set the isserver flag (oops)

fix password auth for the server

--HG--
extra : convert_revision : 234eb604aabaef9ed0dd496ff8db8ecc212ca18c
This commit is contained in:
Matt Johnston 2004-07-29 02:19:03 +00:00
parent 2d82f73484
commit e1491b8ec6
6 changed files with 21 additions and 32 deletions

View File

@ -13,27 +13,6 @@ void cli_authinitialise() {
}
void cli_get_user() {
uid_t uid;
struct passwd *pw;
TRACE(("enter cli_get_user"));
if (cli_opts.username != NULL) {
ses.authstate.username = cli_opts.username;
} else {
uid = getuid();
pw = getpwuid(uid);
if (pw == NULL || pw->pw_name == NULL) {
dropbear_exit("Couldn't find username for current user");
}
ses.authstate.username = m_strdup(pw->pw_name);
}
TRACE(("leave cli_get_user: %s", ses.authstate.username));
}
/* Send a "none" auth request to get available methods */
void cli_auth_getmethods() {
@ -42,8 +21,8 @@ void cli_auth_getmethods() {
CHECKCLEARTOWRITE();
buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_REQUEST);
buf_putstring(ses.writepayload, ses.authstate.username,
strlen(ses.authstate.username));
buf_putstring(ses.writepayload, cli_opts.username,
strlen(cli_opts.username));
buf_putstring(ses.writepayload, SSH_SERVICE_CONNECTION,
SSH_SERVICE_CONNECTION_LEN);
buf_putstring(ses.writepayload, "none", 4); /* 'none' method */

View File

@ -3,6 +3,7 @@
#include "dbutil.h"
#include "session.h"
#include "ssh.h"
#include "runopts.h"
int cli_auth_password() {
@ -14,8 +15,8 @@ int cli_auth_password() {
buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_REQUEST);
buf_putstring(ses.writepayload, ses.authstate.username,
strlen(ses.authstate.username));
buf_putstring(ses.writepayload, cli_opts.username,
strlen(cli_opts.username));
buf_putstring(ses.writepayload, SSH_SERVICE_CONNECTION,
SSH_SERVICE_CONNECTION_LEN);

View File

@ -83,6 +83,8 @@ static void cli_session_init() {
/* packet handlers */
ses.packettypes = cli_packettypes;
ses.isserver = 0;
}
/* This function drives the progress of the session - it initiates KEX,
@ -136,7 +138,6 @@ static void cli_sessionloop() {
/* userauth code */
case SERVICE_AUTH_ACCEPT_RCVD:
cli_get_user();
cli_auth_getmethods();
cli_ses.state = USERAUTH_METHODS_SENT;
TRACE(("leave cli_sessionloop: sent userauth methods req"));

View File

@ -55,7 +55,7 @@ const unsigned char dh_p_val[] = {
const int DH_G_VAL = 2;
static void kexinitialise();
static void gen_new_keys();
void gen_new_keys();
#ifndef DISABLE_ZLIB
static void gen_new_zstreams();
#endif
@ -253,7 +253,7 @@ static void hashkeys(unsigned char *out, int outlen,
* taken into use after both sides have sent a newkeys message */
/* Originally from kex.c, generalized for cli/svr mode --mihnea */
static void gen_new_keys() {
void gen_new_keys() {
unsigned char C2S_IV[MAX_IV_LEN];
unsigned char C2S_key[MAX_KEY_LEN];
@ -276,9 +276,6 @@ static void gen_new_keys() {
sha1_process(&hs, ses.hash, SHA1_HASH_SIZE);
m_burn(ses.hash, SHA1_HASH_SIZE);
hashkeys(C2S_IV, SHA1_HASH_SIZE, &hs, 'A');
hashkeys(S2C_IV, SHA1_HASH_SIZE, &hs, 'B');
if (IS_DROPBEAR_CLIENT) {
trans_IV = C2S_IV;
recv_IV = S2C_IV;
@ -299,6 +296,8 @@ static void gen_new_keys() {
macrecvletter = 'E';
}
hashkeys(C2S_IV, SHA1_HASH_SIZE, &hs, 'A');
hashkeys(S2C_IV, SHA1_HASH_SIZE, &hs, 'B');
hashkeys(C2S_key, C2S_keysize, &hs, 'C');
hashkeys(S2C_key, S2C_keysize, &hs, 'D');
@ -580,6 +579,8 @@ void kexdh_comb_key(mp_int *dh_pub_us, mp_int *dh_priv, mp_int *dh_pub_them,
sha1_process(&hs, buf_getptr(ses.kexhashbuf, ses.kexhashbuf->len),
ses.kexhashbuf->len);
sha1_done(&hs, ses.hash);
buf_burn(ses.kexhashbuf);
buf_free(ses.kexhashbuf);
ses.kexhashbuf = NULL;

View File

@ -58,7 +58,7 @@ static void authclear() {
ses.authstate.authtypes |= AUTH_TYPE_PUBKEY;
#endif
#ifdef DROPBEAR_PASSWORD_AUTH
if (svr_opts.noauthpass) {
if (!svr_opts.noauthpass) {
ses.authstate.authtypes |= AUTH_TYPE_PASSWORD;
}
#endif
@ -100,6 +100,7 @@ void recv_msg_userauth_request() {
/* ignore packets if auth is already done */
if (ses.authstate.authdone == 1) {
TRACE(("leave recv_msg_userauth_request: authdone already"));
return;
}
@ -129,6 +130,7 @@ void recv_msg_userauth_request() {
if (methodlen == AUTH_METHOD_NONE_LEN &&
strncmp(methodname, AUTH_METHOD_NONE,
AUTH_METHOD_NONE_LEN) == 0) {
TRACE(("recv_msg_userauth_request: 'none' request"));
send_msg_userauth_failure(0, 0);
goto out;
}
@ -305,6 +307,9 @@ void send_msg_userauth_failure(int partial, int incrfail) {
buf_putbyte(ses.writepayload, partial ? 1 : 0);
encrypt_packet();
TRACE(("auth fail: methods %d, '%s'", ses.authstate.authtypes,
buf_getptr(typebuf, typebuf->len)));
if (incrfail) {
usleep(300000); /* XXX improve this */
ses.authstate.failcount++;

View File

@ -96,6 +96,8 @@ void svr_session(int sock, int childpipe, char* remotehost) {
ses.packettypes = svr_packettypes;
ses.buf_match_algo = svr_buf_match_algo;
ses.isserver = 1;
/* We're ready to go now */
sessinitdone = 1;