diff options
author | Aris Adamantiadis <aris@0xbadc0de.be> | 2010-01-25 23:23:01 +0100 |
---|---|---|
committer | Aris Adamantiadis <aris@0xbadc0de.be> | 2010-01-25 23:23:01 +0100 |
commit | e7b74c57f30c097f78c42dde0726825941b906a2 (patch) | |
tree | c98fa084f181a9e8bd37b014e834df8b8ab9fb32 /libssh | |
parent | cfdd4296a8cec84ee31f4af996126b4a47cb8bc9 (diff) | |
download | libssh-e7b74c57f30c097f78c42dde0726825941b906a2.tar.gz libssh-e7b74c57f30c097f78c42dde0726825941b906a2.tar.xz libssh-e7b74c57f30c097f78c42dde0726825941b906a2.zip |
Hacked SSH1 to get past authentication
Also resolved some bugs that may impact 0.4. need to check
Diffstat (limited to 'libssh')
-rw-r--r-- | libssh/auth.c | 8 | ||||
-rw-r--r-- | libssh/auth1.c | 36 | ||||
-rw-r--r-- | libssh/client.c | 5 | ||||
-rw-r--r-- | libssh/packet1.c | 3 |
4 files changed, 37 insertions, 15 deletions
diff --git a/libssh/auth.c b/libssh/auth.c index aea7b60b..b89f57d0 100644 --- a/libssh/auth.c +++ b/libssh/auth.c @@ -234,7 +234,11 @@ int ssh_auth_list(ssh_session session) { if (session == NULL) { return -1; } - +#ifdef WITH_SSH1 + if(session->version==1){ + return SSH_AUTH_METHOD_PASSWORD; + } +#endif return session->auth_methods; } @@ -275,7 +279,7 @@ int ssh_userauth_none(ssh_session session, const char *username) { #ifdef WITH_SSH1 if (session->version == 1) { - ssh_userauth1_none(session, username); + rc = ssh_userauth1_none(session, username); leave_function(); return rc; } diff --git a/libssh/auth1.c b/libssh/auth1.c index 6189f3ec..3571d76d 100644 --- a/libssh/auth1.c +++ b/libssh/auth1.c @@ -35,9 +35,12 @@ #ifdef WITH_SSH1 static int wait_auth1_status(ssh_session session) { + enter_function(); /* wait for a packet */ while(session->auth_state == SSH_AUTH_STATE_NONE) ssh_handle_packets(session,-1); + ssh_log(session,SSH_LOG_PROTOCOL,"Auth state : %d",session->auth_state); + leave_function(); switch(session->auth_state) { case SSH_AUTH_STATE_SUCCESS: return SSH_AUTH_SUCCESS; @@ -64,10 +67,11 @@ static int send_username(ssh_session session, const char *username) { ssh_string user = NULL; /* returns SSH_AUTH_SUCCESS or SSH_AUTH_DENIED */ if(session->auth_service_state == SSH_AUTH_SERVICE_USER_SENT) { - return SSH_OK; - } - if(session->auth_service_state == SSH_AUTH_SERVICE_DENIED) { - return SSH_ERROR; + if(session->auth_state == SSH_AUTH_STATE_FAILED) + return SSH_AUTH_DENIED; + if(session->auth_state == SSH_AUTH_STATE_SUCCESS) + return SSH_AUTH_SUCCESS; + return SSH_AUTH_ERROR; } if (!username) { @@ -94,16 +98,19 @@ static int send_username(ssh_session session, const char *username) { return SSH_AUTH_ERROR; } string_free(user); + session->auth_state=SSH_AUTH_STATE_NONE; if (packet_send(session) != SSH_OK) { return SSH_AUTH_ERROR; } if(wait_auth1_status(session) == SSH_AUTH_SUCCESS){ - session->auth_state=SSH_AUTH_SERVICE_USER_SENT; + session->auth_service_state=SSH_AUTH_SERVICE_USER_SENT; + session->auth_state=SSH_AUTH_STATE_SUCCESS; return SSH_AUTH_SUCCESS; } else { - session->auth_state=SSH_AUTH_SERVICE_DENIED; - return SSH_AUTH_ERROR; + session->auth_service_state=SSH_AUTH_SERVICE_USER_SENT; + ssh_set_error(session,SSH_REQUEST_DENIED,"Password authentication necessary for user %s",username); + return SSH_AUTH_DENIED; } } @@ -122,6 +129,8 @@ int ssh_userauth1_offer_pubkey(ssh_session session, const char *username, (void) username; (void) type; (void) pubkey; + enter_function(); + leave_function(); return SSH_AUTH_DENIED; } @@ -129,9 +138,10 @@ int ssh_userauth1_password(ssh_session session, const char *username, const char *password) { ssh_string pwd = NULL; int rc; - + enter_function(); rc = send_username(session, username); if (rc != SSH_AUTH_DENIED) { + leave_function(); return rc; } @@ -146,6 +156,7 @@ int ssh_userauth1_password(ssh_session session, const char *username, /* not risky to disclose the size of such a big password .. */ pwd = string_from_char(password); if (pwd == NULL) { + leave_function(); return SSH_AUTH_ERROR; } } else { @@ -157,6 +168,7 @@ int ssh_userauth1_password(ssh_session session, const char *username, */ pwd = string_new(128); if (pwd == NULL) { + leave_function(); return SSH_AUTH_ERROR; } ssh_get_random( pwd->string, 128, 0); @@ -166,11 +178,13 @@ int ssh_userauth1_password(ssh_session session, const char *username, if (buffer_add_u8(session->out_buffer, SSH_CMSG_AUTH_PASSWORD) < 0) { string_burn(pwd); string_free(pwd); + leave_function(); return SSH_AUTH_ERROR; } if (buffer_add_ssh_string(session->out_buffer, pwd) < 0) { string_burn(pwd); string_free(pwd); + leave_function(); return SSH_AUTH_ERROR; } @@ -178,10 +192,12 @@ int ssh_userauth1_password(ssh_session session, const char *username, string_free(pwd); session->auth_state=SSH_AUTH_STATE_NONE; if (packet_send(session) != SSH_OK) { + leave_function(); return SSH_AUTH_ERROR; } - - return wait_auth1_status(session); + rc = wait_auth1_status(session); + leave_function(); + return rc; } #endif /* WITH_SSH1 */ diff --git a/libssh/client.c b/libssh/client.c index b24bd849..cf154538 100644 --- a/libssh/client.c +++ b/libssh/client.c @@ -697,14 +697,15 @@ int ssh_connect(ssh_session session) { session->alive = 1; ssh_log(session,SSH_LOG_PROTOCOL,"Socket connecting, now waiting for the callbacks to work"); while(session->session_state != SSH_SESSION_STATE_ERROR && - session->session_state != SSH_SESSION_STATE_AUTHENTICATING){ + session->session_state != SSH_SESSION_STATE_AUTHENTICATING && + session->session_state != SSH_SESSION_STATE_DISCONNECTED){ /* loop until SSH_SESSION_STATE_BANNER_RECEIVED or * SSH_SESSION_STATE_ERROR */ ssh_handle_packets(session,-1); ssh_log(session,SSH_LOG_PACKET,"ssh_connect: Actual state : %d",session->session_state); } leave_function(); - if(session->session_state == SSH_SESSION_STATE_ERROR) + if(session->session_state == SSH_SESSION_STATE_ERROR || session->session_state == SSH_SESSION_STATE_DISCONNECTED) return SSH_ERROR; return SSH_OK; } diff --git a/libssh/packet1.c b/libssh/packet1.c index ec4f99cb..7a68c121 100644 --- a/libssh/packet1.c +++ b/libssh/packet1.c @@ -73,7 +73,7 @@ ssh_packet_callback default_packet_handlers1[]= { * @brief sets the default packet handlers */ void ssh_packet_set_default_callbacks1(ssh_session session){ - session->default_packet_callbacks.start=1; + session->default_packet_callbacks.start=0; session->default_packet_callbacks.n_callbacks=sizeof(default_packet_handlers1)/sizeof(ssh_packet_callback); session->default_packet_callbacks.user=session; session->default_packet_callbacks.callbacks=default_packet_handlers1; @@ -327,6 +327,7 @@ SSH_PACKET_CALLBACK(ssh_packet_disconnect1){ ssh_set_error(session, SSH_FATAL, "Received SSH_MSG_DISCONNECT"); ssh_socket_close(session->socket); session->alive = 0; + session->session_state=SSH_SESSION_STATE_DISCONNECTED; return SSH_PACKET_USED; } |