Mercurial > dropbear
comparison cli-auth.c @ 773:a9f2a6ae4eb5
merge
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Sun, 14 Apr 2013 22:49:19 +0800 |
| parents | 619b1ed837fd |
| children | ff597bf2cfb0 |
comparison
equal
deleted
inserted
replaced
| 772:7fc0aeada79c | 773:a9f2a6ae4eb5 |
|---|---|
| 38 } | 38 } |
| 39 | 39 |
| 40 | 40 |
| 41 /* Send a "none" auth request to get available methods */ | 41 /* Send a "none" auth request to get available methods */ |
| 42 void cli_auth_getmethods() { | 42 void cli_auth_getmethods() { |
| 43 | |
| 44 TRACE(("enter cli_auth_getmethods")) | 43 TRACE(("enter cli_auth_getmethods")) |
| 45 | 44 #ifdef CLI_IMMEDIATE_AUTH |
| 45 ses.authstate.authtypes = AUTH_TYPE_PUBKEY; | |
| 46 if (getenv(DROPBEAR_PASSWORD_ENV)) { | |
| 47 ses.authstate.authtypes |= AUTH_TYPE_PASSWORD | AUTH_TYPE_INTERACT; | |
| 48 } | |
| 49 if (cli_auth_try() == DROPBEAR_SUCCESS) { | |
| 50 TRACE(("skipped initial none auth query")) | |
| 51 return; | |
| 52 } | |
| 53 #endif | |
| 46 CHECKCLEARTOWRITE(); | 54 CHECKCLEARTOWRITE(); |
| 47 | |
| 48 buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_REQUEST); | 55 buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_REQUEST); |
| 49 buf_putstring(ses.writepayload, cli_opts.username, | 56 buf_putstring(ses.writepayload, cli_opts.username, |
| 50 strlen(cli_opts.username)); | 57 strlen(cli_opts.username)); |
| 51 buf_putstring(ses.writepayload, SSH_SERVICE_CONNECTION, | 58 buf_putstring(ses.writepayload, SSH_SERVICE_CONNECTION, |
| 52 SSH_SERVICE_CONNECTION_LEN); | 59 SSH_SERVICE_CONNECTION_LEN); |
| 53 buf_putstring(ses.writepayload, "none", 4); /* 'none' method */ | 60 buf_putstring(ses.writepayload, "none", 4); /* 'none' method */ |
| 54 | 61 |
| 55 encrypt_packet(); | 62 encrypt_packet(); |
| 56 TRACE(("leave cli_auth_getmethods")) | 63 TRACE(("leave cli_auth_getmethods")) |
| 57 | |
| 58 } | 64 } |
| 59 | 65 |
| 60 void recv_msg_userauth_banner() { | 66 void recv_msg_userauth_banner() { |
| 61 | 67 |
| 62 unsigned char* banner = NULL; | 68 unsigned char* banner = NULL; |
| 238 #ifdef ENABLE_CLI_PUBKEY_AUTH | 244 #ifdef ENABLE_CLI_PUBKEY_AUTH |
| 239 cli_auth_pubkey_cleanup(); | 245 cli_auth_pubkey_cleanup(); |
| 240 #endif | 246 #endif |
| 241 } | 247 } |
| 242 | 248 |
| 243 void cli_auth_try() { | 249 int cli_auth_try() { |
| 244 | 250 |
| 245 int finished = 0; | 251 int finished = 0; |
| 246 TRACE(("enter cli_auth_try")) | 252 TRACE(("enter cli_auth_try")) |
| 247 | 253 |
| 248 CHECKCLEARTOWRITE(); | 254 CHECKCLEARTOWRITE(); |
| 254 finished = cli_auth_pubkey(); | 260 finished = cli_auth_pubkey(); |
| 255 cli_ses.lastauthtype = AUTH_TYPE_PUBKEY; | 261 cli_ses.lastauthtype = AUTH_TYPE_PUBKEY; |
| 256 } | 262 } |
| 257 #endif | 263 #endif |
| 258 | 264 |
| 265 #ifdef ENABLE_CLI_PASSWORD_AUTH | |
| 266 if (!finished && (ses.authstate.authtypes & AUTH_TYPE_PASSWORD)) { | |
| 267 if (ses.keys->trans.algo_crypt->cipherdesc == NULL) { | |
| 268 fprintf(stderr, "Sorry, I won't let you use password auth unencrypted.\n"); | |
| 269 } else { | |
| 270 cli_auth_password(); | |
| 271 finished = 1; | |
| 272 cli_ses.lastauthtype = AUTH_TYPE_PASSWORD; | |
| 273 } | |
| 274 } | |
| 275 #endif | |
| 276 | |
| 259 #ifdef ENABLE_CLI_INTERACT_AUTH | 277 #ifdef ENABLE_CLI_INTERACT_AUTH |
| 260 if (ses.keys->trans.algo_crypt->cipherdesc == NULL) { | 278 if (!finished && (ses.authstate.authtypes & AUTH_TYPE_INTERACT)) { |
| 261 fprintf(stderr, "Sorry, I won't let you use interactive auth unencrypted.\n"); | 279 if (ses.keys->trans.algo_crypt->cipherdesc == NULL) { |
| 262 } else if (!finished && ses.authstate.authtypes & AUTH_TYPE_INTERACT) { | 280 fprintf(stderr, "Sorry, I won't let you use interactive auth unencrypted.\n"); |
| 263 if (cli_ses.auth_interact_failed) { | |
| 264 finished = 0; | |
| 265 } else { | 281 } else { |
| 266 cli_auth_interactive(); | 282 if (!cli_ses.auth_interact_failed) { |
| 267 cli_ses.lastauthtype = AUTH_TYPE_INTERACT; | 283 cli_auth_interactive(); |
| 268 finished = 1; | 284 cli_ses.lastauthtype = AUTH_TYPE_INTERACT; |
| 269 } | 285 finished = 1; |
| 270 } | 286 } |
| 271 #endif | 287 } |
| 272 | |
| 273 #ifdef ENABLE_CLI_PASSWORD_AUTH | |
| 274 if (ses.keys->trans.algo_crypt->cipherdesc == NULL) { | |
| 275 fprintf(stderr, "Sorry, I won't let you use password auth unencrypted.\n"); | |
| 276 } else if (!finished && ses.authstate.authtypes & AUTH_TYPE_PASSWORD) { | |
| 277 cli_auth_password(); | |
| 278 finished = 1; | |
| 279 cli_ses.lastauthtype = AUTH_TYPE_PASSWORD; | |
| 280 } | 288 } |
| 281 #endif | 289 #endif |
| 282 | 290 |
| 283 TRACE(("cli_auth_try lastauthtype %d", cli_ses.lastauthtype)) | 291 TRACE(("cli_auth_try lastauthtype %d", cli_ses.lastauthtype)) |
| 284 | 292 |
| 285 if (!finished) { | 293 if (finished) { |
| 286 dropbear_exit("No auth methods could be used."); | 294 TRACE(("leave cli_auth_try success")) |
| 287 } | 295 return DROPBEAR_SUCCESS; |
| 288 | 296 } |
| 289 TRACE(("leave cli_auth_try")) | 297 TRACE(("leave cli_auth_try failure")) |
| 298 return DROPBEAR_FAILURE; | |
| 290 } | 299 } |
| 291 | 300 |
| 292 /* A helper for getpass() that exits if the user cancels. The returned | 301 /* A helper for getpass() that exits if the user cancels. The returned |
| 293 * password is statically allocated by getpass() */ | 302 * password is statically allocated by getpass() */ |
| 294 char* getpass_or_cancel(char* prompt) | 303 char* getpass_or_cancel(char* prompt) |