diff options
author | Damien Miller <djm@mindrot.org> | 2018-07-20 13:18:28 +1000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2018-07-31 12:59:30 +1000 |
commit | 87f08be054b7eeadbb9cdeb3fb4872be79ccf218 (patch) | |
tree | 80bfc724ddd93228b8571702a2f153787994022b /monitor_wrap.c | |
parent | 5d14019ba2ff54acbfd20a6b9b96bb860a8c7c31 (diff) |
Remove support for S/Key
Most people will 1) be using modern multi-factor authentication methods
like TOTP/OATH etc and 2) be getting support for multi-factor
authentication via PAM or BSD Auth.
Diffstat (limited to 'monitor_wrap.c')
-rw-r--r-- | monitor_wrap.c | 67 |
1 files changed, 0 insertions, 67 deletions
diff --git a/monitor_wrap.c b/monitor_wrap.c index 3cb26c2ac..732fb3476 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c | |||
@@ -867,73 +867,6 @@ mm_bsdauth_respond(void *ctx, u_int numresponses, char **responses) | |||
867 | return ((authok == 0) ? -1 : 0); | 867 | return ((authok == 0) ? -1 : 0); |
868 | } | 868 | } |
869 | 869 | ||
870 | #ifdef SKEY | ||
871 | int | ||
872 | mm_skey_query(void *ctx, char **name, char **infotxt, | ||
873 | u_int *numprompts, char ***prompts, u_int **echo_on) | ||
874 | { | ||
875 | struct sshbuf *m; | ||
876 | u_int success; | ||
877 | char *challenge; | ||
878 | int r; | ||
879 | |||
880 | debug3("%s: entering", __func__); | ||
881 | |||
882 | if ((m = sshbuf_new()) == NULL) | ||
883 | fatal("%s: sshbuf_new failed", __func__); | ||
884 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SKEYQUERY, m); | ||
885 | |||
886 | mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_SKEYQUERY, m); | ||
887 | if ((r = sshbuf_get_u32(m, &success)) != 0) | ||
888 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | ||
889 | if (success == 0) { | ||
890 | debug3("%s: no challenge", __func__); | ||
891 | sshbuf_free(m); | ||
892 | return (-1); | ||
893 | } | ||
894 | |||
895 | /* Get the challenge, and format the response */ | ||
896 | if ((r = sshbuf_get_cstring(m, &challenge, NULL)) != 0) | ||
897 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | ||
898 | sshbuf_free(m); | ||
899 | |||
900 | debug3("%s: received challenge: %s", __func__, challenge); | ||
901 | |||
902 | mm_chall_setup(name, infotxt, numprompts, prompts, echo_on); | ||
903 | |||
904 | xasprintf(*prompts, "%s%s", challenge, SKEY_PROMPT); | ||
905 | free(challenge); | ||
906 | |||
907 | return (0); | ||
908 | } | ||
909 | |||
910 | int | ||
911 | mm_skey_respond(void *ctx, u_int numresponses, char **responses) | ||
912 | { | ||
913 | struct sshbuf *m; | ||
914 | int authok, r; | ||
915 | |||
916 | debug3("%s: entering", __func__); | ||
917 | if (numresponses != 1) | ||
918 | return (-1); | ||
919 | |||
920 | if ((m = sshbuf_new()) == NULL) | ||
921 | fatal("%s: sshbuf_new failed", __func__); | ||
922 | if ((r = sshbuf_put_cstring(m, responses[0])) != 0) | ||
923 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | ||
924 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SKEYRESPOND, m); | ||
925 | |||
926 | mm_request_receive_expect(pmonitor->m_recvfd, | ||
927 | MONITOR_ANS_SKEYRESPOND, m); | ||
928 | |||
929 | if ((r = sshbuf_get_u32(m, &authok)) != 0) | ||
930 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | ||
931 | sshbuf_free(m); | ||
932 | |||
933 | return ((authok == 0) ? -1 : 0); | ||
934 | } | ||
935 | #endif /* SKEY */ | ||
936 | |||
937 | #ifdef SSH_AUDIT_EVENTS | 870 | #ifdef SSH_AUDIT_EVENTS |
938 | void | 871 | void |
939 | mm_audit_event(ssh_audit_event_t event) | 872 | mm_audit_event(ssh_audit_event_t event) |