Oops.. missed theses in the merge.

author: Ben Lindstrom <mouring@eviladmin.org> 2001-01-19 04:29:23 +0000
committer: Ben Lindstrom <mouring@eviladmin.org> 2001-01-19 04:29:23 +0000
commit: f569241db2e79b0bd7d1be6e288f2bd25e9c7ab4 (patch)
tree: 4e0207c090cb4509db62091f530abeef96321b9d
parent: db65e8fdedadaf79df2d8393a4d43e9094c80649 (diff)
2 files changed, 0 insertions, 322 deletions
diff --git a/auth-skey.c b/auth-skey.c
deleted file mode 100644
index 7088b790c..000000000
--- a/auth-skey.c
+++ /dev/null
@@ -1,215 +0,0 @@
-/*
- * Copyright (c) 1999,2000 Markus Friedl.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-#include "includes.h"
-RCSID("$OpenBSD: auth-skey.c,v 1.9 2000/10/19 16:41:13 deraadt Exp $");
-#ifdef SKEY
-#include "ssh.h"
-#include "packet.h"
-#include <openssl/sha.h>
-/* from %OpenBSD: skeylogin.c,v 1.32 1999/08/16 14:46:56 millert Exp % */
-/*
- * try skey authentication,
- * return 1 on success, 0 on failure, -1 if skey is not available
- */
-int
-auth_skey_password(struct passwd * pw, const char *password)
-{
-        if (strncasecmp(password, "s/key", 5) == 0) {
-                char *skeyinfo = skey_keyinfo(pw->pw_name);
-                if (skeyinfo == NULL) {
-                        debug("generating fake skeyinfo for %.100s.",
-                            pw->pw_name);
-                        skeyinfo = skey_fake_keyinfo(pw->pw_name);
-                }
-                if (skeyinfo != NULL)
-                        packet_send_debug("%s", skeyinfo);
-                /* Try again. */
-                return 0;
-        } else if (skey_haskey(pw->pw_name) == 0 &&
-                   skey_passcheck(pw->pw_name, (char *) password) != -1) {
-                /* Authentication succeeded. */
-                return 1;
-        }
-        /* Fall back to ordinary passwd authentication. */
-        return -1;
-}
-/* from %OpenBSD: skeylogin.c,v 1.32 1999/08/16 14:46:56 millert Exp % */
-#define ROUND(x)   (((x)[0] << 24) + (((x)[1]) << 16) + (((x)[2]) << 8) + \
-                    ((x)[3]))
-/*
- * hash_collapse()
- */
-static u_int32_t
-hash_collapse(s)
-        u_char *s;
-{
-        int len, target;
-        u_int32_t i;
-        
-        if ((strlen(s) % sizeof(u_int32_t)) == 0)
-                target = strlen(s);    /* Multiple of 4 */
-        else
-                target = strlen(s) - (strlen(s) % sizeof(u_int32_t));
-        for (i = 0, len = 0; len < target; len += 4)
-                i ^= ROUND(s + len);
-        return i;
-}
-char *
-skey_fake_keyinfo(char *username)
-{
-        int i;
-        u_int ptr;
-        u_char hseed[SKEY_MAX_SEED_LEN], flg = 1, *up;
-        char pbuf[SKEY_MAX_PW_LEN+1];
-        static char skeyprompt[SKEY_MAX_CHALLENGE+1];
-        char *secret = NULL;
-        size_t secretlen = 0;
-        SHA_CTX ctx;
-        char *p, *u;
-        /*
-         * Base first 4 chars of seed on hostname.
-         * Add some filler for short hostnames if necessary.
-         */
-        if (gethostname(pbuf, sizeof(pbuf)) == -1)
-                *(p = pbuf) = '.';
-        else
-                for (p = pbuf; *p && isalnum(*p); p++)
-                        if (isalpha(*p) && isupper(*p))
-                                *p = tolower(*p);
-        if (*p && pbuf - p < 4)
-                (void)strncpy(p, "asjd", 4 - (pbuf - p));
-        pbuf[4] = '\0';
-        /* Hash the username if possible */
-        up = malloc(SHA_DIGEST_LENGTH);
-        if (up != NULL) {
-                struct stat sb;
-                time_t t;
-                int fd;
-                SHA1_Init(&ctx);
-                SHA1_Update(&ctx, username, strlen(username));
-                SHA1_Final(up, &ctx);
-                /* Collapse the hash */
-                ptr = hash_collapse(up);
-                memset(up, 0, strlen(up));
-                /* See if the random file's there, else use ctime */
-                if ((fd = open(_SKEY_RAND_FILE_PATH_, O_RDONLY)) != -1
-                    && fstat(fd, &sb) == 0 &&
-                    sb.st_size > (off_t)SKEY_MAX_SEED_LEN &&
-                    lseek(fd, ptr % (sb.st_size - SKEY_MAX_SEED_LEN),
-                    SEEK_SET) != -1 && read(fd, hseed,
-                    SKEY_MAX_SEED_LEN) == SKEY_MAX_SEED_LEN) {
-                        close(fd);
-                        fd = -1;
-                        secret = hseed;
-                        secretlen = SKEY_MAX_SEED_LEN;
-                        flg = 0;
-                } else if (!stat(_PATH_MEM, &sb) || !stat("/", &sb)) {
-                        t = sb.st_ctime;
-                        secret = ctime(&t);
-                        secretlen = strlen(secret);
-                        flg = 0;
-                }
-                if (fd != -1)
-                        close(fd);
-        }
-        /* Put that in your pipe and smoke it */
-        if (flg == 0) {
-                /* Hash secret value with username */
-                SHA1_Init(&ctx);
-                SHA1_Update(&ctx, secret, secretlen);
-                SHA1_Update(&ctx, username, strlen(username));
-                SHA1_Final(up, &ctx);
-                
-                /* Zero out */
-                memset(secret, 0, secretlen);
-                /* Now hash the hash */
-                SHA1_Init(&ctx);
-                SHA1_Update(&ctx, up, strlen(up));
-                SHA1_Final(up, &ctx);
-                
-                ptr = hash_collapse(up + 4);
-                
-                for (i = 4; i < 9; i++) {
-                        pbuf[i] = (ptr % 10) + '0';
-                        ptr /= 10;
-                }
-                pbuf[i] = '\0';
-                /* Sequence number */
-                ptr = ((up[2] + up[3]) % 99) + 1;
-                memset(up, 0, SHA_DIGEST_LENGTH); /* SHA1 specific */
-                free(up);
-                (void)snprintf(skeyprompt, sizeof skeyprompt,
-                              "otp-%.*s %d %.*s",
-                              SKEY_MAX_HASHNAME_LEN,
-                              skey_get_algorithm(),
-                              ptr, SKEY_MAX_SEED_LEN,
-                              pbuf);
-        } else {
-                /* Base last 8 chars of seed on username */
-                u = username;
-                i = 8;
-                p = &pbuf[4];
-                do {
-                        if (*u == 0) {
-                                /* Pad remainder with zeros */
-                                while (--i >= 0)
-                                        *p++ = '0';
-                                break;
-                        }
-                        *p++ = (*u++ % 10) + '0';
-                } while (--i != 0);
-                pbuf[12] = '\0';
-                (void)snprintf(skeyprompt, sizeof skeyprompt,
-                              "otp-%.*s %d %.*s",
-                              SKEY_MAX_HASHNAME_LEN,
-                              skey_get_algorithm(),
-                              99, SKEY_MAX_SEED_LEN, pbuf);
-        }
-        return skeyprompt;
-}
-#endif /* SKEY */
diff --git a/auth2-skey.c b/auth2-skey.c
deleted file mode 100644
index dbf24f67a..000000000
--- a/auth2-skey.c
+++ /dev/null
@@ -1,107 +0,0 @@
-#include "includes.h"
-RCSID("$OpenBSD: auth2-skey.c,v 1.2 2000/12/19 23:17:55 markus Exp $");
-#ifdef SKEY
-#include "ssh.h"
-#include "ssh2.h"
-#include "auth.h"
-#include "packet.h"
-#include "xmalloc.h"
-#include "dispatch.h"
-void    send_userauth_into_request(Authctxt *authctxt, int echo);
-void    input_userauth_info_response(int type, int plen, void *ctxt);
-/*
- * try skey authentication, always return -1 (= postponed) since we have to
- * wait for the s/key response.
- */
-int
-auth2_skey(Authctxt *authctxt)
-{
-        send_userauth_into_request(authctxt, 0);
-        dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE, &input_userauth_info_response);
-        return -1;
-}
-void
-send_userauth_into_request(Authctxt *authctxt, int echo)
-{
-        int retval = -1;
-        struct skey skey;
-        char challenge[SKEY_MAX_CHALLENGE];
-        char *fake;
-        if (authctxt->user == NULL)
-                fatal("send_userauth_into_request: internal error: no user");
-        /* get skey challenge */
-        if (authctxt->valid)
-                retval = skeychallenge(&skey, authctxt->user, challenge);
-        if (retval == -1) {
-                fake = skey_fake_keyinfo(authctxt->user);
-                strlcpy(challenge, fake, sizeof challenge);
-        }
-        /* send our info request */
-        packet_start(SSH2_MSG_USERAUTH_INFO_REQUEST);
-        packet_put_cstring("S/Key Authentication");     /* Name */
-        packet_put_cstring(challenge);                  /* Instruction */
-        packet_put_cstring("");                         /* Language */
-        packet_put_int(1);                              /* Number of prompts */
-        packet_put_cstring(echo ?
-                 "Response [Echo]: ": "Response: ");    /* Prompt */
-        packet_put_char(echo);                          /* Echo */
-        packet_send();
-        packet_write_wait();
-        memset(challenge, 'c', sizeof challenge);
-}
-void
-input_userauth_info_response(int type, int plen, void *ctxt)
-{
-        Authctxt *authctxt = ctxt;
-        int authenticated = 0;
-        u_int nresp, rlen;
-        char *resp, *method;
-        if (authctxt == NULL)
-                fatal("input_userauth_info_response: no authentication context");
-        if (authctxt->attempt++ >= AUTH_FAIL_MAX)
-                packet_disconnect("too many failed userauth_requests");
-        nresp = packet_get_int();
-        if (nresp == 1) {
-                /* we only support s/key and assume s/key for nresp == 1 */
-                method = "s/key";
-                resp = packet_get_string(&rlen);
-                packet_done();
-                if (strlen(resp) == 0) {
-                        /*
-                         * if we received a null response, resend prompt with
-                         * echo enabled
-                         */
-                        authenticated = -1;
-                        userauth_log(authctxt, authenticated, method);
-                        send_userauth_into_request(authctxt, 1);
-                } else {
-                        /* verify skey response */
-                        if (authctxt->valid &&
-                            skey_haskey(authctxt->pw->pw_name) == 0 &&
-                            skey_passcheck(authctxt->pw->pw_name, resp) != -1) {
-                                authenticated = 1;
-                        } else {
-                                authenticated = 0;
-                        }
-                        memset(resp, 'r', rlen);
-                        /* unregister callback */
-                        dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE, NULL);
-                        userauth_log(authctxt, authenticated, method);
-                        userauth_reply(authctxt, authenticated);
-                }
-                xfree(resp);
-        }
-}
-#endif /* SKEY */
author	Ben Lindstrom <mouring@eviladmin.org>	2001-01-19 04:29:23 +0000
committer	Ben Lindstrom <mouring@eviladmin.org>	2001-01-19 04:29:23 +0000
commit	f569241db2e79b0bd7d1be6e288f2bd25e9c7ab4 (patch)
tree	4e0207c090cb4509db62091f530abeef96321b9d
parent	db65e8fdedadaf79df2d8393a4d43e9094c80649 (diff)

diff --git a/auth-skey.c b/auth-skey.c deleted file mode 100644 index 7088b790c..000000000 --- a/auth-skey.c +++ /dev/null
@@ -1,215 +0,0 @@
1	/*
2	* Copyright (c) 1999,2000 Markus Friedl. All rights reserved.
3	*
4	* Redistribution and use in source and binary forms, with or without
5	* modification, are permitted provided that the following conditions
6	* are met:
7	* 1. Redistributions of source code must retain the above copyright
8	* notice, this list of conditions and the following disclaimer.
9	* 2. Redistributions in binary form must reproduce the above copyright
10	* notice, this list of conditions and the following disclaimer in the
11	* documentation and/or other materials provided with the distribution.
12	*
13	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
14	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
15	* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
16	* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
17	* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
18	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
19	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
20	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
21	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
22	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
23	*/
24
25	#include "includes.h"
26	RCSID("$OpenBSD: auth-skey.c,v 1.9 2000/10/19 16:41:13 deraadt Exp $");
27
28	#ifdef SKEY
29	#include "ssh.h"
30	#include "packet.h"
31	#include <openssl/sha.h>
32
33	/* from %OpenBSD: skeylogin.c,v 1.32 1999/08/16 14:46:56 millert Exp % */
34
35	/*
36	* try skey authentication,
37	* return 1 on success, 0 on failure, -1 if skey is not available
38	*/
39
40	int
41	auth_skey_password(struct passwd * pw, const char *password)
42	{
43	if (strncasecmp(password, "s/key", 5) == 0) {
44	char *skeyinfo = skey_keyinfo(pw->pw_name);
45	if (skeyinfo == NULL) {
46	debug("generating fake skeyinfo for %.100s.",
47	pw->pw_name);
48	skeyinfo = skey_fake_keyinfo(pw->pw_name);
49	}
50	if (skeyinfo != NULL)
51	packet_send_debug("%s", skeyinfo);
52	/* Try again. */
53	return 0;
54	} else if (skey_haskey(pw->pw_name) == 0 &&
55	skey_passcheck(pw->pw_name, (char *) password) != -1) {
56	/* Authentication succeeded. */
57	return 1;
58	}
59	/* Fall back to ordinary passwd authentication. */
60	return -1;
61	}
62
63	/* from %OpenBSD: skeylogin.c,v 1.32 1999/08/16 14:46:56 millert Exp % */
64
65	#define ROUND(x) (((x)[0] << 24) + (((x)[1]) << 16) + (((x)[2]) << 8) + \
66	((x)[3]))
67
68	/*
69	* hash_collapse()
70	*/
71	static u_int32_t
72	hash_collapse(s)
73	u_char *s;
74	{
75	int len, target;
76	u_int32_t i;
77
78	if ((strlen(s) % sizeof(u_int32_t)) == 0)
79	target = strlen(s); /* Multiple of 4 */
80	else
81	target = strlen(s) - (strlen(s) % sizeof(u_int32_t));
82
83	for (i = 0, len = 0; len < target; len += 4)
84	i ^= ROUND(s + len);
85
86	return i;
87	}
88
89	char *
90	skey_fake_keyinfo(char *username)
91	{
92	int i;
93	u_int ptr;
94	u_char hseed[SKEY_MAX_SEED_LEN], flg = 1, *up;
95	char pbuf[SKEY_MAX_PW_LEN+1];
96	static char skeyprompt[SKEY_MAX_CHALLENGE+1];
97	char *secret = NULL;
98	size_t secretlen = 0;
99	SHA_CTX ctx;
100	char p, u;
101
102	/*
103	* Base first 4 chars of seed on hostname.
104	* Add some filler for short hostnames if necessary.
105	*/
106	if (gethostname(pbuf, sizeof(pbuf)) == -1)
107	*(p = pbuf) = '.';
108	else
109	for (p = pbuf; p && isalnum(p); p++)
110	if (isalpha(p) && isupper(p))
111	p = tolower(p);
112	if (*p && pbuf - p < 4)
113	(void)strncpy(p, "asjd", 4 - (pbuf - p));
114	pbuf[4] = '\0';
115
116	/* Hash the username if possible */
117	up = malloc(SHA_DIGEST_LENGTH);
118	if (up != NULL) {
119	struct stat sb;
120	time_t t;
121	int fd;
122
123	SHA1_Init(&ctx);
124	SHA1_Update(&ctx, username, strlen(username));
125	SHA1_Final(up, &ctx);
126
127	/* Collapse the hash */
128	ptr = hash_collapse(up);
129	memset(up, 0, strlen(up));
130
131	/* See if the random file's there, else use ctime */
132	if ((fd = open(_SKEY_RAND_FILE_PATH_, O_RDONLY)) != -1
133	&& fstat(fd, &sb) == 0 &&
134	sb.st_size > (off_t)SKEY_MAX_SEED_LEN &&
135	lseek(fd, ptr % (sb.st_size - SKEY_MAX_SEED_LEN),
136	SEEK_SET) != -1 && read(fd, hseed,
137	SKEY_MAX_SEED_LEN) == SKEY_MAX_SEED_LEN) {
138	close(fd);
139	fd = -1;
140	secret = hseed;
141	secretlen = SKEY_MAX_SEED_LEN;
142	flg = 0;
143	} else if (!stat(_PATH_MEM, &sb) \|\| !stat("/", &sb)) {
144	t = sb.st_ctime;
145	secret = ctime(&t);
146	secretlen = strlen(secret);
147	flg = 0;
148	}
149	if (fd != -1)
150	close(fd);
151	}
152
153	/* Put that in your pipe and smoke it */
154	if (flg == 0) {
155	/* Hash secret value with username */
156	SHA1_Init(&ctx);
157	SHA1_Update(&ctx, secret, secretlen);
158	SHA1_Update(&ctx, username, strlen(username));
159	SHA1_Final(up, &ctx);
160
161	/* Zero out */
162	memset(secret, 0, secretlen);
163
164	/* Now hash the hash */
165	SHA1_Init(&ctx);
166	SHA1_Update(&ctx, up, strlen(up));
167	SHA1_Final(up, &ctx);
168
169	ptr = hash_collapse(up + 4);
170
171	for (i = 4; i < 9; i++) {
172	pbuf[i] = (ptr % 10) + '0';
173	ptr /= 10;
174	}
175	pbuf[i] = '\0';
176
177	/* Sequence number */
178	ptr = ((up[2] + up[3]) % 99) + 1;
179
180	memset(up, 0, SHA_DIGEST_LENGTH); /* SHA1 specific */
181	free(up);
182
183	(void)snprintf(skeyprompt, sizeof skeyprompt,
184	"otp-%.s %d %.s",
185	SKEY_MAX_HASHNAME_LEN,
186	skey_get_algorithm(),
187	ptr, SKEY_MAX_SEED_LEN,
188	pbuf);
189	} else {
190	/* Base last 8 chars of seed on username */
191	u = username;
192	i = 8;
193	p = &pbuf[4];
194	do {
195	if (*u == 0) {
196	/* Pad remainder with zeros */
197	while (--i >= 0)
198	*p++ = '0';
199	break;
200	}
201
202	p++ = (u++ % 10) + '0';
203	} while (--i != 0);
204	pbuf[12] = '\0';
205
206	(void)snprintf(skeyprompt, sizeof skeyprompt,
207	"otp-%.s %d %.s",
208	SKEY_MAX_HASHNAME_LEN,
209	skey_get_algorithm(),
210	99, SKEY_MAX_SEED_LEN, pbuf);
211	}
212	return skeyprompt;
213	}
214
215	#endif /* SKEY */


diff --git a/auth2-skey.c b/auth2-skey.c deleted file mode 100644 index dbf24f67a..000000000 --- a/auth2-skey.c +++ /dev/null
@@ -1,107 +0,0 @@
1	#include "includes.h"
2	RCSID("$OpenBSD: auth2-skey.c,v 1.2 2000/12/19 23:17:55 markus Exp $");
3
4	#ifdef SKEY
5	#include "ssh.h"
6	#include "ssh2.h"
7	#include "auth.h"
8	#include "packet.h"
9	#include "xmalloc.h"
10	#include "dispatch.h"
11
12	void send_userauth_into_request(Authctxt *authctxt, int echo);
13	void input_userauth_info_response(int type, int plen, void *ctxt);
14
15	/*
16	* try skey authentication, always return -1 (= postponed) since we have to
17	* wait for the s/key response.
18	*/
19	int
20	auth2_skey(Authctxt *authctxt)
21	{
22	send_userauth_into_request(authctxt, 0);
23	dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE, &input_userauth_info_response);
24	return -1;
25	}
26
27	void
28	send_userauth_into_request(Authctxt *authctxt, int echo)
29	{
30	int retval = -1;
31	struct skey skey;
32	char challenge[SKEY_MAX_CHALLENGE];
33	char *fake;
34
35	if (authctxt->user == NULL)
36	fatal("send_userauth_into_request: internal error: no user");
37
38	/* get skey challenge */
39	if (authctxt->valid)
40	retval = skeychallenge(&skey, authctxt->user, challenge);
41
42	if (retval == -1) {
43	fake = skey_fake_keyinfo(authctxt->user);
44	strlcpy(challenge, fake, sizeof challenge);
45	}
46	/* send our info request */
47	packet_start(SSH2_MSG_USERAUTH_INFO_REQUEST);
48	packet_put_cstring("S/Key Authentication"); /* Name */
49	packet_put_cstring(challenge); /* Instruction */
50	packet_put_cstring(""); /* Language */
51	packet_put_int(1); /* Number of prompts */
52	packet_put_cstring(echo ?
53	"Response [Echo]: ": "Response: "); /* Prompt */
54	packet_put_char(echo); /* Echo */
55	packet_send();
56	packet_write_wait();
57	memset(challenge, 'c', sizeof challenge);
58	}
59
60	void
61	input_userauth_info_response(int type, int plen, void *ctxt)
62	{
63	Authctxt *authctxt = ctxt;
64	int authenticated = 0;
65	u_int nresp, rlen;
66	char resp, method;
67
68	if (authctxt == NULL)
69	fatal("input_userauth_info_response: no authentication context");
70
71	if (authctxt->attempt++ >= AUTH_FAIL_MAX)
72	packet_disconnect("too many failed userauth_requests");
73
74	nresp = packet_get_int();
75	if (nresp == 1) {
76	/* we only support s/key and assume s/key for nresp == 1 */
77	method = "s/key";
78	resp = packet_get_string(&rlen);
79	packet_done();
80	if (strlen(resp) == 0) {
81	/*
82	* if we received a null response, resend prompt with
83	* echo enabled
84	*/
85	authenticated = -1;
86	userauth_log(authctxt, authenticated, method);
87	send_userauth_into_request(authctxt, 1);
88	} else {
89	/* verify skey response */
90	if (authctxt->valid &&
91	skey_haskey(authctxt->pw->pw_name) == 0 &&
92	skey_passcheck(authctxt->pw->pw_name, resp) != -1) {
93	authenticated = 1;
94	} else {
95	authenticated = 0;
96	}
97	memset(resp, 'r', rlen);
98	/* unregister callback */
99	dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE, NULL);
100	userauth_log(authctxt, authenticated, method);
101	userauth_reply(authctxt, authenticated);
102	}
103	xfree(resp);
104	}
105	}
106
107	#endif /* SKEY */