Blame - sshconnect2.c - platform/external/openssh

blob: c71ad506b9b8bb91a934a7da8f8b5f67e2c727fb [file] [log] [blame]

Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	1	/*
				2	* Copyright (c) 2000 Markus Friedl. All rights reserved.
				3	*
				4	* Redistribution and use in source and binary forms, with or without
				5	* modification, are permitted provided that the following conditions
				6	* are met:
				7	* 1. Redistributions of source code must retain the above copyright
				8	* notice, this list of conditions and the following disclaimer.
				9	* 2. Redistributions in binary form must reproduce the above copyright
				10	* notice, this list of conditions and the following disclaimer in the
				11	* documentation and/or other materials provided with the distribution.
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	12	*
				13	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
				14	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
				15	* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
				16	* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
				17	* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
				18	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
				19	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
				20	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
				21	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
				22	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
				23	*/
				24
				25	#include "includes.h"
Darren Tucker	0efd155	2003-08-26 11:49:55 +1000	[diff] [blame^]	26	RCSID("$OpenBSD: sshconnect2.c,v 1.121 2003/08/22 10:56:09 markus Exp $");
Damien Miller	3ab496b	2003-05-14 13:47:37 +1000	[diff] [blame]	27
				28	#ifdef KRB5
				29	#include <krb5.h>
Damien Miller	9c61769	2003-05-14 14:31:11 +1000	[diff] [blame]	30	#ifndef HEIMDAL
				31	#define krb5_get_err_text(context,code) error_message(code)
				32	#endif /* !HEIMDAL */
Damien Miller	3ab496b	2003-05-14 13:47:37 +1000	[diff] [blame]	33	#endif
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	34
Damien Miller	9c61769	2003-05-14 14:31:11 +1000	[diff] [blame]	35	#include "openbsd-compat/sys-queue.h"
				36
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	37	#include "ssh.h"
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	38	#include "ssh2.h"
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	39	#include "xmalloc.h"
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	40	#include "buffer.h"
				41	#include "packet.h"
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	42	#include "compat.h"
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	43	#include "bufaux.h"
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	44	#include "cipher.h"
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	45	#include "kex.h"
				46	#include "myproposal.h"
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	47	#include "sshconnect.h"
				48	#include "authfile.h"
Ben Lindstrom	df22139	2001-03-29 00:36:16 +0000	[diff] [blame]	49	#include "dh.h"
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	50	#include "authfd.h"
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	51	#include "log.h"
				52	#include "readconf.h"
				53	#include "readpass.h"
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame]	54	#include "match.h"
Ben Lindstrom	20d7c7b	2001-04-04 01:56:17 +0000	[diff] [blame]	55	#include "dispatch.h"
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	56	#include "canohost.h"
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	57	#include "msg.h"
				58	#include "pathnames.h"
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	59
Darren Tucker	0efd155	2003-08-26 11:49:55 +1000	[diff] [blame^]	60	#ifdef GSSAPI
				61	#include "ssh-gss.h"
				62	#endif
				63
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	64	/* import */
				65	extern char *client_version_string;
				66	extern char *server_version_string;
				67	extern Options options;
				68
				69	/*
				70	* SSH2 key exchange
				71	*/
				72
Ben Lindstrom	46c1622	2000-12-22 01:43:59 +0000	[diff] [blame]	73	u_char *session_id2 = NULL;
Darren Tucker	502d384	2003-06-28 12:38:01 +1000	[diff] [blame]	74	u_int session_id2_len = 0;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	75
Ben Lindstrom	20d7c7b	2001-04-04 01:56:17 +0000	[diff] [blame]	76	char *xxx_host;
				77	struct sockaddr *xxx_hostaddr;
				78
Ben Lindstrom	f28f634	2001-04-04 02:03:04 +0000	[diff] [blame]	79	Kex *xxx_kex = NULL;
				80
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	81	static int
Ben Lindstrom	d6481ea	2001-06-25 04:37:41 +0000	[diff] [blame]	82	verify_host_key_callback(Key *hostkey)
Ben Lindstrom	20d7c7b	2001-04-04 01:56:17 +0000	[diff] [blame]	83	{
Ben Lindstrom	d6481ea	2001-06-25 04:37:41 +0000	[diff] [blame]	84	if (verify_host_key(xxx_host, xxx_hostaddr, hostkey) == -1)
Damien Miller	59d9fb9	2001-10-10 15:03:11 +1000	[diff] [blame]	85	fatal("Host key verification failed.");
Ben Lindstrom	20d7c7b	2001-04-04 01:56:17 +0000	[diff] [blame]	86	return 0;
				87	}
				88
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	89	void
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	90	ssh_kex2(char host, struct sockaddr hostaddr)
				91	{
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	92	Kex *kex;
Ben Lindstrom	20d7c7b	2001-04-04 01:56:17 +0000	[diff] [blame]	93
				94	xxx_host = host;
				95	xxx_hostaddr = hostaddr;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	96
Damien Miller	e39cacc	2000-11-29 12:18:44 +1100	[diff] [blame]	97	if (options.ciphers == (char *)-1) {
Damien Miller	996acd2	2003-04-09 20:59:48 +1000	[diff] [blame]	98	logit("No valid ciphers for protocol version 2 given, using defaults.");
Damien Miller	e39cacc	2000-11-29 12:18:44 +1100	[diff] [blame]	99	options.ciphers = NULL;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	100	}
				101	if (options.ciphers != NULL) {
				102	myproposal[PROPOSAL_ENC_ALGS_CTOS] =
				103	myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers;
				104	}
Damien Miller	a0ff466	2001-03-30 10:49:35 +1000	[diff] [blame]	105	myproposal[PROPOSAL_ENC_ALGS_CTOS] =
				106	compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_CTOS]);
				107	myproposal[PROPOSAL_ENC_ALGS_STOC] =
				108	compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_STOC]);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	109	if (options.compression) {
Ben Lindstrom	06b33aa	2001-02-15 03:01:59 +0000	[diff] [blame]	110	myproposal[PROPOSAL_COMP_ALGS_CTOS] =
Ben Lindstrom	343010a	2002-07-04 00:16:25 +0000	[diff] [blame]	111	myproposal[PROPOSAL_COMP_ALGS_STOC] = "zlib,none";
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	112	} else {
Ben Lindstrom	06b33aa	2001-02-15 03:01:59 +0000	[diff] [blame]	113	myproposal[PROPOSAL_COMP_ALGS_CTOS] =
Ben Lindstrom	343010a	2002-07-04 00:16:25 +0000	[diff] [blame]	114	myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib";
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	115	}
Ben Lindstrom	06b33aa	2001-02-15 03:01:59 +0000	[diff] [blame]	116	if (options.macs != NULL) {
				117	myproposal[PROPOSAL_MAC_ALGS_CTOS] =
				118	myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
				119	}
Ben Lindstrom	982dbbc	2001-04-17 18:11:36 +0000	[diff] [blame]	120	if (options.hostkeyalgorithms != NULL)
Damien Miller	9f0f5c6	2001-12-21 14:45:46 +1100	[diff] [blame]	121	myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
Ben Lindstrom	982dbbc	2001-04-17 18:11:36 +0000	[diff] [blame]	122	options.hostkeyalgorithms;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	123
Damien Miller	a5539d2	2003-04-09 20:50:06 +1000	[diff] [blame]	124	if (options.rekey_limit)
				125	packet_set_rekey_limit(options.rekey_limit);
				126
Ben Lindstrom	8ac9106	2001-04-04 17:57:54 +0000	[diff] [blame]	127	/* start key exchange */
Ben Lindstrom	238abf6	2001-04-04 17:52:53 +0000	[diff] [blame]	128	kex = kex_setup(myproposal);
Damien Miller	8e7fb33	2003-02-24 12:03:03 +1100	[diff] [blame]	129	kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client;
				130	kex->kex[KEX_DH_GEX_SHA1] = kexgex_client;
Ben Lindstrom	20d7c7b	2001-04-04 01:56:17 +0000	[diff] [blame]	131	kex->client_version_string=client_version_string;
				132	kex->server_version_string=server_version_string;
Ben Lindstrom	d6481ea	2001-06-25 04:37:41 +0000	[diff] [blame]	133	kex->verify_host_key=&verify_host_key_callback;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	134
Ben Lindstrom	f28f634	2001-04-04 02:03:04 +0000	[diff] [blame]	135	xxx_kex = kex;
				136
Ben Lindstrom	be2cc43	2001-04-04 23:46:07 +0000	[diff] [blame]	137	dispatch_run(DISPATCH_BLOCK, &kex->done, kex);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	138
Ben Lindstrom	2d90e00	2001-04-04 02:00:54 +0000	[diff] [blame]	139	session_id2 = kex->session_id;
				140	session_id2_len = kex->session_id_len;
				141
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	142	#ifdef DEBUG_KEXDH
				143	/* send 1st encrypted/maced/compressed message */
				144	packet_start(SSH2_MSG_IGNORE);
				145	packet_put_cstring("markus");
				146	packet_send();
				147	packet_write_wait();
				148	#endif
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	149	}
Damien Miller	b1715dc	2000-05-30 13:44:51 +1000	[diff] [blame]	150
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	151	/*
				152	* Authenticate user
				153	*/
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	154
				155	typedef struct Authctxt Authctxt;
				156	typedef struct Authmethod Authmethod;
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	157	typedef struct identity Identity;
				158	typedef struct idlist Idlist;
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	159
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	160	struct identity {
				161	TAILQ_ENTRY(identity) next;
				162	AuthenticationConnection ac; / set if agent supports key */
				163	Key key; / public/private key */
				164	char filename; / comment for agent-only keys */
				165	int tried;
				166	int isprivate; /* key points to the private key */
				167	};
				168	TAILQ_HEAD(idlist, identity);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	169
				170	struct Authctxt {
				171	const char *server_user;
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	172	const char *local_user;
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	173	const char *host;
				174	const char *service;
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	175	Authmethod *method;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	176	int success;
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	177	char *authlist;
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	178	/* pubkey */
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	179	Idlist keys;
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	180	AuthenticationConnection *agent;
				181	/* hostbased */
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	182	Sensitive *sensitive;
Ben Lindstrom	7d19996	2001-09-12 18:29:00 +0000	[diff] [blame]	183	/* kbd-interactive */
				184	int info_req_seen;
Darren Tucker	0efd155	2003-08-26 11:49:55 +1000	[diff] [blame^]	185	/* generic */
				186	void *methoddata;
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	187	};
				188	struct Authmethod {
				189	char name; / string to compare against server's list */
				190	int (userauth)(Authctxt authctxt);
				191	int enabled; / flag in option struct that enables method */
				192	int batch_flag; / flag in option struct that disables method */
				193	};
				194
Damien Miller	630d6f4	2002-01-22 23:17:30 +1100	[diff] [blame]	195	void input_userauth_success(int, u_int32_t, void *);
				196	void input_userauth_failure(int, u_int32_t, void *);
				197	void input_userauth_banner(int, u_int32_t, void *);
				198	void input_userauth_error(int, u_int32_t, void *);
				199	void input_userauth_info_req(int, u_int32_t, void *);
				200	void input_userauth_pk_ok(int, u_int32_t, void *);
Ben Lindstrom	38a69e6	2002-03-27 17:28:46 +0000	[diff] [blame]	201	void input_userauth_passwd_changereq(int, u_int32_t, void *);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	202
Ben Lindstrom	3c36bb2	2001-12-06 17:55:26 +0000	[diff] [blame]	203	int userauth_none(Authctxt *);
				204	int userauth_pubkey(Authctxt *);
				205	int userauth_passwd(Authctxt *);
				206	int userauth_kbdint(Authctxt *);
				207	int userauth_hostbased(Authctxt *);
Damien Miller	3ab496b	2003-05-14 13:47:37 +1000	[diff] [blame]	208	int userauth_kerberos(Authctxt *);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	209
Darren Tucker	0efd155	2003-08-26 11:49:55 +1000	[diff] [blame^]	210	#ifdef GSSAPI
				211	int userauth_gssapi(Authctxt *authctxt);
				212	void input_gssapi_response(int type, u_int32_t, void *);
				213	void input_gssapi_token(int type, u_int32_t, void *);
				214	void input_gssapi_hash(int type, u_int32_t, void *);
				215	void input_gssapi_error(int, u_int32_t, void *);
				216	void input_gssapi_errtok(int, u_int32_t, void *);
				217	#endif
				218
Ben Lindstrom	3c36bb2	2001-12-06 17:55:26 +0000	[diff] [blame]	219	void userauth(Authctxt , char );
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	220
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	221	static int sign_and_send_pubkey(Authctxt , Identity );
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	222	static void pubkey_prepare(Authctxt *);
				223	static void pubkey_cleanup(Authctxt *);
				224	static Key load_identity_file(char );
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	225
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	226	static Authmethod authmethod_get(char authlist);
				227	static Authmethod authmethod_lookup(const char name);
				228	static char *authmethods_get(void);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	229
				230	Authmethod authmethods[] = {
Darren Tucker	0efd155	2003-08-26 11:49:55 +1000	[diff] [blame^]	231	#ifdef GSSAPI
				232	{"gssapi",
				233	userauth_gssapi,
				234	&options.gss_authentication,
				235	NULL},
				236	#endif
Ben Lindstrom	1bfe291	2001-06-05 19:37:25 +0000	[diff] [blame]	237	{"hostbased",
				238	userauth_hostbased,
				239	&options.hostbased_authentication,
				240	NULL},
Damien Miller	3ab496b	2003-05-14 13:47:37 +1000	[diff] [blame]	241	#if KRB5
				242	{"kerberos-2@ssh.com",
				243	userauth_kerberos,
				244	&options.kerberos_authentication,
				245	NULL},
				246	#endif
Ben Lindstrom	45350e8	2001-08-06 20:57:11 +0000	[diff] [blame]	247	{"publickey",
				248	userauth_pubkey,
				249	&options.pubkey_authentication,
				250	NULL},
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	251	{"keyboard-interactive",
				252	userauth_kbdint,
				253	&options.kbd_interactive_authentication,
				254	&options.batch_mode},
Ben Lindstrom	45350e8	2001-08-06 20:57:11 +0000	[diff] [blame]	255	{"password",
				256	userauth_passwd,
				257	&options.password_authentication,
				258	&options.batch_mode},
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	259	{"none",
				260	userauth_none,
				261	NULL,
				262	NULL},
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	263	{NULL, NULL, NULL, NULL}
				264	};
				265
				266	void
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	267	ssh_userauth2(const char local_user, const char server_user, char *host,
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	268	Sensitive *sensitive)
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	269	{
				270	Authctxt authctxt;
				271	int type;
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	272
Ben Lindstrom	551ea37	2001-06-05 18:56:16 +0000	[diff] [blame]	273	if (options.challenge_response_authentication)
Ben Lindstrom	95fb2dd	2001-01-23 03:12:10 +0000	[diff] [blame]	274	options.kbd_interactive_authentication = 1;
				275
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	276	packet_start(SSH2_MSG_SERVICE_REQUEST);
				277	packet_put_cstring("ssh-userauth");
				278	packet_send();
Ben Lindstrom	064496f	2002-12-23 02:04:22 +0000	[diff] [blame]	279	debug("SSH2_MSG_SERVICE_REQUEST sent");
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	280	packet_write_wait();
Damien Miller	dff5099	2002-01-22 23:16:32 +1100	[diff] [blame]	281	type = packet_read();
Ben Lindstrom	064496f	2002-12-23 02:04:22 +0000	[diff] [blame]	282	if (type != SSH2_MSG_SERVICE_ACCEPT)
				283	fatal("Server denied authentication request: %d", type);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	284	if (packet_remaining() > 0) {
Damien Miller	dff5099	2002-01-22 23:16:32 +1100	[diff] [blame]	285	char *reply = packet_get_string(NULL);
Ben Lindstrom	064496f	2002-12-23 02:04:22 +0000	[diff] [blame]	286	debug2("service_accept: %s", reply);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	287	xfree(reply);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	288	} else {
Ben Lindstrom	1d568f9	2002-12-23 02:44:36 +0000	[diff] [blame]	289	debug2("buggy server: service_accept w/o service");
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	290	}
Damien Miller	48b03fc	2002-01-22 23:11:40 +1100	[diff] [blame]	291	packet_check_eom();
Ben Lindstrom	064496f	2002-12-23 02:04:22 +0000	[diff] [blame]	292	debug("SSH2_MSG_SERVICE_ACCEPT received");
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	293
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame]	294	if (options.preferred_authentications == NULL)
				295	options.preferred_authentications = authmethods_get();
				296
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	297	/* setup authentication context */
Ben Lindstrom	7d19996	2001-09-12 18:29:00 +0000	[diff] [blame]	298	memset(&authctxt, 0, sizeof(authctxt));
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	299	pubkey_prepare(&authctxt);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	300	authctxt.server_user = server_user;
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	301	authctxt.local_user = local_user;
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	302	authctxt.host = host;
				303	authctxt.service = "ssh-connection"; /* service name */
				304	authctxt.success = 0;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	305	authctxt.method = authmethod_lookup("none");
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	306	authctxt.authlist = NULL;
Darren Tucker	0efd155	2003-08-26 11:49:55 +1000	[diff] [blame^]	307	authctxt.methoddata = NULL;
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	308	authctxt.sensitive = sensitive;
Ben Lindstrom	7d19996	2001-09-12 18:29:00 +0000	[diff] [blame]	309	authctxt.info_req_seen = 0;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	310	if (authctxt.method == NULL)
				311	fatal("ssh_userauth2: internal error: cannot send userauth none request");
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	312
				313	/* initial userauth request */
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	314	userauth_none(&authctxt);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	315
Ben Lindstrom	8ac9106	2001-04-04 17:57:54 +0000	[diff] [blame]	316	dispatch_init(&input_userauth_error);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	317	dispatch_set(SSH2_MSG_USERAUTH_SUCCESS, &input_userauth_success);
				318	dispatch_set(SSH2_MSG_USERAUTH_FAILURE, &input_userauth_failure);
Ben Lindstrom	d26dcf3	2001-01-06 15:18:16 +0000	[diff] [blame]	319	dispatch_set(SSH2_MSG_USERAUTH_BANNER, &input_userauth_banner);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	320	dispatch_run(DISPATCH_BLOCK, &authctxt.success, &authctxt); /* loop until success */
				321
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	322	pubkey_cleanup(&authctxt);
Damien Miller	f842fcb	2003-05-15 12:01:28 +1000	[diff] [blame]	323	dispatch_range(SSH2_MSG_USERAUTH_MIN, SSH2_MSG_USERAUTH_MAX, NULL);
				324
Ben Lindstrom	1d568f9	2002-12-23 02:44:36 +0000	[diff] [blame]	325	debug("Authentication succeeded (%s).", authctxt.method->name);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	326	}
Damien Miller	f842fcb	2003-05-15 12:01:28 +1000	[diff] [blame]	327
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	328	void
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	329	userauth(Authctxt authctxt, char authlist)
				330	{
Darren Tucker	0efd155	2003-08-26 11:49:55 +1000	[diff] [blame^]	331	if (authctxt->methoddata) {
				332	xfree(authctxt->methoddata);
				333	authctxt->methoddata = NULL;
				334	}
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	335	if (authlist == NULL) {
				336	authlist = authctxt->authlist;
				337	} else {
				338	if (authctxt->authlist)
				339	xfree(authctxt->authlist);
				340	authctxt->authlist = authlist;
				341	}
				342	for (;;) {
				343	Authmethod *method = authmethod_get(authlist);
				344	if (method == NULL)
				345	fatal("Permission denied (%s).", authlist);
				346	authctxt->method = method;
Damien Miller	f842fcb	2003-05-15 12:01:28 +1000	[diff] [blame]	347
				348	/* reset the per method handler */
				349	dispatch_range(SSH2_MSG_USERAUTH_PER_METHOD_MIN,
				350	SSH2_MSG_USERAUTH_PER_METHOD_MAX, NULL);
				351
				352	/* and try new method */
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	353	if (method->userauth(authctxt) != 0) {
				354	debug2("we sent a %s packet, wait for reply", method->name);
				355	break;
				356	} else {
				357	debug2("we did not send a packet, disable method");
				358	method->enabled = NULL;
				359	}
				360	}
				361	}
Ben Lindstrom	5c38552	2002-06-23 21:23:20 +0000	[diff] [blame]	362
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	363	void
Damien Miller	630d6f4	2002-01-22 23:17:30 +1100	[diff] [blame]	364	input_userauth_error(int type, u_int32_t seq, void *ctxt)
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	365	{
Ben Lindstrom	d26dcf3	2001-01-06 15:18:16 +0000	[diff] [blame]	366	fatal("input_userauth_error: bad message during authentication: "
				367	"type %d", type);
				368	}
Ben Lindstrom	5c38552	2002-06-23 21:23:20 +0000	[diff] [blame]	369
Ben Lindstrom	d26dcf3	2001-01-06 15:18:16 +0000	[diff] [blame]	370	void
Damien Miller	630d6f4	2002-01-22 23:17:30 +1100	[diff] [blame]	371	input_userauth_banner(int type, u_int32_t seq, void *ctxt)
Ben Lindstrom	d26dcf3	2001-01-06 15:18:16 +0000	[diff] [blame]	372	{
				373	char msg, lang;
				374	debug3("input_userauth_banner");
				375	msg = packet_get_string(NULL);
				376	lang = packet_get_string(NULL);
				377	fprintf(stderr, "%s", msg);
				378	xfree(msg);
				379	xfree(lang);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	380	}
Ben Lindstrom	5c38552	2002-06-23 21:23:20 +0000	[diff] [blame]	381
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	382	void
Damien Miller	630d6f4	2002-01-22 23:17:30 +1100	[diff] [blame]	383	input_userauth_success(int type, u_int32_t seq, void *ctxt)
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	384	{
				385	Authctxt *authctxt = ctxt;
				386	if (authctxt == NULL)
				387	fatal("input_userauth_success: no authentication context");
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	388	if (authctxt->authlist)
				389	xfree(authctxt->authlist);
Darren Tucker	0efd155	2003-08-26 11:49:55 +1000	[diff] [blame^]	390	if (authctxt->methoddata)
				391	xfree(authctxt->methoddata);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	392	authctxt->success = 1; /* break out */
				393	}
Ben Lindstrom	5c38552	2002-06-23 21:23:20 +0000	[diff] [blame]	394
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	395	void
Damien Miller	630d6f4	2002-01-22 23:17:30 +1100	[diff] [blame]	396	input_userauth_failure(int type, u_int32_t seq, void *ctxt)
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	397	{
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	398	Authctxt *authctxt = ctxt;
				399	char *authlist = NULL;
				400	int partial;
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	401
				402	if (authctxt == NULL)
				403	fatal("input_userauth_failure: no authentication context");
				404
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	405	authlist = packet_get_string(NULL);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	406	partial = packet_get_char();
Damien Miller	48b03fc	2002-01-22 23:11:40 +1100	[diff] [blame]	407	packet_check_eom();
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	408
				409	if (partial != 0)
Damien Miller	996acd2	2003-04-09 20:59:48 +1000	[diff] [blame]	410	logit("Authenticated with partial success.");
Ben Lindstrom	1d568f9	2002-12-23 02:44:36 +0000	[diff] [blame]	411	debug("Authentications that can continue: %s", authlist);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	412
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	413	userauth(authctxt, authlist);
				414	}
				415	void
Damien Miller	630d6f4	2002-01-22 23:17:30 +1100	[diff] [blame]	416	input_userauth_pk_ok(int type, u_int32_t seq, void *ctxt)
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	417	{
				418	Authctxt *authctxt = ctxt;
				419	Key *key = NULL;
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	420	Identity *id = NULL;
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	421	Buffer b;
Ben Lindstrom	90fd814	2002-02-26 18:09:42 +0000	[diff] [blame]	422	int pktype, sent = 0;
				423	u_int alen, blen;
				424	char pkalg, fp;
				425	u_char *pkblob;
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	426
				427	if (authctxt == NULL)
				428	fatal("input_userauth_pk_ok: no authentication context");
				429	if (datafellows & SSH_BUG_PKOK) {
				430	/* this is similar to SSH_BUG_PKAUTH */
				431	debug2("input_userauth_pk_ok: SSH_BUG_PKOK");
				432	pkblob = packet_get_string(&blen);
				433	buffer_init(&b);
				434	buffer_append(&b, pkblob, blen);
				435	pkalg = buffer_get_string(&b, &alen);
				436	buffer_free(&b);
				437	} else {
				438	pkalg = packet_get_string(&alen);
				439	pkblob = packet_get_string(&blen);
Kevin Steves	ef4eea9	2001-02-05 12:42:17 +0000	[diff] [blame]	440	}
Damien Miller	48b03fc	2002-01-22 23:11:40 +1100	[diff] [blame]	441	packet_check_eom();
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	442
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	443	debug("Server accepts key: pkalg %s blen %u", pkalg, blen);
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	444
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	445	if ((pktype = key_type_from_name(pkalg)) == KEY_UNSPEC) {
				446	debug("unknown pkalg %s", pkalg);
				447	goto done;
				448	}
				449	if ((key = key_from_blob(pkblob, blen)) == NULL) {
				450	debug("no key from blob. pkalg %s", pkalg);
				451	goto done;
				452	}
				453	if (key->type != pktype) {
				454	error("input_userauth_pk_ok: type mismatch "
				455	"for decoded key (received %d, expected %d)",
				456	key->type, pktype);
				457	goto done;
				458	}
				459	fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
				460	debug2("input_userauth_pk_ok: fp %s", fp);
				461	xfree(fp);
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	462
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	463	TAILQ_FOREACH(id, &authctxt->keys, next) {
				464	if (key_equal(key, id->key)) {
				465	sent = sign_and_send_pubkey(authctxt, id);
				466	break;
				467	}
				468	}
				469	done:
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	470	if (key != NULL)
				471	key_free(key);
				472	xfree(pkalg);
				473	xfree(pkblob);
				474
Ben Lindstrom	a962c2f	2002-07-04 00:14:17 +0000	[diff] [blame]	475	/* try another method if we did not send a packet */
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	476	if (sent == 0)
				477	userauth(authctxt, NULL);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	478	}
				479
Darren Tucker	0efd155	2003-08-26 11:49:55 +1000	[diff] [blame^]	480	#ifdef GSSAPI
				481	int
				482	userauth_gssapi(Authctxt *authctxt)
				483	{
				484	Gssctxt *gssctxt = NULL;
				485	static gss_OID_set supported = NULL;
				486	static int mech = 0;
				487	OM_uint32 min;
				488	int ok = 0;
				489
				490	/* Try one GSSAPI method at a time, rather than sending them all at
				491	* once. */
				492
				493	if (supported == NULL)
				494	gss_indicate_mechs(&min, &supported);
				495
				496	/* Check to see if the mechanism is usable before we offer it */
				497	while (mech<supported->count && !ok) {
				498	if (gssctxt)
				499	ssh_gssapi_delete_ctx(&gssctxt);
				500	ssh_gssapi_build_ctx(&gssctxt);
				501	ssh_gssapi_set_oid(gssctxt, &supported->elements[mech]);
				502
				503	/* My DER encoding requires length<128 */
				504	if (supported->elements[mech].length < 128 &&
				505	!GSS_ERROR(ssh_gssapi_import_name(gssctxt,
				506	authctxt->host))) {
				507	ok = 1; /* Mechanism works */
				508	} else {
				509	mech++;
				510	}
				511	}
				512
				513	if (!ok) return 0;
				514
				515	authctxt->methoddata=(void *)gssctxt;
				516
				517	packet_start(SSH2_MSG_USERAUTH_REQUEST);
				518	packet_put_cstring(authctxt->server_user);
				519	packet_put_cstring(authctxt->service);
				520	packet_put_cstring(authctxt->method->name);
				521
				522	packet_put_int(1);
				523
				524	/* Some servers encode the OID incorrectly (as we used to) */
				525	if (datafellows & SSH_BUG_GSSAPI_BER) {
				526	packet_put_string(supported->elements[mech].elements,
				527	supported->elements[mech].length);
				528	} else {
				529	packet_put_int((supported->elements[mech].length)+2);
				530	packet_put_char(SSH_GSS_OIDTYPE);
				531	packet_put_char(supported->elements[mech].length);
				532	packet_put_raw(supported->elements[mech].elements,
				533	supported->elements[mech].length);
				534	}
				535
				536	packet_send();
				537
				538	dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_RESPONSE, &input_gssapi_response);
				539	dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, &input_gssapi_token);
				540	dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERROR, &input_gssapi_error);
				541	dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, &input_gssapi_errtok);
				542
				543	mech++; /* Move along to next candidate */
				544
				545	return 1;
				546	}
				547
				548	void
				549	input_gssapi_response(int type, u_int32_t plen, void *ctxt)
				550	{
				551	Authctxt *authctxt = ctxt;
				552	Gssctxt *gssctxt;
				553	OM_uint32 status, ms;
				554	int oidlen;
				555	char *oidv;
				556	gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
				557
				558	if (authctxt == NULL)
				559	fatal("input_gssapi_response: no authentication context");
				560	gssctxt = authctxt->methoddata;
				561
				562	/* Setup our OID */
				563	oidv = packet_get_string(&oidlen);
				564
				565	if (datafellows & SSH_BUG_GSSAPI_BER) {
				566	if (!ssh_gssapi_check_oid(gssctxt, oidv, oidlen))
				567	fatal("Server returned different OID than expected");
				568	} else {
				569	if(oidv[0] != SSH_GSS_OIDTYPE \|\| oidv[1] != oidlen-2) {
				570	debug("Badly encoded mechanism OID received");
				571	userauth(authctxt, NULL);
				572	xfree(oidv);
				573	return;
				574	}
				575	if (!ssh_gssapi_check_oid(gssctxt, oidv+2, oidlen-2))
				576	fatal("Server returned different OID than expected");
				577	}
				578
				579	packet_check_eom();
				580
				581	xfree(oidv);
				582
				583	status = ssh_gssapi_init_ctx(gssctxt, options.gss_deleg_creds,
				584	GSS_C_NO_BUFFER, &send_tok, NULL);
				585	if (GSS_ERROR(status)) {
				586	if (send_tok.length > 0) {
				587	packet_start(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK);
				588	packet_put_string(send_tok.value, send_tok.length);
				589	packet_send();
				590	gss_release_buffer(&ms, &send_tok);
				591	}
				592	/* Start again with next method on list */
				593	debug("Trying to start again");
				594	userauth(authctxt, NULL);
				595	return;
				596	}
				597
				598	/* We must have data to send */
				599	packet_start(SSH2_MSG_USERAUTH_GSSAPI_TOKEN);
				600	packet_put_string(send_tok.value, send_tok.length);
				601	packet_send();
				602	gss_release_buffer(&ms, &send_tok);
				603	}
				604
				605	void
				606	input_gssapi_token(int type, u_int32_t plen, void *ctxt)
				607	{
				608	Authctxt *authctxt = ctxt;
				609	Gssctxt *gssctxt;
				610	gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
				611	gss_buffer_desc recv_tok;
				612	OM_uint32 status, ms;
				613	u_int slen;
				614
				615	if (authctxt == NULL)
				616	fatal("input_gssapi_response: no authentication context");
				617	gssctxt = authctxt->methoddata;
				618
				619	recv_tok.value = packet_get_string(&slen);
				620	recv_tok.length = slen; /* safe typecast */
				621
				622	packet_check_eom();
				623
				624	status=ssh_gssapi_init_ctx(gssctxt, options.gss_deleg_creds,
				625	&recv_tok, &send_tok, NULL);
				626
				627	xfree(recv_tok.value);
				628
				629	if (GSS_ERROR(status)) {
				630	if (send_tok.length > 0) {
				631	packet_start(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK);
				632	packet_put_string(send_tok.value, send_tok.length);
				633	packet_send();
				634	gss_release_buffer(&ms, &send_tok);
				635	}
				636	/* Start again with the next method in the list */
				637	userauth(authctxt, NULL);
				638	return;
				639	}
				640
				641	if (send_tok.length > 0) {
				642	packet_start(SSH2_MSG_USERAUTH_GSSAPI_TOKEN);
				643	packet_put_string(send_tok.value, send_tok.length);
				644	packet_send();
				645	gss_release_buffer(&ms, &send_tok);
				646	}
				647
				648	if (status == GSS_S_COMPLETE) {
				649	/* If that succeeded, send a exchange complete message */
				650	packet_start(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE);
				651	packet_send();
				652	}
				653	}
				654
				655	void
				656	input_gssapi_errtok(int type, u_int32_t plen, void *ctxt)
				657	{
				658	Authctxt *authctxt = ctxt;
				659	Gssctxt *gssctxt;
				660	gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
				661	gss_buffer_desc recv_tok;
				662	OM_uint32 status, ms;
				663
				664	if (authctxt == NULL)
				665	fatal("input_gssapi_response: no authentication context");
				666	gssctxt = authctxt->methoddata;
				667
				668	recv_tok.value = packet_get_string(&recv_tok.length);
				669
				670	packet_check_eom();
				671
				672	/* Stick it into GSSAPI and see what it says */
				673	status = ssh_gssapi_init_ctx(gssctxt, options.gss_deleg_creds,
				674	&recv_tok, &send_tok, NULL);
				675
				676	xfree(recv_tok.value);
				677	gss_release_buffer(&ms, &send_tok);
				678
				679	/* Server will be returning a failed packet after this one */
				680	}
				681
				682	void
				683	input_gssapi_error(int type, u_int32_t plen, void *ctxt)
				684	{
				685	OM_uint32 maj, min;
				686	char *msg;
				687	char *lang;
				688
				689	maj=packet_get_int();
				690	min=packet_get_int();
				691	msg=packet_get_string(NULL);
				692	lang=packet_get_string(NULL);
				693
				694	packet_check_eom();
				695
				696	debug("Server GSSAPI Error:\n%s\n", msg);
				697	xfree(msg);
				698	xfree(lang);
				699	}
				700	#endif /* GSSAPI */
				701
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	702	int
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	703	userauth_none(Authctxt *authctxt)
				704	{
				705	/* initial userauth request */
				706	packet_start(SSH2_MSG_USERAUTH_REQUEST);
				707	packet_put_cstring(authctxt->server_user);
				708	packet_put_cstring(authctxt->service);
				709	packet_put_cstring(authctxt->method->name);
				710	packet_send();
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	711	return 1;
				712	}
				713
				714	int
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	715	userauth_passwd(Authctxt *authctxt)
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	716	{
Damien Miller	e247cc4	2000-05-07 12:03:14 +1000	[diff] [blame]	717	static int attempt = 0;
Ben Lindstrom	38a69e6	2002-03-27 17:28:46 +0000	[diff] [blame]	718	char prompt[150];
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	719	char *password;
				720
Damien Miller	d3a1857	2000-06-07 19:55:44 +1000	[diff] [blame]	721	if (attempt++ >= options.number_of_password_prompts)
Damien Miller	e247cc4	2000-05-07 12:03:14 +1000	[diff] [blame]	722	return 0;
				723
Ben Lindstrom	1c37c6a	2001-12-06 18:00:18 +0000	[diff] [blame]	724	if (attempt != 1)
Damien Miller	d3a1857	2000-06-07 19:55:44 +1000	[diff] [blame]	725	error("Permission denied, please try again.");
				726
Ben Lindstrom	03df5bd	2001-02-10 22:16:41 +0000	[diff] [blame]	727	snprintf(prompt, sizeof(prompt), "%.30s@%.128s's password: ",
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	728	authctxt->server_user, authctxt->host);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	729	password = read_passphrase(prompt, 0);
				730	packet_start(SSH2_MSG_USERAUTH_REQUEST);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	731	packet_put_cstring(authctxt->server_user);
				732	packet_put_cstring(authctxt->service);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	733	packet_put_cstring(authctxt->method->name);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	734	packet_put_char(0);
Ben Lindstrom	5699c5f	2001-03-05 06:17:49 +0000	[diff] [blame]	735	packet_put_cstring(password);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	736	memset(password, 0, strlen(password));
				737	xfree(password);
Damien Miller	9f64390	2001-11-12 11:02:52 +1100	[diff] [blame]	738	packet_add_padding(64);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	739	packet_send();
Ben Lindstrom	38a69e6	2002-03-27 17:28:46 +0000	[diff] [blame]	740
Ben Lindstrom	cb72e4f	2002-06-21 00:41:51 +0000	[diff] [blame]	741	dispatch_set(SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ,
Ben Lindstrom	38a69e6	2002-03-27 17:28:46 +0000	[diff] [blame]	742	&input_userauth_passwd_changereq);
				743
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	744	return 1;
				745	}
Ben Lindstrom	38a69e6	2002-03-27 17:28:46 +0000	[diff] [blame]	746	/*
				747	* parse PASSWD_CHANGEREQ, prompt user and send SSH2_MSG_USERAUTH_REQUEST
				748	*/
				749	void
Tim Rice	c854962	2002-03-31 12:49:38 -0800	[diff] [blame]	750	input_userauth_passwd_changereq(int type, u_int32_t seqnr, void *ctxt)
Ben Lindstrom	38a69e6	2002-03-27 17:28:46 +0000	[diff] [blame]	751	{
				752	Authctxt *authctxt = ctxt;
				753	char info, lang, password = NULL, retype = NULL;
				754	char prompt[150];
				755
				756	debug2("input_userauth_passwd_changereq");
				757
				758	if (authctxt == NULL)
				759	fatal("input_userauth_passwd_changereq: "
				760	"no authentication context");
				761
				762	info = packet_get_string(NULL);
				763	lang = packet_get_string(NULL);
				764	if (strlen(info) > 0)
Damien Miller	996acd2	2003-04-09 20:59:48 +1000	[diff] [blame]	765	logit("%s", info);
Ben Lindstrom	38a69e6	2002-03-27 17:28:46 +0000	[diff] [blame]	766	xfree(info);
				767	xfree(lang);
				768	packet_start(SSH2_MSG_USERAUTH_REQUEST);
				769	packet_put_cstring(authctxt->server_user);
				770	packet_put_cstring(authctxt->service);
				771	packet_put_cstring(authctxt->method->name);
				772	packet_put_char(1); /* additional info */
Ben Lindstrom	cb72e4f	2002-06-21 00:41:51 +0000	[diff] [blame]	773	snprintf(prompt, sizeof(prompt),
Ben Lindstrom	38a69e6	2002-03-27 17:28:46 +0000	[diff] [blame]	774	"Enter %.30s@%.128s's old password: ",
				775	authctxt->server_user, authctxt->host);
				776	password = read_passphrase(prompt, 0);
				777	packet_put_cstring(password);
				778	memset(password, 0, strlen(password));
				779	xfree(password);
				780	password = NULL;
				781	while (password == NULL) {
Ben Lindstrom	cb72e4f	2002-06-21 00:41:51 +0000	[diff] [blame]	782	snprintf(prompt, sizeof(prompt),
Ben Lindstrom	38a69e6	2002-03-27 17:28:46 +0000	[diff] [blame]	783	"Enter %.30s@%.128s's new password: ",
				784	authctxt->server_user, authctxt->host);
				785	password = read_passphrase(prompt, RP_ALLOW_EOF);
				786	if (password == NULL) {
				787	/* bail out */
				788	return;
				789	}
Ben Lindstrom	cb72e4f	2002-06-21 00:41:51 +0000	[diff] [blame]	790	snprintf(prompt, sizeof(prompt),
Ben Lindstrom	38a69e6	2002-03-27 17:28:46 +0000	[diff] [blame]	791	"Retype %.30s@%.128s's new password: ",
				792	authctxt->server_user, authctxt->host);
				793	retype = read_passphrase(prompt, 0);
				794	if (strcmp(password, retype) != 0) {
				795	memset(password, 0, strlen(password));
				796	xfree(password);
Damien Miller	996acd2	2003-04-09 20:59:48 +1000	[diff] [blame]	797	logit("Mismatch; try again, EOF to quit.");
Ben Lindstrom	38a69e6	2002-03-27 17:28:46 +0000	[diff] [blame]	798	password = NULL;
				799	}
				800	memset(retype, 0, strlen(retype));
				801	xfree(retype);
				802	}
				803	packet_put_cstring(password);
				804	memset(password, 0, strlen(password));
				805	xfree(password);
				806	packet_add_padding(64);
				807	packet_send();
Ben Lindstrom	cb72e4f	2002-06-21 00:41:51 +0000	[diff] [blame]	808
				809	dispatch_set(SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ,
Ben Lindstrom	38a69e6	2002-03-27 17:28:46 +0000	[diff] [blame]	810	&input_userauth_passwd_changereq);
				811	}
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	812
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	813	static int
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	814	identity_sign(Identity id, u_char sigp, u_int lenp,
				815	u_char *data, u_int datalen)
				816	{
				817	Key *prv;
				818	int ret;
				819
				820	/* the agent supports this key */
				821	if (id->ac)
				822	return (ssh_agent_sign(id->ac, id->key, sigp, lenp,
				823	data, datalen));
				824	/*
				825	* we have already loaded the private key or
				826	* the private key is stored in external hardware
				827	*/
				828	if (id->isprivate \|\| (id->key->flags & KEY_FLAG_EXT))
				829	return (key_sign(id->key, sigp, lenp, data, datalen));
				830	/* load the private key from the file */
				831	if ((prv = load_identity_file(id->filename)) == NULL)
				832	return (-1);
				833	ret = key_sign(prv, sigp, lenp, data, datalen);
				834	key_free(prv);
				835	return (ret);
				836	}
				837
				838	static int
				839	sign_and_send_pubkey(Authctxt authctxt, Identity id)
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	840	{
				841	Buffer b;
Ben Lindstrom	46c1622	2000-12-22 01:43:59 +0000	[diff] [blame]	842	u_char blob, signature;
Ben Lindstrom	90fd814	2002-02-26 18:09:42 +0000	[diff] [blame]	843	u_int bloblen, slen;
Darren Tucker	502d384	2003-06-28 12:38:01 +1000	[diff] [blame]	844	u_int skip = 0;
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	845	int ret = -1;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	846	int have_sig = 1;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	847
Ben Lindstrom	d121f61	2000-12-03 17:00:47 +0000	[diff] [blame]	848	debug3("sign_and_send_pubkey");
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	849
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	850	if (key_to_blob(id->key, &blob, &bloblen) == 0) {
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	851	/* we cannot handle this key */
Ben Lindstrom	d121f61	2000-12-03 17:00:47 +0000	[diff] [blame]	852	debug3("sign_and_send_pubkey: cannot handle key");
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	853	return 0;
				854	}
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	855	/* data to be signed */
				856	buffer_init(&b);
Damien Miller	50a41ed	2000-10-16 12:14:42 +1100	[diff] [blame]	857	if (datafellows & SSH_OLD_SESSIONID) {
Damien Miller	6536c7d	2000-06-22 21:32:31 +1000	[diff] [blame]	858	buffer_append(&b, session_id2, session_id2_len);
Kevin Steves	ef4eea9	2001-02-05 12:42:17 +0000	[diff] [blame]	859	skip = session_id2_len;
Damien Miller	50a41ed	2000-10-16 12:14:42 +1100	[diff] [blame]	860	} else {
				861	buffer_put_string(&b, session_id2, session_id2_len);
				862	skip = buffer_len(&b);
Damien Miller	6536c7d	2000-06-22 21:32:31 +1000	[diff] [blame]	863	}
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	864	buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	865	buffer_put_cstring(&b, authctxt->server_user);
Damien Miller	30c3d42	2000-05-09 11:02:59 +1000	[diff] [blame]	866	buffer_put_cstring(&b,
Ben Lindstrom	d121f61	2000-12-03 17:00:47 +0000	[diff] [blame]	867	datafellows & SSH_BUG_PKSERVICE ?
Damien Miller	30c3d42	2000-05-09 11:02:59 +1000	[diff] [blame]	868	"ssh-userauth" :
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	869	authctxt->service);
Ben Lindstrom	d121f61	2000-12-03 17:00:47 +0000	[diff] [blame]	870	if (datafellows & SSH_BUG_PKAUTH) {
				871	buffer_put_char(&b, have_sig);
				872	} else {
				873	buffer_put_cstring(&b, authctxt->method->name);
				874	buffer_put_char(&b, have_sig);
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	875	buffer_put_cstring(&b, key_ssh_name(id->key));
Ben Lindstrom	d121f61	2000-12-03 17:00:47 +0000	[diff] [blame]	876	}
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	877	buffer_put_string(&b, blob, bloblen);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	878
				879	/* generate signature */
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	880	ret = identity_sign(id, &signature, &slen,
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	881	buffer_ptr(&b), buffer_len(&b));
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	882	if (ret == -1) {
				883	xfree(blob);
				884	buffer_free(&b);
				885	return 0;
				886	}
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	887	#ifdef DEBUG_PK
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	888	buffer_dump(&b);
				889	#endif
Ben Lindstrom	d121f61	2000-12-03 17:00:47 +0000	[diff] [blame]	890	if (datafellows & SSH_BUG_PKSERVICE) {
Damien Miller	30c3d42	2000-05-09 11:02:59 +1000	[diff] [blame]	891	buffer_clear(&b);
				892	buffer_append(&b, session_id2, session_id2_len);
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	893	skip = session_id2_len;
Damien Miller	30c3d42	2000-05-09 11:02:59 +1000	[diff] [blame]	894	buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	895	buffer_put_cstring(&b, authctxt->server_user);
				896	buffer_put_cstring(&b, authctxt->service);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	897	buffer_put_cstring(&b, authctxt->method->name);
				898	buffer_put_char(&b, have_sig);
Ben Lindstrom	d121f61	2000-12-03 17:00:47 +0000	[diff] [blame]	899	if (!(datafellows & SSH_BUG_PKAUTH))
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	900	buffer_put_cstring(&b, key_ssh_name(id->key));
Damien Miller	30c3d42	2000-05-09 11:02:59 +1000	[diff] [blame]	901	buffer_put_string(&b, blob, bloblen);
				902	}
				903	xfree(blob);
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	904
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	905	/* append signature */
				906	buffer_put_string(&b, signature, slen);
				907	xfree(signature);
				908
				909	/* skip session id and packet type */
Damien Miller	6536c7d	2000-06-22 21:32:31 +1000	[diff] [blame]	910	if (buffer_len(&b) < skip + 1)
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	911	fatal("userauth_pubkey: internal error");
Damien Miller	6536c7d	2000-06-22 21:32:31 +1000	[diff] [blame]	912	buffer_consume(&b, skip + 1);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	913
				914	/* put remaining data from buffer into packet */
				915	packet_start(SSH2_MSG_USERAUTH_REQUEST);
				916	packet_put_raw(buffer_ptr(&b), buffer_len(&b));
				917	buffer_free(&b);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	918	packet_send();
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	919
				920	return 1;
Damien Miller	994cf14	2000-07-21 10:19:44 +1000	[diff] [blame]	921	}
				922
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	923	static int
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	924	send_pubkey_test(Authctxt authctxt, Identity id)
Damien Miller	994cf14	2000-07-21 10:19:44 +1000	[diff] [blame]	925	{
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	926	u_char *blob;
Ben Lindstrom	c58ab02	2002-02-26 18:15:09 +0000	[diff] [blame]	927	u_int bloblen, have_sig = 0;
Damien Miller	994cf14	2000-07-21 10:19:44 +1000	[diff] [blame]	928
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	929	debug3("send_pubkey_test");
				930
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	931	if (key_to_blob(id->key, &blob, &bloblen) == 0) {
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	932	/* we cannot handle this key */
				933	debug3("send_pubkey_test: cannot handle key");
Damien Miller	994cf14	2000-07-21 10:19:44 +1000	[diff] [blame]	934	return 0;
				935	}
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	936	/* register callback for USERAUTH_PK_OK message */
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	937	dispatch_set(SSH2_MSG_USERAUTH_PK_OK, &input_userauth_pk_ok);
Damien Miller	994cf14	2000-07-21 10:19:44 +1000	[diff] [blame]	938
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	939	packet_start(SSH2_MSG_USERAUTH_REQUEST);
				940	packet_put_cstring(authctxt->server_user);
				941	packet_put_cstring(authctxt->service);
				942	packet_put_cstring(authctxt->method->name);
				943	packet_put_char(have_sig);
				944	if (!(datafellows & SSH_BUG_PKAUTH))
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	945	packet_put_cstring(key_ssh_name(id->key));
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	946	packet_put_string(blob, bloblen);
				947	xfree(blob);
				948	packet_send();
				949	return 1;
				950	}
				951
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	952	static Key *
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	953	load_identity_file(char *filename)
				954	{
				955	Key *private;
				956	char prompt[300], *passphrase;
Ben Lindstrom	d0fca42	2001-03-26 13:44:06 +0000	[diff] [blame]	957	int quit, i;
Ben Lindstrom	329782e	2001-03-10 17:08:59 +0000	[diff] [blame]	958	struct stat st;
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	959
Ben Lindstrom	329782e	2001-03-10 17:08:59 +0000	[diff] [blame]	960	if (stat(filename, &st) < 0) {
				961	debug3("no such identity: %s", filename);
				962	return NULL;
				963	}
Ben Lindstrom	d0fca42	2001-03-26 13:44:06 +0000	[diff] [blame]	964	private = key_load_private_type(KEY_UNSPEC, filename, "", NULL);
				965	if (private == NULL) {
				966	if (options.batch_mode)
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	967	return NULL;
Damien Miller	994cf14	2000-07-21 10:19:44 +1000	[diff] [blame]	968	snprintf(prompt, sizeof prompt,
Damien Miller	9f0f5c6	2001-12-21 14:45:46 +1100	[diff] [blame]	969	"Enter passphrase for key '%.100s': ", filename);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	970	for (i = 0; i < options.number_of_password_prompts; i++) {
				971	passphrase = read_passphrase(prompt, 0);
				972	if (strcmp(passphrase, "") != 0) {
Ben Lindstrom	d0fca42	2001-03-26 13:44:06 +0000	[diff] [blame]	973	private = key_load_private_type(KEY_UNSPEC, filename,
				974	passphrase, NULL);
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	975	quit = 0;
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	976	} else {
				977	debug2("no passphrase given, try next key");
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	978	quit = 1;
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	979	}
				980	memset(passphrase, 0, strlen(passphrase));
				981	xfree(passphrase);
Ben Lindstrom	d0fca42	2001-03-26 13:44:06 +0000	[diff] [blame]	982	if (private != NULL \|\| quit)
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	983	break;
				984	debug2("bad passphrase given, try again...");
				985	}
Damien Miller	994cf14	2000-07-21 10:19:44 +1000	[diff] [blame]	986	}
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	987	return private;
				988	}
				989
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	990	/*
				991	* try keys in the following order:
				992	* 1. agent keys that are found in the config file
				993	* 2. other agent keys
				994	* 3. keys that are only listed in the config file
				995	*/
				996	static void
				997	pubkey_prepare(Authctxt *authctxt)
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	998	{
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	999	Identity *id;
				1000	Idlist agent, files, *preferred;
				1001	Key *key;
				1002	AuthenticationConnection *ac;
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	1003	char *comment;
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	1004	int i, found;
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	1005
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	1006	TAILQ_INIT(&agent); /* keys from the agent */
				1007	TAILQ_INIT(&files); /* keys from the config file */
				1008	preferred = &authctxt->keys;
				1009	TAILQ_INIT(preferred); /* preferred order of keys */
				1010
				1011	/* list of keys stored in the filesystem */
				1012	for (i = 0; i < options.num_identity_files; i++) {
				1013	key = options.identity_keys[i];
				1014	if (key && key->type == KEY_RSA1)
				1015	continue;
				1016	options.identity_keys[i] = NULL;
				1017	id = xmalloc(sizeof(*id));
				1018	memset(id, 0, sizeof(*id));
				1019	id->key = key;
				1020	id->filename = xstrdup(options.identity_files[i]);
				1021	TAILQ_INSERT_TAIL(&files, id, next);
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	1022	}
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	1023	/* list of keys supported by the agent */
				1024	if ((ac = ssh_get_authentication_connection())) {
				1025	for (key = ssh_get_first_identity(ac, &comment, 2);
				1026	key != NULL;
				1027	key = ssh_get_next_identity(ac, &comment, 2)) {
				1028	found = 0;
				1029	TAILQ_FOREACH(id, &files, next) {
				1030	/* agent keys from the config file are preferred */
				1031	if (key_equal(key, id->key)) {
				1032	key_free(key);
				1033	xfree(comment);
				1034	TAILQ_REMOVE(&files, id, next);
				1035	TAILQ_INSERT_TAIL(preferred, id, next);
				1036	id->ac = ac;
				1037	found = 1;
				1038	break;
				1039	}
				1040	}
				1041	if (!found) {
				1042	id = xmalloc(sizeof(*id));
				1043	memset(id, 0, sizeof(*id));
				1044	id->key = key;
				1045	id->filename = comment;
				1046	id->ac = ac;
				1047	TAILQ_INSERT_TAIL(&agent, id, next);
				1048	}
				1049	}
				1050	/* append remaining agent keys */
				1051	for (id = TAILQ_FIRST(&agent); id; id = TAILQ_FIRST(&agent)) {
				1052	TAILQ_REMOVE(&agent, id, next);
				1053	TAILQ_INSERT_TAIL(preferred, id, next);
				1054	}
				1055	authctxt->agent = ac;
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	1056	}
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	1057	/* append remaining keys from the config file */
				1058	for (id = TAILQ_FIRST(&files); id; id = TAILQ_FIRST(&files)) {
				1059	TAILQ_REMOVE(&files, id, next);
				1060	TAILQ_INSERT_TAIL(preferred, id, next);
				1061	}
				1062	TAILQ_FOREACH(id, preferred, next) {
				1063	debug2("key: %s (%p)", id->filename, id->key);
				1064	}
				1065	}
				1066
				1067	static void
				1068	pubkey_cleanup(Authctxt *authctxt)
				1069	{
				1070	Identity *id;
				1071
				1072	if (authctxt->agent != NULL)
				1073	ssh_close_authentication_connection(authctxt->agent);
				1074	for (id = TAILQ_FIRST(&authctxt->keys); id;
				1075	id = TAILQ_FIRST(&authctxt->keys)) {
				1076	TAILQ_REMOVE(&authctxt->keys, id, next);
				1077	if (id->key)
				1078	key_free(id->key);
				1079	if (id->filename)
				1080	xfree(id->filename);
				1081	xfree(id);
				1082	}
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	1083	}
				1084
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	1085	int
				1086	userauth_pubkey(Authctxt *authctxt)
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	1087	{
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	1088	Identity *id;
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	1089	int sent = 0;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	1090
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	1091	while ((id = TAILQ_FIRST(&authctxt->keys))) {
				1092	if (id->tried++)
				1093	return (0);
				1094	TAILQ_REMOVE(&authctxt->keys, id, next);
				1095	TAILQ_INSERT_TAIL(&authctxt->keys, id, next);
				1096	/*
				1097	* send a test message if we have the public key. for
				1098	* encrypted keys we cannot do this and have to load the
				1099	* private key instead
				1100	*/
				1101	if (id->key && id->key->type != KEY_RSA1) {
				1102	debug("Offering public key: %s", id->filename);
				1103	sent = send_pubkey_test(authctxt, id);
				1104	} else if (id->key == NULL) {
				1105	debug("Trying private key: %s", id->filename);
				1106	id->key = load_identity_file(id->filename);
				1107	if (id->key != NULL) {
				1108	id->isprivate = 1;
				1109	sent = sign_and_send_pubkey(authctxt, id);
				1110	key_free(id->key);
				1111	id->key = NULL;
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	1112	}
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	1113	}
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	1114	if (sent)
				1115	return (sent);
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1116	}
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	1117	return (0);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	1118	}
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	1119
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	1120	/*
				1121	* Send userauth request message specifying keyboard-interactive method.
				1122	*/
				1123	int
				1124	userauth_kbdint(Authctxt *authctxt)
				1125	{
				1126	static int attempt = 0;
				1127
				1128	if (attempt++ >= options.number_of_password_prompts)
				1129	return 0;
Ben Lindstrom	7d19996	2001-09-12 18:29:00 +0000	[diff] [blame]	1130	/* disable if no SSH2_MSG_USERAUTH_INFO_REQUEST has been seen */
				1131	if (attempt > 1 && !authctxt->info_req_seen) {
				1132	debug3("userauth_kbdint: disable: no info_req_seen");
				1133	dispatch_set(SSH2_MSG_USERAUTH_INFO_REQUEST, NULL);
				1134	return 0;
				1135	}
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	1136
				1137	debug2("userauth_kbdint");
				1138	packet_start(SSH2_MSG_USERAUTH_REQUEST);
				1139	packet_put_cstring(authctxt->server_user);
				1140	packet_put_cstring(authctxt->service);
				1141	packet_put_cstring(authctxt->method->name);
				1142	packet_put_cstring(""); /* lang */
				1143	packet_put_cstring(options.kbd_interactive_devices ?
				1144	options.kbd_interactive_devices : "");
				1145	packet_send();
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	1146
				1147	dispatch_set(SSH2_MSG_USERAUTH_INFO_REQUEST, &input_userauth_info_req);
				1148	return 1;
				1149	}
				1150
				1151	/*
Ben Lindstrom	03df5bd	2001-02-10 22:16:41 +0000	[diff] [blame]	1152	* parse INFO_REQUEST, prompt user and send INFO_RESPONSE
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	1153	*/
				1154	void
Damien Miller	630d6f4	2002-01-22 23:17:30 +1100	[diff] [blame]	1155	input_userauth_info_req(int type, u_int32_t seq, void *ctxt)
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	1156	{
				1157	Authctxt *authctxt = ctxt;
Ben Lindstrom	03df5bd	2001-02-10 22:16:41 +0000	[diff] [blame]	1158	char name, inst, lang, prompt, *response;
Ben Lindstrom	46c1622	2000-12-22 01:43:59 +0000	[diff] [blame]	1159	u_int num_prompts, i;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	1160	int echo = 0;
				1161
				1162	debug2("input_userauth_info_req");
				1163
				1164	if (authctxt == NULL)
				1165	fatal("input_userauth_info_req: no authentication context");
				1166
Ben Lindstrom	7d19996	2001-09-12 18:29:00 +0000	[diff] [blame]	1167	authctxt->info_req_seen = 1;
				1168
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	1169	name = packet_get_string(NULL);
				1170	inst = packet_get_string(NULL);
				1171	lang = packet_get_string(NULL);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	1172	if (strlen(name) > 0)
Damien Miller	996acd2	2003-04-09 20:59:48 +1000	[diff] [blame]	1173	logit("%s", name);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	1174	if (strlen(inst) > 0)
Damien Miller	996acd2	2003-04-09 20:59:48 +1000	[diff] [blame]	1175	logit("%s", inst);
Ben Lindstrom	03df5bd	2001-02-10 22:16:41 +0000	[diff] [blame]	1176	xfree(name);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	1177	xfree(inst);
Ben Lindstrom	03df5bd	2001-02-10 22:16:41 +0000	[diff] [blame]	1178	xfree(lang);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	1179
				1180	num_prompts = packet_get_int();
				1181	/*
				1182	* Begin to build info response packet based on prompts requested.
				1183	* We commit to providing the correct number of responses, so if
				1184	* further on we run into a problem that prevents this, we have to
				1185	* be sure and clean this up and send a correct error response.
				1186	*/
				1187	packet_start(SSH2_MSG_USERAUTH_INFO_RESPONSE);
				1188	packet_put_int(num_prompts);
				1189
Ben Lindstrom	551ea37	2001-06-05 18:56:16 +0000	[diff] [blame]	1190	debug2("input_userauth_info_req: num_prompts %d", num_prompts);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	1191	for (i = 0; i < num_prompts; i++) {
				1192	prompt = packet_get_string(NULL);
				1193	echo = packet_get_char();
				1194
Ben Lindstrom	949974b	2001-06-25 05:20:31 +0000	[diff] [blame]	1195	response = read_passphrase(prompt, echo ? RP_ECHO : 0);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	1196
Ben Lindstrom	5699c5f	2001-03-05 06:17:49 +0000	[diff] [blame]	1197	packet_put_cstring(response);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	1198	memset(response, 0, strlen(response));
				1199	xfree(response);
				1200	xfree(prompt);
				1201	}
Damien Miller	48b03fc	2002-01-22 23:11:40 +1100	[diff] [blame]	1202	packet_check_eom(); /* done with parsing incoming message. */
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	1203
Damien Miller	9f64390	2001-11-12 11:02:52 +1100	[diff] [blame]	1204	packet_add_padding(64);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	1205	packet_send();
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	1206	}
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	1207
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	1208	static int
Ben Lindstrom	5c38552	2002-06-23 21:23:20 +0000	[diff] [blame]	1209	ssh_keysign(Key key, u_char sigp, u_int lenp,
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	1210	u_char *data, u_int datalen)
				1211	{
				1212	Buffer b;
Ben Lindstrom	5206b95	2002-06-06 19:59:29 +0000	[diff] [blame]	1213	struct stat st;
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	1214	pid_t pid;
Ben Lindstrom	cec2ea8	2002-06-06 20:51:04 +0000	[diff] [blame]	1215	int to[2], from[2], status, version = 2;
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	1216
Ben Lindstrom	1d568f9	2002-12-23 02:44:36 +0000	[diff] [blame]	1217	debug2("ssh_keysign called");
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	1218
Ben Lindstrom	5206b95	2002-06-06 19:59:29 +0000	[diff] [blame]	1219	if (stat(_PATH_SSH_KEY_SIGN, &st) < 0) {
				1220	error("ssh_keysign: no installed: %s", strerror(errno));
				1221	return -1;
				1222	}
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	1223	if (fflush(stdout) != 0)
				1224	error("ssh_keysign: fflush: %s", strerror(errno));
				1225	if (pipe(to) < 0) {
				1226	error("ssh_keysign: pipe: %s", strerror(errno));
				1227	return -1;
				1228	}
				1229	if (pipe(from) < 0) {
				1230	error("ssh_keysign: pipe: %s", strerror(errno));
				1231	return -1;
				1232	}
				1233	if ((pid = fork()) < 0) {
				1234	error("ssh_keysign: fork: %s", strerror(errno));
				1235	return -1;
				1236	}
				1237	if (pid == 0) {
				1238	seteuid(getuid());
				1239	setuid(getuid());
				1240	close(from[0]);
				1241	if (dup2(from[1], STDOUT_FILENO) < 0)
				1242	fatal("ssh_keysign: dup2: %s", strerror(errno));
				1243	close(to[1]);
				1244	if (dup2(to[0], STDIN_FILENO) < 0)
				1245	fatal("ssh_keysign: dup2: %s", strerror(errno));
Ben Lindstrom	cec2ea8	2002-06-06 20:51:04 +0000	[diff] [blame]	1246	close(from[1]);
				1247	close(to[0]);
Ben Lindstrom	4887da2	2002-06-06 20:05:57 +0000	[diff] [blame]	1248	execl(_PATH_SSH_KEY_SIGN, _PATH_SSH_KEY_SIGN, (char *) 0);
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	1249	fatal("ssh_keysign: exec(%s): %s", _PATH_SSH_KEY_SIGN,
				1250	strerror(errno));
				1251	}
				1252	close(from[1]);
				1253	close(to[0]);
				1254
				1255	buffer_init(&b);
Ben Lindstrom	cec2ea8	2002-06-06 20:51:04 +0000	[diff] [blame]	1256	buffer_put_int(&b, packet_get_connection_in()); /* send # of socket */
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	1257	buffer_put_string(&b, data, datalen);
Damien Miller	901119b	2002-10-04 11:10:04 +1000	[diff] [blame]	1258	ssh_msg_send(to[1], version, &b);
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	1259
Damien Miller	901119b	2002-10-04 11:10:04 +1000	[diff] [blame]	1260	if (ssh_msg_recv(from[0], &b) < 0) {
Ben Lindstrom	5206b95	2002-06-06 19:59:29 +0000	[diff] [blame]	1261	error("ssh_keysign: no reply");
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	1262	buffer_clear(&b);
				1263	return -1;
				1264	}
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	1265	close(from[0]);
				1266	close(to[1]);
				1267
Ben Lindstrom	cec2ea8	2002-06-06 20:51:04 +0000	[diff] [blame]	1268	while (waitpid(pid, &status, 0) < 0)
				1269	if (errno != EINTR)
				1270	break;
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	1271
Ben Lindstrom	5206b95	2002-06-06 19:59:29 +0000	[diff] [blame]	1272	if (buffer_get_char(&b) != version) {
				1273	error("ssh_keysign: bad version");
				1274	buffer_clear(&b);
				1275	return -1;
				1276	}
				1277	*sigp = buffer_get_string(&b, lenp);
				1278	buffer_clear(&b);
				1279
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	1280	return 0;
				1281	}
				1282
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	1283	int
				1284	userauth_hostbased(Authctxt *authctxt)
				1285	{
				1286	Key *private = NULL;
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	1287	Sensitive *sensitive = authctxt->sensitive;
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	1288	Buffer b;
				1289	u_char signature, blob;
				1290	char chost, pkalg, *p;
Ben Lindstrom	671388f	2001-04-19 20:40:45 +0000	[diff] [blame]	1291	const char *service;
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	1292	u_int blen, slen;
Ben Lindstrom	2bffd6f	2001-04-19 20:35:40 +0000	[diff] [blame]	1293	int ok, i, len, found = 0;
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	1294
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	1295	/* check for a useful key */
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	1296	for (i = 0; i < sensitive->nkeys; i++) {
				1297	private = sensitive->keys[i];
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	1298	if (private && private->type != KEY_RSA1) {
				1299	found = 1;
				1300	/* we take and free the key */
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	1301	sensitive->keys[i] = NULL;
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	1302	break;
				1303	}
				1304	}
				1305	if (!found) {
Ben Lindstrom	1d568f9	2002-12-23 02:44:36 +0000	[diff] [blame]	1306	debug("No more client hostkeys for hostbased authentication.");
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	1307	return 0;
				1308	}
				1309	if (key_to_blob(private, &blob, &blen) == 0) {
				1310	key_free(private);
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	1311	return 0;
				1312	}
Damien Miller	91c1847	2001-11-12 11:02:03 +1100	[diff] [blame]	1313	/* figure out a name for the client host */
				1314	p = get_local_name(packet_get_connection_in());
				1315	if (p == NULL) {
				1316	error("userauth_hostbased: cannot get local ipaddr/name");
				1317	key_free(private);
				1318	return 0;
				1319	}
				1320	len = strlen(p) + 2;
				1321	chost = xmalloc(len);
				1322	strlcpy(chost, p, len);
				1323	strlcat(chost, ".", len);
				1324	debug2("userauth_hostbased: chost %s", chost);
Damien Miller	0011138	2003-03-10 11:21:17 +1100	[diff] [blame]	1325	xfree(p);
Damien Miller	91c1847	2001-11-12 11:02:03 +1100	[diff] [blame]	1326
Ben Lindstrom	671388f	2001-04-19 20:40:45 +0000	[diff] [blame]	1327	service = datafellows & SSH_BUG_HBSERVICE ? "ssh-userauth" :
				1328	authctxt->service;
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	1329	pkalg = xstrdup(key_ssh_name(private));
				1330	buffer_init(&b);
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	1331	/* construct data */
Ben Lindstrom	671388f	2001-04-19 20:40:45 +0000	[diff] [blame]	1332	buffer_put_string(&b, session_id2, session_id2_len);
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	1333	buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
				1334	buffer_put_cstring(&b, authctxt->server_user);
Ben Lindstrom	671388f	2001-04-19 20:40:45 +0000	[diff] [blame]	1335	buffer_put_cstring(&b, service);
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	1336	buffer_put_cstring(&b, authctxt->method->name);
				1337	buffer_put_cstring(&b, pkalg);
				1338	buffer_put_string(&b, blob, blen);
				1339	buffer_put_cstring(&b, chost);
				1340	buffer_put_cstring(&b, authctxt->local_user);
				1341	#ifdef DEBUG_PK
				1342	buffer_dump(&b);
				1343	#endif
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	1344	if (sensitive->external_keysign)
				1345	ok = ssh_keysign(private, &signature, &slen,
				1346	buffer_ptr(&b), buffer_len(&b));
				1347	else
				1348	ok = key_sign(private, &signature, &slen,
				1349	buffer_ptr(&b), buffer_len(&b));
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	1350	key_free(private);
				1351	buffer_free(&b);
				1352	if (ok != 0) {
				1353	error("key_sign failed");
				1354	xfree(chost);
				1355	xfree(pkalg);
				1356	return 0;
				1357	}
				1358	packet_start(SSH2_MSG_USERAUTH_REQUEST);
				1359	packet_put_cstring(authctxt->server_user);
				1360	packet_put_cstring(authctxt->service);
				1361	packet_put_cstring(authctxt->method->name);
				1362	packet_put_cstring(pkalg);
				1363	packet_put_string(blob, blen);
				1364	packet_put_cstring(chost);
				1365	packet_put_cstring(authctxt->local_user);
				1366	packet_put_string(signature, slen);
				1367	memset(signature, 's', slen);
				1368	xfree(signature);
				1369	xfree(chost);
				1370	xfree(pkalg);
				1371
				1372	packet_send();
				1373	return 1;
				1374	}
				1375
Damien Miller	3ab496b	2003-05-14 13:47:37 +1000	[diff] [blame]	1376	#if KRB5
				1377	static int
Damien Miller	4d99519	2003-05-14 19:23:56 +1000	[diff] [blame]	1378	ssh_krb5_helper(krb5_data ap, krb5_context context)
Damien Miller	3ab496b	2003-05-14 13:47:37 +1000	[diff] [blame]	1379	{
				1380	krb5_context xcontext = NULL; /* XXX share with ssh1 */
				1381	krb5_auth_context xauth_context = NULL;
Damien Miller	3ab496b	2003-05-14 13:47:37 +1000	[diff] [blame]	1382	krb5_auth_context *auth_context;
				1383	krb5_error_code problem;
				1384	const char *tkfile;
				1385	struct stat buf;
				1386	krb5_ccache ccache = NULL;
				1387	const char *remotehost;
				1388	int ret;
				1389
				1390	memset(ap, 0, sizeof(*ap));
				1391
				1392	context = &xcontext;
				1393	auth_context = &xauth_context;
				1394
				1395	problem = krb5_init_context(context);
				1396	if (problem) {
				1397	debug("Kerberos v5: krb5_init_context failed");
				1398	ret = 0;
				1399	goto out;
				1400	}
				1401
				1402	tkfile = krb5_cc_default_name(*context);
				1403	if (strncmp(tkfile, "FILE:", 5) == 0)
				1404	tkfile += 5;
				1405
				1406	if (stat(tkfile, &buf) == 0 && getuid() != buf.st_uid) {
				1407	debug("Kerberos v5: could not get default ccache (permission denied).");
				1408	ret = 0;
				1409	goto out;
				1410	}
				1411
				1412	problem = krb5_cc_default(*context, &ccache);
				1413	if (problem) {
				1414	debug("Kerberos v5: krb5_cc_default failed: %s",
				1415	krb5_get_err_text(*context, problem));
				1416	ret = 0;
				1417	goto out;
				1418	}
				1419
				1420	remotehost = get_canonical_hostname(1);
				1421
				1422	problem = krb5_mk_req(*context, auth_context, AP_OPTS_MUTUAL_REQUIRED,
				1423	"host", remotehost, NULL, ccache, ap);
				1424	if (problem) {
				1425	debug("Kerberos v5: krb5_mk_req failed: %s",
				1426	krb5_get_err_text(*context, problem));
				1427	ret = 0;
				1428	goto out;
				1429	}
				1430	ret = 1;
				1431
				1432	out:
				1433	if (ccache != NULL)
				1434	krb5_cc_close(*context, ccache);
				1435	if (*auth_context)
				1436	krb5_auth_con_free(context, auth_context);
Damien Miller	3ab496b	2003-05-14 13:47:37 +1000	[diff] [blame]	1437	return (ret);
				1438	}
				1439
				1440	int
				1441	userauth_kerberos(Authctxt *authctxt)
				1442	{
				1443	krb5_data ap;
Damien Miller	4d99519	2003-05-14 19:23:56 +1000	[diff] [blame]	1444	krb5_context *context;
				1445	int ret = 0;
Damien Miller	3ab496b	2003-05-14 13:47:37 +1000	[diff] [blame]	1446
Damien Miller	4d99519	2003-05-14 19:23:56 +1000	[diff] [blame]	1447	if (ssh_krb5_helper(&ap, context) == 0)
				1448	goto out;
Damien Miller	3ab496b	2003-05-14 13:47:37 +1000	[diff] [blame]	1449
				1450	packet_start(SSH2_MSG_USERAUTH_REQUEST);
				1451	packet_put_cstring(authctxt->server_user);
				1452	packet_put_cstring(authctxt->service);
				1453	packet_put_cstring(authctxt->method->name);
				1454	packet_put_string(ap.data, ap.length);
				1455	packet_send();
				1456
Damien Miller	9c61769	2003-05-14 14:31:11 +1000	[diff] [blame]	1457	#ifdef HEIMDAL
Damien Miller	3ab496b	2003-05-14 13:47:37 +1000	[diff] [blame]	1458	krb5_data_free(&ap);
Damien Miller	9c61769	2003-05-14 14:31:11 +1000	[diff] [blame]	1459	#else
Damien Miller	4d99519	2003-05-14 19:23:56 +1000	[diff] [blame]	1460	krb5_free_data_contents(*context, &ap);
Damien Miller	9c61769	2003-05-14 14:31:11 +1000	[diff] [blame]	1461	#endif
Damien Miller	4d99519	2003-05-14 19:23:56 +1000	[diff] [blame]	1462	ret = 1;
Damien Miller	9c61769	2003-05-14 14:31:11 +1000	[diff] [blame]	1463
Damien Miller	4d99519	2003-05-14 19:23:56 +1000	[diff] [blame]	1464	out:
				1465	if (*context)
				1466	krb5_free_context(*context);
				1467	return ret;
Damien Miller	3ab496b	2003-05-14 13:47:37 +1000	[diff] [blame]	1468	}
				1469	#endif
				1470
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	1471	/* find auth method */
				1472
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	1473	/*
				1474	* given auth method name, if configurable options permit this method fill
				1475	* in auth_ident field and return true, otherwise return false.
				1476	*/
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	1477	static int
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	1478	authmethod_is_enabled(Authmethod *method)
				1479	{
				1480	if (method == NULL)
				1481	return 0;
				1482	/* return false if options indicate this method is disabled */
				1483	if (method->enabled == NULL \|\| *method->enabled == 0)
				1484	return 0;
				1485	/* return false if batch mode is enabled but method needs interactive mode */
				1486	if (method->batch_flag != NULL && *method->batch_flag != 0)
				1487	return 0;
				1488	return 1;
				1489	}
				1490
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	1491	static Authmethod *
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	1492	authmethod_lookup(const char *name)
				1493	{
				1494	Authmethod *method = NULL;
				1495	if (name != NULL)
				1496	for (method = authmethods; method->name != NULL; method++)
				1497	if (strcmp(name, method->name) == 0)
				1498	return method;
				1499	debug2("Unrecognized authentication method name: %s", name ? name : "NULL");
				1500	return NULL;
				1501	}
				1502
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame]	1503	/* XXX internal state */
				1504	static Authmethod *current = NULL;
				1505	static char *supported = NULL;
				1506	static char *preferred = NULL;
Ben Lindstrom	5c38552	2002-06-23 21:23:20 +0000	[diff] [blame]	1507
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	1508	/*
				1509	* Given the authentication method list sent by the server, return the
				1510	* next method we should try. If the server initially sends a nil list,
Ben Lindstrom	a370005	2001-04-05 23:26:32 +0000	[diff] [blame]	1511	* use a built-in default list.
Kevin Steves	ef4eea9	2001-02-05 12:42:17 +0000	[diff] [blame]	1512	*/
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	1513	static Authmethod *
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	1514	authmethod_get(char *authlist)
				1515	{
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame]	1516	char *name = NULL;
Ben Lindstrom	c58ab02	2002-02-26 18:15:09 +0000	[diff] [blame]	1517	u_int next;
Kevin Steves	ef4eea9	2001-02-05 12:42:17 +0000	[diff] [blame]	1518
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	1519	/* Use a suitable default if we're passed a nil list. */
				1520	if (authlist == NULL \|\| strlen(authlist) == 0)
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame]	1521	authlist = options.preferred_authentications;
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	1522
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame]	1523	if (supported == NULL \|\| strcmp(authlist, supported) != 0) {
				1524	debug3("start over, passed a different list %s", authlist);
				1525	if (supported != NULL)
				1526	xfree(supported);
				1527	supported = xstrdup(authlist);
				1528	preferred = options.preferred_authentications;
				1529	debug3("preferred %s", preferred);
				1530	current = NULL;
				1531	} else if (current != NULL && authmethod_is_enabled(current))
				1532	return current;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	1533
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame]	1534	for (;;) {
				1535	if ((name = match_list(preferred, supported, &next)) == NULL) {
Ben Lindstrom	1d568f9	2002-12-23 02:44:36 +0000	[diff] [blame]	1536	debug("No more authentication methods to try.");
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame]	1537	current = NULL;
				1538	return NULL;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	1539	}
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame]	1540	preferred += next;
				1541	debug3("authmethod_lookup %s", name);
				1542	debug3("remaining preferred: %s", preferred);
				1543	if ((current = authmethod_lookup(name)) != NULL &&
				1544	authmethod_is_enabled(current)) {
				1545	debug3("authmethod_is_enabled %s", name);
Ben Lindstrom	1d568f9	2002-12-23 02:44:36 +0000	[diff] [blame]	1546	debug("Next authentication method: %s", name);
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame]	1547	return current;
				1548	}
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	1549	}
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame]	1550	}
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	1551
Ben Lindstrom	7907382	2001-07-04 03:42:30 +0000	[diff] [blame]	1552	static char *
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame]	1553	authmethods_get(void)
				1554	{
				1555	Authmethod *method = NULL;
Damien Miller	0e3b872	2002-01-22 23:26:38 +1100	[diff] [blame]	1556	Buffer b;
				1557	char *list;
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame]	1558
Damien Miller	0e3b872	2002-01-22 23:26:38 +1100	[diff] [blame]	1559	buffer_init(&b);
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame]	1560	for (method = authmethods; method->name != NULL; method++) {
				1561	if (authmethod_is_enabled(method)) {
Damien Miller	0e3b872	2002-01-22 23:26:38 +1100	[diff] [blame]	1562	if (buffer_len(&b) > 0)
				1563	buffer_append(&b, ",", 1);
				1564	buffer_append(&b, method->name, strlen(method->name));
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame]	1565	}
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	1566	}
Damien Miller	0e3b872	2002-01-22 23:26:38 +1100	[diff] [blame]	1567	buffer_append(&b, "\0", 1);
				1568	list = xstrdup(buffer_ptr(&b));
				1569	buffer_free(&b);
				1570	return list;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	1571	}