mirror of
https://github.com/nmap/nmap.git
synced 2025-12-06 12:41:29 +00:00
keyboard-interactive auth for NSE via libssh2
This commit is contained in:
dmiller
@@ -10,6 +10,7 @@
|
||||
|
||||
local stdnse = require "stdnse"
|
||||
local table = require "table"
|
||||
local tableaux = require "tableaux"
|
||||
|
||||
local libssh2 = stdnse.silent_require "libssh2"
|
||||
|
||||
@@ -81,7 +82,7 @@ function SSHConnection:run_remote (cmd, no_pty)
|
||||
end
|
||||
|
||||
---
|
||||
-- Attempts to authenticate using provided credentials.
|
||||
-- Attempts to authenticate using password authentication.
|
||||
--
|
||||
-- @param username A username to authenticate as.
|
||||
-- @param password A password to authenticate as.
|
||||
@@ -98,6 +99,66 @@ function SSHConnection:password_auth (username, password)
|
||||
end
|
||||
end
|
||||
|
||||
local function kbd_get_cb(func)
|
||||
return function(username, name, instruction, prompts)
|
||||
local responses = {}
|
||||
for i=1, #prompts do
|
||||
stdnse.debug2("Auth for %s: '%s' '%s' '%s'",
|
||||
username, name, instruction, prompts[i])
|
||||
responses[i] = func(username, name, instruction, prompts[i])
|
||||
stdnse.debug2("Response: %s", responses[i])
|
||||
end
|
||||
return responses
|
||||
end
|
||||
end
|
||||
|
||||
---
|
||||
-- Attempts to authenticate using keyboard-interactive authentication.
|
||||
--
|
||||
-- @param username A username to authenticate as.
|
||||
-- @param callback A callback function that takes 4 inputs (username, name,
|
||||
-- instruction, prompt) and returns one string response.
|
||||
-- @return true on success or false on failure.
|
||||
function SSHConnection:interactive_auth (username, callback)
|
||||
if not self.session then
|
||||
return false
|
||||
end
|
||||
if libssh2.userauth_keyboard_interactive(self.session, username, kbd_get_cb(callback)) then
|
||||
self.authenticated = true
|
||||
return true
|
||||
else
|
||||
return false
|
||||
end
|
||||
end
|
||||
|
||||
---
|
||||
-- Attempts to authenticate using provided credentials.
|
||||
--
|
||||
-- Lists available userauth methods and attempts to authenticate with the given
|
||||
-- credentials. If password authentication is not available, it will use
|
||||
-- keyboard-interactive authentication, responding with <code>password</code>
|
||||
-- to any prompts.
|
||||
--
|
||||
-- @param username A username to authenticate as.
|
||||
-- @param password A password
|
||||
-- @return true on success or false on failure.
|
||||
-- @return the successful auth method, or all methods available. If nil, no methods were found.
|
||||
function SSHConnection:login (username, password)
|
||||
local methods = self:list(username)
|
||||
if not methods then
|
||||
return false
|
||||
end
|
||||
if (tableaux.contains(methods, "password")
|
||||
and self:password_auth(username, password)) then
|
||||
return true, "password"
|
||||
end
|
||||
if (tableaux.contains(methods, "keyboard-interactive") and
|
||||
self:interactive_auth(username, function() return password end)) then
|
||||
return true, "keyboard-interactive"
|
||||
end
|
||||
return false, methods
|
||||
end
|
||||
|
||||
---
|
||||
-- Attempts to authenticate using provided private key file.
|
||||
--
|
||||
|
||||
Reference in New Issue
Block a user