Oops.. missed theses in the merge.

2001-01-19 04:29:23 +00:00 · 2001-01-19 04:29:23 +00:00 · f569241db2
parent db65e8fded
commit f569241db2
2 changed files with 0 additions and 322 deletions
--- a/auth-skey.c
+++ b/auth-skey.c
@ -1,215 +0,0 @@
 /*
 * Copyright (c) 1999,2000 Markus Friedl.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 #include "includes.h"
 RCSID("$OpenBSD: auth-skey.c,v 1.9 2000/10/19 16:41:13 deraadt Exp $");
 #ifdef SKEY
 #include "ssh.h"
 #include "packet.h"
 #include <openssl/sha.h>
 /* from %OpenBSD: skeylogin.c,v 1.32 1999/08/16 14:46:56 millert Exp % */
 /*
 * try skey authentication,
 * return 1 on success, 0 on failure, -1 if skey is not available
 */
 int
 auth_skey_password(struct passwd * pw, const char *password)
 {
 	if (strncasecmp(password, "s/key", 5) == 0) {
 		char *skeyinfo = skey_keyinfo(pw->pw_name);
 		if (skeyinfo == NULL) {
 			debug("generating fake skeyinfo for %.100s.",
 			    pw->pw_name);
 			skeyinfo = skey_fake_keyinfo(pw->pw_name);
 		}
 		if (skeyinfo != NULL)
 			packet_send_debug("%s", skeyinfo);
 		/* Try again. */
 		return 0;
 	} else if (skey_haskey(pw->pw_name) == 0 &&
 		   skey_passcheck(pw->pw_name, (char *) password) != -1) {
 		/* Authentication succeeded. */
 		return 1;
 	}
 	/* Fall back to ordinary passwd authentication. */
 	return -1;
 }
 /* from %OpenBSD: skeylogin.c,v 1.32 1999/08/16 14:46:56 millert Exp % */
 #define ROUND(x)   (((x)[0] << 24) + (((x)[1]) << 16) + (((x)[2]) << 8) + \
 		    ((x)[3]))
 /*
 * hash_collapse()
 */
 static u_int32_t
 hash_collapse(s)
 	u_char *s;
 {
 	int len, target;
 	u_int32_t i;
 	if ((strlen(s) % sizeof(u_int32_t)) == 0)
 		target = strlen(s);    /* Multiple of 4 */
 	else
 		target = strlen(s) - (strlen(s) % sizeof(u_int32_t));
 	for (i = 0, len = 0; len < target; len += 4)
 		i ^= ROUND(s + len);
 	return i;
 }
 char *
 skey_fake_keyinfo(char *username)
 {
 	int i;
 	u_int ptr;
 	u_char hseed[SKEY_MAX_SEED_LEN], flg = 1, *up;
 	char pbuf[SKEY_MAX_PW_LEN+1];
 	static char skeyprompt[SKEY_MAX_CHALLENGE+1];
 	char *secret = NULL;
 	size_t secretlen = 0;
 	SHA_CTX ctx;
 	char *p, *u;
 	/*
 	 * Base first 4 chars of seed on hostname.
 	 * Add some filler for short hostnames if necessary.
 	 */
 	if (gethostname(pbuf, sizeof(pbuf)) == -1)
 		*(p = pbuf) = '.';
 	else
 		for (p = pbuf; *p && isalnum(*p); p++)
 			if (isalpha(*p) && isupper(*p))
 				*p = tolower(*p);
 	if (*p && pbuf - p < 4)
 		(void)strncpy(p, "asjd", 4 - (pbuf - p));
 	pbuf[4] = '\0';
 	/* Hash the username if possible */
 	up = malloc(SHA_DIGEST_LENGTH);
 	if (up != NULL) {
 		struct stat sb;
 		time_t t;
 		int fd;
 		SHA1_Init(&ctx);
 		SHA1_Update(&ctx, username, strlen(username));
 		SHA1_Final(up, &ctx);
 		/* Collapse the hash */
 		ptr = hash_collapse(up);
 		memset(up, 0, strlen(up));
 		/* See if the random file's there, else use ctime */
 		if ((fd = open(_SKEY_RAND_FILE_PATH_, O_RDONLY)) != -1
 		    && fstat(fd, &sb) == 0 &&
 		    sb.st_size > (off_t)SKEY_MAX_SEED_LEN &&
 		    lseek(fd, ptr % (sb.st_size - SKEY_MAX_SEED_LEN),
 		    SEEK_SET) != -1 && read(fd, hseed,
 		    SKEY_MAX_SEED_LEN) == SKEY_MAX_SEED_LEN) {
 			close(fd);
 			fd = -1;
 			secret = hseed;
 			secretlen = SKEY_MAX_SEED_LEN;
 			flg = 0;
 		} else if (!stat(_PATH_MEM, &sb) || !stat("/", &sb)) {
 			t = sb.st_ctime;
 			secret = ctime(&t);
 			secretlen = strlen(secret);
 			flg = 0;
 		}
 		if (fd != -1)
 			close(fd);
 	}
 	/* Put that in your pipe and smoke it */
 	if (flg == 0) {
 		/* Hash secret value with username */
 		SHA1_Init(&ctx);
 		SHA1_Update(&ctx, secret, secretlen);
 		SHA1_Update(&ctx, username, strlen(username));
 		SHA1_Final(up, &ctx);
 		/* Zero out */
 		memset(secret, 0, secretlen);
 		/* Now hash the hash */
 		SHA1_Init(&ctx);
 		SHA1_Update(&ctx, up, strlen(up));
 		SHA1_Final(up, &ctx);
 		ptr = hash_collapse(up + 4);
 		for (i = 4; i < 9; i++) {
 			pbuf[i] = (ptr % 10) + '0';
 			ptr /= 10;
 		}
 		pbuf[i] = '\0';
 		/* Sequence number */
 		ptr = ((up[2] + up[3]) % 99) + 1;
 		memset(up, 0, SHA_DIGEST_LENGTH); /* SHA1 specific */
 		free(up);
 		(void)snprintf(skeyprompt, sizeof skeyprompt,
 			      "otp-%.*s %d %.*s",
 			      SKEY_MAX_HASHNAME_LEN,
 			      skey_get_algorithm(),
 			      ptr, SKEY_MAX_SEED_LEN,
 			      pbuf);
 	} else {
 		/* Base last 8 chars of seed on username */
 		u = username;
 		i = 8;
 		p = &pbuf[4];
 		do {
 			if (*u == 0) {
 				/* Pad remainder with zeros */
 				while (--i >= 0)
 					*p++ = '0';
 				break;
 			}
 			*p++ = (*u++ % 10) + '0';
 		} while (--i != 0);
 		pbuf[12] = '\0';
 		(void)snprintf(skeyprompt, sizeof skeyprompt,
 			      "otp-%.*s %d %.*s",
 			      SKEY_MAX_HASHNAME_LEN,
 			      skey_get_algorithm(),
 			      99, SKEY_MAX_SEED_LEN, pbuf);
 	}
 	return skeyprompt;
 }
 #endif /* SKEY */
--- a/auth2-skey.c
+++ b/auth2-skey.c
@ -1,107 +0,0 @@
 #include "includes.h"
 RCSID("$OpenBSD: auth2-skey.c,v 1.2 2000/12/19 23:17:55 markus Exp $");
 #ifdef SKEY
 #include "ssh.h"
 #include "ssh2.h"
 #include "auth.h"
 #include "packet.h"
 #include "xmalloc.h"
 #include "dispatch.h"
 void	send_userauth_into_request(Authctxt *authctxt, int echo);
 void	input_userauth_info_response(int type, int plen, void *ctxt);
 /*
 * try skey authentication, always return -1 (= postponed) since we have to
 * wait for the s/key response.
 */
 int
 auth2_skey(Authctxt *authctxt)
 {
 	send_userauth_into_request(authctxt, 0);
 	dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE, &input_userauth_info_response);
 	return -1;
 }
 void
 send_userauth_into_request(Authctxt *authctxt, int echo)
 {
 	int retval = -1;
 	struct skey skey;
 	char challenge[SKEY_MAX_CHALLENGE];
 	char *fake;
 	if (authctxt->user == NULL)
 		fatal("send_userauth_into_request: internal error: no user");
 	/* get skey challenge */
 	if (authctxt->valid)
 		retval = skeychallenge(&skey, authctxt->user, challenge);
 	if (retval == -1) {
 		fake = skey_fake_keyinfo(authctxt->user);
 		strlcpy(challenge, fake, sizeof challenge);
 	}
 	/* send our info request */
 	packet_start(SSH2_MSG_USERAUTH_INFO_REQUEST);
 	packet_put_cstring("S/Key Authentication");	/* Name */
 	packet_put_cstring(challenge);			/* Instruction */
 	packet_put_cstring("");				/* Language */
 	packet_put_int(1);			 	/* Number of prompts */
 	packet_put_cstring(echo ?
 		 "Response [Echo]: ": "Response: ");	/* Prompt */
 	packet_put_char(echo);				/* Echo */
 	packet_send();
 	packet_write_wait();
 	memset(challenge, 'c', sizeof challenge);
 }
 void
 input_userauth_info_response(int type, int plen, void *ctxt)
 {
 	Authctxt *authctxt = ctxt;
 	int authenticated = 0;
 	u_int nresp, rlen;
 	char *resp, *method;
 	if (authctxt == NULL)
 		fatal("input_userauth_info_response: no authentication context");
 	if (authctxt->attempt++ >= AUTH_FAIL_MAX)
 		packet_disconnect("too many failed userauth_requests");
 	nresp = packet_get_int();
 	if (nresp == 1) {
 		/* we only support s/key and assume s/key for nresp == 1 */
 		method = "s/key";
 		resp = packet_get_string(&rlen);
 		packet_done();
 		if (strlen(resp) == 0) {
 			/*
 			 * if we received a null response, resend prompt with
 			 * echo enabled
 			 */
 			authenticated = -1;
 			userauth_log(authctxt, authenticated, method);
 			send_userauth_into_request(authctxt, 1);
 		} else {
 			/* verify skey response */
 			if (authctxt->valid &&
 			    skey_haskey(authctxt->pw->pw_name) == 0 &&
 			    skey_passcheck(authctxt->pw->pw_name, resp) != -1) {
 				authenticated = 1;
 			} else {
 				authenticated = 0;
 			}
 			memset(resp, 'r', rlen);
 			/* unregister callback */
 			dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE, NULL);
 			userauth_log(authctxt, authenticated, method);
 			userauth_reply(authctxt, authenticated);
 		}
 		xfree(resp);
 	}
 }
 #endif /* SKEY */