1181111Sdes/* $OpenBSD: auth-bsdauth.c,v 1.11 2007/09/21 08:15:29 djm Exp $ */ 292555Sdes/* 392555Sdes * Copyright (c) 2001 Markus Friedl. All rights reserved. 492555Sdes * 592555Sdes * Redistribution and use in source and binary forms, with or without 692555Sdes * modification, are permitted provided that the following conditions 792555Sdes * are met: 892555Sdes * 1. Redistributions of source code must retain the above copyright 992555Sdes * notice, this list of conditions and the following disclaimer. 1092555Sdes * 2. Redistributions in binary form must reproduce the above copyright 1192555Sdes * notice, this list of conditions and the following disclaimer in the 1292555Sdes * documentation and/or other materials provided with the distribution. 1392555Sdes * 1492555Sdes * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 1592555Sdes * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 1692555Sdes * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 1792555Sdes * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 1892555Sdes * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 1992555Sdes * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 2092555Sdes * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 2192555Sdes * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 2292555Sdes * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 2392555Sdes * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 2492555Sdes */ 25162852Sdes 2692555Sdes#include "includes.h" 2792555Sdes 28162852Sdes#include <sys/types.h> 29162852Sdes 30162852Sdes#include <stdarg.h> 31162852Sdes 3292555Sdes#ifdef BSD_AUTH 3392555Sdes#include "xmalloc.h" 34162852Sdes#include "key.h" 35162852Sdes#include "hostfile.h" 3692555Sdes#include "auth.h" 3792555Sdes#include "log.h" 38162852Sdes#include "buffer.h" 39162852Sdes#ifdef GSSAPI 40162852Sdes#include "ssh-gss.h" 41162852Sdes#endif 4298675Sdes#include "monitor_wrap.h" 4392555Sdes 4492555Sdesstatic void * 4592555Sdesbsdauth_init_ctx(Authctxt *authctxt) 4692555Sdes{ 4792555Sdes return authctxt; 4892555Sdes} 4992555Sdes 5098675Sdesint 5192555Sdesbsdauth_query(void *ctx, char **name, char **infotxt, 5292555Sdes u_int *numprompts, char ***prompts, u_int **echo_on) 5392555Sdes{ 5492555Sdes Authctxt *authctxt = ctx; 5592555Sdes char *challenge = NULL; 5692555Sdes 5792555Sdes if (authctxt->as != NULL) { 5892555Sdes debug2("bsdauth_query: try reuse session"); 5992555Sdes challenge = auth_getitem(authctxt->as, AUTHV_CHALLENGE); 6092555Sdes if (challenge == NULL) { 6192555Sdes auth_close(authctxt->as); 6292555Sdes authctxt->as = NULL; 6392555Sdes } 6492555Sdes } 6592555Sdes 6692555Sdes if (challenge == NULL) { 6792555Sdes debug2("bsdauth_query: new bsd auth session"); 6892555Sdes debug3("bsdauth_query: style %s", 6992555Sdes authctxt->style ? authctxt->style : "<default>"); 7092555Sdes authctxt->as = auth_userchallenge(authctxt->user, 7198675Sdes authctxt->style, "auth-ssh", &challenge); 7292555Sdes if (authctxt->as == NULL) 7392555Sdes challenge = NULL; 7492555Sdes debug2("bsdauth_query: <%s>", challenge ? challenge : "empty"); 7592555Sdes } 7692555Sdes 7792555Sdes if (challenge == NULL) 7892555Sdes return -1; 7992555Sdes 8098675Sdes *name = xstrdup(""); 8198675Sdes *infotxt = xstrdup(""); 8292555Sdes *numprompts = 1; 83162852Sdes *prompts = xcalloc(*numprompts, sizeof(char *)); 84162852Sdes *echo_on = xcalloc(*numprompts, sizeof(u_int)); 8592555Sdes (*prompts)[0] = xstrdup(challenge); 8692555Sdes 8792555Sdes return 0; 8892555Sdes} 8992555Sdes 9098675Sdesint 9192555Sdesbsdauth_respond(void *ctx, u_int numresponses, char **responses) 9292555Sdes{ 9392555Sdes Authctxt *authctxt = ctx; 9492555Sdes int authok; 9592555Sdes 96146998Sdes if (!authctxt->valid) 97146998Sdes return -1; 98146998Sdes 9992555Sdes if (authctxt->as == 0) 10092555Sdes error("bsdauth_respond: no bsd auth session"); 10192555Sdes 10292555Sdes if (numresponses != 1) 10392555Sdes return -1; 10492555Sdes 10592555Sdes authok = auth_userresponse(authctxt->as, responses[0], 0); 10692555Sdes authctxt->as = NULL; 10792555Sdes debug3("bsdauth_respond: <%s> = <%d>", responses[0], authok); 10892555Sdes 10992555Sdes return (authok == 0) ? -1 : 0; 11092555Sdes} 11192555Sdes 11292555Sdesstatic void 11392555Sdesbsdauth_free_ctx(void *ctx) 11492555Sdes{ 11592555Sdes Authctxt *authctxt = ctx; 11692555Sdes 11792555Sdes if (authctxt && authctxt->as) { 11892555Sdes auth_close(authctxt->as); 11992555Sdes authctxt->as = NULL; 12092555Sdes } 12192555Sdes} 12292555Sdes 12392555SdesKbdintDevice bsdauth_device = { 12492555Sdes "bsdauth", 12592555Sdes bsdauth_init_ctx, 12692555Sdes bsdauth_query, 12792555Sdes bsdauth_respond, 12892555Sdes bsdauth_free_ctx 12992555Sdes}; 13098675Sdes 13198675SdesKbdintDevice mm_bsdauth_device = { 13298675Sdes "bsdauth", 13398675Sdes bsdauth_init_ctx, 13498675Sdes mm_bsdauth_query, 13598675Sdes mm_bsdauth_respond, 13698675Sdes bsdauth_free_ctx 13798675Sdes}; 13892555Sdes#endif 139