annotate cli-auth.c @ 1042:9699b9438ad9

Revert accidental commented out signal handlers
author Matt Johnston <matt@ucc.asn.au>
date Tue, 24 Feb 2015 22:23:32 +0800
parents ac340d3e452e
children c45d65392c1a
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
74
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
1 /*
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
2 * Dropbear SSH
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
3 *
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
4 * Copyright (c) 2002,2003 Matt Johnston
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
5 * Copyright (c) 2004 by Mihnea Stoenescu
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
6 * All rights reserved.
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
7 *
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
8 * Permission is hereby granted, free of charge, to any person obtaining a copy
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
9 * of this software and associated documentation files (the "Software"), to deal
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
10 * in the Software without restriction, including without limitation the rights
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
12 * copies of the Software, and to permit persons to whom the Software is
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
13 * furnished to do so, subject to the following conditions:
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
14 *
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
15 * The above copyright notice and this permission notice shall be included in
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
16 * all copies or substantial portions of the Software.
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
17 *
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
21 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
24 * SOFTWARE. */
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
25
33
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
26 #include "includes.h"
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
27 #include "session.h"
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
28 #include "auth.h"
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
29 #include "dbutil.h"
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
30 #include "buffer.h"
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
31 #include "ssh.h"
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
32 #include "packet.h"
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
33 #include "runopts.h"
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
34
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
35 void cli_authinitialise() {
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
36
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
37 memset(&ses.authstate, 0, sizeof(ses.authstate));
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
38 }
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
39
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
40
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
41 /* Send a "none" auth request to get available methods */
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
42 void cli_auth_getmethods() {
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 114
diff changeset
43 TRACE(("enter cli_auth_getmethods"))
33
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
44 CHECKCLEARTOWRITE();
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
45 buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_REQUEST);
35
0ad5fb979f42 set the isserver flag (oops)
Matt Johnston <matt@ucc.asn.au>
parents: 34
diff changeset
46 buf_putstring(ses.writepayload, cli_opts.username,
0ad5fb979f42 set the isserver flag (oops)
Matt Johnston <matt@ucc.asn.au>
parents: 34
diff changeset
47 strlen(cli_opts.username));
33
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
48 buf_putstring(ses.writepayload, SSH_SERVICE_CONNECTION,
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
49 SSH_SERVICE_CONNECTION_LEN);
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
50 buf_putstring(ses.writepayload, "none", 4); /* 'none' method */
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
51
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
52 encrypt_packet();
883
ff597bf2cfb0 DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents: 734
diff changeset
53
ff597bf2cfb0 DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents: 734
diff changeset
54 #ifdef DROPBEAR_CLI_IMMEDIATE_AUTH
894
7032deca6b90 Disable immediate auth for delayed-zlib mode
Matt Johnston <matt@ucc.asn.au>
parents: 883
diff changeset
55 /* We can't haven't two auth requests in-flight with delayed zlib mode
7032deca6b90 Disable immediate auth for delayed-zlib mode
Matt Johnston <matt@ucc.asn.au>
parents: 883
diff changeset
56 since if the first one succeeds then the remote side will
7032deca6b90 Disable immediate auth for delayed-zlib mode
Matt Johnston <matt@ucc.asn.au>
parents: 883
diff changeset
57 expect the second one to be compressed.
7032deca6b90 Disable immediate auth for delayed-zlib mode
Matt Johnston <matt@ucc.asn.au>
parents: 883
diff changeset
58 Race described at
7032deca6b90 Disable immediate auth for delayed-zlib mode
Matt Johnston <matt@ucc.asn.au>
parents: 883
diff changeset
59 http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/zlib-openssh.html
7032deca6b90 Disable immediate auth for delayed-zlib mode
Matt Johnston <matt@ucc.asn.au>
parents: 883
diff changeset
60 */
7032deca6b90 Disable immediate auth for delayed-zlib mode
Matt Johnston <matt@ucc.asn.au>
parents: 883
diff changeset
61 if (ses.keys->trans.algo_comp != DROPBEAR_COMP_ZLIB_DELAY) {
7032deca6b90 Disable immediate auth for delayed-zlib mode
Matt Johnston <matt@ucc.asn.au>
parents: 883
diff changeset
62 ses.authstate.authtypes = AUTH_TYPE_PUBKEY;
7032deca6b90 Disable immediate auth for delayed-zlib mode
Matt Johnston <matt@ucc.asn.au>
parents: 883
diff changeset
63 if (getenv(DROPBEAR_PASSWORD_ENV)) {
7032deca6b90 Disable immediate auth for delayed-zlib mode
Matt Johnston <matt@ucc.asn.au>
parents: 883
diff changeset
64 ses.authstate.authtypes |= AUTH_TYPE_PASSWORD | AUTH_TYPE_INTERACT;
7032deca6b90 Disable immediate auth for delayed-zlib mode
Matt Johnston <matt@ucc.asn.au>
parents: 883
diff changeset
65 }
7032deca6b90 Disable immediate auth for delayed-zlib mode
Matt Johnston <matt@ucc.asn.au>
parents: 883
diff changeset
66 if (cli_auth_try() == DROPBEAR_SUCCESS) {
7032deca6b90 Disable immediate auth for delayed-zlib mode
Matt Johnston <matt@ucc.asn.au>
parents: 883
diff changeset
67 TRACE(("skipped initial none auth query"))
7032deca6b90 Disable immediate auth for delayed-zlib mode
Matt Johnston <matt@ucc.asn.au>
parents: 883
diff changeset
68 /* Note that there will be two auth responses in-flight */
7032deca6b90 Disable immediate auth for delayed-zlib mode
Matt Johnston <matt@ucc.asn.au>
parents: 883
diff changeset
69 cli_ses.ignore_next_auth_response = 1;
7032deca6b90 Disable immediate auth for delayed-zlib mode
Matt Johnston <matt@ucc.asn.au>
parents: 883
diff changeset
70 }
883
ff597bf2cfb0 DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents: 734
diff changeset
71 }
ff597bf2cfb0 DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents: 734
diff changeset
72 #endif
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 114
diff changeset
73 TRACE(("leave cli_auth_getmethods"))
33
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
74 }
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
75
43
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
76 void recv_msg_userauth_banner() {
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
77
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
78 unsigned char* banner = NULL;
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
79 unsigned int bannerlen;
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
80 unsigned int i, linecount;
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
81
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 114
diff changeset
82 TRACE(("enter recv_msg_userauth_banner"))
43
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
83 if (ses.authstate.authdone) {
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 114
diff changeset
84 TRACE(("leave recv_msg_userauth_banner: banner after auth done"))
43
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
85 return;
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
86 }
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
87
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
88 banner = buf_getstring(ses.payload, &bannerlen);
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
89 buf_eatstring(ses.payload); /* The language string */
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
90
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
91 if (bannerlen > MAX_BANNER_SIZE) {
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 114
diff changeset
92 TRACE(("recv_msg_userauth_banner: bannerlen too long: %d", bannerlen))
43
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
93 goto out;
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
94 }
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
95
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
96 cleantext(banner);
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
97
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
98 /* Limit to 25 lines */
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
99 linecount = 1;
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
100 for (i = 0; i < bannerlen; i++) {
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
101 if (banner[i] == '\n') {
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
102 if (linecount >= MAX_BANNER_LINES) {
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
103 banner[i] = '\0';
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
104 break;
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
105 }
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
106 linecount++;
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
107 }
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
108 }
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
109
545
00e619aa2f9a - Print banner to stderr. Probably the right way, and avoids
Matt Johnston <matt@ucc.asn.au>
parents: 501
diff changeset
110 fprintf(stderr, "%s\n", banner);
43
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
111
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
112 out:
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
113 m_free(banner);
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 114
diff changeset
114 TRACE(("leave recv_msg_userauth_banner"))
43
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
115 }
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
116
249
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
117 /* This handles the message-specific types which
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
118 * all have a value of 60. These are
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
119 * SSH_MSG_USERAUTH_PASSWD_CHANGEREQ,
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
120 * SSH_MSG_USERAUTH_PK_OK, &
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
121 * SSH_MSG_USERAUTH_INFO_REQUEST. */
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
122 void recv_msg_userauth_specific_60() {
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
123
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
124 #ifdef ENABLE_CLI_PUBKEY_AUTH
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
125 if (cli_ses.lastauthtype == AUTH_TYPE_PUBKEY) {
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
126 recv_msg_userauth_pk_ok();
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
127 return;
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
128 }
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
129 #endif
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
130
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
131 #ifdef ENABLE_CLI_INTERACT_AUTH
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
132 if (cli_ses.lastauthtype == AUTH_TYPE_INTERACT) {
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
133 recv_msg_userauth_info_request();
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
134 return;
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
135 }
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
136 #endif
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
137
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
138 #ifdef ENABLE_CLI_PASSWORD_AUTH
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
139 if (cli_ses.lastauthtype == AUTH_TYPE_PASSWORD) {
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
140 /* Eventually there could be proper password-changing
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
141 * support. However currently few servers seem to
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
142 * implement it, and password auth is last-resort
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
143 * regardless - keyboard-interactive is more likely
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
144 * to be used anyway. */
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
145 dropbear_close("Your password has expired.");
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
146 }
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
147 #endif
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
148
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
149 dropbear_exit("Unexpected userauth packet");
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
150 }
43
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
151
33
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
152 void recv_msg_userauth_failure() {
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
153
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
154 unsigned char * methods = NULL;
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
155 unsigned char * tok = NULL;
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
156 unsigned int methlen = 0;
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
157 unsigned int partial = 0;
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
158 unsigned int i = 0;
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
159
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 114
diff changeset
160 TRACE(("<- MSG_USERAUTH_FAILURE"))
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 114
diff changeset
161 TRACE(("enter recv_msg_userauth_failure"))
33
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
162
883
ff597bf2cfb0 DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents: 734
diff changeset
163 if (ses.authstate.authdone) {
ff597bf2cfb0 DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents: 734
diff changeset
164 TRACE(("leave recv_msg_userauth_failure, already authdone."))
ff597bf2cfb0 DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents: 734
diff changeset
165 return;
ff597bf2cfb0 DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents: 734
diff changeset
166 }
ff597bf2cfb0 DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents: 734
diff changeset
167
45
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents: 43
diff changeset
168 if (cli_ses.state != USERAUTH_REQ_SENT) {
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents: 43
diff changeset
169 /* Perhaps we should be more fatal? */
249
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
170 dropbear_exit("Unexpected userauth failure");
45
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents: 43
diff changeset
171 }
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents: 43
diff changeset
172
883
ff597bf2cfb0 DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents: 734
diff changeset
173 /* When DROPBEAR_CLI_IMMEDIATE_AUTH is set there will be an initial response for
ff597bf2cfb0 DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents: 734
diff changeset
174 the "none" auth request, and then a response to the immediate auth request.
ff597bf2cfb0 DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents: 734
diff changeset
175 We need to be careful handling them. */
ff597bf2cfb0 DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents: 734
diff changeset
176 if (cli_ses.ignore_next_auth_response) {
ff597bf2cfb0 DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents: 734
diff changeset
177 cli_ses.state = USERAUTH_REQ_SENT;
931
ac340d3e452e Fix pubkey auth if the first key presented fails (infinite loop of
Matt Johnston <matt@ucc.asn.au>
parents: 894
diff changeset
178 cli_ses.ignore_next_auth_response = 0;
ac340d3e452e Fix pubkey auth if the first key presented fails (infinite loop of
Matt Johnston <matt@ucc.asn.au>
parents: 894
diff changeset
179 TRACE(("leave recv_msg_userauth_failure, ignored response, state set to USERAUTH_REQ_SENT"));
ac340d3e452e Fix pubkey auth if the first key presented fails (infinite loop of
Matt Johnston <matt@ucc.asn.au>
parents: 894
diff changeset
180 return;
883
ff597bf2cfb0 DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents: 734
diff changeset
181 } else {
68
eee77ac31ccc cleaning up the pubkey defines
Matt Johnston <matt@ucc.asn.au>
parents: 45
diff changeset
182 #ifdef ENABLE_CLI_PUBKEY_AUTH
883
ff597bf2cfb0 DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents: 734
diff changeset
183 /* If it was a pubkey auth request, we should cross that key
ff597bf2cfb0 DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents: 734
diff changeset
184 * off the list. */
ff597bf2cfb0 DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents: 734
diff changeset
185 if (cli_ses.lastauthtype == AUTH_TYPE_PUBKEY) {
ff597bf2cfb0 DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents: 734
diff changeset
186 cli_pubkeyfail();
ff597bf2cfb0 DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents: 734
diff changeset
187 }
45
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents: 43
diff changeset
188 #endif
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents: 43
diff changeset
189
249
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
190 #ifdef ENABLE_CLI_INTERACT_AUTH
883
ff597bf2cfb0 DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents: 734
diff changeset
191 /* If we get a failure message for keyboard interactive without
ff597bf2cfb0 DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents: 734
diff changeset
192 * receiving any request info packet, then we don't bother trying
ff597bf2cfb0 DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents: 734
diff changeset
193 * keyboard interactive again */
ff597bf2cfb0 DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents: 734
diff changeset
194 if (cli_ses.lastauthtype == AUTH_TYPE_INTERACT
ff597bf2cfb0 DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents: 734
diff changeset
195 && !cli_ses.interact_request_received) {
ff597bf2cfb0 DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents: 734
diff changeset
196 TRACE(("setting auth_interact_failed = 1"))
ff597bf2cfb0 DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents: 734
diff changeset
197 cli_ses.auth_interact_failed = 1;
ff597bf2cfb0 DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents: 734
diff changeset
198 }
ff597bf2cfb0 DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents: 734
diff changeset
199 #endif
931
ac340d3e452e Fix pubkey auth if the first key presented fails (infinite loop of
Matt Johnston <matt@ucc.asn.au>
parents: 894
diff changeset
200 cli_ses.state = USERAUTH_FAIL_RCVD;
ac340d3e452e Fix pubkey auth if the first key presented fails (infinite loop of
Matt Johnston <matt@ucc.asn.au>
parents: 894
diff changeset
201 cli_ses.lastauthtype = AUTH_TYPE_NONE;
249
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
202 }
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
203
33
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
204 methods = buf_getstring(ses.payload, &methlen);
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
205
179
161557a9dde8 * fix longstanding bug with connections being closed on failure to
Matt Johnston <matt@ucc.asn.au>
parents: 165
diff changeset
206 partial = buf_getbool(ses.payload);
33
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
207
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
208 if (partial) {
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
209 dropbear_log(LOG_INFO, "Authentication partially succeeded, more attempts required");
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
210 } else {
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
211 ses.authstate.failcount++;
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
212 }
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
213
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 114
diff changeset
214 TRACE(("Methods (len %d): '%s'", methlen, methods))
33
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
215
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
216 ses.authstate.authdone=0;
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
217 ses.authstate.authtypes=0;
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
218
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
219 /* Split with nulls rather than commas */
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
220 for (i = 0; i < methlen; i++) {
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
221 if (methods[i] == ',') {
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
222 methods[i] = '\0';
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
223 }
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
224 }
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
225
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
226 tok = methods; /* tok stores the next method we'll compare */
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
227 for (i = 0; i <= methlen; i++) {
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
228 if (methods[i] == '\0') {
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 114
diff changeset
229 TRACE(("auth method '%s'", tok))
68
eee77ac31ccc cleaning up the pubkey defines
Matt Johnston <matt@ucc.asn.au>
parents: 45
diff changeset
230 #ifdef ENABLE_CLI_PUBKEY_AUTH
33
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
231 if (strncmp(AUTH_METHOD_PUBKEY, tok,
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
232 AUTH_METHOD_PUBKEY_LEN) == 0) {
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
233 ses.authstate.authtypes |= AUTH_TYPE_PUBKEY;
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
234 }
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
235 #endif
249
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
236 #ifdef ENABLE_CLI_INTERACT_AUTH
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
237 if (strncmp(AUTH_METHOD_INTERACT, tok,
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
238 AUTH_METHOD_INTERACT_LEN) == 0) {
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
239 ses.authstate.authtypes |= AUTH_TYPE_INTERACT;
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
240 }
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
241 #endif
68
eee77ac31ccc cleaning up the pubkey defines
Matt Johnston <matt@ucc.asn.au>
parents: 45
diff changeset
242 #ifdef ENABLE_CLI_PASSWORD_AUTH
33
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
243 if (strncmp(AUTH_METHOD_PASSWORD, tok,
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
244 AUTH_METHOD_PASSWORD_LEN) == 0) {
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
245 ses.authstate.authtypes |= AUTH_TYPE_PASSWORD;
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
246 }
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
247 #endif
34
e2a1eaa19f22 Client mostly works up to password auth
Matt Johnston <matt@ucc.asn.au>
parents: 33
diff changeset
248 tok = &methods[i+1]; /* Must make sure we don't use it after the
e2a1eaa19f22 Client mostly works up to password auth
Matt Johnston <matt@ucc.asn.au>
parents: 33
diff changeset
249 last loop, since it'll point to something
e2a1eaa19f22 Client mostly works up to password auth
Matt Johnston <matt@ucc.asn.au>
parents: 33
diff changeset
250 undefined */
33
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
251 }
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
252 }
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
253
114
2be6aa26a8c9 Leak found with MallocDebug - it's kinda useful
Matt Johnston <matt@ucc.asn.au>
parents: 74
diff changeset
254 m_free(methods);
33
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
255
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 114
diff changeset
256 TRACE(("leave recv_msg_userauth_failure"))
33
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
257 }
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
258
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
259 void recv_msg_userauth_success() {
883
ff597bf2cfb0 DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents: 734
diff changeset
260 /* This function can validly get called multiple times
ff597bf2cfb0 DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents: 734
diff changeset
261 if DROPBEAR_CLI_IMMEDIATE_AUTH is set */
ff597bf2cfb0 DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents: 734
diff changeset
262
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 114
diff changeset
263 TRACE(("received msg_userauth_success"))
501
d58c478bd399 Add support for [email protected] delayed compression.
Matt Johnston <matt@ucc.asn.au>
parents: 441
diff changeset
264 /* Note: in delayed-zlib mode, setting authdone here
d58c478bd399 Add support for [email protected] delayed compression.
Matt Johnston <matt@ucc.asn.au>
parents: 441
diff changeset
265 * will enable compression in the transport layer */
33
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
266 ses.authstate.authdone = 1;
37
0913e2ee3545 we're nearly there yet
Matt Johnston <matt@ucc.asn.au>
parents: 35
diff changeset
267 cli_ses.state = USERAUTH_SUCCESS_RCVD;
249
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
268 cli_ses.lastauthtype = AUTH_TYPE_NONE;
552
de3653483ac0 - Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents: 545
diff changeset
269
de3653483ac0 - Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents: 545
diff changeset
270 #ifdef ENABLE_CLI_PUBKEY_AUTH
de3653483ac0 - Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents: 545
diff changeset
271 cli_auth_pubkey_cleanup();
de3653483ac0 - Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents: 545
diff changeset
272 #endif
33
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
273 }
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
274
734
619b1ed837fd Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE
Matt Johnston <matt@ucc.asn.au>
parents: 732
diff changeset
275 int cli_auth_try() {
33
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
276
300
baea1d43e7eb Some cleanups/fixes for various TRACE statements
Matt Johnston <matt@ucc.asn.au>
parents: 268
diff changeset
277 int finished = 0;
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 114
diff changeset
278 TRACE(("enter cli_auth_try"))
33
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
279
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
280 CHECKCLEARTOWRITE();
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
281
249
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
282 /* Order to try is pubkey, interactive, password.
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
283 * As soon as "finished" is set for one, we don't do any more. */
68
eee77ac31ccc cleaning up the pubkey defines
Matt Johnston <matt@ucc.asn.au>
parents: 45
diff changeset
284 #ifdef ENABLE_CLI_PUBKEY_AUTH
33
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
285 if (ses.authstate.authtypes & AUTH_TYPE_PUBKEY) {
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
286 finished = cli_auth_pubkey();
45
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents: 43
diff changeset
287 cli_ses.lastauthtype = AUTH_TYPE_PUBKEY;
33
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
288 }
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
289 #endif
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
290
732
2e5f2bc60e40 Try password before interactive - bit of a hack
Matt Johnston <matt@ucc.asn.au>
parents: 730
diff changeset
291 #ifdef ENABLE_CLI_PASSWORD_AUTH
734
619b1ed837fd Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE
Matt Johnston <matt@ucc.asn.au>
parents: 732
diff changeset
292 if (!finished && (ses.authstate.authtypes & AUTH_TYPE_PASSWORD)) {
619b1ed837fd Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE
Matt Johnston <matt@ucc.asn.au>
parents: 732
diff changeset
293 if (ses.keys->trans.algo_crypt->cipherdesc == NULL) {
619b1ed837fd Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE
Matt Johnston <matt@ucc.asn.au>
parents: 732
diff changeset
294 fprintf(stderr, "Sorry, I won't let you use password auth unencrypted.\n");
619b1ed837fd Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE
Matt Johnston <matt@ucc.asn.au>
parents: 732
diff changeset
295 } else {
619b1ed837fd Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE
Matt Johnston <matt@ucc.asn.au>
parents: 732
diff changeset
296 cli_auth_password();
619b1ed837fd Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE
Matt Johnston <matt@ucc.asn.au>
parents: 732
diff changeset
297 finished = 1;
619b1ed837fd Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE
Matt Johnston <matt@ucc.asn.au>
parents: 732
diff changeset
298 cli_ses.lastauthtype = AUTH_TYPE_PASSWORD;
619b1ed837fd Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE
Matt Johnston <matt@ucc.asn.au>
parents: 732
diff changeset
299 }
732
2e5f2bc60e40 Try password before interactive - bit of a hack
Matt Johnston <matt@ucc.asn.au>
parents: 730
diff changeset
300 }
2e5f2bc60e40 Try password before interactive - bit of a hack
Matt Johnston <matt@ucc.asn.au>
parents: 730
diff changeset
301 #endif
2e5f2bc60e40 Try password before interactive - bit of a hack
Matt Johnston <matt@ucc.asn.au>
parents: 730
diff changeset
302
249
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
303 #ifdef ENABLE_CLI_INTERACT_AUTH
734
619b1ed837fd Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE
Matt Johnston <matt@ucc.asn.au>
parents: 732
diff changeset
304 if (!finished && (ses.authstate.authtypes & AUTH_TYPE_INTERACT)) {
619b1ed837fd Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE
Matt Johnston <matt@ucc.asn.au>
parents: 732
diff changeset
305 if (ses.keys->trans.algo_crypt->cipherdesc == NULL) {
619b1ed837fd Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE
Matt Johnston <matt@ucc.asn.au>
parents: 732
diff changeset
306 fprintf(stderr, "Sorry, I won't let you use interactive auth unencrypted.\n");
249
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
307 } else {
734
619b1ed837fd Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE
Matt Johnston <matt@ucc.asn.au>
parents: 732
diff changeset
308 if (!cli_ses.auth_interact_failed) {
619b1ed837fd Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE
Matt Johnston <matt@ucc.asn.au>
parents: 732
diff changeset
309 cli_auth_interactive();
619b1ed837fd Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE
Matt Johnston <matt@ucc.asn.au>
parents: 732
diff changeset
310 cli_ses.lastauthtype = AUTH_TYPE_INTERACT;
619b1ed837fd Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE
Matt Johnston <matt@ucc.asn.au>
parents: 732
diff changeset
311 finished = 1;
619b1ed837fd Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE
Matt Johnston <matt@ucc.asn.au>
parents: 732
diff changeset
312 }
249
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
313 }
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
314 }
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
315 #endif
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
316
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
317 TRACE(("cli_auth_try lastauthtype %d", cli_ses.lastauthtype))
efbaf6b03837 added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
318
734
619b1ed837fd Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE
Matt Johnston <matt@ucc.asn.au>
parents: 732
diff changeset
319 if (finished) {
619b1ed837fd Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE
Matt Johnston <matt@ucc.asn.au>
parents: 732
diff changeset
320 TRACE(("leave cli_auth_try success"))
619b1ed837fd Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE
Matt Johnston <matt@ucc.asn.au>
parents: 732
diff changeset
321 return DROPBEAR_SUCCESS;
33
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
322 }
734
619b1ed837fd Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE
Matt Johnston <matt@ucc.asn.au>
parents: 732
diff changeset
323 TRACE(("leave cli_auth_try failure"))
619b1ed837fd Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE
Matt Johnston <matt@ucc.asn.au>
parents: 732
diff changeset
324 return DROPBEAR_FAILURE;
33
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
325 }
268
475a818dd6e7 Cancel a dbclient password prompt if the user presses ctrl-c.
Matt Johnston <matt@ucc.asn.au>
parents: 249
diff changeset
326
475a818dd6e7 Cancel a dbclient password prompt if the user presses ctrl-c.
Matt Johnston <matt@ucc.asn.au>
parents: 249
diff changeset
327 /* A helper for getpass() that exits if the user cancels. The returned
475a818dd6e7 Cancel a dbclient password prompt if the user presses ctrl-c.
Matt Johnston <matt@ucc.asn.au>
parents: 249
diff changeset
328 * password is statically allocated by getpass() */
334
8f3ec7c104d9 Make the dbclient password prompt more useful
Matt Johnston <matt@ucc.asn.au>
parents: 300
diff changeset
329 char* getpass_or_cancel(char* prompt)
268
475a818dd6e7 Cancel a dbclient password prompt if the user presses ctrl-c.
Matt Johnston <matt@ucc.asn.au>
parents: 249
diff changeset
330 {
475a818dd6e7 Cancel a dbclient password prompt if the user presses ctrl-c.
Matt Johnston <matt@ucc.asn.au>
parents: 249
diff changeset
331 char* password = NULL;
441
fdf06a5a54e4 Allow reading dbclient password from an environment var
Matt Johnston <matt@ucc.asn.au>
parents: 334
diff changeset
332
fdf06a5a54e4 Allow reading dbclient password from an environment var
Matt Johnston <matt@ucc.asn.au>
parents: 334
diff changeset
333 #ifdef DROPBEAR_PASSWORD_ENV
fdf06a5a54e4 Allow reading dbclient password from an environment var
Matt Johnston <matt@ucc.asn.au>
parents: 334
diff changeset
334 /* Password provided in an environment var */
fdf06a5a54e4 Allow reading dbclient password from an environment var
Matt Johnston <matt@ucc.asn.au>
parents: 334
diff changeset
335 password = getenv(DROPBEAR_PASSWORD_ENV);
fdf06a5a54e4 Allow reading dbclient password from an environment var
Matt Johnston <matt@ucc.asn.au>
parents: 334
diff changeset
336 if (password)
fdf06a5a54e4 Allow reading dbclient password from an environment var
Matt Johnston <matt@ucc.asn.au>
parents: 334
diff changeset
337 {
fdf06a5a54e4 Allow reading dbclient password from an environment var
Matt Johnston <matt@ucc.asn.au>
parents: 334
diff changeset
338 return password;
fdf06a5a54e4 Allow reading dbclient password from an environment var
Matt Johnston <matt@ucc.asn.au>
parents: 334
diff changeset
339 }
fdf06a5a54e4 Allow reading dbclient password from an environment var
Matt Johnston <matt@ucc.asn.au>
parents: 334
diff changeset
340 #endif
268
475a818dd6e7 Cancel a dbclient password prompt if the user presses ctrl-c.
Matt Johnston <matt@ucc.asn.au>
parents: 249
diff changeset
341
334
8f3ec7c104d9 Make the dbclient password prompt more useful
Matt Johnston <matt@ucc.asn.au>
parents: 300
diff changeset
342 password = getpass(prompt);
268
475a818dd6e7 Cancel a dbclient password prompt if the user presses ctrl-c.
Matt Johnston <matt@ucc.asn.au>
parents: 249
diff changeset
343
475a818dd6e7 Cancel a dbclient password prompt if the user presses ctrl-c.
Matt Johnston <matt@ucc.asn.au>
parents: 249
diff changeset
344 /* 0x03 is a ctrl-c character in the buffer. */
475a818dd6e7 Cancel a dbclient password prompt if the user presses ctrl-c.
Matt Johnston <matt@ucc.asn.au>
parents: 249
diff changeset
345 if (password == NULL || strchr(password, '\3') != NULL) {
475a818dd6e7 Cancel a dbclient password prompt if the user presses ctrl-c.
Matt Johnston <matt@ucc.asn.au>
parents: 249
diff changeset
346 dropbear_close("Interrupted.");
475a818dd6e7 Cancel a dbclient password prompt if the user presses ctrl-c.
Matt Johnston <matt@ucc.asn.au>
parents: 249
diff changeset
347 }
475a818dd6e7 Cancel a dbclient password prompt if the user presses ctrl-c.
Matt Johnston <matt@ucc.asn.au>
parents: 249
diff changeset
348 return password;
475a818dd6e7 Cancel a dbclient password prompt if the user presses ctrl-c.
Matt Johnston <matt@ucc.asn.au>
parents: 249
diff changeset
349 }