/* the heart of the whole keyboard interactive login */
int ssh_userauth_kbdint(SSH_SESSION *session, const char *user, const char *submethods){
int err;
if(session->version==1)
return SSH_AUTH_DENIED; // no keyb-interactive for ssh1
enter_function();
if( !session->kbdint){
/* first time we call. we must ask for a challenge */
if(!user)
if(!(user=session->options->username)){
if(ssh_options_default_username(session->options)){
leave_function();
return SSH_AUTH_ERROR;
} else
user=session->options->username;
}
if(ask_userauth(session)){
leave_function();
return SSH_AUTH_ERROR;
}
err=kbdauth_init(session,user,submethods);
if(err!=SSH_AUTH_INFO){
leave_function();
return err; /* error or first try success */
}
err=kbdauth_info_get(session);
if(err==SSH_AUTH_ERROR){
kbdint_free(session->kbdint);
session->kbdint=NULL;
}
leave_function();
return err;
}
/* if we are at this point, it's because session->kbdint exists */
/* it means the user has set some informations there we need to send *
* the server. and then we need to ack the status (new questions or ok *
* pass in */
err=kbdauth_send(session);
kbdint_free(session->kbdint);
session->kbdint=NULL;
if(err!=SSH_AUTH_INFO){
leave_function();
return err;
}
err=kbdauth_info_get(session);
if(err==SSH_AUTH_ERROR){
kbdint_free(session->kbdint);
session->kbdint=NULL;
}
leave_function();
return err;
}
/**
* @brief Try to authenticate through the "keyboard-interactive" method.
*
* @param session The ssh session to use.
*
* @param user The username to authenticate. You can specify NULL if
* ssh_option_set_username() has been used. You cannot try
* two different logins in a row.
*
* @param submethods Undocumented. Set it to NULL.
*
* @returns SSH_AUTH_ERROR: A serious error happened\n
* SSH_AUTH_DENIED: Authentication failed : use another method\n
* SSH_AUTH_PARTIAL: You've been partially authenticated, you still
* have to use another method\n
* SSH_AUTH_SUCCESS: Authentication success\n
* SSH_AUTH_INFO: The server asked some questions. Use
* ssh_userauth_kbdint_getnprompts() and such.
*
* @see ssh_userauth_kbdint_getnprompts()
* @see ssh_userauth_kbdint_getname()
* @see ssh_userauth_kbdint_getinstruction()
* @see ssh_userauth_kbdint_getprompt()
* @see ssh_userauth_kbdint_setanswer()
*/
int ssh_userauth_kbdint(ssh_session session, const char *user,
const char *submethods) {
int rc = SSH_AUTH_ERROR;
if (session->version == 1) {
/* No keyb-interactive for ssh1 */
return SSH_AUTH_DENIED;
}
enter_function();
if (session->kbdint == NULL) {
/* first time we call. we must ask for a challenge */
if (user == NULL) {
if ((user = session->username) == NULL) {
if (ssh_options_apply(session) < 0) {
leave_function();
return SSH_AUTH_ERROR;
} else {
user = session->username;
}
}
}
if (ask_userauth(session)) {
leave_function();
return SSH_AUTH_ERROR;
}
rc = kbdauth_init(session, user, submethods);
if (rc != SSH_AUTH_INFO) {
leave_function();
return rc; /* error or first try success */
}
rc = kbdauth_info_get(session);
if (rc == SSH_AUTH_ERROR) {
kbdint_free(session->kbdint);
session->kbdint = NULL;
}
leave_function();
return rc;
}
/*
* If we are at this point, it ss because session->kbdint exists.
* It means the user has set some information there we need to send
* the server and then we need to ack the status (new questions or ok
* pass in).
*/
rc = kbdauth_send(session);
kbdint_free(session->kbdint);
session->kbdint = NULL;
if(rc != SSH_AUTH_INFO) {
leave_function();
return rc;
}
rc = kbdauth_info_get(session);
if (rc == SSH_AUTH_ERROR) {
kbdint_free(session->kbdint);
session->kbdint = NULL;
}
leave_function();
return rc;
}
