]> andersk Git - openssh.git/blame - sshconnect2.c
andersk / openssh.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
- markus@cvs.openbsd.org 2001/03/27 10:57:00
[openssh.git] / sshconnect2.c
CommitLineData
a306f2dd 1/*
2 * Copyright (c) 2000 Markus Friedl. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution.
a306f2dd 12 *
13 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
14 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
15 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
16 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
17 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
18 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
19 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
20 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
21 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
23 */
24
25#include "includes.h"
aeaa3d9e 26RCSID("$OpenBSD: sshconnect2.c,v 1.56 2001/03/26 08:07:09 markus Exp $");
a306f2dd 27
28#include <openssl/bn.h>
a306f2dd 29#include <openssl/md5.h>
30#include <openssl/dh.h>
31#include <openssl/hmac.h>
32
33#include "ssh.h"
42f11eb2 34#include "ssh2.h"
a306f2dd 35#include "xmalloc.h"
36#include "rsa.h"
37#include "buffer.h"
38#include "packet.h"
a306f2dd 39#include "uidswap.h"
40#include "compat.h"
a306f2dd 41#include "bufaux.h"
42f11eb2 42#include "cipher.h"
a306f2dd 43#include "kex.h"
44#include "myproposal.h"
45#include "key.h"
a306f2dd 46#include "sshconnect.h"
47#include "authfile.h"
94ec8c6b 48#include "cli.h"
188adeb2 49#include "dispatch.h"
2e73a022 50#include "authfd.h"
42f11eb2 51#include "log.h"
52#include "readconf.h"
53#include "readpass.h"
cab80f75 54#include "match.h"
a306f2dd 55
94ec8c6b 56void ssh_dh1_client(Kex *, char *, struct sockaddr *, Buffer *, Buffer *);
57void ssh_dhgex_client(Kex *, char *, struct sockaddr *, Buffer *, Buffer *);
58
a306f2dd 59/* import */
60extern char *client_version_string;
61extern char *server_version_string;
62extern Options options;
63
64/*
65 * SSH2 key exchange
66 */
67
1e3b8b07 68u_char *session_id2 = NULL;
a306f2dd 69int session_id2_len = 0;
70
71void
94ec8c6b 72ssh_kex2(char *host, struct sockaddr *hostaddr)
73{
74 int i, plen;
75 Kex *kex;
76 Buffer *client_kexinit, *server_kexinit;
77 char *sprop[PROPOSAL_MAX];
78
c523303b 79 if (options.ciphers == (char *)-1) {
80 log("No valid ciphers for protocol version 2 given, using defaults.");
81 options.ciphers = NULL;
94ec8c6b 82 }
83 if (options.ciphers != NULL) {
84 myproposal[PROPOSAL_ENC_ALGS_CTOS] =
85 myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers;
86 }
87 if (options.compression) {
b2552997 88 myproposal[PROPOSAL_COMP_ALGS_CTOS] =
94ec8c6b 89 myproposal[PROPOSAL_COMP_ALGS_STOC] = "zlib";
90 } else {
b2552997 91 myproposal[PROPOSAL_COMP_ALGS_CTOS] =
94ec8c6b 92 myproposal[PROPOSAL_COMP_ALGS_STOC] = "none";
93 }
b2552997 94 if (options.macs != NULL) {
95 myproposal[PROPOSAL_MAC_ALGS_CTOS] =
96 myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
97 }
94ec8c6b 98
80cd07ae 99 myproposal[PROPOSAL_ENC_ALGS_STOC] =
100 compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_STOC]);
101
94ec8c6b 102 /* buffers with raw kexinit messages */
103 server_kexinit = xmalloc(sizeof(*server_kexinit));
104 buffer_init(server_kexinit);
105 client_kexinit = kex_init(myproposal);
106
107 /* algorithm negotiation */
108 kex_exchange_kexinit(client_kexinit, server_kexinit, sprop);
109 kex = kex_choose_conf(myproposal, sprop, 0);
110 for (i = 0; i < PROPOSAL_MAX; i++)
111 xfree(sprop[i]);
112
113 /* server authentication and session key agreement */
114 switch(kex->kex_type) {
115 case DH_GRP1_SHA1:
116 ssh_dh1_client(kex, host, hostaddr,
117 client_kexinit, server_kexinit);
118 break;
119 case DH_GEX_SHA1:
120 ssh_dhgex_client(kex, host, hostaddr, client_kexinit,
121 server_kexinit);
122 break;
123 default:
124 fatal("Unsupported key exchange %d", kex->kex_type);
125 }
126
127 buffer_free(client_kexinit);
128 buffer_free(server_kexinit);
129 xfree(client_kexinit);
130 xfree(server_kexinit);
131
132 debug("Wait SSH2_MSG_NEWKEYS.");
133 packet_read_expect(&plen, SSH2_MSG_NEWKEYS);
134 packet_done();
135 debug("GOT SSH2_MSG_NEWKEYS.");
136
137 debug("send SSH2_MSG_NEWKEYS.");
138 packet_start(SSH2_MSG_NEWKEYS);
139 packet_send();
140 packet_write_wait();
141 debug("done: send SSH2_MSG_NEWKEYS.");
142
143#ifdef DEBUG_KEXDH
144 /* send 1st encrypted/maced/compressed message */
145 packet_start(SSH2_MSG_IGNORE);
146 packet_put_cstring("markus");
147 packet_send();
148 packet_write_wait();
149#endif
150 debug("done: KEX2.");
151}
152
153/* diffie-hellman-group1-sha1 */
154
155void
2b87da3b 156ssh_dh1_client(Kex *kex, char *host, struct sockaddr *hostaddr,
94ec8c6b 157 Buffer *client_kexinit, Buffer *server_kexinit)
a306f2dd 158{
188adeb2 159#ifdef DEBUG_KEXDH
160 int i;
161#endif
71276795 162 int plen, dlen;
1e3b8b07 163 u_int klen, kout;
a306f2dd 164 char *signature = NULL;
1e3b8b07 165 u_int slen;
a306f2dd 166 char *server_host_key_blob = NULL;
167 Key *server_host_key;
1e3b8b07 168 u_int sbloblen;
a306f2dd 169 DH *dh;
170 BIGNUM *dh_server_pub = 0;
171 BIGNUM *shared_secret = 0;
1e3b8b07 172 u_char *kbuf;
173 u_char *hash;
a306f2dd 174
a306f2dd 175 debug("Sending SSH2_MSG_KEXDH_INIT.");
a306f2dd 176 /* generate and send 'e', client DH public key */
177 dh = dh_new_group1();
7de5b06b 178 dh_gen_key(dh, kex->we_need * 8);
a306f2dd 179 packet_start(SSH2_MSG_KEXDH_INIT);
180 packet_put_bignum2(dh->pub_key);
181 packet_send();
182 packet_write_wait();
183
184#ifdef DEBUG_KEXDH
185 fprintf(stderr, "\np= ");
188adeb2 186 BN_print_fp(stderr, dh->p);
a306f2dd 187 fprintf(stderr, "\ng= ");
188adeb2 188 BN_print_fp(stderr, dh->g);
a306f2dd 189 fprintf(stderr, "\npub= ");
188adeb2 190 BN_print_fp(stderr, dh->pub_key);
a306f2dd 191 fprintf(stderr, "\n");
192 DHparams_print_fp(stderr, dh);
193#endif
194
195 debug("Wait SSH2_MSG_KEXDH_REPLY.");
196
71276795 197 packet_read_expect(&plen, SSH2_MSG_KEXDH_REPLY);
a306f2dd 198
199 debug("Got SSH2_MSG_KEXDH_REPLY.");
200
201 /* key, cert */
202 server_host_key_blob = packet_get_string(&sbloblen);
fa08c86b 203 server_host_key = key_from_blob(server_host_key_blob, sbloblen);
a306f2dd 204 if (server_host_key == NULL)
205 fatal("cannot decode server_host_key_blob");
206
207 check_host_key(host, hostaddr, server_host_key,
94ec8c6b 208 options.user_hostfile2, options.system_hostfile2);
a306f2dd 209
210 /* DH paramter f, server public DH key */
211 dh_server_pub = BN_new();
212 if (dh_server_pub == NULL)
213 fatal("dh_server_pub == NULL");
214 packet_get_bignum2(dh_server_pub, &dlen);
215
216#ifdef DEBUG_KEXDH
217 fprintf(stderr, "\ndh_server_pub= ");
188adeb2 218 BN_print_fp(stderr, dh_server_pub);
a306f2dd 219 fprintf(stderr, "\n");
220 debug("bits %d", BN_num_bits(dh_server_pub));
221#endif
222
223 /* signed H */
224 signature = packet_get_string(&slen);
225 packet_done();
226
227 if (!dh_pub_is_valid(dh, dh_server_pub))
228 packet_disconnect("bad server public DH value");
229
230 klen = DH_size(dh);
231 kbuf = xmalloc(klen);
232 kout = DH_compute_key(kbuf, dh_server_pub, dh);
233#ifdef DEBUG_KEXDH
234 debug("shared secret: len %d/%d", klen, kout);
235 fprintf(stderr, "shared secret == ");
236 for (i = 0; i< kout; i++)
237 fprintf(stderr, "%02x", (kbuf[i])&0xff);
238 fprintf(stderr, "\n");
239#endif
240 shared_secret = BN_new();
241
242 BN_bin2bn(kbuf, kout, shared_secret);
243 memset(kbuf, 0, klen);
244 xfree(kbuf);
245
246 /* calc and verify H */
247 hash = kex_hash(
248 client_version_string,
249 server_version_string,
250 buffer_ptr(client_kexinit), buffer_len(client_kexinit),
251 buffer_ptr(server_kexinit), buffer_len(server_kexinit),
252 server_host_key_blob, sbloblen,
253 dh->pub_key,
254 dh_server_pub,
255 shared_secret
256 );
257 xfree(server_host_key_blob);
71276795 258 DH_free(dh);
53a24016 259 BN_free(dh_server_pub);
a306f2dd 260#ifdef DEBUG_KEXDH
261 fprintf(stderr, "hash == ");
262 for (i = 0; i< 20; i++)
263 fprintf(stderr, "%02x", (hash[i])&0xff);
264 fprintf(stderr, "\n");
265#endif
1e3b8b07 266 if (key_verify(server_host_key, (u_char *)signature, slen, hash, 20) != 1)
fa08c86b 267 fatal("key_verify failed for server_host_key");
a306f2dd 268 key_free(server_host_key);
53a24016 269 xfree(signature);
a306f2dd 270
271 kex_derive_keys(kex, hash, shared_secret);
53a24016 272 BN_clear_free(shared_secret);
a306f2dd 273 packet_set_kex(kex);
274
a306f2dd 275 /* save session id */
276 session_id2_len = 20;
277 session_id2 = xmalloc(session_id2_len);
278 memcpy(session_id2, hash, session_id2_len);
71276795 279}
280
94ec8c6b 281/* diffie-hellman-group-exchange-sha1 */
282
283/*
284 * Estimates the group order for a Diffie-Hellman group that has an
285 * attack complexity approximately the same as O(2**bits). Estimate
286 * with: O(exp(1.9223 * (ln q)^(1/3) (ln ln q)^(2/3)))
287 */
288
289int
290dh_estimate(int bits)
291{
2b87da3b 292
94ec8c6b 293 if (bits < 64)
294 return (512); /* O(2**63) */
295 if (bits < 128)
296 return (1024); /* O(2**86) */
297 if (bits < 192)
298 return (2048); /* O(2**116) */
299 return (4096); /* O(2**156) */
300}
301
71276795 302void
94ec8c6b 303ssh_dhgex_client(Kex *kex, char *host, struct sockaddr *hostaddr,
304 Buffer *client_kexinit, Buffer *server_kexinit)
71276795 305{
94ec8c6b 306#ifdef DEBUG_KEXDH
307 int i;
308#endif
309 int plen, dlen;
1e3b8b07 310 u_int klen, kout;
94ec8c6b 311 char *signature = NULL;
1e3b8b07 312 u_int slen, nbits;
94ec8c6b 313 char *server_host_key_blob = NULL;
314 Key *server_host_key;
1e3b8b07 315 u_int sbloblen;
94ec8c6b 316 DH *dh;
317 BIGNUM *dh_server_pub = 0;
318 BIGNUM *shared_secret = 0;
319 BIGNUM *p = 0, *g = 0;
1e3b8b07 320 u_char *kbuf;
321 u_char *hash;
71276795 322
7de5b06b 323 nbits = dh_estimate(kex->we_need * 8);
71276795 324
94ec8c6b 325 debug("Sending SSH2_MSG_KEX_DH_GEX_REQUEST.");
326 packet_start(SSH2_MSG_KEX_DH_GEX_REQUEST);
327 packet_put_int(nbits);
328 packet_send();
329 packet_write_wait();
71276795 330
94ec8c6b 331#ifdef DEBUG_KEXDH
332 fprintf(stderr, "\nnbits = %d", nbits);
333#endif
71276795 334
94ec8c6b 335 debug("Wait SSH2_MSG_KEX_DH_GEX_GROUP.");
71276795 336
94ec8c6b 337 packet_read_expect(&plen, SSH2_MSG_KEX_DH_GEX_GROUP);
a306f2dd 338
94ec8c6b 339 debug("Got SSH2_MSG_KEX_DH_GEX_GROUP.");
a306f2dd 340
94ec8c6b 341 if ((p = BN_new()) == NULL)
342 fatal("BN_new");
343 packet_get_bignum2(p, &dlen);
344 if ((g = BN_new()) == NULL)
345 fatal("BN_new");
346 packet_get_bignum2(g, &dlen);
42f11eb2 347 dh = dh_new_group(g, p);
a306f2dd 348
7de5b06b 349 dh_gen_key(dh, kex->we_need * 8);
3e1caa83 350
a306f2dd 351#ifdef DEBUG_KEXDH
94ec8c6b 352 fprintf(stderr, "\np= ");
353 BN_print_fp(stderr, dh->p);
354 fprintf(stderr, "\ng= ");
355 BN_print_fp(stderr, dh->g);
356 fprintf(stderr, "\npub= ");
357 BN_print_fp(stderr, dh->pub_key);
358 fprintf(stderr, "\n");
359 DHparams_print_fp(stderr, dh);
360#endif
361
362 debug("Sending SSH2_MSG_KEX_DH_GEX_INIT.");
363 /* generate and send 'e', client DH public key */
364 packet_start(SSH2_MSG_KEX_DH_GEX_INIT);
365 packet_put_bignum2(dh->pub_key);
a306f2dd 366 packet_send();
367 packet_write_wait();
94ec8c6b 368
369 debug("Wait SSH2_MSG_KEX_DH_GEX_REPLY.");
370
371 packet_read_expect(&plen, SSH2_MSG_KEX_DH_GEX_REPLY);
372
373 debug("Got SSH2_MSG_KEXDH_REPLY.");
374
375 /* key, cert */
376 server_host_key_blob = packet_get_string(&sbloblen);
fa08c86b 377 server_host_key = key_from_blob(server_host_key_blob, sbloblen);
94ec8c6b 378 if (server_host_key == NULL)
379 fatal("cannot decode server_host_key_blob");
380
381 check_host_key(host, hostaddr, server_host_key,
382 options.user_hostfile2, options.system_hostfile2);
383
384 /* DH paramter f, server public DH key */
385 dh_server_pub = BN_new();
386 if (dh_server_pub == NULL)
387 fatal("dh_server_pub == NULL");
388 packet_get_bignum2(dh_server_pub, &dlen);
389
390#ifdef DEBUG_KEXDH
391 fprintf(stderr, "\ndh_server_pub= ");
392 BN_print_fp(stderr, dh_server_pub);
393 fprintf(stderr, "\n");
394 debug("bits %d", BN_num_bits(dh_server_pub));
a306f2dd 395#endif
94ec8c6b 396
397 /* signed H */
398 signature = packet_get_string(&slen);
399 packet_done();
400
401 if (!dh_pub_is_valid(dh, dh_server_pub))
402 packet_disconnect("bad server public DH value");
403
404 klen = DH_size(dh);
405 kbuf = xmalloc(klen);
406 kout = DH_compute_key(kbuf, dh_server_pub, dh);
407#ifdef DEBUG_KEXDH
408 debug("shared secret: len %d/%d", klen, kout);
409 fprintf(stderr, "shared secret == ");
410 for (i = 0; i< kout; i++)
411 fprintf(stderr, "%02x", (kbuf[i])&0xff);
412 fprintf(stderr, "\n");
413#endif
414 shared_secret = BN_new();
415
416 BN_bin2bn(kbuf, kout, shared_secret);
417 memset(kbuf, 0, klen);
418 xfree(kbuf);
419
420 /* calc and verify H */
421 hash = kex_hash_gex(
422 client_version_string,
423 server_version_string,
424 buffer_ptr(client_kexinit), buffer_len(client_kexinit),
425 buffer_ptr(server_kexinit), buffer_len(server_kexinit),
426 server_host_key_blob, sbloblen,
2b87da3b 427 nbits, dh->p, dh->g,
94ec8c6b 428 dh->pub_key,
429 dh_server_pub,
430 shared_secret
431 );
432 xfree(server_host_key_blob);
433 DH_free(dh);
53a24016 434 BN_free(dh_server_pub);
94ec8c6b 435#ifdef DEBUG_KEXDH
436 fprintf(stderr, "hash == ");
437 for (i = 0; i< 20; i++)
438 fprintf(stderr, "%02x", (hash[i])&0xff);
439 fprintf(stderr, "\n");
440#endif
1e3b8b07 441 if (key_verify(server_host_key, (u_char *)signature, slen, hash, 20) != 1)
fa08c86b 442 fatal("key_verify failed for server_host_key");
94ec8c6b 443 key_free(server_host_key);
53a24016 444 xfree(signature);
94ec8c6b 445
446 kex_derive_keys(kex, hash, shared_secret);
53a24016 447 BN_clear_free(shared_secret);
94ec8c6b 448 packet_set_kex(kex);
449
450 /* save session id */
451 session_id2_len = 20;
452 session_id2 = xmalloc(session_id2_len);
453 memcpy(session_id2, hash, session_id2_len);
a306f2dd 454}
71276795 455
a306f2dd 456/*
457 * Authenticate user
458 */
188adeb2 459
460typedef struct Authctxt Authctxt;
461typedef struct Authmethod Authmethod;
462
463typedef int sign_cb_fn(
464 Authctxt *authctxt, Key *key,
1e3b8b07 465 u_char **sigp, int *lenp, u_char *data, int datalen);
188adeb2 466
467struct Authctxt {
468 const char *server_user;
469 const char *host;
470 const char *service;
471 AuthenticationConnection *agent;
188adeb2 472 Authmethod *method;
94ec8c6b 473 int success;
fee56204 474 char *authlist;
475 Key *last_key;
476 sign_cb_fn *last_key_sign;
477 int last_key_hint;
188adeb2 478};
479struct Authmethod {
480 char *name; /* string to compare against server's list */
481 int (*userauth)(Authctxt *authctxt);
482 int *enabled; /* flag in option struct that enables method */
483 int *batch_flag; /* flag in option struct that disables method */
484};
485
486void input_userauth_success(int type, int plen, void *ctxt);
487void input_userauth_failure(int type, int plen, void *ctxt);
9616313f 488void input_userauth_banner(int type, int plen, void *ctxt);
188adeb2 489void input_userauth_error(int type, int plen, void *ctxt);
94ec8c6b 490void input_userauth_info_req(int type, int plen, void *ctxt);
fee56204 491void input_userauth_pk_ok(int type, int plen, void *ctxt);
94ec8c6b 492
493int userauth_none(Authctxt *authctxt);
188adeb2 494int userauth_pubkey(Authctxt *authctxt);
495int userauth_passwd(Authctxt *authctxt);
94ec8c6b 496int userauth_kbdint(Authctxt *authctxt);
188adeb2 497
fee56204 498void userauth(Authctxt *authctxt, char *authlist);
499
500int
501sign_and_send_pubkey(Authctxt *authctxt, Key *k,
502 sign_cb_fn *sign_callback);
503void clear_auth_state(Authctxt *authctxt);
504
94ec8c6b 505Authmethod *authmethod_get(char *authlist);
506Authmethod *authmethod_lookup(const char *name);
cab80f75 507char *authmethods_get(void);
188adeb2 508
509Authmethod authmethods[] = {
510 {"publickey",
511 userauth_pubkey,
fa08c86b 512 &options.pubkey_authentication,
188adeb2 513 NULL},
514 {"password",
515 userauth_passwd,
516 &options.password_authentication,
517 &options.batch_mode},
94ec8c6b 518 {"keyboard-interactive",
519 userauth_kbdint,
520 &options.kbd_interactive_authentication,
521 &options.batch_mode},
522 {"none",
523 userauth_none,
524 NULL,
525 NULL},
188adeb2 526 {NULL, NULL, NULL, NULL}
527};
528
529void
530ssh_userauth2(const char *server_user, char *host)
531{
532 Authctxt authctxt;
533 int type;
534 int plen;
535
d464095c 536 if (options.challenge_reponse_authentication)
537 options.kbd_interactive_authentication = 1;
538
188adeb2 539 debug("send SSH2_MSG_SERVICE_REQUEST");
540 packet_start(SSH2_MSG_SERVICE_REQUEST);
541 packet_put_cstring("ssh-userauth");
542 packet_send();
543 packet_write_wait();
544 type = packet_read(&plen);
545 if (type != SSH2_MSG_SERVICE_ACCEPT) {
546 fatal("denied SSH2_MSG_SERVICE_ACCEPT: %d", type);
547 }
548 if (packet_remaining() > 0) {
549 char *reply = packet_get_string(&plen);
550 debug("service_accept: %s", reply);
551 xfree(reply);
188adeb2 552 } else {
553 debug("buggy server: service_accept w/o service");
554 }
555 packet_done();
556 debug("got SSH2_MSG_SERVICE_ACCEPT");
557
cab80f75 558 if (options.preferred_authentications == NULL)
559 options.preferred_authentications = authmethods_get();
560
188adeb2 561 /* setup authentication context */
562 authctxt.agent = ssh_get_authentication_connection();
563 authctxt.server_user = server_user;
564 authctxt.host = host;
565 authctxt.service = "ssh-connection"; /* service name */
566 authctxt.success = 0;
94ec8c6b 567 authctxt.method = authmethod_lookup("none");
fee56204 568 authctxt.authlist = NULL;
94ec8c6b 569 if (authctxt.method == NULL)
570 fatal("ssh_userauth2: internal error: cannot send userauth none request");
188adeb2 571
572 /* initial userauth request */
94ec8c6b 573 userauth_none(&authctxt);
188adeb2 574
575 dispatch_init(&input_userauth_error);
576 dispatch_set(SSH2_MSG_USERAUTH_SUCCESS, &input_userauth_success);
577 dispatch_set(SSH2_MSG_USERAUTH_FAILURE, &input_userauth_failure);
9616313f 578 dispatch_set(SSH2_MSG_USERAUTH_BANNER, &input_userauth_banner);
188adeb2 579 dispatch_run(DISPATCH_BLOCK, &authctxt.success, &authctxt); /* loop until success */
580
581 if (authctxt.agent != NULL)
582 ssh_close_authentication_connection(authctxt.agent);
583
8abcdba4 584 debug("ssh-userauth2 successful: method %s", authctxt.method->name);
188adeb2 585}
586void
fee56204 587userauth(Authctxt *authctxt, char *authlist)
588{
589 if (authlist == NULL) {
590 authlist = authctxt->authlist;
591 } else {
592 if (authctxt->authlist)
593 xfree(authctxt->authlist);
594 authctxt->authlist = authlist;
595 }
596 for (;;) {
597 Authmethod *method = authmethod_get(authlist);
598 if (method == NULL)
599 fatal("Permission denied (%s).", authlist);
600 authctxt->method = method;
601 if (method->userauth(authctxt) != 0) {
602 debug2("we sent a %s packet, wait for reply", method->name);
603 break;
604 } else {
605 debug2("we did not send a packet, disable method");
606 method->enabled = NULL;
607 }
608 }
609}
610void
188adeb2 611input_userauth_error(int type, int plen, void *ctxt)
612{
9616313f 613 fatal("input_userauth_error: bad message during authentication: "
614 "type %d", type);
615}
616void
617input_userauth_banner(int type, int plen, void *ctxt)
618{
619 char *msg, *lang;
620 debug3("input_userauth_banner");
621 msg = packet_get_string(NULL);
622 lang = packet_get_string(NULL);
623 fprintf(stderr, "%s", msg);
624 xfree(msg);
625 xfree(lang);
188adeb2 626}
627void
628input_userauth_success(int type, int plen, void *ctxt)
629{
630 Authctxt *authctxt = ctxt;
631 if (authctxt == NULL)
632 fatal("input_userauth_success: no authentication context");
fee56204 633 if (authctxt->authlist)
634 xfree(authctxt->authlist);
635 clear_auth_state(authctxt);
188adeb2 636 authctxt->success = 1; /* break out */
637}
638void
639input_userauth_failure(int type, int plen, void *ctxt)
640{
188adeb2 641 Authctxt *authctxt = ctxt;
642 char *authlist = NULL;
643 int partial;
188adeb2 644
645 if (authctxt == NULL)
646 fatal("input_userauth_failure: no authentication context");
647
94ec8c6b 648 authlist = packet_get_string(NULL);
188adeb2 649 partial = packet_get_char();
650 packet_done();
651
652 if (partial != 0)
f72e01a5 653 log("Authenticated with partial success.");
188adeb2 654 debug("authentications that can continue: %s", authlist);
655
fee56204 656 clear_auth_state(authctxt);
657 userauth(authctxt, authlist);
658}
659void
660input_userauth_pk_ok(int type, int plen, void *ctxt)
661{
662 Authctxt *authctxt = ctxt;
663 Key *key = NULL;
664 Buffer b;
665 int alen, blen, pktype, sent = 0;
22138a36 666 char *pkalg, *pkblob, *fp;
fee56204 667
668 if (authctxt == NULL)
669 fatal("input_userauth_pk_ok: no authentication context");
670 if (datafellows & SSH_BUG_PKOK) {
671 /* this is similar to SSH_BUG_PKAUTH */
672 debug2("input_userauth_pk_ok: SSH_BUG_PKOK");
673 pkblob = packet_get_string(&blen);
674 buffer_init(&b);
675 buffer_append(&b, pkblob, blen);
676 pkalg = buffer_get_string(&b, &alen);
677 buffer_free(&b);
678 } else {
679 pkalg = packet_get_string(&alen);
680 pkblob = packet_get_string(&blen);
681 }
682 packet_done();
683
684 debug("input_userauth_pk_ok: pkalg %s blen %d lastkey %p hint %d",
685 pkalg, blen, authctxt->last_key, authctxt->last_key_hint);
686
687 do {
688 if (authctxt->last_key == NULL ||
689 authctxt->last_key_sign == NULL) {
690 debug("no last key or no sign cb");
188adeb2 691 break;
188adeb2 692 }
fee56204 693 if ((pktype = key_type_from_name(pkalg)) == KEY_UNSPEC) {
694 debug("unknown pkalg %s", pkalg);
695 break;
696 }
697 if ((key = key_from_blob(pkblob, blen)) == NULL) {
698 debug("no key from blob. pkalg %s", pkalg);
699 break;
700 }
22138a36 701 fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
702 debug2("input_userauth_pk_ok: fp %s", fp);
703 xfree(fp);
fee56204 704 if (!key_equal(key, authctxt->last_key)) {
705 debug("key != last_key");
706 break;
707 }
708 sent = sign_and_send_pubkey(authctxt, key,
709 authctxt->last_key_sign);
710 } while(0);
711
712 if (key != NULL)
713 key_free(key);
714 xfree(pkalg);
715 xfree(pkblob);
716
717 /* unregister */
718 clear_auth_state(authctxt);
719 dispatch_set(SSH2_MSG_USERAUTH_PK_OK, NULL);
720
721 /* try another method if we did not send a packet*/
722 if (sent == 0)
723 userauth(authctxt, NULL);
724
188adeb2 725}
726
94ec8c6b 727int
728userauth_none(Authctxt *authctxt)
729{
730 /* initial userauth request */
731 packet_start(SSH2_MSG_USERAUTH_REQUEST);
732 packet_put_cstring(authctxt->server_user);
733 packet_put_cstring(authctxt->service);
734 packet_put_cstring(authctxt->method->name);
735 packet_send();
94ec8c6b 736 return 1;
737}
738
a306f2dd 739int
188adeb2 740userauth_passwd(Authctxt *authctxt)
a306f2dd 741{
1d1ffb87 742 static int attempt = 0;
a306f2dd 743 char prompt[80];
744 char *password;
745
fa649821 746 if (attempt++ >= options.number_of_password_prompts)
1d1ffb87 747 return 0;
748
fa649821 749 if(attempt != 1)
750 error("Permission denied, please try again.");
751
f72e01a5 752 snprintf(prompt, sizeof(prompt), "%.30s@%.128s's password: ",
188adeb2 753 authctxt->server_user, authctxt->host);
a306f2dd 754 password = read_passphrase(prompt, 0);
755 packet_start(SSH2_MSG_USERAUTH_REQUEST);
188adeb2 756 packet_put_cstring(authctxt->server_user);
757 packet_put_cstring(authctxt->service);
94ec8c6b 758 packet_put_cstring(authctxt->method->name);
a306f2dd 759 packet_put_char(0);
a6215e53 760 packet_put_cstring(password);
a306f2dd 761 memset(password, 0, strlen(password));
762 xfree(password);
a6215e53 763 packet_inject_ignore(64);
a306f2dd 764 packet_send();
a306f2dd 765 return 1;
766}
767
fee56204 768void
769clear_auth_state(Authctxt *authctxt)
770{
771 /* XXX clear authentication state */
772 if (authctxt->last_key != NULL && authctxt->last_key_hint == -1) {
773 debug3("clear_auth_state: key_free %p", authctxt->last_key);
774 key_free(authctxt->last_key);
775 }
776 authctxt->last_key = NULL;
777 authctxt->last_key_hint = -2;
778 authctxt->last_key_sign = NULL;
779}
780
2e73a022 781int
188adeb2 782sign_and_send_pubkey(Authctxt *authctxt, Key *k, sign_cb_fn *sign_callback)
a306f2dd 783{
784 Buffer b;
1e3b8b07 785 u_char *blob, *signature;
a306f2dd 786 int bloblen, slen;
74fc9186 787 int skip = 0;
2e73a022 788 int ret = -1;
94ec8c6b 789 int have_sig = 1;
a306f2dd 790
cbc5abf9 791 debug3("sign_and_send_pubkey");
fee56204 792
fa08c86b 793 if (key_to_blob(k, &blob, &bloblen) == 0) {
794 /* we cannot handle this key */
cbc5abf9 795 debug3("sign_and_send_pubkey: cannot handle key");
fa08c86b 796 return 0;
797 }
a306f2dd 798 /* data to be signed */
799 buffer_init(&b);
33de75a3 800 if (datafellows & SSH_OLD_SESSIONID) {
74fc9186 801 buffer_append(&b, session_id2, session_id2_len);
2b87da3b 802 skip = session_id2_len;
33de75a3 803 } else {
804 buffer_put_string(&b, session_id2, session_id2_len);
805 skip = buffer_len(&b);
74fc9186 806 }
a306f2dd 807 buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
188adeb2 808 buffer_put_cstring(&b, authctxt->server_user);
d0c832f3 809 buffer_put_cstring(&b,
cbc5abf9 810 datafellows & SSH_BUG_PKSERVICE ?
d0c832f3 811 "ssh-userauth" :
188adeb2 812 authctxt->service);
cbc5abf9 813 if (datafellows & SSH_BUG_PKAUTH) {
814 buffer_put_char(&b, have_sig);
815 } else {
816 buffer_put_cstring(&b, authctxt->method->name);
817 buffer_put_char(&b, have_sig);
2b87da3b 818 buffer_put_cstring(&b, key_ssh_name(k));
cbc5abf9 819 }
a306f2dd 820 buffer_put_string(&b, blob, bloblen);
a306f2dd 821
822 /* generate signature */
fee56204 823 ret = (*sign_callback)(authctxt, k, &signature, &slen,
824 buffer_ptr(&b), buffer_len(&b));
2e73a022 825 if (ret == -1) {
826 xfree(blob);
827 buffer_free(&b);
828 return 0;
829 }
fa08c86b 830#ifdef DEBUG_PK
a306f2dd 831 buffer_dump(&b);
832#endif
cbc5abf9 833 if (datafellows & SSH_BUG_PKSERVICE) {
d0c832f3 834 buffer_clear(&b);
835 buffer_append(&b, session_id2, session_id2_len);
fee56204 836 skip = session_id2_len;
d0c832f3 837 buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
188adeb2 838 buffer_put_cstring(&b, authctxt->server_user);
839 buffer_put_cstring(&b, authctxt->service);
94ec8c6b 840 buffer_put_cstring(&b, authctxt->method->name);
841 buffer_put_char(&b, have_sig);
cbc5abf9 842 if (!(datafellows & SSH_BUG_PKAUTH))
2b87da3b 843 buffer_put_cstring(&b, key_ssh_name(k));
d0c832f3 844 buffer_put_string(&b, blob, bloblen);
845 }
846 xfree(blob);
fee56204 847
a306f2dd 848 /* append signature */
849 buffer_put_string(&b, signature, slen);
850 xfree(signature);
851
852 /* skip session id and packet type */
74fc9186 853 if (buffer_len(&b) < skip + 1)
188adeb2 854 fatal("userauth_pubkey: internal error");
74fc9186 855 buffer_consume(&b, skip + 1);
a306f2dd 856
857 /* put remaining data from buffer into packet */
858 packet_start(SSH2_MSG_USERAUTH_REQUEST);
859 packet_put_raw(buffer_ptr(&b), buffer_len(&b));
860 buffer_free(&b);
a306f2dd 861 packet_send();
2e73a022 862
863 return 1;
4c8722d9 864}
865
866int
fee56204 867send_pubkey_test(Authctxt *authctxt, Key *k, sign_cb_fn *sign_callback,
868 int hint)
4c8722d9 869{
fee56204 870 u_char *blob;
871 int bloblen, have_sig = 0;
4c8722d9 872
fee56204 873 debug3("send_pubkey_test");
874
875 if (key_to_blob(k, &blob, &bloblen) == 0) {
876 /* we cannot handle this key */
877 debug3("send_pubkey_test: cannot handle key");
4c8722d9 878 return 0;
879 }
fee56204 880 /* register callback for USERAUTH_PK_OK message */
881 authctxt->last_key_sign = sign_callback;
882 authctxt->last_key_hint = hint;
883 authctxt->last_key = k;
884 dispatch_set(SSH2_MSG_USERAUTH_PK_OK, &input_userauth_pk_ok);
4c8722d9 885
fee56204 886 packet_start(SSH2_MSG_USERAUTH_REQUEST);
887 packet_put_cstring(authctxt->server_user);
888 packet_put_cstring(authctxt->service);
889 packet_put_cstring(authctxt->method->name);
890 packet_put_char(have_sig);
891 if (!(datafellows & SSH_BUG_PKAUTH))
892 packet_put_cstring(key_ssh_name(k));
893 packet_put_string(blob, bloblen);
894 xfree(blob);
895 packet_send();
896 return 1;
897}
898
899Key *
900load_identity_file(char *filename)
901{
902 Key *private;
903 char prompt[300], *passphrase;
aeaa3d9e 904 int quit, i;
d156519a 905 struct stat st;
fee56204 906
d156519a 907 if (stat(filename, &st) < 0) {
908 debug3("no such identity: %s", filename);
909 return NULL;
910 }
aeaa3d9e 911 private = key_load_private_type(KEY_UNSPEC, filename, "", NULL);
912 if (private == NULL) {
913 if (options.batch_mode)
fee56204 914 return NULL;
4c8722d9 915 snprintf(prompt, sizeof prompt,
fa08c86b 916 "Enter passphrase for key '%.100s': ", filename);
188adeb2 917 for (i = 0; i < options.number_of_password_prompts; i++) {
918 passphrase = read_passphrase(prompt, 0);
919 if (strcmp(passphrase, "") != 0) {
aeaa3d9e 920 private = key_load_private_type(KEY_UNSPEC, filename,
921 passphrase, NULL);
fee56204 922 quit = 0;
188adeb2 923 } else {
924 debug2("no passphrase given, try next key");
fee56204 925 quit = 1;
188adeb2 926 }
927 memset(passphrase, 0, strlen(passphrase));
928 xfree(passphrase);
aeaa3d9e 929 if (private != NULL || quit)
188adeb2 930 break;
931 debug2("bad passphrase given, try again...");
932 }
4c8722d9 933 }
fee56204 934 return private;
935}
936
937int
938identity_sign_cb(Authctxt *authctxt, Key *key, u_char **sigp, int *lenp,
939 u_char *data, int datalen)
940{
941 Key *private;
942 int idx, ret;
943
944 idx = authctxt->last_key_hint;
945 if (idx < 0)
946 return -1;
947 private = load_identity_file(options.identity_files[idx]);
948 if (private == NULL)
949 return -1;
950 ret = key_sign(private, sigp, lenp, data, datalen);
951 key_free(private);
2e73a022 952 return ret;
953}
954
1e3b8b07 955int agent_sign_cb(Authctxt *authctxt, Key *key, u_char **sigp, int *lenp,
956 u_char *data, int datalen)
2e73a022 957{
188adeb2 958 return ssh_agent_sign(authctxt->agent, key, sigp, lenp, data, datalen);
2e73a022 959}
960
fee56204 961int key_sign_cb(Authctxt *authctxt, Key *key, u_char **sigp, int *lenp,
962 u_char *data, int datalen)
963{
964 return key_sign(key, sigp, lenp, data, datalen);
965}
966
2e73a022 967int
188adeb2 968userauth_pubkey_agent(Authctxt *authctxt)
2e73a022 969{
970 static int called = 0;
fa08c86b 971 int ret = 0;
2e73a022 972 char *comment;
973 Key *k;
2e73a022 974
975 if (called == 0) {
fa08c86b 976 if (ssh_get_num_identities(authctxt->agent, 2) == 0)
977 debug2("userauth_pubkey_agent: no keys at all");
188adeb2 978 called = 1;
2e73a022 979 }
fa08c86b 980 k = ssh_get_next_identity(authctxt->agent, &comment, 2);
188adeb2 981 if (k == NULL) {
fa08c86b 982 debug2("userauth_pubkey_agent: no more keys");
983 } else {
fee56204 984 debug("userauth_pubkey_agent: testing agent key %s", comment);
fa08c86b 985 xfree(comment);
fee56204 986 ret = send_pubkey_test(authctxt, k, agent_sign_cb, -1);
987 if (ret == 0)
988 key_free(k);
188adeb2 989 }
fa08c86b 990 if (ret == 0)
991 debug2("userauth_pubkey_agent: no message sent");
2e73a022 992 return ret;
a306f2dd 993}
994
188adeb2 995int
996userauth_pubkey(Authctxt *authctxt)
a306f2dd 997{
188adeb2 998 static int idx = 0;
999 int sent = 0;
fee56204 1000 Key *key;
1001 char *filename;
188adeb2 1002
fa08c86b 1003 if (authctxt->agent != NULL) {
1004 do {
1005 sent = userauth_pubkey_agent(authctxt);
1006 } while(!sent && authctxt->agent->howmany > 0);
1007 }
1008 while (!sent && idx < options.num_identity_files) {
fee56204 1009 key = options.identity_keys[idx];
1010 filename = options.identity_files[idx];
1011 if (key == NULL) {
1012 debug("try privkey: %s", filename);
1013 key = load_identity_file(filename);
1014 if (key != NULL) {
1015 sent = sign_and_send_pubkey(authctxt, key,
1016 key_sign_cb);
1017 key_free(key);
1018 }
1019 } else if (key->type != KEY_RSA1) {
1020 debug("try pubkey: %s", filename);
1021 sent = send_pubkey_test(authctxt, key,
1022 identity_sign_cb, idx);
1023 }
fa08c86b 1024 idx++;
1025 }
188adeb2 1026 return sent;
1027}
a306f2dd 1028
94ec8c6b 1029/*
1030 * Send userauth request message specifying keyboard-interactive method.
1031 */
1032int
1033userauth_kbdint(Authctxt *authctxt)
1034{
1035 static int attempt = 0;
1036
1037 if (attempt++ >= options.number_of_password_prompts)
1038 return 0;
1039
1040 debug2("userauth_kbdint");
1041 packet_start(SSH2_MSG_USERAUTH_REQUEST);
1042 packet_put_cstring(authctxt->server_user);
1043 packet_put_cstring(authctxt->service);
1044 packet_put_cstring(authctxt->method->name);
1045 packet_put_cstring(""); /* lang */
1046 packet_put_cstring(options.kbd_interactive_devices ?
1047 options.kbd_interactive_devices : "");
1048 packet_send();
94ec8c6b 1049
1050 dispatch_set(SSH2_MSG_USERAUTH_INFO_REQUEST, &input_userauth_info_req);
1051 return 1;
1052}
1053
1054/*
f72e01a5 1055 * parse INFO_REQUEST, prompt user and send INFO_RESPONSE
94ec8c6b 1056 */
1057void
1058input_userauth_info_req(int type, int plen, void *ctxt)
1059{
1060 Authctxt *authctxt = ctxt;
f72e01a5 1061 char *name, *inst, *lang, *prompt, *response;
1e3b8b07 1062 u_int num_prompts, i;
94ec8c6b 1063 int echo = 0;
1064
1065 debug2("input_userauth_info_req");
1066
1067 if (authctxt == NULL)
1068 fatal("input_userauth_info_req: no authentication context");
1069
1070 name = packet_get_string(NULL);
1071 inst = packet_get_string(NULL);
1072 lang = packet_get_string(NULL);
94ec8c6b 1073 if (strlen(name) > 0)
1074 cli_mesg(name);
94ec8c6b 1075 if (strlen(inst) > 0)
1076 cli_mesg(inst);
f72e01a5 1077 xfree(name);
94ec8c6b 1078 xfree(inst);
f72e01a5 1079 xfree(lang);
94ec8c6b 1080
1081 num_prompts = packet_get_int();
1082 /*
1083 * Begin to build info response packet based on prompts requested.
1084 * We commit to providing the correct number of responses, so if
1085 * further on we run into a problem that prevents this, we have to
1086 * be sure and clean this up and send a correct error response.
1087 */
1088 packet_start(SSH2_MSG_USERAUTH_INFO_RESPONSE);
1089 packet_put_int(num_prompts);
1090
1091 for (i = 0; i < num_prompts; i++) {
1092 prompt = packet_get_string(NULL);
1093 echo = packet_get_char();
1094
1095 response = cli_prompt(prompt, echo);
1096
a6215e53 1097 packet_put_cstring(response);
94ec8c6b 1098 memset(response, 0, strlen(response));
1099 xfree(response);
1100 xfree(prompt);
1101 }
1102 packet_done(); /* done with parsing incoming message. */
1103
a6215e53 1104 packet_inject_ignore(64);
94ec8c6b 1105 packet_send();
94ec8c6b 1106}
a306f2dd 1107
188adeb2 1108/* find auth method */
1109
188adeb2 1110/*
1111 * given auth method name, if configurable options permit this method fill
1112 * in auth_ident field and return true, otherwise return false.
1113 */
1114int
1115authmethod_is_enabled(Authmethod *method)
1116{
1117 if (method == NULL)
1118 return 0;
1119 /* return false if options indicate this method is disabled */
1120 if (method->enabled == NULL || *method->enabled == 0)
1121 return 0;
1122 /* return false if batch mode is enabled but method needs interactive mode */
1123 if (method->batch_flag != NULL && *method->batch_flag != 0)
1124 return 0;
1125 return 1;
1126}
a306f2dd 1127
188adeb2 1128Authmethod *
1129authmethod_lookup(const char *name)
1130{
1131 Authmethod *method = NULL;
1132 if (name != NULL)
1133 for (method = authmethods; method->name != NULL; method++)
1134 if (strcmp(name, method->name) == 0)
1135 return method;
1136 debug2("Unrecognized authentication method name: %s", name ? name : "NULL");
1137 return NULL;
1138}
1139
cab80f75 1140/* XXX internal state */
1141static Authmethod *current = NULL;
1142static char *supported = NULL;
1143static char *preferred = NULL;
188adeb2 1144/*
1145 * Given the authentication method list sent by the server, return the
1146 * next method we should try. If the server initially sends a nil list,
cab80f75 1147 * use a built-in default list.
2b87da3b 1148 */
188adeb2 1149Authmethod *
1150authmethod_get(char *authlist)
1151{
cab80f75 1152
1153 char *name = NULL;
1154 int next;
2b87da3b 1155
188adeb2 1156 /* Use a suitable default if we're passed a nil list. */
1157 if (authlist == NULL || strlen(authlist) == 0)
cab80f75 1158 authlist = options.preferred_authentications;
1159
1160 if (supported == NULL || strcmp(authlist, supported) != 0) {
1161 debug3("start over, passed a different list %s", authlist);
1162 if (supported != NULL)
1163 xfree(supported);
1164 supported = xstrdup(authlist);
1165 preferred = options.preferred_authentications;
1166 debug3("preferred %s", preferred);
1167 current = NULL;
1168 } else if (current != NULL && authmethod_is_enabled(current))
1169 return current;
188adeb2 1170
cab80f75 1171 for (;;) {
1172 if ((name = match_list(preferred, supported, &next)) == NULL) {
1173 debug("no more auth methods to try");
1174 current = NULL;
1175 return NULL;
1176 }
1177 preferred += next;
94ec8c6b 1178 debug3("authmethod_lookup %s", name);
cab80f75 1179 debug3("remaining preferred: %s", preferred);
1180 if ((current = authmethod_lookup(name)) != NULL &&
1181 authmethod_is_enabled(current)) {
94ec8c6b 1182 debug3("authmethod_is_enabled %s", name);
cab80f75 1183 debug("next auth method to try is %s", name);
1184 return current;
94ec8c6b 1185 }
a306f2dd 1186 }
cab80f75 1187}
a22aff1f 1188
a22aff1f 1189
cab80f75 1190#define DELIM ","
1191char *
1192authmethods_get(void)
1193{
1194 Authmethod *method = NULL;
1195 char buf[1024];
1196
1197 buf[0] = '\0';
1198 for (method = authmethods; method->name != NULL; method++) {
1199 if (authmethod_is_enabled(method)) {
1200 if (buf[0] != '\0')
1201 strlcat(buf, DELIM, sizeof buf);
1202 strlcat(buf, method->name, sizeof buf);
1203 }
1204 }
1205 return xstrdup(buf);
a306f2dd 1206}
git-cvsimport mirror of OpenSSH
This page took 0.289517 seconds and 5 git commands to generate.