Blame - auth2.c - platform/external/openssh

blob: c7cc0c64004cc4b0e2094d9f706bc2987b802243 [file] [log] [blame]

Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	1	/*
				2	* Copyright (c) 2000 Markus Friedl. All rights reserved.
				3	*
				4	* Redistribution and use in source and binary forms, with or without
				5	* modification, are permitted provided that the following conditions
				6	* are met:
				7	* 1. Redistributions of source code must retain the above copyright
				8	* notice, this list of conditions and the following disclaimer.
				9	* 2. Redistributions in binary form must reproduce the above copyright
				10	* notice, this list of conditions and the following disclaimer in the
				11	* documentation and/or other materials provided with the distribution.
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	12	*
				13	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
				14	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
				15	* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
				16	* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
				17	* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
				18	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
				19	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
				20	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
				21	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
				22	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
				23	*/
Damien Miller	e4340be	2000-09-16 13:29:08 +1100	[diff] [blame]	24
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	25	#include "includes.h"
Ben Lindstrom	511bb24	2002-06-06 20:52:37 +0000	[diff] [blame^]	26	RCSID("$OpenBSD: auth2.c,v 1.93 2002/05/31 11:35:15 markus Exp $");
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	27
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	28	#include "ssh2.h"
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	29	#include "xmalloc.h"
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	30	#include "packet.h"
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	31	#include "log.h"
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	32	#include "servconf.h"
				33	#include "compat.h"
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	34	#include "auth.h"
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	35	#include "dispatch.h"
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	36	#include "pathnames.h"
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	37	#include "monitor_wrap.h"
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	38
				39	/* import */
				40	extern ServerOptions options;
Ben Lindstrom	46c1622	2000-12-22 01:43:59 +0000	[diff] [blame]	41	extern u_char *session_id2;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	42	extern int session_id2_len;
				43
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	44	Authctxt *x_authctxt = NULL;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	45
Ben Lindstrom	511bb24	2002-06-06 20:52:37 +0000	[diff] [blame^]	46	/* methods */
				47
				48	extern Authmethod method_none;
				49	extern Authmethod method_pubkey;
				50	extern Authmethod method_passwd;
				51	extern Authmethod method_kbdint;
				52	extern Authmethod method_hostbased;
				53
				54	Authmethod *authmethods[] = {
				55	&method_none,
				56	&method_pubkey,
				57	&method_passwd,
				58	&method_kbdint,
				59	&method_hostbased,
				60	NULL
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	61	};
				62
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	63	/* protocol */
				64
Damien Miller	630d6f4	2002-01-22 23:17:30 +1100	[diff] [blame]	65	static void input_service_request(int, u_int32_t, void *);
				66	static void input_userauth_request(int, u_int32_t, void *);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	67
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	68	/* helper */
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	69	static Authmethod authmethod_lookup(const char );
Ben Lindstrom	7907382	2001-07-04 03:42:30 +0000	[diff] [blame]	70	static char *authmethods_get(void);
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	71	int user_key_allowed(struct passwd , Key );
				72	int hostbased_key_allowed(struct passwd , const char , char , Key );
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	73
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	74	/*
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	75	* loop until authctxt->success == TRUE
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	76	*/
				77
Ben Lindstrom	73ab9ba	2002-03-22 01:27:35 +0000	[diff] [blame]	78	Authctxt *
Ben Lindstrom	3c36bb2	2001-12-06 17:55:26 +0000	[diff] [blame]	79	do_authentication2(void)
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	80	{
Ben Lindstrom	db65e8f	2001-01-19 04:26:52 +0000	[diff] [blame]	81	Authctxt *authctxt = authctxt_new();
				82
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	83	x_authctxt = authctxt; /XXX/
				84
Ben Lindstrom	bdfb4df	2001-10-03 17:12:43 +0000	[diff] [blame]	85	/* challenge-response is implemented via keyboard interactive */
Ben Lindstrom	551ea37	2001-06-05 18:56:16 +0000	[diff] [blame]	86	if (options.challenge_response_authentication)
Ben Lindstrom	95fb2dd	2001-01-23 03:12:10 +0000	[diff] [blame]	87	options.kbd_interactive_authentication = 1;
Damien Miller	f815442	2001-04-25 22:44:14 +1000	[diff] [blame]	88	if (options.pam_authentication_via_kbd_int)
				89	options.kbd_interactive_authentication = 1;
Damien Miller	ffc868f	2002-05-09 15:59:13 +1000	[diff] [blame]	90	if (use_privsep)
				91	options.pam_authentication_via_kbd_int = 0;
Ben Lindstrom	95fb2dd	2001-01-23 03:12:10 +0000	[diff] [blame]	92
Damien Miller	7d05339	2002-01-22 23:24:13 +1100	[diff] [blame]	93	dispatch_init(&dispatch_protocol_error);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	94	dispatch_set(SSH2_MSG_SERVICE_REQUEST, &input_service_request);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	95	dispatch_run(DISPATCH_BLOCK, &authctxt->success, authctxt);
Ben Lindstrom	73ab9ba	2002-03-22 01:27:35 +0000	[diff] [blame]	96
				97	return (authctxt);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	98	}
				99
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	100	static void
Damien Miller	630d6f4	2002-01-22 23:17:30 +1100	[diff] [blame]	101	input_service_request(int type, u_int32_t seq, void *ctxt)
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	102	{
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	103	Authctxt *authctxt = ctxt;
Ben Lindstrom	46c1622	2000-12-22 01:43:59 +0000	[diff] [blame]	104	u_int len;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	105	int accept = 0;
				106	char *service = packet_get_string(&len);
Damien Miller	48b03fc	2002-01-22 23:11:40 +1100	[diff] [blame]	107	packet_check_eom();
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	108
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	109	if (authctxt == NULL)
				110	fatal("input_service_request: no authctxt");
				111
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	112	if (strcmp(service, "ssh-userauth") == 0) {
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	113	if (!authctxt->success) {
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	114	accept = 1;
				115	/* now we can handle user-auth requests */
				116	dispatch_set(SSH2_MSG_USERAUTH_REQUEST, &input_userauth_request);
				117	}
				118	}
				119	/* XXX all other service requests are denied */
				120
				121	if (accept) {
				122	packet_start(SSH2_MSG_SERVICE_ACCEPT);
				123	packet_put_cstring(service);
				124	packet_send();
				125	packet_write_wait();
				126	} else {
				127	debug("bad service request %s", service);
				128	packet_disconnect("bad service request %s", service);
				129	}
				130	xfree(service);
				131	}
				132
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	133	static void
Damien Miller	630d6f4	2002-01-22 23:17:30 +1100	[diff] [blame]	134	input_userauth_request(int type, u_int32_t seq, void *ctxt)
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	135	{
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	136	Authctxt *authctxt = ctxt;
				137	Authmethod *m = NULL;
Ben Lindstrom	db65e8f	2001-01-19 04:26:52 +0000	[diff] [blame]	138	char user, service, method, style = NULL;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	139	int authenticated = 0;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	140
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	141	if (authctxt == NULL)
				142	fatal("input_userauth_request: no authctxt");
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	143
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	144	user = packet_get_string(NULL);
				145	service = packet_get_string(NULL);
				146	method = packet_get_string(NULL);
				147	debug("userauth-request for user %s service %s method %s", user, service, method);
Ben Lindstrom	4dccfa5	2000-12-28 16:40:05 +0000	[diff] [blame]	148	debug("attempt %d failures %d", authctxt->attempt, authctxt->failures);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	149
Ben Lindstrom	db65e8f	2001-01-19 04:26:52 +0000	[diff] [blame]	150	if ((style = strchr(user, ':')) != NULL)
				151	*style++ = 0;
				152
Kevin Steves	ef4eea9	2001-02-05 12:42:17 +0000	[diff] [blame]	153	if (authctxt->attempt++ == 0) {
Damien Miller	3a5b023	2002-03-13 13:19:42 +1100	[diff] [blame]	154	/* setup auth context */
Kevin Steves	205cc1e	2002-03-22 20:43:05 +0000	[diff] [blame]	155	authctxt->pw = PRIVSEP(getpwnamallow(user));
				156	if (authctxt->pw && strcmp(service, "ssh-connection")==0) {
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	157	authctxt->valid = 1;
				158	debug2("input_userauth_request: setting up authctxt for %s", user);
				159	#ifdef USE_PAM
Damien Miller	7941855	2002-04-23 20:28:48 +1000	[diff] [blame]	160	PRIVSEP(start_pam(authctxt->pw->pw_name));
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	161	#endif
				162	} else {
				163	log("input_userauth_request: illegal user %s", user);
Damien Miller	22e22bf	2001-01-19 15:46:38 +1100	[diff] [blame]	164	#ifdef USE_PAM
Damien Miller	7941855	2002-04-23 20:28:48 +1000	[diff] [blame]	165	PRIVSEP(start_pam("NOUSER"));
Damien Miller	22e22bf	2001-01-19 15:46:38 +1100	[diff] [blame]	166	#endif
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	167	}
Ben Lindstrom	7ebb635	2002-03-22 03:04:08 +0000	[diff] [blame]	168	setproctitle("%s%s", authctxt->pw ? user : "unknown",
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	169	use_privsep ? " [net]" : "");
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	170	authctxt->user = xstrdup(user);
				171	authctxt->service = xstrdup(service);
Ben Lindstrom	9d0c066	2001-06-09 01:40:00 +0000	[diff] [blame]	172	authctxt->style = style ? xstrdup(style) : NULL;
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	173	if (use_privsep)
				174	mm_inform_authserv(service, style);
Ben Lindstrom	9d0c066	2001-06-09 01:40:00 +0000	[diff] [blame]	175	} else if (strcmp(user, authctxt->user) != 0 \|\|
				176	strcmp(service, authctxt->service) != 0) {
				177	packet_disconnect("Change of username or service not allowed: "
				178	"(%s,%s) -> (%s,%s)",
				179	authctxt->user, authctxt->service, user, service);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	180	}
Ben Lindstrom	db65e8f	2001-01-19 04:26:52 +0000	[diff] [blame]	181	/* reset state */
Damien Miller	ee11625	2001-12-21 12:42:34 +1100	[diff] [blame]	182	auth2_challenge_stop(authctxt);
Ben Lindstrom	db65e8f	2001-01-19 04:26:52 +0000	[diff] [blame]	183	authctxt->postponed = 0;
Damien Miller	b70b61f	2000-09-16 16:25:12 +1100	[diff] [blame]	184
Ben Lindstrom	db65e8f	2001-01-19 04:26:52 +0000	[diff] [blame]	185	/* try to authenticate user */
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	186	m = authmethod_lookup(method);
				187	if (m != NULL) {
				188	debug2("input_userauth_request: try method %s", method);
				189	authenticated = m->userauth(authctxt);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	190	}
Damien Miller	5d57e50	2001-03-30 10:48:31 +1000	[diff] [blame]	191	userauth_finish(authctxt, authenticated, method);
				192
				193	xfree(service);
				194	xfree(user);
				195	xfree(method);
				196	}
				197
				198	void
				199	userauth_finish(Authctxt authctxt, int authenticated, char method)
				200	{
Ben Lindstrom	cd4349f	2001-06-09 00:23:17 +0000	[diff] [blame]	201	char *methods;
				202
Ben Lindstrom	db65e8f	2001-01-19 04:26:52 +0000	[diff] [blame]	203	if (!authctxt->valid && authenticated)
				204	fatal("INTERNAL ERROR: authenticated invalid user %s",
				205	authctxt->user);
Damien Miller	b70b61f	2000-09-16 16:25:12 +1100	[diff] [blame]	206
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	207	/* Special handling for root */
Ben Lindstrom	d8a9021	2001-02-15 03:08:27 +0000	[diff] [blame]	208	if (authenticated && authctxt->pw->pw_uid == 0 &&
				209	!auth_root_allowed(method))
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	210	authenticated = 0;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	211
				212	#ifdef USE_PAM
Damien Miller	7941855	2002-04-23 20:28:48 +1000	[diff] [blame]	213	if (!use_privsep && authenticated && authctxt->user &&
				214	!do_pam_account(authctxt->user, NULL))
Damien Miller	b70b61f	2000-09-16 16:25:12 +1100	[diff] [blame]	215	authenticated = 0;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	216	#endif /* USE_PAM */
				217
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	218	/* Log before sending the reply */
Ben Lindstrom	db65e8f	2001-01-19 04:26:52 +0000	[diff] [blame]	219	auth_log(authctxt, authenticated, method, " ssh2");
				220
Ben Lindstrom	cd4349f	2001-06-09 00:23:17 +0000	[diff] [blame]	221	if (authctxt->postponed)
				222	return;
				223
				224	/* XXX todo: check if multiple auth methods are needed */
				225	if (authenticated == 1) {
				226	/* turn off userauth */
Damien Miller	7d05339	2002-01-22 23:24:13 +1100	[diff] [blame]	227	dispatch_set(SSH2_MSG_USERAUTH_REQUEST, &dispatch_protocol_ignore);
Ben Lindstrom	cd4349f	2001-06-09 00:23:17 +0000	[diff] [blame]	228	packet_start(SSH2_MSG_USERAUTH_SUCCESS);
				229	packet_send();
				230	packet_write_wait();
				231	/* now we can break out */
				232	authctxt->success = 1;
				233	} else {
Damien Miller	e49d096	2001-11-13 23:46:18 +1100	[diff] [blame]	234	if (authctxt->failures++ > AUTH_FAIL_MAX) {
				235	#ifdef WITH_AIXAUTHENTICATE
				236	loginfailed(authctxt->user,
Damien Miller	f3451a2	2002-02-05 12:40:46 +1100	[diff] [blame]	237	get_canonical_hostname(options.verify_reverse_mapping),
Damien Miller	e49d096	2001-11-13 23:46:18 +1100	[diff] [blame]	238	"ssh");
				239	#endif /* WITH_AIXAUTHENTICATE */
Ben Lindstrom	cd4349f	2001-06-09 00:23:17 +0000	[diff] [blame]	240	packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
Damien Miller	e49d096	2001-11-13 23:46:18 +1100	[diff] [blame]	241	}
Ben Lindstrom	cd4349f	2001-06-09 00:23:17 +0000	[diff] [blame]	242	methods = authmethods_get();
				243	packet_start(SSH2_MSG_USERAUTH_FAILURE);
				244	packet_put_cstring(methods);
				245	packet_put_char(0); /* XXX partial success, unused */
				246	packet_send();
				247	packet_write_wait();
				248	xfree(methods);
				249	}
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	250	}
				251
Damien Miller	5ad9fd9	2002-05-13 11:07:41 +1000	[diff] [blame]	252	char *
				253	auth2_read_banner(void)
Ben Lindstrom	48bd7c1	2001-01-09 00:35:42 +0000	[diff] [blame]	254	{
				255	struct stat st;
				256	char *banner = NULL;
				257	off_t len, n;
				258	int fd;
				259
Damien Miller	5ad9fd9	2002-05-13 11:07:41 +1000	[diff] [blame]	260	if ((fd = open(options.banner, O_RDONLY)) == -1)
				261	return (NULL);
				262	if (fstat(fd, &st) == -1) {
				263	close(fd);
				264	return (NULL);
				265	}
Ben Lindstrom	48bd7c1	2001-01-09 00:35:42 +0000	[diff] [blame]	266	len = st.st_size;
				267	banner = xmalloc(len + 1);
Damien Miller	5ad9fd9	2002-05-13 11:07:41 +1000	[diff] [blame]	268	n = atomicio(read, fd, banner, len);
				269	close(fd);
				270
				271	if (n != len) {
				272	free(banner);
				273	return (NULL);
				274	}
Ben Lindstrom	48bd7c1	2001-01-09 00:35:42 +0000	[diff] [blame]	275	banner[n] = '\0';
Damien Miller	5ad9fd9	2002-05-13 11:07:41 +1000	[diff] [blame]	276
				277	return (banner);
				278	}
				279
				280	static void
				281	userauth_banner(void)
				282	{
				283	char *banner = NULL;
				284
				285	if (options.banner == NULL \|\| (datafellows & SSH_BUG_BANNER))
				286	return;
				287
				288	if ((banner = PRIVSEP(auth2_read_banner())) == NULL)
				289	goto done;
				290
Ben Lindstrom	48bd7c1	2001-01-09 00:35:42 +0000	[diff] [blame]	291	packet_start(SSH2_MSG_USERAUTH_BANNER);
				292	packet_put_cstring(banner);
				293	packet_put_cstring(""); /* language, unused */
				294	packet_send();
				295	debug("userauth_banner: sent");
				296	done:
				297	if (banner)
				298	xfree(banner);
Ben Lindstrom	48bd7c1	2001-01-09 00:35:42 +0000	[diff] [blame]	299	return;
				300	}
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	301
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	302	static int
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	303	userauth_none(Authctxt *authctxt)
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	304	{
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	305	/* disable method "none", only allowed one time */
				306	Authmethod *m = authmethod_lookup("none");
				307	if (m != NULL)
				308	m->enabled = NULL;
Damien Miller	48b03fc	2002-01-22 23:11:40 +1100	[diff] [blame]	309	packet_check_eom();
Kevin Steves	ef4eea9	2001-02-05 12:42:17 +0000	[diff] [blame]	310	userauth_banner();
Damien Miller	b8c656e	2000-06-28 15:22:41 +1000	[diff] [blame]	311
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	312	if (authctxt->valid == 0)
				313	return(0);
Damien Miller	3a5b023	2002-03-13 13:19:42 +1100	[diff] [blame]	314
				315	#ifdef HAVE_CYGWIN
				316	if (check_nt_auth(1, authctxt->pw) == 0)
				317	return(0);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	318	#endif
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	319	return PRIVSEP(auth_password(authctxt, ""));
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	320	}
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	321
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	322	static int
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	323	userauth_passwd(Authctxt *authctxt)
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	324	{
				325	char *password;
				326	int authenticated = 0;
				327	int change;
Ben Lindstrom	46c1622	2000-12-22 01:43:59 +0000	[diff] [blame]	328	u_int len;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	329	change = packet_get_char();
				330	if (change)
				331	log("password change not supported");
				332	password = packet_get_string(&len);
Damien Miller	48b03fc	2002-01-22 23:11:40 +1100	[diff] [blame]	333	packet_check_eom();
Damien Miller	3a5b023	2002-03-13 13:19:42 +1100	[diff] [blame]	334	if (authctxt->valid &&
				335	#ifdef HAVE_CYGWIN
				336	check_nt_auth(1, authctxt->pw) &&
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	337	#endif
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	338	PRIVSEP(auth_password(authctxt, password)) == 1)
Damien Miller	3a5b023	2002-03-13 13:19:42 +1100	[diff] [blame]	339	authenticated = 1;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	340	memset(password, 0, len);
				341	xfree(password);
				342	return authenticated;
				343	}
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	344
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	345	static int
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	346	userauth_kbdint(Authctxt *authctxt)
				347	{
				348	int authenticated = 0;
Ben Lindstrom	551ea37	2001-06-05 18:56:16 +0000	[diff] [blame]	349	char lang, devs;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	350
				351	lang = packet_get_string(NULL);
				352	devs = packet_get_string(NULL);
Damien Miller	48b03fc	2002-01-22 23:11:40 +1100	[diff] [blame]	353	packet_check_eom();
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	354
Ben Lindstrom	551ea37	2001-06-05 18:56:16 +0000	[diff] [blame]	355	debug("keyboard-interactive devs %s", devs);
Ben Lindstrom	db65e8f	2001-01-19 04:26:52 +0000	[diff] [blame]	356
Ben Lindstrom	551ea37	2001-06-05 18:56:16 +0000	[diff] [blame]	357	if (options.challenge_response_authentication)
Ben Lindstrom	95fb2dd	2001-01-23 03:12:10 +0000	[diff] [blame]	358	authenticated = auth2_challenge(authctxt, devs);
Ben Lindstrom	db65e8f	2001-01-19 04:26:52 +0000	[diff] [blame]	359
Damien Miller	b848158	2000-12-03 11:51:51 +1100	[diff] [blame]	360	#ifdef USE_PAM
Damien Miller	f815442	2001-04-25 22:44:14 +1000	[diff] [blame]	361	if (authenticated == 0 && options.pam_authentication_via_kbd_int)
Damien Miller	b848158	2000-12-03 11:51:51 +1100	[diff] [blame]	362	authenticated = auth2_pam(authctxt);
				363	#endif
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	364	xfree(devs);
Ben Lindstrom	551ea37	2001-06-05 18:56:16 +0000	[diff] [blame]	365	xfree(lang);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	366	#ifdef HAVE_CYGWIN
Damien Miller	0dea79d	2001-12-29 14:08:28 +1100	[diff] [blame]	367	if (check_nt_auth(0, authctxt->pw) == 0)
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	368	return(0);
				369	#endif
				370	return authenticated;
				371	}
				372
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	373	static int
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	374	userauth_pubkey(Authctxt *authctxt)
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	375	{
				376	Buffer b;
Damien Miller	9b74bfc	2002-02-05 12:26:03 +1100	[diff] [blame]	377	Key *key = NULL;
Ben Lindstrom	90fd814	2002-02-26 18:09:42 +0000	[diff] [blame]	378	char *pkalg;
				379	u_char pkblob, sig;
Ben Lindstrom	46c1622	2000-12-22 01:43:59 +0000	[diff] [blame]	380	u_int alen, blen, slen;
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	381	int have_sig, pktype;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	382	int authenticated = 0;
				383
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	384	if (!authctxt->valid) {
				385	debug2("userauth_pubkey: disabled because of invalid user");
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	386	return 0;
				387	}
				388	have_sig = packet_get_char();
Ben Lindstrom	d121f61	2000-12-03 17:00:47 +0000	[diff] [blame]	389	if (datafellows & SSH_BUG_PKAUTH) {
				390	debug2("userauth_pubkey: SSH_BUG_PKAUTH");
				391	/* no explicit pkalg given */
				392	pkblob = packet_get_string(&blen);
				393	buffer_init(&b);
				394	buffer_append(&b, pkblob, blen);
				395	/* so we have to extract the pkalg from the pkblob */
				396	pkalg = buffer_get_string(&b, &alen);
				397	buffer_free(&b);
				398	} else {
				399	pkalg = packet_get_string(&alen);
				400	pkblob = packet_get_string(&blen);
				401	}
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	402	pktype = key_type_from_name(pkalg);
				403	if (pktype == KEY_UNSPEC) {
Ben Lindstrom	d121f61	2000-12-03 17:00:47 +0000	[diff] [blame]	404	/* this is perfectly legal */
Damien Miller	9b74bfc	2002-02-05 12:26:03 +1100	[diff] [blame]	405	log("userauth_pubkey: unsupported public key algorithm: %s",
				406	pkalg);
				407	goto done;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	408	}
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	409	key = key_from_blob(pkblob, blen);
Damien Miller	9b74bfc	2002-02-05 12:26:03 +1100	[diff] [blame]	410	if (key == NULL) {
				411	error("userauth_pubkey: cannot decode key: %s", pkalg);
				412	goto done;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	413	}
Damien Miller	9b74bfc	2002-02-05 12:26:03 +1100	[diff] [blame]	414	if (key->type != pktype) {
				415	error("userauth_pubkey: type mismatch for decoded key "
				416	"(received %d, expected %d)", key->type, pktype);
				417	goto done;
				418	}
				419	if (have_sig) {
				420	sig = packet_get_string(&slen);
				421	packet_check_eom();
				422	buffer_init(&b);
				423	if (datafellows & SSH_OLD_SESSIONID) {
				424	buffer_append(&b, session_id2, session_id2_len);
				425	} else {
				426	buffer_put_string(&b, session_id2, session_id2_len);
				427	}
				428	/* reconstruct packet */
				429	buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
				430	buffer_put_cstring(&b, authctxt->user);
				431	buffer_put_cstring(&b,
				432	datafellows & SSH_BUG_PKSERVICE ?
				433	"ssh-userauth" :
				434	authctxt->service);
				435	if (datafellows & SSH_BUG_PKAUTH) {
				436	buffer_put_char(&b, have_sig);
				437	} else {
				438	buffer_put_cstring(&b, "publickey");
				439	buffer_put_char(&b, have_sig);
				440	buffer_put_cstring(&b, pkalg);
				441	}
				442	buffer_put_string(&b, pkblob, blen);
				443	#ifdef DEBUG_PK
				444	buffer_dump(&b);
				445	#endif
				446	/* test for correct signature */
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	447	authenticated = 0;
				448	if (PRIVSEP(user_key_allowed(authctxt->pw, key)) &&
				449	PRIVSEP(key_verify(key, sig, slen, buffer_ptr(&b),
				450	buffer_len(&b))) == 1)
Damien Miller	3a5b023	2002-03-13 13:19:42 +1100	[diff] [blame]	451	authenticated = 1;
Damien Miller	9b74bfc	2002-02-05 12:26:03 +1100	[diff] [blame]	452	buffer_clear(&b);
				453	xfree(sig);
				454	} else {
				455	debug("test whether pkalg/pkblob are acceptable");
				456	packet_check_eom();
				457
				458	/* XXX fake reply and always send PK_OK ? */
				459	/*
				460	* XXX this allows testing whether a user is allowed
				461	* to login: if you happen to have a valid pubkey this
				462	* message is sent. the message is NEVER sent at all
				463	* if a user is not allowed to login. is this an
				464	* issue? -markus
				465	*/
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	466	if (PRIVSEP(user_key_allowed(authctxt->pw, key))) {
Damien Miller	9b74bfc	2002-02-05 12:26:03 +1100	[diff] [blame]	467	packet_start(SSH2_MSG_USERAUTH_PK_OK);
				468	packet_put_string(pkalg, alen);
				469	packet_put_string(pkblob, blen);
				470	packet_send();
				471	packet_write_wait();
				472	authctxt->postponed = 1;
				473	}
				474	}
				475	if (authenticated != 1)
				476	auth_clear_options();
				477	done:
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	478	debug2("userauth_pubkey: authenticated %d pkalg %s", authenticated, pkalg);
Damien Miller	9b74bfc	2002-02-05 12:26:03 +1100	[diff] [blame]	479	if (key != NULL)
				480	key_free(key);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	481	xfree(pkalg);
				482	xfree(pkblob);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	483	#ifdef HAVE_CYGWIN
Damien Miller	0dea79d	2001-12-29 14:08:28 +1100	[diff] [blame]	484	if (check_nt_auth(0, authctxt->pw) == 0)
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	485	return(0);
				486	#endif
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	487	return authenticated;
				488	}
				489
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	490	static int
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	491	userauth_hostbased(Authctxt *authctxt)
				492	{
				493	Buffer b;
Damien Miller	9b74bfc	2002-02-05 12:26:03 +1100	[diff] [blame]	494	Key *key = NULL;
Ben Lindstrom	90fd814	2002-02-26 18:09:42 +0000	[diff] [blame]	495	char pkalg, cuser, chost, service;
				496	u_char pkblob, sig;
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	497	u_int alen, blen, slen;
				498	int pktype;
				499	int authenticated = 0;
				500
				501	if (!authctxt->valid) {
				502	debug2("userauth_hostbased: disabled because of invalid user");
				503	return 0;
				504	}
				505	pkalg = packet_get_string(&alen);
				506	pkblob = packet_get_string(&blen);
				507	chost = packet_get_string(NULL);
				508	cuser = packet_get_string(NULL);
				509	sig = packet_get_string(&slen);
				510
				511	debug("userauth_hostbased: cuser %s chost %s pkalg %s slen %d",
				512	cuser, chost, pkalg, slen);
				513	#ifdef DEBUG_PK
				514	debug("signature:");
				515	buffer_init(&b);
				516	buffer_append(&b, sig, slen);
				517	buffer_dump(&b);
				518	buffer_free(&b);
				519	#endif
				520	pktype = key_type_from_name(pkalg);
				521	if (pktype == KEY_UNSPEC) {
				522	/* this is perfectly legal */
				523	log("userauth_hostbased: unsupported "
				524	"public key algorithm: %s", pkalg);
				525	goto done;
				526	}
				527	key = key_from_blob(pkblob, blen);
				528	if (key == NULL) {
Damien Miller	9b74bfc	2002-02-05 12:26:03 +1100	[diff] [blame]	529	error("userauth_hostbased: cannot decode key: %s", pkalg);
				530	goto done;
				531	}
				532	if (key->type != pktype) {
				533	error("userauth_hostbased: type mismatch for decoded key "
				534	"(received %d, expected %d)", key->type, pktype);
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	535	goto done;
				536	}
Ben Lindstrom	671388f	2001-04-19 20:40:45 +0000	[diff] [blame]	537	service = datafellows & SSH_BUG_HBSERVICE ? "ssh-userauth" :
				538	authctxt->service;
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	539	buffer_init(&b);
Ben Lindstrom	671388f	2001-04-19 20:40:45 +0000	[diff] [blame]	540	buffer_put_string(&b, session_id2, session_id2_len);
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	541	/* reconstruct packet */
				542	buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
				543	buffer_put_cstring(&b, authctxt->user);
Ben Lindstrom	671388f	2001-04-19 20:40:45 +0000	[diff] [blame]	544	buffer_put_cstring(&b, service);
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	545	buffer_put_cstring(&b, "hostbased");
				546	buffer_put_string(&b, pkalg, alen);
				547	buffer_put_string(&b, pkblob, blen);
				548	buffer_put_cstring(&b, chost);
				549	buffer_put_cstring(&b, cuser);
				550	#ifdef DEBUG_PK
				551	buffer_dump(&b);
				552	#endif
				553	/* test for allowed key and correct signature */
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	554	authenticated = 0;
				555	if (PRIVSEP(hostbased_key_allowed(authctxt->pw, cuser, chost, key)) &&
				556	PRIVSEP(key_verify(key, sig, slen, buffer_ptr(&b),
				557	buffer_len(&b))) == 1)
Damien Miller	3a5b023	2002-03-13 13:19:42 +1100	[diff] [blame]	558	authenticated = 1;
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	559
				560	buffer_clear(&b);
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	561	done:
				562	debug2("userauth_hostbased: authenticated %d", authenticated);
Damien Miller	9b74bfc	2002-02-05 12:26:03 +1100	[diff] [blame]	563	if (key != NULL)
				564	key_free(key);
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	565	xfree(pkalg);
				566	xfree(pkblob);
				567	xfree(cuser);
				568	xfree(chost);
				569	xfree(sig);
				570	return authenticated;
				571	}
				572
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	573	/* get current user */
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	574
				575	struct passwd*
				576	auth_get_user(void)
				577	{
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	578	return (x_authctxt != NULL && x_authctxt->valid) ? x_authctxt->pw : NULL;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	579	}
				580
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	581	#define DELIM ","
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	582
Ben Lindstrom	7907382	2001-07-04 03:42:30 +0000	[diff] [blame]	583	static char *
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	584	authmethods_get(void)
				585	{
Damien Miller	0e3b872	2002-01-22 23:26:38 +1100	[diff] [blame]	586	Buffer b;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	587	char *list;
Ben Lindstrom	511bb24	2002-06-06 20:52:37 +0000	[diff] [blame^]	588	int i;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	589
Damien Miller	0e3b872	2002-01-22 23:26:38 +1100	[diff] [blame]	590	buffer_init(&b);
Ben Lindstrom	511bb24	2002-06-06 20:52:37 +0000	[diff] [blame^]	591	for (i = 0; authmethods[i] != NULL; i++) {
				592	if (strcmp(authmethods[i]->name, "none") == 0)
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	593	continue;
Ben Lindstrom	511bb24	2002-06-06 20:52:37 +0000	[diff] [blame^]	594	if (authmethods[i]->enabled != NULL &&
				595	*(authmethods[i]->enabled) != 0) {
Damien Miller	0e3b872	2002-01-22 23:26:38 +1100	[diff] [blame]	596	if (buffer_len(&b) > 0)
				597	buffer_append(&b, ",", 1);
Ben Lindstrom	511bb24	2002-06-06 20:52:37 +0000	[diff] [blame^]	598	buffer_append(&b, authmethods[i]->name,
				599	strlen(authmethods[i]->name));
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	600	}
				601	}
Damien Miller	0e3b872	2002-01-22 23:26:38 +1100	[diff] [blame]	602	buffer_append(&b, "\0", 1);
				603	list = xstrdup(buffer_ptr(&b));
				604	buffer_free(&b);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	605	return list;
				606	}
				607
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	608	static Authmethod *
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	609	authmethod_lookup(const char *name)
				610	{
Ben Lindstrom	511bb24	2002-06-06 20:52:37 +0000	[diff] [blame^]	611	int i;
				612
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	613	if (name != NULL)
Ben Lindstrom	511bb24	2002-06-06 20:52:37 +0000	[diff] [blame^]	614	for (i = 0; authmethods[i] != NULL; i++)
				615	if (authmethods[i]->enabled != NULL &&
				616	*(authmethods[i]->enabled) != 0 &&
				617	strcmp(name, authmethods[i]->name) == 0)
				618	return authmethods[i];
				619	debug2("Unrecognized authentication method name: %s",
				620	name ? name : "NULL");
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	621	return NULL;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	622	}