]> andersk Git - openssh.git/blame - sshconnect.c
andersk / openssh.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Added INSTALL documentation
[openssh.git] / sshconnect.c
CommitLineData
8efc0c15 1/*
2
3sshconnect.c
4
5Author: Tatu Ylonen <ylo@cs.hut.fi>
6
7Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
8 All rights reserved
9
10Created: Sat Mar 18 22:15:47 1995 ylo
11
12Code to connect to a remote host, and to perform the client side of the
13login (authentication) dialog.
14
15*/
16
5881cd60 17#include "config.h"
8efc0c15 18#include "includes.h"
19RCSID("$Id$");
20
5881cd60 21#ifdef HAVE_OPENSSL
8efc0c15 22#include <openssl/bn.h>
5881cd60 23#include <openssl/md5.h>
24#endif
25#ifdef HAVE_SSL
26#include <ssl/bn.h>
27#include <ssl/md5.h>
28#endif
29
8efc0c15 30#include "xmalloc.h"
31#include "rsa.h"
32#include "ssh.h"
33#include "packet.h"
34#include "authfd.h"
35#include "cipher.h"
36#include "mpaux.h"
37#include "uidswap.h"
38#include "compat.h"
39
8efc0c15 40
41/* Session id for the current session. */
42unsigned char session_id[16];
43
44/* Connect to the given ssh server using a proxy command. */
45
46int
47ssh_proxy_connect(const char *host, int port, uid_t original_real_uid,
48 const char *proxy_command)
49{
50 Buffer command;
51 const char *cp;
52 char *command_string;
53 int pin[2], pout[2];
54 int pid;
55 char portstring[100];
56
57 /* Convert the port number into a string. */
58 snprintf(portstring, sizeof portstring, "%d", port);
59
60 /* Build the final command string in the buffer by making the appropriate
61 substitutions to the given proxy command. */
62 buffer_init(&command);
63 for (cp = proxy_command; *cp; cp++)
64 {
65 if (cp[0] == '%' && cp[1] == '%')
66 {
67 buffer_append(&command, "%", 1);
68 cp++;
69 continue;
70 }
71 if (cp[0] == '%' && cp[1] == 'h')
72 {
73 buffer_append(&command, host, strlen(host));
74 cp++;
75 continue;
76 }
77 if (cp[0] == '%' && cp[1] == 'p')
78 {
79 buffer_append(&command, portstring, strlen(portstring));
80 cp++;
81 continue;
82 }
83 buffer_append(&command, cp, 1);
84 }
85 buffer_append(&command, "\0", 1);
86
87 /* Get the final command string. */
88 command_string = buffer_ptr(&command);
89
90 /* Create pipes for communicating with the proxy. */
91 if (pipe(pin) < 0 || pipe(pout) < 0)
92 fatal("Could not create pipes to communicate with the proxy: %.100s",
93 strerror(errno));
94
95 debug("Executing proxy command: %.500s", command_string);
96
97 /* Fork and execute the proxy command. */
98 if ((pid = fork()) == 0)
99 {
100 char *argv[10];
101
102 /* Child. Permanently give up superuser privileges. */
103 permanently_set_uid(original_real_uid);
104
105 /* Redirect stdin and stdout. */
106 close(pin[1]);
107 if (pin[0] != 0)
108 {
109 if (dup2(pin[0], 0) < 0)
110 perror("dup2 stdin");
111 close(pin[0]);
112 }
113 close(pout[0]);
114 if (dup2(pout[1], 1) < 0)
115 perror("dup2 stdout");
116 close(pout[1]); /* Cannot be 1 because pin allocated two descriptors. */
117
118 /* Stderr is left as it is so that error messages get printed on
119 the user's terminal. */
120 argv[0] = "/bin/sh";
121 argv[1] = "-c";
122 argv[2] = command_string;
123 argv[3] = NULL;
124
125 /* Execute the proxy command. Note that we gave up any extra
126 privileges above. */
127 execv("/bin/sh", argv);
128 perror("/bin/sh");
129 exit(1);
130 }
131 /* Parent. */
132 if (pid < 0)
133 fatal("fork failed: %.100s", strerror(errno));
134
135 /* Close child side of the descriptors. */
136 close(pin[0]);
137 close(pout[1]);
138
139 /* Free the command name. */
140 buffer_free(&command);
141
142 /* Set the connection file descriptors. */
143 packet_set_connection(pout[0], pin[1]);
144
145 return 1;
146}
147
148/* Creates a (possibly privileged) socket for use as the ssh connection. */
149
150int ssh_create_socket(uid_t original_real_uid, int privileged)
151{
152 int sock;
153
154 /* If we are running as root and want to connect to a privileged port,
155 bind our own socket to a privileged port. */
156 if (privileged)
157 {
158 int p = IPPORT_RESERVED - 1;
159
160 sock = rresvport(&p);
161 if (sock < 0)
162 fatal("rresvport: %.100s", strerror(errno));
163 debug("Allocated local port %d.", p);
164 }
165 else
166 {
167 /* Just create an ordinary socket on arbitrary port. We use the
168 user's uid to create the socket. */
169 temporarily_use_uid(original_real_uid);
170 sock = socket(AF_INET, SOCK_STREAM, 0);
171 if (sock < 0)
172 fatal("socket: %.100s", strerror(errno));
173 restore_uid();
174 }
175 return sock;
176}
177
178/* Opens a TCP/IP connection to the remote server on the given host. If
179 port is 0, the default port will be used. If anonymous is zero,
180 a privileged port will be allocated to make the connection.
181 This requires super-user privileges if anonymous is false.
182 Connection_attempts specifies the maximum number of tries (one per
183 second). If proxy_command is non-NULL, it specifies the command (with %h
184 and %p substituted for host and port, respectively) to use to contact
185 the daemon. */
186
187int ssh_connect(const char *host, struct sockaddr_in *hostaddr,
188 int port, int connection_attempts,
189 int anonymous, uid_t original_real_uid,
190 const char *proxy_command)
191{
192 int sock = -1, attempt, i;
193 int on = 1;
194 struct servent *sp;
195 struct hostent *hp;
196 struct linger linger;
197
198 debug("ssh_connect: getuid %d geteuid %d anon %d",
199 (int)getuid(), (int)geteuid(), anonymous);
200
201 /* Get default port if port has not been set. */
202 if (port == 0)
203 {
204 sp = getservbyname(SSH_SERVICE_NAME, "tcp");
205 if (sp)
206 port = ntohs(sp->s_port);
207 else
208 port = SSH_DEFAULT_PORT;
209 }
210
211 /* If a proxy command is given, connect using it. */
212 if (proxy_command != NULL)
213 return ssh_proxy_connect(host, port, original_real_uid, proxy_command);
214
215 /* No proxy command. */
216
217 /* No host lookup made yet. */
218 hp = NULL;
219
220 /* Try to connect several times. On some machines, the first time will
221 sometimes fail. In general socket code appears to behave quite
222 magically on many machines. */
223 for (attempt = 0; attempt < connection_attempts; attempt++)
224 {
225 if (attempt > 0)
226 debug("Trying again...");
227
228 /* Try to parse the host name as a numeric inet address. */
229 memset(hostaddr, 0, sizeof(hostaddr));
230 hostaddr->sin_family = AF_INET;
231 hostaddr->sin_port = htons(port);
232 hostaddr->sin_addr.s_addr = inet_addr(host);
233 if ((hostaddr->sin_addr.s_addr & 0xffffffff) != 0xffffffff)
234 {
235 /* Valid numeric IP address */
236 debug("Connecting to %.100s port %d.",
237 inet_ntoa(hostaddr->sin_addr), port);
238
239 /* Create a socket. */
240 sock = ssh_create_socket(original_real_uid,
241 !anonymous && geteuid() == 0 &&
242 port < IPPORT_RESERVED);
243
244 /* Connect to the host. We use the user's uid in the hope that
245 it will help with the problems of tcp_wrappers showing the
246 remote uid as root. */
247 temporarily_use_uid(original_real_uid);
248 if (connect(sock, (struct sockaddr *)hostaddr, sizeof(*hostaddr))
249 >= 0)
250 {
251 /* Successful connect. */
252 restore_uid();
253 break;
254 }
255 debug("connect: %.100s", strerror(errno));
256 restore_uid();
257
258 /* Destroy the failed socket. */
259 shutdown(sock, SHUT_RDWR);
260 close(sock);
261 }
262 else
263 {
264 /* Not a valid numeric inet address. */
265 /* Map host name to an address. */
266 if (!hp)
267 hp = gethostbyname(host);
268 if (!hp)
269 fatal("Bad host name: %.100s", host);
270 if (!hp->h_addr_list[0])
271 fatal("Host does not have an IP address: %.100s", host);
272
273 /* Loop through addresses for this host, and try each one in
274 sequence until the connection succeeds. */
275 for (i = 0; hp->h_addr_list[i]; i++)
276 {
277 /* Set the address to connect to. */
278 hostaddr->sin_family = hp->h_addrtype;
279 memcpy(&hostaddr->sin_addr, hp->h_addr_list[i],
280 sizeof(hostaddr->sin_addr));
281
282 debug("Connecting to %.200s [%.100s] port %d.",
283 host, inet_ntoa(hostaddr->sin_addr), port);
284
285 /* Create a socket for connecting. */
286 sock = ssh_create_socket(original_real_uid,
287 !anonymous && geteuid() == 0 &&
288 port < IPPORT_RESERVED);
289
290 /* Connect to the host. We use the user's uid in the hope that
291 it will help with tcp_wrappers showing the remote uid as
292 root. */
293 temporarily_use_uid(original_real_uid);
294 if (connect(sock, (struct sockaddr *)hostaddr,
295 sizeof(*hostaddr)) >= 0)
296 {
297 /* Successful connection. */
298 restore_uid();
299 break;
300 }
301 debug("connect: %.100s", strerror(errno));
302 restore_uid();
303
304 /* Close the failed socket; there appear to be some problems
305 when reusing a socket for which connect() has already
306 returned an error. */
307 shutdown(sock, SHUT_RDWR);
308 close(sock);
309 }
310 if (hp->h_addr_list[i])
311 break; /* Successful connection. */
312 }
313
314 /* Sleep a moment before retrying. */
315 sleep(1);
316 }
317 /* Return failure if we didn't get a successful connection. */
318 if (attempt >= connection_attempts)
319 return 0;
320
321 debug("Connection established.");
322
323 /* Set socket options. We would like the socket to disappear as soon as
324 it has been closed for whatever reason. */
325 /* setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void *)&on, sizeof(on)); */
326 setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, (void *)&on, sizeof(on));
327 linger.l_onoff = 1;
328 linger.l_linger = 5;
329 setsockopt(sock, SOL_SOCKET, SO_LINGER, (void *)&linger, sizeof(linger));
330
331 /* Set the connection. */
332 packet_set_connection(sock, sock);
333
334 return 1;
335}
336
337/* Checks if the user has an authentication agent, and if so, tries to
338 authenticate using the agent. */
339
340int
341try_agent_authentication()
342{
343 int status, type, bits;
344 char *comment;
345 AuthenticationConnection *auth;
346 unsigned char response[16];
347 unsigned int i;
348 BIGNUM *e, *n, *challenge;
349
350 /* Get connection to the agent. */
351 auth = ssh_get_authentication_connection();
352 if (!auth)
353 return 0;
354
355 e = BN_new();
356 n = BN_new();
357 challenge = BN_new();
358
359 /* Loop through identities served by the agent. */
360 for (status = ssh_get_first_identity(auth, &bits, e, n, &comment);
361 status;
362 status = ssh_get_next_identity(auth, &bits, e, n, &comment))
363 {
364 int plen, clen;
365
366 /* Try this identity. */
367 debug("Trying RSA authentication via agent with '%.100s'", comment);
368 xfree(comment);
369
370 /* Tell the server that we are willing to authenticate using this key. */
371 packet_start(SSH_CMSG_AUTH_RSA);
372 packet_put_bignum(n);
373 packet_send();
374 packet_write_wait();
375
376 /* Wait for server's response. */
377 type = packet_read(&plen);
378
379 /* The server sends failure if it doesn\'t like our key or does not
380 support RSA authentication. */
381 if (type == SSH_SMSG_FAILURE)
382 {
383 debug("Server refused our key.");
384 continue;
385 }
386
387 /* Otherwise it should have sent a challenge. */
388 if (type != SSH_SMSG_AUTH_RSA_CHALLENGE)
389 packet_disconnect("Protocol error during RSA authentication: %d",
390 type);
391
392 packet_get_bignum(challenge, &clen);
393
394 packet_integrity_check(plen, clen, type);
395
396 debug("Received RSA challenge from server.");
397
398 /* Ask the agent to decrypt the challenge. */
399 if (!ssh_decrypt_challenge(auth, bits, e, n, challenge,
400 session_id, 1, response))
401 {
402 /* The agent failed to authenticate this identifier although it
403 advertised it supports this. Just return a wrong value. */
404 log("Authentication agent failed to decrypt challenge.");
405 memset(response, 0, sizeof(response));
406 }
407
408 debug("Sending response to RSA challenge.");
409
410 /* Send the decrypted challenge back to the server. */
411 packet_start(SSH_CMSG_AUTH_RSA_RESPONSE);
412 for (i = 0; i < 16; i++)
413 packet_put_char(response[i]);
414 packet_send();
415 packet_write_wait();
416
417 /* Wait for response from the server. */
418 type = packet_read(&plen);
419
420 /* The server returns success if it accepted the authentication. */
421 if (type == SSH_SMSG_SUCCESS)
422 {
423 debug("RSA authentication accepted by server.");
424 BN_clear_free(e);
425 BN_clear_free(n);
426 BN_clear_free(challenge);
427 return 1;
428 }
429
430 /* Otherwise it should return failure. */
431 if (type != SSH_SMSG_FAILURE)
432 packet_disconnect("Protocol error waiting RSA auth response: %d",
433 type);
434 }
435
436 BN_clear_free(e);
437 BN_clear_free(n);
438 BN_clear_free(challenge);
439
440 debug("RSA authentication using agent refused.");
441 return 0;
442}
443
444/* Computes the proper response to a RSA challenge, and sends the response to
445 the server. */
446
447void
448respond_to_rsa_challenge(BIGNUM *challenge, RSA *prv)
449{
450 unsigned char buf[32], response[16];
451 MD5_CTX md;
452 int i, len;
453
454 /* Decrypt the challenge using the private key. */
455 rsa_private_decrypt(challenge, challenge, prv);
456
457 /* Compute the response. */
458 /* The response is MD5 of decrypted challenge plus session id. */
459 len = BN_num_bytes(challenge);
5bae4ab8 460 if (len <= 0 || len > sizeof(buf))
461 packet_disconnect("respond_to_rsa_challenge: bad challenge length %d",
462 len);
463
8efc0c15 464 memset(buf, 0, sizeof(buf));
465 BN_bn2bin(challenge, buf + sizeof(buf) - len);
466 MD5_Init(&md);
467 MD5_Update(&md, buf, 32);
468 MD5_Update(&md, session_id, 16);
469 MD5_Final(response, &md);
470
471 debug("Sending response to host key RSA challenge.");
472
473 /* Send the response back to the server. */
474 packet_start(SSH_CMSG_AUTH_RSA_RESPONSE);
475 for (i = 0; i < 16; i++)
476 packet_put_char(response[i]);
477 packet_send();
478 packet_write_wait();
479
480 memset(buf, 0, sizeof(buf));
481 memset(response, 0, sizeof(response));
482 memset(&md, 0, sizeof(md));
483}
484
485/* Checks if the user has authentication file, and if so, tries to authenticate
486 the user using it. */
487
488int
489try_rsa_authentication(struct passwd *pw, const char *authfile,
490 int may_ask_passphrase)
491{
492 BIGNUM *challenge;
493 RSA *private_key;
494 RSA *public_key;
495 char *passphrase, *comment;
496 int type, i;
497 int plen, clen;
498
499 /* Try to load identification for the authentication key. */
500 public_key = RSA_new();
501 if (!load_public_key(authfile, public_key, &comment)) {
502 RSA_free(public_key);
503 return 0; /* Could not load it. Fail. */
504 }
505
506 debug("Trying RSA authentication with key '%.100s'", comment);
507
508 /* Tell the server that we are willing to authenticate using this key. */
509 packet_start(SSH_CMSG_AUTH_RSA);
510 packet_put_bignum(public_key->n);
511 packet_send();
512 packet_write_wait();
513
514 /* We no longer need the public key. */
515 RSA_free(public_key);
516
517 /* Wait for server's response. */
518 type = packet_read(&plen);
519
520 /* The server responds with failure if it doesn\'t like our key or doesn\'t
521 support RSA authentication. */
522 if (type == SSH_SMSG_FAILURE)
523 {
524 debug("Server refused our key.");
525 xfree(comment);
526 return 0; /* Server refuses to authenticate with this key. */
527 }
528
529 /* Otherwise, the server should respond with a challenge. */
530 if (type != SSH_SMSG_AUTH_RSA_CHALLENGE)
531 packet_disconnect("Protocol error during RSA authentication: %d", type);
532
533 /* Get the challenge from the packet. */
534 challenge = BN_new();
535 packet_get_bignum(challenge, &clen);
536
537 packet_integrity_check(plen, clen, type);
538
539 debug("Received RSA challenge from server.");
540
541 private_key = RSA_new();
542 /* Load the private key. Try first with empty passphrase; if it fails,
543 ask for a passphrase. */
544 if (!load_private_key(authfile, "", private_key, NULL))
545 {
546 char buf[300];
547 /* Request passphrase from the user. We read from /dev/tty to make
548 this work even if stdin has been redirected. If running in
549 batch mode, we just use the empty passphrase, which will fail and
550 return. */
551 snprintf(buf, sizeof buf,
552 "Enter passphrase for RSA key '%.100s': ", comment);
553 if (may_ask_passphrase)
554 passphrase = read_passphrase(buf, 0);
555 else
556 {
557 debug("Will not query passphrase for %.100s in batch mode.",
558 comment);
559 passphrase = xstrdup("");
560 }
561
562 /* Load the authentication file using the pasphrase. */
563 if (!load_private_key(authfile, passphrase, private_key, NULL))
564 {
565 memset(passphrase, 0, strlen(passphrase));
566 xfree(passphrase);
567 error("Bad passphrase.");
568
569 /* Send a dummy response packet to avoid protocol error. */
570 packet_start(SSH_CMSG_AUTH_RSA_RESPONSE);
571 for (i = 0; i < 16; i++)
572 packet_put_char(0);
573 packet_send();
574 packet_write_wait();
575
576 /* Expect the server to reject it... */
577 packet_read_expect(&plen, SSH_SMSG_FAILURE);
578 xfree(comment);
579 return 0;
580 }
581
582 /* Destroy the passphrase. */
583 memset(passphrase, 0, strlen(passphrase));
584 xfree(passphrase);
585 }
586
587 /* We no longer need the comment. */
588 xfree(comment);
589
590 /* Compute and send a response to the challenge. */
591 respond_to_rsa_challenge(challenge, private_key);
592
593 /* Destroy the private key. */
594 RSA_free(private_key);
595
596 /* We no longer need the challenge. */
597 BN_clear_free(challenge);
598
599 /* Wait for response from the server. */
600 type = packet_read(&plen);
601 if (type == SSH_SMSG_SUCCESS)
602 {
603 debug("RSA authentication accepted by server.");
604 return 1;
605 }
606 if (type != SSH_SMSG_FAILURE)
607 packet_disconnect("Protocol error waiting RSA auth response: %d", type);
608 debug("RSA authentication refused.");
609 return 0;
610}
611
612/* Tries to authenticate the user using combined rhosts or /etc/hosts.equiv
613 authentication and RSA host authentication. */
614
615int
616try_rhosts_rsa_authentication(const char *local_user, RSA *host_key)
617{
618 int type;
619 BIGNUM *challenge;
620 int plen, clen;
621
622 debug("Trying rhosts or /etc/hosts.equiv with RSA host authentication.");
623
624 /* Tell the server that we are willing to authenticate using this key. */
625 packet_start(SSH_CMSG_AUTH_RHOSTS_RSA);
626 packet_put_string(local_user, strlen(local_user));
627 packet_put_int(BN_num_bits(host_key->n));
628 packet_put_bignum(host_key->e);
629 packet_put_bignum(host_key->n);
630 packet_send();
631 packet_write_wait();
632
633 /* Wait for server's response. */
634 type = packet_read(&plen);
635
636 /* The server responds with failure if it doesn't admit our .rhosts
637 authentication or doesn't know our host key. */
638 if (type == SSH_SMSG_FAILURE)
639 {
640 debug("Server refused our rhosts authentication or host key.");
641 return 0; /* Server refuses to authenticate us with this method. */
642 }
643
644 /* Otherwise, the server should respond with a challenge. */
645 if (type != SSH_SMSG_AUTH_RSA_CHALLENGE)
646 packet_disconnect("Protocol error during RSA authentication: %d", type);
647
648 /* Get the challenge from the packet. */
649 challenge = BN_new();
650 packet_get_bignum(challenge, &clen);
651
652 packet_integrity_check(plen, clen, type);
653
654 debug("Received RSA challenge for host key from server.");
655
656 /* Compute a response to the challenge. */
657 respond_to_rsa_challenge(challenge, host_key);
658
659 /* We no longer need the challenge. */
660 BN_clear_free(challenge);
661
662 /* Wait for response from the server. */
663 type = packet_read(&plen);
664 if (type == SSH_SMSG_SUCCESS)
665 {
666 debug("Rhosts or /etc/hosts.equiv with RSA host authentication accepted by server.");
667 return 1;
668 }
669 if (type != SSH_SMSG_FAILURE)
670 packet_disconnect("Protocol error waiting RSA auth response: %d", type);
671 debug("Rhosts or /etc/hosts.equiv with RSA host authentication refused.");
672 return 0;
673}
674
675#ifdef KRB4
676int try_kerberos_authentication()
677{
678 KTEXT_ST auth; /* Kerberos data */
679 char *reply;
680 char inst[INST_SZ];
681 char *realm;
682 CREDENTIALS cred;
683 int r, type, plen;
684 Key_schedule schedule;
685 u_long checksum, cksum;
686 MSG_DAT msg_data;
687 struct sockaddr_in local, foreign;
688 struct stat st;
689
690 /* Don't do anything if we don't have any tickets. */
691 if (stat(tkt_string(), &st) < 0) return 0;
692
693 strncpy(inst, (char *) krb_get_phost(get_canonical_hostname()), INST_SZ);
694
695 realm = (char *)krb_realmofhost(get_canonical_hostname());
696 if (!realm) {
697 debug("Kerberos V4: no realm for %s", get_canonical_hostname());
698 return 0;
699 }
700 /* This can really be anything. */
701 checksum = (u_long) getpid();
702
703 r = krb_mk_req(&auth, KRB4_SERVICE_NAME, inst, realm, checksum);
704 if (r != KSUCCESS) {
705 debug("Kerberos V4 krb_mk_req failed: %s", krb_err_txt[r]);
706 return 0;
707 }
708 /* Get session key to decrypt the server's reply with. */
709 r = krb_get_cred(KRB4_SERVICE_NAME, inst, realm, &cred);
710 if (r != KSUCCESS) {
711 debug("get_cred failed: %s", krb_err_txt[r]);
712 return 0;
713 }
714 des_key_sched((des_cblock *)cred.session, schedule);
715
716 /* Send authentication info to server. */
717 packet_start(SSH_CMSG_AUTH_KERBEROS);
718 packet_put_string((char *)auth.dat, auth.length);
719 packet_send();
720 packet_write_wait();
721
722 /* Zero the buffer. */
723 (void) memset(auth.dat, 0, MAX_KTXT_LEN);
724
725 r = sizeof(local);
726 memset(&local, 0, sizeof(local));
727 if (getsockname(packet_get_connection_in(),
728 (struct sockaddr *) &local, &r) < 0)
729 debug("getsockname failed: %s", strerror(errno));
730
731 r = sizeof(foreign);
732 memset(&foreign, 0, sizeof(foreign));
733 if (getpeername(packet_get_connection_in(),
734 (struct sockaddr *)&foreign, &r) < 0)
735 debug("getpeername failed: %s", strerror(errno));
736
737 /* Get server reply. */
738 type = packet_read(&plen);
739 switch(type) {
740
741 case SSH_SMSG_FAILURE: /* Should really be SSH_SMSG_AUTH_KERBEROS_FAILURE */
742 debug("Kerberos V4 authentication failed.");
743 return 0;
744 break;
745
746 case SSH_SMSG_AUTH_KERBEROS_RESPONSE: /* SSH_SMSG_AUTH_KERBEROS_SUCCESS */
747 debug("Kerberos V4 authentication accepted.");
748
749 /* Get server's response. */
750 reply = packet_get_string((unsigned int *)&auth.length);
751 memcpy(auth.dat, reply, auth.length);
752 xfree(reply);
753
754 packet_integrity_check(plen, 4 + auth.length, type);
755
756 /* If his response isn't properly encrypted with the session key,
757 and the decrypted checksum fails to match, he's bogus. Bail out. */
758 r = krb_rd_priv(auth.dat, auth.length, schedule, &cred.session,
759 &foreign, &local, &msg_data);
760 if (r != KSUCCESS) {
761 debug("Kerberos V4 krb_rd_priv failed: %s", krb_err_txt[r]);
762 packet_disconnect("Kerberos V4 challenge failed!");
763 }
764 /* Fetch the (incremented) checksum that we supplied in the request. */
765 (void)memcpy((char *)&cksum, (char *)msg_data.app_data, sizeof(cksum));
766 cksum = ntohl(cksum);
767
768 /* If it matches, we're golden. */
769 if (cksum == checksum + 1) {
770 debug("Kerberos V4 challenge successful.");
771 return 1;
772 }
773 else
774 packet_disconnect("Kerberos V4 challenge failed!");
775 break;
776
777 default:
778 packet_disconnect("Protocol error on Kerberos V4 response: %d", type);
779 }
780 return 0;
781}
782#endif /* KRB4 */
783
784#ifdef AFS
785int send_kerberos_tgt()
786{
787 CREDENTIALS *creds;
788 char pname[ANAME_SZ], pinst[INST_SZ], prealm[REALM_SZ];
789 int r, type, plen;
790 unsigned char buffer[8192];
791 struct stat st;
792
793 /* Don't do anything if we don't have any tickets. */
794 if (stat(tkt_string(), &st) < 0) return 0;
795
796 creds = xmalloc(sizeof(*creds));
797
798 if ((r = krb_get_tf_fullname(TKT_FILE, pname, pinst, prealm)) != KSUCCESS) {
799 debug("Kerberos V4 tf_fullname failed: %s",krb_err_txt[r]);
800 return 0;
801 }
802 if ((r = krb_get_cred("krbtgt", prealm, prealm, creds)) != GC_OK) {
803 debug("Kerberos V4 get_cred failed: %s", krb_err_txt[r]);
804 return 0;
805 }
806 if (time(0) > krb_life_to_time(creds->issue_date, creds->lifetime)) {
807 debug("Kerberos V4 ticket expired: %s", TKT_FILE);
808 return 0;
809 }
810
811 creds_to_radix(creds, buffer);
812 xfree(creds);
813
814 packet_start(SSH_CMSG_HAVE_KERBEROS_TGT);
815 packet_put_string((char *)buffer, strlen(buffer));
816 packet_send();
817 packet_write_wait();
818
819 type = packet_read(&plen);
820
821 if (type == SSH_SMSG_FAILURE)
822 debug("Kerberos TGT for realm %s rejected.", prealm);
823 else if (type != SSH_SMSG_SUCCESS)
824 packet_disconnect("Protocol error on Kerberos TGT response: %d", type);
825
826 return 1;
827}
828
829void send_afs_tokens(void)
830{
831 CREDENTIALS creds;
832 struct ViceIoctl parms;
833 struct ClearToken ct;
834 int i, type, len, plen;
835 char buf[2048], *p, *server_cell;
836 unsigned char buffer[8192];
837
838 /* Move over ktc_GetToken, here's something leaner. */
839 for (i = 0; i < 100; i++) { /* just in case */
840 parms.in = (char *)&i;
841 parms.in_size = sizeof(i);
842 parms.out = buf;
843 parms.out_size = sizeof(buf);
844 if (k_pioctl(0, VIOCGETTOK, &parms, 0) != 0) break;
845 p = buf;
846
847 /* Get secret token. */
848 memcpy(&creds.ticket_st.length, p, sizeof(unsigned int));
849 if (creds.ticket_st.length > MAX_KTXT_LEN) break;
850 p += sizeof(unsigned int);
851 memcpy(creds.ticket_st.dat, p, creds.ticket_st.length);
852 p += creds.ticket_st.length;
853
854 /* Get clear token. */
855 memcpy(&len, p, sizeof(len));
856 if (len != sizeof(struct ClearToken)) break;
857 p += sizeof(len);
858 memcpy(&ct, p, len);
859 p += len;
860 p += sizeof(len); /* primary flag */
861 server_cell = p;
862
863 /* Flesh out our credentials. */
864 strlcpy(creds.service, "afs", sizeof creds.service);
865 creds.instance[0] = '\0';
866 strlcpy(creds.realm, server_cell, REALM_SZ);
867 memcpy(creds.session, ct.HandShakeKey, DES_KEY_SZ);
868 creds.issue_date = ct.BeginTimestamp;
869 creds.lifetime = krb_time_to_life(creds.issue_date, ct.EndTimestamp);
870 creds.kvno = ct.AuthHandle;
871 snprintf(creds.pname, sizeof(creds.pname), "AFS ID %d", ct.ViceId);
872 creds.pinst[0] = '\0';
873
874 /* Encode token, ship it off. */
875 if (!creds_to_radix(&creds, buffer)) break;
876 packet_start(SSH_CMSG_HAVE_AFS_TOKEN);
877 packet_put_string((char *)buffer, strlen(buffer));
878 packet_send();
879 packet_write_wait();
880
881 /* Roger, Roger. Clearance, Clarence. What's your vector, Victor? */
882 type = packet_read(&plen);
883
884 if (type == SSH_SMSG_FAILURE)
885 debug("AFS token for cell %s rejected.", server_cell);
886 else if (type != SSH_SMSG_SUCCESS)
887 packet_disconnect("Protocol error on AFS token response: %d", type);
888 }
889}
890#endif /* AFS */
891
892/* Waits for the server identification string, and sends our own identification
893 string. */
894
895void ssh_exchange_identification()
896{
897 char buf[256], remote_version[256]; /* must be same size! */
898 int remote_major, remote_minor, i;
899 int connection_in = packet_get_connection_in();
900 int connection_out = packet_get_connection_out();
901 extern Options options;
902
903 /* Read other side\'s version identification. */
904 for (i = 0; i < sizeof(buf) - 1; i++)
905 {
906 if (read(connection_in, &buf[i], 1) != 1)
907 fatal("read: %.100s", strerror(errno));
908 if (buf[i] == '\r')
909 {
910 buf[i] = '\n';
911 buf[i + 1] = 0;
912 break;
913 }
914 if (buf[i] == '\n')
915 {
916 buf[i + 1] = 0;
917 break;
918 }
919 }
920 buf[sizeof(buf) - 1] = 0;
921
922 /* Check that the versions match. In future this might accept several
923 versions and set appropriate flags to handle them. */
924 if (sscanf(buf, "SSH-%d.%d-%[^\n]\n", &remote_major, &remote_minor,
925 remote_version) != 3)
926 fatal("Bad remote protocol version identification: '%.100s'", buf);
927 debug("Remote protocol version %d.%d, remote software version %.100s",
928 remote_major, remote_minor, remote_version);
929
930 /* Check if the remote protocol version is too old. */
931 if (remote_major == 1 && remote_minor < 3)
932 fatal("Remote machine has too old SSH software version.");
933
934 /* We speak 1.3, too. */
935 if (remote_major == 1 && remote_minor == 3) {
936 enable_compat13();
937 if (options.forward_agent && strcmp(remote_version, SSH_VERSION) != 0) {
938 log("Agent forwarding disabled, remote version '%s' is not compatible.",
939 remote_version);
940 options.forward_agent = 0;
941 }
942 }
943#if 0
944 /* Removed for now, to permit compatibility with latter versions. The server
945 will reject our version and disconnect if it doesn't support it. */
946 if (remote_major != PROTOCOL_MAJOR)
947 fatal("Protocol major versions differ: %d vs. %d",
948 PROTOCOL_MAJOR, remote_major);
949#endif
950
951 /* Send our own protocol version identification. */
952 snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s\n",
953 PROTOCOL_MAJOR, PROTOCOL_MINOR, SSH_VERSION);
954 if (write(connection_out, buf, strlen(buf)) != strlen(buf))
955 fatal("write: %.100s", strerror(errno));
956}
957
958int ssh_cipher_default = SSH_CIPHER_3DES;
959
960int read_yes_or_no(const char *prompt, int defval)
961{
962 char buf[1024];
963 FILE *f;
964 int retval = -1;
965
966 if (isatty(0))
967 f = stdin;
968 else
969 f = fopen("/dev/tty", "rw");
970
971 if (f == NULL)
972 return 0;
973
974 fflush(stdout);
975
976 while (1)
977 {
978 fprintf(stderr, "%s", prompt);
979 if (fgets(buf, sizeof(buf), f) == NULL)
980 {
981 /* Print a newline (the prompt probably didn\'t have one). */
982 fprintf(stderr, "\n");
983 strlcpy(buf, "no", sizeof buf);
984 }
985 /* Remove newline from response. */
986 if (strchr(buf, '\n'))
987 *strchr(buf, '\n') = 0;
988
989 if (buf[0] == 0)
990 retval = defval;
991 if (strcmp(buf, "yes") == 0)
992 retval = 1;
993 if (strcmp(buf, "no") == 0)
994 retval = 0;
995
996 if (retval != -1)
997 {
998 if (f != stdin)
999 fclose(f);
1000 return retval;
1001 }
1002 }
1003}
1004
1005/* Starts a dialog with the server, and authenticates the current user on the
1006 server. This does not need any extra privileges. The basic connection
1007 to the server must already have been established before this is called.
1008 User is the remote user; if it is NULL, the current local user name will
1009 be used. Anonymous indicates that no rhosts authentication will be used.
1010 If login fails, this function prints an error and never returns.
1011 This function does not require super-user privileges. */
1012
1013void ssh_login(int host_key_valid,
1014 RSA *own_host_key,
1015 const char *orighost,
1016 struct sockaddr_in *hostaddr,
1017 Options *options, uid_t original_real_uid)
1018{
1019 int i, type;
1020 char *password;
1021 struct passwd *pw;
1022 BIGNUM *key;
1023 RSA *host_key, *file_key;
1024 RSA *public_key;
560557bb 1025 int bits, rbits;
8efc0c15 1026 unsigned char session_key[SSH_SESSION_KEY_LENGTH];
1027 const char *server_user, *local_user;
1028 char *cp, *host, *ip = NULL;
1029 unsigned char check_bytes[8];
1030 unsigned int supported_ciphers, supported_authentications, protocol_flags;
1031 HostStatus host_status;
1032 HostStatus ip_status;
1033 int host_ip_differ = 0;
1034 int local = (ntohl(hostaddr->sin_addr.s_addr) >> 24) == IN_LOOPBACKNET;
1035 int payload_len, clen, sum_len = 0;
1036 u_int32_t rand = 0;
1037
1038 if (options->check_host_ip)
1039 ip = xstrdup(inet_ntoa(hostaddr->sin_addr));
1040
1041 /* Convert the user-supplied hostname into all lowercase. */
1042 host = xstrdup(orighost);
1043 for (cp = host; *cp; cp++)
1044 if (isupper(*cp))
1045 *cp = tolower(*cp);
1046
1047 /* Exchange protocol version identification strings with the server. */
1048 ssh_exchange_identification();
1049
1050 /* Put the connection into non-blocking mode. */
1051 packet_set_nonblocking();
1052
1053 /* Get local user name. Use it as server user if no user name
1054 was given. */
1055 pw = getpwuid(original_real_uid);
1056 if (!pw)
1057 fatal("User id %d not found from user database.", original_real_uid);
1058 local_user = xstrdup(pw->pw_name);
1059 server_user = options->user ? options->user : local_user;
1060
1061 debug("Waiting for server public key.");
1062
1063 /* Wait for a public key packet from the server. */
1064 packet_read_expect(&payload_len, SSH_SMSG_PUBLIC_KEY);
1065
1066 /* Get check bytes from the packet. */
1067 for (i = 0; i < 8; i++)
1068 check_bytes[i] = packet_get_char();
1069
1070 /* Get the public key. */
1071 public_key = RSA_new();
560557bb 1072 bits = packet_get_int(); /* bits */
8efc0c15 1073 public_key->e = BN_new();
1074 packet_get_bignum(public_key->e, &clen);
1075 sum_len += clen;
1076 public_key->n = BN_new();
1077 packet_get_bignum(public_key->n, &clen);
1078 sum_len += clen;
1079
560557bb 1080 rbits = BN_num_bits(public_key->n);
1081 if (bits != rbits) {
1082 log("Warning: Server lies about size of server public key,");
1083 log("Warning: this may be due to an old implementation of ssh.");
1084 log("Warning: (actual size %d bits, announced size %d bits)", rbits, bits);
1085 }
1086
8efc0c15 1087 /* Get the host key. */
1088 host_key = RSA_new();
560557bb 1089 bits = packet_get_int(); /* bits */
8efc0c15 1090 host_key->e = BN_new();
1091 packet_get_bignum(host_key->e, &clen);
1092 sum_len += clen;
1093 host_key->n = BN_new();
1094 packet_get_bignum(host_key->n, &clen);
1095 sum_len += clen;
1096
560557bb 1097 rbits = BN_num_bits(host_key->n);
1098 if (bits != rbits) {
1099 log("Warning: Server lies about size of server host key,");
1100 log("Warning: this may be due to an old implementation of ssh.");
1101 log("Warning: (actual size %d bits, announced size %d bits)", rbits, bits);
1102 }
1103
8efc0c15 1104 /* Store the host key from the known host file in here
1105 * so that we can compare it with the key for the IP
1106 * address. */
1107 file_key = RSA_new();
1108 file_key->n = BN_new();
1109 file_key->e = BN_new();
1110
1111 /* Get protocol flags. */
1112 protocol_flags = packet_get_int();
1113 packet_set_protocol_flags(protocol_flags);
1114
1115 /* Get supported cipher types. */
1116 supported_ciphers = packet_get_int();
1117
1118 /* Get supported authentication types. */
1119 supported_authentications = packet_get_int();
1120
1121 debug("Received server public key (%d bits) and host key (%d bits).",
1122 BN_num_bits(public_key->n), BN_num_bits(host_key->n));
1123
1124 packet_integrity_check(payload_len,
1125 8 + 4 + sum_len + 0 + 4 + 0 + 0 + 4 + 4 + 4,
1126 SSH_SMSG_PUBLIC_KEY);
1127
1128 /* Compute the session id. */
1129 compute_session_id(session_id, check_bytes,
1130 BN_num_bits(host_key->n), host_key->n,
1131 BN_num_bits(public_key->n), public_key->n);
1132
1133 /* Check if the host key is present in the user\'s list of known hosts
1134 or in the systemwide list. */
1135 host_status = check_host_in_hostfile(options->user_hostfile,
1136 host, BN_num_bits(host_key->n),
1137 host_key->e, host_key->n,
1138 file_key->e, file_key->n);
1139 if (host_status == HOST_NEW)
1140 host_status = check_host_in_hostfile(options->system_hostfile, host,
1141 BN_num_bits(host_key->n),
1142 host_key->e, host_key->n,
1143 file_key->e, file_key->n);
1144 /* Force accepting of the host key for localhost and 127.0.0.1.
1145 The problem is that if the home directory is NFS-mounted to multiple
1146 machines, localhost will refer to a different machine in each of them,
1147 and the user will get bogus HOST_CHANGED warnings. This essentially
1148 disables host authentication for localhost; however, this is probably
1149 not a real problem. */
1150 if (local) {
1151 debug("Forcing accepting of host key for localhost.");
1152 host_status = HOST_OK;
1153 }
1154
1155 /* Also perform check for the ip address, skip the check if we are
1156 localhost or the hostname was an ip address to begin with */
1157 if (options->check_host_ip && !local && strcmp(host, ip)) {
1158 RSA *ip_key = RSA_new();
1159 ip_key->n = BN_new();
1160 ip_key->e = BN_new();
1161 ip_status = check_host_in_hostfile(options->user_hostfile, ip,
1162 BN_num_bits(host_key->n),
1163 host_key->e, host_key->n,
1164 ip_key->e, ip_key->n);
1165
1166 if (ip_status == HOST_NEW)
1167 ip_status = check_host_in_hostfile(options->system_hostfile, ip,
1168 BN_num_bits(host_key->n),
1169 host_key->e, host_key->n,
1170 ip_key->e, ip_key->n);
1171 if (host_status == HOST_CHANGED &&
1172 (ip_status != HOST_CHANGED ||
1173 (BN_cmp(ip_key->e, file_key->e) || BN_cmp(ip_key->n, file_key->n))))
1174 host_ip_differ = 1;
1175
1176 RSA_free(ip_key);
1177 } else
1178 ip_status = host_status;
1179
1180 RSA_free(file_key);
1181
1182 switch (host_status) {
1183 case HOST_OK:
1184 /* The host is known and the key matches. */
1185 debug("Host '%.200s' is known and matches the host key.", host);
1186 if (options->check_host_ip) {
1187 if (ip_status == HOST_NEW) {
1188 if (!add_host_to_hostfile(options->user_hostfile, ip,
1189 BN_num_bits(host_key->n),
1190 host_key->e, host_key->n))
1191 log("Failed to add the host ip to the list of known hosts (%.30s).",
1192 options->user_hostfile);
1193 else
1194 log("Warning: Permanently added host ip '%.30s' to the list of known hosts.", ip);
1195 } else if (ip_status != HOST_OK)
1196 log("Warning: the host key differ from the key of the ip address '%.30s' differs", ip);
1197 }
1198
1199 break;
1200 case HOST_NEW:
1201 {
1202 char hostline[1000], *hostp = hostline;
1203 /* The host is new. */
1204 if (options->strict_host_key_checking == 1) {
1205 /* User has requested strict host key checking. We will not
1206 add the host key automatically. The only alternative left
1207 is to abort. */
1208 fatal("No host key is known for %.200s and you have requested strict checking.", host);
1209 } else if (options->strict_host_key_checking == 2) { /* The default */
1210 char prompt[1024];
1211 snprintf(prompt, sizeof(prompt),
1212 "The authenticity of host '%.200s' can't be established.\n"
1213 "Are you sure you want to continue connecting (yes/no)? ",
1214 host);
1215 if (!read_yes_or_no(prompt, -1))
1216 fatal("Aborted by user!\n");
1217 }
1218
1219 if (options->check_host_ip && ip_status == HOST_NEW && strcmp(host, ip))
1220 snprintf(hostline, sizeof(hostline), "%s,%s", host, ip);
1221 else
1222 hostp = host;
1223
1224 /* If not in strict mode, add the key automatically to the local
1225 known_hosts file. */
1226 if (!add_host_to_hostfile(options->user_hostfile, hostp,
1227 BN_num_bits(host_key->n),
1228 host_key->e, host_key->n))
1229 log("Failed to add the host to the list of known hosts (%.500s).",
1230 options->user_hostfile);
1231 else
1232 log("Warning: Permanently added '%.200s' to the list of known hosts.",
1233 hostp);
1234 break;
1235 }
1236 case HOST_CHANGED:
1237 if (options->check_host_ip) {
1238 if (host_ip_differ) {
1239 error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
1240 error("@ WARNING: POSSIBLE DNS SPOOFING DETECTED! @");
1241 error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
1242 error("The host key for %s has changed,", host);
1243 error("but the key for the according IP address %s has", ip);
1244 error("a different status. This could either mean that DNS");
1245 error("SPOOFING is happening or the IP address for the host");
1246 error("and its host key have changed at the same time");
1247 }
1248 }
1249
1250 /* The host key has changed. */
1251 error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
1252 error("@ WARNING: HOST IDENTIFICATION HAS CHANGED! @");
1253 error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
1254 error("IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!");
1255 error("Someone could be eavesdropping on you right now (man-in-the-middle attack)!");
1256 error("It is also possible that the host key has just been changed.");
1257 error("Please contact your system administrator.");
1258 error("Add correct host key in %.100s to get rid of this message.",
1259 options->user_hostfile);
1260
1261 /* If strict host key checking is in use, the user will have to edit
1262 the key manually and we can only abort. */
1263 if (options->strict_host_key_checking)
1264 fatal("Host key for %.200s has changed and you have requested strict checking.", host);
1265
1266 /* If strict host key checking has not been requested, allow the
1267 connection but without password authentication or
1268 agent forwarding. */
1269 if (options->password_authentication) {
1270 error("Password authentication is disabled to avoid trojan horses.");
1271 options->password_authentication = 0;
1272 }
1273 if (options->forward_agent) {
1274 error("Agent forwarding is disabled to avoid trojan horses.");
1275 options->forward_agent = 0;
1276 }
1277 /* XXX Should permit the user to change to use the new id. This could
1278 be done by converting the host key to an identifying sentence, tell
1279 that the host identifies itself by that sentence, and ask the user
1280 if he/she whishes to accept the authentication. */
1281 break;
1282 }
1283
1284 if (options->check_host_ip)
1285 xfree(ip);
1286
1287 /* Generate a session key. */
1288 arc4random_stir();
1289
1290 /* Generate an encryption key for the session. The key is a 256 bit
1291 random number, interpreted as a 32-byte key, with the least significant
1292 8 bits being the first byte of the key. */
1293 for (i = 0; i < 32; i++) {
1294 if (i % 4 == 0)
1295 rand = arc4random();
1296 session_key[i] = rand & 0xff;
1297 rand >>= 8;
1298 }
1299
1300 /* According to the protocol spec, the first byte of the session key is
1301 the highest byte of the integer. The session key is xored with the
1302 first 16 bytes of the session id. */
1303 key = BN_new();
1304 BN_set_word(key, 0);
1305 for (i = 0; i < SSH_SESSION_KEY_LENGTH; i++)
1306 {
1307 BN_lshift(key, key, 8);
1308 if (i < 16)
1309 BN_add_word(key, session_key[i] ^ session_id[i]);
1310 else
1311 BN_add_word(key, session_key[i]);
1312 }
1313
1314 /* Encrypt the integer using the public key and host key of the server
1315 (key with smaller modulus first). */
1316 if (BN_cmp(public_key->n, host_key->n) < 0)
1317 {
1318 /* Public key has smaller modulus. */
5bae4ab8 1319 if (BN_num_bits(host_key->n) <
1320 BN_num_bits(public_key->n) + SSH_KEY_BITS_RESERVED) {
1321 fatal("respond_to_rsa_challenge: host_key %d < public_key %d + "
1322 "SSH_KEY_BITS_RESERVED %d",
1323 BN_num_bits(host_key->n),
1324 BN_num_bits(public_key->n),
1325 SSH_KEY_BITS_RESERVED);
1326 }
8efc0c15 1327
1328 rsa_public_encrypt(key, key, public_key);
1329 rsa_public_encrypt(key, key, host_key);
1330 }
1331 else
1332 {
1333 /* Host key has smaller modulus (or they are equal). */
5bae4ab8 1334 if (BN_num_bits(public_key->n) <
1335 BN_num_bits(host_key->n) + SSH_KEY_BITS_RESERVED) {
1336 fatal("respond_to_rsa_challenge: public_key %d < host_key %d + "
1337 "SSH_KEY_BITS_RESERVED %d",
1338 BN_num_bits(public_key->n),
1339 BN_num_bits(host_key->n),
1340 SSH_KEY_BITS_RESERVED);
1341 }
8efc0c15 1342
1343 rsa_public_encrypt(key, key, host_key);
1344 rsa_public_encrypt(key, key, public_key);
1345 }
1346
1347 if (options->cipher == SSH_CIPHER_NOT_SET) {
1348 if (cipher_mask() & supported_ciphers & (1 << ssh_cipher_default))
1349 options->cipher = ssh_cipher_default;
1350 else {
1351 debug("Cipher %d not supported, using %.100s instead.",
1352 cipher_name(ssh_cipher_default),
1353 cipher_name(SSH_FALLBACK_CIPHER));
1354 options->cipher = SSH_FALLBACK_CIPHER;
1355 }
1356 }
1357
1358 /* Check that the selected cipher is supported. */
1359 if (!(supported_ciphers & (1 << options->cipher)))
1360 fatal("Selected cipher type %.100s not supported by server.",
1361 cipher_name(options->cipher));
1362
1363 debug("Encryption type: %.100s", cipher_name(options->cipher));
1364
1365 /* Send the encrypted session key to the server. */
1366 packet_start(SSH_CMSG_SESSION_KEY);
1367 packet_put_char(options->cipher);
1368
1369 /* Send the check bytes back to the server. */
1370 for (i = 0; i < 8; i++)
1371 packet_put_char(check_bytes[i]);
1372
1373 /* Send the encrypted encryption key. */
1374 packet_put_bignum(key);
1375
1376 /* Send protocol flags. */
1377 packet_put_int(SSH_PROTOFLAG_SCREEN_NUMBER | SSH_PROTOFLAG_HOST_IN_FWD_OPEN);
1378
1379 /* Send the packet now. */
1380 packet_send();
1381 packet_write_wait();
1382
1383 /* Destroy the session key integer and the public keys since we no longer
1384 need them. */
1385 BN_clear_free(key);
1386 RSA_free(public_key);
1387 RSA_free(host_key);
1388
1389 debug("Sent encrypted session key.");
1390
1391 /* Set the encryption key. */
1392 packet_set_encryption_key(session_key, SSH_SESSION_KEY_LENGTH,
1393 options->cipher, 1);
1394
1395 /* We will no longer need the session key here. Destroy any extra copies. */
1396 memset(session_key, 0, sizeof(session_key));
1397
1398 /* Expect a success message from the server. Note that this message will
1399 be received in encrypted form. */
1400 packet_read_expect(&payload_len, SSH_SMSG_SUCCESS);
1401
1402 debug("Received encrypted confirmation.");
1403
1404 /* Send the name of the user to log in as on the server. */
1405 packet_start(SSH_CMSG_USER);
1406 packet_put_string(server_user, strlen(server_user));
1407 packet_send();
1408 packet_write_wait();
1409
1410 /* The server should respond with success if no authentication is needed
1411 (the user has no password). Otherwise the server responds with
1412 failure. */
1413 type = packet_read(&payload_len);
1414 if (type == SSH_SMSG_SUCCESS)
1415 return; /* Connection was accepted without authentication. */
1416 if (type != SSH_SMSG_FAILURE)
1417 packet_disconnect("Protocol error: got %d in response to SSH_CMSG_USER",
1418 type);
1419
1420#ifdef AFS
1421 /* Try Kerberos tgt passing if the server supports it. */
1422 if ((supported_authentications & (1 << SSH_PASS_KERBEROS_TGT)) &&
1423 options->kerberos_tgt_passing)
1424 {
1425 if (options->cipher == SSH_CIPHER_NONE)
1426 log("WARNING: Encryption is disabled! Ticket will be transmitted in the clear!");
1427 (void)send_kerberos_tgt();
1428 }
1429
1430 /* Try AFS token passing if the server supports it. */
1431 if ((supported_authentications & (1 << SSH_PASS_AFS_TOKEN)) &&
1432 options->afs_token_passing && k_hasafs()) {
1433 if (options->cipher == SSH_CIPHER_NONE)
1434 log("WARNING: Encryption is disabled! Token will be transmitted in the clear!");
1435 send_afs_tokens();
1436 }
1437#endif /* AFS */
1438
1439#ifdef KRB4
1440 if ((supported_authentications & (1 << SSH_AUTH_KERBEROS)) &&
1441 options->kerberos_authentication)
1442 {
1443 debug("Trying Kerberos authentication.");
1444 if (try_kerberos_authentication()) {
1445 /* The server should respond with success or failure. */
1446 type = packet_read(&payload_len);
1447 if (type == SSH_SMSG_SUCCESS)
1448 return; /* Successful connection. */
1449 if (type != SSH_SMSG_FAILURE)
1450 packet_disconnect("Protocol error: got %d in response to Kerberos auth", type);
1451 }
1452 }
1453#endif /* KRB4 */
1454
1455 /* Use rhosts authentication if running in privileged socket and we do not
1456 wish to remain anonymous. */
1457 if ((supported_authentications & (1 << SSH_AUTH_RHOSTS)) &&
1458 options->rhosts_authentication)
1459 {
1460 debug("Trying rhosts authentication.");
1461 packet_start(SSH_CMSG_AUTH_RHOSTS);
1462 packet_put_string(local_user, strlen(local_user));
1463 packet_send();
1464 packet_write_wait();
1465
1466 /* The server should respond with success or failure. */
1467 type = packet_read(&payload_len);
1468 if (type == SSH_SMSG_SUCCESS)
1469 return; /* Successful connection. */
1470 if (type != SSH_SMSG_FAILURE)
1471 packet_disconnect("Protocol error: got %d in response to rhosts auth",
1472 type);
1473 }
1474
1475 /* Try .rhosts or /etc/hosts.equiv authentication with RSA host
1476 authentication. */
1477 if ((supported_authentications & (1 << SSH_AUTH_RHOSTS_RSA)) &&
1478 options->rhosts_rsa_authentication && host_key_valid)
1479 {
1480 if (try_rhosts_rsa_authentication(local_user, own_host_key))
1481 return; /* Successful authentication. */
1482 }
1483
1484 /* Try RSA authentication if the server supports it. */
1485 if ((supported_authentications & (1 << SSH_AUTH_RSA)) &&
1486 options->rsa_authentication)
1487 {
1488 /* Try RSA authentication using the authentication agent. The agent
1489 is tried first because no passphrase is needed for it, whereas
1490 identity files may require passphrases. */
1491 if (try_agent_authentication())
1492 return; /* Successful connection. */
1493
1494 /* Try RSA authentication for each identity. */
1495 for (i = 0; i < options->num_identity_files; i++)
1496 if (try_rsa_authentication(pw, options->identity_files[i],
1497 !options->batch_mode))
1498 return; /* Successful connection. */
1499 }
1500
1501 /* Try password authentication if the server supports it. */
1502 if ((supported_authentications & (1 << SSH_AUTH_PASSWORD)) &&
1503 options->password_authentication && !options->batch_mode)
1504 {
1505 char prompt[80];
1506 snprintf(prompt, sizeof(prompt), "%.30s@%.30s's password: ",
1507 server_user, host);
1508 debug("Doing password authentication.");
1509 if (options->cipher == SSH_CIPHER_NONE)
1510 log("WARNING: Encryption is disabled! Password will be transmitted in clear text.");
1511 for (i = 0; i < options->number_of_password_prompts; i++) {
1512 if (i != 0)
1513 error("Permission denied, please try again.");
1514 password = read_passphrase(prompt, 0);
1515 packet_start(SSH_CMSG_AUTH_PASSWORD);
1516 packet_put_string(password, strlen(password));
1517 memset(password, 0, strlen(password));
1518 xfree(password);
1519 packet_send();
1520 packet_write_wait();
1521
1522 type = packet_read(&payload_len);
1523 if (type == SSH_SMSG_SUCCESS)
1524 return; /* Successful connection. */
1525 if (type != SSH_SMSG_FAILURE)
1526 packet_disconnect("Protocol error: got %d in response to passwd auth", type);
1527 }
1528 }
1529
1530 /* All authentication methods have failed. Exit with an error message. */
1531 fatal("Permission denied.");
1532 /*NOTREACHED*/
1533}
git-cvsimport mirror of OpenSSH
This page took 0.231506 seconds and 5 git commands to generate.