Blame - sshconnect2.c - platform/external/openssh

blob: cf60c7d432ab2054d2d691a08a537c0584f2a6d5 [file] [log] [blame]

djm@openbsd.org	aaed635	2018-11-16 02:46:20 +0000	[diff] [blame]	1	/* $OpenBSD: sshconnect2.c,v 1.289 2018/11/16 02:46:20 djm Exp $ */
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	2	/*
				3	* Copyright (c) 2000 Markus Friedl. All rights reserved.
Damien Miller	01ed227	2008-11-05 16:20:46 +1100	[diff] [blame]	4	* Copyright (c) 2008 Damien Miller. All rights reserved.
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	5	*
				6	* Redistribution and use in source and binary forms, with or without
				7	* modification, are permitted provided that the following conditions
				8	* are met:
				9	* 1. Redistributions of source code must retain the above copyright
				10	* notice, this list of conditions and the following disclaimer.
				11	* 2. Redistributions in binary form must reproduce the above copyright
				12	* notice, this list of conditions and the following disclaimer in the
				13	* documentation and/or other materials provided with the distribution.
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	14	*
				15	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
				16	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
				17	* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
				18	* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
				19	* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
				20	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
				21	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
				22	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
				23	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
				24	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
				25	*/
				26
				27	#include "includes.h"
Damien Miller	2eb6340	2006-03-15 11:09:42 +1100	[diff] [blame]	28
Damien Miller	9cf6d07	2006-03-15 11:29:24 +1100	[diff] [blame]	29	#include <sys/types.h>
Damien Miller	d783435	2006-08-05 12:39:39 +1000	[diff] [blame]	30	#include <sys/socket.h>
Damien Miller	9cf6d07	2006-03-15 11:29:24 +1100	[diff] [blame]	31	#include <sys/wait.h>
Damien Miller	f17883e	2006-03-15 11:45:54 +1100	[diff] [blame]	32	#include <sys/stat.h>
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	33
Darren Tucker	3997249	2006-07-12 22:22:46 +1000	[diff] [blame]	34	#include <errno.h>
Darren Tucker	6e7fe1c	2010-01-08 17:07:22 +1100	[diff] [blame]	35	#include <fcntl.h>
Darren Tucker	f520ea1	2007-05-20 15:11:33 +1000	[diff] [blame]	36	#include <netdb.h>
Damien Miller	d783435	2006-08-05 12:39:39 +1000	[diff] [blame]	37	#include <pwd.h>
				38	#include <signal.h>
Damien Miller	ded319c	2006-09-01 15:38:36 +1000	[diff] [blame]	39	#include <stdarg.h>
Damien Miller	a7a73ee	2006-08-05 11:37:59 +1000	[diff] [blame]	40	#include <stdio.h>
Damien Miller	e3476ed	2006-07-24 14:13:33 +1000	[diff] [blame]	41	#include <string.h>
Damien Miller	1cdde6f	2006-07-24 14:07:35 +1000	[diff] [blame]	42	#include <unistd.h>
Damien Miller	63b4bcd	2013-03-20 12:55:14 +1100	[diff] [blame]	43	#if defined(HAVE_STRNVIS) && defined(HAVE_VIS_H) && !defined(BROKEN_STRNVIS)
Damien Miller	7ba0ca7	2008-07-17 18:57:06 +1000	[diff] [blame]	44	#include <vis.h>
Damien Miller	2e28d86	2008-07-17 19:15:43 +1000	[diff] [blame]	45	#endif
Darren Tucker	3997249	2006-07-12 22:22:46 +1000	[diff] [blame]	46
Damien Miller	9c61769	2003-05-14 14:31:11 +1000	[diff] [blame]	47	#include "openbsd-compat/sys-queue.h"
				48
Damien Miller	d783435	2006-08-05 12:39:39 +1000	[diff] [blame]	49	#include "xmalloc.h"
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	50	#include "ssh.h"
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	51	#include "ssh2.h"
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	52	#include "sshbuf.h"
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	53	#include "packet.h"
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	54	#include "compat.h"
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	55	#include "cipher.h"
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	56	#include "sshkey.h"
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	57	#include "kex.h"
				58	#include "myproposal.h"
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	59	#include "sshconnect.h"
				60	#include "authfile.h"
Ben Lindstrom	df22139	2001-03-29 00:36:16 +0000	[diff] [blame]	61	#include "dh.h"
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	62	#include "authfd.h"
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	63	#include "log.h"
Darren Tucker	e608ca2	2004-05-13 16:15:47 +1000	[diff] [blame]	64	#include "misc.h"
Damien Miller	7acefbb	2014-07-18 14:11:24 +1000	[diff] [blame]	65	#include "readconf.h"
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame]	66	#include "match.h"
Ben Lindstrom	20d7c7b	2001-04-04 01:56:17 +0000	[diff] [blame]	67	#include "dispatch.h"
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	68	#include "canohost.h"
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	69	#include "msg.h"
				70	#include "pathnames.h"
Damien Miller	6b4069a	2006-06-13 13:05:15 +1000	[diff] [blame]	71	#include "uidswap.h"
Damien Miller	d925dcd	2010-12-01 12:21:51 +1100	[diff] [blame]	72	#include "hostfile.h"
djm@openbsd.org	141efe4	2015-01-14 20:05:27 +0000	[diff] [blame]	73	#include "ssherr.h"
djm@openbsd.org	65c6c6b	2016-07-17 04:20:16 +0000	[diff] [blame]	74	#include "utf8.h"
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	75
Darren Tucker	0efd155	2003-08-26 11:49:55 +1000	[diff] [blame]	76	#ifdef GSSAPI
				77	#include "ssh-gss.h"
				78	#endif
				79
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	80	/* import */
				81	extern char *client_version_string;
				82	extern char *server_version_string;
				83	extern Options options;
				84
				85	/*
				86	* SSH2 key exchange
				87	*/
				88
Ben Lindstrom	46c1622	2000-12-22 01:43:59 +0000	[diff] [blame]	89	u_char *session_id2 = NULL;
Darren Tucker	502d384	2003-06-28 12:38:01 +1000	[diff] [blame]	90	u_int session_id2_len = 0;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	91
Ben Lindstrom	20d7c7b	2001-04-04 01:56:17 +0000	[diff] [blame]	92	char *xxx_host;
				93	struct sockaddr *xxx_hostaddr;
				94
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	95	static int
markus@openbsd.org	54d90ac	2017-05-30 08:52:19 +0000	[diff] [blame]	96	verify_host_key_callback(struct sshkey hostkey, struct ssh ssh)
Ben Lindstrom	20d7c7b	2001-04-04 01:56:17 +0000	[diff] [blame]	97	{
Ben Lindstrom	d6481ea	2001-06-25 04:37:41 +0000	[diff] [blame]	98	if (verify_host_key(xxx_host, xxx_hostaddr, hostkey) == -1)
Damien Miller	59d9fb9	2001-10-10 15:03:11 +1000	[diff] [blame]	99	fatal("Host key verification failed.");
Ben Lindstrom	20d7c7b	2001-04-04 01:56:17 +0000	[diff] [blame]	100	return 0;
				101	}
				102
Damien Miller	d925dcd	2010-12-01 12:21:51 +1100	[diff] [blame]	103	static char *
				104	order_hostkeyalgs(char host, struct sockaddr hostaddr, u_short port)
				105	{
				106	char oavail, avail, first, last, alg, hostname, *ret;
				107	size_t maxlen;
				108	struct hostkeys *hostkeys;
				109	int ktype;
Damien Miller	295ee63	2011-05-29 21:42:31 +1000	[diff] [blame]	110	u_int i;
Damien Miller	d925dcd	2010-12-01 12:21:51 +1100	[diff] [blame]	111
				112	/* Find all hostkeys for this hostname */
				113	get_hostfile_hostname_ipaddr(host, hostaddr, port, &hostname, NULL);
				114	hostkeys = init_hostkeys();
Damien Miller	295ee63	2011-05-29 21:42:31 +1000	[diff] [blame]	115	for (i = 0; i < options.num_user_hostfiles; i++)
				116	load_hostkeys(hostkeys, hostname, options.user_hostfiles[i]);
				117	for (i = 0; i < options.num_system_hostfiles; i++)
				118	load_hostkeys(hostkeys, hostname, options.system_hostfiles[i]);
Damien Miller	d925dcd	2010-12-01 12:21:51 +1100	[diff] [blame]	119
				120	oavail = avail = xstrdup(KEX_DEFAULT_PK_ALG);
				121	maxlen = strlen(avail) + 1;
				122	first = xmalloc(maxlen);
				123	last = xmalloc(maxlen);
				124	first = last = '\0';
				125
				126	#define ALG_APPEND(to, from) \
				127	do { \
				128	if (*to != '\0') \
				129	strlcat(to, ",", maxlen); \
				130	strlcat(to, from, maxlen); \
				131	} while (0)
				132
				133	while ((alg = strsep(&avail, ",")) && *alg != '\0') {
djm@openbsd.org	141efe4	2015-01-14 20:05:27 +0000	[diff] [blame]	134	if ((ktype = sshkey_type_from_name(alg)) == KEY_UNSPEC)
Damien Miller	d925dcd	2010-12-01 12:21:51 +1100	[diff] [blame]	135	fatal("%s: unknown alg %s", __func__, alg);
				136	if (lookup_key_in_hostkeys_by_type(hostkeys,
djm@openbsd.org	141efe4	2015-01-14 20:05:27 +0000	[diff] [blame]	137	sshkey_type_plain(ktype), NULL))
Damien Miller	d925dcd	2010-12-01 12:21:51 +1100	[diff] [blame]	138	ALG_APPEND(first, alg);
				139	else
				140	ALG_APPEND(last, alg);
				141	}
				142	#undef ALG_APPEND
djm@openbsd.org	35d6022	2015-01-18 13:33:34 +0000	[diff] [blame]	143	xasprintf(&ret, "%s%s%s", first,
				144	(first == '\0' \|\| last == '\0') ? "" : ",", last);
Damien Miller	d925dcd	2010-12-01 12:21:51 +1100	[diff] [blame]	145	if (*first != '\0')
				146	debug3("%s: prefer hostkeyalgs: %s", __func__, first);
				147
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	148	free(first);
				149	free(last);
				150	free(hostname);
				151	free(oavail);
Damien Miller	d925dcd	2010-12-01 12:21:51 +1100	[diff] [blame]	152	free_hostkeys(hostkeys);
				153
				154	return ret;
				155	}
				156
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	157	void
Damien Miller	d925dcd	2010-12-01 12:21:51 +1100	[diff] [blame]	158	ssh_kex2(char host, struct sockaddr hostaddr, u_short port)
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	159	{
Damien Miller	9235a03	2014-04-20 13:17:20 +1000	[diff] [blame]	160	char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT };
djm@openbsd.org	312d2f2	2018-07-04 13:49:31 +0000	[diff] [blame]	161	char s, all_key;
markus@openbsd.org	57d10cb	2015-01-19 20:16:15 +0000	[diff] [blame]	162	struct kex *kex;
markus@openbsd.org	57e783c	2015-01-20 20:16:21 +0000	[diff] [blame]	163	int r;
Ben Lindstrom	20d7c7b	2001-04-04 01:56:17 +0000	[diff] [blame]	164
				165	xxx_host = host;
				166	xxx_hostaddr = hostaddr;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	167
markus@openbsd.org	76c9fbb	2015-12-04 16:41:28 +0000	[diff] [blame]	168	if ((s = kex_names_cat(options.kex_algorithms, "ext-info-c")) == NULL)
				169	fatal("%s: kex_names_cat", __func__);
djm@openbsd.org	c3903c3	2018-08-13 02:41:05 +0000	[diff] [blame]	170	myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(s);
Damien Miller	a0ff466	2001-03-30 10:49:35 +1000	[diff] [blame]	171	myproposal[PROPOSAL_ENC_ALGS_CTOS] =
djm@openbsd.org	c3903c3	2018-08-13 02:41:05 +0000	[diff] [blame]	172	compat_cipher_proposal(options.ciphers);
Damien Miller	a0ff466	2001-03-30 10:49:35 +1000	[diff] [blame]	173	myproposal[PROPOSAL_ENC_ALGS_STOC] =
djm@openbsd.org	c3903c3	2018-08-13 02:41:05 +0000	[diff] [blame]	174	compat_cipher_proposal(options.ciphers);
dtucker@openbsd.org	8c02e36	2016-05-24 04:43:45 +0000	[diff] [blame]	175	myproposal[PROPOSAL_COMP_ALGS_CTOS] =
				176	myproposal[PROPOSAL_COMP_ALGS_STOC] = options.compression ?
sf@openbsd.org	168b46f	2018-07-09 13:37:10 +0000	[diff] [blame]	177	"zlib@openssh.com,zlib,none" : "none,zlib@openssh.com,zlib";
djm@openbsd.org	f9eca24	2015-07-30 00:01:34 +0000	[diff] [blame]	178	myproposal[PROPOSAL_MAC_ALGS_CTOS] =
				179	myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
				180	if (options.hostkeyalgorithms != NULL) {
djm@openbsd.org	312d2f2	2018-07-04 13:49:31 +0000	[diff] [blame]	181	all_key = sshkey_alg_list(0, 0, 1, ',');
				182	if (kex_assemble_names(&options.hostkeyalgorithms,
				183	KEX_DEFAULT_PK_ALG, all_key) != 0)
djm@openbsd.org	f9eca24	2015-07-30 00:01:34 +0000	[diff] [blame]	184	fatal("%s: kex_assemble_namelist", __func__);
djm@openbsd.org	312d2f2	2018-07-04 13:49:31 +0000	[diff] [blame]	185	free(all_key);
Damien Miller	9f0f5c6	2001-12-21 14:45:46 +1100	[diff] [blame]	186	myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
djm@openbsd.org	c3903c3	2018-08-13 02:41:05 +0000	[diff] [blame]	187	compat_pkalg_proposal(options.hostkeyalgorithms);
djm@openbsd.org	f9eca24	2015-07-30 00:01:34 +0000	[diff] [blame]	188	} else {
markus@openbsd.org	3a1638d	2015-07-10 06:21:53 +0000	[diff] [blame]	189	/* Enforce default */
				190	options.hostkeyalgorithms = xstrdup(KEX_DEFAULT_PK_ALG);
Damien Miller	d925dcd	2010-12-01 12:21:51 +1100	[diff] [blame]	191	/* Prefer algorithms that we already have keys for */
				192	myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
Damien Miller	324541e	2013-12-31 12:25:40 +1100	[diff] [blame]	193	compat_pkalg_proposal(
djm@openbsd.org	c3903c3	2018-08-13 02:41:05 +0000	[diff] [blame]	194	order_hostkeyalgs(host, hostaddr, port));
Damien Miller	d925dcd	2010-12-01 12:21:51 +1100	[diff] [blame]	195	}
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	196
Darren Tucker	c53c2af	2013-05-16 20:28:16 +1000	[diff] [blame]	197	if (options.rekey_limit \|\| options.rekey_interval)
dtucker@openbsd.org	c998bf0	2017-02-03 02:56:00 +0000	[diff] [blame]	198	packet_set_rekey_limits(options.rekey_limit,
				199	options.rekey_interval);
Damien Miller	a5539d2	2003-04-09 20:50:06 +1000	[diff] [blame]	200
Ben Lindstrom	8ac9106	2001-04-04 17:57:54 +0000	[diff] [blame]	201	/* start key exchange */
markus@openbsd.org	57e783c	2015-01-20 20:16:21 +0000	[diff] [blame]	202	if ((r = kex_setup(active_state, myproposal)) != 0)
				203	fatal("kex_setup: %s", ssh_err(r));
markus@openbsd.org	57d10cb	2015-01-19 20:16:15 +0000	[diff] [blame]	204	kex = active_state->kex;
Damien Miller	1f0311c	2014-05-15 14:24:09 +1000	[diff] [blame]	205	#ifdef WITH_OPENSSL
Damien Miller	8e7fb33	2003-02-24 12:03:03 +1100	[diff] [blame]	206	kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client;
Damien Miller	f675fc4	2004-06-15 10:30:09 +1000	[diff] [blame]	207	kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client;
djm@openbsd.org	0e8eeec	2016-05-02 10:26:04 +0000	[diff] [blame]	208	kex->kex[KEX_DH_GRP14_SHA256] = kexdh_client;
				209	kex->kex[KEX_DH_GRP16_SHA512] = kexdh_client;
				210	kex->kex[KEX_DH_GRP18_SHA512] = kexdh_client;
Damien Miller	8e7fb33	2003-02-24 12:03:03 +1100	[diff] [blame]	211	kex->kex[KEX_DH_GEX_SHA1] = kexgex_client;
Damien Miller	a63128d	2006-03-15 12:08:28 +1100	[diff] [blame]	212	kex->kex[KEX_DH_GEX_SHA256] = kexgex_client;
Darren Tucker	f2004cd	2015-02-23 05:04:21 +1100	[diff] [blame]	213	# ifdef OPENSSL_HAS_ECC
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	214	kex->kex[KEX_ECDH_SHA2] = kexecdh_client;
Darren Tucker	f2004cd	2015-02-23 05:04:21 +1100	[diff] [blame]	215	# endif
Damien Miller	1f0311c	2014-05-15 14:24:09 +1000	[diff] [blame]	216	#endif
Damien Miller	1e12426	2013-11-04 08:26:52 +1100	[diff] [blame]	217	kex->kex[KEX_C25519_SHA256] = kexc25519_client;
Ben Lindstrom	20d7c7b	2001-04-04 01:56:17 +0000	[diff] [blame]	218	kex->client_version_string=client_version_string;
				219	kex->server_version_string=server_version_string;
Ben Lindstrom	d6481ea	2001-06-25 04:37:41 +0000	[diff] [blame]	220	kex->verify_host_key=&verify_host_key_callback;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	221
markus@openbsd.org	92e9fe6	2017-05-31 07:00:13 +0000	[diff] [blame]	222	ssh_dispatch_run_fatal(active_state, DISPATCH_BLOCK, &kex->done);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	223
markus@openbsd.org	76c9fbb	2015-12-04 16:41:28 +0000	[diff] [blame]	224	/* remove ext-info from the KEX proposals for rekeying */
				225	myproposal[PROPOSAL_KEX_ALGS] =
djm@openbsd.org	c3903c3	2018-08-13 02:41:05 +0000	[diff] [blame]	226	compat_kex_proposal(options.kex_algorithms);
markus@openbsd.org	76c9fbb	2015-12-04 16:41:28 +0000	[diff] [blame]	227	if ((r = kex_prop2buf(kex->my, myproposal)) != 0)
				228	fatal("kex_prop2buf: %s", ssh_err(r));
Darren Tucker	36331b5	2010-01-08 16:50:41 +1100	[diff] [blame]	229
Ben Lindstrom	2d90e00	2001-04-04 02:00:54 +0000	[diff] [blame]	230	session_id2 = kex->session_id;
				231	session_id2_len = kex->session_id_len;
				232
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	233	#ifdef DEBUG_KEXDH
				234	/* send 1st encrypted/maced/compressed message */
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	235	if ((r = sshpkt_start(ssh, SSH2_MSG_IGNORE)) != 0 \|\|
				236	(r = sshpkt_put_cstring(ssh, "markus")) != 0 \|\|
markus@openbsd.org	394a842	2018-07-11 18:55:11 +0000	[diff] [blame]	237	(r = sshpkt_send(ssh)) != 0 \|\|
				238	(r = ssh_packet_write_wait(ssh)) != 0)
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	239	fatal("%s: %s", __func__, ssh_err(r));
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	240	#endif
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	241	}
Damien Miller	b1715dc	2000-05-30 13:44:51 +1000	[diff] [blame]	242
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	243	/*
				244	* Authenticate user
				245	*/
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	246
djm@openbsd.org	141efe4	2015-01-14 20:05:27 +0000	[diff] [blame]	247	typedef struct cauthctxt Authctxt;
				248	typedef struct cauthmethod Authmethod;
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	249	typedef struct identity Identity;
				250	typedef struct idlist Idlist;
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	251
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	252	struct identity {
				253	TAILQ_ENTRY(identity) next;
djm@openbsd.org	141efe4	2015-01-14 20:05:27 +0000	[diff] [blame]	254	int agent_fd; /* >=0 if agent supports key */
				255	struct sshkey key; / public/private key */
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	256	char filename; / comment for agent-only keys */
				257	int tried;
				258	int isprivate; /* key points to the private key */
Damien Miller	5ceddc3	2013-02-15 12:18:32 +1100	[diff] [blame]	259	int userprovided;
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	260	};
				261	TAILQ_HEAD(idlist, identity);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	262
djm@openbsd.org	141efe4	2015-01-14 20:05:27 +0000	[diff] [blame]	263	struct cauthctxt {
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	264	const char *server_user;
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	265	const char *local_user;
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	266	const char *host;
				267	const char *service;
djm@openbsd.org	141efe4	2015-01-14 20:05:27 +0000	[diff] [blame]	268	struct cauthmethod *method;
Damien Miller	79442c0	2010-05-10 11:55:38 +1000	[diff] [blame]	269	sig_atomic_t success;
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	270	char *authlist;
djm@openbsd.org	141efe4	2015-01-14 20:05:27 +0000	[diff] [blame]	271	int attempt;
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	272	/* pubkey */
djm@openbsd.org	141efe4	2015-01-14 20:05:27 +0000	[diff] [blame]	273	struct idlist keys;
				274	int agent_fd;
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	275	/* hostbased */
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	276	Sensitive *sensitive;
djm@openbsd.org	46347ed	2015-01-30 11:43:14 +0000	[diff] [blame]	277	char oktypes, ktypes;
				278	const char *active_ktype;
Ben Lindstrom	7d19996	2001-09-12 18:29:00 +0000	[diff] [blame]	279	/* kbd-interactive */
				280	int info_req_seen;
Darren Tucker	0efd155	2003-08-26 11:49:55 +1000	[diff] [blame]	281	/* generic */
				282	void *methoddata;
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	283	};
djm@openbsd.org	141efe4	2015-01-14 20:05:27 +0000	[diff] [blame]	284
				285	struct cauthmethod {
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	286	char name; / string to compare against server's list */
				287	int (userauth)(Authctxt authctxt);
Damien Miller	01ed227	2008-11-05 16:20:46 +1100	[diff] [blame]	288	void (cleanup)(Authctxt authctxt);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	289	int enabled; / flag in option struct that enables method */
				290	int batch_flag; / flag in option struct that disables method */
				291	};
				292
markus@openbsd.org	2ae666a	2017-05-30 14:23:52 +0000	[diff] [blame]	293	int input_userauth_service_accept(int, u_int32_t, struct ssh *);
				294	int input_userauth_ext_info(int, u_int32_t, struct ssh *);
				295	int input_userauth_success(int, u_int32_t, struct ssh *);
				296	int input_userauth_success_unexpected(int, u_int32_t, struct ssh *);
				297	int input_userauth_failure(int, u_int32_t, struct ssh *);
				298	int input_userauth_banner(int, u_int32_t, struct ssh *);
				299	int input_userauth_error(int, u_int32_t, struct ssh *);
				300	int input_userauth_info_req(int, u_int32_t, struct ssh *);
				301	int input_userauth_pk_ok(int, u_int32_t, struct ssh *);
				302	int input_userauth_passwd_changereq(int, u_int32_t, struct ssh *);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	303
Ben Lindstrom	3c36bb2	2001-12-06 17:55:26 +0000	[diff] [blame]	304	int userauth_none(Authctxt *);
				305	int userauth_pubkey(Authctxt *);
				306	int userauth_passwd(Authctxt *);
				307	int userauth_kbdint(Authctxt *);
				308	int userauth_hostbased(Authctxt *);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	309
Darren Tucker	0efd155	2003-08-26 11:49:55 +1000	[diff] [blame]	310	#ifdef GSSAPI
				311	int userauth_gssapi(Authctxt *authctxt);
markus@openbsd.org	2ae666a	2017-05-30 14:23:52 +0000	[diff] [blame]	312	int input_gssapi_response(int type, u_int32_t, struct ssh *);
				313	int input_gssapi_token(int type, u_int32_t, struct ssh *);
				314	int input_gssapi_hash(int type, u_int32_t, struct ssh *);
				315	int input_gssapi_error(int, u_int32_t, struct ssh *);
				316	int input_gssapi_errtok(int, u_int32_t, struct ssh *);
Darren Tucker	0efd155	2003-08-26 11:49:55 +1000	[diff] [blame]	317	#endif
				318
Ben Lindstrom	3c36bb2	2001-12-06 17:55:26 +0000	[diff] [blame]	319	void userauth(Authctxt , char );
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	320
djm@openbsd.org	4ba0d54	2018-07-03 11:39:54 +0000	[diff] [blame]	321	static int sign_and_send_pubkey(struct ssh ssh, Authctxt , Identity *);
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	322	static void pubkey_prepare(Authctxt *);
				323	static void pubkey_cleanup(Authctxt *);
djm@openbsd.org	b9844a4	2016-12-04 23:54:02 +0000	[diff] [blame]	324	static void pubkey_reset(Authctxt *);
markus@openbsd.org	54d90ac	2017-05-30 08:52:19 +0000	[diff] [blame]	325	static struct sshkey load_identity_file(Identity );
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	326
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	327	static Authmethod authmethod_get(char authlist);
				328	static Authmethod authmethod_lookup(const char name);
				329	static char *authmethods_get(void);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	330
				331	Authmethod authmethods[] = {
Darren Tucker	0efd155	2003-08-26 11:49:55 +1000	[diff] [blame]	332	#ifdef GSSAPI
Damien Miller	0425d40	2003-11-17 22:18:21 +1100	[diff] [blame]	333	{"gssapi-with-mic",
Darren Tucker	0efd155	2003-08-26 11:49:55 +1000	[diff] [blame]	334	userauth_gssapi,
Damien Miller	01ed227	2008-11-05 16:20:46 +1100	[diff] [blame]	335	NULL,
Darren Tucker	0efd155	2003-08-26 11:49:55 +1000	[diff] [blame]	336	&options.gss_authentication,
				337	NULL},
				338	#endif
Ben Lindstrom	1bfe291	2001-06-05 19:37:25 +0000	[diff] [blame]	339	{"hostbased",
				340	userauth_hostbased,
Damien Miller	01ed227	2008-11-05 16:20:46 +1100	[diff] [blame]	341	NULL,
Ben Lindstrom	1bfe291	2001-06-05 19:37:25 +0000	[diff] [blame]	342	&options.hostbased_authentication,
				343	NULL},
Ben Lindstrom	45350e8	2001-08-06 20:57:11 +0000	[diff] [blame]	344	{"publickey",
				345	userauth_pubkey,
Damien Miller	01ed227	2008-11-05 16:20:46 +1100	[diff] [blame]	346	NULL,
Ben Lindstrom	45350e8	2001-08-06 20:57:11 +0000	[diff] [blame]	347	&options.pubkey_authentication,
				348	NULL},
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	349	{"keyboard-interactive",
				350	userauth_kbdint,
Damien Miller	01ed227	2008-11-05 16:20:46 +1100	[diff] [blame]	351	NULL,
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	352	&options.kbd_interactive_authentication,
				353	&options.batch_mode},
Ben Lindstrom	45350e8	2001-08-06 20:57:11 +0000	[diff] [blame]	354	{"password",
				355	userauth_passwd,
Damien Miller	01ed227	2008-11-05 16:20:46 +1100	[diff] [blame]	356	NULL,
Ben Lindstrom	45350e8	2001-08-06 20:57:11 +0000	[diff] [blame]	357	&options.password_authentication,
				358	&options.batch_mode},
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	359	{"none",
				360	userauth_none,
				361	NULL,
Damien Miller	01ed227	2008-11-05 16:20:46 +1100	[diff] [blame]	362	NULL,
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	363	NULL},
Damien Miller	01ed227	2008-11-05 16:20:46 +1100	[diff] [blame]	364	{NULL, NULL, NULL, NULL, NULL}
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	365	};
				366
				367	void
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	368	ssh_userauth2(const char local_user, const char server_user, char *host,
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	369	Sensitive *sensitive)
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	370	{
markus@openbsd.org	76c9fbb	2015-12-04 16:41:28 +0000	[diff] [blame]	371	struct ssh *ssh = active_state;
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	372	Authctxt authctxt;
markus@openbsd.org	76c9fbb	2015-12-04 16:41:28 +0000	[diff] [blame]	373	int r;
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	374
Ben Lindstrom	551ea37	2001-06-05 18:56:16 +0000	[diff] [blame]	375	if (options.challenge_response_authentication)
Ben Lindstrom	95fb2dd	2001-01-23 03:12:10 +0000	[diff] [blame]	376	options.kbd_interactive_authentication = 1;
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame]	377	if (options.preferred_authentications == NULL)
				378	options.preferred_authentications = authmethods_get();
				379
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	380	/* setup authentication context */
Ben Lindstrom	7d19996	2001-09-12 18:29:00 +0000	[diff] [blame]	381	memset(&authctxt, 0, sizeof(authctxt));
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	382	authctxt.server_user = server_user;
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	383	authctxt.local_user = local_user;
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	384	authctxt.host = host;
				385	authctxt.service = "ssh-connection"; /* service name */
				386	authctxt.success = 0;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	387	authctxt.method = authmethod_lookup("none");
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	388	authctxt.authlist = NULL;
Darren Tucker	0efd155	2003-08-26 11:49:55 +1000	[diff] [blame]	389	authctxt.methoddata = NULL;
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	390	authctxt.sensitive = sensitive;
djm@openbsd.org	46347ed	2015-01-30 11:43:14 +0000	[diff] [blame]	391	authctxt.active_ktype = authctxt.oktypes = authctxt.ktypes = NULL;
Ben Lindstrom	7d19996	2001-09-12 18:29:00 +0000	[diff] [blame]	392	authctxt.info_req_seen = 0;
djm@openbsd.org	f14564c	2015-01-15 11:04:36 +0000	[diff] [blame]	393	authctxt.agent_fd = -1;
djm@openbsd.org	aaed635	2018-11-16 02:46:20 +0000	[diff] [blame]	394	pubkey_prepare(&authctxt);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	395	if (authctxt.method == NULL)
				396	fatal("ssh_userauth2: internal error: cannot send userauth none request");
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	397
markus@openbsd.org	76c9fbb	2015-12-04 16:41:28 +0000	[diff] [blame]	398	if ((r = sshpkt_start(ssh, SSH2_MSG_SERVICE_REQUEST)) != 0 \|\|
				399	(r = sshpkt_put_cstring(ssh, "ssh-userauth")) != 0 \|\|
				400	(r = sshpkt_send(ssh)) != 0)
				401	fatal("%s: %s", __func__, ssh_err(r));
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	402
markus@openbsd.org	94583be	2017-05-30 14:19:15 +0000	[diff] [blame]	403	ssh->authctxt = &authctxt;
markus@openbsd.org	76c9fbb	2015-12-04 16:41:28 +0000	[diff] [blame]	404	ssh_dispatch_init(ssh, &input_userauth_error);
				405	ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, &input_userauth_ext_info);
				406	ssh_dispatch_set(ssh, SSH2_MSG_SERVICE_ACCEPT, &input_userauth_service_accept);
markus@openbsd.org	92e9fe6	2017-05-31 07:00:13 +0000	[diff] [blame]	407	ssh_dispatch_run_fatal(ssh, DISPATCH_BLOCK, &authctxt.success); /* loop until success */
markus@openbsd.org	94583be	2017-05-30 14:19:15 +0000	[diff] [blame]	408	ssh->authctxt = NULL;
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	409
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	410	pubkey_cleanup(&authctxt);
markus@openbsd.org	76c9fbb	2015-12-04 16:41:28 +0000	[diff] [blame]	411	ssh_dispatch_range(ssh, SSH2_MSG_USERAUTH_MIN, SSH2_MSG_USERAUTH_MAX, NULL);
Damien Miller	f842fcb	2003-05-15 12:01:28 +1000	[diff] [blame]	412
dtucker@openbsd.org	f31c654	2016-09-22 02:29:57 +0000	[diff] [blame]	413	if (!authctxt.success)
				414	fatal("Authentication failed.");
Ben Lindstrom	1d568f9	2002-12-23 02:44:36 +0000	[diff] [blame]	415	debug("Authentication succeeded (%s).", authctxt.method->name);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	416	}
Damien Miller	f842fcb	2003-05-15 12:01:28 +1000	[diff] [blame]	417
markus@openbsd.org	76c9fbb	2015-12-04 16:41:28 +0000	[diff] [blame]	418	/* ARGSUSED */
				419	int
markus@openbsd.org	2ae666a	2017-05-30 14:23:52 +0000	[diff] [blame]	420	input_userauth_service_accept(int type, u_int32_t seq, struct ssh *ssh)
markus@openbsd.org	76c9fbb	2015-12-04 16:41:28 +0000	[diff] [blame]	421	{
markus@openbsd.org	94583be	2017-05-30 14:19:15 +0000	[diff] [blame]	422	Authctxt *authctxt = ssh->authctxt;
markus@openbsd.org	76c9fbb	2015-12-04 16:41:28 +0000	[diff] [blame]	423	int r;
				424
				425	if (ssh_packet_remaining(ssh) > 0) {
				426	char *reply;
				427
				428	if ((r = sshpkt_get_cstring(ssh, &reply, NULL)) != 0)
				429	goto out;
				430	debug2("service_accept: %s", reply);
				431	free(reply);
				432	} else {
				433	debug2("buggy server: service_accept w/o service");
				434	}
				435	if ((r = sshpkt_get_end(ssh)) != 0)
				436	goto out;
				437	debug("SSH2_MSG_SERVICE_ACCEPT received");
				438
				439	/* initial userauth request */
				440	userauth_none(authctxt);
				441
				442	ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, &input_userauth_error);
				443	ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_SUCCESS, &input_userauth_success);
				444	ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_FAILURE, &input_userauth_failure);
				445	ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_BANNER, &input_userauth_banner);
				446	r = 0;
				447	out:
				448	return r;
				449	}
				450
				451	/* ARGSUSED */
				452	int
markus@openbsd.org	2ae666a	2017-05-30 14:23:52 +0000	[diff] [blame]	453	input_userauth_ext_info(int type, u_int32_t seqnr, struct ssh *ssh)
markus@openbsd.org	76c9fbb	2015-12-04 16:41:28 +0000	[diff] [blame]	454	{
markus@openbsd.org	2ae666a	2017-05-30 14:23:52 +0000	[diff] [blame]	455	return kex_input_ext_info(type, seqnr, ssh);
markus@openbsd.org	76c9fbb	2015-12-04 16:41:28 +0000	[diff] [blame]	456	}
				457
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	458	void
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	459	userauth(Authctxt authctxt, char authlist)
				460	{
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	461	struct ssh ssh = active_state; / XXX */
				462
Damien Miller	01ed227	2008-11-05 16:20:46 +1100	[diff] [blame]	463	if (authctxt->method != NULL && authctxt->method->cleanup != NULL)
				464	authctxt->method->cleanup(authctxt);
				465
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	466	free(authctxt->methoddata);
				467	authctxt->methoddata = NULL;
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	468	if (authlist == NULL) {
				469	authlist = authctxt->authlist;
				470	} else {
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	471	free(authctxt->authlist);
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	472	authctxt->authlist = authlist;
				473	}
				474	for (;;) {
				475	Authmethod *method = authmethod_get(authlist);
				476	if (method == NULL)
dtucker@openbsd.org	4626e39	2017-06-14 00:31:38 +0000	[diff] [blame]	477	fatal("%s@%s: Permission denied (%s).",
				478	authctxt->server_user, authctxt->host, authlist);
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	479	authctxt->method = method;
Damien Miller	f842fcb	2003-05-15 12:01:28 +1000	[diff] [blame]	480
				481	/* reset the per method handler */
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	482	ssh_dispatch_range(ssh, SSH2_MSG_USERAUTH_PER_METHOD_MIN,
Damien Miller	f842fcb	2003-05-15 12:01:28 +1000	[diff] [blame]	483	SSH2_MSG_USERAUTH_PER_METHOD_MAX, NULL);
				484
				485	/* and try new method */
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	486	if (method->userauth(authctxt) != 0) {
				487	debug2("we sent a %s packet, wait for reply", method->name);
				488	break;
				489	} else {
				490	debug2("we did not send a packet, disable method");
				491	method->enabled = NULL;
				492	}
				493	}
				494	}
Ben Lindstrom	5c38552	2002-06-23 21:23:20 +0000	[diff] [blame]	495
Damien Miller	f7475d7	2008-11-03 19:26:18 +1100	[diff] [blame]	496	/* ARGSUSED */
markus@openbsd.org	3fdc88a	2015-01-19 20:07:45 +0000	[diff] [blame]	497	int
markus@openbsd.org	2ae666a	2017-05-30 14:23:52 +0000	[diff] [blame]	498	input_userauth_error(int type, u_int32_t seq, struct ssh *ssh)
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	499	{
Ben Lindstrom	d26dcf3	2001-01-06 15:18:16 +0000	[diff] [blame]	500	fatal("input_userauth_error: bad message during authentication: "
Damien Miller	0dc1bef	2005-07-17 17:22:45 +1000	[diff] [blame]	501	"type %d", type);
markus@openbsd.org	3fdc88a	2015-01-19 20:07:45 +0000	[diff] [blame]	502	return 0;
Ben Lindstrom	d26dcf3	2001-01-06 15:18:16 +0000	[diff] [blame]	503	}
Ben Lindstrom	5c38552	2002-06-23 21:23:20 +0000	[diff] [blame]	504
Damien Miller	f7475d7	2008-11-03 19:26:18 +1100	[diff] [blame]	505	/* ARGSUSED */
markus@openbsd.org	3fdc88a	2015-01-19 20:07:45 +0000	[diff] [blame]	506	int
markus@openbsd.org	2ae666a	2017-05-30 14:23:52 +0000	[diff] [blame]	507	input_userauth_banner(int type, u_int32_t seq, struct ssh *ssh)
Ben Lindstrom	d26dcf3	2001-01-06 15:18:16 +0000	[diff] [blame]	508	{
djm@openbsd.org	65c6c6b	2016-07-17 04:20:16 +0000	[diff] [blame]	509	char msg, lang;
Damien Miller	7ba0ca7	2008-07-17 18:57:06 +1000	[diff] [blame]	510	u_int len;
Darren Tucker	7964482	2003-10-08 17:37:58 +1000	[diff] [blame]	511
djm@openbsd.org	65c6c6b	2016-07-17 04:20:16 +0000	[diff] [blame]	512	debug3("%s", __func__);
				513	msg = packet_get_string(&len);
Ben Lindstrom	d26dcf3	2001-01-06 15:18:16 +0000	[diff] [blame]	514	lang = packet_get_string(NULL);
djm@openbsd.org	65c6c6b	2016-07-17 04:20:16 +0000	[diff] [blame]	515	if (len > 0 && options.log_level >= SYSLOG_LEVEL_INFO)
				516	fmprintf(stderr, "%s", msg);
				517	free(msg);
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	518	free(lang);
markus@openbsd.org	3fdc88a	2015-01-19 20:07:45 +0000	[diff] [blame]	519	return 0;
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	520	}
Ben Lindstrom	5c38552	2002-06-23 21:23:20 +0000	[diff] [blame]	521
Damien Miller	f7475d7	2008-11-03 19:26:18 +1100	[diff] [blame]	522	/* ARGSUSED */
markus@openbsd.org	3fdc88a	2015-01-19 20:07:45 +0000	[diff] [blame]	523	int
markus@openbsd.org	2ae666a	2017-05-30 14:23:52 +0000	[diff] [blame]	524	input_userauth_success(int type, u_int32_t seq, struct ssh *ssh)
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	525	{
markus@openbsd.org	94583be	2017-05-30 14:19:15 +0000	[diff] [blame]	526	Authctxt *authctxt = ssh->authctxt;
Darren Tucker	2f29a8c	2009-10-24 11:47:58 +1100	[diff] [blame]	527
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	528	if (authctxt == NULL)
				529	fatal("input_userauth_success: no authentication context");
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	530	free(authctxt->authlist);
				531	authctxt->authlist = NULL;
Darren Tucker	2f29a8c	2009-10-24 11:47:58 +1100	[diff] [blame]	532	if (authctxt->method != NULL && authctxt->method->cleanup != NULL)
				533	authctxt->method->cleanup(authctxt);
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	534	free(authctxt->methoddata);
				535	authctxt->methoddata = NULL;
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	536	authctxt->success = 1; /* break out */
markus@openbsd.org	3fdc88a	2015-01-19 20:07:45 +0000	[diff] [blame]	537	return 0;
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	538	}
Ben Lindstrom	5c38552	2002-06-23 21:23:20 +0000	[diff] [blame]	539
markus@openbsd.org	3fdc88a	2015-01-19 20:07:45 +0000	[diff] [blame]	540	int
markus@openbsd.org	2ae666a	2017-05-30 14:23:52 +0000	[diff] [blame]	541	input_userauth_success_unexpected(int type, u_int32_t seq, struct ssh *ssh)
Darren Tucker	2f29a8c	2009-10-24 11:47:58 +1100	[diff] [blame]	542	{
markus@openbsd.org	94583be	2017-05-30 14:19:15 +0000	[diff] [blame]	543	Authctxt *authctxt = ssh->authctxt;
Darren Tucker	2f29a8c	2009-10-24 11:47:58 +1100	[diff] [blame]	544
				545	if (authctxt == NULL)
				546	fatal("%s: no authentication context", __func__);
				547
				548	fatal("Unexpected authentication success during %s.",
				549	authctxt->method->name);
markus@openbsd.org	3fdc88a	2015-01-19 20:07:45 +0000	[diff] [blame]	550	return 0;
Darren Tucker	2f29a8c	2009-10-24 11:47:58 +1100	[diff] [blame]	551	}
				552
Damien Miller	f7475d7	2008-11-03 19:26:18 +1100	[diff] [blame]	553	/* ARGSUSED */
markus@openbsd.org	3fdc88a	2015-01-19 20:07:45 +0000	[diff] [blame]	554	int
markus@openbsd.org	2ae666a	2017-05-30 14:23:52 +0000	[diff] [blame]	555	input_userauth_failure(int type, u_int32_t seq, struct ssh *ssh)
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	556	{
markus@openbsd.org	94583be	2017-05-30 14:19:15 +0000	[diff] [blame]	557	Authctxt *authctxt = ssh->authctxt;
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	558	char *authlist = NULL;
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	559	u_char partial;
				560	int r;
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	561
				562	if (authctxt == NULL)
				563	fatal("input_userauth_failure: no authentication context");
				564
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	565	if ((r = sshpkt_get_cstring(ssh, &authlist, NULL)) != 0 \|\|
				566	(r = sshpkt_get_u8(ssh, &partial)) != 0 \|\|
				567	(r = sshpkt_get_end(ssh)) != 0)
				568	goto out;
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	569
Damien Miller	62e9c4f	2013-04-23 15:15:49 +1000	[diff] [blame]	570	if (partial != 0) {
dtucker@openbsd.org	83cbca6	2016-07-22 05:46:11 +0000	[diff] [blame]	571	verbose("Authenticated with partial success.");
Damien Miller	62e9c4f	2013-04-23 15:15:49 +1000	[diff] [blame]	572	/* reset state */
djm@openbsd.org	b9844a4	2016-12-04 23:54:02 +0000	[diff] [blame]	573	pubkey_reset(authctxt);
Damien Miller	62e9c4f	2013-04-23 15:15:49 +1000	[diff] [blame]	574	}
Ben Lindstrom	1d568f9	2002-12-23 02:44:36 +0000	[diff] [blame]	575	debug("Authentications that can continue: %s", authlist);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	576
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	577	userauth(authctxt, authlist);
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	578	authlist = NULL;
				579	out:
				580	free(authlist);
markus@openbsd.org	3fdc88a	2015-01-19 20:07:45 +0000	[diff] [blame]	581	return 0;
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	582	}
Damien Miller	f7475d7	2008-11-03 19:26:18 +1100	[diff] [blame]	583
djm@openbsd.org	beb9e52	2018-09-14 05:26:27 +0000	[diff] [blame]	584	/*
				585	* Format an identity for logging including filename, key type, fingerprint
				586	* and location (agent, etc.). Caller must free.
				587	*/
				588	static char *
				589	format_identity(Identity *id)
				590	{
				591	char fp = NULL, ret = NULL;
				592
				593	if (id->key != NULL) {
				594	fp = sshkey_fingerprint(id->key, options.fingerprint_hash,
				595	SSH_FP_DEFAULT);
				596	}
				597	xasprintf(&ret, "%s %s%s%s%s%s%s",
				598	id->filename,
				599	id->key ? sshkey_type(id->key) : "", id->key ? " " : "",
				600	fp ? fp : "",
				601	id->userprovided ? " explicit" : "",
				602	(id->key && (id->key->flags & SSHKEY_FLAG_EXT)) ? " token" : "",
				603	id->agent_fd != -1 ? " agent" : "");
				604	free(fp);
				605	return ret;
				606	}
				607
Damien Miller	f7475d7	2008-11-03 19:26:18 +1100	[diff] [blame]	608	/* ARGSUSED */
markus@openbsd.org	3fdc88a	2015-01-19 20:07:45 +0000	[diff] [blame]	609	int
markus@openbsd.org	2ae666a	2017-05-30 14:23:52 +0000	[diff] [blame]	610	input_userauth_pk_ok(int type, u_int32_t seq, struct ssh *ssh)
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	611	{
markus@openbsd.org	94583be	2017-05-30 14:19:15 +0000	[diff] [blame]	612	Authctxt *authctxt = ssh->authctxt;
markus@openbsd.org	54d90ac	2017-05-30 08:52:19 +0000	[diff] [blame]	613	struct sshkey *key = NULL;
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	614	Identity *id = NULL;
djm@openbsd.org	beb9e52	2018-09-14 05:26:27 +0000	[diff] [blame]	615	int pktype, found = 0, sent = 0;
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	616	size_t blen;
djm@openbsd.org	beb9e52	2018-09-14 05:26:27 +0000	[diff] [blame]	617	char pkalg = NULL, fp = NULL, *ident = NULL;
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	618	u_char *pkblob = NULL;
				619	int r;
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	620
				621	if (authctxt == NULL)
				622	fatal("input_userauth_pk_ok: no authentication context");
djm@openbsd.org	14b5c63	2018-01-23 05:27:21 +0000	[diff] [blame]	623
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	624	if ((r = sshpkt_get_cstring(ssh, &pkalg, NULL)) != 0 \|\|
				625	(r = sshpkt_get_string(ssh, &pkblob, &blen)) != 0 \|\|
				626	(r = sshpkt_get_end(ssh)) != 0)
				627	goto done;
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	628
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	629	if ((pktype = sshkey_type_from_name(pkalg)) == KEY_UNSPEC) {
djm@openbsd.org	beb9e52	2018-09-14 05:26:27 +0000	[diff] [blame]	630	debug("%s: server sent unknown pkalg %s", __func__, pkalg);
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	631	goto done;
				632	}
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	633	if ((r = sshkey_from_blob(pkblob, blen, &key)) != 0) {
				634	debug("no key from blob. pkalg %s: %s", pkalg, ssh_err(r));
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	635	goto done;
				636	}
				637	if (key->type != pktype) {
				638	error("input_userauth_pk_ok: type mismatch "
				639	"for decoded key (received %d, expected %d)",
				640	key->type, pktype);
				641	goto done;
				642	}
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	643
Darren Tucker	d05b601	2003-10-15 15:55:59 +1000	[diff] [blame]	644	/*
				645	* search keys in the reverse order, because last candidate has been
				646	* moved to the end of the queue. this also avoids confusion by
				647	* duplicate keys
				648	*/
Damien Miller	0b51a52	2004-04-20 20:07:19 +1000	[diff] [blame]	649	TAILQ_FOREACH_REVERSE(id, &authctxt->keys, idlist, next) {
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	650	if (sshkey_equal(key, id->key)) {
djm@openbsd.org	beb9e52	2018-09-14 05:26:27 +0000	[diff] [blame]	651	found = 1;
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	652	break;
				653	}
				654	}
djm@openbsd.org	beb9e52	2018-09-14 05:26:27 +0000	[diff] [blame]	655	if (!found \|\| id == NULL) {
				656	fp = sshkey_fingerprint(key, options.fingerprint_hash,
				657	SSH_FP_DEFAULT);
				658	error("%s: server replied with unknown key: %s %s", __func__,
				659	sshkey_type(key), fp == NULL ? "<ERROR>" : fp);
				660	goto done;
				661	}
				662	ident = format_identity(id);
				663	debug("Server accepts key: %s", ident);
				664	sent = sign_and_send_pubkey(ssh, authctxt, id);
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	665	r = 0;
				666	done:
				667	sshkey_free(key);
djm@openbsd.org	beb9e52	2018-09-14 05:26:27 +0000	[diff] [blame]	668	free(ident);
				669	free(fp);
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	670	free(pkalg);
				671	free(pkblob);
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	672
Ben Lindstrom	a962c2f	2002-07-04 00:14:17 +0000	[diff] [blame]	673	/* try another method if we did not send a packet */
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	674	if (r == 0 && sent == 0)
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	675	userauth(authctxt, NULL);
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	676	return r;
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	677	}
				678
Darren Tucker	0efd155	2003-08-26 11:49:55 +1000	[diff] [blame]	679	#ifdef GSSAPI
Damien Miller	a8e06ce	2003-11-21 23:48:55 +1100	[diff] [blame]	680	int
Darren Tucker	0efd155	2003-08-26 11:49:55 +1000	[diff] [blame]	681	userauth_gssapi(Authctxt *authctxt)
				682	{
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	683	struct ssh ssh = active_state; / XXX */
Darren Tucker	0efd155	2003-08-26 11:49:55 +1000	[diff] [blame]	684	Gssctxt *gssctxt = NULL;
Darren Tucker	56afe14	2003-11-03 20:06:14 +1100	[diff] [blame]	685	static gss_OID_set gss_supported = NULL;
Damien Miller	eccb9de	2005-06-17 12:59:34 +1000	[diff] [blame]	686	static u_int mech = 0;
Darren Tucker	0efd155	2003-08-26 11:49:55 +1000	[diff] [blame]	687	OM_uint32 min;
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	688	int r, ok = 0;
Darren Tucker	0efd155	2003-08-26 11:49:55 +1000	[diff] [blame]	689
				690	/* Try one GSSAPI method at a time, rather than sending them all at
				691	* once. */
				692
Darren Tucker	56afe14	2003-11-03 20:06:14 +1100	[diff] [blame]	693	if (gss_supported == NULL)
				694	gss_indicate_mechs(&min, &gss_supported);
Darren Tucker	0efd155	2003-08-26 11:49:55 +1000	[diff] [blame]	695
				696	/* Check to see if the mechanism is usable before we offer it */
Darren Tucker	56afe14	2003-11-03 20:06:14 +1100	[diff] [blame]	697	while (mech < gss_supported->count && !ok) {
Darren Tucker	0efd155	2003-08-26 11:49:55 +1000	[diff] [blame]	698	/* My DER encoding requires length<128 */
Darren Tucker	56afe14	2003-11-03 20:06:14 +1100	[diff] [blame]	699	if (gss_supported->elements[mech].length < 128 &&
djm@openbsd.org	84623e0	2018-06-26 02:02:36 +0000	[diff] [blame]	700	ssh_gssapi_check_mechanism(&gssctxt,
Damien Miller	a1cb9f3	2006-08-19 00:33:34 +1000	[diff] [blame]	701	&gss_supported->elements[mech], authctxt->host)) {
Darren Tucker	0efd155	2003-08-26 11:49:55 +1000	[diff] [blame]	702	ok = 1; /* Mechanism works */
				703	} else {
				704	mech++;
				705	}
				706	}
				707
Damien Miller	a1cb9f3	2006-08-19 00:33:34 +1000	[diff] [blame]	708	if (!ok)
Damien Miller	eccb9de	2005-06-17 12:59:34 +1000	[diff] [blame]	709	return 0;
Darren Tucker	0efd155	2003-08-26 11:49:55 +1000	[diff] [blame]	710
				711	authctxt->methoddata=(void *)gssctxt;
				712
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	713	if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_REQUEST)) != 0 \|\|
				714	(r = sshpkt_put_cstring(ssh, authctxt->server_user)) != 0 \|\|
				715	(r = sshpkt_put_cstring(ssh, authctxt->service)) != 0 \|\|
				716	(r = sshpkt_put_cstring(ssh, authctxt->method->name)) != 0 \|\|
				717	(r = sshpkt_put_u32(ssh, 1)) != 0 \|\|
				718	(r = sshpkt_put_u32(ssh,
				719	(gss_supported->elements[mech].length) + 2)) != 0 \|\|
				720	(r = sshpkt_put_u8(ssh, SSH_GSS_OIDTYPE)) != 0 \|\|
				721	(r = sshpkt_put_u8(ssh,
				722	gss_supported->elements[mech].length)) != 0 \|\|
				723	(r = sshpkt_put(ssh,
				724	gss_supported->elements[mech].elements,
				725	gss_supported->elements[mech].length)) != 0 \|\|
				726	(r = sshpkt_send(ssh)) != 0)
				727	fatal("%s: %s", __func__, ssh_err(r));
Darren Tucker	0efd155	2003-08-26 11:49:55 +1000	[diff] [blame]	728
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	729	ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_RESPONSE, &input_gssapi_response);
				730	ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_TOKEN, &input_gssapi_token);
				731	ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_ERROR, &input_gssapi_error);
				732	ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, &input_gssapi_errtok);
Darren Tucker	0efd155	2003-08-26 11:49:55 +1000	[diff] [blame]	733
				734	mech++; /* Move along to next candidate */
				735
				736	return 1;
				737	}
				738
Damien Miller	91c6aa4	2003-11-17 21:20:18 +1100	[diff] [blame]	739	static OM_uint32
djm@openbsd.org	39896b7	2017-05-31 05:08:46 +0000	[diff] [blame]	740	process_gssapi_token(struct ssh *ssh, gss_buffer_t recv_tok)
Damien Miller	91c6aa4	2003-11-17 21:20:18 +1100	[diff] [blame]	741	{
markus@openbsd.org	94583be	2017-05-30 14:19:15 +0000	[diff] [blame]	742	Authctxt *authctxt = ssh->authctxt;
Damien Miller	91c6aa4	2003-11-17 21:20:18 +1100	[diff] [blame]	743	Gssctxt *gssctxt = authctxt->methoddata;
				744	gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
Damien Miller	da9984f	2005-08-31 19:46:26 +1000	[diff] [blame]	745	gss_buffer_desc mic = GSS_C_EMPTY_BUFFER;
				746	gss_buffer_desc gssbuf;
Damien Miller	0425d40	2003-11-17 22:18:21 +1100	[diff] [blame]	747	OM_uint32 status, ms, flags;
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	748	int r;
Damien Miller	787b2ec	2003-11-21 23:56:47 +1100	[diff] [blame]	749
Damien Miller	91c6aa4	2003-11-17 21:20:18 +1100	[diff] [blame]	750	status = ssh_gssapi_init_ctx(gssctxt, options.gss_deleg_creds,
Damien Miller	0425d40	2003-11-17 22:18:21 +1100	[diff] [blame]	751	recv_tok, &send_tok, &flags);
Damien Miller	91c6aa4	2003-11-17 21:20:18 +1100	[diff] [blame]	752
				753	if (send_tok.length > 0) {
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	754	u_char type = GSS_ERROR(status) ?
				755	SSH2_MSG_USERAUTH_GSSAPI_ERRTOK :
				756	SSH2_MSG_USERAUTH_GSSAPI_TOKEN;
Damien Miller	787b2ec	2003-11-21 23:56:47 +1100	[diff] [blame]	757
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	758	if ((r = sshpkt_start(ssh, type)) != 0 \|\|
				759	(r = sshpkt_put_string(ssh, send_tok.value,
				760	send_tok.length)) != 0 \|\|
				761	(r = sshpkt_send(ssh)) != 0)
				762	fatal("%s: %s", __func__, ssh_err(r));
				763
Damien Miller	91c6aa4	2003-11-17 21:20:18 +1100	[diff] [blame]	764	gss_release_buffer(&ms, &send_tok);
				765	}
Damien Miller	787b2ec	2003-11-21 23:56:47 +1100	[diff] [blame]	766
Damien Miller	91c6aa4	2003-11-17 21:20:18 +1100	[diff] [blame]	767	if (status == GSS_S_COMPLETE) {
Damien Miller	0425d40	2003-11-17 22:18:21 +1100	[diff] [blame]	768	/* send either complete or MIC, depending on mechanism */
				769	if (!(flags & GSS_C_INTEG_FLAG)) {
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	770	if ((r = sshpkt_start(ssh,
				771	SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE)) != 0 \|\|
				772	(r = sshpkt_send(ssh)) != 0)
				773	fatal("%s: %s", __func__, ssh_err(r));
Damien Miller	0425d40	2003-11-17 22:18:21 +1100	[diff] [blame]	774	} else {
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	775	struct sshbuf *b;
				776
				777	if ((b = sshbuf_new()) == NULL)
				778	fatal("%s: sshbuf_new failed", __func__);
				779	ssh_gssapi_buildmic(b, authctxt->server_user,
Damien Miller	0425d40	2003-11-17 22:18:21 +1100	[diff] [blame]	780	authctxt->service, "gssapi-with-mic");
				781
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	782	if ((gssbuf.value = sshbuf_mutable_ptr(b)) == NULL)
				783	fatal("%s: sshbuf_mutable_ptr failed", __func__);
				784	gssbuf.length = sshbuf_len(b);
Damien Miller	787b2ec	2003-11-21 23:56:47 +1100	[diff] [blame]	785
Damien Miller	0425d40	2003-11-17 22:18:21 +1100	[diff] [blame]	786	status = ssh_gssapi_sign(gssctxt, &gssbuf, &mic);
Damien Miller	787b2ec	2003-11-21 23:56:47 +1100	[diff] [blame]	787
Damien Miller	0425d40	2003-11-17 22:18:21 +1100	[diff] [blame]	788	if (!GSS_ERROR(status)) {
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	789	if ((r = sshpkt_start(ssh,
				790	SSH2_MSG_USERAUTH_GSSAPI_MIC)) != 0 \|\|
				791	(r = sshpkt_put_string(ssh, mic.value,
				792	mic.length)) != 0 \|\|
				793	(r = sshpkt_send(ssh)) != 0)
				794	fatal("%s: %s", __func__, ssh_err(r));
Damien Miller	0425d40	2003-11-17 22:18:21 +1100	[diff] [blame]	795	}
Damien Miller	787b2ec	2003-11-21 23:56:47 +1100	[diff] [blame]	796
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	797	sshbuf_free(b);
Damien Miller	0425d40	2003-11-17 22:18:21 +1100	[diff] [blame]	798	gss_release_buffer(&ms, &mic);
Damien Miller	787b2ec	2003-11-21 23:56:47 +1100	[diff] [blame]	799	}
Damien Miller	91c6aa4	2003-11-17 21:20:18 +1100	[diff] [blame]	800	}
Damien Miller	787b2ec	2003-11-21 23:56:47 +1100	[diff] [blame]	801
Damien Miller	91c6aa4	2003-11-17 21:20:18 +1100	[diff] [blame]	802	return status;
				803	}
				804
Damien Miller	f7475d7	2008-11-03 19:26:18 +1100	[diff] [blame]	805	/* ARGSUSED */
djm@openbsd.org	12b5f50	2015-01-20 07:56:44 +0000	[diff] [blame]	806	int
markus@openbsd.org	2ae666a	2017-05-30 14:23:52 +0000	[diff] [blame]	807	input_gssapi_response(int type, u_int32_t plen, struct ssh *ssh)
Darren Tucker	0efd155	2003-08-26 11:49:55 +1000	[diff] [blame]	808	{
markus@openbsd.org	94583be	2017-05-30 14:19:15 +0000	[diff] [blame]	809	Authctxt *authctxt = ssh->authctxt;
Darren Tucker	0efd155	2003-08-26 11:49:55 +1000	[diff] [blame]	810	Gssctxt *gssctxt;
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	811	size_t oidlen;
				812	u_char *oidv = NULL;
				813	int r;
Darren Tucker	0efd155	2003-08-26 11:49:55 +1000	[diff] [blame]	814
				815	if (authctxt == NULL)
				816	fatal("input_gssapi_response: no authentication context");
				817	gssctxt = authctxt->methoddata;
				818
				819	/* Setup our OID */
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	820	if ((r = sshpkt_get_string(ssh, &oidv, &oidlen)) != 0)
				821	goto done;
Darren Tucker	0efd155	2003-08-26 11:49:55 +1000	[diff] [blame]	822
Darren Tucker	655a5e0	2003-11-03 20:09:03 +1100	[diff] [blame]	823	if (oidlen <= 2 \|\|
				824	oidv[0] != SSH_GSS_OIDTYPE \|\|
				825	oidv[1] != oidlen - 2) {
				826	debug("Badly encoded mechanism OID received");
				827	userauth(authctxt, NULL);
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	828	goto ok;
Darren Tucker	0efd155	2003-08-26 11:49:55 +1000	[diff] [blame]	829	}
				830
Darren Tucker	655a5e0	2003-11-03 20:09:03 +1100	[diff] [blame]	831	if (!ssh_gssapi_check_oid(gssctxt, oidv + 2, oidlen - 2))
				832	fatal("Server returned different OID than expected");
				833
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	834	if ((r = sshpkt_get_end(ssh)) != 0)
				835	goto done;
Darren Tucker	0efd155	2003-08-26 11:49:55 +1000	[diff] [blame]	836
djm@openbsd.org	39896b7	2017-05-31 05:08:46 +0000	[diff] [blame]	837	if (GSS_ERROR(process_gssapi_token(ssh, GSS_C_NO_BUFFER))) {
Darren Tucker	0efd155	2003-08-26 11:49:55 +1000	[diff] [blame]	838	/* Start again with next method on list */
				839	debug("Trying to start again");
				840	userauth(authctxt, NULL);
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	841	goto ok;
Darren Tucker	0efd155	2003-08-26 11:49:55 +1000	[diff] [blame]	842	}
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	843	ok:
				844	r = 0;
				845	done:
				846	free(oidv);
				847	return r;
Darren Tucker	0efd155	2003-08-26 11:49:55 +1000	[diff] [blame]	848	}
				849
Damien Miller	f7475d7	2008-11-03 19:26:18 +1100	[diff] [blame]	850	/* ARGSUSED */
djm@openbsd.org	12b5f50	2015-01-20 07:56:44 +0000	[diff] [blame]	851	int
markus@openbsd.org	2ae666a	2017-05-30 14:23:52 +0000	[diff] [blame]	852	input_gssapi_token(int type, u_int32_t plen, struct ssh *ssh)
Darren Tucker	0efd155	2003-08-26 11:49:55 +1000	[diff] [blame]	853	{
markus@openbsd.org	94583be	2017-05-30 14:19:15 +0000	[diff] [blame]	854	Authctxt *authctxt = ssh->authctxt;
Darren Tucker	0efd155	2003-08-26 11:49:55 +1000	[diff] [blame]	855	gss_buffer_desc recv_tok;
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	856	u_char *p = NULL;
				857	size_t len;
Damien Miller	91c6aa4	2003-11-17 21:20:18 +1100	[diff] [blame]	858	OM_uint32 status;
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	859	int r;
Darren Tucker	0efd155	2003-08-26 11:49:55 +1000	[diff] [blame]	860
				861	if (authctxt == NULL)
				862	fatal("input_gssapi_response: no authentication context");
Darren Tucker	0efd155	2003-08-26 11:49:55 +1000	[diff] [blame]	863
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	864	if ((r = sshpkt_get_string(ssh, &p, &len)) != 0 \|\|
				865	(r = sshpkt_get_end(ssh)) != 0)
				866	goto out;
Darren Tucker	0efd155	2003-08-26 11:49:55 +1000	[diff] [blame]	867
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	868	recv_tok.value = p;
				869	recv_tok.length = len;
djm@openbsd.org	39896b7	2017-05-31 05:08:46 +0000	[diff] [blame]	870	status = process_gssapi_token(ssh, &recv_tok);
Darren Tucker	0efd155	2003-08-26 11:49:55 +1000	[diff] [blame]	871
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	872	/* Start again with the next method in the list */
Darren Tucker	0efd155	2003-08-26 11:49:55 +1000	[diff] [blame]	873	if (GSS_ERROR(status)) {
Darren Tucker	0efd155	2003-08-26 11:49:55 +1000	[diff] [blame]	874	userauth(authctxt, NULL);
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	875	/* ok */
Darren Tucker	0efd155	2003-08-26 11:49:55 +1000	[diff] [blame]	876	}
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	877	r = 0;
				878	out:
				879	free(p);
				880	return r;
Darren Tucker	0efd155	2003-08-26 11:49:55 +1000	[diff] [blame]	881	}
				882
Damien Miller	f7475d7	2008-11-03 19:26:18 +1100	[diff] [blame]	883	/* ARGSUSED */
djm@openbsd.org	12b5f50	2015-01-20 07:56:44 +0000	[diff] [blame]	884	int
markus@openbsd.org	2ae666a	2017-05-30 14:23:52 +0000	[diff] [blame]	885	input_gssapi_errtok(int type, u_int32_t plen, struct ssh *ssh)
Darren Tucker	0efd155	2003-08-26 11:49:55 +1000	[diff] [blame]	886	{
markus@openbsd.org	94583be	2017-05-30 14:19:15 +0000	[diff] [blame]	887	Authctxt *authctxt = ssh->authctxt;
Darren Tucker	0efd155	2003-08-26 11:49:55 +1000	[diff] [blame]	888	Gssctxt *gssctxt;
				889	gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
				890	gss_buffer_desc recv_tok;
Damien Miller	d677ad1	2013-04-23 15:18:51 +1000	[diff] [blame]	891	OM_uint32 ms;
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	892	u_char *p = NULL;
				893	size_t len;
				894	int r;
Darren Tucker	0efd155	2003-08-26 11:49:55 +1000	[diff] [blame]	895
				896	if (authctxt == NULL)
				897	fatal("input_gssapi_response: no authentication context");
				898	gssctxt = authctxt->methoddata;
				899
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	900	if ((r = sshpkt_get_string(ssh, &p, &len)) != 0 \|\|
				901	(r = sshpkt_get_end(ssh)) != 0) {
				902	free(p);
				903	return r;
				904	}
Darren Tucker	0efd155	2003-08-26 11:49:55 +1000	[diff] [blame]	905
				906	/* Stick it into GSSAPI and see what it says */
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	907	recv_tok.value = p;
				908	recv_tok.length = len;
Damien Miller	d677ad1	2013-04-23 15:18:51 +1000	[diff] [blame]	909	(void)ssh_gssapi_init_ctx(gssctxt, options.gss_deleg_creds,
Damien Miller	0dc1bef	2005-07-17 17:22:45 +1000	[diff] [blame]	910	&recv_tok, &send_tok, NULL);
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	911	free(p);
Darren Tucker	0efd155	2003-08-26 11:49:55 +1000	[diff] [blame]	912	gss_release_buffer(&ms, &send_tok);
				913
				914	/* Server will be returning a failed packet after this one */
djm@openbsd.org	12b5f50	2015-01-20 07:56:44 +0000	[diff] [blame]	915	return 0;
Darren Tucker	0efd155	2003-08-26 11:49:55 +1000	[diff] [blame]	916	}
				917
Damien Miller	f7475d7	2008-11-03 19:26:18 +1100	[diff] [blame]	918	/* ARGSUSED */
djm@openbsd.org	12b5f50	2015-01-20 07:56:44 +0000	[diff] [blame]	919	int
markus@openbsd.org	2ae666a	2017-05-30 14:23:52 +0000	[diff] [blame]	920	input_gssapi_error(int type, u_int32_t plen, struct ssh *ssh)
Darren Tucker	0efd155	2003-08-26 11:49:55 +1000	[diff] [blame]	921	{
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	922	char *msg = NULL;
				923	char *lang = NULL;
				924	int r;
Darren Tucker	0efd155	2003-08-26 11:49:55 +1000	[diff] [blame]	925
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	926	if ((r = sshpkt_get_u32(ssh, NULL)) != 0 \|\| /* maj */
				927	(r = sshpkt_get_u32(ssh, NULL)) != 0 \|\| /* min */
				928	(r = sshpkt_get_cstring(ssh, &msg, NULL)) != 0 \|\|
				929	(r = sshpkt_get_cstring(ssh, &lang, NULL)) != 0)
				930	goto out;
				931	r = sshpkt_get_end(ssh);
Damien Miller	15d72a0	2005-11-05 15:07:33 +1100	[diff] [blame]	932	debug("Server GSSAPI Error:\n%s", msg);
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	933	out:
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	934	free(msg);
				935	free(lang);
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	936	return r;
Darren Tucker	0efd155	2003-08-26 11:49:55 +1000	[diff] [blame]	937	}
				938	#endif /* GSSAPI */
				939
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	940	int
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	941	userauth_none(Authctxt *authctxt)
				942	{
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	943	struct ssh ssh = active_state; / XXX */
				944	int r;
				945
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	946	/* initial userauth request */
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	947	if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_REQUEST)) != 0 \|\|
				948	(r = sshpkt_put_cstring(ssh, authctxt->server_user)) != 0 \|\|
				949	(r = sshpkt_put_cstring(ssh, authctxt->service)) != 0 \|\|
				950	(r = sshpkt_put_cstring(ssh, authctxt->method->name)) != 0 \|\|
				951	(r = sshpkt_send(ssh)) != 0)
				952	fatal("%s: %s", __func__, ssh_err(r));
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	953	return 1;
				954	}
				955
				956	int
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	957	userauth_passwd(Authctxt *authctxt)
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	958	{
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	959	struct ssh ssh = active_state; / XXX */
Damien Miller	e247cc4	2000-05-07 12:03:14 +1000	[diff] [blame]	960	static int attempt = 0;
dtucker@openbsd.org	a54eb27	2017-08-27 00:38:41 +0000	[diff] [blame]	961	char prompt[256];
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	962	char *password;
Darren Tucker	ab79169	2010-01-08 18:48:02 +1100	[diff] [blame]	963	const char *host = options.host_key_alias ? options.host_key_alias :
				964	authctxt->host;
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	965	int r;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	966
Damien Miller	d3a1857	2000-06-07 19:55:44 +1000	[diff] [blame]	967	if (attempt++ >= options.number_of_password_prompts)
Damien Miller	e247cc4	2000-05-07 12:03:14 +1000	[diff] [blame]	968	return 0;
				969
Ben Lindstrom	1c37c6a	2001-12-06 18:00:18 +0000	[diff] [blame]	970	if (attempt != 1)
Damien Miller	d3a1857	2000-06-07 19:55:44 +1000	[diff] [blame]	971	error("Permission denied, please try again.");
				972
Ben Lindstrom	03df5bd	2001-02-10 22:16:41 +0000	[diff] [blame]	973	snprintf(prompt, sizeof(prompt), "%.30s@%.128s's password: ",
Darren Tucker	ab79169	2010-01-08 18:48:02 +1100	[diff] [blame]	974	authctxt->server_user, host);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	975	password = read_passphrase(prompt, 0);
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	976	if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_REQUEST)) != 0 \|\|
				977	(r = sshpkt_put_cstring(ssh, authctxt->server_user)) != 0 \|\|
				978	(r = sshpkt_put_cstring(ssh, authctxt->service)) != 0 \|\|
				979	(r = sshpkt_put_cstring(ssh, authctxt->method->name)) != 0 \|\|
				980	(r = sshpkt_put_u8(ssh, 0)) != 0 \|\|
				981	(r = sshpkt_put_cstring(ssh, password)) != 0 \|\|
				982	(r = sshpkt_add_padding(ssh, 64)) != 0 \|\|
				983	(r = sshpkt_send(ssh)) != 0)
				984	fatal("%s: %s", __func__, ssh_err(r));
Ben Lindstrom	38a69e6	2002-03-27 17:28:46 +0000	[diff] [blame]	985
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	986	if (password)
				987	freezero(password, strlen(password));
				988
				989	ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ,
Ben Lindstrom	38a69e6	2002-03-27 17:28:46 +0000	[diff] [blame]	990	&input_userauth_passwd_changereq);
				991
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	992	return 1;
				993	}
Damien Miller	f7475d7	2008-11-03 19:26:18 +1100	[diff] [blame]	994
Ben Lindstrom	38a69e6	2002-03-27 17:28:46 +0000	[diff] [blame]	995	/*
				996	* parse PASSWD_CHANGEREQ, prompt user and send SSH2_MSG_USERAUTH_REQUEST
				997	*/
Damien Miller	f7475d7	2008-11-03 19:26:18 +1100	[diff] [blame]	998	/* ARGSUSED */
markus@openbsd.org	3fdc88a	2015-01-19 20:07:45 +0000	[diff] [blame]	999	int
markus@openbsd.org	2ae666a	2017-05-30 14:23:52 +0000	[diff] [blame]	1000	input_userauth_passwd_changereq(int type, u_int32_t seqnr, struct ssh *ssh)
Ben Lindstrom	38a69e6	2002-03-27 17:28:46 +0000	[diff] [blame]	1001	{
markus@openbsd.org	94583be	2017-05-30 14:19:15 +0000	[diff] [blame]	1002	Authctxt *authctxt = ssh->authctxt;
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	1003	char info = NULL, lang = NULL, password = NULL, retype = NULL;
dtucker@openbsd.org	a54eb27	2017-08-27 00:38:41 +0000	[diff] [blame]	1004	char prompt[256];
djm@openbsd.org	3e032a9	2017-01-30 00:32:03 +0000	[diff] [blame]	1005	const char *host;
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	1006	int r;
Ben Lindstrom	38a69e6	2002-03-27 17:28:46 +0000	[diff] [blame]	1007
				1008	debug2("input_userauth_passwd_changereq");
				1009
				1010	if (authctxt == NULL)
				1011	fatal("input_userauth_passwd_changereq: "
				1012	"no authentication context");
djm@openbsd.org	3e032a9	2017-01-30 00:32:03 +0000	[diff] [blame]	1013	host = options.host_key_alias ? options.host_key_alias : authctxt->host;
Ben Lindstrom	38a69e6	2002-03-27 17:28:46 +0000	[diff] [blame]	1014
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	1015	if ((r = sshpkt_get_cstring(ssh, &info, NULL)) != 0 \|\|
				1016	(r = sshpkt_get_cstring(ssh, &lang, NULL)) != 0)
				1017	goto out;
Ben Lindstrom	38a69e6	2002-03-27 17:28:46 +0000	[diff] [blame]	1018	if (strlen(info) > 0)
Damien Miller	996acd2	2003-04-09 20:59:48 +1000	[diff] [blame]	1019	logit("%s", info);
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	1020	if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_REQUEST)) != 0 \|\|
				1021	(r = sshpkt_put_cstring(ssh, authctxt->server_user)) != 0 \|\|
				1022	(r = sshpkt_put_cstring(ssh, authctxt->service)) != 0 \|\|
				1023	(r = sshpkt_put_cstring(ssh, authctxt->method->name)) != 0 \|\|
				1024	(r = sshpkt_put_u8(ssh, 1)) != 0) /* additional info */
				1025	goto out;
				1026
Ben Lindstrom	cb72e4f	2002-06-21 00:41:51 +0000	[diff] [blame]	1027	snprintf(prompt, sizeof(prompt),
Ben Lindstrom	38a69e6	2002-03-27 17:28:46 +0000	[diff] [blame]	1028	"Enter %.30s@%.128s's old password: ",
Darren Tucker	ab79169	2010-01-08 18:48:02 +1100	[diff] [blame]	1029	authctxt->server_user, host);
Ben Lindstrom	38a69e6	2002-03-27 17:28:46 +0000	[diff] [blame]	1030	password = read_passphrase(prompt, 0);
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	1031	if ((r = sshpkt_put_cstring(ssh, password)) != 0)
				1032	goto out;
				1033
				1034	freezero(password, strlen(password));
Ben Lindstrom	38a69e6	2002-03-27 17:28:46 +0000	[diff] [blame]	1035	password = NULL;
				1036	while (password == NULL) {
Ben Lindstrom	cb72e4f	2002-06-21 00:41:51 +0000	[diff] [blame]	1037	snprintf(prompt, sizeof(prompt),
Ben Lindstrom	38a69e6	2002-03-27 17:28:46 +0000	[diff] [blame]	1038	"Enter %.30s@%.128s's new password: ",
Darren Tucker	ab79169	2010-01-08 18:48:02 +1100	[diff] [blame]	1039	authctxt->server_user, host);
Ben Lindstrom	38a69e6	2002-03-27 17:28:46 +0000	[diff] [blame]	1040	password = read_passphrase(prompt, RP_ALLOW_EOF);
				1041	if (password == NULL) {
				1042	/* bail out */
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	1043	r = 0;
				1044	goto out;
Ben Lindstrom	38a69e6	2002-03-27 17:28:46 +0000	[diff] [blame]	1045	}
Ben Lindstrom	cb72e4f	2002-06-21 00:41:51 +0000	[diff] [blame]	1046	snprintf(prompt, sizeof(prompt),
Ben Lindstrom	38a69e6	2002-03-27 17:28:46 +0000	[diff] [blame]	1047	"Retype %.30s@%.128s's new password: ",
Darren Tucker	ab79169	2010-01-08 18:48:02 +1100	[diff] [blame]	1048	authctxt->server_user, host);
Ben Lindstrom	38a69e6	2002-03-27 17:28:46 +0000	[diff] [blame]	1049	retype = read_passphrase(prompt, 0);
				1050	if (strcmp(password, retype) != 0) {
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	1051	freezero(password, strlen(password));
Damien Miller	996acd2	2003-04-09 20:59:48 +1000	[diff] [blame]	1052	logit("Mismatch; try again, EOF to quit.");
Ben Lindstrom	38a69e6	2002-03-27 17:28:46 +0000	[diff] [blame]	1053	password = NULL;
				1054	}
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	1055	freezero(retype, strlen(retype));
Ben Lindstrom	38a69e6	2002-03-27 17:28:46 +0000	[diff] [blame]	1056	}
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	1057	if ((r = sshpkt_put_cstring(ssh, password)) != 0 \|\|
				1058	(r = sshpkt_add_padding(ssh, 64)) != 0 \|\|
				1059	(r = sshpkt_send(ssh)) != 0)
				1060	goto out;
Ben Lindstrom	cb72e4f	2002-06-21 00:41:51 +0000	[diff] [blame]	1061
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	1062	ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ,
Ben Lindstrom	38a69e6	2002-03-27 17:28:46 +0000	[diff] [blame]	1063	&input_userauth_passwd_changereq);
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	1064	r = 0;
				1065	out:
				1066	if (password)
				1067	freezero(password, strlen(password));
				1068	free(info);
				1069	free(lang);
				1070	return r;
Ben Lindstrom	38a69e6	2002-03-27 17:28:46 +0000	[diff] [blame]	1071	}
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	1072
djm@openbsd.org	2607438	2018-03-03 03:01:50 +0000	[diff] [blame]	1073	/*
djm@openbsd.org	4ba0d54	2018-07-03 11:39:54 +0000	[diff] [blame]	1074	* Select an algorithm for publickey signatures.
				1075	* Returns algorithm (caller must free) or NULL if no mutual algorithm found.
				1076	*
				1077	* Call with ssh==NULL to ignore server-sig-algs extension list and
				1078	* only attempt with the key's base signature type.
djm@openbsd.org	2607438	2018-03-03 03:01:50 +0000	[diff] [blame]	1079	*/
djm@openbsd.org	4ba0d54	2018-07-03 11:39:54 +0000	[diff] [blame]	1080	static char *
				1081	key_sig_algorithm(struct ssh ssh, const struct sshkey key)
djm@openbsd.org	2607438	2018-03-03 03:01:50 +0000	[diff] [blame]	1082	{
djm@openbsd.org	b4d4eda	2018-07-03 13:20:25 +0000	[diff] [blame]	1083	char allowed, oallowed, cp, tmp, *alg = NULL;
djm@openbsd.org	2607438	2018-03-03 03:01:50 +0000	[diff] [blame]	1084
djm@openbsd.org	4ba0d54	2018-07-03 11:39:54 +0000	[diff] [blame]	1085	/*
				1086	* The signature algorithm will only differ from the key algorithm
				1087	* for RSA keys/certs and when the server advertises support for
				1088	* newer (SHA2) algorithms.
				1089	*/
				1090	if (ssh == NULL \|\| ssh->kex->server_sig_algs == NULL \|\|
djm@openbsd.org	1a4a9cf	2018-10-11 03:48:04 +0000	[diff] [blame]	1091	(key->type != KEY_RSA && key->type != KEY_RSA_CERT) \|\|
				1092	(key->type == KEY_RSA_CERT && (datafellows & SSH_BUG_SIGTYPE))) {
djm@openbsd.org	4ba0d54	2018-07-03 11:39:54 +0000	[diff] [blame]	1093	/* Filter base key signature alg against our configuration */
markus@openbsd.org	5467fbc	2018-07-11 18:53:29 +0000	[diff] [blame]	1094	return match_list(sshkey_ssh_name(key),
djm@openbsd.org	4ba0d54	2018-07-03 11:39:54 +0000	[diff] [blame]	1095	options.pubkey_key_types, NULL);
djm@openbsd.org	2607438	2018-03-03 03:01:50 +0000	[diff] [blame]	1096	}
djm@openbsd.org	4ba0d54	2018-07-03 11:39:54 +0000	[diff] [blame]	1097
				1098	/*
				1099	* For RSA keys/certs, since these might have a different sig type:
				1100	* find the first entry in PubkeyAcceptedKeyTypes of the right type
				1101	* that also appears in the supported signature algorithms list from
				1102	* the server.
				1103	*/
				1104	oallowed = allowed = xstrdup(options.pubkey_key_types);
				1105	while ((cp = strsep(&allowed, ",")) != NULL) {
				1106	if (sshkey_type_from_name(cp) != key->type)
				1107	continue;
djm@openbsd.org	b4d4eda	2018-07-03 13:20:25 +0000	[diff] [blame]	1108	tmp = match_list(sshkey_sigalg_by_name(cp), ssh->kex->server_sig_algs, NULL);
				1109	if (tmp != NULL)
				1110	alg = xstrdup(cp);
				1111	free(tmp);
djm@openbsd.org	4ba0d54	2018-07-03 11:39:54 +0000	[diff] [blame]	1112	if (alg != NULL)
				1113	break;
				1114	}
				1115	free(oallowed);
				1116	return alg;
djm@openbsd.org	2607438	2018-03-03 03:01:50 +0000	[diff] [blame]	1117	}
				1118
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	1119	static int
djm@openbsd.org	141efe4	2015-01-14 20:05:27 +0000	[diff] [blame]	1120	identity_sign(struct identity id, u_char sigp, size_t lenp,
djm@openbsd.org	4ba0d54	2018-07-03 11:39:54 +0000	[diff] [blame]	1121	const u_char data, size_t datalen, u_int compat, const char alg)
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	1122	{
markus@openbsd.org	54d90ac	2017-05-30 08:52:19 +0000	[diff] [blame]	1123	struct sshkey *prv;
djm@openbsd.org	2607438	2018-03-03 03:01:50 +0000	[diff] [blame]	1124	int r;
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	1125
djm@openbsd.org	4ba0d54	2018-07-03 11:39:54 +0000	[diff] [blame]	1126	/* The agent supports this key. */
djm@openbsd.org	2607438	2018-03-03 03:01:50 +0000	[diff] [blame]	1127	if (id->key != NULL && id->agent_fd != -1) {
djm@openbsd.org	4ba0d54	2018-07-03 11:39:54 +0000	[diff] [blame]	1128	return ssh_agent_sign(id->agent_fd, id->key, sigp, lenp,
				1129	data, datalen, alg, compat);
				1130	}
				1131
				1132	/*
				1133	* We have already loaded the private key or the private key is
				1134	* stored in external hardware.
				1135	*/
				1136	if (id->key != NULL &&
				1137	(id->isprivate \|\| (id->key->flags & SSHKEY_FLAG_EXT))) {
				1138	if ((r = sshkey_sign(id->key, sigp, lenp, data, datalen,
				1139	alg, compat)) != 0)
				1140	return r;
				1141	/*
				1142	* PKCS#11 tokens may not support all signature algorithms,
				1143	* so check what we get back.
				1144	*/
				1145	if ((r = sshkey_check_sigtype(sigp, lenp, alg)) != 0)
djm@openbsd.org	2607438	2018-03-03 03:01:50 +0000	[diff] [blame]	1146	return r;
				1147	return 0;
				1148	}
djm@openbsd.org	141efe4	2015-01-14 20:05:27 +0000	[diff] [blame]	1149
djm@openbsd.org	4ba0d54	2018-07-03 11:39:54 +0000	[diff] [blame]	1150	/* Load the private key from the file. */
jcs@openbsd.org	f361df4	2015-11-15 22:26:49 +0000	[diff] [blame]	1151	if ((prv = load_identity_file(id)) == NULL)
djm@openbsd.org	0d1451a	2016-02-23 01:34:14 +0000	[diff] [blame]	1152	return SSH_ERR_KEY_NOT_FOUND;
djm@openbsd.org	c4972d0	2017-08-11 04:47:12 +0000	[diff] [blame]	1153	if (id->key != NULL && !sshkey_equal_public(prv, id->key)) {
				1154	error("%s: private key %s contents do not match public",
				1155	__func__, id->filename);
				1156	return SSH_ERR_KEY_NOT_FOUND;
				1157	}
djm@openbsd.org	4ba0d54	2018-07-03 11:39:54 +0000	[diff] [blame]	1158	r = sshkey_sign(prv, sigp, lenp, data, datalen, alg, compat);
djm@openbsd.org	141efe4	2015-01-14 20:05:27 +0000	[diff] [blame]	1159	sshkey_free(prv);
djm@openbsd.org	2607438	2018-03-03 03:01:50 +0000	[diff] [blame]	1160	return r;
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	1161	}
				1162
				1163	static int
djm@openbsd.org	1e24552	2017-03-11 23:40:26 +0000	[diff] [blame]	1164	id_filename_matches(Identity id, Identity private_id)
				1165	{
				1166	const char *suffixes[] = { ".pub", "-cert.pub", NULL };
				1167	size_t len = strlen(id->filename), plen = strlen(private_id->filename);
				1168	size_t i, slen;
				1169
				1170	if (strcmp(id->filename, private_id->filename) == 0)
				1171	return 1;
				1172	for (i = 0; suffixes[i]; i++) {
				1173	slen = strlen(suffixes[i]);
				1174	if (len > slen && plen == len - slen &&
				1175	strcmp(id->filename + (len - slen), suffixes[i]) == 0 &&
				1176	memcmp(id->filename, private_id->filename, plen) == 0)
				1177	return 1;
				1178	}
				1179	return 0;
				1180	}
				1181
				1182	static int
djm@openbsd.org	4ba0d54	2018-07-03 11:39:54 +0000	[diff] [blame]	1183	sign_and_send_pubkey(struct ssh ssh, Authctxt authctxt, Identity *id)
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	1184	{
djm@openbsd.org	4ba0d54	2018-07-03 11:39:54 +0000	[diff] [blame]	1185	struct sshbuf *b = NULL;
				1186	Identity private_id, sign_id = NULL;
				1187	u_char *signature = NULL;
				1188	size_t slen = 0, skip = 0;
				1189	int r, fallback_sigtype, sent = 0;
				1190	char alg = NULL, fp = NULL;
				1191	const char *loc = "";
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	1192
djm@openbsd.org	9ce86c9	2015-01-28 22:36:00 +0000	[diff] [blame]	1193	if ((fp = sshkey_fingerprint(id->key, options.fingerprint_hash,
				1194	SSH_FP_DEFAULT)) == NULL)
				1195	return 0;
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	1196
djm@openbsd.org	4ba0d54	2018-07-03 11:39:54 +0000	[diff] [blame]	1197	debug3("%s: %s %s", __func__, sshkey_type(id->key), fp);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	1198
djm@openbsd.org	4e44a79	2015-09-24 06:15:11 +0000	[diff] [blame]	1199	/*
				1200	* If the key is an certificate, try to find a matching private key
				1201	* and use it to complete the signature.
djm@openbsd.org	9ee692f	2016-04-28 14:30:21 +0000	[diff] [blame]	1202	* If no such private key exists, fall back to trying the certificate
				1203	* key itself in case it has a private half already loaded.
djm@openbsd.org	4ba0d54	2018-07-03 11:39:54 +0000	[diff] [blame]	1204	* This will try to set sign_id to the private key that will perform
				1205	* the signature.
djm@openbsd.org	4e44a79	2015-09-24 06:15:11 +0000	[diff] [blame]	1206	*/
djm@openbsd.org	4ba0d54	2018-07-03 11:39:54 +0000	[diff] [blame]	1207	if (sshkey_is_cert(id->key)) {
djm@openbsd.org	4e44a79	2015-09-24 06:15:11 +0000	[diff] [blame]	1208	TAILQ_FOREACH(private_id, &authctxt->keys, next) {
				1209	if (sshkey_equal_public(id->key, private_id->key) &&
				1210	id->key->type != private_id->key->type) {
djm@openbsd.org	4ba0d54	2018-07-03 11:39:54 +0000	[diff] [blame]	1211	sign_id = private_id;
djm@openbsd.org	4e44a79	2015-09-24 06:15:11 +0000	[diff] [blame]	1212	break;
				1213	}
				1214	}
djm@openbsd.org	1e24552	2017-03-11 23:40:26 +0000	[diff] [blame]	1215	/*
				1216	* Exact key matches are preferred, but also allow
				1217	* filename matches for non-PKCS#11/agent keys that
				1218	* didn't load public keys. This supports the case
				1219	* of keeping just a private key file and public
				1220	* certificate on disk.
				1221	*/
djm@openbsd.org	4ba0d54	2018-07-03 11:39:54 +0000	[diff] [blame]	1222	if (sign_id == NULL &&
				1223	!id->isprivate && id->agent_fd == -1 &&
djm@openbsd.org	1e24552	2017-03-11 23:40:26 +0000	[diff] [blame]	1224	(id->key->flags & SSHKEY_FLAG_EXT) == 0) {
				1225	TAILQ_FOREACH(private_id, &authctxt->keys, next) {
				1226	if (private_id->key == NULL &&
				1227	id_filename_matches(id, private_id)) {
djm@openbsd.org	4ba0d54	2018-07-03 11:39:54 +0000	[diff] [blame]	1228	sign_id = private_id;
djm@openbsd.org	1e24552	2017-03-11 23:40:26 +0000	[diff] [blame]	1229	break;
				1230	}
				1231	}
				1232	}
djm@openbsd.org	4ba0d54	2018-07-03 11:39:54 +0000	[diff] [blame]	1233	if (sign_id != NULL) {
djm@openbsd.org	4e44a79	2015-09-24 06:15:11 +0000	[diff] [blame]	1234	debug2("%s: using private key \"%s\"%s for "
				1235	"certificate", __func__, id->filename,
				1236	id->agent_fd != -1 ? " from agent" : "");
				1237	} else {
djm@openbsd.org	c38905b	2016-03-14 16:20:54 +0000	[diff] [blame]	1238	debug("%s: no separate private key for certificate "
djm@openbsd.org	4e44a79	2015-09-24 06:15:11 +0000	[diff] [blame]	1239	"\"%s\"", __func__, id->filename);
djm@openbsd.org	4e44a79	2015-09-24 06:15:11 +0000	[diff] [blame]	1240	}
				1241	}
				1242
djm@openbsd.org	4ba0d54	2018-07-03 11:39:54 +0000	[diff] [blame]	1243	/*
				1244	* If the above didn't select another identity to do the signing
				1245	* then default to the one we started with.
				1246	*/
				1247	if (sign_id == NULL)
				1248	sign_id = id;
				1249
				1250	/* assemble and sign data */
				1251	for (fallback_sigtype = 0; fallback_sigtype <= 1; fallback_sigtype++) {
				1252	free(alg);
				1253	slen = 0;
				1254	signature = NULL;
				1255	if ((alg = key_sig_algorithm(fallback_sigtype ? NULL : ssh,
				1256	id->key)) == NULL) {
				1257	error("%s: no mutual signature supported", __func__);
				1258	goto out;
				1259	}
				1260	debug3("%s: signing using %s", __func__, alg);
				1261
				1262	sshbuf_free(b);
				1263	if ((b = sshbuf_new()) == NULL)
				1264	fatal("%s: sshbuf_new failed", __func__);
				1265	if (datafellows & SSH_OLD_SESSIONID) {
				1266	if ((r = sshbuf_put(b, session_id2,
				1267	session_id2_len)) != 0) {
				1268	fatal("%s: sshbuf_put: %s",
				1269	__func__, ssh_err(r));
				1270	}
				1271	} else {
				1272	if ((r = sshbuf_put_string(b, session_id2,
				1273	session_id2_len)) != 0) {
				1274	fatal("%s: sshbuf_put_string: %s",
				1275	__func__, ssh_err(r));
				1276	}
				1277	}
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	1278	skip = sshbuf_len(b);
djm@openbsd.org	4ba0d54	2018-07-03 11:39:54 +0000	[diff] [blame]	1279	if ((r = sshbuf_put_u8(b, SSH2_MSG_USERAUTH_REQUEST)) != 0 \|\|
				1280	(r = sshbuf_put_cstring(b, authctxt->server_user)) != 0 \|\|
				1281	(r = sshbuf_put_cstring(b, authctxt->service)) != 0 \|\|
				1282	(r = sshbuf_put_cstring(b, authctxt->method->name)) != 0 \|\|
				1283	(r = sshbuf_put_u8(b, 1)) != 0 \|\|
				1284	(r = sshbuf_put_cstring(b, alg)) != 0 \|\|
				1285	(r = sshkey_puts(id->key, b)) != 0) {
				1286	fatal("%s: assemble signed data: %s",
				1287	__func__, ssh_err(r));
				1288	}
				1289
				1290	/* generate signature */
				1291	r = identity_sign(sign_id, &signature, &slen,
				1292	sshbuf_ptr(b), sshbuf_len(b), datafellows, alg);
				1293	if (r == 0)
				1294	break;
				1295	else if (r == SSH_ERR_KEY_NOT_FOUND)
				1296	goto out; /* soft failure */
				1297	else if (r == SSH_ERR_SIGN_ALG_UNSUPPORTED &&
				1298	!fallback_sigtype) {
				1299	if (sign_id->agent_fd != -1)
				1300	loc = "agent ";
				1301	else if ((sign_id->key->flags & SSHKEY_FLAG_EXT) != 0)
				1302	loc = "token ";
				1303	logit("%skey %s %s returned incorrect signature type",
				1304	loc, sshkey_type(id->key), fp);
				1305	continue;
				1306	}
				1307	error("%s: signing failed: %s", __func__, ssh_err(r));
				1308	goto out;
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	1309	}
djm@openbsd.org	4ba0d54	2018-07-03 11:39:54 +0000	[diff] [blame]	1310	if (slen == 0 \|\| signature == NULL) /* shouldn't happen */
				1311	fatal("%s: no signature", __func__);
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	1312
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	1313	/* append signature */
djm@openbsd.org	4ba0d54	2018-07-03 11:39:54 +0000	[diff] [blame]	1314	if ((r = sshbuf_put_string(b, signature, slen)) != 0)
				1315	fatal("%s: append signature: %s", __func__, ssh_err(r));
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	1316
djm@openbsd.org	4ba0d54	2018-07-03 11:39:54 +0000	[diff] [blame]	1317	#ifdef DEBUG_PK
				1318	sshbuf_dump(b, stderr);
				1319	#endif
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	1320	/* skip session id and packet type */
djm@openbsd.org	4ba0d54	2018-07-03 11:39:54 +0000	[diff] [blame]	1321	if ((r = sshbuf_consume(b, skip + 1)) != 0)
				1322	fatal("%s: consume: %s", __func__, ssh_err(r));
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	1323
				1324	/* put remaining data from buffer into packet */
djm@openbsd.org	4ba0d54	2018-07-03 11:39:54 +0000	[diff] [blame]	1325	if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_REQUEST)) != 0 \|\|
				1326	(r = sshpkt_putb(ssh, b)) != 0 \|\|
				1327	(r = sshpkt_send(ssh)) != 0)
				1328	fatal("%s: enqueue request: %s", __func__, ssh_err(r));
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	1329
djm@openbsd.org	4ba0d54	2018-07-03 11:39:54 +0000	[diff] [blame]	1330	/* success */
				1331	sent = 1;
				1332
				1333	out:
				1334	free(fp);
				1335	free(alg);
				1336	sshbuf_free(b);
				1337	freezero(signature, slen);
				1338	return sent;
Damien Miller	994cf14	2000-07-21 10:19:44 +1000	[diff] [blame]	1339	}
				1340
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	1341	static int
djm@openbsd.org	4ba0d54	2018-07-03 11:39:54 +0000	[diff] [blame]	1342	send_pubkey_test(struct ssh ssh, Authctxt authctxt, Identity *id)
Damien Miller	994cf14	2000-07-21 10:19:44 +1000	[diff] [blame]	1343	{
djm@openbsd.org	4ba0d54	2018-07-03 11:39:54 +0000	[diff] [blame]	1344	u_char *blob = NULL;
djm@openbsd.org	4ba0d54	2018-07-03 11:39:54 +0000	[diff] [blame]	1345	char *alg = NULL;
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	1346	size_t bloblen;
				1347	u_int have_sig = 0;
				1348	int sent = 0, r;
Damien Miller	994cf14	2000-07-21 10:19:44 +1000	[diff] [blame]	1349
djm@openbsd.org	4ba0d54	2018-07-03 11:39:54 +0000	[diff] [blame]	1350	if ((alg = key_sig_algorithm(ssh, id->key)) == NULL) {
				1351	debug("%s: no mutual signature algorithm", __func__);
				1352	goto out;
				1353	}
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	1354
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	1355	if ((r = sshkey_to_blob(id->key, &blob, &bloblen)) != 0) {
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	1356	/* we cannot handle this key */
djm@openbsd.org	4ba0d54	2018-07-03 11:39:54 +0000	[diff] [blame]	1357	debug3("%s: cannot handle key", __func__);
				1358	goto out;
Damien Miller	994cf14	2000-07-21 10:19:44 +1000	[diff] [blame]	1359	}
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	1360	/* register callback for USERAUTH_PK_OK message */
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	1361	ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_PK_OK, &input_userauth_pk_ok);
Damien Miller	994cf14	2000-07-21 10:19:44 +1000	[diff] [blame]	1362
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	1363	if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_REQUEST)) != 0 \|\|
				1364	(r = sshpkt_put_cstring(ssh, authctxt->server_user)) != 0 \|\|
				1365	(r = sshpkt_put_cstring(ssh, authctxt->service)) != 0 \|\|
				1366	(r = sshpkt_put_cstring(ssh, authctxt->method->name)) != 0 \|\|
				1367	(r = sshpkt_put_u8(ssh, have_sig)) != 0 \|\|
				1368	(r = sshpkt_put_cstring(ssh, alg)) != 0 \|\|
				1369	(r = sshpkt_put_string(ssh, blob, bloblen)) != 0 \|\|
				1370	(r = sshpkt_send(ssh)) != 0)
				1371	fatal("%s: %s", __func__, ssh_err(r));
djm@openbsd.org	4ba0d54	2018-07-03 11:39:54 +0000	[diff] [blame]	1372	sent = 1;
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	1373
				1374	out:
djm@openbsd.org	4ba0d54	2018-07-03 11:39:54 +0000	[diff] [blame]	1375	free(alg);
				1376	free(blob);
				1377	return sent;
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	1378	}
				1379
markus@openbsd.org	54d90ac	2017-05-30 08:52:19 +0000	[diff] [blame]	1380	static struct sshkey *
jcs@openbsd.org	f361df4	2015-11-15 22:26:49 +0000	[diff] [blame]	1381	load_identity_file(Identity *id)
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	1382	{
markus@openbsd.org	54d90ac	2017-05-30 08:52:19 +0000	[diff] [blame]	1383	struct sshkey *private = NULL;
jcs@openbsd.org	f361df4	2015-11-15 22:26:49 +0000	[diff] [blame]	1384	char prompt[300], passphrase, comment;
djm@openbsd.org	f14564c	2015-01-15 11:04:36 +0000	[diff] [blame]	1385	int r, perm_ok = 0, quit = 0, i;
Ben Lindstrom	329782e	2001-03-10 17:08:59 +0000	[diff] [blame]	1386	struct stat st;
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	1387
jcs@openbsd.org	f361df4	2015-11-15 22:26:49 +0000	[diff] [blame]	1388	if (stat(id->filename, &st) < 0) {
				1389	(id->userprovided ? logit : debug3)("no such identity: %s: %s",
				1390	id->filename, strerror(errno));
Ben Lindstrom	329782e	2001-03-10 17:08:59 +0000	[diff] [blame]	1391	return NULL;
				1392	}
djm@openbsd.org	141efe4	2015-01-14 20:05:27 +0000	[diff] [blame]	1393	snprintf(prompt, sizeof prompt,
jcs@openbsd.org	f361df4	2015-11-15 22:26:49 +0000	[diff] [blame]	1394	"Enter passphrase for key '%.100s': ", id->filename);
djm@openbsd.org	141efe4	2015-01-14 20:05:27 +0000	[diff] [blame]	1395	for (i = 0; i <= options.number_of_password_prompts; i++) {
				1396	if (i == 0)
				1397	passphrase = "";
				1398	else {
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	1399	passphrase = read_passphrase(prompt, 0);
djm@openbsd.org	141efe4	2015-01-14 20:05:27 +0000	[diff] [blame]	1400	if (*passphrase == '\0') {
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	1401	debug2("no passphrase given, try next key");
djm@openbsd.org	141efe4	2015-01-14 20:05:27 +0000	[diff] [blame]	1402	free(passphrase);
				1403	break;
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	1404	}
djm@openbsd.org	141efe4	2015-01-14 20:05:27 +0000	[diff] [blame]	1405	}
jcs@openbsd.org	f361df4	2015-11-15 22:26:49 +0000	[diff] [blame]	1406	switch ((r = sshkey_load_private_type(KEY_UNSPEC, id->filename,
				1407	passphrase, &private, &comment, &perm_ok))) {
djm@openbsd.org	141efe4	2015-01-14 20:05:27 +0000	[diff] [blame]	1408	case 0:
				1409	break;
				1410	case SSH_ERR_KEY_WRONG_PASSPHRASE:
				1411	if (options.batch_mode) {
				1412	quit = 1;
				1413	break;
				1414	}
djm@openbsd.org	f14564c	2015-01-15 11:04:36 +0000	[diff] [blame]	1415	if (i != 0)
				1416	debug2("bad passphrase given, try again...");
djm@openbsd.org	141efe4	2015-01-14 20:05:27 +0000	[diff] [blame]	1417	break;
				1418	case SSH_ERR_SYSTEM_ERROR:
				1419	if (errno == ENOENT) {
				1420	debug2("Load key \"%s\": %s",
jcs@openbsd.org	f361df4	2015-11-15 22:26:49 +0000	[diff] [blame]	1421	id->filename, ssh_err(r));
djm@openbsd.org	141efe4	2015-01-14 20:05:27 +0000	[diff] [blame]	1422	quit = 1;
				1423	break;
				1424	}
				1425	/* FALLTHROUGH */
				1426	default:
jcs@openbsd.org	f361df4	2015-11-15 22:26:49 +0000	[diff] [blame]	1427	error("Load key \"%s\": %s", id->filename, ssh_err(r));
djm@openbsd.org	141efe4	2015-01-14 20:05:27 +0000	[diff] [blame]	1428	quit = 1;
				1429	break;
				1430	}
djm@openbsd.org	6064a8b	2015-12-04 00:24:55 +0000	[diff] [blame]	1431	if (!quit && private != NULL && id->agent_fd == -1 &&
jcs@openbsd.org	f361df4	2015-11-15 22:26:49 +0000	[diff] [blame]	1432	!(id->key && id->isprivate))
				1433	maybe_add_key_to_agent(id->filename, private, comment,
				1434	passphrase);
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	1435	if (i > 0)
				1436	freezero(passphrase, strlen(passphrase));
mmcc@openbsd.org	d59ce08	2015-12-10 17:08:40 +0000	[diff] [blame]	1437	free(comment);
djm@openbsd.org	141efe4	2015-01-14 20:05:27 +0000	[diff] [blame]	1438	if (private != NULL \|\| quit)
				1439	break;
Damien Miller	994cf14	2000-07-21 10:19:44 +1000	[diff] [blame]	1440	}
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	1441	return private;
				1442	}
				1443
djm@openbsd.org	4ba0d54	2018-07-03 11:39:54 +0000	[diff] [blame]	1444	static int
				1445	key_type_allowed_by_config(struct sshkey *key)
				1446	{
				1447	if (match_pattern_list(sshkey_ssh_name(key),
				1448	options.pubkey_key_types, 0) == 1)
				1449	return 1;
				1450
				1451	/* RSA keys/certs might be allowed by alternate signature types */
				1452	switch (key->type) {
				1453	case KEY_RSA:
				1454	if (match_pattern_list("rsa-sha2-512",
				1455	options.pubkey_key_types, 0) == 1)
				1456	return 1;
				1457	if (match_pattern_list("rsa-sha2-256",
				1458	options.pubkey_key_types, 0) == 1)
				1459	return 1;
				1460	break;
				1461	case KEY_RSA_CERT:
				1462	if (match_pattern_list("rsa-sha2-512-cert-v01@openssh.com",
				1463	options.pubkey_key_types, 0) == 1)
				1464	return 1;
				1465	if (match_pattern_list("rsa-sha2-256-cert-v01@openssh.com",
				1466	options.pubkey_key_types, 0) == 1)
				1467	return 1;
				1468	break;
				1469	}
				1470	return 0;
				1471	}
				1472
				1473
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	1474	/*
				1475	* try keys in the following order:
djm@openbsd.org	4e44a79	2015-09-24 06:15:11 +0000	[diff] [blame]	1476	* 1. certificates listed in the config file
				1477	* 2. other input certificates
				1478	* 3. agent keys that are found in the config file
				1479	* 4. other agent keys
				1480	* 5. keys that are only listed in the config file
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	1481	*/
				1482	static void
				1483	pubkey_prepare(Authctxt *authctxt)
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	1484	{
djm@openbsd.org	141efe4	2015-01-14 20:05:27 +0000	[diff] [blame]	1485	struct identity id, id2, *tmp;
				1486	struct idlist agent, files, *preferred;
				1487	struct sshkey *key;
djm@openbsd.org	6064a8b	2015-12-04 00:24:55 +0000	[diff] [blame]	1488	int agent_fd = -1, i, r, found;
djm@openbsd.org	141efe4	2015-01-14 20:05:27 +0000	[diff] [blame]	1489	size_t j;
				1490	struct ssh_identitylist *idlist;
djm@openbsd.org	beb9e52	2018-09-14 05:26:27 +0000	[diff] [blame]	1491	char *ident;
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	1492
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	1493	TAILQ_INIT(&agent); /* keys from the agent */
				1494	TAILQ_INIT(&files); /* keys from the config file */
				1495	preferred = &authctxt->keys;
				1496	TAILQ_INIT(preferred); /* preferred order of keys */
				1497
Damien Miller	cb6b68b	2012-12-03 09:49:52 +1100	[diff] [blame]	1498	/* list of keys stored in the filesystem and PKCS#11 */
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	1499	for (i = 0; i < options.num_identity_files; i++) {
				1500	key = options.identity_keys[i];
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1501	if (key && key->cert && key->cert->type != SSH2_CERT_TYPE_USER)
				1502	continue;
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	1503	options.identity_keys[i] = NULL;
Damien Miller	07d86be	2006-03-26 14:19:21 +1100	[diff] [blame]	1504	id = xcalloc(1, sizeof(*id));
djm@openbsd.org	6064a8b	2015-12-04 00:24:55 +0000	[diff] [blame]	1505	id->agent_fd = -1;
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	1506	id->key = key;
				1507	id->filename = xstrdup(options.identity_files[i]);
Darren Tucker	1910478	2013-04-05 11:13:08 +1100	[diff] [blame]	1508	id->userprovided = options.identity_file_userprovided[i];
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	1509	TAILQ_INSERT_TAIL(&files, id, next);
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	1510	}
djm@openbsd.org	4e44a79	2015-09-24 06:15:11 +0000	[diff] [blame]	1511	/* list of certificates specified by user */
				1512	for (i = 0; i < options.num_certificate_files; i++) {
				1513	key = options.certificates[i];
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	1514	if (!sshkey_is_cert(key) \|\| key->cert == NULL \|\|
djm@openbsd.org	4e44a79	2015-09-24 06:15:11 +0000	[diff] [blame]	1515	key->cert->type != SSH2_CERT_TYPE_USER)
				1516	continue;
				1517	id = xcalloc(1, sizeof(*id));
djm@openbsd.org	6064a8b	2015-12-04 00:24:55 +0000	[diff] [blame]	1518	id->agent_fd = -1;
djm@openbsd.org	4e44a79	2015-09-24 06:15:11 +0000	[diff] [blame]	1519	id->key = key;
				1520	id->filename = xstrdup(options.certificate_files[i]);
				1521	id->userprovided = options.certificate_file_userprovided[i];
				1522	TAILQ_INSERT_TAIL(preferred, id, next);
				1523	}
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	1524	/* list of keys supported by the agent */
djm@openbsd.org	141efe4	2015-01-14 20:05:27 +0000	[diff] [blame]	1525	if ((r = ssh_get_authentication_socket(&agent_fd)) != 0) {
				1526	if (r != SSH_ERR_AGENT_NOT_PRESENT)
				1527	debug("%s: ssh_get_authentication_socket: %s",
				1528	__func__, ssh_err(r));
naddy@openbsd.org	3e371bd	2017-05-05 10:42:49 +0000	[diff] [blame]	1529	} else if ((r = ssh_fetch_identitylist(agent_fd, &idlist)) != 0) {
djm@openbsd.org	141efe4	2015-01-14 20:05:27 +0000	[diff] [blame]	1530	if (r != SSH_ERR_AGENT_NO_IDENTITIES)
				1531	debug("%s: ssh_fetch_identitylist: %s",
				1532	__func__, ssh_err(r));
markus@openbsd.org	fc77ccd	2016-01-14 22:56:56 +0000	[diff] [blame]	1533	close(agent_fd);
djm@openbsd.org	141efe4	2015-01-14 20:05:27 +0000	[diff] [blame]	1534	} else {
				1535	for (j = 0; j < idlist->nkeys; j++) {
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	1536	found = 0;
				1537	TAILQ_FOREACH(id, &files, next) {
djm@openbsd.org	141efe4	2015-01-14 20:05:27 +0000	[diff] [blame]	1538	/*
				1539	* agent keys from the config file are
				1540	* preferred
				1541	*/
				1542	if (sshkey_equal(idlist->keys[j], id->key)) {
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	1543	TAILQ_REMOVE(&files, id, next);
				1544	TAILQ_INSERT_TAIL(preferred, id, next);
djm@openbsd.org	141efe4	2015-01-14 20:05:27 +0000	[diff] [blame]	1545	id->agent_fd = agent_fd;
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	1546	found = 1;
				1547	break;
				1548	}
				1549	}
Damien Miller	bd394c3	2004-03-08 23:12:36 +1100	[diff] [blame]	1550	if (!found && !options.identities_only) {
Damien Miller	07d86be	2006-03-26 14:19:21 +1100	[diff] [blame]	1551	id = xcalloc(1, sizeof(*id));
djm@openbsd.org	141efe4	2015-01-14 20:05:27 +0000	[diff] [blame]	1552	/* XXX "steals" key/comment from idlist */
				1553	id->key = idlist->keys[j];
				1554	id->filename = idlist->comments[j];
				1555	idlist->keys[j] = NULL;
				1556	idlist->comments[j] = NULL;
				1557	id->agent_fd = agent_fd;
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	1558	TAILQ_INSERT_TAIL(&agent, id, next);
				1559	}
				1560	}
djm@openbsd.org	141efe4	2015-01-14 20:05:27 +0000	[diff] [blame]	1561	ssh_free_identitylist(idlist);
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	1562	/* append remaining agent keys */
				1563	for (id = TAILQ_FIRST(&agent); id; id = TAILQ_FIRST(&agent)) {
				1564	TAILQ_REMOVE(&agent, id, next);
				1565	TAILQ_INSERT_TAIL(preferred, id, next);
				1566	}
djm@openbsd.org	141efe4	2015-01-14 20:05:27 +0000	[diff] [blame]	1567	authctxt->agent_fd = agent_fd;
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	1568	}
djm@openbsd.org	82f24c3	2016-05-23 23:30:50 +0000	[diff] [blame]	1569	/* Prefer PKCS11 keys that are explicitly listed */
				1570	TAILQ_FOREACH_SAFE(id, &files, next, tmp) {
				1571	if (id->key == NULL \|\| (id->key->flags & SSHKEY_FLAG_EXT) == 0)
				1572	continue;
				1573	found = 0;
				1574	TAILQ_FOREACH(id2, &files, next) {
				1575	if (id2->key == NULL \|\|
				1576	(id2->key->flags & SSHKEY_FLAG_EXT) == 0)
				1577	continue;
				1578	if (sshkey_equal(id->key, id2->key)) {
				1579	TAILQ_REMOVE(&files, id, next);
				1580	TAILQ_INSERT_TAIL(preferred, id, next);
				1581	found = 1;
				1582	break;
				1583	}
				1584	}
				1585	/* If IdentitiesOnly set and key not found then don't use it */
				1586	if (!found && options.identities_only) {
				1587	TAILQ_REMOVE(&files, id, next);
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	1588	freezero(id, sizeof(*id));
djm@openbsd.org	82f24c3	2016-05-23 23:30:50 +0000	[diff] [blame]	1589	}
				1590	}
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	1591	/* append remaining keys from the config file */
				1592	for (id = TAILQ_FIRST(&files); id; id = TAILQ_FIRST(&files)) {
				1593	TAILQ_REMOVE(&files, id, next);
				1594	TAILQ_INSERT_TAIL(preferred, id, next);
				1595	}
djm@openbsd.org	e679c09	2015-10-13 16:15:21 +0000	[diff] [blame]	1596	/* finally, filter by PubkeyAcceptedKeyTypes */
				1597	TAILQ_FOREACH_SAFE(id, preferred, next, id2) {
djm@openbsd.org	d78b75d	2018-07-03 13:07:58 +0000	[diff] [blame]	1598	if (id->key != NULL && !key_type_allowed_by_config(id->key)) {
djm@openbsd.org	e679c09	2015-10-13 16:15:21 +0000	[diff] [blame]	1599	debug("Skipping %s key %s - "
				1600	"not in PubkeyAcceptedKeyTypes",
				1601	sshkey_ssh_name(id->key), id->filename);
				1602	TAILQ_REMOVE(preferred, id, next);
				1603	sshkey_free(id->key);
				1604	free(id->filename);
				1605	memset(id, 0, sizeof(*id));
				1606	continue;
				1607	}
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	1608	}
djm@openbsd.org	beb9e52	2018-09-14 05:26:27 +0000	[diff] [blame]	1609	/* List the keys we plan on using */
				1610	TAILQ_FOREACH_SAFE(id, preferred, next, id2) {
				1611	ident = format_identity(id);
				1612	debug("Will attempt key: %s", ident);
				1613	free(ident);
				1614	}
				1615	debug2("%s: done", __func__);
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	1616	}
				1617
				1618	static void
				1619	pubkey_cleanup(Authctxt *authctxt)
				1620	{
				1621	Identity *id;
				1622
djm@openbsd.org	aaed635	2018-11-16 02:46:20 +0000	[diff] [blame]	1623	if (authctxt->agent_fd != -1) {
djm@openbsd.org	141efe4	2015-01-14 20:05:27 +0000	[diff] [blame]	1624	ssh_close_authentication_socket(authctxt->agent_fd);
djm@openbsd.org	aaed635	2018-11-16 02:46:20 +0000	[diff] [blame]	1625	authctxt->agent_fd = -1;
				1626	}
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	1627	for (id = TAILQ_FIRST(&authctxt->keys); id;
				1628	id = TAILQ_FIRST(&authctxt->keys)) {
				1629	TAILQ_REMOVE(&authctxt->keys, id, next);
mmcc@openbsd.org	89540b6	2015-12-11 02:31:47 +0000	[diff] [blame]	1630	sshkey_free(id->key);
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	1631	free(id->filename);
				1632	free(id);
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	1633	}
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	1634	}
				1635
djm@openbsd.org	b9844a4	2016-12-04 23:54:02 +0000	[diff] [blame]	1636	static void
				1637	pubkey_reset(Authctxt *authctxt)
				1638	{
				1639	Identity *id;
				1640
				1641	TAILQ_FOREACH(id, &authctxt->keys, next)
				1642	id->tried = 0;
				1643	}
				1644
markus@openbsd.org	3a1638d	2015-07-10 06:21:53 +0000	[diff] [blame]	1645	static int
				1646	try_identity(Identity *id)
				1647	{
				1648	if (!id->key)
				1649	return (0);
markus@openbsd.org	5467fbc	2018-07-11 18:53:29 +0000	[diff] [blame]	1650	if (sshkey_type_plain(id->key->type) == KEY_RSA &&
markus@openbsd.org	3a1638d	2015-07-10 06:21:53 +0000	[diff] [blame]	1651	(datafellows & SSH_BUG_RSASIGMD5) != 0) {
				1652	debug("Skipped %s key %s for RSA/MD5 server",
markus@openbsd.org	5467fbc	2018-07-11 18:53:29 +0000	[diff] [blame]	1653	sshkey_type(id->key), id->filename);
markus@openbsd.org	3a1638d	2015-07-10 06:21:53 +0000	[diff] [blame]	1654	return (0);
				1655	}
djm@openbsd.org	873d3e7	2017-04-30 23:18:44 +0000	[diff] [blame]	1656	return 1;
markus@openbsd.org	3a1638d	2015-07-10 06:21:53 +0000	[diff] [blame]	1657	}
				1658
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	1659	int
				1660	userauth_pubkey(Authctxt *authctxt)
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	1661	{
djm@openbsd.org	4ba0d54	2018-07-03 11:39:54 +0000	[diff] [blame]	1662	struct ssh ssh = active_state; / XXX */
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	1663	Identity *id;
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	1664	int sent = 0;
djm@openbsd.org	beb9e52	2018-09-14 05:26:27 +0000	[diff] [blame]	1665	char *ident;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	1666
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	1667	while ((id = TAILQ_FIRST(&authctxt->keys))) {
				1668	if (id->tried++)
				1669	return (0);
Darren Tucker	d05b601	2003-10-15 15:55:59 +1000	[diff] [blame]	1670	/* move key to the end of the queue */
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	1671	TAILQ_REMOVE(&authctxt->keys, id, next);
				1672	TAILQ_INSERT_TAIL(&authctxt->keys, id, next);
				1673	/*
				1674	* send a test message if we have the public key. for
				1675	* encrypted keys we cannot do this and have to load the
				1676	* private key instead
				1677	*/
Damien Miller	324541e	2013-12-31 12:25:40 +1100	[diff] [blame]	1678	if (id->key != NULL) {
markus@openbsd.org	3a1638d	2015-07-10 06:21:53 +0000	[diff] [blame]	1679	if (try_identity(id)) {
djm@openbsd.org	beb9e52	2018-09-14 05:26:27 +0000	[diff] [blame]	1680	ident = format_identity(id);
				1681	debug("Offering public key: %s", ident);
				1682	free(ident);
djm@openbsd.org	4ba0d54	2018-07-03 11:39:54 +0000	[diff] [blame]	1683	sent = send_pubkey_test(ssh, authctxt, id);
Damien Miller	324541e	2013-12-31 12:25:40 +1100	[diff] [blame]	1684	}
				1685	} else {
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	1686	debug("Trying private key: %s", id->filename);
jcs@openbsd.org	f361df4	2015-11-15 22:26:49 +0000	[diff] [blame]	1687	id->key = load_identity_file(id);
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	1688	if (id->key != NULL) {
markus@openbsd.org	3a1638d	2015-07-10 06:21:53 +0000	[diff] [blame]	1689	if (try_identity(id)) {
				1690	id->isprivate = 1;
djm@openbsd.org	4ba0d54	2018-07-03 11:39:54 +0000	[diff] [blame]	1691	sent = sign_and_send_pubkey(ssh,
Damien Miller	324541e	2013-12-31 12:25:40 +1100	[diff] [blame]	1692	authctxt, id);
				1693	}
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	1694	sshkey_free(id->key);
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	1695	id->key = NULL;
djm@openbsd.org	b9844a4	2016-12-04 23:54:02 +0000	[diff] [blame]	1696	id->isprivate = 0;
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	1697	}
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	1698	}
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	1699	if (sent)
				1700	return (sent);
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1701	}
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	1702	return (0);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	1703	}
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	1704
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	1705	/*
				1706	* Send userauth request message specifying keyboard-interactive method.
				1707	*/
				1708	int
				1709	userauth_kbdint(Authctxt *authctxt)
				1710	{
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	1711	struct ssh ssh = active_state; / XXX */
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	1712	static int attempt = 0;
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	1713	int r;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	1714
				1715	if (attempt++ >= options.number_of_password_prompts)
				1716	return 0;
Ben Lindstrom	7d19996	2001-09-12 18:29:00 +0000	[diff] [blame]	1717	/* disable if no SSH2_MSG_USERAUTH_INFO_REQUEST has been seen */
				1718	if (attempt > 1 && !authctxt->info_req_seen) {
				1719	debug3("userauth_kbdint: disable: no info_req_seen");
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	1720	ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_INFO_REQUEST, NULL);
Ben Lindstrom	7d19996	2001-09-12 18:29:00 +0000	[diff] [blame]	1721	return 0;
				1722	}
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	1723
				1724	debug2("userauth_kbdint");
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	1725	if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_REQUEST)) != 0 \|\|
				1726	(r = sshpkt_put_cstring(ssh, authctxt->server_user)) != 0 \|\|
				1727	(r = sshpkt_put_cstring(ssh, authctxt->service)) != 0 \|\|
				1728	(r = sshpkt_put_cstring(ssh, authctxt->method->name)) != 0 \|\|
				1729	(r = sshpkt_put_cstring(ssh, "")) != 0 \|\| /* lang */
				1730	(r = sshpkt_put_cstring(ssh, options.kbd_interactive_devices ?
				1731	options.kbd_interactive_devices : "")) != 0 \|\|
				1732	(r = sshpkt_send(ssh)) != 0)
				1733	fatal("%s: %s", __func__, ssh_err(r));
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	1734
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	1735	ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_INFO_REQUEST, &input_userauth_info_req);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	1736	return 1;
				1737	}
				1738
				1739	/*
Ben Lindstrom	03df5bd	2001-02-10 22:16:41 +0000	[diff] [blame]	1740	* parse INFO_REQUEST, prompt user and send INFO_RESPONSE
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	1741	*/
markus@openbsd.org	3fdc88a	2015-01-19 20:07:45 +0000	[diff] [blame]	1742	int
markus@openbsd.org	2ae666a	2017-05-30 14:23:52 +0000	[diff] [blame]	1743	input_userauth_info_req(int type, u_int32_t seq, struct ssh *ssh)
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	1744	{
markus@openbsd.org	94583be	2017-05-30 14:19:15 +0000	[diff] [blame]	1745	Authctxt *authctxt = ssh->authctxt;
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	1746	char name = NULL, inst = NULL, lang = NULL, prompt = NULL;
				1747	char *response = NULL;
				1748	u_char echo = 0;
Ben Lindstrom	46c1622	2000-12-22 01:43:59 +0000	[diff] [blame]	1749	u_int num_prompts, i;
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	1750	int r;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	1751
				1752	debug2("input_userauth_info_req");
				1753
				1754	if (authctxt == NULL)
				1755	fatal("input_userauth_info_req: no authentication context");
				1756
Ben Lindstrom	7d19996	2001-09-12 18:29:00 +0000	[diff] [blame]	1757	authctxt->info_req_seen = 1;
				1758
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	1759	if ((r = sshpkt_get_cstring(ssh, &name, NULL)) != 0 \|\|
				1760	(r = sshpkt_get_cstring(ssh, &inst, NULL)) != 0 \|\|
				1761	(r = sshpkt_get_cstring(ssh, &lang, NULL)) != 0)
				1762	goto out;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	1763	if (strlen(name) > 0)
Damien Miller	996acd2	2003-04-09 20:59:48 +1000	[diff] [blame]	1764	logit("%s", name);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	1765	if (strlen(inst) > 0)
Damien Miller	996acd2	2003-04-09 20:59:48 +1000	[diff] [blame]	1766	logit("%s", inst);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	1767
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	1768	if ((r = sshpkt_get_u32(ssh, &num_prompts)) != 0)
				1769	goto out;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	1770	/*
				1771	* Begin to build info response packet based on prompts requested.
				1772	* We commit to providing the correct number of responses, so if
				1773	* further on we run into a problem that prevents this, we have to
				1774	* be sure and clean this up and send a correct error response.
				1775	*/
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	1776	if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_INFO_RESPONSE)) != 0 \|\|
				1777	(r = sshpkt_put_u32(ssh, num_prompts)) != 0)
				1778	goto out;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	1779
Ben Lindstrom	551ea37	2001-06-05 18:56:16 +0000	[diff] [blame]	1780	debug2("input_userauth_info_req: num_prompts %d", num_prompts);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	1781	for (i = 0; i < num_prompts; i++) {
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	1782	if ((r = sshpkt_get_cstring(ssh, &prompt, NULL)) != 0 \|\|
				1783	(r = sshpkt_get_u8(ssh, &echo)) != 0)
				1784	goto out;
Ben Lindstrom	949974b	2001-06-25 05:20:31 +0000	[diff] [blame]	1785	response = read_passphrase(prompt, echo ? RP_ECHO : 0);
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	1786	if ((r = sshpkt_put_cstring(ssh, response)) != 0)
				1787	goto out;
				1788	freezero(response, strlen(response));
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	1789	free(prompt);
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	1790	response = prompt = NULL;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	1791	}
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	1792	/* done with parsing incoming message. */
				1793	if ((r = sshpkt_get_end(ssh)) != 0 \|\|
				1794	(r = sshpkt_add_padding(ssh, 64)) != 0)
				1795	goto out;
				1796	r = sshpkt_send(ssh);
				1797	out:
				1798	if (response)
				1799	freezero(response, strlen(response));
				1800	free(prompt);
				1801	free(name);
				1802	free(inst);
				1803	free(lang);
				1804	return r;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	1805	}
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	1806
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	1807	static int
djm@openbsd.org	46347ed	2015-01-30 11:43:14 +0000	[diff] [blame]	1808	ssh_keysign(struct sshkey key, u_char sigp, size_t lenp,
				1809	const u_char *data, size_t datalen)
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	1810	{
djm@openbsd.org	46347ed	2015-01-30 11:43:14 +0000	[diff] [blame]	1811	struct sshbuf *b;
Ben Lindstrom	5206b95	2002-06-06 19:59:29 +0000	[diff] [blame]	1812	struct stat st;
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	1813	pid_t pid;
djm@openbsd.org	46347ed	2015-01-30 11:43:14 +0000	[diff] [blame]	1814	int i, r, to[2], from[2], status, sock = packet_get_connection_in();
				1815	u_char rversion = 0, version = 2;
				1816	void (*osigchld)(int);
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	1817
djm@openbsd.org	46347ed	2015-01-30 11:43:14 +0000	[diff] [blame]	1818	*sigp = NULL;
				1819	*lenp = 0;
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	1820
Ben Lindstrom	5206b95	2002-06-06 19:59:29 +0000	[diff] [blame]	1821	if (stat(_PATH_SSH_KEY_SIGN, &st) < 0) {
djm@openbsd.org	46347ed	2015-01-30 11:43:14 +0000	[diff] [blame]	1822	error("%s: not installed: %s", __func__, strerror(errno));
Ben Lindstrom	5206b95	2002-06-06 19:59:29 +0000	[diff] [blame]	1823	return -1;
				1824	}
djm@openbsd.org	46347ed	2015-01-30 11:43:14 +0000	[diff] [blame]	1825	if (fflush(stdout) != 0) {
				1826	error("%s: fflush: %s", __func__, strerror(errno));
				1827	return -1;
				1828	}
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	1829	if (pipe(to) < 0) {
djm@openbsd.org	46347ed	2015-01-30 11:43:14 +0000	[diff] [blame]	1830	error("%s: pipe: %s", __func__, strerror(errno));
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	1831	return -1;
				1832	}
				1833	if (pipe(from) < 0) {
djm@openbsd.org	46347ed	2015-01-30 11:43:14 +0000	[diff] [blame]	1834	error("%s: pipe: %s", __func__, strerror(errno));
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	1835	return -1;
				1836	}
				1837	if ((pid = fork()) < 0) {
djm@openbsd.org	46347ed	2015-01-30 11:43:14 +0000	[diff] [blame]	1838	error("%s: fork: %s", __func__, strerror(errno));
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	1839	return -1;
				1840	}
djm@openbsd.org	46347ed	2015-01-30 11:43:14 +0000	[diff] [blame]	1841	osigchld = signal(SIGCHLD, SIG_DFL);
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	1842	if (pid == 0) {
Darren Tucker	6e7fe1c	2010-01-08 17:07:22 +1100	[diff] [blame]	1843	/* keep the socket on exec */
djm@openbsd.org	46347ed	2015-01-30 11:43:14 +0000	[diff] [blame]	1844	fcntl(sock, F_SETFD, 0);
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	1845	close(from[0]);
				1846	if (dup2(from[1], STDOUT_FILENO) < 0)
djm@openbsd.org	46347ed	2015-01-30 11:43:14 +0000	[diff] [blame]	1847	fatal("%s: dup2: %s", __func__, strerror(errno));
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	1848	close(to[1]);
				1849	if (dup2(to[0], STDIN_FILENO) < 0)
djm@openbsd.org	46347ed	2015-01-30 11:43:14 +0000	[diff] [blame]	1850	fatal("%s: dup2: %s", __func__, strerror(errno));
Ben Lindstrom	cec2ea8	2002-06-06 20:51:04 +0000	[diff] [blame]	1851	close(from[1]);
				1852	close(to[0]);
djm@openbsd.org	46347ed	2015-01-30 11:43:14 +0000	[diff] [blame]	1853	/* Close everything but stdio and the socket */
				1854	for (i = STDERR_FILENO + 1; i < sock; i++)
				1855	close(i);
				1856	closefrom(sock + 1);
				1857	debug3("%s: [child] pid=%ld, exec %s",
				1858	__func__, (long)getpid(), _PATH_SSH_KEY_SIGN);
mmcc@openbsd.org	94141b7	2015-12-11 00:20:04 +0000	[diff] [blame]	1859	execl(_PATH_SSH_KEY_SIGN, _PATH_SSH_KEY_SIGN, (char *)NULL);
djm@openbsd.org	46347ed	2015-01-30 11:43:14 +0000	[diff] [blame]	1860	fatal("%s: exec(%s): %s", __func__, _PATH_SSH_KEY_SIGN,
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	1861	strerror(errno));
				1862	}
				1863	close(from[1]);
				1864	close(to[0]);
				1865
djm@openbsd.org	46347ed	2015-01-30 11:43:14 +0000	[diff] [blame]	1866	if ((b = sshbuf_new()) == NULL)
				1867	fatal("%s: sshbuf_new failed", __func__);
				1868	/* send # of sock, data to be signed */
djm@openbsd.org	326e2fa	2017-01-30 00:32:28 +0000	[diff] [blame]	1869	if ((r = sshbuf_put_u32(b, sock)) != 0 \|\|
djm@openbsd.org	46347ed	2015-01-30 11:43:14 +0000	[diff] [blame]	1870	(r = sshbuf_put_string(b, data, datalen)) != 0)
				1871	fatal("%s: buffer error: %s", __func__, ssh_err(r));
				1872	if (ssh_msg_send(to[1], version, b) == -1)
				1873	fatal("%s: couldn't send request", __func__);
				1874	sshbuf_reset(b);
				1875	r = ssh_msg_recv(from[0], b);
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	1876	close(from[0]);
				1877	close(to[1]);
djm@openbsd.org	46347ed	2015-01-30 11:43:14 +0000	[diff] [blame]	1878	if (r < 0) {
				1879	error("%s: no reply", __func__);
				1880	goto fail;
				1881	}
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	1882
djm@openbsd.org	46347ed	2015-01-30 11:43:14 +0000	[diff] [blame]	1883	errno = 0;
				1884	while (waitpid(pid, &status, 0) < 0) {
				1885	if (errno != EINTR) {
				1886	error("%s: waitpid %ld: %s",
				1887	__func__, (long)pid, strerror(errno));
				1888	goto fail;
				1889	}
				1890	}
				1891	if (!WIFEXITED(status)) {
				1892	error("%s: exited abnormally", __func__);
				1893	goto fail;
				1894	}
				1895	if (WEXITSTATUS(status) != 0) {
				1896	error("%s: exited with status %d",
				1897	__func__, WEXITSTATUS(status));
				1898	goto fail;
				1899	}
				1900	if ((r = sshbuf_get_u8(b, &rversion)) != 0) {
				1901	error("%s: buffer error: %s", __func__, ssh_err(r));
				1902	goto fail;
				1903	}
				1904	if (rversion != version) {
				1905	error("%s: bad version", __func__);
				1906	goto fail;
				1907	}
				1908	if ((r = sshbuf_get_string(b, sigp, lenp)) != 0) {
				1909	error("%s: buffer error: %s", __func__, ssh_err(r));
				1910	fail:
				1911	signal(SIGCHLD, osigchld);
				1912	sshbuf_free(b);
Ben Lindstrom	5206b95	2002-06-06 19:59:29 +0000	[diff] [blame]	1913	return -1;
				1914	}
djm@openbsd.org	46347ed	2015-01-30 11:43:14 +0000	[diff] [blame]	1915	signal(SIGCHLD, osigchld);
				1916	sshbuf_free(b);
Ben Lindstrom	5206b95	2002-06-06 19:59:29 +0000	[diff] [blame]	1917
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	1918	return 0;
				1919	}
				1920
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	1921	int
				1922	userauth_hostbased(Authctxt *authctxt)
				1923	{
djm@openbsd.org	4ba0d54	2018-07-03 11:39:54 +0000	[diff] [blame]	1924	struct ssh ssh = active_state; / XXX */
djm@openbsd.org	46347ed	2015-01-30 11:43:14 +0000	[diff] [blame]	1925	struct sshkey *private = NULL;
				1926	struct sshbuf *b = NULL;
djm@openbsd.org	46347ed	2015-01-30 11:43:14 +0000	[diff] [blame]	1927	u_char sig = NULL, keyblob = NULL;
				1928	char fp = NULL, chost = NULL, *lname = NULL;
				1929	size_t siglen = 0, keylen = 0;
				1930	int i, r, success = 0;
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	1931
djm@openbsd.org	46347ed	2015-01-30 11:43:14 +0000	[diff] [blame]	1932	if (authctxt->ktypes == NULL) {
				1933	authctxt->oktypes = xstrdup(options.hostbased_key_types);
				1934	authctxt->ktypes = authctxt->oktypes;
				1935	}
djm@openbsd.org	1195f4c	2015-01-08 10:14:08 +0000	[diff] [blame]	1936
djm@openbsd.org	46347ed	2015-01-30 11:43:14 +0000	[diff] [blame]	1937	/*
				1938	* Work through each listed type pattern in HostbasedKeyTypes,
				1939	* trying each hostkey that matches the type in turn.
				1940	*/
				1941	for (;;) {
				1942	if (authctxt->active_ktype == NULL)
				1943	authctxt->active_ktype = strsep(&authctxt->ktypes, ",");
				1944	if (authctxt->active_ktype == NULL \|\|
				1945	*authctxt->active_ktype == '\0')
				1946	break;
				1947	debug3("%s: trying key type %s", __func__,
				1948	authctxt->active_ktype);
				1949
				1950	/* check for a useful key */
				1951	private = NULL;
				1952	for (i = 0; i < authctxt->sensitive->nkeys; i++) {
				1953	if (authctxt->sensitive->keys[i] == NULL \|\|
djm@openbsd.org	46347ed	2015-01-30 11:43:14 +0000	[diff] [blame]	1954	authctxt->sensitive->keys[i]->type == KEY_UNSPEC)
				1955	continue;
				1956	if (match_pattern_list(
				1957	sshkey_ssh_name(authctxt->sensitive->keys[i]),
djm@openbsd.org	e661a86	2015-05-04 06:10:48 +0000	[diff] [blame]	1958	authctxt->active_ktype, 0) != 1)
djm@openbsd.org	46347ed	2015-01-30 11:43:14 +0000	[diff] [blame]	1959	continue;
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	1960	/* we take and free the key */
djm@openbsd.org	46347ed	2015-01-30 11:43:14 +0000	[diff] [blame]	1961	private = authctxt->sensitive->keys[i];
				1962	authctxt->sensitive->keys[i] = NULL;
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	1963	break;
				1964	}
djm@openbsd.org	46347ed	2015-01-30 11:43:14 +0000	[diff] [blame]	1965	/* Found one */
				1966	if (private != NULL)
				1967	break;
				1968	/* No more keys of this type; advance */
				1969	authctxt->active_ktype = NULL;
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	1970	}
djm@openbsd.org	46347ed	2015-01-30 11:43:14 +0000	[diff] [blame]	1971	if (private == NULL) {
				1972	free(authctxt->oktypes);
				1973	authctxt->oktypes = authctxt->ktypes = NULL;
				1974	authctxt->active_ktype = NULL;
Ben Lindstrom	1d568f9	2002-12-23 02:44:36 +0000	[diff] [blame]	1975	debug("No more client hostkeys for hostbased authentication.");
djm@openbsd.org	46347ed	2015-01-30 11:43:14 +0000	[diff] [blame]	1976	goto out;
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	1977	}
djm@openbsd.org	17bf3d8	2014-12-11 05:13:28 +0000	[diff] [blame]	1978
djm@openbsd.org	46347ed	2015-01-30 11:43:14 +0000	[diff] [blame]	1979	if ((fp = sshkey_fingerprint(private, options.fingerprint_hash,
				1980	SSH_FP_DEFAULT)) == NULL) {
				1981	error("%s: sshkey_fingerprint failed", __func__);
				1982	goto out;
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	1983	}
djm@openbsd.org	46347ed	2015-01-30 11:43:14 +0000	[diff] [blame]	1984	debug("%s: trying hostkey %s %s",
				1985	__func__, sshkey_ssh_name(private), fp);
djm@openbsd.org	17bf3d8	2014-12-11 05:13:28 +0000	[diff] [blame]	1986
Damien Miller	91c1847	2001-11-12 11:02:03 +1100	[diff] [blame]	1987	/* figure out a name for the client host */
djm@openbsd.org	46347ed	2015-01-30 11:43:14 +0000	[diff] [blame]	1988	if ((lname = get_local_name(packet_get_connection_in())) == NULL) {
				1989	error("%s: cannot get local ipaddr/name", __func__);
				1990	goto out;
Damien Miller	91c1847	2001-11-12 11:02:03 +1100	[diff] [blame]	1991	}
djm@openbsd.org	46347ed	2015-01-30 11:43:14 +0000	[diff] [blame]	1992
				1993	/* XXX sshbuf_put_stringf? */
				1994	xasprintf(&chost, "%s.", lname);
				1995	debug2("%s: chost %s", __func__, chost);
Damien Miller	91c1847	2001-11-12 11:02:03 +1100	[diff] [blame]	1996
djm@openbsd.org	46347ed	2015-01-30 11:43:14 +0000	[diff] [blame]	1997	/* construct data */
				1998	if ((b = sshbuf_new()) == NULL) {
				1999	error("%s: sshbuf_new failed", __func__);
				2000	goto out;
				2001	}
				2002	if ((r = sshkey_to_blob(private, &keyblob, &keylen)) != 0) {
				2003	error("%s: sshkey_to_blob: %s", __func__, ssh_err(r));
				2004	goto out;
				2005	}
				2006	if ((r = sshbuf_put_string(b, session_id2, session_id2_len)) != 0 \|\|
				2007	(r = sshbuf_put_u8(b, SSH2_MSG_USERAUTH_REQUEST)) != 0 \|\|
				2008	(r = sshbuf_put_cstring(b, authctxt->server_user)) != 0 \|\|
djm@openbsd.org	14b5c63	2018-01-23 05:27:21 +0000	[diff] [blame]	2009	(r = sshbuf_put_cstring(b, authctxt->service)) != 0 \|\|
djm@openbsd.org	46347ed	2015-01-30 11:43:14 +0000	[diff] [blame]	2010	(r = sshbuf_put_cstring(b, authctxt->method->name)) != 0 \|\|
markus@openbsd.org	5467fbc	2018-07-11 18:53:29 +0000	[diff] [blame]	2011	(r = sshbuf_put_cstring(b, sshkey_ssh_name(private))) != 0 \|\|
djm@openbsd.org	46347ed	2015-01-30 11:43:14 +0000	[diff] [blame]	2012	(r = sshbuf_put_string(b, keyblob, keylen)) != 0 \|\|
				2013	(r = sshbuf_put_cstring(b, chost)) != 0 \|\|
				2014	(r = sshbuf_put_cstring(b, authctxt->local_user)) != 0) {
				2015	error("%s: buffer error: %s", __func__, ssh_err(r));
				2016	goto out;
				2017	}
				2018
				2019	#ifdef DEBUG_PK
				2020	sshbuf_dump(b, stderr);
				2021	#endif
dtucker@openbsd.org	26efc2f	2018-07-16 11:05:41 +0000	[diff] [blame]	2022	r = ssh_keysign(private, &sig, &siglen,
				2023	sshbuf_ptr(b), sshbuf_len(b));
djm@openbsd.org	46347ed	2015-01-30 11:43:14 +0000	[diff] [blame]	2024	if (r != 0) {
				2025	error("sign using hostkey %s %s failed",
				2026	sshkey_ssh_name(private), fp);
				2027	goto out;
				2028	}
				2029	if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_REQUEST)) != 0 \|\|
				2030	(r = sshpkt_put_cstring(ssh, authctxt->server_user)) != 0 \|\|
				2031	(r = sshpkt_put_cstring(ssh, authctxt->service)) != 0 \|\|
				2032	(r = sshpkt_put_cstring(ssh, authctxt->method->name)) != 0 \|\|
markus@openbsd.org	5467fbc	2018-07-11 18:53:29 +0000	[diff] [blame]	2033	(r = sshpkt_put_cstring(ssh, sshkey_ssh_name(private))) != 0 \|\|
djm@openbsd.org	46347ed	2015-01-30 11:43:14 +0000	[diff] [blame]	2034	(r = sshpkt_put_string(ssh, keyblob, keylen)) != 0 \|\|
				2035	(r = sshpkt_put_cstring(ssh, chost)) != 0 \|\|
				2036	(r = sshpkt_put_cstring(ssh, authctxt->local_user)) != 0 \|\|
				2037	(r = sshpkt_put_string(ssh, sig, siglen)) != 0 \|\|
				2038	(r = sshpkt_send(ssh)) != 0) {
				2039	error("%s: packet error: %s", __func__, ssh_err(r));
				2040	goto out;
				2041	}
				2042	success = 1;
				2043
				2044	out:
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	2045	if (sig != NULL)
				2046	freezero(sig, siglen);
djm@openbsd.org	46347ed	2015-01-30 11:43:14 +0000	[diff] [blame]	2047	free(keyblob);
				2048	free(lname);
				2049	free(fp);
				2050	free(chost);
				2051	sshkey_free(private);
				2052	sshbuf_free(b);
				2053
				2054	return success;
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	2055	}
				2056
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	2057	/* find auth method */
				2058
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	2059	/*
				2060	* given auth method name, if configurable options permit this method fill
				2061	* in auth_ident field and return true, otherwise return false.
				2062	*/
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	2063	static int
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	2064	authmethod_is_enabled(Authmethod *method)
				2065	{
				2066	if (method == NULL)
				2067	return 0;
				2068	/* return false if options indicate this method is disabled */
				2069	if (method->enabled == NULL \|\| *method->enabled == 0)
				2070	return 0;
				2071	/* return false if batch mode is enabled but method needs interactive mode */
				2072	if (method->batch_flag != NULL && *method->batch_flag != 0)
				2073	return 0;
				2074	return 1;
				2075	}
				2076
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	2077	static Authmethod *
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	2078	authmethod_lookup(const char *name)
				2079	{
				2080	Authmethod *method = NULL;
				2081	if (name != NULL)
				2082	for (method = authmethods; method->name != NULL; method++)
				2083	if (strcmp(name, method->name) == 0)
				2084	return method;
				2085	debug2("Unrecognized authentication method name: %s", name ? name : "NULL");
				2086	return NULL;
				2087	}
				2088
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame]	2089	/* XXX internal state */
				2090	static Authmethod *current = NULL;
				2091	static char *supported = NULL;
				2092	static char *preferred = NULL;
Ben Lindstrom	5c38552	2002-06-23 21:23:20 +0000	[diff] [blame]	2093
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	2094	/*
				2095	* Given the authentication method list sent by the server, return the
				2096	* next method we should try. If the server initially sends a nil list,
Ben Lindstrom	a370005	2001-04-05 23:26:32 +0000	[diff] [blame]	2097	* use a built-in default list.
Kevin Steves	ef4eea9	2001-02-05 12:42:17 +0000	[diff] [blame]	2098	*/
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	2099	static Authmethod *
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	2100	authmethod_get(char *authlist)
				2101	{
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame]	2102	char *name = NULL;
Ben Lindstrom	c58ab02	2002-02-26 18:15:09 +0000	[diff] [blame]	2103	u_int next;
Kevin Steves	ef4eea9	2001-02-05 12:42:17 +0000	[diff] [blame]	2104
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	2105	/* Use a suitable default if we're passed a nil list. */
				2106	if (authlist == NULL \|\| strlen(authlist) == 0)
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame]	2107	authlist = options.preferred_authentications;
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	2108
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame]	2109	if (supported == NULL \|\| strcmp(authlist, supported) != 0) {
				2110	debug3("start over, passed a different list %s", authlist);
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	2111	free(supported);
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame]	2112	supported = xstrdup(authlist);
				2113	preferred = options.preferred_authentications;
				2114	debug3("preferred %s", preferred);
				2115	current = NULL;
				2116	} else if (current != NULL && authmethod_is_enabled(current))
				2117	return current;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	2118
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame]	2119	for (;;) {
				2120	if ((name = match_list(preferred, supported, &next)) == NULL) {
Ben Lindstrom	1d568f9	2002-12-23 02:44:36 +0000	[diff] [blame]	2121	debug("No more authentication methods to try.");
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame]	2122	current = NULL;
				2123	return NULL;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	2124	}
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame]	2125	preferred += next;
				2126	debug3("authmethod_lookup %s", name);
				2127	debug3("remaining preferred: %s", preferred);
				2128	if ((current = authmethod_lookup(name)) != NULL &&
				2129	authmethod_is_enabled(current)) {
				2130	debug3("authmethod_is_enabled %s", name);
Ben Lindstrom	1d568f9	2002-12-23 02:44:36 +0000	[diff] [blame]	2131	debug("Next authentication method: %s", name);
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	2132	free(name);
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame]	2133	return current;
				2134	}
Darren Tucker	e52a260	2013-06-06 08:22:05 +1000	[diff] [blame]	2135	free(name);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	2136	}
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame]	2137	}
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	2138
Ben Lindstrom	7907382	2001-07-04 03:42:30 +0000	[diff] [blame]	2139	static char *
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame]	2140	authmethods_get(void)
				2141	{
				2142	Authmethod *method = NULL;
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	2143	struct sshbuf *b;
Damien Miller	0e3b872	2002-01-22 23:26:38 +1100	[diff] [blame]	2144	char *list;
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	2145	int r;
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame]	2146
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	2147	if ((b = sshbuf_new()) == NULL)
				2148	fatal("%s: sshbuf_new failed", __func__);
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame]	2149	for (method = authmethods; method->name != NULL; method++) {
				2150	if (authmethod_is_enabled(method)) {
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	2151	if ((r = sshbuf_putf(b, "%s%s",
				2152	sshbuf_len(b) ? "," : "", method->name)) != 0)
				2153	fatal("%s: buffer error: %s",
				2154	__func__, ssh_err(r));
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame]	2155	}
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	2156	}
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	2157	if ((list = sshbuf_dup_string(b)) == NULL)
djm@openbsd.org	1a31d02	2016-05-02 08:49:03 +0000	[diff] [blame]	2158	fatal("%s: sshbuf_dup_string failed", __func__);
markus@openbsd.org	cecee2d	2018-07-09 21:03:30 +0000	[diff] [blame]	2159	sshbuf_free(b);
Damien Miller	0e3b872	2002-01-22 23:26:38 +1100	[diff] [blame]	2160	return list;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	2161	}