mirror of
https://github.com/clearml/dropbear
synced 2025-01-31 10:57:01 +00:00
129 lines
2.9 KiB
C
129 lines
2.9 KiB
C
#include "includes.h"
|
|
#include "session.h"
|
|
#include "auth.h"
|
|
#include "dbutil.h"
|
|
#include "buffer.h"
|
|
#include "ssh.h"
|
|
#include "packet.h"
|
|
#include "runopts.h"
|
|
|
|
void cli_authinitialise() {
|
|
|
|
memset(&ses.authstate, 0, sizeof(ses.authstate));
|
|
}
|
|
|
|
|
|
/* Send a "none" auth request to get available methods */
|
|
void cli_auth_getmethods() {
|
|
|
|
TRACE(("enter cli_auth_getmethods"));
|
|
|
|
CHECKCLEARTOWRITE();
|
|
|
|
buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_REQUEST);
|
|
buf_putstring(ses.writepayload, cli_opts.username,
|
|
strlen(cli_opts.username));
|
|
buf_putstring(ses.writepayload, SSH_SERVICE_CONNECTION,
|
|
SSH_SERVICE_CONNECTION_LEN);
|
|
buf_putstring(ses.writepayload, "none", 4); /* 'none' method */
|
|
|
|
encrypt_packet();
|
|
cli_ses.state = USERAUTH_METHODS_SENT;
|
|
TRACE(("leave cli_auth_getmethods"));
|
|
|
|
}
|
|
|
|
void recv_msg_userauth_failure() {
|
|
|
|
unsigned char * methods = NULL;
|
|
unsigned char * tok = NULL;
|
|
unsigned int methlen = 0;
|
|
unsigned int partial = 0;
|
|
unsigned int i = 0;
|
|
|
|
TRACE(("<- MSG_USERAUTH_FAILURE"));
|
|
TRACE(("enter recv_msg_userauth_failure"));
|
|
|
|
methods = buf_getstring(ses.payload, &methlen);
|
|
|
|
partial = buf_getbyte(ses.payload);
|
|
|
|
if (partial) {
|
|
dropbear_log(LOG_INFO, "Authentication partially succeeded, more attempts required");
|
|
} else {
|
|
ses.authstate.failcount++;
|
|
}
|
|
|
|
TRACE(("Methods (len %d): '%s'", methlen, methods));
|
|
|
|
ses.authstate.authdone=0;
|
|
ses.authstate.authtypes=0;
|
|
|
|
/* Split with nulls rather than commas */
|
|
for (i = 0; i < methlen; i++) {
|
|
if (methods[i] == ',') {
|
|
methods[i] = '\0';
|
|
}
|
|
}
|
|
|
|
tok = methods; /* tok stores the next method we'll compare */
|
|
for (i = 0; i <= methlen; i++) {
|
|
if (methods[i] == '\0') {
|
|
TRACE(("auth method '%s'", tok));
|
|
#ifdef DROPBEAR_PUBKEY_AUTH
|
|
if (strncmp(AUTH_METHOD_PUBKEY, tok,
|
|
AUTH_METHOD_PUBKEY_LEN) == 0) {
|
|
ses.authstate.authtypes |= AUTH_TYPE_PUBKEY;
|
|
}
|
|
#endif
|
|
#ifdef DROPBEAR_PASSWORD_AUTH
|
|
if (strncmp(AUTH_METHOD_PASSWORD, tok,
|
|
AUTH_METHOD_PASSWORD_LEN) == 0) {
|
|
ses.authstate.authtypes |= AUTH_TYPE_PASSWORD;
|
|
}
|
|
#endif
|
|
tok = &methods[i+1]; /* Must make sure we don't use it after the
|
|
last loop, since it'll point to something
|
|
undefined */
|
|
}
|
|
}
|
|
|
|
cli_ses.state = USERAUTH_FAIL_RCVD;
|
|
|
|
TRACE(("leave recv_msg_userauth_failure"));
|
|
}
|
|
|
|
void recv_msg_userauth_success() {
|
|
TRACE(("received msg_userauth_success"));
|
|
ses.authstate.authdone = 1;
|
|
cli_ses.state = USERAUTH_SUCCESS_RCVD;
|
|
}
|
|
|
|
void cli_auth_try() {
|
|
|
|
TRACE(("enter cli_auth_try"));
|
|
int finished = 0;
|
|
|
|
CHECKCLEARTOWRITE();
|
|
|
|
/* XXX We hardcode that we try a pubkey first */
|
|
#ifdef DROPBEAR_PUBKEY_AUTH
|
|
if (ses.authstate.authtypes & AUTH_TYPE_PUBKEY) {
|
|
finished = cli_auth_pubkey();
|
|
}
|
|
#endif
|
|
|
|
#ifdef DROPBEAR_PASSWORD_AUTH
|
|
if (!finished && ses.authstate.authtypes & AUTH_TYPE_PASSWORD) {
|
|
finished = cli_auth_password();
|
|
}
|
|
#endif
|
|
|
|
if (!finished) {
|
|
dropbear_exit("No auth methods could be used.");
|
|
}
|
|
|
|
cli_ses.state = USERAUTH_REQ_SENT;
|
|
TRACE(("leave cli_auth_try"));
|
|
}
|