Mercurial > dropbear
annotate cli-auth.c @ 1884:75d6a9faf919
Merge pull request #151 from HansH111/pubkeyinfo
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Wed, 16 Mar 2022 10:43:24 +0800 |
parents | d512da7b1198 |
children | 62e4baa059c3 |
rev | line source |
---|---|
74
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
68
diff
changeset
|
1 /* |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
68
diff
changeset
|
2 * Dropbear SSH |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
68
diff
changeset
|
3 * |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
68
diff
changeset
|
4 * Copyright (c) 2002,2003 Matt Johnston |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
68
diff
changeset
|
5 * Copyright (c) 2004 by Mihnea Stoenescu |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
68
diff
changeset
|
6 * All rights reserved. |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
68
diff
changeset
|
7 * |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
68
diff
changeset
|
8 * Permission is hereby granted, free of charge, to any person obtaining a copy |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
68
diff
changeset
|
9 * of this software and associated documentation files (the "Software"), to deal |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
68
diff
changeset
|
10 * in the Software without restriction, including without limitation the rights |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
68
diff
changeset
|
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
68
diff
changeset
|
12 * copies of the Software, and to permit persons to whom the Software is |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
68
diff
changeset
|
13 * furnished to do so, subject to the following conditions: |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
68
diff
changeset
|
14 * |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
68
diff
changeset
|
15 * The above copyright notice and this permission notice shall be included in |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
68
diff
changeset
|
16 * all copies or substantial portions of the Software. |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
68
diff
changeset
|
17 * |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
68
diff
changeset
|
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
68
diff
changeset
|
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
68
diff
changeset
|
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
68
diff
changeset
|
21 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
68
diff
changeset
|
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
68
diff
changeset
|
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
68
diff
changeset
|
24 * SOFTWARE. */ |
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
68
diff
changeset
|
25 |
33 | 26 #include "includes.h" |
27 #include "session.h" | |
28 #include "auth.h" | |
29 #include "dbutil.h" | |
30 #include "buffer.h" | |
31 #include "ssh.h" | |
32 #include "packet.h" | |
33 #include "runopts.h" | |
34 | |
35 /* Send a "none" auth request to get available methods */ | |
36 void cli_auth_getmethods() { | |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
114
diff
changeset
|
37 TRACE(("enter cli_auth_getmethods")) |
33 | 38 CHECKCLEARTOWRITE(); |
39 buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_REQUEST); | |
1122
aaf576b27a10
Merge pull request #13 from gazoo74/fix-warnings
Matt Johnston <matt@ucc.asn.au>
parents:
1115
diff
changeset
|
40 buf_putstring(ses.writepayload, cli_opts.username, |
35
0ad5fb979f42
set the isserver flag (oops)
Matt Johnston <matt@ucc.asn.au>
parents:
34
diff
changeset
|
41 strlen(cli_opts.username)); |
1122
aaf576b27a10
Merge pull request #13 from gazoo74/fix-warnings
Matt Johnston <matt@ucc.asn.au>
parents:
1115
diff
changeset
|
42 buf_putstring(ses.writepayload, SSH_SERVICE_CONNECTION, |
33 | 43 SSH_SERVICE_CONNECTION_LEN); |
1122
aaf576b27a10
Merge pull request #13 from gazoo74/fix-warnings
Matt Johnston <matt@ucc.asn.au>
parents:
1115
diff
changeset
|
44 buf_putstring(ses.writepayload, "none", 4); /* 'none' method */ |
33 | 45 |
46 encrypt_packet(); | |
883
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
47 |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1249
diff
changeset
|
48 #if DROPBEAR_CLI_IMMEDIATE_AUTH |
894
7032deca6b90
Disable immediate auth for delayed-zlib mode
Matt Johnston <matt@ucc.asn.au>
parents:
883
diff
changeset
|
49 /* We can't haven't two auth requests in-flight with delayed zlib mode |
7032deca6b90
Disable immediate auth for delayed-zlib mode
Matt Johnston <matt@ucc.asn.au>
parents:
883
diff
changeset
|
50 since if the first one succeeds then the remote side will |
7032deca6b90
Disable immediate auth for delayed-zlib mode
Matt Johnston <matt@ucc.asn.au>
parents:
883
diff
changeset
|
51 expect the second one to be compressed. |
7032deca6b90
Disable immediate auth for delayed-zlib mode
Matt Johnston <matt@ucc.asn.au>
parents:
883
diff
changeset
|
52 Race described at |
7032deca6b90
Disable immediate auth for delayed-zlib mode
Matt Johnston <matt@ucc.asn.au>
parents:
883
diff
changeset
|
53 http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/zlib-openssh.html |
7032deca6b90
Disable immediate auth for delayed-zlib mode
Matt Johnston <matt@ucc.asn.au>
parents:
883
diff
changeset
|
54 */ |
7032deca6b90
Disable immediate auth for delayed-zlib mode
Matt Johnston <matt@ucc.asn.au>
parents:
883
diff
changeset
|
55 if (ses.keys->trans.algo_comp != DROPBEAR_COMP_ZLIB_DELAY) { |
7032deca6b90
Disable immediate auth for delayed-zlib mode
Matt Johnston <matt@ucc.asn.au>
parents:
883
diff
changeset
|
56 ses.authstate.authtypes = AUTH_TYPE_PUBKEY; |
1514
6c16a05023aa
rename some options and move some to sysoptions.h
Matt Johnston <matt@ucc.asn.au>
parents:
1499
diff
changeset
|
57 #if DROPBEAR_USE_PASSWORD_ENV |
894
7032deca6b90
Disable immediate auth for delayed-zlib mode
Matt Johnston <matt@ucc.asn.au>
parents:
883
diff
changeset
|
58 if (getenv(DROPBEAR_PASSWORD_ENV)) { |
7032deca6b90
Disable immediate auth for delayed-zlib mode
Matt Johnston <matt@ucc.asn.au>
parents:
883
diff
changeset
|
59 ses.authstate.authtypes |= AUTH_TYPE_PASSWORD | AUTH_TYPE_INTERACT; |
7032deca6b90
Disable immediate auth for delayed-zlib mode
Matt Johnston <matt@ucc.asn.au>
parents:
883
diff
changeset
|
60 } |
1499
2d450c1056e3
options: Complete the transition to numeric toggles (`#if')
Michael Witten <mfwitten@gmail.com>
parents:
1459
diff
changeset
|
61 #endif |
894
7032deca6b90
Disable immediate auth for delayed-zlib mode
Matt Johnston <matt@ucc.asn.au>
parents:
883
diff
changeset
|
62 if (cli_auth_try() == DROPBEAR_SUCCESS) { |
7032deca6b90
Disable immediate auth for delayed-zlib mode
Matt Johnston <matt@ucc.asn.au>
parents:
883
diff
changeset
|
63 TRACE(("skipped initial none auth query")) |
7032deca6b90
Disable immediate auth for delayed-zlib mode
Matt Johnston <matt@ucc.asn.au>
parents:
883
diff
changeset
|
64 /* Note that there will be two auth responses in-flight */ |
7032deca6b90
Disable immediate auth for delayed-zlib mode
Matt Johnston <matt@ucc.asn.au>
parents:
883
diff
changeset
|
65 cli_ses.ignore_next_auth_response = 1; |
7032deca6b90
Disable immediate auth for delayed-zlib mode
Matt Johnston <matt@ucc.asn.au>
parents:
883
diff
changeset
|
66 } |
883
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
67 } |
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
68 #endif |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
114
diff
changeset
|
69 TRACE(("leave cli_auth_getmethods")) |
33 | 70 } |
71 | |
43 | 72 void recv_msg_userauth_banner() { |
73 | |
1115
efb7e545a65e
Turn banner, methods and tok local variable into char *
Gaël PORTAY <gael.portay@gmail.com>
parents:
1094
diff
changeset
|
74 char* banner = NULL; |
43 | 75 unsigned int bannerlen; |
76 unsigned int i, linecount; | |
1296
6959c88c8f13
message about truncated banner
Matt Johnston <matt@ucc.asn.au>
parents:
1295
diff
changeset
|
77 int truncated = 0; |
43 | 78 |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
114
diff
changeset
|
79 TRACE(("enter recv_msg_userauth_banner")) |
43 | 80 if (ses.authstate.authdone) { |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
114
diff
changeset
|
81 TRACE(("leave recv_msg_userauth_banner: banner after auth done")) |
43 | 82 return; |
83 } | |
84 | |
1122
aaf576b27a10
Merge pull request #13 from gazoo74/fix-warnings
Matt Johnston <matt@ucc.asn.au>
parents:
1115
diff
changeset
|
85 banner = buf_getstring(ses.payload, &bannerlen); |
43 | 86 buf_eatstring(ses.payload); /* The language string */ |
87 | |
1878
d512da7b1198
only show banner when cli_opts.quiet is not set
HansH111 <hans@atbas.org>
parents:
1821
diff
changeset
|
88 if (cli_opts.quiet == 0) { |
d512da7b1198
only show banner when cli_opts.quiet is not set
HansH111 <hans@atbas.org>
parents:
1821
diff
changeset
|
89 if (bannerlen > MAX_BANNER_SIZE) { |
d512da7b1198
only show banner when cli_opts.quiet is not set
HansH111 <hans@atbas.org>
parents:
1821
diff
changeset
|
90 TRACE(("recv_msg_userauth_banner: bannerlen too long: %d", bannerlen)) |
d512da7b1198
only show banner when cli_opts.quiet is not set
HansH111 <hans@atbas.org>
parents:
1821
diff
changeset
|
91 truncated = 1; |
d512da7b1198
only show banner when cli_opts.quiet is not set
HansH111 <hans@atbas.org>
parents:
1821
diff
changeset
|
92 } else { |
d512da7b1198
only show banner when cli_opts.quiet is not set
HansH111 <hans@atbas.org>
parents:
1821
diff
changeset
|
93 cleantext(banner); |
1296
6959c88c8f13
message about truncated banner
Matt Johnston <matt@ucc.asn.au>
parents:
1295
diff
changeset
|
94 |
1878
d512da7b1198
only show banner when cli_opts.quiet is not set
HansH111 <hans@atbas.org>
parents:
1821
diff
changeset
|
95 /* Limit to 24 lines */ |
d512da7b1198
only show banner when cli_opts.quiet is not set
HansH111 <hans@atbas.org>
parents:
1821
diff
changeset
|
96 linecount = 1; |
d512da7b1198
only show banner when cli_opts.quiet is not set
HansH111 <hans@atbas.org>
parents:
1821
diff
changeset
|
97 for (i = 0; i < bannerlen; i++) { |
d512da7b1198
only show banner when cli_opts.quiet is not set
HansH111 <hans@atbas.org>
parents:
1821
diff
changeset
|
98 if (banner[i] == '\n') { |
d512da7b1198
only show banner when cli_opts.quiet is not set
HansH111 <hans@atbas.org>
parents:
1821
diff
changeset
|
99 if (linecount >= MAX_BANNER_LINES) { |
d512da7b1198
only show banner when cli_opts.quiet is not set
HansH111 <hans@atbas.org>
parents:
1821
diff
changeset
|
100 banner[i] = '\0'; |
d512da7b1198
only show banner when cli_opts.quiet is not set
HansH111 <hans@atbas.org>
parents:
1821
diff
changeset
|
101 truncated = 1; |
d512da7b1198
only show banner when cli_opts.quiet is not set
HansH111 <hans@atbas.org>
parents:
1821
diff
changeset
|
102 break; |
d512da7b1198
only show banner when cli_opts.quiet is not set
HansH111 <hans@atbas.org>
parents:
1821
diff
changeset
|
103 } |
d512da7b1198
only show banner when cli_opts.quiet is not set
HansH111 <hans@atbas.org>
parents:
1821
diff
changeset
|
104 linecount++; |
1296
6959c88c8f13
message about truncated banner
Matt Johnston <matt@ucc.asn.au>
parents:
1295
diff
changeset
|
105 } |
6959c88c8f13
message about truncated banner
Matt Johnston <matt@ucc.asn.au>
parents:
1295
diff
changeset
|
106 } |
1878
d512da7b1198
only show banner when cli_opts.quiet is not set
HansH111 <hans@atbas.org>
parents:
1821
diff
changeset
|
107 fprintf(stderr, "%s\n", banner); |
1296
6959c88c8f13
message about truncated banner
Matt Johnston <matt@ucc.asn.au>
parents:
1295
diff
changeset
|
108 } |
1878
d512da7b1198
only show banner when cli_opts.quiet is not set
HansH111 <hans@atbas.org>
parents:
1821
diff
changeset
|
109 |
d512da7b1198
only show banner when cli_opts.quiet is not set
HansH111 <hans@atbas.org>
parents:
1821
diff
changeset
|
110 if (truncated) { |
d512da7b1198
only show banner when cli_opts.quiet is not set
HansH111 <hans@atbas.org>
parents:
1821
diff
changeset
|
111 fprintf(stderr, "[Banner from the server is too long]\n"); |
d512da7b1198
only show banner when cli_opts.quiet is not set
HansH111 <hans@atbas.org>
parents:
1821
diff
changeset
|
112 } |
43 | 113 } |
114 m_free(banner); | |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
114
diff
changeset
|
115 TRACE(("leave recv_msg_userauth_banner")) |
43 | 116 } |
117 | |
249
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
118 /* This handles the message-specific types which |
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
119 * all have a value of 60. These are |
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
120 * SSH_MSG_USERAUTH_PASSWD_CHANGEREQ, |
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
121 * SSH_MSG_USERAUTH_PK_OK, & |
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
122 * SSH_MSG_USERAUTH_INFO_REQUEST. */ |
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
123 void recv_msg_userauth_specific_60() { |
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
124 |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1249
diff
changeset
|
125 #if DROPBEAR_CLI_PUBKEY_AUTH |
249
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
126 if (cli_ses.lastauthtype == AUTH_TYPE_PUBKEY) { |
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
127 recv_msg_userauth_pk_ok(); |
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
128 return; |
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
129 } |
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
130 #endif |
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
131 |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1249
diff
changeset
|
132 #if DROPBEAR_CLI_INTERACT_AUTH |
249
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
133 if (cli_ses.lastauthtype == AUTH_TYPE_INTERACT) { |
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
134 recv_msg_userauth_info_request(); |
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
135 return; |
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
136 } |
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
137 #endif |
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
138 |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1249
diff
changeset
|
139 #if DROPBEAR_CLI_PASSWORD_AUTH |
249
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
140 if (cli_ses.lastauthtype == AUTH_TYPE_PASSWORD) { |
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
141 /* Eventually there could be proper password-changing |
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
142 * support. However currently few servers seem to |
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
143 * implement it, and password auth is last-resort |
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
144 * regardless - keyboard-interactive is more likely |
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
145 * to be used anyway. */ |
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
146 dropbear_close("Your password has expired."); |
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
147 } |
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
148 #endif |
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
149 |
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
150 dropbear_exit("Unexpected userauth packet"); |
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
151 } |
43 | 152 |
33 | 153 void recv_msg_userauth_failure() { |
154 | |
1115
efb7e545a65e
Turn banner, methods and tok local variable into char *
Gaël PORTAY <gael.portay@gmail.com>
parents:
1094
diff
changeset
|
155 char * methods = NULL; |
efb7e545a65e
Turn banner, methods and tok local variable into char *
Gaël PORTAY <gael.portay@gmail.com>
parents:
1094
diff
changeset
|
156 char * tok = NULL; |
33 | 157 unsigned int methlen = 0; |
158 unsigned int partial = 0; | |
159 unsigned int i = 0; | |
160 | |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
114
diff
changeset
|
161 TRACE(("<- MSG_USERAUTH_FAILURE")) |
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
114
diff
changeset
|
162 TRACE(("enter recv_msg_userauth_failure")) |
33 | 163 |
883
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
164 if (ses.authstate.authdone) { |
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
165 TRACE(("leave recv_msg_userauth_failure, already authdone.")) |
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
166 return; |
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
167 } |
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
168 |
45
9ee8996a375f
Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
43
diff
changeset
|
169 if (cli_ses.state != USERAUTH_REQ_SENT) { |
9ee8996a375f
Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
43
diff
changeset
|
170 /* Perhaps we should be more fatal? */ |
249
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
171 dropbear_exit("Unexpected userauth failure"); |
45
9ee8996a375f
Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
43
diff
changeset
|
172 } |
9ee8996a375f
Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
43
diff
changeset
|
173 |
883
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
174 /* When DROPBEAR_CLI_IMMEDIATE_AUTH is set there will be an initial response for |
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
175 the "none" auth request, and then a response to the immediate auth request. |
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
176 We need to be careful handling them. */ |
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
177 if (cli_ses.ignore_next_auth_response) { |
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
178 cli_ses.state = USERAUTH_REQ_SENT; |
931
ac340d3e452e
Fix pubkey auth if the first key presented fails (infinite loop of
Matt Johnston <matt@ucc.asn.au>
parents:
894
diff
changeset
|
179 cli_ses.ignore_next_auth_response = 0; |
ac340d3e452e
Fix pubkey auth if the first key presented fails (infinite loop of
Matt Johnston <matt@ucc.asn.au>
parents:
894
diff
changeset
|
180 TRACE(("leave recv_msg_userauth_failure, ignored response, state set to USERAUTH_REQ_SENT")); |
ac340d3e452e
Fix pubkey auth if the first key presented fails (infinite loop of
Matt Johnston <matt@ucc.asn.au>
parents:
894
diff
changeset
|
181 return; |
883
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
182 } else { |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1249
diff
changeset
|
183 #if DROPBEAR_CLI_PUBKEY_AUTH |
883
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
184 /* If it was a pubkey auth request, we should cross that key |
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
185 * off the list. */ |
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
186 if (cli_ses.lastauthtype == AUTH_TYPE_PUBKEY) { |
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
187 cli_pubkeyfail(); |
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
188 } |
45
9ee8996a375f
Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
43
diff
changeset
|
189 #endif |
9ee8996a375f
Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
43
diff
changeset
|
190 |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1249
diff
changeset
|
191 #if DROPBEAR_CLI_INTERACT_AUTH |
883
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
192 /* If we get a failure message for keyboard interactive without |
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
193 * receiving any request info packet, then we don't bother trying |
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
194 * keyboard interactive again */ |
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
195 if (cli_ses.lastauthtype == AUTH_TYPE_INTERACT |
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
196 && !cli_ses.interact_request_received) { |
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
197 TRACE(("setting auth_interact_failed = 1")) |
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
198 cli_ses.auth_interact_failed = 1; |
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
199 } |
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
200 #endif |
931
ac340d3e452e
Fix pubkey auth if the first key presented fails (infinite loop of
Matt Johnston <matt@ucc.asn.au>
parents:
894
diff
changeset
|
201 cli_ses.state = USERAUTH_FAIL_RCVD; |
ac340d3e452e
Fix pubkey auth if the first key presented fails (infinite loop of
Matt Johnston <matt@ucc.asn.au>
parents:
894
diff
changeset
|
202 cli_ses.lastauthtype = AUTH_TYPE_NONE; |
249
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
203 } |
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
204 |
1122
aaf576b27a10
Merge pull request #13 from gazoo74/fix-warnings
Matt Johnston <matt@ucc.asn.au>
parents:
1115
diff
changeset
|
205 methods = buf_getstring(ses.payload, &methlen); |
33 | 206 |
179
161557a9dde8
* fix longstanding bug with connections being closed on failure to
Matt Johnston <matt@ucc.asn.au>
parents:
165
diff
changeset
|
207 partial = buf_getbool(ses.payload); |
33 | 208 |
209 if (partial) { | |
210 dropbear_log(LOG_INFO, "Authentication partially succeeded, more attempts required"); | |
211 } else { | |
212 ses.authstate.failcount++; | |
213 } | |
214 | |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
114
diff
changeset
|
215 TRACE(("Methods (len %d): '%s'", methlen, methods)) |
33 | 216 |
217 ses.authstate.authdone=0; | |
218 ses.authstate.authtypes=0; | |
219 | |
220 /* Split with nulls rather than commas */ | |
221 for (i = 0; i < methlen; i++) { | |
222 if (methods[i] == ',') { | |
223 methods[i] = '\0'; | |
224 } | |
225 } | |
226 | |
227 tok = methods; /* tok stores the next method we'll compare */ | |
228 for (i = 0; i <= methlen; i++) { | |
229 if (methods[i] == '\0') { | |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
114
diff
changeset
|
230 TRACE(("auth method '%s'", tok)) |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1249
diff
changeset
|
231 #if DROPBEAR_CLI_PUBKEY_AUTH |
33 | 232 if (strncmp(AUTH_METHOD_PUBKEY, tok, |
233 AUTH_METHOD_PUBKEY_LEN) == 0) { | |
234 ses.authstate.authtypes |= AUTH_TYPE_PUBKEY; | |
235 } | |
236 #endif | |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1249
diff
changeset
|
237 #if DROPBEAR_CLI_INTERACT_AUTH |
249
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
238 if (strncmp(AUTH_METHOD_INTERACT, tok, |
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
239 AUTH_METHOD_INTERACT_LEN) == 0) { |
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
240 ses.authstate.authtypes |= AUTH_TYPE_INTERACT; |
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
241 } |
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
242 #endif |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1249
diff
changeset
|
243 #if DROPBEAR_CLI_PASSWORD_AUTH |
33 | 244 if (strncmp(AUTH_METHOD_PASSWORD, tok, |
245 AUTH_METHOD_PASSWORD_LEN) == 0) { | |
246 ses.authstate.authtypes |= AUTH_TYPE_PASSWORD; | |
247 } | |
248 #endif | |
34
e2a1eaa19f22
Client mostly works up to password auth
Matt Johnston <matt@ucc.asn.au>
parents:
33
diff
changeset
|
249 tok = &methods[i+1]; /* Must make sure we don't use it after the |
e2a1eaa19f22
Client mostly works up to password auth
Matt Johnston <matt@ucc.asn.au>
parents:
33
diff
changeset
|
250 last loop, since it'll point to something |
e2a1eaa19f22
Client mostly works up to password auth
Matt Johnston <matt@ucc.asn.au>
parents:
33
diff
changeset
|
251 undefined */ |
33 | 252 } |
253 } | |
254 | |
114
2be6aa26a8c9
Leak found with MallocDebug - it's kinda useful
Matt Johnston <matt@ucc.asn.au>
parents:
74
diff
changeset
|
255 m_free(methods); |
33 | 256 |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
114
diff
changeset
|
257 TRACE(("leave recv_msg_userauth_failure")) |
33 | 258 } |
259 | |
260 void recv_msg_userauth_success() { | |
883
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
261 /* This function can validly get called multiple times |
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
262 if DROPBEAR_CLI_IMMEDIATE_AUTH is set */ |
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
263 |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
114
diff
changeset
|
264 TRACE(("received msg_userauth_success")) |
1821
df8d8ec1801c
added option to disable trivial auth methods (#128)
Manfred Kaiser <37737811+manfred-kaiser@users.noreply.github.com>
parents:
1781
diff
changeset
|
265 if (cli_opts.disable_trivial_auth && cli_ses.is_trivial_auth) { |
df8d8ec1801c
added option to disable trivial auth methods (#128)
Manfred Kaiser <37737811+manfred-kaiser@users.noreply.github.com>
parents:
1781
diff
changeset
|
266 dropbear_exit("trivial authentication not allowed"); |
df8d8ec1801c
added option to disable trivial auth methods (#128)
Manfred Kaiser <37737811+manfred-kaiser@users.noreply.github.com>
parents:
1781
diff
changeset
|
267 } |
501
d58c478bd399
Add support for [email protected] delayed compression.
Matt Johnston <matt@ucc.asn.au>
parents:
441
diff
changeset
|
268 /* Note: in delayed-zlib mode, setting authdone here |
d58c478bd399
Add support for [email protected] delayed compression.
Matt Johnston <matt@ucc.asn.au>
parents:
441
diff
changeset
|
269 * will enable compression in the transport layer */ |
33 | 270 ses.authstate.authdone = 1; |
37 | 271 cli_ses.state = USERAUTH_SUCCESS_RCVD; |
249
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
272 cli_ses.lastauthtype = AUTH_TYPE_NONE; |
552
de3653483ac0
- Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents:
545
diff
changeset
|
273 |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1249
diff
changeset
|
274 #if DROPBEAR_CLI_PUBKEY_AUTH |
552
de3653483ac0
- Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents:
545
diff
changeset
|
275 cli_auth_pubkey_cleanup(); |
de3653483ac0
- Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents:
545
diff
changeset
|
276 #endif |
33 | 277 } |
278 | |
734
619b1ed837fd
Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE
Matt Johnston <matt@ucc.asn.au>
parents:
732
diff
changeset
|
279 int cli_auth_try() { |
33 | 280 |
300
baea1d43e7eb
Some cleanups/fixes for various TRACE statements
Matt Johnston <matt@ucc.asn.au>
parents:
268
diff
changeset
|
281 int finished = 0; |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
114
diff
changeset
|
282 TRACE(("enter cli_auth_try")) |
33 | 283 |
284 CHECKCLEARTOWRITE(); | |
285 | |
249
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
286 /* Order to try is pubkey, interactive, password. |
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
287 * As soon as "finished" is set for one, we don't do any more. */ |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1249
diff
changeset
|
288 #if DROPBEAR_CLI_PUBKEY_AUTH |
33 | 289 if (ses.authstate.authtypes & AUTH_TYPE_PUBKEY) { |
290 finished = cli_auth_pubkey(); | |
45
9ee8996a375f
Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
43
diff
changeset
|
291 cli_ses.lastauthtype = AUTH_TYPE_PUBKEY; |
33 | 292 } |
293 #endif | |
294 | |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1249
diff
changeset
|
295 #if DROPBEAR_CLI_PASSWORD_AUTH |
734
619b1ed837fd
Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE
Matt Johnston <matt@ucc.asn.au>
parents:
732
diff
changeset
|
296 if (!finished && (ses.authstate.authtypes & AUTH_TYPE_PASSWORD)) { |
619b1ed837fd
Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE
Matt Johnston <matt@ucc.asn.au>
parents:
732
diff
changeset
|
297 if (ses.keys->trans.algo_crypt->cipherdesc == NULL) { |
619b1ed837fd
Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE
Matt Johnston <matt@ucc.asn.au>
parents:
732
diff
changeset
|
298 fprintf(stderr, "Sorry, I won't let you use password auth unencrypted.\n"); |
619b1ed837fd
Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE
Matt Johnston <matt@ucc.asn.au>
parents:
732
diff
changeset
|
299 } else { |
619b1ed837fd
Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE
Matt Johnston <matt@ucc.asn.au>
parents:
732
diff
changeset
|
300 cli_auth_password(); |
619b1ed837fd
Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE
Matt Johnston <matt@ucc.asn.au>
parents:
732
diff
changeset
|
301 finished = 1; |
619b1ed837fd
Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE
Matt Johnston <matt@ucc.asn.au>
parents:
732
diff
changeset
|
302 cli_ses.lastauthtype = AUTH_TYPE_PASSWORD; |
619b1ed837fd
Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE
Matt Johnston <matt@ucc.asn.au>
parents:
732
diff
changeset
|
303 } |
732
2e5f2bc60e40
Try password before interactive - bit of a hack
Matt Johnston <matt@ucc.asn.au>
parents:
730
diff
changeset
|
304 } |
2e5f2bc60e40
Try password before interactive - bit of a hack
Matt Johnston <matt@ucc.asn.au>
parents:
730
diff
changeset
|
305 #endif |
2e5f2bc60e40
Try password before interactive - bit of a hack
Matt Johnston <matt@ucc.asn.au>
parents:
730
diff
changeset
|
306 |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1249
diff
changeset
|
307 #if DROPBEAR_CLI_INTERACT_AUTH |
734
619b1ed837fd
Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE
Matt Johnston <matt@ucc.asn.au>
parents:
732
diff
changeset
|
308 if (!finished && (ses.authstate.authtypes & AUTH_TYPE_INTERACT)) { |
619b1ed837fd
Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE
Matt Johnston <matt@ucc.asn.au>
parents:
732
diff
changeset
|
309 if (ses.keys->trans.algo_crypt->cipherdesc == NULL) { |
619b1ed837fd
Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE
Matt Johnston <matt@ucc.asn.au>
parents:
732
diff
changeset
|
310 fprintf(stderr, "Sorry, I won't let you use interactive auth unencrypted.\n"); |
249
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
311 } else { |
734
619b1ed837fd
Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE
Matt Johnston <matt@ucc.asn.au>
parents:
732
diff
changeset
|
312 if (!cli_ses.auth_interact_failed) { |
619b1ed837fd
Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE
Matt Johnston <matt@ucc.asn.au>
parents:
732
diff
changeset
|
313 cli_auth_interactive(); |
619b1ed837fd
Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE
Matt Johnston <matt@ucc.asn.au>
parents:
732
diff
changeset
|
314 cli_ses.lastauthtype = AUTH_TYPE_INTERACT; |
619b1ed837fd
Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE
Matt Johnston <matt@ucc.asn.au>
parents:
732
diff
changeset
|
315 finished = 1; |
619b1ed837fd
Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE
Matt Johnston <matt@ucc.asn.au>
parents:
732
diff
changeset
|
316 } |
249
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
317 } |
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
318 } |
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
319 #endif |
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
320 |
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
321 TRACE(("cli_auth_try lastauthtype %d", cli_ses.lastauthtype)) |
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
322 |
734
619b1ed837fd
Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE
Matt Johnston <matt@ucc.asn.au>
parents:
732
diff
changeset
|
323 if (finished) { |
619b1ed837fd
Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE
Matt Johnston <matt@ucc.asn.au>
parents:
732
diff
changeset
|
324 TRACE(("leave cli_auth_try success")) |
619b1ed837fd
Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE
Matt Johnston <matt@ucc.asn.au>
parents:
732
diff
changeset
|
325 return DROPBEAR_SUCCESS; |
33 | 326 } |
734
619b1ed837fd
Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE
Matt Johnston <matt@ucc.asn.au>
parents:
732
diff
changeset
|
327 TRACE(("leave cli_auth_try failure")) |
619b1ed837fd
Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE
Matt Johnston <matt@ucc.asn.au>
parents:
732
diff
changeset
|
328 return DROPBEAR_FAILURE; |
33 | 329 } |
268
475a818dd6e7
Cancel a dbclient password prompt if the user presses ctrl-c.
Matt Johnston <matt@ucc.asn.au>
parents:
249
diff
changeset
|
330 |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1249
diff
changeset
|
331 #if DROPBEAR_CLI_PASSWORD_AUTH || DROPBEAR_CLI_INTERACT_AUTH |
268
475a818dd6e7
Cancel a dbclient password prompt if the user presses ctrl-c.
Matt Johnston <matt@ucc.asn.au>
parents:
249
diff
changeset
|
332 /* A helper for getpass() that exits if the user cancels. The returned |
475a818dd6e7
Cancel a dbclient password prompt if the user presses ctrl-c.
Matt Johnston <matt@ucc.asn.au>
parents:
249
diff
changeset
|
333 * password is statically allocated by getpass() */ |
1459
06d52bcb8094
Pointer parameter could be declared as pointing to const
Francois Perrad <francois.perrad@gadz.org>
parents:
1296
diff
changeset
|
334 char* getpass_or_cancel(const char* prompt) |
268
475a818dd6e7
Cancel a dbclient password prompt if the user presses ctrl-c.
Matt Johnston <matt@ucc.asn.au>
parents:
249
diff
changeset
|
335 { |
475a818dd6e7
Cancel a dbclient password prompt if the user presses ctrl-c.
Matt Johnston <matt@ucc.asn.au>
parents:
249
diff
changeset
|
336 char* password = NULL; |
441
fdf06a5a54e4
Allow reading dbclient password from an environment var
Matt Johnston <matt@ucc.asn.au>
parents:
334
diff
changeset
|
337 |
1514
6c16a05023aa
rename some options and move some to sysoptions.h
Matt Johnston <matt@ucc.asn.au>
parents:
1499
diff
changeset
|
338 #if DROPBEAR_USE_PASSWORD_ENV |
1249
c6346c63281b
refactor indentation with hard tab
Francois Perrad <francois.perrad@gadz.org>
parents:
1156
diff
changeset
|
339 /* Password provided in an environment var */ |
c6346c63281b
refactor indentation with hard tab
Francois Perrad <francois.perrad@gadz.org>
parents:
1156
diff
changeset
|
340 password = getenv(DROPBEAR_PASSWORD_ENV); |
c6346c63281b
refactor indentation with hard tab
Francois Perrad <francois.perrad@gadz.org>
parents:
1156
diff
changeset
|
341 if (password) |
c6346c63281b
refactor indentation with hard tab
Francois Perrad <francois.perrad@gadz.org>
parents:
1156
diff
changeset
|
342 { |
c6346c63281b
refactor indentation with hard tab
Francois Perrad <francois.perrad@gadz.org>
parents:
1156
diff
changeset
|
343 return password; |
c6346c63281b
refactor indentation with hard tab
Francois Perrad <francois.perrad@gadz.org>
parents:
1156
diff
changeset
|
344 } |
441
fdf06a5a54e4
Allow reading dbclient password from an environment var
Matt Johnston <matt@ucc.asn.au>
parents:
334
diff
changeset
|
345 #endif |
268
475a818dd6e7
Cancel a dbclient password prompt if the user presses ctrl-c.
Matt Johnston <matt@ucc.asn.au>
parents:
249
diff
changeset
|
346 |
334
8f3ec7c104d9
Make the dbclient password prompt more useful
Matt Johnston <matt@ucc.asn.au>
parents:
300
diff
changeset
|
347 password = getpass(prompt); |
268
475a818dd6e7
Cancel a dbclient password prompt if the user presses ctrl-c.
Matt Johnston <matt@ucc.asn.au>
parents:
249
diff
changeset
|
348 |
475a818dd6e7
Cancel a dbclient password prompt if the user presses ctrl-c.
Matt Johnston <matt@ucc.asn.au>
parents:
249
diff
changeset
|
349 /* 0x03 is a ctrl-c character in the buffer. */ |
475a818dd6e7
Cancel a dbclient password prompt if the user presses ctrl-c.
Matt Johnston <matt@ucc.asn.au>
parents:
249
diff
changeset
|
350 if (password == NULL || strchr(password, '\3') != NULL) { |
475a818dd6e7
Cancel a dbclient password prompt if the user presses ctrl-c.
Matt Johnston <matt@ucc.asn.au>
parents:
249
diff
changeset
|
351 dropbear_close("Interrupted."); |
475a818dd6e7
Cancel a dbclient password prompt if the user presses ctrl-c.
Matt Johnston <matt@ucc.asn.au>
parents:
249
diff
changeset
|
352 } |
475a818dd6e7
Cancel a dbclient password prompt if the user presses ctrl-c.
Matt Johnston <matt@ucc.asn.au>
parents:
249
diff
changeset
|
353 return password; |
475a818dd6e7
Cancel a dbclient password prompt if the user presses ctrl-c.
Matt Johnston <matt@ucc.asn.au>
parents:
249
diff
changeset
|
354 } |
1156
a8f4dade70e5
avoid getpass when not used
Mike Frysinger <vapier@gentoo.org>
parents:
1122
diff
changeset
|
355 #endif |