mirror of
https://git.tartarus.org/simon/putty.git
synced 2025-01-10 09:58:01 +00:00
The authentication diagnostics in SSH2 should now be better.
Additionally, the ability to switch usernames if you mistype the first one has been restored (although it didn't actually work because OpenSSH didn't feel like playing; patch submitted :-). [originally from svn r975]
This commit is contained in:
parent
146b5f5f6e
commit
deccfaa3ef
659
ssh.c
659
ssh.c
@ -348,6 +348,10 @@ static void c_write (char *buf, int len) {
|
|||||||
from_backend(1, buf, len);
|
from_backend(1, buf, len);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static void c_write_str (char *buf) {
|
||||||
|
c_write(buf, strlen(buf));
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Collect incoming data in the incoming packet buffer.
|
* Collect incoming data in the incoming packet buffer.
|
||||||
* Decipher and verify the packet when it is completely read.
|
* Decipher and verify the packet when it is completely read.
|
||||||
@ -1394,12 +1398,12 @@ static int do_ssh1_login(unsigned char *in, int inlen, int ispkt)
|
|||||||
case CIPHER_DES: cipher_type = SSH_CIPHER_DES; break;
|
case CIPHER_DES: cipher_type = SSH_CIPHER_DES; break;
|
||||||
case CIPHER_3DES: cipher_type = SSH_CIPHER_3DES; break;
|
case CIPHER_3DES: cipher_type = SSH_CIPHER_3DES; break;
|
||||||
case CIPHER_AES:
|
case CIPHER_AES:
|
||||||
c_write("AES not supported in SSH1, falling back to 3DES\r\n", 49);
|
c_write_str("AES not supported in SSH1, falling back to 3DES\r\n");
|
||||||
cipher_type = SSH_CIPHER_3DES;
|
cipher_type = SSH_CIPHER_3DES;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
if ((supported_ciphers_mask & (1 << cipher_type)) == 0) {
|
if ((supported_ciphers_mask & (1 << cipher_type)) == 0) {
|
||||||
c_write("Selected cipher not supported, falling back to 3DES\r\n", 53);
|
c_write_str("Selected cipher not supported, falling back to 3DES\r\n");
|
||||||
cipher_type = SSH_CIPHER_3DES;
|
cipher_type = SSH_CIPHER_3DES;
|
||||||
}
|
}
|
||||||
switch (cipher_type) {
|
switch (cipher_type) {
|
||||||
@ -1439,7 +1443,7 @@ static int do_ssh1_login(unsigned char *in, int inlen, int ispkt)
|
|||||||
static int pos = 0;
|
static int pos = 0;
|
||||||
static char c;
|
static char c;
|
||||||
if ((flags & FLAG_INTERACTIVE) && !*cfg.username) {
|
if ((flags & FLAG_INTERACTIVE) && !*cfg.username) {
|
||||||
c_write("login as: ", 10);
|
c_write_str("login as: ");
|
||||||
ssh_send_ok = 1;
|
ssh_send_ok = 1;
|
||||||
while (pos >= 0) {
|
while (pos >= 0) {
|
||||||
crWaitUntil(!ispkt);
|
crWaitUntil(!ispkt);
|
||||||
@ -1450,13 +1454,13 @@ static int do_ssh1_login(unsigned char *in, int inlen, int ispkt)
|
|||||||
break;
|
break;
|
||||||
case 8: case 127:
|
case 8: case 127:
|
||||||
if (pos > 0) {
|
if (pos > 0) {
|
||||||
c_write("\b \b", 3);
|
c_write_str("\b \b");
|
||||||
pos--;
|
pos--;
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 21: case 27:
|
case 21: case 27:
|
||||||
while (pos > 0) {
|
while (pos > 0) {
|
||||||
c_write("\b \b", 3);
|
c_write_str("\b \b");
|
||||||
pos--;
|
pos--;
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
@ -1473,7 +1477,7 @@ static int do_ssh1_login(unsigned char *in, int inlen, int ispkt)
|
|||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
c_write("\r\n", 2);
|
c_write_str("\r\n");
|
||||||
username[strcspn(username, "\n\r")] = '\0';
|
username[strcspn(username, "\n\r")] = '\0';
|
||||||
} else {
|
} else {
|
||||||
strncpy(username, cfg.username, 99);
|
strncpy(username, cfg.username, 99);
|
||||||
@ -1488,7 +1492,7 @@ static int do_ssh1_login(unsigned char *in, int inlen, int ispkt)
|
|||||||
if (flags & FLAG_INTERACTIVE &&
|
if (flags & FLAG_INTERACTIVE &&
|
||||||
(!((flags & FLAG_STDERR) && (flags & FLAG_VERBOSE)))) {
|
(!((flags & FLAG_STDERR) && (flags & FLAG_VERBOSE)))) {
|
||||||
strcat(userlog, "\r\n");
|
strcat(userlog, "\r\n");
|
||||||
c_write(userlog, strlen(userlog));
|
c_write_str(userlog);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -1585,10 +1589,9 @@ static int do_ssh1_login(unsigned char *in, int inlen, int ispkt)
|
|||||||
if (pktin.type == SSH1_SMSG_SUCCESS) {
|
if (pktin.type == SSH1_SMSG_SUCCESS) {
|
||||||
logevent("Pageant's response accepted");
|
logevent("Pageant's response accepted");
|
||||||
if (flags & FLAG_VERBOSE) {
|
if (flags & FLAG_VERBOSE) {
|
||||||
c_write("Authenticated using RSA key \"",
|
c_write_str("Authenticated using RSA key \"");
|
||||||
29);
|
|
||||||
c_write(commentp, commentlen);
|
c_write(commentp, commentlen);
|
||||||
c_write("\" from agent\r\n", 14);
|
c_write_str("\" from agent\r\n");
|
||||||
}
|
}
|
||||||
authed = TRUE;
|
authed = TRUE;
|
||||||
} else
|
} else
|
||||||
@ -1624,7 +1627,7 @@ static int do_ssh1_login(unsigned char *in, int inlen, int ispkt)
|
|||||||
if (pktin.type != SSH1_SMSG_AUTH_TIS_CHALLENGE) {
|
if (pktin.type != SSH1_SMSG_AUTH_TIS_CHALLENGE) {
|
||||||
logevent("TIS authentication declined");
|
logevent("TIS authentication declined");
|
||||||
if (flags & FLAG_INTERACTIVE)
|
if (flags & FLAG_INTERACTIVE)
|
||||||
c_write("TIS authentication refused.\r\n", 29);
|
c_write_str("TIS authentication refused.\r\n");
|
||||||
} else {
|
} else {
|
||||||
int challengelen = ((pktin.body[0] << 24) |
|
int challengelen = ((pktin.body[0] << 24) |
|
||||||
(pktin.body[1] << 16) |
|
(pktin.body[1] << 16) |
|
||||||
@ -1646,7 +1649,7 @@ static int do_ssh1_login(unsigned char *in, int inlen, int ispkt)
|
|||||||
crWaitUntil(ispkt);
|
crWaitUntil(ispkt);
|
||||||
if (pktin.type != SSH1_SMSG_AUTH_CCARD_CHALLENGE) {
|
if (pktin.type != SSH1_SMSG_AUTH_CCARD_CHALLENGE) {
|
||||||
logevent("CryptoCard authentication declined");
|
logevent("CryptoCard authentication declined");
|
||||||
c_write("CryptoCard authentication refused.\r\n", 29);
|
c_write_str("CryptoCard authentication refused.\r\n");
|
||||||
} else {
|
} else {
|
||||||
int challengelen = ((pktin.body[0] << 24) |
|
int challengelen = ((pktin.body[0] << 24) |
|
||||||
(pktin.body[1] << 16) |
|
(pktin.body[1] << 16) |
|
||||||
@ -1668,10 +1671,10 @@ static int do_ssh1_login(unsigned char *in, int inlen, int ispkt)
|
|||||||
if (pwpkt_type == SSH1_CMSG_AUTH_RSA) {
|
if (pwpkt_type == SSH1_CMSG_AUTH_RSA) {
|
||||||
char *comment = NULL;
|
char *comment = NULL;
|
||||||
if (flags & FLAG_VERBOSE)
|
if (flags & FLAG_VERBOSE)
|
||||||
c_write("Trying public key authentication.\r\n", 35);
|
c_write_str("Trying public key authentication.\r\n");
|
||||||
if (!rsakey_encrypted(cfg.keyfile, &comment)) {
|
if (!rsakey_encrypted(cfg.keyfile, &comment)) {
|
||||||
if (flags & FLAG_VERBOSE)
|
if (flags & FLAG_VERBOSE)
|
||||||
c_write("No passphrase required.\r\n", 25);
|
c_write_str("No passphrase required.\r\n");
|
||||||
goto tryauth;
|
goto tryauth;
|
||||||
}
|
}
|
||||||
sprintf(prompt, "Passphrase for key \"%.100s\": ", comment);
|
sprintf(prompt, "Passphrase for key \"%.100s\": ", comment);
|
||||||
@ -1691,7 +1694,7 @@ static int do_ssh1_login(unsigned char *in, int inlen, int ispkt)
|
|||||||
crReturn(1);
|
crReturn(1);
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
c_write(prompt, strlen(prompt));
|
c_write_str(prompt);
|
||||||
pos = 0;
|
pos = 0;
|
||||||
ssh_send_ok = 1;
|
ssh_send_ok = 1;
|
||||||
while (pos >= 0) {
|
while (pos >= 0) {
|
||||||
@ -1719,7 +1722,7 @@ static int do_ssh1_login(unsigned char *in, int inlen, int ispkt)
|
|||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
c_write("\r\n", 2);
|
c_write_str("\r\n");
|
||||||
}
|
}
|
||||||
|
|
||||||
tryauth:
|
tryauth:
|
||||||
@ -1736,13 +1739,13 @@ static int do_ssh1_login(unsigned char *in, int inlen, int ispkt)
|
|||||||
tried_publickey = 1;
|
tried_publickey = 1;
|
||||||
i = loadrsakey(cfg.keyfile, &pubkey, password);
|
i = loadrsakey(cfg.keyfile, &pubkey, password);
|
||||||
if (i == 0) {
|
if (i == 0) {
|
||||||
c_write("Couldn't load public key from ", 30);
|
c_write_str("Couldn't load public key from ");
|
||||||
c_write(cfg.keyfile, strlen(cfg.keyfile));
|
c_write_str(cfg.keyfile);
|
||||||
c_write(".\r\n", 3);
|
c_write_str(".\r\n");
|
||||||
continue; /* go and try password */
|
continue; /* go and try password */
|
||||||
}
|
}
|
||||||
if (i == -1) {
|
if (i == -1) {
|
||||||
c_write("Wrong passphrase.\r\n", 19);
|
c_write_str("Wrong passphrase.\r\n");
|
||||||
tried_publickey = 0;
|
tried_publickey = 0;
|
||||||
continue; /* try again */
|
continue; /* try again */
|
||||||
}
|
}
|
||||||
@ -1755,7 +1758,7 @@ static int do_ssh1_login(unsigned char *in, int inlen, int ispkt)
|
|||||||
|
|
||||||
crWaitUntil(ispkt);
|
crWaitUntil(ispkt);
|
||||||
if (pktin.type == SSH1_SMSG_FAILURE) {
|
if (pktin.type == SSH1_SMSG_FAILURE) {
|
||||||
c_write("Server refused our public key.\r\n", 32);
|
c_write_str("Server refused our public key.\r\n");
|
||||||
continue; /* go and try password */
|
continue; /* go and try password */
|
||||||
}
|
}
|
||||||
if (pktin.type != SSH1_SMSG_AUTH_RSA_CHALLENGE) {
|
if (pktin.type != SSH1_SMSG_AUTH_RSA_CHALLENGE) {
|
||||||
@ -1781,8 +1784,7 @@ static int do_ssh1_login(unsigned char *in, int inlen, int ispkt)
|
|||||||
crWaitUntil(ispkt);
|
crWaitUntil(ispkt);
|
||||||
if (pktin.type == SSH1_SMSG_FAILURE) {
|
if (pktin.type == SSH1_SMSG_FAILURE) {
|
||||||
if (flags & FLAG_VERBOSE)
|
if (flags & FLAG_VERBOSE)
|
||||||
c_write("Failed to authenticate with our public key.\r\n",
|
c_write_str("Failed to authenticate with our public key.\r\n");
|
||||||
45);
|
|
||||||
continue; /* go and try password */
|
continue; /* go and try password */
|
||||||
} else if (pktin.type != SSH1_SMSG_SUCCESS) {
|
} else if (pktin.type != SSH1_SMSG_SUCCESS) {
|
||||||
bombout(("Bizarre response to RSA authentication response"));
|
bombout(("Bizarre response to RSA authentication response"));
|
||||||
@ -1798,7 +1800,7 @@ static int do_ssh1_login(unsigned char *in, int inlen, int ispkt)
|
|||||||
crWaitUntil(ispkt);
|
crWaitUntil(ispkt);
|
||||||
if (pktin.type == SSH1_SMSG_FAILURE) {
|
if (pktin.type == SSH1_SMSG_FAILURE) {
|
||||||
if (flags & FLAG_VERBOSE)
|
if (flags & FLAG_VERBOSE)
|
||||||
c_write("Access denied\r\n", 15);
|
c_write_str("Access denied\r\n");
|
||||||
logevent("Authentication refused");
|
logevent("Authentication refused");
|
||||||
} else if (pktin.type == SSH1_MSG_DISCONNECT) {
|
} else if (pktin.type == SSH1_MSG_DISCONNECT) {
|
||||||
logevent("Received disconnect request");
|
logevent("Received disconnect request");
|
||||||
@ -1904,7 +1906,7 @@ static void ssh1_protocol(unsigned char *in, int inlen, int ispkt) {
|
|||||||
bombout(("Protocol confusion"));
|
bombout(("Protocol confusion"));
|
||||||
crReturnV;
|
crReturnV;
|
||||||
} else if (pktin.type == SSH1_SMSG_FAILURE) {
|
} else if (pktin.type == SSH1_SMSG_FAILURE) {
|
||||||
c_write("Server refused to allocate pty\r\n", 32);
|
c_write_str("Server refused to allocate pty\r\n");
|
||||||
ssh_editing = ssh_echoing = 1;
|
ssh_editing = ssh_echoing = 1;
|
||||||
}
|
}
|
||||||
logevent("Allocated pty");
|
logevent("Allocated pty");
|
||||||
@ -1919,7 +1921,7 @@ static void ssh1_protocol(unsigned char *in, int inlen, int ispkt) {
|
|||||||
bombout(("Protocol confusion"));
|
bombout(("Protocol confusion"));
|
||||||
crReturnV;
|
crReturnV;
|
||||||
} else if (pktin.type == SSH1_SMSG_FAILURE) {
|
} else if (pktin.type == SSH1_SMSG_FAILURE) {
|
||||||
c_write("Server refused to compress\r\n", 32);
|
c_write_str("Server refused to compress\r\n");
|
||||||
}
|
}
|
||||||
logevent("Started compression");
|
logevent("Started compression");
|
||||||
ssh1_compressing = TRUE;
|
ssh1_compressing = TRUE;
|
||||||
@ -2629,7 +2631,15 @@ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt)
|
|||||||
static enum {
|
static enum {
|
||||||
AUTH_INVALID, AUTH_PUBLICKEY_AGENT, AUTH_PUBLICKEY_FILE, AUTH_PASSWORD
|
AUTH_INVALID, AUTH_PUBLICKEY_AGENT, AUTH_PUBLICKEY_FILE, AUTH_PASSWORD
|
||||||
} method;
|
} method;
|
||||||
|
static enum {
|
||||||
|
AUTH_TYPE_NONE,
|
||||||
|
AUTH_TYPE_PUBLICKEY,
|
||||||
|
AUTH_TYPE_PUBLICKEY_OFFER_LOUD,
|
||||||
|
AUTH_TYPE_PUBLICKEY_OFFER_QUIET,
|
||||||
|
AUTH_TYPE_PASSWORD
|
||||||
|
} type;
|
||||||
static int gotit, need_pw, can_pubkey, can_passwd, tried_pubkey_config;
|
static int gotit, need_pw, can_pubkey, can_passwd, tried_pubkey_config;
|
||||||
|
static int we_are_in;
|
||||||
static char username[100];
|
static char username[100];
|
||||||
static char pwprompt[200];
|
static char pwprompt[200];
|
||||||
static char password[100];
|
static char password[100];
|
||||||
@ -2649,14 +2659,39 @@ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt)
|
|||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Get a username.
|
* We repeat this whole loop, including the username prompt,
|
||||||
|
* until we manage a successful authentication. If the user
|
||||||
|
* types the wrong _password_, they are sent back to the
|
||||||
|
* beginning to try another username. (If they specify a
|
||||||
|
* username in the config, they are never asked, even if they
|
||||||
|
* do give a wrong password.)
|
||||||
|
*
|
||||||
|
* I think this best serves the needs of
|
||||||
|
*
|
||||||
|
* - the people who have no configuration, no keys, and just
|
||||||
|
* want to try repeated (username,password) pairs until they
|
||||||
|
* type both correctly
|
||||||
|
*
|
||||||
|
* - people who have keys and configuration but occasionally
|
||||||
|
* need to fall back to passwords
|
||||||
|
*
|
||||||
|
* - people with a key held in Pageant, who might not have
|
||||||
|
* logged in to a particular machine before; so they want to
|
||||||
|
* type a username, and then _either_ their key will be
|
||||||
|
* accepted, _or_ they will type a password. If they mistype
|
||||||
|
* the username they will want to be able to get back and
|
||||||
|
* retype it!
|
||||||
*/
|
*/
|
||||||
{
|
do {
|
||||||
static int pos = 0;
|
static int pos;
|
||||||
static char c;
|
static char c;
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Get a username.
|
||||||
|
*/
|
||||||
|
pos = 0;
|
||||||
if ((flags & FLAG_INTERACTIVE) && !*cfg.username) {
|
if ((flags & FLAG_INTERACTIVE) && !*cfg.username) {
|
||||||
c_write("login as: ", 10);
|
c_write_str("login as: ");
|
||||||
ssh_send_ok = 1;
|
ssh_send_ok = 1;
|
||||||
while (pos >= 0) {
|
while (pos >= 0) {
|
||||||
crWaitUntilV(!ispkt);
|
crWaitUntilV(!ispkt);
|
||||||
@ -2667,13 +2702,13 @@ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt)
|
|||||||
break;
|
break;
|
||||||
case 8: case 127:
|
case 8: case 127:
|
||||||
if (pos > 0) {
|
if (pos > 0) {
|
||||||
c_write("\b \b", 3);
|
c_write_str("\b \b");
|
||||||
pos--;
|
pos--;
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 21: case 27:
|
case 21: case 27:
|
||||||
while (pos > 0) {
|
while (pos > 0) {
|
||||||
c_write("\b \b", 3);
|
c_write_str("\b \b");
|
||||||
pos--;
|
pos--;
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
@ -2690,7 +2725,7 @@ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt)
|
|||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
c_write("\r\n", 2);
|
c_write_str("\r\n");
|
||||||
username[strcspn(username, "\n\r")] = '\0';
|
username[strcspn(username, "\n\r")] = '\0';
|
||||||
} else {
|
} else {
|
||||||
char stuff[200];
|
char stuff[200];
|
||||||
@ -2698,295 +2733,333 @@ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt)
|
|||||||
username[99] = '\0';
|
username[99] = '\0';
|
||||||
if ((flags & FLAG_VERBOSE) || (flags & FLAG_INTERACTIVE)) {
|
if ((flags & FLAG_VERBOSE) || (flags & FLAG_INTERACTIVE)) {
|
||||||
sprintf(stuff, "Using username \"%s\".\r\n", username);
|
sprintf(stuff, "Using username \"%s\".\r\n", username);
|
||||||
c_write(stuff, strlen(stuff));
|
c_write_str(stuff);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Send an authentication request using method "none": (a)
|
|
||||||
* just in case it succeeds, and (b) so that we know what
|
|
||||||
* authentication methods we can usefully try next.
|
|
||||||
*/
|
|
||||||
ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
|
|
||||||
ssh2_pkt_addstring(username);
|
|
||||||
ssh2_pkt_addstring("ssh-connection"); /* service requested */
|
|
||||||
ssh2_pkt_addstring("none"); /* method */
|
|
||||||
ssh2_pkt_send();
|
|
||||||
logevent("Attempting null authentication");
|
|
||||||
gotit = FALSE;
|
|
||||||
|
|
||||||
while (1) {
|
|
||||||
/*
|
/*
|
||||||
* Wait for the result of the last authentication request.
|
* Send an authentication request using method "none": (a)
|
||||||
|
* just in case it succeeds, and (b) so that we know what
|
||||||
|
* authentication methods we can usefully try next.
|
||||||
*/
|
*/
|
||||||
if (!gotit)
|
ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
|
||||||
crWaitUntilV(ispkt);
|
ssh2_pkt_addstring(username);
|
||||||
while (pktin.type == SSH2_MSG_USERAUTH_BANNER) {
|
ssh2_pkt_addstring("ssh-connection"); /* service requested */
|
||||||
/* FIXME: should support this */
|
ssh2_pkt_addstring("none"); /* method */
|
||||||
crWaitUntilV(ispkt);
|
ssh2_pkt_send();
|
||||||
}
|
type = AUTH_TYPE_NONE;
|
||||||
if (pktin.type == SSH2_MSG_USERAUTH_SUCCESS) {
|
|
||||||
logevent("Access granted");
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (pktin.type != SSH2_MSG_USERAUTH_FAILURE) {
|
|
||||||
bombout(("Strange packet received during authentication: type %d",
|
|
||||||
pktin.type));
|
|
||||||
}
|
|
||||||
|
|
||||||
gotit = FALSE;
|
gotit = FALSE;
|
||||||
|
we_are_in = FALSE;
|
||||||
|
|
||||||
/*
|
tried_pubkey_config = FALSE;
|
||||||
* OK, we're now sitting on a USERAUTH_FAILURE message, so
|
|
||||||
* we can look at the string in it and know what we can
|
|
||||||
* helpfully try next.
|
|
||||||
*/
|
|
||||||
{
|
|
||||||
char *methods;
|
|
||||||
int methlen;
|
|
||||||
ssh2_pkt_getstring(&methods, &methlen);
|
|
||||||
if (!ssh2_pkt_getbool()) {
|
|
||||||
/*
|
|
||||||
* FIXME: these messages are often inappropriate.
|
|
||||||
*/
|
|
||||||
c_write("Access denied\r\n", 15);
|
|
||||||
logevent("Access denied");
|
|
||||||
} else {
|
|
||||||
c_write("Authentication partially successful\r\n", 37);
|
|
||||||
logevent("Authentication partially successful");
|
|
||||||
}
|
|
||||||
|
|
||||||
can_pubkey = in_commasep_string("publickey", methods, methlen);
|
|
||||||
can_passwd = in_commasep_string("password", methods, methlen);
|
|
||||||
}
|
|
||||||
|
|
||||||
method = 0;
|
|
||||||
|
|
||||||
if (!method && can_pubkey && *cfg.keyfile && !tried_pubkey_config) {
|
|
||||||
unsigned char *pub_blob;
|
|
||||||
char *algorithm, *comment;
|
|
||||||
int pub_blob_len;
|
|
||||||
|
|
||||||
tried_pubkey_config = TRUE;
|
|
||||||
|
|
||||||
|
while (1) {
|
||||||
/*
|
/*
|
||||||
* Try the public key supplied in the configuration.
|
* Wait for the result of the last authentication request.
|
||||||
*
|
|
||||||
* First, offer the public blob to see if the server is
|
|
||||||
* willing to accept it.
|
|
||||||
*/
|
*/
|
||||||
pub_blob = ssh2_userkey_loadpub(cfg.keyfile, &algorithm,
|
if (!gotit)
|
||||||
&pub_blob_len);
|
crWaitUntilV(ispkt);
|
||||||
if (pub_blob) {
|
while (pktin.type == SSH2_MSG_USERAUTH_BANNER) {
|
||||||
ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
|
/* FIXME: should support this */
|
||||||
ssh2_pkt_addstring(username);
|
|
||||||
ssh2_pkt_addstring("ssh-connection"); /* service requested */
|
|
||||||
ssh2_pkt_addstring("publickey");/* method */
|
|
||||||
ssh2_pkt_addbool(FALSE); /* no signature included */
|
|
||||||
ssh2_pkt_addstring(algorithm);
|
|
||||||
ssh2_pkt_addstring_start();
|
|
||||||
ssh2_pkt_addstring_data(pub_blob, pub_blob_len);
|
|
||||||
ssh2_pkt_send();
|
|
||||||
logevent("Offered public key"); /* FIXME */
|
|
||||||
|
|
||||||
crWaitUntilV(ispkt);
|
crWaitUntilV(ispkt);
|
||||||
if (pktin.type != SSH2_MSG_USERAUTH_PK_OK) {
|
|
||||||
gotit = TRUE;
|
|
||||||
continue; /* key refused; give up on it */
|
|
||||||
}
|
|
||||||
|
|
||||||
logevent("Offer of public key accepted");
|
|
||||||
/*
|
|
||||||
* Actually attempt a serious authentication using
|
|
||||||
* the key.
|
|
||||||
*/
|
|
||||||
if (ssh2_userkey_encrypted(cfg.keyfile, &comment)) {
|
|
||||||
sprintf(pwprompt, "Passphrase for key \"%.100s\": ", comment);
|
|
||||||
need_pw = TRUE;
|
|
||||||
} else {
|
|
||||||
need_pw = FALSE;
|
|
||||||
}
|
|
||||||
method = AUTH_PUBLICKEY_FILE;
|
|
||||||
}
|
}
|
||||||
}
|
if (pktin.type == SSH2_MSG_USERAUTH_SUCCESS) {
|
||||||
|
logevent("Access granted");
|
||||||
|
we_are_in = TRUE;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
if (!method && can_passwd) {
|
if (pktin.type != SSH2_MSG_USERAUTH_FAILURE) {
|
||||||
method = AUTH_PASSWORD;
|
bombout(("Strange packet received during authentication: type %d",
|
||||||
sprintf(pwprompt, "%.90s@%.90s's password: ", username, savedhost);
|
pktin.type));
|
||||||
need_pw = TRUE;
|
}
|
||||||
}
|
|
||||||
|
|
||||||
if (need_pw) {
|
gotit = FALSE;
|
||||||
if (ssh_get_password) {
|
|
||||||
if (!ssh_get_password(pwprompt, password, sizeof(password))) {
|
/*
|
||||||
|
* OK, we're now sitting on a USERAUTH_FAILURE message, so
|
||||||
|
* we can look at the string in it and know what we can
|
||||||
|
* helpfully try next.
|
||||||
|
*/
|
||||||
|
{
|
||||||
|
char *methods;
|
||||||
|
int methlen;
|
||||||
|
ssh2_pkt_getstring(&methods, &methlen);
|
||||||
|
if (!ssh2_pkt_getbool()) {
|
||||||
/*
|
/*
|
||||||
* get_password failed to get a password (for
|
* We have received an unequivocal Access
|
||||||
* example because one was supplied on the command
|
* Denied. This can translate to a variety of
|
||||||
* line which has already failed to work).
|
* messages:
|
||||||
* Terminate.
|
*
|
||||||
|
* - if we'd just tried "none" authentication,
|
||||||
|
* it's not worth printing anything at all
|
||||||
|
*
|
||||||
|
* - if we'd just tried a public key _offer_,
|
||||||
|
* the message should be "Server refused our
|
||||||
|
* key" (or no message at all if the key
|
||||||
|
* came from Pageant)
|
||||||
|
*
|
||||||
|
* - if we'd just tried anything else, the
|
||||||
|
* message really should be "Access denied".
|
||||||
|
*
|
||||||
|
* Additionally, if we'd just tried password
|
||||||
|
* authentication, we should break out of this
|
||||||
|
* whole loop so as to go back to the username
|
||||||
|
* prompt.
|
||||||
*/
|
*/
|
||||||
logevent("No more passwords to try");
|
if (type == AUTH_TYPE_NONE) {
|
||||||
ssh_state = SSH_STATE_CLOSED;
|
/* do nothing */
|
||||||
crReturnV;
|
} else if (type == AUTH_TYPE_PUBLICKEY_OFFER_LOUD ||
|
||||||
}
|
type == AUTH_TYPE_PUBLICKEY_OFFER_QUIET) {
|
||||||
} else {
|
if (type == AUTH_TYPE_PUBLICKEY_OFFER_LOUD)
|
||||||
static int pos = 0;
|
c_write_str("Server refused our key\r\n");
|
||||||
static char c;
|
logevent("Server refused public key");
|
||||||
|
} else {
|
||||||
c_write(pwprompt, strlen(pwprompt));
|
c_write_str("Access denied\r\n");
|
||||||
ssh_send_ok = 1;
|
logevent("Access denied");
|
||||||
|
if (type == AUTH_TYPE_PASSWORD) {
|
||||||
pos = 0;
|
we_are_in = FALSE;
|
||||||
while (pos >= 0) {
|
break;
|
||||||
crWaitUntilV(!ispkt);
|
}
|
||||||
while (inlen--) switch (c = *in++) {
|
|
||||||
case 10: case 13:
|
|
||||||
password[pos] = 0;
|
|
||||||
pos = -1;
|
|
||||||
break;
|
|
||||||
case 8: case 127:
|
|
||||||
if (pos > 0)
|
|
||||||
pos--;
|
|
||||||
break;
|
|
||||||
case 21: case 27:
|
|
||||||
pos = 0;
|
|
||||||
break;
|
|
||||||
case 3: case 4:
|
|
||||||
random_save_seed();
|
|
||||||
exit(0);
|
|
||||||
break;
|
|
||||||
default:
|
|
||||||
if (((c >= ' ' && c <= '~') ||
|
|
||||||
((unsigned char)c >= 160)) && pos < 40)
|
|
||||||
password[pos++] = c;
|
|
||||||
break;
|
|
||||||
}
|
}
|
||||||
|
} else {
|
||||||
|
c_write_str("Further authentication required\r\n");
|
||||||
|
logevent("Further authentication required");
|
||||||
}
|
}
|
||||||
c_write("\r\n", 2);
|
|
||||||
|
can_pubkey = in_commasep_string("publickey", methods, methlen);
|
||||||
|
can_passwd = in_commasep_string("password", methods, methlen);
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
if (method == AUTH_PUBLICKEY_FILE) {
|
method = 0;
|
||||||
/*
|
|
||||||
* We have our passphrase. Now try the actual authentication.
|
if (!method && can_pubkey && *cfg.keyfile && !tried_pubkey_config) {
|
||||||
*/
|
unsigned char *pub_blob;
|
||||||
struct ssh2_userkey *key;
|
char *algorithm, *comment;
|
||||||
|
int pub_blob_len;
|
||||||
|
|
||||||
key = ssh2_load_userkey(cfg.keyfile, password);
|
|
||||||
if (key == SSH2_WRONG_PASSPHRASE) {
|
|
||||||
c_write("Wrong passphrase\r\n", 18);
|
|
||||||
tried_pubkey_config = FALSE;
|
|
||||||
/* Send a spurious AUTH_NONE to return to the top. */
|
|
||||||
ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
|
|
||||||
ssh2_pkt_addstring(username);
|
|
||||||
ssh2_pkt_addstring("ssh-connection"); /* service requested */
|
|
||||||
ssh2_pkt_addstring("none"); /* method */
|
|
||||||
ssh2_pkt_send();
|
|
||||||
} else if (key == NULL) {
|
|
||||||
c_write("Unable to load private key\r\n",28);
|
|
||||||
tried_pubkey_config = TRUE;
|
tried_pubkey_config = TRUE;
|
||||||
/* Send a spurious AUTH_NONE to return to the top. */
|
|
||||||
ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
|
|
||||||
ssh2_pkt_addstring(username);
|
|
||||||
ssh2_pkt_addstring("ssh-connection"); /* service requested */
|
|
||||||
ssh2_pkt_addstring("none"); /* method */
|
|
||||||
ssh2_pkt_send();
|
|
||||||
} else {
|
|
||||||
unsigned char *blob, *sigdata;
|
|
||||||
int blob_len, sigdata_len;
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* We have loaded the private key and the server
|
* Try the public key supplied in the configuration.
|
||||||
* has announced that it's willing to accept it.
|
*
|
||||||
* Hallelujah. Generate a signature and send it.
|
* First, offer the public blob to see if the server is
|
||||||
|
* willing to accept it.
|
||||||
*/
|
*/
|
||||||
ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
|
pub_blob = ssh2_userkey_loadpub(cfg.keyfile, &algorithm,
|
||||||
ssh2_pkt_addstring(username);
|
&pub_blob_len);
|
||||||
ssh2_pkt_addstring("ssh-connection"); /* service requested */
|
if (pub_blob) {
|
||||||
ssh2_pkt_addstring("publickey"); /* method */
|
ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
|
||||||
ssh2_pkt_addbool(TRUE);
|
ssh2_pkt_addstring(username);
|
||||||
ssh2_pkt_addstring(key->alg->name);
|
ssh2_pkt_addstring("ssh-connection"); /* service requested */
|
||||||
blob = key->alg->public_blob(key->data, &blob_len);
|
ssh2_pkt_addstring("publickey");/* method */
|
||||||
ssh2_pkt_addstring_start();
|
ssh2_pkt_addbool(FALSE); /* no signature included */
|
||||||
ssh2_pkt_addstring_data(blob, blob_len);
|
ssh2_pkt_addstring(algorithm);
|
||||||
sfree(blob);
|
ssh2_pkt_addstring_start();
|
||||||
|
ssh2_pkt_addstring_data(pub_blob, pub_blob_len);
|
||||||
|
ssh2_pkt_send();
|
||||||
|
logevent("Offered public key"); /* FIXME */
|
||||||
|
|
||||||
/*
|
crWaitUntilV(ispkt);
|
||||||
* The data to be signed is:
|
if (pktin.type != SSH2_MSG_USERAUTH_PK_OK) {
|
||||||
*
|
gotit = TRUE;
|
||||||
* string session-id
|
type = AUTH_TYPE_PUBLICKEY_OFFER_LOUD;
|
||||||
*
|
continue; /* key refused; give up on it */
|
||||||
* followed by everything so far placed in the
|
|
||||||
* outgoing packet.
|
|
||||||
*/
|
|
||||||
sigdata_len = pktout.length - 5 + 4 + 20;
|
|
||||||
sigdata = smalloc(sigdata_len);
|
|
||||||
PUT_32BIT(sigdata, 20);
|
|
||||||
memcpy(sigdata+4, ssh2_session_id, 20);
|
|
||||||
memcpy(sigdata+24, pktout.data+5, pktout.length-5);
|
|
||||||
blob = key->alg->sign(key->data, sigdata, sigdata_len, &blob_len);
|
|
||||||
ssh2_pkt_addstring_start();
|
|
||||||
ssh2_pkt_addstring_data(blob, blob_len);
|
|
||||||
sfree(blob);
|
|
||||||
sfree(sigdata);
|
|
||||||
|
|
||||||
ssh2_pkt_send();
|
|
||||||
}
|
|
||||||
} else if (method == AUTH_PASSWORD) {
|
|
||||||
/*
|
|
||||||
* We send the password packet lumped tightly together with
|
|
||||||
* an SSH_MSG_IGNORE packet. The IGNORE packet contains a
|
|
||||||
* string long enough to make the total length of the two
|
|
||||||
* packets constant. This should ensure that a passive
|
|
||||||
* listener doing traffic analyis can't work out the length
|
|
||||||
* of the password.
|
|
||||||
*
|
|
||||||
* For this to work, we need an assumption about the
|
|
||||||
* maximum length of the password packet. I think 256 is
|
|
||||||
* pretty conservative. Anyone using a password longer than
|
|
||||||
* that probably doesn't have much to worry about from
|
|
||||||
* people who find out how long their password is!
|
|
||||||
*/
|
|
||||||
ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
|
|
||||||
ssh2_pkt_addstring(username);
|
|
||||||
ssh2_pkt_addstring("ssh-connection"); /* service requested */
|
|
||||||
ssh2_pkt_addstring("password");
|
|
||||||
ssh2_pkt_addbool(FALSE);
|
|
||||||
ssh2_pkt_addstring(password);
|
|
||||||
ssh2_pkt_defer();
|
|
||||||
/*
|
|
||||||
* We'll include a string that's an exact multiple of the
|
|
||||||
* cipher block size. If the cipher is NULL for some
|
|
||||||
* reason, we don't do this trick at all because we gain
|
|
||||||
* nothing by it.
|
|
||||||
*/
|
|
||||||
if (cscipher) {
|
|
||||||
int i, j;
|
|
||||||
ssh2_pkt_init(SSH2_MSG_IGNORE);
|
|
||||||
ssh2_pkt_addstring_start();
|
|
||||||
for (i = deferred_len; i <= 256; i += cscipher->blksize) {
|
|
||||||
for (j = 0; j < cscipher->blksize; j++) {
|
|
||||||
char c = (char)random_byte();
|
|
||||||
ssh2_pkt_addstring_data(&c, 1);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
logevent("Offer of public key accepted");
|
||||||
|
/*
|
||||||
|
* Actually attempt a serious authentication using
|
||||||
|
* the key.
|
||||||
|
*/
|
||||||
|
if (ssh2_userkey_encrypted(cfg.keyfile, &comment)) {
|
||||||
|
sprintf(pwprompt, "Passphrase for key \"%.100s\": ", comment);
|
||||||
|
need_pw = TRUE;
|
||||||
|
} else {
|
||||||
|
need_pw = FALSE;
|
||||||
|
}
|
||||||
|
c_write_str("Authenticating with public key \"");
|
||||||
|
c_write_str(comment);
|
||||||
|
c_write_str("\"\r\n");
|
||||||
|
method = AUTH_PUBLICKEY_FILE;
|
||||||
}
|
}
|
||||||
ssh2_pkt_defer();
|
|
||||||
}
|
}
|
||||||
ssh2_pkt_defersend();
|
|
||||||
} else {
|
if (!method && can_passwd) {
|
||||||
c_write("No supported authentication methods left to try!\r\n", 50);
|
method = AUTH_PASSWORD;
|
||||||
logevent("No supported authentications offered. Disconnecting");
|
sprintf(pwprompt, "%.90s@%.90s's password: ", username, savedhost);
|
||||||
ssh2_pkt_init(SSH2_MSG_DISCONNECT);
|
need_pw = TRUE;
|
||||||
ssh2_pkt_adduint32(SSH2_DISCONNECT_BY_APPLICATION);
|
}
|
||||||
ssh2_pkt_addstring("No supported authentication methods available");
|
|
||||||
ssh2_pkt_addstring("en"); /* language tag */
|
if (need_pw) {
|
||||||
ssh2_pkt_send();
|
if (ssh_get_password) {
|
||||||
ssh_state = SSH_STATE_CLOSED;
|
if (!ssh_get_password(pwprompt, password, sizeof(password))) {
|
||||||
crReturnV;
|
/*
|
||||||
|
* get_password failed to get a password (for
|
||||||
|
* example because one was supplied on the command
|
||||||
|
* line which has already failed to work).
|
||||||
|
* Terminate.
|
||||||
|
*/
|
||||||
|
logevent("No more passwords to try");
|
||||||
|
ssh_state = SSH_STATE_CLOSED;
|
||||||
|
crReturnV;
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
static int pos = 0;
|
||||||
|
static char c;
|
||||||
|
|
||||||
|
c_write_str(pwprompt);
|
||||||
|
ssh_send_ok = 1;
|
||||||
|
|
||||||
|
pos = 0;
|
||||||
|
while (pos >= 0) {
|
||||||
|
crWaitUntilV(!ispkt);
|
||||||
|
while (inlen--) switch (c = *in++) {
|
||||||
|
case 10: case 13:
|
||||||
|
password[pos] = 0;
|
||||||
|
pos = -1;
|
||||||
|
break;
|
||||||
|
case 8: case 127:
|
||||||
|
if (pos > 0)
|
||||||
|
pos--;
|
||||||
|
break;
|
||||||
|
case 21: case 27:
|
||||||
|
pos = 0;
|
||||||
|
break;
|
||||||
|
case 3: case 4:
|
||||||
|
random_save_seed();
|
||||||
|
exit(0);
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
if (((c >= ' ' && c <= '~') ||
|
||||||
|
((unsigned char)c >= 160)) && pos < 40)
|
||||||
|
password[pos++] = c;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
c_write_str("\r\n");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (method == AUTH_PUBLICKEY_FILE) {
|
||||||
|
/*
|
||||||
|
* We have our passphrase. Now try the actual authentication.
|
||||||
|
*/
|
||||||
|
struct ssh2_userkey *key;
|
||||||
|
|
||||||
|
key = ssh2_load_userkey(cfg.keyfile, password);
|
||||||
|
if (key == SSH2_WRONG_PASSPHRASE || key == NULL) {
|
||||||
|
if (key == SSH2_WRONG_PASSPHRASE) {
|
||||||
|
c_write_str("Wrong passphrase\r\n");
|
||||||
|
tried_pubkey_config = FALSE;
|
||||||
|
} else {
|
||||||
|
c_write_str("Unable to load private key\r\n");
|
||||||
|
tried_pubkey_config = TRUE;
|
||||||
|
}
|
||||||
|
/* Send a spurious AUTH_NONE to return to the top. */
|
||||||
|
ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
|
||||||
|
ssh2_pkt_addstring(username);
|
||||||
|
ssh2_pkt_addstring("ssh-connection"); /* service requested */
|
||||||
|
ssh2_pkt_addstring("none"); /* method */
|
||||||
|
ssh2_pkt_send();
|
||||||
|
type = AUTH_TYPE_NONE;
|
||||||
|
} else {
|
||||||
|
unsigned char *blob, *sigdata;
|
||||||
|
int blob_len, sigdata_len;
|
||||||
|
|
||||||
|
/*
|
||||||
|
* We have loaded the private key and the server
|
||||||
|
* has announced that it's willing to accept it.
|
||||||
|
* Hallelujah. Generate a signature and send it.
|
||||||
|
*/
|
||||||
|
ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
|
||||||
|
ssh2_pkt_addstring(username);
|
||||||
|
ssh2_pkt_addstring("ssh-connection"); /* service requested */
|
||||||
|
ssh2_pkt_addstring("publickey"); /* method */
|
||||||
|
ssh2_pkt_addbool(TRUE);
|
||||||
|
ssh2_pkt_addstring(key->alg->name);
|
||||||
|
blob = key->alg->public_blob(key->data, &blob_len);
|
||||||
|
ssh2_pkt_addstring_start();
|
||||||
|
ssh2_pkt_addstring_data(blob, blob_len);
|
||||||
|
sfree(blob);
|
||||||
|
|
||||||
|
/*
|
||||||
|
* The data to be signed is:
|
||||||
|
*
|
||||||
|
* string session-id
|
||||||
|
*
|
||||||
|
* followed by everything so far placed in the
|
||||||
|
* outgoing packet.
|
||||||
|
*/
|
||||||
|
sigdata_len = pktout.length - 5 + 4 + 20;
|
||||||
|
sigdata = smalloc(sigdata_len);
|
||||||
|
PUT_32BIT(sigdata, 20);
|
||||||
|
memcpy(sigdata+4, ssh2_session_id, 20);
|
||||||
|
memcpy(sigdata+24, pktout.data+5, pktout.length-5);
|
||||||
|
blob = key->alg->sign(key->data, sigdata, sigdata_len, &blob_len);
|
||||||
|
ssh2_pkt_addstring_start();
|
||||||
|
ssh2_pkt_addstring_data(blob, blob_len);
|
||||||
|
sfree(blob);
|
||||||
|
sfree(sigdata);
|
||||||
|
|
||||||
|
ssh2_pkt_send();
|
||||||
|
type = AUTH_TYPE_PUBLICKEY;
|
||||||
|
}
|
||||||
|
} else if (method == AUTH_PASSWORD) {
|
||||||
|
/*
|
||||||
|
* We send the password packet lumped tightly together with
|
||||||
|
* an SSH_MSG_IGNORE packet. The IGNORE packet contains a
|
||||||
|
* string long enough to make the total length of the two
|
||||||
|
* packets constant. This should ensure that a passive
|
||||||
|
* listener doing traffic analyis can't work out the length
|
||||||
|
* of the password.
|
||||||
|
*
|
||||||
|
* For this to work, we need an assumption about the
|
||||||
|
* maximum length of the password packet. I think 256 is
|
||||||
|
* pretty conservative. Anyone using a password longer than
|
||||||
|
* that probably doesn't have much to worry about from
|
||||||
|
* people who find out how long their password is!
|
||||||
|
*/
|
||||||
|
ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
|
||||||
|
ssh2_pkt_addstring(username);
|
||||||
|
ssh2_pkt_addstring("ssh-connection"); /* service requested */
|
||||||
|
ssh2_pkt_addstring("password");
|
||||||
|
ssh2_pkt_addbool(FALSE);
|
||||||
|
ssh2_pkt_addstring(password);
|
||||||
|
ssh2_pkt_defer();
|
||||||
|
/*
|
||||||
|
* We'll include a string that's an exact multiple of the
|
||||||
|
* cipher block size. If the cipher is NULL for some
|
||||||
|
* reason, we don't do this trick at all because we gain
|
||||||
|
* nothing by it.
|
||||||
|
*/
|
||||||
|
if (cscipher) {
|
||||||
|
int i, j;
|
||||||
|
ssh2_pkt_init(SSH2_MSG_IGNORE);
|
||||||
|
ssh2_pkt_addstring_start();
|
||||||
|
for (i = deferred_len; i <= 256; i += cscipher->blksize) {
|
||||||
|
for (j = 0; j < cscipher->blksize; j++) {
|
||||||
|
char c = (char)random_byte();
|
||||||
|
ssh2_pkt_addstring_data(&c, 1);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
ssh2_pkt_defer();
|
||||||
|
}
|
||||||
|
ssh2_pkt_defersend();
|
||||||
|
type = AUTH_TYPE_PASSWORD;
|
||||||
|
} else {
|
||||||
|
c_write_str("No supported authentication methods left to try!\r\n");
|
||||||
|
logevent("No supported authentications offered. Disconnecting");
|
||||||
|
ssh2_pkt_init(SSH2_MSG_DISCONNECT);
|
||||||
|
ssh2_pkt_adduint32(SSH2_DISCONNECT_BY_APPLICATION);
|
||||||
|
ssh2_pkt_addstring("No supported authentication methods available");
|
||||||
|
ssh2_pkt_addstring("en"); /* language tag */
|
||||||
|
ssh2_pkt_send();
|
||||||
|
ssh_state = SSH_STATE_CLOSED;
|
||||||
|
crReturnV;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
} while (!we_are_in);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Now we're authenticated for the connection protocol. The
|
* Now we're authenticated for the connection protocol. The
|
||||||
@ -3102,7 +3175,7 @@ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt)
|
|||||||
bombout(("Server got confused by pty request"));
|
bombout(("Server got confused by pty request"));
|
||||||
crReturnV;
|
crReturnV;
|
||||||
}
|
}
|
||||||
c_write("Server refused to allocate pty\r\n", 32);
|
c_write_str("Server refused to allocate pty\r\n");
|
||||||
ssh_editing = ssh_echoing = 1;
|
ssh_editing = ssh_echoing = 1;
|
||||||
} else {
|
} else {
|
||||||
logevent("Allocated pty");
|
logevent("Allocated pty");
|
||||||
|
Loading…
Reference in New Issue
Block a user