From bbe48a78517b0861158c5116bfc0aa0fdd9bdb38 Mon Sep 17 00:00:00 2001 From: Matt Johnston Date: Tue, 3 Aug 2004 17:26:56 +0000 Subject: Pubkey auth is mostly there for the client. Something strange with remote hostkey verification though. --- cli-auth.c | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) (limited to 'cli-auth.c') diff --git a/cli-auth.c b/cli-auth.c index 549349e..98e2e99 100644 --- a/cli-auth.c +++ b/cli-auth.c @@ -7,7 +7,6 @@ #include "packet.h" #include "runopts.h" -#undef DROPBEAR_PUBKEY_AUTH void cli_authinitialise() { @@ -30,7 +29,6 @@ void cli_auth_getmethods() { buf_putstring(ses.writepayload, "none", 4); /* 'none' method */ encrypt_packet(); - cli_ses.state = USERAUTH_METHODS_SENT; TRACE(("leave cli_auth_getmethods")); } @@ -88,6 +86,20 @@ void recv_msg_userauth_failure() { TRACE(("<- MSG_USERAUTH_FAILURE")); TRACE(("enter recv_msg_userauth_failure")); + if (cli_ses.state != USERAUTH_REQ_SENT) { + /* Perhaps we should be more fatal? */ + TRACE(("But we didn't send a userauth request!!!!!!")); + return; + } + +#ifdef DROPBEAR_PUBKEY_AUTH + /* If it was a pubkey auth request, we should cross that key + * off the list. */ + if (cli_ses.lastauthtype == AUTH_TYPE_PUBKEY) { + cli_pubkeyfail(); + } +#endif + methods = buf_getstring(ses.payload, &methlen); partial = buf_getbyte(ses.payload); @@ -154,12 +166,14 @@ void cli_auth_try() { #ifdef DROPBEAR_PUBKEY_AUTH if (ses.authstate.authtypes & AUTH_TYPE_PUBKEY) { finished = cli_auth_pubkey(); + cli_ses.lastauthtype = AUTH_TYPE_PUBKEY; } #endif #ifdef DROPBEAR_PASSWORD_AUTH if (!finished && ses.authstate.authtypes & AUTH_TYPE_PASSWORD) { finished = cli_auth_password(); + cli_ses.lastauthtype = AUTH_TYPE_PASSWORD; } #endif @@ -167,6 +181,5 @@ void cli_auth_try() { dropbear_exit("No auth methods could be used."); } - cli_ses.state = USERAUTH_REQ_SENT; TRACE(("leave cli_auth_try")); } -- cgit v1.2.1