Skip to content
Snippets Groups Projects
Commit f4d43d13 authored by Deucе's avatar Deucе :ok_hand_tone4:
Browse files

Add support for the SSH "none" auth method.

This is used by some BBSs to enable encryption without needing to
integrate the BBS user base into their SSH server (and presumably
so they don't need to run multiple SSH servers).  All users log in
with the same username (ie: "bbs") and no password is requested or
required.

Once the BBS starts, it prompts for the BBS user name and password
as normal.

In SyncTERM, the user/password/syspass fields are redefined as
SSHuser/BBSuser/BBSpassword and they are moved around when you
change the connection type.  This means that if you change a listing
that has a syspass to SSH (no auth) and back, the syspass is lost.

I'm not sure if I plan to fix this or not.
parent 98c77fde
No related branches found
No related tags found
1 merge request!463MRC mods by Codefenix (2024-10-20)
Pipeline #1523 passed
......@@ -81,7 +81,7 @@ $(CRYPT_SRC): | $(3RDPSRCDIR)
$(CRYPT_IDIR): | $(3RDPODIR)
$(QUIET)$(IFNOTEXIST) mkdir $(CRYPT_IDIR)
$(CRYPTLIB_BUILD): $(3RDP_ROOT)$(DIRSEP)dist/cryptlib.zip $(3RDP_ROOT)$(DIRSEP)build/terminal-params.patch $(3RDP_ROOT)$(DIRSEP)build/cl-mingw32-static.patch $(3RDP_ROOT)$(DIRSEP)build/cl-ranlib.patch $(3RDP_ROOT)$(DIRSEP)build/cl-win32-noasm.patch $(3RDP_ROOT)$(DIRSEP)build/cl-zz-country.patch $(3RDP_ROOT)$(DIRSEP)build/cl-algorithms.patch $(3RDP_ROOT)$(DIRSEP)build/cl-allow-duplicate-ext.patch $(3RDP_ROOT)$(DIRSEP)build/cl-macosx-minver.patch $(3RDP_ROOT)$(DIRSEP)build/cl-endian.patch $(3RDP_ROOT)$(DIRSEP)build/cl-cryptodev.patch $(3RDP_ROOT)$(DIRSEP)build/cl-posix-me-gently.patch $(3RDP_ROOT)$(DIRSEP)build/cl-tpm-linux.patch $(3RDP_ROOT)$(DIRSEP)build/cl-PAM-noprompts.patch $(3RDP_ROOT)$(DIRSEP)build/cl-zlib.patch $(3RDP_ROOT)$(DIRSEP)build/Dynamic-linked-static-lib.patch $(3RDP_ROOT)$(DIRSEP)build/SSL-fix.patch $(3RDP_ROOT)$(DIRSEP)build/cl-bigger-maxattribute.patch $(3RDP_ROOT)$(DIRSEP)build/cl-vcxproj.patch $(3RDP_ROOT)$(DIRSEP)build/cl-mingw-vcver.patch $(3RDP_ROOT)$(DIRSEP)build/cl-win32-build-fix.patch $(3RDP_ROOT)$(DIRSEP)build/cl-gcc-non-const-time-val.patch $(3RDP_ROOT)$(DIRSEP)build/cl-no-odbc.patch $(3RDP_ROOT)$(DIRSEP)build/cl-noasm-defines.patch $(3RDP_ROOT)$(DIRSEP)build/cl-bn-noasm64-fix.patch $(3RDP_ROOT)$(DIRSEP)build/cl-no-RSA-suites.patch $(3RDP_ROOT)$(DIRSEP)build/cl-fix-ECC-RSA.patch $(3RDP_ROOT)$(DIRSEP)build/cl-prefer-ECC.patch $(3RDP_ROOT)$(DIRSEP)build/cl-prefer-ECC-harder.patch $(3RDP_ROOT)$(DIRSEP)build/cl-more-RSA-ECC-fixes.patch $(3RDP_ROOT)$(DIRSEP)build/cl-DH-key-init.patch $(3RDP_ROOT)$(DIRSEP)build/cl-clear-GCM-flag.patch $(3RDP_ROOT)$(DIRSEP)build/cl-use-ssh-ctr.patch $(3RDP_ROOT)$(DIRSEP)build/cl-ssh-list-ctr-modes.patch $(3RDP_ROOT)$(DIRSEP)build/cl-ssh-incCtr.patch $(3RDP_ROOT)$(DIRSEP)build/cl-ssl-suite-blocksizes.patch $(3RDP_ROOT)$(DIRSEP)build/cl-no-tpm.patch $(3RDP_ROOT)$(DIRSEP)build/cl-no-via-aes.patch $(3RDP_ROOT)$(DIRSEP)build/cl-fix-ssh-ecc-ephemeral.patch $(3RDP_ROOT)$(DIRSEP)/build/cl-just-use-cc.patch $(3RDP_ROOT)$(DIRSEP)/build/cl-learn-numbers.patch $(3RDP_ROOT)$(DIRSEP)/build/cl-no-safe-stack.patch $(3RDP_ROOT)$(DIRSEP)/build/cl-allow-pkcs12.patch $(3RDP_ROOT)$(DIRSEP)/build/cl-uint64_t-redefine.patch $(3RDP_ROOT)$(DIRSEP)/build/cl-random-openbsd.patch $(3RDP_ROOT)$(DIRSEP)/build/cl-openbsd-threads.patch | $(CRYPT_SRC) $(CRYPT_IDIR)
$(CRYPTLIB_BUILD): $(3RDP_ROOT)$(DIRSEP)dist/cryptlib.zip $(3RDP_ROOT)$(DIRSEP)build/terminal-params.patch $(3RDP_ROOT)$(DIRSEP)build/cl-mingw32-static.patch $(3RDP_ROOT)$(DIRSEP)build/cl-ranlib.patch $(3RDP_ROOT)$(DIRSEP)build/cl-win32-noasm.patch $(3RDP_ROOT)$(DIRSEP)build/cl-zz-country.patch $(3RDP_ROOT)$(DIRSEP)build/cl-algorithms.patch $(3RDP_ROOT)$(DIRSEP)build/cl-allow-duplicate-ext.patch $(3RDP_ROOT)$(DIRSEP)build/cl-macosx-minver.patch $(3RDP_ROOT)$(DIRSEP)build/cl-endian.patch $(3RDP_ROOT)$(DIRSEP)build/cl-cryptodev.patch $(3RDP_ROOT)$(DIRSEP)build/cl-posix-me-gently.patch $(3RDP_ROOT)$(DIRSEP)build/cl-tpm-linux.patch $(3RDP_ROOT)$(DIRSEP)build/cl-PAM-noprompts.patch $(3RDP_ROOT)$(DIRSEP)build/cl-zlib.patch $(3RDP_ROOT)$(DIRSEP)build/Dynamic-linked-static-lib.patch $(3RDP_ROOT)$(DIRSEP)build/SSL-fix.patch $(3RDP_ROOT)$(DIRSEP)build/cl-bigger-maxattribute.patch $(3RDP_ROOT)$(DIRSEP)build/cl-vcxproj.patch $(3RDP_ROOT)$(DIRSEP)build/cl-mingw-vcver.patch $(3RDP_ROOT)$(DIRSEP)build/cl-win32-build-fix.patch $(3RDP_ROOT)$(DIRSEP)build/cl-gcc-non-const-time-val.patch $(3RDP_ROOT)$(DIRSEP)build/cl-no-odbc.patch $(3RDP_ROOT)$(DIRSEP)build/cl-noasm-defines.patch $(3RDP_ROOT)$(DIRSEP)build/cl-bn-noasm64-fix.patch $(3RDP_ROOT)$(DIRSEP)build/cl-no-RSA-suites.patch $(3RDP_ROOT)$(DIRSEP)build/cl-fix-ECC-RSA.patch $(3RDP_ROOT)$(DIRSEP)build/cl-prefer-ECC.patch $(3RDP_ROOT)$(DIRSEP)build/cl-prefer-ECC-harder.patch $(3RDP_ROOT)$(DIRSEP)build/cl-more-RSA-ECC-fixes.patch $(3RDP_ROOT)$(DIRSEP)build/cl-DH-key-init.patch $(3RDP_ROOT)$(DIRSEP)build/cl-clear-GCM-flag.patch $(3RDP_ROOT)$(DIRSEP)build/cl-use-ssh-ctr.patch $(3RDP_ROOT)$(DIRSEP)build/cl-ssh-list-ctr-modes.patch $(3RDP_ROOT)$(DIRSEP)build/cl-ssh-incCtr.patch $(3RDP_ROOT)$(DIRSEP)build/cl-ssl-suite-blocksizes.patch $(3RDP_ROOT)$(DIRSEP)build/cl-no-tpm.patch $(3RDP_ROOT)$(DIRSEP)build/cl-no-via-aes.patch $(3RDP_ROOT)$(DIRSEP)build/cl-fix-ssh-ecc-ephemeral.patch $(3RDP_ROOT)$(DIRSEP)/build/cl-just-use-cc.patch $(3RDP_ROOT)$(DIRSEP)/build/cl-learn-numbers.patch $(3RDP_ROOT)$(DIRSEP)/build/cl-no-safe-stack.patch $(3RDP_ROOT)$(DIRSEP)/build/cl-allow-pkcs12.patch $(3RDP_ROOT)$(DIRSEP)/build/cl-uint64_t-redefine.patch $(3RDP_ROOT)$(DIRSEP)/build/cl-random-openbsd.patch $(3RDP_ROOT)$(DIRSEP)/build/cl-openbsd-threads.patch $(3RDP_ROOT)$(DIRSEP)/build/cl-allow-none-auth.patch | $(CRYPT_SRC) $(CRYPT_IDIR)
@echo Creating $@ ...
$(QUIET)-rm -rf $(CRYPT_SRC)/*
$(QUIET)unzip -oa $(3RDPDISTDIR)$(DIRSEP)cryptlib.zip -d $(CRYPT_SRC)
......@@ -131,6 +131,7 @@ $(CRYPTLIB_BUILD): $(3RDP_ROOT)$(DIRSEP)dist/cryptlib.zip $(3RDP_ROOT)$(DIRSEP)b
$(QUIET)patch -b -p0 -d $(CRYPT_SRC) < cl-uint64_t-redefine.patch
$(QUIET)patch -b -p0 -d $(CRYPT_SRC) < cl-random-openbsd.patch
$(QUIET)patch -b -p0 -d $(CRYPT_SRC) < cl-openbsd-threads.patch
$(QUIET)patch -b -p0 -d $(CRYPT_SRC) < cl-allow-none-auth.patch
ifeq ($(CC),mingw32-gcc)
$(QUIET)cd $(CRYPT_SRC) && env - PATH="$(PATH)" CC="$(CC)" AR="$(AR)" RANLIB="$(RANLIB)" make directories
$(QUIET)cd $(CRYPT_SRC) && env - PATH="$(PATH)" CC="$(CC)" AR="$(AR)" RANLIB="$(RANLIB)" make toolscripts
......
--- ../cl-old/cryptlib.h 2021-03-16 04:15:50.265534000 -0400
+++ ./cryptlib.h 2021-03-16 06:53:47.582168000 -0400
@@ -1215,6 +1215,7 @@
CRYPT_SESSINFO_SSH_CHANNEL_ARG1,/* SSH channel argument 1 */
CRYPT_SESSINFO_SSH_CHANNEL_ARG2,/* SSH channel argument 2 */
CRYPT_SESSINFO_SSH_CHANNEL_ACTIVE,/* SSH channel active */
+ CRYPT_SESSINFO_SSH_OPTIONS, /* SSH protocol options */
CRYPT_SESSINFO_SSL_OPTIONS, /* SSL/TLS protocol options */
CRYPT_SESSINFO_SSL_SUBPROTOCOL, /* SSL/TLS additional sub-protocol */
CRYPT_SESSINFO_SSL_WSPROTOCOL, /* SSL/TLS WebSockets sub-protocol */
@@ -1680,6 +1681,14 @@
#define CRYPT_SSLOPTION_SUITEB_256 0x200 /* vanish in future releases) */
#ifdef _CRYPT_DEFINED
#define CRYPT_SSLOPTION_MAX 0x7F /* Defines for range checking */
+#endif /* _CRYPT_DEFINED */
+
+/* SSH protocol options. */
+
+#define CRYPT_SSHOPTION_NONE 0x000
+#define CRYPT_SSHOPTION_NONE_AUTH 0x001 /* Try none authentication */
+#ifdef _CRYPT_DEFINED
+#define CRYPT_SSHOPTION_MAX 0x01 /* Defines for range checking */
#endif /* _CRYPT_DEFINED */
/****************************************************************************
diff -ur ../cl-old/kernel/attr_acl.c ./kernel/attr_acl.c
--- ../cl-old/kernel/attr_acl.c 2021-03-16 04:15:50.398060000 -0400
+++ ./kernel/attr_acl.c 2021-03-16 06:53:47.606473000 -0400
@@ -3731,6 +3731,12 @@
ST_NONE, ST_NONE, ST_SESS_SSH | ST_SESS_SSH_SVR,
MKPERM_SSH_EXT( RWx_xxx ),
ROUTE( OBJECT_TYPE_SESSION ) ),
+ MKACL_N( /* SSH protocol options */
+ CRYPT_SESSINFO_SSH_OPTIONS,
+ ST_NONE, ST_NONE, ST_SESS_SSH,
+ MKPERM_SSH_EXT( Rxx_RWx ),
+ ROUTE( OBJECT_TYPE_SESSION ),
+ RANGE( CRYPT_SSHOPTION_NONE, CRYPT_SSHOPTION_MAX ) ),
MKACL_N( /* SSL/TLS protocol options */
CRYPT_SESSINFO_SSL_OPTIONS,
@@ -4653,7 +4659,7 @@
static_assert( CRYPT_CERTINFO_FIRST_EXTENSION == 2200, "Attribute value" );
static_assert( CRYPT_CERTINFO_FIRST_CMS == 2500, "Attribute value" );
static_assert( CRYPT_SESSINFO_FIRST_SPECIFIC == 6016, "Attribute value" );
- static_assert( CRYPT_SESSINFO_LAST_SPECIFIC == 6031, "Attribute value" );
+ static_assert( CRYPT_SESSINFO_LAST_SPECIFIC == 6032, "Attribute value" );
static_assert( CRYPT_CERTFORMAT_LAST == 12, "Attribute value" );
/* Perform a consistency check on the attribute ACLs. The ACLs are
diff -ur ../cl-old/session/ssh.c ./session/ssh.c
--- ../cl-old/session/ssh.c 2021-03-16 04:15:50.257467000 -0400
+++ ./session/ssh.c 2021-03-16 06:53:47.638940000 -0400
@@ -980,6 +980,18 @@
type == CRYPT_SESSINFO_SSH_CHANNEL_ARG2 || \
type == CRYPT_SESSINFO_SSH_CHANNEL_ACTIVE );
+ if( type == CRYPT_SESSINFO_SSH_OPTIONS )
+ {
+ int *valuePtr = ( int * ) data;
+
+ *valuePtr = CRYPT_SSHOPTION_NONE;
+ if( TEST_FLAG( sessionInfoPtr->protocolFlags,
+ SSH_PFLAG_DUMMYUSERAUTH ) )
+ *valuePtr |= CRYPT_SSHOPTION_NONE_AUTH;
+
+ return( CRYPT_OK );
+ }
+
if( type == CRYPT_SESSINFO_SSH_CHANNEL || \
type == CRYPT_SESSINFO_SSH_CHANNEL_ACTIVE )
{
@@ -1010,11 +1022,13 @@
type == CRYPT_SESSINFO_SSH_CHANNEL_TYPE || \
type == CRYPT_SESSINFO_SSH_CHANNEL_ARG1 || \
type == CRYPT_SESSINFO_SSH_CHANNEL_ARG2 || \
+ type == CRYPT_SESSINFO_SSH_OPTIONS || \
type == CRYPT_SESSINFO_SSH_CHANNEL_ACTIVE );
/* Get the data value if it's an integer parameter */
if( type == CRYPT_SESSINFO_SSH_CHANNEL || \
- type == CRYPT_SESSINFO_SSH_CHANNEL_ACTIVE )
+ type == CRYPT_SESSINFO_SSH_CHANNEL_ACTIVE || \
+ type == CRYPT_SESSINFO_SSH_OPTIONS)
value = *( ( int * ) data );
/* If we're selecting a channel and there's unwritten data from a
@@ -1038,6 +1052,13 @@
return( createChannel( sessionInfoPtr ) );
}
+ if( type == CRYPT_SESSINFO_SSH_OPTIONS )
+ {
+ if (value & CRYPT_SSHOPTION_NONE_AUTH)
+ SET_FLAG( sessionInfoPtr->protocolFlags, SSH_PFLAG_DUMMYUSERAUTH );
+ return( CRYPT_OK );
+ }
+
/* If we 're setting the channel-active attribute, this implicitly
activates or deactivates the channel rather than setting any
attribute value */
@@ -1165,8 +1186,6 @@
SESSION_FLAG_NONE, /* Flags */
SSH_PORT, /* SSH port */
SESSION_NEEDS_USERID | /* Client attributes */
- SESSION_NEEDS_PASSWORD | \
- SESSION_NEEDS_KEYORPASSWORD | \
SESSION_NEEDS_PRIVKEYSIGN,
/* The client private key is optional, but if present it has
to be signature-capable */
diff -ur ../cl-old/session/ssh2_authc.c ./session/ssh2_authc.c
--- ../cl-old/session/ssh2_authc.c 2021-03-16 04:15:50.264206000 -0400
+++ ./session/ssh2_authc.c 2021-03-16 07:46:47.873769000 -0400
@@ -315,13 +315,22 @@
assert( isWritePtr( authAlgo, sizeof( CRYPT_ALGO_TYPE ) ) );
assert( isWritePtr( furtherAuthRequired, sizeof( BOOLEAN ) ) );
- REQUIRES( isShortIntegerRangeNZ( length ) );
REQUIRES( usedPasswordAuth == TRUE || usedPasswordAuth == FALSE );
/* Clear return values */
*authAlgo = CRYPT_ALGO_NONE;
*furtherAuthRequired = FALSE;
+ if (length == 0 && GET_FLAG( sessionInfoPtr->protocolFlags, SSH_PFLAG_DUMMYUSERAUTH ) && !usedPasswordAuth)
+ {
+ CLEAR_FLAG( sessionInfoPtr->protocolFlags, SSH_PFLAG_DUMMYUSERAUTH );
+ *furtherAuthRequired = TRUE;
+ *authAlgo = CRYPT_PSEUDOALGO_PASSWORD;
+ return( CRYPT_OK );
+ }
+
+ REQUIRES( isShortIntegerRangeNZ( length ) );
+
/* Before we can try and interpret the response, we have to check for an
empty response */
if( length >= LENGTH_SIZE && \
@@ -647,6 +656,8 @@
SSH_MSG_USERAUTH_REQUEST );
if( cryptStatusError( status ) )
return( status );
+ if (passwordPtr == NULL && GET_FLAG( sessionInfoPtr->protocolFlags, SSH_PFLAG_DUMMYUSERAUTH ))
+ return( OK_SPECIAL );
if( usePasswordAuth )
{
/* byte type = SSH_MSG_USERAUTH_REQUEST
@@ -1220,6 +1231,11 @@
auth required */
if( !hasPassword )
{
+ if (length == 0)
+ {
+ return( reportAuthFailure( sessionInfoPtr, CRYPT_PSEUDOALGO_PASSWORD,
+ requiredAuthAlgo, TRUE ) );
+ }
return( reportAuthFailure( sessionInfoPtr, CRYPT_ALGO_RSA,
requiredAuthAlgo, TRUE ) );
}
......@@ -966,10 +966,18 @@ int edit_list(struct bbslist **list, struct bbslist *item,char *listpath,int isd
fc_str(opt[i++], item->flow_control);
else if (item->conn_type != CONN_TYPE_SHELL)
sprintf(opt[i++], "TCP Port %hu",item->port);
if (item->conn_type == CONN_TYPE_SSHNA) {
printf_trunc(opt[i], sizeof(opt[i]), "SSH Username %s",item->user);
i++;
sprintf(opt[i++], "BBS Username %s",item->password);
sprintf(opt[i++], "BBS Password %s",item->syspass[0]?"********":"<none>");
}
else {
printf_trunc(opt[i], sizeof(opt[i]), "Username %s",item->user);
i++;
sprintf(opt[i++], "Password %s",item->password[0]?"********":"<none>");
sprintf(opt[i++], "System Password %s",item->syspass[0]?"********":"<none>");
}
sprintf(opt[i++], "Screen Mode %s",screen_modes[item->screen_mode]);
sprintf(opt[i++], "Hide Status Line %s",item->nostatus?"Yes":"No");
printf_trunc(opt[i], sizeof(opt[i]), "Download Path %s", item->dldir);
......@@ -1179,27 +1187,45 @@ int edit_list(struct bbslist **list, struct bbslist *item,char *listpath,int isd
}
break;
case 4:
if (item->conn_type == CONN_TYPE_SSHNA) {
uifc.helpbuf= "`SSH Username`\n\n"
"Enter the username for passwordless SSH authentication.";
}
else {
uifc.helpbuf= "`Username`\n\n"
"Enter the username to attempt auto-login to the remote with.\n"
"For SSH, this must be the SSH user name.";
}
uifc.input(WIN_MID|WIN_SAV,0,0,"Username",item->user,MAX_USER_LEN,K_EDIT);
check_exit(FALSE);
iniSetString(&inifile,itemname,"UserName",item->user,&ini_style);
break;
case 5:
if (item->conn_type == CONN_TYPE_SSHNA) {
uifc.helpbuf= "`BBS Username`\n\n"
"Enter the username to be sent for auto-login (ALT-L).";
}
else {
uifc.helpbuf= "`Password`\n\n"
"Enter your password for auto-login.\n"
"For SSH, this must be the SSH password if it exists.\n";
}
uifc.input(WIN_MID|WIN_SAV,0,0,"Password",item->password,MAX_PASSWD_LEN,K_EDIT);
check_exit(FALSE);
iniSetString(&inifile,itemname,"Password",item->password,&ini_style);
break;
case 6:
if (item->conn_type == CONN_TYPE_SSHNA) {
uifc.helpbuf= "`BBS Password`\n\n"
"Enter your password for auto-login. (ALT-L)\n";
}
else {
uifc.helpbuf= "`System Password`\n\n"
"Enter your System password for auto-login.\n"
"This password is sent after the username and password, so for non-\n"
"Synchronet, or non-sysop accounts, this can be used for simple\n"
"scripting.";
}
uifc.input(WIN_MID|WIN_SAV,0,0,"System Password",item->syspass,MAX_SYSPASS_LEN,K_EDIT);
check_exit(FALSE);
iniSetString(&inifile,itemname,"SystemPassword",item->syspass,&ini_style);
......@@ -1217,6 +1243,18 @@ int edit_list(struct bbslist **list, struct bbslist *item,char *listpath,int isd
item->conn_type++;
iniSetEnum(&inifile,itemname,"ConnectionType",conn_types_enum,item->conn_type,&ini_style);
// TODO: NOTE: This is destructive! Beware! Ooooooo....
if (i == CONN_TYPE_SSHNA && item->conn_type != CONN_TYPE_SSHNA) {
SAFECOPY(item->user, item->password);
SAFECOPY(item->password, item->syspass);
item->syspass[0] = 0;
}
if (i != CONN_TYPE_SSHNA && item->conn_type == CONN_TYPE_SSHNA) {
SAFECOPY(item->syspass, item->password);
SAFECOPY(item->password, item->user);
item->user[0] = 0;
}
if(item->conn_type!=CONN_TYPE_MODEM && item->conn_type!=CONN_TYPE_SERIAL
&& item->conn_type!=CONN_TYPE_SHELL
) {
......
......@@ -45,9 +45,9 @@
#include "conn_telnet.h"
struct conn_api conn_api;
char *conn_types_enum[]={"Unknown","RLogin","RLoginReversed","Telnet","Raw","SSH","Modem","Serial","Shell","MBBSGhost","TelnetS", NULL};
char *conn_types[]={"Unknown","RLogin","RLogin Reversed","Telnet","Raw","SSH","Modem","Serial","Shell","MBBS GHost","TelnetS",NULL};
short unsigned int conn_ports[]={0,513,513,23,0,22,0,0,0,65535,992,0};
char *conn_types_enum[]={"Unknown","RLogin","RLoginReversed","Telnet","Raw","SSH","SSHNA","Modem","Serial","Shell","MBBSGhost","TelnetS", NULL};
char *conn_types[]={"Unknown","RLogin","RLogin Reversed","Telnet","Raw","SSH","SSH (no auth)","Modem","Serial","Shell","MBBS GHost","TelnetS",NULL};
short unsigned int conn_ports[]={0,513,513,23,0,22,22,0,0,0,65535,992,0};
struct conn_buffer conn_inbuf;
struct conn_buffer conn_outbuf;
......@@ -367,6 +367,7 @@ int conn_connect(struct bbslist *bbs)
conn_api.binary_mode_on=telnet_binary_mode_on;
conn_api.binary_mode_off=telnet_binary_mode_off;
break;
case CONN_TYPE_SSHNA:
case CONN_TYPE_SSH:
conn_api.connect=ssh_connect;
conn_api.close=ssh_close;
......
......@@ -21,6 +21,7 @@ enum {
,CONN_TYPE_TELNET
,CONN_TYPE_RAW
,CONN_TYPE_SSH
,CONN_TYPE_SSHNA
,CONN_TYPE_MODEM
,CONN_TYPE_SERIAL
,CONN_TYPE_SHELL
......
......@@ -229,6 +229,20 @@ int ssh_connect(struct bbslist *bbs)
if (!bbs->hidepopups)
uifc.pop(NULL);
if (bbs->conn_type == CONN_TYPE_SSHNA) {
status = cl.SetAttribute(ssh_session, CRYPT_SESSINFO_SSH_OPTIONS, CRYPT_SSHOPTION_NONE_AUTH);
if(cryptStatusError(status)) {
char str[1024];
sprintf(str,"Error %d disabling password auth",status);
if (!bbs->hidepopups)
uifcmsg("Error disabling password auth",str);
conn_api.terminate=1;
if (!bbs->hidepopups)
uifc.pop(NULL);
return(-1);
}
}
else {
if(!password[0]) {
if (bbs->hidepopups)
init_uifc(FALSE, FALSE);
......@@ -250,6 +264,7 @@ int ssh_connect(struct bbslist *bbs)
uifc.pop(NULL);
return(-1);
}
}
if (!bbs->hidepopups) {
uifc.pop(NULL);
......
......@@ -49,6 +49,7 @@ int init_crypt(void)
cl.SetAttributeString=cryptSetAttributeString;
cl.DestroySession=cryptDestroySession;
cl.AddRandom=cryptAddRandom;
cl.DeleteAttribute=cryptDeleteAttribute;
#else
cryptlib=xp_dlopen(libnames,RTLD_LAZY, CRYPTLIB_VERSION/1000);
if(cryptlib==NULL)
......@@ -101,6 +102,10 @@ int init_crypt(void)
xp_dlclose(cryptlib);
return(-1);
}
if((cl.DeleteAttribute=xp_dlsym(cryptlib,cryptDeleteAttribute))==NULL) {
xp_dlclose(cryptlib);
return(-1);
}
#endif
if(cryptStatusOK(cl.Init())) {
if(cryptStatusOK(cl.AddRandom(NULL, CRYPT_RANDOM_SLOWPOLL))) {
......
......@@ -37,6 +37,8 @@ struct crypt_funcs {
C_IN void C_PTR value, C_IN int valueLength );
int (*DestroySession)( C_IN CRYPT_SESSION session );
int (*AddRandom)( C_IN void C_PTR randomData, C_IN int randomDataLength );
int (*DeleteAttribute)( C_IN CRYPT_HANDLE cryptHandle,
C_IN CRYPT_ATTRIBUTE_TYPE attributeType);
};
#endif
......
......@@ -2824,11 +2824,13 @@ BOOL doterm(struct bbslist *bbs)
break;
case 0x2600: /* ALT-L */
if(bbs->conn_type != CONN_TYPE_RLOGIN && bbs->conn_type != CONN_TYPE_RLOGIN_REVERSED && bbs->conn_type != CONN_TYPE_SSH) {
if (bbs->conn_type != CONN_TYPE_SSHNA) {
if(bbs->user[0]) {
conn_send(bbs->user,strlen(bbs->user),0);
conn_send(cterm->emulation==CTERM_EMULATION_ATASCII?"\x9b":"\r",1,0);
SLEEP(10);
}
}
if(bbs->password[0]) {
conn_send(bbs->password,strlen(bbs->password),0);
conn_send(cterm->emulation==CTERM_EMULATION_ATASCII?"\x9b":"\r",1,0);
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment