1*d91f98a8Spgoyette /* $NetBSD: auth-bsdauth.c,v 1.9 2019/01/27 02:08:33 pgoyette Exp $ */
255a4608bSchristos /* $OpenBSD: auth-bsdauth.c,v 1.15 2018/07/09 21:35:50 markus Exp $ */
379976551Schristos
4ca32bd8dSchristos /*
5ca32bd8dSchristos * Copyright (c) 2001 Markus Friedl. All rights reserved.
6ca32bd8dSchristos *
7ca32bd8dSchristos * Redistribution and use in source and binary forms, with or without
8ca32bd8dSchristos * modification, are permitted provided that the following conditions
9ca32bd8dSchristos * are met:
10ca32bd8dSchristos * 1. Redistributions of source code must retain the above copyright
11ca32bd8dSchristos * notice, this list of conditions and the following disclaimer.
12ca32bd8dSchristos * 2. Redistributions in binary form must reproduce the above copyright
13ca32bd8dSchristos * notice, this list of conditions and the following disclaimer in the
14ca32bd8dSchristos * documentation and/or other materials provided with the distribution.
15ca32bd8dSchristos *
16ca32bd8dSchristos * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
17ca32bd8dSchristos * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
18ca32bd8dSchristos * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
19ca32bd8dSchristos * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
20ca32bd8dSchristos * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
21ca32bd8dSchristos * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
22ca32bd8dSchristos * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
23ca32bd8dSchristos * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
24ca32bd8dSchristos * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
25ca32bd8dSchristos * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26ca32bd8dSchristos */
27ca32bd8dSchristos
28313c6c94Schristos #include "includes.h"
29*d91f98a8Spgoyette __RCSID("$NetBSD: auth-bsdauth.c,v 1.9 2019/01/27 02:08:33 pgoyette Exp $");
30ca32bd8dSchristos #include <sys/types.h>
318a4530f9Schristos #include <stdarg.h>
328a4530f9Schristos #include <stdio.h>
33ca32bd8dSchristos
34313c6c94Schristos #ifdef BSD_AUTH
35ca32bd8dSchristos #include "xmalloc.h"
3655a4608bSchristos #include "sshkey.h"
3755a4608bSchristos #include "sshbuf.h"
38ca32bd8dSchristos #include "hostfile.h"
39ca32bd8dSchristos #include "auth.h"
40ca32bd8dSchristos #include "log.h"
41ca32bd8dSchristos #ifdef GSSAPI
42ca32bd8dSchristos #include "ssh-gss.h"
43ca32bd8dSchristos #endif
44ca32bd8dSchristos #include "monitor_wrap.h"
45ca32bd8dSchristos
46ca32bd8dSchristos static void *
bsdauth_init_ctx(Authctxt * authctxt)47ca32bd8dSchristos bsdauth_init_ctx(Authctxt *authctxt)
48ca32bd8dSchristos {
49ca32bd8dSchristos return authctxt;
50ca32bd8dSchristos }
51ca32bd8dSchristos
52ca32bd8dSchristos int
bsdauth_query(void * ctx,char ** name,char ** infotxt,u_int * numprompts,char *** prompts,u_int ** echo_on)53ca32bd8dSchristos bsdauth_query(void *ctx, char **name, char **infotxt,
54ca32bd8dSchristos u_int *numprompts, char ***prompts, u_int **echo_on)
55ca32bd8dSchristos {
56ca32bd8dSchristos Authctxt *authctxt = ctx;
57ca32bd8dSchristos char *challenge = NULL;
58ca32bd8dSchristos
598a4530f9Schristos *infotxt = NULL;
608a4530f9Schristos *numprompts = 0;
618a4530f9Schristos *prompts = NULL;
628a4530f9Schristos *echo_on = NULL;
638a4530f9Schristos
64ca32bd8dSchristos if (authctxt->as != NULL) {
65ca32bd8dSchristos debug2("bsdauth_query: try reuse session");
66ca32bd8dSchristos challenge = auth_getitem(authctxt->as, AUTHV_CHALLENGE);
67ca32bd8dSchristos if (challenge == NULL) {
68ca32bd8dSchristos auth_close(authctxt->as);
69ca32bd8dSchristos authctxt->as = NULL;
70ca32bd8dSchristos }
71ca32bd8dSchristos }
72ca32bd8dSchristos
73ca32bd8dSchristos if (challenge == NULL) {
74ca32bd8dSchristos debug2("bsdauth_query: new bsd auth session");
75ca32bd8dSchristos debug3("bsdauth_query: style %s",
76ca32bd8dSchristos authctxt->style ? authctxt->style : "<default>");
77ca32bd8dSchristos authctxt->as = auth_userchallenge(authctxt->user,
78ca32bd8dSchristos authctxt->style, "auth-ssh", &challenge);
79ca32bd8dSchristos if (authctxt->as == NULL)
80ca32bd8dSchristos challenge = NULL;
81ca32bd8dSchristos debug2("bsdauth_query: <%s>", challenge ? challenge : "empty");
82ca32bd8dSchristos }
83ca32bd8dSchristos
84ca32bd8dSchristos if (challenge == NULL)
85ca32bd8dSchristos return -1;
86ca32bd8dSchristos
87ca32bd8dSchristos *name = xstrdup("");
88ca32bd8dSchristos *infotxt = xstrdup("");
89ca32bd8dSchristos *numprompts = 1;
90ca32bd8dSchristos *prompts = xcalloc(*numprompts, sizeof(char *));
91ca32bd8dSchristos *echo_on = xcalloc(*numprompts, sizeof(u_int));
92ca32bd8dSchristos (*prompts)[0] = xstrdup(challenge);
93ca32bd8dSchristos
94ca32bd8dSchristos return 0;
95ca32bd8dSchristos }
96ca32bd8dSchristos
97ca32bd8dSchristos int
bsdauth_respond(void * ctx,u_int numresponses,char ** responses)98ca32bd8dSchristos bsdauth_respond(void *ctx, u_int numresponses, char **responses)
99ca32bd8dSchristos {
100ca32bd8dSchristos Authctxt *authctxt = ctx;
101ca32bd8dSchristos int authok;
102ca32bd8dSchristos
103ca32bd8dSchristos if (!authctxt->valid)
104ca32bd8dSchristos return -1;
105ca32bd8dSchristos
10679976551Schristos if (authctxt->as == NULL)
107ca32bd8dSchristos error("bsdauth_respond: no bsd auth session");
108ca32bd8dSchristos
109ca32bd8dSchristos if (numresponses != 1)
110ca32bd8dSchristos return -1;
111ca32bd8dSchristos
112ca32bd8dSchristos authok = auth_userresponse(authctxt->as, responses[0], 0);
113ca32bd8dSchristos authctxt->as = NULL;
114ca32bd8dSchristos debug3("bsdauth_respond: <%s> = <%d>", responses[0], authok);
115ca32bd8dSchristos
116ca32bd8dSchristos return (authok == 0) ? -1 : 0;
117ca32bd8dSchristos }
118ca32bd8dSchristos
119ca32bd8dSchristos static void
bsdauth_free_ctx(void * ctx)120ca32bd8dSchristos bsdauth_free_ctx(void *ctx)
121ca32bd8dSchristos {
122ca32bd8dSchristos Authctxt *authctxt = ctx;
123ca32bd8dSchristos
124ca32bd8dSchristos if (authctxt && authctxt->as) {
125ca32bd8dSchristos auth_close(authctxt->as);
126ca32bd8dSchristos authctxt->as = NULL;
127ca32bd8dSchristos }
128ca32bd8dSchristos }
129ca32bd8dSchristos
130ca32bd8dSchristos KbdintDevice bsdauth_device = {
131ca32bd8dSchristos "bsdauth",
132ca32bd8dSchristos bsdauth_init_ctx,
133ca32bd8dSchristos bsdauth_query,
134ca32bd8dSchristos bsdauth_respond,
135ca32bd8dSchristos bsdauth_free_ctx
136ca32bd8dSchristos };
137ca32bd8dSchristos
138ca32bd8dSchristos KbdintDevice mm_bsdauth_device = {
139ca32bd8dSchristos "bsdauth",
140ca32bd8dSchristos bsdauth_init_ctx,
141ca32bd8dSchristos mm_bsdauth_query,
142ca32bd8dSchristos mm_bsdauth_respond,
143ca32bd8dSchristos bsdauth_free_ctx
144ca32bd8dSchristos };
145313c6c94Schristos #endif
146