mirror of
https://git.libssh.org/projects/libssh.git
synced 2026-02-04 12:20:42 +09:00
Hacked SSH1 to get past authentication
Also resolved some bugs that may impact 0.4. need to check
This commit is contained in:
Aris Adamantiadis
@@ -40,7 +40,8 @@ enum ssh_session_state_e {
|
||||
SSH_SESSION_STATE_DH,
|
||||
SSH_SESSION_STATE_AUTHENTICATING,
|
||||
SSH_SESSION_STATE_AUTHENTICATED,
|
||||
SSH_SESSION_STATE_ERROR
|
||||
SSH_SESSION_STATE_ERROR,
|
||||
SSH_SESSION_STATE_DISCONNECTED
|
||||
};
|
||||
|
||||
enum ssh_dh_state_e {
|
||||
|
||||
@@ -234,7 +234,11 @@ int ssh_auth_list(ssh_session session) {
|
||||
if (session == NULL) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
#ifdef WITH_SSH1
|
||||
if(session->version==1){
|
||||
return SSH_AUTH_METHOD_PASSWORD;
|
||||
}
|
||||
#endif
|
||||
return session->auth_methods;
|
||||
}
|
||||
|
||||
@@ -275,7 +279,7 @@ int ssh_userauth_none(ssh_session session, const char *username) {
|
||||
|
||||
#ifdef WITH_SSH1
|
||||
if (session->version == 1) {
|
||||
ssh_userauth1_none(session, username);
|
||||
rc = ssh_userauth1_none(session, username);
|
||||
leave_function();
|
||||
return rc;
|
||||
}
|
||||
|
||||
@@ -35,9 +35,12 @@
|
||||
|
||||
#ifdef WITH_SSH1
|
||||
static int wait_auth1_status(ssh_session session) {
|
||||
enter_function();
|
||||
/* wait for a packet */
|
||||
while(session->auth_state == SSH_AUTH_STATE_NONE)
|
||||
ssh_handle_packets(session,-1);
|
||||
ssh_log(session,SSH_LOG_PROTOCOL,"Auth state : %d",session->auth_state);
|
||||
leave_function();
|
||||
switch(session->auth_state) {
|
||||
case SSH_AUTH_STATE_SUCCESS:
|
||||
return SSH_AUTH_SUCCESS;
|
||||
@@ -64,10 +67,11 @@ static int send_username(ssh_session session, const char *username) {
|
||||
ssh_string user = NULL;
|
||||
/* returns SSH_AUTH_SUCCESS or SSH_AUTH_DENIED */
|
||||
if(session->auth_service_state == SSH_AUTH_SERVICE_USER_SENT) {
|
||||
return SSH_OK;
|
||||
}
|
||||
if(session->auth_service_state == SSH_AUTH_SERVICE_DENIED) {
|
||||
return SSH_ERROR;
|
||||
if(session->auth_state == SSH_AUTH_STATE_FAILED)
|
||||
return SSH_AUTH_DENIED;
|
||||
if(session->auth_state == SSH_AUTH_STATE_SUCCESS)
|
||||
return SSH_AUTH_SUCCESS;
|
||||
return SSH_AUTH_ERROR;
|
||||
}
|
||||
|
||||
if (!username) {
|
||||
@@ -94,16 +98,19 @@ static int send_username(ssh_session session, const char *username) {
|
||||
return SSH_AUTH_ERROR;
|
||||
}
|
||||
string_free(user);
|
||||
session->auth_state=SSH_AUTH_STATE_NONE;
|
||||
if (packet_send(session) != SSH_OK) {
|
||||
return SSH_AUTH_ERROR;
|
||||
}
|
||||
|
||||
if(wait_auth1_status(session) == SSH_AUTH_SUCCESS){
|
||||
session->auth_state=SSH_AUTH_SERVICE_USER_SENT;
|
||||
session->auth_service_state=SSH_AUTH_SERVICE_USER_SENT;
|
||||
session->auth_state=SSH_AUTH_STATE_SUCCESS;
|
||||
return SSH_AUTH_SUCCESS;
|
||||
} else {
|
||||
session->auth_state=SSH_AUTH_SERVICE_DENIED;
|
||||
return SSH_AUTH_ERROR;
|
||||
session->auth_service_state=SSH_AUTH_SERVICE_USER_SENT;
|
||||
ssh_set_error(session,SSH_REQUEST_DENIED,"Password authentication necessary for user %s",username);
|
||||
return SSH_AUTH_DENIED;
|
||||
}
|
||||
|
||||
}
|
||||
@@ -122,6 +129,8 @@ int ssh_userauth1_offer_pubkey(ssh_session session, const char *username,
|
||||
(void) username;
|
||||
(void) type;
|
||||
(void) pubkey;
|
||||
enter_function();
|
||||
leave_function();
|
||||
return SSH_AUTH_DENIED;
|
||||
}
|
||||
|
||||
@@ -129,9 +138,10 @@ int ssh_userauth1_password(ssh_session session, const char *username,
|
||||
const char *password) {
|
||||
ssh_string pwd = NULL;
|
||||
int rc;
|
||||
|
||||
enter_function();
|
||||
rc = send_username(session, username);
|
||||
if (rc != SSH_AUTH_DENIED) {
|
||||
leave_function();
|
||||
return rc;
|
||||
}
|
||||
|
||||
@@ -146,6 +156,7 @@ int ssh_userauth1_password(ssh_session session, const char *username,
|
||||
/* not risky to disclose the size of such a big password .. */
|
||||
pwd = string_from_char(password);
|
||||
if (pwd == NULL) {
|
||||
leave_function();
|
||||
return SSH_AUTH_ERROR;
|
||||
}
|
||||
} else {
|
||||
@@ -157,6 +168,7 @@ int ssh_userauth1_password(ssh_session session, const char *username,
|
||||
*/
|
||||
pwd = string_new(128);
|
||||
if (pwd == NULL) {
|
||||
leave_function();
|
||||
return SSH_AUTH_ERROR;
|
||||
}
|
||||
ssh_get_random( pwd->string, 128, 0);
|
||||
@@ -166,11 +178,13 @@ int ssh_userauth1_password(ssh_session session, const char *username,
|
||||
if (buffer_add_u8(session->out_buffer, SSH_CMSG_AUTH_PASSWORD) < 0) {
|
||||
string_burn(pwd);
|
||||
string_free(pwd);
|
||||
leave_function();
|
||||
return SSH_AUTH_ERROR;
|
||||
}
|
||||
if (buffer_add_ssh_string(session->out_buffer, pwd) < 0) {
|
||||
string_burn(pwd);
|
||||
string_free(pwd);
|
||||
leave_function();
|
||||
return SSH_AUTH_ERROR;
|
||||
}
|
||||
|
||||
@@ -178,10 +192,12 @@ int ssh_userauth1_password(ssh_session session, const char *username,
|
||||
string_free(pwd);
|
||||
session->auth_state=SSH_AUTH_STATE_NONE;
|
||||
if (packet_send(session) != SSH_OK) {
|
||||
leave_function();
|
||||
return SSH_AUTH_ERROR;
|
||||
}
|
||||
|
||||
return wait_auth1_status(session);
|
||||
rc = wait_auth1_status(session);
|
||||
leave_function();
|
||||
return rc;
|
||||
}
|
||||
|
||||
#endif /* WITH_SSH1 */
|
||||
|
||||
@@ -697,14 +697,15 @@ int ssh_connect(ssh_session session) {
|
||||
session->alive = 1;
|
||||
ssh_log(session,SSH_LOG_PROTOCOL,"Socket connecting, now waiting for the callbacks to work");
|
||||
while(session->session_state != SSH_SESSION_STATE_ERROR &&
|
||||
session->session_state != SSH_SESSION_STATE_AUTHENTICATING){
|
||||
session->session_state != SSH_SESSION_STATE_AUTHENTICATING &&
|
||||
session->session_state != SSH_SESSION_STATE_DISCONNECTED){
|
||||
/* loop until SSH_SESSION_STATE_BANNER_RECEIVED or
|
||||
* SSH_SESSION_STATE_ERROR */
|
||||
ssh_handle_packets(session,-1);
|
||||
ssh_log(session,SSH_LOG_PACKET,"ssh_connect: Actual state : %d",session->session_state);
|
||||
}
|
||||
leave_function();
|
||||
if(session->session_state == SSH_SESSION_STATE_ERROR)
|
||||
if(session->session_state == SSH_SESSION_STATE_ERROR || session->session_state == SSH_SESSION_STATE_DISCONNECTED)
|
||||
return SSH_ERROR;
|
||||
return SSH_OK;
|
||||
}
|
||||
|
||||
@@ -73,7 +73,7 @@ ssh_packet_callback default_packet_handlers1[]= {
|
||||
* @brief sets the default packet handlers
|
||||
*/
|
||||
void ssh_packet_set_default_callbacks1(ssh_session session){
|
||||
session->default_packet_callbacks.start=1;
|
||||
session->default_packet_callbacks.start=0;
|
||||
session->default_packet_callbacks.n_callbacks=sizeof(default_packet_handlers1)/sizeof(ssh_packet_callback);
|
||||
session->default_packet_callbacks.user=session;
|
||||
session->default_packet_callbacks.callbacks=default_packet_handlers1;
|
||||
@@ -327,6 +327,7 @@ SSH_PACKET_CALLBACK(ssh_packet_disconnect1){
|
||||
ssh_set_error(session, SSH_FATAL, "Received SSH_MSG_DISCONNECT");
|
||||
ssh_socket_close(session->socket);
|
||||
session->alive = 0;
|
||||
session->session_state=SSH_SESSION_STATE_DISCONNECTED;
|
||||
return SSH_PACKET_USED;
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user