Blame - sshconnect2.c - platform/external/openssh

blob: 0605e4e5f6a19df308bbe374e62d403d7eafb397 [file] [log] [blame]

Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	1	/*
				2	* Copyright (c) 2000 Markus Friedl. All rights reserved.
				3	*
				4	* Redistribution and use in source and binary forms, with or without
				5	* modification, are permitted provided that the following conditions
				6	* are met:
				7	* 1. Redistributions of source code must retain the above copyright
				8	* notice, this list of conditions and the following disclaimer.
				9	* 2. Redistributions in binary form must reproduce the above copyright
				10	* notice, this list of conditions and the following disclaimer in the
				11	* documentation and/or other materials provided with the distribution.
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	12	*
				13	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
				14	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
				15	* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
				16	* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
				17	* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
				18	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
				19	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
				20	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
				21	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
				22	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
				23	*/
				24
				25	#include "includes.h"
Damien Miller	3ab496b	2003-05-14 13:47:37 +1000	[diff] [blame^]	26	RCSID("$OpenBSD: sshconnect2.c,v 1.118 2003/05/14 02:15:47 markus Exp $");
				27
				28	#ifdef KRB5
				29	#include <krb5.h>
				30	#endif
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	31
				32	#include "ssh.h"
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	33	#include "ssh2.h"
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	34	#include "xmalloc.h"
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	35	#include "buffer.h"
				36	#include "packet.h"
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	37	#include "compat.h"
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	38	#include "bufaux.h"
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	39	#include "cipher.h"
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	40	#include "kex.h"
				41	#include "myproposal.h"
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	42	#include "sshconnect.h"
				43	#include "authfile.h"
Ben Lindstrom	df22139	2001-03-29 00:36:16 +0000	[diff] [blame]	44	#include "dh.h"
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	45	#include "authfd.h"
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	46	#include "log.h"
				47	#include "readconf.h"
				48	#include "readpass.h"
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame]	49	#include "match.h"
Ben Lindstrom	20d7c7b	2001-04-04 01:56:17 +0000	[diff] [blame]	50	#include "dispatch.h"
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	51	#include "canohost.h"
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	52	#include "msg.h"
				53	#include "pathnames.h"
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	54
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	55	/* import */
				56	extern char *client_version_string;
				57	extern char *server_version_string;
				58	extern Options options;
				59
				60	/*
				61	* SSH2 key exchange
				62	*/
				63
Ben Lindstrom	46c1622	2000-12-22 01:43:59 +0000	[diff] [blame]	64	u_char *session_id2 = NULL;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	65	int session_id2_len = 0;
				66
Ben Lindstrom	20d7c7b	2001-04-04 01:56:17 +0000	[diff] [blame]	67	char *xxx_host;
				68	struct sockaddr *xxx_hostaddr;
				69
Ben Lindstrom	f28f634	2001-04-04 02:03:04 +0000	[diff] [blame]	70	Kex *xxx_kex = NULL;
				71
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	72	static int
Ben Lindstrom	d6481ea	2001-06-25 04:37:41 +0000	[diff] [blame]	73	verify_host_key_callback(Key *hostkey)
Ben Lindstrom	20d7c7b	2001-04-04 01:56:17 +0000	[diff] [blame]	74	{
Ben Lindstrom	d6481ea	2001-06-25 04:37:41 +0000	[diff] [blame]	75	if (verify_host_key(xxx_host, xxx_hostaddr, hostkey) == -1)
Damien Miller	59d9fb9	2001-10-10 15:03:11 +1000	[diff] [blame]	76	fatal("Host key verification failed.");
Ben Lindstrom	20d7c7b	2001-04-04 01:56:17 +0000	[diff] [blame]	77	return 0;
				78	}
				79
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	80	void
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	81	ssh_kex2(char host, struct sockaddr hostaddr)
				82	{
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	83	Kex *kex;
Ben Lindstrom	20d7c7b	2001-04-04 01:56:17 +0000	[diff] [blame]	84
				85	xxx_host = host;
				86	xxx_hostaddr = hostaddr;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	87
Damien Miller	e39cacc	2000-11-29 12:18:44 +1100	[diff] [blame]	88	if (options.ciphers == (char *)-1) {
Damien Miller	996acd2	2003-04-09 20:59:48 +1000	[diff] [blame]	89	logit("No valid ciphers for protocol version 2 given, using defaults.");
Damien Miller	e39cacc	2000-11-29 12:18:44 +1100	[diff] [blame]	90	options.ciphers = NULL;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	91	}
				92	if (options.ciphers != NULL) {
				93	myproposal[PROPOSAL_ENC_ALGS_CTOS] =
				94	myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers;
				95	}
Damien Miller	a0ff466	2001-03-30 10:49:35 +1000	[diff] [blame]	96	myproposal[PROPOSAL_ENC_ALGS_CTOS] =
				97	compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_CTOS]);
				98	myproposal[PROPOSAL_ENC_ALGS_STOC] =
				99	compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_STOC]);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	100	if (options.compression) {
Ben Lindstrom	06b33aa	2001-02-15 03:01:59 +0000	[diff] [blame]	101	myproposal[PROPOSAL_COMP_ALGS_CTOS] =
Ben Lindstrom	343010a	2002-07-04 00:16:25 +0000	[diff] [blame]	102	myproposal[PROPOSAL_COMP_ALGS_STOC] = "zlib,none";
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	103	} else {
Ben Lindstrom	06b33aa	2001-02-15 03:01:59 +0000	[diff] [blame]	104	myproposal[PROPOSAL_COMP_ALGS_CTOS] =
Ben Lindstrom	343010a	2002-07-04 00:16:25 +0000	[diff] [blame]	105	myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib";
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	106	}
Ben Lindstrom	06b33aa	2001-02-15 03:01:59 +0000	[diff] [blame]	107	if (options.macs != NULL) {
				108	myproposal[PROPOSAL_MAC_ALGS_CTOS] =
				109	myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
				110	}
Ben Lindstrom	982dbbc	2001-04-17 18:11:36 +0000	[diff] [blame]	111	if (options.hostkeyalgorithms != NULL)
Damien Miller	9f0f5c6	2001-12-21 14:45:46 +1100	[diff] [blame]	112	myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
Ben Lindstrom	982dbbc	2001-04-17 18:11:36 +0000	[diff] [blame]	113	options.hostkeyalgorithms;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	114
Damien Miller	a5539d2	2003-04-09 20:50:06 +1000	[diff] [blame]	115	if (options.rekey_limit)
				116	packet_set_rekey_limit(options.rekey_limit);
				117
Ben Lindstrom	8ac9106	2001-04-04 17:57:54 +0000	[diff] [blame]	118	/* start key exchange */
Ben Lindstrom	238abf6	2001-04-04 17:52:53 +0000	[diff] [blame]	119	kex = kex_setup(myproposal);
Damien Miller	8e7fb33	2003-02-24 12:03:03 +1100	[diff] [blame]	120	kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client;
				121	kex->kex[KEX_DH_GEX_SHA1] = kexgex_client;
Ben Lindstrom	20d7c7b	2001-04-04 01:56:17 +0000	[diff] [blame]	122	kex->client_version_string=client_version_string;
				123	kex->server_version_string=server_version_string;
Ben Lindstrom	d6481ea	2001-06-25 04:37:41 +0000	[diff] [blame]	124	kex->verify_host_key=&verify_host_key_callback;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	125
Ben Lindstrom	f28f634	2001-04-04 02:03:04 +0000	[diff] [blame]	126	xxx_kex = kex;
				127
Ben Lindstrom	be2cc43	2001-04-04 23:46:07 +0000	[diff] [blame]	128	dispatch_run(DISPATCH_BLOCK, &kex->done, kex);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	129
Ben Lindstrom	2d90e00	2001-04-04 02:00:54 +0000	[diff] [blame]	130	session_id2 = kex->session_id;
				131	session_id2_len = kex->session_id_len;
				132
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	133	#ifdef DEBUG_KEXDH
				134	/* send 1st encrypted/maced/compressed message */
				135	packet_start(SSH2_MSG_IGNORE);
				136	packet_put_cstring("markus");
				137	packet_send();
				138	packet_write_wait();
				139	#endif
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	140	}
Damien Miller	b1715dc	2000-05-30 13:44:51 +1000	[diff] [blame]	141
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	142	/*
				143	* Authenticate user
				144	*/
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	145
				146	typedef struct Authctxt Authctxt;
				147	typedef struct Authmethod Authmethod;
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	148	typedef struct identity Identity;
				149	typedef struct idlist Idlist;
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	150
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	151	struct identity {
				152	TAILQ_ENTRY(identity) next;
				153	AuthenticationConnection ac; / set if agent supports key */
				154	Key key; / public/private key */
				155	char filename; / comment for agent-only keys */
				156	int tried;
				157	int isprivate; /* key points to the private key */
				158	};
				159	TAILQ_HEAD(idlist, identity);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	160
				161	struct Authctxt {
				162	const char *server_user;
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	163	const char *local_user;
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	164	const char *host;
				165	const char *service;
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	166	Authmethod *method;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	167	int success;
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	168	char *authlist;
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	169	/* pubkey */
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	170	Idlist keys;
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	171	AuthenticationConnection *agent;
				172	/* hostbased */
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	173	Sensitive *sensitive;
Ben Lindstrom	7d19996	2001-09-12 18:29:00 +0000	[diff] [blame]	174	/* kbd-interactive */
				175	int info_req_seen;
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	176	};
				177	struct Authmethod {
				178	char name; / string to compare against server's list */
				179	int (userauth)(Authctxt authctxt);
				180	int enabled; / flag in option struct that enables method */
				181	int batch_flag; / flag in option struct that disables method */
				182	};
				183
Damien Miller	630d6f4	2002-01-22 23:17:30 +1100	[diff] [blame]	184	void input_userauth_success(int, u_int32_t, void *);
				185	void input_userauth_failure(int, u_int32_t, void *);
				186	void input_userauth_banner(int, u_int32_t, void *);
				187	void input_userauth_error(int, u_int32_t, void *);
				188	void input_userauth_info_req(int, u_int32_t, void *);
				189	void input_userauth_pk_ok(int, u_int32_t, void *);
Ben Lindstrom	38a69e6	2002-03-27 17:28:46 +0000	[diff] [blame]	190	void input_userauth_passwd_changereq(int, u_int32_t, void *);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	191
Ben Lindstrom	3c36bb2	2001-12-06 17:55:26 +0000	[diff] [blame]	192	int userauth_none(Authctxt *);
				193	int userauth_pubkey(Authctxt *);
				194	int userauth_passwd(Authctxt *);
				195	int userauth_kbdint(Authctxt *);
				196	int userauth_hostbased(Authctxt *);
Damien Miller	3ab496b	2003-05-14 13:47:37 +1000	[diff] [blame^]	197	int userauth_kerberos(Authctxt *);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	198
Ben Lindstrom	3c36bb2	2001-12-06 17:55:26 +0000	[diff] [blame]	199	void userauth(Authctxt , char );
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	200
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	201	static int sign_and_send_pubkey(Authctxt , Identity );
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	202	static void clear_auth_state(Authctxt *);
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	203	static void pubkey_prepare(Authctxt *);
				204	static void pubkey_cleanup(Authctxt *);
				205	static Key load_identity_file(char );
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	206
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	207	static Authmethod authmethod_get(char authlist);
				208	static Authmethod authmethod_lookup(const char name);
				209	static char *authmethods_get(void);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	210
				211	Authmethod authmethods[] = {
Ben Lindstrom	1bfe291	2001-06-05 19:37:25 +0000	[diff] [blame]	212	{"hostbased",
				213	userauth_hostbased,
				214	&options.hostbased_authentication,
				215	NULL},
Damien Miller	3ab496b	2003-05-14 13:47:37 +1000	[diff] [blame^]	216	#if KRB5
				217	{"kerberos-2@ssh.com",
				218	userauth_kerberos,
				219	&options.kerberos_authentication,
				220	NULL},
				221	#endif
Ben Lindstrom	45350e8	2001-08-06 20:57:11 +0000	[diff] [blame]	222	{"publickey",
				223	userauth_pubkey,
				224	&options.pubkey_authentication,
				225	NULL},
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	226	{"keyboard-interactive",
				227	userauth_kbdint,
				228	&options.kbd_interactive_authentication,
				229	&options.batch_mode},
Ben Lindstrom	45350e8	2001-08-06 20:57:11 +0000	[diff] [blame]	230	{"password",
				231	userauth_passwd,
				232	&options.password_authentication,
				233	&options.batch_mode},
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	234	{"none",
				235	userauth_none,
				236	NULL,
				237	NULL},
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	238	{NULL, NULL, NULL, NULL}
				239	};
				240
				241	void
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	242	ssh_userauth2(const char local_user, const char server_user, char *host,
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	243	Sensitive *sensitive)
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	244	{
				245	Authctxt authctxt;
				246	int type;
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	247
Ben Lindstrom	551ea37	2001-06-05 18:56:16 +0000	[diff] [blame]	248	if (options.challenge_response_authentication)
Ben Lindstrom	95fb2dd	2001-01-23 03:12:10 +0000	[diff] [blame]	249	options.kbd_interactive_authentication = 1;
				250
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	251	packet_start(SSH2_MSG_SERVICE_REQUEST);
				252	packet_put_cstring("ssh-userauth");
				253	packet_send();
Ben Lindstrom	064496f	2002-12-23 02:04:22 +0000	[diff] [blame]	254	debug("SSH2_MSG_SERVICE_REQUEST sent");
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	255	packet_write_wait();
Damien Miller	dff5099	2002-01-22 23:16:32 +1100	[diff] [blame]	256	type = packet_read();
Ben Lindstrom	064496f	2002-12-23 02:04:22 +0000	[diff] [blame]	257	if (type != SSH2_MSG_SERVICE_ACCEPT)
				258	fatal("Server denied authentication request: %d", type);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	259	if (packet_remaining() > 0) {
Damien Miller	dff5099	2002-01-22 23:16:32 +1100	[diff] [blame]	260	char *reply = packet_get_string(NULL);
Ben Lindstrom	064496f	2002-12-23 02:04:22 +0000	[diff] [blame]	261	debug2("service_accept: %s", reply);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	262	xfree(reply);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	263	} else {
Ben Lindstrom	1d568f9	2002-12-23 02:44:36 +0000	[diff] [blame]	264	debug2("buggy server: service_accept w/o service");
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	265	}
Damien Miller	48b03fc	2002-01-22 23:11:40 +1100	[diff] [blame]	266	packet_check_eom();
Ben Lindstrom	064496f	2002-12-23 02:04:22 +0000	[diff] [blame]	267	debug("SSH2_MSG_SERVICE_ACCEPT received");
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	268
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame]	269	if (options.preferred_authentications == NULL)
				270	options.preferred_authentications = authmethods_get();
				271
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	272	/* setup authentication context */
Ben Lindstrom	7d19996	2001-09-12 18:29:00 +0000	[diff] [blame]	273	memset(&authctxt, 0, sizeof(authctxt));
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	274	pubkey_prepare(&authctxt);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	275	authctxt.server_user = server_user;
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	276	authctxt.local_user = local_user;
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	277	authctxt.host = host;
				278	authctxt.service = "ssh-connection"; /* service name */
				279	authctxt.success = 0;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	280	authctxt.method = authmethod_lookup("none");
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	281	authctxt.authlist = NULL;
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	282	authctxt.sensitive = sensitive;
Ben Lindstrom	7d19996	2001-09-12 18:29:00 +0000	[diff] [blame]	283	authctxt.info_req_seen = 0;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	284	if (authctxt.method == NULL)
				285	fatal("ssh_userauth2: internal error: cannot send userauth none request");
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	286
				287	/* initial userauth request */
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	288	userauth_none(&authctxt);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	289
Ben Lindstrom	8ac9106	2001-04-04 17:57:54 +0000	[diff] [blame]	290	dispatch_init(&input_userauth_error);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	291	dispatch_set(SSH2_MSG_USERAUTH_SUCCESS, &input_userauth_success);
				292	dispatch_set(SSH2_MSG_USERAUTH_FAILURE, &input_userauth_failure);
Ben Lindstrom	d26dcf3	2001-01-06 15:18:16 +0000	[diff] [blame]	293	dispatch_set(SSH2_MSG_USERAUTH_BANNER, &input_userauth_banner);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	294	dispatch_run(DISPATCH_BLOCK, &authctxt.success, &authctxt); /* loop until success */
				295
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	296	pubkey_cleanup(&authctxt);
Ben Lindstrom	1d568f9	2002-12-23 02:44:36 +0000	[diff] [blame]	297	debug("Authentication succeeded (%s).", authctxt.method->name);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	298	}
				299	void
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	300	userauth(Authctxt authctxt, char authlist)
				301	{
				302	if (authlist == NULL) {
				303	authlist = authctxt->authlist;
				304	} else {
				305	if (authctxt->authlist)
				306	xfree(authctxt->authlist);
				307	authctxt->authlist = authlist;
				308	}
				309	for (;;) {
				310	Authmethod *method = authmethod_get(authlist);
				311	if (method == NULL)
				312	fatal("Permission denied (%s).", authlist);
				313	authctxt->method = method;
				314	if (method->userauth(authctxt) != 0) {
				315	debug2("we sent a %s packet, wait for reply", method->name);
				316	break;
				317	} else {
				318	debug2("we did not send a packet, disable method");
				319	method->enabled = NULL;
				320	}
				321	}
				322	}
Ben Lindstrom	5c38552	2002-06-23 21:23:20 +0000	[diff] [blame]	323
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	324	void
Damien Miller	630d6f4	2002-01-22 23:17:30 +1100	[diff] [blame]	325	input_userauth_error(int type, u_int32_t seq, void *ctxt)
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	326	{
Ben Lindstrom	d26dcf3	2001-01-06 15:18:16 +0000	[diff] [blame]	327	fatal("input_userauth_error: bad message during authentication: "
				328	"type %d", type);
				329	}
Ben Lindstrom	5c38552	2002-06-23 21:23:20 +0000	[diff] [blame]	330
Ben Lindstrom	d26dcf3	2001-01-06 15:18:16 +0000	[diff] [blame]	331	void
Damien Miller	630d6f4	2002-01-22 23:17:30 +1100	[diff] [blame]	332	input_userauth_banner(int type, u_int32_t seq, void *ctxt)
Ben Lindstrom	d26dcf3	2001-01-06 15:18:16 +0000	[diff] [blame]	333	{
				334	char msg, lang;
				335	debug3("input_userauth_banner");
				336	msg = packet_get_string(NULL);
				337	lang = packet_get_string(NULL);
				338	fprintf(stderr, "%s", msg);
				339	xfree(msg);
				340	xfree(lang);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	341	}
Ben Lindstrom	5c38552	2002-06-23 21:23:20 +0000	[diff] [blame]	342
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	343	void
Damien Miller	630d6f4	2002-01-22 23:17:30 +1100	[diff] [blame]	344	input_userauth_success(int type, u_int32_t seq, void *ctxt)
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	345	{
				346	Authctxt *authctxt = ctxt;
				347	if (authctxt == NULL)
				348	fatal("input_userauth_success: no authentication context");
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	349	if (authctxt->authlist)
				350	xfree(authctxt->authlist);
				351	clear_auth_state(authctxt);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	352	authctxt->success = 1; /* break out */
				353	}
Ben Lindstrom	5c38552	2002-06-23 21:23:20 +0000	[diff] [blame]	354
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	355	void
Damien Miller	630d6f4	2002-01-22 23:17:30 +1100	[diff] [blame]	356	input_userauth_failure(int type, u_int32_t seq, void *ctxt)
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	357	{
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	358	Authctxt *authctxt = ctxt;
				359	char *authlist = NULL;
				360	int partial;
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	361
				362	if (authctxt == NULL)
				363	fatal("input_userauth_failure: no authentication context");
				364
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	365	authlist = packet_get_string(NULL);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	366	partial = packet_get_char();
Damien Miller	48b03fc	2002-01-22 23:11:40 +1100	[diff] [blame]	367	packet_check_eom();
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	368
				369	if (partial != 0)
Damien Miller	996acd2	2003-04-09 20:59:48 +1000	[diff] [blame]	370	logit("Authenticated with partial success.");
Ben Lindstrom	1d568f9	2002-12-23 02:44:36 +0000	[diff] [blame]	371	debug("Authentications that can continue: %s", authlist);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	372
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	373	clear_auth_state(authctxt);
				374	userauth(authctxt, authlist);
				375	}
				376	void
Damien Miller	630d6f4	2002-01-22 23:17:30 +1100	[diff] [blame]	377	input_userauth_pk_ok(int type, u_int32_t seq, void *ctxt)
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	378	{
				379	Authctxt *authctxt = ctxt;
				380	Key *key = NULL;
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	381	Identity *id = NULL;
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	382	Buffer b;
Ben Lindstrom	90fd814	2002-02-26 18:09:42 +0000	[diff] [blame]	383	int pktype, sent = 0;
				384	u_int alen, blen;
				385	char pkalg, fp;
				386	u_char *pkblob;
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	387
				388	if (authctxt == NULL)
				389	fatal("input_userauth_pk_ok: no authentication context");
				390	if (datafellows & SSH_BUG_PKOK) {
				391	/* this is similar to SSH_BUG_PKAUTH */
				392	debug2("input_userauth_pk_ok: SSH_BUG_PKOK");
				393	pkblob = packet_get_string(&blen);
				394	buffer_init(&b);
				395	buffer_append(&b, pkblob, blen);
				396	pkalg = buffer_get_string(&b, &alen);
				397	buffer_free(&b);
				398	} else {
				399	pkalg = packet_get_string(&alen);
				400	pkblob = packet_get_string(&blen);
Kevin Steves	ef4eea9	2001-02-05 12:42:17 +0000	[diff] [blame]	401	}
Damien Miller	48b03fc	2002-01-22 23:11:40 +1100	[diff] [blame]	402	packet_check_eom();
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	403
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	404	debug("Server accepts key: pkalg %s blen %u", pkalg, blen);
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	405
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	406	if ((pktype = key_type_from_name(pkalg)) == KEY_UNSPEC) {
				407	debug("unknown pkalg %s", pkalg);
				408	goto done;
				409	}
				410	if ((key = key_from_blob(pkblob, blen)) == NULL) {
				411	debug("no key from blob. pkalg %s", pkalg);
				412	goto done;
				413	}
				414	if (key->type != pktype) {
				415	error("input_userauth_pk_ok: type mismatch "
				416	"for decoded key (received %d, expected %d)",
				417	key->type, pktype);
				418	goto done;
				419	}
				420	fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
				421	debug2("input_userauth_pk_ok: fp %s", fp);
				422	xfree(fp);
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	423
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	424	TAILQ_FOREACH(id, &authctxt->keys, next) {
				425	if (key_equal(key, id->key)) {
				426	sent = sign_and_send_pubkey(authctxt, id);
				427	break;
				428	}
				429	}
				430	done:
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	431	if (key != NULL)
				432	key_free(key);
				433	xfree(pkalg);
				434	xfree(pkblob);
				435
				436	/* unregister */
				437	clear_auth_state(authctxt);
				438	dispatch_set(SSH2_MSG_USERAUTH_PK_OK, NULL);
				439
Ben Lindstrom	a962c2f	2002-07-04 00:14:17 +0000	[diff] [blame]	440	/* try another method if we did not send a packet */
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	441	if (sent == 0)
				442	userauth(authctxt, NULL);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	443	}
				444
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	445	int
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	446	userauth_none(Authctxt *authctxt)
				447	{
				448	/* initial userauth request */
				449	packet_start(SSH2_MSG_USERAUTH_REQUEST);
				450	packet_put_cstring(authctxt->server_user);
				451	packet_put_cstring(authctxt->service);
				452	packet_put_cstring(authctxt->method->name);
				453	packet_send();
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	454	return 1;
				455	}
				456
				457	int
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	458	userauth_passwd(Authctxt *authctxt)
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	459	{
Damien Miller	e247cc4	2000-05-07 12:03:14 +1000	[diff] [blame]	460	static int attempt = 0;
Ben Lindstrom	38a69e6	2002-03-27 17:28:46 +0000	[diff] [blame]	461	char prompt[150];
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	462	char *password;
				463
Damien Miller	d3a1857	2000-06-07 19:55:44 +1000	[diff] [blame]	464	if (attempt++ >= options.number_of_password_prompts)
Damien Miller	e247cc4	2000-05-07 12:03:14 +1000	[diff] [blame]	465	return 0;
				466
Ben Lindstrom	1c37c6a	2001-12-06 18:00:18 +0000	[diff] [blame]	467	if (attempt != 1)
Damien Miller	d3a1857	2000-06-07 19:55:44 +1000	[diff] [blame]	468	error("Permission denied, please try again.");
				469
Ben Lindstrom	03df5bd	2001-02-10 22:16:41 +0000	[diff] [blame]	470	snprintf(prompt, sizeof(prompt), "%.30s@%.128s's password: ",
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	471	authctxt->server_user, authctxt->host);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	472	password = read_passphrase(prompt, 0);
				473	packet_start(SSH2_MSG_USERAUTH_REQUEST);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	474	packet_put_cstring(authctxt->server_user);
				475	packet_put_cstring(authctxt->service);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	476	packet_put_cstring(authctxt->method->name);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	477	packet_put_char(0);
Ben Lindstrom	5699c5f	2001-03-05 06:17:49 +0000	[diff] [blame]	478	packet_put_cstring(password);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	479	memset(password, 0, strlen(password));
				480	xfree(password);
Damien Miller	9f64390	2001-11-12 11:02:52 +1100	[diff] [blame]	481	packet_add_padding(64);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	482	packet_send();
Ben Lindstrom	38a69e6	2002-03-27 17:28:46 +0000	[diff] [blame]	483
Ben Lindstrom	cb72e4f	2002-06-21 00:41:51 +0000	[diff] [blame]	484	dispatch_set(SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ,
Ben Lindstrom	38a69e6	2002-03-27 17:28:46 +0000	[diff] [blame]	485	&input_userauth_passwd_changereq);
				486
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	487	return 1;
				488	}
Ben Lindstrom	38a69e6	2002-03-27 17:28:46 +0000	[diff] [blame]	489	/*
				490	* parse PASSWD_CHANGEREQ, prompt user and send SSH2_MSG_USERAUTH_REQUEST
				491	*/
				492	void
Tim Rice	c854962	2002-03-31 12:49:38 -0800	[diff] [blame]	493	input_userauth_passwd_changereq(int type, u_int32_t seqnr, void *ctxt)
Ben Lindstrom	38a69e6	2002-03-27 17:28:46 +0000	[diff] [blame]	494	{
				495	Authctxt *authctxt = ctxt;
				496	char info, lang, password = NULL, retype = NULL;
				497	char prompt[150];
				498
				499	debug2("input_userauth_passwd_changereq");
				500
				501	if (authctxt == NULL)
				502	fatal("input_userauth_passwd_changereq: "
				503	"no authentication context");
				504
				505	info = packet_get_string(NULL);
				506	lang = packet_get_string(NULL);
				507	if (strlen(info) > 0)
Damien Miller	996acd2	2003-04-09 20:59:48 +1000	[diff] [blame]	508	logit("%s", info);
Ben Lindstrom	38a69e6	2002-03-27 17:28:46 +0000	[diff] [blame]	509	xfree(info);
				510	xfree(lang);
				511	packet_start(SSH2_MSG_USERAUTH_REQUEST);
				512	packet_put_cstring(authctxt->server_user);
				513	packet_put_cstring(authctxt->service);
				514	packet_put_cstring(authctxt->method->name);
				515	packet_put_char(1); /* additional info */
Ben Lindstrom	cb72e4f	2002-06-21 00:41:51 +0000	[diff] [blame]	516	snprintf(prompt, sizeof(prompt),
Ben Lindstrom	38a69e6	2002-03-27 17:28:46 +0000	[diff] [blame]	517	"Enter %.30s@%.128s's old password: ",
				518	authctxt->server_user, authctxt->host);
				519	password = read_passphrase(prompt, 0);
				520	packet_put_cstring(password);
				521	memset(password, 0, strlen(password));
				522	xfree(password);
				523	password = NULL;
				524	while (password == NULL) {
Ben Lindstrom	cb72e4f	2002-06-21 00:41:51 +0000	[diff] [blame]	525	snprintf(prompt, sizeof(prompt),
Ben Lindstrom	38a69e6	2002-03-27 17:28:46 +0000	[diff] [blame]	526	"Enter %.30s@%.128s's new password: ",
				527	authctxt->server_user, authctxt->host);
				528	password = read_passphrase(prompt, RP_ALLOW_EOF);
				529	if (password == NULL) {
				530	/* bail out */
				531	return;
				532	}
Ben Lindstrom	cb72e4f	2002-06-21 00:41:51 +0000	[diff] [blame]	533	snprintf(prompt, sizeof(prompt),
Ben Lindstrom	38a69e6	2002-03-27 17:28:46 +0000	[diff] [blame]	534	"Retype %.30s@%.128s's new password: ",
				535	authctxt->server_user, authctxt->host);
				536	retype = read_passphrase(prompt, 0);
				537	if (strcmp(password, retype) != 0) {
				538	memset(password, 0, strlen(password));
				539	xfree(password);
Damien Miller	996acd2	2003-04-09 20:59:48 +1000	[diff] [blame]	540	logit("Mismatch; try again, EOF to quit.");
Ben Lindstrom	38a69e6	2002-03-27 17:28:46 +0000	[diff] [blame]	541	password = NULL;
				542	}
				543	memset(retype, 0, strlen(retype));
				544	xfree(retype);
				545	}
				546	packet_put_cstring(password);
				547	memset(password, 0, strlen(password));
				548	xfree(password);
				549	packet_add_padding(64);
				550	packet_send();
Ben Lindstrom	cb72e4f	2002-06-21 00:41:51 +0000	[diff] [blame]	551
				552	dispatch_set(SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ,
Ben Lindstrom	38a69e6	2002-03-27 17:28:46 +0000	[diff] [blame]	553	&input_userauth_passwd_changereq);
				554	}
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	555
Ben Lindstrom	7907382	2001-07-04 03:42:30 +0000	[diff] [blame]	556	static void
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	557	clear_auth_state(Authctxt *authctxt)
				558	{
				559	/* XXX clear authentication state */
Ben Lindstrom	38a69e6	2002-03-27 17:28:46 +0000	[diff] [blame]	560	dispatch_set(SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ, NULL);
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	561	}
				562
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	563	static int
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	564	identity_sign(Identity id, u_char sigp, u_int lenp,
				565	u_char *data, u_int datalen)
				566	{
				567	Key *prv;
				568	int ret;
				569
				570	/* the agent supports this key */
				571	if (id->ac)
				572	return (ssh_agent_sign(id->ac, id->key, sigp, lenp,
				573	data, datalen));
				574	/*
				575	* we have already loaded the private key or
				576	* the private key is stored in external hardware
				577	*/
				578	if (id->isprivate \|\| (id->key->flags & KEY_FLAG_EXT))
				579	return (key_sign(id->key, sigp, lenp, data, datalen));
				580	/* load the private key from the file */
				581	if ((prv = load_identity_file(id->filename)) == NULL)
				582	return (-1);
				583	ret = key_sign(prv, sigp, lenp, data, datalen);
				584	key_free(prv);
				585	return (ret);
				586	}
				587
				588	static int
				589	sign_and_send_pubkey(Authctxt authctxt, Identity id)
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	590	{
				591	Buffer b;
Ben Lindstrom	46c1622	2000-12-22 01:43:59 +0000	[diff] [blame]	592	u_char blob, signature;
Ben Lindstrom	90fd814	2002-02-26 18:09:42 +0000	[diff] [blame]	593	u_int bloblen, slen;
Damien Miller	6536c7d	2000-06-22 21:32:31 +1000	[diff] [blame]	594	int skip = 0;
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	595	int ret = -1;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	596	int have_sig = 1;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	597
Ben Lindstrom	d121f61	2000-12-03 17:00:47 +0000	[diff] [blame]	598	debug3("sign_and_send_pubkey");
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	599
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	600	if (key_to_blob(id->key, &blob, &bloblen) == 0) {
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	601	/* we cannot handle this key */
Ben Lindstrom	d121f61	2000-12-03 17:00:47 +0000	[diff] [blame]	602	debug3("sign_and_send_pubkey: cannot handle key");
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	603	return 0;
				604	}
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	605	/* data to be signed */
				606	buffer_init(&b);
Damien Miller	50a41ed	2000-10-16 12:14:42 +1100	[diff] [blame]	607	if (datafellows & SSH_OLD_SESSIONID) {
Damien Miller	6536c7d	2000-06-22 21:32:31 +1000	[diff] [blame]	608	buffer_append(&b, session_id2, session_id2_len);
Kevin Steves	ef4eea9	2001-02-05 12:42:17 +0000	[diff] [blame]	609	skip = session_id2_len;
Damien Miller	50a41ed	2000-10-16 12:14:42 +1100	[diff] [blame]	610	} else {
				611	buffer_put_string(&b, session_id2, session_id2_len);
				612	skip = buffer_len(&b);
Damien Miller	6536c7d	2000-06-22 21:32:31 +1000	[diff] [blame]	613	}
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	614	buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	615	buffer_put_cstring(&b, authctxt->server_user);
Damien Miller	30c3d42	2000-05-09 11:02:59 +1000	[diff] [blame]	616	buffer_put_cstring(&b,
Ben Lindstrom	d121f61	2000-12-03 17:00:47 +0000	[diff] [blame]	617	datafellows & SSH_BUG_PKSERVICE ?
Damien Miller	30c3d42	2000-05-09 11:02:59 +1000	[diff] [blame]	618	"ssh-userauth" :
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	619	authctxt->service);
Ben Lindstrom	d121f61	2000-12-03 17:00:47 +0000	[diff] [blame]	620	if (datafellows & SSH_BUG_PKAUTH) {
				621	buffer_put_char(&b, have_sig);
				622	} else {
				623	buffer_put_cstring(&b, authctxt->method->name);
				624	buffer_put_char(&b, have_sig);
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	625	buffer_put_cstring(&b, key_ssh_name(id->key));
Ben Lindstrom	d121f61	2000-12-03 17:00:47 +0000	[diff] [blame]	626	}
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	627	buffer_put_string(&b, blob, bloblen);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	628
				629	/* generate signature */
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	630	ret = identity_sign(id, &signature, &slen,
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	631	buffer_ptr(&b), buffer_len(&b));
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	632	if (ret == -1) {
				633	xfree(blob);
				634	buffer_free(&b);
				635	return 0;
				636	}
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	637	#ifdef DEBUG_PK
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	638	buffer_dump(&b);
				639	#endif
Ben Lindstrom	d121f61	2000-12-03 17:00:47 +0000	[diff] [blame]	640	if (datafellows & SSH_BUG_PKSERVICE) {
Damien Miller	30c3d42	2000-05-09 11:02:59 +1000	[diff] [blame]	641	buffer_clear(&b);
				642	buffer_append(&b, session_id2, session_id2_len);
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	643	skip = session_id2_len;
Damien Miller	30c3d42	2000-05-09 11:02:59 +1000	[diff] [blame]	644	buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	645	buffer_put_cstring(&b, authctxt->server_user);
				646	buffer_put_cstring(&b, authctxt->service);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	647	buffer_put_cstring(&b, authctxt->method->name);
				648	buffer_put_char(&b, have_sig);
Ben Lindstrom	d121f61	2000-12-03 17:00:47 +0000	[diff] [blame]	649	if (!(datafellows & SSH_BUG_PKAUTH))
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	650	buffer_put_cstring(&b, key_ssh_name(id->key));
Damien Miller	30c3d42	2000-05-09 11:02:59 +1000	[diff] [blame]	651	buffer_put_string(&b, blob, bloblen);
				652	}
				653	xfree(blob);
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	654
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	655	/* append signature */
				656	buffer_put_string(&b, signature, slen);
				657	xfree(signature);
				658
				659	/* skip session id and packet type */
Damien Miller	6536c7d	2000-06-22 21:32:31 +1000	[diff] [blame]	660	if (buffer_len(&b) < skip + 1)
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	661	fatal("userauth_pubkey: internal error");
Damien Miller	6536c7d	2000-06-22 21:32:31 +1000	[diff] [blame]	662	buffer_consume(&b, skip + 1);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	663
				664	/* put remaining data from buffer into packet */
				665	packet_start(SSH2_MSG_USERAUTH_REQUEST);
				666	packet_put_raw(buffer_ptr(&b), buffer_len(&b));
				667	buffer_free(&b);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	668	packet_send();
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	669
				670	return 1;
Damien Miller	994cf14	2000-07-21 10:19:44 +1000	[diff] [blame]	671	}
				672
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	673	static int
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	674	send_pubkey_test(Authctxt authctxt, Identity id)
Damien Miller	994cf14	2000-07-21 10:19:44 +1000	[diff] [blame]	675	{
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	676	u_char *blob;
Ben Lindstrom	c58ab02	2002-02-26 18:15:09 +0000	[diff] [blame]	677	u_int bloblen, have_sig = 0;
Damien Miller	994cf14	2000-07-21 10:19:44 +1000	[diff] [blame]	678
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	679	debug3("send_pubkey_test");
				680
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	681	if (key_to_blob(id->key, &blob, &bloblen) == 0) {
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	682	/* we cannot handle this key */
				683	debug3("send_pubkey_test: cannot handle key");
Damien Miller	994cf14	2000-07-21 10:19:44 +1000	[diff] [blame]	684	return 0;
				685	}
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	686	/* register callback for USERAUTH_PK_OK message */
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	687	dispatch_set(SSH2_MSG_USERAUTH_PK_OK, &input_userauth_pk_ok);
Damien Miller	994cf14	2000-07-21 10:19:44 +1000	[diff] [blame]	688
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	689	packet_start(SSH2_MSG_USERAUTH_REQUEST);
				690	packet_put_cstring(authctxt->server_user);
				691	packet_put_cstring(authctxt->service);
				692	packet_put_cstring(authctxt->method->name);
				693	packet_put_char(have_sig);
				694	if (!(datafellows & SSH_BUG_PKAUTH))
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	695	packet_put_cstring(key_ssh_name(id->key));
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	696	packet_put_string(blob, bloblen);
				697	xfree(blob);
				698	packet_send();
				699	return 1;
				700	}
				701
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	702	static Key *
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	703	load_identity_file(char *filename)
				704	{
				705	Key *private;
				706	char prompt[300], *passphrase;
Ben Lindstrom	d0fca42	2001-03-26 13:44:06 +0000	[diff] [blame]	707	int quit, i;
Ben Lindstrom	329782e	2001-03-10 17:08:59 +0000	[diff] [blame]	708	struct stat st;
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	709
Ben Lindstrom	329782e	2001-03-10 17:08:59 +0000	[diff] [blame]	710	if (stat(filename, &st) < 0) {
				711	debug3("no such identity: %s", filename);
				712	return NULL;
				713	}
Ben Lindstrom	d0fca42	2001-03-26 13:44:06 +0000	[diff] [blame]	714	private = key_load_private_type(KEY_UNSPEC, filename, "", NULL);
				715	if (private == NULL) {
				716	if (options.batch_mode)
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	717	return NULL;
Damien Miller	994cf14	2000-07-21 10:19:44 +1000	[diff] [blame]	718	snprintf(prompt, sizeof prompt,
Damien Miller	9f0f5c6	2001-12-21 14:45:46 +1100	[diff] [blame]	719	"Enter passphrase for key '%.100s': ", filename);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	720	for (i = 0; i < options.number_of_password_prompts; i++) {
				721	passphrase = read_passphrase(prompt, 0);
				722	if (strcmp(passphrase, "") != 0) {
Ben Lindstrom	d0fca42	2001-03-26 13:44:06 +0000	[diff] [blame]	723	private = key_load_private_type(KEY_UNSPEC, filename,
				724	passphrase, NULL);
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	725	quit = 0;
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	726	} else {
				727	debug2("no passphrase given, try next key");
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	728	quit = 1;
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	729	}
				730	memset(passphrase, 0, strlen(passphrase));
				731	xfree(passphrase);
Ben Lindstrom	d0fca42	2001-03-26 13:44:06 +0000	[diff] [blame]	732	if (private != NULL \|\| quit)
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	733	break;
				734	debug2("bad passphrase given, try again...");
				735	}
Damien Miller	994cf14	2000-07-21 10:19:44 +1000	[diff] [blame]	736	}
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	737	return private;
				738	}
				739
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	740	/*
				741	* try keys in the following order:
				742	* 1. agent keys that are found in the config file
				743	* 2. other agent keys
				744	* 3. keys that are only listed in the config file
				745	*/
				746	static void
				747	pubkey_prepare(Authctxt *authctxt)
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	748	{
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	749	Identity *id;
				750	Idlist agent, files, *preferred;
				751	Key *key;
				752	AuthenticationConnection *ac;
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	753	char *comment;
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	754	int i, found;
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	755
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	756	TAILQ_INIT(&agent); /* keys from the agent */
				757	TAILQ_INIT(&files); /* keys from the config file */
				758	preferred = &authctxt->keys;
				759	TAILQ_INIT(preferred); /* preferred order of keys */
				760
				761	/* list of keys stored in the filesystem */
				762	for (i = 0; i < options.num_identity_files; i++) {
				763	key = options.identity_keys[i];
				764	if (key && key->type == KEY_RSA1)
				765	continue;
				766	options.identity_keys[i] = NULL;
				767	id = xmalloc(sizeof(*id));
				768	memset(id, 0, sizeof(*id));
				769	id->key = key;
				770	id->filename = xstrdup(options.identity_files[i]);
				771	TAILQ_INSERT_TAIL(&files, id, next);
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	772	}
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	773	/* list of keys supported by the agent */
				774	if ((ac = ssh_get_authentication_connection())) {
				775	for (key = ssh_get_first_identity(ac, &comment, 2);
				776	key != NULL;
				777	key = ssh_get_next_identity(ac, &comment, 2)) {
				778	found = 0;
				779	TAILQ_FOREACH(id, &files, next) {
				780	/* agent keys from the config file are preferred */
				781	if (key_equal(key, id->key)) {
				782	key_free(key);
				783	xfree(comment);
				784	TAILQ_REMOVE(&files, id, next);
				785	TAILQ_INSERT_TAIL(preferred, id, next);
				786	id->ac = ac;
				787	found = 1;
				788	break;
				789	}
				790	}
				791	if (!found) {
				792	id = xmalloc(sizeof(*id));
				793	memset(id, 0, sizeof(*id));
				794	id->key = key;
				795	id->filename = comment;
				796	id->ac = ac;
				797	TAILQ_INSERT_TAIL(&agent, id, next);
				798	}
				799	}
				800	/* append remaining agent keys */
				801	for (id = TAILQ_FIRST(&agent); id; id = TAILQ_FIRST(&agent)) {
				802	TAILQ_REMOVE(&agent, id, next);
				803	TAILQ_INSERT_TAIL(preferred, id, next);
				804	}
				805	authctxt->agent = ac;
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	806	}
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	807	/* append remaining keys from the config file */
				808	for (id = TAILQ_FIRST(&files); id; id = TAILQ_FIRST(&files)) {
				809	TAILQ_REMOVE(&files, id, next);
				810	TAILQ_INSERT_TAIL(preferred, id, next);
				811	}
				812	TAILQ_FOREACH(id, preferred, next) {
				813	debug2("key: %s (%p)", id->filename, id->key);
				814	}
				815	}
				816
				817	static void
				818	pubkey_cleanup(Authctxt *authctxt)
				819	{
				820	Identity *id;
				821
				822	if (authctxt->agent != NULL)
				823	ssh_close_authentication_connection(authctxt->agent);
				824	for (id = TAILQ_FIRST(&authctxt->keys); id;
				825	id = TAILQ_FIRST(&authctxt->keys)) {
				826	TAILQ_REMOVE(&authctxt->keys, id, next);
				827	if (id->key)
				828	key_free(id->key);
				829	if (id->filename)
				830	xfree(id->filename);
				831	xfree(id);
				832	}
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	833	}
				834
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	835	int
				836	userauth_pubkey(Authctxt *authctxt)
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	837	{
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	838	Identity *id;
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	839	int sent = 0;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	840
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	841	while ((id = TAILQ_FIRST(&authctxt->keys))) {
				842	if (id->tried++)
				843	return (0);
				844	TAILQ_REMOVE(&authctxt->keys, id, next);
				845	TAILQ_INSERT_TAIL(&authctxt->keys, id, next);
				846	/*
				847	* send a test message if we have the public key. for
				848	* encrypted keys we cannot do this and have to load the
				849	* private key instead
				850	*/
				851	if (id->key && id->key->type != KEY_RSA1) {
				852	debug("Offering public key: %s", id->filename);
				853	sent = send_pubkey_test(authctxt, id);
				854	} else if (id->key == NULL) {
				855	debug("Trying private key: %s", id->filename);
				856	id->key = load_identity_file(id->filename);
				857	if (id->key != NULL) {
				858	id->isprivate = 1;
				859	sent = sign_and_send_pubkey(authctxt, id);
				860	key_free(id->key);
				861	id->key = NULL;
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	862	}
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	863	}
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	864	if (sent)
				865	return (sent);
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	866	}
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	867	return (0);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	868	}
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	869
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	870	/*
				871	* Send userauth request message specifying keyboard-interactive method.
				872	*/
				873	int
				874	userauth_kbdint(Authctxt *authctxt)
				875	{
				876	static int attempt = 0;
				877
				878	if (attempt++ >= options.number_of_password_prompts)
				879	return 0;
Ben Lindstrom	7d19996	2001-09-12 18:29:00 +0000	[diff] [blame]	880	/* disable if no SSH2_MSG_USERAUTH_INFO_REQUEST has been seen */
				881	if (attempt > 1 && !authctxt->info_req_seen) {
				882	debug3("userauth_kbdint: disable: no info_req_seen");
				883	dispatch_set(SSH2_MSG_USERAUTH_INFO_REQUEST, NULL);
				884	return 0;
				885	}
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	886
				887	debug2("userauth_kbdint");
				888	packet_start(SSH2_MSG_USERAUTH_REQUEST);
				889	packet_put_cstring(authctxt->server_user);
				890	packet_put_cstring(authctxt->service);
				891	packet_put_cstring(authctxt->method->name);
				892	packet_put_cstring(""); /* lang */
				893	packet_put_cstring(options.kbd_interactive_devices ?
				894	options.kbd_interactive_devices : "");
				895	packet_send();
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	896
				897	dispatch_set(SSH2_MSG_USERAUTH_INFO_REQUEST, &input_userauth_info_req);
				898	return 1;
				899	}
				900
				901	/*
Ben Lindstrom	03df5bd	2001-02-10 22:16:41 +0000	[diff] [blame]	902	* parse INFO_REQUEST, prompt user and send INFO_RESPONSE
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	903	*/
				904	void
Damien Miller	630d6f4	2002-01-22 23:17:30 +1100	[diff] [blame]	905	input_userauth_info_req(int type, u_int32_t seq, void *ctxt)
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	906	{
				907	Authctxt *authctxt = ctxt;
Ben Lindstrom	03df5bd	2001-02-10 22:16:41 +0000	[diff] [blame]	908	char name, inst, lang, prompt, *response;
Ben Lindstrom	46c1622	2000-12-22 01:43:59 +0000	[diff] [blame]	909	u_int num_prompts, i;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	910	int echo = 0;
				911
				912	debug2("input_userauth_info_req");
				913
				914	if (authctxt == NULL)
				915	fatal("input_userauth_info_req: no authentication context");
				916
Ben Lindstrom	7d19996	2001-09-12 18:29:00 +0000	[diff] [blame]	917	authctxt->info_req_seen = 1;
				918
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	919	name = packet_get_string(NULL);
				920	inst = packet_get_string(NULL);
				921	lang = packet_get_string(NULL);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	922	if (strlen(name) > 0)
Damien Miller	996acd2	2003-04-09 20:59:48 +1000	[diff] [blame]	923	logit("%s", name);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	924	if (strlen(inst) > 0)
Damien Miller	996acd2	2003-04-09 20:59:48 +1000	[diff] [blame]	925	logit("%s", inst);
Ben Lindstrom	03df5bd	2001-02-10 22:16:41 +0000	[diff] [blame]	926	xfree(name);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	927	xfree(inst);
Ben Lindstrom	03df5bd	2001-02-10 22:16:41 +0000	[diff] [blame]	928	xfree(lang);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	929
				930	num_prompts = packet_get_int();
				931	/*
				932	* Begin to build info response packet based on prompts requested.
				933	* We commit to providing the correct number of responses, so if
				934	* further on we run into a problem that prevents this, we have to
				935	* be sure and clean this up and send a correct error response.
				936	*/
				937	packet_start(SSH2_MSG_USERAUTH_INFO_RESPONSE);
				938	packet_put_int(num_prompts);
				939
Ben Lindstrom	551ea37	2001-06-05 18:56:16 +0000	[diff] [blame]	940	debug2("input_userauth_info_req: num_prompts %d", num_prompts);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	941	for (i = 0; i < num_prompts; i++) {
				942	prompt = packet_get_string(NULL);
				943	echo = packet_get_char();
				944
Ben Lindstrom	949974b	2001-06-25 05:20:31 +0000	[diff] [blame]	945	response = read_passphrase(prompt, echo ? RP_ECHO : 0);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	946
Ben Lindstrom	5699c5f	2001-03-05 06:17:49 +0000	[diff] [blame]	947	packet_put_cstring(response);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	948	memset(response, 0, strlen(response));
				949	xfree(response);
				950	xfree(prompt);
				951	}
Damien Miller	48b03fc	2002-01-22 23:11:40 +1100	[diff] [blame]	952	packet_check_eom(); /* done with parsing incoming message. */
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	953
Damien Miller	9f64390	2001-11-12 11:02:52 +1100	[diff] [blame]	954	packet_add_padding(64);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	955	packet_send();
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	956	}
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	957
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	958	static int
Ben Lindstrom	5c38552	2002-06-23 21:23:20 +0000	[diff] [blame]	959	ssh_keysign(Key key, u_char sigp, u_int lenp,
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	960	u_char *data, u_int datalen)
				961	{
				962	Buffer b;
Ben Lindstrom	5206b95	2002-06-06 19:59:29 +0000	[diff] [blame]	963	struct stat st;
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	964	pid_t pid;
Ben Lindstrom	cec2ea8	2002-06-06 20:51:04 +0000	[diff] [blame]	965	int to[2], from[2], status, version = 2;
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	966
Ben Lindstrom	1d568f9	2002-12-23 02:44:36 +0000	[diff] [blame]	967	debug2("ssh_keysign called");
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	968
Ben Lindstrom	5206b95	2002-06-06 19:59:29 +0000	[diff] [blame]	969	if (stat(_PATH_SSH_KEY_SIGN, &st) < 0) {
				970	error("ssh_keysign: no installed: %s", strerror(errno));
				971	return -1;
				972	}
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	973	if (fflush(stdout) != 0)
				974	error("ssh_keysign: fflush: %s", strerror(errno));
				975	if (pipe(to) < 0) {
				976	error("ssh_keysign: pipe: %s", strerror(errno));
				977	return -1;
				978	}
				979	if (pipe(from) < 0) {
				980	error("ssh_keysign: pipe: %s", strerror(errno));
				981	return -1;
				982	}
				983	if ((pid = fork()) < 0) {
				984	error("ssh_keysign: fork: %s", strerror(errno));
				985	return -1;
				986	}
				987	if (pid == 0) {
				988	seteuid(getuid());
				989	setuid(getuid());
				990	close(from[0]);
				991	if (dup2(from[1], STDOUT_FILENO) < 0)
				992	fatal("ssh_keysign: dup2: %s", strerror(errno));
				993	close(to[1]);
				994	if (dup2(to[0], STDIN_FILENO) < 0)
				995	fatal("ssh_keysign: dup2: %s", strerror(errno));
Ben Lindstrom	cec2ea8	2002-06-06 20:51:04 +0000	[diff] [blame]	996	close(from[1]);
				997	close(to[0]);
Ben Lindstrom	4887da2	2002-06-06 20:05:57 +0000	[diff] [blame]	998	execl(_PATH_SSH_KEY_SIGN, _PATH_SSH_KEY_SIGN, (char *) 0);
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	999	fatal("ssh_keysign: exec(%s): %s", _PATH_SSH_KEY_SIGN,
				1000	strerror(errno));
				1001	}
				1002	close(from[1]);
				1003	close(to[0]);
				1004
				1005	buffer_init(&b);
Ben Lindstrom	cec2ea8	2002-06-06 20:51:04 +0000	[diff] [blame]	1006	buffer_put_int(&b, packet_get_connection_in()); /* send # of socket */
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	1007	buffer_put_string(&b, data, datalen);
Damien Miller	901119b	2002-10-04 11:10:04 +1000	[diff] [blame]	1008	ssh_msg_send(to[1], version, &b);
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	1009
Damien Miller	901119b	2002-10-04 11:10:04 +1000	[diff] [blame]	1010	if (ssh_msg_recv(from[0], &b) < 0) {
Ben Lindstrom	5206b95	2002-06-06 19:59:29 +0000	[diff] [blame]	1011	error("ssh_keysign: no reply");
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	1012	buffer_clear(&b);
				1013	return -1;
				1014	}
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	1015	close(from[0]);
				1016	close(to[1]);
				1017
Ben Lindstrom	cec2ea8	2002-06-06 20:51:04 +0000	[diff] [blame]	1018	while (waitpid(pid, &status, 0) < 0)
				1019	if (errno != EINTR)
				1020	break;
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	1021
Ben Lindstrom	5206b95	2002-06-06 19:59:29 +0000	[diff] [blame]	1022	if (buffer_get_char(&b) != version) {
				1023	error("ssh_keysign: bad version");
				1024	buffer_clear(&b);
				1025	return -1;
				1026	}
				1027	*sigp = buffer_get_string(&b, lenp);
				1028	buffer_clear(&b);
				1029
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	1030	return 0;
				1031	}
				1032
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	1033	int
				1034	userauth_hostbased(Authctxt *authctxt)
				1035	{
				1036	Key *private = NULL;
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	1037	Sensitive *sensitive = authctxt->sensitive;
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	1038	Buffer b;
				1039	u_char signature, blob;
				1040	char chost, pkalg, *p;
Ben Lindstrom	671388f	2001-04-19 20:40:45 +0000	[diff] [blame]	1041	const char *service;
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	1042	u_int blen, slen;
Ben Lindstrom	2bffd6f	2001-04-19 20:35:40 +0000	[diff] [blame]	1043	int ok, i, len, found = 0;
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	1044
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	1045	/* check for a useful key */
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	1046	for (i = 0; i < sensitive->nkeys; i++) {
				1047	private = sensitive->keys[i];
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	1048	if (private && private->type != KEY_RSA1) {
				1049	found = 1;
				1050	/* we take and free the key */
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	1051	sensitive->keys[i] = NULL;
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	1052	break;
				1053	}
				1054	}
				1055	if (!found) {
Ben Lindstrom	1d568f9	2002-12-23 02:44:36 +0000	[diff] [blame]	1056	debug("No more client hostkeys for hostbased authentication.");
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	1057	return 0;
				1058	}
				1059	if (key_to_blob(private, &blob, &blen) == 0) {
				1060	key_free(private);
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	1061	return 0;
				1062	}
Damien Miller	91c1847	2001-11-12 11:02:03 +1100	[diff] [blame]	1063	/* figure out a name for the client host */
				1064	p = get_local_name(packet_get_connection_in());
				1065	if (p == NULL) {
				1066	error("userauth_hostbased: cannot get local ipaddr/name");
				1067	key_free(private);
				1068	return 0;
				1069	}
				1070	len = strlen(p) + 2;
				1071	chost = xmalloc(len);
				1072	strlcpy(chost, p, len);
				1073	strlcat(chost, ".", len);
				1074	debug2("userauth_hostbased: chost %s", chost);
Damien Miller	0011138	2003-03-10 11:21:17 +1100	[diff] [blame]	1075	xfree(p);
Damien Miller	91c1847	2001-11-12 11:02:03 +1100	[diff] [blame]	1076
Ben Lindstrom	671388f	2001-04-19 20:40:45 +0000	[diff] [blame]	1077	service = datafellows & SSH_BUG_HBSERVICE ? "ssh-userauth" :
				1078	authctxt->service;
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	1079	pkalg = xstrdup(key_ssh_name(private));
				1080	buffer_init(&b);
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	1081	/* construct data */
Ben Lindstrom	671388f	2001-04-19 20:40:45 +0000	[diff] [blame]	1082	buffer_put_string(&b, session_id2, session_id2_len);
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	1083	buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
				1084	buffer_put_cstring(&b, authctxt->server_user);
Ben Lindstrom	671388f	2001-04-19 20:40:45 +0000	[diff] [blame]	1085	buffer_put_cstring(&b, service);
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	1086	buffer_put_cstring(&b, authctxt->method->name);
				1087	buffer_put_cstring(&b, pkalg);
				1088	buffer_put_string(&b, blob, blen);
				1089	buffer_put_cstring(&b, chost);
				1090	buffer_put_cstring(&b, authctxt->local_user);
				1091	#ifdef DEBUG_PK
				1092	buffer_dump(&b);
				1093	#endif
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	1094	if (sensitive->external_keysign)
				1095	ok = ssh_keysign(private, &signature, &slen,
				1096	buffer_ptr(&b), buffer_len(&b));
				1097	else
				1098	ok = key_sign(private, &signature, &slen,
				1099	buffer_ptr(&b), buffer_len(&b));
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	1100	key_free(private);
				1101	buffer_free(&b);
				1102	if (ok != 0) {
				1103	error("key_sign failed");
				1104	xfree(chost);
				1105	xfree(pkalg);
				1106	return 0;
				1107	}
				1108	packet_start(SSH2_MSG_USERAUTH_REQUEST);
				1109	packet_put_cstring(authctxt->server_user);
				1110	packet_put_cstring(authctxt->service);
				1111	packet_put_cstring(authctxt->method->name);
				1112	packet_put_cstring(pkalg);
				1113	packet_put_string(blob, blen);
				1114	packet_put_cstring(chost);
				1115	packet_put_cstring(authctxt->local_user);
				1116	packet_put_string(signature, slen);
				1117	memset(signature, 's', slen);
				1118	xfree(signature);
				1119	xfree(chost);
				1120	xfree(pkalg);
				1121
				1122	packet_send();
				1123	return 1;
				1124	}
				1125
Damien Miller	3ab496b	2003-05-14 13:47:37 +1000	[diff] [blame^]	1126	#if KRB5
				1127	static int
				1128	ssh_krb5_helper(krb5_data *ap)
				1129	{
				1130	krb5_context xcontext = NULL; /* XXX share with ssh1 */
				1131	krb5_auth_context xauth_context = NULL;
				1132
				1133	krb5_context *context;
				1134	krb5_auth_context *auth_context;
				1135	krb5_error_code problem;
				1136	const char *tkfile;
				1137	struct stat buf;
				1138	krb5_ccache ccache = NULL;
				1139	const char *remotehost;
				1140	int ret;
				1141
				1142	memset(ap, 0, sizeof(*ap));
				1143
				1144	context = &xcontext;
				1145	auth_context = &xauth_context;
				1146
				1147	problem = krb5_init_context(context);
				1148	if (problem) {
				1149	debug("Kerberos v5: krb5_init_context failed");
				1150	ret = 0;
				1151	goto out;
				1152	}
				1153
				1154	tkfile = krb5_cc_default_name(*context);
				1155	if (strncmp(tkfile, "FILE:", 5) == 0)
				1156	tkfile += 5;
				1157
				1158	if (stat(tkfile, &buf) == 0 && getuid() != buf.st_uid) {
				1159	debug("Kerberos v5: could not get default ccache (permission denied).");
				1160	ret = 0;
				1161	goto out;
				1162	}
				1163
				1164	problem = krb5_cc_default(*context, &ccache);
				1165	if (problem) {
				1166	debug("Kerberos v5: krb5_cc_default failed: %s",
				1167	krb5_get_err_text(*context, problem));
				1168	ret = 0;
				1169	goto out;
				1170	}
				1171
				1172	remotehost = get_canonical_hostname(1);
				1173
				1174	problem = krb5_mk_req(*context, auth_context, AP_OPTS_MUTUAL_REQUIRED,
				1175	"host", remotehost, NULL, ccache, ap);
				1176	if (problem) {
				1177	debug("Kerberos v5: krb5_mk_req failed: %s",
				1178	krb5_get_err_text(*context, problem));
				1179	ret = 0;
				1180	goto out;
				1181	}
				1182	ret = 1;
				1183
				1184	out:
				1185	if (ccache != NULL)
				1186	krb5_cc_close(*context, ccache);
				1187	if (*auth_context)
				1188	krb5_auth_con_free(context, auth_context);
				1189	if (*context)
				1190	krb5_free_context(*context);
				1191	return (ret);
				1192	}
				1193
				1194	int
				1195	userauth_kerberos(Authctxt *authctxt)
				1196	{
				1197	krb5_data ap;
				1198
				1199	if (ssh_krb5_helper(&ap) == 0)
				1200	return (0);
				1201
				1202	packet_start(SSH2_MSG_USERAUTH_REQUEST);
				1203	packet_put_cstring(authctxt->server_user);
				1204	packet_put_cstring(authctxt->service);
				1205	packet_put_cstring(authctxt->method->name);
				1206	packet_put_string(ap.data, ap.length);
				1207	packet_send();
				1208
				1209	krb5_data_free(&ap);
				1210	return (1);
				1211	}
				1212	#endif
				1213
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	1214	/* find auth method */
				1215
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	1216	/*
				1217	* given auth method name, if configurable options permit this method fill
				1218	* in auth_ident field and return true, otherwise return false.
				1219	*/
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	1220	static int
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	1221	authmethod_is_enabled(Authmethod *method)
				1222	{
				1223	if (method == NULL)
				1224	return 0;
				1225	/* return false if options indicate this method is disabled */
				1226	if (method->enabled == NULL \|\| *method->enabled == 0)
				1227	return 0;
				1228	/* return false if batch mode is enabled but method needs interactive mode */
				1229	if (method->batch_flag != NULL && *method->batch_flag != 0)
				1230	return 0;
				1231	return 1;
				1232	}
				1233
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	1234	static Authmethod *
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	1235	authmethod_lookup(const char *name)
				1236	{
				1237	Authmethod *method = NULL;
				1238	if (name != NULL)
				1239	for (method = authmethods; method->name != NULL; method++)
				1240	if (strcmp(name, method->name) == 0)
				1241	return method;
				1242	debug2("Unrecognized authentication method name: %s", name ? name : "NULL");
				1243	return NULL;
				1244	}
				1245
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame]	1246	/* XXX internal state */
				1247	static Authmethod *current = NULL;
				1248	static char *supported = NULL;
				1249	static char *preferred = NULL;
Ben Lindstrom	5c38552	2002-06-23 21:23:20 +0000	[diff] [blame]	1250
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	1251	/*
				1252	* Given the authentication method list sent by the server, return the
				1253	* next method we should try. If the server initially sends a nil list,
Ben Lindstrom	a370005	2001-04-05 23:26:32 +0000	[diff] [blame]	1254	* use a built-in default list.
Kevin Steves	ef4eea9	2001-02-05 12:42:17 +0000	[diff] [blame]	1255	*/
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	1256	static Authmethod *
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	1257	authmethod_get(char *authlist)
				1258	{
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame]	1259	char *name = NULL;
Ben Lindstrom	c58ab02	2002-02-26 18:15:09 +0000	[diff] [blame]	1260	u_int next;
Kevin Steves	ef4eea9	2001-02-05 12:42:17 +0000	[diff] [blame]	1261
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	1262	/* Use a suitable default if we're passed a nil list. */
				1263	if (authlist == NULL \|\| strlen(authlist) == 0)
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame]	1264	authlist = options.preferred_authentications;
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	1265
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame]	1266	if (supported == NULL \|\| strcmp(authlist, supported) != 0) {
				1267	debug3("start over, passed a different list %s", authlist);
				1268	if (supported != NULL)
				1269	xfree(supported);
				1270	supported = xstrdup(authlist);
				1271	preferred = options.preferred_authentications;
				1272	debug3("preferred %s", preferred);
				1273	current = NULL;
				1274	} else if (current != NULL && authmethod_is_enabled(current))
				1275	return current;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	1276
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame]	1277	for (;;) {
				1278	if ((name = match_list(preferred, supported, &next)) == NULL) {
Ben Lindstrom	1d568f9	2002-12-23 02:44:36 +0000	[diff] [blame]	1279	debug("No more authentication methods to try.");
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame]	1280	current = NULL;
				1281	return NULL;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	1282	}
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame]	1283	preferred += next;
				1284	debug3("authmethod_lookup %s", name);
				1285	debug3("remaining preferred: %s", preferred);
				1286	if ((current = authmethod_lookup(name)) != NULL &&
				1287	authmethod_is_enabled(current)) {
				1288	debug3("authmethod_is_enabled %s", name);
Ben Lindstrom	1d568f9	2002-12-23 02:44:36 +0000	[diff] [blame]	1289	debug("Next authentication method: %s", name);
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame]	1290	return current;
				1291	}
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	1292	}
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame]	1293	}
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	1294
Ben Lindstrom	7907382	2001-07-04 03:42:30 +0000	[diff] [blame]	1295	static char *
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame]	1296	authmethods_get(void)
				1297	{
				1298	Authmethod *method = NULL;
Damien Miller	0e3b872	2002-01-22 23:26:38 +1100	[diff] [blame]	1299	Buffer b;
				1300	char *list;
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame]	1301
Damien Miller	0e3b872	2002-01-22 23:26:38 +1100	[diff] [blame]	1302	buffer_init(&b);
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame]	1303	for (method = authmethods; method->name != NULL; method++) {
				1304	if (authmethod_is_enabled(method)) {
Damien Miller	0e3b872	2002-01-22 23:26:38 +1100	[diff] [blame]	1305	if (buffer_len(&b) > 0)
				1306	buffer_append(&b, ",", 1);
				1307	buffer_append(&b, method->name, strlen(method->name));
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame]	1308	}
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	1309	}
Damien Miller	0e3b872	2002-01-22 23:26:38 +1100	[diff] [blame]	1310	buffer_append(&b, "\0", 1);
				1311	list = xstrdup(buffer_ptr(&b));
				1312	buffer_free(&b);
				1313	return list;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	1314	}