diff options
| -rw-r--r-- | ChangeLog | 5 | ||||
| -rw-r--r-- | sshconnect1.c | 56 |
2 files changed, 35 insertions, 26 deletions
| @@ -2,6 +2,11 @@ | |||
| 2 | - (bal) Applied patch to include ssh-keyscan into Redhat's package, and | 2 | - (bal) Applied patch to include ssh-keyscan into Redhat's package, and |
| 3 | patch to install ssh-keyscan manpage. Patch by Pekka Savola | 3 | patch to install ssh-keyscan manpage. Patch by Pekka Savola |
| 4 | <pekka@netcore.fi> | 4 | <pekka@netcore.fi> |
| 5 | - (bal) OpenbSD CVS update | ||
| 6 | - markus@cvs.openbsd.org 2000/12/10 17:01:53 | ||
| 7 | [sshconnect1.c] | ||
| 8 | always request new challenge for skey/tis-auth, fixes interop with | ||
| 9 | other implementations; report from roth@feep.net | ||
| 5 | 10 | ||
| 6 | 20001210 | 11 | 20001210 |
| 7 | - (bal) OpenBSD CVS updates | 12 | - (bal) OpenBSD CVS updates |
diff --git a/sshconnect1.c b/sshconnect1.c index 709329713..f95c031da 100644 --- a/sshconnect1.c +++ b/sshconnect1.c | |||
| @@ -13,7 +13,7 @@ | |||
| 13 | */ | 13 | */ |
| 14 | 14 | ||
| 15 | #include "includes.h" | 15 | #include "includes.h" |
| 16 | RCSID("$OpenBSD: sshconnect1.c,v 1.11 2000/11/25 16:42:53 markus Exp $"); | 16 | RCSID("$OpenBSD: sshconnect1.c,v 1.12 2000/12/10 17:01:53 markus Exp $"); |
| 17 | 17 | ||
| 18 | #include <openssl/bn.h> | 18 | #include <openssl/bn.h> |
| 19 | #include <openssl/dsa.h> | 19 | #include <openssl/dsa.h> |
| @@ -604,37 +604,41 @@ try_skey_authentication() | |||
| 604 | int type, i; | 604 | int type, i; |
| 605 | int payload_len; | 605 | int payload_len; |
| 606 | unsigned int clen; | 606 | unsigned int clen; |
| 607 | char prompt[1024]; | ||
| 607 | char *challenge, *response; | 608 | char *challenge, *response; |
| 608 | 609 | ||
| 609 | debug("Doing skey authentication."); | 610 | debug("Doing skey authentication."); |
| 610 | 611 | ||
| 611 | /* request a challenge */ | ||
| 612 | packet_start(SSH_CMSG_AUTH_TIS); | ||
| 613 | packet_send(); | ||
| 614 | packet_write_wait(); | ||
| 615 | |||
| 616 | type = packet_read(&payload_len); | ||
| 617 | if (type != SSH_SMSG_FAILURE && | ||
| 618 | type != SSH_SMSG_AUTH_TIS_CHALLENGE) { | ||
| 619 | packet_disconnect("Protocol error: got %d in response " | ||
| 620 | "to skey-auth", type); | ||
| 621 | } | ||
| 622 | if (type != SSH_SMSG_AUTH_TIS_CHALLENGE) { | ||
| 623 | debug("No challenge for skey authentication."); | ||
| 624 | return 0; | ||
| 625 | } | ||
| 626 | challenge = packet_get_string(&clen); | ||
| 627 | packet_integrity_check(payload_len, (4 + clen), type); | ||
| 628 | if (options.cipher == SSH_CIPHER_NONE) | ||
| 629 | log("WARNING: Encryption is disabled! " | ||
| 630 | "Reponse will be transmitted in clear text."); | ||
| 631 | fprintf(stderr, "%s\n", challenge); | ||
| 632 | xfree(challenge); | ||
| 633 | fflush(stderr); | ||
| 634 | for (i = 0; i < options.number_of_password_prompts; i++) { | 612 | for (i = 0; i < options.number_of_password_prompts; i++) { |
| 613 | /* request a challenge */ | ||
| 614 | packet_start(SSH_CMSG_AUTH_TIS); | ||
| 615 | packet_send(); | ||
| 616 | packet_write_wait(); | ||
| 617 | |||
| 618 | type = packet_read(&payload_len); | ||
| 619 | if (type != SSH_SMSG_FAILURE && | ||
| 620 | type != SSH_SMSG_AUTH_TIS_CHALLENGE) { | ||
| 621 | packet_disconnect("Protocol error: got %d in response " | ||
| 622 | "to skey-auth", type); | ||
| 623 | } | ||
| 624 | if (type != SSH_SMSG_AUTH_TIS_CHALLENGE) { | ||
| 625 | debug("No challenge for skey authentication."); | ||
| 626 | return 0; | ||
| 627 | } | ||
| 628 | challenge = packet_get_string(&clen); | ||
| 629 | packet_integrity_check(payload_len, (4 + clen), type); | ||
| 630 | snprintf(prompt, sizeof prompt, "%s\nResponse: ", challenge); | ||
| 631 | xfree(challenge); | ||
| 635 | if (i != 0) | 632 | if (i != 0) |
| 636 | error("Permission denied, please try again."); | 633 | error("Permission denied, please try again."); |
| 637 | response = read_passphrase("Response: ", 0); | 634 | if (options.cipher == SSH_CIPHER_NONE) |
| 635 | log("WARNING: Encryption is disabled! " | ||
| 636 | "Reponse will be transmitted in clear text."); | ||
| 637 | response = read_passphrase(prompt, 0); | ||
| 638 | if (strcmp(response, "") == 0) { | ||
| 639 | xfree(response); | ||
| 640 | break; | ||
| 641 | } | ||
| 638 | packet_start(SSH_CMSG_AUTH_TIS_RESPONSE); | 642 | packet_start(SSH_CMSG_AUTH_TIS_RESPONSE); |
| 639 | packet_put_string(response, strlen(response)); | 643 | packet_put_string(response, strlen(response)); |
| 640 | memset(response, 0, strlen(response)); | 644 | memset(response, 0, strlen(response)); |
| @@ -646,7 +650,7 @@ try_skey_authentication() | |||
| 646 | return 1; | 650 | return 1; |
| 647 | if (type != SSH_SMSG_FAILURE) | 651 | if (type != SSH_SMSG_FAILURE) |
| 648 | packet_disconnect("Protocol error: got %d in response " | 652 | packet_disconnect("Protocol error: got %d in response " |
| 649 | "to skey-auth-reponse", type); | 653 | "to skey-auth-reponse", type); |
| 650 | } | 654 | } |
| 651 | /* failure */ | 655 | /* failure */ |
| 652 | return 0; | 656 | return 0; |