search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Update TortoiseGitPlink to PuTTY Plink 0.78
[TortoiseGit.git] / src / TortoisePlink / ssh / userauth2-client.c
blob38e27e65ea2829ddcfa1a06ee56caf7bb8392d9c
1 /*
2 * Packet protocol layer for the client side of the SSH-2 userauth
3 * protocol (RFC 4252).
4 */
5
6 #include <assert.h>
7
8 #include "putty.h"
9 #include "ssh.h"
10 #include "bpp.h"
11 #include "ppl.h"
12 #include "sshcr.h"
13
14 #ifndef NO_GSSAPI
15 #include "gssc.h"
16 #include "gss.h"
17 #endif
18
19 #define BANNER_LIMIT 131072
20
21 typedef struct agent_key {
22 strbuf *blob, *comment;
23 ptrlen algorithm;
24 } agent_key;
25
26 struct ssh2_userauth_state {
27 int crState;
28
29 PacketProtocolLayer *transport_layer, *successor_layer;
30 Filename *keyfile, *detached_cert_file;
31 bool show_banner, tryagent, notrivialauth, change_username;
32 char *hostname, *fullhostname;
33 int port;
34 char *default_username;
35 bool try_ki_auth, try_gssapi_auth, try_gssapi_kex_auth, gssapi_fwd;
36
37 ptrlen session_id;
38 enum {
39 AUTH_TYPE_NONE,
40 AUTH_TYPE_PUBLICKEY,
41 AUTH_TYPE_PUBLICKEY_OFFER_LOUD,
42 AUTH_TYPE_PUBLICKEY_OFFER_QUIET,
43 AUTH_TYPE_PASSWORD,
44 AUTH_TYPE_GSSAPI, /* always QUIET */
45 AUTH_TYPE_KEYBOARD_INTERACTIVE,
46 AUTH_TYPE_KEYBOARD_INTERACTIVE_QUIET
47 } type;
48 bool need_pw, can_pubkey, can_passwd, can_keyb_inter;
49 SeatPromptResult spr;
50 bool tried_pubkey_config, done_agent;
51 struct ssh_connection_shared_gss_state *shgss;
52 #ifndef NO_GSSAPI
53 bool can_gssapi;
54 bool can_gssapi_keyex_auth;
55 bool tried_gssapi;
56 bool tried_gssapi_keyex_auth;
57 time_t gss_cred_expiry;
58 Ssh_gss_buf gss_buf;
59 Ssh_gss_buf gss_rcvtok, gss_sndtok;
60 Ssh_gss_stat gss_stat;
61 #endif
62 bool suppress_wait_for_response_packet;
63 strbuf *last_methods_string;
64 bool kbd_inter_refused;
65 prompts_t *cur_prompt;
66 uint32_t num_prompts;
67 const char *username;
68 char *locally_allocated_username;
69 char *password;
70 bool got_username;
71 strbuf *publickey_blob, *detached_cert_blob, *cert_pubkey_diagnosed;
72 bool privatekey_available, privatekey_encrypted;
73 char *publickey_algorithm;
74 char *publickey_comment;
75 void *agent_response_to_free;
76 ptrlen agent_response;
77 BinarySource asrc[1]; /* for reading SSH agent response */
78 size_t agent_keys_len;
79 agent_key *agent_keys;
80 size_t agent_key_index, agent_key_limit;
81 ptrlen agent_keyalg;
82 unsigned signflags;
83 int len;
84 PktOut *pktout;
85 bool is_trivial_auth;
86
87 agent_pending_query *auth_agent_query;
88 bufchain banner;
89 bufchain_sink banner_bs;
90 StripCtrlChars *banner_scc;
91 bool banner_scc_initialised;
92
93 char *authplugin_cmd;
94 Socket *authplugin;
95 uint32_t authplugin_version;
96 Plug authplugin_plug;
97 bufchain authplugin_bc;
98 strbuf *authplugin_incoming_msg;
99 size_t authplugin_backlog;
100 bool authplugin_eof;
101 bool authplugin_ki_active;
102
103 StripCtrlChars *ki_scc;
104 bool ki_scc_initialised;
105 bool ki_printed_header;
106
107 PacketProtocolLayer ppl;
108 };
109
110 static void ssh2_userauth_free(PacketProtocolLayer *);
111 static void ssh2_userauth_process_queue(PacketProtocolLayer *);
112 static bool ssh2_userauth_get_specials(
113 PacketProtocolLayer *ppl, add_special_fn_t add_special, void *ctx);
114 static void ssh2_userauth_special_cmd(PacketProtocolLayer *ppl,
115 SessionSpecialCode code, int arg);
116 static void ssh2_userauth_reconfigure(PacketProtocolLayer *ppl, Conf *conf);
117
118 static void ssh2_userauth_agent_query(struct ssh2_userauth_state *, strbuf *);
119 static void ssh2_userauth_agent_callback(void *, void *, int);
120 static void ssh2_userauth_add_sigblob(
121 struct ssh2_userauth_state *s, PktOut *pkt, ptrlen pkblob, ptrlen sigblob);
122 static void ssh2_userauth_add_alg_and_publickey(
123 struct ssh2_userauth_state *s, PktOut *pkt, ptrlen alg, ptrlen pkblob);
124 static void ssh2_userauth_add_session_id(
125 struct ssh2_userauth_state *s, strbuf *sigdata);
126 #ifndef NO_GSSAPI
127 static PktOut *ssh2_userauth_gss_packet(
128 struct ssh2_userauth_state *s, const char *authtype);
129 #endif
130 static bool ssh2_userauth_ki_setup_prompts(
131 struct ssh2_userauth_state *s, BinarySource *src, bool plugin);
132 static bool ssh2_userauth_ki_run_prompts(struct ssh2_userauth_state *s);
133 static void ssh2_userauth_ki_write_responses(
134 struct ssh2_userauth_state *s, BinarySink *bs);
135
136 static const PacketProtocolLayerVtable ssh2_userauth_vtable = {
137 .free = ssh2_userauth_free,
138 .process_queue = ssh2_userauth_process_queue,
139 .get_specials = ssh2_userauth_get_specials,
140 .special_cmd = ssh2_userauth_special_cmd,
141 .reconfigure = ssh2_userauth_reconfigure,
142 .queued_data_size = ssh_ppl_default_queued_data_size,
143 .name = "ssh-userauth",
144 };
145
146 PacketProtocolLayer *ssh2_userauth_new(
147 PacketProtocolLayer *successor_layer,
148 const char *hostname, int port, const char *fullhostname,
149 Filename *keyfile, Filename *detached_cert_file,
150 bool show_banner, bool tryagent, bool notrivialauth,
151 const char *default_username, bool change_username,
152 bool try_ki_auth, bool try_gssapi_auth, bool try_gssapi_kex_auth,
153 bool gssapi_fwd, struct ssh_connection_shared_gss_state *shgss,
154 const char *authplugin_cmd)
155 {
156 struct ssh2_userauth_state *s = snew(struct ssh2_userauth_state);
157 memset(s, 0, sizeof(*s));
158 s->ppl.vt = &ssh2_userauth_vtable;
159
160 s->successor_layer = successor_layer;
161 s->hostname = dupstr(hostname);
162 s->port = port;
163 s->fullhostname = dupstr(fullhostname);
164 s->keyfile = filename_copy(keyfile);
165 s->detached_cert_file = filename_copy(detached_cert_file);
166 s->show_banner = show_banner;
167 s->tryagent = tryagent;
168 s->notrivialauth = notrivialauth;
169 s->default_username = dupstr(default_username);
170 s->change_username = change_username;
171 s->try_ki_auth = try_ki_auth;
172 s->try_gssapi_auth = try_gssapi_auth;
173 s->try_gssapi_kex_auth = try_gssapi_kex_auth;
174 s->gssapi_fwd = gssapi_fwd;
175 s->shgss = shgss;
176 s->last_methods_string = strbuf_new();
177 s->is_trivial_auth = true;
178 bufchain_init(&s->banner);
179 bufchain_sink_init(&s->banner_bs, &s->banner);
180 s->authplugin_cmd = dupstr(authplugin_cmd);
181 bufchain_init(&s->authplugin_bc);
182
183 return &s->ppl;
184 }
185
186 void ssh2_userauth_set_transport_layer(PacketProtocolLayer *userauth,
187 PacketProtocolLayer *transport)
188 {
189 struct ssh2_userauth_state *s =
190 container_of(userauth, struct ssh2_userauth_state, ppl);
191 s->transport_layer = transport;
192 }
193
194 static void ssh2_userauth_free(PacketProtocolLayer *ppl)
195 {
196 struct ssh2_userauth_state *s =
197 container_of(ppl, struct ssh2_userauth_state, ppl);
198 bufchain_clear(&s->banner);
199
200 if (s->successor_layer)
201 ssh_ppl_free(s->successor_layer);
202
203 if (s->agent_keys) {
204 for (size_t i = 0; i < s->agent_keys_len; i++) {
205 strbuf_free(s->agent_keys[i].blob);
206 strbuf_free(s->agent_keys[i].comment);
207 }
208 sfree(s->agent_keys);
209 }
210 sfree(s->agent_response_to_free);
211 if (s->auth_agent_query)
212 agent_cancel_query(s->auth_agent_query);
213 filename_free(s->keyfile);
214 filename_free(s->detached_cert_file);
215 sfree(s->default_username);
216 sfree(s->locally_allocated_username);
217 sfree(s->hostname);
218 sfree(s->fullhostname);
219 if (s->cur_prompt)
220 free_prompts(s->cur_prompt);
221 sfree(s->publickey_comment);
222 sfree(s->publickey_algorithm);
223 if (s->publickey_blob)
224 strbuf_free(s->publickey_blob);
225 if (s->detached_cert_blob)
226 strbuf_free(s->detached_cert_blob);
227 if (s->cert_pubkey_diagnosed)
228 strbuf_free(s->cert_pubkey_diagnosed);
229 strbuf_free(s->last_methods_string);
230 if (s->banner_scc)
231 stripctrl_free(s->banner_scc);
232 if (s->ki_scc)
233 stripctrl_free(s->ki_scc);
234 sfree(s->authplugin_cmd);
235 if (s->authplugin)
236 sk_close(s->authplugin);
237 bufchain_clear(&s->authplugin_bc);
238 if (s->authplugin_incoming_msg)
239 strbuf_free(s->authplugin_incoming_msg);
240 sfree(s);
241 }
242
243 static void ssh2_userauth_filter_queue(struct ssh2_userauth_state *s)
244 {
245 PktIn *pktin;
246 ptrlen string;
247
248 while ((pktin = pq_peek(s->ppl.in_pq)) != NULL) {
249 switch (pktin->type) {
250 case SSH2_MSG_USERAUTH_BANNER:
251 if (!s->show_banner) {
252 pq_pop(s->ppl.in_pq);
253 break;
254 }
255
256 string = get_string(pktin);
257 if (string.len > BANNER_LIMIT - bufchain_size(&s->banner))
258 string.len = BANNER_LIMIT - bufchain_size(&s->banner);
259 if (!s->banner_scc_initialised) {
260 s->banner_scc = seat_stripctrl_new(
261 s->ppl.seat, BinarySink_UPCAST(&s->banner_bs), SIC_BANNER);
262 if (s->banner_scc)
263 stripctrl_enable_line_limiting(s->banner_scc);
264 s->banner_scc_initialised = true;
265 }
266 if (s->banner_scc)
267 put_datapl(s->banner_scc, string);
268 else
269 put_datapl(&s->banner_bs, string);
270 pq_pop(s->ppl.in_pq);
271 break;
272
273 default:
274 return;
275 }
276 }
277 }
278
279 static PktIn *ssh2_userauth_pop(struct ssh2_userauth_state *s)
280 {
281 ssh2_userauth_filter_queue(s);
282 return pq_pop(s->ppl.in_pq);
283 }
284
285 static bool ssh2_userauth_signflags(struct ssh2_userauth_state *s,
286 unsigned *signflags, const char **algname)
287 {
288 *signflags = 0; /* default */
289
290 const ssh_keyalg *alg = find_pubkey_alg(*algname);
291 if (!alg)
292 return false; /* we don't know how to upgrade this */
293
294 unsigned supported_flags = ssh_keyalg_supported_flags(alg);
295
296 if (s->ppl.bpp->ext_info_rsa_sha512_ok &&
297 (supported_flags & SSH_AGENT_RSA_SHA2_512)) {
298 *signflags = SSH_AGENT_RSA_SHA2_512;
299 } else if (s->ppl.bpp->ext_info_rsa_sha256_ok &&
300 (supported_flags & SSH_AGENT_RSA_SHA2_256)) {
301 *signflags = SSH_AGENT_RSA_SHA2_256;
302 } else {
303 return false;
304 }
305
306 *algname = ssh_keyalg_alternate_ssh_id(alg, *signflags);
307 return true;
308 }
309
310 static void authplugin_plug_log(Plug *plug, PlugLogType type, SockAddr *addr,
311 int port, const char *err_msg, int err_code)
312 {
313 struct ssh2_userauth_state *s = container_of(
314 plug, struct ssh2_userauth_state, authplugin_plug);
315 PacketProtocolLayer *ppl = &s->ppl; /* for ppl_logevent */
316
317 if (type == PLUGLOG_PROXY_MSG)
318 ppl_logevent("%s", err_msg);
319 }
320
321 static void authplugin_plug_closing(
322 Plug *plug, PlugCloseType type, const char *error_msg)
323 {
324 struct ssh2_userauth_state *s = container_of(
325 plug, struct ssh2_userauth_state, authplugin_plug);
326 s->authplugin_eof = true;
327 queue_idempotent_callback(&s->ppl.ic_process_queue);
328 }
329
330 static void authplugin_plug_receive(
331 Plug *plug, int urgent, const char *data, size_t len)
332 {
333 struct ssh2_userauth_state *s = container_of(
334 plug, struct ssh2_userauth_state, authplugin_plug);
335 bufchain_add(&s->authplugin_bc, data, len);
336 queue_idempotent_callback(&s->ppl.ic_process_queue);
337 }
338
339 static void authplugin_plug_sent(Plug *plug, size_t bufsize)
340 {
341 struct ssh2_userauth_state *s = container_of(
342 plug, struct ssh2_userauth_state, authplugin_plug);
343 s->authplugin_backlog = bufsize;
344 queue_idempotent_callback(&s->ppl.ic_process_queue);
345 }
346
347 static const PlugVtable authplugin_plugvt = {
348 .log = authplugin_plug_log,
349 .closing = authplugin_plug_closing,
350 .receive = authplugin_plug_receive,
351 .sent = authplugin_plug_sent,
352 };
353
354 static strbuf *authplugin_newmsg(uint8_t type)
355 {
356 strbuf *amsg = strbuf_new_nm();
357 put_uint32(amsg, 0); /* fill in later */
358 put_byte(amsg, type);
359 return amsg;
360 }
361
362 static void authplugin_send_free(struct ssh2_userauth_state *s, strbuf *amsg)
363 {
364 PUT_32BIT_MSB_FIRST(amsg->u, amsg->len - 4);
365 assert(s->authplugin);
366 s->authplugin_backlog = sk_write(s->authplugin, amsg->u, amsg->len);
367 strbuf_free(amsg);
368 }
369
370 static bool authplugin_expect_msg(struct ssh2_userauth_state *s,
371 unsigned *type, BinarySource *src)
372 {
373 if (s->authplugin_eof) {
374 *type = PLUGIN_EOF;
375 return true;
376 }
377 uint8_t len[4];
378 if (!bufchain_try_fetch(&s->authplugin_bc, len, 4))
379 return false;
380 size_t size = GET_32BIT_MSB_FIRST(len);
381 if (bufchain_size(&s->authplugin_bc) - 4 < size)
382 return false;
383 if (s->authplugin_incoming_msg) {
384 strbuf_clear(s->authplugin_incoming_msg);
385 } else {
386 s->authplugin_incoming_msg = strbuf_new_nm();
387 }
388 bufchain_consume(&s->authplugin_bc, 4); /* eat length field */
389 bufchain_fetch_consume(
390 &s->authplugin_bc, strbuf_append(s->authplugin_incoming_msg, size),
391 size);
392 BinarySource_BARE_INIT_PL(
393 src, ptrlen_from_strbuf(s->authplugin_incoming_msg));
394 *type = get_byte(src);
395 if (get_err(src))
396 *type = PLUGIN_NOTYPE;
397 return true;
398 }
399
400 static void authplugin_bad_packet(struct ssh2_userauth_state *s,
401 unsigned type, const char *fmt, ...)
402 {
403 strbuf *msg = strbuf_new();
404 switch (type) {
405 case PLUGIN_EOF:
406 put_dataz(msg, "Unexpected end of file from auth helper plugin");
407 break;
408 case PLUGIN_NOTYPE:
409 put_dataz(msg, "Received malformed packet from auth helper plugin "
410 "(too short to have a type code)");
411 break;
412 default:
413 put_fmt(msg, "Received unknown message type %u "
414 "from auth helper plugin", type);
415 break;
416
417 #define CASEDECL(name, value) \
418 case name: \
419 put_fmt(msg, "Received unexpected %s message from auth helper " \
420 "plugin", #name); \
421 break;
422 AUTHPLUGIN_MSG_NAMES(CASEDECL);
423 #undef CASEDECL
424 }
425 if (fmt) {
426 put_dataz(msg, " (");
427 va_list ap;
428 va_start(ap, fmt);
429 put_fmt(msg, fmt, ap);
430 va_end(ap);
431 put_dataz(msg, ")");
432 }
433 ssh_sw_abort(s->ppl.ssh, "%s", msg->s);
434 strbuf_free(msg);
435 }
436
437 static void ssh2_userauth_process_queue(PacketProtocolLayer *ppl)
438 {
439 struct ssh2_userauth_state *s =
440 container_of(ppl, struct ssh2_userauth_state, ppl);
441 PktIn *pktin;
442
443 ssh2_userauth_filter_queue(s); /* no matter why we were called */
444
445 crBegin(s->crState);
446
447 #ifndef NO_GSSAPI
448 s->tried_gssapi = false;
449 s->tried_gssapi_keyex_auth = false;
450 #endif
451
452 /*
453 * Misc one-time setup for authentication.
454 */
455 s->publickey_blob = NULL;
456 s->session_id = ssh2_transport_get_session_id(s->transport_layer);
457
458 /*
459 * Load the public half of any configured public key file for
460 * later use.
461 */
462 if (!filename_is_null(s->keyfile)) {
463 int keytype;
464 ppl_logevent("Reading key file \"%s\"",
465 filename_to_str(s->keyfile));
466 keytype = key_type(s->keyfile);
467 if (keytype == SSH_KEYTYPE_SSH2 ||
468 keytype == SSH_KEYTYPE_SSH2_PUBLIC_RFC4716 ||
469 keytype == SSH_KEYTYPE_SSH2_PUBLIC_OPENSSH) {
470 const char *error;
471 s->publickey_blob = strbuf_new();
472 if (ppk_loadpub_f(s->keyfile, &s->publickey_algorithm,
473 BinarySink_UPCAST(s->publickey_blob),
474 &s->publickey_comment, &error)) {
475 s->privatekey_available = (keytype == SSH_KEYTYPE_SSH2);
476 if (!s->privatekey_available)
477 ppl_logevent("Key file contains public key only");
478 s->privatekey_encrypted = ppk_encrypted_f(s->keyfile, NULL);
479 } else {
480 ppl_logevent("Unable to load key (%s)", error);
481 ppl_printf("Unable to load key file \"%s\" (%s)\r\n",
482 filename_to_str(s->keyfile), error);
483 strbuf_free(s->publickey_blob);
484 s->publickey_blob = NULL;
485 }
486 } else {
487 ppl_logevent("Unable to use this key file (%s)",
488 key_type_to_str(keytype));
489 ppl_printf("Unable to use key file \"%s\" (%s)\r\n",
490 filename_to_str(s->keyfile),
491 key_type_to_str(keytype));
492 s->publickey_blob = NULL;
493 }
494 }
495
496 /*
497 * If the user provided a detached certificate file, load that.
498 */
499 if (!filename_is_null(s->detached_cert_file)) {
500 char *cert_error = NULL;
501 strbuf *cert_blob = strbuf_new();
502 char *algname = NULL;
503 char *comment = NULL;
504
505 ppl_logevent("Reading certificate file \"%s\"",
506 filename_to_str(s->detached_cert_file));
507 int keytype = key_type(s->detached_cert_file);
508 if (!(keytype == SSH_KEYTYPE_SSH2_PUBLIC_RFC4716 ||
509 keytype == SSH_KEYTYPE_SSH2_PUBLIC_OPENSSH)) {
510 cert_error = dupstr(key_type_to_str(keytype));
511 goto cert_load_done;
512 }
513
514 const char *error;
515 bool success = ppk_loadpub_f(
516 s->detached_cert_file, &algname,
517 BinarySink_UPCAST(cert_blob), &comment, &error);
518
519 if (!success) {
520 cert_error = dupstr(error);
521 goto cert_load_done;
522 }
523
524 const ssh_keyalg *certalg = find_pubkey_alg(algname);
525 if (!certalg) {
526 cert_error = dupprintf(
527 "unrecognised certificate type '%s'", algname);
528 goto cert_load_done;
529 }
530
531 if (!certalg->is_certificate) {
532 cert_error = dupprintf(
533 "key type '%s' is not a certificate", certalg->ssh_id);
534 goto cert_load_done;
535 }
536
537 /* OK, store the certificate blob to substitute for the
538 * public blob in all publickey auth packets. */
539 if (s->detached_cert_blob)
540 strbuf_free(s->detached_cert_blob);
541 s->detached_cert_blob = cert_blob;
542 cert_blob = NULL; /* prevent free */
543
544 cert_load_done:
545 if (cert_error) {
546 ppl_logevent("Unable to use this certificate file (%s)",
547 cert_error);
548 ppl_printf(
549 "Unable to use certificate file \"%s\" (%s)\r\n",
550 filename_to_str(s->detached_cert_file), cert_error);
551 sfree(cert_error);
552 }
553
554 if (cert_blob)
555 strbuf_free(cert_blob);
556 sfree(algname);
557 sfree(comment);
558 }
559
560 /*
561 * Find out about any keys Pageant has (but if there's a public
562 * key configured, filter out all others).
563 */
564 if (s->tryagent && agent_exists()) {
565 ppl_logevent("Pageant is running. Requesting keys.");
566
567 /* Request the keys held by the agent. */
568 {
569 strbuf *request = strbuf_new_for_agent_query();
570 put_byte(request, SSH2_AGENTC_REQUEST_IDENTITIES);
571 ssh2_userauth_agent_query(s, request);
572 strbuf_free(request);
573 crWaitUntilV(!s->auth_agent_query);
574 }
575 BinarySource_BARE_INIT_PL(s->asrc, s->agent_response);
576
577 get_uint32(s->asrc); /* skip length field */
578 if (get_byte(s->asrc) == SSH2_AGENT_IDENTITIES_ANSWER) {
579 size_t nkeys = get_uint32(s->asrc);
580 size_t origpos = s->asrc->pos;
581
582 /*
583 * Check that the agent response is well formed.
584 */
585 for (size_t i = 0; i < nkeys; i++) {
586 get_string(s->asrc); /* blob */
587 get_string(s->asrc); /* comment */
588 if (get_err(s->asrc)) {
589 ppl_logevent("Pageant's response was truncated");
590 goto done_agent_query;
591 }
592 }
593
594 /*
595 * Copy the list of public-key blobs out of the Pageant
596 * response.
597 */
598 BinarySource_REWIND_TO(s->asrc, origpos);
599 s->agent_keys_len = nkeys;
600 s->agent_keys = snewn(s->agent_keys_len, agent_key);
601 for (size_t i = 0; i < nkeys; i++) {
602 s->agent_keys[i].blob = strbuf_dup(get_string(s->asrc));
603 s->agent_keys[i].comment = strbuf_dup(get_string(s->asrc));
604
605 /* Also, extract the algorithm string from the start
606 * of the public-key blob. */
607 s->agent_keys[i].algorithm = pubkey_blob_to_alg_name(
608 ptrlen_from_strbuf(s->agent_keys[i].blob));
609 }
610
611 ppl_logevent("Pageant has %"SIZEu" SSH-2 keys", nkeys);
612
613 if (s->publickey_blob) {
614 /*
615 * If we've been given a specific public key blob,
616 * filter the list of keys to try from the agent down
617 * to only that one, or none if it's not there.
618 */
619 ptrlen our_blob = ptrlen_from_strbuf(s->publickey_blob);
620 size_t i;
621
622 for (i = 0; i < nkeys; i++) {
623 if (ptrlen_eq_ptrlen(our_blob, ptrlen_from_strbuf(
624 s->agent_keys[i].blob)))
625 break;
626 }
627
628 if (i < nkeys) {
629 ppl_logevent("Pageant key #%"SIZEu" matches "
630 "configured key file", i);
631 s->agent_key_index = i;
632 s->agent_key_limit = i+1;
633 } else {
634 ppl_logevent("Configured key file not in Pageant");
635 s->agent_key_index = 0;
636 s->agent_key_limit = 0;
637 }
638 } else {
639 /*
640 * Otherwise, try them all.
641 */
642 s->agent_key_index = 0;
643 s->agent_key_limit = nkeys;
644 }
645 } else {
646 ppl_logevent("Failed to get reply from Pageant");
647 }
648 done_agent_query:;
649 }
650
651 s->got_username = false;
652
653 if (*s->authplugin_cmd) {
654 s->authplugin_plug.vt = &authplugin_plugvt;
655 s->authplugin = platform_start_subprocess(
656 s->authplugin_cmd, &s->authplugin_plug, "plugin");
657 ppl_logevent("Started authentication plugin: %s", s->authplugin_cmd);
658 }
659
660 if (s->authplugin) {
661 strbuf *amsg = authplugin_newmsg(PLUGIN_INIT);
662 put_uint32(amsg, PLUGIN_PROTOCOL_MAX_VERSION);
663 put_stringz(amsg, s->hostname);
664 put_uint32(amsg, s->port);
665 put_stringz(amsg, s->username ? s->username : "");
666 authplugin_send_free(s, amsg);
667
668 BinarySource src[1];
669 unsigned type;
670 crMaybeWaitUntilV(authplugin_expect_msg(s, &type, src));
671 switch (type) {
672 case PLUGIN_INIT_RESPONSE: {
673 s->authplugin_version = get_uint32(src);
674 ptrlen username = get_string(src);
675 if (get_err(src)) {
676 ssh_sw_abort(s->ppl.ssh, "Received malformed "
677 "PLUGIN_INIT_RESPONSE from auth helper plugin");
678 return;
679 }
680 if (s->authplugin_version > PLUGIN_PROTOCOL_MAX_VERSION) {
681 ssh_sw_abort(s->ppl.ssh, "Auth helper plugin announced "
682 "unsupported version number %"PRIu32,
683 s->authplugin_version);
684 return;
685 }
686 if (username.len) {
687 sfree(s->default_username);
688 s->default_username = mkstr(username);
689 ppl_logevent("Authentication plugin set username '%s'",
690 s->default_username);
691 }
692 break;
693 }
694 case PLUGIN_INIT_FAILURE: {
695 ptrlen message = get_string(src);
696 if (get_err(src)) {
697 ssh_sw_abort(s->ppl.ssh, "Received malformed "
698 "PLUGIN_INIT_FAILURE from auth helper plugin");
699 return;
700 }
701 /* This is a controlled error, so we need not completely
702 * abandon the connection. Instead, inform the user, and
703 * proceed as if the plugin was not present */
704 ppl_printf("Authentication plugin failed to initialise:\r\n");
705 seat_set_trust_status(s->ppl.seat, false);
706 ppl_printf("%.*s\r\n", PTRLEN_PRINTF(message));
707 seat_set_trust_status(s->ppl.seat, true);
708 sk_close(s->authplugin);
709 s->authplugin = NULL;
710 break;
711 }
712 default:
713 authplugin_bad_packet(s, type, "expected PLUGIN_INIT_RESPONSE or "
714 "PLUGIN_INIT_FAILURE");
715 return;
716 }
717 }
718
719 /*
720 * We repeat this whole loop, including the username prompt,
721 * until we manage a successful authentication. If the user
722 * types the wrong _password_, they can be sent back to the
723 * beginning to try another username, if this is configured on.
724 * (If they specify a username in the config, they are never
725 * asked, even if they do give a wrong password.)
726 *
727 * I think this best serves the needs of
728 *
729 * - the people who have no configuration, no keys, and just
730 * want to try repeated (username,password) pairs until they
731 * type both correctly
732 *
733 * - people who have keys and configuration but occasionally
734 * need to fall back to passwords
735 *
736 * - people with a key held in Pageant, who might not have
737 * logged in to a particular machine before; so they want to
738 * type a username, and then _either_ their key will be
739 * accepted, _or_ they will type a password. If they mistype
740 * the username they will want to be able to get back and
741 * retype it!
742 */
743 while (1) {
744 /*
745 * Get a username.
746 */
747 if (s->got_username && !s->change_username) {
748 /*
749 * We got a username last time round this loop, and
750 * with change_username turned off we don't try to get
751 * it again.
752 */
753 } else if ((s->username = s->default_username) == NULL) {
754 s->cur_prompt = ssh_ppl_new_prompts(&s->ppl);
755 s->cur_prompt->to_server = true;
756 s->cur_prompt->from_server = false;
757 s->cur_prompt->name = dupstr("SSH login name");
758 add_prompt(s->cur_prompt, dupstr("login as: "), true);
759 s->spr = seat_get_userpass_input(
760 ppl_get_iseat(&s->ppl), s->cur_prompt);
761 while (s->spr.kind == SPRK_INCOMPLETE) {
762 crReturnV;
763 s->spr = seat_get_userpass_input(
764 ppl_get_iseat(&s->ppl), s->cur_prompt);
765 }
766 if (spr_is_abort(s->spr)) {
767 /*
768 * seat_get_userpass_input() failed to get a username.
769 * Terminate.
770 */
771 free_prompts(s->cur_prompt);
772 s->cur_prompt = NULL;
773 ssh_spr_close(s->ppl.ssh, s->spr, "username prompt");
774 return;
775 }
776 sfree(s->locally_allocated_username); /* for change_username */
777 s->username = s->locally_allocated_username =
778 prompt_get_result(s->cur_prompt->prompts[0]);
779 free_prompts(s->cur_prompt);
780 s->cur_prompt = NULL;
781 } else {
782 if (seat_verbose(s->ppl.seat) || seat_interactive(s->ppl.seat))
783 ppl_printf("Using username \"%s\".\r\n", s->username);
784 }
785 s->got_username = true;
786
787 /*
788 * Send an authentication request using method "none": (a)
789 * just in case it succeeds, and (b) so that we know what
790 * authentication methods we can usefully try next.
791 */
792 s->ppl.bpp->pls->actx = SSH2_PKTCTX_NOAUTH;
793
794 s->pktout = ssh_bpp_new_pktout(s->ppl.bpp, SSH2_MSG_USERAUTH_REQUEST);
795 put_stringz(s->pktout, s->username);
796 put_stringz(s->pktout, s->successor_layer->vt->name);
797 put_stringz(s->pktout, "none"); /* method */
798 pq_push(s->ppl.out_pq, s->pktout);
799 s->type = AUTH_TYPE_NONE;
800
801 s->tried_pubkey_config = false;
802 s->kbd_inter_refused = false;
803 s->done_agent = false;
804
805 while (1) {
806 /*
807 * Wait for the result of the last authentication request,
808 * unless the request terminated for some reason on our
809 * own side.
810 */
811 if (s->suppress_wait_for_response_packet) {
812 pktin = NULL;
813 s->suppress_wait_for_response_packet = false;
814 } else {
815 crMaybeWaitUntilV((pktin = ssh2_userauth_pop(s)) != NULL);
816 }
817
818 /*
819 * Now is a convenient point to spew any banner material
820 * that we've accumulated. (This should ensure that when
821 * we exit the auth loop, we haven't any left to deal
822 * with.)
823 *
824 * Don't show the banner if we're operating in non-verbose
825 * non-interactive mode. (It's probably a script, which
826 * means nobody will read the banner _anyway_, and
827 * moreover the printing of the banner will screw up
828 * processing on the output of (say) plink.)
829 *
830 * The banner data has been sanitised already by this
831 * point, but we still need to precede and follow it with
832 * anti-spoofing header lines.
833 */
834 if (bufchain_size(&s->banner) &&
835 (seat_verbose(s->ppl.seat) || seat_interactive(s->ppl.seat))) {
836 if (s->banner_scc) {
837 seat_antispoof_msg(
838 ppl_get_iseat(&s->ppl),
839 "Pre-authentication banner message from server:");
840 seat_set_trust_status(s->ppl.seat, false);
841 }
842
843 bool mid_line = false;
844 while (bufchain_size(&s->banner) > 0) {
845 ptrlen data = bufchain_prefix(&s->banner);
846 seat_banner_pl(ppl_get_iseat(&s->ppl), data);
847 mid_line =
848 (((const char *)data.ptr)[data.len-1] != '\n');
849 bufchain_consume(&s->banner, data.len);
850 }
851 bufchain_clear(&s->banner);
852
853 if (mid_line)
854 seat_banner_pl(ppl_get_iseat(&s->ppl),
855 PTRLEN_LITERAL("\r\n"));
856
857 if (s->banner_scc) {
858 seat_set_trust_status(s->ppl.seat, true);
859 seat_antispoof_msg(ppl_get_iseat(&s->ppl),
860 "End of banner message from server");
861 }
862 }
863
864 if (pktin && pktin->type == SSH2_MSG_USERAUTH_SUCCESS) {
865 ppl_logevent("Access granted");
866 goto userauth_success;
867 }
868
869 if (pktin && pktin->type != SSH2_MSG_USERAUTH_FAILURE &&
870 s->type != AUTH_TYPE_GSSAPI) {
871 ssh_proto_error(s->ppl.ssh, "Received unexpected packet "
872 "in response to authentication request, "
873 "type %d (%s)", pktin->type,
874 ssh2_pkt_type(s->ppl.bpp->pls->kctx,
875 s->ppl.bpp->pls->actx,
876 pktin->type));
877 return;
878 }
879
880 /*
881 * OK, we're now sitting on a USERAUTH_FAILURE message, so
882 * we can look at the string in it and know what we can
883 * helpfully try next.
884 */
885 if (pktin && pktin->type == SSH2_MSG_USERAUTH_FAILURE) {
886 ptrlen methods = get_string(pktin);
887 bool partial_success = get_bool(pktin);
888
889 if (!partial_success) {
890 /*
891 * We have received an unequivocal Access
892 * Denied. This can translate to a variety of
893 * messages, or no message at all.
894 *
895 * For forms of authentication which are attempted
896 * implicitly, by which I mean without printing
897 * anything in the window indicating that we're
898 * trying them, we should never print 'Access
899 * denied'.
900 *
901 * If we do print a message saying that we're
902 * attempting some kind of authentication, it's OK
903 * to print a followup message saying it failed -
904 * but the message may sometimes be more specific
905 * than simply 'Access denied'.
906 *
907 * Additionally, if we'd just tried password
908 * authentication, we should break out of this
909 * whole loop so as to go back to the username
910 * prompt (iff we're configured to allow
911 * username change attempts).
912 */
913 if (s->type == AUTH_TYPE_NONE) {
914 /* do nothing */
915 } else if (s->type == AUTH_TYPE_PUBLICKEY_OFFER_LOUD ||
916 s->type == AUTH_TYPE_PUBLICKEY_OFFER_QUIET) {
917 if (s->type == AUTH_TYPE_PUBLICKEY_OFFER_LOUD)
918 ppl_printf("Server refused our key\r\n");
919 ppl_logevent("Server refused our key");
920 } else if (s->type == AUTH_TYPE_PUBLICKEY) {
921 /* This _shouldn't_ happen except by a
922 * protocol bug causing client and server to
923 * disagree on what is a correct signature. */
924 ppl_printf("Server refused public-key signature"
925 " despite accepting key!\r\n");
926 ppl_logevent("Server refused public-key signature"
927 " despite accepting key!");
928 } else if (s->type==AUTH_TYPE_KEYBOARD_INTERACTIVE_QUIET) {
929 /* quiet, so no ppl_printf */
930 ppl_logevent("Server refused keyboard-interactive "
931 "authentication");
932 } else if (s->type==AUTH_TYPE_GSSAPI) {
933 /* always quiet, so no ppl_printf */
934 /* also, the code down in the GSSAPI block has
935 * already logged this in the Event Log */
936 } else if (s->type == AUTH_TYPE_KEYBOARD_INTERACTIVE) {
937 ppl_logevent("Keyboard-interactive authentication "
938 "failed");
939 ppl_printf("Access denied\r\n");
940 } else {
941 assert(s->type == AUTH_TYPE_PASSWORD);
942 ppl_logevent("Password authentication failed");
943 ppl_printf("Access denied\r\n");
944
945 if (s->change_username) {
946 /* XXX perhaps we should allow
947 * keyboard-interactive to do this too? */
948 goto try_new_username;
949 }
950 }
951 } else {
952 ppl_printf("Further authentication required\r\n");
953 ppl_logevent("Further authentication required");
954 }
955
956 /*
957 * Save the methods string for use in error messages.
958 */
959 strbuf_clear(s->last_methods_string);
960 put_datapl(s->last_methods_string, methods);
961
962 /*
963 * Scan it for method identifiers we know about.
964 */
965 bool srv_pubkey = false, srv_passwd = false;
966 bool srv_keyb_inter = false;
967 #ifndef NO_GSSAPI
968 bool srv_gssapi = false, srv_gssapi_keyex_auth = false;
969 #endif
970
971 for (ptrlen method; get_commasep_word(&methods, &method) ;) {
972 if (ptrlen_eq_string(method, "publickey"))
973 srv_pubkey = true;
974 else if (ptrlen_eq_string(method, "password"))
975 srv_passwd = true;
976 else if (ptrlen_eq_string(method, "keyboard-interactive"))
977 srv_keyb_inter = true;
978 #ifndef NO_GSSAPI
979 else if (ptrlen_eq_string(method, "gssapi-with-mic"))
980 srv_gssapi = true;
981 else if (ptrlen_eq_string(method, "gssapi-keyex"))
982 srv_gssapi_keyex_auth = true;
983 #endif
984 }
985
986 /*
987 * And combine those flags with our own configuration
988 * and context to set the main can_foo variables.
989 */
990 s->can_pubkey = srv_pubkey;
991 s->can_passwd = srv_passwd;
992 s->can_keyb_inter = s->try_ki_auth && srv_keyb_inter;
993 #ifndef NO_GSSAPI
994 s->can_gssapi = s->try_gssapi_auth && srv_gssapi &&
995 s->shgss->libs->nlibraries > 0;
996 s->can_gssapi_keyex_auth = s->try_gssapi_kex_auth &&
997 srv_gssapi_keyex_auth &&
998 s->shgss->libs->nlibraries > 0 && s->shgss->ctx;
999 #endif
1000 }
1001
1002 s->ppl.bpp->pls->actx = SSH2_PKTCTX_NOAUTH;
1003
1004 #ifndef NO_GSSAPI
1005 if (s->can_gssapi_keyex_auth && !s->tried_gssapi_keyex_auth) {
1006
1007 /* gssapi-keyex authentication */
1008
1009 s->type = AUTH_TYPE_GSSAPI;
1010 s->tried_gssapi_keyex_auth = true;
1011 s->ppl.bpp->pls->actx = SSH2_PKTCTX_GSSAPI;
1012
1013 if (s->shgss->lib->gsslogmsg)
1014 ppl_logevent("%s", s->shgss->lib->gsslogmsg);
1015
1016 ppl_logevent("Trying gssapi-keyex...");
1017 s->pktout = ssh2_userauth_gss_packet(s, "gssapi-keyex");
1018 pq_push(s->ppl.out_pq, s->pktout);
1019 s->shgss->lib->release_cred(s->shgss->lib, &s->shgss->ctx);
1020 s->shgss->ctx = NULL;
1021
1022 continue;
1023 } else
1024 #endif /* NO_GSSAPI */
1025
1026 if (s->can_pubkey && !s->done_agent &&
1027 s->agent_key_index < s->agent_key_limit) {
1028
1029 /*
1030 * Attempt public-key authentication using a key from Pageant.
1031 */
1032 s->agent_keyalg = s->agent_keys[s->agent_key_index].algorithm;
1033 char *alg_tmp = mkstr(s->agent_keyalg);
1034 const char *newalg = alg_tmp;
1035 if (ssh2_userauth_signflags(s, &s->signflags, &newalg))
1036 s->agent_keyalg = ptrlen_from_asciz(newalg);
1037 sfree(alg_tmp);
1038
1039 s->ppl.bpp->pls->actx = SSH2_PKTCTX_PUBLICKEY;
1040
1041 ppl_logevent("Trying Pageant key #%"SIZEu, s->agent_key_index);
1042
1043 /* See if server will accept it */
1044 s->pktout = ssh_bpp_new_pktout(
1045 s->ppl.bpp, SSH2_MSG_USERAUTH_REQUEST);
1046 put_stringz(s->pktout, s->username);
1047 put_stringz(s->pktout, s->successor_layer->vt->name);
1048 put_stringz(s->pktout, "publickey");
1049 /* method */
1050 put_bool(s->pktout, false); /* no signature included */
1051 ssh2_userauth_add_alg_and_publickey(
1052 s, s->pktout, s->agent_keyalg, ptrlen_from_strbuf(
1053 s->agent_keys[s->agent_key_index].blob));
1054 pq_push(s->ppl.out_pq, s->pktout);
1055 s->type = AUTH_TYPE_PUBLICKEY_OFFER_QUIET;
1056
1057 crMaybeWaitUntilV((pktin = ssh2_userauth_pop(s)) != NULL);
1058 if (pktin->type != SSH2_MSG_USERAUTH_PK_OK) {
1059
1060 /* Offer of key refused, presumably via
1061 * USERAUTH_FAILURE. Requeue for the next iteration. */
1062 pq_push_front(s->ppl.in_pq, pktin);
1063
1064 } else {
1065 strbuf *agentreq, *sigdata;
1066 ptrlen comment = ptrlen_from_strbuf(
1067 s->agent_keys[s->agent_key_index].comment);
1068
1069 if (seat_verbose(s->ppl.seat))
1070 ppl_printf("Authenticating with public key "
1071 "\"%.*s\" from agent\r\n",
1072 PTRLEN_PRINTF(comment));
1073
1074 /*
1075 * Server is willing to accept the key.
1076 * Construct a SIGN_REQUEST.
1077 */
1078 s->pktout = ssh_bpp_new_pktout(
1079 s->ppl.bpp, SSH2_MSG_USERAUTH_REQUEST);
1080 put_stringz(s->pktout, s->username);
1081 put_stringz(s->pktout, s->successor_layer->vt->name);
1082 put_stringz(s->pktout, "publickey");
1083 /* method */
1084 put_bool(s->pktout, true); /* signature included */
1085 ssh2_userauth_add_alg_and_publickey(
1086 s, s->pktout, s->agent_keyalg, ptrlen_from_strbuf(
1087 s->agent_keys[s->agent_key_index].blob));
1088
1089 /* Ask agent for signature. */
1090 agentreq = strbuf_new_for_agent_query();
1091 put_byte(agentreq, SSH2_AGENTC_SIGN_REQUEST);
1092 put_stringpl(agentreq, ptrlen_from_strbuf(
1093 s->agent_keys[s->agent_key_index].blob));
1094 /* Now the data to be signed... */
1095 sigdata = strbuf_new();
1096 ssh2_userauth_add_session_id(s, sigdata);
1097 put_data(sigdata, s->pktout->data + 5,
1098 s->pktout->length - 5);
1099 put_stringsb(agentreq, sigdata);
1100 /* And finally the flags word. */
1101 put_uint32(agentreq, s->signflags);
1102 ssh2_userauth_agent_query(s, agentreq);
1103 strbuf_free(agentreq);
1104 crWaitUntilV(!s->auth_agent_query);
1105
1106 if (s->agent_response.ptr) {
1107 ptrlen sigblob;
1108 BinarySource src[1];
1109 BinarySource_BARE_INIT(src, s->agent_response.ptr,
1110 s->agent_response.len);
1111 get_uint32(src); /* skip length field */
1112 if (get_byte(src) == SSH2_AGENT_SIGN_RESPONSE &&
1113 (sigblob = get_string(src), !get_err(src))) {
1114 ppl_logevent("Sending Pageant's response");
1115 ssh2_userauth_add_sigblob(
1116 s, s->pktout,
1117 ptrlen_from_strbuf(
1118 s->agent_keys[s->agent_key_index].blob),
1119 sigblob);
1120 pq_push(s->ppl.out_pq, s->pktout);
1121 s->type = AUTH_TYPE_PUBLICKEY;
1122 s->is_trivial_auth = false;
1123 } else {
1124 ppl_logevent("Pageant refused signing request");
1125 ppl_printf("Pageant failed to "
1126 "provide a signature\r\n");
1127 s->suppress_wait_for_response_packet = true;
1128 ssh_free_pktout(s->pktout);
1129 }
1130 } else {
1131 ppl_logevent("Pageant failed to respond to "
1132 "signing request");
1133 ppl_printf("Pageant failed to "
1134 "respond to signing request\r\n");
1135 s->suppress_wait_for_response_packet = true;
1136 ssh_free_pktout(s->pktout);
1137 }
1138 }
1139
1140 /* Do we have any keys left to try? */
1141 if (++s->agent_key_index >= s->agent_key_limit)
1142 s->done_agent = true;
1143
1144 } else if (s->can_pubkey && s->publickey_blob &&
1145 s->privatekey_available && !s->tried_pubkey_config) {
1146
1147 ssh2_userkey *key; /* not live over crReturn */
1148 char *passphrase; /* not live over crReturn */
1149
1150 s->ppl.bpp->pls->actx = SSH2_PKTCTX_PUBLICKEY;
1151
1152 s->tried_pubkey_config = true;
1153
1154 /*
1155 * Try the public key supplied in the configuration.
1156 *
1157 * First, try to upgrade its algorithm.
1158 */
1159 const char *newalg = s->publickey_algorithm;
1160 if (ssh2_userauth_signflags(s, &s->signflags, &newalg)) {
1161 sfree(s->publickey_algorithm);
1162 s->publickey_algorithm = dupstr(newalg);
1163 }
1164
1165 /*
1166 * Offer the public blob to see if the server is willing to
1167 * accept it.
1168 */
1169 s->pktout = ssh_bpp_new_pktout(
1170 s->ppl.bpp, SSH2_MSG_USERAUTH_REQUEST);
1171 put_stringz(s->pktout, s->username);
1172 put_stringz(s->pktout, s->successor_layer->vt->name);
1173 put_stringz(s->pktout, "publickey"); /* method */
1174 put_bool(s->pktout, false);
1175 /* no signature included */
1176 ssh2_userauth_add_alg_and_publickey(
1177 s, s->pktout, ptrlen_from_asciz(s->publickey_algorithm),
1178 ptrlen_from_strbuf(s->publickey_blob));
1179 pq_push(s->ppl.out_pq, s->pktout);
1180 ppl_logevent("Offered public key");
1181
1182 crMaybeWaitUntilV((pktin = ssh2_userauth_pop(s)) != NULL);
1183 if (pktin->type != SSH2_MSG_USERAUTH_PK_OK) {
1184 /* Key refused. Give up. */
1185 pq_push_front(s->ppl.in_pq, pktin);
1186 s->type = AUTH_TYPE_PUBLICKEY_OFFER_LOUD;
1187 continue; /* process this new message */
1188 }
1189 ppl_logevent("Offer of public key accepted");
1190
1191 /*
1192 * Actually attempt a serious authentication using
1193 * the key.
1194 */
1195 if (seat_verbose(s->ppl.seat))
1196 ppl_printf("Authenticating with public key \"%s\"\r\n",
1197 s->publickey_comment);
1198
1199 key = NULL;
1200 while (!key) {
1201 const char *error; /* not live over crReturn */
1202 if (s->privatekey_encrypted) {
1203 /*
1204 * Get a passphrase from the user.
1205 */
1206 s->cur_prompt = ssh_ppl_new_prompts(&s->ppl);
1207 s->cur_prompt->to_server = false;
1208 s->cur_prompt->from_server = false;
1209 s->cur_prompt->name = dupstr("SSH key passphrase");
1210 add_prompt(s->cur_prompt,
1211 dupprintf("Passphrase for key \"%s\": ",
1212 s->publickey_comment),
1213 false);
1214 s->spr = seat_get_userpass_input(
1215 ppl_get_iseat(&s->ppl), s->cur_prompt);
1216 while (s->spr.kind == SPRK_INCOMPLETE) {
1217 crReturnV;
1218 s->spr = seat_get_userpass_input(
1219 ppl_get_iseat(&s->ppl), s->cur_prompt);
1220 }
1221 if (spr_is_abort(s->spr)) {
1222 /* Failed to get a passphrase. Terminate. */
1223 free_prompts(s->cur_prompt);
1224 s->cur_prompt = NULL;
1225 ssh_bpp_queue_disconnect(
1226 s->ppl.bpp, "Unable to authenticate",
1227 SSH2_DISCONNECT_AUTH_CANCELLED_BY_USER);
1228 ssh_spr_close(s->ppl.ssh, s->spr,
1229 "passphrase prompt");
1230 return;
1231 }
1232 passphrase =
1233 prompt_get_result(s->cur_prompt->prompts[0]);
1234 free_prompts(s->cur_prompt);
1235 s->cur_prompt = NULL;
1236 } else {
1237 passphrase = NULL; /* no passphrase needed */
1238 }
1239
1240 /*
1241 * Try decrypting the key.
1242 */
1243 key = ppk_load_f(s->keyfile, passphrase, &error);
1244 if (passphrase) {
1245 /* burn the evidence */
1246 smemclr(passphrase, strlen(passphrase));
1247 sfree(passphrase);
1248 }
1249 if (key == SSH2_WRONG_PASSPHRASE || key == NULL) {
1250 if (passphrase &&
1251 (key == SSH2_WRONG_PASSPHRASE)) {
1252 ppl_printf("Wrong passphrase\r\n");
1253 key = NULL;
1254 /* and loop again */
1255 } else {
1256 ppl_printf("Unable to load private key (%s)\r\n",
1257 error);
1258 key = NULL;
1259 s->suppress_wait_for_response_packet = true;
1260 break; /* try something else */
1261 }
1262 } else {
1263 /* FIXME: if we ever support variable signature
1264 * flags, this is somewhere they'll need to be
1265 * put */
1266 char *invalid = ssh_key_invalid(key->key, 0);
1267 if (invalid) {
1268 ppl_printf("Cannot use this private key (%s)\r\n",
1269 invalid);
1270 ssh_key_free(key->key);
1271 sfree(key->comment);
1272 sfree(key);
1273 sfree(invalid);
1274 key = NULL;
1275 s->suppress_wait_for_response_packet = true;
1276 break; /* try something else */
1277 }
1278 }
1279 }
1280
1281 if (key) {
1282 strbuf *pkblob, *sigdata, *sigblob;
1283
1284 /*
1285 * We have loaded the private key and the server
1286 * has announced that it's willing to accept it.
1287 * Hallelujah. Generate a signature and send it.
1288 */
1289 s->pktout = ssh_bpp_new_pktout(
1290 s->ppl.bpp, SSH2_MSG_USERAUTH_REQUEST);
1291 put_stringz(s->pktout, s->username);
1292 put_stringz(s->pktout, s->successor_layer->vt->name);
1293 put_stringz(s->pktout, "publickey"); /* method */
1294 put_bool(s->pktout, true); /* signature follows */
1295 pkblob = strbuf_new();
1296 ssh_key_public_blob(key->key, BinarySink_UPCAST(pkblob));
1297 ssh2_userauth_add_alg_and_publickey(
1298 s, s->pktout,
1299 ptrlen_from_asciz(s->publickey_algorithm),
1300 ptrlen_from_strbuf(pkblob));
1301
1302 /*
1303 * The data to be signed is:
1304 *
1305 * string session-id
1306 *
1307 * followed by everything so far placed in the
1308 * outgoing packet.
1309 */
1310 sigdata = strbuf_new();
1311 ssh2_userauth_add_session_id(s, sigdata);
1312 put_data(sigdata, s->pktout->data + 5,
1313 s->pktout->length - 5);
1314 sigblob = strbuf_new();
1315 ssh_key_sign(key->key, ptrlen_from_strbuf(sigdata),
1316 s->signflags, BinarySink_UPCAST(sigblob));
1317 strbuf_free(sigdata);
1318 ssh2_userauth_add_sigblob(
1319 s, s->pktout, ptrlen_from_strbuf(pkblob),
1320 ptrlen_from_strbuf(sigblob));
1321 strbuf_free(pkblob);
1322 strbuf_free(sigblob);
1323
1324 pq_push(s->ppl.out_pq, s->pktout);
1325 ppl_logevent("Sent public key signature");
1326 s->type = AUTH_TYPE_PUBLICKEY;
1327 ssh_key_free(key->key);
1328 sfree(key->comment);
1329 sfree(key);
1330 s->is_trivial_auth = false;
1331 }
1332
1333 #ifndef NO_GSSAPI
1334 } else if (s->can_gssapi && !s->tried_gssapi) {
1335
1336 /* gssapi-with-mic authentication */
1337
1338 ptrlen data;
1339
1340 s->type = AUTH_TYPE_GSSAPI;
1341 s->tried_gssapi = true;
1342 s->ppl.bpp->pls->actx = SSH2_PKTCTX_GSSAPI;
1343
1344 if (s->shgss->lib->gsslogmsg)
1345 ppl_logevent("%s", s->shgss->lib->gsslogmsg);
1346
1347 /* Sending USERAUTH_REQUEST with "gssapi-with-mic" method */
1348 ppl_logevent("Trying gssapi-with-mic...");
1349 s->pktout = ssh_bpp_new_pktout(
1350 s->ppl.bpp, SSH2_MSG_USERAUTH_REQUEST);
1351 put_stringz(s->pktout, s->username);
1352 put_stringz(s->pktout, s->successor_layer->vt->name);
1353 put_stringz(s->pktout, "gssapi-with-mic");
1354 ppl_logevent("Attempting GSSAPI authentication");
1355
1356 /* add mechanism info */
1357 s->shgss->lib->indicate_mech(s->shgss->lib, &s->gss_buf);
1358
1359 /* number of GSSAPI mechanisms */
1360 put_uint32(s->pktout, 1);
1361
1362 /* length of OID + 2 */
1363 put_uint32(s->pktout, s->gss_buf.length + 2);
1364 put_byte(s->pktout, SSH2_GSS_OIDTYPE);
1365
1366 /* length of OID */
1367 put_byte(s->pktout, s->gss_buf.length);
1368
1369 put_data(s->pktout, s->gss_buf.value, s->gss_buf.length);
1370 pq_push(s->ppl.out_pq, s->pktout);
1371 crMaybeWaitUntilV((pktin = ssh2_userauth_pop(s)) != NULL);
1372 if (pktin->type != SSH2_MSG_USERAUTH_GSSAPI_RESPONSE) {
1373 ppl_logevent("GSSAPI authentication request refused");
1374 pq_push_front(s->ppl.in_pq, pktin);
1375 continue;
1376 }
1377
1378 /* check returned packet ... */
1379
1380 data = get_string(pktin);
1381 s->gss_rcvtok.value = (char *)data.ptr;
1382 s->gss_rcvtok.length = data.len;
1383 if (s->gss_rcvtok.length != s->gss_buf.length + 2 ||
1384 ((char *)s->gss_rcvtok.value)[0] != SSH2_GSS_OIDTYPE ||
1385 ((char *)s->gss_rcvtok.value)[1] != s->gss_buf.length ||
1386 memcmp((char *)s->gss_rcvtok.value + 2,
1387 s->gss_buf.value,s->gss_buf.length) ) {
1388 ppl_logevent("GSSAPI authentication - wrong response "
1389 "from server");
1390 continue;
1391 }
1392
1393 /* Import server name if not cached from KEX */
1394 if (s->shgss->srv_name == GSS_C_NO_NAME) {
1395 s->gss_stat = s->shgss->lib->import_name(
1396 s->shgss->lib, s->fullhostname, &s->shgss->srv_name);
1397 if (s->gss_stat != SSH_GSS_OK) {
1398 if (s->gss_stat == SSH_GSS_BAD_HOST_NAME)
1399 ppl_logevent("GSSAPI import name failed -"
1400 " Bad service name");
1401 else
1402 ppl_logevent("GSSAPI import name failed");
1403 continue;
1404 }
1405 }
1406
1407 /* Allocate our gss_ctx */
1408 s->gss_stat = s->shgss->lib->acquire_cred(
1409 s->shgss->lib, &s->shgss->ctx, NULL);
1410 if (s->gss_stat != SSH_GSS_OK) {
1411 ppl_logevent("GSSAPI authentication failed to get "
1412 "credentials");
1413 /* The failure was on our side, so the server
1414 * won't be sending a response packet indicating
1415 * failure. Avoid waiting for it next time round
1416 * the loop. */
1417 s->suppress_wait_for_response_packet = true;
1418 continue;
1419 }
1420
1421 /* initial tokens are empty */
1422 SSH_GSS_CLEAR_BUF(&s->gss_rcvtok);
1423 SSH_GSS_CLEAR_BUF(&s->gss_sndtok);
1424
1425 /* now enter the loop */
1426 do {
1427 /*
1428 * When acquire_cred yields no useful expiration, go with
1429 * the service ticket expiration.
1430 */
1431 s->gss_stat = s->shgss->lib->init_sec_context(
1432 s->shgss->lib,
1433 &s->shgss->ctx,
1434 s->shgss->srv_name,
1435 s->gssapi_fwd,
1436 &s->gss_rcvtok,
1437 &s->gss_sndtok,
1438 NULL,
1439 NULL);
1440
1441 if (s->gss_stat!=SSH_GSS_S_COMPLETE &&
1442 s->gss_stat!=SSH_GSS_S_CONTINUE_NEEDED) {
1443 ppl_logevent("GSSAPI authentication initialisation "
1444 "failed");
1445
1446 if (s->shgss->lib->display_status(
1447 s->shgss->lib, s->shgss->ctx, &s->gss_buf)
1448 == SSH_GSS_OK) {
1449 ppl_logevent("%s", (char *)s->gss_buf.value);
1450 sfree(s->gss_buf.value);
1451 }
1452
1453 pq_push_front(s->ppl.in_pq, pktin);
1454 break;
1455 }
1456 ppl_logevent("GSSAPI authentication initialised");
1457
1458 /*
1459 * Client and server now exchange tokens until GSSAPI
1460 * no longer says CONTINUE_NEEDED
1461 */
1462 if (s->gss_sndtok.length != 0) {
1463 s->is_trivial_auth = false;
1464 s->pktout =
1465 ssh_bpp_new_pktout(
1466 s->ppl.bpp, SSH2_MSG_USERAUTH_GSSAPI_TOKEN);
1467 put_string(s->pktout,
1468 s->gss_sndtok.value, s->gss_sndtok.length);
1469 pq_push(s->ppl.out_pq, s->pktout);
1470 s->shgss->lib->free_tok(s->shgss->lib, &s->gss_sndtok);
1471 }
1472
1473 if (s->gss_stat == SSH_GSS_S_CONTINUE_NEEDED) {
1474 crMaybeWaitUntilV((pktin = ssh2_userauth_pop(s)) != NULL);
1475
1476 if (pktin->type == SSH2_MSG_USERAUTH_GSSAPI_ERRTOK) {
1477 /*
1478 * Per RFC 4462 section 3.9, this packet
1479 * type MUST immediately precede an
1480 * ordinary USERAUTH_FAILURE.
1481 *
1482 * We currently don't know how to do
1483 * anything with the GSSAPI error token
1484 * contained in this packet, so we ignore
1485 * it and just wait for the following
1486 * FAILURE.
1487 */
1488 crMaybeWaitUntilV(
1489 (pktin = ssh2_userauth_pop(s)) != NULL);
1490 if (pktin->type != SSH2_MSG_USERAUTH_FAILURE) {
1491 ssh_proto_error(
1492 s->ppl.ssh, "Received unexpected packet "
1493 "after SSH_MSG_USERAUTH_GSSAPI_ERRTOK "
1494 "(expected SSH_MSG_USERAUTH_FAILURE): "
1495 "type %d (%s)", pktin->type,
1496 ssh2_pkt_type(s->ppl.bpp->pls->kctx,
1497 s->ppl.bpp->pls->actx,
1498 pktin->type));
1499 return;
1500 }
1501 }
1502
1503 if (pktin->type == SSH2_MSG_USERAUTH_FAILURE) {
1504 ppl_logevent("GSSAPI authentication failed");
1505 s->gss_stat = SSH_GSS_FAILURE;
1506 pq_push_front(s->ppl.in_pq, pktin);
1507 break;
1508 } else if (pktin->type !=
1509 SSH2_MSG_USERAUTH_GSSAPI_TOKEN) {
1510 ppl_logevent("GSSAPI authentication -"
1511 " bad server response");
1512 s->gss_stat = SSH_GSS_FAILURE;
1513 break;
1514 }
1515 data = get_string(pktin);
1516 s->gss_rcvtok.value = (char *)data.ptr;
1517 s->gss_rcvtok.length = data.len;
1518 }
1519 } while (s-> gss_stat == SSH_GSS_S_CONTINUE_NEEDED);
1520
1521 if (s->gss_stat != SSH_GSS_OK) {
1522 s->shgss->lib->release_cred(s->shgss->lib, &s->shgss->ctx);
1523 continue;
1524 }
1525 ppl_logevent("GSSAPI authentication loop finished OK");
1526
1527 /* Now send the MIC */
1528
1529 s->pktout = ssh2_userauth_gss_packet(s, "gssapi-with-mic");
1530 pq_push(s->ppl.out_pq, s->pktout);
1531
1532 s->shgss->lib->release_cred(s->shgss->lib, &s->shgss->ctx);
1533 continue;
1534 #endif
1535 } else if (s->can_keyb_inter && !s->kbd_inter_refused) {
1536
1537 /*
1538 * Keyboard-interactive authentication.
1539 */
1540
1541 s->type = AUTH_TYPE_KEYBOARD_INTERACTIVE;
1542
1543 s->ppl.bpp->pls->actx = SSH2_PKTCTX_KBDINTER;
1544
1545 s->pktout = ssh_bpp_new_pktout(
1546 s->ppl.bpp, SSH2_MSG_USERAUTH_REQUEST);
1547 put_stringz(s->pktout, s->username);
1548 put_stringz(s->pktout, s->successor_layer->vt->name);
1549 put_stringz(s->pktout, "keyboard-interactive");
1550 /* method */
1551 put_stringz(s->pktout, ""); /* lang */
1552 put_stringz(s->pktout, ""); /* submethods */
1553 pq_push(s->ppl.out_pq, s->pktout);
1554
1555 ppl_logevent("Attempting keyboard-interactive authentication");
1556
1557 if (s->authplugin) {
1558 strbuf *amsg = authplugin_newmsg(PLUGIN_PROTOCOL);
1559 put_stringz(amsg, "keyboard-interactive");
1560 authplugin_send_free(s, amsg);
1561
1562 BinarySource src[1];
1563 unsigned type;
1564 crMaybeWaitUntilV(authplugin_expect_msg(s, &type, src));
1565 switch (type) {
1566 case PLUGIN_PROTOCOL_REJECT: {
1567 ptrlen message = PTRLEN_LITERAL("");
1568 if (s->authplugin_version >= 2) {
1569 /* draft protocol didn't include a message here */
1570 message = get_string(src);
1571 }
1572 if (get_err(src)) {
1573 ssh_sw_abort(s->ppl.ssh, "Received malformed "
1574 "PLUGIN_PROTOCOL_REJECT from auth "
1575 "helper plugin");
1576 return;
1577 }
1578 if (message.len) {
1579 /* If the plugin sent a message about
1580 * _why_ it didn't want to do k-i, pass
1581 * that message on to the user. (It might
1582 * say, for example, what went wrong when
1583 * it tried to open its config file.) */
1584 ppl_printf("Authentication plugin failed to set "
1585 "up keyboard-interactive "
1586 "authentication:\r\n");
1587 seat_set_trust_status(s->ppl.seat, false);
1588 ppl_printf("%.*s\r\n", PTRLEN_PRINTF(message));
1589 seat_set_trust_status(s->ppl.seat, true);
1590 ppl_logevent("Authentication plugin declined to "
1591 "help with keyboard-interactive: "
1592 "%.*s", PTRLEN_PRINTF(message));
1593 } else {
1594 ppl_logevent("Authentication plugin declined to "
1595 "help with keyboard-interactive");
1596 }
1597 s->authplugin_ki_active = false;
1598 break;
1599 }
1600 case PLUGIN_PROTOCOL_ACCEPT:
1601 s->authplugin_ki_active = true;
1602 ppl_logevent("Authentication plugin agreed to help "
1603 "with keyboard-interactive");
1604 break;
1605 default:
1606 authplugin_bad_packet(
1607 s, type, "expected PLUGIN_PROTOCOL_ACCEPT or "
1608 "PLUGIN_PROTOCOL_REJECT");
1609 return;
1610 }
1611 } else {
1612 s->authplugin_ki_active = false;
1613 }
1614
1615 if (!s->ki_scc_initialised) {
1616 s->ki_scc = seat_stripctrl_new(
1617 s->ppl.seat, NULL, SIC_KI_PROMPTS);
1618 if (s->ki_scc)
1619 stripctrl_enable_line_limiting(s->ki_scc);
1620 s->ki_scc_initialised = true;
1621 }
1622
1623 crMaybeWaitUntilV((pktin = ssh2_userauth_pop(s)) != NULL);
1624 if (pktin->type != SSH2_MSG_USERAUTH_INFO_REQUEST) {
1625 /* Server is not willing to do keyboard-interactive
1626 * at all (or, bizarrely but legally, accepts the
1627 * user without actually issuing any prompts).
1628 * Give up on it entirely. */
1629 pq_push_front(s->ppl.in_pq, pktin);
1630 s->type = AUTH_TYPE_KEYBOARD_INTERACTIVE_QUIET;
1631 s->kbd_inter_refused = true; /* don't try it again */
1632 continue;
1633 }
1634
1635 s->ki_printed_header = false;
1636
1637 /*
1638 * Loop while we still have prompts to send to the user.
1639 */
1640 if (!s->authplugin_ki_active) {
1641 /*
1642 * The simple case: INFO_REQUESTs are passed on to
1643 * the user, and responses are sent straight back
1644 * to the SSH server.
1645 */
1646 while (pktin->type == SSH2_MSG_USERAUTH_INFO_REQUEST) {
1647 if (!ssh2_userauth_ki_setup_prompts(
1648 s, BinarySource_UPCAST(pktin), false))
1649 return;
1650 crMaybeWaitUntilV(ssh2_userauth_ki_run_prompts(s));
1651
1652 if (spr_is_abort(s->spr)) {
1653 /*
1654 * Failed to get responses. Terminate.
1655 */
1656 free_prompts(s->cur_prompt);
1657 s->cur_prompt = NULL;
1658 ssh_bpp_queue_disconnect(
1659 s->ppl.bpp, "Unable to authenticate",
1660 SSH2_DISCONNECT_AUTH_CANCELLED_BY_USER);
1661 ssh_spr_close(s->ppl.ssh, s->spr, "keyboard-"
1662 "interactive authentication prompt");
1663 return;
1664 }
1665
1666 /*
1667 * Send the response(s) to the server.
1668 */
1669 s->pktout = ssh_bpp_new_pktout(
1670 s->ppl.bpp, SSH2_MSG_USERAUTH_INFO_RESPONSE);
1671 ssh2_userauth_ki_write_responses(
1672 s, BinarySink_UPCAST(s->pktout));
1673 s->pktout->minlen = 256;
1674 pq_push(s->ppl.out_pq, s->pktout);
1675
1676 /*
1677 * Get the next packet in case it's another
1678 * INFO_REQUEST.
1679 */
1680 crMaybeWaitUntilV(
1681 (pktin = ssh2_userauth_pop(s)) != NULL);
1682 }
1683 } else {
1684 /*
1685 * The case where a plugin is involved:
1686 * INFO_REQUEST from the server is sent to the
1687 * plugin, which sends responses that we hand back
1688 * to the server. But in the meantime, the plugin
1689 * might send USER_REQUEST for us to pass to the
1690 * user, and then we send responses to that.
1691 */
1692 while (pktin->type == SSH2_MSG_USERAUTH_INFO_REQUEST) {
1693 strbuf *amsg = authplugin_newmsg(
1694 PLUGIN_KI_SERVER_REQUEST);
1695 put_datapl(amsg, get_data(pktin, get_avail(pktin)));
1696 authplugin_send_free(s, amsg);
1697
1698 BinarySource src[1];
1699 unsigned type;
1700 while (true) {
1701 crMaybeWaitUntilV(authplugin_expect_msg(
1702 s, &type, src));
1703 if (type != PLUGIN_KI_USER_REQUEST)
1704 break;
1705
1706 if (!ssh2_userauth_ki_setup_prompts(s, src, true))
1707 return;
1708 crMaybeWaitUntilV(ssh2_userauth_ki_run_prompts(s));
1709
1710 if (spr_is_abort(s->spr)) {
1711 /*
1712 * Failed to get responses. Terminate.
1713 */
1714 free_prompts(s->cur_prompt);
1715 s->cur_prompt = NULL;
1716 ssh_bpp_queue_disconnect(
1717 s->ppl.bpp, "Unable to authenticate",
1718 SSH2_DISCONNECT_AUTH_CANCELLED_BY_USER);
1719 ssh_spr_close(
1720 s->ppl.ssh, s->spr, "keyboard-"
1721 "interactive authentication prompt");
1722 return;
1723 }
1724
1725 /*
1726 * Send the responses on to the plugin.
1727 */
1728 strbuf *amsg = authplugin_newmsg(
1729 PLUGIN_KI_USER_RESPONSE);
1730 ssh2_userauth_ki_write_responses(
1731 s, BinarySink_UPCAST(amsg));
1732 authplugin_send_free(s, amsg);
1733 }
1734
1735 if (type != PLUGIN_KI_SERVER_RESPONSE) {
1736 authplugin_bad_packet(
1737 s, type, "expected PLUGIN_KI_SERVER_RESPONSE "
1738 "or PLUGIN_PROTOCOL_USER_REQUEST");
1739 return;
1740 }
1741
1742 s->pktout = ssh_bpp_new_pktout(
1743 s->ppl.bpp, SSH2_MSG_USERAUTH_INFO_RESPONSE);
1744 put_datapl(s->pktout, get_data(src, get_avail(src)));
1745 s->pktout->minlen = 256;
1746 pq_push(s->ppl.out_pq, s->pktout);
1747
1748 /*
1749 * Get the next packet in case it's another
1750 * INFO_REQUEST.
1751 */
1752 crMaybeWaitUntilV(
1753 (pktin = ssh2_userauth_pop(s)) != NULL);
1754 }
1755 }
1756
1757 /*
1758 * Print our trailer line, if we printed a header.
1759 */
1760 if (s->ki_printed_header) {
1761 seat_set_trust_status(s->ppl.seat, true);
1762 seat_antispoof_msg(
1763 ppl_get_iseat(&s->ppl),
1764 (s->authplugin_ki_active ?
1765 "End of keyboard-interactive prompts from plugin" :
1766 "End of keyboard-interactive prompts from server"));
1767 }
1768
1769 /*
1770 * We should have SUCCESS or FAILURE now.
1771 */
1772 pq_push_front(s->ppl.in_pq, pktin);
1773
1774 if (s->authplugin_ki_active) {
1775 /*
1776 * As our last communication with the plugin, tell
1777 * it whether the k-i authentication succeeded.
1778 */
1779 int plugin_msg = -1;
1780 if (pktin->type == SSH2_MSG_USERAUTH_SUCCESS) {
1781 plugin_msg = PLUGIN_AUTH_SUCCESS;
1782 } else if (pktin->type == SSH2_MSG_USERAUTH_FAILURE) {
1783 /*
1784 * Peek in the failure packet to see if it's a
1785 * partial success.
1786 */
1787 BinarySource src[1];
1788 BinarySource_BARE_INIT(
1789 src, get_ptr(pktin), get_avail(pktin));
1790 get_string(pktin); /* skip methods */
1791 bool partial_success = get_bool(pktin);
1792 if (!get_err(src)) {
1793 plugin_msg = partial_success ?
1794 PLUGIN_AUTH_SUCCESS : PLUGIN_AUTH_FAILURE;
1795 }
1796 }
1797
1798 if (plugin_msg >= 0) {
1799 strbuf *amsg = authplugin_newmsg(plugin_msg);
1800 authplugin_send_free(s, amsg);
1801
1802 /* Wait until we've actually sent it, in case
1803 * we close the connection to the plugin
1804 * before that outgoing message has left our
1805 * own buffers */
1806 crMaybeWaitUntilV(s->authplugin_backlog == 0);
1807 }
1808 }
1809 } else if (s->can_passwd) {
1810 s->is_trivial_auth = false;
1811 /*
1812 * Plain old password authentication.
1813 */
1814 bool changereq_first_time; /* not live over crReturn */
1815
1816 s->ppl.bpp->pls->actx = SSH2_PKTCTX_PASSWORD;
1817
1818 s->cur_prompt = ssh_ppl_new_prompts(&s->ppl);
1819 s->cur_prompt->to_server = true;
1820 s->cur_prompt->from_server = false;
1821 s->cur_prompt->name = dupstr("SSH password");
1822 add_prompt(s->cur_prompt, dupprintf("%s@%s's password: ",
1823 s->username, s->hostname),
1824 false);
1825
1826 s->spr = seat_get_userpass_input(
1827 ppl_get_iseat(&s->ppl), s->cur_prompt);
1828 while (s->spr.kind == SPRK_INCOMPLETE) {
1829 crReturnV;
1830 s->spr = seat_get_userpass_input(
1831 ppl_get_iseat(&s->ppl), s->cur_prompt);
1832 }
1833 if (spr_is_abort(s->spr)) {
1834 /*
1835 * Failed to get responses. Terminate.
1836 */
1837 free_prompts(s->cur_prompt);
1838 s->cur_prompt = NULL;
1839 ssh_bpp_queue_disconnect(
1840 s->ppl.bpp, "Unable to authenticate",
1841 SSH2_DISCONNECT_AUTH_CANCELLED_BY_USER);
1842 ssh_spr_close(s->ppl.ssh, s->spr, "password prompt");
1843 return;
1844 }
1845 /*
1846 * Squirrel away the password. (We may need it later if
1847 * asked to change it.)
1848 */
1849 s->password = prompt_get_result(s->cur_prompt->prompts[0]);
1850 free_prompts(s->cur_prompt);
1851 s->cur_prompt = NULL;
1852
1853 /*
1854 * Send the password packet.
1855 *
1856 * We pad out the password packet to 256 bytes to make
1857 * it harder for an attacker to find the length of the
1858 * user's password.
1859 *
1860 * Anyone using a password longer than 256 bytes
1861 * probably doesn't have much to worry about from
1862 * people who find out how long their password is!
1863 */
1864 s->pktout = ssh_bpp_new_pktout(
1865 s->ppl.bpp, SSH2_MSG_USERAUTH_REQUEST);
1866 put_stringz(s->pktout, s->username);
1867 put_stringz(s->pktout, s->successor_layer->vt->name);
1868 put_stringz(s->pktout, "password");
1869 put_bool(s->pktout, false);
1870 put_stringz(s->pktout, s->password);
1871 s->pktout->minlen = 256;
1872 pq_push(s->ppl.out_pq, s->pktout);
1873 ppl_logevent("Sent password");
1874 s->type = AUTH_TYPE_PASSWORD;
1875
1876 /*
1877 * Wait for next packet, in case it's a password change
1878 * request.
1879 */
1880 crMaybeWaitUntilV((pktin = ssh2_userauth_pop(s)) != NULL);
1881 changereq_first_time = true;
1882
1883 while (pktin->type == SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ) {
1884
1885 /*
1886 * We're being asked for a new password
1887 * (perhaps not for the first time).
1888 * Loop until the server accepts it.
1889 */
1890
1891 bool got_new = false; /* not live over crReturn */
1892 ptrlen prompt; /* not live over crReturn */
1893
1894 {
1895 const char *msg;
1896 if (changereq_first_time)
1897 msg = "Server requested password change";
1898 else
1899 msg = "Server rejected new password";
1900 ppl_logevent("%s", msg);
1901 ppl_printf("%s\r\n", msg);
1902 }
1903
1904 prompt = get_string(pktin);
1905
1906 s->cur_prompt = ssh_ppl_new_prompts(&s->ppl);
1907 s->cur_prompt->to_server = true;
1908 s->cur_prompt->from_server = false;
1909 s->cur_prompt->name = dupstr("New SSH password");
1910 s->cur_prompt->instruction = mkstr(prompt);
1911 s->cur_prompt->instr_reqd = true;
1912 /*
1913 * There's no explicit requirement in the protocol
1914 * for the "old" passwords in the original and
1915 * password-change messages to be the same, and
1916 * apparently some Cisco kit supports password change
1917 * by the user entering a blank password originally
1918 * and the real password subsequently, so,
1919 * reluctantly, we prompt for the old password again.
1920 *
1921 * (On the other hand, some servers don't even bother
1922 * to check this field.)
1923 */
1924 add_prompt(s->cur_prompt,
1925 dupstr("Current password (blank for previously entered password): "),
1926 false);
1927 add_prompt(s->cur_prompt, dupstr("Enter new password: "),
1928 false);
1929 add_prompt(s->cur_prompt, dupstr("Confirm new password: "),
1930 false);
1931
1932 /*
1933 * Loop until the user manages to enter the same
1934 * password twice.
1935 */
1936 while (!got_new) {
1937 s->spr = seat_get_userpass_input(
1938 ppl_get_iseat(&s->ppl), s->cur_prompt);
1939 while (s->spr.kind == SPRK_INCOMPLETE) {
1940 crReturnV;
1941 s->spr = seat_get_userpass_input(
1942 ppl_get_iseat(&s->ppl), s->cur_prompt);
1943 }
1944 if (spr_is_abort(s->spr)) {
1945 /*
1946 * Failed to get responses. Terminate.
1947 */
1948 /* burn the evidence */
1949 free_prompts(s->cur_prompt);
1950 s->cur_prompt = NULL;
1951 smemclr(s->password, strlen(s->password));
1952 sfree(s->password);
1953 ssh_bpp_queue_disconnect(
1954 s->ppl.bpp, "Unable to authenticate",
1955 SSH2_DISCONNECT_AUTH_CANCELLED_BY_USER);
1956 ssh_spr_close(s->ppl.ssh, s->spr,
1957 "password-change prompt");
1958 return;
1959 }
1960
1961 /*
1962 * If the user specified a new original password
1963 * (IYSWIM), overwrite any previously specified
1964 * one.
1965 * (A side effect is that the user doesn't have to
1966 * re-enter it if they louse up the new password.)
1967 */
1968 if (s->cur_prompt->prompts[0]->result->s[0]) {
1969 smemclr(s->password, strlen(s->password));
1970 /* burn the evidence */
1971 sfree(s->password);
1972 s->password = prompt_get_result(
1973 s->cur_prompt->prompts[0]);
1974 }
1975
1976 /*
1977 * Check the two new passwords match.
1978 */
1979 got_new = !strcmp(
1980 prompt_get_result_ref(s->cur_prompt->prompts[1]),
1981 prompt_get_result_ref(s->cur_prompt->prompts[2]));
1982 if (!got_new)
1983 /* They don't. Silly user. */
1984 ppl_printf("Passwords do not match\r\n");
1985
1986 }
1987
1988 /*
1989 * Send the new password (along with the old one).
1990 * (see above for padding rationale)
1991 */
1992 s->pktout = ssh_bpp_new_pktout(
1993 s->ppl.bpp, SSH2_MSG_USERAUTH_REQUEST);
1994 put_stringz(s->pktout, s->username);
1995 put_stringz(s->pktout, s->successor_layer->vt->name);
1996 put_stringz(s->pktout, "password");
1997 put_bool(s->pktout, true);
1998 put_stringz(s->pktout, s->password);
1999 put_stringz(s->pktout, prompt_get_result_ref(
2000 s->cur_prompt->prompts[1]));
2001 free_prompts(s->cur_prompt);
2002 s->cur_prompt = NULL;
2003 s->pktout->minlen = 256;
2004 pq_push(s->ppl.out_pq, s->pktout);
2005 ppl_logevent("Sent new password");
2006
2007 /*
2008 * Now see what the server has to say about it.
2009 * (If it's CHANGEREQ again, it's not happy with the
2010 * new password.)
2011 */
2012 crMaybeWaitUntilV((pktin = ssh2_userauth_pop(s)) != NULL);
2013 changereq_first_time = false;
2014
2015 }
2016
2017 /*
2018 * We need to reexamine the current pktin at the top
2019 * of the loop. Either:
2020 * - we weren't asked to change password at all, in
2021 * which case it's a SUCCESS or FAILURE with the
2022 * usual meaning
2023 * - we sent a new password, and the server was
2024 * either OK with it (SUCCESS or FAILURE w/partial
2025 * success) or unhappy with the _old_ password
2026 * (FAILURE w/o partial success)
2027 * In any of these cases, we go back to the top of
2028 * the loop and start again.
2029 */
2030 pq_push_front(s->ppl.in_pq, pktin);
2031
2032 /*
2033 * We don't need the old password any more, in any
2034 * case. Burn the evidence.
2035 */
2036 smemclr(s->password, strlen(s->password));
2037 sfree(s->password);
2038
2039 } else {
2040 ssh_bpp_queue_disconnect(
2041 s->ppl.bpp,
2042 "No supported authentication methods available",
2043 SSH2_DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE);
2044 ssh_sw_abort(s->ppl.ssh, "No supported authentication methods "
2045 "available (server sent: %s)",
2046 s->last_methods_string->s);
2047 return;
2048 }
2049
2050 }
2051 try_new_username:;
2052 }
2053
2054 userauth_success:
2055 if (s->notrivialauth && s->is_trivial_auth) {
2056 ssh_proto_error(s->ppl.ssh, "Authentication was trivial! "
2057 "Abandoning session as specified in configuration.");
2058 return;
2059 }
2060
2061 /*
2062 * We've just received USERAUTH_SUCCESS, and we haven't sent
2063 * any packets since. Signal the transport layer to consider
2064 * doing an immediate rekey, if it has any reason to want to.
2065 */
2066 ssh2_transport_notify_auth_done(s->transport_layer);
2067
2068 /*
2069 * Finally, hand over to our successor layer, and return
2070 * immediately without reaching the crFinishV: ssh_ppl_replace
2071 * will have freed us, so crFinishV's zeroing-out of crState would
2072 * be a use-after-free bug.
2073 */
2074 {
2075 PacketProtocolLayer *successor = s->successor_layer;
2076 s->successor_layer = NULL; /* avoid freeing it ourself */
2077 ssh_ppl_replace(&s->ppl, successor);
2078 return; /* we've just freed s, so avoid even touching s->crState */
2079 }
2080
2081 crFinishV;
2082 }
2083
2084 static bool ssh2_userauth_ki_setup_prompts(
2085 struct ssh2_userauth_state *s, BinarySource *src, bool plugin)
2086 {
2087 ptrlen name, inst;
2088 strbuf *sb;
2089
2090 /*
2091 * We've got a fresh USERAUTH_INFO_REQUEST. Get the preamble and
2092 * start building a prompt.
2093 */
2094 name = get_string(src);
2095 inst = get_string(src);
2096 get_string(src); /* skip language tag */
2097 s->cur_prompt = ssh_ppl_new_prompts(&s->ppl);
2098 s->cur_prompt->to_server = true;
2099 s->cur_prompt->from_server = true;
2100
2101 /*
2102 * Get any prompt(s) from the packet.
2103 */
2104 s->num_prompts = get_uint32(src);
2105 for (uint32_t i = 0; i < s->num_prompts; i++) {
2106 s->is_trivial_auth = false;
2107 ptrlen prompt = get_string(src);
2108 bool echo = get_bool(src);
2109
2110 if (get_err(src)) {
2111 ssh_proto_error(s->ppl.ssh, "%s sent truncated %s packet",
2112 plugin ? "Plugin" : "Server",
2113 plugin ? "PLUGIN_KI_USER_REQUEST" :
2114 "SSH_MSG_USERAUTH_INFO_REQUEST");
2115 return false;
2116 }
2117
2118 sb = strbuf_new();
2119 if (!prompt.len) {
2120 put_fmt(sb, "<%s failed to send prompt>: ",
2121 plugin ? "plugin" : "server");
2122 } else if (s->ki_scc) {
2123 stripctrl_retarget(s->ki_scc, BinarySink_UPCAST(sb));
2124 put_datapl(s->ki_scc, prompt);
2125 stripctrl_retarget(s->ki_scc, NULL);
2126 } else {
2127 put_datapl(sb, prompt);
2128 }
2129 add_prompt(s->cur_prompt, strbuf_to_str(sb), echo);
2130 }
2131
2132 /*
2133 * Make the header strings. This includes the 'name' (optional
2134 * dialog-box title) and 'instruction' from the server.
2135 *
2136 * First, display our disambiguating header line if this is the
2137 * first time round the loop - _unless_ the server has sent a
2138 * completely empty k-i packet with no prompts _or_ text, which
2139 * apparently some do. In that situation there's no need to alert
2140 * the user that the following text is server- supplied, because,
2141 * well, _what_ text?
2142 *
2143 * We also only do this if we got a stripctrl, because if we
2144 * didn't, that suggests this is all being done via dialog boxes
2145 * anyway.
2146 */
2147 if (!s->ki_printed_header && s->ki_scc &&
2148 (s->num_prompts || name.len || inst.len)) {
2149 seat_antispoof_msg(
2150 ppl_get_iseat(&s->ppl),
2151 (plugin ?
2152 "Keyboard-interactive authentication prompts from plugin:" :
2153 "Keyboard-interactive authentication prompts from server:"));
2154 s->ki_printed_header = true;
2155 seat_set_trust_status(s->ppl.seat, false);
2156 }
2157
2158 sb = strbuf_new();
2159 if (name.len) {
2160 if (s->ki_scc) {
2161 stripctrl_retarget(s->ki_scc, BinarySink_UPCAST(sb));
2162 put_datapl(s->ki_scc, name);
2163 stripctrl_retarget(s->ki_scc, NULL);
2164 } else {
2165 put_datapl(sb, name);
2166 }
2167 s->cur_prompt->name_reqd = true;
2168 } else {
2169 if (plugin)
2170 put_datapl(sb, PTRLEN_LITERAL(
2171 "Communication with authentication plugin"));
2172 else
2173 put_datapl(sb, PTRLEN_LITERAL("SSH server authentication"));
2174 s->cur_prompt->name_reqd = false;
2175 }
2176 s->cur_prompt->name = strbuf_to_str(sb);
2177
2178 sb = strbuf_new();
2179 if (inst.len) {
2180 if (s->ki_scc) {
2181 stripctrl_retarget(s->ki_scc, BinarySink_UPCAST(sb));
2182 put_datapl(s->ki_scc, inst);
2183 stripctrl_retarget(s->ki_scc, NULL);
2184 } else {
2185 put_datapl(sb, inst);
2186 }
2187 s->cur_prompt->instr_reqd = true;
2188 } else {
2189 s->cur_prompt->instr_reqd = false;
2190 }
2191 if (sb->len)
2192 s->cur_prompt->instruction = strbuf_to_str(sb);
2193 else
2194 strbuf_free(sb);
2195
2196 return true;
2197 }
2198
2199 static bool ssh2_userauth_ki_run_prompts(struct ssh2_userauth_state *s)
2200 {
2201 s->spr = seat_get_userpass_input(
2202 ppl_get_iseat(&s->ppl), s->cur_prompt);
2203 return s->spr.kind != SPRK_INCOMPLETE;
2204 }
2205
2206 static void ssh2_userauth_ki_write_responses(
2207 struct ssh2_userauth_state *s, BinarySink *bs)
2208 {
2209 put_uint32(bs, s->num_prompts);
2210 for (uint32_t i = 0; i < s->num_prompts; i++)
2211 put_stringz(bs, prompt_get_result_ref(s->cur_prompt->prompts[i]));
2212
2213 /*
2214 * Free the prompts structure from this iteration. If there's
2215 * another, a new one will be allocated when we return to the top
2216 * of this while loop.
2217 */
2218 free_prompts(s->cur_prompt);
2219 s->cur_prompt = NULL;
2220 }
2221
2222 static void ssh2_userauth_add_session_id(
2223 struct ssh2_userauth_state *s, strbuf *sigdata)
2224 {
2225 if (s->ppl.remote_bugs & BUG_SSH2_PK_SESSIONID) {
2226 put_datapl(sigdata, s->session_id);
2227 } else {
2228 put_stringpl(sigdata, s->session_id);
2229 }
2230 }
2231
2232 static void ssh2_userauth_agent_query(
2233 struct ssh2_userauth_state *s, strbuf *req)
2234 {
2235 void *response;
2236 int response_len;
2237
2238 sfree(s->agent_response_to_free);
2239 s->agent_response_to_free = NULL;
2240
2241 s->auth_agent_query = agent_query(req, &response, &response_len,
2242 ssh2_userauth_agent_callback, s);
2243 if (!s->auth_agent_query)
2244 ssh2_userauth_agent_callback(s, response, response_len);
2245 }
2246
2247 static void ssh2_userauth_agent_callback(void *uav, void *reply, int replylen)
2248 {
2249 struct ssh2_userauth_state *s = (struct ssh2_userauth_state *)uav;
2250
2251 s->auth_agent_query = NULL;
2252 s->agent_response_to_free = reply;
2253 s->agent_response = make_ptrlen(reply, replylen);
2254
2255 queue_idempotent_callback(&s->ppl.ic_process_queue);
2256 }
2257
2258 /*
2259 * Helper function to add the algorithm and public key strings to a
2260 * "publickey" auth packet. Deals with overriding both strings if the
2261 * user has provided a detached certificate which matches the public
2262 * key in question.
2263 */
2264 static void ssh2_userauth_add_alg_and_publickey(
2265 struct ssh2_userauth_state *s, PktOut *pkt, ptrlen alg, ptrlen pkblob)
2266 {
2267 PacketProtocolLayer *ppl = &s->ppl; /* for ppl_logevent */
2268
2269 if (s->detached_cert_blob) {
2270 ptrlen detached_cert_pl = ptrlen_from_strbuf(s->detached_cert_blob);
2271 strbuf *certbase = NULL, *pkbase = NULL;
2272 bool done = false;
2273 const ssh_keyalg *pkalg = find_pubkey_alg_len(alg);
2274 ssh_key *certkey = NULL, *pk = NULL;
2275 strbuf *fail_reason = strbuf_new();
2276 bool verbose = true;
2277
2278 /*
2279 * Whether or not we send the certificate, we're likely to
2280 * generate a log message about it. But we don't want to log
2281 * once for the offer and once for the real auth attempt, so
2282 * we de-duplicate by remembering the last public key this
2283 * function saw. */
2284 if (!s->cert_pubkey_diagnosed)
2285 s->cert_pubkey_diagnosed = strbuf_new();
2286 if (ptrlen_eq_ptrlen(ptrlen_from_strbuf(s->cert_pubkey_diagnosed),
2287 pkblob)) {
2288 verbose = false;
2289 } else {
2290 /* Log this time, but arrange that we don't mention it next time */
2291 strbuf_clear(s->cert_pubkey_diagnosed);
2292 put_datapl(s->cert_pubkey_diagnosed, pkblob);
2293 }
2294
2295 /*
2296 * Check that the public key we're replacing is compatible
2297 * with the certificate, in that they should have the same
2298 * base public key.
2299 */
2300
2301 const ssh_keyalg *certalg = pubkey_blob_to_alg(detached_cert_pl);
2302 assert(certalg); /* we checked this before setting s->detached_blob */
2303 assert(certalg->is_certificate); /* and this too */
2304
2305 certkey = ssh_key_new_pub(certalg, detached_cert_pl);
2306 if (!certkey) {
2307 put_fmt(fail_reason, "certificate key file is invalid");
2308 goto no_match;
2309 }
2310
2311 certbase = strbuf_new();
2312 ssh_key_public_blob(ssh_key_base_key(certkey),
2313 BinarySink_UPCAST(certbase));
2314 if (ptrlen_eq_ptrlen(pkblob, ptrlen_from_strbuf(certbase)))
2315 goto match; /* yes, a match! */
2316
2317 /*
2318 * If we reach here, the certificate's base key was not
2319 * identical to the key we're given. But it might still be
2320 * identical to the _base_ key of the key we're given, if we
2321 * were using a differently certified version of the same key.
2322 * In that situation, the detached cert should still override.
2323 */
2324 if (!pkalg) {
2325 put_fmt(fail_reason, "unable to identify algorithm of base key");
2326 goto no_match;
2327 }
2328
2329 pk = ssh_key_new_pub(pkalg, pkblob);
2330 if (!pk) {
2331 put_fmt(fail_reason, "base public key is invalid");
2332 goto no_match;
2333 }
2334
2335 pkbase = strbuf_new();
2336 ssh_key_public_blob(ssh_key_base_key(pk), BinarySink_UPCAST(pkbase));
2337 if (ptrlen_eq_ptrlen(ptrlen_from_strbuf(pkbase),
2338 ptrlen_from_strbuf(certbase)))
2339 goto match; /* yes, a match on 2nd attempt! */
2340
2341 /* Give up; we've tried to match these keys up and failed. */
2342 put_fmt(fail_reason, "base public key does not match certificate");
2343 goto no_match;
2344
2345 match:
2346 /*
2347 * The two keys match, so insert the detached certificate into
2348 * the output packet in place of the public key we were given.
2349 *
2350 * However, we need to be a bit careful with the algorithm
2351 * name: we might need to upgrade it to one that matches the
2352 * original algorithm name. (If we were asked to add an
2353 * ssh-rsa key but were given algorithm name "rsa-sha2-512",
2354 * then instead of the certificate's algorithm name
2355 * ssh-rsa-cert-v01@... we need to write the corresponding
2356 * SHA-512 name rsa-sha2-512-cert-v01@... .)
2357 */
2358 if (verbose) {
2359 ppl_logevent("Sending public key with certificate from \"%s\"",
2360 filename_to_str(s->detached_cert_file));
2361 }
2362 put_stringz(pkt, ssh_keyalg_related_alg(certalg, pkalg)->ssh_id);
2363 put_stringpl(pkt, ptrlen_from_strbuf(s->detached_cert_blob));
2364 done = true;
2365 goto out;
2366
2367 no_match:
2368 /* Log that we didn't send the certificate, if this public key
2369 * isn't the same one as last call to this function. (Need to
2370 * avoid verbosely logging once for the offer and once for the
2371 * real auth attempt.) */
2372 if (verbose) {
2373 ppl_logevent("Not substituting certificate \"%s\" for public "
2374 "key: %s", filename_to_str(s->detached_cert_file),
2375 fail_reason->s);
2376 if (s->publickey_blob) {
2377 /* If the user provided a specific key file to use (i.e.
2378 * this wasn't just a key we picked opportunistically out
2379 * of an agent), then they probably _care_ that we didn't
2380 * send the certificate, so we should make a loud error
2381 * message about it as well as just commenting in the
2382 * Event Log. */
2383 ppl_printf("Unable to use certificate \"%s\" with public "
2384 "key \"%s\": %s\r\n",
2385 filename_to_str(s->detached_cert_file),
2386 filename_to_str(s->keyfile),
2387 fail_reason->s);
2388 }
2389 }
2390
2391 out:
2392 /* Whether we did that or not, free our stuff. */
2393 if (certbase)
2394 strbuf_free(certbase);
2395 if (pkbase)
2396 strbuf_free(pkbase);
2397 if (certkey)
2398 ssh_key_free(certkey);
2399 if (pk)
2400 ssh_key_free(pk);
2401 strbuf_free(fail_reason);
2402
2403 /* And if we did, don't fall through to the alternative below */
2404 if (done)
2405 return;
2406 }
2407
2408 /* In all other cases, just put in what we were given. */
2409 put_stringpl(pkt, alg);
2410 put_stringpl(pkt, pkblob);
2411 }
2412
2413 /*
2414 * Helper function to add an SSH-2 signature blob to a packet. Expects
2415 * to be shown the public key blob as well as the signature blob.
2416 * Normally just appends the sig blob unmodified as a string, except
2417 * that it optionally breaks it open and fiddle with it to work around
2418 * BUG_SSH2_RSA_PADDING.
2419 */
2420 static void ssh2_userauth_add_sigblob(
2421 struct ssh2_userauth_state *s, PktOut *pkt, ptrlen pkblob, ptrlen sigblob)
2422 {
2423 BinarySource pk[1], sig[1];
2424 BinarySource_BARE_INIT_PL(pk, pkblob);
2425 BinarySource_BARE_INIT_PL(sig, sigblob);
2426
2427 /* dmemdump(pkblob, pkblob_len); */
2428 /* dmemdump(sigblob, sigblob_len); */
2429
2430 /*
2431 * See if this is in fact an ssh-rsa signature and a buggy
2432 * server; otherwise we can just do this the easy way.
2433 */
2434 if ((s->ppl.remote_bugs & BUG_SSH2_RSA_PADDING) &&
2435 ptrlen_eq_string(get_string(pk), "ssh-rsa") &&
2436 ptrlen_eq_string(get_string(sig), "ssh-rsa")) {
2437 ptrlen mod_mp, sig_mp;
2438 size_t sig_prefix_len;
2439
2440 /*
2441 * Find the modulus and signature integers.
2442 */
2443 get_string(pk); /* skip over exponent */
2444 mod_mp = get_string(pk); /* remember modulus */
2445 sig_prefix_len = sig->pos;
2446 sig_mp = get_string(sig);
2447 if (get_err(pk) || get_err(sig))
2448 goto give_up;
2449
2450 /*
2451 * Find the byte length of the modulus, not counting leading
2452 * zeroes.
2453 */
2454 while (mod_mp.len > 0 && *(const char *)mod_mp.ptr == 0) {
2455 mod_mp.len--;
2456 mod_mp.ptr = (const char *)mod_mp.ptr + 1;
2457 }
2458
2459 /* debug("modulus length is %d\n", len); */
2460 /* debug("signature length is %d\n", siglen); */
2461
2462 if (mod_mp.len > sig_mp.len) {
2463 strbuf *substr = strbuf_new();
2464 put_data(substr, sigblob.ptr, sig_prefix_len);
2465 put_uint32(substr, mod_mp.len);
2466 put_padding(substr, mod_mp.len - sig_mp.len, 0);
2467 put_datapl(substr, sig_mp);
2468 put_stringsb(pkt, substr);
2469 return;
2470 }
2471
2472 /* Otherwise fall through and do it the easy way. We also come
2473 * here as a fallback if we discover above that the key blob
2474 * is misformatted in some way. */
2475 give_up:;
2476 }
2477
2478 put_stringpl(pkt, sigblob);
2479 }
2480
2481 #ifndef NO_GSSAPI
2482 static PktOut *ssh2_userauth_gss_packet(
2483 struct ssh2_userauth_state *s, const char *authtype)
2484 {
2485 strbuf *sb;
2486 PktOut *p;
2487 Ssh_gss_buf buf;
2488 Ssh_gss_buf mic;
2489
2490 /*
2491 * The mic is computed over the session id + intended
2492 * USERAUTH_REQUEST packet.
2493 */
2494 sb = strbuf_new();
2495 put_stringpl(sb, s->session_id);
2496 put_byte(sb, SSH2_MSG_USERAUTH_REQUEST);
2497 put_stringz(sb, s->username);
2498 put_stringz(sb, s->successor_layer->vt->name);
2499 put_stringz(sb, authtype);
2500
2501 /* Compute the mic */
2502 buf.value = sb->s;
2503 buf.length = sb->len;
2504 s->shgss->lib->get_mic(s->shgss->lib, s->shgss->ctx, &buf, &mic);
2505 strbuf_free(sb);
2506
2507 /* Now we can build the real packet */
2508 if (strcmp(authtype, "gssapi-with-mic") == 0) {
2509 p = ssh_bpp_new_pktout(s->ppl.bpp, SSH2_MSG_USERAUTH_GSSAPI_MIC);
2510 } else {
2511 p = ssh_bpp_new_pktout(s->ppl.bpp, SSH2_MSG_USERAUTH_REQUEST);
2512 put_stringz(p, s->username);
2513 put_stringz(p, s->successor_layer->vt->name);
2514 put_stringz(p, authtype);
2515 }
2516 put_string(p, mic.value, mic.length);
2517
2518 return p;
2519 }
2520 #endif
2521
2522 static bool ssh2_userauth_get_specials(
2523 PacketProtocolLayer *ppl, add_special_fn_t add_special, void *ctx)
2524 {
2525 /* No specials provided by this layer. */
2526 return false;
2527 }
2528
2529 static void ssh2_userauth_special_cmd(PacketProtocolLayer *ppl,
2530 SessionSpecialCode code, int arg)
2531 {
2532 /* No specials provided by this layer. */
2533 }
2534
2535 static void ssh2_userauth_reconfigure(PacketProtocolLayer *ppl, Conf *conf)
2536 {
2537 struct ssh2_userauth_state *s =
2538 container_of(ppl, struct ssh2_userauth_state, ppl);
2539 ssh_ppl_reconfigure(s->successor_layer, conf);
2540 }
Windows Explorer Extension to Operate Git