- (bal) auth2-skey.c - Checked in. Missing from portable tree.

author: Ben Lindstrom <mouring@eviladmin.org> 2000-11-05 07:52:55 +0000
committer: Ben Lindstrom <mouring@eviladmin.org> 2000-11-05 07:52:55 +0000
commit: fd496053df95abd3046a46729b1a12ae540b07ad (patch)
tree: 2d46192d695f9426b0961009a709170b751aeaa3 /auth2-skey.c
parent: f2de06ba2827fda9c737fd39330b53df648e4f04 (diff)
1 files changed, 107 insertions, 0 deletions
diff --git a/auth2-skey.c b/auth2-skey.c
new file mode 100644
index 000000000..e29205d4b
--- /dev/null
+++ b/auth2-skey.c
@@ -0,0 +1,107 @@
+#include "includes.h"
+RCSID("$OpenBSD: auth2-skey.c,v 1.1 2000/10/11 20:14:38 markus Exp $");
+#ifdef SKEY
+#include "ssh.h"
+#include "ssh2.h"
+#include "auth.h"
+#include "packet.h"
+#include "xmalloc.h"
+#include "dispatch.h"
+void    send_userauth_into_request(Authctxt *authctxt, int echo);
+void    input_userauth_info_response(int type, int plen, void *ctxt);
+/*
+ * try skey authentication, always return -1 (= postponed) since we have to
+ * wait for the s/key response.
+ */
+int
+auth2_skey(Authctxt *authctxt)
+{
+        send_userauth_into_request(authctxt, 0);
+        dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE, &input_userauth_info_response);
+        return -1;
+}
+void
+send_userauth_into_request(Authctxt *authctxt, int echo)
+{
+        int retval = -1;
+        struct skey skey;
+        char challenge[SKEY_MAX_CHALLENGE];
+        char *fake;
+        if (authctxt->user == NULL)
+                fatal("send_userauth_into_request: internal error: no user");
+        /* get skey challenge */
+        if (authctxt->valid)
+                retval = skeychallenge(&skey, authctxt->user, challenge);
+        if (retval == -1) {
+                fake = skey_fake_keyinfo(authctxt->user);
+                strlcpy(challenge, fake, sizeof challenge);
+        }
+        /* send our info request */
+        packet_start(SSH2_MSG_USERAUTH_INFO_REQUEST);
+        packet_put_cstring("S/Key Authentication");     /* Name */
+        packet_put_cstring(challenge);                  /* Instruction */
+        packet_put_cstring("");                         /* Language */
+        packet_put_int(1);                              /* Number of prompts */
+        packet_put_cstring(echo ?
+                 "Response [Echo]: ": "Response: ");    /* Prompt */
+        packet_put_char(echo);                          /* Echo */
+        packet_send();
+        packet_write_wait();
+        memset(challenge, 'c', sizeof challenge);
+}
+void
+input_userauth_info_response(int type, int plen, void *ctxt)
+{
+        Authctxt *authctxt = ctxt;
+        int authenticated = 0;
+        unsigned int nresp, rlen;
+        char *resp, *method;
+        if (authctxt == NULL)
+                fatal("input_userauth_info_response: no authentication context");
+        if (authctxt->attempt++ >= AUTH_FAIL_MAX)
+                packet_disconnect("too many failed userauth_requests");
+        nresp = packet_get_int();
+        if (nresp == 1) {
+                /* we only support s/key and assume s/key for nresp == 1 */
+                method = "s/key";
+                resp = packet_get_string(&rlen);
+                packet_done();
+                if (strlen(resp) == 0) {
+                        /*
+                         * if we received a null response, resend prompt with
+                         * echo enabled
+                         */
+                        authenticated = -1;
+                        userauth_log(authctxt, authenticated, method);
+                        send_userauth_into_request(authctxt, 1);
+                } else {
+                        /* verify skey response */
+                        if (authctxt->valid &&
+                            skey_haskey(authctxt->pw->pw_name) == 0 &&
+                            skey_passcheck(authctxt->pw->pw_name, resp) != -1) {
+                                authenticated = 1;
+                        } else {
+                                authenticated = 0;
+                        }
+                        memset(resp, 'r', rlen);
+                        /* unregister callback */
+                        dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE, NULL);
+                        userauth_log(authctxt, authenticated, method);
+                        userauth_reply(authctxt, authenticated);
+                }
+                xfree(resp);
+        }
+}
+#endif /* SKEY */
author	Ben Lindstrom <mouring@eviladmin.org>	2000-11-05 07:52:55 +0000
committer	Ben Lindstrom <mouring@eviladmin.org>	2000-11-05 07:52:55 +0000
commit	fd496053df95abd3046a46729b1a12ae540b07ad (patch)
tree	2d46192d695f9426b0961009a709170b751aeaa3 /auth2-skey.c
parent	f2de06ba2827fda9c737fd39330b53df648e4f04 (diff)

diff --git a/auth2-skey.c b/auth2-skey.c new file mode 100644 index 000000000..e29205d4b --- /dev/null +++ b/auth2-skey.c
@@ -0,0 +1,107 @@
	1	#include "includes.h"
	2	RCSID("$OpenBSD: auth2-skey.c,v 1.1 2000/10/11 20:14:38 markus Exp $");
	3
	4	#ifdef SKEY
	5	#include "ssh.h"
	6	#include "ssh2.h"
	7	#include "auth.h"
	8	#include "packet.h"
	9	#include "xmalloc.h"
	10	#include "dispatch.h"
	11
	12	void send_userauth_into_request(Authctxt *authctxt, int echo);
	13	void input_userauth_info_response(int type, int plen, void *ctxt);
	14
	15	/*
	16	* try skey authentication, always return -1 (= postponed) since we have to
	17	* wait for the s/key response.
	18	*/
	19	int
	20	auth2_skey(Authctxt *authctxt)
	21	{
	22	send_userauth_into_request(authctxt, 0);
	23	dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE, &input_userauth_info_response);
	24	return -1;
	25	}
	26
	27	void
	28	send_userauth_into_request(Authctxt *authctxt, int echo)
	29	{
	30	int retval = -1;
	31	struct skey skey;
	32	char challenge[SKEY_MAX_CHALLENGE];
	33	char *fake;
	34
	35	if (authctxt->user == NULL)
	36	fatal("send_userauth_into_request: internal error: no user");
	37
	38	/* get skey challenge */
	39	if (authctxt->valid)
	40	retval = skeychallenge(&skey, authctxt->user, challenge);
	41
	42	if (retval == -1) {
	43	fake = skey_fake_keyinfo(authctxt->user);
	44	strlcpy(challenge, fake, sizeof challenge);
	45	}
	46	/* send our info request */
	47	packet_start(SSH2_MSG_USERAUTH_INFO_REQUEST);
	48	packet_put_cstring("S/Key Authentication"); /* Name */
	49	packet_put_cstring(challenge); /* Instruction */
	50	packet_put_cstring(""); /* Language */
	51	packet_put_int(1); /* Number of prompts */
	52	packet_put_cstring(echo ?
	53	"Response [Echo]: ": "Response: "); /* Prompt */
	54	packet_put_char(echo); /* Echo */
	55	packet_send();
	56	packet_write_wait();
	57	memset(challenge, 'c', sizeof challenge);
	58	}
	59
	60	void
	61	input_userauth_info_response(int type, int plen, void *ctxt)
	62	{
	63	Authctxt *authctxt = ctxt;
	64	int authenticated = 0;
	65	unsigned int nresp, rlen;
	66	char resp, method;
	67
	68	if (authctxt == NULL)
	69	fatal("input_userauth_info_response: no authentication context");
	70
	71	if (authctxt->attempt++ >= AUTH_FAIL_MAX)
	72	packet_disconnect("too many failed userauth_requests");
	73
	74	nresp = packet_get_int();
	75	if (nresp == 1) {
	76	/* we only support s/key and assume s/key for nresp == 1 */
	77	method = "s/key";
	78	resp = packet_get_string(&rlen);
	79	packet_done();
	80	if (strlen(resp) == 0) {
	81	/*
	82	* if we received a null response, resend prompt with
	83	* echo enabled
	84	*/
	85	authenticated = -1;
	86	userauth_log(authctxt, authenticated, method);
	87	send_userauth_into_request(authctxt, 1);
	88	} else {
	89	/* verify skey response */
	90	if (authctxt->valid &&
	91	skey_haskey(authctxt->pw->pw_name) == 0 &&
	92	skey_passcheck(authctxt->pw->pw_name, resp) != -1) {
	93	authenticated = 1;
	94	} else {
	95	authenticated = 0;
	96	}
	97	memset(resp, 'r', rlen);
	98	/* unregister callback */
	99	dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE, NULL);
	100	userauth_log(authctxt, authenticated, method);
	101	userauth_reply(authctxt, authenticated);
	102	}
	103	xfree(resp);
	104	}
	105	}
	106
	107	#endif /* SKEY */