auth-chall.c revision 76259
11844Swollman/* 250476Speter * Copyright (c) 2001 Markus Friedl. All rights reserved. 31844Swollman * 41638Srgrimes * Redistribution and use in source and binary forms, with or without 594940Sru * modification, are permitted provided that the following conditions 61638Srgrimes * are met: 742915Sjdp * 1. Redistributions of source code must retain the above copyright 842915Sjdp * notice, this list of conditions and the following disclaimer. 942915Sjdp * 2. Redistributions in binary form must reproduce the above copyright 1042915Sjdp * notice, this list of conditions and the following disclaimer in the 11139106Sru * documentation and/or other materials provided with the distribution. 1242915Sjdp * 1342915Sjdp * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 1442915Sjdp * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 15129024Sdes * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 16129024Sdes * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 1729141Speter * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 18129024Sdes * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 19129024Sdes * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 20129024Sdes * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 21125119Sru * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 22100332Sru * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 23100332Sru */ 2442915Sjdp 2542915Sjdp#include "includes.h" 2629141SpeterRCSID("$OpenBSD: auth-chall.c,v 1.7 2001/04/05 10:42:47 markus Exp $"); 27119607Sru 28117034Sgordon#include "auth.h" 29119607Sru#include "log.h" 30117034Sgordon 31162210Simp#ifdef BSD_AUTH 32162210Simpchar * 33162293Sobrienget_challenge(Authctxt *authctxt, char *devs) 34162210Simp{ 35162210Simp char *challenge; 36206082Snetchild 37206082Snetchild if (authctxt->as != NULL) { 38206082Snetchild debug2("try reuse session"); 39206082Snetchild challenge = auth_getitem(authctxt->as, AUTHV_CHALLENGE); 40206082Snetchild if (challenge != NULL) { 412827Sjkh debug2("reuse bsd auth session"); 422827Sjkh return challenge; 43179184Sjb } 44179184Sjb auth_close(authctxt->as); 45179184Sjb authctxt->as = NULL; 462827Sjkh } 47179184Sjb debug2("new bsd auth session"); 482827Sjkh if (devs == NULL || strlen(devs) == 0) 492827Sjkh devs = authctxt->style; 501638Srgrimes debug3("bsd auth: devs %s", devs ? devs : "<default>"); 512827Sjkh authctxt->as = auth_userchallenge(authctxt->user, devs, "auth-ssh", 521638Srgrimes &challenge); 5318529Sbde if (authctxt->as == NULL) 5418529Sbde return NULL; 551638Srgrimes debug2("get_challenge: <%s>", challenge ? challenge : "EMPTY"); 5642450Sjdp return challenge; 571638Srgrimes} 58220755Sdimint 591638Srgrimesverify_response(Authctxt *authctxt, char *response) 6096512Sru{ 61211725Simp int authok; 6296512Sru 6396512Sru if (authctxt->as == 0) 6496512Sru error("verify_response: no bsd auth session"); 6596512Sru authok = auth_userresponse(authctxt->as, response, 0); 6696512Sru authctxt->as = NULL; 6796512Sru debug("verify_response: <%s> = <%d>", response, authok); 68126890Strhodes return authok != 0; 69126890Strhodes} 701638Srgrimes#else 71202807Ssepotvin#ifdef SKEY 72210612Srpaulo#include <skey.h> 73210636Srpaulo 74210636Srpaulochar * 751638Srgrimesget_challenge(Authctxt *authctxt, char *devs) 7642450Sjdp{ 771844Swollman static char challenge[1024]; 78210612Srpaulo struct skey skey; 79210636Srpaulo if (skeychallenge(&skey, authctxt->user, challenge) == -1) 80210636Srpaulo return NULL; 811844Swollman strlcat(challenge, "\nS/Key Password: ", sizeof challenge); 8236673Sdt return challenge; 83202807Ssepotvin} 841844Swollmanint 8542450Sjdpverify_response(Authctxt *authctxt, char *response) 861844Swollman{ 871844Swollman return (authctxt->valid && 881844Swollman skey_haskey(authctxt->pw->pw_name) == 0 && 89127027Strhodes skey_passcheck(authctxt->pw->pw_name, response) != -1); 90210612Srpaulo} 91210636Srpaulo#else 92210636Srpaulo/* not available */ 931844Swollmanchar * 9442450Sjdpget_challenge(Authctxt *authctxt, char *devs) 951844Swollman{ 96210612Srpaulo return NULL; 97210636Srpaulo} 98210636Srpauloint 991844Swollmanverify_response(Authctxt *authctxt, char *response) 100117173Sru{ 101117159Sru return 0; 102210612Srpaulo} 103210636Srpaulo#endif 104210636Srpaulo#endif 1051638Srgrimes