auth-chall.c revision 147005
176259Sgreen/* 276259Sgreen * Copyright (c) 2001 Markus Friedl. All rights reserved. 376259Sgreen * 476259Sgreen * Redistribution and use in source and binary forms, with or without 576259Sgreen * modification, are permitted provided that the following conditions 676259Sgreen * are met: 776259Sgreen * 1. Redistributions of source code must retain the above copyright 876259Sgreen * notice, this list of conditions and the following disclaimer. 976259Sgreen * 2. Redistributions in binary form must reproduce the above copyright 1076259Sgreen * notice, this list of conditions and the following disclaimer in the 1176259Sgreen * documentation and/or other materials provided with the distribution. 1276259Sgreen * 1376259Sgreen * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 1476259Sgreen * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 1576259Sgreen * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 1676259Sgreen * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 1776259Sgreen * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 1876259Sgreen * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 1976259Sgreen * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 2076259Sgreen * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 2176259Sgreen * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 2276259Sgreen * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 2376259Sgreen */ 2476259Sgreen 2576259Sgreen#include "includes.h" 26126277SdesRCSID("$OpenBSD: auth-chall.c,v 1.9 2003/11/03 09:03:37 djm Exp $"); 27110138SdesRCSID("$FreeBSD: head/crypto/openssh/auth-chall.c 147005 2005-06-05 15:46:09Z des $"); 2876259Sgreen 2976259Sgreen#include "auth.h" 3076259Sgreen#include "log.h" 3192559Sdes#include "xmalloc.h" 32147005Sdes#include "servconf.h" 3376259Sgreen 3492559Sdes/* limited protocol v1 interface to kbd-interactive authentication */ 3592559Sdes 3692559Sdesextern KbdintDevice *devices[]; 3792559Sdesstatic KbdintDevice *device; 38147005Sdesextern ServerOptions options; 3992559Sdes 4076259Sgreenchar * 4192559Sdesget_challenge(Authctxt *authctxt) 4276259Sgreen{ 4392559Sdes char *challenge, *name, *info, **prompts; 4492559Sdes u_int i, numprompts; 4592559Sdes u_int *echo_on; 4676259Sgreen 47147005Sdes#ifdef USE_PAM 48147005Sdes if (!options.use_pam) 49147005Sdes remove_kbdint_device("pam"); 50147005Sdes#endif 51147005Sdes 5292559Sdes device = devices[0]; /* we always use the 1st device for protocol 1 */ 5392559Sdes if (device == NULL) 5492559Sdes return NULL; 5592559Sdes if ((authctxt->kbdintctxt = device->init_ctx(authctxt)) == NULL) 5692559Sdes return NULL; 5792559Sdes if (device->query(authctxt->kbdintctxt, &name, &info, 5892559Sdes &numprompts, &prompts, &echo_on)) { 5992559Sdes device->free_ctx(authctxt->kbdintctxt); 6092559Sdes authctxt->kbdintctxt = NULL; 6192559Sdes return NULL; 6276259Sgreen } 6392559Sdes if (numprompts < 1) 6492559Sdes fatal("get_challenge: numprompts < 1"); 6592559Sdes challenge = xstrdup(prompts[0]); 6692559Sdes for (i = 0; i < numprompts; i++) 6792559Sdes xfree(prompts[i]); 6892559Sdes xfree(prompts); 6992559Sdes xfree(name); 7092559Sdes xfree(echo_on); 7192559Sdes xfree(info); 7292559Sdes 7392559Sdes return (challenge); 7476259Sgreen} 7576259Sgreenint 7692559Sdesverify_response(Authctxt *authctxt, const char *response) 7776259Sgreen{ 78126277Sdes char *resp[1], *name, *info, **prompts; 79126277Sdes u_int i, numprompts, *echo_on; 80126277Sdes int authenticated = 0; 8176259Sgreen 8292559Sdes if (device == NULL) 8392559Sdes return 0; 8492559Sdes if (authctxt->kbdintctxt == NULL) 8592559Sdes return 0; 8692559Sdes resp[0] = (char *)response; 87126277Sdes switch (device->respond(authctxt->kbdintctxt, 1, resp)) { 88126277Sdes case 0: /* Success */ 89126277Sdes authenticated = 1; 90126277Sdes break; 91126277Sdes case 1: /* Postponed - retry with empty query for PAM */ 92126277Sdes if ((device->query(authctxt->kbdintctxt, &name, &info, 93126277Sdes &numprompts, &prompts, &echo_on)) != 0) 94126277Sdes break; 95126277Sdes if (numprompts == 0 && 96126277Sdes device->respond(authctxt->kbdintctxt, 0, resp) == 0) 97126277Sdes authenticated = 1; 98110138Sdes 99126277Sdes for (i = 0; i < numprompts; i++) 100126277Sdes xfree(prompts[i]); 101126277Sdes xfree(prompts); 102126277Sdes xfree(name); 103126277Sdes xfree(echo_on); 104126277Sdes xfree(info); 105126277Sdes break; 106110138Sdes } 10792559Sdes device->free_ctx(authctxt->kbdintctxt); 10892559Sdes authctxt->kbdintctxt = NULL; 109126277Sdes return authenticated; 11076259Sgreen} 111112870Sdesvoid 112112870Sdesabandon_challenge_response(Authctxt *authctxt) 113112870Sdes{ 114112870Sdes if (authctxt->kbdintctxt != NULL) { 115112870Sdes device->free_ctx(authctxt->kbdintctxt); 116112870Sdes authctxt->kbdintctxt = NULL; 117112870Sdes } 118112870Sdes} 119