Mercurial > dropbear
annotate cli-auth.c @ 35:0ad5fb979f42
set the isserver flag (oops)
fix password auth for the server
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Thu, 29 Jul 2004 02:19:03 +0000 |
| parents | e2a1eaa19f22 |
| children | 0913e2ee3545 |
| rev | line source |
|---|---|
| 33 | 1 #include "includes.h" |
| 2 #include "session.h" | |
| 3 #include "auth.h" | |
| 4 #include "dbutil.h" | |
| 5 #include "buffer.h" | |
| 6 #include "ssh.h" | |
| 7 #include "packet.h" | |
| 8 #include "runopts.h" | |
| 9 | |
| 10 void cli_authinitialise() { | |
| 11 | |
| 12 memset(&ses.authstate, 0, sizeof(ses.authstate)); | |
| 13 } | |
| 14 | |
| 15 | |
| 16 /* Send a "none" auth request to get available methods */ | |
| 17 void cli_auth_getmethods() { | |
| 18 | |
| 19 TRACE(("enter cli_auth_getmethods")); | |
| 20 | |
| 21 CHECKCLEARTOWRITE(); | |
| 22 | |
| 23 buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_REQUEST); | |
|
35
0ad5fb979f42
set the isserver flag (oops)
Matt Johnston <matt@ucc.asn.au>
parents:
34
diff
changeset
|
24 buf_putstring(ses.writepayload, cli_opts.username, |
|
0ad5fb979f42
set the isserver flag (oops)
Matt Johnston <matt@ucc.asn.au>
parents:
34
diff
changeset
|
25 strlen(cli_opts.username)); |
| 33 | 26 buf_putstring(ses.writepayload, SSH_SERVICE_CONNECTION, |
| 27 SSH_SERVICE_CONNECTION_LEN); | |
| 28 buf_putstring(ses.writepayload, "none", 4); /* 'none' method */ | |
| 29 | |
| 30 encrypt_packet(); | |
| 31 cli_ses.state = USERAUTH_METHODS_SENT; | |
| 32 TRACE(("leave cli_auth_getmethods")); | |
| 33 | |
| 34 } | |
| 35 | |
| 36 void recv_msg_userauth_failure() { | |
| 37 | |
| 38 unsigned char * methods = NULL; | |
| 39 unsigned char * tok = NULL; | |
| 40 unsigned int methlen = 0; | |
| 41 unsigned int partial = 0; | |
| 42 unsigned int i = 0; | |
| 43 | |
| 44 TRACE(("<- MSG_USERAUTH_FAILURE")); | |
| 45 TRACE(("enter recv_msg_userauth_failure")); | |
| 46 | |
| 47 methods = buf_getstring(ses.payload, &methlen); | |
| 48 | |
| 49 partial = buf_getbyte(ses.payload); | |
| 50 | |
| 51 if (partial) { | |
| 52 dropbear_log(LOG_INFO, "Authentication partially succeeded, more attempts required"); | |
| 53 } else { | |
| 54 ses.authstate.failcount++; | |
| 55 } | |
| 56 | |
| 57 TRACE(("Methods (len %d): '%s'", methlen, methods)); | |
| 58 | |
| 59 ses.authstate.authdone=0; | |
| 60 ses.authstate.authtypes=0; | |
| 61 | |
| 62 /* Split with nulls rather than commas */ | |
| 63 for (i = 0; i < methlen; i++) { | |
| 64 if (methods[i] == ',') { | |
| 65 methods[i] = '\0'; | |
| 66 } | |
| 67 } | |
| 68 | |
| 69 tok = methods; /* tok stores the next method we'll compare */ | |
| 70 for (i = 0; i <= methlen; i++) { | |
| 71 if (methods[i] == '\0') { | |
|
34
e2a1eaa19f22
Client mostly works up to password auth
Matt Johnston <matt@ucc.asn.au>
parents:
33
diff
changeset
|
72 TRACE(("auth method '%s'", tok)); |
| 33 | 73 #ifdef DROPBEAR_PUBKEY_AUTH |
| 74 if (strncmp(AUTH_METHOD_PUBKEY, tok, | |
| 75 AUTH_METHOD_PUBKEY_LEN) == 0) { | |
| 76 ses.authstate.authtypes |= AUTH_TYPE_PUBKEY; | |
| 77 } | |
| 78 #endif | |
| 79 #ifdef DROPBEAR_PASSWORD_AUTH | |
| 80 if (strncmp(AUTH_METHOD_PASSWORD, tok, | |
| 81 AUTH_METHOD_PASSWORD_LEN) == 0) { | |
| 82 ses.authstate.authtypes |= AUTH_TYPE_PASSWORD; | |
| 83 } | |
| 84 #endif | |
|
34
e2a1eaa19f22
Client mostly works up to password auth
Matt Johnston <matt@ucc.asn.au>
parents:
33
diff
changeset
|
85 tok = &methods[i+1]; /* Must make sure we don't use it after the |
|
e2a1eaa19f22
Client mostly works up to password auth
Matt Johnston <matt@ucc.asn.au>
parents:
33
diff
changeset
|
86 last loop, since it'll point to something |
|
e2a1eaa19f22
Client mostly works up to password auth
Matt Johnston <matt@ucc.asn.au>
parents:
33
diff
changeset
|
87 undefined */ |
| 33 | 88 } |
| 89 } | |
| 90 | |
| 91 cli_ses.state = USERAUTH_FAIL_RCVD; | |
| 92 | |
| 93 TRACE(("leave recv_msg_userauth_failure")); | |
| 94 } | |
| 95 | |
| 96 void recv_msg_userauth_success() { | |
| 97 TRACE(("received msg_userauth_success")); | |
| 98 ses.authstate.authdone = 1; | |
| 99 } | |
| 100 | |
| 101 void cli_auth_try() { | |
| 102 | |
| 103 TRACE(("enter cli_auth_try")); | |
| 104 int finished = 0; | |
| 105 | |
| 106 CHECKCLEARTOWRITE(); | |
| 107 | |
| 108 /* XXX We hardcode that we try a pubkey first */ | |
| 109 #ifdef DROPBEAR_PUBKEY_AUTH | |
| 110 if (ses.authstate.authtypes & AUTH_TYPE_PUBKEY) { | |
| 111 finished = cli_auth_pubkey(); | |
| 112 } | |
| 113 #endif | |
| 114 | |
| 115 #ifdef DROPBEAR_PASSWORD_AUTH | |
| 116 if (!finished && ses.authstate.authtypes & AUTH_TYPE_PASSWORD) { | |
| 117 finished = cli_auth_password(); | |
| 118 } | |
| 119 #endif | |
| 120 | |
| 121 if (!finished) { | |
| 122 dropbear_exit("No auth methods could be used."); | |
| 123 } | |
| 124 | |
| 125 cli_ses.state = USERAUTH_REQ_SENT; | |
| 126 TRACE(("leave cli_auth_try")); | |
| 127 } |