diff options
| author | cinap_lenrek <cinap_lenrek@felloff.net> | 2017-04-20 23:45:56 +0200 |
|---|---|---|
| committer | cinap_lenrek <cinap_lenrek@felloff.net> | 2017-04-20 23:45:56 +0200 |
| commit | 9c50712d64a5b58cd67970a58702138ddcd31e8d (patch) | |
| tree | 639c48d123d68c022f9ce161e9d34aad55891e29 /sys/src/cmd/ssh.c | |
| parent | 2e714ffe7c3dd2d0a449622189df4efc69a9adba (diff) | |
ssh: do not try authentication methods that we know are not possible
Diffstat (limited to 'sys/src/cmd/ssh.c')
| -rw-r--r-- | sys/src/cmd/ssh.c | 50 |
1 files changed, 46 insertions, 4 deletions
diff --git a/sys/src/cmd/ssh.c b/sys/src/cmd/ssh.c index 088bc170e..276fd4abe 100644 --- a/sys/src/cmd/ssh.c +++ b/sys/src/cmd/ssh.c @@ -617,6 +617,31 @@ Next2: switch(recvpkt()){ setupChachastate(&recv.cs2, k12+0*ChachaKeylen, ChachaKeylen, nil, 64/8, 20); } +static char *authnext; + +int +authok(char *meth) +{ + if(authnext == nil || strstr(authnext, meth) != nil) + return 1; + return 0; +} + +int +authfailure(char *meth) +{ + char *s; + int n, partial; + + if(unpack(recv.r, recv.w-recv.r, "_sb", &s, &n, &partial) < 0) + sysfatal("bad auth failure response"); + free(authnext); + authnext = smprint("%.*s", n, s); +if(debug) + fprint(2, "userauth %s failed: partial=%d, next=%s\n", meth, partial, authnext); + return partial != 0 || !authok(meth); +} + int pubkeyauth(void) { @@ -631,6 +656,9 @@ pubkeyauth(void) AuthRpc *rpc; RSApub *pub; + if(!authok(authmeth)) + return -1; + if(debug) fprint(2, "%s...\n", authmeth); @@ -674,6 +702,8 @@ Next1: switch(recvpkt()){ dispatch(); goto Next1; case MSG_USERAUTH_FAILURE: + if(authfailure(authmeth)) + goto Failed; continue; case MSG_USERAUTH_SUCCESS: case MSG_USERAUTH_PK_OK: @@ -717,6 +747,8 @@ Next2: switch(recvpkt()){ dispatch(); goto Next2; case MSG_USERAUTH_FAILURE: + if(authfailure(authmeth)) + goto Failed; continue; case MSG_USERAUTH_SUCCESS: break; @@ -726,6 +758,7 @@ Next2: switch(recvpkt()){ close(afd); return 0; } +Failed: rsapubfree(pub); auth_freerpc(rpc); close(afd); @@ -738,6 +771,9 @@ passauth(void) static char authmeth[] = "password"; UserPasswd *up; + if(!authok(authmeth)) + return -1; + if(debug) fprint(2, "%s...\n", authmeth); @@ -761,7 +797,8 @@ Next0: switch(recvpkt()){ dispatch(); goto Next0; case MSG_USERAUTH_FAILURE: - werrstr("%s authentication failed", authmeth); + werrstr("wrong password"); + authfailure(authmeth); return -1; case MSG_USERAUTH_SUCCESS: return 0; @@ -778,6 +815,9 @@ kbintauth(void) int nquest, echo; uchar *ans, *answ; + if(!authok(authmeth)) + return -1; + if(debug) fprint(2, "%s...\n", authmeth); @@ -793,14 +833,14 @@ Next0: switch(recvpkt()){ dispatch(); goto Next0; case MSG_USERAUTH_FAILURE: - werrstr("%s authentication failed", authmeth); + authfailure(authmeth); return -1; case MSG_USERAUTH_SUCCESS: return 0; case MSG_USERAUTH_INFO_REQUEST: break; } - +Retry: if((fd = open("/dev/cons", OWRITE)) < 0) return -1; @@ -850,8 +890,10 @@ Next1: switch(recvpkt()){ default: dispatch(); goto Next1; + case MSG_USERAUTH_INFO_REQUEST: + goto Retry; case MSG_USERAUTH_FAILURE: - werrstr("%s authentication failed", authmeth); + authfailure(authmeth); return -1; case MSG_USERAUTH_SUCCESS: return 0; |