Annotation of src/usr.bin/ssh/sshconnect2.c, Revision 1.184
1.184 ! djm 1: /* $OpenBSD: sshconnect2.c,v 1.183 2010/04/26 22:28:24 djm Exp $ */
1.1 markus 2: /*
3: * Copyright (c) 2000 Markus Friedl. All rights reserved.
1.170 djm 4: * Copyright (c) 2008 Damien Miller. All rights reserved.
1.1 markus 5: *
6: * Redistribution and use in source and binary forms, with or without
7: * modification, are permitted provided that the following conditions
8: * are met:
9: * 1. Redistributions of source code must retain the above copyright
10: * notice, this list of conditions and the following disclaimer.
11: * 2. Redistributions in binary form must reproduce the above copyright
12: * notice, this list of conditions and the following disclaimer in the
13: * documentation and/or other materials provided with the distribution.
14: *
15: * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
16: * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
17: * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
18: * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
19: * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
20: * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
21: * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
22: * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23: * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
24: * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25: */
26:
1.145 stevesk 27: #include <sys/types.h>
1.160 deraadt 28: #include <sys/socket.h>
1.145 stevesk 29: #include <sys/wait.h>
1.144 stevesk 30: #include <sys/queue.h>
1.146 stevesk 31: #include <sys/stat.h>
1.156 stevesk 32:
33: #include <errno.h>
1.174 dtucker 34: #include <fcntl.h>
1.164 jolan 35: #include <netdb.h>
1.159 stevesk 36: #include <stdio.h>
1.158 stevesk 37: #include <string.h>
1.160 deraadt 38: #include <signal.h>
39: #include <pwd.h>
1.157 stevesk 40: #include <unistd.h>
1.166 djm 41: #include <vis.h>
1.1 markus 42:
1.160 deraadt 43: #include "xmalloc.h"
1.1 markus 44: #include "ssh.h"
1.37 markus 45: #include "ssh2.h"
1.1 markus 46: #include "buffer.h"
47: #include "packet.h"
48: #include "compat.h"
1.37 markus 49: #include "cipher.h"
1.160 deraadt 50: #include "key.h"
1.1 markus 51: #include "kex.h"
52: #include "myproposal.h"
53: #include "sshconnect.h"
54: #include "authfile.h"
1.57 provos 55: #include "dh.h"
1.17 markus 56: #include "authfd.h"
1.37 markus 57: #include "log.h"
58: #include "readconf.h"
1.137 djm 59: #include "misc.h"
1.53 markus 60: #include "match.h"
1.61 markus 61: #include "dispatch.h"
1.68 markus 62: #include "canohost.h"
1.100 markus 63: #include "msg.h"
64: #include "pathnames.h"
1.154 markus 65: #include "uidswap.h"
1.171 djm 66: #include "schnorr.h"
1.170 djm 67: #include "jpake.h"
1.22 provos 68:
1.121 markus 69: #ifdef GSSAPI
70: #include "ssh-gss.h"
71: #endif
72:
1.1 markus 73: /* import */
74: extern char *client_version_string;
75: extern char *server_version_string;
76: extern Options options;
77:
78: /*
79: * SSH2 key exchange
80: */
81:
1.32 markus 82: u_char *session_id2 = NULL;
1.120 markus 83: u_int session_id2_len = 0;
1.1 markus 84:
1.61 markus 85: char *xxx_host;
86: struct sockaddr *xxx_hostaddr;
87:
1.63 markus 88: Kex *xxx_kex = NULL;
89:
1.76 itojun 90: static int
1.75 markus 91: verify_host_key_callback(Key *hostkey)
1.61 markus 92: {
1.75 markus 93: if (verify_host_key(xxx_host, xxx_hostaddr, hostkey) == -1)
1.83 markus 94: fatal("Host key verification failed.");
1.61 markus 95: return 0;
96: }
97:
1.1 markus 98: void
1.22 provos 99: ssh_kex2(char *host, struct sockaddr *hostaddr)
100: {
101: Kex *kex;
1.61 markus 102:
103: xxx_host = host;
104: xxx_hostaddr = hostaddr;
1.22 provos 105:
1.29 markus 106: if (options.ciphers == (char *)-1) {
1.116 itojun 107: logit("No valid ciphers for protocol version 2 given, using defaults.");
1.29 markus 108: options.ciphers = NULL;
1.24 markus 109: }
1.22 provos 110: if (options.ciphers != NULL) {
111: myproposal[PROPOSAL_ENC_ALGS_CTOS] =
112: myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers;
113: }
1.60 stevesk 114: myproposal[PROPOSAL_ENC_ALGS_CTOS] =
115: compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_CTOS]);
116: myproposal[PROPOSAL_ENC_ALGS_STOC] =
117: compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_STOC]);
1.22 provos 118: if (options.compression) {
1.47 markus 119: myproposal[PROPOSAL_COMP_ALGS_CTOS] =
1.141 markus 120: myproposal[PROPOSAL_COMP_ALGS_STOC] = "zlib@openssh.com,zlib,none";
1.22 provos 121: } else {
1.47 markus 122: myproposal[PROPOSAL_COMP_ALGS_CTOS] =
1.141 markus 123: myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib@openssh.com,zlib";
1.47 markus 124: }
125: if (options.macs != NULL) {
126: myproposal[PROPOSAL_MAC_ALGS_CTOS] =
127: myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
1.22 provos 128: }
1.70 markus 129: if (options.hostkeyalgorithms != NULL)
1.88 deraadt 130: myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
1.70 markus 131: options.hostkeyalgorithms;
1.115 markus 132:
133: if (options.rekey_limit)
1.165 djm 134: packet_set_rekey_limit((u_int32_t)options.rekey_limit);
1.22 provos 135:
1.65 markus 136: /* start key exchange */
1.64 markus 137: kex = kex_setup(myproposal);
1.111 markus 138: kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client;
1.138 djm 139: kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client;
1.111 markus 140: kex->kex[KEX_DH_GEX_SHA1] = kexgex_client;
1.147 djm 141: kex->kex[KEX_DH_GEX_SHA256] = kexgex_client;
1.184 ! djm 142: kex->kex[KEX_ECDH_SHA2] = kexecdh_client;
1.61 markus 143: kex->client_version_string=client_version_string;
144: kex->server_version_string=server_version_string;
1.75 markus 145: kex->verify_host_key=&verify_host_key_callback;
1.63 markus 146:
147: xxx_kex = kex;
1.22 provos 148:
1.66 markus 149: dispatch_run(DISPATCH_BLOCK, &kex->done, kex);
1.173 andreas 150:
151: if (options.use_roaming && !kex->roaming) {
152: debug("Roaming not allowed by server");
153: options.use_roaming = 0;
154: }
1.62 markus 155:
156: session_id2 = kex->session_id;
157: session_id2_len = kex->session_id_len;
1.22 provos 158:
159: #ifdef DEBUG_KEXDH
160: /* send 1st encrypted/maced/compressed message */
161: packet_start(SSH2_MSG_IGNORE);
162: packet_put_cstring("markus");
163: packet_send();
164: packet_write_wait();
165: #endif
1.1 markus 166: }
1.11 markus 167:
1.1 markus 168: /*
169: * Authenticate user
170: */
1.20 markus 171:
172: typedef struct Authctxt Authctxt;
173: typedef struct Authmethod Authmethod;
1.117 markus 174: typedef struct identity Identity;
175: typedef struct idlist Idlist;
1.20 markus 176:
1.117 markus 177: struct identity {
178: TAILQ_ENTRY(identity) next;
179: AuthenticationConnection *ac; /* set if agent supports key */
180: Key *key; /* public/private key */
181: char *filename; /* comment for agent-only keys */
182: int tried;
183: int isprivate; /* key points to the private key */
184: };
185: TAILQ_HEAD(idlist, identity);
1.20 markus 186:
187: struct Authctxt {
188: const char *server_user;
1.68 markus 189: const char *local_user;
1.20 markus 190: const char *host;
191: const char *service;
1.23 markus 192: Authmethod *method;
1.183 djm 193: sig_atomic_t success;
1.51 markus 194: char *authlist;
1.68 markus 195: /* pubkey */
1.117 markus 196: Idlist keys;
1.68 markus 197: AuthenticationConnection *agent;
198: /* hostbased */
1.100 markus 199: Sensitive *sensitive;
1.82 markus 200: /* kbd-interactive */
201: int info_req_seen;
1.121 markus 202: /* generic */
203: void *methoddata;
1.20 markus 204: };
205: struct Authmethod {
206: char *name; /* string to compare against server's list */
207: int (*userauth)(Authctxt *authctxt);
1.170 djm 208: void (*cleanup)(Authctxt *authctxt);
1.20 markus 209: int *enabled; /* flag in option struct that enables method */
210: int *batch_flag; /* flag in option struct that disables method */
211: };
212:
1.92 markus 213: void input_userauth_success(int, u_int32_t, void *);
1.172 djm 214: void input_userauth_success_unexpected(int, u_int32_t, void *);
1.92 markus 215: void input_userauth_failure(int, u_int32_t, void *);
216: void input_userauth_banner(int, u_int32_t, void *);
217: void input_userauth_error(int, u_int32_t, void *);
218: void input_userauth_info_req(int, u_int32_t, void *);
219: void input_userauth_pk_ok(int, u_int32_t, void *);
1.99 markus 220: void input_userauth_passwd_changereq(int, u_int32_t, void *);
1.170 djm 221: void input_userauth_jpake_server_step1(int, u_int32_t, void *);
222: void input_userauth_jpake_server_step2(int, u_int32_t, void *);
223: void input_userauth_jpake_server_confirm(int, u_int32_t, void *);
1.86 itojun 224:
225: int userauth_none(Authctxt *);
226: int userauth_pubkey(Authctxt *);
227: int userauth_passwd(Authctxt *);
228: int userauth_kbdint(Authctxt *);
229: int userauth_hostbased(Authctxt *);
1.170 djm 230: int userauth_jpake(Authctxt *);
231:
232: void userauth_jpake_cleanup(Authctxt *);
1.20 markus 233:
1.121 markus 234: #ifdef GSSAPI
235: int userauth_gssapi(Authctxt *authctxt);
236: void input_gssapi_response(int type, u_int32_t, void *);
237: void input_gssapi_token(int type, u_int32_t, void *);
238: void input_gssapi_hash(int type, u_int32_t, void *);
239: void input_gssapi_error(int, u_int32_t, void *);
240: void input_gssapi_errtok(int, u_int32_t, void *);
241: #endif
242:
1.86 itojun 243: void userauth(Authctxt *, char *);
1.51 markus 244:
1.117 markus 245: static int sign_and_send_pubkey(Authctxt *, Identity *);
246: static void pubkey_prepare(Authctxt *);
247: static void pubkey_cleanup(Authctxt *);
248: static Key *load_identity_file(char *);
1.76 itojun 249:
250: static Authmethod *authmethod_get(char *authlist);
251: static Authmethod *authmethod_lookup(const char *name);
252: static char *authmethods_get(void);
1.20 markus 253:
254: Authmethod authmethods[] = {
1.121 markus 255: #ifdef GSSAPI
1.132 markus 256: {"gssapi-with-mic",
1.121 markus 257: userauth_gssapi,
1.170 djm 258: NULL,
1.121 markus 259: &options.gss_authentication,
260: NULL},
261: #endif
1.81 markus 262: {"hostbased",
263: userauth_hostbased,
1.170 djm 264: NULL,
1.81 markus 265: &options.hostbased_authentication,
266: NULL},
1.20 markus 267: {"publickey",
268: userauth_pubkey,
1.170 djm 269: NULL,
1.28 markus 270: &options.pubkey_authentication,
1.20 markus 271: NULL},
1.170 djm 272: #ifdef JPAKE
273: {"jpake-01@openssh.com",
274: userauth_jpake,
275: userauth_jpake_cleanup,
276: &options.zero_knowledge_password_authentication,
277: &options.batch_mode},
278: #endif
1.81 markus 279: {"keyboard-interactive",
280: userauth_kbdint,
1.170 djm 281: NULL,
1.81 markus 282: &options.kbd_interactive_authentication,
283: &options.batch_mode},
1.20 markus 284: {"password",
285: userauth_passwd,
1.170 djm 286: NULL,
1.20 markus 287: &options.password_authentication,
1.23 markus 288: &options.batch_mode},
289: {"none",
290: userauth_none,
291: NULL,
1.170 djm 292: NULL,
1.23 markus 293: NULL},
1.170 djm 294: {NULL, NULL, NULL, NULL, NULL}
1.20 markus 295: };
296:
297: void
1.68 markus 298: ssh_userauth2(const char *local_user, const char *server_user, char *host,
1.100 markus 299: Sensitive *sensitive)
1.20 markus 300: {
301: Authctxt authctxt;
302: int type;
1.39 markus 303:
1.73 markus 304: if (options.challenge_response_authentication)
1.39 markus 305: options.kbd_interactive_authentication = 1;
1.20 markus 306:
307: packet_start(SSH2_MSG_SERVICE_REQUEST);
308: packet_put_cstring("ssh-userauth");
309: packet_send();
1.108 markus 310: debug("SSH2_MSG_SERVICE_REQUEST sent");
1.20 markus 311: packet_write_wait();
1.91 markus 312: type = packet_read();
1.108 markus 313: if (type != SSH2_MSG_SERVICE_ACCEPT)
314: fatal("Server denied authentication request: %d", type);
1.20 markus 315: if (packet_remaining() > 0) {
1.91 markus 316: char *reply = packet_get_string(NULL);
1.108 markus 317: debug2("service_accept: %s", reply);
1.20 markus 318: xfree(reply);
319: } else {
1.109 markus 320: debug2("buggy server: service_accept w/o service");
1.20 markus 321: }
1.90 markus 322: packet_check_eom();
1.108 markus 323: debug("SSH2_MSG_SERVICE_ACCEPT received");
1.20 markus 324:
1.53 markus 325: if (options.preferred_authentications == NULL)
326: options.preferred_authentications = authmethods_get();
327:
1.20 markus 328: /* setup authentication context */
1.82 markus 329: memset(&authctxt, 0, sizeof(authctxt));
1.117 markus 330: pubkey_prepare(&authctxt);
1.20 markus 331: authctxt.server_user = server_user;
1.68 markus 332: authctxt.local_user = local_user;
1.20 markus 333: authctxt.host = host;
334: authctxt.service = "ssh-connection"; /* service name */
335: authctxt.success = 0;
1.23 markus 336: authctxt.method = authmethod_lookup("none");
1.51 markus 337: authctxt.authlist = NULL;
1.121 markus 338: authctxt.methoddata = NULL;
1.100 markus 339: authctxt.sensitive = sensitive;
1.82 markus 340: authctxt.info_req_seen = 0;
1.23 markus 341: if (authctxt.method == NULL)
342: fatal("ssh_userauth2: internal error: cannot send userauth none request");
1.20 markus 343:
344: /* initial userauth request */
1.23 markus 345: userauth_none(&authctxt);
1.20 markus 346:
1.65 markus 347: dispatch_init(&input_userauth_error);
1.20 markus 348: dispatch_set(SSH2_MSG_USERAUTH_SUCCESS, &input_userauth_success);
349: dispatch_set(SSH2_MSG_USERAUTH_FAILURE, &input_userauth_failure);
1.35 markus 350: dispatch_set(SSH2_MSG_USERAUTH_BANNER, &input_userauth_banner);
1.20 markus 351: dispatch_run(DISPATCH_BLOCK, &authctxt.success, &authctxt); /* loop until success */
352:
1.117 markus 353: pubkey_cleanup(&authctxt);
1.119 markus 354: dispatch_range(SSH2_MSG_USERAUTH_MIN, SSH2_MSG_USERAUTH_MAX, NULL);
355:
1.109 markus 356: debug("Authentication succeeded (%s).", authctxt.method->name);
1.20 markus 357: }
1.119 markus 358:
1.20 markus 359: void
1.51 markus 360: userauth(Authctxt *authctxt, char *authlist)
361: {
1.170 djm 362: if (authctxt->method != NULL && authctxt->method->cleanup != NULL)
363: authctxt->method->cleanup(authctxt);
364:
1.121 markus 365: if (authctxt->methoddata) {
366: xfree(authctxt->methoddata);
367: authctxt->methoddata = NULL;
368: }
1.51 markus 369: if (authlist == NULL) {
370: authlist = authctxt->authlist;
371: } else {
372: if (authctxt->authlist)
373: xfree(authctxt->authlist);
374: authctxt->authlist = authlist;
375: }
376: for (;;) {
377: Authmethod *method = authmethod_get(authlist);
378: if (method == NULL)
379: fatal("Permission denied (%s).", authlist);
380: authctxt->method = method;
1.119 markus 381:
382: /* reset the per method handler */
383: dispatch_range(SSH2_MSG_USERAUTH_PER_METHOD_MIN,
384: SSH2_MSG_USERAUTH_PER_METHOD_MAX, NULL);
385:
386: /* and try new method */
1.51 markus 387: if (method->userauth(authctxt) != 0) {
388: debug2("we sent a %s packet, wait for reply", method->name);
389: break;
390: } else {
391: debug2("we did not send a packet, disable method");
392: method->enabled = NULL;
393: }
394: }
395: }
1.105 deraadt 396:
1.169 djm 397: /* ARGSUSED */
1.51 markus 398: void
1.92 markus 399: input_userauth_error(int type, u_int32_t seq, void *ctxt)
1.20 markus 400: {
1.35 markus 401: fatal("input_userauth_error: bad message during authentication: "
1.140 djm 402: "type %d", type);
1.35 markus 403: }
1.105 deraadt 404:
1.169 djm 405: /* ARGSUSED */
1.35 markus 406: void
1.92 markus 407: input_userauth_banner(int type, u_int32_t seq, void *ctxt)
1.35 markus 408: {
1.166 djm 409: char *msg, *raw, *lang;
410: u_int len;
1.126 deraadt 411:
1.35 markus 412: debug3("input_userauth_banner");
1.166 djm 413: raw = packet_get_string(&len);
1.35 markus 414: lang = packet_get_string(NULL);
1.167 markus 415: if (len > 0 && options.log_level >= SYSLOG_LEVEL_INFO) {
1.166 djm 416: if (len > 65536)
417: len = 65536;
1.168 deraadt 418: msg = xmalloc(len * 4 + 1); /* max expansion from strnvis() */
1.177 dtucker 419: strnvis(msg, raw, len * 4 + 1, VIS_SAFE|VIS_OCTAL|VIS_NOSLASH);
1.125 dtucker 420: fprintf(stderr, "%s", msg);
1.166 djm 421: xfree(msg);
422: }
423: xfree(raw);
1.35 markus 424: xfree(lang);
1.20 markus 425: }
1.105 deraadt 426:
1.169 djm 427: /* ARGSUSED */
1.20 markus 428: void
1.92 markus 429: input_userauth_success(int type, u_int32_t seq, void *ctxt)
1.20 markus 430: {
431: Authctxt *authctxt = ctxt;
1.172 djm 432:
1.20 markus 433: if (authctxt == NULL)
434: fatal("input_userauth_success: no authentication context");
1.126 deraadt 435: if (authctxt->authlist) {
1.51 markus 436: xfree(authctxt->authlist);
1.126 deraadt 437: authctxt->authlist = NULL;
438: }
1.172 djm 439: if (authctxt->method != NULL && authctxt->method->cleanup != NULL)
440: authctxt->method->cleanup(authctxt);
1.126 deraadt 441: if (authctxt->methoddata) {
1.121 markus 442: xfree(authctxt->methoddata);
1.126 deraadt 443: authctxt->methoddata = NULL;
444: }
1.20 markus 445: authctxt->success = 1; /* break out */
446: }
1.105 deraadt 447:
1.172 djm 448: void
449: input_userauth_success_unexpected(int type, u_int32_t seq, void *ctxt)
450: {
451: Authctxt *authctxt = ctxt;
452:
453: if (authctxt == NULL)
454: fatal("%s: no authentication context", __func__);
455:
456: fatal("Unexpected authentication success during %s.",
457: authctxt->method->name);
458: }
459:
1.169 djm 460: /* ARGSUSED */
1.20 markus 461: void
1.92 markus 462: input_userauth_failure(int type, u_int32_t seq, void *ctxt)
1.20 markus 463: {
464: Authctxt *authctxt = ctxt;
465: char *authlist = NULL;
466: int partial;
467:
468: if (authctxt == NULL)
469: fatal("input_userauth_failure: no authentication context");
470:
1.23 markus 471: authlist = packet_get_string(NULL);
1.20 markus 472: partial = packet_get_char();
1.90 markus 473: packet_check_eom();
1.20 markus 474:
475: if (partial != 0)
1.116 itojun 476: logit("Authenticated with partial success.");
1.109 markus 477: debug("Authentications that can continue: %s", authlist);
1.20 markus 478:
1.51 markus 479: userauth(authctxt, authlist);
480: }
1.169 djm 481:
482: /* ARGSUSED */
1.51 markus 483: void
1.92 markus 484: input_userauth_pk_ok(int type, u_int32_t seq, void *ctxt)
1.51 markus 485: {
486: Authctxt *authctxt = ctxt;
487: Key *key = NULL;
1.117 markus 488: Identity *id = NULL;
1.51 markus 489: Buffer b;
1.96 markus 490: int pktype, sent = 0;
491: u_int alen, blen;
492: char *pkalg, *fp;
493: u_char *pkblob;
1.51 markus 494:
495: if (authctxt == NULL)
496: fatal("input_userauth_pk_ok: no authentication context");
497: if (datafellows & SSH_BUG_PKOK) {
498: /* this is similar to SSH_BUG_PKAUTH */
499: debug2("input_userauth_pk_ok: SSH_BUG_PKOK");
500: pkblob = packet_get_string(&blen);
501: buffer_init(&b);
502: buffer_append(&b, pkblob, blen);
503: pkalg = buffer_get_string(&b, &alen);
504: buffer_free(&b);
505: } else {
506: pkalg = packet_get_string(&alen);
507: pkblob = packet_get_string(&blen);
508: }
1.90 markus 509: packet_check_eom();
1.51 markus 510:
1.117 markus 511: debug("Server accepts key: pkalg %s blen %u", pkalg, blen);
1.51 markus 512:
1.117 markus 513: if ((pktype = key_type_from_name(pkalg)) == KEY_UNSPEC) {
514: debug("unknown pkalg %s", pkalg);
515: goto done;
516: }
517: if ((key = key_from_blob(pkblob, blen)) == NULL) {
518: debug("no key from blob. pkalg %s", pkalg);
519: goto done;
520: }
521: if (key->type != pktype) {
522: error("input_userauth_pk_ok: type mismatch "
523: "for decoded key (received %d, expected %d)",
524: key->type, pktype);
525: goto done;
526: }
527: fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
528: debug2("input_userauth_pk_ok: fp %s", fp);
529: xfree(fp);
530:
1.127 markus 531: /*
532: * search keys in the reverse order, because last candidate has been
533: * moved to the end of the queue. this also avoids confusion by
534: * duplicate keys
535: */
1.136 henning 536: TAILQ_FOREACH_REVERSE(id, &authctxt->keys, idlist, next) {
1.117 markus 537: if (key_equal(key, id->key)) {
538: sent = sign_and_send_pubkey(authctxt, id);
1.51 markus 539: break;
540: }
1.117 markus 541: }
542: done:
1.51 markus 543: if (key != NULL)
544: key_free(key);
545: xfree(pkalg);
546: xfree(pkblob);
547:
1.106 deraadt 548: /* try another method if we did not send a packet */
1.51 markus 549: if (sent == 0)
550: userauth(authctxt, NULL);
1.20 markus 551: }
1.121 markus 552:
553: #ifdef GSSAPI
1.133 djm 554: int
1.121 markus 555: userauth_gssapi(Authctxt *authctxt)
556: {
557: Gssctxt *gssctxt = NULL;
1.128 avsm 558: static gss_OID_set gss_supported = NULL;
1.139 djm 559: static u_int mech = 0;
1.121 markus 560: OM_uint32 min;
561: int ok = 0;
562:
563: /* Try one GSSAPI method at a time, rather than sending them all at
564: * once. */
565:
1.128 avsm 566: if (gss_supported == NULL)
567: gss_indicate_mechs(&min, &gss_supported);
1.121 markus 568:
569: /* Check to see if the mechanism is usable before we offer it */
1.128 avsm 570: while (mech < gss_supported->count && !ok) {
1.121 markus 571: /* My DER encoding requires length<128 */
1.128 avsm 572: if (gss_supported->elements[mech].length < 128 &&
1.161 djm 573: ssh_gssapi_check_mechanism(&gssctxt,
574: &gss_supported->elements[mech], authctxt->host)) {
1.121 markus 575: ok = 1; /* Mechanism works */
576: } else {
577: mech++;
578: }
579: }
580:
1.161 djm 581: if (!ok)
1.139 djm 582: return 0;
1.121 markus 583:
584: authctxt->methoddata=(void *)gssctxt;
585:
586: packet_start(SSH2_MSG_USERAUTH_REQUEST);
587: packet_put_cstring(authctxt->server_user);
588: packet_put_cstring(authctxt->service);
589: packet_put_cstring(authctxt->method->name);
590:
591: packet_put_int(1);
592:
1.129 markus 593: packet_put_int((gss_supported->elements[mech].length) + 2);
594: packet_put_char(SSH_GSS_OIDTYPE);
595: packet_put_char(gss_supported->elements[mech].length);
596: packet_put_raw(gss_supported->elements[mech].elements,
597: gss_supported->elements[mech].length);
1.121 markus 598:
599: packet_send();
600:
601: dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_RESPONSE, &input_gssapi_response);
602: dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, &input_gssapi_token);
603: dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERROR, &input_gssapi_error);
604: dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, &input_gssapi_errtok);
605:
606: mech++; /* Move along to next candidate */
607:
608: return 1;
609: }
610:
1.130 markus 611: static OM_uint32
612: process_gssapi_token(void *ctxt, gss_buffer_t recv_tok)
613: {
614: Authctxt *authctxt = ctxt;
615: Gssctxt *gssctxt = authctxt->methoddata;
616: gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
1.142 djm 617: gss_buffer_desc mic = GSS_C_EMPTY_BUFFER;
618: gss_buffer_desc gssbuf;
1.132 markus 619: OM_uint32 status, ms, flags;
620: Buffer b;
1.133 djm 621:
1.130 markus 622: status = ssh_gssapi_init_ctx(gssctxt, options.gss_deleg_creds,
1.132 markus 623: recv_tok, &send_tok, &flags);
1.130 markus 624:
625: if (send_tok.length > 0) {
626: if (GSS_ERROR(status))
627: packet_start(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK);
628: else
629: packet_start(SSH2_MSG_USERAUTH_GSSAPI_TOKEN);
1.133 djm 630:
1.130 markus 631: packet_put_string(send_tok.value, send_tok.length);
632: packet_send();
633: gss_release_buffer(&ms, &send_tok);
634: }
1.133 djm 635:
1.130 markus 636: if (status == GSS_S_COMPLETE) {
1.132 markus 637: /* send either complete or MIC, depending on mechanism */
638: if (!(flags & GSS_C_INTEG_FLAG)) {
639: packet_start(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE);
640: packet_send();
641: } else {
642: ssh_gssapi_buildmic(&b, authctxt->server_user,
643: authctxt->service, "gssapi-with-mic");
644:
645: gssbuf.value = buffer_ptr(&b);
646: gssbuf.length = buffer_len(&b);
1.133 djm 647:
1.132 markus 648: status = ssh_gssapi_sign(gssctxt, &gssbuf, &mic);
1.133 djm 649:
1.132 markus 650: if (!GSS_ERROR(status)) {
651: packet_start(SSH2_MSG_USERAUTH_GSSAPI_MIC);
652: packet_put_string(mic.value, mic.length);
1.133 djm 653:
1.132 markus 654: packet_send();
655: }
1.133 djm 656:
1.132 markus 657: buffer_free(&b);
658: gss_release_buffer(&ms, &mic);
1.133 djm 659: }
1.130 markus 660: }
1.133 djm 661:
1.130 markus 662: return status;
663: }
664:
1.169 djm 665: /* ARGSUSED */
1.121 markus 666: void
667: input_gssapi_response(int type, u_int32_t plen, void *ctxt)
668: {
669: Authctxt *authctxt = ctxt;
670: Gssctxt *gssctxt;
671: int oidlen;
672: char *oidv;
673:
674: if (authctxt == NULL)
675: fatal("input_gssapi_response: no authentication context");
676: gssctxt = authctxt->methoddata;
677:
678: /* Setup our OID */
679: oidv = packet_get_string(&oidlen);
680:
1.129 markus 681: if (oidlen <= 2 ||
682: oidv[0] != SSH_GSS_OIDTYPE ||
683: oidv[1] != oidlen - 2) {
1.130 markus 684: xfree(oidv);
1.129 markus 685: debug("Badly encoded mechanism OID received");
686: userauth(authctxt, NULL);
687: return;
1.121 markus 688: }
1.129 markus 689:
690: if (!ssh_gssapi_check_oid(gssctxt, oidv + 2, oidlen - 2))
691: fatal("Server returned different OID than expected");
1.121 markus 692:
693: packet_check_eom();
694:
695: xfree(oidv);
696:
1.130 markus 697: if (GSS_ERROR(process_gssapi_token(ctxt, GSS_C_NO_BUFFER))) {
1.121 markus 698: /* Start again with next method on list */
699: debug("Trying to start again");
700: userauth(authctxt, NULL);
701: return;
702: }
703: }
704:
1.169 djm 705: /* ARGSUSED */
1.121 markus 706: void
707: input_gssapi_token(int type, u_int32_t plen, void *ctxt)
708: {
709: Authctxt *authctxt = ctxt;
710: gss_buffer_desc recv_tok;
1.130 markus 711: OM_uint32 status;
1.121 markus 712: u_int slen;
713:
714: if (authctxt == NULL)
715: fatal("input_gssapi_response: no authentication context");
716:
717: recv_tok.value = packet_get_string(&slen);
718: recv_tok.length = slen; /* safe typecast */
719:
720: packet_check_eom();
721:
1.130 markus 722: status = process_gssapi_token(ctxt, &recv_tok);
1.121 markus 723:
724: xfree(recv_tok.value);
725:
726: if (GSS_ERROR(status)) {
727: /* Start again with the next method in the list */
728: userauth(authctxt, NULL);
729: return;
730: }
731: }
732:
1.169 djm 733: /* ARGSUSED */
1.121 markus 734: void
735: input_gssapi_errtok(int type, u_int32_t plen, void *ctxt)
736: {
737: Authctxt *authctxt = ctxt;
738: Gssctxt *gssctxt;
739: gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
740: gss_buffer_desc recv_tok;
741: OM_uint32 status, ms;
1.123 deraadt 742: u_int len;
1.121 markus 743:
744: if (authctxt == NULL)
745: fatal("input_gssapi_response: no authentication context");
746: gssctxt = authctxt->methoddata;
747:
1.123 deraadt 748: recv_tok.value = packet_get_string(&len);
749: recv_tok.length = len;
1.121 markus 750:
751: packet_check_eom();
752:
753: /* Stick it into GSSAPI and see what it says */
754: status = ssh_gssapi_init_ctx(gssctxt, options.gss_deleg_creds,
1.140 djm 755: &recv_tok, &send_tok, NULL);
1.121 markus 756:
757: xfree(recv_tok.value);
758: gss_release_buffer(&ms, &send_tok);
759:
760: /* Server will be returning a failed packet after this one */
761: }
762:
1.169 djm 763: /* ARGSUSED */
1.121 markus 764: void
765: input_gssapi_error(int type, u_int32_t plen, void *ctxt)
766: {
767: OM_uint32 maj, min;
768: char *msg;
769: char *lang;
770:
771: maj=packet_get_int();
772: min=packet_get_int();
773: msg=packet_get_string(NULL);
774: lang=packet_get_string(NULL);
775:
776: packet_check_eom();
777:
1.143 stevesk 778: debug("Server GSSAPI Error:\n%s", msg);
1.121 markus 779: xfree(msg);
780: xfree(lang);
781: }
782: #endif /* GSSAPI */
1.20 markus 783:
1.1 markus 784: int
1.23 markus 785: userauth_none(Authctxt *authctxt)
786: {
787: /* initial userauth request */
788: packet_start(SSH2_MSG_USERAUTH_REQUEST);
789: packet_put_cstring(authctxt->server_user);
790: packet_put_cstring(authctxt->service);
791: packet_put_cstring(authctxt->method->name);
792: packet_send();
793: return 1;
794: }
795:
796: int
1.20 markus 797: userauth_passwd(Authctxt *authctxt)
1.1 markus 798: {
1.6 markus 799: static int attempt = 0;
1.99 markus 800: char prompt[150];
1.1 markus 801: char *password;
1.175 dtucker 802: const char *host = options.host_key_alias ? options.host_key_alias :
803: authctxt->host;
1.6 markus 804:
1.13 todd 805: if (attempt++ >= options.number_of_password_prompts)
1.6 markus 806: return 0;
1.13 todd 807:
1.87 deraadt 808: if (attempt != 1)
1.13 todd 809: error("Permission denied, please try again.");
1.1 markus 810:
1.43 itojun 811: snprintf(prompt, sizeof(prompt), "%.30s@%.128s's password: ",
1.175 dtucker 812: authctxt->server_user, host);
1.1 markus 813: password = read_passphrase(prompt, 0);
814: packet_start(SSH2_MSG_USERAUTH_REQUEST);
1.20 markus 815: packet_put_cstring(authctxt->server_user);
816: packet_put_cstring(authctxt->service);
1.23 markus 817: packet_put_cstring(authctxt->method->name);
1.1 markus 818: packet_put_char(0);
1.49 markus 819: packet_put_cstring(password);
1.1 markus 820: memset(password, 0, strlen(password));
821: xfree(password);
1.85 markus 822: packet_add_padding(64);
1.1 markus 823: packet_send();
1.99 markus 824:
1.104 deraadt 825: dispatch_set(SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ,
1.99 markus 826: &input_userauth_passwd_changereq);
827:
1.1 markus 828: return 1;
829: }
1.169 djm 830:
1.99 markus 831: /*
832: * parse PASSWD_CHANGEREQ, prompt user and send SSH2_MSG_USERAUTH_REQUEST
833: */
1.169 djm 834: /* ARGSUSED */
1.99 markus 835: void
1.153 djm 836: input_userauth_passwd_changereq(int type, u_int32_t seqnr, void *ctxt)
1.99 markus 837: {
838: Authctxt *authctxt = ctxt;
839: char *info, *lang, *password = NULL, *retype = NULL;
840: char prompt[150];
1.175 dtucker 841: const char *host = options.host_key_alias ? options.host_key_alias :
842: authctxt->host;
1.99 markus 843:
844: debug2("input_userauth_passwd_changereq");
845:
846: if (authctxt == NULL)
847: fatal("input_userauth_passwd_changereq: "
848: "no authentication context");
849:
850: info = packet_get_string(NULL);
851: lang = packet_get_string(NULL);
852: if (strlen(info) > 0)
1.116 itojun 853: logit("%s", info);
1.99 markus 854: xfree(info);
855: xfree(lang);
856: packet_start(SSH2_MSG_USERAUTH_REQUEST);
857: packet_put_cstring(authctxt->server_user);
858: packet_put_cstring(authctxt->service);
859: packet_put_cstring(authctxt->method->name);
860: packet_put_char(1); /* additional info */
1.104 deraadt 861: snprintf(prompt, sizeof(prompt),
1.99 markus 862: "Enter %.30s@%.128s's old password: ",
1.175 dtucker 863: authctxt->server_user, host);
1.99 markus 864: password = read_passphrase(prompt, 0);
865: packet_put_cstring(password);
866: memset(password, 0, strlen(password));
867: xfree(password);
868: password = NULL;
869: while (password == NULL) {
1.104 deraadt 870: snprintf(prompt, sizeof(prompt),
1.99 markus 871: "Enter %.30s@%.128s's new password: ",
1.175 dtucker 872: authctxt->server_user, host);
1.99 markus 873: password = read_passphrase(prompt, RP_ALLOW_EOF);
874: if (password == NULL) {
875: /* bail out */
876: return;
877: }
1.104 deraadt 878: snprintf(prompt, sizeof(prompt),
1.99 markus 879: "Retype %.30s@%.128s's new password: ",
1.175 dtucker 880: authctxt->server_user, host);
1.99 markus 881: retype = read_passphrase(prompt, 0);
882: if (strcmp(password, retype) != 0) {
883: memset(password, 0, strlen(password));
884: xfree(password);
1.116 itojun 885: logit("Mismatch; try again, EOF to quit.");
1.99 markus 886: password = NULL;
887: }
888: memset(retype, 0, strlen(retype));
889: xfree(retype);
890: }
891: packet_put_cstring(password);
892: memset(password, 0, strlen(password));
893: xfree(password);
894: packet_add_padding(64);
895: packet_send();
1.104 deraadt 896:
897: dispatch_set(SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ,
1.99 markus 898: &input_userauth_passwd_changereq);
1.117 markus 899: }
900:
1.170 djm 901: #ifdef JPAKE
902: static char *
903: pw_encrypt(const char *password, const char *crypt_scheme, const char *salt)
904: {
905: /* OpenBSD crypt(3) handles all of these */
906: if (strcmp(crypt_scheme, "crypt") == 0 ||
907: strcmp(crypt_scheme, "bcrypt") == 0 ||
908: strcmp(crypt_scheme, "md5crypt") == 0 ||
909: strcmp(crypt_scheme, "crypt-extended") == 0)
910: return xstrdup(crypt(password, salt));
911: error("%s: unsupported password encryption scheme \"%.100s\"",
912: __func__, crypt_scheme);
913: return NULL;
914: }
915:
916: static BIGNUM *
917: jpake_password_to_secret(Authctxt *authctxt, const char *crypt_scheme,
918: const char *salt)
919: {
920: char prompt[256], *password, *crypted;
921: u_char *secret;
922: u_int secret_len;
923: BIGNUM *ret;
924:
925: snprintf(prompt, sizeof(prompt), "%.30s@%.128s's password (JPAKE): ",
926: authctxt->server_user, authctxt->host);
927: password = read_passphrase(prompt, 0);
928:
929: if ((crypted = pw_encrypt(password, crypt_scheme, salt)) == NULL) {
930: logit("Disabling %s authentication", authctxt->method->name);
931: authctxt->method->enabled = NULL;
932: /* Continue with an empty password to fail gracefully */
933: crypted = xstrdup("");
934: }
935:
936: #ifdef JPAKE_DEBUG
937: debug3("%s: salt = %s", __func__, salt);
938: debug3("%s: scheme = %s", __func__, crypt_scheme);
939: debug3("%s: crypted = %s", __func__, crypted);
940: #endif
941:
942: if (hash_buffer(crypted, strlen(crypted), EVP_sha256(),
943: &secret, &secret_len) != 0)
944: fatal("%s: hash_buffer", __func__);
945:
946: bzero(password, strlen(password));
947: bzero(crypted, strlen(crypted));
948: xfree(password);
949: xfree(crypted);
950:
951: if ((ret = BN_bin2bn(secret, secret_len, NULL)) == NULL)
952: fatal("%s: BN_bin2bn (secret)", __func__);
953: bzero(secret, secret_len);
954: xfree(secret);
955:
956: return ret;
957: }
958:
959: /* ARGSUSED */
960: void
961: input_userauth_jpake_server_step1(int type, u_int32_t seq, void *ctxt)
962: {
963: Authctxt *authctxt = ctxt;
964: struct jpake_ctx *pctx = authctxt->methoddata;
965: u_char *x3_proof, *x4_proof, *x2_s_proof;
966: u_int x3_proof_len, x4_proof_len, x2_s_proof_len;
967: char *crypt_scheme, *salt;
968:
969: /* Disable this message */
970: dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_STEP1, NULL);
971:
972: if ((pctx->g_x3 = BN_new()) == NULL ||
973: (pctx->g_x4 = BN_new()) == NULL)
974: fatal("%s: BN_new", __func__);
975:
976: /* Fetch step 1 values */
977: crypt_scheme = packet_get_string(NULL);
978: salt = packet_get_string(NULL);
979: pctx->server_id = packet_get_string(&pctx->server_id_len);
980: packet_get_bignum2(pctx->g_x3);
981: packet_get_bignum2(pctx->g_x4);
982: x3_proof = packet_get_string(&x3_proof_len);
983: x4_proof = packet_get_string(&x4_proof_len);
984: packet_check_eom();
985:
986: JPAKE_DEBUG_CTX((pctx, "step 1 received in %s", __func__));
987:
988: /* Obtain password and derive secret */
989: pctx->s = jpake_password_to_secret(authctxt, crypt_scheme, salt);
990: bzero(crypt_scheme, strlen(crypt_scheme));
991: bzero(salt, strlen(salt));
992: xfree(crypt_scheme);
993: xfree(salt);
994: JPAKE_DEBUG_BN((pctx->s, "%s: s = ", __func__));
995:
996: /* Calculate step 2 values */
997: jpake_step2(pctx->grp, pctx->s, pctx->g_x1,
998: pctx->g_x3, pctx->g_x4, pctx->x2,
999: pctx->server_id, pctx->server_id_len,
1000: pctx->client_id, pctx->client_id_len,
1001: x3_proof, x3_proof_len,
1002: x4_proof, x4_proof_len,
1003: &pctx->a,
1004: &x2_s_proof, &x2_s_proof_len);
1005:
1006: bzero(x3_proof, x3_proof_len);
1007: bzero(x4_proof, x4_proof_len);
1008: xfree(x3_proof);
1009: xfree(x4_proof);
1010:
1011: JPAKE_DEBUG_CTX((pctx, "step 2 sending in %s", __func__));
1012:
1013: /* Send values for step 2 */
1014: packet_start(SSH2_MSG_USERAUTH_JPAKE_CLIENT_STEP2);
1015: packet_put_bignum2(pctx->a);
1016: packet_put_string(x2_s_proof, x2_s_proof_len);
1017: packet_send();
1018:
1019: bzero(x2_s_proof, x2_s_proof_len);
1020: xfree(x2_s_proof);
1021:
1022: /* Expect step 2 packet from peer */
1023: dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_STEP2,
1024: input_userauth_jpake_server_step2);
1025: }
1026:
1027: /* ARGSUSED */
1028: void
1029: input_userauth_jpake_server_step2(int type, u_int32_t seq, void *ctxt)
1030: {
1031: Authctxt *authctxt = ctxt;
1032: struct jpake_ctx *pctx = authctxt->methoddata;
1033: u_char *x4_s_proof;
1034: u_int x4_s_proof_len;
1035:
1036: /* Disable this message */
1037: dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_STEP2, NULL);
1038:
1039: if ((pctx->b = BN_new()) == NULL)
1040: fatal("%s: BN_new", __func__);
1041:
1042: /* Fetch step 2 values */
1043: packet_get_bignum2(pctx->b);
1044: x4_s_proof = packet_get_string(&x4_s_proof_len);
1045: packet_check_eom();
1046:
1047: JPAKE_DEBUG_CTX((pctx, "step 2 received in %s", __func__));
1048:
1049: /* Derive shared key and calculate confirmation hash */
1050: jpake_key_confirm(pctx->grp, pctx->s, pctx->b,
1051: pctx->x2, pctx->g_x1, pctx->g_x2, pctx->g_x3, pctx->g_x4,
1052: pctx->client_id, pctx->client_id_len,
1053: pctx->server_id, pctx->server_id_len,
1054: session_id2, session_id2_len,
1055: x4_s_proof, x4_s_proof_len,
1056: &pctx->k,
1057: &pctx->h_k_cid_sessid, &pctx->h_k_cid_sessid_len);
1058:
1059: bzero(x4_s_proof, x4_s_proof_len);
1060: xfree(x4_s_proof);
1061:
1062: JPAKE_DEBUG_CTX((pctx, "confirm sending in %s", __func__));
1063:
1064: /* Send key confirmation proof */
1065: packet_start(SSH2_MSG_USERAUTH_JPAKE_CLIENT_CONFIRM);
1066: packet_put_string(pctx->h_k_cid_sessid, pctx->h_k_cid_sessid_len);
1067: packet_send();
1068:
1069: /* Expect confirmation from peer */
1070: dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_CONFIRM,
1071: input_userauth_jpake_server_confirm);
1072: }
1073:
1074: /* ARGSUSED */
1075: void
1076: input_userauth_jpake_server_confirm(int type, u_int32_t seq, void *ctxt)
1077: {
1078: Authctxt *authctxt = ctxt;
1079: struct jpake_ctx *pctx = authctxt->methoddata;
1080:
1081: /* Disable this message */
1082: dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_CONFIRM, NULL);
1083:
1084: pctx->h_k_sid_sessid = packet_get_string(&pctx->h_k_sid_sessid_len);
1085: packet_check_eom();
1086:
1087: JPAKE_DEBUG_CTX((pctx, "confirm received in %s", __func__));
1088:
1089: /* Verify expected confirmation hash */
1090: if (jpake_check_confirm(pctx->k,
1091: pctx->server_id, pctx->server_id_len,
1092: session_id2, session_id2_len,
1093: pctx->h_k_sid_sessid, pctx->h_k_sid_sessid_len) == 1)
1094: debug("%s: %s success", __func__, authctxt->method->name);
1095: else {
1096: debug("%s: confirmation mismatch", __func__);
1097: /* XXX stash this so if auth succeeds then we can warn/kill */
1098: }
1099:
1100: userauth_jpake_cleanup(authctxt);
1101: }
1102: #endif /* JPAKE */
1103:
1.117 markus 1104: static int
1105: identity_sign(Identity *id, u_char **sigp, u_int *lenp,
1106: u_char *data, u_int datalen)
1107: {
1108: Key *prv;
1109: int ret;
1.99 markus 1110:
1.117 markus 1111: /* the agent supports this key */
1112: if (id->ac)
1113: return (ssh_agent_sign(id->ac, id->key, sigp, lenp,
1114: data, datalen));
1115: /*
1116: * we have already loaded the private key or
1117: * the private key is stored in external hardware
1118: */
1119: if (id->isprivate || (id->key->flags & KEY_FLAG_EXT))
1120: return (key_sign(id->key, sigp, lenp, data, datalen));
1121: /* load the private key from the file */
1122: if ((prv = load_identity_file(id->filename)) == NULL)
1123: return (-1);
1124: ret = key_sign(prv, sigp, lenp, data, datalen);
1125: key_free(prv);
1126: return (ret);
1.51 markus 1127: }
1128:
1.76 itojun 1129: static int
1.117 markus 1130: sign_and_send_pubkey(Authctxt *authctxt, Identity *id)
1.1 markus 1131: {
1132: Buffer b;
1.32 markus 1133: u_char *blob, *signature;
1.96 markus 1134: u_int bloblen, slen;
1.120 markus 1135: u_int skip = 0;
1.17 markus 1136: int ret = -1;
1.23 markus 1137: int have_sig = 1;
1.182 djm 1138: char *fp;
1.1 markus 1139:
1.182 djm 1140: fp = key_fingerprint(id->key, SSH_FP_MD5, SSH_FP_HEX);
1141: debug3("sign_and_send_pubkey: %s %s", key_type(id->key), fp);
1142: xfree(fp);
1.51 markus 1143:
1.117 markus 1144: if (key_to_blob(id->key, &blob, &bloblen) == 0) {
1.28 markus 1145: /* we cannot handle this key */
1.30 markus 1146: debug3("sign_and_send_pubkey: cannot handle key");
1.28 markus 1147: return 0;
1148: }
1.1 markus 1149: /* data to be signed */
1150: buffer_init(&b);
1.26 markus 1151: if (datafellows & SSH_OLD_SESSIONID) {
1152: buffer_append(&b, session_id2, session_id2_len);
1.41 stevesk 1153: skip = session_id2_len;
1.26 markus 1154: } else {
1.14 markus 1155: buffer_put_string(&b, session_id2, session_id2_len);
1156: skip = buffer_len(&b);
1157: }
1.1 markus 1158: buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
1.20 markus 1159: buffer_put_cstring(&b, authctxt->server_user);
1.10 markus 1160: buffer_put_cstring(&b,
1.30 markus 1161: datafellows & SSH_BUG_PKSERVICE ?
1.10 markus 1162: "ssh-userauth" :
1.20 markus 1163: authctxt->service);
1.30 markus 1164: if (datafellows & SSH_BUG_PKAUTH) {
1165: buffer_put_char(&b, have_sig);
1166: } else {
1167: buffer_put_cstring(&b, authctxt->method->name);
1168: buffer_put_char(&b, have_sig);
1.117 markus 1169: buffer_put_cstring(&b, key_ssh_name(id->key));
1.30 markus 1170: }
1.1 markus 1171: buffer_put_string(&b, blob, bloblen);
1172:
1173: /* generate signature */
1.117 markus 1174: ret = identity_sign(id, &signature, &slen,
1.51 markus 1175: buffer_ptr(&b), buffer_len(&b));
1.17 markus 1176: if (ret == -1) {
1177: xfree(blob);
1178: buffer_free(&b);
1179: return 0;
1180: }
1.28 markus 1181: #ifdef DEBUG_PK
1.1 markus 1182: buffer_dump(&b);
1183: #endif
1.30 markus 1184: if (datafellows & SSH_BUG_PKSERVICE) {
1.10 markus 1185: buffer_clear(&b);
1186: buffer_append(&b, session_id2, session_id2_len);
1.51 markus 1187: skip = session_id2_len;
1.10 markus 1188: buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
1.20 markus 1189: buffer_put_cstring(&b, authctxt->server_user);
1190: buffer_put_cstring(&b, authctxt->service);
1.23 markus 1191: buffer_put_cstring(&b, authctxt->method->name);
1192: buffer_put_char(&b, have_sig);
1.30 markus 1193: if (!(datafellows & SSH_BUG_PKAUTH))
1.117 markus 1194: buffer_put_cstring(&b, key_ssh_name(id->key));
1.10 markus 1195: buffer_put_string(&b, blob, bloblen);
1196: }
1197: xfree(blob);
1.51 markus 1198:
1.1 markus 1199: /* append signature */
1200: buffer_put_string(&b, signature, slen);
1201: xfree(signature);
1202:
1203: /* skip session id and packet type */
1.14 markus 1204: if (buffer_len(&b) < skip + 1)
1.20 markus 1205: fatal("userauth_pubkey: internal error");
1.14 markus 1206: buffer_consume(&b, skip + 1);
1.1 markus 1207:
1208: /* put remaining data from buffer into packet */
1209: packet_start(SSH2_MSG_USERAUTH_REQUEST);
1210: packet_put_raw(buffer_ptr(&b), buffer_len(&b));
1211: buffer_free(&b);
1212: packet_send();
1.17 markus 1213:
1214: return 1;
1.16 markus 1215: }
1216:
1.76 itojun 1217: static int
1.117 markus 1218: send_pubkey_test(Authctxt *authctxt, Identity *id)
1.20 markus 1219: {
1.51 markus 1220: u_char *blob;
1.97 markus 1221: u_int bloblen, have_sig = 0;
1.20 markus 1222:
1.51 markus 1223: debug3("send_pubkey_test");
1.16 markus 1224:
1.117 markus 1225: if (key_to_blob(id->key, &blob, &bloblen) == 0) {
1.51 markus 1226: /* we cannot handle this key */
1227: debug3("send_pubkey_test: cannot handle key");
1.16 markus 1228: return 0;
1229: }
1.51 markus 1230: /* register callback for USERAUTH_PK_OK message */
1231: dispatch_set(SSH2_MSG_USERAUTH_PK_OK, &input_userauth_pk_ok);
1232:
1233: packet_start(SSH2_MSG_USERAUTH_REQUEST);
1234: packet_put_cstring(authctxt->server_user);
1235: packet_put_cstring(authctxt->service);
1236: packet_put_cstring(authctxt->method->name);
1237: packet_put_char(have_sig);
1238: if (!(datafellows & SSH_BUG_PKAUTH))
1.117 markus 1239: packet_put_cstring(key_ssh_name(id->key));
1.51 markus 1240: packet_put_string(blob, bloblen);
1241: xfree(blob);
1242: packet_send();
1243: return 1;
1244: }
1245:
1.76 itojun 1246: static Key *
1.51 markus 1247: load_identity_file(char *filename)
1248: {
1249: Key *private;
1250: char prompt[300], *passphrase;
1.178 dtucker 1251: int perm_ok = 0, quit, i;
1.52 markus 1252: struct stat st;
1.16 markus 1253:
1.52 markus 1254: if (stat(filename, &st) < 0) {
1255: debug3("no such identity: %s", filename);
1256: return NULL;
1257: }
1.152 dtucker 1258: private = key_load_private_type(KEY_UNSPEC, filename, "", NULL, &perm_ok);
1259: if (!perm_ok)
1260: return NULL;
1.56 markus 1261: if (private == NULL) {
1262: if (options.batch_mode)
1.51 markus 1263: return NULL;
1.16 markus 1264: snprintf(prompt, sizeof prompt,
1.88 deraadt 1265: "Enter passphrase for key '%.100s': ", filename);
1.20 markus 1266: for (i = 0; i < options.number_of_password_prompts; i++) {
1267: passphrase = read_passphrase(prompt, 0);
1268: if (strcmp(passphrase, "") != 0) {
1.152 dtucker 1269: private = key_load_private_type(KEY_UNSPEC,
1270: filename, passphrase, NULL, NULL);
1.51 markus 1271: quit = 0;
1.20 markus 1272: } else {
1273: debug2("no passphrase given, try next key");
1.51 markus 1274: quit = 1;
1.20 markus 1275: }
1276: memset(passphrase, 0, strlen(passphrase));
1277: xfree(passphrase);
1.56 markus 1278: if (private != NULL || quit)
1.20 markus 1279: break;
1280: debug2("bad passphrase given, try again...");
1.16 markus 1281: }
1282: }
1.51 markus 1283: return private;
1284: }
1285:
1.117 markus 1286: /*
1287: * try keys in the following order:
1288: * 1. agent keys that are found in the config file
1289: * 2. other agent keys
1290: * 3. keys that are only listed in the config file
1291: */
1292: static void
1293: pubkey_prepare(Authctxt *authctxt)
1.51 markus 1294: {
1.117 markus 1295: Identity *id;
1296: Idlist agent, files, *preferred;
1297: Key *key;
1298: AuthenticationConnection *ac;
1299: char *comment;
1300: int i, found;
1.51 markus 1301:
1.117 markus 1302: TAILQ_INIT(&agent); /* keys from the agent */
1303: TAILQ_INIT(&files); /* keys from the config file */
1304: preferred = &authctxt->keys;
1305: TAILQ_INIT(preferred); /* preferred order of keys */
1306:
1307: /* list of keys stored in the filesystem */
1308: for (i = 0; i < options.num_identity_files; i++) {
1309: key = options.identity_keys[i];
1310: if (key && key->type == KEY_RSA1)
1.180 djm 1311: continue;
1312: if (key && key->cert && key->cert->type != SSH2_CERT_TYPE_USER)
1.117 markus 1313: continue;
1314: options.identity_keys[i] = NULL;
1.150 djm 1315: id = xcalloc(1, sizeof(*id));
1.117 markus 1316: id->key = key;
1317: id->filename = xstrdup(options.identity_files[i]);
1318: TAILQ_INSERT_TAIL(&files, id, next);
1319: }
1320: /* list of keys supported by the agent */
1321: if ((ac = ssh_get_authentication_connection())) {
1322: for (key = ssh_get_first_identity(ac, &comment, 2);
1323: key != NULL;
1324: key = ssh_get_next_identity(ac, &comment, 2)) {
1325: found = 0;
1326: TAILQ_FOREACH(id, &files, next) {
1.133 djm 1327: /* agent keys from the config file are preferred */
1.117 markus 1328: if (key_equal(key, id->key)) {
1329: key_free(key);
1330: xfree(comment);
1331: TAILQ_REMOVE(&files, id, next);
1332: TAILQ_INSERT_TAIL(preferred, id, next);
1333: id->ac = ac;
1334: found = 1;
1335: break;
1336: }
1337: }
1.135 markus 1338: if (!found && !options.identities_only) {
1.150 djm 1339: id = xcalloc(1, sizeof(*id));
1.117 markus 1340: id->key = key;
1341: id->filename = comment;
1342: id->ac = ac;
1343: TAILQ_INSERT_TAIL(&agent, id, next);
1344: }
1345: }
1346: /* append remaining agent keys */
1347: for (id = TAILQ_FIRST(&agent); id; id = TAILQ_FIRST(&agent)) {
1348: TAILQ_REMOVE(&agent, id, next);
1349: TAILQ_INSERT_TAIL(preferred, id, next);
1350: }
1351: authctxt->agent = ac;
1352: }
1353: /* append remaining keys from the config file */
1354: for (id = TAILQ_FIRST(&files); id; id = TAILQ_FIRST(&files)) {
1355: TAILQ_REMOVE(&files, id, next);
1356: TAILQ_INSERT_TAIL(preferred, id, next);
1357: }
1358: TAILQ_FOREACH(id, preferred, next) {
1359: debug2("key: %s (%p)", id->filename, id->key);
1360: }
1.17 markus 1361: }
1362:
1.117 markus 1363: static void
1364: pubkey_cleanup(Authctxt *authctxt)
1.51 markus 1365: {
1.117 markus 1366: Identity *id;
1.51 markus 1367:
1.117 markus 1368: if (authctxt->agent != NULL)
1369: ssh_close_authentication_connection(authctxt->agent);
1370: for (id = TAILQ_FIRST(&authctxt->keys); id;
1371: id = TAILQ_FIRST(&authctxt->keys)) {
1372: TAILQ_REMOVE(&authctxt->keys, id, next);
1373: if (id->key)
1374: key_free(id->key);
1375: if (id->filename)
1376: xfree(id->filename);
1377: xfree(id);
1378: }
1.1 markus 1379: }
1380:
1.20 markus 1381: int
1382: userauth_pubkey(Authctxt *authctxt)
1383: {
1.117 markus 1384: Identity *id;
1.20 markus 1385: int sent = 0;
1386:
1.117 markus 1387: while ((id = TAILQ_FIRST(&authctxt->keys))) {
1388: if (id->tried++)
1389: return (0);
1.127 markus 1390: /* move key to the end of the queue */
1.117 markus 1391: TAILQ_REMOVE(&authctxt->keys, id, next);
1392: TAILQ_INSERT_TAIL(&authctxt->keys, id, next);
1393: /*
1394: * send a test message if we have the public key. for
1395: * encrypted keys we cannot do this and have to load the
1396: * private key instead
1397: */
1398: if (id->key && id->key->type != KEY_RSA1) {
1.181 djm 1399: debug("Offering %s public key: %s", key_type(id->key),
1400: id->filename);
1.117 markus 1401: sent = send_pubkey_test(authctxt, id);
1402: } else if (id->key == NULL) {
1403: debug("Trying private key: %s", id->filename);
1404: id->key = load_identity_file(id->filename);
1405: if (id->key != NULL) {
1406: id->isprivate = 1;
1407: sent = sign_and_send_pubkey(authctxt, id);
1408: key_free(id->key);
1409: id->key = NULL;
1.51 markus 1410: }
1411: }
1.117 markus 1412: if (sent)
1413: return (sent);
1.28 markus 1414: }
1.117 markus 1415: return (0);
1.20 markus 1416: }
1417:
1.23 markus 1418: /*
1419: * Send userauth request message specifying keyboard-interactive method.
1420: */
1421: int
1422: userauth_kbdint(Authctxt *authctxt)
1423: {
1424: static int attempt = 0;
1425:
1426: if (attempt++ >= options.number_of_password_prompts)
1427: return 0;
1.82 markus 1428: /* disable if no SSH2_MSG_USERAUTH_INFO_REQUEST has been seen */
1429: if (attempt > 1 && !authctxt->info_req_seen) {
1430: debug3("userauth_kbdint: disable: no info_req_seen");
1431: dispatch_set(SSH2_MSG_USERAUTH_INFO_REQUEST, NULL);
1432: return 0;
1433: }
1.23 markus 1434:
1435: debug2("userauth_kbdint");
1436: packet_start(SSH2_MSG_USERAUTH_REQUEST);
1437: packet_put_cstring(authctxt->server_user);
1438: packet_put_cstring(authctxt->service);
1439: packet_put_cstring(authctxt->method->name);
1440: packet_put_cstring(""); /* lang */
1441: packet_put_cstring(options.kbd_interactive_devices ?
1442: options.kbd_interactive_devices : "");
1443: packet_send();
1444:
1445: dispatch_set(SSH2_MSG_USERAUTH_INFO_REQUEST, &input_userauth_info_req);
1446: return 1;
1447: }
1448:
1449: /*
1.46 markus 1450: * parse INFO_REQUEST, prompt user and send INFO_RESPONSE
1.23 markus 1451: */
1452: void
1.92 markus 1453: input_userauth_info_req(int type, u_int32_t seq, void *ctxt)
1.23 markus 1454: {
1455: Authctxt *authctxt = ctxt;
1.46 markus 1456: char *name, *inst, *lang, *prompt, *response;
1.32 markus 1457: u_int num_prompts, i;
1.23 markus 1458: int echo = 0;
1459:
1460: debug2("input_userauth_info_req");
1461:
1462: if (authctxt == NULL)
1463: fatal("input_userauth_info_req: no authentication context");
1.82 markus 1464:
1465: authctxt->info_req_seen = 1;
1.23 markus 1466:
1467: name = packet_get_string(NULL);
1468: inst = packet_get_string(NULL);
1469: lang = packet_get_string(NULL);
1470: if (strlen(name) > 0)
1.116 itojun 1471: logit("%s", name);
1.23 markus 1472: if (strlen(inst) > 0)
1.116 itojun 1473: logit("%s", inst);
1.46 markus 1474: xfree(name);
1.23 markus 1475: xfree(inst);
1.46 markus 1476: xfree(lang);
1.23 markus 1477:
1478: num_prompts = packet_get_int();
1479: /*
1480: * Begin to build info response packet based on prompts requested.
1481: * We commit to providing the correct number of responses, so if
1482: * further on we run into a problem that prevents this, we have to
1483: * be sure and clean this up and send a correct error response.
1484: */
1485: packet_start(SSH2_MSG_USERAUTH_INFO_RESPONSE);
1486: packet_put_int(num_prompts);
1487:
1.73 markus 1488: debug2("input_userauth_info_req: num_prompts %d", num_prompts);
1.23 markus 1489: for (i = 0; i < num_prompts; i++) {
1490: prompt = packet_get_string(NULL);
1491: echo = packet_get_char();
1492:
1.77 markus 1493: response = read_passphrase(prompt, echo ? RP_ECHO : 0);
1.23 markus 1494:
1.49 markus 1495: packet_put_cstring(response);
1.23 markus 1496: memset(response, 0, strlen(response));
1497: xfree(response);
1498: xfree(prompt);
1499: }
1.90 markus 1500: packet_check_eom(); /* done with parsing incoming message. */
1.23 markus 1501:
1.85 markus 1502: packet_add_padding(64);
1.23 markus 1503: packet_send();
1.68 markus 1504: }
1505:
1.100 markus 1506: static int
1.105 deraadt 1507: ssh_keysign(Key *key, u_char **sigp, u_int *lenp,
1.100 markus 1508: u_char *data, u_int datalen)
1509: {
1510: Buffer b;
1.101 markus 1511: struct stat st;
1.100 markus 1512: pid_t pid;
1.103 markus 1513: int to[2], from[2], status, version = 2;
1.100 markus 1514:
1.109 markus 1515: debug2("ssh_keysign called");
1.100 markus 1516:
1.101 markus 1517: if (stat(_PATH_SSH_KEY_SIGN, &st) < 0) {
1.179 dtucker 1518: error("ssh_keysign: not installed: %s", strerror(errno));
1.101 markus 1519: return -1;
1520: }
1.100 markus 1521: if (fflush(stdout) != 0)
1522: error("ssh_keysign: fflush: %s", strerror(errno));
1523: if (pipe(to) < 0) {
1524: error("ssh_keysign: pipe: %s", strerror(errno));
1525: return -1;
1526: }
1527: if (pipe(from) < 0) {
1528: error("ssh_keysign: pipe: %s", strerror(errno));
1529: return -1;
1530: }
1531: if ((pid = fork()) < 0) {
1532: error("ssh_keysign: fork: %s", strerror(errno));
1533: return -1;
1534: }
1535: if (pid == 0) {
1.174 dtucker 1536: /* keep the socket on exec */
1537: fcntl(packet_get_connection_in(), F_SETFD, 0);
1.155 markus 1538: permanently_drop_suid(getuid());
1.100 markus 1539: close(from[0]);
1540: if (dup2(from[1], STDOUT_FILENO) < 0)
1541: fatal("ssh_keysign: dup2: %s", strerror(errno));
1542: close(to[1]);
1543: if (dup2(to[0], STDIN_FILENO) < 0)
1544: fatal("ssh_keysign: dup2: %s", strerror(errno));
1.103 markus 1545: close(from[1]);
1546: close(to[0]);
1.102 markus 1547: execl(_PATH_SSH_KEY_SIGN, _PATH_SSH_KEY_SIGN, (char *) 0);
1.100 markus 1548: fatal("ssh_keysign: exec(%s): %s", _PATH_SSH_KEY_SIGN,
1549: strerror(errno));
1550: }
1551: close(from[1]);
1552: close(to[0]);
1553:
1554: buffer_init(&b);
1.103 markus 1555: buffer_put_int(&b, packet_get_connection_in()); /* send # of socket */
1.100 markus 1556: buffer_put_string(&b, data, datalen);
1.131 djm 1557: if (ssh_msg_send(to[1], version, &b) == -1)
1558: fatal("ssh_keysign: couldn't send request");
1.100 markus 1559:
1.110 djm 1560: if (ssh_msg_recv(from[0], &b) < 0) {
1.101 markus 1561: error("ssh_keysign: no reply");
1.134 markus 1562: buffer_free(&b);
1.100 markus 1563: return -1;
1564: }
1.101 markus 1565: close(from[0]);
1566: close(to[1]);
1567:
1.103 markus 1568: while (waitpid(pid, &status, 0) < 0)
1569: if (errno != EINTR)
1570: break;
1.101 markus 1571:
1.100 markus 1572: if (buffer_get_char(&b) != version) {
1.101 markus 1573: error("ssh_keysign: bad version");
1.134 markus 1574: buffer_free(&b);
1.100 markus 1575: return -1;
1576: }
1577: *sigp = buffer_get_string(&b, lenp);
1.134 markus 1578: buffer_free(&b);
1.100 markus 1579:
1580: return 0;
1581: }
1582:
1.68 markus 1583: int
1584: userauth_hostbased(Authctxt *authctxt)
1585: {
1586: Key *private = NULL;
1.100 markus 1587: Sensitive *sensitive = authctxt->sensitive;
1.68 markus 1588: Buffer b;
1589: u_char *signature, *blob;
1.179 dtucker 1590: char *chost, *pkalg, *p;
1.72 markus 1591: const char *service;
1.68 markus 1592: u_int blen, slen;
1.176 dtucker 1593: int ok, i, found = 0;
1.68 markus 1594:
1595: /* check for a useful key */
1.100 markus 1596: for (i = 0; i < sensitive->nkeys; i++) {
1597: private = sensitive->keys[i];
1.68 markus 1598: if (private && private->type != KEY_RSA1) {
1599: found = 1;
1600: /* we take and free the key */
1.100 markus 1601: sensitive->keys[i] = NULL;
1.68 markus 1602: break;
1603: }
1604: }
1605: if (!found) {
1.109 markus 1606: debug("No more client hostkeys for hostbased authentication.");
1.68 markus 1607: return 0;
1608: }
1609: if (key_to_blob(private, &blob, &blen) == 0) {
1610: key_free(private);
1611: return 0;
1612: }
1.84 markus 1613: /* figure out a name for the client host */
1.179 dtucker 1614: p = get_local_name(packet_get_connection_in());
1.84 markus 1615: if (p == NULL) {
1616: error("userauth_hostbased: cannot get local ipaddr/name");
1617: key_free(private);
1.148 djm 1618: xfree(blob);
1.84 markus 1619: return 0;
1620: }
1.150 djm 1621: xasprintf(&chost, "%s.", p);
1.84 markus 1622: debug2("userauth_hostbased: chost %s", chost);
1.112 markus 1623: xfree(p);
1.84 markus 1624:
1.72 markus 1625: service = datafellows & SSH_BUG_HBSERVICE ? "ssh-userauth" :
1626: authctxt->service;
1.68 markus 1627: pkalg = xstrdup(key_ssh_name(private));
1628: buffer_init(&b);
1629: /* construct data */
1.72 markus 1630: buffer_put_string(&b, session_id2, session_id2_len);
1.68 markus 1631: buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
1632: buffer_put_cstring(&b, authctxt->server_user);
1.72 markus 1633: buffer_put_cstring(&b, service);
1.68 markus 1634: buffer_put_cstring(&b, authctxt->method->name);
1635: buffer_put_cstring(&b, pkalg);
1636: buffer_put_string(&b, blob, blen);
1637: buffer_put_cstring(&b, chost);
1638: buffer_put_cstring(&b, authctxt->local_user);
1639: #ifdef DEBUG_PK
1640: buffer_dump(&b);
1641: #endif
1.100 markus 1642: if (sensitive->external_keysign)
1643: ok = ssh_keysign(private, &signature, &slen,
1644: buffer_ptr(&b), buffer_len(&b));
1645: else
1646: ok = key_sign(private, &signature, &slen,
1647: buffer_ptr(&b), buffer_len(&b));
1.68 markus 1648: key_free(private);
1649: buffer_free(&b);
1650: if (ok != 0) {
1651: error("key_sign failed");
1652: xfree(chost);
1653: xfree(pkalg);
1.148 djm 1654: xfree(blob);
1.68 markus 1655: return 0;
1656: }
1657: packet_start(SSH2_MSG_USERAUTH_REQUEST);
1658: packet_put_cstring(authctxt->server_user);
1659: packet_put_cstring(authctxt->service);
1660: packet_put_cstring(authctxt->method->name);
1661: packet_put_cstring(pkalg);
1662: packet_put_string(blob, blen);
1663: packet_put_cstring(chost);
1664: packet_put_cstring(authctxt->local_user);
1665: packet_put_string(signature, slen);
1666: memset(signature, 's', slen);
1667: xfree(signature);
1668: xfree(chost);
1669: xfree(pkalg);
1.148 djm 1670: xfree(blob);
1.68 markus 1671:
1672: packet_send();
1673: return 1;
1.23 markus 1674: }
1.20 markus 1675:
1.170 djm 1676: #ifdef JPAKE
1677: int
1678: userauth_jpake(Authctxt *authctxt)
1679: {
1680: struct jpake_ctx *pctx;
1681: u_char *x1_proof, *x2_proof;
1682: u_int x1_proof_len, x2_proof_len;
1683: static int attempt = 0; /* XXX share with userauth_password's? */
1684:
1685: if (attempt++ >= options.number_of_password_prompts)
1686: return 0;
1687: if (attempt != 1)
1688: error("Permission denied, please try again.");
1689:
1690: if (authctxt->methoddata != NULL)
1691: fatal("%s: authctxt->methoddata already set (%p)",
1692: __func__, authctxt->methoddata);
1693:
1694: authctxt->methoddata = pctx = jpake_new();
1695:
1696: /*
1697: * Send request immediately, to get the protocol going while
1698: * we do the initial computations.
1699: */
1700: packet_start(SSH2_MSG_USERAUTH_REQUEST);
1701: packet_put_cstring(authctxt->server_user);
1702: packet_put_cstring(authctxt->service);
1703: packet_put_cstring(authctxt->method->name);
1704: packet_send();
1705: packet_write_wait();
1706:
1707: jpake_step1(pctx->grp,
1708: &pctx->client_id, &pctx->client_id_len,
1709: &pctx->x1, &pctx->x2, &pctx->g_x1, &pctx->g_x2,
1710: &x1_proof, &x1_proof_len,
1711: &x2_proof, &x2_proof_len);
1712:
1713: JPAKE_DEBUG_CTX((pctx, "step 1 sending in %s", __func__));
1714:
1715: packet_start(SSH2_MSG_USERAUTH_JPAKE_CLIENT_STEP1);
1716: packet_put_string(pctx->client_id, pctx->client_id_len);
1717: packet_put_bignum2(pctx->g_x1);
1718: packet_put_bignum2(pctx->g_x2);
1719: packet_put_string(x1_proof, x1_proof_len);
1720: packet_put_string(x2_proof, x2_proof_len);
1721: packet_send();
1722:
1723: bzero(x1_proof, x1_proof_len);
1724: bzero(x2_proof, x2_proof_len);
1725: xfree(x1_proof);
1726: xfree(x2_proof);
1727:
1728: /* Expect step 1 packet from peer */
1729: dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_STEP1,
1730: input_userauth_jpake_server_step1);
1.172 djm 1731: dispatch_set(SSH2_MSG_USERAUTH_SUCCESS,
1732: &input_userauth_success_unexpected);
1.170 djm 1733:
1734: return 1;
1735: }
1736:
1737: void
1738: userauth_jpake_cleanup(Authctxt *authctxt)
1739: {
1740: debug3("%s: clean up", __func__);
1741: if (authctxt->methoddata != NULL) {
1742: jpake_free(authctxt->methoddata);
1743: authctxt->methoddata = NULL;
1744: }
1.172 djm 1745: dispatch_set(SSH2_MSG_USERAUTH_SUCCESS, &input_userauth_success);
1.170 djm 1746: }
1747: #endif /* JPAKE */
1748:
1.20 markus 1749: /* find auth method */
1750:
1751: /*
1752: * given auth method name, if configurable options permit this method fill
1753: * in auth_ident field and return true, otherwise return false.
1754: */
1.76 itojun 1755: static int
1.20 markus 1756: authmethod_is_enabled(Authmethod *method)
1757: {
1758: if (method == NULL)
1759: return 0;
1760: /* return false if options indicate this method is disabled */
1761: if (method->enabled == NULL || *method->enabled == 0)
1762: return 0;
1763: /* return false if batch mode is enabled but method needs interactive mode */
1764: if (method->batch_flag != NULL && *method->batch_flag != 0)
1765: return 0;
1766: return 1;
1767: }
1768:
1.76 itojun 1769: static Authmethod *
1.20 markus 1770: authmethod_lookup(const char *name)
1.1 markus 1771: {
1.20 markus 1772: Authmethod *method = NULL;
1773: if (name != NULL)
1774: for (method = authmethods; method->name != NULL; method++)
1775: if (strcmp(name, method->name) == 0)
1776: return method;
1777: debug2("Unrecognized authentication method name: %s", name ? name : "NULL");
1778: return NULL;
1779: }
1.1 markus 1780:
1.53 markus 1781: /* XXX internal state */
1782: static Authmethod *current = NULL;
1783: static char *supported = NULL;
1784: static char *preferred = NULL;
1.105 deraadt 1785:
1.20 markus 1786: /*
1787: * Given the authentication method list sent by the server, return the
1788: * next method we should try. If the server initially sends a nil list,
1.67 markus 1789: * use a built-in default list.
1.41 stevesk 1790: */
1.76 itojun 1791: static Authmethod *
1.20 markus 1792: authmethod_get(char *authlist)
1793: {
1.53 markus 1794: char *name = NULL;
1.97 markus 1795: u_int next;
1.41 stevesk 1796:
1.20 markus 1797: /* Use a suitable default if we're passed a nil list. */
1798: if (authlist == NULL || strlen(authlist) == 0)
1.53 markus 1799: authlist = options.preferred_authentications;
1.20 markus 1800:
1.53 markus 1801: if (supported == NULL || strcmp(authlist, supported) != 0) {
1802: debug3("start over, passed a different list %s", authlist);
1803: if (supported != NULL)
1804: xfree(supported);
1805: supported = xstrdup(authlist);
1806: preferred = options.preferred_authentications;
1807: debug3("preferred %s", preferred);
1808: current = NULL;
1809: } else if (current != NULL && authmethod_is_enabled(current))
1810: return current;
1.20 markus 1811:
1.53 markus 1812: for (;;) {
1813: if ((name = match_list(preferred, supported, &next)) == NULL) {
1.109 markus 1814: debug("No more authentication methods to try.");
1.53 markus 1815: current = NULL;
1816: return NULL;
1817: }
1818: preferred += next;
1.23 markus 1819: debug3("authmethod_lookup %s", name);
1.53 markus 1820: debug3("remaining preferred: %s", preferred);
1821: if ((current = authmethod_lookup(name)) != NULL &&
1822: authmethod_is_enabled(current)) {
1.23 markus 1823: debug3("authmethod_is_enabled %s", name);
1.109 markus 1824: debug("Next authentication method: %s", name);
1.53 markus 1825: return current;
1.23 markus 1826: }
1.1 markus 1827: }
1.53 markus 1828: }
1.1 markus 1829:
1.79 stevesk 1830: static char *
1.53 markus 1831: authmethods_get(void)
1832: {
1833: Authmethod *method = NULL;
1.93 markus 1834: Buffer b;
1835: char *list;
1.27 provos 1836:
1.93 markus 1837: buffer_init(&b);
1.53 markus 1838: for (method = authmethods; method->name != NULL; method++) {
1839: if (authmethod_is_enabled(method)) {
1.93 markus 1840: if (buffer_len(&b) > 0)
1841: buffer_append(&b, ",", 1);
1842: buffer_append(&b, method->name, strlen(method->name));
1.53 markus 1843: }
1844: }
1.93 markus 1845: buffer_append(&b, "\0", 1);
1846: list = xstrdup(buffer_ptr(&b));
1847: buffer_free(&b);
1848: return list;
1.1 markus 1849: }
1.170 djm 1850: