4 * Copyright (C) 2016-2023 Milan Broz
5 * Copyright (C) 2020-2023 Vojtech Trefny
7 * This file is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU Lesser General Public
9 * License as published by the Free Software Foundation; either
10 * version 2.1 of the License, or (at your option) any later version.
12 * This file is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
17 * You should have received a copy of the GNU Lesser General Public
18 * License along with this file; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
25 #include <libssh/libssh.h>
26 #include <libssh/sftp.h>
28 #include <libcryptsetup.h>
29 #include "ssh-utils.h"
30 #include "../lib/nls.h"
32 #define KEYFILE_LENGTH_MAX 8192
34 int sshplugin_download_password(struct crypt_device *cd, ssh_session ssh,
35 const char *path, char **password, size_t *password_len)
40 sftp_attributes sftp_attr = NULL;
41 sftp_session sftp = NULL;
42 sftp_file file = NULL;
46 crypt_log(cd, CRYPT_LOG_ERROR, _("Cannot create sftp session: "));
53 crypt_log(cd, CRYPT_LOG_ERROR, _("Cannot init sftp session: "));
57 file = sftp_open(sftp, path, O_RDONLY, 0);
59 crypt_log(cd, CRYPT_LOG_ERROR, _("Cannot open sftp session: "));
64 sftp_attr = sftp_fstat(file);
66 crypt_log(cd, CRYPT_LOG_ERROR, _("Cannot stat sftp file: "));
71 pass_len = sftp_attr->size > KEYFILE_LENGTH_MAX ? KEYFILE_LENGTH_MAX : sftp_attr->size;
72 pass = malloc(pass_len);
74 crypt_log(cd, CRYPT_LOG_ERROR, _("Not enough memory.\n"));
79 r = sftp_read(file, pass, pass_len);
80 if (r < 0 || (size_t)r != pass_len) {
81 crypt_log(cd, CRYPT_LOG_ERROR, _("Cannot read remote key: "));
87 *password_len = pass_len;
92 crypt_log(cd, CRYPT_LOG_ERROR, ssh_get_error(ssh));
93 crypt_log(cd, CRYPT_LOG_ERROR, "\n");
98 sftp_attributes_free(sftp_attr);
104 return r == SSH_OK ? 0 : -EINVAL;
107 ssh_session sshplugin_session_init(struct crypt_device *cd, const char *host, const char *user)
110 ssh_session ssh = ssh_new();
114 ssh_options_set(ssh, SSH_OPTIONS_HOST, host);
115 ssh_options_set(ssh, SSH_OPTIONS_USER, user);
116 ssh_options_set(ssh, SSH_OPTIONS_PORT, &port);
118 crypt_log(cd, CRYPT_LOG_NORMAL, "SSH token initiating ssh session.\n");
120 r = ssh_connect(ssh);
122 crypt_log(cd, CRYPT_LOG_ERROR, _("Connection failed: "));
126 #if HAVE_DECL_SSH_SESSION_IS_KNOWN_SERVER
127 r = ssh_session_is_known_server(ssh);
129 r = ssh_is_server_known(ssh);
131 if (r != SSH_SERVER_KNOWN_OK) {
132 crypt_log(cd, CRYPT_LOG_ERROR, _("Server not known: "));
139 /* initialise list of authentication methods. yes, according to official libssh docs... */
140 ssh_userauth_none(ssh, NULL);
143 crypt_log(cd, CRYPT_LOG_ERROR, ssh_get_error(ssh));
144 crypt_log(cd, CRYPT_LOG_ERROR, "\n");
153 int sshplugin_public_key_auth(struct crypt_device *cd, ssh_session ssh, const ssh_key pkey)
157 crypt_log(cd, CRYPT_LOG_DEBUG, "Trying public key authentication method.\n");
159 if (!(ssh_userauth_list(ssh, NULL) & SSH_AUTH_METHOD_PUBLICKEY)) {
160 crypt_log(cd, CRYPT_LOG_ERROR, _("Public key auth method not allowed on host.\n"));
161 return SSH_AUTH_ERROR;
164 r = ssh_userauth_try_publickey(ssh, NULL, pkey);
165 if (r == SSH_AUTH_SUCCESS) {
166 crypt_log(cd, CRYPT_LOG_DEBUG, "Public key method accepted.\n");
167 r = ssh_userauth_publickey(ssh, NULL, pkey);
170 if (r != SSH_AUTH_SUCCESS) {
171 crypt_log(cd, CRYPT_LOG_ERROR, _("Public key authentication error: "));
172 crypt_log(cd, CRYPT_LOG_ERROR, ssh_get_error(ssh));
173 crypt_log(cd, CRYPT_LOG_ERROR, "\n");