[openssh.git] / auth-skey.c

#include "includes.h"

#ifdef SKEY
RCSID("$Id$");

#include "ssh.h"
#include "packet.h"

#ifdef HAVE_OPENSSL
#include <openssl/sha.h>
#endif
#ifdef HAVE_SSL
#include <ssl/sha.h>
#endif

/* from %OpenBSD: skeylogin.c,v 1.32 1999/08/16 14:46:56 millert Exp % */

/* 
 * try skey authentication,
 * return 1 on success, 0 on failure, -1 if skey is not available 
 */

int 
auth_skey_password(struct passwd * pw, const char *password)
{
	if (strncasecmp(password, "s/key", 5) == 0) {
		char *skeyinfo = skey_keyinfo(pw->pw_name);
		if (skeyinfo == NULL) {
			debug("generating fake skeyinfo for %.100s.",
			    pw->pw_name);
			skeyinfo = skey_fake_keyinfo(pw->pw_name);
		}
		if (skeyinfo != NULL)
			packet_send_debug(skeyinfo);
		/* Try again. */
		return 0;
	} else if (skey_haskey(pw->pw_name) == 0 &&
		   skey_passcheck(pw->pw_name, (char *) password) != -1) {
		/* Authentication succeeded. */
		return 1;
	}
	/* Fall back to ordinary passwd authentication. */
	return -1;
}

/* from %OpenBSD: skeylogin.c,v 1.32 1999/08/16 14:46:56 millert Exp % */

#define ROUND(x)   (((x)[0] << 24) + (((x)[1]) << 16) + (((x)[2]) << 8) + \
		    ((x)[3]))

/*
 * hash_collapse()
 */
static u_int32_t
hash_collapse(s)
        u_char *s;
{
        int len, target;
	u_int32_t i;
	
	if ((strlen(s) % sizeof(u_int32_t)) == 0)
  		target = strlen(s);    /* Multiple of 4 */
	else
		target = strlen(s) - (strlen(s) % sizeof(u_int32_t));
  
	for (i = 0, len = 0; len < target; len += 4)
        	i ^= ROUND(s + len);

	return i;
}

char *
skey_fake_keyinfo(char *username)
{
	int i;
	u_int ptr;
	u_char hseed[SKEY_MAX_SEED_LEN], flg = 1, *up;
	char pbuf[SKEY_MAX_PW_LEN+1];
	static char skeyprompt[SKEY_MAX_CHALLENGE+1];
	char *secret = NULL;
	size_t secretlen = 0;
	SHA_CTX ctx;
	char *p, *u;
	char md[SHA_DIGEST_LENGTH];

	/*
	 * Base first 4 chars of seed on hostname.
	 * Add some filler for short hostnames if necessary.
	 */
	if (gethostname(pbuf, sizeof(pbuf)) == -1)
		*(p = pbuf) = '.';
	else
		for (p = pbuf; *p && isalnum(*p); p++)
			if (isalpha(*p) && isupper(*p))
				*p = tolower(*p);
	if (*p && pbuf - p < 4)
		(void)strncpy(p, "asjd", 4 - (pbuf - p));
	pbuf[4] = '\0';

	/* Hash the username if possible */
	up = malloc(SHA_DIGEST_LENGTH);
	if (up != NULL) {
		struct stat sb;
		time_t t;
		int fd;

		SHA1_Init(&ctx);
		SHA1_Update(&ctx, username, strlen(username));
		SHA1_End(&ctx, up);

		/* Collapse the hash */
		ptr = hash_collapse(up);
		memset(up, 0, strlen(up));

		/* See if the random file's there, else use ctime */
		if ((fd = open(_SKEY_RAND_FILE_PATH_, O_RDONLY)) != -1
		    && fstat(fd, &sb) == 0 &&
		    sb.st_size > (off_t)SKEY_MAX_SEED_LEN &&
		    lseek(fd, ptr % (sb.st_size - SKEY_MAX_SEED_LEN),
		    SEEK_SET) != -1 && read(fd, hseed,
		    SKEY_MAX_SEED_LEN) == SKEY_MAX_SEED_LEN) {
			close(fd);
			fd = -1;
			secret = hseed;
			secretlen = SKEY_MAX_SEED_LEN;
			flg = 0;
		} else if (!stat(_PATH_MEM, &sb) || !stat("/", &sb)) {
			t = sb.st_ctime;
			secret = ctime(&t);
			secretlen = strlen(secret);
			flg = 0;
		}
		if (fd != -1)
			close(fd);
	}

	/* Put that in your pipe and smoke it */
	if (flg == 0) {
		/* Hash secret value with username */
		SHA1_Init(&ctx);
		SHA1_Update(&ctx, secret, secretlen);
		SHA1_Update(&ctx, username, strlen(username));
		SHA1_End(&ctx, up);
		
		/* Zero out */
		memset(secret, 0, secretlen);

		/* Now hash the hash */
		SHA1_Init(&ctx);
		SHA1_Update(&ctx, up, strlen(up));
		SHA1_End(&ctx, up);
		
		ptr = hash_collapse(up + 4);
		
		for (i = 4; i < 9; i++) {
			pbuf[i] = (ptr % 10) + '0';
			ptr /= 10;
		}
		pbuf[i] = '\0';

		/* Sequence number */
		ptr = ((up[2] + up[3]) % 99) + 1;

		memset(up, 0, SHA_DIGEST_LENGTH); /* SHA1 specific */
		free(up);

		(void)snprintf(skeyprompt, sizeof skeyprompt,
			      "otp-%.*s %d %.*s",
			      SKEY_MAX_HASHNAME_LEN,
			      skey_get_algorithm(),
			      ptr, SKEY_MAX_SEED_LEN,
			      pbuf);
	} else {
		/* Base last 8 chars of seed on username */
		u = username;
		i = 8;
		p = &pbuf[4];
		do {
			if (*u == 0) {
				/* Pad remainder with zeros */
				while (--i >= 0)
					*p++ = '0';
				break;
			}

			*p++ = (*u++ % 10) + '0';
		} while (--i != 0);
		pbuf[12] = '\0';

		(void)snprintf(skeyprompt, sizeof skeyprompt,
			      "otp-%.*s %d %.*s",
			      SKEY_MAX_HASHNAME_LEN,
			      skey_get_algorithm(),
			      99, SKEY_MAX_SEED_LEN, pbuf);
	}
	return skeyprompt;
}

#endif /* SKEY */
Commit	Line	Data
5260325f	1	#include "includes.h"
5260325f	2
91b8065d	3	#ifdef SKEY
8efc0c15	4	RCSID("$Id$");
	5
	6	#include "ssh.h"
57112b5a	7	#include "packet.h"
57112b5a	8
aa3378df	9	#ifdef HAVE_OPENSSL
2598df62	10	#include <openssl/sha.h>
aa3378df	11	#endif
aa3378df	12	#ifdef HAVE_SSL
2598df62	13	#include <ssl/sha.h>
aa3378df	14	#endif
8efc0c15	15
	16	/* from %OpenBSD: skeylogin.c,v 1.32 1999/08/16 14:46:56 millert Exp % */
	17
57112b5a	18	/*
	19	* try skey authentication,
	20	* return 1 on success, 0 on failure, -1 if skey is not available
	21	*/
	22
	23	int
	24	auth_skey_password(struct passwd * pw, const char *password)
	25	{
	26	if (strncasecmp(password, "s/key", 5) == 0) {
	27	char *skeyinfo = skey_keyinfo(pw->pw_name);
	28	if (skeyinfo == NULL) {
	29	debug("generating fake skeyinfo for %.100s.",
	30	pw->pw_name);
	31	skeyinfo = skey_fake_keyinfo(pw->pw_name);
	32	}
	33	if (skeyinfo != NULL)
	34	packet_send_debug(skeyinfo);
	35	/* Try again. */
	36	return 0;
	37	} else if (skey_haskey(pw->pw_name) == 0 &&
	38	skey_passcheck(pw->pw_name, (char *) password) != -1) {
	39	/* Authentication succeeded. */
	40	return 1;
	41	}
	42	/* Fall back to ordinary passwd authentication. */
	43	return -1;
	44	}
59625cbb	45
59625cbb	46	/* from %OpenBSD: skeylogin.c,v 1.32 1999/08/16 14:46:56 millert Exp % */
8efc0c15	47
	48	#define ROUND(x) (((x)[0] << 24) + (((x)[1]) << 16) + (((x)[2]) << 8) + \
	49	((x)[3]))
	50
	51	/*
	52	* hash_collapse()
	53	*/
	54	static u_int32_t
	55	hash_collapse(s)
	56	u_char *s;
	57	{
	58	int len, target;
	59	u_int32_t i;
	60
	61	if ((strlen(s) % sizeof(u_int32_t)) == 0)
	62	target = strlen(s); /* Multiple of 4 */
	63	else
	64	target = strlen(s) - (strlen(s) % sizeof(u_int32_t));
	65
	66	for (i = 0, len = 0; len < target; len += 4)
	67	i ^= ROUND(s + len);
	68
	69	return i;
	70	}
5260325f	71
8efc0c15	72	char *
	73	skey_fake_keyinfo(char *username)
	74	{
	75	int i;
	76	u_int ptr;
	77	u_char hseed[SKEY_MAX_SEED_LEN], flg = 1, *up;
	78	char pbuf[SKEY_MAX_PW_LEN+1];
	79	static char skeyprompt[SKEY_MAX_CHALLENGE+1];
	80	char *secret = NULL;
	81	size_t secretlen = 0;
2598df62	82	SHA_CTX ctx;
8efc0c15	83	char p, u;
2598df62	84	char md[SHA_DIGEST_LENGTH];
8efc0c15	85
	86	/*
	87	* Base first 4 chars of seed on hostname.
	88	* Add some filler for short hostnames if necessary.
	89	*/
	90	if (gethostname(pbuf, sizeof(pbuf)) == -1)
	91	*(p = pbuf) = '.';
	92	else
	93	for (p = pbuf; p && isalnum(p); p++)
	94	if (isalpha(p) && isupper(p))
	95	p = tolower(p);
	96	if (*p && pbuf - p < 4)
	97	(void)strncpy(p, "asjd", 4 - (pbuf - p));
	98	pbuf[4] = '\0';
	99
	100	/* Hash the username if possible */
2598df62	101	up = malloc(SHA_DIGEST_LENGTH);
2598df62	102	if (up != NULL) {
8efc0c15	103	struct stat sb;
	104	time_t t;
	105	int fd;
	106
2598df62	107	SHA1_Init(&ctx);
	108	SHA1_Update(&ctx, username, strlen(username));
	109	SHA1_End(&ctx, up);
	110
8efc0c15	111	/* Collapse the hash */
	112	ptr = hash_collapse(up);
	113	memset(up, 0, strlen(up));
	114
	115	/* See if the random file's there, else use ctime */
	116	if ((fd = open(_SKEY_RAND_FILE_PATH_, O_RDONLY)) != -1
	117	&& fstat(fd, &sb) == 0 &&
	118	sb.st_size > (off_t)SKEY_MAX_SEED_LEN &&
	119	lseek(fd, ptr % (sb.st_size - SKEY_MAX_SEED_LEN),
	120	SEEK_SET) != -1 && read(fd, hseed,
	121	SKEY_MAX_SEED_LEN) == SKEY_MAX_SEED_LEN) {
	122	close(fd);
a408af76	123	fd = -1;
8efc0c15	124	secret = hseed;
	125	secretlen = SKEY_MAX_SEED_LEN;
	126	flg = 0;
	127	} else if (!stat(_PATH_MEM, &sb) \|\| !stat("/", &sb)) {
	128	t = sb.st_ctime;
	129	secret = ctime(&t);
	130	secretlen = strlen(secret);
	131	flg = 0;
	132	}
a408af76	133	if (fd != -1)
a408af76	134	close(fd);
8efc0c15	135	}
	136
	137	/* Put that in your pipe and smoke it */
	138	if (flg == 0) {
	139	/* Hash secret value with username */
2598df62	140	SHA1_Init(&ctx);
	141	SHA1_Update(&ctx, secret, secretlen);
	142	SHA1_Update(&ctx, username, strlen(username));
	143	SHA1_End(&ctx, up);
8efc0c15	144
	145	/* Zero out */
	146	memset(secret, 0, secretlen);
	147
	148	/* Now hash the hash */
2598df62	149	SHA1_Init(&ctx);
	150	SHA1_Update(&ctx, up, strlen(up));
	151	SHA1_End(&ctx, up);
8efc0c15	152
	153	ptr = hash_collapse(up + 4);
	154
	155	for (i = 4; i < 9; i++) {
	156	pbuf[i] = (ptr % 10) + '0';
	157	ptr /= 10;
	158	}
	159	pbuf[i] = '\0';
	160
	161	/* Sequence number */
	162	ptr = ((up[2] + up[3]) % 99) + 1;
	163
2598df62	164	memset(up, 0, SHA_DIGEST_LENGTH); /* SHA1 specific */
8efc0c15	165	free(up);
	166
	167	(void)snprintf(skeyprompt, sizeof skeyprompt,
	168	"otp-%.s %d %.s",
	169	SKEY_MAX_HASHNAME_LEN,
	170	skey_get_algorithm(),
	171	ptr, SKEY_MAX_SEED_LEN,
	172	pbuf);
	173	} else {
	174	/* Base last 8 chars of seed on username */
	175	u = username;
	176	i = 8;
	177	p = &pbuf[4];
	178	do {
	179	if (*u == 0) {
	180	/* Pad remainder with zeros */
	181	while (--i >= 0)
	182	*p++ = '0';
	183	break;
	184	}
	185
	186	p++ = (u++ % 10) + '0';
	187	} while (--i != 0);
	188	pbuf[12] = '\0';
	189
	190	(void)snprintf(skeyprompt, sizeof skeyprompt,
	191	"otp-%.s %d %.s",
	192	SKEY_MAX_HASHNAME_LEN,
	193	skey_get_algorithm(),
	194	99, SKEY_MAX_SEED_LEN, pbuf);
	195	}
	196	return skeyprompt;
	197	}
91b8065d	198
5260325f	199	#endif /* SKEY */