[gssapi-openssh.git] / openssh / auth1.c

/*
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
 *                    All rights reserved
 *
 * As far as I am concerned, the code I have written for this software
 * can be used freely for any purpose.  Any derived versions of this
 * software must be clearly marked as such, and if the derived work is
 * incompatible with the protocol description in the RFC file, it must be
 * called by a name other than "ssh" or "Secure Shell".
 */

#include "includes.h"
RCSID("$OpenBSD: auth1.c,v 1.41 2002/06/19 00:27:55 deraadt Exp $");

#include "xmalloc.h"
#include "rsa.h"
#include "ssh1.h"
#include "dispatch.h"
#include "packet.h"
#include "buffer.h"
#include "mpaux.h"
#include "log.h"
#include "servconf.h"
#include "compat.h"
#include "auth.h"
#include "channels.h"
#include "session.h"
#include "uidswap.h"
#include "monitor_wrap.h"

/* import */
extern ServerOptions options;
extern Authmethod method_gssapi;


#ifdef GSSAPI
#ifdef GSI
#include "globus_gss_assist.h"
#endif

int     userauth_gssapi(Authctxt *authctxt);

void
auth1_gss_protocol_error(int type, u_int32_t plen, void *ctxt)
{
  Authctxt *authctxt = ctxt;
  /* Other side told us to abort, dont need to tell him */ 
  /* maybe we can us some other method. */
  if (type == SSH_MSG_AUTH_GSSAPI_ABORT) {
      log("auth1: GSSAPI aborting");
      dispatch_set(SSH_MSG_AUTH_GSSAPI_TOKEN, NULL);
      authctxt->success = 1; /* get out of loop*/
      return;
  }

  log("auth1: protocol error: type %d plen %d", type, plen);
  packet_disconnect("Protocol error during GSSAPI authentication: "
          "Unknown packet type %d", type);
}

int
gsi_gridmap(char *subject_name, char **mapped_name)
{
    return(globus_gss_assist_gridmap(subject_name, mapped_name) == 0);
}

/*
 * SSH1 GSSAPI clients may send us a user name of the form:
 *
 *   (1) username:x:SSL Subject Name
 *     or
 *   (2) username:i:SSL Subject Name
 *     or
 *   (3) username
 *
 *  if case 1, then uname is an explicit name (ssh -l uname). Keep this
 *  name always, rewrite the user parameter to be just uname. We'll pull
 *  the GSSAPI idenity out and deal with (or skip it) later.
 *  
 *  if case 2, then uname is implicit (user didn't use the -l option), so
 *  use the default gridmap mapping and replace uname with whatever
 *  the gridmap maps to. If the gridmap mapping fails, drop down
 *  to just uname
 *  
 *  if case 3, then leave it be.
 *
 *  This function may return the original pointer to the orginal string,
 *  the original pointer to a modified string, or a completely new pointer.
 */
static char *
ssh1_gssapi_parse_userstring(char *userstring)
{
  char name_type = '\0';	/* explicit 'x' or implicit 'i' */
  char *ssl_subject_name = NULL;
  char *delim = NULL;

  debug("Looking at username '%s' for gssapi-ssleay type name", userstring);
  if((delim = strchr(userstring, ':')) != NULL) {
      /* Parse and split into components */
      ssl_subject_name = strchr(delim + 1, ':');

      if (ssl_subject_name) {
	/* Successful parse, split into components */
	*delim = '\0';
	name_type = *(delim + 1);
	*ssl_subject_name = '\0';
	ssl_subject_name++;

	debug("Name parsed. type = '%c'. ssl subject name is \"%s\"",
	      name_type, ssl_subject_name);

      } else {

	debug("Don't understand name format. Letting it pass.");
      }	
  }	

#ifdef GSI
  if(ssl_subject_name) {
    char *gridmapped_name = NULL;
    switch (name_type) {
    case 'x':
      debug("explicit name given, using %s as username", userstring);
      break;

    case 'i':
      /* gridmap check */
      debug("implicit name given. gridmapping '%s'", ssl_subject_name);

      PRIVSEP(gsi_gridmap(ssl_subject_name, &gridmapped_name));
      if (gridmapped_name && gridmapped_name[0] != '\0') {
	userstring = gridmapped_name;
	debug("I gridmapped and got %s", userstring);

      } else {
	debug("I gridmapped and got null, reverting to %s", userstring);
      }
      break;

    default:
      debug("Unknown name type '%c'. Ignoring.", name_type);
      break;
    }
  } else {
    debug("didn't find any :'s so I assume it's just a user name");
  }
#endif /* GSI */

  return userstring;
}
#endif

/*
 * convert ssh auth msg type into description
 */
static char *
get_authname(int type)
{
	static char buf[1024];
	switch (type) {
	case SSH_CMSG_AUTH_PASSWORD:
		return "password";
	case SSH_CMSG_AUTH_RSA:
		return "rsa";
	case SSH_CMSG_AUTH_RHOSTS_RSA:
		return "rhosts-rsa";
	case SSH_CMSG_AUTH_RHOSTS:
		return "rhosts";
	case SSH_CMSG_AUTH_TIS:
	case SSH_CMSG_AUTH_TIS_RESPONSE:
		return "challenge-response";
#if defined(KRB4) || defined(KRB5)
	case SSH_CMSG_AUTH_KERBEROS:
		return "kerberos";
#endif
#if defined(GSSAPI)
	case SSH_CMSG_AUTH_GSSAPI:
	    	return "gssapi";
#endif
	}
	snprintf(buf, sizeof buf, "bad-auth-msg-%d", type);
	return buf;
}

/*
 * read packets, try to authenticate the user and
 * return only if authentication is successful
 */
static void
do_authloop(Authctxt *authctxt)
{
	int authenticated = 0;
	u_int bits;
	Key *client_host_key;
	BIGNUM *n;
	char *client_user, *password;
	char info[1024];
	u_int dlen;
	u_int ulen;
	int type = 0;
	struct passwd *pw = authctxt->pw;

	debug("Attempting authentication for %s%.100s.",
	    authctxt->valid ? "" : "illegal user ", authctxt->user);

	/* If the user has no password, accept authentication immediately. */
	if (options.password_authentication &&
#if defined(KRB4) || defined(KRB5)
	    (!options.kerberos_authentication || options.kerberos_or_local_passwd) &&
#endif
	    PRIVSEP(auth_password(authctxt, ""))) {
		auth_log(authctxt, 1, "without authentication", "");
		return;
	}

	/* Indicate that authentication is needed. */
	packet_start(SSH_SMSG_FAILURE);
	packet_send();
	packet_write_wait();

	client_user = NULL;

	for (;;) {
		/* default to fail */
		authenticated = 0;

		info[0] = '\0';

		/* Get a packet from the client. */
		type = packet_read();

		/* Process the packet. */
		switch (type) {

#if defined(KRB4) || defined(KRB5)
		case SSH_CMSG_AUTH_KERBEROS:
			if (!options.kerberos_authentication) {
				verbose("Kerberos authentication disabled.");
			} else {
				char *kdata = packet_get_string(&dlen);
				packet_check_eom();

				if (kdata[0] == 4) { /* KRB_PROT_VERSION */
#ifdef KRB4
					KTEXT_ST tkt;

					tkt.length = dlen;
					if (tkt.length < MAX_KTXT_LEN)
						memcpy(tkt.dat, kdata, tkt.length);

					if (auth_krb4(authctxt, &tkt, &client_user)) {
						authenticated = 1;
						snprintf(info, sizeof(info),
						    " tktuser %.100s",
						    client_user);
					}
#endif /* KRB4 */
				} else {
#ifdef KRB5
					krb5_data tkt;
					tkt.length = dlen;
					tkt.data = kdata;

					if (auth_krb5(authctxt, &tkt, &client_user)) {
						authenticated = 1;
						snprintf(info, sizeof(info),
						    " tktuser %.100s",
						    client_user);
					}
#endif /* KRB5 */
				}
				xfree(kdata);
			}
			break;
#endif /* KRB4 || KRB5 */

#ifdef GSSAPI
		case SSH_CMSG_AUTH_GSSAPI:
			if (!options.gss_authentication) {
				verbose("GSSAPI authentication disabled.");
				break;
			}
			/*
			* GSSAPI was first added to ssh1 in ssh-1.2.27, and
			* was added to the SecurtCRT product. In order
			* to continue operating with these, we will add
			* the equivelent GSSAPI support to SSH1. 
			* Will use the gssapi routines from the ssh2 as
			* they are almost identical. But they use dispatch
			* so we need to setup the dispatch tables here 
			* auth1.c for use only by the gssapi code. 
			* Since we already have the packet, we will call
			* userauth_gssapi then start the dispatch loop.
			*/
			if (!authctxt->valid) {
			packet_disconnect("Authentication rejected for invalid user");
			}
			dispatch_init(&auth1_gss_protocol_error);
			method_gssapi.userauth(authctxt);
			dispatch_run(DISPATCH_BLOCK, &authctxt->success, authctxt);
			if (authctxt->postponed) { /* failed, try other methods */
				authctxt->success = 0;
				authctxt->postponed = 0;
				break;
			}
			authenticated = 1;
			break;
#endif /* GSSAPI */
			
#if defined(AFS) || defined(KRB5)
			/* XXX - punt on backward compatibility here. */
		case SSH_CMSG_HAVE_KERBEROS_TGT:
			packet_send_debug("Kerberos TGT passing disabled before authentication.");
			break;
#ifdef AFS
		case SSH_CMSG_HAVE_AFS_TOKEN:
			packet_send_debug("AFS token passing disabled before authentication.");
			break;
#endif /* AFS */
#endif /* AFS || KRB5 */

		case SSH_CMSG_AUTH_RHOSTS:
			if (!options.rhosts_authentication) {
				verbose("Rhosts authentication disabled.");
				break;
			}
			/*
			 * Get client user name.  Note that we just have to
			 * trust the client; this is one reason why rhosts
			 * authentication is insecure. (Another is
			 * IP-spoofing on a local network.)
			 */
			client_user = packet_get_string(&ulen);
			packet_check_eom();

			/* Try to authenticate using /etc/hosts.equiv and .rhosts. */
			authenticated = auth_rhosts(pw, client_user);

			snprintf(info, sizeof info, " ruser %.100s", client_user);
			break;

		case SSH_CMSG_AUTH_RHOSTS_RSA:
			if (!options.rhosts_rsa_authentication) {
				verbose("Rhosts with RSA authentication disabled.");
				break;
			}
			/*
			 * Get client user name.  Note that we just have to
			 * trust the client; root on the client machine can
			 * claim to be any user.
			 */
			client_user = packet_get_string(&ulen);

			/* Get the client host key. */
			client_host_key = key_new(KEY_RSA1);
			bits = packet_get_int();
			packet_get_bignum(client_host_key->rsa->e);
			packet_get_bignum(client_host_key->rsa->n);

			if (bits != BN_num_bits(client_host_key->rsa->n))
				verbose("Warning: keysize mismatch for client_host_key: "
				    "actual %d, announced %d",
				    BN_num_bits(client_host_key->rsa->n), bits);
			packet_check_eom();

			authenticated = auth_rhosts_rsa(pw, client_user,
			    client_host_key);
			key_free(client_host_key);

			snprintf(info, sizeof info, " ruser %.100s", client_user);
			break;

		case SSH_CMSG_AUTH_RSA:
			if (!options.rsa_authentication) {
				verbose("RSA authentication disabled.");
				break;
			}
			/* RSA authentication requested. */
			if ((n = BN_new()) == NULL)
				fatal("do_authloop: BN_new failed");
			packet_get_bignum(n);
			packet_check_eom();
			authenticated = auth_rsa(pw, n);
			BN_clear_free(n);
			break;

		case SSH_CMSG_AUTH_PASSWORD:
			if (!options.password_authentication) {
				verbose("Password authentication disabled.");
				break;
			}
			/*
			 * Read user password.  It is in plain text, but was
			 * transmitted over the encrypted channel so it is
			 * not visible to an outside observer.
			 */
			password = packet_get_string(&dlen);
			packet_check_eom();

			/* Try authentication with the password. */
			authenticated = PRIVSEP(auth_password(authctxt, password));

			memset(password, 0, strlen(password));
			xfree(password);
			break;

		case SSH_CMSG_AUTH_TIS:
			debug("rcvd SSH_CMSG_AUTH_TIS");
			if (options.challenge_response_authentication == 1) {
				char *challenge = get_challenge(authctxt);
				if (challenge != NULL) {
					debug("sending challenge '%s'", challenge);
					packet_start(SSH_SMSG_AUTH_TIS_CHALLENGE);
					packet_put_cstring(challenge);
					xfree(challenge);
					packet_send();
					packet_write_wait();
					continue;
				}
			}
			break;
		case SSH_CMSG_AUTH_TIS_RESPONSE:
			debug("rcvd SSH_CMSG_AUTH_TIS_RESPONSE");
			if (options.challenge_response_authentication == 1) {
				char *response = packet_get_string(&dlen);
				debug("got response '%s'", response);
				packet_check_eom();
				authenticated = verify_response(authctxt, response);
				memset(response, 'r', dlen);
				xfree(response);
			}
			break;

		default:
			/*
			 * Any unknown messages will be ignored (and failure
			 * returned) during authentication.
			 */
			log("Unknown message during authentication: type %d", type);
			break;
		}
#ifdef BSD_AUTH
		if (authctxt->as) {
			auth_close(authctxt->as);
			authctxt->as = NULL;
		}
#endif
		if (!authctxt->valid && authenticated)
			fatal("INTERNAL ERROR: authenticated invalid user %s",
			    authctxt->user);

#ifdef HAVE_CYGWIN
		if (authenticated &&
		    !check_nt_auth(type == SSH_CMSG_AUTH_PASSWORD, pw)) {
			packet_disconnect("Authentication rejected for uid %d.",
			pw == NULL ? -1 : pw->pw_uid);
			authenticated = 0;
		}
#else
		/* Special handling for root */
		if (authenticated && authctxt->pw->pw_uid == 0 &&
		    !auth_root_allowed(get_authname(type)))
			authenticated = 0;
#endif
#ifdef USE_PAM
		if (!use_privsep && authenticated && 
		    !do_pam_account(pw->pw_name, client_user))
			authenticated = 0;
#endif

		/* Log before sending the reply */
		auth_log(authctxt, authenticated, get_authname(type), info);

		if (client_user != NULL) {
			xfree(client_user);
			client_user = NULL;
		}

		if (authenticated)
			return;

		if (authctxt->failures++ > AUTH_FAIL_MAX) {
#ifdef WITH_AIXAUTHENTICATE
			/* XXX: privsep */
			loginfailed(authctxt->user,
			    get_canonical_hostname(options.verify_reverse_mapping),
			    "ssh");
#endif /* WITH_AIXAUTHENTICATE */
			packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
		}

		packet_start(SSH_SMSG_FAILURE);
		packet_send();
		packet_write_wait();
	}
}

/*
 * Performs authentication of an incoming connection.  Session key has already
 * been exchanged and encryption is enabled.
 */
Authctxt *
do_authentication(void)
{
	Authctxt *authctxt;
	u_int ulen;
	char *user, *style = NULL;

	/* Get the name of the user that we wish to log in as. */
	packet_read_expect(SSH_CMSG_USER);

	/* Get the user name. */
	user = packet_get_string(&ulen);
	packet_check_eom();

#ifdef GSSAPI
	/* Parse GSSAPI identity from userstring */
	user = ssh1_gssapi_parse_userstring(user);
#endif /* GSSAPI */

	if ((style = strchr(user, ':')) != NULL)
		*style++ = '\0';

#ifdef KRB5
	/* XXX - SSH.com Kerberos v5 braindeath. */
	if ((datafellows & SSH_BUG_K5USER) &&
	    options.kerberos_authentication) {
		char *p;
		if ((p = strchr(user, '@')) != NULL)
			*p = '\0';
	}
#endif

	authctxt = authctxt_new();
	authctxt->user = user;
	authctxt->style = style;

	/* Verify that the user is a valid user. */
	if ((authctxt->pw = PRIVSEP(getpwnamallow(user))) != NULL)
		authctxt->valid = 1;
	else
		debug("do_authentication: illegal user %s", user);

	setproctitle("%s%s", authctxt->pw ? user : "unknown",
	    use_privsep ? " [net]" : "");

#ifdef USE_PAM
	PRIVSEP(start_pam(authctxt->pw == NULL ? "NOUSER" : user));
#endif

	/*
	 * If we are not running as root, the user must have the same uid as
	 * the server. (Unless you are running Windows)
	 */
#ifndef HAVE_CYGWIN
	if (!use_privsep && getuid() != 0 && authctxt->pw &&
	    authctxt->pw->pw_uid != getuid())
		packet_disconnect("Cannot change user when server not running as root.");
#endif

	/*
	 * Loop until the user has been authenticated or the connection is
	 * closed, do_authloop() returns only if authentication is successful
	 */
	do_authloop(authctxt);

	/* The user has been authenticated and accepted. */
	packet_start(SSH_SMSG_SUCCESS);
	packet_send();
	packet_write_wait();

	return (authctxt);
}
Commit	Line	Data
3c0ef626	1	/*
	2	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
	3	* All rights reserved
	4	*
	5	* As far as I am concerned, the code I have written for this software
	6	* can be used freely for any purpose. Any derived versions of this
	7	* software must be clearly marked as such, and if the derived work is
	8	* incompatible with the protocol description in the RFC file, it must be
	9	* called by a name other than "ssh" or "Secure Shell".
	10	*/
	11
	12	#include "includes.h"
44a053a3	13	RCSID("$OpenBSD: auth1.c,v 1.41 2002/06/19 00:27:55 deraadt Exp $");
3c0ef626	14
	15	#include "xmalloc.h"
	16	#include "rsa.h"
	17	#include "ssh1.h"
099f4607	18	#include "dispatch.h"
3c0ef626	19	#include "packet.h"
	20	#include "buffer.h"
	21	#include "mpaux.h"
	22	#include "log.h"
	23	#include "servconf.h"
	24	#include "compat.h"
	25	#include "auth.h"
1e608e42	26	#include "channels.h"
3c0ef626	27	#include "session.h"
3c0ef626	28	#include "uidswap.h"
510132b6	29	#include "monitor_wrap.h"
3c0ef626	30
	31	/* import */
	32	extern ServerOptions options;
b59afbfe	33	extern Authmethod method_gssapi;
	34
	35
3c0ef626	36
099f4607	37	#ifdef GSSAPI
feefe038	38	#ifdef GSI
	39	#include "globus_gss_assist.h"
	40	#endif
	41
755621a1	42	int userauth_gssapi(Authctxt *authctxt);
755621a1	43
099f4607	44	void
	45	auth1_gss_protocol_error(int type, u_int32_t plen, void *ctxt)
	46	{
	47	Authctxt *authctxt = ctxt;
	48	/* Other side told us to abort, dont need to tell him */
	49	/* maybe we can us some other method. */
	50	if (type == SSH_MSG_AUTH_GSSAPI_ABORT) {
	51	log("auth1: GSSAPI aborting");
	52	dispatch_set(SSH_MSG_AUTH_GSSAPI_TOKEN, NULL);
	53	authctxt->success = 1; /* get out of loop*/
	54	return;
	55	}
	56
	57	log("auth1: protocol error: type %d plen %d", type, plen);
	58	packet_disconnect("Protocol error during GSSAPI authentication: "
	59	"Unknown packet type %d", type);
	60	}
755621a1	61
b59afbfe	62	int
	63	gsi_gridmap(char subject_name, char *mapped_name)
	64	{
	65	return(globus_gss_assist_gridmap(subject_name, mapped_name) == 0);
	66	}
	67
755621a1	68	/*
	69	* SSH1 GSSAPI clients may send us a user name of the form:
	70	*
	71	* (1) username:x:SSL Subject Name
	72	* or
	73	* (2) username:i:SSL Subject Name
	74	* or
	75	* (3) username
	76	*
	77	* if case 1, then uname is an explicit name (ssh -l uname). Keep this
	78	* name always, rewrite the user parameter to be just uname. We'll pull
	79	* the GSSAPI idenity out and deal with (or skip it) later.
	80	*
	81	* if case 2, then uname is implicit (user didn't use the -l option), so
	82	* use the default gridmap mapping and replace uname with whatever
	83	* the gridmap maps to. If the gridmap mapping fails, drop down
	84	* to just uname
	85	*
	86	* if case 3, then leave it be.
	87	*
	88	* This function may return the original pointer to the orginal string,
	89	* the original pointer to a modified string, or a completely new pointer.
	90	*/
	91	static char *
	92	ssh1_gssapi_parse_userstring(char *userstring)
	93	{
	94	char name_type = '\0'; /* explicit 'x' or implicit 'i' */
	95	char *ssl_subject_name = NULL;
	96	char *delim = NULL;
	97
	98	debug("Looking at username '%s' for gssapi-ssleay type name", userstring);
	99	if((delim = strchr(userstring, ':')) != NULL) {
	100	/* Parse and split into components */
	101	ssl_subject_name = strchr(delim + 1, ':');
	102
	103	if (ssl_subject_name) {
	104	/* Successful parse, split into components */
	105	*delim = '\0';
	106	name_type = *(delim + 1);
	107	*ssl_subject_name = '\0';
	108	ssl_subject_name++;
	109
	110	debug("Name parsed. type = '%c'. ssl subject name is \"%s\"",
	111	name_type, ssl_subject_name);
	112
	113	} else {
	114
	115	debug("Don't understand name format. Letting it pass.");
	116	}
	117	}
	118
	119	#ifdef GSI
	120	if(ssl_subject_name) {
	121	char *gridmapped_name = NULL;
	122	switch (name_type) {
	123	case 'x':
	124	debug("explicit name given, using %s as username", userstring);
	125	break;
	126
	127	case 'i':
	128	/* gridmap check */
	129	debug("implicit name given. gridmapping '%s'", ssl_subject_name);
	130
b59afbfe	131	PRIVSEP(gsi_gridmap(ssl_subject_name, &gridmapped_name));
b59afbfe	132	if (gridmapped_name && gridmapped_name[0] != '\0') {
755621a1	133	userstring = gridmapped_name;
	134	debug("I gridmapped and got %s", userstring);
	135
	136	} else {
	137	debug("I gridmapped and got null, reverting to %s", userstring);
	138	}
	139	break;
	140
	141	default:
	142	debug("Unknown name type '%c'. Ignoring.", name_type);
	143	break;
	144	}
	145	} else {
	146	debug("didn't find any :'s so I assume it's just a user name");
	147	}
	148	#endif /* GSI */
	149
	150	return userstring;
	151	}
099f4607	152	#endif
099f4607	153
3c0ef626	154	/*
	155	* convert ssh auth msg type into description
	156	*/
	157	static char *
	158	get_authname(int type)
	159	{
	160	static char buf[1024];
	161	switch (type) {
	162	case SSH_CMSG_AUTH_PASSWORD:
	163	return "password";
	164	case SSH_CMSG_AUTH_RSA:
	165	return "rsa";
	166	case SSH_CMSG_AUTH_RHOSTS_RSA:
	167	return "rhosts-rsa";
	168	case SSH_CMSG_AUTH_RHOSTS:
	169	return "rhosts";
	170	case SSH_CMSG_AUTH_TIS:
	171	case SSH_CMSG_AUTH_TIS_RESPONSE:
	172	return "challenge-response";
	173	#if defined(KRB4) \|\| defined(KRB5)
	174	case SSH_CMSG_AUTH_KERBEROS:
	175	return "kerberos";
099f4607	176	#endif
	177	#if defined(GSSAPI)
	178	case SSH_CMSG_AUTH_GSSAPI:
	179	return "gssapi";
3c0ef626	180	#endif
	181	}
	182	snprintf(buf, sizeof buf, "bad-auth-msg-%d", type);
	183	return buf;
	184	}
	185
	186	/*
	187	* read packets, try to authenticate the user and
	188	* return only if authentication is successful
	189	*/
	190	static void
	191	do_authloop(Authctxt *authctxt)
	192	{
	193	int authenticated = 0;
	194	u_int bits;
1e608e42	195	Key *client_host_key;
3c0ef626	196	BIGNUM *n;
	197	char client_user, password;
	198	char info[1024];
	199	u_int dlen;
3c0ef626	200	u_int ulen;
	201	int type = 0;
	202	struct passwd *pw = authctxt->pw;
	203
	204	debug("Attempting authentication for %s%.100s.",
1e608e42	205	authctxt->valid ? "" : "illegal user ", authctxt->user);
3c0ef626	206
	207	/* If the user has no password, accept authentication immediately. */
	208	if (options.password_authentication &&
	209	#if defined(KRB4) \|\| defined(KRB5)
	210	(!options.kerberos_authentication \|\| options.kerberos_or_local_passwd) &&
	211	#endif
510132b6	212	PRIVSEP(auth_password(authctxt, ""))) {
3c0ef626	213	auth_log(authctxt, 1, "without authentication", "");
	214	return;
	215	}
	216
	217	/* Indicate that authentication is needed. */
	218	packet_start(SSH_SMSG_FAILURE);
	219	packet_send();
	220	packet_write_wait();
	221
	222	client_user = NULL;
	223
	224	for (;;) {
	225	/* default to fail */
	226	authenticated = 0;
	227
	228	info[0] = '\0';
	229
	230	/* Get a packet from the client. */
1e608e42	231	type = packet_read();
3c0ef626	232
	233	/* Process the packet. */
	234	switch (type) {
	235
	236	#if defined(KRB4) \|\| defined(KRB5)
	237	case SSH_CMSG_AUTH_KERBEROS:
	238	if (!options.kerberos_authentication) {
	239	verbose("Kerberos authentication disabled.");
	240	} else {
	241	char *kdata = packet_get_string(&dlen);
1e608e42	242	packet_check_eom();
1e608e42	243
3c0ef626	244	if (kdata[0] == 4) { /* KRB_PROT_VERSION */
	245	#ifdef KRB4
	246	KTEXT_ST tkt;
1e608e42	247
3c0ef626	248	tkt.length = dlen;
	249	if (tkt.length < MAX_KTXT_LEN)
	250	memcpy(tkt.dat, kdata, tkt.length);
1e608e42	251
3c0ef626	252	if (auth_krb4(authctxt, &tkt, &client_user)) {
	253	authenticated = 1;
	254	snprintf(info, sizeof(info),
	255	" tktuser %.100s",
	256	client_user);
	257	}
	258	#endif /* KRB4 */
	259	} else {
	260	#ifdef KRB5
	261	krb5_data tkt;
	262	tkt.length = dlen;
	263	tkt.data = kdata;
1e608e42	264
3c0ef626	265	if (auth_krb5(authctxt, &tkt, &client_user)) {
	266	authenticated = 1;
	267	snprintf(info, sizeof(info),
	268	" tktuser %.100s",
	269	client_user);
	270	}
	271	#endif /* KRB5 */
	272	}
	273	xfree(kdata);
	274	}
	275	break;
	276	#endif /* KRB4 \|\| KRB5 */
0b582e46	277
0b582e46	278	#ifdef GSSAPI
099f4607	279	case SSH_CMSG_AUTH_GSSAPI:
	280	if (!options.gss_authentication) {
	281	verbose("GSSAPI authentication disabled.");
	282	break;
	283	}
	284	/*
	285	* GSSAPI was first added to ssh1 in ssh-1.2.27, and
	286	* was added to the SecurtCRT product. In order
	287	* to continue operating with these, we will add
	288	* the equivelent GSSAPI support to SSH1.
	289	* Will use the gssapi routines from the ssh2 as
	290	* they are almost identical. But they use dispatch
	291	* so we need to setup the dispatch tables here
	292	* auth1.c for use only by the gssapi code.
	293	* Since we already have the packet, we will call
	294	* userauth_gssapi then start the dispatch loop.
	295	*/
	296	if (!authctxt->valid) {
	297	packet_disconnect("Authentication rejected for invalid user");
	298	}
	299	dispatch_init(&auth1_gss_protocol_error);
b59afbfe	300	method_gssapi.userauth(authctxt);
099f4607	301	dispatch_run(DISPATCH_BLOCK, &authctxt->success, authctxt);
	302	if (authctxt->postponed) { /* failed, try other methods */
	303	authctxt->success = 0;
	304	authctxt->postponed = 0;
	305	break;
	306	}
099f4607	307	authenticated = 1;
099f4607	308	break;
0b582e46	309	#endif /* GSSAPI */
3c0ef626	310
	311	#if defined(AFS) \|\| defined(KRB5)
	312	/* XXX - punt on backward compatibility here. */
	313	case SSH_CMSG_HAVE_KERBEROS_TGT:
	314	packet_send_debug("Kerberos TGT passing disabled before authentication.");
	315	break;
	316	#ifdef AFS
	317	case SSH_CMSG_HAVE_AFS_TOKEN:
	318	packet_send_debug("AFS token passing disabled before authentication.");
	319	break;
	320	#endif /* AFS */
	321	#endif /* AFS \|\| KRB5 */
1e608e42	322
3c0ef626	323	case SSH_CMSG_AUTH_RHOSTS:
	324	if (!options.rhosts_authentication) {
	325	verbose("Rhosts authentication disabled.");
	326	break;
	327	}
	328	/*
	329	* Get client user name. Note that we just have to
	330	* trust the client; this is one reason why rhosts
	331	* authentication is insecure. (Another is
	332	* IP-spoofing on a local network.)
	333	*/
	334	client_user = packet_get_string(&ulen);
1e608e42	335	packet_check_eom();
3c0ef626	336
	337	/* Try to authenticate using /etc/hosts.equiv and .rhosts. */
	338	authenticated = auth_rhosts(pw, client_user);
	339
	340	snprintf(info, sizeof info, " ruser %.100s", client_user);
	341	break;
	342
	343	case SSH_CMSG_AUTH_RHOSTS_RSA:
	344	if (!options.rhosts_rsa_authentication) {
	345	verbose("Rhosts with RSA authentication disabled.");
	346	break;
	347	}
	348	/*
	349	* Get client user name. Note that we just have to
	350	* trust the client; root on the client machine can
	351	* claim to be any user.
	352	*/
	353	client_user = packet_get_string(&ulen);
	354
	355	/* Get the client host key. */
1e608e42	356	client_host_key = key_new(KEY_RSA1);
3c0ef626	357	bits = packet_get_int();
1e608e42	358	packet_get_bignum(client_host_key->rsa->e);
1e608e42	359	packet_get_bignum(client_host_key->rsa->n);
3c0ef626	360
1e608e42	361	if (bits != BN_num_bits(client_host_key->rsa->n))
3c0ef626	362	verbose("Warning: keysize mismatch for client_host_key: "
1e608e42	363	"actual %d, announced %d",
44a053a3	364	BN_num_bits(client_host_key->rsa->n), bits);
1e608e42	365	packet_check_eom();
3c0ef626	366
1e608e42	367	authenticated = auth_rhosts_rsa(pw, client_user,
	368	client_host_key);
	369	key_free(client_host_key);
3c0ef626	370
	371	snprintf(info, sizeof info, " ruser %.100s", client_user);
	372	break;
	373
	374	case SSH_CMSG_AUTH_RSA:
	375	if (!options.rsa_authentication) {
	376	verbose("RSA authentication disabled.");
	377	break;
	378	}
	379	/* RSA authentication requested. */
1e608e42	380	if ((n = BN_new()) == NULL)
	381	fatal("do_authloop: BN_new failed");
	382	packet_get_bignum(n);
	383	packet_check_eom();
3c0ef626	384	authenticated = auth_rsa(pw, n);
	385	BN_clear_free(n);
	386	break;
	387
	388	case SSH_CMSG_AUTH_PASSWORD:
	389	if (!options.password_authentication) {
	390	verbose("Password authentication disabled.");
	391	break;
	392	}
	393	/*
	394	* Read user password. It is in plain text, but was
	395	* transmitted over the encrypted channel so it is
	396	* not visible to an outside observer.
	397	*/
	398	password = packet_get_string(&dlen);
1e608e42	399	packet_check_eom();
3c0ef626	400
3c0ef626	401	/* Try authentication with the password. */
510132b6	402	authenticated = PRIVSEP(auth_password(authctxt, password));
3c0ef626	403
	404	memset(password, 0, strlen(password));
	405	xfree(password);
	406	break;
	407
	408	case SSH_CMSG_AUTH_TIS:
	409	debug("rcvd SSH_CMSG_AUTH_TIS");
	410	if (options.challenge_response_authentication == 1) {
	411	char *challenge = get_challenge(authctxt);
	412	if (challenge != NULL) {
	413	debug("sending challenge '%s'", challenge);
	414	packet_start(SSH_SMSG_AUTH_TIS_CHALLENGE);
	415	packet_put_cstring(challenge);
	416	xfree(challenge);
	417	packet_send();
	418	packet_write_wait();
	419	continue;
	420	}
	421	}
	422	break;
	423	case SSH_CMSG_AUTH_TIS_RESPONSE:
	424	debug("rcvd SSH_CMSG_AUTH_TIS_RESPONSE");
	425	if (options.challenge_response_authentication == 1) {
	426	char *response = packet_get_string(&dlen);
	427	debug("got response '%s'", response);
1e608e42	428	packet_check_eom();
3c0ef626	429	authenticated = verify_response(authctxt, response);
	430	memset(response, 'r', dlen);
	431	xfree(response);
	432	}
	433	break;
	434
	435	default:
	436	/*
	437	* Any unknown messages will be ignored (and failure
	438	* returned) during authentication.
	439	*/
	440	log("Unknown message during authentication: type %d", type);
	441	break;
	442	}
	443	#ifdef BSD_AUTH
	444	if (authctxt->as) {
	445	auth_close(authctxt->as);
	446	authctxt->as = NULL;
	447	}
	448	#endif
	449	if (!authctxt->valid && authenticated)
	450	fatal("INTERNAL ERROR: authenticated invalid user %s",
	451	authctxt->user);
	452
	453	#ifdef HAVE_CYGWIN
	454	if (authenticated &&
1e608e42	455	!check_nt_auth(type == SSH_CMSG_AUTH_PASSWORD, pw)) {
3c0ef626	456	packet_disconnect("Authentication rejected for uid %d.",
1e608e42	457	pw == NULL ? -1 : pw->pw_uid);
3c0ef626	458	authenticated = 0;
	459	}
	460	#else
	461	/* Special handling for root */
	462	if (authenticated && authctxt->pw->pw_uid == 0 &&
	463	!auth_root_allowed(get_authname(type)))
	464	authenticated = 0;
	465	#endif
	466	#ifdef USE_PAM
510132b6	467	if (!use_privsep && authenticated &&
510132b6	468	!do_pam_account(pw->pw_name, client_user))
3c0ef626	469	authenticated = 0;
	470	#endif
	471
	472	/* Log before sending the reply */
	473	auth_log(authctxt, authenticated, get_authname(type), info);
	474
	475	if (client_user != NULL) {
	476	xfree(client_user);
	477	client_user = NULL;
	478	}
	479
	480	if (authenticated)
	481	return;
	482
	483	if (authctxt->failures++ > AUTH_FAIL_MAX) {
	484	#ifdef WITH_AIXAUTHENTICATE
44a053a3	485	/* XXX: privsep */
3c0ef626	486	loginfailed(authctxt->user,
1e608e42	487	get_canonical_hostname(options.verify_reverse_mapping),
3c0ef626	488	"ssh");
	489	#endif /* WITH_AIXAUTHENTICATE */
	490	packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
	491	}
	492
	493	packet_start(SSH_SMSG_FAILURE);
	494	packet_send();
	495	packet_write_wait();
	496	}
	497	}
	498
	499	/*
	500	* Performs authentication of an incoming connection. Session key has already
	501	* been exchanged and encryption is enabled.
	502	*/
510132b6	503	Authctxt *
1e608e42	504	do_authentication(void)
3c0ef626	505	{
3c0ef626	506	Authctxt *authctxt;
3c0ef626	507	u_int ulen;
510132b6	508	char user, style = NULL;
3c0ef626	509
3c0ef626	510	/* Get the name of the user that we wish to log in as. */
1e608e42	511	packet_read_expect(SSH_CMSG_USER);
3c0ef626	512
	513	/* Get the user name. */
	514	user = packet_get_string(&ulen);
1e608e42	515	packet_check_eom();
3c0ef626	516
755621a1	517	#ifdef GSSAPI
96c41595	518	/* Parse GSSAPI identity from userstring */
96c41595	519	user = ssh1_gssapi_parse_userstring(user);
0b582e46	520	#endif /* GSSAPI */
3c0ef626	521
	522	if ((style = strchr(user, ':')) != NULL)
	523	*style++ = '\0';
	524
510132b6	525	#ifdef KRB5
3c0ef626	526	/* XXX - SSH.com Kerberos v5 braindeath. */
510132b6	527	if ((datafellows & SSH_BUG_K5USER) &&
	528	options.kerberos_authentication) {
	529	char *p;
	530	if ((p = strchr(user, '@')) != NULL)
	531	*p = '\0';
	532	}
	533	#endif
1e608e42	534
3c0ef626	535	authctxt = authctxt_new();
	536	authctxt->user = user;
	537	authctxt->style = style;
	538
	539	/* Verify that the user is a valid user. */
510132b6	540	if ((authctxt->pw = PRIVSEP(getpwnamallow(user))) != NULL)
3c0ef626	541	authctxt->valid = 1;
510132b6	542	else
3c0ef626	543	debug("do_authentication: illegal user %s", user);
3c0ef626	544
510132b6	545	setproctitle("%s%s", authctxt->pw ? user : "unknown",
510132b6	546	use_privsep ? " [net]" : "");
3c0ef626	547
3c0ef626	548	#ifdef USE_PAM
510132b6	549	PRIVSEP(start_pam(authctxt->pw == NULL ? "NOUSER" : user));
3c0ef626	550	#endif
	551
	552	/*
	553	* If we are not running as root, the user must have the same uid as
	554	* the server. (Unless you are running Windows)
	555	*/
	556	#ifndef HAVE_CYGWIN
510132b6	557	if (!use_privsep && getuid() != 0 && authctxt->pw &&
510132b6	558	authctxt->pw->pw_uid != getuid())
3c0ef626	559	packet_disconnect("Cannot change user when server not running as root.");
	560	#endif
	561
	562	/*
	563	* Loop until the user has been authenticated or the connection is
	564	* closed, do_authloop() returns only if authentication is successful
	565	*/
	566	do_authloop(authctxt);
	567
	568	/* The user has been authenticated and accepted. */
	569	packet_start(SSH_SMSG_SUCCESS);
	570	packet_send();
	571	packet_write_wait();
	572
510132b6	573	return (authctxt);
3c0ef626	574	}