]> andersk Git - openssh.git/blame - sshconnect1.c
andersk / openssh.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
- (djm) OpenBSD CVS Sync:
[openssh.git] / sshconnect1.c
CommitLineData
a306f2dd 1/*
2 * Author: Tatu Ylonen <ylo@cs.hut.fi>
3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4 * All rights reserved
a306f2dd 5 * Code to connect to a remote host, and to perform the client side of the
6 * login (authentication) dialog.
7 *
bcbf86ec 8 * As far as I am concerned, the code I have written for this software
9 * can be used freely for any purpose. Any derived versions of this
10 * software must be clearly marked as such, and if the derived work is
11 * incompatible with the protocol description in the RFC file, it must be
12 * called by a name other than "ssh" or "Secure Shell".
a306f2dd 13 */
14
15#include "includes.h"
d464095c 16RCSID("$OpenBSD: sshconnect1.c,v 1.20 2001/01/22 23:06:40 markus Exp $");
a306f2dd 17
18#include <openssl/bn.h>
a306f2dd 19#include <openssl/evp.h>
20
42f11eb2 21#ifdef KRB4
22#include <krb.h>
42f11eb2 23#endif
24#ifdef AFS
25#include <kafs.h>
53a24016 26#include "radix.h"
42f11eb2 27#endif
28
29#include "ssh.h"
30#include "ssh1.h"
a306f2dd 31#include "xmalloc.h"
32#include "rsa.h"
a306f2dd 33#include "buffer.h"
34#include "packet.h"
a306f2dd 35#include "mpaux.h"
36#include "uidswap.h"
42f11eb2 37#include "log.h"
a306f2dd 38#include "readconf.h"
39#include "key.h"
4c8722d9 40#include "authfd.h"
a306f2dd 41#include "sshconnect.h"
42#include "authfile.h"
42f11eb2 43#include "readpass.h"
44#include "cipher.h"
45#include "canohost.h"
a306f2dd 46
47/* Session id for the current session. */
1e3b8b07 48u_char session_id[16];
49u_int supported_authentications = 0;
a306f2dd 50
51extern Options options;
52extern char *__progname;
53
54/*
55 * Checks if the user has an authentication agent, and if so, tries to
56 * authenticate using the agent.
57 */
58int
59try_agent_authentication()
60{
2e73a022 61 int type;
a306f2dd 62 char *comment;
63 AuthenticationConnection *auth;
1e3b8b07 64 u_char response[16];
65 u_int i;
2e73a022 66 int plen, clen;
67 Key *key;
68 BIGNUM *challenge;
a306f2dd 69
70 /* Get connection to the agent. */
71 auth = ssh_get_authentication_connection();
72 if (!auth)
73 return 0;
74
a306f2dd 75 challenge = BN_new();
76
77 /* Loop through identities served by the agent. */
2e73a022 78 for (key = ssh_get_first_identity(auth, &comment, 1);
79 key != NULL;
80 key = ssh_get_next_identity(auth, &comment, 1)) {
a306f2dd 81
82 /* Try this identity. */
83 debug("Trying RSA authentication via agent with '%.100s'", comment);
84 xfree(comment);
85
86 /* Tell the server that we are willing to authenticate using this key. */
87 packet_start(SSH_CMSG_AUTH_RSA);
2e73a022 88 packet_put_bignum(key->rsa->n);
a306f2dd 89 packet_send();
90 packet_write_wait();
91
92 /* Wait for server's response. */
93 type = packet_read(&plen);
94
95 /* The server sends failure if it doesn\'t like our key or
96 does not support RSA authentication. */
97 if (type == SSH_SMSG_FAILURE) {
98 debug("Server refused our key.");
2e73a022 99 key_free(key);
a306f2dd 100 continue;
101 }
102 /* Otherwise it should have sent a challenge. */
103 if (type != SSH_SMSG_AUTH_RSA_CHALLENGE)
104 packet_disconnect("Protocol error during RSA authentication: %d",
105 type);
106
107 packet_get_bignum(challenge, &clen);
108
109 packet_integrity_check(plen, clen, type);
110
111 debug("Received RSA challenge from server.");
112
113 /* Ask the agent to decrypt the challenge. */
2e73a022 114 if (!ssh_decrypt_challenge(auth, key, challenge, session_id, 1, response)) {
115 /*
116 * The agent failed to authenticate this identifier
117 * although it advertised it supports this. Just
118 * return a wrong value.
119 */
a306f2dd 120 log("Authentication agent failed to decrypt challenge.");
121 memset(response, 0, sizeof(response));
122 }
2e73a022 123 key_free(key);
a306f2dd 124 debug("Sending response to RSA challenge.");
125
126 /* Send the decrypted challenge back to the server. */
127 packet_start(SSH_CMSG_AUTH_RSA_RESPONSE);
128 for (i = 0; i < 16; i++)
129 packet_put_char(response[i]);
130 packet_send();
131 packet_write_wait();
132
133 /* Wait for response from the server. */
134 type = packet_read(&plen);
135
136 /* The server returns success if it accepted the authentication. */
137 if (type == SSH_SMSG_SUCCESS) {
eea39c02 138 ssh_close_authentication_connection(auth);
a306f2dd 139 BN_clear_free(challenge);
2e73a022 140 debug("RSA authentication accepted by server.");
a306f2dd 141 return 1;
142 }
143 /* Otherwise it should return failure. */
144 if (type != SSH_SMSG_FAILURE)
145 packet_disconnect("Protocol error waiting RSA auth response: %d",
146 type);
147 }
eea39c02 148 ssh_close_authentication_connection(auth);
a306f2dd 149 BN_clear_free(challenge);
a306f2dd 150 debug("RSA authentication using agent refused.");
151 return 0;
152}
153
154/*
155 * Computes the proper response to a RSA challenge, and sends the response to
156 * the server.
157 */
158void
159respond_to_rsa_challenge(BIGNUM * challenge, RSA * prv)
160{
1e3b8b07 161 u_char buf[32], response[16];
a306f2dd 162 MD5_CTX md;
163 int i, len;
164
165 /* Decrypt the challenge using the private key. */
166 rsa_private_decrypt(challenge, challenge, prv);
167
168 /* Compute the response. */
169 /* The response is MD5 of decrypted challenge plus session id. */
170 len = BN_num_bytes(challenge);
171 if (len <= 0 || len > sizeof(buf))
172 packet_disconnect("respond_to_rsa_challenge: bad challenge length %d",
173 len);
174
175 memset(buf, 0, sizeof(buf));
176 BN_bn2bin(challenge, buf + sizeof(buf) - len);
177 MD5_Init(&md);
178 MD5_Update(&md, buf, 32);
179 MD5_Update(&md, session_id, 16);
180 MD5_Final(response, &md);
181
182 debug("Sending response to host key RSA challenge.");
183
184 /* Send the response back to the server. */
185 packet_start(SSH_CMSG_AUTH_RSA_RESPONSE);
186 for (i = 0; i < 16; i++)
187 packet_put_char(response[i]);
188 packet_send();
189 packet_write_wait();
190
191 memset(buf, 0, sizeof(buf));
192 memset(response, 0, sizeof(response));
193 memset(&md, 0, sizeof(md));
194}
195
196/*
197 * Checks if the user has authentication file, and if so, tries to authenticate
198 * the user using it.
199 */
200int
201try_rsa_authentication(const char *authfile)
202{
203 BIGNUM *challenge;
204 Key *public;
205 Key *private;
206 char *passphrase, *comment;
207 int type, i;
208 int plen, clen;
209
210 /* Try to load identification for the authentication key. */
fa08c86b 211 public = key_new(KEY_RSA1);
a306f2dd 212 if (!load_public_key(authfile, public, &comment)) {
213 key_free(public);
214 /* Could not load it. Fail. */
215 return 0;
216 }
217 debug("Trying RSA authentication with key '%.100s'", comment);
218
219 /* Tell the server that we are willing to authenticate using this key. */
220 packet_start(SSH_CMSG_AUTH_RSA);
221 packet_put_bignum(public->rsa->n);
222 packet_send();
223 packet_write_wait();
224
225 /* We no longer need the public key. */
226 key_free(public);
227
228 /* Wait for server's response. */
229 type = packet_read(&plen);
230
231 /*
232 * The server responds with failure if it doesn\'t like our key or
233 * doesn\'t support RSA authentication.
234 */
235 if (type == SSH_SMSG_FAILURE) {
236 debug("Server refused our key.");
237 xfree(comment);
238 return 0;
239 }
240 /* Otherwise, the server should respond with a challenge. */
241 if (type != SSH_SMSG_AUTH_RSA_CHALLENGE)
242 packet_disconnect("Protocol error during RSA authentication: %d", type);
243
244 /* Get the challenge from the packet. */
245 challenge = BN_new();
246 packet_get_bignum(challenge, &clen);
247
248 packet_integrity_check(plen, clen, type);
249
250 debug("Received RSA challenge from server.");
251
fa08c86b 252 private = key_new(KEY_RSA1);
a306f2dd 253 /*
254 * Load the private key. Try first with empty passphrase; if it
255 * fails, ask for a passphrase.
256 */
257 if (!load_private_key(authfile, "", private, NULL)) {
258 char buf[300];
259 snprintf(buf, sizeof buf, "Enter passphrase for RSA key '%.100s': ",
260 comment);
261 if (!options.batch_mode)
262 passphrase = read_passphrase(buf, 0);
263 else {
264 debug("Will not query passphrase for %.100s in batch mode.",
265 comment);
266 passphrase = xstrdup("");
267 }
268
269 /* Load the authentication file using the pasphrase. */
270 if (!load_private_key(authfile, passphrase, private, NULL)) {
271 memset(passphrase, 0, strlen(passphrase));
272 xfree(passphrase);
273 error("Bad passphrase.");
274
275 /* Send a dummy response packet to avoid protocol error. */
276 packet_start(SSH_CMSG_AUTH_RSA_RESPONSE);
277 for (i = 0; i < 16; i++)
278 packet_put_char(0);
279 packet_send();
280 packet_write_wait();
281
282 /* Expect the server to reject it... */
283 packet_read_expect(&plen, SSH_SMSG_FAILURE);
284 xfree(comment);
eea39c02 285 key_free(private);
286 BN_clear_free(challenge);
a306f2dd 287 return 0;
288 }
289 /* Destroy the passphrase. */
290 memset(passphrase, 0, strlen(passphrase));
291 xfree(passphrase);
292 }
293 /* We no longer need the comment. */
294 xfree(comment);
295
296 /* Compute and send a response to the challenge. */
297 respond_to_rsa_challenge(challenge, private->rsa);
298
299 /* Destroy the private key. */
300 key_free(private);
301
302 /* We no longer need the challenge. */
303 BN_clear_free(challenge);
304
305 /* Wait for response from the server. */
306 type = packet_read(&plen);
307 if (type == SSH_SMSG_SUCCESS) {
308 debug("RSA authentication accepted by server.");
309 return 1;
310 }
311 if (type != SSH_SMSG_FAILURE)
312 packet_disconnect("Protocol error waiting RSA auth response: %d", type);
313 debug("RSA authentication refused.");
314 return 0;
315}
316
317/*
318 * Tries to authenticate the user using combined rhosts or /etc/hosts.equiv
319 * authentication and RSA host authentication.
320 */
321int
322try_rhosts_rsa_authentication(const char *local_user, RSA * host_key)
323{
324 int type;
325 BIGNUM *challenge;
326 int plen, clen;
327
328 debug("Trying rhosts or /etc/hosts.equiv with RSA host authentication.");
329
330 /* Tell the server that we are willing to authenticate using this key. */
331 packet_start(SSH_CMSG_AUTH_RHOSTS_RSA);
332 packet_put_string(local_user, strlen(local_user));
333 packet_put_int(BN_num_bits(host_key->n));
334 packet_put_bignum(host_key->e);
335 packet_put_bignum(host_key->n);
336 packet_send();
337 packet_write_wait();
338
339 /* Wait for server's response. */
340 type = packet_read(&plen);
341
342 /* The server responds with failure if it doesn't admit our
343 .rhosts authentication or doesn't know our host key. */
344 if (type == SSH_SMSG_FAILURE) {
345 debug("Server refused our rhosts authentication or host key.");
346 return 0;
347 }
348 /* Otherwise, the server should respond with a challenge. */
349 if (type != SSH_SMSG_AUTH_RSA_CHALLENGE)
350 packet_disconnect("Protocol error during RSA authentication: %d", type);
351
352 /* Get the challenge from the packet. */
353 challenge = BN_new();
354 packet_get_bignum(challenge, &clen);
355
356 packet_integrity_check(plen, clen, type);
357
358 debug("Received RSA challenge for host key from server.");
359
360 /* Compute a response to the challenge. */
361 respond_to_rsa_challenge(challenge, host_key);
362
363 /* We no longer need the challenge. */
364 BN_clear_free(challenge);
365
366 /* Wait for response from the server. */
367 type = packet_read(&plen);
368 if (type == SSH_SMSG_SUCCESS) {
369 debug("Rhosts or /etc/hosts.equiv with RSA host authentication accepted by server.");
370 return 1;
371 }
372 if (type != SSH_SMSG_FAILURE)
373 packet_disconnect("Protocol error waiting RSA auth response: %d", type);
374 debug("Rhosts or /etc/hosts.equiv with RSA host authentication refused.");
375 return 0;
376}
377
378#ifdef KRB4
379int
380try_kerberos_authentication()
381{
382 KTEXT_ST auth; /* Kerberos data */
383 char *reply;
384 char inst[INST_SZ];
385 char *realm;
386 CREDENTIALS cred;
387 int r, type, plen;
388 socklen_t slen;
389 Key_schedule schedule;
390 u_long checksum, cksum;
391 MSG_DAT msg_data;
392 struct sockaddr_in local, foreign;
393 struct stat st;
394
395 /* Don't do anything if we don't have any tickets. */
396 if (stat(tkt_string(), &st) < 0)
397 return 0;
398
399 strncpy(inst, (char *) krb_get_phost(get_canonical_hostname()), INST_SZ);
400
401 realm = (char *) krb_realmofhost(get_canonical_hostname());
402 if (!realm) {
403 debug("Kerberos V4: no realm for %s", get_canonical_hostname());
404 return 0;
405 }
406 /* This can really be anything. */
407 checksum = (u_long) getpid();
408
409 r = krb_mk_req(&auth, KRB4_SERVICE_NAME, inst, realm, checksum);
410 if (r != KSUCCESS) {
411 debug("Kerberos V4 krb_mk_req failed: %s", krb_err_txt[r]);
412 return 0;
413 }
414 /* Get session key to decrypt the server's reply with. */
415 r = krb_get_cred(KRB4_SERVICE_NAME, inst, realm, &cred);
416 if (r != KSUCCESS) {
417 debug("get_cred failed: %s", krb_err_txt[r]);
418 return 0;
419 }
420 des_key_sched((des_cblock *) cred.session, schedule);
421
422 /* Send authentication info to server. */
423 packet_start(SSH_CMSG_AUTH_KERBEROS);
424 packet_put_string((char *) auth.dat, auth.length);
425 packet_send();
426 packet_write_wait();
427
428 /* Zero the buffer. */
429 (void) memset(auth.dat, 0, MAX_KTXT_LEN);
430
431 slen = sizeof(local);
432 memset(&local, 0, sizeof(local));
433 if (getsockname(packet_get_connection_in(),
434 (struct sockaddr *) & local, &slen) < 0)
435 debug("getsockname failed: %s", strerror(errno));
436
437 slen = sizeof(foreign);
438 memset(&foreign, 0, sizeof(foreign));
439 if (getpeername(packet_get_connection_in(),
440 (struct sockaddr *) & foreign, &slen) < 0) {
441 debug("getpeername failed: %s", strerror(errno));
442 fatal_cleanup();
443 }
444 /* Get server reply. */
445 type = packet_read(&plen);
446 switch (type) {
447 case SSH_SMSG_FAILURE:
448 /* Should really be SSH_SMSG_AUTH_KERBEROS_FAILURE */
449 debug("Kerberos V4 authentication failed.");
450 return 0;
451 break;
452
453 case SSH_SMSG_AUTH_KERBEROS_RESPONSE:
454 /* SSH_SMSG_AUTH_KERBEROS_SUCCESS */
455 debug("Kerberos V4 authentication accepted.");
456
457 /* Get server's response. */
1e3b8b07 458 reply = packet_get_string((u_int *) &auth.length);
a306f2dd 459 memcpy(auth.dat, reply, auth.length);
460 xfree(reply);
461
462 packet_integrity_check(plen, 4 + auth.length, type);
463
464 /*
465 * If his response isn't properly encrypted with the session
466 * key, and the decrypted checksum fails to match, he's
467 * bogus. Bail out.
468 */
469 r = krb_rd_priv(auth.dat, auth.length, schedule, &cred.session,
470 &foreign, &local, &msg_data);
471 if (r != KSUCCESS) {
472 debug("Kerberos V4 krb_rd_priv failed: %s", krb_err_txt[r]);
473 packet_disconnect("Kerberos V4 challenge failed!");
474 }
475 /* Fetch the (incremented) checksum that we supplied in the request. */
476 (void) memcpy((char *) &cksum, (char *) msg_data.app_data, sizeof(cksum));
477 cksum = ntohl(cksum);
478
479 /* If it matches, we're golden. */
480 if (cksum == checksum + 1) {
481 debug("Kerberos V4 challenge successful.");
482 return 1;
483 } else
484 packet_disconnect("Kerberos V4 challenge failed!");
485 break;
486
487 default:
488 packet_disconnect("Protocol error on Kerberos V4 response: %d", type);
489 }
490 return 0;
491}
492
493#endif /* KRB4 */
494
495#ifdef AFS
496int
497send_kerberos_tgt()
498{
499 CREDENTIALS *creds;
500 char pname[ANAME_SZ], pinst[INST_SZ], prealm[REALM_SZ];
501 int r, type, plen;
502 char buffer[8192];
503 struct stat st;
504
505 /* Don't do anything if we don't have any tickets. */
506 if (stat(tkt_string(), &st) < 0)
507 return 0;
508
509 creds = xmalloc(sizeof(*creds));
510
511 if ((r = krb_get_tf_fullname(TKT_FILE, pname, pinst, prealm)) != KSUCCESS) {
512 debug("Kerberos V4 tf_fullname failed: %s", krb_err_txt[r]);
513 return 0;
514 }
515 if ((r = krb_get_cred("krbtgt", prealm, prealm, creds)) != GC_OK) {
516 debug("Kerberos V4 get_cred failed: %s", krb_err_txt[r]);
517 return 0;
518 }
519 if (time(0) > krb_life_to_time(creds->issue_date, creds->lifetime)) {
520 debug("Kerberos V4 ticket expired: %s", TKT_FILE);
521 return 0;
522 }
1e3b8b07 523 creds_to_radix(creds, (u_char *)buffer, sizeof buffer);
a306f2dd 524 xfree(creds);
525
526 packet_start(SSH_CMSG_HAVE_KERBEROS_TGT);
527 packet_put_string(buffer, strlen(buffer));
528 packet_send();
529 packet_write_wait();
530
531 type = packet_read(&plen);
532
533 if (type == SSH_SMSG_FAILURE)
534 debug("Kerberos TGT for realm %s rejected.", prealm);
535 else if (type != SSH_SMSG_SUCCESS)
536 packet_disconnect("Protocol error on Kerberos TGT response: %d", type);
537
538 return 1;
539}
540
541void
542send_afs_tokens(void)
543{
544 CREDENTIALS creds;
545 struct ViceIoctl parms;
546 struct ClearToken ct;
547 int i, type, len, plen;
548 char buf[2048], *p, *server_cell;
549 char buffer[8192];
550
551 /* Move over ktc_GetToken, here's something leaner. */
552 for (i = 0; i < 100; i++) { /* just in case */
553 parms.in = (char *) &i;
554 parms.in_size = sizeof(i);
555 parms.out = buf;
556 parms.out_size = sizeof(buf);
557 if (k_pioctl(0, VIOCGETTOK, &parms, 0) != 0)
558 break;
559 p = buf;
560
561 /* Get secret token. */
1e3b8b07 562 memcpy(&creds.ticket_st.length, p, sizeof(u_int));
a306f2dd 563 if (creds.ticket_st.length > MAX_KTXT_LEN)
564 break;
1e3b8b07 565 p += sizeof(u_int);
a306f2dd 566 memcpy(creds.ticket_st.dat, p, creds.ticket_st.length);
567 p += creds.ticket_st.length;
568
569 /* Get clear token. */
570 memcpy(&len, p, sizeof(len));
571 if (len != sizeof(struct ClearToken))
572 break;
573 p += sizeof(len);
574 memcpy(&ct, p, len);
575 p += len;
576 p += sizeof(len); /* primary flag */
577 server_cell = p;
578
579 /* Flesh out our credentials. */
580 strlcpy(creds.service, "afs", sizeof creds.service);
581 creds.instance[0] = '\0';
582 strlcpy(creds.realm, server_cell, REALM_SZ);
583 memcpy(creds.session, ct.HandShakeKey, DES_KEY_SZ);
584 creds.issue_date = ct.BeginTimestamp;
585 creds.lifetime = krb_time_to_life(creds.issue_date, ct.EndTimestamp);
586 creds.kvno = ct.AuthHandle;
587 snprintf(creds.pname, sizeof(creds.pname), "AFS ID %d", ct.ViceId);
588 creds.pinst[0] = '\0';
589
590 /* Encode token, ship it off. */
b5c334cc 591 if (creds_to_radix(&creds, (u_char *) buffer, sizeof buffer) <= 0)
a306f2dd 592 break;
593 packet_start(SSH_CMSG_HAVE_AFS_TOKEN);
594 packet_put_string(buffer, strlen(buffer));
595 packet_send();
596 packet_write_wait();
597
598 /* Roger, Roger. Clearance, Clarence. What's your vector,
599 Victor? */
600 type = packet_read(&plen);
601
602 if (type == SSH_SMSG_FAILURE)
603 debug("AFS token for cell %s rejected.", server_cell);
604 else if (type != SSH_SMSG_SUCCESS)
605 packet_disconnect("Protocol error on AFS token response: %d", type);
606 }
607}
608
609#endif /* AFS */
610
611/*
612 * Tries to authenticate with any string-based challenge/response system.
613 * Note that the client code is not tied to s/key or TIS.
614 */
615int
d464095c 616try_challenge_reponse_authentication()
a306f2dd 617{
618 int type, i;
619 int payload_len;
1e3b8b07 620 u_int clen;
e3a70753 621 char prompt[1024];
a306f2dd 622 char *challenge, *response;
623
d464095c 624 debug("Doing challenge reponse authentication.");
a306f2dd 625
a306f2dd 626 for (i = 0; i < options.number_of_password_prompts; i++) {
e3a70753 627 /* request a challenge */
628 packet_start(SSH_CMSG_AUTH_TIS);
629 packet_send();
630 packet_write_wait();
631
632 type = packet_read(&payload_len);
633 if (type != SSH_SMSG_FAILURE &&
634 type != SSH_SMSG_AUTH_TIS_CHALLENGE) {
635 packet_disconnect("Protocol error: got %d in response "
d464095c 636 "to SSH_CMSG_AUTH_TIS", type);
e3a70753 637 }
638 if (type != SSH_SMSG_AUTH_TIS_CHALLENGE) {
d464095c 639 debug("No challenge.");
e3a70753 640 return 0;
641 }
642 challenge = packet_get_string(&clen);
643 packet_integrity_check(payload_len, (4 + clen), type);
59c97189 644 snprintf(prompt, sizeof prompt, "%s%s", challenge,
645 strchr(challenge, '\n') ? "" : "\nResponse: ");
e3a70753 646 xfree(challenge);
a306f2dd 647 if (i != 0)
648 error("Permission denied, please try again.");
e3a70753 649 if (options.cipher == SSH_CIPHER_NONE)
650 log("WARNING: Encryption is disabled! "
651 "Reponse will be transmitted in clear text.");
652 response = read_passphrase(prompt, 0);
653 if (strcmp(response, "") == 0) {
654 xfree(response);
655 break;
656 }
a306f2dd 657 packet_start(SSH_CMSG_AUTH_TIS_RESPONSE);
658 packet_put_string(response, strlen(response));
659 memset(response, 0, strlen(response));
660 xfree(response);
661 packet_send();
662 packet_write_wait();
663 type = packet_read(&payload_len);
664 if (type == SSH_SMSG_SUCCESS)
665 return 1;
666 if (type != SSH_SMSG_FAILURE)
667 packet_disconnect("Protocol error: got %d in response "
d464095c 668 "to SSH_CMSG_AUTH_TIS_RESPONSE", type);
a306f2dd 669 }
670 /* failure */
671 return 0;
672}
673
674/*
675 * Tries to authenticate with plain passwd authentication.
676 */
677int
678try_password_authentication(char *prompt)
679{
680 int type, i, payload_len;
681 char *password;
682
683 debug("Doing password authentication.");
684 if (options.cipher == SSH_CIPHER_NONE)
685 log("WARNING: Encryption is disabled! Password will be transmitted in clear text.");
686 for (i = 0; i < options.number_of_password_prompts; i++) {
687 if (i != 0)
688 error("Permission denied, please try again.");
689 password = read_passphrase(prompt, 0);
690 packet_start(SSH_CMSG_AUTH_PASSWORD);
691 packet_put_string(password, strlen(password));
692 memset(password, 0, strlen(password));
693 xfree(password);
694 packet_send();
695 packet_write_wait();
696
697 type = packet_read(&payload_len);
698 if (type == SSH_SMSG_SUCCESS)
699 return 1;
700 if (type != SSH_SMSG_FAILURE)
701 packet_disconnect("Protocol error: got %d in response to passwd auth", type);
702 }
703 /* failure */
704 return 0;
705}
706
707/*
708 * SSH1 key exchange
709 */
710void
711ssh_kex(char *host, struct sockaddr *hostaddr)
712{
713 int i;
714 BIGNUM *key;
715 RSA *host_key;
716 RSA *public_key;
717 Key k;
718 int bits, rbits;
719 int ssh_cipher_default = SSH_CIPHER_3DES;
1e3b8b07 720 u_char session_key[SSH_SESSION_KEY_LENGTH];
721 u_char cookie[8];
722 u_int supported_ciphers;
723 u_int server_flags, client_flags;
a306f2dd 724 int payload_len, clen, sum_len = 0;
725 u_int32_t rand = 0;
726
727 debug("Waiting for server public key.");
728
729 /* Wait for a public key packet from the server. */
730 packet_read_expect(&payload_len, SSH_SMSG_PUBLIC_KEY);
731
732 /* Get cookie from the packet. */
733 for (i = 0; i < 8; i++)
734 cookie[i] = packet_get_char();
735
736 /* Get the public key. */
737 public_key = RSA_new();
738 bits = packet_get_int();/* bits */
739 public_key->e = BN_new();
740 packet_get_bignum(public_key->e, &clen);
741 sum_len += clen;
742 public_key->n = BN_new();
743 packet_get_bignum(public_key->n, &clen);
744 sum_len += clen;
745
746 rbits = BN_num_bits(public_key->n);
747 if (bits != rbits) {
748 log("Warning: Server lies about size of server public key: "
749 "actual size is %d bits vs. announced %d.", rbits, bits);
750 log("Warning: This may be due to an old implementation of ssh.");
751 }
752 /* Get the host key. */
753 host_key = RSA_new();
754 bits = packet_get_int();/* bits */
755 host_key->e = BN_new();
756 packet_get_bignum(host_key->e, &clen);
757 sum_len += clen;
758 host_key->n = BN_new();
759 packet_get_bignum(host_key->n, &clen);
760 sum_len += clen;
761
762 rbits = BN_num_bits(host_key->n);
763 if (bits != rbits) {
764 log("Warning: Server lies about size of server host key: "
765 "actual size is %d bits vs. announced %d.", rbits, bits);
766 log("Warning: This may be due to an old implementation of ssh.");
767 }
768
769 /* Get protocol flags. */
770 server_flags = packet_get_int();
771 packet_set_protocol_flags(server_flags);
772
773 supported_ciphers = packet_get_int();
774 supported_authentications = packet_get_int();
775
776 debug("Received server public key (%d bits) and host key (%d bits).",
777 BN_num_bits(public_key->n), BN_num_bits(host_key->n));
778
779 packet_integrity_check(payload_len,
780 8 + 4 + sum_len + 0 + 4 + 0 + 0 + 4 + 4 + 4,
781 SSH_SMSG_PUBLIC_KEY);
fa08c86b 782 k.type = KEY_RSA1;
a306f2dd 783 k.rsa = host_key;
784 check_host_key(host, hostaddr, &k,
785 options.user_hostfile, options.system_hostfile);
786
787 client_flags = SSH_PROTOFLAG_SCREEN_NUMBER | SSH_PROTOFLAG_HOST_IN_FWD_OPEN;
788
789 compute_session_id(session_id, cookie, host_key->n, public_key->n);
790
791 /* Generate a session key. */
792 arc4random_stir();
793
794 /*
795 * Generate an encryption key for the session. The key is a 256 bit
796 * random number, interpreted as a 32-byte key, with the least
797 * significant 8 bits being the first byte of the key.
798 */
799 for (i = 0; i < 32; i++) {
800 if (i % 4 == 0)
801 rand = arc4random();
802 session_key[i] = rand & 0xff;
803 rand >>= 8;
804 }
805
806 /*
807 * According to the protocol spec, the first byte of the session key
808 * is the highest byte of the integer. The session key is xored with
809 * the first 16 bytes of the session id.
810 */
811 key = BN_new();
812 BN_set_word(key, 0);
813 for (i = 0; i < SSH_SESSION_KEY_LENGTH; i++) {
814 BN_lshift(key, key, 8);
815 if (i < 16)
816 BN_add_word(key, session_key[i] ^ session_id[i]);
817 else
818 BN_add_word(key, session_key[i]);
819 }
820
821 /*
822 * Encrypt the integer using the public key and host key of the
823 * server (key with smaller modulus first).
824 */
825 if (BN_cmp(public_key->n, host_key->n) < 0) {
826 /* Public key has smaller modulus. */
827 if (BN_num_bits(host_key->n) <
828 BN_num_bits(public_key->n) + SSH_KEY_BITS_RESERVED) {
829 fatal("respond_to_rsa_challenge: host_key %d < public_key %d + "
830 "SSH_KEY_BITS_RESERVED %d",
831 BN_num_bits(host_key->n),
832 BN_num_bits(public_key->n),
833 SSH_KEY_BITS_RESERVED);
834 }
835 rsa_public_encrypt(key, key, public_key);
836 rsa_public_encrypt(key, key, host_key);
837 } else {
838 /* Host key has smaller modulus (or they are equal). */
839 if (BN_num_bits(public_key->n) <
840 BN_num_bits(host_key->n) + SSH_KEY_BITS_RESERVED) {
841 fatal("respond_to_rsa_challenge: public_key %d < host_key %d + "
842 "SSH_KEY_BITS_RESERVED %d",
843 BN_num_bits(public_key->n),
844 BN_num_bits(host_key->n),
845 SSH_KEY_BITS_RESERVED);
846 }
847 rsa_public_encrypt(key, key, host_key);
848 rsa_public_encrypt(key, key, public_key);
849 }
850
851 /* Destroy the public keys since we no longer need them. */
852 RSA_free(public_key);
853 RSA_free(host_key);
854
c523303b 855 if (options.cipher == SSH_CIPHER_NOT_SET) {
856 if (cipher_mask_ssh1(1) & supported_ciphers & (1 << ssh_cipher_default))
857 options.cipher = ssh_cipher_default;
858 } else if (options.cipher == SSH_CIPHER_ILLEGAL ||
859 !(cipher_mask_ssh1(1) & (1 << options.cipher))) {
d0c832f3 860 log("No valid SSH1 cipher, using %.100s instead.",
94ec8c6b 861 cipher_name(ssh_cipher_default));
862 options.cipher = ssh_cipher_default;
a306f2dd 863 }
864 /* Check that the selected cipher is supported. */
865 if (!(supported_ciphers & (1 << options.cipher)))
866 fatal("Selected cipher type %.100s not supported by server.",
867 cipher_name(options.cipher));
868
869 debug("Encryption type: %.100s", cipher_name(options.cipher));
870
871 /* Send the encrypted session key to the server. */
872 packet_start(SSH_CMSG_SESSION_KEY);
873 packet_put_char(options.cipher);
874
875 /* Send the cookie back to the server. */
876 for (i = 0; i < 8; i++)
877 packet_put_char(cookie[i]);
878
879 /* Send and destroy the encrypted encryption key integer. */
880 packet_put_bignum(key);
881 BN_clear_free(key);
882
883 /* Send protocol flags. */
884 packet_put_int(client_flags);
885
886 /* Send the packet now. */
887 packet_send();
888 packet_write_wait();
889
890 debug("Sent encrypted session key.");
891
892 /* Set the encryption key. */
893 packet_set_encryption_key(session_key, SSH_SESSION_KEY_LENGTH, options.cipher);
894
895 /* We will no longer need the session key here. Destroy any extra copies. */
896 memset(session_key, 0, sizeof(session_key));
897
898 /*
899 * Expect a success message from the server. Note that this message
900 * will be received in encrypted form.
901 */
902 packet_read_expect(&payload_len, SSH_SMSG_SUCCESS);
903
904 debug("Received encrypted confirmation.");
905}
906
907/*
908 * Authenticate user
909 */
910void
911ssh_userauth(
b5c334cc 912 const char *local_user,
913 const char *server_user,
a306f2dd 914 char *host,
915 int host_key_valid, RSA *own_host_key)
916{
917 int i, type;
918 int payload_len;
919
920 if (supported_authentications == 0)
921 fatal("ssh_userauth: server supports no auth methods");
922
923 /* Send the name of the user to log in as on the server. */
924 packet_start(SSH_CMSG_USER);
925 packet_put_string(server_user, strlen(server_user));
926 packet_send();
927 packet_write_wait();
928
929 /*
930 * The server should respond with success if no authentication is
931 * needed (the user has no password). Otherwise the server responds
932 * with failure.
933 */
934 type = packet_read(&payload_len);
935
936 /* check whether the connection was accepted without authentication. */
937 if (type == SSH_SMSG_SUCCESS)
938 return;
939 if (type != SSH_SMSG_FAILURE)
940 packet_disconnect("Protocol error: got %d in response to SSH_CMSG_USER",
941 type);
942
943#ifdef AFS
944 /* Try Kerberos tgt passing if the server supports it. */
945 if ((supported_authentications & (1 << SSH_PASS_KERBEROS_TGT)) &&
946 options.kerberos_tgt_passing) {
947 if (options.cipher == SSH_CIPHER_NONE)
948 log("WARNING: Encryption is disabled! Ticket will be transmitted in the clear!");
949 (void) send_kerberos_tgt();
950 }
951 /* Try AFS token passing if the server supports it. */
952 if ((supported_authentications & (1 << SSH_PASS_AFS_TOKEN)) &&
953 options.afs_token_passing && k_hasafs()) {
954 if (options.cipher == SSH_CIPHER_NONE)
955 log("WARNING: Encryption is disabled! Token will be transmitted in the clear!");
956 send_afs_tokens();
957 }
958#endif /* AFS */
959
960#ifdef KRB4
961 if ((supported_authentications & (1 << SSH_AUTH_KERBEROS)) &&
962 options.kerberos_authentication) {
963 debug("Trying Kerberos authentication.");
964 if (try_kerberos_authentication()) {
965 /* The server should respond with success or failure. */
966 type = packet_read(&payload_len);
967 if (type == SSH_SMSG_SUCCESS)
968 return;
969 if (type != SSH_SMSG_FAILURE)
970 packet_disconnect("Protocol error: got %d in response to Kerberos auth", type);
971 }
972 }
973#endif /* KRB4 */
974
975 /*
976 * Use rhosts authentication if running in privileged socket and we
977 * do not wish to remain anonymous.
978 */
979 if ((supported_authentications & (1 << SSH_AUTH_RHOSTS)) &&
980 options.rhosts_authentication) {
981 debug("Trying rhosts authentication.");
982 packet_start(SSH_CMSG_AUTH_RHOSTS);
983 packet_put_string(local_user, strlen(local_user));
984 packet_send();
985 packet_write_wait();
986
987 /* The server should respond with success or failure. */
988 type = packet_read(&payload_len);
989 if (type == SSH_SMSG_SUCCESS)
990 return;
991 if (type != SSH_SMSG_FAILURE)
992 packet_disconnect("Protocol error: got %d in response to rhosts auth",
993 type);
994 }
995 /*
996 * Try .rhosts or /etc/hosts.equiv authentication with RSA host
997 * authentication.
998 */
999 if ((supported_authentications & (1 << SSH_AUTH_RHOSTS_RSA)) &&
1000 options.rhosts_rsa_authentication && host_key_valid) {
1001 if (try_rhosts_rsa_authentication(local_user, own_host_key))
1002 return;
1003 }
1004 /* Try RSA authentication if the server supports it. */
1005 if ((supported_authentications & (1 << SSH_AUTH_RSA)) &&
1006 options.rsa_authentication) {
1007 /*
1008 * Try RSA authentication using the authentication agent. The
1009 * agent is tried first because no passphrase is needed for
1010 * it, whereas identity files may require passphrases.
1011 */
1012 if (try_agent_authentication())
1013 return;
1014
1015 /* Try RSA authentication for each identity. */
1016 for (i = 0; i < options.num_identity_files; i++)
fa08c86b 1017 if (options.identity_files_type[i] == KEY_RSA1 &&
1018 try_rsa_authentication(options.identity_files[i]))
a306f2dd 1019 return;
1020 }
d464095c 1021 /* Try challenge response authentication if the server supports it. */
a306f2dd 1022 if ((supported_authentications & (1 << SSH_AUTH_TIS)) &&
d464095c 1023 options.challenge_reponse_authentication && !options.batch_mode) {
1024 if (try_challenge_reponse_authentication())
a306f2dd 1025 return;
1026 }
1027 /* Try password authentication if the server supports it. */
1028 if ((supported_authentications & (1 << SSH_AUTH_PASSWORD)) &&
1029 options.password_authentication && !options.batch_mode) {
1030 char prompt[80];
1031
1032 snprintf(prompt, sizeof(prompt), "%.30s@%.40s's password: ",
1033 server_user, host);
1034 if (try_password_authentication(prompt))
1035 return;
1036 }
1037 /* All authentication methods have failed. Exit with an error message. */
1038 fatal("Permission denied.");
1039 /* NOTREACHED */
1040}
git-cvsimport mirror of OpenSSH
This page took 0.221937 seconds and 5 git commands to generate.