comparison cli-auth.c @ 45:9ee8996a375f

Pubkey auth is mostly there for the client. Something strange with remote hostkey verification though.
author Matt Johnston <matt@ucc.asn.au>
date Tue, 03 Aug 2004 17:26:56 +0000
parents 942b22d7dd1c
children eee77ac31ccc
comparison
equal deleted inserted replaced
44:45edf30ea0a6 45:9ee8996a375f
5 #include "buffer.h" 5 #include "buffer.h"
6 #include "ssh.h" 6 #include "ssh.h"
7 #include "packet.h" 7 #include "packet.h"
8 #include "runopts.h" 8 #include "runopts.h"
9 9
10 #undef DROPBEAR_PUBKEY_AUTH
11 10
12 void cli_authinitialise() { 11 void cli_authinitialise() {
13 12
14 memset(&ses.authstate, 0, sizeof(ses.authstate)); 13 memset(&ses.authstate, 0, sizeof(ses.authstate));
15 } 14 }
28 buf_putstring(ses.writepayload, SSH_SERVICE_CONNECTION, 27 buf_putstring(ses.writepayload, SSH_SERVICE_CONNECTION,
29 SSH_SERVICE_CONNECTION_LEN); 28 SSH_SERVICE_CONNECTION_LEN);
30 buf_putstring(ses.writepayload, "none", 4); /* 'none' method */ 29 buf_putstring(ses.writepayload, "none", 4); /* 'none' method */
31 30
32 encrypt_packet(); 31 encrypt_packet();
33 cli_ses.state = USERAUTH_METHODS_SENT;
34 TRACE(("leave cli_auth_getmethods")); 32 TRACE(("leave cli_auth_getmethods"));
35 33
36 } 34 }
37 35
38 void recv_msg_userauth_banner() { 36 void recv_msg_userauth_banner() {
85 unsigned int partial = 0; 83 unsigned int partial = 0;
86 unsigned int i = 0; 84 unsigned int i = 0;
87 85
88 TRACE(("<- MSG_USERAUTH_FAILURE")); 86 TRACE(("<- MSG_USERAUTH_FAILURE"));
89 TRACE(("enter recv_msg_userauth_failure")); 87 TRACE(("enter recv_msg_userauth_failure"));
88
89 if (cli_ses.state != USERAUTH_REQ_SENT) {
90 /* Perhaps we should be more fatal? */
91 TRACE(("But we didn't send a userauth request!!!!!!"));
92 return;
93 }
94
95 #ifdef DROPBEAR_PUBKEY_AUTH
96 /* If it was a pubkey auth request, we should cross that key
97 * off the list. */
98 if (cli_ses.lastauthtype == AUTH_TYPE_PUBKEY) {
99 cli_pubkeyfail();
100 }
101 #endif
90 102
91 methods = buf_getstring(ses.payload, &methlen); 103 methods = buf_getstring(ses.payload, &methlen);
92 104
93 partial = buf_getbyte(ses.payload); 105 partial = buf_getbyte(ses.payload);
94 106
152 164
153 /* XXX We hardcode that we try a pubkey first */ 165 /* XXX We hardcode that we try a pubkey first */
154 #ifdef DROPBEAR_PUBKEY_AUTH 166 #ifdef DROPBEAR_PUBKEY_AUTH
155 if (ses.authstate.authtypes & AUTH_TYPE_PUBKEY) { 167 if (ses.authstate.authtypes & AUTH_TYPE_PUBKEY) {
156 finished = cli_auth_pubkey(); 168 finished = cli_auth_pubkey();
169 cli_ses.lastauthtype = AUTH_TYPE_PUBKEY;
157 } 170 }
158 #endif 171 #endif
159 172
160 #ifdef DROPBEAR_PASSWORD_AUTH 173 #ifdef DROPBEAR_PASSWORD_AUTH
161 if (!finished && ses.authstate.authtypes & AUTH_TYPE_PASSWORD) { 174 if (!finished && ses.authstate.authtypes & AUTH_TYPE_PASSWORD) {
162 finished = cli_auth_password(); 175 finished = cli_auth_password();
176 cli_ses.lastauthtype = AUTH_TYPE_PASSWORD;
163 } 177 }
164 #endif 178 #endif
165 179
166 if (!finished) { 180 if (!finished) {
167 dropbear_exit("No auth methods could be used."); 181 dropbear_exit("No auth methods could be used.");
168 } 182 }
169 183
170 cli_ses.state = USERAUTH_REQ_SENT;
171 TRACE(("leave cli_auth_try")); 184 TRACE(("leave cli_auth_try"));
172 } 185 }