Annotation of src/usr.bin/ssh/auth2-chall.c, Revision 1.29
1.29 ! stevesk 1: /* $OpenBSD: auth2-chall.c,v 1.28 2006/07/22 20:48:22 stevesk Exp $ */
1.1 markus 2: /*
1.3 deraadt 3: * Copyright (c) 2001 Markus Friedl. All rights reserved.
1.5 markus 4: * Copyright (c) 2001 Per Allansson. All rights reserved.
1.1 markus 5: *
6: * Redistribution and use in source and binary forms, with or without
7: * modification, are permitted provided that the following conditions
8: * are met:
9: * 1. Redistributions of source code must retain the above copyright
10: * notice, this list of conditions and the following disclaimer.
11: * 2. Redistributions in binary form must reproduce the above copyright
12: * notice, this list of conditions and the following disclaimer in the
13: * documentation and/or other materials provided with the distribution.
14: *
15: * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
16: * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
17: * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
18: * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
19: * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
20: * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
21: * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
22: * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23: * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
24: * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25: */
26: #include "includes.h"
1.28 stevesk 27:
1.29 ! stevesk 28: #include <stdio.h>
1.28 stevesk 29: #include <string.h>
1.1 markus 30:
31: #include "ssh2.h"
32: #include "auth.h"
1.16 markus 33: #include "buffer.h"
1.1 markus 34: #include "packet.h"
35: #include "xmalloc.h"
36: #include "dispatch.h"
1.2 markus 37: #include "log.h"
1.1 markus 38:
1.7 itojun 39: static int auth2_challenge_start(Authctxt *);
40: static int send_userauth_info_request(Authctxt *);
1.13 markus 41: static void input_userauth_info_response(int, u_int32_t, void *);
1.5 markus 42:
43: #ifdef BSD_AUTH
44: extern KbdintDevice bsdauth_device;
45: #else
46: #ifdef SKEY
47: extern KbdintDevice skey_device;
48: #endif
49: #endif
50:
51: KbdintDevice *devices[] = {
52: #ifdef BSD_AUTH
53: &bsdauth_device,
54: #else
55: #ifdef SKEY
56: &skey_device,
57: #endif
58: #endif
59: NULL
60: };
61:
62: typedef struct KbdintAuthctxt KbdintAuthctxt;
63: struct KbdintAuthctxt
64: {
65: char *devices;
66: void *ctxt;
67: KbdintDevice *device;
1.19 markus 68: u_int nreq;
1.5 markus 69: };
70:
1.7 itojun 71: static KbdintAuthctxt *
1.5 markus 72: kbdint_alloc(const char *devs)
73: {
74: KbdintAuthctxt *kbdintctxt;
1.16 markus 75: Buffer b;
1.5 markus 76: int i;
77:
78: kbdintctxt = xmalloc(sizeof(KbdintAuthctxt));
79: if (strcmp(devs, "") == 0) {
1.16 markus 80: buffer_init(&b);
1.5 markus 81: for (i = 0; devices[i]; i++) {
1.16 markus 82: if (buffer_len(&b) > 0)
83: buffer_append(&b, ",", 1);
84: buffer_append(&b, devices[i]->name,
85: strlen(devices[i]->name));
1.5 markus 86: }
1.16 markus 87: buffer_append(&b, "\0", 1);
88: kbdintctxt->devices = xstrdup(buffer_ptr(&b));
89: buffer_free(&b);
1.5 markus 90: } else {
91: kbdintctxt->devices = xstrdup(devs);
92: }
1.16 markus 93: debug("kbdint_alloc: devices '%s'", kbdintctxt->devices);
1.5 markus 94: kbdintctxt->ctxt = NULL;
95: kbdintctxt->device = NULL;
1.19 markus 96: kbdintctxt->nreq = 0;
1.5 markus 97:
98: return kbdintctxt;
99: }
1.7 itojun 100: static void
1.5 markus 101: kbdint_reset_device(KbdintAuthctxt *kbdintctxt)
102: {
103: if (kbdintctxt->ctxt) {
104: kbdintctxt->device->free_ctx(kbdintctxt->ctxt);
105: kbdintctxt->ctxt = NULL;
106: }
107: kbdintctxt->device = NULL;
108: }
1.7 itojun 109: static void
1.5 markus 110: kbdint_free(KbdintAuthctxt *kbdintctxt)
111: {
112: if (kbdintctxt->device)
113: kbdint_reset_device(kbdintctxt);
114: if (kbdintctxt->devices) {
115: xfree(kbdintctxt->devices);
116: kbdintctxt->devices = NULL;
117: }
118: xfree(kbdintctxt);
119: }
120: /* get next device */
1.7 itojun 121: static int
1.5 markus 122: kbdint_next_device(KbdintAuthctxt *kbdintctxt)
123: {
124: size_t len;
125: char *t;
126: int i;
127:
128: if (kbdintctxt->device)
129: kbdint_reset_device(kbdintctxt);
130: do {
131: len = kbdintctxt->devices ?
132: strcspn(kbdintctxt->devices, ",") : 0;
133:
134: if (len == 0)
135: break;
136: for (i = 0; devices[i]; i++)
137: if (strncmp(kbdintctxt->devices, devices[i]->name, len) == 0)
138: kbdintctxt->device = devices[i];
139: t = kbdintctxt->devices;
140: kbdintctxt->devices = t[len] ? xstrdup(t+len+1) : NULL;
141: xfree(t);
142: debug2("kbdint_next_device: devices %s", kbdintctxt->devices ?
1.24 djm 143: kbdintctxt->devices : "<empty>");
1.5 markus 144: } while (kbdintctxt->devices && !kbdintctxt->device);
145:
146: return kbdintctxt->device ? 1 : 0;
147: }
1.1 markus 148:
149: /*
1.8 markus 150: * try challenge-response, set authctxt->postponed if we have to
1.1 markus 151: * wait for the response.
152: */
153: int
154: auth2_challenge(Authctxt *authctxt, char *devs)
155: {
1.5 markus 156: debug("auth2_challenge: user=%s devs=%s",
157: authctxt->user ? authctxt->user : "<nouser>",
158: devs ? devs : "<no devs>");
159:
1.6 markus 160: if (authctxt->user == NULL || !devs)
1.5 markus 161: return 0;
1.10 deraadt 162: if (authctxt->kbdintctxt == NULL)
1.5 markus 163: authctxt->kbdintctxt = kbdint_alloc(devs);
164: return auth2_challenge_start(authctxt);
165: }
166:
1.9 markus 167: /* unregister kbd-int callbacks and context */
168: void
169: auth2_challenge_stop(Authctxt *authctxt)
170: {
171: /* unregister callback */
172: dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE, NULL);
173: if (authctxt->kbdintctxt != NULL) {
174: kbdint_free(authctxt->kbdintctxt);
175: authctxt->kbdintctxt = NULL;
176: }
177: }
178:
1.5 markus 179: /* side effect: sets authctxt->postponed if a reply was sent*/
180: static int
181: auth2_challenge_start(Authctxt *authctxt)
182: {
183: KbdintAuthctxt *kbdintctxt = authctxt->kbdintctxt;
184:
185: debug2("auth2_challenge_start: devices %s",
186: kbdintctxt->devices ? kbdintctxt->devices : "<empty>");
187:
188: if (kbdint_next_device(kbdintctxt) == 0) {
1.9 markus 189: auth2_challenge_stop(authctxt);
1.5 markus 190: return 0;
191: }
192: debug("auth2_challenge_start: trying authentication method '%s'",
193: kbdintctxt->device->name);
1.1 markus 194:
1.5 markus 195: if ((kbdintctxt->ctxt = kbdintctxt->device->init_ctx(authctxt)) == NULL) {
1.9 markus 196: auth2_challenge_stop(authctxt);
1.1 markus 197: return 0;
1.5 markus 198: }
199: if (send_userauth_info_request(authctxt) == 0) {
1.9 markus 200: auth2_challenge_stop(authctxt);
1.1 markus 201: return 0;
1.5 markus 202: }
1.1 markus 203: dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE,
204: &input_userauth_info_response);
1.5 markus 205:
1.1 markus 206: authctxt->postponed = 1;
207: return 0;
208: }
209:
1.5 markus 210: static int
211: send_userauth_info_request(Authctxt *authctxt)
1.1 markus 212: {
1.5 markus 213: KbdintAuthctxt *kbdintctxt;
214: char *name, *instr, **prompts;
1.23 djm 215: u_int i, *echo_on;
1.5 markus 216:
217: kbdintctxt = authctxt->kbdintctxt;
218: if (kbdintctxt->device->query(kbdintctxt->ctxt,
1.19 markus 219: &name, &instr, &kbdintctxt->nreq, &prompts, &echo_on))
1.5 markus 220: return 0;
1.1 markus 221:
222: packet_start(SSH2_MSG_USERAUTH_INFO_REQUEST);
1.5 markus 223: packet_put_cstring(name);
224: packet_put_cstring(instr);
1.18 deraadt 225: packet_put_cstring(""); /* language not used */
1.19 markus 226: packet_put_int(kbdintctxt->nreq);
227: for (i = 0; i < kbdintctxt->nreq; i++) {
1.5 markus 228: packet_put_cstring(prompts[i]);
229: packet_put_char(echo_on[i]);
230: }
1.1 markus 231: packet_send();
232: packet_write_wait();
1.5 markus 233:
1.19 markus 234: for (i = 0; i < kbdintctxt->nreq; i++)
1.5 markus 235: xfree(prompts[i]);
236: xfree(prompts);
237: xfree(echo_on);
238: xfree(name);
239: xfree(instr);
240: return 1;
1.1 markus 241: }
242:
1.5 markus 243: static void
1.13 markus 244: input_userauth_info_response(int type, u_int32_t seq, void *ctxt)
1.1 markus 245: {
246: Authctxt *authctxt = ctxt;
1.5 markus 247: KbdintAuthctxt *kbdintctxt;
1.23 djm 248: int authenticated = 0, res, len;
249: u_int i, nresp;
1.5 markus 250: char **response = NULL, *method;
1.1 markus 251:
252: if (authctxt == NULL)
253: fatal("input_userauth_info_response: no authctxt");
1.5 markus 254: kbdintctxt = authctxt->kbdintctxt;
255: if (kbdintctxt == NULL || kbdintctxt->ctxt == NULL)
256: fatal("input_userauth_info_response: no kbdintctxt");
257: if (kbdintctxt->device == NULL)
258: fatal("input_userauth_info_response: no device");
1.1 markus 259:
260: authctxt->postponed = 0; /* reset */
261: nresp = packet_get_int();
1.19 markus 262: if (nresp != kbdintctxt->nreq)
263: fatal("input_userauth_info_response: wrong number of replies");
264: if (nresp > 100)
265: fatal("input_userauth_info_response: too many replies");
1.5 markus 266: if (nresp > 0) {
1.26 djm 267: response = xcalloc(nresp, sizeof(char *));
1.5 markus 268: for (i = 0; i < nresp; i++)
269: response[i] = packet_get_string(NULL);
270: }
1.12 markus 271: packet_check_eom();
1.5 markus 272:
1.22 dtucker 273: res = kbdintctxt->device->respond(kbdintctxt->ctxt, nresp, response);
1.5 markus 274:
275: for (i = 0; i < nresp; i++) {
276: memset(response[i], 'r', strlen(response[i]));
277: xfree(response[i]);
278: }
279: if (response)
280: xfree(response);
281:
282: switch (res) {
283: case 0:
284: /* Success! */
1.22 dtucker 285: authenticated = authctxt->valid ? 1 : 0;
1.5 markus 286: break;
287: case 1:
288: /* Authentication needs further interaction */
1.9 markus 289: if (send_userauth_info_request(authctxt) == 1)
290: authctxt->postponed = 1;
1.5 markus 291: break;
292: default:
293: /* Failure! */
294: break;
1.1 markus 295: }
1.5 markus 296:
297: len = strlen("keyboard-interactive") + 2 +
298: strlen(kbdintctxt->device->name);
299: method = xmalloc(len);
1.15 markus 300: snprintf(method, len, "keyboard-interactive/%s",
301: kbdintctxt->device->name);
1.5 markus 302:
303: if (!authctxt->postponed) {
304: if (authenticated) {
1.9 markus 305: auth2_challenge_stop(authctxt);
1.5 markus 306: } else {
307: /* start next device */
308: /* may set authctxt->postponed */
309: auth2_challenge_start(authctxt);
310: }
311: }
1.4 markus 312: userauth_finish(authctxt, authenticated, method);
1.5 markus 313: xfree(method);
1.17 provos 314: }
315:
316: void
317: privsep_challenge_enable(void)
318: {
319: #ifdef BSD_AUTH
320: extern KbdintDevice mm_bsdauth_device;
321: #endif
322: #ifdef SKEY
323: extern KbdintDevice mm_skey_device;
324: #endif
325: /* As long as SSHv1 has devices[0] hard coded this is fine */
326: #ifdef BSD_AUTH
327: devices[0] = &mm_bsdauth_device;
328: #else
329: #ifdef SKEY
330: devices[0] = &mm_skey_device;
331: #endif
332: #endif
1.1 markus 333: }