From ccbfb941a6124efb75b68313c86dd195cfab575f Mon Sep 17 00:00:00 2001
From: simon <simon@cda61777-01e9-0310-a592-d414129be87e>
Date: Mon, 8 Nov 1999 17:42:12 +0000
Subject: [PATCH] Add TIS authentication option

git-svn-id: svn://svn.tartarus.org/sgt/putty@283 cda61777-01e9-0310-a592-d414129be87e
---
 putty.h    |  1 +
 ssh.c      | 58 +++++++++++++++++++++++++++++++++++++++++++++++-----------
 win_res.h  |  1 +
 win_res.rc |  1 +
 windlg.c   |  8 ++++++++
 5 files changed, 58 insertions(+), 11 deletions(-)

diff --git a/putty.h b/putty.h
index 0636c4a1..13609159 100644
--- a/putty.h
+++ b/putty.h
@@ -101,6 +101,7 @@ typedef struct {
     /* SSH options */
     int nopty;
     enum { CIPHER_3DES, CIPHER_BLOWFISH, CIPHER_DES } cipher;
+    int try_tis_auth;
     /* Telnet options */
     char termtype[32];
     char termspeed[32];
diff --git a/ssh.c b/ssh.c
index 61e36ace..e61654af 100644
--- a/ssh.c
+++ b/ssh.c
@@ -29,6 +29,11 @@
 #define SSH_MSG_IGNORE 32
 #define SSH_CMSG_EXIT_CONFIRMATION 33
 #define SSH_MSG_DEBUG 36
+#define SSH_CMSG_AUTH_TIS 39
+#define SSH_SMSG_AUTH_TIS_CHALLENGE 40
+#define SSH_CMSG_AUTH_TIS_RESPONSE 41
+
+#define SSH_AUTH_TIS              5
 
 /* Coroutine mechanics for the sillier bits of the code */
 #define crBegin1	static int crLine = 0;
@@ -293,7 +298,7 @@ static void ssh_protocol(unsigned char *in, int inlen, int ispkt) {
     unsigned char cookie[8];
     struct RSAKey servkey, hostkey;
     struct MD5Context md5c;
-    unsigned long supported_ciphers_mask;
+    static unsigned long supported_ciphers_mask, supported_auths_mask;
     int cipher_type;
 
     extern struct ssh_cipher ssh_3des;
@@ -318,10 +323,15 @@ static void ssh_protocol(unsigned char *in, int inlen, int ispkt) {
 
     j = makekey(pktin.body+8+i, &hostkey, &keystr2);
 
-    supported_ciphers_mask = (pktin.body[12+i+j] << 24) |
-                             (pktin.body[13+i+j] << 16) |
-                             (pktin.body[14+i+j] << 8) |
-                             (pktin.body[15+i+j]);
+    supported_ciphers_mask = ((pktin.body[12+i+j] << 24) |
+                              (pktin.body[13+i+j] << 16) |
+                              (pktin.body[14+i+j] << 8) |
+                              (pktin.body[15+i+j]));
+
+    supported_auths_mask = ((pktin.body[16+i+j] << 24) |
+                            (pktin.body[17+i+j] << 16) |
+                            (pktin.body[18+i+j] << 8) |
+                            (pktin.body[19+i+j]));
 
     MD5Update(&md5c, keystr2, hostkey.bytes);
     MD5Update(&md5c, keystr1, servkey.bytes);
@@ -444,7 +454,33 @@ static void ssh_protocol(unsigned char *in, int inlen, int ispkt) {
 	static char password[100];
 	static int pos;
 	static char c;
-	c_write("password: ", 10);
+        static int pwpkt_type;
+
+        /*
+         * Show password prompt, having first obtained it via a TIS
+         * exchange if we're doing TIS authentication.
+         */
+        pwpkt_type = SSH_CMSG_AUTH_PASSWORD;
+        if (pktin.type == SSH_SMSG_FAILURE &&
+            cfg.try_tis_auth &&
+            (supported_auths_mask & (1<<SSH_AUTH_TIS))) {
+            pwpkt_type = SSH_CMSG_AUTH_TIS_RESPONSE;
+            s_wrpkt_start(SSH_CMSG_AUTH_TIS, 0);
+            s_wrpkt();
+            do { crReturnV; } while (!ispkt);
+            if (pktin.type != SSH_SMSG_AUTH_TIS_CHALLENGE) {
+                c_write("TIS authentication refused.\r\n", 29);
+            } else {
+                int challengelen = ((pktin.body[0] << 24) |
+                                    (pktin.body[1] << 16) |
+                                    (pktin.body[2] << 8) |
+                                    (pktin.body[3]));
+                c_write(pktin.body+4, challengelen);
+            }
+        }
+        if (pwpkt_type == SSH_CMSG_AUTH_PASSWORD)
+            c_write("password: ", 10);
+
 	pos = 0;
 	while (pos >= 0) {
 	    do { crReturnV; } while (ispkt);
@@ -471,7 +507,7 @@ static void ssh_protocol(unsigned char *in, int inlen, int ispkt) {
 	    }
 	}
 	c_write("\r\n", 2);
-	s_wrpkt_start(SSH_CMSG_AUTH_PASSWORD, 4+strlen(password));
+	s_wrpkt_start(pwpkt_type, 4+strlen(password));
 	pktout.body[0] = pktout.body[1] = pktout.body[2] = 0;
 	pktout.body[3] = strlen(password);
 	memcpy(pktout.body+4, password, strlen(password));
@@ -506,9 +542,9 @@ static void ssh_protocol(unsigned char *in, int inlen, int ispkt) {
         s_wrpkt();
         ssh_state = SSH_STATE_INTERMED;
         do { crReturnV; } while (!ispkt);
-        if (pktin.type != SSH_MSG_SUCCESS && pktin.type != SSH_MSG_FAILURE) {
+        if (pktin.type != SSH_SMSG_SUCCESS && pktin.type != SSH_SMSG_FAILURE) {
             fatalbox("Protocol confusion");
-        } else if (pktin.type == SSH_MSG_FAILURE) {
+        } else if (pktin.type == SSH_SMSG_FAILURE) {
             c_write("Server refused to allocate pty\r\n", 32);
         }
     }
@@ -531,9 +567,9 @@ static void ssh_protocol(unsigned char *in, int inlen, int ispkt) {
 		c_write(pktin.body+4, len);
 	    } else if (pktin.type == SSH_MSG_DISCONNECT) {
                 ssh_state = SSH_STATE_CLOSED;
-	    } else if (pktin.type == SSH_MSG_SUCCESS) {
+	    } else if (pktin.type == SSH_SMSG_SUCCESS) {
 		/* may be from EXEC_SHELL on some servers */
-	    } else if (pktin.type == SSH_MSG_FAILURE) {
+	    } else if (pktin.type == SSH_SMSG_FAILURE) {
 		/* may be from EXEC_SHELL on some servers
 		 * if no pty is available or in other odd cases. Ignore */
 	    } else if (pktin.type == SSH_SMSG_EXITSTATUS) {
diff --git a/win_res.h b/win_res.h
index 43ad5e95..3e8cb30e 100644
--- a/win_res.h
+++ b/win_res.h
@@ -103,6 +103,7 @@
 #define IDC3_CIPHER3DES	1020
 #define IDC3_CIPHERBLOWF 1021
 #define IDC3_CIPHERDES  1022
+#define IDC3_AUTHTIS    1023
 
 #define IDC4_MBSTATIC   1001
 #define IDC4_MBWINDOWS  1002
diff --git a/win_res.rc b/win_res.rc
index 71932e08..d71f0e37 100644
--- a/win_res.rc
+++ b/win_res.rc
@@ -167,6 +167,7 @@ BEGIN
     AUTORADIOBUTTON "&3DES", IDC3_CIPHER3DES, 46, 50, 35, 10, WS_GROUP
     AUTORADIOBUTTON "&Blowfish", IDC3_CIPHERBLOWF, 84, 50, 40, 10
     AUTORADIOBUTTON "&DES", IDC3_CIPHERDES, 127, 50, 30, 10
+    AUTOCHECKBOX "Attempt TIS authentication", IDC3_AUTHTIS, 3, 60, 162, 10
 END
 
 IDD_PANEL4 DIALOG DISCARDABLE 6, 30, 168, 163
diff --git a/windlg.c b/windlg.c
index afe96249..1d0604e5 100644
--- a/windlg.c
+++ b/windlg.c
@@ -146,6 +146,7 @@ static void save_settings (char *section, int do_host) {
     wppi (sesskey, "NoPTY", cfg.nopty);
     wpps (sesskey, "Cipher", cfg.cipher == CIPHER_BLOWFISH ? "blowfish" :
                              cfg.cipher == CIPHER_DES ? "des" : "3des");
+    wppi (sesskey, "AuthTIS", cfg.try_tis_auth);
     wppi (sesskey, "RFCEnviron", cfg.rfc_environ);
     wppi (sesskey, "BackspaceIsDelete", cfg.bksp_is_delete);
     wppi (sesskey, "RXVTHomeEnd", cfg.rxvt_homeend);
@@ -275,6 +276,7 @@ static void load_settings (char *section, int do_host) {
 	else
 	    cfg.cipher = CIPHER_3DES;
     }
+    gppi (sesskey, "AuthTIS", 0, &cfg.try_tis_auth);
     gppi (sesskey, "RFCEnviron", 0, &cfg.rfc_environ);
     gppi (sesskey, "BackspaceIsDelete", 1, &cfg.bksp_is_delete);
     gppi (sesskey, "RXVTHomeEnd", 0, &cfg.rxvt_homeend);
@@ -896,6 +898,7 @@ static int CALLBACK SshProc (HWND hwnd, UINT msg,
 			  cfg.cipher == CIPHER_DES ? IDC3_CIPHERDES :
 
 			  IDC3_CIPHER3DES);
+	CheckDlgButton (hwnd, IDC3_AUTHTIS, cfg.try_tis_auth);
 	break;
       case WM_COMMAND:
 	switch (LOWORD(wParam)) {
@@ -927,6 +930,11 @@ static int CALLBACK SshProc (HWND hwnd, UINT msg,
 		    cfg.cipher = CIPHER_DES;
 	    }
 	    break;
+	  case IDC3_AUTHTIS:
+	    if (HIWORD(wParam) == BN_CLICKED ||
+		HIWORD(wParam) == BN_DOUBLECLICKED)
+		cfg.try_tis_auth = IsDlgButtonChecked (hwnd, IDC3_AUTHTIS);
+	    break;
 	}
 	break;
     }
-- 
2.11.0