=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/sshconnect2.c,v retrieving revision 1.72.2.5 retrieving revision 1.73 diff -u -r1.72.2.5 -r1.73 --- src/usr.bin/ssh/sshconnect2.c 2002/06/02 22:56:11 1.72.2.5 +++ src/usr.bin/ssh/sshconnect2.c 2001/05/18 14:13:29 1.73 @@ -23,20 +23,29 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect2.c,v 1.72.2.5 2002/06/02 22:56:11 miod Exp $"); +RCSID("$OpenBSD: sshconnect2.c,v 1.73 2001/05/18 14:13:29 markus Exp $"); +#include +#include +#include +#include + #include "ssh.h" #include "ssh2.h" #include "xmalloc.h" +#include "rsa.h" #include "buffer.h" #include "packet.h" +#include "uidswap.h" #include "compat.h" #include "bufaux.h" #include "cipher.h" #include "kex.h" #include "myproposal.h" +#include "key.h" #include "sshconnect.h" #include "authfile.h" +#include "cli.h" #include "dh.h" #include "authfd.h" #include "log.h" @@ -63,11 +72,11 @@ Kex *xxx_kex = NULL; -static int -verify_host_key_callback(Key *hostkey) +int +check_host_key_callback(Key *hostkey) { - if (verify_host_key(xxx_host, xxx_hostaddr, hostkey) == -1) - fatal("Host key verification failed."); + check_host_key(xxx_host, xxx_hostaddr, hostkey, + options.user_hostfile2, options.system_hostfile2); return 0; } @@ -103,14 +112,14 @@ myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs; } if (options.hostkeyalgorithms != NULL) - myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = + myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = options.hostkeyalgorithms; /* start key exchange */ kex = kex_setup(myproposal); kex->client_version_string=client_version_string; kex->server_version_string=server_version_string; - kex->verify_host_key=&verify_host_key_callback; + kex->check_host_key=&check_host_key_callback; xxx_kex = kex; @@ -138,7 +147,7 @@ typedef int sign_cb_fn( Authctxt *authctxt, Key *key, - u_char **sigp, u_int *lenp, u_char *data, u_int datalen); + u_char **sigp, int *lenp, u_char *data, int datalen); struct Authctxt { const char *server_user; @@ -156,8 +165,6 @@ /* hostbased */ Key **keys; int nkeys; - /* kbd-interactive */ - int info_req_seen; }; struct Authmethod { char *name; /* string to compare against server's list */ @@ -166,46 +173,47 @@ int *batch_flag; /* flag in option struct that disables method */ }; -void input_userauth_success(int, u_int32_t, void *); -void input_userauth_failure(int, u_int32_t, void *); -void input_userauth_banner(int, u_int32_t, void *); -void input_userauth_error(int, u_int32_t, void *); -void input_userauth_info_req(int, u_int32_t, void *); -void input_userauth_pk_ok(int, u_int32_t, void *); -void input_userauth_passwd_changereq(int, u_int32_t, void *); +void input_userauth_success(int type, int plen, void *ctxt); +void input_userauth_failure(int type, int plen, void *ctxt); +void input_userauth_banner(int type, int plen, void *ctxt); +void input_userauth_error(int type, int plen, void *ctxt); +void input_userauth_info_req(int type, int plen, void *ctxt); +void input_userauth_pk_ok(int type, int plen, void *ctxt); -int userauth_none(Authctxt *); -int userauth_pubkey(Authctxt *); -int userauth_passwd(Authctxt *); -int userauth_kbdint(Authctxt *); -int userauth_hostbased(Authctxt *); +int userauth_none(Authctxt *authctxt); +int userauth_pubkey(Authctxt *authctxt); +int userauth_passwd(Authctxt *authctxt); +int userauth_kbdint(Authctxt *authctxt); +int userauth_hostbased(Authctxt *authctxt); -void userauth(Authctxt *, char *); +void userauth(Authctxt *authctxt, char *authlist); -static int sign_and_send_pubkey(Authctxt *, Key *, sign_cb_fn *); -static void clear_auth_state(Authctxt *); +int +sign_and_send_pubkey(Authctxt *authctxt, Key *k, + sign_cb_fn *sign_callback); +void clear_auth_state(Authctxt *authctxt); -static Authmethod *authmethod_get(char *authlist); -static Authmethod *authmethod_lookup(const char *name); -static char *authmethods_get(void); +Authmethod *authmethod_get(char *authlist); +Authmethod *authmethod_lookup(const char *name); +char *authmethods_get(void); Authmethod authmethods[] = { - {"hostbased", - userauth_hostbased, - &options.hostbased_authentication, - NULL}, {"publickey", userauth_pubkey, &options.pubkey_authentication, NULL}, - {"keyboard-interactive", - userauth_kbdint, - &options.kbd_interactive_authentication, - &options.batch_mode}, {"password", userauth_passwd, &options.password_authentication, &options.batch_mode}, + {"keyboard-interactive", + userauth_kbdint, + &options.kbd_interactive_authentication, + &options.batch_mode}, + {"hostbased", + userauth_hostbased, + &options.hostbased_authentication, + NULL}, {"none", userauth_none, NULL, @@ -219,6 +227,7 @@ { Authctxt authctxt; int type; + int plen; if (options.challenge_response_authentication) options.kbd_interactive_authentication = 1; @@ -228,25 +237,24 @@ packet_put_cstring("ssh-userauth"); packet_send(); packet_write_wait(); - type = packet_read(); + type = packet_read(&plen); if (type != SSH2_MSG_SERVICE_ACCEPT) { fatal("denied SSH2_MSG_SERVICE_ACCEPT: %d", type); } if (packet_remaining() > 0) { - char *reply = packet_get_string(NULL); + char *reply = packet_get_string(&plen); debug("service_accept: %s", reply); xfree(reply); } else { debug("buggy server: service_accept w/o service"); } - packet_check_eom(); + packet_done(); debug("got SSH2_MSG_SERVICE_ACCEPT"); if (options.preferred_authentications == NULL) options.preferred_authentications = authmethods_get(); /* setup authentication context */ - memset(&authctxt, 0, sizeof(authctxt)); authctxt.agent = ssh_get_authentication_connection(); authctxt.server_user = server_user; authctxt.local_user = local_user; @@ -257,7 +265,6 @@ authctxt.authlist = NULL; authctxt.keys = keys; authctxt.nkeys = nkeys; - authctxt.info_req_seen = 0; if (authctxt.method == NULL) fatal("ssh_userauth2: internal error: cannot send userauth none request"); @@ -300,13 +307,13 @@ } } void -input_userauth_error(int type, u_int32_t seq, void *ctxt) +input_userauth_error(int type, int plen, void *ctxt) { fatal("input_userauth_error: bad message during authentication: " "type %d", type); } void -input_userauth_banner(int type, u_int32_t seq, void *ctxt) +input_userauth_banner(int type, int plen, void *ctxt) { char *msg, *lang; debug3("input_userauth_banner"); @@ -317,7 +324,7 @@ xfree(lang); } void -input_userauth_success(int type, u_int32_t seq, void *ctxt) +input_userauth_success(int type, int plen, void *ctxt) { Authctxt *authctxt = ctxt; if (authctxt == NULL) @@ -328,7 +335,7 @@ authctxt->success = 1; /* break out */ } void -input_userauth_failure(int type, u_int32_t seq, void *ctxt) +input_userauth_failure(int type, int plen, void *ctxt) { Authctxt *authctxt = ctxt; char *authlist = NULL; @@ -339,7 +346,7 @@ authlist = packet_get_string(NULL); partial = packet_get_char(); - packet_check_eom(); + packet_done(); if (partial != 0) log("Authenticated with partial success."); @@ -349,15 +356,13 @@ userauth(authctxt, authlist); } void -input_userauth_pk_ok(int type, u_int32_t seq, void *ctxt) +input_userauth_pk_ok(int type, int plen, void *ctxt) { Authctxt *authctxt = ctxt; Key *key = NULL; Buffer b; - int pktype, sent = 0; - u_int alen, blen; - char *pkalg, *fp; - u_char *pkblob; + int alen, blen, sent = 0; + char *pkalg, *pkblob, *fp; if (authctxt == NULL) fatal("input_userauth_pk_ok: no authentication context"); @@ -373,7 +378,7 @@ pkalg = packet_get_string(&alen); pkblob = packet_get_string(&blen); } - packet_check_eom(); + packet_done(); debug("input_userauth_pk_ok: pkalg %s blen %d lastkey %p hint %d", pkalg, blen, authctxt->last_key, authctxt->last_key_hint); @@ -384,7 +389,7 @@ debug("no last key or no sign cb"); break; } - if ((pktype = key_type_from_name(pkalg)) == KEY_UNSPEC) { + if (key_type_from_name(pkalg) == KEY_UNSPEC) { debug("unknown pkalg %s", pkalg); break; } @@ -392,12 +397,6 @@ debug("no key from blob. pkalg %s", pkalg); break; } - if (key->type != pktype) { - error("input_userauth_pk_ok: type mismatch " - "for decoded key (received %d, expected %d)", - key->type, pktype); - break; - } fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); debug2("input_userauth_pk_ok: fp %s", fp); xfree(fp); @@ -407,7 +406,7 @@ } sent = sign_and_send_pubkey(authctxt, key, authctxt->last_key_sign); - } while (0); + } while(0); if (key != NULL) key_free(key); @@ -440,13 +439,13 @@ userauth_passwd(Authctxt *authctxt) { static int attempt = 0; - char prompt[150]; + char prompt[80]; char *password; if (attempt++ >= options.number_of_password_prompts) return 0; - if (attempt != 1) + if(attempt != 1) error("Permission denied, please try again."); snprintf(prompt, sizeof(prompt), "%.30s@%.128s's password: ", @@ -460,87 +459,15 @@ packet_put_cstring(password); memset(password, 0, strlen(password)); xfree(password); - packet_add_padding(64); + packet_inject_ignore(64); packet_send(); - - dispatch_set(SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ, - &input_userauth_passwd_changereq); - return 1; } -/* - * parse PASSWD_CHANGEREQ, prompt user and send SSH2_MSG_USERAUTH_REQUEST - */ -void -input_userauth_passwd_changereq(int type, uint32_t seqnr, void *ctxt) -{ - Authctxt *authctxt = ctxt; - char *info, *lang, *password = NULL, *retype = NULL; - char prompt[150]; - debug2("input_userauth_passwd_changereq"); - - if (authctxt == NULL) - fatal("input_userauth_passwd_changereq: " - "no authentication context"); - - info = packet_get_string(NULL); - lang = packet_get_string(NULL); - if (strlen(info) > 0) - log("%s", info); - xfree(info); - xfree(lang); - packet_start(SSH2_MSG_USERAUTH_REQUEST); - packet_put_cstring(authctxt->server_user); - packet_put_cstring(authctxt->service); - packet_put_cstring(authctxt->method->name); - packet_put_char(1); /* additional info */ - snprintf(prompt, sizeof(prompt), - "Enter %.30s@%.128s's old password: ", - authctxt->server_user, authctxt->host); - password = read_passphrase(prompt, 0); - packet_put_cstring(password); - memset(password, 0, strlen(password)); - xfree(password); - password = NULL; - while (password == NULL) { - snprintf(prompt, sizeof(prompt), - "Enter %.30s@%.128s's new password: ", - authctxt->server_user, authctxt->host); - password = read_passphrase(prompt, RP_ALLOW_EOF); - if (password == NULL) { - /* bail out */ - return; - } - snprintf(prompt, sizeof(prompt), - "Retype %.30s@%.128s's new password: ", - authctxt->server_user, authctxt->host); - retype = read_passphrase(prompt, 0); - if (strcmp(password, retype) != 0) { - memset(password, 0, strlen(password)); - xfree(password); - log("Mismatch; try again, EOF to quit."); - password = NULL; - } - memset(retype, 0, strlen(retype)); - xfree(retype); - } - packet_put_cstring(password); - memset(password, 0, strlen(password)); - xfree(password); - packet_add_padding(64); - packet_send(); - - dispatch_set(SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ, - &input_userauth_passwd_changereq); -} - -static void +void clear_auth_state(Authctxt *authctxt) { /* XXX clear authentication state */ - dispatch_set(SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ, NULL); - if (authctxt->last_key != NULL && authctxt->last_key_hint == -1) { debug3("clear_auth_state: key_free %p", authctxt->last_key); key_free(authctxt->last_key); @@ -550,12 +477,12 @@ authctxt->last_key_sign = NULL; } -static int +int sign_and_send_pubkey(Authctxt *authctxt, Key *k, sign_cb_fn *sign_callback) { Buffer b; u_char *blob, *signature; - u_int bloblen, slen; + int bloblen, slen; int skip = 0; int ret = -1; int have_sig = 1; @@ -635,12 +562,12 @@ return 1; } -static int +int send_pubkey_test(Authctxt *authctxt, Key *k, sign_cb_fn *sign_callback, int hint) { u_char *blob; - u_int bloblen, have_sig = 0; + int bloblen, have_sig = 0; debug3("send_pubkey_test"); @@ -668,7 +595,7 @@ return 1; } -static Key * +Key * load_identity_file(char *filename) { Key *private; @@ -685,7 +612,7 @@ if (options.batch_mode) return NULL; snprintf(prompt, sizeof prompt, - "Enter passphrase for key '%.100s': ", filename); + "Enter passphrase for key '%.100s': ", filename); for (i = 0; i < options.number_of_password_prompts; i++) { passphrase = read_passphrase(prompt, 0); if (strcmp(passphrase, "") != 0) { @@ -706,9 +633,9 @@ return private; } -static int -identity_sign_cb(Authctxt *authctxt, Key *key, u_char **sigp, u_int *lenp, - u_char *data, u_int datalen) +int +identity_sign_cb(Authctxt *authctxt, Key *key, u_char **sigp, int *lenp, + u_char *data, int datalen) { Key *private; int idx, ret; @@ -716,11 +643,6 @@ idx = authctxt->last_key_hint; if (idx < 0) return -1; - - /* private key is stored in external hardware */ - if (options.identity_keys[idx]->flags & KEY_FLAG_EXT) - return key_sign(options.identity_keys[idx], sigp, lenp, data, datalen); - private = load_identity_file(options.identity_files[idx]); if (private == NULL) return -1; @@ -729,21 +651,19 @@ return ret; } -static int -agent_sign_cb(Authctxt *authctxt, Key *key, u_char **sigp, u_int *lenp, - u_char *data, u_int datalen) +int agent_sign_cb(Authctxt *authctxt, Key *key, u_char **sigp, int *lenp, + u_char *data, int datalen) { return ssh_agent_sign(authctxt->agent, key, sigp, lenp, data, datalen); } -static int -key_sign_cb(Authctxt *authctxt, Key *key, u_char **sigp, u_int *lenp, - u_char *data, u_int datalen) +int key_sign_cb(Authctxt *authctxt, Key *key, u_char **sigp, int *lenp, + u_char *data, int datalen) { return key_sign(key, sigp, lenp, data, datalen); } -static int +int userauth_pubkey_agent(Authctxt *authctxt) { static int called = 0; @@ -782,7 +702,7 @@ if (authctxt->agent != NULL) { do { sent = userauth_pubkey_agent(authctxt); - } while (!sent && authctxt->agent->howmany > 0); + } while(!sent && authctxt->agent->howmany > 0); } while (!sent && idx < options.num_identity_files) { key = options.identity_keys[idx]; @@ -815,12 +735,6 @@ if (attempt++ >= options.number_of_password_prompts) return 0; - /* disable if no SSH2_MSG_USERAUTH_INFO_REQUEST has been seen */ - if (attempt > 1 && !authctxt->info_req_seen) { - debug3("userauth_kbdint: disable: no info_req_seen"); - dispatch_set(SSH2_MSG_USERAUTH_INFO_REQUEST, NULL); - return 0; - } debug2("userauth_kbdint"); packet_start(SSH2_MSG_USERAUTH_REQUEST); @@ -840,7 +754,7 @@ * parse INFO_REQUEST, prompt user and send INFO_RESPONSE */ void -input_userauth_info_req(int type, u_int32_t seq, void *ctxt) +input_userauth_info_req(int type, int plen, void *ctxt) { Authctxt *authctxt = ctxt; char *name, *inst, *lang, *prompt, *response; @@ -852,15 +766,13 @@ if (authctxt == NULL) fatal("input_userauth_info_req: no authentication context"); - authctxt->info_req_seen = 1; - name = packet_get_string(NULL); inst = packet_get_string(NULL); lang = packet_get_string(NULL); if (strlen(name) > 0) - log("%s", name); + cli_mesg(name); if (strlen(inst) > 0) - log("%s", inst); + cli_mesg(inst); xfree(name); xfree(inst); xfree(lang); @@ -880,16 +792,16 @@ prompt = packet_get_string(NULL); echo = packet_get_char(); - response = read_passphrase(prompt, echo ? RP_ECHO : 0); + response = cli_prompt(prompt, echo); packet_put_cstring(response); memset(response, 0, strlen(response)); xfree(response); xfree(prompt); } - packet_check_eom(); /* done with parsing incoming message. */ + packet_done(); /* done with parsing incoming message. */ - packet_add_padding(64); + packet_inject_ignore(64); packet_send(); } @@ -908,6 +820,16 @@ u_int blen, slen; int ok, i, len, found = 0; + p = get_local_name(packet_get_connection_in()); + if (p == NULL) { + error("userauth_hostbased: cannot get local ipaddr/name"); + return 0; + } + len = strlen(p) + 2; + chost = xmalloc(len); + strlcpy(chost, p, len); + strlcat(chost, ".", len); + debug2("userauth_hostbased: chost %s", chost); /* check for a useful key */ for (i = 0; i < authctxt->nkeys; i++) { private = authctxt->keys[i]; @@ -919,26 +841,14 @@ } } if (!found) { - debug("userauth_hostbased: no more client hostkeys"); + xfree(chost); return 0; } if (key_to_blob(private, &blob, &blen) == 0) { key_free(private); + xfree(chost); return 0; } - /* figure out a name for the client host */ - p = get_local_name(packet_get_connection_in()); - if (p == NULL) { - error("userauth_hostbased: cannot get local ipaddr/name"); - key_free(private); - return 0; - } - len = strlen(p) + 2; - chost = xmalloc(len); - strlcpy(chost, p, len); - strlcat(chost, ".", len); - debug2("userauth_hostbased: chost %s", chost); - service = datafellows & SSH_BUG_HBSERVICE ? "ssh-userauth" : authctxt->service; pkalg = xstrdup(key_ssh_name(private)); @@ -956,6 +866,7 @@ #ifdef DEBUG_PK buffer_dump(&b); #endif + debug2("xxx: chost %s", chost); ok = key_sign(private, &signature, &slen, buffer_ptr(&b), buffer_len(&b)); key_free(private); buffer_free(&b); @@ -989,7 +900,7 @@ * given auth method name, if configurable options permit this method fill * in auth_ident field and return true, otherwise return false. */ -static int +int authmethod_is_enabled(Authmethod *method) { if (method == NULL) @@ -1003,7 +914,7 @@ return 1; } -static Authmethod * +Authmethod * authmethod_lookup(const char *name) { Authmethod *method = NULL; @@ -1024,12 +935,12 @@ * next method we should try. If the server initially sends a nil list, * use a built-in default list. */ -static Authmethod * +Authmethod * authmethod_get(char *authlist) { char *name = NULL; - u_int next; + int next; /* Use a suitable default if we're passed a nil list. */ if (authlist == NULL || strlen(authlist) == 0) @@ -1064,23 +975,21 @@ } } -static char * + +#define DELIM "," +char * authmethods_get(void) { Authmethod *method = NULL; - Buffer b; - char *list; + char buf[1024]; - buffer_init(&b); + buf[0] = '\0'; for (method = authmethods; method->name != NULL; method++) { if (authmethod_is_enabled(method)) { - if (buffer_len(&b) > 0) - buffer_append(&b, ",", 1); - buffer_append(&b, method->name, strlen(method->name)); + if (buf[0] != '\0') + strlcat(buf, DELIM, sizeof buf); + strlcat(buf, method->name, sizeof buf); } } - buffer_append(&b, "\0", 1); - list = xstrdup(buffer_ptr(&b)); - buffer_free(&b); - return list; + return xstrdup(buf); }