Annotation of src/usr.bin/ssh/sshconnect2.c, Revision 1.28
1.1 markus 1: /*
2: * Copyright (c) 2000 Markus Friedl. All rights reserved.
3: *
4: * Redistribution and use in source and binary forms, with or without
5: * modification, are permitted provided that the following conditions
6: * are met:
7: * 1. Redistributions of source code must retain the above copyright
8: * notice, this list of conditions and the following disclaimer.
9: * 2. Redistributions in binary form must reproduce the above copyright
10: * notice, this list of conditions and the following disclaimer in the
11: * documentation and/or other materials provided with the distribution.
12: *
13: * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
14: * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
15: * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
16: * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
17: * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
18: * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
19: * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
20: * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
21: * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
22: * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
23: */
24:
25: #include "includes.h"
1.28 ! markus 26: RCSID("$OpenBSD: sshconnect2.c,v 1.27 2000/10/19 16:45:16 provos Exp $");
1.1 markus 27:
28: #include <openssl/bn.h>
29: #include <openssl/rsa.h>
30: #include <openssl/dsa.h>
31: #include <openssl/md5.h>
32: #include <openssl/dh.h>
33: #include <openssl/hmac.h>
34:
35: #include "ssh.h"
36: #include "xmalloc.h"
37: #include "rsa.h"
38: #include "buffer.h"
39: #include "packet.h"
40: #include "uidswap.h"
41: #include "compat.h"
42: #include "readconf.h"
43: #include "bufaux.h"
44: #include "ssh2.h"
45: #include "kex.h"
46: #include "myproposal.h"
47: #include "key.h"
48: #include "sshconnect.h"
49: #include "authfile.h"
1.23 markus 50: #include "cli.h"
1.20 markus 51: #include "dispatch.h"
1.17 markus 52: #include "authfd.h"
1.1 markus 53:
1.22 provos 54: void ssh_dh1_client(Kex *, char *, struct sockaddr *, Buffer *, Buffer *);
55: void ssh_dhgex_client(Kex *, char *, struct sockaddr *, Buffer *, Buffer *);
56:
1.1 markus 57: /* import */
58: extern char *client_version_string;
59: extern char *server_version_string;
60: extern Options options;
61:
62: /*
63: * SSH2 key exchange
64: */
65:
66: unsigned char *session_id2 = NULL;
67: int session_id2_len = 0;
68:
69: void
1.22 provos 70: ssh_kex2(char *host, struct sockaddr *hostaddr)
71: {
72: int i, plen;
73: Kex *kex;
74: Buffer *client_kexinit, *server_kexinit;
75: char *sprop[PROPOSAL_MAX];
76:
1.24 markus 77: if (options.ciphers == NULL) {
78: if (options.cipher == SSH_CIPHER_3DES) {
79: options.ciphers = "3des-cbc";
80: } else if (options.cipher == SSH_CIPHER_BLOWFISH) {
81: options.ciphers = "blowfish-cbc";
1.25 markus 82: } else if (options.cipher == SSH_CIPHER_DES) {
83: fatal("cipher DES not supported for protocol version 2");
1.24 markus 84: }
85: }
1.22 provos 86: if (options.ciphers != NULL) {
87: myproposal[PROPOSAL_ENC_ALGS_CTOS] =
88: myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers;
89: }
90: if (options.compression) {
91: myproposal[PROPOSAL_COMP_ALGS_CTOS] = "zlib";
92: myproposal[PROPOSAL_COMP_ALGS_STOC] = "zlib";
93: } else {
94: myproposal[PROPOSAL_COMP_ALGS_CTOS] = "none";
95: myproposal[PROPOSAL_COMP_ALGS_STOC] = "none";
96: }
97:
98: /* buffers with raw kexinit messages */
99: server_kexinit = xmalloc(sizeof(*server_kexinit));
100: buffer_init(server_kexinit);
101: client_kexinit = kex_init(myproposal);
102:
103: /* algorithm negotiation */
104: kex_exchange_kexinit(client_kexinit, server_kexinit, sprop);
105: kex = kex_choose_conf(myproposal, sprop, 0);
106: for (i = 0; i < PROPOSAL_MAX; i++)
107: xfree(sprop[i]);
108:
109: /* server authentication and session key agreement */
110: switch(kex->kex_type) {
111: case DH_GRP1_SHA1:
112: ssh_dh1_client(kex, host, hostaddr,
113: client_kexinit, server_kexinit);
114: break;
115: case DH_GEX_SHA1:
116: ssh_dhgex_client(kex, host, hostaddr, client_kexinit,
117: server_kexinit);
118: break;
119: default:
120: fatal("Unsupported key exchange %d", kex->kex_type);
121: }
122:
123: buffer_free(client_kexinit);
124: buffer_free(server_kexinit);
125: xfree(client_kexinit);
126: xfree(server_kexinit);
127:
128: debug("Wait SSH2_MSG_NEWKEYS.");
129: packet_read_expect(&plen, SSH2_MSG_NEWKEYS);
130: packet_done();
131: debug("GOT SSH2_MSG_NEWKEYS.");
132:
133: debug("send SSH2_MSG_NEWKEYS.");
134: packet_start(SSH2_MSG_NEWKEYS);
135: packet_send();
136: packet_write_wait();
137: debug("done: send SSH2_MSG_NEWKEYS.");
138:
139: #ifdef DEBUG_KEXDH
140: /* send 1st encrypted/maced/compressed message */
141: packet_start(SSH2_MSG_IGNORE);
142: packet_put_cstring("markus");
143: packet_send();
144: packet_write_wait();
145: #endif
146: debug("done: KEX2.");
147: }
148:
149: /* diffie-hellman-group1-sha1 */
150:
151: void
152: ssh_dh1_client(Kex *kex, char *host, struct sockaddr *hostaddr,
153: Buffer *client_kexinit, Buffer *server_kexinit)
1.1 markus 154: {
1.19 markus 155: #ifdef DEBUG_KEXDH
156: int i;
157: #endif
1.11 markus 158: int plen, dlen;
1.1 markus 159: unsigned int klen, kout;
160: char *signature = NULL;
161: unsigned int slen;
162: char *server_host_key_blob = NULL;
163: Key *server_host_key;
164: unsigned int sbloblen;
165: DH *dh;
166: BIGNUM *dh_server_pub = 0;
167: BIGNUM *shared_secret = 0;
168: unsigned char *kbuf;
169: unsigned char *hash;
170:
171: debug("Sending SSH2_MSG_KEXDH_INIT.");
172: /* generate and send 'e', client DH public key */
173: dh = dh_new_group1();
174: packet_start(SSH2_MSG_KEXDH_INIT);
175: packet_put_bignum2(dh->pub_key);
176: packet_send();
177: packet_write_wait();
178:
179: #ifdef DEBUG_KEXDH
180: fprintf(stderr, "\np= ");
1.19 markus 181: BN_print_fp(stderr, dh->p);
1.1 markus 182: fprintf(stderr, "\ng= ");
1.19 markus 183: BN_print_fp(stderr, dh->g);
1.1 markus 184: fprintf(stderr, "\npub= ");
1.19 markus 185: BN_print_fp(stderr, dh->pub_key);
1.1 markus 186: fprintf(stderr, "\n");
187: DHparams_print_fp(stderr, dh);
188: #endif
189:
190: debug("Wait SSH2_MSG_KEXDH_REPLY.");
191:
1.11 markus 192: packet_read_expect(&plen, SSH2_MSG_KEXDH_REPLY);
1.1 markus 193:
194: debug("Got SSH2_MSG_KEXDH_REPLY.");
195:
196: /* key, cert */
197: server_host_key_blob = packet_get_string(&sbloblen);
1.28 ! markus 198: server_host_key = key_from_blob(server_host_key_blob, sbloblen);
1.1 markus 199: if (server_host_key == NULL)
200: fatal("cannot decode server_host_key_blob");
201:
202: check_host_key(host, hostaddr, server_host_key,
1.22 provos 203: options.user_hostfile2, options.system_hostfile2);
1.1 markus 204:
205: /* DH paramter f, server public DH key */
206: dh_server_pub = BN_new();
207: if (dh_server_pub == NULL)
208: fatal("dh_server_pub == NULL");
209: packet_get_bignum2(dh_server_pub, &dlen);
210:
211: #ifdef DEBUG_KEXDH
212: fprintf(stderr, "\ndh_server_pub= ");
1.19 markus 213: BN_print_fp(stderr, dh_server_pub);
1.1 markus 214: fprintf(stderr, "\n");
215: debug("bits %d", BN_num_bits(dh_server_pub));
216: #endif
217:
218: /* signed H */
219: signature = packet_get_string(&slen);
220: packet_done();
221:
222: if (!dh_pub_is_valid(dh, dh_server_pub))
223: packet_disconnect("bad server public DH value");
224:
225: klen = DH_size(dh);
226: kbuf = xmalloc(klen);
227: kout = DH_compute_key(kbuf, dh_server_pub, dh);
228: #ifdef DEBUG_KEXDH
229: debug("shared secret: len %d/%d", klen, kout);
230: fprintf(stderr, "shared secret == ");
231: for (i = 0; i< kout; i++)
232: fprintf(stderr, "%02x", (kbuf[i])&0xff);
233: fprintf(stderr, "\n");
234: #endif
235: shared_secret = BN_new();
236:
237: BN_bin2bn(kbuf, kout, shared_secret);
238: memset(kbuf, 0, klen);
239: xfree(kbuf);
240:
241: /* calc and verify H */
242: hash = kex_hash(
243: client_version_string,
244: server_version_string,
245: buffer_ptr(client_kexinit), buffer_len(client_kexinit),
246: buffer_ptr(server_kexinit), buffer_len(server_kexinit),
247: server_host_key_blob, sbloblen,
248: dh->pub_key,
249: dh_server_pub,
250: shared_secret
251: );
1.3 markus 252: xfree(server_host_key_blob);
1.11 markus 253: DH_free(dh);
1.1 markus 254: #ifdef DEBUG_KEXDH
255: fprintf(stderr, "hash == ");
256: for (i = 0; i< 20; i++)
257: fprintf(stderr, "%02x", (hash[i])&0xff);
258: fprintf(stderr, "\n");
259: #endif
1.28 ! markus 260: if (key_verify(server_host_key, (unsigned char *)signature, slen, hash, 20) != 1)
! 261: fatal("key_verify failed for server_host_key");
1.1 markus 262: key_free(server_host_key);
263:
264: kex_derive_keys(kex, hash, shared_secret);
265: packet_set_kex(kex);
266:
267: /* save session id */
268: session_id2_len = 20;
269: session_id2 = xmalloc(session_id2_len);
270: memcpy(session_id2, hash, session_id2_len);
1.11 markus 271: }
272:
1.22 provos 273: /* diffie-hellman-group-exchange-sha1 */
274:
275: /*
276: * Estimates the group order for a Diffie-Hellman group that has an
277: * attack complexity approximately the same as O(2**bits). Estimate
278: * with: O(exp(1.9223 * (ln q)^(1/3) (ln ln q)^(2/3)))
279: */
280:
281: int
282: dh_estimate(int bits)
283: {
284:
285: if (bits < 64)
286: return (512); /* O(2**63) */
287: if (bits < 128)
288: return (1024); /* O(2**86) */
289: if (bits < 192)
290: return (2048); /* O(2**116) */
291: return (4096); /* O(2**156) */
292: }
293:
1.11 markus 294: void
1.22 provos 295: ssh_dhgex_client(Kex *kex, char *host, struct sockaddr *hostaddr,
296: Buffer *client_kexinit, Buffer *server_kexinit)
1.11 markus 297: {
1.22 provos 298: #ifdef DEBUG_KEXDH
299: int i;
300: #endif
301: int plen, dlen;
302: unsigned int klen, kout;
303: char *signature = NULL;
304: unsigned int slen, nbits;
305: char *server_host_key_blob = NULL;
306: Key *server_host_key;
307: unsigned int sbloblen;
308: DH *dh;
309: BIGNUM *dh_server_pub = 0;
310: BIGNUM *shared_secret = 0;
311: BIGNUM *p = 0, *g = 0;
312: unsigned char *kbuf;
313: unsigned char *hash;
314:
1.24 markus 315: nbits = dh_estimate(kex->enc[MODE_OUT].cipher->key_len * 8);
1.22 provos 316:
317: debug("Sending SSH2_MSG_KEX_DH_GEX_REQUEST.");
318: packet_start(SSH2_MSG_KEX_DH_GEX_REQUEST);
319: packet_put_int(nbits);
320: packet_send();
321: packet_write_wait();
1.11 markus 322:
1.22 provos 323: #ifdef DEBUG_KEXDH
324: fprintf(stderr, "\nnbits = %d", nbits);
325: #endif
1.11 markus 326:
1.22 provos 327: debug("Wait SSH2_MSG_KEX_DH_GEX_GROUP.");
1.11 markus 328:
1.22 provos 329: packet_read_expect(&plen, SSH2_MSG_KEX_DH_GEX_GROUP);
1.11 markus 330:
1.22 provos 331: debug("Got SSH2_MSG_KEX_DH_GEX_GROUP.");
1.11 markus 332:
1.22 provos 333: if ((p = BN_new()) == NULL)
334: fatal("BN_new");
335: packet_get_bignum2(p, &dlen);
336: if ((g = BN_new()) == NULL)
337: fatal("BN_new");
338: packet_get_bignum2(g, &dlen);
339: if ((dh = dh_new_group(g, p)) == NULL)
340: fatal("dh_new_group");
1.1 markus 341:
1.22 provos 342: #ifdef DEBUG_KEXDH
343: fprintf(stderr, "\np= ");
344: BN_print_fp(stderr, dh->p);
345: fprintf(stderr, "\ng= ");
346: BN_print_fp(stderr, dh->g);
347: fprintf(stderr, "\npub= ");
348: BN_print_fp(stderr, dh->pub_key);
349: fprintf(stderr, "\n");
350: DHparams_print_fp(stderr, dh);
351: #endif
1.1 markus 352:
1.22 provos 353: debug("Sending SSH2_MSG_KEX_DH_GEX_INIT.");
354: /* generate and send 'e', client DH public key */
355: packet_start(SSH2_MSG_KEX_DH_GEX_INIT);
356: packet_put_bignum2(dh->pub_key);
1.1 markus 357: packet_send();
358: packet_write_wait();
359:
1.22 provos 360: debug("Wait SSH2_MSG_KEX_DH_GEX_REPLY.");
361:
362: packet_read_expect(&plen, SSH2_MSG_KEX_DH_GEX_REPLY);
363:
364: debug("Got SSH2_MSG_KEXDH_REPLY.");
365:
366: /* key, cert */
367: server_host_key_blob = packet_get_string(&sbloblen);
1.28 ! markus 368: server_host_key = key_from_blob(server_host_key_blob, sbloblen);
1.22 provos 369: if (server_host_key == NULL)
370: fatal("cannot decode server_host_key_blob");
371:
372: check_host_key(host, hostaddr, server_host_key,
373: options.user_hostfile2, options.system_hostfile2);
374:
375: /* DH paramter f, server public DH key */
376: dh_server_pub = BN_new();
377: if (dh_server_pub == NULL)
378: fatal("dh_server_pub == NULL");
379: packet_get_bignum2(dh_server_pub, &dlen);
380:
381: #ifdef DEBUG_KEXDH
382: fprintf(stderr, "\ndh_server_pub= ");
383: BN_print_fp(stderr, dh_server_pub);
384: fprintf(stderr, "\n");
385: debug("bits %d", BN_num_bits(dh_server_pub));
386: #endif
387:
388: /* signed H */
389: signature = packet_get_string(&slen);
390: packet_done();
391:
392: if (!dh_pub_is_valid(dh, dh_server_pub))
393: packet_disconnect("bad server public DH value");
394:
395: klen = DH_size(dh);
396: kbuf = xmalloc(klen);
397: kout = DH_compute_key(kbuf, dh_server_pub, dh);
398: #ifdef DEBUG_KEXDH
399: debug("shared secret: len %d/%d", klen, kout);
400: fprintf(stderr, "shared secret == ");
401: for (i = 0; i< kout; i++)
402: fprintf(stderr, "%02x", (kbuf[i])&0xff);
403: fprintf(stderr, "\n");
404: #endif
405: shared_secret = BN_new();
406:
407: BN_bin2bn(kbuf, kout, shared_secret);
408: memset(kbuf, 0, klen);
409: xfree(kbuf);
410:
411: /* calc and verify H */
412: hash = kex_hash_gex(
413: client_version_string,
414: server_version_string,
415: buffer_ptr(client_kexinit), buffer_len(client_kexinit),
416: buffer_ptr(server_kexinit), buffer_len(server_kexinit),
417: server_host_key_blob, sbloblen,
418: nbits, dh->p, dh->g,
419: dh->pub_key,
420: dh_server_pub,
421: shared_secret
422: );
423: xfree(server_host_key_blob);
424: DH_free(dh);
1.1 markus 425: #ifdef DEBUG_KEXDH
1.22 provos 426: fprintf(stderr, "hash == ");
427: for (i = 0; i< 20; i++)
428: fprintf(stderr, "%02x", (hash[i])&0xff);
429: fprintf(stderr, "\n");
1.1 markus 430: #endif
1.28 ! markus 431: if (key_verify(server_host_key, (unsigned char *)signature, slen, hash, 20) != 1)
! 432: fatal("key_verify failed for server_host_key");
1.22 provos 433: key_free(server_host_key);
434:
435: kex_derive_keys(kex, hash, shared_secret);
436: packet_set_kex(kex);
437:
438: /* save session id */
439: session_id2_len = 20;
440: session_id2 = xmalloc(session_id2_len);
441: memcpy(session_id2, hash, session_id2_len);
1.1 markus 442: }
1.11 markus 443:
1.1 markus 444: /*
445: * Authenticate user
446: */
1.20 markus 447:
448: typedef struct Authctxt Authctxt;
449: typedef struct Authmethod Authmethod;
450:
451: typedef int sign_cb_fn(
452: Authctxt *authctxt, Key *key,
453: unsigned char **sigp, int *lenp, unsigned char *data, int datalen);
454:
455: struct Authctxt {
456: const char *server_user;
457: const char *host;
458: const char *service;
459: AuthenticationConnection *agent;
1.23 markus 460: Authmethod *method;
1.20 markus 461: int success;
462: };
463: struct Authmethod {
464: char *name; /* string to compare against server's list */
465: int (*userauth)(Authctxt *authctxt);
466: int *enabled; /* flag in option struct that enables method */
467: int *batch_flag; /* flag in option struct that disables method */
468: };
469:
470: void input_userauth_success(int type, int plen, void *ctxt);
471: void input_userauth_failure(int type, int plen, void *ctxt);
472: void input_userauth_error(int type, int plen, void *ctxt);
1.23 markus 473: void input_userauth_info_req(int type, int plen, void *ctxt);
474:
475: int userauth_none(Authctxt *authctxt);
1.20 markus 476: int userauth_pubkey(Authctxt *authctxt);
477: int userauth_passwd(Authctxt *authctxt);
1.23 markus 478: int userauth_kbdint(Authctxt *authctxt);
1.20 markus 479:
480: void authmethod_clear();
1.23 markus 481: Authmethod *authmethod_get(char *authlist);
482: Authmethod *authmethod_lookup(const char *name);
1.20 markus 483:
484: Authmethod authmethods[] = {
485: {"publickey",
486: userauth_pubkey,
1.28 ! markus 487: &options.pubkey_authentication,
1.20 markus 488: NULL},
489: {"password",
490: userauth_passwd,
491: &options.password_authentication,
492: &options.batch_mode},
1.23 markus 493: {"keyboard-interactive",
494: userauth_kbdint,
495: &options.kbd_interactive_authentication,
496: &options.batch_mode},
497: {"none",
498: userauth_none,
499: NULL,
500: NULL},
1.20 markus 501: {NULL, NULL, NULL, NULL}
502: };
503:
504: void
505: ssh_userauth2(const char *server_user, char *host)
506: {
507: Authctxt authctxt;
508: int type;
509: int plen;
510:
511: debug("send SSH2_MSG_SERVICE_REQUEST");
512: packet_start(SSH2_MSG_SERVICE_REQUEST);
513: packet_put_cstring("ssh-userauth");
514: packet_send();
515: packet_write_wait();
516: type = packet_read(&plen);
517: if (type != SSH2_MSG_SERVICE_ACCEPT) {
518: fatal("denied SSH2_MSG_SERVICE_ACCEPT: %d", type);
519: }
520: if (packet_remaining() > 0) {
521: char *reply = packet_get_string(&plen);
522: debug("service_accept: %s", reply);
523: xfree(reply);
524: packet_done();
525: } else {
526: debug("buggy server: service_accept w/o service");
527: }
528: packet_done();
529: debug("got SSH2_MSG_SERVICE_ACCEPT");
530:
531: /* setup authentication context */
532: authctxt.agent = ssh_get_authentication_connection();
533: authctxt.server_user = server_user;
534: authctxt.host = host;
535: authctxt.service = "ssh-connection"; /* service name */
536: authctxt.success = 0;
1.23 markus 537: authctxt.method = authmethod_lookup("none");
538: if (authctxt.method == NULL)
539: fatal("ssh_userauth2: internal error: cannot send userauth none request");
540: authmethod_clear();
1.20 markus 541:
542: /* initial userauth request */
1.23 markus 543: userauth_none(&authctxt);
1.20 markus 544:
545: dispatch_init(&input_userauth_error);
546: dispatch_set(SSH2_MSG_USERAUTH_SUCCESS, &input_userauth_success);
547: dispatch_set(SSH2_MSG_USERAUTH_FAILURE, &input_userauth_failure);
548: dispatch_run(DISPATCH_BLOCK, &authctxt.success, &authctxt); /* loop until success */
549:
550: if (authctxt.agent != NULL)
551: ssh_close_authentication_connection(authctxt.agent);
552:
1.23 markus 553: debug("ssh-userauth2 successfull: method %s", authctxt.method->name);
1.20 markus 554: }
555: void
556: input_userauth_error(int type, int plen, void *ctxt)
557: {
558: fatal("input_userauth_error: bad message during authentication");
559: }
560: void
561: input_userauth_success(int type, int plen, void *ctxt)
562: {
563: Authctxt *authctxt = ctxt;
564: if (authctxt == NULL)
565: fatal("input_userauth_success: no authentication context");
566: authctxt->success = 1; /* break out */
567: }
568: void
569: input_userauth_failure(int type, int plen, void *ctxt)
570: {
571: Authmethod *method = NULL;
572: Authctxt *authctxt = ctxt;
573: char *authlist = NULL;
574: int partial;
575:
576: if (authctxt == NULL)
577: fatal("input_userauth_failure: no authentication context");
578:
1.23 markus 579: authlist = packet_get_string(NULL);
1.20 markus 580: partial = packet_get_char();
581: packet_done();
582:
583: if (partial != 0)
584: debug("partial success");
585: debug("authentications that can continue: %s", authlist);
586:
587: for (;;) {
588: method = authmethod_get(authlist);
589: if (method == NULL)
590: fatal("Unable to find an authentication method");
1.23 markus 591: authctxt->method = method;
1.20 markus 592: if (method->userauth(authctxt) != 0) {
1.23 markus 593: debug2("we sent a %s packet, wait for reply", method->name);
1.20 markus 594: break;
595: } else {
596: debug2("we did not send a packet, disable method");
597: method->enabled = NULL;
598: }
599: }
600: xfree(authlist);
601: }
602:
1.1 markus 603: int
1.23 markus 604: userauth_none(Authctxt *authctxt)
605: {
606: /* initial userauth request */
607: packet_start(SSH2_MSG_USERAUTH_REQUEST);
608: packet_put_cstring(authctxt->server_user);
609: packet_put_cstring(authctxt->service);
610: packet_put_cstring(authctxt->method->name);
611: packet_send();
612: packet_write_wait();
613: return 1;
614: }
615:
616: int
1.20 markus 617: userauth_passwd(Authctxt *authctxt)
1.1 markus 618: {
1.6 markus 619: static int attempt = 0;
1.1 markus 620: char prompt[80];
621: char *password;
1.6 markus 622:
1.13 todd 623: if (attempt++ >= options.number_of_password_prompts)
1.6 markus 624: return 0;
1.13 todd 625:
626: if(attempt != 1)
627: error("Permission denied, please try again.");
1.1 markus 628:
629: snprintf(prompt, sizeof(prompt), "%.30s@%.40s's password: ",
1.20 markus 630: authctxt->server_user, authctxt->host);
1.1 markus 631: password = read_passphrase(prompt, 0);
632: packet_start(SSH2_MSG_USERAUTH_REQUEST);
1.20 markus 633: packet_put_cstring(authctxt->server_user);
634: packet_put_cstring(authctxt->service);
1.23 markus 635: packet_put_cstring(authctxt->method->name);
1.1 markus 636: packet_put_char(0);
637: packet_put_cstring(password);
638: memset(password, 0, strlen(password));
639: xfree(password);
640: packet_send();
641: packet_write_wait();
642: return 1;
643: }
644:
1.17 markus 645: int
1.20 markus 646: sign_and_send_pubkey(Authctxt *authctxt, Key *k, sign_cb_fn *sign_callback)
1.1 markus 647: {
648: Buffer b;
649: unsigned char *blob, *signature;
650: int bloblen, slen;
1.14 markus 651: int skip = 0;
1.17 markus 652: int ret = -1;
1.23 markus 653: int have_sig = 1;
1.1 markus 654:
1.28 ! markus 655: if (key_to_blob(k, &blob, &bloblen) == 0) {
! 656: /* we cannot handle this key */
! 657: return 0;
! 658: }
1.1 markus 659: /* data to be signed */
660: buffer_init(&b);
1.26 markus 661: if (datafellows & SSH_OLD_SESSIONID) {
662: buffer_append(&b, session_id2, session_id2_len);
663: skip = session_id2_len;
664: } else {
1.14 markus 665: buffer_put_string(&b, session_id2, session_id2_len);
666: skip = buffer_len(&b);
667: }
1.1 markus 668: buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
1.20 markus 669: buffer_put_cstring(&b, authctxt->server_user);
1.10 markus 670: buffer_put_cstring(&b,
671: datafellows & SSH_BUG_PUBKEYAUTH ?
672: "ssh-userauth" :
1.20 markus 673: authctxt->service);
1.23 markus 674: buffer_put_cstring(&b, authctxt->method->name);
675: buffer_put_char(&b, have_sig);
1.28 ! markus 676: buffer_put_cstring(&b, key_ssh_name(k));
1.1 markus 677: buffer_put_string(&b, blob, bloblen);
678:
679: /* generate signature */
1.20 markus 680: ret = (*sign_callback)(authctxt, k, &signature, &slen, buffer_ptr(&b), buffer_len(&b));
1.17 markus 681: if (ret == -1) {
682: xfree(blob);
683: buffer_free(&b);
684: return 0;
685: }
1.28 ! markus 686: #ifdef DEBUG_PK
1.1 markus 687: buffer_dump(&b);
688: #endif
1.10 markus 689: if (datafellows & SSH_BUG_PUBKEYAUTH) {
690: buffer_clear(&b);
691: buffer_append(&b, session_id2, session_id2_len);
692: buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
1.20 markus 693: buffer_put_cstring(&b, authctxt->server_user);
694: buffer_put_cstring(&b, authctxt->service);
1.23 markus 695: buffer_put_cstring(&b, authctxt->method->name);
696: buffer_put_char(&b, have_sig);
1.28 ! markus 697: buffer_put_cstring(&b, key_ssh_name(k));
1.10 markus 698: buffer_put_string(&b, blob, bloblen);
699: }
700: xfree(blob);
1.1 markus 701: /* append signature */
702: buffer_put_string(&b, signature, slen);
703: xfree(signature);
704:
705: /* skip session id and packet type */
1.14 markus 706: if (buffer_len(&b) < skip + 1)
1.20 markus 707: fatal("userauth_pubkey: internal error");
1.14 markus 708: buffer_consume(&b, skip + 1);
1.1 markus 709:
710: /* put remaining data from buffer into packet */
711: packet_start(SSH2_MSG_USERAUTH_REQUEST);
712: packet_put_raw(buffer_ptr(&b), buffer_len(&b));
713: buffer_free(&b);
714:
715: /* send */
716: packet_send();
717: packet_write_wait();
1.17 markus 718:
719: return 1;
1.16 markus 720: }
721:
1.20 markus 722: /* sign callback */
1.28 ! markus 723: int key_sign_cb(Authctxt *authctxt, Key *key, unsigned char **sigp, int *lenp,
1.20 markus 724: unsigned char *data, int datalen)
725: {
1.28 ! markus 726: return key_sign(key, sigp, lenp, data, datalen);
1.20 markus 727: }
728:
1.16 markus 729: int
1.20 markus 730: userauth_pubkey_identity(Authctxt *authctxt, char *filename)
1.16 markus 731: {
732: Key *k;
1.20 markus 733: int i, ret, try_next;
1.16 markus 734: struct stat st;
735:
736: if (stat(filename, &st) != 0) {
737: debug("key does not exist: %s", filename);
738: return 0;
739: }
740: debug("try pubkey: %s", filename);
741:
1.28 ! markus 742: k = key_new(KEY_UNSPEC);
1.16 markus 743: if (!load_private_key(filename, "", k, NULL)) {
744: int success = 0;
745: char *passphrase;
746: char prompt[300];
747: snprintf(prompt, sizeof prompt,
1.28 ! markus 748: "Enter passphrase for key '%.100s': ", filename);
1.20 markus 749: for (i = 0; i < options.number_of_password_prompts; i++) {
750: passphrase = read_passphrase(prompt, 0);
751: if (strcmp(passphrase, "") != 0) {
752: success = load_private_key(filename, passphrase, k, NULL);
753: try_next = 0;
754: } else {
755: debug2("no passphrase given, try next key");
756: try_next = 1;
757: }
758: memset(passphrase, 0, strlen(passphrase));
759: xfree(passphrase);
760: if (success || try_next)
761: break;
762: debug2("bad passphrase given, try again...");
763: }
1.16 markus 764: if (!success) {
765: key_free(k);
766: return 0;
767: }
768: }
1.28 ! markus 769: ret = sign_and_send_pubkey(authctxt, k, key_sign_cb);
1.17 markus 770: key_free(k);
771: return ret;
772: }
773:
1.20 markus 774: /* sign callback */
775: int agent_sign_cb(Authctxt *authctxt, Key *key, unsigned char **sigp, int *lenp,
1.17 markus 776: unsigned char *data, int datalen)
777: {
1.20 markus 778: return ssh_agent_sign(authctxt->agent, key, sigp, lenp, data, datalen);
1.17 markus 779: }
780:
781: int
1.20 markus 782: userauth_pubkey_agent(Authctxt *authctxt)
1.17 markus 783: {
784: static int called = 0;
1.28 ! markus 785: int ret = 0;
1.17 markus 786: char *comment;
787: Key *k;
788:
789: if (called == 0) {
1.28 ! markus 790: if (ssh_get_num_identities(authctxt->agent, 2) == 0)
! 791: debug2("userauth_pubkey_agent: no keys at all");
1.20 markus 792: called = 1;
1.17 markus 793: }
1.28 ! markus 794: k = ssh_get_next_identity(authctxt->agent, &comment, 2);
1.20 markus 795: if (k == NULL) {
1.28 ! markus 796: debug2("userauth_pubkey_agent: no more keys");
! 797: } else {
! 798: debug("userauth_pubkey_agent: trying agent key %s", comment);
! 799: xfree(comment);
! 800: ret = sign_and_send_pubkey(authctxt, k, agent_sign_cb);
! 801: key_free(k);
1.20 markus 802: }
1.28 ! markus 803: if (ret == 0)
! 804: debug2("userauth_pubkey_agent: no message sent");
1.17 markus 805: return ret;
1.1 markus 806: }
807:
1.20 markus 808: int
809: userauth_pubkey(Authctxt *authctxt)
810: {
811: static int idx = 0;
812: int sent = 0;
813:
1.28 ! markus 814: if (authctxt->agent != NULL) {
! 815: do {
! 816: sent = userauth_pubkey_agent(authctxt);
! 817: } while(!sent && authctxt->agent->howmany > 0);
! 818: }
! 819: while (!sent && idx < options.num_identity_files) {
! 820: if (options.identity_files_type[idx] != KEY_RSA1)
! 821: sent = userauth_pubkey_identity(authctxt,
! 822: options.identity_files[idx]);
! 823: idx++;
! 824: }
1.20 markus 825: return sent;
826: }
827:
1.23 markus 828: /*
829: * Send userauth request message specifying keyboard-interactive method.
830: */
831: int
832: userauth_kbdint(Authctxt *authctxt)
833: {
834: static int attempt = 0;
835:
836: if (attempt++ >= options.number_of_password_prompts)
837: return 0;
838:
839: debug2("userauth_kbdint");
840: packet_start(SSH2_MSG_USERAUTH_REQUEST);
841: packet_put_cstring(authctxt->server_user);
842: packet_put_cstring(authctxt->service);
843: packet_put_cstring(authctxt->method->name);
844: packet_put_cstring(""); /* lang */
845: packet_put_cstring(options.kbd_interactive_devices ?
846: options.kbd_interactive_devices : "");
847: packet_send();
848: packet_write_wait();
849:
850: dispatch_set(SSH2_MSG_USERAUTH_INFO_REQUEST, &input_userauth_info_req);
851: return 1;
852: }
853:
854: /*
855: * parse SSH2_MSG_USERAUTH_INFO_REQUEST, prompt user and send
856: * SSH2_MSG_USERAUTH_INFO_RESPONSE
857: */
858: void
859: input_userauth_info_req(int type, int plen, void *ctxt)
860: {
861: Authctxt *authctxt = ctxt;
862: char *name = NULL;
863: char *inst = NULL;
864: char *lang = NULL;
865: char *prompt = NULL;
866: char *response = NULL;
867: unsigned int num_prompts, i;
868: int echo = 0;
869:
870: debug2("input_userauth_info_req");
871:
872: if (authctxt == NULL)
873: fatal("input_userauth_info_req: no authentication context");
874:
875: name = packet_get_string(NULL);
876: inst = packet_get_string(NULL);
877: lang = packet_get_string(NULL);
878:
879: if (strlen(name) > 0)
880: cli_mesg(name);
881: xfree(name);
882:
883: if (strlen(inst) > 0)
884: cli_mesg(inst);
885: xfree(inst);
886: xfree(lang); /* unused */
887:
888: num_prompts = packet_get_int();
889: /*
890: * Begin to build info response packet based on prompts requested.
891: * We commit to providing the correct number of responses, so if
892: * further on we run into a problem that prevents this, we have to
893: * be sure and clean this up and send a correct error response.
894: */
895: packet_start(SSH2_MSG_USERAUTH_INFO_RESPONSE);
896: packet_put_int(num_prompts);
897:
898: for (i = 0; i < num_prompts; i++) {
899: prompt = packet_get_string(NULL);
900: echo = packet_get_char();
901:
902: response = cli_prompt(prompt, echo);
903:
904: packet_put_cstring(response);
905: memset(response, 0, strlen(response));
906: xfree(response);
907: xfree(prompt);
908: }
909: packet_done(); /* done with parsing incoming message. */
910:
911: packet_send();
912: packet_write_wait();
913: }
1.20 markus 914:
915: /* find auth method */
916:
917: #define DELIM ","
918:
919: static char *def_authlist = "publickey,password";
920: static char *authlist_current = NULL; /* clean copy used for comparison */
921: static char *authname_current = NULL; /* last used auth method */
922: static char *authlist_working = NULL; /* copy that gets modified by strtok_r() */
923: static char *authlist_state = NULL; /* state variable for strtok_r() */
924:
925: /*
926: * Before starting to use a new authentication method list sent by the
927: * server, reset internal variables. This should also be called when
928: * finished processing server list to free resources.
929: */
1.1 markus 930: void
1.20 markus 931: authmethod_clear()
932: {
933: if (authlist_current != NULL) {
934: xfree(authlist_current);
935: authlist_current = NULL;
936: }
937: if (authlist_working != NULL) {
938: xfree(authlist_working);
939: authlist_working = NULL;
940: }
941: if (authname_current != NULL) {
942: xfree(authname_current);
943: authlist_state = NULL;
944: }
945: if (authlist_state != NULL)
946: authlist_state = NULL;
947: return;
948: }
949:
950: /*
951: * given auth method name, if configurable options permit this method fill
952: * in auth_ident field and return true, otherwise return false.
953: */
954: int
955: authmethod_is_enabled(Authmethod *method)
956: {
957: if (method == NULL)
958: return 0;
959: /* return false if options indicate this method is disabled */
960: if (method->enabled == NULL || *method->enabled == 0)
961: return 0;
962: /* return false if batch mode is enabled but method needs interactive mode */
963: if (method->batch_flag != NULL && *method->batch_flag != 0)
964: return 0;
965: return 1;
966: }
967:
968: Authmethod *
969: authmethod_lookup(const char *name)
1.1 markus 970: {
1.20 markus 971: Authmethod *method = NULL;
972: if (name != NULL)
973: for (method = authmethods; method->name != NULL; method++)
974: if (strcmp(name, method->name) == 0)
975: return method;
976: debug2("Unrecognized authentication method name: %s", name ? name : "NULL");
977: return NULL;
978: }
1.1 markus 979:
1.20 markus 980: /*
981: * Given the authentication method list sent by the server, return the
982: * next method we should try. If the server initially sends a nil list,
983: * use a built-in default list. If the server sends a nil list after
984: * previously sending a valid list, continue using the list originally
985: * sent.
986: */
1.1 markus 987:
1.20 markus 988: Authmethod *
989: authmethod_get(char *authlist)
990: {
1.27 provos 991: char *name = NULL, *authname_old;
1.20 markus 992: Authmethod *method = NULL;
993:
994: /* Use a suitable default if we're passed a nil list. */
995: if (authlist == NULL || strlen(authlist) == 0)
996: authlist = def_authlist;
997:
998: if (authlist_current == NULL || strcmp(authlist, authlist_current) != 0) {
999: /* start over if passed a different list */
1.23 markus 1000: debug3("start over, passed a different list");
1.20 markus 1001: authmethod_clear();
1002: authlist_current = xstrdup(authlist);
1003: authlist_working = xstrdup(authlist);
1004: name = strtok_r(authlist_working, DELIM, &authlist_state);
1005: } else {
1006: /*
1007: * try to use previously used authentication method
1008: * or continue to use previously passed list
1009: */
1010: name = (authname_current != NULL) ?
1011: authname_current : strtok_r(NULL, DELIM, &authlist_state);
1.1 markus 1012: }
1.20 markus 1013:
1014: while (name != NULL) {
1.23 markus 1015: debug3("authmethod_lookup %s", name);
1.20 markus 1016: method = authmethod_lookup(name);
1.23 markus 1017: if (method != NULL && authmethod_is_enabled(method)) {
1018: debug3("authmethod_is_enabled %s", name);
1.20 markus 1019: break;
1.23 markus 1020: }
1.20 markus 1021: name = strtok_r(NULL, DELIM, &authlist_state);
1.23 markus 1022: method = NULL;
1.1 markus 1023: }
1024:
1.27 provos 1025: authname_old = authname_current;
1.23 markus 1026: if (method != NULL) {
1.20 markus 1027: debug("next auth method to try is %s", name);
1028: authname_current = xstrdup(name);
1029: } else {
1030: debug("no more auth methods to try");
1031: authname_current = NULL;
1.1 markus 1032: }
1.27 provos 1033:
1034: if (authname_old != NULL)
1035: xfree(authname_old);
1036:
1037: return (method);
1.1 markus 1038: }