Annotation of src/usr.bin/ssh/auth2-chall.c, Revision 1.28
1.28 ! stevesk 1: /* $OpenBSD: auth2-chall.c,v 1.27 2006/03/25 13:17:01 djm Exp $ */
1.1 markus 2: /*
1.3 deraadt 3: * Copyright (c) 2001 Markus Friedl. All rights reserved.
1.5 markus 4: * Copyright (c) 2001 Per Allansson. All rights reserved.
1.1 markus 5: *
6: * Redistribution and use in source and binary forms, with or without
7: * modification, are permitted provided that the following conditions
8: * are met:
9: * 1. Redistributions of source code must retain the above copyright
10: * notice, this list of conditions and the following disclaimer.
11: * 2. Redistributions in binary form must reproduce the above copyright
12: * notice, this list of conditions and the following disclaimer in the
13: * documentation and/or other materials provided with the distribution.
14: *
15: * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
16: * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
17: * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
18: * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
19: * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
20: * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
21: * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
22: * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23: * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
24: * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25: */
26: #include "includes.h"
1.28 ! stevesk 27:
! 28: #include <string.h>
1.1 markus 29:
30: #include "ssh2.h"
31: #include "auth.h"
1.16 markus 32: #include "buffer.h"
1.1 markus 33: #include "packet.h"
34: #include "xmalloc.h"
35: #include "dispatch.h"
1.2 markus 36: #include "log.h"
1.1 markus 37:
1.7 itojun 38: static int auth2_challenge_start(Authctxt *);
39: static int send_userauth_info_request(Authctxt *);
1.13 markus 40: static void input_userauth_info_response(int, u_int32_t, void *);
1.5 markus 41:
42: #ifdef BSD_AUTH
43: extern KbdintDevice bsdauth_device;
44: #else
45: #ifdef SKEY
46: extern KbdintDevice skey_device;
47: #endif
48: #endif
49:
50: KbdintDevice *devices[] = {
51: #ifdef BSD_AUTH
52: &bsdauth_device,
53: #else
54: #ifdef SKEY
55: &skey_device,
56: #endif
57: #endif
58: NULL
59: };
60:
61: typedef struct KbdintAuthctxt KbdintAuthctxt;
62: struct KbdintAuthctxt
63: {
64: char *devices;
65: void *ctxt;
66: KbdintDevice *device;
1.19 markus 67: u_int nreq;
1.5 markus 68: };
69:
1.7 itojun 70: static KbdintAuthctxt *
1.5 markus 71: kbdint_alloc(const char *devs)
72: {
73: KbdintAuthctxt *kbdintctxt;
1.16 markus 74: Buffer b;
1.5 markus 75: int i;
76:
77: kbdintctxt = xmalloc(sizeof(KbdintAuthctxt));
78: if (strcmp(devs, "") == 0) {
1.16 markus 79: buffer_init(&b);
1.5 markus 80: for (i = 0; devices[i]; i++) {
1.16 markus 81: if (buffer_len(&b) > 0)
82: buffer_append(&b, ",", 1);
83: buffer_append(&b, devices[i]->name,
84: strlen(devices[i]->name));
1.5 markus 85: }
1.16 markus 86: buffer_append(&b, "\0", 1);
87: kbdintctxt->devices = xstrdup(buffer_ptr(&b));
88: buffer_free(&b);
1.5 markus 89: } else {
90: kbdintctxt->devices = xstrdup(devs);
91: }
1.16 markus 92: debug("kbdint_alloc: devices '%s'", kbdintctxt->devices);
1.5 markus 93: kbdintctxt->ctxt = NULL;
94: kbdintctxt->device = NULL;
1.19 markus 95: kbdintctxt->nreq = 0;
1.5 markus 96:
97: return kbdintctxt;
98: }
1.7 itojun 99: static void
1.5 markus 100: kbdint_reset_device(KbdintAuthctxt *kbdintctxt)
101: {
102: if (kbdintctxt->ctxt) {
103: kbdintctxt->device->free_ctx(kbdintctxt->ctxt);
104: kbdintctxt->ctxt = NULL;
105: }
106: kbdintctxt->device = NULL;
107: }
1.7 itojun 108: static void
1.5 markus 109: kbdint_free(KbdintAuthctxt *kbdintctxt)
110: {
111: if (kbdintctxt->device)
112: kbdint_reset_device(kbdintctxt);
113: if (kbdintctxt->devices) {
114: xfree(kbdintctxt->devices);
115: kbdintctxt->devices = NULL;
116: }
117: xfree(kbdintctxt);
118: }
119: /* get next device */
1.7 itojun 120: static int
1.5 markus 121: kbdint_next_device(KbdintAuthctxt *kbdintctxt)
122: {
123: size_t len;
124: char *t;
125: int i;
126:
127: if (kbdintctxt->device)
128: kbdint_reset_device(kbdintctxt);
129: do {
130: len = kbdintctxt->devices ?
131: strcspn(kbdintctxt->devices, ",") : 0;
132:
133: if (len == 0)
134: break;
135: for (i = 0; devices[i]; i++)
136: if (strncmp(kbdintctxt->devices, devices[i]->name, len) == 0)
137: kbdintctxt->device = devices[i];
138: t = kbdintctxt->devices;
139: kbdintctxt->devices = t[len] ? xstrdup(t+len+1) : NULL;
140: xfree(t);
141: debug2("kbdint_next_device: devices %s", kbdintctxt->devices ?
1.24 djm 142: kbdintctxt->devices : "<empty>");
1.5 markus 143: } while (kbdintctxt->devices && !kbdintctxt->device);
144:
145: return kbdintctxt->device ? 1 : 0;
146: }
1.1 markus 147:
148: /*
1.8 markus 149: * try challenge-response, set authctxt->postponed if we have to
1.1 markus 150: * wait for the response.
151: */
152: int
153: auth2_challenge(Authctxt *authctxt, char *devs)
154: {
1.5 markus 155: debug("auth2_challenge: user=%s devs=%s",
156: authctxt->user ? authctxt->user : "<nouser>",
157: devs ? devs : "<no devs>");
158:
1.6 markus 159: if (authctxt->user == NULL || !devs)
1.5 markus 160: return 0;
1.10 deraadt 161: if (authctxt->kbdintctxt == NULL)
1.5 markus 162: authctxt->kbdintctxt = kbdint_alloc(devs);
163: return auth2_challenge_start(authctxt);
164: }
165:
1.9 markus 166: /* unregister kbd-int callbacks and context */
167: void
168: auth2_challenge_stop(Authctxt *authctxt)
169: {
170: /* unregister callback */
171: dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE, NULL);
172: if (authctxt->kbdintctxt != NULL) {
173: kbdint_free(authctxt->kbdintctxt);
174: authctxt->kbdintctxt = NULL;
175: }
176: }
177:
1.5 markus 178: /* side effect: sets authctxt->postponed if a reply was sent*/
179: static int
180: auth2_challenge_start(Authctxt *authctxt)
181: {
182: KbdintAuthctxt *kbdintctxt = authctxt->kbdintctxt;
183:
184: debug2("auth2_challenge_start: devices %s",
185: kbdintctxt->devices ? kbdintctxt->devices : "<empty>");
186:
187: if (kbdint_next_device(kbdintctxt) == 0) {
1.9 markus 188: auth2_challenge_stop(authctxt);
1.5 markus 189: return 0;
190: }
191: debug("auth2_challenge_start: trying authentication method '%s'",
192: kbdintctxt->device->name);
1.1 markus 193:
1.5 markus 194: if ((kbdintctxt->ctxt = kbdintctxt->device->init_ctx(authctxt)) == NULL) {
1.9 markus 195: auth2_challenge_stop(authctxt);
1.1 markus 196: return 0;
1.5 markus 197: }
198: if (send_userauth_info_request(authctxt) == 0) {
1.9 markus 199: auth2_challenge_stop(authctxt);
1.1 markus 200: return 0;
1.5 markus 201: }
1.1 markus 202: dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE,
203: &input_userauth_info_response);
1.5 markus 204:
1.1 markus 205: authctxt->postponed = 1;
206: return 0;
207: }
208:
1.5 markus 209: static int
210: send_userauth_info_request(Authctxt *authctxt)
1.1 markus 211: {
1.5 markus 212: KbdintAuthctxt *kbdintctxt;
213: char *name, *instr, **prompts;
1.23 djm 214: u_int i, *echo_on;
1.5 markus 215:
216: kbdintctxt = authctxt->kbdintctxt;
217: if (kbdintctxt->device->query(kbdintctxt->ctxt,
1.19 markus 218: &name, &instr, &kbdintctxt->nreq, &prompts, &echo_on))
1.5 markus 219: return 0;
1.1 markus 220:
221: packet_start(SSH2_MSG_USERAUTH_INFO_REQUEST);
1.5 markus 222: packet_put_cstring(name);
223: packet_put_cstring(instr);
1.18 deraadt 224: packet_put_cstring(""); /* language not used */
1.19 markus 225: packet_put_int(kbdintctxt->nreq);
226: for (i = 0; i < kbdintctxt->nreq; i++) {
1.5 markus 227: packet_put_cstring(prompts[i]);
228: packet_put_char(echo_on[i]);
229: }
1.1 markus 230: packet_send();
231: packet_write_wait();
1.5 markus 232:
1.19 markus 233: for (i = 0; i < kbdintctxt->nreq; i++)
1.5 markus 234: xfree(prompts[i]);
235: xfree(prompts);
236: xfree(echo_on);
237: xfree(name);
238: xfree(instr);
239: return 1;
1.1 markus 240: }
241:
1.5 markus 242: static void
1.13 markus 243: input_userauth_info_response(int type, u_int32_t seq, void *ctxt)
1.1 markus 244: {
245: Authctxt *authctxt = ctxt;
1.5 markus 246: KbdintAuthctxt *kbdintctxt;
1.23 djm 247: int authenticated = 0, res, len;
248: u_int i, nresp;
1.5 markus 249: char **response = NULL, *method;
1.1 markus 250:
251: if (authctxt == NULL)
252: fatal("input_userauth_info_response: no authctxt");
1.5 markus 253: kbdintctxt = authctxt->kbdintctxt;
254: if (kbdintctxt == NULL || kbdintctxt->ctxt == NULL)
255: fatal("input_userauth_info_response: no kbdintctxt");
256: if (kbdintctxt->device == NULL)
257: fatal("input_userauth_info_response: no device");
1.1 markus 258:
259: authctxt->postponed = 0; /* reset */
260: nresp = packet_get_int();
1.19 markus 261: if (nresp != kbdintctxt->nreq)
262: fatal("input_userauth_info_response: wrong number of replies");
263: if (nresp > 100)
264: fatal("input_userauth_info_response: too many replies");
1.5 markus 265: if (nresp > 0) {
1.26 djm 266: response = xcalloc(nresp, sizeof(char *));
1.5 markus 267: for (i = 0; i < nresp; i++)
268: response[i] = packet_get_string(NULL);
269: }
1.12 markus 270: packet_check_eom();
1.5 markus 271:
1.22 dtucker 272: res = kbdintctxt->device->respond(kbdintctxt->ctxt, nresp, response);
1.5 markus 273:
274: for (i = 0; i < nresp; i++) {
275: memset(response[i], 'r', strlen(response[i]));
276: xfree(response[i]);
277: }
278: if (response)
279: xfree(response);
280:
281: switch (res) {
282: case 0:
283: /* Success! */
1.22 dtucker 284: authenticated = authctxt->valid ? 1 : 0;
1.5 markus 285: break;
286: case 1:
287: /* Authentication needs further interaction */
1.9 markus 288: if (send_userauth_info_request(authctxt) == 1)
289: authctxt->postponed = 1;
1.5 markus 290: break;
291: default:
292: /* Failure! */
293: break;
1.1 markus 294: }
1.5 markus 295:
296: len = strlen("keyboard-interactive") + 2 +
297: strlen(kbdintctxt->device->name);
298: method = xmalloc(len);
1.15 markus 299: snprintf(method, len, "keyboard-interactive/%s",
300: kbdintctxt->device->name);
1.5 markus 301:
302: if (!authctxt->postponed) {
303: if (authenticated) {
1.9 markus 304: auth2_challenge_stop(authctxt);
1.5 markus 305: } else {
306: /* start next device */
307: /* may set authctxt->postponed */
308: auth2_challenge_start(authctxt);
309: }
310: }
1.4 markus 311: userauth_finish(authctxt, authenticated, method);
1.5 markus 312: xfree(method);
1.17 provos 313: }
314:
315: void
316: privsep_challenge_enable(void)
317: {
318: #ifdef BSD_AUTH
319: extern KbdintDevice mm_bsdauth_device;
320: #endif
321: #ifdef SKEY
322: extern KbdintDevice mm_skey_device;
323: #endif
324: /* As long as SSHv1 has devices[0] hard coded this is fine */
325: #ifdef BSD_AUTH
326: devices[0] = &mm_bsdauth_device;
327: #else
328: #ifdef SKEY
329: devices[0] = &mm_skey_device;
330: #endif
331: #endif
1.1 markus 332: }