]> andersk Git - openssh.git/blame - sshconnect.c
andersk / openssh.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Further cleanup of askpass autoconf support, enable GNOME askpass option
[openssh.git] / sshconnect.c
CommitLineData
8efc0c15 1/*
2
3sshconnect.c
4
5Author: Tatu Ylonen <ylo@cs.hut.fi>
6
7Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
8 All rights reserved
9
10Created: Sat Mar 18 22:15:47 1995 ylo
11
12Code to connect to a remote host, and to perform the client side of the
13login (authentication) dialog.
14
15*/
16
17#include "includes.h"
18RCSID("$Id$");
19
5881cd60 20#ifdef HAVE_OPENSSL
8efc0c15 21#include <openssl/bn.h>
5881cd60 22#include <openssl/md5.h>
23#endif
24#ifdef HAVE_SSL
25#include <ssl/bn.h>
26#include <ssl/md5.h>
27#endif
28
8efc0c15 29#include "xmalloc.h"
30#include "rsa.h"
31#include "ssh.h"
32#include "packet.h"
33#include "authfd.h"
34#include "cipher.h"
35#include "mpaux.h"
36#include "uidswap.h"
37#include "compat.h"
6fa724bc 38#include "readconf.h"
8efc0c15 39
40/* Session id for the current session. */
41unsigned char session_id[16];
42
43/* Connect to the given ssh server using a proxy command. */
44
45int
46ssh_proxy_connect(const char *host, int port, uid_t original_real_uid,
47 const char *proxy_command)
48{
49 Buffer command;
50 const char *cp;
51 char *command_string;
52 int pin[2], pout[2];
53 int pid;
54 char portstring[100];
55
56 /* Convert the port number into a string. */
57 snprintf(portstring, sizeof portstring, "%d", port);
58
59 /* Build the final command string in the buffer by making the appropriate
60 substitutions to the given proxy command. */
61 buffer_init(&command);
62 for (cp = proxy_command; *cp; cp++)
63 {
64 if (cp[0] == '%' && cp[1] == '%')
65 {
66 buffer_append(&command, "%", 1);
67 cp++;
68 continue;
69 }
70 if (cp[0] == '%' && cp[1] == 'h')
71 {
72 buffer_append(&command, host, strlen(host));
73 cp++;
74 continue;
75 }
76 if (cp[0] == '%' && cp[1] == 'p')
77 {
78 buffer_append(&command, portstring, strlen(portstring));
79 cp++;
80 continue;
81 }
82 buffer_append(&command, cp, 1);
83 }
84 buffer_append(&command, "\0", 1);
85
86 /* Get the final command string. */
87 command_string = buffer_ptr(&command);
88
89 /* Create pipes for communicating with the proxy. */
90 if (pipe(pin) < 0 || pipe(pout) < 0)
91 fatal("Could not create pipes to communicate with the proxy: %.100s",
92 strerror(errno));
93
94 debug("Executing proxy command: %.500s", command_string);
95
96 /* Fork and execute the proxy command. */
97 if ((pid = fork()) == 0)
98 {
99 char *argv[10];
100
101 /* Child. Permanently give up superuser privileges. */
102 permanently_set_uid(original_real_uid);
103
104 /* Redirect stdin and stdout. */
105 close(pin[1]);
106 if (pin[0] != 0)
107 {
108 if (dup2(pin[0], 0) < 0)
109 perror("dup2 stdin");
110 close(pin[0]);
111 }
112 close(pout[0]);
113 if (dup2(pout[1], 1) < 0)
114 perror("dup2 stdout");
115 close(pout[1]); /* Cannot be 1 because pin allocated two descriptors. */
116
117 /* Stderr is left as it is so that error messages get printed on
118 the user's terminal. */
119 argv[0] = "/bin/sh";
120 argv[1] = "-c";
121 argv[2] = command_string;
122 argv[3] = NULL;
123
124 /* Execute the proxy command. Note that we gave up any extra
125 privileges above. */
126 execv("/bin/sh", argv);
127 perror("/bin/sh");
128 exit(1);
129 }
130 /* Parent. */
131 if (pid < 0)
132 fatal("fork failed: %.100s", strerror(errno));
133
134 /* Close child side of the descriptors. */
135 close(pin[0]);
136 close(pout[1]);
137
138 /* Free the command name. */
139 buffer_free(&command);
140
141 /* Set the connection file descriptors. */
142 packet_set_connection(pout[0], pin[1]);
143
144 return 1;
145}
146
147/* Creates a (possibly privileged) socket for use as the ssh connection. */
148
149int ssh_create_socket(uid_t original_real_uid, int privileged)
150{
151 int sock;
152
153 /* If we are running as root and want to connect to a privileged port,
154 bind our own socket to a privileged port. */
155 if (privileged)
156 {
157 int p = IPPORT_RESERVED - 1;
158
159 sock = rresvport(&p);
160 if (sock < 0)
161 fatal("rresvport: %.100s", strerror(errno));
162 debug("Allocated local port %d.", p);
163 }
164 else
165 {
166 /* Just create an ordinary socket on arbitrary port. We use the
167 user's uid to create the socket. */
168 temporarily_use_uid(original_real_uid);
169 sock = socket(AF_INET, SOCK_STREAM, 0);
170 if (sock < 0)
171 fatal("socket: %.100s", strerror(errno));
172 restore_uid();
173 }
174 return sock;
175}
176
177/* Opens a TCP/IP connection to the remote server on the given host. If
178 port is 0, the default port will be used. If anonymous is zero,
179 a privileged port will be allocated to make the connection.
180 This requires super-user privileges if anonymous is false.
181 Connection_attempts specifies the maximum number of tries (one per
182 second). If proxy_command is non-NULL, it specifies the command (with %h
183 and %p substituted for host and port, respectively) to use to contact
184 the daemon. */
185
186int ssh_connect(const char *host, struct sockaddr_in *hostaddr,
187 int port, int connection_attempts,
188 int anonymous, uid_t original_real_uid,
189 const char *proxy_command)
190{
191 int sock = -1, attempt, i;
192 int on = 1;
193 struct servent *sp;
194 struct hostent *hp;
195 struct linger linger;
196
197 debug("ssh_connect: getuid %d geteuid %d anon %d",
198 (int)getuid(), (int)geteuid(), anonymous);
199
200 /* Get default port if port has not been set. */
201 if (port == 0)
202 {
203 sp = getservbyname(SSH_SERVICE_NAME, "tcp");
204 if (sp)
205 port = ntohs(sp->s_port);
206 else
207 port = SSH_DEFAULT_PORT;
208 }
209
210 /* If a proxy command is given, connect using it. */
211 if (proxy_command != NULL)
212 return ssh_proxy_connect(host, port, original_real_uid, proxy_command);
213
214 /* No proxy command. */
215
216 /* No host lookup made yet. */
217 hp = NULL;
218
219 /* Try to connect several times. On some machines, the first time will
220 sometimes fail. In general socket code appears to behave quite
221 magically on many machines. */
222 for (attempt = 0; attempt < connection_attempts; attempt++)
223 {
224 if (attempt > 0)
225 debug("Trying again...");
226
227 /* Try to parse the host name as a numeric inet address. */
228 memset(hostaddr, 0, sizeof(hostaddr));
229 hostaddr->sin_family = AF_INET;
230 hostaddr->sin_port = htons(port);
231 hostaddr->sin_addr.s_addr = inet_addr(host);
232 if ((hostaddr->sin_addr.s_addr & 0xffffffff) != 0xffffffff)
233 {
234 /* Valid numeric IP address */
235 debug("Connecting to %.100s port %d.",
236 inet_ntoa(hostaddr->sin_addr), port);
237
238 /* Create a socket. */
239 sock = ssh_create_socket(original_real_uid,
240 !anonymous && geteuid() == 0 &&
241 port < IPPORT_RESERVED);
242
243 /* Connect to the host. We use the user's uid in the hope that
244 it will help with the problems of tcp_wrappers showing the
245 remote uid as root. */
246 temporarily_use_uid(original_real_uid);
247 if (connect(sock, (struct sockaddr *)hostaddr, sizeof(*hostaddr))
248 >= 0)
249 {
250 /* Successful connect. */
251 restore_uid();
252 break;
253 }
254 debug("connect: %.100s", strerror(errno));
255 restore_uid();
256
257 /* Destroy the failed socket. */
258 shutdown(sock, SHUT_RDWR);
259 close(sock);
260 }
261 else
262 {
263 /* Not a valid numeric inet address. */
264 /* Map host name to an address. */
265 if (!hp)
266 hp = gethostbyname(host);
267 if (!hp)
268 fatal("Bad host name: %.100s", host);
269 if (!hp->h_addr_list[0])
270 fatal("Host does not have an IP address: %.100s", host);
271
272 /* Loop through addresses for this host, and try each one in
273 sequence until the connection succeeds. */
274 for (i = 0; hp->h_addr_list[i]; i++)
275 {
276 /* Set the address to connect to. */
277 hostaddr->sin_family = hp->h_addrtype;
278 memcpy(&hostaddr->sin_addr, hp->h_addr_list[i],
279 sizeof(hostaddr->sin_addr));
280
281 debug("Connecting to %.200s [%.100s] port %d.",
282 host, inet_ntoa(hostaddr->sin_addr), port);
283
284 /* Create a socket for connecting. */
285 sock = ssh_create_socket(original_real_uid,
286 !anonymous && geteuid() == 0 &&
287 port < IPPORT_RESERVED);
288
289 /* Connect to the host. We use the user's uid in the hope that
290 it will help with tcp_wrappers showing the remote uid as
291 root. */
292 temporarily_use_uid(original_real_uid);
293 if (connect(sock, (struct sockaddr *)hostaddr,
294 sizeof(*hostaddr)) >= 0)
295 {
296 /* Successful connection. */
297 restore_uid();
298 break;
299 }
300 debug("connect: %.100s", strerror(errno));
301 restore_uid();
302
303 /* Close the failed socket; there appear to be some problems
304 when reusing a socket for which connect() has already
305 returned an error. */
306 shutdown(sock, SHUT_RDWR);
307 close(sock);
308 }
309 if (hp->h_addr_list[i])
310 break; /* Successful connection. */
311 }
312
313 /* Sleep a moment before retrying. */
314 sleep(1);
315 }
316 /* Return failure if we didn't get a successful connection. */
317 if (attempt >= connection_attempts)
318 return 0;
319
320 debug("Connection established.");
321
322 /* Set socket options. We would like the socket to disappear as soon as
323 it has been closed for whatever reason. */
324 /* setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void *)&on, sizeof(on)); */
325 setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, (void *)&on, sizeof(on));
326 linger.l_onoff = 1;
327 linger.l_linger = 5;
328 setsockopt(sock, SOL_SOCKET, SO_LINGER, (void *)&linger, sizeof(linger));
329
330 /* Set the connection. */
331 packet_set_connection(sock, sock);
332
333 return 1;
334}
335
336/* Checks if the user has an authentication agent, and if so, tries to
337 authenticate using the agent. */
338
339int
340try_agent_authentication()
341{
342 int status, type, bits;
343 char *comment;
344 AuthenticationConnection *auth;
345 unsigned char response[16];
346 unsigned int i;
347 BIGNUM *e, *n, *challenge;
348
349 /* Get connection to the agent. */
350 auth = ssh_get_authentication_connection();
351 if (!auth)
352 return 0;
353
354 e = BN_new();
355 n = BN_new();
356 challenge = BN_new();
357
358 /* Loop through identities served by the agent. */
359 for (status = ssh_get_first_identity(auth, &bits, e, n, &comment);
360 status;
361 status = ssh_get_next_identity(auth, &bits, e, n, &comment))
362 {
363 int plen, clen;
364
365 /* Try this identity. */
366 debug("Trying RSA authentication via agent with '%.100s'", comment);
367 xfree(comment);
368
369 /* Tell the server that we are willing to authenticate using this key. */
370 packet_start(SSH_CMSG_AUTH_RSA);
371 packet_put_bignum(n);
372 packet_send();
373 packet_write_wait();
374
375 /* Wait for server's response. */
376 type = packet_read(&plen);
377
378 /* The server sends failure if it doesn\'t like our key or does not
379 support RSA authentication. */
380 if (type == SSH_SMSG_FAILURE)
381 {
382 debug("Server refused our key.");
383 continue;
384 }
385
386 /* Otherwise it should have sent a challenge. */
387 if (type != SSH_SMSG_AUTH_RSA_CHALLENGE)
388 packet_disconnect("Protocol error during RSA authentication: %d",
389 type);
390
391 packet_get_bignum(challenge, &clen);
392
393 packet_integrity_check(plen, clen, type);
394
395 debug("Received RSA challenge from server.");
396
397 /* Ask the agent to decrypt the challenge. */
398 if (!ssh_decrypt_challenge(auth, bits, e, n, challenge,
399 session_id, 1, response))
400 {
401 /* The agent failed to authenticate this identifier although it
402 advertised it supports this. Just return a wrong value. */
403 log("Authentication agent failed to decrypt challenge.");
404 memset(response, 0, sizeof(response));
405 }
406
407 debug("Sending response to RSA challenge.");
408
409 /* Send the decrypted challenge back to the server. */
410 packet_start(SSH_CMSG_AUTH_RSA_RESPONSE);
411 for (i = 0; i < 16; i++)
412 packet_put_char(response[i]);
413 packet_send();
414 packet_write_wait();
415
416 /* Wait for response from the server. */
417 type = packet_read(&plen);
418
419 /* The server returns success if it accepted the authentication. */
420 if (type == SSH_SMSG_SUCCESS)
421 {
422 debug("RSA authentication accepted by server.");
423 BN_clear_free(e);
424 BN_clear_free(n);
425 BN_clear_free(challenge);
426 return 1;
427 }
428
429 /* Otherwise it should return failure. */
430 if (type != SSH_SMSG_FAILURE)
431 packet_disconnect("Protocol error waiting RSA auth response: %d",
432 type);
433 }
434
435 BN_clear_free(e);
436 BN_clear_free(n);
437 BN_clear_free(challenge);
438
439 debug("RSA authentication using agent refused.");
440 return 0;
441}
442
443/* Computes the proper response to a RSA challenge, and sends the response to
444 the server. */
445
446void
447respond_to_rsa_challenge(BIGNUM *challenge, RSA *prv)
448{
449 unsigned char buf[32], response[16];
450 MD5_CTX md;
451 int i, len;
452
453 /* Decrypt the challenge using the private key. */
454 rsa_private_decrypt(challenge, challenge, prv);
455
456 /* Compute the response. */
457 /* The response is MD5 of decrypted challenge plus session id. */
458 len = BN_num_bytes(challenge);
5bae4ab8 459 if (len <= 0 || len > sizeof(buf))
460 packet_disconnect("respond_to_rsa_challenge: bad challenge length %d",
461 len);
462
8efc0c15 463 memset(buf, 0, sizeof(buf));
464 BN_bn2bin(challenge, buf + sizeof(buf) - len);
465 MD5_Init(&md);
466 MD5_Update(&md, buf, 32);
467 MD5_Update(&md, session_id, 16);
468 MD5_Final(response, &md);
469
470 debug("Sending response to host key RSA challenge.");
471
472 /* Send the response back to the server. */
473 packet_start(SSH_CMSG_AUTH_RSA_RESPONSE);
474 for (i = 0; i < 16; i++)
475 packet_put_char(response[i]);
476 packet_send();
477 packet_write_wait();
478
479 memset(buf, 0, sizeof(buf));
480 memset(response, 0, sizeof(response));
481 memset(&md, 0, sizeof(md));
482}
483
484/* Checks if the user has authentication file, and if so, tries to authenticate
485 the user using it. */
486
487int
6fa724bc 488try_rsa_authentication(struct passwd *pw, const char *authfile)
8efc0c15 489{
6fa724bc 490 extern Options options;
8efc0c15 491 BIGNUM *challenge;
492 RSA *private_key;
493 RSA *public_key;
494 char *passphrase, *comment;
495 int type, i;
496 int plen, clen;
497
498 /* Try to load identification for the authentication key. */
499 public_key = RSA_new();
500 if (!load_public_key(authfile, public_key, &comment)) {
501 RSA_free(public_key);
502 return 0; /* Could not load it. Fail. */
503 }
504
505 debug("Trying RSA authentication with key '%.100s'", comment);
506
507 /* Tell the server that we are willing to authenticate using this key. */
508 packet_start(SSH_CMSG_AUTH_RSA);
509 packet_put_bignum(public_key->n);
510 packet_send();
511 packet_write_wait();
512
513 /* We no longer need the public key. */
514 RSA_free(public_key);
515
516 /* Wait for server's response. */
517 type = packet_read(&plen);
518
519 /* The server responds with failure if it doesn\'t like our key or doesn\'t
520 support RSA authentication. */
521 if (type == SSH_SMSG_FAILURE)
522 {
523 debug("Server refused our key.");
524 xfree(comment);
525 return 0; /* Server refuses to authenticate with this key. */
526 }
527
528 /* Otherwise, the server should respond with a challenge. */
529 if (type != SSH_SMSG_AUTH_RSA_CHALLENGE)
530 packet_disconnect("Protocol error during RSA authentication: %d", type);
531
532 /* Get the challenge from the packet. */
533 challenge = BN_new();
534 packet_get_bignum(challenge, &clen);
535
536 packet_integrity_check(plen, clen, type);
537
538 debug("Received RSA challenge from server.");
539
540 private_key = RSA_new();
541 /* Load the private key. Try first with empty passphrase; if it fails,
542 ask for a passphrase. */
543 if (!load_private_key(authfile, "", private_key, NULL))
544 {
545 char buf[300];
546 /* Request passphrase from the user. We read from /dev/tty to make
547 this work even if stdin has been redirected. If running in
548 batch mode, we just use the empty passphrase, which will fail and
549 return. */
550 snprintf(buf, sizeof buf,
551 "Enter passphrase for RSA key '%.100s': ", comment);
6fa724bc 552 if (!options.batch_mode)
8efc0c15 553 passphrase = read_passphrase(buf, 0);
554 else
555 {
556 debug("Will not query passphrase for %.100s in batch mode.",
557 comment);
558 passphrase = xstrdup("");
559 }
560
561 /* Load the authentication file using the pasphrase. */
562 if (!load_private_key(authfile, passphrase, private_key, NULL))
563 {
564 memset(passphrase, 0, strlen(passphrase));
565 xfree(passphrase);
566 error("Bad passphrase.");
567
568 /* Send a dummy response packet to avoid protocol error. */
569 packet_start(SSH_CMSG_AUTH_RSA_RESPONSE);
570 for (i = 0; i < 16; i++)
571 packet_put_char(0);
572 packet_send();
573 packet_write_wait();
574
575 /* Expect the server to reject it... */
576 packet_read_expect(&plen, SSH_SMSG_FAILURE);
577 xfree(comment);
578 return 0;
579 }
580
581 /* Destroy the passphrase. */
582 memset(passphrase, 0, strlen(passphrase));
583 xfree(passphrase);
584 }
585
586 /* We no longer need the comment. */
587 xfree(comment);
588
589 /* Compute and send a response to the challenge. */
590 respond_to_rsa_challenge(challenge, private_key);
591
592 /* Destroy the private key. */
593 RSA_free(private_key);
594
595 /* We no longer need the challenge. */
596 BN_clear_free(challenge);
597
598 /* Wait for response from the server. */
599 type = packet_read(&plen);
600 if (type == SSH_SMSG_SUCCESS)
601 {
602 debug("RSA authentication accepted by server.");
603 return 1;
604 }
605 if (type != SSH_SMSG_FAILURE)
606 packet_disconnect("Protocol error waiting RSA auth response: %d", type);
607 debug("RSA authentication refused.");
608 return 0;
609}
610
611/* Tries to authenticate the user using combined rhosts or /etc/hosts.equiv
612 authentication and RSA host authentication. */
613
614int
615try_rhosts_rsa_authentication(const char *local_user, RSA *host_key)
616{
617 int type;
618 BIGNUM *challenge;
619 int plen, clen;
620
621 debug("Trying rhosts or /etc/hosts.equiv with RSA host authentication.");
622
623 /* Tell the server that we are willing to authenticate using this key. */
624 packet_start(SSH_CMSG_AUTH_RHOSTS_RSA);
625 packet_put_string(local_user, strlen(local_user));
626 packet_put_int(BN_num_bits(host_key->n));
627 packet_put_bignum(host_key->e);
628 packet_put_bignum(host_key->n);
629 packet_send();
630 packet_write_wait();
631
632 /* Wait for server's response. */
633 type = packet_read(&plen);
634
635 /* The server responds with failure if it doesn't admit our .rhosts
636 authentication or doesn't know our host key. */
637 if (type == SSH_SMSG_FAILURE)
638 {
639 debug("Server refused our rhosts authentication or host key.");
640 return 0; /* Server refuses to authenticate us with this method. */
641 }
642
643 /* Otherwise, the server should respond with a challenge. */
644 if (type != SSH_SMSG_AUTH_RSA_CHALLENGE)
645 packet_disconnect("Protocol error during RSA authentication: %d", type);
646
647 /* Get the challenge from the packet. */
648 challenge = BN_new();
649 packet_get_bignum(challenge, &clen);
650
651 packet_integrity_check(plen, clen, type);
652
653 debug("Received RSA challenge for host key from server.");
654
655 /* Compute a response to the challenge. */
656 respond_to_rsa_challenge(challenge, host_key);
657
658 /* We no longer need the challenge. */
659 BN_clear_free(challenge);
660
661 /* Wait for response from the server. */
662 type = packet_read(&plen);
663 if (type == SSH_SMSG_SUCCESS)
664 {
665 debug("Rhosts or /etc/hosts.equiv with RSA host authentication accepted by server.");
666 return 1;
667 }
668 if (type != SSH_SMSG_FAILURE)
669 packet_disconnect("Protocol error waiting RSA auth response: %d", type);
670 debug("Rhosts or /etc/hosts.equiv with RSA host authentication refused.");
671 return 0;
672}
673
674#ifdef KRB4
675int try_kerberos_authentication()
676{
677 KTEXT_ST auth; /* Kerberos data */
678 char *reply;
679 char inst[INST_SZ];
680 char *realm;
681 CREDENTIALS cred;
682 int r, type, plen;
683 Key_schedule schedule;
684 u_long checksum, cksum;
685 MSG_DAT msg_data;
686 struct sockaddr_in local, foreign;
687 struct stat st;
688
689 /* Don't do anything if we don't have any tickets. */
690 if (stat(tkt_string(), &st) < 0) return 0;
691
692 strncpy(inst, (char *) krb_get_phost(get_canonical_hostname()), INST_SZ);
693
694 realm = (char *)krb_realmofhost(get_canonical_hostname());
695 if (!realm) {
696 debug("Kerberos V4: no realm for %s", get_canonical_hostname());
697 return 0;
698 }
699 /* This can really be anything. */
700 checksum = (u_long) getpid();
701
702 r = krb_mk_req(&auth, KRB4_SERVICE_NAME, inst, realm, checksum);
703 if (r != KSUCCESS) {
704 debug("Kerberos V4 krb_mk_req failed: %s", krb_err_txt[r]);
705 return 0;
706 }
707 /* Get session key to decrypt the server's reply with. */
708 r = krb_get_cred(KRB4_SERVICE_NAME, inst, realm, &cred);
709 if (r != KSUCCESS) {
710 debug("get_cred failed: %s", krb_err_txt[r]);
711 return 0;
712 }
713 des_key_sched((des_cblock *)cred.session, schedule);
714
715 /* Send authentication info to server. */
716 packet_start(SSH_CMSG_AUTH_KERBEROS);
717 packet_put_string((char *)auth.dat, auth.length);
718 packet_send();
719 packet_write_wait();
720
721 /* Zero the buffer. */
722 (void) memset(auth.dat, 0, MAX_KTXT_LEN);
723
724 r = sizeof(local);
725 memset(&local, 0, sizeof(local));
726 if (getsockname(packet_get_connection_in(),
727 (struct sockaddr *) &local, &r) < 0)
728 debug("getsockname failed: %s", strerror(errno));
729
730 r = sizeof(foreign);
731 memset(&foreign, 0, sizeof(foreign));
732 if (getpeername(packet_get_connection_in(),
733 (struct sockaddr *)&foreign, &r) < 0)
734 debug("getpeername failed: %s", strerror(errno));
735
736 /* Get server reply. */
737 type = packet_read(&plen);
738 switch(type) {
739
740 case SSH_SMSG_FAILURE: /* Should really be SSH_SMSG_AUTH_KERBEROS_FAILURE */
741 debug("Kerberos V4 authentication failed.");
742 return 0;
743 break;
744
745 case SSH_SMSG_AUTH_KERBEROS_RESPONSE: /* SSH_SMSG_AUTH_KERBEROS_SUCCESS */
746 debug("Kerberos V4 authentication accepted.");
747
748 /* Get server's response. */
749 reply = packet_get_string((unsigned int *)&auth.length);
750 memcpy(auth.dat, reply, auth.length);
751 xfree(reply);
752
753 packet_integrity_check(plen, 4 + auth.length, type);
754
755 /* If his response isn't properly encrypted with the session key,
756 and the decrypted checksum fails to match, he's bogus. Bail out. */
757 r = krb_rd_priv(auth.dat, auth.length, schedule, &cred.session,
758 &foreign, &local, &msg_data);
759 if (r != KSUCCESS) {
760 debug("Kerberos V4 krb_rd_priv failed: %s", krb_err_txt[r]);
761 packet_disconnect("Kerberos V4 challenge failed!");
762 }
763 /* Fetch the (incremented) checksum that we supplied in the request. */
764 (void)memcpy((char *)&cksum, (char *)msg_data.app_data, sizeof(cksum));
765 cksum = ntohl(cksum);
766
767 /* If it matches, we're golden. */
768 if (cksum == checksum + 1) {
769 debug("Kerberos V4 challenge successful.");
770 return 1;
771 }
772 else
773 packet_disconnect("Kerberos V4 challenge failed!");
774 break;
775
776 default:
777 packet_disconnect("Protocol error on Kerberos V4 response: %d", type);
778 }
779 return 0;
780}
781#endif /* KRB4 */
782
783#ifdef AFS
784int send_kerberos_tgt()
785{
786 CREDENTIALS *creds;
787 char pname[ANAME_SZ], pinst[INST_SZ], prealm[REALM_SZ];
788 int r, type, plen;
789 unsigned char buffer[8192];
790 struct stat st;
791
792 /* Don't do anything if we don't have any tickets. */
793 if (stat(tkt_string(), &st) < 0) return 0;
794
795 creds = xmalloc(sizeof(*creds));
796
797 if ((r = krb_get_tf_fullname(TKT_FILE, pname, pinst, prealm)) != KSUCCESS) {
798 debug("Kerberos V4 tf_fullname failed: %s",krb_err_txt[r]);
799 return 0;
800 }
801 if ((r = krb_get_cred("krbtgt", prealm, prealm, creds)) != GC_OK) {
802 debug("Kerberos V4 get_cred failed: %s", krb_err_txt[r]);
803 return 0;
804 }
805 if (time(0) > krb_life_to_time(creds->issue_date, creds->lifetime)) {
806 debug("Kerberos V4 ticket expired: %s", TKT_FILE);
807 return 0;
808 }
809
810 creds_to_radix(creds, buffer);
811 xfree(creds);
812
813 packet_start(SSH_CMSG_HAVE_KERBEROS_TGT);
814 packet_put_string((char *)buffer, strlen(buffer));
815 packet_send();
816 packet_write_wait();
817
818 type = packet_read(&plen);
819
820 if (type == SSH_SMSG_FAILURE)
821 debug("Kerberos TGT for realm %s rejected.", prealm);
822 else if (type != SSH_SMSG_SUCCESS)
823 packet_disconnect("Protocol error on Kerberos TGT response: %d", type);
824
825 return 1;
826}
827
828void send_afs_tokens(void)
829{
830 CREDENTIALS creds;
831 struct ViceIoctl parms;
832 struct ClearToken ct;
833 int i, type, len, plen;
834 char buf[2048], *p, *server_cell;
835 unsigned char buffer[8192];
836
837 /* Move over ktc_GetToken, here's something leaner. */
838 for (i = 0; i < 100; i++) { /* just in case */
839 parms.in = (char *)&i;
840 parms.in_size = sizeof(i);
841 parms.out = buf;
842 parms.out_size = sizeof(buf);
843 if (k_pioctl(0, VIOCGETTOK, &parms, 0) != 0) break;
844 p = buf;
845
846 /* Get secret token. */
847 memcpy(&creds.ticket_st.length, p, sizeof(unsigned int));
848 if (creds.ticket_st.length > MAX_KTXT_LEN) break;
849 p += sizeof(unsigned int);
850 memcpy(creds.ticket_st.dat, p, creds.ticket_st.length);
851 p += creds.ticket_st.length;
852
853 /* Get clear token. */
854 memcpy(&len, p, sizeof(len));
855 if (len != sizeof(struct ClearToken)) break;
856 p += sizeof(len);
857 memcpy(&ct, p, len);
858 p += len;
859 p += sizeof(len); /* primary flag */
860 server_cell = p;
861
862 /* Flesh out our credentials. */
863 strlcpy(creds.service, "afs", sizeof creds.service);
864 creds.instance[0] = '\0';
865 strlcpy(creds.realm, server_cell, REALM_SZ);
866 memcpy(creds.session, ct.HandShakeKey, DES_KEY_SZ);
867 creds.issue_date = ct.BeginTimestamp;
868 creds.lifetime = krb_time_to_life(creds.issue_date, ct.EndTimestamp);
869 creds.kvno = ct.AuthHandle;
870 snprintf(creds.pname, sizeof(creds.pname), "AFS ID %d", ct.ViceId);
871 creds.pinst[0] = '\0';
872
873 /* Encode token, ship it off. */
874 if (!creds_to_radix(&creds, buffer)) break;
875 packet_start(SSH_CMSG_HAVE_AFS_TOKEN);
876 packet_put_string((char *)buffer, strlen(buffer));
877 packet_send();
878 packet_write_wait();
879
880 /* Roger, Roger. Clearance, Clarence. What's your vector, Victor? */
881 type = packet_read(&plen);
882
883 if (type == SSH_SMSG_FAILURE)
884 debug("AFS token for cell %s rejected.", server_cell);
885 else if (type != SSH_SMSG_SUCCESS)
886 packet_disconnect("Protocol error on AFS token response: %d", type);
887 }
888}
889#endif /* AFS */
890
891/* Waits for the server identification string, and sends our own identification
892 string. */
893
894void ssh_exchange_identification()
895{
896 char buf[256], remote_version[256]; /* must be same size! */
897 int remote_major, remote_minor, i;
898 int connection_in = packet_get_connection_in();
899 int connection_out = packet_get_connection_out();
900 extern Options options;
901
902 /* Read other side\'s version identification. */
903 for (i = 0; i < sizeof(buf) - 1; i++)
904 {
905 if (read(connection_in, &buf[i], 1) != 1)
906 fatal("read: %.100s", strerror(errno));
907 if (buf[i] == '\r')
908 {
909 buf[i] = '\n';
910 buf[i + 1] = 0;
911 break;
912 }
913 if (buf[i] == '\n')
914 {
915 buf[i + 1] = 0;
916 break;
917 }
918 }
919 buf[sizeof(buf) - 1] = 0;
920
921 /* Check that the versions match. In future this might accept several
922 versions and set appropriate flags to handle them. */
923 if (sscanf(buf, "SSH-%d.%d-%[^\n]\n", &remote_major, &remote_minor,
924 remote_version) != 3)
925 fatal("Bad remote protocol version identification: '%.100s'", buf);
926 debug("Remote protocol version %d.%d, remote software version %.100s",
927 remote_major, remote_minor, remote_version);
928
929 /* Check if the remote protocol version is too old. */
930 if (remote_major == 1 && remote_minor < 3)
931 fatal("Remote machine has too old SSH software version.");
932
933 /* We speak 1.3, too. */
934 if (remote_major == 1 && remote_minor == 3) {
935 enable_compat13();
936 if (options.forward_agent && strcmp(remote_version, SSH_VERSION) != 0) {
937 log("Agent forwarding disabled, remote version '%s' is not compatible.",
938 remote_version);
939 options.forward_agent = 0;
940 }
941 }
942#if 0
943 /* Removed for now, to permit compatibility with latter versions. The server
944 will reject our version and disconnect if it doesn't support it. */
945 if (remote_major != PROTOCOL_MAJOR)
946 fatal("Protocol major versions differ: %d vs. %d",
947 PROTOCOL_MAJOR, remote_major);
948#endif
949
950 /* Send our own protocol version identification. */
951 snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s\n",
952 PROTOCOL_MAJOR, PROTOCOL_MINOR, SSH_VERSION);
953 if (write(connection_out, buf, strlen(buf)) != strlen(buf))
954 fatal("write: %.100s", strerror(errno));
955}
956
957int ssh_cipher_default = SSH_CIPHER_3DES;
958
959int read_yes_or_no(const char *prompt, int defval)
960{
961 char buf[1024];
962 FILE *f;
963 int retval = -1;
964
965 if (isatty(0))
966 f = stdin;
967 else
968 f = fopen("/dev/tty", "rw");
969
970 if (f == NULL)
971 return 0;
972
973 fflush(stdout);
974
975 while (1)
976 {
977 fprintf(stderr, "%s", prompt);
978 if (fgets(buf, sizeof(buf), f) == NULL)
979 {
980 /* Print a newline (the prompt probably didn\'t have one). */
981 fprintf(stderr, "\n");
982 strlcpy(buf, "no", sizeof buf);
983 }
984 /* Remove newline from response. */
985 if (strchr(buf, '\n'))
986 *strchr(buf, '\n') = 0;
987
988 if (buf[0] == 0)
989 retval = defval;
990 if (strcmp(buf, "yes") == 0)
991 retval = 1;
992 if (strcmp(buf, "no") == 0)
993 retval = 0;
994
995 if (retval != -1)
996 {
997 if (f != stdin)
998 fclose(f);
999 return retval;
1000 }
1001 }
1002}
1003
1004/* Starts a dialog with the server, and authenticates the current user on the
1005 server. This does not need any extra privileges. The basic connection
1006 to the server must already have been established before this is called.
1007 User is the remote user; if it is NULL, the current local user name will
1008 be used. Anonymous indicates that no rhosts authentication will be used.
1009 If login fails, this function prints an error and never returns.
1010 This function does not require super-user privileges. */
1011
1012void ssh_login(int host_key_valid,
1013 RSA *own_host_key,
1014 const char *orighost,
1015 struct sockaddr_in *hostaddr,
6fa724bc 1016 uid_t original_real_uid)
8efc0c15 1017{
6fa724bc 1018 extern Options options;
8efc0c15 1019 int i, type;
1020 char *password;
1021 struct passwd *pw;
1022 BIGNUM *key;
1023 RSA *host_key, *file_key;
1024 RSA *public_key;
560557bb 1025 int bits, rbits;
8efc0c15 1026 unsigned char session_key[SSH_SESSION_KEY_LENGTH];
1027 const char *server_user, *local_user;
1028 char *cp, *host, *ip = NULL;
1029 unsigned char check_bytes[8];
1030 unsigned int supported_ciphers, supported_authentications, protocol_flags;
1031 HostStatus host_status;
1032 HostStatus ip_status;
1033 int host_ip_differ = 0;
1034 int local = (ntohl(hostaddr->sin_addr.s_addr) >> 24) == IN_LOOPBACKNET;
1035 int payload_len, clen, sum_len = 0;
1036 u_int32_t rand = 0;
1037
6fa724bc 1038 if (options.check_host_ip)
8efc0c15 1039 ip = xstrdup(inet_ntoa(hostaddr->sin_addr));
1040
1041 /* Convert the user-supplied hostname into all lowercase. */
1042 host = xstrdup(orighost);
1043 for (cp = host; *cp; cp++)
1044 if (isupper(*cp))
1045 *cp = tolower(*cp);
1046
1047 /* Exchange protocol version identification strings with the server. */
1048 ssh_exchange_identification();
1049
1050 /* Put the connection into non-blocking mode. */
1051 packet_set_nonblocking();
1052
1053 /* Get local user name. Use it as server user if no user name
1054 was given. */
1055 pw = getpwuid(original_real_uid);
1056 if (!pw)
1057 fatal("User id %d not found from user database.", original_real_uid);
1058 local_user = xstrdup(pw->pw_name);
6fa724bc 1059 server_user = options.user ? options.user : local_user;
8efc0c15 1060
1061 debug("Waiting for server public key.");
1062
1063 /* Wait for a public key packet from the server. */
1064 packet_read_expect(&payload_len, SSH_SMSG_PUBLIC_KEY);
1065
1066 /* Get check bytes from the packet. */
1067 for (i = 0; i < 8; i++)
1068 check_bytes[i] = packet_get_char();
1069
1070 /* Get the public key. */
1071 public_key = RSA_new();
560557bb 1072 bits = packet_get_int(); /* bits */
8efc0c15 1073 public_key->e = BN_new();
1074 packet_get_bignum(public_key->e, &clen);
1075 sum_len += clen;
1076 public_key->n = BN_new();
1077 packet_get_bignum(public_key->n, &clen);
1078 sum_len += clen;
1079
560557bb 1080 rbits = BN_num_bits(public_key->n);
1081 if (bits != rbits) {
1082 log("Warning: Server lies about size of server public key,");
1083 log("Warning: this may be due to an old implementation of ssh.");
1084 log("Warning: (actual size %d bits, announced size %d bits)", rbits, bits);
1085 }
1086
8efc0c15 1087 /* Get the host key. */
1088 host_key = RSA_new();
560557bb 1089 bits = packet_get_int(); /* bits */
8efc0c15 1090 host_key->e = BN_new();
1091 packet_get_bignum(host_key->e, &clen);
1092 sum_len += clen;
1093 host_key->n = BN_new();
1094 packet_get_bignum(host_key->n, &clen);
1095 sum_len += clen;
1096
560557bb 1097 rbits = BN_num_bits(host_key->n);
1098 if (bits != rbits) {
1099 log("Warning: Server lies about size of server host key,");
1100 log("Warning: this may be due to an old implementation of ssh.");
1101 log("Warning: (actual size %d bits, announced size %d bits)", rbits, bits);
1102 }
1103
8efc0c15 1104 /* Store the host key from the known host file in here
1105 * so that we can compare it with the key for the IP
1106 * address. */
1107 file_key = RSA_new();
1108 file_key->n = BN_new();
1109 file_key->e = BN_new();
1110
1111 /* Get protocol flags. */
1112 protocol_flags = packet_get_int();
1113 packet_set_protocol_flags(protocol_flags);
1114
1115 /* Get supported cipher types. */
1116 supported_ciphers = packet_get_int();
1117
1118 /* Get supported authentication types. */
1119 supported_authentications = packet_get_int();
1120
1121 debug("Received server public key (%d bits) and host key (%d bits).",
1122 BN_num_bits(public_key->n), BN_num_bits(host_key->n));
1123
1124 packet_integrity_check(payload_len,
1125 8 + 4 + sum_len + 0 + 4 + 0 + 0 + 4 + 4 + 4,
1126 SSH_SMSG_PUBLIC_KEY);
1127
1128 /* Compute the session id. */
1129 compute_session_id(session_id, check_bytes,
1130 BN_num_bits(host_key->n), host_key->n,
1131 BN_num_bits(public_key->n), public_key->n);
1132
1133 /* Check if the host key is present in the user\'s list of known hosts
1134 or in the systemwide list. */
6fa724bc 1135 host_status = check_host_in_hostfile(options.user_hostfile,
8efc0c15 1136 host, BN_num_bits(host_key->n),
1137 host_key->e, host_key->n,
1138 file_key->e, file_key->n);
1139 if (host_status == HOST_NEW)
6fa724bc 1140 host_status = check_host_in_hostfile(options.system_hostfile, host,
8efc0c15 1141 BN_num_bits(host_key->n),
1142 host_key->e, host_key->n,
1143 file_key->e, file_key->n);
1144 /* Force accepting of the host key for localhost and 127.0.0.1.
1145 The problem is that if the home directory is NFS-mounted to multiple
1146 machines, localhost will refer to a different machine in each of them,
1147 and the user will get bogus HOST_CHANGED warnings. This essentially
1148 disables host authentication for localhost; however, this is probably
1149 not a real problem. */
1150 if (local) {
1151 debug("Forcing accepting of host key for localhost.");
1152 host_status = HOST_OK;
1153 }
1154
1155 /* Also perform check for the ip address, skip the check if we are
1156 localhost or the hostname was an ip address to begin with */
6fa724bc 1157 if (options.check_host_ip && !local && strcmp(host, ip)) {
8efc0c15 1158 RSA *ip_key = RSA_new();
1159 ip_key->n = BN_new();
1160 ip_key->e = BN_new();
6fa724bc 1161 ip_status = check_host_in_hostfile(options.user_hostfile, ip,
8efc0c15 1162 BN_num_bits(host_key->n),
1163 host_key->e, host_key->n,
1164 ip_key->e, ip_key->n);
1165
1166 if (ip_status == HOST_NEW)
6fa724bc 1167 ip_status = check_host_in_hostfile(options.system_hostfile, ip,
8efc0c15 1168 BN_num_bits(host_key->n),
1169 host_key->e, host_key->n,
1170 ip_key->e, ip_key->n);
1171 if (host_status == HOST_CHANGED &&
1172 (ip_status != HOST_CHANGED ||
1173 (BN_cmp(ip_key->e, file_key->e) || BN_cmp(ip_key->n, file_key->n))))
1174 host_ip_differ = 1;
1175
1176 RSA_free(ip_key);
1177 } else
1178 ip_status = host_status;
1179
1180 RSA_free(file_key);
1181
1182 switch (host_status) {
1183 case HOST_OK:
1184 /* The host is known and the key matches. */
1185 debug("Host '%.200s' is known and matches the host key.", host);
6fa724bc 1186 if (options.check_host_ip) {
8efc0c15 1187 if (ip_status == HOST_NEW) {
6fa724bc 1188 if (!add_host_to_hostfile(options.user_hostfile, ip,
8efc0c15 1189 BN_num_bits(host_key->n),
1190 host_key->e, host_key->n))
1191 log("Failed to add the host ip to the list of known hosts (%.30s).",
6fa724bc 1192 options.user_hostfile);
8efc0c15 1193 else
1194 log("Warning: Permanently added host ip '%.30s' to the list of known hosts.", ip);
1195 } else if (ip_status != HOST_OK)
1196 log("Warning: the host key differ from the key of the ip address '%.30s' differs", ip);
1197 }
1198
1199 break;
1200 case HOST_NEW:
1201 {
1202 char hostline[1000], *hostp = hostline;
1203 /* The host is new. */
6fa724bc 1204 if (options.strict_host_key_checking == 1) {
8efc0c15 1205 /* User has requested strict host key checking. We will not
1206 add the host key automatically. The only alternative left
1207 is to abort. */
1208 fatal("No host key is known for %.200s and you have requested strict checking.", host);
6fa724bc 1209 } else if (options.strict_host_key_checking == 2) { /* The default */
8efc0c15 1210 char prompt[1024];
1211 snprintf(prompt, sizeof(prompt),
1212 "The authenticity of host '%.200s' can't be established.\n"
1213 "Are you sure you want to continue connecting (yes/no)? ",
1214 host);
1215 if (!read_yes_or_no(prompt, -1))
1216 fatal("Aborted by user!\n");
1217 }
1218
6fa724bc 1219 if (options.check_host_ip && ip_status == HOST_NEW && strcmp(host, ip))
8efc0c15 1220 snprintf(hostline, sizeof(hostline), "%s,%s", host, ip);
1221 else
1222 hostp = host;
1223
1224 /* If not in strict mode, add the key automatically to the local
1225 known_hosts file. */
6fa724bc 1226 if (!add_host_to_hostfile(options.user_hostfile, hostp,
8efc0c15 1227 BN_num_bits(host_key->n),
1228 host_key->e, host_key->n))
1229 log("Failed to add the host to the list of known hosts (%.500s).",
6fa724bc 1230 options.user_hostfile);
8efc0c15 1231 else
1232 log("Warning: Permanently added '%.200s' to the list of known hosts.",
1233 hostp);
1234 break;
1235 }
1236 case HOST_CHANGED:
6fa724bc 1237 if (options.check_host_ip) {
8efc0c15 1238 if (host_ip_differ) {
1239 error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
1240 error("@ WARNING: POSSIBLE DNS SPOOFING DETECTED! @");
1241 error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
1242 error("The host key for %s has changed,", host);
1243 error("but the key for the according IP address %s has", ip);
1244 error("a different status. This could either mean that DNS");
1245 error("SPOOFING is happening or the IP address for the host");
1246 error("and its host key have changed at the same time");
1247 }
1248 }
1249
1250 /* The host key has changed. */
1251 error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
1252 error("@ WARNING: HOST IDENTIFICATION HAS CHANGED! @");
1253 error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
1254 error("IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!");
1255 error("Someone could be eavesdropping on you right now (man-in-the-middle attack)!");
1256 error("It is also possible that the host key has just been changed.");
1257 error("Please contact your system administrator.");
1258 error("Add correct host key in %.100s to get rid of this message.",
6fa724bc 1259 options.user_hostfile);
8efc0c15 1260
1261 /* If strict host key checking is in use, the user will have to edit
1262 the key manually and we can only abort. */
6fa724bc 1263 if (options.strict_host_key_checking)
8efc0c15 1264 fatal("Host key for %.200s has changed and you have requested strict checking.", host);
1265
1266 /* If strict host key checking has not been requested, allow the
1267 connection but without password authentication or
1268 agent forwarding. */
6fa724bc 1269 if (options.password_authentication) {
8efc0c15 1270 error("Password authentication is disabled to avoid trojan horses.");
6fa724bc 1271 options.password_authentication = 0;
8efc0c15 1272 }
6fa724bc 1273 if (options.forward_agent) {
8efc0c15 1274 error("Agent forwarding is disabled to avoid trojan horses.");
6fa724bc 1275 options.forward_agent = 0;
8efc0c15 1276 }
1277 /* XXX Should permit the user to change to use the new id. This could
1278 be done by converting the host key to an identifying sentence, tell
1279 that the host identifies itself by that sentence, and ask the user
1280 if he/she whishes to accept the authentication. */
1281 break;
1282 }
1283
6fa724bc 1284 if (options.check_host_ip)
8efc0c15 1285 xfree(ip);
1286
1287 /* Generate a session key. */
1288 arc4random_stir();
1289
1290 /* Generate an encryption key for the session. The key is a 256 bit
1291 random number, interpreted as a 32-byte key, with the least significant
1292 8 bits being the first byte of the key. */
1293 for (i = 0; i < 32; i++) {
1294 if (i % 4 == 0)
1295 rand = arc4random();
1296 session_key[i] = rand & 0xff;
1297 rand >>= 8;
1298 }
1299
1300 /* According to the protocol spec, the first byte of the session key is
1301 the highest byte of the integer. The session key is xored with the
1302 first 16 bytes of the session id. */
1303 key = BN_new();
1304 BN_set_word(key, 0);
1305 for (i = 0; i < SSH_SESSION_KEY_LENGTH; i++)
1306 {
1307 BN_lshift(key, key, 8);
1308 if (i < 16)
1309 BN_add_word(key, session_key[i] ^ session_id[i]);
1310 else
1311 BN_add_word(key, session_key[i]);
1312 }
1313
1314 /* Encrypt the integer using the public key and host key of the server
1315 (key with smaller modulus first). */
1316 if (BN_cmp(public_key->n, host_key->n) < 0)
1317 {
1318 /* Public key has smaller modulus. */
5bae4ab8 1319 if (BN_num_bits(host_key->n) <
1320 BN_num_bits(public_key->n) + SSH_KEY_BITS_RESERVED) {
1321 fatal("respond_to_rsa_challenge: host_key %d < public_key %d + "
1322 "SSH_KEY_BITS_RESERVED %d",
1323 BN_num_bits(host_key->n),
1324 BN_num_bits(public_key->n),
1325 SSH_KEY_BITS_RESERVED);
1326 }
8efc0c15 1327
1328 rsa_public_encrypt(key, key, public_key);
1329 rsa_public_encrypt(key, key, host_key);
1330 }
1331 else
1332 {
1333 /* Host key has smaller modulus (or they are equal). */
5bae4ab8 1334 if (BN_num_bits(public_key->n) <
1335 BN_num_bits(host_key->n) + SSH_KEY_BITS_RESERVED) {
1336 fatal("respond_to_rsa_challenge: public_key %d < host_key %d + "
1337 "SSH_KEY_BITS_RESERVED %d",
1338 BN_num_bits(public_key->n),
1339 BN_num_bits(host_key->n),
1340 SSH_KEY_BITS_RESERVED);
1341 }
8efc0c15 1342
1343 rsa_public_encrypt(key, key, host_key);
1344 rsa_public_encrypt(key, key, public_key);
1345 }
1346
6fa724bc 1347 if (options.cipher == SSH_CIPHER_NOT_SET) {
8efc0c15 1348 if (cipher_mask() & supported_ciphers & (1 << ssh_cipher_default))
6fa724bc 1349 options.cipher = ssh_cipher_default;
8efc0c15 1350 else {
1351 debug("Cipher %d not supported, using %.100s instead.",
1352 cipher_name(ssh_cipher_default),
1353 cipher_name(SSH_FALLBACK_CIPHER));
6fa724bc 1354 options.cipher = SSH_FALLBACK_CIPHER;
8efc0c15 1355 }
1356 }
1357
1358 /* Check that the selected cipher is supported. */
6fa724bc 1359 if (!(supported_ciphers & (1 << options.cipher)))
8efc0c15 1360 fatal("Selected cipher type %.100s not supported by server.",
6fa724bc 1361 cipher_name(options.cipher));
8efc0c15 1362
6fa724bc 1363 debug("Encryption type: %.100s", cipher_name(options.cipher));
8efc0c15 1364
1365 /* Send the encrypted session key to the server. */
1366 packet_start(SSH_CMSG_SESSION_KEY);
6fa724bc 1367 packet_put_char(options.cipher);
8efc0c15 1368
1369 /* Send the check bytes back to the server. */
1370 for (i = 0; i < 8; i++)
1371 packet_put_char(check_bytes[i]);
1372
1373 /* Send the encrypted encryption key. */
1374 packet_put_bignum(key);
1375
1376 /* Send protocol flags. */
1377 packet_put_int(SSH_PROTOFLAG_SCREEN_NUMBER | SSH_PROTOFLAG_HOST_IN_FWD_OPEN);
1378
1379 /* Send the packet now. */
1380 packet_send();
1381 packet_write_wait();
1382
1383 /* Destroy the session key integer and the public keys since we no longer
1384 need them. */
1385 BN_clear_free(key);
1386 RSA_free(public_key);
1387 RSA_free(host_key);
1388
1389 debug("Sent encrypted session key.");
1390
1391 /* Set the encryption key. */
1392 packet_set_encryption_key(session_key, SSH_SESSION_KEY_LENGTH,
6fa724bc 1393 options.cipher, 1);
8efc0c15 1394
1395 /* We will no longer need the session key here. Destroy any extra copies. */
1396 memset(session_key, 0, sizeof(session_key));
1397
1398 /* Expect a success message from the server. Note that this message will
1399 be received in encrypted form. */
1400 packet_read_expect(&payload_len, SSH_SMSG_SUCCESS);
1401
1402 debug("Received encrypted confirmation.");
1403
1404 /* Send the name of the user to log in as on the server. */
1405 packet_start(SSH_CMSG_USER);
1406 packet_put_string(server_user, strlen(server_user));
1407 packet_send();
1408 packet_write_wait();
1409
1410 /* The server should respond with success if no authentication is needed
1411 (the user has no password). Otherwise the server responds with
1412 failure. */
1413 type = packet_read(&payload_len);
1414 if (type == SSH_SMSG_SUCCESS)
1415 return; /* Connection was accepted without authentication. */
1416 if (type != SSH_SMSG_FAILURE)
1417 packet_disconnect("Protocol error: got %d in response to SSH_CMSG_USER",
1418 type);
1419
1420#ifdef AFS
1421 /* Try Kerberos tgt passing if the server supports it. */
1422 if ((supported_authentications & (1 << SSH_PASS_KERBEROS_TGT)) &&
6fa724bc 1423 options.kerberos_tgt_passing)
8efc0c15 1424 {
6fa724bc 1425 if (options.cipher == SSH_CIPHER_NONE)
8efc0c15 1426 log("WARNING: Encryption is disabled! Ticket will be transmitted in the clear!");
1427 (void)send_kerberos_tgt();
1428 }
1429
1430 /* Try AFS token passing if the server supports it. */
1431 if ((supported_authentications & (1 << SSH_PASS_AFS_TOKEN)) &&
6fa724bc 1432 options.afs_token_passing && k_hasafs()) {
1433 if (options.cipher == SSH_CIPHER_NONE)
8efc0c15 1434 log("WARNING: Encryption is disabled! Token will be transmitted in the clear!");
1435 send_afs_tokens();
1436 }
1437#endif /* AFS */
1438
1439#ifdef KRB4
1440 if ((supported_authentications & (1 << SSH_AUTH_KERBEROS)) &&
6fa724bc 1441 options.kerberos_authentication)
8efc0c15 1442 {
1443 debug("Trying Kerberos authentication.");
1444 if (try_kerberos_authentication()) {
1445 /* The server should respond with success or failure. */
1446 type = packet_read(&payload_len);
1447 if (type == SSH_SMSG_SUCCESS)
1448 return; /* Successful connection. */
1449 if (type != SSH_SMSG_FAILURE)
1450 packet_disconnect("Protocol error: got %d in response to Kerberos auth", type);
1451 }
1452 }
1453#endif /* KRB4 */
1454
1455 /* Use rhosts authentication if running in privileged socket and we do not
1456 wish to remain anonymous. */
1457 if ((supported_authentications & (1 << SSH_AUTH_RHOSTS)) &&
6fa724bc 1458 options.rhosts_authentication)
8efc0c15 1459 {
1460 debug("Trying rhosts authentication.");
1461 packet_start(SSH_CMSG_AUTH_RHOSTS);
1462 packet_put_string(local_user, strlen(local_user));
1463 packet_send();
1464 packet_write_wait();
1465
1466 /* The server should respond with success or failure. */
1467 type = packet_read(&payload_len);
1468 if (type == SSH_SMSG_SUCCESS)
1469 return; /* Successful connection. */
1470 if (type != SSH_SMSG_FAILURE)
1471 packet_disconnect("Protocol error: got %d in response to rhosts auth",
1472 type);
1473 }
1474
1475 /* Try .rhosts or /etc/hosts.equiv authentication with RSA host
1476 authentication. */
1477 if ((supported_authentications & (1 << SSH_AUTH_RHOSTS_RSA)) &&
6fa724bc 1478 options.rhosts_rsa_authentication && host_key_valid)
8efc0c15 1479 {
1480 if (try_rhosts_rsa_authentication(local_user, own_host_key))
1481 return; /* Successful authentication. */
1482 }
1483
1484 /* Try RSA authentication if the server supports it. */
1485 if ((supported_authentications & (1 << SSH_AUTH_RSA)) &&
6fa724bc 1486 options.rsa_authentication)
8efc0c15 1487 {
1488 /* Try RSA authentication using the authentication agent. The agent
1489 is tried first because no passphrase is needed for it, whereas
1490 identity files may require passphrases. */
1491 if (try_agent_authentication())
1492 return; /* Successful connection. */
1493
1494 /* Try RSA authentication for each identity. */
6fa724bc 1495 for (i = 0; i < options.num_identity_files; i++)
1496 if (try_rsa_authentication(pw, options.identity_files[i]))
8efc0c15 1497 return; /* Successful connection. */
1498 }
1499
1500 /* Try password authentication if the server supports it. */
1501 if ((supported_authentications & (1 << SSH_AUTH_PASSWORD)) &&
6fa724bc 1502 options.password_authentication && !options.batch_mode)
8efc0c15 1503 {
1504 char prompt[80];
1505 snprintf(prompt, sizeof(prompt), "%.30s@%.30s's password: ",
1506 server_user, host);
1507 debug("Doing password authentication.");
6fa724bc 1508 if (options.cipher == SSH_CIPHER_NONE)
8efc0c15 1509 log("WARNING: Encryption is disabled! Password will be transmitted in clear text.");
6fa724bc 1510 for (i = 0; i < options.number_of_password_prompts; i++) {
8efc0c15 1511 if (i != 0)
1512 error("Permission denied, please try again.");
1513 password = read_passphrase(prompt, 0);
1514 packet_start(SSH_CMSG_AUTH_PASSWORD);
1515 packet_put_string(password, strlen(password));
1516 memset(password, 0, strlen(password));
1517 xfree(password);
1518 packet_send();
1519 packet_write_wait();
1520
1521 type = packet_read(&payload_len);
1522 if (type == SSH_SMSG_SUCCESS)
1523 return; /* Successful connection. */
1524 if (type != SSH_SMSG_FAILURE)
1525 packet_disconnect("Protocol error: got %d in response to passwd auth", type);
1526 }
1527 }
1528
1529 /* All authentication methods have failed. Exit with an error message. */
1530 fatal("Permission denied.");
1531 /*NOTREACHED*/
1532}
git-cvsimport mirror of OpenSSH
This page took 0.333412 seconds and 5 git commands to generate.