Skip to content
Snippets Groups Projects
Commit 2c036f74 authored by Deucе's avatar Deucе :ok_hand_tone4:
Browse files

Allow retrying SSH client auth. 

If you initially try private key auth for example, allow retrying
with password auth and vice-versa.  This is needed for reasonable
fallback from private-key auth since we don't know in advance
which will work, and we don't want to disconnect an reconnect.

This takes the guardrails of adding a password.  Previously, it was
ensured that a password was always added immediately after a username.
This is to ensure when using the server for example and stuffing a
list full of all the user/pw pairs, each pw goes with a user.

Instead of returning an error, this now allows adding passwords
without a corrsponding user that won't be used, and there will be
no indication of why.

Death Star mode for this feature is better than not having fallback
in my opinion.
parent ccfb0f02
No related branches found
No related tags found
1 merge request!455Update branch with changes from master
Expand all Hide whitespace changes
Inline Side-by-side
3rdp/build/GNUmakefile
+ 2
1
View file @ 2c036f74
...@@ -88,7 +88,7 @@ $(CRYPT_SRC): | $(3RDPSRCDIR) ...@@ -88,7 +88,7 @@ $(CRYPT_SRC): | $(3RDPSRCDIR)
$(CRYPT_IDIR): | $(3RDPODIR) $(CRYPT_IDIR): | $(3RDPODIR)
$(QUIET)$(IFNOTEXIST) mkdir $(CRYPT_IDIR) $(QUIET)$(IFNOTEXIST) mkdir $(CRYPT_IDIR)
$(CRYPTLIB_BUILD): $(3RDP_ROOT)/dist/cryptlib.zip $(3RDP_ROOT)/build/terminal-params.patch $(3RDP_ROOT)/build/cl-mingw32-static.patch $(3RDP_ROOT)/build/cl-ranlib.patch $(3RDP_ROOT)/build/cl-win32-noasm.patch $(3RDP_ROOT)/build/cl-zz-country.patch $(3RDP_ROOT)/build/cl-algorithms.patch $(3RDP_ROOT)/build/cl-allow-duplicate-ext.patch $(3RDP_ROOT)/build/cl-macosx-minver.patch $(3RDP_ROOT)/build/cl-endian.patch $(3RDP_ROOT)/build/cl-cryptodev.patch $(3RDP_ROOT)/build/cl-posix-me-gently.patch $(3RDP_ROOT)/build/cl-tpm-linux.patch $(3RDP_ROOT)/build/cl-PAM-noprompts.patch $(3RDP_ROOT)/build/cl-zlib.patch $(3RDP_ROOT)/build/Dynamic-linked-static-lib.patch $(3RDP_ROOT)/build/SSL-fix.patch $(3RDP_ROOT)/build/cl-bigger-maxattribute.patch $(3RDP_ROOT)/build/cl-vcxproj.patch $(3RDP_ROOT)/build/cl-mingw-vcver.patch $(3RDP_ROOT)/build/cl-win32-build-fix.patch $(3RDP_ROOT)/build/cl-gcc-non-const-time-val.patch $(3RDP_ROOT)/build/cl-no-odbc.patch $(3RDP_ROOT)/build/cl-noasm-defines.patch $(3RDP_ROOT)/build/cl-bn-noasm64-fix.patch $(3RDP_ROOT)/build/cl-no-RSA-suites.patch $(3RDP_ROOT)/build/cl-fix-ECC-RSA.patch $(3RDP_ROOT)/build/cl-prefer-ECC.patch $(3RDP_ROOT)/build/cl-prefer-ECC-harder.patch $(3RDP_ROOT)/build/cl-more-RSA-ECC-fixes.patch $(3RDP_ROOT)/build/cl-DH-key-init.patch $(3RDP_ROOT)/build/cl-clear-GCM-flag.patch $(3RDP_ROOT)/build/cl-use-ssh-ctr.patch $(3RDP_ROOT)/build/cl-ssh-list-ctr-modes.patch $(3RDP_ROOT)/build/cl-ssh-incCtr.patch $(3RDP_ROOT)/build/cl-ssl-suite-blocksizes.patch $(3RDP_ROOT)/build/cl-no-tpm.patch $(3RDP_ROOT)/build/cl-no-via-aes.patch $(3RDP_ROOT)/build/cl-fix-ssh-ecc-ephemeral.patch $(3RDP_ROOT)/build/cl-just-use-cc.patch $(3RDP_ROOT)/build/cl-learn-numbers.patch $(3RDP_ROOT)/build/cl-no-safe-stack.patch $(3RDP_ROOT)/build/cl-allow-pkcs12.patch $(3RDP_ROOT)/build/cl-uint64_t-redefine.patch $(3RDP_ROOT)/build/cl-random-openbsd.patch $(3RDP_ROOT)/build/cl-openbsd-threads.patch $(3RDP_ROOT)/build/cl-allow-none-auth.patch $(3RDP_ROOT)/build/cl-mingw-add-m32.patch $(3RDP_ROOT)/build/cl-poll-not-select.patch $(3RDP_ROOT)/build/cl-check-before-use.patch $(3RDP_ROOT)/build/cl-linux-yield.patch $(3RDP_ROOT)/build/cl-good-sockets.patch $(3RDP_ROOT)/build/cl-moar-objects.patch $(3RDP_ROOT)/build/cl-pthread_yield.patch $(3RDP_ROOT)/build/cl-check-cert-dont-modify.patch $(3RDP_ROOT)/build/cl-server-term-support.patch $(3RDP_ROOT)/build/cl-add-pubkey-attribute.patch | $(CRYPT_SRC) $(CRYPT_IDIR) $(3RDP_ROOT)/build/cl-remove-march.patch $(CRYPTLIB_BUILD): $(3RDP_ROOT)/dist/cryptlib.zip $(3RDP_ROOT)/build/terminal-params.patch $(3RDP_ROOT)/build/cl-mingw32-static.patch $(3RDP_ROOT)/build/cl-ranlib.patch $(3RDP_ROOT)/build/cl-win32-noasm.patch $(3RDP_ROOT)/build/cl-zz-country.patch $(3RDP_ROOT)/build/cl-algorithms.patch $(3RDP_ROOT)/build/cl-allow-duplicate-ext.patch $(3RDP_ROOT)/build/cl-macosx-minver.patch $(3RDP_ROOT)/build/cl-endian.patch $(3RDP_ROOT)/build/cl-cryptodev.patch $(3RDP_ROOT)/build/cl-posix-me-gently.patch $(3RDP_ROOT)/build/cl-tpm-linux.patch $(3RDP_ROOT)/build/cl-PAM-noprompts.patch $(3RDP_ROOT)/build/cl-zlib.patch $(3RDP_ROOT)/build/Dynamic-linked-static-lib.patch $(3RDP_ROOT)/build/SSL-fix.patch $(3RDP_ROOT)/build/cl-bigger-maxattribute.patch $(3RDP_ROOT)/build/cl-vcxproj.patch $(3RDP_ROOT)/build/cl-mingw-vcver.patch $(3RDP_ROOT)/build/cl-win32-build-fix.patch $(3RDP_ROOT)/build/cl-gcc-non-const-time-val.patch $(3RDP_ROOT)/build/cl-no-odbc.patch $(3RDP_ROOT)/build/cl-noasm-defines.patch $(3RDP_ROOT)/build/cl-bn-noasm64-fix.patch $(3RDP_ROOT)/build/cl-no-RSA-suites.patch $(3RDP_ROOT)/build/cl-fix-ECC-RSA.patch $(3RDP_ROOT)/build/cl-prefer-ECC.patch $(3RDP_ROOT)/build/cl-prefer-ECC-harder.patch $(3RDP_ROOT)/build/cl-more-RSA-ECC-fixes.patch $(3RDP_ROOT)/build/cl-DH-key-init.patch $(3RDP_ROOT)/build/cl-clear-GCM-flag.patch $(3RDP_ROOT)/build/cl-use-ssh-ctr.patch $(3RDP_ROOT)/build/cl-ssh-list-ctr-modes.patch $(3RDP_ROOT)/build/cl-ssh-incCtr.patch $(3RDP_ROOT)/build/cl-ssl-suite-blocksizes.patch $(3RDP_ROOT)/build/cl-no-tpm.patch $(3RDP_ROOT)/build/cl-no-via-aes.patch $(3RDP_ROOT)/build/cl-fix-ssh-ecc-ephemeral.patch $(3RDP_ROOT)/build/cl-just-use-cc.patch $(3RDP_ROOT)/build/cl-learn-numbers.patch $(3RDP_ROOT)/build/cl-no-safe-stack.patch $(3RDP_ROOT)/build/cl-allow-pkcs12.patch $(3RDP_ROOT)/build/cl-uint64_t-redefine.patch $(3RDP_ROOT)/build/cl-random-openbsd.patch $(3RDP_ROOT)/build/cl-openbsd-threads.patch $(3RDP_ROOT)/build/cl-allow-none-auth.patch $(3RDP_ROOT)/build/cl-mingw-add-m32.patch $(3RDP_ROOT)/build/cl-poll-not-select.patch $(3RDP_ROOT)/build/cl-check-before-use.patch $(3RDP_ROOT)/build/cl-linux-yield.patch $(3RDP_ROOT)/build/cl-good-sockets.patch $(3RDP_ROOT)/build/cl-moar-objects.patch $(3RDP_ROOT)/build/cl-pthread_yield.patch $(3RDP_ROOT)/build/cl-check-cert-dont-modify.patch $(3RDP_ROOT)/build/cl-server-term-support.patch $(3RDP_ROOT)/build/cl-add-pubkey-attribute.patch $(3RDP_ROOT)/build/cl-allow-ssh-auth-retries.patch | $(CRYPT_SRC) $(CRYPT_IDIR) $(3RDP_ROOT)/build/cl-remove-march.patch
@echo Creating $@ ... @echo Creating $@ ...
$(QUIET)-rm -rf $(CRYPT_SRC)/* $(QUIET)-rm -rf $(CRYPT_SRC)/*
$(QUIET)unzip -oa $(3RDPDISTDIR)/cryptlib.zip -d $(CRYPT_SRC) $(QUIET)unzip -oa $(3RDPDISTDIR)/cryptlib.zip -d $(CRYPT_SRC)
...@@ -149,6 +149,7 @@ $(CRYPTLIB_BUILD): $(3RDP_ROOT)/dist/cryptlib.zip $(3RDP_ROOT)/build/terminal-pa ...@@ -149,6 +149,7 @@ $(CRYPTLIB_BUILD): $(3RDP_ROOT)/dist/cryptlib.zip $(3RDP_ROOT)/build/terminal-pa
$(QUIET)patch -b -p0 -d $(CRYPT_SRC) < cl-pthread_yield.patch $(QUIET)patch -b -p0 -d $(CRYPT_SRC) < cl-pthread_yield.patch
$(QUIET)patch -b -p0 -d $(CRYPT_SRC) < cl-server-term-support.patch $(QUIET)patch -b -p0 -d $(CRYPT_SRC) < cl-server-term-support.patch
$(QUIET)patch -b -p0 -d $(CRYPT_SRC) < cl-add-pubkey-attribute.patch $(QUIET)patch -b -p0 -d $(CRYPT_SRC) < cl-add-pubkey-attribute.patch
$(QUIET)patch -b -p0 -d $(CRYPT_SRC) < cl-allow-ssh-auth-retries.patch
ifeq ($(os),win32) ifeq ($(os),win32)
$(QUIET)cd $(CRYPT_SRC) && env - PATH="$(PATH)" CC="$(CC)" AR="$(AR)" RANLIB="$(RANLIB)" make directories $(QUIET)cd $(CRYPT_SRC) && env - PATH="$(PATH)" CC="$(CC)" AR="$(AR)" RANLIB="$(RANLIB)" make directories
$(QUIET)cd $(CRYPT_SRC) && env - PATH="$(PATH)" CC="$(CC)" AR="$(AR)" RANLIB="$(RANLIB)" make toolscripts $(QUIET)cd $(CRYPT_SRC) && env - PATH="$(PATH)" CC="$(CC)" AR="$(AR)" RANLIB="$(RANLIB)" make toolscripts
......
3rdp/build/cl-allow-ssh-auth-retries.patch 0 → 100644
+ 518
0
View file @ 2c036f74
This diff is collapsed.
src/syncterm/ssh.c
+ 33
4
View file @ 2c036f74
...@@ -306,7 +306,6 @@ key_not_present(sftp_filehandle_t f, const char *priv) ...@@ -306,7 +306,6 @@ key_not_present(sftp_filehandle_t f, const char *priv)
if (!sftpc_read(sftp_state, f, off, (bufsz - bufpos > 1024) ? 1024 : bufsz - bufpos, &r)) { if (!sftpc_read(sftp_state, f, off, (bufsz - bufpos > 1024) ? 1024 : bufsz - bufpos, &r)) {
if (sftp_state->err_code == SSH_FX_EOF) { if (sftp_state->err_code == SSH_FX_EOF) {
free(buf); free(buf);
free_sftp_str(r);
return true; return true;
} }
free(buf); free(buf);
...@@ -347,7 +346,6 @@ add_public_key(struct bbslist *bbs, char *priv) ...@@ -347,7 +346,6 @@ add_public_key(struct bbslist *bbs, char *priv)
bool added = false; bool added = false;
// TODO: Without this sleep, all is woe. // TODO: Without this sleep, all is woe.
//SLEEP(10);
while (!conn_api.input_thread_running) while (!conn_api.input_thread_running)
SLEEP(1); SLEEP(1);
if (!bbs->hidepopups) { if (!bbs->hidepopups) {
...@@ -584,7 +582,7 @@ ssh_connect(struct bbslist *bbs) ...@@ -584,7 +582,7 @@ ssh_connect(struct bbslist *bbs)
} }
} }
else { else {
if (!password[0]/* && ssh_context == -1*/) { if (!password[0] && ssh_context == -1) {
if (bbs->hidepopups) if (bbs->hidepopups)
init_uifc(false, false); init_uifc(false, false);
uifcinput("Password", MAX_PASSWD_LEN, password, K_PASSWORD, "Incorrect password. Try again."); uifcinput("Password", MAX_PASSWD_LEN, password, K_PASSWORD, "Incorrect password. Try again.");
...@@ -661,7 +659,38 @@ ssh_connect(struct bbslist *bbs) ...@@ -661,7 +659,38 @@ ssh_connect(struct bbslist *bbs)
uifc.pop(NULL); uifc.pop(NULL);
uifc.pop("Activating Session"); uifc.pop("Activating Session");
} }
status = cl.SetAttribute(ssh_session, CRYPT_SESSINFO_ACTIVE, 1);
do {
status = cl.SetAttribute(ssh_session, CRYPT_SESSINFO_ACTIVE, 1);
if (status == CRYPT_ENVELOPE_RESOURCE) {
int status2;
status2 = cl.GetAttributeString(ssh_session, CRYPT_SESSINFO_USERNAME, username, &rows);
fprintf(stderr, "Stats @ %d: %d\n", __LINE__, status2);
if (cryptStatusOK(status2)) {
username[rows] = 0;
fprintf(stderr, "Len=%d\n", rows);
fprintf(stderr, "Username: '%s'\n", username);
}
//status2 = cl.DeleteAttribute(ssh_session, CRYPT_SESSINFO_PRIVATEKEY);
//fprintf(stderr, "Stats @ %d: %d\n", __LINE__, status2); // -21 permission... can't delete...
//status2 = cl.DeleteAttribute(ssh_session, CRYPT_SESSINFO_USERNAME);
//fprintf(stderr, "Stats @ %d: %d\n", __LINE__, status2); // Done...
status2 = cl.DeleteAttribute(ssh_session, CRYPT_SESSINFO_PASSWORD);
fprintf(stderr, "Stats @ %d: %d\n", __LINE__, status2);
if (bbs->hidepopups)
init_uifc(false, false);
password[0] = 0;
uifcinput("Password", MAX_PASSWD_LEN, password, K_PASSWORD, "Incorrect password. Try again.");
if (bbs->hidepopups)
uifcbail();
//status2 = cl.SetAttributeString(ssh_session, CRYPT_SESSINFO_USERNAME, username, strlen(username));
//fprintf(stderr, "Stats @ %d: %d\n", __LINE__, status2);
status2 = cl.SetAttributeString(ssh_session, CRYPT_SESSINFO_PASSWORD, password, strlen(password));
fprintf(stderr, "Stats @ %d: %d\n", __LINE__, status2);
status2 = cl.SetAttribute(ssh_session, CRYPT_SESSINFO_AUTHRESPONSE, 1);
fprintf(stderr, "Stats @ %d: %d\n", __LINE__, status2);
}
} while (status == CRYPT_ENVELOPE_RESOURCE);
if (cryptStatusError(status)) { if (cryptStatusError(status)) {
free(pubkey); free(pubkey);
error_popup(bbs, "activating session", status); error_popup(bbs, "activating session", status);
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment