auth1.c revision 98684 
1/*
2 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
3 *                    All rights reserved
4 *
5 * As far as I am concerned, the code I have written for this software
6 * can be used freely for any purpose.  Any derived versions of this
7 * software must be clearly marked as such, and if the derived work is
8 * incompatible with the protocol description in the RFC file, it must be
9 * called by a name other than "ssh" or "Secure Shell".
10 */
11
12#include "includes.h"
13RCSID("$OpenBSD: auth1.c,v 1.41 2002/06/19 00:27:55 deraadt Exp $");
14RCSID("$FreeBSD: head/crypto/openssh/auth1.c 98684 2002-06-23 16:09:08Z des $");
15
16#include "xmalloc.h"
17#include "rsa.h"
18#include "ssh1.h"
19#include "packet.h"
20#include "buffer.h"
21#include "mpaux.h"
22#include "log.h"
23#include "servconf.h"
24#include "compat.h"
25#include "auth.h"
26#include "channels.h"
27#include "session.h"
28#include "canohost.h"
29#include "uidswap.h"
30#include "monitor_wrap.h"
31
32#include <login_cap.h>
33#include "auth-pam.h"
34#include <security/pam_appl.h>
35
36/* import */
37extern ServerOptions options;
38
39/*
40 * convert ssh auth msg type into description
41 */
42static char *
43get_authname(int type)
44{
45	static char buf[1024];
46	switch (type) {
47	case SSH_CMSG_AUTH_PASSWORD:
48		return "password";
49	case SSH_CMSG_AUTH_RSA:
50		return "rsa";
51	case SSH_CMSG_AUTH_RHOSTS_RSA:
52		return "rhosts-rsa";
53	case SSH_CMSG_AUTH_RHOSTS:
54		return "rhosts";
55	case SSH_CMSG_AUTH_TIS:
56	case SSH_CMSG_AUTH_TIS_RESPONSE:
57		return "challenge-response";
58#if defined(KRB4) || defined(KRB5)
59	case SSH_CMSG_AUTH_KERBEROS:
60		return "kerberos";
61#endif
62	}
63	snprintf(buf, sizeof buf, "bad-auth-msg-%d", type);
64	return buf;
65}
66
67/*
68 * read packets, try to authenticate the user and
69 * return only if authentication is successful
70 */
71static void
72do_authloop(Authctxt *authctxt)
73{
74	int authenticated = 0;
75	u_int bits;
76	Key *client_host_key;
77	BIGNUM *n;
78	char *client_user, *password;
79	char info[1024];
80	u_int dlen;
81	u_int ulen;
82	int type = 0;
83	struct passwd *pw = authctxt->pw;
84	void (*authlog) (const char *fmt,...) = verbose;
85#ifdef HAVE_LOGIN_CAP
86	login_cap_t *lc;
87#endif /* HAVE_LOGIN_CAP */
88#ifdef USE_PAM
89	struct inverted_pam_cookie *pam_cookie;
90#endif /* USE_PAM */
91#if defined(HAVE_LOGIN_CAP)
92	const char *from_host, *from_ip;
93
94	from_host = get_canonical_hostname(options.verify_reverse_mapping);
95	from_ip = get_remote_ipaddr();
96#endif /* HAVE_LOGIN_CAP */
97
98	debug("Attempting authentication for %s%.100s.",
99	    authctxt->valid ? "" : "illegal user ", authctxt->user);
100
101	/* If the user has no password, accept authentication immediately. */
102	if (options.password_authentication &&
103#if defined(KRB4) || defined(KRB5)
104	    (!options.kerberos_authentication || options.kerberos_or_local_passwd) &&
105#endif
106#ifdef USE_PAM
107	    /* XXX PRIVSEP */ auth_pam_password(authctxt, "")) {
108#else
109	    PRIVSEP(auth_password(authctxt, ""))) {
110#endif
111		auth_log(authctxt, 1, "without authentication", "");
112		return;
113	}
114
115	/* Indicate that authentication is needed. */
116	packet_start(SSH_SMSG_FAILURE);
117	packet_send();
118	packet_write_wait();
119
120	client_user = NULL;
121
122	for (;;) {
123		/* default to fail */
124		authenticated = 0;
125
126		info[0] = '\0';
127
128		/* Get a packet from the client. */
129		type = packet_read();
130
131		/* Process the packet. */
132		switch (type) {
133
134#if defined(KRB4) || defined(KRB5)
135		case SSH_CMSG_AUTH_KERBEROS:
136			if (!options.kerberos_authentication) {
137				verbose("Kerberos authentication disabled.");
138			} else {
139				char *kdata = packet_get_string(&dlen);
140				packet_check_eom();
141
142				if (kdata[0] == 4) { /* KRB_PROT_VERSION */
143#ifdef KRB4
144					KTEXT_ST tkt;
145
146					tkt.length = dlen;
147					if (tkt.length < MAX_KTXT_LEN)
148						memcpy(tkt.dat, kdata, tkt.length);
149
150					if (auth_krb4(authctxt, &tkt, &client_user)) {
151						authenticated = 1;
152						snprintf(info, sizeof(info),
153						    " tktuser %.100s",
154						    client_user);
155						xfree(client_user);
156					}
157#endif /* KRB4 */
158				} else {
159#ifdef KRB5
160					krb5_data tkt;
161					tkt.length = dlen;
162					tkt.data = kdata;
163
164					if (auth_krb5(authctxt, &tkt, &client_user)) {
165						authenticated = 1;
166						snprintf(info, sizeof(info),
167						    " tktuser %.100s",
168						    client_user);
169						xfree(client_user);
170					}
171#endif /* KRB5 */
172				}
173				xfree(kdata);
174			}
175			break;
176#endif /* KRB4 || KRB5 */
177
178#if defined(AFS) || defined(KRB5)
179			/* XXX - punt on backward compatibility here. */
180		case SSH_CMSG_HAVE_KERBEROS_TGT:
181			packet_send_debug("Kerberos TGT passing disabled before authentication.");
182			break;
183#ifdef AFS
184		case SSH_CMSG_HAVE_AFS_TOKEN:
185			packet_send_debug("AFS token passing disabled before authentication.");
186			break;
187#endif /* AFS */
188#endif /* AFS || KRB5 */
189
190		case SSH_CMSG_AUTH_RHOSTS:
191			if (!options.rhosts_authentication) {
192				verbose("Rhosts authentication disabled.");
193				break;
194			}
195			/*
196			 * Get client user name.  Note that we just have to
197			 * trust the client; this is one reason why rhosts
198			 * authentication is insecure. (Another is
199			 * IP-spoofing on a local network.)
200			 */
201			client_user = packet_get_string(&ulen);
202			packet_check_eom();
203
204			/* Try to authenticate using /etc/hosts.equiv and .rhosts. */
205			authenticated = auth_rhosts(pw, client_user);
206
207			snprintf(info, sizeof info, " ruser %.100s", client_user);
208			break;
209
210		case SSH_CMSG_AUTH_RHOSTS_RSA:
211			if (!options.rhosts_rsa_authentication) {
212				verbose("Rhosts with RSA authentication disabled.");
213				break;
214			}
215			/*
216			 * Get client user name.  Note that we just have to
217			 * trust the client; root on the client machine can
218			 * claim to be any user.
219			 */
220			client_user = packet_get_string(&ulen);
221
222			/* Get the client host key. */
223			client_host_key = key_new(KEY_RSA1);
224			bits = packet_get_int();
225			packet_get_bignum(client_host_key->rsa->e);
226			packet_get_bignum(client_host_key->rsa->n);
227
228			if (bits != BN_num_bits(client_host_key->rsa->n))
229				verbose("Warning: keysize mismatch for client_host_key: "
230				    "actual %d, announced %d",
231				    BN_num_bits(client_host_key->rsa->n), bits);
232			packet_check_eom();
233
234			authenticated = auth_rhosts_rsa(pw, client_user,
235			    client_host_key);
236			key_free(client_host_key);
237
238			snprintf(info, sizeof info, " ruser %.100s", client_user);
239			break;
240
241		case SSH_CMSG_AUTH_RSA:
242			if (!options.rsa_authentication) {
243				verbose("RSA authentication disabled.");
244				break;
245			}
246			/* RSA authentication requested. */
247			if ((n = BN_new()) == NULL)
248				fatal("do_authloop: BN_new failed");
249			packet_get_bignum(n);
250			packet_check_eom();
251			authenticated = auth_rsa(pw, n);
252			BN_clear_free(n);
253			break;
254
255		case SSH_CMSG_AUTH_PASSWORD:
256			if (!options.password_authentication) {
257				verbose("Password authentication disabled.");
258				break;
259			}
260			/*
261			 * Read user password.  It is in plain text, but was
262			 * transmitted over the encrypted channel so it is
263			 * not visible to an outside observer.
264			 */
265			password = packet_get_string(&dlen);
266			packet_check_eom();
267
268#ifdef USE_PAM
269			/* Do PAM auth with password */
270			authenticated = /* XXX PRIVSEP */ auth_pam_password(authctxt, password);
271#else /* !USE_PAM */
272			/* Try authentication with the password. */
273			authenticated = PRIVSEP(auth_password(authctxt, password));
274#endif /* USE_PAM */
275
276			memset(password, 0, strlen(password));
277			xfree(password);
278			break;
279
280#ifdef USE_PAM
281		case SSH_CMSG_AUTH_TIS:
282			debug("rcvd SSH_CMSG_AUTH_TIS: Trying PAM");
283			pam_cookie = ipam_start_auth("sshd", pw->pw_name);
284			/* We now have data available to send as a challenge */
285			if (pam_cookie->num_msg != 1 ||
286			    (pam_cookie->msg[0]->msg_style != PAM_PROMPT_ECHO_OFF &&
287			     pam_cookie->msg[0]->msg_style != PAM_PROMPT_ECHO_ON)) {
288			    /* We got several challenges or an unknown challenge type */
289			    ipam_free_cookie(pam_cookie);
290			    pam_cookie = NULL;
291			    break;
292			}
293			packet_start(SSH_SMSG_AUTH_TIS_CHALLENGE);
294			packet_put_string(pam_cookie->msg[0]->msg, strlen(pam_cookie->msg[0]->msg));
295			packet_send();
296			packet_write_wait();
297			continue;
298		case SSH_CMSG_AUTH_TIS_RESPONSE:
299			debug("rcvd SSH_CMSG_AUTH_TIS_RESPONSE");
300			if (pam_cookie != NULL) {
301			    char *response = packet_get_string(&dlen);
302
303			    pam_cookie->resp[0]->resp = strdup(response);
304			    xfree(response);
305			    authenticated = ipam_complete_auth(pam_cookie);
306			    ipam_free_cookie(pam_cookie);
307			    pam_cookie = NULL;
308			}
309			break;
310#elif defined(SKEY)
311		case SSH_CMSG_AUTH_TIS:
312			debug("rcvd SSH_CMSG_AUTH_TIS");
313			if (options.challenge_response_authentication == 1) {
314				char *challenge = get_challenge(authctxt);
315				if (challenge != NULL) {
316					debug("sending challenge '%s'", challenge);
317					packet_start(SSH_SMSG_AUTH_TIS_CHALLENGE);
318					packet_put_cstring(challenge);
319					xfree(challenge);
320					packet_send();
321					packet_write_wait();
322					continue;
323				}
324			}
325			break;
326		case SSH_CMSG_AUTH_TIS_RESPONSE:
327			debug("rcvd SSH_CMSG_AUTH_TIS_RESPONSE");
328			if (options.challenge_response_authentication == 1) {
329				char *response = packet_get_string(&dlen);
330				debug("got response '%s'", response);
331				packet_check_eom();
332				authenticated = verify_response(authctxt, response);
333				memset(response, 'r', dlen);
334				xfree(response);
335			}
336			break;
337#else
338		case SSH_CMSG_AUTH_TIS:
339			/* TIS Authentication is unsupported */
340			log("TIS authentication unsupported.");
341			break;
342#endif
343
344		default:
345			/*
346			 * Any unknown messages will be ignored (and failure
347			 * returned) during authentication.
348			 */
349			log("Unknown message during authentication: type %d", type);
350			break;
351		}
352
353#ifdef HAVE_LOGIN_CAP
354		if (pw != NULL) {
355		  lc = login_getpwclass(pw);
356		  if (lc == NULL)
357			lc = login_getclassbyname(NULL, pw);
358		  if (!auth_hostok(lc, from_host, from_ip)) {
359			log("Denied connection for %.200s from %.200s [%.200s].",
360		      pw->pw_name, from_host, from_ip);
361			packet_disconnect("Sorry, you are not allowed to connect.");
362		  }
363		  if (!auth_timeok(lc, time(NULL))) {
364			log("LOGIN %.200s REFUSED (TIME) FROM %.200s",
365		      pw->pw_name, from_host);
366			packet_disconnect("Logins not available right now.");
367		  }
368		  login_close(lc);
369		  lc = NULL;
370		}
371#endif  /* HAVE_LOGIN_CAP */
372#ifdef BSD_AUTH
373		if (authctxt->as) {
374			auth_close(authctxt->as);
375			authctxt->as = NULL;
376		}
377#endif
378		if (!authctxt->valid && authenticated)
379			fatal("INTERNAL ERROR: authenticated invalid user %s",
380			    authctxt->user);
381
382		/* Special handling for root */
383		if (authenticated && authctxt->pw->pw_uid == 0 &&
384		    !auth_root_allowed(get_authname(type)))
385			authenticated = 0;
386
387		if (pw != NULL && pw->pw_uid == 0)
388		  log("ROOT LOGIN as '%.100s' from %.100s",
389		      pw->pw_name,
390			  get_canonical_hostname(options.verify_reverse_mapping));
391
392		/* Log before sending the reply */
393		auth_log(authctxt, authenticated, get_authname(type), info);
394
395#ifdef USE_PAM
396		if (authenticated && !do_pam_account(pw->pw_name, client_user))
397			authenticated = 0;
398#endif
399
400		if (client_user != NULL) {
401			xfree(client_user);
402			client_user = NULL;
403		}
404
405		if (authenticated)
406			return;
407
408		if (authctxt->failures++ > AUTH_FAIL_MAX)
409			packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
410
411		packet_start(SSH_SMSG_FAILURE);
412		packet_send();
413		packet_write_wait();
414	}
415}
416
417/*
418 * Performs authentication of an incoming connection.  Session key has already
419 * been exchanged and encryption is enabled.
420 */
421Authctxt *
422do_authentication(void)
423{
424	Authctxt *authctxt;
425	u_int ulen;
426	char *user, *style = NULL;
427
428	/* Get the name of the user that we wish to log in as. */
429	packet_read_expect(SSH_CMSG_USER);
430
431	/* Get the user name. */
432	user = packet_get_string(&ulen);
433	packet_check_eom();
434
435	if ((style = strchr(user, ':')) != NULL)
436		*style++ = '\0';
437
438#ifdef KRB5
439	/* XXX - SSH.com Kerberos v5 braindeath. */
440	if ((datafellows & SSH_BUG_K5USER) &&
441	    options.kerberos_authentication) {
442		char *p;
443		if ((p = strchr(user, '@')) != NULL)
444			*p = '\0';
445	}
446#endif
447
448	authctxt = authctxt_new();
449	authctxt->user = user;
450	authctxt->style = style;
451
452	/* Verify that the user is a valid user. */
453	if ((authctxt->pw = PRIVSEP(getpwnamallow(user))) != NULL)
454		authctxt->valid = 1;
455	else
456		debug("do_authentication: illegal user %s", user);
457
458#ifdef USE_PAM
459	if (authctxt->pw != NULL)
460		start_pam(authctxt->pw);
461#endif
462	setproctitle("%s%s", authctxt->pw ? user : "unknown",
463	    use_privsep ? " [net]" : "");
464
465	/*
466	 * If we are not running as root, the user must have the same uid as
467	 * the server.
468	 */
469	if (!use_privsep && getuid() != 0 && authctxt->pw &&
470	    authctxt->pw->pw_uid != getuid())
471		packet_disconnect("Cannot change user when server not running as root.");
472
473	/*
474	 * Loop until the user has been authenticated or the connection is
475	 * closed, do_authloop() returns only if authentication is successful
476	 */
477	do_authloop(authctxt);
478
479	/* The user has been authenticated and accepted. */
480	packet_start(SSH_SMSG_SUCCESS);
481	packet_send();
482	packet_write_wait();
483
484	return (authctxt);
485}
486