Implemented public/private key authentication functions.

Added authentication exceptions.
Added authentication tests.

Author: Pan

ssh/exceptions.pyx

@@ -43,14 +43,17 @@ class AuthenticationError(BaseSSHError):
     """Raised on fatal errors authenticating"""
 
 
+class AuthenticationPartial(BaseSSHError):
+    """Raised on partial authentication"""
+
+
 class KeyExportError(BaseSSHError):
     """Raised on errors exporting key"""
 
 
 class KeyImportError(BaseSSHError):
     """Raised on errors importing key"""
 
-    
+
 class KeyGenerationError(BaseSSHError):
     """Raised on errors generating key"""
-

ssh/key.pyx

@@ -62,10 +62,10 @@ cdef class SSHKey:
             equal = c_ssh.ssh_key_cmp(
                 self._key, other._key, c_ssh.ssh_keycmp_e.SSH_KEY_CMP_PRIVATE) \
                 if is_private else \
-                   c_ssh.ssh_key_cmp(
-                       self._key, other._key,
-                       c_ssh.ssh_keycmp_e.SSH_KEY_CMP_PUBLIC)
-        return bool(equal)
+                c_ssh.ssh_key_cmp(
+                    self._key, other._key,
+                    c_ssh.ssh_keycmp_e.SSH_KEY_CMP_PUBLIC)
+        return bool(not equal)
 
     def key_type(self):
         cdef c_ssh.ssh_keytypes_e _type
@@ -94,7 +94,7 @@ cdef class SSHKey:
             rc = c_ssh.ssh_pki_export_privkey_file(
                 self._key, c_passphrase, NULL, NULL, c_filepath)
         if rc != c_ssh.SSH_OK:
-            raise KeyExportError(c_ssh.ssh_get_error(self._key))
+            raise KeyExportError
 
     def export_privkey_to_pubkey(self):
         cdef SSHKey pub_key
@@ -103,7 +103,7 @@ cdef class SSHKey:
         with nogil:
             rc = c_ssh.ssh_pki_export_privkey_to_pubkey(self._key, &_pub_key)
         if rc != c_ssh.SSH_OK:
-            raise KeyExportError(c_ssh.ssh_get_error(self._key))
+            raise KeyExportError
         pub_key = SSHKey.from_ptr(_pub_key)
         return pub_key
 
@@ -116,7 +116,7 @@ cdef class SSHKey:
             rc = c_ssh.ssh_pki_export_pubkey_base64(self._key, &_key)
             if rc != c_ssh.SSH_OK:
                 with gil:
-                    raise KeyExportError(c_ssh.ssh_get_error(self._key))
+                    raise KeyExportError
         b_key = _key
         c_ssh.ssh_string_free_char(_key)
         return b_key
@@ -129,7 +129,7 @@ def generate(KeyType key_type, int bits):
     with nogil:
         rc = c_ssh.ssh_pki_generate(key_type._type, bits, &_key)
     if rc != c_ssh.SSH_OK:
-        raise KeyGenerationError(c_ssh.ssh_get_error(_key))
+        raise KeyGenerationError
     key = SSHKey.from_ptr(_key)
     return key
 
@@ -148,7 +148,7 @@ def import_privkey_base64(bytes b64_key, passphrase=None):
         rc = c_ssh.ssh_pki_import_privkey_base64(
             c_key, c_passphrase, NULL, NULL, &_key)
     if rc != c_ssh.SSH_OK:
-        raise KeyImportError(c_ssh.ssh_get_error(_key))
+        raise KeyImportError
     key = SSHKey.from_ptr(_key)
     return key
 
@@ -168,7 +168,7 @@ def import_privkey_file(filepath, passphrase=None):
         rc = c_ssh.ssh_pki_import_privkey_file(
             c_filepath, c_passphrase, NULL, NULL, &_key)
     if rc != c_ssh.SSH_OK:
-        raise KeyExportError(c_ssh.ssh_get_error(_key))
+        raise KeyImportError
     key = SSHKey.from_ptr(_key)
     return key
 
@@ -182,7 +182,7 @@ def import_pubkey_base64(bytes b64_key, KeyType key_type):
         rc = c_ssh.ssh_pki_import_pubkey_base64(
             c_key, key_type._type, &_key)
     if rc != c_ssh.SSH_OK:
-        raise KeyImportError(c_ssh.ssh_get_error(_key))
+        raise KeyImportError
     key = SSHKey.from_ptr(_key)
     return key
 
@@ -197,6 +197,6 @@ def import_pubkey_file(filepath):
         rc = c_ssh.ssh_pki_import_pubkey_file(
             c_filepath, &_key)
     if rc != c_ssh.SSH_OK:
-        raise KeyExportError(c_ssh.ssh_get_error(_key))
+        raise KeyImportError
     key = SSHKey.from_ptr(_key)
     return key

ssh/options.pyx

@@ -52,26 +52,33 @@ TIMEOUT_USEC = Option.from_option(ssh_options_e.SSH_OPTIONS_TIMEOUT_USEC)
 SSH1 = Option.from_option(ssh_options_e.SSH_OPTIONS_SSH1)
 SSH2 = Option.from_option(ssh_options_e.SSH_OPTIONS_SSH2)
 LOG_VERBOSITY = Option.from_option(ssh_options_e.SSH_OPTIONS_LOG_VERBOSITY)
-LOG_VERBOSITY_STR = Option.from_option(ssh_options_e.SSH_OPTIONS_LOG_VERBOSITY_STR)
+LOG_VERBOSITY_STR = Option.from_option(
+    ssh_options_e.SSH_OPTIONS_LOG_VERBOSITY_STR)
 CIPHERS_C_S = Option.from_option(ssh_options_e.SSH_OPTIONS_CIPHERS_C_S)
 CIPHERS_S_C = Option.from_option(ssh_options_e.SSH_OPTIONS_CIPHERS_S_C)
 COMPRESSION_C_S = Option.from_option(ssh_options_e.SSH_OPTIONS_COMPRESSION_C_S)
 COMPRESSION_S_C = Option.from_option(ssh_options_e.SSH_OPTIONS_COMPRESSION_S_C)
 PROXYCOMMAND = Option.from_option(ssh_options_e.SSH_OPTIONS_PROXYCOMMAND)
 BINDADDR = Option.from_option(ssh_options_e.SSH_OPTIONS_BINDADDR)
-STRICTHOSTKEYCHECK = Option.from_option(ssh_options_e.SSH_OPTIONS_STRICTHOSTKEYCHECK)
+STRICTHOSTKEYCHECK = Option.from_option(
+    ssh_options_e.SSH_OPTIONS_STRICTHOSTKEYCHECK)
 COMPRESSION = Option.from_option(ssh_options_e.SSH_OPTIONS_COMPRESSION)
-COMPRESSION_LEVEL = Option.from_option(ssh_options_e.SSH_OPTIONS_COMPRESSION_LEVEL)
+COMPRESSION_LEVEL = Option.from_option(
+    ssh_options_e.SSH_OPTIONS_COMPRESSION_LEVEL)
 KEY_EXCHANGE = Option.from_option(ssh_options_e.SSH_OPTIONS_KEY_EXCHANGE)
 HOSTKEYS = Option.from_option(ssh_options_e.SSH_OPTIONS_HOSTKEYS)
-GSSAPI_SERVER_IDENTITY = Option.from_option(ssh_options_e.SSH_OPTIONS_GSSAPI_SERVER_IDENTITY)
-GSSAPI_CLIENT_IDENTITY = Option.from_option(ssh_options_e.SSH_OPTIONS_GSSAPI_CLIENT_IDENTITY)
-GSSAPI_DELEGATE_CREDENTIALS = Option.from_option(ssh_options_e.SSH_OPTIONS_GSSAPI_DELEGATE_CREDENTIALS)
+GSSAPI_SERVER_IDENTITY = Option.from_option(
+    ssh_options_e.SSH_OPTIONS_GSSAPI_SERVER_IDENTITY)
+GSSAPI_CLIENT_IDENTITY = Option.from_option(
+    ssh_options_e.SSH_OPTIONS_GSSAPI_CLIENT_IDENTITY)
+GSSAPI_DELEGATE_CREDENTIALS = Option.from_option(
+    ssh_options_e.SSH_OPTIONS_GSSAPI_DELEGATE_CREDENTIALS)
 HMAC_C_S = Option.from_option(ssh_options_e.SSH_OPTIONS_HMAC_C_S)
 HMAC_S_C = Option.from_option(ssh_options_e.SSH_OPTIONS_HMAC_S_C)
 PASSWORD_AUTH = Option.from_option(ssh_options_e.SSH_OPTIONS_PASSWORD_AUTH)
 PUBKEY_AUTH = Option.from_option(ssh_options_e.SSH_OPTIONS_PUBKEY_AUTH)
 KBDINT_AUTH = Option.from_option(ssh_options_e.SSH_OPTIONS_KBDINT_AUTH)
 GSSAPI_AUTH = Option.from_option(ssh_options_e.SSH_OPTIONS_GSSAPI_AUTH)
-GLOBAL_KNOWNHOSTS = Option.from_option(ssh_options_e.SSH_OPTIONS_GLOBAL_KNOWNHOSTS)
+GLOBAL_KNOWNHOSTS = Option.from_option(
+    ssh_options_e.SSH_OPTIONS_GLOBAL_KNOWNHOSTS)
 NODELAY = Option.from_option(ssh_options_e.SSH_OPTIONS_NODELAY)

ssh/session.pyx

@@ -18,8 +18,10 @@ from cpython cimport PyObject_AsFileDescriptor
 from libc.stdlib cimport malloc, free
 from libc.string cimport const_char
 
-from utils cimport to_bytes, to_str, handle_error_codes
+from utils cimport to_bytes, to_str, handle_ssh_error_codes, \
+    handle_auth_error_codes
 from options cimport Option
+from key cimport SSHKey
 
 from exceptions import OptionError
 
@@ -43,7 +45,7 @@ cdef class Session:
         cdef int rc
         with nogil:
             rc = c_ssh.ssh_blocking_flush(self._session, timeout)
-        return handle_error_codes(rc, self._session)
+        return handle_ssh_error_codes(rc, self._session)
 
     def new_channel(self):
         cdef c_ssh.ssh_channel _channel
@@ -54,7 +56,7 @@ cdef class Session:
         cdef int rc
         with nogil:
             rc = c_ssh.ssh_connect(self._session)
-        return handle_error_codes(rc, self._session)
+        return handle_ssh_error_codes(rc, self._session)
 
     def disconnect(self):
         with nogil:
@@ -78,7 +80,7 @@ cdef class Session:
         with nogil:
             rc = c_ssh.ssh_channel_cancel_forward(
                 self._session, c_address, port)
-        return handle_error_codes(rc, self._session)
+        return handle_ssh_error_codes(rc, self._session)
 
     def listen_forward(self, address, int port, int bound_port):
         cdef bytes b_address = to_bytes(address)
@@ -87,7 +89,7 @@ cdef class Session:
         with nogil:
             rc = c_ssh.ssh_channel_listen_forward(
                 self._session, c_address, port, &bound_port)
-        return handle_error_codes(rc, self._session)
+        return handle_ssh_error_codes(rc, self._session)
 
     def get_disconnect_message(self):
         cdef const char *message
@@ -160,7 +162,7 @@ cdef class Session:
         cdef int rc
         with nogil:
             rc = c_ssh.ssh_options_copy(self._session, &destination._session)
-        return handle_error_codes(rc, self._session)
+        return handle_ssh_error_codes(rc, self._session)
 
     def options_getopt(self):
         raise NotImplementedError
@@ -171,14 +173,14 @@ cdef class Session:
         cdef int rc
         with nogil:
             rc = c_ssh.ssh_options_parse_config(self._session, c_filepath)
-        return handle_error_codes(rc, self._session)
+        return handle_ssh_error_codes(rc, self._session)
 
     def options_set_port(self, int port):
         cdef int rc
         with nogil:
             rc = c_ssh.ssh_options_set(
                 self._session, c_ssh.ssh_options_e.SSH_OPTIONS_PORT, &port)
-        return handle_error_codes(rc, self._session)
+        return handle_ssh_error_codes(rc, self._session)
 
     def options_set(self, Option option, value):
         """Set an option for session.
@@ -193,7 +195,7 @@ cdef class Session:
         c_value = b_value
         with nogil:
             rc = c_ssh.ssh_options_set(self._session, option._option, c_value)
-        return handle_error_codes(rc, self._session)
+        return handle_ssh_error_codes(rc, self._session)
 
     def options_get(self, Option option):
         cdef char *_value
@@ -214,22 +216,22 @@ cdef class Session:
         cdef int rc
         with nogil:
             rc = c_ssh.ssh_options_get_port(self._session, &port_target)
-        return handle_error_codes(rc, self._session)
+        return handle_ssh_error_codes(rc, self._session)
 
     def send_ignore(self, bytes data):
         cdef char *c_data = data
         cdef int rc
         with nogil:
             rc = c_ssh.ssh_send_ignore(self._session, c_data)
-        return handle_error_codes(rc, self._session)
+        return handle_ssh_error_codes(rc, self._session)
 
     def send_debug(self, bytes message, int always_display):
         cdef char *c_message = message
         cdef int rc
         with nogil:
             rc = c_ssh.ssh_send_debug(
                 self._session, c_message, always_display)
-        return handle_error_codes(rc, self._session)
+        return handle_ssh_error_codes(rc, self._session)
 
     def gssapi_set_creds(self, creds):
         raise NotImplementedError
@@ -239,7 +241,7 @@ cdef class Session:
         cdef char *c_service = service
         with nogil:
             rc = c_ssh.ssh_service_request(self._session, c_service)
-        return handle_error_codes(rc, self._session)
+        return handle_ssh_error_codes(rc, self._session)
 
     def set_agent_channel(self, channel):
         raise NotImplementedError
@@ -248,7 +250,7 @@ cdef class Session:
         cdef int rc
         with nogil:
             rc = c_ssh.ssh_set_agent_socket(self._session, fd)
-        return handle_error_codes(rc, self._session)
+        return handle_ssh_error_codes(rc, self._session)
 
     def set_blocking(self, int blocking):
         with nogil:
@@ -278,44 +280,44 @@ cdef class Session:
         cdef int rc
         with nogil:
             rc = c_ssh.ssh_userauth_none(self._session, NULL)
-        return handle_error_codes(rc, self._session)
+        return handle_ssh_error_codes(rc, self._session)
 
     def userauth_list(self):
         cdef int rc
         with nogil:
             rc = c_ssh.ssh_userauth_list(self._session, NULL)
-        return handle_error_codes(rc, self._session)
+        return handle_ssh_error_codes(rc, self._session)
 
-    def userauth_try_publickey(self, username, pubkey):
-        cdef bytes b_username = to_bytes(username)
-        cdef char *c_username = b_username
+    def userauth_try_publickey(self, SSHKey pubkey):
         cdef int rc
-        raise NotImplementedError
+        with nogil:
+            rc = c_ssh.ssh_userauth_try_publickey(
+                self._session, NULL, pubkey._key)
+        return handle_auth_error_codes(rc, self._session)
 
-    def userauth_publickey(self, username, privkey):
-        cdef bytes b_username = to_bytes(username)
-        cdef char *c_username = b_username
+    def userauth_publickey(self, SSHKey privkey):
         cdef int rc
-        raise NotImplementedError
+        with nogil:
+            rc = c_ssh.ssh_userauth_publickey(
+                self._session, NULL, privkey._key)
+        return handle_auth_error_codes(rc, self._session)
 
     def userauth_agent(self, username):
         cdef bytes b_username = to_bytes(username)
         cdef char *c_username = b_username
         cdef int rc
         with nogil:
             rc = c_ssh.ssh_userauth_agent(self._session, c_username)
-        return handle_error_codes(rc, self._session)
+        return handle_ssh_error_codes(rc, self._session)
 
-    def userauth_publickey_auto(self, username, passphrase):
-        cdef bytes b_username = to_bytes(username)
+    def userauth_publickey_auto(self, passphrase):
         cdef bytes b_passphrase = to_bytes(passphrase)
-        cdef char *c_username = b_username
         cdef char *c_passphrase = b_passphrase
         cdef int rc
         with nogil:
             rc = c_ssh.ssh_userauth_publickey_auto(
-                self._session, c_username, c_passphrase)
-        return handle_error_codes(rc, self._session)
+                self._session, NULL, c_passphrase)
+        return handle_ssh_error_codes(rc, self._session)
 
     def userauth_password(self, username, password):
         cdef bytes b_username = to_bytes(username)
@@ -326,7 +328,7 @@ cdef class Session:
         with nogil:
             rc = c_ssh.ssh_userauth_password(
                 self._session, c_username, c_password)
-        return handle_error_codes(rc, self._session)
+        return handle_ssh_error_codes(rc, self._session)
 
     def userauth_kbdint(self, username, submethods):
         cdef bytes b_username = to_bytes(username)
@@ -337,13 +339,14 @@ cdef class Session:
         with nogil:
             rc = c_ssh.ssh_userauth_kbdint(
                 self._session, c_username, c_submethods)
-        return handle_error_codes(rc, self._session)
+        return handle_ssh_error_codes(rc, self._session)
 
     def userauth_kbdint_getinstruction(self):
         cdef bytes b_instruction
         cdef const_char *_instruction
         with nogil:
-            _instruction = c_ssh.ssh_userauth_kbdint_getinstruction(self._session)
+            _instruction = c_ssh.ssh_userauth_kbdint_getinstruction(
+                self._session)
         b_instruction = to_str(<char *>_instruction)
         return b_instruction
 
@@ -392,19 +395,19 @@ cdef class Session:
         with nogil:
             rc = c_ssh.ssh_userauth_kbdint_setanswer(
                 self._session, i, <const_char *>(c_answer))
-        return handle_error_codes(rc, self._session)
+        return handle_ssh_error_codes(rc, self._session)
 
     def userauth_gssapi(self):
         cdef int rc
         with nogil:
             rc = c_ssh.ssh_userauth_gssapi(self._session)
-        return handle_error_codes(rc, self._session)
+        return handle_ssh_error_codes(rc, self._session)
 
     def write_knownhost(self):
         cdef int rc
         with nogil:
             rc = c_ssh.ssh_write_knownhost(self._session)
-        return handle_error_codes(rc, self._session)
+        return handle_ssh_error_codes(rc, self._session)
 
     def dump_knownhost(self):
         cdef const_char *_known_host

ssh/utils.pxd

@@ -17,4 +17,5 @@
 cdef bytes to_bytes(_str)
 cdef object to_str(char *c_str)
 cdef object to_str_len(char *c_str, int length)
-cdef int handle_error_codes(int errcode, void *caller) except -1
+cdef int handle_ssh_error_codes(int errcode, void *caller) except -1
+cdef int handle_auth_error_codes(int errcode, void *caller) except -1