Blame - sshconnect2.c - platform/external/openssh

blob: 1c52231b953cfe249675d4e62803f94cb0834ded [file] [log] [blame]

Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	1	/*
				2	* Copyright (c) 2000 Markus Friedl. All rights reserved.
				3	*
				4	* Redistribution and use in source and binary forms, with or without
				5	* modification, are permitted provided that the following conditions
				6	* are met:
				7	* 1. Redistributions of source code must retain the above copyright
				8	* notice, this list of conditions and the following disclaimer.
				9	* 2. Redistributions in binary form must reproduce the above copyright
				10	* notice, this list of conditions and the following disclaimer in the
				11	* documentation and/or other materials provided with the distribution.
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	12	*
				13	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
				14	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
				15	* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
				16	* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
				17	* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
				18	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
				19	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
				20	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
				21	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
				22	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
				23	*/
				24
				25	#include "includes.h"
Ben Lindstrom	f28f634	2001-04-04 02:03:04 +0000	[diff] [blame^]	26	RCSID("$OpenBSD: sshconnect2.c,v 1.63 2001/04/04 00:06:54 markus Exp $");
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	27
				28	#include <openssl/bn.h>
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	29	#include <openssl/md5.h>
				30	#include <openssl/dh.h>
				31	#include <openssl/hmac.h>
				32
				33	#include "ssh.h"
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	34	#include "ssh2.h"
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	35	#include "xmalloc.h"
				36	#include "rsa.h"
				37	#include "buffer.h"
				38	#include "packet.h"
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	39	#include "uidswap.h"
				40	#include "compat.h"
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	41	#include "bufaux.h"
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	42	#include "cipher.h"
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	43	#include "kex.h"
				44	#include "myproposal.h"
				45	#include "key.h"
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	46	#include "sshconnect.h"
				47	#include "authfile.h"
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	48	#include "cli.h"
Ben Lindstrom	df22139	2001-03-29 00:36:16 +0000	[diff] [blame]	49	#include "dh.h"
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	50	#include "authfd.h"
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	51	#include "log.h"
				52	#include "readconf.h"
				53	#include "readpass.h"
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame]	54	#include "match.h"
Ben Lindstrom	20d7c7b	2001-04-04 01:56:17 +0000	[diff] [blame]	55	#include "dispatch.h"
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	56
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	57	/* import */
				58	extern char *client_version_string;
				59	extern char *server_version_string;
				60	extern Options options;
				61
				62	/*
				63	* SSH2 key exchange
				64	*/
				65
Ben Lindstrom	46c1622	2000-12-22 01:43:59 +0000	[diff] [blame]	66	u_char *session_id2 = NULL;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	67	int session_id2_len = 0;
				68
Ben Lindstrom	20d7c7b	2001-04-04 01:56:17 +0000	[diff] [blame]	69	char *xxx_host;
				70	struct sockaddr *xxx_hostaddr;
				71
Ben Lindstrom	f28f634	2001-04-04 02:03:04 +0000	[diff] [blame^]	72	Kex *xxx_kex = NULL;
				73
Ben Lindstrom	20d7c7b	2001-04-04 01:56:17 +0000	[diff] [blame]	74	int
				75	check_host_key_callback(Key *hostkey)
				76	{
				77	check_host_key(xxx_host, xxx_hostaddr, hostkey,
				78	options.user_hostfile2, options.system_hostfile2);
				79	return 0;
				80	}
				81
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	82	void
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	83	ssh_kex2(char host, struct sockaddr hostaddr)
				84	{
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	85	Kex *kex;
Ben Lindstrom	20d7c7b	2001-04-04 01:56:17 +0000	[diff] [blame]	86
				87	xxx_host = host;
				88	xxx_hostaddr = hostaddr;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	89
Damien Miller	e39cacc	2000-11-29 12:18:44 +1100	[diff] [blame]	90	if (options.ciphers == (char *)-1) {
				91	log("No valid ciphers for protocol version 2 given, using defaults.");
				92	options.ciphers = NULL;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	93	}
				94	if (options.ciphers != NULL) {
				95	myproposal[PROPOSAL_ENC_ALGS_CTOS] =
				96	myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers;
				97	}
Damien Miller	a0ff466	2001-03-30 10:49:35 +1000	[diff] [blame]	98	myproposal[PROPOSAL_ENC_ALGS_CTOS] =
				99	compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_CTOS]);
				100	myproposal[PROPOSAL_ENC_ALGS_STOC] =
				101	compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_STOC]);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	102	if (options.compression) {
Ben Lindstrom	06b33aa	2001-02-15 03:01:59 +0000	[diff] [blame]	103	myproposal[PROPOSAL_COMP_ALGS_CTOS] =
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	104	myproposal[PROPOSAL_COMP_ALGS_STOC] = "zlib";
				105	} else {
Ben Lindstrom	06b33aa	2001-02-15 03:01:59 +0000	[diff] [blame]	106	myproposal[PROPOSAL_COMP_ALGS_CTOS] =
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	107	myproposal[PROPOSAL_COMP_ALGS_STOC] = "none";
				108	}
Ben Lindstrom	06b33aa	2001-02-15 03:01:59 +0000	[diff] [blame]	109	if (options.macs != NULL) {
				110	myproposal[PROPOSAL_MAC_ALGS_CTOS] =
				111	myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
				112	}
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	113
Ben Lindstrom	20d7c7b	2001-04-04 01:56:17 +0000	[diff] [blame]	114	kex = kex_start(myproposal);
				115	kex->client_version_string=client_version_string;
				116	kex->server_version_string=server_version_string;
				117	kex->check_host_key=&check_host_key_callback;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	118
Ben Lindstrom	f28f634	2001-04-04 02:03:04 +0000	[diff] [blame^]	119	xxx_kex = kex;
				120
Ben Lindstrom	20d7c7b	2001-04-04 01:56:17 +0000	[diff] [blame]	121	/* start key exchange */
				122	dispatch_run(DISPATCH_BLOCK, &kex->newkeys, kex);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	123
Ben Lindstrom	2d90e00	2001-04-04 02:00:54 +0000	[diff] [blame]	124	session_id2 = kex->session_id;
				125	session_id2_len = kex->session_id_len;
				126
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	127	#ifdef DEBUG_KEXDH
				128	/* send 1st encrypted/maced/compressed message */
				129	packet_start(SSH2_MSG_IGNORE);
				130	packet_put_cstring("markus");
				131	packet_send();
				132	packet_write_wait();
				133	#endif
Ben Lindstrom	20d7c7b	2001-04-04 01:56:17 +0000	[diff] [blame]	134	debug("done: ssh_kex2.");
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	135	}
Damien Miller	b1715dc	2000-05-30 13:44:51 +1000	[diff] [blame]	136
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	137	/*
				138	* Authenticate user
				139	*/
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	140
				141	typedef struct Authctxt Authctxt;
				142	typedef struct Authmethod Authmethod;
				143
				144	typedef int sign_cb_fn(
				145	Authctxt authctxt, Key key,
Ben Lindstrom	46c1622	2000-12-22 01:43:59 +0000	[diff] [blame]	146	u_char *sigp, int lenp, u_char *data, int datalen);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	147
				148	struct Authctxt {
				149	const char *server_user;
				150	const char *host;
				151	const char *service;
				152	AuthenticationConnection *agent;
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	153	Authmethod *method;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	154	int success;
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	155	char *authlist;
				156	Key *last_key;
				157	sign_cb_fn *last_key_sign;
				158	int last_key_hint;
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	159	};
				160	struct Authmethod {
				161	char name; / string to compare against server's list */
				162	int (userauth)(Authctxt authctxt);
				163	int enabled; / flag in option struct that enables method */
				164	int batch_flag; / flag in option struct that disables method */
				165	};
				166
				167	void input_userauth_success(int type, int plen, void *ctxt);
				168	void input_userauth_failure(int type, int plen, void *ctxt);
Ben Lindstrom	d26dcf3	2001-01-06 15:18:16 +0000	[diff] [blame]	169	void input_userauth_banner(int type, int plen, void *ctxt);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	170	void input_userauth_error(int type, int plen, void *ctxt);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	171	void input_userauth_info_req(int type, int plen, void *ctxt);
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	172	void input_userauth_pk_ok(int type, int plen, void *ctxt);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	173
				174	int userauth_none(Authctxt *authctxt);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	175	int userauth_pubkey(Authctxt *authctxt);
				176	int userauth_passwd(Authctxt *authctxt);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	177	int userauth_kbdint(Authctxt *authctxt);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	178
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	179	void userauth(Authctxt authctxt, char authlist);
				180
				181	int
				182	sign_and_send_pubkey(Authctxt authctxt, Key k,
				183	sign_cb_fn *sign_callback);
				184	void clear_auth_state(Authctxt *authctxt);
				185
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	186	Authmethod authmethod_get(char authlist);
				187	Authmethod authmethod_lookup(const char name);
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame]	188	char *authmethods_get(void);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	189
				190	Authmethod authmethods[] = {
				191	{"publickey",
				192	userauth_pubkey,
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	193	&options.pubkey_authentication,
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	194	NULL},
				195	{"password",
				196	userauth_passwd,
				197	&options.password_authentication,
				198	&options.batch_mode},
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	199	{"keyboard-interactive",
				200	userauth_kbdint,
				201	&options.kbd_interactive_authentication,
				202	&options.batch_mode},
				203	{"none",
				204	userauth_none,
				205	NULL,
				206	NULL},
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	207	{NULL, NULL, NULL, NULL}
				208	};
				209
				210	void
				211	ssh_userauth2(const char server_user, char host)
				212	{
				213	Authctxt authctxt;
				214	int type;
				215	int plen;
Ben Lindstrom	20d7c7b	2001-04-04 01:56:17 +0000	[diff] [blame]	216	int i;
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	217
Ben Lindstrom	95fb2dd	2001-01-23 03:12:10 +0000	[diff] [blame]	218	if (options.challenge_reponse_authentication)
				219	options.kbd_interactive_authentication = 1;
				220
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	221	debug("send SSH2_MSG_SERVICE_REQUEST");
				222	packet_start(SSH2_MSG_SERVICE_REQUEST);
				223	packet_put_cstring("ssh-userauth");
				224	packet_send();
				225	packet_write_wait();
				226	type = packet_read(&plen);
				227	if (type != SSH2_MSG_SERVICE_ACCEPT) {
				228	fatal("denied SSH2_MSG_SERVICE_ACCEPT: %d", type);
				229	}
				230	if (packet_remaining() > 0) {
				231	char *reply = packet_get_string(&plen);
				232	debug("service_accept: %s", reply);
				233	xfree(reply);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	234	} else {
				235	debug("buggy server: service_accept w/o service");
				236	}
				237	packet_done();
				238	debug("got SSH2_MSG_SERVICE_ACCEPT");
				239
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame]	240	if (options.preferred_authentications == NULL)
				241	options.preferred_authentications = authmethods_get();
				242
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	243	/* setup authentication context */
				244	authctxt.agent = ssh_get_authentication_connection();
				245	authctxt.server_user = server_user;
				246	authctxt.host = host;
				247	authctxt.service = "ssh-connection"; /* service name */
				248	authctxt.success = 0;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	249	authctxt.method = authmethod_lookup("none");
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	250	authctxt.authlist = NULL;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	251	if (authctxt.method == NULL)
				252	fatal("ssh_userauth2: internal error: cannot send userauth none request");
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	253
				254	/* initial userauth request */
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	255	userauth_none(&authctxt);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	256
Ben Lindstrom	20d7c7b	2001-04-04 01:56:17 +0000	[diff] [blame]	257	//dispatch_init(&input_userauth_error);
				258	for (i = 50; i <= 254; i++) {
				259	dispatch_set(i, &input_userauth_error);
				260	}
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	261	dispatch_set(SSH2_MSG_USERAUTH_SUCCESS, &input_userauth_success);
				262	dispatch_set(SSH2_MSG_USERAUTH_FAILURE, &input_userauth_failure);
Ben Lindstrom	d26dcf3	2001-01-06 15:18:16 +0000	[diff] [blame]	263	dispatch_set(SSH2_MSG_USERAUTH_BANNER, &input_userauth_banner);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	264	dispatch_run(DISPATCH_BLOCK, &authctxt.success, &authctxt); /* loop until success */
				265
				266	if (authctxt.agent != NULL)
				267	ssh_close_authentication_connection(authctxt.agent);
				268
Ben Lindstrom	4dccfa5	2000-12-28 16:40:05 +0000	[diff] [blame]	269	debug("ssh-userauth2 successful: method %s", authctxt.method->name);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	270	}
				271	void
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	272	userauth(Authctxt authctxt, char authlist)
				273	{
				274	if (authlist == NULL) {
				275	authlist = authctxt->authlist;
				276	} else {
				277	if (authctxt->authlist)
				278	xfree(authctxt->authlist);
				279	authctxt->authlist = authlist;
				280	}
				281	for (;;) {
				282	Authmethod *method = authmethod_get(authlist);
				283	if (method == NULL)
				284	fatal("Permission denied (%s).", authlist);
				285	authctxt->method = method;
				286	if (method->userauth(authctxt) != 0) {
				287	debug2("we sent a %s packet, wait for reply", method->name);
				288	break;
				289	} else {
				290	debug2("we did not send a packet, disable method");
				291	method->enabled = NULL;
				292	}
				293	}
				294	}
				295	void
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	296	input_userauth_error(int type, int plen, void *ctxt)
				297	{
Ben Lindstrom	d26dcf3	2001-01-06 15:18:16 +0000	[diff] [blame]	298	fatal("input_userauth_error: bad message during authentication: "
				299	"type %d", type);
				300	}
				301	void
				302	input_userauth_banner(int type, int plen, void *ctxt)
				303	{
				304	char msg, lang;
				305	debug3("input_userauth_banner");
				306	msg = packet_get_string(NULL);
				307	lang = packet_get_string(NULL);
				308	fprintf(stderr, "%s", msg);
				309	xfree(msg);
				310	xfree(lang);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	311	}
				312	void
				313	input_userauth_success(int type, int plen, void *ctxt)
				314	{
				315	Authctxt *authctxt = ctxt;
				316	if (authctxt == NULL)
				317	fatal("input_userauth_success: no authentication context");
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	318	if (authctxt->authlist)
				319	xfree(authctxt->authlist);
				320	clear_auth_state(authctxt);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	321	authctxt->success = 1; /* break out */
				322	}
				323	void
				324	input_userauth_failure(int type, int plen, void *ctxt)
				325	{
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	326	Authctxt *authctxt = ctxt;
				327	char *authlist = NULL;
				328	int partial;
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	329
				330	if (authctxt == NULL)
				331	fatal("input_userauth_failure: no authentication context");
				332
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	333	authlist = packet_get_string(NULL);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	334	partial = packet_get_char();
				335	packet_done();
				336
				337	if (partial != 0)
Ben Lindstrom	03df5bd	2001-02-10 22:16:41 +0000	[diff] [blame]	338	log("Authenticated with partial success.");
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	339	debug("authentications that can continue: %s", authlist);
				340
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	341	clear_auth_state(authctxt);
				342	userauth(authctxt, authlist);
				343	}
				344	void
				345	input_userauth_pk_ok(int type, int plen, void *ctxt)
				346	{
				347	Authctxt *authctxt = ctxt;
				348	Key *key = NULL;
				349	Buffer b;
				350	int alen, blen, pktype, sent = 0;
Ben Lindstrom	cfccef9	2001-03-13 04:57:58 +0000	[diff] [blame]	351	char pkalg, pkblob, *fp;
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	352
				353	if (authctxt == NULL)
				354	fatal("input_userauth_pk_ok: no authentication context");
				355	if (datafellows & SSH_BUG_PKOK) {
				356	/* this is similar to SSH_BUG_PKAUTH */
				357	debug2("input_userauth_pk_ok: SSH_BUG_PKOK");
				358	pkblob = packet_get_string(&blen);
				359	buffer_init(&b);
				360	buffer_append(&b, pkblob, blen);
				361	pkalg = buffer_get_string(&b, &alen);
				362	buffer_free(&b);
				363	} else {
				364	pkalg = packet_get_string(&alen);
				365	pkblob = packet_get_string(&blen);
Kevin Steves	ef4eea9	2001-02-05 12:42:17 +0000	[diff] [blame]	366	}
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	367	packet_done();
				368
				369	debug("input_userauth_pk_ok: pkalg %s blen %d lastkey %p hint %d",
				370	pkalg, blen, authctxt->last_key, authctxt->last_key_hint);
				371
				372	do {
				373	if (authctxt->last_key == NULL \|\|
				374	authctxt->last_key_sign == NULL) {
				375	debug("no last key or no sign cb");
				376	break;
				377	}
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	378	if ((pktype = key_type_from_name(pkalg)) == KEY_UNSPEC) {
				379	debug("unknown pkalg %s", pkalg);
				380	break;
				381	}
				382	if ((key = key_from_blob(pkblob, blen)) == NULL) {
				383	debug("no key from blob. pkalg %s", pkalg);
				384	break;
				385	}
Ben Lindstrom	cfccef9	2001-03-13 04:57:58 +0000	[diff] [blame]	386	fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
				387	debug2("input_userauth_pk_ok: fp %s", fp);
				388	xfree(fp);
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	389	if (!key_equal(key, authctxt->last_key)) {
				390	debug("key != last_key");
				391	break;
				392	}
				393	sent = sign_and_send_pubkey(authctxt, key,
				394	authctxt->last_key_sign);
				395	} while(0);
				396
				397	if (key != NULL)
				398	key_free(key);
				399	xfree(pkalg);
				400	xfree(pkblob);
				401
				402	/* unregister */
				403	clear_auth_state(authctxt);
				404	dispatch_set(SSH2_MSG_USERAUTH_PK_OK, NULL);
				405
				406	/* try another method if we did not send a packet*/
				407	if (sent == 0)
				408	userauth(authctxt, NULL);
				409
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	410	}
				411
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	412	int
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	413	userauth_none(Authctxt *authctxt)
				414	{
				415	/* initial userauth request */
				416	packet_start(SSH2_MSG_USERAUTH_REQUEST);
				417	packet_put_cstring(authctxt->server_user);
				418	packet_put_cstring(authctxt->service);
				419	packet_put_cstring(authctxt->method->name);
				420	packet_send();
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	421	return 1;
				422	}
				423
				424	int
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	425	userauth_passwd(Authctxt *authctxt)
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	426	{
Damien Miller	e247cc4	2000-05-07 12:03:14 +1000	[diff] [blame]	427	static int attempt = 0;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	428	char prompt[80];
				429	char *password;
				430
Damien Miller	d3a1857	2000-06-07 19:55:44 +1000	[diff] [blame]	431	if (attempt++ >= options.number_of_password_prompts)
Damien Miller	e247cc4	2000-05-07 12:03:14 +1000	[diff] [blame]	432	return 0;
				433
Damien Miller	d3a1857	2000-06-07 19:55:44 +1000	[diff] [blame]	434	if(attempt != 1)
				435	error("Permission denied, please try again.");
				436
Ben Lindstrom	03df5bd	2001-02-10 22:16:41 +0000	[diff] [blame]	437	snprintf(prompt, sizeof(prompt), "%.30s@%.128s's password: ",
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	438	authctxt->server_user, authctxt->host);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	439	password = read_passphrase(prompt, 0);
				440	packet_start(SSH2_MSG_USERAUTH_REQUEST);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	441	packet_put_cstring(authctxt->server_user);
				442	packet_put_cstring(authctxt->service);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	443	packet_put_cstring(authctxt->method->name);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	444	packet_put_char(0);
Ben Lindstrom	5699c5f	2001-03-05 06:17:49 +0000	[diff] [blame]	445	packet_put_cstring(password);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	446	memset(password, 0, strlen(password));
				447	xfree(password);
Ben Lindstrom	5699c5f	2001-03-05 06:17:49 +0000	[diff] [blame]	448	packet_inject_ignore(64);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	449	packet_send();
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	450	return 1;
				451	}
				452
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	453	void
				454	clear_auth_state(Authctxt *authctxt)
				455	{
				456	/* XXX clear authentication state */
				457	if (authctxt->last_key != NULL && authctxt->last_key_hint == -1) {
				458	debug3("clear_auth_state: key_free %p", authctxt->last_key);
				459	key_free(authctxt->last_key);
				460	}
				461	authctxt->last_key = NULL;
				462	authctxt->last_key_hint = -2;
				463	authctxt->last_key_sign = NULL;
				464	}
				465
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	466	int
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	467	sign_and_send_pubkey(Authctxt authctxt, Key k, sign_cb_fn *sign_callback)
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	468	{
				469	Buffer b;
Ben Lindstrom	46c1622	2000-12-22 01:43:59 +0000	[diff] [blame]	470	u_char blob, signature;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	471	int bloblen, slen;
Damien Miller	6536c7d	2000-06-22 21:32:31 +1000	[diff] [blame]	472	int skip = 0;
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	473	int ret = -1;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	474	int have_sig = 1;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	475
Ben Lindstrom	d121f61	2000-12-03 17:00:47 +0000	[diff] [blame]	476	debug3("sign_and_send_pubkey");
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	477
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	478	if (key_to_blob(k, &blob, &bloblen) == 0) {
				479	/* we cannot handle this key */
Ben Lindstrom	d121f61	2000-12-03 17:00:47 +0000	[diff] [blame]	480	debug3("sign_and_send_pubkey: cannot handle key");
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	481	return 0;
				482	}
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	483	/* data to be signed */
				484	buffer_init(&b);
Damien Miller	50a41ed	2000-10-16 12:14:42 +1100	[diff] [blame]	485	if (datafellows & SSH_OLD_SESSIONID) {
Damien Miller	6536c7d	2000-06-22 21:32:31 +1000	[diff] [blame]	486	buffer_append(&b, session_id2, session_id2_len);
Kevin Steves	ef4eea9	2001-02-05 12:42:17 +0000	[diff] [blame]	487	skip = session_id2_len;
Damien Miller	50a41ed	2000-10-16 12:14:42 +1100	[diff] [blame]	488	} else {
				489	buffer_put_string(&b, session_id2, session_id2_len);
				490	skip = buffer_len(&b);
Damien Miller	6536c7d	2000-06-22 21:32:31 +1000	[diff] [blame]	491	}
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	492	buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	493	buffer_put_cstring(&b, authctxt->server_user);
Damien Miller	30c3d42	2000-05-09 11:02:59 +1000	[diff] [blame]	494	buffer_put_cstring(&b,
Ben Lindstrom	d121f61	2000-12-03 17:00:47 +0000	[diff] [blame]	495	datafellows & SSH_BUG_PKSERVICE ?
Damien Miller	30c3d42	2000-05-09 11:02:59 +1000	[diff] [blame]	496	"ssh-userauth" :
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	497	authctxt->service);
Ben Lindstrom	d121f61	2000-12-03 17:00:47 +0000	[diff] [blame]	498	if (datafellows & SSH_BUG_PKAUTH) {
				499	buffer_put_char(&b, have_sig);
				500	} else {
				501	buffer_put_cstring(&b, authctxt->method->name);
				502	buffer_put_char(&b, have_sig);
Kevin Steves	ef4eea9	2001-02-05 12:42:17 +0000	[diff] [blame]	503	buffer_put_cstring(&b, key_ssh_name(k));
Ben Lindstrom	d121f61	2000-12-03 17:00:47 +0000	[diff] [blame]	504	}
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	505	buffer_put_string(&b, blob, bloblen);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	506
				507	/* generate signature */
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	508	ret = (*sign_callback)(authctxt, k, &signature, &slen,
				509	buffer_ptr(&b), buffer_len(&b));
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	510	if (ret == -1) {
				511	xfree(blob);
				512	buffer_free(&b);
				513	return 0;
				514	}
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	515	#ifdef DEBUG_PK
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	516	buffer_dump(&b);
				517	#endif
Ben Lindstrom	d121f61	2000-12-03 17:00:47 +0000	[diff] [blame]	518	if (datafellows & SSH_BUG_PKSERVICE) {
Damien Miller	30c3d42	2000-05-09 11:02:59 +1000	[diff] [blame]	519	buffer_clear(&b);
				520	buffer_append(&b, session_id2, session_id2_len);
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	521	skip = session_id2_len;
Damien Miller	30c3d42	2000-05-09 11:02:59 +1000	[diff] [blame]	522	buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	523	buffer_put_cstring(&b, authctxt->server_user);
				524	buffer_put_cstring(&b, authctxt->service);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	525	buffer_put_cstring(&b, authctxt->method->name);
				526	buffer_put_char(&b, have_sig);
Ben Lindstrom	d121f61	2000-12-03 17:00:47 +0000	[diff] [blame]	527	if (!(datafellows & SSH_BUG_PKAUTH))
Kevin Steves	ef4eea9	2001-02-05 12:42:17 +0000	[diff] [blame]	528	buffer_put_cstring(&b, key_ssh_name(k));
Damien Miller	30c3d42	2000-05-09 11:02:59 +1000	[diff] [blame]	529	buffer_put_string(&b, blob, bloblen);
				530	}
				531	xfree(blob);
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	532
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	533	/* append signature */
				534	buffer_put_string(&b, signature, slen);
				535	xfree(signature);
				536
				537	/* skip session id and packet type */
Damien Miller	6536c7d	2000-06-22 21:32:31 +1000	[diff] [blame]	538	if (buffer_len(&b) < skip + 1)
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	539	fatal("userauth_pubkey: internal error");
Damien Miller	6536c7d	2000-06-22 21:32:31 +1000	[diff] [blame]	540	buffer_consume(&b, skip + 1);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	541
				542	/* put remaining data from buffer into packet */
				543	packet_start(SSH2_MSG_USERAUTH_REQUEST);
				544	packet_put_raw(buffer_ptr(&b), buffer_len(&b));
				545	buffer_free(&b);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	546	packet_send();
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	547
				548	return 1;
Damien Miller	994cf14	2000-07-21 10:19:44 +1000	[diff] [blame]	549	}
				550
				551	int
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	552	send_pubkey_test(Authctxt authctxt, Key k, sign_cb_fn *sign_callback,
				553	int hint)
Damien Miller	994cf14	2000-07-21 10:19:44 +1000	[diff] [blame]	554	{
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	555	u_char *blob;
				556	int bloblen, have_sig = 0;
Damien Miller	994cf14	2000-07-21 10:19:44 +1000	[diff] [blame]	557
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	558	debug3("send_pubkey_test");
				559
				560	if (key_to_blob(k, &blob, &bloblen) == 0) {
				561	/* we cannot handle this key */
				562	debug3("send_pubkey_test: cannot handle key");
Damien Miller	994cf14	2000-07-21 10:19:44 +1000	[diff] [blame]	563	return 0;
				564	}
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	565	/* register callback for USERAUTH_PK_OK message */
				566	authctxt->last_key_sign = sign_callback;
				567	authctxt->last_key_hint = hint;
				568	authctxt->last_key = k;
				569	dispatch_set(SSH2_MSG_USERAUTH_PK_OK, &input_userauth_pk_ok);
Damien Miller	994cf14	2000-07-21 10:19:44 +1000	[diff] [blame]	570
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	571	packet_start(SSH2_MSG_USERAUTH_REQUEST);
				572	packet_put_cstring(authctxt->server_user);
				573	packet_put_cstring(authctxt->service);
				574	packet_put_cstring(authctxt->method->name);
				575	packet_put_char(have_sig);
				576	if (!(datafellows & SSH_BUG_PKAUTH))
				577	packet_put_cstring(key_ssh_name(k));
				578	packet_put_string(blob, bloblen);
				579	xfree(blob);
				580	packet_send();
				581	return 1;
				582	}
				583
				584	Key *
				585	load_identity_file(char *filename)
				586	{
				587	Key *private;
				588	char prompt[300], *passphrase;
Ben Lindstrom	d0fca42	2001-03-26 13:44:06 +0000	[diff] [blame]	589	int quit, i;
Ben Lindstrom	329782e	2001-03-10 17:08:59 +0000	[diff] [blame]	590	struct stat st;
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	591
Ben Lindstrom	329782e	2001-03-10 17:08:59 +0000	[diff] [blame]	592	if (stat(filename, &st) < 0) {
				593	debug3("no such identity: %s", filename);
				594	return NULL;
				595	}
Ben Lindstrom	d0fca42	2001-03-26 13:44:06 +0000	[diff] [blame]	596	private = key_load_private_type(KEY_UNSPEC, filename, "", NULL);
				597	if (private == NULL) {
				598	if (options.batch_mode)
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	599	return NULL;
Damien Miller	994cf14	2000-07-21 10:19:44 +1000	[diff] [blame]	600	snprintf(prompt, sizeof prompt,
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	601	"Enter passphrase for key '%.100s': ", filename);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	602	for (i = 0; i < options.number_of_password_prompts; i++) {
				603	passphrase = read_passphrase(prompt, 0);
				604	if (strcmp(passphrase, "") != 0) {
Ben Lindstrom	d0fca42	2001-03-26 13:44:06 +0000	[diff] [blame]	605	private = key_load_private_type(KEY_UNSPEC, filename,
				606	passphrase, NULL);
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	607	quit = 0;
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	608	} else {
				609	debug2("no passphrase given, try next key");
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	610	quit = 1;
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	611	}
				612	memset(passphrase, 0, strlen(passphrase));
				613	xfree(passphrase);
Ben Lindstrom	d0fca42	2001-03-26 13:44:06 +0000	[diff] [blame]	614	if (private != NULL \|\| quit)
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	615	break;
				616	debug2("bad passphrase given, try again...");
				617	}
Damien Miller	994cf14	2000-07-21 10:19:44 +1000	[diff] [blame]	618	}
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	619	return private;
				620	}
				621
				622	int
				623	identity_sign_cb(Authctxt authctxt, Key key, u_char *sigp, int lenp,
				624	u_char *data, int datalen)
				625	{
				626	Key *private;
				627	int idx, ret;
				628
				629	idx = authctxt->last_key_hint;
				630	if (idx < 0)
				631	return -1;
				632	private = load_identity_file(options.identity_files[idx]);
				633	if (private == NULL)
				634	return -1;
				635	ret = key_sign(private, sigp, lenp, data, datalen);
				636	key_free(private);
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	637	return ret;
				638	}
				639
Ben Lindstrom	46c1622	2000-12-22 01:43:59 +0000	[diff] [blame]	640	int agent_sign_cb(Authctxt authctxt, Key key, u_char *sigp, int lenp,
				641	u_char *data, int datalen)
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	642	{
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	643	return ssh_agent_sign(authctxt->agent, key, sigp, lenp, data, datalen);
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	644	}
				645
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	646	int key_sign_cb(Authctxt authctxt, Key key, u_char *sigp, int lenp,
				647	u_char *data, int datalen)
				648	{
				649	return key_sign(key, sigp, lenp, data, datalen);
				650	}
				651
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	652	int
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	653	userauth_pubkey_agent(Authctxt *authctxt)
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	654	{
				655	static int called = 0;
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	656	int ret = 0;
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	657	char *comment;
				658	Key *k;
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	659
				660	if (called == 0) {
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	661	if (ssh_get_num_identities(authctxt->agent, 2) == 0)
				662	debug2("userauth_pubkey_agent: no keys at all");
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	663	called = 1;
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	664	}
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	665	k = ssh_get_next_identity(authctxt->agent, &comment, 2);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	666	if (k == NULL) {
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	667	debug2("userauth_pubkey_agent: no more keys");
				668	} else {
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	669	debug("userauth_pubkey_agent: testing agent key %s", comment);
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	670	xfree(comment);
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	671	ret = send_pubkey_test(authctxt, k, agent_sign_cb, -1);
				672	if (ret == 0)
				673	key_free(k);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	674	}
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	675	if (ret == 0)
				676	debug2("userauth_pubkey_agent: no message sent");
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	677	return ret;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	678	}
				679
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	680	int
				681	userauth_pubkey(Authctxt *authctxt)
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	682	{
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	683	static int idx = 0;
				684	int sent = 0;
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	685	Key *key;
				686	char *filename;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	687
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	688	if (authctxt->agent != NULL) {
				689	do {
				690	sent = userauth_pubkey_agent(authctxt);
				691	} while(!sent && authctxt->agent->howmany > 0);
				692	}
				693	while (!sent && idx < options.num_identity_files) {
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	694	key = options.identity_keys[idx];
				695	filename = options.identity_files[idx];
				696	if (key == NULL) {
				697	debug("try privkey: %s", filename);
				698	key = load_identity_file(filename);
				699	if (key != NULL) {
				700	sent = sign_and_send_pubkey(authctxt, key,
				701	key_sign_cb);
				702	key_free(key);
				703	}
				704	} else if (key->type != KEY_RSA1) {
				705	debug("try pubkey: %s", filename);
				706	sent = send_pubkey_test(authctxt, key,
				707	identity_sign_cb, idx);
				708	}
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	709	idx++;
				710	}
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	711	return sent;
				712	}
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	713
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	714	/*
				715	* Send userauth request message specifying keyboard-interactive method.
				716	*/
				717	int
				718	userauth_kbdint(Authctxt *authctxt)
				719	{
				720	static int attempt = 0;
				721
				722	if (attempt++ >= options.number_of_password_prompts)
				723	return 0;
				724
				725	debug2("userauth_kbdint");
				726	packet_start(SSH2_MSG_USERAUTH_REQUEST);
				727	packet_put_cstring(authctxt->server_user);
				728	packet_put_cstring(authctxt->service);
				729	packet_put_cstring(authctxt->method->name);
				730	packet_put_cstring(""); /* lang */
				731	packet_put_cstring(options.kbd_interactive_devices ?
				732	options.kbd_interactive_devices : "");
				733	packet_send();
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	734
				735	dispatch_set(SSH2_MSG_USERAUTH_INFO_REQUEST, &input_userauth_info_req);
				736	return 1;
				737	}
				738
				739	/*
Ben Lindstrom	03df5bd	2001-02-10 22:16:41 +0000	[diff] [blame]	740	* parse INFO_REQUEST, prompt user and send INFO_RESPONSE
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	741	*/
				742	void
				743	input_userauth_info_req(int type, int plen, void *ctxt)
				744	{
				745	Authctxt *authctxt = ctxt;
Ben Lindstrom	03df5bd	2001-02-10 22:16:41 +0000	[diff] [blame]	746	char name, inst, lang, prompt, *response;
Ben Lindstrom	46c1622	2000-12-22 01:43:59 +0000	[diff] [blame]	747	u_int num_prompts, i;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	748	int echo = 0;
				749
				750	debug2("input_userauth_info_req");
				751
				752	if (authctxt == NULL)
				753	fatal("input_userauth_info_req: no authentication context");
				754
				755	name = packet_get_string(NULL);
				756	inst = packet_get_string(NULL);
				757	lang = packet_get_string(NULL);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	758	if (strlen(name) > 0)
				759	cli_mesg(name);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	760	if (strlen(inst) > 0)
				761	cli_mesg(inst);
Ben Lindstrom	03df5bd	2001-02-10 22:16:41 +0000	[diff] [blame]	762	xfree(name);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	763	xfree(inst);
Ben Lindstrom	03df5bd	2001-02-10 22:16:41 +0000	[diff] [blame]	764	xfree(lang);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	765
				766	num_prompts = packet_get_int();
				767	/*
				768	* Begin to build info response packet based on prompts requested.
				769	* We commit to providing the correct number of responses, so if
				770	* further on we run into a problem that prevents this, we have to
				771	* be sure and clean this up and send a correct error response.
				772	*/
				773	packet_start(SSH2_MSG_USERAUTH_INFO_RESPONSE);
				774	packet_put_int(num_prompts);
				775
				776	for (i = 0; i < num_prompts; i++) {
				777	prompt = packet_get_string(NULL);
				778	echo = packet_get_char();
				779
				780	response = cli_prompt(prompt, echo);
				781
Ben Lindstrom	5699c5f	2001-03-05 06:17:49 +0000	[diff] [blame]	782	packet_put_cstring(response);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	783	memset(response, 0, strlen(response));
				784	xfree(response);
				785	xfree(prompt);
				786	}
				787	packet_done(); /* done with parsing incoming message. */
				788
Ben Lindstrom	5699c5f	2001-03-05 06:17:49 +0000	[diff] [blame]	789	packet_inject_ignore(64);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	790	packet_send();
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	791	}
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	792
				793	/* find auth method */
				794
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	795	/*
				796	* given auth method name, if configurable options permit this method fill
				797	* in auth_ident field and return true, otherwise return false.
				798	*/
				799	int
				800	authmethod_is_enabled(Authmethod *method)
				801	{
				802	if (method == NULL)
				803	return 0;
				804	/* return false if options indicate this method is disabled */
				805	if (method->enabled == NULL \|\| *method->enabled == 0)
				806	return 0;
				807	/* return false if batch mode is enabled but method needs interactive mode */
				808	if (method->batch_flag != NULL && *method->batch_flag != 0)
				809	return 0;
				810	return 1;
				811	}
				812
				813	Authmethod *
				814	authmethod_lookup(const char *name)
				815	{
				816	Authmethod *method = NULL;
				817	if (name != NULL)
				818	for (method = authmethods; method->name != NULL; method++)
				819	if (strcmp(name, method->name) == 0)
				820	return method;
				821	debug2("Unrecognized authentication method name: %s", name ? name : "NULL");
				822	return NULL;
				823	}
				824
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame]	825	/* XXX internal state */
				826	static Authmethod *current = NULL;
				827	static char *supported = NULL;
				828	static char *preferred = NULL;
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	829	/*
				830	* Given the authentication method list sent by the server, return the
				831	* next method we should try. If the server initially sends a nil list,
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame]	832	* use a built-in default list.
Kevin Steves	ef4eea9	2001-02-05 12:42:17 +0000	[diff] [blame]	833	*/
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	834	Authmethod *
				835	authmethod_get(char *authlist)
				836	{
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame]	837
				838	char *name = NULL;
				839	int next;
Kevin Steves	ef4eea9	2001-02-05 12:42:17 +0000	[diff] [blame]	840
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	841	/* Use a suitable default if we're passed a nil list. */
				842	if (authlist == NULL \|\| strlen(authlist) == 0)
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame]	843	authlist = options.preferred_authentications;
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	844
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame]	845	if (supported == NULL \|\| strcmp(authlist, supported) != 0) {
				846	debug3("start over, passed a different list %s", authlist);
				847	if (supported != NULL)
				848	xfree(supported);
				849	supported = xstrdup(authlist);
				850	preferred = options.preferred_authentications;
				851	debug3("preferred %s", preferred);
				852	current = NULL;
				853	} else if (current != NULL && authmethod_is_enabled(current))
				854	return current;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	855
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame]	856	for (;;) {
				857	if ((name = match_list(preferred, supported, &next)) == NULL) {
				858	debug("no more auth methods to try");
				859	current = NULL;
				860	return NULL;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	861	}
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame]	862	preferred += next;
				863	debug3("authmethod_lookup %s", name);
				864	debug3("remaining preferred: %s", preferred);
				865	if ((current = authmethod_lookup(name)) != NULL &&
				866	authmethod_is_enabled(current)) {
				867	debug3("authmethod_is_enabled %s", name);
				868	debug("next auth method to try is %s", name);
				869	return current;
				870	}
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	871	}
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame]	872	}
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	873
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame]	874
				875	#define DELIM ","
				876	char *
				877	authmethods_get(void)
				878	{
				879	Authmethod *method = NULL;
				880	char buf[1024];
				881
				882	buf[0] = '\0';
				883	for (method = authmethods; method->name != NULL; method++) {
				884	if (authmethod_is_enabled(method)) {
				885	if (buf[0] != '\0')
				886	strlcat(buf, DELIM, sizeof buf);
				887	strlcat(buf, method->name, sizeof buf);
				888	}
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	889	}
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame]	890	return xstrdup(buf);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	891	}