]> andersk Git - openssh.git/blame - sshconnect.c
andersk / openssh.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
- Autodetection of SSL/Crypto library location via autoconf
[openssh.git] / sshconnect.c
CommitLineData
8efc0c15 1/*
2
3sshconnect.c
4
5Author: Tatu Ylonen <ylo@cs.hut.fi>
6
7Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
8 All rights reserved
9
10Created: Sat Mar 18 22:15:47 1995 ylo
11
12Code to connect to a remote host, and to perform the client side of the
13login (authentication) dialog.
14
15*/
16
5881cd60 17#include "config.h"
8efc0c15 18#include "includes.h"
19RCSID("$Id$");
20
5881cd60 21#ifdef HAVE_OPENSSL
8efc0c15 22#include <openssl/bn.h>
5881cd60 23#include <openssl/md5.h>
24#endif
25#ifdef HAVE_SSL
26#include <ssl/bn.h>
27#include <ssl/md5.h>
28#endif
29
8efc0c15 30#include "xmalloc.h"
31#include "rsa.h"
32#include "ssh.h"
33#include "packet.h"
34#include "authfd.h"
35#include "cipher.h"
36#include "mpaux.h"
37#include "uidswap.h"
38#include "compat.h"
39
8efc0c15 40
41/* Session id for the current session. */
42unsigned char session_id[16];
43
44/* Connect to the given ssh server using a proxy command. */
45
46int
47ssh_proxy_connect(const char *host, int port, uid_t original_real_uid,
48 const char *proxy_command)
49{
50 Buffer command;
51 const char *cp;
52 char *command_string;
53 int pin[2], pout[2];
54 int pid;
55 char portstring[100];
56
57 /* Convert the port number into a string. */
58 snprintf(portstring, sizeof portstring, "%d", port);
59
60 /* Build the final command string in the buffer by making the appropriate
61 substitutions to the given proxy command. */
62 buffer_init(&command);
63 for (cp = proxy_command; *cp; cp++)
64 {
65 if (cp[0] == '%' && cp[1] == '%')
66 {
67 buffer_append(&command, "%", 1);
68 cp++;
69 continue;
70 }
71 if (cp[0] == '%' && cp[1] == 'h')
72 {
73 buffer_append(&command, host, strlen(host));
74 cp++;
75 continue;
76 }
77 if (cp[0] == '%' && cp[1] == 'p')
78 {
79 buffer_append(&command, portstring, strlen(portstring));
80 cp++;
81 continue;
82 }
83 buffer_append(&command, cp, 1);
84 }
85 buffer_append(&command, "\0", 1);
86
87 /* Get the final command string. */
88 command_string = buffer_ptr(&command);
89
90 /* Create pipes for communicating with the proxy. */
91 if (pipe(pin) < 0 || pipe(pout) < 0)
92 fatal("Could not create pipes to communicate with the proxy: %.100s",
93 strerror(errno));
94
95 debug("Executing proxy command: %.500s", command_string);
96
97 /* Fork and execute the proxy command. */
98 if ((pid = fork()) == 0)
99 {
100 char *argv[10];
101
102 /* Child. Permanently give up superuser privileges. */
103 permanently_set_uid(original_real_uid);
104
105 /* Redirect stdin and stdout. */
106 close(pin[1]);
107 if (pin[0] != 0)
108 {
109 if (dup2(pin[0], 0) < 0)
110 perror("dup2 stdin");
111 close(pin[0]);
112 }
113 close(pout[0]);
114 if (dup2(pout[1], 1) < 0)
115 perror("dup2 stdout");
116 close(pout[1]); /* Cannot be 1 because pin allocated two descriptors. */
117
118 /* Stderr is left as it is so that error messages get printed on
119 the user's terminal. */
120 argv[0] = "/bin/sh";
121 argv[1] = "-c";
122 argv[2] = command_string;
123 argv[3] = NULL;
124
125 /* Execute the proxy command. Note that we gave up any extra
126 privileges above. */
127 execv("/bin/sh", argv);
128 perror("/bin/sh");
129 exit(1);
130 }
131 /* Parent. */
132 if (pid < 0)
133 fatal("fork failed: %.100s", strerror(errno));
134
135 /* Close child side of the descriptors. */
136 close(pin[0]);
137 close(pout[1]);
138
139 /* Free the command name. */
140 buffer_free(&command);
141
142 /* Set the connection file descriptors. */
143 packet_set_connection(pout[0], pin[1]);
144
145 return 1;
146}
147
148/* Creates a (possibly privileged) socket for use as the ssh connection. */
149
150int ssh_create_socket(uid_t original_real_uid, int privileged)
151{
152 int sock;
153
154 /* If we are running as root and want to connect to a privileged port,
155 bind our own socket to a privileged port. */
156 if (privileged)
157 {
158 int p = IPPORT_RESERVED - 1;
159
160 sock = rresvport(&p);
161 if (sock < 0)
162 fatal("rresvport: %.100s", strerror(errno));
163 debug("Allocated local port %d.", p);
164 }
165 else
166 {
167 /* Just create an ordinary socket on arbitrary port. We use the
168 user's uid to create the socket. */
169 temporarily_use_uid(original_real_uid);
170 sock = socket(AF_INET, SOCK_STREAM, 0);
171 if (sock < 0)
172 fatal("socket: %.100s", strerror(errno));
173 restore_uid();
174 }
175 return sock;
176}
177
178/* Opens a TCP/IP connection to the remote server on the given host. If
179 port is 0, the default port will be used. If anonymous is zero,
180 a privileged port will be allocated to make the connection.
181 This requires super-user privileges if anonymous is false.
182 Connection_attempts specifies the maximum number of tries (one per
183 second). If proxy_command is non-NULL, it specifies the command (with %h
184 and %p substituted for host and port, respectively) to use to contact
185 the daemon. */
186
187int ssh_connect(const char *host, struct sockaddr_in *hostaddr,
188 int port, int connection_attempts,
189 int anonymous, uid_t original_real_uid,
190 const char *proxy_command)
191{
192 int sock = -1, attempt, i;
193 int on = 1;
194 struct servent *sp;
195 struct hostent *hp;
196 struct linger linger;
197
198 debug("ssh_connect: getuid %d geteuid %d anon %d",
199 (int)getuid(), (int)geteuid(), anonymous);
200
201 /* Get default port if port has not been set. */
202 if (port == 0)
203 {
204 sp = getservbyname(SSH_SERVICE_NAME, "tcp");
205 if (sp)
206 port = ntohs(sp->s_port);
207 else
208 port = SSH_DEFAULT_PORT;
209 }
210
211 /* If a proxy command is given, connect using it. */
212 if (proxy_command != NULL)
213 return ssh_proxy_connect(host, port, original_real_uid, proxy_command);
214
215 /* No proxy command. */
216
217 /* No host lookup made yet. */
218 hp = NULL;
219
220 /* Try to connect several times. On some machines, the first time will
221 sometimes fail. In general socket code appears to behave quite
222 magically on many machines. */
223 for (attempt = 0; attempt < connection_attempts; attempt++)
224 {
225 if (attempt > 0)
226 debug("Trying again...");
227
228 /* Try to parse the host name as a numeric inet address. */
229 memset(hostaddr, 0, sizeof(hostaddr));
230 hostaddr->sin_family = AF_INET;
231 hostaddr->sin_port = htons(port);
232 hostaddr->sin_addr.s_addr = inet_addr(host);
233 if ((hostaddr->sin_addr.s_addr & 0xffffffff) != 0xffffffff)
234 {
235 /* Valid numeric IP address */
236 debug("Connecting to %.100s port %d.",
237 inet_ntoa(hostaddr->sin_addr), port);
238
239 /* Create a socket. */
240 sock = ssh_create_socket(original_real_uid,
241 !anonymous && geteuid() == 0 &&
242 port < IPPORT_RESERVED);
243
244 /* Connect to the host. We use the user's uid in the hope that
245 it will help with the problems of tcp_wrappers showing the
246 remote uid as root. */
247 temporarily_use_uid(original_real_uid);
248 if (connect(sock, (struct sockaddr *)hostaddr, sizeof(*hostaddr))
249 >= 0)
250 {
251 /* Successful connect. */
252 restore_uid();
253 break;
254 }
255 debug("connect: %.100s", strerror(errno));
256 restore_uid();
257
258 /* Destroy the failed socket. */
259 shutdown(sock, SHUT_RDWR);
260 close(sock);
261 }
262 else
263 {
264 /* Not a valid numeric inet address. */
265 /* Map host name to an address. */
266 if (!hp)
267 hp = gethostbyname(host);
268 if (!hp)
269 fatal("Bad host name: %.100s", host);
270 if (!hp->h_addr_list[0])
271 fatal("Host does not have an IP address: %.100s", host);
272
273 /* Loop through addresses for this host, and try each one in
274 sequence until the connection succeeds. */
275 for (i = 0; hp->h_addr_list[i]; i++)
276 {
277 /* Set the address to connect to. */
278 hostaddr->sin_family = hp->h_addrtype;
279 memcpy(&hostaddr->sin_addr, hp->h_addr_list[i],
280 sizeof(hostaddr->sin_addr));
281
282 debug("Connecting to %.200s [%.100s] port %d.",
283 host, inet_ntoa(hostaddr->sin_addr), port);
284
285 /* Create a socket for connecting. */
286 sock = ssh_create_socket(original_real_uid,
287 !anonymous && geteuid() == 0 &&
288 port < IPPORT_RESERVED);
289
290 /* Connect to the host. We use the user's uid in the hope that
291 it will help with tcp_wrappers showing the remote uid as
292 root. */
293 temporarily_use_uid(original_real_uid);
294 if (connect(sock, (struct sockaddr *)hostaddr,
295 sizeof(*hostaddr)) >= 0)
296 {
297 /* Successful connection. */
298 restore_uid();
299 break;
300 }
301 debug("connect: %.100s", strerror(errno));
302 restore_uid();
303
304 /* Close the failed socket; there appear to be some problems
305 when reusing a socket for which connect() has already
306 returned an error. */
307 shutdown(sock, SHUT_RDWR);
308 close(sock);
309 }
310 if (hp->h_addr_list[i])
311 break; /* Successful connection. */
312 }
313
314 /* Sleep a moment before retrying. */
315 sleep(1);
316 }
317 /* Return failure if we didn't get a successful connection. */
318 if (attempt >= connection_attempts)
319 return 0;
320
321 debug("Connection established.");
322
323 /* Set socket options. We would like the socket to disappear as soon as
324 it has been closed for whatever reason. */
325 /* setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void *)&on, sizeof(on)); */
326 setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, (void *)&on, sizeof(on));
327 linger.l_onoff = 1;
328 linger.l_linger = 5;
329 setsockopt(sock, SOL_SOCKET, SO_LINGER, (void *)&linger, sizeof(linger));
330
331 /* Set the connection. */
332 packet_set_connection(sock, sock);
333
334 return 1;
335}
336
337/* Checks if the user has an authentication agent, and if so, tries to
338 authenticate using the agent. */
339
340int
341try_agent_authentication()
342{
343 int status, type, bits;
344 char *comment;
345 AuthenticationConnection *auth;
346 unsigned char response[16];
347 unsigned int i;
348 BIGNUM *e, *n, *challenge;
349
350 /* Get connection to the agent. */
351 auth = ssh_get_authentication_connection();
352 if (!auth)
353 return 0;
354
355 e = BN_new();
356 n = BN_new();
357 challenge = BN_new();
358
359 /* Loop through identities served by the agent. */
360 for (status = ssh_get_first_identity(auth, &bits, e, n, &comment);
361 status;
362 status = ssh_get_next_identity(auth, &bits, e, n, &comment))
363 {
364 int plen, clen;
365
366 /* Try this identity. */
367 debug("Trying RSA authentication via agent with '%.100s'", comment);
368 xfree(comment);
369
370 /* Tell the server that we are willing to authenticate using this key. */
371 packet_start(SSH_CMSG_AUTH_RSA);
372 packet_put_bignum(n);
373 packet_send();
374 packet_write_wait();
375
376 /* Wait for server's response. */
377 type = packet_read(&plen);
378
379 /* The server sends failure if it doesn\'t like our key or does not
380 support RSA authentication. */
381 if (type == SSH_SMSG_FAILURE)
382 {
383 debug("Server refused our key.");
384 continue;
385 }
386
387 /* Otherwise it should have sent a challenge. */
388 if (type != SSH_SMSG_AUTH_RSA_CHALLENGE)
389 packet_disconnect("Protocol error during RSA authentication: %d",
390 type);
391
392 packet_get_bignum(challenge, &clen);
393
394 packet_integrity_check(plen, clen, type);
395
396 debug("Received RSA challenge from server.");
397
398 /* Ask the agent to decrypt the challenge. */
399 if (!ssh_decrypt_challenge(auth, bits, e, n, challenge,
400 session_id, 1, response))
401 {
402 /* The agent failed to authenticate this identifier although it
403 advertised it supports this. Just return a wrong value. */
404 log("Authentication agent failed to decrypt challenge.");
405 memset(response, 0, sizeof(response));
406 }
407
408 debug("Sending response to RSA challenge.");
409
410 /* Send the decrypted challenge back to the server. */
411 packet_start(SSH_CMSG_AUTH_RSA_RESPONSE);
412 for (i = 0; i < 16; i++)
413 packet_put_char(response[i]);
414 packet_send();
415 packet_write_wait();
416
417 /* Wait for response from the server. */
418 type = packet_read(&plen);
419
420 /* The server returns success if it accepted the authentication. */
421 if (type == SSH_SMSG_SUCCESS)
422 {
423 debug("RSA authentication accepted by server.");
424 BN_clear_free(e);
425 BN_clear_free(n);
426 BN_clear_free(challenge);
427 return 1;
428 }
429
430 /* Otherwise it should return failure. */
431 if (type != SSH_SMSG_FAILURE)
432 packet_disconnect("Protocol error waiting RSA auth response: %d",
433 type);
434 }
435
436 BN_clear_free(e);
437 BN_clear_free(n);
438 BN_clear_free(challenge);
439
440 debug("RSA authentication using agent refused.");
441 return 0;
442}
443
444/* Computes the proper response to a RSA challenge, and sends the response to
445 the server. */
446
447void
448respond_to_rsa_challenge(BIGNUM *challenge, RSA *prv)
449{
450 unsigned char buf[32], response[16];
451 MD5_CTX md;
452 int i, len;
453
454 /* Decrypt the challenge using the private key. */
455 rsa_private_decrypt(challenge, challenge, prv);
456
457 /* Compute the response. */
458 /* The response is MD5 of decrypted challenge plus session id. */
459 len = BN_num_bytes(challenge);
5bae4ab8 460 if (len <= 0 || len > sizeof(buf))
461 packet_disconnect("respond_to_rsa_challenge: bad challenge length %d",
462 len);
463
8efc0c15 464 memset(buf, 0, sizeof(buf));
465 BN_bn2bin(challenge, buf + sizeof(buf) - len);
466 MD5_Init(&md);
467 MD5_Update(&md, buf, 32);
468 MD5_Update(&md, session_id, 16);
469 MD5_Final(response, &md);
470
471 debug("Sending response to host key RSA challenge.");
472
473 /* Send the response back to the server. */
474 packet_start(SSH_CMSG_AUTH_RSA_RESPONSE);
475 for (i = 0; i < 16; i++)
476 packet_put_char(response[i]);
477 packet_send();
478 packet_write_wait();
479
480 memset(buf, 0, sizeof(buf));
481 memset(response, 0, sizeof(response));
482 memset(&md, 0, sizeof(md));
483}
484
485/* Checks if the user has authentication file, and if so, tries to authenticate
486 the user using it. */
487
488int
489try_rsa_authentication(struct passwd *pw, const char *authfile,
490 int may_ask_passphrase)
491{
492 BIGNUM *challenge;
493 RSA *private_key;
494 RSA *public_key;
495 char *passphrase, *comment;
496 int type, i;
497 int plen, clen;
498
499 /* Try to load identification for the authentication key. */
500 public_key = RSA_new();
501 if (!load_public_key(authfile, public_key, &comment)) {
502 RSA_free(public_key);
503 return 0; /* Could not load it. Fail. */
504 }
505
506 debug("Trying RSA authentication with key '%.100s'", comment);
507
508 /* Tell the server that we are willing to authenticate using this key. */
509 packet_start(SSH_CMSG_AUTH_RSA);
510 packet_put_bignum(public_key->n);
511 packet_send();
512 packet_write_wait();
513
514 /* We no longer need the public key. */
515 RSA_free(public_key);
516
517 /* Wait for server's response. */
518 type = packet_read(&plen);
519
520 /* The server responds with failure if it doesn\'t like our key or doesn\'t
521 support RSA authentication. */
522 if (type == SSH_SMSG_FAILURE)
523 {
524 debug("Server refused our key.");
525 xfree(comment);
526 return 0; /* Server refuses to authenticate with this key. */
527 }
528
529 /* Otherwise, the server should respond with a challenge. */
530 if (type != SSH_SMSG_AUTH_RSA_CHALLENGE)
531 packet_disconnect("Protocol error during RSA authentication: %d", type);
532
533 /* Get the challenge from the packet. */
534 challenge = BN_new();
535 packet_get_bignum(challenge, &clen);
536
537 packet_integrity_check(plen, clen, type);
538
539 debug("Received RSA challenge from server.");
540
541 private_key = RSA_new();
542 /* Load the private key. Try first with empty passphrase; if it fails,
543 ask for a passphrase. */
544 if (!load_private_key(authfile, "", private_key, NULL))
545 {
546 char buf[300];
547 /* Request passphrase from the user. We read from /dev/tty to make
548 this work even if stdin has been redirected. If running in
549 batch mode, we just use the empty passphrase, which will fail and
550 return. */
551 snprintf(buf, sizeof buf,
552 "Enter passphrase for RSA key '%.100s': ", comment);
553 if (may_ask_passphrase)
554 passphrase = read_passphrase(buf, 0);
555 else
556 {
557 debug("Will not query passphrase for %.100s in batch mode.",
558 comment);
559 passphrase = xstrdup("");
560 }
561
562 /* Load the authentication file using the pasphrase. */
563 if (!load_private_key(authfile, passphrase, private_key, NULL))
564 {
565 memset(passphrase, 0, strlen(passphrase));
566 xfree(passphrase);
567 error("Bad passphrase.");
568
569 /* Send a dummy response packet to avoid protocol error. */
570 packet_start(SSH_CMSG_AUTH_RSA_RESPONSE);
571 for (i = 0; i < 16; i++)
572 packet_put_char(0);
573 packet_send();
574 packet_write_wait();
575
576 /* Expect the server to reject it... */
577 packet_read_expect(&plen, SSH_SMSG_FAILURE);
578 xfree(comment);
579 return 0;
580 }
581
582 /* Destroy the passphrase. */
583 memset(passphrase, 0, strlen(passphrase));
584 xfree(passphrase);
585 }
586
587 /* We no longer need the comment. */
588 xfree(comment);
589
590 /* Compute and send a response to the challenge. */
591 respond_to_rsa_challenge(challenge, private_key);
592
593 /* Destroy the private key. */
594 RSA_free(private_key);
595
596 /* We no longer need the challenge. */
597 BN_clear_free(challenge);
598
599 /* Wait for response from the server. */
600 type = packet_read(&plen);
601 if (type == SSH_SMSG_SUCCESS)
602 {
603 debug("RSA authentication accepted by server.");
604 return 1;
605 }
606 if (type != SSH_SMSG_FAILURE)
607 packet_disconnect("Protocol error waiting RSA auth response: %d", type);
608 debug("RSA authentication refused.");
609 return 0;
610}
611
612/* Tries to authenticate the user using combined rhosts or /etc/hosts.equiv
613 authentication and RSA host authentication. */
614
615int
616try_rhosts_rsa_authentication(const char *local_user, RSA *host_key)
617{
618 int type;
619 BIGNUM *challenge;
620 int plen, clen;
621
622 debug("Trying rhosts or /etc/hosts.equiv with RSA host authentication.");
623
624 /* Tell the server that we are willing to authenticate using this key. */
625 packet_start(SSH_CMSG_AUTH_RHOSTS_RSA);
626 packet_put_string(local_user, strlen(local_user));
627 packet_put_int(BN_num_bits(host_key->n));
628 packet_put_bignum(host_key->e);
629 packet_put_bignum(host_key->n);
630 packet_send();
631 packet_write_wait();
632
633 /* Wait for server's response. */
634 type = packet_read(&plen);
635
636 /* The server responds with failure if it doesn't admit our .rhosts
637 authentication or doesn't know our host key. */
638 if (type == SSH_SMSG_FAILURE)
639 {
640 debug("Server refused our rhosts authentication or host key.");
641 return 0; /* Server refuses to authenticate us with this method. */
642 }
643
644 /* Otherwise, the server should respond with a challenge. */
645 if (type != SSH_SMSG_AUTH_RSA_CHALLENGE)
646 packet_disconnect("Protocol error during RSA authentication: %d", type);
647
648 /* Get the challenge from the packet. */
649 challenge = BN_new();
650 packet_get_bignum(challenge, &clen);
651
652 packet_integrity_check(plen, clen, type);
653
654 debug("Received RSA challenge for host key from server.");
655
656 /* Compute a response to the challenge. */
657 respond_to_rsa_challenge(challenge, host_key);
658
659 /* We no longer need the challenge. */
660 BN_clear_free(challenge);
661
662 /* Wait for response from the server. */
663 type = packet_read(&plen);
664 if (type == SSH_SMSG_SUCCESS)
665 {
666 debug("Rhosts or /etc/hosts.equiv with RSA host authentication accepted by server.");
667 return 1;
668 }
669 if (type != SSH_SMSG_FAILURE)
670 packet_disconnect("Protocol error waiting RSA auth response: %d", type);
671 debug("Rhosts or /etc/hosts.equiv with RSA host authentication refused.");
672 return 0;
673}
674
675#ifdef KRB4
676int try_kerberos_authentication()
677{
678 KTEXT_ST auth; /* Kerberos data */
679 char *reply;
680 char inst[INST_SZ];
681 char *realm;
682 CREDENTIALS cred;
683 int r, type, plen;
684 Key_schedule schedule;
685 u_long checksum, cksum;
686 MSG_DAT msg_data;
687 struct sockaddr_in local, foreign;
688 struct stat st;
689
690 /* Don't do anything if we don't have any tickets. */
691 if (stat(tkt_string(), &st) < 0) return 0;
692
693 strncpy(inst, (char *) krb_get_phost(get_canonical_hostname()), INST_SZ);
694
695 realm = (char *)krb_realmofhost(get_canonical_hostname());
696 if (!realm) {
697 debug("Kerberos V4: no realm for %s", get_canonical_hostname());
698 return 0;
699 }
700 /* This can really be anything. */
701 checksum = (u_long) getpid();
702
703 r = krb_mk_req(&auth, KRB4_SERVICE_NAME, inst, realm, checksum);
704 if (r != KSUCCESS) {
705 debug("Kerberos V4 krb_mk_req failed: %s", krb_err_txt[r]);
706 return 0;
707 }
708 /* Get session key to decrypt the server's reply with. */
709 r = krb_get_cred(KRB4_SERVICE_NAME, inst, realm, &cred);
710 if (r != KSUCCESS) {
711 debug("get_cred failed: %s", krb_err_txt[r]);
712 return 0;
713 }
714 des_key_sched((des_cblock *)cred.session, schedule);
715
716 /* Send authentication info to server. */
717 packet_start(SSH_CMSG_AUTH_KERBEROS);
718 packet_put_string((char *)auth.dat, auth.length);
719 packet_send();
720 packet_write_wait();
721
722 /* Zero the buffer. */
723 (void) memset(auth.dat, 0, MAX_KTXT_LEN);
724
725 r = sizeof(local);
726 memset(&local, 0, sizeof(local));
727 if (getsockname(packet_get_connection_in(),
728 (struct sockaddr *) &local, &r) < 0)
729 debug("getsockname failed: %s", strerror(errno));
730
731 r = sizeof(foreign);
732 memset(&foreign, 0, sizeof(foreign));
733 if (getpeername(packet_get_connection_in(),
734 (struct sockaddr *)&foreign, &r) < 0)
735 debug("getpeername failed: %s", strerror(errno));
736
737 /* Get server reply. */
738 type = packet_read(&plen);
739 switch(type) {
740
741 case SSH_SMSG_FAILURE: /* Should really be SSH_SMSG_AUTH_KERBEROS_FAILURE */
742 debug("Kerberos V4 authentication failed.");
743 return 0;
744 break;
745
746 case SSH_SMSG_AUTH_KERBEROS_RESPONSE: /* SSH_SMSG_AUTH_KERBEROS_SUCCESS */
747 debug("Kerberos V4 authentication accepted.");
748
749 /* Get server's response. */
750 reply = packet_get_string((unsigned int *)&auth.length);
751 memcpy(auth.dat, reply, auth.length);
752 xfree(reply);
753
754 packet_integrity_check(plen, 4 + auth.length, type);
755
756 /* If his response isn't properly encrypted with the session key,
757 and the decrypted checksum fails to match, he's bogus. Bail out. */
758 r = krb_rd_priv(auth.dat, auth.length, schedule, &cred.session,
759 &foreign, &local, &msg_data);
760 if (r != KSUCCESS) {
761 debug("Kerberos V4 krb_rd_priv failed: %s", krb_err_txt[r]);
762 packet_disconnect("Kerberos V4 challenge failed!");
763 }
764 /* Fetch the (incremented) checksum that we supplied in the request. */
765 (void)memcpy((char *)&cksum, (char *)msg_data.app_data, sizeof(cksum));
766 cksum = ntohl(cksum);
767
768 /* If it matches, we're golden. */
769 if (cksum == checksum + 1) {
770 debug("Kerberos V4 challenge successful.");
771 return 1;
772 }
773 else
774 packet_disconnect("Kerberos V4 challenge failed!");
775 break;
776
777 default:
778 packet_disconnect("Protocol error on Kerberos V4 response: %d", type);
779 }
780 return 0;
781}
782#endif /* KRB4 */
783
784#ifdef AFS
785int send_kerberos_tgt()
786{
787 CREDENTIALS *creds;
788 char pname[ANAME_SZ], pinst[INST_SZ], prealm[REALM_SZ];
789 int r, type, plen;
790 unsigned char buffer[8192];
791 struct stat st;
792
793 /* Don't do anything if we don't have any tickets. */
794 if (stat(tkt_string(), &st) < 0) return 0;
795
796 creds = xmalloc(sizeof(*creds));
797
798 if ((r = krb_get_tf_fullname(TKT_FILE, pname, pinst, prealm)) != KSUCCESS) {
799 debug("Kerberos V4 tf_fullname failed: %s",krb_err_txt[r]);
800 return 0;
801 }
802 if ((r = krb_get_cred("krbtgt", prealm, prealm, creds)) != GC_OK) {
803 debug("Kerberos V4 get_cred failed: %s", krb_err_txt[r]);
804 return 0;
805 }
806 if (time(0) > krb_life_to_time(creds->issue_date, creds->lifetime)) {
807 debug("Kerberos V4 ticket expired: %s", TKT_FILE);
808 return 0;
809 }
810
811 creds_to_radix(creds, buffer);
812 xfree(creds);
813
814 packet_start(SSH_CMSG_HAVE_KERBEROS_TGT);
815 packet_put_string((char *)buffer, strlen(buffer));
816 packet_send();
817 packet_write_wait();
818
819 type = packet_read(&plen);
820
821 if (type == SSH_SMSG_FAILURE)
822 debug("Kerberos TGT for realm %s rejected.", prealm);
823 else if (type != SSH_SMSG_SUCCESS)
824 packet_disconnect("Protocol error on Kerberos TGT response: %d", type);
825
826 return 1;
827}
828
829void send_afs_tokens(void)
830{
831 CREDENTIALS creds;
832 struct ViceIoctl parms;
833 struct ClearToken ct;
834 int i, type, len, plen;
835 char buf[2048], *p, *server_cell;
836 unsigned char buffer[8192];
837
838 /* Move over ktc_GetToken, here's something leaner. */
839 for (i = 0; i < 100; i++) { /* just in case */
840 parms.in = (char *)&i;
841 parms.in_size = sizeof(i);
842 parms.out = buf;
843 parms.out_size = sizeof(buf);
844 if (k_pioctl(0, VIOCGETTOK, &parms, 0) != 0) break;
845 p = buf;
846
847 /* Get secret token. */
848 memcpy(&creds.ticket_st.length, p, sizeof(unsigned int));
849 if (creds.ticket_st.length > MAX_KTXT_LEN) break;
850 p += sizeof(unsigned int);
851 memcpy(creds.ticket_st.dat, p, creds.ticket_st.length);
852 p += creds.ticket_st.length;
853
854 /* Get clear token. */
855 memcpy(&len, p, sizeof(len));
856 if (len != sizeof(struct ClearToken)) break;
857 p += sizeof(len);
858 memcpy(&ct, p, len);
859 p += len;
860 p += sizeof(len); /* primary flag */
861 server_cell = p;
862
863 /* Flesh out our credentials. */
864 strlcpy(creds.service, "afs", sizeof creds.service);
865 creds.instance[0] = '\0';
866 strlcpy(creds.realm, server_cell, REALM_SZ);
867 memcpy(creds.session, ct.HandShakeKey, DES_KEY_SZ);
868 creds.issue_date = ct.BeginTimestamp;
869 creds.lifetime = krb_time_to_life(creds.issue_date, ct.EndTimestamp);
870 creds.kvno = ct.AuthHandle;
871 snprintf(creds.pname, sizeof(creds.pname), "AFS ID %d", ct.ViceId);
872 creds.pinst[0] = '\0';
873
874 /* Encode token, ship it off. */
875 if (!creds_to_radix(&creds, buffer)) break;
876 packet_start(SSH_CMSG_HAVE_AFS_TOKEN);
877 packet_put_string((char *)buffer, strlen(buffer));
878 packet_send();
879 packet_write_wait();
880
881 /* Roger, Roger. Clearance, Clarence. What's your vector, Victor? */
882 type = packet_read(&plen);
883
884 if (type == SSH_SMSG_FAILURE)
885 debug("AFS token for cell %s rejected.", server_cell);
886 else if (type != SSH_SMSG_SUCCESS)
887 packet_disconnect("Protocol error on AFS token response: %d", type);
888 }
889}
890#endif /* AFS */
891
892/* Waits for the server identification string, and sends our own identification
893 string. */
894
895void ssh_exchange_identification()
896{
897 char buf[256], remote_version[256]; /* must be same size! */
898 int remote_major, remote_minor, i;
899 int connection_in = packet_get_connection_in();
900 int connection_out = packet_get_connection_out();
901 extern Options options;
902
903 /* Read other side\'s version identification. */
904 for (i = 0; i < sizeof(buf) - 1; i++)
905 {
906 if (read(connection_in, &buf[i], 1) != 1)
907 fatal("read: %.100s", strerror(errno));
908 if (buf[i] == '\r')
909 {
910 buf[i] = '\n';
911 buf[i + 1] = 0;
912 break;
913 }
914 if (buf[i] == '\n')
915 {
916 buf[i + 1] = 0;
917 break;
918 }
919 }
920 buf[sizeof(buf) - 1] = 0;
921
922 /* Check that the versions match. In future this might accept several
923 versions and set appropriate flags to handle them. */
924 if (sscanf(buf, "SSH-%d.%d-%[^\n]\n", &remote_major, &remote_minor,
925 remote_version) != 3)
926 fatal("Bad remote protocol version identification: '%.100s'", buf);
927 debug("Remote protocol version %d.%d, remote software version %.100s",
928 remote_major, remote_minor, remote_version);
929
930 /* Check if the remote protocol version is too old. */
931 if (remote_major == 1 && remote_minor < 3)
932 fatal("Remote machine has too old SSH software version.");
933
934 /* We speak 1.3, too. */
935 if (remote_major == 1 && remote_minor == 3) {
936 enable_compat13();
937 if (options.forward_agent && strcmp(remote_version, SSH_VERSION) != 0) {
938 log("Agent forwarding disabled, remote version '%s' is not compatible.",
939 remote_version);
940 options.forward_agent = 0;
941 }
942 }
943#if 0
944 /* Removed for now, to permit compatibility with latter versions. The server
945 will reject our version and disconnect if it doesn't support it. */
946 if (remote_major != PROTOCOL_MAJOR)
947 fatal("Protocol major versions differ: %d vs. %d",
948 PROTOCOL_MAJOR, remote_major);
949#endif
950
951 /* Send our own protocol version identification. */
952 snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s\n",
953 PROTOCOL_MAJOR, PROTOCOL_MINOR, SSH_VERSION);
954 if (write(connection_out, buf, strlen(buf)) != strlen(buf))
955 fatal("write: %.100s", strerror(errno));
956}
957
958int ssh_cipher_default = SSH_CIPHER_3DES;
959
960int read_yes_or_no(const char *prompt, int defval)
961{
962 char buf[1024];
963 FILE *f;
964 int retval = -1;
965
966 if (isatty(0))
967 f = stdin;
968 else
969 f = fopen("/dev/tty", "rw");
970
971 if (f == NULL)
972 return 0;
973
974 fflush(stdout);
975
976 while (1)
977 {
978 fprintf(stderr, "%s", prompt);
979 if (fgets(buf, sizeof(buf), f) == NULL)
980 {
981 /* Print a newline (the prompt probably didn\'t have one). */
982 fprintf(stderr, "\n");
983 strlcpy(buf, "no", sizeof buf);
984 }
985 /* Remove newline from response. */
986 if (strchr(buf, '\n'))
987 *strchr(buf, '\n') = 0;
988
989 if (buf[0] == 0)
990 retval = defval;
991 if (strcmp(buf, "yes") == 0)
992 retval = 1;
993 if (strcmp(buf, "no") == 0)
994 retval = 0;
995
996 if (retval != -1)
997 {
998 if (f != stdin)
999 fclose(f);
1000 return retval;
1001 }
1002 }
1003}
1004
1005/* Starts a dialog with the server, and authenticates the current user on the
1006 server. This does not need any extra privileges. The basic connection
1007 to the server must already have been established before this is called.
1008 User is the remote user; if it is NULL, the current local user name will
1009 be used. Anonymous indicates that no rhosts authentication will be used.
1010 If login fails, this function prints an error and never returns.
1011 This function does not require super-user privileges. */
1012
1013void ssh_login(int host_key_valid,
1014 RSA *own_host_key,
1015 const char *orighost,
1016 struct sockaddr_in *hostaddr,
1017 Options *options, uid_t original_real_uid)
1018{
1019 int i, type;
1020 char *password;
1021 struct passwd *pw;
1022 BIGNUM *key;
1023 RSA *host_key, *file_key;
1024 RSA *public_key;
1025 unsigned char session_key[SSH_SESSION_KEY_LENGTH];
1026 const char *server_user, *local_user;
1027 char *cp, *host, *ip = NULL;
1028 unsigned char check_bytes[8];
1029 unsigned int supported_ciphers, supported_authentications, protocol_flags;
1030 HostStatus host_status;
1031 HostStatus ip_status;
1032 int host_ip_differ = 0;
1033 int local = (ntohl(hostaddr->sin_addr.s_addr) >> 24) == IN_LOOPBACKNET;
1034 int payload_len, clen, sum_len = 0;
1035 u_int32_t rand = 0;
1036
1037 if (options->check_host_ip)
1038 ip = xstrdup(inet_ntoa(hostaddr->sin_addr));
1039
1040 /* Convert the user-supplied hostname into all lowercase. */
1041 host = xstrdup(orighost);
1042 for (cp = host; *cp; cp++)
1043 if (isupper(*cp))
1044 *cp = tolower(*cp);
1045
1046 /* Exchange protocol version identification strings with the server. */
1047 ssh_exchange_identification();
1048
1049 /* Put the connection into non-blocking mode. */
1050 packet_set_nonblocking();
1051
1052 /* Get local user name. Use it as server user if no user name
1053 was given. */
1054 pw = getpwuid(original_real_uid);
1055 if (!pw)
1056 fatal("User id %d not found from user database.", original_real_uid);
1057 local_user = xstrdup(pw->pw_name);
1058 server_user = options->user ? options->user : local_user;
1059
1060 debug("Waiting for server public key.");
1061
1062 /* Wait for a public key packet from the server. */
1063 packet_read_expect(&payload_len, SSH_SMSG_PUBLIC_KEY);
1064
1065 /* Get check bytes from the packet. */
1066 for (i = 0; i < 8; i++)
1067 check_bytes[i] = packet_get_char();
1068
1069 /* Get the public key. */
1070 public_key = RSA_new();
1071 packet_get_int(); /* bits */
1072 public_key->e = BN_new();
1073 packet_get_bignum(public_key->e, &clen);
1074 sum_len += clen;
1075 public_key->n = BN_new();
1076 packet_get_bignum(public_key->n, &clen);
1077 sum_len += clen;
1078
1079 /* Get the host key. */
1080 host_key = RSA_new();
1081 packet_get_int(); /* bits */
1082 host_key->e = BN_new();
1083 packet_get_bignum(host_key->e, &clen);
1084 sum_len += clen;
1085 host_key->n = BN_new();
1086 packet_get_bignum(host_key->n, &clen);
1087 sum_len += clen;
1088
1089 /* Store the host key from the known host file in here
1090 * so that we can compare it with the key for the IP
1091 * address. */
1092 file_key = RSA_new();
1093 file_key->n = BN_new();
1094 file_key->e = BN_new();
1095
1096 /* Get protocol flags. */
1097 protocol_flags = packet_get_int();
1098 packet_set_protocol_flags(protocol_flags);
1099
1100 /* Get supported cipher types. */
1101 supported_ciphers = packet_get_int();
1102
1103 /* Get supported authentication types. */
1104 supported_authentications = packet_get_int();
1105
1106 debug("Received server public key (%d bits) and host key (%d bits).",
1107 BN_num_bits(public_key->n), BN_num_bits(host_key->n));
1108
1109 packet_integrity_check(payload_len,
1110 8 + 4 + sum_len + 0 + 4 + 0 + 0 + 4 + 4 + 4,
1111 SSH_SMSG_PUBLIC_KEY);
1112
1113 /* Compute the session id. */
1114 compute_session_id(session_id, check_bytes,
1115 BN_num_bits(host_key->n), host_key->n,
1116 BN_num_bits(public_key->n), public_key->n);
1117
1118 /* Check if the host key is present in the user\'s list of known hosts
1119 or in the systemwide list. */
1120 host_status = check_host_in_hostfile(options->user_hostfile,
1121 host, BN_num_bits(host_key->n),
1122 host_key->e, host_key->n,
1123 file_key->e, file_key->n);
1124 if (host_status == HOST_NEW)
1125 host_status = check_host_in_hostfile(options->system_hostfile, host,
1126 BN_num_bits(host_key->n),
1127 host_key->e, host_key->n,
1128 file_key->e, file_key->n);
1129 /* Force accepting of the host key for localhost and 127.0.0.1.
1130 The problem is that if the home directory is NFS-mounted to multiple
1131 machines, localhost will refer to a different machine in each of them,
1132 and the user will get bogus HOST_CHANGED warnings. This essentially
1133 disables host authentication for localhost; however, this is probably
1134 not a real problem. */
1135 if (local) {
1136 debug("Forcing accepting of host key for localhost.");
1137 host_status = HOST_OK;
1138 }
1139
1140 /* Also perform check for the ip address, skip the check if we are
1141 localhost or the hostname was an ip address to begin with */
1142 if (options->check_host_ip && !local && strcmp(host, ip)) {
1143 RSA *ip_key = RSA_new();
1144 ip_key->n = BN_new();
1145 ip_key->e = BN_new();
1146 ip_status = check_host_in_hostfile(options->user_hostfile, ip,
1147 BN_num_bits(host_key->n),
1148 host_key->e, host_key->n,
1149 ip_key->e, ip_key->n);
1150
1151 if (ip_status == HOST_NEW)
1152 ip_status = check_host_in_hostfile(options->system_hostfile, ip,
1153 BN_num_bits(host_key->n),
1154 host_key->e, host_key->n,
1155 ip_key->e, ip_key->n);
1156 if (host_status == HOST_CHANGED &&
1157 (ip_status != HOST_CHANGED ||
1158 (BN_cmp(ip_key->e, file_key->e) || BN_cmp(ip_key->n, file_key->n))))
1159 host_ip_differ = 1;
1160
1161 RSA_free(ip_key);
1162 } else
1163 ip_status = host_status;
1164
1165 RSA_free(file_key);
1166
1167 switch (host_status) {
1168 case HOST_OK:
1169 /* The host is known and the key matches. */
1170 debug("Host '%.200s' is known and matches the host key.", host);
1171 if (options->check_host_ip) {
1172 if (ip_status == HOST_NEW) {
1173 if (!add_host_to_hostfile(options->user_hostfile, ip,
1174 BN_num_bits(host_key->n),
1175 host_key->e, host_key->n))
1176 log("Failed to add the host ip to the list of known hosts (%.30s).",
1177 options->user_hostfile);
1178 else
1179 log("Warning: Permanently added host ip '%.30s' to the list of known hosts.", ip);
1180 } else if (ip_status != HOST_OK)
1181 log("Warning: the host key differ from the key of the ip address '%.30s' differs", ip);
1182 }
1183
1184 break;
1185 case HOST_NEW:
1186 {
1187 char hostline[1000], *hostp = hostline;
1188 /* The host is new. */
1189 if (options->strict_host_key_checking == 1) {
1190 /* User has requested strict host key checking. We will not
1191 add the host key automatically. The only alternative left
1192 is to abort. */
1193 fatal("No host key is known for %.200s and you have requested strict checking.", host);
1194 } else if (options->strict_host_key_checking == 2) { /* The default */
1195 char prompt[1024];
1196 snprintf(prompt, sizeof(prompt),
1197 "The authenticity of host '%.200s' can't be established.\n"
1198 "Are you sure you want to continue connecting (yes/no)? ",
1199 host);
1200 if (!read_yes_or_no(prompt, -1))
1201 fatal("Aborted by user!\n");
1202 }
1203
1204 if (options->check_host_ip && ip_status == HOST_NEW && strcmp(host, ip))
1205 snprintf(hostline, sizeof(hostline), "%s,%s", host, ip);
1206 else
1207 hostp = host;
1208
1209 /* If not in strict mode, add the key automatically to the local
1210 known_hosts file. */
1211 if (!add_host_to_hostfile(options->user_hostfile, hostp,
1212 BN_num_bits(host_key->n),
1213 host_key->e, host_key->n))
1214 log("Failed to add the host to the list of known hosts (%.500s).",
1215 options->user_hostfile);
1216 else
1217 log("Warning: Permanently added '%.200s' to the list of known hosts.",
1218 hostp);
1219 break;
1220 }
1221 case HOST_CHANGED:
1222 if (options->check_host_ip) {
1223 if (host_ip_differ) {
1224 error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
1225 error("@ WARNING: POSSIBLE DNS SPOOFING DETECTED! @");
1226 error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
1227 error("The host key for %s has changed,", host);
1228 error("but the key for the according IP address %s has", ip);
1229 error("a different status. This could either mean that DNS");
1230 error("SPOOFING is happening or the IP address for the host");
1231 error("and its host key have changed at the same time");
1232 }
1233 }
1234
1235 /* The host key has changed. */
1236 error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
1237 error("@ WARNING: HOST IDENTIFICATION HAS CHANGED! @");
1238 error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
1239 error("IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!");
1240 error("Someone could be eavesdropping on you right now (man-in-the-middle attack)!");
1241 error("It is also possible that the host key has just been changed.");
1242 error("Please contact your system administrator.");
1243 error("Add correct host key in %.100s to get rid of this message.",
1244 options->user_hostfile);
1245
1246 /* If strict host key checking is in use, the user will have to edit
1247 the key manually and we can only abort. */
1248 if (options->strict_host_key_checking)
1249 fatal("Host key for %.200s has changed and you have requested strict checking.", host);
1250
1251 /* If strict host key checking has not been requested, allow the
1252 connection but without password authentication or
1253 agent forwarding. */
1254 if (options->password_authentication) {
1255 error("Password authentication is disabled to avoid trojan horses.");
1256 options->password_authentication = 0;
1257 }
1258 if (options->forward_agent) {
1259 error("Agent forwarding is disabled to avoid trojan horses.");
1260 options->forward_agent = 0;
1261 }
1262 /* XXX Should permit the user to change to use the new id. This could
1263 be done by converting the host key to an identifying sentence, tell
1264 that the host identifies itself by that sentence, and ask the user
1265 if he/she whishes to accept the authentication. */
1266 break;
1267 }
1268
1269 if (options->check_host_ip)
1270 xfree(ip);
1271
1272 /* Generate a session key. */
1273 arc4random_stir();
1274
1275 /* Generate an encryption key for the session. The key is a 256 bit
1276 random number, interpreted as a 32-byte key, with the least significant
1277 8 bits being the first byte of the key. */
1278 for (i = 0; i < 32; i++) {
1279 if (i % 4 == 0)
1280 rand = arc4random();
1281 session_key[i] = rand & 0xff;
1282 rand >>= 8;
1283 }
1284
1285 /* According to the protocol spec, the first byte of the session key is
1286 the highest byte of the integer. The session key is xored with the
1287 first 16 bytes of the session id. */
1288 key = BN_new();
1289 BN_set_word(key, 0);
1290 for (i = 0; i < SSH_SESSION_KEY_LENGTH; i++)
1291 {
1292 BN_lshift(key, key, 8);
1293 if (i < 16)
1294 BN_add_word(key, session_key[i] ^ session_id[i]);
1295 else
1296 BN_add_word(key, session_key[i]);
1297 }
1298
1299 /* Encrypt the integer using the public key and host key of the server
1300 (key with smaller modulus first). */
1301 if (BN_cmp(public_key->n, host_key->n) < 0)
1302 {
1303 /* Public key has smaller modulus. */
5bae4ab8 1304 if (BN_num_bits(host_key->n) <
1305 BN_num_bits(public_key->n) + SSH_KEY_BITS_RESERVED) {
1306 fatal("respond_to_rsa_challenge: host_key %d < public_key %d + "
1307 "SSH_KEY_BITS_RESERVED %d",
1308 BN_num_bits(host_key->n),
1309 BN_num_bits(public_key->n),
1310 SSH_KEY_BITS_RESERVED);
1311 }
8efc0c15 1312
1313 rsa_public_encrypt(key, key, public_key);
1314 rsa_public_encrypt(key, key, host_key);
1315 }
1316 else
1317 {
1318 /* Host key has smaller modulus (or they are equal). */
5bae4ab8 1319 if (BN_num_bits(public_key->n) <
1320 BN_num_bits(host_key->n) + SSH_KEY_BITS_RESERVED) {
1321 fatal("respond_to_rsa_challenge: public_key %d < host_key %d + "
1322 "SSH_KEY_BITS_RESERVED %d",
1323 BN_num_bits(public_key->n),
1324 BN_num_bits(host_key->n),
1325 SSH_KEY_BITS_RESERVED);
1326 }
8efc0c15 1327
1328 rsa_public_encrypt(key, key, host_key);
1329 rsa_public_encrypt(key, key, public_key);
1330 }
1331
1332 if (options->cipher == SSH_CIPHER_NOT_SET) {
1333 if (cipher_mask() & supported_ciphers & (1 << ssh_cipher_default))
1334 options->cipher = ssh_cipher_default;
1335 else {
1336 debug("Cipher %d not supported, using %.100s instead.",
1337 cipher_name(ssh_cipher_default),
1338 cipher_name(SSH_FALLBACK_CIPHER));
1339 options->cipher = SSH_FALLBACK_CIPHER;
1340 }
1341 }
1342
1343 /* Check that the selected cipher is supported. */
1344 if (!(supported_ciphers & (1 << options->cipher)))
1345 fatal("Selected cipher type %.100s not supported by server.",
1346 cipher_name(options->cipher));
1347
1348 debug("Encryption type: %.100s", cipher_name(options->cipher));
1349
1350 /* Send the encrypted session key to the server. */
1351 packet_start(SSH_CMSG_SESSION_KEY);
1352 packet_put_char(options->cipher);
1353
1354 /* Send the check bytes back to the server. */
1355 for (i = 0; i < 8; i++)
1356 packet_put_char(check_bytes[i]);
1357
1358 /* Send the encrypted encryption key. */
1359 packet_put_bignum(key);
1360
1361 /* Send protocol flags. */
1362 packet_put_int(SSH_PROTOFLAG_SCREEN_NUMBER | SSH_PROTOFLAG_HOST_IN_FWD_OPEN);
1363
1364 /* Send the packet now. */
1365 packet_send();
1366 packet_write_wait();
1367
1368 /* Destroy the session key integer and the public keys since we no longer
1369 need them. */
1370 BN_clear_free(key);
1371 RSA_free(public_key);
1372 RSA_free(host_key);
1373
1374 debug("Sent encrypted session key.");
1375
1376 /* Set the encryption key. */
1377 packet_set_encryption_key(session_key, SSH_SESSION_KEY_LENGTH,
1378 options->cipher, 1);
1379
1380 /* We will no longer need the session key here. Destroy any extra copies. */
1381 memset(session_key, 0, sizeof(session_key));
1382
1383 /* Expect a success message from the server. Note that this message will
1384 be received in encrypted form. */
1385 packet_read_expect(&payload_len, SSH_SMSG_SUCCESS);
1386
1387 debug("Received encrypted confirmation.");
1388
1389 /* Send the name of the user to log in as on the server. */
1390 packet_start(SSH_CMSG_USER);
1391 packet_put_string(server_user, strlen(server_user));
1392 packet_send();
1393 packet_write_wait();
1394
1395 /* The server should respond with success if no authentication is needed
1396 (the user has no password). Otherwise the server responds with
1397 failure. */
1398 type = packet_read(&payload_len);
1399 if (type == SSH_SMSG_SUCCESS)
1400 return; /* Connection was accepted without authentication. */
1401 if (type != SSH_SMSG_FAILURE)
1402 packet_disconnect("Protocol error: got %d in response to SSH_CMSG_USER",
1403 type);
1404
1405#ifdef AFS
1406 /* Try Kerberos tgt passing if the server supports it. */
1407 if ((supported_authentications & (1 << SSH_PASS_KERBEROS_TGT)) &&
1408 options->kerberos_tgt_passing)
1409 {
1410 if (options->cipher == SSH_CIPHER_NONE)
1411 log("WARNING: Encryption is disabled! Ticket will be transmitted in the clear!");
1412 (void)send_kerberos_tgt();
1413 }
1414
1415 /* Try AFS token passing if the server supports it. */
1416 if ((supported_authentications & (1 << SSH_PASS_AFS_TOKEN)) &&
1417 options->afs_token_passing && k_hasafs()) {
1418 if (options->cipher == SSH_CIPHER_NONE)
1419 log("WARNING: Encryption is disabled! Token will be transmitted in the clear!");
1420 send_afs_tokens();
1421 }
1422#endif /* AFS */
1423
1424#ifdef KRB4
1425 if ((supported_authentications & (1 << SSH_AUTH_KERBEROS)) &&
1426 options->kerberos_authentication)
1427 {
1428 debug("Trying Kerberos authentication.");
1429 if (try_kerberos_authentication()) {
1430 /* The server should respond with success or failure. */
1431 type = packet_read(&payload_len);
1432 if (type == SSH_SMSG_SUCCESS)
1433 return; /* Successful connection. */
1434 if (type != SSH_SMSG_FAILURE)
1435 packet_disconnect("Protocol error: got %d in response to Kerberos auth", type);
1436 }
1437 }
1438#endif /* KRB4 */
1439
1440 /* Use rhosts authentication if running in privileged socket and we do not
1441 wish to remain anonymous. */
1442 if ((supported_authentications & (1 << SSH_AUTH_RHOSTS)) &&
1443 options->rhosts_authentication)
1444 {
1445 debug("Trying rhosts authentication.");
1446 packet_start(SSH_CMSG_AUTH_RHOSTS);
1447 packet_put_string(local_user, strlen(local_user));
1448 packet_send();
1449 packet_write_wait();
1450
1451 /* The server should respond with success or failure. */
1452 type = packet_read(&payload_len);
1453 if (type == SSH_SMSG_SUCCESS)
1454 return; /* Successful connection. */
1455 if (type != SSH_SMSG_FAILURE)
1456 packet_disconnect("Protocol error: got %d in response to rhosts auth",
1457 type);
1458 }
1459
1460 /* Try .rhosts or /etc/hosts.equiv authentication with RSA host
1461 authentication. */
1462 if ((supported_authentications & (1 << SSH_AUTH_RHOSTS_RSA)) &&
1463 options->rhosts_rsa_authentication && host_key_valid)
1464 {
1465 if (try_rhosts_rsa_authentication(local_user, own_host_key))
1466 return; /* Successful authentication. */
1467 }
1468
1469 /* Try RSA authentication if the server supports it. */
1470 if ((supported_authentications & (1 << SSH_AUTH_RSA)) &&
1471 options->rsa_authentication)
1472 {
1473 /* Try RSA authentication using the authentication agent. The agent
1474 is tried first because no passphrase is needed for it, whereas
1475 identity files may require passphrases. */
1476 if (try_agent_authentication())
1477 return; /* Successful connection. */
1478
1479 /* Try RSA authentication for each identity. */
1480 for (i = 0; i < options->num_identity_files; i++)
1481 if (try_rsa_authentication(pw, options->identity_files[i],
1482 !options->batch_mode))
1483 return; /* Successful connection. */
1484 }
1485
1486 /* Try password authentication if the server supports it. */
1487 if ((supported_authentications & (1 << SSH_AUTH_PASSWORD)) &&
1488 options->password_authentication && !options->batch_mode)
1489 {
1490 char prompt[80];
1491 snprintf(prompt, sizeof(prompt), "%.30s@%.30s's password: ",
1492 server_user, host);
1493 debug("Doing password authentication.");
1494 if (options->cipher == SSH_CIPHER_NONE)
1495 log("WARNING: Encryption is disabled! Password will be transmitted in clear text.");
1496 for (i = 0; i < options->number_of_password_prompts; i++) {
1497 if (i != 0)
1498 error("Permission denied, please try again.");
1499 password = read_passphrase(prompt, 0);
1500 packet_start(SSH_CMSG_AUTH_PASSWORD);
1501 packet_put_string(password, strlen(password));
1502 memset(password, 0, strlen(password));
1503 xfree(password);
1504 packet_send();
1505 packet_write_wait();
1506
1507 type = packet_read(&payload_len);
1508 if (type == SSH_SMSG_SUCCESS)
1509 return; /* Successful connection. */
1510 if (type != SSH_SMSG_FAILURE)
1511 packet_disconnect("Protocol error: got %d in response to passwd auth", type);
1512 }
1513 }
1514
1515 /* All authentication methods have failed. Exit with an error message. */
1516 fatal("Permission denied.");
1517 /*NOTREACHED*/
1518}
git-cvsimport mirror of OpenSSH
This page took 0.239106 seconds and 5 git commands to generate.