2 * Packet protocol layer for the client side of the SSH-2 userauth
19 #define BANNER_LIMIT 131072
21 typedef struct agent_key
{
22 strbuf
*blob
, *comment
;
26 struct ssh2_userauth_state
{
29 PacketProtocolLayer
*transport_layer
, *successor_layer
;
30 Filename
*keyfile
, *detached_cert_file
;
31 bool show_banner
, tryagent
, notrivialauth
, change_username
;
32 char *hostname
, *fullhostname
;
34 char *default_username
;
35 bool try_ki_auth
, try_gssapi_auth
, try_gssapi_kex_auth
, gssapi_fwd
;
41 AUTH_TYPE_PUBLICKEY_OFFER_LOUD
,
42 AUTH_TYPE_PUBLICKEY_OFFER_QUIET
,
44 AUTH_TYPE_GSSAPI
, /* always QUIET */
45 AUTH_TYPE_KEYBOARD_INTERACTIVE
,
46 AUTH_TYPE_KEYBOARD_INTERACTIVE_QUIET
48 bool need_pw
, can_pubkey
, can_passwd
, can_keyb_inter
;
50 bool tried_pubkey_config
, done_agent
;
51 struct ssh_connection_shared_gss_state
*shgss
;
54 bool can_gssapi_keyex_auth
;
56 bool tried_gssapi_keyex_auth
;
57 time_t gss_cred_expiry
;
59 Ssh_gss_buf gss_rcvtok
, gss_sndtok
;
60 Ssh_gss_stat gss_stat
;
62 bool suppress_wait_for_response_packet
;
63 strbuf
*last_methods_string
;
64 bool kbd_inter_refused
;
65 prompts_t
*cur_prompt
;
68 char *locally_allocated_username
;
71 strbuf
*publickey_blob
, *detached_cert_blob
, *cert_pubkey_diagnosed
;
72 bool privatekey_available
, privatekey_encrypted
;
73 char *publickey_algorithm
;
74 char *publickey_comment
;
75 void *agent_response_to_free
;
76 ptrlen agent_response
;
77 BinarySource asrc
[1]; /* for reading SSH agent response */
78 size_t agent_keys_len
;
79 agent_key
*agent_keys
;
80 size_t agent_key_index
, agent_key_limit
;
87 agent_pending_query
*auth_agent_query
;
89 bufchain_sink banner_bs
;
90 StripCtrlChars
*banner_scc
;
91 bool banner_scc_initialised
;
95 uint32_t authplugin_version
;
97 bufchain authplugin_bc
;
98 strbuf
*authplugin_incoming_msg
;
99 size_t authplugin_backlog
;
101 bool authplugin_ki_active
;
103 StripCtrlChars
*ki_scc
;
104 bool ki_scc_initialised
;
105 bool ki_printed_header
;
107 PacketProtocolLayer ppl
;
110 static void ssh2_userauth_free(PacketProtocolLayer
*);
111 static void ssh2_userauth_process_queue(PacketProtocolLayer
*);
112 static bool ssh2_userauth_get_specials(
113 PacketProtocolLayer
*ppl
, add_special_fn_t add_special
, void *ctx
);
114 static void ssh2_userauth_special_cmd(PacketProtocolLayer
*ppl
,
115 SessionSpecialCode code
, int arg
);
116 static void ssh2_userauth_reconfigure(PacketProtocolLayer
*ppl
, Conf
*conf
);
118 static void ssh2_userauth_agent_query(struct ssh2_userauth_state
*, strbuf
*);
119 static void ssh2_userauth_agent_callback(void *, void *, int);
120 static void ssh2_userauth_add_sigblob(
121 struct ssh2_userauth_state
*s
, PktOut
*pkt
, ptrlen pkblob
, ptrlen sigblob
);
122 static void ssh2_userauth_add_alg_and_publickey(
123 struct ssh2_userauth_state
*s
, PktOut
*pkt
, ptrlen alg
, ptrlen pkblob
);
124 static void ssh2_userauth_add_session_id(
125 struct ssh2_userauth_state
*s
, strbuf
*sigdata
);
127 static PktOut
*ssh2_userauth_gss_packet(
128 struct ssh2_userauth_state
*s
, const char *authtype
);
130 static bool ssh2_userauth_ki_setup_prompts(
131 struct ssh2_userauth_state
*s
, BinarySource
*src
, bool plugin
);
132 static bool ssh2_userauth_ki_run_prompts(struct ssh2_userauth_state
*s
);
133 static void ssh2_userauth_ki_write_responses(
134 struct ssh2_userauth_state
*s
, BinarySink
*bs
);
136 static const PacketProtocolLayerVtable ssh2_userauth_vtable
= {
137 .free
= ssh2_userauth_free
,
138 .process_queue
= ssh2_userauth_process_queue
,
139 .get_specials
= ssh2_userauth_get_specials
,
140 .special_cmd
= ssh2_userauth_special_cmd
,
141 .reconfigure
= ssh2_userauth_reconfigure
,
142 .queued_data_size
= ssh_ppl_default_queued_data_size
,
143 .name
= "ssh-userauth",
146 PacketProtocolLayer
*ssh2_userauth_new(
147 PacketProtocolLayer
*successor_layer
,
148 const char *hostname
, int port
, const char *fullhostname
,
149 Filename
*keyfile
, Filename
*detached_cert_file
,
150 bool show_banner
, bool tryagent
, bool notrivialauth
,
151 const char *default_username
, bool change_username
,
152 bool try_ki_auth
, bool try_gssapi_auth
, bool try_gssapi_kex_auth
,
153 bool gssapi_fwd
, struct ssh_connection_shared_gss_state
*shgss
,
154 const char *authplugin_cmd
)
156 struct ssh2_userauth_state
*s
= snew(struct ssh2_userauth_state
);
157 memset(s
, 0, sizeof(*s
));
158 s
->ppl
.vt
= &ssh2_userauth_vtable
;
160 s
->successor_layer
= successor_layer
;
161 s
->hostname
= dupstr(hostname
);
163 s
->fullhostname
= dupstr(fullhostname
);
164 s
->keyfile
= filename_copy(keyfile
);
165 s
->detached_cert_file
= filename_copy(detached_cert_file
);
166 s
->show_banner
= show_banner
;
167 s
->tryagent
= tryagent
;
168 s
->notrivialauth
= notrivialauth
;
169 s
->default_username
= dupstr(default_username
);
170 s
->change_username
= change_username
;
171 s
->try_ki_auth
= try_ki_auth
;
172 s
->try_gssapi_auth
= try_gssapi_auth
;
173 s
->try_gssapi_kex_auth
= try_gssapi_kex_auth
;
174 s
->gssapi_fwd
= gssapi_fwd
;
176 s
->last_methods_string
= strbuf_new();
177 s
->is_trivial_auth
= true;
178 bufchain_init(&s
->banner
);
179 bufchain_sink_init(&s
->banner_bs
, &s
->banner
);
180 s
->authplugin_cmd
= dupstr(authplugin_cmd
);
181 bufchain_init(&s
->authplugin_bc
);
186 void ssh2_userauth_set_transport_layer(PacketProtocolLayer
*userauth
,
187 PacketProtocolLayer
*transport
)
189 struct ssh2_userauth_state
*s
=
190 container_of(userauth
, struct ssh2_userauth_state
, ppl
);
191 s
->transport_layer
= transport
;
194 static void ssh2_userauth_free(PacketProtocolLayer
*ppl
)
196 struct ssh2_userauth_state
*s
=
197 container_of(ppl
, struct ssh2_userauth_state
, ppl
);
198 bufchain_clear(&s
->banner
);
200 if (s
->successor_layer
)
201 ssh_ppl_free(s
->successor_layer
);
204 for (size_t i
= 0; i
< s
->agent_keys_len
; i
++) {
205 strbuf_free(s
->agent_keys
[i
].blob
);
206 strbuf_free(s
->agent_keys
[i
].comment
);
208 sfree(s
->agent_keys
);
210 sfree(s
->agent_response_to_free
);
211 if (s
->auth_agent_query
)
212 agent_cancel_query(s
->auth_agent_query
);
213 filename_free(s
->keyfile
);
214 filename_free(s
->detached_cert_file
);
215 sfree(s
->default_username
);
216 sfree(s
->locally_allocated_username
);
218 sfree(s
->fullhostname
);
220 free_prompts(s
->cur_prompt
);
221 sfree(s
->publickey_comment
);
222 sfree(s
->publickey_algorithm
);
223 if (s
->publickey_blob
)
224 strbuf_free(s
->publickey_blob
);
225 if (s
->detached_cert_blob
)
226 strbuf_free(s
->detached_cert_blob
);
227 if (s
->cert_pubkey_diagnosed
)
228 strbuf_free(s
->cert_pubkey_diagnosed
);
229 strbuf_free(s
->last_methods_string
);
231 stripctrl_free(s
->banner_scc
);
233 stripctrl_free(s
->ki_scc
);
234 sfree(s
->authplugin_cmd
);
236 sk_close(s
->authplugin
);
237 bufchain_clear(&s
->authplugin_bc
);
238 if (s
->authplugin_incoming_msg
)
239 strbuf_free(s
->authplugin_incoming_msg
);
243 static void ssh2_userauth_filter_queue(struct ssh2_userauth_state
*s
)
248 while ((pktin
= pq_peek(s
->ppl
.in_pq
)) != NULL
) {
249 switch (pktin
->type
) {
250 case SSH2_MSG_USERAUTH_BANNER
:
251 if (!s
->show_banner
) {
252 pq_pop(s
->ppl
.in_pq
);
256 string
= get_string(pktin
);
257 if (string
.len
> BANNER_LIMIT
- bufchain_size(&s
->banner
))
258 string
.len
= BANNER_LIMIT
- bufchain_size(&s
->banner
);
259 if (!s
->banner_scc_initialised
) {
260 s
->banner_scc
= seat_stripctrl_new(
261 s
->ppl
.seat
, BinarySink_UPCAST(&s
->banner_bs
), SIC_BANNER
);
263 stripctrl_enable_line_limiting(s
->banner_scc
);
264 s
->banner_scc_initialised
= true;
267 put_datapl(s
->banner_scc
, string
);
269 put_datapl(&s
->banner_bs
, string
);
270 pq_pop(s
->ppl
.in_pq
);
279 static PktIn
*ssh2_userauth_pop(struct ssh2_userauth_state
*s
)
281 ssh2_userauth_filter_queue(s
);
282 return pq_pop(s
->ppl
.in_pq
);
285 static bool ssh2_userauth_signflags(struct ssh2_userauth_state
*s
,
286 unsigned *signflags
, const char **algname
)
288 *signflags
= 0; /* default */
290 const ssh_keyalg
*alg
= find_pubkey_alg(*algname
);
292 return false; /* we don't know how to upgrade this */
294 unsigned supported_flags
= ssh_keyalg_supported_flags(alg
);
296 if (s
->ppl
.bpp
->ext_info_rsa_sha512_ok
&&
297 (supported_flags
& SSH_AGENT_RSA_SHA2_512
)) {
298 *signflags
= SSH_AGENT_RSA_SHA2_512
;
299 } else if (s
->ppl
.bpp
->ext_info_rsa_sha256_ok
&&
300 (supported_flags
& SSH_AGENT_RSA_SHA2_256
)) {
301 *signflags
= SSH_AGENT_RSA_SHA2_256
;
306 *algname
= ssh_keyalg_alternate_ssh_id(alg
, *signflags
);
310 static void authplugin_plug_log(Plug
*plug
, PlugLogType type
, SockAddr
*addr
,
311 int port
, const char *err_msg
, int err_code
)
313 struct ssh2_userauth_state
*s
= container_of(
314 plug
, struct ssh2_userauth_state
, authplugin_plug
);
315 PacketProtocolLayer
*ppl
= &s
->ppl
; /* for ppl_logevent */
317 if (type
== PLUGLOG_PROXY_MSG
)
318 ppl_logevent("%s", err_msg
);
321 static void authplugin_plug_closing(
322 Plug
*plug
, PlugCloseType type
, const char *error_msg
)
324 struct ssh2_userauth_state
*s
= container_of(
325 plug
, struct ssh2_userauth_state
, authplugin_plug
);
326 s
->authplugin_eof
= true;
327 queue_idempotent_callback(&s
->ppl
.ic_process_queue
);
330 static void authplugin_plug_receive(
331 Plug
*plug
, int urgent
, const char *data
, size_t len
)
333 struct ssh2_userauth_state
*s
= container_of(
334 plug
, struct ssh2_userauth_state
, authplugin_plug
);
335 bufchain_add(&s
->authplugin_bc
, data
, len
);
336 queue_idempotent_callback(&s
->ppl
.ic_process_queue
);
339 static void authplugin_plug_sent(Plug
*plug
, size_t bufsize
)
341 struct ssh2_userauth_state
*s
= container_of(
342 plug
, struct ssh2_userauth_state
, authplugin_plug
);
343 s
->authplugin_backlog
= bufsize
;
344 queue_idempotent_callback(&s
->ppl
.ic_process_queue
);
347 static const PlugVtable authplugin_plugvt
= {
348 .log
= authplugin_plug_log
,
349 .closing
= authplugin_plug_closing
,
350 .receive
= authplugin_plug_receive
,
351 .sent
= authplugin_plug_sent
,
354 static strbuf
*authplugin_newmsg(uint8_t type
)
356 strbuf
*amsg
= strbuf_new_nm();
357 put_uint32(amsg
, 0); /* fill in later */
358 put_byte(amsg
, type
);
362 static void authplugin_send_free(struct ssh2_userauth_state
*s
, strbuf
*amsg
)
364 PUT_32BIT_MSB_FIRST(amsg
->u
, amsg
->len
- 4);
365 assert(s
->authplugin
);
366 s
->authplugin_backlog
= sk_write(s
->authplugin
, amsg
->u
, amsg
->len
);
370 static bool authplugin_expect_msg(struct ssh2_userauth_state
*s
,
371 unsigned *type
, BinarySource
*src
)
373 if (s
->authplugin_eof
) {
378 if (!bufchain_try_fetch(&s
->authplugin_bc
, len
, 4))
380 size_t size
= GET_32BIT_MSB_FIRST(len
);
381 if (bufchain_size(&s
->authplugin_bc
) - 4 < size
)
383 if (s
->authplugin_incoming_msg
) {
384 strbuf_clear(s
->authplugin_incoming_msg
);
386 s
->authplugin_incoming_msg
= strbuf_new_nm();
388 bufchain_consume(&s
->authplugin_bc
, 4); /* eat length field */
389 bufchain_fetch_consume(
390 &s
->authplugin_bc
, strbuf_append(s
->authplugin_incoming_msg
, size
),
392 BinarySource_BARE_INIT_PL(
393 src
, ptrlen_from_strbuf(s
->authplugin_incoming_msg
));
394 *type
= get_byte(src
);
396 *type
= PLUGIN_NOTYPE
;
400 static void authplugin_bad_packet(struct ssh2_userauth_state
*s
,
401 unsigned type
, const char *fmt
, ...)
403 strbuf
*msg
= strbuf_new();
406 put_dataz(msg
, "Unexpected end of file from auth helper plugin");
409 put_dataz(msg
, "Received malformed packet from auth helper plugin "
410 "(too short to have a type code)");
413 put_fmt(msg
, "Received unknown message type %u "
414 "from auth helper plugin", type
);
417 #define CASEDECL(name, value) \
419 put_fmt(msg, "Received unexpected %s message from auth helper " \
422 AUTHPLUGIN_MSG_NAMES(CASEDECL
);
426 put_dataz(msg
, " (");
429 put_fmt(msg
, fmt
, ap
);
433 ssh_sw_abort(s
->ppl
.ssh
, "%s", msg
->s
);
437 static void ssh2_userauth_process_queue(PacketProtocolLayer
*ppl
)
439 struct ssh2_userauth_state
*s
=
440 container_of(ppl
, struct ssh2_userauth_state
, ppl
);
443 ssh2_userauth_filter_queue(s
); /* no matter why we were called */
448 s
->tried_gssapi
= false;
449 s
->tried_gssapi_keyex_auth
= false;
453 * Misc one-time setup for authentication.
455 s
->publickey_blob
= NULL
;
456 s
->session_id
= ssh2_transport_get_session_id(s
->transport_layer
);
459 * Load the public half of any configured public key file for
462 if (!filename_is_null(s
->keyfile
)) {
464 ppl_logevent("Reading key file \"%s\"",
465 filename_to_str(s
->keyfile
));
466 keytype
= key_type(s
->keyfile
);
467 if (keytype
== SSH_KEYTYPE_SSH2
||
468 keytype
== SSH_KEYTYPE_SSH2_PUBLIC_RFC4716
||
469 keytype
== SSH_KEYTYPE_SSH2_PUBLIC_OPENSSH
) {
471 s
->publickey_blob
= strbuf_new();
472 if (ppk_loadpub_f(s
->keyfile
, &s
->publickey_algorithm
,
473 BinarySink_UPCAST(s
->publickey_blob
),
474 &s
->publickey_comment
, &error
)) {
475 s
->privatekey_available
= (keytype
== SSH_KEYTYPE_SSH2
);
476 if (!s
->privatekey_available
)
477 ppl_logevent("Key file contains public key only");
478 s
->privatekey_encrypted
= ppk_encrypted_f(s
->keyfile
, NULL
);
480 ppl_logevent("Unable to load key (%s)", error
);
481 ppl_printf("Unable to load key file \"%s\" (%s)\r\n",
482 filename_to_str(s
->keyfile
), error
);
483 strbuf_free(s
->publickey_blob
);
484 s
->publickey_blob
= NULL
;
487 ppl_logevent("Unable to use this key file (%s)",
488 key_type_to_str(keytype
));
489 ppl_printf("Unable to use key file \"%s\" (%s)\r\n",
490 filename_to_str(s
->keyfile
),
491 key_type_to_str(keytype
));
492 s
->publickey_blob
= NULL
;
497 * If the user provided a detached certificate file, load that.
499 if (!filename_is_null(s
->detached_cert_file
)) {
500 char *cert_error
= NULL
;
501 strbuf
*cert_blob
= strbuf_new();
502 char *algname
= NULL
;
503 char *comment
= NULL
;
505 ppl_logevent("Reading certificate file \"%s\"",
506 filename_to_str(s
->detached_cert_file
));
507 int keytype
= key_type(s
->detached_cert_file
);
508 if (!(keytype
== SSH_KEYTYPE_SSH2_PUBLIC_RFC4716
||
509 keytype
== SSH_KEYTYPE_SSH2_PUBLIC_OPENSSH
)) {
510 cert_error
= dupstr(key_type_to_str(keytype
));
515 bool success
= ppk_loadpub_f(
516 s
->detached_cert_file
, &algname
,
517 BinarySink_UPCAST(cert_blob
), &comment
, &error
);
520 cert_error
= dupstr(error
);
524 const ssh_keyalg
*certalg
= find_pubkey_alg(algname
);
526 cert_error
= dupprintf(
527 "unrecognised certificate type '%s'", algname
);
531 if (!certalg
->is_certificate
) {
532 cert_error
= dupprintf(
533 "key type '%s' is not a certificate", certalg
->ssh_id
);
537 /* OK, store the certificate blob to substitute for the
538 * public blob in all publickey auth packets. */
539 if (s
->detached_cert_blob
)
540 strbuf_free(s
->detached_cert_blob
);
541 s
->detached_cert_blob
= cert_blob
;
542 cert_blob
= NULL
; /* prevent free */
546 ppl_logevent("Unable to use this certificate file (%s)",
549 "Unable to use certificate file \"%s\" (%s)\r\n",
550 filename_to_str(s
->detached_cert_file
), cert_error
);
555 strbuf_free(cert_blob
);
561 * Find out about any keys Pageant has (but if there's a public
562 * key configured, filter out all others).
564 if (s
->tryagent
&& agent_exists()) {
565 ppl_logevent("Pageant is running. Requesting keys.");
567 /* Request the keys held by the agent. */
569 strbuf
*request
= strbuf_new_for_agent_query();
570 put_byte(request
, SSH2_AGENTC_REQUEST_IDENTITIES
);
571 ssh2_userauth_agent_query(s
, request
);
572 strbuf_free(request
);
573 crWaitUntilV(!s
->auth_agent_query
);
575 BinarySource_BARE_INIT_PL(s
->asrc
, s
->agent_response
);
577 get_uint32(s
->asrc
); /* skip length field */
578 if (get_byte(s
->asrc
) == SSH2_AGENT_IDENTITIES_ANSWER
) {
579 size_t nkeys
= get_uint32(s
->asrc
);
580 size_t origpos
= s
->asrc
->pos
;
583 * Check that the agent response is well formed.
585 for (size_t i
= 0; i
< nkeys
; i
++) {
586 get_string(s
->asrc
); /* blob */
587 get_string(s
->asrc
); /* comment */
588 if (get_err(s
->asrc
)) {
589 ppl_logevent("Pageant's response was truncated");
590 goto done_agent_query
;
595 * Copy the list of public-key blobs out of the Pageant
598 BinarySource_REWIND_TO(s
->asrc
, origpos
);
599 s
->agent_keys_len
= nkeys
;
600 s
->agent_keys
= snewn(s
->agent_keys_len
, agent_key
);
601 for (size_t i
= 0; i
< nkeys
; i
++) {
602 s
->agent_keys
[i
].blob
= strbuf_dup(get_string(s
->asrc
));
603 s
->agent_keys
[i
].comment
= strbuf_dup(get_string(s
->asrc
));
605 /* Also, extract the algorithm string from the start
606 * of the public-key blob. */
607 s
->agent_keys
[i
].algorithm
= pubkey_blob_to_alg_name(
608 ptrlen_from_strbuf(s
->agent_keys
[i
].blob
));
611 ppl_logevent("Pageant has %"SIZEu
" SSH-2 keys", nkeys
);
613 if (s
->publickey_blob
) {
615 * If we've been given a specific public key blob,
616 * filter the list of keys to try from the agent down
617 * to only that one, or none if it's not there.
619 ptrlen our_blob
= ptrlen_from_strbuf(s
->publickey_blob
);
622 for (i
= 0; i
< nkeys
; i
++) {
623 if (ptrlen_eq_ptrlen(our_blob
, ptrlen_from_strbuf(
624 s
->agent_keys
[i
].blob
)))
629 ppl_logevent("Pageant key #%"SIZEu
" matches "
630 "configured key file", i
);
631 s
->agent_key_index
= i
;
632 s
->agent_key_limit
= i
+1;
634 ppl_logevent("Configured key file not in Pageant");
635 s
->agent_key_index
= 0;
636 s
->agent_key_limit
= 0;
640 * Otherwise, try them all.
642 s
->agent_key_index
= 0;
643 s
->agent_key_limit
= nkeys
;
646 ppl_logevent("Failed to get reply from Pageant");
651 s
->got_username
= false;
653 if (*s
->authplugin_cmd
) {
654 s
->authplugin_plug
.vt
= &authplugin_plugvt
;
655 s
->authplugin
= platform_start_subprocess(
656 s
->authplugin_cmd
, &s
->authplugin_plug
, "plugin");
657 ppl_logevent("Started authentication plugin: %s", s
->authplugin_cmd
);
661 strbuf
*amsg
= authplugin_newmsg(PLUGIN_INIT
);
662 put_uint32(amsg
, PLUGIN_PROTOCOL_MAX_VERSION
);
663 put_stringz(amsg
, s
->hostname
);
664 put_uint32(amsg
, s
->port
);
665 put_stringz(amsg
, s
->username
? s
->username
: "");
666 authplugin_send_free(s
, amsg
);
670 crMaybeWaitUntilV(authplugin_expect_msg(s
, &type
, src
));
672 case PLUGIN_INIT_RESPONSE
: {
673 s
->authplugin_version
= get_uint32(src
);
674 ptrlen username
= get_string(src
);
676 ssh_sw_abort(s
->ppl
.ssh
, "Received malformed "
677 "PLUGIN_INIT_RESPONSE from auth helper plugin");
680 if (s
->authplugin_version
> PLUGIN_PROTOCOL_MAX_VERSION
) {
681 ssh_sw_abort(s
->ppl
.ssh
, "Auth helper plugin announced "
682 "unsupported version number %"PRIu32
,
683 s
->authplugin_version
);
687 sfree(s
->default_username
);
688 s
->default_username
= mkstr(username
);
689 ppl_logevent("Authentication plugin set username '%s'",
690 s
->default_username
);
694 case PLUGIN_INIT_FAILURE
: {
695 ptrlen message
= get_string(src
);
697 ssh_sw_abort(s
->ppl
.ssh
, "Received malformed "
698 "PLUGIN_INIT_FAILURE from auth helper plugin");
701 /* This is a controlled error, so we need not completely
702 * abandon the connection. Instead, inform the user, and
703 * proceed as if the plugin was not present */
704 ppl_printf("Authentication plugin failed to initialise:\r\n");
705 seat_set_trust_status(s
->ppl
.seat
, false);
706 ppl_printf("%.*s\r\n", PTRLEN_PRINTF(message
));
707 seat_set_trust_status(s
->ppl
.seat
, true);
708 sk_close(s
->authplugin
);
709 s
->authplugin
= NULL
;
713 authplugin_bad_packet(s
, type
, "expected PLUGIN_INIT_RESPONSE or "
714 "PLUGIN_INIT_FAILURE");
720 * We repeat this whole loop, including the username prompt,
721 * until we manage a successful authentication. If the user
722 * types the wrong _password_, they can be sent back to the
723 * beginning to try another username, if this is configured on.
724 * (If they specify a username in the config, they are never
725 * asked, even if they do give a wrong password.)
727 * I think this best serves the needs of
729 * - the people who have no configuration, no keys, and just
730 * want to try repeated (username,password) pairs until they
731 * type both correctly
733 * - people who have keys and configuration but occasionally
734 * need to fall back to passwords
736 * - people with a key held in Pageant, who might not have
737 * logged in to a particular machine before; so they want to
738 * type a username, and then _either_ their key will be
739 * accepted, _or_ they will type a password. If they mistype
740 * the username they will want to be able to get back and
747 if (s
->got_username
&& !s
->change_username
) {
749 * We got a username last time round this loop, and
750 * with change_username turned off we don't try to get
753 } else if ((s
->username
= s
->default_username
) == NULL
) {
754 s
->cur_prompt
= ssh_ppl_new_prompts(&s
->ppl
);
755 s
->cur_prompt
->to_server
= true;
756 s
->cur_prompt
->from_server
= false;
757 s
->cur_prompt
->name
= dupstr("SSH login name");
758 add_prompt(s
->cur_prompt
, dupstr("login as: "), true);
759 s
->spr
= seat_get_userpass_input(
760 ppl_get_iseat(&s
->ppl
), s
->cur_prompt
);
761 while (s
->spr
.kind
== SPRK_INCOMPLETE
) {
763 s
->spr
= seat_get_userpass_input(
764 ppl_get_iseat(&s
->ppl
), s
->cur_prompt
);
766 if (spr_is_abort(s
->spr
)) {
768 * seat_get_userpass_input() failed to get a username.
771 free_prompts(s
->cur_prompt
);
772 s
->cur_prompt
= NULL
;
773 ssh_spr_close(s
->ppl
.ssh
, s
->spr
, "username prompt");
776 sfree(s
->locally_allocated_username
); /* for change_username */
777 s
->username
= s
->locally_allocated_username
=
778 prompt_get_result(s
->cur_prompt
->prompts
[0]);
779 free_prompts(s
->cur_prompt
);
780 s
->cur_prompt
= NULL
;
782 if (seat_verbose(s
->ppl
.seat
) || seat_interactive(s
->ppl
.seat
))
783 ppl_printf("Using username \"%s\".\r\n", s
->username
);
785 s
->got_username
= true;
788 * Send an authentication request using method "none": (a)
789 * just in case it succeeds, and (b) so that we know what
790 * authentication methods we can usefully try next.
792 s
->ppl
.bpp
->pls
->actx
= SSH2_PKTCTX_NOAUTH
;
794 s
->pktout
= ssh_bpp_new_pktout(s
->ppl
.bpp
, SSH2_MSG_USERAUTH_REQUEST
);
795 put_stringz(s
->pktout
, s
->username
);
796 put_stringz(s
->pktout
, s
->successor_layer
->vt
->name
);
797 put_stringz(s
->pktout
, "none"); /* method */
798 pq_push(s
->ppl
.out_pq
, s
->pktout
);
799 s
->type
= AUTH_TYPE_NONE
;
801 s
->tried_pubkey_config
= false;
802 s
->kbd_inter_refused
= false;
803 s
->done_agent
= false;
807 * Wait for the result of the last authentication request,
808 * unless the request terminated for some reason on our
811 if (s
->suppress_wait_for_response_packet
) {
813 s
->suppress_wait_for_response_packet
= false;
815 crMaybeWaitUntilV((pktin
= ssh2_userauth_pop(s
)) != NULL
);
819 * Now is a convenient point to spew any banner material
820 * that we've accumulated. (This should ensure that when
821 * we exit the auth loop, we haven't any left to deal
824 * Don't show the banner if we're operating in non-verbose
825 * non-interactive mode. (It's probably a script, which
826 * means nobody will read the banner _anyway_, and
827 * moreover the printing of the banner will screw up
828 * processing on the output of (say) plink.)
830 * The banner data has been sanitised already by this
831 * point, but we still need to precede and follow it with
832 * anti-spoofing header lines.
834 if (bufchain_size(&s
->banner
) &&
835 (seat_verbose(s
->ppl
.seat
) || seat_interactive(s
->ppl
.seat
))) {
838 ppl_get_iseat(&s
->ppl
),
839 "Pre-authentication banner message from server:");
840 seat_set_trust_status(s
->ppl
.seat
, false);
843 bool mid_line
= false;
844 while (bufchain_size(&s
->banner
) > 0) {
845 ptrlen data
= bufchain_prefix(&s
->banner
);
846 seat_banner_pl(ppl_get_iseat(&s
->ppl
), data
);
848 (((const char *)data
.ptr
)[data
.len
-1] != '\n');
849 bufchain_consume(&s
->banner
, data
.len
);
851 bufchain_clear(&s
->banner
);
854 seat_banner_pl(ppl_get_iseat(&s
->ppl
),
855 PTRLEN_LITERAL("\r\n"));
858 seat_set_trust_status(s
->ppl
.seat
, true);
859 seat_antispoof_msg(ppl_get_iseat(&s
->ppl
),
860 "End of banner message from server");
864 if (pktin
&& pktin
->type
== SSH2_MSG_USERAUTH_SUCCESS
) {
865 ppl_logevent("Access granted");
866 goto userauth_success
;
869 if (pktin
&& pktin
->type
!= SSH2_MSG_USERAUTH_FAILURE
&&
870 s
->type
!= AUTH_TYPE_GSSAPI
) {
871 ssh_proto_error(s
->ppl
.ssh
, "Received unexpected packet "
872 "in response to authentication request, "
873 "type %d (%s)", pktin
->type
,
874 ssh2_pkt_type(s
->ppl
.bpp
->pls
->kctx
,
875 s
->ppl
.bpp
->pls
->actx
,
881 * OK, we're now sitting on a USERAUTH_FAILURE message, so
882 * we can look at the string in it and know what we can
883 * helpfully try next.
885 if (pktin
&& pktin
->type
== SSH2_MSG_USERAUTH_FAILURE
) {
886 ptrlen methods
= get_string(pktin
);
887 bool partial_success
= get_bool(pktin
);
889 if (!partial_success
) {
891 * We have received an unequivocal Access
892 * Denied. This can translate to a variety of
893 * messages, or no message at all.
895 * For forms of authentication which are attempted
896 * implicitly, by which I mean without printing
897 * anything in the window indicating that we're
898 * trying them, we should never print 'Access
901 * If we do print a message saying that we're
902 * attempting some kind of authentication, it's OK
903 * to print a followup message saying it failed -
904 * but the message may sometimes be more specific
905 * than simply 'Access denied'.
907 * Additionally, if we'd just tried password
908 * authentication, we should break out of this
909 * whole loop so as to go back to the username
910 * prompt (iff we're configured to allow
911 * username change attempts).
913 if (s
->type
== AUTH_TYPE_NONE
) {
915 } else if (s
->type
== AUTH_TYPE_PUBLICKEY_OFFER_LOUD
||
916 s
->type
== AUTH_TYPE_PUBLICKEY_OFFER_QUIET
) {
917 if (s
->type
== AUTH_TYPE_PUBLICKEY_OFFER_LOUD
)
918 ppl_printf("Server refused our key\r\n");
919 ppl_logevent("Server refused our key");
920 } else if (s
->type
== AUTH_TYPE_PUBLICKEY
) {
921 /* This _shouldn't_ happen except by a
922 * protocol bug causing client and server to
923 * disagree on what is a correct signature. */
924 ppl_printf("Server refused public-key signature"
925 " despite accepting key!\r\n");
926 ppl_logevent("Server refused public-key signature"
927 " despite accepting key!");
928 } else if (s
->type
==AUTH_TYPE_KEYBOARD_INTERACTIVE_QUIET
) {
929 /* quiet, so no ppl_printf */
930 ppl_logevent("Server refused keyboard-interactive "
932 } else if (s
->type
==AUTH_TYPE_GSSAPI
) {
933 /* always quiet, so no ppl_printf */
934 /* also, the code down in the GSSAPI block has
935 * already logged this in the Event Log */
936 } else if (s
->type
== AUTH_TYPE_KEYBOARD_INTERACTIVE
) {
937 ppl_logevent("Keyboard-interactive authentication "
939 ppl_printf("Access denied\r\n");
941 assert(s
->type
== AUTH_TYPE_PASSWORD
);
942 ppl_logevent("Password authentication failed");
943 ppl_printf("Access denied\r\n");
945 if (s
->change_username
) {
946 /* XXX perhaps we should allow
947 * keyboard-interactive to do this too? */
948 goto try_new_username
;
952 ppl_printf("Further authentication required\r\n");
953 ppl_logevent("Further authentication required");
957 * Save the methods string for use in error messages.
959 strbuf_clear(s
->last_methods_string
);
960 put_datapl(s
->last_methods_string
, methods
);
963 * Scan it for method identifiers we know about.
965 bool srv_pubkey
= false, srv_passwd
= false;
966 bool srv_keyb_inter
= false;
968 bool srv_gssapi
= false, srv_gssapi_keyex_auth
= false;
971 for (ptrlen method
; get_commasep_word(&methods
, &method
) ;) {
972 if (ptrlen_eq_string(method
, "publickey"))
974 else if (ptrlen_eq_string(method
, "password"))
976 else if (ptrlen_eq_string(method
, "keyboard-interactive"))
977 srv_keyb_inter
= true;
979 else if (ptrlen_eq_string(method
, "gssapi-with-mic"))
981 else if (ptrlen_eq_string(method
, "gssapi-keyex"))
982 srv_gssapi_keyex_auth
= true;
987 * And combine those flags with our own configuration
988 * and context to set the main can_foo variables.
990 s
->can_pubkey
= srv_pubkey
;
991 s
->can_passwd
= srv_passwd
;
992 s
->can_keyb_inter
= s
->try_ki_auth
&& srv_keyb_inter
;
994 s
->can_gssapi
= s
->try_gssapi_auth
&& srv_gssapi
&&
995 s
->shgss
->libs
->nlibraries
> 0;
996 s
->can_gssapi_keyex_auth
= s
->try_gssapi_kex_auth
&&
997 srv_gssapi_keyex_auth
&&
998 s
->shgss
->libs
->nlibraries
> 0 && s
->shgss
->ctx
;
1002 s
->ppl
.bpp
->pls
->actx
= SSH2_PKTCTX_NOAUTH
;
1005 if (s
->can_gssapi_keyex_auth
&& !s
->tried_gssapi_keyex_auth
) {
1007 /* gssapi-keyex authentication */
1009 s
->type
= AUTH_TYPE_GSSAPI
;
1010 s
->tried_gssapi_keyex_auth
= true;
1011 s
->ppl
.bpp
->pls
->actx
= SSH2_PKTCTX_GSSAPI
;
1013 if (s
->shgss
->lib
->gsslogmsg
)
1014 ppl_logevent("%s", s
->shgss
->lib
->gsslogmsg
);
1016 ppl_logevent("Trying gssapi-keyex...");
1017 s
->pktout
= ssh2_userauth_gss_packet(s
, "gssapi-keyex");
1018 pq_push(s
->ppl
.out_pq
, s
->pktout
);
1019 s
->shgss
->lib
->release_cred(s
->shgss
->lib
, &s
->shgss
->ctx
);
1020 s
->shgss
->ctx
= NULL
;
1024 #endif /* NO_GSSAPI */
1026 if (s
->can_pubkey
&& !s
->done_agent
&&
1027 s
->agent_key_index
< s
->agent_key_limit
) {
1030 * Attempt public-key authentication using a key from Pageant.
1032 s
->agent_keyalg
= s
->agent_keys
[s
->agent_key_index
].algorithm
;
1033 char *alg_tmp
= mkstr(s
->agent_keyalg
);
1034 const char *newalg
= alg_tmp
;
1035 if (ssh2_userauth_signflags(s
, &s
->signflags
, &newalg
))
1036 s
->agent_keyalg
= ptrlen_from_asciz(newalg
);
1039 s
->ppl
.bpp
->pls
->actx
= SSH2_PKTCTX_PUBLICKEY
;
1041 ppl_logevent("Trying Pageant key #%"SIZEu
, s
->agent_key_index
);
1043 /* See if server will accept it */
1044 s
->pktout
= ssh_bpp_new_pktout(
1045 s
->ppl
.bpp
, SSH2_MSG_USERAUTH_REQUEST
);
1046 put_stringz(s
->pktout
, s
->username
);
1047 put_stringz(s
->pktout
, s
->successor_layer
->vt
->name
);
1048 put_stringz(s
->pktout
, "publickey");
1050 put_bool(s
->pktout
, false); /* no signature included */
1051 ssh2_userauth_add_alg_and_publickey(
1052 s
, s
->pktout
, s
->agent_keyalg
, ptrlen_from_strbuf(
1053 s
->agent_keys
[s
->agent_key_index
].blob
));
1054 pq_push(s
->ppl
.out_pq
, s
->pktout
);
1055 s
->type
= AUTH_TYPE_PUBLICKEY_OFFER_QUIET
;
1057 crMaybeWaitUntilV((pktin
= ssh2_userauth_pop(s
)) != NULL
);
1058 if (pktin
->type
!= SSH2_MSG_USERAUTH_PK_OK
) {
1060 /* Offer of key refused, presumably via
1061 * USERAUTH_FAILURE. Requeue for the next iteration. */
1062 pq_push_front(s
->ppl
.in_pq
, pktin
);
1065 strbuf
*agentreq
, *sigdata
;
1066 ptrlen comment
= ptrlen_from_strbuf(
1067 s
->agent_keys
[s
->agent_key_index
].comment
);
1069 if (seat_verbose(s
->ppl
.seat
))
1070 ppl_printf("Authenticating with public key "
1071 "\"%.*s\" from agent\r\n",
1072 PTRLEN_PRINTF(comment
));
1075 * Server is willing to accept the key.
1076 * Construct a SIGN_REQUEST.
1078 s
->pktout
= ssh_bpp_new_pktout(
1079 s
->ppl
.bpp
, SSH2_MSG_USERAUTH_REQUEST
);
1080 put_stringz(s
->pktout
, s
->username
);
1081 put_stringz(s
->pktout
, s
->successor_layer
->vt
->name
);
1082 put_stringz(s
->pktout
, "publickey");
1084 put_bool(s
->pktout
, true); /* signature included */
1085 ssh2_userauth_add_alg_and_publickey(
1086 s
, s
->pktout
, s
->agent_keyalg
, ptrlen_from_strbuf(
1087 s
->agent_keys
[s
->agent_key_index
].blob
));
1089 /* Ask agent for signature. */
1090 agentreq
= strbuf_new_for_agent_query();
1091 put_byte(agentreq
, SSH2_AGENTC_SIGN_REQUEST
);
1092 put_stringpl(agentreq
, ptrlen_from_strbuf(
1093 s
->agent_keys
[s
->agent_key_index
].blob
));
1094 /* Now the data to be signed... */
1095 sigdata
= strbuf_new();
1096 ssh2_userauth_add_session_id(s
, sigdata
);
1097 put_data(sigdata
, s
->pktout
->data
+ 5,
1098 s
->pktout
->length
- 5);
1099 put_stringsb(agentreq
, sigdata
);
1100 /* And finally the flags word. */
1101 put_uint32(agentreq
, s
->signflags
);
1102 ssh2_userauth_agent_query(s
, agentreq
);
1103 strbuf_free(agentreq
);
1104 crWaitUntilV(!s
->auth_agent_query
);
1106 if (s
->agent_response
.ptr
) {
1108 BinarySource src
[1];
1109 BinarySource_BARE_INIT(src
, s
->agent_response
.ptr
,
1110 s
->agent_response
.len
);
1111 get_uint32(src
); /* skip length field */
1112 if (get_byte(src
) == SSH2_AGENT_SIGN_RESPONSE
&&
1113 (sigblob
= get_string(src
), !get_err(src
))) {
1114 ppl_logevent("Sending Pageant's response");
1115 ssh2_userauth_add_sigblob(
1118 s
->agent_keys
[s
->agent_key_index
].blob
),
1120 pq_push(s
->ppl
.out_pq
, s
->pktout
);
1121 s
->type
= AUTH_TYPE_PUBLICKEY
;
1122 s
->is_trivial_auth
= false;
1124 ppl_logevent("Pageant refused signing request");
1125 ppl_printf("Pageant failed to "
1126 "provide a signature\r\n");
1127 s
->suppress_wait_for_response_packet
= true;
1128 ssh_free_pktout(s
->pktout
);
1131 ppl_logevent("Pageant failed to respond to "
1133 ppl_printf("Pageant failed to "
1134 "respond to signing request\r\n");
1135 s
->suppress_wait_for_response_packet
= true;
1136 ssh_free_pktout(s
->pktout
);
1140 /* Do we have any keys left to try? */
1141 if (++s
->agent_key_index
>= s
->agent_key_limit
)
1142 s
->done_agent
= true;
1144 } else if (s
->can_pubkey
&& s
->publickey_blob
&&
1145 s
->privatekey_available
&& !s
->tried_pubkey_config
) {
1147 ssh2_userkey
*key
; /* not live over crReturn */
1148 char *passphrase
; /* not live over crReturn */
1150 s
->ppl
.bpp
->pls
->actx
= SSH2_PKTCTX_PUBLICKEY
;
1152 s
->tried_pubkey_config
= true;
1155 * Try the public key supplied in the configuration.
1157 * First, try to upgrade its algorithm.
1159 const char *newalg
= s
->publickey_algorithm
;
1160 if (ssh2_userauth_signflags(s
, &s
->signflags
, &newalg
)) {
1161 sfree(s
->publickey_algorithm
);
1162 s
->publickey_algorithm
= dupstr(newalg
);
1166 * Offer the public blob to see if the server is willing to
1169 s
->pktout
= ssh_bpp_new_pktout(
1170 s
->ppl
.bpp
, SSH2_MSG_USERAUTH_REQUEST
);
1171 put_stringz(s
->pktout
, s
->username
);
1172 put_stringz(s
->pktout
, s
->successor_layer
->vt
->name
);
1173 put_stringz(s
->pktout
, "publickey"); /* method */
1174 put_bool(s
->pktout
, false);
1175 /* no signature included */
1176 ssh2_userauth_add_alg_and_publickey(
1177 s
, s
->pktout
, ptrlen_from_asciz(s
->publickey_algorithm
),
1178 ptrlen_from_strbuf(s
->publickey_blob
));
1179 pq_push(s
->ppl
.out_pq
, s
->pktout
);
1180 ppl_logevent("Offered public key");
1182 crMaybeWaitUntilV((pktin
= ssh2_userauth_pop(s
)) != NULL
);
1183 if (pktin
->type
!= SSH2_MSG_USERAUTH_PK_OK
) {
1184 /* Key refused. Give up. */
1185 pq_push_front(s
->ppl
.in_pq
, pktin
);
1186 s
->type
= AUTH_TYPE_PUBLICKEY_OFFER_LOUD
;
1187 continue; /* process this new message */
1189 ppl_logevent("Offer of public key accepted");
1192 * Actually attempt a serious authentication using
1195 if (seat_verbose(s
->ppl
.seat
))
1196 ppl_printf("Authenticating with public key \"%s\"\r\n",
1197 s
->publickey_comment
);
1201 const char *error
; /* not live over crReturn */
1202 if (s
->privatekey_encrypted
) {
1204 * Get a passphrase from the user.
1206 s
->cur_prompt
= ssh_ppl_new_prompts(&s
->ppl
);
1207 s
->cur_prompt
->to_server
= false;
1208 s
->cur_prompt
->from_server
= false;
1209 s
->cur_prompt
->name
= dupstr("SSH key passphrase");
1210 add_prompt(s
->cur_prompt
,
1211 dupprintf("Passphrase for key \"%s\": ",
1212 s
->publickey_comment
),
1214 s
->spr
= seat_get_userpass_input(
1215 ppl_get_iseat(&s
->ppl
), s
->cur_prompt
);
1216 while (s
->spr
.kind
== SPRK_INCOMPLETE
) {
1218 s
->spr
= seat_get_userpass_input(
1219 ppl_get_iseat(&s
->ppl
), s
->cur_prompt
);
1221 if (spr_is_abort(s
->spr
)) {
1222 /* Failed to get a passphrase. Terminate. */
1223 free_prompts(s
->cur_prompt
);
1224 s
->cur_prompt
= NULL
;
1225 ssh_bpp_queue_disconnect(
1226 s
->ppl
.bpp
, "Unable to authenticate",
1227 SSH2_DISCONNECT_AUTH_CANCELLED_BY_USER
);
1228 ssh_spr_close(s
->ppl
.ssh
, s
->spr
,
1229 "passphrase prompt");
1233 prompt_get_result(s
->cur_prompt
->prompts
[0]);
1234 free_prompts(s
->cur_prompt
);
1235 s
->cur_prompt
= NULL
;
1237 passphrase
= NULL
; /* no passphrase needed */
1241 * Try decrypting the key.
1243 key
= ppk_load_f(s
->keyfile
, passphrase
, &error
);
1245 /* burn the evidence */
1246 smemclr(passphrase
, strlen(passphrase
));
1249 if (key
== SSH2_WRONG_PASSPHRASE
|| key
== NULL
) {
1251 (key
== SSH2_WRONG_PASSPHRASE
)) {
1252 ppl_printf("Wrong passphrase\r\n");
1254 /* and loop again */
1256 ppl_printf("Unable to load private key (%s)\r\n",
1259 s
->suppress_wait_for_response_packet
= true;
1260 break; /* try something else */
1263 /* FIXME: if we ever support variable signature
1264 * flags, this is somewhere they'll need to be
1266 char *invalid
= ssh_key_invalid(key
->key
, 0);
1268 ppl_printf("Cannot use this private key (%s)\r\n",
1270 ssh_key_free(key
->key
);
1271 sfree(key
->comment
);
1275 s
->suppress_wait_for_response_packet
= true;
1276 break; /* try something else */
1282 strbuf
*pkblob
, *sigdata
, *sigblob
;
1285 * We have loaded the private key and the server
1286 * has announced that it's willing to accept it.
1287 * Hallelujah. Generate a signature and send it.
1289 s
->pktout
= ssh_bpp_new_pktout(
1290 s
->ppl
.bpp
, SSH2_MSG_USERAUTH_REQUEST
);
1291 put_stringz(s
->pktout
, s
->username
);
1292 put_stringz(s
->pktout
, s
->successor_layer
->vt
->name
);
1293 put_stringz(s
->pktout
, "publickey"); /* method */
1294 put_bool(s
->pktout
, true); /* signature follows */
1295 pkblob
= strbuf_new();
1296 ssh_key_public_blob(key
->key
, BinarySink_UPCAST(pkblob
));
1297 ssh2_userauth_add_alg_and_publickey(
1299 ptrlen_from_asciz(s
->publickey_algorithm
),
1300 ptrlen_from_strbuf(pkblob
));
1303 * The data to be signed is:
1307 * followed by everything so far placed in the
1310 sigdata
= strbuf_new();
1311 ssh2_userauth_add_session_id(s
, sigdata
);
1312 put_data(sigdata
, s
->pktout
->data
+ 5,
1313 s
->pktout
->length
- 5);
1314 sigblob
= strbuf_new();
1315 ssh_key_sign(key
->key
, ptrlen_from_strbuf(sigdata
),
1316 s
->signflags
, BinarySink_UPCAST(sigblob
));
1317 strbuf_free(sigdata
);
1318 ssh2_userauth_add_sigblob(
1319 s
, s
->pktout
, ptrlen_from_strbuf(pkblob
),
1320 ptrlen_from_strbuf(sigblob
));
1321 strbuf_free(pkblob
);
1322 strbuf_free(sigblob
);
1324 pq_push(s
->ppl
.out_pq
, s
->pktout
);
1325 ppl_logevent("Sent public key signature");
1326 s
->type
= AUTH_TYPE_PUBLICKEY
;
1327 ssh_key_free(key
->key
);
1328 sfree(key
->comment
);
1330 s
->is_trivial_auth
= false;
1334 } else if (s
->can_gssapi
&& !s
->tried_gssapi
) {
1336 /* gssapi-with-mic authentication */
1340 s
->type
= AUTH_TYPE_GSSAPI
;
1341 s
->tried_gssapi
= true;
1342 s
->ppl
.bpp
->pls
->actx
= SSH2_PKTCTX_GSSAPI
;
1344 if (s
->shgss
->lib
->gsslogmsg
)
1345 ppl_logevent("%s", s
->shgss
->lib
->gsslogmsg
);
1347 /* Sending USERAUTH_REQUEST with "gssapi-with-mic" method */
1348 ppl_logevent("Trying gssapi-with-mic...");
1349 s
->pktout
= ssh_bpp_new_pktout(
1350 s
->ppl
.bpp
, SSH2_MSG_USERAUTH_REQUEST
);
1351 put_stringz(s
->pktout
, s
->username
);
1352 put_stringz(s
->pktout
, s
->successor_layer
->vt
->name
);
1353 put_stringz(s
->pktout
, "gssapi-with-mic");
1354 ppl_logevent("Attempting GSSAPI authentication");
1356 /* add mechanism info */
1357 s
->shgss
->lib
->indicate_mech(s
->shgss
->lib
, &s
->gss_buf
);
1359 /* number of GSSAPI mechanisms */
1360 put_uint32(s
->pktout
, 1);
1362 /* length of OID + 2 */
1363 put_uint32(s
->pktout
, s
->gss_buf
.length
+ 2);
1364 put_byte(s
->pktout
, SSH2_GSS_OIDTYPE
);
1367 put_byte(s
->pktout
, s
->gss_buf
.length
);
1369 put_data(s
->pktout
, s
->gss_buf
.value
, s
->gss_buf
.length
);
1370 pq_push(s
->ppl
.out_pq
, s
->pktout
);
1371 crMaybeWaitUntilV((pktin
= ssh2_userauth_pop(s
)) != NULL
);
1372 if (pktin
->type
!= SSH2_MSG_USERAUTH_GSSAPI_RESPONSE
) {
1373 ppl_logevent("GSSAPI authentication request refused");
1374 pq_push_front(s
->ppl
.in_pq
, pktin
);
1378 /* check returned packet ... */
1380 data
= get_string(pktin
);
1381 s
->gss_rcvtok
.value
= (char *)data
.ptr
;
1382 s
->gss_rcvtok
.length
= data
.len
;
1383 if (s
->gss_rcvtok
.length
!= s
->gss_buf
.length
+ 2 ||
1384 ((char *)s
->gss_rcvtok
.value
)[0] != SSH2_GSS_OIDTYPE
||
1385 ((char *)s
->gss_rcvtok
.value
)[1] != s
->gss_buf
.length
||
1386 memcmp((char *)s
->gss_rcvtok
.value
+ 2,
1387 s
->gss_buf
.value
,s
->gss_buf
.length
) ) {
1388 ppl_logevent("GSSAPI authentication - wrong response "
1393 /* Import server name if not cached from KEX */
1394 if (s
->shgss
->srv_name
== GSS_C_NO_NAME
) {
1395 s
->gss_stat
= s
->shgss
->lib
->import_name(
1396 s
->shgss
->lib
, s
->fullhostname
, &s
->shgss
->srv_name
);
1397 if (s
->gss_stat
!= SSH_GSS_OK
) {
1398 if (s
->gss_stat
== SSH_GSS_BAD_HOST_NAME
)
1399 ppl_logevent("GSSAPI import name failed -"
1400 " Bad service name");
1402 ppl_logevent("GSSAPI import name failed");
1407 /* Allocate our gss_ctx */
1408 s
->gss_stat
= s
->shgss
->lib
->acquire_cred(
1409 s
->shgss
->lib
, &s
->shgss
->ctx
, NULL
);
1410 if (s
->gss_stat
!= SSH_GSS_OK
) {
1411 ppl_logevent("GSSAPI authentication failed to get "
1413 /* The failure was on our side, so the server
1414 * won't be sending a response packet indicating
1415 * failure. Avoid waiting for it next time round
1417 s
->suppress_wait_for_response_packet
= true;
1421 /* initial tokens are empty */
1422 SSH_GSS_CLEAR_BUF(&s
->gss_rcvtok
);
1423 SSH_GSS_CLEAR_BUF(&s
->gss_sndtok
);
1425 /* now enter the loop */
1428 * When acquire_cred yields no useful expiration, go with
1429 * the service ticket expiration.
1431 s
->gss_stat
= s
->shgss
->lib
->init_sec_context(
1441 if (s
->gss_stat
!=SSH_GSS_S_COMPLETE
&&
1442 s
->gss_stat
!=SSH_GSS_S_CONTINUE_NEEDED
) {
1443 ppl_logevent("GSSAPI authentication initialisation "
1446 if (s
->shgss
->lib
->display_status(
1447 s
->shgss
->lib
, s
->shgss
->ctx
, &s
->gss_buf
)
1449 ppl_logevent("%s", (char *)s
->gss_buf
.value
);
1450 sfree(s
->gss_buf
.value
);
1453 pq_push_front(s
->ppl
.in_pq
, pktin
);
1456 ppl_logevent("GSSAPI authentication initialised");
1459 * Client and server now exchange tokens until GSSAPI
1460 * no longer says CONTINUE_NEEDED
1462 if (s
->gss_sndtok
.length
!= 0) {
1463 s
->is_trivial_auth
= false;
1466 s
->ppl
.bpp
, SSH2_MSG_USERAUTH_GSSAPI_TOKEN
);
1467 put_string(s
->pktout
,
1468 s
->gss_sndtok
.value
, s
->gss_sndtok
.length
);
1469 pq_push(s
->ppl
.out_pq
, s
->pktout
);
1470 s
->shgss
->lib
->free_tok(s
->shgss
->lib
, &s
->gss_sndtok
);
1473 if (s
->gss_stat
== SSH_GSS_S_CONTINUE_NEEDED
) {
1474 crMaybeWaitUntilV((pktin
= ssh2_userauth_pop(s
)) != NULL
);
1476 if (pktin
->type
== SSH2_MSG_USERAUTH_GSSAPI_ERRTOK
) {
1478 * Per RFC 4462 section 3.9, this packet
1479 * type MUST immediately precede an
1480 * ordinary USERAUTH_FAILURE.
1482 * We currently don't know how to do
1483 * anything with the GSSAPI error token
1484 * contained in this packet, so we ignore
1485 * it and just wait for the following
1489 (pktin
= ssh2_userauth_pop(s
)) != NULL
);
1490 if (pktin
->type
!= SSH2_MSG_USERAUTH_FAILURE
) {
1492 s
->ppl
.ssh
, "Received unexpected packet "
1493 "after SSH_MSG_USERAUTH_GSSAPI_ERRTOK "
1494 "(expected SSH_MSG_USERAUTH_FAILURE): "
1495 "type %d (%s)", pktin
->type
,
1496 ssh2_pkt_type(s
->ppl
.bpp
->pls
->kctx
,
1497 s
->ppl
.bpp
->pls
->actx
,
1503 if (pktin
->type
== SSH2_MSG_USERAUTH_FAILURE
) {
1504 ppl_logevent("GSSAPI authentication failed");
1505 s
->gss_stat
= SSH_GSS_FAILURE
;
1506 pq_push_front(s
->ppl
.in_pq
, pktin
);
1508 } else if (pktin
->type
!=
1509 SSH2_MSG_USERAUTH_GSSAPI_TOKEN
) {
1510 ppl_logevent("GSSAPI authentication -"
1511 " bad server response");
1512 s
->gss_stat
= SSH_GSS_FAILURE
;
1515 data
= get_string(pktin
);
1516 s
->gss_rcvtok
.value
= (char *)data
.ptr
;
1517 s
->gss_rcvtok
.length
= data
.len
;
1519 } while (s
-> gss_stat
== SSH_GSS_S_CONTINUE_NEEDED
);
1521 if (s
->gss_stat
!= SSH_GSS_OK
) {
1522 s
->shgss
->lib
->release_cred(s
->shgss
->lib
, &s
->shgss
->ctx
);
1525 ppl_logevent("GSSAPI authentication loop finished OK");
1527 /* Now send the MIC */
1529 s
->pktout
= ssh2_userauth_gss_packet(s
, "gssapi-with-mic");
1530 pq_push(s
->ppl
.out_pq
, s
->pktout
);
1532 s
->shgss
->lib
->release_cred(s
->shgss
->lib
, &s
->shgss
->ctx
);
1535 } else if (s
->can_keyb_inter
&& !s
->kbd_inter_refused
) {
1538 * Keyboard-interactive authentication.
1541 s
->type
= AUTH_TYPE_KEYBOARD_INTERACTIVE
;
1543 s
->ppl
.bpp
->pls
->actx
= SSH2_PKTCTX_KBDINTER
;
1545 s
->pktout
= ssh_bpp_new_pktout(
1546 s
->ppl
.bpp
, SSH2_MSG_USERAUTH_REQUEST
);
1547 put_stringz(s
->pktout
, s
->username
);
1548 put_stringz(s
->pktout
, s
->successor_layer
->vt
->name
);
1549 put_stringz(s
->pktout
, "keyboard-interactive");
1551 put_stringz(s
->pktout
, ""); /* lang */
1552 put_stringz(s
->pktout
, ""); /* submethods */
1553 pq_push(s
->ppl
.out_pq
, s
->pktout
);
1555 ppl_logevent("Attempting keyboard-interactive authentication");
1557 if (s
->authplugin
) {
1558 strbuf
*amsg
= authplugin_newmsg(PLUGIN_PROTOCOL
);
1559 put_stringz(amsg
, "keyboard-interactive");
1560 authplugin_send_free(s
, amsg
);
1562 BinarySource src
[1];
1564 crMaybeWaitUntilV(authplugin_expect_msg(s
, &type
, src
));
1566 case PLUGIN_PROTOCOL_REJECT
: {
1567 ptrlen message
= PTRLEN_LITERAL("");
1568 if (s
->authplugin_version
>= 2) {
1569 /* draft protocol didn't include a message here */
1570 message
= get_string(src
);
1573 ssh_sw_abort(s
->ppl
.ssh
, "Received malformed "
1574 "PLUGIN_PROTOCOL_REJECT from auth "
1579 /* If the plugin sent a message about
1580 * _why_ it didn't want to do k-i, pass
1581 * that message on to the user. (It might
1582 * say, for example, what went wrong when
1583 * it tried to open its config file.) */
1584 ppl_printf("Authentication plugin failed to set "
1585 "up keyboard-interactive "
1586 "authentication:\r\n");
1587 seat_set_trust_status(s
->ppl
.seat
, false);
1588 ppl_printf("%.*s\r\n", PTRLEN_PRINTF(message
));
1589 seat_set_trust_status(s
->ppl
.seat
, true);
1590 ppl_logevent("Authentication plugin declined to "
1591 "help with keyboard-interactive: "
1592 "%.*s", PTRLEN_PRINTF(message
));
1594 ppl_logevent("Authentication plugin declined to "
1595 "help with keyboard-interactive");
1597 s
->authplugin_ki_active
= false;
1600 case PLUGIN_PROTOCOL_ACCEPT
:
1601 s
->authplugin_ki_active
= true;
1602 ppl_logevent("Authentication plugin agreed to help "
1603 "with keyboard-interactive");
1606 authplugin_bad_packet(
1607 s
, type
, "expected PLUGIN_PROTOCOL_ACCEPT or "
1608 "PLUGIN_PROTOCOL_REJECT");
1612 s
->authplugin_ki_active
= false;
1615 if (!s
->ki_scc_initialised
) {
1616 s
->ki_scc
= seat_stripctrl_new(
1617 s
->ppl
.seat
, NULL
, SIC_KI_PROMPTS
);
1619 stripctrl_enable_line_limiting(s
->ki_scc
);
1620 s
->ki_scc_initialised
= true;
1623 crMaybeWaitUntilV((pktin
= ssh2_userauth_pop(s
)) != NULL
);
1624 if (pktin
->type
!= SSH2_MSG_USERAUTH_INFO_REQUEST
) {
1625 /* Server is not willing to do keyboard-interactive
1626 * at all (or, bizarrely but legally, accepts the
1627 * user without actually issuing any prompts).
1628 * Give up on it entirely. */
1629 pq_push_front(s
->ppl
.in_pq
, pktin
);
1630 s
->type
= AUTH_TYPE_KEYBOARD_INTERACTIVE_QUIET
;
1631 s
->kbd_inter_refused
= true; /* don't try it again */
1635 s
->ki_printed_header
= false;
1638 * Loop while we still have prompts to send to the user.
1640 if (!s
->authplugin_ki_active
) {
1642 * The simple case: INFO_REQUESTs are passed on to
1643 * the user, and responses are sent straight back
1644 * to the SSH server.
1646 while (pktin
->type
== SSH2_MSG_USERAUTH_INFO_REQUEST
) {
1647 if (!ssh2_userauth_ki_setup_prompts(
1648 s
, BinarySource_UPCAST(pktin
), false))
1650 crMaybeWaitUntilV(ssh2_userauth_ki_run_prompts(s
));
1652 if (spr_is_abort(s
->spr
)) {
1654 * Failed to get responses. Terminate.
1656 free_prompts(s
->cur_prompt
);
1657 s
->cur_prompt
= NULL
;
1658 ssh_bpp_queue_disconnect(
1659 s
->ppl
.bpp
, "Unable to authenticate",
1660 SSH2_DISCONNECT_AUTH_CANCELLED_BY_USER
);
1661 ssh_spr_close(s
->ppl
.ssh
, s
->spr
, "keyboard-"
1662 "interactive authentication prompt");
1667 * Send the response(s) to the server.
1669 s
->pktout
= ssh_bpp_new_pktout(
1670 s
->ppl
.bpp
, SSH2_MSG_USERAUTH_INFO_RESPONSE
);
1671 ssh2_userauth_ki_write_responses(
1672 s
, BinarySink_UPCAST(s
->pktout
));
1673 s
->pktout
->minlen
= 256;
1674 pq_push(s
->ppl
.out_pq
, s
->pktout
);
1677 * Get the next packet in case it's another
1681 (pktin
= ssh2_userauth_pop(s
)) != NULL
);
1685 * The case where a plugin is involved:
1686 * INFO_REQUEST from the server is sent to the
1687 * plugin, which sends responses that we hand back
1688 * to the server. But in the meantime, the plugin
1689 * might send USER_REQUEST for us to pass to the
1690 * user, and then we send responses to that.
1692 while (pktin
->type
== SSH2_MSG_USERAUTH_INFO_REQUEST
) {
1693 strbuf
*amsg
= authplugin_newmsg(
1694 PLUGIN_KI_SERVER_REQUEST
);
1695 put_datapl(amsg
, get_data(pktin
, get_avail(pktin
)));
1696 authplugin_send_free(s
, amsg
);
1698 BinarySource src
[1];
1701 crMaybeWaitUntilV(authplugin_expect_msg(
1703 if (type
!= PLUGIN_KI_USER_REQUEST
)
1706 if (!ssh2_userauth_ki_setup_prompts(s
, src
, true))
1708 crMaybeWaitUntilV(ssh2_userauth_ki_run_prompts(s
));
1710 if (spr_is_abort(s
->spr
)) {
1712 * Failed to get responses. Terminate.
1714 free_prompts(s
->cur_prompt
);
1715 s
->cur_prompt
= NULL
;
1716 ssh_bpp_queue_disconnect(
1717 s
->ppl
.bpp
, "Unable to authenticate",
1718 SSH2_DISCONNECT_AUTH_CANCELLED_BY_USER
);
1720 s
->ppl
.ssh
, s
->spr
, "keyboard-"
1721 "interactive authentication prompt");
1726 * Send the responses on to the plugin.
1728 strbuf
*amsg
= authplugin_newmsg(
1729 PLUGIN_KI_USER_RESPONSE
);
1730 ssh2_userauth_ki_write_responses(
1731 s
, BinarySink_UPCAST(amsg
));
1732 authplugin_send_free(s
, amsg
);
1735 if (type
!= PLUGIN_KI_SERVER_RESPONSE
) {
1736 authplugin_bad_packet(
1737 s
, type
, "expected PLUGIN_KI_SERVER_RESPONSE "
1738 "or PLUGIN_PROTOCOL_USER_REQUEST");
1742 s
->pktout
= ssh_bpp_new_pktout(
1743 s
->ppl
.bpp
, SSH2_MSG_USERAUTH_INFO_RESPONSE
);
1744 put_datapl(s
->pktout
, get_data(src
, get_avail(src
)));
1745 s
->pktout
->minlen
= 256;
1746 pq_push(s
->ppl
.out_pq
, s
->pktout
);
1749 * Get the next packet in case it's another
1753 (pktin
= ssh2_userauth_pop(s
)) != NULL
);
1758 * Print our trailer line, if we printed a header.
1760 if (s
->ki_printed_header
) {
1761 seat_set_trust_status(s
->ppl
.seat
, true);
1763 ppl_get_iseat(&s
->ppl
),
1764 (s
->authplugin_ki_active
?
1765 "End of keyboard-interactive prompts from plugin" :
1766 "End of keyboard-interactive prompts from server"));
1770 * We should have SUCCESS or FAILURE now.
1772 pq_push_front(s
->ppl
.in_pq
, pktin
);
1774 if (s
->authplugin_ki_active
) {
1776 * As our last communication with the plugin, tell
1777 * it whether the k-i authentication succeeded.
1779 int plugin_msg
= -1;
1780 if (pktin
->type
== SSH2_MSG_USERAUTH_SUCCESS
) {
1781 plugin_msg
= PLUGIN_AUTH_SUCCESS
;
1782 } else if (pktin
->type
== SSH2_MSG_USERAUTH_FAILURE
) {
1784 * Peek in the failure packet to see if it's a
1787 BinarySource src
[1];
1788 BinarySource_BARE_INIT(
1789 src
, get_ptr(pktin
), get_avail(pktin
));
1790 get_string(pktin
); /* skip methods */
1791 bool partial_success
= get_bool(pktin
);
1792 if (!get_err(src
)) {
1793 plugin_msg
= partial_success
?
1794 PLUGIN_AUTH_SUCCESS
: PLUGIN_AUTH_FAILURE
;
1798 if (plugin_msg
>= 0) {
1799 strbuf
*amsg
= authplugin_newmsg(plugin_msg
);
1800 authplugin_send_free(s
, amsg
);
1802 /* Wait until we've actually sent it, in case
1803 * we close the connection to the plugin
1804 * before that outgoing message has left our
1806 crMaybeWaitUntilV(s
->authplugin_backlog
== 0);
1809 } else if (s
->can_passwd
) {
1810 s
->is_trivial_auth
= false;
1812 * Plain old password authentication.
1814 bool changereq_first_time
; /* not live over crReturn */
1816 s
->ppl
.bpp
->pls
->actx
= SSH2_PKTCTX_PASSWORD
;
1818 s
->cur_prompt
= ssh_ppl_new_prompts(&s
->ppl
);
1819 s
->cur_prompt
->to_server
= true;
1820 s
->cur_prompt
->from_server
= false;
1821 s
->cur_prompt
->name
= dupstr("SSH password");
1822 add_prompt(s
->cur_prompt
, dupprintf("%s@%s's password: ",
1823 s
->username
, s
->hostname
),
1826 s
->spr
= seat_get_userpass_input(
1827 ppl_get_iseat(&s
->ppl
), s
->cur_prompt
);
1828 while (s
->spr
.kind
== SPRK_INCOMPLETE
) {
1830 s
->spr
= seat_get_userpass_input(
1831 ppl_get_iseat(&s
->ppl
), s
->cur_prompt
);
1833 if (spr_is_abort(s
->spr
)) {
1835 * Failed to get responses. Terminate.
1837 free_prompts(s
->cur_prompt
);
1838 s
->cur_prompt
= NULL
;
1839 ssh_bpp_queue_disconnect(
1840 s
->ppl
.bpp
, "Unable to authenticate",
1841 SSH2_DISCONNECT_AUTH_CANCELLED_BY_USER
);
1842 ssh_spr_close(s
->ppl
.ssh
, s
->spr
, "password prompt");
1846 * Squirrel away the password. (We may need it later if
1847 * asked to change it.)
1849 s
->password
= prompt_get_result(s
->cur_prompt
->prompts
[0]);
1850 free_prompts(s
->cur_prompt
);
1851 s
->cur_prompt
= NULL
;
1854 * Send the password packet.
1856 * We pad out the password packet to 256 bytes to make
1857 * it harder for an attacker to find the length of the
1860 * Anyone using a password longer than 256 bytes
1861 * probably doesn't have much to worry about from
1862 * people who find out how long their password is!
1864 s
->pktout
= ssh_bpp_new_pktout(
1865 s
->ppl
.bpp
, SSH2_MSG_USERAUTH_REQUEST
);
1866 put_stringz(s
->pktout
, s
->username
);
1867 put_stringz(s
->pktout
, s
->successor_layer
->vt
->name
);
1868 put_stringz(s
->pktout
, "password");
1869 put_bool(s
->pktout
, false);
1870 put_stringz(s
->pktout
, s
->password
);
1871 s
->pktout
->minlen
= 256;
1872 pq_push(s
->ppl
.out_pq
, s
->pktout
);
1873 ppl_logevent("Sent password");
1874 s
->type
= AUTH_TYPE_PASSWORD
;
1877 * Wait for next packet, in case it's a password change
1880 crMaybeWaitUntilV((pktin
= ssh2_userauth_pop(s
)) != NULL
);
1881 changereq_first_time
= true;
1883 while (pktin
->type
== SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ
) {
1886 * We're being asked for a new password
1887 * (perhaps not for the first time).
1888 * Loop until the server accepts it.
1891 bool got_new
= false; /* not live over crReturn */
1892 ptrlen prompt
; /* not live over crReturn */
1896 if (changereq_first_time
)
1897 msg
= "Server requested password change";
1899 msg
= "Server rejected new password";
1900 ppl_logevent("%s", msg
);
1901 ppl_printf("%s\r\n", msg
);
1904 prompt
= get_string(pktin
);
1906 s
->cur_prompt
= ssh_ppl_new_prompts(&s
->ppl
);
1907 s
->cur_prompt
->to_server
= true;
1908 s
->cur_prompt
->from_server
= false;
1909 s
->cur_prompt
->name
= dupstr("New SSH password");
1910 s
->cur_prompt
->instruction
= mkstr(prompt
);
1911 s
->cur_prompt
->instr_reqd
= true;
1913 * There's no explicit requirement in the protocol
1914 * for the "old" passwords in the original and
1915 * password-change messages to be the same, and
1916 * apparently some Cisco kit supports password change
1917 * by the user entering a blank password originally
1918 * and the real password subsequently, so,
1919 * reluctantly, we prompt for the old password again.
1921 * (On the other hand, some servers don't even bother
1922 * to check this field.)
1924 add_prompt(s
->cur_prompt
,
1925 dupstr("Current password (blank for previously entered password): "),
1927 add_prompt(s
->cur_prompt
, dupstr("Enter new password: "),
1929 add_prompt(s
->cur_prompt
, dupstr("Confirm new password: "),
1933 * Loop until the user manages to enter the same
1937 s
->spr
= seat_get_userpass_input(
1938 ppl_get_iseat(&s
->ppl
), s
->cur_prompt
);
1939 while (s
->spr
.kind
== SPRK_INCOMPLETE
) {
1941 s
->spr
= seat_get_userpass_input(
1942 ppl_get_iseat(&s
->ppl
), s
->cur_prompt
);
1944 if (spr_is_abort(s
->spr
)) {
1946 * Failed to get responses. Terminate.
1948 /* burn the evidence */
1949 free_prompts(s
->cur_prompt
);
1950 s
->cur_prompt
= NULL
;
1951 smemclr(s
->password
, strlen(s
->password
));
1953 ssh_bpp_queue_disconnect(
1954 s
->ppl
.bpp
, "Unable to authenticate",
1955 SSH2_DISCONNECT_AUTH_CANCELLED_BY_USER
);
1956 ssh_spr_close(s
->ppl
.ssh
, s
->spr
,
1957 "password-change prompt");
1962 * If the user specified a new original password
1963 * (IYSWIM), overwrite any previously specified
1965 * (A side effect is that the user doesn't have to
1966 * re-enter it if they louse up the new password.)
1968 if (s
->cur_prompt
->prompts
[0]->result
->s
[0]) {
1969 smemclr(s
->password
, strlen(s
->password
));
1970 /* burn the evidence */
1972 s
->password
= prompt_get_result(
1973 s
->cur_prompt
->prompts
[0]);
1977 * Check the two new passwords match.
1980 prompt_get_result_ref(s
->cur_prompt
->prompts
[1]),
1981 prompt_get_result_ref(s
->cur_prompt
->prompts
[2]));
1983 /* They don't. Silly user. */
1984 ppl_printf("Passwords do not match\r\n");
1989 * Send the new password (along with the old one).
1990 * (see above for padding rationale)
1992 s
->pktout
= ssh_bpp_new_pktout(
1993 s
->ppl
.bpp
, SSH2_MSG_USERAUTH_REQUEST
);
1994 put_stringz(s
->pktout
, s
->username
);
1995 put_stringz(s
->pktout
, s
->successor_layer
->vt
->name
);
1996 put_stringz(s
->pktout
, "password");
1997 put_bool(s
->pktout
, true);
1998 put_stringz(s
->pktout
, s
->password
);
1999 put_stringz(s
->pktout
, prompt_get_result_ref(
2000 s
->cur_prompt
->prompts
[1]));
2001 free_prompts(s
->cur_prompt
);
2002 s
->cur_prompt
= NULL
;
2003 s
->pktout
->minlen
= 256;
2004 pq_push(s
->ppl
.out_pq
, s
->pktout
);
2005 ppl_logevent("Sent new password");
2008 * Now see what the server has to say about it.
2009 * (If it's CHANGEREQ again, it's not happy with the
2012 crMaybeWaitUntilV((pktin
= ssh2_userauth_pop(s
)) != NULL
);
2013 changereq_first_time
= false;
2018 * We need to reexamine the current pktin at the top
2019 * of the loop. Either:
2020 * - we weren't asked to change password at all, in
2021 * which case it's a SUCCESS or FAILURE with the
2023 * - we sent a new password, and the server was
2024 * either OK with it (SUCCESS or FAILURE w/partial
2025 * success) or unhappy with the _old_ password
2026 * (FAILURE w/o partial success)
2027 * In any of these cases, we go back to the top of
2028 * the loop and start again.
2030 pq_push_front(s
->ppl
.in_pq
, pktin
);
2033 * We don't need the old password any more, in any
2034 * case. Burn the evidence.
2036 smemclr(s
->password
, strlen(s
->password
));
2040 ssh_bpp_queue_disconnect(
2042 "No supported authentication methods available",
2043 SSH2_DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE
);
2044 ssh_sw_abort(s
->ppl
.ssh
, "No supported authentication methods "
2045 "available (server sent: %s)",
2046 s
->last_methods_string
->s
);
2055 if (s
->notrivialauth
&& s
->is_trivial_auth
) {
2056 ssh_proto_error(s
->ppl
.ssh
, "Authentication was trivial! "
2057 "Abandoning session as specified in configuration.");
2062 * We've just received USERAUTH_SUCCESS, and we haven't sent
2063 * any packets since. Signal the transport layer to consider
2064 * doing an immediate rekey, if it has any reason to want to.
2066 ssh2_transport_notify_auth_done(s
->transport_layer
);
2069 * Finally, hand over to our successor layer, and return
2070 * immediately without reaching the crFinishV: ssh_ppl_replace
2071 * will have freed us, so crFinishV's zeroing-out of crState would
2072 * be a use-after-free bug.
2075 PacketProtocolLayer
*successor
= s
->successor_layer
;
2076 s
->successor_layer
= NULL
; /* avoid freeing it ourself */
2077 ssh_ppl_replace(&s
->ppl
, successor
);
2078 return; /* we've just freed s, so avoid even touching s->crState */
2084 static bool ssh2_userauth_ki_setup_prompts(
2085 struct ssh2_userauth_state
*s
, BinarySource
*src
, bool plugin
)
2091 * We've got a fresh USERAUTH_INFO_REQUEST. Get the preamble and
2092 * start building a prompt.
2094 name
= get_string(src
);
2095 inst
= get_string(src
);
2096 get_string(src
); /* skip language tag */
2097 s
->cur_prompt
= ssh_ppl_new_prompts(&s
->ppl
);
2098 s
->cur_prompt
->to_server
= true;
2099 s
->cur_prompt
->from_server
= true;
2102 * Get any prompt(s) from the packet.
2104 s
->num_prompts
= get_uint32(src
);
2105 for (uint32_t i
= 0; i
< s
->num_prompts
; i
++) {
2106 s
->is_trivial_auth
= false;
2107 ptrlen prompt
= get_string(src
);
2108 bool echo
= get_bool(src
);
2111 ssh_proto_error(s
->ppl
.ssh
, "%s sent truncated %s packet",
2112 plugin
? "Plugin" : "Server",
2113 plugin
? "PLUGIN_KI_USER_REQUEST" :
2114 "SSH_MSG_USERAUTH_INFO_REQUEST");
2120 put_fmt(sb
, "<%s failed to send prompt>: ",
2121 plugin
? "plugin" : "server");
2122 } else if (s
->ki_scc
) {
2123 stripctrl_retarget(s
->ki_scc
, BinarySink_UPCAST(sb
));
2124 put_datapl(s
->ki_scc
, prompt
);
2125 stripctrl_retarget(s
->ki_scc
, NULL
);
2127 put_datapl(sb
, prompt
);
2129 add_prompt(s
->cur_prompt
, strbuf_to_str(sb
), echo
);
2133 * Make the header strings. This includes the 'name' (optional
2134 * dialog-box title) and 'instruction' from the server.
2136 * First, display our disambiguating header line if this is the
2137 * first time round the loop - _unless_ the server has sent a
2138 * completely empty k-i packet with no prompts _or_ text, which
2139 * apparently some do. In that situation there's no need to alert
2140 * the user that the following text is server- supplied, because,
2141 * well, _what_ text?
2143 * We also only do this if we got a stripctrl, because if we
2144 * didn't, that suggests this is all being done via dialog boxes
2147 if (!s
->ki_printed_header
&& s
->ki_scc
&&
2148 (s
->num_prompts
|| name
.len
|| inst
.len
)) {
2150 ppl_get_iseat(&s
->ppl
),
2152 "Keyboard-interactive authentication prompts from plugin:" :
2153 "Keyboard-interactive authentication prompts from server:"));
2154 s
->ki_printed_header
= true;
2155 seat_set_trust_status(s
->ppl
.seat
, false);
2161 stripctrl_retarget(s
->ki_scc
, BinarySink_UPCAST(sb
));
2162 put_datapl(s
->ki_scc
, name
);
2163 stripctrl_retarget(s
->ki_scc
, NULL
);
2165 put_datapl(sb
, name
);
2167 s
->cur_prompt
->name_reqd
= true;
2170 put_datapl(sb
, PTRLEN_LITERAL(
2171 "Communication with authentication plugin"));
2173 put_datapl(sb
, PTRLEN_LITERAL("SSH server authentication"));
2174 s
->cur_prompt
->name_reqd
= false;
2176 s
->cur_prompt
->name
= strbuf_to_str(sb
);
2181 stripctrl_retarget(s
->ki_scc
, BinarySink_UPCAST(sb
));
2182 put_datapl(s
->ki_scc
, inst
);
2183 stripctrl_retarget(s
->ki_scc
, NULL
);
2185 put_datapl(sb
, inst
);
2187 s
->cur_prompt
->instr_reqd
= true;
2189 s
->cur_prompt
->instr_reqd
= false;
2192 s
->cur_prompt
->instruction
= strbuf_to_str(sb
);
2199 static bool ssh2_userauth_ki_run_prompts(struct ssh2_userauth_state
*s
)
2201 s
->spr
= seat_get_userpass_input(
2202 ppl_get_iseat(&s
->ppl
), s
->cur_prompt
);
2203 return s
->spr
.kind
!= SPRK_INCOMPLETE
;
2206 static void ssh2_userauth_ki_write_responses(
2207 struct ssh2_userauth_state
*s
, BinarySink
*bs
)
2209 put_uint32(bs
, s
->num_prompts
);
2210 for (uint32_t i
= 0; i
< s
->num_prompts
; i
++)
2211 put_stringz(bs
, prompt_get_result_ref(s
->cur_prompt
->prompts
[i
]));
2214 * Free the prompts structure from this iteration. If there's
2215 * another, a new one will be allocated when we return to the top
2216 * of this while loop.
2218 free_prompts(s
->cur_prompt
);
2219 s
->cur_prompt
= NULL
;
2222 static void ssh2_userauth_add_session_id(
2223 struct ssh2_userauth_state
*s
, strbuf
*sigdata
)
2225 if (s
->ppl
.remote_bugs
& BUG_SSH2_PK_SESSIONID
) {
2226 put_datapl(sigdata
, s
->session_id
);
2228 put_stringpl(sigdata
, s
->session_id
);
2232 static void ssh2_userauth_agent_query(
2233 struct ssh2_userauth_state
*s
, strbuf
*req
)
2238 sfree(s
->agent_response_to_free
);
2239 s
->agent_response_to_free
= NULL
;
2241 s
->auth_agent_query
= agent_query(req
, &response
, &response_len
,
2242 ssh2_userauth_agent_callback
, s
);
2243 if (!s
->auth_agent_query
)
2244 ssh2_userauth_agent_callback(s
, response
, response_len
);
2247 static void ssh2_userauth_agent_callback(void *uav
, void *reply
, int replylen
)
2249 struct ssh2_userauth_state
*s
= (struct ssh2_userauth_state
*)uav
;
2251 s
->auth_agent_query
= NULL
;
2252 s
->agent_response_to_free
= reply
;
2253 s
->agent_response
= make_ptrlen(reply
, replylen
);
2255 queue_idempotent_callback(&s
->ppl
.ic_process_queue
);
2259 * Helper function to add the algorithm and public key strings to a
2260 * "publickey" auth packet. Deals with overriding both strings if the
2261 * user has provided a detached certificate which matches the public
2264 static void ssh2_userauth_add_alg_and_publickey(
2265 struct ssh2_userauth_state
*s
, PktOut
*pkt
, ptrlen alg
, ptrlen pkblob
)
2267 PacketProtocolLayer
*ppl
= &s
->ppl
; /* for ppl_logevent */
2269 if (s
->detached_cert_blob
) {
2270 ptrlen detached_cert_pl
= ptrlen_from_strbuf(s
->detached_cert_blob
);
2271 strbuf
*certbase
= NULL
, *pkbase
= NULL
;
2273 const ssh_keyalg
*pkalg
= find_pubkey_alg_len(alg
);
2274 ssh_key
*certkey
= NULL
, *pk
= NULL
;
2275 strbuf
*fail_reason
= strbuf_new();
2276 bool verbose
= true;
2279 * Whether or not we send the certificate, we're likely to
2280 * generate a log message about it. But we don't want to log
2281 * once for the offer and once for the real auth attempt, so
2282 * we de-duplicate by remembering the last public key this
2284 if (!s
->cert_pubkey_diagnosed
)
2285 s
->cert_pubkey_diagnosed
= strbuf_new();
2286 if (ptrlen_eq_ptrlen(ptrlen_from_strbuf(s
->cert_pubkey_diagnosed
),
2290 /* Log this time, but arrange that we don't mention it next time */
2291 strbuf_clear(s
->cert_pubkey_diagnosed
);
2292 put_datapl(s
->cert_pubkey_diagnosed
, pkblob
);
2296 * Check that the public key we're replacing is compatible
2297 * with the certificate, in that they should have the same
2301 const ssh_keyalg
*certalg
= pubkey_blob_to_alg(detached_cert_pl
);
2302 assert(certalg
); /* we checked this before setting s->detached_blob */
2303 assert(certalg
->is_certificate
); /* and this too */
2305 certkey
= ssh_key_new_pub(certalg
, detached_cert_pl
);
2307 put_fmt(fail_reason
, "certificate key file is invalid");
2311 certbase
= strbuf_new();
2312 ssh_key_public_blob(ssh_key_base_key(certkey
),
2313 BinarySink_UPCAST(certbase
));
2314 if (ptrlen_eq_ptrlen(pkblob
, ptrlen_from_strbuf(certbase
)))
2315 goto match
; /* yes, a match! */
2318 * If we reach here, the certificate's base key was not
2319 * identical to the key we're given. But it might still be
2320 * identical to the _base_ key of the key we're given, if we
2321 * were using a differently certified version of the same key.
2322 * In that situation, the detached cert should still override.
2325 put_fmt(fail_reason
, "unable to identify algorithm of base key");
2329 pk
= ssh_key_new_pub(pkalg
, pkblob
);
2331 put_fmt(fail_reason
, "base public key is invalid");
2335 pkbase
= strbuf_new();
2336 ssh_key_public_blob(ssh_key_base_key(pk
), BinarySink_UPCAST(pkbase
));
2337 if (ptrlen_eq_ptrlen(ptrlen_from_strbuf(pkbase
),
2338 ptrlen_from_strbuf(certbase
)))
2339 goto match
; /* yes, a match on 2nd attempt! */
2341 /* Give up; we've tried to match these keys up and failed. */
2342 put_fmt(fail_reason
, "base public key does not match certificate");
2347 * The two keys match, so insert the detached certificate into
2348 * the output packet in place of the public key we were given.
2350 * However, we need to be a bit careful with the algorithm
2351 * name: we might need to upgrade it to one that matches the
2352 * original algorithm name. (If we were asked to add an
2353 * ssh-rsa key but were given algorithm name "rsa-sha2-512",
2354 * then instead of the certificate's algorithm name
2355 * ssh-rsa-cert-v01@... we need to write the corresponding
2356 * SHA-512 name rsa-sha2-512-cert-v01@... .)
2359 ppl_logevent("Sending public key with certificate from \"%s\"",
2360 filename_to_str(s
->detached_cert_file
));
2362 put_stringz(pkt
, ssh_keyalg_related_alg(certalg
, pkalg
)->ssh_id
);
2363 put_stringpl(pkt
, ptrlen_from_strbuf(s
->detached_cert_blob
));
2368 /* Log that we didn't send the certificate, if this public key
2369 * isn't the same one as last call to this function. (Need to
2370 * avoid verbosely logging once for the offer and once for the
2371 * real auth attempt.) */
2373 ppl_logevent("Not substituting certificate \"%s\" for public "
2374 "key: %s", filename_to_str(s
->detached_cert_file
),
2376 if (s
->publickey_blob
) {
2377 /* If the user provided a specific key file to use (i.e.
2378 * this wasn't just a key we picked opportunistically out
2379 * of an agent), then they probably _care_ that we didn't
2380 * send the certificate, so we should make a loud error
2381 * message about it as well as just commenting in the
2383 ppl_printf("Unable to use certificate \"%s\" with public "
2384 "key \"%s\": %s\r\n",
2385 filename_to_str(s
->detached_cert_file
),
2386 filename_to_str(s
->keyfile
),
2392 /* Whether we did that or not, free our stuff. */
2394 strbuf_free(certbase
);
2396 strbuf_free(pkbase
);
2398 ssh_key_free(certkey
);
2401 strbuf_free(fail_reason
);
2403 /* And if we did, don't fall through to the alternative below */
2408 /* In all other cases, just put in what we were given. */
2409 put_stringpl(pkt
, alg
);
2410 put_stringpl(pkt
, pkblob
);
2414 * Helper function to add an SSH-2 signature blob to a packet. Expects
2415 * to be shown the public key blob as well as the signature blob.
2416 * Normally just appends the sig blob unmodified as a string, except
2417 * that it optionally breaks it open and fiddle with it to work around
2418 * BUG_SSH2_RSA_PADDING.
2420 static void ssh2_userauth_add_sigblob(
2421 struct ssh2_userauth_state
*s
, PktOut
*pkt
, ptrlen pkblob
, ptrlen sigblob
)
2423 BinarySource pk
[1], sig
[1];
2424 BinarySource_BARE_INIT_PL(pk
, pkblob
);
2425 BinarySource_BARE_INIT_PL(sig
, sigblob
);
2427 /* dmemdump(pkblob, pkblob_len); */
2428 /* dmemdump(sigblob, sigblob_len); */
2431 * See if this is in fact an ssh-rsa signature and a buggy
2432 * server; otherwise we can just do this the easy way.
2434 if ((s
->ppl
.remote_bugs
& BUG_SSH2_RSA_PADDING
) &&
2435 ptrlen_eq_string(get_string(pk
), "ssh-rsa") &&
2436 ptrlen_eq_string(get_string(sig
), "ssh-rsa")) {
2437 ptrlen mod_mp
, sig_mp
;
2438 size_t sig_prefix_len
;
2441 * Find the modulus and signature integers.
2443 get_string(pk
); /* skip over exponent */
2444 mod_mp
= get_string(pk
); /* remember modulus */
2445 sig_prefix_len
= sig
->pos
;
2446 sig_mp
= get_string(sig
);
2447 if (get_err(pk
) || get_err(sig
))
2451 * Find the byte length of the modulus, not counting leading
2454 while (mod_mp
.len
> 0 && *(const char *)mod_mp
.ptr
== 0) {
2456 mod_mp
.ptr
= (const char *)mod_mp
.ptr
+ 1;
2459 /* debug("modulus length is %d\n", len); */
2460 /* debug("signature length is %d\n", siglen); */
2462 if (mod_mp
.len
> sig_mp
.len
) {
2463 strbuf
*substr
= strbuf_new();
2464 put_data(substr
, sigblob
.ptr
, sig_prefix_len
);
2465 put_uint32(substr
, mod_mp
.len
);
2466 put_padding(substr
, mod_mp
.len
- sig_mp
.len
, 0);
2467 put_datapl(substr
, sig_mp
);
2468 put_stringsb(pkt
, substr
);
2472 /* Otherwise fall through and do it the easy way. We also come
2473 * here as a fallback if we discover above that the key blob
2474 * is misformatted in some way. */
2478 put_stringpl(pkt
, sigblob
);
2482 static PktOut
*ssh2_userauth_gss_packet(
2483 struct ssh2_userauth_state
*s
, const char *authtype
)
2491 * The mic is computed over the session id + intended
2492 * USERAUTH_REQUEST packet.
2495 put_stringpl(sb
, s
->session_id
);
2496 put_byte(sb
, SSH2_MSG_USERAUTH_REQUEST
);
2497 put_stringz(sb
, s
->username
);
2498 put_stringz(sb
, s
->successor_layer
->vt
->name
);
2499 put_stringz(sb
, authtype
);
2501 /* Compute the mic */
2503 buf
.length
= sb
->len
;
2504 s
->shgss
->lib
->get_mic(s
->shgss
->lib
, s
->shgss
->ctx
, &buf
, &mic
);
2507 /* Now we can build the real packet */
2508 if (strcmp(authtype
, "gssapi-with-mic") == 0) {
2509 p
= ssh_bpp_new_pktout(s
->ppl
.bpp
, SSH2_MSG_USERAUTH_GSSAPI_MIC
);
2511 p
= ssh_bpp_new_pktout(s
->ppl
.bpp
, SSH2_MSG_USERAUTH_REQUEST
);
2512 put_stringz(p
, s
->username
);
2513 put_stringz(p
, s
->successor_layer
->vt
->name
);
2514 put_stringz(p
, authtype
);
2516 put_string(p
, mic
.value
, mic
.length
);
2522 static bool ssh2_userauth_get_specials(
2523 PacketProtocolLayer
*ppl
, add_special_fn_t add_special
, void *ctx
)
2525 /* No specials provided by this layer. */
2529 static void ssh2_userauth_special_cmd(PacketProtocolLayer
*ppl
,
2530 SessionSpecialCode code
, int arg
)
2532 /* No specials provided by this layer. */
2535 static void ssh2_userauth_reconfigure(PacketProtocolLayer
*ppl
, Conf
*conf
)
2537 struct ssh2_userauth_state
*s
=
2538 container_of(ppl
, struct ssh2_userauth_state
, ppl
);
2539 ssh_ppl_reconfigure(s
->successor_layer
, conf
);