auth-chall.c revision 76260
1/* 2 * Copyright (c) 2001 Markus Friedl. All rights reserved. 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions 6 * are met: 7 * 1. Redistributions of source code must retain the above copyright 8 * notice, this list of conditions and the following disclaimer. 9 * 2. Redistributions in binary form must reproduce the above copyright 10 * notice, this list of conditions and the following disclaimer in the 11 * documentation and/or other materials provided with the distribution. 12 * 13 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 14 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 15 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 16 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 17 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 18 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 19 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 20 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 21 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 23 */ 24 25#include "includes.h" 26RCSID("$OpenBSD: auth-chall.c,v 1.7 2001/04/05 10:42:47 markus Exp $"); 27 28#include "auth.h" 29#include "log.h" 30 31#ifdef BSD_AUTH 32char * 33get_challenge(Authctxt *authctxt, char *devs) 34{ 35 char *challenge; 36 37 if (authctxt->as != NULL) { 38 debug2("try reuse session"); 39 challenge = auth_getitem(authctxt->as, AUTHV_CHALLENGE); 40 if (challenge != NULL) { 41 debug2("reuse bsd auth session"); 42 return challenge; 43 } 44 auth_close(authctxt->as); 45 authctxt->as = NULL; 46 } 47 debug2("new bsd auth session"); 48 if (devs == NULL || strlen(devs) == 0) 49 devs = authctxt->style; 50 debug3("bsd auth: devs %s", devs ? devs : "<default>"); 51 authctxt->as = auth_userchallenge(authctxt->user, devs, "auth-ssh", 52 &challenge); 53 if (authctxt->as == NULL) 54 return NULL; 55 debug2("get_challenge: <%s>", challenge ? challenge : "EMPTY"); 56 return challenge; 57} 58int 59verify_response(Authctxt *authctxt, char *response) 60{ 61 int authok; 62 63 if (authctxt->as == 0) 64 error("verify_response: no bsd auth session"); 65 authok = auth_userresponse(authctxt->as, response, 0); 66 authctxt->as = NULL; 67 debug("verify_response: <%s> = <%d>", response, authok); 68 return authok != 0; 69} 70#else 71#ifdef SKEY 72#include <skey.h> 73 74char * 75get_challenge(Authctxt *authctxt, char *devs) 76{ 77 static char challenge[1024]; 78 struct skey skey; 79 if (skeychallenge(&skey, authctxt->user, challenge) == -1) 80 return NULL; 81 strlcat(challenge, "\nS/Key Password: ", sizeof challenge); 82 return challenge; 83} 84int 85verify_response(Authctxt *authctxt, char *response) 86{ 87 return (authctxt->valid && 88 skey_haskey(authctxt->pw->pw_name) == 0 && 89 skey_passcheck(authctxt->pw->pw_name, response) != -1); 90} 91#else 92/* not available */ 93char * 94get_challenge(Authctxt *authctxt, char *devs) 95{ 96 return NULL; 97} 98int 99verify_response(Authctxt *authctxt, char *response) 100{ 101 return 0; 102} 103#endif 104#endif 105