auth2-chall.c revision 92555 
1/*
2 * Copyright (c) 2001 Markus Friedl.  All rights reserved.
3 * Copyright (c) 2001 Per Allansson.  All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 *    notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 *    notice, this list of conditions and the following disclaimer in the
12 *    documentation and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
18 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 */
25#include "includes.h"
26RCSID("$OpenBSD: auth2-chall.c,v 1.16 2002/01/13 17:57:37 markus Exp $");
27
28#include "ssh2.h"
29#include "auth.h"
30#include "buffer.h"
31#include "packet.h"
32#include "xmalloc.h"
33#include "dispatch.h"
34#include "auth.h"
35#include "log.h"
36
37static int auth2_challenge_start(Authctxt *);
38static int send_userauth_info_request(Authctxt *);
39static void input_userauth_info_response(int, u_int32_t, void *);
40
41#ifdef BSD_AUTH
42extern KbdintDevice bsdauth_device;
43#else
44#ifdef SKEY
45extern KbdintDevice skey_device;
46#endif
47#endif
48
49KbdintDevice *devices[] = {
50#ifdef BSD_AUTH
51	&bsdauth_device,
52#else
53#ifdef SKEY
54	&skey_device,
55#endif
56#endif
57	NULL
58};
59
60typedef struct KbdintAuthctxt KbdintAuthctxt;
61struct KbdintAuthctxt
62{
63	char *devices;
64	void *ctxt;
65	KbdintDevice *device;
66};
67
68static KbdintAuthctxt *
69kbdint_alloc(const char *devs)
70{
71	KbdintAuthctxt *kbdintctxt;
72	Buffer b;
73	int i;
74
75	kbdintctxt = xmalloc(sizeof(KbdintAuthctxt));
76	if (strcmp(devs, "") == 0) {
77		buffer_init(&b);
78		for (i = 0; devices[i]; i++) {
79			if (buffer_len(&b) > 0)
80				buffer_append(&b, ",", 1);
81			buffer_append(&b, devices[i]->name,
82			    strlen(devices[i]->name));
83		}
84		buffer_append(&b, "\0", 1);
85		kbdintctxt->devices = xstrdup(buffer_ptr(&b));
86		buffer_free(&b);
87	} else {
88		kbdintctxt->devices = xstrdup(devs);
89	}
90	debug("kbdint_alloc: devices '%s'", kbdintctxt->devices);
91	kbdintctxt->ctxt = NULL;
92	kbdintctxt->device = NULL;
93
94	return kbdintctxt;
95}
96static void
97kbdint_reset_device(KbdintAuthctxt *kbdintctxt)
98{
99	if (kbdintctxt->ctxt) {
100		kbdintctxt->device->free_ctx(kbdintctxt->ctxt);
101		kbdintctxt->ctxt = NULL;
102	}
103	kbdintctxt->device = NULL;
104}
105static void
106kbdint_free(KbdintAuthctxt *kbdintctxt)
107{
108	if (kbdintctxt->device)
109		kbdint_reset_device(kbdintctxt);
110	if (kbdintctxt->devices) {
111		xfree(kbdintctxt->devices);
112		kbdintctxt->devices = NULL;
113	}
114	xfree(kbdintctxt);
115}
116/* get next device */
117static int
118kbdint_next_device(KbdintAuthctxt *kbdintctxt)
119{
120	size_t len;
121	char *t;
122	int i;
123
124	if (kbdintctxt->device)
125		kbdint_reset_device(kbdintctxt);
126	do {
127		len = kbdintctxt->devices ?
128		    strcspn(kbdintctxt->devices, ",") : 0;
129
130		if (len == 0)
131			break;
132		for (i = 0; devices[i]; i++)
133			if (strncmp(kbdintctxt->devices, devices[i]->name, len) == 0)
134				kbdintctxt->device = devices[i];
135		t = kbdintctxt->devices;
136		kbdintctxt->devices = t[len] ? xstrdup(t+len+1) : NULL;
137		xfree(t);
138		debug2("kbdint_next_device: devices %s", kbdintctxt->devices ?
139		   kbdintctxt->devices : "<empty>");
140	} while (kbdintctxt->devices && !kbdintctxt->device);
141
142	return kbdintctxt->device ? 1 : 0;
143}
144
145/*
146 * try challenge-response, set authctxt->postponed if we have to
147 * wait for the response.
148 */
149int
150auth2_challenge(Authctxt *authctxt, char *devs)
151{
152	debug("auth2_challenge: user=%s devs=%s",
153	    authctxt->user ? authctxt->user : "<nouser>",
154	    devs ? devs : "<no devs>");
155
156	if (authctxt->user == NULL || !devs)
157		return 0;
158	if (authctxt->kbdintctxt == NULL)
159		authctxt->kbdintctxt = kbdint_alloc(devs);
160	return auth2_challenge_start(authctxt);
161}
162
163/* unregister kbd-int callbacks and context */
164void
165auth2_challenge_stop(Authctxt *authctxt)
166{
167	/* unregister callback */
168	dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE, NULL);
169	if (authctxt->kbdintctxt != NULL)  {
170		kbdint_free(authctxt->kbdintctxt);
171		authctxt->kbdintctxt = NULL;
172	}
173}
174
175/* side effect: sets authctxt->postponed if a reply was sent*/
176static int
177auth2_challenge_start(Authctxt *authctxt)
178{
179	KbdintAuthctxt *kbdintctxt = authctxt->kbdintctxt;
180
181	debug2("auth2_challenge_start: devices %s",
182	    kbdintctxt->devices ?  kbdintctxt->devices : "<empty>");
183
184	if (kbdint_next_device(kbdintctxt) == 0) {
185		auth2_challenge_stop(authctxt);
186		return 0;
187	}
188	debug("auth2_challenge_start: trying authentication method '%s'",
189	    kbdintctxt->device->name);
190
191	if ((kbdintctxt->ctxt = kbdintctxt->device->init_ctx(authctxt)) == NULL) {
192		auth2_challenge_stop(authctxt);
193		return 0;
194	}
195	if (send_userauth_info_request(authctxt) == 0) {
196		auth2_challenge_stop(authctxt);
197		return 0;
198	}
199	dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE,
200	    &input_userauth_info_response);
201
202	authctxt->postponed = 1;
203	return 0;
204}
205
206static int
207send_userauth_info_request(Authctxt *authctxt)
208{
209	KbdintAuthctxt *kbdintctxt;
210	char *name, *instr, **prompts;
211	int i;
212	u_int numprompts, *echo_on;
213
214	kbdintctxt = authctxt->kbdintctxt;
215	if (kbdintctxt->device->query(kbdintctxt->ctxt,
216	    &name, &instr, &numprompts, &prompts, &echo_on))
217		return 0;
218
219	packet_start(SSH2_MSG_USERAUTH_INFO_REQUEST);
220	packet_put_cstring(name);
221	packet_put_cstring(instr);
222	packet_put_cstring(""); 	/* language not used */
223	packet_put_int(numprompts);
224	for (i = 0; i < numprompts; i++) {
225		packet_put_cstring(prompts[i]);
226		packet_put_char(echo_on[i]);
227	}
228	packet_send();
229	packet_write_wait();
230
231	for (i = 0; i < numprompts; i++)
232		xfree(prompts[i]);
233	xfree(prompts);
234	xfree(echo_on);
235	xfree(name);
236	xfree(instr);
237	return 1;
238}
239
240static void
241input_userauth_info_response(int type, u_int32_t seq, void *ctxt)
242{
243	Authctxt *authctxt = ctxt;
244	KbdintAuthctxt *kbdintctxt;
245	int i, authenticated = 0, res, len;
246	u_int nresp;
247	char **response = NULL, *method;
248
249	if (authctxt == NULL)
250		fatal("input_userauth_info_response: no authctxt");
251	kbdintctxt = authctxt->kbdintctxt;
252	if (kbdintctxt == NULL || kbdintctxt->ctxt == NULL)
253		fatal("input_userauth_info_response: no kbdintctxt");
254	if (kbdintctxt->device == NULL)
255		fatal("input_userauth_info_response: no device");
256
257	authctxt->postponed = 0;	/* reset */
258	nresp = packet_get_int();
259	if (nresp > 0) {
260		response = xmalloc(nresp * sizeof(char*));
261		for (i = 0; i < nresp; i++)
262			response[i] = packet_get_string(NULL);
263	}
264	packet_check_eom();
265
266	if (authctxt->valid) {
267		res = kbdintctxt->device->respond(kbdintctxt->ctxt,
268		    nresp, response);
269	} else {
270		res = -1;
271	}
272
273	for (i = 0; i < nresp; i++) {
274		memset(response[i], 'r', strlen(response[i]));
275		xfree(response[i]);
276	}
277	if (response)
278		xfree(response);
279
280	switch (res) {
281	case 0:
282		/* Success! */
283		authenticated = 1;
284		break;
285	case 1:
286		/* Authentication needs further interaction */
287		if (send_userauth_info_request(authctxt) == 1)
288			authctxt->postponed = 1;
289		break;
290	default:
291		/* Failure! */
292		break;
293	}
294
295	len = strlen("keyboard-interactive") + 2 +
296		strlen(kbdintctxt->device->name);
297	method = xmalloc(len);
298	snprintf(method, len, "keyboard-interactive/%s",
299	    kbdintctxt->device->name);
300
301	if (!authctxt->postponed) {
302		if (authenticated) {
303			auth2_challenge_stop(authctxt);
304		} else {
305			/* start next device */
306			/* may set authctxt->postponed */
307			auth2_challenge_start(authctxt);
308		}
309	}
310	userauth_finish(authctxt, authenticated, method);
311	xfree(method);
312}
313