auth-chall.c revision 149753
1/* 2 * Copyright (c) 2001 Markus Friedl. All rights reserved. 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions 6 * are met: 7 * 1. Redistributions of source code must retain the above copyright 8 * notice, this list of conditions and the following disclaimer. 9 * 2. Redistributions in binary form must reproduce the above copyright 10 * notice, this list of conditions and the following disclaimer in the 11 * documentation and/or other materials provided with the distribution. 12 * 13 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 14 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 15 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 16 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 17 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 18 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 19 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 20 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 21 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 23 */ 24 25#include "includes.h" 26RCSID("$OpenBSD: auth-chall.c,v 1.9 2003/11/03 09:03:37 djm Exp $"); 27RCSID("$FreeBSD: head/crypto/openssh/auth-chall.c 147005 2005-06-05 15:46:09Z des $"); 28 29#include "auth.h" 30#include "log.h" 31#include "xmalloc.h" 32#include "servconf.h" 33 34/* limited protocol v1 interface to kbd-interactive authentication */ 35 36extern KbdintDevice *devices[]; 37static KbdintDevice *device; 38extern ServerOptions options; 39 40char * 41get_challenge(Authctxt *authctxt) 42{ 43 char *challenge, *name, *info, **prompts; 44 u_int i, numprompts; 45 u_int *echo_on; 46 47#ifdef USE_PAM 48 if (!options.use_pam) 49 remove_kbdint_device("pam"); 50#endif 51 52 device = devices[0]; /* we always use the 1st device for protocol 1 */ 53 if (device == NULL) 54 return NULL; 55 if ((authctxt->kbdintctxt = device->init_ctx(authctxt)) == NULL) 56 return NULL; 57 if (device->query(authctxt->kbdintctxt, &name, &info, 58 &numprompts, &prompts, &echo_on)) { 59 device->free_ctx(authctxt->kbdintctxt); 60 authctxt->kbdintctxt = NULL; 61 return NULL; 62 } 63 if (numprompts < 1) 64 fatal("get_challenge: numprompts < 1"); 65 challenge = xstrdup(prompts[0]); 66 for (i = 0; i < numprompts; i++) 67 xfree(prompts[i]); 68 xfree(prompts); 69 xfree(name); 70 xfree(echo_on); 71 xfree(info); 72 73 return (challenge); 74} 75int 76verify_response(Authctxt *authctxt, const char *response) 77{ 78 char *resp[1], *name, *info, **prompts; 79 u_int i, numprompts, *echo_on; 80 int authenticated = 0; 81 82 if (device == NULL) 83 return 0; 84 if (authctxt->kbdintctxt == NULL) 85 return 0; 86 resp[0] = (char *)response; 87 switch (device->respond(authctxt->kbdintctxt, 1, resp)) { 88 case 0: /* Success */ 89 authenticated = 1; 90 break; 91 case 1: /* Postponed - retry with empty query for PAM */ 92 if ((device->query(authctxt->kbdintctxt, &name, &info, 93 &numprompts, &prompts, &echo_on)) != 0) 94 break; 95 if (numprompts == 0 && 96 device->respond(authctxt->kbdintctxt, 0, resp) == 0) 97 authenticated = 1; 98 99 for (i = 0; i < numprompts; i++) 100 xfree(prompts[i]); 101 xfree(prompts); 102 xfree(name); 103 xfree(echo_on); 104 xfree(info); 105 break; 106 } 107 device->free_ctx(authctxt->kbdintctxt); 108 authctxt->kbdintctxt = NULL; 109 return authenticated; 110} 111void 112abandon_challenge_response(Authctxt *authctxt) 113{ 114 if (authctxt->kbdintctxt != NULL) { 115 device->free_ctx(authctxt->kbdintctxt); 116 authctxt->kbdintctxt = NULL; 117 } 118} 119