version 1.4.2.4, 2001/05/07 21:09:25 |
version 1.4.2.5, 2001/09/27 00:15:41 |
|
|
|
|
#include "auth.h" |
#include "auth.h" |
#include "log.h" |
#include "log.h" |
|
#include "xmalloc.h" |
|
|
#ifdef BSD_AUTH |
/* limited protocol v1 interface to kbd-interactive authentication */ |
|
|
|
extern KbdintDevice *devices[]; |
|
static KbdintDevice *device; |
|
|
char * |
char * |
get_challenge(Authctxt *authctxt, char *devs) |
get_challenge(Authctxt *authctxt) |
{ |
{ |
char *challenge; |
char *challenge, *name, *info, **prompts; |
|
u_int i, numprompts; |
|
u_int *echo_on; |
|
|
if (authctxt->as != NULL) { |
device = devices[0]; /* we always use the 1st device for protocol 1 */ |
debug2("try reuse session"); |
if (device == NULL) |
challenge = auth_getitem(authctxt->as, AUTHV_CHALLENGE); |
|
if (challenge != NULL) { |
|
debug2("reuse bsd auth session"); |
|
return challenge; |
|
} |
|
auth_close(authctxt->as); |
|
authctxt->as = NULL; |
|
} |
|
debug2("new bsd auth session"); |
|
if (devs == NULL || strlen(devs) == 0) |
|
devs = authctxt->style; |
|
debug3("bsd auth: devs %s", devs ? devs : "<default>"); |
|
authctxt->as = auth_userchallenge(authctxt->user, devs, "auth-ssh", |
|
&challenge); |
|
if (authctxt->as == NULL) |
|
return NULL; |
return NULL; |
debug2("get_challenge: <%s>", challenge ? challenge : "EMPTY"); |
if ((authctxt->kbdintctxt = device->init_ctx(authctxt)) == NULL) |
return challenge; |
return NULL; |
|
if (device->query(authctxt->kbdintctxt, &name, &info, |
|
&numprompts, &prompts, &echo_on)) { |
|
device->free_ctx(authctxt->kbdintctxt); |
|
authctxt->kbdintctxt = NULL; |
|
return NULL; |
|
} |
|
if (numprompts < 1) |
|
fatal("get_challenge: numprompts < 1"); |
|
challenge = xstrdup(prompts[0]); |
|
for (i = 0; i < numprompts; i++) |
|
xfree(prompts[i]); |
|
xfree(prompts); |
|
xfree(name); |
|
xfree(echo_on); |
|
xfree(info); |
|
|
|
return (challenge); |
} |
} |
int |
int |
verify_response(Authctxt *authctxt, char *response) |
verify_response(Authctxt *authctxt, const char *response) |
{ |
{ |
int authok; |
char *resp[1]; |
|
int res; |
|
|
if (authctxt->as == 0) |
if (device == NULL) |
error("verify_response: no bsd auth session"); |
return 0; |
authok = auth_userresponse(authctxt->as, response, 0); |
if (authctxt->kbdintctxt == NULL) |
authctxt->as = NULL; |
return 0; |
debug("verify_response: <%s> = <%d>", response, authok); |
resp[0] = (char *)response; |
return authok != 0; |
res = device->respond(authctxt->kbdintctxt, 1, resp); |
|
device->free_ctx(authctxt->kbdintctxt); |
|
authctxt->kbdintctxt = NULL; |
|
return res ? 0 : 1; |
} |
} |
#else |
|
#ifdef SKEY |
|
#include <skey.h> |
|
|
|
char * |
|
get_challenge(Authctxt *authctxt, char *devs) |
|
{ |
|
static char challenge[1024]; |
|
struct skey skey; |
|
if (skeychallenge(&skey, authctxt->user, challenge) == -1) |
|
return NULL; |
|
strlcat(challenge, "\nS/Key Password: ", sizeof challenge); |
|
return challenge; |
|
} |
|
int |
|
verify_response(Authctxt *authctxt, char *response) |
|
{ |
|
return (authctxt->valid && |
|
skey_haskey(authctxt->pw->pw_name) == 0 && |
|
skey_passcheck(authctxt->pw->pw_name, response) != -1); |
|
} |
|
#else |
|
/* not available */ |
|
char * |
|
get_challenge(Authctxt *authctxt, char *devs) |
|
{ |
|
return NULL; |
|
} |
|
int |
|
verify_response(Authctxt *authctxt, char *response) |
|
{ |
|
return 0; |
|
} |
|
#endif |
|
#endif |
|