version 1.196, 2013/05/16 02:00:34 |
version 1.197, 2013/05/17 00:13:14 |
|
|
if (*first != '\0') |
if (*first != '\0') |
debug3("%s: prefer hostkeyalgs: %s", __func__, first); |
debug3("%s: prefer hostkeyalgs: %s", __func__, first); |
|
|
xfree(first); |
free(first); |
xfree(last); |
free(last); |
xfree(hostname); |
free(hostname); |
xfree(oavail); |
free(oavail); |
free_hostkeys(hostkeys); |
free_hostkeys(hostkeys); |
|
|
return ret; |
return ret; |
|
|
if (packet_remaining() > 0) { |
if (packet_remaining() > 0) { |
char *reply = packet_get_string(NULL); |
char *reply = packet_get_string(NULL); |
debug2("service_accept: %s", reply); |
debug2("service_accept: %s", reply); |
xfree(reply); |
free(reply); |
} else { |
} else { |
debug2("buggy server: service_accept w/o service"); |
debug2("buggy server: service_accept w/o service"); |
} |
} |
|
|
if (authctxt->method != NULL && authctxt->method->cleanup != NULL) |
if (authctxt->method != NULL && authctxt->method->cleanup != NULL) |
authctxt->method->cleanup(authctxt); |
authctxt->method->cleanup(authctxt); |
|
|
if (authctxt->methoddata) { |
free(authctxt->methoddata); |
xfree(authctxt->methoddata); |
authctxt->methoddata = NULL; |
authctxt->methoddata = NULL; |
|
} |
|
if (authlist == NULL) { |
if (authlist == NULL) { |
authlist = authctxt->authlist; |
authlist = authctxt->authlist; |
} else { |
} else { |
if (authctxt->authlist) |
free(authctxt->authlist); |
xfree(authctxt->authlist); |
|
authctxt->authlist = authlist; |
authctxt->authlist = authlist; |
} |
} |
for (;;) { |
for (;;) { |
|
|
msg = xmalloc(len * 4 + 1); /* max expansion from strnvis() */ |
msg = xmalloc(len * 4 + 1); /* max expansion from strnvis() */ |
strnvis(msg, raw, len * 4 + 1, VIS_SAFE|VIS_OCTAL|VIS_NOSLASH); |
strnvis(msg, raw, len * 4 + 1, VIS_SAFE|VIS_OCTAL|VIS_NOSLASH); |
fprintf(stderr, "%s", msg); |
fprintf(stderr, "%s", msg); |
xfree(msg); |
free(msg); |
} |
} |
xfree(raw); |
free(raw); |
xfree(lang); |
free(lang); |
} |
} |
|
|
/* ARGSUSED */ |
/* ARGSUSED */ |
|
|
|
|
if (authctxt == NULL) |
if (authctxt == NULL) |
fatal("input_userauth_success: no authentication context"); |
fatal("input_userauth_success: no authentication context"); |
if (authctxt->authlist) { |
free(authctxt->authlist); |
xfree(authctxt->authlist); |
authctxt->authlist = NULL; |
authctxt->authlist = NULL; |
|
} |
|
if (authctxt->method != NULL && authctxt->method->cleanup != NULL) |
if (authctxt->method != NULL && authctxt->method->cleanup != NULL) |
authctxt->method->cleanup(authctxt); |
authctxt->method->cleanup(authctxt); |
if (authctxt->methoddata) { |
free(authctxt->methoddata); |
xfree(authctxt->methoddata); |
authctxt->methoddata = NULL; |
authctxt->methoddata = NULL; |
|
} |
|
authctxt->success = 1; /* break out */ |
authctxt->success = 1; /* break out */ |
} |
} |
|
|
|
|
} |
} |
fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); |
fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); |
debug2("input_userauth_pk_ok: fp %s", fp); |
debug2("input_userauth_pk_ok: fp %s", fp); |
xfree(fp); |
free(fp); |
|
|
/* |
/* |
* search keys in the reverse order, because last candidate has been |
* search keys in the reverse order, because last candidate has been |
|
|
done: |
done: |
if (key != NULL) |
if (key != NULL) |
key_free(key); |
key_free(key); |
xfree(pkalg); |
free(pkalg); |
xfree(pkblob); |
free(pkblob); |
|
|
/* try another method if we did not send a packet */ |
/* try another method if we did not send a packet */ |
if (sent == 0) |
if (sent == 0) |
|
|
if (oidlen <= 2 || |
if (oidlen <= 2 || |
oidv[0] != SSH_GSS_OIDTYPE || |
oidv[0] != SSH_GSS_OIDTYPE || |
oidv[1] != oidlen - 2) { |
oidv[1] != oidlen - 2) { |
xfree(oidv); |
free(oidv); |
debug("Badly encoded mechanism OID received"); |
debug("Badly encoded mechanism OID received"); |
userauth(authctxt, NULL); |
userauth(authctxt, NULL); |
return; |
return; |
|
|
|
|
packet_check_eom(); |
packet_check_eom(); |
|
|
xfree(oidv); |
free(oidv); |
|
|
if (GSS_ERROR(process_gssapi_token(ctxt, GSS_C_NO_BUFFER))) { |
if (GSS_ERROR(process_gssapi_token(ctxt, GSS_C_NO_BUFFER))) { |
/* Start again with next method on list */ |
/* Start again with next method on list */ |
|
|
|
|
status = process_gssapi_token(ctxt, &recv_tok); |
status = process_gssapi_token(ctxt, &recv_tok); |
|
|
xfree(recv_tok.value); |
free(recv_tok.value); |
|
|
if (GSS_ERROR(status)) { |
if (GSS_ERROR(status)) { |
/* Start again with the next method in the list */ |
/* Start again with the next method in the list */ |
|
|
(void)ssh_gssapi_init_ctx(gssctxt, options.gss_deleg_creds, |
(void)ssh_gssapi_init_ctx(gssctxt, options.gss_deleg_creds, |
&recv_tok, &send_tok, NULL); |
&recv_tok, &send_tok, NULL); |
|
|
xfree(recv_tok.value); |
free(recv_tok.value); |
gss_release_buffer(&ms, &send_tok); |
gss_release_buffer(&ms, &send_tok); |
|
|
/* Server will be returning a failed packet after this one */ |
/* Server will be returning a failed packet after this one */ |
|
|
packet_check_eom(); |
packet_check_eom(); |
|
|
debug("Server GSSAPI Error:\n%s", msg); |
debug("Server GSSAPI Error:\n%s", msg); |
xfree(msg); |
free(msg); |
xfree(lang); |
free(lang); |
} |
} |
#endif /* GSSAPI */ |
#endif /* GSSAPI */ |
|
|
|
|
packet_put_char(0); |
packet_put_char(0); |
packet_put_cstring(password); |
packet_put_cstring(password); |
memset(password, 0, strlen(password)); |
memset(password, 0, strlen(password)); |
xfree(password); |
free(password); |
packet_add_padding(64); |
packet_add_padding(64); |
packet_send(); |
packet_send(); |
|
|
|
|
lang = packet_get_string(NULL); |
lang = packet_get_string(NULL); |
if (strlen(info) > 0) |
if (strlen(info) > 0) |
logit("%s", info); |
logit("%s", info); |
xfree(info); |
free(info); |
xfree(lang); |
free(lang); |
packet_start(SSH2_MSG_USERAUTH_REQUEST); |
packet_start(SSH2_MSG_USERAUTH_REQUEST); |
packet_put_cstring(authctxt->server_user); |
packet_put_cstring(authctxt->server_user); |
packet_put_cstring(authctxt->service); |
packet_put_cstring(authctxt->service); |
|
|
password = read_passphrase(prompt, 0); |
password = read_passphrase(prompt, 0); |
packet_put_cstring(password); |
packet_put_cstring(password); |
memset(password, 0, strlen(password)); |
memset(password, 0, strlen(password)); |
xfree(password); |
free(password); |
password = NULL; |
password = NULL; |
while (password == NULL) { |
while (password == NULL) { |
snprintf(prompt, sizeof(prompt), |
snprintf(prompt, sizeof(prompt), |
|
|
retype = read_passphrase(prompt, 0); |
retype = read_passphrase(prompt, 0); |
if (strcmp(password, retype) != 0) { |
if (strcmp(password, retype) != 0) { |
memset(password, 0, strlen(password)); |
memset(password, 0, strlen(password)); |
xfree(password); |
free(password); |
logit("Mismatch; try again, EOF to quit."); |
logit("Mismatch; try again, EOF to quit."); |
password = NULL; |
password = NULL; |
} |
} |
memset(retype, 0, strlen(retype)); |
memset(retype, 0, strlen(retype)); |
xfree(retype); |
free(retype); |
} |
} |
packet_put_cstring(password); |
packet_put_cstring(password); |
memset(password, 0, strlen(password)); |
memset(password, 0, strlen(password)); |
xfree(password); |
free(password); |
packet_add_padding(64); |
packet_add_padding(64); |
packet_send(); |
packet_send(); |
|
|
|
|
|
|
bzero(password, strlen(password)); |
bzero(password, strlen(password)); |
bzero(crypted, strlen(crypted)); |
bzero(crypted, strlen(crypted)); |
xfree(password); |
free(password); |
xfree(crypted); |
free(crypted); |
|
|
if ((ret = BN_bin2bn(secret, secret_len, NULL)) == NULL) |
if ((ret = BN_bin2bn(secret, secret_len, NULL)) == NULL) |
fatal("%s: BN_bin2bn (secret)", __func__); |
fatal("%s: BN_bin2bn (secret)", __func__); |
bzero(secret, secret_len); |
bzero(secret, secret_len); |
xfree(secret); |
free(secret); |
|
|
return ret; |
return ret; |
} |
} |
|
|
pctx->s = jpake_password_to_secret(authctxt, crypt_scheme, salt); |
pctx->s = jpake_password_to_secret(authctxt, crypt_scheme, salt); |
bzero(crypt_scheme, strlen(crypt_scheme)); |
bzero(crypt_scheme, strlen(crypt_scheme)); |
bzero(salt, strlen(salt)); |
bzero(salt, strlen(salt)); |
xfree(crypt_scheme); |
free(crypt_scheme); |
xfree(salt); |
free(salt); |
JPAKE_DEBUG_BN((pctx->s, "%s: s = ", __func__)); |
JPAKE_DEBUG_BN((pctx->s, "%s: s = ", __func__)); |
|
|
/* Calculate step 2 values */ |
/* Calculate step 2 values */ |
|
|
|
|
bzero(x3_proof, x3_proof_len); |
bzero(x3_proof, x3_proof_len); |
bzero(x4_proof, x4_proof_len); |
bzero(x4_proof, x4_proof_len); |
xfree(x3_proof); |
free(x3_proof); |
xfree(x4_proof); |
free(x4_proof); |
|
|
JPAKE_DEBUG_CTX((pctx, "step 2 sending in %s", __func__)); |
JPAKE_DEBUG_CTX((pctx, "step 2 sending in %s", __func__)); |
|
|
|
|
packet_send(); |
packet_send(); |
|
|
bzero(x2_s_proof, x2_s_proof_len); |
bzero(x2_s_proof, x2_s_proof_len); |
xfree(x2_s_proof); |
free(x2_s_proof); |
|
|
/* Expect step 2 packet from peer */ |
/* Expect step 2 packet from peer */ |
dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_STEP2, |
dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_STEP2, |
|
|
&pctx->h_k_cid_sessid, &pctx->h_k_cid_sessid_len); |
&pctx->h_k_cid_sessid, &pctx->h_k_cid_sessid_len); |
|
|
bzero(x4_s_proof, x4_s_proof_len); |
bzero(x4_s_proof, x4_s_proof_len); |
xfree(x4_s_proof); |
free(x4_s_proof); |
|
|
JPAKE_DEBUG_CTX((pctx, "confirm sending in %s", __func__)); |
JPAKE_DEBUG_CTX((pctx, "confirm sending in %s", __func__)); |
|
|
|
|
|
|
fp = key_fingerprint(id->key, SSH_FP_MD5, SSH_FP_HEX); |
fp = key_fingerprint(id->key, SSH_FP_MD5, SSH_FP_HEX); |
debug3("sign_and_send_pubkey: %s %s", key_type(id->key), fp); |
debug3("sign_and_send_pubkey: %s %s", key_type(id->key), fp); |
xfree(fp); |
free(fp); |
|
|
if (key_to_blob(id->key, &blob, &bloblen) == 0) { |
if (key_to_blob(id->key, &blob, &bloblen) == 0) { |
/* we cannot handle this key */ |
/* we cannot handle this key */ |
|
|
ret = identity_sign(id, &signature, &slen, |
ret = identity_sign(id, &signature, &slen, |
buffer_ptr(&b), buffer_len(&b)); |
buffer_ptr(&b), buffer_len(&b)); |
if (ret == -1) { |
if (ret == -1) { |
xfree(blob); |
free(blob); |
buffer_free(&b); |
buffer_free(&b); |
return 0; |
return 0; |
} |
} |
|
|
buffer_put_cstring(&b, key_ssh_name(id->key)); |
buffer_put_cstring(&b, key_ssh_name(id->key)); |
buffer_put_string(&b, blob, bloblen); |
buffer_put_string(&b, blob, bloblen); |
} |
} |
xfree(blob); |
free(blob); |
|
|
/* append signature */ |
/* append signature */ |
buffer_put_string(&b, signature, slen); |
buffer_put_string(&b, signature, slen); |
xfree(signature); |
free(signature); |
|
|
/* skip session id and packet type */ |
/* skip session id and packet type */ |
if (buffer_len(&b) < skip + 1) |
if (buffer_len(&b) < skip + 1) |
|
|
if (!(datafellows & SSH_BUG_PKAUTH)) |
if (!(datafellows & SSH_BUG_PKAUTH)) |
packet_put_cstring(key_ssh_name(id->key)); |
packet_put_cstring(key_ssh_name(id->key)); |
packet_put_string(blob, bloblen); |
packet_put_string(blob, bloblen); |
xfree(blob); |
free(blob); |
packet_send(); |
packet_send(); |
return 1; |
return 1; |
} |
} |
|
|
quit = 1; |
quit = 1; |
} |
} |
memset(passphrase, 0, strlen(passphrase)); |
memset(passphrase, 0, strlen(passphrase)); |
xfree(passphrase); |
free(passphrase); |
if (private != NULL || quit) |
if (private != NULL || quit) |
break; |
break; |
debug2("bad passphrase given, try again..."); |
debug2("bad passphrase given, try again..."); |
|
|
/* agent keys from the config file are preferred */ |
/* agent keys from the config file are preferred */ |
if (key_equal(key, id->key)) { |
if (key_equal(key, id->key)) { |
key_free(key); |
key_free(key); |
xfree(comment); |
free(comment); |
TAILQ_REMOVE(&files, id, next); |
TAILQ_REMOVE(&files, id, next); |
TAILQ_INSERT_TAIL(preferred, id, next); |
TAILQ_INSERT_TAIL(preferred, id, next); |
id->ac = ac; |
id->ac = ac; |
|
|
TAILQ_REMOVE(&authctxt->keys, id, next); |
TAILQ_REMOVE(&authctxt->keys, id, next); |
if (id->key) |
if (id->key) |
key_free(id->key); |
key_free(id->key); |
if (id->filename) |
free(id->filename); |
xfree(id->filename); |
free(id); |
xfree(id); |
|
} |
} |
} |
} |
|
|
|
|
logit("%s", name); |
logit("%s", name); |
if (strlen(inst) > 0) |
if (strlen(inst) > 0) |
logit("%s", inst); |
logit("%s", inst); |
xfree(name); |
free(name); |
xfree(inst); |
free(inst); |
xfree(lang); |
free(lang); |
|
|
num_prompts = packet_get_int(); |
num_prompts = packet_get_int(); |
/* |
/* |
|
|
|
|
packet_put_cstring(response); |
packet_put_cstring(response); |
memset(response, 0, strlen(response)); |
memset(response, 0, strlen(response)); |
xfree(response); |
free(response); |
xfree(prompt); |
free(prompt); |
} |
} |
packet_check_eom(); /* done with parsing incoming message. */ |
packet_check_eom(); /* done with parsing incoming message. */ |
|
|
|
|
if (p == NULL) { |
if (p == NULL) { |
error("userauth_hostbased: cannot get local ipaddr/name"); |
error("userauth_hostbased: cannot get local ipaddr/name"); |
key_free(private); |
key_free(private); |
xfree(blob); |
free(blob); |
return 0; |
return 0; |
} |
} |
xasprintf(&chost, "%s.", p); |
xasprintf(&chost, "%s.", p); |
debug2("userauth_hostbased: chost %s", chost); |
debug2("userauth_hostbased: chost %s", chost); |
xfree(p); |
free(p); |
|
|
service = datafellows & SSH_BUG_HBSERVICE ? "ssh-userauth" : |
service = datafellows & SSH_BUG_HBSERVICE ? "ssh-userauth" : |
authctxt->service; |
authctxt->service; |
|
|
buffer_free(&b); |
buffer_free(&b); |
if (ok != 0) { |
if (ok != 0) { |
error("key_sign failed"); |
error("key_sign failed"); |
xfree(chost); |
free(chost); |
xfree(pkalg); |
free(pkalg); |
xfree(blob); |
free(blob); |
return 0; |
return 0; |
} |
} |
packet_start(SSH2_MSG_USERAUTH_REQUEST); |
packet_start(SSH2_MSG_USERAUTH_REQUEST); |
|
|
packet_put_cstring(authctxt->local_user); |
packet_put_cstring(authctxt->local_user); |
packet_put_string(signature, slen); |
packet_put_string(signature, slen); |
memset(signature, 's', slen); |
memset(signature, 's', slen); |
xfree(signature); |
free(signature); |
xfree(chost); |
free(chost); |
xfree(pkalg); |
free(pkalg); |
xfree(blob); |
free(blob); |
|
|
packet_send(); |
packet_send(); |
return 1; |
return 1; |
|
|
|
|
bzero(x1_proof, x1_proof_len); |
bzero(x1_proof, x1_proof_len); |
bzero(x2_proof, x2_proof_len); |
bzero(x2_proof, x2_proof_len); |
xfree(x1_proof); |
free(x1_proof); |
xfree(x2_proof); |
free(x2_proof); |
|
|
/* Expect step 1 packet from peer */ |
/* Expect step 1 packet from peer */ |
dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_STEP1, |
dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_STEP1, |
|
|
|
|
if (supported == NULL || strcmp(authlist, supported) != 0) { |
if (supported == NULL || strcmp(authlist, supported) != 0) { |
debug3("start over, passed a different list %s", authlist); |
debug3("start over, passed a different list %s", authlist); |
if (supported != NULL) |
free(supported); |
xfree(supported); |
|
supported = xstrdup(authlist); |
supported = xstrdup(authlist); |
preferred = options.preferred_authentications; |
preferred = options.preferred_authentications; |
debug3("preferred %s", preferred); |
debug3("preferred %s", preferred); |
|
|
authmethod_is_enabled(current)) { |
authmethod_is_enabled(current)) { |
debug3("authmethod_is_enabled %s", name); |
debug3("authmethod_is_enabled %s", name); |
debug("Next authentication method: %s", name); |
debug("Next authentication method: %s", name); |
xfree(name); |
free(name); |
return current; |
return current; |
} |
} |
} |
} |