2 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution.
13 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
14 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
15 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
16 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
17 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
18 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
19 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
20 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
21 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26 RCSID("$OpenBSD: sshconnect2.c,v 1.61 2001/04/03 19:53:29 markus Exp $");
28 #include <openssl/bn.h>
29 #include <openssl/md5.h>
30 #include <openssl/dh.h>
31 #include <openssl/hmac.h>
44 #include "myproposal.h"
46 #include "sshconnect.h"
58 extern char *client_version_string;
59 extern char *server_version_string;
60 extern Options options;
66 u_char *session_id2 = NULL;
67 int session_id2_len = 0;
70 struct sockaddr *xxx_hostaddr;
73 check_host_key_callback(Key *hostkey)
75 check_host_key(xxx_host, xxx_hostaddr, hostkey,
76 options.user_hostfile2, options.system_hostfile2);
81 ssh_kex2(char *host, struct sockaddr *hostaddr)
86 xxx_hostaddr = hostaddr;
88 if (options.ciphers == (char *)-1) {
89 log("No valid ciphers for protocol version 2 given, using defaults.");
90 options.ciphers = NULL;
92 if (options.ciphers != NULL) {
93 myproposal[PROPOSAL_ENC_ALGS_CTOS] =
94 myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers;
96 myproposal[PROPOSAL_ENC_ALGS_CTOS] =
97 compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_CTOS]);
98 myproposal[PROPOSAL_ENC_ALGS_STOC] =
99 compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_STOC]);
100 if (options.compression) {
101 myproposal[PROPOSAL_COMP_ALGS_CTOS] =
102 myproposal[PROPOSAL_COMP_ALGS_STOC] = "zlib";
104 myproposal[PROPOSAL_COMP_ALGS_CTOS] =
105 myproposal[PROPOSAL_COMP_ALGS_STOC] = "none";
107 if (options.macs != NULL) {
108 myproposal[PROPOSAL_MAC_ALGS_CTOS] =
109 myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
112 kex = kex_start(myproposal);
113 kex->client_version_string=client_version_string;
114 kex->server_version_string=server_version_string;
115 kex->check_host_key=&check_host_key_callback;
117 /* start key exchange */
118 dispatch_run(DISPATCH_BLOCK, &kex->newkeys, kex);
121 /* send 1st encrypted/maced/compressed message */
122 packet_start(SSH2_MSG_IGNORE);
123 packet_put_cstring("markus");
127 debug("done: ssh_kex2.");
134 typedef struct Authctxt Authctxt;
135 typedef struct Authmethod Authmethod;
137 typedef int sign_cb_fn(
138 Authctxt *authctxt, Key *key,
139 u_char **sigp, int *lenp, u_char *data, int datalen);
142 const char *server_user;
145 AuthenticationConnection *agent;
150 sign_cb_fn *last_key_sign;
154 char *name; /* string to compare against server's list */
155 int (*userauth)(Authctxt *authctxt);
156 int *enabled; /* flag in option struct that enables method */
157 int *batch_flag; /* flag in option struct that disables method */
160 void input_userauth_success(int type, int plen, void *ctxt);
161 void input_userauth_failure(int type, int plen, void *ctxt);
162 void input_userauth_banner(int type, int plen, void *ctxt);
163 void input_userauth_error(int type, int plen, void *ctxt);
164 void input_userauth_info_req(int type, int plen, void *ctxt);
165 void input_userauth_pk_ok(int type, int plen, void *ctxt);
167 int userauth_none(Authctxt *authctxt);
168 int userauth_pubkey(Authctxt *authctxt);
169 int userauth_passwd(Authctxt *authctxt);
170 int userauth_kbdint(Authctxt *authctxt);
172 void userauth(Authctxt *authctxt, char *authlist);
175 sign_and_send_pubkey(Authctxt *authctxt, Key *k,
176 sign_cb_fn *sign_callback);
177 void clear_auth_state(Authctxt *authctxt);
179 Authmethod *authmethod_get(char *authlist);
180 Authmethod *authmethod_lookup(const char *name);
181 char *authmethods_get(void);
183 Authmethod authmethods[] = {
186 &options.pubkey_authentication,
190 &options.password_authentication,
191 &options.batch_mode},
192 {"keyboard-interactive",
194 &options.kbd_interactive_authentication,
195 &options.batch_mode},
200 {NULL, NULL, NULL, NULL}
204 ssh_userauth2(const char *server_user, char *host)
211 if (options.challenge_reponse_authentication)
212 options.kbd_interactive_authentication = 1;
214 debug("send SSH2_MSG_SERVICE_REQUEST");
215 packet_start(SSH2_MSG_SERVICE_REQUEST);
216 packet_put_cstring("ssh-userauth");
219 type = packet_read(&plen);
220 if (type != SSH2_MSG_SERVICE_ACCEPT) {
221 fatal("denied SSH2_MSG_SERVICE_ACCEPT: %d", type);
223 if (packet_remaining() > 0) {
224 char *reply = packet_get_string(&plen);
225 debug("service_accept: %s", reply);
228 debug("buggy server: service_accept w/o service");
231 debug("got SSH2_MSG_SERVICE_ACCEPT");
233 if (options.preferred_authentications == NULL)
234 options.preferred_authentications = authmethods_get();
236 /* setup authentication context */
237 authctxt.agent = ssh_get_authentication_connection();
238 authctxt.server_user = server_user;
239 authctxt.host = host;
240 authctxt.service = "ssh-connection"; /* service name */
241 authctxt.success = 0;
242 authctxt.method = authmethod_lookup("none");
243 authctxt.authlist = NULL;
244 if (authctxt.method == NULL)
245 fatal("ssh_userauth2: internal error: cannot send userauth none request");
247 /* initial userauth request */
248 userauth_none(&authctxt);
250 //dispatch_init(&input_userauth_error);
251 for (i = 50; i <= 254; i++) {
252 dispatch_set(i, &input_userauth_error);
254 dispatch_set(SSH2_MSG_USERAUTH_SUCCESS, &input_userauth_success);
255 dispatch_set(SSH2_MSG_USERAUTH_FAILURE, &input_userauth_failure);
256 dispatch_set(SSH2_MSG_USERAUTH_BANNER, &input_userauth_banner);
257 dispatch_run(DISPATCH_BLOCK, &authctxt.success, &authctxt); /* loop until success */
259 if (authctxt.agent != NULL)
260 ssh_close_authentication_connection(authctxt.agent);
262 debug("ssh-userauth2 successful: method %s", authctxt.method->name);
265 userauth(Authctxt *authctxt, char *authlist)
267 if (authlist == NULL) {
268 authlist = authctxt->authlist;
270 if (authctxt->authlist)
271 xfree(authctxt->authlist);
272 authctxt->authlist = authlist;
275 Authmethod *method = authmethod_get(authlist);
277 fatal("Permission denied (%s).", authlist);
278 authctxt->method = method;
279 if (method->userauth(authctxt) != 0) {
280 debug2("we sent a %s packet, wait for reply", method->name);
283 debug2("we did not send a packet, disable method");
284 method->enabled = NULL;
289 input_userauth_error(int type, int plen, void *ctxt)
291 fatal("input_userauth_error: bad message during authentication: "
295 input_userauth_banner(int type, int plen, void *ctxt)
298 debug3("input_userauth_banner");
299 msg = packet_get_string(NULL);
300 lang = packet_get_string(NULL);
301 fprintf(stderr, "%s", msg);
306 input_userauth_success(int type, int plen, void *ctxt)
308 Authctxt *authctxt = ctxt;
309 if (authctxt == NULL)
310 fatal("input_userauth_success: no authentication context");
311 if (authctxt->authlist)
312 xfree(authctxt->authlist);
313 clear_auth_state(authctxt);
314 authctxt->success = 1; /* break out */
317 input_userauth_failure(int type, int plen, void *ctxt)
319 Authctxt *authctxt = ctxt;
320 char *authlist = NULL;
323 if (authctxt == NULL)
324 fatal("input_userauth_failure: no authentication context");
326 authlist = packet_get_string(NULL);
327 partial = packet_get_char();
331 log("Authenticated with partial success.");
332 debug("authentications that can continue: %s", authlist);
334 clear_auth_state(authctxt);
335 userauth(authctxt, authlist);
338 input_userauth_pk_ok(int type, int plen, void *ctxt)
340 Authctxt *authctxt = ctxt;
343 int alen, blen, pktype, sent = 0;
344 char *pkalg, *pkblob, *fp;
346 if (authctxt == NULL)
347 fatal("input_userauth_pk_ok: no authentication context");
348 if (datafellows & SSH_BUG_PKOK) {
349 /* this is similar to SSH_BUG_PKAUTH */
350 debug2("input_userauth_pk_ok: SSH_BUG_PKOK");
351 pkblob = packet_get_string(&blen);
353 buffer_append(&b, pkblob, blen);
354 pkalg = buffer_get_string(&b, &alen);
357 pkalg = packet_get_string(&alen);
358 pkblob = packet_get_string(&blen);
362 debug("input_userauth_pk_ok: pkalg %s blen %d lastkey %p hint %d",
363 pkalg, blen, authctxt->last_key, authctxt->last_key_hint);
366 if (authctxt->last_key == NULL ||
367 authctxt->last_key_sign == NULL) {
368 debug("no last key or no sign cb");
371 if ((pktype = key_type_from_name(pkalg)) == KEY_UNSPEC) {
372 debug("unknown pkalg %s", pkalg);
375 if ((key = key_from_blob(pkblob, blen)) == NULL) {
376 debug("no key from blob. pkalg %s", pkalg);
379 fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
380 debug2("input_userauth_pk_ok: fp %s", fp);
382 if (!key_equal(key, authctxt->last_key)) {
383 debug("key != last_key");
386 sent = sign_and_send_pubkey(authctxt, key,
387 authctxt->last_key_sign);
396 clear_auth_state(authctxt);
397 dispatch_set(SSH2_MSG_USERAUTH_PK_OK, NULL);
399 /* try another method if we did not send a packet*/
401 userauth(authctxt, NULL);
406 userauth_none(Authctxt *authctxt)
408 /* initial userauth request */
409 packet_start(SSH2_MSG_USERAUTH_REQUEST);
410 packet_put_cstring(authctxt->server_user);
411 packet_put_cstring(authctxt->service);
412 packet_put_cstring(authctxt->method->name);
418 userauth_passwd(Authctxt *authctxt)
420 static int attempt = 0;
424 if (attempt++ >= options.number_of_password_prompts)
428 error("Permission denied, please try again.");
430 snprintf(prompt, sizeof(prompt), "%.30s@%.128s's password: ",
431 authctxt->server_user, authctxt->host);
432 password = read_passphrase(prompt, 0);
433 packet_start(SSH2_MSG_USERAUTH_REQUEST);
434 packet_put_cstring(authctxt->server_user);
435 packet_put_cstring(authctxt->service);
436 packet_put_cstring(authctxt->method->name);
438 packet_put_cstring(password);
439 memset(password, 0, strlen(password));
441 packet_inject_ignore(64);
447 clear_auth_state(Authctxt *authctxt)
449 /* XXX clear authentication state */
450 if (authctxt->last_key != NULL && authctxt->last_key_hint == -1) {
451 debug3("clear_auth_state: key_free %p", authctxt->last_key);
452 key_free(authctxt->last_key);
454 authctxt->last_key = NULL;
455 authctxt->last_key_hint = -2;
456 authctxt->last_key_sign = NULL;
460 sign_and_send_pubkey(Authctxt *authctxt, Key *k, sign_cb_fn *sign_callback)
463 u_char *blob, *signature;
469 debug3("sign_and_send_pubkey");
471 if (key_to_blob(k, &blob, &bloblen) == 0) {
472 /* we cannot handle this key */
473 debug3("sign_and_send_pubkey: cannot handle key");
476 /* data to be signed */
478 if (datafellows & SSH_OLD_SESSIONID) {
479 buffer_append(&b, session_id2, session_id2_len);
480 skip = session_id2_len;
482 buffer_put_string(&b, session_id2, session_id2_len);
483 skip = buffer_len(&b);
485 buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
486 buffer_put_cstring(&b, authctxt->server_user);
487 buffer_put_cstring(&b,
488 datafellows & SSH_BUG_PKSERVICE ?
491 if (datafellows & SSH_BUG_PKAUTH) {
492 buffer_put_char(&b, have_sig);
494 buffer_put_cstring(&b, authctxt->method->name);
495 buffer_put_char(&b, have_sig);
496 buffer_put_cstring(&b, key_ssh_name(k));
498 buffer_put_string(&b, blob, bloblen);
500 /* generate signature */
501 ret = (*sign_callback)(authctxt, k, &signature, &slen,
502 buffer_ptr(&b), buffer_len(&b));
511 if (datafellows & SSH_BUG_PKSERVICE) {
513 buffer_append(&b, session_id2, session_id2_len);
514 skip = session_id2_len;
515 buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
516 buffer_put_cstring(&b, authctxt->server_user);
517 buffer_put_cstring(&b, authctxt->service);
518 buffer_put_cstring(&b, authctxt->method->name);
519 buffer_put_char(&b, have_sig);
520 if (!(datafellows & SSH_BUG_PKAUTH))
521 buffer_put_cstring(&b, key_ssh_name(k));
522 buffer_put_string(&b, blob, bloblen);
526 /* append signature */
527 buffer_put_string(&b, signature, slen);
530 /* skip session id and packet type */
531 if (buffer_len(&b) < skip + 1)
532 fatal("userauth_pubkey: internal error");
533 buffer_consume(&b, skip + 1);
535 /* put remaining data from buffer into packet */
536 packet_start(SSH2_MSG_USERAUTH_REQUEST);
537 packet_put_raw(buffer_ptr(&b), buffer_len(&b));
545 send_pubkey_test(Authctxt *authctxt, Key *k, sign_cb_fn *sign_callback,
549 int bloblen, have_sig = 0;
551 debug3("send_pubkey_test");
553 if (key_to_blob(k, &blob, &bloblen) == 0) {
554 /* we cannot handle this key */
555 debug3("send_pubkey_test: cannot handle key");
558 /* register callback for USERAUTH_PK_OK message */
559 authctxt->last_key_sign = sign_callback;
560 authctxt->last_key_hint = hint;
561 authctxt->last_key = k;
562 dispatch_set(SSH2_MSG_USERAUTH_PK_OK, &input_userauth_pk_ok);
564 packet_start(SSH2_MSG_USERAUTH_REQUEST);
565 packet_put_cstring(authctxt->server_user);
566 packet_put_cstring(authctxt->service);
567 packet_put_cstring(authctxt->method->name);
568 packet_put_char(have_sig);
569 if (!(datafellows & SSH_BUG_PKAUTH))
570 packet_put_cstring(key_ssh_name(k));
571 packet_put_string(blob, bloblen);
578 load_identity_file(char *filename)
581 char prompt[300], *passphrase;
585 if (stat(filename, &st) < 0) {
586 debug3("no such identity: %s", filename);
589 private = key_load_private_type(KEY_UNSPEC, filename, "", NULL);
590 if (private == NULL) {
591 if (options.batch_mode)
593 snprintf(prompt, sizeof prompt,
594 "Enter passphrase for key '%.100s': ", filename);
595 for (i = 0; i < options.number_of_password_prompts; i++) {
596 passphrase = read_passphrase(prompt, 0);
597 if (strcmp(passphrase, "") != 0) {
598 private = key_load_private_type(KEY_UNSPEC, filename,
602 debug2("no passphrase given, try next key");
605 memset(passphrase, 0, strlen(passphrase));
607 if (private != NULL || quit)
609 debug2("bad passphrase given, try again...");
616 identity_sign_cb(Authctxt *authctxt, Key *key, u_char **sigp, int *lenp,
617 u_char *data, int datalen)
622 idx = authctxt->last_key_hint;
625 private = load_identity_file(options.identity_files[idx]);
628 ret = key_sign(private, sigp, lenp, data, datalen);
633 int agent_sign_cb(Authctxt *authctxt, Key *key, u_char **sigp, int *lenp,
634 u_char *data, int datalen)
636 return ssh_agent_sign(authctxt->agent, key, sigp, lenp, data, datalen);
639 int key_sign_cb(Authctxt *authctxt, Key *key, u_char **sigp, int *lenp,
640 u_char *data, int datalen)
642 return key_sign(key, sigp, lenp, data, datalen);
646 userauth_pubkey_agent(Authctxt *authctxt)
648 static int called = 0;
654 if (ssh_get_num_identities(authctxt->agent, 2) == 0)
655 debug2("userauth_pubkey_agent: no keys at all");
658 k = ssh_get_next_identity(authctxt->agent, &comment, 2);
660 debug2("userauth_pubkey_agent: no more keys");
662 debug("userauth_pubkey_agent: testing agent key %s", comment);
664 ret = send_pubkey_test(authctxt, k, agent_sign_cb, -1);
669 debug2("userauth_pubkey_agent: no message sent");
674 userauth_pubkey(Authctxt *authctxt)
681 if (authctxt->agent != NULL) {
683 sent = userauth_pubkey_agent(authctxt);
684 } while(!sent && authctxt->agent->howmany > 0);
686 while (!sent && idx < options.num_identity_files) {
687 key = options.identity_keys[idx];
688 filename = options.identity_files[idx];
690 debug("try privkey: %s", filename);
691 key = load_identity_file(filename);
693 sent = sign_and_send_pubkey(authctxt, key,
697 } else if (key->type != KEY_RSA1) {
698 debug("try pubkey: %s", filename);
699 sent = send_pubkey_test(authctxt, key,
700 identity_sign_cb, idx);
708 * Send userauth request message specifying keyboard-interactive method.
711 userauth_kbdint(Authctxt *authctxt)
713 static int attempt = 0;
715 if (attempt++ >= options.number_of_password_prompts)
718 debug2("userauth_kbdint");
719 packet_start(SSH2_MSG_USERAUTH_REQUEST);
720 packet_put_cstring(authctxt->server_user);
721 packet_put_cstring(authctxt->service);
722 packet_put_cstring(authctxt->method->name);
723 packet_put_cstring(""); /* lang */
724 packet_put_cstring(options.kbd_interactive_devices ?
725 options.kbd_interactive_devices : "");
728 dispatch_set(SSH2_MSG_USERAUTH_INFO_REQUEST, &input_userauth_info_req);
733 * parse INFO_REQUEST, prompt user and send INFO_RESPONSE
736 input_userauth_info_req(int type, int plen, void *ctxt)
738 Authctxt *authctxt = ctxt;
739 char *name, *inst, *lang, *prompt, *response;
740 u_int num_prompts, i;
743 debug2("input_userauth_info_req");
745 if (authctxt == NULL)
746 fatal("input_userauth_info_req: no authentication context");
748 name = packet_get_string(NULL);
749 inst = packet_get_string(NULL);
750 lang = packet_get_string(NULL);
751 if (strlen(name) > 0)
753 if (strlen(inst) > 0)
759 num_prompts = packet_get_int();
761 * Begin to build info response packet based on prompts requested.
762 * We commit to providing the correct number of responses, so if
763 * further on we run into a problem that prevents this, we have to
764 * be sure and clean this up and send a correct error response.
766 packet_start(SSH2_MSG_USERAUTH_INFO_RESPONSE);
767 packet_put_int(num_prompts);
769 for (i = 0; i < num_prompts; i++) {
770 prompt = packet_get_string(NULL);
771 echo = packet_get_char();
773 response = cli_prompt(prompt, echo);
775 packet_put_cstring(response);
776 memset(response, 0, strlen(response));
780 packet_done(); /* done with parsing incoming message. */
782 packet_inject_ignore(64);
786 /* find auth method */
789 * given auth method name, if configurable options permit this method fill
790 * in auth_ident field and return true, otherwise return false.
793 authmethod_is_enabled(Authmethod *method)
797 /* return false if options indicate this method is disabled */
798 if (method->enabled == NULL || *method->enabled == 0)
800 /* return false if batch mode is enabled but method needs interactive mode */
801 if (method->batch_flag != NULL && *method->batch_flag != 0)
807 authmethod_lookup(const char *name)
809 Authmethod *method = NULL;
811 for (method = authmethods; method->name != NULL; method++)
812 if (strcmp(name, method->name) == 0)
814 debug2("Unrecognized authentication method name: %s", name ? name : "NULL");
818 /* XXX internal state */
819 static Authmethod *current = NULL;
820 static char *supported = NULL;
821 static char *preferred = NULL;
823 * Given the authentication method list sent by the server, return the
824 * next method we should try. If the server initially sends a nil list,
825 * use a built-in default list.
828 authmethod_get(char *authlist)
834 /* Use a suitable default if we're passed a nil list. */
835 if (authlist == NULL || strlen(authlist) == 0)
836 authlist = options.preferred_authentications;
838 if (supported == NULL || strcmp(authlist, supported) != 0) {
839 debug3("start over, passed a different list %s", authlist);
840 if (supported != NULL)
842 supported = xstrdup(authlist);
843 preferred = options.preferred_authentications;
844 debug3("preferred %s", preferred);
846 } else if (current != NULL && authmethod_is_enabled(current))
850 if ((name = match_list(preferred, supported, &next)) == NULL) {
851 debug("no more auth methods to try");
856 debug3("authmethod_lookup %s", name);
857 debug3("remaining preferred: %s", preferred);
858 if ((current = authmethod_lookup(name)) != NULL &&
859 authmethod_is_enabled(current)) {
860 debug3("authmethod_is_enabled %s", name);
861 debug("next auth method to try is %s", name);
870 authmethods_get(void)
872 Authmethod *method = NULL;
876 for (method = authmethods; method->name != NULL; method++) {
877 if (authmethod_is_enabled(method)) {
879 strlcat(buf, DELIM, sizeof buf);
880 strlcat(buf, method->name, sizeof buf);