version 1.67, 2001/04/05 10:42:56 |
version 1.68, 2001/04/12 19:15:25 |
|
|
#include "readpass.h" |
#include "readpass.h" |
#include "match.h" |
#include "match.h" |
#include "dispatch.h" |
#include "dispatch.h" |
|
#include "canohost.h" |
|
|
/* import */ |
/* import */ |
extern char *client_version_string; |
extern char *client_version_string; |
|
|
|
|
struct Authctxt { |
struct Authctxt { |
const char *server_user; |
const char *server_user; |
|
const char *local_user; |
const char *host; |
const char *host; |
const char *service; |
const char *service; |
AuthenticationConnection *agent; |
|
Authmethod *method; |
Authmethod *method; |
int success; |
int success; |
char *authlist; |
char *authlist; |
|
/* pubkey */ |
Key *last_key; |
Key *last_key; |
sign_cb_fn *last_key_sign; |
sign_cb_fn *last_key_sign; |
int last_key_hint; |
int last_key_hint; |
|
AuthenticationConnection *agent; |
|
/* hostbased */ |
|
Key **keys; |
|
int nkeys; |
}; |
}; |
struct Authmethod { |
struct Authmethod { |
char *name; /* string to compare against server's list */ |
char *name; /* string to compare against server's list */ |
|
|
int userauth_pubkey(Authctxt *authctxt); |
int userauth_pubkey(Authctxt *authctxt); |
int userauth_passwd(Authctxt *authctxt); |
int userauth_passwd(Authctxt *authctxt); |
int userauth_kbdint(Authctxt *authctxt); |
int userauth_kbdint(Authctxt *authctxt); |
|
int userauth_hostbased(Authctxt *authctxt); |
|
|
void userauth(Authctxt *authctxt, char *authlist); |
void userauth(Authctxt *authctxt, char *authlist); |
|
|
|
|
userauth_kbdint, |
userauth_kbdint, |
&options.kbd_interactive_authentication, |
&options.kbd_interactive_authentication, |
&options.batch_mode}, |
&options.batch_mode}, |
|
{"hostbased", |
|
userauth_hostbased, |
|
&options.hostbased_authentication, |
|
NULL}, |
{"none", |
{"none", |
userauth_none, |
userauth_none, |
NULL, |
NULL, |
|
|
}; |
}; |
|
|
void |
void |
ssh_userauth2(const char *server_user, char *host) |
ssh_userauth2(const char *local_user, const char *server_user, char *host, |
|
Key **keys, int nkeys) |
{ |
{ |
Authctxt authctxt; |
Authctxt authctxt; |
int type; |
int type; |
|
|
/* setup authentication context */ |
/* setup authentication context */ |
authctxt.agent = ssh_get_authentication_connection(); |
authctxt.agent = ssh_get_authentication_connection(); |
authctxt.server_user = server_user; |
authctxt.server_user = server_user; |
|
authctxt.local_user = local_user; |
authctxt.host = host; |
authctxt.host = host; |
authctxt.service = "ssh-connection"; /* service name */ |
authctxt.service = "ssh-connection"; /* service name */ |
authctxt.success = 0; |
authctxt.success = 0; |
authctxt.method = authmethod_lookup("none"); |
authctxt.method = authmethod_lookup("none"); |
authctxt.authlist = NULL; |
authctxt.authlist = NULL; |
|
authctxt.keys = keys; |
|
authctxt.nkeys = nkeys; |
if (authctxt.method == NULL) |
if (authctxt.method == NULL) |
fatal("ssh_userauth2: internal error: cannot send userauth none request"); |
fatal("ssh_userauth2: internal error: cannot send userauth none request"); |
|
|
|
|
|
|
packet_inject_ignore(64); |
packet_inject_ignore(64); |
packet_send(); |
packet_send(); |
|
} |
|
|
|
/* |
|
* this will be move to an external program (ssh-keysign) ASAP. ssh-keysign |
|
* will be setuid-root and the sbit can be removed from /usr/bin/ssh. |
|
*/ |
|
int |
|
userauth_hostbased(Authctxt *authctxt) |
|
{ |
|
Key *private = NULL; |
|
Buffer b; |
|
u_char *signature, *blob; |
|
char *chost, *pkalg, *p; |
|
u_int blen, slen; |
|
int ok, i, found = 0; |
|
|
|
p = get_local_name(packet_get_connection_in()); |
|
if (p == NULL) { |
|
error("userauth_hostbased: cannot get local ipaddr/name"); |
|
return 0; |
|
} |
|
chost = xstrdup(p); |
|
debug2("userauth_hostbased: chost %s", chost); |
|
/* check for a useful key */ |
|
for (i = 0; i < authctxt->nkeys; i++) { |
|
private = authctxt->keys[i]; |
|
if (private && private->type != KEY_RSA1) { |
|
found = 1; |
|
/* we take and free the key */ |
|
authctxt->keys[i] = NULL; |
|
break; |
|
} |
|
} |
|
if (!found) { |
|
xfree(chost); |
|
return 0; |
|
} |
|
if (key_to_blob(private, &blob, &blen) == 0) { |
|
key_free(private); |
|
xfree(chost); |
|
return 0; |
|
} |
|
pkalg = xstrdup(key_ssh_name(private)); |
|
buffer_init(&b); |
|
if (datafellows & SSH_OLD_SESSIONID) { |
|
buffer_append(&b, session_id2, session_id2_len); |
|
} else { |
|
buffer_put_string(&b, session_id2, session_id2_len); |
|
} |
|
/* construct data */ |
|
buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST); |
|
buffer_put_cstring(&b, authctxt->server_user); |
|
buffer_put_cstring(&b, |
|
datafellows & SSH_BUG_HBSERVICE ? |
|
"ssh-userauth" : |
|
authctxt->service); |
|
buffer_put_cstring(&b, authctxt->method->name); |
|
buffer_put_cstring(&b, pkalg); |
|
buffer_put_string(&b, blob, blen); |
|
buffer_put_cstring(&b, chost); |
|
buffer_put_cstring(&b, authctxt->local_user); |
|
#ifdef DEBUG_PK |
|
buffer_dump(&b); |
|
#endif |
|
debug2("xxx: chost %s", chost); |
|
ok = key_sign(private, &signature, &slen, buffer_ptr(&b), buffer_len(&b)); |
|
key_free(private); |
|
buffer_free(&b); |
|
if (ok != 0) { |
|
error("key_sign failed"); |
|
xfree(chost); |
|
xfree(pkalg); |
|
return 0; |
|
} |
|
packet_start(SSH2_MSG_USERAUTH_REQUEST); |
|
packet_put_cstring(authctxt->server_user); |
|
packet_put_cstring(authctxt->service); |
|
packet_put_cstring(authctxt->method->name); |
|
packet_put_cstring(pkalg); |
|
packet_put_string(blob, blen); |
|
packet_put_cstring(chost); |
|
packet_put_cstring(authctxt->local_user); |
|
packet_put_string(signature, slen); |
|
memset(signature, 's', slen); |
|
xfree(signature); |
|
xfree(chost); |
|
xfree(pkalg); |
|
|
|
packet_send(); |
|
return 1; |
} |
} |
|
|
/* find auth method */ |
/* find auth method */ |