Synchronet now requires the libarchive development package (e.g. libarchive-dev on Debian-based Linux distros, libarchive.org for more info) to build successfully.

...
 
Commits (1)
  • Deucе's avatar
    Add support for the SSH "none" auth method. · f4d43d13
    Deucе authored
    This is used by some BBSs to enable encryption without needing to
    integrate the BBS user base into their SSH server (and presumably
    so they don't need to run multiple SSH servers).  All users log in
    with the same username (ie: "bbs") and no password is requested or
    required.
    
    Once the BBS starts, it prompts for the BBS user name and password
    as normal.
    
    In SyncTERM, the user/password/syspass fields are redefined as
    SSHuser/BBSuser/BBSpassword and they are moved around when you
    change the connection type.  This means that if you change a listing
    that has a syspass to SSH (no auth) and back, the syspass is lost.
    
    I'm not sure if I plan to fix this or not.
    f4d43d13
......@@ -81,7 +81,7 @@ $(CRYPT_SRC): | $(3RDPSRCDIR)
$(CRYPT_IDIR): | $(3RDPODIR)
$(QUIET)$(IFNOTEXIST) mkdir $(CRYPT_IDIR)
$(CRYPTLIB_BUILD): $(3RDP_ROOT)$(DIRSEP)dist/cryptlib.zip $(3RDP_ROOT)$(DIRSEP)build/terminal-params.patch $(3RDP_ROOT)$(DIRSEP)build/cl-mingw32-static.patch $(3RDP_ROOT)$(DIRSEP)build/cl-ranlib.patch $(3RDP_ROOT)$(DIRSEP)build/cl-win32-noasm.patch $(3RDP_ROOT)$(DIRSEP)build/cl-zz-country.patch $(3RDP_ROOT)$(DIRSEP)build/cl-algorithms.patch $(3RDP_ROOT)$(DIRSEP)build/cl-allow-duplicate-ext.patch $(3RDP_ROOT)$(DIRSEP)build/cl-macosx-minver.patch $(3RDP_ROOT)$(DIRSEP)build/cl-endian.patch $(3RDP_ROOT)$(DIRSEP)build/cl-cryptodev.patch $(3RDP_ROOT)$(DIRSEP)build/cl-posix-me-gently.patch $(3RDP_ROOT)$(DIRSEP)build/cl-tpm-linux.patch $(3RDP_ROOT)$(DIRSEP)build/cl-PAM-noprompts.patch $(3RDP_ROOT)$(DIRSEP)build/cl-zlib.patch $(3RDP_ROOT)$(DIRSEP)build/Dynamic-linked-static-lib.patch $(3RDP_ROOT)$(DIRSEP)build/SSL-fix.patch $(3RDP_ROOT)$(DIRSEP)build/cl-bigger-maxattribute.patch $(3RDP_ROOT)$(DIRSEP)build/cl-vcxproj.patch $(3RDP_ROOT)$(DIRSEP)build/cl-mingw-vcver.patch $(3RDP_ROOT)$(DIRSEP)build/cl-win32-build-fix.patch $(3RDP_ROOT)$(DIRSEP)build/cl-gcc-non-const-time-val.patch $(3RDP_ROOT)$(DIRSEP)build/cl-no-odbc.patch $(3RDP_ROOT)$(DIRSEP)build/cl-noasm-defines.patch $(3RDP_ROOT)$(DIRSEP)build/cl-bn-noasm64-fix.patch $(3RDP_ROOT)$(DIRSEP)build/cl-no-RSA-suites.patch $(3RDP_ROOT)$(DIRSEP)build/cl-fix-ECC-RSA.patch $(3RDP_ROOT)$(DIRSEP)build/cl-prefer-ECC.patch $(3RDP_ROOT)$(DIRSEP)build/cl-prefer-ECC-harder.patch $(3RDP_ROOT)$(DIRSEP)build/cl-more-RSA-ECC-fixes.patch $(3RDP_ROOT)$(DIRSEP)build/cl-DH-key-init.patch $(3RDP_ROOT)$(DIRSEP)build/cl-clear-GCM-flag.patch $(3RDP_ROOT)$(DIRSEP)build/cl-use-ssh-ctr.patch $(3RDP_ROOT)$(DIRSEP)build/cl-ssh-list-ctr-modes.patch $(3RDP_ROOT)$(DIRSEP)build/cl-ssh-incCtr.patch $(3RDP_ROOT)$(DIRSEP)build/cl-ssl-suite-blocksizes.patch $(3RDP_ROOT)$(DIRSEP)build/cl-no-tpm.patch $(3RDP_ROOT)$(DIRSEP)build/cl-no-via-aes.patch $(3RDP_ROOT)$(DIRSEP)build/cl-fix-ssh-ecc-ephemeral.patch $(3RDP_ROOT)$(DIRSEP)/build/cl-just-use-cc.patch $(3RDP_ROOT)$(DIRSEP)/build/cl-learn-numbers.patch $(3RDP_ROOT)$(DIRSEP)/build/cl-no-safe-stack.patch $(3RDP_ROOT)$(DIRSEP)/build/cl-allow-pkcs12.patch $(3RDP_ROOT)$(DIRSEP)/build/cl-uint64_t-redefine.patch $(3RDP_ROOT)$(DIRSEP)/build/cl-random-openbsd.patch $(3RDP_ROOT)$(DIRSEP)/build/cl-openbsd-threads.patch | $(CRYPT_SRC) $(CRYPT_IDIR)
$(CRYPTLIB_BUILD): $(3RDP_ROOT)$(DIRSEP)dist/cryptlib.zip $(3RDP_ROOT)$(DIRSEP)build/terminal-params.patch $(3RDP_ROOT)$(DIRSEP)build/cl-mingw32-static.patch $(3RDP_ROOT)$(DIRSEP)build/cl-ranlib.patch $(3RDP_ROOT)$(DIRSEP)build/cl-win32-noasm.patch $(3RDP_ROOT)$(DIRSEP)build/cl-zz-country.patch $(3RDP_ROOT)$(DIRSEP)build/cl-algorithms.patch $(3RDP_ROOT)$(DIRSEP)build/cl-allow-duplicate-ext.patch $(3RDP_ROOT)$(DIRSEP)build/cl-macosx-minver.patch $(3RDP_ROOT)$(DIRSEP)build/cl-endian.patch $(3RDP_ROOT)$(DIRSEP)build/cl-cryptodev.patch $(3RDP_ROOT)$(DIRSEP)build/cl-posix-me-gently.patch $(3RDP_ROOT)$(DIRSEP)build/cl-tpm-linux.patch $(3RDP_ROOT)$(DIRSEP)build/cl-PAM-noprompts.patch $(3RDP_ROOT)$(DIRSEP)build/cl-zlib.patch $(3RDP_ROOT)$(DIRSEP)build/Dynamic-linked-static-lib.patch $(3RDP_ROOT)$(DIRSEP)build/SSL-fix.patch $(3RDP_ROOT)$(DIRSEP)build/cl-bigger-maxattribute.patch $(3RDP_ROOT)$(DIRSEP)build/cl-vcxproj.patch $(3RDP_ROOT)$(DIRSEP)build/cl-mingw-vcver.patch $(3RDP_ROOT)$(DIRSEP)build/cl-win32-build-fix.patch $(3RDP_ROOT)$(DIRSEP)build/cl-gcc-non-const-time-val.patch $(3RDP_ROOT)$(DIRSEP)build/cl-no-odbc.patch $(3RDP_ROOT)$(DIRSEP)build/cl-noasm-defines.patch $(3RDP_ROOT)$(DIRSEP)build/cl-bn-noasm64-fix.patch $(3RDP_ROOT)$(DIRSEP)build/cl-no-RSA-suites.patch $(3RDP_ROOT)$(DIRSEP)build/cl-fix-ECC-RSA.patch $(3RDP_ROOT)$(DIRSEP)build/cl-prefer-ECC.patch $(3RDP_ROOT)$(DIRSEP)build/cl-prefer-ECC-harder.patch $(3RDP_ROOT)$(DIRSEP)build/cl-more-RSA-ECC-fixes.patch $(3RDP_ROOT)$(DIRSEP)build/cl-DH-key-init.patch $(3RDP_ROOT)$(DIRSEP)build/cl-clear-GCM-flag.patch $(3RDP_ROOT)$(DIRSEP)build/cl-use-ssh-ctr.patch $(3RDP_ROOT)$(DIRSEP)build/cl-ssh-list-ctr-modes.patch $(3RDP_ROOT)$(DIRSEP)build/cl-ssh-incCtr.patch $(3RDP_ROOT)$(DIRSEP)build/cl-ssl-suite-blocksizes.patch $(3RDP_ROOT)$(DIRSEP)build/cl-no-tpm.patch $(3RDP_ROOT)$(DIRSEP)build/cl-no-via-aes.patch $(3RDP_ROOT)$(DIRSEP)build/cl-fix-ssh-ecc-ephemeral.patch $(3RDP_ROOT)$(DIRSEP)/build/cl-just-use-cc.patch $(3RDP_ROOT)$(DIRSEP)/build/cl-learn-numbers.patch $(3RDP_ROOT)$(DIRSEP)/build/cl-no-safe-stack.patch $(3RDP_ROOT)$(DIRSEP)/build/cl-allow-pkcs12.patch $(3RDP_ROOT)$(DIRSEP)/build/cl-uint64_t-redefine.patch $(3RDP_ROOT)$(DIRSEP)/build/cl-random-openbsd.patch $(3RDP_ROOT)$(DIRSEP)/build/cl-openbsd-threads.patch $(3RDP_ROOT)$(DIRSEP)/build/cl-allow-none-auth.patch | $(CRYPT_SRC) $(CRYPT_IDIR)
@echo Creating $@ ...
$(QUIET)-rm -rf $(CRYPT_SRC)/*
$(QUIET)unzip -oa $(3RDPDISTDIR)$(DIRSEP)cryptlib.zip -d $(CRYPT_SRC)
......@@ -131,6 +131,7 @@ $(CRYPTLIB_BUILD): $(3RDP_ROOT)$(DIRSEP)dist/cryptlib.zip $(3RDP_ROOT)$(DIRSEP)b
$(QUIET)patch -b -p0 -d $(CRYPT_SRC) < cl-uint64_t-redefine.patch
$(QUIET)patch -b -p0 -d $(CRYPT_SRC) < cl-random-openbsd.patch
$(QUIET)patch -b -p0 -d $(CRYPT_SRC) < cl-openbsd-threads.patch
$(QUIET)patch -b -p0 -d $(CRYPT_SRC) < cl-allow-none-auth.patch
ifeq ($(CC),mingw32-gcc)
$(QUIET)cd $(CRYPT_SRC) && env - PATH="$(PATH)" CC="$(CC)" AR="$(AR)" RANLIB="$(RANLIB)" make directories
$(QUIET)cd $(CRYPT_SRC) && env - PATH="$(PATH)" CC="$(CC)" AR="$(AR)" RANLIB="$(RANLIB)" make toolscripts
......
--- ../cl-old/cryptlib.h 2021-03-16 04:15:50.265534000 -0400
+++ ./cryptlib.h 2021-03-16 06:53:47.582168000 -0400
@@ -1215,6 +1215,7 @@
CRYPT_SESSINFO_SSH_CHANNEL_ARG1,/* SSH channel argument 1 */
CRYPT_SESSINFO_SSH_CHANNEL_ARG2,/* SSH channel argument 2 */
CRYPT_SESSINFO_SSH_CHANNEL_ACTIVE,/* SSH channel active */
+ CRYPT_SESSINFO_SSH_OPTIONS, /* SSH protocol options */
CRYPT_SESSINFO_SSL_OPTIONS, /* SSL/TLS protocol options */
CRYPT_SESSINFO_SSL_SUBPROTOCOL, /* SSL/TLS additional sub-protocol */
CRYPT_SESSINFO_SSL_WSPROTOCOL, /* SSL/TLS WebSockets sub-protocol */
@@ -1680,6 +1681,14 @@
#define CRYPT_SSLOPTION_SUITEB_256 0x200 /* vanish in future releases) */
#ifdef _CRYPT_DEFINED
#define CRYPT_SSLOPTION_MAX 0x7F /* Defines for range checking */
+#endif /* _CRYPT_DEFINED */
+
+/* SSH protocol options. */
+
+#define CRYPT_SSHOPTION_NONE 0x000
+#define CRYPT_SSHOPTION_NONE_AUTH 0x001 /* Try none authentication */
+#ifdef _CRYPT_DEFINED
+#define CRYPT_SSHOPTION_MAX 0x01 /* Defines for range checking */
#endif /* _CRYPT_DEFINED */
/****************************************************************************
diff -ur ../cl-old/kernel/attr_acl.c ./kernel/attr_acl.c
--- ../cl-old/kernel/attr_acl.c 2021-03-16 04:15:50.398060000 -0400
+++ ./kernel/attr_acl.c 2021-03-16 06:53:47.606473000 -0400
@@ -3731,6 +3731,12 @@
ST_NONE, ST_NONE, ST_SESS_SSH | ST_SESS_SSH_SVR,
MKPERM_SSH_EXT( RWx_xxx ),
ROUTE( OBJECT_TYPE_SESSION ) ),
+ MKACL_N( /* SSH protocol options */
+ CRYPT_SESSINFO_SSH_OPTIONS,
+ ST_NONE, ST_NONE, ST_SESS_SSH,
+ MKPERM_SSH_EXT( Rxx_RWx ),
+ ROUTE( OBJECT_TYPE_SESSION ),
+ RANGE( CRYPT_SSHOPTION_NONE, CRYPT_SSHOPTION_MAX ) ),
MKACL_N( /* SSL/TLS protocol options */
CRYPT_SESSINFO_SSL_OPTIONS,
@@ -4653,7 +4659,7 @@
static_assert( CRYPT_CERTINFO_FIRST_EXTENSION == 2200, "Attribute value" );
static_assert( CRYPT_CERTINFO_FIRST_CMS == 2500, "Attribute value" );
static_assert( CRYPT_SESSINFO_FIRST_SPECIFIC == 6016, "Attribute value" );
- static_assert( CRYPT_SESSINFO_LAST_SPECIFIC == 6031, "Attribute value" );
+ static_assert( CRYPT_SESSINFO_LAST_SPECIFIC == 6032, "Attribute value" );
static_assert( CRYPT_CERTFORMAT_LAST == 12, "Attribute value" );
/* Perform a consistency check on the attribute ACLs. The ACLs are
diff -ur ../cl-old/session/ssh.c ./session/ssh.c
--- ../cl-old/session/ssh.c 2021-03-16 04:15:50.257467000 -0400
+++ ./session/ssh.c 2021-03-16 06:53:47.638940000 -0400
@@ -980,6 +980,18 @@
type == CRYPT_SESSINFO_SSH_CHANNEL_ARG2 || \
type == CRYPT_SESSINFO_SSH_CHANNEL_ACTIVE );
+ if( type == CRYPT_SESSINFO_SSH_OPTIONS )
+ {
+ int *valuePtr = ( int * ) data;
+
+ *valuePtr = CRYPT_SSHOPTION_NONE;
+ if( TEST_FLAG( sessionInfoPtr->protocolFlags,
+ SSH_PFLAG_DUMMYUSERAUTH ) )
+ *valuePtr |= CRYPT_SSHOPTION_NONE_AUTH;
+
+ return( CRYPT_OK );
+ }
+
if( type == CRYPT_SESSINFO_SSH_CHANNEL || \
type == CRYPT_SESSINFO_SSH_CHANNEL_ACTIVE )
{
@@ -1010,11 +1022,13 @@
type == CRYPT_SESSINFO_SSH_CHANNEL_TYPE || \
type == CRYPT_SESSINFO_SSH_CHANNEL_ARG1 || \
type == CRYPT_SESSINFO_SSH_CHANNEL_ARG2 || \
+ type == CRYPT_SESSINFO_SSH_OPTIONS || \
type == CRYPT_SESSINFO_SSH_CHANNEL_ACTIVE );
/* Get the data value if it's an integer parameter */
if( type == CRYPT_SESSINFO_SSH_CHANNEL || \
- type == CRYPT_SESSINFO_SSH_CHANNEL_ACTIVE )
+ type == CRYPT_SESSINFO_SSH_CHANNEL_ACTIVE || \
+ type == CRYPT_SESSINFO_SSH_OPTIONS)
value = *( ( int * ) data );
/* If we're selecting a channel and there's unwritten data from a
@@ -1038,6 +1052,13 @@
return( createChannel( sessionInfoPtr ) );
}
+ if( type == CRYPT_SESSINFO_SSH_OPTIONS )
+ {
+ if (value & CRYPT_SSHOPTION_NONE_AUTH)
+ SET_FLAG( sessionInfoPtr->protocolFlags, SSH_PFLAG_DUMMYUSERAUTH );
+ return( CRYPT_OK );
+ }
+
/* If we 're setting the channel-active attribute, this implicitly
activates or deactivates the channel rather than setting any
attribute value */
@@ -1165,8 +1186,6 @@
SESSION_FLAG_NONE, /* Flags */
SSH_PORT, /* SSH port */
SESSION_NEEDS_USERID | /* Client attributes */
- SESSION_NEEDS_PASSWORD | \
- SESSION_NEEDS_KEYORPASSWORD | \
SESSION_NEEDS_PRIVKEYSIGN,
/* The client private key is optional, but if present it has
to be signature-capable */
diff -ur ../cl-old/session/ssh2_authc.c ./session/ssh2_authc.c
--- ../cl-old/session/ssh2_authc.c 2021-03-16 04:15:50.264206000 -0400
+++ ./session/ssh2_authc.c 2021-03-16 07:46:47.873769000 -0400
@@ -315,13 +315,22 @@
assert( isWritePtr( authAlgo, sizeof( CRYPT_ALGO_TYPE ) ) );
assert( isWritePtr( furtherAuthRequired, sizeof( BOOLEAN ) ) );
- REQUIRES( isShortIntegerRangeNZ( length ) );
REQUIRES( usedPasswordAuth == TRUE || usedPasswordAuth == FALSE );
/* Clear return values */
*authAlgo = CRYPT_ALGO_NONE;
*furtherAuthRequired = FALSE;
+ if (length == 0 && GET_FLAG( sessionInfoPtr->protocolFlags, SSH_PFLAG_DUMMYUSERAUTH ) && !usedPasswordAuth)
+ {
+ CLEAR_FLAG( sessionInfoPtr->protocolFlags, SSH_PFLAG_DUMMYUSERAUTH );
+ *furtherAuthRequired = TRUE;
+ *authAlgo = CRYPT_PSEUDOALGO_PASSWORD;
+ return( CRYPT_OK );
+ }
+
+ REQUIRES( isShortIntegerRangeNZ( length ) );
+
/* Before we can try and interpret the response, we have to check for an
empty response */
if( length >= LENGTH_SIZE && \
@@ -647,6 +656,8 @@
SSH_MSG_USERAUTH_REQUEST );
if( cryptStatusError( status ) )
return( status );
+ if (passwordPtr == NULL && GET_FLAG( sessionInfoPtr->protocolFlags, SSH_PFLAG_DUMMYUSERAUTH ))
+ return( OK_SPECIAL );
if( usePasswordAuth )
{
/* byte type = SSH_MSG_USERAUTH_REQUEST
@@ -1220,6 +1231,11 @@
auth required */
if( !hasPassword )
{
+ if (length == 0)
+ {
+ return( reportAuthFailure( sessionInfoPtr, CRYPT_PSEUDOALGO_PASSWORD,
+ requiredAuthAlgo, TRUE ) );
+ }
return( reportAuthFailure( sessionInfoPtr, CRYPT_ALGO_RSA,
requiredAuthAlgo, TRUE ) );
}
......@@ -966,10 +966,18 @@ int edit_list(struct bbslist **list, struct bbslist *item,char *listpath,int isd
fc_str(opt[i++], item->flow_control);
else if (item->conn_type != CONN_TYPE_SHELL)
sprintf(opt[i++], "TCP Port %hu",item->port);
printf_trunc(opt[i], sizeof(opt[i]), "Username %s",item->user);
i++;
sprintf(opt[i++], "Password %s",item->password[0]?"********":"<none>");
sprintf(opt[i++], "System Password %s",item->syspass[0]?"********":"<none>");
if (item->conn_type == CONN_TYPE_SSHNA) {
printf_trunc(opt[i], sizeof(opt[i]), "SSH Username %s",item->user);
i++;
sprintf(opt[i++], "BBS Username %s",item->password);
sprintf(opt[i++], "BBS Password %s",item->syspass[0]?"********":"<none>");
}
else {
printf_trunc(opt[i], sizeof(opt[i]), "Username %s",item->user);
i++;
sprintf(opt[i++], "Password %s",item->password[0]?"********":"<none>");
sprintf(opt[i++], "System Password %s",item->syspass[0]?"********":"<none>");
}
sprintf(opt[i++], "Screen Mode %s",screen_modes[item->screen_mode]);
sprintf(opt[i++], "Hide Status Line %s",item->nostatus?"Yes":"No");
printf_trunc(opt[i], sizeof(opt[i]), "Download Path %s", item->dldir);
......@@ -1179,27 +1187,45 @@ int edit_list(struct bbslist **list, struct bbslist *item,char *listpath,int isd
}
break;
case 4:
uifc.helpbuf= "`Username`\n\n"
"Enter the username to attempt auto-login to the remote with.\n"
"For SSH, this must be the SSH user name.";
if (item->conn_type == CONN_TYPE_SSHNA) {
uifc.helpbuf= "`SSH Username`\n\n"
"Enter the username for passwordless SSH authentication.";
}
else {
uifc.helpbuf= "`Username`\n\n"
"Enter the username to attempt auto-login to the remote with.\n"
"For SSH, this must be the SSH user name.";
}
uifc.input(WIN_MID|WIN_SAV,0,0,"Username",item->user,MAX_USER_LEN,K_EDIT);
check_exit(FALSE);
iniSetString(&inifile,itemname,"UserName",item->user,&ini_style);
break;
case 5:
uifc.helpbuf= "`Password`\n\n"
"Enter your password for auto-login.\n"
"For SSH, this must be the SSH password if it exists.\n";
if (item->conn_type == CONN_TYPE_SSHNA) {
uifc.helpbuf= "`BBS Username`\n\n"
"Enter the username to be sent for auto-login (ALT-L).";
}
else {
uifc.helpbuf= "`Password`\n\n"
"Enter your password for auto-login.\n"
"For SSH, this must be the SSH password if it exists.\n";
}
uifc.input(WIN_MID|WIN_SAV,0,0,"Password",item->password,MAX_PASSWD_LEN,K_EDIT);
check_exit(FALSE);
iniSetString(&inifile,itemname,"Password",item->password,&ini_style);
break;
case 6:
uifc.helpbuf= "`System Password`\n\n"
"Enter your System password for auto-login.\n"
"This password is sent after the username and password, so for non-\n"
"Synchronet, or non-sysop accounts, this can be used for simple\n"
"scripting.";
if (item->conn_type == CONN_TYPE_SSHNA) {
uifc.helpbuf= "`BBS Password`\n\n"
"Enter your password for auto-login. (ALT-L)\n";
}
else {
uifc.helpbuf= "`System Password`\n\n"
"Enter your System password for auto-login.\n"
"This password is sent after the username and password, so for non-\n"
"Synchronet, or non-sysop accounts, this can be used for simple\n"
"scripting.";
}
uifc.input(WIN_MID|WIN_SAV,0,0,"System Password",item->syspass,MAX_SYSPASS_LEN,K_EDIT);
check_exit(FALSE);
iniSetString(&inifile,itemname,"SystemPassword",item->syspass,&ini_style);
......@@ -1217,6 +1243,18 @@ int edit_list(struct bbslist **list, struct bbslist *item,char *listpath,int isd
item->conn_type++;
iniSetEnum(&inifile,itemname,"ConnectionType",conn_types_enum,item->conn_type,&ini_style);
// TODO: NOTE: This is destructive! Beware! Ooooooo....
if (i == CONN_TYPE_SSHNA && item->conn_type != CONN_TYPE_SSHNA) {
SAFECOPY(item->user, item->password);
SAFECOPY(item->password, item->syspass);
item->syspass[0] = 0;
}
if (i != CONN_TYPE_SSHNA && item->conn_type == CONN_TYPE_SSHNA) {
SAFECOPY(item->syspass, item->password);
SAFECOPY(item->password, item->user);
item->user[0] = 0;
}
if(item->conn_type!=CONN_TYPE_MODEM && item->conn_type!=CONN_TYPE_SERIAL
&& item->conn_type!=CONN_TYPE_SHELL
) {
......
......@@ -45,9 +45,9 @@
#include "conn_telnet.h"
struct conn_api conn_api;
char *conn_types_enum[]={"Unknown","RLogin","RLoginReversed","Telnet","Raw","SSH","Modem","Serial","Shell","MBBSGhost","TelnetS", NULL};
char *conn_types[]={"Unknown","RLogin","RLogin Reversed","Telnet","Raw","SSH","Modem","Serial","Shell","MBBS GHost","TelnetS",NULL};
short unsigned int conn_ports[]={0,513,513,23,0,22,0,0,0,65535,992,0};
char *conn_types_enum[]={"Unknown","RLogin","RLoginReversed","Telnet","Raw","SSH","SSHNA","Modem","Serial","Shell","MBBSGhost","TelnetS", NULL};
char *conn_types[]={"Unknown","RLogin","RLogin Reversed","Telnet","Raw","SSH","SSH (no auth)","Modem","Serial","Shell","MBBS GHost","TelnetS",NULL};
short unsigned int conn_ports[]={0,513,513,23,0,22,22,0,0,0,65535,992,0};
struct conn_buffer conn_inbuf;
struct conn_buffer conn_outbuf;
......@@ -367,6 +367,7 @@ int conn_connect(struct bbslist *bbs)
conn_api.binary_mode_on=telnet_binary_mode_on;
conn_api.binary_mode_off=telnet_binary_mode_off;
break;
case CONN_TYPE_SSHNA:
case CONN_TYPE_SSH:
conn_api.connect=ssh_connect;
conn_api.close=ssh_close;
......
......@@ -21,6 +21,7 @@ enum {
,CONN_TYPE_TELNET
,CONN_TYPE_RAW
,CONN_TYPE_SSH
,CONN_TYPE_SSHNA
,CONN_TYPE_MODEM
,CONN_TYPE_SERIAL
,CONN_TYPE_SHELL
......
......@@ -229,26 +229,41 @@ int ssh_connect(struct bbslist *bbs)
if (!bbs->hidepopups)
uifc.pop(NULL);
if(!password[0]) {
if (bbs->hidepopups)
init_uifc(FALSE, FALSE);
uifcinput("Password",MAX_PASSWD_LEN,password,K_PASSWORD,"Incorrect password. Try again.");
if (bbs->hidepopups)
uifcbail();
if (bbs->conn_type == CONN_TYPE_SSHNA) {
status = cl.SetAttribute(ssh_session, CRYPT_SESSINFO_SSH_OPTIONS, CRYPT_SSHOPTION_NONE_AUTH);
if(cryptStatusError(status)) {
char str[1024];
sprintf(str,"Error %d disabling password auth",status);
if (!bbs->hidepopups)
uifcmsg("Error disabling password auth",str);
conn_api.terminate=1;
if (!bbs->hidepopups)
uifc.pop(NULL);
return(-1);
}
}
else {
if(!password[0]) {
if (bbs->hidepopups)
init_uifc(FALSE, FALSE);
uifcinput("Password",MAX_PASSWD_LEN,password,K_PASSWORD,"Incorrect password. Try again.");
if (bbs->hidepopups)
uifcbail();
}
if (!bbs->hidepopups)
uifc.pop("Setting Password");
status=cl.SetAttributeString(ssh_session, CRYPT_SESSINFO_PASSWORD, password, strlen(password));
if(cryptStatusError(status)) {
char str[1024];
sprintf(str,"Error %d setting password",status);
if (!bbs->hidepopups)
uifcmsg("Error setting password",str);
conn_api.terminate=1;
if (!bbs->hidepopups)
uifc.pop(NULL);
return(-1);
uifc.pop("Setting Password");
status=cl.SetAttributeString(ssh_session, CRYPT_SESSINFO_PASSWORD, password, strlen(password));
if(cryptStatusError(status)) {
char str[1024];
sprintf(str,"Error %d setting password",status);
if (!bbs->hidepopups)
uifcmsg("Error setting password",str);
conn_api.terminate=1;
if (!bbs->hidepopups)
uifc.pop(NULL);
return(-1);
}
}
if (!bbs->hidepopups) {
......
......@@ -49,6 +49,7 @@ int init_crypt(void)
cl.SetAttributeString=cryptSetAttributeString;
cl.DestroySession=cryptDestroySession;
cl.AddRandom=cryptAddRandom;
cl.DeleteAttribute=cryptDeleteAttribute;
#else
cryptlib=xp_dlopen(libnames,RTLD_LAZY, CRYPTLIB_VERSION/1000);
if(cryptlib==NULL)
......@@ -101,6 +102,10 @@ int init_crypt(void)
xp_dlclose(cryptlib);
return(-1);
}
if((cl.DeleteAttribute=xp_dlsym(cryptlib,cryptDeleteAttribute))==NULL) {
xp_dlclose(cryptlib);
return(-1);
}
#endif
if(cryptStatusOK(cl.Init())) {
if(cryptStatusOK(cl.AddRandom(NULL, CRYPT_RANDOM_SLOWPOLL))) {
......
......@@ -37,6 +37,8 @@ struct crypt_funcs {
C_IN void C_PTR value, C_IN int valueLength );
int (*DestroySession)( C_IN CRYPT_SESSION session );
int (*AddRandom)( C_IN void C_PTR randomData, C_IN int randomDataLength );
int (*DeleteAttribute)( C_IN CRYPT_HANDLE cryptHandle,
C_IN CRYPT_ATTRIBUTE_TYPE attributeType);
};
#endif
......
......@@ -2824,10 +2824,12 @@ BOOL doterm(struct bbslist *bbs)
break;
case 0x2600: /* ALT-L */
if(bbs->conn_type != CONN_TYPE_RLOGIN && bbs->conn_type != CONN_TYPE_RLOGIN_REVERSED && bbs->conn_type != CONN_TYPE_SSH) {
if(bbs->user[0]) {
conn_send(bbs->user,strlen(bbs->user),0);
conn_send(cterm->emulation==CTERM_EMULATION_ATASCII?"\x9b":"\r",1,0);
SLEEP(10);
if (bbs->conn_type != CONN_TYPE_SSHNA) {
if(bbs->user[0]) {
conn_send(bbs->user,strlen(bbs->user),0);
conn_send(cterm->emulation==CTERM_EMULATION_ATASCII?"\x9b":"\r",1,0);
SLEEP(10);
}
}
if(bbs->password[0]) {
conn_send(bbs->password,strlen(bbs->password),0);
......