1 /* $OpenBSD: sshconnect2.c,v 1.210 2014/07/15 15:54:14 millert Exp $ */ 2 /* 3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 4 * Copyright (c) 2008 Damien Miller. All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 16 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 17 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 18 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 19 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 20 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 21 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 22 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 24 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 25 */ 26 27 #include "includes.h" 28 29 #include <sys/types.h> 30 #include <sys/socket.h> 31 #include <sys/wait.h> 32 #include <sys/stat.h> 33 34 #include <errno.h> 35 #include <fcntl.h> 36 #include <netdb.h> 37 #include <pwd.h> 38 #include <signal.h> 39 #include <stdarg.h> 40 #include <stdio.h> 41 #include <string.h> 42 #include <unistd.h> 43 #if defined(HAVE_STRNVIS) && defined(HAVE_VIS_H) && !defined(BROKEN_STRNVIS) 44 #include <vis.h> 45 #endif 46 47 #include "openbsd-compat/sys-queue.h" 48 49 #include "xmalloc.h" 50 #include "ssh.h" 51 #include "ssh2.h" 52 #include "buffer.h" 53 #include "packet.h" 54 #include "compat.h" 55 #include "cipher.h" 56 #include "key.h" 57 #include "kex.h" 58 #include "myproposal.h" 59 #include "sshconnect.h" 60 #include "authfile.h" 61 #include "dh.h" 62 #include "authfd.h" 63 #include "log.h" 64 #include "misc.h" 65 #include "readconf.h" 66 #include "match.h" 67 #include "dispatch.h" 68 #include "canohost.h" 69 #include "msg.h" 70 #include "pathnames.h" 71 #include "uidswap.h" 72 #include "hostfile.h" 73 74 #ifdef GSSAPI 75 #include "ssh-gss.h" 76 #endif 77 78 /* import */ 79 extern char *client_version_string; 80 extern char *server_version_string; 81 extern Options options; 82 extern Kex *xxx_kex; 83 84 /* tty_flag is set in ssh.c. use this in ssh_userauth2 */ 85 /* if it is set then prevent the switch to the null cipher */ 86 87 extern int tty_flag; 88 89 /* 90 * SSH2 key exchange 91 */ 92 93 u_char *session_id2 = NULL; 94 u_int session_id2_len = 0; 95 96 char *xxx_host; 97 struct sockaddr *xxx_hostaddr; 98 99 Kex *xxx_kex = NULL; 100 101 static int 102 verify_host_key_callback(Key *hostkey) 103 { 104 if (verify_host_key(xxx_host, xxx_hostaddr, hostkey) == -1) 105 fatal("Host key verification failed."); 106 return 0; 107 } 108 109 static char * 110 order_hostkeyalgs(char *host, struct sockaddr *hostaddr, u_short port) 111 { 112 char *oavail, *avail, *first, *last, *alg, *hostname, *ret; 113 size_t maxlen; 114 struct hostkeys *hostkeys; 115 int ktype; 116 u_int i; 117 118 /* Find all hostkeys for this hostname */ 119 get_hostfile_hostname_ipaddr(host, hostaddr, port, &hostname, NULL); 120 hostkeys = init_hostkeys(); 121 for (i = 0; i < options.num_user_hostfiles; i++) 122 load_hostkeys(hostkeys, hostname, options.user_hostfiles[i]); 123 for (i = 0; i < options.num_system_hostfiles; i++) 124 load_hostkeys(hostkeys, hostname, options.system_hostfiles[i]); 125 126 oavail = avail = xstrdup(KEX_DEFAULT_PK_ALG); 127 maxlen = strlen(avail) + 1; 128 first = xmalloc(maxlen); 129 last = xmalloc(maxlen); 130 *first = *last = '\0'; 131 132 #define ALG_APPEND(to, from) \ 133 do { \ 134 if (*to != '\0') \ 135 strlcat(to, ",", maxlen); \ 136 strlcat(to, from, maxlen); \ 137 } while (0) 138 139 while ((alg = strsep(&avail, ",")) && *alg != '\0') { 140 if ((ktype = key_type_from_name(alg)) == KEY_UNSPEC) 141 fatal("%s: unknown alg %s", __func__, alg); 142 if (lookup_key_in_hostkeys_by_type(hostkeys, 143 key_type_plain(ktype), NULL)) 144 ALG_APPEND(first, alg); 145 else 146 ALG_APPEND(last, alg); 147 } 148 #undef ALG_APPEND 149 xasprintf(&ret, "%s%s%s", first, *first == '\0' ? "" : ",", last); 150 if (*first != '\0') 151 debug3("%s: prefer hostkeyalgs: %s", __func__, first); 152 153 free(first); 154 free(last); 155 free(hostname); 156 free(oavail); 157 free_hostkeys(hostkeys); 158 159 return ret; 160 } 161 162 static char *myproposal[PROPOSAL_MAX]; 163 static const char *myproposal_default[PROPOSAL_MAX] = { KEX_CLIENT }; 164 165 void 166 ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) 167 { 168 Kex *kex; 169 170 memcpy(&myproposal, &myproposal_default, sizeof(myproposal)); 171 172 xxx_host = host; 173 xxx_hostaddr = hostaddr; 174 175 if (options.ciphers == (char *)-1) { 176 logit("No valid ciphers for protocol version 2 given, using defaults."); 177 options.ciphers = NULL; 178 } 179 if (options.ciphers != NULL) { 180 myproposal[PROPOSAL_ENC_ALGS_CTOS] = 181 myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers; 182 } 183 myproposal[PROPOSAL_ENC_ALGS_CTOS] = 184 compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_CTOS]); 185 myproposal[PROPOSAL_ENC_ALGS_STOC] = 186 compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_STOC]); 187 if (options.compression) { 188 myproposal[PROPOSAL_COMP_ALGS_CTOS] = 189 myproposal[PROPOSAL_COMP_ALGS_STOC] = "zlib@openssh.com,zlib,none"; 190 } else { 191 myproposal[PROPOSAL_COMP_ALGS_CTOS] = 192 myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib@openssh.com,zlib"; 193 } 194 if (options.macs != NULL) { 195 myproposal[PROPOSAL_MAC_ALGS_CTOS] = 196 myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs; 197 } 198 if (options.hostkeyalgorithms != NULL) 199 myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = 200 compat_pkalg_proposal(options.hostkeyalgorithms); 201 else { 202 /* Prefer algorithms that we already have keys for */ 203 myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = 204 compat_pkalg_proposal( 205 order_hostkeyalgs(host, hostaddr, port)); 206 } 207 if (options.kex_algorithms != NULL) 208 myproposal[PROPOSAL_KEX_ALGS] = options.kex_algorithms; 209 myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal( 210 myproposal[PROPOSAL_KEX_ALGS]); 211 212 if (options.rekey_limit || options.rekey_interval) 213 packet_set_rekey_limits((u_int32_t)options.rekey_limit, 214 (time_t)options.rekey_interval); 215 216 /* start key exchange */ 217 kex = kex_setup(myproposal); 218 #ifdef WITH_OPENSSL 219 kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client; 220 kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client; 221 kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; 222 kex->kex[KEX_DH_GEX_SHA256] = kexgex_client; 223 kex->kex[KEX_ECDH_SHA2] = kexecdh_client; 224 #endif 225 kex->kex[KEX_C25519_SHA256] = kexc25519_client; 226 kex->client_version_string=client_version_string; 227 kex->server_version_string=server_version_string; 228 kex->verify_host_key=&verify_host_key_callback; 229 230 xxx_kex = kex; 231 232 dispatch_run(DISPATCH_BLOCK, &kex->done, kex); 233 234 if (options.use_roaming && !kex->roaming) { 235 debug("Roaming not allowed by server"); 236 options.use_roaming = 0; 237 } 238 239 session_id2 = kex->session_id; 240 session_id2_len = kex->session_id_len; 241 242 #ifdef DEBUG_KEXDH 243 /* send 1st encrypted/maced/compressed message */ 244 packet_start(SSH2_MSG_IGNORE); 245 packet_put_cstring("markus"); 246 packet_send(); 247 packet_write_wait(); 248 #endif 249 } 250 251 /* 252 * Authenticate user 253 */ 254 255 typedef struct Authctxt Authctxt; 256 typedef struct Authmethod Authmethod; 257 typedef struct identity Identity; 258 typedef struct idlist Idlist; 259 260 struct identity { 261 TAILQ_ENTRY(identity) next; 262 AuthenticationConnection *ac; /* set if agent supports key */ 263 Key *key; /* public/private key */ 264 char *filename; /* comment for agent-only keys */ 265 int tried; 266 int isprivate; /* key points to the private key */ 267 int userprovided; 268 }; 269 TAILQ_HEAD(idlist, identity); 270 271 struct Authctxt { 272 const char *server_user; 273 const char *local_user; 274 const char *host; 275 const char *service; 276 Authmethod *method; 277 sig_atomic_t success; 278 char *authlist; 279 /* pubkey */ 280 Idlist keys; 281 AuthenticationConnection *agent; 282 /* hostbased */ 283 Sensitive *sensitive; 284 /* kbd-interactive */ 285 int info_req_seen; 286 /* generic */ 287 void *methoddata; 288 }; 289 struct Authmethod { 290 char *name; /* string to compare against server's list */ 291 int (*userauth)(Authctxt *authctxt); 292 void (*cleanup)(Authctxt *authctxt); 293 int *enabled; /* flag in option struct that enables method */ 294 int *batch_flag; /* flag in option struct that disables method */ 295 }; 296 297 void input_userauth_success(int, u_int32_t, void *); 298 void input_userauth_success_unexpected(int, u_int32_t, void *); 299 void input_userauth_failure(int, u_int32_t, void *); 300 void input_userauth_banner(int, u_int32_t, void *); 301 void input_userauth_error(int, u_int32_t, void *); 302 void input_userauth_info_req(int, u_int32_t, void *); 303 void input_userauth_pk_ok(int, u_int32_t, void *); 304 void input_userauth_passwd_changereq(int, u_int32_t, void *); 305 306 int userauth_none(Authctxt *); 307 int userauth_pubkey(Authctxt *); 308 int userauth_passwd(Authctxt *); 309 int userauth_kbdint(Authctxt *); 310 int userauth_hostbased(Authctxt *); 311 312 #ifdef GSSAPI 313 int userauth_gssapi(Authctxt *authctxt); 314 void input_gssapi_response(int type, u_int32_t, void *); 315 void input_gssapi_token(int type, u_int32_t, void *); 316 void input_gssapi_hash(int type, u_int32_t, void *); 317 void input_gssapi_error(int, u_int32_t, void *); 318 void input_gssapi_errtok(int, u_int32_t, void *); 319 #endif 320 321 void userauth(Authctxt *, char *); 322 323 static int sign_and_send_pubkey(Authctxt *, Identity *); 324 static void pubkey_prepare(Authctxt *); 325 static void pubkey_cleanup(Authctxt *); 326 static Key *load_identity_file(char *, int); 327 328 static Authmethod *authmethod_get(char *authlist); 329 static Authmethod *authmethod_lookup(const char *name); 330 static char *authmethods_get(void); 331 332 Authmethod authmethods[] = { 333 #ifdef GSSAPI 334 {"gssapi-with-mic", 335 userauth_gssapi, 336 NULL, 337 &options.gss_authentication, 338 NULL}, 339 #endif 340 {"hostbased", 341 userauth_hostbased, 342 NULL, 343 &options.hostbased_authentication, 344 NULL}, 345 {"publickey", 346 userauth_pubkey, 347 NULL, 348 &options.pubkey_authentication, 349 NULL}, 350 {"keyboard-interactive", 351 userauth_kbdint, 352 NULL, 353 &options.kbd_interactive_authentication, 354 &options.batch_mode}, 355 {"password", 356 userauth_passwd, 357 NULL, 358 &options.password_authentication, 359 &options.batch_mode}, 360 {"none", 361 userauth_none, 362 NULL, 363 NULL, 364 NULL}, 365 {NULL, NULL, NULL, NULL, NULL} 366 }; 367 368 void 369 ssh_userauth2(const char *local_user, const char *server_user, char *host, 370 Sensitive *sensitive) 371 { 372 Authctxt authctxt; 373 int type; 374 375 if (options.challenge_response_authentication) 376 options.kbd_interactive_authentication = 1; 377 378 packet_start(SSH2_MSG_SERVICE_REQUEST); 379 packet_put_cstring("ssh-userauth"); 380 packet_send(); 381 debug("SSH2_MSG_SERVICE_REQUEST sent"); 382 packet_write_wait(); 383 type = packet_read(); 384 if (type != SSH2_MSG_SERVICE_ACCEPT) 385 fatal("Server denied authentication request: %d", type); 386 if (packet_remaining() > 0) { 387 char *reply = packet_get_string(NULL); 388 debug2("service_accept: %s", reply); 389 free(reply); 390 } else { 391 debug2("buggy server: service_accept w/o service"); 392 } 393 packet_check_eom(); 394 debug("SSH2_MSG_SERVICE_ACCEPT received"); 395 396 if (options.preferred_authentications == NULL) 397 options.preferred_authentications = authmethods_get(); 398 399 /* setup authentication context */ 400 memset(&authctxt, 0, sizeof(authctxt)); 401 pubkey_prepare(&authctxt); 402 authctxt.server_user = server_user; 403 authctxt.local_user = local_user; 404 authctxt.host = host; 405 authctxt.service = "ssh-connection"; /* service name */ 406 authctxt.success = 0; 407 authctxt.method = authmethod_lookup("none"); 408 authctxt.authlist = NULL; 409 authctxt.methoddata = NULL; 410 authctxt.sensitive = sensitive; 411 authctxt.info_req_seen = 0; 412 if (authctxt.method == NULL) 413 fatal("ssh_userauth2: internal error: cannot send userauth none request"); 414 415 /* initial userauth request */ 416 userauth_none(&authctxt); 417 418 dispatch_init(&input_userauth_error); 419 dispatch_set(SSH2_MSG_USERAUTH_SUCCESS, &input_userauth_success); 420 dispatch_set(SSH2_MSG_USERAUTH_FAILURE, &input_userauth_failure); 421 dispatch_set(SSH2_MSG_USERAUTH_BANNER, &input_userauth_banner); 422 dispatch_run(DISPATCH_BLOCK, &authctxt.success, &authctxt); /* loop until success */ 423 424 pubkey_cleanup(&authctxt); 425 dispatch_range(SSH2_MSG_USERAUTH_MIN, SSH2_MSG_USERAUTH_MAX, NULL); 426 427 /* if the user wants to use the none cipher do it */ 428 /* post authentication and only if the right conditions are met */ 429 /* both of the NONE commands must be true and there must be no */ 430 /* tty allocated */ 431 if ((options.none_switch == 1) && (options.none_enabled == 1)) 432 { 433 if (!tty_flag) /* no null on tty sessions */ 434 { 435 debug("Requesting none rekeying..."); 436 myproposal[PROPOSAL_ENC_ALGS_STOC] = "none"; 437 myproposal[PROPOSAL_ENC_ALGS_CTOS] = "none"; 438 kex_prop2buf(&xxx_kex->my,myproposal); 439 packet_request_rekeying(); 440 fprintf(stderr, "WARNING: ENABLED NONE CIPHER\n"); 441 } 442 else 443 { 444 /* requested NONE cipher when in a tty */ 445 debug("Cannot switch to NONE cipher with tty allocated"); 446 fprintf(stderr, "NONE cipher switch disabled when a TTY is allocated\n"); 447 } 448 } 449 /* if we are using aes-ctr there can be issues in either a fork or sandbox 450 * so the initial aes-ctr is defined to point to the original single process 451 * evp. After authentication we'll be past the fork and the sandboxed privsep 452 * so we repoint the define to the multithreaded evp. To start the threads we 453 * then force a rekey 454 */ 455 CipherContext *ccsend; 456 ccsend = (CipherContext*)packet_get_send_context(); 457 458 /* only do this for the ctr cipher. otherwise gcm mode breaks. Don't know why though */ 459 if (strstr(cipher_return_name((Cipher*)ccsend->cipher), "ctr")) { 460 debug ("Single to Multithread CTR cipher swap - client request"); 461 cipher_reset_multithreaded(); 462 packet_request_rekeying(); 463 } 464 465 debug("Authentication succeeded (%s).", authctxt.method->name); 466 } 467 468 void 469 userauth(Authctxt *authctxt, char *authlist) 470 { 471 if (authctxt->method != NULL && authctxt->method->cleanup != NULL) 472 authctxt->method->cleanup(authctxt); 473 474 free(authctxt->methoddata); 475 authctxt->methoddata = NULL; 476 if (authlist == NULL) { 477 authlist = authctxt->authlist; 478 } else { 479 free(authctxt->authlist); 480 authctxt->authlist = authlist; 481 } 482 for (;;) { 483 Authmethod *method = authmethod_get(authlist); 484 if (method == NULL) 485 fatal("Permission denied (%s).", authlist); 486 authctxt->method = method; 487 488 /* reset the per method handler */ 489 dispatch_range(SSH2_MSG_USERAUTH_PER_METHOD_MIN, 490 SSH2_MSG_USERAUTH_PER_METHOD_MAX, NULL); 491 492 /* and try new method */ 493 if (method->userauth(authctxt) != 0) { 494 debug2("we sent a %s packet, wait for reply", method->name); 495 break; 496 } else { 497 debug2("we did not send a packet, disable method"); 498 method->enabled = NULL; 499 } 500 } 501 } 502 503 /* ARGSUSED */ 504 void 505 input_userauth_error(int type, u_int32_t seq, void *ctxt) 506 { 507 fatal("input_userauth_error: bad message during authentication: " 508 "type %d", type); 509 } 510 511 /* ARGSUSED */ 512 void 513 input_userauth_banner(int type, u_int32_t seq, void *ctxt) 514 { 515 char *msg, *raw, *lang; 516 u_int len; 517 518 debug3("input_userauth_banner"); 519 raw = packet_get_string(&len); 520 lang = packet_get_string(NULL); 521 if (len > 0 && options.log_level >= SYSLOG_LEVEL_INFO) { 522 if (len > 65536) 523 len = 65536; 524 msg = xmalloc(len * 4 + 1); /* max expansion from strnvis() */ 525 strnvis(msg, raw, len * 4 + 1, VIS_SAFE|VIS_OCTAL|VIS_NOSLASH); 526 fprintf(stderr, "%s", msg); 527 free(msg); 528 } 529 free(raw); 530 free(lang); 531 } 532 533 /* ARGSUSED */ 534 void 535 input_userauth_success(int type, u_int32_t seq, void *ctxt) 536 { 537 Authctxt *authctxt = ctxt; 538 539 if (authctxt == NULL) 540 fatal("input_userauth_success: no authentication context"); 541 free(authctxt->authlist); 542 authctxt->authlist = NULL; 543 if (authctxt->method != NULL && authctxt->method->cleanup != NULL) 544 authctxt->method->cleanup(authctxt); 545 free(authctxt->methoddata); 546 authctxt->methoddata = NULL; 547 authctxt->success = 1; /* break out */ 548 } 549 550 void 551 input_userauth_success_unexpected(int type, u_int32_t seq, void *ctxt) 552 { 553 Authctxt *authctxt = ctxt; 554 555 if (authctxt == NULL) 556 fatal("%s: no authentication context", __func__); 557 558 fatal("Unexpected authentication success during %s.", 559 authctxt->method->name); 560 } 561 562 /* ARGSUSED */ 563 void 564 input_userauth_failure(int type, u_int32_t seq, void *ctxt) 565 { 566 Authctxt *authctxt = ctxt; 567 char *authlist = NULL; 568 int partial; 569 570 if (authctxt == NULL) 571 fatal("input_userauth_failure: no authentication context"); 572 573 authlist = packet_get_string(NULL); 574 partial = packet_get_char(); 575 packet_check_eom(); 576 577 if (partial != 0) { 578 logit("Authenticated with partial success."); 579 /* reset state */ 580 pubkey_cleanup(authctxt); 581 pubkey_prepare(authctxt); 582 } 583 debug("Authentications that can continue: %s", authlist); 584 585 userauth(authctxt, authlist); 586 } 587 588 /* ARGSUSED */ 589 void 590 input_userauth_pk_ok(int type, u_int32_t seq, void *ctxt) 591 { 592 Authctxt *authctxt = ctxt; 593 Key *key = NULL; 594 Identity *id = NULL; 595 Buffer b; 596 int pktype, sent = 0; 597 u_int alen, blen; 598 char *pkalg, *fp; 599 u_char *pkblob; 600 601 if (authctxt == NULL) 602 fatal("input_userauth_pk_ok: no authentication context"); 603 if (datafellows & SSH_BUG_PKOK) { 604 /* this is similar to SSH_BUG_PKAUTH */ 605 debug2("input_userauth_pk_ok: SSH_BUG_PKOK"); 606 pkblob = packet_get_string(&blen); 607 buffer_init(&b); 608 buffer_append(&b, pkblob, blen); 609 pkalg = buffer_get_string(&b, &alen); 610 buffer_free(&b); 611 } else { 612 pkalg = packet_get_string(&alen); 613 pkblob = packet_get_string(&blen); 614 } 615 packet_check_eom(); 616 617 debug("Server accepts key: pkalg %s blen %u", pkalg, blen); 618 619 if ((pktype = key_type_from_name(pkalg)) == KEY_UNSPEC) { 620 debug("unknown pkalg %s", pkalg); 621 goto done; 622 } 623 if ((key = key_from_blob(pkblob, blen)) == NULL) { 624 debug("no key from blob. pkalg %s", pkalg); 625 goto done; 626 } 627 if (key->type != pktype) { 628 error("input_userauth_pk_ok: type mismatch " 629 "for decoded key (received %d, expected %d)", 630 key->type, pktype); 631 goto done; 632 } 633 fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); 634 debug2("input_userauth_pk_ok: fp %s", fp); 635 free(fp); 636 637 /* 638 * search keys in the reverse order, because last candidate has been 639 * moved to the end of the queue. this also avoids confusion by 640 * duplicate keys 641 */ 642 TAILQ_FOREACH_REVERSE(id, &authctxt->keys, idlist, next) { 643 if (key_equal(key, id->key)) { 644 sent = sign_and_send_pubkey(authctxt, id); 645 break; 646 } 647 } 648 done: 649 if (key != NULL) 650 key_free(key); 651 free(pkalg); 652 free(pkblob); 653 654 /* try another method if we did not send a packet */ 655 if (sent == 0) 656 userauth(authctxt, NULL); 657 } 658 659 #ifdef GSSAPI 660 int 661 userauth_gssapi(Authctxt *authctxt) 662 { 663 Gssctxt *gssctxt = NULL; 664 static gss_OID_set gss_supported = NULL; 665 static u_int mech = 0; 666 OM_uint32 min; 667 int ok = 0; 668 669 /* Try one GSSAPI method at a time, rather than sending them all at 670 * once. */ 671 672 if (gss_supported == NULL) 673 gss_indicate_mechs(&min, &gss_supported); 674 675 /* Check to see if the mechanism is usable before we offer it */ 676 while (mech < gss_supported->count && !ok) { 677 /* My DER encoding requires length<128 */ 678 if (gss_supported->elements[mech].length < 128 && 679 ssh_gssapi_check_mechanism(&gssctxt, 680 &gss_supported->elements[mech], authctxt->host)) { 681 ok = 1; /* Mechanism works */ 682 } else { 683 mech++; 684 } 685 } 686 687 if (!ok) 688 return 0; 689 690 authctxt->methoddata=(void *)gssctxt; 691 692 packet_start(SSH2_MSG_USERAUTH_REQUEST); 693 packet_put_cstring(authctxt->server_user); 694 packet_put_cstring(authctxt->service); 695 packet_put_cstring(authctxt->method->name); 696 697 packet_put_int(1); 698 699 packet_put_int((gss_supported->elements[mech].length) + 2); 700 packet_put_char(SSH_GSS_OIDTYPE); 701 packet_put_char(gss_supported->elements[mech].length); 702 packet_put_raw(gss_supported->elements[mech].elements, 703 gss_supported->elements[mech].length); 704 705 packet_send(); 706 707 dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_RESPONSE, &input_gssapi_response); 708 dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, &input_gssapi_token); 709 dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERROR, &input_gssapi_error); 710 dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, &input_gssapi_errtok); 711 712 mech++; /* Move along to next candidate */ 713 714 return 1; 715 } 716 717 static OM_uint32 718 process_gssapi_token(void *ctxt, gss_buffer_t recv_tok) 719 { 720 Authctxt *authctxt = ctxt; 721 Gssctxt *gssctxt = authctxt->methoddata; 722 gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER; 723 gss_buffer_desc mic = GSS_C_EMPTY_BUFFER; 724 gss_buffer_desc gssbuf; 725 OM_uint32 status, ms, flags; 726 Buffer b; 727 728 status = ssh_gssapi_init_ctx(gssctxt, options.gss_deleg_creds, 729 recv_tok, &send_tok, &flags); 730 731 if (send_tok.length > 0) { 732 if (GSS_ERROR(status)) 733 packet_start(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK); 734 else 735 packet_start(SSH2_MSG_USERAUTH_GSSAPI_TOKEN); 736 737 packet_put_string(send_tok.value, send_tok.length); 738 packet_send(); 739 gss_release_buffer(&ms, &send_tok); 740 } 741 742 if (status == GSS_S_COMPLETE) { 743 /* send either complete or MIC, depending on mechanism */ 744 if (!(flags & GSS_C_INTEG_FLAG)) { 745 packet_start(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE); 746 packet_send(); 747 } else { 748 ssh_gssapi_buildmic(&b, authctxt->server_user, 749 authctxt->service, "gssapi-with-mic"); 750 751 gssbuf.value = buffer_ptr(&b); 752 gssbuf.length = buffer_len(&b); 753 754 status = ssh_gssapi_sign(gssctxt, &gssbuf, &mic); 755 756 if (!GSS_ERROR(status)) { 757 packet_start(SSH2_MSG_USERAUTH_GSSAPI_MIC); 758 packet_put_string(mic.value, mic.length); 759 760 packet_send(); 761 } 762 763 buffer_free(&b); 764 gss_release_buffer(&ms, &mic); 765 } 766 } 767 768 return status; 769 } 770 771 /* ARGSUSED */ 772 void 773 input_gssapi_response(int type, u_int32_t plen, void *ctxt) 774 { 775 Authctxt *authctxt = ctxt; 776 Gssctxt *gssctxt; 777 int oidlen; 778 char *oidv; 779 780 if (authctxt == NULL) 781 fatal("input_gssapi_response: no authentication context"); 782 gssctxt = authctxt->methoddata; 783 784 /* Setup our OID */ 785 oidv = packet_get_string(&oidlen); 786 787 if (oidlen <= 2 || 788 oidv[0] != SSH_GSS_OIDTYPE || 789 oidv[1] != oidlen - 2) { 790 free(oidv); 791 debug("Badly encoded mechanism OID received"); 792 userauth(authctxt, NULL); 793 return; 794 } 795 796 if (!ssh_gssapi_check_oid(gssctxt, oidv + 2, oidlen - 2)) 797 fatal("Server returned different OID than expected"); 798 799 packet_check_eom(); 800 801 free(oidv); 802 803 if (GSS_ERROR(process_gssapi_token(ctxt, GSS_C_NO_BUFFER))) { 804 /* Start again with next method on list */ 805 debug("Trying to start again"); 806 userauth(authctxt, NULL); 807 return; 808 } 809 } 810 811 /* ARGSUSED */ 812 void 813 input_gssapi_token(int type, u_int32_t plen, void *ctxt) 814 { 815 Authctxt *authctxt = ctxt; 816 gss_buffer_desc recv_tok; 817 OM_uint32 status; 818 u_int slen; 819 820 if (authctxt == NULL) 821 fatal("input_gssapi_response: no authentication context"); 822 823 recv_tok.value = packet_get_string(&slen); 824 recv_tok.length = slen; /* safe typecast */ 825 826 packet_check_eom(); 827 828 status = process_gssapi_token(ctxt, &recv_tok); 829 830 free(recv_tok.value); 831 832 if (GSS_ERROR(status)) { 833 /* Start again with the next method in the list */ 834 userauth(authctxt, NULL); 835 return; 836 } 837 } 838 839 /* ARGSUSED */ 840 void 841 input_gssapi_errtok(int type, u_int32_t plen, void *ctxt) 842 { 843 Authctxt *authctxt = ctxt; 844 Gssctxt *gssctxt; 845 gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER; 846 gss_buffer_desc recv_tok; 847 OM_uint32 ms; 848 u_int len; 849 850 if (authctxt == NULL) 851 fatal("input_gssapi_response: no authentication context"); 852 gssctxt = authctxt->methoddata; 853 854 recv_tok.value = packet_get_string(&len); 855 recv_tok.length = len; 856 857 packet_check_eom(); 858 859 /* Stick it into GSSAPI and see what it says */ 860 (void)ssh_gssapi_init_ctx(gssctxt, options.gss_deleg_creds, 861 &recv_tok, &send_tok, NULL); 862 863 free(recv_tok.value); 864 gss_release_buffer(&ms, &send_tok); 865 866 /* Server will be returning a failed packet after this one */ 867 } 868 869 /* ARGSUSED */ 870 void 871 input_gssapi_error(int type, u_int32_t plen, void *ctxt) 872 { 873 char *msg; 874 char *lang; 875 876 /* maj */(void)packet_get_int(); 877 /* min */(void)packet_get_int(); 878 msg=packet_get_string(NULL); 879 lang=packet_get_string(NULL); 880 881 packet_check_eom(); 882 883 debug("Server GSSAPI Error:\n%s", msg); 884 free(msg); 885 free(lang); 886 } 887 #endif /* GSSAPI */ 888 889 int 890 userauth_none(Authctxt *authctxt) 891 { 892 /* initial userauth request */ 893 packet_start(SSH2_MSG_USERAUTH_REQUEST); 894 packet_put_cstring(authctxt->server_user); 895 packet_put_cstring(authctxt->service); 896 packet_put_cstring(authctxt->method->name); 897 packet_send(); 898 return 1; 899 } 900 901 int 902 userauth_passwd(Authctxt *authctxt) 903 { 904 static int attempt = 0; 905 char prompt[150]; 906 char *password; 907 const char *host = options.host_key_alias ? options.host_key_alias : 908 authctxt->host; 909 910 if (attempt++ >= options.number_of_password_prompts) 911 return 0; 912 913 if (attempt != 1) 914 error("Permission denied, please try again."); 915 916 snprintf(prompt, sizeof(prompt), "%.30s@%.128s's password: ", 917 authctxt->server_user, host); 918 password = read_passphrase(prompt, 0); 919 packet_start(SSH2_MSG_USERAUTH_REQUEST); 920 packet_put_cstring(authctxt->server_user); 921 packet_put_cstring(authctxt->service); 922 packet_put_cstring(authctxt->method->name); 923 packet_put_char(0); 924 packet_put_cstring(password); 925 explicit_bzero(password, strlen(password)); 926 free(password); 927 packet_add_padding(64); 928 packet_send(); 929 930 dispatch_set(SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ, 931 &input_userauth_passwd_changereq); 932 933 return 1; 934 } 935 936 /* 937 * parse PASSWD_CHANGEREQ, prompt user and send SSH2_MSG_USERAUTH_REQUEST 938 */ 939 /* ARGSUSED */ 940 void 941 input_userauth_passwd_changereq(int type, u_int32_t seqnr, void *ctxt) 942 { 943 Authctxt *authctxt = ctxt; 944 char *info, *lang, *password = NULL, *retype = NULL; 945 char prompt[150]; 946 const char *host = options.host_key_alias ? options.host_key_alias : 947 authctxt->host; 948 949 debug2("input_userauth_passwd_changereq"); 950 951 if (authctxt == NULL) 952 fatal("input_userauth_passwd_changereq: " 953 "no authentication context"); 954 955 info = packet_get_string(NULL); 956 lang = packet_get_string(NULL); 957 if (strlen(info) > 0) 958 logit("%s", info); 959 free(info); 960 free(lang); 961 packet_start(SSH2_MSG_USERAUTH_REQUEST); 962 packet_put_cstring(authctxt->server_user); 963 packet_put_cstring(authctxt->service); 964 packet_put_cstring(authctxt->method->name); 965 packet_put_char(1); /* additional info */ 966 snprintf(prompt, sizeof(prompt), 967 "Enter %.30s@%.128s's old password: ", 968 authctxt->server_user, host); 969 password = read_passphrase(prompt, 0); 970 packet_put_cstring(password); 971 explicit_bzero(password, strlen(password)); 972 free(password); 973 password = NULL; 974 while (password == NULL) { 975 snprintf(prompt, sizeof(prompt), 976 "Enter %.30s@%.128s's new password: ", 977 authctxt->server_user, host); 978 password = read_passphrase(prompt, RP_ALLOW_EOF); 979 if (password == NULL) { 980 /* bail out */ 981 return; 982 } 983 snprintf(prompt, sizeof(prompt), 984 "Retype %.30s@%.128s's new password: ", 985 authctxt->server_user, host); 986 retype = read_passphrase(prompt, 0); 987 if (strcmp(password, retype) != 0) { 988 explicit_bzero(password, strlen(password)); 989 free(password); 990 logit("Mismatch; try again, EOF to quit."); 991 password = NULL; 992 } 993 explicit_bzero(retype, strlen(retype)); 994 free(retype); 995 } 996 packet_put_cstring(password); 997 explicit_bzero(password, strlen(password)); 998 free(password); 999 packet_add_padding(64); 1000 packet_send(); 1001 1002 dispatch_set(SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ, 1003 &input_userauth_passwd_changereq); 1004 } 1005 1006 static int 1007 identity_sign(Identity *id, u_char **sigp, u_int *lenp, 1008 u_char *data, u_int datalen) 1009 { 1010 Key *prv; 1011 int ret; 1012 1013 /* the agent supports this key */ 1014 if (id->ac) 1015 return (ssh_agent_sign(id->ac, id->key, sigp, lenp, 1016 data, datalen)); 1017 /* 1018 * we have already loaded the private key or 1019 * the private key is stored in external hardware 1020 */ 1021 if (id->isprivate || (id->key->flags & SSHKEY_FLAG_EXT)) 1022 return (key_sign(id->key, sigp, lenp, data, datalen)); 1023 /* load the private key from the file */ 1024 if ((prv = load_identity_file(id->filename, id->userprovided)) == NULL) 1025 return (-1); 1026 ret = key_sign(prv, sigp, lenp, data, datalen); 1027 key_free(prv); 1028 return (ret); 1029 } 1030 1031 static int 1032 sign_and_send_pubkey(Authctxt *authctxt, Identity *id) 1033 { 1034 Buffer b; 1035 u_char *blob, *signature; 1036 u_int bloblen, slen; 1037 u_int skip = 0; 1038 int ret = -1; 1039 int have_sig = 1; 1040 char *fp; 1041 1042 fp = key_fingerprint(id->key, SSH_FP_MD5, SSH_FP_HEX); 1043 debug3("sign_and_send_pubkey: %s %s", key_type(id->key), fp); 1044 free(fp); 1045 1046 if (key_to_blob(id->key, &blob, &bloblen) == 0) { 1047 /* we cannot handle this key */ 1048 debug3("sign_and_send_pubkey: cannot handle key"); 1049 return 0; 1050 } 1051 /* data to be signed */ 1052 buffer_init(&b); 1053 if (datafellows & SSH_OLD_SESSIONID) { 1054 buffer_append(&b, session_id2, session_id2_len); 1055 skip = session_id2_len; 1056 } else { 1057 buffer_put_string(&b, session_id2, session_id2_len); 1058 skip = buffer_len(&b); 1059 } 1060 buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST); 1061 buffer_put_cstring(&b, authctxt->server_user); 1062 buffer_put_cstring(&b, 1063 datafellows & SSH_BUG_PKSERVICE ? 1064 "ssh-userauth" : 1065 authctxt->service); 1066 if (datafellows & SSH_BUG_PKAUTH) { 1067 buffer_put_char(&b, have_sig); 1068 } else { 1069 buffer_put_cstring(&b, authctxt->method->name); 1070 buffer_put_char(&b, have_sig); 1071 buffer_put_cstring(&b, key_ssh_name(id->key)); 1072 } 1073 buffer_put_string(&b, blob, bloblen); 1074 1075 /* generate signature */ 1076 ret = identity_sign(id, &signature, &slen, 1077 buffer_ptr(&b), buffer_len(&b)); 1078 if (ret == -1) { 1079 free(blob); 1080 buffer_free(&b); 1081 return 0; 1082 } 1083 #ifdef DEBUG_PK 1084 buffer_dump(&b); 1085 #endif 1086 if (datafellows & SSH_BUG_PKSERVICE) { 1087 buffer_clear(&b); 1088 buffer_append(&b, session_id2, session_id2_len); 1089 skip = session_id2_len; 1090 buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST); 1091 buffer_put_cstring(&b, authctxt->server_user); 1092 buffer_put_cstring(&b, authctxt->service); 1093 buffer_put_cstring(&b, authctxt->method->name); 1094 buffer_put_char(&b, have_sig); 1095 if (!(datafellows & SSH_BUG_PKAUTH)) 1096 buffer_put_cstring(&b, key_ssh_name(id->key)); 1097 buffer_put_string(&b, blob, bloblen); 1098 } 1099 free(blob); 1100 1101 /* append signature */ 1102 buffer_put_string(&b, signature, slen); 1103 free(signature); 1104 1105 /* skip session id and packet type */ 1106 if (buffer_len(&b) < skip + 1) 1107 fatal("userauth_pubkey: internal error"); 1108 buffer_consume(&b, skip + 1); 1109 1110 /* put remaining data from buffer into packet */ 1111 packet_start(SSH2_MSG_USERAUTH_REQUEST); 1112 packet_put_raw(buffer_ptr(&b), buffer_len(&b)); 1113 buffer_free(&b); 1114 packet_send(); 1115 1116 return 1; 1117 } 1118 1119 static int 1120 send_pubkey_test(Authctxt *authctxt, Identity *id) 1121 { 1122 u_char *blob; 1123 u_int bloblen, have_sig = 0; 1124 1125 debug3("send_pubkey_test"); 1126 1127 if (key_to_blob(id->key, &blob, &bloblen) == 0) { 1128 /* we cannot handle this key */ 1129 debug3("send_pubkey_test: cannot handle key"); 1130 return 0; 1131 } 1132 /* register callback for USERAUTH_PK_OK message */ 1133 dispatch_set(SSH2_MSG_USERAUTH_PK_OK, &input_userauth_pk_ok); 1134 1135 packet_start(SSH2_MSG_USERAUTH_REQUEST); 1136 packet_put_cstring(authctxt->server_user); 1137 packet_put_cstring(authctxt->service); 1138 packet_put_cstring(authctxt->method->name); 1139 packet_put_char(have_sig); 1140 if (!(datafellows & SSH_BUG_PKAUTH)) 1141 packet_put_cstring(key_ssh_name(id->key)); 1142 packet_put_string(blob, bloblen); 1143 free(blob); 1144 packet_send(); 1145 return 1; 1146 } 1147 1148 static Key * 1149 load_identity_file(char *filename, int userprovided) 1150 { 1151 Key *private; 1152 char prompt[300], *passphrase; 1153 int perm_ok = 0, quit, i; 1154 struct stat st; 1155 1156 if (stat(filename, &st) < 0) { 1157 (userprovided ? logit : debug3)("no such identity: %s: %s", 1158 filename, strerror(errno)); 1159 return NULL; 1160 } 1161 private = key_load_private_type(KEY_UNSPEC, filename, "", NULL, &perm_ok); 1162 if (!perm_ok) { 1163 if (private != NULL) 1164 key_free(private); 1165 return NULL; 1166 } 1167 if (private == NULL) { 1168 if (options.batch_mode) 1169 return NULL; 1170 snprintf(prompt, sizeof prompt, 1171 "Enter passphrase for key '%.100s': ", filename); 1172 for (i = 0; i < options.number_of_password_prompts; i++) { 1173 passphrase = read_passphrase(prompt, 0); 1174 if (strcmp(passphrase, "") != 0) { 1175 private = key_load_private_type(KEY_UNSPEC, 1176 filename, passphrase, NULL, NULL); 1177 quit = 0; 1178 } else { 1179 debug2("no passphrase given, try next key"); 1180 quit = 1; 1181 } 1182 explicit_bzero(passphrase, strlen(passphrase)); 1183 free(passphrase); 1184 if (private != NULL || quit) 1185 break; 1186 debug2("bad passphrase given, try again..."); 1187 } 1188 } 1189 return private; 1190 } 1191 1192 /* 1193 * try keys in the following order: 1194 * 1. agent keys that are found in the config file 1195 * 2. other agent keys 1196 * 3. keys that are only listed in the config file 1197 */ 1198 static void 1199 pubkey_prepare(Authctxt *authctxt) 1200 { 1201 Identity *id, *id2, *tmp; 1202 Idlist agent, files, *preferred; 1203 Key *key; 1204 AuthenticationConnection *ac; 1205 char *comment; 1206 int i, found; 1207 1208 TAILQ_INIT(&agent); /* keys from the agent */ 1209 TAILQ_INIT(&files); /* keys from the config file */ 1210 preferred = &authctxt->keys; 1211 TAILQ_INIT(preferred); /* preferred order of keys */ 1212 1213 /* list of keys stored in the filesystem and PKCS#11 */ 1214 for (i = 0; i < options.num_identity_files; i++) { 1215 key = options.identity_keys[i]; 1216 if (key && key->type == KEY_RSA1) 1217 continue; 1218 if (key && key->cert && key->cert->type != SSH2_CERT_TYPE_USER) 1219 continue; 1220 options.identity_keys[i] = NULL; 1221 id = xcalloc(1, sizeof(*id)); 1222 id->key = key; 1223 id->filename = xstrdup(options.identity_files[i]); 1224 id->userprovided = options.identity_file_userprovided[i]; 1225 TAILQ_INSERT_TAIL(&files, id, next); 1226 } 1227 /* Prefer PKCS11 keys that are explicitly listed */ 1228 TAILQ_FOREACH_SAFE(id, &files, next, tmp) { 1229 if (id->key == NULL || (id->key->flags & SSHKEY_FLAG_EXT) == 0) 1230 continue; 1231 found = 0; 1232 TAILQ_FOREACH(id2, &files, next) { 1233 if (id2->key == NULL || 1234 (id2->key->flags & SSHKEY_FLAG_EXT) == 0) 1235 continue; 1236 if (key_equal(id->key, id2->key)) { 1237 TAILQ_REMOVE(&files, id, next); 1238 TAILQ_INSERT_TAIL(preferred, id, next); 1239 found = 1; 1240 break; 1241 } 1242 } 1243 /* If IdentitiesOnly set and key not found then don't use it */ 1244 if (!found && options.identities_only) { 1245 TAILQ_REMOVE(&files, id, next); 1246 explicit_bzero(id, sizeof(*id)); 1247 free(id); 1248 } 1249 } 1250 /* list of keys supported by the agent */ 1251 if ((ac = ssh_get_authentication_connection())) { 1252 for (key = ssh_get_first_identity(ac, &comment, 2); 1253 key != NULL; 1254 key = ssh_get_next_identity(ac, &comment, 2)) { 1255 found = 0; 1256 TAILQ_FOREACH(id, &files, next) { 1257 /* agent keys from the config file are preferred */ 1258 if (key_equal(key, id->key)) { 1259 key_free(key); 1260 free(comment); 1261 TAILQ_REMOVE(&files, id, next); 1262 TAILQ_INSERT_TAIL(preferred, id, next); 1263 id->ac = ac; 1264 found = 1; 1265 break; 1266 } 1267 } 1268 if (!found && !options.identities_only) { 1269 id = xcalloc(1, sizeof(*id)); 1270 id->key = key; 1271 id->filename = comment; 1272 id->ac = ac; 1273 TAILQ_INSERT_TAIL(&agent, id, next); 1274 } 1275 } 1276 /* append remaining agent keys */ 1277 for (id = TAILQ_FIRST(&agent); id; id = TAILQ_FIRST(&agent)) { 1278 TAILQ_REMOVE(&agent, id, next); 1279 TAILQ_INSERT_TAIL(preferred, id, next); 1280 } 1281 authctxt->agent = ac; 1282 } 1283 /* append remaining keys from the config file */ 1284 for (id = TAILQ_FIRST(&files); id; id = TAILQ_FIRST(&files)) { 1285 TAILQ_REMOVE(&files, id, next); 1286 TAILQ_INSERT_TAIL(preferred, id, next); 1287 } 1288 TAILQ_FOREACH(id, preferred, next) { 1289 debug2("key: %s (%p),%s", id->filename, id->key, 1290 id->userprovided ? " explicit" : ""); 1291 } 1292 } 1293 1294 static void 1295 pubkey_cleanup(Authctxt *authctxt) 1296 { 1297 Identity *id; 1298 1299 if (authctxt->agent != NULL) 1300 ssh_close_authentication_connection(authctxt->agent); 1301 for (id = TAILQ_FIRST(&authctxt->keys); id; 1302 id = TAILQ_FIRST(&authctxt->keys)) { 1303 TAILQ_REMOVE(&authctxt->keys, id, next); 1304 if (id->key) 1305 key_free(id->key); 1306 free(id->filename); 1307 free(id); 1308 } 1309 } 1310 1311 int 1312 userauth_pubkey(Authctxt *authctxt) 1313 { 1314 Identity *id; 1315 int sent = 0; 1316 1317 while ((id = TAILQ_FIRST(&authctxt->keys))) { 1318 if (id->tried++) 1319 return (0); 1320 /* move key to the end of the queue */ 1321 TAILQ_REMOVE(&authctxt->keys, id, next); 1322 TAILQ_INSERT_TAIL(&authctxt->keys, id, next); 1323 /* 1324 * send a test message if we have the public key. for 1325 * encrypted keys we cannot do this and have to load the 1326 * private key instead 1327 */ 1328 if (id->key != NULL) { 1329 if (key_type_plain(id->key->type) == KEY_RSA && 1330 (datafellows & SSH_BUG_RSASIGMD5) != 0) { 1331 debug("Skipped %s key %s for RSA/MD5 server", 1332 key_type(id->key), id->filename); 1333 } else if (id->key->type != KEY_RSA1) { 1334 debug("Offering %s public key: %s", 1335 key_type(id->key), id->filename); 1336 sent = send_pubkey_test(authctxt, id); 1337 } 1338 } else { 1339 debug("Trying private key: %s", id->filename); 1340 id->key = load_identity_file(id->filename, 1341 id->userprovided); 1342 if (id->key != NULL) { 1343 id->isprivate = 1; 1344 if (key_type_plain(id->key->type) == KEY_RSA && 1345 (datafellows & SSH_BUG_RSASIGMD5) != 0) { 1346 debug("Skipped %s key %s for RSA/MD5 " 1347 "server", key_type(id->key), 1348 id->filename); 1349 } else { 1350 sent = sign_and_send_pubkey( 1351 authctxt, id); 1352 } 1353 key_free(id->key); 1354 id->key = NULL; 1355 } 1356 } 1357 if (sent) 1358 return (sent); 1359 } 1360 return (0); 1361 } 1362 1363 /* 1364 * Send userauth request message specifying keyboard-interactive method. 1365 */ 1366 int 1367 userauth_kbdint(Authctxt *authctxt) 1368 { 1369 static int attempt = 0; 1370 1371 if (attempt++ >= options.number_of_password_prompts) 1372 return 0; 1373 /* disable if no SSH2_MSG_USERAUTH_INFO_REQUEST has been seen */ 1374 if (attempt > 1 && !authctxt->info_req_seen) { 1375 debug3("userauth_kbdint: disable: no info_req_seen"); 1376 dispatch_set(SSH2_MSG_USERAUTH_INFO_REQUEST, NULL); 1377 return 0; 1378 } 1379 1380 debug2("userauth_kbdint"); 1381 packet_start(SSH2_MSG_USERAUTH_REQUEST); 1382 packet_put_cstring(authctxt->server_user); 1383 packet_put_cstring(authctxt->service); 1384 packet_put_cstring(authctxt->method->name); 1385 packet_put_cstring(""); /* lang */ 1386 packet_put_cstring(options.kbd_interactive_devices ? 1387 options.kbd_interactive_devices : ""); 1388 packet_send(); 1389 1390 dispatch_set(SSH2_MSG_USERAUTH_INFO_REQUEST, &input_userauth_info_req); 1391 return 1; 1392 } 1393 1394 /* 1395 * parse INFO_REQUEST, prompt user and send INFO_RESPONSE 1396 */ 1397 void 1398 input_userauth_info_req(int type, u_int32_t seq, void *ctxt) 1399 { 1400 Authctxt *authctxt = ctxt; 1401 char *name, *inst, *lang, *prompt, *response; 1402 u_int num_prompts, i; 1403 int echo = 0; 1404 1405 debug2("input_userauth_info_req"); 1406 1407 if (authctxt == NULL) 1408 fatal("input_userauth_info_req: no authentication context"); 1409 1410 authctxt->info_req_seen = 1; 1411 1412 name = packet_get_string(NULL); 1413 inst = packet_get_string(NULL); 1414 lang = packet_get_string(NULL); 1415 if (strlen(name) > 0) 1416 logit("%s", name); 1417 if (strlen(inst) > 0) 1418 logit("%s", inst); 1419 free(name); 1420 free(inst); 1421 free(lang); 1422 1423 num_prompts = packet_get_int(); 1424 /* 1425 * Begin to build info response packet based on prompts requested. 1426 * We commit to providing the correct number of responses, so if 1427 * further on we run into a problem that prevents this, we have to 1428 * be sure and clean this up and send a correct error response. 1429 */ 1430 packet_start(SSH2_MSG_USERAUTH_INFO_RESPONSE); 1431 packet_put_int(num_prompts); 1432 1433 debug2("input_userauth_info_req: num_prompts %d", num_prompts); 1434 for (i = 0; i < num_prompts; i++) { 1435 prompt = packet_get_string(NULL); 1436 echo = packet_get_char(); 1437 1438 response = read_passphrase(prompt, echo ? RP_ECHO : 0); 1439 1440 packet_put_cstring(response); 1441 explicit_bzero(response, strlen(response)); 1442 free(response); 1443 free(prompt); 1444 } 1445 packet_check_eom(); /* done with parsing incoming message. */ 1446 1447 packet_add_padding(64); 1448 packet_send(); 1449 } 1450 1451 static int 1452 ssh_keysign(Key *key, u_char **sigp, u_int *lenp, 1453 u_char *data, u_int datalen) 1454 { 1455 Buffer b; 1456 struct stat st; 1457 pid_t pid; 1458 int to[2], from[2], status, version = 2; 1459 1460 debug2("ssh_keysign called"); 1461 1462 if (stat(_PATH_SSH_KEY_SIGN, &st) < 0) { 1463 error("ssh_keysign: not installed: %s", strerror(errno)); 1464 return -1; 1465 } 1466 if (fflush(stdout) != 0) 1467 error("ssh_keysign: fflush: %s", strerror(errno)); 1468 if (pipe(to) < 0) { 1469 error("ssh_keysign: pipe: %s", strerror(errno)); 1470 return -1; 1471 } 1472 if (pipe(from) < 0) { 1473 error("ssh_keysign: pipe: %s", strerror(errno)); 1474 return -1; 1475 } 1476 if ((pid = fork()) < 0) { 1477 error("ssh_keysign: fork: %s", strerror(errno)); 1478 return -1; 1479 } 1480 if (pid == 0) { 1481 /* keep the socket on exec */ 1482 fcntl(packet_get_connection_in(), F_SETFD, 0); 1483 permanently_drop_suid(getuid()); 1484 close(from[0]); 1485 if (dup2(from[1], STDOUT_FILENO) < 0) 1486 fatal("ssh_keysign: dup2: %s", strerror(errno)); 1487 close(to[1]); 1488 if (dup2(to[0], STDIN_FILENO) < 0) 1489 fatal("ssh_keysign: dup2: %s", strerror(errno)); 1490 close(from[1]); 1491 close(to[0]); 1492 execl(_PATH_SSH_KEY_SIGN, _PATH_SSH_KEY_SIGN, (char *) 0); 1493 fatal("ssh_keysign: exec(%s): %s", _PATH_SSH_KEY_SIGN, 1494 strerror(errno)); 1495 } 1496 close(from[1]); 1497 close(to[0]); 1498 1499 buffer_init(&b); 1500 buffer_put_int(&b, packet_get_connection_in()); /* send # of socket */ 1501 buffer_put_string(&b, data, datalen); 1502 if (ssh_msg_send(to[1], version, &b) == -1) 1503 fatal("ssh_keysign: couldn't send request"); 1504 1505 if (ssh_msg_recv(from[0], &b) < 0) { 1506 error("ssh_keysign: no reply"); 1507 buffer_free(&b); 1508 return -1; 1509 } 1510 close(from[0]); 1511 close(to[1]); 1512 1513 while (waitpid(pid, &status, 0) < 0) 1514 if (errno != EINTR) 1515 break; 1516 1517 if (buffer_get_char(&b) != version) { 1518 error("ssh_keysign: bad version"); 1519 buffer_free(&b); 1520 return -1; 1521 } 1522 *sigp = buffer_get_string(&b, lenp); 1523 buffer_free(&b); 1524 1525 return 0; 1526 } 1527 1528 int 1529 userauth_hostbased(Authctxt *authctxt) 1530 { 1531 Key *private = NULL; 1532 Sensitive *sensitive = authctxt->sensitive; 1533 Buffer b; 1534 u_char *signature, *blob; 1535 char *chost, *pkalg, *p; 1536 const char *service; 1537 u_int blen, slen; 1538 int ok, i, found = 0; 1539 1540 /* check for a useful key */ 1541 for (i = 0; i < sensitive->nkeys; i++) { 1542 private = sensitive->keys[i]; 1543 if (private && private->type != KEY_RSA1) { 1544 found = 1; 1545 /* we take and free the key */ 1546 sensitive->keys[i] = NULL; 1547 break; 1548 } 1549 } 1550 if (!found) { 1551 debug("No more client hostkeys for hostbased authentication."); 1552 return 0; 1553 } 1554 if (key_to_blob(private, &blob, &blen) == 0) { 1555 key_free(private); 1556 return 0; 1557 } 1558 /* figure out a name for the client host */ 1559 p = get_local_name(packet_get_connection_in()); 1560 if (p == NULL) { 1561 error("userauth_hostbased: cannot get local ipaddr/name"); 1562 key_free(private); 1563 free(blob); 1564 return 0; 1565 } 1566 xasprintf(&chost, "%s.", p); 1567 debug2("userauth_hostbased: chost %s", chost); 1568 free(p); 1569 1570 service = datafellows & SSH_BUG_HBSERVICE ? "ssh-userauth" : 1571 authctxt->service; 1572 pkalg = xstrdup(key_ssh_name(private)); 1573 buffer_init(&b); 1574 /* construct data */ 1575 buffer_put_string(&b, session_id2, session_id2_len); 1576 buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST); 1577 buffer_put_cstring(&b, authctxt->server_user); 1578 buffer_put_cstring(&b, service); 1579 buffer_put_cstring(&b, authctxt->method->name); 1580 buffer_put_cstring(&b, pkalg); 1581 buffer_put_string(&b, blob, blen); 1582 buffer_put_cstring(&b, chost); 1583 buffer_put_cstring(&b, authctxt->local_user); 1584 #ifdef DEBUG_PK 1585 buffer_dump(&b); 1586 #endif 1587 if (sensitive->external_keysign) 1588 ok = ssh_keysign(private, &signature, &slen, 1589 buffer_ptr(&b), buffer_len(&b)); 1590 else 1591 ok = key_sign(private, &signature, &slen, 1592 buffer_ptr(&b), buffer_len(&b)); 1593 key_free(private); 1594 buffer_free(&b); 1595 if (ok != 0) { 1596 error("key_sign failed"); 1597 free(chost); 1598 free(pkalg); 1599 free(blob); 1600 return 0; 1601 } 1602 packet_start(SSH2_MSG_USERAUTH_REQUEST); 1603 packet_put_cstring(authctxt->server_user); 1604 packet_put_cstring(authctxt->service); 1605 packet_put_cstring(authctxt->method->name); 1606 packet_put_cstring(pkalg); 1607 packet_put_string(blob, blen); 1608 packet_put_cstring(chost); 1609 packet_put_cstring(authctxt->local_user); 1610 packet_put_string(signature, slen); 1611 explicit_bzero(signature, slen); 1612 free(signature); 1613 free(chost); 1614 free(pkalg); 1615 free(blob); 1616 1617 packet_send(); 1618 return 1; 1619 } 1620 1621 /* find auth method */ 1622 1623 /* 1624 * given auth method name, if configurable options permit this method fill 1625 * in auth_ident field and return true, otherwise return false. 1626 */ 1627 static int 1628 authmethod_is_enabled(Authmethod *method) 1629 { 1630 if (method == NULL) 1631 return 0; 1632 /* return false if options indicate this method is disabled */ 1633 if (method->enabled == NULL || *method->enabled == 0) 1634 return 0; 1635 /* return false if batch mode is enabled but method needs interactive mode */ 1636 if (method->batch_flag != NULL && *method->batch_flag != 0) 1637 return 0; 1638 return 1; 1639 } 1640 1641 static Authmethod * 1642 authmethod_lookup(const char *name) 1643 { 1644 Authmethod *method = NULL; 1645 if (name != NULL) 1646 for (method = authmethods; method->name != NULL; method++) 1647 if (strcmp(name, method->name) == 0) 1648 return method; 1649 debug2("Unrecognized authentication method name: %s", name ? name : "NULL"); 1650 return NULL; 1651 } 1652 1653 /* XXX internal state */ 1654 static Authmethod *current = NULL; 1655 static char *supported = NULL; 1656 static char *preferred = NULL; 1657 1658 /* 1659 * Given the authentication method list sent by the server, return the 1660 * next method we should try. If the server initially sends a nil list, 1661 * use a built-in default list. 1662 */ 1663 static Authmethod * 1664 authmethod_get(char *authlist) 1665 { 1666 char *name = NULL; 1667 u_int next; 1668 1669 /* Use a suitable default if we're passed a nil list. */ 1670 if (authlist == NULL || strlen(authlist) == 0) 1671 authlist = options.preferred_authentications; 1672 1673 if (supported == NULL || strcmp(authlist, supported) != 0) { 1674 debug3("start over, passed a different list %s", authlist); 1675 free(supported); 1676 supported = xstrdup(authlist); 1677 preferred = options.preferred_authentications; 1678 debug3("preferred %s", preferred); 1679 current = NULL; 1680 } else if (current != NULL && authmethod_is_enabled(current)) 1681 return current; 1682 1683 for (;;) { 1684 if ((name = match_list(preferred, supported, &next)) == NULL) { 1685 debug("No more authentication methods to try."); 1686 current = NULL; 1687 return NULL; 1688 } 1689 preferred += next; 1690 debug3("authmethod_lookup %s", name); 1691 debug3("remaining preferred: %s", preferred); 1692 if ((current = authmethod_lookup(name)) != NULL && 1693 authmethod_is_enabled(current)) { 1694 debug3("authmethod_is_enabled %s", name); 1695 debug("Next authentication method: %s", name); 1696 free(name); 1697 return current; 1698 } 1699 free(name); 1700 } 1701 } 1702 1703 static char * 1704 authmethods_get(void) 1705 { 1706 Authmethod *method = NULL; 1707 Buffer b; 1708 char *list; 1709 1710 buffer_init(&b); 1711 for (method = authmethods; method->name != NULL; method++) { 1712 if (authmethod_is_enabled(method)) { 1713 if (buffer_len(&b) > 0) 1714 buffer_append(&b, ",", 1); 1715 buffer_append(&b, method->name, strlen(method->name)); 1716 } 1717 } 1718 buffer_append(&b, "\0", 1); 1719 list = xstrdup(buffer_ptr(&b)); 1720 buffer_free(&b); 1721 return list; 1722 } 1723 1724