auth-chall.c (76262) | auth-chall.c (92559) |
---|---|
1/* 2 * Copyright (c) 2001 Markus Friedl. All rights reserved. 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions 6 * are met: 7 * 1. Redistributions of source code must retain the above copyright 8 * notice, this list of conditions and the following disclaimer. --- 9 unchanged lines hidden (view full) --- 18 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 19 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 20 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 21 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 23 */ 24 25#include "includes.h" | 1/* 2 * Copyright (c) 2001 Markus Friedl. All rights reserved. 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions 6 * are met: 7 * 1. Redistributions of source code must retain the above copyright 8 * notice, this list of conditions and the following disclaimer. --- 9 unchanged lines hidden (view full) --- 18 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 19 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 20 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 21 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 23 */ 24 25#include "includes.h" |
26RCSID("$OpenBSD: auth-chall.c,v 1.7 2001/04/05 10:42:47 markus Exp $"); 27RCSID("$FreeBSD: head/crypto/openssh/auth-chall.c 76262 2001-05-04 04:14:23Z green $"); | 26RCSID("$OpenBSD: auth-chall.c,v 1.8 2001/05/18 14:13:28 markus Exp $"); 27RCSID("$FreeBSD: head/crypto/openssh/auth-chall.c 92559 2002-03-18 10:09:43Z des $"); |
28 29#include "auth.h" 30#include "log.h" | 28 29#include "auth.h" 30#include "log.h" |
31#include "xmalloc.h" |
|
31 | 32 |
32#ifdef BSD_AUTH | 33/* limited protocol v1 interface to kbd-interactive authentication */ 34 35extern KbdintDevice *devices[]; 36static KbdintDevice *device; 37 |
33char * | 38char * |
34get_challenge(Authctxt *authctxt, char *devs) | 39get_challenge(Authctxt *authctxt) |
35{ | 40{ |
36 char *challenge; | 41 char *challenge, *name, *info, **prompts; 42 u_int i, numprompts; 43 u_int *echo_on; |
37 | 44 |
38 if (authctxt->as != NULL) { 39 debug2("try reuse session"); 40 challenge = auth_getitem(authctxt->as, AUTHV_CHALLENGE); 41 if (challenge != NULL) { 42 debug2("reuse bsd auth session"); 43 return challenge; 44 } 45 auth_close(authctxt->as); 46 authctxt->as = NULL; 47 } 48 debug2("new bsd auth session"); 49 if (devs == NULL || strlen(devs) == 0) 50 devs = authctxt->style; 51 debug3("bsd auth: devs %s", devs ? devs : "<default>"); 52 authctxt->as = auth_userchallenge(authctxt->user, devs, "auth-ssh", 53 &challenge); 54 if (authctxt->as == NULL) | 45 device = devices[0]; /* we always use the 1st device for protocol 1 */ 46 if (device == NULL) |
55 return NULL; | 47 return NULL; |
56 debug2("get_challenge: <%s>", challenge ? challenge : "EMPTY"); 57 return challenge; | 48 if ((authctxt->kbdintctxt = device->init_ctx(authctxt)) == NULL) 49 return NULL; 50 if (device->query(authctxt->kbdintctxt, &name, &info, 51 &numprompts, &prompts, &echo_on)) { 52 device->free_ctx(authctxt->kbdintctxt); 53 authctxt->kbdintctxt = NULL; 54 return NULL; 55 } 56 if (numprompts < 1) 57 fatal("get_challenge: numprompts < 1"); 58 challenge = xstrdup(prompts[0]); 59 for (i = 0; i < numprompts; i++) 60 xfree(prompts[i]); 61 xfree(prompts); 62 xfree(name); 63 xfree(echo_on); 64 xfree(info); 65 66 return (challenge); |
58} 59int | 67} 68int |
60verify_response(Authctxt *authctxt, char *response) | 69verify_response(Authctxt *authctxt, const char *response) |
61{ | 70{ |
62 int authok; | 71 char *resp[1]; 72 int res; |
63 | 73 |
64 if (authctxt->as == 0) 65 error("verify_response: no bsd auth session"); 66 authok = auth_userresponse(authctxt->as, response, 0); 67 authctxt->as = NULL; 68 debug("verify_response: <%s> = <%d>", response, authok); 69 return authok != 0; | 74 if (device == NULL) 75 return 0; 76 if (authctxt->kbdintctxt == NULL) 77 return 0; 78 resp[0] = (char *)response; 79 res = device->respond(authctxt->kbdintctxt, 1, resp); 80 device->free_ctx(authctxt->kbdintctxt); 81 authctxt->kbdintctxt = NULL; 82 return res ? 0 : 1; |
70} | 83} |
71#else 72#ifdef SKEY 73#include <opie.h> 74 75char * 76get_challenge(Authctxt *authctxt, char *devs) 77{ 78 static char challenge[1024]; 79 struct opie opie; 80 if (opiechallenge(&opie, authctxt->user, challenge) == -1) 81 return NULL; 82 strlcat(challenge, "\nS/Key Password: ", sizeof challenge); 83 return challenge; 84} 85int 86verify_response(Authctxt *authctxt, char *response) 87{ 88 return (authctxt->valid && 89 opie_haskey(authctxt->pw->pw_name) == 0 && 90 opie_passverify(authctxt->pw->pw_name, response) != -1); 91} 92#else 93/* not available */ 94char * 95get_challenge(Authctxt *authctxt, char *devs) 96{ 97 return NULL; 98} 99int 100verify_response(Authctxt *authctxt, char *response) 101{ 102 return 0; 103} 104#endif 105#endif | |