blob: 5afd7d769868eeb4409f19d9e977aafea5ae014f [file] [log] [blame]
Ben Lindstromdb65e8f2001-01-19 04:26:52 +00001/*
Ben Lindstrom92a2e382001-03-05 06:59:27 +00002 * Copyright (c) 2001 Markus Friedl. All rights reserved.
Ben Lindstrom551ea372001-06-05 18:56:16 +00003 * Copyright (c) 2001 Per Allansson. All rights reserved.
Ben Lindstromdb65e8f2001-01-19 04:26:52 +00004 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
18 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 */
25#include "includes.h"
Ben Lindstrombba81212001-06-25 05:01:22 +000026RCSID("$OpenBSD: auth2-chall.c,v 1.7 2001/06/23 15:12:17 itojun Exp $");
Ben Lindstromdb65e8f2001-01-19 04:26:52 +000027
Ben Lindstromdb65e8f2001-01-19 04:26:52 +000028#include "ssh2.h"
29#include "auth.h"
30#include "packet.h"
31#include "xmalloc.h"
32#include "dispatch.h"
Ben Lindstrom551ea372001-06-05 18:56:16 +000033#include "auth.h"
Ben Lindstrom226cfa02001-01-22 05:34:40 +000034#include "log.h"
Ben Lindstromdb65e8f2001-01-19 04:26:52 +000035
Ben Lindstrombba81212001-06-25 05:01:22 +000036static int auth2_challenge_start(Authctxt *);
37static int send_userauth_info_request(Authctxt *);
38static void input_userauth_info_response(int, int, void *);
Ben Lindstrom551ea372001-06-05 18:56:16 +000039
40#ifdef BSD_AUTH
41extern KbdintDevice bsdauth_device;
42#else
43#ifdef SKEY
44extern KbdintDevice skey_device;
45#endif
46#endif
47
48KbdintDevice *devices[] = {
49#ifdef BSD_AUTH
50 &bsdauth_device,
51#else
52#ifdef SKEY
53 &skey_device,
54#endif
55#endif
56 NULL
57};
58
59typedef struct KbdintAuthctxt KbdintAuthctxt;
60struct KbdintAuthctxt
61{
62 char *devices;
63 void *ctxt;
64 KbdintDevice *device;
65};
66
Ben Lindstrombba81212001-06-25 05:01:22 +000067static KbdintAuthctxt *
Ben Lindstrom551ea372001-06-05 18:56:16 +000068kbdint_alloc(const char *devs)
69{
70 KbdintAuthctxt *kbdintctxt;
71 int i;
72 char buf[1024];
73
74 kbdintctxt = xmalloc(sizeof(KbdintAuthctxt));
75 if (strcmp(devs, "") == 0) {
76 buf[0] = '\0';
77 for (i = 0; devices[i]; i++) {
78 if (i != 0)
79 strlcat(buf, ",", sizeof(buf));
80 strlcat(buf, devices[i]->name, sizeof(buf));
81 }
82 debug("kbdint_alloc: devices '%s'", buf);
83 kbdintctxt->devices = xstrdup(buf);
84 } else {
85 kbdintctxt->devices = xstrdup(devs);
86 }
87 kbdintctxt->ctxt = NULL;
88 kbdintctxt->device = NULL;
89
90 return kbdintctxt;
91}
Ben Lindstrombba81212001-06-25 05:01:22 +000092static void
Ben Lindstrom551ea372001-06-05 18:56:16 +000093kbdint_reset_device(KbdintAuthctxt *kbdintctxt)
94{
95 if (kbdintctxt->ctxt) {
96 kbdintctxt->device->free_ctx(kbdintctxt->ctxt);
97 kbdintctxt->ctxt = NULL;
98 }
99 kbdintctxt->device = NULL;
100}
Ben Lindstrombba81212001-06-25 05:01:22 +0000101static void
Ben Lindstrom551ea372001-06-05 18:56:16 +0000102kbdint_free(KbdintAuthctxt *kbdintctxt)
103{
104 if (kbdintctxt->device)
105 kbdint_reset_device(kbdintctxt);
106 if (kbdintctxt->devices) {
107 xfree(kbdintctxt->devices);
108 kbdintctxt->devices = NULL;
109 }
110 xfree(kbdintctxt);
111}
112/* get next device */
Ben Lindstrombba81212001-06-25 05:01:22 +0000113static int
Ben Lindstrom551ea372001-06-05 18:56:16 +0000114kbdint_next_device(KbdintAuthctxt *kbdintctxt)
115{
116 size_t len;
117 char *t;
118 int i;
119
120 if (kbdintctxt->device)
121 kbdint_reset_device(kbdintctxt);
122 do {
123 len = kbdintctxt->devices ?
124 strcspn(kbdintctxt->devices, ",") : 0;
125
126 if (len == 0)
127 break;
128 for (i = 0; devices[i]; i++)
129 if (strncmp(kbdintctxt->devices, devices[i]->name, len) == 0)
130 kbdintctxt->device = devices[i];
131 t = kbdintctxt->devices;
132 kbdintctxt->devices = t[len] ? xstrdup(t+len+1) : NULL;
133 xfree(t);
134 debug2("kbdint_next_device: devices %s", kbdintctxt->devices ?
135 kbdintctxt->devices : "<empty>");
136 } while (kbdintctxt->devices && !kbdintctxt->device);
137
138 return kbdintctxt->device ? 1 : 0;
139}
Ben Lindstromdb65e8f2001-01-19 04:26:52 +0000140
141/*
Ben Lindstrom551ea372001-06-05 18:56:16 +0000142 * try challenge-reponse, set authctxt->postponed if we have to
Ben Lindstromdb65e8f2001-01-19 04:26:52 +0000143 * wait for the response.
144 */
145int
146auth2_challenge(Authctxt *authctxt, char *devs)
147{
Ben Lindstrom551ea372001-06-05 18:56:16 +0000148 debug("auth2_challenge: user=%s devs=%s",
149 authctxt->user ? authctxt->user : "<nouser>",
150 devs ? devs : "<no devs>");
Ben Lindstromdb65e8f2001-01-19 04:26:52 +0000151
Ben Lindstrom742e89e2001-06-09 01:17:23 +0000152 if (authctxt->user == NULL || !devs)
Ben Lindstromdb65e8f2001-01-19 04:26:52 +0000153 return 0;
Ben Lindstrom551ea372001-06-05 18:56:16 +0000154 if (authctxt->kbdintctxt == NULL)
155 authctxt->kbdintctxt = kbdint_alloc(devs);
156 return auth2_challenge_start(authctxt);
157}
158
159/* side effect: sets authctxt->postponed if a reply was sent*/
160static int
161auth2_challenge_start(Authctxt *authctxt)
162{
163 KbdintAuthctxt *kbdintctxt = authctxt->kbdintctxt;
164
165 debug2("auth2_challenge_start: devices %s",
166 kbdintctxt->devices ? kbdintctxt->devices : "<empty>");
167
168 if (kbdint_next_device(kbdintctxt) == 0) {
169 kbdint_free(kbdintctxt);
170 authctxt->kbdintctxt = NULL;
Ben Lindstromdb65e8f2001-01-19 04:26:52 +0000171 return 0;
Ben Lindstrom551ea372001-06-05 18:56:16 +0000172 }
173 debug("auth2_challenge_start: trying authentication method '%s'",
174 kbdintctxt->device->name);
175
176 if ((kbdintctxt->ctxt = kbdintctxt->device->init_ctx(authctxt)) == NULL) {
177 kbdint_free(kbdintctxt);
178 authctxt->kbdintctxt = NULL;
179 return 0;
180 }
181 if (send_userauth_info_request(authctxt) == 0) {
182 kbdint_free(kbdintctxt);
183 authctxt->kbdintctxt = NULL;
184 return 0;
185 }
Ben Lindstromdb65e8f2001-01-19 04:26:52 +0000186 dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE,
187 &input_userauth_info_response);
Ben Lindstrom551ea372001-06-05 18:56:16 +0000188
Ben Lindstromdb65e8f2001-01-19 04:26:52 +0000189 authctxt->postponed = 1;
190 return 0;
191}
192
Ben Lindstrom551ea372001-06-05 18:56:16 +0000193static int
194send_userauth_info_request(Authctxt *authctxt)
Ben Lindstromdb65e8f2001-01-19 04:26:52 +0000195{
Ben Lindstrom551ea372001-06-05 18:56:16 +0000196 KbdintAuthctxt *kbdintctxt;
197 char *name, *instr, **prompts;
198 int i;
199 u_int numprompts, *echo_on;
200
201 kbdintctxt = authctxt->kbdintctxt;
202 if (kbdintctxt->device->query(kbdintctxt->ctxt,
203 &name, &instr, &numprompts, &prompts, &echo_on))
204 return 0;
Ben Lindstromdb65e8f2001-01-19 04:26:52 +0000205
206 packet_start(SSH2_MSG_USERAUTH_INFO_REQUEST);
Ben Lindstrom551ea372001-06-05 18:56:16 +0000207 packet_put_cstring(name);
208 packet_put_cstring(instr);
209 packet_put_cstring(""); /* language not used */
210 packet_put_int(numprompts);
211 for (i = 0; i < numprompts; i++) {
212 packet_put_cstring(prompts[i]);
213 packet_put_char(echo_on[i]);
214 }
Ben Lindstromdb65e8f2001-01-19 04:26:52 +0000215 packet_send();
216 packet_write_wait();
Ben Lindstrom551ea372001-06-05 18:56:16 +0000217
218 for (i = 0; i < numprompts; i++)
219 xfree(prompts[i]);
220 xfree(prompts);
221 xfree(echo_on);
222 xfree(name);
223 xfree(instr);
224 return 1;
Ben Lindstromdb65e8f2001-01-19 04:26:52 +0000225}
226
Ben Lindstrom551ea372001-06-05 18:56:16 +0000227static void
Ben Lindstromdb65e8f2001-01-19 04:26:52 +0000228input_userauth_info_response(int type, int plen, void *ctxt)
229{
230 Authctxt *authctxt = ctxt;
Ben Lindstrom551ea372001-06-05 18:56:16 +0000231 KbdintAuthctxt *kbdintctxt;
232 int i, authenticated = 0, res, len;
233 u_int nresp;
234 char **response = NULL, *method;
Ben Lindstromdb65e8f2001-01-19 04:26:52 +0000235
236 if (authctxt == NULL)
237 fatal("input_userauth_info_response: no authctxt");
Ben Lindstrom551ea372001-06-05 18:56:16 +0000238 kbdintctxt = authctxt->kbdintctxt;
239 if (kbdintctxt == NULL || kbdintctxt->ctxt == NULL)
240 fatal("input_userauth_info_response: no kbdintctxt");
241 if (kbdintctxt->device == NULL)
242 fatal("input_userauth_info_response: no device");
Ben Lindstromdb65e8f2001-01-19 04:26:52 +0000243
244 authctxt->postponed = 0; /* reset */
245 nresp = packet_get_int();
Ben Lindstrom551ea372001-06-05 18:56:16 +0000246 if (nresp > 0) {
247 response = xmalloc(nresp * sizeof(char*));
248 for (i = 0; i < nresp; i++)
249 response[i] = packet_get_string(NULL);
Ben Lindstromdb65e8f2001-01-19 04:26:52 +0000250 }
Ben Lindstrom551ea372001-06-05 18:56:16 +0000251 packet_done();
252
253 if (authctxt->valid) {
254 res = kbdintctxt->device->respond(kbdintctxt->ctxt,
255 nresp, response);
256 } else {
257 res = -1;
258 }
259
260 for (i = 0; i < nresp; i++) {
261 memset(response[i], 'r', strlen(response[i]));
262 xfree(response[i]);
263 }
264 if (response)
265 xfree(response);
266
267 switch (res) {
268 case 0:
269 /* Success! */
270 authenticated = 1;
271 break;
272 case 1:
273 /* Authentication needs further interaction */
274 authctxt->postponed = 1;
275 if (send_userauth_info_request(authctxt) == 0) {
276 authctxt->postponed = 0;
277 }
278 break;
279 default:
280 /* Failure! */
281 break;
282 }
283
284 len = strlen("keyboard-interactive") + 2 +
285 strlen(kbdintctxt->device->name);
286 method = xmalloc(len);
287 method[0] = '\0';
288 strlcat(method, "keyboard-interactive", len);
289 strlcat(method, "/", len);
290 strlcat(method, kbdintctxt->device->name, len);
291
292 if (!authctxt->postponed) {
293 /* unregister callback */
Ben Lindstromdb65e8f2001-01-19 04:26:52 +0000294 dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE, NULL);
Damien Miller5d57e502001-03-30 10:48:31 +1000295
Ben Lindstrom551ea372001-06-05 18:56:16 +0000296 if (authenticated) {
297 kbdint_free(kbdintctxt);
298 authctxt->kbdintctxt = NULL;
299 } else {
300 /* start next device */
301 /* may set authctxt->postponed */
302 auth2_challenge_start(authctxt);
303 }
304 }
Damien Miller5d57e502001-03-30 10:48:31 +1000305 userauth_finish(authctxt, authenticated, method);
Ben Lindstrom551ea372001-06-05 18:56:16 +0000306 xfree(method);
Ben Lindstromdb65e8f2001-01-19 04:26:52 +0000307}