diff options
| author | Matt Johnston <matt@ucc.asn.au> | 2004-07-29 02:19:03 +0000 |
|---|---|---|
| committer | Matt Johnston <matt@ucc.asn.au> | 2004-07-29 02:19:03 +0000 |
| commit | e1491b8ec67e0e24b93a7b2997172d57b23a933c (patch) | |
| tree | f901dadee3bea69edcb4b019ffcc6a883e078d33 | |
| parent | 2d82f73484e588e9367657a25331afd4aa0bf976 (diff) | |
set the isserver flag (oops)
fix password auth for the server
--HG--
extra : convert_revision : 234eb604aabaef9ed0dd496ff8db8ecc212ca18c
| -rw-r--r-- | cli-auth.c | 25 | ||||
| -rw-r--r-- | cli-authpasswd.c | 5 | ||||
| -rw-r--r-- | cli-session.c | 3 | ||||
| -rw-r--r-- | common-kex.c | 11 | ||||
| -rw-r--r-- | svr-auth.c | 7 | ||||
| -rw-r--r-- | svr-session.c | 2 |
6 files changed, 21 insertions, 32 deletions
@@ -13,27 +13,6 @@ void cli_authinitialise() { } -void cli_get_user() { - - uid_t uid; - struct passwd *pw; - - TRACE(("enter cli_get_user")); - if (cli_opts.username != NULL) { - ses.authstate.username = cli_opts.username; - } else { - uid = getuid(); - - pw = getpwuid(uid); - if (pw == NULL || pw->pw_name == NULL) { - dropbear_exit("Couldn't find username for current user"); - } - - ses.authstate.username = m_strdup(pw->pw_name); - } - TRACE(("leave cli_get_user: %s", ses.authstate.username)); -} - /* Send a "none" auth request to get available methods */ void cli_auth_getmethods() { @@ -42,8 +21,8 @@ void cli_auth_getmethods() { CHECKCLEARTOWRITE(); buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_REQUEST); - buf_putstring(ses.writepayload, ses.authstate.username, - strlen(ses.authstate.username)); + buf_putstring(ses.writepayload, cli_opts.username, + strlen(cli_opts.username)); buf_putstring(ses.writepayload, SSH_SERVICE_CONNECTION, SSH_SERVICE_CONNECTION_LEN); buf_putstring(ses.writepayload, "none", 4); /* 'none' method */ diff --git a/cli-authpasswd.c b/cli-authpasswd.c index 6185334..c04d240 100644 --- a/cli-authpasswd.c +++ b/cli-authpasswd.c @@ -3,6 +3,7 @@ #include "dbutil.h" #include "session.h" #include "ssh.h" +#include "runopts.h" int cli_auth_password() { @@ -14,8 +15,8 @@ int cli_auth_password() { buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_REQUEST); - buf_putstring(ses.writepayload, ses.authstate.username, - strlen(ses.authstate.username)); + buf_putstring(ses.writepayload, cli_opts.username, + strlen(cli_opts.username)); buf_putstring(ses.writepayload, SSH_SERVICE_CONNECTION, SSH_SERVICE_CONNECTION_LEN); diff --git a/cli-session.c b/cli-session.c index 2ae2719..c999aed 100644 --- a/cli-session.c +++ b/cli-session.c @@ -83,6 +83,8 @@ static void cli_session_init() { /* packet handlers */ ses.packettypes = cli_packettypes; + + ses.isserver = 0; } /* This function drives the progress of the session - it initiates KEX, @@ -136,7 +138,6 @@ static void cli_sessionloop() { /* userauth code */ case SERVICE_AUTH_ACCEPT_RCVD: - cli_get_user(); cli_auth_getmethods(); cli_ses.state = USERAUTH_METHODS_SENT; TRACE(("leave cli_sessionloop: sent userauth methods req")); diff --git a/common-kex.c b/common-kex.c index 07b221b..49cbfa4 100644 --- a/common-kex.c +++ b/common-kex.c @@ -55,7 +55,7 @@ const unsigned char dh_p_val[] = { const int DH_G_VAL = 2; static void kexinitialise(); -static void gen_new_keys(); +void gen_new_keys(); #ifndef DISABLE_ZLIB static void gen_new_zstreams(); #endif @@ -253,7 +253,7 @@ static void hashkeys(unsigned char *out, int outlen, * taken into use after both sides have sent a newkeys message */ /* Originally from kex.c, generalized for cli/svr mode --mihnea */ -static void gen_new_keys() { +void gen_new_keys() { unsigned char C2S_IV[MAX_IV_LEN]; unsigned char C2S_key[MAX_KEY_LEN]; @@ -276,9 +276,6 @@ static void gen_new_keys() { sha1_process(&hs, ses.hash, SHA1_HASH_SIZE); m_burn(ses.hash, SHA1_HASH_SIZE); - hashkeys(C2S_IV, SHA1_HASH_SIZE, &hs, 'A'); - hashkeys(S2C_IV, SHA1_HASH_SIZE, &hs, 'B'); - if (IS_DROPBEAR_CLIENT) { trans_IV = C2S_IV; recv_IV = S2C_IV; @@ -299,6 +296,8 @@ static void gen_new_keys() { macrecvletter = 'E'; } + hashkeys(C2S_IV, SHA1_HASH_SIZE, &hs, 'A'); + hashkeys(S2C_IV, SHA1_HASH_SIZE, &hs, 'B'); hashkeys(C2S_key, C2S_keysize, &hs, 'C'); hashkeys(S2C_key, S2C_keysize, &hs, 'D'); @@ -580,6 +579,8 @@ void kexdh_comb_key(mp_int *dh_pub_us, mp_int *dh_priv, mp_int *dh_pub_them, sha1_process(&hs, buf_getptr(ses.kexhashbuf, ses.kexhashbuf->len), ses.kexhashbuf->len); sha1_done(&hs, ses.hash); + + buf_burn(ses.kexhashbuf); buf_free(ses.kexhashbuf); ses.kexhashbuf = NULL; @@ -58,7 +58,7 @@ static void authclear() { ses.authstate.authtypes |= AUTH_TYPE_PUBKEY; #endif #ifdef DROPBEAR_PASSWORD_AUTH - if (svr_opts.noauthpass) { + if (!svr_opts.noauthpass) { ses.authstate.authtypes |= AUTH_TYPE_PASSWORD; } #endif @@ -100,6 +100,7 @@ void recv_msg_userauth_request() { /* ignore packets if auth is already done */ if (ses.authstate.authdone == 1) { + TRACE(("leave recv_msg_userauth_request: authdone already")); return; } @@ -129,6 +130,7 @@ void recv_msg_userauth_request() { if (methodlen == AUTH_METHOD_NONE_LEN && strncmp(methodname, AUTH_METHOD_NONE, AUTH_METHOD_NONE_LEN) == 0) { + TRACE(("recv_msg_userauth_request: 'none' request")); send_msg_userauth_failure(0, 0); goto out; } @@ -305,6 +307,9 @@ void send_msg_userauth_failure(int partial, int incrfail) { buf_putbyte(ses.writepayload, partial ? 1 : 0); encrypt_packet(); + TRACE(("auth fail: methods %d, '%s'", ses.authstate.authtypes, + buf_getptr(typebuf, typebuf->len))); + if (incrfail) { usleep(300000); /* XXX improve this */ ses.authstate.failcount++; diff --git a/svr-session.c b/svr-session.c index 80c622a..c9aed49 100644 --- a/svr-session.c +++ b/svr-session.c @@ -96,6 +96,8 @@ void svr_session(int sock, int childpipe, char* remotehost) { ses.packettypes = svr_packettypes; ses.buf_match_algo = svr_buf_match_algo; + ses.isserver = 1; + /* We're ready to go now */ sessinitdone = 1; |