2 RCSID("$OpenBSD: auth2-skey.c,v 1.1 2000/10/11 20:14:38 markus Exp $");
11 void send_userauth_into_request(Authctxt *authctxt, int echo);
12 void input_userauth_info_response(int type, int plen, void *ctxt);
15 * try skey authentication, always return -1 (= postponed) since we have to
16 * wait for the s/key response.
19 auth2_skey(Authctxt *authctxt)
21 send_userauth_into_request(authctxt, 0);
22 dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE, &input_userauth_info_response);
27 send_userauth_into_request(Authctxt *authctxt, int echo)
31 char challenge[SKEY_MAX_CHALLENGE];
34 if (authctxt->user == NULL)
35 fatal("send_userauth_into_request: internal error: no user");
37 /* get skey challenge */
39 retval = skeychallenge(&skey, authctxt->user, challenge);
42 fake = skey_fake_keyinfo(authctxt->user);
43 strlcpy(challenge, fake, sizeof challenge);
45 /* send our info request */
46 packet_start(SSH2_MSG_USERAUTH_INFO_REQUEST);
47 packet_put_cstring("S/Key Authentication"); /* Name */
48 packet_put_cstring(challenge); /* Instruction */
49 packet_put_cstring(""); /* Language */
50 packet_put_int(1); /* Number of prompts */
51 packet_put_cstring(echo ?
52 "Response [Echo]: ": "Response: "); /* Prompt */
53 packet_put_char(echo); /* Echo */
56 memset(challenge, 'c', sizeof challenge);
60 input_userauth_info_response(int type, int plen, void *ctxt)
62 Authctxt *authctxt = ctxt;
63 int authenticated = 0;
64 unsigned int nresp, rlen;
68 fatal("input_userauth_info_response: no authentication context");
70 if (authctxt->attempt++ >= AUTH_FAIL_MAX)
71 packet_disconnect("too many failed userauth_requests");
73 nresp = packet_get_int();
75 /* we only support s/key and assume s/key for nresp == 1 */
77 resp = packet_get_string(&rlen);
79 if (strlen(resp) == 0) {
81 * if we received a null response, resend prompt with
85 userauth_log(authctxt, authenticated, method);
86 send_userauth_into_request(authctxt, 1);
88 /* verify skey response */
89 if (authctxt->valid &&
90 skey_haskey(authctxt->pw->pw_name) == 0 &&
91 skey_passcheck(authctxt->pw->pw_name, resp) != -1) {
96 memset(resp, 'r', rlen);
97 /* unregister callback */
98 dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE, NULL);
99 userauth_log(authctxt, authenticated, method);
100 userauth_reply(authctxt, authenticated);