]> andersk Git - openssh.git/blame - sshconnect2.c
andersk / openssh.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
- djm@cvs.openbsd.org 2008/11/04 07:58:09
[openssh.git] / sshconnect2.c
CommitLineData
e64399cc 1/* $OpenBSD: sshconnect2.c,v 1.169 2008/11/01 04:50:08 djm Exp $ */
a306f2dd 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
a306f2dd 13 *
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
18 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 */
25
26#include "includes.h"
c3ff311a 27
aa2eae64 28#include <sys/types.h>
31652869 29#include <sys/socket.h>
aa2eae64 30#include <sys/wait.h>
4095f623 31#include <sys/stat.h>
a306f2dd 32
028094f4 33#include <errno.h>
b2349766 34#include <netdb.h>
31652869 35#include <pwd.h>
36#include <signal.h>
24436b92 37#include <stdarg.h>
cf851879 38#include <stdio.h>
00146caa 39#include <string.h>
67514848 40#include <unistd.h>
3a69fb58 41#if defined(HAVE_STRNVIS) && defined(HAVE_VIS_H)
e5df5ff2 42#include <vis.h>
3a69fb58 43#endif
028094f4 44
751092f9 45#include "openbsd-compat/sys-queue.h"
46
31652869 47#include "xmalloc.h"
a306f2dd 48#include "ssh.h"
42f11eb2 49#include "ssh2.h"
a306f2dd 50#include "buffer.h"
51#include "packet.h"
a306f2dd 52#include "compat.h"
42f11eb2 53#include "cipher.h"
31652869 54#include "key.h"
a306f2dd 55#include "kex.h"
56#include "myproposal.h"
a306f2dd 57#include "sshconnect.h"
58#include "authfile.h"
db1cd2f3 59#include "dh.h"
2e73a022 60#include "authfd.h"
42f11eb2 61#include "log.h"
62#include "readconf.h"
58ae9cb8 63#include "misc.h"
cab80f75 64#include "match.h"
a5c9ffdb 65#include "dispatch.h"
8002af61 66#include "canohost.h"
39c00dc2 67#include "msg.h"
68#include "pathnames.h"
82aeee5d 69#include "uidswap.h"
94ec8c6b 70
7364bd04 71#ifdef GSSAPI
72#include "ssh-gss.h"
73#endif
74
a306f2dd 75/* import */
76extern char *client_version_string;
77extern char *server_version_string;
78extern Options options;
79
80/*
81 * SSH2 key exchange
82 */
83
1e3b8b07 84u_char *session_id2 = NULL;
a27002e5 85u_int session_id2_len = 0;
a306f2dd 86
a5c9ffdb 87char *xxx_host;
88struct sockaddr *xxx_hostaddr;
89
e092ce67 90Kex *xxx_kex = NULL;
91
396c147e 92static int
f49bc4f7 93verify_host_key_callback(Key *hostkey)
a5c9ffdb 94{
f49bc4f7 95 if (verify_host_key(xxx_host, xxx_hostaddr, hostkey) == -1)
01e9ef57 96 fatal("Host key verification failed.");
a5c9ffdb 97 return 0;
98}
99
a306f2dd 100void
94ec8c6b 101ssh_kex2(char *host, struct sockaddr *hostaddr)
102{
94ec8c6b 103 Kex *kex;
a5c9ffdb 104
105 xxx_host = host;
106 xxx_hostaddr = hostaddr;
94ec8c6b 107
c523303b 108 if (options.ciphers == (char *)-1) {
bbe88b6d 109 logit("No valid ciphers for protocol version 2 given, using defaults.");
c523303b 110 options.ciphers = NULL;
94ec8c6b 111 }
112 if (options.ciphers != NULL) {
113 myproposal[PROPOSAL_ENC_ALGS_CTOS] =
114 myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers;
115 }
1ad64a93 116 myproposal[PROPOSAL_ENC_ALGS_CTOS] =
117 compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_CTOS]);
118 myproposal[PROPOSAL_ENC_ALGS_STOC] =
119 compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_STOC]);
94ec8c6b 120 if (options.compression) {
b2552997 121 myproposal[PROPOSAL_COMP_ALGS_CTOS] =
07200973 122 myproposal[PROPOSAL_COMP_ALGS_STOC] = "zlib@openssh.com,zlib,none";
94ec8c6b 123 } else {
b2552997 124 myproposal[PROPOSAL_COMP_ALGS_CTOS] =
07200973 125 myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib@openssh.com,zlib";
94ec8c6b 126 }
b2552997 127 if (options.macs != NULL) {
128 myproposal[PROPOSAL_MAC_ALGS_CTOS] =
129 myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
130 }
e961a8f9 131 if (options.hostkeyalgorithms != NULL)
184eed6a 132 myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
e961a8f9 133 options.hostkeyalgorithms;
94ec8c6b 134
ffd7b36b 135 if (options.rekey_limit)
fe771396 136 packet_set_rekey_limit((u_int32_t)options.rekey_limit);
ffd7b36b 137
7a37c112 138 /* start key exchange */
d8ee838b 139 kex = kex_setup(myproposal);
98a58eda 140 kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client;
41e5bd9a 141 kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client;
98a58eda 142 kex->kex[KEX_DH_GEX_SHA1] = kexgex_client;
2ff8003a 143 kex->kex[KEX_DH_GEX_SHA256] = kexgex_client;
a5c9ffdb 144 kex->client_version_string=client_version_string;
145 kex->server_version_string=server_version_string;
f49bc4f7 146 kex->verify_host_key=&verify_host_key_callback;
94ec8c6b 147
e092ce67 148 xxx_kex = kex;
149
c422989b 150 dispatch_run(DISPATCH_BLOCK, &kex->done, kex);
94ec8c6b 151
d1ac6175 152 session_id2 = kex->session_id;
153 session_id2_len = kex->session_id_len;
154
94ec8c6b 155#ifdef DEBUG_KEXDH
156 /* send 1st encrypted/maced/compressed message */
157 packet_start(SSH2_MSG_IGNORE);
158 packet_put_cstring("markus");
159 packet_send();
160 packet_write_wait();
161#endif
a306f2dd 162}
71276795 163
a306f2dd 164/*
165 * Authenticate user
166 */
188adeb2 167
168typedef struct Authctxt Authctxt;
169typedef struct Authmethod Authmethod;
43348518 170typedef struct identity Identity;
171typedef struct idlist Idlist;
172
173struct identity {
174 TAILQ_ENTRY(identity) next;
175 AuthenticationConnection *ac; /* set if agent supports key */
176 Key *key; /* public/private key */
177 char *filename; /* comment for agent-only keys */
178 int tried;
179 int isprivate; /* key points to the private key */
180};
181TAILQ_HEAD(idlist, identity);
188adeb2 182
183struct Authctxt {
184 const char *server_user;
8002af61 185 const char *local_user;
188adeb2 186 const char *host;
187 const char *service;
188adeb2 188 Authmethod *method;
94ec8c6b 189 int success;
fee56204 190 char *authlist;
8002af61 191 /* pubkey */
43348518 192 Idlist keys;
8002af61 193 AuthenticationConnection *agent;
194 /* hostbased */
39c00dc2 195 Sensitive *sensitive;
6b759005 196 /* kbd-interactive */
197 int info_req_seen;
7364bd04 198 /* generic */
199 void *methoddata;
188adeb2 200};
201struct Authmethod {
202 char *name; /* string to compare against server's list */
203 int (*userauth)(Authctxt *authctxt);
204 int *enabled; /* flag in option struct that enables method */
205 int *batch_flag; /* flag in option struct that disables method */
206};
207
7819b5c3 208void input_userauth_success(int, u_int32_t, void *);
209void input_userauth_failure(int, u_int32_t, void *);
210void input_userauth_banner(int, u_int32_t, void *);
211void input_userauth_error(int, u_int32_t, void *);
212void input_userauth_info_req(int, u_int32_t, void *);
213void input_userauth_pk_ok(int, u_int32_t, void *);
67ec167d 214void input_userauth_passwd_changereq(int, u_int32_t, void *);
94ec8c6b 215
d5bb9418 216int userauth_none(Authctxt *);
217int userauth_pubkey(Authctxt *);
218int userauth_passwd(Authctxt *);
219int userauth_kbdint(Authctxt *);
220int userauth_hostbased(Authctxt *);
188adeb2 221
7364bd04 222#ifdef GSSAPI
223int userauth_gssapi(Authctxt *authctxt);
224void input_gssapi_response(int type, u_int32_t, void *);
225void input_gssapi_token(int type, u_int32_t, void *);
226void input_gssapi_hash(int type, u_int32_t, void *);
227void input_gssapi_error(int, u_int32_t, void *);
228void input_gssapi_errtok(int, u_int32_t, void *);
229#endif
230
d5bb9418 231void userauth(Authctxt *, char *);
fee56204 232
43348518 233static int sign_and_send_pubkey(Authctxt *, Identity *);
43348518 234static void pubkey_prepare(Authctxt *);
235static void pubkey_cleanup(Authctxt *);
236static Key *load_identity_file(char *);
fee56204 237
396c147e 238static Authmethod *authmethod_get(char *authlist);
239static Authmethod *authmethod_lookup(const char *name);
240static char *authmethods_get(void);
188adeb2 241
242Authmethod authmethods[] = {
7364bd04 243#ifdef GSSAPI
0789992b 244 {"gssapi-with-mic",
7364bd04 245 userauth_gssapi,
246 &options.gss_authentication,
247 NULL},
248#endif
3398dda9 249 {"hostbased",
250 userauth_hostbased,
251 &options.hostbased_authentication,
252 NULL},
9f37c0af 253 {"publickey",
254 userauth_pubkey,
255 &options.pubkey_authentication,
256 NULL},
94ec8c6b 257 {"keyboard-interactive",
258 userauth_kbdint,
259 &options.kbd_interactive_authentication,
260 &options.batch_mode},
9f37c0af 261 {"password",
262 userauth_passwd,
263 &options.password_authentication,
264 &options.batch_mode},
94ec8c6b 265 {"none",
266 userauth_none,
267 NULL,
268 NULL},
188adeb2 269 {NULL, NULL, NULL, NULL}
270};
271
272void
8002af61 273ssh_userauth2(const char *local_user, const char *server_user, char *host,
39c00dc2 274 Sensitive *sensitive)
188adeb2 275{
276 Authctxt authctxt;
277 int type;
188adeb2 278
5ba55ada 279 if (options.challenge_response_authentication)
d464095c 280 options.kbd_interactive_authentication = 1;
281
188adeb2 282 packet_start(SSH2_MSG_SERVICE_REQUEST);
283 packet_put_cstring("ssh-userauth");
284 packet_send();
a77673cc 285 debug("SSH2_MSG_SERVICE_REQUEST sent");
188adeb2 286 packet_write_wait();
54a5250f 287 type = packet_read();
a77673cc 288 if (type != SSH2_MSG_SERVICE_ACCEPT)
289 fatal("Server denied authentication request: %d", type);
188adeb2 290 if (packet_remaining() > 0) {
54a5250f 291 char *reply = packet_get_string(NULL);
a77673cc 292 debug2("service_accept: %s", reply);
188adeb2 293 xfree(reply);
188adeb2 294 } else {
6226a8f8 295 debug2("buggy server: service_accept w/o service");
188adeb2 296 }
95500969 297 packet_check_eom();
a77673cc 298 debug("SSH2_MSG_SERVICE_ACCEPT received");
188adeb2 299
cab80f75 300 if (options.preferred_authentications == NULL)
301 options.preferred_authentications = authmethods_get();
302
188adeb2 303 /* setup authentication context */
6b759005 304 memset(&authctxt, 0, sizeof(authctxt));
43348518 305 pubkey_prepare(&authctxt);
188adeb2 306 authctxt.server_user = server_user;
8002af61 307 authctxt.local_user = local_user;
188adeb2 308 authctxt.host = host;
309 authctxt.service = "ssh-connection"; /* service name */
310 authctxt.success = 0;
94ec8c6b 311 authctxt.method = authmethod_lookup("none");
fee56204 312 authctxt.authlist = NULL;
7364bd04 313 authctxt.methoddata = NULL;
39c00dc2 314 authctxt.sensitive = sensitive;
6b759005 315 authctxt.info_req_seen = 0;
94ec8c6b 316 if (authctxt.method == NULL)
317 fatal("ssh_userauth2: internal error: cannot send userauth none request");
188adeb2 318
319 /* initial userauth request */
94ec8c6b 320 userauth_none(&authctxt);
188adeb2 321
7a37c112 322 dispatch_init(&input_userauth_error);
188adeb2 323 dispatch_set(SSH2_MSG_USERAUTH_SUCCESS, &input_userauth_success);
324 dispatch_set(SSH2_MSG_USERAUTH_FAILURE, &input_userauth_failure);
9616313f 325 dispatch_set(SSH2_MSG_USERAUTH_BANNER, &input_userauth_banner);
188adeb2 326 dispatch_run(DISPATCH_BLOCK, &authctxt.success, &authctxt); /* loop until success */
327
43348518 328 pubkey_cleanup(&authctxt);
b8c2031b 329 dispatch_range(SSH2_MSG_USERAUTH_MIN, SSH2_MSG_USERAUTH_MAX, NULL);
330
6226a8f8 331 debug("Authentication succeeded (%s).", authctxt.method->name);
188adeb2 332}
b8c2031b 333
188adeb2 334void
fee56204 335userauth(Authctxt *authctxt, char *authlist)
336{
7364bd04 337 if (authctxt->methoddata) {
338 xfree(authctxt->methoddata);
339 authctxt->methoddata = NULL;
340 }
fee56204 341 if (authlist == NULL) {
342 authlist = authctxt->authlist;
343 } else {
344 if (authctxt->authlist)
345 xfree(authctxt->authlist);
346 authctxt->authlist = authlist;
347 }
348 for (;;) {
349 Authmethod *method = authmethod_get(authlist);
350 if (method == NULL)
351 fatal("Permission denied (%s).", authlist);
352 authctxt->method = method;
b8c2031b 353
354 /* reset the per method handler */
355 dispatch_range(SSH2_MSG_USERAUTH_PER_METHOD_MIN,
356 SSH2_MSG_USERAUTH_PER_METHOD_MAX, NULL);
357
358 /* and try new method */
fee56204 359 if (method->userauth(authctxt) != 0) {
360 debug2("we sent a %s packet, wait for reply", method->name);
361 break;
362 } else {
363 debug2("we did not send a packet, disable method");
364 method->enabled = NULL;
365 }
366 }
367}
d6133f43 368
e64399cc 369/* ARGSUSED */
fee56204 370void
7819b5c3 371input_userauth_error(int type, u_int32_t seq, void *ctxt)
188adeb2 372{
9616313f 373 fatal("input_userauth_error: bad message during authentication: "
4e2e5cfd 374 "type %d", type);
9616313f 375}
d6133f43 376
e64399cc 377/* ARGSUSED */
9616313f 378void
7819b5c3 379input_userauth_banner(int type, u_int32_t seq, void *ctxt)
9616313f 380{
e5df5ff2 381 char *msg, *raw, *lang;
382 u_int len;
c8f0cf13 383
9616313f 384 debug3("input_userauth_banner");
e5df5ff2 385 raw = packet_get_string(&len);
9616313f 386 lang = packet_get_string(NULL);
341cb46b 387 if (len > 0 && options.log_level >= SYSLOG_LEVEL_INFO) {
e5df5ff2 388 if (len > 65536)
389 len = 65536;
90d5350e 390 msg = xmalloc(len * 4 + 1); /* max expansion from strnvis() */
391 strnvis(msg, raw, len * 4 + 1, VIS_SAFE|VIS_OCTAL);
19e633e7 392 fprintf(stderr, "%s", msg);
e5df5ff2 393 xfree(msg);
394 }
395 xfree(raw);
9616313f 396 xfree(lang);
188adeb2 397}
d6133f43 398
e64399cc 399/* ARGSUSED */
188adeb2 400void
7819b5c3 401input_userauth_success(int type, u_int32_t seq, void *ctxt)
188adeb2 402{
403 Authctxt *authctxt = ctxt;
404 if (authctxt == NULL)
405 fatal("input_userauth_success: no authentication context");
c8f0cf13 406 if (authctxt->authlist) {
fee56204 407 xfree(authctxt->authlist);
c8f0cf13 408 authctxt->authlist = NULL;
409 }
410 if (authctxt->methoddata) {
7364bd04 411 xfree(authctxt->methoddata);
c8f0cf13 412 authctxt->methoddata = NULL;
413 }
188adeb2 414 authctxt->success = 1; /* break out */
415}
d6133f43 416
e64399cc 417/* ARGSUSED */
188adeb2 418void
7819b5c3 419input_userauth_failure(int type, u_int32_t seq, void *ctxt)
188adeb2 420{
188adeb2 421 Authctxt *authctxt = ctxt;
422 char *authlist = NULL;
423 int partial;
188adeb2 424
425 if (authctxt == NULL)
426 fatal("input_userauth_failure: no authentication context");
427
94ec8c6b 428 authlist = packet_get_string(NULL);
188adeb2 429 partial = packet_get_char();
95500969 430 packet_check_eom();
188adeb2 431
432 if (partial != 0)
bbe88b6d 433 logit("Authenticated with partial success.");
6226a8f8 434 debug("Authentications that can continue: %s", authlist);
188adeb2 435
fee56204 436 userauth(authctxt, authlist);
437}
e64399cc 438
439/* ARGSUSED */
fee56204 440void
7819b5c3 441input_userauth_pk_ok(int type, u_int32_t seq, void *ctxt)
fee56204 442{
443 Authctxt *authctxt = ctxt;
444 Key *key = NULL;
43348518 445 Identity *id = NULL;
fee56204 446 Buffer b;
c66f9d0e 447 int pktype, sent = 0;
448 u_int alen, blen;
449 char *pkalg, *fp;
450 u_char *pkblob;
fee56204 451
452 if (authctxt == NULL)
453 fatal("input_userauth_pk_ok: no authentication context");
454 if (datafellows & SSH_BUG_PKOK) {
455 /* this is similar to SSH_BUG_PKAUTH */
456 debug2("input_userauth_pk_ok: SSH_BUG_PKOK");
457 pkblob = packet_get_string(&blen);
458 buffer_init(&b);
459 buffer_append(&b, pkblob, blen);
460 pkalg = buffer_get_string(&b, &alen);
461 buffer_free(&b);
462 } else {
463 pkalg = packet_get_string(&alen);
464 pkblob = packet_get_string(&blen);
465 }
95500969 466 packet_check_eom();
fee56204 467
43348518 468 debug("Server accepts key: pkalg %s blen %u", pkalg, blen);
fee56204 469
43348518 470 if ((pktype = key_type_from_name(pkalg)) == KEY_UNSPEC) {
471 debug("unknown pkalg %s", pkalg);
472 goto done;
473 }
474 if ((key = key_from_blob(pkblob, blen)) == NULL) {
475 debug("no key from blob. pkalg %s", pkalg);
476 goto done;
477 }
478 if (key->type != pktype) {
479 error("input_userauth_pk_ok: type mismatch "
480 "for decoded key (received %d, expected %d)",
481 key->type, pktype);
482 goto done;
483 }
484 fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
485 debug2("input_userauth_pk_ok: fp %s", fp);
486 xfree(fp);
487
b56e99e2 488 /*
489 * search keys in the reverse order, because last candidate has been
490 * moved to the end of the queue. this also avoids confusion by
491 * duplicate keys
492 */
484b2208 493 TAILQ_FOREACH_REVERSE(id, &authctxt->keys, idlist, next) {
43348518 494 if (key_equal(key, id->key)) {
495 sent = sign_and_send_pubkey(authctxt, id);
fee56204 496 break;
497 }
43348518 498 }
499done:
fee56204 500 if (key != NULL)
501 key_free(key);
502 xfree(pkalg);
503 xfree(pkblob);
504
343288b8 505 /* try another method if we did not send a packet */
fee56204 506 if (sent == 0)
507 userauth(authctxt, NULL);
188adeb2 508}
509
7364bd04 510#ifdef GSSAPI
aff51935 511int
7364bd04 512userauth_gssapi(Authctxt *authctxt)
513{
514 Gssctxt *gssctxt = NULL;
b0b30ca6 515 static gss_OID_set gss_supported = NULL;
2ceb8101 516 static u_int mech = 0;
7364bd04 517 OM_uint32 min;
518 int ok = 0;
519
520 /* Try one GSSAPI method at a time, rather than sending them all at
521 * once. */
522
b0b30ca6 523 if (gss_supported == NULL)
524 gss_indicate_mechs(&min, &gss_supported);
7364bd04 525
526 /* Check to see if the mechanism is usable before we offer it */
b0b30ca6 527 while (mech < gss_supported->count && !ok) {
7364bd04 528 /* My DER encoding requires length<128 */
b0b30ca6 529 if (gss_supported->elements[mech].length < 128 &&
592de384 530 ssh_gssapi_check_mechanism(&gssctxt,
531 &gss_supported->elements[mech], authctxt->host)) {
7364bd04 532 ok = 1; /* Mechanism works */
533 } else {
534 mech++;
535 }
536 }
537
592de384 538 if (!ok)
2ceb8101 539 return 0;
7364bd04 540
541 authctxt->methoddata=(void *)gssctxt;
542
543 packet_start(SSH2_MSG_USERAUTH_REQUEST);
544 packet_put_cstring(authctxt->server_user);
545 packet_put_cstring(authctxt->service);
546 packet_put_cstring(authctxt->method->name);
547
548 packet_put_int(1);
549
d8d9afd0 550 packet_put_int((gss_supported->elements[mech].length) + 2);
551 packet_put_char(SSH_GSS_OIDTYPE);
552 packet_put_char(gss_supported->elements[mech].length);
553 packet_put_raw(gss_supported->elements[mech].elements,
554 gss_supported->elements[mech].length);
7364bd04 555
556 packet_send();
557
558 dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_RESPONSE, &input_gssapi_response);
559 dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, &input_gssapi_token);
560 dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERROR, &input_gssapi_error);
561 dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, &input_gssapi_errtok);
562
563 mech++; /* Move along to next candidate */
564
565 return 1;
566}
567
b930668c 568static OM_uint32
569process_gssapi_token(void *ctxt, gss_buffer_t recv_tok)
570{
571 Authctxt *authctxt = ctxt;
572 Gssctxt *gssctxt = authctxt->methoddata;
573 gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
fe206de9 574 gss_buffer_desc mic = GSS_C_EMPTY_BUFFER;
575 gss_buffer_desc gssbuf;
0789992b 576 OM_uint32 status, ms, flags;
577 Buffer b;
b6453d99 578
b930668c 579 status = ssh_gssapi_init_ctx(gssctxt, options.gss_deleg_creds,
0789992b 580 recv_tok, &send_tok, &flags);
b930668c 581
582 if (send_tok.length > 0) {
583 if (GSS_ERROR(status))
584 packet_start(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK);
585 else
586 packet_start(SSH2_MSG_USERAUTH_GSSAPI_TOKEN);
b6453d99 587
b930668c 588 packet_put_string(send_tok.value, send_tok.length);
589 packet_send();
590 gss_release_buffer(&ms, &send_tok);
591 }
b6453d99 592
b930668c 593 if (status == GSS_S_COMPLETE) {
0789992b 594 /* send either complete or MIC, depending on mechanism */
595 if (!(flags & GSS_C_INTEG_FLAG)) {
596 packet_start(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE);
597 packet_send();
598 } else {
599 ssh_gssapi_buildmic(&b, authctxt->server_user,
600 authctxt->service, "gssapi-with-mic");
601
602 gssbuf.value = buffer_ptr(&b);
603 gssbuf.length = buffer_len(&b);
b6453d99 604
0789992b 605 status = ssh_gssapi_sign(gssctxt, &gssbuf, &mic);
b6453d99 606
0789992b 607 if (!GSS_ERROR(status)) {
608 packet_start(SSH2_MSG_USERAUTH_GSSAPI_MIC);
609 packet_put_string(mic.value, mic.length);
b6453d99 610
0789992b 611 packet_send();
612 }
b6453d99 613
0789992b 614 buffer_free(&b);
615 gss_release_buffer(&ms, &mic);
b6453d99 616 }
b930668c 617 }
b6453d99 618
b930668c 619 return status;
620}
621
e64399cc 622/* ARGSUSED */
7364bd04 623void
624input_gssapi_response(int type, u_int32_t plen, void *ctxt)
625{
626 Authctxt *authctxt = ctxt;
627 Gssctxt *gssctxt;
7364bd04 628 int oidlen;
629 char *oidv;
7364bd04 630
631 if (authctxt == NULL)
632 fatal("input_gssapi_response: no authentication context");
633 gssctxt = authctxt->methoddata;
634
635 /* Setup our OID */
636 oidv = packet_get_string(&oidlen);
637
d8d9afd0 638 if (oidlen <= 2 ||
639 oidv[0] != SSH_GSS_OIDTYPE ||
640 oidv[1] != oidlen - 2) {
b930668c 641 xfree(oidv);
d8d9afd0 642 debug("Badly encoded mechanism OID received");
643 userauth(authctxt, NULL);
d8d9afd0 644 return;
7364bd04 645 }
646
d8d9afd0 647 if (!ssh_gssapi_check_oid(gssctxt, oidv + 2, oidlen - 2))
648 fatal("Server returned different OID than expected");
649
7364bd04 650 packet_check_eom();
651
652 xfree(oidv);
653
b930668c 654 if (GSS_ERROR(process_gssapi_token(ctxt, GSS_C_NO_BUFFER))) {
7364bd04 655 /* Start again with next method on list */
656 debug("Trying to start again");
657 userauth(authctxt, NULL);
658 return;
659 }
7364bd04 660}
661
e64399cc 662/* ARGSUSED */
7364bd04 663void
664input_gssapi_token(int type, u_int32_t plen, void *ctxt)
665{
666 Authctxt *authctxt = ctxt;
7364bd04 667 gss_buffer_desc recv_tok;
b930668c 668 OM_uint32 status;
7364bd04 669 u_int slen;
670
671 if (authctxt == NULL)
672 fatal("input_gssapi_response: no authentication context");
7364bd04 673
674 recv_tok.value = packet_get_string(&slen);
675 recv_tok.length = slen; /* safe typecast */
676
677 packet_check_eom();
678
b930668c 679 status = process_gssapi_token(ctxt, &recv_tok);
7364bd04 680
681 xfree(recv_tok.value);
682
683 if (GSS_ERROR(status)) {
7364bd04 684 /* Start again with the next method in the list */
685 userauth(authctxt, NULL);
686 return;
687 }
7364bd04 688}
689
e64399cc 690/* ARGSUSED */
7364bd04 691void
692input_gssapi_errtok(int type, u_int32_t plen, void *ctxt)
693{
694 Authctxt *authctxt = ctxt;
695 Gssctxt *gssctxt;
696 gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
697 gss_buffer_desc recv_tok;
698 OM_uint32 status, ms;
f99e1ca4 699 u_int len;
7364bd04 700
701 if (authctxt == NULL)
702 fatal("input_gssapi_response: no authentication context");
703 gssctxt = authctxt->methoddata;
704
f99e1ca4 705 recv_tok.value = packet_get_string(&len);
706 recv_tok.length = len;
7364bd04 707
708 packet_check_eom();
709
710 /* Stick it into GSSAPI and see what it says */
711 status = ssh_gssapi_init_ctx(gssctxt, options.gss_deleg_creds,
4e2e5cfd 712 &recv_tok, &send_tok, NULL);
7364bd04 713
714 xfree(recv_tok.value);
715 gss_release_buffer(&ms, &send_tok);
716
717 /* Server will be returning a failed packet after this one */
718}
719
e64399cc 720/* ARGSUSED */
7364bd04 721void
722input_gssapi_error(int type, u_int32_t plen, void *ctxt)
723{
724 OM_uint32 maj, min;
725 char *msg;
726 char *lang;
727
728 maj=packet_get_int();
729 min=packet_get_int();
730 msg=packet_get_string(NULL);
731 lang=packet_get_string(NULL);
732
733 packet_check_eom();
734
17318dd6 735 debug("Server GSSAPI Error:\n%s", msg);
7364bd04 736 xfree(msg);
737 xfree(lang);
738}
739#endif /* GSSAPI */
740
94ec8c6b 741int
742userauth_none(Authctxt *authctxt)
743{
744 /* initial userauth request */
745 packet_start(SSH2_MSG_USERAUTH_REQUEST);
746 packet_put_cstring(authctxt->server_user);
747 packet_put_cstring(authctxt->service);
748 packet_put_cstring(authctxt->method->name);
749 packet_send();
94ec8c6b 750 return 1;
751}
752
a306f2dd 753int
188adeb2 754userauth_passwd(Authctxt *authctxt)
a306f2dd 755{
1d1ffb87 756 static int attempt = 0;
67ec167d 757 char prompt[150];
a306f2dd 758 char *password;
759
fa649821 760 if (attempt++ >= options.number_of_password_prompts)
1d1ffb87 761 return 0;
762
6aacefa7 763 if (attempt != 1)
fa649821 764 error("Permission denied, please try again.");
765
f72e01a5 766 snprintf(prompt, sizeof(prompt), "%.30s@%.128s's password: ",
188adeb2 767 authctxt->server_user, authctxt->host);
a306f2dd 768 password = read_passphrase(prompt, 0);
769 packet_start(SSH2_MSG_USERAUTH_REQUEST);
188adeb2 770 packet_put_cstring(authctxt->server_user);
771 packet_put_cstring(authctxt->service);
94ec8c6b 772 packet_put_cstring(authctxt->method->name);
a306f2dd 773 packet_put_char(0);
a6215e53 774 packet_put_cstring(password);
a306f2dd 775 memset(password, 0, strlen(password));
776 xfree(password);
b4b701be 777 packet_add_padding(64);
a306f2dd 778 packet_send();
67ec167d 779
7203d6bb 780 dispatch_set(SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ,
67ec167d 781 &input_userauth_passwd_changereq);
782
a306f2dd 783 return 1;
784}
e64399cc 785
67ec167d 786/*
787 * parse PASSWD_CHANGEREQ, prompt user and send SSH2_MSG_USERAUTH_REQUEST
788 */
e64399cc 789/* ARGSUSED */
67ec167d 790void
ef077e37 791input_userauth_passwd_changereq(int type, u_int32_t seqnr, void *ctxt)
67ec167d 792{
793 Authctxt *authctxt = ctxt;
794 char *info, *lang, *password = NULL, *retype = NULL;
795 char prompt[150];
796
797 debug2("input_userauth_passwd_changereq");
798
799 if (authctxt == NULL)
800 fatal("input_userauth_passwd_changereq: "
801 "no authentication context");
802
803 info = packet_get_string(NULL);
804 lang = packet_get_string(NULL);
805 if (strlen(info) > 0)
bbe88b6d 806 logit("%s", info);
67ec167d 807 xfree(info);
808 xfree(lang);
809 packet_start(SSH2_MSG_USERAUTH_REQUEST);
810 packet_put_cstring(authctxt->server_user);
811 packet_put_cstring(authctxt->service);
812 packet_put_cstring(authctxt->method->name);
813 packet_put_char(1); /* additional info */
7203d6bb 814 snprintf(prompt, sizeof(prompt),
67ec167d 815 "Enter %.30s@%.128s's old password: ",
816 authctxt->server_user, authctxt->host);
817 password = read_passphrase(prompt, 0);
818 packet_put_cstring(password);
819 memset(password, 0, strlen(password));
820 xfree(password);
821 password = NULL;
822 while (password == NULL) {
7203d6bb 823 snprintf(prompt, sizeof(prompt),
67ec167d 824 "Enter %.30s@%.128s's new password: ",
825 authctxt->server_user, authctxt->host);
826 password = read_passphrase(prompt, RP_ALLOW_EOF);
827 if (password == NULL) {
828 /* bail out */
829 return;
830 }
7203d6bb 831 snprintf(prompt, sizeof(prompt),
67ec167d 832 "Retype %.30s@%.128s's new password: ",
833 authctxt->server_user, authctxt->host);
834 retype = read_passphrase(prompt, 0);
835 if (strcmp(password, retype) != 0) {
836 memset(password, 0, strlen(password));
837 xfree(password);
bbe88b6d 838 logit("Mismatch; try again, EOF to quit.");
67ec167d 839 password = NULL;
840 }
841 memset(retype, 0, strlen(retype));
842 xfree(retype);
843 }
844 packet_put_cstring(password);
845 memset(password, 0, strlen(password));
846 xfree(password);
847 packet_add_padding(64);
848 packet_send();
7203d6bb 849
850 dispatch_set(SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ,
67ec167d 851 &input_userauth_passwd_changereq);
852}
a306f2dd 853
43348518 854static int
855identity_sign(Identity *id, u_char **sigp, u_int *lenp,
856 u_char *data, u_int datalen)
857{
858 Key *prv;
859 int ret;
860
861 /* the agent supports this key */
862 if (id->ac)
863 return (ssh_agent_sign(id->ac, id->key, sigp, lenp,
864 data, datalen));
865 /*
866 * we have already loaded the private key or
867 * the private key is stored in external hardware
868 */
869 if (id->isprivate || (id->key->flags & KEY_FLAG_EXT))
870 return (key_sign(id->key, sigp, lenp, data, datalen));
871 /* load the private key from the file */
872 if ((prv = load_identity_file(id->filename)) == NULL)
873 return (-1);
874 ret = key_sign(prv, sigp, lenp, data, datalen);
875 key_free(prv);
876 return (ret);
fee56204 877}
878
396c147e 879static int
43348518 880sign_and_send_pubkey(Authctxt *authctxt, Identity *id)
a306f2dd 881{
882 Buffer b;
1e3b8b07 883 u_char *blob, *signature;
c66f9d0e 884 u_int bloblen, slen;
a27002e5 885 u_int skip = 0;
2e73a022 886 int ret = -1;
94ec8c6b 887 int have_sig = 1;
a306f2dd 888
cbc5abf9 889 debug3("sign_and_send_pubkey");
fee56204 890
43348518 891 if (key_to_blob(id->key, &blob, &bloblen) == 0) {
fa08c86b 892 /* we cannot handle this key */
cbc5abf9 893 debug3("sign_and_send_pubkey: cannot handle key");
fa08c86b 894 return 0;
895 }
a306f2dd 896 /* data to be signed */
897 buffer_init(&b);
33de75a3 898 if (datafellows & SSH_OLD_SESSIONID) {
74fc9186 899 buffer_append(&b, session_id2, session_id2_len);
2b87da3b 900 skip = session_id2_len;
33de75a3 901 } else {
902 buffer_put_string(&b, session_id2, session_id2_len);
903 skip = buffer_len(&b);
74fc9186 904 }
a306f2dd 905 buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
188adeb2 906 buffer_put_cstring(&b, authctxt->server_user);
d0c832f3 907 buffer_put_cstring(&b,
cbc5abf9 908 datafellows & SSH_BUG_PKSERVICE ?
d0c832f3 909 "ssh-userauth" :
188adeb2 910 authctxt->service);
cbc5abf9 911 if (datafellows & SSH_BUG_PKAUTH) {
912 buffer_put_char(&b, have_sig);
913 } else {
914 buffer_put_cstring(&b, authctxt->method->name);
915 buffer_put_char(&b, have_sig);
43348518 916 buffer_put_cstring(&b, key_ssh_name(id->key));
cbc5abf9 917 }
a306f2dd 918 buffer_put_string(&b, blob, bloblen);
a306f2dd 919
920 /* generate signature */
43348518 921 ret = identity_sign(id, &signature, &slen,
fee56204 922 buffer_ptr(&b), buffer_len(&b));
2e73a022 923 if (ret == -1) {
924 xfree(blob);
925 buffer_free(&b);
926 return 0;
927 }
fa08c86b 928#ifdef DEBUG_PK
a306f2dd 929 buffer_dump(&b);
930#endif
cbc5abf9 931 if (datafellows & SSH_BUG_PKSERVICE) {
d0c832f3 932 buffer_clear(&b);
933 buffer_append(&b, session_id2, session_id2_len);
fee56204 934 skip = session_id2_len;
d0c832f3 935 buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
188adeb2 936 buffer_put_cstring(&b, authctxt->server_user);
937 buffer_put_cstring(&b, authctxt->service);
94ec8c6b 938 buffer_put_cstring(&b, authctxt->method->name);
939 buffer_put_char(&b, have_sig);
cbc5abf9 940 if (!(datafellows & SSH_BUG_PKAUTH))
43348518 941 buffer_put_cstring(&b, key_ssh_name(id->key));
d0c832f3 942 buffer_put_string(&b, blob, bloblen);
943 }
944 xfree(blob);
fee56204 945
a306f2dd 946 /* append signature */
947 buffer_put_string(&b, signature, slen);
948 xfree(signature);
949
950 /* skip session id and packet type */
74fc9186 951 if (buffer_len(&b) < skip + 1)
188adeb2 952 fatal("userauth_pubkey: internal error");
74fc9186 953 buffer_consume(&b, skip + 1);
a306f2dd 954
955 /* put remaining data from buffer into packet */
956 packet_start(SSH2_MSG_USERAUTH_REQUEST);
957 packet_put_raw(buffer_ptr(&b), buffer_len(&b));
958 buffer_free(&b);
a306f2dd 959 packet_send();
2e73a022 960
961 return 1;
4c8722d9 962}
963
396c147e 964static int
43348518 965send_pubkey_test(Authctxt *authctxt, Identity *id)
4c8722d9 966{
fee56204 967 u_char *blob;
21b30f38 968 u_int bloblen, have_sig = 0;
4c8722d9 969
fee56204 970 debug3("send_pubkey_test");
971
43348518 972 if (key_to_blob(id->key, &blob, &bloblen) == 0) {
fee56204 973 /* we cannot handle this key */
974 debug3("send_pubkey_test: cannot handle key");
4c8722d9 975 return 0;
976 }
fee56204 977 /* register callback for USERAUTH_PK_OK message */
fee56204 978 dispatch_set(SSH2_MSG_USERAUTH_PK_OK, &input_userauth_pk_ok);
4c8722d9 979
fee56204 980 packet_start(SSH2_MSG_USERAUTH_REQUEST);
981 packet_put_cstring(authctxt->server_user);
982 packet_put_cstring(authctxt->service);
983 packet_put_cstring(authctxt->method->name);
984 packet_put_char(have_sig);
985 if (!(datafellows & SSH_BUG_PKAUTH))
43348518 986 packet_put_cstring(key_ssh_name(id->key));
fee56204 987 packet_put_string(blob, bloblen);
988 xfree(blob);
989 packet_send();
990 return 1;
991}
992
396c147e 993static Key *
fee56204 994load_identity_file(char *filename)
995{
996 Key *private;
997 char prompt[300], *passphrase;
fc231518 998 int perm_ok, quit, i;
d156519a 999 struct stat st;
fee56204 1000
d156519a 1001 if (stat(filename, &st) < 0) {
1002 debug3("no such identity: %s", filename);
1003 return NULL;
1004 }
fc231518 1005 private = key_load_private_type(KEY_UNSPEC, filename, "", NULL, &perm_ok);
1006 if (!perm_ok)
1007 return NULL;
aeaa3d9e 1008 if (private == NULL) {
1009 if (options.batch_mode)
fee56204 1010 return NULL;
4c8722d9 1011 snprintf(prompt, sizeof prompt,
184eed6a 1012 "Enter passphrase for key '%.100s': ", filename);
188adeb2 1013 for (i = 0; i < options.number_of_password_prompts; i++) {
1014 passphrase = read_passphrase(prompt, 0);
1015 if (strcmp(passphrase, "") != 0) {
fc231518 1016 private = key_load_private_type(KEY_UNSPEC,
1017 filename, passphrase, NULL, NULL);
fee56204 1018 quit = 0;
188adeb2 1019 } else {
1020 debug2("no passphrase given, try next key");
fee56204 1021 quit = 1;
188adeb2 1022 }
1023 memset(passphrase, 0, strlen(passphrase));
1024 xfree(passphrase);
aeaa3d9e 1025 if (private != NULL || quit)
188adeb2 1026 break;
1027 debug2("bad passphrase given, try again...");
1028 }
4c8722d9 1029 }
fee56204 1030 return private;
1031}
1032
43348518 1033/*
1034 * try keys in the following order:
1035 * 1. agent keys that are found in the config file
1036 * 2. other agent keys
1037 * 3. keys that are only listed in the config file
1038 */
1039static void
1040pubkey_prepare(Authctxt *authctxt)
fee56204 1041{
43348518 1042 Identity *id;
1043 Idlist agent, files, *preferred;
1044 Key *key;
1045 AuthenticationConnection *ac;
1046 char *comment;
1047 int i, found;
1048
1049 TAILQ_INIT(&agent); /* keys from the agent */
1050 TAILQ_INIT(&files); /* keys from the config file */
1051 preferred = &authctxt->keys;
1052 TAILQ_INIT(preferred); /* preferred order of keys */
1053
1054 /* list of keys stored in the filesystem */
1055 for (i = 0; i < options.num_identity_files; i++) {
1056 key = options.identity_keys[i];
1057 if (key && key->type == KEY_RSA1)
1058 continue;
1059 options.identity_keys[i] = NULL;
52e3daed 1060 id = xcalloc(1, sizeof(*id));
43348518 1061 id->key = key;
1062 id->filename = xstrdup(options.identity_files[i]);
1063 TAILQ_INSERT_TAIL(&files, id, next);
1064 }
1065 /* list of keys supported by the agent */
1066 if ((ac = ssh_get_authentication_connection())) {
1067 for (key = ssh_get_first_identity(ac, &comment, 2);
1068 key != NULL;
1069 key = ssh_get_next_identity(ac, &comment, 2)) {
1070 found = 0;
1071 TAILQ_FOREACH(id, &files, next) {
aff51935 1072 /* agent keys from the config file are preferred */
43348518 1073 if (key_equal(key, id->key)) {
1074 key_free(key);
1075 xfree(comment);
1076 TAILQ_REMOVE(&files, id, next);
1077 TAILQ_INSERT_TAIL(preferred, id, next);
1078 id->ac = ac;
1079 found = 1;
1080 break;
1081 }
1082 }
3a065ed0 1083 if (!found && !options.identities_only) {
52e3daed 1084 id = xcalloc(1, sizeof(*id));
43348518 1085 id->key = key;
1086 id->filename = comment;
1087 id->ac = ac;
1088 TAILQ_INSERT_TAIL(&agent, id, next);
1089 }
1090 }
1091 /* append remaining agent keys */
1092 for (id = TAILQ_FIRST(&agent); id; id = TAILQ_FIRST(&agent)) {
1093 TAILQ_REMOVE(&agent, id, next);
1094 TAILQ_INSERT_TAIL(preferred, id, next);
1095 }
1096 authctxt->agent = ac;
1097 }
1098 /* append remaining keys from the config file */
1099 for (id = TAILQ_FIRST(&files); id; id = TAILQ_FIRST(&files)) {
1100 TAILQ_REMOVE(&files, id, next);
1101 TAILQ_INSERT_TAIL(preferred, id, next);
1102 }
1103 TAILQ_FOREACH(id, preferred, next) {
1104 debug2("key: %s (%p)", id->filename, id->key);
1105 }
fee56204 1106}
1107
43348518 1108static void
1109pubkey_cleanup(Authctxt *authctxt)
2e73a022 1110{
43348518 1111 Identity *id;
1112
1113 if (authctxt->agent != NULL)
1114 ssh_close_authentication_connection(authctxt->agent);
1115 for (id = TAILQ_FIRST(&authctxt->keys); id;
1116 id = TAILQ_FIRST(&authctxt->keys)) {
1117 TAILQ_REMOVE(&authctxt->keys, id, next);
1118 if (id->key)
1119 key_free(id->key);
1120 if (id->filename)
1121 xfree(id->filename);
1122 xfree(id);
2e73a022 1123 }
a306f2dd 1124}
1125
188adeb2 1126int
1127userauth_pubkey(Authctxt *authctxt)
a306f2dd 1128{
43348518 1129 Identity *id;
188adeb2 1130 int sent = 0;
1131
43348518 1132 while ((id = TAILQ_FIRST(&authctxt->keys))) {
1133 if (id->tried++)
1134 return (0);
b56e99e2 1135 /* move key to the end of the queue */
43348518 1136 TAILQ_REMOVE(&authctxt->keys, id, next);
1137 TAILQ_INSERT_TAIL(&authctxt->keys, id, next);
1138 /*
1139 * send a test message if we have the public key. for
1140 * encrypted keys we cannot do this and have to load the
1141 * private key instead
1142 */
1143 if (id->key && id->key->type != KEY_RSA1) {
1144 debug("Offering public key: %s", id->filename);
1145 sent = send_pubkey_test(authctxt, id);
1146 } else if (id->key == NULL) {
1147 debug("Trying private key: %s", id->filename);
1148 id->key = load_identity_file(id->filename);
1149 if (id->key != NULL) {
1150 id->isprivate = 1;
1151 sent = sign_and_send_pubkey(authctxt, id);
1152 key_free(id->key);
1153 id->key = NULL;
fee56204 1154 }
fee56204 1155 }
43348518 1156 if (sent)
1157 return (sent);
fa08c86b 1158 }
43348518 1159 return (0);
188adeb2 1160}
a306f2dd 1161
94ec8c6b 1162/*
1163 * Send userauth request message specifying keyboard-interactive method.
1164 */
1165int
1166userauth_kbdint(Authctxt *authctxt)
1167{
1168 static int attempt = 0;
1169
1170 if (attempt++ >= options.number_of_password_prompts)
1171 return 0;
6b759005 1172 /* disable if no SSH2_MSG_USERAUTH_INFO_REQUEST has been seen */
1173 if (attempt > 1 && !authctxt->info_req_seen) {
1174 debug3("userauth_kbdint: disable: no info_req_seen");
1175 dispatch_set(SSH2_MSG_USERAUTH_INFO_REQUEST, NULL);
1176 return 0;
1177 }
94ec8c6b 1178
1179 debug2("userauth_kbdint");
1180 packet_start(SSH2_MSG_USERAUTH_REQUEST);
1181 packet_put_cstring(authctxt->server_user);
1182 packet_put_cstring(authctxt->service);
1183 packet_put_cstring(authctxt->method->name);
1184 packet_put_cstring(""); /* lang */
1185 packet_put_cstring(options.kbd_interactive_devices ?
1186 options.kbd_interactive_devices : "");
1187 packet_send();
94ec8c6b 1188
1189 dispatch_set(SSH2_MSG_USERAUTH_INFO_REQUEST, &input_userauth_info_req);
1190 return 1;
1191}
1192
1193/*
f72e01a5 1194 * parse INFO_REQUEST, prompt user and send INFO_RESPONSE
94ec8c6b 1195 */
1196void
7819b5c3 1197input_userauth_info_req(int type, u_int32_t seq, void *ctxt)
94ec8c6b 1198{
1199 Authctxt *authctxt = ctxt;
f72e01a5 1200 char *name, *inst, *lang, *prompt, *response;
1e3b8b07 1201 u_int num_prompts, i;
94ec8c6b 1202 int echo = 0;
1203
1204 debug2("input_userauth_info_req");
1205
1206 if (authctxt == NULL)
1207 fatal("input_userauth_info_req: no authentication context");
1208
6b759005 1209 authctxt->info_req_seen = 1;
1210
94ec8c6b 1211 name = packet_get_string(NULL);
1212 inst = packet_get_string(NULL);
1213 lang = packet_get_string(NULL);
94ec8c6b 1214 if (strlen(name) > 0)
bbe88b6d 1215 logit("%s", name);
94ec8c6b 1216 if (strlen(inst) > 0)
bbe88b6d 1217 logit("%s", inst);
f72e01a5 1218 xfree(name);
94ec8c6b 1219 xfree(inst);
f72e01a5 1220 xfree(lang);
94ec8c6b 1221
1222 num_prompts = packet_get_int();
1223 /*
1224 * Begin to build info response packet based on prompts requested.
1225 * We commit to providing the correct number of responses, so if
1226 * further on we run into a problem that prevents this, we have to
1227 * be sure and clean this up and send a correct error response.
1228 */
1229 packet_start(SSH2_MSG_USERAUTH_INFO_RESPONSE);
1230 packet_put_int(num_prompts);
1231
5ba55ada 1232 debug2("input_userauth_info_req: num_prompts %d", num_prompts);
94ec8c6b 1233 for (i = 0; i < num_prompts; i++) {
1234 prompt = packet_get_string(NULL);
1235 echo = packet_get_char();
1236
1843a425 1237 response = read_passphrase(prompt, echo ? RP_ECHO : 0);
94ec8c6b 1238
a6215e53 1239 packet_put_cstring(response);
94ec8c6b 1240 memset(response, 0, strlen(response));
1241 xfree(response);
1242 xfree(prompt);
1243 }
95500969 1244 packet_check_eom(); /* done with parsing incoming message. */
94ec8c6b 1245
b4b701be 1246 packet_add_padding(64);
94ec8c6b 1247 packet_send();
94ec8c6b 1248}
a306f2dd 1249
39c00dc2 1250static int
d6133f43 1251ssh_keysign(Key *key, u_char **sigp, u_int *lenp,
39c00dc2 1252 u_char *data, u_int datalen)
1253{
1254 Buffer b;
7091a26b 1255 struct stat st;
39c00dc2 1256 pid_t pid;
d4826734 1257 int to[2], from[2], status, version = 2;
39c00dc2 1258
6226a8f8 1259 debug2("ssh_keysign called");
39c00dc2 1260
7091a26b 1261 if (stat(_PATH_SSH_KEY_SIGN, &st) < 0) {
1262 error("ssh_keysign: no installed: %s", strerror(errno));
1263 return -1;
1264 }
39c00dc2 1265 if (fflush(stdout) != 0)
1266 error("ssh_keysign: fflush: %s", strerror(errno));
1267 if (pipe(to) < 0) {
1268 error("ssh_keysign: pipe: %s", strerror(errno));
1269 return -1;
1270 }
1271 if (pipe(from) < 0) {
1272 error("ssh_keysign: pipe: %s", strerror(errno));
1273 return -1;
1274 }
1275 if ((pid = fork()) < 0) {
1276 error("ssh_keysign: fork: %s", strerror(errno));
1277 return -1;
1278 }
1279 if (pid == 0) {
3c33c1b6 1280 permanently_drop_suid(getuid());
39c00dc2 1281 close(from[0]);
1282 if (dup2(from[1], STDOUT_FILENO) < 0)
1283 fatal("ssh_keysign: dup2: %s", strerror(errno));
1284 close(to[1]);
1285 if (dup2(to[0], STDIN_FILENO) < 0)
1286 fatal("ssh_keysign: dup2: %s", strerror(errno));
d4826734 1287 close(from[1]);
1288 close(to[0]);
a3f69458 1289 execl(_PATH_SSH_KEY_SIGN, _PATH_SSH_KEY_SIGN, (char *) 0);
39c00dc2 1290 fatal("ssh_keysign: exec(%s): %s", _PATH_SSH_KEY_SIGN,
1291 strerror(errno));
1292 }
1293 close(from[1]);
1294 close(to[0]);
1295
1296 buffer_init(&b);
d4826734 1297 buffer_put_int(&b, packet_get_connection_in()); /* send # of socket */
39c00dc2 1298 buffer_put_string(&b, data, datalen);
d3cbe6f8 1299 if (ssh_msg_send(to[1], version, &b) == -1)
1300 fatal("ssh_keysign: couldn't send request");
39c00dc2 1301
e987fdbe 1302 if (ssh_msg_recv(from[0], &b) < 0) {
7091a26b 1303 error("ssh_keysign: no reply");
43f7a4b8 1304 buffer_free(&b);
39c00dc2 1305 return -1;
1306 }
39c00dc2 1307 close(from[0]);
1308 close(to[1]);
1309
d4826734 1310 while (waitpid(pid, &status, 0) < 0)
1311 if (errno != EINTR)
1312 break;
39c00dc2 1313
7091a26b 1314 if (buffer_get_char(&b) != version) {
1315 error("ssh_keysign: bad version");
43f7a4b8 1316 buffer_free(&b);
7091a26b 1317 return -1;
1318 }
1319 *sigp = buffer_get_string(&b, lenp);
43f7a4b8 1320 buffer_free(&b);
7091a26b 1321
39c00dc2 1322 return 0;
1323}
1324
8002af61 1325int
1326userauth_hostbased(Authctxt *authctxt)
1327{
1328 Key *private = NULL;
39c00dc2 1329 Sensitive *sensitive = authctxt->sensitive;
8002af61 1330 Buffer b;
1331 u_char *signature, *blob;
7fd1deb2 1332 char *chost, *pkalg, *p, myname[NI_MAXHOST];
8dddf799 1333 const char *service;
8002af61 1334 u_int blen, slen;
f98c3421 1335 int ok, i, len, found = 0;
8002af61 1336
8002af61 1337 /* check for a useful key */
39c00dc2 1338 for (i = 0; i < sensitive->nkeys; i++) {
1339 private = sensitive->keys[i];
8002af61 1340 if (private && private->type != KEY_RSA1) {
1341 found = 1;
1342 /* we take and free the key */
39c00dc2 1343 sensitive->keys[i] = NULL;
8002af61 1344 break;
1345 }
1346 }
1347 if (!found) {
6226a8f8 1348 debug("No more client hostkeys for hostbased authentication.");
8002af61 1349 return 0;
1350 }
1351 if (key_to_blob(private, &blob, &blen) == 0) {
1352 key_free(private);
8002af61 1353 return 0;
1354 }
e8d59b4d 1355 /* figure out a name for the client host */
7fd1deb2 1356 p = NULL;
1357 if (packet_connection_is_on_socket())
1358 p = get_local_name(packet_get_connection_in());
1359 if (p == NULL) {
1360 if (gethostname(myname, sizeof(myname)) == -1) {
1361 verbose("userauth_hostbased: gethostname: %s",
1362 strerror(errno));
1363 } else
1364 p = xstrdup(myname);
1365 }
e8d59b4d 1366 if (p == NULL) {
1367 error("userauth_hostbased: cannot get local ipaddr/name");
1368 key_free(private);
18fc231c 1369 xfree(blob);
e8d59b4d 1370 return 0;
1371 }
1372 len = strlen(p) + 2;
52e3daed 1373 xasprintf(&chost, "%s.", p);
e8d59b4d 1374 debug2("userauth_hostbased: chost %s", chost);
3e2f2431 1375 xfree(p);
e8d59b4d 1376
8dddf799 1377 service = datafellows & SSH_BUG_HBSERVICE ? "ssh-userauth" :
1378 authctxt->service;
8002af61 1379 pkalg = xstrdup(key_ssh_name(private));
1380 buffer_init(&b);
8002af61 1381 /* construct data */
8dddf799 1382 buffer_put_string(&b, session_id2, session_id2_len);
8002af61 1383 buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
1384 buffer_put_cstring(&b, authctxt->server_user);
8dddf799 1385 buffer_put_cstring(&b, service);
8002af61 1386 buffer_put_cstring(&b, authctxt->method->name);
1387 buffer_put_cstring(&b, pkalg);
1388 buffer_put_string(&b, blob, blen);
1389 buffer_put_cstring(&b, chost);
1390 buffer_put_cstring(&b, authctxt->local_user);
1391#ifdef DEBUG_PK
1392 buffer_dump(&b);
1393#endif
39c00dc2 1394 if (sensitive->external_keysign)
1395 ok = ssh_keysign(private, &signature, &slen,
1396 buffer_ptr(&b), buffer_len(&b));
1397 else
1398 ok = key_sign(private, &signature, &slen,
1399 buffer_ptr(&b), buffer_len(&b));
8002af61 1400 key_free(private);
1401 buffer_free(&b);
1402 if (ok != 0) {
1403 error("key_sign failed");
1404 xfree(chost);
1405 xfree(pkalg);
18fc231c 1406 xfree(blob);
8002af61 1407 return 0;
1408 }
1409 packet_start(SSH2_MSG_USERAUTH_REQUEST);
1410 packet_put_cstring(authctxt->server_user);
1411 packet_put_cstring(authctxt->service);
1412 packet_put_cstring(authctxt->method->name);
1413 packet_put_cstring(pkalg);
1414 packet_put_string(blob, blen);
1415 packet_put_cstring(chost);
1416 packet_put_cstring(authctxt->local_user);
1417 packet_put_string(signature, slen);
1418 memset(signature, 's', slen);
1419 xfree(signature);
1420 xfree(chost);
1421 xfree(pkalg);
18fc231c 1422 xfree(blob);
8002af61 1423
1424 packet_send();
1425 return 1;
1426}
1427
188adeb2 1428/* find auth method */
1429
188adeb2 1430/*
1431 * given auth method name, if configurable options permit this method fill
1432 * in auth_ident field and return true, otherwise return false.
1433 */
396c147e 1434static int
188adeb2 1435authmethod_is_enabled(Authmethod *method)
1436{
1437 if (method == NULL)
1438 return 0;
1439 /* return false if options indicate this method is disabled */
1440 if (method->enabled == NULL || *method->enabled == 0)
1441 return 0;
1442 /* return false if batch mode is enabled but method needs interactive mode */
1443 if (method->batch_flag != NULL && *method->batch_flag != 0)
1444 return 0;
1445 return 1;
1446}
a306f2dd 1447
396c147e 1448static Authmethod *
188adeb2 1449authmethod_lookup(const char *name)
1450{
1451 Authmethod *method = NULL;
1452 if (name != NULL)
1453 for (method = authmethods; method->name != NULL; method++)
1454 if (strcmp(name, method->name) == 0)
1455 return method;
1456 debug2("Unrecognized authentication method name: %s", name ? name : "NULL");
1457 return NULL;
1458}
1459
cab80f75 1460/* XXX internal state */
1461static Authmethod *current = NULL;
1462static char *supported = NULL;
1463static char *preferred = NULL;
d6133f43 1464
188adeb2 1465/*
1466 * Given the authentication method list sent by the server, return the
1467 * next method we should try. If the server initially sends a nil list,
cd332296 1468 * use a built-in default list.
2b87da3b 1469 */
396c147e 1470static Authmethod *
188adeb2 1471authmethod_get(char *authlist)
1472{
cab80f75 1473 char *name = NULL;
21b30f38 1474 u_int next;
2b87da3b 1475
188adeb2 1476 /* Use a suitable default if we're passed a nil list. */
1477 if (authlist == NULL || strlen(authlist) == 0)
cab80f75 1478 authlist = options.preferred_authentications;
1479
1480 if (supported == NULL || strcmp(authlist, supported) != 0) {
1481 debug3("start over, passed a different list %s", authlist);
1482 if (supported != NULL)
1483 xfree(supported);
1484 supported = xstrdup(authlist);
1485 preferred = options.preferred_authentications;
1486 debug3("preferred %s", preferred);
1487 current = NULL;
1488 } else if (current != NULL && authmethod_is_enabled(current))
1489 return current;
188adeb2 1490
cab80f75 1491 for (;;) {
1492 if ((name = match_list(preferred, supported, &next)) == NULL) {
6226a8f8 1493 debug("No more authentication methods to try.");
cab80f75 1494 current = NULL;
1495 return NULL;
1496 }
1497 preferred += next;
94ec8c6b 1498 debug3("authmethod_lookup %s", name);
cab80f75 1499 debug3("remaining preferred: %s", preferred);
1500 if ((current = authmethod_lookup(name)) != NULL &&
1501 authmethod_is_enabled(current)) {
94ec8c6b 1502 debug3("authmethod_is_enabled %s", name);
6226a8f8 1503 debug("Next authentication method: %s", name);
cab80f75 1504 return current;
94ec8c6b 1505 }
a306f2dd 1506 }
cab80f75 1507}
a22aff1f 1508
ffb215be 1509static char *
cab80f75 1510authmethods_get(void)
1511{
1512 Authmethod *method = NULL;
3469eac4 1513 Buffer b;
1514 char *list;
cab80f75 1515
3469eac4 1516 buffer_init(&b);
cab80f75 1517 for (method = authmethods; method->name != NULL; method++) {
1518 if (authmethod_is_enabled(method)) {
3469eac4 1519 if (buffer_len(&b) > 0)
1520 buffer_append(&b, ",", 1);
1521 buffer_append(&b, method->name, strlen(method->name));
cab80f75 1522 }
1523 }
3469eac4 1524 buffer_append(&b, "\0", 1);
1525 list = xstrdup(buffer_ptr(&b));
1526 buffer_free(&b);
1527 return list;
a306f2dd 1528}
git-cvsimport mirror of OpenSSH
This page took 1.272152 seconds and 5 git commands to generate.