Mercurial > dropbear
annotate cli-auth.c @ 1902:4a6725ac957c
Revert "Don't include sk keys at all in KEX list"
This reverts git commit f972813ecdc7bb981d25b5a63638bd158f1c8e72.
The sk algorithms need to remain in the sigalgs list so that they
are included in the server-sig-algs ext-info message sent by
the server. RFC8308 for server-sig-algs requires that all algorithms are
listed (though OpenSSH client 8.4p1 tested doesn't require that)
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Thu, 24 Mar 2022 13:42:08 +0800 |
| parents | 62e4baa059c3 |
| children | 334b742fdeb8 |
| rev | line source |
|---|---|
|
74
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
68
diff
changeset
|
1 /* |
|
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
68
diff
changeset
|
2 * Dropbear SSH |
|
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
68
diff
changeset
|
3 * |
|
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
68
diff
changeset
|
4 * Copyright (c) 2002,2003 Matt Johnston |
|
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
68
diff
changeset
|
5 * Copyright (c) 2004 by Mihnea Stoenescu |
|
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
68
diff
changeset
|
6 * All rights reserved. |
|
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
68
diff
changeset
|
7 * |
|
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
68
diff
changeset
|
8 * Permission is hereby granted, free of charge, to any person obtaining a copy |
|
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
68
diff
changeset
|
9 * of this software and associated documentation files (the "Software"), to deal |
|
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
68
diff
changeset
|
10 * in the Software without restriction, including without limitation the rights |
|
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
68
diff
changeset
|
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell |
|
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
68
diff
changeset
|
12 * copies of the Software, and to permit persons to whom the Software is |
|
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
68
diff
changeset
|
13 * furnished to do so, subject to the following conditions: |
|
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
68
diff
changeset
|
14 * |
|
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
68
diff
changeset
|
15 * The above copyright notice and this permission notice shall be included in |
|
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
68
diff
changeset
|
16 * all copies or substantial portions of the Software. |
|
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
68
diff
changeset
|
17 * |
|
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
68
diff
changeset
|
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR |
|
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
68
diff
changeset
|
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, |
|
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
68
diff
changeset
|
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE |
|
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
68
diff
changeset
|
21 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER |
|
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
68
diff
changeset
|
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, |
|
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
68
diff
changeset
|
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE |
|
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
68
diff
changeset
|
24 * SOFTWARE. */ |
|
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
68
diff
changeset
|
25 |
| 33 | 26 #include "includes.h" |
| 27 #include "session.h" | |
| 28 #include "auth.h" | |
| 29 #include "dbutil.h" | |
| 30 #include "buffer.h" | |
| 31 #include "ssh.h" | |
| 32 #include "packet.h" | |
| 33 #include "runopts.h" | |
| 34 | |
| 35 /* Send a "none" auth request to get available methods */ | |
| 36 void cli_auth_getmethods() { | |
|
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
114
diff
changeset
|
37 TRACE(("enter cli_auth_getmethods")) |
| 33 | 38 CHECKCLEARTOWRITE(); |
| 39 buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_REQUEST); | |
|
1122
aaf576b27a10
Merge pull request #13 from gazoo74/fix-warnings
Matt Johnston <matt@ucc.asn.au>
parents:
1115
diff
changeset
|
40 buf_putstring(ses.writepayload, cli_opts.username, |
|
35
0ad5fb979f42
set the isserver flag (oops)
Matt Johnston <matt@ucc.asn.au>
parents:
34
diff
changeset
|
41 strlen(cli_opts.username)); |
|
1122
aaf576b27a10
Merge pull request #13 from gazoo74/fix-warnings
Matt Johnston <matt@ucc.asn.au>
parents:
1115
diff
changeset
|
42 buf_putstring(ses.writepayload, SSH_SERVICE_CONNECTION, |
| 33 | 43 SSH_SERVICE_CONNECTION_LEN); |
|
1122
aaf576b27a10
Merge pull request #13 from gazoo74/fix-warnings
Matt Johnston <matt@ucc.asn.au>
parents:
1115
diff
changeset
|
44 buf_putstring(ses.writepayload, "none", 4); /* 'none' method */ |
| 33 | 45 |
| 46 encrypt_packet(); | |
|
883
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
47 |
|
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1249
diff
changeset
|
48 #if DROPBEAR_CLI_IMMEDIATE_AUTH |
|
894
7032deca6b90
Disable immediate auth for delayed-zlib mode
Matt Johnston <matt@ucc.asn.au>
parents:
883
diff
changeset
|
49 /* We can't haven't two auth requests in-flight with delayed zlib mode |
|
7032deca6b90
Disable immediate auth for delayed-zlib mode
Matt Johnston <matt@ucc.asn.au>
parents:
883
diff
changeset
|
50 since if the first one succeeds then the remote side will |
|
7032deca6b90
Disable immediate auth for delayed-zlib mode
Matt Johnston <matt@ucc.asn.au>
parents:
883
diff
changeset
|
51 expect the second one to be compressed. |
|
7032deca6b90
Disable immediate auth for delayed-zlib mode
Matt Johnston <matt@ucc.asn.au>
parents:
883
diff
changeset
|
52 Race described at |
|
7032deca6b90
Disable immediate auth for delayed-zlib mode
Matt Johnston <matt@ucc.asn.au>
parents:
883
diff
changeset
|
53 http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/zlib-openssh.html |
|
7032deca6b90
Disable immediate auth for delayed-zlib mode
Matt Johnston <matt@ucc.asn.au>
parents:
883
diff
changeset
|
54 */ |
|
7032deca6b90
Disable immediate auth for delayed-zlib mode
Matt Johnston <matt@ucc.asn.au>
parents:
883
diff
changeset
|
55 if (ses.keys->trans.algo_comp != DROPBEAR_COMP_ZLIB_DELAY) { |
|
7032deca6b90
Disable immediate auth for delayed-zlib mode
Matt Johnston <matt@ucc.asn.au>
parents:
883
diff
changeset
|
56 ses.authstate.authtypes = AUTH_TYPE_PUBKEY; |
|
1514
6c16a05023aa
rename some options and move some to sysoptions.h
Matt Johnston <matt@ucc.asn.au>
parents:
1499
diff
changeset
|
57 #if DROPBEAR_USE_PASSWORD_ENV |
|
894
7032deca6b90
Disable immediate auth for delayed-zlib mode
Matt Johnston <matt@ucc.asn.au>
parents:
883
diff
changeset
|
58 if (getenv(DROPBEAR_PASSWORD_ENV)) { |
|
7032deca6b90
Disable immediate auth for delayed-zlib mode
Matt Johnston <matt@ucc.asn.au>
parents:
883
diff
changeset
|
59 ses.authstate.authtypes |= AUTH_TYPE_PASSWORD | AUTH_TYPE_INTERACT; |
|
7032deca6b90
Disable immediate auth for delayed-zlib mode
Matt Johnston <matt@ucc.asn.au>
parents:
883
diff
changeset
|
60 } |
|
1499
2d450c1056e3
options: Complete the transition to numeric toggles (`#if')
Michael Witten <mfwitten@gmail.com>
parents:
1459
diff
changeset
|
61 #endif |
|
894
7032deca6b90
Disable immediate auth for delayed-zlib mode
Matt Johnston <matt@ucc.asn.au>
parents:
883
diff
changeset
|
62 if (cli_auth_try() == DROPBEAR_SUCCESS) { |
|
7032deca6b90
Disable immediate auth for delayed-zlib mode
Matt Johnston <matt@ucc.asn.au>
parents:
883
diff
changeset
|
63 TRACE(("skipped initial none auth query")) |
|
7032deca6b90
Disable immediate auth for delayed-zlib mode
Matt Johnston <matt@ucc.asn.au>
parents:
883
diff
changeset
|
64 /* Note that there will be two auth responses in-flight */ |
|
7032deca6b90
Disable immediate auth for delayed-zlib mode
Matt Johnston <matt@ucc.asn.au>
parents:
883
diff
changeset
|
65 cli_ses.ignore_next_auth_response = 1; |
|
7032deca6b90
Disable immediate auth for delayed-zlib mode
Matt Johnston <matt@ucc.asn.au>
parents:
883
diff
changeset
|
66 } |
|
883
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
67 } |
|
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
68 #endif |
|
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
114
diff
changeset
|
69 TRACE(("leave cli_auth_getmethods")) |
| 33 | 70 } |
| 71 | |
| 43 | 72 void recv_msg_userauth_banner() { |
| 73 | |
|
1115
efb7e545a65e
Turn banner, methods and tok local variable into char *
Gaël PORTAY <gael.portay@gmail.com>
parents:
1094
diff
changeset
|
74 char* banner = NULL; |
| 43 | 75 unsigned int bannerlen; |
| 76 unsigned int i, linecount; | |
|
1296
6959c88c8f13
message about truncated banner
Matt Johnston <matt@ucc.asn.au>
parents:
1295
diff
changeset
|
77 int truncated = 0; |
| 43 | 78 |
|
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
114
diff
changeset
|
79 TRACE(("enter recv_msg_userauth_banner")) |
| 43 | 80 if (ses.authstate.authdone) { |
|
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
114
diff
changeset
|
81 TRACE(("leave recv_msg_userauth_banner: banner after auth done")) |
| 43 | 82 return; |
| 83 } | |
| 84 | |
|
1122
aaf576b27a10
Merge pull request #13 from gazoo74/fix-warnings
Matt Johnston <matt@ucc.asn.au>
parents:
1115
diff
changeset
|
85 banner = buf_getstring(ses.payload, &bannerlen); |
| 43 | 86 buf_eatstring(ses.payload); /* The language string */ |
| 87 | |
|
1894
62e4baa059c3
changed TRACE to DEBUG1 for dbclient
HansH111 <hans@atbas.org>
parents:
1878
diff
changeset
|
88 if (bannerlen > MAX_BANNER_SIZE) { |
|
62e4baa059c3
changed TRACE to DEBUG1 for dbclient
HansH111 <hans@atbas.org>
parents:
1878
diff
changeset
|
89 TRACE(("recv_msg_userauth_banner: bannerlen too long: %d", bannerlen)) |
|
62e4baa059c3
changed TRACE to DEBUG1 for dbclient
HansH111 <hans@atbas.org>
parents:
1878
diff
changeset
|
90 truncated = 1; |
|
62e4baa059c3
changed TRACE to DEBUG1 for dbclient
HansH111 <hans@atbas.org>
parents:
1878
diff
changeset
|
91 } else { |
|
62e4baa059c3
changed TRACE to DEBUG1 for dbclient
HansH111 <hans@atbas.org>
parents:
1878
diff
changeset
|
92 cleantext(banner); |
|
1296
6959c88c8f13
message about truncated banner
Matt Johnston <matt@ucc.asn.au>
parents:
1295
diff
changeset
|
93 |
|
1894
62e4baa059c3
changed TRACE to DEBUG1 for dbclient
HansH111 <hans@atbas.org>
parents:
1878
diff
changeset
|
94 /* Limit to 24 lines */ |
|
62e4baa059c3
changed TRACE to DEBUG1 for dbclient
HansH111 <hans@atbas.org>
parents:
1878
diff
changeset
|
95 linecount = 1; |
|
62e4baa059c3
changed TRACE to DEBUG1 for dbclient
HansH111 <hans@atbas.org>
parents:
1878
diff
changeset
|
96 for (i = 0; i < bannerlen; i++) { |
|
62e4baa059c3
changed TRACE to DEBUG1 for dbclient
HansH111 <hans@atbas.org>
parents:
1878
diff
changeset
|
97 if (banner[i] == '\n') { |
|
62e4baa059c3
changed TRACE to DEBUG1 for dbclient
HansH111 <hans@atbas.org>
parents:
1878
diff
changeset
|
98 if (linecount >= MAX_BANNER_LINES) { |
|
62e4baa059c3
changed TRACE to DEBUG1 for dbclient
HansH111 <hans@atbas.org>
parents:
1878
diff
changeset
|
99 banner[i] = '\0'; |
|
62e4baa059c3
changed TRACE to DEBUG1 for dbclient
HansH111 <hans@atbas.org>
parents:
1878
diff
changeset
|
100 truncated = 1; |
|
62e4baa059c3
changed TRACE to DEBUG1 for dbclient
HansH111 <hans@atbas.org>
parents:
1878
diff
changeset
|
101 break; |
|
1296
6959c88c8f13
message about truncated banner
Matt Johnston <matt@ucc.asn.au>
parents:
1295
diff
changeset
|
102 } |
|
1894
62e4baa059c3
changed TRACE to DEBUG1 for dbclient
HansH111 <hans@atbas.org>
parents:
1878
diff
changeset
|
103 linecount++; |
|
1296
6959c88c8f13
message about truncated banner
Matt Johnston <matt@ucc.asn.au>
parents:
1295
diff
changeset
|
104 } |
|
6959c88c8f13
message about truncated banner
Matt Johnston <matt@ucc.asn.au>
parents:
1295
diff
changeset
|
105 } |
|
1894
62e4baa059c3
changed TRACE to DEBUG1 for dbclient
HansH111 <hans@atbas.org>
parents:
1878
diff
changeset
|
106 fprintf(stderr, "%s\n", banner); |
|
62e4baa059c3
changed TRACE to DEBUG1 for dbclient
HansH111 <hans@atbas.org>
parents:
1878
diff
changeset
|
107 } |
|
1878
d512da7b1198
only show banner when cli_opts.quiet is not set
HansH111 <hans@atbas.org>
parents:
1821
diff
changeset
|
108 |
|
1894
62e4baa059c3
changed TRACE to DEBUG1 for dbclient
HansH111 <hans@atbas.org>
parents:
1878
diff
changeset
|
109 if (truncated) { |
|
62e4baa059c3
changed TRACE to DEBUG1 for dbclient
HansH111 <hans@atbas.org>
parents:
1878
diff
changeset
|
110 fprintf(stderr, "[Banner from the server is too long]\n"); |
| 43 | 111 } |
|
1894
62e4baa059c3
changed TRACE to DEBUG1 for dbclient
HansH111 <hans@atbas.org>
parents:
1878
diff
changeset
|
112 |
| 43 | 113 m_free(banner); |
|
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
114
diff
changeset
|
114 TRACE(("leave recv_msg_userauth_banner")) |
| 43 | 115 } |
| 116 | |
|
249
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
117 /* This handles the message-specific types which |
|
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
118 * all have a value of 60. These are |
|
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
119 * SSH_MSG_USERAUTH_PASSWD_CHANGEREQ, |
|
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
120 * SSH_MSG_USERAUTH_PK_OK, & |
|
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
121 * SSH_MSG_USERAUTH_INFO_REQUEST. */ |
|
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
122 void recv_msg_userauth_specific_60() { |
|
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
123 |
|
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1249
diff
changeset
|
124 #if DROPBEAR_CLI_PUBKEY_AUTH |
|
249
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
125 if (cli_ses.lastauthtype == AUTH_TYPE_PUBKEY) { |
|
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
126 recv_msg_userauth_pk_ok(); |
|
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
127 return; |
|
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
128 } |
|
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
129 #endif |
|
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
130 |
|
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1249
diff
changeset
|
131 #if DROPBEAR_CLI_INTERACT_AUTH |
|
249
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
132 if (cli_ses.lastauthtype == AUTH_TYPE_INTERACT) { |
|
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
133 recv_msg_userauth_info_request(); |
|
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
134 return; |
|
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
135 } |
|
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
136 #endif |
|
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
137 |
|
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1249
diff
changeset
|
138 #if DROPBEAR_CLI_PASSWORD_AUTH |
|
249
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
139 if (cli_ses.lastauthtype == AUTH_TYPE_PASSWORD) { |
|
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
140 /* Eventually there could be proper password-changing |
|
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
141 * support. However currently few servers seem to |
|
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
142 * implement it, and password auth is last-resort |
|
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
143 * regardless - keyboard-interactive is more likely |
|
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
144 * to be used anyway. */ |
|
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
145 dropbear_close("Your password has expired."); |
|
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
146 } |
|
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
147 #endif |
|
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
148 |
|
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
149 dropbear_exit("Unexpected userauth packet"); |
|
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
150 } |
| 43 | 151 |
| 33 | 152 void recv_msg_userauth_failure() { |
| 153 | |
|
1115
efb7e545a65e
Turn banner, methods and tok local variable into char *
Gaël PORTAY <gael.portay@gmail.com>
parents:
1094
diff
changeset
|
154 char * methods = NULL; |
|
efb7e545a65e
Turn banner, methods and tok local variable into char *
Gaël PORTAY <gael.portay@gmail.com>
parents:
1094
diff
changeset
|
155 char * tok = NULL; |
| 33 | 156 unsigned int methlen = 0; |
| 157 unsigned int partial = 0; | |
| 158 unsigned int i = 0; | |
| 159 | |
|
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
114
diff
changeset
|
160 TRACE(("<- MSG_USERAUTH_FAILURE")) |
|
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
114
diff
changeset
|
161 TRACE(("enter recv_msg_userauth_failure")) |
| 33 | 162 |
|
883
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
163 if (ses.authstate.authdone) { |
|
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
164 TRACE(("leave recv_msg_userauth_failure, already authdone.")) |
|
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
165 return; |
|
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
166 } |
|
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
167 |
|
45
9ee8996a375f
Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
43
diff
changeset
|
168 if (cli_ses.state != USERAUTH_REQ_SENT) { |
|
9ee8996a375f
Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
43
diff
changeset
|
169 /* Perhaps we should be more fatal? */ |
|
249
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
170 dropbear_exit("Unexpected userauth failure"); |
|
45
9ee8996a375f
Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
43
diff
changeset
|
171 } |
|
9ee8996a375f
Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
43
diff
changeset
|
172 |
|
883
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
173 /* When DROPBEAR_CLI_IMMEDIATE_AUTH is set there will be an initial response for |
|
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
174 the "none" auth request, and then a response to the immediate auth request. |
|
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
175 We need to be careful handling them. */ |
|
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
176 if (cli_ses.ignore_next_auth_response) { |
|
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
177 cli_ses.state = USERAUTH_REQ_SENT; |
|
931
ac340d3e452e
Fix pubkey auth if the first key presented fails (infinite loop of
Matt Johnston <matt@ucc.asn.au>
parents:
894
diff
changeset
|
178 cli_ses.ignore_next_auth_response = 0; |
|
ac340d3e452e
Fix pubkey auth if the first key presented fails (infinite loop of
Matt Johnston <matt@ucc.asn.au>
parents:
894
diff
changeset
|
179 TRACE(("leave recv_msg_userauth_failure, ignored response, state set to USERAUTH_REQ_SENT")); |
|
ac340d3e452e
Fix pubkey auth if the first key presented fails (infinite loop of
Matt Johnston <matt@ucc.asn.au>
parents:
894
diff
changeset
|
180 return; |
|
883
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
181 } else { |
|
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1249
diff
changeset
|
182 #if DROPBEAR_CLI_PUBKEY_AUTH |
|
883
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
183 /* If it was a pubkey auth request, we should cross that key |
|
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
184 * off the list. */ |
|
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
185 if (cli_ses.lastauthtype == AUTH_TYPE_PUBKEY) { |
|
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
186 cli_pubkeyfail(); |
|
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
187 } |
|
45
9ee8996a375f
Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
43
diff
changeset
|
188 #endif |
|
9ee8996a375f
Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
43
diff
changeset
|
189 |
|
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1249
diff
changeset
|
190 #if DROPBEAR_CLI_INTERACT_AUTH |
|
883
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
191 /* If we get a failure message for keyboard interactive without |
|
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
192 * receiving any request info packet, then we don't bother trying |
|
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
193 * keyboard interactive again */ |
|
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
194 if (cli_ses.lastauthtype == AUTH_TYPE_INTERACT |
|
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
195 && !cli_ses.interact_request_received) { |
|
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
196 TRACE(("setting auth_interact_failed = 1")) |
|
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
197 cli_ses.auth_interact_failed = 1; |
|
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
198 } |
|
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
199 #endif |
|
931
ac340d3e452e
Fix pubkey auth if the first key presented fails (infinite loop of
Matt Johnston <matt@ucc.asn.au>
parents:
894
diff
changeset
|
200 cli_ses.state = USERAUTH_FAIL_RCVD; |
|
ac340d3e452e
Fix pubkey auth if the first key presented fails (infinite loop of
Matt Johnston <matt@ucc.asn.au>
parents:
894
diff
changeset
|
201 cli_ses.lastauthtype = AUTH_TYPE_NONE; |
|
249
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
202 } |
|
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
203 |
|
1122
aaf576b27a10
Merge pull request #13 from gazoo74/fix-warnings
Matt Johnston <matt@ucc.asn.au>
parents:
1115
diff
changeset
|
204 methods = buf_getstring(ses.payload, &methlen); |
| 33 | 205 |
|
179
161557a9dde8
* fix longstanding bug with connections being closed on failure to
Matt Johnston <matt@ucc.asn.au>
parents:
165
diff
changeset
|
206 partial = buf_getbool(ses.payload); |
| 33 | 207 |
| 208 if (partial) { | |
| 209 dropbear_log(LOG_INFO, "Authentication partially succeeded, more attempts required"); | |
| 210 } else { | |
| 211 ses.authstate.failcount++; | |
| 212 } | |
| 213 | |
|
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
114
diff
changeset
|
214 TRACE(("Methods (len %d): '%s'", methlen, methods)) |
| 33 | 215 |
| 216 ses.authstate.authdone=0; | |
| 217 ses.authstate.authtypes=0; | |
| 218 | |
| 219 /* Split with nulls rather than commas */ | |
| 220 for (i = 0; i < methlen; i++) { | |
| 221 if (methods[i] == ',') { | |
| 222 methods[i] = '\0'; | |
| 223 } | |
| 224 } | |
| 225 | |
| 226 tok = methods; /* tok stores the next method we'll compare */ | |
| 227 for (i = 0; i <= methlen; i++) { | |
| 228 if (methods[i] == '\0') { | |
|
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
114
diff
changeset
|
229 TRACE(("auth method '%s'", tok)) |
|
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1249
diff
changeset
|
230 #if DROPBEAR_CLI_PUBKEY_AUTH |
| 33 | 231 if (strncmp(AUTH_METHOD_PUBKEY, tok, |
| 232 AUTH_METHOD_PUBKEY_LEN) == 0) { | |
| 233 ses.authstate.authtypes |= AUTH_TYPE_PUBKEY; | |
| 234 } | |
| 235 #endif | |
|
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1249
diff
changeset
|
236 #if DROPBEAR_CLI_INTERACT_AUTH |
|
249
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
237 if (strncmp(AUTH_METHOD_INTERACT, tok, |
|
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
238 AUTH_METHOD_INTERACT_LEN) == 0) { |
|
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
239 ses.authstate.authtypes |= AUTH_TYPE_INTERACT; |
|
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
240 } |
|
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
241 #endif |
|
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1249
diff
changeset
|
242 #if DROPBEAR_CLI_PASSWORD_AUTH |
| 33 | 243 if (strncmp(AUTH_METHOD_PASSWORD, tok, |
| 244 AUTH_METHOD_PASSWORD_LEN) == 0) { | |
| 245 ses.authstate.authtypes |= AUTH_TYPE_PASSWORD; | |
| 246 } | |
| 247 #endif | |
|
34
e2a1eaa19f22
Client mostly works up to password auth
Matt Johnston <matt@ucc.asn.au>
parents:
33
diff
changeset
|
248 tok = &methods[i+1]; /* Must make sure we don't use it after the |
|
e2a1eaa19f22
Client mostly works up to password auth
Matt Johnston <matt@ucc.asn.au>
parents:
33
diff
changeset
|
249 last loop, since it'll point to something |
|
e2a1eaa19f22
Client mostly works up to password auth
Matt Johnston <matt@ucc.asn.au>
parents:
33
diff
changeset
|
250 undefined */ |
| 33 | 251 } |
| 252 } | |
| 253 | |
|
114
2be6aa26a8c9
Leak found with MallocDebug - it's kinda useful
Matt Johnston <matt@ucc.asn.au>
parents:
74
diff
changeset
|
254 m_free(methods); |
| 33 | 255 |
|
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
114
diff
changeset
|
256 TRACE(("leave recv_msg_userauth_failure")) |
| 33 | 257 } |
| 258 | |
| 259 void recv_msg_userauth_success() { | |
|
883
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
260 /* This function can validly get called multiple times |
|
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
261 if DROPBEAR_CLI_IMMEDIATE_AUTH is set */ |
|
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
262 |
|
1894
62e4baa059c3
changed TRACE to DEBUG1 for dbclient
HansH111 <hans@atbas.org>
parents:
1878
diff
changeset
|
263 DEBUG1(("received msg_userauth_success")) |
|
1821
df8d8ec1801c
added option to disable trivial auth methods (#128)
Manfred Kaiser <37737811+manfred-kaiser@users.noreply.github.com>
parents:
1781
diff
changeset
|
264 if (cli_opts.disable_trivial_auth && cli_ses.is_trivial_auth) { |
|
df8d8ec1801c
added option to disable trivial auth methods (#128)
Manfred Kaiser <37737811+manfred-kaiser@users.noreply.github.com>
parents:
1781
diff
changeset
|
265 dropbear_exit("trivial authentication not allowed"); |
|
df8d8ec1801c
added option to disable trivial auth methods (#128)
Manfred Kaiser <37737811+manfred-kaiser@users.noreply.github.com>
parents:
1781
diff
changeset
|
266 } |
|
501
d58c478bd399
Add support for [email protected] delayed compression.
Matt Johnston <matt@ucc.asn.au>
parents:
441
diff
changeset
|
267 /* Note: in delayed-zlib mode, setting authdone here |
|
d58c478bd399
Add support for [email protected] delayed compression.
Matt Johnston <matt@ucc.asn.au>
parents:
441
diff
changeset
|
268 * will enable compression in the transport layer */ |
| 33 | 269 ses.authstate.authdone = 1; |
| 37 | 270 cli_ses.state = USERAUTH_SUCCESS_RCVD; |
|
249
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
271 cli_ses.lastauthtype = AUTH_TYPE_NONE; |
|
552
de3653483ac0
- Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents:
545
diff
changeset
|
272 |
|
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1249
diff
changeset
|
273 #if DROPBEAR_CLI_PUBKEY_AUTH |
|
552
de3653483ac0
- Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents:
545
diff
changeset
|
274 cli_auth_pubkey_cleanup(); |
|
de3653483ac0
- Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents:
545
diff
changeset
|
275 #endif |
| 33 | 276 } |
| 277 | |
|
734
619b1ed837fd
Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE
Matt Johnston <matt@ucc.asn.au>
parents:
732
diff
changeset
|
278 int cli_auth_try() { |
| 33 | 279 |
|
300
baea1d43e7eb
Some cleanups/fixes for various TRACE statements
Matt Johnston <matt@ucc.asn.au>
parents:
268
diff
changeset
|
280 int finished = 0; |
|
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
114
diff
changeset
|
281 TRACE(("enter cli_auth_try")) |
| 33 | 282 |
| 283 CHECKCLEARTOWRITE(); | |
| 284 | |
|
249
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
285 /* Order to try is pubkey, interactive, password. |
|
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
286 * As soon as "finished" is set for one, we don't do any more. */ |
|
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1249
diff
changeset
|
287 #if DROPBEAR_CLI_PUBKEY_AUTH |
| 33 | 288 if (ses.authstate.authtypes & AUTH_TYPE_PUBKEY) { |
| 289 finished = cli_auth_pubkey(); | |
|
45
9ee8996a375f
Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
43
diff
changeset
|
290 cli_ses.lastauthtype = AUTH_TYPE_PUBKEY; |
| 33 | 291 } |
| 292 #endif | |
| 293 | |
|
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1249
diff
changeset
|
294 #if DROPBEAR_CLI_PASSWORD_AUTH |
|
734
619b1ed837fd
Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE
Matt Johnston <matt@ucc.asn.au>
parents:
732
diff
changeset
|
295 if (!finished && (ses.authstate.authtypes & AUTH_TYPE_PASSWORD)) { |
|
619b1ed837fd
Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE
Matt Johnston <matt@ucc.asn.au>
parents:
732
diff
changeset
|
296 if (ses.keys->trans.algo_crypt->cipherdesc == NULL) { |
|
619b1ed837fd
Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE
Matt Johnston <matt@ucc.asn.au>
parents:
732
diff
changeset
|
297 fprintf(stderr, "Sorry, I won't let you use password auth unencrypted.\n"); |
|
619b1ed837fd
Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE
Matt Johnston <matt@ucc.asn.au>
parents:
732
diff
changeset
|
298 } else { |
|
619b1ed837fd
Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE
Matt Johnston <matt@ucc.asn.au>
parents:
732
diff
changeset
|
299 cli_auth_password(); |
|
619b1ed837fd
Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE
Matt Johnston <matt@ucc.asn.au>
parents:
732
diff
changeset
|
300 finished = 1; |
|
619b1ed837fd
Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE
Matt Johnston <matt@ucc.asn.au>
parents:
732
diff
changeset
|
301 cli_ses.lastauthtype = AUTH_TYPE_PASSWORD; |
|
619b1ed837fd
Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE
Matt Johnston <matt@ucc.asn.au>
parents:
732
diff
changeset
|
302 } |
|
732
2e5f2bc60e40
Try password before interactive - bit of a hack
Matt Johnston <matt@ucc.asn.au>
parents:
730
diff
changeset
|
303 } |
|
2e5f2bc60e40
Try password before interactive - bit of a hack
Matt Johnston <matt@ucc.asn.au>
parents:
730
diff
changeset
|
304 #endif |
|
2e5f2bc60e40
Try password before interactive - bit of a hack
Matt Johnston <matt@ucc.asn.au>
parents:
730
diff
changeset
|
305 |
|
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1249
diff
changeset
|
306 #if DROPBEAR_CLI_INTERACT_AUTH |
|
734
619b1ed837fd
Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE
Matt Johnston <matt@ucc.asn.au>
parents:
732
diff
changeset
|
307 if (!finished && (ses.authstate.authtypes & AUTH_TYPE_INTERACT)) { |
|
619b1ed837fd
Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE
Matt Johnston <matt@ucc.asn.au>
parents:
732
diff
changeset
|
308 if (ses.keys->trans.algo_crypt->cipherdesc == NULL) { |
|
619b1ed837fd
Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE
Matt Johnston <matt@ucc.asn.au>
parents:
732
diff
changeset
|
309 fprintf(stderr, "Sorry, I won't let you use interactive auth unencrypted.\n"); |
|
249
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
310 } else { |
|
734
619b1ed837fd
Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE
Matt Johnston <matt@ucc.asn.au>
parents:
732
diff
changeset
|
311 if (!cli_ses.auth_interact_failed) { |
|
619b1ed837fd
Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE
Matt Johnston <matt@ucc.asn.au>
parents:
732
diff
changeset
|
312 cli_auth_interactive(); |
|
619b1ed837fd
Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE
Matt Johnston <matt@ucc.asn.au>
parents:
732
diff
changeset
|
313 cli_ses.lastauthtype = AUTH_TYPE_INTERACT; |
|
619b1ed837fd
Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE
Matt Johnston <matt@ucc.asn.au>
parents:
732
diff
changeset
|
314 finished = 1; |
|
619b1ed837fd
Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE
Matt Johnston <matt@ucc.asn.au>
parents:
732
diff
changeset
|
315 } |
|
249
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
316 } |
|
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
317 } |
|
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
318 #endif |
|
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
319 |
|
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
320 TRACE(("cli_auth_try lastauthtype %d", cli_ses.lastauthtype)) |
|
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
321 |
|
734
619b1ed837fd
Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE
Matt Johnston <matt@ucc.asn.au>
parents:
732
diff
changeset
|
322 if (finished) { |
|
619b1ed837fd
Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE
Matt Johnston <matt@ucc.asn.au>
parents:
732
diff
changeset
|
323 TRACE(("leave cli_auth_try success")) |
|
619b1ed837fd
Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE
Matt Johnston <matt@ucc.asn.au>
parents:
732
diff
changeset
|
324 return DROPBEAR_SUCCESS; |
| 33 | 325 } |
|
734
619b1ed837fd
Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE
Matt Johnston <matt@ucc.asn.au>
parents:
732
diff
changeset
|
326 TRACE(("leave cli_auth_try failure")) |
|
619b1ed837fd
Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE
Matt Johnston <matt@ucc.asn.au>
parents:
732
diff
changeset
|
327 return DROPBEAR_FAILURE; |
| 33 | 328 } |
|
268
475a818dd6e7
Cancel a dbclient password prompt if the user presses ctrl-c.
Matt Johnston <matt@ucc.asn.au>
parents:
249
diff
changeset
|
329 |
|
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1249
diff
changeset
|
330 #if DROPBEAR_CLI_PASSWORD_AUTH || DROPBEAR_CLI_INTERACT_AUTH |
|
268
475a818dd6e7
Cancel a dbclient password prompt if the user presses ctrl-c.
Matt Johnston <matt@ucc.asn.au>
parents:
249
diff
changeset
|
331 /* A helper for getpass() that exits if the user cancels. The returned |
|
475a818dd6e7
Cancel a dbclient password prompt if the user presses ctrl-c.
Matt Johnston <matt@ucc.asn.au>
parents:
249
diff
changeset
|
332 * password is statically allocated by getpass() */ |
|
1459
06d52bcb8094
Pointer parameter could be declared as pointing to const
Francois Perrad <francois.perrad@gadz.org>
parents:
1296
diff
changeset
|
333 char* getpass_or_cancel(const char* prompt) |
|
268
475a818dd6e7
Cancel a dbclient password prompt if the user presses ctrl-c.
Matt Johnston <matt@ucc.asn.au>
parents:
249
diff
changeset
|
334 { |
|
475a818dd6e7
Cancel a dbclient password prompt if the user presses ctrl-c.
Matt Johnston <matt@ucc.asn.au>
parents:
249
diff
changeset
|
335 char* password = NULL; |
|
441
fdf06a5a54e4
Allow reading dbclient password from an environment var
Matt Johnston <matt@ucc.asn.au>
parents:
334
diff
changeset
|
336 |
|
1514
6c16a05023aa
rename some options and move some to sysoptions.h
Matt Johnston <matt@ucc.asn.au>
parents:
1499
diff
changeset
|
337 #if DROPBEAR_USE_PASSWORD_ENV |
|
1249
c6346c63281b
refactor indentation with hard tab
Francois Perrad <francois.perrad@gadz.org>
parents:
1156
diff
changeset
|
338 /* Password provided in an environment var */ |
|
c6346c63281b
refactor indentation with hard tab
Francois Perrad <francois.perrad@gadz.org>
parents:
1156
diff
changeset
|
339 password = getenv(DROPBEAR_PASSWORD_ENV); |
|
c6346c63281b
refactor indentation with hard tab
Francois Perrad <francois.perrad@gadz.org>
parents:
1156
diff
changeset
|
340 if (password) |
|
c6346c63281b
refactor indentation with hard tab
Francois Perrad <francois.perrad@gadz.org>
parents:
1156
diff
changeset
|
341 { |
|
c6346c63281b
refactor indentation with hard tab
Francois Perrad <francois.perrad@gadz.org>
parents:
1156
diff
changeset
|
342 return password; |
|
c6346c63281b
refactor indentation with hard tab
Francois Perrad <francois.perrad@gadz.org>
parents:
1156
diff
changeset
|
343 } |
|
441
fdf06a5a54e4
Allow reading dbclient password from an environment var
Matt Johnston <matt@ucc.asn.au>
parents:
334
diff
changeset
|
344 #endif |
|
268
475a818dd6e7
Cancel a dbclient password prompt if the user presses ctrl-c.
Matt Johnston <matt@ucc.asn.au>
parents:
249
diff
changeset
|
345 |
|
334
8f3ec7c104d9
Make the dbclient password prompt more useful
Matt Johnston <matt@ucc.asn.au>
parents:
300
diff
changeset
|
346 password = getpass(prompt); |
|
268
475a818dd6e7
Cancel a dbclient password prompt if the user presses ctrl-c.
Matt Johnston <matt@ucc.asn.au>
parents:
249
diff
changeset
|
347 |
|
475a818dd6e7
Cancel a dbclient password prompt if the user presses ctrl-c.
Matt Johnston <matt@ucc.asn.au>
parents:
249
diff
changeset
|
348 /* 0x03 is a ctrl-c character in the buffer. */ |
|
475a818dd6e7
Cancel a dbclient password prompt if the user presses ctrl-c.
Matt Johnston <matt@ucc.asn.au>
parents:
249
diff
changeset
|
349 if (password == NULL || strchr(password, '\3') != NULL) { |
|
475a818dd6e7
Cancel a dbclient password prompt if the user presses ctrl-c.
Matt Johnston <matt@ucc.asn.au>
parents:
249
diff
changeset
|
350 dropbear_close("Interrupted."); |
|
475a818dd6e7
Cancel a dbclient password prompt if the user presses ctrl-c.
Matt Johnston <matt@ucc.asn.au>
parents:
249
diff
changeset
|
351 } |
|
475a818dd6e7
Cancel a dbclient password prompt if the user presses ctrl-c.
Matt Johnston <matt@ucc.asn.au>
parents:
249
diff
changeset
|
352 return password; |
|
475a818dd6e7
Cancel a dbclient password prompt if the user presses ctrl-c.
Matt Johnston <matt@ucc.asn.au>
parents:
249
diff
changeset
|
353 } |
|
1156
a8f4dade70e5
avoid getpass when not used
Mike Frysinger <vapier@gentoo.org>
parents:
1122
diff
changeset
|
354 #endif |