本文整理汇总了C++中buffer_ptr函数的典型用法代码示例。如果您正苦于以下问题:C++ buffer_ptr函数的具体用法?C++ buffer_ptr怎么用?C++ buffer_ptr使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了buffer_ptr函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: do_authloop
//.........这里部分代码省略.........
/*
* If we started challenge-response authentication but the
* next packet is not a response to our challenge, release
* the resources allocated by get_challenge() (which would
* normally have been released by verify_response() had we
* received such a response)
*/
if (prev == SSH_CMSG_AUTH_TIS &&
type != SSH_CMSG_AUTH_TIS_RESPONSE)
abandon_challenge_response(authctxt);
if (authctxt->failures >= options.max_authtries)
goto skip;
if ((meth = lookup_authmethod1(type)) == NULL) {
logit("Unknown message during authentication: "
"type %d", type);
goto skip;
}
if (!*(meth->enabled)) {
verbose("%s authentication disabled.", meth->name);
goto skip;
}
authenticated = meth->method(authctxt);
if (authenticated == -1)
continue; /* "postponed" */
#ifdef BSD_AUTH
if (authctxt->as) {
auth_close(authctxt->as);
authctxt->as = NULL;
}
#endif
if (!authctxt->valid && authenticated)
fatal("INTERNAL ERROR: authenticated invalid user %s",
authctxt->user);
#ifdef _UNICOS
if (authenticated && cray_access_denied(authctxt->user)) {
authenticated = 0;
fatal("Access denied for user %s.",authctxt->user);
}
#endif /* _UNICOS */
#ifndef HAVE_CYGWIN
/* Special handling for root */
if (authenticated && authctxt->pw->pw_uid == 0 &&
!auth_root_allowed(meth->name)) {
authenticated = 0;
# ifdef SSH_AUDIT_EVENTS
PRIVSEP(audit_event(SSH_LOGIN_ROOT_DENIED));
# endif
}
#endif
#ifdef USE_PAM
if (options.use_pam && authenticated &&
!PRIVSEP(do_pam_account())) {
char *msg;
size_t len;
BLACKLIST_NOTIFY(BLACKLIST_AUTH_FAIL);
error("Access denied for user %s by PAM account "
"configuration", authctxt->user);
len = buffer_len(&loginmsg);
buffer_append(&loginmsg, "\0", 1);
msg = buffer_ptr(&loginmsg);
/* strip trailing newlines */
if (len > 0)
while (len > 0 && msg[--len] == '\n')
msg[len] = '\0';
else
msg = "Access denied.";
packet_disconnect("%s", msg);
}
#endif
skip:
/* Log before sending the reply */
auth_log(authctxt, authenticated, 0, get_authname(type), NULL);
free(client_user);
client_user = NULL;
if (authenticated)
return;
if (++authctxt->failures >= options.max_authtries) {
#ifdef SSH_AUDIT_EVENTS
PRIVSEP(audit_event(SSH_LOGIN_EXCEED_MAXTRIES));
#endif
auth_maxtries_exceeded(authctxt);
}
packet_start(SSH_SMSG_FAILURE);
packet_send();
packet_write_wait();
}
}示例2: privsep_postauth
static void
privsep_postauth(Authctxt *authctxt)
{
#ifdef DISABLE_FD_PASSING
if (1) {
#else
if (authctxt->pw->pw_uid == 0 || options.use_login) {
#endif
/* File descriptor passing is broken or root login */
monitor_apply_keystate(pmonitor);
use_privsep = 0;
return;
}
/* Authentication complete */
alarm(0);
if (startup_pipe != -1) {
close(startup_pipe);
startup_pipe = -1;
}
/* New socket pair */
monitor_reinit(pmonitor);
pmonitor->m_pid = fork();
if (pmonitor->m_pid == -1)
fatal("fork of unprivileged child failed");
else if (pmonitor->m_pid != 0) {
debug2("User child is on pid %ld", (long)pmonitor->m_pid);
close(pmonitor->m_recvfd);
buffer_clear(&loginmsg);
monitor_child_postauth(pmonitor);
/* NEVERREACHED */
exit(0);
}
close(pmonitor->m_sendfd);
/* Demote the private keys to public keys. */
demote_sensitive_data();
/* Drop privileges */
do_setusercontext(authctxt->pw);
/* It is safe now to apply the key state */
monitor_apply_keystate(pmonitor);
}
static char *
list_hostkey_types(void)
{
Buffer b;
const char *p;
char *ret;
int i;
buffer_init(&b);
for (i = 0; i < options.num_host_key_files; i++) {
Key *key = sensitive_data.host_keys[i];
if (key == NULL)
continue;
switch (key->type) {
case KEY_RSA:
case KEY_DSA:
if (buffer_len(&b) > 0)
buffer_append(&b, ",", 1);
p = key_ssh_name(key);
buffer_append(&b, p, strlen(p));
break;
}
}
buffer_append(&b, "\0", 1);
ret = xstrdup(buffer_ptr(&b));
buffer_free(&b);
debug("list_hostkey_types: %s", ret);
return ret;
}示例3: userauth_pubkey
static int
userauth_pubkey(Authctxt *authctxt)
{
Buffer b;
Key *key = NULL;
char *pkalg;
u_char *pkblob, *sig;
u_int alen, blen, slen;
int have_sig, pktype;
int authenticated = 0;
if (!authctxt->valid) {
debug2("userauth_pubkey: disabled because of invalid user");
return 0;
}
have_sig = packet_get_char();
if (datafellows & SSH_BUG_PKAUTH) {
debug2("userauth_pubkey: SSH_BUG_PKAUTH");
/* no explicit pkalg given */
pkblob = packet_get_string(&blen);
buffer_init(&b);
buffer_append(&b, pkblob, blen);
/* so we have to extract the pkalg from the pkblob */
pkalg = buffer_get_string(&b, &alen);
buffer_free(&b);
} else {
pkalg = packet_get_string(&alen);
pkblob = packet_get_string(&blen);
}
pktype = key_type_from_name(pkalg);
if (pktype == KEY_UNSPEC) {
/* this is perfectly legal */
logit("userauth_pubkey: unsupported public key algorithm: %s",
pkalg);
goto done;
}
key = key_from_blob(pkblob, blen);
if (key == NULL) {
error("userauth_pubkey: cannot decode key: %s", pkalg);
goto done;
}
if (key->type != pktype) {
error("userauth_pubkey: type mismatch for decoded key "
"(received %d, expected %d)", key->type, pktype);
goto done;
}
if (have_sig) {
sig = packet_get_string(&slen);
packet_check_eom();
buffer_init(&b);
if (datafellows & SSH_OLD_SESSIONID) {
buffer_append(&b, session_id2, session_id2_len);
} else {
buffer_put_string(&b, session_id2, session_id2_len);
}
/* reconstruct packet */
buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
buffer_put_cstring(&b, authctxt->user);
buffer_put_cstring(&b,
datafellows & SSH_BUG_PKSERVICE ?
"ssh-userauth" :
authctxt->service);
if (datafellows & SSH_BUG_PKAUTH) {
buffer_put_char(&b, have_sig);
} else {
buffer_put_cstring(&b, "publickey");
buffer_put_char(&b, have_sig);
buffer_put_cstring(&b, pkalg);
}
buffer_put_string(&b, pkblob, blen);
#ifdef DEBUG_PK
buffer_dump(&b);
#endif
/* test for correct signature */
authenticated = 0;
if (PRIVSEP(user_key_allowed(authctxt->pw, key)) &&
PRIVSEP(key_verify(key, sig, slen, buffer_ptr(&b),
buffer_len(&b))) == 1)
authenticated = 1;
buffer_free(&b);
xfree(sig);
} else {
debug("test whether pkalg/pkblob are acceptable");
packet_check_eom();
/* XXX fake reply and always send PK_OK ? */
/*
* XXX this allows testing whether a user is allowed
* to login: if you happen to have a valid pubkey this
* message is sent. the message is NEVER sent at all
* if a user is not allowed to login. is this an
* issue? -markus
*/
if (PRIVSEP(user_key_allowed(authctxt->pw, key))) {
packet_start(SSH2_MSG_USERAUTH_PK_OK);
packet_put_string(pkalg, alen);
packet_put_string(pkblob, blen);
packet_send();
packet_write_wait();
authctxt->postponed = 1;
//.........这里部分代码省略.........
示例4: userauth_finish
void
userauth_finish(Authctxt *authctxt, int authenticated, const char *method,
const char *submethod)
{
char *methods;
int partial = 0;
if (!authctxt->valid && authenticated)
fatal("INTERNAL ERROR: authenticated invalid user %s",
authctxt->user);
if (authenticated && authctxt->postponed)
fatal("INTERNAL ERROR: authenticated and postponed");
/* Special handling for root */
if (authenticated && authctxt->pw->pw_uid == 0 &&
!auth_root_allowed(method)) {
authenticated = 0;
#ifdef SSH_AUDIT_EVENTS
PRIVSEP(audit_event(SSH_LOGIN_ROOT_DENIED));
#endif
}
if (authenticated && options.num_auth_methods != 0) {
if (!auth2_update_methods_lists(authctxt, method, submethod)) {
authenticated = 0;
partial = 1;
}
}
/* Log before sending the reply */
auth_log(authctxt, authenticated, partial, method, submethod);
if (authctxt->postponed)
return;
#ifdef USE_PAM
if (options.use_pam && authenticated) {
if (!PRIVSEP(do_pam_account())) {
/* if PAM returned a message, send it to the user */
if (buffer_len(&loginmsg) > 0) {
buffer_append(&loginmsg, "\0", 1);
userauth_send_banner(buffer_ptr(&loginmsg));
packet_write_wait();
}
fatal("Access denied for user %s by PAM account "
"configuration", authctxt->user);
}
}
#endif
#ifdef _UNICOS
if (authenticated && cray_access_denied(authctxt->user)) {
authenticated = 0;
fatal("Access denied for user %s.", authctxt->user);
}
#endif /* _UNICOS */
if (authenticated == 1) {
/* turn off userauth */
dispatch_set(SSH2_MSG_USERAUTH_REQUEST, &dispatch_protocol_ignore);
packet_start(SSH2_MSG_USERAUTH_SUCCESS);
packet_send();
packet_write_wait();
/* now we can break out */
authctxt->success = 1;
} else {
/* Allow initial try of "none" auth without failure penalty */
if (!authctxt->server_caused_failure &&
(authctxt->attempt > 1 || strcmp(method, "none") != 0))
authctxt->failures++;
if (authctxt->failures >= options.max_authtries) {
#ifdef SSH_AUDIT_EVENTS
PRIVSEP(audit_event(SSH_LOGIN_EXCEED_MAXTRIES));
#endif
packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
}
methods = authmethods_get(authctxt);
debug3("%s: failure partial=%d next methods=\"%s\"", __func__,
partial, methods);
packet_start(SSH2_MSG_USERAUTH_FAILURE);
packet_put_cstring(methods);
packet_put_char(partial);
packet_send();
packet_write_wait();
free(methods);
}
}示例5: filecache_update
void filecache_update(TARGET *t)
{
MD5SUM blobmd5sum;
int haveblobmd5sum = 0;
const char *cachedname;
const char *blobname;
int cacheerror;
if (!t->filecache_generate)
return;
/* If the buildmd5sum is empty, then the file doesn't exist. */
cacheerror = ismd5empty(t->buildmd5sum);
if (cacheerror)
return;
haveblobmd5sum = 0;
cachedname = filecache_getfilename(t, t->buildmd5sum, NULL);
if (!cachedname)
return;
/* Search for the appropriate .link file that matches the target. */
haveblobmd5sum = filecache_findlink(cachedname, blobmd5sum);
/* If we weren't able to determine the target md5sum, do it now. */
if (!haveblobmd5sum)
{
#ifdef OPT_BUILTIN_LUA_SUPPORT_EXT
LIST *md5callback;
pushsettings( t->settings );
md5callback = var_get( "MD5CALLBACK" );
popsettings( t->settings );
if ( list_first(md5callback) )
{
luahelper_md5callback(t->boundname, blobmd5sum, list_value(list_first(md5callback)));
}
else
{
#endif
md5file(t->boundname, blobmd5sum);
#ifdef OPT_BUILTIN_LUA_SUPPORT_EXT
}
#endif
memcpy(t->contentmd5sum, blobmd5sum, sizeof(MD5SUM));
if (ismd5empty(t->contentmd5sum))
return;
}
{
/* Is the blob already there? */
time_t blobtime;
blobname = filecache_getfilename(t, blobmd5sum, ".blob");
if (file_time(blobname, &blobtime) == -1)
{
time_t blobpartialtime;
const char *blobpartialname;
if(DEBUG_MD5HASH)
printf("Caching %s as %s\n", t->name, cachedname);
else
printf("Caching %s\n", t->name);
/* Write the new .blob to the cache. */
blobpartialname = filecache_getfilename(t, blobmd5sum, ".blob.partial");
if (file_time(blobpartialname, &blobpartialtime) == -1)
{
if (copyfile(blobpartialname, t->boundname, &blobmd5sum) == 0 ||
rename(blobpartialname, blobname) != 0)
{
printf("** Unable to write %s to cache.\n", t->name);
filecache_disable(t);
return;
}
}
}
}
/* Write the new .link file to the cache. */
{
FILE *file;
BUFFER linknamebuff;
buffer_init(&linknamebuff);
buffer_addstring(&linknamebuff, cachedname, strlen(cachedname));
buffer_addchar(&linknamebuff, '-');
buffer_addstring(&linknamebuff, md5tostring(blobmd5sum), 32);
buffer_addstring(&linknamebuff, ".link", 5);
buffer_addchar(&linknamebuff, 0);
file_mkdir(buffer_ptr(&linknamebuff));
file = fopen(buffer_ptr(&linknamebuff), "wb");
if (file)
{
write_md5sum(file, blobmd5sum);
write_string(file, t->name);
fclose(file);
}
buffer_free(&linknamebuff);
//.........这里部分代码省略.........
示例6: kexdh_server
void
kexdh_server(Kex *kex)
{
BIGNUM *shared_secret = NULL, *dh_client_pub = NULL;
DH *dh;
Key *server_host_key;
u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL;
u_int sbloblen, klen, kout, hashlen;
u_int slen;
/* generate server DH public key */
switch (kex->kex_type) {
case KEX_DH_GRP1_SHA1:
dh = dh_new_group1();
break;
case KEX_DH_GRP14_SHA1:
dh = dh_new_group14();
break;
default:
fatal("%s: Unexpected KEX type %d", __func__, kex->kex_type);
}
dh_gen_key(dh, kex->we_need * 8);
debug("expecting SSH2_MSG_KEXDH_INIT");
packet_read_expect(SSH2_MSG_KEXDH_INIT);
if (kex->load_host_key == NULL)
fatal("Cannot load hostkey");
server_host_key = kex->load_host_key(kex->hostkey_type);
if (server_host_key == NULL)
fatal("Unsupported hostkey type %d", kex->hostkey_type);
/* key, cert */
if ((dh_client_pub = BN_new()) == NULL)
fatal("dh_client_pub == NULL");
packet_get_bignum2(dh_client_pub);
packet_check_eom();
#ifdef DEBUG_KEXDH
fprintf(stderr, "dh_client_pub= ");
BN_print_fp(stderr, dh_client_pub);
fprintf(stderr, "\n");
debug("bits %d", BN_num_bits(dh_client_pub));
#endif
#ifdef DEBUG_KEXDH
DHparams_print_fp(stderr, dh);
fprintf(stderr, "pub= ");
BN_print_fp(stderr, dh->pub_key);
fprintf(stderr, "\n");
#endif
if (!dh_pub_is_valid(dh, dh_client_pub))
packet_disconnect("bad client public DH value");
klen = DH_size(dh);
kbuf = xmalloc(klen);
kout = DH_compute_key(kbuf, dh_client_pub, dh);
#ifdef DEBUG_KEXDH
dump_digest("shared secret", kbuf, kout);
#endif
if ((shared_secret = BN_new()) == NULL)
fatal("kexdh_server: BN_new failed");
BN_bin2bn(kbuf, kout, shared_secret);
memset(kbuf, 0, klen);
xfree(kbuf);
key_to_blob(server_host_key, &server_host_key_blob, &sbloblen);
/* calc H */
kex_dh_hash(
kex->client_version_string,
kex->server_version_string,
buffer_ptr(&kex->peer), buffer_len(&kex->peer),
buffer_ptr(&kex->my), buffer_len(&kex->my),
server_host_key_blob, sbloblen,
dh_client_pub,
dh->pub_key,
shared_secret,
&hash, &hashlen
);
BN_clear_free(dh_client_pub);
/* save session id := H */
if (kex->session_id == NULL) {
kex->session_id_len = hashlen;
kex->session_id = xmalloc(kex->session_id_len);
memcpy(kex->session_id, hash, kex->session_id_len);
}
/* sign H */
PRIVSEP(key_sign(server_host_key, &signature, &slen, hash, hashlen));
/* destroy_sensitive_data(); */
/* send server hostkey, DH pubkey 'f' and singed H */
packet_start(SSH2_MSG_KEXDH_REPLY);
packet_put_string(server_host_key_blob, sbloblen);
packet_put_bignum2(dh->pub_key); /* f */
packet_put_string(signature, slen);
packet_send();
//.........这里部分代码省略.........
示例7: var_expand
LIST *
var_expand(
LIST *prefix,
const char *in,
const char *end,
LOL *lol,
int cancopyin )
{
BUFFER buff;
const char *inp = in;
int depth;
size_t save_buffer_pos, ov_save_buffer_pos;
int literal = 0;
if( DEBUG_VAREXP )
printf( "expand '%.*s'\n", end - in, in );
/* This gets alot of cases: $(<) and $(>) */
if( end - in == 4 && in[0] == '$' && in[1] == leftParen && in[3] == rightParen )
{
switch( in[2] )
{
case '1':
case '<':
return list_copy( prefix, lol_get( lol, 0 ) );
case '2':
case '>':
return list_copy( prefix, lol_get( lol, 1 ) );
}
}
buffer_init( &buff );
/* Just try simple copy of in to out. */
while( in < end ) {
char ch = *in++;
buffer_addchar( &buff, ch );
if( ch == '$' && *in == leftParen )
goto expand;
#ifdef OPT_EXPAND_LITERALS_EXT
if( ch == '@' && *in == leftParen ) {
literal = 1;
goto expand;
}
if( ch == '@' && in[0] == '$' && in[1] == leftParen ) {
++in;
literal = 1;
goto expand;
}
#endif
}
/* No variables expanded - just add copy of input string to list. */
/* Cancopyin is an optimization: if the input was already a list */
/* item, we can use the copystr() to put it on the new list. */
/* Otherwise, we use the slower newstr(). */
buffer_putchar( &buff, 0 );
if( cancopyin ) {
LIST *new_list = list_append( prefix, inp, 1 );
buffer_free( &buff );
return new_list;
}
else {
LIST *new_list = list_append( prefix, buffer_ptr( &buff ), 0 );
buffer_free( &buff );
return new_list;
}
expand:
/*
* Input so far (ignore blanks):
*
* stuff-in-outbuf $(variable) remainder
* ^ ^
* in end
* Output so far:
*
* stuff-in-outbuf $
* ^ ^
* out_buf out
*
*
* We just copied the $ of $(...), so back up one on the output.
* We now find the matching close paren, copying the variable and
* modifiers between the $( and ) temporarily into out_buf, so that
* we can replace :'s with MAGIC_COLON. This is necessary to avoid
* being confused by modifier values that are variables containing
* :'s. Ugly.
*/
depth = 1;
buffer_deltapos( &buff, -1 );
save_buffer_pos = buffer_pos( &buff );
in++;
//.........这里部分代码省略.........
示例8: userauth_gssapi_keyex
int
userauth_gssapi_keyex(Authctxt *authctxt)
{
Gssctxt *gssctxt;
gss_buffer_desc send_tok;
OM_uint32 status;
static int attempt = 0;
if (authctxt == NULL || authctxt->method == NULL)
fatal("input_gssapi_response: no authentication context");
if (xxx_gssctxt == NULL || xxx_gssctxt->context == GSS_C_NO_CONTEXT)
return 0;
if (strcmp(authctxt->method->name, "gssapi-keyex") == 0)
authctxt->methoddata = gssctxt = xxx_gssctxt;
if (attempt++ >= 1)
return 0;
if (strcmp(authctxt->method->name, "gssapi-keyex") == 0) {
gss_buffer_desc g_mic_data;
Buffer mic_data;
debug2("Authenticating with GSS-API context from key exchange (w/ MIC)");
/* Make data buffer to MIC */
buffer_init(&mic_data);
buffer_put_string(&mic_data, session_id2, session_id2_len);
buffer_put_char(&mic_data, SSH2_MSG_USERAUTH_REQUEST);
buffer_put_cstring(&mic_data, authctxt->server_user);
buffer_put_cstring(&mic_data, authctxt->service);
buffer_put_cstring(&mic_data, authctxt->method->name);
/* Make MIC */
g_mic_data.value = buffer_ptr(&mic_data);
g_mic_data.length = buffer_len(&mic_data);
status = ssh_gssapi_get_mic(gssctxt, &g_mic_data, &send_tok);
buffer_clear(&mic_data);
if (GSS_ERROR(status) || send_tok.length == 0) {
/*
* Oops, now what? There's no error token...
* Next userauth
*/
debug("GSS_GetMIC() failed! - "
"Abandoning GSSAPI userauth");
clear_auth_state(authctxt);
userauth(authctxt,NULL);
return 0;
}
packet_start(SSH2_MSG_USERAUTH_REQUEST);
packet_put_cstring(authctxt->server_user);
packet_put_cstring(authctxt->service);
packet_put_cstring(authctxt->method->name);
packet_put_string(send_tok.value,send_tok.length); /* MIC */
packet_send();
packet_write_wait();
(void) gss_release_buffer(&status, &send_tok);
} else if (strcmp(authctxt->method->name, "external-keyx") == 0) {
debug2("Authentication with deprecated \"external-keyx\""
" method not supported");
return 0;
}
return 1;
}示例9: mm_send_keystate
void
mm_send_keystate(struct monitor *monitor)
{
Buffer m, *input, *output;
u_char *blob, *p;
u_int bloblen, plen;
u_int32_t seqnr, packets;
u_int64_t blocks, bytes;
buffer_init(&m);
if (!compat20) {
u_char iv[24];
u_char *key;
u_int ivlen, keylen;
buffer_put_int(&m, packet_get_protocol_flags());
buffer_put_int(&m, packet_get_ssh1_cipher());
debug3("%s: Sending ssh1 KEY+IV", __func__);
keylen = packet_get_encryption_key(NULL);
key = xmalloc(keylen+1); /* add 1 if keylen == 0 */
keylen = packet_get_encryption_key(key);
buffer_put_string(&m, key, keylen);
explicit_bzero(key, keylen);
free(key);
ivlen = packet_get_keyiv_len(MODE_OUT);
packet_get_keyiv(MODE_OUT, iv, ivlen);
buffer_put_string(&m, iv, ivlen);
ivlen = packet_get_keyiv_len(MODE_IN);
packet_get_keyiv(MODE_IN, iv, ivlen);
buffer_put_string(&m, iv, ivlen);
goto skip;
} else {
/* Kex for rekeying */
mm_send_kex(&m, *monitor->m_pkex);
}
debug3("%s: Sending new keys: %p %p",
__func__, packet_get_newkeys(MODE_OUT),
packet_get_newkeys(MODE_IN));
/* Keys from Kex */
if (!mm_newkeys_to_blob(MODE_OUT, &blob, &bloblen))
fatal("%s: conversion of newkeys failed", __func__);
buffer_put_string(&m, blob, bloblen);
free(blob);
if (!mm_newkeys_to_blob(MODE_IN, &blob, &bloblen))
fatal("%s: conversion of newkeys failed", __func__);
buffer_put_string(&m, blob, bloblen);
free(blob);
packet_get_state(MODE_OUT, &seqnr, &blocks, &packets, &bytes);
buffer_put_int(&m, seqnr);
buffer_put_int64(&m, blocks);
buffer_put_int(&m, packets);
buffer_put_int64(&m, bytes);
packet_get_state(MODE_IN, &seqnr, &blocks, &packets, &bytes);
buffer_put_int(&m, seqnr);
buffer_put_int64(&m, blocks);
buffer_put_int(&m, packets);
buffer_put_int64(&m, bytes);
debug3("%s: New keys have been sent", __func__);
skip:
/* More key context */
plen = packet_get_keycontext(MODE_OUT, NULL);
p = xmalloc(plen+1);
packet_get_keycontext(MODE_OUT, p);
buffer_put_string(&m, p, plen);
free(p);
plen = packet_get_keycontext(MODE_IN, NULL);
p = xmalloc(plen+1);
packet_get_keycontext(MODE_IN, p);
buffer_put_string(&m, p, plen);
free(p);
/* Compression state */
debug3("%s: Sending compression state", __func__);
buffer_put_string(&m, &outgoing_stream, sizeof(outgoing_stream));
buffer_put_string(&m, &incoming_stream, sizeof(incoming_stream));
/* Network I/O buffers */
input = (Buffer *)packet_get_input();
output = (Buffer *)packet_get_output();
buffer_put_string(&m, buffer_ptr(input), buffer_len(input));
buffer_put_string(&m, buffer_ptr(output), buffer_len(output));
/* Roaming */
if (compat20) {
buffer_put_int64(&m, get_sent_bytes());
buffer_put_int64(&m, get_recv_bytes());
}
//.........这里部分代码省略.........
示例10: input_gssapi_token
void
input_gssapi_token(int type, u_int32_t plen, void *ctxt)
{
Authctxt *authctxt = ctxt;
Gssctxt *gssctxt;
gss_buffer_desc send_tok, recv_tok, g_mic_data;
Buffer mic_data;
OM_uint32 status;
u_int slen;
if (authctxt == NULL || authctxt->method == NULL)
fatal("input_gssapi_response: no authentication context");
gssctxt = authctxt->methoddata;
recv_tok.value=packet_get_string(&slen);
recv_tok.length=slen; /* safe typecast */
status=ssh_gssapi_init_ctx(gssctxt, authctxt->host,
options.gss_deleg_creds,
&recv_tok, &send_tok);
packet_check_eom();
if (GSS_ERROR(status)) {
if (send_tok.length>0) {
packet_start(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK);
packet_put_string(send_tok.value,send_tok.length);
packet_send();
packet_write_wait();
}
/* Start again with the next method in the list */
clear_auth_state(authctxt);
userauth(authctxt,NULL);
return;
}
if (send_tok.length>0) {
packet_start(SSH2_MSG_USERAUTH_GSSAPI_TOKEN);
packet_put_string(send_tok.value,send_tok.length);
packet_send();
packet_write_wait();
}
if (status != GSS_S_COMPLETE)
return;
/* Make data buffer to MIC */
buffer_init(&mic_data);
buffer_put_string(&mic_data, session_id2, session_id2_len);
buffer_put_char(&mic_data, SSH2_MSG_USERAUTH_REQUEST);
buffer_put_cstring(&mic_data, authctxt->server_user);
buffer_put_cstring(&mic_data, authctxt->service);
buffer_put_cstring(&mic_data, authctxt->method->name);
/* Make MIC */
g_mic_data.value = buffer_ptr(&mic_data);
g_mic_data.length = buffer_len(&mic_data);
status = ssh_gssapi_get_mic(gssctxt, &g_mic_data, &send_tok);
buffer_clear(&mic_data);
if (GSS_ERROR(status) || send_tok.length == 0) {
/*
* Oops, now what? There's no error token...
* Next userauth
*/
debug("GSS_GetMIC() failed! - "
"Abandoning GSSAPI userauth");
clear_auth_state(authctxt);
userauth(authctxt,NULL);
return;
}
packet_start(SSH2_MSG_USERAUTH_GSSAPI_MIC);
packet_put_string(send_tok.value,send_tok.length);
packet_send();
packet_write_wait();
}示例11: sign_and_send_pubkey
static int
sign_and_send_pubkey(Authctxt *authctxt, Key *k, sign_cb_fn *sign_callback)
{
Buffer b;
u_char *blob, *signature;
u_int bloblen, slen;
int skip = 0;
int ret = -1;
int have_sig = 1;
debug3("sign_and_send_pubkey");
if (key_to_blob(k, &blob, &bloblen) == 0) {
/* we cannot handle this key */
debug3("sign_and_send_pubkey: cannot handle key");
return 0;
}
/* data to be signed */
buffer_init(&b);
if (datafellows & SSH_OLD_SESSIONID) {
buffer_append(&b, session_id2, session_id2_len);
skip = session_id2_len;
} else {
buffer_put_string(&b, session_id2, session_id2_len);
skip = buffer_len(&b);
}
buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
buffer_put_cstring(&b, authctxt->server_user);
buffer_put_cstring(&b,
datafellows & SSH_BUG_PKSERVICE ?
"ssh-userauth" :
authctxt->service);
if (datafellows & SSH_BUG_PKAUTH) {
buffer_put_char(&b, have_sig);
} else {
buffer_put_cstring(&b, authctxt->method->name);
buffer_put_char(&b, have_sig);
buffer_put_cstring(&b, key_ssh_name(k));
}
buffer_put_string(&b, blob, bloblen);
/* generate signature */
ret = (*sign_callback)(authctxt, k, &signature, &slen,
buffer_ptr(&b), buffer_len(&b));
if (ret == -1) {
xfree(blob);
buffer_free(&b);
return 0;
}
#ifdef DEBUG_PK
buffer_dump(&b);
#endif
if (datafellows & SSH_BUG_PKSERVICE) {
buffer_clear(&b);
buffer_append(&b, session_id2, session_id2_len);
skip = session_id2_len;
buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
buffer_put_cstring(&b, authctxt->server_user);
buffer_put_cstring(&b, authctxt->service);
buffer_put_cstring(&b, authctxt->method->name);
buffer_put_char(&b, have_sig);
if (!(datafellows & SSH_BUG_PKAUTH))
buffer_put_cstring(&b, key_ssh_name(k));
buffer_put_string(&b, blob, bloblen);
}
xfree(blob);
/* append signature */
buffer_put_string(&b, signature, slen);
xfree(signature);
/* skip session id and packet type */
if (buffer_len(&b) < skip + 1)
fatal("userauth_pubkey: internal error");
buffer_consume(&b, skip + 1);
/* put remaining data from buffer into packet */
packet_start(SSH2_MSG_USERAUTH_REQUEST);
packet_put_raw(buffer_ptr(&b), buffer_len(&b));
buffer_free(&b);
packet_send();
return 1;
}示例12: add_dsakey_to_keyfile
/** Add a DSA key to the tspc key file
*
* @param dsa the DSA param pointer filled with our key info
* @param host the hostname of the corresponding broker
* @param filename the keyfile to use
*
* @return 0 if error
* 1 if ok
*
*/
int
add_dsakey_to_keyfile(DSA *dsa, char *host, char *filename, tBoolean autoaccept)
{
FILE *fp = NULL;
Buffer buf;
char *str = NULL;
int ret = 0;
switch (is_dsakey_in_keyfile(dsa, host, filename)) {
case 0:
Display(LOG_LEVEL_3, ELInfo, TSP_AUTH_PASSDSS_STRING, GOGO_STR_ERR_IN_KEY_VERIF);
Display(LOG_LEVEL_3, ELWarning, TSP_AUTH_PASSDSS_STRING, GOGO_STR_SERVER_KEY_REJECTED);
break;
case 1: /* not in, we add and continue */
#if defined(WIN32) && !defined(WINCE)
// When running as a service we can't ask user
// permission. Compromise and accept the key auto
//
if (!IsService && !autoaccept)
{
#else
if (!autoaccept)
{
#endif
if (!ask(GOGO_STR_UNKNOWN_HOST_ADD_KEY, host))
{
Display(LOG_LEVEL_3, ELWarning, TSP_AUTH_PASSDSS_STRING, GOGO_STR_SERVER_KEY_REJECTED_USER);
break;
}
}
else
Display(LOG_LEVEL_1, ELWarning, TSP_AUTH_PASSDSS_STRING, GOGO_STR_WARN_SERVER_KEY_AUTO_ADDED);
Display(LOG_LEVEL_2, ELInfo, TSP_AUTH_PASSDSS_STRING, GOGO_STR_SERVER_KEY_ACCEPTED_ADDED);
buffer_init(&buf);
if (buf.buf == NULL)
break;
buffer_put_cstring(&buf, "ssh-dss");
buffer_put_bignum(&buf, dsa->p);
buffer_put_bignum(&buf, dsa->q);
buffer_put_bignum(&buf, dsa->g);
buffer_put_bignum(&buf, dsa->pub_key);
if ( (str = pal_malloc(2 * buffer_len(&buf))) == NULL)
break;
if ( (base64encode(str, buffer_ptr(&buf), (int) buffer_len(&buf))) < 1)
break;
fp = fopen(filename, "a");
if (fp) {
fprintf(fp, "%s ssh-dss %s\n", host, str);
fclose(fp);
ret = 1;
}
buffer_free(&buf);
pal_free(str);
break;
case 2: /* in and matching correctly, hurray */
Display(LOG_LEVEL_2, ELInfo, TSP_AUTH_PASSDSS_STRING, GOGO_STR_MATCHING_KEY_FOUND_USED);
ret = 1;
break;
case 3: /* in and NOT matching correctly */
Display(LOG_LEVEL_1, ELError, TSP_AUTH_PASSDSS_STRING, GOGO_STR_WARN_STORED_LOCAL_KEY_NO_MATCH, filename, host);
Display(LOG_LEVEL_3, ELWarning, TSP_AUTH_PASSDSS_STRING, GOGO_STR_SERVER_KEY_REJECTED);
ret = 0;
break;
}
return ret;
}
/**
* Authenticate to the Migration Broker using PASSDSS-3DES-1
*
* Buf_H will contain the data used to validate the server
* signature. The data is a concatenation of the following parameters,
* in that order:
* azname,authname,DH_public_key,pklength,"ssh-dss",p,q,g,z,Y,ssecmask,sbuflen,dh_K
*
* @param socket
* @param user
* @param passwd
* @param host
* @param nt
*
//.........这里部分代码省略.........
示例13: process
static void
process(void)
{
u_int msg_len, buf_len, consumed, type, i;
u_char *cp;
u_int32_t id;
buf_len = buffer_len(&iqueue);
if (buf_len < 5)
return; /* Incomplete message. */
cp = buffer_ptr(&iqueue);
msg_len = get_u32(cp);
if (msg_len > SFTP_MAX_MSG_LENGTH) {
error("bad message from %s local user %s",
client_addr, pw->pw_name);
sftp_server_cleanup_exit(11);
}
if (buf_len < msg_len + 4)
return;
buffer_consume(&iqueue, 4);
buf_len -= 4;
type = buffer_get_char(&iqueue);
switch (type) {
case SSH2_FXP_INIT:
process_init();
init_done = 1;
break;
case SSH2_FXP_EXTENDED:
if (!init_done)
fatal("Received extended request before init");
id = get_int();
process_extended(id);
break;
default:
if (!init_done)
fatal("Received %u request before init", type);
id = get_int();
for (i = 0; handlers[i].handler != NULL; i++) {
if (type == handlers[i].type) {
if (!request_permitted(&handlers[i])) {
send_status(id,
SSH2_FX_PERMISSION_DENIED);
} else {
handlers[i].handler(id);
}
break;
}
}
if (handlers[i].handler == NULL)
#ifdef NERSC_MOD
{
s_audit("sftp_process_unknown_3", "count=%i int=%d uristring=%d",
get_client_session_id(), (int)getppid(), type);
#endif
error("Unknown message %u", type);
#ifdef NERSC_MOD
}
#endif
}
/* discard the remaining bytes from the current packet */
if (buf_len < buffer_len(&iqueue)) {
error("iqueue grew unexpectedly");
sftp_server_cleanup_exit(255);
}
consumed = buf_len - buffer_len(&iqueue);
if (msg_len < consumed) {
error("msg_len %u < consumed %u", msg_len, consumed);
sftp_server_cleanup_exit(255);
}
if (msg_len > consumed)
buffer_consume(&iqueue, msg_len - consumed);
}示例14: process
static void
process(void)
{
u_int msg_len;
u_int buf_len;
u_int consumed;
u_int type;
u_char *cp;
buf_len = buffer_len(&iqueue);
if (buf_len < 5)
return; /* Incomplete message. */
cp = buffer_ptr(&iqueue);
msg_len = get_u32(cp);
if (msg_len > SFTP_MAX_MSG_LENGTH) {
error("bad message from %s local user %s",
client_addr, pw->pw_name);
sftp_server_cleanup_exit(11);
}
if (buf_len < msg_len + 4)
return;
buffer_consume(&iqueue, 4);
buf_len -= 4;
type = buffer_get_char(&iqueue);
switch (type) {
case SSH2_FXP_INIT:
process_init();
break;
case SSH2_FXP_OPEN:
process_open();
break;
case SSH2_FXP_CLOSE:
process_close();
break;
case SSH2_FXP_READ:
process_read();
break;
case SSH2_FXP_WRITE:
process_write();
break;
case SSH2_FXP_LSTAT:
process_lstat();
break;
case SSH2_FXP_FSTAT:
process_fstat();
break;
case SSH2_FXP_SETSTAT:
process_setstat();
break;
case SSH2_FXP_FSETSTAT:
process_fsetstat();
break;
case SSH2_FXP_OPENDIR:
process_opendir();
break;
case SSH2_FXP_READDIR:
process_readdir();
break;
case SSH2_FXP_REMOVE:
process_remove();
break;
case SSH2_FXP_MKDIR:
process_mkdir();
break;
case SSH2_FXP_RMDIR:
process_rmdir();
break;
case SSH2_FXP_REALPATH:
process_realpath();
break;
case SSH2_FXP_STAT:
process_stat();
break;
case SSH2_FXP_RENAME:
process_rename();
break;
case SSH2_FXP_READLINK:
process_readlink();
break;
case SSH2_FXP_SYMLINK:
process_symlink();
break;
case SSH2_FXP_EXTENDED:
process_extended();
break;
default:
error("Unknown message %d", type);
break;
}
/* discard the remaining bytes from the current packet */
if (buf_len < buffer_len(&iqueue)) {
error("iqueue grew unexpectedly");
sftp_server_cleanup_exit(255);
}
consumed = buf_len - buffer_len(&iqueue);
if (msg_len < consumed) {
error("msg_len %d < consumed %d", msg_len, consumed);
sftp_server_cleanup_exit(255);
}
if (msg_len > consumed)
//.........这里部分代码省略.........
示例15: sftp_server_main
//.........这里部分代码省略.........
}
*cp = '\0';
} else
client_addr = xstrdup("UNKNOWN");
logit("session opened for local user %s from [%s]",
pw->pw_name, client_addr);
in = STDIN_FILENO;
out = STDOUT_FILENO;
#ifdef HAVE_CYGWIN
setmode(in, O_BINARY);
setmode(out, O_BINARY);
#endif
max = 0;
if (in > max)
max = in;
if (out > max)
max = out;
buffer_init(&iqueue);
buffer_init(&oqueue);
set_size = howmany(max + 1, NFDBITS) * sizeof(fd_mask);
rset = (fd_set *)xmalloc(set_size);
wset = (fd_set *)xmalloc(set_size);
if (homedir != NULL) {
if (chdir(homedir) != 0) {
error("chdir to \"%s\" failed: %s", homedir,
strerror(errno));
}
}
#ifdef NERSC_MOD
char* t1buf = encode_string(pw->pw_name, strlen(pw->pw_name));
s_audit("sftp_process_init_3", "count=%i int=%d uristring=%s addr=%s",
get_client_session_id(), (int)getppid(), t1buf, client_addr);
free(t1buf);
#endif
for (;;) {
memset(rset, 0, set_size);
memset(wset, 0, set_size);
/*
* Ensure that we can read a full buffer and handle
* the worst-case length packet it can generate,
* otherwise apply backpressure by stopping reads.
*/
if (buffer_check_alloc(&iqueue, sizeof(buf)) &&
buffer_check_alloc(&oqueue, SFTP_MAX_MSG_LENGTH))
FD_SET(in, rset);
olen = buffer_len(&oqueue);
if (olen > 0)
FD_SET(out, wset);
if (select(max+1, rset, wset, NULL, NULL) < 0) {
if (errno == EINTR)
continue;
error("select: %s", strerror(errno));
sftp_server_cleanup_exit(2);
}
/* copy stdin to iqueue */
if (FD_ISSET(in, rset)) {
len = read(in, buf, sizeof buf);
if (len == 0) {
debug("read eof");
sftp_server_cleanup_exit(0);
} else if (len < 0) {
error("read: %s", strerror(errno));
sftp_server_cleanup_exit(1);
} else {
buffer_append(&iqueue, buf, len);
}
}
/* send oqueue to stdout */
if (FD_ISSET(out, wset)) {
len = write(out, buffer_ptr(&oqueue), olen);
if (len < 0) {
error("write: %s", strerror(errno));
sftp_server_cleanup_exit(1);
} else {
buffer_consume(&oqueue, len);
}
}
/*
* Process requests from client if we can fit the results
* into the output buffer, otherwise stop processing input
* and let the output queue drain.
*/
if (buffer_check_alloc(&oqueue, SFTP_MAX_MSG_LENGTH))
process();
}
}