- (bal) auth2-skey.c - Checked in. Missing from portable tree.
This commit is contained in:
Ben Lindstrom
parent
f2de06ba28
commit
fd496053df
|
|
@ -7,6 +7,7 @@
|
||||||
[deattack.c]
|
[deattack.c]
|
||||||
so that large packets do not wrap "n"; from netbsd
|
so that large packets do not wrap "n"; from netbsd
|
||||||
- (bal) rijndel.c - fix up RCSID to match OpenBSD tree
|
- (bal) rijndel.c - fix up RCSID to match OpenBSD tree
|
||||||
|
- (bal) auth2-skey.c - Checked in. Missing from portable tree
|
||||||
|
|
||||||
20001029
|
20001029
|
||||||
- (stevesk) Fix typo in auth.c: USE_PAM not PAM
|
- (stevesk) Fix typo in auth.c: USE_PAM not PAM
|
||||||
|
|
|
||||||
|
|
@ -41,7 +41,7 @@ LIBOPENBSD_COMPAT_OBJS=bsd-arc4random.o bsd-base64.o bsd-bindresvport.o bsd-daem
|
||||||
|
|
||||||
SSHOBJS= ssh.o sshconnect.o sshconnect1.o sshconnect2.o log-client.o readconf.o clientloop.o
|
SSHOBJS= ssh.o sshconnect.o sshconnect1.o sshconnect2.o log-client.o readconf.o clientloop.o
|
||||||
|
|
||||||
SSHDOBJS= sshd.o auth.o auth1.o auth2.o auth-rhosts.o auth-options.o auth-krb4.o auth-pam.o auth-passwd.o auth-rsa.o auth-rh-rsa.o dh.o pty.o log-server.o login.o loginrec.o servconf.o serverloop.o md5crypt.o session.o
|
SSHDOBJS= sshd.o auth.o auth1.o auth2.o auth2-skey.o auth-rhosts.o auth-options.o auth-krb4.o auth-pam.o auth-passwd.o auth-rsa.o auth-rh-rsa.o dh.o pty.o log-server.o login.o loginrec.o servconf.o serverloop.o md5crypt.o session.o
|
||||||
|
|
||||||
TROFFMAN = scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8 sftp-server.8
|
TROFFMAN = scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8 sftp-server.8
|
||||||
CATMAN = scp.0 ssh-add.0 ssh-agent.0 ssh-keygen.0 ssh.0 sshd.0 sftp-server.0
|
CATMAN = scp.0 ssh-add.0 ssh-agent.0 ssh-keygen.0 ssh.0 sshd.0 sftp-server.0
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,107 @@
|
||||||
|
#include "includes.h"
|
||||||
|
RCSID("$OpenBSD: auth2-skey.c,v 1.1 2000/10/11 20:14:38 markus Exp $");
|
||||||
|
|
||||||
|
#ifdef SKEY
|
||||||
|
#include "ssh.h"
|
||||||
|
#include "ssh2.h"
|
||||||
|
#include "auth.h"
|
||||||
|
#include "packet.h"
|
||||||
|
#include "xmalloc.h"
|
||||||
|
#include "dispatch.h"
|
||||||
|
|
||||||
|
void send_userauth_into_request(Authctxt *authctxt, int echo);
|
||||||
|
void input_userauth_info_response(int type, int plen, void *ctxt);
|
||||||
|
|
||||||
|
/*
|
||||||
|
* try skey authentication, always return -1 (= postponed) since we have to
|
||||||
|
* wait for the s/key response.
|
||||||
|
*/
|
||||||
|
int
|
||||||
|
auth2_skey(Authctxt *authctxt)
|
||||||
|
{
|
||||||
|
send_userauth_into_request(authctxt, 0);
|
||||||
|
dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE, &input_userauth_info_response);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
void
|
||||||
|
send_userauth_into_request(Authctxt *authctxt, int echo)
|
||||||
|
{
|
||||||
|
int retval = -1;
|
||||||
|
struct skey skey;
|
||||||
|
char challenge[SKEY_MAX_CHALLENGE];
|
||||||
|
char *fake;
|
||||||
|
|
||||||
|
if (authctxt->user == NULL)
|
||||||
|
fatal("send_userauth_into_request: internal error: no user");
|
||||||
|
|
||||||
|
/* get skey challenge */
|
||||||
|
if (authctxt->valid)
|
||||||
|
retval = skeychallenge(&skey, authctxt->user, challenge);
|
||||||
|
|
||||||
|
if (retval == -1) {
|
||||||
|
fake = skey_fake_keyinfo(authctxt->user);
|
||||||
|
strlcpy(challenge, fake, sizeof challenge);
|
||||||
|
}
|
||||||
|
/* send our info request */
|
||||||
|
packet_start(SSH2_MSG_USERAUTH_INFO_REQUEST);
|
||||||
|
packet_put_cstring("S/Key Authentication"); /* Name */
|
||||||
|
packet_put_cstring(challenge); /* Instruction */
|
||||||
|
packet_put_cstring(""); /* Language */
|
||||||
|
packet_put_int(1); /* Number of prompts */
|
||||||
|
packet_put_cstring(echo ?
|
||||||
|
"Response [Echo]: ": "Response: "); /* Prompt */
|
||||||
|
packet_put_char(echo); /* Echo */
|
||||||
|
packet_send();
|
||||||
|
packet_write_wait();
|
||||||
|
memset(challenge, 'c', sizeof challenge);
|
||||||
|
}
|
||||||
|
|
||||||
|
void
|
||||||
|
input_userauth_info_response(int type, int plen, void *ctxt)
|
||||||
|
{
|
||||||
|
Authctxt *authctxt = ctxt;
|
||||||
|
int authenticated = 0;
|
||||||
|
unsigned int nresp, rlen;
|
||||||
|
char *resp, *method;
|
||||||
|
|
||||||
|
if (authctxt == NULL)
|
||||||
|
fatal("input_userauth_info_response: no authentication context");
|
||||||
|
|
||||||
|
if (authctxt->attempt++ >= AUTH_FAIL_MAX)
|
||||||
|
packet_disconnect("too many failed userauth_requests");
|
||||||
|
|
||||||
|
nresp = packet_get_int();
|
||||||
|
if (nresp == 1) {
|
||||||
|
/* we only support s/key and assume s/key for nresp == 1 */
|
||||||
|
method = "s/key";
|
||||||
|
resp = packet_get_string(&rlen);
|
||||||
|
packet_done();
|
||||||
|
if (strlen(resp) == 0) {
|
||||||
|
/*
|
||||||
|
* if we received a null response, resend prompt with
|
||||||
|
* echo enabled
|
||||||
|
*/
|
||||||
|
authenticated = -1;
|
||||||
|
userauth_log(authctxt, authenticated, method);
|
||||||
|
send_userauth_into_request(authctxt, 1);
|
||||||
|
} else {
|
||||||
|
/* verify skey response */
|
||||||
|
if (authctxt->valid &&
|
||||||
|
skey_haskey(authctxt->pw->pw_name) == 0 &&
|
||||||
|
skey_passcheck(authctxt->pw->pw_name, resp) != -1) {
|
||||||
|
authenticated = 1;
|
||||||
|
} else {
|
||||||
|
authenticated = 0;
|
||||||
|
}
|
||||||
|
memset(resp, 'r', rlen);
|
||||||
|
/* unregister callback */
|
||||||
|
dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE, NULL);
|
||||||
|
userauth_log(authctxt, authenticated, method);
|
||||||
|
userauth_reply(authctxt, authenticated);
|
||||||
|
}
|
||||||
|
xfree(resp);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
#endif /* SKEY */
|
||||||
Loading…
Reference in New Issue