Lines Matching defs:ssh
46 #include "ssh.h"
70 #include "ssh-sk.h"
74 #include "ssh-gss.h"
89 verify_host_key_callback(struct sshkey *hostkey, struct ssh *ssh)
213 ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port,
225 ssh_packet_set_rekey_limits(ssh, options.rekey_limit,
248 kex_proposal_populate_entries(ssh, myproposal,
256 if ((r = kex_setup(ssh, myproposal)) != 0)
259 ssh->kex->kex[KEX_DH_GRP1_SHA1] = kex_gen_client;
260 ssh->kex->kex[KEX_DH_GRP14_SHA1] = kex_gen_client;
261 ssh->kex->kex[KEX_DH_GRP14_SHA256] = kex_gen_client;
262 ssh->kex->kex[KEX_DH_GRP16_SHA512] = kex_gen_client;
263 ssh->kex->kex[KEX_DH_GRP18_SHA512] = kex_gen_client;
264 ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_client;
265 ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_client;
266 ssh->kex->kex[KEX_ECDH_SHA2] = kex_gen_client;
268 ssh->kex->kex[KEX_C25519_SHA256] = kex_gen_client;
269 ssh->kex->kex[KEX_KEM_SNTRUP761X25519_SHA512] = kex_gen_client;
270 ssh->kex->kex[KEX_KEM_MLKEM768X25519_SHA256] = kex_gen_client;
271 ssh->kex->verify_host_key=&verify_host_key_callback;
273 ssh_dispatch_run_fatal(ssh, DISPATCH_BLOCK, &ssh->kex->done);
278 if ((r = sshpkt_start(ssh, SSH2_MSG_IGNORE)) != 0 ||
279 (r = sshpkt_put_cstring(ssh, "markus")) != 0 ||
280 (r = sshpkt_send(ssh)) != 0 ||
281 (r = ssh_packet_write_wait(ssh)) != 0)
337 int (*userauth)(struct ssh *ssh);
338 void (*cleanup)(struct ssh *ssh);
343 static int input_userauth_service_accept(int, u_int32_t, struct ssh *);
344 static int input_userauth_success(int, u_int32_t, struct ssh *);
345 static int input_userauth_failure(int, u_int32_t, struct ssh *);
346 static int input_userauth_banner(int, u_int32_t, struct ssh *);
347 static int input_userauth_error(int, u_int32_t, struct ssh *);
348 static int input_userauth_info_req(int, u_int32_t, struct ssh *);
349 static int input_userauth_pk_ok(int, u_int32_t, struct ssh *);
350 static int input_userauth_passwd_changereq(int, u_int32_t, struct ssh *);
352 static int userauth_none(struct ssh *);
353 static int userauth_pubkey(struct ssh *);
354 static int userauth_passwd(struct ssh *);
355 static int userauth_kbdint(struct ssh *);
356 static int userauth_hostbased(struct ssh *);
359 static int userauth_gssapi(struct ssh *);
360 static void userauth_gssapi_cleanup(struct ssh *);
361 static int input_gssapi_response(int type, u_int32_t, struct ssh *);
362 static int input_gssapi_token(int type, u_int32_t, struct ssh *);
363 static int input_gssapi_error(int, u_int32_t, struct ssh *);
364 static int input_gssapi_errtok(int, u_int32_t, struct ssh *);
367 void userauth(struct ssh *, char *);
369 static void pubkey_cleanup(struct ssh *);
370 static int sign_and_send_pubkey(struct ssh *ssh, Identity *);
371 static void pubkey_prepare(struct ssh *, Authctxt *);
416 ssh_userauth2(struct ssh *ssh, const char *local_user,
430 authctxt.service = "ssh-connection"; /* service name */
448 if ((r = sshpkt_start(ssh, SSH2_MSG_SERVICE_REQUEST)) != 0 ||
449 (r = sshpkt_put_cstring(ssh, "ssh-userauth")) != 0 ||
450 (r = sshpkt_send(ssh)) != 0)
453 ssh->authctxt = &authctxt;
454 ssh_dispatch_init(ssh, &input_userauth_error);
455 ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, kex_input_ext_info);
456 ssh_dispatch_set(ssh, SSH2_MSG_SERVICE_ACCEPT, &input_userauth_service_accept);
457 ssh_dispatch_run_fatal(ssh, DISPATCH_BLOCK, &authctxt.success); /* loop until success */
458 pubkey_cleanup(ssh);
467 ssh->authctxt = NULL;
469 ssh_dispatch_range(ssh, SSH2_MSG_USERAUTH_MIN, SSH2_MSG_USERAUTH_MAX, NULL);
473 if (ssh_packet_connection_is_on_socket(ssh)) {
475 ssh_remote_ipaddr(ssh), ssh_remote_port(ssh),
484 input_userauth_service_accept(int type, u_int32_t seq, struct ssh *ssh)
488 if (ssh_packet_remaining(ssh) > 0) {
491 if ((r = sshpkt_get_cstring(ssh, &reply, NULL)) != 0)
498 if ((r = sshpkt_get_end(ssh)) != 0)
503 userauth_none(ssh);
506 ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, ssh->kex->ext_info_s ?
508 ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_SUCCESS, &input_userauth_success);
509 ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_FAILURE, &input_userauth_failure);
510 ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_BANNER, &input_userauth_banner);
517 userauth(struct ssh *ssh, char *authlist)
519 Authctxt *authctxt = (Authctxt *)ssh->authctxt;
522 authctxt->method->cleanup(ssh);
540 ssh_dispatch_range(ssh, SSH2_MSG_USERAUTH_PER_METHOD_MIN,
544 if (method->userauth(ssh) != 0) {
555 input_userauth_error(int type, u_int32_t seq, struct ssh *ssh)
562 input_userauth_banner(int type, u_int32_t seq, struct ssh *ssh)
569 if ((r = sshpkt_get_cstring(ssh, &msg, &len)) != 0 ||
570 (r = sshpkt_get_cstring(ssh, NULL, NULL)) != 0)
581 input_userauth_success(int type, u_int32_t seq, struct ssh *ssh)
583 Authctxt *authctxt = ssh->authctxt;
590 authctxt->method->cleanup(ssh);
594 ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, dispatch_protocol_error);
600 input_userauth_success_unexpected(int type, u_int32_t seq, struct ssh *ssh)
602 Authctxt *authctxt = ssh->authctxt;
614 input_userauth_failure(int type, u_int32_t seq, struct ssh *ssh)
616 Authctxt *authctxt = ssh->authctxt;
623 if (sshpkt_get_cstring(ssh, &authlist, NULL) != 0 ||
624 sshpkt_get_u8(ssh, &partial) != 0 ||
625 sshpkt_get_end(ssh) != 0)
636 userauth(ssh, authlist);
674 input_userauth_pk_ok(int type, u_int32_t seq, struct ssh *ssh)
676 Authctxt *authctxt = ssh->authctxt;
688 if ((r = sshpkt_get_cstring(ssh, &pkalg, NULL)) != 0 ||
689 (r = sshpkt_get_string(ssh, &pkblob, &blen)) != 0 ||
690 (r = sshpkt_get_end(ssh)) != 0)
728 sent = sign_and_send_pubkey(ssh, id);
739 userauth(ssh, NULL);
745 userauth_gssapi(struct ssh *ssh)
747 Authctxt *authctxt = (Authctxt *)ssh->authctxt;
778 if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_REQUEST)) != 0 ||
779 (r = sshpkt_put_cstring(ssh, authctxt->server_user)) != 0 ||
780 (r = sshpkt_put_cstring(ssh, authctxt->service)) != 0 ||
781 (r = sshpkt_put_cstring(ssh, authctxt->method->name)) != 0 ||
782 (r = sshpkt_put_u32(ssh, 1)) != 0 ||
783 (r = sshpkt_put_u32(ssh, (mech->length) + 2)) != 0 ||
784 (r = sshpkt_put_u8(ssh, SSH_GSS_OIDTYPE)) != 0 ||
785 (r = sshpkt_put_u8(ssh, mech->length)) != 0 ||
786 (r = sshpkt_put(ssh, mech->elements, mech->length)) != 0 ||
787 (r = sshpkt_send(ssh)) != 0)
790 ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_RESPONSE, &input_gssapi_response);
791 ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_TOKEN, &input_gssapi_token);
792 ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_ERROR, &input_gssapi_error);
793 ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, &input_gssapi_errtok);
801 userauth_gssapi_cleanup(struct ssh *ssh)
803 Authctxt *authctxt = (Authctxt *)ssh->authctxt;
811 process_gssapi_token(struct ssh *ssh, gss_buffer_t recv_tok)
813 Authctxt *authctxt = ssh->authctxt;
829 if ((r = sshpkt_start(ssh, type)) != 0 ||
830 (r = sshpkt_put_string(ssh, send_tok.value,
832 (r = sshpkt_send(ssh)) != 0)
841 if ((r = sshpkt_start(ssh,
843 (r = sshpkt_send(ssh)) != 0)
852 ssh->kex->session_id);
861 if ((r = sshpkt_start(ssh,
863 (r = sshpkt_put_string(ssh, mic.value,
865 (r = sshpkt_send(ssh)) != 0)
878 input_gssapi_response(int type, u_int32_t plen, struct ssh *ssh)
880 Authctxt *authctxt = ssh->authctxt;
891 if ((r = sshpkt_get_string(ssh, &oidv, &oidlen)) != 0)
898 userauth(ssh, NULL);
905 if ((r = sshpkt_get_end(ssh)) != 0)
908 if (GSS_ERROR(process_gssapi_token(ssh, GSS_C_NO_BUFFER))) {
911 userauth(ssh, NULL);
922 input_gssapi_token(int type, u_int32_t plen, struct ssh *ssh)
924 Authctxt *authctxt = ssh->authctxt;
934 if ((r = sshpkt_get_string(ssh, &p, &len)) != 0 ||
935 (r = sshpkt_get_end(ssh)) != 0)
940 status = process_gssapi_token(ssh, &recv_tok);
944 userauth(ssh, NULL);
954 input_gssapi_errtok(int type, u_int32_t plen, struct ssh *ssh)
956 Authctxt *authctxt = ssh->authctxt;
969 if ((r = sshpkt_get_string(ssh, &p, &len)) != 0 ||
970 (r = sshpkt_get_end(ssh)) != 0) {
988 input_gssapi_error(int type, u_int32_t plen, struct ssh *ssh)
994 if ((r = sshpkt_get_u32(ssh, NULL)) != 0 || /* maj */
995 (r = sshpkt_get_u32(ssh, NULL)) != 0 || /* min */
996 (r = sshpkt_get_cstring(ssh, &msg, NULL)) != 0 ||
997 (r = sshpkt_get_cstring(ssh, &lang, NULL)) != 0)
999 r = sshpkt_get_end(ssh);
1009 userauth_none(struct ssh *ssh)
1011 Authctxt *authctxt = (Authctxt *)ssh->authctxt;
1015 if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_REQUEST)) != 0 ||
1016 (r = sshpkt_put_cstring(ssh, authctxt->server_user)) != 0 ||
1017 (r = sshpkt_put_cstring(ssh, authctxt->service)) != 0 ||
1018 (r = sshpkt_put_cstring(ssh, authctxt->method->name)) != 0 ||
1019 (r = sshpkt_send(ssh)) != 0)
1025 userauth_passwd(struct ssh *ssh)
1027 Authctxt *authctxt = (Authctxt *)ssh->authctxt;
1041 if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_REQUEST)) != 0 ||
1042 (r = sshpkt_put_cstring(ssh, authctxt->server_user)) != 0 ||
1043 (r = sshpkt_put_cstring(ssh, authctxt->service)) != 0 ||
1044 (r = sshpkt_put_cstring(ssh, authctxt->method->name)) != 0 ||
1045 (r = sshpkt_put_u8(ssh, 0)) != 0 ||
1046 (r = sshpkt_put_cstring(ssh, password)) != 0 ||
1047 (r = sshpkt_add_padding(ssh, 64)) != 0 ||
1048 (r = sshpkt_send(ssh)) != 0)
1055 ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ,
1065 input_userauth_passwd_changereq(int type, u_int32_t seqnr, struct ssh *ssh)
1067 Authctxt *authctxt = ssh->authctxt;
1080 if ((r = sshpkt_get_cstring(ssh, &info, NULL)) != 0 ||
1081 (r = sshpkt_get_cstring(ssh, &lang, NULL)) != 0)
1085 if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_REQUEST)) != 0 ||
1086 (r = sshpkt_put_cstring(ssh, authctxt->server_user)) != 0 ||
1087 (r = sshpkt_put_cstring(ssh, authctxt->service)) != 0 ||
1088 (r = sshpkt_put_cstring(ssh, authctxt->method->name)) != 0 ||
1089 (r = sshpkt_put_u8(ssh, 1)) != 0) /* additional info */
1096 if ((r = sshpkt_put_cstring(ssh, password)) != 0)
1122 if ((r = sshpkt_put_cstring(ssh, password)) != 0 ||
1123 (r = sshpkt_add_padding(ssh, 64)) != 0 ||
1124 (r = sshpkt_send(ssh)) != 0)
1127 ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ,
1142 * Call with ssh==NULL to ignore server-sig-algs extension list and
1146 key_sig_algorithm(struct ssh *ssh, const struct sshkey *key)
1156 if (ssh == NULL || ssh->kex->server_sig_algs == NULL ||
1158 (key->type == KEY_RSA_CERT && (ssh->compat & SSH_BUG_SIGTYPE))) {
1168 server_sig_algs = ssh->kex->server_sig_algs;
1169 if (key->type == KEY_RSA && (ssh->compat & SSH_BUG_SIGTYPE74))
1301 sign_and_send_pubkey(struct ssh *ssh, Identity *id)
1303 Authctxt *authctxt = (Authctxt *)ssh->authctxt;
1314 if ((ssh->kex->flags & KEX_HAS_PUBKEY_HOSTBOUND) != 0 &&
1382 if ((alg = key_sig_algorithm(fallback_sigtype ? NULL : ssh,
1392 if (ssh->compat & SSH_OLD_SESSIONID) {
1393 if ((r = sshbuf_putb(b, ssh->kex->session_id)) != 0)
1397 ssh->kex->session_id)) != 0)
1411 if (ssh->kex->initial_hostkey == NULL) {
1415 if ((r = sshkey_puts(ssh->kex->initial_hostkey, b)) != 0)
1420 sshbuf_ptr(b), sshbuf_len(b), ssh->compat, alg);
1455 if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_REQUEST)) != 0 ||
1456 (r = sshpkt_putb(ssh, b)) != 0 ||
1457 (r = sshpkt_send(ssh)) != 0)
1472 send_pubkey_test(struct ssh *ssh, Identity *id)
1474 Authctxt *authctxt = (Authctxt *)ssh->authctxt;
1481 if ((alg = key_sig_algorithm(ssh, id->key)) == NULL) {
1492 ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_PK_OK, &input_userauth_pk_ok);
1494 if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_REQUEST)) != 0 ||
1495 (r = sshpkt_put_cstring(ssh, authctxt->server_user)) != 0 ||
1496 (r = sshpkt_put_cstring(ssh, authctxt->service)) != 0 ||
1497 (r = sshpkt_put_cstring(ssh, authctxt->method->name)) != 0 ||
1498 (r = sshpkt_put_u8(ssh, have_sig)) != 0 ||
1499 (r = sshpkt_put_cstring(ssh, alg)) != 0 ||
1500 (r = sshpkt_put_string(ssh, blob, bloblen)) != 0 ||
1501 (r = sshpkt_send(ssh)) != 0)
1621 get_agent_identities(struct ssh *ssh, int *agent_fdp,
1632 if ((r = ssh_agent_bind_hostkey(agent_fd, ssh->kex->initial_hostkey,
1633 ssh->kex->session_id, ssh->kex->initial_sig, 0)) == 0)
1659 pubkey_prepare(struct ssh *ssh, Authctxt *authctxt)
1721 if ((r = get_agent_identities(ssh, &agent_fd, &idlist)) == 0) {
1794 } else if (ssh->kex->server_sig_algs != NULL &&
1795 (cp = key_sig_algorithm(ssh, id->key)) == NULL) {
1820 pubkey_cleanup(struct ssh *ssh)
1822 Authctxt *authctxt = (Authctxt *)ssh->authctxt;
1848 userauth_pubkey(struct ssh *ssh)
1850 Authctxt *authctxt = (Authctxt *)ssh->authctxt;
1857 pubkey_prepare(ssh, authctxt);
1876 sent = send_pubkey_test(ssh, id);
1882 sent = sign_and_send_pubkey(ssh, id);
1898 userauth_kbdint(struct ssh *ssh)
1900 Authctxt *authctxt = (Authctxt *)ssh->authctxt;
1908 ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_INFO_REQUEST, NULL);
1913 if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_REQUEST)) != 0 ||
1914 (r = sshpkt_put_cstring(ssh, authctxt->server_user)) != 0 ||
1915 (r = sshpkt_put_cstring(ssh, authctxt->service)) != 0 ||
1916 (r = sshpkt_put_cstring(ssh, authctxt->method->name)) != 0 ||
1917 (r = sshpkt_put_cstring(ssh, "")) != 0 || /* lang */
1918 (r = sshpkt_put_cstring(ssh, options.kbd_interactive_devices ?
1920 (r = sshpkt_send(ssh)) != 0)
1923 ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_INFO_REQUEST, &input_userauth_info_req);
1931 input_userauth_info_req(int type, u_int32_t seq, struct ssh *ssh)
1933 Authctxt *authctxt = ssh->authctxt;
1947 if ((r = sshpkt_get_cstring(ssh, &name, NULL)) != 0 ||
1948 (r = sshpkt_get_cstring(ssh, &inst, NULL)) != 0 ||
1949 (r = sshpkt_get_cstring(ssh, &lang, NULL)) != 0)
1956 if ((r = sshpkt_get_u32(ssh, &num_prompts)) != 0)
1964 if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_INFO_RESPONSE)) != 0 ||
1965 (r = sshpkt_put_u32(ssh, num_prompts)) != 0)
1970 if ((r = sshpkt_get_cstring(ssh, &prompt, NULL)) != 0 ||
1971 (r = sshpkt_get_u8(ssh, &echo)) != 0)
1978 if ((r = sshpkt_put_cstring(ssh, response)) != 0)
1986 if ((r = sshpkt_get_end(ssh)) != 0 ||
1987 (r = sshpkt_add_padding(ssh, 64)) != 0)
1989 r = sshpkt_send(ssh);
2002 ssh_keysign(struct ssh *ssh, struct sshkey *key, u_char **sigp, size_t *lenp,
2009 int sock = ssh_packet_get_connection_in(ssh);
2118 userauth_hostbased(struct ssh *ssh)
2120 Authctxt *authctxt = (Authctxt *)ssh->authctxt;
2183 lname = get_local_name(ssh_packet_get_connection_in(ssh));
2202 if ((r = sshbuf_put_stringb(b, ssh->kex->session_id)) != 0 ||
2218 if ((r = ssh_keysign(ssh, private, &sig, &siglen,
2224 if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_REQUEST)) != 0 ||
2225 (r = sshpkt_put_cstring(ssh, authctxt->server_user)) != 0 ||
2226 (r = sshpkt_put_cstring(ssh, authctxt->service)) != 0 ||
2227 (r = sshpkt_put_cstring(ssh, authctxt->method->name)) != 0 ||
2228 (r = sshpkt_put_cstring(ssh, authctxt->active_ktype)) != 0 ||
2229 (r = sshpkt_put_string(ssh, keyblob, keylen)) != 0 ||
2230 (r = sshpkt_put_cstring(ssh, chost)) != 0 ||
2231 (r = sshpkt_put_cstring(ssh, authctxt->local_user)) != 0 ||
2232 (r = sshpkt_put_string(ssh, sig, siglen)) != 0 ||
2233 (r = sshpkt_send(ssh)) != 0) {