sshconnect2.c revision 74500
1/* 2 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions 6 * are met: 7 * 1. Redistributions of source code must retain the above copyright 8 * notice, this list of conditions and the following disclaimer. 9 * 2. Redistributions in binary form must reproduce the above copyright 10 * notice, this list of conditions and the following disclaimer in the 11 * documentation and/or other materials provided with the distribution. 12 * 13 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 14 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 15 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 16 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 17 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 18 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 19 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 20 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 21 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 23 */ 24 25#include "includes.h" 26RCSID("$FreeBSD: head/crypto/openssh/sshconnect2.c 74500 2001-03-20 02:06:40Z green $"); 27RCSID("$OpenBSD: sshconnect2.c,v 1.27 2000/10/19 16:45:16 provos Exp $"); 28 29#include <openssl/bn.h> 30#include <openssl/rsa.h> 31#include <openssl/dsa.h> 32#include <openssl/md5.h> 33#include <openssl/dh.h> 34#include <openssl/hmac.h> 35 36#include "ssh.h" 37#include "xmalloc.h" 38#include "rsa.h" 39#include "buffer.h" 40#include "packet.h" 41#include "uidswap.h" 42#include "compat.h" 43#include "readconf.h" 44#include "bufaux.h" 45#include "ssh2.h" 46#include "kex.h" 47#include "myproposal.h" 48#include "key.h" 49#include "dsa.h" 50#include "sshconnect.h" 51#include "authfile.h" 52#include "cli.h" 53#include "dispatch.h" 54#include "authfd.h" 55 56void ssh_dh1_client(Kex *, char *, struct sockaddr *, Buffer *, Buffer *); 57void ssh_dhgex_client(Kex *, char *, struct sockaddr *, Buffer *, Buffer *); 58 59/* import */ 60extern char *client_version_string; 61extern char *server_version_string; 62extern Options options; 63 64/* 65 * SSH2 key exchange 66 */ 67 68unsigned char *session_id2 = NULL; 69int session_id2_len = 0; 70 71void 72ssh_kex2(char *host, struct sockaddr *hostaddr) 73{ 74 int i, plen; 75 Kex *kex; 76 Buffer *client_kexinit, *server_kexinit; 77 char *sprop[PROPOSAL_MAX]; 78 79 if (options.ciphers == NULL) { 80 if (options.cipher == SSH_CIPHER_3DES) { 81 options.ciphers = "3des-cbc"; 82 } else if (options.cipher == SSH_CIPHER_BLOWFISH) { 83 options.ciphers = "blowfish-cbc"; 84 } else if (options.cipher == SSH_CIPHER_DES) { 85 fatal("cipher DES not supported for protocol version 2"); 86 } 87 } 88 if (options.ciphers != NULL) { 89 myproposal[PROPOSAL_ENC_ALGS_CTOS] = 90 myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers; 91 } 92 if (options.compression) { 93 myproposal[PROPOSAL_COMP_ALGS_CTOS] = "zlib"; 94 myproposal[PROPOSAL_COMP_ALGS_STOC] = "zlib"; 95 } else { 96 myproposal[PROPOSAL_COMP_ALGS_CTOS] = "none"; 97 myproposal[PROPOSAL_COMP_ALGS_STOC] = "none"; 98 } 99 100 /* buffers with raw kexinit messages */ 101 server_kexinit = xmalloc(sizeof(*server_kexinit)); 102 buffer_init(server_kexinit); 103 client_kexinit = kex_init(myproposal); 104 105 /* algorithm negotiation */ 106 kex_exchange_kexinit(client_kexinit, server_kexinit, sprop); 107 kex = kex_choose_conf(myproposal, sprop, 0); 108 for (i = 0; i < PROPOSAL_MAX; i++) 109 xfree(sprop[i]); 110 111 /* server authentication and session key agreement */ 112 switch(kex->kex_type) { 113 case DH_GRP1_SHA1: 114 ssh_dh1_client(kex, host, hostaddr, 115 client_kexinit, server_kexinit); 116 break; 117 case DH_GEX_SHA1: 118 ssh_dhgex_client(kex, host, hostaddr, client_kexinit, 119 server_kexinit); 120 break; 121 default: 122 fatal("Unsupported key exchange %d", kex->kex_type); 123 } 124 125 buffer_free(client_kexinit); 126 buffer_free(server_kexinit); 127 xfree(client_kexinit); 128 xfree(server_kexinit); 129 130 debug("Wait SSH2_MSG_NEWKEYS."); 131 packet_read_expect(&plen, SSH2_MSG_NEWKEYS); 132 packet_done(); 133 debug("GOT SSH2_MSG_NEWKEYS."); 134 135 debug("send SSH2_MSG_NEWKEYS."); 136 packet_start(SSH2_MSG_NEWKEYS); 137 packet_send(); 138 packet_write_wait(); 139 debug("done: send SSH2_MSG_NEWKEYS."); 140 141#ifdef DEBUG_KEXDH 142 /* send 1st encrypted/maced/compressed message */ 143 packet_start(SSH2_MSG_IGNORE); 144 packet_put_cstring("markus"); 145 packet_send(); 146 packet_write_wait(); 147#endif 148 debug("done: KEX2."); 149} 150 151/* diffie-hellman-group1-sha1 */ 152 153void 154ssh_dh1_client(Kex *kex, char *host, struct sockaddr *hostaddr, 155 Buffer *client_kexinit, Buffer *server_kexinit) 156{ 157#ifdef DEBUG_KEXDH 158 int i; 159#endif 160 int plen, dlen; 161 unsigned int klen, kout; 162 char *signature = NULL; 163 unsigned int slen; 164 char *server_host_key_blob = NULL; 165 Key *server_host_key; 166 unsigned int sbloblen; 167 DH *dh; 168 BIGNUM *dh_server_pub = 0; 169 BIGNUM *shared_secret = 0; 170 unsigned char *kbuf; 171 unsigned char *hash; 172 173 debug("Sending SSH2_MSG_KEXDH_INIT."); 174 /* generate and send 'e', client DH public key */ 175 dh = dh_new_group1(); 176 packet_start(SSH2_MSG_KEXDH_INIT); 177 packet_put_bignum2(dh->pub_key); 178 packet_send(); 179 packet_write_wait(); 180 181#ifdef DEBUG_KEXDH 182 fprintf(stderr, "\np= "); 183 BN_print_fp(stderr, dh->p); 184 fprintf(stderr, "\ng= "); 185 BN_print_fp(stderr, dh->g); 186 fprintf(stderr, "\npub= "); 187 BN_print_fp(stderr, dh->pub_key); 188 fprintf(stderr, "\n"); 189 DHparams_print_fp(stderr, dh); 190#endif 191 192 debug("Wait SSH2_MSG_KEXDH_REPLY."); 193 194 packet_read_expect(&plen, SSH2_MSG_KEXDH_REPLY); 195 196 debug("Got SSH2_MSG_KEXDH_REPLY."); 197 198 /* key, cert */ 199 server_host_key_blob = packet_get_string(&sbloblen); 200 server_host_key = dsa_key_from_blob(server_host_key_blob, sbloblen); 201 if (server_host_key == NULL) 202 fatal("cannot decode server_host_key_blob"); 203 204 check_host_key(host, hostaddr, server_host_key, 205 options.user_hostfile2, options.system_hostfile2); 206 207 /* DH paramter f, server public DH key */ 208 dh_server_pub = BN_new(); 209 if (dh_server_pub == NULL) 210 fatal("dh_server_pub == NULL"); 211 packet_get_bignum2(dh_server_pub, &dlen); 212 213#ifdef DEBUG_KEXDH 214 fprintf(stderr, "\ndh_server_pub= "); 215 BN_print_fp(stderr, dh_server_pub); 216 fprintf(stderr, "\n"); 217 debug("bits %d", BN_num_bits(dh_server_pub)); 218#endif 219 220 /* signed H */ 221 signature = packet_get_string(&slen); 222 packet_done(); 223 224 if (!dh_pub_is_valid(dh, dh_server_pub)) 225 packet_disconnect("bad server public DH value"); 226 227 klen = DH_size(dh); 228 kbuf = xmalloc(klen); 229 kout = DH_compute_key(kbuf, dh_server_pub, dh); 230#ifdef DEBUG_KEXDH 231 debug("shared secret: len %d/%d", klen, kout); 232 fprintf(stderr, "shared secret == "); 233 for (i = 0; i< kout; i++) 234 fprintf(stderr, "%02x", (kbuf[i])&0xff); 235 fprintf(stderr, "\n"); 236#endif 237 shared_secret = BN_new(); 238 239 BN_bin2bn(kbuf, kout, shared_secret); 240 memset(kbuf, 0, klen); 241 xfree(kbuf); 242 243 /* calc and verify H */ 244 hash = kex_hash( 245 client_version_string, 246 server_version_string, 247 buffer_ptr(client_kexinit), buffer_len(client_kexinit), 248 buffer_ptr(server_kexinit), buffer_len(server_kexinit), 249 server_host_key_blob, sbloblen, 250 dh->pub_key, 251 dh_server_pub, 252 shared_secret 253 ); 254 xfree(server_host_key_blob); 255 DH_free(dh); 256#ifdef DEBUG_KEXDH 257 fprintf(stderr, "hash == "); 258 for (i = 0; i< 20; i++) 259 fprintf(stderr, "%02x", (hash[i])&0xff); 260 fprintf(stderr, "\n"); 261#endif 262 if (dsa_verify(server_host_key, (unsigned char *)signature, slen, hash, 20) != 1) 263 fatal("dsa_verify failed for server_host_key"); 264 key_free(server_host_key); 265 266 kex_derive_keys(kex, hash, shared_secret); 267 packet_set_kex(kex); 268 269 /* save session id */ 270 session_id2_len = 20; 271 session_id2 = xmalloc(session_id2_len); 272 memcpy(session_id2, hash, session_id2_len); 273} 274 275/* diffie-hellman-group-exchange-sha1 */ 276 277/* 278 * Estimates the group order for a Diffie-Hellman group that has an 279 * attack complexity approximately the same as O(2**bits). Estimate 280 * with: O(exp(1.9223 * (ln q)^(1/3) (ln ln q)^(2/3))) 281 */ 282 283int 284dh_estimate(int bits) 285{ 286 287 if (bits < 64) 288 return (512); /* O(2**63) */ 289 if (bits < 128) 290 return (1024); /* O(2**86) */ 291 if (bits < 192) 292 return (2048); /* O(2**116) */ 293 return (4096); /* O(2**156) */ 294} 295 296void 297ssh_dhgex_client(Kex *kex, char *host, struct sockaddr *hostaddr, 298 Buffer *client_kexinit, Buffer *server_kexinit) 299{ 300#ifdef DEBUG_KEXDH 301 int i; 302#endif 303 int plen, dlen; 304 unsigned int klen, kout; 305 char *signature = NULL; 306 unsigned int slen, nbits; 307 char *server_host_key_blob = NULL; 308 Key *server_host_key; 309 unsigned int sbloblen; 310 DH *dh; 311 BIGNUM *dh_server_pub = 0; 312 BIGNUM *shared_secret = 0; 313 BIGNUM *p = 0, *g = 0; 314 unsigned char *kbuf; 315 unsigned char *hash; 316 317 nbits = dh_estimate(kex->enc[MODE_OUT].cipher->key_len * 8); 318 319 debug("Sending SSH2_MSG_KEX_DH_GEX_REQUEST."); 320 packet_start(SSH2_MSG_KEX_DH_GEX_REQUEST); 321 packet_put_int(nbits); 322 packet_send(); 323 packet_write_wait(); 324 325#ifdef DEBUG_KEXDH 326 fprintf(stderr, "\nnbits = %d", nbits); 327#endif 328 329 debug("Wait SSH2_MSG_KEX_DH_GEX_GROUP."); 330 331 packet_read_expect(&plen, SSH2_MSG_KEX_DH_GEX_GROUP); 332 333 debug("Got SSH2_MSG_KEX_DH_GEX_GROUP."); 334 335 if ((p = BN_new()) == NULL) 336 fatal("BN_new"); 337 packet_get_bignum2(p, &dlen); 338 if ((g = BN_new()) == NULL) 339 fatal("BN_new"); 340 packet_get_bignum2(g, &dlen); 341 if ((dh = dh_new_group(g, p)) == NULL) 342 fatal("dh_new_group"); 343 344#ifdef DEBUG_KEXDH 345 fprintf(stderr, "\np= "); 346 BN_print_fp(stderr, dh->p); 347 fprintf(stderr, "\ng= "); 348 BN_print_fp(stderr, dh->g); 349 fprintf(stderr, "\npub= "); 350 BN_print_fp(stderr, dh->pub_key); 351 fprintf(stderr, "\n"); 352 DHparams_print_fp(stderr, dh); 353#endif 354 355 debug("Sending SSH2_MSG_KEX_DH_GEX_INIT."); 356 /* generate and send 'e', client DH public key */ 357 packet_start(SSH2_MSG_KEX_DH_GEX_INIT); 358 packet_put_bignum2(dh->pub_key); 359 packet_send(); 360 packet_write_wait(); 361 362 debug("Wait SSH2_MSG_KEX_DH_GEX_REPLY."); 363 364 packet_read_expect(&plen, SSH2_MSG_KEX_DH_GEX_REPLY); 365 366 debug("Got SSH2_MSG_KEXDH_REPLY."); 367 368 /* key, cert */ 369 server_host_key_blob = packet_get_string(&sbloblen); 370 server_host_key = dsa_key_from_blob(server_host_key_blob, sbloblen); 371 if (server_host_key == NULL) 372 fatal("cannot decode server_host_key_blob"); 373 374 check_host_key(host, hostaddr, server_host_key, 375 options.user_hostfile2, options.system_hostfile2); 376 377 /* DH paramter f, server public DH key */ 378 dh_server_pub = BN_new(); 379 if (dh_server_pub == NULL) 380 fatal("dh_server_pub == NULL"); 381 packet_get_bignum2(dh_server_pub, &dlen); 382 383#ifdef DEBUG_KEXDH 384 fprintf(stderr, "\ndh_server_pub= "); 385 BN_print_fp(stderr, dh_server_pub); 386 fprintf(stderr, "\n"); 387 debug("bits %d", BN_num_bits(dh_server_pub)); 388#endif 389 390 /* signed H */ 391 signature = packet_get_string(&slen); 392 packet_done(); 393 394 if (!dh_pub_is_valid(dh, dh_server_pub)) 395 packet_disconnect("bad server public DH value"); 396 397 klen = DH_size(dh); 398 kbuf = xmalloc(klen); 399 kout = DH_compute_key(kbuf, dh_server_pub, dh); 400#ifdef DEBUG_KEXDH 401 debug("shared secret: len %d/%d", klen, kout); 402 fprintf(stderr, "shared secret == "); 403 for (i = 0; i< kout; i++) 404 fprintf(stderr, "%02x", (kbuf[i])&0xff); 405 fprintf(stderr, "\n"); 406#endif 407 shared_secret = BN_new(); 408 409 BN_bin2bn(kbuf, kout, shared_secret); 410 memset(kbuf, 0, klen); 411 xfree(kbuf); 412 413 /* calc and verify H */ 414 hash = kex_hash_gex( 415 client_version_string, 416 server_version_string, 417 buffer_ptr(client_kexinit), buffer_len(client_kexinit), 418 buffer_ptr(server_kexinit), buffer_len(server_kexinit), 419 server_host_key_blob, sbloblen, 420 nbits, dh->p, dh->g, 421 dh->pub_key, 422 dh_server_pub, 423 shared_secret 424 ); 425 xfree(server_host_key_blob); 426 DH_free(dh); 427#ifdef DEBUG_KEXDH 428 fprintf(stderr, "hash == "); 429 for (i = 0; i< 20; i++) 430 fprintf(stderr, "%02x", (hash[i])&0xff); 431 fprintf(stderr, "\n"); 432#endif 433 if (dsa_verify(server_host_key, (unsigned char *)signature, slen, hash, 20) != 1) 434 fatal("dsa_verify failed for server_host_key"); 435 key_free(server_host_key); 436 437 kex_derive_keys(kex, hash, shared_secret); 438 packet_set_kex(kex); 439 440 /* save session id */ 441 session_id2_len = 20; 442 session_id2 = xmalloc(session_id2_len); 443 memcpy(session_id2, hash, session_id2_len); 444} 445 446/* 447 * Authenticate user 448 */ 449 450typedef struct Authctxt Authctxt; 451typedef struct Authmethod Authmethod; 452 453typedef int sign_cb_fn( 454 Authctxt *authctxt, Key *key, 455 unsigned char **sigp, int *lenp, unsigned char *data, int datalen); 456 457struct Authctxt { 458 const char *server_user; 459 const char *host; 460 const char *service; 461 AuthenticationConnection *agent; 462 Authmethod *method; 463 int success; 464}; 465struct Authmethod { 466 char *name; /* string to compare against server's list */ 467 int (*userauth)(Authctxt *authctxt); 468 int *enabled; /* flag in option struct that enables method */ 469 int *batch_flag; /* flag in option struct that disables method */ 470}; 471 472void input_userauth_success(int type, int plen, void *ctxt); 473void input_userauth_failure(int type, int plen, void *ctxt); 474void input_userauth_error(int type, int plen, void *ctxt); 475void input_userauth_info_req(int type, int plen, void *ctxt); 476 477int userauth_none(Authctxt *authctxt); 478int userauth_pubkey(Authctxt *authctxt); 479int userauth_passwd(Authctxt *authctxt); 480int userauth_kbdint(Authctxt *authctxt); 481 482void authmethod_clear(); 483Authmethod *authmethod_get(char *authlist); 484Authmethod *authmethod_lookup(const char *name); 485 486Authmethod authmethods[] = { 487 {"publickey", 488 userauth_pubkey, 489 &options.dsa_authentication, 490 NULL}, 491 {"password", 492 userauth_passwd, 493 &options.password_authentication, 494 &options.batch_mode}, 495 {"keyboard-interactive", 496 userauth_kbdint, 497 &options.kbd_interactive_authentication, 498 &options.batch_mode}, 499 {"none", 500 userauth_none, 501 NULL, 502 NULL}, 503 {NULL, NULL, NULL, NULL} 504}; 505 506void 507ssh_userauth2(const char *server_user, char *host) 508{ 509 Authctxt authctxt; 510 int type; 511 int plen; 512 513 debug("send SSH2_MSG_SERVICE_REQUEST"); 514 packet_start(SSH2_MSG_SERVICE_REQUEST); 515 packet_put_cstring("ssh-userauth"); 516 packet_send(); 517 packet_write_wait(); 518 type = packet_read(&plen); 519 if (type != SSH2_MSG_SERVICE_ACCEPT) { 520 fatal("denied SSH2_MSG_SERVICE_ACCEPT: %d", type); 521 } 522 if (packet_remaining() > 0) { 523 char *reply = packet_get_string(&plen); 524 debug("service_accept: %s", reply); 525 xfree(reply); 526 packet_done(); 527 } else { 528 debug("buggy server: service_accept w/o service"); 529 } 530 packet_done(); 531 debug("got SSH2_MSG_SERVICE_ACCEPT"); 532 533 /* setup authentication context */ 534 authctxt.agent = ssh_get_authentication_connection(); 535 authctxt.server_user = server_user; 536 authctxt.host = host; 537 authctxt.service = "ssh-connection"; /* service name */ 538 authctxt.success = 0; 539 authctxt.method = authmethod_lookup("none"); 540 if (authctxt.method == NULL) 541 fatal("ssh_userauth2: internal error: cannot send userauth none request"); 542 authmethod_clear(); 543 544 /* initial userauth request */ 545 userauth_none(&authctxt); 546 547 dispatch_init(&input_userauth_error); 548 dispatch_set(SSH2_MSG_USERAUTH_SUCCESS, &input_userauth_success); 549 dispatch_set(SSH2_MSG_USERAUTH_FAILURE, &input_userauth_failure); 550 dispatch_run(DISPATCH_BLOCK, &authctxt.success, &authctxt); /* loop until success */ 551 552 if (authctxt.agent != NULL) 553 ssh_close_authentication_connection(authctxt.agent); 554 555 debug("ssh-userauth2 successfull: method %s", authctxt.method->name); 556} 557void 558input_userauth_error(int type, int plen, void *ctxt) 559{ 560 fatal("input_userauth_error: bad message during authentication"); 561} 562void 563input_userauth_success(int type, int plen, void *ctxt) 564{ 565 Authctxt *authctxt = ctxt; 566 if (authctxt == NULL) 567 fatal("input_userauth_success: no authentication context"); 568 authctxt->success = 1; /* break out */ 569} 570void 571input_userauth_failure(int type, int plen, void *ctxt) 572{ 573 Authmethod *method = NULL; 574 Authctxt *authctxt = ctxt; 575 char *authlist = NULL; 576 int partial; 577 578 if (authctxt == NULL) 579 fatal("input_userauth_failure: no authentication context"); 580 581 authlist = packet_get_string(NULL); 582 partial = packet_get_char(); 583 packet_done(); 584 585 if (partial != 0) 586 debug("partial success"); 587 debug("authentications that can continue: %s", authlist); 588 589 for (;;) { 590 method = authmethod_get(authlist); 591 if (method == NULL) 592 fatal("Unable to find an authentication method"); 593 authctxt->method = method; 594 if (method->userauth(authctxt) != 0) { 595 debug2("we sent a %s packet, wait for reply", method->name); 596 break; 597 } else { 598 debug2("we did not send a packet, disable method"); 599 method->enabled = NULL; 600 } 601 } 602 xfree(authlist); 603} 604 605int 606userauth_none(Authctxt *authctxt) 607{ 608 /* initial userauth request */ 609 packet_start(SSH2_MSG_USERAUTH_REQUEST); 610 packet_put_cstring(authctxt->server_user); 611 packet_put_cstring(authctxt->service); 612 packet_put_cstring(authctxt->method->name); 613 packet_send(); 614 packet_write_wait(); 615 return 1; 616} 617 618int 619userauth_passwd(Authctxt *authctxt) 620{ 621 static int attempt = 0; 622 char prompt[80]; 623 char *password; 624 625 if (attempt++ >= options.number_of_password_prompts) 626 return 0; 627 628 if(attempt != 1) 629 error("Permission denied, please try again."); 630 631 snprintf(prompt, sizeof(prompt), "%.30s@%.40s's password: ", 632 authctxt->server_user, authctxt->host); 633 password = read_passphrase(prompt, 0); 634 packet_start(SSH2_MSG_USERAUTH_REQUEST); 635 packet_put_cstring(authctxt->server_user); 636 packet_put_cstring(authctxt->service); 637 packet_put_cstring(authctxt->method->name); 638 packet_put_char(0); 639 ssh_put_password(password); 640 memset(password, 0, strlen(password)); 641 xfree(password); 642 packet_send(); 643 packet_write_wait(); 644 return 1; 645} 646 647int 648sign_and_send_pubkey(Authctxt *authctxt, Key *k, sign_cb_fn *sign_callback) 649{ 650 Buffer b; 651 unsigned char *blob, *signature; 652 int bloblen, slen; 653 int skip = 0; 654 int ret = -1; 655 int have_sig = 1; 656 657 dsa_make_key_blob(k, &blob, &bloblen); 658 659 /* data to be signed */ 660 buffer_init(&b); 661 if (datafellows & SSH_OLD_SESSIONID) { 662 buffer_append(&b, session_id2, session_id2_len); 663 skip = session_id2_len; 664 } else { 665 buffer_put_string(&b, session_id2, session_id2_len); 666 skip = buffer_len(&b); 667 } 668 buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST); 669 buffer_put_cstring(&b, authctxt->server_user); 670 buffer_put_cstring(&b, 671 datafellows & SSH_BUG_PUBKEYAUTH ? 672 "ssh-userauth" : 673 authctxt->service); 674 buffer_put_cstring(&b, authctxt->method->name); 675 buffer_put_char(&b, have_sig); 676 buffer_put_cstring(&b, KEX_DSS); 677 buffer_put_string(&b, blob, bloblen); 678 679 /* generate signature */ 680 ret = (*sign_callback)(authctxt, k, &signature, &slen, buffer_ptr(&b), buffer_len(&b)); 681 if (ret == -1) { 682 xfree(blob); 683 buffer_free(&b); 684 return 0; 685 } 686#ifdef DEBUG_DSS 687 buffer_dump(&b); 688#endif 689 if (datafellows & SSH_BUG_PUBKEYAUTH) { 690 buffer_clear(&b); 691 buffer_append(&b, session_id2, session_id2_len); 692 buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST); 693 buffer_put_cstring(&b, authctxt->server_user); 694 buffer_put_cstring(&b, authctxt->service); 695 buffer_put_cstring(&b, authctxt->method->name); 696 buffer_put_char(&b, have_sig); 697 buffer_put_cstring(&b, KEX_DSS); 698 buffer_put_string(&b, blob, bloblen); 699 } 700 xfree(blob); 701 /* append signature */ 702 buffer_put_string(&b, signature, slen); 703 xfree(signature); 704 705 /* skip session id and packet type */ 706 if (buffer_len(&b) < skip + 1) 707 fatal("userauth_pubkey: internal error"); 708 buffer_consume(&b, skip + 1); 709 710 /* put remaining data from buffer into packet */ 711 packet_start(SSH2_MSG_USERAUTH_REQUEST); 712 packet_put_raw(buffer_ptr(&b), buffer_len(&b)); 713 buffer_free(&b); 714 715 /* send */ 716 packet_send(); 717 packet_write_wait(); 718 719 return 1; 720} 721 722/* sign callback */ 723int dsa_sign_cb(Authctxt *authctxt, Key *key, unsigned char **sigp, int *lenp, 724 unsigned char *data, int datalen) 725{ 726 return dsa_sign(key, sigp, lenp, data, datalen); 727} 728 729int 730userauth_pubkey_identity(Authctxt *authctxt, char *filename) 731{ 732 Key *k; 733 int i, ret, try_next; 734 struct stat st; 735 736 if (stat(filename, &st) != 0) { 737 debug("key does not exist: %s", filename); 738 return 0; 739 } 740 debug("try pubkey: %s", filename); 741 742 k = key_new(KEY_DSA); 743 if (!load_private_key(filename, "", k, NULL)) { 744 int success = 0; 745 char *passphrase; 746 char prompt[300]; 747 snprintf(prompt, sizeof prompt, 748 "Enter passphrase for %s key '%.100s': ", 749 key_type(k), filename); 750 for (i = 0; i < options.number_of_password_prompts; i++) { 751 passphrase = read_passphrase(prompt, 0); 752 if (strcmp(passphrase, "") != 0) { 753 success = load_private_key(filename, passphrase, k, NULL); 754 try_next = 0; 755 } else { 756 debug2("no passphrase given, try next key"); 757 try_next = 1; 758 } 759 memset(passphrase, 0, strlen(passphrase)); 760 xfree(passphrase); 761 if (success || try_next) 762 break; 763 debug2("bad passphrase given, try again..."); 764 } 765 if (!success) { 766 key_free(k); 767 return 0; 768 } 769 } 770 ret = sign_and_send_pubkey(authctxt, k, dsa_sign_cb); 771 key_free(k); 772 return ret; 773} 774 775/* sign callback */ 776int agent_sign_cb(Authctxt *authctxt, Key *key, unsigned char **sigp, int *lenp, 777 unsigned char *data, int datalen) 778{ 779 return ssh_agent_sign(authctxt->agent, key, sigp, lenp, data, datalen); 780} 781 782int 783userauth_pubkey_agent(Authctxt *authctxt) 784{ 785 static int called = 0; 786 char *comment; 787 Key *k; 788 int ret; 789 790 if (called == 0) { 791 k = ssh_get_first_identity(authctxt->agent, &comment, 2); 792 called = 1; 793 } else { 794 k = ssh_get_next_identity(authctxt->agent, &comment, 2); 795 } 796 if (k == NULL) { 797 debug2("no more DSA keys from agent"); 798 return 0; 799 } 800 debug("trying DSA agent key %s", comment); 801 xfree(comment); 802 ret = sign_and_send_pubkey(authctxt, k, agent_sign_cb); 803 key_free(k); 804 return ret; 805} 806 807int 808userauth_pubkey(Authctxt *authctxt) 809{ 810 static int idx = 0; 811 int sent = 0; 812 813 if (authctxt->agent != NULL) 814 sent = userauth_pubkey_agent(authctxt); 815 while (sent == 0 && idx < options.num_identity_files2) 816 sent = userauth_pubkey_identity(authctxt, options.identity_files2[idx++]); 817 return sent; 818} 819 820/* 821 * Send userauth request message specifying keyboard-interactive method. 822 */ 823int 824userauth_kbdint(Authctxt *authctxt) 825{ 826 static int attempt = 0; 827 828 if (attempt++ >= options.number_of_password_prompts) 829 return 0; 830 831 debug2("userauth_kbdint"); 832 packet_start(SSH2_MSG_USERAUTH_REQUEST); 833 packet_put_cstring(authctxt->server_user); 834 packet_put_cstring(authctxt->service); 835 packet_put_cstring(authctxt->method->name); 836 packet_put_cstring(""); /* lang */ 837 packet_put_cstring(options.kbd_interactive_devices ? 838 options.kbd_interactive_devices : ""); 839 packet_send(); 840 packet_write_wait(); 841 842 dispatch_set(SSH2_MSG_USERAUTH_INFO_REQUEST, &input_userauth_info_req); 843 return 1; 844} 845 846/* 847 * parse SSH2_MSG_USERAUTH_INFO_REQUEST, prompt user and send 848 * SSH2_MSG_USERAUTH_INFO_RESPONSE 849 */ 850void 851input_userauth_info_req(int type, int plen, void *ctxt) 852{ 853 Authctxt *authctxt = ctxt; 854 char *name = NULL; 855 char *inst = NULL; 856 char *lang = NULL; 857 char *prompt = NULL; 858 char *response = NULL; 859 unsigned int num_prompts, i; 860 int echo = 0; 861 862 debug2("input_userauth_info_req"); 863 864 if (authctxt == NULL) 865 fatal("input_userauth_info_req: no authentication context"); 866 867 name = packet_get_string(NULL); 868 inst = packet_get_string(NULL); 869 lang = packet_get_string(NULL); 870 871 if (strlen(name) > 0) 872 cli_mesg(name); 873 xfree(name); 874 875 if (strlen(inst) > 0) 876 cli_mesg(inst); 877 xfree(inst); 878 xfree(lang); /* unused */ 879 880 num_prompts = packet_get_int(); 881 /* 882 * Begin to build info response packet based on prompts requested. 883 * We commit to providing the correct number of responses, so if 884 * further on we run into a problem that prevents this, we have to 885 * be sure and clean this up and send a correct error response. 886 */ 887 packet_start(SSH2_MSG_USERAUTH_INFO_RESPONSE); 888 packet_put_int(num_prompts); 889 890 for (i = 0; i < num_prompts; i++) { 891 prompt = packet_get_string(NULL); 892 echo = packet_get_char(); 893 894 response = cli_prompt(prompt, echo); 895 896 ssh_put_password(response); 897 memset(response, 0, strlen(response)); 898 xfree(response); 899 xfree(prompt); 900 } 901 packet_done(); /* done with parsing incoming message. */ 902 903 packet_send(); 904 packet_write_wait(); 905} 906 907/* find auth method */ 908 909#define DELIM "," 910 911static char *def_authlist = "publickey,password"; 912static char *authlist_current = NULL; /* clean copy used for comparison */ 913static char *authname_current = NULL; /* last used auth method */ 914static char *authlist_working = NULL; /* copy that gets modified by strtok_r() */ 915static char *authlist_state = NULL; /* state variable for strtok_r() */ 916 917/* 918 * Before starting to use a new authentication method list sent by the 919 * server, reset internal variables. This should also be called when 920 * finished processing server list to free resources. 921 */ 922void 923authmethod_clear() 924{ 925 if (authlist_current != NULL) { 926 xfree(authlist_current); 927 authlist_current = NULL; 928 } 929 if (authlist_working != NULL) { 930 xfree(authlist_working); 931 authlist_working = NULL; 932 } 933 if (authname_current != NULL) { 934 xfree(authname_current); 935 authlist_state = NULL; 936 } 937 if (authlist_state != NULL) 938 authlist_state = NULL; 939 return; 940} 941 942/* 943 * given auth method name, if configurable options permit this method fill 944 * in auth_ident field and return true, otherwise return false. 945 */ 946int 947authmethod_is_enabled(Authmethod *method) 948{ 949 if (method == NULL) 950 return 0; 951 /* return false if options indicate this method is disabled */ 952 if (method->enabled == NULL || *method->enabled == 0) 953 return 0; 954 /* return false if batch mode is enabled but method needs interactive mode */ 955 if (method->batch_flag != NULL && *method->batch_flag != 0) 956 return 0; 957 return 1; 958} 959 960Authmethod * 961authmethod_lookup(const char *name) 962{ 963 Authmethod *method = NULL; 964 if (name != NULL) 965 for (method = authmethods; method->name != NULL; method++) 966 if (strcmp(name, method->name) == 0) 967 return method; 968 debug2("Unrecognized authentication method name: %s", name ? name : "NULL"); 969 return NULL; 970} 971 972/* 973 * Given the authentication method list sent by the server, return the 974 * next method we should try. If the server initially sends a nil list, 975 * use a built-in default list. If the server sends a nil list after 976 * previously sending a valid list, continue using the list originally 977 * sent. 978 */ 979 980Authmethod * 981authmethod_get(char *authlist) 982{ 983 char *name = NULL, *authname_old; 984 Authmethod *method = NULL; 985 986 /* Use a suitable default if we're passed a nil list. */ 987 if (authlist == NULL || strlen(authlist) == 0) 988 authlist = def_authlist; 989 990 if (authlist_current == NULL || strcmp(authlist, authlist_current) != 0) { 991 /* start over if passed a different list */ 992 debug3("start over, passed a different list"); 993 authmethod_clear(); 994 authlist_current = xstrdup(authlist); 995 authlist_working = xstrdup(authlist); 996 name = strtok_r(authlist_working, DELIM, &authlist_state); 997 } else { 998 /* 999 * try to use previously used authentication method 1000 * or continue to use previously passed list 1001 */ 1002 name = (authname_current != NULL) ? 1003 authname_current : strtok_r(NULL, DELIM, &authlist_state); 1004 } 1005 1006 while (name != NULL) { 1007 debug3("authmethod_lookup %s", name); 1008 method = authmethod_lookup(name); 1009 if (method != NULL && authmethod_is_enabled(method)) { 1010 debug3("authmethod_is_enabled %s", name); 1011 break; 1012 } 1013 name = strtok_r(NULL, DELIM, &authlist_state); 1014 method = NULL; 1015 } 1016 1017 authname_old = authname_current; 1018 if (method != NULL) { 1019 debug("next auth method to try is %s", name); 1020 authname_current = xstrdup(name); 1021 } else { 1022 debug("no more auth methods to try"); 1023 authname_current = NULL; 1024 } 1025 1026 if (authname_old != NULL) 1027 xfree(authname_old); 1028 1029 return (method); 1030} 1031