Subject: [PATCH] userauth: Provide more informations if ssh pub key extraction fails

[PATCH] userauth: Provide more informations if ssh pub key extraction fails

From: Peter Krempa <pkrempa_at_redhat.com>
Date: Mon, 19 Dec 2011 15:02:15 +0100

If the function that extracts/computes the public key from a private key
fails the errors it reports were masked by the function calling it. This
patch modifies the key extraction function to return errors using
_libssh_error() function. The error messages are tweaked to contain
reference to the failed operaton in addition to the reason.

 * AUTHORS: - add my name
 * libgcrypt.c: _libssh2_pub_priv_keyfile(): - return a more verbose
                                               error using
                                               _libssh2_error() func.
 * openssl.c: - modify call graph of _libssh2_pub_priv_keyfile() to use
                _libssh2_error for error reporting();
 * userauth.c: - tweak functions calling _libssh2_pub_priv_keyfile() not
                 to shadow error messages

---
 AUTHORS         |    1 +
 src/libgcrypt.c |    5 +++--
 src/openssl.c   |   42 +++++++++++++++++++++---------------------
 src/userauth.c  |   35 ++++++++++++++++++-----------------
 4 files changed, 43 insertions(+), 40 deletions(-)
diff --git a/AUTHORS b/AUTHORS
index 6c4e057..214fca9 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -29,6 +29,7 @@ Mikhail Gusarov
 Neil Gierman
 Olivier Hervieu
 Paul Veldkamp
+Peter Krempa
 Peter O'Gorman
 Peter Stuge
 Romain Bondue
diff --git a/src/libgcrypt.c b/src/libgcrypt.c
index c3be56c..1bda5ee 100644
--- a/src/libgcrypt.c
+++ b/src/libgcrypt.c
@@ -581,8 +581,9 @@ _libssh2_pub_priv_keyfile(LIBSSH2_SESSION *session,
                           const char *privatekey,
                           const char *passphrase)
 {
-    return -1; /* not yet supported; interpreted by userauth.c to call
-                  libssh2_error */
+    return _libssh_error(session, LIBSSH2_ERROR_FILE,
+                         "Unable to extract public key from private key file: "
+                         "Method unimplemented in libgcrypt backend");
 }
 void _libssh2_init_aes_ctr(void)
diff --git a/src/openssl.c b/src/openssl.c
index 5fec511..db95b12 100644
--- a/src/openssl.c
+++ b/src/openssl.c
@@ -666,10 +666,9 @@ gen_publickey_from_rsa_evp(LIBSSH2_SESSION *session,
         LIBSSH2_FREE(session, method_buf);
     }
-    _libssh2_error(session,
-                   LIBSSH2_ERROR_ALLOC,
-                   "Unable to allocate memory for private key data");
-    return -1;
+    return _libssh2_error(session,
+                          LIBSSH2_ERROR_ALLOC,
+                          "Unable to allocate memory for private key data");
 }
 static int
@@ -721,10 +720,9 @@ gen_publickey_from_dsa_evp(LIBSSH2_SESSION *session,
         LIBSSH2_FREE(session, method_buf);
     }
-    _libssh2_error(session,
-                   LIBSSH2_ERROR_ALLOC,
-                   "Unable to allocate memory for private key data");
-    return -1;
+    return _libssh2_error(session,
+                          LIBSSH2_ERROR_ALLOC,
+                          "Unable to allocate memory for private key data");
 }
 int
@@ -747,10 +745,10 @@ _libssh2_pub_priv_keyfile(LIBSSH2_SESSION *session,
     bp = BIO_new_file(privatekey, "r");
     if (bp == NULL) {
-        _libssh2_error(session,
-                       LIBSSH2_ERROR_FILE,
-                       "Unable to open private key file");
-        return -1;
+        return _libssh2_error(session,
+                              LIBSSH2_ERROR_FILE,
+                              "Unable to extract public key from private key "
+                              "file: Unable to open private key file");
     }
     if (!EVP_get_cipherbyname("des")) {
         /* If this cipher isn't loaded it's a pretty good indication that none
@@ -765,11 +763,12 @@ _libssh2_pub_priv_keyfile(LIBSSH2_SESSION *session,
     BIO_free(bp);
     if (pk == NULL) {
-        _libssh2_error(session,
-                       LIBSSH2_ERROR_FILE,
-                       "Wrong passphrase or invalid/unrecognized "
-                       "private key file format");
-        return -1;
+        return _libssh2_error(session,
+                              LIBSSH2_ERROR_FILE,
+                              "Unable to extract public key "
+                              "from private key file: "
+                              "Wrong passphrase or invalid/unrecognized "
+                              "private key file format");
     }
     switch (pk->type) {
@@ -784,10 +783,11 @@ _libssh2_pub_priv_keyfile(LIBSSH2_SESSION *session,
         break;
     default :
-        st = -1;
-        _libssh2_error(session,
-                       LIBSSH2_ERROR_FILE,
-                       "Unsupported private key file format");
+        st = _libssh2_error(session,
+                            LIBSSH2_ERROR_FILE,
+                            "Unable to extract public key "
+                            "from private key file: "
+                            "Unsupported private key file format");
         break;
     }
diff --git a/src/userauth.c b/src/userauth.c
index d74c0c8..3fcb200 100644
--- a/src/userauth.c
+++ b/src/userauth.c
@@ -665,14 +665,14 @@ userauth_hostbased_fromfile(LIBSSH2_SESSION *session,
         }
         else {
             /* Compute public key from private key. */
-            if (_libssh2_pub_priv_keyfile(session,
-                                          &session->userauth_host_method,
-                                          &session->userauth_host_method_len,
-                                          &pubkeydata, &pubkeydata_len,
-                                          privatekey, passphrase))
-                return _libssh2_error(session, LIBSSH2_ERROR_FILE,
-                                      "Unable to extract public key "
-                                      "from private key file");
+            rc = _libssh2_pub_priv_keyfile(session,
+                                           &session->userauth_host_method,
+                                           &session->userauth_host_method_len,
+                                           &pubkeydata, &pubkeydata_len,
+                                           privatekey, passphrase);
+            if (rc)
+                /* libssh2_pub_priv_keyfile calls _libssh2_error() */
+                return rc;
         }
         /*
@@ -1237,19 +1237,20 @@ userauth_publickey_fromfile(LIBSSH2_SESSION *session,
             rc = file_read_publickey(session, &session->userauth_pblc_method,
                                      &session->userauth_pblc_method_len,
                                      &pubkeydata, &pubkeydata_len,publickey);
-            if(rc)
+            if (rc)
                 return rc;
         }
         else {
             /* Compute public key from private key. */
-            if (_libssh2_pub_priv_keyfile(session,
-                                          &session->userauth_pblc_method,
-                                          &session->userauth_pblc_method_len,
-                                          &pubkeydata, &pubkeydata_len,
-                                          privatekey, passphrase))
-                return _libssh2_error(session, LIBSSH2_ERROR_FILE,
-                                      "Unable to extract public key "
-                                      "from private key file");
+            rc = _libssh2_pub_priv_keyfile(session,
+                                           &session->userauth_pblc_method,
+                                           &session->userauth_pblc_method_len,
+                                           &pubkeydata, &pubkeydata_len,
+                                           privatekey, passphrase);
+
+            /* _libssh2_pub_priv_keyfile calls _libssh2_error() */
+            if (rc)
+                return rc;
         }
     }
-- 
1.7.3.4
_______________________________________________
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
Received on 2011-12-19