[BACK]Return to sshconnect2.c CVS log [TXT][DIR] Up to [local] / src / usr.bin / ssh

Annotation of src/usr.bin/ssh/sshconnect2.c, Revision 1.190

1.190   ! djm         1: /* $OpenBSD: sshconnect2.c,v 1.189 2012/06/22 12:30:26 dtucker Exp $ */
1.1       markus      2: /*
                      3:  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
1.170     djm         4:  * Copyright (c) 2008 Damien Miller.  All rights reserved.
1.1       markus      5:  *
                      6:  * Redistribution and use in source and binary forms, with or without
                      7:  * modification, are permitted provided that the following conditions
                      8:  * are met:
                      9:  * 1. Redistributions of source code must retain the above copyright
                     10:  *    notice, this list of conditions and the following disclaimer.
                     11:  * 2. Redistributions in binary form must reproduce the above copyright
                     12:  *    notice, this list of conditions and the following disclaimer in the
                     13:  *    documentation and/or other materials provided with the distribution.
                     14:  *
                     15:  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
                     16:  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
                     17:  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
                     18:  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
                     19:  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
                     20:  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
                     21:  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
                     22:  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
                     23:  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
                     24:  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
                     25:  */
                     26:
1.145     stevesk    27: #include <sys/types.h>
1.160     deraadt    28: #include <sys/socket.h>
1.145     stevesk    29: #include <sys/wait.h>
1.144     stevesk    30: #include <sys/queue.h>
1.146     stevesk    31: #include <sys/stat.h>
1.156     stevesk    32:
                     33: #include <errno.h>
1.174     dtucker    34: #include <fcntl.h>
1.164     jolan      35: #include <netdb.h>
1.159     stevesk    36: #include <stdio.h>
1.158     stevesk    37: #include <string.h>
1.160     deraadt    38: #include <signal.h>
                     39: #include <pwd.h>
1.157     stevesk    40: #include <unistd.h>
1.166     djm        41: #include <vis.h>
1.1       markus     42:
1.160     deraadt    43: #include "xmalloc.h"
1.1       markus     44: #include "ssh.h"
1.37      markus     45: #include "ssh2.h"
1.1       markus     46: #include "buffer.h"
                     47: #include "packet.h"
                     48: #include "compat.h"
1.37      markus     49: #include "cipher.h"
1.160     deraadt    50: #include "key.h"
1.1       markus     51: #include "kex.h"
                     52: #include "myproposal.h"
                     53: #include "sshconnect.h"
                     54: #include "authfile.h"
1.57      provos     55: #include "dh.h"
1.17      markus     56: #include "authfd.h"
1.37      markus     57: #include "log.h"
                     58: #include "readconf.h"
1.137     djm        59: #include "misc.h"
1.53      markus     60: #include "match.h"
1.61      markus     61: #include "dispatch.h"
1.68      markus     62: #include "canohost.h"
1.100     markus     63: #include "msg.h"
                     64: #include "pathnames.h"
1.154     markus     65: #include "uidswap.h"
1.186     djm        66: #include "hostfile.h"
1.171     djm        67: #include "schnorr.h"
1.170     djm        68: #include "jpake.h"
1.22      provos     69:
1.121     markus     70: #ifdef GSSAPI
                     71: #include "ssh-gss.h"
                     72: #endif
                     73:
1.1       markus     74: /* import */
                     75: extern char *client_version_string;
                     76: extern char *server_version_string;
                     77: extern Options options;
                     78:
                     79: /*
                     80:  * SSH2 key exchange
                     81:  */
                     82:
1.32      markus     83: u_char *session_id2 = NULL;
1.120     markus     84: u_int session_id2_len = 0;
1.1       markus     85:
1.61      markus     86: char *xxx_host;
                     87: struct sockaddr *xxx_hostaddr;
                     88:
1.63      markus     89: Kex *xxx_kex = NULL;
                     90:
1.76      itojun     91: static int
1.75      markus     92: verify_host_key_callback(Key *hostkey)
1.61      markus     93: {
1.75      markus     94:        if (verify_host_key(xxx_host, xxx_hostaddr, hostkey) == -1)
1.83      markus     95:                fatal("Host key verification failed.");
1.61      markus     96:        return 0;
                     97: }
                     98:
1.186     djm        99: static char *
                    100: order_hostkeyalgs(char *host, struct sockaddr *hostaddr, u_short port)
                    101: {
                    102:        char *oavail, *avail, *first, *last, *alg, *hostname, *ret;
                    103:        size_t maxlen;
                    104:        struct hostkeys *hostkeys;
                    105:        int ktype;
1.188     djm       106:        u_int i;
1.186     djm       107:
                    108:        /* Find all hostkeys for this hostname */
                    109:        get_hostfile_hostname_ipaddr(host, hostaddr, port, &hostname, NULL);
                    110:        hostkeys = init_hostkeys();
1.188     djm       111:        for (i = 0; i < options.num_user_hostfiles; i++)
                    112:                load_hostkeys(hostkeys, hostname, options.user_hostfiles[i]);
                    113:        for (i = 0; i < options.num_system_hostfiles; i++)
                    114:                load_hostkeys(hostkeys, hostname, options.system_hostfiles[i]);
1.186     djm       115:
                    116:        oavail = avail = xstrdup(KEX_DEFAULT_PK_ALG);
                    117:        maxlen = strlen(avail) + 1;
                    118:        first = xmalloc(maxlen);
                    119:        last = xmalloc(maxlen);
                    120:        *first = *last = '\0';
                    121:
                    122: #define ALG_APPEND(to, from) \
                    123:        do { \
                    124:                if (*to != '\0') \
                    125:                        strlcat(to, ",", maxlen); \
                    126:                strlcat(to, from, maxlen); \
                    127:        } while (0)
                    128:
                    129:        while ((alg = strsep(&avail, ",")) && *alg != '\0') {
                    130:                if ((ktype = key_type_from_name(alg)) == KEY_UNSPEC)
                    131:                        fatal("%s: unknown alg %s", __func__, alg);
                    132:                if (lookup_key_in_hostkeys_by_type(hostkeys,
                    133:                    key_type_plain(ktype), NULL))
                    134:                        ALG_APPEND(first, alg);
                    135:                else
                    136:                        ALG_APPEND(last, alg);
                    137:        }
                    138: #undef ALG_APPEND
                    139:        xasprintf(&ret, "%s%s%s", first, *first == '\0' ? "" : ",", last);
                    140:        if (*first != '\0')
                    141:                debug3("%s: prefer hostkeyalgs: %s", __func__, first);
                    142:
                    143:        xfree(first);
                    144:        xfree(last);
                    145:        xfree(hostname);
                    146:        xfree(oavail);
                    147:        free_hostkeys(hostkeys);
                    148:
                    149:        return ret;
                    150: }
                    151:
1.1       markus    152: void
1.186     djm       153: ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port)
1.22      provos    154: {
                    155:        Kex *kex;
1.61      markus    156:
                    157:        xxx_host = host;
                    158:        xxx_hostaddr = hostaddr;
1.22      provos    159:
1.29      markus    160:        if (options.ciphers == (char *)-1) {
1.116     itojun    161:                logit("No valid ciphers for protocol version 2 given, using defaults.");
1.29      markus    162:                options.ciphers = NULL;
1.24      markus    163:        }
1.22      provos    164:        if (options.ciphers != NULL) {
                    165:                myproposal[PROPOSAL_ENC_ALGS_CTOS] =
                    166:                myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers;
                    167:        }
1.60      stevesk   168:        myproposal[PROPOSAL_ENC_ALGS_CTOS] =
                    169:            compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_CTOS]);
                    170:        myproposal[PROPOSAL_ENC_ALGS_STOC] =
                    171:            compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_STOC]);
1.22      provos    172:        if (options.compression) {
1.47      markus    173:                myproposal[PROPOSAL_COMP_ALGS_CTOS] =
1.141     markus    174:                myproposal[PROPOSAL_COMP_ALGS_STOC] = "zlib@openssh.com,zlib,none";
1.22      provos    175:        } else {
1.47      markus    176:                myproposal[PROPOSAL_COMP_ALGS_CTOS] =
1.141     markus    177:                myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib@openssh.com,zlib";
1.47      markus    178:        }
                    179:        if (options.macs != NULL) {
                    180:                myproposal[PROPOSAL_MAC_ALGS_CTOS] =
                    181:                myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
1.22      provos    182:        }
1.70      markus    183:        if (options.hostkeyalgorithms != NULL)
1.88      deraadt   184:                myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
1.70      markus    185:                    options.hostkeyalgorithms;
1.186     djm       186:        else {
                    187:                /* Prefer algorithms that we already have keys for */
                    188:                myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
                    189:                    order_hostkeyalgs(host, hostaddr, port);
                    190:        }
1.185     djm       191:        if (options.kex_algorithms != NULL)
                    192:                myproposal[PROPOSAL_KEX_ALGS] = options.kex_algorithms;
1.115     markus    193:
                    194:        if (options.rekey_limit)
1.165     djm       195:                packet_set_rekey_limit((u_int32_t)options.rekey_limit);
1.22      provos    196:
1.65      markus    197:        /* start key exchange */
1.64      markus    198:        kex = kex_setup(myproposal);
1.111     markus    199:        kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client;
1.138     djm       200:        kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client;
1.111     markus    201:        kex->kex[KEX_DH_GEX_SHA1] = kexgex_client;
1.147     djm       202:        kex->kex[KEX_DH_GEX_SHA256] = kexgex_client;
1.184     djm       203:        kex->kex[KEX_ECDH_SHA2] = kexecdh_client;
1.61      markus    204:        kex->client_version_string=client_version_string;
                    205:        kex->server_version_string=server_version_string;
1.75      markus    206:        kex->verify_host_key=&verify_host_key_callback;
1.63      markus    207:
                    208:        xxx_kex = kex;
1.22      provos    209:
1.66      markus    210:        dispatch_run(DISPATCH_BLOCK, &kex->done, kex);
1.173     andreas   211:
                    212:        if (options.use_roaming && !kex->roaming) {
                    213:                debug("Roaming not allowed by server");
                    214:                options.use_roaming = 0;
                    215:        }
1.62      markus    216:
                    217:        session_id2 = kex->session_id;
                    218:        session_id2_len = kex->session_id_len;
1.22      provos    219:
                    220: #ifdef DEBUG_KEXDH
                    221:        /* send 1st encrypted/maced/compressed message */
                    222:        packet_start(SSH2_MSG_IGNORE);
                    223:        packet_put_cstring("markus");
                    224:        packet_send();
                    225:        packet_write_wait();
                    226: #endif
1.1       markus    227: }
1.11      markus    228:
1.1       markus    229: /*
                    230:  * Authenticate user
                    231:  */
1.20      markus    232:
                    233: typedef struct Authctxt Authctxt;
                    234: typedef struct Authmethod Authmethod;
1.117     markus    235: typedef struct identity Identity;
                    236: typedef struct idlist Idlist;
1.20      markus    237:
1.117     markus    238: struct identity {
                    239:        TAILQ_ENTRY(identity) next;
                    240:        AuthenticationConnection *ac;   /* set if agent supports key */
                    241:        Key     *key;                   /* public/private key */
                    242:        char    *filename;              /* comment for agent-only keys */
                    243:        int     tried;
                    244:        int     isprivate;              /* key points to the private key */
                    245: };
                    246: TAILQ_HEAD(idlist, identity);
1.20      markus    247:
                    248: struct Authctxt {
                    249:        const char *server_user;
1.68      markus    250:        const char *local_user;
1.20      markus    251:        const char *host;
                    252:        const char *service;
1.23      markus    253:        Authmethod *method;
1.183     djm       254:        sig_atomic_t success;
1.51      markus    255:        char *authlist;
1.68      markus    256:        /* pubkey */
1.117     markus    257:        Idlist keys;
1.68      markus    258:        AuthenticationConnection *agent;
                    259:        /* hostbased */
1.100     markus    260:        Sensitive *sensitive;
1.82      markus    261:        /* kbd-interactive */
                    262:        int info_req_seen;
1.121     markus    263:        /* generic */
                    264:        void *methoddata;
1.20      markus    265: };
                    266: struct Authmethod {
                    267:        char    *name;          /* string to compare against server's list */
                    268:        int     (*userauth)(Authctxt *authctxt);
1.170     djm       269:        void    (*cleanup)(Authctxt *authctxt);
1.20      markus    270:        int     *enabled;       /* flag in option struct that enables method */
                    271:        int     *batch_flag;    /* flag in option struct that disables method */
                    272: };
                    273:
1.92      markus    274: void   input_userauth_success(int, u_int32_t, void *);
1.172     djm       275: void   input_userauth_success_unexpected(int, u_int32_t, void *);
1.92      markus    276: void   input_userauth_failure(int, u_int32_t, void *);
                    277: void   input_userauth_banner(int, u_int32_t, void *);
                    278: void   input_userauth_error(int, u_int32_t, void *);
                    279: void   input_userauth_info_req(int, u_int32_t, void *);
                    280: void   input_userauth_pk_ok(int, u_int32_t, void *);
1.99      markus    281: void   input_userauth_passwd_changereq(int, u_int32_t, void *);
1.170     djm       282: void   input_userauth_jpake_server_step1(int, u_int32_t, void *);
                    283: void   input_userauth_jpake_server_step2(int, u_int32_t, void *);
                    284: void   input_userauth_jpake_server_confirm(int, u_int32_t, void *);
1.86      itojun    285:
                    286: int    userauth_none(Authctxt *);
                    287: int    userauth_pubkey(Authctxt *);
                    288: int    userauth_passwd(Authctxt *);
                    289: int    userauth_kbdint(Authctxt *);
                    290: int    userauth_hostbased(Authctxt *);
1.170     djm       291: int    userauth_jpake(Authctxt *);
                    292:
                    293: void   userauth_jpake_cleanup(Authctxt *);
1.20      markus    294:
1.121     markus    295: #ifdef GSSAPI
                    296: int    userauth_gssapi(Authctxt *authctxt);
                    297: void   input_gssapi_response(int type, u_int32_t, void *);
                    298: void   input_gssapi_token(int type, u_int32_t, void *);
                    299: void   input_gssapi_hash(int type, u_int32_t, void *);
                    300: void   input_gssapi_error(int, u_int32_t, void *);
                    301: void   input_gssapi_errtok(int, u_int32_t, void *);
                    302: #endif
                    303:
1.86      itojun    304: void   userauth(Authctxt *, char *);
1.51      markus    305:
1.117     markus    306: static int sign_and_send_pubkey(Authctxt *, Identity *);
                    307: static void pubkey_prepare(Authctxt *);
                    308: static void pubkey_cleanup(Authctxt *);
                    309: static Key *load_identity_file(char *);
1.76      itojun    310:
                    311: static Authmethod *authmethod_get(char *authlist);
                    312: static Authmethod *authmethod_lookup(const char *name);
                    313: static char *authmethods_get(void);
1.20      markus    314:
                    315: Authmethod authmethods[] = {
1.121     markus    316: #ifdef GSSAPI
1.132     markus    317:        {"gssapi-with-mic",
1.121     markus    318:                userauth_gssapi,
1.170     djm       319:                NULL,
1.121     markus    320:                &options.gss_authentication,
                    321:                NULL},
                    322: #endif
1.81      markus    323:        {"hostbased",
                    324:                userauth_hostbased,
1.170     djm       325:                NULL,
1.81      markus    326:                &options.hostbased_authentication,
                    327:                NULL},
1.20      markus    328:        {"publickey",
                    329:                userauth_pubkey,
1.170     djm       330:                NULL,
1.28      markus    331:                &options.pubkey_authentication,
1.20      markus    332:                NULL},
1.170     djm       333: #ifdef JPAKE
                    334:        {"jpake-01@openssh.com",
                    335:                userauth_jpake,
                    336:                userauth_jpake_cleanup,
                    337:                &options.zero_knowledge_password_authentication,
                    338:                &options.batch_mode},
                    339: #endif
1.81      markus    340:        {"keyboard-interactive",
                    341:                userauth_kbdint,
1.170     djm       342:                NULL,
1.81      markus    343:                &options.kbd_interactive_authentication,
                    344:                &options.batch_mode},
1.20      markus    345:        {"password",
                    346:                userauth_passwd,
1.170     djm       347:                NULL,
1.20      markus    348:                &options.password_authentication,
1.23      markus    349:                &options.batch_mode},
                    350:        {"none",
                    351:                userauth_none,
                    352:                NULL,
1.170     djm       353:                NULL,
1.23      markus    354:                NULL},
1.170     djm       355:        {NULL, NULL, NULL, NULL, NULL}
1.20      markus    356: };
                    357:
                    358: void
1.68      markus    359: ssh_userauth2(const char *local_user, const char *server_user, char *host,
1.100     markus    360:     Sensitive *sensitive)
1.20      markus    361: {
                    362:        Authctxt authctxt;
                    363:        int type;
1.39      markus    364:
1.73      markus    365:        if (options.challenge_response_authentication)
1.39      markus    366:                options.kbd_interactive_authentication = 1;
1.20      markus    367:
                    368:        packet_start(SSH2_MSG_SERVICE_REQUEST);
                    369:        packet_put_cstring("ssh-userauth");
                    370:        packet_send();
1.108     markus    371:        debug("SSH2_MSG_SERVICE_REQUEST sent");
1.20      markus    372:        packet_write_wait();
1.91      markus    373:        type = packet_read();
1.108     markus    374:        if (type != SSH2_MSG_SERVICE_ACCEPT)
                    375:                fatal("Server denied authentication request: %d", type);
1.20      markus    376:        if (packet_remaining() > 0) {
1.91      markus    377:                char *reply = packet_get_string(NULL);
1.108     markus    378:                debug2("service_accept: %s", reply);
1.20      markus    379:                xfree(reply);
                    380:        } else {
1.109     markus    381:                debug2("buggy server: service_accept w/o service");
1.20      markus    382:        }
1.90      markus    383:        packet_check_eom();
1.108     markus    384:        debug("SSH2_MSG_SERVICE_ACCEPT received");
1.20      markus    385:
1.53      markus    386:        if (options.preferred_authentications == NULL)
                    387:                options.preferred_authentications = authmethods_get();
                    388:
1.20      markus    389:        /* setup authentication context */
1.82      markus    390:        memset(&authctxt, 0, sizeof(authctxt));
1.117     markus    391:        pubkey_prepare(&authctxt);
1.20      markus    392:        authctxt.server_user = server_user;
1.68      markus    393:        authctxt.local_user = local_user;
1.20      markus    394:        authctxt.host = host;
                    395:        authctxt.service = "ssh-connection";            /* service name */
                    396:        authctxt.success = 0;
1.23      markus    397:        authctxt.method = authmethod_lookup("none");
1.51      markus    398:        authctxt.authlist = NULL;
1.121     markus    399:        authctxt.methoddata = NULL;
1.100     markus    400:        authctxt.sensitive = sensitive;
1.82      markus    401:        authctxt.info_req_seen = 0;
1.23      markus    402:        if (authctxt.method == NULL)
                    403:                fatal("ssh_userauth2: internal error: cannot send userauth none request");
1.20      markus    404:
                    405:        /* initial userauth request */
1.23      markus    406:        userauth_none(&authctxt);
1.20      markus    407:
1.65      markus    408:        dispatch_init(&input_userauth_error);
1.20      markus    409:        dispatch_set(SSH2_MSG_USERAUTH_SUCCESS, &input_userauth_success);
                    410:        dispatch_set(SSH2_MSG_USERAUTH_FAILURE, &input_userauth_failure);
1.35      markus    411:        dispatch_set(SSH2_MSG_USERAUTH_BANNER, &input_userauth_banner);
1.20      markus    412:        dispatch_run(DISPATCH_BLOCK, &authctxt.success, &authctxt);     /* loop until success */
                    413:
1.117     markus    414:        pubkey_cleanup(&authctxt);
1.119     markus    415:        dispatch_range(SSH2_MSG_USERAUTH_MIN, SSH2_MSG_USERAUTH_MAX, NULL);
                    416:
1.109     markus    417:        debug("Authentication succeeded (%s).", authctxt.method->name);
1.20      markus    418: }
1.119     markus    419:
1.20      markus    420: void
1.51      markus    421: userauth(Authctxt *authctxt, char *authlist)
                    422: {
1.170     djm       423:        if (authctxt->method != NULL && authctxt->method->cleanup != NULL)
                    424:                authctxt->method->cleanup(authctxt);
                    425:
1.121     markus    426:        if (authctxt->methoddata) {
                    427:                xfree(authctxt->methoddata);
                    428:                authctxt->methoddata = NULL;
                    429:        }
1.51      markus    430:        if (authlist == NULL) {
                    431:                authlist = authctxt->authlist;
                    432:        } else {
                    433:                if (authctxt->authlist)
                    434:                        xfree(authctxt->authlist);
                    435:                authctxt->authlist = authlist;
                    436:        }
                    437:        for (;;) {
                    438:                Authmethod *method = authmethod_get(authlist);
                    439:                if (method == NULL)
                    440:                        fatal("Permission denied (%s).", authlist);
                    441:                authctxt->method = method;
1.119     markus    442:
                    443:                /* reset the per method handler */
                    444:                dispatch_range(SSH2_MSG_USERAUTH_PER_METHOD_MIN,
                    445:                    SSH2_MSG_USERAUTH_PER_METHOD_MAX, NULL);
                    446:
                    447:                /* and try new method */
1.51      markus    448:                if (method->userauth(authctxt) != 0) {
                    449:                        debug2("we sent a %s packet, wait for reply", method->name);
                    450:                        break;
                    451:                } else {
                    452:                        debug2("we did not send a packet, disable method");
                    453:                        method->enabled = NULL;
                    454:                }
                    455:        }
                    456: }
1.105     deraadt   457:
1.169     djm       458: /* ARGSUSED */
1.51      markus    459: void
1.92      markus    460: input_userauth_error(int type, u_int32_t seq, void *ctxt)
1.20      markus    461: {
1.35      markus    462:        fatal("input_userauth_error: bad message during authentication: "
1.140     djm       463:            "type %d", type);
1.35      markus    464: }
1.105     deraadt   465:
1.169     djm       466: /* ARGSUSED */
1.35      markus    467: void
1.92      markus    468: input_userauth_banner(int type, u_int32_t seq, void *ctxt)
1.35      markus    469: {
1.166     djm       470:        char *msg, *raw, *lang;
                    471:        u_int len;
1.126     deraadt   472:
1.35      markus    473:        debug3("input_userauth_banner");
1.166     djm       474:        raw = packet_get_string(&len);
1.35      markus    475:        lang = packet_get_string(NULL);
1.167     markus    476:        if (len > 0 && options.log_level >= SYSLOG_LEVEL_INFO) {
1.166     djm       477:                if (len > 65536)
                    478:                        len = 65536;
1.168     deraadt   479:                msg = xmalloc(len * 4 + 1); /* max expansion from strnvis() */
1.177     dtucker   480:                strnvis(msg, raw, len * 4 + 1, VIS_SAFE|VIS_OCTAL|VIS_NOSLASH);
1.125     dtucker   481:                fprintf(stderr, "%s", msg);
1.166     djm       482:                xfree(msg);
                    483:        }
                    484:        xfree(raw);
1.35      markus    485:        xfree(lang);
1.20      markus    486: }
1.105     deraadt   487:
1.169     djm       488: /* ARGSUSED */
1.20      markus    489: void
1.92      markus    490: input_userauth_success(int type, u_int32_t seq, void *ctxt)
1.20      markus    491: {
                    492:        Authctxt *authctxt = ctxt;
1.172     djm       493:
1.20      markus    494:        if (authctxt == NULL)
                    495:                fatal("input_userauth_success: no authentication context");
1.126     deraadt   496:        if (authctxt->authlist) {
1.51      markus    497:                xfree(authctxt->authlist);
1.126     deraadt   498:                authctxt->authlist = NULL;
                    499:        }
1.172     djm       500:        if (authctxt->method != NULL && authctxt->method->cleanup != NULL)
                    501:                authctxt->method->cleanup(authctxt);
1.126     deraadt   502:        if (authctxt->methoddata) {
1.121     markus    503:                xfree(authctxt->methoddata);
1.126     deraadt   504:                authctxt->methoddata = NULL;
                    505:        }
1.20      markus    506:        authctxt->success = 1;                  /* break out */
                    507: }
1.105     deraadt   508:
1.172     djm       509: void
                    510: input_userauth_success_unexpected(int type, u_int32_t seq, void *ctxt)
                    511: {
                    512:        Authctxt *authctxt = ctxt;
                    513:
                    514:        if (authctxt == NULL)
                    515:                fatal("%s: no authentication context", __func__);
                    516:
                    517:        fatal("Unexpected authentication success during %s.",
                    518:            authctxt->method->name);
                    519: }
                    520:
1.169     djm       521: /* ARGSUSED */
1.20      markus    522: void
1.92      markus    523: input_userauth_failure(int type, u_int32_t seq, void *ctxt)
1.20      markus    524: {
                    525:        Authctxt *authctxt = ctxt;
                    526:        char *authlist = NULL;
                    527:        int partial;
                    528:
                    529:        if (authctxt == NULL)
                    530:                fatal("input_userauth_failure: no authentication context");
                    531:
1.23      markus    532:        authlist = packet_get_string(NULL);
1.20      markus    533:        partial = packet_get_char();
1.90      markus    534:        packet_check_eom();
1.20      markus    535:
                    536:        if (partial != 0)
1.116     itojun    537:                logit("Authenticated with partial success.");
1.109     markus    538:        debug("Authentications that can continue: %s", authlist);
1.20      markus    539:
1.51      markus    540:        userauth(authctxt, authlist);
                    541: }
1.169     djm       542:
                    543: /* ARGSUSED */
1.51      markus    544: void
1.92      markus    545: input_userauth_pk_ok(int type, u_int32_t seq, void *ctxt)
1.51      markus    546: {
                    547:        Authctxt *authctxt = ctxt;
                    548:        Key *key = NULL;
1.117     markus    549:        Identity *id = NULL;
1.51      markus    550:        Buffer b;
1.96      markus    551:        int pktype, sent = 0;
                    552:        u_int alen, blen;
                    553:        char *pkalg, *fp;
                    554:        u_char *pkblob;
1.51      markus    555:
                    556:        if (authctxt == NULL)
                    557:                fatal("input_userauth_pk_ok: no authentication context");
                    558:        if (datafellows & SSH_BUG_PKOK) {
                    559:                /* this is similar to SSH_BUG_PKAUTH */
                    560:                debug2("input_userauth_pk_ok: SSH_BUG_PKOK");
                    561:                pkblob = packet_get_string(&blen);
                    562:                buffer_init(&b);
                    563:                buffer_append(&b, pkblob, blen);
                    564:                pkalg = buffer_get_string(&b, &alen);
                    565:                buffer_free(&b);
                    566:        } else {
                    567:                pkalg = packet_get_string(&alen);
                    568:                pkblob = packet_get_string(&blen);
                    569:        }
1.90      markus    570:        packet_check_eom();
1.51      markus    571:
1.117     markus    572:        debug("Server accepts key: pkalg %s blen %u", pkalg, blen);
1.51      markus    573:
1.117     markus    574:        if ((pktype = key_type_from_name(pkalg)) == KEY_UNSPEC) {
                    575:                debug("unknown pkalg %s", pkalg);
                    576:                goto done;
                    577:        }
                    578:        if ((key = key_from_blob(pkblob, blen)) == NULL) {
                    579:                debug("no key from blob. pkalg %s", pkalg);
                    580:                goto done;
                    581:        }
                    582:        if (key->type != pktype) {
                    583:                error("input_userauth_pk_ok: type mismatch "
                    584:                    "for decoded key (received %d, expected %d)",
                    585:                    key->type, pktype);
                    586:                goto done;
                    587:        }
                    588:        fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
                    589:        debug2("input_userauth_pk_ok: fp %s", fp);
                    590:        xfree(fp);
                    591:
1.127     markus    592:        /*
                    593:         * search keys in the reverse order, because last candidate has been
                    594:         * moved to the end of the queue.  this also avoids confusion by
                    595:         * duplicate keys
                    596:         */
1.136     henning   597:        TAILQ_FOREACH_REVERSE(id, &authctxt->keys, idlist, next) {
1.117     markus    598:                if (key_equal(key, id->key)) {
                    599:                        sent = sign_and_send_pubkey(authctxt, id);
1.51      markus    600:                        break;
                    601:                }
1.117     markus    602:        }
                    603: done:
1.51      markus    604:        if (key != NULL)
                    605:                key_free(key);
                    606:        xfree(pkalg);
                    607:        xfree(pkblob);
                    608:
1.106     deraadt   609:        /* try another method if we did not send a packet */
1.51      markus    610:        if (sent == 0)
                    611:                userauth(authctxt, NULL);
1.20      markus    612: }
1.121     markus    613:
                    614: #ifdef GSSAPI
1.133     djm       615: int
1.121     markus    616: userauth_gssapi(Authctxt *authctxt)
                    617: {
                    618:        Gssctxt *gssctxt = NULL;
1.128     avsm      619:        static gss_OID_set gss_supported = NULL;
1.139     djm       620:        static u_int mech = 0;
1.121     markus    621:        OM_uint32 min;
                    622:        int ok = 0;
                    623:
                    624:        /* Try one GSSAPI method at a time, rather than sending them all at
                    625:         * once. */
                    626:
1.128     avsm      627:        if (gss_supported == NULL)
                    628:                gss_indicate_mechs(&min, &gss_supported);
1.121     markus    629:
                    630:        /* Check to see if the mechanism is usable before we offer it */
1.128     avsm      631:        while (mech < gss_supported->count && !ok) {
1.121     markus    632:                /* My DER encoding requires length<128 */
1.128     avsm      633:                if (gss_supported->elements[mech].length < 128 &&
1.161     djm       634:                    ssh_gssapi_check_mechanism(&gssctxt,
                    635:                    &gss_supported->elements[mech], authctxt->host)) {
1.121     markus    636:                        ok = 1; /* Mechanism works */
                    637:                } else {
                    638:                        mech++;
                    639:                }
                    640:        }
                    641:
1.161     djm       642:        if (!ok)
1.139     djm       643:                return 0;
1.121     markus    644:
                    645:        authctxt->methoddata=(void *)gssctxt;
                    646:
                    647:        packet_start(SSH2_MSG_USERAUTH_REQUEST);
                    648:        packet_put_cstring(authctxt->server_user);
                    649:        packet_put_cstring(authctxt->service);
                    650:        packet_put_cstring(authctxt->method->name);
                    651:
                    652:        packet_put_int(1);
                    653:
1.129     markus    654:        packet_put_int((gss_supported->elements[mech].length) + 2);
                    655:        packet_put_char(SSH_GSS_OIDTYPE);
                    656:        packet_put_char(gss_supported->elements[mech].length);
                    657:        packet_put_raw(gss_supported->elements[mech].elements,
                    658:            gss_supported->elements[mech].length);
1.121     markus    659:
                    660:        packet_send();
                    661:
                    662:        dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_RESPONSE, &input_gssapi_response);
                    663:        dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, &input_gssapi_token);
                    664:        dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERROR, &input_gssapi_error);
                    665:        dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, &input_gssapi_errtok);
                    666:
                    667:        mech++; /* Move along to next candidate */
                    668:
                    669:        return 1;
                    670: }
                    671:
1.130     markus    672: static OM_uint32
                    673: process_gssapi_token(void *ctxt, gss_buffer_t recv_tok)
                    674: {
                    675:        Authctxt *authctxt = ctxt;
                    676:        Gssctxt *gssctxt = authctxt->methoddata;
                    677:        gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
1.142     djm       678:        gss_buffer_desc mic = GSS_C_EMPTY_BUFFER;
                    679:        gss_buffer_desc gssbuf;
1.132     markus    680:        OM_uint32 status, ms, flags;
                    681:        Buffer b;
1.133     djm       682:
1.130     markus    683:        status = ssh_gssapi_init_ctx(gssctxt, options.gss_deleg_creds,
1.132     markus    684:            recv_tok, &send_tok, &flags);
1.130     markus    685:
                    686:        if (send_tok.length > 0) {
                    687:                if (GSS_ERROR(status))
                    688:                        packet_start(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK);
                    689:                else
                    690:                        packet_start(SSH2_MSG_USERAUTH_GSSAPI_TOKEN);
1.133     djm       691:
1.130     markus    692:                packet_put_string(send_tok.value, send_tok.length);
                    693:                packet_send();
                    694:                gss_release_buffer(&ms, &send_tok);
                    695:        }
1.133     djm       696:
1.130     markus    697:        if (status == GSS_S_COMPLETE) {
1.132     markus    698:                /* send either complete or MIC, depending on mechanism */
                    699:                if (!(flags & GSS_C_INTEG_FLAG)) {
                    700:                        packet_start(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE);
                    701:                        packet_send();
                    702:                } else {
                    703:                        ssh_gssapi_buildmic(&b, authctxt->server_user,
                    704:                            authctxt->service, "gssapi-with-mic");
                    705:
                    706:                        gssbuf.value = buffer_ptr(&b);
                    707:                        gssbuf.length = buffer_len(&b);
1.133     djm       708:
1.132     markus    709:                        status = ssh_gssapi_sign(gssctxt, &gssbuf, &mic);
1.133     djm       710:
1.132     markus    711:                        if (!GSS_ERROR(status)) {
                    712:                                packet_start(SSH2_MSG_USERAUTH_GSSAPI_MIC);
                    713:                                packet_put_string(mic.value, mic.length);
1.133     djm       714:
1.132     markus    715:                                packet_send();
                    716:                        }
1.133     djm       717:
1.132     markus    718:                        buffer_free(&b);
                    719:                        gss_release_buffer(&ms, &mic);
1.133     djm       720:                }
1.130     markus    721:        }
1.133     djm       722:
1.130     markus    723:        return status;
                    724: }
                    725:
1.169     djm       726: /* ARGSUSED */
1.121     markus    727: void
                    728: input_gssapi_response(int type, u_int32_t plen, void *ctxt)
                    729: {
                    730:        Authctxt *authctxt = ctxt;
                    731:        Gssctxt *gssctxt;
                    732:        int oidlen;
                    733:        char *oidv;
                    734:
                    735:        if (authctxt == NULL)
                    736:                fatal("input_gssapi_response: no authentication context");
                    737:        gssctxt = authctxt->methoddata;
                    738:
                    739:        /* Setup our OID */
                    740:        oidv = packet_get_string(&oidlen);
                    741:
1.129     markus    742:        if (oidlen <= 2 ||
                    743:            oidv[0] != SSH_GSS_OIDTYPE ||
                    744:            oidv[1] != oidlen - 2) {
1.130     markus    745:                xfree(oidv);
1.129     markus    746:                debug("Badly encoded mechanism OID received");
                    747:                userauth(authctxt, NULL);
                    748:                return;
1.121     markus    749:        }
1.129     markus    750:
                    751:        if (!ssh_gssapi_check_oid(gssctxt, oidv + 2, oidlen - 2))
                    752:                fatal("Server returned different OID than expected");
1.121     markus    753:
                    754:        packet_check_eom();
                    755:
                    756:        xfree(oidv);
                    757:
1.130     markus    758:        if (GSS_ERROR(process_gssapi_token(ctxt, GSS_C_NO_BUFFER))) {
1.121     markus    759:                /* Start again with next method on list */
                    760:                debug("Trying to start again");
                    761:                userauth(authctxt, NULL);
                    762:                return;
                    763:        }
                    764: }
                    765:
1.169     djm       766: /* ARGSUSED */
1.121     markus    767: void
                    768: input_gssapi_token(int type, u_int32_t plen, void *ctxt)
                    769: {
                    770:        Authctxt *authctxt = ctxt;
                    771:        gss_buffer_desc recv_tok;
1.130     markus    772:        OM_uint32 status;
1.121     markus    773:        u_int slen;
                    774:
                    775:        if (authctxt == NULL)
                    776:                fatal("input_gssapi_response: no authentication context");
                    777:
                    778:        recv_tok.value = packet_get_string(&slen);
                    779:        recv_tok.length = slen; /* safe typecast */
                    780:
                    781:        packet_check_eom();
                    782:
1.130     markus    783:        status = process_gssapi_token(ctxt, &recv_tok);
1.121     markus    784:
                    785:        xfree(recv_tok.value);
                    786:
                    787:        if (GSS_ERROR(status)) {
                    788:                /* Start again with the next method in the list */
                    789:                userauth(authctxt, NULL);
                    790:                return;
                    791:        }
                    792: }
                    793:
1.169     djm       794: /* ARGSUSED */
1.121     markus    795: void
                    796: input_gssapi_errtok(int type, u_int32_t plen, void *ctxt)
                    797: {
                    798:        Authctxt *authctxt = ctxt;
                    799:        Gssctxt *gssctxt;
                    800:        gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
                    801:        gss_buffer_desc recv_tok;
                    802:        OM_uint32 status, ms;
1.123     deraadt   803:        u_int len;
1.121     markus    804:
                    805:        if (authctxt == NULL)
                    806:                fatal("input_gssapi_response: no authentication context");
                    807:        gssctxt = authctxt->methoddata;
                    808:
1.123     deraadt   809:        recv_tok.value = packet_get_string(&len);
                    810:        recv_tok.length = len;
1.121     markus    811:
                    812:        packet_check_eom();
                    813:
                    814:        /* Stick it into GSSAPI and see what it says */
                    815:        status = ssh_gssapi_init_ctx(gssctxt, options.gss_deleg_creds,
1.140     djm       816:            &recv_tok, &send_tok, NULL);
1.121     markus    817:
                    818:        xfree(recv_tok.value);
                    819:        gss_release_buffer(&ms, &send_tok);
                    820:
                    821:        /* Server will be returning a failed packet after this one */
                    822: }
                    823:
1.169     djm       824: /* ARGSUSED */
1.121     markus    825: void
                    826: input_gssapi_error(int type, u_int32_t plen, void *ctxt)
                    827: {
                    828:        OM_uint32 maj, min;
                    829:        char *msg;
                    830:        char *lang;
                    831:
                    832:        maj=packet_get_int();
                    833:        min=packet_get_int();
                    834:        msg=packet_get_string(NULL);
                    835:        lang=packet_get_string(NULL);
                    836:
                    837:        packet_check_eom();
                    838:
1.143     stevesk   839:        debug("Server GSSAPI Error:\n%s", msg);
1.121     markus    840:        xfree(msg);
                    841:        xfree(lang);
                    842: }
                    843: #endif /* GSSAPI */
1.20      markus    844:
1.1       markus    845: int
1.23      markus    846: userauth_none(Authctxt *authctxt)
                    847: {
                    848:        /* initial userauth request */
                    849:        packet_start(SSH2_MSG_USERAUTH_REQUEST);
                    850:        packet_put_cstring(authctxt->server_user);
                    851:        packet_put_cstring(authctxt->service);
                    852:        packet_put_cstring(authctxt->method->name);
                    853:        packet_send();
                    854:        return 1;
                    855: }
                    856:
                    857: int
1.20      markus    858: userauth_passwd(Authctxt *authctxt)
1.1       markus    859: {
1.6       markus    860:        static int attempt = 0;
1.99      markus    861:        char prompt[150];
1.1       markus    862:        char *password;
1.175     dtucker   863:        const char *host = options.host_key_alias ?  options.host_key_alias :
                    864:            authctxt->host;
1.6       markus    865:
1.13      todd      866:        if (attempt++ >= options.number_of_password_prompts)
1.6       markus    867:                return 0;
1.13      todd      868:
1.87      deraadt   869:        if (attempt != 1)
1.13      todd      870:                error("Permission denied, please try again.");
1.1       markus    871:
1.43      itojun    872:        snprintf(prompt, sizeof(prompt), "%.30s@%.128s's password: ",
1.175     dtucker   873:            authctxt->server_user, host);
1.1       markus    874:        password = read_passphrase(prompt, 0);
                    875:        packet_start(SSH2_MSG_USERAUTH_REQUEST);
1.20      markus    876:        packet_put_cstring(authctxt->server_user);
                    877:        packet_put_cstring(authctxt->service);
1.23      markus    878:        packet_put_cstring(authctxt->method->name);
1.1       markus    879:        packet_put_char(0);
1.49      markus    880:        packet_put_cstring(password);
1.1       markus    881:        memset(password, 0, strlen(password));
                    882:        xfree(password);
1.85      markus    883:        packet_add_padding(64);
1.1       markus    884:        packet_send();
1.99      markus    885:
1.104     deraadt   886:        dispatch_set(SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ,
1.99      markus    887:            &input_userauth_passwd_changereq);
                    888:
1.1       markus    889:        return 1;
                    890: }
1.169     djm       891:
1.99      markus    892: /*
                    893:  * parse PASSWD_CHANGEREQ, prompt user and send SSH2_MSG_USERAUTH_REQUEST
                    894:  */
1.169     djm       895: /* ARGSUSED */
1.99      markus    896: void
1.153     djm       897: input_userauth_passwd_changereq(int type, u_int32_t seqnr, void *ctxt)
1.99      markus    898: {
                    899:        Authctxt *authctxt = ctxt;
                    900:        char *info, *lang, *password = NULL, *retype = NULL;
                    901:        char prompt[150];
1.175     dtucker   902:        const char *host = options.host_key_alias ? options.host_key_alias :
                    903:            authctxt->host;
1.99      markus    904:
                    905:        debug2("input_userauth_passwd_changereq");
                    906:
                    907:        if (authctxt == NULL)
                    908:                fatal("input_userauth_passwd_changereq: "
                    909:                    "no authentication context");
                    910:
                    911:        info = packet_get_string(NULL);
                    912:        lang = packet_get_string(NULL);
                    913:        if (strlen(info) > 0)
1.116     itojun    914:                logit("%s", info);
1.99      markus    915:        xfree(info);
                    916:        xfree(lang);
                    917:        packet_start(SSH2_MSG_USERAUTH_REQUEST);
                    918:        packet_put_cstring(authctxt->server_user);
                    919:        packet_put_cstring(authctxt->service);
                    920:        packet_put_cstring(authctxt->method->name);
                    921:        packet_put_char(1);                     /* additional info */
1.104     deraadt   922:        snprintf(prompt, sizeof(prompt),
1.99      markus    923:            "Enter %.30s@%.128s's old password: ",
1.175     dtucker   924:            authctxt->server_user, host);
1.99      markus    925:        password = read_passphrase(prompt, 0);
                    926:        packet_put_cstring(password);
                    927:        memset(password, 0, strlen(password));
                    928:        xfree(password);
                    929:        password = NULL;
                    930:        while (password == NULL) {
1.104     deraadt   931:                snprintf(prompt, sizeof(prompt),
1.99      markus    932:                    "Enter %.30s@%.128s's new password: ",
1.175     dtucker   933:                    authctxt->server_user, host);
1.99      markus    934:                password = read_passphrase(prompt, RP_ALLOW_EOF);
                    935:                if (password == NULL) {
                    936:                        /* bail out */
                    937:                        return;
                    938:                }
1.104     deraadt   939:                snprintf(prompt, sizeof(prompt),
1.99      markus    940:                    "Retype %.30s@%.128s's new password: ",
1.175     dtucker   941:                    authctxt->server_user, host);
1.99      markus    942:                retype = read_passphrase(prompt, 0);
                    943:                if (strcmp(password, retype) != 0) {
                    944:                        memset(password, 0, strlen(password));
                    945:                        xfree(password);
1.116     itojun    946:                        logit("Mismatch; try again, EOF to quit.");
1.99      markus    947:                        password = NULL;
                    948:                }
                    949:                memset(retype, 0, strlen(retype));
                    950:                xfree(retype);
                    951:        }
                    952:        packet_put_cstring(password);
                    953:        memset(password, 0, strlen(password));
                    954:        xfree(password);
                    955:        packet_add_padding(64);
                    956:        packet_send();
1.104     deraadt   957:
                    958:        dispatch_set(SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ,
1.99      markus    959:            &input_userauth_passwd_changereq);
1.117     markus    960: }
                    961:
1.170     djm       962: #ifdef JPAKE
                    963: static char *
                    964: pw_encrypt(const char *password, const char *crypt_scheme, const char *salt)
                    965: {
                    966:        /* OpenBSD crypt(3) handles all of these */
                    967:        if (strcmp(crypt_scheme, "crypt") == 0 ||
                    968:            strcmp(crypt_scheme, "bcrypt") == 0 ||
                    969:            strcmp(crypt_scheme, "md5crypt") == 0 ||
                    970:            strcmp(crypt_scheme, "crypt-extended") == 0)
                    971:                return xstrdup(crypt(password, salt));
                    972:        error("%s: unsupported password encryption scheme \"%.100s\"",
                    973:            __func__, crypt_scheme);
                    974:        return NULL;
                    975: }
                    976:
                    977: static BIGNUM *
                    978: jpake_password_to_secret(Authctxt *authctxt, const char *crypt_scheme,
                    979:     const char *salt)
                    980: {
                    981:        char prompt[256], *password, *crypted;
                    982:        u_char *secret;
                    983:        u_int secret_len;
                    984:        BIGNUM *ret;
                    985:
                    986:        snprintf(prompt, sizeof(prompt), "%.30s@%.128s's password (JPAKE): ",
                    987:            authctxt->server_user, authctxt->host);
                    988:        password = read_passphrase(prompt, 0);
                    989:
                    990:        if ((crypted = pw_encrypt(password, crypt_scheme, salt)) == NULL) {
                    991:                logit("Disabling %s authentication", authctxt->method->name);
                    992:                authctxt->method->enabled = NULL;
                    993:                /* Continue with an empty password to fail gracefully */
                    994:                crypted = xstrdup("");
                    995:        }
                    996:
                    997: #ifdef JPAKE_DEBUG
                    998:        debug3("%s: salt = %s", __func__, salt);
                    999:        debug3("%s: scheme = %s", __func__, crypt_scheme);
                   1000:        debug3("%s: crypted = %s", __func__, crypted);
                   1001: #endif
                   1002:
                   1003:        if (hash_buffer(crypted, strlen(crypted), EVP_sha256(),
                   1004:            &secret, &secret_len) != 0)
                   1005:                fatal("%s: hash_buffer", __func__);
                   1006:
                   1007:        bzero(password, strlen(password));
                   1008:        bzero(crypted, strlen(crypted));
                   1009:        xfree(password);
                   1010:        xfree(crypted);
                   1011:
                   1012:        if ((ret = BN_bin2bn(secret, secret_len, NULL)) == NULL)
                   1013:                fatal("%s: BN_bin2bn (secret)", __func__);
                   1014:        bzero(secret, secret_len);
                   1015:        xfree(secret);
                   1016:
                   1017:        return ret;
                   1018: }
                   1019:
                   1020: /* ARGSUSED */
                   1021: void
                   1022: input_userauth_jpake_server_step1(int type, u_int32_t seq, void *ctxt)
                   1023: {
                   1024:        Authctxt *authctxt = ctxt;
                   1025:        struct jpake_ctx *pctx = authctxt->methoddata;
                   1026:        u_char *x3_proof, *x4_proof, *x2_s_proof;
                   1027:        u_int x3_proof_len, x4_proof_len, x2_s_proof_len;
                   1028:        char *crypt_scheme, *salt;
                   1029:
                   1030:        /* Disable this message */
                   1031:        dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_STEP1, NULL);
                   1032:
                   1033:        if ((pctx->g_x3 = BN_new()) == NULL ||
                   1034:            (pctx->g_x4 = BN_new()) == NULL)
                   1035:                fatal("%s: BN_new", __func__);
                   1036:
                   1037:        /* Fetch step 1 values */
                   1038:        crypt_scheme = packet_get_string(NULL);
                   1039:        salt = packet_get_string(NULL);
                   1040:        pctx->server_id = packet_get_string(&pctx->server_id_len);
                   1041:        packet_get_bignum2(pctx->g_x3);
                   1042:        packet_get_bignum2(pctx->g_x4);
                   1043:        x3_proof = packet_get_string(&x3_proof_len);
                   1044:        x4_proof = packet_get_string(&x4_proof_len);
                   1045:        packet_check_eom();
                   1046:
                   1047:        JPAKE_DEBUG_CTX((pctx, "step 1 received in %s", __func__));
                   1048:
                   1049:        /* Obtain password and derive secret */
                   1050:        pctx->s = jpake_password_to_secret(authctxt, crypt_scheme, salt);
                   1051:        bzero(crypt_scheme, strlen(crypt_scheme));
                   1052:        bzero(salt, strlen(salt));
                   1053:        xfree(crypt_scheme);
                   1054:        xfree(salt);
                   1055:        JPAKE_DEBUG_BN((pctx->s, "%s: s = ", __func__));
                   1056:
                   1057:        /* Calculate step 2 values */
                   1058:        jpake_step2(pctx->grp, pctx->s, pctx->g_x1,
                   1059:            pctx->g_x3, pctx->g_x4, pctx->x2,
                   1060:            pctx->server_id, pctx->server_id_len,
                   1061:            pctx->client_id, pctx->client_id_len,
                   1062:            x3_proof, x3_proof_len,
                   1063:            x4_proof, x4_proof_len,
                   1064:            &pctx->a,
                   1065:            &x2_s_proof, &x2_s_proof_len);
                   1066:
                   1067:        bzero(x3_proof, x3_proof_len);
                   1068:        bzero(x4_proof, x4_proof_len);
                   1069:        xfree(x3_proof);
                   1070:        xfree(x4_proof);
                   1071:
                   1072:        JPAKE_DEBUG_CTX((pctx, "step 2 sending in %s", __func__));
                   1073:
                   1074:        /* Send values for step 2 */
                   1075:        packet_start(SSH2_MSG_USERAUTH_JPAKE_CLIENT_STEP2);
                   1076:        packet_put_bignum2(pctx->a);
                   1077:        packet_put_string(x2_s_proof, x2_s_proof_len);
                   1078:        packet_send();
                   1079:
                   1080:        bzero(x2_s_proof, x2_s_proof_len);
                   1081:        xfree(x2_s_proof);
                   1082:
                   1083:        /* Expect step 2 packet from peer */
                   1084:        dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_STEP2,
                   1085:            input_userauth_jpake_server_step2);
                   1086: }
                   1087:
                   1088: /* ARGSUSED */
                   1089: void
                   1090: input_userauth_jpake_server_step2(int type, u_int32_t seq, void *ctxt)
                   1091: {
                   1092:        Authctxt *authctxt = ctxt;
                   1093:        struct jpake_ctx *pctx = authctxt->methoddata;
                   1094:        u_char *x4_s_proof;
                   1095:        u_int x4_s_proof_len;
                   1096:
                   1097:        /* Disable this message */
                   1098:        dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_STEP2, NULL);
                   1099:
                   1100:        if ((pctx->b = BN_new()) == NULL)
                   1101:                fatal("%s: BN_new", __func__);
                   1102:
                   1103:        /* Fetch step 2 values */
                   1104:        packet_get_bignum2(pctx->b);
                   1105:        x4_s_proof = packet_get_string(&x4_s_proof_len);
                   1106:        packet_check_eom();
                   1107:
                   1108:        JPAKE_DEBUG_CTX((pctx, "step 2 received in %s", __func__));
                   1109:
                   1110:        /* Derive shared key and calculate confirmation hash */
                   1111:        jpake_key_confirm(pctx->grp, pctx->s, pctx->b,
                   1112:            pctx->x2, pctx->g_x1, pctx->g_x2, pctx->g_x3, pctx->g_x4,
                   1113:            pctx->client_id, pctx->client_id_len,
                   1114:            pctx->server_id, pctx->server_id_len,
                   1115:            session_id2, session_id2_len,
                   1116:            x4_s_proof, x4_s_proof_len,
                   1117:            &pctx->k,
                   1118:            &pctx->h_k_cid_sessid, &pctx->h_k_cid_sessid_len);
                   1119:
                   1120:        bzero(x4_s_proof, x4_s_proof_len);
                   1121:        xfree(x4_s_proof);
                   1122:
                   1123:        JPAKE_DEBUG_CTX((pctx, "confirm sending in %s", __func__));
                   1124:
                   1125:        /* Send key confirmation proof */
                   1126:        packet_start(SSH2_MSG_USERAUTH_JPAKE_CLIENT_CONFIRM);
                   1127:        packet_put_string(pctx->h_k_cid_sessid, pctx->h_k_cid_sessid_len);
                   1128:        packet_send();
                   1129:
                   1130:        /* Expect confirmation from peer */
                   1131:        dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_CONFIRM,
                   1132:            input_userauth_jpake_server_confirm);
                   1133: }
                   1134:
                   1135: /* ARGSUSED */
                   1136: void
                   1137: input_userauth_jpake_server_confirm(int type, u_int32_t seq, void *ctxt)
                   1138: {
                   1139:        Authctxt *authctxt = ctxt;
                   1140:        struct jpake_ctx *pctx = authctxt->methoddata;
                   1141:
                   1142:        /* Disable this message */
                   1143:        dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_CONFIRM, NULL);
                   1144:
                   1145:        pctx->h_k_sid_sessid = packet_get_string(&pctx->h_k_sid_sessid_len);
                   1146:        packet_check_eom();
                   1147:
                   1148:        JPAKE_DEBUG_CTX((pctx, "confirm received in %s", __func__));
                   1149:
                   1150:        /* Verify expected confirmation hash */
                   1151:        if (jpake_check_confirm(pctx->k,
                   1152:            pctx->server_id, pctx->server_id_len,
                   1153:            session_id2, session_id2_len,
                   1154:            pctx->h_k_sid_sessid, pctx->h_k_sid_sessid_len) == 1)
                   1155:                debug("%s: %s success", __func__, authctxt->method->name);
                   1156:        else {
                   1157:                debug("%s: confirmation mismatch", __func__);
                   1158:                /* XXX stash this so if auth succeeds then we can warn/kill */
                   1159:        }
                   1160:
                   1161:        userauth_jpake_cleanup(authctxt);
                   1162: }
                   1163: #endif /* JPAKE */
                   1164:
1.117     markus   1165: static int
                   1166: identity_sign(Identity *id, u_char **sigp, u_int *lenp,
                   1167:     u_char *data, u_int datalen)
                   1168: {
                   1169:        Key *prv;
                   1170:        int ret;
1.99      markus   1171:
1.117     markus   1172:        /* the agent supports this key */
                   1173:        if (id->ac)
                   1174:                return (ssh_agent_sign(id->ac, id->key, sigp, lenp,
                   1175:                    data, datalen));
                   1176:        /*
                   1177:         * we have already loaded the private key or
                   1178:         * the private key is stored in external hardware
                   1179:         */
                   1180:        if (id->isprivate || (id->key->flags & KEY_FLAG_EXT))
                   1181:                return (key_sign(id->key, sigp, lenp, data, datalen));
                   1182:        /* load the private key from the file */
                   1183:        if ((prv = load_identity_file(id->filename)) == NULL)
                   1184:                return (-1);
                   1185:        ret = key_sign(prv, sigp, lenp, data, datalen);
                   1186:        key_free(prv);
                   1187:        return (ret);
1.51      markus   1188: }
                   1189:
1.76      itojun   1190: static int
1.117     markus   1191: sign_and_send_pubkey(Authctxt *authctxt, Identity *id)
1.1       markus   1192: {
                   1193:        Buffer b;
1.32      markus   1194:        u_char *blob, *signature;
1.96      markus   1195:        u_int bloblen, slen;
1.120     markus   1196:        u_int skip = 0;
1.17      markus   1197:        int ret = -1;
1.23      markus   1198:        int have_sig = 1;
1.182     djm      1199:        char *fp;
1.1       markus   1200:
1.182     djm      1201:        fp = key_fingerprint(id->key, SSH_FP_MD5, SSH_FP_HEX);
                   1202:        debug3("sign_and_send_pubkey: %s %s", key_type(id->key), fp);
                   1203:        xfree(fp);
1.51      markus   1204:
1.117     markus   1205:        if (key_to_blob(id->key, &blob, &bloblen) == 0) {
1.28      markus   1206:                /* we cannot handle this key */
1.30      markus   1207:                debug3("sign_and_send_pubkey: cannot handle key");
1.28      markus   1208:                return 0;
                   1209:        }
1.1       markus   1210:        /* data to be signed */
                   1211:        buffer_init(&b);
1.26      markus   1212:        if (datafellows & SSH_OLD_SESSIONID) {
                   1213:                buffer_append(&b, session_id2, session_id2_len);
1.41      stevesk  1214:                skip = session_id2_len;
1.26      markus   1215:        } else {
1.14      markus   1216:                buffer_put_string(&b, session_id2, session_id2_len);
                   1217:                skip = buffer_len(&b);
                   1218:        }
1.1       markus   1219:        buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
1.20      markus   1220:        buffer_put_cstring(&b, authctxt->server_user);
1.10      markus   1221:        buffer_put_cstring(&b,
1.30      markus   1222:            datafellows & SSH_BUG_PKSERVICE ?
1.10      markus   1223:            "ssh-userauth" :
1.20      markus   1224:            authctxt->service);
1.30      markus   1225:        if (datafellows & SSH_BUG_PKAUTH) {
                   1226:                buffer_put_char(&b, have_sig);
                   1227:        } else {
                   1228:                buffer_put_cstring(&b, authctxt->method->name);
                   1229:                buffer_put_char(&b, have_sig);
1.117     markus   1230:                buffer_put_cstring(&b, key_ssh_name(id->key));
1.30      markus   1231:        }
1.1       markus   1232:        buffer_put_string(&b, blob, bloblen);
                   1233:
                   1234:        /* generate signature */
1.117     markus   1235:        ret = identity_sign(id, &signature, &slen,
1.51      markus   1236:            buffer_ptr(&b), buffer_len(&b));
1.17      markus   1237:        if (ret == -1) {
                   1238:                xfree(blob);
                   1239:                buffer_free(&b);
                   1240:                return 0;
                   1241:        }
1.28      markus   1242: #ifdef DEBUG_PK
1.1       markus   1243:        buffer_dump(&b);
                   1244: #endif
1.30      markus   1245:        if (datafellows & SSH_BUG_PKSERVICE) {
1.10      markus   1246:                buffer_clear(&b);
                   1247:                buffer_append(&b, session_id2, session_id2_len);
1.51      markus   1248:                skip = session_id2_len;
1.10      markus   1249:                buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
1.20      markus   1250:                buffer_put_cstring(&b, authctxt->server_user);
                   1251:                buffer_put_cstring(&b, authctxt->service);
1.23      markus   1252:                buffer_put_cstring(&b, authctxt->method->name);
                   1253:                buffer_put_char(&b, have_sig);
1.30      markus   1254:                if (!(datafellows & SSH_BUG_PKAUTH))
1.117     markus   1255:                        buffer_put_cstring(&b, key_ssh_name(id->key));
1.10      markus   1256:                buffer_put_string(&b, blob, bloblen);
                   1257:        }
                   1258:        xfree(blob);
1.51      markus   1259:
1.1       markus   1260:        /* append signature */
                   1261:        buffer_put_string(&b, signature, slen);
                   1262:        xfree(signature);
                   1263:
                   1264:        /* skip session id and packet type */
1.14      markus   1265:        if (buffer_len(&b) < skip + 1)
1.20      markus   1266:                fatal("userauth_pubkey: internal error");
1.14      markus   1267:        buffer_consume(&b, skip + 1);
1.1       markus   1268:
                   1269:        /* put remaining data from buffer into packet */
                   1270:        packet_start(SSH2_MSG_USERAUTH_REQUEST);
                   1271:        packet_put_raw(buffer_ptr(&b), buffer_len(&b));
                   1272:        buffer_free(&b);
                   1273:        packet_send();
1.17      markus   1274:
                   1275:        return 1;
1.16      markus   1276: }
                   1277:
1.76      itojun   1278: static int
1.117     markus   1279: send_pubkey_test(Authctxt *authctxt, Identity *id)
1.20      markus   1280: {
1.51      markus   1281:        u_char *blob;
1.97      markus   1282:        u_int bloblen, have_sig = 0;
1.20      markus   1283:
1.51      markus   1284:        debug3("send_pubkey_test");
1.16      markus   1285:
1.117     markus   1286:        if (key_to_blob(id->key, &blob, &bloblen) == 0) {
1.51      markus   1287:                /* we cannot handle this key */
                   1288:                debug3("send_pubkey_test: cannot handle key");
1.16      markus   1289:                return 0;
                   1290:        }
1.51      markus   1291:        /* register callback for USERAUTH_PK_OK message */
                   1292:        dispatch_set(SSH2_MSG_USERAUTH_PK_OK, &input_userauth_pk_ok);
                   1293:
                   1294:        packet_start(SSH2_MSG_USERAUTH_REQUEST);
                   1295:        packet_put_cstring(authctxt->server_user);
                   1296:        packet_put_cstring(authctxt->service);
                   1297:        packet_put_cstring(authctxt->method->name);
                   1298:        packet_put_char(have_sig);
                   1299:        if (!(datafellows & SSH_BUG_PKAUTH))
1.117     markus   1300:                packet_put_cstring(key_ssh_name(id->key));
1.51      markus   1301:        packet_put_string(blob, bloblen);
                   1302:        xfree(blob);
                   1303:        packet_send();
                   1304:        return 1;
                   1305: }
                   1306:
1.76      itojun   1307: static Key *
1.51      markus   1308: load_identity_file(char *filename)
                   1309: {
                   1310:        Key *private;
                   1311:        char prompt[300], *passphrase;
1.178     dtucker  1312:        int perm_ok = 0, quit, i;
1.52      markus   1313:        struct stat st;
1.16      markus   1314:
1.52      markus   1315:        if (stat(filename, &st) < 0) {
                   1316:                debug3("no such identity: %s", filename);
                   1317:                return NULL;
                   1318:        }
1.152     dtucker  1319:        private = key_load_private_type(KEY_UNSPEC, filename, "", NULL, &perm_ok);
                   1320:        if (!perm_ok)
                   1321:                return NULL;
1.56      markus   1322:        if (private == NULL) {
                   1323:                if (options.batch_mode)
1.51      markus   1324:                        return NULL;
1.16      markus   1325:                snprintf(prompt, sizeof prompt,
1.88      deraadt  1326:                    "Enter passphrase for key '%.100s': ", filename);
1.20      markus   1327:                for (i = 0; i < options.number_of_password_prompts; i++) {
                   1328:                        passphrase = read_passphrase(prompt, 0);
                   1329:                        if (strcmp(passphrase, "") != 0) {
1.152     dtucker  1330:                                private = key_load_private_type(KEY_UNSPEC,
                   1331:                                    filename, passphrase, NULL, NULL);
1.51      markus   1332:                                quit = 0;
1.20      markus   1333:                        } else {
                   1334:                                debug2("no passphrase given, try next key");
1.51      markus   1335:                                quit = 1;
1.20      markus   1336:                        }
                   1337:                        memset(passphrase, 0, strlen(passphrase));
                   1338:                        xfree(passphrase);
1.56      markus   1339:                        if (private != NULL || quit)
1.20      markus   1340:                                break;
                   1341:                        debug2("bad passphrase given, try again...");
1.16      markus   1342:                }
                   1343:        }
1.51      markus   1344:        return private;
                   1345: }
                   1346:
1.117     markus   1347: /*
                   1348:  * try keys in the following order:
                   1349:  *     1. agent keys that are found in the config file
                   1350:  *     2. other agent keys
                   1351:  *     3. keys that are only listed in the config file
                   1352:  */
                   1353: static void
                   1354: pubkey_prepare(Authctxt *authctxt)
1.51      markus   1355: {
1.190   ! djm      1356:        Identity *id, *id2, *tmp;
1.117     markus   1357:        Idlist agent, files, *preferred;
                   1358:        Key *key;
                   1359:        AuthenticationConnection *ac;
                   1360:        char *comment;
                   1361:        int i, found;
1.51      markus   1362:
1.117     markus   1363:        TAILQ_INIT(&agent);     /* keys from the agent */
                   1364:        TAILQ_INIT(&files);     /* keys from the config file */
                   1365:        preferred = &authctxt->keys;
                   1366:        TAILQ_INIT(preferred);  /* preferred order of keys */
                   1367:
1.190   ! djm      1368:        /* list of keys stored in the filesystem and PKCS#11 */
1.117     markus   1369:        for (i = 0; i < options.num_identity_files; i++) {
                   1370:                key = options.identity_keys[i];
                   1371:                if (key && key->type == KEY_RSA1)
1.180     djm      1372:                        continue;
                   1373:                if (key && key->cert && key->cert->type != SSH2_CERT_TYPE_USER)
1.117     markus   1374:                        continue;
                   1375:                options.identity_keys[i] = NULL;
1.150     djm      1376:                id = xcalloc(1, sizeof(*id));
1.117     markus   1377:                id->key = key;
                   1378:                id->filename = xstrdup(options.identity_files[i]);
                   1379:                TAILQ_INSERT_TAIL(&files, id, next);
1.190   ! djm      1380:        }
        !          1381:        /* Prefer PKCS11 keys that are explicitly listed */
        !          1382:        TAILQ_FOREACH_SAFE(id, &files, next, tmp) {
        !          1383:                if (id->key == NULL || (id->key->flags & KEY_FLAG_EXT) == 0)
        !          1384:                        continue;
        !          1385:                found = 0;
        !          1386:                TAILQ_FOREACH(id2, &files, next) {
        !          1387:                        if (id2->key == NULL ||
        !          1388:                            (id2->key->flags & KEY_FLAG_EXT) != 0)
        !          1389:                                continue;
        !          1390:                        if (key_equal(id->key, id2->key)) {
        !          1391:                                TAILQ_REMOVE(&files, id, next);
        !          1392:                                TAILQ_INSERT_TAIL(preferred, id, next);
        !          1393:                                found = 1;
        !          1394:                                break;
        !          1395:                        }
        !          1396:                }
        !          1397:                /* If IdentitiesOnly set and key not found then don't use it */
        !          1398:                if (!found && options.identities_only) {
        !          1399:                        TAILQ_REMOVE(&files, id, next);
        !          1400:                        bzero(id, sizeof(id));
        !          1401:                        free(id);
        !          1402:                }
1.117     markus   1403:        }
                   1404:        /* list of keys supported by the agent */
                   1405:        if ((ac = ssh_get_authentication_connection())) {
                   1406:                for (key = ssh_get_first_identity(ac, &comment, 2);
                   1407:                    key != NULL;
                   1408:                    key = ssh_get_next_identity(ac, &comment, 2)) {
                   1409:                        found = 0;
                   1410:                        TAILQ_FOREACH(id, &files, next) {
1.133     djm      1411:                                /* agent keys from the config file are preferred */
1.117     markus   1412:                                if (key_equal(key, id->key)) {
                   1413:                                        key_free(key);
                   1414:                                        xfree(comment);
                   1415:                                        TAILQ_REMOVE(&files, id, next);
                   1416:                                        TAILQ_INSERT_TAIL(preferred, id, next);
                   1417:                                        id->ac = ac;
                   1418:                                        found = 1;
                   1419:                                        break;
                   1420:                                }
                   1421:                        }
1.135     markus   1422:                        if (!found && !options.identities_only) {
1.150     djm      1423:                                id = xcalloc(1, sizeof(*id));
1.117     markus   1424:                                id->key = key;
                   1425:                                id->filename = comment;
                   1426:                                id->ac = ac;
                   1427:                                TAILQ_INSERT_TAIL(&agent, id, next);
                   1428:                        }
                   1429:                }
                   1430:                /* append remaining agent keys */
                   1431:                for (id = TAILQ_FIRST(&agent); id; id = TAILQ_FIRST(&agent)) {
                   1432:                        TAILQ_REMOVE(&agent, id, next);
                   1433:                        TAILQ_INSERT_TAIL(preferred, id, next);
                   1434:                }
                   1435:                authctxt->agent = ac;
                   1436:        }
                   1437:        /* append remaining keys from the config file */
                   1438:        for (id = TAILQ_FIRST(&files); id; id = TAILQ_FIRST(&files)) {
                   1439:                TAILQ_REMOVE(&files, id, next);
                   1440:                TAILQ_INSERT_TAIL(preferred, id, next);
                   1441:        }
                   1442:        TAILQ_FOREACH(id, preferred, next) {
                   1443:                debug2("key: %s (%p)", id->filename, id->key);
                   1444:        }
1.17      markus   1445: }
                   1446:
1.117     markus   1447: static void
                   1448: pubkey_cleanup(Authctxt *authctxt)
1.51      markus   1449: {
1.117     markus   1450:        Identity *id;
1.51      markus   1451:
1.117     markus   1452:        if (authctxt->agent != NULL)
                   1453:                ssh_close_authentication_connection(authctxt->agent);
                   1454:        for (id = TAILQ_FIRST(&authctxt->keys); id;
                   1455:            id = TAILQ_FIRST(&authctxt->keys)) {
                   1456:                TAILQ_REMOVE(&authctxt->keys, id, next);
                   1457:                if (id->key)
                   1458:                        key_free(id->key);
                   1459:                if (id->filename)
                   1460:                        xfree(id->filename);
                   1461:                xfree(id);
                   1462:        }
1.1       markus   1463: }
                   1464:
1.20      markus   1465: int
                   1466: userauth_pubkey(Authctxt *authctxt)
                   1467: {
1.117     markus   1468:        Identity *id;
1.20      markus   1469:        int sent = 0;
                   1470:
1.117     markus   1471:        while ((id = TAILQ_FIRST(&authctxt->keys))) {
                   1472:                if (id->tried++)
                   1473:                        return (0);
1.127     markus   1474:                /* move key to the end of the queue */
1.117     markus   1475:                TAILQ_REMOVE(&authctxt->keys, id, next);
                   1476:                TAILQ_INSERT_TAIL(&authctxt->keys, id, next);
                   1477:                /*
                   1478:                 * send a test message if we have the public key. for
                   1479:                 * encrypted keys we cannot do this and have to load the
                   1480:                 * private key instead
                   1481:                 */
                   1482:                if (id->key && id->key->type != KEY_RSA1) {
1.181     djm      1483:                        debug("Offering %s public key: %s", key_type(id->key),
                   1484:                            id->filename);
1.117     markus   1485:                        sent = send_pubkey_test(authctxt, id);
                   1486:                } else if (id->key == NULL) {
                   1487:                        debug("Trying private key: %s", id->filename);
                   1488:                        id->key = load_identity_file(id->filename);
                   1489:                        if (id->key != NULL) {
                   1490:                                id->isprivate = 1;
                   1491:                                sent = sign_and_send_pubkey(authctxt, id);
                   1492:                                key_free(id->key);
                   1493:                                id->key = NULL;
1.51      markus   1494:                        }
                   1495:                }
1.117     markus   1496:                if (sent)
                   1497:                        return (sent);
1.28      markus   1498:        }
1.117     markus   1499:        return (0);
1.20      markus   1500: }
                   1501:
1.23      markus   1502: /*
                   1503:  * Send userauth request message specifying keyboard-interactive method.
                   1504:  */
                   1505: int
                   1506: userauth_kbdint(Authctxt *authctxt)
                   1507: {
                   1508:        static int attempt = 0;
                   1509:
                   1510:        if (attempt++ >= options.number_of_password_prompts)
                   1511:                return 0;
1.82      markus   1512:        /* disable if no SSH2_MSG_USERAUTH_INFO_REQUEST has been seen */
                   1513:        if (attempt > 1 && !authctxt->info_req_seen) {
                   1514:                debug3("userauth_kbdint: disable: no info_req_seen");
                   1515:                dispatch_set(SSH2_MSG_USERAUTH_INFO_REQUEST, NULL);
                   1516:                return 0;
                   1517:        }
1.23      markus   1518:
                   1519:        debug2("userauth_kbdint");
                   1520:        packet_start(SSH2_MSG_USERAUTH_REQUEST);
                   1521:        packet_put_cstring(authctxt->server_user);
                   1522:        packet_put_cstring(authctxt->service);
                   1523:        packet_put_cstring(authctxt->method->name);
                   1524:        packet_put_cstring("");                                 /* lang */
                   1525:        packet_put_cstring(options.kbd_interactive_devices ?
                   1526:            options.kbd_interactive_devices : "");
                   1527:        packet_send();
                   1528:
                   1529:        dispatch_set(SSH2_MSG_USERAUTH_INFO_REQUEST, &input_userauth_info_req);
                   1530:        return 1;
                   1531: }
                   1532:
                   1533: /*
1.46      markus   1534:  * parse INFO_REQUEST, prompt user and send INFO_RESPONSE
1.23      markus   1535:  */
                   1536: void
1.92      markus   1537: input_userauth_info_req(int type, u_int32_t seq, void *ctxt)
1.23      markus   1538: {
                   1539:        Authctxt *authctxt = ctxt;
1.46      markus   1540:        char *name, *inst, *lang, *prompt, *response;
1.32      markus   1541:        u_int num_prompts, i;
1.23      markus   1542:        int echo = 0;
                   1543:
                   1544:        debug2("input_userauth_info_req");
                   1545:
                   1546:        if (authctxt == NULL)
                   1547:                fatal("input_userauth_info_req: no authentication context");
1.82      markus   1548:
                   1549:        authctxt->info_req_seen = 1;
1.23      markus   1550:
                   1551:        name = packet_get_string(NULL);
                   1552:        inst = packet_get_string(NULL);
                   1553:        lang = packet_get_string(NULL);
                   1554:        if (strlen(name) > 0)
1.116     itojun   1555:                logit("%s", name);
1.23      markus   1556:        if (strlen(inst) > 0)
1.116     itojun   1557:                logit("%s", inst);
1.46      markus   1558:        xfree(name);
1.23      markus   1559:        xfree(inst);
1.46      markus   1560:        xfree(lang);
1.23      markus   1561:
                   1562:        num_prompts = packet_get_int();
                   1563:        /*
                   1564:         * Begin to build info response packet based on prompts requested.
                   1565:         * We commit to providing the correct number of responses, so if
                   1566:         * further on we run into a problem that prevents this, we have to
                   1567:         * be sure and clean this up and send a correct error response.
                   1568:         */
                   1569:        packet_start(SSH2_MSG_USERAUTH_INFO_RESPONSE);
                   1570:        packet_put_int(num_prompts);
                   1571:
1.73      markus   1572:        debug2("input_userauth_info_req: num_prompts %d", num_prompts);
1.23      markus   1573:        for (i = 0; i < num_prompts; i++) {
                   1574:                prompt = packet_get_string(NULL);
                   1575:                echo = packet_get_char();
                   1576:
1.77      markus   1577:                response = read_passphrase(prompt, echo ? RP_ECHO : 0);
1.23      markus   1578:
1.49      markus   1579:                packet_put_cstring(response);
1.23      markus   1580:                memset(response, 0, strlen(response));
                   1581:                xfree(response);
                   1582:                xfree(prompt);
                   1583:        }
1.90      markus   1584:        packet_check_eom(); /* done with parsing incoming message. */
1.23      markus   1585:
1.85      markus   1586:        packet_add_padding(64);
1.23      markus   1587:        packet_send();
1.68      markus   1588: }
                   1589:
1.100     markus   1590: static int
1.105     deraadt  1591: ssh_keysign(Key *key, u_char **sigp, u_int *lenp,
1.100     markus   1592:     u_char *data, u_int datalen)
                   1593: {
                   1594:        Buffer b;
1.101     markus   1595:        struct stat st;
1.100     markus   1596:        pid_t pid;
1.103     markus   1597:        int to[2], from[2], status, version = 2;
1.100     markus   1598:
1.109     markus   1599:        debug2("ssh_keysign called");
1.100     markus   1600:
1.101     markus   1601:        if (stat(_PATH_SSH_KEY_SIGN, &st) < 0) {
1.179     dtucker  1602:                error("ssh_keysign: not installed: %s", strerror(errno));
1.101     markus   1603:                return -1;
                   1604:        }
1.100     markus   1605:        if (fflush(stdout) != 0)
                   1606:                error("ssh_keysign: fflush: %s", strerror(errno));
                   1607:        if (pipe(to) < 0) {
                   1608:                error("ssh_keysign: pipe: %s", strerror(errno));
                   1609:                return -1;
                   1610:        }
                   1611:        if (pipe(from) < 0) {
                   1612:                error("ssh_keysign: pipe: %s", strerror(errno));
                   1613:                return -1;
                   1614:        }
                   1615:        if ((pid = fork()) < 0) {
                   1616:                error("ssh_keysign: fork: %s", strerror(errno));
                   1617:                return -1;
                   1618:        }
                   1619:        if (pid == 0) {
1.174     dtucker  1620:                /* keep the socket on exec */
                   1621:                fcntl(packet_get_connection_in(), F_SETFD, 0);
1.155     markus   1622:                permanently_drop_suid(getuid());
1.100     markus   1623:                close(from[0]);
                   1624:                if (dup2(from[1], STDOUT_FILENO) < 0)
                   1625:                        fatal("ssh_keysign: dup2: %s", strerror(errno));
                   1626:                close(to[1]);
                   1627:                if (dup2(to[0], STDIN_FILENO) < 0)
                   1628:                        fatal("ssh_keysign: dup2: %s", strerror(errno));
1.103     markus   1629:                close(from[1]);
                   1630:                close(to[0]);
1.102     markus   1631:                execl(_PATH_SSH_KEY_SIGN, _PATH_SSH_KEY_SIGN, (char *) 0);
1.100     markus   1632:                fatal("ssh_keysign: exec(%s): %s", _PATH_SSH_KEY_SIGN,
                   1633:                    strerror(errno));
                   1634:        }
                   1635:        close(from[1]);
                   1636:        close(to[0]);
                   1637:
                   1638:        buffer_init(&b);
1.103     markus   1639:        buffer_put_int(&b, packet_get_connection_in()); /* send # of socket */
1.100     markus   1640:        buffer_put_string(&b, data, datalen);
1.131     djm      1641:        if (ssh_msg_send(to[1], version, &b) == -1)
                   1642:                fatal("ssh_keysign: couldn't send request");
1.100     markus   1643:
1.110     djm      1644:        if (ssh_msg_recv(from[0], &b) < 0) {
1.101     markus   1645:                error("ssh_keysign: no reply");
1.134     markus   1646:                buffer_free(&b);
1.100     markus   1647:                return -1;
                   1648:        }
1.101     markus   1649:        close(from[0]);
                   1650:        close(to[1]);
                   1651:
1.103     markus   1652:        while (waitpid(pid, &status, 0) < 0)
                   1653:                if (errno != EINTR)
                   1654:                        break;
1.101     markus   1655:
1.100     markus   1656:        if (buffer_get_char(&b) != version) {
1.101     markus   1657:                error("ssh_keysign: bad version");
1.134     markus   1658:                buffer_free(&b);
1.100     markus   1659:                return -1;
                   1660:        }
                   1661:        *sigp = buffer_get_string(&b, lenp);
1.134     markus   1662:        buffer_free(&b);
1.100     markus   1663:
                   1664:        return 0;
                   1665: }
                   1666:
1.68      markus   1667: int
                   1668: userauth_hostbased(Authctxt *authctxt)
                   1669: {
                   1670:        Key *private = NULL;
1.100     markus   1671:        Sensitive *sensitive = authctxt->sensitive;
1.68      markus   1672:        Buffer b;
                   1673:        u_char *signature, *blob;
1.179     dtucker  1674:        char *chost, *pkalg, *p;
1.72      markus   1675:        const char *service;
1.68      markus   1676:        u_int blen, slen;
1.176     dtucker  1677:        int ok, i, found = 0;
1.68      markus   1678:
                   1679:        /* check for a useful key */
1.100     markus   1680:        for (i = 0; i < sensitive->nkeys; i++) {
                   1681:                private = sensitive->keys[i];
1.68      markus   1682:                if (private && private->type != KEY_RSA1) {
                   1683:                        found = 1;
                   1684:                        /* we take and free the key */
1.100     markus   1685:                        sensitive->keys[i] = NULL;
1.68      markus   1686:                        break;
                   1687:                }
                   1688:        }
                   1689:        if (!found) {
1.109     markus   1690:                debug("No more client hostkeys for hostbased authentication.");
1.68      markus   1691:                return 0;
                   1692:        }
                   1693:        if (key_to_blob(private, &blob, &blen) == 0) {
                   1694:                key_free(private);
                   1695:                return 0;
                   1696:        }
1.84      markus   1697:        /* figure out a name for the client host */
1.179     dtucker  1698:        p = get_local_name(packet_get_connection_in());
1.84      markus   1699:        if (p == NULL) {
                   1700:                error("userauth_hostbased: cannot get local ipaddr/name");
                   1701:                key_free(private);
1.148     djm      1702:                xfree(blob);
1.84      markus   1703:                return 0;
                   1704:        }
1.150     djm      1705:        xasprintf(&chost, "%s.", p);
1.84      markus   1706:        debug2("userauth_hostbased: chost %s", chost);
1.112     markus   1707:        xfree(p);
1.84      markus   1708:
1.72      markus   1709:        service = datafellows & SSH_BUG_HBSERVICE ? "ssh-userauth" :
                   1710:            authctxt->service;
1.68      markus   1711:        pkalg = xstrdup(key_ssh_name(private));
                   1712:        buffer_init(&b);
                   1713:        /* construct data */
1.72      markus   1714:        buffer_put_string(&b, session_id2, session_id2_len);
1.68      markus   1715:        buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
                   1716:        buffer_put_cstring(&b, authctxt->server_user);
1.72      markus   1717:        buffer_put_cstring(&b, service);
1.68      markus   1718:        buffer_put_cstring(&b, authctxt->method->name);
                   1719:        buffer_put_cstring(&b, pkalg);
                   1720:        buffer_put_string(&b, blob, blen);
                   1721:        buffer_put_cstring(&b, chost);
                   1722:        buffer_put_cstring(&b, authctxt->local_user);
                   1723: #ifdef DEBUG_PK
                   1724:        buffer_dump(&b);
                   1725: #endif
1.100     markus   1726:        if (sensitive->external_keysign)
                   1727:                ok = ssh_keysign(private, &signature, &slen,
                   1728:                    buffer_ptr(&b), buffer_len(&b));
                   1729:        else
                   1730:                ok = key_sign(private, &signature, &slen,
                   1731:                    buffer_ptr(&b), buffer_len(&b));
1.68      markus   1732:        key_free(private);
                   1733:        buffer_free(&b);
                   1734:        if (ok != 0) {
                   1735:                error("key_sign failed");
                   1736:                xfree(chost);
                   1737:                xfree(pkalg);
1.148     djm      1738:                xfree(blob);
1.68      markus   1739:                return 0;
                   1740:        }
                   1741:        packet_start(SSH2_MSG_USERAUTH_REQUEST);
                   1742:        packet_put_cstring(authctxt->server_user);
                   1743:        packet_put_cstring(authctxt->service);
                   1744:        packet_put_cstring(authctxt->method->name);
                   1745:        packet_put_cstring(pkalg);
                   1746:        packet_put_string(blob, blen);
                   1747:        packet_put_cstring(chost);
                   1748:        packet_put_cstring(authctxt->local_user);
                   1749:        packet_put_string(signature, slen);
                   1750:        memset(signature, 's', slen);
                   1751:        xfree(signature);
                   1752:        xfree(chost);
                   1753:        xfree(pkalg);
1.148     djm      1754:        xfree(blob);
1.68      markus   1755:
                   1756:        packet_send();
                   1757:        return 1;
1.23      markus   1758: }
1.20      markus   1759:
1.170     djm      1760: #ifdef JPAKE
                   1761: int
                   1762: userauth_jpake(Authctxt *authctxt)
                   1763: {
                   1764:        struct jpake_ctx *pctx;
                   1765:        u_char *x1_proof, *x2_proof;
                   1766:        u_int x1_proof_len, x2_proof_len;
                   1767:        static int attempt = 0; /* XXX share with userauth_password's? */
                   1768:
                   1769:        if (attempt++ >= options.number_of_password_prompts)
                   1770:                return 0;
                   1771:        if (attempt != 1)
                   1772:                error("Permission denied, please try again.");
                   1773:
                   1774:        if (authctxt->methoddata != NULL)
                   1775:                fatal("%s: authctxt->methoddata already set (%p)",
                   1776:                    __func__, authctxt->methoddata);
                   1777:
                   1778:        authctxt->methoddata = pctx = jpake_new();
                   1779:
                   1780:        /*
                   1781:         * Send request immediately, to get the protocol going while
                   1782:         * we do the initial computations.
                   1783:         */
                   1784:        packet_start(SSH2_MSG_USERAUTH_REQUEST);
                   1785:        packet_put_cstring(authctxt->server_user);
                   1786:        packet_put_cstring(authctxt->service);
                   1787:        packet_put_cstring(authctxt->method->name);
                   1788:        packet_send();
                   1789:        packet_write_wait();
                   1790:
                   1791:        jpake_step1(pctx->grp,
                   1792:            &pctx->client_id, &pctx->client_id_len,
                   1793:            &pctx->x1, &pctx->x2, &pctx->g_x1, &pctx->g_x2,
                   1794:            &x1_proof, &x1_proof_len,
                   1795:            &x2_proof, &x2_proof_len);
                   1796:
                   1797:        JPAKE_DEBUG_CTX((pctx, "step 1 sending in %s", __func__));
                   1798:
                   1799:        packet_start(SSH2_MSG_USERAUTH_JPAKE_CLIENT_STEP1);
                   1800:        packet_put_string(pctx->client_id, pctx->client_id_len);
                   1801:        packet_put_bignum2(pctx->g_x1);
                   1802:        packet_put_bignum2(pctx->g_x2);
                   1803:        packet_put_string(x1_proof, x1_proof_len);
                   1804:        packet_put_string(x2_proof, x2_proof_len);
                   1805:        packet_send();
                   1806:
                   1807:        bzero(x1_proof, x1_proof_len);
                   1808:        bzero(x2_proof, x2_proof_len);
                   1809:        xfree(x1_proof);
                   1810:        xfree(x2_proof);
                   1811:
                   1812:        /* Expect step 1 packet from peer */
                   1813:        dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_STEP1,
                   1814:            input_userauth_jpake_server_step1);
1.172     djm      1815:        dispatch_set(SSH2_MSG_USERAUTH_SUCCESS,
                   1816:            &input_userauth_success_unexpected);
1.170     djm      1817:
                   1818:        return 1;
                   1819: }
                   1820:
                   1821: void
                   1822: userauth_jpake_cleanup(Authctxt *authctxt)
                   1823: {
                   1824:        debug3("%s: clean up", __func__);
                   1825:        if (authctxt->methoddata != NULL) {
                   1826:                jpake_free(authctxt->methoddata);
                   1827:                authctxt->methoddata = NULL;
                   1828:        }
1.172     djm      1829:        dispatch_set(SSH2_MSG_USERAUTH_SUCCESS, &input_userauth_success);
1.170     djm      1830: }
                   1831: #endif /* JPAKE */
                   1832:
1.20      markus   1833: /* find auth method */
                   1834:
                   1835: /*
                   1836:  * given auth method name, if configurable options permit this method fill
                   1837:  * in auth_ident field and return true, otherwise return false.
                   1838:  */
1.76      itojun   1839: static int
1.20      markus   1840: authmethod_is_enabled(Authmethod *method)
                   1841: {
                   1842:        if (method == NULL)
                   1843:                return 0;
                   1844:        /* return false if options indicate this method is disabled */
                   1845:        if  (method->enabled == NULL || *method->enabled == 0)
                   1846:                return 0;
                   1847:        /* return false if batch mode is enabled but method needs interactive mode */
                   1848:        if  (method->batch_flag != NULL && *method->batch_flag != 0)
                   1849:                return 0;
                   1850:        return 1;
                   1851: }
                   1852:
1.76      itojun   1853: static Authmethod *
1.20      markus   1854: authmethod_lookup(const char *name)
1.1       markus   1855: {
1.20      markus   1856:        Authmethod *method = NULL;
                   1857:        if (name != NULL)
                   1858:                for (method = authmethods; method->name != NULL; method++)
                   1859:                        if (strcmp(name, method->name) == 0)
                   1860:                                return method;
                   1861:        debug2("Unrecognized authentication method name: %s", name ? name : "NULL");
                   1862:        return NULL;
                   1863: }
1.1       markus   1864:
1.53      markus   1865: /* XXX internal state */
                   1866: static Authmethod *current = NULL;
                   1867: static char *supported = NULL;
                   1868: static char *preferred = NULL;
1.105     deraadt  1869:
1.20      markus   1870: /*
                   1871:  * Given the authentication method list sent by the server, return the
                   1872:  * next method we should try.  If the server initially sends a nil list,
1.67      markus   1873:  * use a built-in default list.
1.41      stevesk  1874:  */
1.76      itojun   1875: static Authmethod *
1.20      markus   1876: authmethod_get(char *authlist)
                   1877: {
1.53      markus   1878:        char *name = NULL;
1.97      markus   1879:        u_int next;
1.41      stevesk  1880:
1.20      markus   1881:        /* Use a suitable default if we're passed a nil list.  */
                   1882:        if (authlist == NULL || strlen(authlist) == 0)
1.53      markus   1883:                authlist = options.preferred_authentications;
1.20      markus   1884:
1.53      markus   1885:        if (supported == NULL || strcmp(authlist, supported) != 0) {
                   1886:                debug3("start over, passed a different list %s", authlist);
                   1887:                if (supported != NULL)
                   1888:                        xfree(supported);
                   1889:                supported = xstrdup(authlist);
                   1890:                preferred = options.preferred_authentications;
                   1891:                debug3("preferred %s", preferred);
                   1892:                current = NULL;
                   1893:        } else if (current != NULL && authmethod_is_enabled(current))
                   1894:                return current;
1.20      markus   1895:
1.53      markus   1896:        for (;;) {
                   1897:                if ((name = match_list(preferred, supported, &next)) == NULL) {
1.109     markus   1898:                        debug("No more authentication methods to try.");
1.53      markus   1899:                        current = NULL;
                   1900:                        return NULL;
                   1901:                }
                   1902:                preferred += next;
1.23      markus   1903:                debug3("authmethod_lookup %s", name);
1.53      markus   1904:                debug3("remaining preferred: %s", preferred);
                   1905:                if ((current = authmethod_lookup(name)) != NULL &&
                   1906:                    authmethod_is_enabled(current)) {
1.23      markus   1907:                        debug3("authmethod_is_enabled %s", name);
1.109     markus   1908:                        debug("Next authentication method: %s", name);
1.187     djm      1909:                        xfree(name);
1.53      markus   1910:                        return current;
1.23      markus   1911:                }
1.1       markus   1912:        }
1.53      markus   1913: }
1.1       markus   1914:
1.79      stevesk  1915: static char *
1.53      markus   1916: authmethods_get(void)
                   1917: {
                   1918:        Authmethod *method = NULL;
1.93      markus   1919:        Buffer b;
                   1920:        char *list;
1.27      provos   1921:
1.93      markus   1922:        buffer_init(&b);
1.53      markus   1923:        for (method = authmethods; method->name != NULL; method++) {
                   1924:                if (authmethod_is_enabled(method)) {
1.93      markus   1925:                        if (buffer_len(&b) > 0)
                   1926:                                buffer_append(&b, ",", 1);
                   1927:                        buffer_append(&b, method->name, strlen(method->name));
1.53      markus   1928:                }
                   1929:        }
1.93      markus   1930:        buffer_append(&b, "\0", 1);
                   1931:        list = xstrdup(buffer_ptr(&b));
                   1932:        buffer_free(&b);
                   1933:        return list;
1.1       markus   1934: }
1.170     djm      1935: