#define SSH1_CMSG_AUTH_TIS 39
#define SSH1_SMSG_AUTH_TIS_CHALLENGE 40
#define SSH1_CMSG_AUTH_TIS_RESPONSE 41
+#define SSH1_CMSG_AUTH_CCARD 70
+#define SSH1_SMSG_AUTH_CCARD_CHALLENGE 71
+#define SSH1_CMSG_AUTH_CCARD_RESPONSE 72
#define SSH1_AUTH_TIS 5
+#define SSH1_AUTH_CCARD 16
#define SSH2_MSG_DISCONNECT 1
#define SSH2_MSG_IGNORE 2
int (*ssh_get_password)(const char *prompt, char *str, int maxlen) = NULL;
static char *savedhost;
+static int ssh_send_ok;
static enum {
SSH_STATE_BEFORE_SIZE,
if (pktin.type == SSH1_SMSG_STDOUT_DATA ||
pktin.type == SSH1_SMSG_STDERR_DATA ||
pktin.type == SSH1_MSG_DEBUG ||
- pktin.type == SSH1_SMSG_AUTH_TIS_CHALLENGE) {
+ pktin.type == SSH1_SMSG_AUTH_TIS_CHALLENGE ||
+ pktin.type == SSH1_SMSG_AUTH_CCARD_CHALLENGE) {
long strlen = GET_32BIT(pktin.body);
if (strlen + 4 != pktin.length)
fatalbox("Received data packet with bogus string length");
#include <stdio.h>
void sha_string(SHA_State *s, void *str, int len) {
unsigned char lenblk[4];
-static FILE *fp;
PUT_32BIT(lenblk, len);
-if (!fp) fp = fopen("h:\\statham\\windows\\putty\\data","wb");
-fwrite(lenblk, 4, 1, fp);
SHA_Bytes(s, lenblk, 4);
-fwrite(str, len, 1, fp);
-fflush(fp);
SHA_Bytes(s, str, len);
}
vlog[strcspn(vlog, "\r\n")] = '\0';
logevent(vlog);
- if (ssh_versioncmp(version, "2.0" /* FIXME: "1.99" */ ) >= 0) {
+ /*
+ * Server version "1.99" means we can choose whether we use v1
+ * or v2 protocol. Choice is based on cfg.sshprot.
+ */
+ if (ssh_versioncmp(version, cfg.sshprot == 1 ? "2.0" : "1.99") >= 0) {
/*
* This is a v2 server. Begin v2 protocol.
*/
ssh_version = 1;
s_rdpkt = ssh1_rdpkt;
}
+ ssh_send_ok = 0;
return 1;
}
static int pwpkt_type;
/*
* Show password prompt, having first obtained it via a TIS
- * exchange if we're doing TIS authentication.
+ * or CryptoCard exchange if we're doing TIS or CryptoCard
+ * authentication.
*/
pwpkt_type = SSH1_CMSG_AUTH_PASSWORD;
if (*cfg.keyfile && !tried_publickey)
c_write(pktin.body+4, challengelen);
}
}
+ if (pktin.type == SSH1_SMSG_FAILURE &&
+ cfg.try_tis_auth &&
+ (supported_auths_mask & (1<<SSH1_AUTH_CCARD))) {
+ pwpkt_type = SSH1_CMSG_AUTH_CCARD_RESPONSE;
+ logevent("Requested CryptoCard authentication");
+ send_packet(SSH1_CMSG_AUTH_CCARD, PKT_END);
+ crWaitUntil(ispkt);
+ if (pktin.type != SSH1_SMSG_AUTH_CCARD_CHALLENGE) {
+ logevent("CryptoCard authentication declined");
+ c_write("CryptoCard authentication refused.\r\n", 29);
+ } else {
+ int challengelen = ((pktin.body[0] << 24) |
+ (pktin.body[1] << 16) |
+ (pktin.body[2] << 8) |
+ (pktin.body[3]));
+ logevent("Received CryptoCard challenge");
+ c_write(pktin.body+4, challengelen);
+ c_write("\r\nResponse : ", 13);
+ }
+ }
if (pwpkt_type == SSH1_CMSG_AUTH_PASSWORD)
c_write("password: ", 10);
if (pwpkt_type == SSH1_CMSG_AUTH_RSA) {
if (size_needed)
ssh_size();
+ ssh_send_ok = 1;
while (1) {
crReturnV;
if (ispkt) {
/*
* Transfer data!
*/
+ ssh_send_ok = 1;
while (1) {
crReturnV;
if (ispkt) {
return NULL;
}
-SOCKET ssh_socket(void) { return s; }
+static SOCKET ssh_socket(void) { return s; }
+
+static int ssh_sendok(void) { return ssh_send_ok; }
Backend ssh_backend = {
ssh_init,
ssh_send,
ssh_size,
ssh_special,
- ssh_socket
+ ssh_socket,
+ ssh_sendok
};