1 files changed, 81 insertions, 64 deletions
diff --git a/lib/ssh/src/ssh_auth.erl b/lib/ssh/src/ssh_auth.erl
index 726f52132f..4967a2e4cd 100644
--- a/lib/ssh/src/ssh_auth.erl
+++ b/lib/ssh/src/ssh_auth.erl
@@ -31,8 +31,7 @@
 -export([publickey_msg/1, password_msg/1, keyboard_interactive_msg/1,
 	 service_request_msg/1, init_userauth_request_msg/1,
 	 userauth_request_msg/1, handle_userauth_request/3,
-	 handle_userauth_info_request/3, handle_userauth_info_response/2,
-	 default_public_key_algorithms/0
+	 handle_userauth_info_request/3, handle_userauth_info_response/2
 	]).
 
 %%--------------------------------------------------------------------
@@ -42,27 +41,29 @@ publickey_msg([Alg, #ssh{user = User,
 		       session_id = SessionId,
 		       service = Service,
 		       opts = Opts} = Ssh]) ->
-
     Hash = sha, %% Maybe option?!
     KeyCb = proplists:get_value(key_cb, Opts, ssh_file),
-
     case KeyCb:user_key(Alg, Opts) of
-	{ok, Key} ->
-	    StrAlgo = algorithm_string(Alg),
-	    PubKeyBlob = encode_public_key(Key),
-	    SigData = build_sig_data(SessionId, 
-				     User, Service, PubKeyBlob, StrAlgo),
-	    Sig = ssh_transport:sign(SigData, Hash, Key),
-	    SigBlob = list_to_binary([?string(StrAlgo), ?binary(Sig)]),
-	    ssh_transport:ssh_packet(
-	      #ssh_msg_userauth_request{user = User,
-					service = Service,
-					method = "publickey",
-					data = [?TRUE,
-						?string(StrAlgo),
-						?binary(PubKeyBlob),
-						?binary(SigBlob)]},
-	      Ssh);
+	{ok, PrivKey} ->
+	    StrAlgo = atom_to_list(Alg),
+            case encode_public_key(StrAlgo, ssh_transport:extract_public_key(PrivKey)) of
+		not_ok ->
+		    not_ok;
+		PubKeyBlob ->
+		    SigData = build_sig_data(SessionId, 
+					     User, Service, PubKeyBlob, StrAlgo),
+		    Sig = ssh_transport:sign(SigData, Hash, PrivKey),
+		    SigBlob = list_to_binary([?string(StrAlgo), ?binary(Sig)]),
+		    ssh_transport:ssh_packet(
+		      #ssh_msg_userauth_request{user = User,
+						service = Service,
+						method = "publickey",
+						data = [?TRUE,
+							?string(StrAlgo),
+							?binary(PubKeyBlob),
+							?binary(SigBlob)]},
+		      Ssh)
+	    end;
      	_Error ->
 	    not_ok
     end.
@@ -121,7 +122,7 @@ init_userauth_request_msg(#ssh{opts = Opts} = Ssh) ->
 
 	    Algs = proplists:get_value(public_key, 
 				       proplists:get_value(preferred_algorithms, Opts, []),
-				       default_public_key_algorithms()),
+				       ssh_transport:default_algorithms(public_key)),
 	    Prefs = method_preference(Algs),
 	    ssh_transport:ssh_packet(Msg, Ssh#ssh{user = User,
 						  userauth_preference = Prefs,
@@ -173,15 +174,15 @@ handle_userauth_request(#ssh_msg_userauth_request{user = User,
 			#ssh{opts = Opts,
 			     userauth_supported_methods = Methods} = Ssh) ->
     Password = unicode:characters_to_list(BinPwd),
-    case check_password(User, Password, Opts) of
-	true ->
+    case check_password(User, Password, Opts, Ssh) of
+	{true,Ssh1} ->
 	    {authorized, User,
-	     ssh_transport:ssh_packet(#ssh_msg_userauth_success{}, Ssh)};
-	false  ->
+	     ssh_transport:ssh_packet(#ssh_msg_userauth_success{}, Ssh1)};
+	{false,Ssh1}  ->
 	    {not_authorized, {User, {error,"Bad user or password"}}, 
 	     ssh_transport:ssh_packet(#ssh_msg_userauth_failure{
 		     authentications = Methods,
-		     partial_success = false}, Ssh)}
+		     partial_success = false}, Ssh1)}
     end;
 
 handle_userauth_request(#ssh_msg_userauth_request{user = User,
@@ -334,16 +335,16 @@ handle_userauth_info_response(#ssh_msg_userauth_info_response{num_responses = 1,
 				   kb_tries_left = KbTriesLeft,
 				   user = User,
 				   userauth_supported_methods = Methods} = Ssh) ->
-    case check_password(User, unicode:characters_to_list(Password), Opts) of
-	true ->
+    case check_password(User, unicode:characters_to_list(Password), Opts, Ssh) of
+	{true,Ssh1} ->
 	    {authorized, User,
-	     ssh_transport:ssh_packet(#ssh_msg_userauth_success{}, Ssh)};
-	false ->
+	     ssh_transport:ssh_packet(#ssh_msg_userauth_success{}, Ssh1)};
+	{false,Ssh1} ->
 	    {not_authorized, {User, {error,"Bad user or password"}}, 
 	     ssh_transport:ssh_packet(#ssh_msg_userauth_failure{
 					 authentications = Methods,
 					 partial_success = false}, 
-				      Ssh#ssh{kb_tries_left = max(KbTriesLeft-1, 0)}
+				      Ssh1#ssh{kb_tries_left = max(KbTriesLeft-1, 0)}
 				     )}
     end;
 
@@ -355,8 +356,6 @@ handle_userauth_info_response(#ssh_msg_userauth_info_response{},
 			      language = "en"}).
 
 
-default_public_key_algorithms() -> ?PREFERRED_PK_ALGS.
-
 %%--------------------------------------------------------------------
 %%% Internal functions
 %%--------------------------------------------------------------------
@@ -365,6 +364,11 @@ method_preference(Algs) ->
 		       [{"publickey", ?MODULE, publickey_msg, [A]} | Acc]
 	       end, 
 	       [{"password", ?MODULE, password_msg, []},
+		{"keyboard-interactive", ?MODULE, keyboard_interactive_msg, []},
+		{"keyboard-interactive", ?MODULE, keyboard_interactive_msg, []},
+		{"keyboard-interactive", ?MODULE, keyboard_interactive_msg, []},
+		{"keyboard-interactive", ?MODULE, keyboard_interactive_msg, []},
+		{"keyboard-interactive", ?MODULE, keyboard_interactive_msg, []},
 		{"keyboard-interactive", ?MODULE, keyboard_interactive_msg, []}
 	       ],
 	       Algs).
@@ -388,13 +392,34 @@ user_name(Opts) ->
 	    {ok, User}
     end.
 
-check_password(User, Password, Opts) ->
+check_password(User, Password, Opts, Ssh) ->
     case proplists:get_value(pwdfun, Opts) of
 	undefined ->
 	    Static = get_password_option(Opts, User),
-	    Password == Static;
-	Cheker ->
-	    Cheker(User, Password)
+	    {Password == Static, Ssh};
+
+	Checker when is_function(Checker,2) ->
+	    {Checker(User, Password), Ssh};
+
+	Checker when is_function(Checker,4) ->
+	    #ssh{pwdfun_user_state = PrivateState,
+		 peer = {_,PeerAddr={_,_}}
+		} = Ssh,
+	    case Checker(User, Password, PeerAddr, PrivateState) of
+		true ->
+		    {true,Ssh};
+		false ->
+		    {false,Ssh};
+		{true,NewState} ->
+		    {true, Ssh#ssh{pwdfun_user_state=NewState}};
+		{false,NewState} ->
+		    {false, Ssh#ssh{pwdfun_user_state=NewState}};
+		disconnect ->
+		    throw(#ssh_msg_disconnect{code = ?SSH_DISCONNECT_SERVICE_NOT_AVAILABLE,
+					      description = 
+						  "Unable to connect using the available authentication methods",
+					      language = ""})
+	    end
     end.
 
 get_password_option(Opts, User) ->
@@ -431,10 +456,7 @@ build_sig_data(SessionId, User, Service, KeyBlob, Alg) ->
 	   ?binary(KeyBlob)],
     list_to_binary(Sig).
 
-algorithm_string('ssh-rsa') ->
-    "ssh-rsa";
-algorithm_string('ssh-dss') ->
-    "ssh-dss".
+
 
 decode_keyboard_interactive_prompts(_NumPrompts, Data) ->
     ssh_message:decode_keyboard_interactive_prompts(Data, []).
@@ -455,14 +477,14 @@ keyboard_interact_get_responses(false, undefined, undefined, _, _, _, [Prompt|_]
     ssh_no_io:read_line(Prompt, Opts); %% Throws error as keyboard interaction is not allowed
 keyboard_interact_get_responses(true, undefined, _,IoCb, Name, Instr, PromptInfos, Opts, _) ->
     keyboard_interact(IoCb, Name, Instr, PromptInfos, Opts);
-keyboard_interact_get_responses(true, Fun, _, Name, Instr, PromptInfos, _, _, NumPrompts) ->
+keyboard_interact_get_responses(true, Fun, _Pwd, _IoCb, Name, Instr, PromptInfos, _Opts, NumPrompts) ->
     keyboard_interact_fun(Fun, Name, Instr, PromptInfos, NumPrompts).
 
 keyboard_interact(IoCb, Name, Instr, Prompts, Opts) ->
-    if Name /= "" -> IoCb:format("~s", [Name]);
+    if Name /= "" -> IoCb:format("~s~n", [Name]);
        true       -> ok
     end,
-    if Instr /= "" -> IoCb:format("~s", [Instr]);
+    if Instr /= "" -> IoCb:format("~s~n", [Instr]);
        true        -> ok
     end,
     lists:map(fun({Prompt, true})  -> IoCb:read_line(Prompt, Opts);
@@ -485,23 +507,18 @@ keyboard_interact_fun(KbdInteractFun, Name, Instr,  PromptInfos, NumPrompts) ->
 				       language = "en"}})
     end.
 
-decode_public_key_v2(<<?UINT32(Len0), _:Len0/binary,
-		       ?UINT32(Len1), E:Len1/big-signed-integer-unit:8,
-		       ?UINT32(Len2), N:Len2/big-signed-integer-unit:8>>
-			 ,"ssh-rsa") ->
-    {ok, #'RSAPublicKey'{publicExponent = E, modulus = N}};
-decode_public_key_v2(<<?UINT32(Len0), _:Len0/binary,
-		       ?UINT32(Len1), P:Len1/big-signed-integer-unit:8,
-		       ?UINT32(Len2), Q:Len2/big-signed-integer-unit:8,
-		       ?UINT32(Len3), G:Len3/big-signed-integer-unit:8,
-		       ?UINT32(Len4), Y:Len4/big-signed-integer-unit:8>>
-			 , "ssh-dss") ->
-    {ok, {Y, #'Dss-Parms'{p = P, q = Q, g = G}}};
-
-decode_public_key_v2(_, _) ->
-    {error, bad_format}.
-
-encode_public_key(#'RSAPrivateKey'{publicExponent = E, modulus = N}) ->
-    ssh_bits:encode(["ssh-rsa",E,N], [string,mpint,mpint]);
-encode_public_key(#'DSAPrivateKey'{p = P, q = Q, g = G, y = Y}) ->
-    ssh_bits:encode(["ssh-dss",P,Q,G,Y], [string,mpint,mpint,mpint,mpint]).
+decode_public_key_v2(Bin, _Type) ->
+    try 
+	public_key:ssh_decode(Bin, ssh2_pubkey)
+    of
+	Key -> {ok, Key}
+    catch
+	_:_ -> {error, bad_format}
+    end.
+
+encode_public_key(_Alg, Key) ->
+    try
+	public_key:ssh_encode(Key, ssh2_pubkey)
+    catch
+	_:_ -> not_ok
+    end.