summaryrefslogtreecommitdiff
path: root/auth2-chall.c
diff options
context:
space:
mode:
Diffstat (limited to 'auth2-chall.c')
-rw-r--r--auth2-chall.c69
1 files changed, 40 insertions, 29 deletions
diff --git a/auth2-chall.c b/auth2-chall.c
index 11c8d31b3..5edd0e653 100644
--- a/auth2-chall.c
+++ b/auth2-chall.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth2-chall.c,v 1.48 2017/05/30 14:29:59 markus Exp $ */ 1/* $OpenBSD: auth2-chall.c,v 1.49 2018/07/09 21:35:50 markus Exp $ */
2/* 2/*
3 * Copyright (c) 2001 Markus Friedl. All rights reserved. 3 * Copyright (c) 2001 Markus Friedl. All rights reserved.
4 * Copyright (c) 2001 Per Allansson. All rights reserved. 4 * Copyright (c) 2001 Per Allansson. All rights reserved.
@@ -34,12 +34,13 @@
34 34
35#include "xmalloc.h" 35#include "xmalloc.h"
36#include "ssh2.h" 36#include "ssh2.h"
37#include "key.h" 37#include "sshkey.h"
38#include "hostfile.h" 38#include "hostfile.h"
39#include "auth.h" 39#include "auth.h"
40#include "buffer.h" 40#include "sshbuf.h"
41#include "packet.h" 41#include "packet.h"
42#include "dispatch.h" 42#include "dispatch.h"
43#include "ssherr.h"
43#include "log.h" 44#include "log.h"
44#include "misc.h" 45#include "misc.h"
45#include "servconf.h" 46#include "servconf.h"
@@ -48,7 +49,7 @@
48extern ServerOptions options; 49extern ServerOptions options;
49 50
50static int auth2_challenge_start(struct ssh *); 51static int auth2_challenge_start(struct ssh *);
51static int send_userauth_info_request(Authctxt *); 52static int send_userauth_info_request(struct ssh *);
52static int input_userauth_info_response(int, u_int32_t, struct ssh *); 53static int input_userauth_info_response(int, u_int32_t, struct ssh *);
53 54
54#ifdef BSD_AUTH 55#ifdef BSD_AUTH
@@ -105,8 +106,8 @@ static KbdintAuthctxt *
105kbdint_alloc(const char *devs) 106kbdint_alloc(const char *devs)
106{ 107{
107 KbdintAuthctxt *kbdintctxt; 108 KbdintAuthctxt *kbdintctxt;
108 Buffer b; 109 struct sshbuf *b;
109 int i; 110 int i, r;
110 111
111#ifdef USE_PAM 112#ifdef USE_PAM
112 if (!options.use_pam) 113 if (!options.use_pam)
@@ -115,16 +116,17 @@ kbdint_alloc(const char *devs)
115 116
116 kbdintctxt = xcalloc(1, sizeof(KbdintAuthctxt)); 117 kbdintctxt = xcalloc(1, sizeof(KbdintAuthctxt));
117 if (strcmp(devs, "") == 0) { 118 if (strcmp(devs, "") == 0) {
118 buffer_init(&b); 119 if ((b = sshbuf_new()) == NULL)
120 fatal("%s: sshbuf_new failed", __func__);
119 for (i = 0; devices[i]; i++) { 121 for (i = 0; devices[i]; i++) {
120 if (buffer_len(&b) > 0) 122 if ((r = sshbuf_putf(b, "%s%s",
121 buffer_append(&b, ",", 1); 123 sshbuf_len(b) ? "," : "", devices[i]->name)) != 0)
122 buffer_append(&b, devices[i]->name, 124 fatal("%s: buffer error: %s",
123 strlen(devices[i]->name)); 125 __func__, ssh_err(r));
124 } 126 }
125 if ((kbdintctxt->devices = sshbuf_dup_string(&b)) == NULL) 127 if ((kbdintctxt->devices = sshbuf_dup_string(b)) == NULL)
126 fatal("%s: sshbuf_dup_string failed", __func__); 128 fatal("%s: sshbuf_dup_string failed", __func__);
127 buffer_free(&b); 129 sshbuf_free(b);
128 } else { 130 } else {
129 kbdintctxt->devices = xstrdup(devs); 131 kbdintctxt->devices = xstrdup(devs);
130 } 132 }
@@ -243,7 +245,7 @@ auth2_challenge_start(struct ssh *ssh)
243 auth2_challenge_stop(ssh); 245 auth2_challenge_stop(ssh);
244 return 0; 246 return 0;
245 } 247 }
246 if (send_userauth_info_request(authctxt) == 0) { 248 if (send_userauth_info_request(ssh) == 0) {
247 auth2_challenge_stop(ssh); 249 auth2_challenge_stop(ssh);
248 return 0; 250 return 0;
249 } 251 }
@@ -255,28 +257,32 @@ auth2_challenge_start(struct ssh *ssh)
255} 257}
256 258
257static int 259static int
258send_userauth_info_request(Authctxt *authctxt) 260send_userauth_info_request(struct ssh *ssh)
259{ 261{
262 Authctxt *authctxt = ssh->authctxt;
260 KbdintAuthctxt *kbdintctxt; 263 KbdintAuthctxt *kbdintctxt;
261 char *name, *instr, **prompts; 264 char *name, *instr, **prompts;
262 u_int i, *echo_on; 265 u_int r, i, *echo_on;
263 266
264 kbdintctxt = authctxt->kbdintctxt; 267 kbdintctxt = authctxt->kbdintctxt;
265 if (kbdintctxt->device->query(kbdintctxt->ctxt, 268 if (kbdintctxt->device->query(kbdintctxt->ctxt,
266 &name, &instr, &kbdintctxt->nreq, &prompts, &echo_on)) 269 &name, &instr, &kbdintctxt->nreq, &prompts, &echo_on))
267 return 0; 270 return 0;
268 271
269 packet_start(SSH2_MSG_USERAUTH_INFO_REQUEST); 272 if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_INFO_REQUEST)) != 0 ||
270 packet_put_cstring(name); 273 (r = sshpkt_put_cstring(ssh, name)) != 0 ||
271 packet_put_cstring(instr); 274 (r = sshpkt_put_cstring(ssh, instr)) != 0 ||
272 packet_put_cstring(""); /* language not used */ 275 (r = sshpkt_put_cstring(ssh, "")) != 0 || /* language not used */
273 packet_put_int(kbdintctxt->nreq); 276 (r = sshpkt_put_u32(ssh, kbdintctxt->nreq)) != 0)
277 fatal("%s: %s", __func__, ssh_err(r));
274 for (i = 0; i < kbdintctxt->nreq; i++) { 278 for (i = 0; i < kbdintctxt->nreq; i++) {
275 packet_put_cstring(prompts[i]); 279 if ((r = sshpkt_put_cstring(ssh, prompts[i])) != 0 ||
276 packet_put_char(echo_on[i]); 280 (r = sshpkt_put_u8(ssh, echo_on[i])) != 0)
281 fatal("%s: %s", __func__, ssh_err(r));
277 } 282 }
278 packet_send(); 283 if ((r = sshpkt_send(ssh)) != 0)
279 packet_write_wait(); 284 fatal("%s: %s", __func__, ssh_err(r));
285 ssh_packet_write_wait(ssh);
280 286
281 for (i = 0; i < kbdintctxt->nreq; i++) 287 for (i = 0; i < kbdintctxt->nreq; i++)
282 free(prompts[i]); 288 free(prompts[i]);
@@ -293,6 +299,7 @@ input_userauth_info_response(int type, u_int32_t seq, struct ssh *ssh)
293 Authctxt *authctxt = ssh->authctxt; 299 Authctxt *authctxt = ssh->authctxt;
294 KbdintAuthctxt *kbdintctxt; 300 KbdintAuthctxt *kbdintctxt;
295 int authenticated = 0, res; 301 int authenticated = 0, res;
302 int r;
296 u_int i, nresp; 303 u_int i, nresp;
297 const char *devicename = NULL; 304 const char *devicename = NULL;
298 char **response = NULL; 305 char **response = NULL;
@@ -306,7 +313,8 @@ input_userauth_info_response(int type, u_int32_t seq, struct ssh *ssh)
306 fatal("input_userauth_info_response: no device"); 313 fatal("input_userauth_info_response: no device");
307 314
308 authctxt->postponed = 0; /* reset */ 315 authctxt->postponed = 0; /* reset */
309 nresp = packet_get_int(); 316 if ((r = sshpkt_get_u32(ssh, &nresp)) != 0)
317 fatal("%s: %s", __func__, ssh_err(r));
310 if (nresp != kbdintctxt->nreq) 318 if (nresp != kbdintctxt->nreq)
311 fatal("input_userauth_info_response: wrong number of replies"); 319 fatal("input_userauth_info_response: wrong number of replies");
312 if (nresp > 100) 320 if (nresp > 100)
@@ -314,9 +322,12 @@ input_userauth_info_response(int type, u_int32_t seq, struct ssh *ssh)
314 if (nresp > 0) { 322 if (nresp > 0) {
315 response = xcalloc(nresp, sizeof(char *)); 323 response = xcalloc(nresp, sizeof(char *));
316 for (i = 0; i < nresp; i++) 324 for (i = 0; i < nresp; i++)
317 response[i] = packet_get_string(NULL); 325 if ((r = sshpkt_get_cstring(ssh, &response[i],
326 NULL)) != 0)
327 fatal("%s: %s", __func__, ssh_err(r));
318 } 328 }
319 packet_check_eom(); 329 if ((r = sshpkt_get_end(ssh)) != 0)
330 fatal("%s: %s", __func__, ssh_err(r));
320 331
321 res = kbdintctxt->device->respond(kbdintctxt->ctxt, nresp, response); 332 res = kbdintctxt->device->respond(kbdintctxt->ctxt, nresp, response);
322 333
@@ -333,7 +344,7 @@ input_userauth_info_response(int type, u_int32_t seq, struct ssh *ssh)
333 break; 344 break;
334 case 1: 345 case 1:
335 /* Authentication needs further interaction */ 346 /* Authentication needs further interaction */
336 if (send_userauth_info_request(authctxt) == 1) 347 if (send_userauth_info_request(ssh) == 1)
337 authctxt->postponed = 1; 348 authctxt->postponed = 1;
338 break; 349 break;
339 default: 350 default:
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-01 01:22:46 +0000