Annotation of src/usr.bin/ssh/sshconnect1.c, Revision 1.54
1.1 markus 1: /*
2: * Author: Tatu Ylonen <ylo@cs.hut.fi>
3: * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4: * All rights reserved
5: * Code to connect to a remote host, and to perform the client side of the
6: * login (authentication) dialog.
7: *
1.6 deraadt 8: * As far as I am concerned, the code I have written for this software
9: * can be used freely for any purpose. Any derived versions of this
10: * software must be clearly marked as such, and if the derived work is
11: * incompatible with the protocol description in the RFC file, it must be
12: * called by a name other than "ssh" or "Secure Shell".
1.1 markus 13: */
14:
15: #include "includes.h"
1.54 ! markus 16: RCSID("$OpenBSD: sshconnect1.c,v 1.53 2003/04/08 20:21:29 itojun Exp $");
1.1 markus 17:
18: #include <openssl/bn.h>
1.48 markus 19: #include <openssl/md5.h>
1.1 markus 20:
1.37 dugsong 21: #ifdef KRB5
22: #include <krb5.h>
23: #endif
1.18 markus 24:
25: #include "ssh.h"
26: #include "ssh1.h"
1.1 markus 27: #include "xmalloc.h"
28: #include "rsa.h"
29: #include "buffer.h"
30: #include "packet.h"
31: #include "mpaux.h"
32: #include "uidswap.h"
1.18 markus 33: #include "log.h"
1.1 markus 34: #include "readconf.h"
35: #include "key.h"
1.4 markus 36: #include "authfd.h"
1.1 markus 37: #include "sshconnect.h"
38: #include "authfile.h"
1.18 markus 39: #include "readpass.h"
40: #include "cipher.h"
41: #include "canohost.h"
1.37 dugsong 42: #include "auth.h"
1.1 markus 43:
44: /* Session id for the current session. */
1.13 markus 45: u_char session_id[16];
46: u_int supported_authentications = 0;
1.1 markus 47:
48: extern Options options;
49: extern char *__progname;
50:
51: /*
52: * Checks if the user has an authentication agent, and if so, tries to
53: * authenticate using the agent.
54: */
1.35 itojun 55: static int
1.24 itojun 56: try_agent_authentication(void)
1.1 markus 57: {
1.5 markus 58: int type;
1.1 markus 59: char *comment;
60: AuthenticationConnection *auth;
1.13 markus 61: u_char response[16];
62: u_int i;
1.5 markus 63: Key *key;
64: BIGNUM *challenge;
1.1 markus 65:
66: /* Get connection to the agent. */
67: auth = ssh_get_authentication_connection();
68: if (!auth)
69: return 0;
70:
1.43 markus 71: if ((challenge = BN_new()) == NULL)
72: fatal("try_agent_authentication: BN_new failed");
1.1 markus 73: /* Loop through identities served by the agent. */
1.5 markus 74: for (key = ssh_get_first_identity(auth, &comment, 1);
1.42 deraadt 75: key != NULL;
76: key = ssh_get_next_identity(auth, &comment, 1)) {
1.1 markus 77:
78: /* Try this identity. */
79: debug("Trying RSA authentication via agent with '%.100s'", comment);
80: xfree(comment);
81:
82: /* Tell the server that we are willing to authenticate using this key. */
83: packet_start(SSH_CMSG_AUTH_RSA);
1.5 markus 84: packet_put_bignum(key->rsa->n);
1.1 markus 85: packet_send();
86: packet_write_wait();
87:
88: /* Wait for server's response. */
1.47 markus 89: type = packet_read();
1.1 markus 90:
91: /* The server sends failure if it doesn\'t like our key or
92: does not support RSA authentication. */
93: if (type == SSH_SMSG_FAILURE) {
94: debug("Server refused our key.");
1.5 markus 95: key_free(key);
1.1 markus 96: continue;
97: }
98: /* Otherwise it should have sent a challenge. */
99: if (type != SSH_SMSG_AUTH_RSA_CHALLENGE)
100: packet_disconnect("Protocol error during RSA authentication: %d",
101: type);
102:
1.46 markus 103: packet_get_bignum(challenge);
1.45 markus 104: packet_check_eom();
1.1 markus 105:
106: debug("Received RSA challenge from server.");
107:
108: /* Ask the agent to decrypt the challenge. */
1.5 markus 109: if (!ssh_decrypt_challenge(auth, key, challenge, session_id, 1, response)) {
110: /*
111: * The agent failed to authenticate this identifier
112: * although it advertised it supports this. Just
113: * return a wrong value.
114: */
1.53 itojun 115: logit("Authentication agent failed to decrypt challenge.");
1.1 markus 116: memset(response, 0, sizeof(response));
117: }
1.5 markus 118: key_free(key);
1.1 markus 119: debug("Sending response to RSA challenge.");
120:
121: /* Send the decrypted challenge back to the server. */
122: packet_start(SSH_CMSG_AUTH_RSA_RESPONSE);
123: for (i = 0; i < 16; i++)
124: packet_put_char(response[i]);
125: packet_send();
126: packet_write_wait();
127:
128: /* Wait for response from the server. */
1.47 markus 129: type = packet_read();
1.1 markus 130:
131: /* The server returns success if it accepted the authentication. */
132: if (type == SSH_SMSG_SUCCESS) {
1.14 markus 133: ssh_close_authentication_connection(auth);
1.5 markus 134: BN_clear_free(challenge);
1.1 markus 135: debug("RSA authentication accepted by server.");
136: return 1;
137: }
138: /* Otherwise it should return failure. */
139: if (type != SSH_SMSG_FAILURE)
140: packet_disconnect("Protocol error waiting RSA auth response: %d",
141: type);
142: }
1.14 markus 143: ssh_close_authentication_connection(auth);
1.1 markus 144: BN_clear_free(challenge);
145: debug("RSA authentication using agent refused.");
146: return 0;
147: }
148:
149: /*
150: * Computes the proper response to a RSA challenge, and sends the response to
151: * the server.
152: */
1.35 itojun 153: static void
1.1 markus 154: respond_to_rsa_challenge(BIGNUM * challenge, RSA * prv)
155: {
1.13 markus 156: u_char buf[32], response[16];
1.1 markus 157: MD5_CTX md;
158: int i, len;
159:
160: /* Decrypt the challenge using the private key. */
1.21 markus 161: /* XXX think about Bleichenbacher, too */
162: if (rsa_private_decrypt(challenge, challenge, prv) <= 0)
163: packet_disconnect(
164: "respond_to_rsa_challenge: rsa_private_decrypt failed");
1.1 markus 165:
166: /* Compute the response. */
167: /* The response is MD5 of decrypted challenge plus session id. */
168: len = BN_num_bytes(challenge);
169: if (len <= 0 || len > sizeof(buf))
1.21 markus 170: packet_disconnect(
171: "respond_to_rsa_challenge: bad challenge length %d", len);
1.1 markus 172:
173: memset(buf, 0, sizeof(buf));
174: BN_bn2bin(challenge, buf + sizeof(buf) - len);
175: MD5_Init(&md);
176: MD5_Update(&md, buf, 32);
177: MD5_Update(&md, session_id, 16);
178: MD5_Final(response, &md);
179:
180: debug("Sending response to host key RSA challenge.");
181:
182: /* Send the response back to the server. */
183: packet_start(SSH_CMSG_AUTH_RSA_RESPONSE);
184: for (i = 0; i < 16; i++)
185: packet_put_char(response[i]);
186: packet_send();
187: packet_write_wait();
188:
189: memset(buf, 0, sizeof(buf));
190: memset(response, 0, sizeof(response));
191: memset(&md, 0, sizeof(md));
192: }
193:
194: /*
195: * Checks if the user has authentication file, and if so, tries to authenticate
196: * the user using it.
197: */
1.35 itojun 198: static int
1.38 markus 199: try_rsa_authentication(int idx)
1.1 markus 200: {
201: BIGNUM *challenge;
1.36 markus 202: Key *public, *private;
1.38 markus 203: char buf[300], *passphrase, *comment, *authfile;
1.47 markus 204: int i, type, quit;
1.1 markus 205:
1.38 markus 206: public = options.identity_keys[idx];
207: authfile = options.identity_files[idx];
208: comment = xstrdup(authfile);
209:
1.1 markus 210: debug("Trying RSA authentication with key '%.100s'", comment);
211:
212: /* Tell the server that we are willing to authenticate using this key. */
213: packet_start(SSH_CMSG_AUTH_RSA);
214: packet_put_bignum(public->rsa->n);
215: packet_send();
216: packet_write_wait();
217:
218: /* Wait for server's response. */
1.47 markus 219: type = packet_read();
1.1 markus 220:
221: /*
222: * The server responds with failure if it doesn\'t like our key or
223: * doesn\'t support RSA authentication.
224: */
225: if (type == SSH_SMSG_FAILURE) {
226: debug("Server refused our key.");
227: xfree(comment);
228: return 0;
229: }
230: /* Otherwise, the server should respond with a challenge. */
231: if (type != SSH_SMSG_AUTH_RSA_CHALLENGE)
232: packet_disconnect("Protocol error during RSA authentication: %d", type);
233:
234: /* Get the challenge from the packet. */
1.43 markus 235: if ((challenge = BN_new()) == NULL)
236: fatal("try_rsa_authentication: BN_new failed");
1.46 markus 237: packet_get_bignum(challenge);
1.45 markus 238: packet_check_eom();
1.1 markus 239:
240: debug("Received RSA challenge from server.");
241:
242: /*
1.38 markus 243: * If the key is not stored in external hardware, we have to
244: * load the private key. Try first with empty passphrase; if it
1.1 markus 245: * fails, ask for a passphrase.
246: */
1.52 aaron 247: if (public->flags & KEY_FLAG_EXT)
1.38 markus 248: private = public;
249: else
250: private = key_load_private_type(KEY_RSA1, authfile, "", NULL);
1.36 markus 251: if (private == NULL && !options.batch_mode) {
252: snprintf(buf, sizeof(buf),
253: "Enter passphrase for RSA key '%.100s': ", comment);
254: for (i = 0; i < options.number_of_password_prompts; i++) {
1.1 markus 255: passphrase = read_passphrase(buf, 0);
1.36 markus 256: if (strcmp(passphrase, "") != 0) {
257: private = key_load_private_type(KEY_RSA1,
258: authfile, passphrase, NULL);
259: quit = 0;
260: } else {
261: debug2("no passphrase given, try next key");
262: quit = 1;
263: }
1.1 markus 264: memset(passphrase, 0, strlen(passphrase));
265: xfree(passphrase);
1.36 markus 266: if (private != NULL || quit)
267: break;
268: debug2("bad passphrase given, try again...");
1.1 markus 269: }
270: }
271: /* We no longer need the comment. */
272: xfree(comment);
1.36 markus 273:
274: if (private == NULL) {
275: if (!options.batch_mode)
276: error("Bad passphrase.");
277:
278: /* Send a dummy response packet to avoid protocol error. */
279: packet_start(SSH_CMSG_AUTH_RSA_RESPONSE);
280: for (i = 0; i < 16; i++)
281: packet_put_char(0);
282: packet_send();
283: packet_write_wait();
284:
285: /* Expect the server to reject it... */
1.47 markus 286: packet_read_expect(SSH_SMSG_FAILURE);
1.36 markus 287: BN_clear_free(challenge);
288: return 0;
289: }
1.1 markus 290:
291: /* Compute and send a response to the challenge. */
292: respond_to_rsa_challenge(challenge, private->rsa);
293:
1.38 markus 294: /* Destroy the private key unless it in external hardware. */
295: if (!(private->flags & KEY_FLAG_EXT))
296: key_free(private);
1.1 markus 297:
298: /* We no longer need the challenge. */
299: BN_clear_free(challenge);
300:
301: /* Wait for response from the server. */
1.47 markus 302: type = packet_read();
1.1 markus 303: if (type == SSH_SMSG_SUCCESS) {
304: debug("RSA authentication accepted by server.");
305: return 1;
306: }
307: if (type != SSH_SMSG_FAILURE)
308: packet_disconnect("Protocol error waiting RSA auth response: %d", type);
309: debug("RSA authentication refused.");
310: return 0;
311: }
312:
313: /*
314: * Tries to authenticate the user using combined rhosts or /etc/hosts.equiv
315: * authentication and RSA host authentication.
316: */
1.35 itojun 317: static int
1.29 markus 318: try_rhosts_rsa_authentication(const char *local_user, Key * host_key)
1.1 markus 319: {
320: int type;
321: BIGNUM *challenge;
322:
323: debug("Trying rhosts or /etc/hosts.equiv with RSA host authentication.");
324:
325: /* Tell the server that we are willing to authenticate using this key. */
326: packet_start(SSH_CMSG_AUTH_RHOSTS_RSA);
1.33 markus 327: packet_put_cstring(local_user);
1.29 markus 328: packet_put_int(BN_num_bits(host_key->rsa->n));
329: packet_put_bignum(host_key->rsa->e);
330: packet_put_bignum(host_key->rsa->n);
1.1 markus 331: packet_send();
332: packet_write_wait();
333:
334: /* Wait for server's response. */
1.47 markus 335: type = packet_read();
1.1 markus 336:
337: /* The server responds with failure if it doesn't admit our
338: .rhosts authentication or doesn't know our host key. */
339: if (type == SSH_SMSG_FAILURE) {
340: debug("Server refused our rhosts authentication or host key.");
341: return 0;
342: }
343: /* Otherwise, the server should respond with a challenge. */
344: if (type != SSH_SMSG_AUTH_RSA_CHALLENGE)
345: packet_disconnect("Protocol error during RSA authentication: %d", type);
346:
347: /* Get the challenge from the packet. */
1.43 markus 348: if ((challenge = BN_new()) == NULL)
349: fatal("try_rhosts_rsa_authentication: BN_new failed");
1.46 markus 350: packet_get_bignum(challenge);
1.45 markus 351: packet_check_eom();
1.1 markus 352:
353: debug("Received RSA challenge for host key from server.");
354:
355: /* Compute a response to the challenge. */
1.29 markus 356: respond_to_rsa_challenge(challenge, host_key->rsa);
1.1 markus 357:
358: /* We no longer need the challenge. */
359: BN_clear_free(challenge);
360:
361: /* Wait for response from the server. */
1.47 markus 362: type = packet_read();
1.1 markus 363: if (type == SSH_SMSG_SUCCESS) {
364: debug("Rhosts or /etc/hosts.equiv with RSA host authentication accepted by server.");
365: return 1;
366: }
367: if (type != SSH_SMSG_FAILURE)
368: packet_disconnect("Protocol error waiting RSA auth response: %d", type);
369: debug("Rhosts or /etc/hosts.equiv with RSA host authentication refused.");
370: return 0;
371: }
372:
1.37 dugsong 373: #ifdef KRB5
374: static int
375: try_krb5_authentication(krb5_context *context, krb5_auth_context *auth_context)
376: {
377: krb5_error_code problem;
378: const char *tkfile;
379: struct stat buf;
380: krb5_ccache ccache = NULL;
381: const char *remotehost;
382: krb5_data ap;
1.47 markus 383: int type;
1.37 dugsong 384: krb5_ap_rep_enc_part *reply = NULL;
385: int ret;
1.42 deraadt 386:
1.37 dugsong 387: memset(&ap, 0, sizeof(ap));
1.42 deraadt 388:
1.37 dugsong 389: problem = krb5_init_context(context);
390: if (problem) {
391: debug("Kerberos v5: krb5_init_context failed");
392: ret = 0;
393: goto out;
394: }
1.42 deraadt 395:
1.37 dugsong 396: tkfile = krb5_cc_default_name(*context);
397: if (strncmp(tkfile, "FILE:", 5) == 0)
398: tkfile += 5;
1.42 deraadt 399:
1.37 dugsong 400: if (stat(tkfile, &buf) == 0 && getuid() != buf.st_uid) {
401: debug("Kerberos v5: could not get default ccache (permission denied).");
402: ret = 0;
403: goto out;
404: }
1.42 deraadt 405:
1.37 dugsong 406: problem = krb5_cc_default(*context, &ccache);
407: if (problem) {
408: debug("Kerberos v5: krb5_cc_default failed: %s",
409: krb5_get_err_text(*context, problem));
410: ret = 0;
411: goto out;
412: }
1.42 deraadt 413:
1.37 dugsong 414: remotehost = get_canonical_hostname(1);
1.42 deraadt 415:
1.37 dugsong 416: problem = krb5_mk_req(*context, auth_context, AP_OPTS_MUTUAL_REQUIRED,
417: "host", remotehost, NULL, ccache, &ap);
418: if (problem) {
419: debug("Kerberos v5: krb5_mk_req failed: %s",
420: krb5_get_err_text(*context, problem));
421: ret = 0;
422: goto out;
423: }
1.42 deraadt 424:
1.37 dugsong 425: packet_start(SSH_CMSG_AUTH_KERBEROS);
426: packet_put_string((char *) ap.data, ap.length);
427: packet_send();
428: packet_write_wait();
1.42 deraadt 429:
1.37 dugsong 430: xfree(ap.data);
431: ap.length = 0;
1.42 deraadt 432:
1.47 markus 433: type = packet_read();
1.37 dugsong 434: switch (type) {
1.42 deraadt 435: case SSH_SMSG_FAILURE:
436: /* Should really be SSH_SMSG_AUTH_KERBEROS_FAILURE */
437: debug("Kerberos v5 authentication failed.");
438: ret = 0;
439: break;
440:
1.37 dugsong 441: case SSH_SMSG_AUTH_KERBEROS_RESPONSE:
1.42 deraadt 442: /* SSH_SMSG_AUTH_KERBEROS_SUCCESS */
443: debug("Kerberos v5 authentication accepted.");
444:
445: /* Get server's response. */
446: ap.data = packet_get_string((unsigned int *) &ap.length);
1.45 markus 447: packet_check_eom();
1.42 deraadt 448: /* XXX je to dobre? */
449:
450: problem = krb5_rd_rep(*context, *auth_context, &ap, &reply);
451: if (problem) {
1.37 dugsong 452: ret = 0;
453: }
454: ret = 1;
455: break;
1.42 deraadt 456:
1.37 dugsong 457: default:
458: packet_disconnect("Protocol error on Kerberos v5 response: %d",
459: type);
460: ret = 0;
461: break;
1.42 deraadt 462:
1.37 dugsong 463: }
1.42 deraadt 464:
1.37 dugsong 465: out:
466: if (ccache != NULL)
467: krb5_cc_close(*context, ccache);
468: if (reply != NULL)
469: krb5_free_ap_rep_enc_part(*context, reply);
470: if (ap.length > 0)
471: krb5_data_free(&ap);
1.42 deraadt 472:
1.37 dugsong 473: return (ret);
474: }
475:
476: static void
477: send_krb5_tgt(krb5_context context, krb5_auth_context auth_context)
478: {
1.47 markus 479: int fd, type;
1.37 dugsong 480: krb5_error_code problem;
481: krb5_data outbuf;
482: krb5_ccache ccache = NULL;
483: krb5_creds creds;
484: krb5_kdc_flags flags;
485: const char *remotehost;
1.42 deraadt 486:
1.37 dugsong 487: memset(&creds, 0, sizeof(creds));
488: memset(&outbuf, 0, sizeof(outbuf));
1.42 deraadt 489:
1.37 dugsong 490: fd = packet_get_connection_in();
1.42 deraadt 491:
1.37 dugsong 492: problem = krb5_auth_con_setaddrs_from_fd(context, auth_context, &fd);
493: if (problem)
494: goto out;
1.42 deraadt 495:
1.37 dugsong 496: problem = krb5_cc_default(context, &ccache);
497: if (problem)
498: goto out;
1.42 deraadt 499:
1.37 dugsong 500: problem = krb5_cc_get_principal(context, ccache, &creds.client);
501: if (problem)
502: goto out;
1.42 deraadt 503:
1.37 dugsong 504: problem = krb5_build_principal(context, &creds.server,
505: strlen(creds.client->realm), creds.client->realm,
506: "krbtgt", creds.client->realm, NULL);
507: if (problem)
508: goto out;
1.42 deraadt 509:
1.37 dugsong 510: creds.times.endtime = 0;
1.42 deraadt 511:
1.37 dugsong 512: flags.i = 0;
513: flags.b.forwarded = 1;
514: flags.b.forwardable = krb5_config_get_bool(context, NULL,
515: "libdefaults", "forwardable", NULL);
1.42 deraadt 516:
1.37 dugsong 517: remotehost = get_canonical_hostname(1);
1.42 deraadt 518:
1.37 dugsong 519: problem = krb5_get_forwarded_creds(context, auth_context,
520: ccache, flags.i, remotehost, &creds, &outbuf);
521: if (problem)
522: goto out;
1.42 deraadt 523:
1.37 dugsong 524: packet_start(SSH_CMSG_HAVE_KERBEROS_TGT);
525: packet_put_string((char *)outbuf.data, outbuf.length);
526: packet_send();
527: packet_write_wait();
1.42 deraadt 528:
1.47 markus 529: type = packet_read();
1.42 deraadt 530:
1.37 dugsong 531: if (type == SSH_SMSG_SUCCESS) {
532: char *pname;
1.42 deraadt 533:
1.37 dugsong 534: krb5_unparse_name(context, creds.client, &pname);
535: debug("Kerberos v5 TGT forwarded (%s).", pname);
536: xfree(pname);
537: } else
538: debug("Kerberos v5 TGT forwarding failed.");
1.42 deraadt 539:
1.37 dugsong 540: return;
1.42 deraadt 541:
1.37 dugsong 542: out:
543: if (problem)
544: debug("Kerberos v5 TGT forwarding failed: %s",
545: krb5_get_err_text(context, problem));
546: if (creds.client)
547: krb5_free_principal(context, creds.client);
548: if (creds.server)
549: krb5_free_principal(context, creds.server);
550: if (ccache)
551: krb5_cc_close(context, ccache);
552: if (outbuf.data)
553: xfree(outbuf.data);
554: }
555: #endif /* KRB5 */
556:
1.1 markus 557: /*
558: * Tries to authenticate with any string-based challenge/response system.
559: * Note that the client code is not tied to s/key or TIS.
560: */
1.35 itojun 561: static int
1.32 markus 562: try_challenge_response_authentication(void)
1.1 markus 563: {
564: int type, i;
1.13 markus 565: u_int clen;
1.12 markus 566: char prompt[1024];
1.1 markus 567: char *challenge, *response;
1.40 markus 568:
569: debug("Doing challenge response authentication.");
570:
1.12 markus 571: for (i = 0; i < options.number_of_password_prompts; i++) {
572: /* request a challenge */
573: packet_start(SSH_CMSG_AUTH_TIS);
574: packet_send();
575: packet_write_wait();
1.1 markus 576:
1.47 markus 577: type = packet_read();
1.12 markus 578: if (type != SSH_SMSG_FAILURE &&
579: type != SSH_SMSG_AUTH_TIS_CHALLENGE) {
580: packet_disconnect("Protocol error: got %d in response "
1.20 markus 581: "to SSH_CMSG_AUTH_TIS", type);
1.12 markus 582: }
583: if (type != SSH_SMSG_AUTH_TIS_CHALLENGE) {
1.20 markus 584: debug("No challenge.");
1.12 markus 585: return 0;
586: }
587: challenge = packet_get_string(&clen);
1.45 markus 588: packet_check_eom();
1.16 markus 589: snprintf(prompt, sizeof prompt, "%s%s", challenge,
1.42 deraadt 590: strchr(challenge, '\n') ? "" : "\nResponse: ");
1.12 markus 591: xfree(challenge);
1.1 markus 592: if (i != 0)
593: error("Permission denied, please try again.");
1.12 markus 594: if (options.cipher == SSH_CIPHER_NONE)
1.53 itojun 595: logit("WARNING: Encryption is disabled! "
1.50 stevesk 596: "Response will be transmitted in clear text.");
1.12 markus 597: response = read_passphrase(prompt, 0);
598: if (strcmp(response, "") == 0) {
599: xfree(response);
600: break;
601: }
1.1 markus 602: packet_start(SSH_CMSG_AUTH_TIS_RESPONSE);
1.27 markus 603: ssh_put_password(response);
1.1 markus 604: memset(response, 0, strlen(response));
605: xfree(response);
606: packet_send();
607: packet_write_wait();
1.47 markus 608: type = packet_read();
1.1 markus 609: if (type == SSH_SMSG_SUCCESS)
610: return 1;
611: if (type != SSH_SMSG_FAILURE)
612: packet_disconnect("Protocol error: got %d in response "
1.20 markus 613: "to SSH_CMSG_AUTH_TIS_RESPONSE", type);
1.1 markus 614: }
615: /* failure */
616: return 0;
617: }
618:
619: /*
620: * Tries to authenticate with plain passwd authentication.
621: */
1.35 itojun 622: static int
1.1 markus 623: try_password_authentication(char *prompt)
624: {
1.47 markus 625: int type, i;
1.1 markus 626: char *password;
627:
628: debug("Doing password authentication.");
629: if (options.cipher == SSH_CIPHER_NONE)
1.53 itojun 630: logit("WARNING: Encryption is disabled! Password will be transmitted in clear text.");
1.1 markus 631: for (i = 0; i < options.number_of_password_prompts; i++) {
632: if (i != 0)
633: error("Permission denied, please try again.");
634: password = read_passphrase(prompt, 0);
635: packet_start(SSH_CMSG_AUTH_PASSWORD);
1.27 markus 636: ssh_put_password(password);
1.1 markus 637: memset(password, 0, strlen(password));
638: xfree(password);
639: packet_send();
640: packet_write_wait();
641:
1.47 markus 642: type = packet_read();
1.1 markus 643: if (type == SSH_SMSG_SUCCESS)
644: return 1;
645: if (type != SSH_SMSG_FAILURE)
646: packet_disconnect("Protocol error: got %d in response to passwd auth", type);
647: }
648: /* failure */
649: return 0;
650: }
651:
652: /*
653: * SSH1 key exchange
654: */
655: void
656: ssh_kex(char *host, struct sockaddr *hostaddr)
657: {
658: int i;
659: BIGNUM *key;
1.43 markus 660: Key *host_key, *server_key;
1.1 markus 661: int bits, rbits;
662: int ssh_cipher_default = SSH_CIPHER_3DES;
1.13 markus 663: u_char session_key[SSH_SESSION_KEY_LENGTH];
664: u_char cookie[8];
665: u_int supported_ciphers;
666: u_int server_flags, client_flags;
1.1 markus 667: u_int32_t rand = 0;
668:
669: debug("Waiting for server public key.");
670:
671: /* Wait for a public key packet from the server. */
1.47 markus 672: packet_read_expect(SSH_SMSG_PUBLIC_KEY);
1.1 markus 673:
674: /* Get cookie from the packet. */
675: for (i = 0; i < 8; i++)
676: cookie[i] = packet_get_char();
677:
678: /* Get the public key. */
1.43 markus 679: server_key = key_new(KEY_RSA1);
680: bits = packet_get_int();
1.46 markus 681: packet_get_bignum(server_key->rsa->e);
682: packet_get_bignum(server_key->rsa->n);
1.1 markus 683:
1.43 markus 684: rbits = BN_num_bits(server_key->rsa->n);
1.1 markus 685: if (bits != rbits) {
1.53 itojun 686: logit("Warning: Server lies about size of server public key: "
1.1 markus 687: "actual size is %d bits vs. announced %d.", rbits, bits);
1.53 itojun 688: logit("Warning: This may be due to an old implementation of ssh.");
1.1 markus 689: }
690: /* Get the host key. */
1.43 markus 691: host_key = key_new(KEY_RSA1);
692: bits = packet_get_int();
1.46 markus 693: packet_get_bignum(host_key->rsa->e);
694: packet_get_bignum(host_key->rsa->n);
1.1 markus 695:
1.43 markus 696: rbits = BN_num_bits(host_key->rsa->n);
1.1 markus 697: if (bits != rbits) {
1.53 itojun 698: logit("Warning: Server lies about size of server host key: "
1.1 markus 699: "actual size is %d bits vs. announced %d.", rbits, bits);
1.53 itojun 700: logit("Warning: This may be due to an old implementation of ssh.");
1.1 markus 701: }
702:
703: /* Get protocol flags. */
704: server_flags = packet_get_int();
705: packet_set_protocol_flags(server_flags);
706:
707: supported_ciphers = packet_get_int();
708: supported_authentications = packet_get_int();
1.45 markus 709: packet_check_eom();
1.1 markus 710:
711: debug("Received server public key (%d bits) and host key (%d bits).",
1.43 markus 712: BN_num_bits(server_key->rsa->n), BN_num_bits(host_key->rsa->n));
1.1 markus 713:
1.43 markus 714: if (verify_host_key(host, hostaddr, host_key) == -1)
1.41 markus 715: fatal("Host key verification failed.");
1.1 markus 716:
717: client_flags = SSH_PROTOFLAG_SCREEN_NUMBER | SSH_PROTOFLAG_HOST_IN_FWD_OPEN;
718:
1.43 markus 719: compute_session_id(session_id, cookie, host_key->rsa->n, server_key->rsa->n);
1.1 markus 720:
721: /* Generate a session key. */
722: arc4random_stir();
723:
724: /*
725: * Generate an encryption key for the session. The key is a 256 bit
726: * random number, interpreted as a 32-byte key, with the least
727: * significant 8 bits being the first byte of the key.
728: */
729: for (i = 0; i < 32; i++) {
730: if (i % 4 == 0)
731: rand = arc4random();
732: session_key[i] = rand & 0xff;
733: rand >>= 8;
734: }
735:
736: /*
737: * According to the protocol spec, the first byte of the session key
738: * is the highest byte of the integer. The session key is xored with
739: * the first 16 bytes of the session id.
740: */
1.43 markus 741: if ((key = BN_new()) == NULL)
742: fatal("respond_to_rsa_challenge: BN_new failed");
1.1 markus 743: BN_set_word(key, 0);
744: for (i = 0; i < SSH_SESSION_KEY_LENGTH; i++) {
745: BN_lshift(key, key, 8);
746: if (i < 16)
747: BN_add_word(key, session_key[i] ^ session_id[i]);
748: else
749: BN_add_word(key, session_key[i]);
750: }
751:
752: /*
753: * Encrypt the integer using the public key and host key of the
754: * server (key with smaller modulus first).
755: */
1.43 markus 756: if (BN_cmp(server_key->rsa->n, host_key->rsa->n) < 0) {
1.1 markus 757: /* Public key has smaller modulus. */
1.43 markus 758: if (BN_num_bits(host_key->rsa->n) <
759: BN_num_bits(server_key->rsa->n) + SSH_KEY_BITS_RESERVED) {
760: fatal("respond_to_rsa_challenge: host_key %d < server_key %d + "
1.42 deraadt 761: "SSH_KEY_BITS_RESERVED %d",
1.43 markus 762: BN_num_bits(host_key->rsa->n),
763: BN_num_bits(server_key->rsa->n),
1.42 deraadt 764: SSH_KEY_BITS_RESERVED);
1.1 markus 765: }
1.43 markus 766: rsa_public_encrypt(key, key, server_key->rsa);
767: rsa_public_encrypt(key, key, host_key->rsa);
1.1 markus 768: } else {
769: /* Host key has smaller modulus (or they are equal). */
1.43 markus 770: if (BN_num_bits(server_key->rsa->n) <
771: BN_num_bits(host_key->rsa->n) + SSH_KEY_BITS_RESERVED) {
772: fatal("respond_to_rsa_challenge: server_key %d < host_key %d + "
1.42 deraadt 773: "SSH_KEY_BITS_RESERVED %d",
1.43 markus 774: BN_num_bits(server_key->rsa->n),
775: BN_num_bits(host_key->rsa->n),
1.42 deraadt 776: SSH_KEY_BITS_RESERVED);
1.1 markus 777: }
1.43 markus 778: rsa_public_encrypt(key, key, host_key->rsa);
779: rsa_public_encrypt(key, key, server_key->rsa);
1.1 markus 780: }
781:
782: /* Destroy the public keys since we no longer need them. */
1.43 markus 783: key_free(server_key);
784: key_free(host_key);
1.1 markus 785:
1.11 markus 786: if (options.cipher == SSH_CIPHER_NOT_SET) {
787: if (cipher_mask_ssh1(1) & supported_ciphers & (1 << ssh_cipher_default))
788: options.cipher = ssh_cipher_default;
789: } else if (options.cipher == SSH_CIPHER_ILLEGAL ||
1.10 markus 790: !(cipher_mask_ssh1(1) & (1 << options.cipher))) {
1.53 itojun 791: logit("No valid SSH1 cipher, using %.100s instead.",
1.7 markus 792: cipher_name(ssh_cipher_default));
793: options.cipher = ssh_cipher_default;
1.1 markus 794: }
795: /* Check that the selected cipher is supported. */
796: if (!(supported_ciphers & (1 << options.cipher)))
797: fatal("Selected cipher type %.100s not supported by server.",
1.42 deraadt 798: cipher_name(options.cipher));
1.1 markus 799:
800: debug("Encryption type: %.100s", cipher_name(options.cipher));
801:
802: /* Send the encrypted session key to the server. */
803: packet_start(SSH_CMSG_SESSION_KEY);
804: packet_put_char(options.cipher);
805:
806: /* Send the cookie back to the server. */
807: for (i = 0; i < 8; i++)
808: packet_put_char(cookie[i]);
809:
810: /* Send and destroy the encrypted encryption key integer. */
811: packet_put_bignum(key);
812: BN_clear_free(key);
813:
814: /* Send protocol flags. */
815: packet_put_int(client_flags);
816:
817: /* Send the packet now. */
818: packet_send();
819: packet_write_wait();
820:
821: debug("Sent encrypted session key.");
822:
823: /* Set the encryption key. */
824: packet_set_encryption_key(session_key, SSH_SESSION_KEY_LENGTH, options.cipher);
825:
826: /* We will no longer need the session key here. Destroy any extra copies. */
827: memset(session_key, 0, sizeof(session_key));
828:
829: /*
830: * Expect a success message from the server. Note that this message
831: * will be received in encrypted form.
832: */
1.47 markus 833: packet_read_expect(SSH_SMSG_SUCCESS);
1.1 markus 834:
835: debug("Received encrypted confirmation.");
836: }
837:
838: /*
839: * Authenticate user
840: */
841: void
1.30 markus 842: ssh_userauth1(const char *local_user, const char *server_user, char *host,
1.51 markus 843: Sensitive *sensitive)
1.1 markus 844: {
1.37 dugsong 845: #ifdef KRB5
846: krb5_context context = NULL;
847: krb5_auth_context auth_context = NULL;
848: #endif
1.1 markus 849: int i, type;
1.42 deraadt 850:
1.1 markus 851: if (supported_authentications == 0)
1.30 markus 852: fatal("ssh_userauth1: server supports no auth methods");
1.1 markus 853:
854: /* Send the name of the user to log in as on the server. */
855: packet_start(SSH_CMSG_USER);
1.33 markus 856: packet_put_cstring(server_user);
1.1 markus 857: packet_send();
858: packet_write_wait();
859:
860: /*
861: * The server should respond with success if no authentication is
862: * needed (the user has no password). Otherwise the server responds
863: * with failure.
864: */
1.47 markus 865: type = packet_read();
1.1 markus 866:
867: /* check whether the connection was accepted without authentication. */
868: if (type == SSH_SMSG_SUCCESS)
1.37 dugsong 869: goto success;
1.1 markus 870: if (type != SSH_SMSG_FAILURE)
1.37 dugsong 871: packet_disconnect("Protocol error: got %d in response to SSH_CMSG_USER", type);
1.42 deraadt 872:
1.37 dugsong 873: #ifdef KRB5
874: if ((supported_authentications & (1 << SSH_AUTH_KERBEROS)) &&
1.42 deraadt 875: options.kerberos_authentication) {
1.37 dugsong 876: debug("Trying Kerberos v5 authentication.");
1.42 deraadt 877:
1.37 dugsong 878: if (try_krb5_authentication(&context, &auth_context)) {
1.47 markus 879: type = packet_read();
1.37 dugsong 880: if (type == SSH_SMSG_SUCCESS)
881: goto success;
882: if (type != SSH_SMSG_FAILURE)
883: packet_disconnect("Protocol error: got %d in response to Kerberos v5 auth", type);
884: }
1.1 markus 885: }
1.37 dugsong 886: #endif /* KRB5 */
1.42 deraadt 887:
1.1 markus 888: /*
889: * Use rhosts authentication if running in privileged socket and we
890: * do not wish to remain anonymous.
891: */
892: if ((supported_authentications & (1 << SSH_AUTH_RHOSTS)) &&
893: options.rhosts_authentication) {
894: debug("Trying rhosts authentication.");
895: packet_start(SSH_CMSG_AUTH_RHOSTS);
1.33 markus 896: packet_put_cstring(local_user);
1.1 markus 897: packet_send();
898: packet_write_wait();
899:
900: /* The server should respond with success or failure. */
1.47 markus 901: type = packet_read();
1.1 markus 902: if (type == SSH_SMSG_SUCCESS)
1.37 dugsong 903: goto success;
1.1 markus 904: if (type != SSH_SMSG_FAILURE)
905: packet_disconnect("Protocol error: got %d in response to rhosts auth",
906: type);
907: }
908: /*
909: * Try .rhosts or /etc/hosts.equiv authentication with RSA host
910: * authentication.
911: */
912: if ((supported_authentications & (1 << SSH_AUTH_RHOSTS_RSA)) &&
1.30 markus 913: options.rhosts_rsa_authentication) {
1.51 markus 914: for (i = 0; i < sensitive->nkeys; i++) {
915: if (sensitive->keys[i] != NULL &&
916: sensitive->keys[i]->type == KEY_RSA1 &&
917: try_rhosts_rsa_authentication(local_user,
918: sensitive->keys[i]))
1.37 dugsong 919: goto success;
1.30 markus 920: }
1.1 markus 921: }
922: /* Try RSA authentication if the server supports it. */
923: if ((supported_authentications & (1 << SSH_AUTH_RSA)) &&
924: options.rsa_authentication) {
925: /*
926: * Try RSA authentication using the authentication agent. The
927: * agent is tried first because no passphrase is needed for
928: * it, whereas identity files may require passphrases.
929: */
930: if (try_agent_authentication())
1.37 dugsong 931: goto success;
1.1 markus 932:
933: /* Try RSA authentication for each identity. */
934: for (i = 0; i < options.num_identity_files; i++)
1.28 markus 935: if (options.identity_keys[i] != NULL &&
936: options.identity_keys[i]->type == KEY_RSA1 &&
1.38 markus 937: try_rsa_authentication(i))
1.37 dugsong 938: goto success;
1.1 markus 939: }
1.20 markus 940: /* Try challenge response authentication if the server supports it. */
1.1 markus 941: if ((supported_authentications & (1 << SSH_AUTH_TIS)) &&
1.32 markus 942: options.challenge_response_authentication && !options.batch_mode) {
943: if (try_challenge_response_authentication())
1.37 dugsong 944: goto success;
1.1 markus 945: }
946: /* Try password authentication if the server supports it. */
947: if ((supported_authentications & (1 << SSH_AUTH_PASSWORD)) &&
948: options.password_authentication && !options.batch_mode) {
949: char prompt[80];
950:
1.23 itojun 951: snprintf(prompt, sizeof(prompt), "%.30s@%.128s's password: ",
1.1 markus 952: server_user, host);
953: if (try_password_authentication(prompt))
1.37 dugsong 954: goto success;
1.1 markus 955: }
956: /* All authentication methods have failed. Exit with an error message. */
957: fatal("Permission denied.");
958: /* NOTREACHED */
1.37 dugsong 959:
960: success:
961: #ifdef KRB5
962: /* Try Kerberos v5 TGT passing. */
963: if ((supported_authentications & (1 << SSH_PASS_KERBEROS_TGT)) &&
964: options.kerberos_tgt_passing && context && auth_context) {
965: if (options.cipher == SSH_CIPHER_NONE)
1.53 itojun 966: logit("WARNING: Encryption is disabled! Ticket will be transmitted in the clear!");
1.37 dugsong 967: send_krb5_tgt(context, auth_context);
968: }
969: if (auth_context)
970: krb5_auth_con_free(context, auth_context);
971: if (context)
972: krb5_free_context(context);
973: #endif
1.39 stevesk 974: return; /* need statement after label */
1.1 markus 975: }