1 /* 2 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions 6 * are met: 7 * 1. Redistributions of source code must retain the above copyright 8 * notice, this list of conditions and the following disclaimer. 9 * 2. Redistributions in binary form must reproduce the above copyright 10 * notice, this list of conditions and the following disclaimer in the 11 * documentation and/or other materials provided with the distribution. 12 * 13 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 14 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 15 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 16 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 17 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 18 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 19 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 20 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 21 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 23 */ 24 25 #include "includes.h" 26 RCSID("$OpenBSD: sshconnect2.c,v 1.92 2001/12/28 15:06:00 markus Exp $"); 27 28 #include <openssl/bn.h> 29 #include <openssl/md5.h> 30 #include <openssl/dh.h> 31 #include <openssl/hmac.h> 32 33 #include "ssh.h" 34 #include "ssh2.h" 35 #include "xmalloc.h" 36 #include "rsa.h" 37 #include "buffer.h" 38 #include "packet.h" 39 #include "uidswap.h" 40 #include "compat.h" 41 #include "bufaux.h" 42 #include "cipher.h" 43 #include "kex.h" 44 #include "myproposal.h" 45 #include "key.h" 46 #include "sshconnect.h" 47 #include "authfile.h" 48 #include "dh.h" 49 #include "authfd.h" 50 #include "log.h" 51 #include "readconf.h" 52 #include "readpass.h" 53 #include "match.h" 54 #include "dispatch.h" 55 #include "canohost.h" 56 57 /* import */ 58 extern char *client_version_string; 59 extern char *server_version_string; 60 extern Options options; 61 62 /* 63 * SSH2 key exchange 64 */ 65 66 u_char *session_id2 = NULL; 67 int session_id2_len = 0; 68 69 char *xxx_host; 70 struct sockaddr *xxx_hostaddr; 71 72 Kex *xxx_kex = NULL; 73 74 static int 75 verify_host_key_callback(Key *hostkey) 76 { 77 if (verify_host_key(xxx_host, xxx_hostaddr, hostkey) == -1) 78 fatal("Host key verification failed."); 79 return 0; 80 } 81 82 void 83 ssh_kex2(char *host, struct sockaddr *hostaddr) 84 { 85 Kex *kex; 86 87 xxx_host = host; 88 xxx_hostaddr = hostaddr; 89 90 if (options.ciphers == (char *)-1) { 91 log("No valid ciphers for protocol version 2 given, using defaults."); 92 options.ciphers = NULL; 93 } 94 if (options.ciphers != NULL) { 95 myproposal[PROPOSAL_ENC_ALGS_CTOS] = 96 myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers; 97 } 98 myproposal[PROPOSAL_ENC_ALGS_CTOS] = 99 compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_CTOS]); 100 myproposal[PROPOSAL_ENC_ALGS_STOC] = 101 compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_STOC]); 102 if (options.compression) { 103 myproposal[PROPOSAL_COMP_ALGS_CTOS] = 104 myproposal[PROPOSAL_COMP_ALGS_STOC] = "zlib"; 105 } else { 106 myproposal[PROPOSAL_COMP_ALGS_CTOS] = 107 myproposal[PROPOSAL_COMP_ALGS_STOC] = "none"; 108 } 109 if (options.macs != NULL) { 110 myproposal[PROPOSAL_MAC_ALGS_CTOS] = 111 myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs; 112 } 113 if (options.hostkeyalgorithms != NULL) 114 myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = 115 options.hostkeyalgorithms; 116 117 /* start key exchange */ 118 kex = kex_setup(myproposal); 119 kex->client_version_string=client_version_string; 120 kex->server_version_string=server_version_string; 121 kex->verify_host_key=&verify_host_key_callback; 122 123 xxx_kex = kex; 124 125 dispatch_run(DISPATCH_BLOCK, &kex->done, kex); 126 127 session_id2 = kex->session_id; 128 session_id2_len = kex->session_id_len; 129 130 #ifdef DEBUG_KEXDH 131 /* send 1st encrypted/maced/compressed message */ 132 packet_start(SSH2_MSG_IGNORE); 133 packet_put_cstring("markus"); 134 packet_send(); 135 packet_write_wait(); 136 #endif 137 debug("done: ssh_kex2."); 138 } 139 140 /* 141 * Authenticate user 142 */ 143 144 typedef struct Authctxt Authctxt; 145 typedef struct Authmethod Authmethod; 146 147 typedef int sign_cb_fn( 148 Authctxt *authctxt, Key *key, 149 u_char **sigp, int *lenp, u_char *data, int datalen); 150 151 struct Authctxt { 152 const char *server_user; 153 const char *local_user; 154 const char *host; 155 const char *service; 156 Authmethod *method; 157 int success; 158 char *authlist; 159 /* pubkey */ 160 Key *last_key; 161 sign_cb_fn *last_key_sign; 162 int last_key_hint; 163 AuthenticationConnection *agent; 164 /* hostbased */ 165 Key **keys; 166 int nkeys; 167 /* kbd-interactive */ 168 int info_req_seen; 169 }; 170 struct Authmethod { 171 char *name; /* string to compare against server's list */ 172 int (*userauth)(Authctxt *authctxt); 173 int *enabled; /* flag in option struct that enables method */ 174 int *batch_flag; /* flag in option struct that disables method */ 175 }; 176 177 void input_userauth_success(int, u_int32_t, void *); 178 void input_userauth_failure(int, u_int32_t, void *); 179 void input_userauth_banner(int, u_int32_t, void *); 180 void input_userauth_error(int, u_int32_t, void *); 181 void input_userauth_info_req(int, u_int32_t, void *); 182 void input_userauth_pk_ok(int, u_int32_t, void *); 183 184 int userauth_none(Authctxt *); 185 int userauth_pubkey(Authctxt *); 186 int userauth_passwd(Authctxt *); 187 int userauth_kbdint(Authctxt *); 188 int userauth_hostbased(Authctxt *); 189 190 void userauth(Authctxt *, char *); 191 192 static int sign_and_send_pubkey(Authctxt *, Key *, sign_cb_fn *); 193 static void clear_auth_state(Authctxt *); 194 195 static Authmethod *authmethod_get(char *authlist); 196 static Authmethod *authmethod_lookup(const char *name); 197 static char *authmethods_get(void); 198 199 Authmethod authmethods[] = { 200 {"hostbased", 201 userauth_hostbased, 202 &options.hostbased_authentication, 203 NULL}, 204 {"publickey", 205 userauth_pubkey, 206 &options.pubkey_authentication, 207 NULL}, 208 {"keyboard-interactive", 209 userauth_kbdint, 210 &options.kbd_interactive_authentication, 211 &options.batch_mode}, 212 {"password", 213 userauth_passwd, 214 &options.password_authentication, 215 &options.batch_mode}, 216 {"none", 217 userauth_none, 218 NULL, 219 NULL}, 220 {NULL, NULL, NULL, NULL} 221 }; 222 223 void 224 ssh_userauth2(const char *local_user, const char *server_user, char *host, 225 Key **keys, int nkeys) 226 { 227 Authctxt authctxt; 228 int type; 229 230 if (options.challenge_response_authentication) 231 options.kbd_interactive_authentication = 1; 232 233 debug("send SSH2_MSG_SERVICE_REQUEST"); 234 packet_start(SSH2_MSG_SERVICE_REQUEST); 235 packet_put_cstring("ssh-userauth"); 236 packet_send(); 237 packet_write_wait(); 238 type = packet_read(); 239 if (type != SSH2_MSG_SERVICE_ACCEPT) { 240 fatal("denied SSH2_MSG_SERVICE_ACCEPT: %d", type); 241 } 242 if (packet_remaining() > 0) { 243 char *reply = packet_get_string(NULL); 244 debug("service_accept: %s", reply); 245 xfree(reply); 246 } else { 247 debug("buggy server: service_accept w/o service"); 248 } 249 packet_check_eom(); 250 debug("got SSH2_MSG_SERVICE_ACCEPT"); 251 252 if (options.preferred_authentications == NULL) 253 options.preferred_authentications = authmethods_get(); 254 255 /* setup authentication context */ 256 memset(&authctxt, 0, sizeof(authctxt)); 257 authctxt.agent = ssh_get_authentication_connection(); 258 authctxt.server_user = server_user; 259 authctxt.local_user = local_user; 260 authctxt.host = host; 261 authctxt.service = "ssh-connection"; /* service name */ 262 authctxt.success = 0; 263 authctxt.method = authmethod_lookup("none"); 264 authctxt.authlist = NULL; 265 authctxt.keys = keys; 266 authctxt.nkeys = nkeys; 267 authctxt.info_req_seen = 0; 268 if (authctxt.method == NULL) 269 fatal("ssh_userauth2: internal error: cannot send userauth none request"); 270 271 /* initial userauth request */ 272 userauth_none(&authctxt); 273 274 dispatch_init(&input_userauth_error); 275 dispatch_set(SSH2_MSG_USERAUTH_SUCCESS, &input_userauth_success); 276 dispatch_set(SSH2_MSG_USERAUTH_FAILURE, &input_userauth_failure); 277 dispatch_set(SSH2_MSG_USERAUTH_BANNER, &input_userauth_banner); 278 dispatch_run(DISPATCH_BLOCK, &authctxt.success, &authctxt); /* loop until success */ 279 280 if (authctxt.agent != NULL) 281 ssh_close_authentication_connection(authctxt.agent); 282 283 debug("ssh-userauth2 successful: method %s", authctxt.method->name); 284 } 285 void 286 userauth(Authctxt *authctxt, char *authlist) 287 { 288 if (authlist == NULL) { 289 authlist = authctxt->authlist; 290 } else { 291 if (authctxt->authlist) 292 xfree(authctxt->authlist); 293 authctxt->authlist = authlist; 294 } 295 for (;;) { 296 Authmethod *method = authmethod_get(authlist); 297 if (method == NULL) 298 fatal("Permission denied (%s).", authlist); 299 authctxt->method = method; 300 if (method->userauth(authctxt) != 0) { 301 debug2("we sent a %s packet, wait for reply", method->name); 302 break; 303 } else { 304 debug2("we did not send a packet, disable method"); 305 method->enabled = NULL; 306 } 307 } 308 } 309 void 310 input_userauth_error(int type, u_int32_t seq, void *ctxt) 311 { 312 fatal("input_userauth_error: bad message during authentication: " 313 "type %d", type); 314 } 315 void 316 input_userauth_banner(int type, u_int32_t seq, void *ctxt) 317 { 318 char *msg, *lang; 319 debug3("input_userauth_banner"); 320 msg = packet_get_string(NULL); 321 lang = packet_get_string(NULL); 322 fprintf(stderr, "%s", msg); 323 xfree(msg); 324 xfree(lang); 325 } 326 void 327 input_userauth_success(int type, u_int32_t seq, void *ctxt) 328 { 329 Authctxt *authctxt = ctxt; 330 if (authctxt == NULL) 331 fatal("input_userauth_success: no authentication context"); 332 if (authctxt->authlist) 333 xfree(authctxt->authlist); 334 clear_auth_state(authctxt); 335 authctxt->success = 1; /* break out */ 336 } 337 void 338 input_userauth_failure(int type, u_int32_t seq, void *ctxt) 339 { 340 Authctxt *authctxt = ctxt; 341 char *authlist = NULL; 342 int partial; 343 344 if (authctxt == NULL) 345 fatal("input_userauth_failure: no authentication context"); 346 347 authlist = packet_get_string(NULL); 348 partial = packet_get_char(); 349 packet_check_eom(); 350 351 if (partial != 0) 352 log("Authenticated with partial success."); 353 debug("authentications that can continue: %s", authlist); 354 355 clear_auth_state(authctxt); 356 userauth(authctxt, authlist); 357 } 358 void 359 input_userauth_pk_ok(int type, u_int32_t seq, void *ctxt) 360 { 361 Authctxt *authctxt = ctxt; 362 Key *key = NULL; 363 Buffer b; 364 int alen, blen, sent = 0; 365 char *pkalg, *pkblob, *fp; 366 367 if (authctxt == NULL) 368 fatal("input_userauth_pk_ok: no authentication context"); 369 if (datafellows & SSH_BUG_PKOK) { 370 /* this is similar to SSH_BUG_PKAUTH */ 371 debug2("input_userauth_pk_ok: SSH_BUG_PKOK"); 372 pkblob = packet_get_string(&blen); 373 buffer_init(&b); 374 buffer_append(&b, pkblob, blen); 375 pkalg = buffer_get_string(&b, &alen); 376 buffer_free(&b); 377 } else { 378 pkalg = packet_get_string(&alen); 379 pkblob = packet_get_string(&blen); 380 } 381 packet_check_eom(); 382 383 debug("input_userauth_pk_ok: pkalg %s blen %d lastkey %p hint %d", 384 pkalg, blen, authctxt->last_key, authctxt->last_key_hint); 385 386 do { 387 if (authctxt->last_key == NULL || 388 authctxt->last_key_sign == NULL) { 389 debug("no last key or no sign cb"); 390 break; 391 } 392 if (key_type_from_name(pkalg) == KEY_UNSPEC) { 393 debug("unknown pkalg %s", pkalg); 394 break; 395 } 396 if ((key = key_from_blob(pkblob, blen)) == NULL) { 397 debug("no key from blob. pkalg %s", pkalg); 398 break; 399 } 400 fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); 401 debug2("input_userauth_pk_ok: fp %s", fp); 402 xfree(fp); 403 if (!key_equal(key, authctxt->last_key)) { 404 debug("key != last_key"); 405 break; 406 } 407 sent = sign_and_send_pubkey(authctxt, key, 408 authctxt->last_key_sign); 409 } while (0); 410 411 if (key != NULL) 412 key_free(key); 413 xfree(pkalg); 414 xfree(pkblob); 415 416 /* unregister */ 417 clear_auth_state(authctxt); 418 dispatch_set(SSH2_MSG_USERAUTH_PK_OK, NULL); 419 420 /* try another method if we did not send a packet*/ 421 if (sent == 0) 422 userauth(authctxt, NULL); 423 424 } 425 426 int 427 userauth_none(Authctxt *authctxt) 428 { 429 /* initial userauth request */ 430 packet_start(SSH2_MSG_USERAUTH_REQUEST); 431 packet_put_cstring(authctxt->server_user); 432 packet_put_cstring(authctxt->service); 433 packet_put_cstring(authctxt->method->name); 434 packet_send(); 435 return 1; 436 } 437 438 int 439 userauth_passwd(Authctxt *authctxt) 440 { 441 static int attempt = 0; 442 char prompt[80]; 443 char *password; 444 445 if (attempt++ >= options.number_of_password_prompts) 446 return 0; 447 448 if (attempt != 1) 449 error("Permission denied, please try again."); 450 451 snprintf(prompt, sizeof(prompt), "%.30s@%.128s's password: ", 452 authctxt->server_user, authctxt->host); 453 password = read_passphrase(prompt, 0); 454 packet_start(SSH2_MSG_USERAUTH_REQUEST); 455 packet_put_cstring(authctxt->server_user); 456 packet_put_cstring(authctxt->service); 457 packet_put_cstring(authctxt->method->name); 458 packet_put_char(0); 459 packet_put_cstring(password); 460 memset(password, 0, strlen(password)); 461 xfree(password); 462 packet_add_padding(64); 463 packet_send(); 464 return 1; 465 } 466 467 static void 468 clear_auth_state(Authctxt *authctxt) 469 { 470 /* XXX clear authentication state */ 471 if (authctxt->last_key != NULL && authctxt->last_key_hint == -1) { 472 debug3("clear_auth_state: key_free %p", authctxt->last_key); 473 key_free(authctxt->last_key); 474 } 475 authctxt->last_key = NULL; 476 authctxt->last_key_hint = -2; 477 authctxt->last_key_sign = NULL; 478 } 479 480 static int 481 sign_and_send_pubkey(Authctxt *authctxt, Key *k, sign_cb_fn *sign_callback) 482 { 483 Buffer b; 484 u_char *blob, *signature; 485 int bloblen, slen; 486 int skip = 0; 487 int ret = -1; 488 int have_sig = 1; 489 490 debug3("sign_and_send_pubkey"); 491 492 if (key_to_blob(k, &blob, &bloblen) == 0) { 493 /* we cannot handle this key */ 494 debug3("sign_and_send_pubkey: cannot handle key"); 495 return 0; 496 } 497 /* data to be signed */ 498 buffer_init(&b); 499 if (datafellows & SSH_OLD_SESSIONID) { 500 buffer_append(&b, session_id2, session_id2_len); 501 skip = session_id2_len; 502 } else { 503 buffer_put_string(&b, session_id2, session_id2_len); 504 skip = buffer_len(&b); 505 } 506 buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST); 507 buffer_put_cstring(&b, authctxt->server_user); 508 buffer_put_cstring(&b, 509 datafellows & SSH_BUG_PKSERVICE ? 510 "ssh-userauth" : 511 authctxt->service); 512 if (datafellows & SSH_BUG_PKAUTH) { 513 buffer_put_char(&b, have_sig); 514 } else { 515 buffer_put_cstring(&b, authctxt->method->name); 516 buffer_put_char(&b, have_sig); 517 buffer_put_cstring(&b, key_ssh_name(k)); 518 } 519 buffer_put_string(&b, blob, bloblen); 520 521 /* generate signature */ 522 ret = (*sign_callback)(authctxt, k, &signature, &slen, 523 buffer_ptr(&b), buffer_len(&b)); 524 if (ret == -1) { 525 xfree(blob); 526 buffer_free(&b); 527 return 0; 528 } 529 #ifdef DEBUG_PK 530 buffer_dump(&b); 531 #endif 532 if (datafellows & SSH_BUG_PKSERVICE) { 533 buffer_clear(&b); 534 buffer_append(&b, session_id2, session_id2_len); 535 skip = session_id2_len; 536 buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST); 537 buffer_put_cstring(&b, authctxt->server_user); 538 buffer_put_cstring(&b, authctxt->service); 539 buffer_put_cstring(&b, authctxt->method->name); 540 buffer_put_char(&b, have_sig); 541 if (!(datafellows & SSH_BUG_PKAUTH)) 542 buffer_put_cstring(&b, key_ssh_name(k)); 543 buffer_put_string(&b, blob, bloblen); 544 } 545 xfree(blob); 546 547 /* append signature */ 548 buffer_put_string(&b, signature, slen); 549 xfree(signature); 550 551 /* skip session id and packet type */ 552 if (buffer_len(&b) < skip + 1) 553 fatal("userauth_pubkey: internal error"); 554 buffer_consume(&b, skip + 1); 555 556 /* put remaining data from buffer into packet */ 557 packet_start(SSH2_MSG_USERAUTH_REQUEST); 558 packet_put_raw(buffer_ptr(&b), buffer_len(&b)); 559 buffer_free(&b); 560 packet_send(); 561 562 return 1; 563 } 564 565 static int 566 send_pubkey_test(Authctxt *authctxt, Key *k, sign_cb_fn *sign_callback, 567 int hint) 568 { 569 u_char *blob; 570 int bloblen, have_sig = 0; 571 572 debug3("send_pubkey_test"); 573 574 if (key_to_blob(k, &blob, &bloblen) == 0) { 575 /* we cannot handle this key */ 576 debug3("send_pubkey_test: cannot handle key"); 577 return 0; 578 } 579 /* register callback for USERAUTH_PK_OK message */ 580 authctxt->last_key_sign = sign_callback; 581 authctxt->last_key_hint = hint; 582 authctxt->last_key = k; 583 dispatch_set(SSH2_MSG_USERAUTH_PK_OK, &input_userauth_pk_ok); 584 585 packet_start(SSH2_MSG_USERAUTH_REQUEST); 586 packet_put_cstring(authctxt->server_user); 587 packet_put_cstring(authctxt->service); 588 packet_put_cstring(authctxt->method->name); 589 packet_put_char(have_sig); 590 if (!(datafellows & SSH_BUG_PKAUTH)) 591 packet_put_cstring(key_ssh_name(k)); 592 packet_put_string(blob, bloblen); 593 xfree(blob); 594 packet_send(); 595 return 1; 596 } 597 598 static Key * 599 load_identity_file(char *filename) 600 { 601 Key *private; 602 char prompt[300], *passphrase; 603 int quit, i; 604 struct stat st; 605 606 if (stat(filename, &st) < 0) { 607 debug3("no such identity: %s", filename); 608 return NULL; 609 } 610 private = key_load_private_type(KEY_UNSPEC, filename, "", NULL); 611 if (private == NULL) { 612 if (options.batch_mode) 613 return NULL; 614 snprintf(prompt, sizeof prompt, 615 "Enter passphrase for key '%.100s': ", filename); 616 for (i = 0; i < options.number_of_password_prompts; i++) { 617 passphrase = read_passphrase(prompt, 0); 618 if (strcmp(passphrase, "") != 0) { 619 private = key_load_private_type(KEY_UNSPEC, filename, 620 passphrase, NULL); 621 quit = 0; 622 } else { 623 debug2("no passphrase given, try next key"); 624 quit = 1; 625 } 626 memset(passphrase, 0, strlen(passphrase)); 627 xfree(passphrase); 628 if (private != NULL || quit) 629 break; 630 debug2("bad passphrase given, try again..."); 631 } 632 } 633 return private; 634 } 635 636 static int 637 identity_sign_cb(Authctxt *authctxt, Key *key, u_char **sigp, int *lenp, 638 u_char *data, int datalen) 639 { 640 Key *private; 641 int idx, ret; 642 643 idx = authctxt->last_key_hint; 644 if (idx < 0) 645 return -1; 646 647 /* private key is stored in external hardware */ 648 if (options.identity_keys[idx]->flags & KEY_FLAG_EXT) 649 return key_sign(options.identity_keys[idx], sigp, lenp, data, datalen); 650 651 private = load_identity_file(options.identity_files[idx]); 652 if (private == NULL) 653 return -1; 654 ret = key_sign(private, sigp, lenp, data, datalen); 655 key_free(private); 656 return ret; 657 } 658 659 static int 660 agent_sign_cb(Authctxt *authctxt, Key *key, u_char **sigp, int *lenp, 661 u_char *data, int datalen) 662 { 663 return ssh_agent_sign(authctxt->agent, key, sigp, lenp, data, datalen); 664 } 665 666 static int 667 key_sign_cb(Authctxt *authctxt, Key *key, u_char **sigp, int *lenp, 668 u_char *data, int datalen) 669 { 670 return key_sign(key, sigp, lenp, data, datalen); 671 } 672 673 static int 674 userauth_pubkey_agent(Authctxt *authctxt) 675 { 676 static int called = 0; 677 int ret = 0; 678 char *comment; 679 Key *k; 680 681 if (called == 0) { 682 if (ssh_get_num_identities(authctxt->agent, 2) == 0) 683 debug2("userauth_pubkey_agent: no keys at all"); 684 called = 1; 685 } 686 k = ssh_get_next_identity(authctxt->agent, &comment, 2); 687 if (k == NULL) { 688 debug2("userauth_pubkey_agent: no more keys"); 689 } else { 690 debug("userauth_pubkey_agent: testing agent key %s", comment); 691 xfree(comment); 692 ret = send_pubkey_test(authctxt, k, agent_sign_cb, -1); 693 if (ret == 0) 694 key_free(k); 695 } 696 if (ret == 0) 697 debug2("userauth_pubkey_agent: no message sent"); 698 return ret; 699 } 700 701 int 702 userauth_pubkey(Authctxt *authctxt) 703 { 704 static int idx = 0; 705 int sent = 0; 706 Key *key; 707 char *filename; 708 709 if (authctxt->agent != NULL) { 710 do { 711 sent = userauth_pubkey_agent(authctxt); 712 } while (!sent && authctxt->agent->howmany > 0); 713 } 714 while (!sent && idx < options.num_identity_files) { 715 key = options.identity_keys[idx]; 716 filename = options.identity_files[idx]; 717 if (key == NULL) { 718 debug("try privkey: %s", filename); 719 key = load_identity_file(filename); 720 if (key != NULL) { 721 sent = sign_and_send_pubkey(authctxt, key, 722 key_sign_cb); 723 key_free(key); 724 } 725 } else if (key->type != KEY_RSA1) { 726 debug("try pubkey: %s", filename); 727 sent = send_pubkey_test(authctxt, key, 728 identity_sign_cb, idx); 729 } 730 idx++; 731 } 732 return sent; 733 } 734 735 /* 736 * Send userauth request message specifying keyboard-interactive method. 737 */ 738 int 739 userauth_kbdint(Authctxt *authctxt) 740 { 741 static int attempt = 0; 742 743 if (attempt++ >= options.number_of_password_prompts) 744 return 0; 745 /* disable if no SSH2_MSG_USERAUTH_INFO_REQUEST has been seen */ 746 if (attempt > 1 && !authctxt->info_req_seen) { 747 debug3("userauth_kbdint: disable: no info_req_seen"); 748 dispatch_set(SSH2_MSG_USERAUTH_INFO_REQUEST, NULL); 749 return 0; 750 } 751 752 debug2("userauth_kbdint"); 753 packet_start(SSH2_MSG_USERAUTH_REQUEST); 754 packet_put_cstring(authctxt->server_user); 755 packet_put_cstring(authctxt->service); 756 packet_put_cstring(authctxt->method->name); 757 packet_put_cstring(""); /* lang */ 758 packet_put_cstring(options.kbd_interactive_devices ? 759 options.kbd_interactive_devices : ""); 760 packet_send(); 761 762 dispatch_set(SSH2_MSG_USERAUTH_INFO_REQUEST, &input_userauth_info_req); 763 return 1; 764 } 765 766 /* 767 * parse INFO_REQUEST, prompt user and send INFO_RESPONSE 768 */ 769 void 770 input_userauth_info_req(int type, u_int32_t seq, void *ctxt) 771 { 772 Authctxt *authctxt = ctxt; 773 char *name, *inst, *lang, *prompt, *response; 774 u_int num_prompts, i; 775 int echo = 0; 776 777 debug2("input_userauth_info_req"); 778 779 if (authctxt == NULL) 780 fatal("input_userauth_info_req: no authentication context"); 781 782 authctxt->info_req_seen = 1; 783 784 name = packet_get_string(NULL); 785 inst = packet_get_string(NULL); 786 lang = packet_get_string(NULL); 787 if (strlen(name) > 0) 788 log("%s", name); 789 if (strlen(inst) > 0) 790 log("%s", inst); 791 xfree(name); 792 xfree(inst); 793 xfree(lang); 794 795 num_prompts = packet_get_int(); 796 /* 797 * Begin to build info response packet based on prompts requested. 798 * We commit to providing the correct number of responses, so if 799 * further on we run into a problem that prevents this, we have to 800 * be sure and clean this up and send a correct error response. 801 */ 802 packet_start(SSH2_MSG_USERAUTH_INFO_RESPONSE); 803 packet_put_int(num_prompts); 804 805 debug2("input_userauth_info_req: num_prompts %d", num_prompts); 806 for (i = 0; i < num_prompts; i++) { 807 prompt = packet_get_string(NULL); 808 echo = packet_get_char(); 809 810 response = read_passphrase(prompt, echo ? RP_ECHO : 0); 811 812 packet_put_cstring(response); 813 memset(response, 0, strlen(response)); 814 xfree(response); 815 xfree(prompt); 816 } 817 packet_check_eom(); /* done with parsing incoming message. */ 818 819 packet_add_padding(64); 820 packet_send(); 821 } 822 823 /* 824 * this will be move to an external program (ssh-keysign) ASAP. ssh-keysign 825 * will be setuid-root and the sbit can be removed from /usr/bin/ssh. 826 */ 827 int 828 userauth_hostbased(Authctxt *authctxt) 829 { 830 Key *private = NULL; 831 Buffer b; 832 u_char *signature, *blob; 833 char *chost, *pkalg, *p; 834 const char *service; 835 u_int blen, slen; 836 int ok, i, len, found = 0; 837 838 /* check for a useful key */ 839 for (i = 0; i < authctxt->nkeys; i++) { 840 private = authctxt->keys[i]; 841 if (private && private->type != KEY_RSA1) { 842 found = 1; 843 /* we take and free the key */ 844 authctxt->keys[i] = NULL; 845 break; 846 } 847 } 848 if (!found) { 849 debug("userauth_hostbased: no more client hostkeys"); 850 return 0; 851 } 852 if (key_to_blob(private, &blob, &blen) == 0) { 853 key_free(private); 854 return 0; 855 } 856 /* figure out a name for the client host */ 857 p = get_local_name(packet_get_connection_in()); 858 if (p == NULL) { 859 error("userauth_hostbased: cannot get local ipaddr/name"); 860 key_free(private); 861 return 0; 862 } 863 len = strlen(p) + 2; 864 chost = xmalloc(len); 865 strlcpy(chost, p, len); 866 strlcat(chost, ".", len); 867 debug2("userauth_hostbased: chost %s", chost); 868 869 service = datafellows & SSH_BUG_HBSERVICE ? "ssh-userauth" : 870 authctxt->service; 871 pkalg = xstrdup(key_ssh_name(private)); 872 buffer_init(&b); 873 /* construct data */ 874 buffer_put_string(&b, session_id2, session_id2_len); 875 buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST); 876 buffer_put_cstring(&b, authctxt->server_user); 877 buffer_put_cstring(&b, service); 878 buffer_put_cstring(&b, authctxt->method->name); 879 buffer_put_cstring(&b, pkalg); 880 buffer_put_string(&b, blob, blen); 881 buffer_put_cstring(&b, chost); 882 buffer_put_cstring(&b, authctxt->local_user); 883 #ifdef DEBUG_PK 884 buffer_dump(&b); 885 #endif 886 ok = key_sign(private, &signature, &slen, buffer_ptr(&b), buffer_len(&b)); 887 key_free(private); 888 buffer_free(&b); 889 if (ok != 0) { 890 error("key_sign failed"); 891 xfree(chost); 892 xfree(pkalg); 893 return 0; 894 } 895 packet_start(SSH2_MSG_USERAUTH_REQUEST); 896 packet_put_cstring(authctxt->server_user); 897 packet_put_cstring(authctxt->service); 898 packet_put_cstring(authctxt->method->name); 899 packet_put_cstring(pkalg); 900 packet_put_string(blob, blen); 901 packet_put_cstring(chost); 902 packet_put_cstring(authctxt->local_user); 903 packet_put_string(signature, slen); 904 memset(signature, 's', slen); 905 xfree(signature); 906 xfree(chost); 907 xfree(pkalg); 908 909 packet_send(); 910 return 1; 911 } 912 913 /* find auth method */ 914 915 /* 916 * given auth method name, if configurable options permit this method fill 917 * in auth_ident field and return true, otherwise return false. 918 */ 919 static int 920 authmethod_is_enabled(Authmethod *method) 921 { 922 if (method == NULL) 923 return 0; 924 /* return false if options indicate this method is disabled */ 925 if (method->enabled == NULL || *method->enabled == 0) 926 return 0; 927 /* return false if batch mode is enabled but method needs interactive mode */ 928 if (method->batch_flag != NULL && *method->batch_flag != 0) 929 return 0; 930 return 1; 931 } 932 933 static Authmethod * 934 authmethod_lookup(const char *name) 935 { 936 Authmethod *method = NULL; 937 if (name != NULL) 938 for (method = authmethods; method->name != NULL; method++) 939 if (strcmp(name, method->name) == 0) 940 return method; 941 debug2("Unrecognized authentication method name: %s", name ? name : "NULL"); 942 return NULL; 943 } 944 945 /* XXX internal state */ 946 static Authmethod *current = NULL; 947 static char *supported = NULL; 948 static char *preferred = NULL; 949 /* 950 * Given the authentication method list sent by the server, return the 951 * next method we should try. If the server initially sends a nil list, 952 * use a built-in default list. 953 */ 954 static Authmethod * 955 authmethod_get(char *authlist) 956 { 957 958 char *name = NULL; 959 int next; 960 961 /* Use a suitable default if we're passed a nil list. */ 962 if (authlist == NULL || strlen(authlist) == 0) 963 authlist = options.preferred_authentications; 964 965 if (supported == NULL || strcmp(authlist, supported) != 0) { 966 debug3("start over, passed a different list %s", authlist); 967 if (supported != NULL) 968 xfree(supported); 969 supported = xstrdup(authlist); 970 preferred = options.preferred_authentications; 971 debug3("preferred %s", preferred); 972 current = NULL; 973 } else if (current != NULL && authmethod_is_enabled(current)) 974 return current; 975 976 for (;;) { 977 if ((name = match_list(preferred, supported, &next)) == NULL) { 978 debug("no more auth methods to try"); 979 current = NULL; 980 return NULL; 981 } 982 preferred += next; 983 debug3("authmethod_lookup %s", name); 984 debug3("remaining preferred: %s", preferred); 985 if ((current = authmethod_lookup(name)) != NULL && 986 authmethod_is_enabled(current)) { 987 debug3("authmethod_is_enabled %s", name); 988 debug("next auth method to try is %s", name); 989 return current; 990 } 991 } 992 } 993 994 995 #define DELIM "," 996 997 static char * 998 authmethods_get(void) 999 { 1000 Authmethod *method = NULL; 1001 char buf[1024]; 1002 1003 buf[0] = '\0'; 1004 for (method = authmethods; method->name != NULL; method++) { 1005 if (authmethod_is_enabled(method)) { 1006 if (buf[0] != '\0') 1007 strlcat(buf, DELIM, sizeof buf); 1008 strlcat(buf, method->name, sizeof buf); 1009 } 1010 } 1011 return xstrdup(buf); 1012 } 1013