annotate cli-auth.c @ 735:73b6e5d8801b

Fix segfault when /dev/urandom isn't writable
author Matt Johnston <matt@ucc.asn.au>
date Tue, 02 Apr 2013 18:53:18 +0800
parents 2e5f2bc60e40
children 619b1ed837fd
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
74
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
1 /*
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
2 * Dropbear SSH
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
3 *
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
4 * Copyright (c) 2002,2003 Matt Johnston
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
5 * Copyright (c) 2004 by Mihnea Stoenescu
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
6 * All rights reserved.
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
7 *
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
8 * Permission is hereby granted, free of charge, to any person obtaining a copy
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
9 * of this software and associated documentation files (the "Software"), to deal
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
10 * in the Software without restriction, including without limitation the rights
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
12 * copies of the Software, and to permit persons to whom the Software is
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
13 * furnished to do so, subject to the following conditions:
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
14 *
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
15 * The above copyright notice and this permission notice shall be included in
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
16 * all copies or substantial portions of the Software.
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
17 *
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
21 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
24 * SOFTWARE. */
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
25
33
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
26 #include "includes.h"
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
27 #include "session.h"
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
28 #include "auth.h"
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
29 #include "dbutil.h"
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
30 #include "buffer.h"
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
31 #include "ssh.h"
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
32 #include "packet.h"
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
33 #include "runopts.h"
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
34
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
35 void cli_authinitialise() {
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
36
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
37 memset(&ses.authstate, 0, sizeof(ses.authstate));
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
38 }
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
39
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
40
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
41 /* Send a "none" auth request to get available methods */
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
42 void cli_auth_getmethods() {
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 114
diff changeset
43 TRACE(("enter cli_auth_getmethods"))
730
714b9106e335 Send an auth packet straight away, save another roundtrip
Matt Johnston <matt@ucc.asn.au>
parents: 686
diff changeset
44 #ifdef CLI_IMMEDIATE_AUTH
714b9106e335 Send an auth packet straight away, save another roundtrip
Matt Johnston <matt@ucc.asn.au>
parents: 686
diff changeset
45 ses.authstate.authtypes = AUTH_TYPE_PUBKEY | AUTH_TYPE_PASSWORD | AUTH_TYPE_INTERACT;
714b9106e335 Send an auth packet straight away, save another roundtrip
Matt Johnston <matt@ucc.asn.au>
parents: 686
diff changeset
46 cli_auth_try();
714b9106e335 Send an auth packet straight away, save another roundtrip
Matt Johnston <matt@ucc.asn.au>
parents: 686
diff changeset
47 #else
33
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
48 CHECKCLEARTOWRITE();
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
49 buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_REQUEST);
35
0ad5fb979f42 set the isserver flag (oops)
Matt Johnston <matt@ucc.asn.au>
parents: 34
diff changeset
50 buf_putstring(ses.writepayload, cli_opts.username,
0ad5fb979f42 set the isserver flag (oops)
Matt Johnston <matt@ucc.asn.au>
parents: 34
diff changeset
51 strlen(cli_opts.username));
33
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
52 buf_putstring(ses.writepayload, SSH_SERVICE_CONNECTION,
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
53 SSH_SERVICE_CONNECTION_LEN);
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
54 buf_putstring(ses.writepayload, "none", 4); /* 'none' method */
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
55
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
56 encrypt_packet();
730
714b9106e335 Send an auth packet straight away, save another roundtrip
Matt Johnston <matt@ucc.asn.au>
parents: 686
diff changeset
57 #endif
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 114
diff changeset
58 TRACE(("leave cli_auth_getmethods"))
33
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
59 }
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
60
43
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
61 void recv_msg_userauth_banner() {
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
62
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
63 unsigned char* banner = NULL;
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
64 unsigned int bannerlen;
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
65 unsigned int i, linecount;
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
66
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 114
diff changeset
67 TRACE(("enter recv_msg_userauth_banner"))
43
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
68 if (ses.authstate.authdone) {
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 114
diff changeset
69 TRACE(("leave recv_msg_userauth_banner: banner after auth done"))
43
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
70 return;
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
71 }
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
72
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
73 banner = buf_getstring(ses.payload, &bannerlen);
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
74 buf_eatstring(ses.payload); /* The language string */
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
75
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
76 if (bannerlen > MAX_BANNER_SIZE) {
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 114
diff changeset
77 TRACE(("recv_msg_userauth_banner: bannerlen too long: %d", bannerlen))
43
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
78 goto out;
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
79 }
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
80
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
81 cleantext(banner);
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
82
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
83 /* Limit to 25 lines */
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
84 linecount = 1;
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
85 for (i = 0; i < bannerlen; i++) {
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
86 if (banner[i] == '\n') {
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
87 if (linecount >= MAX_BANNER_LINES) {
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
88 banner[i] = '\0';
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
89 break;
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
90 }
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
91 linecount++;
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
92 }
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
93 }
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
94
545
00e619aa2f9a - Print banner to stderr. Probably the right way, and avoids
Matt Johnston <matt@ucc.asn.au>
parents: 501
diff changeset
95 fprintf(stderr, "%s\n", banner);
43
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
96
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
97 out:
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
98 m_free(banner);
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 114
diff changeset
99 TRACE(("leave recv_msg_userauth_banner"))
43
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
100 }
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
101
249
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
102 /* This handles the message-specific types which
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
103 * all have a value of 60. These are
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
104 * SSH_MSG_USERAUTH_PASSWD_CHANGEREQ,
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
105 * SSH_MSG_USERAUTH_PK_OK, &
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
106 * SSH_MSG_USERAUTH_INFO_REQUEST. */
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
107 void recv_msg_userauth_specific_60() {
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
108
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
109 #ifdef ENABLE_CLI_PUBKEY_AUTH
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
110 if (cli_ses.lastauthtype == AUTH_TYPE_PUBKEY) {
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
111 recv_msg_userauth_pk_ok();
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
112 return;
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
113 }
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
114 #endif
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
115
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
116 #ifdef ENABLE_CLI_INTERACT_AUTH
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
117 if (cli_ses.lastauthtype == AUTH_TYPE_INTERACT) {
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
118 recv_msg_userauth_info_request();
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
119 return;
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
120 }
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
121 #endif
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
122
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
123 #ifdef ENABLE_CLI_PASSWORD_AUTH
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
124 if (cli_ses.lastauthtype == AUTH_TYPE_PASSWORD) {
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
125 /* Eventually there could be proper password-changing
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
126 * support. However currently few servers seem to
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
127 * implement it, and password auth is last-resort
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
128 * regardless - keyboard-interactive is more likely
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
129 * to be used anyway. */
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
130 dropbear_close("Your password has expired.");
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
131 }
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
132 #endif
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
133
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
134 dropbear_exit("Unexpected userauth packet");
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
135 }
43
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
136
33
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
137 void recv_msg_userauth_failure() {
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
138
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
139 unsigned char * methods = NULL;
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
140 unsigned char * tok = NULL;
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
141 unsigned int methlen = 0;
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
142 unsigned int partial = 0;
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
143 unsigned int i = 0;
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
144
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 114
diff changeset
145 TRACE(("<- MSG_USERAUTH_FAILURE"))
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 114
diff changeset
146 TRACE(("enter recv_msg_userauth_failure"))
33
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
147
45
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents: 43
diff changeset
148 if (cli_ses.state != USERAUTH_REQ_SENT) {
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents: 43
diff changeset
149 /* Perhaps we should be more fatal? */
249
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
150 dropbear_exit("Unexpected userauth failure");
45
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents: 43
diff changeset
151 }
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents: 43
diff changeset
152
68
eee77ac31ccc cleaning up the pubkey defines
Matt Johnston <matt@ucc.asn.au>
parents: 45
diff changeset
153 #ifdef ENABLE_CLI_PUBKEY_AUTH
45
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents: 43
diff changeset
154 /* If it was a pubkey auth request, we should cross that key
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents: 43
diff changeset
155 * off the list. */
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents: 43
diff changeset
156 if (cli_ses.lastauthtype == AUTH_TYPE_PUBKEY) {
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents: 43
diff changeset
157 cli_pubkeyfail();
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents: 43
diff changeset
158 }
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents: 43
diff changeset
159 #endif
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents: 43
diff changeset
160
249
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
161 #ifdef ENABLE_CLI_INTERACT_AUTH
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
162 /* If we get a failure message for keyboard interactive without
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
163 * receiving any request info packet, then we don't bother trying
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
164 * keyboard interactive again */
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
165 if (cli_ses.lastauthtype == AUTH_TYPE_INTERACT
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
166 && !cli_ses.interact_request_received) {
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
167 TRACE(("setting auth_interact_failed = 1"))
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
168 cli_ses.auth_interact_failed = 1;
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
169 }
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
170 #endif
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
171
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
172 cli_ses.lastauthtype = AUTH_TYPE_NONE;
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
173
33
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
174 methods = buf_getstring(ses.payload, &methlen);
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
175
179
161557a9dde8 * fix longstanding bug with connections being closed on failure to
Matt Johnston <matt@ucc.asn.au>
parents: 165
diff changeset
176 partial = buf_getbool(ses.payload);
33
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
177
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
178 if (partial) {
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
179 dropbear_log(LOG_INFO, "Authentication partially succeeded, more attempts required");
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
180 } else {
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
181 ses.authstate.failcount++;
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
182 }
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
183
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 114
diff changeset
184 TRACE(("Methods (len %d): '%s'", methlen, methods))
33
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
185
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
186 ses.authstate.authdone=0;
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
187 ses.authstate.authtypes=0;
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
188
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
189 /* Split with nulls rather than commas */
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
190 for (i = 0; i < methlen; i++) {
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
191 if (methods[i] == ',') {
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
192 methods[i] = '\0';
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
193 }
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
194 }
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
195
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
196 tok = methods; /* tok stores the next method we'll compare */
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
197 for (i = 0; i <= methlen; i++) {
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
198 if (methods[i] == '\0') {
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 114
diff changeset
199 TRACE(("auth method '%s'", tok))
68
eee77ac31ccc cleaning up the pubkey defines
Matt Johnston <matt@ucc.asn.au>
parents: 45
diff changeset
200 #ifdef ENABLE_CLI_PUBKEY_AUTH
33
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
201 if (strncmp(AUTH_METHOD_PUBKEY, tok,
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
202 AUTH_METHOD_PUBKEY_LEN) == 0) {
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
203 ses.authstate.authtypes |= AUTH_TYPE_PUBKEY;
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
204 }
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
205 #endif
249
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
206 #ifdef ENABLE_CLI_INTERACT_AUTH
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
207 if (strncmp(AUTH_METHOD_INTERACT, tok,
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
208 AUTH_METHOD_INTERACT_LEN) == 0) {
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
209 ses.authstate.authtypes |= AUTH_TYPE_INTERACT;
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
210 }
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
211 #endif
68
eee77ac31ccc cleaning up the pubkey defines
Matt Johnston <matt@ucc.asn.au>
parents: 45
diff changeset
212 #ifdef ENABLE_CLI_PASSWORD_AUTH
33
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
213 if (strncmp(AUTH_METHOD_PASSWORD, tok,
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
214 AUTH_METHOD_PASSWORD_LEN) == 0) {
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
215 ses.authstate.authtypes |= AUTH_TYPE_PASSWORD;
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
216 }
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
217 #endif
34
e2a1eaa19f22 Client mostly works up to password auth
Matt Johnston <matt@ucc.asn.au>
parents: 33
diff changeset
218 tok = &methods[i+1]; /* Must make sure we don't use it after the
e2a1eaa19f22 Client mostly works up to password auth
Matt Johnston <matt@ucc.asn.au>
parents: 33
diff changeset
219 last loop, since it'll point to something
e2a1eaa19f22 Client mostly works up to password auth
Matt Johnston <matt@ucc.asn.au>
parents: 33
diff changeset
220 undefined */
33
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
221 }
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
222 }
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
223
114
2be6aa26a8c9 Leak found with MallocDebug - it's kinda useful
Matt Johnston <matt@ucc.asn.au>
parents: 74
diff changeset
224 m_free(methods);
2be6aa26a8c9 Leak found with MallocDebug - it's kinda useful
Matt Johnston <matt@ucc.asn.au>
parents: 74
diff changeset
225
33
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
226 cli_ses.state = USERAUTH_FAIL_RCVD;
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
227
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 114
diff changeset
228 TRACE(("leave recv_msg_userauth_failure"))
33
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
229 }
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
230
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
231 void recv_msg_userauth_success() {
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 114
diff changeset
232 TRACE(("received msg_userauth_success"))
501
d58c478bd399 Add support for [email protected] delayed compression.
Matt Johnston <matt@ucc.asn.au>
parents: 441
diff changeset
233 /* Note: in delayed-zlib mode, setting authdone here
d58c478bd399 Add support for [email protected] delayed compression.
Matt Johnston <matt@ucc.asn.au>
parents: 441
diff changeset
234 * will enable compression in the transport layer */
33
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
235 ses.authstate.authdone = 1;
37
0913e2ee3545 we're nearly there yet
Matt Johnston <matt@ucc.asn.au>
parents: 35
diff changeset
236 cli_ses.state = USERAUTH_SUCCESS_RCVD;
249
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
237 cli_ses.lastauthtype = AUTH_TYPE_NONE;
552
de3653483ac0 - Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents: 545
diff changeset
238
de3653483ac0 - Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents: 545
diff changeset
239 #ifdef ENABLE_CLI_PUBKEY_AUTH
de3653483ac0 - Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents: 545
diff changeset
240 cli_auth_pubkey_cleanup();
de3653483ac0 - Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents: 545
diff changeset
241 #endif
33
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
242 }
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
243
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
244 void cli_auth_try() {
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
245
300
baea1d43e7eb Some cleanups/fixes for various TRACE statements
Matt Johnston <matt@ucc.asn.au>
parents: 268
diff changeset
246 int finished = 0;
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 114
diff changeset
247 TRACE(("enter cli_auth_try"))
33
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
248
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
249 CHECKCLEARTOWRITE();
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
250
249
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
251 /* Order to try is pubkey, interactive, password.
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
252 * As soon as "finished" is set for one, we don't do any more. */
68
eee77ac31ccc cleaning up the pubkey defines
Matt Johnston <matt@ucc.asn.au>
parents: 45
diff changeset
253 #ifdef ENABLE_CLI_PUBKEY_AUTH
33
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
254 if (ses.authstate.authtypes & AUTH_TYPE_PUBKEY) {
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
255 finished = cli_auth_pubkey();
45
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents: 43
diff changeset
256 cli_ses.lastauthtype = AUTH_TYPE_PUBKEY;
33
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
257 }
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
258 #endif
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
259
732
2e5f2bc60e40 Try password before interactive - bit of a hack
Matt Johnston <matt@ucc.asn.au>
parents: 730
diff changeset
260 #ifdef ENABLE_CLI_PASSWORD_AUTH
2e5f2bc60e40 Try password before interactive - bit of a hack
Matt Johnston <matt@ucc.asn.au>
parents: 730
diff changeset
261 if (ses.keys->trans.algo_crypt->cipherdesc == NULL) {
2e5f2bc60e40 Try password before interactive - bit of a hack
Matt Johnston <matt@ucc.asn.au>
parents: 730
diff changeset
262 fprintf(stderr, "Sorry, I won't let you use password auth unencrypted.\n");
2e5f2bc60e40 Try password before interactive - bit of a hack
Matt Johnston <matt@ucc.asn.au>
parents: 730
diff changeset
263 } else if (!finished && ses.authstate.authtypes & AUTH_TYPE_PASSWORD) {
2e5f2bc60e40 Try password before interactive - bit of a hack
Matt Johnston <matt@ucc.asn.au>
parents: 730
diff changeset
264 cli_auth_password();
2e5f2bc60e40 Try password before interactive - bit of a hack
Matt Johnston <matt@ucc.asn.au>
parents: 730
diff changeset
265 finished = 1;
2e5f2bc60e40 Try password before interactive - bit of a hack
Matt Johnston <matt@ucc.asn.au>
parents: 730
diff changeset
266 cli_ses.lastauthtype = AUTH_TYPE_PASSWORD;
2e5f2bc60e40 Try password before interactive - bit of a hack
Matt Johnston <matt@ucc.asn.au>
parents: 730
diff changeset
267 }
2e5f2bc60e40 Try password before interactive - bit of a hack
Matt Johnston <matt@ucc.asn.au>
parents: 730
diff changeset
268 #endif
2e5f2bc60e40 Try password before interactive - bit of a hack
Matt Johnston <matt@ucc.asn.au>
parents: 730
diff changeset
269
249
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
270 #ifdef ENABLE_CLI_INTERACT_AUTH
681
a4b7627b3157 Update insecure-nocrypto to current head
Matt Johnston <matt@ucc.asn.au>
parents: 552 511
diff changeset
271 if (ses.keys->trans.algo_crypt->cipherdesc == NULL) {
252
29afa62b5450 - a hack for grahame to run dropbear with "none" cipher.
Matt Johnston <matt@ucc.asn.au>
parents: 249
diff changeset
272 fprintf(stderr, "Sorry, I won't let you use interactive auth unencrypted.\n");
686
983a817f8e41 - Only request "none" cipher after auth has succeeded
Matt Johnston <matt@ucc.asn.au>
parents: 685
diff changeset
273 } else if (!finished && ses.authstate.authtypes & AUTH_TYPE_INTERACT) {
249
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
274 if (cli_ses.auth_interact_failed) {
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
275 finished = 0;
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
276 } else {
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
277 cli_auth_interactive();
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
278 cli_ses.lastauthtype = AUTH_TYPE_INTERACT;
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
279 finished = 1;
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
280 }
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
281 }
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
282 #endif
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
283
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
284 TRACE(("cli_auth_try lastauthtype %d", cli_ses.lastauthtype))
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
285
33
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
286 if (!finished) {
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
287 dropbear_exit("No auth methods could be used.");
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
288 }
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
289
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 114
diff changeset
290 TRACE(("leave cli_auth_try"))
33
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
291 }
268
475a818dd6e7 Cancel a dbclient password prompt if the user presses ctrl-c.
Matt Johnston <matt@ucc.asn.au>
parents: 249
diff changeset
292
475a818dd6e7 Cancel a dbclient password prompt if the user presses ctrl-c.
Matt Johnston <matt@ucc.asn.au>
parents: 249
diff changeset
293 /* A helper for getpass() that exits if the user cancels. The returned
475a818dd6e7 Cancel a dbclient password prompt if the user presses ctrl-c.
Matt Johnston <matt@ucc.asn.au>
parents: 249
diff changeset
294 * password is statically allocated by getpass() */
334
8f3ec7c104d9 Make the dbclient password prompt more useful
Matt Johnston <matt@ucc.asn.au>
parents: 300
diff changeset
295 char* getpass_or_cancel(char* prompt)
268
475a818dd6e7 Cancel a dbclient password prompt if the user presses ctrl-c.
Matt Johnston <matt@ucc.asn.au>
parents: 249
diff changeset
296 {
475a818dd6e7 Cancel a dbclient password prompt if the user presses ctrl-c.
Matt Johnston <matt@ucc.asn.au>
parents: 249
diff changeset
297 char* password = NULL;
441
fdf06a5a54e4 Allow reading dbclient password from an environment var
Matt Johnston <matt@ucc.asn.au>
parents: 334
diff changeset
298
fdf06a5a54e4 Allow reading dbclient password from an environment var
Matt Johnston <matt@ucc.asn.au>
parents: 334
diff changeset
299 #ifdef DROPBEAR_PASSWORD_ENV
fdf06a5a54e4 Allow reading dbclient password from an environment var
Matt Johnston <matt@ucc.asn.au>
parents: 334
diff changeset
300 /* Password provided in an environment var */
fdf06a5a54e4 Allow reading dbclient password from an environment var
Matt Johnston <matt@ucc.asn.au>
parents: 334
diff changeset
301 password = getenv(DROPBEAR_PASSWORD_ENV);
fdf06a5a54e4 Allow reading dbclient password from an environment var
Matt Johnston <matt@ucc.asn.au>
parents: 334
diff changeset
302 if (password)
fdf06a5a54e4 Allow reading dbclient password from an environment var
Matt Johnston <matt@ucc.asn.au>
parents: 334
diff changeset
303 {
fdf06a5a54e4 Allow reading dbclient password from an environment var
Matt Johnston <matt@ucc.asn.au>
parents: 334
diff changeset
304 return password;
fdf06a5a54e4 Allow reading dbclient password from an environment var
Matt Johnston <matt@ucc.asn.au>
parents: 334
diff changeset
305 }
fdf06a5a54e4 Allow reading dbclient password from an environment var
Matt Johnston <matt@ucc.asn.au>
parents: 334
diff changeset
306 #endif
268
475a818dd6e7 Cancel a dbclient password prompt if the user presses ctrl-c.
Matt Johnston <matt@ucc.asn.au>
parents: 249
diff changeset
307
334
8f3ec7c104d9 Make the dbclient password prompt more useful
Matt Johnston <matt@ucc.asn.au>
parents: 300
diff changeset
308 password = getpass(prompt);
268
475a818dd6e7 Cancel a dbclient password prompt if the user presses ctrl-c.
Matt Johnston <matt@ucc.asn.au>
parents: 249
diff changeset
309
475a818dd6e7 Cancel a dbclient password prompt if the user presses ctrl-c.
Matt Johnston <matt@ucc.asn.au>
parents: 249
diff changeset
310 /* 0x03 is a ctrl-c character in the buffer. */
475a818dd6e7 Cancel a dbclient password prompt if the user presses ctrl-c.
Matt Johnston <matt@ucc.asn.au>
parents: 249
diff changeset
311 if (password == NULL || strchr(password, '\3') != NULL) {
475a818dd6e7 Cancel a dbclient password prompt if the user presses ctrl-c.
Matt Johnston <matt@ucc.asn.au>
parents: 249
diff changeset
312 dropbear_close("Interrupted.");
475a818dd6e7 Cancel a dbclient password prompt if the user presses ctrl-c.
Matt Johnston <matt@ucc.asn.au>
parents: 249
diff changeset
313 }
475a818dd6e7 Cancel a dbclient password prompt if the user presses ctrl-c.
Matt Johnston <matt@ucc.asn.au>
parents: 249
diff changeset
314 return password;
475a818dd6e7 Cancel a dbclient password prompt if the user presses ctrl-c.
Matt Johnston <matt@ucc.asn.au>
parents: 249
diff changeset
315 }