search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Tomato 1.28
[tomato.git] / release / src / router / dropbear / svr-auth.c
blob5da0aa70c2110b1571c3d0989de49f1a70f6cee9
1 /*
2 * Dropbear - a SSH2 server
3 *
4 * Copyright (c) 2002,2003 Matt Johnston
5 * All rights reserved.
6 *
7 * Permission is hereby granted, free of charge, to any person obtaining a copy
8 * of this software and associated documentation files (the "Software"), to deal
9 * in the Software without restriction, including without limitation the rights
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 * copies of the Software, and to permit persons to whom the Software is
12 * furnished to do so, subject to the following conditions:
13 *
14 * The above copyright notice and this permission notice shall be included in
15 * all copies or substantial portions of the Software.
16 *
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
20 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
23 * SOFTWARE. */
24
25 /* This file (auth.c) handles authentication requests, passing it to the
26 * particular type (auth-passwd, auth-pubkey). */
27
28 #include "includes.h"
29 #include "dbutil.h"
30 #include "session.h"
31 #include "buffer.h"
32 #include "ssh.h"
33 #include "packet.h"
34 #include "auth.h"
35 #include "runopts.h"
36
37 static void authclear();
38 static int checkusername(unsigned char *username, unsigned int userlen);
39 static void send_msg_userauth_banner();
40
41 /* initialise the first time for a session, resetting all parameters */
42 void svr_authinitialise() {
43
44 ses.authstate.failcount = 0;
45 ses.authstate.pw_name = NULL;
46 ses.authstate.pw_dir = NULL;
47 ses.authstate.pw_shell = NULL;
48 ses.authstate.pw_passwd = NULL;
49 authclear();
50
51 }
52
53 /* Reset the auth state, but don't reset the failcount. This is for if the
54 * user decides to try with a different username etc, and is also invoked
55 * on initialisation */
56 static void authclear() {
57
58 memset(&ses.authstate, 0, sizeof(ses.authstate));
59 #ifdef ENABLE_SVR_PUBKEY_AUTH
60 ses.authstate.authtypes |= AUTH_TYPE_PUBKEY;
61 #endif
62 #if defined(ENABLE_SVR_PASSWORD_AUTH) || defined(ENABLE_SVR_PAM_AUTH)
63 if (!svr_opts.noauthpass) {
64 ses.authstate.authtypes |= AUTH_TYPE_PASSWORD;
65 }
66 #endif
67 if (ses.authstate.pw_name) {
68 m_free(ses.authstate.pw_name);
69 }
70 if (ses.authstate.pw_shell) {
71 m_free(ses.authstate.pw_shell);
72 }
73 if (ses.authstate.pw_dir) {
74 m_free(ses.authstate.pw_dir);
75 }
76 if (ses.authstate.pw_passwd) {
77 m_free(ses.authstate.pw_passwd);
78 }
79
80 }
81
82 /* Send a banner message if specified to the client. The client might
83 * ignore this, but possibly serves as a legal "no trespassing" sign */
84 static void send_msg_userauth_banner() {
85
86 TRACE(("enter send_msg_userauth_banner"))
87 if (svr_opts.banner == NULL) {
88 TRACE(("leave send_msg_userauth_banner: banner is NULL"))
89 return;
90 }
91
92 CHECKCLEARTOWRITE();
93
94 buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_BANNER);
95 buf_putstring(ses.writepayload, buf_getptr(svr_opts.banner,
96 svr_opts.banner->len), svr_opts.banner->len);
97 buf_putstring(ses.writepayload, "en", 2);
98
99 encrypt_packet();
100 buf_free(svr_opts.banner);
101 svr_opts.banner = NULL;
102
103 TRACE(("leave send_msg_userauth_banner"))
104 }
105
106 /* handle a userauth request, check validity, pass to password or pubkey
107 * checking, and handle success or failure */
108 void recv_msg_userauth_request() {
109
110 unsigned char *username = NULL, *servicename = NULL, *methodname = NULL;
111 unsigned int userlen, servicelen, methodlen;
112
113 TRACE(("enter recv_msg_userauth_request"))
114
115 /* ignore packets if auth is already done */
116 if (ses.authstate.authdone == 1) {
117 TRACE(("leave recv_msg_userauth_request: authdone already"))
118 return;
119 }
120
121 /* send the banner if it exists, it will only exist once */
122 if (svr_opts.banner) {
123 send_msg_userauth_banner();
124 }
125
126
127 username = buf_getstring(ses.payload, &userlen);
128 servicename = buf_getstring(ses.payload, &servicelen);
129 methodname = buf_getstring(ses.payload, &methodlen);
130
131 /* only handle 'ssh-connection' currently */
132 if (servicelen != SSH_SERVICE_CONNECTION_LEN
133 && (strncmp(servicename, SSH_SERVICE_CONNECTION,
134 SSH_SERVICE_CONNECTION_LEN) != 0)) {
135
136 /* TODO - disconnect here */
137 m_free(username);
138 m_free(servicename);
139 m_free(methodname);
140 dropbear_exit("unknown service in auth");
141 }
142
143 /* user wants to know what methods are supported */
144 if (methodlen == AUTH_METHOD_NONE_LEN &&
145 strncmp(methodname, AUTH_METHOD_NONE,
146 AUTH_METHOD_NONE_LEN) == 0) {
147 TRACE(("recv_msg_userauth_request: 'none' request"))
148 send_msg_userauth_failure(0, 0);
149 goto out;
150 }
151
152 /* check username is good before continuing */
153 if (checkusername(username, userlen) == DROPBEAR_FAILURE) {
154 /* username is invalid/no shell/etc - send failure */
155 TRACE(("sending checkusername failure"))
156 send_msg_userauth_failure(0, 1);
157 goto out;
158 }
159
160 #ifdef ENABLE_SVR_PASSWORD_AUTH
161 if (!svr_opts.noauthpass &&
162 !(svr_opts.norootpass && ses.authstate.pw_uid == 0) ) {
163 /* user wants to try password auth */
164 if (methodlen == AUTH_METHOD_PASSWORD_LEN &&
165 strncmp(methodname, AUTH_METHOD_PASSWORD,
166 AUTH_METHOD_PASSWORD_LEN) == 0) {
167 svr_auth_password();
168 goto out;
169 }
170 }
171 #endif
172
173 #ifdef ENABLE_SVR_PAM_AUTH
174 if (!svr_opts.noauthpass &&
175 !(svr_opts.norootpass && ses.authstate.pw_uid == 0) ) {
176 /* user wants to try password auth */
177 if (methodlen == AUTH_METHOD_PASSWORD_LEN &&
178 strncmp(methodname, AUTH_METHOD_PASSWORD,
179 AUTH_METHOD_PASSWORD_LEN) == 0) {
180 svr_auth_pam();
181 goto out;
182 }
183 }
184 #endif
185
186 #ifdef ENABLE_SVR_PUBKEY_AUTH
187 /* user wants to try pubkey auth */
188 if (methodlen == AUTH_METHOD_PUBKEY_LEN &&
189 strncmp(methodname, AUTH_METHOD_PUBKEY,
190 AUTH_METHOD_PUBKEY_LEN) == 0) {
191 svr_auth_pubkey();
192 goto out;
193 }
194 #endif
195
196 /* nothing matched, we just fail */
197 send_msg_userauth_failure(0, 1);
198
199 out:
200
201 m_free(username);
202 m_free(servicename);
203 m_free(methodname);
204 }
205
206
207 /* Check that the username exists, has a non-empty password, and has a valid
208 * shell.
209 * returns DROPBEAR_SUCCESS on valid username, DROPBEAR_FAILURE on failure */
210 static int checkusername(unsigned char *username, unsigned int userlen) {
211
212 char* listshell = NULL;
213 char* usershell = NULL;
214 TRACE(("enter checkusername"))
215 if (userlen > MAX_USERNAME_LEN) {
216 return DROPBEAR_FAILURE;
217 }
218
219 /* new user or username has changed */
220 if (ses.authstate.username == NULL ||
221 strcmp(username, ses.authstate.username) != 0) {
222 /* the username needs resetting */
223 if (ses.authstate.username != NULL) {
224 dropbear_log(LOG_WARNING, "client trying multiple usernames from %s",
225 svr_ses.addrstring);
226 m_free(ses.authstate.username);
227 }
228 authclear();
229 fill_passwd(username);
230 ses.authstate.username = m_strdup(username);
231 }
232
233 /* check that user exists */
234 if (!ses.authstate.pw_name) {
235 TRACE(("leave checkusername: user '%s' doesn't exist", username))
236 dropbear_log(LOG_WARNING,
237 "login attempt for nonexistent user from %s",
238 svr_ses.addrstring);
239 send_msg_userauth_failure(0, 1);
240 return DROPBEAR_FAILURE;
241 }
242
243 /* check for non-root if desired */
244 if (svr_opts.norootlogin && ses.authstate.pw_uid == 0) {
245 TRACE(("leave checkusername: root login disabled"))
246 dropbear_log(LOG_WARNING, "root login rejected");
247 send_msg_userauth_failure(0, 1);
248 return DROPBEAR_FAILURE;
249 }
250
251 /* check for an empty password */
252 if (ses.authstate.pw_passwd[0] == '\0') {
253 TRACE(("leave checkusername: empty pword"))
254 dropbear_log(LOG_WARNING, "user '%s' has blank password, rejected",
255 ses.authstate.pw_name);
256 send_msg_userauth_failure(0, 1);
257 return DROPBEAR_FAILURE;
258 }
259
260 TRACE(("shell is %s", ses.authstate.pw_shell))
261
262 /* check that the shell is set */
263 usershell = ses.authstate.pw_shell;
264 if (usershell[0] == '\0') {
265 /* empty shell in /etc/passwd means /bin/sh according to passwd(5) */
266 usershell = "/bin/sh";
267 }
268
269 /* check the shell is valid. If /etc/shells doesn't exist, getusershell()
270 * should return some standard shells like "/bin/sh" and "/bin/csh" (this
271 * is platform-specific) */
272 setusershell();
273 while ((listshell = getusershell()) != NULL) {
274 TRACE(("test shell is '%s'", listshell))
275 if (strcmp(listshell, usershell) == 0) {
276 /* have a match */
277 goto goodshell;
278 }
279 }
280 /* no matching shell */
281 endusershell();
282 TRACE(("no matching shell"))
283 dropbear_log(LOG_WARNING, "user '%s' has invalid shell, rejected",
284 ses.authstate.pw_name);
285 send_msg_userauth_failure(0, 1);
286 return DROPBEAR_FAILURE;
287
288 goodshell:
289 endusershell();
290 TRACE(("matching shell"))
291
292 TRACE(("uid = %d", ses.authstate.pw_uid))
293 TRACE(("leave checkusername"))
294 return DROPBEAR_SUCCESS;
295
296 }
297
298 /* Send a failure message to the client, in responds to a userauth_request.
299 * Partial indicates whether to set the "partial success" flag,
300 * incrfail is whether to count this failure in the failure count (which
301 * is limited. This function also handles disconnection after too many
302 * failures */
303 void send_msg_userauth_failure(int partial, int incrfail) {
304
305 buffer *typebuf = NULL;
306
307 TRACE(("enter send_msg_userauth_failure"))
308
309 CHECKCLEARTOWRITE();
310
311 buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_FAILURE);
312
313 /* put a list of allowed types */
314 typebuf = buf_new(30); /* long enough for PUBKEY and PASSWORD */
315
316 if (ses.authstate.authtypes & AUTH_TYPE_PUBKEY) {
317 buf_putbytes(typebuf, AUTH_METHOD_PUBKEY, AUTH_METHOD_PUBKEY_LEN);
318 if (ses.authstate.authtypes & AUTH_TYPE_PASSWORD) {
319 buf_putbyte(typebuf, ',');
320 }
321 }
322
323 if (ses.authstate.authtypes & AUTH_TYPE_PASSWORD) {
324 buf_putbytes(typebuf, AUTH_METHOD_PASSWORD, AUTH_METHOD_PASSWORD_LEN);
325 }
326
327 buf_setpos(typebuf, 0);
328 buf_putstring(ses.writepayload, buf_getptr(typebuf, typebuf->len),
329 typebuf->len);
330
331 TRACE(("auth fail: methods %d, '%s'", ses.authstate.authtypes,
332 buf_getptr(typebuf, typebuf->len)));
333
334 buf_free(typebuf);
335
336 buf_putbyte(ses.writepayload, partial ? 1 : 0);
337 encrypt_packet();
338
339 if (incrfail) {
340 usleep(300000); /* XXX improve this */
341 ses.authstate.failcount++;
342 }
343
344 if (ses.authstate.failcount >= MAX_AUTH_TRIES) {
345 char * userstr;
346 /* XXX - send disconnect ? */
347 TRACE(("Max auth tries reached, exiting"))
348
349 if (ses.authstate.pw_name == NULL) {
350 userstr = "is invalid";
351 } else {
352 userstr = ses.authstate.pw_name;
353 }
354 dropbear_exit("Max auth tries reached - user '%s' from %s",
355 userstr, svr_ses.addrstring);
356 }
357
358 TRACE(("leave send_msg_userauth_failure"))
359 }
360
361 /* Send a success message to the user, and set the "authdone" flag */
362 void send_msg_userauth_success() {
363
364 TRACE(("enter send_msg_userauth_success"))
365
366 CHECKCLEARTOWRITE();
367
368 buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_SUCCESS);
369 encrypt_packet();
370
371 /* authdone must be set after encrypt_packet() for
372 * delayed-zlib mode */
373 ses.authstate.authdone = 1;
374 ses.connect_time = 0;
375
376
377 if (ses.authstate.pw_uid == 0) {
378 ses.allowprivport = 1;
379 }
380
381 /* Remove from the list of pre-auth sockets. Should be m_close(), since if
382 * we fail, we might end up leaking connection slots, and disallow new
383 * logins - a nasty situation. */
384 m_close(svr_ses.childpipe);
385
386 TRACE(("leave send_msg_userauth_success"))
387
388 }
Tomato firmware and modifications.