crypto/dist/ssh/auth2-chall.c

   1 /*      $NetBSD: auth2-chall.c,v 1.1.1.16 2008/04/06 21:18:06 christos Exp $    */
   2 /* $OpenBSD: auth2-chall.c,v 1.33 2007/09/21 08:15:29 djm Exp $ */
   3 /*
   4  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
   5  * Copyright (c) 2001 Per Allansson.  All rights reserved.
   6  *
   7  * Redistribution and use in source and binary forms, with or without
   8  * modification, are permitted provided that the following conditions
   9  * are met:
  10  * 1. Redistributions of source code must retain the above copyright
  11  *    notice, this list of conditions and the following disclaimer.
  12  * 2. Redistributions in binary form must reproduce the above copyright
  13  *    notice, this list of conditions and the following disclaimer in the
  14  *    documentation and/or other materials provided with the distribution.
  15  *
  16  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
  17  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
  18  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
  19  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
  20  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  21  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  22  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  23  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  24  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  25  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  26  */
  27 #include "includes.h"
  28 __RCSID("$NetBSD: auth2-chall.c,v 1.19 2007/03/10 22:52:05 christos Exp $");
  29
  30 #include <sys/types.h>
  31
  32 #include <stdio.h>
  33 #include <string.h>
  34
  35 #include "xmalloc.h"
  36 #include "ssh2.h"
  37 #include "key.h"
  38 #include "hostfile.h"
  39 #include "auth.h"
  40 #include "buffer.h"
  41 #include "packet.h"
  42 #include "dispatch.h"
  43 #include "log.h"
  44 #include "servconf.h"
  45
  46 /* import */
  47 extern ServerOptions options;
  48
  49 static int auth2_challenge_start(Authctxt *);
  50 static int send_userauth_info_request(Authctxt *);
  51 static void input_userauth_info_response(int, u_int32_t, void *);
  52
  53 #ifdef BSD_AUTH
  54 extern KbdintDevice bsdauth_device;
  55 #else
  56 #ifdef USE_PAM
  57 extern KbdintDevice sshpam_device;
  58 #endif
  59 #ifdef SKEY
  60 extern KbdintDevice skey_device;
  61 #endif
  62 #endif
  63
  64 KbdintDevice *devices[] = {
  65 #ifdef BSD_AUTH
  66         &bsdauth_device,
  67 #else
  68 #ifdef USE_PAM
  69         &sshpam_device,
  70 #endif
  71 #ifdef SKEY
  72         &skey_device,
  73 #endif
  74 #endif
  75         NULL
  76 };
  77
  78 typedef struct KbdintAuthctxt KbdintAuthctxt;
  79 struct KbdintAuthctxt
  80 {
  81         char *devices;
  82         void *ctxt;
  83         KbdintDevice *device;
  84         u_int nreq;
  85 };
  86
  87 #ifdef USE_PAM
  88 void remove_kbdint_device(const char *);
  89 void
  90 remove_kbdint_device(const char *devname)
  91 {
  92         int i, j;
  93
  94         for (i = 0; devices[i] != NULL; i++)
  95                 if (strcmp(devices[i]->name, devname) == 0) {
  96                         for (j = i; devices[j] != NULL; j++)
  97                                 devices[j] = devices[j+1];
  98                         i--;
  99                 }
 100 }
 101 #endif
 102
 103 static KbdintAuthctxt *
 104 kbdint_alloc(const char *devs)
 105 {
 106         KbdintAuthctxt *kbdintctxt;
 107         Buffer b;
 108         int i;
 109
 110 #ifdef USE_PAM
 111         if (!options.use_pam)
 112                 remove_kbdint_device("pam");
 113 #endif
 114
 115         kbdintctxt = xmalloc(sizeof(KbdintAuthctxt));
 116         if (strcmp(devs, "") == 0) {
 117                 buffer_init(&b);
 118                 for (i = 0; devices[i]; i++) {
 119                         if (buffer_len(&b) > 0)
 120                                 buffer_append(&b, ",", 1);
 121                         buffer_append(&b, devices[i]->name,
 122                             strlen(devices[i]->name));
 123                 }
 124                 buffer_append(&b, "\0", 1);
 125                 kbdintctxt->devices = xstrdup(buffer_ptr(&b));
 126                 buffer_free(&b);
 127         } else {
 128                 kbdintctxt->devices = xstrdup(devs);
 129         }
 130         debug("kbdint_alloc: devices '%s'", kbdintctxt->devices);
 131         kbdintctxt->ctxt = NULL;
 132         kbdintctxt->device = NULL;
 133         kbdintctxt->nreq = 0;
 134
 135         return kbdintctxt;
 136 }
 137 static void
 138 kbdint_reset_device(KbdintAuthctxt *kbdintctxt)
 139 {
 140         if (kbdintctxt->ctxt) {
 141                 kbdintctxt->device->free_ctx(kbdintctxt->ctxt);
 142                 kbdintctxt->ctxt = NULL;
 143         }
 144         kbdintctxt->device = NULL;
 145 }
 146 static void
 147 kbdint_free(KbdintAuthctxt *kbdintctxt)
 148 {
 149         if (kbdintctxt->device)
 150                 kbdint_reset_device(kbdintctxt);
 151         if (kbdintctxt->devices) {
 152                 xfree(kbdintctxt->devices);
 153                 kbdintctxt->devices = NULL;
 154         }
 155         xfree(kbdintctxt);
 156 }
 157 /* get next device */
 158 static int
 159 kbdint_next_device(KbdintAuthctxt *kbdintctxt)
 160 {
 161         size_t len;
 162         char *t;
 163         int i;
 164
 165         if (kbdintctxt->device)
 166                 kbdint_reset_device(kbdintctxt);
 167         do {
 168                 len = kbdintctxt->devices ?
 169                     strcspn(kbdintctxt->devices, ",") : 0;
 170
 171                 if (len == 0)
 172                         break;
 173                 for (i = 0; devices[i]; i++)
 174                         if (strncmp(kbdintctxt->devices, devices[i]->name, len) == 0)
 175                                 kbdintctxt->device = devices[i];
 176                 t = kbdintctxt->devices;
 177                 kbdintctxt->devices = t[len] ? xstrdup(t+len+1) : NULL;
 178                 xfree(t);
 179                 debug2("kbdint_next_device: devices %s", kbdintctxt->devices ?
 180                     kbdintctxt->devices : "<empty>");
 181         } while (kbdintctxt->devices && !kbdintctxt->device);
 182
 183         return kbdintctxt->device ? 1 : 0;
 184 }
 185
 186 /*
 187  * try challenge-response, set authctxt->postponed if we have to
 188  * wait for the response.
 189  */
 190 int
 191 auth2_challenge(Authctxt *authctxt, char *devs)
 192 {
 193         debug("auth2_challenge: user=%s devs=%s",
 194             authctxt->user ? authctxt->user : "<nouser>",
 195             devs ? devs : "<no devs>");
 196
 197         if (authctxt->user == NULL || !devs)
 198                 return 0;
 199         if (authctxt->kbdintctxt == NULL)
 200                 authctxt->kbdintctxt = kbdint_alloc(devs);
 201         return auth2_challenge_start(authctxt);
 202 }
 203
 204 /* unregister kbd-int callbacks and context */
 205 void
 206 auth2_challenge_stop(Authctxt *authctxt)
 207 {
 208         /* unregister callback */
 209         dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE, NULL);
 210         if (authctxt->kbdintctxt != NULL) {
 211                 kbdint_free(authctxt->kbdintctxt);
 212                 authctxt->kbdintctxt = NULL;
 213         }
 214 }
 215
 216 /* side effect: sets authctxt->postponed if a reply was sent*/
 217 static int
 218 auth2_challenge_start(Authctxt *authctxt)
 219 {
 220         KbdintAuthctxt *kbdintctxt = authctxt->kbdintctxt;
 221
 222         debug2("auth2_challenge_start: devices %s",
 223             kbdintctxt->devices ?  kbdintctxt->devices : "<empty>");
 224
 225         if (kbdint_next_device(kbdintctxt) == 0) {
 226                 auth2_challenge_stop(authctxt);
 227                 return 0;
 228         }
 229         debug("auth2_challenge_start: trying authentication method '%s'",
 230             kbdintctxt->device->name);
 231
 232         if ((kbdintctxt->ctxt = kbdintctxt->device->init_ctx(authctxt)) == NULL) {
 233                 auth2_challenge_stop(authctxt);
 234                 return 0;
 235         }
 236         if (send_userauth_info_request(authctxt) == 0) {
 237                 auth2_challenge_stop(authctxt);
 238                 return 0;
 239         }
 240         dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE,
 241             &input_userauth_info_response);
 242
 243         authctxt->postponed = 1;
 244         return 0;
 245 }
 246
 247 static int
 248 send_userauth_info_request(Authctxt *authctxt)
 249 {
 250         KbdintAuthctxt *kbdintctxt;
 251         char *name, *instr, **prompts;
 252         u_int i, *echo_on;
 253
 254         kbdintctxt = authctxt->kbdintctxt;
 255         if (kbdintctxt->device->query(kbdintctxt->ctxt,
 256             &name, &instr, &kbdintctxt->nreq, &prompts, &echo_on))
 257                 return 0;
 258
 259         packet_start(SSH2_MSG_USERAUTH_INFO_REQUEST);
 260         packet_put_cstring(name);
 261         packet_put_cstring(instr);
 262         packet_put_cstring("");         /* language not used */
 263         packet_put_int(kbdintctxt->nreq);
 264         for (i = 0; i < kbdintctxt->nreq; i++) {
 265                 packet_put_cstring(prompts[i]);
 266                 packet_put_char(echo_on[i]);
 267         }
 268         packet_send();
 269         packet_write_wait();
 270
 271         for (i = 0; i < kbdintctxt->nreq; i++)
 272                 xfree(prompts[i]);
 273         xfree(prompts);
 274         xfree(echo_on);
 275         xfree(name);
 276         xfree(instr);
 277         return 1;
 278 }
 279
 280 static void
 281 input_userauth_info_response(int type, u_int32_t seq, void *ctxt)
 282 {
 283         Authctxt *authctxt = ctxt;
 284         KbdintAuthctxt *kbdintctxt;
 285         int authenticated = 0, res, len;
 286         u_int i, nresp;
 287         char **response = NULL, *method;
 288
 289         if (authctxt == NULL)
 290                 fatal("input_userauth_info_response: no authctxt");
 291         kbdintctxt = authctxt->kbdintctxt;
 292         if (kbdintctxt == NULL || kbdintctxt->ctxt == NULL)
 293                 fatal("input_userauth_info_response: no kbdintctxt");
 294         if (kbdintctxt->device == NULL)
 295                 fatal("input_userauth_info_response: no device");
 296
 297         authctxt->postponed = 0;        /* reset */
 298         nresp = packet_get_int();
 299         if (nresp != kbdintctxt->nreq)
 300                 fatal("input_userauth_info_response: wrong number of replies");
 301         if (nresp > 100)
 302                 fatal("input_userauth_info_response: too many replies");
 303         if (nresp > 0) {
 304                 response = xcalloc(nresp, sizeof(char *));
 305                 for (i = 0; i < nresp; i++)
 306                         response[i] = packet_get_string(NULL);
 307         }
 308         packet_check_eom();
 309
 310         res = kbdintctxt->device->respond(kbdintctxt->ctxt, nresp, response);
 311
 312         for (i = 0; i < nresp; i++) {
 313                 memset(response[i], 'r', strlen(response[i]));
 314                 xfree(response[i]);
 315         }
 316         if (response)
 317                 xfree(response);
 318
 319         switch (res) {
 320         case 0:
 321                 /* Success! */
 322                 authenticated = authctxt->valid ? 1 : 0;
 323                 break;
 324         case 1:
 325                 /* Authentication needs further interaction */
 326                 if (send_userauth_info_request(authctxt) == 1)
 327                         authctxt->postponed = 1;
 328                 break;
 329         default:
 330                 /* Failure! */
 331                 break;
 332         }
 333
 334         len = strlen("keyboard-interactive") + 2 +
 335                 strlen(kbdintctxt->device->name);
 336         method = xmalloc(len);
 337         snprintf(method, len, "keyboard-interactive/%s",
 338             kbdintctxt->device->name);
 339
 340         if (!authctxt->postponed) {
 341                 if (authenticated) {
 342                         auth2_challenge_stop(authctxt);
 343                 } else {
 344                         /* start next device */
 345                         /* may set authctxt->postponed */
 346                         auth2_challenge_start(authctxt);
 347                 }
 348         }
 349         userauth_finish(authctxt, authenticated, method);
 350         xfree(method);
 351 }
 352
 353 void
 354 privsep_challenge_enable(void)
 355 {
 356 #if defined(BSD_AUTH) || defined(USE_PAM) || defined(SKEY)
 357         int n = 0;
 358 #endif
 359 #ifdef BSD_AUTH
 360         extern KbdintDevice mm_bsdauth_device;
 361 #endif
 362 #ifdef USE_PAM
 363         extern KbdintDevice mm_sshpam_device;
 364 #endif
 365 #ifdef SKEY
 366         extern KbdintDevice mm_skey_device;
 367 #endif
 368         /* As long as SSHv1 has devices[0] hard coded this is fine */
 369 #ifdef BSD_AUTH
 370         devices[n++] = &mm_bsdauth_device;
 371 #endif
 372 #ifdef USE_PAM
 373         devices[n++] = &mm_sshpam_device;
 374 #endif
 375 #ifdef SKEY
 376         devices[n++] = &mm_skey_device;
 377 #endif
 378 }