auth2-chall.c revision 181111
1181111Sdes/* $OpenBSD: auth2-chall.c,v 1.33 2007/09/21 08:15:29 djm Exp $ */
276259Sgreen/*
376259Sgreen * Copyright (c) 2001 Markus Friedl.  All rights reserved.
492555Sdes * Copyright (c) 2001 Per Allansson.  All rights reserved.
576259Sgreen *
676259Sgreen * Redistribution and use in source and binary forms, with or without
776259Sgreen * modification, are permitted provided that the following conditions
876259Sgreen * are met:
976259Sgreen * 1. Redistributions of source code must retain the above copyright
1076259Sgreen *    notice, this list of conditions and the following disclaimer.
1176259Sgreen * 2. Redistributions in binary form must reproduce the above copyright
1276259Sgreen *    notice, this list of conditions and the following disclaimer in the
1376259Sgreen *    documentation and/or other materials provided with the distribution.
1476259Sgreen *
1576259Sgreen * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
1676259Sgreen * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
1776259Sgreen * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
1876259Sgreen * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
1976259Sgreen * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
2076259Sgreen * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
2176259Sgreen * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
2276259Sgreen * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
2376259Sgreen * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
2476259Sgreen * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
2576259Sgreen */
26162856Sdes
2776259Sgreen#include "includes.h"
2876259Sgreen
29162856Sdes#include <sys/types.h>
30162856Sdes
31162856Sdes#include <stdarg.h>
32162856Sdes#include <stdio.h>
33162856Sdes#include <string.h>
34162856Sdes
35162856Sdes#include "xmalloc.h"
3676259Sgreen#include "ssh2.h"
37162856Sdes#include "key.h"
38162856Sdes#include "hostfile.h"
3976259Sgreen#include "auth.h"
4092555Sdes#include "buffer.h"
4176259Sgreen#include "packet.h"
4276259Sgreen#include "dispatch.h"
4376259Sgreen#include "log.h"
44147005Sdes#include "servconf.h"
4576259Sgreen
46147005Sdes/* import */
47147005Sdesextern ServerOptions options;
48147005Sdes
4992555Sdesstatic int auth2_challenge_start(Authctxt *);
5092555Sdesstatic int send_userauth_info_request(Authctxt *);
5192555Sdesstatic void input_userauth_info_response(int, u_int32_t, void *);
5276259Sgreen
5392555Sdes#ifdef BSD_AUTH
5492555Sdesextern KbdintDevice bsdauth_device;
5598941Sdes#else
5699052Sdes#ifdef USE_PAM
57124211Sdesextern KbdintDevice sshpam_device;
5899052Sdes#endif
5998941Sdes#ifdef SKEY
6092555Sdesextern KbdintDevice skey_device;
6192555Sdes#endif
6298941Sdes#endif
6392555Sdes
6492555SdesKbdintDevice *devices[] = {
6592555Sdes#ifdef BSD_AUTH
6692555Sdes	&bsdauth_device,
6798941Sdes#else
6899052Sdes#ifdef USE_PAM
69124211Sdes	&sshpam_device,
7099052Sdes#endif
7198941Sdes#ifdef SKEY
7292555Sdes	&skey_device,
7392555Sdes#endif
7498941Sdes#endif
7592555Sdes	NULL
7692555Sdes};
7792555Sdes
7892555Sdestypedef struct KbdintAuthctxt KbdintAuthctxt;
7992555Sdesstruct KbdintAuthctxt
8092555Sdes{
8192555Sdes	char *devices;
8292555Sdes	void *ctxt;
8392555Sdes	KbdintDevice *device;
8499063Sdes	u_int nreq;
8592555Sdes};
8692555Sdes
87147005Sdes#ifdef USE_PAM
88147005Sdesvoid
89147005Sdesremove_kbdint_device(const char *devname)
90147005Sdes{
91147005Sdes	int i, j;
92147005Sdes
93147005Sdes	for (i = 0; devices[i] != NULL; i++)
94147005Sdes		if (strcmp(devices[i]->name, devname) == 0) {
95147005Sdes			for (j = i; devices[j] != NULL; j++)
96147005Sdes				devices[j] = devices[j+1];
97147005Sdes			i--;
98147005Sdes		}
99147005Sdes}
100147005Sdes#endif
101147005Sdes
10292555Sdesstatic KbdintAuthctxt *
10392555Sdeskbdint_alloc(const char *devs)
10492555Sdes{
10592555Sdes	KbdintAuthctxt *kbdintctxt;
10692555Sdes	Buffer b;
10792555Sdes	int i;
10892555Sdes
109147005Sdes#ifdef USE_PAM
110147005Sdes	if (!options.use_pam)
111147005Sdes		remove_kbdint_device("pam");
112147005Sdes#endif
113147005Sdes
11492555Sdes	kbdintctxt = xmalloc(sizeof(KbdintAuthctxt));
11592555Sdes	if (strcmp(devs, "") == 0) {
11692555Sdes		buffer_init(&b);
11792555Sdes		for (i = 0; devices[i]; i++) {
11892555Sdes			if (buffer_len(&b) > 0)
11992555Sdes				buffer_append(&b, ",", 1);
12092555Sdes			buffer_append(&b, devices[i]->name,
12192555Sdes			    strlen(devices[i]->name));
12292555Sdes		}
12392555Sdes		buffer_append(&b, "\0", 1);
12492555Sdes		kbdintctxt->devices = xstrdup(buffer_ptr(&b));
12592555Sdes		buffer_free(&b);
12692555Sdes	} else {
12792555Sdes		kbdintctxt->devices = xstrdup(devs);
12892555Sdes	}
12992555Sdes	debug("kbdint_alloc: devices '%s'", kbdintctxt->devices);
13092555Sdes	kbdintctxt->ctxt = NULL;
13192555Sdes	kbdintctxt->device = NULL;
13299063Sdes	kbdintctxt->nreq = 0;
13392555Sdes
13492555Sdes	return kbdintctxt;
13592555Sdes}
13692555Sdesstatic void
13792555Sdeskbdint_reset_device(KbdintAuthctxt *kbdintctxt)
13892555Sdes{
13992555Sdes	if (kbdintctxt->ctxt) {
14092555Sdes		kbdintctxt->device->free_ctx(kbdintctxt->ctxt);
14192555Sdes		kbdintctxt->ctxt = NULL;
14292555Sdes	}
14392555Sdes	kbdintctxt->device = NULL;
14492555Sdes}
14592555Sdesstatic void
14692555Sdeskbdint_free(KbdintAuthctxt *kbdintctxt)
14792555Sdes{
14892555Sdes	if (kbdintctxt->device)
14992555Sdes		kbdint_reset_device(kbdintctxt);
15092555Sdes	if (kbdintctxt->devices) {
15192555Sdes		xfree(kbdintctxt->devices);
15292555Sdes		kbdintctxt->devices = NULL;
15392555Sdes	}
15492555Sdes	xfree(kbdintctxt);
15592555Sdes}
15692555Sdes/* get next device */
15792555Sdesstatic int
15892555Sdeskbdint_next_device(KbdintAuthctxt *kbdintctxt)
15992555Sdes{
16092555Sdes	size_t len;
16192555Sdes	char *t;
16292555Sdes	int i;
16392555Sdes
16492555Sdes	if (kbdintctxt->device)
16592555Sdes		kbdint_reset_device(kbdintctxt);
16692555Sdes	do {
16792555Sdes		len = kbdintctxt->devices ?
16892555Sdes		    strcspn(kbdintctxt->devices, ",") : 0;
16992555Sdes
17092555Sdes		if (len == 0)
17192555Sdes			break;
17292555Sdes		for (i = 0; devices[i]; i++)
17392555Sdes			if (strncmp(kbdintctxt->devices, devices[i]->name, len) == 0)
17492555Sdes				kbdintctxt->device = devices[i];
17592555Sdes		t = kbdintctxt->devices;
17692555Sdes		kbdintctxt->devices = t[len] ? xstrdup(t+len+1) : NULL;
17792555Sdes		xfree(t);
17892555Sdes		debug2("kbdint_next_device: devices %s", kbdintctxt->devices ?
179149753Sdes		    kbdintctxt->devices : "<empty>");
18092555Sdes	} while (kbdintctxt->devices && !kbdintctxt->device);
18192555Sdes
18292555Sdes	return kbdintctxt->device ? 1 : 0;
18392555Sdes}
18492555Sdes
18576259Sgreen/*
18692555Sdes * try challenge-response, set authctxt->postponed if we have to
18776259Sgreen * wait for the response.
18876259Sgreen */
18976259Sgreenint
19076259Sgreenauth2_challenge(Authctxt *authctxt, char *devs)
19176259Sgreen{
19292555Sdes	debug("auth2_challenge: user=%s devs=%s",
19392555Sdes	    authctxt->user ? authctxt->user : "<nouser>",
19492555Sdes	    devs ? devs : "<no devs>");
19576259Sgreen
19692555Sdes	if (authctxt->user == NULL || !devs)
19776259Sgreen		return 0;
19892555Sdes	if (authctxt->kbdintctxt == NULL)
19992555Sdes		authctxt->kbdintctxt = kbdint_alloc(devs);
20092555Sdes	return auth2_challenge_start(authctxt);
20192555Sdes}
20292555Sdes
20392555Sdes/* unregister kbd-int callbacks and context */
20492555Sdesvoid
20592555Sdesauth2_challenge_stop(Authctxt *authctxt)
20692555Sdes{
20792555Sdes	/* unregister callback */
20892555Sdes	dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE, NULL);
209181111Sdes	if (authctxt->kbdintctxt != NULL) {
21092555Sdes		kbdint_free(authctxt->kbdintctxt);
21192555Sdes		authctxt->kbdintctxt = NULL;
21292555Sdes	}
21392555Sdes}
21492555Sdes
21592555Sdes/* side effect: sets authctxt->postponed if a reply was sent*/
21692555Sdesstatic int
21792555Sdesauth2_challenge_start(Authctxt *authctxt)
21892555Sdes{
21992555Sdes	KbdintAuthctxt *kbdintctxt = authctxt->kbdintctxt;
22092555Sdes
22192555Sdes	debug2("auth2_challenge_start: devices %s",
22292555Sdes	    kbdintctxt->devices ?  kbdintctxt->devices : "<empty>");
22392555Sdes
22492555Sdes	if (kbdint_next_device(kbdintctxt) == 0) {
22592555Sdes		auth2_challenge_stop(authctxt);
22676259Sgreen		return 0;
22792555Sdes	}
22892555Sdes	debug("auth2_challenge_start: trying authentication method '%s'",
22992555Sdes	    kbdintctxt->device->name);
23092555Sdes
23192555Sdes	if ((kbdintctxt->ctxt = kbdintctxt->device->init_ctx(authctxt)) == NULL) {
23292555Sdes		auth2_challenge_stop(authctxt);
23392555Sdes		return 0;
23492555Sdes	}
23592555Sdes	if (send_userauth_info_request(authctxt) == 0) {
23692555Sdes		auth2_challenge_stop(authctxt);
23792555Sdes		return 0;
23892555Sdes	}
23976259Sgreen	dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE,
24076259Sgreen	    &input_userauth_info_response);
24192555Sdes
24276259Sgreen	authctxt->postponed = 1;
24376259Sgreen	return 0;
24476259Sgreen}
24576259Sgreen
24692555Sdesstatic int
24792555Sdessend_userauth_info_request(Authctxt *authctxt)
24876259Sgreen{
24992555Sdes	KbdintAuthctxt *kbdintctxt;
25092555Sdes	char *name, *instr, **prompts;
251149753Sdes	u_int i, *echo_on;
25276259Sgreen
25392555Sdes	kbdintctxt = authctxt->kbdintctxt;
25492555Sdes	if (kbdintctxt->device->query(kbdintctxt->ctxt,
25599063Sdes	    &name, &instr, &kbdintctxt->nreq, &prompts, &echo_on))
25692555Sdes		return 0;
25792555Sdes
25876259Sgreen	packet_start(SSH2_MSG_USERAUTH_INFO_REQUEST);
25992555Sdes	packet_put_cstring(name);
26092555Sdes	packet_put_cstring(instr);
26198684Sdes	packet_put_cstring("");		/* language not used */
26299063Sdes	packet_put_int(kbdintctxt->nreq);
26399063Sdes	for (i = 0; i < kbdintctxt->nreq; i++) {
26492555Sdes		packet_put_cstring(prompts[i]);
26592555Sdes		packet_put_char(echo_on[i]);
26692555Sdes	}
26776259Sgreen	packet_send();
26876259Sgreen	packet_write_wait();
26992555Sdes
27099063Sdes	for (i = 0; i < kbdintctxt->nreq; i++)
27192555Sdes		xfree(prompts[i]);
27292555Sdes	xfree(prompts);
27392555Sdes	xfree(echo_on);
27492555Sdes	xfree(name);
27592555Sdes	xfree(instr);
27692555Sdes	return 1;
27776259Sgreen}
27876259Sgreen
27992555Sdesstatic void
28092555Sdesinput_userauth_info_response(int type, u_int32_t seq, void *ctxt)
28176259Sgreen{
28276259Sgreen	Authctxt *authctxt = ctxt;
28392555Sdes	KbdintAuthctxt *kbdintctxt;
284149753Sdes	int authenticated = 0, res, len;
285149753Sdes	u_int i, nresp;
28692555Sdes	char **response = NULL, *method;
28776259Sgreen
28876259Sgreen	if (authctxt == NULL)
28976259Sgreen		fatal("input_userauth_info_response: no authctxt");
29092555Sdes	kbdintctxt = authctxt->kbdintctxt;
29192555Sdes	if (kbdintctxt == NULL || kbdintctxt->ctxt == NULL)
29292555Sdes		fatal("input_userauth_info_response: no kbdintctxt");
29392555Sdes	if (kbdintctxt->device == NULL)
29492555Sdes		fatal("input_userauth_info_response: no device");
29576259Sgreen
29676259Sgreen	authctxt->postponed = 0;	/* reset */
29776259Sgreen	nresp = packet_get_int();
29899063Sdes	if (nresp != kbdintctxt->nreq)
29999063Sdes		fatal("input_userauth_info_response: wrong number of replies");
30099063Sdes	if (nresp > 100)
30199063Sdes		fatal("input_userauth_info_response: too many replies");
30292555Sdes	if (nresp > 0) {
303162856Sdes		response = xcalloc(nresp, sizeof(char *));
30492555Sdes		for (i = 0; i < nresp; i++)
30592555Sdes			response[i] = packet_get_string(NULL);
30692555Sdes	}
30792555Sdes	packet_check_eom();
30892555Sdes
309147005Sdes	res = kbdintctxt->device->respond(kbdintctxt->ctxt, nresp, response);
31092555Sdes
31192555Sdes	for (i = 0; i < nresp; i++) {
31292555Sdes		memset(response[i], 'r', strlen(response[i]));
31392555Sdes		xfree(response[i]);
31492555Sdes	}
31592555Sdes	if (response)
31676259Sgreen		xfree(response);
31792555Sdes
31892555Sdes	switch (res) {
31992555Sdes	case 0:
32092555Sdes		/* Success! */
321147005Sdes		authenticated = authctxt->valid ? 1 : 0;
32292555Sdes		break;
32392555Sdes	case 1:
32492555Sdes		/* Authentication needs further interaction */
32592555Sdes		if (send_userauth_info_request(authctxt) == 1)
32692555Sdes			authctxt->postponed = 1;
32792555Sdes		break;
32892555Sdes	default:
32992555Sdes		/* Failure! */
33092555Sdes		break;
33176259Sgreen	}
33276259Sgreen
33392555Sdes	len = strlen("keyboard-interactive") + 2 +
33492555Sdes		strlen(kbdintctxt->device->name);
33592555Sdes	method = xmalloc(len);
33692555Sdes	snprintf(method, len, "keyboard-interactive/%s",
33792555Sdes	    kbdintctxt->device->name);
33892555Sdes
33992555Sdes	if (!authctxt->postponed) {
34092555Sdes		if (authenticated) {
34192555Sdes			auth2_challenge_stop(authctxt);
34292555Sdes		} else {
34392555Sdes			/* start next device */
34492555Sdes			/* may set authctxt->postponed */
34592555Sdes			auth2_challenge_start(authctxt);
34692555Sdes		}
34792555Sdes	}
34876259Sgreen	userauth_finish(authctxt, authenticated, method);
34992555Sdes	xfree(method);
35076259Sgreen}
35198684Sdes
35298684Sdesvoid
35398684Sdesprivsep_challenge_enable(void)
35498684Sdes{
355124211Sdes#if defined(BSD_AUTH) || defined(USE_PAM) || defined(SKEY)
356124211Sdes	int n = 0;
357124211Sdes#endif
35898684Sdes#ifdef BSD_AUTH
35998684Sdes	extern KbdintDevice mm_bsdauth_device;
36098684Sdes#endif
36199052Sdes#ifdef USE_PAM
362124211Sdes	extern KbdintDevice mm_sshpam_device;
36399052Sdes#endif
36498684Sdes#ifdef SKEY
36598684Sdes	extern KbdintDevice mm_skey_device;
36698684Sdes#endif
36799052Sdes
36898684Sdes#ifdef BSD_AUTH
36999052Sdes	devices[n++] = &mm_bsdauth_device;
37098684Sdes#else
37199052Sdes#ifdef USE_PAM
372124211Sdes	devices[n++] = &mm_sshpam_device;
37399052Sdes#endif
37498684Sdes#ifdef SKEY
37599052Sdes	devices[n++] = &mm_skey_device;
37698684Sdes#endif
37798684Sdes#endif
37898684Sdes}
379