Add TIS authentication option

[originally from svn r283]
2025-01-10 01:48:00 +00:00 · 1999-11-08 17:42:12 +00:00 · 1999-11-08 17:42:12 +00:00 · 59e798fc6d
commit 59e798fc6d
parent a764191663
5 changed files with 58 additions and 11 deletions
--- a/putty.h
+++ b/putty.h
@ -101,6 +101,7 @@ typedef struct {
    /* SSH options */
    int nopty;
    enum { CIPHER_3DES, CIPHER_BLOWFISH, CIPHER_DES } cipher;
+    int try_tis_auth;
    /* Telnet options */
    char termtype[32];
    char termspeed[32];
--- a/ssh.c
+++ b/ssh.c
@ -29,6 +29,11 @@
 #define SSH_MSG_IGNORE 32
 #define SSH_CMSG_EXIT_CONFIRMATION 33
 #define SSH_MSG_DEBUG 36
+#define SSH_CMSG_AUTH_TIS 39
+#define SSH_SMSG_AUTH_TIS_CHALLENGE 40
+#define SSH_CMSG_AUTH_TIS_RESPONSE 41
+
+#define SSH_AUTH_TIS              5

 /* Coroutine mechanics for the sillier bits of the code */
 #define crBegin1	static int crLine = 0;
@ -293,7 +298,7 @@ static void ssh_protocol(unsigned char *in, int inlen, int ispkt) {
    unsigned char cookie[8];
    struct RSAKey servkey, hostkey;
    struct MD5Context md5c;
-    unsigned long supported_ciphers_mask;
+    static unsigned long supported_ciphers_mask, supported_auths_mask;
    int cipher_type;

    extern struct ssh_cipher ssh_3des;
@ -318,10 +323,15 @@ static void ssh_protocol(unsigned char *in, int inlen, int ispkt) {

    j = makekey(pktin.body+8+i, &hostkey, &keystr2);

-    supported_ciphers_mask = (pktin.body[12+i+j] << 24) |
-                             (pktin.body[13+i+j] << 16) |
-                             (pktin.body[14+i+j] << 8) |
-                             (pktin.body[15+i+j]);
+    supported_ciphers_mask = ((pktin.body[12+i+j] << 24) |
+                              (pktin.body[13+i+j] << 16) |
+                              (pktin.body[14+i+j] << 8) |
+                              (pktin.body[15+i+j]));
+
+    supported_auths_mask = ((pktin.body[16+i+j] << 24) |
+                            (pktin.body[17+i+j] << 16) |
+                            (pktin.body[18+i+j] << 8) |
+                            (pktin.body[19+i+j]));

    MD5Update(&md5c, keystr2, hostkey.bytes);
    MD5Update(&md5c, keystr1, servkey.bytes);
@ -444,7 +454,33 @@ static void ssh_protocol(unsigned char *in, int inlen, int ispkt) {
 	static char password[100];
 	static int pos;
 	static char c;
-	c_write("password: ", 10);
+        static int pwpkt_type;
+
+        /*
+         * Show password prompt, having first obtained it via a TIS
+         * exchange if we're doing TIS authentication.
+         */
+        pwpkt_type = SSH_CMSG_AUTH_PASSWORD;
+        if (pktin.type == SSH_SMSG_FAILURE &&
+            cfg.try_tis_auth &&
+            (supported_auths_mask & (1<<SSH_AUTH_TIS))) {
+            pwpkt_type = SSH_CMSG_AUTH_TIS_RESPONSE;
+            s_wrpkt_start(SSH_CMSG_AUTH_TIS, 0);
+            s_wrpkt();
+            do { crReturnV; } while (!ispkt);
+            if (pktin.type != SSH_SMSG_AUTH_TIS_CHALLENGE) {
+                c_write("TIS authentication refused.\r\n", 29);
+            } else {
+                int challengelen = ((pktin.body[0] << 24) |
+                                    (pktin.body[1] << 16) |
+                                    (pktin.body[2] << 8) |
+                                    (pktin.body[3]));
+                c_write(pktin.body+4, challengelen);
+            }
+        }
+        if (pwpkt_type == SSH_CMSG_AUTH_PASSWORD)
+            c_write("password: ", 10);
+
 	pos = 0;
 	while (pos >= 0) {
 	    do { crReturnV; } while (ispkt);
@ -471,7 +507,7 @@ static void ssh_protocol(unsigned char *in, int inlen, int ispkt) {
 	    }
 	}
 	c_write("\r\n", 2);
-	s_wrpkt_start(SSH_CMSG_AUTH_PASSWORD, 4+strlen(password));
+	s_wrpkt_start(pwpkt_type, 4+strlen(password));
 	pktout.body[0] = pktout.body[1] = pktout.body[2] = 0;
 	pktout.body[3] = strlen(password);
 	memcpy(pktout.body+4, password, strlen(password));
@ -506,9 +542,9 @@ static void ssh_protocol(unsigned char *in, int inlen, int ispkt) {
        s_wrpkt();
        ssh_state = SSH_STATE_INTERMED;
        do { crReturnV; } while (!ispkt);
-        if (pktin.type != SSH_MSG_SUCCESS && pktin.type != SSH_MSG_FAILURE) {
+        if (pktin.type != SSH_SMSG_SUCCESS && pktin.type != SSH_SMSG_FAILURE) {
            fatalbox("Protocol confusion");
-        } else if (pktin.type == SSH_MSG_FAILURE) {
+        } else if (pktin.type == SSH_SMSG_FAILURE) {
            c_write("Server refused to allocate pty\r\n", 32);
        }
    }
@ -531,9 +567,9 @@ static void ssh_protocol(unsigned char *in, int inlen, int ispkt) {
 		c_write(pktin.body+4, len);
 	    } else if (pktin.type == SSH_MSG_DISCONNECT) {
                ssh_state = SSH_STATE_CLOSED;
-	    } else if (pktin.type == SSH_MSG_SUCCESS) {
+	    } else if (pktin.type == SSH_SMSG_SUCCESS) {
 		/* may be from EXEC_SHELL on some servers */
-	    } else if (pktin.type == SSH_MSG_FAILURE) {
+	    } else if (pktin.type == SSH_SMSG_FAILURE) {
 		/* may be from EXEC_SHELL on some servers
 		 * if no pty is available or in other odd cases. Ignore */
 	    } else if (pktin.type == SSH_SMSG_EXITSTATUS) {
--- a/win_res.h
+++ b/win_res.h
@ -103,6 +103,7 @@
 #define IDC3_CIPHER3DES	1020
 #define IDC3_CIPHERBLOWF 1021
 #define IDC3_CIPHERDES  1022
+#define IDC3_AUTHTIS    1023

 #define IDC4_MBSTATIC   1001
 #define IDC4_MBWINDOWS  1002
--- a/win_res.rc
+++ b/win_res.rc
@ -167,6 +167,7 @@ BEGIN
    AUTORADIOBUTTON "&3DES", IDC3_CIPHER3DES, 46, 50, 35, 10, WS_GROUP
    AUTORADIOBUTTON "&Blowfish", IDC3_CIPHERBLOWF, 84, 50, 40, 10
    AUTORADIOBUTTON "&DES", IDC3_CIPHERDES, 127, 50, 30, 10
+    AUTOCHECKBOX "Attempt TIS authentication", IDC3_AUTHTIS, 3, 60, 162, 10
 END

 IDD_PANEL4 DIALOG DISCARDABLE 6, 30, 168, 163
--- a/windlg.c
+++ b/windlg.c
@ -146,6 +146,7 @@ static void save_settings (char *section, int do_host) {
    wppi (sesskey, "NoPTY", cfg.nopty);
    wpps (sesskey, "Cipher", cfg.cipher == CIPHER_BLOWFISH ? "blowfish" :
                             cfg.cipher == CIPHER_DES ? "des" : "3des");
+    wppi (sesskey, "AuthTIS", cfg.try_tis_auth);
    wppi (sesskey, "RFCEnviron", cfg.rfc_environ);
    wppi (sesskey, "BackspaceIsDelete", cfg.bksp_is_delete);
    wppi (sesskey, "RXVTHomeEnd", cfg.rxvt_homeend);
@ -275,6 +276,7 @@ static void load_settings (char *section, int do_host) {
 	else
 	    cfg.cipher = CIPHER_3DES;
    }
+    gppi (sesskey, "AuthTIS", 0, &cfg.try_tis_auth);
    gppi (sesskey, "RFCEnviron", 0, &cfg.rfc_environ);
    gppi (sesskey, "BackspaceIsDelete", 1, &cfg.bksp_is_delete);
    gppi (sesskey, "RXVTHomeEnd", 0, &cfg.rxvt_homeend);
@ -896,6 +898,7 @@ static int CALLBACK SshProc (HWND hwnd, UINT msg,
 			  cfg.cipher == CIPHER_DES ? IDC3_CIPHERDES :

 			  IDC3_CIPHER3DES);
+	CheckDlgButton (hwnd, IDC3_AUTHTIS, cfg.try_tis_auth);
 	break;
      case WM_COMMAND:
 	switch (LOWORD(wParam)) {
@ -927,6 +930,11 @@ static int CALLBACK SshProc (HWND hwnd, UINT msg,
 		    cfg.cipher = CIPHER_DES;
 	    }
 	    break;
+	  case IDC3_AUTHTIS:
+	    if (HIWORD(wParam) == BN_CLICKED ||
+		HIWORD(wParam) == BN_DOUBLECLICKED)
+		cfg.try_tis_auth = IsDlgButtonChecked (hwnd, IDC3_AUTHTIS);
+	    break;
 	}
 	break;
    }