Remove support for S/Key

Most people will 1) be using modern multi-factor authentication methods like TOTP/OATH etc and 2) be getting support for multi-factor authentication via PAM or BSD Auth.
author: Damien Miller <djm@mindrot.org> 2018-07-20 13:18:28 +1000
committer: Damien Miller <djm@mindrot.org> 2018-07-31 12:59:30 +1000
commit: 87f08be054b7eeadbb9cdeb3fb4872be79ccf218 (patch)
tree: 80bfc724ddd93228b8571702a2f153787994022b /monitor_wrap.c
parent: 5d14019ba2ff54acbfd20a6b9b96bb860a8c7c31 (diff)
1 files changed, 0 insertions, 67 deletions
diff --git a/monitor_wrap.c b/monitor_wrap.c
index 3cb26c2ac..732fb3476 100644
--- a/monitor_wrap.c
+++ b/monitor_wrap.c
@@ -867,73 +867,6 @@ mm_bsdauth_respond(void *ctx, u_int numresponses, char **responses)
        return ((authok == 0) ? -1 : 0);
 }
-#ifdef SKEY
-int
-mm_skey_query(void *ctx, char **name, char **infotxt,
-   u_int *numprompts, char ***prompts, u_int **echo_on)
-{
-        struct sshbuf *m;
-        u_int success;
-        char *challenge;
-        int r;
-        debug3("%s: entering", __func__);
-        if ((m = sshbuf_new()) == NULL)
-                fatal("%s: sshbuf_new failed", __func__);
-        mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SKEYQUERY, m);
-        mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_SKEYQUERY, m);
-        if ((r = sshbuf_get_u32(m, &success)) != 0)
-                fatal("%s: buffer error: %s", __func__, ssh_err(r));
-        if (success == 0) {
-                debug3("%s: no challenge", __func__);
-                sshbuf_free(m);
-                return (-1);
-        }
-        /* Get the challenge, and format the response */
-        if ((r = sshbuf_get_cstring(m, &challenge, NULL)) != 0)
-                fatal("%s: buffer error: %s", __func__, ssh_err(r));
-        sshbuf_free(m);
-        debug3("%s: received challenge: %s", __func__, challenge);
-        mm_chall_setup(name, infotxt, numprompts, prompts, echo_on);
-        xasprintf(*prompts, "%s%s", challenge, SKEY_PROMPT);
-        free(challenge);
-        return (0);
-}
-int
-mm_skey_respond(void *ctx, u_int numresponses, char **responses)
-{
-        struct sshbuf *m;
-        int authok, r;
-        debug3("%s: entering", __func__);
-        if (numresponses != 1)
-                return (-1);
-        if ((m = sshbuf_new()) == NULL)
-                fatal("%s: sshbuf_new failed", __func__);
-        if ((r = sshbuf_put_cstring(m, responses[0])) != 0)
-                fatal("%s: buffer error: %s", __func__, ssh_err(r));
-        mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SKEYRESPOND, m);
-        mm_request_receive_expect(pmonitor->m_recvfd,
-            MONITOR_ANS_SKEYRESPOND, m);
-        if ((r = sshbuf_get_u32(m, &authok)) != 0)
-                fatal("%s: buffer error: %s", __func__, ssh_err(r));
-        sshbuf_free(m);
-        return ((authok == 0) ? -1 : 0);
-}
-#endif /* SKEY */
 #ifdef SSH_AUDIT_EVENTS
 void
 mm_audit_event(ssh_audit_event_t event)
author	Damien Miller <djm@mindrot.org>	2018-07-20 13:18:28 +1000
committer	Damien Miller <djm@mindrot.org>	2018-07-31 12:59:30 +1000
commit	87f08be054b7eeadbb9cdeb3fb4872be79ccf218 (patch)
tree	80bfc724ddd93228b8571702a2f153787994022b /monitor_wrap.c
parent	5d14019ba2ff54acbfd20a6b9b96bb860a8c7c31 (diff)

diff --git a/monitor_wrap.c b/monitor_wrap.c index 3cb26c2ac..732fb3476 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c
@@ -867,73 +867,6 @@ mm_bsdauth_respond(void ctx, u_int numresponses, char *responses)
867	return ((authok == 0) ? -1 : 0);	867	return ((authok == 0) ? -1 : 0);
868	}	868	}
869		869
870	#ifdef SKEY
871	int
872	mm_skey_query(void ctx, char name, char *infotxt,
873	u_int numprompts, char prompts, u_int echo_on)
874	{
875	struct sshbuf *m;
876	u_int success;
877	char *challenge;
878	int r;
879
880	debug3("%s: entering", __func__);
881
882	if ((m = sshbuf_new()) == NULL)
883	fatal("%s: sshbuf_new failed", __func__);
884	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SKEYQUERY, m);
885
886	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_SKEYQUERY, m);
887	if ((r = sshbuf_get_u32(m, &success)) != 0)
888	fatal("%s: buffer error: %s", __func__, ssh_err(r));
889	if (success == 0) {
890	debug3("%s: no challenge", __func__);
891	sshbuf_free(m);
892	return (-1);
893	}
894
895	/* Get the challenge, and format the response */
896	if ((r = sshbuf_get_cstring(m, &challenge, NULL)) != 0)
897	fatal("%s: buffer error: %s", __func__, ssh_err(r));
898	sshbuf_free(m);
899
900	debug3("%s: received challenge: %s", __func__, challenge);
901
902	mm_chall_setup(name, infotxt, numprompts, prompts, echo_on);
903
904	xasprintf(*prompts, "%s%s", challenge, SKEY_PROMPT);
905	free(challenge);
906
907	return (0);
908	}
909
910	int
911	mm_skey_respond(void ctx, u_int numresponses, char *responses)
912	{
913	struct sshbuf *m;
914	int authok, r;
915
916	debug3("%s: entering", __func__);
917	if (numresponses != 1)
918	return (-1);
919
920	if ((m = sshbuf_new()) == NULL)
921	fatal("%s: sshbuf_new failed", __func__);
922	if ((r = sshbuf_put_cstring(m, responses[0])) != 0)
923	fatal("%s: buffer error: %s", __func__, ssh_err(r));
924	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SKEYRESPOND, m);
925
926	mm_request_receive_expect(pmonitor->m_recvfd,
927	MONITOR_ANS_SKEYRESPOND, m);
928
929	if ((r = sshbuf_get_u32(m, &authok)) != 0)
930	fatal("%s: buffer error: %s", __func__, ssh_err(r));
931	sshbuf_free(m);
932
933	return ((authok == 0) ? -1 : 0);
934	}
935	#endif /* SKEY */
936
937	#ifdef SSH_AUDIT_EVENTS	870	#ifdef SSH_AUDIT_EVENTS
938	void	871	void
939	mm_audit_event(ssh_audit_event_t event)	872	mm_audit_event(ssh_audit_event_t event)