Mercurial > dropbear
annotate cli-auth.c @ 1156:a8f4dade70e5
avoid getpass when not used
some systems (like android's bionic) do not provide getpass. you can
disable ENABLE_CLI_PASSWORD_AUTH & ENABLE_CLI_INTERACT_AUTH to avoid
its use (and rely on pubkey auth), but the link still fails because
the support file calls getpass. do not define this func if both of
those auth methods are not used.
| author | Mike Frysinger <vapier@gentoo.org> |
|---|---|
| date | Wed, 21 Oct 2015 22:39:55 +0800 |
| parents | aaf576b27a10 |
| children | c6346c63281b |
| rev | line source |
|---|---|
|
74
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
68
diff
changeset
|
1 /* |
|
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
68
diff
changeset
|
2 * Dropbear SSH |
|
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
68
diff
changeset
|
3 * |
|
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
68
diff
changeset
|
4 * Copyright (c) 2002,2003 Matt Johnston |
|
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
68
diff
changeset
|
5 * Copyright (c) 2004 by Mihnea Stoenescu |
|
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
68
diff
changeset
|
6 * All rights reserved. |
|
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
68
diff
changeset
|
7 * |
|
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
68
diff
changeset
|
8 * Permission is hereby granted, free of charge, to any person obtaining a copy |
|
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
68
diff
changeset
|
9 * of this software and associated documentation files (the "Software"), to deal |
|
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
68
diff
changeset
|
10 * in the Software without restriction, including without limitation the rights |
|
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
68
diff
changeset
|
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell |
|
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
68
diff
changeset
|
12 * copies of the Software, and to permit persons to whom the Software is |
|
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
68
diff
changeset
|
13 * furnished to do so, subject to the following conditions: |
|
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
68
diff
changeset
|
14 * |
|
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
68
diff
changeset
|
15 * The above copyright notice and this permission notice shall be included in |
|
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
68
diff
changeset
|
16 * all copies or substantial portions of the Software. |
|
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
68
diff
changeset
|
17 * |
|
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
68
diff
changeset
|
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR |
|
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
68
diff
changeset
|
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, |
|
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
68
diff
changeset
|
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE |
|
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
68
diff
changeset
|
21 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER |
|
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
68
diff
changeset
|
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, |
|
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
68
diff
changeset
|
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE |
|
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
68
diff
changeset
|
24 * SOFTWARE. */ |
|
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
68
diff
changeset
|
25 |
| 33 | 26 #include "includes.h" |
| 27 #include "session.h" | |
| 28 #include "auth.h" | |
| 29 #include "dbutil.h" | |
| 30 #include "buffer.h" | |
| 31 #include "ssh.h" | |
| 32 #include "packet.h" | |
| 33 #include "runopts.h" | |
| 34 | |
| 35 void cli_authinitialise() { | |
| 36 | |
| 37 memset(&ses.authstate, 0, sizeof(ses.authstate)); | |
| 38 } | |
| 39 | |
| 40 | |
| 41 /* Send a "none" auth request to get available methods */ | |
| 42 void cli_auth_getmethods() { | |
|
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
114
diff
changeset
|
43 TRACE(("enter cli_auth_getmethods")) |
| 33 | 44 CHECKCLEARTOWRITE(); |
| 45 buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_REQUEST); | |
|
1122
aaf576b27a10
Merge pull request #13 from gazoo74/fix-warnings
Matt Johnston <matt@ucc.asn.au>
parents:
1115
diff
changeset
|
46 buf_putstring(ses.writepayload, cli_opts.username, |
|
35
0ad5fb979f42
set the isserver flag (oops)
Matt Johnston <matt@ucc.asn.au>
parents:
34
diff
changeset
|
47 strlen(cli_opts.username)); |
|
1122
aaf576b27a10
Merge pull request #13 from gazoo74/fix-warnings
Matt Johnston <matt@ucc.asn.au>
parents:
1115
diff
changeset
|
48 buf_putstring(ses.writepayload, SSH_SERVICE_CONNECTION, |
| 33 | 49 SSH_SERVICE_CONNECTION_LEN); |
|
1122
aaf576b27a10
Merge pull request #13 from gazoo74/fix-warnings
Matt Johnston <matt@ucc.asn.au>
parents:
1115
diff
changeset
|
50 buf_putstring(ses.writepayload, "none", 4); /* 'none' method */ |
| 33 | 51 |
| 52 encrypt_packet(); | |
|
883
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
53 |
|
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
54 #ifdef DROPBEAR_CLI_IMMEDIATE_AUTH |
|
894
7032deca6b90
Disable immediate auth for delayed-zlib mode
Matt Johnston <matt@ucc.asn.au>
parents:
883
diff
changeset
|
55 /* We can't haven't two auth requests in-flight with delayed zlib mode |
|
7032deca6b90
Disable immediate auth for delayed-zlib mode
Matt Johnston <matt@ucc.asn.au>
parents:
883
diff
changeset
|
56 since if the first one succeeds then the remote side will |
|
7032deca6b90
Disable immediate auth for delayed-zlib mode
Matt Johnston <matt@ucc.asn.au>
parents:
883
diff
changeset
|
57 expect the second one to be compressed. |
|
7032deca6b90
Disable immediate auth for delayed-zlib mode
Matt Johnston <matt@ucc.asn.au>
parents:
883
diff
changeset
|
58 Race described at |
|
7032deca6b90
Disable immediate auth for delayed-zlib mode
Matt Johnston <matt@ucc.asn.au>
parents:
883
diff
changeset
|
59 http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/zlib-openssh.html |
|
7032deca6b90
Disable immediate auth for delayed-zlib mode
Matt Johnston <matt@ucc.asn.au>
parents:
883
diff
changeset
|
60 */ |
|
7032deca6b90
Disable immediate auth for delayed-zlib mode
Matt Johnston <matt@ucc.asn.au>
parents:
883
diff
changeset
|
61 if (ses.keys->trans.algo_comp != DROPBEAR_COMP_ZLIB_DELAY) { |
|
7032deca6b90
Disable immediate auth for delayed-zlib mode
Matt Johnston <matt@ucc.asn.au>
parents:
883
diff
changeset
|
62 ses.authstate.authtypes = AUTH_TYPE_PUBKEY; |
|
7032deca6b90
Disable immediate auth for delayed-zlib mode
Matt Johnston <matt@ucc.asn.au>
parents:
883
diff
changeset
|
63 if (getenv(DROPBEAR_PASSWORD_ENV)) { |
|
7032deca6b90
Disable immediate auth for delayed-zlib mode
Matt Johnston <matt@ucc.asn.au>
parents:
883
diff
changeset
|
64 ses.authstate.authtypes |= AUTH_TYPE_PASSWORD | AUTH_TYPE_INTERACT; |
|
7032deca6b90
Disable immediate auth for delayed-zlib mode
Matt Johnston <matt@ucc.asn.au>
parents:
883
diff
changeset
|
65 } |
|
7032deca6b90
Disable immediate auth for delayed-zlib mode
Matt Johnston <matt@ucc.asn.au>
parents:
883
diff
changeset
|
66 if (cli_auth_try() == DROPBEAR_SUCCESS) { |
|
7032deca6b90
Disable immediate auth for delayed-zlib mode
Matt Johnston <matt@ucc.asn.au>
parents:
883
diff
changeset
|
67 TRACE(("skipped initial none auth query")) |
|
7032deca6b90
Disable immediate auth for delayed-zlib mode
Matt Johnston <matt@ucc.asn.au>
parents:
883
diff
changeset
|
68 /* Note that there will be two auth responses in-flight */ |
|
7032deca6b90
Disable immediate auth for delayed-zlib mode
Matt Johnston <matt@ucc.asn.au>
parents:
883
diff
changeset
|
69 cli_ses.ignore_next_auth_response = 1; |
|
7032deca6b90
Disable immediate auth for delayed-zlib mode
Matt Johnston <matt@ucc.asn.au>
parents:
883
diff
changeset
|
70 } |
|
883
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
71 } |
|
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
72 #endif |
|
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
114
diff
changeset
|
73 TRACE(("leave cli_auth_getmethods")) |
| 33 | 74 } |
| 75 | |
| 43 | 76 void recv_msg_userauth_banner() { |
| 77 | |
|
1115
efb7e545a65e
Turn banner, methods and tok local variable into char *
Gaël PORTAY <gael.portay@gmail.com>
parents:
1094
diff
changeset
|
78 char* banner = NULL; |
| 43 | 79 unsigned int bannerlen; |
| 80 unsigned int i, linecount; | |
| 81 | |
|
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
114
diff
changeset
|
82 TRACE(("enter recv_msg_userauth_banner")) |
| 43 | 83 if (ses.authstate.authdone) { |
|
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
114
diff
changeset
|
84 TRACE(("leave recv_msg_userauth_banner: banner after auth done")) |
| 43 | 85 return; |
| 86 } | |
| 87 | |
|
1122
aaf576b27a10
Merge pull request #13 from gazoo74/fix-warnings
Matt Johnston <matt@ucc.asn.au>
parents:
1115
diff
changeset
|
88 banner = buf_getstring(ses.payload, &bannerlen); |
| 43 | 89 buf_eatstring(ses.payload); /* The language string */ |
| 90 | |
| 91 if (bannerlen > MAX_BANNER_SIZE) { | |
|
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
114
diff
changeset
|
92 TRACE(("recv_msg_userauth_banner: bannerlen too long: %d", bannerlen)) |
| 43 | 93 goto out; |
| 94 } | |
| 95 | |
| 96 cleantext(banner); | |
| 97 | |
| 98 /* Limit to 25 lines */ | |
| 99 linecount = 1; | |
| 100 for (i = 0; i < bannerlen; i++) { | |
| 101 if (banner[i] == '\n') { | |
| 102 if (linecount >= MAX_BANNER_LINES) { | |
| 103 banner[i] = '\0'; | |
| 104 break; | |
| 105 } | |
| 106 linecount++; | |
| 107 } | |
| 108 } | |
| 109 | |
|
545
00e619aa2f9a
- Print banner to stderr. Probably the right way, and avoids
Matt Johnston <matt@ucc.asn.au>
parents:
501
diff
changeset
|
110 fprintf(stderr, "%s\n", banner); |
| 43 | 111 |
| 112 out: | |
| 113 m_free(banner); | |
|
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
114
diff
changeset
|
114 TRACE(("leave recv_msg_userauth_banner")) |
| 43 | 115 } |
| 116 | |
|
249
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
117 /* This handles the message-specific types which |
|
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
118 * all have a value of 60. These are |
|
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
119 * SSH_MSG_USERAUTH_PASSWD_CHANGEREQ, |
|
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
120 * SSH_MSG_USERAUTH_PK_OK, & |
|
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
121 * SSH_MSG_USERAUTH_INFO_REQUEST. */ |
|
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
122 void recv_msg_userauth_specific_60() { |
|
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
123 |
|
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
124 #ifdef ENABLE_CLI_PUBKEY_AUTH |
|
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
125 if (cli_ses.lastauthtype == AUTH_TYPE_PUBKEY) { |
|
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
126 recv_msg_userauth_pk_ok(); |
|
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
127 return; |
|
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
128 } |
|
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
129 #endif |
|
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
130 |
|
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
131 #ifdef ENABLE_CLI_INTERACT_AUTH |
|
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
132 if (cli_ses.lastauthtype == AUTH_TYPE_INTERACT) { |
|
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
133 recv_msg_userauth_info_request(); |
|
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
134 return; |
|
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
135 } |
|
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
136 #endif |
|
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
137 |
|
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
138 #ifdef ENABLE_CLI_PASSWORD_AUTH |
|
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
139 if (cli_ses.lastauthtype == AUTH_TYPE_PASSWORD) { |
|
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
140 /* Eventually there could be proper password-changing |
|
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
141 * support. However currently few servers seem to |
|
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
142 * implement it, and password auth is last-resort |
|
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
143 * regardless - keyboard-interactive is more likely |
|
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
144 * to be used anyway. */ |
|
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
145 dropbear_close("Your password has expired."); |
|
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
146 } |
|
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
147 #endif |
|
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
148 |
|
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
149 dropbear_exit("Unexpected userauth packet"); |
|
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
150 } |
| 43 | 151 |
| 33 | 152 void recv_msg_userauth_failure() { |
| 153 | |
|
1115
efb7e545a65e
Turn banner, methods and tok local variable into char *
Gaël PORTAY <gael.portay@gmail.com>
parents:
1094
diff
changeset
|
154 char * methods = NULL; |
|
efb7e545a65e
Turn banner, methods and tok local variable into char *
Gaël PORTAY <gael.portay@gmail.com>
parents:
1094
diff
changeset
|
155 char * tok = NULL; |
| 33 | 156 unsigned int methlen = 0; |
| 157 unsigned int partial = 0; | |
| 158 unsigned int i = 0; | |
| 159 | |
|
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
114
diff
changeset
|
160 TRACE(("<- MSG_USERAUTH_FAILURE")) |
|
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
114
diff
changeset
|
161 TRACE(("enter recv_msg_userauth_failure")) |
| 33 | 162 |
|
883
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
163 if (ses.authstate.authdone) { |
|
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
164 TRACE(("leave recv_msg_userauth_failure, already authdone.")) |
|
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
165 return; |
|
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
166 } |
|
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
167 |
|
45
9ee8996a375f
Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
43
diff
changeset
|
168 if (cli_ses.state != USERAUTH_REQ_SENT) { |
|
9ee8996a375f
Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
43
diff
changeset
|
169 /* Perhaps we should be more fatal? */ |
|
249
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
170 dropbear_exit("Unexpected userauth failure"); |
|
45
9ee8996a375f
Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
43
diff
changeset
|
171 } |
|
9ee8996a375f
Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
43
diff
changeset
|
172 |
|
883
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
173 /* When DROPBEAR_CLI_IMMEDIATE_AUTH is set there will be an initial response for |
|
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
174 the "none" auth request, and then a response to the immediate auth request. |
|
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
175 We need to be careful handling them. */ |
|
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
176 if (cli_ses.ignore_next_auth_response) { |
|
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
177 cli_ses.state = USERAUTH_REQ_SENT; |
|
931
ac340d3e452e
Fix pubkey auth if the first key presented fails (infinite loop of
Matt Johnston <matt@ucc.asn.au>
parents:
894
diff
changeset
|
178 cli_ses.ignore_next_auth_response = 0; |
|
ac340d3e452e
Fix pubkey auth if the first key presented fails (infinite loop of
Matt Johnston <matt@ucc.asn.au>
parents:
894
diff
changeset
|
179 TRACE(("leave recv_msg_userauth_failure, ignored response, state set to USERAUTH_REQ_SENT")); |
|
ac340d3e452e
Fix pubkey auth if the first key presented fails (infinite loop of
Matt Johnston <matt@ucc.asn.au>
parents:
894
diff
changeset
|
180 return; |
|
883
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
181 } else { |
|
68
eee77ac31ccc
cleaning up the pubkey defines
Matt Johnston <matt@ucc.asn.au>
parents:
45
diff
changeset
|
182 #ifdef ENABLE_CLI_PUBKEY_AUTH |
|
883
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
183 /* If it was a pubkey auth request, we should cross that key |
|
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
184 * off the list. */ |
|
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
185 if (cli_ses.lastauthtype == AUTH_TYPE_PUBKEY) { |
|
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
186 cli_pubkeyfail(); |
|
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
187 } |
|
45
9ee8996a375f
Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
43
diff
changeset
|
188 #endif |
|
9ee8996a375f
Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
43
diff
changeset
|
189 |
|
249
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
190 #ifdef ENABLE_CLI_INTERACT_AUTH |
|
883
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
191 /* If we get a failure message for keyboard interactive without |
|
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
192 * receiving any request info packet, then we don't bother trying |
|
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
193 * keyboard interactive again */ |
|
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
194 if (cli_ses.lastauthtype == AUTH_TYPE_INTERACT |
|
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
195 && !cli_ses.interact_request_received) { |
|
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
196 TRACE(("setting auth_interact_failed = 1")) |
|
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
197 cli_ses.auth_interact_failed = 1; |
|
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
198 } |
|
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
199 #endif |
|
931
ac340d3e452e
Fix pubkey auth if the first key presented fails (infinite loop of
Matt Johnston <matt@ucc.asn.au>
parents:
894
diff
changeset
|
200 cli_ses.state = USERAUTH_FAIL_RCVD; |
|
ac340d3e452e
Fix pubkey auth if the first key presented fails (infinite loop of
Matt Johnston <matt@ucc.asn.au>
parents:
894
diff
changeset
|
201 cli_ses.lastauthtype = AUTH_TYPE_NONE; |
|
249
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
202 } |
|
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
203 |
|
1122
aaf576b27a10
Merge pull request #13 from gazoo74/fix-warnings
Matt Johnston <matt@ucc.asn.au>
parents:
1115
diff
changeset
|
204 methods = buf_getstring(ses.payload, &methlen); |
| 33 | 205 |
|
179
161557a9dde8
* fix longstanding bug with connections being closed on failure to
Matt Johnston <matt@ucc.asn.au>
parents:
165
diff
changeset
|
206 partial = buf_getbool(ses.payload); |
| 33 | 207 |
| 208 if (partial) { | |
| 209 dropbear_log(LOG_INFO, "Authentication partially succeeded, more attempts required"); | |
| 210 } else { | |
| 211 ses.authstate.failcount++; | |
| 212 } | |
| 213 | |
|
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
114
diff
changeset
|
214 TRACE(("Methods (len %d): '%s'", methlen, methods)) |
| 33 | 215 |
| 216 ses.authstate.authdone=0; | |
| 217 ses.authstate.authtypes=0; | |
| 218 | |
| 219 /* Split with nulls rather than commas */ | |
| 220 for (i = 0; i < methlen; i++) { | |
| 221 if (methods[i] == ',') { | |
| 222 methods[i] = '\0'; | |
| 223 } | |
| 224 } | |
| 225 | |
| 226 tok = methods; /* tok stores the next method we'll compare */ | |
| 227 for (i = 0; i <= methlen; i++) { | |
| 228 if (methods[i] == '\0') { | |
|
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
114
diff
changeset
|
229 TRACE(("auth method '%s'", tok)) |
|
68
eee77ac31ccc
cleaning up the pubkey defines
Matt Johnston <matt@ucc.asn.au>
parents:
45
diff
changeset
|
230 #ifdef ENABLE_CLI_PUBKEY_AUTH |
| 33 | 231 if (strncmp(AUTH_METHOD_PUBKEY, tok, |
| 232 AUTH_METHOD_PUBKEY_LEN) == 0) { | |
| 233 ses.authstate.authtypes |= AUTH_TYPE_PUBKEY; | |
| 234 } | |
| 235 #endif | |
|
249
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
236 #ifdef ENABLE_CLI_INTERACT_AUTH |
|
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
237 if (strncmp(AUTH_METHOD_INTERACT, tok, |
|
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
238 AUTH_METHOD_INTERACT_LEN) == 0) { |
|
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
239 ses.authstate.authtypes |= AUTH_TYPE_INTERACT; |
|
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
240 } |
|
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
241 #endif |
|
68
eee77ac31ccc
cleaning up the pubkey defines
Matt Johnston <matt@ucc.asn.au>
parents:
45
diff
changeset
|
242 #ifdef ENABLE_CLI_PASSWORD_AUTH |
| 33 | 243 if (strncmp(AUTH_METHOD_PASSWORD, tok, |
| 244 AUTH_METHOD_PASSWORD_LEN) == 0) { | |
| 245 ses.authstate.authtypes |= AUTH_TYPE_PASSWORD; | |
| 246 } | |
| 247 #endif | |
|
34
e2a1eaa19f22
Client mostly works up to password auth
Matt Johnston <matt@ucc.asn.au>
parents:
33
diff
changeset
|
248 tok = &methods[i+1]; /* Must make sure we don't use it after the |
|
e2a1eaa19f22
Client mostly works up to password auth
Matt Johnston <matt@ucc.asn.au>
parents:
33
diff
changeset
|
249 last loop, since it'll point to something |
|
e2a1eaa19f22
Client mostly works up to password auth
Matt Johnston <matt@ucc.asn.au>
parents:
33
diff
changeset
|
250 undefined */ |
| 33 | 251 } |
| 252 } | |
| 253 | |
|
114
2be6aa26a8c9
Leak found with MallocDebug - it's kinda useful
Matt Johnston <matt@ucc.asn.au>
parents:
74
diff
changeset
|
254 m_free(methods); |
| 33 | 255 |
|
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
114
diff
changeset
|
256 TRACE(("leave recv_msg_userauth_failure")) |
| 33 | 257 } |
| 258 | |
| 259 void recv_msg_userauth_success() { | |
|
883
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
260 /* This function can validly get called multiple times |
|
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
261 if DROPBEAR_CLI_IMMEDIATE_AUTH is set */ |
|
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
734
diff
changeset
|
262 |
|
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
114
diff
changeset
|
263 TRACE(("received msg_userauth_success")) |
|
501
d58c478bd399
Add support for [email protected] delayed compression.
Matt Johnston <matt@ucc.asn.au>
parents:
441
diff
changeset
|
264 /* Note: in delayed-zlib mode, setting authdone here |
|
d58c478bd399
Add support for [email protected] delayed compression.
Matt Johnston <matt@ucc.asn.au>
parents:
441
diff
changeset
|
265 * will enable compression in the transport layer */ |
| 33 | 266 ses.authstate.authdone = 1; |
| 37 | 267 cli_ses.state = USERAUTH_SUCCESS_RCVD; |
|
249
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
268 cli_ses.lastauthtype = AUTH_TYPE_NONE; |
|
552
de3653483ac0
- Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents:
545
diff
changeset
|
269 |
|
de3653483ac0
- Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents:
545
diff
changeset
|
270 #ifdef ENABLE_CLI_PUBKEY_AUTH |
|
de3653483ac0
- Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents:
545
diff
changeset
|
271 cli_auth_pubkey_cleanup(); |
|
de3653483ac0
- Client auth using an agent's key works. Still need to implement client
Matt Johnston <matt@ucc.asn.au>
parents:
545
diff
changeset
|
272 #endif |
| 33 | 273 } |
| 274 | |
|
734
619b1ed837fd
Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE
Matt Johnston <matt@ucc.asn.au>
parents:
732
diff
changeset
|
275 int cli_auth_try() { |
| 33 | 276 |
|
300
baea1d43e7eb
Some cleanups/fixes for various TRACE statements
Matt Johnston <matt@ucc.asn.au>
parents:
268
diff
changeset
|
277 int finished = 0; |
|
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
114
diff
changeset
|
278 TRACE(("enter cli_auth_try")) |
| 33 | 279 |
| 280 CHECKCLEARTOWRITE(); | |
| 281 | |
|
249
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
282 /* Order to try is pubkey, interactive, password. |
|
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
283 * As soon as "finished" is set for one, we don't do any more. */ |
|
68
eee77ac31ccc
cleaning up the pubkey defines
Matt Johnston <matt@ucc.asn.au>
parents:
45
diff
changeset
|
284 #ifdef ENABLE_CLI_PUBKEY_AUTH |
| 33 | 285 if (ses.authstate.authtypes & AUTH_TYPE_PUBKEY) { |
| 286 finished = cli_auth_pubkey(); | |
|
45
9ee8996a375f
Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
43
diff
changeset
|
287 cli_ses.lastauthtype = AUTH_TYPE_PUBKEY; |
| 33 | 288 } |
| 289 #endif | |
| 290 | |
|
732
2e5f2bc60e40
Try password before interactive - bit of a hack
Matt Johnston <matt@ucc.asn.au>
parents:
730
diff
changeset
|
291 #ifdef ENABLE_CLI_PASSWORD_AUTH |
|
734
619b1ed837fd
Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE
Matt Johnston <matt@ucc.asn.au>
parents:
732
diff
changeset
|
292 if (!finished && (ses.authstate.authtypes & AUTH_TYPE_PASSWORD)) { |
|
619b1ed837fd
Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE
Matt Johnston <matt@ucc.asn.au>
parents:
732
diff
changeset
|
293 if (ses.keys->trans.algo_crypt->cipherdesc == NULL) { |
|
619b1ed837fd
Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE
Matt Johnston <matt@ucc.asn.au>
parents:
732
diff
changeset
|
294 fprintf(stderr, "Sorry, I won't let you use password auth unencrypted.\n"); |
|
619b1ed837fd
Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE
Matt Johnston <matt@ucc.asn.au>
parents:
732
diff
changeset
|
295 } else { |
|
619b1ed837fd
Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE
Matt Johnston <matt@ucc.asn.au>
parents:
732
diff
changeset
|
296 cli_auth_password(); |
|
619b1ed837fd
Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE
Matt Johnston <matt@ucc.asn.au>
parents:
732
diff
changeset
|
297 finished = 1; |
|
619b1ed837fd
Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE
Matt Johnston <matt@ucc.asn.au>
parents:
732
diff
changeset
|
298 cli_ses.lastauthtype = AUTH_TYPE_PASSWORD; |
|
619b1ed837fd
Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE
Matt Johnston <matt@ucc.asn.au>
parents:
732
diff
changeset
|
299 } |
|
732
2e5f2bc60e40
Try password before interactive - bit of a hack
Matt Johnston <matt@ucc.asn.au>
parents:
730
diff
changeset
|
300 } |
|
2e5f2bc60e40
Try password before interactive - bit of a hack
Matt Johnston <matt@ucc.asn.au>
parents:
730
diff
changeset
|
301 #endif |
|
2e5f2bc60e40
Try password before interactive - bit of a hack
Matt Johnston <matt@ucc.asn.au>
parents:
730
diff
changeset
|
302 |
|
249
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
303 #ifdef ENABLE_CLI_INTERACT_AUTH |
|
734
619b1ed837fd
Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE
Matt Johnston <matt@ucc.asn.au>
parents:
732
diff
changeset
|
304 if (!finished && (ses.authstate.authtypes & AUTH_TYPE_INTERACT)) { |
|
619b1ed837fd
Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE
Matt Johnston <matt@ucc.asn.au>
parents:
732
diff
changeset
|
305 if (ses.keys->trans.algo_crypt->cipherdesc == NULL) { |
|
619b1ed837fd
Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE
Matt Johnston <matt@ucc.asn.au>
parents:
732
diff
changeset
|
306 fprintf(stderr, "Sorry, I won't let you use interactive auth unencrypted.\n"); |
|
249
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
307 } else { |
|
734
619b1ed837fd
Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE
Matt Johnston <matt@ucc.asn.au>
parents:
732
diff
changeset
|
308 if (!cli_ses.auth_interact_failed) { |
|
619b1ed837fd
Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE
Matt Johnston <matt@ucc.asn.au>
parents:
732
diff
changeset
|
309 cli_auth_interactive(); |
|
619b1ed837fd
Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE
Matt Johnston <matt@ucc.asn.au>
parents:
732
diff
changeset
|
310 cli_ses.lastauthtype = AUTH_TYPE_INTERACT; |
|
619b1ed837fd
Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE
Matt Johnston <matt@ucc.asn.au>
parents:
732
diff
changeset
|
311 finished = 1; |
|
619b1ed837fd
Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE
Matt Johnston <matt@ucc.asn.au>
parents:
732
diff
changeset
|
312 } |
|
249
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
313 } |
|
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
314 } |
|
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
315 #endif |
|
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
316 |
|
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
317 TRACE(("cli_auth_try lastauthtype %d", cli_ses.lastauthtype)) |
|
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
179
diff
changeset
|
318 |
|
734
619b1ed837fd
Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE
Matt Johnston <matt@ucc.asn.au>
parents:
732
diff
changeset
|
319 if (finished) { |
|
619b1ed837fd
Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE
Matt Johnston <matt@ucc.asn.au>
parents:
732
diff
changeset
|
320 TRACE(("leave cli_auth_try success")) |
|
619b1ed837fd
Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE
Matt Johnston <matt@ucc.asn.au>
parents:
732
diff
changeset
|
321 return DROPBEAR_SUCCESS; |
| 33 | 322 } |
|
734
619b1ed837fd
Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE
Matt Johnston <matt@ucc.asn.au>
parents:
732
diff
changeset
|
323 TRACE(("leave cli_auth_try failure")) |
|
619b1ed837fd
Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE
Matt Johnston <matt@ucc.asn.au>
parents:
732
diff
changeset
|
324 return DROPBEAR_FAILURE; |
| 33 | 325 } |
|
268
475a818dd6e7
Cancel a dbclient password prompt if the user presses ctrl-c.
Matt Johnston <matt@ucc.asn.au>
parents:
249
diff
changeset
|
326 |
|
1156
a8f4dade70e5
avoid getpass when not used
Mike Frysinger <vapier@gentoo.org>
parents:
1122
diff
changeset
|
327 #if defined(ENABLE_CLI_PASSWORD_AUTH) || defined(ENABLE_CLI_INTERACT_AUTH) |
|
268
475a818dd6e7
Cancel a dbclient password prompt if the user presses ctrl-c.
Matt Johnston <matt@ucc.asn.au>
parents:
249
diff
changeset
|
328 /* A helper for getpass() that exits if the user cancels. The returned |
|
475a818dd6e7
Cancel a dbclient password prompt if the user presses ctrl-c.
Matt Johnston <matt@ucc.asn.au>
parents:
249
diff
changeset
|
329 * password is statically allocated by getpass() */ |
|
334
8f3ec7c104d9
Make the dbclient password prompt more useful
Matt Johnston <matt@ucc.asn.au>
parents:
300
diff
changeset
|
330 char* getpass_or_cancel(char* prompt) |
|
268
475a818dd6e7
Cancel a dbclient password prompt if the user presses ctrl-c.
Matt Johnston <matt@ucc.asn.au>
parents:
249
diff
changeset
|
331 { |
|
475a818dd6e7
Cancel a dbclient password prompt if the user presses ctrl-c.
Matt Johnston <matt@ucc.asn.au>
parents:
249
diff
changeset
|
332 char* password = NULL; |
|
441
fdf06a5a54e4
Allow reading dbclient password from an environment var
Matt Johnston <matt@ucc.asn.au>
parents:
334
diff
changeset
|
333 |
|
fdf06a5a54e4
Allow reading dbclient password from an environment var
Matt Johnston <matt@ucc.asn.au>
parents:
334
diff
changeset
|
334 #ifdef DROPBEAR_PASSWORD_ENV |
|
fdf06a5a54e4
Allow reading dbclient password from an environment var
Matt Johnston <matt@ucc.asn.au>
parents:
334
diff
changeset
|
335 /* Password provided in an environment var */ |
|
fdf06a5a54e4
Allow reading dbclient password from an environment var
Matt Johnston <matt@ucc.asn.au>
parents:
334
diff
changeset
|
336 password = getenv(DROPBEAR_PASSWORD_ENV); |
|
fdf06a5a54e4
Allow reading dbclient password from an environment var
Matt Johnston <matt@ucc.asn.au>
parents:
334
diff
changeset
|
337 if (password) |
|
fdf06a5a54e4
Allow reading dbclient password from an environment var
Matt Johnston <matt@ucc.asn.au>
parents:
334
diff
changeset
|
338 { |
|
fdf06a5a54e4
Allow reading dbclient password from an environment var
Matt Johnston <matt@ucc.asn.au>
parents:
334
diff
changeset
|
339 return password; |
|
fdf06a5a54e4
Allow reading dbclient password from an environment var
Matt Johnston <matt@ucc.asn.au>
parents:
334
diff
changeset
|
340 } |
|
fdf06a5a54e4
Allow reading dbclient password from an environment var
Matt Johnston <matt@ucc.asn.au>
parents:
334
diff
changeset
|
341 #endif |
|
268
475a818dd6e7
Cancel a dbclient password prompt if the user presses ctrl-c.
Matt Johnston <matt@ucc.asn.au>
parents:
249
diff
changeset
|
342 |
|
334
8f3ec7c104d9
Make the dbclient password prompt more useful
Matt Johnston <matt@ucc.asn.au>
parents:
300
diff
changeset
|
343 password = getpass(prompt); |
|
268
475a818dd6e7
Cancel a dbclient password prompt if the user presses ctrl-c.
Matt Johnston <matt@ucc.asn.au>
parents:
249
diff
changeset
|
344 |
|
475a818dd6e7
Cancel a dbclient password prompt if the user presses ctrl-c.
Matt Johnston <matt@ucc.asn.au>
parents:
249
diff
changeset
|
345 /* 0x03 is a ctrl-c character in the buffer. */ |
|
475a818dd6e7
Cancel a dbclient password prompt if the user presses ctrl-c.
Matt Johnston <matt@ucc.asn.au>
parents:
249
diff
changeset
|
346 if (password == NULL || strchr(password, '\3') != NULL) { |
|
475a818dd6e7
Cancel a dbclient password prompt if the user presses ctrl-c.
Matt Johnston <matt@ucc.asn.au>
parents:
249
diff
changeset
|
347 dropbear_close("Interrupted."); |
|
475a818dd6e7
Cancel a dbclient password prompt if the user presses ctrl-c.
Matt Johnston <matt@ucc.asn.au>
parents:
249
diff
changeset
|
348 } |
|
475a818dd6e7
Cancel a dbclient password prompt if the user presses ctrl-c.
Matt Johnston <matt@ucc.asn.au>
parents:
249
diff
changeset
|
349 return password; |
|
475a818dd6e7
Cancel a dbclient password prompt if the user presses ctrl-c.
Matt Johnston <matt@ucc.asn.au>
parents:
249
diff
changeset
|
350 } |
|
1156
a8f4dade70e5
avoid getpass when not used
Mike Frysinger <vapier@gentoo.org>
parents:
1122
diff
changeset
|
351 #endif |