version 1.27.2.4, 2001/05/07 21:09:37 |
version 1.27.2.5, 2001/09/27 00:15:43 |
|
|
#include "key.h" |
#include "key.h" |
#include "sshconnect.h" |
#include "sshconnect.h" |
#include "authfile.h" |
#include "authfile.h" |
#include "cli.h" |
|
#include "dh.h" |
#include "dh.h" |
#include "authfd.h" |
#include "authfd.h" |
#include "log.h" |
#include "log.h" |
|
|
|
|
Kex *xxx_kex = NULL; |
Kex *xxx_kex = NULL; |
|
|
int |
static int |
check_host_key_callback(Key *hostkey) |
verify_host_key_callback(Key *hostkey) |
{ |
{ |
check_host_key(xxx_host, xxx_hostaddr, hostkey, |
if (verify_host_key(xxx_host, xxx_hostaddr, hostkey) == -1) |
options.user_hostfile2, options.system_hostfile2); |
fatal("verify_host_key failed"); |
return 0; |
return 0; |
} |
} |
|
|
|
|
kex = kex_setup(myproposal); |
kex = kex_setup(myproposal); |
kex->client_version_string=client_version_string; |
kex->client_version_string=client_version_string; |
kex->server_version_string=server_version_string; |
kex->server_version_string=server_version_string; |
kex->check_host_key=&check_host_key_callback; |
kex->verify_host_key=&verify_host_key_callback; |
|
|
xxx_kex = kex; |
xxx_kex = kex; |
|
|
|
|
/* hostbased */ |
/* hostbased */ |
Key **keys; |
Key **keys; |
int nkeys; |
int nkeys; |
|
/* kbd-interactive */ |
|
int info_req_seen; |
}; |
}; |
struct Authmethod { |
struct Authmethod { |
char *name; /* string to compare against server's list */ |
char *name; /* string to compare against server's list */ |
|
|
|
|
void userauth(Authctxt *authctxt, char *authlist); |
void userauth(Authctxt *authctxt, char *authlist); |
|
|
int |
static int sign_and_send_pubkey(Authctxt *, Key *, sign_cb_fn *); |
sign_and_send_pubkey(Authctxt *authctxt, Key *k, |
static void clear_auth_state(Authctxt *); |
sign_cb_fn *sign_callback); |
|
void clear_auth_state(Authctxt *authctxt); |
|
|
|
Authmethod *authmethod_get(char *authlist); |
static Authmethod *authmethod_get(char *authlist); |
Authmethod *authmethod_lookup(const char *name); |
static Authmethod *authmethod_lookup(const char *name); |
char *authmethods_get(void); |
static char *authmethods_get(void); |
|
|
Authmethod authmethods[] = { |
Authmethod authmethods[] = { |
|
{"hostbased", |
|
userauth_hostbased, |
|
&options.hostbased_authentication, |
|
NULL}, |
{"publickey", |
{"publickey", |
userauth_pubkey, |
userauth_pubkey, |
&options.pubkey_authentication, |
&options.pubkey_authentication, |
NULL}, |
NULL}, |
{"password", |
|
userauth_passwd, |
|
&options.password_authentication, |
|
&options.batch_mode}, |
|
{"keyboard-interactive", |
{"keyboard-interactive", |
userauth_kbdint, |
userauth_kbdint, |
&options.kbd_interactive_authentication, |
&options.kbd_interactive_authentication, |
&options.batch_mode}, |
&options.batch_mode}, |
{"hostbased", |
{"password", |
userauth_hostbased, |
userauth_passwd, |
&options.hostbased_authentication, |
&options.password_authentication, |
NULL}, |
&options.batch_mode}, |
{"none", |
{"none", |
userauth_none, |
userauth_none, |
NULL, |
NULL, |
|
|
int type; |
int type; |
int plen; |
int plen; |
|
|
if (options.challenge_reponse_authentication) |
if (options.challenge_response_authentication) |
options.kbd_interactive_authentication = 1; |
options.kbd_interactive_authentication = 1; |
|
|
debug("send SSH2_MSG_SERVICE_REQUEST"); |
debug("send SSH2_MSG_SERVICE_REQUEST"); |
|
|
options.preferred_authentications = authmethods_get(); |
options.preferred_authentications = authmethods_get(); |
|
|
/* setup authentication context */ |
/* setup authentication context */ |
|
memset(&authctxt, 0, sizeof(authctxt)); |
authctxt.agent = ssh_get_authentication_connection(); |
authctxt.agent = ssh_get_authentication_connection(); |
authctxt.server_user = server_user; |
authctxt.server_user = server_user; |
authctxt.local_user = local_user; |
authctxt.local_user = local_user; |
|
|
authctxt.authlist = NULL; |
authctxt.authlist = NULL; |
authctxt.keys = keys; |
authctxt.keys = keys; |
authctxt.nkeys = nkeys; |
authctxt.nkeys = nkeys; |
|
authctxt.info_req_seen = 0; |
if (authctxt.method == NULL) |
if (authctxt.method == NULL) |
fatal("ssh_userauth2: internal error: cannot send userauth none request"); |
fatal("ssh_userauth2: internal error: cannot send userauth none request"); |
|
|
|
|
return 1; |
return 1; |
} |
} |
|
|
void |
static void |
clear_auth_state(Authctxt *authctxt) |
clear_auth_state(Authctxt *authctxt) |
{ |
{ |
/* XXX clear authentication state */ |
/* XXX clear authentication state */ |
|
|
authctxt->last_key_sign = NULL; |
authctxt->last_key_sign = NULL; |
} |
} |
|
|
int |
static int |
sign_and_send_pubkey(Authctxt *authctxt, Key *k, sign_cb_fn *sign_callback) |
sign_and_send_pubkey(Authctxt *authctxt, Key *k, sign_cb_fn *sign_callback) |
{ |
{ |
Buffer b; |
Buffer b; |
|
|
return 1; |
return 1; |
} |
} |
|
|
int |
static int |
send_pubkey_test(Authctxt *authctxt, Key *k, sign_cb_fn *sign_callback, |
send_pubkey_test(Authctxt *authctxt, Key *k, sign_cb_fn *sign_callback, |
int hint) |
int hint) |
{ |
{ |
|
|
return 1; |
return 1; |
} |
} |
|
|
Key * |
static Key * |
load_identity_file(char *filename) |
load_identity_file(char *filename) |
{ |
{ |
Key *private; |
Key *private; |
|
|
return private; |
return private; |
} |
} |
|
|
int |
static int |
identity_sign_cb(Authctxt *authctxt, Key *key, u_char **sigp, int *lenp, |
identity_sign_cb(Authctxt *authctxt, Key *key, u_char **sigp, int *lenp, |
u_char *data, int datalen) |
u_char *data, int datalen) |
{ |
{ |
|
|
idx = authctxt->last_key_hint; |
idx = authctxt->last_key_hint; |
if (idx < 0) |
if (idx < 0) |
return -1; |
return -1; |
|
|
|
/* private key is stored in external hardware */ |
|
if (options.identity_keys[idx]->flags & KEY_FLAG_EXT) |
|
return key_sign(options.identity_keys[idx], sigp, lenp, data, datalen); |
|
|
private = load_identity_file(options.identity_files[idx]); |
private = load_identity_file(options.identity_files[idx]); |
if (private == NULL) |
if (private == NULL) |
return -1; |
return -1; |
|
|
return ret; |
return ret; |
} |
} |
|
|
int agent_sign_cb(Authctxt *authctxt, Key *key, u_char **sigp, int *lenp, |
static int |
|
agent_sign_cb(Authctxt *authctxt, Key *key, u_char **sigp, int *lenp, |
u_char *data, int datalen) |
u_char *data, int datalen) |
{ |
{ |
return ssh_agent_sign(authctxt->agent, key, sigp, lenp, data, datalen); |
return ssh_agent_sign(authctxt->agent, key, sigp, lenp, data, datalen); |
} |
} |
|
|
int key_sign_cb(Authctxt *authctxt, Key *key, u_char **sigp, int *lenp, |
static int |
|
key_sign_cb(Authctxt *authctxt, Key *key, u_char **sigp, int *lenp, |
u_char *data, int datalen) |
u_char *data, int datalen) |
{ |
{ |
return key_sign(key, sigp, lenp, data, datalen); |
return key_sign(key, sigp, lenp, data, datalen); |
} |
} |
|
|
int |
static int |
userauth_pubkey_agent(Authctxt *authctxt) |
userauth_pubkey_agent(Authctxt *authctxt) |
{ |
{ |
static int called = 0; |
static int called = 0; |
|
|
|
|
if (attempt++ >= options.number_of_password_prompts) |
if (attempt++ >= options.number_of_password_prompts) |
return 0; |
return 0; |
|
/* disable if no SSH2_MSG_USERAUTH_INFO_REQUEST has been seen */ |
|
if (attempt > 1 && !authctxt->info_req_seen) { |
|
debug3("userauth_kbdint: disable: no info_req_seen"); |
|
dispatch_set(SSH2_MSG_USERAUTH_INFO_REQUEST, NULL); |
|
return 0; |
|
} |
|
|
debug2("userauth_kbdint"); |
debug2("userauth_kbdint"); |
packet_start(SSH2_MSG_USERAUTH_REQUEST); |
packet_start(SSH2_MSG_USERAUTH_REQUEST); |
|
|
if (authctxt == NULL) |
if (authctxt == NULL) |
fatal("input_userauth_info_req: no authentication context"); |
fatal("input_userauth_info_req: no authentication context"); |
|
|
|
authctxt->info_req_seen = 1; |
|
|
name = packet_get_string(NULL); |
name = packet_get_string(NULL); |
inst = packet_get_string(NULL); |
inst = packet_get_string(NULL); |
lang = packet_get_string(NULL); |
lang = packet_get_string(NULL); |
if (strlen(name) > 0) |
if (strlen(name) > 0) |
cli_mesg(name); |
log("%s", name); |
if (strlen(inst) > 0) |
if (strlen(inst) > 0) |
cli_mesg(inst); |
log("%s", inst); |
xfree(name); |
xfree(name); |
xfree(inst); |
xfree(inst); |
xfree(lang); |
xfree(lang); |
|
|
packet_start(SSH2_MSG_USERAUTH_INFO_RESPONSE); |
packet_start(SSH2_MSG_USERAUTH_INFO_RESPONSE); |
packet_put_int(num_prompts); |
packet_put_int(num_prompts); |
|
|
|
debug2("input_userauth_info_req: num_prompts %d", num_prompts); |
for (i = 0; i < num_prompts; i++) { |
for (i = 0; i < num_prompts; i++) { |
prompt = packet_get_string(NULL); |
prompt = packet_get_string(NULL); |
echo = packet_get_char(); |
echo = packet_get_char(); |
|
|
response = cli_prompt(prompt, echo); |
response = read_passphrase(prompt, echo ? RP_ECHO : 0); |
|
|
packet_put_cstring(response); |
packet_put_cstring(response); |
memset(response, 0, strlen(response)); |
memset(response, 0, strlen(response)); |
|
|
* given auth method name, if configurable options permit this method fill |
* given auth method name, if configurable options permit this method fill |
* in auth_ident field and return true, otherwise return false. |
* in auth_ident field and return true, otherwise return false. |
*/ |
*/ |
int |
static int |
authmethod_is_enabled(Authmethod *method) |
authmethod_is_enabled(Authmethod *method) |
{ |
{ |
if (method == NULL) |
if (method == NULL) |
|
|
return 1; |
return 1; |
} |
} |
|
|
Authmethod * |
static Authmethod * |
authmethod_lookup(const char *name) |
authmethod_lookup(const char *name) |
{ |
{ |
Authmethod *method = NULL; |
Authmethod *method = NULL; |
|
|
* next method we should try. If the server initially sends a nil list, |
* next method we should try. If the server initially sends a nil list, |
* use a built-in default list. |
* use a built-in default list. |
*/ |
*/ |
Authmethod * |
static Authmethod * |
authmethod_get(char *authlist) |
authmethod_get(char *authlist) |
{ |
{ |
|
|
|
|
|
|
|
|
#define DELIM "," |
#define DELIM "," |
char * |
|
|
static char * |
authmethods_get(void) |
authmethods_get(void) |
{ |
{ |
Authmethod *method = NULL; |
Authmethod *method = NULL; |