search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
MiniDLNA update: 1.0.19.1 to 1.0.20
[tomato.git] / release / src / router / dropbear / svr-auth.c
blobf60fa866e8b94c98df41135b04d3bfd1f95bd915
1 /*
2 * Dropbear - a SSH2 server
3 *
4 * Copyright (c) 2002,2003 Matt Johnston
5 * All rights reserved.
6 *
7 * Permission is hereby granted, free of charge, to any person obtaining a copy
8 * of this software and associated documentation files (the "Software"), to deal
9 * in the Software without restriction, including without limitation the rights
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 * copies of the Software, and to permit persons to whom the Software is
12 * furnished to do so, subject to the following conditions:
13 *
14 * The above copyright notice and this permission notice shall be included in
15 * all copies or substantial portions of the Software.
16 *
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
20 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
23 * SOFTWARE. */
24
25 /* This file (auth.c) handles authentication requests, passing it to the
26 * particular type (auth-passwd, auth-pubkey). */
27
28 #include "includes.h"
29 #include "dbutil.h"
30 #include "session.h"
31 #include "buffer.h"
32 #include "ssh.h"
33 #include "packet.h"
34 #include "auth.h"
35 #include "runopts.h"
36 #include "random.h"
37
38 static void authclear();
39 static int checkusername(unsigned char *username, unsigned int userlen);
40 static void send_msg_userauth_banner();
41
42 /* initialise the first time for a session, resetting all parameters */
43 void svr_authinitialise() {
44
45 ses.authstate.failcount = 0;
46 ses.authstate.pw_name = NULL;
47 ses.authstate.pw_dir = NULL;
48 ses.authstate.pw_shell = NULL;
49 ses.authstate.pw_passwd = NULL;
50 authclear();
51
52 }
53
54 /* Reset the auth state, but don't reset the failcount. This is for if the
55 * user decides to try with a different username etc, and is also invoked
56 * on initialisation */
57 static void authclear() {
58
59 memset(&ses.authstate, 0, sizeof(ses.authstate));
60 #ifdef ENABLE_SVR_PUBKEY_AUTH
61 ses.authstate.authtypes |= AUTH_TYPE_PUBKEY;
62 #endif
63 #if defined(ENABLE_SVR_PASSWORD_AUTH) || defined(ENABLE_SVR_PAM_AUTH)
64 if (!svr_opts.noauthpass) {
65 ses.authstate.authtypes |= AUTH_TYPE_PASSWORD;
66 }
67 #endif
68 if (ses.authstate.pw_name) {
69 m_free(ses.authstate.pw_name);
70 }
71 if (ses.authstate.pw_shell) {
72 m_free(ses.authstate.pw_shell);
73 }
74 if (ses.authstate.pw_dir) {
75 m_free(ses.authstate.pw_dir);
76 }
77 if (ses.authstate.pw_passwd) {
78 m_free(ses.authstate.pw_passwd);
79 }
80
81 }
82
83 /* Send a banner message if specified to the client. The client might
84 * ignore this, but possibly serves as a legal "no trespassing" sign */
85 static void send_msg_userauth_banner() {
86
87 TRACE(("enter send_msg_userauth_banner"))
88 if (svr_opts.banner == NULL) {
89 TRACE(("leave send_msg_userauth_banner: banner is NULL"))
90 return;
91 }
92
93 CHECKCLEARTOWRITE();
94
95 buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_BANNER);
96 buf_putstring(ses.writepayload, buf_getptr(svr_opts.banner,
97 svr_opts.banner->len), svr_opts.banner->len);
98 buf_putstring(ses.writepayload, "en", 2);
99
100 encrypt_packet();
101 buf_free(svr_opts.banner);
102 svr_opts.banner = NULL;
103
104 TRACE(("leave send_msg_userauth_banner"))
105 }
106
107 /* handle a userauth request, check validity, pass to password or pubkey
108 * checking, and handle success or failure */
109 void recv_msg_userauth_request() {
110
111 unsigned char *username = NULL, *servicename = NULL, *methodname = NULL;
112 unsigned int userlen, servicelen, methodlen;
113
114 TRACE(("enter recv_msg_userauth_request"))
115
116 /* ignore packets if auth is already done */
117 if (ses.authstate.authdone == 1) {
118 TRACE(("leave recv_msg_userauth_request: authdone already"))
119 return;
120 }
121
122 /* send the banner if it exists, it will only exist once */
123 if (svr_opts.banner) {
124 send_msg_userauth_banner();
125 }
126
127
128 username = buf_getstring(ses.payload, &userlen);
129 servicename = buf_getstring(ses.payload, &servicelen);
130 methodname = buf_getstring(ses.payload, &methodlen);
131
132 /* only handle 'ssh-connection' currently */
133 if (servicelen != SSH_SERVICE_CONNECTION_LEN
134 && (strncmp(servicename, SSH_SERVICE_CONNECTION,
135 SSH_SERVICE_CONNECTION_LEN) != 0)) {
136
137 /* TODO - disconnect here */
138 m_free(username);
139 m_free(servicename);
140 m_free(methodname);
141 dropbear_exit("unknown service in auth");
142 }
143
144 /* user wants to know what methods are supported */
145 if (methodlen == AUTH_METHOD_NONE_LEN &&
146 strncmp(methodname, AUTH_METHOD_NONE,
147 AUTH_METHOD_NONE_LEN) == 0) {
148 TRACE(("recv_msg_userauth_request: 'none' request"))
149 send_msg_userauth_failure(0, 0);
150 goto out;
151 }
152
153 /* check username is good before continuing */
154 if (checkusername(username, userlen) == DROPBEAR_FAILURE) {
155 /* username is invalid/no shell/etc - send failure */
156 TRACE(("sending checkusername failure"))
157 send_msg_userauth_failure(0, 1);
158 goto out;
159 }
160
161 #ifdef ENABLE_SVR_PASSWORD_AUTH
162 if (!svr_opts.noauthpass &&
163 !(svr_opts.norootpass && ses.authstate.pw_uid == 0) ) {
164 /* user wants to try password auth */
165 if (methodlen == AUTH_METHOD_PASSWORD_LEN &&
166 strncmp(methodname, AUTH_METHOD_PASSWORD,
167 AUTH_METHOD_PASSWORD_LEN) == 0) {
168 svr_auth_password();
169 goto out;
170 }
171 }
172 #endif
173
174 #ifdef ENABLE_SVR_PAM_AUTH
175 if (!svr_opts.noauthpass &&
176 !(svr_opts.norootpass && ses.authstate.pw_uid == 0) ) {
177 /* user wants to try password auth */
178 if (methodlen == AUTH_METHOD_PASSWORD_LEN &&
179 strncmp(methodname, AUTH_METHOD_PASSWORD,
180 AUTH_METHOD_PASSWORD_LEN) == 0) {
181 svr_auth_pam();
182 goto out;
183 }
184 }
185 #endif
186
187 #ifdef ENABLE_SVR_PUBKEY_AUTH
188 /* user wants to try pubkey auth */
189 if (methodlen == AUTH_METHOD_PUBKEY_LEN &&
190 strncmp(methodname, AUTH_METHOD_PUBKEY,
191 AUTH_METHOD_PUBKEY_LEN) == 0) {
192 svr_auth_pubkey();
193 goto out;
194 }
195 #endif
196
197 /* nothing matched, we just fail */
198 send_msg_userauth_failure(0, 1);
199
200 out:
201
202 m_free(username);
203 m_free(servicename);
204 m_free(methodname);
205 }
206
207
208 /* Check that the username exists, has a non-empty password, and has a valid
209 * shell.
210 * returns DROPBEAR_SUCCESS on valid username, DROPBEAR_FAILURE on failure */
211 static int checkusername(unsigned char *username, unsigned int userlen) {
212
213 char* listshell = NULL;
214 #if 0 // shell check
215 char* usershell = NULL;
216 #endif
217 TRACE(("enter checkusername"))
218 if (userlen > MAX_USERNAME_LEN) {
219 return DROPBEAR_FAILURE;
220 }
221
222 /* new user or username has changed */
223 if (ses.authstate.username == NULL ||
224 strcmp(username, ses.authstate.username) != 0) {
225 /* the username needs resetting */
226 if (ses.authstate.username != NULL) {
227 dropbear_log(LOG_WARNING, "Client trying multiple usernames from %s",
228 svr_ses.addrstring);
229 m_free(ses.authstate.username);
230 }
231 authclear();
232 fill_passwd(username);
233 ses.authstate.username = m_strdup(username);
234 }
235
236 /* check that user exists */
237 if (!ses.authstate.pw_name) {
238 TRACE(("leave checkusername: user '%s' doesn't exist", username))
239 dropbear_log(LOG_WARNING,
240 "Login attempt for nonexistent user from %s",
241 svr_ses.addrstring);
242 send_msg_userauth_failure(0, 1);
243 return DROPBEAR_FAILURE;
244 }
245
246 /* check for non-root if desired */
247 if (svr_opts.norootlogin && ses.authstate.pw_uid == 0) {
248 TRACE(("leave checkusername: root login disabled"))
249 dropbear_log(LOG_WARNING, "root login rejected");
250 send_msg_userauth_failure(0, 1);
251 return DROPBEAR_FAILURE;
252 }
253
254 /* check for an empty password */
255 if (ses.authstate.pw_passwd[0] == '\0') {
256 TRACE(("leave checkusername: empty pword"))
257 dropbear_log(LOG_WARNING, "User '%s' has blank password, rejected",
258 ses.authstate.pw_name);
259 send_msg_userauth_failure(0, 1);
260 return DROPBEAR_FAILURE;
261 }
262
263 TRACE(("shell is %s", ses.authstate.pw_shell))
264
265 #if 0 // shell check
266 /* check that the shell is set */
267 usershell = ses.authstate.pw_shell;
268 if (usershell[0] == '\0') {
269 /* empty shell in /etc/passwd means /bin/sh according to passwd(5) */
270 usershell = "/bin/sh";
271 }
272
273 /* check the shell is valid. If /etc/shells doesn't exist, getusershell()
274 * should return some standard shells like "/bin/sh" and "/bin/csh" (this
275 * is platform-specific) */
276 setusershell();
277 while ((listshell = getusershell()) != NULL) {
278 TRACE(("test shell is '%s'", listshell))
279 if (strcmp(listshell, usershell) == 0) {
280 /* have a match */
281 goto goodshell;
282 }
283 }
284 /* no matching shell */
285 endusershell();
286 TRACE(("no matching shell"))
287 dropbear_log(LOG_WARNING, "User '%s' has invalid shell, rejected",
288 ses.authstate.pw_name);
289 send_msg_userauth_failure(0, 1);
290 return DROPBEAR_FAILURE;
291 #endif // shell check
292
293 goodshell:
294 endusershell();
295 TRACE(("matching shell"))
296
297 TRACE(("uid = %d", ses.authstate.pw_uid))
298 TRACE(("leave checkusername"))
299 return DROPBEAR_SUCCESS;
300
301 }
302
303 /* Send a failure message to the client, in responds to a userauth_request.
304 * Partial indicates whether to set the "partial success" flag,
305 * incrfail is whether to count this failure in the failure count (which
306 * is limited. This function also handles disconnection after too many
307 * failures */
308 void send_msg_userauth_failure(int partial, int incrfail) {
309
310 buffer *typebuf = NULL;
311
312 TRACE(("enter send_msg_userauth_failure"))
313
314 CHECKCLEARTOWRITE();
315
316 buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_FAILURE);
317
318 /* put a list of allowed types */
319 typebuf = buf_new(30); /* long enough for PUBKEY and PASSWORD */
320
321 if (ses.authstate.authtypes & AUTH_TYPE_PUBKEY) {
322 buf_putbytes(typebuf, AUTH_METHOD_PUBKEY, AUTH_METHOD_PUBKEY_LEN);
323 if (ses.authstate.authtypes & AUTH_TYPE_PASSWORD) {
324 buf_putbyte(typebuf, ',');
325 }
326 }
327
328 if (ses.authstate.authtypes & AUTH_TYPE_PASSWORD) {
329 buf_putbytes(typebuf, AUTH_METHOD_PASSWORD, AUTH_METHOD_PASSWORD_LEN);
330 }
331
332 buf_setpos(typebuf, 0);
333 buf_putstring(ses.writepayload, buf_getptr(typebuf, typebuf->len),
334 typebuf->len);
335
336 TRACE(("auth fail: methods %d, '%s'", ses.authstate.authtypes,
337 buf_getptr(typebuf, typebuf->len)));
338
339 buf_free(typebuf);
340
341 buf_putbyte(ses.writepayload, partial ? 1 : 0);
342 encrypt_packet();
343
344 if (incrfail) {
345 unsigned int delay;
346 genrandom((unsigned char*)&delay, sizeof(delay));
347 /* We delay for 300ms +- 50ms, 0.1ms granularity */
348 delay = 250000 + (delay % 1000)*100;
349 usleep(delay);
350 ses.authstate.failcount++;
351 }
352
353 if (ses.authstate.failcount >= MAX_AUTH_TRIES) {
354 char * userstr;
355 /* XXX - send disconnect ? */
356 TRACE(("Max auth tries reached, exiting"))
357
358 if (ses.authstate.pw_name == NULL) {
359 userstr = "is invalid";
360 } else {
361 userstr = ses.authstate.pw_name;
362 }
363 dropbear_exit("Max auth tries reached - user '%s' from %s",
364 userstr, svr_ses.addrstring);
365 }
366
367 TRACE(("leave send_msg_userauth_failure"))
368 }
369
370 /* Send a success message to the user, and set the "authdone" flag */
371 void send_msg_userauth_success() {
372
373 TRACE(("enter send_msg_userauth_success"))
374
375 CHECKCLEARTOWRITE();
376
377 buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_SUCCESS);
378 encrypt_packet();
379
380 /* authdone must be set after encrypt_packet() for
381 * delayed-zlib mode */
382 ses.authstate.authdone = 1;
383 ses.connect_time = 0;
384
385
386 if (ses.authstate.pw_uid == 0) {
387 ses.allowprivport = 1;
388 }
389
390 /* Remove from the list of pre-auth sockets. Should be m_close(), since if
391 * we fail, we might end up leaking connection slots, and disallow new
392 * logins - a nasty situation. */
393 m_close(svr_ses.childpipe);
394
395 TRACE(("leave send_msg_userauth_success"))
396
397 }
Tomato firmware and modifications.