | opts->auth_hostkey_check = sshauth_hostkey_check; |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 562 | } |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 563 | } |
| 564 | |
Michal Vasko | ef112d7 | 2016-02-18 13:28:25 +0100 | [diff] [blame] | 565 | API void |
| 566 | nc_client_ssh_set_auth_hostkey_check_clb(int (*auth_hostkey_check)(const char *hostname, ssh_session session)) |
| 567 | { |
| 568 | _nc_client_ssh_set_auth_hostkey_check_clb(auth_hostkey_check, &ssh_opts); |
| 569 | } |
| 570 | |
| 571 | API void |
| 572 | nc_client_ssh_ch_set_auth_hostkey_check_clb(int (*auth_hostkey_check)(const char *hostname, ssh_session session)) |
| 573 | { |
| 574 | _nc_client_ssh_set_auth_hostkey_check_clb(auth_hostkey_check, &ssh_ch_opts); |
| 575 | } |
| 576 | |
| 577 | |
Michal Vasko | 30e2c87 | 2016-02-18 10:03:21 +0100 | [diff] [blame] | 578 | static void |
| 579 | _nc_client_ssh_set_auth_password_clb(char *(*auth_password)(const char *username, const char *hostname), |
| 580 | struct nc_client_ssh_opts *opts) |
| 581 | { |
| 582 | if (auth_password) { |
| 583 | opts->auth_password = auth_password; |
| 584 | } else { |
| 585 | opts->auth_password = sshauth_password; |
| 586 | } |
| 587 | } |
| 588 | |
| 589 | API void |
| 590 | nc_client_ssh_set_auth_password_clb(char *(*auth_password)(const char *username, const char *hostname)) |
| 591 | { |
| 592 | _nc_client_ssh_set_auth_password_clb(auth_password, &ssh_opts); |
| 593 | } |
| 594 | |
| 595 | API void |
| 596 | nc_client_ssh_ch_set_auth_password_clb(char *(*auth_password)(const char *username, const char *hostname)) |
| 597 | { |
| 598 | _nc_client_ssh_set_auth_password_clb(auth_password, &ssh_ch_opts); |
| 599 | } |
| 600 | |
| 601 | static void |
| 602 | _nc_client_ssh_set_auth_interactive_clb(char *(*auth_interactive)(const char *auth_name, const char *instruction, |
| 603 | const char *prompt, int echo), |
| 604 | struct nc_client_ssh_opts *opts) |
| 605 | { |
| 606 | if (auth_interactive) { |
| 607 | opts->auth_interactive = auth_interactive; |
| 608 | } else { |
| 609 | opts->auth_interactive = sshauth_interactive; |
| 610 | } |
| 611 | } |
| 612 | |
| 613 | API void |
| 614 | nc_client_ssh_set_auth_interactive_clb(char *(*auth_interactive)(const char *auth_name, const char *instruction, |
| 615 | const char *prompt, int echo)) |
| 616 | { |
| 617 | _nc_client_ssh_set_auth_interactive_clb(auth_interactive, &ssh_opts); |
| 618 | } |
| 619 | |
| 620 | API void |
| 621 | nc_client_ssh_ch_set_auth_interactive_clb(char *(*auth_interactive)(const char *auth_name, const char *instruction, |
| 622 | const char *prompt, int echo)) |
| 623 | { |
| 624 | _nc_client_ssh_set_auth_interactive_clb(auth_interactive, &ssh_ch_opts); |
| 625 | } |
| 626 | |
| 627 | static void |
| 628 | _nc_client_ssh_set_auth_privkey_passphrase_clb(char *(*auth_privkey_passphrase)(const char *privkey_path), |
| 629 | struct nc_client_ssh_opts *opts) |
| 630 | { |
| 631 | if (auth_privkey_passphrase) { |
| 632 | opts->auth_privkey_passphrase = auth_privkey_passphrase; |
| 633 | } else { |
| 634 | opts->auth_privkey_passphrase = sshauth_privkey_passphrase; |
| 635 | } |
| 636 | } |
| 637 | |
| 638 | API void |
| 639 | nc_client_ssh_set_auth_privkey_passphrase_clb(char *(*auth_privkey_passphrase)(const char *privkey_path)) |
| 640 | { |
| 641 | _nc_client_ssh_set_auth_privkey_passphrase_clb(auth_privkey_passphrase, &ssh_opts); |
| 642 | } |
| 643 | |
| 644 | API void |
| 645 | nc_client_ssh_ch_set_auth_privkey_passphrase_clb(char *(*auth_privkey_passphrase)(const char *privkey_path)) |
| 646 | { |
| 647 | _nc_client_ssh_set_auth_privkey_passphrase_clb(auth_privkey_passphrase, &ssh_ch_opts); |
| 648 | } |
| 649 | |
Michal Vasko | 3031aae | 2016-01-27 16:07:18 +0100 | [diff] [blame] | 650 | static int |
| 651 | _nc_client_ssh_add_keypair(const char *pub_key, const char *priv_key, struct nc_client_ssh_opts *opts) |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 652 | { |
| 653 | int i; |
| 654 | FILE *key; |
| 655 | char line[128]; |
| 656 | |
Michal Vasko | 45e53ae | 2016-04-07 11:46:03 +0200 | [diff] [blame] | 657 | if (!pub_key) { |
| 658 | ERRARG("pub_key"); |
| 659 | return -1; |
| 660 | } else if (!priv_key) { |
| 661 | ERRARG("priv_key"); |
Michal Vasko | 7f1c78b | 2016-01-19 09:52:14 +0100 | [diff] [blame] | 662 | return -1; |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 663 | } |
| 664 | |
Michal Vasko | 3031aae | 2016-01-27 16:07:18 +0100 | [diff] [blame] | 665 | for (i = 0; i < opts->key_count; ++i) { |
| 666 | if (!strcmp(opts->keys[i].pubkey_path, pub_key) || !strcmp(opts->keys[i].privkey_path, priv_key)) { |
| 667 | if (strcmp(opts->keys[i].pubkey_path, pub_key)) { |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 668 | WRN("Private key \"%s\" found with another public key \"%s\".", |
Michal Vasko | 3031aae | 2016-01-27 16:07:18 +0100 | [diff] [blame] | 669 | priv_key, opts->keys[i].pubkey_path); |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 670 | continue; |
Michal Vasko | 3031aae | 2016-01-27 16:07:18 +0100 | [diff] [blame] | 671 | } else if (strcmp(opts->keys[i].privkey_path, priv_key)) { |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 672 | WRN("Public key \"%s\" found with another private key \"%s\".", |
Michal Vasko | 3031aae | 2016-01-27 16:07:18 +0100 | [diff] [blame] | 673 | pub_key, opts->keys[i].privkey_path); |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 674 | continue; |
| 675 | } |
| 676 | |
Michal Vasko | e9bc814 | 2015-12-04 11:09:35 +0100 | [diff] [blame] | 677 | ERR("SSH key pair already set."); |
Michal Vasko | 7f1c78b | 2016-01-19 09:52:14 +0100 | [diff] [blame] | 678 | return -1; |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 679 | } |
| 680 | } |
| 681 | |
Michal Vasko | 3031aae | 2016-01-27 16:07:18 +0100 | [diff] [blame] | 682 | /* add the keys */ |
| 683 | ++opts->key_count; |
Michal Vasko | 4eb3c31 | 2016-03-01 14:09:37 +0100 | [diff] [blame] | 684 | opts->keys = nc_realloc(opts->keys, opts->key_count * sizeof *opts->keys); |
| 685 | if (!opts->keys) { |
| 686 | ERRMEM; |
| 687 | return -1; |
| 688 | } |
Michal Vasko | 3031aae | 2016-01-27 16:07:18 +0100 | [diff] [blame] | 689 | opts->keys[opts->key_count - 1].pubkey_path = strdup(pub_key); |
| 690 | opts->keys[opts->key_count - 1].privkey_path = strdup(priv_key); |
| 691 | opts->keys[opts->key_count - 1].privkey_crypt = 0; |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 692 | |
Michal Vasko | 4eb3c31 | 2016-03-01 14:09:37 +0100 | [diff] [blame] | 693 | if (!opts->keys[opts->key_count - 1].pubkey_path || !opts->keys[opts->key_count - 1].privkey_path) { |
| 694 | ERRMEM; |
| 695 | return -1; |
| 696 | } |
| 697 | |
Michal Vasko | e9bc814 | 2015-12-04 11:09:35 +0100 | [diff] [blame] | 698 | /* check encryption */ |
| 699 | if ((key = fopen(priv_key, "r"))) { |
| 700 | /* 1st line - key type */ |
| 701 | if (!fgets(line, sizeof line, key)) { |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 702 | fclose(key); |
Michal Vasko | e9bc814 | 2015-12-04 11:09:35 +0100 | [diff] [blame] | 703 | ERR("fgets() on %s failed.", priv_key); |
Michal Vasko | 7f1c78b | 2016-01-19 09:52:14 +0100 | [diff] [blame] | 704 | return -1; |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 705 | } |
Michal Vasko | e9bc814 | 2015-12-04 11:09:35 +0100 | [diff] [blame] | 706 | /* 2nd line - encryption information or key */ |
| 707 | if (!fgets(line, sizeof line, key)) { |
| 708 | fclose(key); |
| 709 | ERR("fgets() on %s failed.", priv_key); |
Michal Vasko | 7f1c78b | 2016-01-19 09:52:14 +0100 | [diff] [blame] | 710 | return -1; |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 711 | } |
Michal Vasko | e9bc814 | 2015-12-04 11:09:35 +0100 | [diff] [blame] | 712 | fclose(key); |
| 713 | if (strcasestr(line, "encrypted")) { |
Michal Vasko | 3031aae | 2016-01-27 16:07:18 +0100 | [diff] [blame] | 714 | opts->keys[opts->key_count - 1].privkey_crypt = 1; |
Michal Vasko | e9bc814 | 2015-12-04 11:09:35 +0100 | [diff] [blame] | 715 | } |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 716 | } |
| 717 | |
Michal Vasko | 7f1c78b | 2016-01-19 09:52:14 +0100 | [diff] [blame] | 718 | return 0; |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 719 | } |
| 720 | |
| 721 | API int |
Michal Vasko | 3031aae | 2016-01-27 16:07:18 +0100 | [diff] [blame] | 722 | nc_client_ssh_add_keypair(const char *pub_key, const char *priv_key) |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 723 | { |
Michal Vasko | 3031aae | 2016-01-27 16:07:18 +0100 | [diff] [blame] | 724 | return _nc_client_ssh_add_keypair(pub_key, priv_key, &ssh_opts); |
| 725 | } |
| 726 | |
| 727 | API int |
| 728 | nc_client_ssh_ch_add_keypair(const char *pub_key, const char *priv_key) |
| 729 | { |
| 730 | return _nc_client_ssh_add_keypair(pub_key, priv_key, &ssh_ch_opts); |
| 731 | } |
| 732 | |
| 733 | static int |
| 734 | _nc_client_ssh_del_keypair(int idx, struct nc_client_ssh_opts *opts) |
| 735 | { |
| 736 | if (idx >= opts->key_count) { |
Michal Vasko | 45e53ae | 2016-04-07 11:46:03 +0200 | [diff] [blame] | 737 | ERRARG("idx"); |
Michal Vasko | 7f1c78b | 2016-01-19 09:52:14 +0100 | [diff] [blame] | 738 | return -1; |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 739 | } |
| 740 | |
Michal Vasko | 3031aae | 2016-01-27 16:07:18 +0100 | [diff] [blame] | 741 | free(opts->keys[idx].pubkey_path); |
| 742 | free(opts->keys[idx].privkey_path); |
Michal Vasko | e9bc814 | 2015-12-04 11:09:35 +0100 | [diff] [blame] | 743 | |
Michal Vasko | 3031aae | 2016-01-27 16:07:18 +0100 | [diff] [blame] | 744 | --opts->key_count; |
Michal Vasko | c025649 | 2016-02-02 12:19:06 +0100 | [diff] [blame] | 745 | if (idx < opts->key_count) { |
| 746 | memcpy(&opts->keys[idx], &opts->keys[opts->key_count], sizeof *opts->keys); |
| 747 | } |
| 748 | if (opts->key_count) { |
Michal Vasko | 4eb3c31 | 2016-03-01 14:09:37 +0100 | [diff] [blame] | 749 | opts->keys = nc_realloc(opts->keys, opts->key_count * sizeof *opts->keys); |
| 750 | if (!opts->keys) { |
| 751 | ERRMEM; |
| 752 | return -1; |
| 753 | } |
Michal Vasko | c025649 | 2016-02-02 12:19:06 +0100 | [diff] [blame] | 754 | } else { |
| 755 | free(opts->keys); |
| 756 | opts->keys = NULL; |
| 757 | } |
Michal Vasko | e9bc814 | 2015-12-04 11:09:35 +0100 | [diff] [blame] | 758 | |
Michal Vasko | 7f1c78b | 2016-01-19 09:52:14 +0100 | [diff] [blame] | 759 | return 0; |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 760 | } |
| 761 | |
| 762 | API int |
Michal Vasko | 3031aae | 2016-01-27 16:07:18 +0100 | [diff] [blame] | 763 | nc_client_ssh_del_keypair(int idx) |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 764 | { |
Michal Vasko | 3031aae | 2016-01-27 16:07:18 +0100 | [diff] [blame] | 765 | return _nc_client_ssh_del_keypair(idx, &ssh_opts); |
Michal Vasko | e9bc814 | 2015-12-04 11:09:35 +0100 | [diff] [blame] | 766 | } |
| 767 | |
| 768 | API int |
Michal Vasko | 3031aae | 2016-01-27 16:07:18 +0100 | [diff] [blame] | 769 | nc_client_ssh_ch_del_keypair(int idx) |
Michal Vasko | e9bc814 | 2015-12-04 11:09:35 +0100 | [diff] [blame] | 770 | { |
Michal Vasko | 3031aae | 2016-01-27 16:07:18 +0100 | [diff] [blame] | 771 | return _nc_client_ssh_del_keypair(idx, &ssh_ch_opts); |
| 772 | } |
| 773 | |
| 774 | static int |
| 775 | _nc_client_ssh_get_keypair_count(struct nc_client_ssh_opts *opts) |
| 776 | { |
| 777 | return opts->key_count; |
| 778 | } |
| 779 | |
| 780 | API int |
| 781 | nc_client_ssh_get_keypair_count(void) |
| 782 | { |
| 783 | return _nc_client_ssh_get_keypair_count(&ssh_opts); |
| 784 | } |
| 785 | |
| 786 | API int |
| 787 | nc_client_ssh_ch_get_keypair_count(void) |
| 788 | { |
| 789 | return _nc_client_ssh_get_keypair_count(&ssh_ch_opts); |
| 790 | } |
| 791 | |
| 792 | static int |
| 793 | _nc_client_ssh_get_keypair(int idx, const char **pub_key, const char **priv_key, struct nc_client_ssh_opts *opts) |
| 794 | { |
Michal Vasko | 45e53ae | 2016-04-07 11:46:03 +0200 | [diff] [blame] | 795 | if (idx >= opts->key_count) { |
| 796 | ERRARG("idx"); |
| 797 | return -1; |
| 798 | } else if (!pub_key && !priv_key) { |
| 799 | ERRARG("pub_key and priv_key"); |
Michal Vasko | 7f1c78b | 2016-01-19 09:52:14 +0100 | [diff] [blame] | 800 | return -1; |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 801 | } |
| 802 | |
Michal Vasko | e9bc814 | 2015-12-04 11:09:35 +0100 | [diff] [blame] | 803 | if (pub_key) { |
Michal Vasko | 3031aae | 2016-01-27 16:07:18 +0100 | [diff] [blame] | 804 | *pub_key = opts->keys[idx].pubkey_path; |
Michal Vasko | e9bc814 | 2015-12-04 11:09:35 +0100 | [diff] [blame] | 805 | } |
| 806 | if (priv_key) { |
Michal Vasko | 3031aae | 2016-01-27 16:07:18 +0100 | [diff] [blame] | 807 | *priv_key = opts->keys[idx].privkey_path; |
Michal Vasko | e9bc814 | 2015-12-04 11:09:35 +0100 | [diff] [blame] | 808 | } |
| 809 | |
Michal Vasko | 7f1c78b | 2016-01-19 09:52:14 +0100 | [diff] [blame] | 810 | return 0; |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 811 | } |
| 812 | |
Michal Vasko | 3031aae | 2016-01-27 16:07:18 +0100 | [diff] [blame] | 813 | API int |
| 814 | nc_client_ssh_get_keypair(int idx, const char **pub_key, const char **priv_key) |
| 815 | { |
| 816 | return _nc_client_ssh_get_keypair(idx, pub_key, priv_key, &ssh_opts); |
| 817 | } |
| 818 | |
| 819 | API int |
| 820 | nc_client_ssh_ch_get_keypair(int idx, const char **pub_key, const char **priv_key) |
| 821 | { |
| 822 | return _nc_client_ssh_get_keypair(idx, pub_key, priv_key, &ssh_ch_opts); |
| 823 | } |
| 824 | |
| 825 | static void |
| 826 | _nc_client_ssh_set_auth_pref(NC_SSH_AUTH_TYPE auth_type, int16_t pref, struct nc_client_ssh_opts *opts) |
Michal Vasko | e9bc814 | 2015-12-04 11:09:35 +0100 | [diff] [blame] | 827 | { |
| 828 | if (pref < 0) { |
| 829 | pref = -1; |
| 830 | } |
| 831 | |
| 832 | if (auth_type == NC_SSH_AUTH_INTERACTIVE) { |
Michal Vasko | 3031aae | 2016-01-27 16:07:18 +0100 | [diff] [blame] | 833 | opts->auth_pref[0].value = pref; |
Michal Vasko | e9bc814 | 2015-12-04 11:09:35 +0100 | [diff] [blame] | 834 | } else if (auth_type == NC_SSH_AUTH_PASSWORD) { |
Michal Vasko | 3031aae | 2016-01-27 16:07:18 +0100 | [diff] [blame] | 835 | opts->auth_pref[1].value = pref; |
Michal Vasko | e9bc814 | 2015-12-04 11:09:35 +0100 | [diff] [blame] | 836 | } else if (auth_type == NC_SSH_AUTH_PUBLICKEY) { |
Michal Vasko | 3031aae | 2016-01-27 16:07:18 +0100 | [diff] [blame] | 837 | opts->auth_pref[2].value = pref; |
Michal Vasko | e9bc814 | 2015-12-04 11:09:35 +0100 | [diff] [blame] | 838 | } |
| 839 | } |
| 840 | |
Michal Vasko | 3031aae | 2016-01-27 16:07:18 +0100 | [diff] [blame] | 841 | API void |
| 842 | nc_client_ssh_set_auth_pref(NC_SSH_AUTH_TYPE auth_type, int16_t pref) |
Michal Vasko | e9bc814 | 2015-12-04 11:09:35 +0100 | [diff] [blame] | 843 | { |
Michal Vasko | 3031aae | 2016-01-27 16:07:18 +0100 | [diff] [blame] | 844 | _nc_client_ssh_set_auth_pref(auth_type, pref, &ssh_opts); |
| 845 | } |
| 846 | |
| 847 | API void |
| 848 | nc_client_ssh_ch_set_auth_pref(NC_SSH_AUTH_TYPE auth_type, int16_t pref) |
| 849 | { |
| 850 | _nc_client_ssh_set_auth_pref(auth_type, pref, &ssh_ch_opts); |
| 851 | } |
| 852 | |
| 853 | static int16_t |
| 854 | _nc_client_ssh_get_auth_pref(NC_SSH_AUTH_TYPE auth_type, struct nc_client_ssh_opts *opts) |
| 855 | { |
| 856 | int16_t pref = 0; |
Michal Vasko | e9bc814 | 2015-12-04 11:09:35 +0100 | [diff] [blame] | 857 | |
| 858 | if (auth_type == NC_SSH_AUTH_INTERACTIVE) { |
Michal Vasko | 3031aae | 2016-01-27 16:07:18 +0100 | [diff] [blame] | 859 | pref = opts->auth_pref[0].value; |
Michal Vasko | e9bc814 | 2015-12-04 11:09:35 +0100 | [diff] [blame] | 860 | } else if (auth_type == NC_SSH_AUTH_PASSWORD) { |
Michal Vasko | 3031aae | 2016-01-27 16:07:18 +0100 | [diff] [blame] | 861 | pref = opts->auth_pref[1].value; |
Michal Vasko | e9bc814 | 2015-12-04 11:09:35 +0100 | [diff] [blame] | 862 | } else if (auth_type == NC_SSH_AUTH_PUBLICKEY) { |
Michal Vasko | 3031aae | 2016-01-27 16:07:18 +0100 | [diff] [blame] | 863 | pref = opts->auth_pref[2].value; |
Michal Vasko | e9bc814 | 2015-12-04 11:09:35 +0100 | [diff] [blame] | 864 | } |
| 865 | |
| 866 | return pref; |
| 867 | } |
| 868 | |
Michal Vasko | 3031aae | 2016-01-27 16:07:18 +0100 | [diff] [blame] | 869 | API int16_t |
| 870 | nc_client_ssh_get_auth_pref(NC_SSH_AUTH_TYPE auth_type) |
| 871 | { |
| 872 | return _nc_client_ssh_get_auth_pref(auth_type, &ssh_opts); |
| 873 | } |
| 874 | |
| 875 | API int16_t |
| 876 | nc_client_ssh_ch_get_auth_pref(NC_SSH_AUTH_TYPE auth_type) |
| 877 | { |
| 878 | return _nc_client_ssh_get_auth_pref(auth_type, &ssh_ch_opts); |
| 879 | } |
| 880 | |
| 881 | static int |
| 882 | _nc_client_ssh_set_username(const char *username, struct nc_client_ssh_opts *opts) |
| 883 | { |
| 884 | if (opts->username) { |
| 885 | free(opts->username); |
| 886 | } |
| 887 | if (username) { |
| 888 | opts->username = strdup(username); |
| 889 | if (!opts->username) { |
| 890 | ERRMEM; |
| 891 | return -1; |
| 892 | } |
| 893 | } else { |
| 894 | opts->username = NULL; |
| 895 | } |
| 896 | |
| 897 | return 0; |
| 898 | } |
| 899 | |
| 900 | API int |
| 901 | nc_client_ssh_set_username(const char *username) |
| 902 | { |
| 903 | return _nc_client_ssh_set_username(username, &ssh_opts); |
| 904 | } |
| 905 | |
| 906 | API int |
| 907 | nc_client_ssh_ch_set_username(const char *username) |
| 908 | { |
| 909 | return _nc_client_ssh_set_username(username, &ssh_ch_opts); |
| 910 | } |
| 911 | |
Michal Vasko | e22c673 | 2016-01-29 11:03:02 +0100 | [diff] [blame] | 912 | static const char * |
| 913 | _nc_client_ssh_get_username(struct nc_client_ssh_opts *opts) |
| 914 | { |
| 915 | return opts->username; |
| 916 | } |
| 917 | |
| 918 | API const char * |
| 919 | nc_client_ssh_get_username(void) |
| 920 | { |
| 921 | return _nc_client_ssh_get_username(&ssh_opts); |
| 922 | } |
| 923 | |
| 924 | API const char * |
| 925 | nc_client_ssh_ch_get_username(void) |
| 926 | { |
| 927 | return _nc_client_ssh_get_username(&ssh_ch_opts); |
| 928 | } |
| 929 | |
Michal Vasko | 3031aae | 2016-01-27 16:07:18 +0100 | [diff] [blame] | 930 | API int |
| 931 | nc_client_ssh_ch_add_bind_listen(const char *address, uint16_t port) |
| 932 | { |
| 933 | return nc_client_ch_add_bind_listen(address, port, NC_TI_LIBSSH); |
| 934 | } |
| 935 | |
| 936 | API int |
| 937 | nc_client_ssh_ch_del_bind(const char *address, uint16_t port) |
| 938 | { |
| 939 | return nc_client_ch_del_bind(address, port, NC_TI_LIBSSH); |
| 940 | } |
| 941 | |
Michal Vasko | 8e2f4a6 | 2016-02-01 15:59:48 +0100 | [diff] [blame] | 942 | /* Establish a secure SSH connection and authenticate. |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 943 | * Host, port, username, and a connected socket is expected to be set. |
| 944 | */ |
| 945 | static int |
Michal Vasko | 0190bc3 | 2016-03-02 15:47:49 +0100 | [diff] [blame] | 946 | connect_ssh_session(struct nc_session *session, struct nc_client_ssh_opts *opts, int timeout) |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 947 | { |
Michal Vasko | 0190bc3 | 2016-03-02 15:47:49 +0100 | [diff] [blame] | 948 | int j, ret_auth, userauthlist, ret, elapsed_usec = 0; |
Michal Vasko | 235efdc | 2015-12-17 12:05:04 +0100 | [diff] [blame] | 949 | NC_SSH_AUTH_TYPE auth; |
Michal Vasko | 0190bc3 | 2016-03-02 15:47:49 +0100 | [diff] [blame] | 950 | int16_t pref; |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 951 | const char* prompt; |
| 952 | char *s, *answer, echo; |
| 953 | ssh_key pubkey, privkey; |
| 954 | ssh_session ssh_sess; |
| 955 | |
| 956 | ssh_sess = session->ti.libssh.session; |
| 957 | |
Michal Vasko | 0190bc3 | 2016-03-02 15:47:49 +0100 | [diff] [blame] | 958 | while ((ret = ssh_connect(ssh_sess)) == SSH_AGAIN) { |
| 959 | usleep(NC_TIMEOUT_STEP); |
| 960 | elapsed_usec += NC_TIMEOUT_STEP; |
| 961 | if (elapsed_usec / 1000 >= NC_TRANSPORT_TIMEOUT) { |
| 962 | break; |
| 963 | } |
| 964 | } |
| 965 | if (ret == SSH_AGAIN) { |
| 966 | ERR("SSH connect timeout."); |
| 967 | return 0; |
| 968 | } else if (ret != SSH_OK) { |
| 969 | ERR("Starting the SSH session failed (%s).", ssh_get_error(ssh_sess)); |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 970 | DBG("Error code %d.", ssh_get_error_code(ssh_sess)); |
Michal Vasko | d083db6 | 2016-01-19 10:31:29 +0100 | [diff] [blame] | 971 | return -1; |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 972 | } |
| 973 | |
Michal Vasko | ef112d7 | 2016-02-18 13:28:25 +0100 | [diff] [blame] | 974 | if (opts->auth_hostkey_check(session->host, ssh_sess)) { |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 975 | ERR("Checking the host key failed."); |
Michal Vasko | d083db6 | 2016-01-19 10:31:29 +0100 | [diff] [blame] | 976 | return -1; |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 977 | } |
| 978 | |
Michal Vasko | 0190bc3 | 2016-03-02 15:47:49 +0100 | [diff] [blame] | 979 | elapsed_usec = 0; |
| 980 | while ((ret_auth = ssh_userauth_none(ssh_sess, NULL)) == SSH_AUTH_AGAIN) { |
| 981 | usleep(NC_TIMEOUT_STEP); |
| 982 | elapsed_usec += NC_TIMEOUT_STEP; |
| 983 | if ((timeout > -1) && (elapsed_usec / 1000 >= timeout)) { |
| 984 | break; |
| 985 | } |
| 986 | } |
| 987 | if (ret_auth == SSH_AUTH_AGAIN) { |
| 988 | ERR("Request authentication methods timeout."); |
| 989 | return 0; |
| 990 | } else if (ret_auth == SSH_AUTH_ERROR) { |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 991 | ERR("Authentication failed (%s).", ssh_get_error(ssh_sess)); |
Michal Vasko | d083db6 | 2016-01-19 10:31:29 +0100 | [diff] [blame] | 992 | return -1; |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 993 | } |
| 994 | |
| 995 | /* check what authentication methods are available */ |
| 996 | userauthlist = ssh_userauth_list(ssh_sess, NULL); |
Michal Vasko | 235efdc | 2015-12-17 12:05:04 +0100 | [diff] [blame] | 997 | |
| 998 | /* remove those disabled */ |
Michal Vasko | 30e2c87 | 2016-02-18 10:03:21 +0100 | [diff] [blame] | 999 | if (opts->auth_pref[0].value < 0) { |
Michal Vasko | 235efdc | 2015-12-17 12:05:04 +0100 | [diff] [blame] | 1000 | VRB("Interactive SSH authentication method was disabled."); |
| 1001 | userauthlist &= ~SSH_AUTH_METHOD_INTERACTIVE; |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 1002 | } |
Michal Vasko | 30e2c87 | 2016-02-18 10:03:21 +0100 | [diff] [blame] | 1003 | if (opts->auth_pref[1].value < 0) { |
Michal Vasko | 235efdc | 2015-12-17 12:05:04 +0100 | [diff] [blame] | 1004 | VRB("Password SSH authentication method was disabled."); |
| 1005 | userauthlist &= ~SSH_AUTH_METHOD_PASSWORD; |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 1006 | } |
Michal Vasko | 30e2c87 | 2016-02-18 10:03:21 +0100 | [diff] [blame] | 1007 | if (opts->auth_pref[2].value < 0) { |
Michal Vasko | 235efdc | 2015-12-17 12:05:04 +0100 | [diff] [blame] | 1008 | VRB("Publickey SSH authentication method was disabled."); |
| 1009 | userauthlist &= ~SSH_AUTH_METHOD_PUBLICKEY; |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 1010 | } |
| 1011 | |
Michal Vasko | 0190bc3 | 2016-03-02 15:47:49 +0100 | [diff] [blame] | 1012 | do { |
Michal Vasko | 235efdc | 2015-12-17 12:05:04 +0100 | [diff] [blame] | 1013 | auth = 0; |
| 1014 | pref = 0; |
| 1015 | if (userauthlist & SSH_AUTH_METHOD_INTERACTIVE) { |
| 1016 | auth = NC_SSH_AUTH_INTERACTIVE; |
Michal Vasko | 30e2c87 | 2016-02-18 10:03:21 +0100 | [diff] [blame] | 1017 | pref = opts->auth_pref[0].value; |
Michal Vasko | 235efdc | 2015-12-17 12:05:04 +0100 | [diff] [blame] | 1018 | } |
Michal Vasko | 30e2c87 | 2016-02-18 10:03:21 +0100 | [diff] [blame] | 1019 | if ((userauthlist & SSH_AUTH_METHOD_PASSWORD) && (opts->auth_pref[1].value > pref)) { |
Michal Vasko | 235efdc | 2015-12-17 12:05:04 +0100 | [diff] [blame] | 1020 | auth = NC_SSH_AUTH_PASSWORD; |
Michal Vasko | 30e2c87 | 2016-02-18 10:03:21 +0100 | [diff] [blame] | 1021 | pref = opts->auth_pref[1].value; |
Michal Vasko | 235efdc | 2015-12-17 12:05:04 +0100 | [diff] [blame] | 1022 | } |
Michal Vasko | 30e2c87 | 2016-02-18 10:03:21 +0100 | [diff] [blame] | 1023 | if ((userauthlist & SSH_AUTH_METHOD_PUBLICKEY) && (opts->auth_pref[2].value > pref)) { |
Michal Vasko | 235efdc | 2015-12-17 12:05:04 +0100 | [diff] [blame] | 1024 | auth = NC_SSH_AUTH_PUBLICKEY; |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 1025 | } |
| 1026 | |
Michal Vasko | 235efdc | 2015-12-17 12:05:04 +0100 | [diff] [blame] | 1027 | if (!auth) { |
Michal Vasko | d083db6 | 2016-01-19 10:31:29 +0100 | [diff] [blame] | 1028 | ERR("Unable to authenticate to the remote server (no supported authentication methods left)."); |
Michal Vasko | 0190bc3 | 2016-03-02 15:47:49 +0100 | [diff] [blame] | 1029 | return -1; |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 1030 | } |
| 1031 | |
| 1032 | /* found common authentication method */ |
Michal Vasko | 235efdc | 2015-12-17 12:05:04 +0100 | [diff] [blame] | 1033 | switch (auth) { |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 1034 | case NC_SSH_AUTH_PASSWORD: |
Michal Vasko | 235efdc | 2015-12-17 12:05:04 +0100 | [diff] [blame] | 1035 | userauthlist &= ~SSH_AUTH_METHOD_PASSWORD; |
| 1036 | |
Michal Vasko | ef57833 | 2016-01-25 13:20:09 +0100 | [diff] [blame] | 1037 | VRB("Password authentication (host \"%s\", user \"%s\").", session->host, session->username); |
Michal Vasko | 30e2c87 | 2016-02-18 10:03:21 +0100 | [diff] [blame] | 1038 | s = opts->auth_password(session->username, session->host); |
Michal Vasko | 0190bc3 | 2016-03-02 15:47:49 +0100 | [diff] [blame] | 1039 | |
| 1040 | elapsed_usec = 0; |
| 1041 | while ((ret_auth = ssh_userauth_password(ssh_sess, session->username, s)) == SSH_AUTH_AGAIN) { |
| 1042 | usleep(NC_TIMEOUT_STEP); |
| 1043 | elapsed_usec += NC_TIMEOUT_STEP; |
| 1044 | if ((timeout > -1) && (elapsed_usec / 1000 >= timeout)) { |
| 1045 | break; |
| 1046 | } |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 1047 | } |
Michal Vasko | 0190bc3 | 2016-03-02 15:47:49 +0100 | [diff] [blame] | 1048 | memset(s, 0, strlen(s)); |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 1049 | free(s); |
| 1050 | break; |
Michal Vasko | 0190bc3 | 2016-03-02 15:47:49 +0100 | [diff] [blame] | 1051 | |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 1052 | case NC_SSH_AUTH_INTERACTIVE: |
Michal Vasko | 235efdc | 2015-12-17 12:05:04 +0100 | [diff] [blame] | 1053 | userauthlist &= ~SSH_AUTH_METHOD_INTERACTIVE; |
| 1054 | |
Michal Vasko | d083db6 | 2016-01-19 10:31:29 +0100 | [diff] [blame] | 1055 | VRB("Keyboard-interactive authentication."); |
Michal Vasko | 0190bc3 | 2016-03-02 15:47:49 +0100 | [diff] [blame] | 1056 | |
| 1057 | elapsed_usec = 0; |
| 1058 | while (((ret_auth = ssh_userauth_kbdint(ssh_sess, NULL, NULL)) == SSH_AUTH_INFO) |
| 1059 | || (ret_auth == SSH_AUTH_AGAIN)) { |
| 1060 | if (ret_auth == SSH_AUTH_AGAIN) { |
| 1061 | usleep(NC_TIMEOUT_STEP); |
| 1062 | elapsed_usec += NC_TIMEOUT_STEP; |
| 1063 | if ((timeout > -1) && (elapsed_usec / 1000 >= timeout)) { |
| 1064 | break; |
| 1065 | } |
| 1066 | continue; |
| 1067 | } |
| 1068 | |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 1069 | for (j = 0; j < ssh_userauth_kbdint_getnprompts(ssh_sess); ++j) { |
| 1070 | prompt = ssh_userauth_kbdint_getprompt(ssh_sess, j, &echo); |
Michal Vasko | 0190bc3 | 2016-03-02 15:47:49 +0100 | [diff] [blame] | 1071 | if (!prompt) { |
| 1072 | ret_auth = SSH_AUTH_ERROR; |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 1073 | break; |
| 1074 | } |
Michal Vasko | 8bf28d1 | 2016-02-24 13:29:42 +0100 | [diff] [blame] | 1075 | |
| 1076 | /* libssh BUG - echo is always 1 for some reason, assume always 0 */ |
| 1077 | echo = 0; |
| 1078 | |
Michal Vasko | 30e2c87 | 2016-02-18 10:03:21 +0100 | [diff] [blame] | 1079 | answer = opts->auth_interactive(ssh_userauth_kbdint_getname(ssh_sess), |
| 1080 | ssh_userauth_kbdint_getinstruction(ssh_sess), |
| 1081 | prompt, echo); |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 1082 | if (ssh_userauth_kbdint_setanswer(ssh_sess, j, answer) < 0) { |
| 1083 | free(answer); |
Michal Vasko | 0190bc3 | 2016-03-02 15:47:49 +0100 | [diff] [blame] | 1084 | ret_auth = SSH_AUTH_ERROR; |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 1085 | break; |
| 1086 | } |
| 1087 | free(answer); |
| 1088 | } |
Michal Vasko | 0190bc3 | 2016-03-02 15:47:49 +0100 | [diff] [blame] | 1089 | if (ret_auth == SSH_AUTH_ERROR) { |
| 1090 | break; |
| 1091 | } |
| 1092 | elapsed_usec = 0; |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 1093 | } |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 1094 | break; |
Michal Vasko | 0190bc3 | 2016-03-02 15:47:49 +0100 | [diff] [blame] | 1095 | |
Michal Vasko | 206d3b1 | 2015-12-04 11:08:42 +0100 | [diff] [blame] | 1096 | case NC_SSH_AUTH_PUBLICKEY: |
Michal Vasko | 235efdc | 2015-12-17 12:05:04 +0100 | [diff] [blame] | 1097 | userauthlist &= ~SSH_AUTH_METHOD_PUBLICKEY; |
| 1098 | |
Michal Vasko | d083db6 | 2016-01-19 10:31:29 +0100 | [diff] [blame] | 1099 | VRB("Publickey athentication."); |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 1100 | |
| 1101 | /* if publickeys path not provided, we cannot continue */ |
Michal Vasko | 30e2c87 | 2016-02-18 10:03:21 +0100 | [diff] [blame] | 1102 | if (!opts->key_count) { |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 1103 | VRB("No key pair specified."); |
| 1104 | break; |
| 1105 | } |
| 1106 | |
Michal Vasko | 30e2c87 | 2016-02-18 10:03:21 +0100 | [diff] [blame] | 1107 | for (j = 0; j < opts->key_count; j++) { |
Michal Vasko | ef57833 | 2016-01-25 13:20:09 +0100 | [diff] [blame] | 1108 | VRB("Trying to authenticate using %spair \"%s\" \"%s\".", |
Michal Vasko | 30e2c87 | 2016-02-18 10:03:21 +0100 | [diff] [blame] | 1109 | opts->keys[j].privkey_crypt ? "password-protected " : "", opts->keys[j].privkey_path, |
| 1110 | opts->keys[j].pubkey_path); |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 1111 | |
Michal Vasko | 30e2c87 | 2016-02-18 10:03:21 +0100 | [diff] [blame] | 1112 | if (ssh_pki_import_pubkey_file(opts->keys[j].pubkey_path, &pubkey) != SSH_OK) { |
| 1113 | WRN("Failed to import the key \"%s\".", opts->keys[j].pubkey_path); |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 1114 | continue; |
| 1115 | } |
Michal Vasko | 0190bc3 | 2016-03-02 15:47:49 +0100 | [diff] [blame] | 1116 | |
| 1117 | elapsed_usec = 0; |
| 1118 | while ((ret_auth = ssh_userauth_try_publickey(ssh_sess, NULL, pubkey)) == SSH_AUTH_AGAIN) { |
| 1119 | usleep(NC_TIMEOUT_STEP); |
| 1120 | elapsed_usec += NC_TIMEOUT_STEP; |
| 1121 | if ((timeout > -1) && (elapsed_usec / 1000 >= timeout)) { |
| 1122 | ssh_key_free(pubkey); |
| 1123 | break; |
| 1124 | } |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 1125 | } |
Michal Vasko | 0190bc3 | 2016-03-02 15:47:49 +0100 | [diff] [blame] | 1126 | ssh_key_free(pubkey); |
| 1127 | |
| 1128 | if (ret_auth == SSH_AUTH_DENIED) { |
| 1129 | continue; |
| 1130 | } else if (ret_auth != SSH_AUTH_SUCCESS) { |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 1131 | break; |
| 1132 | } |
| 1133 | |
Michal Vasko | 30e2c87 | 2016-02-18 10:03:21 +0100 | [diff] [blame] | 1134 | if (opts->keys[j].privkey_crypt) { |
| 1135 | s = opts->auth_privkey_passphrase(opts->keys[j].privkey_path); |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 1136 | } else { |
| 1137 | s = NULL; |
| 1138 | } |
| 1139 | |
Michal Vasko | 0190bc3 | 2016-03-02 15:47:49 +0100 | [diff] [blame] | 1140 | ret = ssh_pki_import_privkey_file(opts->keys[j].privkey_path, s, NULL, NULL, &privkey); |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 1141 | if (s) { |
| 1142 | memset(s, 0, strlen(s)); |
| 1143 | free(s); |
| 1144 | } |
Michal Vasko | 0190bc3 | 2016-03-02 15:47:49 +0100 | [diff] [blame] | 1145 | if (ret != SSH_OK) { |
| 1146 | WRN("Failed to import the key \"%s\".", opts->keys[j].privkey_path); |
| 1147 | continue; |
| 1148 | } |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 1149 | |
Michal Vasko | 0190bc3 | 2016-03-02 15:47:49 +0100 | [diff] [blame] | 1150 | elapsed_usec = 0; |
| 1151 | while ((ret_auth = ssh_userauth_publickey(ssh_sess, NULL, privkey)) == SSH_AUTH_AGAIN) { |
| 1152 | usleep(NC_TIMEOUT_STEP); |
| 1153 | elapsed_usec += NC_TIMEOUT_STEP; |
| 1154 | if ((timeout > -1) && (elapsed_usec / 1000 >= timeout)) { |
| 1155 | ssh_key_free(privkey); |
| 1156 | break; |
| 1157 | } |
| 1158 | } |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 1159 | ssh_key_free(privkey); |
| 1160 | |
Michal Vasko | 0190bc3 | 2016-03-02 15:47:49 +0100 | [diff] [blame] | 1161 | if (ret_auth != SSH_AUTH_DENIED) { |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 1162 | break; |
| 1163 | } |
| 1164 | } |
| 1165 | break; |
| 1166 | } |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 1167 | |
Michal Vasko | 0190bc3 | 2016-03-02 15:47:49 +0100 | [diff] [blame] | 1168 | switch (ret_auth) { |
| 1169 | case SSH_AUTH_AGAIN: |
| 1170 | ERR("Authentication response timeout."); |
| 1171 | return 0; |
| 1172 | case SSH_AUTH_ERROR: |
| 1173 | ERR("Authentication failed (%s).", ssh_get_error(ssh_sess)); |
| 1174 | return -1; |
| 1175 | case SSH_AUTH_DENIED: |
| 1176 | WRN("Authentication denied."); |
| 1177 | break; |
| 1178 | case SSH_AUTH_PARTIAL: |
| 1179 | VRB("Partial authentication success."); |
| 1180 | break; |
| 1181 | case SSH_AUTH_SUCCESS: |
| 1182 | VRB("Authentication successful."); |
| 1183 | break; |
| 1184 | case SSH_AUTH_INFO: |
| 1185 | ERRINT; |
| 1186 | return -1; |
| 1187 | } |
| 1188 | } while (ret_auth != SSH_AUTH_SUCCESS); |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 1189 | |
Michal Vasko | 0190bc3 | 2016-03-02 15:47:49 +0100 | [diff] [blame] | 1190 | return 1; |
Michal Vasko | 8e2f4a6 | 2016-02-01 15:59:48 +0100 | [diff] [blame] | 1191 | } |
| 1192 | |
| 1193 | /* Open new SSH channel and request the 'netconf' subsystem. |
| 1194 | * SSH connection is expected to be established. |
| 1195 | */ |
| 1196 | static int |
Michal Vasko | 0190bc3 | 2016-03-02 15:47:49 +0100 | [diff] [blame] | 1197 | open_netconf_channel(struct nc_session *session, int timeout) |
Michal Vasko | 8e2f4a6 | 2016-02-01 15:59:48 +0100 | [diff] [blame] | 1198 | { |
| 1199 | ssh_session ssh_sess; |
Michal Vasko | 0190bc3 | 2016-03-02 15:47:49 +0100 | [diff] [blame] | 1200 | int ret, elapsed_usec = 0; |
Michal Vasko | 8e2f4a6 | 2016-02-01 15:59:48 +0100 | [diff] [blame] | 1201 | |
| 1202 | ssh_sess = session->ti.libssh.session; |
| 1203 | |
| 1204 | if (!ssh_is_connected(ssh_sess)) { |
| 1205 | ERR("SSH session not connected."); |
| 1206 | return -1; |
| 1207 | } |
| 1208 | |
| 1209 | if (session->ti.libssh.channel) { |
| 1210 | ERR("SSH channel already created."); |
| 1211 | return -1; |
| 1212 | } |
| 1213 | |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 1214 | /* open a channel */ |
| 1215 | session->ti.libssh.channel = ssh_channel_new(ssh_sess); |
Michal Vasko | 0190bc3 | 2016-03-02 15:47:49 +0100 | [diff] [blame] | 1216 | while ((ret = ssh_channel_open_session(session->ti.libssh.channel)) == SSH_AGAIN) { |
| 1217 | usleep(NC_TIMEOUT_STEP); |
| 1218 | elapsed_usec += NC_TIMEOUT_STEP; |
| 1219 | if ((timeout > -1) && (elapsed_usec / 1000 >= timeout)) { |
| 1220 | break; |
| 1221 | } |
| 1222 | } |
| 1223 | if (ret == SSH_AGAIN) { |
| 1224 | ERR("Opening an SSH channel timeout elapsed."); |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 1225 | ssh_channel_free(session->ti.libssh.channel); |
| 1226 | session->ti.libssh.channel = NULL; |
Michal Vasko | 0190bc3 | 2016-03-02 15:47:49 +0100 | [diff] [blame] | 1227 | return 0; |
| 1228 | } else if (ret == SSH_ERROR) { |
Michal Vasko | d083db6 | 2016-01-19 10:31:29 +0100 | [diff] [blame] | 1229 | ERR("Opening an SSH channel failed (%s).", ssh_get_error(ssh_sess)); |
Michal Vasko | 0190bc3 | 2016-03-02 15:47:49 +0100 | [diff] [blame] | 1230 | ssh_channel_free(session->ti.libssh.channel); |
| 1231 | session->ti.libssh.channel = NULL; |
Michal Vasko | d083db6 | 2016-01-19 10:31:29 +0100 | [diff] [blame] | 1232 | return -1; |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 1233 | } |
| 1234 | |
| 1235 | /* execute the NETCONF subsystem on the channel */ |
Michal Vasko | 0190bc3 | 2016-03-02 15:47:49 +0100 | [diff] [blame] | 1236 | elapsed_usec = 0; |
| 1237 | while ((ret = ssh_channel_request_subsystem(session->ti.libssh.channel, "netconf")) == SSH_AGAIN) { |
| 1238 | usleep(NC_TIMEOUT_STEP); |
| 1239 | elapsed_usec += NC_TIMEOUT_STEP; |
| 1240 | if ((timeout > -1) && (elapsed_usec / 1000 >= timeout)) { |
| 1241 | break; |
| 1242 | } |
| 1243 | } |
| 1244 | if (ret == SSH_AGAIN) { |
| 1245 | ERR("Starting the \"netconf\" SSH subsystem timeout elapsed."); |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 1246 | ssh_channel_free(session->ti.libssh.channel); |
| 1247 | session->ti.libssh.channel = NULL; |
Michal Vasko | 0190bc3 | 2016-03-02 15:47:49 +0100 | [diff] [blame] | 1248 | return 0; |
| 1249 | } else if (ret == SSH_ERROR) { |
Michal Vasko | d083db6 | 2016-01-19 10:31:29 +0100 | [diff] [blame] | 1250 | ERR("Starting the \"netconf\" SSH subsystem failed (%s).", ssh_get_error(ssh_sess)); |
Michal Vasko | 0190bc3 | 2016-03-02 15:47:49 +0100 | [diff] [blame] | 1251 | ssh_channel_free(session->ti.libssh.channel); |
| 1252 | session->ti.libssh.channel = NULL; |
Michal Vasko | d083db6 | 2016-01-19 10:31:29 +0100 | [diff] [blame] | 1253 | return -1; |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 1254 | } |
| 1255 | |
Michal Vasko | 0190bc3 | 2016-03-02 15:47:49 +0100 | [diff] [blame] | 1256 | return 1; |
Radek Krejci | ac6d347 | 2015-10-22 15:47:18 +0200 | [diff] [blame] | 1257 | } |
| 1258 | |
Michal Vasko | 30e2c87 | 2016-02-18 10:03:21 +0100 | [diff] [blame] | 1259 | static struct nc_session * |
Michal Vasko | 0190bc3 | 2016-03-02 15:47:49 +0100 | [diff] [blame] | 1260 | _nc_connect_libssh(ssh_session ssh_session, struct ly_ctx *ctx, struct nc_client_ssh_opts *opts, int timeout) |
Michal Vasko | 30e2c87 | 2016-02-18 10:03:21 +0100 | [diff] [blame] | 1261 | { |
| 1262 | char *host = NULL, *username = NULL; |
| 1263 | unsigned short port = 0; |
| 1264 | int sock; |
| 1265 | struct passwd *pw; |
| 1266 | struct nc_session *session = NULL; |
| 1267 | |
| 1268 | if (!ssh_session) { |
Michal Vasko | 45e53ae | 2016-04-07 11:46:03 +0200 | [diff] [blame] | 1269 | ERRARG("ssh_session"); |
Michal Vasko | 30e2c87 | 2016-02-18 10:03:21 +0100 | [diff] [blame] | 1270 | return NULL; |
| 1271 | } |
| 1272 | |
| 1273 | /* prepare session structure */ |
| 1274 | session = calloc(1, sizeof *session); |
| 1275 | if (!session) { |
| 1276 | ERRMEM; |
| 1277 | return NULL; |
| 1278 | } |
| 1279 | session->status = NC_STATUS_STARTING; |
| 1280 | session->side = NC_CLIENT; |
| 1281 | |
| 1282 | /* transport lock */ |
| 1283 | session->ti_lock = malloc(sizeof *session->ti_lock); |
| 1284 | if (!session->ti_lock) { |
| 1285 | ERRMEM; |
| 1286 | goto fail; |
| 1287 | } |
| 1288 | pthread_mutex_init(session->ti_lock, NULL); |
| 1289 | |
| 1290 | session->ti_type = NC_TI_LIBSSH; |
| 1291 | session->ti.libssh.session = ssh_session; |
| 1292 | |
| 1293 | /* was port set? */ |
| 1294 | ssh_options_get_port(ssh_session, (unsigned int *)&port); |
| 1295 | |
| 1296 | if (ssh_options_get(ssh_session, SSH_OPTIONS_HOST, &host) != SSH_OK) { |
| 1297 | /* |
| 1298 | * There is no file descriptor (detected based on the host, there is no way to check |
| 1299 | * the SSH_OPTIONS_FD directly :/), we need to create it. (TCP/IP layer) |
| 1300 | */ |
| 1301 | |
| 1302 | /* remember host */ |
| 1303 | host = strdup("localhost"); |
Michal Vasko | 4eb3c31 | 2016-03-01 14:09:37 +0100 | [diff] [blame] | 1304 | if (!host) { |
| 1305 | ERRMEM; |
| 1306 | goto fail; |
| 1307 | } |
Michal Vasko | 30e2c87 | 2016-02-18 10:03:21 +0100 | [diff] [blame] | 1308 | ssh_options_set(session->ti.libssh.session, SSH_OPTIONS_HOST, host); |
| 1309 | |
| 1310 | /* create and connect socket */ |
| 1311 | sock = nc_sock_connect(host, port); |
| 1312 | if (sock == -1) { |
| 1313 | goto fail; |
| 1314 | } |
| 1315 | ssh_options_set(session->ti.libssh.session, SSH_OPTIONS_FD, &sock); |
Michal Vasko | 0190bc3 | 2016-03-02 15:47:49 +0100 | [diff] [blame] | 1316 | ssh_set_blocking(session->ti.libssh.session, 0); |
Michal Vasko | 30e2c87 | 2016-02-18 10:03:21 +0100 | [diff] [blame] | 1317 | } |
| 1318 | |
| 1319 | /* was username set? */ |
| 1320 | ssh_options_get(ssh_session, SSH_OPTIONS_USER, &username); |
| 1321 | |
| 1322 | if (!ssh_is_connected(ssh_session)) { |
| 1323 | /* |
| 1324 | * We are connected, but not SSH authenticated. (Transport layer) |
| 1325 | */ |
| 1326 | |
| 1327 | /* remember username */ |
| 1328 | if (!username) { |
| 1329 | if (!opts->username) { |
| 1330 | pw = getpwuid(getuid()); |
| 1331 | if (!pw) { |
| 1332 | ERR("Unknown username for the SSH connection (%s).", strerror(errno)); |
| 1333 | goto fail; |
| 1334 | } |
| 1335 | username = strdup(pw->pw_name); |
| 1336 | } else { |
| 1337 | username = strdup(opts->username); |
| 1338 | } |
Michal Vasko | 4eb3c31 | 2016-03-01 14:09:37 +0100 | [diff] [blame] | 1339 | if (!username) { |
| 1340 | ERRMEM; |
| 1341 | goto fail; |
| 1342 | } |
Michal Vasko | 30e2c87 | 2016-02-18 10:03:21 +0100 | [diff] [blame] | 1343 | ssh_options_set(session->ti.libssh.session, SSH_OPTIONS_USER, username); |
| 1344 | } |
| 1345 | |
| 1346 | /* connect and authenticate SSH session */ |
| 1347 | session->host = host; |
| 1348 | session->username = username; |
Michal Vasko | 0190bc3 | 2016-03-02 15:47:49 +0100 | [diff] [blame] | 1349 | if (connect_ssh_session(session, opts, timeout) != 1) { |
Michal Vasko | 30e2c87 | 2016-02-18 10:03:21 +0100 | [diff] [blame] | 1350 | goto fail; |
| 1351 | } |
| 1352 | } |
| 1353 | |
| 1354 | /* |
| 1355 | * Almost done, open a netconf channel. (Transport layer / application layer) |
| 1356 | */ |
Michal Vasko | 0190bc3 | 2016-03-02 15:47:49 +0100 | [diff] [blame] | 1357 | if (open_netconf_channel(session, timeout) != 1) { |
Michal Vasko | 30e2c87 | 2016-02-18 10:03:21 +0100 | [diff] [blame] | 1358 | goto fail; |
| 1359 | } |
| 1360 | |
| 1361 | /* |
| 1362 | * SSH session is established and netconf channel opened, create a NETCONF session. (Application layer) |
| 1363 | */ |
| 1364 | |
| 1365 | /* assign context (dicionary needed for handshake) */ |
| 1366 | if (!ctx) { |
| 1367 | if (client_opts.schema_searchpath) { |
| 1368 | ctx = ly_ctx_new(client_opts.schema_searchpath); |
| 1369 | } else { |
| 1370 | ctx = ly_ctx_new(SCHEMAS_DIR); |
| 1371 | } |
Michal Vasko | e035b8e | 2016-03-11 10:10:03 +0100 | [diff] [blame] | 1372 | /* definitely should not happen, but be ready */ |
| 1373 | if (!ctx && !(ctx = ly_ctx_new(NULL))) { |
| 1374 | /* that's just it */ |
| 1375 | goto fail; |
| 1376 | } |
Michal Vasko | 30e2c87 | 2016-02-18 10:03:21 +0100 | [diff] [blame] | 1377 | } else { |
| 1378 | session->flags |= NC_SESSION_SHAREDCTX; |
| 1379 | } |
| 1380 | session->ctx = ctx; |
| 1381 | |
| 1382 | /* NETCONF handshake */ |
| 1383 | if (nc_handshake(session)) { |
| 1384 | goto fail; |
| 1385 | } |
| 1386 | session->status = NC_STATUS_RUNNING; |
| 1387 | |
| 1388 | if (nc_ctx_check_and_fill(session) == -1) { |
| 1389 | goto fail; |
| 1390 | } |
| 1391 | |
| 1392 | /* store information into the dictionary */ |
| 1393 | if (host) { |
| 1394 | session->host = lydict_insert_zc(ctx, host); |
| 1395 | } |
| 1396 | if (port) { |
| 1397 | session->port = port; |
| 1398 | } |
| 1399 | if (username) { |
| 1400 | session->username = lydict_insert_zc(ctx, username); |
| 1401 | } |
| 1402 | |
| 1403 | return session; |
| 1404 | |
| 1405 | fail: |
Michal Vasko | e1a64ec | 2016-03-01 12:21:58 +0100 | [diff] [blame] | 1406 | nc_session_free(session, NULL); |
Michal Vasko | 30e2c87 | 2016-02-18 10:03:21 +0100 | [diff] [blame] | 1407 | return NULL; |
| 1408 | } |
| 1409 | |
Radek Krejci | ac6d347 | 2015-10-22 15:47:18 +0200 | [diff] [blame] | 1410 | API struct nc_session * |
Michal Vasko | 3031aae | 2016-01-27 16:07:18 +0100 | [diff] [blame] | 1411 | nc_connect_ssh(const char *host, uint16_t port, struct ly_ctx *ctx) |
Radek Krejci | ac6d347 | 2015-10-22 15:47:18 +0200 | [diff] [blame] | 1412 | { |
Michal Vasko | 1f0563a | 2016-03-31 08:38:44 +0200 | [diff] [blame] | 1413 | const long timeout = NC_SSH_TIMEOUT; |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 1414 | int sock; |
Michal Vasko | 55fded6 | 2016-02-02 12:19:34 +0100 | [diff] [blame] | 1415 | uint32_t port_uint; |
Michal Vasko | 3031aae | 2016-01-27 16:07:18 +0100 | [diff] [blame] | 1416 | char *username; |
Radek Krejci | ac6d347 | 2015-10-22 15:47:18 +0200 | [diff] [blame] | 1417 | struct passwd *pw; |
| 1418 | struct nc_session *session = NULL; |
| 1419 | |
| 1420 | /* process parameters */ |
| 1421 | if (!host || strisempty(host)) { |
| 1422 | host = "localhost"; |
| 1423 | } |
| 1424 | |
| 1425 | if (!port) { |
| 1426 | port = NC_PORT_SSH; |
| 1427 | } |
Michal Vasko | 55fded6 | 2016-02-02 12:19:34 +0100 | [diff] [blame] | 1428 | port_uint = port; |
Radek Krejci | ac6d347 | 2015-10-22 15:47:18 +0200 | [diff] [blame] | 1429 | |
Michal Vasko | 3031aae | 2016-01-27 16:07:18 +0100 | [diff] [blame] | 1430 | if (!ssh_opts.username) { |
Radek Krejci | ac6d347 | 2015-10-22 15:47:18 +0200 | [diff] [blame] | 1431 | pw = getpwuid(getuid()); |
| 1432 | if (!pw) { |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 1433 | ERR("Unknown username for the SSH connection (%s).", strerror(errno)); |
| 1434 | return NULL; |
Radek Krejci | ac6d347 | 2015-10-22 15:47:18 +0200 | [diff] [blame] | 1435 | } else { |
| 1436 | username = pw->pw_name; |
| 1437 | } |
Michal Vasko | 3031aae | 2016-01-27 16:07:18 +0100 | [diff] [blame] | 1438 | } else { |
| 1439 | username = ssh_opts.username; |
Radek Krejci | ac6d347 | 2015-10-22 15:47:18 +0200 | [diff] [blame] | 1440 | } |
| 1441 | |
| 1442 | /* prepare session structure */ |
Michal Vasko | 9e2d3a3 | 2015-11-10 13:09:18 +0100 | [diff] [blame] | 1443 | session = calloc(1, sizeof *session); |
Radek Krejci | ac6d347 | 2015-10-22 15:47:18 +0200 | [diff] [blame] | 1444 | if (!session) { |
Michal Vasko | 9e2d3a3 | 2015-11-10 13:09:18 +0100 | [diff] [blame] | 1445 | ERRMEM; |
Radek Krejci | ac6d347 | 2015-10-22 15:47:18 +0200 | [diff] [blame] | 1446 | return NULL; |
| 1447 | } |
Michal Vasko | 9e2d3a3 | 2015-11-10 13:09:18 +0100 | [diff] [blame] | 1448 | session->status = NC_STATUS_STARTING; |
| 1449 | session->side = NC_CLIENT; |
Radek Krejci | ac6d347 | 2015-10-22 15:47:18 +0200 | [diff] [blame] | 1450 | |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 1451 | /* transport lock */ |
| 1452 | session->ti_lock = malloc(sizeof *session->ti_lock); |
| 1453 | if (!session->ti_lock) { |
| 1454 | ERRMEM; |
| 1455 | goto fail; |
| 1456 | } |
| 1457 | pthread_mutex_init(session->ti_lock, NULL); |
| 1458 | |
| 1459 | /* other transport-specific data */ |
Michal Vasko | 9e2d3a3 | 2015-11-10 13:09:18 +0100 | [diff] [blame] | 1460 | session->ti_type = NC_TI_LIBSSH; |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 1461 | session->ti.libssh.session = ssh_new(); |
| 1462 | if (!session->ti.libssh.session) { |
| 1463 | ERR("Unable to initialize SSH session."); |
| 1464 | goto fail; |
| 1465 | } |
Radek Krejci | ac6d347 | 2015-10-22 15:47:18 +0200 | [diff] [blame] | 1466 | |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 1467 | /* set some basic SSH session options */ |
Michal Vasko | 9e2d3a3 | 2015-11-10 13:09:18 +0100 | [diff] [blame] | 1468 | ssh_options_set(session->ti.libssh.session, SSH_OPTIONS_HOST, host); |
Michal Vasko | 55fded6 | 2016-02-02 12:19:34 +0100 | [diff] [blame] | 1469 | ssh_options_set(session->ti.libssh.session, SSH_OPTIONS_PORT, &port_uint); |
Michal Vasko | 9e2d3a3 | 2015-11-10 13:09:18 +0100 | [diff] [blame] | 1470 | ssh_options_set(session->ti.libssh.session, SSH_OPTIONS_USER, username); |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 1471 | ssh_options_set(session->ti.libssh.session, SSH_OPTIONS_TIMEOUT, &timeout); |
Michal Vasko | 086311b | 2016-01-08 09:53:11 +0100 | [diff] [blame] | 1472 | if (ssh_options_set(session->ti.libssh.session, SSH_OPTIONS_HOSTKEYS, |
| 1473 | "ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384," |
| 1474 | "ecdsa-sha2-nistp256,ssh-rsa,ssh-dss,ssh-rsa1")) { |
| 1475 | /* ecdsa is probably not supported... */ |
| 1476 | ssh_options_set(session->ti.libssh.session, SSH_OPTIONS_HOSTKEYS, "ssh-ed25519,ssh-rsa,ssh-dss,ssh-rsa1"); |
| 1477 | } |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 1478 | |
| 1479 | /* create and assign communication socket */ |
Michal Vasko | f05562c | 2016-01-20 12:06:43 +0100 | [diff] [blame] | 1480 | sock = nc_sock_connect(host, port); |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 1481 | if (sock == -1) { |
| 1482 | goto fail; |
| 1483 | } |
| 1484 | ssh_options_set(session->ti.libssh.session, SSH_OPTIONS_FD, &sock); |
Michal Vasko | 0190bc3 | 2016-03-02 15:47:49 +0100 | [diff] [blame] | 1485 | ssh_set_blocking(session->ti.libssh.session, 0); |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 1486 | |
Michal Vasko | 9e2d3a3 | 2015-11-10 13:09:18 +0100 | [diff] [blame] | 1487 | /* temporarily, for session connection */ |
| 1488 | session->host = host; |
| 1489 | session->username = username; |
Michal Vasko | 0190bc3 | 2016-03-02 15:47:49 +0100 | [diff] [blame] | 1490 | if ((connect_ssh_session(session, &ssh_opts, NC_TRANSPORT_TIMEOUT) != 1) |
| 1491 | || (open_netconf_channel(session, NC_TRANSPORT_TIMEOUT) != 1)) { |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 1492 | goto fail; |
Radek Krejci | ac6d347 | 2015-10-22 15:47:18 +0200 | [diff] [blame] | 1493 | } |
| 1494 | |
Michal Vasko | 9e2d3a3 | 2015-11-10 13:09:18 +0100 | [diff] [blame] | 1495 | /* assign context (dicionary needed for handshake) */ |
| 1496 | if (!ctx) { |
Michal Vasko | daf9a09 | 2016-02-09 10:42:05 +0100 | [diff] [blame] | 1497 | if (client_opts.schema_searchpath) { |
| 1498 | ctx = ly_ctx_new(client_opts.schema_searchpath); |
| 1499 | } else { |
| 1500 | ctx = ly_ctx_new(SCHEMAS_DIR); |
| 1501 | } |
Michal Vasko | e035b8e | 2016-03-11 10:10:03 +0100 | [diff] [blame] | 1502 | /* definitely should not happen, but be ready */ |
| 1503 | if (!ctx && !(ctx = ly_ctx_new(NULL))) { |
| 1504 | /* that's just it */ |
| 1505 | goto fail; |
| 1506 | } |
Michal Vasko | 9e2d3a3 | 2015-11-10 13:09:18 +0100 | [diff] [blame] | 1507 | } else { |
| 1508 | session->flags |= NC_SESSION_SHAREDCTX; |
| 1509 | } |
| 1510 | session->ctx = ctx; |
| 1511 | |
Radek Krejci | ac6d347 | 2015-10-22 15:47:18 +0200 | [diff] [blame] | 1512 | /* NETCONF handshake */ |
Michal Vasko | 9e2d3a3 | 2015-11-10 13:09:18 +0100 | [diff] [blame] | 1513 | if (nc_handshake(session)) { |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 1514 | goto fail; |
Radek Krejci | ac6d347 | 2015-10-22 15:47:18 +0200 | [diff] [blame] | 1515 | } |
Michal Vasko | ad61170 | 2015-12-03 13:41:51 +0100 | [diff] [blame] | 1516 | session->status = NC_STATUS_RUNNING; |
Radek Krejci | ac6d347 | 2015-10-22 15:47:18 +0200 | [diff] [blame] | 1517 | |
Michal Vasko | ef57833 | 2016-01-25 13:20:09 +0100 | [diff] [blame] | 1518 | if (nc_ctx_check_and_fill(session) == -1) { |
Michal Vasko | 57eb940 | 2015-12-08 14:38:12 +0100 | [diff] [blame] | 1519 | goto fail; |
Michal Vasko | 9e2d3a3 | 2015-11-10 13:09:18 +0100 | [diff] [blame] | 1520 | } |
| 1521 | |
| 1522 | /* store information into the dictionary */ |
| 1523 | session->host = lydict_insert(ctx, host, 0); |
| 1524 | session->port = port; |
| 1525 | session->username = lydict_insert(ctx, username, 0); |
| 1526 | |
Radek Krejci | ac6d347 | 2015-10-22 15:47:18 +0200 | [diff] [blame] | 1527 | return session; |
| 1528 | |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 1529 | fail: |
Michal Vasko | e1a64ec | 2016-03-01 12:21:58 +0100 | [diff] [blame] | 1530 | nc_session_free(session, NULL); |
Radek Krejci | ac6d347 | 2015-10-22 15:47:18 +0200 | [diff] [blame] | 1531 | return NULL; |
| 1532 | } |
| 1533 | |
| 1534 | API struct nc_session * |
| 1535 | nc_connect_libssh(ssh_session ssh_session, struct ly_ctx *ctx) |
| 1536 | { |
Michal Vasko | 0190bc3 | 2016-03-02 15:47:49 +0100 | [diff] [blame] | 1537 | return _nc_connect_libssh(ssh_session, ctx, &ssh_opts, NC_TRANSPORT_TIMEOUT); |
Radek Krejci | ac6d347 | 2015-10-22 15:47:18 +0200 | [diff] [blame] | 1538 | } |
| 1539 | |
| 1540 | API struct nc_session * |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 1541 | nc_connect_ssh_channel(struct nc_session *session, struct ly_ctx *ctx) |
Radek Krejci | ac6d347 | 2015-10-22 15:47:18 +0200 | [diff] [blame] | 1542 | { |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 1543 | struct nc_session *new_session, *ptr; |
Radek Krejci | ac6d347 | 2015-10-22 15:47:18 +0200 | [diff] [blame] | 1544 | |
Michal Vasko | b7c4ff3 | 2016-01-21 15:35:54 +0100 | [diff] [blame] | 1545 | if (!session) { |
Michal Vasko | 45e53ae | 2016-04-07 11:46:03 +0200 | [diff] [blame] | 1546 | ERRARG("session"); |
Michal Vasko | b7c4ff3 | 2016-01-21 15:35:54 +0100 | [diff] [blame] | 1547 | return NULL; |
| 1548 | } |
| 1549 | |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 1550 | /* prepare session structure */ |
Michal Vasko | 9e2d3a3 | 2015-11-10 13:09:18 +0100 | [diff] [blame] | 1551 | new_session = calloc(1, sizeof *new_session); |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 1552 | if (!new_session) { |
Michal Vasko | 9e2d3a3 | 2015-11-10 13:09:18 +0100 | [diff] [blame] | 1553 | ERRMEM; |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 1554 | return NULL; |
| 1555 | } |
Michal Vasko | 9e2d3a3 | 2015-11-10 13:09:18 +0100 | [diff] [blame] | 1556 | new_session->status = NC_STATUS_STARTING; |
| 1557 | new_session->side = NC_CLIENT; |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 1558 | |
| 1559 | /* share some parameters including the session lock */ |
| 1560 | new_session->ti_type = NC_TI_LIBSSH; |
| 1561 | new_session->ti_lock = session->ti_lock; |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 1562 | new_session->ti.libssh.session = session->ti.libssh.session; |
| 1563 | |
| 1564 | /* create the channel safely */ |
| 1565 | pthread_mutex_lock(new_session->ti_lock); |
| 1566 | |
| 1567 | /* open a channel */ |
Michal Vasko | 0190bc3 | 2016-03-02 15:47:49 +0100 | [diff] [blame] | 1568 | if (open_netconf_channel(new_session, NC_TRANSPORT_TIMEOUT) != 1) { |
Michal Vasko | 9e2d3a3 | 2015-11-10 13:09:18 +0100 | [diff] [blame] | 1569 | goto fail; |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 1570 | } |
Michal Vasko | 9e2d3a3 | 2015-11-10 13:09:18 +0100 | [diff] [blame] | 1571 | |
| 1572 | /* assign context (dicionary needed for handshake) */ |
| 1573 | if (!ctx) { |
Michal Vasko | daf9a09 | 2016-02-09 10:42:05 +0100 | [diff] [blame] | 1574 | if (client_opts.schema_searchpath) { |
| 1575 | ctx = ly_ctx_new(client_opts.schema_searchpath); |
| 1576 | } else { |
| 1577 | ctx = ly_ctx_new(SCHEMAS_DIR); |
| 1578 | } |
Michal Vasko | 9e2d3a3 | 2015-11-10 13:09:18 +0100 | [diff] [blame] | 1579 | } else { |
Michal Vasko | 56b5bf7 | 2016-01-19 11:20:35 +0100 | [diff] [blame] | 1580 | new_session->flags |= NC_SESSION_SHAREDCTX; |
Michal Vasko | 9e2d3a3 | 2015-11-10 13:09:18 +0100 | [diff] [blame] | 1581 | } |
Michal Vasko | 56b5bf7 | 2016-01-19 11:20:35 +0100 | [diff] [blame] | 1582 | new_session->ctx = ctx; |
Michal Vasko | 9e2d3a3 | 2015-11-10 13:09:18 +0100 | [diff] [blame] | 1583 | |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 1584 | /* NETCONF handshake */ |
Michal Vasko | 9e2d3a3 | 2015-11-10 13:09:18 +0100 | [diff] [blame] | 1585 | if (nc_handshake(new_session)) { |
| 1586 | goto fail; |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 1587 | } |
Michal Vasko | ad61170 | 2015-12-03 13:41:51 +0100 | [diff] [blame] | 1588 | new_session->status = NC_STATUS_RUNNING; |
Michal Vasko | 9e2d3a3 | 2015-11-10 13:09:18 +0100 | [diff] [blame] | 1589 | |
Michal Vasko | 56b5bf7 | 2016-01-19 11:20:35 +0100 | [diff] [blame] | 1590 | pthread_mutex_unlock(new_session->ti_lock); |
| 1591 | |
Michal Vasko | ef57833 | 2016-01-25 13:20:09 +0100 | [diff] [blame] | 1592 | if (nc_ctx_check_and_fill(new_session) == -1) { |
Michal Vasko | 57eb940 | 2015-12-08 14:38:12 +0100 | [diff] [blame] | 1593 | goto fail; |
Michal Vasko | 9e2d3a3 | 2015-11-10 13:09:18 +0100 | [diff] [blame] | 1594 | } |
| 1595 | |
| 1596 | /* store information into session and the dictionary */ |
Michal Vasko | 56b5bf7 | 2016-01-19 11:20:35 +0100 | [diff] [blame] | 1597 | new_session->host = lydict_insert(ctx, session->host, 0); |
| 1598 | new_session->port = session->port; |
| 1599 | new_session->username = lydict_insert(ctx, session->username, 0); |
Michal Vasko | 7b62fed | 2015-10-26 15:39:46 +0100 | [diff] [blame] | 1600 | |
| 1601 | /* append to the session ring list */ |
| 1602 | if (!session->ti.libssh.next) { |
| 1603 | session->ti.libssh.next = new_session; |
| 1604 | new_session->ti.libssh.next = session; |
| 1605 | } else { |
| 1606 | ptr = session->ti.libssh.next; |
| 1607 | session->ti.libssh.next = new_session; |
| 1608 | new_session->ti.libssh.next = ptr; |
| 1609 | } |
| 1610 | |
| 1611 | return new_session; |
Michal Vasko | 9e2d3a3 | 2015-11-10 13:09:18 +0100 | [diff] [blame] | 1612 | |
| 1613 | fail: |
Michal Vasko | e1a64ec | 2016-03-01 12:21:58 +0100 | [diff] [blame] | 1614 | nc_session_free(new_session, NULL); |
Michal Vasko | 9e2d3a3 | 2015-11-10 13:09:18 +0100 | [diff] [blame] | 1615 | return NULL; |
Radek Krejci | ac6d347 | 2015-10-22 15:47:18 +0200 | [diff] [blame] | 1616 | } |
Michal Vasko | 80cad7f | 2015-12-08 14:42:27 +0100 | [diff] [blame] | 1617 | |
Michal Vasko | 3031aae | 2016-01-27 16:07:18 +0100 | [diff] [blame] | 1618 | struct nc_session * |
Michal Vasko | 0190bc3 | 2016-03-02 15:47:49 +0100 | [diff] [blame] | 1619 | nc_accept_callhome_ssh_sock(int sock, const char *host, uint16_t port, struct ly_ctx *ctx, int timeout) |
Michal Vasko | 80cad7f | 2015-12-08 14:42:27 +0100 | [diff] [blame] | 1620 | { |
Michal Vasko | 1f0563a | 2016-03-31 08:38:44 +0200 | [diff] [blame] | 1621 | const long ssh_timeout = NC_SSH_TIMEOUT; |
Michal Vasko | 3031aae | 2016-01-27 16:07:18 +0100 | [diff] [blame] | 1622 | struct passwd *pw; |
Michal Vasko | 30e2c87 | 2016-02-18 10:03:21 +0100 | [diff] [blame] | 1623 | struct nc_session *session; |
Michal Vasko | 80cad7f | 2015-12-08 14:42:27 +0100 | [diff] [blame] | 1624 | ssh_session sess; |
| 1625 | |
Michal Vasko | 80cad7f | 2015-12-08 14:42:27 +0100 | [diff] [blame] | 1626 | sess = ssh_new(); |
| 1627 | if (!sess) { |
| 1628 | ERR("Unable to initialize an SSH session."); |
| 1629 | close(sock); |
| 1630 | return NULL; |
| 1631 | } |
| 1632 | |
| 1633 | ssh_options_set(sess, SSH_OPTIONS_FD, &sock); |
Michal Vasko | 0190bc3 | 2016-03-02 15:47:49 +0100 | [diff] [blame] | 1634 | ssh_set_blocking(sess, 0); |
Michal Vasko | 3031aae | 2016-01-27 16:07:18 +0100 | [diff] [blame] | 1635 | ssh_options_set(sess, SSH_OPTIONS_HOST, host); |
Michal Vasko | 80cad7f | 2015-12-08 14:42:27 +0100 | [diff] [blame] | 1636 | ssh_options_set(sess, SSH_OPTIONS_PORT, &port); |
| 1637 | ssh_options_set(sess, SSH_OPTIONS_TIMEOUT, &ssh_timeout); |
Michal Vasko | 3031aae | 2016-01-27 16:07:18 +0100 | [diff] [blame] | 1638 | if (!ssh_ch_opts.username) { |
| 1639 | pw = getpwuid(getuid()); |
| 1640 | if (!pw) { |
| 1641 | ERR("Unknown username for the SSH connection (%s).", strerror(errno)); |
| 1642 | return NULL; |
| 1643 | } |
| 1644 | ssh_options_set(sess, SSH_OPTIONS_USER, pw->pw_name); |
| 1645 | } else { |
| 1646 | ssh_options_set(sess, SSH_OPTIONS_USER, ssh_ch_opts.username); |
Michal Vasko | 80cad7f | 2015-12-08 14:42:27 +0100 | [diff] [blame] | 1647 | } |
Michal Vasko | 086311b | 2016-01-08 09:53:11 +0100 | [diff] [blame] | 1648 | if (ssh_options_set(sess, SSH_OPTIONS_HOSTKEYS, |
| 1649 | "ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384," |
| 1650 | "ecdsa-sha2-nistp256,ssh-rsa,ssh-dss,ssh-rsa1")) { |
| 1651 | /* ecdsa is probably not supported... */ |
| 1652 | ssh_options_set(sess, SSH_OPTIONS_HOSTKEYS, "ssh-ed25519,ssh-rsa,ssh-dss,ssh-rsa1"); |
| 1653 | } |
Michal Vasko | 80cad7f | 2015-12-08 14:42:27 +0100 | [diff] [blame] | 1654 | |
Michal Vasko | 0190bc3 | 2016-03-02 15:47:49 +0100 | [diff] [blame] | 1655 | session = _nc_connect_libssh(sess, ctx, &ssh_ch_opts, timeout); |
Michal Vasko | 4282fae | 2016-02-18 10:03:42 +0100 | [diff] [blame] | 1656 | if (session) { |
| 1657 | session->flags |= NC_SESSION_CALLHOME; |
| 1658 | } |
| 1659 | |
Michal Vasko | 30e2c87 | 2016-02-18 10:03:21 +0100 | [diff] [blame] | 1660 | return session; |
Michal Vasko | 80cad7f | 2015-12-08 14:42:27 +0100 | [diff] [blame] | 1661 | } |