Annotation of src/usr.bin/ssh/sshconnect1.c, Revision 1.1
1.1 ! markus 1: /*
! 2: * Author: Tatu Ylonen <ylo@cs.hut.fi>
! 3: * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
! 4: * All rights reserved
! 5: * Created: Sat Mar 18 22:15:47 1995 ylo
! 6: * Code to connect to a remote host, and to perform the client side of the
! 7: * login (authentication) dialog.
! 8: *
! 9: */
! 10:
! 11: #include "includes.h"
! 12: RCSID("$OpenBSD: sshconnect1.c,v 1.1 2000/04/18 15:01:33 markus Exp $");
! 13:
! 14: #include <openssl/bn.h>
! 15: #include <openssl/dsa.h>
! 16: #include <openssl/rsa.h>
! 17: #include <openssl/evp.h>
! 18:
! 19: #include "xmalloc.h"
! 20: #include "rsa.h"
! 21: #include "ssh.h"
! 22: #include "buffer.h"
! 23: #include "packet.h"
! 24: #include "authfd.h"
! 25: #include "cipher.h"
! 26: #include "mpaux.h"
! 27: #include "uidswap.h"
! 28: #include "readconf.h"
! 29: #include "key.h"
! 30: #include "sshconnect.h"
! 31: #include "authfile.h"
! 32:
! 33: /* Session id for the current session. */
! 34: unsigned char session_id[16];
! 35: unsigned int supported_authentications = 0;
! 36:
! 37: extern Options options;
! 38: extern char *__progname;
! 39:
! 40: /*
! 41: * Checks if the user has an authentication agent, and if so, tries to
! 42: * authenticate using the agent.
! 43: */
! 44: int
! 45: try_agent_authentication()
! 46: {
! 47: int status, type;
! 48: char *comment;
! 49: AuthenticationConnection *auth;
! 50: unsigned char response[16];
! 51: unsigned int i;
! 52: BIGNUM *e, *n, *challenge;
! 53:
! 54: /* Get connection to the agent. */
! 55: auth = ssh_get_authentication_connection();
! 56: if (!auth)
! 57: return 0;
! 58:
! 59: e = BN_new();
! 60: n = BN_new();
! 61: challenge = BN_new();
! 62:
! 63: /* Loop through identities served by the agent. */
! 64: for (status = ssh_get_first_identity(auth, e, n, &comment);
! 65: status;
! 66: status = ssh_get_next_identity(auth, e, n, &comment)) {
! 67: int plen, clen;
! 68:
! 69: /* Try this identity. */
! 70: debug("Trying RSA authentication via agent with '%.100s'", comment);
! 71: xfree(comment);
! 72:
! 73: /* Tell the server that we are willing to authenticate using this key. */
! 74: packet_start(SSH_CMSG_AUTH_RSA);
! 75: packet_put_bignum(n);
! 76: packet_send();
! 77: packet_write_wait();
! 78:
! 79: /* Wait for server's response. */
! 80: type = packet_read(&plen);
! 81:
! 82: /* The server sends failure if it doesn\'t like our key or
! 83: does not support RSA authentication. */
! 84: if (type == SSH_SMSG_FAILURE) {
! 85: debug("Server refused our key.");
! 86: continue;
! 87: }
! 88: /* Otherwise it should have sent a challenge. */
! 89: if (type != SSH_SMSG_AUTH_RSA_CHALLENGE)
! 90: packet_disconnect("Protocol error during RSA authentication: %d",
! 91: type);
! 92:
! 93: packet_get_bignum(challenge, &clen);
! 94:
! 95: packet_integrity_check(plen, clen, type);
! 96:
! 97: debug("Received RSA challenge from server.");
! 98:
! 99: /* Ask the agent to decrypt the challenge. */
! 100: if (!ssh_decrypt_challenge(auth, e, n, challenge,
! 101: session_id, 1, response)) {
! 102: /* The agent failed to authenticate this identifier although it
! 103: advertised it supports this. Just return a wrong value. */
! 104: log("Authentication agent failed to decrypt challenge.");
! 105: memset(response, 0, sizeof(response));
! 106: }
! 107: debug("Sending response to RSA challenge.");
! 108:
! 109: /* Send the decrypted challenge back to the server. */
! 110: packet_start(SSH_CMSG_AUTH_RSA_RESPONSE);
! 111: for (i = 0; i < 16; i++)
! 112: packet_put_char(response[i]);
! 113: packet_send();
! 114: packet_write_wait();
! 115:
! 116: /* Wait for response from the server. */
! 117: type = packet_read(&plen);
! 118:
! 119: /* The server returns success if it accepted the authentication. */
! 120: if (type == SSH_SMSG_SUCCESS) {
! 121: debug("RSA authentication accepted by server.");
! 122: BN_clear_free(e);
! 123: BN_clear_free(n);
! 124: BN_clear_free(challenge);
! 125: return 1;
! 126: }
! 127: /* Otherwise it should return failure. */
! 128: if (type != SSH_SMSG_FAILURE)
! 129: packet_disconnect("Protocol error waiting RSA auth response: %d",
! 130: type);
! 131: }
! 132:
! 133: BN_clear_free(e);
! 134: BN_clear_free(n);
! 135: BN_clear_free(challenge);
! 136:
! 137: debug("RSA authentication using agent refused.");
! 138: return 0;
! 139: }
! 140:
! 141: /*
! 142: * Computes the proper response to a RSA challenge, and sends the response to
! 143: * the server.
! 144: */
! 145: void
! 146: respond_to_rsa_challenge(BIGNUM * challenge, RSA * prv)
! 147: {
! 148: unsigned char buf[32], response[16];
! 149: MD5_CTX md;
! 150: int i, len;
! 151:
! 152: /* Decrypt the challenge using the private key. */
! 153: rsa_private_decrypt(challenge, challenge, prv);
! 154:
! 155: /* Compute the response. */
! 156: /* The response is MD5 of decrypted challenge plus session id. */
! 157: len = BN_num_bytes(challenge);
! 158: if (len <= 0 || len > sizeof(buf))
! 159: packet_disconnect("respond_to_rsa_challenge: bad challenge length %d",
! 160: len);
! 161:
! 162: memset(buf, 0, sizeof(buf));
! 163: BN_bn2bin(challenge, buf + sizeof(buf) - len);
! 164: MD5_Init(&md);
! 165: MD5_Update(&md, buf, 32);
! 166: MD5_Update(&md, session_id, 16);
! 167: MD5_Final(response, &md);
! 168:
! 169: debug("Sending response to host key RSA challenge.");
! 170:
! 171: /* Send the response back to the server. */
! 172: packet_start(SSH_CMSG_AUTH_RSA_RESPONSE);
! 173: for (i = 0; i < 16; i++)
! 174: packet_put_char(response[i]);
! 175: packet_send();
! 176: packet_write_wait();
! 177:
! 178: memset(buf, 0, sizeof(buf));
! 179: memset(response, 0, sizeof(response));
! 180: memset(&md, 0, sizeof(md));
! 181: }
! 182:
! 183: /*
! 184: * Checks if the user has authentication file, and if so, tries to authenticate
! 185: * the user using it.
! 186: */
! 187: int
! 188: try_rsa_authentication(const char *authfile)
! 189: {
! 190: BIGNUM *challenge;
! 191: Key *public;
! 192: Key *private;
! 193: char *passphrase, *comment;
! 194: int type, i;
! 195: int plen, clen;
! 196:
! 197: /* Try to load identification for the authentication key. */
! 198: public = key_new(KEY_RSA);
! 199: if (!load_public_key(authfile, public, &comment)) {
! 200: key_free(public);
! 201: /* Could not load it. Fail. */
! 202: return 0;
! 203: }
! 204: debug("Trying RSA authentication with key '%.100s'", comment);
! 205:
! 206: /* Tell the server that we are willing to authenticate using this key. */
! 207: packet_start(SSH_CMSG_AUTH_RSA);
! 208: packet_put_bignum(public->rsa->n);
! 209: packet_send();
! 210: packet_write_wait();
! 211:
! 212: /* We no longer need the public key. */
! 213: key_free(public);
! 214:
! 215: /* Wait for server's response. */
! 216: type = packet_read(&plen);
! 217:
! 218: /*
! 219: * The server responds with failure if it doesn\'t like our key or
! 220: * doesn\'t support RSA authentication.
! 221: */
! 222: if (type == SSH_SMSG_FAILURE) {
! 223: debug("Server refused our key.");
! 224: xfree(comment);
! 225: return 0;
! 226: }
! 227: /* Otherwise, the server should respond with a challenge. */
! 228: if (type != SSH_SMSG_AUTH_RSA_CHALLENGE)
! 229: packet_disconnect("Protocol error during RSA authentication: %d", type);
! 230:
! 231: /* Get the challenge from the packet. */
! 232: challenge = BN_new();
! 233: packet_get_bignum(challenge, &clen);
! 234:
! 235: packet_integrity_check(plen, clen, type);
! 236:
! 237: debug("Received RSA challenge from server.");
! 238:
! 239: private = key_new(KEY_RSA);
! 240: /*
! 241: * Load the private key. Try first with empty passphrase; if it
! 242: * fails, ask for a passphrase.
! 243: */
! 244: if (!load_private_key(authfile, "", private, NULL)) {
! 245: char buf[300];
! 246: snprintf(buf, sizeof buf, "Enter passphrase for RSA key '%.100s': ",
! 247: comment);
! 248: if (!options.batch_mode)
! 249: passphrase = read_passphrase(buf, 0);
! 250: else {
! 251: debug("Will not query passphrase for %.100s in batch mode.",
! 252: comment);
! 253: passphrase = xstrdup("");
! 254: }
! 255:
! 256: /* Load the authentication file using the pasphrase. */
! 257: if (!load_private_key(authfile, passphrase, private, NULL)) {
! 258: memset(passphrase, 0, strlen(passphrase));
! 259: xfree(passphrase);
! 260: error("Bad passphrase.");
! 261:
! 262: /* Send a dummy response packet to avoid protocol error. */
! 263: packet_start(SSH_CMSG_AUTH_RSA_RESPONSE);
! 264: for (i = 0; i < 16; i++)
! 265: packet_put_char(0);
! 266: packet_send();
! 267: packet_write_wait();
! 268:
! 269: /* Expect the server to reject it... */
! 270: packet_read_expect(&plen, SSH_SMSG_FAILURE);
! 271: xfree(comment);
! 272: return 0;
! 273: }
! 274: /* Destroy the passphrase. */
! 275: memset(passphrase, 0, strlen(passphrase));
! 276: xfree(passphrase);
! 277: }
! 278: /* We no longer need the comment. */
! 279: xfree(comment);
! 280:
! 281: /* Compute and send a response to the challenge. */
! 282: respond_to_rsa_challenge(challenge, private->rsa);
! 283:
! 284: /* Destroy the private key. */
! 285: key_free(private);
! 286:
! 287: /* We no longer need the challenge. */
! 288: BN_clear_free(challenge);
! 289:
! 290: /* Wait for response from the server. */
! 291: type = packet_read(&plen);
! 292: if (type == SSH_SMSG_SUCCESS) {
! 293: debug("RSA authentication accepted by server.");
! 294: return 1;
! 295: }
! 296: if (type != SSH_SMSG_FAILURE)
! 297: packet_disconnect("Protocol error waiting RSA auth response: %d", type);
! 298: debug("RSA authentication refused.");
! 299: return 0;
! 300: }
! 301:
! 302: /*
! 303: * Tries to authenticate the user using combined rhosts or /etc/hosts.equiv
! 304: * authentication and RSA host authentication.
! 305: */
! 306: int
! 307: try_rhosts_rsa_authentication(const char *local_user, RSA * host_key)
! 308: {
! 309: int type;
! 310: BIGNUM *challenge;
! 311: int plen, clen;
! 312:
! 313: debug("Trying rhosts or /etc/hosts.equiv with RSA host authentication.");
! 314:
! 315: /* Tell the server that we are willing to authenticate using this key. */
! 316: packet_start(SSH_CMSG_AUTH_RHOSTS_RSA);
! 317: packet_put_string(local_user, strlen(local_user));
! 318: packet_put_int(BN_num_bits(host_key->n));
! 319: packet_put_bignum(host_key->e);
! 320: packet_put_bignum(host_key->n);
! 321: packet_send();
! 322: packet_write_wait();
! 323:
! 324: /* Wait for server's response. */
! 325: type = packet_read(&plen);
! 326:
! 327: /* The server responds with failure if it doesn't admit our
! 328: .rhosts authentication or doesn't know our host key. */
! 329: if (type == SSH_SMSG_FAILURE) {
! 330: debug("Server refused our rhosts authentication or host key.");
! 331: return 0;
! 332: }
! 333: /* Otherwise, the server should respond with a challenge. */
! 334: if (type != SSH_SMSG_AUTH_RSA_CHALLENGE)
! 335: packet_disconnect("Protocol error during RSA authentication: %d", type);
! 336:
! 337: /* Get the challenge from the packet. */
! 338: challenge = BN_new();
! 339: packet_get_bignum(challenge, &clen);
! 340:
! 341: packet_integrity_check(plen, clen, type);
! 342:
! 343: debug("Received RSA challenge for host key from server.");
! 344:
! 345: /* Compute a response to the challenge. */
! 346: respond_to_rsa_challenge(challenge, host_key);
! 347:
! 348: /* We no longer need the challenge. */
! 349: BN_clear_free(challenge);
! 350:
! 351: /* Wait for response from the server. */
! 352: type = packet_read(&plen);
! 353: if (type == SSH_SMSG_SUCCESS) {
! 354: debug("Rhosts or /etc/hosts.equiv with RSA host authentication accepted by server.");
! 355: return 1;
! 356: }
! 357: if (type != SSH_SMSG_FAILURE)
! 358: packet_disconnect("Protocol error waiting RSA auth response: %d", type);
! 359: debug("Rhosts or /etc/hosts.equiv with RSA host authentication refused.");
! 360: return 0;
! 361: }
! 362:
! 363: #ifdef KRB4
! 364: int
! 365: try_kerberos_authentication()
! 366: {
! 367: KTEXT_ST auth; /* Kerberos data */
! 368: char *reply;
! 369: char inst[INST_SZ];
! 370: char *realm;
! 371: CREDENTIALS cred;
! 372: int r, type, plen;
! 373: socklen_t slen;
! 374: Key_schedule schedule;
! 375: u_long checksum, cksum;
! 376: MSG_DAT msg_data;
! 377: struct sockaddr_in local, foreign;
! 378: struct stat st;
! 379:
! 380: /* Don't do anything if we don't have any tickets. */
! 381: if (stat(tkt_string(), &st) < 0)
! 382: return 0;
! 383:
! 384: strncpy(inst, (char *) krb_get_phost(get_canonical_hostname()), INST_SZ);
! 385:
! 386: realm = (char *) krb_realmofhost(get_canonical_hostname());
! 387: if (!realm) {
! 388: debug("Kerberos V4: no realm for %s", get_canonical_hostname());
! 389: return 0;
! 390: }
! 391: /* This can really be anything. */
! 392: checksum = (u_long) getpid();
! 393:
! 394: r = krb_mk_req(&auth, KRB4_SERVICE_NAME, inst, realm, checksum);
! 395: if (r != KSUCCESS) {
! 396: debug("Kerberos V4 krb_mk_req failed: %s", krb_err_txt[r]);
! 397: return 0;
! 398: }
! 399: /* Get session key to decrypt the server's reply with. */
! 400: r = krb_get_cred(KRB4_SERVICE_NAME, inst, realm, &cred);
! 401: if (r != KSUCCESS) {
! 402: debug("get_cred failed: %s", krb_err_txt[r]);
! 403: return 0;
! 404: }
! 405: des_key_sched((des_cblock *) cred.session, schedule);
! 406:
! 407: /* Send authentication info to server. */
! 408: packet_start(SSH_CMSG_AUTH_KERBEROS);
! 409: packet_put_string((char *) auth.dat, auth.length);
! 410: packet_send();
! 411: packet_write_wait();
! 412:
! 413: /* Zero the buffer. */
! 414: (void) memset(auth.dat, 0, MAX_KTXT_LEN);
! 415:
! 416: slen = sizeof(local);
! 417: memset(&local, 0, sizeof(local));
! 418: if (getsockname(packet_get_connection_in(),
! 419: (struct sockaddr *) & local, &slen) < 0)
! 420: debug("getsockname failed: %s", strerror(errno));
! 421:
! 422: slen = sizeof(foreign);
! 423: memset(&foreign, 0, sizeof(foreign));
! 424: if (getpeername(packet_get_connection_in(),
! 425: (struct sockaddr *) & foreign, &slen) < 0) {
! 426: debug("getpeername failed: %s", strerror(errno));
! 427: fatal_cleanup();
! 428: }
! 429: /* Get server reply. */
! 430: type = packet_read(&plen);
! 431: switch (type) {
! 432: case SSH_SMSG_FAILURE:
! 433: /* Should really be SSH_SMSG_AUTH_KERBEROS_FAILURE */
! 434: debug("Kerberos V4 authentication failed.");
! 435: return 0;
! 436: break;
! 437:
! 438: case SSH_SMSG_AUTH_KERBEROS_RESPONSE:
! 439: /* SSH_SMSG_AUTH_KERBEROS_SUCCESS */
! 440: debug("Kerberos V4 authentication accepted.");
! 441:
! 442: /* Get server's response. */
! 443: reply = packet_get_string((unsigned int *) &auth.length);
! 444: memcpy(auth.dat, reply, auth.length);
! 445: xfree(reply);
! 446:
! 447: packet_integrity_check(plen, 4 + auth.length, type);
! 448:
! 449: /*
! 450: * If his response isn't properly encrypted with the session
! 451: * key, and the decrypted checksum fails to match, he's
! 452: * bogus. Bail out.
! 453: */
! 454: r = krb_rd_priv(auth.dat, auth.length, schedule, &cred.session,
! 455: &foreign, &local, &msg_data);
! 456: if (r != KSUCCESS) {
! 457: debug("Kerberos V4 krb_rd_priv failed: %s", krb_err_txt[r]);
! 458: packet_disconnect("Kerberos V4 challenge failed!");
! 459: }
! 460: /* Fetch the (incremented) checksum that we supplied in the request. */
! 461: (void) memcpy((char *) &cksum, (char *) msg_data.app_data, sizeof(cksum));
! 462: cksum = ntohl(cksum);
! 463:
! 464: /* If it matches, we're golden. */
! 465: if (cksum == checksum + 1) {
! 466: debug("Kerberos V4 challenge successful.");
! 467: return 1;
! 468: } else
! 469: packet_disconnect("Kerberos V4 challenge failed!");
! 470: break;
! 471:
! 472: default:
! 473: packet_disconnect("Protocol error on Kerberos V4 response: %d", type);
! 474: }
! 475: return 0;
! 476: }
! 477:
! 478: #endif /* KRB4 */
! 479:
! 480: #ifdef AFS
! 481: int
! 482: send_kerberos_tgt()
! 483: {
! 484: CREDENTIALS *creds;
! 485: char pname[ANAME_SZ], pinst[INST_SZ], prealm[REALM_SZ];
! 486: int r, type, plen;
! 487: char buffer[8192];
! 488: struct stat st;
! 489:
! 490: /* Don't do anything if we don't have any tickets. */
! 491: if (stat(tkt_string(), &st) < 0)
! 492: return 0;
! 493:
! 494: creds = xmalloc(sizeof(*creds));
! 495:
! 496: if ((r = krb_get_tf_fullname(TKT_FILE, pname, pinst, prealm)) != KSUCCESS) {
! 497: debug("Kerberos V4 tf_fullname failed: %s", krb_err_txt[r]);
! 498: return 0;
! 499: }
! 500: if ((r = krb_get_cred("krbtgt", prealm, prealm, creds)) != GC_OK) {
! 501: debug("Kerberos V4 get_cred failed: %s", krb_err_txt[r]);
! 502: return 0;
! 503: }
! 504: if (time(0) > krb_life_to_time(creds->issue_date, creds->lifetime)) {
! 505: debug("Kerberos V4 ticket expired: %s", TKT_FILE);
! 506: return 0;
! 507: }
! 508: creds_to_radix(creds, (unsigned char *)buffer);
! 509: xfree(creds);
! 510:
! 511: packet_start(SSH_CMSG_HAVE_KERBEROS_TGT);
! 512: packet_put_string(buffer, strlen(buffer));
! 513: packet_send();
! 514: packet_write_wait();
! 515:
! 516: type = packet_read(&plen);
! 517:
! 518: if (type == SSH_SMSG_FAILURE)
! 519: debug("Kerberos TGT for realm %s rejected.", prealm);
! 520: else if (type != SSH_SMSG_SUCCESS)
! 521: packet_disconnect("Protocol error on Kerberos TGT response: %d", type);
! 522:
! 523: return 1;
! 524: }
! 525:
! 526: void
! 527: send_afs_tokens(void)
! 528: {
! 529: CREDENTIALS creds;
! 530: struct ViceIoctl parms;
! 531: struct ClearToken ct;
! 532: int i, type, len, plen;
! 533: char buf[2048], *p, *server_cell;
! 534: char buffer[8192];
! 535:
! 536: /* Move over ktc_GetToken, here's something leaner. */
! 537: for (i = 0; i < 100; i++) { /* just in case */
! 538: parms.in = (char *) &i;
! 539: parms.in_size = sizeof(i);
! 540: parms.out = buf;
! 541: parms.out_size = sizeof(buf);
! 542: if (k_pioctl(0, VIOCGETTOK, &parms, 0) != 0)
! 543: break;
! 544: p = buf;
! 545:
! 546: /* Get secret token. */
! 547: memcpy(&creds.ticket_st.length, p, sizeof(unsigned int));
! 548: if (creds.ticket_st.length > MAX_KTXT_LEN)
! 549: break;
! 550: p += sizeof(unsigned int);
! 551: memcpy(creds.ticket_st.dat, p, creds.ticket_st.length);
! 552: p += creds.ticket_st.length;
! 553:
! 554: /* Get clear token. */
! 555: memcpy(&len, p, sizeof(len));
! 556: if (len != sizeof(struct ClearToken))
! 557: break;
! 558: p += sizeof(len);
! 559: memcpy(&ct, p, len);
! 560: p += len;
! 561: p += sizeof(len); /* primary flag */
! 562: server_cell = p;
! 563:
! 564: /* Flesh out our credentials. */
! 565: strlcpy(creds.service, "afs", sizeof creds.service);
! 566: creds.instance[0] = '\0';
! 567: strlcpy(creds.realm, server_cell, REALM_SZ);
! 568: memcpy(creds.session, ct.HandShakeKey, DES_KEY_SZ);
! 569: creds.issue_date = ct.BeginTimestamp;
! 570: creds.lifetime = krb_time_to_life(creds.issue_date, ct.EndTimestamp);
! 571: creds.kvno = ct.AuthHandle;
! 572: snprintf(creds.pname, sizeof(creds.pname), "AFS ID %d", ct.ViceId);
! 573: creds.pinst[0] = '\0';
! 574:
! 575: /* Encode token, ship it off. */
! 576: if (!creds_to_radix(&creds, (unsigned char*) buffer))
! 577: break;
! 578: packet_start(SSH_CMSG_HAVE_AFS_TOKEN);
! 579: packet_put_string(buffer, strlen(buffer));
! 580: packet_send();
! 581: packet_write_wait();
! 582:
! 583: /* Roger, Roger. Clearance, Clarence. What's your vector,
! 584: Victor? */
! 585: type = packet_read(&plen);
! 586:
! 587: if (type == SSH_SMSG_FAILURE)
! 588: debug("AFS token for cell %s rejected.", server_cell);
! 589: else if (type != SSH_SMSG_SUCCESS)
! 590: packet_disconnect("Protocol error on AFS token response: %d", type);
! 591: }
! 592: }
! 593:
! 594: #endif /* AFS */
! 595:
! 596: /*
! 597: * Tries to authenticate with any string-based challenge/response system.
! 598: * Note that the client code is not tied to s/key or TIS.
! 599: */
! 600: int
! 601: try_skey_authentication()
! 602: {
! 603: int type, i;
! 604: int payload_len;
! 605: unsigned int clen;
! 606: char *challenge, *response;
! 607:
! 608: debug("Doing skey authentication.");
! 609:
! 610: /* request a challenge */
! 611: packet_start(SSH_CMSG_AUTH_TIS);
! 612: packet_send();
! 613: packet_write_wait();
! 614:
! 615: type = packet_read(&payload_len);
! 616: if (type != SSH_SMSG_FAILURE &&
! 617: type != SSH_SMSG_AUTH_TIS_CHALLENGE) {
! 618: packet_disconnect("Protocol error: got %d in response "
! 619: "to skey-auth", type);
! 620: }
! 621: if (type != SSH_SMSG_AUTH_TIS_CHALLENGE) {
! 622: debug("No challenge for skey authentication.");
! 623: return 0;
! 624: }
! 625: challenge = packet_get_string(&clen);
! 626: packet_integrity_check(payload_len, (4 + clen), type);
! 627: if (options.cipher == SSH_CIPHER_NONE)
! 628: log("WARNING: Encryption is disabled! "
! 629: "Reponse will be transmitted in clear text.");
! 630: fprintf(stderr, "%s\n", challenge);
! 631: xfree(challenge);
! 632: fflush(stderr);
! 633: for (i = 0; i < options.number_of_password_prompts; i++) {
! 634: if (i != 0)
! 635: error("Permission denied, please try again.");
! 636: response = read_passphrase("Response: ", 0);
! 637: packet_start(SSH_CMSG_AUTH_TIS_RESPONSE);
! 638: packet_put_string(response, strlen(response));
! 639: memset(response, 0, strlen(response));
! 640: xfree(response);
! 641: packet_send();
! 642: packet_write_wait();
! 643: type = packet_read(&payload_len);
! 644: if (type == SSH_SMSG_SUCCESS)
! 645: return 1;
! 646: if (type != SSH_SMSG_FAILURE)
! 647: packet_disconnect("Protocol error: got %d in response "
! 648: "to skey-auth-reponse", type);
! 649: }
! 650: /* failure */
! 651: return 0;
! 652: }
! 653:
! 654: /*
! 655: * Tries to authenticate with plain passwd authentication.
! 656: */
! 657: int
! 658: try_password_authentication(char *prompt)
! 659: {
! 660: int type, i, payload_len;
! 661: char *password;
! 662:
! 663: debug("Doing password authentication.");
! 664: if (options.cipher == SSH_CIPHER_NONE)
! 665: log("WARNING: Encryption is disabled! Password will be transmitted in clear text.");
! 666: for (i = 0; i < options.number_of_password_prompts; i++) {
! 667: if (i != 0)
! 668: error("Permission denied, please try again.");
! 669: password = read_passphrase(prompt, 0);
! 670: packet_start(SSH_CMSG_AUTH_PASSWORD);
! 671: packet_put_string(password, strlen(password));
! 672: memset(password, 0, strlen(password));
! 673: xfree(password);
! 674: packet_send();
! 675: packet_write_wait();
! 676:
! 677: type = packet_read(&payload_len);
! 678: if (type == SSH_SMSG_SUCCESS)
! 679: return 1;
! 680: if (type != SSH_SMSG_FAILURE)
! 681: packet_disconnect("Protocol error: got %d in response to passwd auth", type);
! 682: }
! 683: /* failure */
! 684: return 0;
! 685: }
! 686:
! 687: /*
! 688: * SSH1 key exchange
! 689: */
! 690: void
! 691: ssh_kex(char *host, struct sockaddr *hostaddr)
! 692: {
! 693: int i;
! 694: BIGNUM *key;
! 695: RSA *host_key;
! 696: RSA *public_key;
! 697: Key k;
! 698: int bits, rbits;
! 699: int ssh_cipher_default = SSH_CIPHER_3DES;
! 700: unsigned char session_key[SSH_SESSION_KEY_LENGTH];
! 701: unsigned char cookie[8];
! 702: unsigned int supported_ciphers;
! 703: unsigned int server_flags, client_flags;
! 704: int payload_len, clen, sum_len = 0;
! 705: u_int32_t rand = 0;
! 706:
! 707: debug("Waiting for server public key.");
! 708:
! 709: /* Wait for a public key packet from the server. */
! 710: packet_read_expect(&payload_len, SSH_SMSG_PUBLIC_KEY);
! 711:
! 712: /* Get cookie from the packet. */
! 713: for (i = 0; i < 8; i++)
! 714: cookie[i] = packet_get_char();
! 715:
! 716: /* Get the public key. */
! 717: public_key = RSA_new();
! 718: bits = packet_get_int();/* bits */
! 719: public_key->e = BN_new();
! 720: packet_get_bignum(public_key->e, &clen);
! 721: sum_len += clen;
! 722: public_key->n = BN_new();
! 723: packet_get_bignum(public_key->n, &clen);
! 724: sum_len += clen;
! 725:
! 726: rbits = BN_num_bits(public_key->n);
! 727: if (bits != rbits) {
! 728: log("Warning: Server lies about size of server public key: "
! 729: "actual size is %d bits vs. announced %d.", rbits, bits);
! 730: log("Warning: This may be due to an old implementation of ssh.");
! 731: }
! 732: /* Get the host key. */
! 733: host_key = RSA_new();
! 734: bits = packet_get_int();/* bits */
! 735: host_key->e = BN_new();
! 736: packet_get_bignum(host_key->e, &clen);
! 737: sum_len += clen;
! 738: host_key->n = BN_new();
! 739: packet_get_bignum(host_key->n, &clen);
! 740: sum_len += clen;
! 741:
! 742: rbits = BN_num_bits(host_key->n);
! 743: if (bits != rbits) {
! 744: log("Warning: Server lies about size of server host key: "
! 745: "actual size is %d bits vs. announced %d.", rbits, bits);
! 746: log("Warning: This may be due to an old implementation of ssh.");
! 747: }
! 748:
! 749: /* Get protocol flags. */
! 750: server_flags = packet_get_int();
! 751: packet_set_protocol_flags(server_flags);
! 752:
! 753: supported_ciphers = packet_get_int();
! 754: supported_authentications = packet_get_int();
! 755:
! 756: debug("Received server public key (%d bits) and host key (%d bits).",
! 757: BN_num_bits(public_key->n), BN_num_bits(host_key->n));
! 758:
! 759: packet_integrity_check(payload_len,
! 760: 8 + 4 + sum_len + 0 + 4 + 0 + 0 + 4 + 4 + 4,
! 761: SSH_SMSG_PUBLIC_KEY);
! 762: k.type = KEY_RSA;
! 763: k.rsa = host_key;
! 764: check_host_key(host, hostaddr, &k,
! 765: options.user_hostfile, options.system_hostfile);
! 766:
! 767: client_flags = SSH_PROTOFLAG_SCREEN_NUMBER | SSH_PROTOFLAG_HOST_IN_FWD_OPEN;
! 768:
! 769: compute_session_id(session_id, cookie, host_key->n, public_key->n);
! 770:
! 771: /* Generate a session key. */
! 772: arc4random_stir();
! 773:
! 774: /*
! 775: * Generate an encryption key for the session. The key is a 256 bit
! 776: * random number, interpreted as a 32-byte key, with the least
! 777: * significant 8 bits being the first byte of the key.
! 778: */
! 779: for (i = 0; i < 32; i++) {
! 780: if (i % 4 == 0)
! 781: rand = arc4random();
! 782: session_key[i] = rand & 0xff;
! 783: rand >>= 8;
! 784: }
! 785:
! 786: /*
! 787: * According to the protocol spec, the first byte of the session key
! 788: * is the highest byte of the integer. The session key is xored with
! 789: * the first 16 bytes of the session id.
! 790: */
! 791: key = BN_new();
! 792: BN_set_word(key, 0);
! 793: for (i = 0; i < SSH_SESSION_KEY_LENGTH; i++) {
! 794: BN_lshift(key, key, 8);
! 795: if (i < 16)
! 796: BN_add_word(key, session_key[i] ^ session_id[i]);
! 797: else
! 798: BN_add_word(key, session_key[i]);
! 799: }
! 800:
! 801: /*
! 802: * Encrypt the integer using the public key and host key of the
! 803: * server (key with smaller modulus first).
! 804: */
! 805: if (BN_cmp(public_key->n, host_key->n) < 0) {
! 806: /* Public key has smaller modulus. */
! 807: if (BN_num_bits(host_key->n) <
! 808: BN_num_bits(public_key->n) + SSH_KEY_BITS_RESERVED) {
! 809: fatal("respond_to_rsa_challenge: host_key %d < public_key %d + "
! 810: "SSH_KEY_BITS_RESERVED %d",
! 811: BN_num_bits(host_key->n),
! 812: BN_num_bits(public_key->n),
! 813: SSH_KEY_BITS_RESERVED);
! 814: }
! 815: rsa_public_encrypt(key, key, public_key);
! 816: rsa_public_encrypt(key, key, host_key);
! 817: } else {
! 818: /* Host key has smaller modulus (or they are equal). */
! 819: if (BN_num_bits(public_key->n) <
! 820: BN_num_bits(host_key->n) + SSH_KEY_BITS_RESERVED) {
! 821: fatal("respond_to_rsa_challenge: public_key %d < host_key %d + "
! 822: "SSH_KEY_BITS_RESERVED %d",
! 823: BN_num_bits(public_key->n),
! 824: BN_num_bits(host_key->n),
! 825: SSH_KEY_BITS_RESERVED);
! 826: }
! 827: rsa_public_encrypt(key, key, host_key);
! 828: rsa_public_encrypt(key, key, public_key);
! 829: }
! 830:
! 831: /* Destroy the public keys since we no longer need them. */
! 832: RSA_free(public_key);
! 833: RSA_free(host_key);
! 834:
! 835: if (options.cipher == SSH_CIPHER_NOT_SET) {
! 836: if (cipher_mask1() & supported_ciphers & (1 << ssh_cipher_default))
! 837: options.cipher = ssh_cipher_default;
! 838: else {
! 839: debug("Cipher %s not supported, using %.100s instead.",
! 840: cipher_name(ssh_cipher_default),
! 841: cipher_name(SSH_FALLBACK_CIPHER));
! 842: options.cipher = SSH_FALLBACK_CIPHER;
! 843: }
! 844: }
! 845: /* Check that the selected cipher is supported. */
! 846: if (!(supported_ciphers & (1 << options.cipher)))
! 847: fatal("Selected cipher type %.100s not supported by server.",
! 848: cipher_name(options.cipher));
! 849:
! 850: debug("Encryption type: %.100s", cipher_name(options.cipher));
! 851:
! 852: /* Send the encrypted session key to the server. */
! 853: packet_start(SSH_CMSG_SESSION_KEY);
! 854: packet_put_char(options.cipher);
! 855:
! 856: /* Send the cookie back to the server. */
! 857: for (i = 0; i < 8; i++)
! 858: packet_put_char(cookie[i]);
! 859:
! 860: /* Send and destroy the encrypted encryption key integer. */
! 861: packet_put_bignum(key);
! 862: BN_clear_free(key);
! 863:
! 864: /* Send protocol flags. */
! 865: packet_put_int(client_flags);
! 866:
! 867: /* Send the packet now. */
! 868: packet_send();
! 869: packet_write_wait();
! 870:
! 871: debug("Sent encrypted session key.");
! 872:
! 873: /* Set the encryption key. */
! 874: packet_set_encryption_key(session_key, SSH_SESSION_KEY_LENGTH, options.cipher);
! 875:
! 876: /* We will no longer need the session key here. Destroy any extra copies. */
! 877: memset(session_key, 0, sizeof(session_key));
! 878:
! 879: /*
! 880: * Expect a success message from the server. Note that this message
! 881: * will be received in encrypted form.
! 882: */
! 883: packet_read_expect(&payload_len, SSH_SMSG_SUCCESS);
! 884:
! 885: debug("Received encrypted confirmation.");
! 886: }
! 887:
! 888: /*
! 889: * Authenticate user
! 890: */
! 891: void
! 892: ssh_userauth(
! 893: const char* local_user,
! 894: const char* server_user,
! 895: char *host,
! 896: int host_key_valid, RSA *own_host_key)
! 897: {
! 898: int i, type;
! 899: int payload_len;
! 900:
! 901: if (supported_authentications == 0)
! 902: fatal("ssh_userauth: server supports no auth methods");
! 903:
! 904: /* Send the name of the user to log in as on the server. */
! 905: packet_start(SSH_CMSG_USER);
! 906: packet_put_string(server_user, strlen(server_user));
! 907: packet_send();
! 908: packet_write_wait();
! 909:
! 910: /*
! 911: * The server should respond with success if no authentication is
! 912: * needed (the user has no password). Otherwise the server responds
! 913: * with failure.
! 914: */
! 915: type = packet_read(&payload_len);
! 916:
! 917: /* check whether the connection was accepted without authentication. */
! 918: if (type == SSH_SMSG_SUCCESS)
! 919: return;
! 920: if (type != SSH_SMSG_FAILURE)
! 921: packet_disconnect("Protocol error: got %d in response to SSH_CMSG_USER",
! 922: type);
! 923:
! 924: #ifdef AFS
! 925: /* Try Kerberos tgt passing if the server supports it. */
! 926: if ((supported_authentications & (1 << SSH_PASS_KERBEROS_TGT)) &&
! 927: options.kerberos_tgt_passing) {
! 928: if (options.cipher == SSH_CIPHER_NONE)
! 929: log("WARNING: Encryption is disabled! Ticket will be transmitted in the clear!");
! 930: (void) send_kerberos_tgt();
! 931: }
! 932: /* Try AFS token passing if the server supports it. */
! 933: if ((supported_authentications & (1 << SSH_PASS_AFS_TOKEN)) &&
! 934: options.afs_token_passing && k_hasafs()) {
! 935: if (options.cipher == SSH_CIPHER_NONE)
! 936: log("WARNING: Encryption is disabled! Token will be transmitted in the clear!");
! 937: send_afs_tokens();
! 938: }
! 939: #endif /* AFS */
! 940:
! 941: #ifdef KRB4
! 942: if ((supported_authentications & (1 << SSH_AUTH_KERBEROS)) &&
! 943: options.kerberos_authentication) {
! 944: debug("Trying Kerberos authentication.");
! 945: if (try_kerberos_authentication()) {
! 946: /* The server should respond with success or failure. */
! 947: type = packet_read(&payload_len);
! 948: if (type == SSH_SMSG_SUCCESS)
! 949: return;
! 950: if (type != SSH_SMSG_FAILURE)
! 951: packet_disconnect("Protocol error: got %d in response to Kerberos auth", type);
! 952: }
! 953: }
! 954: #endif /* KRB4 */
! 955:
! 956: /*
! 957: * Use rhosts authentication if running in privileged socket and we
! 958: * do not wish to remain anonymous.
! 959: */
! 960: if ((supported_authentications & (1 << SSH_AUTH_RHOSTS)) &&
! 961: options.rhosts_authentication) {
! 962: debug("Trying rhosts authentication.");
! 963: packet_start(SSH_CMSG_AUTH_RHOSTS);
! 964: packet_put_string(local_user, strlen(local_user));
! 965: packet_send();
! 966: packet_write_wait();
! 967:
! 968: /* The server should respond with success or failure. */
! 969: type = packet_read(&payload_len);
! 970: if (type == SSH_SMSG_SUCCESS)
! 971: return;
! 972: if (type != SSH_SMSG_FAILURE)
! 973: packet_disconnect("Protocol error: got %d in response to rhosts auth",
! 974: type);
! 975: }
! 976: /*
! 977: * Try .rhosts or /etc/hosts.equiv authentication with RSA host
! 978: * authentication.
! 979: */
! 980: if ((supported_authentications & (1 << SSH_AUTH_RHOSTS_RSA)) &&
! 981: options.rhosts_rsa_authentication && host_key_valid) {
! 982: if (try_rhosts_rsa_authentication(local_user, own_host_key))
! 983: return;
! 984: }
! 985: /* Try RSA authentication if the server supports it. */
! 986: if ((supported_authentications & (1 << SSH_AUTH_RSA)) &&
! 987: options.rsa_authentication) {
! 988: /*
! 989: * Try RSA authentication using the authentication agent. The
! 990: * agent is tried first because no passphrase is needed for
! 991: * it, whereas identity files may require passphrases.
! 992: */
! 993: if (try_agent_authentication())
! 994: return;
! 995:
! 996: /* Try RSA authentication for each identity. */
! 997: for (i = 0; i < options.num_identity_files; i++)
! 998: if (try_rsa_authentication(options.identity_files[i]))
! 999: return;
! 1000: }
! 1001: /* Try skey authentication if the server supports it. */
! 1002: if ((supported_authentications & (1 << SSH_AUTH_TIS)) &&
! 1003: options.skey_authentication && !options.batch_mode) {
! 1004: if (try_skey_authentication())
! 1005: return;
! 1006: }
! 1007: /* Try password authentication if the server supports it. */
! 1008: if ((supported_authentications & (1 << SSH_AUTH_PASSWORD)) &&
! 1009: options.password_authentication && !options.batch_mode) {
! 1010: char prompt[80];
! 1011:
! 1012: snprintf(prompt, sizeof(prompt), "%.30s@%.40s's password: ",
! 1013: server_user, host);
! 1014: if (try_password_authentication(prompt))
! 1015: return;
! 1016: }
! 1017: /* All authentication methods have failed. Exit with an error message. */
! 1018: fatal("Permission denied.");
! 1019: /* NOTREACHED */
! 1020: }