Annotation of src/usr.bin/ssh/sshconnect2.c, Revision 1.204.4.1
1.204.4.1! djm 1: /* $OpenBSD: sshconnect2.c,v 1.204 2014/02/02 03:44:32 djm Exp $ */
1.1 markus 2: /*
3: * Copyright (c) 2000 Markus Friedl. All rights reserved.
1.170 djm 4: * Copyright (c) 2008 Damien Miller. All rights reserved.
1.1 markus 5: *
6: * Redistribution and use in source and binary forms, with or without
7: * modification, are permitted provided that the following conditions
8: * are met:
9: * 1. Redistributions of source code must retain the above copyright
10: * notice, this list of conditions and the following disclaimer.
11: * 2. Redistributions in binary form must reproduce the above copyright
12: * notice, this list of conditions and the following disclaimer in the
13: * documentation and/or other materials provided with the distribution.
14: *
15: * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
16: * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
17: * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
18: * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
19: * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
20: * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
21: * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
22: * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23: * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
24: * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25: */
26:
1.145 stevesk 27: #include <sys/types.h>
1.160 deraadt 28: #include <sys/socket.h>
1.145 stevesk 29: #include <sys/wait.h>
1.144 stevesk 30: #include <sys/queue.h>
1.146 stevesk 31: #include <sys/stat.h>
1.156 stevesk 32:
33: #include <errno.h>
1.174 dtucker 34: #include <fcntl.h>
1.164 jolan 35: #include <netdb.h>
1.159 stevesk 36: #include <stdio.h>
1.158 stevesk 37: #include <string.h>
1.160 deraadt 38: #include <signal.h>
39: #include <pwd.h>
1.157 stevesk 40: #include <unistd.h>
1.166 djm 41: #include <vis.h>
1.1 markus 42:
1.160 deraadt 43: #include "xmalloc.h"
1.1 markus 44: #include "ssh.h"
1.37 markus 45: #include "ssh2.h"
1.1 markus 46: #include "buffer.h"
47: #include "packet.h"
48: #include "compat.h"
1.37 markus 49: #include "cipher.h"
1.160 deraadt 50: #include "key.h"
1.1 markus 51: #include "kex.h"
52: #include "myproposal.h"
53: #include "sshconnect.h"
54: #include "authfile.h"
1.57 provos 55: #include "dh.h"
1.17 markus 56: #include "authfd.h"
1.37 markus 57: #include "log.h"
58: #include "readconf.h"
1.137 djm 59: #include "misc.h"
1.53 markus 60: #include "match.h"
1.61 markus 61: #include "dispatch.h"
1.68 markus 62: #include "canohost.h"
1.100 markus 63: #include "msg.h"
64: #include "pathnames.h"
1.154 markus 65: #include "uidswap.h"
1.186 djm 66: #include "hostfile.h"
1.22 provos 67:
1.121 markus 68: #ifdef GSSAPI
69: #include "ssh-gss.h"
70: #endif
71:
1.1 markus 72: /* import */
73: extern char *client_version_string;
74: extern char *server_version_string;
75: extern Options options;
76:
77: /*
78: * SSH2 key exchange
79: */
80:
1.32 markus 81: u_char *session_id2 = NULL;
1.120 markus 82: u_int session_id2_len = 0;
1.1 markus 83:
1.61 markus 84: char *xxx_host;
85: struct sockaddr *xxx_hostaddr;
86:
1.63 markus 87: Kex *xxx_kex = NULL;
88:
1.76 itojun 89: static int
1.75 markus 90: verify_host_key_callback(Key *hostkey)
1.61 markus 91: {
1.75 markus 92: if (verify_host_key(xxx_host, xxx_hostaddr, hostkey) == -1)
1.83 markus 93: fatal("Host key verification failed.");
1.61 markus 94: return 0;
95: }
96:
1.186 djm 97: static char *
98: order_hostkeyalgs(char *host, struct sockaddr *hostaddr, u_short port)
99: {
100: char *oavail, *avail, *first, *last, *alg, *hostname, *ret;
101: size_t maxlen;
102: struct hostkeys *hostkeys;
103: int ktype;
1.188 djm 104: u_int i;
1.186 djm 105:
106: /* Find all hostkeys for this hostname */
107: get_hostfile_hostname_ipaddr(host, hostaddr, port, &hostname, NULL);
108: hostkeys = init_hostkeys();
1.188 djm 109: for (i = 0; i < options.num_user_hostfiles; i++)
110: load_hostkeys(hostkeys, hostname, options.user_hostfiles[i]);
111: for (i = 0; i < options.num_system_hostfiles; i++)
112: load_hostkeys(hostkeys, hostname, options.system_hostfiles[i]);
1.186 djm 113:
114: oavail = avail = xstrdup(KEX_DEFAULT_PK_ALG);
115: maxlen = strlen(avail) + 1;
116: first = xmalloc(maxlen);
117: last = xmalloc(maxlen);
118: *first = *last = '\0';
119:
120: #define ALG_APPEND(to, from) \
121: do { \
122: if (*to != '\0') \
123: strlcat(to, ",", maxlen); \
124: strlcat(to, from, maxlen); \
125: } while (0)
126:
127: while ((alg = strsep(&avail, ",")) && *alg != '\0') {
128: if ((ktype = key_type_from_name(alg)) == KEY_UNSPEC)
129: fatal("%s: unknown alg %s", __func__, alg);
130: if (lookup_key_in_hostkeys_by_type(hostkeys,
131: key_type_plain(ktype), NULL))
132: ALG_APPEND(first, alg);
133: else
134: ALG_APPEND(last, alg);
135: }
136: #undef ALG_APPEND
137: xasprintf(&ret, "%s%s%s", first, *first == '\0' ? "" : ",", last);
138: if (*first != '\0')
139: debug3("%s: prefer hostkeyalgs: %s", __func__, first);
140:
1.197 djm 141: free(first);
142: free(last);
143: free(hostname);
144: free(oavail);
1.186 djm 145: free_hostkeys(hostkeys);
146:
147: return ret;
148: }
149:
1.1 markus 150: void
1.186 djm 151: ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port)
1.22 provos 152: {
153: Kex *kex;
1.61 markus 154:
155: xxx_host = host;
156: xxx_hostaddr = hostaddr;
1.22 provos 157:
1.29 markus 158: if (options.ciphers == (char *)-1) {
1.116 itojun 159: logit("No valid ciphers for protocol version 2 given, using defaults.");
1.29 markus 160: options.ciphers = NULL;
1.24 markus 161: }
1.22 provos 162: if (options.ciphers != NULL) {
163: myproposal[PROPOSAL_ENC_ALGS_CTOS] =
164: myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers;
165: }
1.60 stevesk 166: myproposal[PROPOSAL_ENC_ALGS_CTOS] =
167: compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_CTOS]);
168: myproposal[PROPOSAL_ENC_ALGS_STOC] =
169: compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_STOC]);
1.22 provos 170: if (options.compression) {
1.47 markus 171: myproposal[PROPOSAL_COMP_ALGS_CTOS] =
1.141 markus 172: myproposal[PROPOSAL_COMP_ALGS_STOC] = "zlib@openssh.com,zlib,none";
1.22 provos 173: } else {
1.47 markus 174: myproposal[PROPOSAL_COMP_ALGS_CTOS] =
1.141 markus 175: myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib@openssh.com,zlib";
1.47 markus 176: }
177: if (options.macs != NULL) {
178: myproposal[PROPOSAL_MAC_ALGS_CTOS] =
179: myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
1.22 provos 180: }
1.70 markus 181: if (options.hostkeyalgorithms != NULL)
1.88 deraadt 182: myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
1.200 djm 183: compat_pkalg_proposal(options.hostkeyalgorithms);
1.186 djm 184: else {
185: /* Prefer algorithms that we already have keys for */
186: myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
1.200 djm 187: compat_pkalg_proposal(
188: order_hostkeyalgs(host, hostaddr, port));
1.186 djm 189: }
1.185 djm 190: if (options.kex_algorithms != NULL)
191: myproposal[PROPOSAL_KEX_ALGS] = options.kex_algorithms;
1.204.4.1! djm 192: myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(
! 193: myproposal[PROPOSAL_KEX_ALGS]);
1.115 markus 194:
1.196 dtucker 195: if (options.rekey_limit || options.rekey_interval)
196: packet_set_rekey_limits((u_int32_t)options.rekey_limit,
197: (time_t)options.rekey_interval);
1.22 provos 198:
1.65 markus 199: /* start key exchange */
1.64 markus 200: kex = kex_setup(myproposal);
1.111 markus 201: kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client;
1.138 djm 202: kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client;
1.111 markus 203: kex->kex[KEX_DH_GEX_SHA1] = kexgex_client;
1.147 djm 204: kex->kex[KEX_DH_GEX_SHA256] = kexgex_client;
1.184 djm 205: kex->kex[KEX_ECDH_SHA2] = kexecdh_client;
1.199 markus 206: kex->kex[KEX_C25519_SHA256] = kexc25519_client;
1.61 markus 207: kex->client_version_string=client_version_string;
208: kex->server_version_string=server_version_string;
1.75 markus 209: kex->verify_host_key=&verify_host_key_callback;
1.63 markus 210:
211: xxx_kex = kex;
1.22 provos 212:
1.66 markus 213: dispatch_run(DISPATCH_BLOCK, &kex->done, kex);
1.173 andreas 214:
215: if (options.use_roaming && !kex->roaming) {
216: debug("Roaming not allowed by server");
217: options.use_roaming = 0;
218: }
1.62 markus 219:
220: session_id2 = kex->session_id;
221: session_id2_len = kex->session_id_len;
1.22 provos 222:
223: #ifdef DEBUG_KEXDH
224: /* send 1st encrypted/maced/compressed message */
225: packet_start(SSH2_MSG_IGNORE);
226: packet_put_cstring("markus");
227: packet_send();
228: packet_write_wait();
229: #endif
1.1 markus 230: }
1.11 markus 231:
1.1 markus 232: /*
233: * Authenticate user
234: */
1.20 markus 235:
236: typedef struct Authctxt Authctxt;
237: typedef struct Authmethod Authmethod;
1.117 markus 238: typedef struct identity Identity;
239: typedef struct idlist Idlist;
1.20 markus 240:
1.117 markus 241: struct identity {
242: TAILQ_ENTRY(identity) next;
243: AuthenticationConnection *ac; /* set if agent supports key */
244: Key *key; /* public/private key */
245: char *filename; /* comment for agent-only keys */
246: int tried;
247: int isprivate; /* key points to the private key */
1.191 dtucker 248: int userprovided;
1.117 markus 249: };
250: TAILQ_HEAD(idlist, identity);
1.20 markus 251:
252: struct Authctxt {
253: const char *server_user;
1.68 markus 254: const char *local_user;
1.20 markus 255: const char *host;
256: const char *service;
1.23 markus 257: Authmethod *method;
1.183 djm 258: sig_atomic_t success;
1.51 markus 259: char *authlist;
1.68 markus 260: /* pubkey */
1.117 markus 261: Idlist keys;
1.68 markus 262: AuthenticationConnection *agent;
263: /* hostbased */
1.100 markus 264: Sensitive *sensitive;
1.82 markus 265: /* kbd-interactive */
266: int info_req_seen;
1.121 markus 267: /* generic */
268: void *methoddata;
1.20 markus 269: };
270: struct Authmethod {
271: char *name; /* string to compare against server's list */
272: int (*userauth)(Authctxt *authctxt);
1.170 djm 273: void (*cleanup)(Authctxt *authctxt);
1.20 markus 274: int *enabled; /* flag in option struct that enables method */
275: int *batch_flag; /* flag in option struct that disables method */
276: };
277:
1.92 markus 278: void input_userauth_success(int, u_int32_t, void *);
1.172 djm 279: void input_userauth_success_unexpected(int, u_int32_t, void *);
1.92 markus 280: void input_userauth_failure(int, u_int32_t, void *);
281: void input_userauth_banner(int, u_int32_t, void *);
282: void input_userauth_error(int, u_int32_t, void *);
283: void input_userauth_info_req(int, u_int32_t, void *);
284: void input_userauth_pk_ok(int, u_int32_t, void *);
1.99 markus 285: void input_userauth_passwd_changereq(int, u_int32_t, void *);
1.86 itojun 286:
287: int userauth_none(Authctxt *);
288: int userauth_pubkey(Authctxt *);
289: int userauth_passwd(Authctxt *);
290: int userauth_kbdint(Authctxt *);
291: int userauth_hostbased(Authctxt *);
1.20 markus 292:
1.121 markus 293: #ifdef GSSAPI
294: int userauth_gssapi(Authctxt *authctxt);
295: void input_gssapi_response(int type, u_int32_t, void *);
296: void input_gssapi_token(int type, u_int32_t, void *);
297: void input_gssapi_hash(int type, u_int32_t, void *);
298: void input_gssapi_error(int, u_int32_t, void *);
299: void input_gssapi_errtok(int, u_int32_t, void *);
300: #endif
301:
1.86 itojun 302: void userauth(Authctxt *, char *);
1.51 markus 303:
1.117 markus 304: static int sign_and_send_pubkey(Authctxt *, Identity *);
305: static void pubkey_prepare(Authctxt *);
306: static void pubkey_cleanup(Authctxt *);
1.191 dtucker 307: static Key *load_identity_file(char *, int);
1.76 itojun 308:
309: static Authmethod *authmethod_get(char *authlist);
310: static Authmethod *authmethod_lookup(const char *name);
311: static char *authmethods_get(void);
1.20 markus 312:
313: Authmethod authmethods[] = {
1.121 markus 314: #ifdef GSSAPI
1.132 markus 315: {"gssapi-with-mic",
1.121 markus 316: userauth_gssapi,
1.170 djm 317: NULL,
1.121 markus 318: &options.gss_authentication,
319: NULL},
320: #endif
1.81 markus 321: {"hostbased",
322: userauth_hostbased,
1.170 djm 323: NULL,
1.81 markus 324: &options.hostbased_authentication,
325: NULL},
1.20 markus 326: {"publickey",
327: userauth_pubkey,
1.170 djm 328: NULL,
1.28 markus 329: &options.pubkey_authentication,
1.20 markus 330: NULL},
1.81 markus 331: {"keyboard-interactive",
332: userauth_kbdint,
1.170 djm 333: NULL,
1.81 markus 334: &options.kbd_interactive_authentication,
335: &options.batch_mode},
1.20 markus 336: {"password",
337: userauth_passwd,
1.170 djm 338: NULL,
1.20 markus 339: &options.password_authentication,
1.23 markus 340: &options.batch_mode},
341: {"none",
342: userauth_none,
343: NULL,
1.170 djm 344: NULL,
1.23 markus 345: NULL},
1.170 djm 346: {NULL, NULL, NULL, NULL, NULL}
1.20 markus 347: };
348:
349: void
1.68 markus 350: ssh_userauth2(const char *local_user, const char *server_user, char *host,
1.100 markus 351: Sensitive *sensitive)
1.20 markus 352: {
353: Authctxt authctxt;
354: int type;
1.39 markus 355:
1.73 markus 356: if (options.challenge_response_authentication)
1.39 markus 357: options.kbd_interactive_authentication = 1;
1.20 markus 358:
359: packet_start(SSH2_MSG_SERVICE_REQUEST);
360: packet_put_cstring("ssh-userauth");
361: packet_send();
1.108 markus 362: debug("SSH2_MSG_SERVICE_REQUEST sent");
1.20 markus 363: packet_write_wait();
1.91 markus 364: type = packet_read();
1.108 markus 365: if (type != SSH2_MSG_SERVICE_ACCEPT)
366: fatal("Server denied authentication request: %d", type);
1.20 markus 367: if (packet_remaining() > 0) {
1.91 markus 368: char *reply = packet_get_string(NULL);
1.108 markus 369: debug2("service_accept: %s", reply);
1.197 djm 370: free(reply);
1.20 markus 371: } else {
1.109 markus 372: debug2("buggy server: service_accept w/o service");
1.20 markus 373: }
1.90 markus 374: packet_check_eom();
1.108 markus 375: debug("SSH2_MSG_SERVICE_ACCEPT received");
1.20 markus 376:
1.53 markus 377: if (options.preferred_authentications == NULL)
378: options.preferred_authentications = authmethods_get();
379:
1.20 markus 380: /* setup authentication context */
1.82 markus 381: memset(&authctxt, 0, sizeof(authctxt));
1.117 markus 382: pubkey_prepare(&authctxt);
1.20 markus 383: authctxt.server_user = server_user;
1.68 markus 384: authctxt.local_user = local_user;
1.20 markus 385: authctxt.host = host;
386: authctxt.service = "ssh-connection"; /* service name */
387: authctxt.success = 0;
1.23 markus 388: authctxt.method = authmethod_lookup("none");
1.51 markus 389: authctxt.authlist = NULL;
1.121 markus 390: authctxt.methoddata = NULL;
1.100 markus 391: authctxt.sensitive = sensitive;
1.82 markus 392: authctxt.info_req_seen = 0;
1.23 markus 393: if (authctxt.method == NULL)
394: fatal("ssh_userauth2: internal error: cannot send userauth none request");
1.20 markus 395:
396: /* initial userauth request */
1.23 markus 397: userauth_none(&authctxt);
1.20 markus 398:
1.65 markus 399: dispatch_init(&input_userauth_error);
1.20 markus 400: dispatch_set(SSH2_MSG_USERAUTH_SUCCESS, &input_userauth_success);
401: dispatch_set(SSH2_MSG_USERAUTH_FAILURE, &input_userauth_failure);
1.35 markus 402: dispatch_set(SSH2_MSG_USERAUTH_BANNER, &input_userauth_banner);
1.20 markus 403: dispatch_run(DISPATCH_BLOCK, &authctxt.success, &authctxt); /* loop until success */
404:
1.117 markus 405: pubkey_cleanup(&authctxt);
1.119 markus 406: dispatch_range(SSH2_MSG_USERAUTH_MIN, SSH2_MSG_USERAUTH_MAX, NULL);
407:
1.109 markus 408: debug("Authentication succeeded (%s).", authctxt.method->name);
1.20 markus 409: }
1.119 markus 410:
1.20 markus 411: void
1.51 markus 412: userauth(Authctxt *authctxt, char *authlist)
413: {
1.170 djm 414: if (authctxt->method != NULL && authctxt->method->cleanup != NULL)
415: authctxt->method->cleanup(authctxt);
416:
1.197 djm 417: free(authctxt->methoddata);
418: authctxt->methoddata = NULL;
1.51 markus 419: if (authlist == NULL) {
420: authlist = authctxt->authlist;
421: } else {
1.197 djm 422: free(authctxt->authlist);
1.51 markus 423: authctxt->authlist = authlist;
424: }
425: for (;;) {
426: Authmethod *method = authmethod_get(authlist);
427: if (method == NULL)
428: fatal("Permission denied (%s).", authlist);
429: authctxt->method = method;
1.119 markus 430:
431: /* reset the per method handler */
432: dispatch_range(SSH2_MSG_USERAUTH_PER_METHOD_MIN,
433: SSH2_MSG_USERAUTH_PER_METHOD_MAX, NULL);
434:
435: /* and try new method */
1.51 markus 436: if (method->userauth(authctxt) != 0) {
437: debug2("we sent a %s packet, wait for reply", method->name);
438: break;
439: } else {
440: debug2("we did not send a packet, disable method");
441: method->enabled = NULL;
442: }
443: }
444: }
1.105 deraadt 445:
1.169 djm 446: /* ARGSUSED */
1.51 markus 447: void
1.92 markus 448: input_userauth_error(int type, u_int32_t seq, void *ctxt)
1.20 markus 449: {
1.35 markus 450: fatal("input_userauth_error: bad message during authentication: "
1.140 djm 451: "type %d", type);
1.35 markus 452: }
1.105 deraadt 453:
1.169 djm 454: /* ARGSUSED */
1.35 markus 455: void
1.92 markus 456: input_userauth_banner(int type, u_int32_t seq, void *ctxt)
1.35 markus 457: {
1.166 djm 458: char *msg, *raw, *lang;
459: u_int len;
1.126 deraadt 460:
1.35 markus 461: debug3("input_userauth_banner");
1.166 djm 462: raw = packet_get_string(&len);
1.35 markus 463: lang = packet_get_string(NULL);
1.167 markus 464: if (len > 0 && options.log_level >= SYSLOG_LEVEL_INFO) {
1.166 djm 465: if (len > 65536)
466: len = 65536;
1.168 deraadt 467: msg = xmalloc(len * 4 + 1); /* max expansion from strnvis() */
1.177 dtucker 468: strnvis(msg, raw, len * 4 + 1, VIS_SAFE|VIS_OCTAL|VIS_NOSLASH);
1.125 dtucker 469: fprintf(stderr, "%s", msg);
1.197 djm 470: free(msg);
1.166 djm 471: }
1.197 djm 472: free(raw);
473: free(lang);
1.20 markus 474: }
1.105 deraadt 475:
1.169 djm 476: /* ARGSUSED */
1.20 markus 477: void
1.92 markus 478: input_userauth_success(int type, u_int32_t seq, void *ctxt)
1.20 markus 479: {
480: Authctxt *authctxt = ctxt;
1.172 djm 481:
1.20 markus 482: if (authctxt == NULL)
483: fatal("input_userauth_success: no authentication context");
1.197 djm 484: free(authctxt->authlist);
485: authctxt->authlist = NULL;
1.172 djm 486: if (authctxt->method != NULL && authctxt->method->cleanup != NULL)
487: authctxt->method->cleanup(authctxt);
1.197 djm 488: free(authctxt->methoddata);
489: authctxt->methoddata = NULL;
1.20 markus 490: authctxt->success = 1; /* break out */
491: }
1.105 deraadt 492:
1.172 djm 493: void
494: input_userauth_success_unexpected(int type, u_int32_t seq, void *ctxt)
495: {
496: Authctxt *authctxt = ctxt;
497:
498: if (authctxt == NULL)
499: fatal("%s: no authentication context", __func__);
500:
501: fatal("Unexpected authentication success during %s.",
502: authctxt->method->name);
503: }
504:
1.169 djm 505: /* ARGSUSED */
1.20 markus 506: void
1.92 markus 507: input_userauth_failure(int type, u_int32_t seq, void *ctxt)
1.20 markus 508: {
509: Authctxt *authctxt = ctxt;
510: char *authlist = NULL;
511: int partial;
512:
513: if (authctxt == NULL)
514: fatal("input_userauth_failure: no authentication context");
515:
1.23 markus 516: authlist = packet_get_string(NULL);
1.20 markus 517: partial = packet_get_char();
1.90 markus 518: packet_check_eom();
1.20 markus 519:
1.193 markus 520: if (partial != 0) {
1.116 itojun 521: logit("Authenticated with partial success.");
1.193 markus 522: /* reset state */
523: pubkey_cleanup(authctxt);
524: pubkey_prepare(authctxt);
525: }
1.109 markus 526: debug("Authentications that can continue: %s", authlist);
1.20 markus 527:
1.51 markus 528: userauth(authctxt, authlist);
529: }
1.169 djm 530:
531: /* ARGSUSED */
1.51 markus 532: void
1.92 markus 533: input_userauth_pk_ok(int type, u_int32_t seq, void *ctxt)
1.51 markus 534: {
535: Authctxt *authctxt = ctxt;
536: Key *key = NULL;
1.117 markus 537: Identity *id = NULL;
1.51 markus 538: Buffer b;
1.96 markus 539: int pktype, sent = 0;
540: u_int alen, blen;
541: char *pkalg, *fp;
542: u_char *pkblob;
1.51 markus 543:
544: if (authctxt == NULL)
545: fatal("input_userauth_pk_ok: no authentication context");
546: if (datafellows & SSH_BUG_PKOK) {
547: /* this is similar to SSH_BUG_PKAUTH */
548: debug2("input_userauth_pk_ok: SSH_BUG_PKOK");
549: pkblob = packet_get_string(&blen);
550: buffer_init(&b);
551: buffer_append(&b, pkblob, blen);
552: pkalg = buffer_get_string(&b, &alen);
553: buffer_free(&b);
554: } else {
555: pkalg = packet_get_string(&alen);
556: pkblob = packet_get_string(&blen);
557: }
1.90 markus 558: packet_check_eom();
1.51 markus 559:
1.117 markus 560: debug("Server accepts key: pkalg %s blen %u", pkalg, blen);
1.51 markus 561:
1.117 markus 562: if ((pktype = key_type_from_name(pkalg)) == KEY_UNSPEC) {
563: debug("unknown pkalg %s", pkalg);
564: goto done;
565: }
566: if ((key = key_from_blob(pkblob, blen)) == NULL) {
567: debug("no key from blob. pkalg %s", pkalg);
568: goto done;
569: }
570: if (key->type != pktype) {
571: error("input_userauth_pk_ok: type mismatch "
572: "for decoded key (received %d, expected %d)",
573: key->type, pktype);
574: goto done;
575: }
576: fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
577: debug2("input_userauth_pk_ok: fp %s", fp);
1.197 djm 578: free(fp);
1.117 markus 579:
1.127 markus 580: /*
581: * search keys in the reverse order, because last candidate has been
582: * moved to the end of the queue. this also avoids confusion by
583: * duplicate keys
584: */
1.136 henning 585: TAILQ_FOREACH_REVERSE(id, &authctxt->keys, idlist, next) {
1.117 markus 586: if (key_equal(key, id->key)) {
587: sent = sign_and_send_pubkey(authctxt, id);
1.51 markus 588: break;
589: }
1.117 markus 590: }
591: done:
1.51 markus 592: if (key != NULL)
593: key_free(key);
1.197 djm 594: free(pkalg);
595: free(pkblob);
1.51 markus 596:
1.106 deraadt 597: /* try another method if we did not send a packet */
1.51 markus 598: if (sent == 0)
599: userauth(authctxt, NULL);
1.20 markus 600: }
1.121 markus 601:
602: #ifdef GSSAPI
1.133 djm 603: int
1.121 markus 604: userauth_gssapi(Authctxt *authctxt)
605: {
606: Gssctxt *gssctxt = NULL;
1.128 avsm 607: static gss_OID_set gss_supported = NULL;
1.139 djm 608: static u_int mech = 0;
1.121 markus 609: OM_uint32 min;
610: int ok = 0;
611:
612: /* Try one GSSAPI method at a time, rather than sending them all at
613: * once. */
614:
1.128 avsm 615: if (gss_supported == NULL)
616: gss_indicate_mechs(&min, &gss_supported);
1.121 markus 617:
618: /* Check to see if the mechanism is usable before we offer it */
1.128 avsm 619: while (mech < gss_supported->count && !ok) {
1.121 markus 620: /* My DER encoding requires length<128 */
1.128 avsm 621: if (gss_supported->elements[mech].length < 128 &&
1.161 djm 622: ssh_gssapi_check_mechanism(&gssctxt,
623: &gss_supported->elements[mech], authctxt->host)) {
1.121 markus 624: ok = 1; /* Mechanism works */
625: } else {
626: mech++;
627: }
628: }
629:
1.161 djm 630: if (!ok)
1.139 djm 631: return 0;
1.121 markus 632:
633: authctxt->methoddata=(void *)gssctxt;
634:
635: packet_start(SSH2_MSG_USERAUTH_REQUEST);
636: packet_put_cstring(authctxt->server_user);
637: packet_put_cstring(authctxt->service);
638: packet_put_cstring(authctxt->method->name);
639:
640: packet_put_int(1);
641:
1.129 markus 642: packet_put_int((gss_supported->elements[mech].length) + 2);
643: packet_put_char(SSH_GSS_OIDTYPE);
644: packet_put_char(gss_supported->elements[mech].length);
645: packet_put_raw(gss_supported->elements[mech].elements,
646: gss_supported->elements[mech].length);
1.121 markus 647:
648: packet_send();
649:
650: dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_RESPONSE, &input_gssapi_response);
651: dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, &input_gssapi_token);
652: dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERROR, &input_gssapi_error);
653: dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, &input_gssapi_errtok);
654:
655: mech++; /* Move along to next candidate */
656:
657: return 1;
658: }
659:
1.130 markus 660: static OM_uint32
661: process_gssapi_token(void *ctxt, gss_buffer_t recv_tok)
662: {
663: Authctxt *authctxt = ctxt;
664: Gssctxt *gssctxt = authctxt->methoddata;
665: gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
1.142 djm 666: gss_buffer_desc mic = GSS_C_EMPTY_BUFFER;
667: gss_buffer_desc gssbuf;
1.132 markus 668: OM_uint32 status, ms, flags;
669: Buffer b;
1.133 djm 670:
1.130 markus 671: status = ssh_gssapi_init_ctx(gssctxt, options.gss_deleg_creds,
1.132 markus 672: recv_tok, &send_tok, &flags);
1.130 markus 673:
674: if (send_tok.length > 0) {
675: if (GSS_ERROR(status))
676: packet_start(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK);
677: else
678: packet_start(SSH2_MSG_USERAUTH_GSSAPI_TOKEN);
1.133 djm 679:
1.130 markus 680: packet_put_string(send_tok.value, send_tok.length);
681: packet_send();
682: gss_release_buffer(&ms, &send_tok);
683: }
1.133 djm 684:
1.130 markus 685: if (status == GSS_S_COMPLETE) {
1.132 markus 686: /* send either complete or MIC, depending on mechanism */
687: if (!(flags & GSS_C_INTEG_FLAG)) {
688: packet_start(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE);
689: packet_send();
690: } else {
691: ssh_gssapi_buildmic(&b, authctxt->server_user,
692: authctxt->service, "gssapi-with-mic");
693:
694: gssbuf.value = buffer_ptr(&b);
695: gssbuf.length = buffer_len(&b);
1.133 djm 696:
1.132 markus 697: status = ssh_gssapi_sign(gssctxt, &gssbuf, &mic);
1.133 djm 698:
1.132 markus 699: if (!GSS_ERROR(status)) {
700: packet_start(SSH2_MSG_USERAUTH_GSSAPI_MIC);
701: packet_put_string(mic.value, mic.length);
1.133 djm 702:
1.132 markus 703: packet_send();
704: }
1.133 djm 705:
1.132 markus 706: buffer_free(&b);
707: gss_release_buffer(&ms, &mic);
1.133 djm 708: }
1.130 markus 709: }
1.133 djm 710:
1.130 markus 711: return status;
712: }
713:
1.169 djm 714: /* ARGSUSED */
1.121 markus 715: void
716: input_gssapi_response(int type, u_int32_t plen, void *ctxt)
717: {
718: Authctxt *authctxt = ctxt;
719: Gssctxt *gssctxt;
720: int oidlen;
721: char *oidv;
722:
723: if (authctxt == NULL)
724: fatal("input_gssapi_response: no authentication context");
725: gssctxt = authctxt->methoddata;
726:
727: /* Setup our OID */
728: oidv = packet_get_string(&oidlen);
729:
1.129 markus 730: if (oidlen <= 2 ||
731: oidv[0] != SSH_GSS_OIDTYPE ||
732: oidv[1] != oidlen - 2) {
1.197 djm 733: free(oidv);
1.129 markus 734: debug("Badly encoded mechanism OID received");
735: userauth(authctxt, NULL);
736: return;
1.121 markus 737: }
1.129 markus 738:
739: if (!ssh_gssapi_check_oid(gssctxt, oidv + 2, oidlen - 2))
740: fatal("Server returned different OID than expected");
1.121 markus 741:
742: packet_check_eom();
743:
1.197 djm 744: free(oidv);
1.121 markus 745:
1.130 markus 746: if (GSS_ERROR(process_gssapi_token(ctxt, GSS_C_NO_BUFFER))) {
1.121 markus 747: /* Start again with next method on list */
748: debug("Trying to start again");
749: userauth(authctxt, NULL);
750: return;
751: }
752: }
753:
1.169 djm 754: /* ARGSUSED */
1.121 markus 755: void
756: input_gssapi_token(int type, u_int32_t plen, void *ctxt)
757: {
758: Authctxt *authctxt = ctxt;
759: gss_buffer_desc recv_tok;
1.130 markus 760: OM_uint32 status;
1.121 markus 761: u_int slen;
762:
763: if (authctxt == NULL)
764: fatal("input_gssapi_response: no authentication context");
765:
766: recv_tok.value = packet_get_string(&slen);
767: recv_tok.length = slen; /* safe typecast */
768:
769: packet_check_eom();
770:
1.130 markus 771: status = process_gssapi_token(ctxt, &recv_tok);
1.121 markus 772:
1.197 djm 773: free(recv_tok.value);
1.121 markus 774:
775: if (GSS_ERROR(status)) {
776: /* Start again with the next method in the list */
777: userauth(authctxt, NULL);
778: return;
779: }
780: }
781:
1.169 djm 782: /* ARGSUSED */
1.121 markus 783: void
784: input_gssapi_errtok(int type, u_int32_t plen, void *ctxt)
785: {
786: Authctxt *authctxt = ctxt;
787: Gssctxt *gssctxt;
788: gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
789: gss_buffer_desc recv_tok;
1.194 djm 790: OM_uint32 ms;
1.123 deraadt 791: u_int len;
1.121 markus 792:
793: if (authctxt == NULL)
794: fatal("input_gssapi_response: no authentication context");
795: gssctxt = authctxt->methoddata;
796:
1.123 deraadt 797: recv_tok.value = packet_get_string(&len);
798: recv_tok.length = len;
1.121 markus 799:
800: packet_check_eom();
801:
802: /* Stick it into GSSAPI and see what it says */
1.194 djm 803: (void)ssh_gssapi_init_ctx(gssctxt, options.gss_deleg_creds,
1.140 djm 804: &recv_tok, &send_tok, NULL);
1.121 markus 805:
1.197 djm 806: free(recv_tok.value);
1.121 markus 807: gss_release_buffer(&ms, &send_tok);
808:
809: /* Server will be returning a failed packet after this one */
810: }
811:
1.169 djm 812: /* ARGSUSED */
1.121 markus 813: void
814: input_gssapi_error(int type, u_int32_t plen, void *ctxt)
815: {
816: char *msg;
817: char *lang;
818:
1.194 djm 819: /* maj */(void)packet_get_int();
820: /* min */(void)packet_get_int();
1.121 markus 821: msg=packet_get_string(NULL);
822: lang=packet_get_string(NULL);
823:
824: packet_check_eom();
825:
1.143 stevesk 826: debug("Server GSSAPI Error:\n%s", msg);
1.197 djm 827: free(msg);
828: free(lang);
1.121 markus 829: }
830: #endif /* GSSAPI */
1.20 markus 831:
1.1 markus 832: int
1.23 markus 833: userauth_none(Authctxt *authctxt)
834: {
835: /* initial userauth request */
836: packet_start(SSH2_MSG_USERAUTH_REQUEST);
837: packet_put_cstring(authctxt->server_user);
838: packet_put_cstring(authctxt->service);
839: packet_put_cstring(authctxt->method->name);
840: packet_send();
841: return 1;
842: }
843:
844: int
1.20 markus 845: userauth_passwd(Authctxt *authctxt)
1.1 markus 846: {
1.6 markus 847: static int attempt = 0;
1.99 markus 848: char prompt[150];
1.1 markus 849: char *password;
1.175 dtucker 850: const char *host = options.host_key_alias ? options.host_key_alias :
851: authctxt->host;
1.6 markus 852:
1.13 todd 853: if (attempt++ >= options.number_of_password_prompts)
1.6 markus 854: return 0;
1.13 todd 855:
1.87 deraadt 856: if (attempt != 1)
1.13 todd 857: error("Permission denied, please try again.");
1.1 markus 858:
1.43 itojun 859: snprintf(prompt, sizeof(prompt), "%.30s@%.128s's password: ",
1.175 dtucker 860: authctxt->server_user, host);
1.1 markus 861: password = read_passphrase(prompt, 0);
862: packet_start(SSH2_MSG_USERAUTH_REQUEST);
1.20 markus 863: packet_put_cstring(authctxt->server_user);
864: packet_put_cstring(authctxt->service);
1.23 markus 865: packet_put_cstring(authctxt->method->name);
1.1 markus 866: packet_put_char(0);
1.49 markus 867: packet_put_cstring(password);
1.204 djm 868: explicit_bzero(password, strlen(password));
1.197 djm 869: free(password);
1.85 markus 870: packet_add_padding(64);
1.1 markus 871: packet_send();
1.99 markus 872:
1.104 deraadt 873: dispatch_set(SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ,
1.99 markus 874: &input_userauth_passwd_changereq);
875:
1.1 markus 876: return 1;
877: }
1.169 djm 878:
1.99 markus 879: /*
880: * parse PASSWD_CHANGEREQ, prompt user and send SSH2_MSG_USERAUTH_REQUEST
881: */
1.169 djm 882: /* ARGSUSED */
1.99 markus 883: void
1.153 djm 884: input_userauth_passwd_changereq(int type, u_int32_t seqnr, void *ctxt)
1.99 markus 885: {
886: Authctxt *authctxt = ctxt;
887: char *info, *lang, *password = NULL, *retype = NULL;
888: char prompt[150];
1.175 dtucker 889: const char *host = options.host_key_alias ? options.host_key_alias :
890: authctxt->host;
1.99 markus 891:
892: debug2("input_userauth_passwd_changereq");
893:
894: if (authctxt == NULL)
895: fatal("input_userauth_passwd_changereq: "
896: "no authentication context");
897:
898: info = packet_get_string(NULL);
899: lang = packet_get_string(NULL);
900: if (strlen(info) > 0)
1.116 itojun 901: logit("%s", info);
1.197 djm 902: free(info);
903: free(lang);
1.99 markus 904: packet_start(SSH2_MSG_USERAUTH_REQUEST);
905: packet_put_cstring(authctxt->server_user);
906: packet_put_cstring(authctxt->service);
907: packet_put_cstring(authctxt->method->name);
908: packet_put_char(1); /* additional info */
1.104 deraadt 909: snprintf(prompt, sizeof(prompt),
1.99 markus 910: "Enter %.30s@%.128s's old password: ",
1.175 dtucker 911: authctxt->server_user, host);
1.99 markus 912: password = read_passphrase(prompt, 0);
913: packet_put_cstring(password);
1.204 djm 914: explicit_bzero(password, strlen(password));
1.197 djm 915: free(password);
1.99 markus 916: password = NULL;
917: while (password == NULL) {
1.104 deraadt 918: snprintf(prompt, sizeof(prompt),
1.99 markus 919: "Enter %.30s@%.128s's new password: ",
1.175 dtucker 920: authctxt->server_user, host);
1.99 markus 921: password = read_passphrase(prompt, RP_ALLOW_EOF);
922: if (password == NULL) {
923: /* bail out */
924: return;
925: }
1.104 deraadt 926: snprintf(prompt, sizeof(prompt),
1.99 markus 927: "Retype %.30s@%.128s's new password: ",
1.175 dtucker 928: authctxt->server_user, host);
1.99 markus 929: retype = read_passphrase(prompt, 0);
930: if (strcmp(password, retype) != 0) {
1.204 djm 931: explicit_bzero(password, strlen(password));
1.197 djm 932: free(password);
1.116 itojun 933: logit("Mismatch; try again, EOF to quit.");
1.99 markus 934: password = NULL;
935: }
1.204 djm 936: explicit_bzero(retype, strlen(retype));
1.197 djm 937: free(retype);
1.99 markus 938: }
939: packet_put_cstring(password);
1.204 djm 940: explicit_bzero(password, strlen(password));
1.197 djm 941: free(password);
1.99 markus 942: packet_add_padding(64);
943: packet_send();
1.104 deraadt 944:
945: dispatch_set(SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ,
1.99 markus 946: &input_userauth_passwd_changereq);
1.117 markus 947: }
948:
949: static int
950: identity_sign(Identity *id, u_char **sigp, u_int *lenp,
951: u_char *data, u_int datalen)
952: {
953: Key *prv;
954: int ret;
1.99 markus 955:
1.117 markus 956: /* the agent supports this key */
957: if (id->ac)
958: return (ssh_agent_sign(id->ac, id->key, sigp, lenp,
959: data, datalen));
960: /*
961: * we have already loaded the private key or
962: * the private key is stored in external hardware
963: */
964: if (id->isprivate || (id->key->flags & KEY_FLAG_EXT))
965: return (key_sign(id->key, sigp, lenp, data, datalen));
966: /* load the private key from the file */
1.191 dtucker 967: if ((prv = load_identity_file(id->filename, id->userprovided)) == NULL)
1.117 markus 968: return (-1);
969: ret = key_sign(prv, sigp, lenp, data, datalen);
970: key_free(prv);
971: return (ret);
1.51 markus 972: }
973:
1.76 itojun 974: static int
1.117 markus 975: sign_and_send_pubkey(Authctxt *authctxt, Identity *id)
1.1 markus 976: {
977: Buffer b;
1.32 markus 978: u_char *blob, *signature;
1.96 markus 979: u_int bloblen, slen;
1.120 markus 980: u_int skip = 0;
1.17 markus 981: int ret = -1;
1.23 markus 982: int have_sig = 1;
1.182 djm 983: char *fp;
1.1 markus 984:
1.182 djm 985: fp = key_fingerprint(id->key, SSH_FP_MD5, SSH_FP_HEX);
986: debug3("sign_and_send_pubkey: %s %s", key_type(id->key), fp);
1.197 djm 987: free(fp);
1.51 markus 988:
1.117 markus 989: if (key_to_blob(id->key, &blob, &bloblen) == 0) {
1.28 markus 990: /* we cannot handle this key */
1.30 markus 991: debug3("sign_and_send_pubkey: cannot handle key");
1.28 markus 992: return 0;
993: }
1.1 markus 994: /* data to be signed */
995: buffer_init(&b);
1.26 markus 996: if (datafellows & SSH_OLD_SESSIONID) {
997: buffer_append(&b, session_id2, session_id2_len);
1.41 stevesk 998: skip = session_id2_len;
1.26 markus 999: } else {
1.14 markus 1000: buffer_put_string(&b, session_id2, session_id2_len);
1001: skip = buffer_len(&b);
1002: }
1.1 markus 1003: buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
1.20 markus 1004: buffer_put_cstring(&b, authctxt->server_user);
1.10 markus 1005: buffer_put_cstring(&b,
1.30 markus 1006: datafellows & SSH_BUG_PKSERVICE ?
1.10 markus 1007: "ssh-userauth" :
1.20 markus 1008: authctxt->service);
1.30 markus 1009: if (datafellows & SSH_BUG_PKAUTH) {
1010: buffer_put_char(&b, have_sig);
1011: } else {
1012: buffer_put_cstring(&b, authctxt->method->name);
1013: buffer_put_char(&b, have_sig);
1.117 markus 1014: buffer_put_cstring(&b, key_ssh_name(id->key));
1.30 markus 1015: }
1.1 markus 1016: buffer_put_string(&b, blob, bloblen);
1017:
1018: /* generate signature */
1.117 markus 1019: ret = identity_sign(id, &signature, &slen,
1.51 markus 1020: buffer_ptr(&b), buffer_len(&b));
1.17 markus 1021: if (ret == -1) {
1.197 djm 1022: free(blob);
1.17 markus 1023: buffer_free(&b);
1024: return 0;
1025: }
1.28 markus 1026: #ifdef DEBUG_PK
1.1 markus 1027: buffer_dump(&b);
1028: #endif
1.30 markus 1029: if (datafellows & SSH_BUG_PKSERVICE) {
1.10 markus 1030: buffer_clear(&b);
1031: buffer_append(&b, session_id2, session_id2_len);
1.51 markus 1032: skip = session_id2_len;
1.10 markus 1033: buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
1.20 markus 1034: buffer_put_cstring(&b, authctxt->server_user);
1035: buffer_put_cstring(&b, authctxt->service);
1.23 markus 1036: buffer_put_cstring(&b, authctxt->method->name);
1037: buffer_put_char(&b, have_sig);
1.30 markus 1038: if (!(datafellows & SSH_BUG_PKAUTH))
1.117 markus 1039: buffer_put_cstring(&b, key_ssh_name(id->key));
1.10 markus 1040: buffer_put_string(&b, blob, bloblen);
1041: }
1.197 djm 1042: free(blob);
1.51 markus 1043:
1.1 markus 1044: /* append signature */
1045: buffer_put_string(&b, signature, slen);
1.197 djm 1046: free(signature);
1.1 markus 1047:
1048: /* skip session id and packet type */
1.14 markus 1049: if (buffer_len(&b) < skip + 1)
1.20 markus 1050: fatal("userauth_pubkey: internal error");
1.14 markus 1051: buffer_consume(&b, skip + 1);
1.1 markus 1052:
1053: /* put remaining data from buffer into packet */
1054: packet_start(SSH2_MSG_USERAUTH_REQUEST);
1055: packet_put_raw(buffer_ptr(&b), buffer_len(&b));
1056: buffer_free(&b);
1057: packet_send();
1.17 markus 1058:
1059: return 1;
1.16 markus 1060: }
1061:
1.76 itojun 1062: static int
1.117 markus 1063: send_pubkey_test(Authctxt *authctxt, Identity *id)
1.20 markus 1064: {
1.51 markus 1065: u_char *blob;
1.97 markus 1066: u_int bloblen, have_sig = 0;
1.20 markus 1067:
1.51 markus 1068: debug3("send_pubkey_test");
1.16 markus 1069:
1.117 markus 1070: if (key_to_blob(id->key, &blob, &bloblen) == 0) {
1.51 markus 1071: /* we cannot handle this key */
1072: debug3("send_pubkey_test: cannot handle key");
1.16 markus 1073: return 0;
1074: }
1.51 markus 1075: /* register callback for USERAUTH_PK_OK message */
1076: dispatch_set(SSH2_MSG_USERAUTH_PK_OK, &input_userauth_pk_ok);
1077:
1078: packet_start(SSH2_MSG_USERAUTH_REQUEST);
1079: packet_put_cstring(authctxt->server_user);
1080: packet_put_cstring(authctxt->service);
1081: packet_put_cstring(authctxt->method->name);
1082: packet_put_char(have_sig);
1083: if (!(datafellows & SSH_BUG_PKAUTH))
1.117 markus 1084: packet_put_cstring(key_ssh_name(id->key));
1.51 markus 1085: packet_put_string(blob, bloblen);
1.197 djm 1086: free(blob);
1.51 markus 1087: packet_send();
1088: return 1;
1089: }
1090:
1.76 itojun 1091: static Key *
1.191 dtucker 1092: load_identity_file(char *filename, int userprovided)
1.51 markus 1093: {
1094: Key *private;
1095: char prompt[300], *passphrase;
1.178 dtucker 1096: int perm_ok = 0, quit, i;
1.52 markus 1097: struct stat st;
1.16 markus 1098:
1.52 markus 1099: if (stat(filename, &st) < 0) {
1.191 dtucker 1100: (userprovided ? logit : debug3)("no such identity: %s: %s",
1101: filename, strerror(errno));
1.52 markus 1102: return NULL;
1103: }
1.152 dtucker 1104: private = key_load_private_type(KEY_UNSPEC, filename, "", NULL, &perm_ok);
1.198 dtucker 1105: if (!perm_ok) {
1106: if (private != NULL)
1107: key_free(private);
1.152 dtucker 1108: return NULL;
1.198 dtucker 1109: }
1.56 markus 1110: if (private == NULL) {
1111: if (options.batch_mode)
1.51 markus 1112: return NULL;
1.16 markus 1113: snprintf(prompt, sizeof prompt,
1.88 deraadt 1114: "Enter passphrase for key '%.100s': ", filename);
1.20 markus 1115: for (i = 0; i < options.number_of_password_prompts; i++) {
1116: passphrase = read_passphrase(prompt, 0);
1117: if (strcmp(passphrase, "") != 0) {
1.152 dtucker 1118: private = key_load_private_type(KEY_UNSPEC,
1119: filename, passphrase, NULL, NULL);
1.51 markus 1120: quit = 0;
1.20 markus 1121: } else {
1122: debug2("no passphrase given, try next key");
1.51 markus 1123: quit = 1;
1.20 markus 1124: }
1.204 djm 1125: explicit_bzero(passphrase, strlen(passphrase));
1.197 djm 1126: free(passphrase);
1.56 markus 1127: if (private != NULL || quit)
1.20 markus 1128: break;
1129: debug2("bad passphrase given, try again...");
1.16 markus 1130: }
1131: }
1.51 markus 1132: return private;
1133: }
1134:
1.117 markus 1135: /*
1136: * try keys in the following order:
1137: * 1. agent keys that are found in the config file
1138: * 2. other agent keys
1139: * 3. keys that are only listed in the config file
1140: */
1141: static void
1142: pubkey_prepare(Authctxt *authctxt)
1.51 markus 1143: {
1.190 djm 1144: Identity *id, *id2, *tmp;
1.117 markus 1145: Idlist agent, files, *preferred;
1146: Key *key;
1147: AuthenticationConnection *ac;
1148: char *comment;
1149: int i, found;
1.51 markus 1150:
1.117 markus 1151: TAILQ_INIT(&agent); /* keys from the agent */
1152: TAILQ_INIT(&files); /* keys from the config file */
1153: preferred = &authctxt->keys;
1154: TAILQ_INIT(preferred); /* preferred order of keys */
1155:
1.190 djm 1156: /* list of keys stored in the filesystem and PKCS#11 */
1.117 markus 1157: for (i = 0; i < options.num_identity_files; i++) {
1158: key = options.identity_keys[i];
1159: if (key && key->type == KEY_RSA1)
1.180 djm 1160: continue;
1161: if (key && key->cert && key->cert->type != SSH2_CERT_TYPE_USER)
1.117 markus 1162: continue;
1163: options.identity_keys[i] = NULL;
1.150 djm 1164: id = xcalloc(1, sizeof(*id));
1.117 markus 1165: id->key = key;
1166: id->filename = xstrdup(options.identity_files[i]);
1.192 dtucker 1167: id->userprovided = options.identity_file_userprovided[i];
1.117 markus 1168: TAILQ_INSERT_TAIL(&files, id, next);
1.190 djm 1169: }
1170: /* Prefer PKCS11 keys that are explicitly listed */
1171: TAILQ_FOREACH_SAFE(id, &files, next, tmp) {
1172: if (id->key == NULL || (id->key->flags & KEY_FLAG_EXT) == 0)
1173: continue;
1174: found = 0;
1175: TAILQ_FOREACH(id2, &files, next) {
1176: if (id2->key == NULL ||
1177: (id2->key->flags & KEY_FLAG_EXT) != 0)
1178: continue;
1179: if (key_equal(id->key, id2->key)) {
1180: TAILQ_REMOVE(&files, id, next);
1181: TAILQ_INSERT_TAIL(preferred, id, next);
1182: found = 1;
1183: break;
1184: }
1185: }
1186: /* If IdentitiesOnly set and key not found then don't use it */
1187: if (!found && options.identities_only) {
1188: TAILQ_REMOVE(&files, id, next);
1.203 tedu 1189: explicit_bzero(id, sizeof(*id));
1.190 djm 1190: free(id);
1191: }
1.117 markus 1192: }
1193: /* list of keys supported by the agent */
1194: if ((ac = ssh_get_authentication_connection())) {
1195: for (key = ssh_get_first_identity(ac, &comment, 2);
1196: key != NULL;
1197: key = ssh_get_next_identity(ac, &comment, 2)) {
1198: found = 0;
1199: TAILQ_FOREACH(id, &files, next) {
1.133 djm 1200: /* agent keys from the config file are preferred */
1.117 markus 1201: if (key_equal(key, id->key)) {
1202: key_free(key);
1.197 djm 1203: free(comment);
1.117 markus 1204: TAILQ_REMOVE(&files, id, next);
1205: TAILQ_INSERT_TAIL(preferred, id, next);
1206: id->ac = ac;
1207: found = 1;
1208: break;
1209: }
1210: }
1.135 markus 1211: if (!found && !options.identities_only) {
1.150 djm 1212: id = xcalloc(1, sizeof(*id));
1.117 markus 1213: id->key = key;
1214: id->filename = comment;
1215: id->ac = ac;
1216: TAILQ_INSERT_TAIL(&agent, id, next);
1217: }
1218: }
1219: /* append remaining agent keys */
1220: for (id = TAILQ_FIRST(&agent); id; id = TAILQ_FIRST(&agent)) {
1221: TAILQ_REMOVE(&agent, id, next);
1222: TAILQ_INSERT_TAIL(preferred, id, next);
1223: }
1224: authctxt->agent = ac;
1225: }
1226: /* append remaining keys from the config file */
1227: for (id = TAILQ_FIRST(&files); id; id = TAILQ_FIRST(&files)) {
1228: TAILQ_REMOVE(&files, id, next);
1229: TAILQ_INSERT_TAIL(preferred, id, next);
1230: }
1231: TAILQ_FOREACH(id, preferred, next) {
1.191 dtucker 1232: debug2("key: %s (%p),%s", id->filename, id->key,
1233: id->userprovided ? " explicit" : "");
1.117 markus 1234: }
1.17 markus 1235: }
1236:
1.117 markus 1237: static void
1238: pubkey_cleanup(Authctxt *authctxt)
1.51 markus 1239: {
1.117 markus 1240: Identity *id;
1.51 markus 1241:
1.117 markus 1242: if (authctxt->agent != NULL)
1243: ssh_close_authentication_connection(authctxt->agent);
1244: for (id = TAILQ_FIRST(&authctxt->keys); id;
1245: id = TAILQ_FIRST(&authctxt->keys)) {
1246: TAILQ_REMOVE(&authctxt->keys, id, next);
1247: if (id->key)
1248: key_free(id->key);
1.197 djm 1249: free(id->filename);
1250: free(id);
1.117 markus 1251: }
1.1 markus 1252: }
1253:
1.20 markus 1254: int
1255: userauth_pubkey(Authctxt *authctxt)
1256: {
1.117 markus 1257: Identity *id;
1.20 markus 1258: int sent = 0;
1259:
1.117 markus 1260: while ((id = TAILQ_FIRST(&authctxt->keys))) {
1261: if (id->tried++)
1262: return (0);
1.127 markus 1263: /* move key to the end of the queue */
1.117 markus 1264: TAILQ_REMOVE(&authctxt->keys, id, next);
1265: TAILQ_INSERT_TAIL(&authctxt->keys, id, next);
1266: /*
1267: * send a test message if we have the public key. for
1268: * encrypted keys we cannot do this and have to load the
1269: * private key instead
1270: */
1.200 djm 1271: if (id->key != NULL) {
1272: if (key_type_plain(id->key->type) == KEY_RSA &&
1273: (datafellows & SSH_BUG_RSASIGMD5) != 0) {
1274: debug("Skipped %s key %s for RSA/MD5 server",
1275: key_type(id->key), id->filename);
1276: } else if (id->key->type != KEY_RSA1) {
1277: debug("Offering %s public key: %s",
1278: key_type(id->key), id->filename);
1279: sent = send_pubkey_test(authctxt, id);
1280: }
1281: } else {
1.117 markus 1282: debug("Trying private key: %s", id->filename);
1.191 dtucker 1283: id->key = load_identity_file(id->filename,
1284: id->userprovided);
1.117 markus 1285: if (id->key != NULL) {
1286: id->isprivate = 1;
1.200 djm 1287: if (key_type_plain(id->key->type) == KEY_RSA &&
1288: (datafellows & SSH_BUG_RSASIGMD5) != 0) {
1289: debug("Skipped %s key %s for RSA/MD5 "
1290: "server", key_type(id->key),
1291: id->filename);
1292: } else {
1293: sent = sign_and_send_pubkey(
1294: authctxt, id);
1295: }
1.117 markus 1296: key_free(id->key);
1297: id->key = NULL;
1.51 markus 1298: }
1299: }
1.117 markus 1300: if (sent)
1301: return (sent);
1.28 markus 1302: }
1.117 markus 1303: return (0);
1.20 markus 1304: }
1305:
1.23 markus 1306: /*
1307: * Send userauth request message specifying keyboard-interactive method.
1308: */
1309: int
1310: userauth_kbdint(Authctxt *authctxt)
1311: {
1312: static int attempt = 0;
1313:
1314: if (attempt++ >= options.number_of_password_prompts)
1315: return 0;
1.82 markus 1316: /* disable if no SSH2_MSG_USERAUTH_INFO_REQUEST has been seen */
1317: if (attempt > 1 && !authctxt->info_req_seen) {
1318: debug3("userauth_kbdint: disable: no info_req_seen");
1319: dispatch_set(SSH2_MSG_USERAUTH_INFO_REQUEST, NULL);
1320: return 0;
1321: }
1.23 markus 1322:
1323: debug2("userauth_kbdint");
1324: packet_start(SSH2_MSG_USERAUTH_REQUEST);
1325: packet_put_cstring(authctxt->server_user);
1326: packet_put_cstring(authctxt->service);
1327: packet_put_cstring(authctxt->method->name);
1328: packet_put_cstring(""); /* lang */
1329: packet_put_cstring(options.kbd_interactive_devices ?
1330: options.kbd_interactive_devices : "");
1331: packet_send();
1332:
1333: dispatch_set(SSH2_MSG_USERAUTH_INFO_REQUEST, &input_userauth_info_req);
1334: return 1;
1335: }
1336:
1337: /*
1.46 markus 1338: * parse INFO_REQUEST, prompt user and send INFO_RESPONSE
1.23 markus 1339: */
1340: void
1.92 markus 1341: input_userauth_info_req(int type, u_int32_t seq, void *ctxt)
1.23 markus 1342: {
1343: Authctxt *authctxt = ctxt;
1.46 markus 1344: char *name, *inst, *lang, *prompt, *response;
1.32 markus 1345: u_int num_prompts, i;
1.23 markus 1346: int echo = 0;
1347:
1348: debug2("input_userauth_info_req");
1349:
1350: if (authctxt == NULL)
1351: fatal("input_userauth_info_req: no authentication context");
1.82 markus 1352:
1353: authctxt->info_req_seen = 1;
1.23 markus 1354:
1355: name = packet_get_string(NULL);
1356: inst = packet_get_string(NULL);
1357: lang = packet_get_string(NULL);
1358: if (strlen(name) > 0)
1.116 itojun 1359: logit("%s", name);
1.23 markus 1360: if (strlen(inst) > 0)
1.116 itojun 1361: logit("%s", inst);
1.197 djm 1362: free(name);
1363: free(inst);
1364: free(lang);
1.23 markus 1365:
1366: num_prompts = packet_get_int();
1367: /*
1368: * Begin to build info response packet based on prompts requested.
1369: * We commit to providing the correct number of responses, so if
1370: * further on we run into a problem that prevents this, we have to
1371: * be sure and clean this up and send a correct error response.
1372: */
1373: packet_start(SSH2_MSG_USERAUTH_INFO_RESPONSE);
1374: packet_put_int(num_prompts);
1375:
1.73 markus 1376: debug2("input_userauth_info_req: num_prompts %d", num_prompts);
1.23 markus 1377: for (i = 0; i < num_prompts; i++) {
1378: prompt = packet_get_string(NULL);
1379: echo = packet_get_char();
1380:
1.77 markus 1381: response = read_passphrase(prompt, echo ? RP_ECHO : 0);
1.23 markus 1382:
1.49 markus 1383: packet_put_cstring(response);
1.204 djm 1384: explicit_bzero(response, strlen(response));
1.197 djm 1385: free(response);
1386: free(prompt);
1.23 markus 1387: }
1.90 markus 1388: packet_check_eom(); /* done with parsing incoming message. */
1.23 markus 1389:
1.85 markus 1390: packet_add_padding(64);
1.23 markus 1391: packet_send();
1.68 markus 1392: }
1393:
1.100 markus 1394: static int
1.105 deraadt 1395: ssh_keysign(Key *key, u_char **sigp, u_int *lenp,
1.100 markus 1396: u_char *data, u_int datalen)
1397: {
1398: Buffer b;
1.101 markus 1399: struct stat st;
1.100 markus 1400: pid_t pid;
1.103 markus 1401: int to[2], from[2], status, version = 2;
1.100 markus 1402:
1.109 markus 1403: debug2("ssh_keysign called");
1.100 markus 1404:
1.101 markus 1405: if (stat(_PATH_SSH_KEY_SIGN, &st) < 0) {
1.179 dtucker 1406: error("ssh_keysign: not installed: %s", strerror(errno));
1.101 markus 1407: return -1;
1408: }
1.100 markus 1409: if (fflush(stdout) != 0)
1410: error("ssh_keysign: fflush: %s", strerror(errno));
1411: if (pipe(to) < 0) {
1412: error("ssh_keysign: pipe: %s", strerror(errno));
1413: return -1;
1414: }
1415: if (pipe(from) < 0) {
1416: error("ssh_keysign: pipe: %s", strerror(errno));
1417: return -1;
1418: }
1419: if ((pid = fork()) < 0) {
1420: error("ssh_keysign: fork: %s", strerror(errno));
1421: return -1;
1422: }
1423: if (pid == 0) {
1.174 dtucker 1424: /* keep the socket on exec */
1425: fcntl(packet_get_connection_in(), F_SETFD, 0);
1.155 markus 1426: permanently_drop_suid(getuid());
1.100 markus 1427: close(from[0]);
1428: if (dup2(from[1], STDOUT_FILENO) < 0)
1429: fatal("ssh_keysign: dup2: %s", strerror(errno));
1430: close(to[1]);
1431: if (dup2(to[0], STDIN_FILENO) < 0)
1432: fatal("ssh_keysign: dup2: %s", strerror(errno));
1.103 markus 1433: close(from[1]);
1434: close(to[0]);
1.102 markus 1435: execl(_PATH_SSH_KEY_SIGN, _PATH_SSH_KEY_SIGN, (char *) 0);
1.100 markus 1436: fatal("ssh_keysign: exec(%s): %s", _PATH_SSH_KEY_SIGN,
1437: strerror(errno));
1438: }
1439: close(from[1]);
1440: close(to[0]);
1441:
1442: buffer_init(&b);
1.103 markus 1443: buffer_put_int(&b, packet_get_connection_in()); /* send # of socket */
1.100 markus 1444: buffer_put_string(&b, data, datalen);
1.131 djm 1445: if (ssh_msg_send(to[1], version, &b) == -1)
1446: fatal("ssh_keysign: couldn't send request");
1.100 markus 1447:
1.110 djm 1448: if (ssh_msg_recv(from[0], &b) < 0) {
1.101 markus 1449: error("ssh_keysign: no reply");
1.134 markus 1450: buffer_free(&b);
1.100 markus 1451: return -1;
1452: }
1.101 markus 1453: close(from[0]);
1454: close(to[1]);
1455:
1.103 markus 1456: while (waitpid(pid, &status, 0) < 0)
1457: if (errno != EINTR)
1458: break;
1.101 markus 1459:
1.100 markus 1460: if (buffer_get_char(&b) != version) {
1.101 markus 1461: error("ssh_keysign: bad version");
1.134 markus 1462: buffer_free(&b);
1.100 markus 1463: return -1;
1464: }
1465: *sigp = buffer_get_string(&b, lenp);
1.134 markus 1466: buffer_free(&b);
1.100 markus 1467:
1468: return 0;
1469: }
1470:
1.68 markus 1471: int
1472: userauth_hostbased(Authctxt *authctxt)
1473: {
1474: Key *private = NULL;
1.100 markus 1475: Sensitive *sensitive = authctxt->sensitive;
1.68 markus 1476: Buffer b;
1477: u_char *signature, *blob;
1.179 dtucker 1478: char *chost, *pkalg, *p;
1.72 markus 1479: const char *service;
1.68 markus 1480: u_int blen, slen;
1.176 dtucker 1481: int ok, i, found = 0;
1.68 markus 1482:
1483: /* check for a useful key */
1.100 markus 1484: for (i = 0; i < sensitive->nkeys; i++) {
1485: private = sensitive->keys[i];
1.68 markus 1486: if (private && private->type != KEY_RSA1) {
1487: found = 1;
1488: /* we take and free the key */
1.100 markus 1489: sensitive->keys[i] = NULL;
1.68 markus 1490: break;
1491: }
1492: }
1493: if (!found) {
1.109 markus 1494: debug("No more client hostkeys for hostbased authentication.");
1.68 markus 1495: return 0;
1496: }
1497: if (key_to_blob(private, &blob, &blen) == 0) {
1498: key_free(private);
1499: return 0;
1500: }
1.84 markus 1501: /* figure out a name for the client host */
1.179 dtucker 1502: p = get_local_name(packet_get_connection_in());
1.84 markus 1503: if (p == NULL) {
1504: error("userauth_hostbased: cannot get local ipaddr/name");
1505: key_free(private);
1.197 djm 1506: free(blob);
1.84 markus 1507: return 0;
1508: }
1.150 djm 1509: xasprintf(&chost, "%s.", p);
1.84 markus 1510: debug2("userauth_hostbased: chost %s", chost);
1.197 djm 1511: free(p);
1.84 markus 1512:
1.72 markus 1513: service = datafellows & SSH_BUG_HBSERVICE ? "ssh-userauth" :
1514: authctxt->service;
1.68 markus 1515: pkalg = xstrdup(key_ssh_name(private));
1516: buffer_init(&b);
1517: /* construct data */
1.72 markus 1518: buffer_put_string(&b, session_id2, session_id2_len);
1.68 markus 1519: buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
1520: buffer_put_cstring(&b, authctxt->server_user);
1.72 markus 1521: buffer_put_cstring(&b, service);
1.68 markus 1522: buffer_put_cstring(&b, authctxt->method->name);
1523: buffer_put_cstring(&b, pkalg);
1524: buffer_put_string(&b, blob, blen);
1525: buffer_put_cstring(&b, chost);
1526: buffer_put_cstring(&b, authctxt->local_user);
1527: #ifdef DEBUG_PK
1528: buffer_dump(&b);
1529: #endif
1.100 markus 1530: if (sensitive->external_keysign)
1531: ok = ssh_keysign(private, &signature, &slen,
1532: buffer_ptr(&b), buffer_len(&b));
1533: else
1534: ok = key_sign(private, &signature, &slen,
1535: buffer_ptr(&b), buffer_len(&b));
1.68 markus 1536: key_free(private);
1537: buffer_free(&b);
1538: if (ok != 0) {
1539: error("key_sign failed");
1.197 djm 1540: free(chost);
1541: free(pkalg);
1542: free(blob);
1.68 markus 1543: return 0;
1544: }
1545: packet_start(SSH2_MSG_USERAUTH_REQUEST);
1546: packet_put_cstring(authctxt->server_user);
1547: packet_put_cstring(authctxt->service);
1548: packet_put_cstring(authctxt->method->name);
1549: packet_put_cstring(pkalg);
1550: packet_put_string(blob, blen);
1551: packet_put_cstring(chost);
1552: packet_put_cstring(authctxt->local_user);
1553: packet_put_string(signature, slen);
1.204 djm 1554: explicit_bzero(signature, slen);
1.197 djm 1555: free(signature);
1556: free(chost);
1557: free(pkalg);
1558: free(blob);
1.68 markus 1559:
1560: packet_send();
1561: return 1;
1.23 markus 1562: }
1.170 djm 1563:
1.20 markus 1564: /* find auth method */
1565:
1566: /*
1567: * given auth method name, if configurable options permit this method fill
1568: * in auth_ident field and return true, otherwise return false.
1569: */
1.76 itojun 1570: static int
1.20 markus 1571: authmethod_is_enabled(Authmethod *method)
1572: {
1573: if (method == NULL)
1574: return 0;
1575: /* return false if options indicate this method is disabled */
1576: if (method->enabled == NULL || *method->enabled == 0)
1577: return 0;
1578: /* return false if batch mode is enabled but method needs interactive mode */
1579: if (method->batch_flag != NULL && *method->batch_flag != 0)
1580: return 0;
1581: return 1;
1582: }
1583:
1.76 itojun 1584: static Authmethod *
1.20 markus 1585: authmethod_lookup(const char *name)
1.1 markus 1586: {
1.20 markus 1587: Authmethod *method = NULL;
1588: if (name != NULL)
1589: for (method = authmethods; method->name != NULL; method++)
1590: if (strcmp(name, method->name) == 0)
1591: return method;
1592: debug2("Unrecognized authentication method name: %s", name ? name : "NULL");
1593: return NULL;
1594: }
1.1 markus 1595:
1.53 markus 1596: /* XXX internal state */
1597: static Authmethod *current = NULL;
1598: static char *supported = NULL;
1599: static char *preferred = NULL;
1.105 deraadt 1600:
1.20 markus 1601: /*
1602: * Given the authentication method list sent by the server, return the
1603: * next method we should try. If the server initially sends a nil list,
1.67 markus 1604: * use a built-in default list.
1.41 stevesk 1605: */
1.76 itojun 1606: static Authmethod *
1.20 markus 1607: authmethod_get(char *authlist)
1608: {
1.53 markus 1609: char *name = NULL;
1.97 markus 1610: u_int next;
1.41 stevesk 1611:
1.20 markus 1612: /* Use a suitable default if we're passed a nil list. */
1613: if (authlist == NULL || strlen(authlist) == 0)
1.53 markus 1614: authlist = options.preferred_authentications;
1.20 markus 1615:
1.53 markus 1616: if (supported == NULL || strcmp(authlist, supported) != 0) {
1617: debug3("start over, passed a different list %s", authlist);
1.197 djm 1618: free(supported);
1.53 markus 1619: supported = xstrdup(authlist);
1620: preferred = options.preferred_authentications;
1621: debug3("preferred %s", preferred);
1622: current = NULL;
1623: } else if (current != NULL && authmethod_is_enabled(current))
1624: return current;
1.20 markus 1625:
1.53 markus 1626: for (;;) {
1627: if ((name = match_list(preferred, supported, &next)) == NULL) {
1.109 markus 1628: debug("No more authentication methods to try.");
1.53 markus 1629: current = NULL;
1630: return NULL;
1631: }
1632: preferred += next;
1.23 markus 1633: debug3("authmethod_lookup %s", name);
1.53 markus 1634: debug3("remaining preferred: %s", preferred);
1635: if ((current = authmethod_lookup(name)) != NULL &&
1636: authmethod_is_enabled(current)) {
1.23 markus 1637: debug3("authmethod_is_enabled %s", name);
1.109 markus 1638: debug("Next authentication method: %s", name);
1.197 djm 1639: free(name);
1.53 markus 1640: return current;
1.23 markus 1641: }
1.198 dtucker 1642: free(name);
1.1 markus 1643: }
1.53 markus 1644: }
1.1 markus 1645:
1.79 stevesk 1646: static char *
1.53 markus 1647: authmethods_get(void)
1648: {
1649: Authmethod *method = NULL;
1.93 markus 1650: Buffer b;
1651: char *list;
1.27 provos 1652:
1.93 markus 1653: buffer_init(&b);
1.53 markus 1654: for (method = authmethods; method->name != NULL; method++) {
1655: if (authmethod_is_enabled(method)) {
1.93 markus 1656: if (buffer_len(&b) > 0)
1657: buffer_append(&b, ",", 1);
1658: buffer_append(&b, method->name, strlen(method->name));
1.53 markus 1659: }
1660: }
1.93 markus 1661: buffer_append(&b, "\0", 1);
1662: list = xstrdup(buffer_ptr(&b));
1663: buffer_free(&b);
1664: return list;
1.1 markus 1665: }
1.170 djm 1666: