+/* $OpenBSD: sshconnect2.c,v 1.179 2010/01/13 01:20:20 dtucker Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
+ * Copyright (c) 2008 Damien Miller. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.138 2004/06/13 12:53:24 djm Exp $");
+
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <sys/wait.h>
+#include <sys/stat.h>
+
+#include <errno.h>
+#include <fcntl.h>
+#include <netdb.h>
+#include <pwd.h>
+#include <signal.h>
+#include <stdarg.h>
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+#if defined(HAVE_STRNVIS) && defined(HAVE_VIS_H)
+#include <vis.h>
+#endif
#include "openbsd-compat/sys-queue.h"
+#include "xmalloc.h"
#include "ssh.h"
#include "ssh2.h"
-#include "xmalloc.h"
#include "buffer.h"
#include "packet.h"
#include "compat.h"
-#include "bufaux.h"
#include "cipher.h"
+#include "key.h"
#include "kex.h"
#include "myproposal.h"
#include "sshconnect.h"
#include "canohost.h"
#include "msg.h"
#include "pathnames.h"
+#include "uidswap.h"
+#include "schnorr.h"
+#include "jpake.h"
#ifdef GSSAPI
#include "ssh-gss.h"
compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_STOC]);
if (options.compression) {
myproposal[PROPOSAL_COMP_ALGS_CTOS] =
- myproposal[PROPOSAL_COMP_ALGS_STOC] = "zlib,none";
+ myproposal[PROPOSAL_COMP_ALGS_STOC] = "zlib@openssh.com,zlib,none";
} else {
myproposal[PROPOSAL_COMP_ALGS_CTOS] =
- myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib";
+ myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib@openssh.com,zlib";
}
if (options.macs != NULL) {
myproposal[PROPOSAL_MAC_ALGS_CTOS] =
options.hostkeyalgorithms;
if (options.rekey_limit)
- packet_set_rekey_limit(options.rekey_limit);
+ packet_set_rekey_limit((u_int32_t)options.rekey_limit);
/* start key exchange */
kex = kex_setup(myproposal);
kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client;
kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client;
kex->kex[KEX_DH_GEX_SHA1] = kexgex_client;
+ kex->kex[KEX_DH_GEX_SHA256] = kexgex_client;
kex->client_version_string=client_version_string;
kex->server_version_string=server_version_string;
kex->verify_host_key=&verify_host_key_callback;
dispatch_run(DISPATCH_BLOCK, &kex->done, kex);
+ if (options.use_roaming && !kex->roaming) {
+ debug("Roaming not allowed by server");
+ options.use_roaming = 0;
+ }
+
session_id2 = kex->session_id;
session_id2_len = kex->session_id_len;
struct Authmethod {
char *name; /* string to compare against server's list */
int (*userauth)(Authctxt *authctxt);
+ void (*cleanup)(Authctxt *authctxt);
int *enabled; /* flag in option struct that enables method */
int *batch_flag; /* flag in option struct that disables method */
};
void input_userauth_success(int, u_int32_t, void *);
+void input_userauth_success_unexpected(int, u_int32_t, void *);
void input_userauth_failure(int, u_int32_t, void *);
void input_userauth_banner(int, u_int32_t, void *);
void input_userauth_error(int, u_int32_t, void *);
void input_userauth_info_req(int, u_int32_t, void *);
void input_userauth_pk_ok(int, u_int32_t, void *);
void input_userauth_passwd_changereq(int, u_int32_t, void *);
+void input_userauth_jpake_server_step1(int, u_int32_t, void *);
+void input_userauth_jpake_server_step2(int, u_int32_t, void *);
+void input_userauth_jpake_server_confirm(int, u_int32_t, void *);
int userauth_none(Authctxt *);
int userauth_pubkey(Authctxt *);
int userauth_passwd(Authctxt *);
int userauth_kbdint(Authctxt *);
int userauth_hostbased(Authctxt *);
-int userauth_kerberos(Authctxt *);
+int userauth_jpake(Authctxt *);
+
+void userauth_jpake_cleanup(Authctxt *);
#ifdef GSSAPI
int userauth_gssapi(Authctxt *authctxt);
#ifdef GSSAPI
{"gssapi-with-mic",
userauth_gssapi,
+ NULL,
&options.gss_authentication,
NULL},
#endif
{"hostbased",
userauth_hostbased,
+ NULL,
&options.hostbased_authentication,
NULL},
{"publickey",
userauth_pubkey,
+ NULL,
&options.pubkey_authentication,
NULL},
+#ifdef JPAKE
+ {"jpake-01@openssh.com",
+ userauth_jpake,
+ userauth_jpake_cleanup,
+ &options.zero_knowledge_password_authentication,
+ &options.batch_mode},
+#endif
{"keyboard-interactive",
userauth_kbdint,
+ NULL,
&options.kbd_interactive_authentication,
&options.batch_mode},
{"password",
userauth_passwd,
+ NULL,
&options.password_authentication,
&options.batch_mode},
{"none",
userauth_none,
NULL,
+ NULL,
NULL},
- {NULL, NULL, NULL, NULL}
+ {NULL, NULL, NULL, NULL, NULL}
};
void
void
userauth(Authctxt *authctxt, char *authlist)
{
+ if (authctxt->method != NULL && authctxt->method->cleanup != NULL)
+ authctxt->method->cleanup(authctxt);
+
if (authctxt->methoddata) {
xfree(authctxt->methoddata);
authctxt->methoddata = NULL;
}
}
+/* ARGSUSED */
void
input_userauth_error(int type, u_int32_t seq, void *ctxt)
{
fatal("input_userauth_error: bad message during authentication: "
- "type %d", type);
+ "type %d", type);
}
+/* ARGSUSED */
void
input_userauth_banner(int type, u_int32_t seq, void *ctxt)
{
- char *msg, *lang;
+ char *msg, *raw, *lang;
+ u_int len;
debug3("input_userauth_banner");
- msg = packet_get_string(NULL);
+ raw = packet_get_string(&len);
lang = packet_get_string(NULL);
- if (options.log_level > SYSLOG_LEVEL_QUIET)
+ if (len > 0 && options.log_level >= SYSLOG_LEVEL_INFO) {
+ if (len > 65536)
+ len = 65536;
+ msg = xmalloc(len * 4 + 1); /* max expansion from strnvis() */
+ strnvis(msg, raw, len * 4 + 1, VIS_SAFE|VIS_OCTAL|VIS_NOSLASH);
fprintf(stderr, "%s", msg);
- xfree(msg);
+ xfree(msg);
+ }
+ xfree(raw);
xfree(lang);
}
+/* ARGSUSED */
void
input_userauth_success(int type, u_int32_t seq, void *ctxt)
{
Authctxt *authctxt = ctxt;
+
if (authctxt == NULL)
fatal("input_userauth_success: no authentication context");
if (authctxt->authlist) {
xfree(authctxt->authlist);
authctxt->authlist = NULL;
}
+ if (authctxt->method != NULL && authctxt->method->cleanup != NULL)
+ authctxt->method->cleanup(authctxt);
if (authctxt->methoddata) {
xfree(authctxt->methoddata);
authctxt->methoddata = NULL;
authctxt->success = 1; /* break out */
}
+void
+input_userauth_success_unexpected(int type, u_int32_t seq, void *ctxt)
+{
+ Authctxt *authctxt = ctxt;
+
+ if (authctxt == NULL)
+ fatal("%s: no authentication context", __func__);
+
+ fatal("Unexpected authentication success during %s.",
+ authctxt->method->name);
+}
+
+/* ARGSUSED */
void
input_userauth_failure(int type, u_int32_t seq, void *ctxt)
{
userauth(authctxt, authlist);
}
+
+/* ARGSUSED */
void
input_userauth_pk_ok(int type, u_int32_t seq, void *ctxt)
{
{
Gssctxt *gssctxt = NULL;
static gss_OID_set gss_supported = NULL;
- static int mech = 0;
+ static u_int mech = 0;
OM_uint32 min;
int ok = 0;
/* Check to see if the mechanism is usable before we offer it */
while (mech < gss_supported->count && !ok) {
- if (gssctxt)
- ssh_gssapi_delete_ctx(&gssctxt);
- ssh_gssapi_build_ctx(&gssctxt);
- ssh_gssapi_set_oid(gssctxt, &gss_supported->elements[mech]);
-
/* My DER encoding requires length<128 */
if (gss_supported->elements[mech].length < 128 &&
- !GSS_ERROR(ssh_gssapi_import_name(gssctxt,
- authctxt->host))) {
+ ssh_gssapi_check_mechanism(&gssctxt,
+ &gss_supported->elements[mech], authctxt->host)) {
ok = 1; /* Mechanism works */
} else {
mech++;
}
}
- if (!ok) return 0;
+ if (!ok)
+ return 0;
authctxt->methoddata=(void *)gssctxt;
Authctxt *authctxt = ctxt;
Gssctxt *gssctxt = authctxt->methoddata;
gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
- gss_buffer_desc gssbuf, mic;
+ gss_buffer_desc mic = GSS_C_EMPTY_BUFFER;
+ gss_buffer_desc gssbuf;
OM_uint32 status, ms, flags;
Buffer b;
return status;
}
+/* ARGSUSED */
void
input_gssapi_response(int type, u_int32_t plen, void *ctxt)
{
}
}
+/* ARGSUSED */
void
input_gssapi_token(int type, u_int32_t plen, void *ctxt)
{
}
}
+/* ARGSUSED */
void
input_gssapi_errtok(int type, u_int32_t plen, void *ctxt)
{
/* Stick it into GSSAPI and see what it says */
status = ssh_gssapi_init_ctx(gssctxt, options.gss_deleg_creds,
- &recv_tok, &send_tok, NULL);
+ &recv_tok, &send_tok, NULL);
xfree(recv_tok.value);
gss_release_buffer(&ms, &send_tok);
/* Server will be returning a failed packet after this one */
}
+/* ARGSUSED */
void
input_gssapi_error(int type, u_int32_t plen, void *ctxt)
{
packet_check_eom();
- debug("Server GSSAPI Error:\n%s\n", msg);
+ debug("Server GSSAPI Error:\n%s", msg);
xfree(msg);
xfree(lang);
}
static int attempt = 0;
char prompt[150];
char *password;
+ const char *host = options.host_key_alias ? options.host_key_alias :
+ authctxt->host;
if (attempt++ >= options.number_of_password_prompts)
return 0;
error("Permission denied, please try again.");
snprintf(prompt, sizeof(prompt), "%.30s@%.128s's password: ",
- authctxt->server_user, authctxt->host);
+ authctxt->server_user, host);
password = read_passphrase(prompt, 0);
packet_start(SSH2_MSG_USERAUTH_REQUEST);
packet_put_cstring(authctxt->server_user);
return 1;
}
+
/*
* parse PASSWD_CHANGEREQ, prompt user and send SSH2_MSG_USERAUTH_REQUEST
*/
+/* ARGSUSED */
void
input_userauth_passwd_changereq(int type, u_int32_t seqnr, void *ctxt)
{
Authctxt *authctxt = ctxt;
char *info, *lang, *password = NULL, *retype = NULL;
char prompt[150];
+ const char *host = options.host_key_alias ? options.host_key_alias :
+ authctxt->host;
debug2("input_userauth_passwd_changereq");
packet_put_char(1); /* additional info */
snprintf(prompt, sizeof(prompt),
"Enter %.30s@%.128s's old password: ",
- authctxt->server_user, authctxt->host);
+ authctxt->server_user, host);
password = read_passphrase(prompt, 0);
packet_put_cstring(password);
memset(password, 0, strlen(password));
while (password == NULL) {
snprintf(prompt, sizeof(prompt),
"Enter %.30s@%.128s's new password: ",
- authctxt->server_user, authctxt->host);
+ authctxt->server_user, host);
password = read_passphrase(prompt, RP_ALLOW_EOF);
if (password == NULL) {
/* bail out */
}
snprintf(prompt, sizeof(prompt),
"Retype %.30s@%.128s's new password: ",
- authctxt->server_user, authctxt->host);
+ authctxt->server_user, host);
retype = read_passphrase(prompt, 0);
if (strcmp(password, retype) != 0) {
memset(password, 0, strlen(password));
&input_userauth_passwd_changereq);
}
+#ifdef JPAKE
+static char *
+pw_encrypt(const char *password, const char *crypt_scheme, const char *salt)
+{
+ /* OpenBSD crypt(3) handles all of these */
+ if (strcmp(crypt_scheme, "crypt") == 0 ||
+ strcmp(crypt_scheme, "bcrypt") == 0 ||
+ strcmp(crypt_scheme, "md5crypt") == 0 ||
+ strcmp(crypt_scheme, "crypt-extended") == 0)
+ return xstrdup(crypt(password, salt));
+ error("%s: unsupported password encryption scheme \"%.100s\"",
+ __func__, crypt_scheme);
+ return NULL;
+}
+
+static BIGNUM *
+jpake_password_to_secret(Authctxt *authctxt, const char *crypt_scheme,
+ const char *salt)
+{
+ char prompt[256], *password, *crypted;
+ u_char *secret;
+ u_int secret_len;
+ BIGNUM *ret;
+
+ snprintf(prompt, sizeof(prompt), "%.30s@%.128s's password (JPAKE): ",
+ authctxt->server_user, authctxt->host);
+ password = read_passphrase(prompt, 0);
+
+ if ((crypted = pw_encrypt(password, crypt_scheme, salt)) == NULL) {
+ logit("Disabling %s authentication", authctxt->method->name);
+ authctxt->method->enabled = NULL;
+ /* Continue with an empty password to fail gracefully */
+ crypted = xstrdup("");
+ }
+
+#ifdef JPAKE_DEBUG
+ debug3("%s: salt = %s", __func__, salt);
+ debug3("%s: scheme = %s", __func__, crypt_scheme);
+ debug3("%s: crypted = %s", __func__, crypted);
+#endif
+
+ if (hash_buffer(crypted, strlen(crypted), EVP_sha256(),
+ &secret, &secret_len) != 0)
+ fatal("%s: hash_buffer", __func__);
+
+ bzero(password, strlen(password));
+ bzero(crypted, strlen(crypted));
+ xfree(password);
+ xfree(crypted);
+
+ if ((ret = BN_bin2bn(secret, secret_len, NULL)) == NULL)
+ fatal("%s: BN_bin2bn (secret)", __func__);
+ bzero(secret, secret_len);
+ xfree(secret);
+
+ return ret;
+}
+
+/* ARGSUSED */
+void
+input_userauth_jpake_server_step1(int type, u_int32_t seq, void *ctxt)
+{
+ Authctxt *authctxt = ctxt;
+ struct jpake_ctx *pctx = authctxt->methoddata;
+ u_char *x3_proof, *x4_proof, *x2_s_proof;
+ u_int x3_proof_len, x4_proof_len, x2_s_proof_len;
+ char *crypt_scheme, *salt;
+
+ /* Disable this message */
+ dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_STEP1, NULL);
+
+ if ((pctx->g_x3 = BN_new()) == NULL ||
+ (pctx->g_x4 = BN_new()) == NULL)
+ fatal("%s: BN_new", __func__);
+
+ /* Fetch step 1 values */
+ crypt_scheme = packet_get_string(NULL);
+ salt = packet_get_string(NULL);
+ pctx->server_id = packet_get_string(&pctx->server_id_len);
+ packet_get_bignum2(pctx->g_x3);
+ packet_get_bignum2(pctx->g_x4);
+ x3_proof = packet_get_string(&x3_proof_len);
+ x4_proof = packet_get_string(&x4_proof_len);
+ packet_check_eom();
+
+ JPAKE_DEBUG_CTX((pctx, "step 1 received in %s", __func__));
+
+ /* Obtain password and derive secret */
+ pctx->s = jpake_password_to_secret(authctxt, crypt_scheme, salt);
+ bzero(crypt_scheme, strlen(crypt_scheme));
+ bzero(salt, strlen(salt));
+ xfree(crypt_scheme);
+ xfree(salt);
+ JPAKE_DEBUG_BN((pctx->s, "%s: s = ", __func__));
+
+ /* Calculate step 2 values */
+ jpake_step2(pctx->grp, pctx->s, pctx->g_x1,
+ pctx->g_x3, pctx->g_x4, pctx->x2,
+ pctx->server_id, pctx->server_id_len,
+ pctx->client_id, pctx->client_id_len,
+ x3_proof, x3_proof_len,
+ x4_proof, x4_proof_len,
+ &pctx->a,
+ &x2_s_proof, &x2_s_proof_len);
+
+ bzero(x3_proof, x3_proof_len);
+ bzero(x4_proof, x4_proof_len);
+ xfree(x3_proof);
+ xfree(x4_proof);
+
+ JPAKE_DEBUG_CTX((pctx, "step 2 sending in %s", __func__));
+
+ /* Send values for step 2 */
+ packet_start(SSH2_MSG_USERAUTH_JPAKE_CLIENT_STEP2);
+ packet_put_bignum2(pctx->a);
+ packet_put_string(x2_s_proof, x2_s_proof_len);
+ packet_send();
+
+ bzero(x2_s_proof, x2_s_proof_len);
+ xfree(x2_s_proof);
+
+ /* Expect step 2 packet from peer */
+ dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_STEP2,
+ input_userauth_jpake_server_step2);
+}
+
+/* ARGSUSED */
+void
+input_userauth_jpake_server_step2(int type, u_int32_t seq, void *ctxt)
+{
+ Authctxt *authctxt = ctxt;
+ struct jpake_ctx *pctx = authctxt->methoddata;
+ u_char *x4_s_proof;
+ u_int x4_s_proof_len;
+
+ /* Disable this message */
+ dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_STEP2, NULL);
+
+ if ((pctx->b = BN_new()) == NULL)
+ fatal("%s: BN_new", __func__);
+
+ /* Fetch step 2 values */
+ packet_get_bignum2(pctx->b);
+ x4_s_proof = packet_get_string(&x4_s_proof_len);
+ packet_check_eom();
+
+ JPAKE_DEBUG_CTX((pctx, "step 2 received in %s", __func__));
+
+ /* Derive shared key and calculate confirmation hash */
+ jpake_key_confirm(pctx->grp, pctx->s, pctx->b,
+ pctx->x2, pctx->g_x1, pctx->g_x2, pctx->g_x3, pctx->g_x4,
+ pctx->client_id, pctx->client_id_len,
+ pctx->server_id, pctx->server_id_len,
+ session_id2, session_id2_len,
+ x4_s_proof, x4_s_proof_len,
+ &pctx->k,
+ &pctx->h_k_cid_sessid, &pctx->h_k_cid_sessid_len);
+
+ bzero(x4_s_proof, x4_s_proof_len);
+ xfree(x4_s_proof);
+
+ JPAKE_DEBUG_CTX((pctx, "confirm sending in %s", __func__));
+
+ /* Send key confirmation proof */
+ packet_start(SSH2_MSG_USERAUTH_JPAKE_CLIENT_CONFIRM);
+ packet_put_string(pctx->h_k_cid_sessid, pctx->h_k_cid_sessid_len);
+ packet_send();
+
+ /* Expect confirmation from peer */
+ dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_CONFIRM,
+ input_userauth_jpake_server_confirm);
+}
+
+/* ARGSUSED */
+void
+input_userauth_jpake_server_confirm(int type, u_int32_t seq, void *ctxt)
+{
+ Authctxt *authctxt = ctxt;
+ struct jpake_ctx *pctx = authctxt->methoddata;
+
+ /* Disable this message */
+ dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_CONFIRM, NULL);
+
+ pctx->h_k_sid_sessid = packet_get_string(&pctx->h_k_sid_sessid_len);
+ packet_check_eom();
+
+ JPAKE_DEBUG_CTX((pctx, "confirm received in %s", __func__));
+
+ /* Verify expected confirmation hash */
+ if (jpake_check_confirm(pctx->k,
+ pctx->server_id, pctx->server_id_len,
+ session_id2, session_id2_len,
+ pctx->h_k_sid_sessid, pctx->h_k_sid_sessid_len) == 1)
+ debug("%s: %s success", __func__, authctxt->method->name);
+ else {
+ debug("%s: confirmation mismatch", __func__);
+ /* XXX stash this so if auth succeeds then we can warn/kill */
+ }
+
+ userauth_jpake_cleanup(authctxt);
+}
+#endif /* JPAKE */
+
static int
identity_sign(Identity *id, u_char **sigp, u_int *lenp,
u_char *data, u_int datalen)
{
Key *private;
char prompt[300], *passphrase;
- int quit, i;
+ int perm_ok = 0, quit, i;
struct stat st;
if (stat(filename, &st) < 0) {
debug3("no such identity: %s", filename);
return NULL;
}
- private = key_load_private_type(KEY_UNSPEC, filename, "", NULL);
+ private = key_load_private_type(KEY_UNSPEC, filename, "", NULL, &perm_ok);
+ if (!perm_ok)
+ return NULL;
if (private == NULL) {
if (options.batch_mode)
return NULL;
for (i = 0; i < options.number_of_password_prompts; i++) {
passphrase = read_passphrase(prompt, 0);
if (strcmp(passphrase, "") != 0) {
- private = key_load_private_type(KEY_UNSPEC, filename,
- passphrase, NULL);
+ private = key_load_private_type(KEY_UNSPEC,
+ filename, passphrase, NULL, NULL);
quit = 0;
} else {
debug2("no passphrase given, try next key");
if (key && key->type == KEY_RSA1)
continue;
options.identity_keys[i] = NULL;
- id = xmalloc(sizeof(*id));
- memset(id, 0, sizeof(*id));
+ id = xcalloc(1, sizeof(*id));
id->key = key;
id->filename = xstrdup(options.identity_files[i]);
TAILQ_INSERT_TAIL(&files, id, next);
}
}
if (!found && !options.identities_only) {
- id = xmalloc(sizeof(*id));
- memset(id, 0, sizeof(*id));
+ id = xcalloc(1, sizeof(*id));
id->key = key;
id->filename = comment;
id->ac = ac;
debug2("ssh_keysign called");
if (stat(_PATH_SSH_KEY_SIGN, &st) < 0) {
- error("ssh_keysign: no installed: %s", strerror(errno));
+ error("ssh_keysign: not installed: %s", strerror(errno));
return -1;
}
if (fflush(stdout) != 0)
return -1;
}
if (pid == 0) {
- seteuid(getuid());
- setuid(getuid());
+ /* keep the socket on exec */
+ fcntl(packet_get_connection_in(), F_SETFD, 0);
+ permanently_drop_suid(getuid());
close(from[0]);
if (dup2(from[1], STDOUT_FILENO) < 0)
fatal("ssh_keysign: dup2: %s", strerror(errno));
char *chost, *pkalg, *p;
const char *service;
u_int blen, slen;
- int ok, i, len, found = 0;
+ int ok, i, found = 0;
/* check for a useful key */
for (i = 0; i < sensitive->nkeys; i++) {
if (p == NULL) {
error("userauth_hostbased: cannot get local ipaddr/name");
key_free(private);
+ xfree(blob);
return 0;
}
- len = strlen(p) + 2;
- chost = xmalloc(len);
- strlcpy(chost, p, len);
- strlcat(chost, ".", len);
+ xasprintf(&chost, "%s.", p);
debug2("userauth_hostbased: chost %s", chost);
xfree(p);
error("key_sign failed");
xfree(chost);
xfree(pkalg);
+ xfree(blob);
return 0;
}
packet_start(SSH2_MSG_USERAUTH_REQUEST);
xfree(signature);
xfree(chost);
xfree(pkalg);
+ xfree(blob);
packet_send();
return 1;
}
+#ifdef JPAKE
+int
+userauth_jpake(Authctxt *authctxt)
+{
+ struct jpake_ctx *pctx;
+ u_char *x1_proof, *x2_proof;
+ u_int x1_proof_len, x2_proof_len;
+ static int attempt = 0; /* XXX share with userauth_password's? */
+
+ if (attempt++ >= options.number_of_password_prompts)
+ return 0;
+ if (attempt != 1)
+ error("Permission denied, please try again.");
+
+ if (authctxt->methoddata != NULL)
+ fatal("%s: authctxt->methoddata already set (%p)",
+ __func__, authctxt->methoddata);
+
+ authctxt->methoddata = pctx = jpake_new();
+
+ /*
+ * Send request immediately, to get the protocol going while
+ * we do the initial computations.
+ */
+ packet_start(SSH2_MSG_USERAUTH_REQUEST);
+ packet_put_cstring(authctxt->server_user);
+ packet_put_cstring(authctxt->service);
+ packet_put_cstring(authctxt->method->name);
+ packet_send();
+ packet_write_wait();
+
+ jpake_step1(pctx->grp,
+ &pctx->client_id, &pctx->client_id_len,
+ &pctx->x1, &pctx->x2, &pctx->g_x1, &pctx->g_x2,
+ &x1_proof, &x1_proof_len,
+ &x2_proof, &x2_proof_len);
+
+ JPAKE_DEBUG_CTX((pctx, "step 1 sending in %s", __func__));
+
+ packet_start(SSH2_MSG_USERAUTH_JPAKE_CLIENT_STEP1);
+ packet_put_string(pctx->client_id, pctx->client_id_len);
+ packet_put_bignum2(pctx->g_x1);
+ packet_put_bignum2(pctx->g_x2);
+ packet_put_string(x1_proof, x1_proof_len);
+ packet_put_string(x2_proof, x2_proof_len);
+ packet_send();
+
+ bzero(x1_proof, x1_proof_len);
+ bzero(x2_proof, x2_proof_len);
+ xfree(x1_proof);
+ xfree(x2_proof);
+
+ /* Expect step 1 packet from peer */
+ dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_STEP1,
+ input_userauth_jpake_server_step1);
+ dispatch_set(SSH2_MSG_USERAUTH_SUCCESS,
+ &input_userauth_success_unexpected);
+
+ return 1;
+}
+
+void
+userauth_jpake_cleanup(Authctxt *authctxt)
+{
+ debug3("%s: clean up", __func__);
+ if (authctxt->methoddata != NULL) {
+ jpake_free(authctxt->methoddata);
+ authctxt->methoddata = NULL;
+ }
+ dispatch_set(SSH2_MSG_USERAUTH_SUCCESS, &input_userauth_success);
+}
+#endif /* JPAKE */
+
/* find auth method */
/*
buffer_free(&b);
return list;
}
+
andersk / openssh.git / blobdiff