Annotation of src/usr.bin/ssh/sshconnect2.c, Revision 1.172
1.172 ! djm 1: /* $OpenBSD: sshconnect2.c,v 1.171 2009/03/05 07:18:19 djm Exp $ */
1.1 markus 2: /*
3: * Copyright (c) 2000 Markus Friedl. All rights reserved.
1.170 djm 4: * Copyright (c) 2008 Damien Miller. All rights reserved.
1.1 markus 5: *
6: * Redistribution and use in source and binary forms, with or without
7: * modification, are permitted provided that the following conditions
8: * are met:
9: * 1. Redistributions of source code must retain the above copyright
10: * notice, this list of conditions and the following disclaimer.
11: * 2. Redistributions in binary form must reproduce the above copyright
12: * notice, this list of conditions and the following disclaimer in the
13: * documentation and/or other materials provided with the distribution.
14: *
15: * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
16: * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
17: * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
18: * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
19: * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
20: * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
21: * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
22: * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23: * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
24: * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25: */
26:
1.145 stevesk 27: #include <sys/types.h>
1.160 deraadt 28: #include <sys/socket.h>
1.145 stevesk 29: #include <sys/wait.h>
1.144 stevesk 30: #include <sys/queue.h>
1.146 stevesk 31: #include <sys/stat.h>
1.156 stevesk 32:
33: #include <errno.h>
1.164 jolan 34: #include <netdb.h>
1.159 stevesk 35: #include <stdio.h>
1.158 stevesk 36: #include <string.h>
1.160 deraadt 37: #include <signal.h>
38: #include <pwd.h>
1.157 stevesk 39: #include <unistd.h>
1.166 djm 40: #include <vis.h>
1.1 markus 41:
1.160 deraadt 42: #include "xmalloc.h"
1.1 markus 43: #include "ssh.h"
1.37 markus 44: #include "ssh2.h"
1.1 markus 45: #include "buffer.h"
46: #include "packet.h"
47: #include "compat.h"
1.37 markus 48: #include "cipher.h"
1.160 deraadt 49: #include "key.h"
1.1 markus 50: #include "kex.h"
51: #include "myproposal.h"
52: #include "sshconnect.h"
53: #include "authfile.h"
1.57 provos 54: #include "dh.h"
1.17 markus 55: #include "authfd.h"
1.37 markus 56: #include "log.h"
57: #include "readconf.h"
1.137 djm 58: #include "misc.h"
1.53 markus 59: #include "match.h"
1.61 markus 60: #include "dispatch.h"
1.68 markus 61: #include "canohost.h"
1.100 markus 62: #include "msg.h"
63: #include "pathnames.h"
1.154 markus 64: #include "uidswap.h"
1.171 djm 65: #include "schnorr.h"
1.170 djm 66: #include "jpake.h"
1.22 provos 67:
1.121 markus 68: #ifdef GSSAPI
69: #include "ssh-gss.h"
70: #endif
71:
1.1 markus 72: /* import */
73: extern char *client_version_string;
74: extern char *server_version_string;
75: extern Options options;
76:
77: /*
78: * SSH2 key exchange
79: */
80:
1.32 markus 81: u_char *session_id2 = NULL;
1.120 markus 82: u_int session_id2_len = 0;
1.1 markus 83:
1.61 markus 84: char *xxx_host;
85: struct sockaddr *xxx_hostaddr;
86:
1.63 markus 87: Kex *xxx_kex = NULL;
88:
1.76 itojun 89: static int
1.75 markus 90: verify_host_key_callback(Key *hostkey)
1.61 markus 91: {
1.75 markus 92: if (verify_host_key(xxx_host, xxx_hostaddr, hostkey) == -1)
1.83 markus 93: fatal("Host key verification failed.");
1.61 markus 94: return 0;
95: }
96:
1.1 markus 97: void
1.22 provos 98: ssh_kex2(char *host, struct sockaddr *hostaddr)
99: {
100: Kex *kex;
1.61 markus 101:
102: xxx_host = host;
103: xxx_hostaddr = hostaddr;
1.22 provos 104:
1.29 markus 105: if (options.ciphers == (char *)-1) {
1.116 itojun 106: logit("No valid ciphers for protocol version 2 given, using defaults.");
1.29 markus 107: options.ciphers = NULL;
1.24 markus 108: }
1.22 provos 109: if (options.ciphers != NULL) {
110: myproposal[PROPOSAL_ENC_ALGS_CTOS] =
111: myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers;
112: }
1.60 stevesk 113: myproposal[PROPOSAL_ENC_ALGS_CTOS] =
114: compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_CTOS]);
115: myproposal[PROPOSAL_ENC_ALGS_STOC] =
116: compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_STOC]);
1.22 provos 117: if (options.compression) {
1.47 markus 118: myproposal[PROPOSAL_COMP_ALGS_CTOS] =
1.141 markus 119: myproposal[PROPOSAL_COMP_ALGS_STOC] = "zlib@openssh.com,zlib,none";
1.22 provos 120: } else {
1.47 markus 121: myproposal[PROPOSAL_COMP_ALGS_CTOS] =
1.141 markus 122: myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib@openssh.com,zlib";
1.47 markus 123: }
124: if (options.macs != NULL) {
125: myproposal[PROPOSAL_MAC_ALGS_CTOS] =
126: myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
1.22 provos 127: }
1.70 markus 128: if (options.hostkeyalgorithms != NULL)
1.88 deraadt 129: myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
1.70 markus 130: options.hostkeyalgorithms;
1.115 markus 131:
132: if (options.rekey_limit)
1.165 djm 133: packet_set_rekey_limit((u_int32_t)options.rekey_limit);
1.22 provos 134:
1.65 markus 135: /* start key exchange */
1.64 markus 136: kex = kex_setup(myproposal);
1.111 markus 137: kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client;
1.138 djm 138: kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client;
1.111 markus 139: kex->kex[KEX_DH_GEX_SHA1] = kexgex_client;
1.147 djm 140: kex->kex[KEX_DH_GEX_SHA256] = kexgex_client;
1.61 markus 141: kex->client_version_string=client_version_string;
142: kex->server_version_string=server_version_string;
1.75 markus 143: kex->verify_host_key=&verify_host_key_callback;
1.63 markus 144:
145: xxx_kex = kex;
1.22 provos 146:
1.66 markus 147: dispatch_run(DISPATCH_BLOCK, &kex->done, kex);
1.62 markus 148:
149: session_id2 = kex->session_id;
150: session_id2_len = kex->session_id_len;
1.22 provos 151:
152: #ifdef DEBUG_KEXDH
153: /* send 1st encrypted/maced/compressed message */
154: packet_start(SSH2_MSG_IGNORE);
155: packet_put_cstring("markus");
156: packet_send();
157: packet_write_wait();
158: #endif
1.1 markus 159: }
1.11 markus 160:
1.1 markus 161: /*
162: * Authenticate user
163: */
1.20 markus 164:
165: typedef struct Authctxt Authctxt;
166: typedef struct Authmethod Authmethod;
1.117 markus 167: typedef struct identity Identity;
168: typedef struct idlist Idlist;
1.20 markus 169:
1.117 markus 170: struct identity {
171: TAILQ_ENTRY(identity) next;
172: AuthenticationConnection *ac; /* set if agent supports key */
173: Key *key; /* public/private key */
174: char *filename; /* comment for agent-only keys */
175: int tried;
176: int isprivate; /* key points to the private key */
177: };
178: TAILQ_HEAD(idlist, identity);
1.20 markus 179:
180: struct Authctxt {
181: const char *server_user;
1.68 markus 182: const char *local_user;
1.20 markus 183: const char *host;
184: const char *service;
1.23 markus 185: Authmethod *method;
1.20 markus 186: int success;
1.51 markus 187: char *authlist;
1.68 markus 188: /* pubkey */
1.117 markus 189: Idlist keys;
1.68 markus 190: AuthenticationConnection *agent;
191: /* hostbased */
1.100 markus 192: Sensitive *sensitive;
1.82 markus 193: /* kbd-interactive */
194: int info_req_seen;
1.121 markus 195: /* generic */
196: void *methoddata;
1.20 markus 197: };
198: struct Authmethod {
199: char *name; /* string to compare against server's list */
200: int (*userauth)(Authctxt *authctxt);
1.170 djm 201: void (*cleanup)(Authctxt *authctxt);
1.20 markus 202: int *enabled; /* flag in option struct that enables method */
203: int *batch_flag; /* flag in option struct that disables method */
204: };
205:
1.92 markus 206: void input_userauth_success(int, u_int32_t, void *);
1.172 ! djm 207: void input_userauth_success_unexpected(int, u_int32_t, void *);
1.92 markus 208: void input_userauth_failure(int, u_int32_t, void *);
209: void input_userauth_banner(int, u_int32_t, void *);
210: void input_userauth_error(int, u_int32_t, void *);
211: void input_userauth_info_req(int, u_int32_t, void *);
212: void input_userauth_pk_ok(int, u_int32_t, void *);
1.99 markus 213: void input_userauth_passwd_changereq(int, u_int32_t, void *);
1.170 djm 214: void input_userauth_jpake_server_step1(int, u_int32_t, void *);
215: void input_userauth_jpake_server_step2(int, u_int32_t, void *);
216: void input_userauth_jpake_server_confirm(int, u_int32_t, void *);
1.86 itojun 217:
218: int userauth_none(Authctxt *);
219: int userauth_pubkey(Authctxt *);
220: int userauth_passwd(Authctxt *);
221: int userauth_kbdint(Authctxt *);
222: int userauth_hostbased(Authctxt *);
1.170 djm 223: int userauth_jpake(Authctxt *);
224:
225: void userauth_jpake_cleanup(Authctxt *);
1.20 markus 226:
1.121 markus 227: #ifdef GSSAPI
228: int userauth_gssapi(Authctxt *authctxt);
229: void input_gssapi_response(int type, u_int32_t, void *);
230: void input_gssapi_token(int type, u_int32_t, void *);
231: void input_gssapi_hash(int type, u_int32_t, void *);
232: void input_gssapi_error(int, u_int32_t, void *);
233: void input_gssapi_errtok(int, u_int32_t, void *);
234: #endif
235:
1.86 itojun 236: void userauth(Authctxt *, char *);
1.51 markus 237:
1.117 markus 238: static int sign_and_send_pubkey(Authctxt *, Identity *);
239: static void pubkey_prepare(Authctxt *);
240: static void pubkey_cleanup(Authctxt *);
241: static Key *load_identity_file(char *);
1.76 itojun 242:
243: static Authmethod *authmethod_get(char *authlist);
244: static Authmethod *authmethod_lookup(const char *name);
245: static char *authmethods_get(void);
1.20 markus 246:
247: Authmethod authmethods[] = {
1.121 markus 248: #ifdef GSSAPI
1.132 markus 249: {"gssapi-with-mic",
1.121 markus 250: userauth_gssapi,
1.170 djm 251: NULL,
1.121 markus 252: &options.gss_authentication,
253: NULL},
254: #endif
1.81 markus 255: {"hostbased",
256: userauth_hostbased,
1.170 djm 257: NULL,
1.81 markus 258: &options.hostbased_authentication,
259: NULL},
1.20 markus 260: {"publickey",
261: userauth_pubkey,
1.170 djm 262: NULL,
1.28 markus 263: &options.pubkey_authentication,
1.20 markus 264: NULL},
1.170 djm 265: #ifdef JPAKE
266: {"jpake-01@openssh.com",
267: userauth_jpake,
268: userauth_jpake_cleanup,
269: &options.zero_knowledge_password_authentication,
270: &options.batch_mode},
271: #endif
1.81 markus 272: {"keyboard-interactive",
273: userauth_kbdint,
1.170 djm 274: NULL,
1.81 markus 275: &options.kbd_interactive_authentication,
276: &options.batch_mode},
1.20 markus 277: {"password",
278: userauth_passwd,
1.170 djm 279: NULL,
1.20 markus 280: &options.password_authentication,
1.23 markus 281: &options.batch_mode},
282: {"none",
283: userauth_none,
284: NULL,
1.170 djm 285: NULL,
1.23 markus 286: NULL},
1.170 djm 287: {NULL, NULL, NULL, NULL, NULL}
1.20 markus 288: };
289:
290: void
1.68 markus 291: ssh_userauth2(const char *local_user, const char *server_user, char *host,
1.100 markus 292: Sensitive *sensitive)
1.20 markus 293: {
294: Authctxt authctxt;
295: int type;
1.39 markus 296:
1.73 markus 297: if (options.challenge_response_authentication)
1.39 markus 298: options.kbd_interactive_authentication = 1;
1.20 markus 299:
300: packet_start(SSH2_MSG_SERVICE_REQUEST);
301: packet_put_cstring("ssh-userauth");
302: packet_send();
1.108 markus 303: debug("SSH2_MSG_SERVICE_REQUEST sent");
1.20 markus 304: packet_write_wait();
1.91 markus 305: type = packet_read();
1.108 markus 306: if (type != SSH2_MSG_SERVICE_ACCEPT)
307: fatal("Server denied authentication request: %d", type);
1.20 markus 308: if (packet_remaining() > 0) {
1.91 markus 309: char *reply = packet_get_string(NULL);
1.108 markus 310: debug2("service_accept: %s", reply);
1.20 markus 311: xfree(reply);
312: } else {
1.109 markus 313: debug2("buggy server: service_accept w/o service");
1.20 markus 314: }
1.90 markus 315: packet_check_eom();
1.108 markus 316: debug("SSH2_MSG_SERVICE_ACCEPT received");
1.20 markus 317:
1.53 markus 318: if (options.preferred_authentications == NULL)
319: options.preferred_authentications = authmethods_get();
320:
1.20 markus 321: /* setup authentication context */
1.82 markus 322: memset(&authctxt, 0, sizeof(authctxt));
1.117 markus 323: pubkey_prepare(&authctxt);
1.20 markus 324: authctxt.server_user = server_user;
1.68 markus 325: authctxt.local_user = local_user;
1.20 markus 326: authctxt.host = host;
327: authctxt.service = "ssh-connection"; /* service name */
328: authctxt.success = 0;
1.23 markus 329: authctxt.method = authmethod_lookup("none");
1.51 markus 330: authctxt.authlist = NULL;
1.121 markus 331: authctxt.methoddata = NULL;
1.100 markus 332: authctxt.sensitive = sensitive;
1.82 markus 333: authctxt.info_req_seen = 0;
1.23 markus 334: if (authctxt.method == NULL)
335: fatal("ssh_userauth2: internal error: cannot send userauth none request");
1.20 markus 336:
337: /* initial userauth request */
1.23 markus 338: userauth_none(&authctxt);
1.20 markus 339:
1.65 markus 340: dispatch_init(&input_userauth_error);
1.20 markus 341: dispatch_set(SSH2_MSG_USERAUTH_SUCCESS, &input_userauth_success);
342: dispatch_set(SSH2_MSG_USERAUTH_FAILURE, &input_userauth_failure);
1.35 markus 343: dispatch_set(SSH2_MSG_USERAUTH_BANNER, &input_userauth_banner);
1.20 markus 344: dispatch_run(DISPATCH_BLOCK, &authctxt.success, &authctxt); /* loop until success */
345:
1.117 markus 346: pubkey_cleanup(&authctxt);
1.119 markus 347: dispatch_range(SSH2_MSG_USERAUTH_MIN, SSH2_MSG_USERAUTH_MAX, NULL);
348:
1.109 markus 349: debug("Authentication succeeded (%s).", authctxt.method->name);
1.20 markus 350: }
1.119 markus 351:
1.20 markus 352: void
1.51 markus 353: userauth(Authctxt *authctxt, char *authlist)
354: {
1.170 djm 355: if (authctxt->method != NULL && authctxt->method->cleanup != NULL)
356: authctxt->method->cleanup(authctxt);
357:
1.121 markus 358: if (authctxt->methoddata) {
359: xfree(authctxt->methoddata);
360: authctxt->methoddata = NULL;
361: }
1.51 markus 362: if (authlist == NULL) {
363: authlist = authctxt->authlist;
364: } else {
365: if (authctxt->authlist)
366: xfree(authctxt->authlist);
367: authctxt->authlist = authlist;
368: }
369: for (;;) {
370: Authmethod *method = authmethod_get(authlist);
371: if (method == NULL)
372: fatal("Permission denied (%s).", authlist);
373: authctxt->method = method;
1.119 markus 374:
375: /* reset the per method handler */
376: dispatch_range(SSH2_MSG_USERAUTH_PER_METHOD_MIN,
377: SSH2_MSG_USERAUTH_PER_METHOD_MAX, NULL);
378:
379: /* and try new method */
1.51 markus 380: if (method->userauth(authctxt) != 0) {
381: debug2("we sent a %s packet, wait for reply", method->name);
382: break;
383: } else {
384: debug2("we did not send a packet, disable method");
385: method->enabled = NULL;
386: }
387: }
388: }
1.105 deraadt 389:
1.169 djm 390: /* ARGSUSED */
1.51 markus 391: void
1.92 markus 392: input_userauth_error(int type, u_int32_t seq, void *ctxt)
1.20 markus 393: {
1.35 markus 394: fatal("input_userauth_error: bad message during authentication: "
1.140 djm 395: "type %d", type);
1.35 markus 396: }
1.105 deraadt 397:
1.169 djm 398: /* ARGSUSED */
1.35 markus 399: void
1.92 markus 400: input_userauth_banner(int type, u_int32_t seq, void *ctxt)
1.35 markus 401: {
1.166 djm 402: char *msg, *raw, *lang;
403: u_int len;
1.126 deraadt 404:
1.35 markus 405: debug3("input_userauth_banner");
1.166 djm 406: raw = packet_get_string(&len);
1.35 markus 407: lang = packet_get_string(NULL);
1.167 markus 408: if (len > 0 && options.log_level >= SYSLOG_LEVEL_INFO) {
1.166 djm 409: if (len > 65536)
410: len = 65536;
1.168 deraadt 411: msg = xmalloc(len * 4 + 1); /* max expansion from strnvis() */
412: strnvis(msg, raw, len * 4 + 1, VIS_SAFE|VIS_OCTAL);
1.125 dtucker 413: fprintf(stderr, "%s", msg);
1.166 djm 414: xfree(msg);
415: }
416: xfree(raw);
1.35 markus 417: xfree(lang);
1.20 markus 418: }
1.105 deraadt 419:
1.169 djm 420: /* ARGSUSED */
1.20 markus 421: void
1.92 markus 422: input_userauth_success(int type, u_int32_t seq, void *ctxt)
1.20 markus 423: {
424: Authctxt *authctxt = ctxt;
1.172 ! djm 425:
1.20 markus 426: if (authctxt == NULL)
427: fatal("input_userauth_success: no authentication context");
1.126 deraadt 428: if (authctxt->authlist) {
1.51 markus 429: xfree(authctxt->authlist);
1.126 deraadt 430: authctxt->authlist = NULL;
431: }
1.172 ! djm 432: if (authctxt->method != NULL && authctxt->method->cleanup != NULL)
! 433: authctxt->method->cleanup(authctxt);
1.126 deraadt 434: if (authctxt->methoddata) {
1.121 markus 435: xfree(authctxt->methoddata);
1.126 deraadt 436: authctxt->methoddata = NULL;
437: }
1.20 markus 438: authctxt->success = 1; /* break out */
439: }
1.105 deraadt 440:
1.172 ! djm 441: void
! 442: input_userauth_success_unexpected(int type, u_int32_t seq, void *ctxt)
! 443: {
! 444: Authctxt *authctxt = ctxt;
! 445:
! 446: if (authctxt == NULL)
! 447: fatal("%s: no authentication context", __func__);
! 448:
! 449: fatal("Unexpected authentication success during %s.",
! 450: authctxt->method->name);
! 451: }
! 452:
1.169 djm 453: /* ARGSUSED */
1.20 markus 454: void
1.92 markus 455: input_userauth_failure(int type, u_int32_t seq, void *ctxt)
1.20 markus 456: {
457: Authctxt *authctxt = ctxt;
458: char *authlist = NULL;
459: int partial;
460:
461: if (authctxt == NULL)
462: fatal("input_userauth_failure: no authentication context");
463:
1.23 markus 464: authlist = packet_get_string(NULL);
1.20 markus 465: partial = packet_get_char();
1.90 markus 466: packet_check_eom();
1.20 markus 467:
468: if (partial != 0)
1.116 itojun 469: logit("Authenticated with partial success.");
1.109 markus 470: debug("Authentications that can continue: %s", authlist);
1.20 markus 471:
1.51 markus 472: userauth(authctxt, authlist);
473: }
1.169 djm 474:
475: /* ARGSUSED */
1.51 markus 476: void
1.92 markus 477: input_userauth_pk_ok(int type, u_int32_t seq, void *ctxt)
1.51 markus 478: {
479: Authctxt *authctxt = ctxt;
480: Key *key = NULL;
1.117 markus 481: Identity *id = NULL;
1.51 markus 482: Buffer b;
1.96 markus 483: int pktype, sent = 0;
484: u_int alen, blen;
485: char *pkalg, *fp;
486: u_char *pkblob;
1.51 markus 487:
488: if (authctxt == NULL)
489: fatal("input_userauth_pk_ok: no authentication context");
490: if (datafellows & SSH_BUG_PKOK) {
491: /* this is similar to SSH_BUG_PKAUTH */
492: debug2("input_userauth_pk_ok: SSH_BUG_PKOK");
493: pkblob = packet_get_string(&blen);
494: buffer_init(&b);
495: buffer_append(&b, pkblob, blen);
496: pkalg = buffer_get_string(&b, &alen);
497: buffer_free(&b);
498: } else {
499: pkalg = packet_get_string(&alen);
500: pkblob = packet_get_string(&blen);
501: }
1.90 markus 502: packet_check_eom();
1.51 markus 503:
1.117 markus 504: debug("Server accepts key: pkalg %s blen %u", pkalg, blen);
1.51 markus 505:
1.117 markus 506: if ((pktype = key_type_from_name(pkalg)) == KEY_UNSPEC) {
507: debug("unknown pkalg %s", pkalg);
508: goto done;
509: }
510: if ((key = key_from_blob(pkblob, blen)) == NULL) {
511: debug("no key from blob. pkalg %s", pkalg);
512: goto done;
513: }
514: if (key->type != pktype) {
515: error("input_userauth_pk_ok: type mismatch "
516: "for decoded key (received %d, expected %d)",
517: key->type, pktype);
518: goto done;
519: }
520: fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
521: debug2("input_userauth_pk_ok: fp %s", fp);
522: xfree(fp);
523:
1.127 markus 524: /*
525: * search keys in the reverse order, because last candidate has been
526: * moved to the end of the queue. this also avoids confusion by
527: * duplicate keys
528: */
1.136 henning 529: TAILQ_FOREACH_REVERSE(id, &authctxt->keys, idlist, next) {
1.117 markus 530: if (key_equal(key, id->key)) {
531: sent = sign_and_send_pubkey(authctxt, id);
1.51 markus 532: break;
533: }
1.117 markus 534: }
535: done:
1.51 markus 536: if (key != NULL)
537: key_free(key);
538: xfree(pkalg);
539: xfree(pkblob);
540:
1.106 deraadt 541: /* try another method if we did not send a packet */
1.51 markus 542: if (sent == 0)
543: userauth(authctxt, NULL);
1.20 markus 544: }
1.121 markus 545:
546: #ifdef GSSAPI
1.133 djm 547: int
1.121 markus 548: userauth_gssapi(Authctxt *authctxt)
549: {
550: Gssctxt *gssctxt = NULL;
1.128 avsm 551: static gss_OID_set gss_supported = NULL;
1.139 djm 552: static u_int mech = 0;
1.121 markus 553: OM_uint32 min;
554: int ok = 0;
555:
556: /* Try one GSSAPI method at a time, rather than sending them all at
557: * once. */
558:
1.128 avsm 559: if (gss_supported == NULL)
560: gss_indicate_mechs(&min, &gss_supported);
1.121 markus 561:
562: /* Check to see if the mechanism is usable before we offer it */
1.128 avsm 563: while (mech < gss_supported->count && !ok) {
1.121 markus 564: /* My DER encoding requires length<128 */
1.128 avsm 565: if (gss_supported->elements[mech].length < 128 &&
1.161 djm 566: ssh_gssapi_check_mechanism(&gssctxt,
567: &gss_supported->elements[mech], authctxt->host)) {
1.121 markus 568: ok = 1; /* Mechanism works */
569: } else {
570: mech++;
571: }
572: }
573:
1.161 djm 574: if (!ok)
1.139 djm 575: return 0;
1.121 markus 576:
577: authctxt->methoddata=(void *)gssctxt;
578:
579: packet_start(SSH2_MSG_USERAUTH_REQUEST);
580: packet_put_cstring(authctxt->server_user);
581: packet_put_cstring(authctxt->service);
582: packet_put_cstring(authctxt->method->name);
583:
584: packet_put_int(1);
585:
1.129 markus 586: packet_put_int((gss_supported->elements[mech].length) + 2);
587: packet_put_char(SSH_GSS_OIDTYPE);
588: packet_put_char(gss_supported->elements[mech].length);
589: packet_put_raw(gss_supported->elements[mech].elements,
590: gss_supported->elements[mech].length);
1.121 markus 591:
592: packet_send();
593:
594: dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_RESPONSE, &input_gssapi_response);
595: dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, &input_gssapi_token);
596: dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERROR, &input_gssapi_error);
597: dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, &input_gssapi_errtok);
598:
599: mech++; /* Move along to next candidate */
600:
601: return 1;
602: }
603:
1.130 markus 604: static OM_uint32
605: process_gssapi_token(void *ctxt, gss_buffer_t recv_tok)
606: {
607: Authctxt *authctxt = ctxt;
608: Gssctxt *gssctxt = authctxt->methoddata;
609: gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
1.142 djm 610: gss_buffer_desc mic = GSS_C_EMPTY_BUFFER;
611: gss_buffer_desc gssbuf;
1.132 markus 612: OM_uint32 status, ms, flags;
613: Buffer b;
1.133 djm 614:
1.130 markus 615: status = ssh_gssapi_init_ctx(gssctxt, options.gss_deleg_creds,
1.132 markus 616: recv_tok, &send_tok, &flags);
1.130 markus 617:
618: if (send_tok.length > 0) {
619: if (GSS_ERROR(status))
620: packet_start(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK);
621: else
622: packet_start(SSH2_MSG_USERAUTH_GSSAPI_TOKEN);
1.133 djm 623:
1.130 markus 624: packet_put_string(send_tok.value, send_tok.length);
625: packet_send();
626: gss_release_buffer(&ms, &send_tok);
627: }
1.133 djm 628:
1.130 markus 629: if (status == GSS_S_COMPLETE) {
1.132 markus 630: /* send either complete or MIC, depending on mechanism */
631: if (!(flags & GSS_C_INTEG_FLAG)) {
632: packet_start(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE);
633: packet_send();
634: } else {
635: ssh_gssapi_buildmic(&b, authctxt->server_user,
636: authctxt->service, "gssapi-with-mic");
637:
638: gssbuf.value = buffer_ptr(&b);
639: gssbuf.length = buffer_len(&b);
1.133 djm 640:
1.132 markus 641: status = ssh_gssapi_sign(gssctxt, &gssbuf, &mic);
1.133 djm 642:
1.132 markus 643: if (!GSS_ERROR(status)) {
644: packet_start(SSH2_MSG_USERAUTH_GSSAPI_MIC);
645: packet_put_string(mic.value, mic.length);
1.133 djm 646:
1.132 markus 647: packet_send();
648: }
1.133 djm 649:
1.132 markus 650: buffer_free(&b);
651: gss_release_buffer(&ms, &mic);
1.133 djm 652: }
1.130 markus 653: }
1.133 djm 654:
1.130 markus 655: return status;
656: }
657:
1.169 djm 658: /* ARGSUSED */
1.121 markus 659: void
660: input_gssapi_response(int type, u_int32_t plen, void *ctxt)
661: {
662: Authctxt *authctxt = ctxt;
663: Gssctxt *gssctxt;
664: int oidlen;
665: char *oidv;
666:
667: if (authctxt == NULL)
668: fatal("input_gssapi_response: no authentication context");
669: gssctxt = authctxt->methoddata;
670:
671: /* Setup our OID */
672: oidv = packet_get_string(&oidlen);
673:
1.129 markus 674: if (oidlen <= 2 ||
675: oidv[0] != SSH_GSS_OIDTYPE ||
676: oidv[1] != oidlen - 2) {
1.130 markus 677: xfree(oidv);
1.129 markus 678: debug("Badly encoded mechanism OID received");
679: userauth(authctxt, NULL);
680: return;
1.121 markus 681: }
1.129 markus 682:
683: if (!ssh_gssapi_check_oid(gssctxt, oidv + 2, oidlen - 2))
684: fatal("Server returned different OID than expected");
1.121 markus 685:
686: packet_check_eom();
687:
688: xfree(oidv);
689:
1.130 markus 690: if (GSS_ERROR(process_gssapi_token(ctxt, GSS_C_NO_BUFFER))) {
1.121 markus 691: /* Start again with next method on list */
692: debug("Trying to start again");
693: userauth(authctxt, NULL);
694: return;
695: }
696: }
697:
1.169 djm 698: /* ARGSUSED */
1.121 markus 699: void
700: input_gssapi_token(int type, u_int32_t plen, void *ctxt)
701: {
702: Authctxt *authctxt = ctxt;
703: gss_buffer_desc recv_tok;
1.130 markus 704: OM_uint32 status;
1.121 markus 705: u_int slen;
706:
707: if (authctxt == NULL)
708: fatal("input_gssapi_response: no authentication context");
709:
710: recv_tok.value = packet_get_string(&slen);
711: recv_tok.length = slen; /* safe typecast */
712:
713: packet_check_eom();
714:
1.130 markus 715: status = process_gssapi_token(ctxt, &recv_tok);
1.121 markus 716:
717: xfree(recv_tok.value);
718:
719: if (GSS_ERROR(status)) {
720: /* Start again with the next method in the list */
721: userauth(authctxt, NULL);
722: return;
723: }
724: }
725:
1.169 djm 726: /* ARGSUSED */
1.121 markus 727: void
728: input_gssapi_errtok(int type, u_int32_t plen, void *ctxt)
729: {
730: Authctxt *authctxt = ctxt;
731: Gssctxt *gssctxt;
732: gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
733: gss_buffer_desc recv_tok;
734: OM_uint32 status, ms;
1.123 deraadt 735: u_int len;
1.121 markus 736:
737: if (authctxt == NULL)
738: fatal("input_gssapi_response: no authentication context");
739: gssctxt = authctxt->methoddata;
740:
1.123 deraadt 741: recv_tok.value = packet_get_string(&len);
742: recv_tok.length = len;
1.121 markus 743:
744: packet_check_eom();
745:
746: /* Stick it into GSSAPI and see what it says */
747: status = ssh_gssapi_init_ctx(gssctxt, options.gss_deleg_creds,
1.140 djm 748: &recv_tok, &send_tok, NULL);
1.121 markus 749:
750: xfree(recv_tok.value);
751: gss_release_buffer(&ms, &send_tok);
752:
753: /* Server will be returning a failed packet after this one */
754: }
755:
1.169 djm 756: /* ARGSUSED */
1.121 markus 757: void
758: input_gssapi_error(int type, u_int32_t plen, void *ctxt)
759: {
760: OM_uint32 maj, min;
761: char *msg;
762: char *lang;
763:
764: maj=packet_get_int();
765: min=packet_get_int();
766: msg=packet_get_string(NULL);
767: lang=packet_get_string(NULL);
768:
769: packet_check_eom();
770:
1.143 stevesk 771: debug("Server GSSAPI Error:\n%s", msg);
1.121 markus 772: xfree(msg);
773: xfree(lang);
774: }
775: #endif /* GSSAPI */
1.20 markus 776:
1.1 markus 777: int
1.23 markus 778: userauth_none(Authctxt *authctxt)
779: {
780: /* initial userauth request */
781: packet_start(SSH2_MSG_USERAUTH_REQUEST);
782: packet_put_cstring(authctxt->server_user);
783: packet_put_cstring(authctxt->service);
784: packet_put_cstring(authctxt->method->name);
785: packet_send();
786: return 1;
787: }
788:
789: int
1.20 markus 790: userauth_passwd(Authctxt *authctxt)
1.1 markus 791: {
1.6 markus 792: static int attempt = 0;
1.99 markus 793: char prompt[150];
1.1 markus 794: char *password;
1.6 markus 795:
1.13 todd 796: if (attempt++ >= options.number_of_password_prompts)
1.6 markus 797: return 0;
1.13 todd 798:
1.87 deraadt 799: if (attempt != 1)
1.13 todd 800: error("Permission denied, please try again.");
1.1 markus 801:
1.43 itojun 802: snprintf(prompt, sizeof(prompt), "%.30s@%.128s's password: ",
1.20 markus 803: authctxt->server_user, authctxt->host);
1.1 markus 804: password = read_passphrase(prompt, 0);
805: packet_start(SSH2_MSG_USERAUTH_REQUEST);
1.20 markus 806: packet_put_cstring(authctxt->server_user);
807: packet_put_cstring(authctxt->service);
1.23 markus 808: packet_put_cstring(authctxt->method->name);
1.1 markus 809: packet_put_char(0);
1.49 markus 810: packet_put_cstring(password);
1.1 markus 811: memset(password, 0, strlen(password));
812: xfree(password);
1.85 markus 813: packet_add_padding(64);
1.1 markus 814: packet_send();
1.99 markus 815:
1.104 deraadt 816: dispatch_set(SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ,
1.99 markus 817: &input_userauth_passwd_changereq);
818:
1.1 markus 819: return 1;
820: }
1.169 djm 821:
1.99 markus 822: /*
823: * parse PASSWD_CHANGEREQ, prompt user and send SSH2_MSG_USERAUTH_REQUEST
824: */
1.169 djm 825: /* ARGSUSED */
1.99 markus 826: void
1.153 djm 827: input_userauth_passwd_changereq(int type, u_int32_t seqnr, void *ctxt)
1.99 markus 828: {
829: Authctxt *authctxt = ctxt;
830: char *info, *lang, *password = NULL, *retype = NULL;
831: char prompt[150];
832:
833: debug2("input_userauth_passwd_changereq");
834:
835: if (authctxt == NULL)
836: fatal("input_userauth_passwd_changereq: "
837: "no authentication context");
838:
839: info = packet_get_string(NULL);
840: lang = packet_get_string(NULL);
841: if (strlen(info) > 0)
1.116 itojun 842: logit("%s", info);
1.99 markus 843: xfree(info);
844: xfree(lang);
845: packet_start(SSH2_MSG_USERAUTH_REQUEST);
846: packet_put_cstring(authctxt->server_user);
847: packet_put_cstring(authctxt->service);
848: packet_put_cstring(authctxt->method->name);
849: packet_put_char(1); /* additional info */
1.104 deraadt 850: snprintf(prompt, sizeof(prompt),
1.99 markus 851: "Enter %.30s@%.128s's old password: ",
852: authctxt->server_user, authctxt->host);
853: password = read_passphrase(prompt, 0);
854: packet_put_cstring(password);
855: memset(password, 0, strlen(password));
856: xfree(password);
857: password = NULL;
858: while (password == NULL) {
1.104 deraadt 859: snprintf(prompt, sizeof(prompt),
1.99 markus 860: "Enter %.30s@%.128s's new password: ",
861: authctxt->server_user, authctxt->host);
862: password = read_passphrase(prompt, RP_ALLOW_EOF);
863: if (password == NULL) {
864: /* bail out */
865: return;
866: }
1.104 deraadt 867: snprintf(prompt, sizeof(prompt),
1.99 markus 868: "Retype %.30s@%.128s's new password: ",
869: authctxt->server_user, authctxt->host);
870: retype = read_passphrase(prompt, 0);
871: if (strcmp(password, retype) != 0) {
872: memset(password, 0, strlen(password));
873: xfree(password);
1.116 itojun 874: logit("Mismatch; try again, EOF to quit.");
1.99 markus 875: password = NULL;
876: }
877: memset(retype, 0, strlen(retype));
878: xfree(retype);
879: }
880: packet_put_cstring(password);
881: memset(password, 0, strlen(password));
882: xfree(password);
883: packet_add_padding(64);
884: packet_send();
1.104 deraadt 885:
886: dispatch_set(SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ,
1.99 markus 887: &input_userauth_passwd_changereq);
1.117 markus 888: }
889:
1.170 djm 890: #ifdef JPAKE
891: static char *
892: pw_encrypt(const char *password, const char *crypt_scheme, const char *salt)
893: {
894: /* OpenBSD crypt(3) handles all of these */
895: if (strcmp(crypt_scheme, "crypt") == 0 ||
896: strcmp(crypt_scheme, "bcrypt") == 0 ||
897: strcmp(crypt_scheme, "md5crypt") == 0 ||
898: strcmp(crypt_scheme, "crypt-extended") == 0)
899: return xstrdup(crypt(password, salt));
900: error("%s: unsupported password encryption scheme \"%.100s\"",
901: __func__, crypt_scheme);
902: return NULL;
903: }
904:
905: static BIGNUM *
906: jpake_password_to_secret(Authctxt *authctxt, const char *crypt_scheme,
907: const char *salt)
908: {
909: char prompt[256], *password, *crypted;
910: u_char *secret;
911: u_int secret_len;
912: BIGNUM *ret;
913:
914: snprintf(prompt, sizeof(prompt), "%.30s@%.128s's password (JPAKE): ",
915: authctxt->server_user, authctxt->host);
916: password = read_passphrase(prompt, 0);
917:
918: if ((crypted = pw_encrypt(password, crypt_scheme, salt)) == NULL) {
919: logit("Disabling %s authentication", authctxt->method->name);
920: authctxt->method->enabled = NULL;
921: /* Continue with an empty password to fail gracefully */
922: crypted = xstrdup("");
923: }
924:
925: #ifdef JPAKE_DEBUG
926: debug3("%s: salt = %s", __func__, salt);
927: debug3("%s: scheme = %s", __func__, crypt_scheme);
928: debug3("%s: crypted = %s", __func__, crypted);
929: #endif
930:
931: if (hash_buffer(crypted, strlen(crypted), EVP_sha256(),
932: &secret, &secret_len) != 0)
933: fatal("%s: hash_buffer", __func__);
934:
935: bzero(password, strlen(password));
936: bzero(crypted, strlen(crypted));
937: xfree(password);
938: xfree(crypted);
939:
940: if ((ret = BN_bin2bn(secret, secret_len, NULL)) == NULL)
941: fatal("%s: BN_bin2bn (secret)", __func__);
942: bzero(secret, secret_len);
943: xfree(secret);
944:
945: return ret;
946: }
947:
948: /* ARGSUSED */
949: void
950: input_userauth_jpake_server_step1(int type, u_int32_t seq, void *ctxt)
951: {
952: Authctxt *authctxt = ctxt;
953: struct jpake_ctx *pctx = authctxt->methoddata;
954: u_char *x3_proof, *x4_proof, *x2_s_proof;
955: u_int x3_proof_len, x4_proof_len, x2_s_proof_len;
956: char *crypt_scheme, *salt;
957:
958: /* Disable this message */
959: dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_STEP1, NULL);
960:
961: if ((pctx->g_x3 = BN_new()) == NULL ||
962: (pctx->g_x4 = BN_new()) == NULL)
963: fatal("%s: BN_new", __func__);
964:
965: /* Fetch step 1 values */
966: crypt_scheme = packet_get_string(NULL);
967: salt = packet_get_string(NULL);
968: pctx->server_id = packet_get_string(&pctx->server_id_len);
969: packet_get_bignum2(pctx->g_x3);
970: packet_get_bignum2(pctx->g_x4);
971: x3_proof = packet_get_string(&x3_proof_len);
972: x4_proof = packet_get_string(&x4_proof_len);
973: packet_check_eom();
974:
975: JPAKE_DEBUG_CTX((pctx, "step 1 received in %s", __func__));
976:
977: /* Obtain password and derive secret */
978: pctx->s = jpake_password_to_secret(authctxt, crypt_scheme, salt);
979: bzero(crypt_scheme, strlen(crypt_scheme));
980: bzero(salt, strlen(salt));
981: xfree(crypt_scheme);
982: xfree(salt);
983: JPAKE_DEBUG_BN((pctx->s, "%s: s = ", __func__));
984:
985: /* Calculate step 2 values */
986: jpake_step2(pctx->grp, pctx->s, pctx->g_x1,
987: pctx->g_x3, pctx->g_x4, pctx->x2,
988: pctx->server_id, pctx->server_id_len,
989: pctx->client_id, pctx->client_id_len,
990: x3_proof, x3_proof_len,
991: x4_proof, x4_proof_len,
992: &pctx->a,
993: &x2_s_proof, &x2_s_proof_len);
994:
995: bzero(x3_proof, x3_proof_len);
996: bzero(x4_proof, x4_proof_len);
997: xfree(x3_proof);
998: xfree(x4_proof);
999:
1000: JPAKE_DEBUG_CTX((pctx, "step 2 sending in %s", __func__));
1001:
1002: /* Send values for step 2 */
1003: packet_start(SSH2_MSG_USERAUTH_JPAKE_CLIENT_STEP2);
1004: packet_put_bignum2(pctx->a);
1005: packet_put_string(x2_s_proof, x2_s_proof_len);
1006: packet_send();
1007:
1008: bzero(x2_s_proof, x2_s_proof_len);
1009: xfree(x2_s_proof);
1010:
1011: /* Expect step 2 packet from peer */
1012: dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_STEP2,
1013: input_userauth_jpake_server_step2);
1014: }
1015:
1016: /* ARGSUSED */
1017: void
1018: input_userauth_jpake_server_step2(int type, u_int32_t seq, void *ctxt)
1019: {
1020: Authctxt *authctxt = ctxt;
1021: struct jpake_ctx *pctx = authctxt->methoddata;
1022: u_char *x4_s_proof;
1023: u_int x4_s_proof_len;
1024:
1025: /* Disable this message */
1026: dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_STEP2, NULL);
1027:
1028: if ((pctx->b = BN_new()) == NULL)
1029: fatal("%s: BN_new", __func__);
1030:
1031: /* Fetch step 2 values */
1032: packet_get_bignum2(pctx->b);
1033: x4_s_proof = packet_get_string(&x4_s_proof_len);
1034: packet_check_eom();
1035:
1036: JPAKE_DEBUG_CTX((pctx, "step 2 received in %s", __func__));
1037:
1038: /* Derive shared key and calculate confirmation hash */
1039: jpake_key_confirm(pctx->grp, pctx->s, pctx->b,
1040: pctx->x2, pctx->g_x1, pctx->g_x2, pctx->g_x3, pctx->g_x4,
1041: pctx->client_id, pctx->client_id_len,
1042: pctx->server_id, pctx->server_id_len,
1043: session_id2, session_id2_len,
1044: x4_s_proof, x4_s_proof_len,
1045: &pctx->k,
1046: &pctx->h_k_cid_sessid, &pctx->h_k_cid_sessid_len);
1047:
1048: bzero(x4_s_proof, x4_s_proof_len);
1049: xfree(x4_s_proof);
1050:
1051: JPAKE_DEBUG_CTX((pctx, "confirm sending in %s", __func__));
1052:
1053: /* Send key confirmation proof */
1054: packet_start(SSH2_MSG_USERAUTH_JPAKE_CLIENT_CONFIRM);
1055: packet_put_string(pctx->h_k_cid_sessid, pctx->h_k_cid_sessid_len);
1056: packet_send();
1057:
1058: /* Expect confirmation from peer */
1059: dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_CONFIRM,
1060: input_userauth_jpake_server_confirm);
1061: }
1062:
1063: /* ARGSUSED */
1064: void
1065: input_userauth_jpake_server_confirm(int type, u_int32_t seq, void *ctxt)
1066: {
1067: Authctxt *authctxt = ctxt;
1068: struct jpake_ctx *pctx = authctxt->methoddata;
1069:
1070: /* Disable this message */
1071: dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_CONFIRM, NULL);
1072:
1073: pctx->h_k_sid_sessid = packet_get_string(&pctx->h_k_sid_sessid_len);
1074: packet_check_eom();
1075:
1076: JPAKE_DEBUG_CTX((pctx, "confirm received in %s", __func__));
1077:
1078: /* Verify expected confirmation hash */
1079: if (jpake_check_confirm(pctx->k,
1080: pctx->server_id, pctx->server_id_len,
1081: session_id2, session_id2_len,
1082: pctx->h_k_sid_sessid, pctx->h_k_sid_sessid_len) == 1)
1083: debug("%s: %s success", __func__, authctxt->method->name);
1084: else {
1085: debug("%s: confirmation mismatch", __func__);
1086: /* XXX stash this so if auth succeeds then we can warn/kill */
1087: }
1088:
1089: userauth_jpake_cleanup(authctxt);
1090: }
1091: #endif /* JPAKE */
1092:
1.117 markus 1093: static int
1094: identity_sign(Identity *id, u_char **sigp, u_int *lenp,
1095: u_char *data, u_int datalen)
1096: {
1097: Key *prv;
1098: int ret;
1.99 markus 1099:
1.117 markus 1100: /* the agent supports this key */
1101: if (id->ac)
1102: return (ssh_agent_sign(id->ac, id->key, sigp, lenp,
1103: data, datalen));
1104: /*
1105: * we have already loaded the private key or
1106: * the private key is stored in external hardware
1107: */
1108: if (id->isprivate || (id->key->flags & KEY_FLAG_EXT))
1109: return (key_sign(id->key, sigp, lenp, data, datalen));
1110: /* load the private key from the file */
1111: if ((prv = load_identity_file(id->filename)) == NULL)
1112: return (-1);
1113: ret = key_sign(prv, sigp, lenp, data, datalen);
1114: key_free(prv);
1115: return (ret);
1.51 markus 1116: }
1117:
1.76 itojun 1118: static int
1.117 markus 1119: sign_and_send_pubkey(Authctxt *authctxt, Identity *id)
1.1 markus 1120: {
1121: Buffer b;
1.32 markus 1122: u_char *blob, *signature;
1.96 markus 1123: u_int bloblen, slen;
1.120 markus 1124: u_int skip = 0;
1.17 markus 1125: int ret = -1;
1.23 markus 1126: int have_sig = 1;
1.1 markus 1127:
1.30 markus 1128: debug3("sign_and_send_pubkey");
1.51 markus 1129:
1.117 markus 1130: if (key_to_blob(id->key, &blob, &bloblen) == 0) {
1.28 markus 1131: /* we cannot handle this key */
1.30 markus 1132: debug3("sign_and_send_pubkey: cannot handle key");
1.28 markus 1133: return 0;
1134: }
1.1 markus 1135: /* data to be signed */
1136: buffer_init(&b);
1.26 markus 1137: if (datafellows & SSH_OLD_SESSIONID) {
1138: buffer_append(&b, session_id2, session_id2_len);
1.41 stevesk 1139: skip = session_id2_len;
1.26 markus 1140: } else {
1.14 markus 1141: buffer_put_string(&b, session_id2, session_id2_len);
1142: skip = buffer_len(&b);
1143: }
1.1 markus 1144: buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
1.20 markus 1145: buffer_put_cstring(&b, authctxt->server_user);
1.10 markus 1146: buffer_put_cstring(&b,
1.30 markus 1147: datafellows & SSH_BUG_PKSERVICE ?
1.10 markus 1148: "ssh-userauth" :
1.20 markus 1149: authctxt->service);
1.30 markus 1150: if (datafellows & SSH_BUG_PKAUTH) {
1151: buffer_put_char(&b, have_sig);
1152: } else {
1153: buffer_put_cstring(&b, authctxt->method->name);
1154: buffer_put_char(&b, have_sig);
1.117 markus 1155: buffer_put_cstring(&b, key_ssh_name(id->key));
1.30 markus 1156: }
1.1 markus 1157: buffer_put_string(&b, blob, bloblen);
1158:
1159: /* generate signature */
1.117 markus 1160: ret = identity_sign(id, &signature, &slen,
1.51 markus 1161: buffer_ptr(&b), buffer_len(&b));
1.17 markus 1162: if (ret == -1) {
1163: xfree(blob);
1164: buffer_free(&b);
1165: return 0;
1166: }
1.28 markus 1167: #ifdef DEBUG_PK
1.1 markus 1168: buffer_dump(&b);
1169: #endif
1.30 markus 1170: if (datafellows & SSH_BUG_PKSERVICE) {
1.10 markus 1171: buffer_clear(&b);
1172: buffer_append(&b, session_id2, session_id2_len);
1.51 markus 1173: skip = session_id2_len;
1.10 markus 1174: buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
1.20 markus 1175: buffer_put_cstring(&b, authctxt->server_user);
1176: buffer_put_cstring(&b, authctxt->service);
1.23 markus 1177: buffer_put_cstring(&b, authctxt->method->name);
1178: buffer_put_char(&b, have_sig);
1.30 markus 1179: if (!(datafellows & SSH_BUG_PKAUTH))
1.117 markus 1180: buffer_put_cstring(&b, key_ssh_name(id->key));
1.10 markus 1181: buffer_put_string(&b, blob, bloblen);
1182: }
1183: xfree(blob);
1.51 markus 1184:
1.1 markus 1185: /* append signature */
1186: buffer_put_string(&b, signature, slen);
1187: xfree(signature);
1188:
1189: /* skip session id and packet type */
1.14 markus 1190: if (buffer_len(&b) < skip + 1)
1.20 markus 1191: fatal("userauth_pubkey: internal error");
1.14 markus 1192: buffer_consume(&b, skip + 1);
1.1 markus 1193:
1194: /* put remaining data from buffer into packet */
1195: packet_start(SSH2_MSG_USERAUTH_REQUEST);
1196: packet_put_raw(buffer_ptr(&b), buffer_len(&b));
1197: buffer_free(&b);
1198: packet_send();
1.17 markus 1199:
1200: return 1;
1.16 markus 1201: }
1202:
1.76 itojun 1203: static int
1.117 markus 1204: send_pubkey_test(Authctxt *authctxt, Identity *id)
1.20 markus 1205: {
1.51 markus 1206: u_char *blob;
1.97 markus 1207: u_int bloblen, have_sig = 0;
1.20 markus 1208:
1.51 markus 1209: debug3("send_pubkey_test");
1.16 markus 1210:
1.117 markus 1211: if (key_to_blob(id->key, &blob, &bloblen) == 0) {
1.51 markus 1212: /* we cannot handle this key */
1213: debug3("send_pubkey_test: cannot handle key");
1.16 markus 1214: return 0;
1215: }
1.51 markus 1216: /* register callback for USERAUTH_PK_OK message */
1217: dispatch_set(SSH2_MSG_USERAUTH_PK_OK, &input_userauth_pk_ok);
1218:
1219: packet_start(SSH2_MSG_USERAUTH_REQUEST);
1220: packet_put_cstring(authctxt->server_user);
1221: packet_put_cstring(authctxt->service);
1222: packet_put_cstring(authctxt->method->name);
1223: packet_put_char(have_sig);
1224: if (!(datafellows & SSH_BUG_PKAUTH))
1.117 markus 1225: packet_put_cstring(key_ssh_name(id->key));
1.51 markus 1226: packet_put_string(blob, bloblen);
1227: xfree(blob);
1228: packet_send();
1229: return 1;
1230: }
1231:
1.76 itojun 1232: static Key *
1.51 markus 1233: load_identity_file(char *filename)
1234: {
1235: Key *private;
1236: char prompt[300], *passphrase;
1.152 dtucker 1237: int perm_ok, quit, i;
1.52 markus 1238: struct stat st;
1.16 markus 1239:
1.52 markus 1240: if (stat(filename, &st) < 0) {
1241: debug3("no such identity: %s", filename);
1242: return NULL;
1243: }
1.152 dtucker 1244: private = key_load_private_type(KEY_UNSPEC, filename, "", NULL, &perm_ok);
1245: if (!perm_ok)
1246: return NULL;
1.56 markus 1247: if (private == NULL) {
1248: if (options.batch_mode)
1.51 markus 1249: return NULL;
1.16 markus 1250: snprintf(prompt, sizeof prompt,
1.88 deraadt 1251: "Enter passphrase for key '%.100s': ", filename);
1.20 markus 1252: for (i = 0; i < options.number_of_password_prompts; i++) {
1253: passphrase = read_passphrase(prompt, 0);
1254: if (strcmp(passphrase, "") != 0) {
1.152 dtucker 1255: private = key_load_private_type(KEY_UNSPEC,
1256: filename, passphrase, NULL, NULL);
1.51 markus 1257: quit = 0;
1.20 markus 1258: } else {
1259: debug2("no passphrase given, try next key");
1.51 markus 1260: quit = 1;
1.20 markus 1261: }
1262: memset(passphrase, 0, strlen(passphrase));
1263: xfree(passphrase);
1.56 markus 1264: if (private != NULL || quit)
1.20 markus 1265: break;
1266: debug2("bad passphrase given, try again...");
1.16 markus 1267: }
1268: }
1.51 markus 1269: return private;
1270: }
1271:
1.117 markus 1272: /*
1273: * try keys in the following order:
1274: * 1. agent keys that are found in the config file
1275: * 2. other agent keys
1276: * 3. keys that are only listed in the config file
1277: */
1278: static void
1279: pubkey_prepare(Authctxt *authctxt)
1.51 markus 1280: {
1.117 markus 1281: Identity *id;
1282: Idlist agent, files, *preferred;
1283: Key *key;
1284: AuthenticationConnection *ac;
1285: char *comment;
1286: int i, found;
1.51 markus 1287:
1.117 markus 1288: TAILQ_INIT(&agent); /* keys from the agent */
1289: TAILQ_INIT(&files); /* keys from the config file */
1290: preferred = &authctxt->keys;
1291: TAILQ_INIT(preferred); /* preferred order of keys */
1292:
1293: /* list of keys stored in the filesystem */
1294: for (i = 0; i < options.num_identity_files; i++) {
1295: key = options.identity_keys[i];
1296: if (key && key->type == KEY_RSA1)
1297: continue;
1298: options.identity_keys[i] = NULL;
1.150 djm 1299: id = xcalloc(1, sizeof(*id));
1.117 markus 1300: id->key = key;
1301: id->filename = xstrdup(options.identity_files[i]);
1302: TAILQ_INSERT_TAIL(&files, id, next);
1303: }
1304: /* list of keys supported by the agent */
1305: if ((ac = ssh_get_authentication_connection())) {
1306: for (key = ssh_get_first_identity(ac, &comment, 2);
1307: key != NULL;
1308: key = ssh_get_next_identity(ac, &comment, 2)) {
1309: found = 0;
1310: TAILQ_FOREACH(id, &files, next) {
1.133 djm 1311: /* agent keys from the config file are preferred */
1.117 markus 1312: if (key_equal(key, id->key)) {
1313: key_free(key);
1314: xfree(comment);
1315: TAILQ_REMOVE(&files, id, next);
1316: TAILQ_INSERT_TAIL(preferred, id, next);
1317: id->ac = ac;
1318: found = 1;
1319: break;
1320: }
1321: }
1.135 markus 1322: if (!found && !options.identities_only) {
1.150 djm 1323: id = xcalloc(1, sizeof(*id));
1.117 markus 1324: id->key = key;
1325: id->filename = comment;
1326: id->ac = ac;
1327: TAILQ_INSERT_TAIL(&agent, id, next);
1328: }
1329: }
1330: /* append remaining agent keys */
1331: for (id = TAILQ_FIRST(&agent); id; id = TAILQ_FIRST(&agent)) {
1332: TAILQ_REMOVE(&agent, id, next);
1333: TAILQ_INSERT_TAIL(preferred, id, next);
1334: }
1335: authctxt->agent = ac;
1336: }
1337: /* append remaining keys from the config file */
1338: for (id = TAILQ_FIRST(&files); id; id = TAILQ_FIRST(&files)) {
1339: TAILQ_REMOVE(&files, id, next);
1340: TAILQ_INSERT_TAIL(preferred, id, next);
1341: }
1342: TAILQ_FOREACH(id, preferred, next) {
1343: debug2("key: %s (%p)", id->filename, id->key);
1344: }
1.17 markus 1345: }
1346:
1.117 markus 1347: static void
1348: pubkey_cleanup(Authctxt *authctxt)
1.51 markus 1349: {
1.117 markus 1350: Identity *id;
1.51 markus 1351:
1.117 markus 1352: if (authctxt->agent != NULL)
1353: ssh_close_authentication_connection(authctxt->agent);
1354: for (id = TAILQ_FIRST(&authctxt->keys); id;
1355: id = TAILQ_FIRST(&authctxt->keys)) {
1356: TAILQ_REMOVE(&authctxt->keys, id, next);
1357: if (id->key)
1358: key_free(id->key);
1359: if (id->filename)
1360: xfree(id->filename);
1361: xfree(id);
1362: }
1.1 markus 1363: }
1364:
1.20 markus 1365: int
1366: userauth_pubkey(Authctxt *authctxt)
1367: {
1.117 markus 1368: Identity *id;
1.20 markus 1369: int sent = 0;
1370:
1.117 markus 1371: while ((id = TAILQ_FIRST(&authctxt->keys))) {
1372: if (id->tried++)
1373: return (0);
1.127 markus 1374: /* move key to the end of the queue */
1.117 markus 1375: TAILQ_REMOVE(&authctxt->keys, id, next);
1376: TAILQ_INSERT_TAIL(&authctxt->keys, id, next);
1377: /*
1378: * send a test message if we have the public key. for
1379: * encrypted keys we cannot do this and have to load the
1380: * private key instead
1381: */
1382: if (id->key && id->key->type != KEY_RSA1) {
1383: debug("Offering public key: %s", id->filename);
1384: sent = send_pubkey_test(authctxt, id);
1385: } else if (id->key == NULL) {
1386: debug("Trying private key: %s", id->filename);
1387: id->key = load_identity_file(id->filename);
1388: if (id->key != NULL) {
1389: id->isprivate = 1;
1390: sent = sign_and_send_pubkey(authctxt, id);
1391: key_free(id->key);
1392: id->key = NULL;
1.51 markus 1393: }
1394: }
1.117 markus 1395: if (sent)
1396: return (sent);
1.28 markus 1397: }
1.117 markus 1398: return (0);
1.20 markus 1399: }
1400:
1.23 markus 1401: /*
1402: * Send userauth request message specifying keyboard-interactive method.
1403: */
1404: int
1405: userauth_kbdint(Authctxt *authctxt)
1406: {
1407: static int attempt = 0;
1408:
1409: if (attempt++ >= options.number_of_password_prompts)
1410: return 0;
1.82 markus 1411: /* disable if no SSH2_MSG_USERAUTH_INFO_REQUEST has been seen */
1412: if (attempt > 1 && !authctxt->info_req_seen) {
1413: debug3("userauth_kbdint: disable: no info_req_seen");
1414: dispatch_set(SSH2_MSG_USERAUTH_INFO_REQUEST, NULL);
1415: return 0;
1416: }
1.23 markus 1417:
1418: debug2("userauth_kbdint");
1419: packet_start(SSH2_MSG_USERAUTH_REQUEST);
1420: packet_put_cstring(authctxt->server_user);
1421: packet_put_cstring(authctxt->service);
1422: packet_put_cstring(authctxt->method->name);
1423: packet_put_cstring(""); /* lang */
1424: packet_put_cstring(options.kbd_interactive_devices ?
1425: options.kbd_interactive_devices : "");
1426: packet_send();
1427:
1428: dispatch_set(SSH2_MSG_USERAUTH_INFO_REQUEST, &input_userauth_info_req);
1429: return 1;
1430: }
1431:
1432: /*
1.46 markus 1433: * parse INFO_REQUEST, prompt user and send INFO_RESPONSE
1.23 markus 1434: */
1435: void
1.92 markus 1436: input_userauth_info_req(int type, u_int32_t seq, void *ctxt)
1.23 markus 1437: {
1438: Authctxt *authctxt = ctxt;
1.46 markus 1439: char *name, *inst, *lang, *prompt, *response;
1.32 markus 1440: u_int num_prompts, i;
1.23 markus 1441: int echo = 0;
1442:
1443: debug2("input_userauth_info_req");
1444:
1445: if (authctxt == NULL)
1446: fatal("input_userauth_info_req: no authentication context");
1.82 markus 1447:
1448: authctxt->info_req_seen = 1;
1.23 markus 1449:
1450: name = packet_get_string(NULL);
1451: inst = packet_get_string(NULL);
1452: lang = packet_get_string(NULL);
1453: if (strlen(name) > 0)
1.116 itojun 1454: logit("%s", name);
1.23 markus 1455: if (strlen(inst) > 0)
1.116 itojun 1456: logit("%s", inst);
1.46 markus 1457: xfree(name);
1.23 markus 1458: xfree(inst);
1.46 markus 1459: xfree(lang);
1.23 markus 1460:
1461: num_prompts = packet_get_int();
1462: /*
1463: * Begin to build info response packet based on prompts requested.
1464: * We commit to providing the correct number of responses, so if
1465: * further on we run into a problem that prevents this, we have to
1466: * be sure and clean this up and send a correct error response.
1467: */
1468: packet_start(SSH2_MSG_USERAUTH_INFO_RESPONSE);
1469: packet_put_int(num_prompts);
1470:
1.73 markus 1471: debug2("input_userauth_info_req: num_prompts %d", num_prompts);
1.23 markus 1472: for (i = 0; i < num_prompts; i++) {
1473: prompt = packet_get_string(NULL);
1474: echo = packet_get_char();
1475:
1.77 markus 1476: response = read_passphrase(prompt, echo ? RP_ECHO : 0);
1.23 markus 1477:
1.49 markus 1478: packet_put_cstring(response);
1.23 markus 1479: memset(response, 0, strlen(response));
1480: xfree(response);
1481: xfree(prompt);
1482: }
1.90 markus 1483: packet_check_eom(); /* done with parsing incoming message. */
1.23 markus 1484:
1.85 markus 1485: packet_add_padding(64);
1.23 markus 1486: packet_send();
1.68 markus 1487: }
1488:
1.100 markus 1489: static int
1.105 deraadt 1490: ssh_keysign(Key *key, u_char **sigp, u_int *lenp,
1.100 markus 1491: u_char *data, u_int datalen)
1492: {
1493: Buffer b;
1.101 markus 1494: struct stat st;
1.100 markus 1495: pid_t pid;
1.103 markus 1496: int to[2], from[2], status, version = 2;
1.100 markus 1497:
1.109 markus 1498: debug2("ssh_keysign called");
1.100 markus 1499:
1.101 markus 1500: if (stat(_PATH_SSH_KEY_SIGN, &st) < 0) {
1501: error("ssh_keysign: no installed: %s", strerror(errno));
1502: return -1;
1503: }
1.100 markus 1504: if (fflush(stdout) != 0)
1505: error("ssh_keysign: fflush: %s", strerror(errno));
1506: if (pipe(to) < 0) {
1507: error("ssh_keysign: pipe: %s", strerror(errno));
1508: return -1;
1509: }
1510: if (pipe(from) < 0) {
1511: error("ssh_keysign: pipe: %s", strerror(errno));
1512: return -1;
1513: }
1514: if ((pid = fork()) < 0) {
1515: error("ssh_keysign: fork: %s", strerror(errno));
1516: return -1;
1517: }
1518: if (pid == 0) {
1.155 markus 1519: permanently_drop_suid(getuid());
1.100 markus 1520: close(from[0]);
1521: if (dup2(from[1], STDOUT_FILENO) < 0)
1522: fatal("ssh_keysign: dup2: %s", strerror(errno));
1523: close(to[1]);
1524: if (dup2(to[0], STDIN_FILENO) < 0)
1525: fatal("ssh_keysign: dup2: %s", strerror(errno));
1.103 markus 1526: close(from[1]);
1527: close(to[0]);
1.102 markus 1528: execl(_PATH_SSH_KEY_SIGN, _PATH_SSH_KEY_SIGN, (char *) 0);
1.100 markus 1529: fatal("ssh_keysign: exec(%s): %s", _PATH_SSH_KEY_SIGN,
1530: strerror(errno));
1531: }
1532: close(from[1]);
1533: close(to[0]);
1534:
1535: buffer_init(&b);
1.103 markus 1536: buffer_put_int(&b, packet_get_connection_in()); /* send # of socket */
1.100 markus 1537: buffer_put_string(&b, data, datalen);
1.131 djm 1538: if (ssh_msg_send(to[1], version, &b) == -1)
1539: fatal("ssh_keysign: couldn't send request");
1.100 markus 1540:
1.110 djm 1541: if (ssh_msg_recv(from[0], &b) < 0) {
1.101 markus 1542: error("ssh_keysign: no reply");
1.134 markus 1543: buffer_free(&b);
1.100 markus 1544: return -1;
1545: }
1.101 markus 1546: close(from[0]);
1547: close(to[1]);
1548:
1.103 markus 1549: while (waitpid(pid, &status, 0) < 0)
1550: if (errno != EINTR)
1551: break;
1.101 markus 1552:
1.100 markus 1553: if (buffer_get_char(&b) != version) {
1.101 markus 1554: error("ssh_keysign: bad version");
1.134 markus 1555: buffer_free(&b);
1.100 markus 1556: return -1;
1557: }
1558: *sigp = buffer_get_string(&b, lenp);
1.134 markus 1559: buffer_free(&b);
1.100 markus 1560:
1561: return 0;
1562: }
1563:
1.68 markus 1564: int
1565: userauth_hostbased(Authctxt *authctxt)
1566: {
1567: Key *private = NULL;
1.100 markus 1568: Sensitive *sensitive = authctxt->sensitive;
1.68 markus 1569: Buffer b;
1570: u_char *signature, *blob;
1.163 djm 1571: char *chost, *pkalg, *p, myname[NI_MAXHOST];
1.72 markus 1572: const char *service;
1.68 markus 1573: u_int blen, slen;
1.71 markus 1574: int ok, i, len, found = 0;
1.68 markus 1575:
1576: /* check for a useful key */
1.100 markus 1577: for (i = 0; i < sensitive->nkeys; i++) {
1578: private = sensitive->keys[i];
1.68 markus 1579: if (private && private->type != KEY_RSA1) {
1580: found = 1;
1581: /* we take and free the key */
1.100 markus 1582: sensitive->keys[i] = NULL;
1.68 markus 1583: break;
1584: }
1585: }
1586: if (!found) {
1.109 markus 1587: debug("No more client hostkeys for hostbased authentication.");
1.68 markus 1588: return 0;
1589: }
1590: if (key_to_blob(private, &blob, &blen) == 0) {
1591: key_free(private);
1592: return 0;
1593: }
1.84 markus 1594: /* figure out a name for the client host */
1.163 djm 1595: p = NULL;
1596: if (packet_connection_is_on_socket())
1597: p = get_local_name(packet_get_connection_in());
1598: if (p == NULL) {
1599: if (gethostname(myname, sizeof(myname)) == -1) {
1600: verbose("userauth_hostbased: gethostname: %s",
1601: strerror(errno));
1602: } else
1603: p = xstrdup(myname);
1604: }
1.84 markus 1605: if (p == NULL) {
1606: error("userauth_hostbased: cannot get local ipaddr/name");
1607: key_free(private);
1.148 djm 1608: xfree(blob);
1.84 markus 1609: return 0;
1610: }
1611: len = strlen(p) + 2;
1.150 djm 1612: xasprintf(&chost, "%s.", p);
1.84 markus 1613: debug2("userauth_hostbased: chost %s", chost);
1.112 markus 1614: xfree(p);
1.84 markus 1615:
1.72 markus 1616: service = datafellows & SSH_BUG_HBSERVICE ? "ssh-userauth" :
1617: authctxt->service;
1.68 markus 1618: pkalg = xstrdup(key_ssh_name(private));
1619: buffer_init(&b);
1620: /* construct data */
1.72 markus 1621: buffer_put_string(&b, session_id2, session_id2_len);
1.68 markus 1622: buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
1623: buffer_put_cstring(&b, authctxt->server_user);
1.72 markus 1624: buffer_put_cstring(&b, service);
1.68 markus 1625: buffer_put_cstring(&b, authctxt->method->name);
1626: buffer_put_cstring(&b, pkalg);
1627: buffer_put_string(&b, blob, blen);
1628: buffer_put_cstring(&b, chost);
1629: buffer_put_cstring(&b, authctxt->local_user);
1630: #ifdef DEBUG_PK
1631: buffer_dump(&b);
1632: #endif
1.100 markus 1633: if (sensitive->external_keysign)
1634: ok = ssh_keysign(private, &signature, &slen,
1635: buffer_ptr(&b), buffer_len(&b));
1636: else
1637: ok = key_sign(private, &signature, &slen,
1638: buffer_ptr(&b), buffer_len(&b));
1.68 markus 1639: key_free(private);
1640: buffer_free(&b);
1641: if (ok != 0) {
1642: error("key_sign failed");
1643: xfree(chost);
1644: xfree(pkalg);
1.148 djm 1645: xfree(blob);
1.68 markus 1646: return 0;
1647: }
1648: packet_start(SSH2_MSG_USERAUTH_REQUEST);
1649: packet_put_cstring(authctxt->server_user);
1650: packet_put_cstring(authctxt->service);
1651: packet_put_cstring(authctxt->method->name);
1652: packet_put_cstring(pkalg);
1653: packet_put_string(blob, blen);
1654: packet_put_cstring(chost);
1655: packet_put_cstring(authctxt->local_user);
1656: packet_put_string(signature, slen);
1657: memset(signature, 's', slen);
1658: xfree(signature);
1659: xfree(chost);
1660: xfree(pkalg);
1.148 djm 1661: xfree(blob);
1.68 markus 1662:
1663: packet_send();
1664: return 1;
1.23 markus 1665: }
1.20 markus 1666:
1.170 djm 1667: #ifdef JPAKE
1668: int
1669: userauth_jpake(Authctxt *authctxt)
1670: {
1671: struct jpake_ctx *pctx;
1672: u_char *x1_proof, *x2_proof;
1673: u_int x1_proof_len, x2_proof_len;
1674: static int attempt = 0; /* XXX share with userauth_password's? */
1675:
1676: if (attempt++ >= options.number_of_password_prompts)
1677: return 0;
1678: if (attempt != 1)
1679: error("Permission denied, please try again.");
1680:
1681: if (authctxt->methoddata != NULL)
1682: fatal("%s: authctxt->methoddata already set (%p)",
1683: __func__, authctxt->methoddata);
1684:
1685: authctxt->methoddata = pctx = jpake_new();
1686:
1687: /*
1688: * Send request immediately, to get the protocol going while
1689: * we do the initial computations.
1690: */
1691: packet_start(SSH2_MSG_USERAUTH_REQUEST);
1692: packet_put_cstring(authctxt->server_user);
1693: packet_put_cstring(authctxt->service);
1694: packet_put_cstring(authctxt->method->name);
1695: packet_send();
1696: packet_write_wait();
1697:
1698: jpake_step1(pctx->grp,
1699: &pctx->client_id, &pctx->client_id_len,
1700: &pctx->x1, &pctx->x2, &pctx->g_x1, &pctx->g_x2,
1701: &x1_proof, &x1_proof_len,
1702: &x2_proof, &x2_proof_len);
1703:
1704: JPAKE_DEBUG_CTX((pctx, "step 1 sending in %s", __func__));
1705:
1706: packet_start(SSH2_MSG_USERAUTH_JPAKE_CLIENT_STEP1);
1707: packet_put_string(pctx->client_id, pctx->client_id_len);
1708: packet_put_bignum2(pctx->g_x1);
1709: packet_put_bignum2(pctx->g_x2);
1710: packet_put_string(x1_proof, x1_proof_len);
1711: packet_put_string(x2_proof, x2_proof_len);
1712: packet_send();
1713:
1714: bzero(x1_proof, x1_proof_len);
1715: bzero(x2_proof, x2_proof_len);
1716: xfree(x1_proof);
1717: xfree(x2_proof);
1718:
1719: /* Expect step 1 packet from peer */
1720: dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_STEP1,
1721: input_userauth_jpake_server_step1);
1.172 ! djm 1722: dispatch_set(SSH2_MSG_USERAUTH_SUCCESS,
! 1723: &input_userauth_success_unexpected);
1.170 djm 1724:
1725: return 1;
1726: }
1727:
1728: void
1729: userauth_jpake_cleanup(Authctxt *authctxt)
1730: {
1731: debug3("%s: clean up", __func__);
1732: if (authctxt->methoddata != NULL) {
1733: jpake_free(authctxt->methoddata);
1734: authctxt->methoddata = NULL;
1735: }
1.172 ! djm 1736: dispatch_set(SSH2_MSG_USERAUTH_SUCCESS, &input_userauth_success);
1.170 djm 1737: }
1738: #endif /* JPAKE */
1739:
1.20 markus 1740: /* find auth method */
1741:
1742: /*
1743: * given auth method name, if configurable options permit this method fill
1744: * in auth_ident field and return true, otherwise return false.
1745: */
1.76 itojun 1746: static int
1.20 markus 1747: authmethod_is_enabled(Authmethod *method)
1748: {
1749: if (method == NULL)
1750: return 0;
1751: /* return false if options indicate this method is disabled */
1752: if (method->enabled == NULL || *method->enabled == 0)
1753: return 0;
1754: /* return false if batch mode is enabled but method needs interactive mode */
1755: if (method->batch_flag != NULL && *method->batch_flag != 0)
1756: return 0;
1757: return 1;
1758: }
1759:
1.76 itojun 1760: static Authmethod *
1.20 markus 1761: authmethod_lookup(const char *name)
1.1 markus 1762: {
1.20 markus 1763: Authmethod *method = NULL;
1764: if (name != NULL)
1765: for (method = authmethods; method->name != NULL; method++)
1766: if (strcmp(name, method->name) == 0)
1767: return method;
1768: debug2("Unrecognized authentication method name: %s", name ? name : "NULL");
1769: return NULL;
1770: }
1.1 markus 1771:
1.53 markus 1772: /* XXX internal state */
1773: static Authmethod *current = NULL;
1774: static char *supported = NULL;
1775: static char *preferred = NULL;
1.105 deraadt 1776:
1.20 markus 1777: /*
1778: * Given the authentication method list sent by the server, return the
1779: * next method we should try. If the server initially sends a nil list,
1.67 markus 1780: * use a built-in default list.
1.41 stevesk 1781: */
1.76 itojun 1782: static Authmethod *
1.20 markus 1783: authmethod_get(char *authlist)
1784: {
1.53 markus 1785: char *name = NULL;
1.97 markus 1786: u_int next;
1.41 stevesk 1787:
1.20 markus 1788: /* Use a suitable default if we're passed a nil list. */
1789: if (authlist == NULL || strlen(authlist) == 0)
1.53 markus 1790: authlist = options.preferred_authentications;
1.20 markus 1791:
1.53 markus 1792: if (supported == NULL || strcmp(authlist, supported) != 0) {
1793: debug3("start over, passed a different list %s", authlist);
1794: if (supported != NULL)
1795: xfree(supported);
1796: supported = xstrdup(authlist);
1797: preferred = options.preferred_authentications;
1798: debug3("preferred %s", preferred);
1799: current = NULL;
1800: } else if (current != NULL && authmethod_is_enabled(current))
1801: return current;
1.20 markus 1802:
1.53 markus 1803: for (;;) {
1804: if ((name = match_list(preferred, supported, &next)) == NULL) {
1.109 markus 1805: debug("No more authentication methods to try.");
1.53 markus 1806: current = NULL;
1807: return NULL;
1808: }
1809: preferred += next;
1.23 markus 1810: debug3("authmethod_lookup %s", name);
1.53 markus 1811: debug3("remaining preferred: %s", preferred);
1812: if ((current = authmethod_lookup(name)) != NULL &&
1813: authmethod_is_enabled(current)) {
1.23 markus 1814: debug3("authmethod_is_enabled %s", name);
1.109 markus 1815: debug("Next authentication method: %s", name);
1.53 markus 1816: return current;
1.23 markus 1817: }
1.1 markus 1818: }
1.53 markus 1819: }
1.1 markus 1820:
1.79 stevesk 1821: static char *
1.53 markus 1822: authmethods_get(void)
1823: {
1824: Authmethod *method = NULL;
1.93 markus 1825: Buffer b;
1826: char *list;
1.27 provos 1827:
1.93 markus 1828: buffer_init(&b);
1.53 markus 1829: for (method = authmethods; method->name != NULL; method++) {
1830: if (authmethod_is_enabled(method)) {
1.93 markus 1831: if (buffer_len(&b) > 0)
1832: buffer_append(&b, ",", 1);
1833: buffer_append(&b, method->name, strlen(method->name));
1.53 markus 1834: }
1835: }
1.93 markus 1836: buffer_append(&b, "\0", 1);
1837: list = xstrdup(buffer_ptr(&b));
1838: buffer_free(&b);
1839: return list;
1.1 markus 1840: }
1.170 djm 1841: