Blame - auth2.c - platform/external/openssh

blob: 6bcc5652787fbac9e67e5205bee4291bb3331d3a [file] [log] [blame]

Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	1	/*
				2	* Copyright (c) 2000 Markus Friedl. All rights reserved.
				3	*
				4	* Redistribution and use in source and binary forms, with or without
				5	* modification, are permitted provided that the following conditions
				6	* are met:
				7	* 1. Redistributions of source code must retain the above copyright
				8	* notice, this list of conditions and the following disclaimer.
				9	* 2. Redistributions in binary form must reproduce the above copyright
				10	* notice, this list of conditions and the following disclaimer in the
				11	* documentation and/or other materials provided with the distribution.
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	12	*
				13	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
				14	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
				15	* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
				16	* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
				17	* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
				18	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
				19	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
				20	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
				21	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
				22	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
				23	*/
Damien Miller	e4340be	2000-09-16 13:29:08 +1100	[diff] [blame]	24
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	25	#include "includes.h"
Ben Lindstrom	58d4daf	2002-05-15 16:14:36 +0000	[diff] [blame]	26	RCSID("$OpenBSD: auth2.c,v 1.91 2002/05/13 02:37:39 itojun Exp $");
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	27
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	28	#include <openssl/evp.h>
				29
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	30	#include "ssh2.h"
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	31	#include "xmalloc.h"
				32	#include "rsa.h"
Ben Lindstrom	d95c09c	2001-02-18 19:13:33 +0000	[diff] [blame]	33	#include "sshpty.h"
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	34	#include "packet.h"
				35	#include "buffer.h"
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	36	#include "log.h"
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	37	#include "servconf.h"
				38	#include "compat.h"
Ben Lindstrom	c763767	2001-06-09 00:36:26 +0000	[diff] [blame]	39	#include "channels.h"
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	40	#include "bufaux.h"
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	41	#include "auth.h"
				42	#include "session.h"
				43	#include "dispatch.h"
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	44	#include "key.h"
Ben Lindstrom	6d40c0f	2001-01-29 09:02:24 +0000	[diff] [blame]	45	#include "cipher.h"
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	46	#include "kex.h"
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	47	#include "pathnames.h"
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	48	#include "uidswap.h"
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	49	#include "auth-options.h"
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	50	#include "hostfile.h"
				51	#include "canohost.h"
Ben Lindstrom	551ea37	2001-06-05 18:56:16 +0000	[diff] [blame]	52	#include "match.h"
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	53	#include "monitor_wrap.h"
Ben Lindstrom	58d4daf	2002-05-15 16:14:36 +0000	[diff] [blame]	54	#include "atomicio.h"
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	55
				56	/* import */
				57	extern ServerOptions options;
Ben Lindstrom	46c1622	2000-12-22 01:43:59 +0000	[diff] [blame]	58	extern u_char *session_id2;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	59	extern int session_id2_len;
				60
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	61	Authctxt *x_authctxt = NULL;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	62	static int one = 1;
				63
				64	typedef struct Authmethod Authmethod;
				65	struct Authmethod {
				66	char *name;
				67	int (userauth)(Authctxt authctxt);
				68	int *enabled;
				69	};
				70
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	71	/* protocol */
				72
Damien Miller	630d6f4	2002-01-22 23:17:30 +1100	[diff] [blame]	73	static void input_service_request(int, u_int32_t, void *);
				74	static void input_userauth_request(int, u_int32_t, void *);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	75
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	76	/* helper */
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	77	static Authmethod authmethod_lookup(const char );
Ben Lindstrom	7907382	2001-07-04 03:42:30 +0000	[diff] [blame]	78	static char *authmethods_get(void);
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	79	int user_key_allowed(struct passwd , Key );
				80	int hostbased_key_allowed(struct passwd , const char , char , Key );
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	81
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	82	/* auth */
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	83	static void userauth_banner(void);
				84	static int userauth_none(Authctxt *);
				85	static int userauth_passwd(Authctxt *);
				86	static int userauth_pubkey(Authctxt *);
				87	static int userauth_hostbased(Authctxt *);
				88	static int userauth_kbdint(Authctxt *);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	89
				90	Authmethod authmethods[] = {
				91	{"none",
				92	userauth_none,
				93	&one},
				94	{"publickey",
				95	userauth_pubkey,
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	96	&options.pubkey_authentication},
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	97	{"password",
				98	userauth_passwd,
				99	&options.password_authentication},
Ben Lindstrom	d1f20ec	2001-02-10 21:31:53 +0000	[diff] [blame]	100	{"keyboard-interactive",
				101	userauth_kbdint,
				102	&options.kbd_interactive_authentication},
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	103	{"hostbased",
				104	userauth_hostbased,
				105	&options.hostbased_authentication},
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	106	{NULL, NULL, NULL}
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	107	};
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	108
				109	/*
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	110	* loop until authctxt->success == TRUE
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	111	*/
				112
Ben Lindstrom	73ab9ba	2002-03-22 01:27:35 +0000	[diff] [blame]	113	Authctxt *
Ben Lindstrom	3c36bb2	2001-12-06 17:55:26 +0000	[diff] [blame]	114	do_authentication2(void)
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	115	{
Ben Lindstrom	db65e8f	2001-01-19 04:26:52 +0000	[diff] [blame]	116	Authctxt *authctxt = authctxt_new();
				117
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	118	x_authctxt = authctxt; /XXX/
				119
Ben Lindstrom	bdfb4df	2001-10-03 17:12:43 +0000	[diff] [blame]	120	/* challenge-response is implemented via keyboard interactive */
Ben Lindstrom	551ea37	2001-06-05 18:56:16 +0000	[diff] [blame]	121	if (options.challenge_response_authentication)
Ben Lindstrom	95fb2dd	2001-01-23 03:12:10 +0000	[diff] [blame]	122	options.kbd_interactive_authentication = 1;
Damien Miller	f815442	2001-04-25 22:44:14 +1000	[diff] [blame]	123	if (options.pam_authentication_via_kbd_int)
				124	options.kbd_interactive_authentication = 1;
Damien Miller	ffc868f	2002-05-09 15:59:13 +1000	[diff] [blame]	125	if (use_privsep)
				126	options.pam_authentication_via_kbd_int = 0;
Ben Lindstrom	95fb2dd	2001-01-23 03:12:10 +0000	[diff] [blame]	127
Damien Miller	7d05339	2002-01-22 23:24:13 +1100	[diff] [blame]	128	dispatch_init(&dispatch_protocol_error);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	129	dispatch_set(SSH2_MSG_SERVICE_REQUEST, &input_service_request);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	130	dispatch_run(DISPATCH_BLOCK, &authctxt->success, authctxt);
Ben Lindstrom	73ab9ba	2002-03-22 01:27:35 +0000	[diff] [blame]	131
				132	return (authctxt);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	133	}
				134
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	135	static void
Damien Miller	630d6f4	2002-01-22 23:17:30 +1100	[diff] [blame]	136	input_service_request(int type, u_int32_t seq, void *ctxt)
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	137	{
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	138	Authctxt *authctxt = ctxt;
Ben Lindstrom	46c1622	2000-12-22 01:43:59 +0000	[diff] [blame]	139	u_int len;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	140	int accept = 0;
				141	char *service = packet_get_string(&len);
Damien Miller	48b03fc	2002-01-22 23:11:40 +1100	[diff] [blame]	142	packet_check_eom();
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	143
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	144	if (authctxt == NULL)
				145	fatal("input_service_request: no authctxt");
				146
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	147	if (strcmp(service, "ssh-userauth") == 0) {
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	148	if (!authctxt->success) {
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	149	accept = 1;
				150	/* now we can handle user-auth requests */
				151	dispatch_set(SSH2_MSG_USERAUTH_REQUEST, &input_userauth_request);
				152	}
				153	}
				154	/* XXX all other service requests are denied */
				155
				156	if (accept) {
				157	packet_start(SSH2_MSG_SERVICE_ACCEPT);
				158	packet_put_cstring(service);
				159	packet_send();
				160	packet_write_wait();
				161	} else {
				162	debug("bad service request %s", service);
				163	packet_disconnect("bad service request %s", service);
				164	}
				165	xfree(service);
				166	}
				167
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	168	static void
Damien Miller	630d6f4	2002-01-22 23:17:30 +1100	[diff] [blame]	169	input_userauth_request(int type, u_int32_t seq, void *ctxt)
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	170	{
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	171	Authctxt *authctxt = ctxt;
				172	Authmethod *m = NULL;
Ben Lindstrom	db65e8f	2001-01-19 04:26:52 +0000	[diff] [blame]	173	char user, service, method, style = NULL;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	174	int authenticated = 0;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	175
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	176	if (authctxt == NULL)
				177	fatal("input_userauth_request: no authctxt");
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	178
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	179	user = packet_get_string(NULL);
				180	service = packet_get_string(NULL);
				181	method = packet_get_string(NULL);
				182	debug("userauth-request for user %s service %s method %s", user, service, method);
Ben Lindstrom	4dccfa5	2000-12-28 16:40:05 +0000	[diff] [blame]	183	debug("attempt %d failures %d", authctxt->attempt, authctxt->failures);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	184
Ben Lindstrom	db65e8f	2001-01-19 04:26:52 +0000	[diff] [blame]	185	if ((style = strchr(user, ':')) != NULL)
				186	*style++ = 0;
				187
Kevin Steves	ef4eea9	2001-02-05 12:42:17 +0000	[diff] [blame]	188	if (authctxt->attempt++ == 0) {
Damien Miller	3a5b023	2002-03-13 13:19:42 +1100	[diff] [blame]	189	/* setup auth context */
Kevin Steves	205cc1e	2002-03-22 20:43:05 +0000	[diff] [blame]	190	authctxt->pw = PRIVSEP(getpwnamallow(user));
				191	if (authctxt->pw && strcmp(service, "ssh-connection")==0) {
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	192	authctxt->valid = 1;
				193	debug2("input_userauth_request: setting up authctxt for %s", user);
				194	#ifdef USE_PAM
Damien Miller	7941855	2002-04-23 20:28:48 +1000	[diff] [blame]	195	PRIVSEP(start_pam(authctxt->pw->pw_name));
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	196	#endif
				197	} else {
				198	log("input_userauth_request: illegal user %s", user);
Damien Miller	22e22bf	2001-01-19 15:46:38 +1100	[diff] [blame]	199	#ifdef USE_PAM
Damien Miller	7941855	2002-04-23 20:28:48 +1000	[diff] [blame]	200	PRIVSEP(start_pam("NOUSER"));
Damien Miller	22e22bf	2001-01-19 15:46:38 +1100	[diff] [blame]	201	#endif
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	202	}
Ben Lindstrom	7ebb635	2002-03-22 03:04:08 +0000	[diff] [blame]	203	setproctitle("%s%s", authctxt->pw ? user : "unknown",
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	204	use_privsep ? " [net]" : "");
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	205	authctxt->user = xstrdup(user);
				206	authctxt->service = xstrdup(service);
Ben Lindstrom	9d0c066	2001-06-09 01:40:00 +0000	[diff] [blame]	207	authctxt->style = style ? xstrdup(style) : NULL;
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	208	if (use_privsep)
				209	mm_inform_authserv(service, style);
Ben Lindstrom	9d0c066	2001-06-09 01:40:00 +0000	[diff] [blame]	210	} else if (strcmp(user, authctxt->user) != 0 \|\|
				211	strcmp(service, authctxt->service) != 0) {
				212	packet_disconnect("Change of username or service not allowed: "
				213	"(%s,%s) -> (%s,%s)",
				214	authctxt->user, authctxt->service, user, service);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	215	}
Ben Lindstrom	db65e8f	2001-01-19 04:26:52 +0000	[diff] [blame]	216	/* reset state */
Damien Miller	ee11625	2001-12-21 12:42:34 +1100	[diff] [blame]	217	auth2_challenge_stop(authctxt);
Ben Lindstrom	db65e8f	2001-01-19 04:26:52 +0000	[diff] [blame]	218	authctxt->postponed = 0;
Damien Miller	b70b61f	2000-09-16 16:25:12 +1100	[diff] [blame]	219
Ben Lindstrom	db65e8f	2001-01-19 04:26:52 +0000	[diff] [blame]	220	/* try to authenticate user */
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	221	m = authmethod_lookup(method);
				222	if (m != NULL) {
				223	debug2("input_userauth_request: try method %s", method);
				224	authenticated = m->userauth(authctxt);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	225	}
Damien Miller	5d57e50	2001-03-30 10:48:31 +1000	[diff] [blame]	226	userauth_finish(authctxt, authenticated, method);
				227
				228	xfree(service);
				229	xfree(user);
				230	xfree(method);
				231	}
				232
				233	void
				234	userauth_finish(Authctxt authctxt, int authenticated, char method)
				235	{
Ben Lindstrom	cd4349f	2001-06-09 00:23:17 +0000	[diff] [blame]	236	char *methods;
				237
Ben Lindstrom	db65e8f	2001-01-19 04:26:52 +0000	[diff] [blame]	238	if (!authctxt->valid && authenticated)
				239	fatal("INTERNAL ERROR: authenticated invalid user %s",
				240	authctxt->user);
Damien Miller	b70b61f	2000-09-16 16:25:12 +1100	[diff] [blame]	241
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	242	/* Special handling for root */
Ben Lindstrom	d8a9021	2001-02-15 03:08:27 +0000	[diff] [blame]	243	if (authenticated && authctxt->pw->pw_uid == 0 &&
				244	!auth_root_allowed(method))
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	245	authenticated = 0;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	246
				247	#ifdef USE_PAM
Damien Miller	7941855	2002-04-23 20:28:48 +1000	[diff] [blame]	248	if (!use_privsep && authenticated && authctxt->user &&
				249	!do_pam_account(authctxt->user, NULL))
Damien Miller	b70b61f	2000-09-16 16:25:12 +1100	[diff] [blame]	250	authenticated = 0;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	251	#endif /* USE_PAM */
				252
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	253	/* Log before sending the reply */
Ben Lindstrom	db65e8f	2001-01-19 04:26:52 +0000	[diff] [blame]	254	auth_log(authctxt, authenticated, method, " ssh2");
				255
Ben Lindstrom	cd4349f	2001-06-09 00:23:17 +0000	[diff] [blame]	256	if (authctxt->postponed)
				257	return;
				258
				259	/* XXX todo: check if multiple auth methods are needed */
				260	if (authenticated == 1) {
				261	/* turn off userauth */
Damien Miller	7d05339	2002-01-22 23:24:13 +1100	[diff] [blame]	262	dispatch_set(SSH2_MSG_USERAUTH_REQUEST, &dispatch_protocol_ignore);
Ben Lindstrom	cd4349f	2001-06-09 00:23:17 +0000	[diff] [blame]	263	packet_start(SSH2_MSG_USERAUTH_SUCCESS);
				264	packet_send();
				265	packet_write_wait();
				266	/* now we can break out */
				267	authctxt->success = 1;
				268	} else {
Damien Miller	e49d096	2001-11-13 23:46:18 +1100	[diff] [blame]	269	if (authctxt->failures++ > AUTH_FAIL_MAX) {
				270	#ifdef WITH_AIXAUTHENTICATE
				271	loginfailed(authctxt->user,
Damien Miller	f3451a2	2002-02-05 12:40:46 +1100	[diff] [blame]	272	get_canonical_hostname(options.verify_reverse_mapping),
Damien Miller	e49d096	2001-11-13 23:46:18 +1100	[diff] [blame]	273	"ssh");
				274	#endif /* WITH_AIXAUTHENTICATE */
Ben Lindstrom	cd4349f	2001-06-09 00:23:17 +0000	[diff] [blame]	275	packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
Damien Miller	e49d096	2001-11-13 23:46:18 +1100	[diff] [blame]	276	}
Ben Lindstrom	cd4349f	2001-06-09 00:23:17 +0000	[diff] [blame]	277	methods = authmethods_get();
				278	packet_start(SSH2_MSG_USERAUTH_FAILURE);
				279	packet_put_cstring(methods);
				280	packet_put_char(0); /* XXX partial success, unused */
				281	packet_send();
				282	packet_write_wait();
				283	xfree(methods);
				284	}
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	285	}
				286
Damien Miller	5ad9fd9	2002-05-13 11:07:41 +1000	[diff] [blame]	287	char *
				288	auth2_read_banner(void)
Ben Lindstrom	48bd7c1	2001-01-09 00:35:42 +0000	[diff] [blame]	289	{
				290	struct stat st;
				291	char *banner = NULL;
				292	off_t len, n;
				293	int fd;
				294
Damien Miller	5ad9fd9	2002-05-13 11:07:41 +1000	[diff] [blame]	295	if ((fd = open(options.banner, O_RDONLY)) == -1)
				296	return (NULL);
				297	if (fstat(fd, &st) == -1) {
				298	close(fd);
				299	return (NULL);
				300	}
Ben Lindstrom	48bd7c1	2001-01-09 00:35:42 +0000	[diff] [blame]	301	len = st.st_size;
				302	banner = xmalloc(len + 1);
Damien Miller	5ad9fd9	2002-05-13 11:07:41 +1000	[diff] [blame]	303	n = atomicio(read, fd, banner, len);
				304	close(fd);
				305
				306	if (n != len) {
				307	free(banner);
				308	return (NULL);
				309	}
Ben Lindstrom	48bd7c1	2001-01-09 00:35:42 +0000	[diff] [blame]	310	banner[n] = '\0';
Damien Miller	5ad9fd9	2002-05-13 11:07:41 +1000	[diff] [blame]	311
				312	return (banner);
				313	}
				314
				315	static void
				316	userauth_banner(void)
				317	{
				318	char *banner = NULL;
				319
				320	if (options.banner == NULL \|\| (datafellows & SSH_BUG_BANNER))
				321	return;
				322
				323	if ((banner = PRIVSEP(auth2_read_banner())) == NULL)
				324	goto done;
				325
Ben Lindstrom	48bd7c1	2001-01-09 00:35:42 +0000	[diff] [blame]	326	packet_start(SSH2_MSG_USERAUTH_BANNER);
				327	packet_put_cstring(banner);
				328	packet_put_cstring(""); /* language, unused */
				329	packet_send();
				330	debug("userauth_banner: sent");
				331	done:
				332	if (banner)
				333	xfree(banner);
Ben Lindstrom	48bd7c1	2001-01-09 00:35:42 +0000	[diff] [blame]	334	return;
				335	}
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	336
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	337	static int
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	338	userauth_none(Authctxt *authctxt)
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	339	{
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	340	/* disable method "none", only allowed one time */
				341	Authmethod *m = authmethod_lookup("none");
				342	if (m != NULL)
				343	m->enabled = NULL;
Damien Miller	48b03fc	2002-01-22 23:11:40 +1100	[diff] [blame]	344	packet_check_eom();
Kevin Steves	ef4eea9	2001-02-05 12:42:17 +0000	[diff] [blame]	345	userauth_banner();
Damien Miller	b8c656e	2000-06-28 15:22:41 +1000	[diff] [blame]	346
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	347	if (authctxt->valid == 0)
				348	return(0);
Damien Miller	3a5b023	2002-03-13 13:19:42 +1100	[diff] [blame]	349
				350	#ifdef HAVE_CYGWIN
				351	if (check_nt_auth(1, authctxt->pw) == 0)
				352	return(0);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	353	#endif
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	354	return PRIVSEP(auth_password(authctxt, ""));
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	355	}
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	356
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	357	static int
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	358	userauth_passwd(Authctxt *authctxt)
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	359	{
				360	char *password;
				361	int authenticated = 0;
				362	int change;
Ben Lindstrom	46c1622	2000-12-22 01:43:59 +0000	[diff] [blame]	363	u_int len;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	364	change = packet_get_char();
				365	if (change)
				366	log("password change not supported");
				367	password = packet_get_string(&len);
Damien Miller	48b03fc	2002-01-22 23:11:40 +1100	[diff] [blame]	368	packet_check_eom();
Damien Miller	3a5b023	2002-03-13 13:19:42 +1100	[diff] [blame]	369	if (authctxt->valid &&
				370	#ifdef HAVE_CYGWIN
				371	check_nt_auth(1, authctxt->pw) &&
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	372	#endif
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	373	PRIVSEP(auth_password(authctxt, password)) == 1)
Damien Miller	3a5b023	2002-03-13 13:19:42 +1100	[diff] [blame]	374	authenticated = 1;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	375	memset(password, 0, len);
				376	xfree(password);
				377	return authenticated;
				378	}
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	379
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	380	static int
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	381	userauth_kbdint(Authctxt *authctxt)
				382	{
				383	int authenticated = 0;
Ben Lindstrom	551ea37	2001-06-05 18:56:16 +0000	[diff] [blame]	384	char lang, devs;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	385
				386	lang = packet_get_string(NULL);
				387	devs = packet_get_string(NULL);
Damien Miller	48b03fc	2002-01-22 23:11:40 +1100	[diff] [blame]	388	packet_check_eom();
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	389
Ben Lindstrom	551ea37	2001-06-05 18:56:16 +0000	[diff] [blame]	390	debug("keyboard-interactive devs %s", devs);
Ben Lindstrom	db65e8f	2001-01-19 04:26:52 +0000	[diff] [blame]	391
Ben Lindstrom	551ea37	2001-06-05 18:56:16 +0000	[diff] [blame]	392	if (options.challenge_response_authentication)
Ben Lindstrom	95fb2dd	2001-01-23 03:12:10 +0000	[diff] [blame]	393	authenticated = auth2_challenge(authctxt, devs);
Ben Lindstrom	db65e8f	2001-01-19 04:26:52 +0000	[diff] [blame]	394
Damien Miller	b848158	2000-12-03 11:51:51 +1100	[diff] [blame]	395	#ifdef USE_PAM
Damien Miller	f815442	2001-04-25 22:44:14 +1000	[diff] [blame]	396	if (authenticated == 0 && options.pam_authentication_via_kbd_int)
Damien Miller	b848158	2000-12-03 11:51:51 +1100	[diff] [blame]	397	authenticated = auth2_pam(authctxt);
				398	#endif
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	399	xfree(devs);
Ben Lindstrom	551ea37	2001-06-05 18:56:16 +0000	[diff] [blame]	400	xfree(lang);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	401	#ifdef HAVE_CYGWIN
Damien Miller	0dea79d	2001-12-29 14:08:28 +1100	[diff] [blame]	402	if (check_nt_auth(0, authctxt->pw) == 0)
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	403	return(0);
				404	#endif
				405	return authenticated;
				406	}
				407
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	408	static int
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	409	userauth_pubkey(Authctxt *authctxt)
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	410	{
				411	Buffer b;
Damien Miller	9b74bfc	2002-02-05 12:26:03 +1100	[diff] [blame]	412	Key *key = NULL;
Ben Lindstrom	90fd814	2002-02-26 18:09:42 +0000	[diff] [blame]	413	char *pkalg;
				414	u_char pkblob, sig;
Ben Lindstrom	46c1622	2000-12-22 01:43:59 +0000	[diff] [blame]	415	u_int alen, blen, slen;
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	416	int have_sig, pktype;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	417	int authenticated = 0;
				418
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	419	if (!authctxt->valid) {
				420	debug2("userauth_pubkey: disabled because of invalid user");
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	421	return 0;
				422	}
				423	have_sig = packet_get_char();
Ben Lindstrom	d121f61	2000-12-03 17:00:47 +0000	[diff] [blame]	424	if (datafellows & SSH_BUG_PKAUTH) {
				425	debug2("userauth_pubkey: SSH_BUG_PKAUTH");
				426	/* no explicit pkalg given */
				427	pkblob = packet_get_string(&blen);
				428	buffer_init(&b);
				429	buffer_append(&b, pkblob, blen);
				430	/* so we have to extract the pkalg from the pkblob */
				431	pkalg = buffer_get_string(&b, &alen);
				432	buffer_free(&b);
				433	} else {
				434	pkalg = packet_get_string(&alen);
				435	pkblob = packet_get_string(&blen);
				436	}
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	437	pktype = key_type_from_name(pkalg);
				438	if (pktype == KEY_UNSPEC) {
Ben Lindstrom	d121f61	2000-12-03 17:00:47 +0000	[diff] [blame]	439	/* this is perfectly legal */
Damien Miller	9b74bfc	2002-02-05 12:26:03 +1100	[diff] [blame]	440	log("userauth_pubkey: unsupported public key algorithm: %s",
				441	pkalg);
				442	goto done;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	443	}
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	444	key = key_from_blob(pkblob, blen);
Damien Miller	9b74bfc	2002-02-05 12:26:03 +1100	[diff] [blame]	445	if (key == NULL) {
				446	error("userauth_pubkey: cannot decode key: %s", pkalg);
				447	goto done;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	448	}
Damien Miller	9b74bfc	2002-02-05 12:26:03 +1100	[diff] [blame]	449	if (key->type != pktype) {
				450	error("userauth_pubkey: type mismatch for decoded key "
				451	"(received %d, expected %d)", key->type, pktype);
				452	goto done;
				453	}
				454	if (have_sig) {
				455	sig = packet_get_string(&slen);
				456	packet_check_eom();
				457	buffer_init(&b);
				458	if (datafellows & SSH_OLD_SESSIONID) {
				459	buffer_append(&b, session_id2, session_id2_len);
				460	} else {
				461	buffer_put_string(&b, session_id2, session_id2_len);
				462	}
				463	/* reconstruct packet */
				464	buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
				465	buffer_put_cstring(&b, authctxt->user);
				466	buffer_put_cstring(&b,
				467	datafellows & SSH_BUG_PKSERVICE ?
				468	"ssh-userauth" :
				469	authctxt->service);
				470	if (datafellows & SSH_BUG_PKAUTH) {
				471	buffer_put_char(&b, have_sig);
				472	} else {
				473	buffer_put_cstring(&b, "publickey");
				474	buffer_put_char(&b, have_sig);
				475	buffer_put_cstring(&b, pkalg);
				476	}
				477	buffer_put_string(&b, pkblob, blen);
				478	#ifdef DEBUG_PK
				479	buffer_dump(&b);
				480	#endif
				481	/* test for correct signature */
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	482	authenticated = 0;
				483	if (PRIVSEP(user_key_allowed(authctxt->pw, key)) &&
				484	PRIVSEP(key_verify(key, sig, slen, buffer_ptr(&b),
				485	buffer_len(&b))) == 1)
Damien Miller	3a5b023	2002-03-13 13:19:42 +1100	[diff] [blame]	486	authenticated = 1;
Damien Miller	9b74bfc	2002-02-05 12:26:03 +1100	[diff] [blame]	487	buffer_clear(&b);
				488	xfree(sig);
				489	} else {
				490	debug("test whether pkalg/pkblob are acceptable");
				491	packet_check_eom();
				492
				493	/* XXX fake reply and always send PK_OK ? */
				494	/*
				495	* XXX this allows testing whether a user is allowed
				496	* to login: if you happen to have a valid pubkey this
				497	* message is sent. the message is NEVER sent at all
				498	* if a user is not allowed to login. is this an
				499	* issue? -markus
				500	*/
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	501	if (PRIVSEP(user_key_allowed(authctxt->pw, key))) {
Damien Miller	9b74bfc	2002-02-05 12:26:03 +1100	[diff] [blame]	502	packet_start(SSH2_MSG_USERAUTH_PK_OK);
				503	packet_put_string(pkalg, alen);
				504	packet_put_string(pkblob, blen);
				505	packet_send();
				506	packet_write_wait();
				507	authctxt->postponed = 1;
				508	}
				509	}
				510	if (authenticated != 1)
				511	auth_clear_options();
				512	done:
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	513	debug2("userauth_pubkey: authenticated %d pkalg %s", authenticated, pkalg);
Damien Miller	9b74bfc	2002-02-05 12:26:03 +1100	[diff] [blame]	514	if (key != NULL)
				515	key_free(key);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	516	xfree(pkalg);
				517	xfree(pkblob);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	518	#ifdef HAVE_CYGWIN
Damien Miller	0dea79d	2001-12-29 14:08:28 +1100	[diff] [blame]	519	if (check_nt_auth(0, authctxt->pw) == 0)
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	520	return(0);
				521	#endif
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	522	return authenticated;
				523	}
				524
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	525	static int
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	526	userauth_hostbased(Authctxt *authctxt)
				527	{
				528	Buffer b;
Damien Miller	9b74bfc	2002-02-05 12:26:03 +1100	[diff] [blame]	529	Key *key = NULL;
Ben Lindstrom	90fd814	2002-02-26 18:09:42 +0000	[diff] [blame]	530	char pkalg, cuser, chost, service;
				531	u_char pkblob, sig;
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	532	u_int alen, blen, slen;
				533	int pktype;
				534	int authenticated = 0;
				535
				536	if (!authctxt->valid) {
				537	debug2("userauth_hostbased: disabled because of invalid user");
				538	return 0;
				539	}
				540	pkalg = packet_get_string(&alen);
				541	pkblob = packet_get_string(&blen);
				542	chost = packet_get_string(NULL);
				543	cuser = packet_get_string(NULL);
				544	sig = packet_get_string(&slen);
				545
				546	debug("userauth_hostbased: cuser %s chost %s pkalg %s slen %d",
				547	cuser, chost, pkalg, slen);
				548	#ifdef DEBUG_PK
				549	debug("signature:");
				550	buffer_init(&b);
				551	buffer_append(&b, sig, slen);
				552	buffer_dump(&b);
				553	buffer_free(&b);
				554	#endif
				555	pktype = key_type_from_name(pkalg);
				556	if (pktype == KEY_UNSPEC) {
				557	/* this is perfectly legal */
				558	log("userauth_hostbased: unsupported "
				559	"public key algorithm: %s", pkalg);
				560	goto done;
				561	}
				562	key = key_from_blob(pkblob, blen);
				563	if (key == NULL) {
Damien Miller	9b74bfc	2002-02-05 12:26:03 +1100	[diff] [blame]	564	error("userauth_hostbased: cannot decode key: %s", pkalg);
				565	goto done;
				566	}
				567	if (key->type != pktype) {
				568	error("userauth_hostbased: type mismatch for decoded key "
				569	"(received %d, expected %d)", key->type, pktype);
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	570	goto done;
				571	}
Ben Lindstrom	671388f	2001-04-19 20:40:45 +0000	[diff] [blame]	572	service = datafellows & SSH_BUG_HBSERVICE ? "ssh-userauth" :
				573	authctxt->service;
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	574	buffer_init(&b);
Ben Lindstrom	671388f	2001-04-19 20:40:45 +0000	[diff] [blame]	575	buffer_put_string(&b, session_id2, session_id2_len);
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	576	/* reconstruct packet */
				577	buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
				578	buffer_put_cstring(&b, authctxt->user);
Ben Lindstrom	671388f	2001-04-19 20:40:45 +0000	[diff] [blame]	579	buffer_put_cstring(&b, service);
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	580	buffer_put_cstring(&b, "hostbased");
				581	buffer_put_string(&b, pkalg, alen);
				582	buffer_put_string(&b, pkblob, blen);
				583	buffer_put_cstring(&b, chost);
				584	buffer_put_cstring(&b, cuser);
				585	#ifdef DEBUG_PK
				586	buffer_dump(&b);
				587	#endif
				588	/* test for allowed key and correct signature */
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	589	authenticated = 0;
				590	if (PRIVSEP(hostbased_key_allowed(authctxt->pw, cuser, chost, key)) &&
				591	PRIVSEP(key_verify(key, sig, slen, buffer_ptr(&b),
				592	buffer_len(&b))) == 1)
Damien Miller	3a5b023	2002-03-13 13:19:42 +1100	[diff] [blame]	593	authenticated = 1;
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	594
				595	buffer_clear(&b);
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	596	done:
				597	debug2("userauth_hostbased: authenticated %d", authenticated);
Damien Miller	9b74bfc	2002-02-05 12:26:03 +1100	[diff] [blame]	598	if (key != NULL)
				599	key_free(key);
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	600	xfree(pkalg);
				601	xfree(pkblob);
				602	xfree(cuser);
				603	xfree(chost);
				604	xfree(sig);
				605	return authenticated;
				606	}
				607
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	608	/* get current user */
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	609
				610	struct passwd*
				611	auth_get_user(void)
				612	{
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	613	return (x_authctxt != NULL && x_authctxt->valid) ? x_authctxt->pw : NULL;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	614	}
				615
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	616	#define DELIM ","
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	617
Ben Lindstrom	7907382	2001-07-04 03:42:30 +0000	[diff] [blame]	618	static char *
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	619	authmethods_get(void)
				620	{
				621	Authmethod *method = NULL;
Damien Miller	0e3b872	2002-01-22 23:26:38 +1100	[diff] [blame]	622	Buffer b;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	623	char *list;
				624
Damien Miller	0e3b872	2002-01-22 23:26:38 +1100	[diff] [blame]	625	buffer_init(&b);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	626	for (method = authmethods; method->name != NULL; method++) {
				627	if (strcmp(method->name, "none") == 0)
				628	continue;
				629	if (method->enabled != NULL && *(method->enabled) != 0) {
Damien Miller	0e3b872	2002-01-22 23:26:38 +1100	[diff] [blame]	630	if (buffer_len(&b) > 0)
				631	buffer_append(&b, ",", 1);
				632	buffer_append(&b, method->name, strlen(method->name));
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	633	}
				634	}
Damien Miller	0e3b872	2002-01-22 23:26:38 +1100	[diff] [blame]	635	buffer_append(&b, "\0", 1);
				636	list = xstrdup(buffer_ptr(&b));
				637	buffer_free(&b);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	638	return list;
				639	}
				640
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	641	static Authmethod *
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	642	authmethod_lookup(const char *name)
				643	{
				644	Authmethod *method = NULL;
				645	if (name != NULL)
				646	for (method = authmethods; method->name != NULL; method++)
				647	if (method->enabled != NULL &&
				648	*(method->enabled) != 0 &&
				649	strcmp(name, method->name) == 0)
				650	return method;
				651	debug2("Unrecognized authentication method name: %s", name ? name : "NULL");
				652	return NULL;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	653	}
				654
				655	/* return 1 if user allows given key */
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	656	static int
Ben Lindstrom	f96704d	2001-06-25 04:17:12 +0000	[diff] [blame]	657	user_key_allowed2(struct passwd pw, Key key, char *file)
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	658	{
Ben Lindstrom	f96704d	2001-06-25 04:17:12 +0000	[diff] [blame]	659	char line[8192];
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	660	int found_key = 0;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	661	FILE *f;
Ben Lindstrom	46c1622	2000-12-22 01:43:59 +0000	[diff] [blame]	662	u_long linenum = 0;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	663	struct stat st;
				664	Key *found;
Damien Miller	da9edca	2001-12-21 12:48:54 +1100	[diff] [blame]	665	char *fp;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	666
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	667	if (pw == NULL)
				668	return 0;
				669
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	670	/* Temporarily use the user's uid. */
Ben Lindstrom	3fcf1a2	2001-04-08 18:26:59 +0000	[diff] [blame]	671	temporarily_use_uid(pw);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	672
Ben Lindstrom	bfb3a0e	2001-06-05 20:25:05 +0000	[diff] [blame]	673	debug("trying public key file %s", file);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	674
				675	/* Fail quietly if file does not exist */
				676	if (stat(file, &st) < 0) {
				677	/* Restore the privileged uid. */
				678	restore_uid();
				679	return 0;
				680	}
				681	/* Open the file containing the authorized keys. */
				682	f = fopen(file, "r");
				683	if (!f) {
				684	/* Restore the privileged uid. */
				685	restore_uid();
				686	return 0;
				687	}
Ben Lindstrom	bfb3a0e	2001-06-05 20:25:05 +0000	[diff] [blame]	688	if (options.strict_modes &&
Ben Lindstrom	90279d8	2001-07-04 03:56:56 +0000	[diff] [blame]	689	secure_filename(f, file, pw, line, sizeof(line)) != 0) {
Ben Lindstrom	bfb3a0e	2001-06-05 20:25:05 +0000	[diff] [blame]	690	fclose(f);
				691	log("Authentication refused: %s", line);
				692	restore_uid();
				693	return 0;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	694	}
Ben Lindstrom	bfb3a0e	2001-06-05 20:25:05 +0000	[diff] [blame]	695
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	696	found_key = 0;
Damien Miller	d344494	2000-09-30 14:20:03 +1100	[diff] [blame]	697	found = key_new(key->type);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	698
				699	while (fgets(line, sizeof(line), f)) {
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	700	char cp, options = NULL;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	701	linenum++;
				702	/* Skip leading whitespace, empty and comment lines. */
				703	for (cp = line; cp == ' ' \|\| cp == '\t'; cp++)
				704	;
				705	if (!cp \|\| cp == '\n' \|\| *cp == '#')
				706	continue;
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	707
Ben Lindstrom	1bc3bdb	2001-09-20 23:11:26 +0000	[diff] [blame]	708	if (key_read(found, &cp) != 1) {
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	709	/* no key? check if there are options for this key */
				710	int quoted = 0;
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	711	debug2("user_key_allowed: check options: '%s'", cp);
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	712	options = cp;
				713	for (; cp && (quoted \|\| (cp != ' ' && *cp != '\t')); cp++) {
				714	if (*cp == '\\' && cp[1] == '"')
				715	cp++; /* Skip both */
				716	else if (*cp == '"')
				717	quoted = !quoted;
				718	}
				719	/* Skip remaining whitespace. */
				720	for (; cp == ' ' \|\| cp == '\t'; cp++)
				721	;
Ben Lindstrom	1bc3bdb	2001-09-20 23:11:26 +0000	[diff] [blame]	722	if (key_read(found, &cp) != 1) {
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	723	debug2("user_key_allowed: advance: '%s'", cp);
Damien Miller	f6d9e22	2000-06-18 14:50:44 +1000	[diff] [blame]	724	/* still no key? advance to next line*/
				725	continue;
				726	}
				727	}
				728	if (key_equal(found, key) &&
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	729	auth_parse_options(pw, options, file, linenum) == 1) {
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	730	found_key = 1;
Ben Lindstrom	940fb86	2001-08-06 21:01:49 +0000	[diff] [blame]	731	debug("matching key found: file %s, line %lu",
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	732	file, linenum);
Damien Miller	da9edca	2001-12-21 12:48:54 +1100	[diff] [blame]	733	fp = key_fingerprint(found, SSH_FP_MD5, SSH_FP_HEX);
				734	verbose("Found matching %s key: %s",
Damien Miller	9f0f5c6	2001-12-21 14:45:46 +1100	[diff] [blame]	735	key_type(found), fp);
Damien Miller	da9edca	2001-12-21 12:48:54 +1100	[diff] [blame]	736	xfree(fp);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	737	break;
				738	}
				739	}
				740	restore_uid();
				741	fclose(f);
				742	key_free(found);
Ben Lindstrom	b54873a	2001-03-11 20:01:55 +0000	[diff] [blame]	743	if (!found_key)
				744	debug2("key not found");
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	745	return found_key;
				746	}
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	747
Ben Lindstrom	f96704d	2001-06-25 04:17:12 +0000	[diff] [blame]	748	/* check whether given key is in .ssh/authorized_keys* */
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	749	int
Ben Lindstrom	f96704d	2001-06-25 04:17:12 +0000	[diff] [blame]	750	user_key_allowed(struct passwd pw, Key key)
				751	{
				752	int success;
				753	char *file;
				754
				755	file = authorized_keys_file(pw);
				756	success = user_key_allowed2(pw, key, file);
				757	xfree(file);
				758	if (success)
				759	return success;
				760
				761	/* try suffix "2" for backward compat, too */
				762	file = authorized_keys_file2(pw);
				763	success = user_key_allowed2(pw, key, file);
				764	xfree(file);
				765	return success;
				766	}
				767
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	768	/* return 1 if given hostkey is allowed */
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	769	int
Ben Lindstrom	4aa603c	2001-04-19 20:38:06 +0000	[diff] [blame]	770	hostbased_key_allowed(struct passwd pw, const char cuser, char *chost,
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	771	Key *key)
				772	{
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	773	const char resolvedname, ipaddr, *lookup;
Ben Lindstrom	65366a8	2001-12-06 16:32:47 +0000	[diff] [blame]	774	HostStatus host_status;
				775	int len;
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	776
Damien Miller	c5d8635	2002-02-05 12:13:41 +1100	[diff] [blame]	777	resolvedname = get_canonical_hostname(options.verify_reverse_mapping);
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	778	ipaddr = get_remote_ipaddr();
				779
Ben Lindstrom	2bffd6f	2001-04-19 20:35:40 +0000	[diff] [blame]	780	debug2("userauth_hostbased: chost %s resolvedname %s ipaddr %s",
				781	chost, resolvedname, ipaddr);
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	782
				783	if (options.hostbased_uses_name_from_packet_only) {
				784	if (auth_rhosts2(pw, cuser, chost, chost) == 0)
				785	return 0;
				786	lookup = chost;
				787	} else {
Ben Lindstrom	2bffd6f	2001-04-19 20:35:40 +0000	[diff] [blame]	788	if (((len = strlen(chost)) > 0) && chost[len - 1] == '.') {
				789	debug2("stripping trailing dot from chost %s", chost);
				790	chost[len - 1] = '\0';
				791	}
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	792	if (strcasecmp(resolvedname, chost) != 0)
				793	log("userauth_hostbased mismatch: "
				794	"client sends %s, but we resolve %s to %s",
				795	chost, ipaddr, resolvedname);
				796	if (auth_rhosts2(pw, cuser, resolvedname, ipaddr) == 0)
				797	return 0;
				798	lookup = resolvedname;
				799	}
				800	debug2("userauth_hostbased: access allowed by auth_rhosts2");
				801
Ben Lindstrom	83647ce	2001-06-25 04:30:16 +0000	[diff] [blame]	802	host_status = check_key_in_hostfiles(pw, key, lookup,
				803	_PATH_SSH_SYSTEM_HOSTFILE,
Ben Lindstrom	a4789ef	2001-06-25 04:40:49 +0000	[diff] [blame]	804	options.ignore_user_known_hosts ? NULL : _PATH_SSH_USER_HOSTFILE);
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	805
Ben Lindstrom	83647ce	2001-06-25 04:30:16 +0000	[diff] [blame]	806	/* backward compat if no key has been found. */
				807	if (host_status == HOST_NEW)
				808	host_status = check_key_in_hostfiles(pw, key, lookup,
				809	_PATH_SSH_SYSTEM_HOSTFILE2,
Ben Lindstrom	a4789ef	2001-06-25 04:40:49 +0000	[diff] [blame]	810	options.ignore_user_known_hosts ? NULL :
				811	_PATH_SSH_USER_HOSTFILE2);
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	812
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	813	return (host_status == HOST_OK);
				814	}