Thomas Stover wrote: > tho...@k-9:~/src/libssh2-1.2.7-20100617/example$ > LD_LIBRARY_PATH=/home/thomas/lib/ ./ssh2_agent 127.0.0.1 thomas .. > [libssh2] 0.736258 Failure Event: 0 - agent list id failed
This message is slightly worrying. I'm not actually sure where it comes from. The string 'agent list id failed' seems not to be in libssh2 at all. :\ > [libssh2] 0.736267 Userauth: Attempting publickey authentication > => libssh2_transport_write plain (334 bytes) > 0000: 32 00 00 00 06 74 68 6F 6D 61 73 00 00 00 0E 73 : 2....thomas....s > 0010: 73 68 2D 63 6F 6E 6E 65 63 74 69 6F 6E 00 00 00 : sh-connection... > 0020: 09 70 75 62 6C 69 63 6B 65 79 00 00 00 00 07 73 : .publickey.....s > 0030: 73 68 2D 72 73 61 00 00 01 14 00 00 00 07 73 73 : sh-rsa........ss > 0040: 68 2D 72 73 61 00 00 00 01 25 00 00 01 00 7E 6A : h-rsa....%....~j > 0050: 1C D7 9F F4 8D 8D 79 33 0E 88 A5 9F DF 89 11 7C : ......y3.......| > 0060: B7 42 E1 67 C3 8E 1A 96 71 1C 4B C9 16 81 20 CB : .B.g....q.K... . .. But clearly keys in the agent can be used for auth still, or this packet wouldn't go out. > [libssh2] 0.736401 Transport: Looking for packet of type: 52 > [libssh2] 0.736403 Transport: Looking for packet of type: 51 > [libssh2] 0.736406 Transport: Looking for packet of type: 60 > [libssh2] 0.736409 Socket: Error recving 16384 bytes to 0x18fb508+0: 11 > [libssh2] 0.736412 Failure Event: -37 - Would block > Authentication with username thomas and public key > /home/thomas/.ssh/identity failed! This shows a bug. Looking at the code agrees. One could argue this is a bug in the example but I really hate that libssh2 insists on the IMO useless non-blocking approach in every single instance so I argue that this is a bug in the agent code, or maybe even in _libssh2_userauth_publickey(). Anyway, documentation and code for libssh2_agent_userauth() disagrees, and the code is returning -37 or LIBSSH2_ERROR_EAGAIN from the lower layers of libssh2, which means that the caller should just try again, but the example interprets this as failure which is also what the man page indicates. I do not want to have agent ops be non-blocking, but on the other hand I want none of libssh2 to be non-blocking. While this gets discussed further you could try the attached patch, Thomas. > btw, did I just post my private key? No, the public key. The private key is never sent over the wire and not in any debug messages. //Peter
>From 9f3526e6596ec58c5cbfb7e493d59b1b17ad076d Mon Sep 17 00:00:00 2001 From: Peter Stuge <[email protected]> Date: Thu, 17 Jun 2010 08:46:10 +0200 Subject: [PATCH] Make libssh2_agent_userauth() spin on _EAGAIN This function calls _libssh2_userauth_publickey() which can return LIBSSH2_ERROR_EAGAIN in which case _libssh2_userauth_publickey() should just be called again. libssh2_agent_userauth() would report this back to the caller where it would be interpreted as an error, all according to the man page. Let's fix the code. Reported-by: Thomas Stover <[email protected]> --- src/agent.c | 20 ++++++++++---------- 1 files changed, 10 insertions(+), 10 deletions(-) diff --git a/src/agent.c b/src/agent.c index d96ca0a..d19d7ea 100644 --- a/src/agent.c +++ b/src/agent.c @@ -742,18 +742,18 @@ libssh2_agent_userauth(LIBSSH2_AGENT *agent, const char *username, struct libssh2_agent_publickey *identity) { + int rc; void *abstract = agent; - if (agent->session->userauth_pblc_state == libssh2_NB_state_idle) { - memset(&agent->transctx, 0, sizeof agent->transctx); - agent->identity = identity->node; - } - return _libssh2_userauth_publickey(agent->session, username, - strlen(username), - identity->blob, - identity->blob_len, - agent_sign, - &abstract); + memset(&agent->transctx, 0, sizeof agent->transctx); + agent->identity = identity->node; + do { + rc = _libssh2_userauth_publickey(agent->session, username, + strlen(username), identity->blob, + identity->blob_len, agent_sign, + &abstract); + } while (LIBSSH2_ERROR_EAGAIN == rc); + return rc; } /* -- 1.6.3.3
_______________________________________________ libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
