Annotation of src/usr.bin/ssh/auth2-chall.c, Revision 1.26
1.1 markus 1: /*
1.3 deraadt 2: * Copyright (c) 2001 Markus Friedl. All rights reserved.
1.5 markus 3: * Copyright (c) 2001 Per Allansson. All rights reserved.
1.1 markus 4: *
5: * Redistribution and use in source and binary forms, with or without
6: * modification, are permitted provided that the following conditions
7: * are met:
8: * 1. Redistributions of source code must retain the above copyright
9: * notice, this list of conditions and the following disclaimer.
10: * 2. Redistributions in binary form must reproduce the above copyright
11: * notice, this list of conditions and the following disclaimer in the
12: * documentation and/or other materials provided with the distribution.
13: *
14: * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15: * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16: * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17: * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
18: * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19: * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20: * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21: * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22: * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23: * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24: */
25: #include "includes.h"
26:
27: #include "ssh2.h"
28: #include "auth.h"
1.16 markus 29: #include "buffer.h"
1.1 markus 30: #include "packet.h"
31: #include "xmalloc.h"
32: #include "dispatch.h"
1.2 markus 33: #include "log.h"
1.1 markus 34:
1.7 itojun 35: static int auth2_challenge_start(Authctxt *);
36: static int send_userauth_info_request(Authctxt *);
1.13 markus 37: static void input_userauth_info_response(int, u_int32_t, void *);
1.5 markus 38:
39: #ifdef BSD_AUTH
40: extern KbdintDevice bsdauth_device;
41: #else
42: #ifdef SKEY
43: extern KbdintDevice skey_device;
44: #endif
45: #endif
46:
47: KbdintDevice *devices[] = {
48: #ifdef BSD_AUTH
49: &bsdauth_device,
50: #else
51: #ifdef SKEY
52: &skey_device,
53: #endif
54: #endif
55: NULL
56: };
57:
58: typedef struct KbdintAuthctxt KbdintAuthctxt;
59: struct KbdintAuthctxt
60: {
61: char *devices;
62: void *ctxt;
63: KbdintDevice *device;
1.19 markus 64: u_int nreq;
1.5 markus 65: };
66:
1.7 itojun 67: static KbdintAuthctxt *
1.5 markus 68: kbdint_alloc(const char *devs)
69: {
70: KbdintAuthctxt *kbdintctxt;
1.16 markus 71: Buffer b;
1.5 markus 72: int i;
73:
74: kbdintctxt = xmalloc(sizeof(KbdintAuthctxt));
75: if (strcmp(devs, "") == 0) {
1.16 markus 76: buffer_init(&b);
1.5 markus 77: for (i = 0; devices[i]; i++) {
1.16 markus 78: if (buffer_len(&b) > 0)
79: buffer_append(&b, ",", 1);
80: buffer_append(&b, devices[i]->name,
81: strlen(devices[i]->name));
1.5 markus 82: }
1.16 markus 83: buffer_append(&b, "\0", 1);
84: kbdintctxt->devices = xstrdup(buffer_ptr(&b));
85: buffer_free(&b);
1.5 markus 86: } else {
87: kbdintctxt->devices = xstrdup(devs);
88: }
1.16 markus 89: debug("kbdint_alloc: devices '%s'", kbdintctxt->devices);
1.5 markus 90: kbdintctxt->ctxt = NULL;
91: kbdintctxt->device = NULL;
1.19 markus 92: kbdintctxt->nreq = 0;
1.5 markus 93:
94: return kbdintctxt;
95: }
1.7 itojun 96: static void
1.5 markus 97: kbdint_reset_device(KbdintAuthctxt *kbdintctxt)
98: {
99: if (kbdintctxt->ctxt) {
100: kbdintctxt->device->free_ctx(kbdintctxt->ctxt);
101: kbdintctxt->ctxt = NULL;
102: }
103: kbdintctxt->device = NULL;
104: }
1.7 itojun 105: static void
1.5 markus 106: kbdint_free(KbdintAuthctxt *kbdintctxt)
107: {
108: if (kbdintctxt->device)
109: kbdint_reset_device(kbdintctxt);
110: if (kbdintctxt->devices) {
111: xfree(kbdintctxt->devices);
112: kbdintctxt->devices = NULL;
113: }
114: xfree(kbdintctxt);
115: }
116: /* get next device */
1.7 itojun 117: static int
1.5 markus 118: kbdint_next_device(KbdintAuthctxt *kbdintctxt)
119: {
120: size_t len;
121: char *t;
122: int i;
123:
124: if (kbdintctxt->device)
125: kbdint_reset_device(kbdintctxt);
126: do {
127: len = kbdintctxt->devices ?
128: strcspn(kbdintctxt->devices, ",") : 0;
129:
130: if (len == 0)
131: break;
132: for (i = 0; devices[i]; i++)
133: if (strncmp(kbdintctxt->devices, devices[i]->name, len) == 0)
134: kbdintctxt->device = devices[i];
135: t = kbdintctxt->devices;
136: kbdintctxt->devices = t[len] ? xstrdup(t+len+1) : NULL;
137: xfree(t);
138: debug2("kbdint_next_device: devices %s", kbdintctxt->devices ?
1.24 djm 139: kbdintctxt->devices : "<empty>");
1.5 markus 140: } while (kbdintctxt->devices && !kbdintctxt->device);
141:
142: return kbdintctxt->device ? 1 : 0;
143: }
1.1 markus 144:
145: /*
1.8 markus 146: * try challenge-response, set authctxt->postponed if we have to
1.1 markus 147: * wait for the response.
148: */
149: int
150: auth2_challenge(Authctxt *authctxt, char *devs)
151: {
1.5 markus 152: debug("auth2_challenge: user=%s devs=%s",
153: authctxt->user ? authctxt->user : "<nouser>",
154: devs ? devs : "<no devs>");
155:
1.6 markus 156: if (authctxt->user == NULL || !devs)
1.5 markus 157: return 0;
1.10 deraadt 158: if (authctxt->kbdintctxt == NULL)
1.5 markus 159: authctxt->kbdintctxt = kbdint_alloc(devs);
160: return auth2_challenge_start(authctxt);
161: }
162:
1.9 markus 163: /* unregister kbd-int callbacks and context */
164: void
165: auth2_challenge_stop(Authctxt *authctxt)
166: {
167: /* unregister callback */
168: dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE, NULL);
169: if (authctxt->kbdintctxt != NULL) {
170: kbdint_free(authctxt->kbdintctxt);
171: authctxt->kbdintctxt = NULL;
172: }
173: }
174:
1.5 markus 175: /* side effect: sets authctxt->postponed if a reply was sent*/
176: static int
177: auth2_challenge_start(Authctxt *authctxt)
178: {
179: KbdintAuthctxt *kbdintctxt = authctxt->kbdintctxt;
180:
181: debug2("auth2_challenge_start: devices %s",
182: kbdintctxt->devices ? kbdintctxt->devices : "<empty>");
183:
184: if (kbdint_next_device(kbdintctxt) == 0) {
1.9 markus 185: auth2_challenge_stop(authctxt);
1.5 markus 186: return 0;
187: }
188: debug("auth2_challenge_start: trying authentication method '%s'",
189: kbdintctxt->device->name);
1.1 markus 190:
1.5 markus 191: if ((kbdintctxt->ctxt = kbdintctxt->device->init_ctx(authctxt)) == NULL) {
1.9 markus 192: auth2_challenge_stop(authctxt);
1.1 markus 193: return 0;
1.5 markus 194: }
195: if (send_userauth_info_request(authctxt) == 0) {
1.9 markus 196: auth2_challenge_stop(authctxt);
1.1 markus 197: return 0;
1.5 markus 198: }
1.1 markus 199: dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE,
200: &input_userauth_info_response);
1.5 markus 201:
1.1 markus 202: authctxt->postponed = 1;
203: return 0;
204: }
205:
1.5 markus 206: static int
207: send_userauth_info_request(Authctxt *authctxt)
1.1 markus 208: {
1.5 markus 209: KbdintAuthctxt *kbdintctxt;
210: char *name, *instr, **prompts;
1.23 djm 211: u_int i, *echo_on;
1.5 markus 212:
213: kbdintctxt = authctxt->kbdintctxt;
214: if (kbdintctxt->device->query(kbdintctxt->ctxt,
1.19 markus 215: &name, &instr, &kbdintctxt->nreq, &prompts, &echo_on))
1.5 markus 216: return 0;
1.1 markus 217:
218: packet_start(SSH2_MSG_USERAUTH_INFO_REQUEST);
1.5 markus 219: packet_put_cstring(name);
220: packet_put_cstring(instr);
1.18 deraadt 221: packet_put_cstring(""); /* language not used */
1.19 markus 222: packet_put_int(kbdintctxt->nreq);
223: for (i = 0; i < kbdintctxt->nreq; i++) {
1.5 markus 224: packet_put_cstring(prompts[i]);
225: packet_put_char(echo_on[i]);
226: }
1.1 markus 227: packet_send();
228: packet_write_wait();
1.5 markus 229:
1.19 markus 230: for (i = 0; i < kbdintctxt->nreq; i++)
1.5 markus 231: xfree(prompts[i]);
232: xfree(prompts);
233: xfree(echo_on);
234: xfree(name);
235: xfree(instr);
236: return 1;
1.1 markus 237: }
238:
1.5 markus 239: static void
1.13 markus 240: input_userauth_info_response(int type, u_int32_t seq, void *ctxt)
1.1 markus 241: {
242: Authctxt *authctxt = ctxt;
1.5 markus 243: KbdintAuthctxt *kbdintctxt;
1.23 djm 244: int authenticated = 0, res, len;
245: u_int i, nresp;
1.5 markus 246: char **response = NULL, *method;
1.1 markus 247:
248: if (authctxt == NULL)
249: fatal("input_userauth_info_response: no authctxt");
1.5 markus 250: kbdintctxt = authctxt->kbdintctxt;
251: if (kbdintctxt == NULL || kbdintctxt->ctxt == NULL)
252: fatal("input_userauth_info_response: no kbdintctxt");
253: if (kbdintctxt->device == NULL)
254: fatal("input_userauth_info_response: no device");
1.1 markus 255:
256: authctxt->postponed = 0; /* reset */
257: nresp = packet_get_int();
1.19 markus 258: if (nresp != kbdintctxt->nreq)
259: fatal("input_userauth_info_response: wrong number of replies");
260: if (nresp > 100)
261: fatal("input_userauth_info_response: too many replies");
1.5 markus 262: if (nresp > 0) {
1.26 ! djm 263: response = xcalloc(nresp, sizeof(char *));
1.5 markus 264: for (i = 0; i < nresp; i++)
265: response[i] = packet_get_string(NULL);
266: }
1.12 markus 267: packet_check_eom();
1.5 markus 268:
1.22 dtucker 269: res = kbdintctxt->device->respond(kbdintctxt->ctxt, nresp, response);
1.5 markus 270:
271: for (i = 0; i < nresp; i++) {
272: memset(response[i], 'r', strlen(response[i]));
273: xfree(response[i]);
274: }
275: if (response)
276: xfree(response);
277:
278: switch (res) {
279: case 0:
280: /* Success! */
1.22 dtucker 281: authenticated = authctxt->valid ? 1 : 0;
1.5 markus 282: break;
283: case 1:
284: /* Authentication needs further interaction */
1.9 markus 285: if (send_userauth_info_request(authctxt) == 1)
286: authctxt->postponed = 1;
1.5 markus 287: break;
288: default:
289: /* Failure! */
290: break;
1.1 markus 291: }
1.5 markus 292:
293: len = strlen("keyboard-interactive") + 2 +
294: strlen(kbdintctxt->device->name);
295: method = xmalloc(len);
1.15 markus 296: snprintf(method, len, "keyboard-interactive/%s",
297: kbdintctxt->device->name);
1.5 markus 298:
299: if (!authctxt->postponed) {
300: if (authenticated) {
1.9 markus 301: auth2_challenge_stop(authctxt);
1.5 markus 302: } else {
303: /* start next device */
304: /* may set authctxt->postponed */
305: auth2_challenge_start(authctxt);
306: }
307: }
1.4 markus 308: userauth_finish(authctxt, authenticated, method);
1.5 markus 309: xfree(method);
1.17 provos 310: }
311:
312: void
313: privsep_challenge_enable(void)
314: {
315: #ifdef BSD_AUTH
316: extern KbdintDevice mm_bsdauth_device;
317: #endif
318: #ifdef SKEY
319: extern KbdintDevice mm_skey_device;
320: #endif
321: /* As long as SSHv1 has devices[0] hard coded this is fine */
322: #ifdef BSD_AUTH
323: devices[0] = &mm_bsdauth_device;
324: #else
325: #ifdef SKEY
326: devices[0] = &mm_skey_device;
327: #endif
328: #endif
1.1 markus 329: }