Blame - sshconnect2.c - platform/external/openssh

blob: 1b85730fea4364252ef7a5046a523a9eaf98ad3f [file] [log] [blame]

Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	1	/*
				2	* Copyright (c) 2000 Markus Friedl. All rights reserved.
				3	*
				4	* Redistribution and use in source and binary forms, with or without
				5	* modification, are permitted provided that the following conditions
				6	* are met:
				7	* 1. Redistributions of source code must retain the above copyright
				8	* notice, this list of conditions and the following disclaimer.
				9	* 2. Redistributions in binary form must reproduce the above copyright
				10	* notice, this list of conditions and the following disclaimer in the
				11	* documentation and/or other materials provided with the distribution.
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	12	*
				13	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
				14	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
				15	* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
				16	* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
				17	* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
				18	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
				19	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
				20	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
				21	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
				22	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
				23	*/
				24
				25	#include "includes.h"
Damien Miller	f842fcb	2003-05-15 12:01:28 +1000	[diff] [blame]	26	RCSID("$OpenBSD: sshconnect2.c,v 1.119 2003/05/15 00:28:28 markus Exp $");
Damien Miller	3ab496b	2003-05-14 13:47:37 +1000	[diff] [blame]	27
				28	#ifdef KRB5
				29	#include <krb5.h>
Damien Miller	9c61769	2003-05-14 14:31:11 +1000	[diff] [blame]	30	#ifndef HEIMDAL
				31	#define krb5_get_err_text(context,code) error_message(code)
				32	#endif /* !HEIMDAL */
Damien Miller	3ab496b	2003-05-14 13:47:37 +1000	[diff] [blame]	33	#endif
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	34
Damien Miller	9c61769	2003-05-14 14:31:11 +1000	[diff] [blame]	35	#include "openbsd-compat/sys-queue.h"
				36
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	37	#include "ssh.h"
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	38	#include "ssh2.h"
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	39	#include "xmalloc.h"
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	40	#include "buffer.h"
				41	#include "packet.h"
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	42	#include "compat.h"
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	43	#include "bufaux.h"
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	44	#include "cipher.h"
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	45	#include "kex.h"
				46	#include "myproposal.h"
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	47	#include "sshconnect.h"
				48	#include "authfile.h"
Ben Lindstrom	df22139	2001-03-29 00:36:16 +0000	[diff] [blame]	49	#include "dh.h"
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	50	#include "authfd.h"
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	51	#include "log.h"
				52	#include "readconf.h"
				53	#include "readpass.h"
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame]	54	#include "match.h"
Ben Lindstrom	20d7c7b	2001-04-04 01:56:17 +0000	[diff] [blame]	55	#include "dispatch.h"
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	56	#include "canohost.h"
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	57	#include "msg.h"
				58	#include "pathnames.h"
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	59
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	60	/* import */
				61	extern char *client_version_string;
				62	extern char *server_version_string;
				63	extern Options options;
				64
				65	/*
				66	* SSH2 key exchange
				67	*/
				68
Ben Lindstrom	46c1622	2000-12-22 01:43:59 +0000	[diff] [blame]	69	u_char *session_id2 = NULL;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	70	int session_id2_len = 0;
				71
Ben Lindstrom	20d7c7b	2001-04-04 01:56:17 +0000	[diff] [blame]	72	char *xxx_host;
				73	struct sockaddr *xxx_hostaddr;
				74
Ben Lindstrom	f28f634	2001-04-04 02:03:04 +0000	[diff] [blame]	75	Kex *xxx_kex = NULL;
				76
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	77	static int
Ben Lindstrom	d6481ea	2001-06-25 04:37:41 +0000	[diff] [blame]	78	verify_host_key_callback(Key *hostkey)
Ben Lindstrom	20d7c7b	2001-04-04 01:56:17 +0000	[diff] [blame]	79	{
Ben Lindstrom	d6481ea	2001-06-25 04:37:41 +0000	[diff] [blame]	80	if (verify_host_key(xxx_host, xxx_hostaddr, hostkey) == -1)
Damien Miller	59d9fb9	2001-10-10 15:03:11 +1000	[diff] [blame]	81	fatal("Host key verification failed.");
Ben Lindstrom	20d7c7b	2001-04-04 01:56:17 +0000	[diff] [blame]	82	return 0;
				83	}
				84
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	85	void
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	86	ssh_kex2(char host, struct sockaddr hostaddr)
				87	{
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	88	Kex *kex;
Ben Lindstrom	20d7c7b	2001-04-04 01:56:17 +0000	[diff] [blame]	89
				90	xxx_host = host;
				91	xxx_hostaddr = hostaddr;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	92
Damien Miller	e39cacc	2000-11-29 12:18:44 +1100	[diff] [blame]	93	if (options.ciphers == (char *)-1) {
Damien Miller	996acd2	2003-04-09 20:59:48 +1000	[diff] [blame]	94	logit("No valid ciphers for protocol version 2 given, using defaults.");
Damien Miller	e39cacc	2000-11-29 12:18:44 +1100	[diff] [blame]	95	options.ciphers = NULL;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	96	}
				97	if (options.ciphers != NULL) {
				98	myproposal[PROPOSAL_ENC_ALGS_CTOS] =
				99	myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers;
				100	}
Damien Miller	a0ff466	2001-03-30 10:49:35 +1000	[diff] [blame]	101	myproposal[PROPOSAL_ENC_ALGS_CTOS] =
				102	compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_CTOS]);
				103	myproposal[PROPOSAL_ENC_ALGS_STOC] =
				104	compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_STOC]);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	105	if (options.compression) {
Ben Lindstrom	06b33aa	2001-02-15 03:01:59 +0000	[diff] [blame]	106	myproposal[PROPOSAL_COMP_ALGS_CTOS] =
Ben Lindstrom	343010a	2002-07-04 00:16:25 +0000	[diff] [blame]	107	myproposal[PROPOSAL_COMP_ALGS_STOC] = "zlib,none";
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	108	} else {
Ben Lindstrom	06b33aa	2001-02-15 03:01:59 +0000	[diff] [blame]	109	myproposal[PROPOSAL_COMP_ALGS_CTOS] =
Ben Lindstrom	343010a	2002-07-04 00:16:25 +0000	[diff] [blame]	110	myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib";
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	111	}
Ben Lindstrom	06b33aa	2001-02-15 03:01:59 +0000	[diff] [blame]	112	if (options.macs != NULL) {
				113	myproposal[PROPOSAL_MAC_ALGS_CTOS] =
				114	myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
				115	}
Ben Lindstrom	982dbbc	2001-04-17 18:11:36 +0000	[diff] [blame]	116	if (options.hostkeyalgorithms != NULL)
Damien Miller	9f0f5c6	2001-12-21 14:45:46 +1100	[diff] [blame]	117	myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
Ben Lindstrom	982dbbc	2001-04-17 18:11:36 +0000	[diff] [blame]	118	options.hostkeyalgorithms;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	119
Damien Miller	a5539d2	2003-04-09 20:50:06 +1000	[diff] [blame]	120	if (options.rekey_limit)
				121	packet_set_rekey_limit(options.rekey_limit);
				122
Ben Lindstrom	8ac9106	2001-04-04 17:57:54 +0000	[diff] [blame]	123	/* start key exchange */
Ben Lindstrom	238abf6	2001-04-04 17:52:53 +0000	[diff] [blame]	124	kex = kex_setup(myproposal);
Damien Miller	8e7fb33	2003-02-24 12:03:03 +1100	[diff] [blame]	125	kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client;
				126	kex->kex[KEX_DH_GEX_SHA1] = kexgex_client;
Ben Lindstrom	20d7c7b	2001-04-04 01:56:17 +0000	[diff] [blame]	127	kex->client_version_string=client_version_string;
				128	kex->server_version_string=server_version_string;
Ben Lindstrom	d6481ea	2001-06-25 04:37:41 +0000	[diff] [blame]	129	kex->verify_host_key=&verify_host_key_callback;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	130
Ben Lindstrom	f28f634	2001-04-04 02:03:04 +0000	[diff] [blame]	131	xxx_kex = kex;
				132
Ben Lindstrom	be2cc43	2001-04-04 23:46:07 +0000	[diff] [blame]	133	dispatch_run(DISPATCH_BLOCK, &kex->done, kex);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	134
Ben Lindstrom	2d90e00	2001-04-04 02:00:54 +0000	[diff] [blame]	135	session_id2 = kex->session_id;
				136	session_id2_len = kex->session_id_len;
				137
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	138	#ifdef DEBUG_KEXDH
				139	/* send 1st encrypted/maced/compressed message */
				140	packet_start(SSH2_MSG_IGNORE);
				141	packet_put_cstring("markus");
				142	packet_send();
				143	packet_write_wait();
				144	#endif
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	145	}
Damien Miller	b1715dc	2000-05-30 13:44:51 +1000	[diff] [blame]	146
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	147	/*
				148	* Authenticate user
				149	*/
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	150
				151	typedef struct Authctxt Authctxt;
				152	typedef struct Authmethod Authmethod;
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	153	typedef struct identity Identity;
				154	typedef struct idlist Idlist;
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	155
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	156	struct identity {
				157	TAILQ_ENTRY(identity) next;
				158	AuthenticationConnection ac; / set if agent supports key */
				159	Key key; / public/private key */
				160	char filename; / comment for agent-only keys */
				161	int tried;
				162	int isprivate; /* key points to the private key */
				163	};
				164	TAILQ_HEAD(idlist, identity);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	165
				166	struct Authctxt {
				167	const char *server_user;
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	168	const char *local_user;
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	169	const char *host;
				170	const char *service;
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	171	Authmethod *method;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	172	int success;
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	173	char *authlist;
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	174	/* pubkey */
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	175	Idlist keys;
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	176	AuthenticationConnection *agent;
				177	/* hostbased */
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	178	Sensitive *sensitive;
Ben Lindstrom	7d19996	2001-09-12 18:29:00 +0000	[diff] [blame]	179	/* kbd-interactive */
				180	int info_req_seen;
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	181	};
				182	struct Authmethod {
				183	char name; / string to compare against server's list */
				184	int (userauth)(Authctxt authctxt);
				185	int enabled; / flag in option struct that enables method */
				186	int batch_flag; / flag in option struct that disables method */
				187	};
				188
Damien Miller	630d6f4	2002-01-22 23:17:30 +1100	[diff] [blame]	189	void input_userauth_success(int, u_int32_t, void *);
				190	void input_userauth_failure(int, u_int32_t, void *);
				191	void input_userauth_banner(int, u_int32_t, void *);
				192	void input_userauth_error(int, u_int32_t, void *);
				193	void input_userauth_info_req(int, u_int32_t, void *);
				194	void input_userauth_pk_ok(int, u_int32_t, void *);
Ben Lindstrom	38a69e6	2002-03-27 17:28:46 +0000	[diff] [blame]	195	void input_userauth_passwd_changereq(int, u_int32_t, void *);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	196
Ben Lindstrom	3c36bb2	2001-12-06 17:55:26 +0000	[diff] [blame]	197	int userauth_none(Authctxt *);
				198	int userauth_pubkey(Authctxt *);
				199	int userauth_passwd(Authctxt *);
				200	int userauth_kbdint(Authctxt *);
				201	int userauth_hostbased(Authctxt *);
Damien Miller	3ab496b	2003-05-14 13:47:37 +1000	[diff] [blame]	202	int userauth_kerberos(Authctxt *);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	203
Ben Lindstrom	3c36bb2	2001-12-06 17:55:26 +0000	[diff] [blame]	204	void userauth(Authctxt , char );
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	205
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	206	static int sign_and_send_pubkey(Authctxt , Identity );
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	207	static void pubkey_prepare(Authctxt *);
				208	static void pubkey_cleanup(Authctxt *);
				209	static Key load_identity_file(char );
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	210
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	211	static Authmethod authmethod_get(char authlist);
				212	static Authmethod authmethod_lookup(const char name);
				213	static char *authmethods_get(void);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	214
				215	Authmethod authmethods[] = {
Ben Lindstrom	1bfe291	2001-06-05 19:37:25 +0000	[diff] [blame]	216	{"hostbased",
				217	userauth_hostbased,
				218	&options.hostbased_authentication,
				219	NULL},
Damien Miller	3ab496b	2003-05-14 13:47:37 +1000	[diff] [blame]	220	#if KRB5
				221	{"kerberos-2@ssh.com",
				222	userauth_kerberos,
				223	&options.kerberos_authentication,
				224	NULL},
				225	#endif
Ben Lindstrom	45350e8	2001-08-06 20:57:11 +0000	[diff] [blame]	226	{"publickey",
				227	userauth_pubkey,
				228	&options.pubkey_authentication,
				229	NULL},
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	230	{"keyboard-interactive",
				231	userauth_kbdint,
				232	&options.kbd_interactive_authentication,
				233	&options.batch_mode},
Ben Lindstrom	45350e8	2001-08-06 20:57:11 +0000	[diff] [blame]	234	{"password",
				235	userauth_passwd,
				236	&options.password_authentication,
				237	&options.batch_mode},
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	238	{"none",
				239	userauth_none,
				240	NULL,
				241	NULL},
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	242	{NULL, NULL, NULL, NULL}
				243	};
				244
				245	void
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	246	ssh_userauth2(const char local_user, const char server_user, char *host,
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	247	Sensitive *sensitive)
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	248	{
				249	Authctxt authctxt;
				250	int type;
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	251
Ben Lindstrom	551ea37	2001-06-05 18:56:16 +0000	[diff] [blame]	252	if (options.challenge_response_authentication)
Ben Lindstrom	95fb2dd	2001-01-23 03:12:10 +0000	[diff] [blame]	253	options.kbd_interactive_authentication = 1;
				254
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	255	packet_start(SSH2_MSG_SERVICE_REQUEST);
				256	packet_put_cstring("ssh-userauth");
				257	packet_send();
Ben Lindstrom	064496f	2002-12-23 02:04:22 +0000	[diff] [blame]	258	debug("SSH2_MSG_SERVICE_REQUEST sent");
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	259	packet_write_wait();
Damien Miller	dff5099	2002-01-22 23:16:32 +1100	[diff] [blame]	260	type = packet_read();
Ben Lindstrom	064496f	2002-12-23 02:04:22 +0000	[diff] [blame]	261	if (type != SSH2_MSG_SERVICE_ACCEPT)
				262	fatal("Server denied authentication request: %d", type);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	263	if (packet_remaining() > 0) {
Damien Miller	dff5099	2002-01-22 23:16:32 +1100	[diff] [blame]	264	char *reply = packet_get_string(NULL);
Ben Lindstrom	064496f	2002-12-23 02:04:22 +0000	[diff] [blame]	265	debug2("service_accept: %s", reply);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	266	xfree(reply);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	267	} else {
Ben Lindstrom	1d568f9	2002-12-23 02:44:36 +0000	[diff] [blame]	268	debug2("buggy server: service_accept w/o service");
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	269	}
Damien Miller	48b03fc	2002-01-22 23:11:40 +1100	[diff] [blame]	270	packet_check_eom();
Ben Lindstrom	064496f	2002-12-23 02:04:22 +0000	[diff] [blame]	271	debug("SSH2_MSG_SERVICE_ACCEPT received");
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	272
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame]	273	if (options.preferred_authentications == NULL)
				274	options.preferred_authentications = authmethods_get();
				275
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	276	/* setup authentication context */
Ben Lindstrom	7d19996	2001-09-12 18:29:00 +0000	[diff] [blame]	277	memset(&authctxt, 0, sizeof(authctxt));
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	278	pubkey_prepare(&authctxt);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	279	authctxt.server_user = server_user;
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	280	authctxt.local_user = local_user;
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	281	authctxt.host = host;
				282	authctxt.service = "ssh-connection"; /* service name */
				283	authctxt.success = 0;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	284	authctxt.method = authmethod_lookup("none");
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	285	authctxt.authlist = NULL;
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	286	authctxt.sensitive = sensitive;
Ben Lindstrom	7d19996	2001-09-12 18:29:00 +0000	[diff] [blame]	287	authctxt.info_req_seen = 0;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	288	if (authctxt.method == NULL)
				289	fatal("ssh_userauth2: internal error: cannot send userauth none request");
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	290
				291	/* initial userauth request */
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	292	userauth_none(&authctxt);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	293
Ben Lindstrom	8ac9106	2001-04-04 17:57:54 +0000	[diff] [blame]	294	dispatch_init(&input_userauth_error);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	295	dispatch_set(SSH2_MSG_USERAUTH_SUCCESS, &input_userauth_success);
				296	dispatch_set(SSH2_MSG_USERAUTH_FAILURE, &input_userauth_failure);
Ben Lindstrom	d26dcf3	2001-01-06 15:18:16 +0000	[diff] [blame]	297	dispatch_set(SSH2_MSG_USERAUTH_BANNER, &input_userauth_banner);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	298	dispatch_run(DISPATCH_BLOCK, &authctxt.success, &authctxt); /* loop until success */
				299
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	300	pubkey_cleanup(&authctxt);
Damien Miller	f842fcb	2003-05-15 12:01:28 +1000	[diff] [blame]	301	dispatch_range(SSH2_MSG_USERAUTH_MIN, SSH2_MSG_USERAUTH_MAX, NULL);
				302
Ben Lindstrom	1d568f9	2002-12-23 02:44:36 +0000	[diff] [blame]	303	debug("Authentication succeeded (%s).", authctxt.method->name);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	304	}
Damien Miller	f842fcb	2003-05-15 12:01:28 +1000	[diff] [blame]	305
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	306	void
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	307	userauth(Authctxt authctxt, char authlist)
				308	{
				309	if (authlist == NULL) {
				310	authlist = authctxt->authlist;
				311	} else {
				312	if (authctxt->authlist)
				313	xfree(authctxt->authlist);
				314	authctxt->authlist = authlist;
				315	}
				316	for (;;) {
				317	Authmethod *method = authmethod_get(authlist);
				318	if (method == NULL)
				319	fatal("Permission denied (%s).", authlist);
				320	authctxt->method = method;
Damien Miller	f842fcb	2003-05-15 12:01:28 +1000	[diff] [blame]	321
				322	/* reset the per method handler */
				323	dispatch_range(SSH2_MSG_USERAUTH_PER_METHOD_MIN,
				324	SSH2_MSG_USERAUTH_PER_METHOD_MAX, NULL);
				325
				326	/* and try new method */
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	327	if (method->userauth(authctxt) != 0) {
				328	debug2("we sent a %s packet, wait for reply", method->name);
				329	break;
				330	} else {
				331	debug2("we did not send a packet, disable method");
				332	method->enabled = NULL;
				333	}
				334	}
				335	}
Ben Lindstrom	5c38552	2002-06-23 21:23:20 +0000	[diff] [blame]	336
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	337	void
Damien Miller	630d6f4	2002-01-22 23:17:30 +1100	[diff] [blame]	338	input_userauth_error(int type, u_int32_t seq, void *ctxt)
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	339	{
Ben Lindstrom	d26dcf3	2001-01-06 15:18:16 +0000	[diff] [blame]	340	fatal("input_userauth_error: bad message during authentication: "
				341	"type %d", type);
				342	}
Ben Lindstrom	5c38552	2002-06-23 21:23:20 +0000	[diff] [blame]	343
Ben Lindstrom	d26dcf3	2001-01-06 15:18:16 +0000	[diff] [blame]	344	void
Damien Miller	630d6f4	2002-01-22 23:17:30 +1100	[diff] [blame]	345	input_userauth_banner(int type, u_int32_t seq, void *ctxt)
Ben Lindstrom	d26dcf3	2001-01-06 15:18:16 +0000	[diff] [blame]	346	{
				347	char msg, lang;
				348	debug3("input_userauth_banner");
				349	msg = packet_get_string(NULL);
				350	lang = packet_get_string(NULL);
				351	fprintf(stderr, "%s", msg);
				352	xfree(msg);
				353	xfree(lang);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	354	}
Ben Lindstrom	5c38552	2002-06-23 21:23:20 +0000	[diff] [blame]	355
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	356	void
Damien Miller	630d6f4	2002-01-22 23:17:30 +1100	[diff] [blame]	357	input_userauth_success(int type, u_int32_t seq, void *ctxt)
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	358	{
				359	Authctxt *authctxt = ctxt;
				360	if (authctxt == NULL)
				361	fatal("input_userauth_success: no authentication context");
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	362	if (authctxt->authlist)
				363	xfree(authctxt->authlist);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	364	authctxt->success = 1; /* break out */
				365	}
Ben Lindstrom	5c38552	2002-06-23 21:23:20 +0000	[diff] [blame]	366
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	367	void
Damien Miller	630d6f4	2002-01-22 23:17:30 +1100	[diff] [blame]	368	input_userauth_failure(int type, u_int32_t seq, void *ctxt)
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	369	{
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	370	Authctxt *authctxt = ctxt;
				371	char *authlist = NULL;
				372	int partial;
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	373
				374	if (authctxt == NULL)
				375	fatal("input_userauth_failure: no authentication context");
				376
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	377	authlist = packet_get_string(NULL);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	378	partial = packet_get_char();
Damien Miller	48b03fc	2002-01-22 23:11:40 +1100	[diff] [blame]	379	packet_check_eom();
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	380
				381	if (partial != 0)
Damien Miller	996acd2	2003-04-09 20:59:48 +1000	[diff] [blame]	382	logit("Authenticated with partial success.");
Ben Lindstrom	1d568f9	2002-12-23 02:44:36 +0000	[diff] [blame]	383	debug("Authentications that can continue: %s", authlist);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	384
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	385	userauth(authctxt, authlist);
				386	}
				387	void
Damien Miller	630d6f4	2002-01-22 23:17:30 +1100	[diff] [blame]	388	input_userauth_pk_ok(int type, u_int32_t seq, void *ctxt)
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	389	{
				390	Authctxt *authctxt = ctxt;
				391	Key *key = NULL;
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	392	Identity *id = NULL;
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	393	Buffer b;
Ben Lindstrom	90fd814	2002-02-26 18:09:42 +0000	[diff] [blame]	394	int pktype, sent = 0;
				395	u_int alen, blen;
				396	char pkalg, fp;
				397	u_char *pkblob;
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	398
				399	if (authctxt == NULL)
				400	fatal("input_userauth_pk_ok: no authentication context");
				401	if (datafellows & SSH_BUG_PKOK) {
				402	/* this is similar to SSH_BUG_PKAUTH */
				403	debug2("input_userauth_pk_ok: SSH_BUG_PKOK");
				404	pkblob = packet_get_string(&blen);
				405	buffer_init(&b);
				406	buffer_append(&b, pkblob, blen);
				407	pkalg = buffer_get_string(&b, &alen);
				408	buffer_free(&b);
				409	} else {
				410	pkalg = packet_get_string(&alen);
				411	pkblob = packet_get_string(&blen);
Kevin Steves	ef4eea9	2001-02-05 12:42:17 +0000	[diff] [blame]	412	}
Damien Miller	48b03fc	2002-01-22 23:11:40 +1100	[diff] [blame]	413	packet_check_eom();
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	414
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	415	debug("Server accepts key: pkalg %s blen %u", pkalg, blen);
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	416
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	417	if ((pktype = key_type_from_name(pkalg)) == KEY_UNSPEC) {
				418	debug("unknown pkalg %s", pkalg);
				419	goto done;
				420	}
				421	if ((key = key_from_blob(pkblob, blen)) == NULL) {
				422	debug("no key from blob. pkalg %s", pkalg);
				423	goto done;
				424	}
				425	if (key->type != pktype) {
				426	error("input_userauth_pk_ok: type mismatch "
				427	"for decoded key (received %d, expected %d)",
				428	key->type, pktype);
				429	goto done;
				430	}
				431	fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
				432	debug2("input_userauth_pk_ok: fp %s", fp);
				433	xfree(fp);
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	434
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	435	TAILQ_FOREACH(id, &authctxt->keys, next) {
				436	if (key_equal(key, id->key)) {
				437	sent = sign_and_send_pubkey(authctxt, id);
				438	break;
				439	}
				440	}
				441	done:
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	442	if (key != NULL)
				443	key_free(key);
				444	xfree(pkalg);
				445	xfree(pkblob);
				446
Ben Lindstrom	a962c2f	2002-07-04 00:14:17 +0000	[diff] [blame]	447	/* try another method if we did not send a packet */
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	448	if (sent == 0)
				449	userauth(authctxt, NULL);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	450	}
				451
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	452	int
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	453	userauth_none(Authctxt *authctxt)
				454	{
				455	/* initial userauth request */
				456	packet_start(SSH2_MSG_USERAUTH_REQUEST);
				457	packet_put_cstring(authctxt->server_user);
				458	packet_put_cstring(authctxt->service);
				459	packet_put_cstring(authctxt->method->name);
				460	packet_send();
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	461	return 1;
				462	}
				463
				464	int
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	465	userauth_passwd(Authctxt *authctxt)
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	466	{
Damien Miller	e247cc4	2000-05-07 12:03:14 +1000	[diff] [blame]	467	static int attempt = 0;
Ben Lindstrom	38a69e6	2002-03-27 17:28:46 +0000	[diff] [blame]	468	char prompt[150];
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	469	char *password;
				470
Damien Miller	d3a1857	2000-06-07 19:55:44 +1000	[diff] [blame]	471	if (attempt++ >= options.number_of_password_prompts)
Damien Miller	e247cc4	2000-05-07 12:03:14 +1000	[diff] [blame]	472	return 0;
				473
Ben Lindstrom	1c37c6a	2001-12-06 18:00:18 +0000	[diff] [blame]	474	if (attempt != 1)
Damien Miller	d3a1857	2000-06-07 19:55:44 +1000	[diff] [blame]	475	error("Permission denied, please try again.");
				476
Ben Lindstrom	03df5bd	2001-02-10 22:16:41 +0000	[diff] [blame]	477	snprintf(prompt, sizeof(prompt), "%.30s@%.128s's password: ",
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	478	authctxt->server_user, authctxt->host);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	479	password = read_passphrase(prompt, 0);
				480	packet_start(SSH2_MSG_USERAUTH_REQUEST);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	481	packet_put_cstring(authctxt->server_user);
				482	packet_put_cstring(authctxt->service);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	483	packet_put_cstring(authctxt->method->name);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	484	packet_put_char(0);
Ben Lindstrom	5699c5f	2001-03-05 06:17:49 +0000	[diff] [blame]	485	packet_put_cstring(password);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	486	memset(password, 0, strlen(password));
				487	xfree(password);
Damien Miller	9f64390	2001-11-12 11:02:52 +1100	[diff] [blame]	488	packet_add_padding(64);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	489	packet_send();
Ben Lindstrom	38a69e6	2002-03-27 17:28:46 +0000	[diff] [blame]	490
Ben Lindstrom	cb72e4f	2002-06-21 00:41:51 +0000	[diff] [blame]	491	dispatch_set(SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ,
Ben Lindstrom	38a69e6	2002-03-27 17:28:46 +0000	[diff] [blame]	492	&input_userauth_passwd_changereq);
				493
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	494	return 1;
				495	}
Ben Lindstrom	38a69e6	2002-03-27 17:28:46 +0000	[diff] [blame]	496	/*
				497	* parse PASSWD_CHANGEREQ, prompt user and send SSH2_MSG_USERAUTH_REQUEST
				498	*/
				499	void
Tim Rice	c854962	2002-03-31 12:49:38 -0800	[diff] [blame]	500	input_userauth_passwd_changereq(int type, u_int32_t seqnr, void *ctxt)
Ben Lindstrom	38a69e6	2002-03-27 17:28:46 +0000	[diff] [blame]	501	{
				502	Authctxt *authctxt = ctxt;
				503	char info, lang, password = NULL, retype = NULL;
				504	char prompt[150];
				505
				506	debug2("input_userauth_passwd_changereq");
				507
				508	if (authctxt == NULL)
				509	fatal("input_userauth_passwd_changereq: "
				510	"no authentication context");
				511
				512	info = packet_get_string(NULL);
				513	lang = packet_get_string(NULL);
				514	if (strlen(info) > 0)
Damien Miller	996acd2	2003-04-09 20:59:48 +1000	[diff] [blame]	515	logit("%s", info);
Ben Lindstrom	38a69e6	2002-03-27 17:28:46 +0000	[diff] [blame]	516	xfree(info);
				517	xfree(lang);
				518	packet_start(SSH2_MSG_USERAUTH_REQUEST);
				519	packet_put_cstring(authctxt->server_user);
				520	packet_put_cstring(authctxt->service);
				521	packet_put_cstring(authctxt->method->name);
				522	packet_put_char(1); /* additional info */
Ben Lindstrom	cb72e4f	2002-06-21 00:41:51 +0000	[diff] [blame]	523	snprintf(prompt, sizeof(prompt),
Ben Lindstrom	38a69e6	2002-03-27 17:28:46 +0000	[diff] [blame]	524	"Enter %.30s@%.128s's old password: ",
				525	authctxt->server_user, authctxt->host);
				526	password = read_passphrase(prompt, 0);
				527	packet_put_cstring(password);
				528	memset(password, 0, strlen(password));
				529	xfree(password);
				530	password = NULL;
				531	while (password == NULL) {
Ben Lindstrom	cb72e4f	2002-06-21 00:41:51 +0000	[diff] [blame]	532	snprintf(prompt, sizeof(prompt),
Ben Lindstrom	38a69e6	2002-03-27 17:28:46 +0000	[diff] [blame]	533	"Enter %.30s@%.128s's new password: ",
				534	authctxt->server_user, authctxt->host);
				535	password = read_passphrase(prompt, RP_ALLOW_EOF);
				536	if (password == NULL) {
				537	/* bail out */
				538	return;
				539	}
Ben Lindstrom	cb72e4f	2002-06-21 00:41:51 +0000	[diff] [blame]	540	snprintf(prompt, sizeof(prompt),
Ben Lindstrom	38a69e6	2002-03-27 17:28:46 +0000	[diff] [blame]	541	"Retype %.30s@%.128s's new password: ",
				542	authctxt->server_user, authctxt->host);
				543	retype = read_passphrase(prompt, 0);
				544	if (strcmp(password, retype) != 0) {
				545	memset(password, 0, strlen(password));
				546	xfree(password);
Damien Miller	996acd2	2003-04-09 20:59:48 +1000	[diff] [blame]	547	logit("Mismatch; try again, EOF to quit.");
Ben Lindstrom	38a69e6	2002-03-27 17:28:46 +0000	[diff] [blame]	548	password = NULL;
				549	}
				550	memset(retype, 0, strlen(retype));
				551	xfree(retype);
				552	}
				553	packet_put_cstring(password);
				554	memset(password, 0, strlen(password));
				555	xfree(password);
				556	packet_add_padding(64);
				557	packet_send();
Ben Lindstrom	cb72e4f	2002-06-21 00:41:51 +0000	[diff] [blame]	558
				559	dispatch_set(SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ,
Ben Lindstrom	38a69e6	2002-03-27 17:28:46 +0000	[diff] [blame]	560	&input_userauth_passwd_changereq);
				561	}
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	562
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	563	static int
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	564	identity_sign(Identity id, u_char sigp, u_int lenp,
				565	u_char *data, u_int datalen)
				566	{
				567	Key *prv;
				568	int ret;
				569
				570	/* the agent supports this key */
				571	if (id->ac)
				572	return (ssh_agent_sign(id->ac, id->key, sigp, lenp,
				573	data, datalen));
				574	/*
				575	* we have already loaded the private key or
				576	* the private key is stored in external hardware
				577	*/
				578	if (id->isprivate \|\| (id->key->flags & KEY_FLAG_EXT))
				579	return (key_sign(id->key, sigp, lenp, data, datalen));
				580	/* load the private key from the file */
				581	if ((prv = load_identity_file(id->filename)) == NULL)
				582	return (-1);
				583	ret = key_sign(prv, sigp, lenp, data, datalen);
				584	key_free(prv);
				585	return (ret);
				586	}
				587
				588	static int
				589	sign_and_send_pubkey(Authctxt authctxt, Identity id)
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	590	{
				591	Buffer b;
Ben Lindstrom	46c1622	2000-12-22 01:43:59 +0000	[diff] [blame]	592	u_char blob, signature;
Ben Lindstrom	90fd814	2002-02-26 18:09:42 +0000	[diff] [blame]	593	u_int bloblen, slen;
Damien Miller	6536c7d	2000-06-22 21:32:31 +1000	[diff] [blame]	594	int skip = 0;
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	595	int ret = -1;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	596	int have_sig = 1;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	597
Ben Lindstrom	d121f61	2000-12-03 17:00:47 +0000	[diff] [blame]	598	debug3("sign_and_send_pubkey");
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	599
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	600	if (key_to_blob(id->key, &blob, &bloblen) == 0) {
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	601	/* we cannot handle this key */
Ben Lindstrom	d121f61	2000-12-03 17:00:47 +0000	[diff] [blame]	602	debug3("sign_and_send_pubkey: cannot handle key");
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	603	return 0;
				604	}
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	605	/* data to be signed */
				606	buffer_init(&b);
Damien Miller	50a41ed	2000-10-16 12:14:42 +1100	[diff] [blame]	607	if (datafellows & SSH_OLD_SESSIONID) {
Damien Miller	6536c7d	2000-06-22 21:32:31 +1000	[diff] [blame]	608	buffer_append(&b, session_id2, session_id2_len);
Kevin Steves	ef4eea9	2001-02-05 12:42:17 +0000	[diff] [blame]	609	skip = session_id2_len;
Damien Miller	50a41ed	2000-10-16 12:14:42 +1100	[diff] [blame]	610	} else {
				611	buffer_put_string(&b, session_id2, session_id2_len);
				612	skip = buffer_len(&b);
Damien Miller	6536c7d	2000-06-22 21:32:31 +1000	[diff] [blame]	613	}
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	614	buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	615	buffer_put_cstring(&b, authctxt->server_user);
Damien Miller	30c3d42	2000-05-09 11:02:59 +1000	[diff] [blame]	616	buffer_put_cstring(&b,
Ben Lindstrom	d121f61	2000-12-03 17:00:47 +0000	[diff] [blame]	617	datafellows & SSH_BUG_PKSERVICE ?
Damien Miller	30c3d42	2000-05-09 11:02:59 +1000	[diff] [blame]	618	"ssh-userauth" :
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	619	authctxt->service);
Ben Lindstrom	d121f61	2000-12-03 17:00:47 +0000	[diff] [blame]	620	if (datafellows & SSH_BUG_PKAUTH) {
				621	buffer_put_char(&b, have_sig);
				622	} else {
				623	buffer_put_cstring(&b, authctxt->method->name);
				624	buffer_put_char(&b, have_sig);
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	625	buffer_put_cstring(&b, key_ssh_name(id->key));
Ben Lindstrom	d121f61	2000-12-03 17:00:47 +0000	[diff] [blame]	626	}
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	627	buffer_put_string(&b, blob, bloblen);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	628
				629	/* generate signature */
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	630	ret = identity_sign(id, &signature, &slen,
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	631	buffer_ptr(&b), buffer_len(&b));
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	632	if (ret == -1) {
				633	xfree(blob);
				634	buffer_free(&b);
				635	return 0;
				636	}
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	637	#ifdef DEBUG_PK
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	638	buffer_dump(&b);
				639	#endif
Ben Lindstrom	d121f61	2000-12-03 17:00:47 +0000	[diff] [blame]	640	if (datafellows & SSH_BUG_PKSERVICE) {
Damien Miller	30c3d42	2000-05-09 11:02:59 +1000	[diff] [blame]	641	buffer_clear(&b);
				642	buffer_append(&b, session_id2, session_id2_len);
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	643	skip = session_id2_len;
Damien Miller	30c3d42	2000-05-09 11:02:59 +1000	[diff] [blame]	644	buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	645	buffer_put_cstring(&b, authctxt->server_user);
				646	buffer_put_cstring(&b, authctxt->service);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	647	buffer_put_cstring(&b, authctxt->method->name);
				648	buffer_put_char(&b, have_sig);
Ben Lindstrom	d121f61	2000-12-03 17:00:47 +0000	[diff] [blame]	649	if (!(datafellows & SSH_BUG_PKAUTH))
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	650	buffer_put_cstring(&b, key_ssh_name(id->key));
Damien Miller	30c3d42	2000-05-09 11:02:59 +1000	[diff] [blame]	651	buffer_put_string(&b, blob, bloblen);
				652	}
				653	xfree(blob);
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	654
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	655	/* append signature */
				656	buffer_put_string(&b, signature, slen);
				657	xfree(signature);
				658
				659	/* skip session id and packet type */
Damien Miller	6536c7d	2000-06-22 21:32:31 +1000	[diff] [blame]	660	if (buffer_len(&b) < skip + 1)
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	661	fatal("userauth_pubkey: internal error");
Damien Miller	6536c7d	2000-06-22 21:32:31 +1000	[diff] [blame]	662	buffer_consume(&b, skip + 1);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	663
				664	/* put remaining data from buffer into packet */
				665	packet_start(SSH2_MSG_USERAUTH_REQUEST);
				666	packet_put_raw(buffer_ptr(&b), buffer_len(&b));
				667	buffer_free(&b);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	668	packet_send();
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	669
				670	return 1;
Damien Miller	994cf14	2000-07-21 10:19:44 +1000	[diff] [blame]	671	}
				672
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	673	static int
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	674	send_pubkey_test(Authctxt authctxt, Identity id)
Damien Miller	994cf14	2000-07-21 10:19:44 +1000	[diff] [blame]	675	{
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	676	u_char *blob;
Ben Lindstrom	c58ab02	2002-02-26 18:15:09 +0000	[diff] [blame]	677	u_int bloblen, have_sig = 0;
Damien Miller	994cf14	2000-07-21 10:19:44 +1000	[diff] [blame]	678
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	679	debug3("send_pubkey_test");
				680
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	681	if (key_to_blob(id->key, &blob, &bloblen) == 0) {
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	682	/* we cannot handle this key */
				683	debug3("send_pubkey_test: cannot handle key");
Damien Miller	994cf14	2000-07-21 10:19:44 +1000	[diff] [blame]	684	return 0;
				685	}
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	686	/* register callback for USERAUTH_PK_OK message */
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	687	dispatch_set(SSH2_MSG_USERAUTH_PK_OK, &input_userauth_pk_ok);
Damien Miller	994cf14	2000-07-21 10:19:44 +1000	[diff] [blame]	688
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	689	packet_start(SSH2_MSG_USERAUTH_REQUEST);
				690	packet_put_cstring(authctxt->server_user);
				691	packet_put_cstring(authctxt->service);
				692	packet_put_cstring(authctxt->method->name);
				693	packet_put_char(have_sig);
				694	if (!(datafellows & SSH_BUG_PKAUTH))
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	695	packet_put_cstring(key_ssh_name(id->key));
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	696	packet_put_string(blob, bloblen);
				697	xfree(blob);
				698	packet_send();
				699	return 1;
				700	}
				701
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	702	static Key *
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	703	load_identity_file(char *filename)
				704	{
				705	Key *private;
				706	char prompt[300], *passphrase;
Ben Lindstrom	d0fca42	2001-03-26 13:44:06 +0000	[diff] [blame]	707	int quit, i;
Ben Lindstrom	329782e	2001-03-10 17:08:59 +0000	[diff] [blame]	708	struct stat st;
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	709
Ben Lindstrom	329782e	2001-03-10 17:08:59 +0000	[diff] [blame]	710	if (stat(filename, &st) < 0) {
				711	debug3("no such identity: %s", filename);
				712	return NULL;
				713	}
Ben Lindstrom	d0fca42	2001-03-26 13:44:06 +0000	[diff] [blame]	714	private = key_load_private_type(KEY_UNSPEC, filename, "", NULL);
				715	if (private == NULL) {
				716	if (options.batch_mode)
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	717	return NULL;
Damien Miller	994cf14	2000-07-21 10:19:44 +1000	[diff] [blame]	718	snprintf(prompt, sizeof prompt,
Damien Miller	9f0f5c6	2001-12-21 14:45:46 +1100	[diff] [blame]	719	"Enter passphrase for key '%.100s': ", filename);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	720	for (i = 0; i < options.number_of_password_prompts; i++) {
				721	passphrase = read_passphrase(prompt, 0);
				722	if (strcmp(passphrase, "") != 0) {
Ben Lindstrom	d0fca42	2001-03-26 13:44:06 +0000	[diff] [blame]	723	private = key_load_private_type(KEY_UNSPEC, filename,
				724	passphrase, NULL);
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	725	quit = 0;
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	726	} else {
				727	debug2("no passphrase given, try next key");
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	728	quit = 1;
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	729	}
				730	memset(passphrase, 0, strlen(passphrase));
				731	xfree(passphrase);
Ben Lindstrom	d0fca42	2001-03-26 13:44:06 +0000	[diff] [blame]	732	if (private != NULL \|\| quit)
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	733	break;
				734	debug2("bad passphrase given, try again...");
				735	}
Damien Miller	994cf14	2000-07-21 10:19:44 +1000	[diff] [blame]	736	}
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	737	return private;
				738	}
				739
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	740	/*
				741	* try keys in the following order:
				742	* 1. agent keys that are found in the config file
				743	* 2. other agent keys
				744	* 3. keys that are only listed in the config file
				745	*/
				746	static void
				747	pubkey_prepare(Authctxt *authctxt)
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	748	{
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	749	Identity *id;
				750	Idlist agent, files, *preferred;
				751	Key *key;
				752	AuthenticationConnection *ac;
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	753	char *comment;
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	754	int i, found;
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	755
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	756	TAILQ_INIT(&agent); /* keys from the agent */
				757	TAILQ_INIT(&files); /* keys from the config file */
				758	preferred = &authctxt->keys;
				759	TAILQ_INIT(preferred); /* preferred order of keys */
				760
				761	/* list of keys stored in the filesystem */
				762	for (i = 0; i < options.num_identity_files; i++) {
				763	key = options.identity_keys[i];
				764	if (key && key->type == KEY_RSA1)
				765	continue;
				766	options.identity_keys[i] = NULL;
				767	id = xmalloc(sizeof(*id));
				768	memset(id, 0, sizeof(*id));
				769	id->key = key;
				770	id->filename = xstrdup(options.identity_files[i]);
				771	TAILQ_INSERT_TAIL(&files, id, next);
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	772	}
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	773	/* list of keys supported by the agent */
				774	if ((ac = ssh_get_authentication_connection())) {
				775	for (key = ssh_get_first_identity(ac, &comment, 2);
				776	key != NULL;
				777	key = ssh_get_next_identity(ac, &comment, 2)) {
				778	found = 0;
				779	TAILQ_FOREACH(id, &files, next) {
				780	/* agent keys from the config file are preferred */
				781	if (key_equal(key, id->key)) {
				782	key_free(key);
				783	xfree(comment);
				784	TAILQ_REMOVE(&files, id, next);
				785	TAILQ_INSERT_TAIL(preferred, id, next);
				786	id->ac = ac;
				787	found = 1;
				788	break;
				789	}
				790	}
				791	if (!found) {
				792	id = xmalloc(sizeof(*id));
				793	memset(id, 0, sizeof(*id));
				794	id->key = key;
				795	id->filename = comment;
				796	id->ac = ac;
				797	TAILQ_INSERT_TAIL(&agent, id, next);
				798	}
				799	}
				800	/* append remaining agent keys */
				801	for (id = TAILQ_FIRST(&agent); id; id = TAILQ_FIRST(&agent)) {
				802	TAILQ_REMOVE(&agent, id, next);
				803	TAILQ_INSERT_TAIL(preferred, id, next);
				804	}
				805	authctxt->agent = ac;
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	806	}
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	807	/* append remaining keys from the config file */
				808	for (id = TAILQ_FIRST(&files); id; id = TAILQ_FIRST(&files)) {
				809	TAILQ_REMOVE(&files, id, next);
				810	TAILQ_INSERT_TAIL(preferred, id, next);
				811	}
				812	TAILQ_FOREACH(id, preferred, next) {
				813	debug2("key: %s (%p)", id->filename, id->key);
				814	}
				815	}
				816
				817	static void
				818	pubkey_cleanup(Authctxt *authctxt)
				819	{
				820	Identity *id;
				821
				822	if (authctxt->agent != NULL)
				823	ssh_close_authentication_connection(authctxt->agent);
				824	for (id = TAILQ_FIRST(&authctxt->keys); id;
				825	id = TAILQ_FIRST(&authctxt->keys)) {
				826	TAILQ_REMOVE(&authctxt->keys, id, next);
				827	if (id->key)
				828	key_free(id->key);
				829	if (id->filename)
				830	xfree(id->filename);
				831	xfree(id);
				832	}
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	833	}
				834
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	835	int
				836	userauth_pubkey(Authctxt *authctxt)
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	837	{
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	838	Identity *id;
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	839	int sent = 0;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	840
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	841	while ((id = TAILQ_FIRST(&authctxt->keys))) {
				842	if (id->tried++)
				843	return (0);
				844	TAILQ_REMOVE(&authctxt->keys, id, next);
				845	TAILQ_INSERT_TAIL(&authctxt->keys, id, next);
				846	/*
				847	* send a test message if we have the public key. for
				848	* encrypted keys we cannot do this and have to load the
				849	* private key instead
				850	*/
				851	if (id->key && id->key->type != KEY_RSA1) {
				852	debug("Offering public key: %s", id->filename);
				853	sent = send_pubkey_test(authctxt, id);
				854	} else if (id->key == NULL) {
				855	debug("Trying private key: %s", id->filename);
				856	id->key = load_identity_file(id->filename);
				857	if (id->key != NULL) {
				858	id->isprivate = 1;
				859	sent = sign_and_send_pubkey(authctxt, id);
				860	key_free(id->key);
				861	id->key = NULL;
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	862	}
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	863	}
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	864	if (sent)
				865	return (sent);
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	866	}
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	867	return (0);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	868	}
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	869
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	870	/*
				871	* Send userauth request message specifying keyboard-interactive method.
				872	*/
				873	int
				874	userauth_kbdint(Authctxt *authctxt)
				875	{
				876	static int attempt = 0;
				877
				878	if (attempt++ >= options.number_of_password_prompts)
				879	return 0;
Ben Lindstrom	7d19996	2001-09-12 18:29:00 +0000	[diff] [blame]	880	/* disable if no SSH2_MSG_USERAUTH_INFO_REQUEST has been seen */
				881	if (attempt > 1 && !authctxt->info_req_seen) {
				882	debug3("userauth_kbdint: disable: no info_req_seen");
				883	dispatch_set(SSH2_MSG_USERAUTH_INFO_REQUEST, NULL);
				884	return 0;
				885	}
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	886
				887	debug2("userauth_kbdint");
				888	packet_start(SSH2_MSG_USERAUTH_REQUEST);
				889	packet_put_cstring(authctxt->server_user);
				890	packet_put_cstring(authctxt->service);
				891	packet_put_cstring(authctxt->method->name);
				892	packet_put_cstring(""); /* lang */
				893	packet_put_cstring(options.kbd_interactive_devices ?
				894	options.kbd_interactive_devices : "");
				895	packet_send();
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	896
				897	dispatch_set(SSH2_MSG_USERAUTH_INFO_REQUEST, &input_userauth_info_req);
				898	return 1;
				899	}
				900
				901	/*
Ben Lindstrom	03df5bd	2001-02-10 22:16:41 +0000	[diff] [blame]	902	* parse INFO_REQUEST, prompt user and send INFO_RESPONSE
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	903	*/
				904	void
Damien Miller	630d6f4	2002-01-22 23:17:30 +1100	[diff] [blame]	905	input_userauth_info_req(int type, u_int32_t seq, void *ctxt)
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	906	{
				907	Authctxt *authctxt = ctxt;
Ben Lindstrom	03df5bd	2001-02-10 22:16:41 +0000	[diff] [blame]	908	char name, inst, lang, prompt, *response;
Ben Lindstrom	46c1622	2000-12-22 01:43:59 +0000	[diff] [blame]	909	u_int num_prompts, i;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	910	int echo = 0;
				911
				912	debug2("input_userauth_info_req");
				913
				914	if (authctxt == NULL)
				915	fatal("input_userauth_info_req: no authentication context");
				916
Ben Lindstrom	7d19996	2001-09-12 18:29:00 +0000	[diff] [blame]	917	authctxt->info_req_seen = 1;
				918
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	919	name = packet_get_string(NULL);
				920	inst = packet_get_string(NULL);
				921	lang = packet_get_string(NULL);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	922	if (strlen(name) > 0)
Damien Miller	996acd2	2003-04-09 20:59:48 +1000	[diff] [blame]	923	logit("%s", name);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	924	if (strlen(inst) > 0)
Damien Miller	996acd2	2003-04-09 20:59:48 +1000	[diff] [blame]	925	logit("%s", inst);
Ben Lindstrom	03df5bd	2001-02-10 22:16:41 +0000	[diff] [blame]	926	xfree(name);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	927	xfree(inst);
Ben Lindstrom	03df5bd	2001-02-10 22:16:41 +0000	[diff] [blame]	928	xfree(lang);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	929
				930	num_prompts = packet_get_int();
				931	/*
				932	* Begin to build info response packet based on prompts requested.
				933	* We commit to providing the correct number of responses, so if
				934	* further on we run into a problem that prevents this, we have to
				935	* be sure and clean this up and send a correct error response.
				936	*/
				937	packet_start(SSH2_MSG_USERAUTH_INFO_RESPONSE);
				938	packet_put_int(num_prompts);
				939
Ben Lindstrom	551ea37	2001-06-05 18:56:16 +0000	[diff] [blame]	940	debug2("input_userauth_info_req: num_prompts %d", num_prompts);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	941	for (i = 0; i < num_prompts; i++) {
				942	prompt = packet_get_string(NULL);
				943	echo = packet_get_char();
				944
Ben Lindstrom	949974b	2001-06-25 05:20:31 +0000	[diff] [blame]	945	response = read_passphrase(prompt, echo ? RP_ECHO : 0);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	946
Ben Lindstrom	5699c5f	2001-03-05 06:17:49 +0000	[diff] [blame]	947	packet_put_cstring(response);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	948	memset(response, 0, strlen(response));
				949	xfree(response);
				950	xfree(prompt);
				951	}
Damien Miller	48b03fc	2002-01-22 23:11:40 +1100	[diff] [blame]	952	packet_check_eom(); /* done with parsing incoming message. */
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	953
Damien Miller	9f64390	2001-11-12 11:02:52 +1100	[diff] [blame]	954	packet_add_padding(64);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	955	packet_send();
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	956	}
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	957
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	958	static int
Ben Lindstrom	5c38552	2002-06-23 21:23:20 +0000	[diff] [blame]	959	ssh_keysign(Key key, u_char sigp, u_int lenp,
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	960	u_char *data, u_int datalen)
				961	{
				962	Buffer b;
Ben Lindstrom	5206b95	2002-06-06 19:59:29 +0000	[diff] [blame]	963	struct stat st;
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	964	pid_t pid;
Ben Lindstrom	cec2ea8	2002-06-06 20:51:04 +0000	[diff] [blame]	965	int to[2], from[2], status, version = 2;
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	966
Ben Lindstrom	1d568f9	2002-12-23 02:44:36 +0000	[diff] [blame]	967	debug2("ssh_keysign called");
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	968
Ben Lindstrom	5206b95	2002-06-06 19:59:29 +0000	[diff] [blame]	969	if (stat(_PATH_SSH_KEY_SIGN, &st) < 0) {
				970	error("ssh_keysign: no installed: %s", strerror(errno));
				971	return -1;
				972	}
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	973	if (fflush(stdout) != 0)
				974	error("ssh_keysign: fflush: %s", strerror(errno));
				975	if (pipe(to) < 0) {
				976	error("ssh_keysign: pipe: %s", strerror(errno));
				977	return -1;
				978	}
				979	if (pipe(from) < 0) {
				980	error("ssh_keysign: pipe: %s", strerror(errno));
				981	return -1;
				982	}
				983	if ((pid = fork()) < 0) {
				984	error("ssh_keysign: fork: %s", strerror(errno));
				985	return -1;
				986	}
				987	if (pid == 0) {
				988	seteuid(getuid());
				989	setuid(getuid());
				990	close(from[0]);
				991	if (dup2(from[1], STDOUT_FILENO) < 0)
				992	fatal("ssh_keysign: dup2: %s", strerror(errno));
				993	close(to[1]);
				994	if (dup2(to[0], STDIN_FILENO) < 0)
				995	fatal("ssh_keysign: dup2: %s", strerror(errno));
Ben Lindstrom	cec2ea8	2002-06-06 20:51:04 +0000	[diff] [blame]	996	close(from[1]);
				997	close(to[0]);
Ben Lindstrom	4887da2	2002-06-06 20:05:57 +0000	[diff] [blame]	998	execl(_PATH_SSH_KEY_SIGN, _PATH_SSH_KEY_SIGN, (char *) 0);
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	999	fatal("ssh_keysign: exec(%s): %s", _PATH_SSH_KEY_SIGN,
				1000	strerror(errno));
				1001	}
				1002	close(from[1]);
				1003	close(to[0]);
				1004
				1005	buffer_init(&b);
Ben Lindstrom	cec2ea8	2002-06-06 20:51:04 +0000	[diff] [blame]	1006	buffer_put_int(&b, packet_get_connection_in()); /* send # of socket */
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	1007	buffer_put_string(&b, data, datalen);
Damien Miller	901119b	2002-10-04 11:10:04 +1000	[diff] [blame]	1008	ssh_msg_send(to[1], version, &b);
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	1009
Damien Miller	901119b	2002-10-04 11:10:04 +1000	[diff] [blame]	1010	if (ssh_msg_recv(from[0], &b) < 0) {
Ben Lindstrom	5206b95	2002-06-06 19:59:29 +0000	[diff] [blame]	1011	error("ssh_keysign: no reply");
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	1012	buffer_clear(&b);
				1013	return -1;
				1014	}
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	1015	close(from[0]);
				1016	close(to[1]);
				1017
Ben Lindstrom	cec2ea8	2002-06-06 20:51:04 +0000	[diff] [blame]	1018	while (waitpid(pid, &status, 0) < 0)
				1019	if (errno != EINTR)
				1020	break;
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	1021
Ben Lindstrom	5206b95	2002-06-06 19:59:29 +0000	[diff] [blame]	1022	if (buffer_get_char(&b) != version) {
				1023	error("ssh_keysign: bad version");
				1024	buffer_clear(&b);
				1025	return -1;
				1026	}
				1027	*sigp = buffer_get_string(&b, lenp);
				1028	buffer_clear(&b);
				1029
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	1030	return 0;
				1031	}
				1032
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	1033	int
				1034	userauth_hostbased(Authctxt *authctxt)
				1035	{
				1036	Key *private = NULL;
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	1037	Sensitive *sensitive = authctxt->sensitive;
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	1038	Buffer b;
				1039	u_char signature, blob;
				1040	char chost, pkalg, *p;
Ben Lindstrom	671388f	2001-04-19 20:40:45 +0000	[diff] [blame]	1041	const char *service;
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	1042	u_int blen, slen;
Ben Lindstrom	2bffd6f	2001-04-19 20:35:40 +0000	[diff] [blame]	1043	int ok, i, len, found = 0;
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	1044
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	1045	/* check for a useful key */
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	1046	for (i = 0; i < sensitive->nkeys; i++) {
				1047	private = sensitive->keys[i];
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	1048	if (private && private->type != KEY_RSA1) {
				1049	found = 1;
				1050	/* we take and free the key */
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	1051	sensitive->keys[i] = NULL;
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	1052	break;
				1053	}
				1054	}
				1055	if (!found) {
Ben Lindstrom	1d568f9	2002-12-23 02:44:36 +0000	[diff] [blame]	1056	debug("No more client hostkeys for hostbased authentication.");
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	1057	return 0;
				1058	}
				1059	if (key_to_blob(private, &blob, &blen) == 0) {
				1060	key_free(private);
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	1061	return 0;
				1062	}
Damien Miller	91c1847	2001-11-12 11:02:03 +1100	[diff] [blame]	1063	/* figure out a name for the client host */
				1064	p = get_local_name(packet_get_connection_in());
				1065	if (p == NULL) {
				1066	error("userauth_hostbased: cannot get local ipaddr/name");
				1067	key_free(private);
				1068	return 0;
				1069	}
				1070	len = strlen(p) + 2;
				1071	chost = xmalloc(len);
				1072	strlcpy(chost, p, len);
				1073	strlcat(chost, ".", len);
				1074	debug2("userauth_hostbased: chost %s", chost);
Damien Miller	0011138	2003-03-10 11:21:17 +1100	[diff] [blame]	1075	xfree(p);
Damien Miller	91c1847	2001-11-12 11:02:03 +1100	[diff] [blame]	1076
Ben Lindstrom	671388f	2001-04-19 20:40:45 +0000	[diff] [blame]	1077	service = datafellows & SSH_BUG_HBSERVICE ? "ssh-userauth" :
				1078	authctxt->service;
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	1079	pkalg = xstrdup(key_ssh_name(private));
				1080	buffer_init(&b);
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	1081	/* construct data */
Ben Lindstrom	671388f	2001-04-19 20:40:45 +0000	[diff] [blame]	1082	buffer_put_string(&b, session_id2, session_id2_len);
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	1083	buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
				1084	buffer_put_cstring(&b, authctxt->server_user);
Ben Lindstrom	671388f	2001-04-19 20:40:45 +0000	[diff] [blame]	1085	buffer_put_cstring(&b, service);
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	1086	buffer_put_cstring(&b, authctxt->method->name);
				1087	buffer_put_cstring(&b, pkalg);
				1088	buffer_put_string(&b, blob, blen);
				1089	buffer_put_cstring(&b, chost);
				1090	buffer_put_cstring(&b, authctxt->local_user);
				1091	#ifdef DEBUG_PK
				1092	buffer_dump(&b);
				1093	#endif
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	1094	if (sensitive->external_keysign)
				1095	ok = ssh_keysign(private, &signature, &slen,
				1096	buffer_ptr(&b), buffer_len(&b));
				1097	else
				1098	ok = key_sign(private, &signature, &slen,
				1099	buffer_ptr(&b), buffer_len(&b));
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	1100	key_free(private);
				1101	buffer_free(&b);
				1102	if (ok != 0) {
				1103	error("key_sign failed");
				1104	xfree(chost);
				1105	xfree(pkalg);
				1106	return 0;
				1107	}
				1108	packet_start(SSH2_MSG_USERAUTH_REQUEST);
				1109	packet_put_cstring(authctxt->server_user);
				1110	packet_put_cstring(authctxt->service);
				1111	packet_put_cstring(authctxt->method->name);
				1112	packet_put_cstring(pkalg);
				1113	packet_put_string(blob, blen);
				1114	packet_put_cstring(chost);
				1115	packet_put_cstring(authctxt->local_user);
				1116	packet_put_string(signature, slen);
				1117	memset(signature, 's', slen);
				1118	xfree(signature);
				1119	xfree(chost);
				1120	xfree(pkalg);
				1121
				1122	packet_send();
				1123	return 1;
				1124	}
				1125
Damien Miller	3ab496b	2003-05-14 13:47:37 +1000	[diff] [blame]	1126	#if KRB5
				1127	static int
Damien Miller	4d99519	2003-05-14 19:23:56 +1000	[diff] [blame]	1128	ssh_krb5_helper(krb5_data ap, krb5_context context)
Damien Miller	3ab496b	2003-05-14 13:47:37 +1000	[diff] [blame]	1129	{
				1130	krb5_context xcontext = NULL; /* XXX share with ssh1 */
				1131	krb5_auth_context xauth_context = NULL;
Damien Miller	3ab496b	2003-05-14 13:47:37 +1000	[diff] [blame]	1132	krb5_auth_context *auth_context;
				1133	krb5_error_code problem;
				1134	const char *tkfile;
				1135	struct stat buf;
				1136	krb5_ccache ccache = NULL;
				1137	const char *remotehost;
				1138	int ret;
				1139
				1140	memset(ap, 0, sizeof(*ap));
				1141
				1142	context = &xcontext;
				1143	auth_context = &xauth_context;
				1144
				1145	problem = krb5_init_context(context);
				1146	if (problem) {
				1147	debug("Kerberos v5: krb5_init_context failed");
				1148	ret = 0;
				1149	goto out;
				1150	}
				1151
				1152	tkfile = krb5_cc_default_name(*context);
				1153	if (strncmp(tkfile, "FILE:", 5) == 0)
				1154	tkfile += 5;
				1155
				1156	if (stat(tkfile, &buf) == 0 && getuid() != buf.st_uid) {
				1157	debug("Kerberos v5: could not get default ccache (permission denied).");
				1158	ret = 0;
				1159	goto out;
				1160	}
				1161
				1162	problem = krb5_cc_default(*context, &ccache);
				1163	if (problem) {
				1164	debug("Kerberos v5: krb5_cc_default failed: %s",
				1165	krb5_get_err_text(*context, problem));
				1166	ret = 0;
				1167	goto out;
				1168	}
				1169
				1170	remotehost = get_canonical_hostname(1);
				1171
				1172	problem = krb5_mk_req(*context, auth_context, AP_OPTS_MUTUAL_REQUIRED,
				1173	"host", remotehost, NULL, ccache, ap);
				1174	if (problem) {
				1175	debug("Kerberos v5: krb5_mk_req failed: %s",
				1176	krb5_get_err_text(*context, problem));
				1177	ret = 0;
				1178	goto out;
				1179	}
				1180	ret = 1;
				1181
				1182	out:
				1183	if (ccache != NULL)
				1184	krb5_cc_close(*context, ccache);
				1185	if (*auth_context)
				1186	krb5_auth_con_free(context, auth_context);
Damien Miller	3ab496b	2003-05-14 13:47:37 +1000	[diff] [blame]	1187	return (ret);
				1188	}
				1189
				1190	int
				1191	userauth_kerberos(Authctxt *authctxt)
				1192	{
				1193	krb5_data ap;
Damien Miller	4d99519	2003-05-14 19:23:56 +1000	[diff] [blame]	1194	krb5_context *context;
				1195	int ret = 0;
Damien Miller	3ab496b	2003-05-14 13:47:37 +1000	[diff] [blame]	1196
Damien Miller	4d99519	2003-05-14 19:23:56 +1000	[diff] [blame]	1197	if (ssh_krb5_helper(&ap, context) == 0)
				1198	goto out;
Damien Miller	3ab496b	2003-05-14 13:47:37 +1000	[diff] [blame]	1199
				1200	packet_start(SSH2_MSG_USERAUTH_REQUEST);
				1201	packet_put_cstring(authctxt->server_user);
				1202	packet_put_cstring(authctxt->service);
				1203	packet_put_cstring(authctxt->method->name);
				1204	packet_put_string(ap.data, ap.length);
				1205	packet_send();
				1206
Damien Miller	9c61769	2003-05-14 14:31:11 +1000	[diff] [blame]	1207	#ifdef HEIMDAL
Damien Miller	3ab496b	2003-05-14 13:47:37 +1000	[diff] [blame]	1208	krb5_data_free(&ap);
Damien Miller	9c61769	2003-05-14 14:31:11 +1000	[diff] [blame]	1209	#else
Damien Miller	4d99519	2003-05-14 19:23:56 +1000	[diff] [blame]	1210	krb5_free_data_contents(*context, &ap);
Damien Miller	9c61769	2003-05-14 14:31:11 +1000	[diff] [blame]	1211	#endif
Damien Miller	4d99519	2003-05-14 19:23:56 +1000	[diff] [blame]	1212	ret = 1;
Damien Miller	9c61769	2003-05-14 14:31:11 +1000	[diff] [blame]	1213
Damien Miller	4d99519	2003-05-14 19:23:56 +1000	[diff] [blame]	1214	out:
				1215	if (*context)
				1216	krb5_free_context(*context);
				1217	return ret;
Damien Miller	3ab496b	2003-05-14 13:47:37 +1000	[diff] [blame]	1218	}
				1219	#endif
				1220
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	1221	/* find auth method */
				1222
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	1223	/*
				1224	* given auth method name, if configurable options permit this method fill
				1225	* in auth_ident field and return true, otherwise return false.
				1226	*/
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	1227	static int
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	1228	authmethod_is_enabled(Authmethod *method)
				1229	{
				1230	if (method == NULL)
				1231	return 0;
				1232	/* return false if options indicate this method is disabled */
				1233	if (method->enabled == NULL \|\| *method->enabled == 0)
				1234	return 0;
				1235	/* return false if batch mode is enabled but method needs interactive mode */
				1236	if (method->batch_flag != NULL && *method->batch_flag != 0)
				1237	return 0;
				1238	return 1;
				1239	}
				1240
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	1241	static Authmethod *
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	1242	authmethod_lookup(const char *name)
				1243	{
				1244	Authmethod *method = NULL;
				1245	if (name != NULL)
				1246	for (method = authmethods; method->name != NULL; method++)
				1247	if (strcmp(name, method->name) == 0)
				1248	return method;
				1249	debug2("Unrecognized authentication method name: %s", name ? name : "NULL");
				1250	return NULL;
				1251	}
				1252
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame]	1253	/* XXX internal state */
				1254	static Authmethod *current = NULL;
				1255	static char *supported = NULL;
				1256	static char *preferred = NULL;
Ben Lindstrom	5c38552	2002-06-23 21:23:20 +0000	[diff] [blame]	1257
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	1258	/*
				1259	* Given the authentication method list sent by the server, return the
				1260	* next method we should try. If the server initially sends a nil list,
Ben Lindstrom	a370005	2001-04-05 23:26:32 +0000	[diff] [blame]	1261	* use a built-in default list.
Kevin Steves	ef4eea9	2001-02-05 12:42:17 +0000	[diff] [blame]	1262	*/
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	1263	static Authmethod *
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	1264	authmethod_get(char *authlist)
				1265	{
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame]	1266	char *name = NULL;
Ben Lindstrom	c58ab02	2002-02-26 18:15:09 +0000	[diff] [blame]	1267	u_int next;
Kevin Steves	ef4eea9	2001-02-05 12:42:17 +0000	[diff] [blame]	1268
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	1269	/* Use a suitable default if we're passed a nil list. */
				1270	if (authlist == NULL \|\| strlen(authlist) == 0)
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame]	1271	authlist = options.preferred_authentications;
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	1272
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame]	1273	if (supported == NULL \|\| strcmp(authlist, supported) != 0) {
				1274	debug3("start over, passed a different list %s", authlist);
				1275	if (supported != NULL)
				1276	xfree(supported);
				1277	supported = xstrdup(authlist);
				1278	preferred = options.preferred_authentications;
				1279	debug3("preferred %s", preferred);
				1280	current = NULL;
				1281	} else if (current != NULL && authmethod_is_enabled(current))
				1282	return current;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	1283
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame]	1284	for (;;) {
				1285	if ((name = match_list(preferred, supported, &next)) == NULL) {
Ben Lindstrom	1d568f9	2002-12-23 02:44:36 +0000	[diff] [blame]	1286	debug("No more authentication methods to try.");
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame]	1287	current = NULL;
				1288	return NULL;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	1289	}
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame]	1290	preferred += next;
				1291	debug3("authmethod_lookup %s", name);
				1292	debug3("remaining preferred: %s", preferred);
				1293	if ((current = authmethod_lookup(name)) != NULL &&
				1294	authmethod_is_enabled(current)) {
				1295	debug3("authmethod_is_enabled %s", name);
Ben Lindstrom	1d568f9	2002-12-23 02:44:36 +0000	[diff] [blame]	1296	debug("Next authentication method: %s", name);
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame]	1297	return current;
				1298	}
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	1299	}
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame]	1300	}
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	1301
Ben Lindstrom	7907382	2001-07-04 03:42:30 +0000	[diff] [blame]	1302	static char *
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame]	1303	authmethods_get(void)
				1304	{
				1305	Authmethod *method = NULL;
Damien Miller	0e3b872	2002-01-22 23:26:38 +1100	[diff] [blame]	1306	Buffer b;
				1307	char *list;
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame]	1308
Damien Miller	0e3b872	2002-01-22 23:26:38 +1100	[diff] [blame]	1309	buffer_init(&b);
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame]	1310	for (method = authmethods; method->name != NULL; method++) {
				1311	if (authmethod_is_enabled(method)) {
Damien Miller	0e3b872	2002-01-22 23:26:38 +1100	[diff] [blame]	1312	if (buffer_len(&b) > 0)
				1313	buffer_append(&b, ",", 1);
				1314	buffer_append(&b, method->name, strlen(method->name));
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame]	1315	}
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	1316	}
Damien Miller	0e3b872	2002-01-22 23:26:38 +1100	[diff] [blame]	1317	buffer_append(&b, "\0", 1);
				1318	list = xstrdup(buffer_ptr(&b));
				1319	buffer_free(&b);
				1320	return list;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	1321	}