src/usr.bin/ssh/sshconnect2.c - diff

Return to sshconnect2.c CVS log

Up to [local] / src / usr.bin / ssh

Diff for /src/usr.bin/ssh/sshconnect2.c between version 1.72.2.5 and 1.73

version 1.72.2.5, 2002/06/02 22:56:11

version 1.73, 2001/05/18 14:13:29

Line 25

#include "includes.h"

RCSID("$OpenBSD$");

#include <openssl/bn.h>

#include <openssl/md5.h>

#include <openssl/dh.h>

#include <openssl/hmac.h>

#include "ssh.h"

#include "ssh2.h"

#include "xmalloc.h"

#include "rsa.h"

#include "buffer.h"

#include "packet.h"

#include "uidswap.h"

#include "compat.h"

#include "bufaux.h"

#include "cipher.h"

#include "kex.h"

#include "myproposal.h"

#include "key.h"

#include "sshconnect.h"

#include "authfile.h"

#include "cli.h"

#include "dh.h"

#include "authfd.h"

#include "log.h"

Line 63

Line 72

Kex *xxx_kex = NULL;

static int

int

verify_host_key_callback(Key *hostkey)

check_host_key_callback(Key *hostkey)

{

if (verify_host_key(xxx_host, xxx_hostaddr, hostkey) == -1)

check_host_key(xxx_host, xxx_hostaddr, hostkey,

fatal("Host key verification failed.");

options.user_hostfile2, options.system_hostfile2);

return 0;

}

Line 103

Line 112

myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;

}

if (options.hostkeyalgorithms != NULL)

myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =

options.hostkeyalgorithms;

/* start key exchange */

kex = kex_setup(myproposal);

kex->client_version_string=client_version_string;

kex->server_version_string=server_version_string;

kex->verify_host_key=&verify_host_key_callback;

kex->check_host_key=&check_host_key_callback;

xxx_kex = kex;

Line 138

Line 147

typedef int sign_cb_fn(

Authctxt *authctxt, Key *key,

u_char **sigp, u_int *lenp, u_char *data, u_int datalen);

u_char **sigp, int *lenp, u_char *data, int datalen);

struct Authctxt {

const char *server_user;

Line 156

Line 165

/* hostbased */

Key **keys;

int nkeys;

/* kbd-interactive */

int info_req_seen;

};

struct Authmethod {

char *name; /* string to compare against server's list */

Line 166

Line 173

int *batch_flag; /* flag in option struct that disables method */

};

void input_userauth_success(int, u_int32_t, void *);

void input_userauth_success(int type, int plen, void *ctxt);

void input_userauth_failure(int, u_int32_t, void *);

void input_userauth_failure(int type, int plen, void *ctxt);

void input_userauth_banner(int, u_int32_t, void *);

void input_userauth_banner(int type, int plen, void *ctxt);

void input_userauth_error(int, u_int32_t, void *);

void input_userauth_error(int type, int plen, void *ctxt);

void input_userauth_info_req(int, u_int32_t, void *);

void input_userauth_info_req(int type, int plen, void *ctxt);

void input_userauth_pk_ok(int, u_int32_t, void *);

void input_userauth_pk_ok(int type, int plen, void *ctxt);

void input_userauth_passwd_changereq(int, u_int32_t, void *);

int userauth_none(Authctxt *);

int userauth_none(Authctxt *authctxt);

int userauth_pubkey(Authctxt *);

int userauth_pubkey(Authctxt *authctxt);

int userauth_passwd(Authctxt *);

int userauth_passwd(Authctxt *authctxt);

int userauth_kbdint(Authctxt *);

int userauth_kbdint(Authctxt *authctxt);

int userauth_hostbased(Authctxt *);

int userauth_hostbased(Authctxt *authctxt);

void userauth(Authctxt *, char *);

void userauth(Authctxt *authctxt, char *authlist);

static int sign_and_send_pubkey(Authctxt *, Key *, sign_cb_fn *);

int

static void clear_auth_state(Authctxt *);

sign_and_send_pubkey(Authctxt *authctxt, Key *k,

sign_cb_fn *sign_callback);

void clear_auth_state(Authctxt *authctxt);

static Authmethod *authmethod_get(char *authlist);

Authmethod *authmethod_get(char *authlist);

static Authmethod *authmethod_lookup(const char *name);

Authmethod *authmethod_lookup(const char *name);

static char *authmethods_get(void);

char *authmethods_get(void);

Authmethod authmethods[] = {

{"hostbased",

userauth_hostbased,

&options.hostbased_authentication,

NULL},

{"publickey",

userauth_pubkey,

&options.pubkey_authentication,

NULL},

{"keyboard-interactive",

userauth_kbdint,

&options.kbd_interactive_authentication,

&options.batch_mode},

{"password",

userauth_passwd,

&options.password_authentication,

&options.batch_mode},

{"keyboard-interactive",

userauth_kbdint,

&options.kbd_interactive_authentication,

&options.batch_mode},

{"hostbased",

userauth_hostbased,

&options.hostbased_authentication,

NULL},

{"none",

userauth_none,

NULL,

Line 219

Line 227

{

Authctxt authctxt;

int type;

int plen;

if (options.challenge_response_authentication)

options.kbd_interactive_authentication = 1;

Line 228

Line 237

packet_put_cstring("ssh-userauth");

packet_send();

packet_write_wait();

type = packet_read();

type = packet_read(&plen);

if (type != SSH2_MSG_SERVICE_ACCEPT) {

fatal("denied SSH2_MSG_SERVICE_ACCEPT: %d", type);

}

if (packet_remaining() > 0) {

char *reply = packet_get_string(NULL);

char *reply = packet_get_string(&plen);

debug("service_accept: %s", reply);

xfree(reply);

} else {

debug("buggy server: service_accept w/o service");

}

packet_check_eom();

packet_done();

debug("got SSH2_MSG_SERVICE_ACCEPT");

if (options.preferred_authentications == NULL)

options.preferred_authentications = authmethods_get();

/* setup authentication context */

memset(&authctxt, 0, sizeof(authctxt));

authctxt.agent = ssh_get_authentication_connection();

authctxt.server_user = server_user;

authctxt.local_user = local_user;

Line 257

Line 265

authctxt.authlist = NULL;

authctxt.keys = keys;

authctxt.nkeys = nkeys;

authctxt.info_req_seen = 0;

if (authctxt.method == NULL)

fatal("ssh_userauth2: internal error: cannot send userauth none request");

Line 300

Line 307

}

void

input_userauth_error(int type, u_int32_t seq, void *ctxt)

input_userauth_error(int type, int plen, void *ctxt)

{

fatal("input_userauth_error: bad message during authentication: "

"type %d", type);

}

void

input_userauth_banner(int type, u_int32_t seq, void *ctxt)

input_userauth_banner(int type, int plen, void *ctxt)

{

char *msg, *lang;

debug3("input_userauth_banner");

Line 317

Line 324

xfree(lang);

}

void

input_userauth_success(int type, u_int32_t seq, void *ctxt)

input_userauth_success(int type, int plen, void *ctxt)

{

Authctxt *authctxt = ctxt;

if (authctxt == NULL)

Line 328

Line 335

authctxt->success = 1; /* break out */

}

void

input_userauth_failure(int type, u_int32_t seq, void *ctxt)

input_userauth_failure(int type, int plen, void *ctxt)

{

Authctxt *authctxt = ctxt;

char *authlist = NULL;

Line 339

Line 346

authlist = packet_get_string(NULL);

partial = packet_get_char();

packet_check_eom();

packet_done();

if (partial != 0)

log("Authenticated with partial success.");

Line 349

Line 356

userauth(authctxt, authlist);

}

void

input_userauth_pk_ok(int type, u_int32_t seq, void *ctxt)

input_userauth_pk_ok(int type, int plen, void *ctxt)

{

Authctxt *authctxt = ctxt;

Key *key = NULL;

Buffer b;

int pktype, sent = 0;

int alen, blen, sent = 0;

u_int alen, blen;

char *pkalg, *pkblob, *fp;

char *pkalg, *fp;

u_char *pkblob;

if (authctxt == NULL)

fatal("input_userauth_pk_ok: no authentication context");

Line 373

Line 378

pkalg = packet_get_string(&alen);

pkblob = packet_get_string(&blen);

}

packet_check_eom();

packet_done();

debug("input_userauth_pk_ok: pkalg %s blen %d lastkey %p hint %d",

pkalg, blen, authctxt->last_key, authctxt->last_key_hint);

Line 384

Line 389

debug("no last key or no sign cb");

break;

}

if ((pktype = key_type_from_name(pkalg)) == KEY_UNSPEC) {

if (key_type_from_name(pkalg) == KEY_UNSPEC) {

debug("unknown pkalg %s", pkalg);

break;

}

Line 392

Line 397

debug("no key from blob. pkalg %s", pkalg);

break;

}

if (key->type != pktype) {

error("input_userauth_pk_ok: type mismatch "

"for decoded key (received %d, expected %d)",

key->type, pktype);

break;

}

fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);

debug2("input_userauth_pk_ok: fp %s", fp);

xfree(fp);

Line 407

Line 406

}

sent = sign_and_send_pubkey(authctxt, key,

authctxt->last_key_sign);

} while (0);

} while(0);

if (key != NULL)

key_free(key);

Line 440

Line 439

userauth_passwd(Authctxt *authctxt)

{

static int attempt = 0;

char prompt[150];

char prompt[80];

char *password;

if (attempt++ >= options.number_of_password_prompts)

return 0;

if (attempt != 1)

if(attempt != 1)

error("Permission denied, please try again.");

snprintf(prompt, sizeof(prompt), "%.30s@%.128s's password: ",

Line 460

Line 459

packet_put_cstring(password);

memset(password, 0, strlen(password));

xfree(password);

packet_add_padding(64);

packet_inject_ignore(64);

packet_send();

dispatch_set(SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ,

&input_userauth_passwd_changereq);

return 1;

}

* parse PASSWD_CHANGEREQ, prompt user and send SSH2_MSG_USERAUTH_REQUEST

void

input_userauth_passwd_changereq(int type, uint32_t seqnr, void *ctxt)

{

Authctxt *authctxt = ctxt;

char *info, *lang, *password = NULL, *retype = NULL;

char prompt[150];

debug2("input_userauth_passwd_changereq");

void

if (authctxt == NULL)

fatal("input_userauth_passwd_changereq: "

"no authentication context");

info = packet_get_string(NULL);

lang = packet_get_string(NULL);

if (strlen(info) > 0)

log("%s", info);

xfree(info);

xfree(lang);

packet_start(SSH2_MSG_USERAUTH_REQUEST);

packet_put_cstring(authctxt->server_user);

packet_put_cstring(authctxt->service);

packet_put_cstring(authctxt->method->name);

packet_put_char(1); /* additional info */

snprintf(prompt, sizeof(prompt),

"Enter %.30s@%.128s's old password: ",

authctxt->server_user, authctxt->host);

password = read_passphrase(prompt, 0);

packet_put_cstring(password);

memset(password, 0, strlen(password));

xfree(password);

password = NULL;

while (password == NULL) {

snprintf(prompt, sizeof(prompt),

"Enter %.30s@%.128s's new password: ",

authctxt->server_user, authctxt->host);

password = read_passphrase(prompt, RP_ALLOW_EOF);

if (password == NULL) {

/* bail out */

return;

}

snprintf(prompt, sizeof(prompt),

"Retype %.30s@%.128s's new password: ",

authctxt->server_user, authctxt->host);

retype = read_passphrase(prompt, 0);

if (strcmp(password, retype) != 0) {

memset(password, 0, strlen(password));

xfree(password);

log("Mismatch; try again, EOF to quit.");

password = NULL;

}

memset(retype, 0, strlen(retype));

xfree(retype);

}

packet_put_cstring(password);

memset(password, 0, strlen(password));

xfree(password);

packet_add_padding(64);

packet_send();

dispatch_set(SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ,

&input_userauth_passwd_changereq);

}

static void

clear_auth_state(Authctxt *authctxt)

{

/* XXX clear authentication state */

dispatch_set(SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ, NULL);

if (authctxt->last_key != NULL && authctxt->last_key_hint == -1) {

debug3("clear_auth_state: key_free %p", authctxt->last_key);

key_free(authctxt->last_key);

Line 550

Line 477

authctxt->last_key_sign = NULL;

}

static int

int

sign_and_send_pubkey(Authctxt *authctxt, Key *k, sign_cb_fn *sign_callback)

{

Buffer b;

u_char *blob, *signature;

u_int bloblen, slen;

int bloblen, slen;

int skip = 0;

int ret = -1;

int have_sig = 1;

Line 635

Line 562

return 1;

}

static int

int

send_pubkey_test(Authctxt *authctxt, Key *k, sign_cb_fn *sign_callback,

int hint)

{

u_char *blob;

u_int bloblen, have_sig = 0;

int bloblen, have_sig = 0;

debug3("send_pubkey_test");

Line 668

Line 595

return 1;

}

static Key *

Key *

load_identity_file(char *filename)

{

Key *private;

Line 685

Line 612

if (options.batch_mode)

return NULL;

snprintf(prompt, sizeof prompt,

"Enter passphrase for key '%.100s': ", filename);

for (i = 0; i < options.number_of_password_prompts; i++) {

passphrase = read_passphrase(prompt, 0);

if (strcmp(passphrase, "") != 0) {

Line 706

Line 633

return private;

}

static int

int

identity_sign_cb(Authctxt *authctxt, Key *key, u_char **sigp, u_int *lenp,

identity_sign_cb(Authctxt *authctxt, Key *key, u_char **sigp, int *lenp,

u_char *data, u_int datalen)

u_char *data, int datalen)

{

Key *private;

int idx, ret;

Line 716

Line 643

idx = authctxt->last_key_hint;

if (idx < 0)

return -1;

/* private key is stored in external hardware */

if (options.identity_keys[idx]->flags & KEY_FLAG_EXT)

return key_sign(options.identity_keys[idx], sigp, lenp, data, datalen);

private = load_identity_file(options.identity_files[idx]);

if (private == NULL)

return -1;

Line 729

Line 651

return ret;

}

static int

int agent_sign_cb(Authctxt *authctxt, Key *key, u_char **sigp, int *lenp,

agent_sign_cb(Authctxt *authctxt, Key *key, u_char **sigp, u_int *lenp,

u_char *data, int datalen)

u_char *data, u_int datalen)

{

return ssh_agent_sign(authctxt->agent, key, sigp, lenp, data, datalen);

}

static int

int key_sign_cb(Authctxt *authctxt, Key *key, u_char **sigp, int *lenp,

key_sign_cb(Authctxt *authctxt, Key *key, u_char **sigp, u_int *lenp,

u_char *data, int datalen)

u_char *data, u_int datalen)

{

return key_sign(key, sigp, lenp, data, datalen);

}

static int

int

userauth_pubkey_agent(Authctxt *authctxt)

{

static int called = 0;

Line 782

Line 702

if (authctxt->agent != NULL) {

do {

sent = userauth_pubkey_agent(authctxt);

} while (!sent && authctxt->agent->howmany > 0);

} while(!sent && authctxt->agent->howmany > 0);

}

while (!sent && idx < options.num_identity_files) {

key = options.identity_keys[idx];

Line 815

Line 735

if (attempt++ >= options.number_of_password_prompts)

return 0;

/* disable if no SSH2_MSG_USERAUTH_INFO_REQUEST has been seen */

if (attempt > 1 && !authctxt->info_req_seen) {

debug3("userauth_kbdint: disable: no info_req_seen");

dispatch_set(SSH2_MSG_USERAUTH_INFO_REQUEST, NULL);

return 0;

}

debug2("userauth_kbdint");

packet_start(SSH2_MSG_USERAUTH_REQUEST);

Line 840

Line 754

* parse INFO_REQUEST, prompt user and send INFO_RESPONSE

void

input_userauth_info_req(int type, u_int32_t seq, void *ctxt)

input_userauth_info_req(int type, int plen, void *ctxt)

{

Authctxt *authctxt = ctxt;

char *name, *inst, *lang, *prompt, *response;

Line 852

Line 766

if (authctxt == NULL)

fatal("input_userauth_info_req: no authentication context");

authctxt->info_req_seen = 1;

name = packet_get_string(NULL);

inst = packet_get_string(NULL);

lang = packet_get_string(NULL);

if (strlen(name) > 0)

log("%s", name);

cli_mesg(name);

if (strlen(inst) > 0)

log("%s", inst);

cli_mesg(inst);

xfree(name);

xfree(inst);

xfree(lang);

Line 880

Line 792

prompt = packet_get_string(NULL);

echo = packet_get_char();

response = read_passphrase(prompt, echo ? RP_ECHO : 0);

response = cli_prompt(prompt, echo);

packet_put_cstring(response);

memset(response, 0, strlen(response));

xfree(response);

xfree(prompt);

}

packet_check_eom(); /* done with parsing incoming message. */

packet_done(); /* done with parsing incoming message. */

packet_add_padding(64);

packet_inject_ignore(64);

packet_send();

}

Line 908

Line 820

u_int blen, slen;

int ok, i, len, found = 0;

p = get_local_name(packet_get_connection_in());

if (p == NULL) {

error("userauth_hostbased: cannot get local ipaddr/name");

return 0;

}

len = strlen(p) + 2;

chost = xmalloc(len);

strlcpy(chost, p, len);

strlcat(chost, ".", len);

debug2("userauth_hostbased: chost %s", chost);

/* check for a useful key */

for (i = 0; i < authctxt->nkeys; i++) {

private = authctxt->keys[i];

Line 919

Line 841

}

if (!found) {

debug("userauth_hostbased: no more client hostkeys");

xfree(chost);

return 0;

}

if (key_to_blob(private, &blob, &blen) == 0) {

key_free(private);

xfree(chost);

return 0;

}

/* figure out a name for the client host */

p = get_local_name(packet_get_connection_in());

if (p == NULL) {

error("userauth_hostbased: cannot get local ipaddr/name");

key_free(private);

return 0;

}

len = strlen(p) + 2;

chost = xmalloc(len);

strlcpy(chost, p, len);

strlcat(chost, ".", len);

debug2("userauth_hostbased: chost %s", chost);

service = datafellows & SSH_BUG_HBSERVICE ? "ssh-userauth" :

authctxt->service;

pkalg = xstrdup(key_ssh_name(private));

Line 956

Line 866

#ifdef DEBUG_PK

buffer_dump(&b);

#endif

debug2("xxx: chost %s", chost);

ok = key_sign(private, &signature, &slen, buffer_ptr(&b), buffer_len(&b));

key_free(private);

buffer_free(&b);

Line 989

Line 900

* given auth method name, if configurable options permit this method fill

* in auth_ident field and return true, otherwise return false.

static int

int

authmethod_is_enabled(Authmethod *method)

{

if (method == NULL)

Line 1003

Line 914

return 1;

}

static Authmethod *

Authmethod *

authmethod_lookup(const char *name)

{

Authmethod *method = NULL;

Line 1024

Line 935

* next method we should try. If the server initially sends a nil list,

* use a built-in default list.

static Authmethod *

Authmethod *

authmethod_get(char *authlist)

{

char *name = NULL;

u_int next;

int next;

/* Use a suitable default if we're passed a nil list. */

if (authlist == NULL || strlen(authlist) == 0)

Line 1064

Line 975

}

static char *

#define DELIM ","

char *

authmethods_get(void)

{

Authmethod *method = NULL;

Buffer b;

char buf[1024];

char *list;

buffer_init(&b);

buf[0] = '\0';

for (method = authmethods; method->name != NULL; method++) {

if (authmethod_is_enabled(method)) {

if (buffer_len(&b) > 0)

if (buf[0] != '\0')

buffer_append(&b, ",", 1);

strlcat(buf, DELIM, sizeof buf);

buffer_append(&b, method->name, strlen(method->name));

strlcat(buf, method->name, sizeof buf);

}

buffer_append(&b, "\0", 1);

return xstrdup(buf);

list = xstrdup(buffer_ptr(&b));

buffer_free(&b);

return list;

}