2 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution.
13 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
14 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
15 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
16 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
17 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
18 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
19 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
20 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
21 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26 RCSID("$OpenBSD: sshconnect2.c,v 1.135 2004/03/05 10:53:58 markus Exp $");
28 #include "openbsd-compat/sys-queue.h"
39 #include "myproposal.h"
40 #include "sshconnect.h"
51 #include "pathnames.h"
58 extern char *client_version_string
;
59 extern char *server_version_string
;
60 extern Options options
;
66 u_char
*session_id2
= NULL
;
67 u_int session_id2_len
= 0;
70 struct sockaddr
*xxx_hostaddr
;
75 verify_host_key_callback(Key
*hostkey
)
77 if (verify_host_key(xxx_host
, xxx_hostaddr
, hostkey
) == -1)
78 fatal("Host key verification failed.");
83 ssh_kex2(char *host
, struct sockaddr
*hostaddr
)
88 xxx_hostaddr
= hostaddr
;
90 if (options
.ciphers
== (char *)-1) {
91 logit("No valid ciphers for protocol version 2 given, using defaults.");
92 options
.ciphers
= NULL
;
94 if (options
.ciphers
!= NULL
) {
95 myproposal
[PROPOSAL_ENC_ALGS_CTOS
] =
96 myproposal
[PROPOSAL_ENC_ALGS_STOC
] = options
.ciphers
;
98 myproposal
[PROPOSAL_ENC_ALGS_CTOS
] =
99 compat_cipher_proposal(myproposal
[PROPOSAL_ENC_ALGS_CTOS
]);
100 myproposal
[PROPOSAL_ENC_ALGS_STOC
] =
101 compat_cipher_proposal(myproposal
[PROPOSAL_ENC_ALGS_STOC
]);
102 if (options
.compression
) {
103 myproposal
[PROPOSAL_COMP_ALGS_CTOS
] =
104 myproposal
[PROPOSAL_COMP_ALGS_STOC
] = "zlib,none";
106 myproposal
[PROPOSAL_COMP_ALGS_CTOS
] =
107 myproposal
[PROPOSAL_COMP_ALGS_STOC
] = "none,zlib";
109 if (options
.macs
!= NULL
) {
110 myproposal
[PROPOSAL_MAC_ALGS_CTOS
] =
111 myproposal
[PROPOSAL_MAC_ALGS_STOC
] = options
.macs
;
113 if (options
.hostkeyalgorithms
!= NULL
)
114 myproposal
[PROPOSAL_SERVER_HOST_KEY_ALGS
] =
115 options
.hostkeyalgorithms
;
117 if (options
.rekey_limit
)
118 packet_set_rekey_limit(options
.rekey_limit
);
120 /* start key exchange */
121 kex
= kex_setup(myproposal
);
122 kex
->kex
[KEX_DH_GRP1_SHA1
] = kexdh_client
;
123 kex
->kex
[KEX_DH_GEX_SHA1
] = kexgex_client
;
124 kex
->client_version_string
=client_version_string
;
125 kex
->server_version_string
=server_version_string
;
126 kex
->verify_host_key
=&verify_host_key_callback
;
130 dispatch_run(DISPATCH_BLOCK
, &kex
->done
, kex
);
132 session_id2
= kex
->session_id
;
133 session_id2_len
= kex
->session_id_len
;
136 /* send 1st encrypted/maced/compressed message */
137 packet_start(SSH2_MSG_IGNORE
);
138 packet_put_cstring("markus");
148 typedef struct Authctxt Authctxt
;
149 typedef struct Authmethod Authmethod
;
150 typedef struct identity Identity
;
151 typedef struct idlist Idlist
;
154 TAILQ_ENTRY(identity
) next
;
155 AuthenticationConnection
*ac
; /* set if agent supports key */
156 Key
*key
; /* public/private key */
157 char *filename
; /* comment for agent-only keys */
159 int isprivate
; /* key points to the private key */
161 TAILQ_HEAD(idlist
, identity
);
164 const char *server_user
;
165 const char *local_user
;
173 AuthenticationConnection
*agent
;
175 Sensitive
*sensitive
;
176 /* kbd-interactive */
182 char *name
; /* string to compare against server's list */
183 int (*userauth
)(Authctxt
*authctxt
);
184 int *enabled
; /* flag in option struct that enables method */
185 int *batch_flag
; /* flag in option struct that disables method */
188 void input_userauth_success(int, u_int32_t
, void *);
189 void input_userauth_failure(int, u_int32_t
, void *);
190 void input_userauth_banner(int, u_int32_t
, void *);
191 void input_userauth_error(int, u_int32_t
, void *);
192 void input_userauth_info_req(int, u_int32_t
, void *);
193 void input_userauth_pk_ok(int, u_int32_t
, void *);
194 void input_userauth_passwd_changereq(int, u_int32_t
, void *);
196 int userauth_none(Authctxt
*);
197 int userauth_pubkey(Authctxt
*);
198 int userauth_passwd(Authctxt
*);
199 int userauth_kbdint(Authctxt
*);
200 int userauth_hostbased(Authctxt
*);
201 int userauth_kerberos(Authctxt
*);
204 int userauth_gssapi(Authctxt
*authctxt
);
205 void input_gssapi_response(int type
, u_int32_t
, void *);
206 void input_gssapi_token(int type
, u_int32_t
, void *);
207 void input_gssapi_hash(int type
, u_int32_t
, void *);
208 void input_gssapi_error(int, u_int32_t
, void *);
209 void input_gssapi_errtok(int, u_int32_t
, void *);
212 void userauth(Authctxt
*, char *);
214 static int sign_and_send_pubkey(Authctxt
*, Identity
*);
215 static void pubkey_prepare(Authctxt
*);
216 static void pubkey_cleanup(Authctxt
*);
217 static Key
*load_identity_file(char *);
219 static Authmethod
*authmethod_get(char *authlist
);
220 static Authmethod
*authmethod_lookup(const char *name
);
221 static char *authmethods_get(void);
223 Authmethod authmethods
[] = {
227 &options
.gss_authentication
,
232 &options
.hostbased_authentication
,
236 &options
.pubkey_authentication
,
238 {"keyboard-interactive",
240 &options
.kbd_interactive_authentication
,
241 &options
.batch_mode
},
244 &options
.password_authentication
,
245 &options
.batch_mode
},
250 {NULL
, NULL
, NULL
, NULL
}
254 ssh_userauth2(const char *local_user
, const char *server_user
, char *host
,
255 Sensitive
*sensitive
)
260 if (options
.challenge_response_authentication
)
261 options
.kbd_interactive_authentication
= 1;
263 packet_start(SSH2_MSG_SERVICE_REQUEST
);
264 packet_put_cstring("ssh-userauth");
266 debug("SSH2_MSG_SERVICE_REQUEST sent");
268 type
= packet_read();
269 if (type
!= SSH2_MSG_SERVICE_ACCEPT
)
270 fatal("Server denied authentication request: %d", type
);
271 if (packet_remaining() > 0) {
272 char *reply
= packet_get_string(NULL
);
273 debug2("service_accept: %s", reply
);
276 debug2("buggy server: service_accept w/o service");
279 debug("SSH2_MSG_SERVICE_ACCEPT received");
281 if (options
.preferred_authentications
== NULL
)
282 options
.preferred_authentications
= authmethods_get();
284 /* setup authentication context */
285 memset(&authctxt
, 0, sizeof(authctxt
));
286 pubkey_prepare(&authctxt
);
287 authctxt
.server_user
= server_user
;
288 authctxt
.local_user
= local_user
;
289 authctxt
.host
= host
;
290 authctxt
.service
= "ssh-connection"; /* service name */
291 authctxt
.success
= 0;
292 authctxt
.method
= authmethod_lookup("none");
293 authctxt
.authlist
= NULL
;
294 authctxt
.methoddata
= NULL
;
295 authctxt
.sensitive
= sensitive
;
296 authctxt
.info_req_seen
= 0;
297 if (authctxt
.method
== NULL
)
298 fatal("ssh_userauth2: internal error: cannot send userauth none request");
300 /* initial userauth request */
301 userauth_none(&authctxt
);
303 dispatch_init(&input_userauth_error
);
304 dispatch_set(SSH2_MSG_USERAUTH_SUCCESS
, &input_userauth_success
);
305 dispatch_set(SSH2_MSG_USERAUTH_FAILURE
, &input_userauth_failure
);
306 dispatch_set(SSH2_MSG_USERAUTH_BANNER
, &input_userauth_banner
);
307 dispatch_run(DISPATCH_BLOCK
, &authctxt
.success
, &authctxt
); /* loop until success */
309 pubkey_cleanup(&authctxt
);
310 dispatch_range(SSH2_MSG_USERAUTH_MIN
, SSH2_MSG_USERAUTH_MAX
, NULL
);
312 debug("Authentication succeeded (%s).", authctxt
.method
->name
);
316 userauth(Authctxt
*authctxt
, char *authlist
)
318 if (authctxt
->methoddata
) {
319 xfree(authctxt
->methoddata
);
320 authctxt
->methoddata
= NULL
;
322 if (authlist
== NULL
) {
323 authlist
= authctxt
->authlist
;
325 if (authctxt
->authlist
)
326 xfree(authctxt
->authlist
);
327 authctxt
->authlist
= authlist
;
330 Authmethod
*method
= authmethod_get(authlist
);
332 fatal("Permission denied (%s).", authlist
);
333 authctxt
->method
= method
;
335 /* reset the per method handler */
336 dispatch_range(SSH2_MSG_USERAUTH_PER_METHOD_MIN
,
337 SSH2_MSG_USERAUTH_PER_METHOD_MAX
, NULL
);
339 /* and try new method */
340 if (method
->userauth(authctxt
) != 0) {
341 debug2("we sent a %s packet, wait for reply", method
->name
);
344 debug2("we did not send a packet, disable method");
345 method
->enabled
= NULL
;
351 input_userauth_error(int type
, u_int32_t seq
, void *ctxt
)
353 fatal("input_userauth_error: bad message during authentication: "
358 input_userauth_banner(int type
, u_int32_t seq
, void *ctxt
)
362 debug3("input_userauth_banner");
363 msg
= packet_get_string(NULL
);
364 lang
= packet_get_string(NULL
);
365 if (options
.log_level
> SYSLOG_LEVEL_QUIET
)
366 fprintf(stderr
, "%s", msg
);
372 input_userauth_success(int type
, u_int32_t seq
, void *ctxt
)
374 Authctxt
*authctxt
= ctxt
;
375 if (authctxt
== NULL
)
376 fatal("input_userauth_success: no authentication context");
377 if (authctxt
->authlist
) {
378 xfree(authctxt
->authlist
);
379 authctxt
->authlist
= NULL
;
381 if (authctxt
->methoddata
) {
382 xfree(authctxt
->methoddata
);
383 authctxt
->methoddata
= NULL
;
385 authctxt
->success
= 1; /* break out */
389 input_userauth_failure(int type
, u_int32_t seq
, void *ctxt
)
391 Authctxt
*authctxt
= ctxt
;
392 char *authlist
= NULL
;
395 if (authctxt
== NULL
)
396 fatal("input_userauth_failure: no authentication context");
398 authlist
= packet_get_string(NULL
);
399 partial
= packet_get_char();
403 logit("Authenticated with partial success.");
404 debug("Authentications that can continue: %s", authlist
);
406 userauth(authctxt
, authlist
);
409 input_userauth_pk_ok(int type
, u_int32_t seq
, void *ctxt
)
411 Authctxt
*authctxt
= ctxt
;
415 int pktype
, sent
= 0;
420 if (authctxt
== NULL
)
421 fatal("input_userauth_pk_ok: no authentication context");
422 if (datafellows
& SSH_BUG_PKOK
) {
423 /* this is similar to SSH_BUG_PKAUTH */
424 debug2("input_userauth_pk_ok: SSH_BUG_PKOK");
425 pkblob
= packet_get_string(&blen
);
427 buffer_append(&b
, pkblob
, blen
);
428 pkalg
= buffer_get_string(&b
, &alen
);
431 pkalg
= packet_get_string(&alen
);
432 pkblob
= packet_get_string(&blen
);
436 debug("Server accepts key: pkalg %s blen %u", pkalg
, blen
);
438 if ((pktype
= key_type_from_name(pkalg
)) == KEY_UNSPEC
) {
439 debug("unknown pkalg %s", pkalg
);
442 if ((key
= key_from_blob(pkblob
, blen
)) == NULL
) {
443 debug("no key from blob. pkalg %s", pkalg
);
446 if (key
->type
!= pktype
) {
447 error("input_userauth_pk_ok: type mismatch "
448 "for decoded key (received %d, expected %d)",
452 fp
= key_fingerprint(key
, SSH_FP_MD5
, SSH_FP_HEX
);
453 debug2("input_userauth_pk_ok: fp %s", fp
);
457 * search keys in the reverse order, because last candidate has been
458 * moved to the end of the queue. this also avoids confusion by
461 TAILQ_FOREACH_REVERSE(id
, &authctxt
->keys
, next
, idlist
) {
462 if (key_equal(key
, id
->key
)) {
463 sent
= sign_and_send_pubkey(authctxt
, id
);
473 /* try another method if we did not send a packet */
475 userauth(authctxt
, NULL
);
480 userauth_gssapi(Authctxt
*authctxt
)
482 Gssctxt
*gssctxt
= NULL
;
483 static gss_OID_set gss_supported
= NULL
;
488 /* Try one GSSAPI method at a time, rather than sending them all at
491 if (gss_supported
== NULL
)
492 gss_indicate_mechs(&min
, &gss_supported
);
494 /* Check to see if the mechanism is usable before we offer it */
495 while (mech
< gss_supported
->count
&& !ok
) {
497 ssh_gssapi_delete_ctx(&gssctxt
);
498 ssh_gssapi_build_ctx(&gssctxt
);
499 ssh_gssapi_set_oid(gssctxt
, &gss_supported
->elements
[mech
]);
501 /* My DER encoding requires length<128 */
502 if (gss_supported
->elements
[mech
].length
< 128 &&
503 !GSS_ERROR(ssh_gssapi_import_name(gssctxt
,
505 ok
= 1; /* Mechanism works */
513 authctxt
->methoddata
=(void *)gssctxt
;
515 packet_start(SSH2_MSG_USERAUTH_REQUEST
);
516 packet_put_cstring(authctxt
->server_user
);
517 packet_put_cstring(authctxt
->service
);
518 packet_put_cstring(authctxt
->method
->name
);
522 packet_put_int((gss_supported
->elements
[mech
].length
) + 2);
523 packet_put_char(SSH_GSS_OIDTYPE
);
524 packet_put_char(gss_supported
->elements
[mech
].length
);
525 packet_put_raw(gss_supported
->elements
[mech
].elements
,
526 gss_supported
->elements
[mech
].length
);
530 dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_RESPONSE
, &input_gssapi_response
);
531 dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN
, &input_gssapi_token
);
532 dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERROR
, &input_gssapi_error
);
533 dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK
, &input_gssapi_errtok
);
535 mech
++; /* Move along to next candidate */
541 process_gssapi_token(void *ctxt
, gss_buffer_t recv_tok
)
543 Authctxt
*authctxt
= ctxt
;
544 Gssctxt
*gssctxt
= authctxt
->methoddata
;
545 gss_buffer_desc send_tok
= GSS_C_EMPTY_BUFFER
;
546 gss_buffer_desc gssbuf
, mic
;
547 OM_uint32 status
, ms
, flags
;
550 status
= ssh_gssapi_init_ctx(gssctxt
, options
.gss_deleg_creds
,
551 recv_tok
, &send_tok
, &flags
);
553 if (send_tok
.length
> 0) {
554 if (GSS_ERROR(status
))
555 packet_start(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK
);
557 packet_start(SSH2_MSG_USERAUTH_GSSAPI_TOKEN
);
559 packet_put_string(send_tok
.value
, send_tok
.length
);
561 gss_release_buffer(&ms
, &send_tok
);
564 if (status
== GSS_S_COMPLETE
) {
565 /* send either complete or MIC, depending on mechanism */
566 if (!(flags
& GSS_C_INTEG_FLAG
)) {
567 packet_start(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE
);
570 ssh_gssapi_buildmic(&b
, authctxt
->server_user
,
571 authctxt
->service
, "gssapi-with-mic");
573 gssbuf
.value
= buffer_ptr(&b
);
574 gssbuf
.length
= buffer_len(&b
);
576 status
= ssh_gssapi_sign(gssctxt
, &gssbuf
, &mic
);
578 if (!GSS_ERROR(status
)) {
579 packet_start(SSH2_MSG_USERAUTH_GSSAPI_MIC
);
580 packet_put_string(mic
.value
, mic
.length
);
586 gss_release_buffer(&ms
, &mic
);
594 input_gssapi_response(int type
, u_int32_t plen
, void *ctxt
)
596 Authctxt
*authctxt
= ctxt
;
601 if (authctxt
== NULL
)
602 fatal("input_gssapi_response: no authentication context");
603 gssctxt
= authctxt
->methoddata
;
606 oidv
= packet_get_string(&oidlen
);
609 oidv
[0] != SSH_GSS_OIDTYPE
||
610 oidv
[1] != oidlen
- 2) {
612 debug("Badly encoded mechanism OID received");
613 userauth(authctxt
, NULL
);
617 if (!ssh_gssapi_check_oid(gssctxt
, oidv
+ 2, oidlen
- 2))
618 fatal("Server returned different OID than expected");
624 if (GSS_ERROR(process_gssapi_token(ctxt
, GSS_C_NO_BUFFER
))) {
625 /* Start again with next method on list */
626 debug("Trying to start again");
627 userauth(authctxt
, NULL
);
633 input_gssapi_token(int type
, u_int32_t plen
, void *ctxt
)
635 Authctxt
*authctxt
= ctxt
;
636 gss_buffer_desc recv_tok
;
640 if (authctxt
== NULL
)
641 fatal("input_gssapi_response: no authentication context");
643 recv_tok
.value
= packet_get_string(&slen
);
644 recv_tok
.length
= slen
; /* safe typecast */
648 status
= process_gssapi_token(ctxt
, &recv_tok
);
650 xfree(recv_tok
.value
);
652 if (GSS_ERROR(status
)) {
653 /* Start again with the next method in the list */
654 userauth(authctxt
, NULL
);
660 input_gssapi_errtok(int type
, u_int32_t plen
, void *ctxt
)
662 Authctxt
*authctxt
= ctxt
;
664 gss_buffer_desc send_tok
= GSS_C_EMPTY_BUFFER
;
665 gss_buffer_desc recv_tok
;
666 OM_uint32 status
, ms
;
669 if (authctxt
== NULL
)
670 fatal("input_gssapi_response: no authentication context");
671 gssctxt
= authctxt
->methoddata
;
673 recv_tok
.value
= packet_get_string(&len
);
674 recv_tok
.length
= len
;
678 /* Stick it into GSSAPI and see what it says */
679 status
= ssh_gssapi_init_ctx(gssctxt
, options
.gss_deleg_creds
,
680 &recv_tok
, &send_tok
, NULL
);
682 xfree(recv_tok
.value
);
683 gss_release_buffer(&ms
, &send_tok
);
685 /* Server will be returning a failed packet after this one */
689 input_gssapi_error(int type
, u_int32_t plen
, void *ctxt
)
695 maj
=packet_get_int();
696 min
=packet_get_int();
697 msg
=packet_get_string(NULL
);
698 lang
=packet_get_string(NULL
);
702 debug("Server GSSAPI Error:\n%s\n", msg
);
709 userauth_none(Authctxt
*authctxt
)
711 /* initial userauth request */
712 packet_start(SSH2_MSG_USERAUTH_REQUEST
);
713 packet_put_cstring(authctxt
->server_user
);
714 packet_put_cstring(authctxt
->service
);
715 packet_put_cstring(authctxt
->method
->name
);
721 userauth_passwd(Authctxt
*authctxt
)
723 static int attempt
= 0;
727 if (attempt
++ >= options
.number_of_password_prompts
)
731 error("Permission denied, please try again.");
733 snprintf(prompt
, sizeof(prompt
), "%.30s@%.128s's password: ",
734 authctxt
->server_user
, authctxt
->host
);
735 password
= read_passphrase(prompt
, 0);
736 packet_start(SSH2_MSG_USERAUTH_REQUEST
);
737 packet_put_cstring(authctxt
->server_user
);
738 packet_put_cstring(authctxt
->service
);
739 packet_put_cstring(authctxt
->method
->name
);
741 packet_put_cstring(password
);
742 memset(password
, 0, strlen(password
));
744 packet_add_padding(64);
747 dispatch_set(SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ
,
748 &input_userauth_passwd_changereq
);
753 * parse PASSWD_CHANGEREQ, prompt user and send SSH2_MSG_USERAUTH_REQUEST
756 input_userauth_passwd_changereq(int type
, u_int32_t seqnr
, void *ctxt
)
758 Authctxt
*authctxt
= ctxt
;
759 char *info
, *lang
, *password
= NULL
, *retype
= NULL
;
762 debug2("input_userauth_passwd_changereq");
764 if (authctxt
== NULL
)
765 fatal("input_userauth_passwd_changereq: "
766 "no authentication context");
768 info
= packet_get_string(NULL
);
769 lang
= packet_get_string(NULL
);
770 if (strlen(info
) > 0)
774 packet_start(SSH2_MSG_USERAUTH_REQUEST
);
775 packet_put_cstring(authctxt
->server_user
);
776 packet_put_cstring(authctxt
->service
);
777 packet_put_cstring(authctxt
->method
->name
);
778 packet_put_char(1); /* additional info */
779 snprintf(prompt
, sizeof(prompt
),
780 "Enter %.30s@%.128s's old password: ",
781 authctxt
->server_user
, authctxt
->host
);
782 password
= read_passphrase(prompt
, 0);
783 packet_put_cstring(password
);
784 memset(password
, 0, strlen(password
));
787 while (password
== NULL
) {
788 snprintf(prompt
, sizeof(prompt
),
789 "Enter %.30s@%.128s's new password: ",
790 authctxt
->server_user
, authctxt
->host
);
791 password
= read_passphrase(prompt
, RP_ALLOW_EOF
);
792 if (password
== NULL
) {
796 snprintf(prompt
, sizeof(prompt
),
797 "Retype %.30s@%.128s's new password: ",
798 authctxt
->server_user
, authctxt
->host
);
799 retype
= read_passphrase(prompt
, 0);
800 if (strcmp(password
, retype
) != 0) {
801 memset(password
, 0, strlen(password
));
803 logit("Mismatch; try again, EOF to quit.");
806 memset(retype
, 0, strlen(retype
));
809 packet_put_cstring(password
);
810 memset(password
, 0, strlen(password
));
812 packet_add_padding(64);
815 dispatch_set(SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ
,
816 &input_userauth_passwd_changereq
);
820 identity_sign(Identity
*id
, u_char
**sigp
, u_int
*lenp
,
821 u_char
*data
, u_int datalen
)
826 /* the agent supports this key */
828 return (ssh_agent_sign(id
->ac
, id
->key
, sigp
, lenp
,
831 * we have already loaded the private key or
832 * the private key is stored in external hardware
834 if (id
->isprivate
|| (id
->key
->flags
& KEY_FLAG_EXT
))
835 return (key_sign(id
->key
, sigp
, lenp
, data
, datalen
));
836 /* load the private key from the file */
837 if ((prv
= load_identity_file(id
->filename
)) == NULL
)
839 ret
= key_sign(prv
, sigp
, lenp
, data
, datalen
);
845 sign_and_send_pubkey(Authctxt
*authctxt
, Identity
*id
)
848 u_char
*blob
, *signature
;
854 debug3("sign_and_send_pubkey");
856 if (key_to_blob(id
->key
, &blob
, &bloblen
) == 0) {
857 /* we cannot handle this key */
858 debug3("sign_and_send_pubkey: cannot handle key");
861 /* data to be signed */
863 if (datafellows
& SSH_OLD_SESSIONID
) {
864 buffer_append(&b
, session_id2
, session_id2_len
);
865 skip
= session_id2_len
;
867 buffer_put_string(&b
, session_id2
, session_id2_len
);
868 skip
= buffer_len(&b
);
870 buffer_put_char(&b
, SSH2_MSG_USERAUTH_REQUEST
);
871 buffer_put_cstring(&b
, authctxt
->server_user
);
872 buffer_put_cstring(&b
,
873 datafellows
& SSH_BUG_PKSERVICE
?
876 if (datafellows
& SSH_BUG_PKAUTH
) {
877 buffer_put_char(&b
, have_sig
);
879 buffer_put_cstring(&b
, authctxt
->method
->name
);
880 buffer_put_char(&b
, have_sig
);
881 buffer_put_cstring(&b
, key_ssh_name(id
->key
));
883 buffer_put_string(&b
, blob
, bloblen
);
885 /* generate signature */
886 ret
= identity_sign(id
, &signature
, &slen
,
887 buffer_ptr(&b
), buffer_len(&b
));
896 if (datafellows
& SSH_BUG_PKSERVICE
) {
898 buffer_append(&b
, session_id2
, session_id2_len
);
899 skip
= session_id2_len
;
900 buffer_put_char(&b
, SSH2_MSG_USERAUTH_REQUEST
);
901 buffer_put_cstring(&b
, authctxt
->server_user
);
902 buffer_put_cstring(&b
, authctxt
->service
);
903 buffer_put_cstring(&b
, authctxt
->method
->name
);
904 buffer_put_char(&b
, have_sig
);
905 if (!(datafellows
& SSH_BUG_PKAUTH
))
906 buffer_put_cstring(&b
, key_ssh_name(id
->key
));
907 buffer_put_string(&b
, blob
, bloblen
);
911 /* append signature */
912 buffer_put_string(&b
, signature
, slen
);
915 /* skip session id and packet type */
916 if (buffer_len(&b
) < skip
+ 1)
917 fatal("userauth_pubkey: internal error");
918 buffer_consume(&b
, skip
+ 1);
920 /* put remaining data from buffer into packet */
921 packet_start(SSH2_MSG_USERAUTH_REQUEST
);
922 packet_put_raw(buffer_ptr(&b
), buffer_len(&b
));
930 send_pubkey_test(Authctxt
*authctxt
, Identity
*id
)
933 u_int bloblen
, have_sig
= 0;
935 debug3("send_pubkey_test");
937 if (key_to_blob(id
->key
, &blob
, &bloblen
) == 0) {
938 /* we cannot handle this key */
939 debug3("send_pubkey_test: cannot handle key");
942 /* register callback for USERAUTH_PK_OK message */
943 dispatch_set(SSH2_MSG_USERAUTH_PK_OK
, &input_userauth_pk_ok
);
945 packet_start(SSH2_MSG_USERAUTH_REQUEST
);
946 packet_put_cstring(authctxt
->server_user
);
947 packet_put_cstring(authctxt
->service
);
948 packet_put_cstring(authctxt
->method
->name
);
949 packet_put_char(have_sig
);
950 if (!(datafellows
& SSH_BUG_PKAUTH
))
951 packet_put_cstring(key_ssh_name(id
->key
));
952 packet_put_string(blob
, bloblen
);
959 load_identity_file(char *filename
)
962 char prompt
[300], *passphrase
;
966 if (stat(filename
, &st
) < 0) {
967 debug3("no such identity: %s", filename
);
970 private = key_load_private_type(KEY_UNSPEC
, filename
, "", NULL
);
971 if (private == NULL
) {
972 if (options
.batch_mode
)
974 snprintf(prompt
, sizeof prompt
,
975 "Enter passphrase for key '%.100s': ", filename
);
976 for (i
= 0; i
< options
.number_of_password_prompts
; i
++) {
977 passphrase
= read_passphrase(prompt
, 0);
978 if (strcmp(passphrase
, "") != 0) {
979 private = key_load_private_type(KEY_UNSPEC
, filename
,
983 debug2("no passphrase given, try next key");
986 memset(passphrase
, 0, strlen(passphrase
));
988 if (private != NULL
|| quit
)
990 debug2("bad passphrase given, try again...");
997 * try keys in the following order:
998 * 1. agent keys that are found in the config file
999 * 2. other agent keys
1000 * 3. keys that are only listed in the config file
1003 pubkey_prepare(Authctxt
*authctxt
)
1006 Idlist agent
, files
, *preferred
;
1008 AuthenticationConnection
*ac
;
1012 TAILQ_INIT(&agent
); /* keys from the agent */
1013 TAILQ_INIT(&files
); /* keys from the config file */
1014 preferred
= &authctxt
->keys
;
1015 TAILQ_INIT(preferred
); /* preferred order of keys */
1017 /* list of keys stored in the filesystem */
1018 for (i
= 0; i
< options
.num_identity_files
; i
++) {
1019 key
= options
.identity_keys
[i
];
1020 if (key
&& key
->type
== KEY_RSA1
)
1022 options
.identity_keys
[i
] = NULL
;
1023 id
= xmalloc(sizeof(*id
));
1024 memset(id
, 0, sizeof(*id
));
1026 id
->filename
= xstrdup(options
.identity_files
[i
]);
1027 TAILQ_INSERT_TAIL(&files
, id
, next
);
1029 /* list of keys supported by the agent */
1030 if ((ac
= ssh_get_authentication_connection())) {
1031 for (key
= ssh_get_first_identity(ac
, &comment
, 2);
1033 key
= ssh_get_next_identity(ac
, &comment
, 2)) {
1035 TAILQ_FOREACH(id
, &files
, next
) {
1036 /* agent keys from the config file are preferred */
1037 if (key_equal(key
, id
->key
)) {
1040 TAILQ_REMOVE(&files
, id
, next
);
1041 TAILQ_INSERT_TAIL(preferred
, id
, next
);
1047 if (!found
&& !options
.identities_only
) {
1048 id
= xmalloc(sizeof(*id
));
1049 memset(id
, 0, sizeof(*id
));
1051 id
->filename
= comment
;
1053 TAILQ_INSERT_TAIL(&agent
, id
, next
);
1056 /* append remaining agent keys */
1057 for (id
= TAILQ_FIRST(&agent
); id
; id
= TAILQ_FIRST(&agent
)) {
1058 TAILQ_REMOVE(&agent
, id
, next
);
1059 TAILQ_INSERT_TAIL(preferred
, id
, next
);
1061 authctxt
->agent
= ac
;
1063 /* append remaining keys from the config file */
1064 for (id
= TAILQ_FIRST(&files
); id
; id
= TAILQ_FIRST(&files
)) {
1065 TAILQ_REMOVE(&files
, id
, next
);
1066 TAILQ_INSERT_TAIL(preferred
, id
, next
);
1068 TAILQ_FOREACH(id
, preferred
, next
) {
1069 debug2("key: %s (%p)", id
->filename
, id
->key
);
1074 pubkey_cleanup(Authctxt
*authctxt
)
1078 if (authctxt
->agent
!= NULL
)
1079 ssh_close_authentication_connection(authctxt
->agent
);
1080 for (id
= TAILQ_FIRST(&authctxt
->keys
); id
;
1081 id
= TAILQ_FIRST(&authctxt
->keys
)) {
1082 TAILQ_REMOVE(&authctxt
->keys
, id
, next
);
1086 xfree(id
->filename
);
1092 userauth_pubkey(Authctxt
*authctxt
)
1097 while ((id
= TAILQ_FIRST(&authctxt
->keys
))) {
1100 /* move key to the end of the queue */
1101 TAILQ_REMOVE(&authctxt
->keys
, id
, next
);
1102 TAILQ_INSERT_TAIL(&authctxt
->keys
, id
, next
);
1104 * send a test message if we have the public key. for
1105 * encrypted keys we cannot do this and have to load the
1106 * private key instead
1108 if (id
->key
&& id
->key
->type
!= KEY_RSA1
) {
1109 debug("Offering public key: %s", id
->filename
);
1110 sent
= send_pubkey_test(authctxt
, id
);
1111 } else if (id
->key
== NULL
) {
1112 debug("Trying private key: %s", id
->filename
);
1113 id
->key
= load_identity_file(id
->filename
);
1114 if (id
->key
!= NULL
) {
1116 sent
= sign_and_send_pubkey(authctxt
, id
);
1128 * Send userauth request message specifying keyboard-interactive method.
1131 userauth_kbdint(Authctxt
*authctxt
)
1133 static int attempt
= 0;
1135 if (attempt
++ >= options
.number_of_password_prompts
)
1137 /* disable if no SSH2_MSG_USERAUTH_INFO_REQUEST has been seen */
1138 if (attempt
> 1 && !authctxt
->info_req_seen
) {
1139 debug3("userauth_kbdint: disable: no info_req_seen");
1140 dispatch_set(SSH2_MSG_USERAUTH_INFO_REQUEST
, NULL
);
1144 debug2("userauth_kbdint");
1145 packet_start(SSH2_MSG_USERAUTH_REQUEST
);
1146 packet_put_cstring(authctxt
->server_user
);
1147 packet_put_cstring(authctxt
->service
);
1148 packet_put_cstring(authctxt
->method
->name
);
1149 packet_put_cstring(""); /* lang */
1150 packet_put_cstring(options
.kbd_interactive_devices
?
1151 options
.kbd_interactive_devices
: "");
1154 dispatch_set(SSH2_MSG_USERAUTH_INFO_REQUEST
, &input_userauth_info_req
);
1159 * parse INFO_REQUEST, prompt user and send INFO_RESPONSE
1162 input_userauth_info_req(int type
, u_int32_t seq
, void *ctxt
)
1164 Authctxt
*authctxt
= ctxt
;
1165 char *name
, *inst
, *lang
, *prompt
, *response
;
1166 u_int num_prompts
, i
;
1169 debug2("input_userauth_info_req");
1171 if (authctxt
== NULL
)
1172 fatal("input_userauth_info_req: no authentication context");
1174 authctxt
->info_req_seen
= 1;
1176 name
= packet_get_string(NULL
);
1177 inst
= packet_get_string(NULL
);
1178 lang
= packet_get_string(NULL
);
1179 if (strlen(name
) > 0)
1181 if (strlen(inst
) > 0)
1187 num_prompts
= packet_get_int();
1189 * Begin to build info response packet based on prompts requested.
1190 * We commit to providing the correct number of responses, so if
1191 * further on we run into a problem that prevents this, we have to
1192 * be sure and clean this up and send a correct error response.
1194 packet_start(SSH2_MSG_USERAUTH_INFO_RESPONSE
);
1195 packet_put_int(num_prompts
);
1197 debug2("input_userauth_info_req: num_prompts %d", num_prompts
);
1198 for (i
= 0; i
< num_prompts
; i
++) {
1199 prompt
= packet_get_string(NULL
);
1200 echo
= packet_get_char();
1202 response
= read_passphrase(prompt
, echo
? RP_ECHO
: 0);
1204 packet_put_cstring(response
);
1205 memset(response
, 0, strlen(response
));
1209 packet_check_eom(); /* done with parsing incoming message. */
1211 packet_add_padding(64);
1216 ssh_keysign(Key
*key
, u_char
**sigp
, u_int
*lenp
,
1217 u_char
*data
, u_int datalen
)
1222 int to
[2], from
[2], status
, version
= 2;
1224 debug2("ssh_keysign called");
1226 if (stat(_PATH_SSH_KEY_SIGN
, &st
) < 0) {
1227 error("ssh_keysign: no installed: %s", strerror(errno
));
1230 if (fflush(stdout
) != 0)
1231 error("ssh_keysign: fflush: %s", strerror(errno
));
1233 error("ssh_keysign: pipe: %s", strerror(errno
));
1236 if (pipe(from
) < 0) {
1237 error("ssh_keysign: pipe: %s", strerror(errno
));
1240 if ((pid
= fork()) < 0) {
1241 error("ssh_keysign: fork: %s", strerror(errno
));
1248 if (dup2(from
[1], STDOUT_FILENO
) < 0)
1249 fatal("ssh_keysign: dup2: %s", strerror(errno
));
1251 if (dup2(to
[0], STDIN_FILENO
) < 0)
1252 fatal("ssh_keysign: dup2: %s", strerror(errno
));
1255 execl(_PATH_SSH_KEY_SIGN
, _PATH_SSH_KEY_SIGN
, (char *) 0);
1256 fatal("ssh_keysign: exec(%s): %s", _PATH_SSH_KEY_SIGN
,
1263 buffer_put_int(&b
, packet_get_connection_in()); /* send # of socket */
1264 buffer_put_string(&b
, data
, datalen
);
1265 if (ssh_msg_send(to
[1], version
, &b
) == -1)
1266 fatal("ssh_keysign: couldn't send request");
1268 if (ssh_msg_recv(from
[0], &b
) < 0) {
1269 error("ssh_keysign: no reply");
1276 while (waitpid(pid
, &status
, 0) < 0)
1280 if (buffer_get_char(&b
) != version
) {
1281 error("ssh_keysign: bad version");
1285 *sigp
= buffer_get_string(&b
, lenp
);
1292 userauth_hostbased(Authctxt
*authctxt
)
1294 Key
*private = NULL
;
1295 Sensitive
*sensitive
= authctxt
->sensitive
;
1297 u_char
*signature
, *blob
;
1298 char *chost
, *pkalg
, *p
;
1299 const char *service
;
1301 int ok
, i
, len
, found
= 0;
1303 /* check for a useful key */
1304 for (i
= 0; i
< sensitive
->nkeys
; i
++) {
1305 private = sensitive
->keys
[i
];
1306 if (private && private->type
!= KEY_RSA1
) {
1308 /* we take and free the key */
1309 sensitive
->keys
[i
] = NULL
;
1314 debug("No more client hostkeys for hostbased authentication.");
1317 if (key_to_blob(private, &blob
, &blen
) == 0) {
1321 /* figure out a name for the client host */
1322 p
= get_local_name(packet_get_connection_in());
1324 error("userauth_hostbased: cannot get local ipaddr/name");
1328 len
= strlen(p
) + 2;
1329 chost
= xmalloc(len
);
1330 strlcpy(chost
, p
, len
);
1331 strlcat(chost
, ".", len
);
1332 debug2("userauth_hostbased: chost %s", chost
);
1335 service
= datafellows
& SSH_BUG_HBSERVICE
? "ssh-userauth" :
1337 pkalg
= xstrdup(key_ssh_name(private));
1339 /* construct data */
1340 buffer_put_string(&b
, session_id2
, session_id2_len
);
1341 buffer_put_char(&b
, SSH2_MSG_USERAUTH_REQUEST
);
1342 buffer_put_cstring(&b
, authctxt
->server_user
);
1343 buffer_put_cstring(&b
, service
);
1344 buffer_put_cstring(&b
, authctxt
->method
->name
);
1345 buffer_put_cstring(&b
, pkalg
);
1346 buffer_put_string(&b
, blob
, blen
);
1347 buffer_put_cstring(&b
, chost
);
1348 buffer_put_cstring(&b
, authctxt
->local_user
);
1352 if (sensitive
->external_keysign
)
1353 ok
= ssh_keysign(private, &signature
, &slen
,
1354 buffer_ptr(&b
), buffer_len(&b
));
1356 ok
= key_sign(private, &signature
, &slen
,
1357 buffer_ptr(&b
), buffer_len(&b
));
1361 error("key_sign failed");
1366 packet_start(SSH2_MSG_USERAUTH_REQUEST
);
1367 packet_put_cstring(authctxt
->server_user
);
1368 packet_put_cstring(authctxt
->service
);
1369 packet_put_cstring(authctxt
->method
->name
);
1370 packet_put_cstring(pkalg
);
1371 packet_put_string(blob
, blen
);
1372 packet_put_cstring(chost
);
1373 packet_put_cstring(authctxt
->local_user
);
1374 packet_put_string(signature
, slen
);
1375 memset(signature
, 's', slen
);
1384 /* find auth method */
1387 * given auth method name, if configurable options permit this method fill
1388 * in auth_ident field and return true, otherwise return false.
1391 authmethod_is_enabled(Authmethod
*method
)
1395 /* return false if options indicate this method is disabled */
1396 if (method
->enabled
== NULL
|| *method
->enabled
== 0)
1398 /* return false if batch mode is enabled but method needs interactive mode */
1399 if (method
->batch_flag
!= NULL
&& *method
->batch_flag
!= 0)
1405 authmethod_lookup(const char *name
)
1407 Authmethod
*method
= NULL
;
1409 for (method
= authmethods
; method
->name
!= NULL
; method
++)
1410 if (strcmp(name
, method
->name
) == 0)
1412 debug2("Unrecognized authentication method name: %s", name
? name
: "NULL");
1416 /* XXX internal state */
1417 static Authmethod
*current
= NULL
;
1418 static char *supported
= NULL
;
1419 static char *preferred
= NULL
;
1422 * Given the authentication method list sent by the server, return the
1423 * next method we should try. If the server initially sends a nil list,
1424 * use a built-in default list.
1427 authmethod_get(char *authlist
)
1432 /* Use a suitable default if we're passed a nil list. */
1433 if (authlist
== NULL
|| strlen(authlist
) == 0)
1434 authlist
= options
.preferred_authentications
;
1436 if (supported
== NULL
|| strcmp(authlist
, supported
) != 0) {
1437 debug3("start over, passed a different list %s", authlist
);
1438 if (supported
!= NULL
)
1440 supported
= xstrdup(authlist
);
1441 preferred
= options
.preferred_authentications
;
1442 debug3("preferred %s", preferred
);
1444 } else if (current
!= NULL
&& authmethod_is_enabled(current
))
1448 if ((name
= match_list(preferred
, supported
, &next
)) == NULL
) {
1449 debug("No more authentication methods to try.");
1454 debug3("authmethod_lookup %s", name
);
1455 debug3("remaining preferred: %s", preferred
);
1456 if ((current
= authmethod_lookup(name
)) != NULL
&&
1457 authmethod_is_enabled(current
)) {
1458 debug3("authmethod_is_enabled %s", name
);
1459 debug("Next authentication method: %s", name
);
1466 authmethods_get(void)
1468 Authmethod
*method
= NULL
;
1473 for (method
= authmethods
; method
->name
!= NULL
; method
++) {
1474 if (authmethod_is_enabled(method
)) {
1475 if (buffer_len(&b
) > 0)
1476 buffer_append(&b
, ",", 1);
1477 buffer_append(&b
, method
->name
, strlen(method
->name
));
1480 buffer_append(&b
, "\0", 1);
1481 list
= xstrdup(buffer_ptr(&b
));