- (djm) Sync with OpenBSD:

[openssh.git] / auth-skey.c

/*
 * Copyright (c) 1999,2000 Markus Friedl.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */

#include "includes.h"
RCSID("$OpenBSD: auth-skey.c,v 1.9 2000/10/19 16:41:13 deraadt Exp $");

#ifdef SKEY
#include "ssh.h"
#include "packet.h"
#include <openssl/sha.h>

/* from %OpenBSD: skeylogin.c,v 1.32 1999/08/16 14:46:56 millert Exp % */

/*
 * try skey authentication,
 * return 1 on success, 0 on failure, -1 if skey is not available
 */

int
auth_skey_password(struct passwd * pw, const char *password)
{
        if (strncasecmp(password, "s/key", 5) == 0) {
                char *skeyinfo = skey_keyinfo(pw->pw_name);
                if (skeyinfo == NULL) {
                        debug("generating fake skeyinfo for %.100s.",
                            pw->pw_name);
                        skeyinfo = skey_fake_keyinfo(pw->pw_name);
                }
                if (skeyinfo != NULL)
                        packet_send_debug("%s", skeyinfo);
                /* Try again. */
                return 0;
        } else if (skey_haskey(pw->pw_name) == 0 &&
                   skey_passcheck(pw->pw_name, (char *) password) != -1) {
                /* Authentication succeeded. */
                return 1;
        }
        /* Fall back to ordinary passwd authentication. */
        return -1;
}

/* from %OpenBSD: skeylogin.c,v 1.32 1999/08/16 14:46:56 millert Exp % */

#define ROUND(x)   (((x)[0] << 24) + (((x)[1]) << 16) + (((x)[2]) << 8) + \
                    ((x)[3]))

/*
 * hash_collapse()
 */
static u_int32_t
hash_collapse(s)
        u_char *s;
{
        int len, target;
        u_int32_t i;
        
        if ((strlen(s) % sizeof(u_int32_t)) == 0)
                target = strlen(s);    /* Multiple of 4 */
        else
                target = strlen(s) - (strlen(s) % sizeof(u_int32_t));

        for (i = 0, len = 0; len < target; len += 4)
                i ^= ROUND(s + len);

        return i;
}

char *
skey_fake_keyinfo(char *username)
{
        int i;
        u_int ptr;
        u_char hseed[SKEY_MAX_SEED_LEN], flg = 1, *up;
        char pbuf[SKEY_MAX_PW_LEN+1];
        static char skeyprompt[SKEY_MAX_CHALLENGE+1];
        char *secret = NULL;
        size_t secretlen = 0;
        SHA_CTX ctx;
        char *p, *u;

        /*
         * Base first 4 chars of seed on hostname.
         * Add some filler for short hostnames if necessary.
         */
        if (gethostname(pbuf, sizeof(pbuf)) == -1)
                *(p = pbuf) = '.';
        else
                for (p = pbuf; *p && isalnum(*p); p++)
                        if (isalpha(*p) && isupper(*p))
                                *p = tolower(*p);
        if (*p && pbuf - p < 4)
                (void)strncpy(p, "asjd", 4 - (pbuf - p));
        pbuf[4] = '\0';

        /* Hash the username if possible */
        up = malloc(SHA_DIGEST_LENGTH);
        if (up != NULL) {
                struct stat sb;
                time_t t;
                int fd;

                SHA1_Init(&ctx);
                SHA1_Update(&ctx, username, strlen(username));
                SHA1_Final(up, &ctx);

                /* Collapse the hash */
                ptr = hash_collapse(up);
                memset(up, 0, strlen(up));

                /* See if the random file's there, else use ctime */
                if ((fd = open(_SKEY_RAND_FILE_PATH_, O_RDONLY)) != -1
                    && fstat(fd, &sb) == 0 &&
                    sb.st_size > (off_t)SKEY_MAX_SEED_LEN &&
                    lseek(fd, ptr % (sb.st_size - SKEY_MAX_SEED_LEN),
                    SEEK_SET) != -1 && read(fd, hseed,
                    SKEY_MAX_SEED_LEN) == SKEY_MAX_SEED_LEN) {
                        close(fd);
                        fd = -1;
                        secret = hseed;
                        secretlen = SKEY_MAX_SEED_LEN;
                        flg = 0;
                } else if (!stat(_PATH_MEM, &sb) || !stat("/", &sb)) {
                        t = sb.st_ctime;
                        secret = ctime(&t);
                        secretlen = strlen(secret);
                        flg = 0;
                }
                if (fd != -1)
                        close(fd);
        }

        /* Put that in your pipe and smoke it */
        if (flg == 0) {
                /* Hash secret value with username */
                SHA1_Init(&ctx);
                SHA1_Update(&ctx, secret, secretlen);
                SHA1_Update(&ctx, username, strlen(username));
                SHA1_Final(up, &ctx);
                
                /* Zero out */
                memset(secret, 0, secretlen);

                /* Now hash the hash */
                SHA1_Init(&ctx);
                SHA1_Update(&ctx, up, strlen(up));
                SHA1_Final(up, &ctx);
                
                ptr = hash_collapse(up + 4);
                
                for (i = 4; i < 9; i++) {
                        pbuf[i] = (ptr % 10) + '0';
                        ptr /= 10;
                }
                pbuf[i] = '\0';

                /* Sequence number */
                ptr = ((up[2] + up[3]) % 99) + 1;

                memset(up, 0, SHA_DIGEST_LENGTH); /* SHA1 specific */
                free(up);

                (void)snprintf(skeyprompt, sizeof skeyprompt,
                              "otp-%.*s %d %.*s",
                              SKEY_MAX_HASHNAME_LEN,
                              skey_get_algorithm(),
                              ptr, SKEY_MAX_SEED_LEN,
                              pbuf);
        } else {
                /* Base last 8 chars of seed on username */
                u = username;
                i = 8;
                p = &pbuf[4];
                do {
                        if (*u == 0) {
                                /* Pad remainder with zeros */
                                while (--i >= 0)
                                        *p++ = '0';
                                break;
                        }

                        *p++ = (*u++ % 10) + '0';
                } while (--i != 0);
                pbuf[12] = '\0';

                (void)snprintf(skeyprompt, sizeof skeyprompt,
                              "otp-%.*s %d %.*s",
                              SKEY_MAX_HASHNAME_LEN,
                              skey_get_algorithm(),
                              99, SKEY_MAX_SEED_LEN, pbuf);
        }
        return skeyprompt;
}

#endif /* SKEY */