From 03d9eb5e85fde64890559e5f6285d22848e625bc Mon Sep 17 00:00:00 2001 From: mouring Date: Fri, 19 Jan 2001 04:29:23 +0000 Subject: [PATCH] Oops.. missed theses in the merge. --- auth-skey.c | 215 --------------------------------------------------- auth2-skey.c | 107 ------------------------- 2 files changed, 322 deletions(-) delete mode 100644 auth-skey.c delete mode 100644 auth2-skey.c diff --git a/auth-skey.c b/auth-skey.c deleted file mode 100644 index 7088b790..00000000 --- a/auth-skey.c +++ /dev/null @@ -1,215 +0,0 @@ -/* - * Copyright (c) 1999,2000 Markus Friedl. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include "includes.h" -RCSID("$OpenBSD: auth-skey.c,v 1.9 2000/10/19 16:41:13 deraadt Exp $"); - -#ifdef SKEY -#include "ssh.h" -#include "packet.h" -#include - -/* from %OpenBSD: skeylogin.c,v 1.32 1999/08/16 14:46:56 millert Exp % */ - -/* - * try skey authentication, - * return 1 on success, 0 on failure, -1 if skey is not available - */ - -int -auth_skey_password(struct passwd * pw, const char *password) -{ - if (strncasecmp(password, "s/key", 5) == 0) { - char *skeyinfo = skey_keyinfo(pw->pw_name); - if (skeyinfo == NULL) { - debug("generating fake skeyinfo for %.100s.", - pw->pw_name); - skeyinfo = skey_fake_keyinfo(pw->pw_name); - } - if (skeyinfo != NULL) - packet_send_debug("%s", skeyinfo); - /* Try again. */ - return 0; - } else if (skey_haskey(pw->pw_name) == 0 && - skey_passcheck(pw->pw_name, (char *) password) != -1) { - /* Authentication succeeded. */ - return 1; - } - /* Fall back to ordinary passwd authentication. */ - return -1; -} - -/* from %OpenBSD: skeylogin.c,v 1.32 1999/08/16 14:46:56 millert Exp % */ - -#define ROUND(x) (((x)[0] << 24) + (((x)[1]) << 16) + (((x)[2]) << 8) + \ - ((x)[3])) - -/* - * hash_collapse() - */ -static u_int32_t -hash_collapse(s) - u_char *s; -{ - int len, target; - u_int32_t i; - - if ((strlen(s) % sizeof(u_int32_t)) == 0) - target = strlen(s); /* Multiple of 4 */ - else - target = strlen(s) - (strlen(s) % sizeof(u_int32_t)); - - for (i = 0, len = 0; len < target; len += 4) - i ^= ROUND(s + len); - - return i; -} - -char * -skey_fake_keyinfo(char *username) -{ - int i; - u_int ptr; - u_char hseed[SKEY_MAX_SEED_LEN], flg = 1, *up; - char pbuf[SKEY_MAX_PW_LEN+1]; - static char skeyprompt[SKEY_MAX_CHALLENGE+1]; - char *secret = NULL; - size_t secretlen = 0; - SHA_CTX ctx; - char *p, *u; - - /* - * Base first 4 chars of seed on hostname. - * Add some filler for short hostnames if necessary. - */ - if (gethostname(pbuf, sizeof(pbuf)) == -1) - *(p = pbuf) = '.'; - else - for (p = pbuf; *p && isalnum(*p); p++) - if (isalpha(*p) && isupper(*p)) - *p = tolower(*p); - if (*p && pbuf - p < 4) - (void)strncpy(p, "asjd", 4 - (pbuf - p)); - pbuf[4] = '\0'; - - /* Hash the username if possible */ - up = malloc(SHA_DIGEST_LENGTH); - if (up != NULL) { - struct stat sb; - time_t t; - int fd; - - SHA1_Init(&ctx); - SHA1_Update(&ctx, username, strlen(username)); - SHA1_Final(up, &ctx); - - /* Collapse the hash */ - ptr = hash_collapse(up); - memset(up, 0, strlen(up)); - - /* See if the random file's there, else use ctime */ - if ((fd = open(_SKEY_RAND_FILE_PATH_, O_RDONLY)) != -1 - && fstat(fd, &sb) == 0 && - sb.st_size > (off_t)SKEY_MAX_SEED_LEN && - lseek(fd, ptr % (sb.st_size - SKEY_MAX_SEED_LEN), - SEEK_SET) != -1 && read(fd, hseed, - SKEY_MAX_SEED_LEN) == SKEY_MAX_SEED_LEN) { - close(fd); - fd = -1; - secret = hseed; - secretlen = SKEY_MAX_SEED_LEN; - flg = 0; - } else if (!stat(_PATH_MEM, &sb) || !stat("/", &sb)) { - t = sb.st_ctime; - secret = ctime(&t); - secretlen = strlen(secret); - flg = 0; - } - if (fd != -1) - close(fd); - } - - /* Put that in your pipe and smoke it */ - if (flg == 0) { - /* Hash secret value with username */ - SHA1_Init(&ctx); - SHA1_Update(&ctx, secret, secretlen); - SHA1_Update(&ctx, username, strlen(username)); - SHA1_Final(up, &ctx); - - /* Zero out */ - memset(secret, 0, secretlen); - - /* Now hash the hash */ - SHA1_Init(&ctx); - SHA1_Update(&ctx, up, strlen(up)); - SHA1_Final(up, &ctx); - - ptr = hash_collapse(up + 4); - - for (i = 4; i < 9; i++) { - pbuf[i] = (ptr % 10) + '0'; - ptr /= 10; - } - pbuf[i] = '\0'; - - /* Sequence number */ - ptr = ((up[2] + up[3]) % 99) + 1; - - memset(up, 0, SHA_DIGEST_LENGTH); /* SHA1 specific */ - free(up); - - (void)snprintf(skeyprompt, sizeof skeyprompt, - "otp-%.*s %d %.*s", - SKEY_MAX_HASHNAME_LEN, - skey_get_algorithm(), - ptr, SKEY_MAX_SEED_LEN, - pbuf); - } else { - /* Base last 8 chars of seed on username */ - u = username; - i = 8; - p = &pbuf[4]; - do { - if (*u == 0) { - /* Pad remainder with zeros */ - while (--i >= 0) - *p++ = '0'; - break; - } - - *p++ = (*u++ % 10) + '0'; - } while (--i != 0); - pbuf[12] = '\0'; - - (void)snprintf(skeyprompt, sizeof skeyprompt, - "otp-%.*s %d %.*s", - SKEY_MAX_HASHNAME_LEN, - skey_get_algorithm(), - 99, SKEY_MAX_SEED_LEN, pbuf); - } - return skeyprompt; -} - -#endif /* SKEY */ diff --git a/auth2-skey.c b/auth2-skey.c deleted file mode 100644 index dbf24f67..00000000 --- a/auth2-skey.c +++ /dev/null @@ -1,107 +0,0 @@ -#include "includes.h" -RCSID("$OpenBSD: auth2-skey.c,v 1.2 2000/12/19 23:17:55 markus Exp $"); - -#ifdef SKEY -#include "ssh.h" -#include "ssh2.h" -#include "auth.h" -#include "packet.h" -#include "xmalloc.h" -#include "dispatch.h" - -void send_userauth_into_request(Authctxt *authctxt, int echo); -void input_userauth_info_response(int type, int plen, void *ctxt); - -/* - * try skey authentication, always return -1 (= postponed) since we have to - * wait for the s/key response. - */ -int -auth2_skey(Authctxt *authctxt) -{ - send_userauth_into_request(authctxt, 0); - dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE, &input_userauth_info_response); - return -1; -} - -void -send_userauth_into_request(Authctxt *authctxt, int echo) -{ - int retval = -1; - struct skey skey; - char challenge[SKEY_MAX_CHALLENGE]; - char *fake; - - if (authctxt->user == NULL) - fatal("send_userauth_into_request: internal error: no user"); - - /* get skey challenge */ - if (authctxt->valid) - retval = skeychallenge(&skey, authctxt->user, challenge); - - if (retval == -1) { - fake = skey_fake_keyinfo(authctxt->user); - strlcpy(challenge, fake, sizeof challenge); - } - /* send our info request */ - packet_start(SSH2_MSG_USERAUTH_INFO_REQUEST); - packet_put_cstring("S/Key Authentication"); /* Name */ - packet_put_cstring(challenge); /* Instruction */ - packet_put_cstring(""); /* Language */ - packet_put_int(1); /* Number of prompts */ - packet_put_cstring(echo ? - "Response [Echo]: ": "Response: "); /* Prompt */ - packet_put_char(echo); /* Echo */ - packet_send(); - packet_write_wait(); - memset(challenge, 'c', sizeof challenge); -} - -void -input_userauth_info_response(int type, int plen, void *ctxt) -{ - Authctxt *authctxt = ctxt; - int authenticated = 0; - u_int nresp, rlen; - char *resp, *method; - - if (authctxt == NULL) - fatal("input_userauth_info_response: no authentication context"); - - if (authctxt->attempt++ >= AUTH_FAIL_MAX) - packet_disconnect("too many failed userauth_requests"); - - nresp = packet_get_int(); - if (nresp == 1) { - /* we only support s/key and assume s/key for nresp == 1 */ - method = "s/key"; - resp = packet_get_string(&rlen); - packet_done(); - if (strlen(resp) == 0) { - /* - * if we received a null response, resend prompt with - * echo enabled - */ - authenticated = -1; - userauth_log(authctxt, authenticated, method); - send_userauth_into_request(authctxt, 1); - } else { - /* verify skey response */ - if (authctxt->valid && - skey_haskey(authctxt->pw->pw_name) == 0 && - skey_passcheck(authctxt->pw->pw_name, resp) != -1) { - authenticated = 1; - } else { - authenticated = 0; - } - memset(resp, 'r', rlen); - /* unregister callback */ - dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE, NULL); - userauth_log(authctxt, authenticated, method); - userauth_reply(authctxt, authenticated); - } - xfree(resp); - } -} - -#endif /* SKEY */ -- 2.45.2