annotate cli-auth.c @ 149:ed9ca2a9705c

Cleaned up the random code, use /dev/random by default, and remove the addrandom() function which wasn't used.
author Matt Johnston <matt@ucc.asn.au>
date Mon, 20 Dec 2004 13:11:15 +0000
parents 2be6aa26a8c9
children 0cfba3034be5
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
74
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
1 /*
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
2 * Dropbear SSH
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
3 *
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
4 * Copyright (c) 2002,2003 Matt Johnston
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
5 * Copyright (c) 2004 by Mihnea Stoenescu
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
6 * All rights reserved.
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
7 *
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
8 * Permission is hereby granted, free of charge, to any person obtaining a copy
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
9 * of this software and associated documentation files (the "Software"), to deal
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
10 * in the Software without restriction, including without limitation the rights
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
12 * copies of the Software, and to permit persons to whom the Software is
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
13 * furnished to do so, subject to the following conditions:
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
14 *
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
15 * The above copyright notice and this permission notice shall be included in
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
16 * all copies or substantial portions of the Software.
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
17 *
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
21 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
24 * SOFTWARE. */
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents: 68
diff changeset
25
33
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
26 #include "includes.h"
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
27 #include "session.h"
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
28 #include "auth.h"
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
29 #include "dbutil.h"
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
30 #include "buffer.h"
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
31 #include "ssh.h"
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
32 #include "packet.h"
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
33 #include "runopts.h"
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
34
40
b4874d772210 - Added terminal mode handling etc for the client, and window change
Matt Johnston <matt@ucc.asn.au>
parents: 37
diff changeset
35
33
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
36 void cli_authinitialise() {
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
37
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
38 memset(&ses.authstate, 0, sizeof(ses.authstate));
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
39 }
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
40
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
41
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
42 /* Send a "none" auth request to get available methods */
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
43 void cli_auth_getmethods() {
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
44
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
45 TRACE(("enter cli_auth_getmethods"));
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
46
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
47 CHECKCLEARTOWRITE();
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
48
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
49 buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_REQUEST);
35
0ad5fb979f42 set the isserver flag (oops)
Matt Johnston <matt@ucc.asn.au>
parents: 34
diff changeset
50 buf_putstring(ses.writepayload, cli_opts.username,
0ad5fb979f42 set the isserver flag (oops)
Matt Johnston <matt@ucc.asn.au>
parents: 34
diff changeset
51 strlen(cli_opts.username));
33
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
52 buf_putstring(ses.writepayload, SSH_SERVICE_CONNECTION,
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
53 SSH_SERVICE_CONNECTION_LEN);
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
54 buf_putstring(ses.writepayload, "none", 4); /* 'none' method */
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
55
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
56 encrypt_packet();
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
57 TRACE(("leave cli_auth_getmethods"));
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
58
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
59 }
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
60
43
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
61 void recv_msg_userauth_banner() {
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
62
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
63 unsigned char* banner = NULL;
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
64 unsigned int bannerlen;
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
65 unsigned int i, linecount;
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
66
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
67 TRACE(("enter recv_msg_userauth_banner"));
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
68 if (ses.authstate.authdone) {
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
69 TRACE(("leave recv_msg_userauth_banner: banner after auth done"));
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
70 return;
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
71 }
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
72
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
73 banner = buf_getstring(ses.payload, &bannerlen);
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
74 buf_eatstring(ses.payload); /* The language string */
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
75
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
76 if (bannerlen > MAX_BANNER_SIZE) {
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
77 TRACE(("recv_msg_userauth_banner: bannerlen too long: %d", bannerlen));
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
78 goto out;
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
79 }
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
80
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
81 cleantext(banner);
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
82
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
83 /* Limit to 25 lines */
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
84 linecount = 1;
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
85 for (i = 0; i < bannerlen; i++) {
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
86 if (banner[i] == '\n') {
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
87 if (linecount >= MAX_BANNER_LINES) {
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
88 banner[i] = '\0';
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
89 break;
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
90 }
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
91 linecount++;
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
92 }
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
93 }
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
94
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
95 printf("%s\n", banner);
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
96
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
97 out:
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
98 m_free(banner);
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
99 TRACE(("leave recv_msg_userauth_banner"));
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
100 }
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
101
942b22d7dd1c Banner printing
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
102
33
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
103 void recv_msg_userauth_failure() {
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
104
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
105 unsigned char * methods = NULL;
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
106 unsigned char * tok = NULL;
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
107 unsigned int methlen = 0;
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
108 unsigned int partial = 0;
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
109 unsigned int i = 0;
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
110
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
111 TRACE(("<- MSG_USERAUTH_FAILURE"));
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
112 TRACE(("enter recv_msg_userauth_failure"));
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
113
45
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents: 43
diff changeset
114 if (cli_ses.state != USERAUTH_REQ_SENT) {
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents: 43
diff changeset
115 /* Perhaps we should be more fatal? */
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents: 43
diff changeset
116 TRACE(("But we didn't send a userauth request!!!!!!"));
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents: 43
diff changeset
117 return;
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents: 43
diff changeset
118 }
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents: 43
diff changeset
119
68
eee77ac31ccc cleaning up the pubkey defines
Matt Johnston <matt@ucc.asn.au>
parents: 45
diff changeset
120 #ifdef ENABLE_CLI_PUBKEY_AUTH
45
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents: 43
diff changeset
121 /* If it was a pubkey auth request, we should cross that key
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents: 43
diff changeset
122 * off the list. */
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents: 43
diff changeset
123 if (cli_ses.lastauthtype == AUTH_TYPE_PUBKEY) {
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents: 43
diff changeset
124 cli_pubkeyfail();
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents: 43
diff changeset
125 }
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents: 43
diff changeset
126 #endif
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents: 43
diff changeset
127
33
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
128 methods = buf_getstring(ses.payload, &methlen);
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
129
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
130 partial = buf_getbyte(ses.payload);
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
131
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
132 if (partial) {
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
133 dropbear_log(LOG_INFO, "Authentication partially succeeded, more attempts required");
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
134 } else {
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
135 ses.authstate.failcount++;
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
136 }
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
137
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
138 TRACE(("Methods (len %d): '%s'", methlen, methods));
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
139
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
140 ses.authstate.authdone=0;
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
141 ses.authstate.authtypes=0;
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
142
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
143 /* Split with nulls rather than commas */
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
144 for (i = 0; i < methlen; i++) {
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
145 if (methods[i] == ',') {
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
146 methods[i] = '\0';
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
147 }
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
148 }
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
149
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
150 tok = methods; /* tok stores the next method we'll compare */
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
151 for (i = 0; i <= methlen; i++) {
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
152 if (methods[i] == '\0') {
34
e2a1eaa19f22 Client mostly works up to password auth
Matt Johnston <matt@ucc.asn.au>
parents: 33
diff changeset
153 TRACE(("auth method '%s'", tok));
68
eee77ac31ccc cleaning up the pubkey defines
Matt Johnston <matt@ucc.asn.au>
parents: 45
diff changeset
154 #ifdef ENABLE_CLI_PUBKEY_AUTH
33
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
155 if (strncmp(AUTH_METHOD_PUBKEY, tok,
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
156 AUTH_METHOD_PUBKEY_LEN) == 0) {
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
157 ses.authstate.authtypes |= AUTH_TYPE_PUBKEY;
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
158 }
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
159 #endif
68
eee77ac31ccc cleaning up the pubkey defines
Matt Johnston <matt@ucc.asn.au>
parents: 45
diff changeset
160 #ifdef ENABLE_CLI_PASSWORD_AUTH
33
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
161 if (strncmp(AUTH_METHOD_PASSWORD, tok,
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
162 AUTH_METHOD_PASSWORD_LEN) == 0) {
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
163 ses.authstate.authtypes |= AUTH_TYPE_PASSWORD;
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
164 }
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
165 #endif
34
e2a1eaa19f22 Client mostly works up to password auth
Matt Johnston <matt@ucc.asn.au>
parents: 33
diff changeset
166 tok = &methods[i+1]; /* Must make sure we don't use it after the
e2a1eaa19f22 Client mostly works up to password auth
Matt Johnston <matt@ucc.asn.au>
parents: 33
diff changeset
167 last loop, since it'll point to something
e2a1eaa19f22 Client mostly works up to password auth
Matt Johnston <matt@ucc.asn.au>
parents: 33
diff changeset
168 undefined */
33
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
169 }
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
170 }
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
171
114
2be6aa26a8c9 Leak found with MallocDebug - it's kinda useful
Matt Johnston <matt@ucc.asn.au>
parents: 74
diff changeset
172 m_free(methods);
2be6aa26a8c9 Leak found with MallocDebug - it's kinda useful
Matt Johnston <matt@ucc.asn.au>
parents: 74
diff changeset
173
33
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
174 cli_ses.state = USERAUTH_FAIL_RCVD;
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
175
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
176 TRACE(("leave recv_msg_userauth_failure"));
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
177 }
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
178
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
179 void recv_msg_userauth_success() {
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
180 TRACE(("received msg_userauth_success"));
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
181 ses.authstate.authdone = 1;
37
0913e2ee3545 we're nearly there yet
Matt Johnston <matt@ucc.asn.au>
parents: 35
diff changeset
182 cli_ses.state = USERAUTH_SUCCESS_RCVD;
33
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
183 }
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
184
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
185 void cli_auth_try() {
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
186
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
187 TRACE(("enter cli_auth_try"));
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
188 int finished = 0;
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
189
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
190 CHECKCLEARTOWRITE();
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
191
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
192 /* XXX We hardcode that we try a pubkey first */
68
eee77ac31ccc cleaning up the pubkey defines
Matt Johnston <matt@ucc.asn.au>
parents: 45
diff changeset
193 #ifdef ENABLE_CLI_PUBKEY_AUTH
33
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
194 if (ses.authstate.authtypes & AUTH_TYPE_PUBKEY) {
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
195 finished = cli_auth_pubkey();
45
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents: 43
diff changeset
196 cli_ses.lastauthtype = AUTH_TYPE_PUBKEY;
33
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
197 }
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
198 #endif
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
199
68
eee77ac31ccc cleaning up the pubkey defines
Matt Johnston <matt@ucc.asn.au>
parents: 45
diff changeset
200 #ifdef ENABLE_CLI_PASSWORD_AUTH
33
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
201 if (!finished && ses.authstate.authtypes & AUTH_TYPE_PASSWORD) {
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
202 finished = cli_auth_password();
45
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents: 43
diff changeset
203 cli_ses.lastauthtype = AUTH_TYPE_PASSWORD;
33
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
204 }
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
205 #endif
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
206
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
207 if (!finished) {
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
208 dropbear_exit("No auth methods could be used.");
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
209 }
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
210
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
211 TRACE(("leave cli_auth_try"));
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
212 }