Blame - sshconnect2.c - platform/external/openssh

blob: 031f719baef528ce1a0752460d81fd9439b49b68 [file] [log] [blame]

Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	1	/*
				2	* Copyright (c) 2000 Markus Friedl. All rights reserved.
				3	*
				4	* Redistribution and use in source and binary forms, with or without
				5	* modification, are permitted provided that the following conditions
				6	* are met:
				7	* 1. Redistributions of source code must retain the above copyright
				8	* notice, this list of conditions and the following disclaimer.
				9	* 2. Redistributions in binary form must reproduce the above copyright
				10	* notice, this list of conditions and the following disclaimer in the
				11	* documentation and/or other materials provided with the distribution.
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	12	*
				13	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
				14	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
				15	* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
				16	* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
				17	* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
				18	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
				19	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
				20	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
				21	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
				22	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
				23	*/
				24
				25	#include "includes.h"
Ben Lindstrom	03df5bd	2001-02-10 22:16:41 +0000	[diff] [blame^]	26	RCSID("$OpenBSD: sshconnect2.c,v 1.46 2001/02/10 12:09:21 markus Exp $");
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	27
				28	#include <openssl/bn.h>
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	29	#include <openssl/md5.h>
				30	#include <openssl/dh.h>
				31	#include <openssl/hmac.h>
				32
				33	#include "ssh.h"
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	34	#include "ssh2.h"
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	35	#include "xmalloc.h"
				36	#include "rsa.h"
				37	#include "buffer.h"
				38	#include "packet.h"
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	39	#include "uidswap.h"
				40	#include "compat.h"
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	41	#include "bufaux.h"
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	42	#include "cipher.h"
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	43	#include "kex.h"
				44	#include "myproposal.h"
				45	#include "key.h"
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	46	#include "sshconnect.h"
				47	#include "authfile.h"
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	48	#include "cli.h"
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	49	#include "dispatch.h"
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	50	#include "authfd.h"
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	51	#include "log.h"
				52	#include "readconf.h"
				53	#include "readpass.h"
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	54
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	55	void ssh_dh1_client(Kex , char , struct sockaddr , Buffer , Buffer *);
				56	void ssh_dhgex_client(Kex , char , struct sockaddr , Buffer , Buffer *);
				57
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	58	/* import */
				59	extern char *client_version_string;
				60	extern char *server_version_string;
				61	extern Options options;
				62
				63	/*
				64	* SSH2 key exchange
				65	*/
				66
Ben Lindstrom	46c1622	2000-12-22 01:43:59 +0000	[diff] [blame]	67	u_char *session_id2 = NULL;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	68	int session_id2_len = 0;
				69
				70	void
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	71	ssh_kex2(char host, struct sockaddr hostaddr)
				72	{
				73	int i, plen;
				74	Kex *kex;
				75	Buffer client_kexinit, server_kexinit;
				76	char *sprop[PROPOSAL_MAX];
				77
Damien Miller	e39cacc	2000-11-29 12:18:44 +1100	[diff] [blame]	78	if (options.ciphers == (char *)-1) {
				79	log("No valid ciphers for protocol version 2 given, using defaults.");
				80	options.ciphers = NULL;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	81	}
				82	if (options.ciphers != NULL) {
				83	myproposal[PROPOSAL_ENC_ALGS_CTOS] =
				84	myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers;
				85	}
				86	if (options.compression) {
				87	myproposal[PROPOSAL_COMP_ALGS_CTOS] = "zlib";
				88	myproposal[PROPOSAL_COMP_ALGS_STOC] = "zlib";
				89	} else {
				90	myproposal[PROPOSAL_COMP_ALGS_CTOS] = "none";
				91	myproposal[PROPOSAL_COMP_ALGS_STOC] = "none";
				92	}
				93
				94	/* buffers with raw kexinit messages */
				95	server_kexinit = xmalloc(sizeof(*server_kexinit));
				96	buffer_init(server_kexinit);
				97	client_kexinit = kex_init(myproposal);
				98
				99	/* algorithm negotiation */
				100	kex_exchange_kexinit(client_kexinit, server_kexinit, sprop);
				101	kex = kex_choose_conf(myproposal, sprop, 0);
				102	for (i = 0; i < PROPOSAL_MAX; i++)
				103	xfree(sprop[i]);
				104
				105	/* server authentication and session key agreement */
				106	switch(kex->kex_type) {
				107	case DH_GRP1_SHA1:
				108	ssh_dh1_client(kex, host, hostaddr,
				109	client_kexinit, server_kexinit);
				110	break;
				111	case DH_GEX_SHA1:
				112	ssh_dhgex_client(kex, host, hostaddr, client_kexinit,
				113	server_kexinit);
				114	break;
				115	default:
				116	fatal("Unsupported key exchange %d", kex->kex_type);
				117	}
				118
				119	buffer_free(client_kexinit);
				120	buffer_free(server_kexinit);
				121	xfree(client_kexinit);
				122	xfree(server_kexinit);
				123
				124	debug("Wait SSH2_MSG_NEWKEYS.");
				125	packet_read_expect(&plen, SSH2_MSG_NEWKEYS);
				126	packet_done();
				127	debug("GOT SSH2_MSG_NEWKEYS.");
				128
				129	debug("send SSH2_MSG_NEWKEYS.");
				130	packet_start(SSH2_MSG_NEWKEYS);
				131	packet_send();
				132	packet_write_wait();
				133	debug("done: send SSH2_MSG_NEWKEYS.");
				134
				135	#ifdef DEBUG_KEXDH
				136	/* send 1st encrypted/maced/compressed message */
				137	packet_start(SSH2_MSG_IGNORE);
				138	packet_put_cstring("markus");
				139	packet_send();
				140	packet_write_wait();
				141	#endif
				142	debug("done: KEX2.");
				143	}
				144
				145	/* diffie-hellman-group1-sha1 */
				146
				147	void
Kevin Steves	ef4eea9	2001-02-05 12:42:17 +0000	[diff] [blame]	148	ssh_dh1_client(Kex kex, char host, struct sockaddr *hostaddr,
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	149	Buffer client_kexinit, Buffer server_kexinit)
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	150	{
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	151	#ifdef DEBUG_KEXDH
				152	int i;
				153	#endif
Damien Miller	b1715dc	2000-05-30 13:44:51 +1000	[diff] [blame]	154	int plen, dlen;
Ben Lindstrom	46c1622	2000-12-22 01:43:59 +0000	[diff] [blame]	155	u_int klen, kout;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	156	char *signature = NULL;
Ben Lindstrom	46c1622	2000-12-22 01:43:59 +0000	[diff] [blame]	157	u_int slen;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	158	char *server_host_key_blob = NULL;
				159	Key *server_host_key;
Ben Lindstrom	46c1622	2000-12-22 01:43:59 +0000	[diff] [blame]	160	u_int sbloblen;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	161	DH *dh;
				162	BIGNUM *dh_server_pub = 0;
				163	BIGNUM *shared_secret = 0;
Ben Lindstrom	46c1622	2000-12-22 01:43:59 +0000	[diff] [blame]	164	u_char *kbuf;
				165	u_char *hash;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	166
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	167	debug("Sending SSH2_MSG_KEXDH_INIT.");
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	168	/* generate and send 'e', client DH public key */
				169	dh = dh_new_group1();
Kevin Steves	6b87586	2000-12-15 23:31:01 +0000	[diff] [blame]	170	dh_gen_key(dh);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	171	packet_start(SSH2_MSG_KEXDH_INIT);
				172	packet_put_bignum2(dh->pub_key);
				173	packet_send();
				174	packet_write_wait();
				175
				176	#ifdef DEBUG_KEXDH
				177	fprintf(stderr, "\np= ");
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	178	BN_print_fp(stderr, dh->p);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	179	fprintf(stderr, "\ng= ");
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	180	BN_print_fp(stderr, dh->g);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	181	fprintf(stderr, "\npub= ");
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	182	BN_print_fp(stderr, dh->pub_key);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	183	fprintf(stderr, "\n");
				184	DHparams_print_fp(stderr, dh);
				185	#endif
				186
				187	debug("Wait SSH2_MSG_KEXDH_REPLY.");
				188
Damien Miller	b1715dc	2000-05-30 13:44:51 +1000	[diff] [blame]	189	packet_read_expect(&plen, SSH2_MSG_KEXDH_REPLY);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	190
				191	debug("Got SSH2_MSG_KEXDH_REPLY.");
				192
				193	/* key, cert */
				194	server_host_key_blob = packet_get_string(&sbloblen);
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	195	server_host_key = key_from_blob(server_host_key_blob, sbloblen);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	196	if (server_host_key == NULL)
				197	fatal("cannot decode server_host_key_blob");
				198
				199	check_host_key(host, hostaddr, server_host_key,
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	200	options.user_hostfile2, options.system_hostfile2);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	201
				202	/* DH paramter f, server public DH key */
				203	dh_server_pub = BN_new();
				204	if (dh_server_pub == NULL)
				205	fatal("dh_server_pub == NULL");
				206	packet_get_bignum2(dh_server_pub, &dlen);
				207
				208	#ifdef DEBUG_KEXDH
				209	fprintf(stderr, "\ndh_server_pub= ");
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	210	BN_print_fp(stderr, dh_server_pub);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	211	fprintf(stderr, "\n");
				212	debug("bits %d", BN_num_bits(dh_server_pub));
				213	#endif
				214
				215	/* signed H */
				216	signature = packet_get_string(&slen);
				217	packet_done();
				218
				219	if (!dh_pub_is_valid(dh, dh_server_pub))
				220	packet_disconnect("bad server public DH value");
				221
				222	klen = DH_size(dh);
				223	kbuf = xmalloc(klen);
				224	kout = DH_compute_key(kbuf, dh_server_pub, dh);
				225	#ifdef DEBUG_KEXDH
				226	debug("shared secret: len %d/%d", klen, kout);
				227	fprintf(stderr, "shared secret == ");
				228	for (i = 0; i< kout; i++)
				229	fprintf(stderr, "%02x", (kbuf[i])&0xff);
				230	fprintf(stderr, "\n");
				231	#endif
				232	shared_secret = BN_new();
				233
				234	BN_bin2bn(kbuf, kout, shared_secret);
				235	memset(kbuf, 0, klen);
				236	xfree(kbuf);
				237
				238	/* calc and verify H */
				239	hash = kex_hash(
				240	client_version_string,
				241	server_version_string,
				242	buffer_ptr(client_kexinit), buffer_len(client_kexinit),
				243	buffer_ptr(server_kexinit), buffer_len(server_kexinit),
				244	server_host_key_blob, sbloblen,
				245	dh->pub_key,
				246	dh_server_pub,
				247	shared_secret
				248	);
				249	xfree(server_host_key_blob);
Damien Miller	b1715dc	2000-05-30 13:44:51 +1000	[diff] [blame]	250	DH_free(dh);
Ben Lindstrom	b1985f7	2001-01-23 00:19:15 +0000	[diff] [blame]	251	BN_free(dh_server_pub);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	252	#ifdef DEBUG_KEXDH
				253	fprintf(stderr, "hash == ");
				254	for (i = 0; i< 20; i++)
				255	fprintf(stderr, "%02x", (hash[i])&0xff);
				256	fprintf(stderr, "\n");
				257	#endif
Ben Lindstrom	46c1622	2000-12-22 01:43:59 +0000	[diff] [blame]	258	if (key_verify(server_host_key, (u_char *)signature, slen, hash, 20) != 1)
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	259	fatal("key_verify failed for server_host_key");
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	260	key_free(server_host_key);
Ben Lindstrom	b1985f7	2001-01-23 00:19:15 +0000	[diff] [blame]	261	xfree(signature);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	262
				263	kex_derive_keys(kex, hash, shared_secret);
Ben Lindstrom	b1985f7	2001-01-23 00:19:15 +0000	[diff] [blame]	264	BN_clear_free(shared_secret);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	265	packet_set_kex(kex);
				266
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	267	/* save session id */
				268	session_id2_len = 20;
				269	session_id2 = xmalloc(session_id2_len);
				270	memcpy(session_id2, hash, session_id2_len);
Damien Miller	b1715dc	2000-05-30 13:44:51 +1000	[diff] [blame]	271	}
				272
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	273	/* diffie-hellman-group-exchange-sha1 */
				274
				275	/*
				276	* Estimates the group order for a Diffie-Hellman group that has an
				277	* attack complexity approximately the same as O(2**bits). Estimate
				278	* with: O(exp(1.9223 * (ln q)^(1/3) (ln ln q)^(2/3)))
				279	*/
				280
				281	int
				282	dh_estimate(int bits)
Damien Miller	b1715dc	2000-05-30 13:44:51 +1000	[diff] [blame]	283	{
Kevin Steves	ef4eea9	2001-02-05 12:42:17 +0000	[diff] [blame]	284
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	285	if (bits < 64)
				286	return (512); /* O(2*63) /
				287	if (bits < 128)
				288	return (1024); /* O(2*86) /
				289	if (bits < 192)
				290	return (2048); /* O(2*116) /
				291	return (4096); /* O(2*156) /
				292	}
Damien Miller	b1715dc	2000-05-30 13:44:51 +1000	[diff] [blame]	293
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	294	void
				295	ssh_dhgex_client(Kex kex, char host, struct sockaddr *hostaddr,
				296	Buffer client_kexinit, Buffer server_kexinit)
				297	{
				298	#ifdef DEBUG_KEXDH
				299	int i;
				300	#endif
				301	int plen, dlen;
Ben Lindstrom	46c1622	2000-12-22 01:43:59 +0000	[diff] [blame]	302	u_int klen, kout;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	303	char *signature = NULL;
Ben Lindstrom	46c1622	2000-12-22 01:43:59 +0000	[diff] [blame]	304	u_int slen, nbits;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	305	char *server_host_key_blob = NULL;
				306	Key *server_host_key;
Ben Lindstrom	46c1622	2000-12-22 01:43:59 +0000	[diff] [blame]	307	u_int sbloblen;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	308	DH *dh;
				309	BIGNUM *dh_server_pub = 0;
				310	BIGNUM *shared_secret = 0;
				311	BIGNUM p = 0, g = 0;
Ben Lindstrom	46c1622	2000-12-22 01:43:59 +0000	[diff] [blame]	312	u_char *kbuf;
				313	u_char *hash;
Damien Miller	b1715dc	2000-05-30 13:44:51 +1000	[diff] [blame]	314
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	315	nbits = dh_estimate(kex->enc[MODE_OUT].cipher->key_len * 8);
Damien Miller	b1715dc	2000-05-30 13:44:51 +1000	[diff] [blame]	316
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	317	debug("Sending SSH2_MSG_KEX_DH_GEX_REQUEST.");
				318	packet_start(SSH2_MSG_KEX_DH_GEX_REQUEST);
				319	packet_put_int(nbits);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	320	packet_send();
				321	packet_write_wait();
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	322
				323	#ifdef DEBUG_KEXDH
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	324	fprintf(stderr, "\nnbits = %d", nbits);
				325	#endif
				326
				327	debug("Wait SSH2_MSG_KEX_DH_GEX_GROUP.");
				328
				329	packet_read_expect(&plen, SSH2_MSG_KEX_DH_GEX_GROUP);
				330
				331	debug("Got SSH2_MSG_KEX_DH_GEX_GROUP.");
				332
				333	if ((p = BN_new()) == NULL)
				334	fatal("BN_new");
				335	packet_get_bignum2(p, &dlen);
				336	if ((g = BN_new()) == NULL)
				337	fatal("BN_new");
				338	packet_get_bignum2(g, &dlen);
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	339	dh = dh_new_group(g, p);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	340
Kevin Steves	6b87586	2000-12-15 23:31:01 +0000	[diff] [blame]	341	dh_gen_key(dh);
				342
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	343	#ifdef DEBUG_KEXDH
				344	fprintf(stderr, "\np= ");
				345	BN_print_fp(stderr, dh->p);
				346	fprintf(stderr, "\ng= ");
				347	BN_print_fp(stderr, dh->g);
				348	fprintf(stderr, "\npub= ");
				349	BN_print_fp(stderr, dh->pub_key);
				350	fprintf(stderr, "\n");
				351	DHparams_print_fp(stderr, dh);
				352	#endif
				353
				354	debug("Sending SSH2_MSG_KEX_DH_GEX_INIT.");
				355	/* generate and send 'e', client DH public key */
				356	packet_start(SSH2_MSG_KEX_DH_GEX_INIT);
				357	packet_put_bignum2(dh->pub_key);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	358	packet_send();
				359	packet_write_wait();
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	360
				361	debug("Wait SSH2_MSG_KEX_DH_GEX_REPLY.");
				362
				363	packet_read_expect(&plen, SSH2_MSG_KEX_DH_GEX_REPLY);
				364
				365	debug("Got SSH2_MSG_KEXDH_REPLY.");
				366
				367	/* key, cert */
				368	server_host_key_blob = packet_get_string(&sbloblen);
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	369	server_host_key = key_from_blob(server_host_key_blob, sbloblen);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	370	if (server_host_key == NULL)
				371	fatal("cannot decode server_host_key_blob");
				372
				373	check_host_key(host, hostaddr, server_host_key,
				374	options.user_hostfile2, options.system_hostfile2);
				375
				376	/* DH paramter f, server public DH key */
				377	dh_server_pub = BN_new();
				378	if (dh_server_pub == NULL)
				379	fatal("dh_server_pub == NULL");
				380	packet_get_bignum2(dh_server_pub, &dlen);
				381
				382	#ifdef DEBUG_KEXDH
				383	fprintf(stderr, "\ndh_server_pub= ");
				384	BN_print_fp(stderr, dh_server_pub);
				385	fprintf(stderr, "\n");
				386	debug("bits %d", BN_num_bits(dh_server_pub));
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	387	#endif
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	388
				389	/* signed H */
				390	signature = packet_get_string(&slen);
				391	packet_done();
				392
				393	if (!dh_pub_is_valid(dh, dh_server_pub))
				394	packet_disconnect("bad server public DH value");
				395
				396	klen = DH_size(dh);
				397	kbuf = xmalloc(klen);
				398	kout = DH_compute_key(kbuf, dh_server_pub, dh);
				399	#ifdef DEBUG_KEXDH
				400	debug("shared secret: len %d/%d", klen, kout);
				401	fprintf(stderr, "shared secret == ");
				402	for (i = 0; i< kout; i++)
				403	fprintf(stderr, "%02x", (kbuf[i])&0xff);
				404	fprintf(stderr, "\n");
				405	#endif
				406	shared_secret = BN_new();
				407
				408	BN_bin2bn(kbuf, kout, shared_secret);
				409	memset(kbuf, 0, klen);
				410	xfree(kbuf);
				411
				412	/* calc and verify H */
				413	hash = kex_hash_gex(
				414	client_version_string,
				415	server_version_string,
				416	buffer_ptr(client_kexinit), buffer_len(client_kexinit),
				417	buffer_ptr(server_kexinit), buffer_len(server_kexinit),
				418	server_host_key_blob, sbloblen,
Kevin Steves	ef4eea9	2001-02-05 12:42:17 +0000	[diff] [blame]	419	nbits, dh->p, dh->g,
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	420	dh->pub_key,
				421	dh_server_pub,
				422	shared_secret
				423	);
				424	xfree(server_host_key_blob);
				425	DH_free(dh);
Ben Lindstrom	b1985f7	2001-01-23 00:19:15 +0000	[diff] [blame]	426	BN_free(dh_server_pub);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	427	#ifdef DEBUG_KEXDH
				428	fprintf(stderr, "hash == ");
				429	for (i = 0; i< 20; i++)
				430	fprintf(stderr, "%02x", (hash[i])&0xff);
				431	fprintf(stderr, "\n");
				432	#endif
Ben Lindstrom	46c1622	2000-12-22 01:43:59 +0000	[diff] [blame]	433	if (key_verify(server_host_key, (u_char *)signature, slen, hash, 20) != 1)
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	434	fatal("key_verify failed for server_host_key");
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	435	key_free(server_host_key);
Ben Lindstrom	b1985f7	2001-01-23 00:19:15 +0000	[diff] [blame]	436	xfree(signature);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	437
				438	kex_derive_keys(kex, hash, shared_secret);
Ben Lindstrom	b1985f7	2001-01-23 00:19:15 +0000	[diff] [blame]	439	BN_clear_free(shared_secret);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	440	packet_set_kex(kex);
				441
				442	/* save session id */
				443	session_id2_len = 20;
				444	session_id2 = xmalloc(session_id2_len);
				445	memcpy(session_id2, hash, session_id2_len);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	446	}
Damien Miller	b1715dc	2000-05-30 13:44:51 +1000	[diff] [blame]	447
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	448	/*
				449	* Authenticate user
				450	*/
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	451
				452	typedef struct Authctxt Authctxt;
				453	typedef struct Authmethod Authmethod;
				454
				455	typedef int sign_cb_fn(
				456	Authctxt authctxt, Key key,
Ben Lindstrom	46c1622	2000-12-22 01:43:59 +0000	[diff] [blame]	457	u_char *sigp, int lenp, u_char *data, int datalen);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	458
				459	struct Authctxt {
				460	const char *server_user;
				461	const char *host;
				462	const char *service;
				463	AuthenticationConnection *agent;
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	464	Authmethod *method;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	465	int success;
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	466	};
				467	struct Authmethod {
				468	char name; / string to compare against server's list */
				469	int (userauth)(Authctxt authctxt);
				470	int enabled; / flag in option struct that enables method */
				471	int batch_flag; / flag in option struct that disables method */
				472	};
				473
				474	void input_userauth_success(int type, int plen, void *ctxt);
				475	void input_userauth_failure(int type, int plen, void *ctxt);
Ben Lindstrom	d26dcf3	2001-01-06 15:18:16 +0000	[diff] [blame]	476	void input_userauth_banner(int type, int plen, void *ctxt);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	477	void input_userauth_error(int type, int plen, void *ctxt);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	478	void input_userauth_info_req(int type, int plen, void *ctxt);
				479
				480	int userauth_none(Authctxt *authctxt);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	481	int userauth_pubkey(Authctxt *authctxt);
				482	int userauth_passwd(Authctxt *authctxt);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	483	int userauth_kbdint(Authctxt *authctxt);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	484
Ben Lindstrom	46c1622	2000-12-22 01:43:59 +0000	[diff] [blame]	485	void authmethod_clear(void);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	486	Authmethod authmethod_get(char authlist);
				487	Authmethod authmethod_lookup(const char name);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	488
				489	Authmethod authmethods[] = {
				490	{"publickey",
				491	userauth_pubkey,
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	492	&options.pubkey_authentication,
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	493	NULL},
				494	{"password",
				495	userauth_passwd,
				496	&options.password_authentication,
				497	&options.batch_mode},
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	498	{"keyboard-interactive",
				499	userauth_kbdint,
				500	&options.kbd_interactive_authentication,
				501	&options.batch_mode},
				502	{"none",
				503	userauth_none,
				504	NULL,
				505	NULL},
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	506	{NULL, NULL, NULL, NULL}
				507	};
				508
				509	void
				510	ssh_userauth2(const char server_user, char host)
				511	{
				512	Authctxt authctxt;
				513	int type;
				514	int plen;
				515
Ben Lindstrom	95fb2dd	2001-01-23 03:12:10 +0000	[diff] [blame]	516	if (options.challenge_reponse_authentication)
				517	options.kbd_interactive_authentication = 1;
				518
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	519	debug("send SSH2_MSG_SERVICE_REQUEST");
				520	packet_start(SSH2_MSG_SERVICE_REQUEST);
				521	packet_put_cstring("ssh-userauth");
				522	packet_send();
				523	packet_write_wait();
				524	type = packet_read(&plen);
				525	if (type != SSH2_MSG_SERVICE_ACCEPT) {
				526	fatal("denied SSH2_MSG_SERVICE_ACCEPT: %d", type);
				527	}
				528	if (packet_remaining() > 0) {
				529	char *reply = packet_get_string(&plen);
				530	debug("service_accept: %s", reply);
				531	xfree(reply);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	532	} else {
				533	debug("buggy server: service_accept w/o service");
				534	}
				535	packet_done();
				536	debug("got SSH2_MSG_SERVICE_ACCEPT");
				537
				538	/* setup authentication context */
				539	authctxt.agent = ssh_get_authentication_connection();
				540	authctxt.server_user = server_user;
				541	authctxt.host = host;
				542	authctxt.service = "ssh-connection"; /* service name */
				543	authctxt.success = 0;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	544	authctxt.method = authmethod_lookup("none");
				545	if (authctxt.method == NULL)
				546	fatal("ssh_userauth2: internal error: cannot send userauth none request");
				547	authmethod_clear();
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	548
				549	/* initial userauth request */
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	550	userauth_none(&authctxt);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	551
				552	dispatch_init(&input_userauth_error);
				553	dispatch_set(SSH2_MSG_USERAUTH_SUCCESS, &input_userauth_success);
				554	dispatch_set(SSH2_MSG_USERAUTH_FAILURE, &input_userauth_failure);
Ben Lindstrom	d26dcf3	2001-01-06 15:18:16 +0000	[diff] [blame]	555	dispatch_set(SSH2_MSG_USERAUTH_BANNER, &input_userauth_banner);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	556	dispatch_run(DISPATCH_BLOCK, &authctxt.success, &authctxt); /* loop until success */
				557
				558	if (authctxt.agent != NULL)
				559	ssh_close_authentication_connection(authctxt.agent);
				560
Ben Lindstrom	4dccfa5	2000-12-28 16:40:05 +0000	[diff] [blame]	561	debug("ssh-userauth2 successful: method %s", authctxt.method->name);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	562	}
				563	void
				564	input_userauth_error(int type, int plen, void *ctxt)
				565	{
Ben Lindstrom	d26dcf3	2001-01-06 15:18:16 +0000	[diff] [blame]	566	fatal("input_userauth_error: bad message during authentication: "
				567	"type %d", type);
				568	}
				569	void
				570	input_userauth_banner(int type, int plen, void *ctxt)
				571	{
				572	char msg, lang;
				573	debug3("input_userauth_banner");
				574	msg = packet_get_string(NULL);
				575	lang = packet_get_string(NULL);
				576	fprintf(stderr, "%s", msg);
				577	xfree(msg);
				578	xfree(lang);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	579	}
				580	void
				581	input_userauth_success(int type, int plen, void *ctxt)
				582	{
				583	Authctxt *authctxt = ctxt;
				584	if (authctxt == NULL)
				585	fatal("input_userauth_success: no authentication context");
				586	authctxt->success = 1; /* break out */
				587	}
				588	void
				589	input_userauth_failure(int type, int plen, void *ctxt)
				590	{
				591	Authmethod *method = NULL;
				592	Authctxt *authctxt = ctxt;
				593	char *authlist = NULL;
				594	int partial;
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	595
				596	if (authctxt == NULL)
				597	fatal("input_userauth_failure: no authentication context");
				598
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	599	authlist = packet_get_string(NULL);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	600	partial = packet_get_char();
				601	packet_done();
				602
				603	if (partial != 0)
Ben Lindstrom	03df5bd	2001-02-10 22:16:41 +0000	[diff] [blame^]	604	log("Authenticated with partial success.");
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	605	debug("authentications that can continue: %s", authlist);
				606
				607	for (;;) {
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	608	method = authmethod_get(authlist);
				609	if (method == NULL)
Ben Lindstrom	03df5bd	2001-02-10 22:16:41 +0000	[diff] [blame^]	610	fatal("Permission denied (%s).", authlist);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	611	authctxt->method = method;
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	612	if (method->userauth(authctxt) != 0) {
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	613	debug2("we sent a %s packet, wait for reply", method->name);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	614	break;
				615	} else {
				616	debug2("we did not send a packet, disable method");
				617	method->enabled = NULL;
				618	}
Kevin Steves	ef4eea9	2001-02-05 12:42:17 +0000	[diff] [blame]	619	}
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	620	xfree(authlist);
				621	}
				622
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	623	int
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	624	userauth_none(Authctxt *authctxt)
				625	{
				626	/* initial userauth request */
				627	packet_start(SSH2_MSG_USERAUTH_REQUEST);
				628	packet_put_cstring(authctxt->server_user);
				629	packet_put_cstring(authctxt->service);
				630	packet_put_cstring(authctxt->method->name);
				631	packet_send();
				632	packet_write_wait();
				633	return 1;
				634	}
				635
				636	int
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	637	userauth_passwd(Authctxt *authctxt)
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	638	{
Damien Miller	e247cc4	2000-05-07 12:03:14 +1000	[diff] [blame]	639	static int attempt = 0;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	640	char prompt[80];
				641	char *password;
				642
Damien Miller	d3a1857	2000-06-07 19:55:44 +1000	[diff] [blame]	643	if (attempt++ >= options.number_of_password_prompts)
Damien Miller	e247cc4	2000-05-07 12:03:14 +1000	[diff] [blame]	644	return 0;
				645
Damien Miller	d3a1857	2000-06-07 19:55:44 +1000	[diff] [blame]	646	if(attempt != 1)
				647	error("Permission denied, please try again.");
				648
Ben Lindstrom	03df5bd	2001-02-10 22:16:41 +0000	[diff] [blame^]	649	snprintf(prompt, sizeof(prompt), "%.30s@%.128s's password: ",
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	650	authctxt->server_user, authctxt->host);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	651	password = read_passphrase(prompt, 0);
				652	packet_start(SSH2_MSG_USERAUTH_REQUEST);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	653	packet_put_cstring(authctxt->server_user);
				654	packet_put_cstring(authctxt->service);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	655	packet_put_cstring(authctxt->method->name);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	656	packet_put_char(0);
				657	packet_put_cstring(password);
				658	memset(password, 0, strlen(password));
				659	xfree(password);
				660	packet_send();
				661	packet_write_wait();
				662	return 1;
				663	}
				664
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	665	int
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	666	sign_and_send_pubkey(Authctxt authctxt, Key k, sign_cb_fn *sign_callback)
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	667	{
				668	Buffer b;
Ben Lindstrom	46c1622	2000-12-22 01:43:59 +0000	[diff] [blame]	669	u_char blob, signature;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	670	int bloblen, slen;
Damien Miller	6536c7d	2000-06-22 21:32:31 +1000	[diff] [blame]	671	int skip = 0;
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	672	int ret = -1;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	673	int have_sig = 1;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	674
Ben Lindstrom	d121f61	2000-12-03 17:00:47 +0000	[diff] [blame]	675	debug3("sign_and_send_pubkey");
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	676	if (key_to_blob(k, &blob, &bloblen) == 0) {
				677	/* we cannot handle this key */
Ben Lindstrom	d121f61	2000-12-03 17:00:47 +0000	[diff] [blame]	678	debug3("sign_and_send_pubkey: cannot handle key");
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	679	return 0;
				680	}
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	681	/* data to be signed */
				682	buffer_init(&b);
Damien Miller	50a41ed	2000-10-16 12:14:42 +1100	[diff] [blame]	683	if (datafellows & SSH_OLD_SESSIONID) {
Damien Miller	6536c7d	2000-06-22 21:32:31 +1000	[diff] [blame]	684	buffer_append(&b, session_id2, session_id2_len);
Kevin Steves	ef4eea9	2001-02-05 12:42:17 +0000	[diff] [blame]	685	skip = session_id2_len;
Damien Miller	50a41ed	2000-10-16 12:14:42 +1100	[diff] [blame]	686	} else {
				687	buffer_put_string(&b, session_id2, session_id2_len);
				688	skip = buffer_len(&b);
Damien Miller	6536c7d	2000-06-22 21:32:31 +1000	[diff] [blame]	689	}
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	690	buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	691	buffer_put_cstring(&b, authctxt->server_user);
Damien Miller	30c3d42	2000-05-09 11:02:59 +1000	[diff] [blame]	692	buffer_put_cstring(&b,
Ben Lindstrom	d121f61	2000-12-03 17:00:47 +0000	[diff] [blame]	693	datafellows & SSH_BUG_PKSERVICE ?
Damien Miller	30c3d42	2000-05-09 11:02:59 +1000	[diff] [blame]	694	"ssh-userauth" :
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	695	authctxt->service);
Ben Lindstrom	d121f61	2000-12-03 17:00:47 +0000	[diff] [blame]	696	if (datafellows & SSH_BUG_PKAUTH) {
				697	buffer_put_char(&b, have_sig);
				698	} else {
				699	buffer_put_cstring(&b, authctxt->method->name);
				700	buffer_put_char(&b, have_sig);
Kevin Steves	ef4eea9	2001-02-05 12:42:17 +0000	[diff] [blame]	701	buffer_put_cstring(&b, key_ssh_name(k));
Ben Lindstrom	d121f61	2000-12-03 17:00:47 +0000	[diff] [blame]	702	}
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	703	buffer_put_string(&b, blob, bloblen);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	704
				705	/* generate signature */
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	706	ret = (*sign_callback)(authctxt, k, &signature, &slen, buffer_ptr(&b), buffer_len(&b));
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	707	if (ret == -1) {
				708	xfree(blob);
				709	buffer_free(&b);
				710	return 0;
				711	}
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	712	#ifdef DEBUG_PK
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	713	buffer_dump(&b);
				714	#endif
Ben Lindstrom	d121f61	2000-12-03 17:00:47 +0000	[diff] [blame]	715	if (datafellows & SSH_BUG_PKSERVICE) {
Damien Miller	30c3d42	2000-05-09 11:02:59 +1000	[diff] [blame]	716	buffer_clear(&b);
				717	buffer_append(&b, session_id2, session_id2_len);
				718	buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	719	buffer_put_cstring(&b, authctxt->server_user);
				720	buffer_put_cstring(&b, authctxt->service);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	721	buffer_put_cstring(&b, authctxt->method->name);
				722	buffer_put_char(&b, have_sig);
Ben Lindstrom	d121f61	2000-12-03 17:00:47 +0000	[diff] [blame]	723	if (!(datafellows & SSH_BUG_PKAUTH))
Kevin Steves	ef4eea9	2001-02-05 12:42:17 +0000	[diff] [blame]	724	buffer_put_cstring(&b, key_ssh_name(k));
Damien Miller	30c3d42	2000-05-09 11:02:59 +1000	[diff] [blame]	725	buffer_put_string(&b, blob, bloblen);
				726	}
				727	xfree(blob);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	728	/* append signature */
				729	buffer_put_string(&b, signature, slen);
				730	xfree(signature);
				731
				732	/* skip session id and packet type */
Damien Miller	6536c7d	2000-06-22 21:32:31 +1000	[diff] [blame]	733	if (buffer_len(&b) < skip + 1)
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	734	fatal("userauth_pubkey: internal error");
Damien Miller	6536c7d	2000-06-22 21:32:31 +1000	[diff] [blame]	735	buffer_consume(&b, skip + 1);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	736
				737	/* put remaining data from buffer into packet */
				738	packet_start(SSH2_MSG_USERAUTH_REQUEST);
				739	packet_put_raw(buffer_ptr(&b), buffer_len(&b));
				740	buffer_free(&b);
				741
				742	/* send */
				743	packet_send();
				744	packet_write_wait();
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	745
				746	return 1;
Damien Miller	994cf14	2000-07-21 10:19:44 +1000	[diff] [blame]	747	}
				748
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	749	/* sign callback */
Ben Lindstrom	46c1622	2000-12-22 01:43:59 +0000	[diff] [blame]	750	int key_sign_cb(Authctxt authctxt, Key key, u_char *sigp, int lenp,
				751	u_char *data, int datalen)
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	752	{
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	753	return key_sign(key, sigp, lenp, data, datalen);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	754	}
				755
Damien Miller	994cf14	2000-07-21 10:19:44 +1000	[diff] [blame]	756	int
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	757	userauth_pubkey_identity(Authctxt authctxt, char filename)
Damien Miller	994cf14	2000-07-21 10:19:44 +1000	[diff] [blame]	758	{
				759	Key *k;
Ben Lindstrom	03df5bd	2001-02-10 22:16:41 +0000	[diff] [blame^]	760	int i, ret, try_next, success = 0;
Damien Miller	994cf14	2000-07-21 10:19:44 +1000	[diff] [blame]	761	struct stat st;
Ben Lindstrom	03df5bd	2001-02-10 22:16:41 +0000	[diff] [blame^]	762	char *passphrase;
				763	char prompt[300];
Damien Miller	994cf14	2000-07-21 10:19:44 +1000	[diff] [blame]	764
				765	if (stat(filename, &st) != 0) {
				766	debug("key does not exist: %s", filename);
				767	return 0;
				768	}
				769	debug("try pubkey: %s", filename);
				770
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	771	k = key_new(KEY_UNSPEC);
Damien Miller	994cf14	2000-07-21 10:19:44 +1000	[diff] [blame]	772	if (!load_private_key(filename, "", k, NULL)) {
Ben Lindstrom	03df5bd	2001-02-10 22:16:41 +0000	[diff] [blame^]	773	if (options.batch_mode) {
				774	key_free(k);
				775	return 0;
				776	}
Damien Miller	994cf14	2000-07-21 10:19:44 +1000	[diff] [blame]	777	snprintf(prompt, sizeof prompt,
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	778	"Enter passphrase for key '%.100s': ", filename);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	779	for (i = 0; i < options.number_of_password_prompts; i++) {
				780	passphrase = read_passphrase(prompt, 0);
				781	if (strcmp(passphrase, "") != 0) {
				782	success = load_private_key(filename, passphrase, k, NULL);
				783	try_next = 0;
				784	} else {
				785	debug2("no passphrase given, try next key");
				786	try_next = 1;
				787	}
				788	memset(passphrase, 0, strlen(passphrase));
				789	xfree(passphrase);
				790	if (success \|\| try_next)
				791	break;
				792	debug2("bad passphrase given, try again...");
				793	}
Damien Miller	994cf14	2000-07-21 10:19:44 +1000	[diff] [blame]	794	if (!success) {
				795	key_free(k);
				796	return 0;
				797	}
				798	}
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	799	ret = sign_and_send_pubkey(authctxt, k, key_sign_cb);
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	800	key_free(k);
				801	return ret;
				802	}
				803
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	804	/* sign callback */
Ben Lindstrom	46c1622	2000-12-22 01:43:59 +0000	[diff] [blame]	805	int agent_sign_cb(Authctxt authctxt, Key key, u_char *sigp, int lenp,
				806	u_char *data, int datalen)
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	807	{
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	808	return ssh_agent_sign(authctxt->agent, key, sigp, lenp, data, datalen);
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	809	}
				810
				811	int
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	812	userauth_pubkey_agent(Authctxt *authctxt)
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	813	{
				814	static int called = 0;
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	815	int ret = 0;
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	816	char *comment;
				817	Key *k;
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	818
				819	if (called == 0) {
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	820	if (ssh_get_num_identities(authctxt->agent, 2) == 0)
				821	debug2("userauth_pubkey_agent: no keys at all");
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	822	called = 1;
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	823	}
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	824	k = ssh_get_next_identity(authctxt->agent, &comment, 2);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	825	if (k == NULL) {
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	826	debug2("userauth_pubkey_agent: no more keys");
				827	} else {
				828	debug("userauth_pubkey_agent: trying agent key %s", comment);
				829	xfree(comment);
				830	ret = sign_and_send_pubkey(authctxt, k, agent_sign_cb);
				831	key_free(k);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	832	}
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	833	if (ret == 0)
				834	debug2("userauth_pubkey_agent: no message sent");
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	835	return ret;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	836	}
				837
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	838	int
				839	userauth_pubkey(Authctxt *authctxt)
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	840	{
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	841	static int idx = 0;
				842	int sent = 0;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	843
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	844	if (authctxt->agent != NULL) {
				845	do {
				846	sent = userauth_pubkey_agent(authctxt);
				847	} while(!sent && authctxt->agent->howmany > 0);
				848	}
				849	while (!sent && idx < options.num_identity_files) {
				850	if (options.identity_files_type[idx] != KEY_RSA1)
				851	sent = userauth_pubkey_identity(authctxt,
				852	options.identity_files[idx]);
				853	idx++;
				854	}
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	855	return sent;
				856	}
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	857
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	858	/*
				859	* Send userauth request message specifying keyboard-interactive method.
				860	*/
				861	int
				862	userauth_kbdint(Authctxt *authctxt)
				863	{
				864	static int attempt = 0;
				865
				866	if (attempt++ >= options.number_of_password_prompts)
				867	return 0;
				868
				869	debug2("userauth_kbdint");
				870	packet_start(SSH2_MSG_USERAUTH_REQUEST);
				871	packet_put_cstring(authctxt->server_user);
				872	packet_put_cstring(authctxt->service);
				873	packet_put_cstring(authctxt->method->name);
				874	packet_put_cstring(""); /* lang */
				875	packet_put_cstring(options.kbd_interactive_devices ?
				876	options.kbd_interactive_devices : "");
				877	packet_send();
				878	packet_write_wait();
				879
				880	dispatch_set(SSH2_MSG_USERAUTH_INFO_REQUEST, &input_userauth_info_req);
				881	return 1;
				882	}
				883
				884	/*
Ben Lindstrom	03df5bd	2001-02-10 22:16:41 +0000	[diff] [blame^]	885	* parse INFO_REQUEST, prompt user and send INFO_RESPONSE
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	886	*/
				887	void
				888	input_userauth_info_req(int type, int plen, void *ctxt)
				889	{
				890	Authctxt *authctxt = ctxt;
Ben Lindstrom	03df5bd	2001-02-10 22:16:41 +0000	[diff] [blame^]	891	char name, inst, lang, prompt, *response;
Ben Lindstrom	46c1622	2000-12-22 01:43:59 +0000	[diff] [blame]	892	u_int num_prompts, i;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	893	int echo = 0;
				894
				895	debug2("input_userauth_info_req");
				896
				897	if (authctxt == NULL)
				898	fatal("input_userauth_info_req: no authentication context");
				899
				900	name = packet_get_string(NULL);
				901	inst = packet_get_string(NULL);
				902	lang = packet_get_string(NULL);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	903	if (strlen(name) > 0)
				904	cli_mesg(name);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	905	if (strlen(inst) > 0)
				906	cli_mesg(inst);
Ben Lindstrom	03df5bd	2001-02-10 22:16:41 +0000	[diff] [blame^]	907	xfree(name);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	908	xfree(inst);
Ben Lindstrom	03df5bd	2001-02-10 22:16:41 +0000	[diff] [blame^]	909	xfree(lang);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	910
				911	num_prompts = packet_get_int();
				912	/*
				913	* Begin to build info response packet based on prompts requested.
				914	* We commit to providing the correct number of responses, so if
				915	* further on we run into a problem that prevents this, we have to
				916	* be sure and clean this up and send a correct error response.
				917	*/
				918	packet_start(SSH2_MSG_USERAUTH_INFO_RESPONSE);
				919	packet_put_int(num_prompts);
				920
				921	for (i = 0; i < num_prompts; i++) {
				922	prompt = packet_get_string(NULL);
				923	echo = packet_get_char();
				924
				925	response = cli_prompt(prompt, echo);
				926
				927	packet_put_cstring(response);
				928	memset(response, 0, strlen(response));
				929	xfree(response);
				930	xfree(prompt);
				931	}
				932	packet_done(); /* done with parsing incoming message. */
				933
				934	packet_send();
				935	packet_write_wait();
				936	}
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	937
				938	/* find auth method */
				939
				940	#define DELIM ","
				941
				942	static char *def_authlist = "publickey,password";
				943	static char authlist_current = NULL; / clean copy used for comparison */
				944	static char authname_current = NULL; / last used auth method */
				945	static char authlist_working = NULL; / copy that gets modified by strtok_r() */
				946	static char authlist_state = NULL; / state variable for strtok_r() */
				947
				948	/*
				949	* Before starting to use a new authentication method list sent by the
				950	* server, reset internal variables. This should also be called when
				951	* finished processing server list to free resources.
				952	*/
				953	void
Ben Lindstrom	46c1622	2000-12-22 01:43:59 +0000	[diff] [blame]	954	authmethod_clear(void)
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	955	{
				956	if (authlist_current != NULL) {
				957	xfree(authlist_current);
				958	authlist_current = NULL;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	959	}
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	960	if (authlist_working != NULL) {
				961	xfree(authlist_working);
				962	authlist_working = NULL;
				963	}
				964	if (authname_current != NULL) {
				965	xfree(authname_current);
Ben Lindstrom	03df5bd	2001-02-10 22:16:41 +0000	[diff] [blame^]	966	authname_current = NULL;
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	967	}
				968	if (authlist_state != NULL)
				969	authlist_state = NULL;
				970	return;
				971	}
				972
				973	/*
				974	* given auth method name, if configurable options permit this method fill
				975	* in auth_ident field and return true, otherwise return false.
				976	*/
				977	int
				978	authmethod_is_enabled(Authmethod *method)
				979	{
				980	if (method == NULL)
				981	return 0;
				982	/* return false if options indicate this method is disabled */
				983	if (method->enabled == NULL \|\| *method->enabled == 0)
				984	return 0;
				985	/* return false if batch mode is enabled but method needs interactive mode */
				986	if (method->batch_flag != NULL && *method->batch_flag != 0)
				987	return 0;
				988	return 1;
				989	}
				990
				991	Authmethod *
				992	authmethod_lookup(const char *name)
				993	{
				994	Authmethod *method = NULL;
				995	if (name != NULL)
				996	for (method = authmethods; method->name != NULL; method++)
				997	if (strcmp(name, method->name) == 0)
				998	return method;
				999	debug2("Unrecognized authentication method name: %s", name ? name : "NULL");
				1000	return NULL;
				1001	}
				1002
				1003	/*
				1004	* Given the authentication method list sent by the server, return the
				1005	* next method we should try. If the server initially sends a nil list,
				1006	* use a built-in default list. If the server sends a nil list after
				1007	* previously sending a valid list, continue using the list originally
				1008	* sent.
Kevin Steves	ef4eea9	2001-02-05 12:42:17 +0000	[diff] [blame]	1009	*/
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	1010
				1011	Authmethod *
				1012	authmethod_get(char *authlist)
				1013	{
Damien Miller	69b69aa	2000-10-28 14:19:58 +1100	[diff] [blame]	1014	char name = NULL, authname_old;
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	1015	Authmethod *method = NULL;
Kevin Steves	ef4eea9	2001-02-05 12:42:17 +0000	[diff] [blame]	1016
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	1017	/* Use a suitable default if we're passed a nil list. */
				1018	if (authlist == NULL \|\| strlen(authlist) == 0)
				1019	authlist = def_authlist;
				1020
				1021	if (authlist_current == NULL \|\| strcmp(authlist, authlist_current) != 0) {
				1022	/* start over if passed a different list */
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	1023	debug3("start over, passed a different list");
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	1024	authmethod_clear();
				1025	authlist_current = xstrdup(authlist);
				1026	authlist_working = xstrdup(authlist);
				1027	name = strtok_r(authlist_working, DELIM, &authlist_state);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	1028	} else {
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	1029	/*
				1030	* try to use previously used authentication method
				1031	* or continue to use previously passed list
				1032	*/
				1033	name = (authname_current != NULL) ?
				1034	authname_current : strtok_r(NULL, DELIM, &authlist_state);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	1035	}
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	1036
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	1037	while (name != NULL) {
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	1038	debug3("authmethod_lookup %s", name);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	1039	method = authmethod_lookup(name);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	1040	if (method != NULL && authmethod_is_enabled(method)) {
				1041	debug3("authmethod_is_enabled %s", name);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	1042	break;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	1043	}
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	1044	name = strtok_r(NULL, DELIM, &authlist_state);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	1045	method = NULL;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	1046	}
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	1047
Damien Miller	69b69aa	2000-10-28 14:19:58 +1100	[diff] [blame]	1048	authname_old = authname_current;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	1049	if (method != NULL) {
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	1050	debug("next auth method to try is %s", name);
				1051	authname_current = xstrdup(name);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	1052	} else {
				1053	debug("no more auth methods to try");
				1054	authname_current = NULL;
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	1055	}
Damien Miller	69b69aa	2000-10-28 14:19:58 +1100	[diff] [blame]	1056
				1057	if (authname_old != NULL)
				1058	xfree(authname_old);
				1059
				1060	return (method);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	1061	}