nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-07-02 03:52:49 -05:00
Code Issues Projects Releases Wiki Activity

New feature: k-i authentication helper plugins.

Browse Source 
In recent months I've had two requests from different people to build
support into PuTTY for automatically handling complicated third-party
auth protocols layered on top of keyboard-interactive - the kind of
thing where you're asked to enter some auth response, and you have to
refer to some external source like a web server to find out what the
right response _is_, which is a pain to do by hand, so you'd prefer it
to be automated in the SSH client.

That seems like a reasonable thing for an end user to want, but I
didn't think it was a good idea to build support for specific
protocols of that kind directly into PuTTY, where there would no doubt
be an ever-lengthening list, and maintenance needed on all of them.

So instead, in collaboration with one of my correspondents, I've
designed and implemented a protocol to be spoken between PuTTY and a
plugin running as a subprocess. The plugin can opt to handle the
keyboard-interactive authentication loop on behalf of the user, in
which case PuTTY passes on all the INFO_REQUEST packets to it, and
lets it make up responses. It can also ask questions of the user if
necessary.

The protocol spec is provided in a documentation appendix. The entire
configuration for the end user consists of providing a full command
line to use as the subprocess.

In the contrib directory I've provided an example plugin written in
Python. It gives a set of fixed responses suitable for getting through
Uppity's made-up k-i system, because that was a reasonable thing I
already had lying around to test against. But it also provides example
code that someone else could pick up and insert their own live
response-provider into the middle of, assuming they were happy with it
being in Python.
This commit is contained in:
Simon Tatham
2022-09-01 19:38:46 +01:00
parent 1f32a16dc8
commit 15f097f399
12 changed files with 1309 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
settings.c
View File

@ -633,6 +633,7 @@ void save_open_settings(settings_w *sesskey, Conf *conf)
write_setting_b(sesskey, "SSH2DES", conf_get_bool(conf, CONF_ssh2_des_cbc));
write_setting_filename(sesskey, "PublicKeyFile", conf_get_filename(conf, CONF_keyfile));
write_setting_filename(sesskey, "DetachedCertificate", conf_get_filename(conf, CONF_detached_cert));
write_setting_s(sesskey, "AuthPlugin", conf_get_str(conf, CONF_auth_plugin));
write_setting_s(sesskey, "RemoteCommand", conf_get_str(conf, CONF_remote_cmd));
write_setting_b(sesskey, "RFCEnviron", conf_get_bool(conf, CONF_rfc_environ));
write_setting_b(sesskey, "PassiveTelnet", conf_get_bool(conf, CONF_passive_telnet));
@ -1052,6 +1053,7 @@ void load_open_settings(settings_r *sesskey, Conf *conf)
gppb(sesskey, "SshNoShell", false, conf, CONF_ssh_no_shell);
gppfile(sesskey, "PublicKeyFile", conf, CONF_keyfile);
gppfile(sesskey, "DetachedCertificate", conf, CONF_detached_cert);
gpps(sesskey, "AuthPlugin", "", conf, CONF_auth_plugin);
gpps(sesskey, "RemoteCommand", "", conf, CONF_remote_cmd);
gppb(sesskey, "RFCEnviron", false, conf, CONF_rfc_environ);
gppb(sesskey, "PassiveTelnet", false, conf, CONF_passive_telnet);