1296781Sdes/* $OpenBSD: auth-bsdauth.c,v 1.14 2015/10/20 23:24:25 mmcc Exp $ */ 292555Sdes/* 392555Sdes * Copyright (c) 2001 Markus Friedl. All rights reserved. 492555Sdes * 592555Sdes * Redistribution and use in source and binary forms, with or without 692555Sdes * modification, are permitted provided that the following conditions 792555Sdes * are met: 892555Sdes * 1. Redistributions of source code must retain the above copyright 992555Sdes * notice, this list of conditions and the following disclaimer. 1092555Sdes * 2. Redistributions in binary form must reproduce the above copyright 1192555Sdes * notice, this list of conditions and the following disclaimer in the 1292555Sdes * documentation and/or other materials provided with the distribution. 1392555Sdes * 1492555Sdes * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 1592555Sdes * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 1692555Sdes * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 1792555Sdes * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 1892555Sdes * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 1992555Sdes * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 2092555Sdes * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 2192555Sdes * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 2292555Sdes * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 2392555Sdes * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 2492555Sdes */ 25162852Sdes 2692555Sdes#include "includes.h" 2792555Sdes 28162852Sdes#include <sys/types.h> 29295367Sdes#include <stdarg.h> 30295367Sdes#include <stdio.h> 31162852Sdes 32162852Sdes#include <stdarg.h> 33162852Sdes 3492555Sdes#ifdef BSD_AUTH 3592555Sdes#include "xmalloc.h" 36162852Sdes#include "key.h" 37162852Sdes#include "hostfile.h" 3892555Sdes#include "auth.h" 3992555Sdes#include "log.h" 40162852Sdes#include "buffer.h" 41162852Sdes#ifdef GSSAPI 42162852Sdes#include "ssh-gss.h" 43162852Sdes#endif 4498675Sdes#include "monitor_wrap.h" 4592555Sdes 4692555Sdesstatic void * 4792555Sdesbsdauth_init_ctx(Authctxt *authctxt) 4892555Sdes{ 4992555Sdes return authctxt; 5092555Sdes} 5192555Sdes 5298675Sdesint 5392555Sdesbsdauth_query(void *ctx, char **name, char **infotxt, 5492555Sdes u_int *numprompts, char ***prompts, u_int **echo_on) 5592555Sdes{ 5692555Sdes Authctxt *authctxt = ctx; 5792555Sdes char *challenge = NULL; 5892555Sdes 59295367Sdes *infotxt = NULL; 60295367Sdes *numprompts = 0; 61295367Sdes *prompts = NULL; 62295367Sdes *echo_on = NULL; 63295367Sdes 6492555Sdes if (authctxt->as != NULL) { 6592555Sdes debug2("bsdauth_query: try reuse session"); 6692555Sdes challenge = auth_getitem(authctxt->as, AUTHV_CHALLENGE); 6792555Sdes if (challenge == NULL) { 6892555Sdes auth_close(authctxt->as); 6992555Sdes authctxt->as = NULL; 7092555Sdes } 7192555Sdes } 7292555Sdes 7392555Sdes if (challenge == NULL) { 7492555Sdes debug2("bsdauth_query: new bsd auth session"); 7592555Sdes debug3("bsdauth_query: style %s", 7692555Sdes authctxt->style ? authctxt->style : "<default>"); 7792555Sdes authctxt->as = auth_userchallenge(authctxt->user, 7898675Sdes authctxt->style, "auth-ssh", &challenge); 7992555Sdes if (authctxt->as == NULL) 8092555Sdes challenge = NULL; 8192555Sdes debug2("bsdauth_query: <%s>", challenge ? challenge : "empty"); 8292555Sdes } 8392555Sdes 8492555Sdes if (challenge == NULL) 8592555Sdes return -1; 8692555Sdes 8798675Sdes *name = xstrdup(""); 8898675Sdes *infotxt = xstrdup(""); 8992555Sdes *numprompts = 1; 90162852Sdes *prompts = xcalloc(*numprompts, sizeof(char *)); 91162852Sdes *echo_on = xcalloc(*numprompts, sizeof(u_int)); 9292555Sdes (*prompts)[0] = xstrdup(challenge); 9392555Sdes 9492555Sdes return 0; 9592555Sdes} 9692555Sdes 9798675Sdesint 9892555Sdesbsdauth_respond(void *ctx, u_int numresponses, char **responses) 9992555Sdes{ 10092555Sdes Authctxt *authctxt = ctx; 10192555Sdes int authok; 10292555Sdes 103146998Sdes if (!authctxt->valid) 104146998Sdes return -1; 105146998Sdes 106296781Sdes if (authctxt->as == NULL) 10792555Sdes error("bsdauth_respond: no bsd auth session"); 10892555Sdes 10992555Sdes if (numresponses != 1) 11092555Sdes return -1; 11192555Sdes 11292555Sdes authok = auth_userresponse(authctxt->as, responses[0], 0); 11392555Sdes authctxt->as = NULL; 11492555Sdes debug3("bsdauth_respond: <%s> = <%d>", responses[0], authok); 11592555Sdes 11692555Sdes return (authok == 0) ? -1 : 0; 11792555Sdes} 11892555Sdes 11992555Sdesstatic void 12092555Sdesbsdauth_free_ctx(void *ctx) 12192555Sdes{ 12292555Sdes Authctxt *authctxt = ctx; 12392555Sdes 12492555Sdes if (authctxt && authctxt->as) { 12592555Sdes auth_close(authctxt->as); 12692555Sdes authctxt->as = NULL; 12792555Sdes } 12892555Sdes} 12992555Sdes 13092555SdesKbdintDevice bsdauth_device = { 13192555Sdes "bsdauth", 13292555Sdes bsdauth_init_ctx, 13392555Sdes bsdauth_query, 13492555Sdes bsdauth_respond, 13592555Sdes bsdauth_free_ctx 13692555Sdes}; 13798675Sdes 13898675SdesKbdintDevice mm_bsdauth_device = { 13998675Sdes "bsdauth", 14098675Sdes bsdauth_init_ctx, 14198675Sdes mm_bsdauth_query, 14298675Sdes mm_bsdauth_respond, 14398675Sdes bsdauth_free_ctx 14498675Sdes}; 14592555Sdes#endif 146