4 files changed, 86 insertions, 6 deletions
diff --git a/ChangeLog b/ChangeLog
index 7047fd903..3673be9e1 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -11,6 +11,9 @@
   - markus@cvs.openbsd.org 2002/03/26 15:23:40
     [bufaux.c]
     do not talk about packets in bufaux
+   - markus@cvs.openbsd.org 2002/03/26 15:58:46
+     [readpass.c readpass.h sshconnect2.c]
+     client side support for PASSWD_CHANGEREQ
 20020325
 - (stevesk) import OpenBSD <sys/tree.h> as "openbsd-compat/tree.h"
@@ -8074,4 +8077,4 @@
 - Wrote replacements for strlcpy and mkdtemp
 - Released 1.0pre1
-$Id: ChangeLog,v 1.1995 2002/03/27 17:23:44 mouring Exp $
+$Id: ChangeLog,v 1.1996 2002/03/27 17:28:46 mouring Exp $
diff --git a/readpass.c b/readpass.c
index b4421ade0..96b7e84b4 100644
--- a/readpass.c
+++ b/readpass.c
@@ -23,7 +23,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: readpass.c,v 1.26 2002/02/13 00:39:15 markus Exp $");
+RCSID("$OpenBSD: readpass.c,v 1.27 2002/03/26 15:58:46 markus Exp $");
 #include "xmalloc.h"
 #include "readpass.h"
@@ -118,8 +118,11 @@ read_passphrase(const char *prompt, int flags)
                return ssh_askpass(askpass, prompt);
        }
-        if (readpassphrase(prompt, buf, sizeof buf, rppflags) == NULL)
+        if (readpassphrase(prompt, buf, sizeof buf, rppflags) == NULL) {
+                if (flags & RP_ALLOW_EOF)
+                        return NULL;
                return xstrdup("");
+        }
        ret = xstrdup(buf);
        memset(buf, 'x', sizeof buf);
diff --git a/readpass.h b/readpass.h
index 229973c68..a45d32f2a 100644
--- a/readpass.h
+++ b/readpass.h
@@ -1,4 +1,4 @@
-/*      $OpenBSD: readpass.h,v 1.6 2001/06/26 17:27:24 markus Exp $     */
+/*      $OpenBSD: readpass.h,v 1.7 2002/03/26 15:58:46 markus Exp $     */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -14,5 +14,6 @@
 #define RP_ECHO                 0x0001
 #define RP_ALLOW_STDIN          0x0002
+#define RP_ALLOW_EOF            0x0004
 char    *read_passphrase(const char *, int);
diff --git a/sshconnect2.c b/sshconnect2.c
index fbd18aaa7..d8e1df5ca 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -23,7 +23,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.98 2002/03/19 10:49:35 markus Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.99 2002/03/26 15:58:46 markus Exp $");
 #include "ssh.h"
 #include "ssh2.h"
@@ -172,6 +172,7 @@ void	input_userauth_banner(int, u_int32_t, void *);
 void    input_userauth_error(int, u_int32_t, void *);
 void    input_userauth_info_req(int, u_int32_t, void *);
 void    input_userauth_pk_ok(int, u_int32_t, void *);
+void    input_userauth_passwd_changereq(int, u_int32_t, void *);
 int     userauth_none(Authctxt *);
 int     userauth_pubkey(Authctxt *);
@@ -439,7 +440,7 @@ int
 userauth_passwd(Authctxt *authctxt)
 {
        static int attempt = 0;
-        char prompt[80];
+        char prompt[150];
        char *password;
        if (attempt++ >= options.number_of_password_prompts)
@@ -461,13 +462,85 @@ userauth_passwd(Authctxt *authctxt)
        xfree(password);
        packet_add_padding(64);
        packet_send();
+        dispatch_set(SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ, 
+            &input_userauth_passwd_changereq);
        return 1;
 }
+/*
+ * parse PASSWD_CHANGEREQ, prompt user and send SSH2_MSG_USERAUTH_REQUEST
+ */
+void
+input_userauth_passwd_changereq(int type, uint32_t seqnr, void *ctxt)
+{
+        Authctxt *authctxt = ctxt;
+        char *info, *lang, *password = NULL, *retype = NULL;
+        char prompt[150];
+        debug2("input_userauth_passwd_changereq");
+        if (authctxt == NULL)
+                fatal("input_userauth_passwd_changereq: "
+                    "no authentication context");
+        info = packet_get_string(NULL);
+        lang = packet_get_string(NULL);
+        if (strlen(info) > 0)
+                log("%s", info);
+        xfree(info);
+        xfree(lang);
+        packet_start(SSH2_MSG_USERAUTH_REQUEST);
+        packet_put_cstring(authctxt->server_user);
+        packet_put_cstring(authctxt->service);
+        packet_put_cstring(authctxt->method->name);
+        packet_put_char(1);                     /* additional info */
+        snprintf(prompt, sizeof(prompt), 
+            "Enter %.30s@%.128s's old password: ",
+            authctxt->server_user, authctxt->host);
+        password = read_passphrase(prompt, 0);
+        packet_put_cstring(password);
+        memset(password, 0, strlen(password));
+        xfree(password);
+        password = NULL;
+        while (password == NULL) {
+                snprintf(prompt, sizeof(prompt), 
+                    "Enter %.30s@%.128s's new password: ",
+                    authctxt->server_user, authctxt->host);
+                password = read_passphrase(prompt, RP_ALLOW_EOF);
+                if (password == NULL) {
+                        /* bail out */
+                        return;
+                }
+                snprintf(prompt, sizeof(prompt), 
+                    "Retype %.30s@%.128s's new password: ",
+                    authctxt->server_user, authctxt->host);
+                retype = read_passphrase(prompt, 0);
+                if (strcmp(password, retype) != 0) {
+                        memset(password, 0, strlen(password));
+                        xfree(password);
+                        log("Mismatch; try again, EOF to quit.");
+                        password = NULL;
+                }
+                memset(retype, 0, strlen(retype));
+                xfree(retype);
+        }
+        packet_put_cstring(password);
+        memset(password, 0, strlen(password));
+        xfree(password);
+        packet_add_padding(64);
+        packet_send();
+        
+        dispatch_set(SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ, 
+            &input_userauth_passwd_changereq);
+}
 static void
 clear_auth_state(Authctxt *authctxt)
 {
        /* XXX clear authentication state */
+        dispatch_set(SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ, NULL);
        if (authctxt->last_key != NULL && authctxt->last_key_hint == -1) {
                debug3("clear_auth_state: key_free %p", authctxt->last_key);
                key_free(authctxt->last_key);

diff --git a/ChangeLog b/ChangeLog index 7047fd903..3673be9e1 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -11,6 +11,9 @@
11	- markus@cvs.openbsd.org 2002/03/26 15:23:40	11	- markus@cvs.openbsd.org 2002/03/26 15:23:40
12	[bufaux.c]	12	[bufaux.c]
13	do not talk about packets in bufaux	13	do not talk about packets in bufaux
		14	- markus@cvs.openbsd.org 2002/03/26 15:58:46
		15	[readpass.c readpass.h sshconnect2.c]
		16	client side support for PASSWD_CHANGEREQ
14		17
15	20020325	18	20020325
16	- (stevesk) import OpenBSD <sys/tree.h> as "openbsd-compat/tree.h"	19	- (stevesk) import OpenBSD <sys/tree.h> as "openbsd-compat/tree.h"
@@ -8074,4 +8077,4 @@
8074	- Wrote replacements for strlcpy and mkdtemp	8077	- Wrote replacements for strlcpy and mkdtemp
8075	- Released 1.0pre1	8078	- Released 1.0pre1
8076		8079
8077	$Id: ChangeLog,v 1.1995 2002/03/27 17:23:44 mouring Exp $	8080	$Id: ChangeLog,v 1.1996 2002/03/27 17:28:46 mouring Exp $


diff --git a/readpass.c b/readpass.c index b4421ade0..96b7e84b4 100644 --- a/readpass.c +++ b/readpass.c
@@ -23,7 +23,7 @@
23	*/	23	*/
24		24
25	#include "includes.h"	25	#include "includes.h"
26	RCSID("$OpenBSD: readpass.c,v 1.26 2002/02/13 00:39:15 markus Exp $");	26	RCSID("$OpenBSD: readpass.c,v 1.27 2002/03/26 15:58:46 markus Exp $");
27		27
28	#include "xmalloc.h"	28	#include "xmalloc.h"
29	#include "readpass.h"	29	#include "readpass.h"
@@ -118,8 +118,11 @@ read_passphrase(const char *prompt, int flags)
118	return ssh_askpass(askpass, prompt);	118	return ssh_askpass(askpass, prompt);
119	}	119	}
120		120
121	if (readpassphrase(prompt, buf, sizeof buf, rppflags) == NULL)	121	if (readpassphrase(prompt, buf, sizeof buf, rppflags) == NULL) {
		122	if (flags & RP_ALLOW_EOF)
		123	return NULL;
122	return xstrdup("");	124	return xstrdup("");
		125	}
123		126
124	ret = xstrdup(buf);	127	ret = xstrdup(buf);
125	memset(buf, 'x', sizeof buf);	128	memset(buf, 'x', sizeof buf);


diff --git a/readpass.h b/readpass.h index 229973c68..a45d32f2a 100644 --- a/readpass.h +++ b/readpass.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: readpass.h,v 1.6 2001/06/26 17:27:24 markus Exp $ */	1	/* $OpenBSD: readpass.h,v 1.7 2002/03/26 15:58:46 markus Exp $ */
2		2
3	/*	3	/*
4	* Author: Tatu Ylonen <ylo@cs.hut.fi>	4	* Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -14,5 +14,6 @@
14		14
15	#define RP_ECHO 0x0001	15	#define RP_ECHO 0x0001
16	#define RP_ALLOW_STDIN 0x0002	16	#define RP_ALLOW_STDIN 0x0002
		17	#define RP_ALLOW_EOF 0x0004
17		18
18	char read_passphrase(const char , int);	19	char read_passphrase(const char , int);


diff --git a/sshconnect2.c b/sshconnect2.c index fbd18aaa7..d8e1df5ca 100644 --- a/sshconnect2.c +++ b/sshconnect2.c
@@ -23,7 +23,7 @@
23	*/	23	*/
24		24
25	#include "includes.h"	25	#include "includes.h"
26	RCSID("$OpenBSD: sshconnect2.c,v 1.98 2002/03/19 10:49:35 markus Exp $");	26	RCSID("$OpenBSD: sshconnect2.c,v 1.99 2002/03/26 15:58:46 markus Exp $");
27		27
28	#include "ssh.h"	28	#include "ssh.h"
29	#include "ssh2.h"	29	#include "ssh2.h"
@@ -172,6 +172,7 @@ void input_userauth_banner(int, u_int32_t, void *);
172	void input_userauth_error(int, u_int32_t, void *);	172	void input_userauth_error(int, u_int32_t, void *);
173	void input_userauth_info_req(int, u_int32_t, void *);	173	void input_userauth_info_req(int, u_int32_t, void *);
174	void input_userauth_pk_ok(int, u_int32_t, void *);	174	void input_userauth_pk_ok(int, u_int32_t, void *);
		175	void input_userauth_passwd_changereq(int, u_int32_t, void *);
175		176
176	int userauth_none(Authctxt *);	177	int userauth_none(Authctxt *);
177	int userauth_pubkey(Authctxt *);	178	int userauth_pubkey(Authctxt *);
@@ -439,7 +440,7 @@ int
439	userauth_passwd(Authctxt *authctxt)	440	userauth_passwd(Authctxt *authctxt)
440	{	441	{
441	static int attempt = 0;	442	static int attempt = 0;
442	char prompt[80];	443	char prompt[150];
443	char *password;	444	char *password;
444		445
445	if (attempt++ >= options.number_of_password_prompts)	446	if (attempt++ >= options.number_of_password_prompts)
@@ -461,13 +462,85 @@ userauth_passwd(Authctxt *authctxt)
461	xfree(password);	462	xfree(password);
462	packet_add_padding(64);	463	packet_add_padding(64);
463	packet_send();	464	packet_send();
		465
		466	dispatch_set(SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ,
		467	&input_userauth_passwd_changereq);
		468
464	return 1;	469	return 1;
465	}	470	}
		471	/*
		472	* parse PASSWD_CHANGEREQ, prompt user and send SSH2_MSG_USERAUTH_REQUEST
		473	*/
		474	void
		475	input_userauth_passwd_changereq(int type, uint32_t seqnr, void *ctxt)
		476	{
		477	Authctxt *authctxt = ctxt;
		478	char info, lang, password = NULL, retype = NULL;
		479	char prompt[150];
		480
		481	debug2("input_userauth_passwd_changereq");
		482
		483	if (authctxt == NULL)
		484	fatal("input_userauth_passwd_changereq: "
		485	"no authentication context");
		486
		487	info = packet_get_string(NULL);
		488	lang = packet_get_string(NULL);
		489	if (strlen(info) > 0)
		490	log("%s", info);
		491	xfree(info);
		492	xfree(lang);
		493	packet_start(SSH2_MSG_USERAUTH_REQUEST);
		494	packet_put_cstring(authctxt->server_user);
		495	packet_put_cstring(authctxt->service);
		496	packet_put_cstring(authctxt->method->name);
		497	packet_put_char(1); /* additional info */
		498	snprintf(prompt, sizeof(prompt),
		499	"Enter %.30s@%.128s's old password: ",
		500	authctxt->server_user, authctxt->host);
		501	password = read_passphrase(prompt, 0);
		502	packet_put_cstring(password);
		503	memset(password, 0, strlen(password));
		504	xfree(password);
		505	password = NULL;
		506	while (password == NULL) {
		507	snprintf(prompt, sizeof(prompt),
		508	"Enter %.30s@%.128s's new password: ",
		509	authctxt->server_user, authctxt->host);
		510	password = read_passphrase(prompt, RP_ALLOW_EOF);
		511	if (password == NULL) {
		512	/* bail out */
		513	return;
		514	}
		515	snprintf(prompt, sizeof(prompt),
		516	"Retype %.30s@%.128s's new password: ",
		517	authctxt->server_user, authctxt->host);
		518	retype = read_passphrase(prompt, 0);
		519	if (strcmp(password, retype) != 0) {
		520	memset(password, 0, strlen(password));
		521	xfree(password);
		522	log("Mismatch; try again, EOF to quit.");
		523	password = NULL;
		524	}
		525	memset(retype, 0, strlen(retype));
		526	xfree(retype);
		527	}
		528	packet_put_cstring(password);
		529	memset(password, 0, strlen(password));
		530	xfree(password);
		531	packet_add_padding(64);
		532	packet_send();
		533
		534	dispatch_set(SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ,
		535	&input_userauth_passwd_changereq);
		536	}
466		537
467	static void	538	static void
468	clear_auth_state(Authctxt *authctxt)	539	clear_auth_state(Authctxt *authctxt)
469	{	540	{
470	/* XXX clear authentication state */	541	/* XXX clear authentication state */
		542	dispatch_set(SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ, NULL);
		543
471	if (authctxt->last_key != NULL && authctxt->last_key_hint == -1) {	544	if (authctxt->last_key != NULL && authctxt->last_key_hint == -1) {
472	debug3("clear_auth_state: key_free %p", authctxt->last_key);	545	debug3("clear_auth_state: key_free %p", authctxt->last_key);
473	key_free(authctxt->last_key);	546	key_free(authctxt->last_key);