mirror of
https://git.tartarus.org/simon/putty.git
synced 2025-01-10 09:58:01 +00:00
Jacob's TIS / CCard authentication tweaks.
[originally from svn r1253]
This commit is contained in:
Simon Tatham
parent
51eeeae237
commit
b12f450964
44
ssh.c
44
ssh.c
@ -1794,6 +1794,7 @@ static int do_ssh1_login(unsigned char *in, int inlen, int ispkt)
|
|||||||
struct MD5Context md5c;
|
struct MD5Context md5c;
|
||||||
static unsigned long supported_ciphers_mask, supported_auths_mask;
|
static unsigned long supported_ciphers_mask, supported_auths_mask;
|
||||||
static int tried_publickey;
|
static int tried_publickey;
|
||||||
|
static int tis_auth_refused, ccard_auth_refused;
|
||||||
static unsigned char session_id[16];
|
static unsigned char session_id[16];
|
||||||
static int cipher_type;
|
static int cipher_type;
|
||||||
static char username[100];
|
static char username[100];
|
||||||
@ -2042,6 +2043,7 @@ static int do_ssh1_login(unsigned char *in, int inlen, int ispkt)
|
|||||||
crWaitUntil(ispkt);
|
crWaitUntil(ispkt);
|
||||||
|
|
||||||
tried_publickey = 0;
|
tried_publickey = 0;
|
||||||
|
tis_auth_refused = ccard_auth_refused = 0;
|
||||||
|
|
||||||
while (pktin.type == SSH1_SMSG_FAILURE) {
|
while (pktin.type == SSH1_SMSG_FAILURE) {
|
||||||
static char password[100];
|
static char password[100];
|
||||||
@ -2049,12 +2051,8 @@ static int do_ssh1_login(unsigned char *in, int inlen, int ispkt)
|
|||||||
static int pos;
|
static int pos;
|
||||||
static char c;
|
static char c;
|
||||||
static int pwpkt_type;
|
static int pwpkt_type;
|
||||||
/*
|
|
||||||
* Show password prompt, having first obtained it via a TIS
|
|
||||||
* or CryptoCard exchange if we're doing TIS or CryptoCard
|
|
||||||
* authentication.
|
|
||||||
*/
|
|
||||||
pwpkt_type = SSH1_CMSG_AUTH_PASSWORD;
|
pwpkt_type = SSH1_CMSG_AUTH_PASSWORD;
|
||||||
|
|
||||||
if (agent_exists()) {
|
if (agent_exists()) {
|
||||||
/*
|
/*
|
||||||
* Attempt RSA authentication using Pageant.
|
* Attempt RSA authentication using Pageant.
|
||||||
@ -2177,9 +2175,9 @@ static int do_ssh1_login(unsigned char *in, int inlen, int ispkt)
|
|||||||
if (*cfg.keyfile && !tried_publickey)
|
if (*cfg.keyfile && !tried_publickey)
|
||||||
pwpkt_type = SSH1_CMSG_AUTH_RSA;
|
pwpkt_type = SSH1_CMSG_AUTH_RSA;
|
||||||
|
|
||||||
if (pktin.type == SSH1_SMSG_FAILURE &&
|
if (cfg.try_tis_auth &&
|
||||||
cfg.try_tis_auth &&
|
(supported_auths_mask & (1 << SSH1_AUTH_TIS)) &&
|
||||||
(supported_auths_mask & (1 << SSH1_AUTH_TIS))) {
|
!tis_auth_refused) {
|
||||||
pwpkt_type = SSH1_CMSG_AUTH_TIS_RESPONSE;
|
pwpkt_type = SSH1_CMSG_AUTH_TIS_RESPONSE;
|
||||||
logevent("Requested TIS authentication");
|
logevent("Requested TIS authentication");
|
||||||
send_packet(SSH1_CMSG_AUTH_TIS, PKT_END);
|
send_packet(SSH1_CMSG_AUTH_TIS, PKT_END);
|
||||||
@ -2188,6 +2186,8 @@ static int do_ssh1_login(unsigned char *in, int inlen, int ispkt)
|
|||||||
logevent("TIS authentication declined");
|
logevent("TIS authentication declined");
|
||||||
if (flags & FLAG_INTERACTIVE)
|
if (flags & FLAG_INTERACTIVE)
|
||||||
c_write_str("TIS authentication refused.\r\n");
|
c_write_str("TIS authentication refused.\r\n");
|
||||||
|
tis_auth_refused = 1;
|
||||||
|
continue;
|
||||||
} else {
|
} else {
|
||||||
int challengelen = ((pktin.body[0] << 24) |
|
int challengelen = ((pktin.body[0] << 24) |
|
||||||
(pktin.body[1] << 16) |
|
(pktin.body[1] << 16) |
|
||||||
@ -2197,12 +2197,17 @@ static int do_ssh1_login(unsigned char *in, int inlen, int ispkt)
|
|||||||
if (challengelen > sizeof(prompt) - 1)
|
if (challengelen > sizeof(prompt) - 1)
|
||||||
challengelen = sizeof(prompt) - 1; /* prevent overrun */
|
challengelen = sizeof(prompt) - 1; /* prevent overrun */
|
||||||
memcpy(prompt, pktin.body + 4, challengelen);
|
memcpy(prompt, pktin.body + 4, challengelen);
|
||||||
prompt[challengelen] = '\0';
|
/* Prompt heuristic comes from OpenSSH */
|
||||||
|
strncpy(prompt + challengelen,
|
||||||
|
memchr(prompt, '\n', challengelen) ?
|
||||||
|
"": "\r\nResponse: ",
|
||||||
|
(sizeof prompt) - challengelen);
|
||||||
|
prompt[(sizeof prompt) - 1] = '\0';
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (pktin.type == SSH1_SMSG_FAILURE &&
|
if (cfg.try_tis_auth &&
|
||||||
cfg.try_tis_auth &&
|
(supported_auths_mask & (1 << SSH1_AUTH_CCARD)) &&
|
||||||
(supported_auths_mask & (1 << SSH1_AUTH_CCARD))) {
|
!ccard_auth_refused) {
|
||||||
pwpkt_type = SSH1_CMSG_AUTH_CCARD_RESPONSE;
|
pwpkt_type = SSH1_CMSG_AUTH_CCARD_RESPONSE;
|
||||||
logevent("Requested CryptoCard authentication");
|
logevent("Requested CryptoCard authentication");
|
||||||
send_packet(SSH1_CMSG_AUTH_CCARD, PKT_END);
|
send_packet(SSH1_CMSG_AUTH_CCARD, PKT_END);
|
||||||
@ -2210,6 +2215,8 @@ static int do_ssh1_login(unsigned char *in, int inlen, int ispkt)
|
|||||||
if (pktin.type != SSH1_SMSG_AUTH_CCARD_CHALLENGE) {
|
if (pktin.type != SSH1_SMSG_AUTH_CCARD_CHALLENGE) {
|
||||||
logevent("CryptoCard authentication declined");
|
logevent("CryptoCard authentication declined");
|
||||||
c_write_str("CryptoCard authentication refused.\r\n");
|
c_write_str("CryptoCard authentication refused.\r\n");
|
||||||
|
ccard_auth_refused = 1;
|
||||||
|
continue;
|
||||||
} else {
|
} else {
|
||||||
int challengelen = ((pktin.body[0] << 24) |
|
int challengelen = ((pktin.body[0] << 24) |
|
||||||
(pktin.body[1] << 16) |
|
(pktin.body[1] << 16) |
|
||||||
@ -2219,7 +2226,9 @@ static int do_ssh1_login(unsigned char *in, int inlen, int ispkt)
|
|||||||
if (challengelen > sizeof(prompt) - 1)
|
if (challengelen > sizeof(prompt) - 1)
|
||||||
challengelen = sizeof(prompt) - 1; /* prevent overrun */
|
challengelen = sizeof(prompt) - 1; /* prevent overrun */
|
||||||
memcpy(prompt, pktin.body + 4, challengelen);
|
memcpy(prompt, pktin.body + 4, challengelen);
|
||||||
strncpy(prompt + challengelen, "\r\nResponse : ",
|
strncpy(prompt + challengelen,
|
||||||
|
memchr(prompt, '\n', challengelen) ?
|
||||||
|
"" : "\r\nResponse: ",
|
||||||
sizeof(prompt) - challengelen);
|
sizeof(prompt) - challengelen);
|
||||||
prompt[sizeof(prompt) - 1] = '\0';
|
prompt[sizeof(prompt) - 1] = '\0';
|
||||||
}
|
}
|
||||||
@ -2241,6 +2250,11 @@ static int do_ssh1_login(unsigned char *in, int inlen, int ispkt)
|
|||||||
sfree(comment);
|
sfree(comment);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Show password prompt, having first obtained it via a TIS
|
||||||
|
* or CryptoCard exchange if we're doing TIS or CryptoCard
|
||||||
|
* authentication.
|
||||||
|
*/
|
||||||
if (ssh_get_line) {
|
if (ssh_get_line) {
|
||||||
if (!ssh_get_line(prompt, password, sizeof(password), TRUE)) {
|
if (!ssh_get_line(prompt, password, sizeof(password), TRUE)) {
|
||||||
/*
|
/*
|
||||||
@ -2256,7 +2270,9 @@ static int do_ssh1_login(unsigned char *in, int inlen, int ispkt)
|
|||||||
crReturn(1);
|
crReturn(1);
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
c_write_str(prompt);
|
/* Prompt may have come from server. We've munged it a bit, so
|
||||||
|
* we know it to be zero-terminated at least once. */
|
||||||
|
c_write_untrusted(prompt, strlen(prompt));
|
||||||
pos = 0;
|
pos = 0;
|
||||||
ssh_send_ok = 1;
|
ssh_send_ok = 1;
|
||||||
while (pos >= 0) {
|
while (pos >= 0) {
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user