diff options
author | markus@openbsd.org <markus@openbsd.org> | 2018-07-09 21:35:50 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2018-07-10 15:27:43 +1000 |
commit | c7d39ac8dc3587c5f05bdd5bcd098eb5c201c0c8 (patch) | |
tree | 28e4a7c9d114a3ab3c7710850e54b1a8c41f840e /auth2-chall.c | |
parent | c3cb7790e9efb14ba74b2d9f543ad593b3d55b31 (diff) |
upstream: sshd: switch authentication to sshbuf API; ok djm@
OpenBSD-Commit-ID: 880aa06bce4b140781e836bb56bec34873290641
Diffstat (limited to 'auth2-chall.c')
-rw-r--r-- | auth2-chall.c | 69 |
1 files changed, 40 insertions, 29 deletions
diff --git a/auth2-chall.c b/auth2-chall.c index 11c8d31b3..5edd0e653 100644 --- a/auth2-chall.c +++ b/auth2-chall.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth2-chall.c,v 1.48 2017/05/30 14:29:59 markus Exp $ */ | 1 | /* $OpenBSD: auth2-chall.c,v 1.49 2018/07/09 21:35:50 markus Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. |
4 | * Copyright (c) 2001 Per Allansson. All rights reserved. | 4 | * Copyright (c) 2001 Per Allansson. All rights reserved. |
@@ -34,12 +34,13 @@ | |||
34 | 34 | ||
35 | #include "xmalloc.h" | 35 | #include "xmalloc.h" |
36 | #include "ssh2.h" | 36 | #include "ssh2.h" |
37 | #include "key.h" | 37 | #include "sshkey.h" |
38 | #include "hostfile.h" | 38 | #include "hostfile.h" |
39 | #include "auth.h" | 39 | #include "auth.h" |
40 | #include "buffer.h" | 40 | #include "sshbuf.h" |
41 | #include "packet.h" | 41 | #include "packet.h" |
42 | #include "dispatch.h" | 42 | #include "dispatch.h" |
43 | #include "ssherr.h" | ||
43 | #include "log.h" | 44 | #include "log.h" |
44 | #include "misc.h" | 45 | #include "misc.h" |
45 | #include "servconf.h" | 46 | #include "servconf.h" |
@@ -48,7 +49,7 @@ | |||
48 | extern ServerOptions options; | 49 | extern ServerOptions options; |
49 | 50 | ||
50 | static int auth2_challenge_start(struct ssh *); | 51 | static int auth2_challenge_start(struct ssh *); |
51 | static int send_userauth_info_request(Authctxt *); | 52 | static int send_userauth_info_request(struct ssh *); |
52 | static int input_userauth_info_response(int, u_int32_t, struct ssh *); | 53 | static int input_userauth_info_response(int, u_int32_t, struct ssh *); |
53 | 54 | ||
54 | #ifdef BSD_AUTH | 55 | #ifdef BSD_AUTH |
@@ -105,8 +106,8 @@ static KbdintAuthctxt * | |||
105 | kbdint_alloc(const char *devs) | 106 | kbdint_alloc(const char *devs) |
106 | { | 107 | { |
107 | KbdintAuthctxt *kbdintctxt; | 108 | KbdintAuthctxt *kbdintctxt; |
108 | Buffer b; | 109 | struct sshbuf *b; |
109 | int i; | 110 | int i, r; |
110 | 111 | ||
111 | #ifdef USE_PAM | 112 | #ifdef USE_PAM |
112 | if (!options.use_pam) | 113 | if (!options.use_pam) |
@@ -115,16 +116,17 @@ kbdint_alloc(const char *devs) | |||
115 | 116 | ||
116 | kbdintctxt = xcalloc(1, sizeof(KbdintAuthctxt)); | 117 | kbdintctxt = xcalloc(1, sizeof(KbdintAuthctxt)); |
117 | if (strcmp(devs, "") == 0) { | 118 | if (strcmp(devs, "") == 0) { |
118 | buffer_init(&b); | 119 | if ((b = sshbuf_new()) == NULL) |
120 | fatal("%s: sshbuf_new failed", __func__); | ||
119 | for (i = 0; devices[i]; i++) { | 121 | for (i = 0; devices[i]; i++) { |
120 | if (buffer_len(&b) > 0) | 122 | if ((r = sshbuf_putf(b, "%s%s", |
121 | buffer_append(&b, ",", 1); | 123 | sshbuf_len(b) ? "," : "", devices[i]->name)) != 0) |
122 | buffer_append(&b, devices[i]->name, | 124 | fatal("%s: buffer error: %s", |
123 | strlen(devices[i]->name)); | 125 | __func__, ssh_err(r)); |
124 | } | 126 | } |
125 | if ((kbdintctxt->devices = sshbuf_dup_string(&b)) == NULL) | 127 | if ((kbdintctxt->devices = sshbuf_dup_string(b)) == NULL) |
126 | fatal("%s: sshbuf_dup_string failed", __func__); | 128 | fatal("%s: sshbuf_dup_string failed", __func__); |
127 | buffer_free(&b); | 129 | sshbuf_free(b); |
128 | } else { | 130 | } else { |
129 | kbdintctxt->devices = xstrdup(devs); | 131 | kbdintctxt->devices = xstrdup(devs); |
130 | } | 132 | } |
@@ -243,7 +245,7 @@ auth2_challenge_start(struct ssh *ssh) | |||
243 | auth2_challenge_stop(ssh); | 245 | auth2_challenge_stop(ssh); |
244 | return 0; | 246 | return 0; |
245 | } | 247 | } |
246 | if (send_userauth_info_request(authctxt) == 0) { | 248 | if (send_userauth_info_request(ssh) == 0) { |
247 | auth2_challenge_stop(ssh); | 249 | auth2_challenge_stop(ssh); |
248 | return 0; | 250 | return 0; |
249 | } | 251 | } |
@@ -255,28 +257,32 @@ auth2_challenge_start(struct ssh *ssh) | |||
255 | } | 257 | } |
256 | 258 | ||
257 | static int | 259 | static int |
258 | send_userauth_info_request(Authctxt *authctxt) | 260 | send_userauth_info_request(struct ssh *ssh) |
259 | { | 261 | { |
262 | Authctxt *authctxt = ssh->authctxt; | ||
260 | KbdintAuthctxt *kbdintctxt; | 263 | KbdintAuthctxt *kbdintctxt; |
261 | char *name, *instr, **prompts; | 264 | char *name, *instr, **prompts; |
262 | u_int i, *echo_on; | 265 | u_int r, i, *echo_on; |
263 | 266 | ||
264 | kbdintctxt = authctxt->kbdintctxt; | 267 | kbdintctxt = authctxt->kbdintctxt; |
265 | if (kbdintctxt->device->query(kbdintctxt->ctxt, | 268 | if (kbdintctxt->device->query(kbdintctxt->ctxt, |
266 | &name, &instr, &kbdintctxt->nreq, &prompts, &echo_on)) | 269 | &name, &instr, &kbdintctxt->nreq, &prompts, &echo_on)) |
267 | return 0; | 270 | return 0; |
268 | 271 | ||
269 | packet_start(SSH2_MSG_USERAUTH_INFO_REQUEST); | 272 | if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_INFO_REQUEST)) != 0 || |
270 | packet_put_cstring(name); | 273 | (r = sshpkt_put_cstring(ssh, name)) != 0 || |
271 | packet_put_cstring(instr); | 274 | (r = sshpkt_put_cstring(ssh, instr)) != 0 || |
272 | packet_put_cstring(""); /* language not used */ | 275 | (r = sshpkt_put_cstring(ssh, "")) != 0 || /* language not used */ |
273 | packet_put_int(kbdintctxt->nreq); | 276 | (r = sshpkt_put_u32(ssh, kbdintctxt->nreq)) != 0) |
277 | fatal("%s: %s", __func__, ssh_err(r)); | ||
274 | for (i = 0; i < kbdintctxt->nreq; i++) { | 278 | for (i = 0; i < kbdintctxt->nreq; i++) { |
275 | packet_put_cstring(prompts[i]); | 279 | if ((r = sshpkt_put_cstring(ssh, prompts[i])) != 0 || |
276 | packet_put_char(echo_on[i]); | 280 | (r = sshpkt_put_u8(ssh, echo_on[i])) != 0) |
281 | fatal("%s: %s", __func__, ssh_err(r)); | ||
277 | } | 282 | } |
278 | packet_send(); | 283 | if ((r = sshpkt_send(ssh)) != 0) |
279 | packet_write_wait(); | 284 | fatal("%s: %s", __func__, ssh_err(r)); |
285 | ssh_packet_write_wait(ssh); | ||
280 | 286 | ||
281 | for (i = 0; i < kbdintctxt->nreq; i++) | 287 | for (i = 0; i < kbdintctxt->nreq; i++) |
282 | free(prompts[i]); | 288 | free(prompts[i]); |
@@ -293,6 +299,7 @@ input_userauth_info_response(int type, u_int32_t seq, struct ssh *ssh) | |||
293 | Authctxt *authctxt = ssh->authctxt; | 299 | Authctxt *authctxt = ssh->authctxt; |
294 | KbdintAuthctxt *kbdintctxt; | 300 | KbdintAuthctxt *kbdintctxt; |
295 | int authenticated = 0, res; | 301 | int authenticated = 0, res; |
302 | int r; | ||
296 | u_int i, nresp; | 303 | u_int i, nresp; |
297 | const char *devicename = NULL; | 304 | const char *devicename = NULL; |
298 | char **response = NULL; | 305 | char **response = NULL; |
@@ -306,7 +313,8 @@ input_userauth_info_response(int type, u_int32_t seq, struct ssh *ssh) | |||
306 | fatal("input_userauth_info_response: no device"); | 313 | fatal("input_userauth_info_response: no device"); |
307 | 314 | ||
308 | authctxt->postponed = 0; /* reset */ | 315 | authctxt->postponed = 0; /* reset */ |
309 | nresp = packet_get_int(); | 316 | if ((r = sshpkt_get_u32(ssh, &nresp)) != 0) |
317 | fatal("%s: %s", __func__, ssh_err(r)); | ||
310 | if (nresp != kbdintctxt->nreq) | 318 | if (nresp != kbdintctxt->nreq) |
311 | fatal("input_userauth_info_response: wrong number of replies"); | 319 | fatal("input_userauth_info_response: wrong number of replies"); |
312 | if (nresp > 100) | 320 | if (nresp > 100) |
@@ -314,9 +322,12 @@ input_userauth_info_response(int type, u_int32_t seq, struct ssh *ssh) | |||
314 | if (nresp > 0) { | 322 | if (nresp > 0) { |
315 | response = xcalloc(nresp, sizeof(char *)); | 323 | response = xcalloc(nresp, sizeof(char *)); |
316 | for (i = 0; i < nresp; i++) | 324 | for (i = 0; i < nresp; i++) |
317 | response[i] = packet_get_string(NULL); | 325 | if ((r = sshpkt_get_cstring(ssh, &response[i], |
326 | NULL)) != 0) | ||
327 | fatal("%s: %s", __func__, ssh_err(r)); | ||
318 | } | 328 | } |
319 | packet_check_eom(); | 329 | if ((r = sshpkt_get_end(ssh)) != 0) |
330 | fatal("%s: %s", __func__, ssh_err(r)); | ||
320 | 331 | ||
321 | res = kbdintctxt->device->respond(kbdintctxt->ctxt, nresp, response); | 332 | res = kbdintctxt->device->respond(kbdintctxt->ctxt, nresp, response); |
322 | 333 | ||
@@ -333,7 +344,7 @@ input_userauth_info_response(int type, u_int32_t seq, struct ssh *ssh) | |||
333 | break; | 344 | break; |
334 | case 1: | 345 | case 1: |
335 | /* Authentication needs further interaction */ | 346 | /* Authentication needs further interaction */ |
336 | if (send_userauth_info_request(authctxt) == 1) | 347 | if (send_userauth_info_request(ssh) == 1) |
337 | authctxt->postponed = 1; | 348 | authctxt->postponed = 1; |
338 | break; | 349 | break; |
339 | default: | 350 | default: |