dropbear: cli-auth.c annotate

annotate cli-auth.c @ 1938:77bc00dcc19f default tip main master

Bump version to 2022.82

author	Matt Johnston <matt@ucc.asn.au>
date	Fri, 01 Apr 2022 14:43:27 +0800
parents	334b742fdeb8
children

rev	line source
74 e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files Matt Johnston <matt@ucc.asn.au> parents: 68 diff changeset	1 /*
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files Matt Johnston <matt@ucc.asn.au> parents: 68 diff changeset	2 * Dropbear SSH
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files Matt Johnston <matt@ucc.asn.au> parents: 68 diff changeset	3 *
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files Matt Johnston <matt@ucc.asn.au> parents: 68 diff changeset	4 * Copyright (c) 2002,2003 Matt Johnston
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files Matt Johnston <matt@ucc.asn.au> parents: 68 diff changeset	5 * Copyright (c) 2004 by Mihnea Stoenescu
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files Matt Johnston <matt@ucc.asn.au> parents: 68 diff changeset	6 * All rights reserved.
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files Matt Johnston <matt@ucc.asn.au> parents: 68 diff changeset	7 *
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files Matt Johnston <matt@ucc.asn.au> parents: 68 diff changeset	8 * Permission is hereby granted, free of charge, to any person obtaining a copy
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files Matt Johnston <matt@ucc.asn.au> parents: 68 diff changeset	9 * of this software and associated documentation files (the "Software"), to deal
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files Matt Johnston <matt@ucc.asn.au> parents: 68 diff changeset	10 * in the Software without restriction, including without limitation the rights
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files Matt Johnston <matt@ucc.asn.au> parents: 68 diff changeset	11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files Matt Johnston <matt@ucc.asn.au> parents: 68 diff changeset	12 * copies of the Software, and to permit persons to whom the Software is
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files Matt Johnston <matt@ucc.asn.au> parents: 68 diff changeset	13 * furnished to do so, subject to the following conditions:
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files Matt Johnston <matt@ucc.asn.au> parents: 68 diff changeset	14 *
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files Matt Johnston <matt@ucc.asn.au> parents: 68 diff changeset	15 * The above copyright notice and this permission notice shall be included in
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files Matt Johnston <matt@ucc.asn.au> parents: 68 diff changeset	16 * all copies or substantial portions of the Software.
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files Matt Johnston <matt@ucc.asn.au> parents: 68 diff changeset	17 *
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files Matt Johnston <matt@ucc.asn.au> parents: 68 diff changeset	18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files Matt Johnston <matt@ucc.asn.au> parents: 68 diff changeset	19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files Matt Johnston <matt@ucc.asn.au> parents: 68 diff changeset	20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files Matt Johnston <matt@ucc.asn.au> parents: 68 diff changeset	21 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files Matt Johnston <matt@ucc.asn.au> parents: 68 diff changeset	22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files Matt Johnston <matt@ucc.asn.au> parents: 68 diff changeset	23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files Matt Johnston <matt@ucc.asn.au> parents: 68 diff changeset	24 * SOFTWARE. */
e3adf4cf5465 License boilerplate etc, add Mihnea as an author to some of the files Matt Johnston <matt@ucc.asn.au> parents: 68 diff changeset	25
33 f789045062e6 Progressing client support Matt Johnston <matt@ucc.asn.au> parents: diff changeset	26 #include "includes.h"
f789045062e6 Progressing client support Matt Johnston <matt@ucc.asn.au> parents: diff changeset	27 #include "session.h"
f789045062e6 Progressing client support Matt Johnston <matt@ucc.asn.au> parents: diff changeset	28 #include "auth.h"
f789045062e6 Progressing client support Matt Johnston <matt@ucc.asn.au> parents: diff changeset	29 #include "dbutil.h"
f789045062e6 Progressing client support Matt Johnston <matt@ucc.asn.au> parents: diff changeset	30 #include "buffer.h"
f789045062e6 Progressing client support Matt Johnston <matt@ucc.asn.au> parents: diff changeset	31 #include "ssh.h"
f789045062e6 Progressing client support Matt Johnston <matt@ucc.asn.au> parents: diff changeset	32 #include "packet.h"
f789045062e6 Progressing client support Matt Johnston <matt@ucc.asn.au> parents: diff changeset	33 #include "runopts.h"
f789045062e6 Progressing client support Matt Johnston <matt@ucc.asn.au> parents: diff changeset	34
f789045062e6 Progressing client support Matt Johnston <matt@ucc.asn.au> parents: diff changeset	35 /* Send a "none" auth request to get available methods */
f789045062e6 Progressing client support Matt Johnston <matt@ucc.asn.au> parents: diff changeset	36 void cli_auth_getmethods() {
165 0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place Matt Johnston <matt@ucc.asn.au> parents: 114 diff changeset	37 TRACE(("enter cli_auth_getmethods"))
33 f789045062e6 Progressing client support Matt Johnston <matt@ucc.asn.au> parents: diff changeset	38 CHECKCLEARTOWRITE();
f789045062e6 Progressing client support Matt Johnston <matt@ucc.asn.au> parents: diff changeset	39 buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_REQUEST);
1122 aaf576b27a10 Merge pull request #13 from gazoo74/fix-warnings Matt Johnston <matt@ucc.asn.au> parents: 1115 diff changeset	40 buf_putstring(ses.writepayload, cli_opts.username,
35 0ad5fb979f42 set the isserver flag (oops) Matt Johnston <matt@ucc.asn.au> parents: 34 diff changeset	41 strlen(cli_opts.username));
1122 aaf576b27a10 Merge pull request #13 from gazoo74/fix-warnings Matt Johnston <matt@ucc.asn.au> parents: 1115 diff changeset	42 buf_putstring(ses.writepayload, SSH_SERVICE_CONNECTION,
33 f789045062e6 Progressing client support Matt Johnston <matt@ucc.asn.au> parents: diff changeset	43 SSH_SERVICE_CONNECTION_LEN);
1122 aaf576b27a10 Merge pull request #13 from gazoo74/fix-warnings Matt Johnston <matt@ucc.asn.au> parents: 1115 diff changeset	44 buf_putstring(ses.writepayload, "none", 4); /* 'none' method */
33 f789045062e6 Progressing client support Matt Johnston <matt@ucc.asn.au> parents: diff changeset	45
f789045062e6 Progressing client support Matt Johnston <matt@ucc.asn.au> parents: diff changeset	46 encrypt_packet();
883 ff597bf2cfb0 DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default Matt Johnston <matt@ucc.asn.au> parents: 734 diff changeset	47
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1249 diff changeset	48 #if DROPBEAR_CLI_IMMEDIATE_AUTH
894 7032deca6b90 Disable immediate auth for delayed-zlib mode Matt Johnston <matt@ucc.asn.au> parents: 883 diff changeset	49 /* We can't haven't two auth requests in-flight with delayed zlib mode
7032deca6b90 Disable immediate auth for delayed-zlib mode Matt Johnston <matt@ucc.asn.au> parents: 883 diff changeset	50 since if the first one succeeds then the remote side will
7032deca6b90 Disable immediate auth for delayed-zlib mode Matt Johnston <matt@ucc.asn.au> parents: 883 diff changeset	51 expect the second one to be compressed.
7032deca6b90 Disable immediate auth for delayed-zlib mode Matt Johnston <matt@ucc.asn.au> parents: 883 diff changeset	52 Race described at
7032deca6b90 Disable immediate auth for delayed-zlib mode Matt Johnston <matt@ucc.asn.au> parents: 883 diff changeset	53 http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/zlib-openssh.html
7032deca6b90 Disable immediate auth for delayed-zlib mode Matt Johnston <matt@ucc.asn.au> parents: 883 diff changeset	54 */
7032deca6b90 Disable immediate auth for delayed-zlib mode Matt Johnston <matt@ucc.asn.au> parents: 883 diff changeset	55 if (ses.keys->trans.algo_comp != DROPBEAR_COMP_ZLIB_DELAY) {
7032deca6b90 Disable immediate auth for delayed-zlib mode Matt Johnston <matt@ucc.asn.au> parents: 883 diff changeset	56 ses.authstate.authtypes = AUTH_TYPE_PUBKEY;
1514 6c16a05023aa rename some options and move some to sysoptions.h Matt Johnston <matt@ucc.asn.au> parents: 1499 diff changeset	57 #if DROPBEAR_USE_PASSWORD_ENV
894 7032deca6b90 Disable immediate auth for delayed-zlib mode Matt Johnston <matt@ucc.asn.au> parents: 883 diff changeset	58 if (getenv(DROPBEAR_PASSWORD_ENV)) {
7032deca6b90 Disable immediate auth for delayed-zlib mode Matt Johnston <matt@ucc.asn.au> parents: 883 diff changeset	59 ses.authstate.authtypes \|= AUTH_TYPE_PASSWORD \| AUTH_TYPE_INTERACT;
7032deca6b90 Disable immediate auth for delayed-zlib mode Matt Johnston <matt@ucc.asn.au> parents: 883 diff changeset	60 }
1499 2d450c1056e3 options: Complete the transition to numeric toggles (`#if') Michael Witten <mfwitten@gmail.com> parents: 1459 diff changeset	61 #endif
894 7032deca6b90 Disable immediate auth for delayed-zlib mode Matt Johnston <matt@ucc.asn.au> parents: 883 diff changeset	62 if (cli_auth_try() == DROPBEAR_SUCCESS) {
7032deca6b90 Disable immediate auth for delayed-zlib mode Matt Johnston <matt@ucc.asn.au> parents: 883 diff changeset	63 TRACE(("skipped initial none auth query"))
7032deca6b90 Disable immediate auth for delayed-zlib mode Matt Johnston <matt@ucc.asn.au> parents: 883 diff changeset	64 /* Note that there will be two auth responses in-flight */
7032deca6b90 Disable immediate auth for delayed-zlib mode Matt Johnston <matt@ucc.asn.au> parents: 883 diff changeset	65 cli_ses.ignore_next_auth_response = 1;
7032deca6b90 Disable immediate auth for delayed-zlib mode Matt Johnston <matt@ucc.asn.au> parents: 883 diff changeset	66 }
883 ff597bf2cfb0 DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default Matt Johnston <matt@ucc.asn.au> parents: 734 diff changeset	67 }
ff597bf2cfb0 DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default Matt Johnston <matt@ucc.asn.au> parents: 734 diff changeset	68 #endif
165 0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place Matt Johnston <matt@ucc.asn.au> parents: 114 diff changeset	69 TRACE(("leave cli_auth_getmethods"))
33 f789045062e6 Progressing client support Matt Johnston <matt@ucc.asn.au> parents: diff changeset	70 }
f789045062e6 Progressing client support Matt Johnston <matt@ucc.asn.au> parents: diff changeset	71
43 942b22d7dd1c Banner printing Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	72 void recv_msg_userauth_banner() {
942b22d7dd1c Banner printing Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	73
1115 efb7e545a65e Turn banner, methods and tok local variable into char * Gaël PORTAY <gael.portay@gmail.com> parents: 1094 diff changeset	74 char* banner = NULL;
43 942b22d7dd1c Banner printing Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	75 unsigned int bannerlen;
942b22d7dd1c Banner printing Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	76 unsigned int i, linecount;
1296 6959c88c8f13 message about truncated banner Matt Johnston <matt@ucc.asn.au> parents: 1295 diff changeset	77 int truncated = 0;
43 942b22d7dd1c Banner printing Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	78
165 0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place Matt Johnston <matt@ucc.asn.au> parents: 114 diff changeset	79 TRACE(("enter recv_msg_userauth_banner"))
43 942b22d7dd1c Banner printing Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	80 if (ses.authstate.authdone) {
165 0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place Matt Johnston <matt@ucc.asn.au> parents: 114 diff changeset	81 TRACE(("leave recv_msg_userauth_banner: banner after auth done"))
43 942b22d7dd1c Banner printing Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	82 return;
942b22d7dd1c Banner printing Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	83 }
942b22d7dd1c Banner printing Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	84
1937 334b742fdeb8 Fix -q to hide the banner Matt Johnston <matt@ucc.asn.au> parents: 1894 diff changeset	85 if (cli_opts.quiet) {
334b742fdeb8 Fix -q to hide the banner Matt Johnston <matt@ucc.asn.au> parents: 1894 diff changeset	86 TRACE(("not showing banner"))
334b742fdeb8 Fix -q to hide the banner Matt Johnston <matt@ucc.asn.au> parents: 1894 diff changeset	87 return;
334b742fdeb8 Fix -q to hide the banner Matt Johnston <matt@ucc.asn.au> parents: 1894 diff changeset	88 }
334b742fdeb8 Fix -q to hide the banner Matt Johnston <matt@ucc.asn.au> parents: 1894 diff changeset	89
1122 aaf576b27a10 Merge pull request #13 from gazoo74/fix-warnings Matt Johnston <matt@ucc.asn.au> parents: 1115 diff changeset	90 banner = buf_getstring(ses.payload, &bannerlen);
43 942b22d7dd1c Banner printing Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	91 buf_eatstring(ses.payload); /* The language string */
942b22d7dd1c Banner printing Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	92
1894 62e4baa059c3 changed TRACE to DEBUG1 for dbclient HansH111 <hans@atbas.org> parents: 1878 diff changeset	93 if (bannerlen > MAX_BANNER_SIZE) {
62e4baa059c3 changed TRACE to DEBUG1 for dbclient HansH111 <hans@atbas.org> parents: 1878 diff changeset	94 TRACE(("recv_msg_userauth_banner: bannerlen too long: %d", bannerlen))
62e4baa059c3 changed TRACE to DEBUG1 for dbclient HansH111 <hans@atbas.org> parents: 1878 diff changeset	95 truncated = 1;
62e4baa059c3 changed TRACE to DEBUG1 for dbclient HansH111 <hans@atbas.org> parents: 1878 diff changeset	96 } else {
62e4baa059c3 changed TRACE to DEBUG1 for dbclient HansH111 <hans@atbas.org> parents: 1878 diff changeset	97 cleantext(banner);
1296 6959c88c8f13 message about truncated banner Matt Johnston <matt@ucc.asn.au> parents: 1295 diff changeset	98
1894 62e4baa059c3 changed TRACE to DEBUG1 for dbclient HansH111 <hans@atbas.org> parents: 1878 diff changeset	99 /* Limit to 24 lines */
62e4baa059c3 changed TRACE to DEBUG1 for dbclient HansH111 <hans@atbas.org> parents: 1878 diff changeset	100 linecount = 1;
62e4baa059c3 changed TRACE to DEBUG1 for dbclient HansH111 <hans@atbas.org> parents: 1878 diff changeset	101 for (i = 0; i < bannerlen; i++) {
62e4baa059c3 changed TRACE to DEBUG1 for dbclient HansH111 <hans@atbas.org> parents: 1878 diff changeset	102 if (banner[i] == '\n') {
62e4baa059c3 changed TRACE to DEBUG1 for dbclient HansH111 <hans@atbas.org> parents: 1878 diff changeset	103 if (linecount >= MAX_BANNER_LINES) {
62e4baa059c3 changed TRACE to DEBUG1 for dbclient HansH111 <hans@atbas.org> parents: 1878 diff changeset	104 banner[i] = '\0';
62e4baa059c3 changed TRACE to DEBUG1 for dbclient HansH111 <hans@atbas.org> parents: 1878 diff changeset	105 truncated = 1;
62e4baa059c3 changed TRACE to DEBUG1 for dbclient HansH111 <hans@atbas.org> parents: 1878 diff changeset	106 break;
1296 6959c88c8f13 message about truncated banner Matt Johnston <matt@ucc.asn.au> parents: 1295 diff changeset	107 }
1894 62e4baa059c3 changed TRACE to DEBUG1 for dbclient HansH111 <hans@atbas.org> parents: 1878 diff changeset	108 linecount++;
1296 6959c88c8f13 message about truncated banner Matt Johnston <matt@ucc.asn.au> parents: 1295 diff changeset	109 }
6959c88c8f13 message about truncated banner Matt Johnston <matt@ucc.asn.au> parents: 1295 diff changeset	110 }
1894 62e4baa059c3 changed TRACE to DEBUG1 for dbclient HansH111 <hans@atbas.org> parents: 1878 diff changeset	111 fprintf(stderr, "%s\n", banner);
62e4baa059c3 changed TRACE to DEBUG1 for dbclient HansH111 <hans@atbas.org> parents: 1878 diff changeset	112 }
1878 d512da7b1198 only show banner when cli_opts.quiet is not set HansH111 <hans@atbas.org> parents: 1821 diff changeset	113
1894 62e4baa059c3 changed TRACE to DEBUG1 for dbclient HansH111 <hans@atbas.org> parents: 1878 diff changeset	114 if (truncated) {
62e4baa059c3 changed TRACE to DEBUG1 for dbclient HansH111 <hans@atbas.org> parents: 1878 diff changeset	115 fprintf(stderr, "[Banner from the server is too long]\n");
43 942b22d7dd1c Banner printing Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	116 }
1894 62e4baa059c3 changed TRACE to DEBUG1 for dbclient HansH111 <hans@atbas.org> parents: 1878 diff changeset	117
43 942b22d7dd1c Banner printing Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	118 m_free(banner);
165 0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place Matt Johnston <matt@ucc.asn.au> parents: 114 diff changeset	119 TRACE(("leave recv_msg_userauth_banner"))
43 942b22d7dd1c Banner printing Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	120 }
942b22d7dd1c Banner printing Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	121
249 efbaf6b03837 added keyboard-interactive client support Matt Johnston <matt@ucc.asn.au> parents: 179 diff changeset	122 /* This handles the message-specific types which
efbaf6b03837 added keyboard-interactive client support Matt Johnston <matt@ucc.asn.au> parents: 179 diff changeset	123 * all have a value of 60. These are
efbaf6b03837 added keyboard-interactive client support Matt Johnston <matt@ucc.asn.au> parents: 179 diff changeset	124 * SSH_MSG_USERAUTH_PASSWD_CHANGEREQ,
efbaf6b03837 added keyboard-interactive client support Matt Johnston <matt@ucc.asn.au> parents: 179 diff changeset	125 * SSH_MSG_USERAUTH_PK_OK, &
efbaf6b03837 added keyboard-interactive client support Matt Johnston <matt@ucc.asn.au> parents: 179 diff changeset	126 * SSH_MSG_USERAUTH_INFO_REQUEST. */
efbaf6b03837 added keyboard-interactive client support Matt Johnston <matt@ucc.asn.au> parents: 179 diff changeset	127 void recv_msg_userauth_specific_60() {
efbaf6b03837 added keyboard-interactive client support Matt Johnston <matt@ucc.asn.au> parents: 179 diff changeset	128
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1249 diff changeset	129 #if DROPBEAR_CLI_PUBKEY_AUTH
249 efbaf6b03837 added keyboard-interactive client support Matt Johnston <matt@ucc.asn.au> parents: 179 diff changeset	130 if (cli_ses.lastauthtype == AUTH_TYPE_PUBKEY) {
efbaf6b03837 added keyboard-interactive client support Matt Johnston <matt@ucc.asn.au> parents: 179 diff changeset	131 recv_msg_userauth_pk_ok();
efbaf6b03837 added keyboard-interactive client support Matt Johnston <matt@ucc.asn.au> parents: 179 diff changeset	132 return;
efbaf6b03837 added keyboard-interactive client support Matt Johnston <matt@ucc.asn.au> parents: 179 diff changeset	133 }
efbaf6b03837 added keyboard-interactive client support Matt Johnston <matt@ucc.asn.au> parents: 179 diff changeset	134 #endif
efbaf6b03837 added keyboard-interactive client support Matt Johnston <matt@ucc.asn.au> parents: 179 diff changeset	135
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1249 diff changeset	136 #if DROPBEAR_CLI_INTERACT_AUTH
249 efbaf6b03837 added keyboard-interactive client support Matt Johnston <matt@ucc.asn.au> parents: 179 diff changeset	137 if (cli_ses.lastauthtype == AUTH_TYPE_INTERACT) {
efbaf6b03837 added keyboard-interactive client support Matt Johnston <matt@ucc.asn.au> parents: 179 diff changeset	138 recv_msg_userauth_info_request();
efbaf6b03837 added keyboard-interactive client support Matt Johnston <matt@ucc.asn.au> parents: 179 diff changeset	139 return;
efbaf6b03837 added keyboard-interactive client support Matt Johnston <matt@ucc.asn.au> parents: 179 diff changeset	140 }
efbaf6b03837 added keyboard-interactive client support Matt Johnston <matt@ucc.asn.au> parents: 179 diff changeset	141 #endif
efbaf6b03837 added keyboard-interactive client support Matt Johnston <matt@ucc.asn.au> parents: 179 diff changeset	142
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1249 diff changeset	143 #if DROPBEAR_CLI_PASSWORD_AUTH
249 efbaf6b03837 added keyboard-interactive client support Matt Johnston <matt@ucc.asn.au> parents: 179 diff changeset	144 if (cli_ses.lastauthtype == AUTH_TYPE_PASSWORD) {
efbaf6b03837 added keyboard-interactive client support Matt Johnston <matt@ucc.asn.au> parents: 179 diff changeset	145 /* Eventually there could be proper password-changing
efbaf6b03837 added keyboard-interactive client support Matt Johnston <matt@ucc.asn.au> parents: 179 diff changeset	146 * support. However currently few servers seem to
efbaf6b03837 added keyboard-interactive client support Matt Johnston <matt@ucc.asn.au> parents: 179 diff changeset	147 * implement it, and password auth is last-resort
efbaf6b03837 added keyboard-interactive client support Matt Johnston <matt@ucc.asn.au> parents: 179 diff changeset	148 * regardless - keyboard-interactive is more likely
efbaf6b03837 added keyboard-interactive client support Matt Johnston <matt@ucc.asn.au> parents: 179 diff changeset	149 * to be used anyway. */
efbaf6b03837 added keyboard-interactive client support Matt Johnston <matt@ucc.asn.au> parents: 179 diff changeset	150 dropbear_close("Your password has expired.");
efbaf6b03837 added keyboard-interactive client support Matt Johnston <matt@ucc.asn.au> parents: 179 diff changeset	151 }
efbaf6b03837 added keyboard-interactive client support Matt Johnston <matt@ucc.asn.au> parents: 179 diff changeset	152 #endif
efbaf6b03837 added keyboard-interactive client support Matt Johnston <matt@ucc.asn.au> parents: 179 diff changeset	153
efbaf6b03837 added keyboard-interactive client support Matt Johnston <matt@ucc.asn.au> parents: 179 diff changeset	154 dropbear_exit("Unexpected userauth packet");
efbaf6b03837 added keyboard-interactive client support Matt Johnston <matt@ucc.asn.au> parents: 179 diff changeset	155 }
43 942b22d7dd1c Banner printing Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	156
33 f789045062e6 Progressing client support Matt Johnston <matt@ucc.asn.au> parents: diff changeset	157 void recv_msg_userauth_failure() {
f789045062e6 Progressing client support Matt Johnston <matt@ucc.asn.au> parents: diff changeset	158
1115 efb7e545a65e Turn banner, methods and tok local variable into char * Gaël PORTAY <gael.portay@gmail.com> parents: 1094 diff changeset	159 char * methods = NULL;
efb7e545a65e Turn banner, methods and tok local variable into char * Gaël PORTAY <gael.portay@gmail.com> parents: 1094 diff changeset	160 char * tok = NULL;
33 f789045062e6 Progressing client support Matt Johnston <matt@ucc.asn.au> parents: diff changeset	161 unsigned int methlen = 0;
f789045062e6 Progressing client support Matt Johnston <matt@ucc.asn.au> parents: diff changeset	162 unsigned int partial = 0;
f789045062e6 Progressing client support Matt Johnston <matt@ucc.asn.au> parents: diff changeset	163 unsigned int i = 0;
f789045062e6 Progressing client support Matt Johnston <matt@ucc.asn.au> parents: diff changeset	164
165 0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place Matt Johnston <matt@ucc.asn.au> parents: 114 diff changeset	165 TRACE(("<- MSG_USERAUTH_FAILURE"))
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place Matt Johnston <matt@ucc.asn.au> parents: 114 diff changeset	166 TRACE(("enter recv_msg_userauth_failure"))
33 f789045062e6 Progressing client support Matt Johnston <matt@ucc.asn.au> parents: diff changeset	167
883 ff597bf2cfb0 DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default Matt Johnston <matt@ucc.asn.au> parents: 734 diff changeset	168 if (ses.authstate.authdone) {
ff597bf2cfb0 DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default Matt Johnston <matt@ucc.asn.au> parents: 734 diff changeset	169 TRACE(("leave recv_msg_userauth_failure, already authdone."))
ff597bf2cfb0 DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default Matt Johnston <matt@ucc.asn.au> parents: 734 diff changeset	170 return;
ff597bf2cfb0 DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default Matt Johnston <matt@ucc.asn.au> parents: 734 diff changeset	171 }
ff597bf2cfb0 DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default Matt Johnston <matt@ucc.asn.au> parents: 734 diff changeset	172
45 9ee8996a375f Pubkey auth is mostly there for the client. Something strange with Matt Johnston <matt@ucc.asn.au> parents: 43 diff changeset	173 if (cli_ses.state != USERAUTH_REQ_SENT) {
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with Matt Johnston <matt@ucc.asn.au> parents: 43 diff changeset	174 /* Perhaps we should be more fatal? */
249 efbaf6b03837 added keyboard-interactive client support Matt Johnston <matt@ucc.asn.au> parents: 179 diff changeset	175 dropbear_exit("Unexpected userauth failure");
45 9ee8996a375f Pubkey auth is mostly there for the client. Something strange with Matt Johnston <matt@ucc.asn.au> parents: 43 diff changeset	176 }
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with Matt Johnston <matt@ucc.asn.au> parents: 43 diff changeset	177
883 ff597bf2cfb0 DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default Matt Johnston <matt@ucc.asn.au> parents: 734 diff changeset	178 /* When DROPBEAR_CLI_IMMEDIATE_AUTH is set there will be an initial response for
ff597bf2cfb0 DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default Matt Johnston <matt@ucc.asn.au> parents: 734 diff changeset	179 the "none" auth request, and then a response to the immediate auth request.
ff597bf2cfb0 DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default Matt Johnston <matt@ucc.asn.au> parents: 734 diff changeset	180 We need to be careful handling them. */
ff597bf2cfb0 DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default Matt Johnston <matt@ucc.asn.au> parents: 734 diff changeset	181 if (cli_ses.ignore_next_auth_response) {
ff597bf2cfb0 DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default Matt Johnston <matt@ucc.asn.au> parents: 734 diff changeset	182 cli_ses.state = USERAUTH_REQ_SENT;
931 ac340d3e452e Fix pubkey auth if the first key presented fails (infinite loop of Matt Johnston <matt@ucc.asn.au> parents: 894 diff changeset	183 cli_ses.ignore_next_auth_response = 0;
ac340d3e452e Fix pubkey auth if the first key presented fails (infinite loop of Matt Johnston <matt@ucc.asn.au> parents: 894 diff changeset	184 TRACE(("leave recv_msg_userauth_failure, ignored response, state set to USERAUTH_REQ_SENT"));
ac340d3e452e Fix pubkey auth if the first key presented fails (infinite loop of Matt Johnston <matt@ucc.asn.au> parents: 894 diff changeset	185 return;
883 ff597bf2cfb0 DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default Matt Johnston <matt@ucc.asn.au> parents: 734 diff changeset	186 } else {
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1249 diff changeset	187 #if DROPBEAR_CLI_PUBKEY_AUTH
883 ff597bf2cfb0 DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default Matt Johnston <matt@ucc.asn.au> parents: 734 diff changeset	188 /* If it was a pubkey auth request, we should cross that key
ff597bf2cfb0 DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default Matt Johnston <matt@ucc.asn.au> parents: 734 diff changeset	189 * off the list. */
ff597bf2cfb0 DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default Matt Johnston <matt@ucc.asn.au> parents: 734 diff changeset	190 if (cli_ses.lastauthtype == AUTH_TYPE_PUBKEY) {
ff597bf2cfb0 DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default Matt Johnston <matt@ucc.asn.au> parents: 734 diff changeset	191 cli_pubkeyfail();
ff597bf2cfb0 DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default Matt Johnston <matt@ucc.asn.au> parents: 734 diff changeset	192 }
45 9ee8996a375f Pubkey auth is mostly there for the client. Something strange with Matt Johnston <matt@ucc.asn.au> parents: 43 diff changeset	193 #endif
9ee8996a375f Pubkey auth is mostly there for the client. Something strange with Matt Johnston <matt@ucc.asn.au> parents: 43 diff changeset	194
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1249 diff changeset	195 #if DROPBEAR_CLI_INTERACT_AUTH
883 ff597bf2cfb0 DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default Matt Johnston <matt@ucc.asn.au> parents: 734 diff changeset	196 /* If we get a failure message for keyboard interactive without
ff597bf2cfb0 DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default Matt Johnston <matt@ucc.asn.au> parents: 734 diff changeset	197 * receiving any request info packet, then we don't bother trying
ff597bf2cfb0 DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default Matt Johnston <matt@ucc.asn.au> parents: 734 diff changeset	198 * keyboard interactive again */
ff597bf2cfb0 DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default Matt Johnston <matt@ucc.asn.au> parents: 734 diff changeset	199 if (cli_ses.lastauthtype == AUTH_TYPE_INTERACT
ff597bf2cfb0 DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default Matt Johnston <matt@ucc.asn.au> parents: 734 diff changeset	200 && !cli_ses.interact_request_received) {
ff597bf2cfb0 DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default Matt Johnston <matt@ucc.asn.au> parents: 734 diff changeset	201 TRACE(("setting auth_interact_failed = 1"))
ff597bf2cfb0 DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default Matt Johnston <matt@ucc.asn.au> parents: 734 diff changeset	202 cli_ses.auth_interact_failed = 1;
ff597bf2cfb0 DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default Matt Johnston <matt@ucc.asn.au> parents: 734 diff changeset	203 }
ff597bf2cfb0 DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default Matt Johnston <matt@ucc.asn.au> parents: 734 diff changeset	204 #endif
931 ac340d3e452e Fix pubkey auth if the first key presented fails (infinite loop of Matt Johnston <matt@ucc.asn.au> parents: 894 diff changeset	205 cli_ses.state = USERAUTH_FAIL_RCVD;
ac340d3e452e Fix pubkey auth if the first key presented fails (infinite loop of Matt Johnston <matt@ucc.asn.au> parents: 894 diff changeset	206 cli_ses.lastauthtype = AUTH_TYPE_NONE;
249 efbaf6b03837 added keyboard-interactive client support Matt Johnston <matt@ucc.asn.au> parents: 179 diff changeset	207 }
efbaf6b03837 added keyboard-interactive client support Matt Johnston <matt@ucc.asn.au> parents: 179 diff changeset	208
1122 aaf576b27a10 Merge pull request #13 from gazoo74/fix-warnings Matt Johnston <matt@ucc.asn.au> parents: 1115 diff changeset	209 methods = buf_getstring(ses.payload, &methlen);
33 f789045062e6 Progressing client support Matt Johnston <matt@ucc.asn.au> parents: diff changeset	210
179 161557a9dde8 * fix longstanding bug with connections being closed on failure to Matt Johnston <matt@ucc.asn.au> parents: 165 diff changeset	211 partial = buf_getbool(ses.payload);
33 f789045062e6 Progressing client support Matt Johnston <matt@ucc.asn.au> parents: diff changeset	212
f789045062e6 Progressing client support Matt Johnston <matt@ucc.asn.au> parents: diff changeset	213 if (partial) {
f789045062e6 Progressing client support Matt Johnston <matt@ucc.asn.au> parents: diff changeset	214 dropbear_log(LOG_INFO, "Authentication partially succeeded, more attempts required");
f789045062e6 Progressing client support Matt Johnston <matt@ucc.asn.au> parents: diff changeset	215 } else {
f789045062e6 Progressing client support Matt Johnston <matt@ucc.asn.au> parents: diff changeset	216 ses.authstate.failcount++;
f789045062e6 Progressing client support Matt Johnston <matt@ucc.asn.au> parents: diff changeset	217 }
f789045062e6 Progressing client support Matt Johnston <matt@ucc.asn.au> parents: diff changeset	218
165 0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place Matt Johnston <matt@ucc.asn.au> parents: 114 diff changeset	219 TRACE(("Methods (len %d): '%s'", methlen, methods))
33 f789045062e6 Progressing client support Matt Johnston <matt@ucc.asn.au> parents: diff changeset	220
f789045062e6 Progressing client support Matt Johnston <matt@ucc.asn.au> parents: diff changeset	221 ses.authstate.authdone=0;
f789045062e6 Progressing client support Matt Johnston <matt@ucc.asn.au> parents: diff changeset	222 ses.authstate.authtypes=0;
f789045062e6 Progressing client support Matt Johnston <matt@ucc.asn.au> parents: diff changeset	223
f789045062e6 Progressing client support Matt Johnston <matt@ucc.asn.au> parents: diff changeset	224 /* Split with nulls rather than commas */
f789045062e6 Progressing client support Matt Johnston <matt@ucc.asn.au> parents: diff changeset	225 for (i = 0; i < methlen; i++) {
f789045062e6 Progressing client support Matt Johnston <matt@ucc.asn.au> parents: diff changeset	226 if (methods[i] == ',') {
f789045062e6 Progressing client support Matt Johnston <matt@ucc.asn.au> parents: diff changeset	227 methods[i] = '\0';
f789045062e6 Progressing client support Matt Johnston <matt@ucc.asn.au> parents: diff changeset	228 }
f789045062e6 Progressing client support Matt Johnston <matt@ucc.asn.au> parents: diff changeset	229 }
f789045062e6 Progressing client support Matt Johnston <matt@ucc.asn.au> parents: diff changeset	230
f789045062e6 Progressing client support Matt Johnston <matt@ucc.asn.au> parents: diff changeset	231 tok = methods; /* tok stores the next method we'll compare */
f789045062e6 Progressing client support Matt Johnston <matt@ucc.asn.au> parents: diff changeset	232 for (i = 0; i <= methlen; i++) {
f789045062e6 Progressing client support Matt Johnston <matt@ucc.asn.au> parents: diff changeset	233 if (methods[i] == '\0') {
165 0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place Matt Johnston <matt@ucc.asn.au> parents: 114 diff changeset	234 TRACE(("auth method '%s'", tok))
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1249 diff changeset	235 #if DROPBEAR_CLI_PUBKEY_AUTH
33 f789045062e6 Progressing client support Matt Johnston <matt@ucc.asn.au> parents: diff changeset	236 if (strncmp(AUTH_METHOD_PUBKEY, tok,
f789045062e6 Progressing client support Matt Johnston <matt@ucc.asn.au> parents: diff changeset	237 AUTH_METHOD_PUBKEY_LEN) == 0) {
f789045062e6 Progressing client support Matt Johnston <matt@ucc.asn.au> parents: diff changeset	238 ses.authstate.authtypes \|= AUTH_TYPE_PUBKEY;
f789045062e6 Progressing client support Matt Johnston <matt@ucc.asn.au> parents: diff changeset	239 }
f789045062e6 Progressing client support Matt Johnston <matt@ucc.asn.au> parents: diff changeset	240 #endif
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1249 diff changeset	241 #if DROPBEAR_CLI_INTERACT_AUTH
249 efbaf6b03837 added keyboard-interactive client support Matt Johnston <matt@ucc.asn.au> parents: 179 diff changeset	242 if (strncmp(AUTH_METHOD_INTERACT, tok,
efbaf6b03837 added keyboard-interactive client support Matt Johnston <matt@ucc.asn.au> parents: 179 diff changeset	243 AUTH_METHOD_INTERACT_LEN) == 0) {
efbaf6b03837 added keyboard-interactive client support Matt Johnston <matt@ucc.asn.au> parents: 179 diff changeset	244 ses.authstate.authtypes \|= AUTH_TYPE_INTERACT;
efbaf6b03837 added keyboard-interactive client support Matt Johnston <matt@ucc.asn.au> parents: 179 diff changeset	245 }
efbaf6b03837 added keyboard-interactive client support Matt Johnston <matt@ucc.asn.au> parents: 179 diff changeset	246 #endif
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1249 diff changeset	247 #if DROPBEAR_CLI_PASSWORD_AUTH
33 f789045062e6 Progressing client support Matt Johnston <matt@ucc.asn.au> parents: diff changeset	248 if (strncmp(AUTH_METHOD_PASSWORD, tok,
f789045062e6 Progressing client support Matt Johnston <matt@ucc.asn.au> parents: diff changeset	249 AUTH_METHOD_PASSWORD_LEN) == 0) {
f789045062e6 Progressing client support Matt Johnston <matt@ucc.asn.au> parents: diff changeset	250 ses.authstate.authtypes \|= AUTH_TYPE_PASSWORD;
f789045062e6 Progressing client support Matt Johnston <matt@ucc.asn.au> parents: diff changeset	251 }
f789045062e6 Progressing client support Matt Johnston <matt@ucc.asn.au> parents: diff changeset	252 #endif
34 e2a1eaa19f22 Client mostly works up to password auth Matt Johnston <matt@ucc.asn.au> parents: 33 diff changeset	253 tok = &methods[i+1]; /* Must make sure we don't use it after the
e2a1eaa19f22 Client mostly works up to password auth Matt Johnston <matt@ucc.asn.au> parents: 33 diff changeset	254 last loop, since it'll point to something
e2a1eaa19f22 Client mostly works up to password auth Matt Johnston <matt@ucc.asn.au> parents: 33 diff changeset	255 undefined */
33 f789045062e6 Progressing client support Matt Johnston <matt@ucc.asn.au> parents: diff changeset	256 }
f789045062e6 Progressing client support Matt Johnston <matt@ucc.asn.au> parents: diff changeset	257 }
f789045062e6 Progressing client support Matt Johnston <matt@ucc.asn.au> parents: diff changeset	258
114 2be6aa26a8c9 Leak found with MallocDebug - it's kinda useful Matt Johnston <matt@ucc.asn.au> parents: 74 diff changeset	259 m_free(methods);
33 f789045062e6 Progressing client support Matt Johnston <matt@ucc.asn.au> parents: diff changeset	260
165 0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place Matt Johnston <matt@ucc.asn.au> parents: 114 diff changeset	261 TRACE(("leave recv_msg_userauth_failure"))
33 f789045062e6 Progressing client support Matt Johnston <matt@ucc.asn.au> parents: diff changeset	262 }
f789045062e6 Progressing client support Matt Johnston <matt@ucc.asn.au> parents: diff changeset	263
f789045062e6 Progressing client support Matt Johnston <matt@ucc.asn.au> parents: diff changeset	264 void recv_msg_userauth_success() {
883 ff597bf2cfb0 DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default Matt Johnston <matt@ucc.asn.au> parents: 734 diff changeset	265 /* This function can validly get called multiple times
ff597bf2cfb0 DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default Matt Johnston <matt@ucc.asn.au> parents: 734 diff changeset	266 if DROPBEAR_CLI_IMMEDIATE_AUTH is set */
ff597bf2cfb0 DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default Matt Johnston <matt@ucc.asn.au> parents: 734 diff changeset	267
1894 62e4baa059c3 changed TRACE to DEBUG1 for dbclient HansH111 <hans@atbas.org> parents: 1878 diff changeset	268 DEBUG1(("received msg_userauth_success"))
1821 df8d8ec1801c added option to disable trivial auth methods (#128) Manfred Kaiser <37737811+manfred-kaiser@users.noreply.github.com> parents: 1781 diff changeset	269 if (cli_opts.disable_trivial_auth && cli_ses.is_trivial_auth) {
df8d8ec1801c added option to disable trivial auth methods (#128) Manfred Kaiser <37737811+manfred-kaiser@users.noreply.github.com> parents: 1781 diff changeset	270 dropbear_exit("trivial authentication not allowed");
df8d8ec1801c added option to disable trivial auth methods (#128) Manfred Kaiser <37737811+manfred-kaiser@users.noreply.github.com> parents: 1781 diff changeset	271 }
501 d58c478bd399 Add support for [email protected] delayed compression. Matt Johnston <matt@ucc.asn.au> parents: 441 diff changeset	272 /* Note: in delayed-zlib mode, setting authdone here
d58c478bd399 Add support for [email protected] delayed compression. Matt Johnston <matt@ucc.asn.au> parents: 441 diff changeset	273 * will enable compression in the transport layer */
33 f789045062e6 Progressing client support Matt Johnston <matt@ucc.asn.au> parents: diff changeset	274 ses.authstate.authdone = 1;
37 0913e2ee3545 we're nearly there yet Matt Johnston <matt@ucc.asn.au> parents: 35 diff changeset	275 cli_ses.state = USERAUTH_SUCCESS_RCVD;
249 efbaf6b03837 added keyboard-interactive client support Matt Johnston <matt@ucc.asn.au> parents: 179 diff changeset	276 cli_ses.lastauthtype = AUTH_TYPE_NONE;
552 de3653483ac0 - Client auth using an agent's key works. Still need to implement client Matt Johnston <matt@ucc.asn.au> parents: 545 diff changeset	277
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1249 diff changeset	278 #if DROPBEAR_CLI_PUBKEY_AUTH
552 de3653483ac0 - Client auth using an agent's key works. Still need to implement client Matt Johnston <matt@ucc.asn.au> parents: 545 diff changeset	279 cli_auth_pubkey_cleanup();
de3653483ac0 - Client auth using an agent's key works. Still need to implement client Matt Johnston <matt@ucc.asn.au> parents: 545 diff changeset	280 #endif
33 f789045062e6 Progressing client support Matt Johnston <matt@ucc.asn.au> parents: diff changeset	281 }
f789045062e6 Progressing client support Matt Johnston <matt@ucc.asn.au> parents: diff changeset	282
734 619b1ed837fd Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE Matt Johnston <matt@ucc.asn.au> parents: 732 diff changeset	283 int cli_auth_try() {
33 f789045062e6 Progressing client support Matt Johnston <matt@ucc.asn.au> parents: diff changeset	284
300 baea1d43e7eb Some cleanups/fixes for various TRACE statements Matt Johnston <matt@ucc.asn.au> parents: 268 diff changeset	285 int finished = 0;
165 0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place Matt Johnston <matt@ucc.asn.au> parents: 114 diff changeset	286 TRACE(("enter cli_auth_try"))
33 f789045062e6 Progressing client support Matt Johnston <matt@ucc.asn.au> parents: diff changeset	287
f789045062e6 Progressing client support Matt Johnston <matt@ucc.asn.au> parents: diff changeset	288 CHECKCLEARTOWRITE();
f789045062e6 Progressing client support Matt Johnston <matt@ucc.asn.au> parents: diff changeset	289
249 efbaf6b03837 added keyboard-interactive client support Matt Johnston <matt@ucc.asn.au> parents: 179 diff changeset	290 /* Order to try is pubkey, interactive, password.
efbaf6b03837 added keyboard-interactive client support Matt Johnston <matt@ucc.asn.au> parents: 179 diff changeset	291 * As soon as "finished" is set for one, we don't do any more. */
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1249 diff changeset	292 #if DROPBEAR_CLI_PUBKEY_AUTH
33 f789045062e6 Progressing client support Matt Johnston <matt@ucc.asn.au> parents: diff changeset	293 if (ses.authstate.authtypes & AUTH_TYPE_PUBKEY) {
f789045062e6 Progressing client support Matt Johnston <matt@ucc.asn.au> parents: diff changeset	294 finished = cli_auth_pubkey();
45 9ee8996a375f Pubkey auth is mostly there for the client. Something strange with Matt Johnston <matt@ucc.asn.au> parents: 43 diff changeset	295 cli_ses.lastauthtype = AUTH_TYPE_PUBKEY;
33 f789045062e6 Progressing client support Matt Johnston <matt@ucc.asn.au> parents: diff changeset	296 }
f789045062e6 Progressing client support Matt Johnston <matt@ucc.asn.au> parents: diff changeset	297 #endif
f789045062e6 Progressing client support Matt Johnston <matt@ucc.asn.au> parents: diff changeset	298
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1249 diff changeset	299 #if DROPBEAR_CLI_PASSWORD_AUTH
734 619b1ed837fd Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE Matt Johnston <matt@ucc.asn.au> parents: 732 diff changeset	300 if (!finished && (ses.authstate.authtypes & AUTH_TYPE_PASSWORD)) {
619b1ed837fd Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE Matt Johnston <matt@ucc.asn.au> parents: 732 diff changeset	301 if (ses.keys->trans.algo_crypt->cipherdesc == NULL) {
619b1ed837fd Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE Matt Johnston <matt@ucc.asn.au> parents: 732 diff changeset	302 fprintf(stderr, "Sorry, I won't let you use password auth unencrypted.\n");
619b1ed837fd Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE Matt Johnston <matt@ucc.asn.au> parents: 732 diff changeset	303 } else {
619b1ed837fd Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE Matt Johnston <matt@ucc.asn.au> parents: 732 diff changeset	304 cli_auth_password();
619b1ed837fd Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE Matt Johnston <matt@ucc.asn.au> parents: 732 diff changeset	305 finished = 1;
619b1ed837fd Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE Matt Johnston <matt@ucc.asn.au> parents: 732 diff changeset	306 cli_ses.lastauthtype = AUTH_TYPE_PASSWORD;
619b1ed837fd Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE Matt Johnston <matt@ucc.asn.au> parents: 732 diff changeset	307 }
732 2e5f2bc60e40 Try password before interactive - bit of a hack Matt Johnston <matt@ucc.asn.au> parents: 730 diff changeset	308 }
2e5f2bc60e40 Try password before interactive - bit of a hack Matt Johnston <matt@ucc.asn.au> parents: 730 diff changeset	309 #endif
2e5f2bc60e40 Try password before interactive - bit of a hack Matt Johnston <matt@ucc.asn.au> parents: 730 diff changeset	310
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1249 diff changeset	311 #if DROPBEAR_CLI_INTERACT_AUTH
734 619b1ed837fd Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE Matt Johnston <matt@ucc.asn.au> parents: 732 diff changeset	312 if (!finished && (ses.authstate.authtypes & AUTH_TYPE_INTERACT)) {
619b1ed837fd Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE Matt Johnston <matt@ucc.asn.au> parents: 732 diff changeset	313 if (ses.keys->trans.algo_crypt->cipherdesc == NULL) {
619b1ed837fd Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE Matt Johnston <matt@ucc.asn.au> parents: 732 diff changeset	314 fprintf(stderr, "Sorry, I won't let you use interactive auth unencrypted.\n");
249 efbaf6b03837 added keyboard-interactive client support Matt Johnston <matt@ucc.asn.au> parents: 179 diff changeset	315 } else {
734 619b1ed837fd Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE Matt Johnston <matt@ucc.asn.au> parents: 732 diff changeset	316 if (!cli_ses.auth_interact_failed) {
619b1ed837fd Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE Matt Johnston <matt@ucc.asn.au> parents: 732 diff changeset	317 cli_auth_interactive();
619b1ed837fd Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE Matt Johnston <matt@ucc.asn.au> parents: 732 diff changeset	318 cli_ses.lastauthtype = AUTH_TYPE_INTERACT;
619b1ed837fd Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE Matt Johnston <matt@ucc.asn.au> parents: 732 diff changeset	319 finished = 1;
619b1ed837fd Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE Matt Johnston <matt@ucc.asn.au> parents: 732 diff changeset	320 }
249 efbaf6b03837 added keyboard-interactive client support Matt Johnston <matt@ucc.asn.au> parents: 179 diff changeset	321 }
efbaf6b03837 added keyboard-interactive client support Matt Johnston <matt@ucc.asn.au> parents: 179 diff changeset	322 }
efbaf6b03837 added keyboard-interactive client support Matt Johnston <matt@ucc.asn.au> parents: 179 diff changeset	323 #endif
efbaf6b03837 added keyboard-interactive client support Matt Johnston <matt@ucc.asn.au> parents: 179 diff changeset	324
efbaf6b03837 added keyboard-interactive client support Matt Johnston <matt@ucc.asn.au> parents: 179 diff changeset	325 TRACE(("cli_auth_try lastauthtype %d", cli_ses.lastauthtype))
efbaf6b03837 added keyboard-interactive client support Matt Johnston <matt@ucc.asn.au> parents: 179 diff changeset	326
734 619b1ed837fd Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE Matt Johnston <matt@ucc.asn.au> parents: 732 diff changeset	327 if (finished) {
619b1ed837fd Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE Matt Johnston <matt@ucc.asn.au> parents: 732 diff changeset	328 TRACE(("leave cli_auth_try success"))
619b1ed837fd Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE Matt Johnston <matt@ucc.asn.au> parents: 732 diff changeset	329 return DROPBEAR_SUCCESS;
33 f789045062e6 Progressing client support Matt Johnston <matt@ucc.asn.au> parents: diff changeset	330 }
734 619b1ed837fd Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE Matt Johnston <matt@ucc.asn.au> parents: 732 diff changeset	331 TRACE(("leave cli_auth_try failure"))
619b1ed837fd Be a bit more careful about when we want to use CLI_AUTH_IMMEDIATE Matt Johnston <matt@ucc.asn.au> parents: 732 diff changeset	332 return DROPBEAR_FAILURE;
33 f789045062e6 Progressing client support Matt Johnston <matt@ucc.asn.au> parents: diff changeset	333 }
268 475a818dd6e7 Cancel a dbclient password prompt if the user presses ctrl-c. Matt Johnston <matt@ucc.asn.au> parents: 249 diff changeset	334
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1249 diff changeset	335 #if DROPBEAR_CLI_PASSWORD_AUTH \|\| DROPBEAR_CLI_INTERACT_AUTH
268 475a818dd6e7 Cancel a dbclient password prompt if the user presses ctrl-c. Matt Johnston <matt@ucc.asn.au> parents: 249 diff changeset	336 /* A helper for getpass() that exits if the user cancels. The returned
475a818dd6e7 Cancel a dbclient password prompt if the user presses ctrl-c. Matt Johnston <matt@ucc.asn.au> parents: 249 diff changeset	337 * password is statically allocated by getpass() */
1459 06d52bcb8094 Pointer parameter could be declared as pointing to const Francois Perrad <francois.perrad@gadz.org> parents: 1296 diff changeset	338 char* getpass_or_cancel(const char* prompt)
268 475a818dd6e7 Cancel a dbclient password prompt if the user presses ctrl-c. Matt Johnston <matt@ucc.asn.au> parents: 249 diff changeset	339 {
475a818dd6e7 Cancel a dbclient password prompt if the user presses ctrl-c. Matt Johnston <matt@ucc.asn.au> parents: 249 diff changeset	340 char* password = NULL;
441 fdf06a5a54e4 Allow reading dbclient password from an environment var Matt Johnston <matt@ucc.asn.au> parents: 334 diff changeset	341
1514 6c16a05023aa rename some options and move some to sysoptions.h Matt Johnston <matt@ucc.asn.au> parents: 1499 diff changeset	342 #if DROPBEAR_USE_PASSWORD_ENV
1249 c6346c63281b refactor indentation with hard tab Francois Perrad <francois.perrad@gadz.org> parents: 1156 diff changeset	343 /* Password provided in an environment var */
c6346c63281b refactor indentation with hard tab Francois Perrad <francois.perrad@gadz.org> parents: 1156 diff changeset	344 password = getenv(DROPBEAR_PASSWORD_ENV);
c6346c63281b refactor indentation with hard tab Francois Perrad <francois.perrad@gadz.org> parents: 1156 diff changeset	345 if (password)
c6346c63281b refactor indentation with hard tab Francois Perrad <francois.perrad@gadz.org> parents: 1156 diff changeset	346 {
c6346c63281b refactor indentation with hard tab Francois Perrad <francois.perrad@gadz.org> parents: 1156 diff changeset	347 return password;
c6346c63281b refactor indentation with hard tab Francois Perrad <francois.perrad@gadz.org> parents: 1156 diff changeset	348 }
441 fdf06a5a54e4 Allow reading dbclient password from an environment var Matt Johnston <matt@ucc.asn.au> parents: 334 diff changeset	349 #endif
268 475a818dd6e7 Cancel a dbclient password prompt if the user presses ctrl-c. Matt Johnston <matt@ucc.asn.au> parents: 249 diff changeset	350
334 8f3ec7c104d9 Make the dbclient password prompt more useful Matt Johnston <matt@ucc.asn.au> parents: 300 diff changeset	351 password = getpass(prompt);
268 475a818dd6e7 Cancel a dbclient password prompt if the user presses ctrl-c. Matt Johnston <matt@ucc.asn.au> parents: 249 diff changeset	352
475a818dd6e7 Cancel a dbclient password prompt if the user presses ctrl-c. Matt Johnston <matt@ucc.asn.au> parents: 249 diff changeset	353 /* 0x03 is a ctrl-c character in the buffer. */
475a818dd6e7 Cancel a dbclient password prompt if the user presses ctrl-c. Matt Johnston <matt@ucc.asn.au> parents: 249 diff changeset	354 if (password == NULL \|\| strchr(password, '\3') != NULL) {
475a818dd6e7 Cancel a dbclient password prompt if the user presses ctrl-c. Matt Johnston <matt@ucc.asn.au> parents: 249 diff changeset	355 dropbear_close("Interrupted.");
475a818dd6e7 Cancel a dbclient password prompt if the user presses ctrl-c. Matt Johnston <matt@ucc.asn.au> parents: 249 diff changeset	356 }
475a818dd6e7 Cancel a dbclient password prompt if the user presses ctrl-c. Matt Johnston <matt@ucc.asn.au> parents: 249 diff changeset	357 return password;
475a818dd6e7 Cancel a dbclient password prompt if the user presses ctrl-c. Matt Johnston <matt@ucc.asn.au> parents: 249 diff changeset	358 }
1156 a8f4dade70e5 avoid getpass when not used Mike Frysinger <vapier@gentoo.org> parents: 1122 diff changeset	359 #endif

Mercurial > dropbear

annotate cli-auth.c @ 1938:77bc00dcc19f default tip main master