Forgot to check in before.

[openssh.git] / sshconnect2.c

diff --git a/sshconnect2.c b/sshconnect2.c
index 1f57c3a9f5da40ce7f602cdc94a08024e4f340a6..705aa4561ae03cc53759fa9a5ac0726b8beb30d6 100644 (file)
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.76 2001/06/23 15:12:21 itojun Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.83 2001/10/06 11:18:19 markus Exp $");
 
 #include <openssl/bn.h>
 #include <openssl/md5.h>
@@ -45,7 +45,6 @@ RCSID("$OpenBSD: sshconnect2.c,v 1.76 2001/06/23 15:12:21 itojun Exp $");
 #include "key.h"
 #include "sshconnect.h"
 #include "authfile.h"
-#include "cli.h"
 #include "dh.h"
 #include "authfd.h"
 #include "log.h"
@@ -76,7 +75,7 @@ static int
 verify_host_key_callback(Key *hostkey)
 {
        if (verify_host_key(xxx_host, xxx_hostaddr, hostkey) == -1)
-               fatal("verify_host_key failed");
+               fatal("Host key verification failed.");
        return 0;
 }
 
@@ -165,6 +164,8 @@ struct Authctxt {
        /* hostbased */
        Key **keys;
        int nkeys;
+       /* kbd-interactive */
+       int info_req_seen;
 };
 struct Authmethod {
        char    *name;          /* string to compare against server's list */
@@ -196,22 +197,22 @@ static Authmethod *authmethod_lookup(const char *name);
 static char *authmethods_get(void);
 
 Authmethod authmethods[] = {
-       {"publickey",
-               userauth_pubkey,
-               &options.pubkey_authentication,
-               NULL},
        {"hostbased",
                userauth_hostbased,
                &options.hostbased_authentication,
                NULL},
-       {"password",
-               userauth_passwd,
-               &options.password_authentication,
-               &options.batch_mode},
+       {"publickey",
+               userauth_pubkey,
+               &options.pubkey_authentication,
+               NULL},
        {"keyboard-interactive",
                userauth_kbdint,
                &options.kbd_interactive_authentication,
                &options.batch_mode},
+       {"password",
+               userauth_passwd,
+               &options.password_authentication,
+               &options.batch_mode},
        {"none",
                userauth_none,
                NULL,
@@ -253,6 +254,7 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host,
                options.preferred_authentications = authmethods_get();
 
        /* setup authentication context */
+       memset(&authctxt, 0, sizeof(authctxt));
        authctxt.agent = ssh_get_authentication_connection();
        authctxt.server_user = server_user;
        authctxt.local_user = local_user;
@@ -263,6 +265,7 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host,
        authctxt.authlist = NULL;
        authctxt.keys = keys;
        authctxt.nkeys = nkeys;
+       authctxt.info_req_seen = 0;
        if (authctxt.method == NULL)
                fatal("ssh_userauth2: internal error: cannot send userauth none request");
 
@@ -462,7 +465,7 @@ userauth_passwd(Authctxt *authctxt)
        return 1;
 }
 
-void
+static void
 clear_auth_state(Authctxt *authctxt)
 {
        /* XXX clear authentication state */
@@ -641,6 +644,11 @@ identity_sign_cb(Authctxt *authctxt, Key *key, u_char **sigp, int *lenp,
        idx = authctxt->last_key_hint;
        if (idx < 0)
                return -1;
+
+       /* private key is stored in external hardware */
+       if (options.identity_keys[idx]->flags & KEY_FLAG_EXT) 
+               return key_sign(options.identity_keys[idx], sigp, lenp, data, datalen);
+
        private = load_identity_file(options.identity_files[idx]);
        if (private == NULL)
                return -1;
@@ -735,6 +743,12 @@ userauth_kbdint(Authctxt *authctxt)
 
        if (attempt++ >= options.number_of_password_prompts)
                return 0;
+       /* disable if no SSH2_MSG_USERAUTH_INFO_REQUEST has been seen */
+       if (attempt > 1 && !authctxt->info_req_seen) {
+               debug3("userauth_kbdint: disable: no info_req_seen");
+               dispatch_set(SSH2_MSG_USERAUTH_INFO_REQUEST, NULL);
+               return 0;
+       }
 
        debug2("userauth_kbdint");
        packet_start(SSH2_MSG_USERAUTH_REQUEST);
@@ -766,13 +780,15 @@ input_userauth_info_req(int type, int plen, void *ctxt)
        if (authctxt == NULL)
                fatal("input_userauth_info_req: no authentication context");
 
+       authctxt->info_req_seen = 1;
+
        name = packet_get_string(NULL);
        inst = packet_get_string(NULL);
        lang = packet_get_string(NULL);
        if (strlen(name) > 0)
-               cli_mesg(name);
+               log("%s", name);
        if (strlen(inst) > 0)
-               cli_mesg(inst);
+               log("%s", inst);
        xfree(name);
        xfree(inst);
        xfree(lang);
@@ -792,7 +808,7 @@ input_userauth_info_req(int type, int plen, void *ctxt)
                prompt = packet_get_string(NULL);
                echo = packet_get_char();
 
-               response = cli_prompt(prompt, echo);
+               response = read_passphrase(prompt, echo ? RP_ECHO : 0);
 
                packet_put_cstring(response);
                memset(response, 0, strlen(response));
@@ -977,7 +993,8 @@ authmethod_get(char *authlist)
 
 
 #define        DELIM   ","
-char *
+
+static char *
 authmethods_get(void)
 {
        Authmethod *method = NULL;