-/* $OpenBSD: sshconnect2.c,v 1.170 2008/11/04 08:22:13 djm Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.179 2010/01/13 01:20:20 dtucker Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
* Copyright (c) 2008 Damien Miller. All rights reserved.
#include <sys/stat.h>
#include <errno.h>
+#include <fcntl.h>
#include <netdb.h>
#include <pwd.h>
#include <signal.h>
#include "msg.h"
#include "pathnames.h"
#include "uidswap.h"
+#include "schnorr.h"
#include "jpake.h"
#ifdef GSSAPI
dispatch_run(DISPATCH_BLOCK, &kex->done, kex);
+ if (options.use_roaming && !kex->roaming) {
+ debug("Roaming not allowed by server");
+ options.use_roaming = 0;
+ }
+
session_id2 = kex->session_id;
session_id2_len = kex->session_id_len;
};
void input_userauth_success(int, u_int32_t, void *);
+void input_userauth_success_unexpected(int, u_int32_t, void *);
void input_userauth_failure(int, u_int32_t, void *);
void input_userauth_banner(int, u_int32_t, void *);
void input_userauth_error(int, u_int32_t, void *);
if (len > 65536)
len = 65536;
msg = xmalloc(len * 4 + 1); /* max expansion from strnvis() */
- strnvis(msg, raw, len * 4 + 1, VIS_SAFE|VIS_OCTAL);
+ strnvis(msg, raw, len * 4 + 1, VIS_SAFE|VIS_OCTAL|VIS_NOSLASH);
fprintf(stderr, "%s", msg);
xfree(msg);
}
input_userauth_success(int type, u_int32_t seq, void *ctxt)
{
Authctxt *authctxt = ctxt;
+
if (authctxt == NULL)
fatal("input_userauth_success: no authentication context");
if (authctxt->authlist) {
xfree(authctxt->authlist);
authctxt->authlist = NULL;
}
+ if (authctxt->method != NULL && authctxt->method->cleanup != NULL)
+ authctxt->method->cleanup(authctxt);
if (authctxt->methoddata) {
xfree(authctxt->methoddata);
authctxt->methoddata = NULL;
authctxt->success = 1; /* break out */
}
+void
+input_userauth_success_unexpected(int type, u_int32_t seq, void *ctxt)
+{
+ Authctxt *authctxt = ctxt;
+
+ if (authctxt == NULL)
+ fatal("%s: no authentication context", __func__);
+
+ fatal("Unexpected authentication success during %s.",
+ authctxt->method->name);
+}
+
/* ARGSUSED */
void
input_userauth_failure(int type, u_int32_t seq, void *ctxt)
static int attempt = 0;
char prompt[150];
char *password;
+ const char *host = options.host_key_alias ? options.host_key_alias :
+ authctxt->host;
if (attempt++ >= options.number_of_password_prompts)
return 0;
error("Permission denied, please try again.");
snprintf(prompt, sizeof(prompt), "%.30s@%.128s's password: ",
- authctxt->server_user, authctxt->host);
+ authctxt->server_user, host);
password = read_passphrase(prompt, 0);
packet_start(SSH2_MSG_USERAUTH_REQUEST);
packet_put_cstring(authctxt->server_user);
Authctxt *authctxt = ctxt;
char *info, *lang, *password = NULL, *retype = NULL;
char prompt[150];
+ const char *host = options.host_key_alias ? options.host_key_alias :
+ authctxt->host;
debug2("input_userauth_passwd_changereq");
packet_put_char(1); /* additional info */
snprintf(prompt, sizeof(prompt),
"Enter %.30s@%.128s's old password: ",
- authctxt->server_user, authctxt->host);
+ authctxt->server_user, host);
password = read_passphrase(prompt, 0);
packet_put_cstring(password);
memset(password, 0, strlen(password));
while (password == NULL) {
snprintf(prompt, sizeof(prompt),
"Enter %.30s@%.128s's new password: ",
- authctxt->server_user, authctxt->host);
+ authctxt->server_user, host);
password = read_passphrase(prompt, RP_ALLOW_EOF);
if (password == NULL) {
/* bail out */
}
snprintf(prompt, sizeof(prompt),
"Retype %.30s@%.128s's new password: ",
- authctxt->server_user, authctxt->host);
+ authctxt->server_user, host);
retype = read_passphrase(prompt, 0);
if (strcmp(password, retype) != 0) {
memset(password, 0, strlen(password));
{
Key *private;
char prompt[300], *passphrase;
- int perm_ok, quit, i;
+ int perm_ok = 0, quit, i;
struct stat st;
if (stat(filename, &st) < 0) {
debug2("ssh_keysign called");
if (stat(_PATH_SSH_KEY_SIGN, &st) < 0) {
- error("ssh_keysign: no installed: %s", strerror(errno));
+ error("ssh_keysign: not installed: %s", strerror(errno));
return -1;
}
if (fflush(stdout) != 0)
return -1;
}
if (pid == 0) {
+ /* keep the socket on exec */
+ fcntl(packet_get_connection_in(), F_SETFD, 0);
permanently_drop_suid(getuid());
close(from[0]);
if (dup2(from[1], STDOUT_FILENO) < 0)
Sensitive *sensitive = authctxt->sensitive;
Buffer b;
u_char *signature, *blob;
- char *chost, *pkalg, *p, myname[NI_MAXHOST];
+ char *chost, *pkalg, *p;
const char *service;
u_int blen, slen;
- int ok, i, len, found = 0;
+ int ok, i, found = 0;
/* check for a useful key */
for (i = 0; i < sensitive->nkeys; i++) {
return 0;
}
/* figure out a name for the client host */
- p = NULL;
- if (packet_connection_is_on_socket())
- p = get_local_name(packet_get_connection_in());
- if (p == NULL) {
- if (gethostname(myname, sizeof(myname)) == -1) {
- verbose("userauth_hostbased: gethostname: %s",
- strerror(errno));
- } else
- p = xstrdup(myname);
- }
+ p = get_local_name(packet_get_connection_in());
if (p == NULL) {
error("userauth_hostbased: cannot get local ipaddr/name");
key_free(private);
xfree(blob);
return 0;
}
- len = strlen(p) + 2;
xasprintf(&chost, "%s.", p);
debug2("userauth_hostbased: chost %s", chost);
xfree(p);
/* Expect step 1 packet from peer */
dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_STEP1,
input_userauth_jpake_server_step1);
+ dispatch_set(SSH2_MSG_USERAUTH_SUCCESS,
+ &input_userauth_success_unexpected);
return 1;
}
jpake_free(authctxt->methoddata);
authctxt->methoddata = NULL;
}
+ dispatch_set(SSH2_MSG_USERAUTH_SUCCESS, &input_userauth_success);
}
#endif /* JPAKE */