2 * Author: Tatu Ylonen <ylo@cs.hut.fi>
3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5 * Code to connect to a remote host, and to perform the client side of the
6 * login (authentication) dialog.
8 * As far as I am concerned, the code I have written for this software
9 * can be used freely for any purpose. Any derived versions of this
10 * software must be clearly marked as such, and if the derived work is
11 * incompatible with the protocol description in the RFC file, it must be
12 * called by a name other than "ssh" or "Secure Shell".
16 RCSID("$OpenBSD: sshconnect1.c,v 1.41 2001/10/06 11:18:19 markus Exp $");
18 #include <openssl/bn.h>
19 #include <openssl/evp.h>
27 #define krb5_get_err_text(context,code) error_message(code)
47 #include "sshconnect.h"
57 #include <openssl/md5.h>
59 static char gssapi_patch_version[] = GSSAPI_PATCH_VERSION;
61 * MD5 hash of host and session keys for verification. This is filled
62 * in in ssh_login() and then checked in try_gssapi_authentication().
64 unsigned char ssh_key_digest[16];
66 /*end of modification*/
68 /* Session id for the current session. */
69 u_char session_id[16];
70 u_int supported_authentications = 0;
72 extern Options options;
73 extern char *__progname;
76 * Checks if the user has an authentication agent, and if so, tries to
77 * authenticate using the agent.
80 try_agent_authentication(void)
84 AuthenticationConnection *auth;
91 /* Get connection to the agent. */
92 auth = ssh_get_authentication_connection();
98 /* Loop through identities served by the agent. */
99 for (key = ssh_get_first_identity(auth, &comment, 1);
101 key = ssh_get_next_identity(auth, &comment, 1)) {
103 /* Try this identity. */
104 debug("Trying RSA authentication via agent with '%.100s'", comment);
107 /* Tell the server that we are willing to authenticate using this key. */
108 packet_start(SSH_CMSG_AUTH_RSA);
109 packet_put_bignum(key->rsa->n);
113 /* Wait for server's response. */
114 type = packet_read(&plen);
116 /* The server sends failure if it doesn\'t like our key or
117 does not support RSA authentication. */
118 if (type == SSH_SMSG_FAILURE) {
119 debug("Server refused our key.");
123 /* Otherwise it should have sent a challenge. */
124 if (type != SSH_SMSG_AUTH_RSA_CHALLENGE)
125 packet_disconnect("Protocol error during RSA authentication: %d",
128 packet_get_bignum(challenge, &clen);
130 packet_integrity_check(plen, clen, type);
132 debug("Received RSA challenge from server.");
134 /* Ask the agent to decrypt the challenge. */
135 if (!ssh_decrypt_challenge(auth, key, challenge, session_id, 1, response)) {
137 * The agent failed to authenticate this identifier
138 * although it advertised it supports this. Just
139 * return a wrong value.
141 log("Authentication agent failed to decrypt challenge.");
142 memset(response, 0, sizeof(response));
145 debug("Sending response to RSA challenge.");
147 /* Send the decrypted challenge back to the server. */
148 packet_start(SSH_CMSG_AUTH_RSA_RESPONSE);
149 for (i = 0; i < 16; i++)
150 packet_put_char(response[i]);
154 /* Wait for response from the server. */
155 type = packet_read(&plen);
157 /* The server returns success if it accepted the authentication. */
158 if (type == SSH_SMSG_SUCCESS) {
159 ssh_close_authentication_connection(auth);
160 BN_clear_free(challenge);
161 debug("RSA authentication accepted by server.");
164 /* Otherwise it should return failure. */
165 if (type != SSH_SMSG_FAILURE)
166 packet_disconnect("Protocol error waiting RSA auth response: %d",
169 ssh_close_authentication_connection(auth);
170 BN_clear_free(challenge);
171 debug("RSA authentication using agent refused.");
176 * Computes the proper response to a RSA challenge, and sends the response to
180 respond_to_rsa_challenge(BIGNUM * challenge, RSA * prv)
182 u_char buf[32], response[16];
186 /* Decrypt the challenge using the private key. */
187 /* XXX think about Bleichenbacher, too */
188 if (rsa_private_decrypt(challenge, challenge, prv) <= 0)
190 "respond_to_rsa_challenge: rsa_private_decrypt failed");
192 /* Compute the response. */
193 /* The response is MD5 of decrypted challenge plus session id. */
194 len = BN_num_bytes(challenge);
195 if (len <= 0 || len > sizeof(buf))
197 "respond_to_rsa_challenge: bad challenge length %d", len);
199 memset(buf, 0, sizeof(buf));
200 BN_bn2bin(challenge, buf + sizeof(buf) - len);
202 MD5_Update(&md, buf, 32);
203 MD5_Update(&md, session_id, 16);
204 MD5_Final(response, &md);
206 debug("Sending response to host key RSA challenge.");
208 /* Send the response back to the server. */
209 packet_start(SSH_CMSG_AUTH_RSA_RESPONSE);
210 for (i = 0; i < 16; i++)
211 packet_put_char(response[i]);
215 memset(buf, 0, sizeof(buf));
216 memset(response, 0, sizeof(response));
217 memset(&md, 0, sizeof(md));
221 * Checks if the user has authentication file, and if so, tries to authenticate
225 try_rsa_authentication(int idx)
228 Key *public, *private;
229 char buf[300], *passphrase, *comment, *authfile;
230 int i, type, quit, plen, clen;
232 public = options.identity_keys[idx];
233 authfile = options.identity_files[idx];
234 comment = xstrdup(authfile);
236 debug("Trying RSA authentication with key '%.100s'", comment);
238 /* Tell the server that we are willing to authenticate using this key. */
239 packet_start(SSH_CMSG_AUTH_RSA);
240 packet_put_bignum(public->rsa->n);
244 /* Wait for server's response. */
245 type = packet_read(&plen);
248 * The server responds with failure if it doesn\'t like our key or
249 * doesn\'t support RSA authentication.
251 if (type == SSH_SMSG_FAILURE) {
252 debug("Server refused our key.");
256 /* Otherwise, the server should respond with a challenge. */
257 if (type != SSH_SMSG_AUTH_RSA_CHALLENGE)
258 packet_disconnect("Protocol error during RSA authentication: %d", type);
260 /* Get the challenge from the packet. */
261 challenge = BN_new();
262 packet_get_bignum(challenge, &clen);
264 packet_integrity_check(plen, clen, type);
266 debug("Received RSA challenge from server.");
269 * If the key is not stored in external hardware, we have to
270 * load the private key. Try first with empty passphrase; if it
271 * fails, ask for a passphrase.
273 if (public->flags && KEY_FLAG_EXT)
276 private = key_load_private_type(KEY_RSA1, authfile, "", NULL);
277 if (private == NULL && !options.batch_mode) {
278 snprintf(buf, sizeof(buf),
279 "Enter passphrase for RSA key '%.100s': ", comment);
280 for (i = 0; i < options.number_of_password_prompts; i++) {
281 passphrase = read_passphrase(buf, 0);
282 if (strcmp(passphrase, "") != 0) {
283 private = key_load_private_type(KEY_RSA1,
284 authfile, passphrase, NULL);
287 debug2("no passphrase given, try next key");
290 memset(passphrase, 0, strlen(passphrase));
292 if (private != NULL || quit)
294 debug2("bad passphrase given, try again...");
297 /* We no longer need the comment. */
300 if (private == NULL) {
301 if (!options.batch_mode)
302 error("Bad passphrase.");
304 /* Send a dummy response packet to avoid protocol error. */
305 packet_start(SSH_CMSG_AUTH_RSA_RESPONSE);
306 for (i = 0; i < 16; i++)
311 /* Expect the server to reject it... */
312 packet_read_expect(&plen, SSH_SMSG_FAILURE);
313 BN_clear_free(challenge);
317 /* Compute and send a response to the challenge. */
318 respond_to_rsa_challenge(challenge, private->rsa);
320 /* Destroy the private key unless it in external hardware. */
321 if (!(private->flags & KEY_FLAG_EXT))
324 /* We no longer need the challenge. */
325 BN_clear_free(challenge);
327 /* Wait for response from the server. */
328 type = packet_read(&plen);
329 if (type == SSH_SMSG_SUCCESS) {
330 debug("RSA authentication accepted by server.");
333 if (type != SSH_SMSG_FAILURE)
334 packet_disconnect("Protocol error waiting RSA auth response: %d", type);
335 debug("RSA authentication refused.");
340 * Tries to authenticate the user using combined rhosts or /etc/hosts.equiv
341 * authentication and RSA host authentication.
344 try_rhosts_rsa_authentication(const char *local_user, Key * host_key)
350 debug("Trying rhosts or /etc/hosts.equiv with RSA host authentication.");
352 /* Tell the server that we are willing to authenticate using this key. */
353 packet_start(SSH_CMSG_AUTH_RHOSTS_RSA);
354 packet_put_cstring(local_user);
355 packet_put_int(BN_num_bits(host_key->rsa->n));
356 packet_put_bignum(host_key->rsa->e);
357 packet_put_bignum(host_key->rsa->n);
361 /* Wait for server's response. */
362 type = packet_read(&plen);
364 /* The server responds with failure if it doesn't admit our
365 .rhosts authentication or doesn't know our host key. */
366 if (type == SSH_SMSG_FAILURE) {
367 debug("Server refused our rhosts authentication or host key.");
370 /* Otherwise, the server should respond with a challenge. */
371 if (type != SSH_SMSG_AUTH_RSA_CHALLENGE)
372 packet_disconnect("Protocol error during RSA authentication: %d", type);
374 /* Get the challenge from the packet. */
375 challenge = BN_new();
376 packet_get_bignum(challenge, &clen);
378 packet_integrity_check(plen, clen, type);
380 debug("Received RSA challenge for host key from server.");
382 /* Compute a response to the challenge. */
383 respond_to_rsa_challenge(challenge, host_key->rsa);
385 /* We no longer need the challenge. */
386 BN_clear_free(challenge);
388 /* Wait for response from the server. */
389 type = packet_read(&plen);
390 if (type == SSH_SMSG_SUCCESS) {
391 debug("Rhosts or /etc/hosts.equiv with RSA host authentication accepted by server.");
394 if (type != SSH_SMSG_FAILURE)
395 packet_disconnect("Protocol error waiting RSA auth response: %d", type);
396 debug("Rhosts or /etc/hosts.equiv with RSA host authentication refused.");
402 try_krb4_authentication(void)
404 KTEXT_ST auth; /* Kerberos data */
411 Key_schedule schedule;
412 u_long checksum, cksum;
414 struct sockaddr_in local, foreign;
417 /* Don't do anything if we don't have any tickets. */
418 if (stat(tkt_string(), &st) < 0)
421 strlcpy(inst, (char *)krb_get_phost(get_canonical_hostname(1)),
424 realm = (char *)krb_realmofhost(get_canonical_hostname(1));
426 debug("Kerberos v4: no realm for %s", get_canonical_hostname(1));
429 /* This can really be anything. */
430 checksum = (u_long)getpid();
432 r = krb_mk_req(&auth, KRB4_SERVICE_NAME, inst, realm, checksum);
434 debug("Kerberos v4 krb_mk_req failed: %s", krb_err_txt[r]);
437 /* Get session key to decrypt the server's reply with. */
438 r = krb_get_cred(KRB4_SERVICE_NAME, inst, realm, &cred);
440 debug("get_cred failed: %s", krb_err_txt[r]);
443 des_key_sched((des_cblock *) cred.session, schedule);
445 /* Send authentication info to server. */
446 packet_start(SSH_CMSG_AUTH_KERBEROS);
447 packet_put_string((char *) auth.dat, auth.length);
451 /* Zero the buffer. */
452 (void) memset(auth.dat, 0, MAX_KTXT_LEN);
454 slen = sizeof(local);
455 memset(&local, 0, sizeof(local));
456 if (getsockname(packet_get_connection_in(),
457 (struct sockaddr *)&local, &slen) < 0)
458 debug("getsockname failed: %s", strerror(errno));
460 slen = sizeof(foreign);
461 memset(&foreign, 0, sizeof(foreign));
462 if (getpeername(packet_get_connection_in(),
463 (struct sockaddr *)&foreign, &slen) < 0) {
464 debug("getpeername failed: %s", strerror(errno));
467 /* Get server reply. */
468 type = packet_read(&plen);
470 case SSH_SMSG_FAILURE:
471 /* Should really be SSH_SMSG_AUTH_KERBEROS_FAILURE */
472 debug("Kerberos v4 authentication failed.");
476 case SSH_SMSG_AUTH_KERBEROS_RESPONSE:
477 /* SSH_SMSG_AUTH_KERBEROS_SUCCESS */
478 debug("Kerberos v4 authentication accepted.");
480 /* Get server's response. */
481 reply = packet_get_string((u_int *) &auth.length);
482 memcpy(auth.dat, reply, auth.length);
485 packet_integrity_check(plen, 4 + auth.length, type);
488 * If his response isn't properly encrypted with the session
489 * key, and the decrypted checksum fails to match, he's
492 r = krb_rd_priv(auth.dat, auth.length, schedule, &cred.session,
493 &foreign, &local, &msg_data);
495 debug("Kerberos v4 krb_rd_priv failed: %s",
497 packet_disconnect("Kerberos v4 challenge failed!");
499 /* Fetch the (incremented) checksum that we supplied in the request. */
500 memcpy((char *)&cksum, (char *)msg_data.app_data,
502 cksum = ntohl(cksum);
504 /* If it matches, we're golden. */
505 if (cksum == checksum + 1) {
506 debug("Kerberos v4 challenge successful.");
509 packet_disconnect("Kerberos v4 challenge failed!");
513 packet_disconnect("Protocol error on Kerberos v4 response: %d", type);
522 try_krb5_authentication(krb5_context *context, krb5_auth_context *auth_context)
524 krb5_error_code problem;
527 krb5_ccache ccache = NULL;
528 const char *remotehost;
530 int type, payload_len;
531 krb5_ap_rep_enc_part *reply = NULL;
534 memset(&ap, 0, sizeof(ap));
536 problem = krb5_init_context(context);
538 debug("Kerberos v5: krb5_init_context failed");
543 problem = krb5_auth_con_init(*context, auth_context);
545 debug("Kerberos v5: krb5_auth_con_init failed");
551 problem = krb5_auth_con_setflags(*context, *auth_context,
552 KRB5_AUTH_CONTEXT_RET_TIME);
554 debug("Kerberos v5: krb5_auth_con_setflags failed");
560 tkfile = krb5_cc_default_name(*context);
561 if (strncmp(tkfile, "FILE:", 5) == 0)
564 if (stat(tkfile, &buf) == 0 && getuid() != buf.st_uid) {
565 debug("Kerberos v5: could not get default ccache (permission denied).");
570 problem = krb5_cc_default(*context, &ccache);
572 debug("Kerberos v5: krb5_cc_default failed: %s",
573 krb5_get_err_text(*context, problem));
578 remotehost = get_canonical_hostname(1);
580 problem = krb5_mk_req(*context, auth_context, AP_OPTS_MUTUAL_REQUIRED,
581 "host", remotehost, NULL, ccache, &ap);
583 debug("Kerberos v5: krb5_mk_req failed: %s",
584 krb5_get_err_text(*context, problem));
589 packet_start(SSH_CMSG_AUTH_KERBEROS);
590 packet_put_string((char *) ap.data, ap.length);
597 type = packet_read(&payload_len);
599 case SSH_SMSG_FAILURE:
600 /* Should really be SSH_SMSG_AUTH_KERBEROS_FAILURE */
601 debug("Kerberos v5 authentication failed.");
605 case SSH_SMSG_AUTH_KERBEROS_RESPONSE:
606 /* SSH_SMSG_AUTH_KERBEROS_SUCCESS */
607 debug("Kerberos v5 authentication accepted.");
609 /* Get server's response. */
610 ap.data = packet_get_string((unsigned int *) &ap.length);
612 packet_integrity_check(payload_len, 4 + ap.length, type);
613 /* XXX je to dobre? */
615 problem = krb5_rd_rep(*context, *auth_context, &ap, &reply);
623 packet_disconnect("Protocol error on Kerberos v5 response: %d",
632 krb5_cc_close(*context, ccache);
634 krb5_free_ap_rep_enc_part(*context, reply);
646 send_krb5_tgt(krb5_context context, krb5_auth_context auth_context)
648 int fd, type, payload_len;
649 krb5_error_code problem;
651 krb5_ccache ccache = NULL;
654 krb5_kdc_flags flags;
658 const char *remotehost;
660 memset(&creds, 0, sizeof(creds));
661 memset(&outbuf, 0, sizeof(outbuf));
663 fd = packet_get_connection_in();
666 problem = krb5_auth_con_setaddrs_from_fd(context, auth_context, &fd);
670 problem = krb5_auth_con_genaddrs(context, auth_context, fd,
671 KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR |
672 KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR);
674 debug("krb5_auth_con_genaddrs: %.100s", error_message(problem));
679 problem = krb5_cc_default(context, &ccache);
683 problem = krb5_cc_get_principal(context, ccache, &creds.client);
688 problem = krb5_build_principal(context, &creds.server,
689 strlen(creds.client->realm), creds.client->realm,
690 "krbtgt", creds.client->realm, NULL);
692 problem = krb5_build_principal(context, &creds.server,
693 creds.client->realm.length, creds.client->realm.data,
694 "krbtgt", creds.client->realm.data, NULL);
700 creds.times.endtime = 0;
704 flags.b.forwarded = 1;
705 flags.b.forwardable = krb5_config_get_bool(context, NULL,
706 "libdefaults", "forwardable", NULL);
708 remotehost = get_canonical_hostname(1);
710 problem = krb5_get_forwarded_creds(context, auth_context,
711 ccache, flags.i, remotehost, &creds, &outbuf);
717 remotehost = get_canonical_hostname(1);
719 problem = krb5_fwd_tgt_creds (context, auth_context,
720 remotehost, creds.client, creds.server, ccache, forwardable,
726 packet_start(SSH_CMSG_HAVE_KERBEROS_TGT);
727 packet_put_string((char *)outbuf.data, outbuf.length);
731 type = packet_read(&payload_len);
733 if (type == SSH_SMSG_SUCCESS) {
736 krb5_unparse_name(context, creds.client, &pname);
737 debug("Kerberos v5 TGT forwarded (%s).", pname);
740 debug("Kerberos v5 TGT forwarding failed.");
746 debug("Kerberos v5 TGT forwarding failed: %s",
747 krb5_get_err_text(context, problem));
749 krb5_free_principal(context, creds.client);
751 krb5_free_principal(context, creds.server);
753 krb5_cc_close(context, ccache);
765 char buffer[4096], pname[ANAME_SZ], pinst[INST_SZ], prealm[REALM_SZ];
766 int problem, type, len;
768 /* Don't do anything if we don't have any tickets. */
769 if (stat(tkt_string(), &st) < 0)
772 creds = xmalloc(sizeof(*creds));
774 problem = krb_get_tf_fullname(TKT_FILE, pname, pinst, prealm);
778 problem = krb_get_cred("krbtgt", prealm, prealm, creds);
782 if (time(0) > krb_life_to_time(creds->issue_date, creds->lifetime)) {
786 creds_to_radix(creds, (u_char *)buffer, sizeof(buffer));
788 packet_start(SSH_CMSG_HAVE_KERBEROS_TGT);
789 packet_put_cstring(buffer);
793 type = packet_read(&len);
795 if (type == SSH_SMSG_SUCCESS)
796 debug("Kerberos v4 TGT forwarded (%s%s%s@%s).",
797 creds->pname, creds->pinst[0] ? "." : "",
798 creds->pinst, creds->realm);
800 debug("Kerberos v4 TGT rejected.");
806 debug("Kerberos v4 TGT passing failed: %s", krb_err_txt[problem]);
811 send_afs_tokens(void)
814 struct ViceIoctl parms;
815 struct ClearToken ct;
817 char buf[2048], *p, *server_cell;
820 /* Move over ktc_GetToken, here's something leaner. */
821 for (i = 0; i < 100; i++) { /* just in case */
822 parms.in = (char *) &i;
823 parms.in_size = sizeof(i);
825 parms.out_size = sizeof(buf);
826 if (k_pioctl(0, VIOCGETTOK, &parms, 0) != 0)
830 /* Get secret token. */
831 memcpy(&creds.ticket_st.length, p, sizeof(u_int));
832 if (creds.ticket_st.length > MAX_KTXT_LEN)
835 memcpy(creds.ticket_st.dat, p, creds.ticket_st.length);
836 p += creds.ticket_st.length;
838 /* Get clear token. */
839 memcpy(&len, p, sizeof(len));
840 if (len != sizeof(struct ClearToken))
845 p += sizeof(len); /* primary flag */
848 /* Flesh out our credentials. */
849 strlcpy(creds.service, "afs", sizeof(creds.service));
850 creds.instance[0] = '\0';
851 strlcpy(creds.realm, server_cell, REALM_SZ);
852 memcpy(creds.session, ct.HandShakeKey, DES_KEY_SZ);
853 creds.issue_date = ct.BeginTimestamp;
854 creds.lifetime = krb_time_to_life(creds.issue_date,
856 creds.kvno = ct.AuthHandle;
857 snprintf(creds.pname, sizeof(creds.pname), "AFS ID %d", ct.ViceId);
858 creds.pinst[0] = '\0';
860 /* Encode token, ship it off. */
861 if (creds_to_radix(&creds, (u_char *)buffer,
862 sizeof(buffer)) <= 0)
864 packet_start(SSH_CMSG_HAVE_AFS_TOKEN);
865 packet_put_cstring(buffer);
869 /* Roger, Roger. Clearance, Clarence. What's your vector,
871 type = packet_read(&len);
873 if (type == SSH_SMSG_FAILURE)
874 debug("AFS token for cell %s rejected.", server_cell);
875 else if (type != SSH_SMSG_SUCCESS)
876 packet_disconnect("Protocol error on AFS token response: %d", type);
883 * Tries to authenticate with any string-based challenge/response system.
884 * Note that the client code is not tied to s/key or TIS.
887 try_challenge_response_authentication(void)
893 char *challenge, *response;
895 debug("Doing challenge response authentication.");
897 for (i = 0; i < options.number_of_password_prompts; i++) {
898 /* request a challenge */
899 packet_start(SSH_CMSG_AUTH_TIS);
903 type = packet_read(&payload_len);
904 if (type != SSH_SMSG_FAILURE &&
905 type != SSH_SMSG_AUTH_TIS_CHALLENGE) {
906 packet_disconnect("Protocol error: got %d in response "
907 "to SSH_CMSG_AUTH_TIS", type);
909 if (type != SSH_SMSG_AUTH_TIS_CHALLENGE) {
910 debug("No challenge.");
913 challenge = packet_get_string(&clen);
914 packet_integrity_check(payload_len, (4 + clen), type);
915 snprintf(prompt, sizeof prompt, "%s%s", challenge,
916 strchr(challenge, '\n') ? "" : "\nResponse: ");
919 error("Permission denied, please try again.");
920 if (options.cipher == SSH_CIPHER_NONE)
921 log("WARNING: Encryption is disabled! "
922 "Reponse will be transmitted in clear text.");
923 response = read_passphrase(prompt, 0);
924 if (strcmp(response, "") == 0) {
928 packet_start(SSH_CMSG_AUTH_TIS_RESPONSE);
929 ssh_put_password(response);
930 memset(response, 0, strlen(response));
934 type = packet_read(&payload_len);
935 if (type == SSH_SMSG_SUCCESS)
937 if (type != SSH_SMSG_FAILURE)
938 packet_disconnect("Protocol error: got %d in response "
939 "to SSH_CMSG_AUTH_TIS_RESPONSE", type);
946 * Tries to authenticate with plain passwd authentication.
949 try_password_authentication(char *prompt)
951 int type, i, payload_len;
954 debug("Doing password authentication.");
955 if (options.cipher == SSH_CIPHER_NONE)
956 log("WARNING: Encryption is disabled! Password will be transmitted in clear text.");
957 for (i = 0; i < options.number_of_password_prompts; i++) {
959 error("Permission denied, please try again.");
960 password = read_passphrase(prompt, 0);
961 packet_start(SSH_CMSG_AUTH_PASSWORD);
962 ssh_put_password(password);
963 memset(password, 0, strlen(password));
968 type = packet_read(&payload_len);
969 if (type == SSH_SMSG_SUCCESS)
971 if (type != SSH_SMSG_FAILURE)
972 packet_disconnect("Protocol error: got %d in response to passwd auth", type);
978 /*modified by binhe*/
981 * This code stolen from the gss-client.c sample program from MIT's
982 * kerberos 5 distribution.
985 gss_cred_id_t gss_cred = GSS_C_NO_CREDENTIAL;
987 static void display_status_1(m, code, type)
992 OM_uint32 maj_stat, min_stat;
998 maj_stat = gss_display_status(&min_stat, code,
999 type, GSS_C_NULL_OID,
1001 debug("GSS-API error %s: %s", m, (char *)msg.value);
1002 (void) gss_release_buffer(&min_stat, &msg);
1009 static void display_gssapi_status(msg, maj_stat, min_stat)
1014 display_status_1(msg, maj_stat, GSS_C_GSS_CODE);
1015 display_status_1(msg, min_stat, GSS_C_MECH_CODE);
1019 int get_gssapi_cred()
1025 debug("calling gss_acquire_cred");
1026 maj_stat = gss_acquire_cred(&min_stat,
1035 if (maj_stat != GSS_S_COMPLETE) {
1036 display_gssapi_status("Failuring acquiring GSSAPI credentials",
1037 maj_stat, min_stat);
1038 gss_cred = GSS_C_NO_CREDENTIAL; /* should not be needed */
1042 return 1; /* Success */
1045 char * get_gss_our_name()
1049 gss_name_t pname = GSS_C_NO_NAME;
1050 gss_buffer_desc tmpname;
1051 gss_buffer_t tmpnamed = &tmpname;
1054 debug("calling gss_inquire_cred");
1055 maj_stat = gss_inquire_cred(&min_stat,
1061 if (maj_stat != GSS_S_COMPLETE) {
1065 maj_stat = gss_export_name(&min_stat,
1068 if (maj_stat != GSS_S_COMPLETE) {
1071 debug("gss_export_name finsished");
1072 retname = (char *)malloc(tmpname.length + 1);
1076 memcpy(retname, tmpname.value, tmpname.length);
1077 retname[tmpname.length] = '\0';
1079 gss_release_name(&min_stat, &pname);
1080 gss_release_buffer(&min_stat, tmpnamed);
1086 int try_gssapi_authentication(char *host, Options *options)
1088 char *service_name = NULL;
1089 gss_buffer_desc name_tok;
1090 gss_buffer_desc send_tok;
1091 gss_buffer_desc recv_tok;
1092 gss_buffer_desc *token_ptr;
1093 gss_name_t target_name = NULL;
1094 gss_ctx_id_t gss_context;
1095 gss_OID_desc mech_oid;
1097 gss_OID_set my_mechs;
1101 int ret_stat = 0; /* 1 == success */
1102 OM_uint32 req_flags = 0;
1103 OM_uint32 ret_flags;
1105 char *gssapi_auth_type = NULL;
1106 struct hostent *hostinfo;
1111 * host is not guarenteed to be a FQDN, so we need to make sure it is.
1113 hostinfo = gethostbyname(host);
1115 if ((hostinfo == NULL) || (hostinfo->h_name == NULL)) {
1116 debug("GSSAPI authentication: Unable to get FQDN for \"%s\"", host);
1123 req_flags |= GSS_C_REPLAY_FLAG;
1125 /* Do mutual authentication */
1126 req_flags |= GSS_C_MUTUAL_FLAG;
1130 gssapi_auth_type = "GSSAPI/Kerberos 5";
1132 #endif /* GSSAPI_KRB5 */
1136 gssapi_auth_type = "GSSAPI/GLOBUS";
1140 if (gssapi_auth_type == NULL) {
1141 debug("No GSSAPI type defined during compile");
1145 debug("Attempting %s authentication", gssapi_auth_type);
1147 service_name = (char *) malloc(strlen(GSSAPI_SERVICE_NAME) +
1148 strlen(hostinfo->h_name) +
1149 2 /* 1 for '@', 1 for NUL */);
1151 if (service_name == NULL) {
1152 debug("malloc() failed");
1157 sprintf(service_name, "%s@%s", GSSAPI_SERVICE_NAME, hostinfo->h_name);
1159 name_type = GSS_C_NT_HOSTBASED_SERVICE;
1161 debug("Service name is %s", service_name);
1163 /* Forward credentials? */
1166 if (options->kerberos_tgt_passing) {
1167 debug("Forwarding Kerberos credentials");
1168 req_flags |= GSS_C_DELEG_FLAG;
1170 #endif /* GSSAPI_KRB5 */
1173 if(options->forward_gssapi_globus_proxy) {
1174 debug("Forwarding X509 proxy certificate");
1175 req_flags |= GSS_C_DELEG_FLAG;
1177 #ifdef GSS_C_GLOBUS_LIMITED_DELEG_PROXY_FLAG
1178 /* Forward limited credentials, overrides forward_gssapi_globus_proxy */
1179 if(options->forward_gssapi_globus_limited_proxy) {
1180 debug("Forwarding limited X509 proxy certificate");
1181 req_flags |= (GSS_C_DELEG_FLAG | GSS_C_GLOBUS_LIMITED_DELEG_PROXY_FLAG);
1183 #endif /* GSS_C_GLOBUS_LIMITED_DELEG_PROXY_FLAG */
1187 debug("req_flags = %lu", req_flags);
1189 name_tok.value = service_name;
1190 name_tok.length = strlen(service_name) + 1;
1191 maj_stat = gss_import_name(&min_stat, &name_tok,
1192 name_type, &target_name);
1195 service_name = NULL;
1197 if (maj_stat != GSS_S_COMPLETE) {
1198 display_gssapi_status("importing service name", maj_stat, min_stat);
1202 maj_stat = gss_indicate_mechs(&min_stat, &my_mechs);
1204 if (maj_stat != GSS_S_COMPLETE) {
1205 display_gssapi_status("indicating mechs", maj_stat, min_stat);
1210 * Send over a packet to the daemon, letting it know we're doing
1211 * GSSAPI and our mech_oid(s).
1213 debug("Sending mech oid to server");
1214 packet_start(SSH_CMSG_AUTH_GSSAPI);
1215 packet_put_int(my_mechs->count); /* Number of mechs we're sending */
1216 for (my_mech_num = 0; my_mech_num < my_mechs->count; my_mech_num++)
1217 packet_put_string(my_mechs->elements[my_mech_num].elements,
1218 my_mechs->elements[my_mech_num].length);
1220 packet_write_wait();
1223 * Get reply from the daemon to see if our mech was acceptable
1225 type = packet_read(&len);
1228 case SSH_SMSG_AUTH_GSSAPI_RESPONSE:
1229 debug("Server accepted mechanism");
1230 /* Successful negotiation */
1233 case SSH_MSG_AUTH_GSSAPI_ABORT:
1234 debug("Unable to negotiate GSSAPI mechanism type with server");
1239 packet_disconnect("Protocol error during GSSAPI authentication:"
1240 " packet type %d received",
1242 /* Does not return */
1245 /* Read the mechanism the server returned */
1246 mech_oid.elements = packet_get_string((unsigned int *) &(mech_oid.length));
1250 * Perform the context-establishement loop.
1252 * On each pass through the loop, token_ptr points to the token
1253 * to send to the server (or GSS_C_NO_BUFFER on the first pass).
1254 * Every generated token is stored in send_tok which is then
1255 * transmitted to the server; every received token is stored in
1256 * recv_tok, which token_ptr is then set to, to be processed by
1257 * the next call to gss_init_sec_context.
1259 * GSS-API guarantees that send_tok's length will be non-zero
1260 * if and only if the server is expecting another token from us,
1261 * and that gss_init_sec_context returns GSS_S_CONTINUE_NEEDED if
1262 * and only if the server has another token to send us.
1265 token_ptr = GSS_C_NO_BUFFER;
1266 gss_context = GSS_C_NO_CONTEXT;
1270 gss_init_sec_context(&min_stat,
1277 NULL, /* no channel bindings */
1279 NULL, /* ignore mech type */
1282 NULL); /* ignore time_rec */
1284 if (token_ptr != GSS_C_NO_BUFFER)
1285 (void) gss_release_buffer(&min_stat, &recv_tok);
1287 if (maj_stat != GSS_S_COMPLETE && maj_stat != GSS_S_CONTINUE_NEEDED) {
1288 display_gssapi_status("initializing context", maj_stat, min_stat);
1290 /* Send an abort message */
1291 packet_start(SSH_MSG_AUTH_GSSAPI_ABORT);
1293 packet_write_wait();
1298 if (send_tok.length != 0) {
1299 debug("Sending authenticaton token...");
1300 packet_start(SSH_MSG_AUTH_GSSAPI_TOKEN);
1301 packet_put_string((char *) send_tok.value, send_tok.length);
1303 packet_write_wait();
1305 (void) gss_release_buffer(&min_stat, &send_tok);
1308 if (maj_stat == GSS_S_CONTINUE_NEEDED) {
1310 debug("Continue needed. Reading response...");
1312 type = packet_read(&len);
1316 case SSH_MSG_AUTH_GSSAPI_TOKEN:
1317 /* This is what we expected */
1320 case SSH_MSG_AUTH_GSSAPI_ABORT:
1321 debug("Server aborted GSSAPI authentication.");
1326 packet_disconnect("Protocol error during GSSAPI authentication:"
1327 " packet type %d received",
1329 /* Does not return */
1332 recv_tok.value = packet_get_string((unsigned int *) &recv_tok.length);
1334 token_ptr = &recv_tok;
1336 } while (maj_stat == GSS_S_CONTINUE_NEEDED);
1341 debug("%s authentication successful", gssapi_auth_type);
1344 * Read hash of host and server keys and make sure it
1345 * matches what we got earlier.
1347 debug("Reading hash of server and host keys...");
1348 type = packet_read(&len);
1350 if (type == SSH_MSG_AUTH_GSSAPI_ABORT) {
1351 debug("Server aborted GSSAPI authentication.");
1356 } else if (type == SSH_SMSG_AUTH_GSSAPI_HASH) {
1357 gss_buffer_desc wrapped_buf;
1358 gss_buffer_desc unwrapped_buf;
1360 gss_qop_t qop_state;
1363 wrapped_buf.value = packet_get_string(&(wrapped_buf.length));
1366 maj_stat = gss_unwrap(&min_stat,
1373 if (maj_stat != GSS_S_COMPLETE) {
1374 display_gssapi_status("unwraping SSHD key hash",
1375 maj_stat, min_stat);
1376 packet_disconnect("Verification of SSHD keys through GSSAPI-secured channel failed: "
1377 "Unwrapping of hash failed.");
1380 if (unwrapped_buf.length != sizeof(ssh_key_digest)) {
1381 packet_disconnect("Verification of SSHD keys through GSSAPI-secured channel failed: "
1382 "Size of key hashes do not match (%d != %d)!",
1383 unwrapped_buf.length, sizeof(ssh_key_digest));
1386 if (memcmp(ssh_key_digest, unwrapped_buf.value, sizeof(ssh_key_digest)) != 0) {
1387 packet_disconnect("Verification of SSHD keys through GSSAPI-secured channel failed: "
1388 "Hashes don't match!");
1391 debug("Verified SSHD keys through GSSAPI-secured channel.");
1393 gss_release_buffer(&min_stat, &unwrapped_buf);
1396 packet_disconnect("Protocol error during GSSAPI authentication:"
1397 "packet type %d received", type);
1398 /* Does not return */
1403 if (target_name != NULL)
1404 (void) gss_release_name(&min_stat, &target_name);
1411 /*end of modification*/
1417 ssh_kex(char *host, struct sockaddr *hostaddr)
1425 int ssh_cipher_default = SSH_CIPHER_3DES;
1426 u_char session_key[SSH_SESSION_KEY_LENGTH];
1428 u_int supported_ciphers;
1429 u_int server_flags, client_flags;
1430 int payload_len, clen, sum_len = 0;
1433 debug("Waiting for server public key.");
1435 /* Wait for a public key packet from the server. */
1436 packet_read_expect(&payload_len, SSH_SMSG_PUBLIC_KEY);
1438 /* Get cookie from the packet. */
1439 for (i = 0; i < 8; i++)
1440 cookie[i] = packet_get_char();
1442 /* Get the public key. */
1443 public_key = RSA_new();
1444 bits = packet_get_int();/* bits */
1445 public_key->e = BN_new();
1446 packet_get_bignum(public_key->e, &clen);
1448 public_key->n = BN_new();
1449 packet_get_bignum(public_key->n, &clen);
1452 rbits = BN_num_bits(public_key->n);
1453 if (bits != rbits) {
1454 log("Warning: Server lies about size of server public key: "
1455 "actual size is %d bits vs. announced %d.", rbits, bits);
1456 log("Warning: This may be due to an old implementation of ssh.");
1458 /* Get the host key. */
1459 host_key = RSA_new();
1460 bits = packet_get_int();/* bits */
1461 host_key->e = BN_new();
1462 packet_get_bignum(host_key->e, &clen);
1464 host_key->n = BN_new();
1465 packet_get_bignum(host_key->n, &clen);
1468 rbits = BN_num_bits(host_key->n);
1469 if (bits != rbits) {
1470 log("Warning: Server lies about size of server host key: "
1471 "actual size is %d bits vs. announced %d.", rbits, bits);
1472 log("Warning: This may be due to an old implementation of ssh.");
1475 /*modified by binhe*/
1480 unsigned char *data;
1481 unsigned int data_len;
1484 * Hash the server and host keys. Later we will check them against
1485 * a hash sent over a secure channel to make sure they are legit.
1487 debug("Calculating MD5 hash of server and host keys...");
1489 /* Write all the keys to a temporary buffer */
1493 buffer_put_bignum(&buf, public_key->e);
1494 buffer_put_bignum(&buf, public_key->n);
1497 buffer_put_bignum(&buf, host_key->e);
1498 buffer_put_bignum(&buf, host_key->n);
1500 /* Get the resulting data */
1501 data = (unsigned char *) buffer_ptr(&buf);
1502 data_len = buffer_len(&buf);
1505 MD5_Init(&md5context);
1506 MD5_Update(&md5context, data, data_len);
1507 MD5_Final(ssh_key_digest, &md5context);
1514 /*end of modification*/
1516 /* Get protocol flags. */
1517 server_flags = packet_get_int();
1518 packet_set_protocol_flags(server_flags);
1520 supported_ciphers = packet_get_int();
1521 supported_authentications = packet_get_int();
1523 debug("Received server public key (%d bits) and host key (%d bits).",
1524 BN_num_bits(public_key->n), BN_num_bits(host_key->n));
1526 packet_integrity_check(payload_len,
1527 8 + 4 + sum_len + 0 + 4 + 0 + 0 + 4 + 4 + 4,
1528 SSH_SMSG_PUBLIC_KEY);
1531 if (verify_host_key(host, hostaddr, &k) == -1)
1532 fatal("Host key verification failed.");
1534 client_flags = SSH_PROTOFLAG_SCREEN_NUMBER | SSH_PROTOFLAG_HOST_IN_FWD_OPEN;
1536 compute_session_id(session_id, cookie, host_key->n, public_key->n);
1538 /* Generate a session key. */
1542 * Generate an encryption key for the session. The key is a 256 bit
1543 * random number, interpreted as a 32-byte key, with the least
1544 * significant 8 bits being the first byte of the key.
1546 for (i = 0; i < 32; i++) {
1548 rand = arc4random();
1549 session_key[i] = rand & 0xff;
1554 * According to the protocol spec, the first byte of the session key
1555 * is the highest byte of the integer. The session key is xored with
1556 * the first 16 bytes of the session id.
1559 BN_set_word(key, 0);
1560 for (i = 0; i < SSH_SESSION_KEY_LENGTH; i++) {
1561 BN_lshift(key, key, 8);
1563 BN_add_word(key, session_key[i] ^ session_id[i]);
1565 BN_add_word(key, session_key[i]);
1569 * Encrypt the integer using the public key and host key of the
1570 * server (key with smaller modulus first).
1572 if (BN_cmp(public_key->n, host_key->n) < 0) {
1573 /* Public key has smaller modulus. */
1574 if (BN_num_bits(host_key->n) <
1575 BN_num_bits(public_key->n) + SSH_KEY_BITS_RESERVED) {
1576 fatal("respond_to_rsa_challenge: host_key %d < public_key %d + "
1577 "SSH_KEY_BITS_RESERVED %d",
1578 BN_num_bits(host_key->n),
1579 BN_num_bits(public_key->n),
1580 SSH_KEY_BITS_RESERVED);
1582 rsa_public_encrypt(key, key, public_key);
1583 rsa_public_encrypt(key, key, host_key);
1585 /* Host key has smaller modulus (or they are equal). */
1586 if (BN_num_bits(public_key->n) <
1587 BN_num_bits(host_key->n) + SSH_KEY_BITS_RESERVED) {
1588 fatal("respond_to_rsa_challenge: public_key %d < host_key %d + "
1589 "SSH_KEY_BITS_RESERVED %d",
1590 BN_num_bits(public_key->n),
1591 BN_num_bits(host_key->n),
1592 SSH_KEY_BITS_RESERVED);
1594 rsa_public_encrypt(key, key, host_key);
1595 rsa_public_encrypt(key, key, public_key);
1598 /* Destroy the public keys since we no longer need them. */
1599 RSA_free(public_key);
1602 if (options.cipher == SSH_CIPHER_NOT_SET) {
1603 if (cipher_mask_ssh1(1) & supported_ciphers & (1 << ssh_cipher_default))
1604 options.cipher = ssh_cipher_default;
1605 } else if (options.cipher == SSH_CIPHER_ILLEGAL ||
1606 !(cipher_mask_ssh1(1) & (1 << options.cipher))) {
1607 log("No valid SSH1 cipher, using %.100s instead.",
1608 cipher_name(ssh_cipher_default));
1609 options.cipher = ssh_cipher_default;
1611 /* Check that the selected cipher is supported. */
1612 if (!(supported_ciphers & (1 << options.cipher)))
1613 fatal("Selected cipher type %.100s not supported by server.",
1614 cipher_name(options.cipher));
1616 debug("Encryption type: %.100s", cipher_name(options.cipher));
1618 /* Send the encrypted session key to the server. */
1619 packet_start(SSH_CMSG_SESSION_KEY);
1620 packet_put_char(options.cipher);
1622 /* Send the cookie back to the server. */
1623 for (i = 0; i < 8; i++)
1624 packet_put_char(cookie[i]);
1626 /* Send and destroy the encrypted encryption key integer. */
1627 packet_put_bignum(key);
1630 /* Send protocol flags. */
1631 packet_put_int(client_flags);
1633 /* Send the packet now. */
1635 packet_write_wait();
1637 debug("Sent encrypted session key.");
1639 /* Set the encryption key. */
1640 packet_set_encryption_key(session_key, SSH_SESSION_KEY_LENGTH, options.cipher);
1642 /* We will no longer need the session key here. Destroy any extra copies. */
1643 memset(session_key, 0, sizeof(session_key));
1646 * Expect a success message from the server. Note that this message
1647 * will be received in encrypted form.
1649 packet_read_expect(&payload_len, SSH_SMSG_SUCCESS);
1651 debug("Received encrypted confirmation.");
1658 ssh_userauth1(const char *local_user, const char *server_user, char *host,
1659 Key **keys, int nkeys)
1661 /*modified by binhe*/
1664 const char *save_server_user = NULL;
1667 /*end of modification*/
1670 krb5_context context = NULL;
1671 krb5_auth_context auth_context = NULL;
1676 if (supported_authentications == 0)
1677 fatal("ssh_userauth1: server supports no auth methods");
1679 /*modified by binhe*/
1682 /* if no user given, tack on the subject name after the server_user.
1683 * This will allow us to run gridmap early to get real user
1684 * This name will start with /C=
1686 if ((supported_authentications & (1 << SSH_AUTH_GSSAPI)) &&
1687 options.gss_authentication) {
1688 if (get_gssapi_cred()) {
1693 save_server_user = server_user;
1695 retname = get_gss_our_name();
1698 debug("passing gssapi name '%s'", retname);
1700 newname = (char *) malloc(strlen(retname) + strlen(server_user) + 4);
1702 strcpy(newname, server_user);
1703 if(options.user == NULL)
1705 strcat(newname,":i:");
1709 strcat(newname,":x:");
1711 strcat(newname, retname);
1712 server_user = newname;
1719 * If we couldn't successfully get our GSSAPI credentials then
1720 * turn off gssapi authentication
1722 options.gss_authentication = 0;
1724 debug("server_user %s", server_user);
1728 /*end of modification*/
1730 /* Send the name of the user to log in as on the server. */
1731 packet_start(SSH_CMSG_USER);
1732 packet_put_cstring(server_user);
1734 packet_write_wait();
1736 /*modified by binhe*/
1738 if(save_server_user)
1740 server_user = save_server_user;
1743 /*end of modification*/
1745 * The server should respond with success if no authentication is
1746 * needed (the user has no password). Otherwise the server responds
1749 type = packet_read(&payload_len);
1751 /* check whether the connection was accepted without authentication. */
1752 if (type == SSH_SMSG_SUCCESS)
1754 if (type != SSH_SMSG_FAILURE)
1755 packet_disconnect("Protocol error: got %d in response to SSH_CMSG_USER", type);
1757 /*modified by binhe*/
1759 /* Try GSSAPI authentication */
1760 if ((supported_authentications & (1 << SSH_AUTH_GSSAPI)) &&
1761 options.gss_authentication)
1763 debug("Trying GSSAPI authentication (%s)...", gssapi_patch_version);
1764 try_gssapi_authentication(host, &options);
1767 * XXX Hmmm. Kerberos authentication only reads a packet if it thinks
1768 * the authentication went OK, but the server seems to always send
1769 * a packet back. So I'm not sure if I'm missing something or
1770 * the Kerberos code is broken. - vwelch 1/27/99
1773 type = packet_read(&payload_len);
1774 if (type == SSH_SMSG_SUCCESS)
1775 return; /* Successful connection. */
1776 if (type != SSH_SMSG_FAILURE)
1777 packet_disconnect("Protocol error: got %d in response to Kerberos auth", type);
1779 debug("GSSAPI authentication failed");
1782 /*end of modification*/
1785 if ((supported_authentications & (1 << SSH_AUTH_KERBEROS)) &&
1786 options.kerberos_authentication) {
1787 debug("Trying Kerberos v5 authentication.");
1789 if (try_krb5_authentication(&context, &auth_context)) {
1790 type = packet_read(&payload_len);
1791 if (type == SSH_SMSG_SUCCESS)
1793 if (type != SSH_SMSG_FAILURE)
1794 packet_disconnect("Protocol error: got %d in response to Kerberos v5 auth", type);
1800 if ((supported_authentications & (1 << SSH_AUTH_KERBEROS)) &&
1801 options.kerberos_authentication) {
1802 debug("Trying Kerberos v4 authentication.");
1804 if (try_krb4_authentication()) {
1805 type = packet_read(&payload_len);
1806 if (type == SSH_SMSG_SUCCESS)
1808 if (type != SSH_SMSG_FAILURE)
1809 packet_disconnect("Protocol error: got %d in response to Kerberos v4 auth", type);
1815 * Use rhosts authentication if running in privileged socket and we
1816 * do not wish to remain anonymous.
1818 if ((supported_authentications & (1 << SSH_AUTH_RHOSTS)) &&
1819 options.rhosts_authentication) {
1820 debug("Trying rhosts authentication.");
1821 packet_start(SSH_CMSG_AUTH_RHOSTS);
1822 packet_put_cstring(local_user);
1824 packet_write_wait();
1826 /* The server should respond with success or failure. */
1827 type = packet_read(&payload_len);
1828 if (type == SSH_SMSG_SUCCESS)
1830 if (type != SSH_SMSG_FAILURE)
1831 packet_disconnect("Protocol error: got %d in response to rhosts auth",
1835 * Try .rhosts or /etc/hosts.equiv authentication with RSA host
1838 if ((supported_authentications & (1 << SSH_AUTH_RHOSTS_RSA)) &&
1839 options.rhosts_rsa_authentication) {
1840 for (i = 0; i < nkeys; i++) {
1841 if (keys[i] != NULL && keys[i]->type == KEY_RSA1 &&
1842 try_rhosts_rsa_authentication(local_user, keys[i]))
1846 /* Try RSA authentication if the server supports it. */
1847 if ((supported_authentications & (1 << SSH_AUTH_RSA)) &&
1848 options.rsa_authentication) {
1850 * Try RSA authentication using the authentication agent. The
1851 * agent is tried first because no passphrase is needed for
1852 * it, whereas identity files may require passphrases.
1854 if (try_agent_authentication())
1857 /* Try RSA authentication for each identity. */
1858 for (i = 0; i < options.num_identity_files; i++)
1859 if (options.identity_keys[i] != NULL &&
1860 options.identity_keys[i]->type == KEY_RSA1 &&
1861 try_rsa_authentication(i))
1864 /* Try challenge response authentication if the server supports it. */
1865 if ((supported_authentications & (1 << SSH_AUTH_TIS)) &&
1866 options.challenge_response_authentication && !options.batch_mode) {
1867 if (try_challenge_response_authentication())
1870 /* Try password authentication if the server supports it. */
1871 if ((supported_authentications & (1 << SSH_AUTH_PASSWORD)) &&
1872 options.password_authentication && !options.batch_mode) {
1875 snprintf(prompt, sizeof(prompt), "%.30s@%.128s's password: ",
1877 if (try_password_authentication(prompt))
1880 /* All authentication methods have failed. Exit with an error message. */
1881 fatal("Permission denied.");
1886 /* Try Kerberos v5 TGT passing. */
1887 if ((supported_authentications & (1 << SSH_PASS_KERBEROS_TGT)) &&
1888 options.kerberos_tgt_passing && context && auth_context) {
1889 if (options.cipher == SSH_CIPHER_NONE)
1890 log("WARNING: Encryption is disabled! Ticket will be transmitted in the clear!");
1891 send_krb5_tgt(context, auth_context);
1894 krb5_auth_con_free(context, auth_context);
1896 krb5_free_context(context);
1900 /* Try Kerberos v4 TGT passing if the server supports it. */
1901 if ((supported_authentications & (1 << SSH_PASS_KERBEROS_TGT)) &&
1902 options.kerberos_tgt_passing) {
1903 if (options.cipher == SSH_CIPHER_NONE)
1904 log("WARNING: Encryption is disabled! Ticket will be transmitted in the clear!");
1907 /* Try AFS token passing if the server supports it. */
1908 if ((supported_authentications & (1 << SSH_PASS_AFS_TOKEN)) &&
1909 options.afs_token_passing && k_hasafs()) {
1910 if (options.cipher == SSH_CIPHER_NONE)
1911 log("WARNING: Encryption is disabled! Token will be transmitted in the clear!");
1916 return; /* need statement after label */