]> andersk Git - openssh.git/blame - sshconnect.c
andersk / openssh.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
- Merged more OpenBSD CVS changes:
[openssh.git] / sshconnect.c
CommitLineData
8efc0c15 1/*
2
3sshconnect.c
4
5Author: Tatu Ylonen <ylo@cs.hut.fi>
6
7Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
8 All rights reserved
9
10Created: Sat Mar 18 22:15:47 1995 ylo
11
12Code to connect to a remote host, and to perform the client side of the
13login (authentication) dialog.
14
15*/
16
17#include "includes.h"
18RCSID("$Id$");
19
5881cd60 20#ifdef HAVE_OPENSSL
8efc0c15 21#include <openssl/bn.h>
5881cd60 22#include <openssl/md5.h>
23#endif
24#ifdef HAVE_SSL
25#include <ssl/bn.h>
26#include <ssl/md5.h>
27#endif
28
8efc0c15 29#include "xmalloc.h"
30#include "rsa.h"
31#include "ssh.h"
32#include "packet.h"
33#include "authfd.h"
34#include "cipher.h"
35#include "mpaux.h"
36#include "uidswap.h"
37#include "compat.h"
6fa724bc 38#include "readconf.h"
8efc0c15 39
40/* Session id for the current session. */
41unsigned char session_id[16];
42
43/* Connect to the given ssh server using a proxy command. */
44
45int
46ssh_proxy_connect(const char *host, int port, uid_t original_real_uid,
47 const char *proxy_command)
48{
49 Buffer command;
50 const char *cp;
51 char *command_string;
52 int pin[2], pout[2];
53 int pid;
54 char portstring[100];
55
56 /* Convert the port number into a string. */
57 snprintf(portstring, sizeof portstring, "%d", port);
58
59 /* Build the final command string in the buffer by making the appropriate
60 substitutions to the given proxy command. */
61 buffer_init(&command);
62 for (cp = proxy_command; *cp; cp++)
63 {
64 if (cp[0] == '%' && cp[1] == '%')
65 {
66 buffer_append(&command, "%", 1);
67 cp++;
68 continue;
69 }
70 if (cp[0] == '%' && cp[1] == 'h')
71 {
72 buffer_append(&command, host, strlen(host));
73 cp++;
74 continue;
75 }
76 if (cp[0] == '%' && cp[1] == 'p')
77 {
78 buffer_append(&command, portstring, strlen(portstring));
79 cp++;
80 continue;
81 }
82 buffer_append(&command, cp, 1);
83 }
84 buffer_append(&command, "\0", 1);
85
86 /* Get the final command string. */
87 command_string = buffer_ptr(&command);
88
89 /* Create pipes for communicating with the proxy. */
90 if (pipe(pin) < 0 || pipe(pout) < 0)
91 fatal("Could not create pipes to communicate with the proxy: %.100s",
92 strerror(errno));
93
94 debug("Executing proxy command: %.500s", command_string);
95
96 /* Fork and execute the proxy command. */
97 if ((pid = fork()) == 0)
98 {
99 char *argv[10];
100
101 /* Child. Permanently give up superuser privileges. */
102 permanently_set_uid(original_real_uid);
103
104 /* Redirect stdin and stdout. */
105 close(pin[1]);
106 if (pin[0] != 0)
107 {
108 if (dup2(pin[0], 0) < 0)
109 perror("dup2 stdin");
110 close(pin[0]);
111 }
112 close(pout[0]);
113 if (dup2(pout[1], 1) < 0)
114 perror("dup2 stdout");
115 close(pout[1]); /* Cannot be 1 because pin allocated two descriptors. */
116
117 /* Stderr is left as it is so that error messages get printed on
118 the user's terminal. */
119 argv[0] = "/bin/sh";
120 argv[1] = "-c";
121 argv[2] = command_string;
122 argv[3] = NULL;
123
124 /* Execute the proxy command. Note that we gave up any extra
125 privileges above. */
126 execv("/bin/sh", argv);
127 perror("/bin/sh");
128 exit(1);
129 }
130 /* Parent. */
131 if (pid < 0)
132 fatal("fork failed: %.100s", strerror(errno));
133
134 /* Close child side of the descriptors. */
135 close(pin[0]);
136 close(pout[1]);
137
138 /* Free the command name. */
139 buffer_free(&command);
140
141 /* Set the connection file descriptors. */
142 packet_set_connection(pout[0], pin[1]);
143
144 return 1;
145}
146
147/* Creates a (possibly privileged) socket for use as the ssh connection. */
148
149int ssh_create_socket(uid_t original_real_uid, int privileged)
150{
151 int sock;
152
153 /* If we are running as root and want to connect to a privileged port,
154 bind our own socket to a privileged port. */
155 if (privileged)
156 {
157 int p = IPPORT_RESERVED - 1;
158
159 sock = rresvport(&p);
160 if (sock < 0)
161 fatal("rresvport: %.100s", strerror(errno));
162 debug("Allocated local port %d.", p);
163 }
164 else
165 {
166 /* Just create an ordinary socket on arbitrary port. We use the
167 user's uid to create the socket. */
168 temporarily_use_uid(original_real_uid);
169 sock = socket(AF_INET, SOCK_STREAM, 0);
170 if (sock < 0)
171 fatal("socket: %.100s", strerror(errno));
172 restore_uid();
173 }
174 return sock;
175}
176
177/* Opens a TCP/IP connection to the remote server on the given host. If
178 port is 0, the default port will be used. If anonymous is zero,
179 a privileged port will be allocated to make the connection.
180 This requires super-user privileges if anonymous is false.
181 Connection_attempts specifies the maximum number of tries (one per
182 second). If proxy_command is non-NULL, it specifies the command (with %h
183 and %p substituted for host and port, respectively) to use to contact
184 the daemon. */
185
186int ssh_connect(const char *host, struct sockaddr_in *hostaddr,
187 int port, int connection_attempts,
188 int anonymous, uid_t original_real_uid,
189 const char *proxy_command)
190{
191 int sock = -1, attempt, i;
192 int on = 1;
193 struct servent *sp;
194 struct hostent *hp;
195 struct linger linger;
196
197 debug("ssh_connect: getuid %d geteuid %d anon %d",
198 (int)getuid(), (int)geteuid(), anonymous);
199
200 /* Get default port if port has not been set. */
201 if (port == 0)
202 {
203 sp = getservbyname(SSH_SERVICE_NAME, "tcp");
204 if (sp)
205 port = ntohs(sp->s_port);
206 else
207 port = SSH_DEFAULT_PORT;
208 }
209
210 /* If a proxy command is given, connect using it. */
211 if (proxy_command != NULL)
212 return ssh_proxy_connect(host, port, original_real_uid, proxy_command);
213
214 /* No proxy command. */
215
216 /* No host lookup made yet. */
217 hp = NULL;
218
219 /* Try to connect several times. On some machines, the first time will
220 sometimes fail. In general socket code appears to behave quite
221 magically on many machines. */
222 for (attempt = 0; attempt < connection_attempts; attempt++)
223 {
224 if (attempt > 0)
225 debug("Trying again...");
226
227 /* Try to parse the host name as a numeric inet address. */
228 memset(hostaddr, 0, sizeof(hostaddr));
229 hostaddr->sin_family = AF_INET;
230 hostaddr->sin_port = htons(port);
231 hostaddr->sin_addr.s_addr = inet_addr(host);
232 if ((hostaddr->sin_addr.s_addr & 0xffffffff) != 0xffffffff)
233 {
234 /* Valid numeric IP address */
235 debug("Connecting to %.100s port %d.",
236 inet_ntoa(hostaddr->sin_addr), port);
237
238 /* Create a socket. */
239 sock = ssh_create_socket(original_real_uid,
240 !anonymous && geteuid() == 0 &&
241 port < IPPORT_RESERVED);
242
243 /* Connect to the host. We use the user's uid in the hope that
244 it will help with the problems of tcp_wrappers showing the
245 remote uid as root. */
246 temporarily_use_uid(original_real_uid);
247 if (connect(sock, (struct sockaddr *)hostaddr, sizeof(*hostaddr))
248 >= 0)
249 {
250 /* Successful connect. */
251 restore_uid();
252 break;
253 }
254 debug("connect: %.100s", strerror(errno));
255 restore_uid();
256
257 /* Destroy the failed socket. */
258 shutdown(sock, SHUT_RDWR);
259 close(sock);
260 }
261 else
262 {
263 /* Not a valid numeric inet address. */
264 /* Map host name to an address. */
265 if (!hp)
266 hp = gethostbyname(host);
267 if (!hp)
268 fatal("Bad host name: %.100s", host);
269 if (!hp->h_addr_list[0])
270 fatal("Host does not have an IP address: %.100s", host);
271
272 /* Loop through addresses for this host, and try each one in
273 sequence until the connection succeeds. */
274 for (i = 0; hp->h_addr_list[i]; i++)
275 {
276 /* Set the address to connect to. */
277 hostaddr->sin_family = hp->h_addrtype;
278 memcpy(&hostaddr->sin_addr, hp->h_addr_list[i],
279 sizeof(hostaddr->sin_addr));
280
281 debug("Connecting to %.200s [%.100s] port %d.",
282 host, inet_ntoa(hostaddr->sin_addr), port);
283
284 /* Create a socket for connecting. */
285 sock = ssh_create_socket(original_real_uid,
286 !anonymous && geteuid() == 0 &&
287 port < IPPORT_RESERVED);
288
289 /* Connect to the host. We use the user's uid in the hope that
290 it will help with tcp_wrappers showing the remote uid as
291 root. */
292 temporarily_use_uid(original_real_uid);
293 if (connect(sock, (struct sockaddr *)hostaddr,
294 sizeof(*hostaddr)) >= 0)
295 {
296 /* Successful connection. */
297 restore_uid();
298 break;
299 }
300 debug("connect: %.100s", strerror(errno));
301 restore_uid();
302
303 /* Close the failed socket; there appear to be some problems
304 when reusing a socket for which connect() has already
305 returned an error. */
306 shutdown(sock, SHUT_RDWR);
307 close(sock);
308 }
309 if (hp->h_addr_list[i])
310 break; /* Successful connection. */
311 }
312
313 /* Sleep a moment before retrying. */
314 sleep(1);
315 }
316 /* Return failure if we didn't get a successful connection. */
317 if (attempt >= connection_attempts)
318 return 0;
319
320 debug("Connection established.");
321
322 /* Set socket options. We would like the socket to disappear as soon as
323 it has been closed for whatever reason. */
324 /* setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void *)&on, sizeof(on)); */
325 setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, (void *)&on, sizeof(on));
326 linger.l_onoff = 1;
327 linger.l_linger = 5;
328 setsockopt(sock, SOL_SOCKET, SO_LINGER, (void *)&linger, sizeof(linger));
329
330 /* Set the connection. */
331 packet_set_connection(sock, sock);
332
333 return 1;
334}
335
336/* Checks if the user has an authentication agent, and if so, tries to
337 authenticate using the agent. */
338
339int
340try_agent_authentication()
341{
342 int status, type, bits;
343 char *comment;
344 AuthenticationConnection *auth;
345 unsigned char response[16];
346 unsigned int i;
347 BIGNUM *e, *n, *challenge;
348
349 /* Get connection to the agent. */
350 auth = ssh_get_authentication_connection();
351 if (!auth)
352 return 0;
353
354 e = BN_new();
355 n = BN_new();
356 challenge = BN_new();
357
358 /* Loop through identities served by the agent. */
359 for (status = ssh_get_first_identity(auth, &bits, e, n, &comment);
360 status;
361 status = ssh_get_next_identity(auth, &bits, e, n, &comment))
362 {
363 int plen, clen;
364
365 /* Try this identity. */
366 debug("Trying RSA authentication via agent with '%.100s'", comment);
367 xfree(comment);
368
369 /* Tell the server that we are willing to authenticate using this key. */
370 packet_start(SSH_CMSG_AUTH_RSA);
371 packet_put_bignum(n);
372 packet_send();
373 packet_write_wait();
374
375 /* Wait for server's response. */
376 type = packet_read(&plen);
377
378 /* The server sends failure if it doesn\'t like our key or does not
379 support RSA authentication. */
380 if (type == SSH_SMSG_FAILURE)
381 {
382 debug("Server refused our key.");
383 continue;
384 }
385
386 /* Otherwise it should have sent a challenge. */
387 if (type != SSH_SMSG_AUTH_RSA_CHALLENGE)
388 packet_disconnect("Protocol error during RSA authentication: %d",
389 type);
390
391 packet_get_bignum(challenge, &clen);
392
393 packet_integrity_check(plen, clen, type);
394
395 debug("Received RSA challenge from server.");
396
397 /* Ask the agent to decrypt the challenge. */
398 if (!ssh_decrypt_challenge(auth, bits, e, n, challenge,
399 session_id, 1, response))
400 {
401 /* The agent failed to authenticate this identifier although it
402 advertised it supports this. Just return a wrong value. */
403 log("Authentication agent failed to decrypt challenge.");
404 memset(response, 0, sizeof(response));
405 }
406
407 debug("Sending response to RSA challenge.");
408
409 /* Send the decrypted challenge back to the server. */
410 packet_start(SSH_CMSG_AUTH_RSA_RESPONSE);
411 for (i = 0; i < 16; i++)
412 packet_put_char(response[i]);
413 packet_send();
414 packet_write_wait();
415
416 /* Wait for response from the server. */
417 type = packet_read(&plen);
418
419 /* The server returns success if it accepted the authentication. */
420 if (type == SSH_SMSG_SUCCESS)
421 {
422 debug("RSA authentication accepted by server.");
423 BN_clear_free(e);
424 BN_clear_free(n);
425 BN_clear_free(challenge);
426 return 1;
427 }
428
429 /* Otherwise it should return failure. */
430 if (type != SSH_SMSG_FAILURE)
431 packet_disconnect("Protocol error waiting RSA auth response: %d",
432 type);
433 }
434
435 BN_clear_free(e);
436 BN_clear_free(n);
437 BN_clear_free(challenge);
438
439 debug("RSA authentication using agent refused.");
440 return 0;
441}
442
443/* Computes the proper response to a RSA challenge, and sends the response to
444 the server. */
445
446void
447respond_to_rsa_challenge(BIGNUM *challenge, RSA *prv)
448{
449 unsigned char buf[32], response[16];
450 MD5_CTX md;
451 int i, len;
452
453 /* Decrypt the challenge using the private key. */
454 rsa_private_decrypt(challenge, challenge, prv);
455
456 /* Compute the response. */
457 /* The response is MD5 of decrypted challenge plus session id. */
458 len = BN_num_bytes(challenge);
5bae4ab8 459 if (len <= 0 || len > sizeof(buf))
460 packet_disconnect("respond_to_rsa_challenge: bad challenge length %d",
461 len);
462
8efc0c15 463 memset(buf, 0, sizeof(buf));
464 BN_bn2bin(challenge, buf + sizeof(buf) - len);
465 MD5_Init(&md);
466 MD5_Update(&md, buf, 32);
467 MD5_Update(&md, session_id, 16);
468 MD5_Final(response, &md);
469
470 debug("Sending response to host key RSA challenge.");
471
472 /* Send the response back to the server. */
473 packet_start(SSH_CMSG_AUTH_RSA_RESPONSE);
474 for (i = 0; i < 16; i++)
475 packet_put_char(response[i]);
476 packet_send();
477 packet_write_wait();
478
479 memset(buf, 0, sizeof(buf));
480 memset(response, 0, sizeof(response));
481 memset(&md, 0, sizeof(md));
482}
483
484/* Checks if the user has authentication file, and if so, tries to authenticate
485 the user using it. */
486
487int
6fa724bc 488try_rsa_authentication(struct passwd *pw, const char *authfile)
8efc0c15 489{
6fa724bc 490 extern Options options;
8efc0c15 491 BIGNUM *challenge;
492 RSA *private_key;
493 RSA *public_key;
494 char *passphrase, *comment;
495 int type, i;
496 int plen, clen;
497
498 /* Try to load identification for the authentication key. */
499 public_key = RSA_new();
500 if (!load_public_key(authfile, public_key, &comment)) {
501 RSA_free(public_key);
502 return 0; /* Could not load it. Fail. */
503 }
504
505 debug("Trying RSA authentication with key '%.100s'", comment);
506
507 /* Tell the server that we are willing to authenticate using this key. */
508 packet_start(SSH_CMSG_AUTH_RSA);
509 packet_put_bignum(public_key->n);
510 packet_send();
511 packet_write_wait();
512
513 /* We no longer need the public key. */
514 RSA_free(public_key);
515
516 /* Wait for server's response. */
517 type = packet_read(&plen);
518
519 /* The server responds with failure if it doesn\'t like our key or doesn\'t
520 support RSA authentication. */
521 if (type == SSH_SMSG_FAILURE)
522 {
523 debug("Server refused our key.");
524 xfree(comment);
525 return 0; /* Server refuses to authenticate with this key. */
526 }
527
528 /* Otherwise, the server should respond with a challenge. */
529 if (type != SSH_SMSG_AUTH_RSA_CHALLENGE)
530 packet_disconnect("Protocol error during RSA authentication: %d", type);
531
532 /* Get the challenge from the packet. */
533 challenge = BN_new();
534 packet_get_bignum(challenge, &clen);
535
536 packet_integrity_check(plen, clen, type);
537
538 debug("Received RSA challenge from server.");
539
540 private_key = RSA_new();
541 /* Load the private key. Try first with empty passphrase; if it fails,
542 ask for a passphrase. */
543 if (!load_private_key(authfile, "", private_key, NULL))
544 {
545 char buf[300];
546 /* Request passphrase from the user. We read from /dev/tty to make
547 this work even if stdin has been redirected. If running in
548 batch mode, we just use the empty passphrase, which will fail and
549 return. */
550 snprintf(buf, sizeof buf,
551 "Enter passphrase for RSA key '%.100s': ", comment);
6fa724bc 552 if (!options.batch_mode)
8efc0c15 553 passphrase = read_passphrase(buf, 0);
554 else
555 {
556 debug("Will not query passphrase for %.100s in batch mode.",
557 comment);
558 passphrase = xstrdup("");
559 }
560
561 /* Load the authentication file using the pasphrase. */
562 if (!load_private_key(authfile, passphrase, private_key, NULL))
563 {
564 memset(passphrase, 0, strlen(passphrase));
565 xfree(passphrase);
566 error("Bad passphrase.");
567
568 /* Send a dummy response packet to avoid protocol error. */
569 packet_start(SSH_CMSG_AUTH_RSA_RESPONSE);
570 for (i = 0; i < 16; i++)
571 packet_put_char(0);
572 packet_send();
573 packet_write_wait();
574
575 /* Expect the server to reject it... */
576 packet_read_expect(&plen, SSH_SMSG_FAILURE);
577 xfree(comment);
578 return 0;
579 }
580
581 /* Destroy the passphrase. */
582 memset(passphrase, 0, strlen(passphrase));
583 xfree(passphrase);
584 }
585
586 /* We no longer need the comment. */
587 xfree(comment);
588
589 /* Compute and send a response to the challenge. */
590 respond_to_rsa_challenge(challenge, private_key);
591
592 /* Destroy the private key. */
593 RSA_free(private_key);
594
595 /* We no longer need the challenge. */
596 BN_clear_free(challenge);
597
598 /* Wait for response from the server. */
599 type = packet_read(&plen);
600 if (type == SSH_SMSG_SUCCESS)
601 {
602 debug("RSA authentication accepted by server.");
603 return 1;
604 }
605 if (type != SSH_SMSG_FAILURE)
606 packet_disconnect("Protocol error waiting RSA auth response: %d", type);
607 debug("RSA authentication refused.");
608 return 0;
609}
610
611/* Tries to authenticate the user using combined rhosts or /etc/hosts.equiv
612 authentication and RSA host authentication. */
613
614int
615try_rhosts_rsa_authentication(const char *local_user, RSA *host_key)
616{
617 int type;
618 BIGNUM *challenge;
619 int plen, clen;
620
621 debug("Trying rhosts or /etc/hosts.equiv with RSA host authentication.");
622
623 /* Tell the server that we are willing to authenticate using this key. */
624 packet_start(SSH_CMSG_AUTH_RHOSTS_RSA);
625 packet_put_string(local_user, strlen(local_user));
626 packet_put_int(BN_num_bits(host_key->n));
627 packet_put_bignum(host_key->e);
628 packet_put_bignum(host_key->n);
629 packet_send();
630 packet_write_wait();
631
632 /* Wait for server's response. */
633 type = packet_read(&plen);
634
635 /* The server responds with failure if it doesn't admit our .rhosts
636 authentication or doesn't know our host key. */
637 if (type == SSH_SMSG_FAILURE)
638 {
639 debug("Server refused our rhosts authentication or host key.");
640 return 0; /* Server refuses to authenticate us with this method. */
641 }
642
643 /* Otherwise, the server should respond with a challenge. */
644 if (type != SSH_SMSG_AUTH_RSA_CHALLENGE)
645 packet_disconnect("Protocol error during RSA authentication: %d", type);
646
647 /* Get the challenge from the packet. */
648 challenge = BN_new();
649 packet_get_bignum(challenge, &clen);
650
651 packet_integrity_check(plen, clen, type);
652
653 debug("Received RSA challenge for host key from server.");
654
655 /* Compute a response to the challenge. */
656 respond_to_rsa_challenge(challenge, host_key);
657
658 /* We no longer need the challenge. */
659 BN_clear_free(challenge);
660
661 /* Wait for response from the server. */
662 type = packet_read(&plen);
663 if (type == SSH_SMSG_SUCCESS)
664 {
665 debug("Rhosts or /etc/hosts.equiv with RSA host authentication accepted by server.");
666 return 1;
667 }
668 if (type != SSH_SMSG_FAILURE)
669 packet_disconnect("Protocol error waiting RSA auth response: %d", type);
670 debug("Rhosts or /etc/hosts.equiv with RSA host authentication refused.");
671 return 0;
672}
673
674#ifdef KRB4
675int try_kerberos_authentication()
676{
677 KTEXT_ST auth; /* Kerberos data */
678 char *reply;
679 char inst[INST_SZ];
680 char *realm;
681 CREDENTIALS cred;
682 int r, type, plen;
683 Key_schedule schedule;
684 u_long checksum, cksum;
685 MSG_DAT msg_data;
686 struct sockaddr_in local, foreign;
687 struct stat st;
688
689 /* Don't do anything if we don't have any tickets. */
690 if (stat(tkt_string(), &st) < 0) return 0;
691
692 strncpy(inst, (char *) krb_get_phost(get_canonical_hostname()), INST_SZ);
693
694 realm = (char *)krb_realmofhost(get_canonical_hostname());
695 if (!realm) {
696 debug("Kerberos V4: no realm for %s", get_canonical_hostname());
697 return 0;
698 }
699 /* This can really be anything. */
700 checksum = (u_long) getpid();
701
702 r = krb_mk_req(&auth, KRB4_SERVICE_NAME, inst, realm, checksum);
703 if (r != KSUCCESS) {
704 debug("Kerberos V4 krb_mk_req failed: %s", krb_err_txt[r]);
705 return 0;
706 }
707 /* Get session key to decrypt the server's reply with. */
708 r = krb_get_cred(KRB4_SERVICE_NAME, inst, realm, &cred);
709 if (r != KSUCCESS) {
710 debug("get_cred failed: %s", krb_err_txt[r]);
711 return 0;
712 }
713 des_key_sched((des_cblock *)cred.session, schedule);
714
715 /* Send authentication info to server. */
716 packet_start(SSH_CMSG_AUTH_KERBEROS);
717 packet_put_string((char *)auth.dat, auth.length);
718 packet_send();
719 packet_write_wait();
720
721 /* Zero the buffer. */
722 (void) memset(auth.dat, 0, MAX_KTXT_LEN);
723
724 r = sizeof(local);
725 memset(&local, 0, sizeof(local));
726 if (getsockname(packet_get_connection_in(),
727 (struct sockaddr *) &local, &r) < 0)
728 debug("getsockname failed: %s", strerror(errno));
729
730 r = sizeof(foreign);
731 memset(&foreign, 0, sizeof(foreign));
732 if (getpeername(packet_get_connection_in(),
e7c0f9d5 733 (struct sockaddr *)&foreign, &r) < 0) {
8efc0c15 734 debug("getpeername failed: %s", strerror(errno));
e7c0f9d5 735 fatal_cleanup();
736 }
8efc0c15 737
738 /* Get server reply. */
739 type = packet_read(&plen);
740 switch(type) {
741
742 case SSH_SMSG_FAILURE: /* Should really be SSH_SMSG_AUTH_KERBEROS_FAILURE */
743 debug("Kerberos V4 authentication failed.");
744 return 0;
745 break;
746
747 case SSH_SMSG_AUTH_KERBEROS_RESPONSE: /* SSH_SMSG_AUTH_KERBEROS_SUCCESS */
748 debug("Kerberos V4 authentication accepted.");
749
750 /* Get server's response. */
751 reply = packet_get_string((unsigned int *)&auth.length);
752 memcpy(auth.dat, reply, auth.length);
753 xfree(reply);
754
755 packet_integrity_check(plen, 4 + auth.length, type);
756
757 /* If his response isn't properly encrypted with the session key,
758 and the decrypted checksum fails to match, he's bogus. Bail out. */
759 r = krb_rd_priv(auth.dat, auth.length, schedule, &cred.session,
760 &foreign, &local, &msg_data);
761 if (r != KSUCCESS) {
762 debug("Kerberos V4 krb_rd_priv failed: %s", krb_err_txt[r]);
763 packet_disconnect("Kerberos V4 challenge failed!");
764 }
765 /* Fetch the (incremented) checksum that we supplied in the request. */
766 (void)memcpy((char *)&cksum, (char *)msg_data.app_data, sizeof(cksum));
767 cksum = ntohl(cksum);
768
769 /* If it matches, we're golden. */
770 if (cksum == checksum + 1) {
771 debug("Kerberos V4 challenge successful.");
772 return 1;
773 }
774 else
775 packet_disconnect("Kerberos V4 challenge failed!");
776 break;
777
778 default:
779 packet_disconnect("Protocol error on Kerberos V4 response: %d", type);
780 }
781 return 0;
782}
783#endif /* KRB4 */
784
785#ifdef AFS
786int send_kerberos_tgt()
787{
788 CREDENTIALS *creds;
789 char pname[ANAME_SZ], pinst[INST_SZ], prealm[REALM_SZ];
790 int r, type, plen;
791 unsigned char buffer[8192];
792 struct stat st;
793
794 /* Don't do anything if we don't have any tickets. */
795 if (stat(tkt_string(), &st) < 0) return 0;
796
797 creds = xmalloc(sizeof(*creds));
798
799 if ((r = krb_get_tf_fullname(TKT_FILE, pname, pinst, prealm)) != KSUCCESS) {
800 debug("Kerberos V4 tf_fullname failed: %s",krb_err_txt[r]);
801 return 0;
802 }
803 if ((r = krb_get_cred("krbtgt", prealm, prealm, creds)) != GC_OK) {
804 debug("Kerberos V4 get_cred failed: %s", krb_err_txt[r]);
805 return 0;
806 }
807 if (time(0) > krb_life_to_time(creds->issue_date, creds->lifetime)) {
808 debug("Kerberos V4 ticket expired: %s", TKT_FILE);
809 return 0;
810 }
811
812 creds_to_radix(creds, buffer);
813 xfree(creds);
814
815 packet_start(SSH_CMSG_HAVE_KERBEROS_TGT);
816 packet_put_string((char *)buffer, strlen(buffer));
817 packet_send();
818 packet_write_wait();
819
820 type = packet_read(&plen);
821
822 if (type == SSH_SMSG_FAILURE)
823 debug("Kerberos TGT for realm %s rejected.", prealm);
824 else if (type != SSH_SMSG_SUCCESS)
825 packet_disconnect("Protocol error on Kerberos TGT response: %d", type);
826
827 return 1;
828}
829
830void send_afs_tokens(void)
831{
832 CREDENTIALS creds;
833 struct ViceIoctl parms;
834 struct ClearToken ct;
835 int i, type, len, plen;
836 char buf[2048], *p, *server_cell;
837 unsigned char buffer[8192];
838
839 /* Move over ktc_GetToken, here's something leaner. */
840 for (i = 0; i < 100; i++) { /* just in case */
841 parms.in = (char *)&i;
842 parms.in_size = sizeof(i);
843 parms.out = buf;
844 parms.out_size = sizeof(buf);
845 if (k_pioctl(0, VIOCGETTOK, &parms, 0) != 0) break;
846 p = buf;
847
848 /* Get secret token. */
849 memcpy(&creds.ticket_st.length, p, sizeof(unsigned int));
850 if (creds.ticket_st.length > MAX_KTXT_LEN) break;
851 p += sizeof(unsigned int);
852 memcpy(creds.ticket_st.dat, p, creds.ticket_st.length);
853 p += creds.ticket_st.length;
854
855 /* Get clear token. */
856 memcpy(&len, p, sizeof(len));
857 if (len != sizeof(struct ClearToken)) break;
858 p += sizeof(len);
859 memcpy(&ct, p, len);
860 p += len;
861 p += sizeof(len); /* primary flag */
862 server_cell = p;
863
864 /* Flesh out our credentials. */
865 strlcpy(creds.service, "afs", sizeof creds.service);
866 creds.instance[0] = '\0';
867 strlcpy(creds.realm, server_cell, REALM_SZ);
868 memcpy(creds.session, ct.HandShakeKey, DES_KEY_SZ);
869 creds.issue_date = ct.BeginTimestamp;
870 creds.lifetime = krb_time_to_life(creds.issue_date, ct.EndTimestamp);
871 creds.kvno = ct.AuthHandle;
872 snprintf(creds.pname, sizeof(creds.pname), "AFS ID %d", ct.ViceId);
873 creds.pinst[0] = '\0';
874
875 /* Encode token, ship it off. */
876 if (!creds_to_radix(&creds, buffer)) break;
877 packet_start(SSH_CMSG_HAVE_AFS_TOKEN);
878 packet_put_string((char *)buffer, strlen(buffer));
879 packet_send();
880 packet_write_wait();
881
882 /* Roger, Roger. Clearance, Clarence. What's your vector, Victor? */
883 type = packet_read(&plen);
884
885 if (type == SSH_SMSG_FAILURE)
886 debug("AFS token for cell %s rejected.", server_cell);
887 else if (type != SSH_SMSG_SUCCESS)
888 packet_disconnect("Protocol error on AFS token response: %d", type);
889 }
890}
891#endif /* AFS */
892
893/* Waits for the server identification string, and sends our own identification
894 string. */
895
896void ssh_exchange_identification()
897{
898 char buf[256], remote_version[256]; /* must be same size! */
899 int remote_major, remote_minor, i;
900 int connection_in = packet_get_connection_in();
901 int connection_out = packet_get_connection_out();
902 extern Options options;
903
904 /* Read other side\'s version identification. */
905 for (i = 0; i < sizeof(buf) - 1; i++)
906 {
907 if (read(connection_in, &buf[i], 1) != 1)
908 fatal("read: %.100s", strerror(errno));
909 if (buf[i] == '\r')
910 {
911 buf[i] = '\n';
912 buf[i + 1] = 0;
913 break;
914 }
915 if (buf[i] == '\n')
916 {
917 buf[i + 1] = 0;
918 break;
919 }
920 }
921 buf[sizeof(buf) - 1] = 0;
922
923 /* Check that the versions match. In future this might accept several
924 versions and set appropriate flags to handle them. */
925 if (sscanf(buf, "SSH-%d.%d-%[^\n]\n", &remote_major, &remote_minor,
926 remote_version) != 3)
927 fatal("Bad remote protocol version identification: '%.100s'", buf);
928 debug("Remote protocol version %d.%d, remote software version %.100s",
929 remote_major, remote_minor, remote_version);
930
931 /* Check if the remote protocol version is too old. */
932 if (remote_major == 1 && remote_minor < 3)
933 fatal("Remote machine has too old SSH software version.");
934
935 /* We speak 1.3, too. */
936 if (remote_major == 1 && remote_minor == 3) {
937 enable_compat13();
938 if (options.forward_agent && strcmp(remote_version, SSH_VERSION) != 0) {
939 log("Agent forwarding disabled, remote version '%s' is not compatible.",
940 remote_version);
941 options.forward_agent = 0;
942 }
943 }
944#if 0
945 /* Removed for now, to permit compatibility with latter versions. The server
946 will reject our version and disconnect if it doesn't support it. */
947 if (remote_major != PROTOCOL_MAJOR)
948 fatal("Protocol major versions differ: %d vs. %d",
949 PROTOCOL_MAJOR, remote_major);
950#endif
951
952 /* Send our own protocol version identification. */
953 snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s\n",
954 PROTOCOL_MAJOR, PROTOCOL_MINOR, SSH_VERSION);
955 if (write(connection_out, buf, strlen(buf)) != strlen(buf))
956 fatal("write: %.100s", strerror(errno));
957}
958
959int ssh_cipher_default = SSH_CIPHER_3DES;
960
961int read_yes_or_no(const char *prompt, int defval)
962{
963 char buf[1024];
964 FILE *f;
965 int retval = -1;
966
967 if (isatty(0))
968 f = stdin;
969 else
970 f = fopen("/dev/tty", "rw");
971
972 if (f == NULL)
973 return 0;
974
975 fflush(stdout);
976
977 while (1)
978 {
979 fprintf(stderr, "%s", prompt);
980 if (fgets(buf, sizeof(buf), f) == NULL)
981 {
982 /* Print a newline (the prompt probably didn\'t have one). */
983 fprintf(stderr, "\n");
984 strlcpy(buf, "no", sizeof buf);
985 }
986 /* Remove newline from response. */
987 if (strchr(buf, '\n'))
988 *strchr(buf, '\n') = 0;
989
990 if (buf[0] == 0)
991 retval = defval;
992 if (strcmp(buf, "yes") == 0)
993 retval = 1;
994 if (strcmp(buf, "no") == 0)
995 retval = 0;
996
997 if (retval != -1)
998 {
999 if (f != stdin)
1000 fclose(f);
1001 return retval;
1002 }
1003 }
1004}
1005
1006/* Starts a dialog with the server, and authenticates the current user on the
1007 server. This does not need any extra privileges. The basic connection
1008 to the server must already have been established before this is called.
1009 User is the remote user; if it is NULL, the current local user name will
1010 be used. Anonymous indicates that no rhosts authentication will be used.
1011 If login fails, this function prints an error and never returns.
1012 This function does not require super-user privileges. */
1013
1014void ssh_login(int host_key_valid,
1015 RSA *own_host_key,
1016 const char *orighost,
1017 struct sockaddr_in *hostaddr,
6fa724bc 1018 uid_t original_real_uid)
8efc0c15 1019{
6fa724bc 1020 extern Options options;
8efc0c15 1021 int i, type;
1022 char *password;
1023 struct passwd *pw;
1024 BIGNUM *key;
1025 RSA *host_key, *file_key;
1026 RSA *public_key;
560557bb 1027 int bits, rbits;
8efc0c15 1028 unsigned char session_key[SSH_SESSION_KEY_LENGTH];
1029 const char *server_user, *local_user;
1030 char *cp, *host, *ip = NULL;
1031 unsigned char check_bytes[8];
1032 unsigned int supported_ciphers, supported_authentications, protocol_flags;
1033 HostStatus host_status;
1034 HostStatus ip_status;
1035 int host_ip_differ = 0;
1036 int local = (ntohl(hostaddr->sin_addr.s_addr) >> 24) == IN_LOOPBACKNET;
1037 int payload_len, clen, sum_len = 0;
1038 u_int32_t rand = 0;
1039
6fa724bc 1040 if (options.check_host_ip)
8efc0c15 1041 ip = xstrdup(inet_ntoa(hostaddr->sin_addr));
1042
1043 /* Convert the user-supplied hostname into all lowercase. */
1044 host = xstrdup(orighost);
1045 for (cp = host; *cp; cp++)
1046 if (isupper(*cp))
1047 *cp = tolower(*cp);
1048
1049 /* Exchange protocol version identification strings with the server. */
1050 ssh_exchange_identification();
1051
1052 /* Put the connection into non-blocking mode. */
1053 packet_set_nonblocking();
1054
1055 /* Get local user name. Use it as server user if no user name
1056 was given. */
1057 pw = getpwuid(original_real_uid);
1058 if (!pw)
1059 fatal("User id %d not found from user database.", original_real_uid);
1060 local_user = xstrdup(pw->pw_name);
6fa724bc 1061 server_user = options.user ? options.user : local_user;
8efc0c15 1062
1063 debug("Waiting for server public key.");
1064
1065 /* Wait for a public key packet from the server. */
1066 packet_read_expect(&payload_len, SSH_SMSG_PUBLIC_KEY);
1067
1068 /* Get check bytes from the packet. */
1069 for (i = 0; i < 8; i++)
1070 check_bytes[i] = packet_get_char();
1071
1072 /* Get the public key. */
1073 public_key = RSA_new();
560557bb 1074 bits = packet_get_int(); /* bits */
8efc0c15 1075 public_key->e = BN_new();
1076 packet_get_bignum(public_key->e, &clen);
1077 sum_len += clen;
1078 public_key->n = BN_new();
1079 packet_get_bignum(public_key->n, &clen);
1080 sum_len += clen;
1081
560557bb 1082 rbits = BN_num_bits(public_key->n);
1083 if (bits != rbits) {
1084 log("Warning: Server lies about size of server public key,");
1085 log("Warning: this may be due to an old implementation of ssh.");
1086 log("Warning: (actual size %d bits, announced size %d bits)", rbits, bits);
1087 }
1088
8efc0c15 1089 /* Get the host key. */
1090 host_key = RSA_new();
560557bb 1091 bits = packet_get_int(); /* bits */
8efc0c15 1092 host_key->e = BN_new();
1093 packet_get_bignum(host_key->e, &clen);
1094 sum_len += clen;
1095 host_key->n = BN_new();
1096 packet_get_bignum(host_key->n, &clen);
1097 sum_len += clen;
1098
560557bb 1099 rbits = BN_num_bits(host_key->n);
1100 if (bits != rbits) {
1101 log("Warning: Server lies about size of server host key,");
1102 log("Warning: this may be due to an old implementation of ssh.");
1103 log("Warning: (actual size %d bits, announced size %d bits)", rbits, bits);
1104 }
1105
8efc0c15 1106 /* Store the host key from the known host file in here
1107 * so that we can compare it with the key for the IP
1108 * address. */
1109 file_key = RSA_new();
1110 file_key->n = BN_new();
1111 file_key->e = BN_new();
1112
1113 /* Get protocol flags. */
1114 protocol_flags = packet_get_int();
1115 packet_set_protocol_flags(protocol_flags);
1116
1117 /* Get supported cipher types. */
1118 supported_ciphers = packet_get_int();
1119
1120 /* Get supported authentication types. */
1121 supported_authentications = packet_get_int();
1122
1123 debug("Received server public key (%d bits) and host key (%d bits).",
1124 BN_num_bits(public_key->n), BN_num_bits(host_key->n));
1125
1126 packet_integrity_check(payload_len,
1127 8 + 4 + sum_len + 0 + 4 + 0 + 0 + 4 + 4 + 4,
1128 SSH_SMSG_PUBLIC_KEY);
1129
1130 /* Compute the session id. */
1131 compute_session_id(session_id, check_bytes,
1132 BN_num_bits(host_key->n), host_key->n,
1133 BN_num_bits(public_key->n), public_key->n);
1134
1135 /* Check if the host key is present in the user\'s list of known hosts
1136 or in the systemwide list. */
6fa724bc 1137 host_status = check_host_in_hostfile(options.user_hostfile,
8efc0c15 1138 host, BN_num_bits(host_key->n),
1139 host_key->e, host_key->n,
1140 file_key->e, file_key->n);
1141 if (host_status == HOST_NEW)
6fa724bc 1142 host_status = check_host_in_hostfile(options.system_hostfile, host,
8efc0c15 1143 BN_num_bits(host_key->n),
1144 host_key->e, host_key->n,
1145 file_key->e, file_key->n);
1146 /* Force accepting of the host key for localhost and 127.0.0.1.
1147 The problem is that if the home directory is NFS-mounted to multiple
1148 machines, localhost will refer to a different machine in each of them,
1149 and the user will get bogus HOST_CHANGED warnings. This essentially
1150 disables host authentication for localhost; however, this is probably
1151 not a real problem. */
1152 if (local) {
1153 debug("Forcing accepting of host key for localhost.");
1154 host_status = HOST_OK;
1155 }
1156
1157 /* Also perform check for the ip address, skip the check if we are
1158 localhost or the hostname was an ip address to begin with */
6fa724bc 1159 if (options.check_host_ip && !local && strcmp(host, ip)) {
8efc0c15 1160 RSA *ip_key = RSA_new();
1161 ip_key->n = BN_new();
1162 ip_key->e = BN_new();
6fa724bc 1163 ip_status = check_host_in_hostfile(options.user_hostfile, ip,
8efc0c15 1164 BN_num_bits(host_key->n),
1165 host_key->e, host_key->n,
1166 ip_key->e, ip_key->n);
1167
1168 if (ip_status == HOST_NEW)
6fa724bc 1169 ip_status = check_host_in_hostfile(options.system_hostfile, ip,
8efc0c15 1170 BN_num_bits(host_key->n),
1171 host_key->e, host_key->n,
1172 ip_key->e, ip_key->n);
1173 if (host_status == HOST_CHANGED &&
1174 (ip_status != HOST_CHANGED ||
1175 (BN_cmp(ip_key->e, file_key->e) || BN_cmp(ip_key->n, file_key->n))))
1176 host_ip_differ = 1;
1177
1178 RSA_free(ip_key);
1179 } else
1180 ip_status = host_status;
1181
1182 RSA_free(file_key);
1183
1184 switch (host_status) {
1185 case HOST_OK:
1186 /* The host is known and the key matches. */
1187 debug("Host '%.200s' is known and matches the host key.", host);
6fa724bc 1188 if (options.check_host_ip) {
8efc0c15 1189 if (ip_status == HOST_NEW) {
6fa724bc 1190 if (!add_host_to_hostfile(options.user_hostfile, ip,
8efc0c15 1191 BN_num_bits(host_key->n),
1192 host_key->e, host_key->n))
1193 log("Failed to add the host ip to the list of known hosts (%.30s).",
6fa724bc 1194 options.user_hostfile);
8efc0c15 1195 else
1196 log("Warning: Permanently added host ip '%.30s' to the list of known hosts.", ip);
1197 } else if (ip_status != HOST_OK)
1198 log("Warning: the host key differ from the key of the ip address '%.30s' differs", ip);
1199 }
1200
1201 break;
1202 case HOST_NEW:
1203 {
1204 char hostline[1000], *hostp = hostline;
1205 /* The host is new. */
6fa724bc 1206 if (options.strict_host_key_checking == 1) {
8efc0c15 1207 /* User has requested strict host key checking. We will not
1208 add the host key automatically. The only alternative left
1209 is to abort. */
1210 fatal("No host key is known for %.200s and you have requested strict checking.", host);
6fa724bc 1211 } else if (options.strict_host_key_checking == 2) { /* The default */
8efc0c15 1212 char prompt[1024];
1213 snprintf(prompt, sizeof(prompt),
1214 "The authenticity of host '%.200s' can't be established.\n"
1215 "Are you sure you want to continue connecting (yes/no)? ",
1216 host);
1217 if (!read_yes_or_no(prompt, -1))
1218 fatal("Aborted by user!\n");
1219 }
1220
6fa724bc 1221 if (options.check_host_ip && ip_status == HOST_NEW && strcmp(host, ip))
8efc0c15 1222 snprintf(hostline, sizeof(hostline), "%s,%s", host, ip);
1223 else
1224 hostp = host;
1225
1226 /* If not in strict mode, add the key automatically to the local
1227 known_hosts file. */
6fa724bc 1228 if (!add_host_to_hostfile(options.user_hostfile, hostp,
8efc0c15 1229 BN_num_bits(host_key->n),
1230 host_key->e, host_key->n))
1231 log("Failed to add the host to the list of known hosts (%.500s).",
6fa724bc 1232 options.user_hostfile);
8efc0c15 1233 else
1234 log("Warning: Permanently added '%.200s' to the list of known hosts.",
1235 hostp);
1236 break;
1237 }
1238 case HOST_CHANGED:
6fa724bc 1239 if (options.check_host_ip) {
8efc0c15 1240 if (host_ip_differ) {
1241 error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
1242 error("@ WARNING: POSSIBLE DNS SPOOFING DETECTED! @");
1243 error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
1244 error("The host key for %s has changed,", host);
1245 error("but the key for the according IP address %s has", ip);
1246 error("a different status. This could either mean that DNS");
1247 error("SPOOFING is happening or the IP address for the host");
1248 error("and its host key have changed at the same time");
1249 }
1250 }
1251
1252 /* The host key has changed. */
1253 error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
1254 error("@ WARNING: HOST IDENTIFICATION HAS CHANGED! @");
1255 error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
1256 error("IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!");
1257 error("Someone could be eavesdropping on you right now (man-in-the-middle attack)!");
1258 error("It is also possible that the host key has just been changed.");
1259 error("Please contact your system administrator.");
1260 error("Add correct host key in %.100s to get rid of this message.",
6fa724bc 1261 options.user_hostfile);
8efc0c15 1262
1263 /* If strict host key checking is in use, the user will have to edit
1264 the key manually and we can only abort. */
6fa724bc 1265 if (options.strict_host_key_checking)
8efc0c15 1266 fatal("Host key for %.200s has changed and you have requested strict checking.", host);
1267
1268 /* If strict host key checking has not been requested, allow the
1269 connection but without password authentication or
1270 agent forwarding. */
6fa724bc 1271 if (options.password_authentication) {
8efc0c15 1272 error("Password authentication is disabled to avoid trojan horses.");
6fa724bc 1273 options.password_authentication = 0;
8efc0c15 1274 }
6fa724bc 1275 if (options.forward_agent) {
8efc0c15 1276 error("Agent forwarding is disabled to avoid trojan horses.");
6fa724bc 1277 options.forward_agent = 0;
8efc0c15 1278 }
1279 /* XXX Should permit the user to change to use the new id. This could
1280 be done by converting the host key to an identifying sentence, tell
1281 that the host identifies itself by that sentence, and ask the user
1282 if he/she whishes to accept the authentication. */
1283 break;
1284 }
1285
6fa724bc 1286 if (options.check_host_ip)
8efc0c15 1287 xfree(ip);
1288
1289 /* Generate a session key. */
1290 arc4random_stir();
1291
1292 /* Generate an encryption key for the session. The key is a 256 bit
1293 random number, interpreted as a 32-byte key, with the least significant
1294 8 bits being the first byte of the key. */
1295 for (i = 0; i < 32; i++) {
1296 if (i % 4 == 0)
1297 rand = arc4random();
1298 session_key[i] = rand & 0xff;
1299 rand >>= 8;
1300 }
1301
1302 /* According to the protocol spec, the first byte of the session key is
1303 the highest byte of the integer. The session key is xored with the
1304 first 16 bytes of the session id. */
1305 key = BN_new();
1306 BN_set_word(key, 0);
1307 for (i = 0; i < SSH_SESSION_KEY_LENGTH; i++)
1308 {
1309 BN_lshift(key, key, 8);
1310 if (i < 16)
1311 BN_add_word(key, session_key[i] ^ session_id[i]);
1312 else
1313 BN_add_word(key, session_key[i]);
1314 }
1315
1316 /* Encrypt the integer using the public key and host key of the server
1317 (key with smaller modulus first). */
1318 if (BN_cmp(public_key->n, host_key->n) < 0)
1319 {
1320 /* Public key has smaller modulus. */
5bae4ab8 1321 if (BN_num_bits(host_key->n) <
1322 BN_num_bits(public_key->n) + SSH_KEY_BITS_RESERVED) {
1323 fatal("respond_to_rsa_challenge: host_key %d < public_key %d + "
1324 "SSH_KEY_BITS_RESERVED %d",
1325 BN_num_bits(host_key->n),
1326 BN_num_bits(public_key->n),
1327 SSH_KEY_BITS_RESERVED);
1328 }
8efc0c15 1329
1330 rsa_public_encrypt(key, key, public_key);
1331 rsa_public_encrypt(key, key, host_key);
1332 }
1333 else
1334 {
1335 /* Host key has smaller modulus (or they are equal). */
5bae4ab8 1336 if (BN_num_bits(public_key->n) <
1337 BN_num_bits(host_key->n) + SSH_KEY_BITS_RESERVED) {
1338 fatal("respond_to_rsa_challenge: public_key %d < host_key %d + "
1339 "SSH_KEY_BITS_RESERVED %d",
1340 BN_num_bits(public_key->n),
1341 BN_num_bits(host_key->n),
1342 SSH_KEY_BITS_RESERVED);
1343 }
8efc0c15 1344
1345 rsa_public_encrypt(key, key, host_key);
1346 rsa_public_encrypt(key, key, public_key);
1347 }
1348
6fa724bc 1349 if (options.cipher == SSH_CIPHER_NOT_SET) {
8efc0c15 1350 if (cipher_mask() & supported_ciphers & (1 << ssh_cipher_default))
6fa724bc 1351 options.cipher = ssh_cipher_default;
8efc0c15 1352 else {
1353 debug("Cipher %d not supported, using %.100s instead.",
1354 cipher_name(ssh_cipher_default),
1355 cipher_name(SSH_FALLBACK_CIPHER));
6fa724bc 1356 options.cipher = SSH_FALLBACK_CIPHER;
8efc0c15 1357 }
1358 }
1359
1360 /* Check that the selected cipher is supported. */
6fa724bc 1361 if (!(supported_ciphers & (1 << options.cipher)))
8efc0c15 1362 fatal("Selected cipher type %.100s not supported by server.",
6fa724bc 1363 cipher_name(options.cipher));
8efc0c15 1364
6fa724bc 1365 debug("Encryption type: %.100s", cipher_name(options.cipher));
8efc0c15 1366
1367 /* Send the encrypted session key to the server. */
1368 packet_start(SSH_CMSG_SESSION_KEY);
6fa724bc 1369 packet_put_char(options.cipher);
8efc0c15 1370
1371 /* Send the check bytes back to the server. */
1372 for (i = 0; i < 8; i++)
1373 packet_put_char(check_bytes[i]);
1374
1375 /* Send the encrypted encryption key. */
1376 packet_put_bignum(key);
1377
1378 /* Send protocol flags. */
1379 packet_put_int(SSH_PROTOFLAG_SCREEN_NUMBER | SSH_PROTOFLAG_HOST_IN_FWD_OPEN);
1380
1381 /* Send the packet now. */
1382 packet_send();
1383 packet_write_wait();
1384
1385 /* Destroy the session key integer and the public keys since we no longer
1386 need them. */
1387 BN_clear_free(key);
1388 RSA_free(public_key);
1389 RSA_free(host_key);
1390
1391 debug("Sent encrypted session key.");
1392
1393 /* Set the encryption key. */
1394 packet_set_encryption_key(session_key, SSH_SESSION_KEY_LENGTH,
6fa724bc 1395 options.cipher, 1);
8efc0c15 1396
1397 /* We will no longer need the session key here. Destroy any extra copies. */
1398 memset(session_key, 0, sizeof(session_key));
1399
1400 /* Expect a success message from the server. Note that this message will
1401 be received in encrypted form. */
1402 packet_read_expect(&payload_len, SSH_SMSG_SUCCESS);
1403
1404 debug("Received encrypted confirmation.");
1405
1406 /* Send the name of the user to log in as on the server. */
1407 packet_start(SSH_CMSG_USER);
1408 packet_put_string(server_user, strlen(server_user));
1409 packet_send();
1410 packet_write_wait();
1411
1412 /* The server should respond with success if no authentication is needed
1413 (the user has no password). Otherwise the server responds with
1414 failure. */
1415 type = packet_read(&payload_len);
1416 if (type == SSH_SMSG_SUCCESS)
1417 return; /* Connection was accepted without authentication. */
1418 if (type != SSH_SMSG_FAILURE)
1419 packet_disconnect("Protocol error: got %d in response to SSH_CMSG_USER",
1420 type);
1421
1422#ifdef AFS
1423 /* Try Kerberos tgt passing if the server supports it. */
1424 if ((supported_authentications & (1 << SSH_PASS_KERBEROS_TGT)) &&
6fa724bc 1425 options.kerberos_tgt_passing)
8efc0c15 1426 {
6fa724bc 1427 if (options.cipher == SSH_CIPHER_NONE)
8efc0c15 1428 log("WARNING: Encryption is disabled! Ticket will be transmitted in the clear!");
1429 (void)send_kerberos_tgt();
1430 }
1431
1432 /* Try AFS token passing if the server supports it. */
1433 if ((supported_authentications & (1 << SSH_PASS_AFS_TOKEN)) &&
6fa724bc 1434 options.afs_token_passing && k_hasafs()) {
1435 if (options.cipher == SSH_CIPHER_NONE)
8efc0c15 1436 log("WARNING: Encryption is disabled! Token will be transmitted in the clear!");
1437 send_afs_tokens();
1438 }
1439#endif /* AFS */
1440
1441#ifdef KRB4
1442 if ((supported_authentications & (1 << SSH_AUTH_KERBEROS)) &&
6fa724bc 1443 options.kerberos_authentication)
8efc0c15 1444 {
1445 debug("Trying Kerberos authentication.");
1446 if (try_kerberos_authentication()) {
1447 /* The server should respond with success or failure. */
1448 type = packet_read(&payload_len);
1449 if (type == SSH_SMSG_SUCCESS)
1450 return; /* Successful connection. */
1451 if (type != SSH_SMSG_FAILURE)
1452 packet_disconnect("Protocol error: got %d in response to Kerberos auth", type);
1453 }
1454 }
1455#endif /* KRB4 */
1456
1457 /* Use rhosts authentication if running in privileged socket and we do not
1458 wish to remain anonymous. */
1459 if ((supported_authentications & (1 << SSH_AUTH_RHOSTS)) &&
6fa724bc 1460 options.rhosts_authentication)
8efc0c15 1461 {
1462 debug("Trying rhosts authentication.");
1463 packet_start(SSH_CMSG_AUTH_RHOSTS);
1464 packet_put_string(local_user, strlen(local_user));
1465 packet_send();
1466 packet_write_wait();
1467
1468 /* The server should respond with success or failure. */
1469 type = packet_read(&payload_len);
1470 if (type == SSH_SMSG_SUCCESS)
1471 return; /* Successful connection. */
1472 if (type != SSH_SMSG_FAILURE)
1473 packet_disconnect("Protocol error: got %d in response to rhosts auth",
1474 type);
1475 }
1476
1477 /* Try .rhosts or /etc/hosts.equiv authentication with RSA host
1478 authentication. */
1479 if ((supported_authentications & (1 << SSH_AUTH_RHOSTS_RSA)) &&
6fa724bc 1480 options.rhosts_rsa_authentication && host_key_valid)
8efc0c15 1481 {
1482 if (try_rhosts_rsa_authentication(local_user, own_host_key))
1483 return; /* Successful authentication. */
1484 }
1485
1486 /* Try RSA authentication if the server supports it. */
1487 if ((supported_authentications & (1 << SSH_AUTH_RSA)) &&
6fa724bc 1488 options.rsa_authentication)
8efc0c15 1489 {
1490 /* Try RSA authentication using the authentication agent. The agent
1491 is tried first because no passphrase is needed for it, whereas
1492 identity files may require passphrases. */
1493 if (try_agent_authentication())
1494 return; /* Successful connection. */
1495
1496 /* Try RSA authentication for each identity. */
6fa724bc 1497 for (i = 0; i < options.num_identity_files; i++)
1498 if (try_rsa_authentication(pw, options.identity_files[i]))
8efc0c15 1499 return; /* Successful connection. */
1500 }
1501
1502 /* Try password authentication if the server supports it. */
1503 if ((supported_authentications & (1 << SSH_AUTH_PASSWORD)) &&
6fa724bc 1504 options.password_authentication && !options.batch_mode)
8efc0c15 1505 {
1506 char prompt[80];
1507 snprintf(prompt, sizeof(prompt), "%.30s@%.30s's password: ",
1508 server_user, host);
1509 debug("Doing password authentication.");
6fa724bc 1510 if (options.cipher == SSH_CIPHER_NONE)
8efc0c15 1511 log("WARNING: Encryption is disabled! Password will be transmitted in clear text.");
6fa724bc 1512 for (i = 0; i < options.number_of_password_prompts; i++) {
8efc0c15 1513 if (i != 0)
1514 error("Permission denied, please try again.");
1515 password = read_passphrase(prompt, 0);
1516 packet_start(SSH_CMSG_AUTH_PASSWORD);
1517 packet_put_string(password, strlen(password));
1518 memset(password, 0, strlen(password));
1519 xfree(password);
1520 packet_send();
1521 packet_write_wait();
1522
1523 type = packet_read(&payload_len);
1524 if (type == SSH_SMSG_SUCCESS)
1525 return; /* Successful connection. */
1526 if (type != SSH_SMSG_FAILURE)
1527 packet_disconnect("Protocol error: got %d in response to passwd auth", type);
1528 }
1529 }
1530
1531 /* All authentication methods have failed. Exit with an error message. */
1532 fatal("Permission denied.");
1533 /*NOTREACHED*/
1534}
git-cvsimport mirror of OpenSSH
This page took 2.572812 seconds and 5 git commands to generate.