Annotation of src/usr.bin/ssh/sshconnect.c, Revision 1.4
1.1 deraadt 1: /*
2:
3: sshconnect.c
4:
5: Author: Tatu Ylonen <ylo@cs.hut.fi>
6:
7: Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
8: All rights reserved
9:
10: Created: Sat Mar 18 22:15:47 1995 ylo
11:
12: Code to connect to a remote host, and to perform the client side of the
13: login (authentication) dialog.
14:
15: */
16:
17: #include "includes.h"
1.4 ! provos 18: RCSID("$Id: sshconnect.c,v 1.3 1999/09/28 04:45:37 provos Exp $");
1.1 deraadt 19:
1.3 provos 20: #include <ssl/bn.h>
1.1 deraadt 21: #include "xmalloc.h"
22: #include "rsa.h"
23: #include "ssh.h"
24: #include "packet.h"
25: #include "authfd.h"
26: #include "cipher.h"
27: #include "ssh_md5.h"
28: #include "mpaux.h"
29: #include "uidswap.h"
30:
31: #ifdef KRB4
32: #include <krb.h>
33: #ifdef AFS
34: #if defined(HAVE_SYS_IOCTL_H) && SunOS != 4
35: #include <sys/ioctl.h>
36: #endif
37: #ifdef HAVE_SYS_FILIO_H
38: #include <sys/filio.h>
39: #endif
40: #include <kafs.h>
41: #endif /* AFS */
42: #endif /* KRB4 */
43:
44: /* Session id for the current session. */
45: unsigned char session_id[16];
46:
47: /* Connect to the given ssh server using a proxy command. */
48:
1.3 provos 49: int
50: ssh_proxy_connect(const char *host, int port, uid_t original_real_uid,
51: const char *proxy_command)
1.1 deraadt 52: {
53: Buffer command;
54: const char *cp;
55: char *command_string;
56: int pin[2], pout[2];
57: int pid;
58: char portstring[100];
59:
60: /* Convert the port number into a string. */
61: sprintf(portstring, "%d", port);
62:
63: /* Build the final command string in the buffer by making the appropriate
64: substitutions to the given proxy command. */
65: buffer_init(&command);
66: for (cp = proxy_command; *cp; cp++)
67: {
68: if (cp[0] == '%' && cp[1] == '%')
69: {
70: buffer_append(&command, "%", 1);
71: cp++;
72: continue;
73: }
74: if (cp[0] == '%' && cp[1] == 'h')
75: {
76: buffer_append(&command, host, strlen(host));
77: cp++;
78: continue;
79: }
80: if (cp[0] == '%' && cp[1] == 'p')
81: {
82: buffer_append(&command, portstring, strlen(portstring));
83: cp++;
84: continue;
85: }
86: buffer_append(&command, cp, 1);
87: }
88: buffer_append(&command, "\0", 1);
89:
90: /* Get the final command string. */
91: command_string = buffer_ptr(&command);
92:
93: /* Create pipes for communicating with the proxy. */
94: if (pipe(pin) < 0 || pipe(pout) < 0)
95: fatal("Could not create pipes to communicate with the proxy: %.100s",
96: strerror(errno));
97:
98: debug("Executing proxy command: %.500s", command_string);
99:
100: /* Fork and execute the proxy command. */
101: if ((pid = fork()) == 0)
102: {
103: char *argv[10];
104:
105: /* Child. Permanently give up superuser privileges. */
106: permanently_set_uid(original_real_uid);
107:
108: /* Redirect stdin and stdout. */
109: close(pin[1]);
110: if (pin[0] != 0)
111: {
112: if (dup2(pin[0], 0) < 0)
113: perror("dup2 stdin");
114: close(pin[0]);
115: }
116: close(pout[0]);
117: if (dup2(pout[1], 1) < 0)
118: perror("dup2 stdout");
119: close(pout[1]); /* Cannot be 1 because pin allocated two descriptors. */
120:
121: /* Stderr is left as it is so that error messages get printed on
122: the user's terminal. */
123: argv[0] = "/bin/sh";
124: argv[1] = "-c";
125: argv[2] = command_string;
126: argv[3] = NULL;
127:
128: /* Execute the proxy command. Note that we gave up any extra
129: privileges above. */
130: execv("/bin/sh", argv);
131: perror("/bin/sh");
132: exit(1);
133: }
134: /* Parent. */
135: if (pid < 0)
136: fatal("fork failed: %.100s", strerror(errno));
137:
138: /* Close child side of the descriptors. */
139: close(pin[0]);
140: close(pout[1]);
141:
142: /* Free the command name. */
143: buffer_free(&command);
144:
145: /* Set the connection file descriptors. */
1.3 provos 146: packet_set_connection(pout[0], pin[1]);
1.1 deraadt 147:
148: return 1;
149: }
150:
151: /* Creates a (possibly privileged) socket for use as the ssh connection. */
152:
153: int ssh_create_socket(uid_t original_real_uid, int privileged)
154: {
155: int sock;
156:
157: /* If we are running as root and want to connect to a privileged port,
158: bind our own socket to a privileged port. */
159: if (privileged)
160: {
161: struct sockaddr_in sin;
1.2 deraadt 162: int p = IPPORT_RESERVED - 1;
163:
164: sock = rresvport(&p);
165: if (sock < 0)
166: fatal("rresvport: %.100s", strerror(errno));
1.1 deraadt 167: debug("Allocated local port %d.", p);
168: }
169: else
170: {
171: /* Just create an ordinary socket on arbitrary port. We use the
172: user's uid to create the socket. */
173: temporarily_use_uid(original_real_uid);
174: sock = socket(AF_INET, SOCK_STREAM, 0);
175: if (sock < 0)
176: fatal("socket: %.100s", strerror(errno));
177: restore_uid();
178: }
179: return sock;
180: }
181:
182: /* Opens a TCP/IP connection to the remote server on the given host. If
183: port is 0, the default port will be used. If anonymous is zero,
184: a privileged port will be allocated to make the connection.
185: This requires super-user privileges if anonymous is false.
186: Connection_attempts specifies the maximum number of tries (one per
187: second). If proxy_command is non-NULL, it specifies the command (with %h
188: and %p substituted for host and port, respectively) to use to contact
189: the daemon. */
190:
191: int ssh_connect(const char *host, int port, int connection_attempts,
192: int anonymous, uid_t original_real_uid,
1.3 provos 193: const char *proxy_command)
1.1 deraadt 194: {
195: int sock = -1, attempt, i;
196: int on = 1;
197: struct servent *sp;
198: struct hostent *hp;
199: struct sockaddr_in hostaddr;
200: #ifdef SO_LINGER
201: struct linger linger;
202: #endif /* SO_LINGER */
203:
204: debug("ssh_connect: getuid %d geteuid %d anon %d",
205: (int)getuid(), (int)geteuid(), anonymous);
206:
207: /* Get default port if port has not been set. */
208: if (port == 0)
209: {
210: sp = getservbyname(SSH_SERVICE_NAME, "tcp");
211: if (sp)
212: port = ntohs(sp->s_port);
213: else
214: port = SSH_DEFAULT_PORT;
215: }
216:
217: /* If a proxy command is given, connect using it. */
218: if (proxy_command != NULL)
1.3 provos 219: return ssh_proxy_connect(host, port, original_real_uid, proxy_command);
1.1 deraadt 220:
221: /* No proxy command. */
222:
223: /* No host lookup made yet. */
224: hp = NULL;
225:
226: /* Try to connect several times. On some machines, the first time will
227: sometimes fail. In general socket code appears to behave quite
228: magically on many machines. */
229: for (attempt = 0; attempt < connection_attempts; attempt++)
230: {
231: if (attempt > 0)
232: debug("Trying again...");
233:
234: /* Try to parse the host name as a numeric inet address. */
235: memset(&hostaddr, 0, sizeof(hostaddr));
236: hostaddr.sin_family = AF_INET;
237: hostaddr.sin_port = htons(port);
238: #ifdef BROKEN_INET_ADDR
239: hostaddr.sin_addr.s_addr = inet_network(host);
240: #else /* BROKEN_INET_ADDR */
241: hostaddr.sin_addr.s_addr = inet_addr(host);
242: #endif /* BROKEN_INET_ADDR */
243: if ((hostaddr.sin_addr.s_addr & 0xffffffff) != 0xffffffff)
244: {
245: /* Valid numeric IP address */
246: debug("Connecting to %.100s port %d.",
247: inet_ntoa(hostaddr.sin_addr), port);
248:
249: /* Create a socket. */
250: sock = ssh_create_socket(original_real_uid,
251: !anonymous && geteuid() == 0 &&
252: port < 1024);
253:
254: /* Connect to the host. We use the user's uid in the hope that
255: it will help with the problems of tcp_wrappers showing the
256: remote uid as root. */
257: temporarily_use_uid(original_real_uid);
258: if (connect(sock, (struct sockaddr *)&hostaddr, sizeof(hostaddr))
259: >= 0)
260: {
261: /* Successful connect. */
262: restore_uid();
263: break;
264: }
265: debug("connect: %.100s", strerror(errno));
266: restore_uid();
267:
268: /* Destroy the failed socket. */
269: shutdown(sock, 2);
270: close(sock);
271: }
272: else
273: {
274: /* Not a valid numeric inet address. */
275: /* Map host name to an address. */
276: if (!hp)
277: hp = gethostbyname(host);
278: if (!hp)
279: fatal("Bad host name: %.100s", host);
280: if (!hp->h_addr_list[0])
281: fatal("Host does not have an IP address: %.100s", host);
282:
283: /* Loop through addresses for this host, and try each one in
284: sequence until the connection succeeds. */
285: for (i = 0; hp->h_addr_list[i]; i++)
286: {
287: /* Set the address to connect to. */
288: hostaddr.sin_family = hp->h_addrtype;
289: memcpy(&hostaddr.sin_addr, hp->h_addr_list[i],
290: sizeof(hostaddr.sin_addr));
291:
292: debug("Connecting to %.200s [%.100s] port %d.",
293: host, inet_ntoa(hostaddr.sin_addr), port);
294:
295: /* Create a socket for connecting. */
296: sock = ssh_create_socket(original_real_uid,
297: !anonymous && geteuid() == 0 &&
298: port < 1024);
299:
300: /* Connect to the host. We use the user's uid in the hope that
301: it will help with tcp_wrappers showing the remote uid as
302: root. */
303: temporarily_use_uid(original_real_uid);
304: if (connect(sock, (struct sockaddr *)&hostaddr,
305: sizeof(hostaddr)) >= 0)
306: {
307: /* Successful connection. */
308: restore_uid();
309: break;
310: }
311: debug("connect: %.100s", strerror(errno));
312: restore_uid();
313:
314: /* Close the failed socket; there appear to be some problems
315: when reusing a socket for which connect() has already
316: returned an error. */
317: shutdown(sock, 2);
318: close(sock);
319: }
320: if (hp->h_addr_list[i])
321: break; /* Successful connection. */
322: }
323:
324: /* Sleep a moment before retrying. */
325: sleep(1);
326: }
327: /* Return failure if we didn't get a successful connection. */
328: if (attempt >= connection_attempts)
329: return 0;
330:
331: debug("Connection established.");
332:
333: /* Set socket options. We would like the socket to disappear as soon as
334: it has been closed for whatever reason. */
335: /* setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void *)&on, sizeof(on)); */
336: #ifdef TCP_NODELAY
337: setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, (void *)&on, sizeof(on));
338: #endif /* TCP_NODELAY */
339: #ifdef SO_LINGER
340: linger.l_onoff = 1;
341: linger.l_linger = 5;
342: setsockopt(sock, SOL_SOCKET, SO_LINGER, (void *)&linger, sizeof(linger));
343: #endif /* SO_LINGER */
344:
345: /* Set the connection. */
1.3 provos 346: packet_set_connection(sock, sock);
1.1 deraadt 347:
348: return 1;
349: }
350:
351: /* Checks if the user has an authentication agent, and if so, tries to
352: authenticate using the agent. */
353:
1.3 provos 354: int
355: try_agent_authentication()
1.1 deraadt 356: {
357: int status, type, bits;
358: char *comment;
359: AuthenticationConnection *auth;
360: unsigned char response[16];
361: unsigned int i;
1.3 provos 362: BIGNUM *e, *n, *challenge;
1.1 deraadt 363:
364: /* Get connection to the agent. */
365: auth = ssh_get_authentication_connection();
366: if (!auth)
367: return 0;
368:
1.3 provos 369: e = BN_new();
370: n = BN_new();
371: challenge = BN_new();
1.1 deraadt 372:
373: /* Loop through identities served by the agent. */
1.3 provos 374: for (status = ssh_get_first_identity(auth, &bits, e, n, &comment);
1.1 deraadt 375: status;
1.3 provos 376: status = ssh_get_next_identity(auth, &bits, e, n, &comment))
1.1 deraadt 377: {
378: int plen, clen;
379:
380: /* Try this identity. */
381: debug("Trying RSA authentication via agent with '%.100s'", comment);
382: xfree(comment);
383:
384: /* Tell the server that we are willing to authenticate using this key. */
385: packet_start(SSH_CMSG_AUTH_RSA);
1.3 provos 386: packet_put_bignum(n);
1.1 deraadt 387: packet_send();
388: packet_write_wait();
389:
390: /* Wait for server's response. */
391: type = packet_read(&plen);
392:
393: /* The server sends failure if it doesn\'t like our key or does not
394: support RSA authentication. */
395: if (type == SSH_SMSG_FAILURE)
396: {
397: debug("Server refused our key.");
398: continue;
399: }
400:
401: /* Otherwise it should have sent a challenge. */
402: if (type != SSH_SMSG_AUTH_RSA_CHALLENGE)
403: packet_disconnect("Protocol error during RSA authentication: %d",
404: type);
405:
1.3 provos 406: packet_get_bignum(challenge, &clen);
1.1 deraadt 407:
408: packet_integrity_check(plen, clen, type);
409:
410: debug("Received RSA challenge from server.");
411:
412: /* Ask the agent to decrypt the challenge. */
1.3 provos 413: if (!ssh_decrypt_challenge(auth, bits, e, n, challenge,
1.1 deraadt 414: session_id, 1, response))
415: {
416: /* The agent failed to authenticate this identifier although it
417: advertised it supports this. Just return a wrong value. */
418: log("Authentication agent failed to decrypt challenge.");
419: memset(response, 0, sizeof(response));
420: }
421:
422: debug("Sending response to RSA challenge.");
423:
424: /* Send the decrypted challenge back to the server. */
425: packet_start(SSH_CMSG_AUTH_RSA_RESPONSE);
426: for (i = 0; i < 16; i++)
427: packet_put_char(response[i]);
428: packet_send();
429: packet_write_wait();
430:
431: /* Wait for response from the server. */
432: type = packet_read(&plen);
433:
434: /* The server returns success if it accepted the authentication. */
435: if (type == SSH_SMSG_SUCCESS)
436: {
437: debug("RSA authentication accepted by server.");
1.3 provos 438: BN_clear_free(e);
439: BN_clear_free(n);
440: BN_clear_free(challenge);
1.1 deraadt 441: return 1;
442: }
443:
444: /* Otherwise it should return failure. */
445: if (type != SSH_SMSG_FAILURE)
446: packet_disconnect("Protocol error waiting RSA auth response: %d",
447: type);
448: }
449:
1.3 provos 450: BN_clear_free(e);
451: BN_clear_free(n);
452: BN_clear_free(challenge);
1.1 deraadt 453:
454: debug("RSA authentication using agent refused.");
455: return 0;
456: }
457:
458: /* Computes the proper response to a RSA challenge, and sends the response to
459: the server. */
460:
1.3 provos 461: void
462: respond_to_rsa_challenge(BIGNUM *challenge, RSA *prv)
1.1 deraadt 463: {
464: unsigned char buf[32], response[16];
465: struct MD5Context md;
1.3 provos 466: int i, len;
1.1 deraadt 467:
468: /* Decrypt the challenge using the private key. */
469: rsa_private_decrypt(challenge, challenge, prv);
470:
471: /* Compute the response. */
472: /* The response is MD5 of decrypted challenge plus session id. */
1.3 provos 473: len = BN_num_bytes(challenge);
474: assert(len <= sizeof(buf) && len);
475: memset(buf, 0, sizeof(buf));
476: BN_bn2bin(challenge, buf + sizeof(buf) - len);
1.1 deraadt 477: MD5Init(&md);
478: MD5Update(&md, buf, 32);
479: MD5Update(&md, session_id, 16);
480: MD5Final(response, &md);
481:
482: debug("Sending response to host key RSA challenge.");
483:
484: /* Send the response back to the server. */
485: packet_start(SSH_CMSG_AUTH_RSA_RESPONSE);
486: for (i = 0; i < 16; i++)
487: packet_put_char(response[i]);
488: packet_send();
489: packet_write_wait();
490:
491: memset(buf, 0, sizeof(buf));
492: memset(response, 0, sizeof(response));
493: memset(&md, 0, sizeof(md));
494: }
495:
496: /* Checks if the user has authentication file, and if so, tries to authenticate
497: the user using it. */
498:
1.3 provos 499: int
500: try_rsa_authentication(struct passwd *pw, const char *authfile,
501: int may_ask_passphrase)
1.1 deraadt 502: {
1.3 provos 503: BIGNUM *challenge;
504: RSA *private_key;
505: RSA *public_key;
1.1 deraadt 506: char *passphrase, *comment;
507: int type, i;
508: int plen, clen;
509:
510: /* Try to load identification for the authentication key. */
1.3 provos 511: public_key = RSA_new();
512: if (!load_public_key(authfile, public_key, &comment)) {
513: RSA_free(public_key);
1.1 deraadt 514: return 0; /* Could not load it. Fail. */
1.3 provos 515: }
1.1 deraadt 516:
517: debug("Trying RSA authentication with key '%.100s'", comment);
518:
519: /* Tell the server that we are willing to authenticate using this key. */
520: packet_start(SSH_CMSG_AUTH_RSA);
1.3 provos 521: packet_put_bignum(public_key->n);
1.1 deraadt 522: packet_send();
523: packet_write_wait();
524:
525: /* We no longer need the public key. */
1.3 provos 526: RSA_free(public_key);
1.1 deraadt 527:
528: /* Wait for server's response. */
529: type = packet_read(&plen);
530:
531: /* The server responds with failure if it doesn\'t like our key or doesn\'t
532: support RSA authentication. */
533: if (type == SSH_SMSG_FAILURE)
534: {
535: debug("Server refused our key.");
536: xfree(comment);
537: return 0; /* Server refuses to authenticate with this key. */
538: }
539:
540: /* Otherwise, the server should respond with a challenge. */
541: if (type != SSH_SMSG_AUTH_RSA_CHALLENGE)
542: packet_disconnect("Protocol error during RSA authentication: %d", type);
543:
544: /* Get the challenge from the packet. */
1.3 provos 545: challenge = BN_new();
546: packet_get_bignum(challenge, &clen);
1.1 deraadt 547:
548: packet_integrity_check(plen, clen, type);
549:
550: debug("Received RSA challenge from server.");
551:
1.3 provos 552: private_key = RSA_new();
1.1 deraadt 553: /* Load the private key. Try first with empty passphrase; if it fails,
554: ask for a passphrase. */
1.3 provos 555: if (!load_private_key(authfile, "", private_key, NULL))
1.1 deraadt 556: {
557: char buf[300];
558: /* Request passphrase from the user. We read from /dev/tty to make
559: this work even if stdin has been redirected. If running in
560: batch mode, we just use the empty passphrase, which will fail and
561: return. */
562: sprintf(buf, "Enter passphrase for RSA key '%.100s': ", comment);
563: if (may_ask_passphrase)
564: passphrase = read_passphrase(buf, 0);
565: else
566: {
567: debug("Will not query passphrase for %.100s in batch mode.",
568: comment);
569: passphrase = xstrdup("");
570: }
571:
572: /* Load the authentication file using the pasphrase. */
1.3 provos 573: if (!load_private_key(authfile, passphrase, private_key, NULL))
1.1 deraadt 574: {
575: memset(passphrase, 0, strlen(passphrase));
576: xfree(passphrase);
577: error("Bad passphrase.");
578:
579: /* Send a dummy response packet to avoid protocol error. */
580: packet_start(SSH_CMSG_AUTH_RSA_RESPONSE);
581: for (i = 0; i < 16; i++)
582: packet_put_char(0);
583: packet_send();
584: packet_write_wait();
585:
586: /* Expect the server to reject it... */
587: packet_read_expect(&plen, SSH_SMSG_FAILURE);
588: xfree(comment);
589: return 0;
590: }
591:
592: /* Destroy the passphrase. */
593: memset(passphrase, 0, strlen(passphrase));
594: xfree(passphrase);
595: }
596:
597: /* We no longer need the comment. */
598: xfree(comment);
599:
600: /* Compute and send a response to the challenge. */
1.3 provos 601: respond_to_rsa_challenge(challenge, private_key);
1.1 deraadt 602:
603: /* Destroy the private key. */
1.3 provos 604: RSA_free(private_key);
1.1 deraadt 605:
606: /* We no longer need the challenge. */
1.3 provos 607: BN_clear_free(challenge);
1.1 deraadt 608:
609: /* Wait for response from the server. */
610: type = packet_read(&plen);
611: if (type == SSH_SMSG_SUCCESS)
612: {
613: debug("RSA authentication accepted by server.");
614: return 1;
615: }
616: if (type != SSH_SMSG_FAILURE)
617: packet_disconnect("Protocol error waiting RSA auth response: %d", type);
618: debug("RSA authentication refused.");
619: return 0;
620: }
621:
622: /* Tries to authenticate the user using combined rhosts or /etc/hosts.equiv
623: authentication and RSA host authentication. */
624:
1.3 provos 625: int
626: try_rhosts_rsa_authentication(const char *local_user, RSA *host_key)
1.1 deraadt 627: {
628: int type;
1.3 provos 629: BIGNUM *challenge;
1.1 deraadt 630: int plen, clen;
631:
632: debug("Trying rhosts or /etc/hosts.equiv with RSA host authentication.");
633:
634: /* Tell the server that we are willing to authenticate using this key. */
635: packet_start(SSH_CMSG_AUTH_RHOSTS_RSA);
636: packet_put_string(local_user, strlen(local_user));
1.3 provos 637: packet_put_int(BN_num_bits(host_key->n));
638: packet_put_bignum(host_key->e);
639: packet_put_bignum(host_key->n);
1.1 deraadt 640: packet_send();
641: packet_write_wait();
642:
643: /* Wait for server's response. */
644: type = packet_read(&plen);
645:
646: /* The server responds with failure if it doesn't admit our .rhosts
647: authentication or doesn't know our host key. */
648: if (type == SSH_SMSG_FAILURE)
649: {
650: debug("Server refused our rhosts authentication or host key.");
651: return 0; /* Server refuses to authenticate us with this method. */
652: }
653:
654: /* Otherwise, the server should respond with a challenge. */
655: if (type != SSH_SMSG_AUTH_RSA_CHALLENGE)
656: packet_disconnect("Protocol error during RSA authentication: %d", type);
657:
658: /* Get the challenge from the packet. */
1.3 provos 659: challenge = BN_new();
660: packet_get_bignum(challenge, &clen);
1.1 deraadt 661:
662: packet_integrity_check(plen, clen, type);
663:
664: debug("Received RSA challenge for host key from server.");
665:
666: /* Compute a response to the challenge. */
1.3 provos 667: respond_to_rsa_challenge(challenge, host_key);
1.1 deraadt 668:
669: /* We no longer need the challenge. */
1.3 provos 670: BN_clear_free(challenge);
1.1 deraadt 671:
672: /* Wait for response from the server. */
673: type = packet_read(&plen);
674: if (type == SSH_SMSG_SUCCESS)
675: {
676: debug("Rhosts or /etc/hosts.equiv with RSA host authentication accepted by server.");
677: return 1;
678: }
679: if (type != SSH_SMSG_FAILURE)
680: packet_disconnect("Protocol error waiting RSA auth response: %d", type);
681: debug("Rhosts or /etc/hosts.equiv with RSA host authentication refused.");
682: return 0;
683: }
684:
685: #ifdef KRB4
686: int try_kerberos_authentication()
687: {
688: KTEXT_ST auth; /* Kerberos data */
689: char *reply;
690: char inst[INST_SZ];
691: char *realm;
692: CREDENTIALS cred;
693: int r, type;
694: Key_schedule schedule;
695: u_long checksum, cksum;
696: MSG_DAT msg_data;
697: struct sockaddr_in local, foreign;
698: struct stat st;
699: int plen;
700:
701: /* Don't do anything if we don't have any tickets. */
702: if (stat(tkt_string(), &st) < 0) return 0;
703:
704: debug("Trying Kerberos authentication.");
705: strncpy(inst, (char *) krb_get_phost(get_canonical_hostname()), INST_SZ);
706:
707: realm = (char *)krb_realmofhost(get_canonical_hostname());
708: if (!realm) {
709: debug("Kerberos V4: no realm for %.100s", get_canonical_hostname());
710: return 0;
711: }
712: /* This can really be anything. */
713: checksum = (u_long) getpid();
714:
715: r = krb_mk_req(&auth, KRB4_SERVICE_NAME, inst, realm, checksum);
716: if (r != KSUCCESS) {
717: debug("Kerberos V4 krb_mk_req failed: %.100s", krb_err_txt[r]);
718: return 0;
719: }
720: /* Get session key to decrypt the server's reply with. */
721: r = krb_get_cred(KRB4_SERVICE_NAME, inst, realm, &cred);
722: if (r != KSUCCESS) {
723: debug("get_cred failed: %.100s", krb_err_txt[r]);
724: return 0;
725: }
726: des_key_sched((des_cblock *)cred.session, schedule);
727:
728: /* Send authentication info to server. */
729: packet_start(SSH_CMSG_AUTH_KERBEROS);
730: packet_put_string((char *)auth.dat, auth.length);
731: packet_send();
732: packet_write_wait();
733:
734: /* zero the buffer */
735: (void) memset(auth.dat, 0, MAX_KTXT_LEN);
736:
737: r = sizeof(local);
738: memset(&local, 0, sizeof(local));
739: if (getsockname(packet_get_connection_in(),
740: (struct sockaddr *) &local, &r) < 0)
741: debug("getsockname failed: %.100s", strerror(errno));
742:
743: r = sizeof(foreign);
744: memset(&foreign, 0, sizeof(foreign));
745: if (getpeername(packet_get_connection_in(),
746: (struct sockaddr *)&foreign, &r) < 0)
747: debug("getpeername failed: %.100s", strerror(errno));
748:
749: /* Get server reply. */
750: type = packet_read(&plen);
751: switch(type) {
752:
753: case SSH_SMSG_FAILURE: /* Should really be SSH_SMSG_AUTH_KERBEROS_FAILURE */
754: debug("Kerberos V4 authentication failed.");
755: return 0;
756: break;
757:
758: case SSH_SMSG_AUTH_KERBEROS_RESPONSE: /* SSH_SMSG_AUTH_KERBEROS_SUCCESS */
759: debug("Kerberos V4 authentication accepted.");
760:
761: /* Get server's response. */
762: reply = packet_get_string((unsigned int *)&auth.length);
763: memcpy(auth.dat, reply, auth.length);
764: xfree(reply);
765:
766: packet_integrity_check(plen, 4 + auth.length, type);
767:
768: /* If his response isn't properly encrypted with the session key,
769: and the decrypted checksum fails to match, he's bogus. Bail out. */
770: r = krb_rd_priv(auth.dat, auth.length, schedule, &cred.session,
771: &foreign, &local, &msg_data);
772: if (r != KSUCCESS) {
773: debug("Kerberos V4 krb_rd_priv failed: %.100s", krb_err_txt[r]);
774: packet_disconnect("Kerberos V4 challenge failed!");
775: }
776: /* fetch the (incremented) checksum that we supplied in the request */
777: (void)memcpy((char *)&cksum, (char *)msg_data.app_data, sizeof(cksum));
778: cksum = ntohl(cksum);
779:
780: /* If it matches, we're golden. */
781: if (cksum == checksum + 1) {
782: debug("Kerberos V4 challenge successful.");
783: return 1;
784: }
785: else
786: packet_disconnect("Kerberos V4 challenge failed!");
787: break;
788:
789: default:
790: packet_disconnect("Protocol error on Kerberos V4 response: %d", type);
791: }
792: return 0;
793: }
794: #endif /* KRB4 */
795:
796: #ifdef AFS
797:
798: #ifdef KERBEROS_TGT_PASSING
799: int send_kerberos_tgt()
800: {
801: CREDENTIALS *creds;
802: char pname[ANAME_SZ], pinst[INST_SZ], prealm[REALM_SZ];
803: int r, plen, type;
804: unsigned char buffer[8192];
805: struct stat st;
806:
807: /* Don't do anything if we don't have any tickets. */
808: if (stat(tkt_string(), &st) < 0) return 0;
809:
810: creds = xmalloc(sizeof(CREDENTIALS));
811:
812: if ((r=krb_get_tf_fullname(TKT_FILE,pname,pinst,prealm)) != KSUCCESS) {
813: debug("Kerberos V4 tf_fullname failed: %.100s",krb_err_txt[r]);
814: return 0;
815: }
816: if ((r=krb_get_cred("krbtgt", prealm, prealm, creds)) != GC_OK) {
817: debug("Kerberos V4 get_cred failed: %.100s", krb_err_txt[r]);
818: return 0;
819: }
820: if (time(0) > krb_life_to_time(creds->issue_date, creds->lifetime)) {
821: debug("Kerberos V4 ticket expired: %.100s", TKT_FILE);
822: return 0;
823: }
824:
825: creds_to_radix(creds, buffer);
826: xfree(creds);
827:
828: packet_start(SSH_CMSG_HAVE_KERBEROS_TGT);
829: packet_put_string((char *)buffer, strlen(buffer));
830: packet_send();
831: packet_write_wait();
832:
833: type = packet_read(&plen);
834:
835: if (type == SSH_SMSG_FAILURE)
836: debug("Kerberos TGT for realm %.100s rejected.", prealm);
837: else if (type != SSH_SMSG_SUCCESS)
838: packet_disconnect("Protocol error on Kerberos TGT response: %d", type);
839:
840: return 1;
841: }
842: #endif /* KERBEROS_TGT_PASSING */
843:
844: /* Forwards our AFS tokens to the server. */
845: void send_afs_tokens(void)
846: {
847: CREDENTIALS creds;
848: struct ViceIoctl parms;
849: struct ClearToken ct;
850: int i, type;
851: int len, plen;
852: char buf[2048], *p, *server_cell;
853: unsigned char buffer[8192];
854:
855: /* Move over ktc_GetToken, here's something leaner. */
856: for (i = 0; i < 100; i++) { /* just in case */
857: parms.in = (char *)&i;
858: parms.in_size = sizeof(i);
859: parms.out = buf;
860: parms.out_size = sizeof(buf);
861: if (k_pioctl(0, VIOCGETTOK, &parms, 0) != 0) break;
862: p = buf;
863:
864: /* Get secret token. */
865: memcpy(&creds.ticket_st.length, p, sizeof(unsigned int));
866: if (creds.ticket_st.length > MAX_KTXT_LEN) break;
867: p += sizeof(unsigned int);
868: memcpy(creds.ticket_st.dat, p, creds.ticket_st.length);
869: p += creds.ticket_st.length;
870:
871: /* Get clear token. */
872: memcpy(&len, p, sizeof(len));
873: if (len != sizeof(struct ClearToken)) break;
874: p += sizeof(len);
875: memcpy(&ct, p, len);
876: p += len;
877: p += sizeof(len); /* primary flag */
878: server_cell = p;
879:
880: /* Flesh out our credentials. */
881: strcpy(creds.service, "afs");
882: creds.instance[0] = '\0';
883: strncpy(creds.realm, server_cell, REALM_SZ);
884: memcpy(creds.session, ct.HandShakeKey, DES_KEY_SZ);
885: creds.issue_date = ct.BeginTimestamp;
886: creds.lifetime = krb_time_to_life(creds.issue_date, ct.EndTimestamp);
887: creds.kvno = ct.AuthHandle;
888: sprintf(creds.pname, "AFS ID %d", ct.ViceId);
889: creds.pinst[0] = '\0';
890:
891: /* Encode token, ship it off. */
892: if (!creds_to_radix(&creds, buffer)) break;
893: packet_start(SSH_CMSG_HAVE_AFS_TOKEN);
894: packet_put_string((char *)buffer, strlen(buffer));
895: packet_send();
896: packet_write_wait();
897:
898: /* Roger, Roger. Clearance, Clarence. What's your vector, Victor? */
899: type = packet_read(&plen);
900:
901: if (type == SSH_SMSG_FAILURE)
902: debug("AFS token for cell %.100s rejected.", server_cell);
903: else if (type != SSH_SMSG_SUCCESS)
904: packet_disconnect("Protocol error on AFS token response: %d", type);
905: }
906: }
907: #endif /* AFS */
908:
909: /* Waits for the server identification string, and sends our own identification
910: string. */
911:
912: void ssh_exchange_identification()
913: {
914: char buf[256], remote_version[256]; /* must be same size! */
915: int remote_major, remote_minor, i;
916: int connection_in = packet_get_connection_in();
917: int connection_out = packet_get_connection_out();
918:
919: /* Read other side\'s version identification. */
920: for (i = 0; i < sizeof(buf) - 1; i++)
921: {
922: if (read(connection_in, &buf[i], 1) != 1)
923: fatal("read: %.100s", strerror(errno));
924: if (buf[i] == '\r')
925: {
926: buf[i] = '\n';
927: buf[i + 1] = 0;
928: break;
929: }
930: if (buf[i] == '\n')
931: {
932: buf[i + 1] = 0;
933: break;
934: }
935: }
936: buf[sizeof(buf) - 1] = 0;
937:
938: /* Check that the versions match. In future this might accept several
939: versions and set appropriate flags to handle them. */
940: if (sscanf(buf, "SSH-%d.%d-%[^\n]\n", &remote_major, &remote_minor,
941: remote_version) != 3)
942: fatal("Bad remote protocol version identification: '%.100s'", buf);
943: debug("Remote protocol version %d.%d, remote software version %.100s",
944: remote_major, remote_minor, remote_version);
945: #if 0
946: /* Removed for now, to permit compatibility with latter versions. The server
947: will reject our version and disconnect if it doesn't support it. */
948: if (remote_major != PROTOCOL_MAJOR)
949: fatal("Protocol major versions differ: %d vs. %d",
950: PROTOCOL_MAJOR, remote_major);
951: #endif
952:
953: /* Check if the remote protocol version is too old. */
954: if (remote_major == 1 && remote_minor == 0)
955: fatal("Remote machine has too old SSH software version.");
956:
957: /* Send our own protocol version identification. */
958: sprintf(buf, "SSH-%d.%d-%.100s\n",
959: PROTOCOL_MAJOR, PROTOCOL_MINOR, SSH_VERSION);
960: if (write(connection_out, buf, strlen(buf)) != strlen(buf))
961: fatal("write: %.100s", strerror(errno));
962: }
963:
964: int ssh_cipher_default = SSH_CIPHER_3DES;
965:
966: int read_yes_or_no(const char *prompt, int defval)
967: {
968: char buf[1024];
969: FILE *f;
970: int retval = -1;
971:
972: if (isatty(0))
973: f = stdin;
974: else
975: f = fopen("/dev/tty", "rw");
976:
977: if (f == NULL)
978: return 0;
979:
980: fflush(stdout);
981:
982: while (1)
983: {
984: fprintf(stderr, "%s", prompt);
985: if (fgets(buf, sizeof(buf), f) == NULL)
986: {
987: /* Print a newline (the prompt probably didn\'t have one). */
988: fprintf(stderr, "\n");
989: strcpy(buf, "no");
990: }
991: /* Remove newline from response. */
992: if (strchr(buf, '\n'))
993: *strchr(buf, '\n') = 0;
994:
995: if (buf[0] == 0)
996: retval = defval;
997: if (strcmp(buf, "yes") == 0)
998: retval = 1;
999: if (strcmp(buf, "no") == 0)
1000: retval = 0;
1001:
1002: if (retval != -1)
1003: {
1004: if (f != stdin)
1005: fclose(f);
1006: return retval;
1007: }
1008: }
1009: }
1010:
1011: /* Starts a dialog with the server, and authenticates the current user on the
1012: server. This does not need any extra privileges. The basic connection
1013: to the server must already have been established before this is called.
1014: User is the remote user; if it is NULL, the current local user name will
1015: be used. Anonymous indicates that no rhosts authentication will be used.
1016: If login fails, this function prints an error and never returns.
1017: This function does not require super-user privileges. */
1018:
1.3 provos 1019: void ssh_login(int host_key_valid,
1020: RSA *own_host_key,
1.1 deraadt 1021: const char *orighost,
1022: Options *options, uid_t original_real_uid)
1023: {
1024: int i, type;
1025: char buf[1024];
1026: char *password;
1027: struct passwd *pw;
1.3 provos 1028: BIGNUM *key;
1029: RSA *host_key;
1030: RSA *public_key;
1.1 deraadt 1031: unsigned char session_key[SSH_SESSION_KEY_LENGTH];
1032: const char *server_user, *local_user;
1033: char *cp, *host;
1034: struct stat st;
1035: unsigned char check_bytes[8];
1036: unsigned int supported_ciphers, supported_authentications, protocol_flags;
1037: HostStatus host_status;
1038: int payload_len, clen, sum_len = 0;
1.3 provos 1039: u_int32_t rand;
1.1 deraadt 1040:
1041: /* Convert the user-supplied hostname into all lowercase. */
1042: host = xstrdup(orighost);
1043: for (cp = host; *cp; cp++)
1044: if (isupper(*cp))
1045: *cp = tolower(*cp);
1046:
1047: /* Exchange protocol version identification strings with the server. */
1048: ssh_exchange_identification();
1049:
1050: /* Put the connection into non-blocking mode. */
1051: packet_set_nonblocking();
1052:
1053: /* Get local user name. Use it as server user if no user name
1054: was given. */
1055: pw = getpwuid(original_real_uid);
1056: if (!pw)
1057: fatal("User id %d not found from user database.", original_real_uid);
1058: local_user = xstrdup(pw->pw_name);
1059: server_user = options->user ? options->user : local_user;
1060:
1061: debug("Waiting for server public key.");
1062:
1063: /* Wait for a public key packet from the server. */
1064: packet_read_expect(&payload_len, SSH_SMSG_PUBLIC_KEY);
1065:
1066: /* Get check bytes from the packet. */
1067: for (i = 0; i < 8; i++)
1068: check_bytes[i] = packet_get_char();
1069:
1070: /* Get the public key. */
1.3 provos 1071: public_key = RSA_new();
1072: packet_get_int(); /* bits */
1073: public_key->e = BN_new();
1074: packet_get_bignum(public_key->e, &clen);
1.1 deraadt 1075: sum_len += clen;
1.3 provos 1076: public_key->n = BN_new();
1077: packet_get_bignum(public_key->n, &clen);
1.1 deraadt 1078: sum_len += clen;
1079:
1080: /* Get the host key. */
1.3 provos 1081: host_key = RSA_new();
1082: packet_get_int(); /* bits */
1083: host_key->e = BN_new();
1084: packet_get_bignum(host_key->e, &clen);
1.1 deraadt 1085: sum_len += clen;
1.3 provos 1086: host_key->n = BN_new();
1087: packet_get_bignum(host_key->n, &clen);
1.1 deraadt 1088: sum_len += clen;
1089:
1090: /* Get protocol flags. */
1091: protocol_flags = packet_get_int();
1092: packet_set_protocol_flags(protocol_flags);
1093:
1094: /* Get supported cipher types. */
1095: supported_ciphers = packet_get_int();
1096:
1097: /* Get supported authentication types. */
1098: supported_authentications = packet_get_int();
1099:
1100: debug("Received server public key (%d bits) and host key (%d bits).",
1.3 provos 1101: BN_num_bits(public_key->n), BN_num_bits(host_key->n));
1.1 deraadt 1102:
1103: packet_integrity_check(payload_len,
1104: 8 + 4 + sum_len + 0 + 4 + 0 + 0 + 4 + 4 + 4,
1105: SSH_SMSG_PUBLIC_KEY);
1106:
1107: /* Compute the session id. */
1.3 provos 1108: compute_session_id(session_id, check_bytes,
1109: BN_num_bits(host_key->n), host_key->n,
1110: BN_num_bits(public_key->n), public_key->n);
1.1 deraadt 1111:
1112: /* Check if the host key is present in the user\'s list of known hosts
1113: or in the systemwide list. */
1114: host_status = check_host_in_hostfile(options->user_hostfile,
1.3 provos 1115: host, BN_num_bits(host_key->n),
1116: host_key->e, host_key->n);
1.1 deraadt 1117: if (host_status == HOST_NEW)
1118: host_status = check_host_in_hostfile(options->system_hostfile, host,
1.3 provos 1119: BN_num_bits(host_key->n),
1120: host_key->e, host_key->n);
1.1 deraadt 1121:
1122: /* Force accepting of the host key for localhost and 127.0.0.1.
1123: The problem is that if the home directory is NFS-mounted to multiple
1124: machines, localhost will refer to a different machine in each of them,
1125: and the user will get bogus HOST_CHANGED warnings. This essentially
1126: disables host authentication for localhost; however, this is probably
1127: not a real problem. */
1128: if (strcmp(host, "localhost") == 0 ||
1129: strcmp(host, "127.0.0.1") == 0)
1130: {
1131: debug("Forcing accepting of host key for localhost.");
1132: host_status = HOST_OK;
1133: }
1134:
1135: switch (host_status)
1136: {
1137: case HOST_OK:
1138: /* The host is known and the key matches. */
1139: debug("Host '%.200s' is known and matches the host key.", host);
1140: break;
1141: case HOST_NEW:
1142: /* The host is new. */
1143: if (options->strict_host_key_checking == 1)
1144: { /* User has requested strict host key checking. We will not
1145: add the host key automatically. The only alternative left
1146: is to abort. */
1147: fatal("No host key is known for %.200s and you have requested strict checking.", host);
1148: }
1149: else if (options->strict_host_key_checking == 2) /* The default */
1150: {
1151: char prompt[1024];
1152: sprintf(prompt,
1153: "The authenticity of host '%.200s' can't be established.\n"
1154: "Are you sure you want to continue connecting (yes/no)? ",
1155: host);
1156: if (!read_yes_or_no(prompt, -1))
1157: fatal("Aborted by user!\n");
1158: }
1159: /* If not in strict mode, add the key automatically to the local
1160: known_hosts file. */
1.3 provos 1161: if (!add_host_to_hostfile(options->user_hostfile, host,
1162: BN_num_bits(host_key->n),
1163: host_key->e, host_key->n))
1.1 deraadt 1164: log("Failed to add the host to the list of known hosts (%.500s).",
1165: options->user_hostfile);
1166: else
1167: log("Warning: Permanently added host '%.200s' to the list of known hosts.", host);
1168: break;
1169: case HOST_CHANGED:
1170: /* The host key has changed. */
1171: error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
1172: error("@ WARNING: HOST IDENTIFICATION HAS CHANGED! @");
1173: error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
1174: error("IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!");
1175: error("Someone could be eavesdropping on you right now (man-in-the-middle attack)!");
1176: error("It is also possible that the host key has just been changed.");
1177: error("Please contact your system administrator.");
1178: error("Add correct host key in %.100s to get rid of this message.",
1179: options->user_hostfile);
1180:
1181: /* If strict host key checking is in use, the user will have to edit
1182: the key manually and we can only abort. */
1183: if (options->strict_host_key_checking)
1184: fatal("Host key for %.200s has changed and you have requested strict checking.", host);
1185:
1186: /* If strict host key checking has not been requested, allow the
1187: connection but without password authentication. */
1188: error("Password authentication is disabled to avoid trojan horses.");
1189: options->password_authentication = 0;
1190: /* XXX Should permit the user to change to use the new id. This could
1191: be done by converting the host key to an identifying sentence, tell
1192: that the host identifies itself by that sentence, and ask the user
1193: if he/she whishes to accept the authentication. */
1194: break;
1195: }
1196:
1197: /* Generate a session key. */
1.3 provos 1198: arc4random_stir();
1.1 deraadt 1199:
1200: /* Generate an encryption key for the session. The key is a 256 bit
1201: random number, interpreted as a 32-byte key, with the least significant
1202: 8 bits being the first byte of the key. */
1.3 provos 1203: for (i = 0; i < 32; i++) {
1204: if (i % 4 == 0)
1205: rand = arc4random();
1206: session_key[i] = rand & 0xff;
1207: rand >>= 8;
1208: }
1.1 deraadt 1209:
1210: /* According to the protocol spec, the first byte of the session key is
1211: the highest byte of the integer. The session key is xored with the
1212: first 16 bytes of the session id. */
1.3 provos 1213: key = BN_new();
1214: BN_set_word(key, 0);
1.1 deraadt 1215: for (i = 0; i < SSH_SESSION_KEY_LENGTH; i++)
1216: {
1.3 provos 1217: BN_lshift(key, key, 8);
1.1 deraadt 1218: if (i < 16)
1.3 provos 1219: BN_add_word(key, session_key[i] ^ session_id[i]);
1.1 deraadt 1220: else
1.3 provos 1221: BN_add_word(key, session_key[i]);
1.1 deraadt 1222: }
1223:
1224: /* Encrypt the integer using the public key and host key of the server
1225: (key with smaller modulus first). */
1.3 provos 1226: if (BN_cmp(public_key->n, host_key->n) < 0)
1.1 deraadt 1227: {
1228: /* Public key has smaller modulus. */
1.3 provos 1229: assert(BN_num_bits(host_key->n) >=
1230: BN_num_bits(public_key->n) + SSH_KEY_BITS_RESERVED);
1.1 deraadt 1231:
1.3 provos 1232: rsa_public_encrypt(key, key, public_key);
1233: rsa_public_encrypt(key, key, host_key);
1.1 deraadt 1234: }
1235: else
1236: {
1237: /* Host key has smaller modulus (or they are equal). */
1.3 provos 1238: assert(BN_num_bits(public_key->n) >=
1239: BN_num_bits(host_key->n) + SSH_KEY_BITS_RESERVED);
1.1 deraadt 1240:
1.3 provos 1241: rsa_public_encrypt(key, key, host_key);
1242: rsa_public_encrypt(key, key, public_key);
1.1 deraadt 1243: }
1244:
1.3 provos 1245: if (options->cipher == SSH_CIPHER_NOT_SET) {
1.1 deraadt 1246: if (cipher_mask() & supported_ciphers & (1 << ssh_cipher_default))
1247: options->cipher = ssh_cipher_default;
1.3 provos 1248: else {
1249: debug("Cipher %d not supported, using %.100s instead.",
1250: cipher_name(ssh_cipher_default),
1251: cipher_name(SSH_FALLBACK_CIPHER));
1252: options->cipher = SSH_FALLBACK_CIPHER;
1253: }
1254: }
1.1 deraadt 1255:
1256: /* Check that the selected cipher is supported. */
1257: if (!(supported_ciphers & (1 << options->cipher)))
1258: fatal("Selected cipher type %.100s not supported by server.",
1259: cipher_name(options->cipher));
1260:
1261: debug("Encryption type: %.100s", cipher_name(options->cipher));
1262:
1263: /* Send the encrypted session key to the server. */
1264: packet_start(SSH_CMSG_SESSION_KEY);
1265: packet_put_char(options->cipher);
1266:
1267: /* Send the check bytes back to the server. */
1268: for (i = 0; i < 8; i++)
1269: packet_put_char(check_bytes[i]);
1270:
1271: /* Send the encrypted encryption key. */
1.3 provos 1272: packet_put_bignum(key);
1.1 deraadt 1273:
1274: /* Send protocol flags. */
1275: packet_put_int(SSH_PROTOFLAG_SCREEN_NUMBER | SSH_PROTOFLAG_HOST_IN_FWD_OPEN);
1276:
1277: /* Send the packet now. */
1278: packet_send();
1279: packet_write_wait();
1280:
1281: /* Destroy the session key integer and the public keys since we no longer
1282: need them. */
1.3 provos 1283: BN_clear_free(key);
1284: RSA_free(public_key);
1285: RSA_free(host_key);
1.1 deraadt 1286:
1287: debug("Sent encrypted session key.");
1288:
1289: /* Set the encryption key. */
1290: packet_set_encryption_key(session_key, SSH_SESSION_KEY_LENGTH,
1291: options->cipher, 1);
1292:
1293: /* We will no longer need the session key here. Destroy any extra copies. */
1294: memset(session_key, 0, sizeof(session_key));
1295:
1296: /* Expect a success message from the server. Note that this message will
1297: be received in encrypted form. */
1298: packet_read_expect(&payload_len, SSH_SMSG_SUCCESS);
1299:
1300: debug("Received encrypted confirmation.");
1301:
1302: /* Send the name of the user to log in as on the server. */
1303: packet_start(SSH_CMSG_USER);
1304: packet_put_string(server_user, strlen(server_user));
1305: packet_send();
1306: packet_write_wait();
1307:
1308: /* The server should respond with success if no authentication is needed
1309: (the user has no password). Otherwise the server responds with
1310: failure. */
1311: type = packet_read(&payload_len);
1312: if (type == SSH_SMSG_SUCCESS)
1313: return; /* Connection was accepted without authentication. */
1314: if (type != SSH_SMSG_FAILURE)
1315: packet_disconnect("Protocol error: got %d in response to SSH_CMSG_USER",
1316: type);
1317:
1318: #ifdef KERBEROS_TGT_PASSING
1319: /* Try Kerberos tgt passing if the server supports it. */
1320: if ((supported_authentications & (1 << SSH_PASS_KERBEROS_TGT)) &&
1321: options->kerberos_tgt_passing) {
1322: if (options->cipher == SSH_CIPHER_NONE)
1323: log("WARNING: Encryption is disabled! Ticket will be transmitted in the clear!");
1324: (void)send_kerberos_tgt();
1325: }
1326: #endif /* KERBEROS_TGT_PASSING */
1327:
1328: #ifdef AFS
1329: /* Try AFS token passing if the server supports it. */
1330: if ((supported_authentications & (1 << SSH_PASS_AFS_TOKEN)) &&
1331: options->afs_token_passing && k_hasafs()) {
1332: if (options->cipher == SSH_CIPHER_NONE)
1333: log("WARNING: Encryption is disabled! Token will be transmitted in the clear!");
1334: send_afs_tokens();
1335: }
1336: #endif /* AFS */
1337:
1338: #if defined(KRB4)
1339: if ((supported_authentications & (1 << SSH_AUTH_KERBEROS)) &&
1340: options->kerberos_authentication)
1341: {
1342: if (try_kerberos_authentication()) {
1343: /* The server should respond with success or failure. */
1344: type = packet_read(&payload_len);
1345: if (type == SSH_SMSG_SUCCESS)
1346: return; /* Successful connection. */
1347: if (type != SSH_SMSG_FAILURE)
1348: packet_disconnect("Protocol error: got %d in response to Kerberos auth", type);
1349: }
1350: }
1351: #endif /* KRB4 */
1352:
1353: /* Use rhosts authentication if running in privileged socket and we do not
1354: wish to remain anonymous. */
1355: if ((supported_authentications & (1 << SSH_AUTH_RHOSTS)) &&
1356: options->rhosts_authentication)
1357: {
1358: debug("Trying rhosts authentication.");
1359: packet_start(SSH_CMSG_AUTH_RHOSTS);
1360: packet_put_string(local_user, strlen(local_user));
1361: packet_send();
1362: packet_write_wait();
1363:
1364: /* The server should respond with success or failure. */
1365: type = packet_read(&payload_len);
1366: if (type == SSH_SMSG_SUCCESS)
1367: return; /* Successful connection. */
1368: if (type != SSH_SMSG_FAILURE)
1369: packet_disconnect("Protocol error: got %d in response to rhosts auth",
1370: type);
1371: }
1372:
1373: /* Try .rhosts or /etc/hosts.equiv authentication with RSA host
1374: authentication. */
1375: if ((supported_authentications & (1 << SSH_AUTH_RHOSTS_RSA)) &&
1376: options->rhosts_rsa_authentication && host_key_valid)
1377: {
1378: if (try_rhosts_rsa_authentication(local_user, own_host_key))
1379: return; /* Successful authentication. */
1380: }
1381:
1382: /* Try RSA authentication if the server supports it. */
1383: if ((supported_authentications & (1 << SSH_AUTH_RSA)) &&
1384: options->rsa_authentication)
1385: {
1386: /* Try RSA authentication using the authentication agent. The agent
1387: is tried first because no passphrase is needed for it, whereas
1388: identity files may require passphrases. */
1389: if (try_agent_authentication())
1390: return; /* Successful connection. */
1391:
1392: /* Try RSA authentication for each identity. */
1393: for (i = 0; i < options->num_identity_files; i++)
1394: if (try_rsa_authentication(pw, options->identity_files[i],
1395: !options->batch_mode))
1396: return; /* Successful connection. */
1397: }
1398:
1399: /* Try password authentication if the server supports it. */
1400: if ((supported_authentications & (1 << SSH_AUTH_PASSWORD)) &&
1401: options->password_authentication && !options->batch_mode)
1402: {
1.4 ! provos 1403: char prompt[80];
! 1404: snprintf(prompt, sizeof(prompt), "%.30s@%.30s's password: ",
! 1405: server_user, host);
1.1 deraadt 1406: debug("Doing password authentication.");
1407: if (options->cipher == SSH_CIPHER_NONE)
1408: log("WARNING: Encryption is disabled! Password will be transmitted in clear text.");
1.4 ! provos 1409: password = read_passphrase(prompt, 0);
1.1 deraadt 1410: packet_start(SSH_CMSG_AUTH_PASSWORD);
1411: packet_put_string(password, strlen(password));
1412: memset(password, 0, strlen(password));
1413: xfree(password);
1414: packet_send();
1415: packet_write_wait();
1416:
1417: type = packet_read(&payload_len);
1418: if (type == SSH_SMSG_SUCCESS)
1419: return; /* Successful connection. */
1420: if (type != SSH_SMSG_FAILURE)
1421: packet_disconnect("Protocol error: got %d in response to passwd auth",
1422: type);
1423: }
1424:
1425: /* All authentication methods have failed. Exit with an error message. */
1426: fatal("Permission denied.");
1427: /*NOTREACHED*/
1428: }