Annotation of src/usr.bin/ssh/auth2-chall.c, Revision 1.19
1.1 markus 1: /*
1.3 deraadt 2: * Copyright (c) 2001 Markus Friedl. All rights reserved.
1.5 markus 3: * Copyright (c) 2001 Per Allansson. All rights reserved.
1.1 markus 4: *
5: * Redistribution and use in source and binary forms, with or without
6: * modification, are permitted provided that the following conditions
7: * are met:
8: * 1. Redistributions of source code must retain the above copyright
9: * notice, this list of conditions and the following disclaimer.
10: * 2. Redistributions in binary form must reproduce the above copyright
11: * notice, this list of conditions and the following disclaimer in the
12: * documentation and/or other materials provided with the distribution.
13: *
14: * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15: * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16: * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17: * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
18: * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19: * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20: * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21: * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22: * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23: * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24: */
25: #include "includes.h"
1.19 ! markus 26: RCSID("$OpenBSD: auth2-chall.c,v 1.18 2002/06/19 00:27:55 deraadt Exp $");
1.1 markus 27:
28: #include "ssh2.h"
29: #include "auth.h"
1.16 markus 30: #include "buffer.h"
1.1 markus 31: #include "packet.h"
32: #include "xmalloc.h"
33: #include "dispatch.h"
1.5 markus 34: #include "auth.h"
1.2 markus 35: #include "log.h"
1.1 markus 36:
1.7 itojun 37: static int auth2_challenge_start(Authctxt *);
38: static int send_userauth_info_request(Authctxt *);
1.13 markus 39: static void input_userauth_info_response(int, u_int32_t, void *);
1.5 markus 40:
41: #ifdef BSD_AUTH
42: extern KbdintDevice bsdauth_device;
43: #else
44: #ifdef SKEY
45: extern KbdintDevice skey_device;
46: #endif
47: #endif
48:
49: KbdintDevice *devices[] = {
50: #ifdef BSD_AUTH
51: &bsdauth_device,
52: #else
53: #ifdef SKEY
54: &skey_device,
55: #endif
56: #endif
57: NULL
58: };
59:
60: typedef struct KbdintAuthctxt KbdintAuthctxt;
61: struct KbdintAuthctxt
62: {
63: char *devices;
64: void *ctxt;
65: KbdintDevice *device;
1.19 ! markus 66: u_int nreq;
1.5 markus 67: };
68:
1.7 itojun 69: static KbdintAuthctxt *
1.5 markus 70: kbdint_alloc(const char *devs)
71: {
72: KbdintAuthctxt *kbdintctxt;
1.16 markus 73: Buffer b;
1.5 markus 74: int i;
75:
76: kbdintctxt = xmalloc(sizeof(KbdintAuthctxt));
77: if (strcmp(devs, "") == 0) {
1.16 markus 78: buffer_init(&b);
1.5 markus 79: for (i = 0; devices[i]; i++) {
1.16 markus 80: if (buffer_len(&b) > 0)
81: buffer_append(&b, ",", 1);
82: buffer_append(&b, devices[i]->name,
83: strlen(devices[i]->name));
1.5 markus 84: }
1.16 markus 85: buffer_append(&b, "\0", 1);
86: kbdintctxt->devices = xstrdup(buffer_ptr(&b));
87: buffer_free(&b);
1.5 markus 88: } else {
89: kbdintctxt->devices = xstrdup(devs);
90: }
1.16 markus 91: debug("kbdint_alloc: devices '%s'", kbdintctxt->devices);
1.5 markus 92: kbdintctxt->ctxt = NULL;
93: kbdintctxt->device = NULL;
1.19 ! markus 94: kbdintctxt->nreq = 0;
1.5 markus 95:
96: return kbdintctxt;
97: }
1.7 itojun 98: static void
1.5 markus 99: kbdint_reset_device(KbdintAuthctxt *kbdintctxt)
100: {
101: if (kbdintctxt->ctxt) {
102: kbdintctxt->device->free_ctx(kbdintctxt->ctxt);
103: kbdintctxt->ctxt = NULL;
104: }
105: kbdintctxt->device = NULL;
106: }
1.7 itojun 107: static void
1.5 markus 108: kbdint_free(KbdintAuthctxt *kbdintctxt)
109: {
110: if (kbdintctxt->device)
111: kbdint_reset_device(kbdintctxt);
112: if (kbdintctxt->devices) {
113: xfree(kbdintctxt->devices);
114: kbdintctxt->devices = NULL;
115: }
116: xfree(kbdintctxt);
117: }
118: /* get next device */
1.7 itojun 119: static int
1.5 markus 120: kbdint_next_device(KbdintAuthctxt *kbdintctxt)
121: {
122: size_t len;
123: char *t;
124: int i;
125:
126: if (kbdintctxt->device)
127: kbdint_reset_device(kbdintctxt);
128: do {
129: len = kbdintctxt->devices ?
130: strcspn(kbdintctxt->devices, ",") : 0;
131:
132: if (len == 0)
133: break;
134: for (i = 0; devices[i]; i++)
135: if (strncmp(kbdintctxt->devices, devices[i]->name, len) == 0)
136: kbdintctxt->device = devices[i];
137: t = kbdintctxt->devices;
138: kbdintctxt->devices = t[len] ? xstrdup(t+len+1) : NULL;
139: xfree(t);
140: debug2("kbdint_next_device: devices %s", kbdintctxt->devices ?
141: kbdintctxt->devices : "<empty>");
142: } while (kbdintctxt->devices && !kbdintctxt->device);
143:
144: return kbdintctxt->device ? 1 : 0;
145: }
1.1 markus 146:
147: /*
1.8 markus 148: * try challenge-response, set authctxt->postponed if we have to
1.1 markus 149: * wait for the response.
150: */
151: int
152: auth2_challenge(Authctxt *authctxt, char *devs)
153: {
1.5 markus 154: debug("auth2_challenge: user=%s devs=%s",
155: authctxt->user ? authctxt->user : "<nouser>",
156: devs ? devs : "<no devs>");
157:
1.6 markus 158: if (authctxt->user == NULL || !devs)
1.5 markus 159: return 0;
1.10 deraadt 160: if (authctxt->kbdintctxt == NULL)
1.5 markus 161: authctxt->kbdintctxt = kbdint_alloc(devs);
162: return auth2_challenge_start(authctxt);
163: }
164:
1.9 markus 165: /* unregister kbd-int callbacks and context */
166: void
167: auth2_challenge_stop(Authctxt *authctxt)
168: {
169: /* unregister callback */
170: dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE, NULL);
171: if (authctxt->kbdintctxt != NULL) {
172: kbdint_free(authctxt->kbdintctxt);
173: authctxt->kbdintctxt = NULL;
174: }
175: }
176:
1.5 markus 177: /* side effect: sets authctxt->postponed if a reply was sent*/
178: static int
179: auth2_challenge_start(Authctxt *authctxt)
180: {
181: KbdintAuthctxt *kbdintctxt = authctxt->kbdintctxt;
182:
183: debug2("auth2_challenge_start: devices %s",
184: kbdintctxt->devices ? kbdintctxt->devices : "<empty>");
185:
186: if (kbdint_next_device(kbdintctxt) == 0) {
1.9 markus 187: auth2_challenge_stop(authctxt);
1.5 markus 188: return 0;
189: }
190: debug("auth2_challenge_start: trying authentication method '%s'",
191: kbdintctxt->device->name);
1.1 markus 192:
1.5 markus 193: if ((kbdintctxt->ctxt = kbdintctxt->device->init_ctx(authctxt)) == NULL) {
1.9 markus 194: auth2_challenge_stop(authctxt);
1.1 markus 195: return 0;
1.5 markus 196: }
197: if (send_userauth_info_request(authctxt) == 0) {
1.9 markus 198: auth2_challenge_stop(authctxt);
1.1 markus 199: return 0;
1.5 markus 200: }
1.1 markus 201: dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE,
202: &input_userauth_info_response);
1.5 markus 203:
1.1 markus 204: authctxt->postponed = 1;
205: return 0;
206: }
207:
1.5 markus 208: static int
209: send_userauth_info_request(Authctxt *authctxt)
1.1 markus 210: {
1.5 markus 211: KbdintAuthctxt *kbdintctxt;
212: char *name, *instr, **prompts;
213: int i;
1.19 ! markus 214: u_int *echo_on;
1.5 markus 215:
216: kbdintctxt = authctxt->kbdintctxt;
217: if (kbdintctxt->device->query(kbdintctxt->ctxt,
1.19 ! markus 218: &name, &instr, &kbdintctxt->nreq, &prompts, &echo_on))
1.5 markus 219: return 0;
1.1 markus 220:
221: packet_start(SSH2_MSG_USERAUTH_INFO_REQUEST);
1.5 markus 222: packet_put_cstring(name);
223: packet_put_cstring(instr);
1.18 deraadt 224: packet_put_cstring(""); /* language not used */
1.19 ! markus 225: packet_put_int(kbdintctxt->nreq);
! 226: for (i = 0; i < kbdintctxt->nreq; i++) {
1.5 markus 227: packet_put_cstring(prompts[i]);
228: packet_put_char(echo_on[i]);
229: }
1.1 markus 230: packet_send();
231: packet_write_wait();
1.5 markus 232:
1.19 ! markus 233: for (i = 0; i < kbdintctxt->nreq; i++)
1.5 markus 234: xfree(prompts[i]);
235: xfree(prompts);
236: xfree(echo_on);
237: xfree(name);
238: xfree(instr);
239: return 1;
1.1 markus 240: }
241:
1.5 markus 242: static void
1.13 markus 243: input_userauth_info_response(int type, u_int32_t seq, void *ctxt)
1.1 markus 244: {
245: Authctxt *authctxt = ctxt;
1.5 markus 246: KbdintAuthctxt *kbdintctxt;
247: int i, authenticated = 0, res, len;
248: u_int nresp;
249: char **response = NULL, *method;
1.1 markus 250:
251: if (authctxt == NULL)
252: fatal("input_userauth_info_response: no authctxt");
1.5 markus 253: kbdintctxt = authctxt->kbdintctxt;
254: if (kbdintctxt == NULL || kbdintctxt->ctxt == NULL)
255: fatal("input_userauth_info_response: no kbdintctxt");
256: if (kbdintctxt->device == NULL)
257: fatal("input_userauth_info_response: no device");
1.1 markus 258:
259: authctxt->postponed = 0; /* reset */
260: nresp = packet_get_int();
1.19 ! markus 261: if (nresp != kbdintctxt->nreq)
! 262: fatal("input_userauth_info_response: wrong number of replies");
! 263: if (nresp > 100)
! 264: fatal("input_userauth_info_response: too many replies");
1.5 markus 265: if (nresp > 0) {
266: response = xmalloc(nresp * sizeof(char*));
267: for (i = 0; i < nresp; i++)
268: response[i] = packet_get_string(NULL);
269: }
1.12 markus 270: packet_check_eom();
1.5 markus 271:
272: if (authctxt->valid) {
273: res = kbdintctxt->device->respond(kbdintctxt->ctxt,
274: nresp, response);
275: } else {
276: res = -1;
277: }
278:
279: for (i = 0; i < nresp; i++) {
280: memset(response[i], 'r', strlen(response[i]));
281: xfree(response[i]);
282: }
283: if (response)
284: xfree(response);
285:
286: switch (res) {
287: case 0:
288: /* Success! */
289: authenticated = 1;
290: break;
291: case 1:
292: /* Authentication needs further interaction */
1.9 markus 293: if (send_userauth_info_request(authctxt) == 1)
294: authctxt->postponed = 1;
1.5 markus 295: break;
296: default:
297: /* Failure! */
298: break;
1.1 markus 299: }
1.5 markus 300:
301: len = strlen("keyboard-interactive") + 2 +
302: strlen(kbdintctxt->device->name);
303: method = xmalloc(len);
1.15 markus 304: snprintf(method, len, "keyboard-interactive/%s",
305: kbdintctxt->device->name);
1.5 markus 306:
307: if (!authctxt->postponed) {
308: if (authenticated) {
1.9 markus 309: auth2_challenge_stop(authctxt);
1.5 markus 310: } else {
311: /* start next device */
312: /* may set authctxt->postponed */
313: auth2_challenge_start(authctxt);
314: }
315: }
1.4 markus 316: userauth_finish(authctxt, authenticated, method);
1.5 markus 317: xfree(method);
1.17 provos 318: }
319:
320: void
321: privsep_challenge_enable(void)
322: {
323: #ifdef BSD_AUTH
324: extern KbdintDevice mm_bsdauth_device;
325: #endif
326: #ifdef SKEY
327: extern KbdintDevice mm_skey_device;
328: #endif
329: /* As long as SSHv1 has devices[0] hard coded this is fine */
330: #ifdef BSD_AUTH
331: devices[0] = &mm_bsdauth_device;
332: #else
333: #ifdef SKEY
334: devices[0] = &mm_skey_device;
335: #endif
336: #endif
1.1 markus 337: }