diff options
author | Ben Lindstrom <mouring@eviladmin.org> | 2002-03-27 17:28:46 +0000 |
---|---|---|
committer | Ben Lindstrom <mouring@eviladmin.org> | 2002-03-27 17:28:46 +0000 |
commit | 38a69e6b53ad05b39081f8531104be6d21970d79 (patch) | |
tree | 24de02e00310648775a48488559bf50e3fc24b85 | |
parent | cd8bbce80beaea59996d79d3ad91d6f9922257f1 (diff) |
- markus@cvs.openbsd.org 2002/03/26 15:58:46
[readpass.c readpass.h sshconnect2.c]
client side support for PASSWD_CHANGEREQ
-rw-r--r-- | ChangeLog | 5 | ||||
-rw-r--r-- | readpass.c | 7 | ||||
-rw-r--r-- | readpass.h | 3 | ||||
-rw-r--r-- | sshconnect2.c | 77 |
4 files changed, 86 insertions, 6 deletions
@@ -11,6 +11,9 @@ | |||
11 | - markus@cvs.openbsd.org 2002/03/26 15:23:40 | 11 | - markus@cvs.openbsd.org 2002/03/26 15:23:40 |
12 | [bufaux.c] | 12 | [bufaux.c] |
13 | do not talk about packets in bufaux | 13 | do not talk about packets in bufaux |
14 | - markus@cvs.openbsd.org 2002/03/26 15:58:46 | ||
15 | [readpass.c readpass.h sshconnect2.c] | ||
16 | client side support for PASSWD_CHANGEREQ | ||
14 | 17 | ||
15 | 20020325 | 18 | 20020325 |
16 | - (stevesk) import OpenBSD <sys/tree.h> as "openbsd-compat/tree.h" | 19 | - (stevesk) import OpenBSD <sys/tree.h> as "openbsd-compat/tree.h" |
@@ -8074,4 +8077,4 @@ | |||
8074 | - Wrote replacements for strlcpy and mkdtemp | 8077 | - Wrote replacements for strlcpy and mkdtemp |
8075 | - Released 1.0pre1 | 8078 | - Released 1.0pre1 |
8076 | 8079 | ||
8077 | $Id: ChangeLog,v 1.1995 2002/03/27 17:23:44 mouring Exp $ | 8080 | $Id: ChangeLog,v 1.1996 2002/03/27 17:28:46 mouring Exp $ |
diff --git a/readpass.c b/readpass.c index b4421ade0..96b7e84b4 100644 --- a/readpass.c +++ b/readpass.c | |||
@@ -23,7 +23,7 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: readpass.c,v 1.26 2002/02/13 00:39:15 markus Exp $"); | 26 | RCSID("$OpenBSD: readpass.c,v 1.27 2002/03/26 15:58:46 markus Exp $"); |
27 | 27 | ||
28 | #include "xmalloc.h" | 28 | #include "xmalloc.h" |
29 | #include "readpass.h" | 29 | #include "readpass.h" |
@@ -118,8 +118,11 @@ read_passphrase(const char *prompt, int flags) | |||
118 | return ssh_askpass(askpass, prompt); | 118 | return ssh_askpass(askpass, prompt); |
119 | } | 119 | } |
120 | 120 | ||
121 | if (readpassphrase(prompt, buf, sizeof buf, rppflags) == NULL) | 121 | if (readpassphrase(prompt, buf, sizeof buf, rppflags) == NULL) { |
122 | if (flags & RP_ALLOW_EOF) | ||
123 | return NULL; | ||
122 | return xstrdup(""); | 124 | return xstrdup(""); |
125 | } | ||
123 | 126 | ||
124 | ret = xstrdup(buf); | 127 | ret = xstrdup(buf); |
125 | memset(buf, 'x', sizeof buf); | 128 | memset(buf, 'x', sizeof buf); |
diff --git a/readpass.h b/readpass.h index 229973c68..a45d32f2a 100644 --- a/readpass.h +++ b/readpass.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: readpass.h,v 1.6 2001/06/26 17:27:24 markus Exp $ */ | 1 | /* $OpenBSD: readpass.h,v 1.7 2002/03/26 15:58:46 markus Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
@@ -14,5 +14,6 @@ | |||
14 | 14 | ||
15 | #define RP_ECHO 0x0001 | 15 | #define RP_ECHO 0x0001 |
16 | #define RP_ALLOW_STDIN 0x0002 | 16 | #define RP_ALLOW_STDIN 0x0002 |
17 | #define RP_ALLOW_EOF 0x0004 | ||
17 | 18 | ||
18 | char *read_passphrase(const char *, int); | 19 | char *read_passphrase(const char *, int); |
diff --git a/sshconnect2.c b/sshconnect2.c index fbd18aaa7..d8e1df5ca 100644 --- a/sshconnect2.c +++ b/sshconnect2.c | |||
@@ -23,7 +23,7 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: sshconnect2.c,v 1.98 2002/03/19 10:49:35 markus Exp $"); | 26 | RCSID("$OpenBSD: sshconnect2.c,v 1.99 2002/03/26 15:58:46 markus Exp $"); |
27 | 27 | ||
28 | #include "ssh.h" | 28 | #include "ssh.h" |
29 | #include "ssh2.h" | 29 | #include "ssh2.h" |
@@ -172,6 +172,7 @@ void input_userauth_banner(int, u_int32_t, void *); | |||
172 | void input_userauth_error(int, u_int32_t, void *); | 172 | void input_userauth_error(int, u_int32_t, void *); |
173 | void input_userauth_info_req(int, u_int32_t, void *); | 173 | void input_userauth_info_req(int, u_int32_t, void *); |
174 | void input_userauth_pk_ok(int, u_int32_t, void *); | 174 | void input_userauth_pk_ok(int, u_int32_t, void *); |
175 | void input_userauth_passwd_changereq(int, u_int32_t, void *); | ||
175 | 176 | ||
176 | int userauth_none(Authctxt *); | 177 | int userauth_none(Authctxt *); |
177 | int userauth_pubkey(Authctxt *); | 178 | int userauth_pubkey(Authctxt *); |
@@ -439,7 +440,7 @@ int | |||
439 | userauth_passwd(Authctxt *authctxt) | 440 | userauth_passwd(Authctxt *authctxt) |
440 | { | 441 | { |
441 | static int attempt = 0; | 442 | static int attempt = 0; |
442 | char prompt[80]; | 443 | char prompt[150]; |
443 | char *password; | 444 | char *password; |
444 | 445 | ||
445 | if (attempt++ >= options.number_of_password_prompts) | 446 | if (attempt++ >= options.number_of_password_prompts) |
@@ -461,13 +462,85 @@ userauth_passwd(Authctxt *authctxt) | |||
461 | xfree(password); | 462 | xfree(password); |
462 | packet_add_padding(64); | 463 | packet_add_padding(64); |
463 | packet_send(); | 464 | packet_send(); |
465 | |||
466 | dispatch_set(SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ, | ||
467 | &input_userauth_passwd_changereq); | ||
468 | |||
464 | return 1; | 469 | return 1; |
465 | } | 470 | } |
471 | /* | ||
472 | * parse PASSWD_CHANGEREQ, prompt user and send SSH2_MSG_USERAUTH_REQUEST | ||
473 | */ | ||
474 | void | ||
475 | input_userauth_passwd_changereq(int type, uint32_t seqnr, void *ctxt) | ||
476 | { | ||
477 | Authctxt *authctxt = ctxt; | ||
478 | char *info, *lang, *password = NULL, *retype = NULL; | ||
479 | char prompt[150]; | ||
480 | |||
481 | debug2("input_userauth_passwd_changereq"); | ||
482 | |||
483 | if (authctxt == NULL) | ||
484 | fatal("input_userauth_passwd_changereq: " | ||
485 | "no authentication context"); | ||
486 | |||
487 | info = packet_get_string(NULL); | ||
488 | lang = packet_get_string(NULL); | ||
489 | if (strlen(info) > 0) | ||
490 | log("%s", info); | ||
491 | xfree(info); | ||
492 | xfree(lang); | ||
493 | packet_start(SSH2_MSG_USERAUTH_REQUEST); | ||
494 | packet_put_cstring(authctxt->server_user); | ||
495 | packet_put_cstring(authctxt->service); | ||
496 | packet_put_cstring(authctxt->method->name); | ||
497 | packet_put_char(1); /* additional info */ | ||
498 | snprintf(prompt, sizeof(prompt), | ||
499 | "Enter %.30s@%.128s's old password: ", | ||
500 | authctxt->server_user, authctxt->host); | ||
501 | password = read_passphrase(prompt, 0); | ||
502 | packet_put_cstring(password); | ||
503 | memset(password, 0, strlen(password)); | ||
504 | xfree(password); | ||
505 | password = NULL; | ||
506 | while (password == NULL) { | ||
507 | snprintf(prompt, sizeof(prompt), | ||
508 | "Enter %.30s@%.128s's new password: ", | ||
509 | authctxt->server_user, authctxt->host); | ||
510 | password = read_passphrase(prompt, RP_ALLOW_EOF); | ||
511 | if (password == NULL) { | ||
512 | /* bail out */ | ||
513 | return; | ||
514 | } | ||
515 | snprintf(prompt, sizeof(prompt), | ||
516 | "Retype %.30s@%.128s's new password: ", | ||
517 | authctxt->server_user, authctxt->host); | ||
518 | retype = read_passphrase(prompt, 0); | ||
519 | if (strcmp(password, retype) != 0) { | ||
520 | memset(password, 0, strlen(password)); | ||
521 | xfree(password); | ||
522 | log("Mismatch; try again, EOF to quit."); | ||
523 | password = NULL; | ||
524 | } | ||
525 | memset(retype, 0, strlen(retype)); | ||
526 | xfree(retype); | ||
527 | } | ||
528 | packet_put_cstring(password); | ||
529 | memset(password, 0, strlen(password)); | ||
530 | xfree(password); | ||
531 | packet_add_padding(64); | ||
532 | packet_send(); | ||
533 | |||
534 | dispatch_set(SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ, | ||
535 | &input_userauth_passwd_changereq); | ||
536 | } | ||
466 | 537 | ||
467 | static void | 538 | static void |
468 | clear_auth_state(Authctxt *authctxt) | 539 | clear_auth_state(Authctxt *authctxt) |
469 | { | 540 | { |
470 | /* XXX clear authentication state */ | 541 | /* XXX clear authentication state */ |
542 | dispatch_set(SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ, NULL); | ||
543 | |||
471 | if (authctxt->last_key != NULL && authctxt->last_key_hint == -1) { | 544 | if (authctxt->last_key != NULL && authctxt->last_key_hint == -1) { |
472 | debug3("clear_auth_state: key_free %p", authctxt->last_key); | 545 | debug3("clear_auth_state: key_free %p", authctxt->last_key); |
473 | key_free(authctxt->last_key); | 546 | key_free(authctxt->last_key); |