[gssapi-openssh.git] / openssh / auth1.c

/*
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
 *                    All rights reserved
 *
 * As far as I am concerned, the code I have written for this software
 * can be used freely for any purpose.  Any derived versions of this
 * software must be clearly marked as such, and if the derived work is
 * incompatible with the protocol description in the RFC file, it must be
 * called by a name other than "ssh" or "Secure Shell".
 */

#include "includes.h"
RCSID("$OpenBSD: auth1.c,v 1.47 2003/02/06 21:22:42 markus Exp $");

#include "xmalloc.h"
#include "rsa.h"
#include "ssh1.h"
#include "dispatch.h"
#include "packet.h"
#include "buffer.h"
#include "mpaux.h"
#include "log.h"
#include "servconf.h"
#include "compat.h"
#include "auth.h"
#include "channels.h"
#include "session.h"
#include "uidswap.h"
#include "monitor_wrap.h"

/* import */
extern ServerOptions options;

#ifdef GSSAPI
#ifdef GSI
#include "globus_gss_assist.h"
#endif

extern Authmethod method_gssapi;

int     userauth_gssapi(Authctxt *authctxt);

void
auth1_gss_protocol_error(int type, u_int32_t plen, void *ctxt)
{
  Authctxt *authctxt = ctxt;
  /* Other side told us to abort, dont need to tell him */ 
  /* maybe we can use some other method. */
  if (type == SSH_MSG_AUTH_GSSAPI_ABORT) {
      log("auth1: GSSAPI aborting");
      dispatch_set(SSH_MSG_AUTH_GSSAPI_TOKEN, NULL);
      authctxt->success = 1; /* get out of loop*/
      return;
  }

  log("auth1: protocol error: type %d plen %d", type, plen);
  packet_disconnect("Protocol error during GSSAPI authentication: "
          "Unknown packet type %d", type);
}

#ifdef GSI
int
gsi_gridmap(char *subject_name, char **mapped_name)
{
#ifdef GLOBUS_GSI_GSS_ASSIST_MODULE
    if (globus_module_activate(GLOBUS_GSI_GSS_ASSIST_MODULE) != 0) {
	return 0;
    }
#endif
    return(globus_gss_assist_gridmap(subject_name, mapped_name) == 0);
}
#endif

/*
 * SSH1 GSSAPI clients may send us a user name of the form:
 *
 *   (1) username:x:SSL Subject Name
 *     or
 *   (2) username:i:SSL Subject Name
 *     or
 *   (3) username
 *
 *  if case 1, then uname is an explicit name (ssh -l uname). Keep this
 *  name always, rewrite the user parameter to be just uname. We'll pull
 *  the GSSAPI idenity out and deal with (or skip it) later.
 *  
 *  if case 2, then uname is implicit (user didn't use the -l option), so
 *  use the default gridmap mapping and replace uname with whatever
 *  the gridmap maps to. If the gridmap mapping fails, drop down
 *  to just uname
 *  
 *  if case 3, then leave it be.
 *
 *  This function may return the original pointer to the orginal string,
 *  the original pointer to a modified string, or a completely new pointer.
 */
static char *
ssh1_gssapi_parse_userstring(char *userstring)
{
  char name_type = '\0';	/* explicit 'x' or implicit 'i' */
  char *ssl_subject_name = NULL;
  char *delim = NULL;

  debug("Looking at username '%s' for gssapi-ssleay type name", userstring);
  if((delim = strchr(userstring, ':')) != NULL) {
      /* Parse and split into components */
      ssl_subject_name = strchr(delim + 1, ':');

      if (ssl_subject_name) {
	/* Successful parse, split into components */
	*delim = '\0';
	name_type = *(delim + 1);
	*ssl_subject_name = '\0';
	ssl_subject_name++;

	debug("Name parsed. type = '%c'. ssl subject name is \"%s\"",
	      name_type, ssl_subject_name);

      } else {

	debug("Don't understand name format. Letting it pass.");
      }	
  }	

#ifdef GSI
  if(ssl_subject_name) {
    char *gridmapped_name = NULL;
    switch (name_type) {
    case 'x':
      debug("explicit name given, using %s as username", userstring);
      break;

    case 'i':
      /* gridmap check */
      debug("implicit name given. gridmapping '%s'", ssl_subject_name);

      PRIVSEP(gsi_gridmap(ssl_subject_name, &gridmapped_name));
      if (gridmapped_name && gridmapped_name[0] != '\0') {
	userstring = gridmapped_name;
	debug("I gridmapped and got %s", userstring);

      } else {
	debug("I gridmapped and got null, reverting to %s", userstring);
      }
      break;

    default:
      debug("Unknown name type '%c'. Ignoring.", name_type);
      break;
    }
  } else {
    debug("didn't find any :'s so I assume it's just a user name");
  }
#endif /* GSI */

  return userstring;
}
#endif

/*
 * convert ssh auth msg type into description
 */
static char *
get_authname(int type)
{
	static char buf[1024];
	switch (type) {
	case SSH_CMSG_AUTH_PASSWORD:
		return "password";
	case SSH_CMSG_AUTH_RSA:
		return "rsa";
	case SSH_CMSG_AUTH_RHOSTS_RSA:
		return "rhosts-rsa";
	case SSH_CMSG_AUTH_RHOSTS:
		return "rhosts";
	case SSH_CMSG_AUTH_TIS:
	case SSH_CMSG_AUTH_TIS_RESPONSE:
		return "challenge-response";
#if defined(KRB4) || defined(KRB5)
	case SSH_CMSG_AUTH_KERBEROS:
		return "kerberos";
#endif
#if defined(GSSAPI)
	case SSH_CMSG_AUTH_GSSAPI:
	    	return "gssapi";
#endif
	}
	snprintf(buf, sizeof buf, "bad-auth-msg-%d", type);
	return buf;
}

/*
 * read packets, try to authenticate the user and
 * return only if authentication is successful
 */
static void
do_authloop(Authctxt *authctxt)
{
	int authenticated = 0;
	u_int bits;
	Key *client_host_key;
	BIGNUM *n;
	char *client_user, *password;
	char info[1024];
	u_int dlen;
	u_int ulen;
	int type = 0;
	struct passwd *pw = authctxt->pw;

	debug("Attempting authentication for %s%.100s.",
	    authctxt->valid ? "" : "illegal user ", authctxt->user);

	/* If the user has no password, accept authentication immediately. */
	if (options.password_authentication &&
#if defined(KRB4) || defined(KRB5)
	    (!options.kerberos_authentication || options.kerberos_or_local_passwd) &&
#endif
	    PRIVSEP(auth_password(authctxt, ""))) {
		auth_log(authctxt, 1, "without authentication", "");
		return;
	}

	/* Indicate that authentication is needed. */
	packet_start(SSH_SMSG_FAILURE);
	packet_send();
	packet_write_wait();

	client_user = NULL;

	for (;;) {
		/* default to fail */
		authenticated = 0;

		info[0] = '\0';

		/* Get a packet from the client. */
		type = packet_read();

		/* Process the packet. */
		switch (type) {

#if defined(KRB4) || defined(KRB5)
		case SSH_CMSG_AUTH_KERBEROS:
			if (!options.kerberos_authentication) {
				verbose("Kerberos authentication disabled.");
			} else {
				char *kdata = packet_get_string(&dlen);
				packet_check_eom();

				if (kdata[0] == 4) { /* KRB_PROT_VERSION */
#ifdef KRB4
					KTEXT_ST tkt, reply;
					tkt.length = dlen;
					if (tkt.length < MAX_KTXT_LEN)
						memcpy(tkt.dat, kdata, tkt.length);

					if (PRIVSEP(auth_krb4(authctxt, &tkt,
					    &client_user, &reply))) {
						authenticated = 1;
						snprintf(info, sizeof(info),
						    " tktuser %.100s",
						    client_user);

						packet_start(
						    SSH_SMSG_AUTH_KERBEROS_RESPONSE);
						packet_put_string((char *)
						    reply.dat, reply.length);
						packet_send();
						packet_write_wait();
					}
#endif /* KRB4 */
				} else {
#ifdef KRB5
					krb5_data tkt, reply;
					tkt.length = dlen;
					tkt.data = kdata;

					if (PRIVSEP(auth_krb5(authctxt, &tkt,
					    &client_user, &reply))) {
						authenticated = 1;
						snprintf(info, sizeof(info),
						    " tktuser %.100s",
						    client_user);

 						/* Send response to client */
 						packet_start(
						    SSH_SMSG_AUTH_KERBEROS_RESPONSE);
 						packet_put_string((char *)
						    reply.data, reply.length);
 						packet_send();
 						packet_write_wait();

 						if (reply.length)
 							xfree(reply.data);
					}
#endif /* KRB5 */
				}
				xfree(kdata);
			}
			break;
#endif /* KRB4 || KRB5 */

#ifdef GSSAPI
		case SSH_CMSG_AUTH_GSSAPI:
			if (!options.gss_authentication) {
				verbose("GSSAPI authentication disabled.");
				break;
			}
			/*
			* GSSAPI was first added to ssh1 in ssh-1.2.27, and
			* was added to the SecurtCRT product. In order
			* to continue operating with these, we will add
			* the equivelent GSSAPI support to SSH1. 
			* Will use the gssapi routines from the ssh2 as
			* they are almost identical. But they use dispatch
			* so we need to setup the dispatch tables here 
			* auth1.c for use only by the gssapi code. 
			* Since we already have the packet, we will call
			* userauth_gssapi then start the dispatch loop.
			*/
			if (!authctxt->valid) {
			packet_disconnect("Authentication rejected for invalid user");
			}
			dispatch_init(&auth1_gss_protocol_error);
			method_gssapi.userauth(authctxt);
			if (!authctxt->postponed) { /* failed before starting dispatch */
				authctxt->success = 0;
				authctxt->postponed = 0;
				break;
			}
			dispatch_run(DISPATCH_BLOCK, &authctxt->success, authctxt);
			if (authctxt->postponed) { /* failed, try other methods */
				authctxt->success = 0;
				authctxt->postponed = 0;
				break;
			}
			authenticated = 1;
			break;
#endif /* GSSAPI */
			
#if defined(AFS) || defined(KRB5)
			/* XXX - punt on backward compatibility here. */
		case SSH_CMSG_HAVE_KERBEROS_TGT:
			packet_send_debug("Kerberos TGT passing disabled before authentication.");
			break;
#ifdef AFS
		case SSH_CMSG_HAVE_AFS_TOKEN:
			packet_send_debug("AFS token passing disabled before authentication.");
			break;
#endif /* AFS */
#endif /* AFS || KRB5 */

		case SSH_CMSG_AUTH_RHOSTS:
			if (!options.rhosts_authentication) {
				verbose("Rhosts authentication disabled.");
				break;
			}
			/*
			 * Get client user name.  Note that we just have to
			 * trust the client; this is one reason why rhosts
			 * authentication is insecure. (Another is
			 * IP-spoofing on a local network.)
			 */
			client_user = packet_get_string(&ulen);
			packet_check_eom();

			/* Try to authenticate using /etc/hosts.equiv and .rhosts. */
			authenticated = auth_rhosts(pw, client_user);

			snprintf(info, sizeof info, " ruser %.100s", client_user);
			break;

		case SSH_CMSG_AUTH_RHOSTS_RSA:
			if (!options.rhosts_rsa_authentication) {
				verbose("Rhosts with RSA authentication disabled.");
				break;
			}
			/*
			 * Get client user name.  Note that we just have to
			 * trust the client; root on the client machine can
			 * claim to be any user.
			 */
			client_user = packet_get_string(&ulen);

			/* Get the client host key. */
			client_host_key = key_new(KEY_RSA1);
			bits = packet_get_int();
			packet_get_bignum(client_host_key->rsa->e);
			packet_get_bignum(client_host_key->rsa->n);

			if (bits != BN_num_bits(client_host_key->rsa->n))
				verbose("Warning: keysize mismatch for client_host_key: "
				    "actual %d, announced %d",
				    BN_num_bits(client_host_key->rsa->n), bits);
			packet_check_eom();

			authenticated = auth_rhosts_rsa(pw, client_user,
			    client_host_key);
			key_free(client_host_key);

			snprintf(info, sizeof info, " ruser %.100s", client_user);
			break;

		case SSH_CMSG_AUTH_RSA:
			if (!options.rsa_authentication) {
				verbose("RSA authentication disabled.");
				break;
			}
			/* RSA authentication requested. */
			if ((n = BN_new()) == NULL)
				fatal("do_authloop: BN_new failed");
			packet_get_bignum(n);
			packet_check_eom();
			authenticated = auth_rsa(pw, n);
			BN_clear_free(n);
			break;

		case SSH_CMSG_AUTH_PASSWORD:
			if (!options.password_authentication) {
				verbose("Password authentication disabled.");
				break;
			}
			/*
			 * Read user password.  It is in plain text, but was
			 * transmitted over the encrypted channel so it is
			 * not visible to an outside observer.
			 */
			password = packet_get_string(&dlen);
			packet_check_eom();

			/* Try authentication with the password. */
			authenticated = PRIVSEP(auth_password(authctxt, password));

			memset(password, 0, strlen(password));
			xfree(password);
			break;

		case SSH_CMSG_AUTH_TIS:
			debug("rcvd SSH_CMSG_AUTH_TIS");
			if (options.challenge_response_authentication == 1) {
				char *challenge = get_challenge(authctxt);
				if (challenge != NULL) {
					debug("sending challenge '%s'", challenge);
					packet_start(SSH_SMSG_AUTH_TIS_CHALLENGE);
					packet_put_cstring(challenge);
					xfree(challenge);
					packet_send();
					packet_write_wait();
					continue;
				}
			}
			break;
		case SSH_CMSG_AUTH_TIS_RESPONSE:
			debug("rcvd SSH_CMSG_AUTH_TIS_RESPONSE");
			if (options.challenge_response_authentication == 1) {
				char *response = packet_get_string(&dlen);
				packet_check_eom();
				authenticated = verify_response(authctxt, response);
				memset(response, 'r', dlen);
				xfree(response);
			}
			break;

		default:
			/*
			 * Any unknown messages will be ignored (and failure
			 * returned) during authentication.
			 */
			log("Unknown message during authentication: type %d", type);
			break;
		}
#ifdef BSD_AUTH
		if (authctxt->as) {
			auth_close(authctxt->as);
			authctxt->as = NULL;
		}
#endif
		if (!authctxt->valid && authenticated)
			fatal("INTERNAL ERROR: authenticated invalid user %s",
			    authctxt->user);

#ifdef _UNICOS
		if (type == SSH_CMSG_AUTH_PASSWORD && !authenticated)
			cray_login_failure(authctxt->user, IA_UDBERR);
		if (authenticated && cray_access_denied(authctxt->user)) {
			authenticated = 0;
			fatal("Access denied for user %s.",authctxt->user);
		}
#endif /* _UNICOS */

#ifdef HAVE_CYGWIN
		if (authenticated &&
		    !check_nt_auth(type == SSH_CMSG_AUTH_PASSWORD, pw)) {
			packet_disconnect("Authentication rejected for uid %d.",
			pw == NULL ? -1 : pw->pw_uid);
			authenticated = 0;
		}
#else
		/* Special handling for root */
		if (authenticated && authctxt->pw->pw_uid == 0 &&
		    !auth_root_allowed(get_authname(type)))
			authenticated = 0;
#endif
#ifdef USE_PAM
		if (!use_privsep && authenticated && 
		    !do_pam_account(pw->pw_name, client_user))
			authenticated = 0;
#endif

		/* Log before sending the reply */
		auth_log(authctxt, authenticated, get_authname(type), info);

		if (client_user != NULL) {
			xfree(client_user);
			client_user = NULL;
		}

		if (authenticated)
			return;

		if (authctxt->failures++ > AUTH_FAIL_MAX) {
			packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
		}

		packet_start(SSH_SMSG_FAILURE);
		packet_send();
		packet_write_wait();
	}
}

/*
 * Performs authentication of an incoming connection.  Session key has already
 * been exchanged and encryption is enabled.
 */
Authctxt *
do_authentication(void)
{
	Authctxt *authctxt;
	u_int ulen;
	char *user, *style = NULL;

	/* Get the name of the user that we wish to log in as. */
	packet_read_expect(SSH_CMSG_USER);

	/* Get the user name. */
	user = packet_get_string(&ulen);
	packet_check_eom();

#ifdef GSSAPI
	/* Parse GSSAPI identity from userstring */
	user = ssh1_gssapi_parse_userstring(user);
#endif /* GSSAPI */

	if ((style = strchr(user, ':')) != NULL)
		*style++ = '\0';

#ifdef KRB5
	/* XXX - SSH.com Kerberos v5 braindeath. */
	if ((datafellows & SSH_BUG_K5USER) &&
	    options.kerberos_authentication) {
		char *p;
		if ((p = strchr(user, '@')) != NULL)
			*p = '\0';
	}
#endif

	authctxt = authctxt_new();
	authctxt->user = user;
	authctxt->style = style;

	/* Verify that the user is a valid user. */
	if ((authctxt->pw = PRIVSEP(getpwnamallow(user))) != NULL)
		authctxt->valid = 1;
	else
		debug("do_authentication: illegal user %s", user);

	setproctitle("%s%s", authctxt->pw ? user : "unknown",
	    use_privsep ? " [net]" : "");

#ifdef USE_PAM
	PRIVSEP(start_pam(authctxt->pw == NULL ? "NOUSER" : user));
#endif

	/*
	 * If we are not running as root, the user must have the same uid as
	 * the server. (Unless you are running Windows)
	 */
#ifndef HAVE_CYGWIN
	if (!use_privsep && getuid() != 0 && authctxt->pw &&
	    authctxt->pw->pw_uid != getuid())
		packet_disconnect("Cannot change user when server not running as root.");
#endif

	/*
	 * Loop until the user has been authenticated or the connection is
	 * closed, do_authloop() returns only if authentication is successful
	 */
	do_authloop(authctxt);

	/* The user has been authenticated and accepted. */
	packet_start(SSH_SMSG_SUCCESS);
	packet_send();
	packet_write_wait();

	return (authctxt);
}
Commit	Line	Data
3c0ef626	1	/*
	2	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
	3	* All rights reserved
	4	*
	5	* As far as I am concerned, the code I have written for this software
	6	* can be used freely for any purpose. Any derived versions of this
	7	* software must be clearly marked as such, and if the derived work is
	8	* incompatible with the protocol description in the RFC file, it must be
	9	* called by a name other than "ssh" or "Secure Shell".
	10	*/
	11
	12	#include "includes.h"
bfe49944	13	RCSID("$OpenBSD: auth1.c,v 1.47 2003/02/06 21:22:42 markus Exp $");
3c0ef626	14
	15	#include "xmalloc.h"
	16	#include "rsa.h"
	17	#include "ssh1.h"
099f4607	18	#include "dispatch.h"
3c0ef626	19	#include "packet.h"
	20	#include "buffer.h"
	21	#include "mpaux.h"
	22	#include "log.h"
	23	#include "servconf.h"
	24	#include "compat.h"
	25	#include "auth.h"
1e608e42	26	#include "channels.h"
3c0ef626	27	#include "session.h"
3c0ef626	28	#include "uidswap.h"
510132b6	29	#include "monitor_wrap.h"
3c0ef626	30
	31	/* import */
	32	extern ServerOptions options;
	33
099f4607	34	#ifdef GSSAPI
feefe038	35	#ifdef GSI
	36	#include "globus_gss_assist.h"
	37	#endif
	38
23987cb8	39	extern Authmethod method_gssapi;
23987cb8	40
755621a1	41	int userauth_gssapi(Authctxt *authctxt);
755621a1	42
099f4607	43	void
	44	auth1_gss_protocol_error(int type, u_int32_t plen, void *ctxt)
	45	{
	46	Authctxt *authctxt = ctxt;
	47	/* Other side told us to abort, dont need to tell him */
6a962fd6	48	/* maybe we can use some other method. */
099f4607	49	if (type == SSH_MSG_AUTH_GSSAPI_ABORT) {
	50	log("auth1: GSSAPI aborting");
	51	dispatch_set(SSH_MSG_AUTH_GSSAPI_TOKEN, NULL);
	52	authctxt->success = 1; /* get out of loop*/
	53	return;
	54	}
	55
	56	log("auth1: protocol error: type %d plen %d", type, plen);
	57	packet_disconnect("Protocol error during GSSAPI authentication: "
	58	"Unknown packet type %d", type);
	59	}
755621a1	60
c35f5009	61	#ifdef GSI
b59afbfe	62	int
	63	gsi_gridmap(char subject_name, char *mapped_name)
	64	{
b311f64e	65	#ifdef GLOBUS_GSI_GSS_ASSIST_MODULE
	66	if (globus_module_activate(GLOBUS_GSI_GSS_ASSIST_MODULE) != 0) {
	67	return 0;
	68	}
	69	#endif
b59afbfe	70	return(globus_gss_assist_gridmap(subject_name, mapped_name) == 0);
b59afbfe	71	}
c35f5009	72	#endif
b59afbfe	73
755621a1	74	/*
	75	* SSH1 GSSAPI clients may send us a user name of the form:
	76	*
	77	* (1) username:x:SSL Subject Name
	78	* or
	79	* (2) username:i:SSL Subject Name
	80	* or
	81	* (3) username
	82	*
	83	* if case 1, then uname is an explicit name (ssh -l uname). Keep this
	84	* name always, rewrite the user parameter to be just uname. We'll pull
	85	* the GSSAPI idenity out and deal with (or skip it) later.
	86	*
	87	* if case 2, then uname is implicit (user didn't use the -l option), so
	88	* use the default gridmap mapping and replace uname with whatever
	89	* the gridmap maps to. If the gridmap mapping fails, drop down
	90	* to just uname
	91	*
	92	* if case 3, then leave it be.
	93	*
	94	* This function may return the original pointer to the orginal string,
	95	* the original pointer to a modified string, or a completely new pointer.
	96	*/
	97	static char *
	98	ssh1_gssapi_parse_userstring(char *userstring)
	99	{
	100	char name_type = '\0'; /* explicit 'x' or implicit 'i' */
	101	char *ssl_subject_name = NULL;
	102	char *delim = NULL;
	103
	104	debug("Looking at username '%s' for gssapi-ssleay type name", userstring);
	105	if((delim = strchr(userstring, ':')) != NULL) {
	106	/* Parse and split into components */
	107	ssl_subject_name = strchr(delim + 1, ':');
	108
	109	if (ssl_subject_name) {
	110	/* Successful parse, split into components */
	111	*delim = '\0';
	112	name_type = *(delim + 1);
	113	*ssl_subject_name = '\0';
	114	ssl_subject_name++;
	115
	116	debug("Name parsed. type = '%c'. ssl subject name is \"%s\"",
	117	name_type, ssl_subject_name);
	118
	119	} else {
	120
	121	debug("Don't understand name format. Letting it pass.");
	122	}
	123	}
	124
	125	#ifdef GSI
	126	if(ssl_subject_name) {
	127	char *gridmapped_name = NULL;
	128	switch (name_type) {
	129	case 'x':
	130	debug("explicit name given, using %s as username", userstring);
	131	break;
	132
	133	case 'i':
	134	/* gridmap check */
	135	debug("implicit name given. gridmapping '%s'", ssl_subject_name);
	136
b59afbfe	137	PRIVSEP(gsi_gridmap(ssl_subject_name, &gridmapped_name));
b59afbfe	138	if (gridmapped_name && gridmapped_name[0] != '\0') {
755621a1	139	userstring = gridmapped_name;
	140	debug("I gridmapped and got %s", userstring);
	141
	142	} else {
	143	debug("I gridmapped and got null, reverting to %s", userstring);
	144	}
	145	break;
	146
	147	default:
	148	debug("Unknown name type '%c'. Ignoring.", name_type);
	149	break;
	150	}
	151	} else {
	152	debug("didn't find any :'s so I assume it's just a user name");
	153	}
	154	#endif /* GSI */
	155
	156	return userstring;
	157	}
099f4607	158	#endif
099f4607	159
3c0ef626	160	/*
	161	* convert ssh auth msg type into description
	162	*/
	163	static char *
	164	get_authname(int type)
	165	{
	166	static char buf[1024];
	167	switch (type) {
	168	case SSH_CMSG_AUTH_PASSWORD:
	169	return "password";
	170	case SSH_CMSG_AUTH_RSA:
	171	return "rsa";
	172	case SSH_CMSG_AUTH_RHOSTS_RSA:
	173	return "rhosts-rsa";
	174	case SSH_CMSG_AUTH_RHOSTS:
	175	return "rhosts";
	176	case SSH_CMSG_AUTH_TIS:
	177	case SSH_CMSG_AUTH_TIS_RESPONSE:
	178	return "challenge-response";
	179	#if defined(KRB4) \|\| defined(KRB5)
	180	case SSH_CMSG_AUTH_KERBEROS:
	181	return "kerberos";
099f4607	182	#endif
	183	#if defined(GSSAPI)
	184	case SSH_CMSG_AUTH_GSSAPI:
	185	return "gssapi";
3c0ef626	186	#endif
	187	}
	188	snprintf(buf, sizeof buf, "bad-auth-msg-%d", type);
	189	return buf;
	190	}
	191
	192	/*
	193	* read packets, try to authenticate the user and
	194	* return only if authentication is successful
	195	*/
	196	static void
	197	do_authloop(Authctxt *authctxt)
	198	{
	199	int authenticated = 0;
	200	u_int bits;
1e608e42	201	Key *client_host_key;
3c0ef626	202	BIGNUM *n;
	203	char client_user, password;
	204	char info[1024];
	205	u_int dlen;
3c0ef626	206	u_int ulen;
	207	int type = 0;
	208	struct passwd *pw = authctxt->pw;
	209
	210	debug("Attempting authentication for %s%.100s.",
1e608e42	211	authctxt->valid ? "" : "illegal user ", authctxt->user);
3c0ef626	212
	213	/* If the user has no password, accept authentication immediately. */
	214	if (options.password_authentication &&
	215	#if defined(KRB4) \|\| defined(KRB5)
	216	(!options.kerberos_authentication \|\| options.kerberos_or_local_passwd) &&
	217	#endif
510132b6	218	PRIVSEP(auth_password(authctxt, ""))) {
3c0ef626	219	auth_log(authctxt, 1, "without authentication", "");
	220	return;
	221	}
	222
	223	/* Indicate that authentication is needed. */
	224	packet_start(SSH_SMSG_FAILURE);
	225	packet_send();
	226	packet_write_wait();
	227
	228	client_user = NULL;
	229
	230	for (;;) {
	231	/* default to fail */
	232	authenticated = 0;
	233
	234	info[0] = '\0';
	235
	236	/* Get a packet from the client. */
1e608e42	237	type = packet_read();
3c0ef626	238
	239	/* Process the packet. */
	240	switch (type) {
	241
	242	#if defined(KRB4) \|\| defined(KRB5)
	243	case SSH_CMSG_AUTH_KERBEROS:
	244	if (!options.kerberos_authentication) {
	245	verbose("Kerberos authentication disabled.");
	246	} else {
	247	char *kdata = packet_get_string(&dlen);
1e608e42	248	packet_check_eom();
1e608e42	249
3c0ef626	250	if (kdata[0] == 4) { /* KRB_PROT_VERSION */
3c0ef626	251	#ifdef KRB4
d03f4262	252	KTEXT_ST tkt, reply;
3c0ef626	253	tkt.length = dlen;
	254	if (tkt.length < MAX_KTXT_LEN)
	255	memcpy(tkt.dat, kdata, tkt.length);
1e608e42	256
d03f4262	257	if (PRIVSEP(auth_krb4(authctxt, &tkt,
d03f4262	258	&client_user, &reply))) {
3c0ef626	259	authenticated = 1;
	260	snprintf(info, sizeof(info),
	261	" tktuser %.100s",
	262	client_user);
d03f4262	263
	264	packet_start(
	265	SSH_SMSG_AUTH_KERBEROS_RESPONSE);
	266	packet_put_string((char *)
	267	reply.dat, reply.length);
	268	packet_send();
	269	packet_write_wait();
3c0ef626	270	}
	271	#endif /* KRB4 */
	272	} else {
	273	#ifdef KRB5
d03f4262	274	krb5_data tkt, reply;
3c0ef626	275	tkt.length = dlen;
3c0ef626	276	tkt.data = kdata;
1e608e42	277
d03f4262	278	if (PRIVSEP(auth_krb5(authctxt, &tkt,
d03f4262	279	&client_user, &reply))) {
3c0ef626	280	authenticated = 1;
	281	snprintf(info, sizeof(info),
	282	" tktuser %.100s",
	283	client_user);
bfe49944	284
d03f4262	285	/* Send response to client */
	286	packet_start(
	287	SSH_SMSG_AUTH_KERBEROS_RESPONSE);
	288	packet_put_string((char *)
	289	reply.data, reply.length);
	290	packet_send();
	291	packet_write_wait();
	292
	293	if (reply.length)
	294	xfree(reply.data);
3c0ef626	295	}
	296	#endif /* KRB5 */
	297	}
	298	xfree(kdata);
	299	}
	300	break;
	301	#endif /* KRB4 \|\| KRB5 */
0b582e46	302
0b582e46	303	#ifdef GSSAPI
099f4607	304	case SSH_CMSG_AUTH_GSSAPI:
	305	if (!options.gss_authentication) {
	306	verbose("GSSAPI authentication disabled.");
	307	break;
	308	}
	309	/*
	310	* GSSAPI was first added to ssh1 in ssh-1.2.27, and
	311	* was added to the SecurtCRT product. In order
	312	* to continue operating with these, we will add
	313	* the equivelent GSSAPI support to SSH1.
	314	* Will use the gssapi routines from the ssh2 as
	315	* they are almost identical. But they use dispatch
	316	* so we need to setup the dispatch tables here
	317	* auth1.c for use only by the gssapi code.
	318	* Since we already have the packet, we will call
	319	* userauth_gssapi then start the dispatch loop.
	320	*/
	321	if (!authctxt->valid) {
	322	packet_disconnect("Authentication rejected for invalid user");
	323	}
	324	dispatch_init(&auth1_gss_protocol_error);
b59afbfe	325	method_gssapi.userauth(authctxt);
6a962fd6	326	if (!authctxt->postponed) { /* failed before starting dispatch */
	327	authctxt->success = 0;
	328	authctxt->postponed = 0;
	329	break;
	330	}
099f4607	331	dispatch_run(DISPATCH_BLOCK, &authctxt->success, authctxt);
	332	if (authctxt->postponed) { /* failed, try other methods */
	333	authctxt->success = 0;
	334	authctxt->postponed = 0;
	335	break;
	336	}
099f4607	337	authenticated = 1;
099f4607	338	break;
0b582e46	339	#endif /* GSSAPI */
3c0ef626	340
	341	#if defined(AFS) \|\| defined(KRB5)
	342	/* XXX - punt on backward compatibility here. */
	343	case SSH_CMSG_HAVE_KERBEROS_TGT:
	344	packet_send_debug("Kerberos TGT passing disabled before authentication.");
	345	break;
	346	#ifdef AFS
	347	case SSH_CMSG_HAVE_AFS_TOKEN:
	348	packet_send_debug("AFS token passing disabled before authentication.");
	349	break;
	350	#endif /* AFS */
	351	#endif /* AFS \|\| KRB5 */
1e608e42	352
3c0ef626	353	case SSH_CMSG_AUTH_RHOSTS:
	354	if (!options.rhosts_authentication) {
	355	verbose("Rhosts authentication disabled.");
	356	break;
	357	}
	358	/*
	359	* Get client user name. Note that we just have to
	360	* trust the client; this is one reason why rhosts
	361	* authentication is insecure. (Another is
	362	* IP-spoofing on a local network.)
	363	*/
	364	client_user = packet_get_string(&ulen);
1e608e42	365	packet_check_eom();
3c0ef626	366
	367	/* Try to authenticate using /etc/hosts.equiv and .rhosts. */
	368	authenticated = auth_rhosts(pw, client_user);
	369
	370	snprintf(info, sizeof info, " ruser %.100s", client_user);
	371	break;
	372
	373	case SSH_CMSG_AUTH_RHOSTS_RSA:
	374	if (!options.rhosts_rsa_authentication) {
	375	verbose("Rhosts with RSA authentication disabled.");
	376	break;
	377	}
	378	/*
	379	* Get client user name. Note that we just have to
	380	* trust the client; root on the client machine can
	381	* claim to be any user.
	382	*/
	383	client_user = packet_get_string(&ulen);
	384
	385	/* Get the client host key. */
1e608e42	386	client_host_key = key_new(KEY_RSA1);
3c0ef626	387	bits = packet_get_int();
1e608e42	388	packet_get_bignum(client_host_key->rsa->e);
1e608e42	389	packet_get_bignum(client_host_key->rsa->n);
3c0ef626	390
1e608e42	391	if (bits != BN_num_bits(client_host_key->rsa->n))
3c0ef626	392	verbose("Warning: keysize mismatch for client_host_key: "
1e608e42	393	"actual %d, announced %d",
44a053a3	394	BN_num_bits(client_host_key->rsa->n), bits);
1e608e42	395	packet_check_eom();
3c0ef626	396
1e608e42	397	authenticated = auth_rhosts_rsa(pw, client_user,
	398	client_host_key);
	399	key_free(client_host_key);
3c0ef626	400
	401	snprintf(info, sizeof info, " ruser %.100s", client_user);
	402	break;
	403
	404	case SSH_CMSG_AUTH_RSA:
	405	if (!options.rsa_authentication) {
	406	verbose("RSA authentication disabled.");
	407	break;
	408	}
	409	/* RSA authentication requested. */
1e608e42	410	if ((n = BN_new()) == NULL)
	411	fatal("do_authloop: BN_new failed");
	412	packet_get_bignum(n);
	413	packet_check_eom();
3c0ef626	414	authenticated = auth_rsa(pw, n);
	415	BN_clear_free(n);
	416	break;
	417
	418	case SSH_CMSG_AUTH_PASSWORD:
	419	if (!options.password_authentication) {
	420	verbose("Password authentication disabled.");
	421	break;
	422	}
	423	/*
	424	* Read user password. It is in plain text, but was
	425	* transmitted over the encrypted channel so it is
	426	* not visible to an outside observer.
	427	*/
	428	password = packet_get_string(&dlen);
1e608e42	429	packet_check_eom();
3c0ef626	430
3c0ef626	431	/* Try authentication with the password. */
510132b6	432	authenticated = PRIVSEP(auth_password(authctxt, password));
3c0ef626	433
	434	memset(password, 0, strlen(password));
	435	xfree(password);
	436	break;
	437
	438	case SSH_CMSG_AUTH_TIS:
	439	debug("rcvd SSH_CMSG_AUTH_TIS");
	440	if (options.challenge_response_authentication == 1) {
	441	char *challenge = get_challenge(authctxt);
	442	if (challenge != NULL) {
	443	debug("sending challenge '%s'", challenge);
	444	packet_start(SSH_SMSG_AUTH_TIS_CHALLENGE);
	445	packet_put_cstring(challenge);
	446	xfree(challenge);
	447	packet_send();
	448	packet_write_wait();
	449	continue;
	450	}
	451	}
	452	break;
	453	case SSH_CMSG_AUTH_TIS_RESPONSE:
	454	debug("rcvd SSH_CMSG_AUTH_TIS_RESPONSE");
	455	if (options.challenge_response_authentication == 1) {
	456	char *response = packet_get_string(&dlen);
1e608e42	457	packet_check_eom();
3c0ef626	458	authenticated = verify_response(authctxt, response);
	459	memset(response, 'r', dlen);
	460	xfree(response);
	461	}
	462	break;
	463
	464	default:
	465	/*
	466	* Any unknown messages will be ignored (and failure
	467	* returned) during authentication.
	468	*/
	469	log("Unknown message during authentication: type %d", type);
	470	break;
	471	}
	472	#ifdef BSD_AUTH
	473	if (authctxt->as) {
	474	auth_close(authctxt->as);
	475	authctxt->as = NULL;
	476	}
	477	#endif
	478	if (!authctxt->valid && authenticated)
	479	fatal("INTERNAL ERROR: authenticated invalid user %s",
	480	authctxt->user);
	481
d03f4262	482	#ifdef _UNICOS
	483	if (type == SSH_CMSG_AUTH_PASSWORD && !authenticated)
	484	cray_login_failure(authctxt->user, IA_UDBERR);
	485	if (authenticated && cray_access_denied(authctxt->user)) {
	486	authenticated = 0;
	487	fatal("Access denied for user %s.",authctxt->user);
	488	}
	489	#endif /* _UNICOS */
	490
3c0ef626	491	#ifdef HAVE_CYGWIN
3c0ef626	492	if (authenticated &&
1e608e42	493	!check_nt_auth(type == SSH_CMSG_AUTH_PASSWORD, pw)) {
3c0ef626	494	packet_disconnect("Authentication rejected for uid %d.",
1e608e42	495	pw == NULL ? -1 : pw->pw_uid);
3c0ef626	496	authenticated = 0;
	497	}
	498	#else
	499	/* Special handling for root */
bfe49944	500	if (authenticated && authctxt->pw->pw_uid == 0 &&
3c0ef626	501	!auth_root_allowed(get_authname(type)))
	502	authenticated = 0;
	503	#endif
	504	#ifdef USE_PAM
510132b6	505	if (!use_privsep && authenticated &&
510132b6	506	!do_pam_account(pw->pw_name, client_user))
3c0ef626	507	authenticated = 0;
	508	#endif
	509
	510	/* Log before sending the reply */
	511	auth_log(authctxt, authenticated, get_authname(type), info);
	512
	513	if (client_user != NULL) {
	514	xfree(client_user);
	515	client_user = NULL;
	516	}
	517
	518	if (authenticated)
	519	return;
	520
	521	if (authctxt->failures++ > AUTH_FAIL_MAX) {
3c0ef626	522	packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
	523	}
	524
	525	packet_start(SSH_SMSG_FAILURE);
	526	packet_send();
	527	packet_write_wait();
	528	}
	529	}
	530
	531	/*
	532	* Performs authentication of an incoming connection. Session key has already
	533	* been exchanged and encryption is enabled.
	534	*/
510132b6	535	Authctxt *
1e608e42	536	do_authentication(void)
3c0ef626	537	{
3c0ef626	538	Authctxt *authctxt;
3c0ef626	539	u_int ulen;
510132b6	540	char user, style = NULL;
3c0ef626	541
3c0ef626	542	/* Get the name of the user that we wish to log in as. */
1e608e42	543	packet_read_expect(SSH_CMSG_USER);
3c0ef626	544
	545	/* Get the user name. */
	546	user = packet_get_string(&ulen);
1e608e42	547	packet_check_eom();
3c0ef626	548
755621a1	549	#ifdef GSSAPI
96c41595	550	/* Parse GSSAPI identity from userstring */
96c41595	551	user = ssh1_gssapi_parse_userstring(user);
0b582e46	552	#endif /* GSSAPI */
3c0ef626	553
	554	if ((style = strchr(user, ':')) != NULL)
	555	*style++ = '\0';
	556
510132b6	557	#ifdef KRB5
3c0ef626	558	/* XXX - SSH.com Kerberos v5 braindeath. */
510132b6	559	if ((datafellows & SSH_BUG_K5USER) &&
	560	options.kerberos_authentication) {
	561	char *p;
	562	if ((p = strchr(user, '@')) != NULL)
	563	*p = '\0';
	564	}
	565	#endif
1e608e42	566
3c0ef626	567	authctxt = authctxt_new();
	568	authctxt->user = user;
	569	authctxt->style = style;
	570
	571	/* Verify that the user is a valid user. */
510132b6	572	if ((authctxt->pw = PRIVSEP(getpwnamallow(user))) != NULL)
3c0ef626	573	authctxt->valid = 1;
510132b6	574	else
3c0ef626	575	debug("do_authentication: illegal user %s", user);
3c0ef626	576
510132b6	577	setproctitle("%s%s", authctxt->pw ? user : "unknown",
510132b6	578	use_privsep ? " [net]" : "");
3c0ef626	579
3c0ef626	580	#ifdef USE_PAM
510132b6	581	PRIVSEP(start_pam(authctxt->pw == NULL ? "NOUSER" : user));
3c0ef626	582	#endif
	583
	584	/*
	585	* If we are not running as root, the user must have the same uid as
	586	* the server. (Unless you are running Windows)
	587	*/
	588	#ifndef HAVE_CYGWIN
510132b6	589	if (!use_privsep && getuid() != 0 && authctxt->pw &&
510132b6	590	authctxt->pw->pw_uid != getuid())
3c0ef626	591	packet_disconnect("Cannot change user when server not running as root.");
	592	#endif
	593
	594	/*
	595	* Loop until the user has been authenticated or the connection is
	596	* closed, do_authloop() returns only if authentication is successful
	597	*/
	598	do_authloop(authctxt);
	599
	600	/* The user has been authenticated and accepted. */
	601	packet_start(SSH_SMSG_SUCCESS);
	602	packet_send();
	603	packet_write_wait();
	604
510132b6	605	return (authctxt);
3c0ef626	606	}