diff options
| author |   markus <markus@openbsd.org> | 2002-03-26 15:58:46 +0000 |
|---|---|---|
| committer | markus <markus@openbsd.org> | 2002-03-26 15:58:46 +0000 |
| commit | 3fd9bf2b122a4db84a2f064c0251c166da5d336a (patch) | |
| tree | 20fc22750aad7998fda0d5a6d773149bffafe1af | |
| parent | Add liniya (0.1 inch); old russian emperial unit; ok pjanzen/mickey (diff) | |
| download | wireguard-openbsd-3fd9bf2b122a4db84a2f064c0251c166da5d336a.tar.xz wireguard-openbsd-3fd9bf2b122a4db84a2f064c0251c166da5d336a.zip | |
client side support for PASSWD_CHANGEREQ
based on work by johan.andersson@appgate.com; ok provos@
| -rw-r--r-- | usr.bin/ssh/readpass.c | 7 | ||||
| -rw-r--r-- | usr.bin/ssh/readpass.h | 3 | ||||
| -rw-r--r-- | usr.bin/ssh/sshconnect2.c | 77 |
3 files changed, 82 insertions, 5 deletions
diff --git a/usr.bin/ssh/readpass.c b/usr.bin/ssh/readpass.c index c55dd21c86c..dc1b11f3f5f 100644 --- a/usr.bin/ssh/readpass.c +++ b/usr.bin/ssh/readpass.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: readpass.c,v 1.26 2002/02/13 00:39:15 markus Exp $"); +RCSID("$OpenBSD: readpass.c,v 1.27 2002/03/26 15:58:46 markus Exp $"); #include <readpassphrase.h> @@ -120,8 +120,11 @@ read_passphrase(const char *prompt, int flags) return ssh_askpass(askpass, prompt); } - if (readpassphrase(prompt, buf, sizeof buf, rppflags) == NULL) + if (readpassphrase(prompt, buf, sizeof buf, rppflags) == NULL) { + if (flags & RP_ALLOW_EOF) + return NULL; return xstrdup(""); + } ret = xstrdup(buf); memset(buf, 'x', sizeof buf); diff --git a/usr.bin/ssh/readpass.h b/usr.bin/ssh/readpass.h index 229973c68ad..a45d32f2a76 100644 --- a/usr.bin/ssh/readpass.h +++ b/usr.bin/ssh/readpass.h @@ -1,4 +1,4 @@ -/* $OpenBSD: readpass.h,v 1.6 2001/06/26 17:27:24 markus Exp $ */ +/* $OpenBSD: readpass.h,v 1.7 2002/03/26 15:58:46 markus Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -14,5 +14,6 @@ #define RP_ECHO 0x0001 #define RP_ALLOW_STDIN 0x0002 +#define RP_ALLOW_EOF 0x0004 char *read_passphrase(const char *, int); diff --git a/usr.bin/ssh/sshconnect2.c b/usr.bin/ssh/sshconnect2.c index fbd18aaa7ef..d8e1df5ca9d 100644 --- a/usr.bin/ssh/sshconnect2.c +++ b/usr.bin/ssh/sshconnect2.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect2.c,v 1.98 2002/03/19 10:49:35 markus Exp $"); +RCSID("$OpenBSD: sshconnect2.c,v 1.99 2002/03/26 15:58:46 markus Exp $"); #include "ssh.h" #include "ssh2.h" @@ -172,6 +172,7 @@ void input_userauth_banner(int, u_int32_t, void *); void input_userauth_error(int, u_int32_t, void *); void input_userauth_info_req(int, u_int32_t, void *); void input_userauth_pk_ok(int, u_int32_t, void *); +void input_userauth_passwd_changereq(int, u_int32_t, void *); int userauth_none(Authctxt *); int userauth_pubkey(Authctxt *); @@ -439,7 +440,7 @@ int userauth_passwd(Authctxt *authctxt) { static int attempt = 0; - char prompt[80]; + char prompt[150]; char *password; if (attempt++ >= options.number_of_password_prompts) @@ -461,13 +462,85 @@ userauth_passwd(Authctxt *authctxt) xfree(password); packet_add_padding(64); packet_send(); + + dispatch_set(SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ, + &input_userauth_passwd_changereq); + return 1; } +/* + * parse PASSWD_CHANGEREQ, prompt user and send SSH2_MSG_USERAUTH_REQUEST + */ +void +input_userauth_passwd_changereq(int type, uint32_t seqnr, void *ctxt) +{ + Authctxt *authctxt = ctxt; + char *info, *lang, *password = NULL, *retype = NULL; + char prompt[150]; + + debug2("input_userauth_passwd_changereq"); + + if (authctxt == NULL) + fatal("input_userauth_passwd_changereq: " + "no authentication context"); + + info = packet_get_string(NULL); + lang = packet_get_string(NULL); + if (strlen(info) > 0) + log("%s", info); + xfree(info); + xfree(lang); + packet_start(SSH2_MSG_USERAUTH_REQUEST); + packet_put_cstring(authctxt->server_user); + packet_put_cstring(authctxt->service); + packet_put_cstring(authctxt->method->name); + packet_put_char(1); /* additional info */ + snprintf(prompt, sizeof(prompt), + "Enter %.30s@%.128s's old password: ", + authctxt->server_user, authctxt->host); + password = read_passphrase(prompt, 0); + packet_put_cstring(password); + memset(password, 0, strlen(password)); + xfree(password); + password = NULL; + while (password == NULL) { + snprintf(prompt, sizeof(prompt), + "Enter %.30s@%.128s's new password: ", + authctxt->server_user, authctxt->host); + password = read_passphrase(prompt, RP_ALLOW_EOF); + if (password == NULL) { + /* bail out */ + return; + } + snprintf(prompt, sizeof(prompt), + "Retype %.30s@%.128s's new password: ", + authctxt->server_user, authctxt->host); + retype = read_passphrase(prompt, 0); + if (strcmp(password, retype) != 0) { + memset(password, 0, strlen(password)); + xfree(password); + log("Mismatch; try again, EOF to quit."); + password = NULL; + } + memset(retype, 0, strlen(retype)); + xfree(retype); + } + packet_put_cstring(password); + memset(password, 0, strlen(password)); + xfree(password); + packet_add_padding(64); + packet_send(); + + dispatch_set(SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ, + &input_userauth_passwd_changereq); +} static void clear_auth_state(Authctxt *authctxt) { /* XXX clear authentication state */ + dispatch_set(SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ, NULL); + if (authctxt->last_key != NULL && authctxt->last_key_hint == -1) { debug3("clear_auth_state: key_free %p", authctxt->last_key); key_free(authctxt->last_key); |