Mercurial > dropbear
annotate cli-auth.c @ 37:0913e2ee3545
we're nearly there yet
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Fri, 30 Jul 2004 03:02:19 +0000 |
parents | 0ad5fb979f42 |
children | b4874d772210 |
rev | line source |
---|---|
33 | 1 #include "includes.h" |
2 #include "session.h" | |
3 #include "auth.h" | |
4 #include "dbutil.h" | |
5 #include "buffer.h" | |
6 #include "ssh.h" | |
7 #include "packet.h" | |
8 #include "runopts.h" | |
9 | |
10 void cli_authinitialise() { | |
11 | |
12 memset(&ses.authstate, 0, sizeof(ses.authstate)); | |
13 } | |
14 | |
15 | |
16 /* Send a "none" auth request to get available methods */ | |
17 void cli_auth_getmethods() { | |
18 | |
19 TRACE(("enter cli_auth_getmethods")); | |
20 | |
21 CHECKCLEARTOWRITE(); | |
22 | |
23 buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_REQUEST); | |
35
0ad5fb979f42
set the isserver flag (oops)
Matt Johnston <matt@ucc.asn.au>
parents:
34
diff
changeset
|
24 buf_putstring(ses.writepayload, cli_opts.username, |
0ad5fb979f42
set the isserver flag (oops)
Matt Johnston <matt@ucc.asn.au>
parents:
34
diff
changeset
|
25 strlen(cli_opts.username)); |
33 | 26 buf_putstring(ses.writepayload, SSH_SERVICE_CONNECTION, |
27 SSH_SERVICE_CONNECTION_LEN); | |
28 buf_putstring(ses.writepayload, "none", 4); /* 'none' method */ | |
29 | |
30 encrypt_packet(); | |
31 cli_ses.state = USERAUTH_METHODS_SENT; | |
32 TRACE(("leave cli_auth_getmethods")); | |
33 | |
34 } | |
35 | |
36 void recv_msg_userauth_failure() { | |
37 | |
38 unsigned char * methods = NULL; | |
39 unsigned char * tok = NULL; | |
40 unsigned int methlen = 0; | |
41 unsigned int partial = 0; | |
42 unsigned int i = 0; | |
43 | |
44 TRACE(("<- MSG_USERAUTH_FAILURE")); | |
45 TRACE(("enter recv_msg_userauth_failure")); | |
46 | |
47 methods = buf_getstring(ses.payload, &methlen); | |
48 | |
49 partial = buf_getbyte(ses.payload); | |
50 | |
51 if (partial) { | |
52 dropbear_log(LOG_INFO, "Authentication partially succeeded, more attempts required"); | |
53 } else { | |
54 ses.authstate.failcount++; | |
55 } | |
56 | |
57 TRACE(("Methods (len %d): '%s'", methlen, methods)); | |
58 | |
59 ses.authstate.authdone=0; | |
60 ses.authstate.authtypes=0; | |
61 | |
62 /* Split with nulls rather than commas */ | |
63 for (i = 0; i < methlen; i++) { | |
64 if (methods[i] == ',') { | |
65 methods[i] = '\0'; | |
66 } | |
67 } | |
68 | |
69 tok = methods; /* tok stores the next method we'll compare */ | |
70 for (i = 0; i <= methlen; i++) { | |
71 if (methods[i] == '\0') { | |
34
e2a1eaa19f22
Client mostly works up to password auth
Matt Johnston <matt@ucc.asn.au>
parents:
33
diff
changeset
|
72 TRACE(("auth method '%s'", tok)); |
33 | 73 #ifdef DROPBEAR_PUBKEY_AUTH |
74 if (strncmp(AUTH_METHOD_PUBKEY, tok, | |
75 AUTH_METHOD_PUBKEY_LEN) == 0) { | |
76 ses.authstate.authtypes |= AUTH_TYPE_PUBKEY; | |
77 } | |
78 #endif | |
79 #ifdef DROPBEAR_PASSWORD_AUTH | |
80 if (strncmp(AUTH_METHOD_PASSWORD, tok, | |
81 AUTH_METHOD_PASSWORD_LEN) == 0) { | |
82 ses.authstate.authtypes |= AUTH_TYPE_PASSWORD; | |
83 } | |
84 #endif | |
34
e2a1eaa19f22
Client mostly works up to password auth
Matt Johnston <matt@ucc.asn.au>
parents:
33
diff
changeset
|
85 tok = &methods[i+1]; /* Must make sure we don't use it after the |
e2a1eaa19f22
Client mostly works up to password auth
Matt Johnston <matt@ucc.asn.au>
parents:
33
diff
changeset
|
86 last loop, since it'll point to something |
e2a1eaa19f22
Client mostly works up to password auth
Matt Johnston <matt@ucc.asn.au>
parents:
33
diff
changeset
|
87 undefined */ |
33 | 88 } |
89 } | |
90 | |
91 cli_ses.state = USERAUTH_FAIL_RCVD; | |
92 | |
93 TRACE(("leave recv_msg_userauth_failure")); | |
94 } | |
95 | |
96 void recv_msg_userauth_success() { | |
97 TRACE(("received msg_userauth_success")); | |
98 ses.authstate.authdone = 1; | |
37 | 99 cli_ses.state = USERAUTH_SUCCESS_RCVD; |
33 | 100 } |
101 | |
102 void cli_auth_try() { | |
103 | |
104 TRACE(("enter cli_auth_try")); | |
105 int finished = 0; | |
106 | |
107 CHECKCLEARTOWRITE(); | |
108 | |
109 /* XXX We hardcode that we try a pubkey first */ | |
110 #ifdef DROPBEAR_PUBKEY_AUTH | |
111 if (ses.authstate.authtypes & AUTH_TYPE_PUBKEY) { | |
112 finished = cli_auth_pubkey(); | |
113 } | |
114 #endif | |
115 | |
116 #ifdef DROPBEAR_PASSWORD_AUTH | |
117 if (!finished && ses.authstate.authtypes & AUTH_TYPE_PASSWORD) { | |
118 finished = cli_auth_password(); | |
119 } | |
120 #endif | |
121 | |
122 if (!finished) { | |
123 dropbear_exit("No auth methods could be used."); | |
124 } | |
125 | |
126 cli_ses.state = USERAUTH_REQ_SENT; | |
127 TRACE(("leave cli_auth_try")); | |
128 } |