/*
* try challenge-response, set authctxt->postponed if we have to
* wait for the response.
*/
int
auth2_challenge(Authctxt *authctxt, char *devs)
{
debug("auth2_challenge: user=%s devs=%s",
authctxt->user ? authctxt->user : "******",
devs ? devs : "<no devs>");
if (authctxt->user == NULL || !devs)
return 0;
if (authctxt->kbdintctxt == NULL)
authctxt->kbdintctxt = kbdint_alloc(devs);
return auth2_challenge_start(authctxt);
}
/*
* try challenge-response, set authctxt->postponed if we have to
* wait for the response.
*/
int
auth2_challenge(struct ssh *ssh, char *devs)
{
struct authctxt *authctxt = ssh->authctxt;
debug("auth2_challenge: user=%s devs=%s",
authctxt->user ? authctxt->user : "******",
devs ? devs : "<no devs>");
if (authctxt->user == NULL || !devs)
return 0;
if (authctxt->kbdintctxt == NULL)
authctxt->kbdintctxt = kbdint_alloc(devs);
return auth2_challenge_start(ssh);
}
/*
* try challenge-response, set authctxt->method->postponed if we have to
* wait for the response.
*/
void
auth2_challenge(Authctxt *authctxt, char *devs)
{
debug("auth2_challenge: user=%s devs=%s",
authctxt->user ? authctxt->user : "******",
devs ? devs : "<no devs>");
if (authctxt->user == NULL || !devs)
return;
if (authctxt->method->method_data != NULL) {
auth2_challenge_abandon(authctxt);
authctxt->method->abandoned = 0;
}
authctxt->method->method_data = (void *) kbdint_alloc(devs);
auth2_challenge_start(authctxt);
}
static void
input_userauth_info_response(int type, u_int32_t seq, void *ctxt)
{
Authctxt *authctxt = ctxt;
KbdintAuthctxt *kbdintctxt;
int authenticated = 0, res;
u_int i, nresp;
const char *devicename = NULL;
char **response = NULL;
if (authctxt == NULL)
fatal("input_userauth_info_response: no authctxt");
kbdintctxt = authctxt->kbdintctxt;
if (kbdintctxt == NULL || kbdintctxt->ctxt == NULL)
fatal("input_userauth_info_response: no kbdintctxt");
if (kbdintctxt->device == NULL)
fatal("input_userauth_info_response: no device");
authctxt->postponed = 0; /* reset */
nresp = packet_get_int();
if (nresp != kbdintctxt->nreq)
fatal("input_userauth_info_response: wrong number of replies");
if (nresp > 100)
fatal("input_userauth_info_response: too many replies");
if (nresp > 0) {
response = xcalloc(nresp, sizeof(char *));
for (i = 0; i < nresp; i++)
response[i] = packet_get_string(NULL);
}
packet_check_eom();
res = kbdintctxt->device->respond(kbdintctxt->ctxt, nresp, response);
for (i = 0; i < nresp; i++) {
explicit_bzero(response[i], strlen(response[i]));
free(response[i]);
}
free(response);
switch (res) {
case 0:
/* Success! */
authenticated = authctxt->valid ? 1 : 0;
break;
case 1:
/* Authentication needs further interaction */
if (send_userauth_info_request(authctxt) == 1)
authctxt->postponed = 1;
break;
default:
/* Failure! */
break;
}
devicename = kbdintctxt->device->name;
if (!authctxt->postponed) {
if (authenticated) {
auth2_challenge_stop(authctxt);
} else {
/* start next device */
/* may set authctxt->postponed */
auth2_challenge_start(authctxt);
}
}
userauth_finish(authctxt, authenticated, "keyboard-interactive",
devicename);
}
static void
input_userauth_info_response(int type, u_int32_t seq, void *ctxt)
{
Authctxt *authctxt = ctxt;
KbdintAuthctxt *kbdintctxt;
int i, res, len;
u_int nresp;
char **response = NULL, *method;
if (authctxt == NULL)
fatal("input_userauth_info_response: no authctxt");
kbdintctxt = (KbdintAuthctxt *) authctxt->method->method_data;
if (kbdintctxt == NULL || kbdintctxt->ctxt == NULL)
fatal("input_userauth_info_response: no kbdintctxt");
if (kbdintctxt->device == NULL)
fatal("input_userauth_info_response: no device");
nresp = packet_get_int();
if (nresp != kbdintctxt->nreq)
fatal("input_userauth_info_response: wrong number of replies");
if (nresp > 100)
fatal("input_userauth_info_response: too many replies");
if (nresp > 0) {
response = xmalloc(nresp * sizeof(char *));
for (i = 0; i < nresp; i++)
response[i] = packet_get_string(NULL);
}
packet_check_eom();
if (authctxt->valid) {
res = kbdintctxt->device->respond(kbdintctxt->ctxt,
nresp, response);
} else {
res = -1;
}
for (i = 0; i < nresp; i++) {
memset(response[i], 'r', strlen(response[i]));
xfree(response[i]);
}
if (response)
xfree(response);
authctxt->method->postponed = 0; /* reset */
switch (res) {
case 0:
/* Success! */
authctxt->method->authenticated = 1;
break;
case 1:
/* Authentication needs further interaction */
if (send_userauth_info_request(authctxt) == 1) {
authctxt->method->postponed = 1;
}
break;
default:
/* Failure! */
break;
}
len = strlen("keyboard-interactive") + 2 +
strlen(kbdintctxt->device->name);
method = xmalloc(len);
snprintf(method, len, "keyboard-interactive/%s",
kbdintctxt->device->name);
if (authctxt->method->authenticated || authctxt->method->abandoned) {
auth2_challenge_stop(authctxt);
} else {
/* start next device */
/* may set authctxt->method->postponed */
auth2_challenge_start(authctxt);
}
userauth_finish(authctxt, method);
xfree(method);
}
static int
input_userauth_info_response(int type, u_int32_t seq, struct ssh *ssh)
{
struct authctxt *authctxt = ssh->authctxt;
struct kbdintctxt *kbdintctxt;
int authenticated = 0, res;
int r;
u_int i, nresp;
const char *devicename = NULL;
char **response = NULL;
if (authctxt == NULL)
fatal("input_userauth_info_response: no authctxt");
kbdintctxt = authctxt->kbdintctxt;
if (kbdintctxt == NULL || kbdintctxt->ctxt == NULL)
fatal("input_userauth_info_response: no kbdintctxt");
if (kbdintctxt->device == NULL)
fatal("input_userauth_info_response: no device");
authctxt->postponed = 0; /* reset */
if ((r = sshpkt_get_u32(ssh, &nresp)) != 0)
fatal("%s: %s", __func__, ssh_err(r));
if (nresp != kbdintctxt->nreq)
fatal("input_userauth_info_response: wrong number of replies");
if (nresp > 100)
fatal("input_userauth_info_response: too many replies");
if (nresp > 0) {
response = xcalloc(nresp, sizeof(char *));
for (i = 0; i < nresp; i++)
if ((r = sshpkt_get_cstring(ssh, &response[i],
NULL)) != 0)
fatal("%s: %s", __func__, ssh_err(r));
}
if ((r = sshpkt_get_end(ssh)) != 0)
fatal("%s: %s", __func__, ssh_err(r));
res = kbdintctxt->device->respond(kbdintctxt->ctxt, nresp, response);
for (i = 0; i < nresp; i++) {
explicit_bzero(response[i], strlen(response[i]));
free(response[i]);
}
free(response);
switch (res) {
case 0:
/* Success! */
authenticated = authctxt->valid ? 1 : 0;
break;
case 1:
/* Authentication needs further interaction */
if (send_userauth_info_request(ssh) == 1)
authctxt->postponed = 1;
break;
default:
/* Failure! */
break;
}
devicename = kbdintctxt->device->name;
if (!authctxt->postponed) {
if (authenticated) {
auth2_challenge_stop(ssh);
} else {
/* start next device */
/* may set authctxt->postponed */
auth2_challenge_start(ssh);
}
}
userauth_finish(ssh, authenticated, "keyboard-interactive",
devicename);
return 0;
}
