diff options
Diffstat (limited to 'auth-chall.c')
-rw-r--r-- | auth-chall.c | 110 |
1 files changed, 44 insertions, 66 deletions
diff --git a/auth-chall.c b/auth-chall.c index f3502f4ee..45e0c3452 100644 --- a/auth-chall.c +++ b/auth-chall.c | |||
@@ -23,82 +23,60 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: auth-chall.c,v 1.7 2001/04/05 10:42:47 markus Exp $"); | 26 | RCSID("$OpenBSD: auth-chall.c,v 1.8 2001/05/18 14:13:28 markus Exp $"); |
27 | 27 | ||
28 | #include "auth.h" | 28 | #include "auth.h" |
29 | #include "log.h" | 29 | #include "log.h" |
30 | #include "xmalloc.h" | ||
30 | 31 | ||
31 | #ifdef BSD_AUTH | 32 | /* limited protocol v1 interface to kbd-interactive authentication */ |
32 | char * | ||
33 | get_challenge(Authctxt *authctxt, char *devs) | ||
34 | { | ||
35 | char *challenge; | ||
36 | 33 | ||
37 | if (authctxt->as != NULL) { | 34 | extern KbdintDevice *devices[]; |
38 | debug2("try reuse session"); | 35 | static KbdintDevice *device; |
39 | challenge = auth_getitem(authctxt->as, AUTHV_CHALLENGE); | ||
40 | if (challenge != NULL) { | ||
41 | debug2("reuse bsd auth session"); | ||
42 | return challenge; | ||
43 | } | ||
44 | auth_close(authctxt->as); | ||
45 | authctxt->as = NULL; | ||
46 | } | ||
47 | debug2("new bsd auth session"); | ||
48 | if (devs == NULL || strlen(devs) == 0) | ||
49 | devs = authctxt->style; | ||
50 | debug3("bsd auth: devs %s", devs ? devs : "<default>"); | ||
51 | authctxt->as = auth_userchallenge(authctxt->user, devs, "auth-ssh", | ||
52 | &challenge); | ||
53 | if (authctxt->as == NULL) | ||
54 | return NULL; | ||
55 | debug2("get_challenge: <%s>", challenge ? challenge : "EMPTY"); | ||
56 | return challenge; | ||
57 | } | ||
58 | int | ||
59 | verify_response(Authctxt *authctxt, char *response) | ||
60 | { | ||
61 | int authok; | ||
62 | |||
63 | if (authctxt->as == 0) | ||
64 | error("verify_response: no bsd auth session"); | ||
65 | authok = auth_userresponse(authctxt->as, response, 0); | ||
66 | authctxt->as = NULL; | ||
67 | debug("verify_response: <%s> = <%d>", response, authok); | ||
68 | return authok != 0; | ||
69 | } | ||
70 | #else | ||
71 | #ifdef SKEY | ||
72 | #include <skey.h> | ||
73 | 36 | ||
74 | char * | 37 | char * |
75 | get_challenge(Authctxt *authctxt, char *devs) | 38 | get_challenge(Authctxt *authctxt) |
76 | { | 39 | { |
77 | static char challenge[1024]; | 40 | char *challenge, *name, *info, **prompts; |
78 | struct skey skey; | 41 | u_int i, numprompts; |
79 | if (skeychallenge(&skey, authctxt->user, challenge) == -1) | 42 | u_int *echo_on; |
43 | |||
44 | device = devices[0]; /* we always use the 1st device for protocol 1 */ | ||
45 | if (device == NULL) | ||
80 | return NULL; | 46 | return NULL; |
81 | strlcat(challenge, "\nS/Key Password: ", sizeof challenge); | 47 | if ((authctxt->kbdintctxt = device->init_ctx(authctxt)) == NULL) |
82 | return challenge; | 48 | return NULL; |
83 | } | 49 | if (device->query(authctxt->kbdintctxt, &name, &info, |
84 | int | 50 | &numprompts, &prompts, &echo_on)) { |
85 | verify_response(Authctxt *authctxt, char *response) | 51 | device->free_ctx(authctxt->kbdintctxt); |
86 | { | 52 | authctxt->kbdintctxt = NULL; |
87 | return (authctxt->valid && | 53 | return NULL; |
88 | skey_haskey(authctxt->pw->pw_name) == 0 && | 54 | } |
89 | skey_passcheck(authctxt->pw->pw_name, response) != -1); | 55 | if (numprompts < 1) |
90 | } | 56 | fatal("get_challenge: numprompts < 1"); |
91 | #else | 57 | challenge = xstrdup(prompts[0]); |
92 | /* not available */ | 58 | for (i = 0; i < numprompts; i++) |
93 | char * | 59 | xfree(prompts[i]); |
94 | get_challenge(Authctxt *authctxt, char *devs) | 60 | xfree(prompts); |
95 | { | 61 | xfree(name); |
96 | return NULL; | 62 | xfree(echo_on); |
63 | xfree(info); | ||
64 | |||
65 | return (challenge); | ||
97 | } | 66 | } |
98 | int | 67 | int |
99 | verify_response(Authctxt *authctxt, char *response) | 68 | verify_response(Authctxt *authctxt, const char *response) |
100 | { | 69 | { |
101 | return 0; | 70 | char *resp[1]; |
71 | int res; | ||
72 | |||
73 | if (device == NULL) | ||
74 | return 0; | ||
75 | if (authctxt->kbdintctxt == NULL) | ||
76 | return 0; | ||
77 | resp[0] = (char *)response; | ||
78 | res = device->respond(authctxt->kbdintctxt, 1, resp); | ||
79 | device->free_ctx(authctxt->kbdintctxt); | ||
80 | authctxt->kbdintctxt = NULL; | ||
81 | return res ? 0 : 1; | ||
102 | } | 82 | } |
103 | #endif | ||
104 | #endif | ||