1 /* $NetBSD: sshconnect2.c,v 1.30 2018/04/06 18:59:00 christos Exp $ */ 2 /* $OpenBSD: sshconnect2.c,v 1.270 2018/03/24 19:28:43 markus Exp $ */ 3 /* 4 * Copyright (c) 2000 Markus Friedl. All rights reserved. 5 * Copyright (c) 2008 Damien Miller. All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 17 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 18 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 19 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 21 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 22 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 23 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 25 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 26 */ 27 28 #include "includes.h" 29 __RCSID("$NetBSD: sshconnect2.c,v 1.30 2018/04/06 18:59:00 christos Exp $"); 30 #include <sys/types.h> 31 #include <sys/socket.h> 32 #include <sys/wait.h> 33 #include <sys/queue.h> 34 #include <sys/stat.h> 35 36 #include <errno.h> 37 #include <fcntl.h> 38 #include <netdb.h> 39 #include <stdio.h> 40 #include <string.h> 41 #include <signal.h> 42 #include <pwd.h> 43 #include <unistd.h> 44 #include <vis.h> 45 46 #ifdef KRB5 47 #include <krb5.h> 48 #endif 49 50 #include "xmalloc.h" 51 #include "ssh.h" 52 #include "ssh2.h" 53 #include "buffer.h" 54 #include "packet.h" 55 #include "compat.h" 56 #include "cipher.h" 57 #include "key.h" 58 #include "kex.h" 59 #include "myproposal.h" 60 #include "sshconnect.h" 61 #include "authfile.h" 62 #include "dh.h" 63 #include "authfd.h" 64 #include "log.h" 65 #include "misc.h" 66 #include "readconf.h" 67 #include "match.h" 68 #include "dispatch.h" 69 #include "canohost.h" 70 #include "msg.h" 71 #include "pathnames.h" 72 #include "uidswap.h" 73 #include "hostfile.h" 74 #include "ssherr.h" 75 #include "utf8.h" 76 /* XXX */ 77 const char *auth_get_canonical_hostname(struct ssh *, int); 78 79 #ifdef GSSAPI 80 #include "ssh-gss.h" 81 #endif 82 83 /* import */ 84 extern char *client_version_string; 85 extern char *server_version_string; 86 extern Options options; 87 88 /* tty_flag is set in ssh.c. use this in ssh_userauth2 */ 89 /* if it is set then prevent the switch to the null cipher */ 90 91 extern int tty_flag; 92 93 /* 94 * SSH2 key exchange 95 */ 96 97 u_char *session_id2 = NULL; 98 u_int session_id2_len = 0; 99 100 char *xxx_host; 101 struct sockaddr *xxx_hostaddr; 102 103 static int 104 verify_host_key_callback(struct sshkey *hostkey, struct ssh *ssh) 105 { 106 if (verify_host_key(xxx_host, xxx_hostaddr, hostkey) == -1) 107 fatal("Host key verification failed."); 108 return 0; 109 } 110 111 static char * 112 order_hostkeyalgs(char *host, struct sockaddr *hostaddr, u_short port) 113 { 114 char *oavail, *avail, *first, *last, *alg, *hostname, *ret; 115 size_t maxlen; 116 struct hostkeys *hostkeys; 117 int ktype; 118 u_int i; 119 120 /* Find all hostkeys for this hostname */ 121 get_hostfile_hostname_ipaddr(host, hostaddr, port, &hostname, NULL); 122 hostkeys = init_hostkeys(); 123 for (i = 0; i < options.num_user_hostfiles; i++) 124 load_hostkeys(hostkeys, hostname, options.user_hostfiles[i]); 125 for (i = 0; i < options.num_system_hostfiles; i++) 126 load_hostkeys(hostkeys, hostname, options.system_hostfiles[i]); 127 128 oavail = avail = xstrdup(KEX_DEFAULT_PK_ALG); 129 maxlen = strlen(avail) + 1; 130 first = xmalloc(maxlen); 131 last = xmalloc(maxlen); 132 *first = *last = '\0'; 133 134 #define ALG_APPEND(to, from) \ 135 do { \ 136 if (*to != '\0') \ 137 strlcat(to, ",", maxlen); \ 138 strlcat(to, from, maxlen); \ 139 } while (0) 140 141 while ((alg = strsep(&avail, ",")) && *alg != '\0') { 142 if ((ktype = sshkey_type_from_name(alg)) == KEY_UNSPEC) 143 fatal("%s: unknown alg %s", __func__, alg); 144 if (lookup_key_in_hostkeys_by_type(hostkeys, 145 sshkey_type_plain(ktype), NULL)) 146 ALG_APPEND(first, alg); 147 else 148 ALG_APPEND(last, alg); 149 } 150 #undef ALG_APPEND 151 xasprintf(&ret, "%s%s%s", first, 152 (*first == '\0' || *last == '\0') ? "" : ",", last); 153 if (*first != '\0') 154 debug3("%s: prefer hostkeyalgs: %s", __func__, first); 155 156 free(first); 157 free(last); 158 free(hostname); 159 free(oavail); 160 free_hostkeys(hostkeys); 161 162 return ret; 163 } 164 165 void 166 ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) 167 { 168 const char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT }; 169 char *s; 170 struct kex *kex; 171 int r; 172 173 xxx_host = host; 174 xxx_hostaddr = hostaddr; 175 176 if ((s = kex_names_cat(options.kex_algorithms, "ext-info-c")) == NULL) 177 fatal("%s: kex_names_cat", __func__); 178 myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(s); 179 myproposal[PROPOSAL_ENC_ALGS_CTOS] = 180 compat_cipher_proposal(options.ciphers); 181 myproposal[PROPOSAL_ENC_ALGS_STOC] = 182 compat_cipher_proposal(options.ciphers); 183 myproposal[PROPOSAL_COMP_ALGS_CTOS] = 184 myproposal[PROPOSAL_COMP_ALGS_STOC] = options.compression ? 185 "zlib@openssh.com,zlib,none" : "none,zlib@openssh.com,zlib"; 186 myproposal[PROPOSAL_MAC_ALGS_CTOS] = 187 myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs; 188 if (options.hostkeyalgorithms != NULL) { 189 if (kex_assemble_names(KEX_DEFAULT_PK_ALG, 190 &options.hostkeyalgorithms) != 0) 191 fatal("%s: kex_assemble_namelist", __func__); 192 myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = 193 compat_pkalg_proposal(options.hostkeyalgorithms); 194 } else { 195 /* Enforce default */ 196 options.hostkeyalgorithms = xstrdup(KEX_DEFAULT_PK_ALG); 197 /* Prefer algorithms that we already have keys for */ 198 myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = 199 compat_pkalg_proposal( 200 order_hostkeyalgs(host, hostaddr, port)); 201 } 202 203 if (options.rekey_limit || options.rekey_interval) 204 packet_set_rekey_limits(options.rekey_limit, 205 options.rekey_interval); 206 207 /* start key exchange */ 208 if ((r = kex_setup(active_state, myproposal)) != 0) 209 fatal("kex_setup: %s", ssh_err(r)); 210 kex = active_state->kex; 211 #ifdef WITH_OPENSSL 212 kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client; 213 kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client; 214 kex->kex[KEX_DH_GRP14_SHA256] = kexdh_client; 215 kex->kex[KEX_DH_GRP16_SHA512] = kexdh_client; 216 kex->kex[KEX_DH_GRP18_SHA512] = kexdh_client; 217 kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; 218 kex->kex[KEX_DH_GEX_SHA256] = kexgex_client; 219 kex->kex[KEX_ECDH_SHA2] = kexecdh_client; 220 #endif 221 kex->kex[KEX_C25519_SHA256] = kexc25519_client; 222 kex->client_version_string=client_version_string; 223 kex->server_version_string=server_version_string; 224 kex->verify_host_key=&verify_host_key_callback; 225 226 ssh_dispatch_run_fatal(active_state, DISPATCH_BLOCK, &kex->done); 227 228 /* remove ext-info from the KEX proposals for rekeying */ 229 myproposal[PROPOSAL_KEX_ALGS] = 230 compat_kex_proposal(options.kex_algorithms); 231 if ((r = kex_prop2buf(kex->my, myproposal)) != 0) 232 fatal("kex_prop2buf: %s", ssh_err(r)); 233 234 session_id2 = kex->session_id; 235 session_id2_len = kex->session_id_len; 236 237 #ifdef DEBUG_KEXDH 238 /* send 1st encrypted/maced/compressed message */ 239 packet_start(SSH2_MSG_IGNORE); 240 packet_put_cstring("markus"); 241 packet_send(); 242 packet_write_wait(); 243 #endif 244 } 245 246 /* 247 * Authenticate user 248 */ 249 250 typedef struct cauthctxt Authctxt; 251 typedef struct cauthmethod Authmethod; 252 typedef struct identity Identity; 253 typedef struct idlist Idlist; 254 255 struct identity { 256 TAILQ_ENTRY(identity) next; 257 int agent_fd; /* >=0 if agent supports key */ 258 struct sshkey *key; /* public/private key */ 259 char *filename; /* comment for agent-only keys */ 260 int tried; 261 int isprivate; /* key points to the private key */ 262 int userprovided; 263 }; 264 TAILQ_HEAD(idlist, identity); 265 266 struct cauthctxt { 267 const char *server_user; 268 const char *local_user; 269 const char *host; 270 const char *service; 271 struct cauthmethod *method; 272 sig_atomic_t success; 273 char *authlist; 274 int attempt; 275 /* pubkey */ 276 struct idlist keys; 277 int agent_fd; 278 /* hostbased */ 279 Sensitive *sensitive; 280 char *oktypes, *ktypes; 281 const char *active_ktype; 282 /* kbd-interactive */ 283 int info_req_seen; 284 /* generic */ 285 void *methoddata; 286 }; 287 288 struct cauthmethod { 289 const char *name; /* string to compare against server's list */ 290 int (*userauth)(Authctxt *authctxt); 291 void (*cleanup)(Authctxt *authctxt); 292 int *enabled; /* flag in option struct that enables method */ 293 int *batch_flag; /* flag in option struct that disables method */ 294 }; 295 296 int input_userauth_service_accept(int, u_int32_t, struct ssh *); 297 int input_userauth_ext_info(int, u_int32_t, struct ssh *); 298 int input_userauth_success(int, u_int32_t, struct ssh *); 299 int input_userauth_success_unexpected(int, u_int32_t, struct ssh *); 300 int input_userauth_failure(int, u_int32_t, struct ssh *); 301 int input_userauth_banner(int, u_int32_t, struct ssh *); 302 int input_userauth_error(int, u_int32_t, struct ssh *); 303 int input_userauth_info_req(int, u_int32_t, struct ssh *); 304 int input_userauth_pk_ok(int, u_int32_t, struct ssh *); 305 int input_userauth_passwd_changereq(int, u_int32_t, struct ssh *); 306 307 int userauth_none(Authctxt *); 308 int userauth_pubkey(Authctxt *); 309 int userauth_passwd(Authctxt *); 310 int userauth_kbdint(Authctxt *); 311 int userauth_hostbased(Authctxt *); 312 int userauth_kerberos(Authctxt *); 313 314 #ifdef GSSAPI 315 int userauth_gssapi(Authctxt *authctxt); 316 int input_gssapi_response(int type, u_int32_t, struct ssh *); 317 int input_gssapi_token(int type, u_int32_t, struct ssh *); 318 int input_gssapi_hash(int type, u_int32_t, struct ssh *); 319 int input_gssapi_error(int, u_int32_t, struct ssh *); 320 int input_gssapi_errtok(int, u_int32_t, struct ssh *); 321 #endif 322 323 void userauth(Authctxt *, char *); 324 325 static int sign_and_send_pubkey(Authctxt *, Identity *); 326 static void pubkey_prepare(Authctxt *); 327 static void pubkey_cleanup(Authctxt *); 328 static void pubkey_reset(Authctxt *); 329 static struct sshkey *load_identity_file(Identity *); 330 331 static Authmethod *authmethod_get(char *authlist); 332 static Authmethod *authmethod_lookup(const char *name); 333 static char *authmethods_get(void); 334 335 Authmethod authmethods[] = { 336 #ifdef GSSAPI 337 {"gssapi-with-mic", 338 userauth_gssapi, 339 NULL, 340 &options.gss_authentication, 341 NULL}, 342 #endif 343 {"hostbased", 344 userauth_hostbased, 345 NULL, 346 &options.hostbased_authentication, 347 NULL}, 348 #if KRB5 349 {"kerberos-2@ssh.com", 350 userauth_kerberos, 351 NULL, 352 &options.kerberos_authentication, 353 NULL}, 354 #endif 355 {"publickey", 356 userauth_pubkey, 357 NULL, 358 &options.pubkey_authentication, 359 NULL}, 360 {"keyboard-interactive", 361 userauth_kbdint, 362 NULL, 363 &options.kbd_interactive_authentication, 364 &options.batch_mode}, 365 {"password", 366 userauth_passwd, 367 NULL, 368 &options.password_authentication, 369 &options.batch_mode}, 370 {"none", 371 userauth_none, 372 NULL, 373 NULL, 374 NULL}, 375 {NULL, NULL, NULL, NULL, NULL} 376 }; 377 378 void 379 ssh_userauth2(const char *local_user, const char *server_user, char *host, 380 Sensitive *sensitive) 381 { 382 struct ssh *ssh = active_state; 383 Authctxt authctxt; 384 int r; 385 386 if (options.challenge_response_authentication) 387 options.kbd_interactive_authentication = 1; 388 if (options.preferred_authentications == NULL) 389 options.preferred_authentications = authmethods_get(); 390 391 /* setup authentication context */ 392 memset(&authctxt, 0, sizeof(authctxt)); 393 pubkey_prepare(&authctxt); 394 authctxt.server_user = server_user; 395 authctxt.local_user = local_user; 396 authctxt.host = host; 397 authctxt.service = "ssh-connection"; /* service name */ 398 authctxt.success = 0; 399 authctxt.method = authmethod_lookup("none"); 400 authctxt.authlist = NULL; 401 authctxt.methoddata = NULL; 402 authctxt.sensitive = sensitive; 403 authctxt.active_ktype = authctxt.oktypes = authctxt.ktypes = NULL; 404 authctxt.info_req_seen = 0; 405 authctxt.agent_fd = -1; 406 if (authctxt.method == NULL) 407 fatal("ssh_userauth2: internal error: cannot send userauth none request"); 408 409 if ((r = sshpkt_start(ssh, SSH2_MSG_SERVICE_REQUEST)) != 0 || 410 (r = sshpkt_put_cstring(ssh, "ssh-userauth")) != 0 || 411 (r = sshpkt_send(ssh)) != 0) 412 fatal("%s: %s", __func__, ssh_err(r)); 413 414 ssh->authctxt = &authctxt; 415 ssh_dispatch_init(ssh, &input_userauth_error); 416 ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, &input_userauth_ext_info); 417 ssh_dispatch_set(ssh, SSH2_MSG_SERVICE_ACCEPT, &input_userauth_service_accept); 418 ssh_dispatch_run_fatal(ssh, DISPATCH_BLOCK, &authctxt.success); /* loop until success */ 419 ssh->authctxt = NULL; 420 421 pubkey_cleanup(&authctxt); 422 ssh_dispatch_range(ssh, SSH2_MSG_USERAUTH_MIN, SSH2_MSG_USERAUTH_MAX, NULL); 423 424 /* if the user wants to use the none cipher do it */ 425 /* post authentication and only if the right conditions are met */ 426 /* both of the NONE commands must be true and there must be no */ 427 /* tty allocated */ 428 if ((options.none_switch == 1) && (options.none_enabled == 1)) 429 { 430 if (tty_flag) /* no null on tty sessions */ 431 { 432 /* requested NONE cipher when in a tty */ 433 debug("Cannot switch to NONE cipher with tty allocated"); 434 fprintf(stderr, "NONE cipher switch disabled when a TTY is allocated\n"); 435 } 436 } 437 if (!authctxt.success) 438 fatal("Authentication failed."); 439 440 debug("Authentication succeeded (%s).", authctxt.method->name); 441 } 442 443 /* ARGSUSED */ 444 int 445 input_userauth_service_accept(int type, u_int32_t seq, struct ssh *ssh) 446 { 447 Authctxt *authctxt = ssh->authctxt; 448 int r; 449 450 if (ssh_packet_remaining(ssh) > 0) { 451 char *reply; 452 453 if ((r = sshpkt_get_cstring(ssh, &reply, NULL)) != 0) 454 goto out; 455 debug2("service_accept: %s", reply); 456 free(reply); 457 } else { 458 debug2("buggy server: service_accept w/o service"); 459 } 460 if ((r = sshpkt_get_end(ssh)) != 0) 461 goto out; 462 debug("SSH2_MSG_SERVICE_ACCEPT received"); 463 464 /* initial userauth request */ 465 userauth_none(authctxt); 466 467 ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, &input_userauth_error); 468 ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_SUCCESS, &input_userauth_success); 469 ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_FAILURE, &input_userauth_failure); 470 ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_BANNER, &input_userauth_banner); 471 r = 0; 472 out: 473 return r; 474 } 475 476 /* ARGSUSED */ 477 int 478 input_userauth_ext_info(int type, u_int32_t seqnr, struct ssh *ssh) 479 { 480 return kex_input_ext_info(type, seqnr, ssh); 481 } 482 483 void 484 userauth(Authctxt *authctxt, char *authlist) 485 { 486 if (authctxt->method != NULL && authctxt->method->cleanup != NULL) 487 authctxt->method->cleanup(authctxt); 488 489 free(authctxt->methoddata); 490 authctxt->methoddata = NULL; 491 if (authlist == NULL) { 492 authlist = authctxt->authlist; 493 } else { 494 free(authctxt->authlist); 495 authctxt->authlist = authlist; 496 } 497 for (;;) { 498 Authmethod *method = authmethod_get(authlist); 499 if (method == NULL) 500 fatal("%s@%s: Permission denied (%s).", 501 authctxt->server_user, authctxt->host, authlist); 502 authctxt->method = method; 503 504 /* reset the per method handler */ 505 dispatch_range(SSH2_MSG_USERAUTH_PER_METHOD_MIN, 506 SSH2_MSG_USERAUTH_PER_METHOD_MAX, NULL); 507 508 /* and try new method */ 509 if (method->userauth(authctxt) != 0) { 510 debug2("we sent a %s packet, wait for reply", method->name); 511 break; 512 } else { 513 debug2("we did not send a packet, disable method"); 514 method->enabled = NULL; 515 } 516 } 517 } 518 519 /* ARGSUSED */ 520 int 521 input_userauth_error(int type, u_int32_t seq, struct ssh *ssh) 522 { 523 fatal("input_userauth_error: bad message during authentication: " 524 "type %d", type); 525 return 0; 526 } 527 528 /* ARGSUSED */ 529 int 530 input_userauth_banner(int type, u_int32_t seq, struct ssh *ssh) 531 { 532 char *msg, *lang; 533 u_int len; 534 535 debug3("%s", __func__); 536 msg = packet_get_string(&len); 537 lang = packet_get_string(NULL); 538 if (len > 0 && options.log_level >= SYSLOG_LEVEL_INFO) 539 fmprintf(stderr, "%s", msg); 540 free(msg); 541 free(lang); 542 return 0; 543 } 544 545 /* ARGSUSED */ 546 int 547 input_userauth_success(int type, u_int32_t seq, struct ssh *ssh) 548 { 549 Authctxt *authctxt = ssh->authctxt; 550 551 if (authctxt == NULL) 552 fatal("input_userauth_success: no authentication context"); 553 free(authctxt->authlist); 554 authctxt->authlist = NULL; 555 if (authctxt->method != NULL && authctxt->method->cleanup != NULL) 556 authctxt->method->cleanup(authctxt); 557 free(authctxt->methoddata); 558 authctxt->methoddata = NULL; 559 authctxt->success = 1; /* break out */ 560 return 0; 561 } 562 563 int 564 input_userauth_success_unexpected(int type, u_int32_t seq, struct ssh *ssh) 565 { 566 Authctxt *authctxt = ssh->authctxt; 567 568 if (authctxt == NULL) 569 fatal("%s: no authentication context", __func__); 570 571 fatal("Unexpected authentication success during %s.", 572 authctxt->method->name); 573 return 0; 574 } 575 576 /* ARGSUSED */ 577 int 578 input_userauth_failure(int type, u_int32_t seq, struct ssh *ssh) 579 { 580 Authctxt *authctxt = ssh->authctxt; 581 char *authlist = NULL; 582 int partial; 583 584 if (authctxt == NULL) 585 fatal("input_userauth_failure: no authentication context"); 586 587 authlist = packet_get_string(NULL); 588 partial = packet_get_char(); 589 packet_check_eom(); 590 591 if (partial != 0) { 592 verbose("Authenticated with partial success."); 593 /* reset state */ 594 pubkey_reset(authctxt); 595 } 596 debug("Authentications that can continue: %s", authlist); 597 598 userauth(authctxt, authlist); 599 return 0; 600 } 601 602 /* ARGSUSED */ 603 int 604 input_userauth_pk_ok(int type, u_int32_t seq, struct ssh *ssh) 605 { 606 Authctxt *authctxt = ssh->authctxt; 607 struct sshkey *key = NULL; 608 Identity *id = NULL; 609 int pktype, sent = 0; 610 u_int alen, blen; 611 char *pkalg, *fp; 612 u_char *pkblob; 613 614 if (authctxt == NULL) 615 fatal("input_userauth_pk_ok: no authentication context"); 616 617 pkalg = packet_get_string(&alen); 618 pkblob = packet_get_string(&blen); 619 packet_check_eom(); 620 621 debug("Server accepts key: pkalg %s blen %u", pkalg, blen); 622 623 if ((pktype = key_type_from_name(pkalg)) == KEY_UNSPEC) { 624 debug("unknown pkalg %s", pkalg); 625 goto done; 626 } 627 if ((key = key_from_blob(pkblob, blen)) == NULL) { 628 debug("no key from blob. pkalg %s", pkalg); 629 goto done; 630 } 631 if (key->type != pktype) { 632 error("input_userauth_pk_ok: type mismatch " 633 "for decoded key (received %d, expected %d)", 634 key->type, pktype); 635 goto done; 636 } 637 if ((fp = sshkey_fingerprint(key, options.fingerprint_hash, 638 SSH_FP_DEFAULT)) == NULL) 639 goto done; 640 debug2("input_userauth_pk_ok: fp %s", fp); 641 free(fp); 642 643 /* 644 * search keys in the reverse order, because last candidate has been 645 * moved to the end of the queue. this also avoids confusion by 646 * duplicate keys 647 */ 648 TAILQ_FOREACH_REVERSE(id, &authctxt->keys, idlist, next) { 649 if (key_equal(key, id->key)) { 650 sent = sign_and_send_pubkey(authctxt, id); 651 break; 652 } 653 } 654 done: 655 key_free(key); 656 free(pkalg); 657 free(pkblob); 658 659 /* try another method if we did not send a packet */ 660 if (sent == 0) 661 userauth(authctxt, NULL); 662 return 0; 663 } 664 665 #ifdef GSSAPI 666 int 667 userauth_gssapi(Authctxt *authctxt) 668 { 669 Gssctxt *gssctxt = NULL; 670 static gss_OID_set gss_supported = NULL; 671 static u_int mech = 0; 672 OM_uint32 min; 673 int ok = 0; 674 675 /* Try one GSSAPI method at a time, rather than sending them all at 676 * once. */ 677 678 if (gss_supported == NULL) 679 gss_indicate_mechs(&min, &gss_supported); 680 681 /* Check to see if the mechanism is usable before we offer it */ 682 while (mech < gss_supported->count && !ok) { 683 /* My DER encoding requires length<128 */ 684 if (gss_supported->elements[mech].length < 128 && 685 ssh_gssapi_check_mechanism(&gssctxt, 686 &gss_supported->elements[mech], authctxt->host)) { 687 ok = 1; /* Mechanism works */ 688 } else { 689 mech++; 690 } 691 } 692 693 if (!ok) { 694 ssh_gssapi_delete_ctx(&gssctxt); 695 return 0; 696 } 697 698 authctxt->methoddata=(void *)gssctxt; 699 700 packet_start(SSH2_MSG_USERAUTH_REQUEST); 701 packet_put_cstring(authctxt->server_user); 702 packet_put_cstring(authctxt->service); 703 packet_put_cstring(authctxt->method->name); 704 705 packet_put_int(1); 706 707 packet_put_int((gss_supported->elements[mech].length) + 2); 708 packet_put_char(SSH_GSS_OIDTYPE); 709 packet_put_char(gss_supported->elements[mech].length); 710 packet_put_raw(gss_supported->elements[mech].elements, 711 gss_supported->elements[mech].length); 712 713 packet_send(); 714 715 dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_RESPONSE, &input_gssapi_response); 716 dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, &input_gssapi_token); 717 dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERROR, &input_gssapi_error); 718 dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, &input_gssapi_errtok); 719 720 mech++; /* Move along to next candidate */ 721 722 return 1; 723 } 724 725 static OM_uint32 726 process_gssapi_token(struct ssh *ssh, gss_buffer_t recv_tok) 727 { 728 Authctxt *authctxt = ssh->authctxt; 729 Gssctxt *gssctxt = authctxt->methoddata; 730 gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER; 731 gss_buffer_desc mic = GSS_C_EMPTY_BUFFER; 732 gss_buffer_desc gssbuf; 733 OM_uint32 status, ms, flags; 734 Buffer b; 735 736 status = ssh_gssapi_init_ctx(gssctxt, options.gss_deleg_creds, 737 recv_tok, &send_tok, &flags); 738 739 if (send_tok.length > 0) { 740 if (GSS_ERROR(status)) 741 packet_start(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK); 742 else 743 packet_start(SSH2_MSG_USERAUTH_GSSAPI_TOKEN); 744 745 packet_put_string(send_tok.value, send_tok.length); 746 packet_send(); 747 gss_release_buffer(&ms, &send_tok); 748 } 749 750 if (status == GSS_S_COMPLETE) { 751 /* send either complete or MIC, depending on mechanism */ 752 if (!(flags & GSS_C_INTEG_FLAG)) { 753 packet_start(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE); 754 packet_send(); 755 } else { 756 ssh_gssapi_buildmic(&b, authctxt->server_user, 757 authctxt->service, "gssapi-with-mic"); 758 759 gssbuf.value = buffer_ptr(&b); 760 gssbuf.length = buffer_len(&b); 761 762 status = ssh_gssapi_sign(gssctxt, &gssbuf, &mic); 763 764 if (!GSS_ERROR(status)) { 765 packet_start(SSH2_MSG_USERAUTH_GSSAPI_MIC); 766 packet_put_string(mic.value, mic.length); 767 768 packet_send(); 769 } 770 771 buffer_free(&b); 772 gss_release_buffer(&ms, &mic); 773 } 774 } 775 776 return status; 777 } 778 779 /* ARGSUSED */ 780 int 781 input_gssapi_response(int type, u_int32_t plen, struct ssh *ssh) 782 { 783 Authctxt *authctxt = ssh->authctxt; 784 Gssctxt *gssctxt; 785 int oidlen; 786 char *oidv; 787 788 if (authctxt == NULL) 789 fatal("input_gssapi_response: no authentication context"); 790 gssctxt = authctxt->methoddata; 791 792 /* Setup our OID */ 793 oidv = packet_get_string(&oidlen); 794 795 if (oidlen <= 2 || 796 oidv[0] != SSH_GSS_OIDTYPE || 797 oidv[1] != oidlen - 2) { 798 free(oidv); 799 debug("Badly encoded mechanism OID received"); 800 userauth(authctxt, NULL); 801 return 0; 802 } 803 804 if (!ssh_gssapi_check_oid(gssctxt, oidv + 2, oidlen - 2)) 805 fatal("Server returned different OID than expected"); 806 807 packet_check_eom(); 808 809 free(oidv); 810 811 if (GSS_ERROR(process_gssapi_token(ssh, GSS_C_NO_BUFFER))) { 812 /* Start again with next method on list */ 813 debug("Trying to start again"); 814 userauth(authctxt, NULL); 815 return 0; 816 } 817 return 0; 818 } 819 820 /* ARGSUSED */ 821 int 822 input_gssapi_token(int type, u_int32_t plen, struct ssh *ssh) 823 { 824 Authctxt *authctxt = ssh->authctxt; 825 gss_buffer_desc recv_tok; 826 OM_uint32 status; 827 u_int slen; 828 829 if (authctxt == NULL) 830 fatal("input_gssapi_response: no authentication context"); 831 832 recv_tok.value = packet_get_string(&slen); 833 recv_tok.length = slen; /* safe typecast */ 834 835 packet_check_eom(); 836 837 status = process_gssapi_token(ssh, &recv_tok); 838 839 free(recv_tok.value); 840 841 if (GSS_ERROR(status)) { 842 /* Start again with the next method in the list */ 843 userauth(authctxt, NULL); 844 return 0; 845 } 846 return 0; 847 } 848 849 /* ARGSUSED */ 850 int 851 input_gssapi_errtok(int type, u_int32_t plen, struct ssh *ssh) 852 { 853 Authctxt *authctxt = ssh->authctxt; 854 Gssctxt *gssctxt; 855 gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER; 856 gss_buffer_desc recv_tok; 857 OM_uint32 ms; 858 u_int len; 859 860 if (authctxt == NULL) 861 fatal("input_gssapi_response: no authentication context"); 862 gssctxt = authctxt->methoddata; 863 864 recv_tok.value = packet_get_string(&len); 865 recv_tok.length = len; 866 867 packet_check_eom(); 868 869 /* Stick it into GSSAPI and see what it says */ 870 (void)ssh_gssapi_init_ctx(gssctxt, options.gss_deleg_creds, 871 &recv_tok, &send_tok, NULL); 872 873 free(recv_tok.value); 874 gss_release_buffer(&ms, &send_tok); 875 876 /* Server will be returning a failed packet after this one */ 877 return 0; 878 } 879 880 /* ARGSUSED */ 881 int 882 input_gssapi_error(int type, u_int32_t plen, struct ssh *ssh) 883 { 884 char *msg; 885 char *lang; 886 887 /* maj */(void)packet_get_int(); 888 /* min */(void)packet_get_int(); 889 msg=packet_get_string(NULL); 890 lang=packet_get_string(NULL); 891 892 packet_check_eom(); 893 894 debug("Server GSSAPI Error:\n%s", msg); 895 free(msg); 896 free(lang); 897 return 0; 898 } 899 #endif /* GSSAPI */ 900 901 int 902 userauth_none(Authctxt *authctxt) 903 { 904 /* initial userauth request */ 905 packet_start(SSH2_MSG_USERAUTH_REQUEST); 906 packet_put_cstring(authctxt->server_user); 907 packet_put_cstring(authctxt->service); 908 packet_put_cstring(authctxt->method->name); 909 packet_send(); 910 return 1; 911 } 912 913 int 914 userauth_passwd(Authctxt *authctxt) 915 { 916 static int attempt = 0; 917 char prompt[256]; 918 char *password; 919 const char *host = options.host_key_alias ? options.host_key_alias : 920 authctxt->host; 921 922 if (attempt++ >= options.number_of_password_prompts) 923 return 0; 924 925 if (attempt != 1) 926 error("Permission denied, please try again."); 927 928 snprintf(prompt, sizeof(prompt), "%.30s@%.128s's password: ", 929 authctxt->server_user, host); 930 password = read_passphrase(prompt, 0); 931 packet_start(SSH2_MSG_USERAUTH_REQUEST); 932 packet_put_cstring(authctxt->server_user); 933 packet_put_cstring(authctxt->service); 934 packet_put_cstring(authctxt->method->name); 935 packet_put_char(0); 936 packet_put_cstring(password); 937 explicit_bzero(password, strlen(password)); 938 free(password); 939 packet_add_padding(64); 940 packet_send(); 941 942 dispatch_set(SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ, 943 &input_userauth_passwd_changereq); 944 945 return 1; 946 } 947 948 /* 949 * parse PASSWD_CHANGEREQ, prompt user and send SSH2_MSG_USERAUTH_REQUEST 950 */ 951 /* ARGSUSED */ 952 int 953 input_userauth_passwd_changereq(int type, u_int32_t seqnr, struct ssh *ssh) 954 { 955 Authctxt *authctxt = ssh->authctxt; 956 char *info, *lang, *password = NULL, *retype = NULL; 957 char prompt[256]; 958 const char *host; 959 960 debug2("input_userauth_passwd_changereq"); 961 962 if (authctxt == NULL) 963 fatal("input_userauth_passwd_changereq: " 964 "no authentication context"); 965 host = options.host_key_alias ? options.host_key_alias : authctxt->host; 966 967 info = packet_get_string(NULL); 968 lang = packet_get_string(NULL); 969 if (strlen(info) > 0) 970 logit("%s", info); 971 free(info); 972 free(lang); 973 packet_start(SSH2_MSG_USERAUTH_REQUEST); 974 packet_put_cstring(authctxt->server_user); 975 packet_put_cstring(authctxt->service); 976 packet_put_cstring(authctxt->method->name); 977 packet_put_char(1); /* additional info */ 978 snprintf(prompt, sizeof(prompt), 979 "Enter %.30s@%.128s's old password: ", 980 authctxt->server_user, host); 981 password = read_passphrase(prompt, 0); 982 packet_put_cstring(password); 983 explicit_bzero(password, strlen(password)); 984 free(password); 985 password = NULL; 986 while (password == NULL) { 987 snprintf(prompt, sizeof(prompt), 988 "Enter %.30s@%.128s's new password: ", 989 authctxt->server_user, host); 990 password = read_passphrase(prompt, RP_ALLOW_EOF); 991 if (password == NULL) { 992 /* bail out */ 993 return 0; 994 } 995 snprintf(prompt, sizeof(prompt), 996 "Retype %.30s@%.128s's new password: ", 997 authctxt->server_user, host); 998 retype = read_passphrase(prompt, 0); 999 if (strcmp(password, retype) != 0) { 1000 explicit_bzero(password, strlen(password)); 1001 free(password); 1002 logit("Mismatch; try again, EOF to quit."); 1003 password = NULL; 1004 } 1005 explicit_bzero(retype, strlen(retype)); 1006 free(retype); 1007 } 1008 packet_put_cstring(password); 1009 explicit_bzero(password, strlen(password)); 1010 free(password); 1011 packet_add_padding(64); 1012 packet_send(); 1013 1014 dispatch_set(SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ, 1015 &input_userauth_passwd_changereq); 1016 return 0; 1017 } 1018 1019 static const char * 1020 key_sign_encode(const struct sshkey *key) 1021 { 1022 struct ssh *ssh = active_state; 1023 1024 if (key->type == KEY_RSA) { 1025 switch (ssh->kex->rsa_sha2) { 1026 case 256: 1027 return "rsa-sha2-256"; 1028 case 512: 1029 return "rsa-sha2-512"; 1030 } 1031 } 1032 return key_ssh_name(key); 1033 } 1034 1035 /* 1036 * Some agents will return ssh-rsa signatures when asked to make a 1037 * rsa-sha2-* signature. Check what they actually gave back and warn the 1038 * user if the agent has returned an unexpected type. 1039 */ 1040 static int 1041 check_sigtype(const struct sshkey *key, const u_char *sig, size_t len) 1042 { 1043 int r; 1044 char *sigtype = NULL; 1045 const char *alg = key_sign_encode(key); 1046 1047 if (sshkey_is_cert(key)) 1048 return 0; 1049 if ((r = sshkey_sigtype(sig, len, &sigtype)) != 0) 1050 return r; 1051 if (strcmp(sigtype, alg) != 0) { 1052 logit("warning: agent returned different signature type %s " 1053 "(expected %s)", sigtype, alg); 1054 } 1055 free(sigtype); 1056 /* Incorrect signature types aren't an error ... yet */ 1057 return 0; 1058 } 1059 1060 static int 1061 identity_sign(struct identity *id, u_char **sigp, size_t *lenp, 1062 const u_char *data, size_t datalen, u_int compat) 1063 { 1064 struct sshkey *prv; 1065 int r; 1066 1067 /* the agent supports this key */ 1068 if (id->key != NULL && id->agent_fd != -1) { 1069 if ((r = ssh_agent_sign(id->agent_fd, id->key, sigp, lenp, 1070 data, datalen, key_sign_encode(id->key), compat)) != 0 || 1071 (r = check_sigtype(id->key, *sigp, *lenp)) != 0) 1072 return r; 1073 return 0; 1074 } 1075 1076 /* 1077 * we have already loaded the private key or 1078 * the private key is stored in external hardware 1079 */ 1080 if (id->key != NULL && 1081 (id->isprivate || (id->key->flags & SSHKEY_FLAG_EXT))) 1082 return (sshkey_sign(id->key, sigp, lenp, data, datalen, 1083 key_sign_encode(id->key), compat)); 1084 1085 /* load the private key from the file */ 1086 if ((prv = load_identity_file(id)) == NULL) 1087 return SSH_ERR_KEY_NOT_FOUND; 1088 if (id->key != NULL && !sshkey_equal_public(prv, id->key)) { 1089 error("%s: private key %s contents do not match public", 1090 __func__, id->filename); 1091 return SSH_ERR_KEY_NOT_FOUND; 1092 } 1093 r = sshkey_sign(prv, sigp, lenp, data, datalen, 1094 key_sign_encode(prv), compat); 1095 sshkey_free(prv); 1096 return r; 1097 } 1098 1099 static int 1100 id_filename_matches(Identity *id, Identity *private_id) 1101 { 1102 const char *suffixes[] = { ".pub", "-cert.pub", NULL }; 1103 size_t len = strlen(id->filename), plen = strlen(private_id->filename); 1104 size_t i, slen; 1105 1106 if (strcmp(id->filename, private_id->filename) == 0) 1107 return 1; 1108 for (i = 0; suffixes[i]; i++) { 1109 slen = strlen(suffixes[i]); 1110 if (len > slen && plen == len - slen && 1111 strcmp(id->filename + (len - slen), suffixes[i]) == 0 && 1112 memcmp(id->filename, private_id->filename, plen) == 0) 1113 return 1; 1114 } 1115 return 0; 1116 } 1117 1118 static int 1119 sign_and_send_pubkey(Authctxt *authctxt, Identity *id) 1120 { 1121 Buffer b; 1122 Identity *private_id; 1123 u_char *blob, *signature; 1124 size_t slen; 1125 u_int bloblen, skip = 0; 1126 int matched, ret = -1, have_sig = 1; 1127 char *fp; 1128 1129 if ((fp = sshkey_fingerprint(id->key, options.fingerprint_hash, 1130 SSH_FP_DEFAULT)) == NULL) 1131 return 0; 1132 debug3("%s: %s %s", __func__, key_type(id->key), fp); 1133 free(fp); 1134 1135 if (key_to_blob(id->key, &blob, &bloblen) == 0) { 1136 /* we cannot handle this key */ 1137 debug3("sign_and_send_pubkey: cannot handle key"); 1138 return 0; 1139 } 1140 /* data to be signed */ 1141 buffer_init(&b); 1142 if (datafellows & SSH_OLD_SESSIONID) { 1143 buffer_append(&b, session_id2, session_id2_len); 1144 skip = session_id2_len; 1145 } else { 1146 buffer_put_string(&b, session_id2, session_id2_len); 1147 skip = buffer_len(&b); 1148 } 1149 buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST); 1150 buffer_put_cstring(&b, authctxt->server_user); 1151 buffer_put_cstring(&b, authctxt->service); 1152 buffer_put_cstring(&b, authctxt->method->name); 1153 buffer_put_char(&b, have_sig); 1154 buffer_put_cstring(&b, key_sign_encode(id->key)); 1155 buffer_put_string(&b, blob, bloblen); 1156 1157 /* 1158 * If the key is an certificate, try to find a matching private key 1159 * and use it to complete the signature. 1160 * If no such private key exists, fall back to trying the certificate 1161 * key itself in case it has a private half already loaded. 1162 */ 1163 if (key_is_cert(id->key)) { 1164 matched = 0; 1165 TAILQ_FOREACH(private_id, &authctxt->keys, next) { 1166 if (sshkey_equal_public(id->key, private_id->key) && 1167 id->key->type != private_id->key->type) { 1168 id = private_id; 1169 matched = 1; 1170 break; 1171 } 1172 } 1173 /* 1174 * Exact key matches are preferred, but also allow 1175 * filename matches for non-PKCS#11/agent keys that 1176 * didn't load public keys. This supports the case 1177 * of keeping just a private key file and public 1178 * certificate on disk. 1179 */ 1180 if (!matched && !id->isprivate && id->agent_fd == -1 && 1181 (id->key->flags & SSHKEY_FLAG_EXT) == 0) { 1182 TAILQ_FOREACH(private_id, &authctxt->keys, next) { 1183 if (private_id->key == NULL && 1184 id_filename_matches(id, private_id)) { 1185 id = private_id; 1186 matched = 1; 1187 break; 1188 } 1189 } 1190 } 1191 if (matched) { 1192 debug2("%s: using private key \"%s\"%s for " 1193 "certificate", __func__, id->filename, 1194 id->agent_fd != -1 ? " from agent" : ""); 1195 } else { 1196 debug("%s: no separate private key for certificate " 1197 "\"%s\"", __func__, id->filename); 1198 } 1199 } 1200 1201 /* generate signature */ 1202 ret = identity_sign(id, &signature, &slen, 1203 buffer_ptr(&b), buffer_len(&b), datafellows); 1204 if (ret != 0) { 1205 if (ret != SSH_ERR_KEY_NOT_FOUND) 1206 error("%s: signing failed: %s", __func__, ssh_err(ret)); 1207 free(blob); 1208 buffer_free(&b); 1209 return 0; 1210 } 1211 #ifdef DEBUG_PK 1212 buffer_dump(&b); 1213 #endif 1214 free(blob); 1215 1216 /* append signature */ 1217 buffer_put_string(&b, signature, slen); 1218 free(signature); 1219 1220 /* skip session id and packet type */ 1221 if (buffer_len(&b) < skip + 1) 1222 fatal("userauth_pubkey: internal error"); 1223 buffer_consume(&b, skip + 1); 1224 1225 /* put remaining data from buffer into packet */ 1226 packet_start(SSH2_MSG_USERAUTH_REQUEST); 1227 packet_put_raw(buffer_ptr(&b), buffer_len(&b)); 1228 buffer_free(&b); 1229 packet_send(); 1230 1231 return 1; 1232 } 1233 1234 static int 1235 send_pubkey_test(Authctxt *authctxt, Identity *id) 1236 { 1237 u_char *blob; 1238 u_int bloblen, have_sig = 0; 1239 1240 debug3("send_pubkey_test"); 1241 1242 if (key_to_blob(id->key, &blob, &bloblen) == 0) { 1243 /* we cannot handle this key */ 1244 debug3("send_pubkey_test: cannot handle key"); 1245 return 0; 1246 } 1247 /* register callback for USERAUTH_PK_OK message */ 1248 dispatch_set(SSH2_MSG_USERAUTH_PK_OK, &input_userauth_pk_ok); 1249 1250 packet_start(SSH2_MSG_USERAUTH_REQUEST); 1251 packet_put_cstring(authctxt->server_user); 1252 packet_put_cstring(authctxt->service); 1253 packet_put_cstring(authctxt->method->name); 1254 packet_put_char(have_sig); 1255 packet_put_cstring(key_sign_encode(id->key)); 1256 packet_put_string(blob, bloblen); 1257 free(blob); 1258 packet_send(); 1259 return 1; 1260 } 1261 1262 static struct sshkey * 1263 load_identity_file(Identity *id) 1264 { 1265 struct sshkey *private = NULL; 1266 char prompt[300], *passphrase, *comment; 1267 int r, perm_ok = 0, quit = 0, i; 1268 struct stat st; 1269 1270 if (stat(id->filename, &st) < 0) { 1271 (id->userprovided ? logit : debug3)("no such identity: %s: %s", 1272 id->filename, strerror(errno)); 1273 return NULL; 1274 } 1275 snprintf(prompt, sizeof prompt, 1276 "Enter passphrase for key '%.100s': ", id->filename); 1277 for (i = 0; i <= options.number_of_password_prompts; i++) { 1278 if (i == 0) 1279 passphrase = xstrdup(""); 1280 else { 1281 passphrase = read_passphrase(prompt, 0); 1282 if (*passphrase == '\0') { 1283 debug2("no passphrase given, try next key"); 1284 free(passphrase); 1285 break; 1286 } 1287 } 1288 switch ((r = sshkey_load_private_type(KEY_UNSPEC, id->filename, 1289 passphrase, &private, &comment, &perm_ok))) { 1290 case 0: 1291 break; 1292 case SSH_ERR_KEY_WRONG_PASSPHRASE: 1293 if (options.batch_mode) { 1294 quit = 1; 1295 break; 1296 } 1297 if (i != 0) 1298 debug2("bad passphrase given, try again..."); 1299 break; 1300 case SSH_ERR_SYSTEM_ERROR: 1301 if (errno == ENOENT) { 1302 debug2("Load key \"%s\": %s", 1303 id->filename, ssh_err(r)); 1304 quit = 1; 1305 break; 1306 } 1307 /* FALLTHROUGH */ 1308 default: 1309 error("Load key \"%s\": %s", id->filename, ssh_err(r)); 1310 quit = 1; 1311 break; 1312 } 1313 if (!quit && private != NULL && id->agent_fd == -1 && 1314 !(id->key && id->isprivate)) 1315 maybe_add_key_to_agent(id->filename, private, comment, 1316 passphrase); 1317 if (i > 0) { 1318 explicit_bzero(passphrase, strlen(passphrase)); 1319 free(passphrase); 1320 } 1321 free(comment); 1322 if (private != NULL || quit) 1323 break; 1324 } 1325 return private; 1326 } 1327 1328 /* 1329 * try keys in the following order: 1330 * 1. certificates listed in the config file 1331 * 2. other input certificates 1332 * 3. agent keys that are found in the config file 1333 * 4. other agent keys 1334 * 5. keys that are only listed in the config file 1335 */ 1336 static void 1337 pubkey_prepare(Authctxt *authctxt) 1338 { 1339 struct identity *id, *id2, *tmp; 1340 struct idlist agent, files, *preferred; 1341 struct sshkey *key; 1342 int agent_fd = -1, i, r, found; 1343 size_t j; 1344 struct ssh_identitylist *idlist; 1345 1346 TAILQ_INIT(&agent); /* keys from the agent */ 1347 TAILQ_INIT(&files); /* keys from the config file */ 1348 preferred = &authctxt->keys; 1349 TAILQ_INIT(preferred); /* preferred order of keys */ 1350 1351 /* list of keys stored in the filesystem and PKCS#11 */ 1352 for (i = 0; i < options.num_identity_files; i++) { 1353 key = options.identity_keys[i]; 1354 if (key && key->cert && key->cert->type != SSH2_CERT_TYPE_USER) 1355 continue; 1356 options.identity_keys[i] = NULL; 1357 id = xcalloc(1, sizeof(*id)); 1358 id->agent_fd = -1; 1359 id->key = key; 1360 id->filename = xstrdup(options.identity_files[i]); 1361 id->userprovided = options.identity_file_userprovided[i]; 1362 TAILQ_INSERT_TAIL(&files, id, next); 1363 } 1364 /* list of certificates specified by user */ 1365 for (i = 0; i < options.num_certificate_files; i++) { 1366 key = options.certificates[i]; 1367 if (!key_is_cert(key) || key->cert == NULL || 1368 key->cert->type != SSH2_CERT_TYPE_USER) 1369 continue; 1370 id = xcalloc(1, sizeof(*id)); 1371 id->agent_fd = -1; 1372 id->key = key; 1373 id->filename = xstrdup(options.certificate_files[i]); 1374 id->userprovided = options.certificate_file_userprovided[i]; 1375 TAILQ_INSERT_TAIL(preferred, id, next); 1376 } 1377 /* list of keys supported by the agent */ 1378 if ((r = ssh_get_authentication_socket(&agent_fd)) != 0) { 1379 if (r != SSH_ERR_AGENT_NOT_PRESENT) 1380 debug("%s: ssh_get_authentication_socket: %s", 1381 __func__, ssh_err(r)); 1382 } else if ((r = ssh_fetch_identitylist(agent_fd, &idlist)) != 0) { 1383 if (r != SSH_ERR_AGENT_NO_IDENTITIES) 1384 debug("%s: ssh_fetch_identitylist: %s", 1385 __func__, ssh_err(r)); 1386 close(agent_fd); 1387 } else { 1388 for (j = 0; j < idlist->nkeys; j++) { 1389 found = 0; 1390 TAILQ_FOREACH(id, &files, next) { 1391 /* 1392 * agent keys from the config file are 1393 * preferred 1394 */ 1395 if (sshkey_equal(idlist->keys[j], id->key)) { 1396 TAILQ_REMOVE(&files, id, next); 1397 TAILQ_INSERT_TAIL(preferred, id, next); 1398 id->agent_fd = agent_fd; 1399 found = 1; 1400 break; 1401 } 1402 } 1403 if (!found && !options.identities_only) { 1404 id = xcalloc(1, sizeof(*id)); 1405 /* XXX "steals" key/comment from idlist */ 1406 id->key = idlist->keys[j]; 1407 id->filename = idlist->comments[j]; 1408 idlist->keys[j] = NULL; 1409 idlist->comments[j] = NULL; 1410 id->agent_fd = agent_fd; 1411 TAILQ_INSERT_TAIL(&agent, id, next); 1412 } 1413 } 1414 ssh_free_identitylist(idlist); 1415 /* append remaining agent keys */ 1416 for (id = TAILQ_FIRST(&agent); id; id = TAILQ_FIRST(&agent)) { 1417 TAILQ_REMOVE(&agent, id, next); 1418 TAILQ_INSERT_TAIL(preferred, id, next); 1419 } 1420 authctxt->agent_fd = agent_fd; 1421 } 1422 /* Prefer PKCS11 keys that are explicitly listed */ 1423 TAILQ_FOREACH_SAFE(id, &files, next, tmp) { 1424 if (id->key == NULL || (id->key->flags & SSHKEY_FLAG_EXT) == 0) 1425 continue; 1426 found = 0; 1427 TAILQ_FOREACH(id2, &files, next) { 1428 if (id2->key == NULL || 1429 (id2->key->flags & SSHKEY_FLAG_EXT) == 0) 1430 continue; 1431 if (sshkey_equal(id->key, id2->key)) { 1432 TAILQ_REMOVE(&files, id, next); 1433 TAILQ_INSERT_TAIL(preferred, id, next); 1434 found = 1; 1435 break; 1436 } 1437 } 1438 /* If IdentitiesOnly set and key not found then don't use it */ 1439 if (!found && options.identities_only) { 1440 TAILQ_REMOVE(&files, id, next); 1441 explicit_bzero(id, sizeof(*id)); 1442 free(id); 1443 } 1444 } 1445 /* append remaining keys from the config file */ 1446 for (id = TAILQ_FIRST(&files); id; id = TAILQ_FIRST(&files)) { 1447 TAILQ_REMOVE(&files, id, next); 1448 TAILQ_INSERT_TAIL(preferred, id, next); 1449 } 1450 /* finally, filter by PubkeyAcceptedKeyTypes */ 1451 TAILQ_FOREACH_SAFE(id, preferred, next, id2) { 1452 if (id->key != NULL && 1453 match_pattern_list(sshkey_ssh_name(id->key), 1454 options.pubkey_key_types, 0) != 1) { 1455 debug("Skipping %s key %s - " 1456 "not in PubkeyAcceptedKeyTypes", 1457 sshkey_ssh_name(id->key), id->filename); 1458 TAILQ_REMOVE(preferred, id, next); 1459 sshkey_free(id->key); 1460 free(id->filename); 1461 memset(id, 0, sizeof(*id)); 1462 continue; 1463 } 1464 debug2("key: %s (%p)%s%s", id->filename, id->key, 1465 id->userprovided ? ", explicit" : "", 1466 id->agent_fd != -1 ? ", agent" : ""); 1467 } 1468 } 1469 1470 static void 1471 pubkey_cleanup(Authctxt *authctxt) 1472 { 1473 Identity *id; 1474 1475 if (authctxt->agent_fd != -1) 1476 ssh_close_authentication_socket(authctxt->agent_fd); 1477 for (id = TAILQ_FIRST(&authctxt->keys); id; 1478 id = TAILQ_FIRST(&authctxt->keys)) { 1479 TAILQ_REMOVE(&authctxt->keys, id, next); 1480 sshkey_free(id->key); 1481 free(id->filename); 1482 free(id); 1483 } 1484 } 1485 1486 static void 1487 pubkey_reset(Authctxt *authctxt) 1488 { 1489 Identity *id; 1490 1491 TAILQ_FOREACH(id, &authctxt->keys, next) 1492 id->tried = 0; 1493 } 1494 1495 static int 1496 try_identity(Identity *id) 1497 { 1498 if (!id->key) 1499 return (0); 1500 if (key_type_plain(id->key->type) == KEY_RSA && 1501 (datafellows & SSH_BUG_RSASIGMD5) != 0) { 1502 debug("Skipped %s key %s for RSA/MD5 server", 1503 key_type(id->key), id->filename); 1504 return (0); 1505 } 1506 return 1; 1507 } 1508 1509 int 1510 userauth_pubkey(Authctxt *authctxt) 1511 { 1512 Identity *id; 1513 int sent = 0; 1514 char *fp; 1515 1516 while ((id = TAILQ_FIRST(&authctxt->keys))) { 1517 if (id->tried++) 1518 return (0); 1519 /* move key to the end of the queue */ 1520 TAILQ_REMOVE(&authctxt->keys, id, next); 1521 TAILQ_INSERT_TAIL(&authctxt->keys, id, next); 1522 /* 1523 * send a test message if we have the public key. for 1524 * encrypted keys we cannot do this and have to load the 1525 * private key instead 1526 */ 1527 if (id->key != NULL) { 1528 if (try_identity(id)) { 1529 if ((fp = sshkey_fingerprint(id->key, 1530 options.fingerprint_hash, 1531 SSH_FP_DEFAULT)) == NULL) { 1532 error("%s: sshkey_fingerprint failed", 1533 __func__); 1534 return 0; 1535 } 1536 debug("Offering public key: %s %s %s", 1537 sshkey_type(id->key), fp, id->filename); 1538 free(fp); 1539 sent = send_pubkey_test(authctxt, id); 1540 } 1541 } else { 1542 debug("Trying private key: %s", id->filename); 1543 id->key = load_identity_file(id); 1544 if (id->key != NULL) { 1545 if (try_identity(id)) { 1546 id->isprivate = 1; 1547 sent = sign_and_send_pubkey( 1548 authctxt, id); 1549 } 1550 key_free(id->key); 1551 id->key = NULL; 1552 id->isprivate = 0; 1553 } 1554 } 1555 if (sent) 1556 return (sent); 1557 } 1558 return (0); 1559 } 1560 1561 /* 1562 * Send userauth request message specifying keyboard-interactive method. 1563 */ 1564 int 1565 userauth_kbdint(Authctxt *authctxt) 1566 { 1567 static int attempt = 0; 1568 1569 if (attempt++ >= options.number_of_password_prompts) 1570 return 0; 1571 /* disable if no SSH2_MSG_USERAUTH_INFO_REQUEST has been seen */ 1572 if (attempt > 1 && !authctxt->info_req_seen) { 1573 debug3("userauth_kbdint: disable: no info_req_seen"); 1574 dispatch_set(SSH2_MSG_USERAUTH_INFO_REQUEST, NULL); 1575 return 0; 1576 } 1577 1578 debug2("userauth_kbdint"); 1579 packet_start(SSH2_MSG_USERAUTH_REQUEST); 1580 packet_put_cstring(authctxt->server_user); 1581 packet_put_cstring(authctxt->service); 1582 packet_put_cstring(authctxt->method->name); 1583 packet_put_cstring(""); /* lang */ 1584 packet_put_cstring(options.kbd_interactive_devices ? 1585 options.kbd_interactive_devices : ""); 1586 packet_send(); 1587 1588 dispatch_set(SSH2_MSG_USERAUTH_INFO_REQUEST, &input_userauth_info_req); 1589 return 1; 1590 } 1591 1592 /* 1593 * parse INFO_REQUEST, prompt user and send INFO_RESPONSE 1594 */ 1595 int 1596 input_userauth_info_req(int type, u_int32_t seq, struct ssh *ssh) 1597 { 1598 Authctxt *authctxt = ssh->authctxt; 1599 char *name, *inst, *lang, *prompt, *response; 1600 u_int num_prompts, i; 1601 int echo = 0; 1602 1603 debug2("input_userauth_info_req"); 1604 1605 if (authctxt == NULL) 1606 fatal("input_userauth_info_req: no authentication context"); 1607 1608 authctxt->info_req_seen = 1; 1609 1610 name = packet_get_string(NULL); 1611 inst = packet_get_string(NULL); 1612 lang = packet_get_string(NULL); 1613 if (strlen(name) > 0) 1614 logit("%s", name); 1615 if (strlen(inst) > 0) 1616 logit("%s", inst); 1617 free(name); 1618 free(inst); 1619 free(lang); 1620 1621 num_prompts = packet_get_int(); 1622 /* 1623 * Begin to build info response packet based on prompts requested. 1624 * We commit to providing the correct number of responses, so if 1625 * further on we run into a problem that prevents this, we have to 1626 * be sure and clean this up and send a correct error response. 1627 */ 1628 packet_start(SSH2_MSG_USERAUTH_INFO_RESPONSE); 1629 packet_put_int(num_prompts); 1630 1631 debug2("input_userauth_info_req: num_prompts %d", num_prompts); 1632 for (i = 0; i < num_prompts; i++) { 1633 prompt = packet_get_string(NULL); 1634 echo = packet_get_char(); 1635 1636 response = read_passphrase(prompt, echo ? RP_ECHO : 0); 1637 1638 packet_put_cstring(response); 1639 explicit_bzero(response, strlen(response)); 1640 free(response); 1641 free(prompt); 1642 } 1643 packet_check_eom(); /* done with parsing incoming message. */ 1644 1645 packet_add_padding(64); 1646 packet_send(); 1647 return 0; 1648 } 1649 1650 static int 1651 ssh_keysign(struct sshkey *key, u_char **sigp, size_t *lenp, 1652 const u_char *data, size_t datalen) 1653 { 1654 struct sshbuf *b; 1655 struct stat st; 1656 pid_t pid; 1657 int i, r, to[2], from[2], status, sock = packet_get_connection_in(); 1658 u_char rversion = 0, version = 2; 1659 void (*osigchld)(int); 1660 1661 *sigp = NULL; 1662 *lenp = 0; 1663 1664 if (stat(_PATH_SSH_KEY_SIGN, &st) < 0) { 1665 error("%s: not installed: %s", __func__, strerror(errno)); 1666 return -1; 1667 } 1668 if (fflush(stdout) != 0) { 1669 error("%s: fflush: %s", __func__, strerror(errno)); 1670 return -1; 1671 } 1672 if (pipe(to) < 0) { 1673 error("%s: pipe: %s", __func__, strerror(errno)); 1674 return -1; 1675 } 1676 if (pipe(from) < 0) { 1677 error("%s: pipe: %s", __func__, strerror(errno)); 1678 return -1; 1679 } 1680 if ((pid = fork()) < 0) { 1681 error("%s: fork: %s", __func__, strerror(errno)); 1682 return -1; 1683 } 1684 osigchld = signal(SIGCHLD, SIG_DFL); 1685 if (pid == 0) { 1686 /* keep the socket on exec */ 1687 fcntl(sock, F_SETFD, 0); 1688 permanently_drop_suid(getuid()); 1689 close(from[0]); 1690 if (dup2(from[1], STDOUT_FILENO) < 0) 1691 fatal("%s: dup2: %s", __func__, strerror(errno)); 1692 close(to[1]); 1693 if (dup2(to[0], STDIN_FILENO) < 0) 1694 fatal("%s: dup2: %s", __func__, strerror(errno)); 1695 close(from[1]); 1696 close(to[0]); 1697 /* Close everything but stdio and the socket */ 1698 for (i = STDERR_FILENO + 1; i < sock; i++) 1699 close(i); 1700 if (closefrom(sock + 1) < 0) 1701 fatal("%s: closefrom: %s", __func__, strerror(errno)); 1702 debug3("%s: [child] pid=%ld, exec %s", 1703 __func__, (long)getpid(), _PATH_SSH_KEY_SIGN); 1704 execl(_PATH_SSH_KEY_SIGN, _PATH_SSH_KEY_SIGN, (char *)NULL); 1705 fatal("%s: exec(%s): %s", __func__, _PATH_SSH_KEY_SIGN, 1706 strerror(errno)); 1707 } 1708 close(from[1]); 1709 close(to[0]); 1710 1711 if ((b = sshbuf_new()) == NULL) 1712 fatal("%s: sshbuf_new failed", __func__); 1713 /* send # of sock, data to be signed */ 1714 if ((r = sshbuf_put_u32(b, sock)) != 0 || 1715 (r = sshbuf_put_string(b, data, datalen)) != 0) 1716 fatal("%s: buffer error: %s", __func__, ssh_err(r)); 1717 if (ssh_msg_send(to[1], version, b) == -1) 1718 fatal("%s: couldn't send request", __func__); 1719 sshbuf_reset(b); 1720 r = ssh_msg_recv(from[0], b); 1721 close(from[0]); 1722 close(to[1]); 1723 if (r < 0) { 1724 error("%s: no reply", __func__); 1725 goto fail; 1726 } 1727 1728 errno = 0; 1729 while (waitpid(pid, &status, 0) < 0) { 1730 if (errno != EINTR) { 1731 error("%s: waitpid %ld: %s", 1732 __func__, (long)pid, strerror(errno)); 1733 goto fail; 1734 } 1735 } 1736 if (!WIFEXITED(status)) { 1737 error("%s: exited abnormally", __func__); 1738 goto fail; 1739 } 1740 if (WEXITSTATUS(status) != 0) { 1741 error("%s: exited with status %d", 1742 __func__, WEXITSTATUS(status)); 1743 goto fail; 1744 } 1745 if ((r = sshbuf_get_u8(b, &rversion)) != 0) { 1746 error("%s: buffer error: %s", __func__, ssh_err(r)); 1747 goto fail; 1748 } 1749 if (rversion != version) { 1750 error("%s: bad version", __func__); 1751 goto fail; 1752 } 1753 if ((r = sshbuf_get_string(b, sigp, lenp)) != 0) { 1754 error("%s: buffer error: %s", __func__, ssh_err(r)); 1755 fail: 1756 signal(SIGCHLD, osigchld); 1757 sshbuf_free(b); 1758 return -1; 1759 } 1760 signal(SIGCHLD, osigchld); 1761 sshbuf_free(b); 1762 1763 return 0; 1764 } 1765 1766 int 1767 userauth_hostbased(Authctxt *authctxt) 1768 { 1769 struct ssh *ssh = active_state; 1770 struct sshkey *private = NULL; 1771 struct sshbuf *b = NULL; 1772 u_char *sig = NULL, *keyblob = NULL; 1773 char *fp = NULL, *chost = NULL, *lname = NULL; 1774 size_t siglen = 0, keylen = 0; 1775 int i, r, success = 0; 1776 1777 if (authctxt->ktypes == NULL) { 1778 authctxt->oktypes = xstrdup(options.hostbased_key_types); 1779 authctxt->ktypes = authctxt->oktypes; 1780 } 1781 1782 /* 1783 * Work through each listed type pattern in HostbasedKeyTypes, 1784 * trying each hostkey that matches the type in turn. 1785 */ 1786 for (;;) { 1787 if (authctxt->active_ktype == NULL) 1788 authctxt->active_ktype = strsep(&authctxt->ktypes, ","); 1789 if (authctxt->active_ktype == NULL || 1790 *authctxt->active_ktype == '\0') 1791 break; 1792 debug3("%s: trying key type %s", __func__, 1793 authctxt->active_ktype); 1794 1795 /* check for a useful key */ 1796 private = NULL; 1797 for (i = 0; i < authctxt->sensitive->nkeys; i++) { 1798 if (authctxt->sensitive->keys[i] == NULL || 1799 authctxt->sensitive->keys[i]->type == KEY_UNSPEC) 1800 continue; 1801 if (match_pattern_list( 1802 sshkey_ssh_name(authctxt->sensitive->keys[i]), 1803 authctxt->active_ktype, 0) != 1) 1804 continue; 1805 /* we take and free the key */ 1806 private = authctxt->sensitive->keys[i]; 1807 authctxt->sensitive->keys[i] = NULL; 1808 break; 1809 } 1810 /* Found one */ 1811 if (private != NULL) 1812 break; 1813 /* No more keys of this type; advance */ 1814 authctxt->active_ktype = NULL; 1815 } 1816 if (private == NULL) { 1817 free(authctxt->oktypes); 1818 authctxt->oktypes = authctxt->ktypes = NULL; 1819 authctxt->active_ktype = NULL; 1820 debug("No more client hostkeys for hostbased authentication."); 1821 goto out; 1822 } 1823 1824 if ((fp = sshkey_fingerprint(private, options.fingerprint_hash, 1825 SSH_FP_DEFAULT)) == NULL) { 1826 error("%s: sshkey_fingerprint failed", __func__); 1827 goto out; 1828 } 1829 debug("%s: trying hostkey %s %s", 1830 __func__, sshkey_ssh_name(private), fp); 1831 1832 /* figure out a name for the client host */ 1833 if ((lname = get_local_name(packet_get_connection_in())) == NULL) { 1834 error("%s: cannot get local ipaddr/name", __func__); 1835 goto out; 1836 } 1837 1838 /* XXX sshbuf_put_stringf? */ 1839 xasprintf(&chost, "%s.", lname); 1840 debug2("%s: chost %s", __func__, chost); 1841 1842 /* construct data */ 1843 if ((b = sshbuf_new()) == NULL) { 1844 error("%s: sshbuf_new failed", __func__); 1845 goto out; 1846 } 1847 if ((r = sshkey_to_blob(private, &keyblob, &keylen)) != 0) { 1848 error("%s: sshkey_to_blob: %s", __func__, ssh_err(r)); 1849 goto out; 1850 } 1851 if ((r = sshbuf_put_string(b, session_id2, session_id2_len)) != 0 || 1852 (r = sshbuf_put_u8(b, SSH2_MSG_USERAUTH_REQUEST)) != 0 || 1853 (r = sshbuf_put_cstring(b, authctxt->server_user)) != 0 || 1854 (r = sshbuf_put_cstring(b, authctxt->service)) != 0 || 1855 (r = sshbuf_put_cstring(b, authctxt->method->name)) != 0 || 1856 (r = sshbuf_put_cstring(b, key_ssh_name(private))) != 0 || 1857 (r = sshbuf_put_string(b, keyblob, keylen)) != 0 || 1858 (r = sshbuf_put_cstring(b, chost)) != 0 || 1859 (r = sshbuf_put_cstring(b, authctxt->local_user)) != 0) { 1860 error("%s: buffer error: %s", __func__, ssh_err(r)); 1861 goto out; 1862 } 1863 1864 #ifdef DEBUG_PK 1865 sshbuf_dump(b, stderr); 1866 #endif 1867 if (authctxt->sensitive->external_keysign) 1868 r = ssh_keysign(private, &sig, &siglen, 1869 sshbuf_ptr(b), sshbuf_len(b)); 1870 else if ((r = sshkey_sign(private, &sig, &siglen, 1871 sshbuf_ptr(b), sshbuf_len(b), NULL, datafellows)) != 0) 1872 debug("%s: sshkey_sign: %s", __func__, ssh_err(r)); 1873 if (r != 0) { 1874 error("sign using hostkey %s %s failed", 1875 sshkey_ssh_name(private), fp); 1876 goto out; 1877 } 1878 if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_REQUEST)) != 0 || 1879 (r = sshpkt_put_cstring(ssh, authctxt->server_user)) != 0 || 1880 (r = sshpkt_put_cstring(ssh, authctxt->service)) != 0 || 1881 (r = sshpkt_put_cstring(ssh, authctxt->method->name)) != 0 || 1882 (r = sshpkt_put_cstring(ssh, key_ssh_name(private))) != 0 || 1883 (r = sshpkt_put_string(ssh, keyblob, keylen)) != 0 || 1884 (r = sshpkt_put_cstring(ssh, chost)) != 0 || 1885 (r = sshpkt_put_cstring(ssh, authctxt->local_user)) != 0 || 1886 (r = sshpkt_put_string(ssh, sig, siglen)) != 0 || 1887 (r = sshpkt_send(ssh)) != 0) { 1888 error("%s: packet error: %s", __func__, ssh_err(r)); 1889 goto out; 1890 } 1891 success = 1; 1892 1893 out: 1894 if (sig != NULL) { 1895 explicit_bzero(sig, siglen); 1896 free(sig); 1897 } 1898 free(keyblob); 1899 free(lname); 1900 free(fp); 1901 free(chost); 1902 sshkey_free(private); 1903 sshbuf_free(b); 1904 1905 return success; 1906 } 1907 1908 #if KRB5 1909 static int 1910 ssh_krb5_helper(krb5_data *ap) 1911 { 1912 krb5_context xcontext = NULL; /* XXX share with ssh1 */ 1913 krb5_auth_context xauth_context = NULL; 1914 1915 krb5_context *context; 1916 krb5_auth_context *auth_context; 1917 krb5_error_code problem; 1918 const char *tkfile; 1919 struct stat buf; 1920 krb5_ccache ccache = NULL; 1921 const char *remotehost; 1922 int ret; 1923 const char *errtxt; 1924 struct ssh *ssh = active_state; /* XXX */ 1925 1926 memset(ap, 0, sizeof(*ap)); 1927 1928 context = &xcontext; 1929 auth_context = &xauth_context; 1930 1931 problem = krb5_init_context(context); 1932 if (problem) { 1933 debug("Kerberos v5: krb5_init_context failed"); 1934 ret = 0; 1935 goto out; 1936 } 1937 1938 tkfile = krb5_cc_default_name(*context); 1939 if (strncmp(tkfile, "FILE:", 5) == 0) 1940 tkfile += 5; 1941 1942 if (stat(tkfile, &buf) == 0 && getuid() != buf.st_uid) { 1943 debug("Kerberos v5: could not get default ccache (permission denied)."); 1944 ret = 0; 1945 goto out; 1946 } 1947 1948 problem = krb5_cc_default(*context, &ccache); 1949 if (problem) { 1950 errtxt = krb5_get_error_message(*context, problem); 1951 if (errtxt != NULL) { 1952 debug("Kerberos v5: krb5_cc_default failed: %s", 1953 errtxt); 1954 krb5_free_error_message(*context, errtxt); 1955 } else 1956 debug("Kerberos v5: krb5_cc_default failed: %d", 1957 problem); 1958 ret = 0; 1959 goto out; 1960 } 1961 1962 remotehost = auth_get_canonical_hostname(ssh, 1); 1963 1964 problem = krb5_mk_req(*context, auth_context, AP_OPTS_MUTUAL_REQUIRED, 1965 "host", remotehost, NULL, ccache, ap); 1966 if (problem) { 1967 errtxt = krb5_get_error_message(*context, problem); 1968 if (errtxt != NULL) { 1969 debug("Kerberos v5: krb5_mk_req failed: %s", errtxt); 1970 krb5_free_error_message(*context, errtxt); 1971 } else 1972 debug("Kerberos v5: krb5_mk_req failed: %d", problem); 1973 ret = 0; 1974 goto out; 1975 } 1976 ret = 1; 1977 1978 out: 1979 if (ccache != NULL) 1980 krb5_cc_close(*context, ccache); 1981 if (*auth_context) 1982 krb5_auth_con_free(*context, *auth_context); 1983 if (*context) 1984 krb5_free_context(*context); 1985 return (ret); 1986 } 1987 1988 int 1989 userauth_kerberos(Authctxt *authctxt) 1990 { 1991 krb5_data ap; 1992 1993 if (ssh_krb5_helper(&ap) == 0) 1994 return (0); 1995 1996 packet_start(SSH2_MSG_USERAUTH_REQUEST); 1997 packet_put_cstring(authctxt->server_user); 1998 packet_put_cstring(authctxt->service); 1999 packet_put_cstring(authctxt->method->name); 2000 packet_put_string(ap.data, ap.length); 2001 packet_send(); 2002 2003 krb5_data_free(&ap); 2004 return (1); 2005 } 2006 #endif 2007 2008 /* find auth method */ 2009 2010 /* 2011 * given auth method name, if configurable options permit this method fill 2012 * in auth_ident field and return true, otherwise return false. 2013 */ 2014 static int 2015 authmethod_is_enabled(Authmethod *method) 2016 { 2017 if (method == NULL) 2018 return 0; 2019 /* return false if options indicate this method is disabled */ 2020 if (method->enabled == NULL || *method->enabled == 0) 2021 return 0; 2022 /* return false if batch mode is enabled but method needs interactive mode */ 2023 if (method->batch_flag != NULL && *method->batch_flag != 0) 2024 return 0; 2025 return 1; 2026 } 2027 2028 static Authmethod * 2029 authmethod_lookup(const char *name) 2030 { 2031 Authmethod *method = NULL; 2032 if (name != NULL) 2033 for (method = authmethods; method->name != NULL; method++) 2034 if (strcmp(name, method->name) == 0) 2035 return method; 2036 debug2("Unrecognized authentication method name: %s", name ? name : "NULL"); 2037 return NULL; 2038 } 2039 2040 /* XXX internal state */ 2041 static Authmethod *current = NULL; 2042 static char *supported = NULL; 2043 static char *preferred = NULL; 2044 2045 /* 2046 * Given the authentication method list sent by the server, return the 2047 * next method we should try. If the server initially sends a nil list, 2048 * use a built-in default list. 2049 */ 2050 static Authmethod * 2051 authmethod_get(char *authlist) 2052 { 2053 char *name = NULL; 2054 u_int next; 2055 2056 /* Use a suitable default if we're passed a nil list. */ 2057 if (authlist == NULL || strlen(authlist) == 0) 2058 authlist = options.preferred_authentications; 2059 2060 if (supported == NULL || strcmp(authlist, supported) != 0) { 2061 debug3("start over, passed a different list %s", authlist); 2062 free(supported); 2063 supported = xstrdup(authlist); 2064 preferred = options.preferred_authentications; 2065 debug3("preferred %s", preferred); 2066 current = NULL; 2067 } else if (current != NULL && authmethod_is_enabled(current)) 2068 return current; 2069 2070 for (;;) { 2071 if ((name = match_list(preferred, supported, &next)) == NULL) { 2072 debug("No more authentication methods to try."); 2073 current = NULL; 2074 return NULL; 2075 } 2076 preferred += next; 2077 debug3("authmethod_lookup %s", name); 2078 debug3("remaining preferred: %s", preferred); 2079 if ((current = authmethod_lookup(name)) != NULL && 2080 authmethod_is_enabled(current)) { 2081 debug3("authmethod_is_enabled %s", name); 2082 debug("Next authentication method: %s", name); 2083 free(name); 2084 return current; 2085 } 2086 free(name); 2087 } 2088 } 2089 2090 static char * 2091 authmethods_get(void) 2092 { 2093 Authmethod *method = NULL; 2094 Buffer b; 2095 char *list; 2096 2097 buffer_init(&b); 2098 for (method = authmethods; method->name != NULL; method++) { 2099 if (authmethod_is_enabled(method)) { 2100 if (buffer_len(&b) > 0) 2101 buffer_append(&b, ",", 1); 2102 buffer_append(&b, method->name, strlen(method->name)); 2103 } 2104 } 2105 if ((list = sshbuf_dup_string(&b)) == NULL) 2106 fatal("%s: sshbuf_dup_string failed", __func__); 2107 buffer_free(&b); 2108 return list; 2109 } 2110 2111