Mercurial > dropbear
comparison cli-auth.c @ 773:a9f2a6ae4eb5
merge
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Sun, 14 Apr 2013 22:49:19 +0800 |
parents | 619b1ed837fd |
children | ff597bf2cfb0 |
comparison
equal
deleted
inserted
replaced
772:7fc0aeada79c | 773:a9f2a6ae4eb5 |
---|---|
38 } | 38 } |
39 | 39 |
40 | 40 |
41 /* Send a "none" auth request to get available methods */ | 41 /* Send a "none" auth request to get available methods */ |
42 void cli_auth_getmethods() { | 42 void cli_auth_getmethods() { |
43 | |
44 TRACE(("enter cli_auth_getmethods")) | 43 TRACE(("enter cli_auth_getmethods")) |
45 | 44 #ifdef CLI_IMMEDIATE_AUTH |
45 ses.authstate.authtypes = AUTH_TYPE_PUBKEY; | |
46 if (getenv(DROPBEAR_PASSWORD_ENV)) { | |
47 ses.authstate.authtypes |= AUTH_TYPE_PASSWORD | AUTH_TYPE_INTERACT; | |
48 } | |
49 if (cli_auth_try() == DROPBEAR_SUCCESS) { | |
50 TRACE(("skipped initial none auth query")) | |
51 return; | |
52 } | |
53 #endif | |
46 CHECKCLEARTOWRITE(); | 54 CHECKCLEARTOWRITE(); |
47 | |
48 buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_REQUEST); | 55 buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_REQUEST); |
49 buf_putstring(ses.writepayload, cli_opts.username, | 56 buf_putstring(ses.writepayload, cli_opts.username, |
50 strlen(cli_opts.username)); | 57 strlen(cli_opts.username)); |
51 buf_putstring(ses.writepayload, SSH_SERVICE_CONNECTION, | 58 buf_putstring(ses.writepayload, SSH_SERVICE_CONNECTION, |
52 SSH_SERVICE_CONNECTION_LEN); | 59 SSH_SERVICE_CONNECTION_LEN); |
53 buf_putstring(ses.writepayload, "none", 4); /* 'none' method */ | 60 buf_putstring(ses.writepayload, "none", 4); /* 'none' method */ |
54 | 61 |
55 encrypt_packet(); | 62 encrypt_packet(); |
56 TRACE(("leave cli_auth_getmethods")) | 63 TRACE(("leave cli_auth_getmethods")) |
57 | |
58 } | 64 } |
59 | 65 |
60 void recv_msg_userauth_banner() { | 66 void recv_msg_userauth_banner() { |
61 | 67 |
62 unsigned char* banner = NULL; | 68 unsigned char* banner = NULL; |
238 #ifdef ENABLE_CLI_PUBKEY_AUTH | 244 #ifdef ENABLE_CLI_PUBKEY_AUTH |
239 cli_auth_pubkey_cleanup(); | 245 cli_auth_pubkey_cleanup(); |
240 #endif | 246 #endif |
241 } | 247 } |
242 | 248 |
243 void cli_auth_try() { | 249 int cli_auth_try() { |
244 | 250 |
245 int finished = 0; | 251 int finished = 0; |
246 TRACE(("enter cli_auth_try")) | 252 TRACE(("enter cli_auth_try")) |
247 | 253 |
248 CHECKCLEARTOWRITE(); | 254 CHECKCLEARTOWRITE(); |
254 finished = cli_auth_pubkey(); | 260 finished = cli_auth_pubkey(); |
255 cli_ses.lastauthtype = AUTH_TYPE_PUBKEY; | 261 cli_ses.lastauthtype = AUTH_TYPE_PUBKEY; |
256 } | 262 } |
257 #endif | 263 #endif |
258 | 264 |
265 #ifdef ENABLE_CLI_PASSWORD_AUTH | |
266 if (!finished && (ses.authstate.authtypes & AUTH_TYPE_PASSWORD)) { | |
267 if (ses.keys->trans.algo_crypt->cipherdesc == NULL) { | |
268 fprintf(stderr, "Sorry, I won't let you use password auth unencrypted.\n"); | |
269 } else { | |
270 cli_auth_password(); | |
271 finished = 1; | |
272 cli_ses.lastauthtype = AUTH_TYPE_PASSWORD; | |
273 } | |
274 } | |
275 #endif | |
276 | |
259 #ifdef ENABLE_CLI_INTERACT_AUTH | 277 #ifdef ENABLE_CLI_INTERACT_AUTH |
260 if (ses.keys->trans.algo_crypt->cipherdesc == NULL) { | 278 if (!finished && (ses.authstate.authtypes & AUTH_TYPE_INTERACT)) { |
261 fprintf(stderr, "Sorry, I won't let you use interactive auth unencrypted.\n"); | 279 if (ses.keys->trans.algo_crypt->cipherdesc == NULL) { |
262 } else if (!finished && ses.authstate.authtypes & AUTH_TYPE_INTERACT) { | 280 fprintf(stderr, "Sorry, I won't let you use interactive auth unencrypted.\n"); |
263 if (cli_ses.auth_interact_failed) { | |
264 finished = 0; | |
265 } else { | 281 } else { |
266 cli_auth_interactive(); | 282 if (!cli_ses.auth_interact_failed) { |
267 cli_ses.lastauthtype = AUTH_TYPE_INTERACT; | 283 cli_auth_interactive(); |
268 finished = 1; | 284 cli_ses.lastauthtype = AUTH_TYPE_INTERACT; |
269 } | 285 finished = 1; |
270 } | 286 } |
271 #endif | 287 } |
272 | |
273 #ifdef ENABLE_CLI_PASSWORD_AUTH | |
274 if (ses.keys->trans.algo_crypt->cipherdesc == NULL) { | |
275 fprintf(stderr, "Sorry, I won't let you use password auth unencrypted.\n"); | |
276 } else if (!finished && ses.authstate.authtypes & AUTH_TYPE_PASSWORD) { | |
277 cli_auth_password(); | |
278 finished = 1; | |
279 cli_ses.lastauthtype = AUTH_TYPE_PASSWORD; | |
280 } | 288 } |
281 #endif | 289 #endif |
282 | 290 |
283 TRACE(("cli_auth_try lastauthtype %d", cli_ses.lastauthtype)) | 291 TRACE(("cli_auth_try lastauthtype %d", cli_ses.lastauthtype)) |
284 | 292 |
285 if (!finished) { | 293 if (finished) { |
286 dropbear_exit("No auth methods could be used."); | 294 TRACE(("leave cli_auth_try success")) |
287 } | 295 return DROPBEAR_SUCCESS; |
288 | 296 } |
289 TRACE(("leave cli_auth_try")) | 297 TRACE(("leave cli_auth_try failure")) |
298 return DROPBEAR_FAILURE; | |
290 } | 299 } |
291 | 300 |
292 /* A helper for getpass() that exits if the user cancels. The returned | 301 /* A helper for getpass() that exits if the user cancels. The returned |
293 * password is statically allocated by getpass() */ | 302 * password is statically allocated by getpass() */ |
294 char* getpass_or_cancel(char* prompt) | 303 char* getpass_or_cancel(char* prompt) |