Blame - sshconnect2.c - platform/external/openssh

blob: 36d592b4291919ccb0cf9ac2d171e73c880654fc [file] [log] [blame]

Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	1	/*
				2	* Copyright (c) 2000 Markus Friedl. All rights reserved.
				3	*
				4	* Redistribution and use in source and binary forms, with or without
				5	* modification, are permitted provided that the following conditions
				6	* are met:
				7	* 1. Redistributions of source code must retain the above copyright
				8	* notice, this list of conditions and the following disclaimer.
				9	* 2. Redistributions in binary form must reproduce the above copyright
				10	* notice, this list of conditions and the following disclaimer in the
				11	* documentation and/or other materials provided with the distribution.
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	12	*
				13	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
				14	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
				15	* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
				16	* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
				17	* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
				18	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
				19	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
				20	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
				21	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
				22	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
				23	*/
				24
				25	#include "includes.h"
Damien Miller	3ab496b	2003-05-14 13:47:37 +1000	[diff] [blame]	26	RCSID("$OpenBSD: sshconnect2.c,v 1.118 2003/05/14 02:15:47 markus Exp $");
				27
				28	#ifdef KRB5
				29	#include <krb5.h>
Damien Miller	9c61769	2003-05-14 14:31:11 +1000	[diff] [blame]	30	#ifndef HEIMDAL
				31	#define krb5_get_err_text(context,code) error_message(code)
				32	#endif /* !HEIMDAL */
Damien Miller	3ab496b	2003-05-14 13:47:37 +1000	[diff] [blame]	33	#endif
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	34
Damien Miller	9c61769	2003-05-14 14:31:11 +1000	[diff] [blame]	35	#include "openbsd-compat/sys-queue.h"
				36
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	37	#include "ssh.h"
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	38	#include "ssh2.h"
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	39	#include "xmalloc.h"
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	40	#include "buffer.h"
				41	#include "packet.h"
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	42	#include "compat.h"
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	43	#include "bufaux.h"
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	44	#include "cipher.h"
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	45	#include "kex.h"
				46	#include "myproposal.h"
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	47	#include "sshconnect.h"
				48	#include "authfile.h"
Ben Lindstrom	df22139	2001-03-29 00:36:16 +0000	[diff] [blame]	49	#include "dh.h"
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	50	#include "authfd.h"
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	51	#include "log.h"
				52	#include "readconf.h"
				53	#include "readpass.h"
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame]	54	#include "match.h"
Ben Lindstrom	20d7c7b	2001-04-04 01:56:17 +0000	[diff] [blame]	55	#include "dispatch.h"
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	56	#include "canohost.h"
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	57	#include "msg.h"
				58	#include "pathnames.h"
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	59
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	60	/* import */
				61	extern char *client_version_string;
				62	extern char *server_version_string;
				63	extern Options options;
				64
				65	/*
				66	* SSH2 key exchange
				67	*/
				68
Ben Lindstrom	46c1622	2000-12-22 01:43:59 +0000	[diff] [blame]	69	u_char *session_id2 = NULL;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	70	int session_id2_len = 0;
				71
Ben Lindstrom	20d7c7b	2001-04-04 01:56:17 +0000	[diff] [blame]	72	char *xxx_host;
				73	struct sockaddr *xxx_hostaddr;
				74
Ben Lindstrom	f28f634	2001-04-04 02:03:04 +0000	[diff] [blame]	75	Kex *xxx_kex = NULL;
				76
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	77	static int
Ben Lindstrom	d6481ea	2001-06-25 04:37:41 +0000	[diff] [blame]	78	verify_host_key_callback(Key *hostkey)
Ben Lindstrom	20d7c7b	2001-04-04 01:56:17 +0000	[diff] [blame]	79	{
Ben Lindstrom	d6481ea	2001-06-25 04:37:41 +0000	[diff] [blame]	80	if (verify_host_key(xxx_host, xxx_hostaddr, hostkey) == -1)
Damien Miller	59d9fb9	2001-10-10 15:03:11 +1000	[diff] [blame]	81	fatal("Host key verification failed.");
Ben Lindstrom	20d7c7b	2001-04-04 01:56:17 +0000	[diff] [blame]	82	return 0;
				83	}
				84
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	85	void
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	86	ssh_kex2(char host, struct sockaddr hostaddr)
				87	{
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	88	Kex *kex;
Ben Lindstrom	20d7c7b	2001-04-04 01:56:17 +0000	[diff] [blame]	89
				90	xxx_host = host;
				91	xxx_hostaddr = hostaddr;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	92
Damien Miller	e39cacc	2000-11-29 12:18:44 +1100	[diff] [blame]	93	if (options.ciphers == (char *)-1) {
Damien Miller	996acd2	2003-04-09 20:59:48 +1000	[diff] [blame]	94	logit("No valid ciphers for protocol version 2 given, using defaults.");
Damien Miller	e39cacc	2000-11-29 12:18:44 +1100	[diff] [blame]	95	options.ciphers = NULL;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	96	}
				97	if (options.ciphers != NULL) {
				98	myproposal[PROPOSAL_ENC_ALGS_CTOS] =
				99	myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers;
				100	}
Damien Miller	a0ff466	2001-03-30 10:49:35 +1000	[diff] [blame]	101	myproposal[PROPOSAL_ENC_ALGS_CTOS] =
				102	compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_CTOS]);
				103	myproposal[PROPOSAL_ENC_ALGS_STOC] =
				104	compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_STOC]);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	105	if (options.compression) {
Ben Lindstrom	06b33aa	2001-02-15 03:01:59 +0000	[diff] [blame]	106	myproposal[PROPOSAL_COMP_ALGS_CTOS] =
Ben Lindstrom	343010a	2002-07-04 00:16:25 +0000	[diff] [blame]	107	myproposal[PROPOSAL_COMP_ALGS_STOC] = "zlib,none";
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	108	} else {
Ben Lindstrom	06b33aa	2001-02-15 03:01:59 +0000	[diff] [blame]	109	myproposal[PROPOSAL_COMP_ALGS_CTOS] =
Ben Lindstrom	343010a	2002-07-04 00:16:25 +0000	[diff] [blame]	110	myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib";
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	111	}
Ben Lindstrom	06b33aa	2001-02-15 03:01:59 +0000	[diff] [blame]	112	if (options.macs != NULL) {
				113	myproposal[PROPOSAL_MAC_ALGS_CTOS] =
				114	myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
				115	}
Ben Lindstrom	982dbbc	2001-04-17 18:11:36 +0000	[diff] [blame]	116	if (options.hostkeyalgorithms != NULL)
Damien Miller	9f0f5c6	2001-12-21 14:45:46 +1100	[diff] [blame]	117	myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
Ben Lindstrom	982dbbc	2001-04-17 18:11:36 +0000	[diff] [blame]	118	options.hostkeyalgorithms;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	119
Damien Miller	a5539d2	2003-04-09 20:50:06 +1000	[diff] [blame]	120	if (options.rekey_limit)
				121	packet_set_rekey_limit(options.rekey_limit);
				122
Ben Lindstrom	8ac9106	2001-04-04 17:57:54 +0000	[diff] [blame]	123	/* start key exchange */
Ben Lindstrom	238abf6	2001-04-04 17:52:53 +0000	[diff] [blame]	124	kex = kex_setup(myproposal);
Damien Miller	8e7fb33	2003-02-24 12:03:03 +1100	[diff] [blame]	125	kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client;
				126	kex->kex[KEX_DH_GEX_SHA1] = kexgex_client;
Ben Lindstrom	20d7c7b	2001-04-04 01:56:17 +0000	[diff] [blame]	127	kex->client_version_string=client_version_string;
				128	kex->server_version_string=server_version_string;
Ben Lindstrom	d6481ea	2001-06-25 04:37:41 +0000	[diff] [blame]	129	kex->verify_host_key=&verify_host_key_callback;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	130
Ben Lindstrom	f28f634	2001-04-04 02:03:04 +0000	[diff] [blame]	131	xxx_kex = kex;
				132
Ben Lindstrom	be2cc43	2001-04-04 23:46:07 +0000	[diff] [blame]	133	dispatch_run(DISPATCH_BLOCK, &kex->done, kex);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	134
Ben Lindstrom	2d90e00	2001-04-04 02:00:54 +0000	[diff] [blame]	135	session_id2 = kex->session_id;
				136	session_id2_len = kex->session_id_len;
				137
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	138	#ifdef DEBUG_KEXDH
				139	/* send 1st encrypted/maced/compressed message */
				140	packet_start(SSH2_MSG_IGNORE);
				141	packet_put_cstring("markus");
				142	packet_send();
				143	packet_write_wait();
				144	#endif
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	145	}
Damien Miller	b1715dc	2000-05-30 13:44:51 +1000	[diff] [blame]	146
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	147	/*
				148	* Authenticate user
				149	*/
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	150
				151	typedef struct Authctxt Authctxt;
				152	typedef struct Authmethod Authmethod;
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	153	typedef struct identity Identity;
				154	typedef struct idlist Idlist;
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	155
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	156	struct identity {
				157	TAILQ_ENTRY(identity) next;
				158	AuthenticationConnection ac; / set if agent supports key */
				159	Key key; / public/private key */
				160	char filename; / comment for agent-only keys */
				161	int tried;
				162	int isprivate; /* key points to the private key */
				163	};
				164	TAILQ_HEAD(idlist, identity);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	165
				166	struct Authctxt {
				167	const char *server_user;
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	168	const char *local_user;
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	169	const char *host;
				170	const char *service;
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	171	Authmethod *method;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	172	int success;
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	173	char *authlist;
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	174	/* pubkey */
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	175	Idlist keys;
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	176	AuthenticationConnection *agent;
				177	/* hostbased */
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	178	Sensitive *sensitive;
Ben Lindstrom	7d19996	2001-09-12 18:29:00 +0000	[diff] [blame]	179	/* kbd-interactive */
				180	int info_req_seen;
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	181	};
				182	struct Authmethod {
				183	char name; / string to compare against server's list */
				184	int (userauth)(Authctxt authctxt);
				185	int enabled; / flag in option struct that enables method */
				186	int batch_flag; / flag in option struct that disables method */
				187	};
				188
Damien Miller	630d6f4	2002-01-22 23:17:30 +1100	[diff] [blame]	189	void input_userauth_success(int, u_int32_t, void *);
				190	void input_userauth_failure(int, u_int32_t, void *);
				191	void input_userauth_banner(int, u_int32_t, void *);
				192	void input_userauth_error(int, u_int32_t, void *);
				193	void input_userauth_info_req(int, u_int32_t, void *);
				194	void input_userauth_pk_ok(int, u_int32_t, void *);
Ben Lindstrom	38a69e6	2002-03-27 17:28:46 +0000	[diff] [blame]	195	void input_userauth_passwd_changereq(int, u_int32_t, void *);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	196
Ben Lindstrom	3c36bb2	2001-12-06 17:55:26 +0000	[diff] [blame]	197	int userauth_none(Authctxt *);
				198	int userauth_pubkey(Authctxt *);
				199	int userauth_passwd(Authctxt *);
				200	int userauth_kbdint(Authctxt *);
				201	int userauth_hostbased(Authctxt *);
Damien Miller	3ab496b	2003-05-14 13:47:37 +1000	[diff] [blame]	202	int userauth_kerberos(Authctxt *);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	203
Ben Lindstrom	3c36bb2	2001-12-06 17:55:26 +0000	[diff] [blame]	204	void userauth(Authctxt , char );
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	205
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	206	static int sign_and_send_pubkey(Authctxt , Identity );
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	207	static void clear_auth_state(Authctxt *);
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	208	static void pubkey_prepare(Authctxt *);
				209	static void pubkey_cleanup(Authctxt *);
				210	static Key load_identity_file(char );
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	211
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	212	static Authmethod authmethod_get(char authlist);
				213	static Authmethod authmethod_lookup(const char name);
				214	static char *authmethods_get(void);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	215
				216	Authmethod authmethods[] = {
Ben Lindstrom	1bfe291	2001-06-05 19:37:25 +0000	[diff] [blame]	217	{"hostbased",
				218	userauth_hostbased,
				219	&options.hostbased_authentication,
				220	NULL},
Damien Miller	3ab496b	2003-05-14 13:47:37 +1000	[diff] [blame]	221	#if KRB5
				222	{"kerberos-2@ssh.com",
				223	userauth_kerberos,
				224	&options.kerberos_authentication,
				225	NULL},
				226	#endif
Ben Lindstrom	45350e8	2001-08-06 20:57:11 +0000	[diff] [blame]	227	{"publickey",
				228	userauth_pubkey,
				229	&options.pubkey_authentication,
				230	NULL},
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	231	{"keyboard-interactive",
				232	userauth_kbdint,
				233	&options.kbd_interactive_authentication,
				234	&options.batch_mode},
Ben Lindstrom	45350e8	2001-08-06 20:57:11 +0000	[diff] [blame]	235	{"password",
				236	userauth_passwd,
				237	&options.password_authentication,
				238	&options.batch_mode},
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	239	{"none",
				240	userauth_none,
				241	NULL,
				242	NULL},
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	243	{NULL, NULL, NULL, NULL}
				244	};
				245
				246	void
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	247	ssh_userauth2(const char local_user, const char server_user, char *host,
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	248	Sensitive *sensitive)
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	249	{
				250	Authctxt authctxt;
				251	int type;
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	252
Ben Lindstrom	551ea37	2001-06-05 18:56:16 +0000	[diff] [blame]	253	if (options.challenge_response_authentication)
Ben Lindstrom	95fb2dd	2001-01-23 03:12:10 +0000	[diff] [blame]	254	options.kbd_interactive_authentication = 1;
				255
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	256	packet_start(SSH2_MSG_SERVICE_REQUEST);
				257	packet_put_cstring("ssh-userauth");
				258	packet_send();
Ben Lindstrom	064496f	2002-12-23 02:04:22 +0000	[diff] [blame]	259	debug("SSH2_MSG_SERVICE_REQUEST sent");
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	260	packet_write_wait();
Damien Miller	dff5099	2002-01-22 23:16:32 +1100	[diff] [blame]	261	type = packet_read();
Ben Lindstrom	064496f	2002-12-23 02:04:22 +0000	[diff] [blame]	262	if (type != SSH2_MSG_SERVICE_ACCEPT)
				263	fatal("Server denied authentication request: %d", type);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	264	if (packet_remaining() > 0) {
Damien Miller	dff5099	2002-01-22 23:16:32 +1100	[diff] [blame]	265	char *reply = packet_get_string(NULL);
Ben Lindstrom	064496f	2002-12-23 02:04:22 +0000	[diff] [blame]	266	debug2("service_accept: %s", reply);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	267	xfree(reply);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	268	} else {
Ben Lindstrom	1d568f9	2002-12-23 02:44:36 +0000	[diff] [blame]	269	debug2("buggy server: service_accept w/o service");
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	270	}
Damien Miller	48b03fc	2002-01-22 23:11:40 +1100	[diff] [blame]	271	packet_check_eom();
Ben Lindstrom	064496f	2002-12-23 02:04:22 +0000	[diff] [blame]	272	debug("SSH2_MSG_SERVICE_ACCEPT received");
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	273
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame]	274	if (options.preferred_authentications == NULL)
				275	options.preferred_authentications = authmethods_get();
				276
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	277	/* setup authentication context */
Ben Lindstrom	7d19996	2001-09-12 18:29:00 +0000	[diff] [blame]	278	memset(&authctxt, 0, sizeof(authctxt));
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	279	pubkey_prepare(&authctxt);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	280	authctxt.server_user = server_user;
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	281	authctxt.local_user = local_user;
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	282	authctxt.host = host;
				283	authctxt.service = "ssh-connection"; /* service name */
				284	authctxt.success = 0;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	285	authctxt.method = authmethod_lookup("none");
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	286	authctxt.authlist = NULL;
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	287	authctxt.sensitive = sensitive;
Ben Lindstrom	7d19996	2001-09-12 18:29:00 +0000	[diff] [blame]	288	authctxt.info_req_seen = 0;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	289	if (authctxt.method == NULL)
				290	fatal("ssh_userauth2: internal error: cannot send userauth none request");
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	291
				292	/* initial userauth request */
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	293	userauth_none(&authctxt);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	294
Ben Lindstrom	8ac9106	2001-04-04 17:57:54 +0000	[diff] [blame]	295	dispatch_init(&input_userauth_error);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	296	dispatch_set(SSH2_MSG_USERAUTH_SUCCESS, &input_userauth_success);
				297	dispatch_set(SSH2_MSG_USERAUTH_FAILURE, &input_userauth_failure);
Ben Lindstrom	d26dcf3	2001-01-06 15:18:16 +0000	[diff] [blame]	298	dispatch_set(SSH2_MSG_USERAUTH_BANNER, &input_userauth_banner);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	299	dispatch_run(DISPATCH_BLOCK, &authctxt.success, &authctxt); /* loop until success */
				300
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	301	pubkey_cleanup(&authctxt);
Ben Lindstrom	1d568f9	2002-12-23 02:44:36 +0000	[diff] [blame]	302	debug("Authentication succeeded (%s).", authctxt.method->name);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	303	}
				304	void
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	305	userauth(Authctxt authctxt, char authlist)
				306	{
				307	if (authlist == NULL) {
				308	authlist = authctxt->authlist;
				309	} else {
				310	if (authctxt->authlist)
				311	xfree(authctxt->authlist);
				312	authctxt->authlist = authlist;
				313	}
				314	for (;;) {
				315	Authmethod *method = authmethod_get(authlist);
				316	if (method == NULL)
				317	fatal("Permission denied (%s).", authlist);
				318	authctxt->method = method;
				319	if (method->userauth(authctxt) != 0) {
				320	debug2("we sent a %s packet, wait for reply", method->name);
				321	break;
				322	} else {
				323	debug2("we did not send a packet, disable method");
				324	method->enabled = NULL;
				325	}
				326	}
				327	}
Ben Lindstrom	5c38552	2002-06-23 21:23:20 +0000	[diff] [blame]	328
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	329	void
Damien Miller	630d6f4	2002-01-22 23:17:30 +1100	[diff] [blame]	330	input_userauth_error(int type, u_int32_t seq, void *ctxt)
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	331	{
Ben Lindstrom	d26dcf3	2001-01-06 15:18:16 +0000	[diff] [blame]	332	fatal("input_userauth_error: bad message during authentication: "
				333	"type %d", type);
				334	}
Ben Lindstrom	5c38552	2002-06-23 21:23:20 +0000	[diff] [blame]	335
Ben Lindstrom	d26dcf3	2001-01-06 15:18:16 +0000	[diff] [blame]	336	void
Damien Miller	630d6f4	2002-01-22 23:17:30 +1100	[diff] [blame]	337	input_userauth_banner(int type, u_int32_t seq, void *ctxt)
Ben Lindstrom	d26dcf3	2001-01-06 15:18:16 +0000	[diff] [blame]	338	{
				339	char msg, lang;
				340	debug3("input_userauth_banner");
				341	msg = packet_get_string(NULL);
				342	lang = packet_get_string(NULL);
				343	fprintf(stderr, "%s", msg);
				344	xfree(msg);
				345	xfree(lang);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	346	}
Ben Lindstrom	5c38552	2002-06-23 21:23:20 +0000	[diff] [blame]	347
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	348	void
Damien Miller	630d6f4	2002-01-22 23:17:30 +1100	[diff] [blame]	349	input_userauth_success(int type, u_int32_t seq, void *ctxt)
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	350	{
				351	Authctxt *authctxt = ctxt;
				352	if (authctxt == NULL)
				353	fatal("input_userauth_success: no authentication context");
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	354	if (authctxt->authlist)
				355	xfree(authctxt->authlist);
				356	clear_auth_state(authctxt);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	357	authctxt->success = 1; /* break out */
				358	}
Ben Lindstrom	5c38552	2002-06-23 21:23:20 +0000	[diff] [blame]	359
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	360	void
Damien Miller	630d6f4	2002-01-22 23:17:30 +1100	[diff] [blame]	361	input_userauth_failure(int type, u_int32_t seq, void *ctxt)
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	362	{
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	363	Authctxt *authctxt = ctxt;
				364	char *authlist = NULL;
				365	int partial;
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	366
				367	if (authctxt == NULL)
				368	fatal("input_userauth_failure: no authentication context");
				369
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	370	authlist = packet_get_string(NULL);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	371	partial = packet_get_char();
Damien Miller	48b03fc	2002-01-22 23:11:40 +1100	[diff] [blame]	372	packet_check_eom();
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	373
				374	if (partial != 0)
Damien Miller	996acd2	2003-04-09 20:59:48 +1000	[diff] [blame]	375	logit("Authenticated with partial success.");
Ben Lindstrom	1d568f9	2002-12-23 02:44:36 +0000	[diff] [blame]	376	debug("Authentications that can continue: %s", authlist);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	377
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	378	clear_auth_state(authctxt);
				379	userauth(authctxt, authlist);
				380	}
				381	void
Damien Miller	630d6f4	2002-01-22 23:17:30 +1100	[diff] [blame]	382	input_userauth_pk_ok(int type, u_int32_t seq, void *ctxt)
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	383	{
				384	Authctxt *authctxt = ctxt;
				385	Key *key = NULL;
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	386	Identity *id = NULL;
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	387	Buffer b;
Ben Lindstrom	90fd814	2002-02-26 18:09:42 +0000	[diff] [blame]	388	int pktype, sent = 0;
				389	u_int alen, blen;
				390	char pkalg, fp;
				391	u_char *pkblob;
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	392
				393	if (authctxt == NULL)
				394	fatal("input_userauth_pk_ok: no authentication context");
				395	if (datafellows & SSH_BUG_PKOK) {
				396	/* this is similar to SSH_BUG_PKAUTH */
				397	debug2("input_userauth_pk_ok: SSH_BUG_PKOK");
				398	pkblob = packet_get_string(&blen);
				399	buffer_init(&b);
				400	buffer_append(&b, pkblob, blen);
				401	pkalg = buffer_get_string(&b, &alen);
				402	buffer_free(&b);
				403	} else {
				404	pkalg = packet_get_string(&alen);
				405	pkblob = packet_get_string(&blen);
Kevin Steves	ef4eea9	2001-02-05 12:42:17 +0000	[diff] [blame]	406	}
Damien Miller	48b03fc	2002-01-22 23:11:40 +1100	[diff] [blame]	407	packet_check_eom();
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	408
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	409	debug("Server accepts key: pkalg %s blen %u", pkalg, blen);
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	410
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	411	if ((pktype = key_type_from_name(pkalg)) == KEY_UNSPEC) {
				412	debug("unknown pkalg %s", pkalg);
				413	goto done;
				414	}
				415	if ((key = key_from_blob(pkblob, blen)) == NULL) {
				416	debug("no key from blob. pkalg %s", pkalg);
				417	goto done;
				418	}
				419	if (key->type != pktype) {
				420	error("input_userauth_pk_ok: type mismatch "
				421	"for decoded key (received %d, expected %d)",
				422	key->type, pktype);
				423	goto done;
				424	}
				425	fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
				426	debug2("input_userauth_pk_ok: fp %s", fp);
				427	xfree(fp);
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	428
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	429	TAILQ_FOREACH(id, &authctxt->keys, next) {
				430	if (key_equal(key, id->key)) {
				431	sent = sign_and_send_pubkey(authctxt, id);
				432	break;
				433	}
				434	}
				435	done:
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	436	if (key != NULL)
				437	key_free(key);
				438	xfree(pkalg);
				439	xfree(pkblob);
				440
				441	/* unregister */
				442	clear_auth_state(authctxt);
				443	dispatch_set(SSH2_MSG_USERAUTH_PK_OK, NULL);
				444
Ben Lindstrom	a962c2f	2002-07-04 00:14:17 +0000	[diff] [blame]	445	/* try another method if we did not send a packet */
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	446	if (sent == 0)
				447	userauth(authctxt, NULL);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	448	}
				449
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	450	int
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	451	userauth_none(Authctxt *authctxt)
				452	{
				453	/* initial userauth request */
				454	packet_start(SSH2_MSG_USERAUTH_REQUEST);
				455	packet_put_cstring(authctxt->server_user);
				456	packet_put_cstring(authctxt->service);
				457	packet_put_cstring(authctxt->method->name);
				458	packet_send();
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	459	return 1;
				460	}
				461
				462	int
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	463	userauth_passwd(Authctxt *authctxt)
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	464	{
Damien Miller	e247cc4	2000-05-07 12:03:14 +1000	[diff] [blame]	465	static int attempt = 0;
Ben Lindstrom	38a69e6	2002-03-27 17:28:46 +0000	[diff] [blame]	466	char prompt[150];
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	467	char *password;
				468
Damien Miller	d3a1857	2000-06-07 19:55:44 +1000	[diff] [blame]	469	if (attempt++ >= options.number_of_password_prompts)
Damien Miller	e247cc4	2000-05-07 12:03:14 +1000	[diff] [blame]	470	return 0;
				471
Ben Lindstrom	1c37c6a	2001-12-06 18:00:18 +0000	[diff] [blame]	472	if (attempt != 1)
Damien Miller	d3a1857	2000-06-07 19:55:44 +1000	[diff] [blame]	473	error("Permission denied, please try again.");
				474
Ben Lindstrom	03df5bd	2001-02-10 22:16:41 +0000	[diff] [blame]	475	snprintf(prompt, sizeof(prompt), "%.30s@%.128s's password: ",
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	476	authctxt->server_user, authctxt->host);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	477	password = read_passphrase(prompt, 0);
				478	packet_start(SSH2_MSG_USERAUTH_REQUEST);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	479	packet_put_cstring(authctxt->server_user);
				480	packet_put_cstring(authctxt->service);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	481	packet_put_cstring(authctxt->method->name);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	482	packet_put_char(0);
Ben Lindstrom	5699c5f	2001-03-05 06:17:49 +0000	[diff] [blame]	483	packet_put_cstring(password);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	484	memset(password, 0, strlen(password));
				485	xfree(password);
Damien Miller	9f64390	2001-11-12 11:02:52 +1100	[diff] [blame]	486	packet_add_padding(64);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	487	packet_send();
Ben Lindstrom	38a69e6	2002-03-27 17:28:46 +0000	[diff] [blame]	488
Ben Lindstrom	cb72e4f	2002-06-21 00:41:51 +0000	[diff] [blame]	489	dispatch_set(SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ,
Ben Lindstrom	38a69e6	2002-03-27 17:28:46 +0000	[diff] [blame]	490	&input_userauth_passwd_changereq);
				491
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	492	return 1;
				493	}
Ben Lindstrom	38a69e6	2002-03-27 17:28:46 +0000	[diff] [blame]	494	/*
				495	* parse PASSWD_CHANGEREQ, prompt user and send SSH2_MSG_USERAUTH_REQUEST
				496	*/
				497	void
Tim Rice	c854962	2002-03-31 12:49:38 -0800	[diff] [blame]	498	input_userauth_passwd_changereq(int type, u_int32_t seqnr, void *ctxt)
Ben Lindstrom	38a69e6	2002-03-27 17:28:46 +0000	[diff] [blame]	499	{
				500	Authctxt *authctxt = ctxt;
				501	char info, lang, password = NULL, retype = NULL;
				502	char prompt[150];
				503
				504	debug2("input_userauth_passwd_changereq");
				505
				506	if (authctxt == NULL)
				507	fatal("input_userauth_passwd_changereq: "
				508	"no authentication context");
				509
				510	info = packet_get_string(NULL);
				511	lang = packet_get_string(NULL);
				512	if (strlen(info) > 0)
Damien Miller	996acd2	2003-04-09 20:59:48 +1000	[diff] [blame]	513	logit("%s", info);
Ben Lindstrom	38a69e6	2002-03-27 17:28:46 +0000	[diff] [blame]	514	xfree(info);
				515	xfree(lang);
				516	packet_start(SSH2_MSG_USERAUTH_REQUEST);
				517	packet_put_cstring(authctxt->server_user);
				518	packet_put_cstring(authctxt->service);
				519	packet_put_cstring(authctxt->method->name);
				520	packet_put_char(1); /* additional info */
Ben Lindstrom	cb72e4f	2002-06-21 00:41:51 +0000	[diff] [blame]	521	snprintf(prompt, sizeof(prompt),
Ben Lindstrom	38a69e6	2002-03-27 17:28:46 +0000	[diff] [blame]	522	"Enter %.30s@%.128s's old password: ",
				523	authctxt->server_user, authctxt->host);
				524	password = read_passphrase(prompt, 0);
				525	packet_put_cstring(password);
				526	memset(password, 0, strlen(password));
				527	xfree(password);
				528	password = NULL;
				529	while (password == NULL) {
Ben Lindstrom	cb72e4f	2002-06-21 00:41:51 +0000	[diff] [blame]	530	snprintf(prompt, sizeof(prompt),
Ben Lindstrom	38a69e6	2002-03-27 17:28:46 +0000	[diff] [blame]	531	"Enter %.30s@%.128s's new password: ",
				532	authctxt->server_user, authctxt->host);
				533	password = read_passphrase(prompt, RP_ALLOW_EOF);
				534	if (password == NULL) {
				535	/* bail out */
				536	return;
				537	}
Ben Lindstrom	cb72e4f	2002-06-21 00:41:51 +0000	[diff] [blame]	538	snprintf(prompt, sizeof(prompt),
Ben Lindstrom	38a69e6	2002-03-27 17:28:46 +0000	[diff] [blame]	539	"Retype %.30s@%.128s's new password: ",
				540	authctxt->server_user, authctxt->host);
				541	retype = read_passphrase(prompt, 0);
				542	if (strcmp(password, retype) != 0) {
				543	memset(password, 0, strlen(password));
				544	xfree(password);
Damien Miller	996acd2	2003-04-09 20:59:48 +1000	[diff] [blame]	545	logit("Mismatch; try again, EOF to quit.");
Ben Lindstrom	38a69e6	2002-03-27 17:28:46 +0000	[diff] [blame]	546	password = NULL;
				547	}
				548	memset(retype, 0, strlen(retype));
				549	xfree(retype);
				550	}
				551	packet_put_cstring(password);
				552	memset(password, 0, strlen(password));
				553	xfree(password);
				554	packet_add_padding(64);
				555	packet_send();
Ben Lindstrom	cb72e4f	2002-06-21 00:41:51 +0000	[diff] [blame]	556
				557	dispatch_set(SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ,
Ben Lindstrom	38a69e6	2002-03-27 17:28:46 +0000	[diff] [blame]	558	&input_userauth_passwd_changereq);
				559	}
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	560
Ben Lindstrom	7907382	2001-07-04 03:42:30 +0000	[diff] [blame]	561	static void
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	562	clear_auth_state(Authctxt *authctxt)
				563	{
				564	/* XXX clear authentication state */
Ben Lindstrom	38a69e6	2002-03-27 17:28:46 +0000	[diff] [blame]	565	dispatch_set(SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ, NULL);
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	566	}
				567
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	568	static int
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	569	identity_sign(Identity id, u_char sigp, u_int lenp,
				570	u_char *data, u_int datalen)
				571	{
				572	Key *prv;
				573	int ret;
				574
				575	/* the agent supports this key */
				576	if (id->ac)
				577	return (ssh_agent_sign(id->ac, id->key, sigp, lenp,
				578	data, datalen));
				579	/*
				580	* we have already loaded the private key or
				581	* the private key is stored in external hardware
				582	*/
				583	if (id->isprivate \|\| (id->key->flags & KEY_FLAG_EXT))
				584	return (key_sign(id->key, sigp, lenp, data, datalen));
				585	/* load the private key from the file */
				586	if ((prv = load_identity_file(id->filename)) == NULL)
				587	return (-1);
				588	ret = key_sign(prv, sigp, lenp, data, datalen);
				589	key_free(prv);
				590	return (ret);
				591	}
				592
				593	static int
				594	sign_and_send_pubkey(Authctxt authctxt, Identity id)
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	595	{
				596	Buffer b;
Ben Lindstrom	46c1622	2000-12-22 01:43:59 +0000	[diff] [blame]	597	u_char blob, signature;
Ben Lindstrom	90fd814	2002-02-26 18:09:42 +0000	[diff] [blame]	598	u_int bloblen, slen;
Damien Miller	6536c7d	2000-06-22 21:32:31 +1000	[diff] [blame]	599	int skip = 0;
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	600	int ret = -1;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	601	int have_sig = 1;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	602
Ben Lindstrom	d121f61	2000-12-03 17:00:47 +0000	[diff] [blame]	603	debug3("sign_and_send_pubkey");
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	604
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	605	if (key_to_blob(id->key, &blob, &bloblen) == 0) {
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	606	/* we cannot handle this key */
Ben Lindstrom	d121f61	2000-12-03 17:00:47 +0000	[diff] [blame]	607	debug3("sign_and_send_pubkey: cannot handle key");
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	608	return 0;
				609	}
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	610	/* data to be signed */
				611	buffer_init(&b);
Damien Miller	50a41ed	2000-10-16 12:14:42 +1100	[diff] [blame]	612	if (datafellows & SSH_OLD_SESSIONID) {
Damien Miller	6536c7d	2000-06-22 21:32:31 +1000	[diff] [blame]	613	buffer_append(&b, session_id2, session_id2_len);
Kevin Steves	ef4eea9	2001-02-05 12:42:17 +0000	[diff] [blame]	614	skip = session_id2_len;
Damien Miller	50a41ed	2000-10-16 12:14:42 +1100	[diff] [blame]	615	} else {
				616	buffer_put_string(&b, session_id2, session_id2_len);
				617	skip = buffer_len(&b);
Damien Miller	6536c7d	2000-06-22 21:32:31 +1000	[diff] [blame]	618	}
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	619	buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	620	buffer_put_cstring(&b, authctxt->server_user);
Damien Miller	30c3d42	2000-05-09 11:02:59 +1000	[diff] [blame]	621	buffer_put_cstring(&b,
Ben Lindstrom	d121f61	2000-12-03 17:00:47 +0000	[diff] [blame]	622	datafellows & SSH_BUG_PKSERVICE ?
Damien Miller	30c3d42	2000-05-09 11:02:59 +1000	[diff] [blame]	623	"ssh-userauth" :
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	624	authctxt->service);
Ben Lindstrom	d121f61	2000-12-03 17:00:47 +0000	[diff] [blame]	625	if (datafellows & SSH_BUG_PKAUTH) {
				626	buffer_put_char(&b, have_sig);
				627	} else {
				628	buffer_put_cstring(&b, authctxt->method->name);
				629	buffer_put_char(&b, have_sig);
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	630	buffer_put_cstring(&b, key_ssh_name(id->key));
Ben Lindstrom	d121f61	2000-12-03 17:00:47 +0000	[diff] [blame]	631	}
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	632	buffer_put_string(&b, blob, bloblen);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	633
				634	/* generate signature */
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	635	ret = identity_sign(id, &signature, &slen,
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	636	buffer_ptr(&b), buffer_len(&b));
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	637	if (ret == -1) {
				638	xfree(blob);
				639	buffer_free(&b);
				640	return 0;
				641	}
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	642	#ifdef DEBUG_PK
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	643	buffer_dump(&b);
				644	#endif
Ben Lindstrom	d121f61	2000-12-03 17:00:47 +0000	[diff] [blame]	645	if (datafellows & SSH_BUG_PKSERVICE) {
Damien Miller	30c3d42	2000-05-09 11:02:59 +1000	[diff] [blame]	646	buffer_clear(&b);
				647	buffer_append(&b, session_id2, session_id2_len);
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	648	skip = session_id2_len;
Damien Miller	30c3d42	2000-05-09 11:02:59 +1000	[diff] [blame]	649	buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	650	buffer_put_cstring(&b, authctxt->server_user);
				651	buffer_put_cstring(&b, authctxt->service);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	652	buffer_put_cstring(&b, authctxt->method->name);
				653	buffer_put_char(&b, have_sig);
Ben Lindstrom	d121f61	2000-12-03 17:00:47 +0000	[diff] [blame]	654	if (!(datafellows & SSH_BUG_PKAUTH))
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	655	buffer_put_cstring(&b, key_ssh_name(id->key));
Damien Miller	30c3d42	2000-05-09 11:02:59 +1000	[diff] [blame]	656	buffer_put_string(&b, blob, bloblen);
				657	}
				658	xfree(blob);
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	659
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	660	/* append signature */
				661	buffer_put_string(&b, signature, slen);
				662	xfree(signature);
				663
				664	/* skip session id and packet type */
Damien Miller	6536c7d	2000-06-22 21:32:31 +1000	[diff] [blame]	665	if (buffer_len(&b) < skip + 1)
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	666	fatal("userauth_pubkey: internal error");
Damien Miller	6536c7d	2000-06-22 21:32:31 +1000	[diff] [blame]	667	buffer_consume(&b, skip + 1);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	668
				669	/* put remaining data from buffer into packet */
				670	packet_start(SSH2_MSG_USERAUTH_REQUEST);
				671	packet_put_raw(buffer_ptr(&b), buffer_len(&b));
				672	buffer_free(&b);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	673	packet_send();
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	674
				675	return 1;
Damien Miller	994cf14	2000-07-21 10:19:44 +1000	[diff] [blame]	676	}
				677
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	678	static int
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	679	send_pubkey_test(Authctxt authctxt, Identity id)
Damien Miller	994cf14	2000-07-21 10:19:44 +1000	[diff] [blame]	680	{
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	681	u_char *blob;
Ben Lindstrom	c58ab02	2002-02-26 18:15:09 +0000	[diff] [blame]	682	u_int bloblen, have_sig = 0;
Damien Miller	994cf14	2000-07-21 10:19:44 +1000	[diff] [blame]	683
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	684	debug3("send_pubkey_test");
				685
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	686	if (key_to_blob(id->key, &blob, &bloblen) == 0) {
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	687	/* we cannot handle this key */
				688	debug3("send_pubkey_test: cannot handle key");
Damien Miller	994cf14	2000-07-21 10:19:44 +1000	[diff] [blame]	689	return 0;
				690	}
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	691	/* register callback for USERAUTH_PK_OK message */
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	692	dispatch_set(SSH2_MSG_USERAUTH_PK_OK, &input_userauth_pk_ok);
Damien Miller	994cf14	2000-07-21 10:19:44 +1000	[diff] [blame]	693
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	694	packet_start(SSH2_MSG_USERAUTH_REQUEST);
				695	packet_put_cstring(authctxt->server_user);
				696	packet_put_cstring(authctxt->service);
				697	packet_put_cstring(authctxt->method->name);
				698	packet_put_char(have_sig);
				699	if (!(datafellows & SSH_BUG_PKAUTH))
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	700	packet_put_cstring(key_ssh_name(id->key));
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	701	packet_put_string(blob, bloblen);
				702	xfree(blob);
				703	packet_send();
				704	return 1;
				705	}
				706
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	707	static Key *
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	708	load_identity_file(char *filename)
				709	{
				710	Key *private;
				711	char prompt[300], *passphrase;
Ben Lindstrom	d0fca42	2001-03-26 13:44:06 +0000	[diff] [blame]	712	int quit, i;
Ben Lindstrom	329782e	2001-03-10 17:08:59 +0000	[diff] [blame]	713	struct stat st;
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	714
Ben Lindstrom	329782e	2001-03-10 17:08:59 +0000	[diff] [blame]	715	if (stat(filename, &st) < 0) {
				716	debug3("no such identity: %s", filename);
				717	return NULL;
				718	}
Ben Lindstrom	d0fca42	2001-03-26 13:44:06 +0000	[diff] [blame]	719	private = key_load_private_type(KEY_UNSPEC, filename, "", NULL);
				720	if (private == NULL) {
				721	if (options.batch_mode)
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	722	return NULL;
Damien Miller	994cf14	2000-07-21 10:19:44 +1000	[diff] [blame]	723	snprintf(prompt, sizeof prompt,
Damien Miller	9f0f5c6	2001-12-21 14:45:46 +1100	[diff] [blame]	724	"Enter passphrase for key '%.100s': ", filename);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	725	for (i = 0; i < options.number_of_password_prompts; i++) {
				726	passphrase = read_passphrase(prompt, 0);
				727	if (strcmp(passphrase, "") != 0) {
Ben Lindstrom	d0fca42	2001-03-26 13:44:06 +0000	[diff] [blame]	728	private = key_load_private_type(KEY_UNSPEC, filename,
				729	passphrase, NULL);
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	730	quit = 0;
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	731	} else {
				732	debug2("no passphrase given, try next key");
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	733	quit = 1;
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	734	}
				735	memset(passphrase, 0, strlen(passphrase));
				736	xfree(passphrase);
Ben Lindstrom	d0fca42	2001-03-26 13:44:06 +0000	[diff] [blame]	737	if (private != NULL \|\| quit)
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	738	break;
				739	debug2("bad passphrase given, try again...");
				740	}
Damien Miller	994cf14	2000-07-21 10:19:44 +1000	[diff] [blame]	741	}
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	742	return private;
				743	}
				744
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	745	/*
				746	* try keys in the following order:
				747	* 1. agent keys that are found in the config file
				748	* 2. other agent keys
				749	* 3. keys that are only listed in the config file
				750	*/
				751	static void
				752	pubkey_prepare(Authctxt *authctxt)
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	753	{
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	754	Identity *id;
				755	Idlist agent, files, *preferred;
				756	Key *key;
				757	AuthenticationConnection *ac;
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	758	char *comment;
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	759	int i, found;
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	760
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	761	TAILQ_INIT(&agent); /* keys from the agent */
				762	TAILQ_INIT(&files); /* keys from the config file */
				763	preferred = &authctxt->keys;
				764	TAILQ_INIT(preferred); /* preferred order of keys */
				765
				766	/* list of keys stored in the filesystem */
				767	for (i = 0; i < options.num_identity_files; i++) {
				768	key = options.identity_keys[i];
				769	if (key && key->type == KEY_RSA1)
				770	continue;
				771	options.identity_keys[i] = NULL;
				772	id = xmalloc(sizeof(*id));
				773	memset(id, 0, sizeof(*id));
				774	id->key = key;
				775	id->filename = xstrdup(options.identity_files[i]);
				776	TAILQ_INSERT_TAIL(&files, id, next);
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	777	}
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	778	/* list of keys supported by the agent */
				779	if ((ac = ssh_get_authentication_connection())) {
				780	for (key = ssh_get_first_identity(ac, &comment, 2);
				781	key != NULL;
				782	key = ssh_get_next_identity(ac, &comment, 2)) {
				783	found = 0;
				784	TAILQ_FOREACH(id, &files, next) {
				785	/* agent keys from the config file are preferred */
				786	if (key_equal(key, id->key)) {
				787	key_free(key);
				788	xfree(comment);
				789	TAILQ_REMOVE(&files, id, next);
				790	TAILQ_INSERT_TAIL(preferred, id, next);
				791	id->ac = ac;
				792	found = 1;
				793	break;
				794	}
				795	}
				796	if (!found) {
				797	id = xmalloc(sizeof(*id));
				798	memset(id, 0, sizeof(*id));
				799	id->key = key;
				800	id->filename = comment;
				801	id->ac = ac;
				802	TAILQ_INSERT_TAIL(&agent, id, next);
				803	}
				804	}
				805	/* append remaining agent keys */
				806	for (id = TAILQ_FIRST(&agent); id; id = TAILQ_FIRST(&agent)) {
				807	TAILQ_REMOVE(&agent, id, next);
				808	TAILQ_INSERT_TAIL(preferred, id, next);
				809	}
				810	authctxt->agent = ac;
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	811	}
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	812	/* append remaining keys from the config file */
				813	for (id = TAILQ_FIRST(&files); id; id = TAILQ_FIRST(&files)) {
				814	TAILQ_REMOVE(&files, id, next);
				815	TAILQ_INSERT_TAIL(preferred, id, next);
				816	}
				817	TAILQ_FOREACH(id, preferred, next) {
				818	debug2("key: %s (%p)", id->filename, id->key);
				819	}
				820	}
				821
				822	static void
				823	pubkey_cleanup(Authctxt *authctxt)
				824	{
				825	Identity *id;
				826
				827	if (authctxt->agent != NULL)
				828	ssh_close_authentication_connection(authctxt->agent);
				829	for (id = TAILQ_FIRST(&authctxt->keys); id;
				830	id = TAILQ_FIRST(&authctxt->keys)) {
				831	TAILQ_REMOVE(&authctxt->keys, id, next);
				832	if (id->key)
				833	key_free(id->key);
				834	if (id->filename)
				835	xfree(id->filename);
				836	xfree(id);
				837	}
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	838	}
				839
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	840	int
				841	userauth_pubkey(Authctxt *authctxt)
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	842	{
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	843	Identity *id;
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	844	int sent = 0;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	845
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	846	while ((id = TAILQ_FIRST(&authctxt->keys))) {
				847	if (id->tried++)
				848	return (0);
				849	TAILQ_REMOVE(&authctxt->keys, id, next);
				850	TAILQ_INSERT_TAIL(&authctxt->keys, id, next);
				851	/*
				852	* send a test message if we have the public key. for
				853	* encrypted keys we cannot do this and have to load the
				854	* private key instead
				855	*/
				856	if (id->key && id->key->type != KEY_RSA1) {
				857	debug("Offering public key: %s", id->filename);
				858	sent = send_pubkey_test(authctxt, id);
				859	} else if (id->key == NULL) {
				860	debug("Trying private key: %s", id->filename);
				861	id->key = load_identity_file(id->filename);
				862	if (id->key != NULL) {
				863	id->isprivate = 1;
				864	sent = sign_and_send_pubkey(authctxt, id);
				865	key_free(id->key);
				866	id->key = NULL;
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	867	}
Ben Lindstrom	266dfdf	2001-03-09 00:12:22 +0000	[diff] [blame]	868	}
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	869	if (sent)
				870	return (sent);
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	871	}
Damien Miller	280ecfb	2003-05-14 13:46:00 +1000	[diff] [blame]	872	return (0);
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	873	}
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	874
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	875	/*
				876	* Send userauth request message specifying keyboard-interactive method.
				877	*/
				878	int
				879	userauth_kbdint(Authctxt *authctxt)
				880	{
				881	static int attempt = 0;
				882
				883	if (attempt++ >= options.number_of_password_prompts)
				884	return 0;
Ben Lindstrom	7d19996	2001-09-12 18:29:00 +0000	[diff] [blame]	885	/* disable if no SSH2_MSG_USERAUTH_INFO_REQUEST has been seen */
				886	if (attempt > 1 && !authctxt->info_req_seen) {
				887	debug3("userauth_kbdint: disable: no info_req_seen");
				888	dispatch_set(SSH2_MSG_USERAUTH_INFO_REQUEST, NULL);
				889	return 0;
				890	}
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	891
				892	debug2("userauth_kbdint");
				893	packet_start(SSH2_MSG_USERAUTH_REQUEST);
				894	packet_put_cstring(authctxt->server_user);
				895	packet_put_cstring(authctxt->service);
				896	packet_put_cstring(authctxt->method->name);
				897	packet_put_cstring(""); /* lang */
				898	packet_put_cstring(options.kbd_interactive_devices ?
				899	options.kbd_interactive_devices : "");
				900	packet_send();
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	901
				902	dispatch_set(SSH2_MSG_USERAUTH_INFO_REQUEST, &input_userauth_info_req);
				903	return 1;
				904	}
				905
				906	/*
Ben Lindstrom	03df5bd	2001-02-10 22:16:41 +0000	[diff] [blame]	907	* parse INFO_REQUEST, prompt user and send INFO_RESPONSE
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	908	*/
				909	void
Damien Miller	630d6f4	2002-01-22 23:17:30 +1100	[diff] [blame]	910	input_userauth_info_req(int type, u_int32_t seq, void *ctxt)
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	911	{
				912	Authctxt *authctxt = ctxt;
Ben Lindstrom	03df5bd	2001-02-10 22:16:41 +0000	[diff] [blame]	913	char name, inst, lang, prompt, *response;
Ben Lindstrom	46c1622	2000-12-22 01:43:59 +0000	[diff] [blame]	914	u_int num_prompts, i;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	915	int echo = 0;
				916
				917	debug2("input_userauth_info_req");
				918
				919	if (authctxt == NULL)
				920	fatal("input_userauth_info_req: no authentication context");
				921
Ben Lindstrom	7d19996	2001-09-12 18:29:00 +0000	[diff] [blame]	922	authctxt->info_req_seen = 1;
				923
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	924	name = packet_get_string(NULL);
				925	inst = packet_get_string(NULL);
				926	lang = packet_get_string(NULL);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	927	if (strlen(name) > 0)
Damien Miller	996acd2	2003-04-09 20:59:48 +1000	[diff] [blame]	928	logit("%s", name);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	929	if (strlen(inst) > 0)
Damien Miller	996acd2	2003-04-09 20:59:48 +1000	[diff] [blame]	930	logit("%s", inst);
Ben Lindstrom	03df5bd	2001-02-10 22:16:41 +0000	[diff] [blame]	931	xfree(name);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	932	xfree(inst);
Ben Lindstrom	03df5bd	2001-02-10 22:16:41 +0000	[diff] [blame]	933	xfree(lang);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	934
				935	num_prompts = packet_get_int();
				936	/*
				937	* Begin to build info response packet based on prompts requested.
				938	* We commit to providing the correct number of responses, so if
				939	* further on we run into a problem that prevents this, we have to
				940	* be sure and clean this up and send a correct error response.
				941	*/
				942	packet_start(SSH2_MSG_USERAUTH_INFO_RESPONSE);
				943	packet_put_int(num_prompts);
				944
Ben Lindstrom	551ea37	2001-06-05 18:56:16 +0000	[diff] [blame]	945	debug2("input_userauth_info_req: num_prompts %d", num_prompts);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	946	for (i = 0; i < num_prompts; i++) {
				947	prompt = packet_get_string(NULL);
				948	echo = packet_get_char();
				949
Ben Lindstrom	949974b	2001-06-25 05:20:31 +0000	[diff] [blame]	950	response = read_passphrase(prompt, echo ? RP_ECHO : 0);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	951
Ben Lindstrom	5699c5f	2001-03-05 06:17:49 +0000	[diff] [blame]	952	packet_put_cstring(response);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	953	memset(response, 0, strlen(response));
				954	xfree(response);
				955	xfree(prompt);
				956	}
Damien Miller	48b03fc	2002-01-22 23:11:40 +1100	[diff] [blame]	957	packet_check_eom(); /* done with parsing incoming message. */
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	958
Damien Miller	9f64390	2001-11-12 11:02:52 +1100	[diff] [blame]	959	packet_add_padding(64);
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	960	packet_send();
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	961	}
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	962
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	963	static int
Ben Lindstrom	5c38552	2002-06-23 21:23:20 +0000	[diff] [blame]	964	ssh_keysign(Key key, u_char sigp, u_int lenp,
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	965	u_char *data, u_int datalen)
				966	{
				967	Buffer b;
Ben Lindstrom	5206b95	2002-06-06 19:59:29 +0000	[diff] [blame]	968	struct stat st;
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	969	pid_t pid;
Ben Lindstrom	cec2ea8	2002-06-06 20:51:04 +0000	[diff] [blame]	970	int to[2], from[2], status, version = 2;
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	971
Ben Lindstrom	1d568f9	2002-12-23 02:44:36 +0000	[diff] [blame]	972	debug2("ssh_keysign called");
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	973
Ben Lindstrom	5206b95	2002-06-06 19:59:29 +0000	[diff] [blame]	974	if (stat(_PATH_SSH_KEY_SIGN, &st) < 0) {
				975	error("ssh_keysign: no installed: %s", strerror(errno));
				976	return -1;
				977	}
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	978	if (fflush(stdout) != 0)
				979	error("ssh_keysign: fflush: %s", strerror(errno));
				980	if (pipe(to) < 0) {
				981	error("ssh_keysign: pipe: %s", strerror(errno));
				982	return -1;
				983	}
				984	if (pipe(from) < 0) {
				985	error("ssh_keysign: pipe: %s", strerror(errno));
				986	return -1;
				987	}
				988	if ((pid = fork()) < 0) {
				989	error("ssh_keysign: fork: %s", strerror(errno));
				990	return -1;
				991	}
				992	if (pid == 0) {
				993	seteuid(getuid());
				994	setuid(getuid());
				995	close(from[0]);
				996	if (dup2(from[1], STDOUT_FILENO) < 0)
				997	fatal("ssh_keysign: dup2: %s", strerror(errno));
				998	close(to[1]);
				999	if (dup2(to[0], STDIN_FILENO) < 0)
				1000	fatal("ssh_keysign: dup2: %s", strerror(errno));
Ben Lindstrom	cec2ea8	2002-06-06 20:51:04 +0000	[diff] [blame]	1001	close(from[1]);
				1002	close(to[0]);
Ben Lindstrom	4887da2	2002-06-06 20:05:57 +0000	[diff] [blame]	1003	execl(_PATH_SSH_KEY_SIGN, _PATH_SSH_KEY_SIGN, (char *) 0);
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	1004	fatal("ssh_keysign: exec(%s): %s", _PATH_SSH_KEY_SIGN,
				1005	strerror(errno));
				1006	}
				1007	close(from[1]);
				1008	close(to[0]);
				1009
				1010	buffer_init(&b);
Ben Lindstrom	cec2ea8	2002-06-06 20:51:04 +0000	[diff] [blame]	1011	buffer_put_int(&b, packet_get_connection_in()); /* send # of socket */
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	1012	buffer_put_string(&b, data, datalen);
Damien Miller	901119b	2002-10-04 11:10:04 +1000	[diff] [blame]	1013	ssh_msg_send(to[1], version, &b);
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	1014
Damien Miller	901119b	2002-10-04 11:10:04 +1000	[diff] [blame]	1015	if (ssh_msg_recv(from[0], &b) < 0) {
Ben Lindstrom	5206b95	2002-06-06 19:59:29 +0000	[diff] [blame]	1016	error("ssh_keysign: no reply");
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	1017	buffer_clear(&b);
				1018	return -1;
				1019	}
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	1020	close(from[0]);
				1021	close(to[1]);
				1022
Ben Lindstrom	cec2ea8	2002-06-06 20:51:04 +0000	[diff] [blame]	1023	while (waitpid(pid, &status, 0) < 0)
				1024	if (errno != EINTR)
				1025	break;
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	1026
Ben Lindstrom	5206b95	2002-06-06 19:59:29 +0000	[diff] [blame]	1027	if (buffer_get_char(&b) != version) {
				1028	error("ssh_keysign: bad version");
				1029	buffer_clear(&b);
				1030	return -1;
				1031	}
				1032	*sigp = buffer_get_string(&b, lenp);
				1033	buffer_clear(&b);
				1034
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	1035	return 0;
				1036	}
				1037
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	1038	int
				1039	userauth_hostbased(Authctxt *authctxt)
				1040	{
				1041	Key *private = NULL;
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	1042	Sensitive *sensitive = authctxt->sensitive;
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	1043	Buffer b;
				1044	u_char signature, blob;
				1045	char chost, pkalg, *p;
Ben Lindstrom	671388f	2001-04-19 20:40:45 +0000	[diff] [blame]	1046	const char *service;
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	1047	u_int blen, slen;
Ben Lindstrom	2bffd6f	2001-04-19 20:35:40 +0000	[diff] [blame]	1048	int ok, i, len, found = 0;
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	1049
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	1050	/* check for a useful key */
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	1051	for (i = 0; i < sensitive->nkeys; i++) {
				1052	private = sensitive->keys[i];
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	1053	if (private && private->type != KEY_RSA1) {
				1054	found = 1;
				1055	/* we take and free the key */
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	1056	sensitive->keys[i] = NULL;
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	1057	break;
				1058	}
				1059	}
				1060	if (!found) {
Ben Lindstrom	1d568f9	2002-12-23 02:44:36 +0000	[diff] [blame]	1061	debug("No more client hostkeys for hostbased authentication.");
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	1062	return 0;
				1063	}
				1064	if (key_to_blob(private, &blob, &blen) == 0) {
				1065	key_free(private);
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	1066	return 0;
				1067	}
Damien Miller	91c1847	2001-11-12 11:02:03 +1100	[diff] [blame]	1068	/* figure out a name for the client host */
				1069	p = get_local_name(packet_get_connection_in());
				1070	if (p == NULL) {
				1071	error("userauth_hostbased: cannot get local ipaddr/name");
				1072	key_free(private);
				1073	return 0;
				1074	}
				1075	len = strlen(p) + 2;
				1076	chost = xmalloc(len);
				1077	strlcpy(chost, p, len);
				1078	strlcat(chost, ".", len);
				1079	debug2("userauth_hostbased: chost %s", chost);
Damien Miller	0011138	2003-03-10 11:21:17 +1100	[diff] [blame]	1080	xfree(p);
Damien Miller	91c1847	2001-11-12 11:02:03 +1100	[diff] [blame]	1081
Ben Lindstrom	671388f	2001-04-19 20:40:45 +0000	[diff] [blame]	1082	service = datafellows & SSH_BUG_HBSERVICE ? "ssh-userauth" :
				1083	authctxt->service;
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	1084	pkalg = xstrdup(key_ssh_name(private));
				1085	buffer_init(&b);
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	1086	/* construct data */
Ben Lindstrom	671388f	2001-04-19 20:40:45 +0000	[diff] [blame]	1087	buffer_put_string(&b, session_id2, session_id2_len);
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	1088	buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
				1089	buffer_put_cstring(&b, authctxt->server_user);
Ben Lindstrom	671388f	2001-04-19 20:40:45 +0000	[diff] [blame]	1090	buffer_put_cstring(&b, service);
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	1091	buffer_put_cstring(&b, authctxt->method->name);
				1092	buffer_put_cstring(&b, pkalg);
				1093	buffer_put_string(&b, blob, blen);
				1094	buffer_put_cstring(&b, chost);
				1095	buffer_put_cstring(&b, authctxt->local_user);
				1096	#ifdef DEBUG_PK
				1097	buffer_dump(&b);
				1098	#endif
Ben Lindstrom	1bad256	2002-06-06 19:57:33 +0000	[diff] [blame]	1099	if (sensitive->external_keysign)
				1100	ok = ssh_keysign(private, &signature, &slen,
				1101	buffer_ptr(&b), buffer_len(&b));
				1102	else
				1103	ok = key_sign(private, &signature, &slen,
				1104	buffer_ptr(&b), buffer_len(&b));
Ben Lindstrom	5eabda3	2001-04-12 23:34:34 +0000	[diff] [blame]	1105	key_free(private);
				1106	buffer_free(&b);
				1107	if (ok != 0) {
				1108	error("key_sign failed");
				1109	xfree(chost);
				1110	xfree(pkalg);
				1111	return 0;
				1112	}
				1113	packet_start(SSH2_MSG_USERAUTH_REQUEST);
				1114	packet_put_cstring(authctxt->server_user);
				1115	packet_put_cstring(authctxt->service);
				1116	packet_put_cstring(authctxt->method->name);
				1117	packet_put_cstring(pkalg);
				1118	packet_put_string(blob, blen);
				1119	packet_put_cstring(chost);
				1120	packet_put_cstring(authctxt->local_user);
				1121	packet_put_string(signature, slen);
				1122	memset(signature, 's', slen);
				1123	xfree(signature);
				1124	xfree(chost);
				1125	xfree(pkalg);
				1126
				1127	packet_send();
				1128	return 1;
				1129	}
				1130
Damien Miller	3ab496b	2003-05-14 13:47:37 +1000	[diff] [blame]	1131	#if KRB5
				1132	static int
Damien Miller	4d99519	2003-05-14 19:23:56 +1000	[diff] [blame]	1133	ssh_krb5_helper(krb5_data ap, krb5_context context)
Damien Miller	3ab496b	2003-05-14 13:47:37 +1000	[diff] [blame]	1134	{
				1135	krb5_context xcontext = NULL; /* XXX share with ssh1 */
				1136	krb5_auth_context xauth_context = NULL;
Damien Miller	3ab496b	2003-05-14 13:47:37 +1000	[diff] [blame]	1137	krb5_auth_context *auth_context;
				1138	krb5_error_code problem;
				1139	const char *tkfile;
				1140	struct stat buf;
				1141	krb5_ccache ccache = NULL;
				1142	const char *remotehost;
				1143	int ret;
				1144
				1145	memset(ap, 0, sizeof(*ap));
				1146
				1147	context = &xcontext;
				1148	auth_context = &xauth_context;
				1149
				1150	problem = krb5_init_context(context);
				1151	if (problem) {
				1152	debug("Kerberos v5: krb5_init_context failed");
				1153	ret = 0;
				1154	goto out;
				1155	}
				1156
				1157	tkfile = krb5_cc_default_name(*context);
				1158	if (strncmp(tkfile, "FILE:", 5) == 0)
				1159	tkfile += 5;
				1160
				1161	if (stat(tkfile, &buf) == 0 && getuid() != buf.st_uid) {
				1162	debug("Kerberos v5: could not get default ccache (permission denied).");
				1163	ret = 0;
				1164	goto out;
				1165	}
				1166
				1167	problem = krb5_cc_default(*context, &ccache);
				1168	if (problem) {
				1169	debug("Kerberos v5: krb5_cc_default failed: %s",
				1170	krb5_get_err_text(*context, problem));
				1171	ret = 0;
				1172	goto out;
				1173	}
				1174
				1175	remotehost = get_canonical_hostname(1);
				1176
				1177	problem = krb5_mk_req(*context, auth_context, AP_OPTS_MUTUAL_REQUIRED,
				1178	"host", remotehost, NULL, ccache, ap);
				1179	if (problem) {
				1180	debug("Kerberos v5: krb5_mk_req failed: %s",
				1181	krb5_get_err_text(*context, problem));
				1182	ret = 0;
				1183	goto out;
				1184	}
				1185	ret = 1;
				1186
				1187	out:
				1188	if (ccache != NULL)
				1189	krb5_cc_close(*context, ccache);
				1190	if (*auth_context)
				1191	krb5_auth_con_free(context, auth_context);
Damien Miller	3ab496b	2003-05-14 13:47:37 +1000	[diff] [blame]	1192	return (ret);
				1193	}
				1194
				1195	int
				1196	userauth_kerberos(Authctxt *authctxt)
				1197	{
				1198	krb5_data ap;
Damien Miller	4d99519	2003-05-14 19:23:56 +1000	[diff] [blame]	1199	krb5_context *context;
				1200	int ret = 0;
Damien Miller	3ab496b	2003-05-14 13:47:37 +1000	[diff] [blame]	1201
Damien Miller	4d99519	2003-05-14 19:23:56 +1000	[diff] [blame]	1202	if (ssh_krb5_helper(&ap, context) == 0)
				1203	goto out;
Damien Miller	3ab496b	2003-05-14 13:47:37 +1000	[diff] [blame]	1204
				1205	packet_start(SSH2_MSG_USERAUTH_REQUEST);
				1206	packet_put_cstring(authctxt->server_user);
				1207	packet_put_cstring(authctxt->service);
				1208	packet_put_cstring(authctxt->method->name);
				1209	packet_put_string(ap.data, ap.length);
				1210	packet_send();
				1211
Damien Miller	9c61769	2003-05-14 14:31:11 +1000	[diff] [blame]	1212	#ifdef HEIMDAL
Damien Miller	3ab496b	2003-05-14 13:47:37 +1000	[diff] [blame]	1213	krb5_data_free(&ap);
Damien Miller	9c61769	2003-05-14 14:31:11 +1000	[diff] [blame]	1214	#else
Damien Miller	4d99519	2003-05-14 19:23:56 +1000	[diff] [blame]	1215	krb5_free_data_contents(*context, &ap);
Damien Miller	9c61769	2003-05-14 14:31:11 +1000	[diff] [blame]	1216	#endif
Damien Miller	4d99519	2003-05-14 19:23:56 +1000	[diff] [blame]	1217	ret = 1;
Damien Miller	9c61769	2003-05-14 14:31:11 +1000	[diff] [blame]	1218
Damien Miller	4d99519	2003-05-14 19:23:56 +1000	[diff] [blame]	1219	out:
				1220	if (*context)
				1221	krb5_free_context(*context);
				1222	return ret;
Damien Miller	3ab496b	2003-05-14 13:47:37 +1000	[diff] [blame]	1223	}
				1224	#endif
				1225
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	1226	/* find auth method */
				1227
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	1228	/*
				1229	* given auth method name, if configurable options permit this method fill
				1230	* in auth_ident field and return true, otherwise return false.
				1231	*/
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	1232	static int
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	1233	authmethod_is_enabled(Authmethod *method)
				1234	{
				1235	if (method == NULL)
				1236	return 0;
				1237	/* return false if options indicate this method is disabled */
				1238	if (method->enabled == NULL \|\| *method->enabled == 0)
				1239	return 0;
				1240	/* return false if batch mode is enabled but method needs interactive mode */
				1241	if (method->batch_flag != NULL && *method->batch_flag != 0)
				1242	return 0;
				1243	return 1;
				1244	}
				1245
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	1246	static Authmethod *
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	1247	authmethod_lookup(const char *name)
				1248	{
				1249	Authmethod *method = NULL;
				1250	if (name != NULL)
				1251	for (method = authmethods; method->name != NULL; method++)
				1252	if (strcmp(name, method->name) == 0)
				1253	return method;
				1254	debug2("Unrecognized authentication method name: %s", name ? name : "NULL");
				1255	return NULL;
				1256	}
				1257
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame]	1258	/* XXX internal state */
				1259	static Authmethod *current = NULL;
				1260	static char *supported = NULL;
				1261	static char *preferred = NULL;
Ben Lindstrom	5c38552	2002-06-23 21:23:20 +0000	[diff] [blame]	1262
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	1263	/*
				1264	* Given the authentication method list sent by the server, return the
				1265	* next method we should try. If the server initially sends a nil list,
Ben Lindstrom	a370005	2001-04-05 23:26:32 +0000	[diff] [blame]	1266	* use a built-in default list.
Kevin Steves	ef4eea9	2001-02-05 12:42:17 +0000	[diff] [blame]	1267	*/
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	1268	static Authmethod *
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	1269	authmethod_get(char *authlist)
				1270	{
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame]	1271	char *name = NULL;
Ben Lindstrom	c58ab02	2002-02-26 18:15:09 +0000	[diff] [blame]	1272	u_int next;
Kevin Steves	ef4eea9	2001-02-05 12:42:17 +0000	[diff] [blame]	1273
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	1274	/* Use a suitable default if we're passed a nil list. */
				1275	if (authlist == NULL \|\| strlen(authlist) == 0)
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame]	1276	authlist = options.preferred_authentications;
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	1277
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame]	1278	if (supported == NULL \|\| strcmp(authlist, supported) != 0) {
				1279	debug3("start over, passed a different list %s", authlist);
				1280	if (supported != NULL)
				1281	xfree(supported);
				1282	supported = xstrdup(authlist);
				1283	preferred = options.preferred_authentications;
				1284	debug3("preferred %s", preferred);
				1285	current = NULL;
				1286	} else if (current != NULL && authmethod_is_enabled(current))
				1287	return current;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	1288
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame]	1289	for (;;) {
				1290	if ((name = match_list(preferred, supported, &next)) == NULL) {
Ben Lindstrom	1d568f9	2002-12-23 02:44:36 +0000	[diff] [blame]	1291	debug("No more authentication methods to try.");
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame]	1292	current = NULL;
				1293	return NULL;
Damien Miller	874d77b	2000-10-14 16:23:11 +1100	[diff] [blame]	1294	}
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame]	1295	preferred += next;
				1296	debug3("authmethod_lookup %s", name);
				1297	debug3("remaining preferred: %s", preferred);
				1298	if ((current = authmethod_lookup(name)) != NULL &&
				1299	authmethod_is_enabled(current)) {
				1300	debug3("authmethod_is_enabled %s", name);
Ben Lindstrom	1d568f9	2002-12-23 02:44:36 +0000	[diff] [blame]	1301	debug("Next authentication method: %s", name);
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame]	1302	return current;
				1303	}
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	1304	}
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame]	1305	}
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	1306
Ben Lindstrom	7907382	2001-07-04 03:42:30 +0000	[diff] [blame]	1307	static char *
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame]	1308	authmethods_get(void)
				1309	{
				1310	Authmethod *method = NULL;
Damien Miller	0e3b872	2002-01-22 23:26:38 +1100	[diff] [blame]	1311	Buffer b;
				1312	char *list;
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame]	1313
Damien Miller	0e3b872	2002-01-22 23:26:38 +1100	[diff] [blame]	1314	buffer_init(&b);
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame]	1315	for (method = authmethods; method->name != NULL; method++) {
				1316	if (authmethod_is_enabled(method)) {
Damien Miller	0e3b872	2002-01-22 23:26:38 +1100	[diff] [blame]	1317	if (buffer_len(&b) > 0)
				1318	buffer_append(&b, ",", 1);
				1319	buffer_append(&b, method->name, strlen(method->name));
Ben Lindstrom	b9be60a	2001-03-11 01:49:19 +0000	[diff] [blame]	1320	}
Damien Miller	62cee00	2000-09-23 17:15:56 +1100	[diff] [blame]	1321	}
Damien Miller	0e3b872	2002-01-22 23:26:38 +1100	[diff] [blame]	1322	buffer_append(&b, "\0", 1);
				1323	list = xstrdup(buffer_ptr(&b));
				1324	buffer_free(&b);
				1325	return list;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	1326	}