auth-chall.c revision 120405
1/* 2 * Copyright (c) 2001 Markus Friedl. All rights reserved. 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions 6 * are met: 7 * 1. Redistributions of source code must retain the above copyright 8 * notice, this list of conditions and the following disclaimer. 9 * 2. Redistributions in binary form must reproduce the above copyright 10 * notice, this list of conditions and the following disclaimer in the 11 * documentation and/or other materials provided with the distribution. 12 * 13 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 14 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 15 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 16 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 17 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 18 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 19 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 20 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 21 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 23 */ 24 25#include "includes.h" 26RCSID("$OpenBSD: auth-chall.c,v 1.8 2001/05/18 14:13:28 markus Exp $"); 27RCSID("$FreeBSD: head/crypto/openssh/auth-chall.c 120405 2003-09-24 18:24:27Z des $"); 28 29#include "auth.h" 30#include "log.h" 31#include "xmalloc.h" 32 33/* limited protocol v1 interface to kbd-interactive authentication */ 34 35extern KbdintDevice *devices[]; 36static KbdintDevice *device; 37 38char * 39get_challenge(Authctxt *authctxt) 40{ 41 char *challenge, *name, *info, **prompts; 42 u_int i, numprompts; 43 u_int *echo_on; 44 45 device = devices[0]; /* we always use the 1st device for protocol 1 */ 46 if (device == NULL) 47 return NULL; 48 if ((authctxt->kbdintctxt = device->init_ctx(authctxt)) == NULL) 49 return NULL; 50 if (device->query(authctxt->kbdintctxt, &name, &info, 51 &numprompts, &prompts, &echo_on)) { 52 device->free_ctx(authctxt->kbdintctxt); 53 authctxt->kbdintctxt = NULL; 54 return NULL; 55 } 56 if (numprompts < 1) 57 fatal("get_challenge: numprompts < 1"); 58 challenge = xstrdup(prompts[0]); 59 for (i = 0; i < numprompts; i++) 60 xfree(prompts[i]); 61 xfree(prompts); 62 xfree(name); 63 xfree(echo_on); 64 xfree(info); 65 66 return (challenge); 67} 68int 69verify_response(Authctxt *authctxt, const char *response) 70{ 71 char *resp[1]; 72 int res; 73 74 if (device == NULL) 75 return 0; 76 if (authctxt->kbdintctxt == NULL) 77 return 0; 78 resp[0] = (char *)response; 79 res = device->respond(authctxt->kbdintctxt, 1, resp); 80 if (res == 1) { 81 /* postponed - send a null query just in case */ 82 char *name, *info, **prompts; 83 u_int i, numprompts, *echo_on; 84 85 res = device->query(authctxt->kbdintctxt, &name, &info, 86 &numprompts, &prompts, &echo_on); 87 if (res == 0) { 88 for (i = 0; i < numprompts; i++) 89 xfree(prompts[i]); 90 xfree(prompts); 91 xfree(name); 92 xfree(echo_on); 93 xfree(info); 94 } 95 /* if we received more prompts, we're screwed */ 96 res = (res == 0 && numprompts == 0) ? 0 : -1; 97 } 98 device->free_ctx(authctxt->kbdintctxt); 99 authctxt->kbdintctxt = NULL; 100 return res ? 0 : 1; 101} 102void 103abandon_challenge_response(Authctxt *authctxt) 104{ 105 if (authctxt->kbdintctxt != NULL) { 106 device->free_ctx(authctxt->kbdintctxt); 107 authctxt->kbdintctxt = NULL; 108 } 109} 110