2 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution.
13 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
14 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
15 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
16 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
17 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
18 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
19 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
20 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
21 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26 RCSID("$OpenBSD: sshconnect2.c,v 1.60 2001/03/29 21:06:21 stevesk Exp $");
28 #include <openssl/bn.h>
29 #include <openssl/md5.h>
30 #include <openssl/dh.h>
31 #include <openssl/hmac.h>
44 #include "myproposal.h"
46 #include "sshconnect.h"
57 void ssh_dh1_client(Kex *, char *, struct sockaddr *, Buffer *, Buffer *);
58 void ssh_dhgex_client(Kex *, char *, struct sockaddr *, Buffer *, Buffer *);
61 extern char *client_version_string;
62 extern char *server_version_string;
63 extern Options options;
69 u_char *session_id2 = NULL;
70 int session_id2_len = 0;
73 ssh_kex2(char *host, struct sockaddr *hostaddr)
77 Buffer *client_kexinit, *server_kexinit;
78 char *sprop[PROPOSAL_MAX];
80 if (options.ciphers == (char *)-1) {
81 log("No valid ciphers for protocol version 2 given, using defaults.");
82 options.ciphers = NULL;
84 if (options.ciphers != NULL) {
85 myproposal[PROPOSAL_ENC_ALGS_CTOS] =
86 myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers;
88 myproposal[PROPOSAL_ENC_ALGS_CTOS] =
89 compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_CTOS]);
90 myproposal[PROPOSAL_ENC_ALGS_STOC] =
91 compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_STOC]);
92 if (options.compression) {
93 myproposal[PROPOSAL_COMP_ALGS_CTOS] =
94 myproposal[PROPOSAL_COMP_ALGS_STOC] = "zlib";
96 myproposal[PROPOSAL_COMP_ALGS_CTOS] =
97 myproposal[PROPOSAL_COMP_ALGS_STOC] = "none";
99 if (options.macs != NULL) {
100 myproposal[PROPOSAL_MAC_ALGS_CTOS] =
101 myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
104 /* buffers with raw kexinit messages */
105 server_kexinit = xmalloc(sizeof(*server_kexinit));
106 buffer_init(server_kexinit);
107 client_kexinit = kex_init(myproposal);
109 /* algorithm negotiation */
110 kex_exchange_kexinit(client_kexinit, server_kexinit, sprop);
111 kex = kex_choose_conf(myproposal, sprop, 0);
112 for (i = 0; i < PROPOSAL_MAX; i++)
115 /* server authentication and session key agreement */
116 switch(kex->kex_type) {
118 ssh_dh1_client(kex, host, hostaddr,
119 client_kexinit, server_kexinit);
122 ssh_dhgex_client(kex, host, hostaddr, client_kexinit,
126 fatal("Unsupported key exchange %d", kex->kex_type);
129 buffer_free(client_kexinit);
130 buffer_free(server_kexinit);
131 xfree(client_kexinit);
132 xfree(server_kexinit);
134 debug("Wait SSH2_MSG_NEWKEYS.");
135 packet_read_expect(&plen, SSH2_MSG_NEWKEYS);
137 debug("GOT SSH2_MSG_NEWKEYS.");
139 debug("send SSH2_MSG_NEWKEYS.");
140 packet_start(SSH2_MSG_NEWKEYS);
143 debug("done: send SSH2_MSG_NEWKEYS.");
146 /* send 1st encrypted/maced/compressed message */
147 packet_start(SSH2_MSG_IGNORE);
148 packet_put_cstring("markus");
152 debug("done: KEX2.");
155 /* diffie-hellman-group1-sha1 */
158 ssh_dh1_client(Kex *kex, char *host, struct sockaddr *hostaddr,
159 Buffer *client_kexinit, Buffer *server_kexinit)
166 char *signature = NULL;
168 char *server_host_key_blob = NULL;
169 Key *server_host_key;
172 BIGNUM *dh_server_pub = 0;
173 BIGNUM *shared_secret = 0;
177 debug("Sending SSH2_MSG_KEXDH_INIT.");
178 /* generate and send 'e', client DH public key */
179 dh = dh_new_group1();
180 dh_gen_key(dh, kex->we_need * 8);
181 packet_start(SSH2_MSG_KEXDH_INIT);
182 packet_put_bignum2(dh->pub_key);
187 fprintf(stderr, "\np= ");
188 BN_print_fp(stderr, dh->p);
189 fprintf(stderr, "\ng= ");
190 BN_print_fp(stderr, dh->g);
191 fprintf(stderr, "\npub= ");
192 BN_print_fp(stderr, dh->pub_key);
193 fprintf(stderr, "\n");
194 DHparams_print_fp(stderr, dh);
197 debug("Wait SSH2_MSG_KEXDH_REPLY.");
199 packet_read_expect(&plen, SSH2_MSG_KEXDH_REPLY);
201 debug("Got SSH2_MSG_KEXDH_REPLY.");
204 server_host_key_blob = packet_get_string(&sbloblen);
205 server_host_key = key_from_blob(server_host_key_blob, sbloblen);
206 if (server_host_key == NULL)
207 fatal("cannot decode server_host_key_blob");
209 check_host_key(host, hostaddr, server_host_key,
210 options.user_hostfile2, options.system_hostfile2);
212 /* DH paramter f, server public DH key */
213 dh_server_pub = BN_new();
214 if (dh_server_pub == NULL)
215 fatal("dh_server_pub == NULL");
216 packet_get_bignum2(dh_server_pub, &dlen);
219 fprintf(stderr, "\ndh_server_pub= ");
220 BN_print_fp(stderr, dh_server_pub);
221 fprintf(stderr, "\n");
222 debug("bits %d", BN_num_bits(dh_server_pub));
226 signature = packet_get_string(&slen);
229 if (!dh_pub_is_valid(dh, dh_server_pub))
230 packet_disconnect("bad server public DH value");
233 kbuf = xmalloc(klen);
234 kout = DH_compute_key(kbuf, dh_server_pub, dh);
236 debug("shared secret: len %d/%d", klen, kout);
237 fprintf(stderr, "shared secret == ");
238 for (i = 0; i< kout; i++)
239 fprintf(stderr, "%02x", (kbuf[i])&0xff);
240 fprintf(stderr, "\n");
242 shared_secret = BN_new();
244 BN_bin2bn(kbuf, kout, shared_secret);
245 memset(kbuf, 0, klen);
248 /* calc and verify H */
250 client_version_string,
251 server_version_string,
252 buffer_ptr(client_kexinit), buffer_len(client_kexinit),
253 buffer_ptr(server_kexinit), buffer_len(server_kexinit),
254 server_host_key_blob, sbloblen,
259 xfree(server_host_key_blob);
261 BN_free(dh_server_pub);
263 fprintf(stderr, "hash == ");
264 for (i = 0; i< 20; i++)
265 fprintf(stderr, "%02x", (hash[i])&0xff);
266 fprintf(stderr, "\n");
268 if (key_verify(server_host_key, (u_char *)signature, slen, hash, 20) != 1)
269 fatal("key_verify failed for server_host_key");
270 key_free(server_host_key);
273 kex_derive_keys(kex, hash, shared_secret);
274 BN_clear_free(shared_secret);
277 /* save session id */
278 session_id2_len = 20;
279 session_id2 = xmalloc(session_id2_len);
280 memcpy(session_id2, hash, session_id2_len);
283 /* diffie-hellman-group-exchange-sha1 */
286 * Estimates the group order for a Diffie-Hellman group that has an
287 * attack complexity approximately the same as O(2**bits). Estimate
288 * with: O(exp(1.9223 * (ln q)^(1/3) (ln ln q)^(2/3)))
292 dh_estimate(int bits)
296 return (512); /* O(2**63) */
298 return (1024); /* O(2**86) */
300 return (2048); /* O(2**116) */
301 return (4096); /* O(2**156) */
305 ssh_dhgex_client(Kex *kex, char *host, struct sockaddr *hostaddr,
306 Buffer *client_kexinit, Buffer *server_kexinit)
313 char *signature = NULL;
314 u_int slen, nbits, min, max;
315 char *server_host_key_blob = NULL;
316 Key *server_host_key;
319 BIGNUM *dh_server_pub = 0;
320 BIGNUM *shared_secret = 0;
321 BIGNUM *p = 0, *g = 0;
325 nbits = dh_estimate(kex->we_need * 8);
327 if (datafellows & SSH_OLD_DHGEX) {
328 debug("Sending SSH2_MSG_KEX_DH_GEX_REQUEST_OLD.");
330 /* Old GEX request */
331 packet_start(SSH2_MSG_KEX_DH_GEX_REQUEST_OLD);
332 packet_put_int(nbits);
336 debug("Sending SSH2_MSG_KEX_DH_GEX_REQUEST.");
338 /* New GEX request */
342 packet_start(SSH2_MSG_KEX_DH_GEX_REQUEST);
344 packet_put_int(nbits);
351 fprintf(stderr, "\nmin = %d, nbits = %d, max = %d", min, nbits, max);
354 debug("Wait SSH2_MSG_KEX_DH_GEX_GROUP.");
356 packet_read_expect(&plen, SSH2_MSG_KEX_DH_GEX_GROUP);
358 debug("Got SSH2_MSG_KEX_DH_GEX_GROUP.");
360 if ((p = BN_new()) == NULL)
362 packet_get_bignum2(p, &dlen);
363 if ((g = BN_new()) == NULL)
365 packet_get_bignum2(g, &dlen);
367 if (BN_num_bits(p) < min || BN_num_bits(p) > max)
368 fatal("DH_GEX group out of range: %d !< %d !< %d",
369 min, BN_num_bits(p), max);
371 dh = dh_new_group(g, p);
373 dh_gen_key(dh, kex->we_need * 8);
376 fprintf(stderr, "\np= ");
377 BN_print_fp(stderr, dh->p);
378 fprintf(stderr, "\ng= ");
379 BN_print_fp(stderr, dh->g);
380 fprintf(stderr, "\npub= ");
381 BN_print_fp(stderr, dh->pub_key);
382 fprintf(stderr, "\n");
383 DHparams_print_fp(stderr, dh);
386 debug("Sending SSH2_MSG_KEX_DH_GEX_INIT.");
387 /* generate and send 'e', client DH public key */
388 packet_start(SSH2_MSG_KEX_DH_GEX_INIT);
389 packet_put_bignum2(dh->pub_key);
393 debug("Wait SSH2_MSG_KEX_DH_GEX_REPLY.");
395 packet_read_expect(&plen, SSH2_MSG_KEX_DH_GEX_REPLY);
397 debug("Got SSH2_MSG_KEXDH_REPLY.");
400 server_host_key_blob = packet_get_string(&sbloblen);
401 server_host_key = key_from_blob(server_host_key_blob, sbloblen);
402 if (server_host_key == NULL)
403 fatal("cannot decode server_host_key_blob");
405 check_host_key(host, hostaddr, server_host_key,
406 options.user_hostfile2, options.system_hostfile2);
408 /* DH paramter f, server public DH key */
409 dh_server_pub = BN_new();
410 if (dh_server_pub == NULL)
411 fatal("dh_server_pub == NULL");
412 packet_get_bignum2(dh_server_pub, &dlen);
415 fprintf(stderr, "\ndh_server_pub= ");
416 BN_print_fp(stderr, dh_server_pub);
417 fprintf(stderr, "\n");
418 debug("bits %d", BN_num_bits(dh_server_pub));
422 signature = packet_get_string(&slen);
425 if (!dh_pub_is_valid(dh, dh_server_pub))
426 packet_disconnect("bad server public DH value");
429 kbuf = xmalloc(klen);
430 kout = DH_compute_key(kbuf, dh_server_pub, dh);
432 debug("shared secret: len %d/%d", klen, kout);
433 fprintf(stderr, "shared secret == ");
434 for (i = 0; i< kout; i++)
435 fprintf(stderr, "%02x", (kbuf[i])&0xff);
436 fprintf(stderr, "\n");
438 shared_secret = BN_new();
440 BN_bin2bn(kbuf, kout, shared_secret);
441 memset(kbuf, 0, klen);
444 if (datafellows & SSH_OLD_DHGEX) {
445 /* These values are not included in the hash */
450 /* calc and verify H */
452 client_version_string,
453 server_version_string,
454 buffer_ptr(client_kexinit), buffer_len(client_kexinit),
455 buffer_ptr(server_kexinit), buffer_len(server_kexinit),
456 server_host_key_blob, sbloblen,
463 xfree(server_host_key_blob);
465 BN_free(dh_server_pub);
467 fprintf(stderr, "hash == ");
468 for (i = 0; i< 20; i++)
469 fprintf(stderr, "%02x", (hash[i])&0xff);
470 fprintf(stderr, "\n");
472 if (key_verify(server_host_key, (u_char *)signature, slen, hash, 20) != 1)
473 fatal("key_verify failed for server_host_key");
474 key_free(server_host_key);
477 kex_derive_keys(kex, hash, shared_secret);
478 BN_clear_free(shared_secret);
481 /* save session id */
482 session_id2_len = 20;
483 session_id2 = xmalloc(session_id2_len);
484 memcpy(session_id2, hash, session_id2_len);
491 typedef struct Authctxt Authctxt;
492 typedef struct Authmethod Authmethod;
494 typedef int sign_cb_fn(
495 Authctxt *authctxt, Key *key,
496 u_char **sigp, int *lenp, u_char *data, int datalen);
499 const char *server_user;
502 AuthenticationConnection *agent;
507 sign_cb_fn *last_key_sign;
511 char *name; /* string to compare against server's list */
512 int (*userauth)(Authctxt *authctxt);
513 int *enabled; /* flag in option struct that enables method */
514 int *batch_flag; /* flag in option struct that disables method */
517 void input_userauth_success(int type, int plen, void *ctxt);
518 void input_userauth_failure(int type, int plen, void *ctxt);
519 void input_userauth_banner(int type, int plen, void *ctxt);
520 void input_userauth_error(int type, int plen, void *ctxt);
521 void input_userauth_info_req(int type, int plen, void *ctxt);
522 void input_userauth_pk_ok(int type, int plen, void *ctxt);
524 int userauth_none(Authctxt *authctxt);
525 int userauth_pubkey(Authctxt *authctxt);
526 int userauth_passwd(Authctxt *authctxt);
527 int userauth_kbdint(Authctxt *authctxt);
529 void userauth(Authctxt *authctxt, char *authlist);
532 sign_and_send_pubkey(Authctxt *authctxt, Key *k,
533 sign_cb_fn *sign_callback);
534 void clear_auth_state(Authctxt *authctxt);
536 Authmethod *authmethod_get(char *authlist);
537 Authmethod *authmethod_lookup(const char *name);
538 char *authmethods_get(void);
540 Authmethod authmethods[] = {
543 &options.pubkey_authentication,
547 &options.password_authentication,
548 &options.batch_mode},
549 {"keyboard-interactive",
551 &options.kbd_interactive_authentication,
552 &options.batch_mode},
557 {NULL, NULL, NULL, NULL}
561 ssh_userauth2(const char *server_user, char *host)
567 if (options.challenge_reponse_authentication)
568 options.kbd_interactive_authentication = 1;
570 debug("send SSH2_MSG_SERVICE_REQUEST");
571 packet_start(SSH2_MSG_SERVICE_REQUEST);
572 packet_put_cstring("ssh-userauth");
575 type = packet_read(&plen);
576 if (type != SSH2_MSG_SERVICE_ACCEPT) {
577 fatal("denied SSH2_MSG_SERVICE_ACCEPT: %d", type);
579 if (packet_remaining() > 0) {
580 char *reply = packet_get_string(&plen);
581 debug("service_accept: %s", reply);
584 debug("buggy server: service_accept w/o service");
587 debug("got SSH2_MSG_SERVICE_ACCEPT");
589 if (options.preferred_authentications == NULL)
590 options.preferred_authentications = authmethods_get();
592 /* setup authentication context */
593 authctxt.agent = ssh_get_authentication_connection();
594 authctxt.server_user = server_user;
595 authctxt.host = host;
596 authctxt.service = "ssh-connection"; /* service name */
597 authctxt.success = 0;
598 authctxt.method = authmethod_lookup("none");
599 authctxt.authlist = NULL;
600 if (authctxt.method == NULL)
601 fatal("ssh_userauth2: internal error: cannot send userauth none request");
603 /* initial userauth request */
604 userauth_none(&authctxt);
606 dispatch_init(&input_userauth_error);
607 dispatch_set(SSH2_MSG_USERAUTH_SUCCESS, &input_userauth_success);
608 dispatch_set(SSH2_MSG_USERAUTH_FAILURE, &input_userauth_failure);
609 dispatch_set(SSH2_MSG_USERAUTH_BANNER, &input_userauth_banner);
610 dispatch_run(DISPATCH_BLOCK, &authctxt.success, &authctxt); /* loop until success */
612 if (authctxt.agent != NULL)
613 ssh_close_authentication_connection(authctxt.agent);
615 debug("ssh-userauth2 successful: method %s", authctxt.method->name);
618 userauth(Authctxt *authctxt, char *authlist)
620 if (authlist == NULL) {
621 authlist = authctxt->authlist;
623 if (authctxt->authlist)
624 xfree(authctxt->authlist);
625 authctxt->authlist = authlist;
628 Authmethod *method = authmethod_get(authlist);
630 fatal("Permission denied (%s).", authlist);
631 authctxt->method = method;
632 if (method->userauth(authctxt) != 0) {
633 debug2("we sent a %s packet, wait for reply", method->name);
636 debug2("we did not send a packet, disable method");
637 method->enabled = NULL;
642 input_userauth_error(int type, int plen, void *ctxt)
644 fatal("input_userauth_error: bad message during authentication: "
648 input_userauth_banner(int type, int plen, void *ctxt)
651 debug3("input_userauth_banner");
652 msg = packet_get_string(NULL);
653 lang = packet_get_string(NULL);
654 fprintf(stderr, "%s", msg);
659 input_userauth_success(int type, int plen, void *ctxt)
661 Authctxt *authctxt = ctxt;
662 if (authctxt == NULL)
663 fatal("input_userauth_success: no authentication context");
664 if (authctxt->authlist)
665 xfree(authctxt->authlist);
666 clear_auth_state(authctxt);
667 authctxt->success = 1; /* break out */
670 input_userauth_failure(int type, int plen, void *ctxt)
672 Authctxt *authctxt = ctxt;
673 char *authlist = NULL;
676 if (authctxt == NULL)
677 fatal("input_userauth_failure: no authentication context");
679 authlist = packet_get_string(NULL);
680 partial = packet_get_char();
684 log("Authenticated with partial success.");
685 debug("authentications that can continue: %s", authlist);
687 clear_auth_state(authctxt);
688 userauth(authctxt, authlist);
691 input_userauth_pk_ok(int type, int plen, void *ctxt)
693 Authctxt *authctxt = ctxt;
696 int alen, blen, pktype, sent = 0;
697 char *pkalg, *pkblob, *fp;
699 if (authctxt == NULL)
700 fatal("input_userauth_pk_ok: no authentication context");
701 if (datafellows & SSH_BUG_PKOK) {
702 /* this is similar to SSH_BUG_PKAUTH */
703 debug2("input_userauth_pk_ok: SSH_BUG_PKOK");
704 pkblob = packet_get_string(&blen);
706 buffer_append(&b, pkblob, blen);
707 pkalg = buffer_get_string(&b, &alen);
710 pkalg = packet_get_string(&alen);
711 pkblob = packet_get_string(&blen);
715 debug("input_userauth_pk_ok: pkalg %s blen %d lastkey %p hint %d",
716 pkalg, blen, authctxt->last_key, authctxt->last_key_hint);
719 if (authctxt->last_key == NULL ||
720 authctxt->last_key_sign == NULL) {
721 debug("no last key or no sign cb");
724 if ((pktype = key_type_from_name(pkalg)) == KEY_UNSPEC) {
725 debug("unknown pkalg %s", pkalg);
728 if ((key = key_from_blob(pkblob, blen)) == NULL) {
729 debug("no key from blob. pkalg %s", pkalg);
732 fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
733 debug2("input_userauth_pk_ok: fp %s", fp);
735 if (!key_equal(key, authctxt->last_key)) {
736 debug("key != last_key");
739 sent = sign_and_send_pubkey(authctxt, key,
740 authctxt->last_key_sign);
749 clear_auth_state(authctxt);
750 dispatch_set(SSH2_MSG_USERAUTH_PK_OK, NULL);
752 /* try another method if we did not send a packet*/
754 userauth(authctxt, NULL);
759 userauth_none(Authctxt *authctxt)
761 /* initial userauth request */
762 packet_start(SSH2_MSG_USERAUTH_REQUEST);
763 packet_put_cstring(authctxt->server_user);
764 packet_put_cstring(authctxt->service);
765 packet_put_cstring(authctxt->method->name);
771 userauth_passwd(Authctxt *authctxt)
773 static int attempt = 0;
777 if (attempt++ >= options.number_of_password_prompts)
781 error("Permission denied, please try again.");
783 snprintf(prompt, sizeof(prompt), "%.30s@%.128s's password: ",
784 authctxt->server_user, authctxt->host);
785 password = read_passphrase(prompt, 0);
786 packet_start(SSH2_MSG_USERAUTH_REQUEST);
787 packet_put_cstring(authctxt->server_user);
788 packet_put_cstring(authctxt->service);
789 packet_put_cstring(authctxt->method->name);
791 packet_put_cstring(password);
792 memset(password, 0, strlen(password));
794 packet_inject_ignore(64);
800 clear_auth_state(Authctxt *authctxt)
802 /* XXX clear authentication state */
803 if (authctxt->last_key != NULL && authctxt->last_key_hint == -1) {
804 debug3("clear_auth_state: key_free %p", authctxt->last_key);
805 key_free(authctxt->last_key);
807 authctxt->last_key = NULL;
808 authctxt->last_key_hint = -2;
809 authctxt->last_key_sign = NULL;
813 sign_and_send_pubkey(Authctxt *authctxt, Key *k, sign_cb_fn *sign_callback)
816 u_char *blob, *signature;
822 debug3("sign_and_send_pubkey");
824 if (key_to_blob(k, &blob, &bloblen) == 0) {
825 /* we cannot handle this key */
826 debug3("sign_and_send_pubkey: cannot handle key");
829 /* data to be signed */
831 if (datafellows & SSH_OLD_SESSIONID) {
832 buffer_append(&b, session_id2, session_id2_len);
833 skip = session_id2_len;
835 buffer_put_string(&b, session_id2, session_id2_len);
836 skip = buffer_len(&b);
838 buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
839 buffer_put_cstring(&b, authctxt->server_user);
840 buffer_put_cstring(&b,
841 datafellows & SSH_BUG_PKSERVICE ?
844 if (datafellows & SSH_BUG_PKAUTH) {
845 buffer_put_char(&b, have_sig);
847 buffer_put_cstring(&b, authctxt->method->name);
848 buffer_put_char(&b, have_sig);
849 buffer_put_cstring(&b, key_ssh_name(k));
851 buffer_put_string(&b, blob, bloblen);
853 /* generate signature */
854 ret = (*sign_callback)(authctxt, k, &signature, &slen,
855 buffer_ptr(&b), buffer_len(&b));
864 if (datafellows & SSH_BUG_PKSERVICE) {
866 buffer_append(&b, session_id2, session_id2_len);
867 skip = session_id2_len;
868 buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
869 buffer_put_cstring(&b, authctxt->server_user);
870 buffer_put_cstring(&b, authctxt->service);
871 buffer_put_cstring(&b, authctxt->method->name);
872 buffer_put_char(&b, have_sig);
873 if (!(datafellows & SSH_BUG_PKAUTH))
874 buffer_put_cstring(&b, key_ssh_name(k));
875 buffer_put_string(&b, blob, bloblen);
879 /* append signature */
880 buffer_put_string(&b, signature, slen);
883 /* skip session id and packet type */
884 if (buffer_len(&b) < skip + 1)
885 fatal("userauth_pubkey: internal error");
886 buffer_consume(&b, skip + 1);
888 /* put remaining data from buffer into packet */
889 packet_start(SSH2_MSG_USERAUTH_REQUEST);
890 packet_put_raw(buffer_ptr(&b), buffer_len(&b));
898 send_pubkey_test(Authctxt *authctxt, Key *k, sign_cb_fn *sign_callback,
902 int bloblen, have_sig = 0;
904 debug3("send_pubkey_test");
906 if (key_to_blob(k, &blob, &bloblen) == 0) {
907 /* we cannot handle this key */
908 debug3("send_pubkey_test: cannot handle key");
911 /* register callback for USERAUTH_PK_OK message */
912 authctxt->last_key_sign = sign_callback;
913 authctxt->last_key_hint = hint;
914 authctxt->last_key = k;
915 dispatch_set(SSH2_MSG_USERAUTH_PK_OK, &input_userauth_pk_ok);
917 packet_start(SSH2_MSG_USERAUTH_REQUEST);
918 packet_put_cstring(authctxt->server_user);
919 packet_put_cstring(authctxt->service);
920 packet_put_cstring(authctxt->method->name);
921 packet_put_char(have_sig);
922 if (!(datafellows & SSH_BUG_PKAUTH))
923 packet_put_cstring(key_ssh_name(k));
924 packet_put_string(blob, bloblen);
931 load_identity_file(char *filename)
934 char prompt[300], *passphrase;
938 if (stat(filename, &st) < 0) {
939 debug3("no such identity: %s", filename);
942 private = key_load_private_type(KEY_UNSPEC, filename, "", NULL);
943 if (private == NULL) {
944 if (options.batch_mode)
946 snprintf(prompt, sizeof prompt,
947 "Enter passphrase for key '%.100s': ", filename);
948 for (i = 0; i < options.number_of_password_prompts; i++) {
949 passphrase = read_passphrase(prompt, 0);
950 if (strcmp(passphrase, "") != 0) {
951 private = key_load_private_type(KEY_UNSPEC, filename,
955 debug2("no passphrase given, try next key");
958 memset(passphrase, 0, strlen(passphrase));
960 if (private != NULL || quit)
962 debug2("bad passphrase given, try again...");
969 identity_sign_cb(Authctxt *authctxt, Key *key, u_char **sigp, int *lenp,
970 u_char *data, int datalen)
975 idx = authctxt->last_key_hint;
978 private = load_identity_file(options.identity_files[idx]);
981 ret = key_sign(private, sigp, lenp, data, datalen);
986 int agent_sign_cb(Authctxt *authctxt, Key *key, u_char **sigp, int *lenp,
987 u_char *data, int datalen)
989 return ssh_agent_sign(authctxt->agent, key, sigp, lenp, data, datalen);
992 int key_sign_cb(Authctxt *authctxt, Key *key, u_char **sigp, int *lenp,
993 u_char *data, int datalen)
995 return key_sign(key, sigp, lenp, data, datalen);
999 userauth_pubkey_agent(Authctxt *authctxt)
1001 static int called = 0;
1007 if (ssh_get_num_identities(authctxt->agent, 2) == 0)
1008 debug2("userauth_pubkey_agent: no keys at all");
1011 k = ssh_get_next_identity(authctxt->agent, &comment, 2);
1013 debug2("userauth_pubkey_agent: no more keys");
1015 debug("userauth_pubkey_agent: testing agent key %s", comment);
1017 ret = send_pubkey_test(authctxt, k, agent_sign_cb, -1);
1022 debug2("userauth_pubkey_agent: no message sent");
1027 userauth_pubkey(Authctxt *authctxt)
1034 if (authctxt->agent != NULL) {
1036 sent = userauth_pubkey_agent(authctxt);
1037 } while(!sent && authctxt->agent->howmany > 0);
1039 while (!sent && idx < options.num_identity_files) {
1040 key = options.identity_keys[idx];
1041 filename = options.identity_files[idx];
1043 debug("try privkey: %s", filename);
1044 key = load_identity_file(filename);
1046 sent = sign_and_send_pubkey(authctxt, key,
1050 } else if (key->type != KEY_RSA1) {
1051 debug("try pubkey: %s", filename);
1052 sent = send_pubkey_test(authctxt, key,
1053 identity_sign_cb, idx);
1061 * Send userauth request message specifying keyboard-interactive method.
1064 userauth_kbdint(Authctxt *authctxt)
1066 static int attempt = 0;
1068 if (attempt++ >= options.number_of_password_prompts)
1071 debug2("userauth_kbdint");
1072 packet_start(SSH2_MSG_USERAUTH_REQUEST);
1073 packet_put_cstring(authctxt->server_user);
1074 packet_put_cstring(authctxt->service);
1075 packet_put_cstring(authctxt->method->name);
1076 packet_put_cstring(""); /* lang */
1077 packet_put_cstring(options.kbd_interactive_devices ?
1078 options.kbd_interactive_devices : "");
1081 dispatch_set(SSH2_MSG_USERAUTH_INFO_REQUEST, &input_userauth_info_req);
1086 * parse INFO_REQUEST, prompt user and send INFO_RESPONSE
1089 input_userauth_info_req(int type, int plen, void *ctxt)
1091 Authctxt *authctxt = ctxt;
1092 char *name, *inst, *lang, *prompt, *response;
1093 u_int num_prompts, i;
1096 debug2("input_userauth_info_req");
1098 if (authctxt == NULL)
1099 fatal("input_userauth_info_req: no authentication context");
1101 name = packet_get_string(NULL);
1102 inst = packet_get_string(NULL);
1103 lang = packet_get_string(NULL);
1104 if (strlen(name) > 0)
1106 if (strlen(inst) > 0)
1112 num_prompts = packet_get_int();
1114 * Begin to build info response packet based on prompts requested.
1115 * We commit to providing the correct number of responses, so if
1116 * further on we run into a problem that prevents this, we have to
1117 * be sure and clean this up and send a correct error response.
1119 packet_start(SSH2_MSG_USERAUTH_INFO_RESPONSE);
1120 packet_put_int(num_prompts);
1122 for (i = 0; i < num_prompts; i++) {
1123 prompt = packet_get_string(NULL);
1124 echo = packet_get_char();
1126 response = cli_prompt(prompt, echo);
1128 packet_put_cstring(response);
1129 memset(response, 0, strlen(response));
1133 packet_done(); /* done with parsing incoming message. */
1135 packet_inject_ignore(64);
1139 /* find auth method */
1142 * given auth method name, if configurable options permit this method fill
1143 * in auth_ident field and return true, otherwise return false.
1146 authmethod_is_enabled(Authmethod *method)
1150 /* return false if options indicate this method is disabled */
1151 if (method->enabled == NULL || *method->enabled == 0)
1153 /* return false if batch mode is enabled but method needs interactive mode */
1154 if (method->batch_flag != NULL && *method->batch_flag != 0)
1160 authmethod_lookup(const char *name)
1162 Authmethod *method = NULL;
1164 for (method = authmethods; method->name != NULL; method++)
1165 if (strcmp(name, method->name) == 0)
1167 debug2("Unrecognized authentication method name: %s", name ? name : "NULL");
1171 /* XXX internal state */
1172 static Authmethod *current = NULL;
1173 static char *supported = NULL;
1174 static char *preferred = NULL;
1176 * Given the authentication method list sent by the server, return the
1177 * next method we should try. If the server initially sends a nil list,
1178 * use a built-in default list.
1181 authmethod_get(char *authlist)
1187 /* Use a suitable default if we're passed a nil list. */
1188 if (authlist == NULL || strlen(authlist) == 0)
1189 authlist = options.preferred_authentications;
1191 if (supported == NULL || strcmp(authlist, supported) != 0) {
1192 debug3("start over, passed a different list %s", authlist);
1193 if (supported != NULL)
1195 supported = xstrdup(authlist);
1196 preferred = options.preferred_authentications;
1197 debug3("preferred %s", preferred);
1199 } else if (current != NULL && authmethod_is_enabled(current))
1203 if ((name = match_list(preferred, supported, &next)) == NULL) {
1204 debug("no more auth methods to try");
1209 debug3("authmethod_lookup %s", name);
1210 debug3("remaining preferred: %s", preferred);
1211 if ((current = authmethod_lookup(name)) != NULL &&
1212 authmethod_is_enabled(current)) {
1213 debug3("authmethod_is_enabled %s", name);
1214 debug("next auth method to try is %s", name);
1223 authmethods_get(void)
1225 Authmethod *method = NULL;
1229 for (method = authmethods; method->name != NULL; method++) {
1230 if (authmethod_is_enabled(method)) {
1232 strlcat(buf, DELIM, sizeof buf);
1233 strlcat(buf, method->name, sizeof buf);
1236 return xstrdup(buf);