*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.75 2001/06/23 02:34:33 markus Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.83 2001/10/06 11:18:19 markus Exp $");
#include <openssl/bn.h>
#include <openssl/md5.h>
#include "key.h"
#include "sshconnect.h"
#include "authfile.h"
-#include "cli.h"
#include "dh.h"
#include "authfd.h"
#include "log.h"
Kex *xxx_kex = NULL;
-int
+static int
verify_host_key_callback(Key *hostkey)
{
if (verify_host_key(xxx_host, xxx_hostaddr, hostkey) == -1)
- fatal("verify_host_key failed");
+ fatal("Host key verification failed.");
return 0;
}
/* hostbased */
Key **keys;
int nkeys;
+ /* kbd-interactive */
+ int info_req_seen;
};
struct Authmethod {
char *name; /* string to compare against server's list */
void userauth(Authctxt *authctxt, char *authlist);
-int
-sign_and_send_pubkey(Authctxt *authctxt, Key *k,
- sign_cb_fn *sign_callback);
-void clear_auth_state(Authctxt *authctxt);
+static int sign_and_send_pubkey(Authctxt *, Key *, sign_cb_fn *);
+static void clear_auth_state(Authctxt *);
-Authmethod *authmethod_get(char *authlist);
-Authmethod *authmethod_lookup(const char *name);
-char *authmethods_get(void);
+static Authmethod *authmethod_get(char *authlist);
+static Authmethod *authmethod_lookup(const char *name);
+static char *authmethods_get(void);
Authmethod authmethods[] = {
- {"publickey",
- userauth_pubkey,
- &options.pubkey_authentication,
- NULL},
{"hostbased",
userauth_hostbased,
&options.hostbased_authentication,
NULL},
- {"password",
- userauth_passwd,
- &options.password_authentication,
- &options.batch_mode},
+ {"publickey",
+ userauth_pubkey,
+ &options.pubkey_authentication,
+ NULL},
{"keyboard-interactive",
userauth_kbdint,
&options.kbd_interactive_authentication,
&options.batch_mode},
+ {"password",
+ userauth_passwd,
+ &options.password_authentication,
+ &options.batch_mode},
{"none",
userauth_none,
NULL,
options.preferred_authentications = authmethods_get();
/* setup authentication context */
+ memset(&authctxt, 0, sizeof(authctxt));
authctxt.agent = ssh_get_authentication_connection();
authctxt.server_user = server_user;
authctxt.local_user = local_user;
authctxt.authlist = NULL;
authctxt.keys = keys;
authctxt.nkeys = nkeys;
+ authctxt.info_req_seen = 0;
if (authctxt.method == NULL)
fatal("ssh_userauth2: internal error: cannot send userauth none request");
return 1;
}
-void
+static void
clear_auth_state(Authctxt *authctxt)
{
/* XXX clear authentication state */
authctxt->last_key_sign = NULL;
}
-int
+static int
sign_and_send_pubkey(Authctxt *authctxt, Key *k, sign_cb_fn *sign_callback)
{
Buffer b;
return 1;
}
-int
+static int
send_pubkey_test(Authctxt *authctxt, Key *k, sign_cb_fn *sign_callback,
int hint)
{
return 1;
}
-Key *
+static Key *
load_identity_file(char *filename)
{
Key *private;
return private;
}
-int
+static int
identity_sign_cb(Authctxt *authctxt, Key *key, u_char **sigp, int *lenp,
u_char *data, int datalen)
{
idx = authctxt->last_key_hint;
if (idx < 0)
return -1;
+
+ /* private key is stored in external hardware */
+ if (options.identity_keys[idx]->flags & KEY_FLAG_EXT)
+ return key_sign(options.identity_keys[idx], sigp, lenp, data, datalen);
+
private = load_identity_file(options.identity_files[idx]);
if (private == NULL)
return -1;
return ret;
}
-int agent_sign_cb(Authctxt *authctxt, Key *key, u_char **sigp, int *lenp,
+static int
+agent_sign_cb(Authctxt *authctxt, Key *key, u_char **sigp, int *lenp,
u_char *data, int datalen)
{
return ssh_agent_sign(authctxt->agent, key, sigp, lenp, data, datalen);
}
-int key_sign_cb(Authctxt *authctxt, Key *key, u_char **sigp, int *lenp,
+static int
+key_sign_cb(Authctxt *authctxt, Key *key, u_char **sigp, int *lenp,
u_char *data, int datalen)
{
return key_sign(key, sigp, lenp, data, datalen);
}
-int
+static int
userauth_pubkey_agent(Authctxt *authctxt)
{
static int called = 0;
if (attempt++ >= options.number_of_password_prompts)
return 0;
+ /* disable if no SSH2_MSG_USERAUTH_INFO_REQUEST has been seen */
+ if (attempt > 1 && !authctxt->info_req_seen) {
+ debug3("userauth_kbdint: disable: no info_req_seen");
+ dispatch_set(SSH2_MSG_USERAUTH_INFO_REQUEST, NULL);
+ return 0;
+ }
debug2("userauth_kbdint");
packet_start(SSH2_MSG_USERAUTH_REQUEST);
if (authctxt == NULL)
fatal("input_userauth_info_req: no authentication context");
+ authctxt->info_req_seen = 1;
+
name = packet_get_string(NULL);
inst = packet_get_string(NULL);
lang = packet_get_string(NULL);
if (strlen(name) > 0)
- cli_mesg(name);
+ log("%s", name);
if (strlen(inst) > 0)
- cli_mesg(inst);
+ log("%s", inst);
xfree(name);
xfree(inst);
xfree(lang);
prompt = packet_get_string(NULL);
echo = packet_get_char();
- response = cli_prompt(prompt, echo);
+ response = read_passphrase(prompt, echo ? RP_ECHO : 0);
packet_put_cstring(response);
memset(response, 0, strlen(response));
* given auth method name, if configurable options permit this method fill
* in auth_ident field and return true, otherwise return false.
*/
-int
+static int
authmethod_is_enabled(Authmethod *method)
{
if (method == NULL)
return 1;
}
-Authmethod *
+static Authmethod *
authmethod_lookup(const char *name)
{
Authmethod *method = NULL;
* next method we should try. If the server initially sends a nil list,
* use a built-in default list.
*/
-Authmethod *
+static Authmethod *
authmethod_get(char *authlist)
{
#define DELIM ","
-char *
+
+static char *
authmethods_get(void)
{
Authmethod *method = NULL;
andersk / openssh.git / blobdiff