1*ee116499SAntonio Huete Jimenez /* $OpenBSD: auth2.c,v 1.164 2022/02/23 11:18:13 djm Exp $ */
218de8d7fSPeter Avalos /*
318de8d7fSPeter Avalos * Copyright (c) 2000 Markus Friedl. All rights reserved.
418de8d7fSPeter Avalos *
518de8d7fSPeter Avalos * Redistribution and use in source and binary forms, with or without
618de8d7fSPeter Avalos * modification, are permitted provided that the following conditions
718de8d7fSPeter Avalos * are met:
818de8d7fSPeter Avalos * 1. Redistributions of source code must retain the above copyright
918de8d7fSPeter Avalos * notice, this list of conditions and the following disclaimer.
1018de8d7fSPeter Avalos * 2. Redistributions in binary form must reproduce the above copyright
1118de8d7fSPeter Avalos * notice, this list of conditions and the following disclaimer in the
1218de8d7fSPeter Avalos * documentation and/or other materials provided with the distribution.
1318de8d7fSPeter Avalos *
1418de8d7fSPeter Avalos * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
1518de8d7fSPeter Avalos * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
1618de8d7fSPeter Avalos * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
1718de8d7fSPeter Avalos * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
1818de8d7fSPeter Avalos * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
1918de8d7fSPeter Avalos * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
2018de8d7fSPeter Avalos * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
2118de8d7fSPeter Avalos * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
2218de8d7fSPeter Avalos * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
2318de8d7fSPeter Avalos * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
2418de8d7fSPeter Avalos */
2518de8d7fSPeter Avalos
2618de8d7fSPeter Avalos #include "includes.h"
2718de8d7fSPeter Avalos
2818de8d7fSPeter Avalos #include <sys/types.h>
2918de8d7fSPeter Avalos #include <sys/stat.h>
3018de8d7fSPeter Avalos #include <sys/uio.h>
3118de8d7fSPeter Avalos
3218de8d7fSPeter Avalos #include <fcntl.h>
33ce74bacaSMatthew Dillon #include <limits.h>
3418de8d7fSPeter Avalos #include <pwd.h>
3518de8d7fSPeter Avalos #include <stdarg.h>
3618de8d7fSPeter Avalos #include <string.h>
3718de8d7fSPeter Avalos #include <unistd.h>
38664f4763Szrj #include <time.h>
3918de8d7fSPeter Avalos
400cbfa66cSDaniel Fojt #include "stdlib.h"
4118de8d7fSPeter Avalos #include "atomicio.h"
4240c002afSPeter Avalos #include "xmalloc.h"
4318de8d7fSPeter Avalos #include "ssh2.h"
4418de8d7fSPeter Avalos #include "packet.h"
4518de8d7fSPeter Avalos #include "log.h"
46664f4763Szrj #include "sshbuf.h"
4736e94dc5SPeter Avalos #include "misc.h"
4818de8d7fSPeter Avalos #include "servconf.h"
4918de8d7fSPeter Avalos #include "compat.h"
50664f4763Szrj #include "sshkey.h"
5118de8d7fSPeter Avalos #include "hostfile.h"
5218de8d7fSPeter Avalos #include "auth.h"
5318de8d7fSPeter Avalos #include "dispatch.h"
5418de8d7fSPeter Avalos #include "pathnames.h"
55664f4763Szrj #include "ssherr.h"
5618de8d7fSPeter Avalos #ifdef GSSAPI
5718de8d7fSPeter Avalos #include "ssh-gss.h"
5818de8d7fSPeter Avalos #endif
5918de8d7fSPeter Avalos #include "monitor_wrap.h"
60664f4763Szrj #include "digest.h"
6118de8d7fSPeter Avalos
6218de8d7fSPeter Avalos /* import */
6318de8d7fSPeter Avalos extern ServerOptions options;
64664f4763Szrj extern struct sshbuf *loginmsg;
6518de8d7fSPeter Avalos
6618de8d7fSPeter Avalos /* methods */
6718de8d7fSPeter Avalos
6818de8d7fSPeter Avalos extern Authmethod method_none;
6918de8d7fSPeter Avalos extern Authmethod method_pubkey;
7018de8d7fSPeter Avalos extern Authmethod method_passwd;
7118de8d7fSPeter Avalos extern Authmethod method_kbdint;
7218de8d7fSPeter Avalos extern Authmethod method_hostbased;
7318de8d7fSPeter Avalos #ifdef GSSAPI
7418de8d7fSPeter Avalos extern Authmethod method_gssapi;
7518de8d7fSPeter Avalos #endif
7618de8d7fSPeter Avalos
7718de8d7fSPeter Avalos Authmethod *authmethods[] = {
7818de8d7fSPeter Avalos &method_none,
7918de8d7fSPeter Avalos &method_pubkey,
8018de8d7fSPeter Avalos #ifdef GSSAPI
8118de8d7fSPeter Avalos &method_gssapi,
8218de8d7fSPeter Avalos #endif
8318de8d7fSPeter Avalos &method_passwd,
8418de8d7fSPeter Avalos &method_kbdint,
8518de8d7fSPeter Avalos &method_hostbased,
8618de8d7fSPeter Avalos NULL
8718de8d7fSPeter Avalos };
8818de8d7fSPeter Avalos
8918de8d7fSPeter Avalos /* protocol */
9018de8d7fSPeter Avalos
91ce74bacaSMatthew Dillon static int input_service_request(int, u_int32_t, struct ssh *);
92ce74bacaSMatthew Dillon static int input_userauth_request(int, u_int32_t, struct ssh *);
9318de8d7fSPeter Avalos
9418de8d7fSPeter Avalos /* helper */
95*ee116499SAntonio Huete Jimenez static Authmethod *authmethod_byname(const char *);
9636e94dc5SPeter Avalos static Authmethod *authmethod_lookup(Authctxt *, const char *);
9736e94dc5SPeter Avalos static char *authmethods_get(Authctxt *authctxt);
9836e94dc5SPeter Avalos
9936e94dc5SPeter Avalos #define MATCH_NONE 0 /* method or submethod mismatch */
10036e94dc5SPeter Avalos #define MATCH_METHOD 1 /* method matches (no submethod specified) */
10136e94dc5SPeter Avalos #define MATCH_BOTH 2 /* method and submethod match */
10236e94dc5SPeter Avalos #define MATCH_PARTIAL 3 /* method matches, submethod can't be checked */
10336e94dc5SPeter Avalos static int list_starts_with(const char *, const char *, const char *);
10418de8d7fSPeter Avalos
10518de8d7fSPeter Avalos char *
auth2_read_banner(void)10618de8d7fSPeter Avalos auth2_read_banner(void)
10718de8d7fSPeter Avalos {
10818de8d7fSPeter Avalos struct stat st;
10918de8d7fSPeter Avalos char *banner = NULL;
11018de8d7fSPeter Avalos size_t len, n;
11118de8d7fSPeter Avalos int fd;
11218de8d7fSPeter Avalos
11318de8d7fSPeter Avalos if ((fd = open(options.banner, O_RDONLY)) == -1)
11418de8d7fSPeter Avalos return (NULL);
11518de8d7fSPeter Avalos if (fstat(fd, &st) == -1) {
11618de8d7fSPeter Avalos close(fd);
11718de8d7fSPeter Avalos return (NULL);
11818de8d7fSPeter Avalos }
11999e85e0dSPeter Avalos if (st.st_size <= 0 || st.st_size > 1*1024*1024) {
12018de8d7fSPeter Avalos close(fd);
12118de8d7fSPeter Avalos return (NULL);
12218de8d7fSPeter Avalos }
12318de8d7fSPeter Avalos
12418de8d7fSPeter Avalos len = (size_t)st.st_size; /* truncate */
12518de8d7fSPeter Avalos banner = xmalloc(len + 1);
12618de8d7fSPeter Avalos n = atomicio(read, fd, banner, len);
12718de8d7fSPeter Avalos close(fd);
12818de8d7fSPeter Avalos
12918de8d7fSPeter Avalos if (n != len) {
13036e94dc5SPeter Avalos free(banner);
13118de8d7fSPeter Avalos return (NULL);
13218de8d7fSPeter Avalos }
13318de8d7fSPeter Avalos banner[n] = '\0';
13418de8d7fSPeter Avalos
13518de8d7fSPeter Avalos return (banner);
13618de8d7fSPeter Avalos }
13718de8d7fSPeter Avalos
138664f4763Szrj static void
userauth_send_banner(struct ssh * ssh,const char * msg)139664f4763Szrj userauth_send_banner(struct ssh *ssh, const char *msg)
14018de8d7fSPeter Avalos {
141664f4763Szrj int r;
14218de8d7fSPeter Avalos
143664f4763Szrj if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_BANNER)) != 0 ||
144664f4763Szrj (r = sshpkt_put_cstring(ssh, msg)) != 0 ||
145664f4763Szrj (r = sshpkt_put_cstring(ssh, "")) != 0 || /* language, unused */
146664f4763Szrj (r = sshpkt_send(ssh)) != 0)
14750a69bb5SSascha Wildner fatal_fr(r, "send packet");
14818de8d7fSPeter Avalos debug("%s: sent", __func__);
14918de8d7fSPeter Avalos }
15018de8d7fSPeter Avalos
15118de8d7fSPeter Avalos static void
userauth_banner(struct ssh * ssh)152664f4763Szrj userauth_banner(struct ssh *ssh)
15318de8d7fSPeter Avalos {
15418de8d7fSPeter Avalos char *banner = NULL;
15518de8d7fSPeter Avalos
156664f4763Szrj if (options.banner == NULL)
15718de8d7fSPeter Avalos return;
15818de8d7fSPeter Avalos
15918de8d7fSPeter Avalos if ((banner = PRIVSEP(auth2_read_banner())) == NULL)
16018de8d7fSPeter Avalos goto done;
161664f4763Szrj userauth_send_banner(ssh, banner);
16218de8d7fSPeter Avalos
16318de8d7fSPeter Avalos done:
16436e94dc5SPeter Avalos free(banner);
16518de8d7fSPeter Avalos }
16618de8d7fSPeter Avalos
16718de8d7fSPeter Avalos /*
16818de8d7fSPeter Avalos * loop until authctxt->success == TRUE
16918de8d7fSPeter Avalos */
17018de8d7fSPeter Avalos void
do_authentication2(struct ssh * ssh)171664f4763Szrj do_authentication2(struct ssh *ssh)
17218de8d7fSPeter Avalos {
173664f4763Szrj Authctxt *authctxt = ssh->authctxt;
174664f4763Szrj
175ce74bacaSMatthew Dillon ssh_dispatch_init(ssh, &dispatch_protocol_error);
176ce74bacaSMatthew Dillon ssh_dispatch_set(ssh, SSH2_MSG_SERVICE_REQUEST, &input_service_request);
177ce74bacaSMatthew Dillon ssh_dispatch_run_fatal(ssh, DISPATCH_BLOCK, &authctxt->success);
178ce74bacaSMatthew Dillon ssh->authctxt = NULL;
17918de8d7fSPeter Avalos }
18018de8d7fSPeter Avalos
18118de8d7fSPeter Avalos /*ARGSUSED*/
182e9778795SPeter Avalos static int
input_service_request(int type,u_int32_t seq,struct ssh * ssh)183ce74bacaSMatthew Dillon input_service_request(int type, u_int32_t seq, struct ssh *ssh)
18418de8d7fSPeter Avalos {
185ce74bacaSMatthew Dillon Authctxt *authctxt = ssh->authctxt;
186664f4763Szrj char *service = NULL;
187664f4763Szrj int r, acceptit = 0;
188664f4763Szrj
189664f4763Szrj if ((r = sshpkt_get_cstring(ssh, &service, NULL)) != 0 ||
190664f4763Szrj (r = sshpkt_get_end(ssh)) != 0)
191664f4763Szrj goto out;
19218de8d7fSPeter Avalos
19318de8d7fSPeter Avalos if (authctxt == NULL)
19418de8d7fSPeter Avalos fatal("input_service_request: no authctxt");
19518de8d7fSPeter Avalos
19618de8d7fSPeter Avalos if (strcmp(service, "ssh-userauth") == 0) {
19718de8d7fSPeter Avalos if (!authctxt->success) {
19818de8d7fSPeter Avalos acceptit = 1;
19918de8d7fSPeter Avalos /* now we can handle user-auth requests */
200664f4763Szrj ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_REQUEST,
201664f4763Szrj &input_userauth_request);
20218de8d7fSPeter Avalos }
20318de8d7fSPeter Avalos }
20418de8d7fSPeter Avalos /* XXX all other service requests are denied */
20518de8d7fSPeter Avalos
20618de8d7fSPeter Avalos if (acceptit) {
207664f4763Szrj if ((r = sshpkt_start(ssh, SSH2_MSG_SERVICE_ACCEPT)) != 0 ||
208664f4763Szrj (r = sshpkt_put_cstring(ssh, service)) != 0 ||
209664f4763Szrj (r = sshpkt_send(ssh)) != 0 ||
210664f4763Szrj (r = ssh_packet_write_wait(ssh)) != 0)
211664f4763Szrj goto out;
21218de8d7fSPeter Avalos } else {
21318de8d7fSPeter Avalos debug("bad service request %s", service);
214664f4763Szrj ssh_packet_disconnect(ssh, "bad service request %s", service);
21518de8d7fSPeter Avalos }
216664f4763Szrj r = 0;
217664f4763Szrj out:
21836e94dc5SPeter Avalos free(service);
2190cbfa66cSDaniel Fojt return r;
22018de8d7fSPeter Avalos }
22118de8d7fSPeter Avalos
222664f4763Szrj #define MIN_FAIL_DELAY_SECONDS 0.005
223664f4763Szrj static double
user_specific_delay(const char * user)224664f4763Szrj user_specific_delay(const char *user)
225664f4763Szrj {
226664f4763Szrj char b[512];
227664f4763Szrj size_t len = ssh_digest_bytes(SSH_DIGEST_SHA512);
228664f4763Szrj u_char *hash = xmalloc(len);
229664f4763Szrj double delay;
230664f4763Szrj
231664f4763Szrj (void)snprintf(b, sizeof b, "%llu%s",
232664f4763Szrj (unsigned long long)options.timing_secret, user);
233664f4763Szrj if (ssh_digest_memory(SSH_DIGEST_SHA512, b, strlen(b), hash, len) != 0)
23450a69bb5SSascha Wildner fatal_f("ssh_digest_memory");
235664f4763Szrj /* 0-4.2 ms of delay */
236664f4763Szrj delay = (double)PEEK_U32(hash) / 1000 / 1000 / 1000 / 1000;
237664f4763Szrj freezero(hash, len);
23850a69bb5SSascha Wildner debug3_f("user specific delay %0.3lfms", delay/1000);
239664f4763Szrj return MIN_FAIL_DELAY_SECONDS + delay;
240664f4763Szrj }
241664f4763Szrj
242664f4763Szrj static void
ensure_minimum_time_since(double start,double seconds)243664f4763Szrj ensure_minimum_time_since(double start, double seconds)
244664f4763Szrj {
245664f4763Szrj struct timespec ts;
246664f4763Szrj double elapsed = monotime_double() - start, req = seconds, remain;
247664f4763Szrj
248664f4763Szrj /* if we've already passed the requested time, scale up */
249664f4763Szrj while ((remain = seconds - elapsed) < 0.0)
250664f4763Szrj seconds *= 2;
251664f4763Szrj
252664f4763Szrj ts.tv_sec = remain;
253664f4763Szrj ts.tv_nsec = (remain - ts.tv_sec) * 1000000000;
25450a69bb5SSascha Wildner debug3_f("elapsed %0.3lfms, delaying %0.3lfms (requested %0.3lfms)",
25550a69bb5SSascha Wildner elapsed*1000, remain*1000, req*1000);
256664f4763Szrj nanosleep(&ts, NULL);
257664f4763Szrj }
258664f4763Szrj
25918de8d7fSPeter Avalos /*ARGSUSED*/
260e9778795SPeter Avalos static int
input_userauth_request(int type,u_int32_t seq,struct ssh * ssh)261ce74bacaSMatthew Dillon input_userauth_request(int type, u_int32_t seq, struct ssh *ssh)
26218de8d7fSPeter Avalos {
263ce74bacaSMatthew Dillon Authctxt *authctxt = ssh->authctxt;
26418de8d7fSPeter Avalos Authmethod *m = NULL;
265664f4763Szrj char *user = NULL, *service = NULL, *method = NULL, *style = NULL;
266664f4763Szrj int r, authenticated = 0;
267664f4763Szrj double tstart = monotime_double();
26818de8d7fSPeter Avalos
26918de8d7fSPeter Avalos if (authctxt == NULL)
27018de8d7fSPeter Avalos fatal("input_userauth_request: no authctxt");
27118de8d7fSPeter Avalos
272664f4763Szrj if ((r = sshpkt_get_cstring(ssh, &user, NULL)) != 0 ||
273664f4763Szrj (r = sshpkt_get_cstring(ssh, &service, NULL)) != 0 ||
274664f4763Szrj (r = sshpkt_get_cstring(ssh, &method, NULL)) != 0)
275664f4763Szrj goto out;
27618de8d7fSPeter Avalos debug("userauth-request for user %s service %s method %s", user, service, method);
27718de8d7fSPeter Avalos debug("attempt %d failures %d", authctxt->attempt, authctxt->failures);
27818de8d7fSPeter Avalos
27918de8d7fSPeter Avalos if ((style = strchr(user, ':')) != NULL)
28018de8d7fSPeter Avalos *style++ = 0;
28118de8d7fSPeter Avalos
282*ee116499SAntonio Huete Jimenez if (authctxt->attempt >= 1024)
283*ee116499SAntonio Huete Jimenez auth_maxtries_exceeded(ssh);
28418de8d7fSPeter Avalos if (authctxt->attempt++ == 0) {
28518de8d7fSPeter Avalos /* setup auth context */
286664f4763Szrj authctxt->pw = PRIVSEP(getpwnamallow(ssh, user));
28718de8d7fSPeter Avalos authctxt->user = xstrdup(user);
28818de8d7fSPeter Avalos if (authctxt->pw && strcmp(service, "ssh-connection")==0) {
28918de8d7fSPeter Avalos authctxt->valid = 1;
29050a69bb5SSascha Wildner debug2_f("setting up authctxt for %s", user);
29118de8d7fSPeter Avalos } else {
292*ee116499SAntonio Huete Jimenez authctxt->valid = 0;
293ce74bacaSMatthew Dillon /* Invalid user, fake password information */
29418de8d7fSPeter Avalos authctxt->pw = fakepw();
29518de8d7fSPeter Avalos #ifdef SSH_AUDIT_EVENTS
296664f4763Szrj PRIVSEP(audit_event(ssh, SSH_INVALID_USER));
29718de8d7fSPeter Avalos #endif
29818de8d7fSPeter Avalos }
29918de8d7fSPeter Avalos #ifdef USE_PAM
30018de8d7fSPeter Avalos if (options.use_pam)
301664f4763Szrj PRIVSEP(start_pam(ssh));
30218de8d7fSPeter Avalos #endif
303ce74bacaSMatthew Dillon ssh_packet_set_log_preamble(ssh, "%suser %s",
304ce74bacaSMatthew Dillon authctxt->valid ? "authenticating " : "invalid ", user);
30518de8d7fSPeter Avalos setproctitle("%s%s", authctxt->valid ? user : "unknown",
30618de8d7fSPeter Avalos use_privsep ? " [net]" : "");
30718de8d7fSPeter Avalos authctxt->service = xstrdup(service);
30818de8d7fSPeter Avalos authctxt->style = style ? xstrdup(style) : NULL;
30918de8d7fSPeter Avalos if (use_privsep)
31018de8d7fSPeter Avalos mm_inform_authserv(service, style);
311664f4763Szrj userauth_banner(ssh);
31236e94dc5SPeter Avalos if (auth2_setup_methods_lists(authctxt) != 0)
313664f4763Szrj ssh_packet_disconnect(ssh,
314664f4763Szrj "no authentication methods enabled");
31518de8d7fSPeter Avalos } else if (strcmp(user, authctxt->user) != 0 ||
31618de8d7fSPeter Avalos strcmp(service, authctxt->service) != 0) {
317664f4763Szrj ssh_packet_disconnect(ssh, "Change of username or service "
318664f4763Szrj "not allowed: (%s,%s) -> (%s,%s)",
31918de8d7fSPeter Avalos authctxt->user, authctxt->service, user, service);
32018de8d7fSPeter Avalos }
32118de8d7fSPeter Avalos /* reset state */
322ce74bacaSMatthew Dillon auth2_challenge_stop(ssh);
32318de8d7fSPeter Avalos
32418de8d7fSPeter Avalos #ifdef GSSAPI
325cb5eb4f1SPeter Avalos /* XXX move to auth2_gssapi_stop() */
326ce74bacaSMatthew Dillon ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
327ce74bacaSMatthew Dillon ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE, NULL);
32818de8d7fSPeter Avalos #endif
32918de8d7fSPeter Avalos
330ce74bacaSMatthew Dillon auth2_authctxt_reset_info(authctxt);
33118de8d7fSPeter Avalos authctxt->postponed = 0;
3321c188a7fSPeter Avalos authctxt->server_caused_failure = 0;
33318de8d7fSPeter Avalos
33418de8d7fSPeter Avalos /* try to authenticate user */
33536e94dc5SPeter Avalos m = authmethod_lookup(authctxt, method);
33618de8d7fSPeter Avalos if (m != NULL && authctxt->failures < options.max_authtries) {
33718de8d7fSPeter Avalos debug2("input_userauth_request: try method %s", method);
338*ee116499SAntonio Huete Jimenez authenticated = m->userauth(ssh, method);
33918de8d7fSPeter Avalos }
340664f4763Szrj if (!authctxt->authenticated)
341664f4763Szrj ensure_minimum_time_since(tstart,
342664f4763Szrj user_specific_delay(authctxt->user));
343ce74bacaSMatthew Dillon userauth_finish(ssh, authenticated, method, NULL);
344664f4763Szrj r = 0;
345664f4763Szrj out:
34636e94dc5SPeter Avalos free(service);
34736e94dc5SPeter Avalos free(user);
34836e94dc5SPeter Avalos free(method);
349664f4763Szrj return r;
35018de8d7fSPeter Avalos }
35118de8d7fSPeter Avalos
35218de8d7fSPeter Avalos void
userauth_finish(struct ssh * ssh,int authenticated,const char * packet_method,const char * submethod)353*ee116499SAntonio Huete Jimenez userauth_finish(struct ssh *ssh, int authenticated, const char *packet_method,
35436e94dc5SPeter Avalos const char *submethod)
35518de8d7fSPeter Avalos {
356ce74bacaSMatthew Dillon Authctxt *authctxt = ssh->authctxt;
357*ee116499SAntonio Huete Jimenez Authmethod *m = NULL;
358*ee116499SAntonio Huete Jimenez const char *method = packet_method;
35918de8d7fSPeter Avalos char *methods;
360664f4763Szrj int r, partial = 0;
36118de8d7fSPeter Avalos
362*ee116499SAntonio Huete Jimenez if (authenticated) {
363*ee116499SAntonio Huete Jimenez if (!authctxt->valid) {
36418de8d7fSPeter Avalos fatal("INTERNAL ERROR: authenticated invalid user %s",
36518de8d7fSPeter Avalos authctxt->user);
366*ee116499SAntonio Huete Jimenez }
367*ee116499SAntonio Huete Jimenez if (authctxt->postponed)
36836e94dc5SPeter Avalos fatal("INTERNAL ERROR: authenticated and postponed");
369*ee116499SAntonio Huete Jimenez /* prefer primary authmethod name to possible synonym */
370*ee116499SAntonio Huete Jimenez if ((m = authmethod_byname(method)) == NULL)
371*ee116499SAntonio Huete Jimenez fatal("INTERNAL ERROR: bad method %s", method);
372*ee116499SAntonio Huete Jimenez method = m->name;
373*ee116499SAntonio Huete Jimenez }
37418de8d7fSPeter Avalos
37518de8d7fSPeter Avalos /* Special handling for root */
37618de8d7fSPeter Avalos if (authenticated && authctxt->pw->pw_uid == 0 &&
377664f4763Szrj !auth_root_allowed(ssh, method)) {
37818de8d7fSPeter Avalos authenticated = 0;
37918de8d7fSPeter Avalos #ifdef SSH_AUDIT_EVENTS
380664f4763Szrj PRIVSEP(audit_event(ssh, SSH_LOGIN_ROOT_DENIED));
38118de8d7fSPeter Avalos #endif
38218de8d7fSPeter Avalos }
38318de8d7fSPeter Avalos
38436e94dc5SPeter Avalos if (authenticated && options.num_auth_methods != 0) {
38536e94dc5SPeter Avalos if (!auth2_update_methods_lists(authctxt, method, submethod)) {
38636e94dc5SPeter Avalos authenticated = 0;
38736e94dc5SPeter Avalos partial = 1;
38836e94dc5SPeter Avalos }
38936e94dc5SPeter Avalos }
39036e94dc5SPeter Avalos
39136e94dc5SPeter Avalos /* Log before sending the reply */
392664f4763Szrj auth_log(ssh, authenticated, partial, method, submethod);
39336e94dc5SPeter Avalos
394ce74bacaSMatthew Dillon /* Update information exposed to session */
395ce74bacaSMatthew Dillon if (authenticated || partial)
396ce74bacaSMatthew Dillon auth2_update_session_info(authctxt, method, submethod);
397ce74bacaSMatthew Dillon
39836e94dc5SPeter Avalos if (authctxt->postponed)
39936e94dc5SPeter Avalos return;
40036e94dc5SPeter Avalos
40118de8d7fSPeter Avalos #ifdef USE_PAM
40218de8d7fSPeter Avalos if (options.use_pam && authenticated) {
40350a69bb5SSascha Wildner int r, success = PRIVSEP(do_pam_account());
404664f4763Szrj
40550a69bb5SSascha Wildner /* If PAM returned a message, send it to the user. */
406664f4763Szrj if (sshbuf_len(loginmsg) > 0) {
407664f4763Szrj if ((r = sshbuf_put(loginmsg, "\0", 1)) != 0)
408664f4763Szrj fatal("%s: buffer error: %s",
409664f4763Szrj __func__, ssh_err(r));
410664f4763Szrj userauth_send_banner(ssh, sshbuf_ptr(loginmsg));
411664f4763Szrj if ((r = ssh_packet_write_wait(ssh)) != 0) {
412664f4763Szrj sshpkt_fatal(ssh, r,
413664f4763Szrj "%s: send PAM banner", __func__);
414664f4763Szrj }
41518de8d7fSPeter Avalos }
41650a69bb5SSascha Wildner if (!success) {
41718de8d7fSPeter Avalos fatal("Access denied for user %s by PAM account "
41818de8d7fSPeter Avalos "configuration", authctxt->user);
41918de8d7fSPeter Avalos }
42018de8d7fSPeter Avalos }
42118de8d7fSPeter Avalos #endif
42218de8d7fSPeter Avalos
42318de8d7fSPeter Avalos if (authenticated == 1) {
42418de8d7fSPeter Avalos /* turn off userauth */
425664f4763Szrj ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_REQUEST,
426664f4763Szrj &dispatch_protocol_ignore);
427664f4763Szrj if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_SUCCESS)) != 0 ||
428664f4763Szrj (r = sshpkt_send(ssh)) != 0 ||
429664f4763Szrj (r = ssh_packet_write_wait(ssh)) != 0)
43050a69bb5SSascha Wildner fatal_fr(r, "send success packet");
43118de8d7fSPeter Avalos /* now we can break out */
43218de8d7fSPeter Avalos authctxt->success = 1;
433ce74bacaSMatthew Dillon ssh_packet_set_log_preamble(ssh, "user %s", authctxt->user);
43418de8d7fSPeter Avalos } else {
43518de8d7fSPeter Avalos /* Allow initial try of "none" auth without failure penalty */
436e9778795SPeter Avalos if (!partial && !authctxt->server_caused_failure &&
4371c188a7fSPeter Avalos (authctxt->attempt > 1 || strcmp(method, "none") != 0))
43818de8d7fSPeter Avalos authctxt->failures++;
43918de8d7fSPeter Avalos if (authctxt->failures >= options.max_authtries) {
44018de8d7fSPeter Avalos #ifdef SSH_AUDIT_EVENTS
441664f4763Szrj PRIVSEP(audit_event(ssh, SSH_LOGIN_EXCEED_MAXTRIES));
44218de8d7fSPeter Avalos #endif
443664f4763Szrj auth_maxtries_exceeded(ssh);
44418de8d7fSPeter Avalos }
44536e94dc5SPeter Avalos methods = authmethods_get(authctxt);
44650a69bb5SSascha Wildner debug3_f("failure partial=%d next methods=\"%s\"",
44736e94dc5SPeter Avalos partial, methods);
448664f4763Szrj if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_FAILURE)) != 0 ||
449664f4763Szrj (r = sshpkt_put_cstring(ssh, methods)) != 0 ||
450664f4763Szrj (r = sshpkt_put_u8(ssh, partial)) != 0 ||
451664f4763Szrj (r = sshpkt_send(ssh)) != 0 ||
452664f4763Szrj (r = ssh_packet_write_wait(ssh)) != 0)
45350a69bb5SSascha Wildner fatal_fr(r, "send failure packet");
45436e94dc5SPeter Avalos free(methods);
45518de8d7fSPeter Avalos }
45618de8d7fSPeter Avalos }
45718de8d7fSPeter Avalos
45836e94dc5SPeter Avalos /*
45936e94dc5SPeter Avalos * Checks whether method is allowed by at least one AuthenticationMethods
46036e94dc5SPeter Avalos * methods list. Returns 1 if allowed, or no methods lists configured.
46136e94dc5SPeter Avalos * 0 otherwise.
46236e94dc5SPeter Avalos */
46336e94dc5SPeter Avalos int
auth2_method_allowed(Authctxt * authctxt,const char * method,const char * submethod)46436e94dc5SPeter Avalos auth2_method_allowed(Authctxt *authctxt, const char *method,
46536e94dc5SPeter Avalos const char *submethod)
46636e94dc5SPeter Avalos {
46736e94dc5SPeter Avalos u_int i;
46836e94dc5SPeter Avalos
46936e94dc5SPeter Avalos /*
47036e94dc5SPeter Avalos * NB. authctxt->num_auth_methods might be zero as a result of
47136e94dc5SPeter Avalos * auth2_setup_methods_lists(), so check the configuration.
47236e94dc5SPeter Avalos */
47336e94dc5SPeter Avalos if (options.num_auth_methods == 0)
47436e94dc5SPeter Avalos return 1;
47536e94dc5SPeter Avalos for (i = 0; i < authctxt->num_auth_methods; i++) {
47636e94dc5SPeter Avalos if (list_starts_with(authctxt->auth_methods[i], method,
47736e94dc5SPeter Avalos submethod) != MATCH_NONE)
47836e94dc5SPeter Avalos return 1;
47936e94dc5SPeter Avalos }
48036e94dc5SPeter Avalos return 0;
48136e94dc5SPeter Avalos }
48236e94dc5SPeter Avalos
48318de8d7fSPeter Avalos static char *
authmethods_get(Authctxt * authctxt)48436e94dc5SPeter Avalos authmethods_get(Authctxt *authctxt)
48518de8d7fSPeter Avalos {
486664f4763Szrj struct sshbuf *b;
48718de8d7fSPeter Avalos char *list;
488664f4763Szrj int i, r;
48918de8d7fSPeter Avalos
490664f4763Szrj if ((b = sshbuf_new()) == NULL)
49150a69bb5SSascha Wildner fatal_f("sshbuf_new failed");
49218de8d7fSPeter Avalos for (i = 0; authmethods[i] != NULL; i++) {
49318de8d7fSPeter Avalos if (strcmp(authmethods[i]->name, "none") == 0)
49418de8d7fSPeter Avalos continue;
49536e94dc5SPeter Avalos if (authmethods[i]->enabled == NULL ||
49636e94dc5SPeter Avalos *(authmethods[i]->enabled) == 0)
49736e94dc5SPeter Avalos continue;
49836e94dc5SPeter Avalos if (!auth2_method_allowed(authctxt, authmethods[i]->name,
49936e94dc5SPeter Avalos NULL))
50036e94dc5SPeter Avalos continue;
501664f4763Szrj if ((r = sshbuf_putf(b, "%s%s", sshbuf_len(b) ? "," : "",
502664f4763Szrj authmethods[i]->name)) != 0)
50350a69bb5SSascha Wildner fatal_fr(r, "buffer error");
50418de8d7fSPeter Avalos }
505664f4763Szrj if ((list = sshbuf_dup_string(b)) == NULL)
50650a69bb5SSascha Wildner fatal_f("sshbuf_dup_string failed");
507664f4763Szrj sshbuf_free(b);
50818de8d7fSPeter Avalos return list;
50918de8d7fSPeter Avalos }
51018de8d7fSPeter Avalos
51118de8d7fSPeter Avalos static Authmethod *
authmethod_byname(const char * name)512*ee116499SAntonio Huete Jimenez authmethod_byname(const char *name)
51318de8d7fSPeter Avalos {
51418de8d7fSPeter Avalos int i;
51518de8d7fSPeter Avalos
516*ee116499SAntonio Huete Jimenez if (name == NULL)
517*ee116499SAntonio Huete Jimenez fatal_f("NULL authentication method name");
518*ee116499SAntonio Huete Jimenez for (i = 0; authmethods[i] != NULL; i++) {
519*ee116499SAntonio Huete Jimenez if (strcmp(name, authmethods[i]->name) == 0 ||
520*ee116499SAntonio Huete Jimenez (authmethods[i]->synonym != NULL &&
521*ee116499SAntonio Huete Jimenez strcmp(name, authmethods[i]->synonym) == 0))
52218de8d7fSPeter Avalos return authmethods[i];
523*ee116499SAntonio Huete Jimenez }
524*ee116499SAntonio Huete Jimenez debug_f("unrecognized authentication method name: %s", name);
52518de8d7fSPeter Avalos return NULL;
52618de8d7fSPeter Avalos }
52718de8d7fSPeter Avalos
528*ee116499SAntonio Huete Jimenez static Authmethod *
authmethod_lookup(Authctxt * authctxt,const char * name)529*ee116499SAntonio Huete Jimenez authmethod_lookup(Authctxt *authctxt, const char *name)
530*ee116499SAntonio Huete Jimenez {
531*ee116499SAntonio Huete Jimenez Authmethod *method;
532*ee116499SAntonio Huete Jimenez
533*ee116499SAntonio Huete Jimenez if ((method = authmethod_byname(name)) == NULL)
534*ee116499SAntonio Huete Jimenez return NULL;
535*ee116499SAntonio Huete Jimenez
536*ee116499SAntonio Huete Jimenez if (method->enabled == NULL || *(method->enabled) == 0) {
537*ee116499SAntonio Huete Jimenez debug3_f("method %s not enabled", name);
538*ee116499SAntonio Huete Jimenez return NULL;
539*ee116499SAntonio Huete Jimenez }
540*ee116499SAntonio Huete Jimenez if (!auth2_method_allowed(authctxt, method->name, NULL)) {
541*ee116499SAntonio Huete Jimenez debug3_f("method %s not allowed "
542*ee116499SAntonio Huete Jimenez "by AuthenticationMethods", name);
543*ee116499SAntonio Huete Jimenez return NULL;
544*ee116499SAntonio Huete Jimenez }
545*ee116499SAntonio Huete Jimenez return method;
546*ee116499SAntonio Huete Jimenez }
547*ee116499SAntonio Huete Jimenez
54836e94dc5SPeter Avalos /*
54936e94dc5SPeter Avalos * Check a comma-separated list of methods for validity. Is need_enable is
55036e94dc5SPeter Avalos * non-zero, then also require that the methods are enabled.
55136e94dc5SPeter Avalos * Returns 0 on success or -1 if the methods list is invalid.
55236e94dc5SPeter Avalos */
55336e94dc5SPeter Avalos int
auth2_methods_valid(const char * _methods,int need_enable)55436e94dc5SPeter Avalos auth2_methods_valid(const char *_methods, int need_enable)
55536e94dc5SPeter Avalos {
55636e94dc5SPeter Avalos char *methods, *omethods, *method, *p;
55736e94dc5SPeter Avalos u_int i, found;
55836e94dc5SPeter Avalos int ret = -1;
55936e94dc5SPeter Avalos
56036e94dc5SPeter Avalos if (*_methods == '\0') {
56136e94dc5SPeter Avalos error("empty authentication method list");
56236e94dc5SPeter Avalos return -1;
56336e94dc5SPeter Avalos }
56436e94dc5SPeter Avalos omethods = methods = xstrdup(_methods);
56536e94dc5SPeter Avalos while ((method = strsep(&methods, ",")) != NULL) {
56636e94dc5SPeter Avalos for (found = i = 0; !found && authmethods[i] != NULL; i++) {
56736e94dc5SPeter Avalos if ((p = strchr(method, ':')) != NULL)
56836e94dc5SPeter Avalos *p = '\0';
56936e94dc5SPeter Avalos if (strcmp(method, authmethods[i]->name) != 0)
57036e94dc5SPeter Avalos continue;
57136e94dc5SPeter Avalos if (need_enable) {
57236e94dc5SPeter Avalos if (authmethods[i]->enabled == NULL ||
57336e94dc5SPeter Avalos *(authmethods[i]->enabled) == 0) {
57436e94dc5SPeter Avalos error("Disabled method \"%s\" in "
57536e94dc5SPeter Avalos "AuthenticationMethods list \"%s\"",
57636e94dc5SPeter Avalos method, _methods);
57736e94dc5SPeter Avalos goto out;
57836e94dc5SPeter Avalos }
57936e94dc5SPeter Avalos }
58036e94dc5SPeter Avalos found = 1;
58136e94dc5SPeter Avalos break;
58236e94dc5SPeter Avalos }
58336e94dc5SPeter Avalos if (!found) {
58436e94dc5SPeter Avalos error("Unknown authentication method \"%s\" in list",
58536e94dc5SPeter Avalos method);
58636e94dc5SPeter Avalos goto out;
58736e94dc5SPeter Avalos }
58836e94dc5SPeter Avalos }
58936e94dc5SPeter Avalos ret = 0;
59036e94dc5SPeter Avalos out:
59136e94dc5SPeter Avalos free(omethods);
59236e94dc5SPeter Avalos return ret;
59336e94dc5SPeter Avalos }
59436e94dc5SPeter Avalos
59536e94dc5SPeter Avalos /*
59636e94dc5SPeter Avalos * Prune the AuthenticationMethods supplied in the configuration, removing
59736e94dc5SPeter Avalos * any methods lists that include disabled methods. Note that this might
59836e94dc5SPeter Avalos * leave authctxt->num_auth_methods == 0, even when multiple required auth
59936e94dc5SPeter Avalos * has been requested. For this reason, all tests for whether multiple is
60036e94dc5SPeter Avalos * enabled should consult options.num_auth_methods directly.
60136e94dc5SPeter Avalos */
60236e94dc5SPeter Avalos int
auth2_setup_methods_lists(Authctxt * authctxt)60336e94dc5SPeter Avalos auth2_setup_methods_lists(Authctxt *authctxt)
60436e94dc5SPeter Avalos {
60536e94dc5SPeter Avalos u_int i;
60636e94dc5SPeter Avalos
607664f4763Szrj /* First, normalise away the "any" pseudo-method */
608664f4763Szrj if (options.num_auth_methods == 1 &&
609664f4763Szrj strcmp(options.auth_methods[0], "any") == 0) {
610664f4763Szrj free(options.auth_methods[0]);
611664f4763Szrj options.auth_methods[0] = NULL;
612664f4763Szrj options.num_auth_methods = 0;
613664f4763Szrj }
614664f4763Szrj
61536e94dc5SPeter Avalos if (options.num_auth_methods == 0)
61636e94dc5SPeter Avalos return 0;
61750a69bb5SSascha Wildner debug3_f("checking methods");
61836e94dc5SPeter Avalos authctxt->auth_methods = xcalloc(options.num_auth_methods,
61936e94dc5SPeter Avalos sizeof(*authctxt->auth_methods));
62036e94dc5SPeter Avalos authctxt->num_auth_methods = 0;
62136e94dc5SPeter Avalos for (i = 0; i < options.num_auth_methods; i++) {
62236e94dc5SPeter Avalos if (auth2_methods_valid(options.auth_methods[i], 1) != 0) {
62336e94dc5SPeter Avalos logit("Authentication methods list \"%s\" contains "
62436e94dc5SPeter Avalos "disabled method, skipping",
62536e94dc5SPeter Avalos options.auth_methods[i]);
62636e94dc5SPeter Avalos continue;
62736e94dc5SPeter Avalos }
62836e94dc5SPeter Avalos debug("authentication methods list %d: %s",
62936e94dc5SPeter Avalos authctxt->num_auth_methods, options.auth_methods[i]);
63036e94dc5SPeter Avalos authctxt->auth_methods[authctxt->num_auth_methods++] =
63136e94dc5SPeter Avalos xstrdup(options.auth_methods[i]);
63236e94dc5SPeter Avalos }
63336e94dc5SPeter Avalos if (authctxt->num_auth_methods == 0) {
63436e94dc5SPeter Avalos error("No AuthenticationMethods left after eliminating "
63536e94dc5SPeter Avalos "disabled methods");
63636e94dc5SPeter Avalos return -1;
63736e94dc5SPeter Avalos }
63836e94dc5SPeter Avalos return 0;
63936e94dc5SPeter Avalos }
64036e94dc5SPeter Avalos
64136e94dc5SPeter Avalos static int
list_starts_with(const char * methods,const char * method,const char * submethod)64236e94dc5SPeter Avalos list_starts_with(const char *methods, const char *method,
64336e94dc5SPeter Avalos const char *submethod)
64436e94dc5SPeter Avalos {
64536e94dc5SPeter Avalos size_t l = strlen(method);
64636e94dc5SPeter Avalos int match;
64736e94dc5SPeter Avalos const char *p;
64836e94dc5SPeter Avalos
64936e94dc5SPeter Avalos if (strncmp(methods, method, l) != 0)
65036e94dc5SPeter Avalos return MATCH_NONE;
65136e94dc5SPeter Avalos p = methods + l;
65236e94dc5SPeter Avalos match = MATCH_METHOD;
65336e94dc5SPeter Avalos if (*p == ':') {
65436e94dc5SPeter Avalos if (!submethod)
65536e94dc5SPeter Avalos return MATCH_PARTIAL;
65636e94dc5SPeter Avalos l = strlen(submethod);
65736e94dc5SPeter Avalos p += 1;
65836e94dc5SPeter Avalos if (strncmp(submethod, p, l))
65936e94dc5SPeter Avalos return MATCH_NONE;
66036e94dc5SPeter Avalos p += l;
66136e94dc5SPeter Avalos match = MATCH_BOTH;
66236e94dc5SPeter Avalos }
66336e94dc5SPeter Avalos if (*p != ',' && *p != '\0')
66436e94dc5SPeter Avalos return MATCH_NONE;
66536e94dc5SPeter Avalos return match;
66636e94dc5SPeter Avalos }
66736e94dc5SPeter Avalos
66836e94dc5SPeter Avalos /*
66936e94dc5SPeter Avalos * Remove method from the start of a comma-separated list of methods.
67036e94dc5SPeter Avalos * Returns 0 if the list of methods did not start with that method or 1
67136e94dc5SPeter Avalos * if it did.
67236e94dc5SPeter Avalos */
67336e94dc5SPeter Avalos static int
remove_method(char ** methods,const char * method,const char * submethod)67436e94dc5SPeter Avalos remove_method(char **methods, const char *method, const char *submethod)
67536e94dc5SPeter Avalos {
67636e94dc5SPeter Avalos char *omethods = *methods, *p;
67736e94dc5SPeter Avalos size_t l = strlen(method);
67836e94dc5SPeter Avalos int match;
67936e94dc5SPeter Avalos
68036e94dc5SPeter Avalos match = list_starts_with(omethods, method, submethod);
68136e94dc5SPeter Avalos if (match != MATCH_METHOD && match != MATCH_BOTH)
68236e94dc5SPeter Avalos return 0;
68336e94dc5SPeter Avalos p = omethods + l;
68436e94dc5SPeter Avalos if (submethod && match == MATCH_BOTH)
68536e94dc5SPeter Avalos p += 1 + strlen(submethod); /* include colon */
68636e94dc5SPeter Avalos if (*p == ',')
68736e94dc5SPeter Avalos p++;
68836e94dc5SPeter Avalos *methods = xstrdup(p);
68936e94dc5SPeter Avalos free(omethods);
69036e94dc5SPeter Avalos return 1;
69136e94dc5SPeter Avalos }
69236e94dc5SPeter Avalos
69336e94dc5SPeter Avalos /*
69436e94dc5SPeter Avalos * Called after successful authentication. Will remove the successful method
69536e94dc5SPeter Avalos * from the start of each list in which it occurs. If it was the last method
69636e94dc5SPeter Avalos * in any list, then authentication is deemed successful.
69736e94dc5SPeter Avalos * Returns 1 if the method completed any authentication list or 0 otherwise.
69836e94dc5SPeter Avalos */
69936e94dc5SPeter Avalos int
auth2_update_methods_lists(Authctxt * authctxt,const char * method,const char * submethod)70036e94dc5SPeter Avalos auth2_update_methods_lists(Authctxt *authctxt, const char *method,
70136e94dc5SPeter Avalos const char *submethod)
70236e94dc5SPeter Avalos {
70336e94dc5SPeter Avalos u_int i, found = 0;
70436e94dc5SPeter Avalos
70550a69bb5SSascha Wildner debug3_f("updating methods list after \"%s\"", method);
70636e94dc5SPeter Avalos for (i = 0; i < authctxt->num_auth_methods; i++) {
70736e94dc5SPeter Avalos if (!remove_method(&(authctxt->auth_methods[i]), method,
70836e94dc5SPeter Avalos submethod))
70936e94dc5SPeter Avalos continue;
71036e94dc5SPeter Avalos found = 1;
71136e94dc5SPeter Avalos if (*authctxt->auth_methods[i] == '\0') {
71236e94dc5SPeter Avalos debug2("authentication methods list %d complete", i);
71336e94dc5SPeter Avalos return 1;
71436e94dc5SPeter Avalos }
71536e94dc5SPeter Avalos debug3("authentication methods list %d remaining: \"%s\"",
71636e94dc5SPeter Avalos i, authctxt->auth_methods[i]);
71736e94dc5SPeter Avalos }
71836e94dc5SPeter Avalos /* This should not happen, but would be bad if it did */
71936e94dc5SPeter Avalos if (!found)
72050a69bb5SSascha Wildner fatal_f("method not in AuthenticationMethods");
72136e94dc5SPeter Avalos return 0;
72236e94dc5SPeter Avalos }
72336e94dc5SPeter Avalos
724ce74bacaSMatthew Dillon /* Reset method-specific information */
auth2_authctxt_reset_info(Authctxt * authctxt)725ce74bacaSMatthew Dillon void auth2_authctxt_reset_info(Authctxt *authctxt)
726ce74bacaSMatthew Dillon {
727ce74bacaSMatthew Dillon sshkey_free(authctxt->auth_method_key);
728ce74bacaSMatthew Dillon free(authctxt->auth_method_info);
729ce74bacaSMatthew Dillon authctxt->auth_method_key = NULL;
730ce74bacaSMatthew Dillon authctxt->auth_method_info = NULL;
731ce74bacaSMatthew Dillon }
732ce74bacaSMatthew Dillon
733ce74bacaSMatthew Dillon /* Record auth method-specific information for logs */
734ce74bacaSMatthew Dillon void
auth2_record_info(Authctxt * authctxt,const char * fmt,...)735ce74bacaSMatthew Dillon auth2_record_info(Authctxt *authctxt, const char *fmt, ...)
736ce74bacaSMatthew Dillon {
737ce74bacaSMatthew Dillon va_list ap;
738ce74bacaSMatthew Dillon int i;
739ce74bacaSMatthew Dillon
740ce74bacaSMatthew Dillon free(authctxt->auth_method_info);
741ce74bacaSMatthew Dillon authctxt->auth_method_info = NULL;
742ce74bacaSMatthew Dillon
743ce74bacaSMatthew Dillon va_start(ap, fmt);
744ce74bacaSMatthew Dillon i = vasprintf(&authctxt->auth_method_info, fmt, ap);
745ce74bacaSMatthew Dillon va_end(ap);
746ce74bacaSMatthew Dillon
7470cbfa66cSDaniel Fojt if (i == -1)
74850a69bb5SSascha Wildner fatal_f("vasprintf failed");
749ce74bacaSMatthew Dillon }
750ce74bacaSMatthew Dillon
751ce74bacaSMatthew Dillon /*
752ce74bacaSMatthew Dillon * Records a public key used in authentication. This is used for logging
753ce74bacaSMatthew Dillon * and to ensure that the same key is not subsequently accepted again for
754ce74bacaSMatthew Dillon * multiple authentication.
755ce74bacaSMatthew Dillon */
756ce74bacaSMatthew Dillon void
auth2_record_key(Authctxt * authctxt,int authenticated,const struct sshkey * key)757ce74bacaSMatthew Dillon auth2_record_key(Authctxt *authctxt, int authenticated,
758ce74bacaSMatthew Dillon const struct sshkey *key)
759ce74bacaSMatthew Dillon {
760ce74bacaSMatthew Dillon struct sshkey **tmp, *dup;
761ce74bacaSMatthew Dillon int r;
762ce74bacaSMatthew Dillon
763664f4763Szrj if ((r = sshkey_from_private(key, &dup)) != 0)
76450a69bb5SSascha Wildner fatal_fr(r, "copy key");
765ce74bacaSMatthew Dillon sshkey_free(authctxt->auth_method_key);
766ce74bacaSMatthew Dillon authctxt->auth_method_key = dup;
767ce74bacaSMatthew Dillon
768ce74bacaSMatthew Dillon if (!authenticated)
769ce74bacaSMatthew Dillon return;
770ce74bacaSMatthew Dillon
771ce74bacaSMatthew Dillon /* If authenticated, make sure we don't accept this key again */
772664f4763Szrj if ((r = sshkey_from_private(key, &dup)) != 0)
77350a69bb5SSascha Wildner fatal_fr(r, "copy key");
774ce74bacaSMatthew Dillon if (authctxt->nprev_keys >= INT_MAX ||
775ce74bacaSMatthew Dillon (tmp = recallocarray(authctxt->prev_keys, authctxt->nprev_keys,
776ce74bacaSMatthew Dillon authctxt->nprev_keys + 1, sizeof(*authctxt->prev_keys))) == NULL)
77750a69bb5SSascha Wildner fatal_f("reallocarray failed");
778ce74bacaSMatthew Dillon authctxt->prev_keys = tmp;
779ce74bacaSMatthew Dillon authctxt->prev_keys[authctxt->nprev_keys] = dup;
780ce74bacaSMatthew Dillon authctxt->nprev_keys++;
781ce74bacaSMatthew Dillon
782ce74bacaSMatthew Dillon }
783ce74bacaSMatthew Dillon
784ce74bacaSMatthew Dillon /* Checks whether a key has already been previously used for authentication */
785ce74bacaSMatthew Dillon int
auth2_key_already_used(Authctxt * authctxt,const struct sshkey * key)786ce74bacaSMatthew Dillon auth2_key_already_used(Authctxt *authctxt, const struct sshkey *key)
787ce74bacaSMatthew Dillon {
788ce74bacaSMatthew Dillon u_int i;
789ce74bacaSMatthew Dillon char *fp;
790ce74bacaSMatthew Dillon
791ce74bacaSMatthew Dillon for (i = 0; i < authctxt->nprev_keys; i++) {
792ce74bacaSMatthew Dillon if (sshkey_equal_public(key, authctxt->prev_keys[i])) {
793ce74bacaSMatthew Dillon fp = sshkey_fingerprint(authctxt->prev_keys[i],
794ce74bacaSMatthew Dillon options.fingerprint_hash, SSH_FP_DEFAULT);
79550a69bb5SSascha Wildner debug3_f("key already used: %s %s",
796ce74bacaSMatthew Dillon sshkey_type(authctxt->prev_keys[i]),
797ce74bacaSMatthew Dillon fp == NULL ? "UNKNOWN" : fp);
798ce74bacaSMatthew Dillon free(fp);
799ce74bacaSMatthew Dillon return 1;
800ce74bacaSMatthew Dillon }
801ce74bacaSMatthew Dillon }
802ce74bacaSMatthew Dillon return 0;
803ce74bacaSMatthew Dillon }
804ce74bacaSMatthew Dillon
805ce74bacaSMatthew Dillon /*
806ce74bacaSMatthew Dillon * Updates authctxt->session_info with details of authentication. Should be
807ce74bacaSMatthew Dillon * whenever an authentication method succeeds.
808ce74bacaSMatthew Dillon */
809ce74bacaSMatthew Dillon void
auth2_update_session_info(Authctxt * authctxt,const char * method,const char * submethod)810ce74bacaSMatthew Dillon auth2_update_session_info(Authctxt *authctxt, const char *method,
811ce74bacaSMatthew Dillon const char *submethod)
812ce74bacaSMatthew Dillon {
813ce74bacaSMatthew Dillon int r;
814ce74bacaSMatthew Dillon
815ce74bacaSMatthew Dillon if (authctxt->session_info == NULL) {
816ce74bacaSMatthew Dillon if ((authctxt->session_info = sshbuf_new()) == NULL)
81750a69bb5SSascha Wildner fatal_f("sshbuf_new");
818ce74bacaSMatthew Dillon }
819ce74bacaSMatthew Dillon
820ce74bacaSMatthew Dillon /* Append method[/submethod] */
821ce74bacaSMatthew Dillon if ((r = sshbuf_putf(authctxt->session_info, "%s%s%s",
822ce74bacaSMatthew Dillon method, submethod == NULL ? "" : "/",
823ce74bacaSMatthew Dillon submethod == NULL ? "" : submethod)) != 0)
82450a69bb5SSascha Wildner fatal_fr(r, "append method");
825ce74bacaSMatthew Dillon
826ce74bacaSMatthew Dillon /* Append key if present */
827ce74bacaSMatthew Dillon if (authctxt->auth_method_key != NULL) {
828ce74bacaSMatthew Dillon if ((r = sshbuf_put_u8(authctxt->session_info, ' ')) != 0 ||
829ce74bacaSMatthew Dillon (r = sshkey_format_text(authctxt->auth_method_key,
830ce74bacaSMatthew Dillon authctxt->session_info)) != 0)
83150a69bb5SSascha Wildner fatal_fr(r, "append key");
832ce74bacaSMatthew Dillon }
833ce74bacaSMatthew Dillon
834ce74bacaSMatthew Dillon if (authctxt->auth_method_info != NULL) {
835ce74bacaSMatthew Dillon /* Ensure no ambiguity here */
836ce74bacaSMatthew Dillon if (strchr(authctxt->auth_method_info, '\n') != NULL)
83750a69bb5SSascha Wildner fatal_f("auth_method_info contains \\n");
838ce74bacaSMatthew Dillon if ((r = sshbuf_put_u8(authctxt->session_info, ' ')) != 0 ||
839ce74bacaSMatthew Dillon (r = sshbuf_putf(authctxt->session_info, "%s",
840ce74bacaSMatthew Dillon authctxt->auth_method_info)) != 0) {
84150a69bb5SSascha Wildner fatal_fr(r, "append method info");
842ce74bacaSMatthew Dillon }
843ce74bacaSMatthew Dillon }
844ce74bacaSMatthew Dillon if ((r = sshbuf_put_u8(authctxt->session_info, '\n')) != 0)
84550a69bb5SSascha Wildner fatal_fr(r, "append");
846ce74bacaSMatthew Dillon }
84736e94dc5SPeter Avalos
848