Annotation of src/usr.bin/ssh/auth2-chall.c, Revision 1.46
1.46 ! markus 1: /* $OpenBSD: auth2-chall.c,v 1.45 2017/05/30 08:49:58 markus Exp $ */
1.1 markus 2: /*
1.3 deraadt 3: * Copyright (c) 2001 Markus Friedl. All rights reserved.
1.5 markus 4: * Copyright (c) 2001 Per Allansson. All rights reserved.
1.1 markus 5: *
6: * Redistribution and use in source and binary forms, with or without
7: * modification, are permitted provided that the following conditions
8: * are met:
9: * 1. Redistributions of source code must retain the above copyright
10: * notice, this list of conditions and the following disclaimer.
11: * 2. Redistributions in binary form must reproduce the above copyright
12: * notice, this list of conditions and the following disclaimer in the
13: * documentation and/or other materials provided with the distribution.
14: *
15: * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
16: * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
17: * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
18: * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
19: * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
20: * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
21: * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
22: * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23: * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
24: * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25: */
1.30 deraadt 26:
27: #include <sys/types.h>
1.28 stevesk 28:
1.29 stevesk 29: #include <stdio.h>
1.28 stevesk 30: #include <string.h>
1.1 markus 31:
1.30 deraadt 32: #include "xmalloc.h"
1.1 markus 33: #include "ssh2.h"
1.30 deraadt 34: #include "key.h"
35: #include "hostfile.h"
1.1 markus 36: #include "auth.h"
1.16 markus 37: #include "buffer.h"
1.1 markus 38: #include "packet.h"
39: #include "dispatch.h"
1.2 markus 40: #include "log.h"
1.1 markus 41:
1.7 itojun 42: static int auth2_challenge_start(Authctxt *);
43: static int send_userauth_info_request(Authctxt *);
1.42 markus 44: static int input_userauth_info_response(int, u_int32_t, void *);
1.5 markus 45:
46: extern KbdintDevice bsdauth_device;
47:
48: KbdintDevice *devices[] = {
49: &bsdauth_device,
50: NULL
51: };
52:
53: typedef struct KbdintAuthctxt KbdintAuthctxt;
54: struct KbdintAuthctxt
55: {
56: char *devices;
57: void *ctxt;
58: KbdintDevice *device;
1.19 markus 59: u_int nreq;
1.43 djm 60: u_int devices_done;
1.5 markus 61: };
62:
1.7 itojun 63: static KbdintAuthctxt *
1.5 markus 64: kbdint_alloc(const char *devs)
65: {
66: KbdintAuthctxt *kbdintctxt;
1.16 markus 67: Buffer b;
1.5 markus 68: int i;
69:
1.39 djm 70: kbdintctxt = xcalloc(1, sizeof(KbdintAuthctxt));
1.5 markus 71: if (strcmp(devs, "") == 0) {
1.16 markus 72: buffer_init(&b);
1.5 markus 73: for (i = 0; devices[i]; i++) {
1.16 markus 74: if (buffer_len(&b) > 0)
75: buffer_append(&b, ",", 1);
76: buffer_append(&b, devices[i]->name,
77: strlen(devices[i]->name));
1.5 markus 78: }
1.44 djm 79: if ((kbdintctxt->devices = sshbuf_dup_string(&b)) == NULL)
80: fatal("%s: sshbuf_dup_string failed", __func__);
1.16 markus 81: buffer_free(&b);
1.5 markus 82: } else {
83: kbdintctxt->devices = xstrdup(devs);
84: }
1.16 markus 85: debug("kbdint_alloc: devices '%s'", kbdintctxt->devices);
1.5 markus 86: kbdintctxt->ctxt = NULL;
87: kbdintctxt->device = NULL;
1.19 markus 88: kbdintctxt->nreq = 0;
1.5 markus 89:
90: return kbdintctxt;
91: }
1.7 itojun 92: static void
1.5 markus 93: kbdint_reset_device(KbdintAuthctxt *kbdintctxt)
94: {
95: if (kbdintctxt->ctxt) {
96: kbdintctxt->device->free_ctx(kbdintctxt->ctxt);
97: kbdintctxt->ctxt = NULL;
98: }
99: kbdintctxt->device = NULL;
100: }
1.7 itojun 101: static void
1.5 markus 102: kbdint_free(KbdintAuthctxt *kbdintctxt)
103: {
104: if (kbdintctxt->device)
105: kbdint_reset_device(kbdintctxt);
1.38 djm 106: free(kbdintctxt->devices);
1.40 tedu 107: explicit_bzero(kbdintctxt, sizeof(*kbdintctxt));
1.38 djm 108: free(kbdintctxt);
1.5 markus 109: }
110: /* get next device */
1.7 itojun 111: static int
1.37 markus 112: kbdint_next_device(Authctxt *authctxt, KbdintAuthctxt *kbdintctxt)
1.5 markus 113: {
114: size_t len;
115: char *t;
116: int i;
117:
118: if (kbdintctxt->device)
119: kbdint_reset_device(kbdintctxt);
120: do {
121: len = kbdintctxt->devices ?
122: strcspn(kbdintctxt->devices, ",") : 0;
123:
124: if (len == 0)
125: break;
1.37 markus 126: for (i = 0; devices[i]; i++) {
1.43 djm 127: if ((kbdintctxt->devices_done & (1 << i)) != 0 ||
128: !auth2_method_allowed(authctxt,
1.37 markus 129: "keyboard-interactive", devices[i]->name))
130: continue;
1.43 djm 131: if (strncmp(kbdintctxt->devices, devices[i]->name,
132: len) == 0) {
1.5 markus 133: kbdintctxt->device = devices[i];
1.43 djm 134: kbdintctxt->devices_done |= 1 << i;
135: }
1.37 markus 136: }
1.5 markus 137: t = kbdintctxt->devices;
138: kbdintctxt->devices = t[len] ? xstrdup(t+len+1) : NULL;
1.38 djm 139: free(t);
1.5 markus 140: debug2("kbdint_next_device: devices %s", kbdintctxt->devices ?
1.24 djm 141: kbdintctxt->devices : "<empty>");
1.5 markus 142: } while (kbdintctxt->devices && !kbdintctxt->device);
143:
144: return kbdintctxt->device ? 1 : 0;
145: }
1.1 markus 146:
147: /*
1.8 markus 148: * try challenge-response, set authctxt->postponed if we have to
1.1 markus 149: * wait for the response.
150: */
151: int
152: auth2_challenge(Authctxt *authctxt, char *devs)
153: {
1.5 markus 154: debug("auth2_challenge: user=%s devs=%s",
155: authctxt->user ? authctxt->user : "<nouser>",
156: devs ? devs : "<no devs>");
157:
1.6 markus 158: if (authctxt->user == NULL || !devs)
1.5 markus 159: return 0;
1.10 deraadt 160: if (authctxt->kbdintctxt == NULL)
1.5 markus 161: authctxt->kbdintctxt = kbdint_alloc(devs);
162: return auth2_challenge_start(authctxt);
163: }
164:
1.9 markus 165: /* unregister kbd-int callbacks and context */
166: void
167: auth2_challenge_stop(Authctxt *authctxt)
168: {
169: /* unregister callback */
170: dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE, NULL);
1.32 stevesk 171: if (authctxt->kbdintctxt != NULL) {
1.9 markus 172: kbdint_free(authctxt->kbdintctxt);
173: authctxt->kbdintctxt = NULL;
174: }
175: }
176:
1.5 markus 177: /* side effect: sets authctxt->postponed if a reply was sent*/
178: static int
179: auth2_challenge_start(Authctxt *authctxt)
180: {
181: KbdintAuthctxt *kbdintctxt = authctxt->kbdintctxt;
182:
183: debug2("auth2_challenge_start: devices %s",
184: kbdintctxt->devices ? kbdintctxt->devices : "<empty>");
185:
1.37 markus 186: if (kbdint_next_device(authctxt, kbdintctxt) == 0) {
1.9 markus 187: auth2_challenge_stop(authctxt);
1.5 markus 188: return 0;
189: }
190: debug("auth2_challenge_start: trying authentication method '%s'",
191: kbdintctxt->device->name);
1.1 markus 192:
1.5 markus 193: if ((kbdintctxt->ctxt = kbdintctxt->device->init_ctx(authctxt)) == NULL) {
1.9 markus 194: auth2_challenge_stop(authctxt);
1.1 markus 195: return 0;
1.5 markus 196: }
197: if (send_userauth_info_request(authctxt) == 0) {
1.9 markus 198: auth2_challenge_stop(authctxt);
1.1 markus 199: return 0;
1.5 markus 200: }
1.1 markus 201: dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE,
202: &input_userauth_info_response);
1.5 markus 203:
1.1 markus 204: authctxt->postponed = 1;
205: return 0;
206: }
207:
1.5 markus 208: static int
209: send_userauth_info_request(Authctxt *authctxt)
1.1 markus 210: {
1.5 markus 211: KbdintAuthctxt *kbdintctxt;
212: char *name, *instr, **prompts;
1.23 djm 213: u_int i, *echo_on;
1.5 markus 214:
215: kbdintctxt = authctxt->kbdintctxt;
216: if (kbdintctxt->device->query(kbdintctxt->ctxt,
1.19 markus 217: &name, &instr, &kbdintctxt->nreq, &prompts, &echo_on))
1.5 markus 218: return 0;
1.1 markus 219:
220: packet_start(SSH2_MSG_USERAUTH_INFO_REQUEST);
1.5 markus 221: packet_put_cstring(name);
222: packet_put_cstring(instr);
1.18 deraadt 223: packet_put_cstring(""); /* language not used */
1.19 markus 224: packet_put_int(kbdintctxt->nreq);
225: for (i = 0; i < kbdintctxt->nreq; i++) {
1.5 markus 226: packet_put_cstring(prompts[i]);
227: packet_put_char(echo_on[i]);
228: }
1.1 markus 229: packet_send();
230: packet_write_wait();
1.5 markus 231:
1.19 markus 232: for (i = 0; i < kbdintctxt->nreq; i++)
1.38 djm 233: free(prompts[i]);
234: free(prompts);
235: free(echo_on);
236: free(name);
237: free(instr);
1.5 markus 238: return 1;
1.1 markus 239: }
240:
1.42 markus 241: static int
1.13 markus 242: input_userauth_info_response(int type, u_int32_t seq, void *ctxt)
1.1 markus 243: {
1.46 ! markus 244: struct ssh *ssh = ctxt;
! 245: Authctxt *authctxt = ssh->authctxt;
1.5 markus 246: KbdintAuthctxt *kbdintctxt;
1.34 djm 247: int authenticated = 0, res;
1.23 djm 248: u_int i, nresp;
1.36 djm 249: const char *devicename = NULL;
250: char **response = NULL;
1.1 markus 251:
252: if (authctxt == NULL)
253: fatal("input_userauth_info_response: no authctxt");
1.5 markus 254: kbdintctxt = authctxt->kbdintctxt;
255: if (kbdintctxt == NULL || kbdintctxt->ctxt == NULL)
256: fatal("input_userauth_info_response: no kbdintctxt");
257: if (kbdintctxt->device == NULL)
258: fatal("input_userauth_info_response: no device");
1.1 markus 259:
260: authctxt->postponed = 0; /* reset */
261: nresp = packet_get_int();
1.19 markus 262: if (nresp != kbdintctxt->nreq)
263: fatal("input_userauth_info_response: wrong number of replies");
264: if (nresp > 100)
265: fatal("input_userauth_info_response: too many replies");
1.5 markus 266: if (nresp > 0) {
1.26 djm 267: response = xcalloc(nresp, sizeof(char *));
1.5 markus 268: for (i = 0; i < nresp; i++)
269: response[i] = packet_get_string(NULL);
270: }
1.12 markus 271: packet_check_eom();
1.5 markus 272:
1.22 dtucker 273: res = kbdintctxt->device->respond(kbdintctxt->ctxt, nresp, response);
1.5 markus 274:
275: for (i = 0; i < nresp; i++) {
1.41 djm 276: explicit_bzero(response[i], strlen(response[i]));
1.38 djm 277: free(response[i]);
1.5 markus 278: }
1.38 djm 279: free(response);
1.5 markus 280:
281: switch (res) {
282: case 0:
283: /* Success! */
1.22 dtucker 284: authenticated = authctxt->valid ? 1 : 0;
1.5 markus 285: break;
286: case 1:
287: /* Authentication needs further interaction */
1.9 markus 288: if (send_userauth_info_request(authctxt) == 1)
289: authctxt->postponed = 1;
1.5 markus 290: break;
291: default:
292: /* Failure! */
293: break;
1.1 markus 294: }
1.35 djm 295: devicename = kbdintctxt->device->name;
1.5 markus 296: if (!authctxt->postponed) {
297: if (authenticated) {
1.9 markus 298: auth2_challenge_stop(authctxt);
1.5 markus 299: } else {
300: /* start next device */
301: /* may set authctxt->postponed */
302: auth2_challenge_start(authctxt);
303: }
304: }
1.35 djm 305: userauth_finish(authctxt, authenticated, "keyboard-interactive",
306: devicename);
1.42 markus 307: return 0;
1.17 provos 308: }
309:
310: void
311: privsep_challenge_enable(void)
312: {
313: extern KbdintDevice mm_bsdauth_device;
314: devices[0] = &mm_bsdauth_device;
1.1 markus 315: }