Blame - sshconnect2.c - platform/external/openssh

blob: 19d079bd3983d9626b8b6c7b2117628af3dd34fe [file] [log] [blame]

Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	1	/*
				2	* Copyright (c) 2000 Markus Friedl. All rights reserved.
				3	*
				4	* Redistribution and use in source and binary forms, with or without
				5	* modification, are permitted provided that the following conditions
				6	* are met:
				7	* 1. Redistributions of source code must retain the above copyright
				8	* notice, this list of conditions and the following disclaimer.
				9	* 2. Redistributions in binary form must reproduce the above copyright
				10	* notice, this list of conditions and the following disclaimer in the
				11	* documentation and/or other materials provided with the distribution.
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	12	*
				13	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
				14	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
				15	* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
				16	* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
				17	* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
				18	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
				19	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
				20	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
				21	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
				22	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
				23	*/
				24
				25	#include "includes.h"
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame^]	26	RCSID("$OpenBSD: sshconnect2.c,v 1.53 2001/03/10 17:51:04 markus Exp $");
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	27
				28	#include <openssl/bn.h>
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	29	#include <openssl/md5.h>
				30	#include <openssl/dh.h>
				31	#include <openssl/hmac.h>
				32
				33	#include "ssh.h"
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	34	#include "ssh2.h"
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	35	#include "xmalloc.h"
				36	#include "rsa.h"
				37	#include "buffer.h"
				38	#include "packet.h"
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	39	#include "uidswap.h"
				40	#include "compat.h"
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	41	#include "bufaux.h"
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	42	#include "cipher.h"
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	43	#include "kex.h"
				44	#include "myproposal.h"
				45	#include "key.h"
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	46	#include "sshconnect.h"
				47	#include "authfile.h"
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	48	#include "cli.h"
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	49	#include "dispatch.h"
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	50	#include "authfd.h"
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	51	#include "log.h"
				52	#include "readconf.h"
				53	#include "readpass.h"
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame^]	54	#include "match.h"
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	55
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	56	void ssh_dh1_client(Kex , char , struct sockaddr , Buffer , Buffer *);
				57	void ssh_dhgex_client(Kex , char , struct sockaddr , Buffer , Buffer *);
				58
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	59	/* import */
				60	extern char *client_version_string;
				61	extern char *server_version_string;
				62	extern Options options;
				63
				64	/*
				65	* SSH2 key exchange
				66	*/
				67
Ben Lindstrom	46c1622	2000-12-22 01:43:59 +0000	[diff] [blame]	68	u_char *session_id2 = NULL;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	69	int session_id2_len = 0;
				70
				71	void
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	72	ssh_kex2(char host, struct sockaddr hostaddr)
				73	{
				74	int i, plen;
				75	Kex *kex;
				76	Buffer client_kexinit, server_kexinit;
				77	char *sprop[PROPOSAL_MAX];
				78
Damien Miller	e39cacc	2000-11-29 12:18:44 +1100	[diff] [blame]	79	if (options.ciphers == (char *)-1) {
				80	log("No valid ciphers for protocol version 2 given, using defaults.");
				81	options.ciphers = NULL;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	82	}
				83	if (options.ciphers != NULL) {
				84	myproposal[PROPOSAL_ENC_ALGS_CTOS] =
				85	myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers;
				86	}
				87	if (options.compression) {
Ben Lindstrom	06b33aa	2001-02-15 03:01:59 +0000	[diff] [blame]	88	myproposal[PROPOSAL_COMP_ALGS_CTOS] =
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	89	myproposal[PROPOSAL_COMP_ALGS_STOC] = "zlib";
				90	} else {
Ben Lindstrom	06b33aa	2001-02-15 03:01:59 +0000	[diff] [blame]	91	myproposal[PROPOSAL_COMP_ALGS_CTOS] =
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	92	myproposal[PROPOSAL_COMP_ALGS_STOC] = "none";
				93	}
Ben Lindstrom	06b33aa	2001-02-15 03:01:59 +0000	[diff] [blame]	94	if (options.macs != NULL) {
				95	myproposal[PROPOSAL_MAC_ALGS_CTOS] =
				96	myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
				97	}
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	98
				99	/* buffers with raw kexinit messages */
				100	server_kexinit = xmalloc(sizeof(*server_kexinit));
				101	buffer_init(server_kexinit);
				102	client_kexinit = kex_init(myproposal);
				103
				104	/* algorithm negotiation */
				105	kex_exchange_kexinit(client_kexinit, server_kexinit, sprop);
				106	kex = kex_choose_conf(myproposal, sprop, 0);
				107	for (i = 0; i < PROPOSAL_MAX; i++)
				108	xfree(sprop[i]);
				109
				110	/* server authentication and session key agreement */
				111	switch(kex->kex_type) {
				112	case DH_GRP1_SHA1:
				113	ssh_dh1_client(kex, host, hostaddr,
				114	client_kexinit, server_kexinit);
				115	break;
				116	case DH_GEX_SHA1:
				117	ssh_dhgex_client(kex, host, hostaddr, client_kexinit,
				118	server_kexinit);
				119	break;
				120	default:
				121	fatal("Unsupported key exchange %d", kex->kex_type);
				122	}
				123
				124	buffer_free(client_kexinit);
				125	buffer_free(server_kexinit);
				126	xfree(client_kexinit);
				127	xfree(server_kexinit);
				128
				129	debug("Wait SSH2_MSG_NEWKEYS.");
				130	packet_read_expect(&plen, SSH2_MSG_NEWKEYS);
				131	packet_done();
				132	debug("GOT SSH2_MSG_NEWKEYS.");
				133
				134	debug("send SSH2_MSG_NEWKEYS.");
				135	packet_start(SSH2_MSG_NEWKEYS);
				136	packet_send();
				137	packet_write_wait();
				138	debug("done: send SSH2_MSG_NEWKEYS.");
				139
				140	#ifdef DEBUG_KEXDH
				141	/* send 1st encrypted/maced/compressed message */
				142	packet_start(SSH2_MSG_IGNORE);
				143	packet_put_cstring("markus");
				144	packet_send();
				145	packet_write_wait();
				146	#endif
				147	debug("done: KEX2.");
				148	}
				149
				150	/* diffie-hellman-group1-sha1 */
				151
				152	void
Kevin Steves	ef4eea9	2001-02-05 12:42:17 +0000	[diff] [blame]	153	ssh_dh1_client(Kex kex, char host, struct sockaddr *hostaddr,
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	154	Buffer client_kexinit, Buffer server_kexinit)
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	155	{
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	156	#ifdef DEBUG_KEXDH
				157	int i;
				158	#endif
Damien Miller	b1715dc	2000-05-30 13:44:51 +1000	[diff] [blame]	159	int plen, dlen;
Ben Lindstrom	46c1622	2000-12-22 01:43:59 +0000	[diff] [blame]	160	u_int klen, kout;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	161	char *signature = NULL;
Ben Lindstrom	46c1622	2000-12-22 01:43:59 +0000	[diff] [blame]	162	u_int slen;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	163	char *server_host_key_blob = NULL;
				164	Key *server_host_key;
Ben Lindstrom	46c1622	2000-12-22 01:43:59 +0000	[diff] [blame]	165	u_int sbloblen;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	166	DH *dh;
				167	BIGNUM *dh_server_pub = 0;
				168	BIGNUM *shared_secret = 0;
Ben Lindstrom	46c1622	2000-12-22 01:43:59 +0000	[diff] [blame]	169	u_char *kbuf;
				170	u_char *hash;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	171
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	172	debug("Sending SSH2_MSG_KEXDH_INIT.");
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	173	/* generate and send 'e', client DH public key */
				174	dh = dh_new_group1();
Ben Lindstrom	4c4f05e	2001-03-06 01:09:20 +0000	[diff] [blame]	175	dh_gen_key(dh, kex->we_need * 8);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	176	packet_start(SSH2_MSG_KEXDH_INIT);
				177	packet_put_bignum2(dh->pub_key);
				178	packet_send();
				179	packet_write_wait();
				180
				181	#ifdef DEBUG_KEXDH
				182	fprintf(stderr, "\np= ");
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	183	BN_print_fp(stderr, dh->p);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	184	fprintf(stderr, "\ng= ");
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	185	BN_print_fp(stderr, dh->g);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	186	fprintf(stderr, "\npub= ");
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	187	BN_print_fp(stderr, dh->pub_key);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	188	fprintf(stderr, "\n");
				189	DHparams_print_fp(stderr, dh);
				190	#endif
				191
				192	debug("Wait SSH2_MSG_KEXDH_REPLY.");
				193
Damien Miller	b1715dc	2000-05-30 13:44:51 +1000	[diff] [blame]	194	packet_read_expect(&plen, SSH2_MSG_KEXDH_REPLY);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	195
				196	debug("Got SSH2_MSG_KEXDH_REPLY.");
				197
				198	/* key, cert */
				199	server_host_key_blob = packet_get_string(&sbloblen);
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	200	server_host_key = key_from_blob(server_host_key_blob, sbloblen);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	201	if (server_host_key == NULL)
				202	fatal("cannot decode server_host_key_blob");
				203
				204	check_host_key(host, hostaddr, server_host_key,
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	205	options.user_hostfile2, options.system_hostfile2);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	206
				207	/* DH paramter f, server public DH key */
				208	dh_server_pub = BN_new();
				209	if (dh_server_pub == NULL)
				210	fatal("dh_server_pub == NULL");
				211	packet_get_bignum2(dh_server_pub, &dlen);
				212
				213	#ifdef DEBUG_KEXDH
				214	fprintf(stderr, "\ndh_server_pub= ");
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	215	BN_print_fp(stderr, dh_server_pub);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	216	fprintf(stderr, "\n");
				217	debug("bits %d", BN_num_bits(dh_server_pub));
				218	#endif
				219
				220	/* signed H */
				221	signature = packet_get_string(&slen);
				222	packet_done();
				223
				224	if (!dh_pub_is_valid(dh, dh_server_pub))
				225	packet_disconnect("bad server public DH value");
				226
				227	klen = DH_size(dh);
				228	kbuf = xmalloc(klen);
				229	kout = DH_compute_key(kbuf, dh_server_pub, dh);
				230	#ifdef DEBUG_KEXDH
				231	debug("shared secret: len %d/%d", klen, kout);
				232	fprintf(stderr, "shared secret == ");
				233	for (i = 0; i< kout; i++)
				234	fprintf(stderr, "%02x", (kbuf[i])&0xff);
				235	fprintf(stderr, "\n");
				236	#endif
				237	shared_secret = BN_new();
				238
				239	BN_bin2bn(kbuf, kout, shared_secret);
				240	memset(kbuf, 0, klen);
				241	xfree(kbuf);
				242
				243	/* calc and verify H */
				244	hash = kex_hash(
				245	client_version_string,
				246	server_version_string,
				247	buffer_ptr(client_kexinit), buffer_len(client_kexinit),
				248	buffer_ptr(server_kexinit), buffer_len(server_kexinit),
				249	server_host_key_blob, sbloblen,
				250	dh->pub_key,
				251	dh_server_pub,
				252	shared_secret
				253	);
				254	xfree(server_host_key_blob);
Damien Miller	b1715dc	2000-05-30 13:44:51 +1000	[diff] [blame]	255	DH_free(dh);
Ben Lindstrom	b1985f7	2001-01-23 00:19:15 +0000	[diff] [blame]	256	BN_free(dh_server_pub);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	257	#ifdef DEBUG_KEXDH
				258	fprintf(stderr, "hash == ");
				259	for (i = 0; i< 20; i++)
				260	fprintf(stderr, "%02x", (hash[i])&0xff);
				261	fprintf(stderr, "\n");
				262	#endif
Ben Lindstrom	46c1622	2000-12-22 01:43:59 +0000	[diff] [blame]	263	if (key_verify(server_host_key, (u_char *)signature, slen, hash, 20) != 1)
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	264	fatal("key_verify failed for server_host_key");
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	265	key_free(server_host_key);
Ben Lindstrom	b1985f7	2001-01-23 00:19:15 +0000	[diff] [blame]	266	xfree(signature);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	267
				268	kex_derive_keys(kex, hash, shared_secret);
Ben Lindstrom	b1985f7	2001-01-23 00:19:15 +0000	[diff] [blame]	269	BN_clear_free(shared_secret);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	270	packet_set_kex(kex);
				271
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	272	/* save session id */
				273	session_id2_len = 20;
				274	session_id2 = xmalloc(session_id2_len);
				275	memcpy(session_id2, hash, session_id2_len);
Damien Miller	b1715dc	2000-05-30 13:44:51 +1000	[diff] [blame]	276	}
				277
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	278	/* diffie-hellman-group-exchange-sha1 */
				279
				280	/*
				281	* Estimates the group order for a Diffie-Hellman group that has an
				282	* attack complexity approximately the same as O(2**bits). Estimate
				283	* with: O(exp(1.9223 * (ln q)^(1/3) (ln ln q)^(2/3)))
				284	*/
				285
				286	int
				287	dh_estimate(int bits)
Damien Miller	b1715dc	2000-05-30 13:44:51 +1000	[diff] [blame]	288	{
Kevin Steves	ef4eea9	2001-02-05 12:42:17 +0000	[diff] [blame]	289
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	290	if (bits < 64)
				291	return (512); /* O(2*63) /
				292	if (bits < 128)
				293	return (1024); /* O(2*86) /
				294	if (bits < 192)
				295	return (2048); /* O(2*116) /
				296	return (4096); /* O(2*156) /
				297	}
Damien Miller	b1715dc	2000-05-30 13:44:51 +1000	[diff] [blame]	298
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	299	void
				300	ssh_dhgex_client(Kex kex, char host, struct sockaddr *hostaddr,
				301	Buffer client_kexinit, Buffer server_kexinit)
				302	{
				303	#ifdef DEBUG_KEXDH
				304	int i;
				305	#endif
				306	int plen, dlen;
Ben Lindstrom	46c1622	2000-12-22 01:43:59 +0000	[diff] [blame]	307	u_int klen, kout;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	308	char *signature = NULL;
Ben Lindstrom	46c1622	2000-12-22 01:43:59 +0000	[diff] [blame]	309	u_int slen, nbits;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	310	char *server_host_key_blob = NULL;
				311	Key *server_host_key;
Ben Lindstrom	46c1622	2000-12-22 01:43:59 +0000	[diff] [blame]	312	u_int sbloblen;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	313	DH *dh;
				314	BIGNUM *dh_server_pub = 0;
				315	BIGNUM *shared_secret = 0;
				316	BIGNUM p = 0, g = 0;
Ben Lindstrom	46c1622	2000-12-22 01:43:59 +0000	[diff] [blame]	317	u_char *kbuf;
				318	u_char *hash;
Damien Miller	b1715dc	2000-05-30 13:44:51 +1000	[diff] [blame]	319
Ben Lindstrom	4c4f05e	2001-03-06 01:09:20 +0000	[diff] [blame]	320	nbits = dh_estimate(kex->we_need * 8);
Damien Miller	b1715dc	2000-05-30 13:44:51 +1000	[diff] [blame]	321
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	322	debug("Sending SSH2_MSG_KEX_DH_GEX_REQUEST.");
				323	packet_start(SSH2_MSG_KEX_DH_GEX_REQUEST);
				324	packet_put_int(nbits);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	325	packet_send();
				326	packet_write_wait();
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	327
				328	#ifdef DEBUG_KEXDH
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	329	fprintf(stderr, "\nnbits = %d", nbits);
				330	#endif
				331
				332	debug("Wait SSH2_MSG_KEX_DH_GEX_GROUP.");
				333
				334	packet_read_expect(&plen, SSH2_MSG_KEX_DH_GEX_GROUP);
				335
				336	debug("Got SSH2_MSG_KEX_DH_GEX_GROUP.");
				337
				338	if ((p = BN_new()) == NULL)
				339	fatal("BN_new");
				340	packet_get_bignum2(p, &dlen);
				341	if ((g = BN_new()) == NULL)
				342	fatal("BN_new");
				343	packet_get_bignum2(g, &dlen);
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	344	dh = dh_new_group(g, p);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	345
Ben Lindstrom	4c4f05e	2001-03-06 01:09:20 +0000	[diff] [blame]	346	dh_gen_key(dh, kex->we_need * 8);
Kevin Steves	6b87586	2000-12-15 23:31:01 +0000	[diff] [blame]	347
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	348	#ifdef DEBUG_KEXDH
				349	fprintf(stderr, "\np= ");
				350	BN_print_fp(stderr, dh->p);
				351	fprintf(stderr, "\ng= ");
				352	BN_print_fp(stderr, dh->g);
				353	fprintf(stderr, "\npub= ");
				354	BN_print_fp(stderr, dh->pub_key);
				355	fprintf(stderr, "\n");
				356	DHparams_print_fp(stderr, dh);
				357	#endif
				358
				359	debug("Sending SSH2_MSG_KEX_DH_GEX_INIT.");
				360	/* generate and send 'e', client DH public key */
				361	packet_start(SSH2_MSG_KEX_DH_GEX_INIT);
				362	packet_put_bignum2(dh->pub_key);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	363	packet_send();
				364	packet_write_wait();
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	365
				366	debug("Wait SSH2_MSG_KEX_DH_GEX_REPLY.");
				367
				368	packet_read_expect(&plen, SSH2_MSG_KEX_DH_GEX_REPLY);
				369
				370	debug("Got SSH2_MSG_KEXDH_REPLY.");
				371
				372	/* key, cert */
				373	server_host_key_blob = packet_get_string(&sbloblen);
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	374	server_host_key = key_from_blob(server_host_key_blob, sbloblen);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	375	if (server_host_key == NULL)
				376	fatal("cannot decode server_host_key_blob");
				377
				378	check_host_key(host, hostaddr, server_host_key,
				379	options.user_hostfile2, options.system_hostfile2);
				380
				381	/* DH paramter f, server public DH key */
				382	dh_server_pub = BN_new();
				383	if (dh_server_pub == NULL)
				384	fatal("dh_server_pub == NULL");
				385	packet_get_bignum2(dh_server_pub, &dlen);
				386
				387	#ifdef DEBUG_KEXDH
				388	fprintf(stderr, "\ndh_server_pub= ");
				389	BN_print_fp(stderr, dh_server_pub);
				390	fprintf(stderr, "\n");
				391	debug("bits %d", BN_num_bits(dh_server_pub));
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	392	#endif
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	393
				394	/* signed H */
				395	signature = packet_get_string(&slen);
				396	packet_done();
				397
				398	if (!dh_pub_is_valid(dh, dh_server_pub))
				399	packet_disconnect("bad server public DH value");
				400
				401	klen = DH_size(dh);
				402	kbuf = xmalloc(klen);
				403	kout = DH_compute_key(kbuf, dh_server_pub, dh);
				404	#ifdef DEBUG_KEXDH
				405	debug("shared secret: len %d/%d", klen, kout);
				406	fprintf(stderr, "shared secret == ");
				407	for (i = 0; i< kout; i++)
				408	fprintf(stderr, "%02x", (kbuf[i])&0xff);
				409	fprintf(stderr, "\n");
				410	#endif
				411	shared_secret = BN_new();
				412
				413	BN_bin2bn(kbuf, kout, shared_secret);
				414	memset(kbuf, 0, klen);
				415	xfree(kbuf);
				416
				417	/* calc and verify H */
				418	hash = kex_hash_gex(
				419	client_version_string,
				420	server_version_string,
				421	buffer_ptr(client_kexinit), buffer_len(client_kexinit),
				422	buffer_ptr(server_kexinit), buffer_len(server_kexinit),
				423	server_host_key_blob, sbloblen,
Kevin Steves	ef4eea9	2001-02-05 12:42:17 +0000	[diff] [blame]	424	nbits, dh->p, dh->g,
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	425	dh->pub_key,
				426	dh_server_pub,
				427	shared_secret
				428	);
				429	xfree(server_host_key_blob);
				430	DH_free(dh);
Ben Lindstrom	b1985f7	2001-01-23 00:19:15 +0000	[diff] [blame]	431	BN_free(dh_server_pub);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	432	#ifdef DEBUG_KEXDH
				433	fprintf(stderr, "hash == ");
				434	for (i = 0; i< 20; i++)
				435	fprintf(stderr, "%02x", (hash[i])&0xff);
				436	fprintf(stderr, "\n");
				437	#endif
Ben Lindstrom	46c1622	2000-12-22 01:43:59 +0000	[diff] [blame]	438	if (key_verify(server_host_key, (u_char *)signature, slen, hash, 20) != 1)
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	439	fatal("key_verify failed for server_host_key");
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	440	key_free(server_host_key);
Ben Lindstrom	b1985f7	2001-01-23 00:19:15 +0000	[diff] [blame]	441	xfree(signature);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	442
				443	kex_derive_keys(kex, hash, shared_secret);
Ben Lindstrom	b1985f7	2001-01-23 00:19:15 +0000	[diff] [blame]	444	BN_clear_free(shared_secret);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	445	packet_set_kex(kex);
				446
				447	/* save session id */
				448	session_id2_len = 20;
				449	session_id2 = xmalloc(session_id2_len);
				450	memcpy(session_id2, hash, session_id2_len);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	451	}
Damien Miller	b1715dc	2000-05-30 13:44:51 +1000	[diff] [blame]	452
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	453	/*
				454	* Authenticate user
				455	*/
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	456
				457	typedef struct Authctxt Authctxt;
				458	typedef struct Authmethod Authmethod;
				459
				460	typedef int sign_cb_fn(
				461	Authctxt authctxt, Key key,
Ben Lindstrom	46c1622	2000-12-22 01:43:59 +0000	[diff] [blame]	462	u_char *sigp, int lenp, u_char *data, int datalen);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	463
				464	struct Authctxt {
				465	const char *server_user;
				466	const char *host;
				467	const char *service;
				468	AuthenticationConnection *agent;
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	469	Authmethod *method;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	470	int success;
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	471	char *authlist;
				472	Key *last_key;
				473	sign_cb_fn *last_key_sign;
				474	int last_key_hint;
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	475	};
				476	struct Authmethod {
				477	char name; / string to compare against server's list */
				478	int (userauth)(Authctxt authctxt);
				479	int enabled; / flag in option struct that enables method */
				480	int batch_flag; / flag in option struct that disables method */
				481	};
				482
				483	void input_userauth_success(int type, int plen, void *ctxt);
				484	void input_userauth_failure(int type, int plen, void *ctxt);
Ben Lindstrom	d26dcf3	2001-01-06 15:18:16 +0000	[diff] [blame]	485	void input_userauth_banner(int type, int plen, void *ctxt);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	486	void input_userauth_error(int type, int plen, void *ctxt);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	487	void input_userauth_info_req(int type, int plen, void *ctxt);
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	488	void input_userauth_pk_ok(int type, int plen, void *ctxt);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	489
				490	int userauth_none(Authctxt *authctxt);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	491	int userauth_pubkey(Authctxt *authctxt);
				492	int userauth_passwd(Authctxt *authctxt);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	493	int userauth_kbdint(Authctxt *authctxt);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	494
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	495	void userauth(Authctxt authctxt, char authlist);
				496
				497	int
				498	sign_and_send_pubkey(Authctxt authctxt, Key k,
				499	sign_cb_fn *sign_callback);
				500	void clear_auth_state(Authctxt *authctxt);
				501
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	502	Authmethod authmethod_get(char authlist);
				503	Authmethod authmethod_lookup(const char name);
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame^]	504	char *authmethods_get(void);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	505
				506	Authmethod authmethods[] = {
				507	{"publickey",
				508	userauth_pubkey,
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	509	&options.pubkey_authentication,
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	510	NULL},
				511	{"password",
				512	userauth_passwd,
				513	&options.password_authentication,
				514	&options.batch_mode},
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	515	{"keyboard-interactive",
				516	userauth_kbdint,
				517	&options.kbd_interactive_authentication,
				518	&options.batch_mode},
				519	{"none",
				520	userauth_none,
				521	NULL,
				522	NULL},
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	523	{NULL, NULL, NULL, NULL}
				524	};
				525
				526	void
				527	ssh_userauth2(const char server_user, char host)
				528	{
				529	Authctxt authctxt;
				530	int type;
				531	int plen;
				532
Ben Lindstrom	95fb2dd	2001-01-23 03:12:10 +0000	[diff] [blame]	533	if (options.challenge_reponse_authentication)
				534	options.kbd_interactive_authentication = 1;
				535
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	536	debug("send SSH2_MSG_SERVICE_REQUEST");
				537	packet_start(SSH2_MSG_SERVICE_REQUEST);
				538	packet_put_cstring("ssh-userauth");
				539	packet_send();
				540	packet_write_wait();
				541	type = packet_read(&plen);
				542	if (type != SSH2_MSG_SERVICE_ACCEPT) {
				543	fatal("denied SSH2_MSG_SERVICE_ACCEPT: %d", type);
				544	}
				545	if (packet_remaining() > 0) {
				546	char *reply = packet_get_string(&plen);
				547	debug("service_accept: %s", reply);
				548	xfree(reply);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	549	} else {
				550	debug("buggy server: service_accept w/o service");
				551	}
				552	packet_done();
				553	debug("got SSH2_MSG_SERVICE_ACCEPT");
				554
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame^]	555	if (options.preferred_authentications == NULL)
				556	options.preferred_authentications = authmethods_get();
				557
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	558	/* setup authentication context */
				559	authctxt.agent = ssh_get_authentication_connection();
				560	authctxt.server_user = server_user;
				561	authctxt.host = host;
				562	authctxt.service = "ssh-connection"; /* service name */
				563	authctxt.success = 0;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	564	authctxt.method = authmethod_lookup("none");
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	565	authctxt.authlist = NULL;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	566	if (authctxt.method == NULL)
				567	fatal("ssh_userauth2: internal error: cannot send userauth none request");
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	568
				569	/* initial userauth request */
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	570	userauth_none(&authctxt);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	571
				572	dispatch_init(&input_userauth_error);
				573	dispatch_set(SSH2_MSG_USERAUTH_SUCCESS, &input_userauth_success);
				574	dispatch_set(SSH2_MSG_USERAUTH_FAILURE, &input_userauth_failure);
Ben Lindstrom	d26dcf3	2001-01-06 15:18:16 +0000	[diff] [blame]	575	dispatch_set(SSH2_MSG_USERAUTH_BANNER, &input_userauth_banner);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	576	dispatch_run(DISPATCH_BLOCK, &authctxt.success, &authctxt); /* loop until success */
				577
				578	if (authctxt.agent != NULL)
				579	ssh_close_authentication_connection(authctxt.agent);
				580
Ben Lindstrom	4dccfa5	2000-12-28 16:40:05 +0000	[diff] [blame]	581	debug("ssh-userauth2 successful: method %s", authctxt.method->name);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	582	}
				583	void
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	584	userauth(Authctxt authctxt, char authlist)
				585	{
				586	if (authlist == NULL) {
				587	authlist = authctxt->authlist;
				588	} else {
				589	if (authctxt->authlist)
				590	xfree(authctxt->authlist);
				591	authctxt->authlist = authlist;
				592	}
				593	for (;;) {
				594	Authmethod *method = authmethod_get(authlist);
				595	if (method == NULL)
				596	fatal("Permission denied (%s).", authlist);
				597	authctxt->method = method;
				598	if (method->userauth(authctxt) != 0) {
				599	debug2("we sent a %s packet, wait for reply", method->name);
				600	break;
				601	} else {
				602	debug2("we did not send a packet, disable method");
				603	method->enabled = NULL;
				604	}
				605	}
				606	}
				607	void
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	608	input_userauth_error(int type, int plen, void *ctxt)
				609	{
Ben Lindstrom	d26dcf3	2001-01-06 15:18:16 +0000	[diff] [blame]	610	fatal("input_userauth_error: bad message during authentication: "
				611	"type %d", type);
				612	}
				613	void
				614	input_userauth_banner(int type, int plen, void *ctxt)
				615	{
				616	char msg, lang;
				617	debug3("input_userauth_banner");
				618	msg = packet_get_string(NULL);
				619	lang = packet_get_string(NULL);
				620	fprintf(stderr, "%s", msg);
				621	xfree(msg);
				622	xfree(lang);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	623	}
				624	void
				625	input_userauth_success(int type, int plen, void *ctxt)
				626	{
				627	Authctxt *authctxt = ctxt;
				628	if (authctxt == NULL)
				629	fatal("input_userauth_success: no authentication context");
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	630	if (authctxt->authlist)
				631	xfree(authctxt->authlist);
				632	clear_auth_state(authctxt);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	633	authctxt->success = 1; /* break out */
				634	}
				635	void
				636	input_userauth_failure(int type, int plen, void *ctxt)
				637	{
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	638	Authctxt *authctxt = ctxt;
				639	char *authlist = NULL;
				640	int partial;
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	641
				642	if (authctxt == NULL)
				643	fatal("input_userauth_failure: no authentication context");
				644
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	645	authlist = packet_get_string(NULL);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	646	partial = packet_get_char();
				647	packet_done();
				648
				649	if (partial != 0)
Ben Lindstrom	03df5bd	2001-02-10 22:16:41 +0000	[diff] [blame]	650	log("Authenticated with partial success.");
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	651	debug("authentications that can continue: %s", authlist);
				652
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	653	clear_auth_state(authctxt);
				654	userauth(authctxt, authlist);
				655	}
				656	void
				657	input_userauth_pk_ok(int type, int plen, void *ctxt)
				658	{
				659	Authctxt *authctxt = ctxt;
				660	Key *key = NULL;
				661	Buffer b;
				662	int alen, blen, pktype, sent = 0;
				663	char pkalg, pkblob;
				664
				665	if (authctxt == NULL)
				666	fatal("input_userauth_pk_ok: no authentication context");
				667	if (datafellows & SSH_BUG_PKOK) {
				668	/* this is similar to SSH_BUG_PKAUTH */
				669	debug2("input_userauth_pk_ok: SSH_BUG_PKOK");
				670	pkblob = packet_get_string(&blen);
				671	buffer_init(&b);
				672	buffer_append(&b, pkblob, blen);
				673	pkalg = buffer_get_string(&b, &alen);
				674	buffer_free(&b);
				675	} else {
				676	pkalg = packet_get_string(&alen);
				677	pkblob = packet_get_string(&blen);
Kevin Steves	ef4eea9	2001-02-05 12:42:17 +0000	[diff] [blame]	678	}
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	679	packet_done();
				680
				681	debug("input_userauth_pk_ok: pkalg %s blen %d lastkey %p hint %d",
				682	pkalg, blen, authctxt->last_key, authctxt->last_key_hint);
				683
				684	do {
				685	if (authctxt->last_key == NULL \|\|
				686	authctxt->last_key_sign == NULL) {
				687	debug("no last key or no sign cb");
				688	break;
				689	}
				690	debug2("last_key %s", key_fingerprint(authctxt->last_key));
				691	if ((pktype = key_type_from_name(pkalg)) == KEY_UNSPEC) {
				692	debug("unknown pkalg %s", pkalg);
				693	break;
				694	}
				695	if ((key = key_from_blob(pkblob, blen)) == NULL) {
				696	debug("no key from blob. pkalg %s", pkalg);
				697	break;
				698	}
				699	debug2("input_userauth_pk_ok: fp %s", key_fingerprint(key));
				700	if (!key_equal(key, authctxt->last_key)) {
				701	debug("key != last_key");
				702	break;
				703	}
				704	sent = sign_and_send_pubkey(authctxt, key,
				705	authctxt->last_key_sign);
				706	} while(0);
				707
				708	if (key != NULL)
				709	key_free(key);
				710	xfree(pkalg);
				711	xfree(pkblob);
				712
				713	/* unregister */
				714	clear_auth_state(authctxt);
				715	dispatch_set(SSH2_MSG_USERAUTH_PK_OK, NULL);
				716
				717	/* try another method if we did not send a packet*/
				718	if (sent == 0)
				719	userauth(authctxt, NULL);
				720
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	721	}
				722
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	723	int
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	724	userauth_none(Authctxt *authctxt)
				725	{
				726	/* initial userauth request */
				727	packet_start(SSH2_MSG_USERAUTH_REQUEST);
				728	packet_put_cstring(authctxt->server_user);
				729	packet_put_cstring(authctxt->service);
				730	packet_put_cstring(authctxt->method->name);
				731	packet_send();
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	732	return 1;
				733	}
				734
				735	int
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	736	userauth_passwd(Authctxt *authctxt)
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	737	{
Damien Miller	e247cc4	2000-05-07 12:03:14 +1000	[diff] [blame]	738	static int attempt = 0;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	739	char prompt[80];
				740	char *password;
				741
Damien Miller	d3a1857	2000-06-07 19:55:44 +1000	[diff] [blame]	742	if (attempt++ >= options.number_of_password_prompts)
Damien Miller	e247cc4	2000-05-07 12:03:14 +1000	[diff] [blame]	743	return 0;
				744
Damien Miller	d3a1857	2000-06-07 19:55:44 +1000	[diff] [blame]	745	if(attempt != 1)
				746	error("Permission denied, please try again.");
				747
Ben Lindstrom	03df5bd	2001-02-10 22:16:41 +0000	[diff] [blame]	748	snprintf(prompt, sizeof(prompt), "%.30s@%.128s's password: ",
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	749	authctxt->server_user, authctxt->host);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	750	password = read_passphrase(prompt, 0);
				751	packet_start(SSH2_MSG_USERAUTH_REQUEST);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	752	packet_put_cstring(authctxt->server_user);
				753	packet_put_cstring(authctxt->service);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	754	packet_put_cstring(authctxt->method->name);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	755	packet_put_char(0);
Ben Lindstrom	5699c5f	2001-03-05 06:17:49 +0000	[diff] [blame]	756	packet_put_cstring(password);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	757	memset(password, 0, strlen(password));
				758	xfree(password);
Ben Lindstrom	5699c5f	2001-03-05 06:17:49 +0000	[diff] [blame]	759	packet_inject_ignore(64);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	760	packet_send();
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	761	return 1;
				762	}
				763
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	764	void
				765	clear_auth_state(Authctxt *authctxt)
				766	{
				767	/* XXX clear authentication state */
				768	if (authctxt->last_key != NULL && authctxt->last_key_hint == -1) {
				769	debug3("clear_auth_state: key_free %p", authctxt->last_key);
				770	key_free(authctxt->last_key);
				771	}
				772	authctxt->last_key = NULL;
				773	authctxt->last_key_hint = -2;
				774	authctxt->last_key_sign = NULL;
				775	}
				776
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	777	int
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	778	sign_and_send_pubkey(Authctxt authctxt, Key k, sign_cb_fn *sign_callback)
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	779	{
				780	Buffer b;
Ben Lindstrom	46c1622	2000-12-22 01:43:59 +0000	[diff] [blame]	781	u_char blob, signature;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	782	int bloblen, slen;
Damien Miller	6536c7d	2000-06-22 21:32:31 +1000	[diff] [blame]	783	int skip = 0;
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	784	int ret = -1;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	785	int have_sig = 1;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	786
Ben Lindstrom	d121f61	2000-12-03 17:00:47 +0000	[diff] [blame]	787	debug3("sign_and_send_pubkey");
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	788
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	789	if (key_to_blob(k, &blob, &bloblen) == 0) {
				790	/* we cannot handle this key */
Ben Lindstrom	d121f61	2000-12-03 17:00:47 +0000	[diff] [blame]	791	debug3("sign_and_send_pubkey: cannot handle key");
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	792	return 0;
				793	}
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	794	/* data to be signed */
				795	buffer_init(&b);
Damien Miller	50a41ed	2000-10-16 12:14:42 +1100	[diff] [blame]	796	if (datafellows & SSH_OLD_SESSIONID) {
Damien Miller	6536c7d	2000-06-22 21:32:31 +1000	[diff] [blame]	797	buffer_append(&b, session_id2, session_id2_len);
Kevin Steves	ef4eea9	2001-02-05 12:42:17 +0000	[diff] [blame]	798	skip = session_id2_len;
Damien Miller	50a41ed	2000-10-16 12:14:42 +1100	[diff] [blame]	799	} else {
				800	buffer_put_string(&b, session_id2, session_id2_len);
				801	skip = buffer_len(&b);
Damien Miller	6536c7d	2000-06-22 21:32:31 +1000	[diff] [blame]	802	}
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	803	buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	804	buffer_put_cstring(&b, authctxt->server_user);
Damien Miller	30c3d42	2000-05-09 11:02:59 +1000	[diff] [blame]	805	buffer_put_cstring(&b,
Ben Lindstrom	d121f61	2000-12-03 17:00:47 +0000	[diff] [blame]	806	datafellows & SSH_BUG_PKSERVICE ?
Damien Miller	30c3d42	2000-05-09 11:02:59 +1000	[diff] [blame]	807	"ssh-userauth" :
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	808	authctxt->service);
Ben Lindstrom	d121f61	2000-12-03 17:00:47 +0000	[diff] [blame]	809	if (datafellows & SSH_BUG_PKAUTH) {
				810	buffer_put_char(&b, have_sig);
				811	} else {
				812	buffer_put_cstring(&b, authctxt->method->name);
				813	buffer_put_char(&b, have_sig);
Kevin Steves	ef4eea9	2001-02-05 12:42:17 +0000	[diff] [blame]	814	buffer_put_cstring(&b, key_ssh_name(k));
Ben Lindstrom	d121f61	2000-12-03 17:00:47 +0000	[diff] [blame]	815	}
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	816	buffer_put_string(&b, blob, bloblen);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	817
				818	/* generate signature */
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	819	ret = (*sign_callback)(authctxt, k, &signature, &slen,
				820	buffer_ptr(&b), buffer_len(&b));
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	821	if (ret == -1) {
				822	xfree(blob);
				823	buffer_free(&b);
				824	return 0;
				825	}
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	826	#ifdef DEBUG_PK
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	827	buffer_dump(&b);
				828	#endif
Ben Lindstrom	d121f61	2000-12-03 17:00:47 +0000	[diff] [blame]	829	if (datafellows & SSH_BUG_PKSERVICE) {
Damien Miller	30c3d42	2000-05-09 11:02:59 +1000	[diff] [blame]	830	buffer_clear(&b);
				831	buffer_append(&b, session_id2, session_id2_len);
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	832	skip = session_id2_len;
Damien Miller	30c3d42	2000-05-09 11:02:59 +1000	[diff] [blame]	833	buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	834	buffer_put_cstring(&b, authctxt->server_user);
				835	buffer_put_cstring(&b, authctxt->service);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	836	buffer_put_cstring(&b, authctxt->method->name);
				837	buffer_put_char(&b, have_sig);
Ben Lindstrom	d121f61	2000-12-03 17:00:47 +0000	[diff] [blame]	838	if (!(datafellows & SSH_BUG_PKAUTH))
Kevin Steves	ef4eea9	2001-02-05 12:42:17 +0000	[diff] [blame]	839	buffer_put_cstring(&b, key_ssh_name(k));
Damien Miller	30c3d42	2000-05-09 11:02:59 +1000	[diff] [blame]	840	buffer_put_string(&b, blob, bloblen);
				841	}
				842	xfree(blob);
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	843
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	844	/* append signature */
				845	buffer_put_string(&b, signature, slen);
				846	xfree(signature);
				847
				848	/* skip session id and packet type */
Damien Miller	6536c7d	2000-06-22 21:32:31 +1000	[diff] [blame]	849	if (buffer_len(&b) < skip + 1)
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	850	fatal("userauth_pubkey: internal error");
Damien Miller	6536c7d	2000-06-22 21:32:31 +1000	[diff] [blame]	851	buffer_consume(&b, skip + 1);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	852
				853	/* put remaining data from buffer into packet */
				854	packet_start(SSH2_MSG_USERAUTH_REQUEST);
				855	packet_put_raw(buffer_ptr(&b), buffer_len(&b));
				856	buffer_free(&b);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	857	packet_send();
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	858
				859	return 1;
Damien Miller	994cf14	2000-07-21 10:19:44 +1000	[diff] [blame]	860	}
				861
				862	int
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	863	send_pubkey_test(Authctxt authctxt, Key k, sign_cb_fn *sign_callback,
				864	int hint)
Damien Miller	994cf14	2000-07-21 10:19:44 +1000	[diff] [blame]	865	{
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	866	u_char *blob;
				867	int bloblen, have_sig = 0;
Damien Miller	994cf14	2000-07-21 10:19:44 +1000	[diff] [blame]	868
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	869	debug3("send_pubkey_test");
				870
				871	if (key_to_blob(k, &blob, &bloblen) == 0) {
				872	/* we cannot handle this key */
				873	debug3("send_pubkey_test: cannot handle key");
Damien Miller	994cf14	2000-07-21 10:19:44 +1000	[diff] [blame]	874	return 0;
				875	}
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	876	/* register callback for USERAUTH_PK_OK message */
				877	authctxt->last_key_sign = sign_callback;
				878	authctxt->last_key_hint = hint;
				879	authctxt->last_key = k;
				880	dispatch_set(SSH2_MSG_USERAUTH_PK_OK, &input_userauth_pk_ok);
Damien Miller	994cf14	2000-07-21 10:19:44 +1000	[diff] [blame]	881
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	882	packet_start(SSH2_MSG_USERAUTH_REQUEST);
				883	packet_put_cstring(authctxt->server_user);
				884	packet_put_cstring(authctxt->service);
				885	packet_put_cstring(authctxt->method->name);
				886	packet_put_char(have_sig);
				887	if (!(datafellows & SSH_BUG_PKAUTH))
				888	packet_put_cstring(key_ssh_name(k));
				889	packet_put_string(blob, bloblen);
				890	xfree(blob);
				891	packet_send();
				892	return 1;
				893	}
				894
				895	Key *
				896	load_identity_file(char *filename)
				897	{
				898	Key *private;
				899	char prompt[300], *passphrase;
				900	int success = 0, quit, i;
Ben Lindstrom	329782e	2001-03-10 17:08:59 +0000	[diff] [blame]	901	struct stat st;
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	902
Ben Lindstrom	329782e	2001-03-10 17:08:59 +0000	[diff] [blame]	903	if (stat(filename, &st) < 0) {
				904	debug3("no such identity: %s", filename);
				905	return NULL;
				906	}
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	907	private = key_new(KEY_UNSPEC);
				908	if (!load_private_key(filename, "", private, NULL)) {
Ben Lindstrom	03df5bd	2001-02-10 22:16:41 +0000	[diff] [blame]	909	if (options.batch_mode) {
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	910	key_free(private);
				911	return NULL;
Ben Lindstrom	03df5bd	2001-02-10 22:16:41 +0000	[diff] [blame]	912	}
Damien Miller	994cf14	2000-07-21 10:19:44 +1000	[diff] [blame]	913	snprintf(prompt, sizeof prompt,
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	914	"Enter passphrase for key '%.100s': ", filename);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	915	for (i = 0; i < options.number_of_password_prompts; i++) {
				916	passphrase = read_passphrase(prompt, 0);
				917	if (strcmp(passphrase, "") != 0) {
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	918	success = load_private_key(filename,
				919	passphrase, private, NULL);
				920	quit = 0;
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	921	} else {
				922	debug2("no passphrase given, try next key");
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	923	quit = 1;
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	924	}
				925	memset(passphrase, 0, strlen(passphrase));
				926	xfree(passphrase);
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	927	if (success \|\| quit)
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	928	break;
				929	debug2("bad passphrase given, try again...");
				930	}
Damien Miller	994cf14	2000-07-21 10:19:44 +1000	[diff] [blame]	931	if (!success) {
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	932	key_free(private);
				933	return NULL;
Damien Miller	994cf14	2000-07-21 10:19:44 +1000	[diff] [blame]	934	}
				935	}
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	936	return private;
				937	}
				938
				939	int
				940	identity_sign_cb(Authctxt authctxt, Key key, u_char *sigp, int lenp,
				941	u_char *data, int datalen)
				942	{
				943	Key *private;
				944	int idx, ret;
				945
				946	idx = authctxt->last_key_hint;
				947	if (idx < 0)
				948	return -1;
				949	private = load_identity_file(options.identity_files[idx]);
				950	if (private == NULL)
				951	return -1;
				952	ret = key_sign(private, sigp, lenp, data, datalen);
				953	key_free(private);
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	954	return ret;
				955	}
				956
Ben Lindstrom	46c1622	2000-12-22 01:43:59 +0000	[diff] [blame]	957	int agent_sign_cb(Authctxt authctxt, Key key, u_char *sigp, int lenp,
				958	u_char *data, int datalen)
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	959	{
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	960	return ssh_agent_sign(authctxt->agent, key, sigp, lenp, data, datalen);
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	961	}
				962
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	963	int key_sign_cb(Authctxt authctxt, Key key, u_char *sigp, int lenp,
				964	u_char *data, int datalen)
				965	{
				966	return key_sign(key, sigp, lenp, data, datalen);
				967	}
				968
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	969	int
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	970	userauth_pubkey_agent(Authctxt *authctxt)
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	971	{
				972	static int called = 0;
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	973	int ret = 0;
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	974	char *comment;
				975	Key *k;
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	976
				977	if (called == 0) {
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	978	if (ssh_get_num_identities(authctxt->agent, 2) == 0)
				979	debug2("userauth_pubkey_agent: no keys at all");
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	980	called = 1;
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	981	}
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	982	k = ssh_get_next_identity(authctxt->agent, &comment, 2);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	983	if (k == NULL) {
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	984	debug2("userauth_pubkey_agent: no more keys");
				985	} else {
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	986	debug("userauth_pubkey_agent: testing agent key %s", comment);
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	987	xfree(comment);
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	988	ret = send_pubkey_test(authctxt, k, agent_sign_cb, -1);
				989	if (ret == 0)
				990	key_free(k);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	991	}
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	992	if (ret == 0)
				993	debug2("userauth_pubkey_agent: no message sent");
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	994	return ret;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	995	}
				996
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	997	int
				998	userauth_pubkey(Authctxt *authctxt)
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	999	{
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	1000	static int idx = 0;
				1001	int sent = 0;
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	1002	Key *key;
				1003	char *filename;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	1004
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1005	if (authctxt->agent != NULL) {
				1006	do {
				1007	sent = userauth_pubkey_agent(authctxt);
				1008	} while(!sent && authctxt->agent->howmany > 0);
				1009	}
				1010	while (!sent && idx < options.num_identity_files) {
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	1011	key = options.identity_keys[idx];
				1012	filename = options.identity_files[idx];
				1013	if (key == NULL) {
				1014	debug("try privkey: %s", filename);
				1015	key = load_identity_file(filename);
				1016	if (key != NULL) {
				1017	sent = sign_and_send_pubkey(authctxt, key,
				1018	key_sign_cb);
				1019	key_free(key);
				1020	}
				1021	} else if (key->type != KEY_RSA1) {
				1022	debug("try pubkey: %s", filename);
				1023	sent = send_pubkey_test(authctxt, key,
				1024	identity_sign_cb, idx);
				1025	}
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1026	idx++;
				1027	}
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	1028	return sent;
				1029	}
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	1030
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	1031	/*
				1032	* Send userauth request message specifying keyboard-interactive method.
				1033	*/
				1034	int
				1035	userauth_kbdint(Authctxt *authctxt)
				1036	{
				1037	static int attempt = 0;
				1038
				1039	if (attempt++ >= options.number_of_password_prompts)
				1040	return 0;
				1041
				1042	debug2("userauth_kbdint");
				1043	packet_start(SSH2_MSG_USERAUTH_REQUEST);
				1044	packet_put_cstring(authctxt->server_user);
				1045	packet_put_cstring(authctxt->service);
				1046	packet_put_cstring(authctxt->method->name);
				1047	packet_put_cstring(""); /* lang */
				1048	packet_put_cstring(options.kbd_interactive_devices ?
				1049	options.kbd_interactive_devices : "");
				1050	packet_send();
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	1051
				1052	dispatch_set(SSH2_MSG_USERAUTH_INFO_REQUEST, &input_userauth_info_req);
				1053	return 1;
				1054	}
				1055
				1056	/*
Ben Lindstrom	03df5bd	2001-02-10 22:16:41 +0000	[diff] [blame]	1057	* parse INFO_REQUEST, prompt user and send INFO_RESPONSE
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	1058	*/
				1059	void
				1060	input_userauth_info_req(int type, int plen, void *ctxt)
				1061	{
				1062	Authctxt *authctxt = ctxt;
Ben Lindstrom	03df5bd	2001-02-10 22:16:41 +0000	[diff] [blame]	1063	char name, inst, lang, prompt, *response;
Ben Lindstrom	46c1622	2000-12-22 01:43:59 +0000	[diff] [blame]	1064	u_int num_prompts, i;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	1065	int echo = 0;
				1066
				1067	debug2("input_userauth_info_req");
				1068
				1069	if (authctxt == NULL)
				1070	fatal("input_userauth_info_req: no authentication context");
				1071
				1072	name = packet_get_string(NULL);
				1073	inst = packet_get_string(NULL);
				1074	lang = packet_get_string(NULL);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	1075	if (strlen(name) > 0)
				1076	cli_mesg(name);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	1077	if (strlen(inst) > 0)
				1078	cli_mesg(inst);
Ben Lindstrom	03df5bd	2001-02-10 22:16:41 +0000	[diff] [blame]	1079	xfree(name);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	1080	xfree(inst);
Ben Lindstrom	03df5bd	2001-02-10 22:16:41 +0000	[diff] [blame]	1081	xfree(lang);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	1082
				1083	num_prompts = packet_get_int();
				1084	/*
				1085	* Begin to build info response packet based on prompts requested.
				1086	* We commit to providing the correct number of responses, so if
				1087	* further on we run into a problem that prevents this, we have to
				1088	* be sure and clean this up and send a correct error response.
				1089	*/
				1090	packet_start(SSH2_MSG_USERAUTH_INFO_RESPONSE);
				1091	packet_put_int(num_prompts);
				1092
				1093	for (i = 0; i < num_prompts; i++) {
				1094	prompt = packet_get_string(NULL);
				1095	echo = packet_get_char();
				1096
				1097	response = cli_prompt(prompt, echo);
				1098
Ben Lindstrom	5699c5f	2001-03-05 06:17:49 +0000	[diff] [blame]	1099	packet_put_cstring(response);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	1100	memset(response, 0, strlen(response));
				1101	xfree(response);
				1102	xfree(prompt);
				1103	}
				1104	packet_done(); /* done with parsing incoming message. */
				1105
Ben Lindstrom	5699c5f	2001-03-05 06:17:49 +0000	[diff] [blame]	1106	packet_inject_ignore(64);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	1107	packet_send();
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	1108	}
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	1109
				1110	/* find auth method */
				1111
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	1112	/*
				1113	* given auth method name, if configurable options permit this method fill
				1114	* in auth_ident field and return true, otherwise return false.
				1115	*/
				1116	int
				1117	authmethod_is_enabled(Authmethod *method)
				1118	{
				1119	if (method == NULL)
				1120	return 0;
				1121	/* return false if options indicate this method is disabled */
				1122	if (method->enabled == NULL \|\| *method->enabled == 0)
				1123	return 0;
				1124	/* return false if batch mode is enabled but method needs interactive mode */
				1125	if (method->batch_flag != NULL && *method->batch_flag != 0)
				1126	return 0;
				1127	return 1;
				1128	}
				1129
				1130	Authmethod *
				1131	authmethod_lookup(const char *name)
				1132	{
				1133	Authmethod *method = NULL;
				1134	if (name != NULL)
				1135	for (method = authmethods; method->name != NULL; method++)
				1136	if (strcmp(name, method->name) == 0)
				1137	return method;
				1138	debug2("Unrecognized authentication method name: %s", name ? name : "NULL");
				1139	return NULL;
				1140	}
				1141
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame^]	1142	/* XXX internal state */
				1143	static Authmethod *current = NULL;
				1144	static char *supported = NULL;
				1145	static char *preferred = NULL;
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	1146	/*
				1147	* Given the authentication method list sent by the server, return the
				1148	* next method we should try. If the server initially sends a nil list,
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame^]	1149	* use a built-in default list.
Kevin Steves	ef4eea9	2001-02-05 12:42:17 +0000	[diff] [blame]	1150	*/
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	1151	Authmethod *
				1152	authmethod_get(char *authlist)
				1153	{
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame^]	1154
				1155	char *name = NULL;
				1156	int next;
Kevin Steves	ef4eea9	2001-02-05 12:42:17 +0000	[diff] [blame]	1157
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	1158	/* Use a suitable default if we're passed a nil list. */
				1159	if (authlist == NULL \|\| strlen(authlist) == 0)
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame^]	1160	authlist = options.preferred_authentications;
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	1161
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame^]	1162	if (supported == NULL \|\| strcmp(authlist, supported) != 0) {
				1163	debug3("start over, passed a different list %s", authlist);
				1164	if (supported != NULL)
				1165	xfree(supported);
				1166	supported = xstrdup(authlist);
				1167	preferred = options.preferred_authentications;
				1168	debug3("preferred %s", preferred);
				1169	current = NULL;
				1170	} else if (current != NULL && authmethod_is_enabled(current))
				1171	return current;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	1172
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame^]	1173	for (;;) {
				1174	if ((name = match_list(preferred, supported, &next)) == NULL) {
				1175	debug("no more auth methods to try");
				1176	current = NULL;
				1177	return NULL;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	1178	}
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame^]	1179	preferred += next;
				1180	debug3("authmethod_lookup %s", name);
				1181	debug3("remaining preferred: %s", preferred);
				1182	if ((current = authmethod_lookup(name)) != NULL &&
				1183	authmethod_is_enabled(current)) {
				1184	debug3("authmethod_is_enabled %s", name);
				1185	debug("next auth method to try is %s", name);
				1186	return current;
				1187	}
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	1188	}
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame^]	1189	}
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	1190
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame^]	1191
				1192	#define DELIM ","
				1193	char *
				1194	authmethods_get(void)
				1195	{
				1196	Authmethod *method = NULL;
				1197	char buf[1024];
				1198
				1199	buf[0] = '\0';
				1200	for (method = authmethods; method->name != NULL; method++) {
				1201	if (authmethod_is_enabled(method)) {
				1202	if (buf[0] != '\0')
				1203	strlcat(buf, DELIM, sizeof buf);
				1204	strlcat(buf, method->name, sizeof buf);
				1205	}
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	1206	}
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame^]	1207	return xstrdup(buf);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	1208	}