- markus@cvs.openbsd.org 2002/03/26 15:58:46

     [readpass.c readpass.h sshconnect2.c]
     client side support for PASSWD_CHANGEREQ

diff --git a/ChangeLog b/ChangeLog
index edfd848b2d8ba9ff888c2f7b91acb5066450b1b9..e9e03307ebce5ec20075cca6627c4e54af3d2bf1 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -11,6 +11,9 @@
    - markus@cvs.openbsd.org 2002/03/26 15:23:40
      [bufaux.c]
      do not talk about packets in bufaux
+   - markus@cvs.openbsd.org 2002/03/26 15:58:46
+     [readpass.c readpass.h sshconnect2.c]
+     client side support for PASSWD_CHANGEREQ
 
 20020325
  - (stevesk) import OpenBSD <sys/tree.h> as "openbsd-compat/tree.h"

diff --git a/readpass.c b/readpass.c
index b4421ade04dccb4b9eba43b06d54b823c3ed44cd..96b7e84b44fcee486b4f6e1e54defdd339ab5128 100644 (file)
--- a/readpass.c
+++ b/readpass.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: readpass.c,v 1.26 2002/02/13 00:39:15 markus Exp $");
+RCSID("$OpenBSD: readpass.c,v 1.27 2002/03/26 15:58:46 markus Exp $");
 
 #include "xmalloc.h"
 #include "readpass.h"
@@ -118,8 +118,11 @@ read_passphrase(const char *prompt, int flags)
                return ssh_askpass(askpass, prompt);
        }
 
-       if (readpassphrase(prompt, buf, sizeof buf, rppflags) == NULL)
+       if (readpassphrase(prompt, buf, sizeof buf, rppflags) == NULL) {
+               if (flags & RP_ALLOW_EOF)
+                       return NULL;
                return xstrdup("");
+       }
 
        ret = xstrdup(buf);
        memset(buf, 'x', sizeof buf);

diff --git a/readpass.h b/readpass.h
index 229973c68adde12b03af8d298e805bbcc3b71078..a45d32f2a76b0a25b9a46f47094cdf5fc4b19feb 100644 (file)
--- a/readpass.h
+++ b/readpass.h
@@ -1,4 +1,4 @@
-/*     $OpenBSD: readpass.h,v 1.6 2001/06/26 17:27:24 markus Exp $     */
+/*     $OpenBSD: readpass.h,v 1.7 2002/03/26 15:58:46 markus Exp $     */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -14,5 +14,6 @@
 
 #define RP_ECHO                        0x0001
 #define RP_ALLOW_STDIN         0x0002
+#define RP_ALLOW_EOF           0x0004
 
 char   *read_passphrase(const char *, int);

diff --git a/sshconnect2.c b/sshconnect2.c
index fbd18aaa7ef76429aac7cb2280ceecf31c17475f..d8e1df5ca9dab1adbc100e470131f041b9aafe54 100644 (file)
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.98 2002/03/19 10:49:35 markus Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.99 2002/03/26 15:58:46 markus Exp $");
 
 #include "ssh.h"
 #include "ssh2.h"
@@ -172,6 +172,7 @@ void        input_userauth_banner(int, u_int32_t, void *);
 void   input_userauth_error(int, u_int32_t, void *);
 void   input_userauth_info_req(int, u_int32_t, void *);
 void   input_userauth_pk_ok(int, u_int32_t, void *);
+void   input_userauth_passwd_changereq(int, u_int32_t, void *);
 
 int    userauth_none(Authctxt *);
 int    userauth_pubkey(Authctxt *);
@@ -439,7 +440,7 @@ int
 userauth_passwd(Authctxt *authctxt)
 {
        static int attempt = 0;
-       char prompt[80];
+       char prompt[150];
        char *password;
 
        if (attempt++ >= options.number_of_password_prompts)
@@ -461,13 +462,85 @@ userauth_passwd(Authctxt *authctxt)
        xfree(password);
        packet_add_padding(64);
        packet_send();
+
+       dispatch_set(SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ, 
+           &input_userauth_passwd_changereq);
+
        return 1;
 }
+/*
+ * parse PASSWD_CHANGEREQ, prompt user and send SSH2_MSG_USERAUTH_REQUEST
+ */
+void
+input_userauth_passwd_changereq(int type, uint32_t seqnr, void *ctxt)
+{
+       Authctxt *authctxt = ctxt;
+       char *info, *lang, *password = NULL, *retype = NULL;
+       char prompt[150];
+
+       debug2("input_userauth_passwd_changereq");
+
+       if (authctxt == NULL)
+               fatal("input_userauth_passwd_changereq: "
+                   "no authentication context");
+
+       info = packet_get_string(NULL);
+       lang = packet_get_string(NULL);
+       if (strlen(info) > 0)
+               log("%s", info);
+       xfree(info);
+       xfree(lang);
+       packet_start(SSH2_MSG_USERAUTH_REQUEST);
+       packet_put_cstring(authctxt->server_user);
+       packet_put_cstring(authctxt->service);
+       packet_put_cstring(authctxt->method->name);
+       packet_put_char(1);                     /* additional info */
+       snprintf(prompt, sizeof(prompt), 
+           "Enter %.30s@%.128s's old password: ",
+           authctxt->server_user, authctxt->host);
+       password = read_passphrase(prompt, 0);
+       packet_put_cstring(password);
+       memset(password, 0, strlen(password));
+       xfree(password);
+       password = NULL;
+       while (password == NULL) {
+               snprintf(prompt, sizeof(prompt), 
+                   "Enter %.30s@%.128s's new password: ",
+                   authctxt->server_user, authctxt->host);
+               password = read_passphrase(prompt, RP_ALLOW_EOF);
+               if (password == NULL) {
+                       /* bail out */
+                       return;
+               }
+               snprintf(prompt, sizeof(prompt), 
+                   "Retype %.30s@%.128s's new password: ",
+                   authctxt->server_user, authctxt->host);
+               retype = read_passphrase(prompt, 0);
+               if (strcmp(password, retype) != 0) {
+                       memset(password, 0, strlen(password));
+                       xfree(password);
+                       log("Mismatch; try again, EOF to quit.");
+                       password = NULL;
+               }
+               memset(retype, 0, strlen(retype));
+               xfree(retype);
+       }
+       packet_put_cstring(password);
+       memset(password, 0, strlen(password));
+       xfree(password);
+       packet_add_padding(64);
+       packet_send();
+       
+       dispatch_set(SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ, 
+           &input_userauth_passwd_changereq);
+}
 
 static void
 clear_auth_state(Authctxt *authctxt)
 {
        /* XXX clear authentication state */
+       dispatch_set(SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ, NULL);
+
        if (authctxt->last_key != NULL && authctxt->last_key_hint == -1) {
                debug3("clear_auth_state: key_free %p", authctxt->last_key);
                key_free(authctxt->last_key);