[vlc-commits] sftp: public key authentication

Petri Hintukainen git at videolan.org
Fri Mar 11 09:45:19 CET 2016


vlc | branch: master | Petri Hintukainen <phintuka at gmail.com> | Mon Mar  7 12:55:41 2016 +0200| [d82758a1fab7402028abe440aa3405549dda226c] | committer: Petri Hintukainen

sftp: public key authentication

> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=d82758a1fab7402028abe440aa3405549dda226c
---

 modules/access/sftp.c |   44 ++++++++++++++++++++++++++++++++++++++++----
 1 file changed, 40 insertions(+), 4 deletions(-)

diff --git a/modules/access/sftp.c b/modules/access/sftp.c
index d142158..78acccb 100644
--- a/modules/access/sftp.c
+++ b/modules/access/sftp.c
@@ -94,6 +94,34 @@ struct access_sys_t
 };
 
 
+static int AuthPublicKey( access_t *p_access, const char *psz_home, const char *psz_username )
+{
+    access_sys_t* p_sys = p_access->p_sys;
+    int i_result = VLC_EGENERIC;
+    char *psz_keyfile1 = NULL;
+    char *psz_keyfile2 = NULL;
+
+    if( !psz_username || !psz_username[0] )
+        return i_result;
+
+    if( asprintf( &psz_keyfile1, "%s/.ssh/id_rsa.pub", psz_home ) == -1 ||
+        asprintf( &psz_keyfile2, "%s/.ssh/id_rsa",     psz_home ) == -1 )
+        goto bailout;
+
+    if( libssh2_userauth_publickey_fromfile( p_sys->ssh_session, psz_username, psz_keyfile1, psz_keyfile2, NULL ) )
+    {
+        msg_Dbg( p_access, "Public key authentication failed" );
+        goto bailout;
+    }
+
+    msg_Info( p_access, "Public key authentication succeeded" );
+    i_result = VLC_SUCCESS;
+
+ bailout:
+    free( psz_keyfile1 );
+    free( psz_keyfile2 );
+    return i_result;
+}
 
 /**
  * Connect to the sftp server and ask for a file
@@ -108,6 +136,7 @@ static int Open( vlc_object_t* p_this )
     vlc_credential credential;
     const char* psz_path;
     char* psz_remote_home = NULL;
+    char* psz_home = NULL;
     int i_port;
     int i_ret;
     vlc_url_t url;
@@ -173,7 +202,7 @@ static int Open( vlc_object_t* p_this )
     if( !ssh_knownhosts )
         goto error;
 
-    char *psz_home = config_GetUserDir( VLC_HOME_DIR );
+    psz_home = config_GetUserDir( VLC_HOME_DIR );
     char *psz_knownhosts_file;
     if( asprintf( &psz_knownhosts_file, "%s/.ssh/known_hosts", psz_home ) != -1 )
     {
@@ -181,7 +210,6 @@ static int Open( vlc_object_t* p_this )
                 LIBSSH2_KNOWNHOST_FILE_OPENSSH );
         free( psz_knownhosts_file );
     }
-    free( psz_home );
 
     const char *fingerprint = libssh2_session_hostkey( p_sys->ssh_session, &i_len, &i_type );
     struct libssh2_knownhost *host;
@@ -210,6 +238,9 @@ static int Open( vlc_object_t* p_this )
 
     //TODO: ask for the available auth methods
 
+    /* Try public key auth first */
+    if( AuthPublicKey( p_access, psz_home, url.psz_username ) != VLC_SUCCESS )
+    {
     while( vlc_credential_get( &credential, p_access, "sftp-user", "sftp-pwd",
                                _("SFTP authentication"),
                                _("Please enter a valid login and password for "
@@ -223,8 +254,12 @@ static int Open( vlc_object_t* p_this )
             vlc_credential_store( &credential, p_access );
             break;
         }
-        else
-            msg_Warn( p_access, "sftp auth failed for %s", credential.psz_username );
+
+        if( AuthPublicKey( p_access, psz_home, credential.psz_username ) == VLC_SUCCESS )
+            break;
+
+        msg_Warn( p_access, "sftp auth failed for %s", credential.psz_username );
+    }
     }
 
     /* Create the sftp session */
@@ -316,6 +351,7 @@ static int Open( vlc_object_t* p_this )
     i_result = VLC_SUCCESS;
 
 error:
+    free( psz_home );
     free( psz_remote_home );
     vlc_UrlClean( &url );
     vlc_credential_clean( &credential );



More information about the vlc-commits mailing list