[vlc-devel] [PATCH] access/sftp: authenticate with ssh-agent access/sftp: check libssh2_userauth_list for available auth methods

Rémi Denis-Courmont remi at remlab.net
Fri Dec 2 05:53:03 CET 2016 

Le vendredi 2 décembre 2016, 02:37:37 git at yidong.im a écrit :
> From: Yidong Ren <git at yidong.im>
> 
> ---
>  modules/access/sftp.c | 73
> ++++++++++++++++++++++++++++++++++++++++----------- 1 file changed, 57
> insertions(+), 16 deletions(-)
> 
> diff --git a/modules/access/sftp.c b/modules/access/sftp.c
> index 7a48d6d..4ad1cb7 100644
> --- a/modules/access/sftp.c
> +++ b/modules/access/sftp.c
> @@ -100,10 +100,51 @@ static int AuthPublicKey( access_t *p_access, const
> char *psz_home, const char * int i_result = VLC_EGENERIC;
>      char *psz_keyfile1 = NULL;
>      char *psz_keyfile2 = NULL;
> +    LIBSSH2_AGENT *p_sshagent = NULL;
> +    struct libssh2_agent_publickey *p_identity = NULL,
> +                                   *p_prev_identity = NULL;
> 
>      if( !psz_username || !psz_username[0] )
>          return i_result;
> 
> +    p_sshagent = libssh2_agent_init( p_sys->ssh_session );
> +
> +    if( !p_sshagent )
> +    {
> +        msg_Dbg( p_access, "Failed to initialize key agent" );
> +        goto agent_bailout;
> +    }
> +    if( libssh2_agent_connect( p_sshagent ) )
> +    {
> +        msg_Dbg( p_access, "Failed to connect key agent" );
> +        goto agent_bailout;
> +    }
> +    if( libssh2_agent_list_identities( p_sshagent ) )
> +    {
> +        msg_Dbg( p_access, "Failed to request identities" );
> +        goto agent_bailout;
> +    }
> +
> +    while( libssh2_agent_get_identity( p_sshagent, &p_identity,
> p_prev_identity ) == 0 ) +    {
> +        msg_Dbg( p_access, "Using key %s", p_identity->comment );
> +        if( libssh2_agent_userauth( p_sshagent, psz_username, p_identity )
> == 0 ) +        {
> +            msg_Info( p_access, "Public key agent authentication succeeded"
> ); +            i_result = VLC_SUCCESS;
> +            goto agent_bailout;
> +        }
> +        msg_Dbg( p_access, "Public key agent authentication failed" );
> +        p_prev_identity = p_identity;
> +    }
> +
> +agent_bailout:
> +    libssh2_agent_disconnect( p_sshagent );
> +    libssh2_agent_free( p_sshagent );

Does this work if p_sshagent is NULL, or not in connected state? Also separate 
function might simplify the flow control.

> +    /* TODO: not sure if we need to free p_identity and p_prev_identity */
> +    if ( i_result == VLC_SUCCESS )
> +        goto bailout;
> +
>      if( asprintf( &psz_keyfile1, "%s/.ssh/id_rsa.pub", psz_home ) == -1 ||
>          asprintf( &psz_keyfile2, "%s/.ssh/id_rsa",     psz_home ) == -1 )
>          goto bailout;
> @@ -255,18 +296,18 @@ static int Open( vlc_object_t* p_this )
>          goto error;
>      }
> 
> -    //TODO: ask for the available auth methods
> -
> -    /* Try public key auth first */
> -    if( AuthPublicKey( p_access, psz_home, url.psz_username ) !=
> VLC_SUCCESS ) -    {
> -    while( vlc_credential_get( &credential, p_access, "sftp-user",
> "sftp-pwd", -                               _("SFTP authentication"),
> -                               _("Please enter a valid login and password
> for " -                               "the sftp connexion to %s"),
> url.psz_host ) ) +    char* psz_userauthlist = NULL;
> +    do
>      {
> -        /* send the login/password */
> -        if( libssh2_userauth_password( p_sys->ssh_session,
> +        psz_userauthlist = libssh2_userauth_list( p_sys->ssh_session,
> credential.psz_username, strlen( credential.psz_username ) ); +
> +        /* TODO: Follow PreferredAuthentications in ssh_config */
> +
> +        if( strstr( psz_userauthlist, "publickey" ) != NULL &&
> +            AuthPublicKey( p_access, psz_home, credential.psz_username ) ==
> VLC_SUCCESS ) +            break;
> +        if( strstr( psz_userauthlist, "password" ) != NULL &&
> +            libssh2_userauth_password( p_sys->ssh_session,
>                                         credential.psz_username,
>                                         credential.psz_password ) == 0 )
>          {
> @@ -274,12 +315,11 @@ static int Open( vlc_object_t* p_this )
>              break;
>          }
> 
> -        if( AuthPublicKey( p_access, psz_home, credential.psz_username ) ==
> VLC_SUCCESS ) -            break;
> -
>          msg_Warn( p_access, "sftp auth failed for %s",
> credential.psz_username ); -    }
> -    }
> +    } while( vlc_credential_get( &credential, p_access, "sftp-user",
> "sftp-pwd", +                                _("SFTP authentication"),
> +                                _("Please enter a valid login and password
> for " +                                "the sftp connexion to %s"),
> url.psz_host ) );
> 
>      /* Create the sftp session */
>      p_sys->sftp_session = libssh2_sftp_init( p_sys->ssh_session );
> @@ -372,6 +412,7 @@ static int Open( vlc_object_t* p_this )
>  error:
>      free( psz_home );
>      free( psz_remote_home );
> +    free( psz_userauthlist );
>      vlc_UrlClean( &url );
>      vlc_credential_clean( &credential );
>      vlc_UrlClean( &credential_url );

-- 
Rémi Denis-Courmont
http://www.remlab.net/

More information about the vlc-devel mailing list