*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.76 2001/06/23 15:12:21 itojun Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.83 2001/10/06 11:18:19 markus Exp $");
#include <openssl/bn.h>
#include <openssl/md5.h>
#include "key.h"
#include "sshconnect.h"
#include "authfile.h"
-#include "cli.h"
#include "dh.h"
#include "authfd.h"
#include "log.h"
verify_host_key_callback(Key *hostkey)
{
if (verify_host_key(xxx_host, xxx_hostaddr, hostkey) == -1)
- fatal("verify_host_key failed");
+ fatal("Host key verification failed.");
return 0;
}
/* hostbased */
Key **keys;
int nkeys;
+ /* kbd-interactive */
+ int info_req_seen;
};
struct Authmethod {
char *name; /* string to compare against server's list */
static char *authmethods_get(void);
Authmethod authmethods[] = {
- {"publickey",
- userauth_pubkey,
- &options.pubkey_authentication,
- NULL},
{"hostbased",
userauth_hostbased,
&options.hostbased_authentication,
NULL},
- {"password",
- userauth_passwd,
- &options.password_authentication,
- &options.batch_mode},
+ {"publickey",
+ userauth_pubkey,
+ &options.pubkey_authentication,
+ NULL},
{"keyboard-interactive",
userauth_kbdint,
&options.kbd_interactive_authentication,
&options.batch_mode},
+ {"password",
+ userauth_passwd,
+ &options.password_authentication,
+ &options.batch_mode},
{"none",
userauth_none,
NULL,
options.preferred_authentications = authmethods_get();
/* setup authentication context */
+ memset(&authctxt, 0, sizeof(authctxt));
authctxt.agent = ssh_get_authentication_connection();
authctxt.server_user = server_user;
authctxt.local_user = local_user;
authctxt.authlist = NULL;
authctxt.keys = keys;
authctxt.nkeys = nkeys;
+ authctxt.info_req_seen = 0;
if (authctxt.method == NULL)
fatal("ssh_userauth2: internal error: cannot send userauth none request");
return 1;
}
-void
+static void
clear_auth_state(Authctxt *authctxt)
{
/* XXX clear authentication state */
idx = authctxt->last_key_hint;
if (idx < 0)
return -1;
+
+ /* private key is stored in external hardware */
+ if (options.identity_keys[idx]->flags & KEY_FLAG_EXT)
+ return key_sign(options.identity_keys[idx], sigp, lenp, data, datalen);
+
private = load_identity_file(options.identity_files[idx]);
if (private == NULL)
return -1;
if (attempt++ >= options.number_of_password_prompts)
return 0;
+ /* disable if no SSH2_MSG_USERAUTH_INFO_REQUEST has been seen */
+ if (attempt > 1 && !authctxt->info_req_seen) {
+ debug3("userauth_kbdint: disable: no info_req_seen");
+ dispatch_set(SSH2_MSG_USERAUTH_INFO_REQUEST, NULL);
+ return 0;
+ }
debug2("userauth_kbdint");
packet_start(SSH2_MSG_USERAUTH_REQUEST);
if (authctxt == NULL)
fatal("input_userauth_info_req: no authentication context");
+ authctxt->info_req_seen = 1;
+
name = packet_get_string(NULL);
inst = packet_get_string(NULL);
lang = packet_get_string(NULL);
if (strlen(name) > 0)
- cli_mesg(name);
+ log("%s", name);
if (strlen(inst) > 0)
- cli_mesg(inst);
+ log("%s", inst);
xfree(name);
xfree(inst);
xfree(lang);
prompt = packet_get_string(NULL);
echo = packet_get_char();
- response = cli_prompt(prompt, echo);
+ response = read_passphrase(prompt, echo ? RP_ECHO : 0);
packet_put_cstring(response);
memset(response, 0, strlen(response));
#define DELIM ","
-char *
+
+static char *
authmethods_get(void)
{
Authmethod *method = NULL;