summaryrefslogtreecommitdiff
path: root/sshconnect.c
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>1999-11-25 00:26:21 +1100
committerDamien Miller <djm@mindrot.org>1999-11-25 00:26:21 +1100
commit95def09838fc61b37b6ea7cd5c234a465b4b129b (patch)
tree042744f76f40a326b873cb1c3690a6d7d966bc3e /sshconnect.c
parent4d2f15f895f4c795afc008aeff3fd2ceffbc44f4 (diff)
- Merged very large OpenBSD source code reformat
- OpenBSD CVS updates - [channels.c cipher.c compat.c log-client.c scp.c serverloop.c] [ssh.h sshd.8 sshd.c] syslog changes: * Unified Logmessage for all auth-types, for success and for failed * Standard connections get only ONE line in the LOG when level==LOG: Auth-attempts are logged only, if authentication is: a) successfull or b) with passwd or c) we had more than AUTH_FAIL_LOG failues * many log() became verbose() * old behaviour with level=VERBOSE - [readconf.c readconf.h ssh.1 ssh.h sshconnect.c sshd.c] tranfer s/key challenge/response data in SSH_SMSG_AUTH_TIS_CHALLENGE messages. allows use of s/key in windows (ttssh, securecrt) and ssh-1.2.27 clients without 'ssh -v', ok: niels@ - [sshd.8] -V, for fallback to openssh in SSH2 compatibility mode - [sshd.c] fix sigchld race; cjc5@po.cwru.edu
Diffstat (limited to 'sshconnect.c')
-rw-r--r--sshconnect.c2851
1 files changed, 1421 insertions, 1430 deletions
diff --git a/sshconnect.c b/sshconnect.c
index fba389d8b..0657c37e8 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -1,21 +1,14 @@
1/* 1/*
2 2 * Author: Tatu Ylonen <ylo@cs.hut.fi>
3sshconnect.c 3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4 4 * All rights reserved
5Author: Tatu Ylonen <ylo@cs.hut.fi> 5 * Created: Sat Mar 18 22:15:47 1995 ylo
6 6 * Code to connect to a remote host, and to perform the client side of the
7Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 7 * login (authentication) dialog.
8 All rights reserved 8 */
9
10Created: Sat Mar 18 22:15:47 1995 ylo
11
12Code to connect to a remote host, and to perform the client side of the
13login (authentication) dialog.
14
15*/
16 9
17#include "includes.h" 10#include "includes.h"
18RCSID("$Id: sshconnect.c,v 1.13 1999/11/21 02:23:53 damien Exp $"); 11RCSID("$Id: sshconnect.c,v 1.14 1999/11/24 13:26:23 damien Exp $");
19 12
20#ifdef HAVE_OPENSSL 13#ifdef HAVE_OPENSSL
21#include <openssl/bn.h> 14#include <openssl/bn.h>
@@ -41,1497 +34,1495 @@ RCSID("$Id: sshconnect.c,v 1.13 1999/11/21 02:23:53 damien Exp $");
41/* Session id for the current session. */ 34/* Session id for the current session. */
42unsigned char session_id[16]; 35unsigned char session_id[16];
43 36
44/* Connect to the given ssh server using a proxy command. */ 37/*
45 38 * Connect to the given ssh server using a proxy command.
39 */
46int 40int
47ssh_proxy_connect(const char *host, int port, uid_t original_real_uid, 41ssh_proxy_connect(const char *host, int port, uid_t original_real_uid,
48 const char *proxy_command) 42 const char *proxy_command)
49{ 43{
50 Buffer command; 44 Buffer command;
51 const char *cp; 45 const char *cp;
52 char *command_string; 46 char *command_string;
53 int pin[2], pout[2]; 47 int pin[2], pout[2];
54 int pid; 48 int pid;
55 char portstring[100]; 49 char portstring[100];
56 50
57 /* Convert the port number into a string. */ 51 /* Convert the port number into a string. */
58 snprintf(portstring, sizeof portstring, "%d", port); 52 snprintf(portstring, sizeof portstring, "%d", port);
59 53
60 /* Build the final command string in the buffer by making the appropriate 54 /* Build the final command string in the buffer by making the
61 substitutions to the given proxy command. */ 55 appropriate substitutions to the given proxy command. */
62 buffer_init(&command); 56 buffer_init(&command);
63 for (cp = proxy_command; *cp; cp++) 57 for (cp = proxy_command; *cp; cp++) {
64 { 58 if (cp[0] == '%' && cp[1] == '%') {
65 if (cp[0] == '%' && cp[1] == '%') 59 buffer_append(&command, "%", 1);
66 { 60 cp++;
67 buffer_append(&command, "%", 1); 61 continue;
68 cp++; 62 }
69 continue; 63 if (cp[0] == '%' && cp[1] == 'h') {
70 } 64 buffer_append(&command, host, strlen(host));
71 if (cp[0] == '%' && cp[1] == 'h') 65 cp++;
72 { 66 continue;
73 buffer_append(&command, host, strlen(host)); 67 }
74 cp++; 68 if (cp[0] == '%' && cp[1] == 'p') {
75 continue; 69 buffer_append(&command, portstring, strlen(portstring));
76 } 70 cp++;
77 if (cp[0] == '%' && cp[1] == 'p') 71 continue;
78 { 72 }
79 buffer_append(&command, portstring, strlen(portstring)); 73 buffer_append(&command, cp, 1);
80 cp++;
81 continue;
82 } 74 }
83 buffer_append(&command, cp, 1); 75 buffer_append(&command, "\0", 1);
84 } 76
85 buffer_append(&command, "\0", 1); 77 /* Get the final command string. */
86 78 command_string = buffer_ptr(&command);
87 /* Get the final command string. */ 79
88 command_string = buffer_ptr(&command); 80 /* Create pipes for communicating with the proxy. */
89 81 if (pipe(pin) < 0 || pipe(pout) < 0)
90 /* Create pipes for communicating with the proxy. */ 82 fatal("Could not create pipes to communicate with the proxy: %.100s",
91 if (pipe(pin) < 0 || pipe(pout) < 0) 83 strerror(errno));
92 fatal("Could not create pipes to communicate with the proxy: %.100s", 84
93 strerror(errno)); 85 debug("Executing proxy command: %.500s", command_string);
94 86
95 debug("Executing proxy command: %.500s", command_string); 87 /* Fork and execute the proxy command. */
96 88 if ((pid = fork()) == 0) {
97 /* Fork and execute the proxy command. */ 89 char *argv[10];
98 if ((pid = fork()) == 0) 90
99 { 91 /* Child. Permanently give up superuser privileges. */
100 char *argv[10]; 92 permanently_set_uid(original_real_uid);
101 93
102 /* Child. Permanently give up superuser privileges. */ 94 /* Redirect stdin and stdout. */
103 permanently_set_uid(original_real_uid); 95 close(pin[1]);
104 96 if (pin[0] != 0) {
105 /* Redirect stdin and stdout. */ 97 if (dup2(pin[0], 0) < 0)
106 close(pin[1]); 98 perror("dup2 stdin");
107 if (pin[0] != 0) 99 close(pin[0]);
108 { 100 }
109 if (dup2(pin[0], 0) < 0) 101 close(pout[0]);
110 perror("dup2 stdin"); 102 if (dup2(pout[1], 1) < 0)
111 close(pin[0]); 103 perror("dup2 stdout");
104 /* Cannot be 1 because pin allocated two descriptors. */
105 close(pout[1]);
106
107 /* Stderr is left as it is so that error messages get
108 printed on the user's terminal. */
109 argv[0] = "/bin/sh";
110 argv[1] = "-c";
111 argv[2] = command_string;
112 argv[3] = NULL;
113
114 /* Execute the proxy command. Note that we gave up any
115 extra privileges above. */
116 execv("/bin/sh", argv);
117 perror("/bin/sh");
118 exit(1);
112 } 119 }
113 close(pout[0]); 120 /* Parent. */
114 if (dup2(pout[1], 1) < 0) 121 if (pid < 0)
115 perror("dup2 stdout"); 122 fatal("fork failed: %.100s", strerror(errno));
116 close(pout[1]); /* Cannot be 1 because pin allocated two descriptors. */ 123
117 124 /* Close child side of the descriptors. */
118 /* Stderr is left as it is so that error messages get printed on 125 close(pin[0]);
119 the user's terminal. */ 126 close(pout[1]);
120 argv[0] = "/bin/sh"; 127
121 argv[1] = "-c"; 128 /* Free the command name. */
122 argv[2] = command_string; 129 buffer_free(&command);
123 argv[3] = NULL; 130
124 131 /* Set the connection file descriptors. */
125 /* Execute the proxy command. Note that we gave up any extra 132 packet_set_connection(pout[0], pin[1]);
126 privileges above. */
127 execv("/bin/sh", argv);
128 perror("/bin/sh");
129 exit(1);
130 }
131 /* Parent. */
132 if (pid < 0)
133 fatal("fork failed: %.100s", strerror(errno));
134
135 /* Close child side of the descriptors. */
136 close(pin[0]);
137 close(pout[1]);
138
139 /* Free the command name. */
140 buffer_free(&command);
141
142 /* Set the connection file descriptors. */
143 packet_set_connection(pout[0], pin[1]);
144
145 return 1;
146}
147 133
148/* Creates a (possibly privileged) socket for use as the ssh connection. */ 134 return 1;
135}
149 136
150int ssh_create_socket(uid_t original_real_uid, int privileged) 137/*
138 * Creates a (possibly privileged) socket for use as the ssh connection.
139 */
140int
141ssh_create_socket(uid_t original_real_uid, int privileged)
151{ 142{
152 int sock; 143 int sock;
153 144
154 /* If we are running as root and want to connect to a privileged port, 145 /* If we are running as root and want to connect to a privileged
155 bind our own socket to a privileged port. */ 146 port, bind our own socket to a privileged port. */
156 if (privileged) 147 if (privileged) {
157 { 148 int p = IPPORT_RESERVED - 1;
158 int p = IPPORT_RESERVED - 1; 149
159 150 sock = rresvport(&p);
160 sock = rresvport(&p); 151 if (sock < 0)
161 if (sock < 0) 152 fatal("rresvport: %.100s", strerror(errno));
162 fatal("rresvport: %.100s", strerror(errno)); 153 debug("Allocated local port %d.", p);
163 debug("Allocated local port %d.", p); 154 } else {
164 } 155 /* Just create an ordinary socket on arbitrary port. We
165 else 156 use the user's uid to create the socket. */
166 { 157 temporarily_use_uid(original_real_uid);
167 /* Just create an ordinary socket on arbitrary port. We use the 158 sock = socket(AF_INET, SOCK_STREAM, 0);
168 user's uid to create the socket. */ 159 if (sock < 0)
169 temporarily_use_uid(original_real_uid); 160 fatal("socket: %.100s", strerror(errno));
170 sock = socket(AF_INET, SOCK_STREAM, 0); 161 restore_uid();
171 if (sock < 0) 162 }
172 fatal("socket: %.100s", strerror(errno)); 163 return sock;
173 restore_uid();
174 }
175 return sock;
176} 164}
177 165
178/* Opens a TCP/IP connection to the remote server on the given host. If 166/*
179 port is 0, the default port will be used. If anonymous is zero, 167 * Opens a TCP/IP connection to the remote server on the given host. If
180 a privileged port will be allocated to make the connection. 168 * port is 0, the default port will be used. If anonymous is zero,
181 This requires super-user privileges if anonymous is false. 169 * a privileged port will be allocated to make the connection.
182 Connection_attempts specifies the maximum number of tries (one per 170 * This requires super-user privileges if anonymous is false.
183 second). If proxy_command is non-NULL, it specifies the command (with %h 171 * Connection_attempts specifies the maximum number of tries (one per
184 and %p substituted for host and port, respectively) to use to contact 172 * second). If proxy_command is non-NULL, it specifies the command (with %h
185 the daemon. */ 173 * and %p substituted for host and port, respectively) to use to contact
186 174 * the daemon.
187int ssh_connect(const char *host, struct sockaddr_in *hostaddr, 175 */
188 int port, int connection_attempts, 176int
189 int anonymous, uid_t original_real_uid, 177ssh_connect(const char *host, struct sockaddr_in * hostaddr,
190 const char *proxy_command) 178 int port, int connection_attempts,
179 int anonymous, uid_t original_real_uid,
180 const char *proxy_command)
191{ 181{
192 int sock = -1, attempt, i; 182 int sock = -1, attempt, i;
193 int on = 1; 183 int on = 1;
194 struct servent *sp; 184 struct servent *sp;
195 struct hostent *hp; 185 struct hostent *hp;
196 struct linger linger; 186 struct linger linger;
197 187
198 debug("ssh_connect: getuid %d geteuid %d anon %d", 188 debug("ssh_connect: getuid %d geteuid %d anon %d",
199 (int)getuid(), (int)geteuid(), anonymous); 189 (int) getuid(), (int) geteuid(), anonymous);
200 190
201 /* Get default port if port has not been set. */ 191 /* Get default port if port has not been set. */
202 if (port == 0) 192 if (port == 0) {
203 { 193 sp = getservbyname(SSH_SERVICE_NAME, "tcp");
204 sp = getservbyname(SSH_SERVICE_NAME, "tcp"); 194 if (sp)
205 if (sp) 195 port = ntohs(sp->s_port);
206 port = ntohs(sp->s_port); 196 else
207 else 197 port = SSH_DEFAULT_PORT;
208 port = SSH_DEFAULT_PORT;
209 }
210
211 /* If a proxy command is given, connect using it. */
212 if (proxy_command != NULL)
213 return ssh_proxy_connect(host, port, original_real_uid, proxy_command);
214
215 /* No proxy command. */
216
217 /* No host lookup made yet. */
218 hp = NULL;
219
220 /* Try to connect several times. On some machines, the first time will
221 sometimes fail. In general socket code appears to behave quite
222 magically on many machines. */
223 for (attempt = 0; attempt < connection_attempts; attempt++)
224 {
225 if (attempt > 0)
226 debug("Trying again...");
227
228 /* Try to parse the host name as a numeric inet address. */
229 memset(hostaddr, 0, sizeof(hostaddr));
230 hostaddr->sin_family = AF_INET;
231 hostaddr->sin_port = htons(port);
232 hostaddr->sin_addr.s_addr = inet_addr(host);
233 if ((hostaddr->sin_addr.s_addr & 0xffffffff) != 0xffffffff)
234 {
235 /* Valid numeric IP address */
236 debug("Connecting to %.100s port %d.",
237 inet_ntoa(hostaddr->sin_addr), port);
238
239 /* Create a socket. */
240 sock = ssh_create_socket(original_real_uid,
241 !anonymous && geteuid() == 0 &&
242 port < IPPORT_RESERVED);
243
244 /* Connect to the host. We use the user's uid in the hope that
245 it will help with the problems of tcp_wrappers showing the
246 remote uid as root. */
247 temporarily_use_uid(original_real_uid);
248 if (connect(sock, (struct sockaddr *)hostaddr, sizeof(*hostaddr))
249 >= 0)
250 {
251 /* Successful connect. */
252 restore_uid();
253 break;
254 }
255 debug("connect: %.100s", strerror(errno));
256 restore_uid();
257
258 /* Destroy the failed socket. */
259 shutdown(sock, SHUT_RDWR);
260 close(sock);
261 } 198 }
262 else 199 /* If a proxy command is given, connect using it. */
263 { 200 if (proxy_command != NULL)
264 /* Not a valid numeric inet address. */ 201 return ssh_proxy_connect(host, port, original_real_uid, proxy_command);
265 /* Map host name to an address. */ 202
266 if (!hp) 203 /* No proxy command. */
267 hp = gethostbyname(host); 204
268 if (!hp) 205 /* No host lookup made yet. */
269 fatal("Bad host name: %.100s", host); 206 hp = NULL;
270 if (!hp->h_addr_list[0]) 207
271 fatal("Host does not have an IP address: %.100s", host); 208 /* Try to connect several times. On some machines, the first time
272 209 will sometimes fail. In general socket code appears to behave
273 /* Loop through addresses for this host, and try each one in 210 quite magically on many machines. */
274 sequence until the connection succeeds. */ 211 for (attempt = 0; attempt < connection_attempts; attempt++) {
275 for (i = 0; hp->h_addr_list[i]; i++) 212 if (attempt > 0)
276 { 213 debug("Trying again...");
277 /* Set the address to connect to. */ 214
278 hostaddr->sin_family = hp->h_addrtype; 215 /* Try to parse the host name as a numeric inet address. */
279 memcpy(&hostaddr->sin_addr, hp->h_addr_list[i], 216 memset(hostaddr, 0, sizeof(hostaddr));
280 sizeof(hostaddr->sin_addr)); 217 hostaddr->sin_family = AF_INET;
281 218 hostaddr->sin_port = htons(port);
282 debug("Connecting to %.200s [%.100s] port %d.", 219 hostaddr->sin_addr.s_addr = inet_addr(host);
283 host, inet_ntoa(hostaddr->sin_addr), port); 220 if ((hostaddr->sin_addr.s_addr & 0xffffffff) != 0xffffffff) {
284 221 /* Valid numeric IP address */
285 /* Create a socket for connecting. */ 222 debug("Connecting to %.100s port %d.",
286 sock = ssh_create_socket(original_real_uid, 223 inet_ntoa(hostaddr->sin_addr), port);
287 !anonymous && geteuid() == 0 && 224
288 port < IPPORT_RESERVED); 225 /* Create a socket. */
289 226 sock = ssh_create_socket(original_real_uid,
290 /* Connect to the host. We use the user's uid in the hope that 227 !anonymous && geteuid() == 0 &&
291 it will help with tcp_wrappers showing the remote uid as 228 port < IPPORT_RESERVED);
292 root. */ 229
293 temporarily_use_uid(original_real_uid); 230 /* Connect to the host. We use the user's uid in
294 if (connect(sock, (struct sockaddr *)hostaddr, 231 the hope that it will help with the problems of
295 sizeof(*hostaddr)) >= 0) 232 tcp_wrappers showing the remote uid as root. */
296 { 233 temporarily_use_uid(original_real_uid);
297 /* Successful connection. */ 234 if (connect(sock, (struct sockaddr *) hostaddr, sizeof(*hostaddr))
298 restore_uid(); 235 >= 0) {
299 break; 236 /* Successful connect. */
237 restore_uid();
238 break;
239 }
240 debug("connect: %.100s", strerror(errno));
241 restore_uid();
242
243 /* Destroy the failed socket. */
244 shutdown(sock, SHUT_RDWR);
245 close(sock);
246 } else {
247 /* Not a valid numeric inet address. */
248 /* Map host name to an address. */
249 if (!hp)
250 hp = gethostbyname(host);
251 if (!hp)
252 fatal("Bad host name: %.100s", host);
253 if (!hp->h_addr_list[0])
254 fatal("Host does not have an IP address: %.100s", host);
255
256 /* Loop through addresses for this host, and try
257 each one in sequence until the connection
258 succeeds. */
259 for (i = 0; hp->h_addr_list[i]; i++) {
260 /* Set the address to connect to. */
261 hostaddr->sin_family = hp->h_addrtype;
262 memcpy(&hostaddr->sin_addr, hp->h_addr_list[i],
263 sizeof(hostaddr->sin_addr));
264
265 debug("Connecting to %.200s [%.100s] port %d.",
266 host, inet_ntoa(hostaddr->sin_addr), port);
267
268 /* Create a socket for connecting. */
269 sock = ssh_create_socket(original_real_uid,
270 !anonymous && geteuid() == 0 &&
271 port < IPPORT_RESERVED);
272
273 /* Connect to the host. We use the user's uid in the hope that
274 it will help with tcp_wrappers showing the remote uid as root. */
275 temporarily_use_uid(original_real_uid);
276 if (connect(sock, (struct sockaddr *) hostaddr,
277 sizeof(*hostaddr)) >= 0) {
278 /* Successful connection. */
279 restore_uid();
280 break;
281 }
282 debug("connect: %.100s", strerror(errno));
283 restore_uid();
284
285 /* Close the failed socket; there appear to be some problems when
286 reusing a socket for which connect() has already returned an error. */
287 shutdown(sock, SHUT_RDWR);
288 close(sock);
289 }
290 if (hp->h_addr_list[i])
291 break; /* Successful connection. */
300 } 292 }
301 debug("connect: %.100s", strerror(errno));
302 restore_uid();
303
304 /* Close the failed socket; there appear to be some problems
305 when reusing a socket for which connect() has already
306 returned an error. */
307 shutdown(sock, SHUT_RDWR);
308 close(sock);
309 }
310 if (hp->h_addr_list[i])
311 break; /* Successful connection. */
312 }
313 293
314 /* Sleep a moment before retrying. */ 294 /* Sleep a moment before retrying. */
315 sleep(1); 295 sleep(1);
316 } 296 }
317 /* Return failure if we didn't get a successful connection. */ 297 /* Return failure if we didn't get a successful connection. */
318 if (attempt >= connection_attempts) 298 if (attempt >= connection_attempts)
319 return 0; 299 return 0;
320 300
321 debug("Connection established."); 301 debug("Connection established.");
322 302
323 /* Set socket options. We would like the socket to disappear as soon as 303 /* Set socket options. We would like the socket to disappear as
324 it has been closed for whatever reason. */ 304 soon as it has been closed for whatever reason. */
325 /* setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void *)&on, sizeof(on)); */ 305 /* setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void *)&on,
326 setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, (void *)&on, sizeof(on)); 306 sizeof(on)); */
327 linger.l_onoff = 1; 307 setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, (void *) &on, sizeof(on));
328 linger.l_linger = 5; 308 linger.l_onoff = 1;
329 setsockopt(sock, SOL_SOCKET, SO_LINGER, (void *)&linger, sizeof(linger)); 309 linger.l_linger = 5;
310 setsockopt(sock, SOL_SOCKET, SO_LINGER, (void *) &linger, sizeof(linger));
330 311
331 /* Set the connection. */ 312 /* Set the connection. */
332 packet_set_connection(sock, sock); 313 packet_set_connection(sock, sock);
333 314
334 return 1; 315 return 1;
335} 316}
336 317
337/* Checks if the user has an authentication agent, and if so, tries to 318/*
338 authenticate using the agent. */ 319 * Checks if the user has an authentication agent, and if so, tries to
339 320 * authenticate using the agent.
321 */
340int 322int
341try_agent_authentication() 323try_agent_authentication()
342{ 324{
343 int status, type; 325 int status, type;
344 char *comment; 326 char *comment;
345 AuthenticationConnection *auth; 327 AuthenticationConnection *auth;
346 unsigned char response[16]; 328 unsigned char response[16];
347 unsigned int i; 329 unsigned int i;
348 BIGNUM *e, *n, *challenge; 330 BIGNUM *e, *n, *challenge;
349 331
350 /* Get connection to the agent. */ 332 /* Get connection to the agent. */
351 auth = ssh_get_authentication_connection(); 333 auth = ssh_get_authentication_connection();
352 if (!auth) 334 if (!auth)
353 return 0; 335 return 0;
354 336
355 e = BN_new(); 337 e = BN_new();
356 n = BN_new(); 338 n = BN_new();
357 challenge = BN_new(); 339 challenge = BN_new();
358 340
359 /* Loop through identities served by the agent. */ 341 /* Loop through identities served by the agent. */
360 for (status = ssh_get_first_identity(auth, e, n, &comment); 342 for (status = ssh_get_first_identity(auth, e, n, &comment);
361 status; 343 status;
362 status = ssh_get_next_identity(auth, e, n, &comment)) 344 status = ssh_get_next_identity(auth, e, n, &comment)) {
363 { 345 int plen, clen;
364 int plen, clen; 346
365 347 /* Try this identity. */
366 /* Try this identity. */ 348 debug("Trying RSA authentication via agent with '%.100s'", comment);
367 debug("Trying RSA authentication via agent with '%.100s'", comment); 349 xfree(comment);
368 xfree(comment); 350
369 351 /* Tell the server that we are willing to authenticate using this key. */
370 /* Tell the server that we are willing to authenticate using this key. */ 352 packet_start(SSH_CMSG_AUTH_RSA);
371 packet_start(SSH_CMSG_AUTH_RSA); 353 packet_put_bignum(n);
372 packet_put_bignum(n); 354 packet_send();
373 packet_send(); 355 packet_write_wait();
374 packet_write_wait(); 356
375 357 /* Wait for server's response. */
376 /* Wait for server's response. */ 358 type = packet_read(&plen);
377 type = packet_read(&plen); 359
378 360 /* The server sends failure if it doesn\'t like our key or
379 /* The server sends failure if it doesn\'t like our key or does not 361 does not support RSA authentication. */
380 support RSA authentication. */ 362 if (type == SSH_SMSG_FAILURE) {
381 if (type == SSH_SMSG_FAILURE) 363 debug("Server refused our key.");
382 { 364 continue;
383 debug("Server refused our key."); 365 }
384 continue; 366 /* Otherwise it should have sent a challenge. */
385 } 367 if (type != SSH_SMSG_AUTH_RSA_CHALLENGE)
386 368 packet_disconnect("Protocol error during RSA authentication: %d",
387 /* Otherwise it should have sent a challenge. */ 369 type);
388 if (type != SSH_SMSG_AUTH_RSA_CHALLENGE)
389 packet_disconnect("Protocol error during RSA authentication: %d",
390 type);
391
392 packet_get_bignum(challenge, &clen);
393
394 packet_integrity_check(plen, clen, type);
395
396 debug("Received RSA challenge from server.");
397
398 /* Ask the agent to decrypt the challenge. */
399 if (!ssh_decrypt_challenge(auth, e, n, challenge,
400 session_id, 1, response))
401 {
402 /* The agent failed to authenticate this identifier although it
403 advertised it supports this. Just return a wrong value. */
404 log("Authentication agent failed to decrypt challenge.");
405 memset(response, 0, sizeof(response));
406 }
407
408 debug("Sending response to RSA challenge.");
409
410 /* Send the decrypted challenge back to the server. */
411 packet_start(SSH_CMSG_AUTH_RSA_RESPONSE);
412 for (i = 0; i < 16; i++)
413 packet_put_char(response[i]);
414 packet_send();
415 packet_write_wait();
416
417 /* Wait for response from the server. */
418 type = packet_read(&plen);
419
420 /* The server returns success if it accepted the authentication. */
421 if (type == SSH_SMSG_SUCCESS)
422 {
423 debug("RSA authentication accepted by server.");
424 BN_clear_free(e);
425 BN_clear_free(n);
426 BN_clear_free(challenge);
427 return 1;
428 }
429 370
430 /* Otherwise it should return failure. */ 371 packet_get_bignum(challenge, &clen);
431 if (type != SSH_SMSG_FAILURE)
432 packet_disconnect("Protocol error waiting RSA auth response: %d",
433 type);
434 }
435 372
436 BN_clear_free(e); 373 packet_integrity_check(plen, clen, type);
437 BN_clear_free(n);
438 BN_clear_free(challenge);
439 374
440 debug("RSA authentication using agent refused."); 375 debug("Received RSA challenge from server.");
441 return 0; 376
442} 377 /* Ask the agent to decrypt the challenge. */
378 if (!ssh_decrypt_challenge(auth, e, n, challenge,
379 session_id, 1, response)) {
380 /* The agent failed to authenticate this identifier although it
381 advertised it supports this. Just return a wrong value. */
382 log("Authentication agent failed to decrypt challenge.");
383 memset(response, 0, sizeof(response));
384 }
385 debug("Sending response to RSA challenge.");
386
387 /* Send the decrypted challenge back to the server. */
388 packet_start(SSH_CMSG_AUTH_RSA_RESPONSE);
389 for (i = 0; i < 16; i++)
390 packet_put_char(response[i]);
391 packet_send();
392 packet_write_wait();
393
394 /* Wait for response from the server. */
395 type = packet_read(&plen);
396
397 /* The server returns success if it accepted the authentication. */
398 if (type == SSH_SMSG_SUCCESS) {
399 debug("RSA authentication accepted by server.");
400 BN_clear_free(e);
401 BN_clear_free(n);
402 BN_clear_free(challenge);
403 return 1;
404 }
405 /* Otherwise it should return failure. */
406 if (type != SSH_SMSG_FAILURE)
407 packet_disconnect("Protocol error waiting RSA auth response: %d",
408 type);
409 }
410
411 BN_clear_free(e);
412 BN_clear_free(n);
413 BN_clear_free(challenge);
443 414
444/* Computes the proper response to a RSA challenge, and sends the response to 415 debug("RSA authentication using agent refused.");
445 the server. */ 416 return 0;
417}
446 418
419/*
420 * Computes the proper response to a RSA challenge, and sends the response to
421 * the server.
422 */
447void 423void
448respond_to_rsa_challenge(BIGNUM *challenge, RSA *prv) 424respond_to_rsa_challenge(BIGNUM * challenge, RSA * prv)
449{ 425{
450 unsigned char buf[32], response[16]; 426 unsigned char buf[32], response[16];
451 MD5_CTX md; 427 MD5_CTX md;
452 int i, len; 428 int i, len;
453 429
454 /* Decrypt the challenge using the private key. */ 430 /* Decrypt the challenge using the private key. */
455 rsa_private_decrypt(challenge, challenge, prv); 431 rsa_private_decrypt(challenge, challenge, prv);
456 432
457 /* Compute the response. */ 433 /* Compute the response. */
458 /* The response is MD5 of decrypted challenge plus session id. */ 434 /* The response is MD5 of decrypted challenge plus session id. */
459 len = BN_num_bytes(challenge); 435 len = BN_num_bytes(challenge);
460 if (len <= 0 || len > sizeof(buf)) 436 if (len <= 0 || len > sizeof(buf))
461 packet_disconnect("respond_to_rsa_challenge: bad challenge length %d", 437 packet_disconnect("respond_to_rsa_challenge: bad challenge length %d",
462 len); 438 len);
463 439
464 memset(buf, 0, sizeof(buf)); 440 memset(buf, 0, sizeof(buf));
465 BN_bn2bin(challenge, buf + sizeof(buf) - len); 441 BN_bn2bin(challenge, buf + sizeof(buf) - len);
466 MD5_Init(&md); 442 MD5_Init(&md);
467 MD5_Update(&md, buf, 32); 443 MD5_Update(&md, buf, 32);
468 MD5_Update(&md, session_id, 16); 444 MD5_Update(&md, session_id, 16);
469 MD5_Final(response, &md); 445 MD5_Final(response, &md);
470 446
471 debug("Sending response to host key RSA challenge."); 447 debug("Sending response to host key RSA challenge.");
472 448
473 /* Send the response back to the server. */ 449 /* Send the response back to the server. */
474 packet_start(SSH_CMSG_AUTH_RSA_RESPONSE); 450 packet_start(SSH_CMSG_AUTH_RSA_RESPONSE);
475 for (i = 0; i < 16; i++) 451 for (i = 0; i < 16; i++)
476 packet_put_char(response[i]); 452 packet_put_char(response[i]);
477 packet_send(); 453 packet_send();
478 packet_write_wait(); 454 packet_write_wait();
479
480 memset(buf, 0, sizeof(buf));
481 memset(response, 0, sizeof(response));
482 memset(&md, 0, sizeof(md));
483}
484 455
485/* Checks if the user has authentication file, and if so, tries to authenticate 456 memset(buf, 0, sizeof(buf));
486 the user using it. */ 457 memset(response, 0, sizeof(response));
458 memset(&md, 0, sizeof(md));
459}
487 460
461/*
462 * Checks if the user has authentication file, and if so, tries to authenticate
463 * the user using it.
464 */
488int 465int
489try_rsa_authentication(struct passwd *pw, const char *authfile) 466try_rsa_authentication(struct passwd * pw, const char *authfile)
490{ 467{
491 extern Options options; 468 extern Options options;
492 BIGNUM *challenge; 469 BIGNUM *challenge;
493 RSA *private_key; 470 RSA *private_key;
494 RSA *public_key; 471 RSA *public_key;
495 char *passphrase, *comment; 472 char *passphrase, *comment;
496 int type, i; 473 int type, i;
497 int plen, clen; 474 int plen, clen;
498 475
499 /* Try to load identification for the authentication key. */ 476 /* Try to load identification for the authentication key. */
500 public_key = RSA_new(); 477 public_key = RSA_new();
501 if (!load_public_key(authfile, public_key, &comment)) { 478 if (!load_public_key(authfile, public_key, &comment)) {
502 RSA_free(public_key); 479 RSA_free(public_key);
503 return 0; /* Could not load it. Fail. */ 480 return 0; /* Could not load it. Fail. */
504 }
505
506 debug("Trying RSA authentication with key '%.100s'", comment);
507
508 /* Tell the server that we are willing to authenticate using this key. */
509 packet_start(SSH_CMSG_AUTH_RSA);
510 packet_put_bignum(public_key->n);
511 packet_send();
512 packet_write_wait();
513
514 /* We no longer need the public key. */
515 RSA_free(public_key);
516
517 /* Wait for server's response. */
518 type = packet_read(&plen);
519
520 /* The server responds with failure if it doesn\'t like our key or doesn\'t
521 support RSA authentication. */
522 if (type == SSH_SMSG_FAILURE)
523 {
524 debug("Server refused our key.");
525 xfree(comment);
526 return 0; /* Server refuses to authenticate with this key. */
527 }
528
529 /* Otherwise, the server should respond with a challenge. */
530 if (type != SSH_SMSG_AUTH_RSA_CHALLENGE)
531 packet_disconnect("Protocol error during RSA authentication: %d", type);
532
533 /* Get the challenge from the packet. */
534 challenge = BN_new();
535 packet_get_bignum(challenge, &clen);
536
537 packet_integrity_check(plen, clen, type);
538
539 debug("Received RSA challenge from server.");
540
541 private_key = RSA_new();
542 /* Load the private key. Try first with empty passphrase; if it fails,
543 ask for a passphrase. */
544 if (!load_private_key(authfile, "", private_key, NULL))
545 {
546 char buf[300];
547 /* Request passphrase from the user. We read from /dev/tty to make
548 this work even if stdin has been redirected. If running in
549 batch mode, we just use the empty passphrase, which will fail and
550 return. */
551 snprintf(buf, sizeof buf,
552 "Enter passphrase for RSA key '%.100s': ", comment);
553 if (!options.batch_mode)
554 passphrase = read_passphrase(buf, 0);
555 else
556 {
557 debug("Will not query passphrase for %.100s in batch mode.",
558 comment);
559 passphrase = xstrdup("");
560 } 481 }
561 482 debug("Trying RSA authentication with key '%.100s'", comment);
562 /* Load the authentication file using the pasphrase. */ 483
563 if (!load_private_key(authfile, passphrase, private_key, NULL)) 484 /* Tell the server that we are willing to authenticate using this key. */
564 { 485 packet_start(SSH_CMSG_AUTH_RSA);
565 memset(passphrase, 0, strlen(passphrase)); 486 packet_put_bignum(public_key->n);
566 xfree(passphrase); 487 packet_send();
567 error("Bad passphrase."); 488 packet_write_wait();
568 489
569 /* Send a dummy response packet to avoid protocol error. */ 490 /* We no longer need the public key. */
570 packet_start(SSH_CMSG_AUTH_RSA_RESPONSE); 491 RSA_free(public_key);
571 for (i = 0; i < 16; i++) 492
572 packet_put_char(0); 493 /* Wait for server's response. */
573 packet_send(); 494 type = packet_read(&plen);
574 packet_write_wait(); 495
575 496 /* The server responds with failure if it doesn\'t like our key or
576 /* Expect the server to reject it... */ 497 doesn\'t support RSA authentication. */
577 packet_read_expect(&plen, SSH_SMSG_FAILURE); 498 if (type == SSH_SMSG_FAILURE) {
578 xfree(comment); 499 debug("Server refused our key.");
579 return 0; 500 xfree(comment);
501 return 0; /* Server refuses to authenticate with
502 this key. */
580 } 503 }
504 /* Otherwise, the server should respond with a challenge. */
505 if (type != SSH_SMSG_AUTH_RSA_CHALLENGE)
506 packet_disconnect("Protocol error during RSA authentication: %d", type);
507
508 /* Get the challenge from the packet. */
509 challenge = BN_new();
510 packet_get_bignum(challenge, &clen);
511
512 packet_integrity_check(plen, clen, type);
513
514 debug("Received RSA challenge from server.");
515
516 private_key = RSA_new();
517 /* Load the private key. Try first with empty passphrase; if it
518 fails, ask for a passphrase. */
519 if (!load_private_key(authfile, "", private_key, NULL)) {
520 char buf[300];
521 snprintf(buf, sizeof buf, "Enter passphrase for RSA key '%.100s': ",
522 comment);
523 if (!options.batch_mode)
524 passphrase = read_passphrase(buf, 0);
525 else {
526 debug("Will not query passphrase for %.100s in batch mode.",
527 comment);
528 passphrase = xstrdup("");
529 }
581 530
582 /* Destroy the passphrase. */ 531 /* Load the authentication file using the pasphrase. */
583 memset(passphrase, 0, strlen(passphrase)); 532 if (!load_private_key(authfile, passphrase, private_key, NULL)) {
584 xfree(passphrase); 533 memset(passphrase, 0, strlen(passphrase));
585 } 534 xfree(passphrase);
586 535 error("Bad passphrase.");
587 /* We no longer need the comment. */ 536
588 xfree(comment); 537 /* Send a dummy response packet to avoid protocol error. */
589 538 packet_start(SSH_CMSG_AUTH_RSA_RESPONSE);
590 /* Compute and send a response to the challenge. */ 539 for (i = 0; i < 16; i++)
591 respond_to_rsa_challenge(challenge, private_key); 540 packet_put_char(0);
592 541 packet_send();
593 /* Destroy the private key. */ 542 packet_write_wait();
594 RSA_free(private_key); 543
595 544 /* Expect the server to reject it... */
596 /* We no longer need the challenge. */ 545 packet_read_expect(&plen, SSH_SMSG_FAILURE);
597 BN_clear_free(challenge); 546 xfree(comment);
598 547 return 0;
599 /* Wait for response from the server. */ 548 }
600 type = packet_read(&plen); 549 /* Destroy the passphrase. */
601 if (type == SSH_SMSG_SUCCESS) 550 memset(passphrase, 0, strlen(passphrase));
602 { 551 xfree(passphrase);
603 debug("RSA authentication accepted by server."); 552 }
604 return 1; 553 /* We no longer need the comment. */
605 } 554 xfree(comment);
606 if (type != SSH_SMSG_FAILURE) 555
607 packet_disconnect("Protocol error waiting RSA auth response: %d", type); 556 /* Compute and send a response to the challenge. */
608 debug("RSA authentication refused."); 557 respond_to_rsa_challenge(challenge, private_key);
609 return 0; 558
610} 559 /* Destroy the private key. */
560 RSA_free(private_key);
611 561
612/* Tries to authenticate the user using combined rhosts or /etc/hosts.equiv 562 /* We no longer need the challenge. */
613 authentication and RSA host authentication. */ 563 BN_clear_free(challenge);
564
565 /* Wait for response from the server. */
566 type = packet_read(&plen);
567 if (type == SSH_SMSG_SUCCESS) {
568 debug("RSA authentication accepted by server.");
569 return 1;
570 }
571 if (type != SSH_SMSG_FAILURE)
572 packet_disconnect("Protocol error waiting RSA auth response: %d", type);
573 debug("RSA authentication refused.");
574 return 0;
575}
614 576
577/*
578 * Tries to authenticate the user using combined rhosts or /etc/hosts.equiv
579 * authentication and RSA host authentication.
580 */
615int 581int
616try_rhosts_rsa_authentication(const char *local_user, RSA *host_key) 582try_rhosts_rsa_authentication(const char *local_user, RSA * host_key)
617{ 583{
618 int type; 584 int type;
619 BIGNUM *challenge; 585 BIGNUM *challenge;
620 int plen, clen; 586 int plen, clen;
621 587
622 debug("Trying rhosts or /etc/hosts.equiv with RSA host authentication."); 588 debug("Trying rhosts or /etc/hosts.equiv with RSA host authentication.");
623 589
624 /* Tell the server that we are willing to authenticate using this key. */ 590 /* Tell the server that we are willing to authenticate using this key. */
625 packet_start(SSH_CMSG_AUTH_RHOSTS_RSA); 591 packet_start(SSH_CMSG_AUTH_RHOSTS_RSA);
626 packet_put_string(local_user, strlen(local_user)); 592 packet_put_string(local_user, strlen(local_user));
627 packet_put_int(BN_num_bits(host_key->n)); 593 packet_put_int(BN_num_bits(host_key->n));
628 packet_put_bignum(host_key->e); 594 packet_put_bignum(host_key->e);
629 packet_put_bignum(host_key->n); 595 packet_put_bignum(host_key->n);
630 packet_send(); 596 packet_send();
631 packet_write_wait(); 597 packet_write_wait();
632 598
633 /* Wait for server's response. */ 599 /* Wait for server's response. */
634 type = packet_read(&plen); 600 type = packet_read(&plen);
635 601
636 /* The server responds with failure if it doesn't admit our .rhosts 602 /* The server responds with failure if it doesn't admit our
637 authentication or doesn't know our host key. */ 603 .rhosts authentication or doesn't know our host key. */
638 if (type == SSH_SMSG_FAILURE) 604 if (type == SSH_SMSG_FAILURE) {
639 { 605 debug("Server refused our rhosts authentication or host key.");
640 debug("Server refused our rhosts authentication or host key."); 606 return 0;
641 return 0; /* Server refuses to authenticate us with this method. */ 607 }
642 } 608 /* Otherwise, the server should respond with a challenge. */
643 609 if (type != SSH_SMSG_AUTH_RSA_CHALLENGE)
644 /* Otherwise, the server should respond with a challenge. */ 610 packet_disconnect("Protocol error during RSA authentication: %d", type);
645 if (type != SSH_SMSG_AUTH_RSA_CHALLENGE) 611
646 packet_disconnect("Protocol error during RSA authentication: %d", type); 612 /* Get the challenge from the packet. */
647 613 challenge = BN_new();
648 /* Get the challenge from the packet. */ 614 packet_get_bignum(challenge, &clen);
649 challenge = BN_new(); 615
650 packet_get_bignum(challenge, &clen); 616 packet_integrity_check(plen, clen, type);
651 617
652 packet_integrity_check(plen, clen, type); 618 debug("Received RSA challenge for host key from server.");
653 619
654 debug("Received RSA challenge for host key from server."); 620 /* Compute a response to the challenge. */
655 621 respond_to_rsa_challenge(challenge, host_key);
656 /* Compute a response to the challenge. */ 622
657 respond_to_rsa_challenge(challenge, host_key); 623 /* We no longer need the challenge. */
658 624 BN_clear_free(challenge);
659 /* We no longer need the challenge. */ 625
660 BN_clear_free(challenge); 626 /* Wait for response from the server. */
661 627 type = packet_read(&plen);
662 /* Wait for response from the server. */ 628 if (type == SSH_SMSG_SUCCESS) {
663 type = packet_read(&plen); 629 debug("Rhosts or /etc/hosts.equiv with RSA host authentication accepted by server.");
664 if (type == SSH_SMSG_SUCCESS) 630 return 1;
665 { 631 }
666 debug("Rhosts or /etc/hosts.equiv with RSA host authentication accepted by server."); 632 if (type != SSH_SMSG_FAILURE)
667 return 1; 633 packet_disconnect("Protocol error waiting RSA auth response: %d", type);
668 } 634 debug("Rhosts or /etc/hosts.equiv with RSA host authentication refused.");
669 if (type != SSH_SMSG_FAILURE) 635 return 0;
670 packet_disconnect("Protocol error waiting RSA auth response: %d", type);
671 debug("Rhosts or /etc/hosts.equiv with RSA host authentication refused.");
672 return 0;
673} 636}
674 637
675#ifdef KRB4 638#ifdef KRB4
676int try_kerberos_authentication() 639int
640try_kerberos_authentication()
677{ 641{
678 KTEXT_ST auth; /* Kerberos data */ 642 KTEXT_ST auth; /* Kerberos data */
679 char *reply; 643 char *reply;
680 char inst[INST_SZ]; 644 char inst[INST_SZ];
681 char *realm; 645 char *realm;
682 CREDENTIALS cred; 646 CREDENTIALS cred;
683 int r, type, plen; 647 int r, type, plen;
684 Key_schedule schedule; 648 Key_schedule schedule;
685 u_long checksum, cksum; 649 u_long checksum, cksum;
686 MSG_DAT msg_data; 650 MSG_DAT msg_data;
687 struct sockaddr_in local, foreign; 651 struct sockaddr_in local, foreign;
688 struct stat st; 652 struct stat st;
689 653
690 /* Don't do anything if we don't have any tickets. */ 654 /* Don't do anything if we don't have any tickets. */
691 if (stat(tkt_string(), &st) < 0) return 0; 655 if (stat(tkt_string(), &st) < 0)
692 656 return 0;
693 strncpy(inst, (char *) krb_get_phost(get_canonical_hostname()), INST_SZ); 657
694 658 strncpy(inst, (char *) krb_get_phost(get_canonical_hostname()), INST_SZ);
695 realm = (char *)krb_realmofhost(get_canonical_hostname()); 659
696 if (!realm) { 660 realm = (char *) krb_realmofhost(get_canonical_hostname());
697 debug("Kerberos V4: no realm for %s", get_canonical_hostname()); 661 if (!realm) {
698 return 0; 662 debug("Kerberos V4: no realm for %s", get_canonical_hostname());
699 } 663 return 0;
700 /* This can really be anything. */ 664 }
701 checksum = (u_long) getpid(); 665 /* This can really be anything. */
702 666 checksum = (u_long) getpid();
703 r = krb_mk_req(&auth, KRB4_SERVICE_NAME, inst, realm, checksum); 667
704 if (r != KSUCCESS) { 668 r = krb_mk_req(&auth, KRB4_SERVICE_NAME, inst, realm, checksum);
705 debug("Kerberos V4 krb_mk_req failed: %s", krb_err_txt[r]); 669 if (r != KSUCCESS) {
706 return 0; 670 debug("Kerberos V4 krb_mk_req failed: %s", krb_err_txt[r]);
707 } 671 return 0;
708 /* Get session key to decrypt the server's reply with. */ 672 }
709 r = krb_get_cred(KRB4_SERVICE_NAME, inst, realm, &cred); 673 /* Get session key to decrypt the server's reply with. */
710 if (r != KSUCCESS) { 674 r = krb_get_cred(KRB4_SERVICE_NAME, inst, realm, &cred);
711 debug("get_cred failed: %s", krb_err_txt[r]); 675 if (r != KSUCCESS) {
712 return 0; 676 debug("get_cred failed: %s", krb_err_txt[r]);
713 } 677 return 0;
714 des_key_sched((des_cblock *)cred.session, schedule); 678 }
715 679 des_key_sched((des_cblock *) cred.session, schedule);
716 /* Send authentication info to server. */ 680
717 packet_start(SSH_CMSG_AUTH_KERBEROS); 681 /* Send authentication info to server. */
718 packet_put_string((char *)auth.dat, auth.length); 682 packet_start(SSH_CMSG_AUTH_KERBEROS);
719 packet_send(); 683 packet_put_string((char *) auth.dat, auth.length);
720 packet_write_wait(); 684 packet_send();
721 685 packet_write_wait();
722 /* Zero the buffer. */ 686
723 (void) memset(auth.dat, 0, MAX_KTXT_LEN); 687 /* Zero the buffer. */
724 688 (void) memset(auth.dat, 0, MAX_KTXT_LEN);
725 r = sizeof(local); 689
726 memset(&local, 0, sizeof(local)); 690 r = sizeof(local);
727 if (getsockname(packet_get_connection_in(), 691 memset(&local, 0, sizeof(local));
728 (struct sockaddr *) &local, &r) < 0) 692 if (getsockname(packet_get_connection_in(),
729 debug("getsockname failed: %s", strerror(errno)); 693 (struct sockaddr *) & local, &r) < 0)
730 694 debug("getsockname failed: %s", strerror(errno));
731 r = sizeof(foreign); 695
732 memset(&foreign, 0, sizeof(foreign)); 696 r = sizeof(foreign);
733 if (getpeername(packet_get_connection_in(), 697 memset(&foreign, 0, sizeof(foreign));
734 (struct sockaddr *)&foreign, &r) < 0) { 698 if (getpeername(packet_get_connection_in(),
735 debug("getpeername failed: %s", strerror(errno)); 699 (struct sockaddr *) & foreign, &r) < 0) {
736 fatal_cleanup(); 700 debug("getpeername failed: %s", strerror(errno));
737 } 701 fatal_cleanup();
738 702 }
739 /* Get server reply. */ 703 /* Get server reply. */
740 type = packet_read(&plen); 704 type = packet_read(&plen);
741 switch(type) { 705 switch (type) {
742 706 case SSH_SMSG_FAILURE:
743 case SSH_SMSG_FAILURE: /* Should really be SSH_SMSG_AUTH_KERBEROS_FAILURE */ 707 /* Should really be SSH_SMSG_AUTH_KERBEROS_FAILURE */
744 debug("Kerberos V4 authentication failed."); 708 debug("Kerberos V4 authentication failed.");
745 return 0; 709 return 0;
746 break; 710 break;
747 711
748 case SSH_SMSG_AUTH_KERBEROS_RESPONSE: /* SSH_SMSG_AUTH_KERBEROS_SUCCESS */ 712 case SSH_SMSG_AUTH_KERBEROS_RESPONSE:
749 debug("Kerberos V4 authentication accepted."); 713 /* SSH_SMSG_AUTH_KERBEROS_SUCCESS */
750 714 debug("Kerberos V4 authentication accepted.");
751 /* Get server's response. */ 715
752 reply = packet_get_string((unsigned int *)&auth.length); 716 /* Get server's response. */
753 memcpy(auth.dat, reply, auth.length); 717 reply = packet_get_string((unsigned int *) &auth.length);
754 xfree(reply); 718 memcpy(auth.dat, reply, auth.length);
755 719 xfree(reply);
756 packet_integrity_check(plen, 4 + auth.length, type); 720
757 721 packet_integrity_check(plen, 4 + auth.length, type);
758 /* If his response isn't properly encrypted with the session key, 722
759 and the decrypted checksum fails to match, he's bogus. Bail out. */ 723 /* If his response isn't properly encrypted with the
760 r = krb_rd_priv(auth.dat, auth.length, schedule, &cred.session, 724 session key, and the decrypted checksum fails to match,
761 &foreign, &local, &msg_data); 725 he's bogus. Bail out. */
762 if (r != KSUCCESS) { 726 r = krb_rd_priv(auth.dat, auth.length, schedule, &cred.session,
763 debug("Kerberos V4 krb_rd_priv failed: %s", krb_err_txt[r]); 727 &foreign, &local, &msg_data);
764 packet_disconnect("Kerberos V4 challenge failed!"); 728 if (r != KSUCCESS) {
765 } 729 debug("Kerberos V4 krb_rd_priv failed: %s", krb_err_txt[r]);
766 /* Fetch the (incremented) checksum that we supplied in the request. */ 730 packet_disconnect("Kerberos V4 challenge failed!");
767 (void)memcpy((char *)&cksum, (char *)msg_data.app_data, sizeof(cksum)); 731 }
768 cksum = ntohl(cksum); 732 /* Fetch the (incremented) checksum that we supplied in the request. */
769 733 (void) memcpy((char *) &cksum, (char *) msg_data.app_data, sizeof(cksum));
770 /* If it matches, we're golden. */ 734 cksum = ntohl(cksum);
771 if (cksum == checksum + 1) { 735
772 debug("Kerberos V4 challenge successful."); 736 /* If it matches, we're golden. */
773 return 1; 737 if (cksum == checksum + 1) {
774 } 738 debug("Kerberos V4 challenge successful.");
775 else 739 return 1;
776 packet_disconnect("Kerberos V4 challenge failed!"); 740 } else
777 break; 741 packet_disconnect("Kerberos V4 challenge failed!");
778 742 break;
779 default: 743
780 packet_disconnect("Protocol error on Kerberos V4 response: %d", type); 744 default:
781 } 745 packet_disconnect("Protocol error on Kerberos V4 response: %d", type);
782 return 0; 746 }
747 return 0;
783} 748}
749
784#endif /* KRB4 */ 750#endif /* KRB4 */
785 751
786#ifdef AFS 752#ifdef AFS
787int send_kerberos_tgt() 753int
754send_kerberos_tgt()
788{ 755{
789 CREDENTIALS *creds; 756 CREDENTIALS *creds;
790 char pname[ANAME_SZ], pinst[INST_SZ], prealm[REALM_SZ]; 757 char pname[ANAME_SZ], pinst[INST_SZ], prealm[REALM_SZ];
791 int r, type, plen; 758 int r, type, plen;
792 unsigned char buffer[8192]; 759 unsigned char buffer[8192];
793 struct stat st; 760 struct stat st;
794 761
795 /* Don't do anything if we don't have any tickets. */ 762 /* Don't do anything if we don't have any tickets. */
796 if (stat(tkt_string(), &st) < 0) return 0; 763 if (stat(tkt_string(), &st) < 0)
797 764 return 0;
798 creds = xmalloc(sizeof(*creds)); 765
799 766 creds = xmalloc(sizeof(*creds));
800 if ((r = krb_get_tf_fullname(TKT_FILE, pname, pinst, prealm)) != KSUCCESS) { 767
801 debug("Kerberos V4 tf_fullname failed: %s",krb_err_txt[r]); 768 if ((r = krb_get_tf_fullname(TKT_FILE, pname, pinst, prealm)) != KSUCCESS) {
802 return 0; 769 debug("Kerberos V4 tf_fullname failed: %s", krb_err_txt[r]);
803 } 770 return 0;
804 if ((r = krb_get_cred("krbtgt", prealm, prealm, creds)) != GC_OK) { 771 }
805 debug("Kerberos V4 get_cred failed: %s", krb_err_txt[r]); 772 if ((r = krb_get_cred("krbtgt", prealm, prealm, creds)) != GC_OK) {
806 return 0; 773 debug("Kerberos V4 get_cred failed: %s", krb_err_txt[r]);
807 } 774 return 0;
808 if (time(0) > krb_life_to_time(creds->issue_date, creds->lifetime)) { 775 }
809 debug("Kerberos V4 ticket expired: %s", TKT_FILE); 776 if (time(0) > krb_life_to_time(creds->issue_date, creds->lifetime)) {
810 return 0; 777 debug("Kerberos V4 ticket expired: %s", TKT_FILE);
811 } 778 return 0;
812 779 }
813 creds_to_radix(creds, buffer); 780 creds_to_radix(creds, buffer);
814 xfree(creds); 781 xfree(creds);
815 782
816 packet_start(SSH_CMSG_HAVE_KERBEROS_TGT); 783 packet_start(SSH_CMSG_HAVE_KERBEROS_TGT);
817 packet_put_string((char *)buffer, strlen(buffer)); 784 packet_put_string((char *) buffer, strlen(buffer));
818 packet_send(); 785 packet_send();
819 packet_write_wait(); 786 packet_write_wait();
820 787
821 type = packet_read(&plen); 788 type = packet_read(&plen);
822 789
823 if (type == SSH_SMSG_FAILURE) 790 if (type == SSH_SMSG_FAILURE)
824 debug("Kerberos TGT for realm %s rejected.", prealm); 791 debug("Kerberos TGT for realm %s rejected.", prealm);
825 else if (type != SSH_SMSG_SUCCESS) 792 else if (type != SSH_SMSG_SUCCESS)
826 packet_disconnect("Protocol error on Kerberos TGT response: %d", type); 793 packet_disconnect("Protocol error on Kerberos TGT response: %d", type);
827 794
828 return 1; 795 return 1;
829} 796}
830 797
831void send_afs_tokens(void) 798void
799send_afs_tokens(void)
832{ 800{
833 CREDENTIALS creds; 801 CREDENTIALS creds;
834 struct ViceIoctl parms; 802 struct ViceIoctl parms;
835 struct ClearToken ct; 803 struct ClearToken ct;
836 int i, type, len, plen; 804 int i, type, len, plen;
837 char buf[2048], *p, *server_cell; 805 char buf[2048], *p, *server_cell;
838 unsigned char buffer[8192]; 806 unsigned char buffer[8192];
839 807
840 /* Move over ktc_GetToken, here's something leaner. */ 808 /* Move over ktc_GetToken, here's something leaner. */
841 for (i = 0; i < 100; i++) { /* just in case */ 809 for (i = 0; i < 100; i++) { /* just in case */
842 parms.in = (char *)&i; 810 parms.in = (char *) &i;
843 parms.in_size = sizeof(i); 811 parms.in_size = sizeof(i);
844 parms.out = buf; 812 parms.out = buf;
845 parms.out_size = sizeof(buf); 813 parms.out_size = sizeof(buf);
846 if (k_pioctl(0, VIOCGETTOK, &parms, 0) != 0) break; 814 if (k_pioctl(0, VIOCGETTOK, &parms, 0) != 0)
847 p = buf; 815 break;
848 816 p = buf;
849 /* Get secret token. */ 817
850 memcpy(&creds.ticket_st.length, p, sizeof(unsigned int)); 818 /* Get secret token. */
851 if (creds.ticket_st.length > MAX_KTXT_LEN) break; 819 memcpy(&creds.ticket_st.length, p, sizeof(unsigned int));
852 p += sizeof(unsigned int); 820 if (creds.ticket_st.length > MAX_KTXT_LEN)
853 memcpy(creds.ticket_st.dat, p, creds.ticket_st.length); 821 break;
854 p += creds.ticket_st.length; 822 p += sizeof(unsigned int);
855 823 memcpy(creds.ticket_st.dat, p, creds.ticket_st.length);
856 /* Get clear token. */ 824 p += creds.ticket_st.length;
857 memcpy(&len, p, sizeof(len)); 825
858 if (len != sizeof(struct ClearToken)) break; 826 /* Get clear token. */
859 p += sizeof(len); 827 memcpy(&len, p, sizeof(len));
860 memcpy(&ct, p, len); 828 if (len != sizeof(struct ClearToken))
861 p += len; 829 break;
862 p += sizeof(len); /* primary flag */ 830 p += sizeof(len);
863 server_cell = p; 831 memcpy(&ct, p, len);
864 832 p += len;
865 /* Flesh out our credentials. */ 833 p += sizeof(len); /* primary flag */
866 strlcpy(creds.service, "afs", sizeof creds.service); 834 server_cell = p;
867 creds.instance[0] = '\0'; 835
868 strlcpy(creds.realm, server_cell, REALM_SZ); 836 /* Flesh out our credentials. */
869 memcpy(creds.session, ct.HandShakeKey, DES_KEY_SZ); 837 strlcpy(creds.service, "afs", sizeof creds.service);
870 creds.issue_date = ct.BeginTimestamp; 838 creds.instance[0] = '\0';
871 creds.lifetime = krb_time_to_life(creds.issue_date, ct.EndTimestamp); 839 strlcpy(creds.realm, server_cell, REALM_SZ);
872 creds.kvno = ct.AuthHandle; 840 memcpy(creds.session, ct.HandShakeKey, DES_KEY_SZ);
873 snprintf(creds.pname, sizeof(creds.pname), "AFS ID %d", ct.ViceId); 841 creds.issue_date = ct.BeginTimestamp;
874 creds.pinst[0] = '\0'; 842 creds.lifetime = krb_time_to_life(creds.issue_date, ct.EndTimestamp);
875 843 creds.kvno = ct.AuthHandle;
876 /* Encode token, ship it off. */ 844 snprintf(creds.pname, sizeof(creds.pname), "AFS ID %d", ct.ViceId);
877 if (!creds_to_radix(&creds, buffer)) break; 845 creds.pinst[0] = '\0';
878 packet_start(SSH_CMSG_HAVE_AFS_TOKEN); 846
879 packet_put_string((char *)buffer, strlen(buffer)); 847 /* Encode token, ship it off. */
880 packet_send(); 848 if (!creds_to_radix(&creds, buffer))
881 packet_write_wait(); 849 break;
882 850 packet_start(SSH_CMSG_HAVE_AFS_TOKEN);
883 /* Roger, Roger. Clearance, Clarence. What's your vector, Victor? */ 851 packet_put_string((char *) buffer, strlen(buffer));
884 type = packet_read(&plen); 852 packet_send();
885 853 packet_write_wait();
886 if (type == SSH_SMSG_FAILURE) 854
887 debug("AFS token for cell %s rejected.", server_cell); 855 /* Roger, Roger. Clearance, Clarence. What's your vector,
888 else if (type != SSH_SMSG_SUCCESS) 856 Victor? */
889 packet_disconnect("Protocol error on AFS token response: %d", type); 857 type = packet_read(&plen);
890 } 858
859 if (type == SSH_SMSG_FAILURE)
860 debug("AFS token for cell %s rejected.", server_cell);
861 else if (type != SSH_SMSG_SUCCESS)
862 packet_disconnect("Protocol error on AFS token response: %d", type);
863 }
891} 864}
892#endif /* AFS */
893 865
894/* Waits for the server identification string, and sends our own identification 866#endif /* AFS */
895 string. */
896 867
897void ssh_exchange_identification() 868/*
869 * Waits for the server identification string, and sends our own
870 * identification string.
871 */
872void
873ssh_exchange_identification()
898{ 874{
899 char buf[256], remote_version[256]; /* must be same size! */ 875 char buf[256], remote_version[256]; /* must be same size! */
900 int remote_major, remote_minor, i; 876 int remote_major, remote_minor, i;
901 int connection_in = packet_get_connection_in(); 877 int connection_in = packet_get_connection_in();
902 int connection_out = packet_get_connection_out(); 878 int connection_out = packet_get_connection_out();
903 extern Options options; 879 extern Options options;
904 880
905 /* Read other side\'s version identification. */ 881 /* Read other side\'s version identification. */
906 for (i = 0; i < sizeof(buf) - 1; i++) 882 for (i = 0; i < sizeof(buf) - 1; i++) {
907 { 883 if (read(connection_in, &buf[i], 1) != 1)
908 if (read(connection_in, &buf[i], 1) != 1) 884 fatal("ssh_exchange_identification: read: %.100s", strerror(errno));
909 fatal("ssh_exchange_identification: read: %.100s", strerror(errno)); 885 if (buf[i] == '\r') {
910 if (buf[i] == '\r') 886 buf[i] = '\n';
911 { 887 buf[i + 1] = 0;
912 buf[i] = '\n'; 888 break;
913 buf[i + 1] = 0; 889 }
914 break; 890 if (buf[i] == '\n') {
891 buf[i + 1] = 0;
892 break;
893 }
915 } 894 }
916 if (buf[i] == '\n') 895 buf[sizeof(buf) - 1] = 0;
917 { 896
918 buf[i + 1] = 0; 897 /* Check that the versions match. In future this might accept
919 break; 898 several versions and set appropriate flags to handle them. */
899 if (sscanf(buf, "SSH-%d.%d-%[^\n]\n", &remote_major, &remote_minor,
900 remote_version) != 3)
901 fatal("Bad remote protocol version identification: '%.100s'", buf);
902 debug("Remote protocol version %d.%d, remote software version %.100s",
903 remote_major, remote_minor, remote_version);
904
905 /* Check if the remote protocol version is too old. */
906 if (remote_major == 1 && remote_minor < 3)
907 fatal("Remote machine has too old SSH software version.");
908
909 /* We speak 1.3, too. */
910 if (remote_major == 1 && remote_minor == 3) {
911 enable_compat13();
912 if (options.forward_agent && strcmp(remote_version, SSH_VERSION) != 0) {
913 log("Agent forwarding disabled, remote version '%s' is not compatible.",
914 remote_version);
915 options.forward_agent = 0;
916 }
920 } 917 }
921 }
922 buf[sizeof(buf) - 1] = 0;
923
924 /* Check that the versions match. In future this might accept several
925 versions and set appropriate flags to handle them. */
926 if (sscanf(buf, "SSH-%d.%d-%[^\n]\n", &remote_major, &remote_minor,
927 remote_version) != 3)
928 fatal("Bad remote protocol version identification: '%.100s'", buf);
929 debug("Remote protocol version %d.%d, remote software version %.100s",
930 remote_major, remote_minor, remote_version);
931
932 /* Check if the remote protocol version is too old. */
933 if (remote_major == 1 && remote_minor < 3)
934 fatal("Remote machine has too old SSH software version.");
935
936 /* We speak 1.3, too. */
937 if (remote_major == 1 && remote_minor == 3) {
938 enable_compat13();
939 if (options.forward_agent && strcmp(remote_version, SSH_VERSION) != 0) {
940 log("Agent forwarding disabled, remote version '%s' is not compatible.",
941 remote_version);
942 options.forward_agent = 0;
943 }
944 }
945#if 0 918#if 0
946 /* Removed for now, to permit compatibility with latter versions. The server 919 /* Removed for now, to permit compatibility with latter versions.
947 will reject our version and disconnect if it doesn't support it. */ 920 The server will reject our version and disconnect if it doesn't
948 if (remote_major != PROTOCOL_MAJOR) 921 support it. */
949 fatal("Protocol major versions differ: %d vs. %d", 922 if (remote_major != PROTOCOL_MAJOR)
950 PROTOCOL_MAJOR, remote_major); 923 fatal("Protocol major versions differ: %d vs. %d",
924 PROTOCOL_MAJOR, remote_major);
951#endif 925#endif
952 926
953 /* Send our own protocol version identification. */ 927 /* Send our own protocol version identification. */
954 snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s\n", 928 snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s\n",
955 PROTOCOL_MAJOR, PROTOCOL_MINOR, SSH_VERSION); 929 PROTOCOL_MAJOR, PROTOCOL_MINOR, SSH_VERSION);
956 if (write(connection_out, buf, strlen(buf)) != strlen(buf)) 930 if (write(connection_out, buf, strlen(buf)) != strlen(buf))
957 fatal("write: %.100s", strerror(errno)); 931 fatal("write: %.100s", strerror(errno));
958} 932}
959 933
960int ssh_cipher_default = SSH_CIPHER_3DES; 934int ssh_cipher_default = SSH_CIPHER_3DES;
961 935
962int read_yes_or_no(const char *prompt, int defval) 936int
937read_yes_or_no(const char *prompt, int defval)
963{ 938{
964 char buf[1024]; 939 char buf[1024];
965 FILE *f; 940 FILE *f;
966 int retval = -1; 941 int retval = -1;
967 942
968 if (isatty(0)) 943 if (isatty(0))
969 f = stdin; 944 f = stdin;
970 else 945 else
971 f = fopen("/dev/tty", "rw"); 946 f = fopen("/dev/tty", "rw");
972 947
973 if (f == NULL) 948 if (f == NULL)
974 return 0; 949 return 0;
975 950
976 fflush(stdout); 951 fflush(stdout);
977 952
978 while (1) 953 while (1) {
979 { 954 fprintf(stderr, "%s", prompt);
980 fprintf(stderr, "%s", prompt); 955 if (fgets(buf, sizeof(buf), f) == NULL) {
981 if (fgets(buf, sizeof(buf), f) == NULL) 956 /* Print a newline (the prompt probably didn\'t have one). */
982 { 957 fprintf(stderr, "\n");
983 /* Print a newline (the prompt probably didn\'t have one). */ 958 strlcpy(buf, "no", sizeof buf);
984 fprintf(stderr, "\n"); 959 }
985 strlcpy(buf, "no", sizeof buf); 960 /* Remove newline from response. */
986 } 961 if (strchr(buf, '\n'))
987 /* Remove newline from response. */ 962 *strchr(buf, '\n') = 0;
988 if (strchr(buf, '\n')) 963
989 *strchr(buf, '\n') = 0; 964 if (buf[0] == 0)
990 965 retval = defval;
991 if (buf[0] == 0) 966 if (strcmp(buf, "yes") == 0)
992 retval = defval; 967 retval = 1;
993 if (strcmp(buf, "yes") == 0) 968 if (strcmp(buf, "no") == 0)
994 retval = 1; 969 retval = 0;
995 if (strcmp(buf, "no") == 0) 970
996 retval = 0; 971 if (retval != -1) {
997 972 if (f != stdin)
998 if (retval != -1) 973 fclose(f);
999 { 974 return retval;
1000 if (f != stdin) 975 }
1001 fclose(f);
1002 return retval;
1003 } 976 }
1004 }
1005} 977}
1006 978
1007/* Starts a dialog with the server, and authenticates the current user on the 979/*
1008 server. This does not need any extra privileges. The basic connection 980 * Starts a dialog with the server, and authenticates the current user on the
1009 to the server must already have been established before this is called. 981 * server. This does not need any extra privileges. The basic connection
1010 User is the remote user; if it is NULL, the current local user name will 982 * to the server must already have been established before this is called.
1011 be used. Anonymous indicates that no rhosts authentication will be used. 983 * User is the remote user; if it is NULL, the current local user name will
1012 If login fails, this function prints an error and never returns. 984 * be used. Anonymous indicates that no rhosts authentication will be used.
1013 This function does not require super-user privileges. */ 985 * If login fails, this function prints an error and never returns.
1014 986 * This function does not require super-user privileges.
1015void ssh_login(int host_key_valid, 987 */
1016 RSA *own_host_key, 988void
1017 const char *orighost, 989ssh_login(int host_key_valid,
1018 struct sockaddr_in *hostaddr, 990 RSA *own_host_key,
1019 uid_t original_real_uid) 991 const char *orighost,
992 struct sockaddr_in *hostaddr,
993 uid_t original_real_uid)
1020{ 994{
1021 extern Options options; 995 extern Options options;
1022 int i, type; 996 int i, type;
1023 char *password; 997 char *password;
1024 struct passwd *pw; 998 struct passwd *pw;
1025 BIGNUM *key; 999 BIGNUM *key;
1026 RSA *host_key, *file_key; 1000 RSA *host_key, *file_key;
1027 RSA *public_key; 1001 RSA *public_key;
1028 int bits, rbits; 1002 int bits, rbits;
1029 unsigned char session_key[SSH_SESSION_KEY_LENGTH]; 1003 unsigned char session_key[SSH_SESSION_KEY_LENGTH];
1030 const char *server_user, *local_user; 1004 const char *server_user, *local_user;
1031 char *cp, *host, *ip = NULL; 1005 char *cp, *host, *ip = NULL;
1032 unsigned char check_bytes[8]; 1006 char hostline[1000], *hostp;
1033 unsigned int supported_ciphers, supported_authentications, protocol_flags; 1007 unsigned char check_bytes[8];
1034 HostStatus host_status; 1008 unsigned int supported_ciphers, supported_authentications, protocol_flags;
1035 HostStatus ip_status; 1009 HostStatus host_status;
1036 int host_ip_differ = 0; 1010 HostStatus ip_status;
1037 int local = (ntohl(hostaddr->sin_addr.s_addr) >> 24) == IN_LOOPBACKNET; 1011 int host_ip_differ = 0;
1038 int payload_len, clen, sum_len = 0; 1012 int local = (ntohl(hostaddr->sin_addr.s_addr) >> 24) == IN_LOOPBACKNET;
1039 u_int32_t rand = 0; 1013 int payload_len, clen, sum_len = 0;
1040 1014 u_int32_t rand = 0;
1041 if (options.check_host_ip) 1015
1042 ip = xstrdup(inet_ntoa(hostaddr->sin_addr)); 1016 if (options.check_host_ip)
1043 1017 ip = xstrdup(inet_ntoa(hostaddr->sin_addr));
1044 /* Convert the user-supplied hostname into all lowercase. */ 1018
1045 host = xstrdup(orighost); 1019 /* Convert the user-supplied hostname into all lowercase. */
1046 for (cp = host; *cp; cp++) 1020 host = xstrdup(orighost);
1047 if (isupper(*cp)) 1021 for (cp = host; *cp; cp++)
1048 *cp = tolower(*cp); 1022 if (isupper(*cp))
1049 1023 *cp = tolower(*cp);
1050 /* Exchange protocol version identification strings with the server. */ 1024
1051 ssh_exchange_identification(); 1025 /* Exchange protocol version identification strings with the server. */
1052 1026 ssh_exchange_identification();
1053 /* Put the connection into non-blocking mode. */ 1027
1054 packet_set_nonblocking(); 1028 /* Put the connection into non-blocking mode. */
1055 1029 packet_set_nonblocking();
1056 /* Get local user name. Use it as server user if no user name 1030
1057 was given. */ 1031 /* Get local user name. Use it as server user if no user name was given. */
1058 pw = getpwuid(original_real_uid); 1032 pw = getpwuid(original_real_uid);
1059 if (!pw) 1033 if (!pw)
1060 fatal("User id %d not found from user database.", original_real_uid); 1034 fatal("User id %d not found from user database.", original_real_uid);
1061 local_user = xstrdup(pw->pw_name); 1035 local_user = xstrdup(pw->pw_name);
1062 server_user = options.user ? options.user : local_user; 1036 server_user = options.user ? options.user : local_user;
1063 1037
1064 debug("Waiting for server public key."); 1038 debug("Waiting for server public key.");
1065 1039
1066 /* Wait for a public key packet from the server. */ 1040 /* Wait for a public key packet from the server. */
1067 packet_read_expect(&payload_len, SSH_SMSG_PUBLIC_KEY); 1041 packet_read_expect(&payload_len, SSH_SMSG_PUBLIC_KEY);
1068 1042
1069 /* Get check bytes from the packet. */ 1043 /* Get check bytes from the packet. */
1070 for (i = 0; i < 8; i++) 1044 for (i = 0; i < 8; i++)
1071 check_bytes[i] = packet_get_char(); 1045 check_bytes[i] = packet_get_char();
1072 1046
1073 /* Get the public key. */ 1047 /* Get the public key. */
1074 public_key = RSA_new(); 1048 public_key = RSA_new();
1075 bits = packet_get_int(); /* bits */ 1049 bits = packet_get_int();/* bits */
1076 public_key->e = BN_new(); 1050 public_key->e = BN_new();
1077 packet_get_bignum(public_key->e, &clen); 1051 packet_get_bignum(public_key->e, &clen);
1078 sum_len += clen; 1052 sum_len += clen;
1079 public_key->n = BN_new(); 1053 public_key->n = BN_new();
1080 packet_get_bignum(public_key->n, &clen); 1054 packet_get_bignum(public_key->n, &clen);
1081 sum_len += clen; 1055 sum_len += clen;
1082 1056
1083 rbits = BN_num_bits(public_key->n); 1057 rbits = BN_num_bits(public_key->n);
1084 if (bits != rbits) { 1058 if (bits != rbits) {
1085 log("Warning: Server lies about size of server public key: " 1059 log("Warning: Server lies about size of server public key: "
1086 "actual size is %d bits vs. announced %d.", rbits, bits); 1060 "actual size is %d bits vs. announced %d.", rbits, bits);
1087 log("Warning: This may be due to an old implementation of ssh."); 1061 log("Warning: This may be due to an old implementation of ssh.");
1088 } 1062 }
1089 1063 /* Get the host key. */
1090 /* Get the host key. */ 1064 host_key = RSA_new();
1091 host_key = RSA_new(); 1065 bits = packet_get_int();/* bits */
1092 bits = packet_get_int(); /* bits */ 1066 host_key->e = BN_new();
1093 host_key->e = BN_new(); 1067 packet_get_bignum(host_key->e, &clen);
1094 packet_get_bignum(host_key->e, &clen); 1068 sum_len += clen;
1095 sum_len += clen; 1069 host_key->n = BN_new();
1096 host_key->n = BN_new(); 1070 packet_get_bignum(host_key->n, &clen);
1097 packet_get_bignum(host_key->n, &clen); 1071 sum_len += clen;
1098 sum_len += clen; 1072
1099 1073 rbits = BN_num_bits(host_key->n);
1100 rbits = BN_num_bits(host_key->n); 1074 if (bits != rbits) {
1101 if (bits != rbits) { 1075 log("Warning: Server lies about size of server host key: "
1102 log("Warning: Server lies about size of server host key: " 1076 "actual size is %d bits vs. announced %d.", rbits, bits);
1103 "actual size is %d bits vs. announced %d.", rbits, bits); 1077 log("Warning: This may be due to an old implementation of ssh.");
1104 log("Warning: This may be due to an old implementation of ssh."); 1078 }
1105 } 1079 /* Store the host key from the known host file in here so that we
1106 1080 can compare it with the key for the IP address. */
1107 /* Store the host key from the known host file in here 1081 file_key = RSA_new();
1108 * so that we can compare it with the key for the IP 1082 file_key->n = BN_new();
1109 * address. */ 1083 file_key->e = BN_new();
1110 file_key = RSA_new(); 1084
1111 file_key->n = BN_new(); 1085 /* Get protocol flags. */
1112 file_key->e = BN_new(); 1086 protocol_flags = packet_get_int();
1113 1087 packet_set_protocol_flags(protocol_flags);
1114 /* Get protocol flags. */ 1088
1115 protocol_flags = packet_get_int(); 1089 /* Get supported cipher types. */
1116 packet_set_protocol_flags(protocol_flags); 1090 supported_ciphers = packet_get_int();
1117 1091
1118 /* Get supported cipher types. */ 1092 /* Get supported authentication types. */
1119 supported_ciphers = packet_get_int(); 1093 supported_authentications = packet_get_int();
1120 1094
1121 /* Get supported authentication types. */ 1095 debug("Received server public key (%d bits) and host key (%d bits).",
1122 supported_authentications = packet_get_int(); 1096 BN_num_bits(public_key->n), BN_num_bits(host_key->n));
1123 1097
1124 debug("Received server public key (%d bits) and host key (%d bits).", 1098 packet_integrity_check(payload_len,
1125 BN_num_bits(public_key->n), BN_num_bits(host_key->n)); 1099 8 + 4 + sum_len + 0 + 4 + 0 + 0 + 4 + 4 + 4,
1126 1100 SSH_SMSG_PUBLIC_KEY);
1127 packet_integrity_check(payload_len, 1101
1128 8 + 4 + sum_len + 0 + 4 + 0 + 0 + 4 + 4 + 4, 1102 /* Compute the session id. */
1129 SSH_SMSG_PUBLIC_KEY); 1103 compute_session_id(session_id, check_bytes, host_key->n, public_key->n);
1130 1104
1131 /* Compute the session id. */ 1105 /* Check if the host key is present in the user\'s list of known
1132 compute_session_id(session_id, check_bytes, host_key->n, public_key->n); 1106 hosts or in the systemwide list. */
1133 1107 host_status = check_host_in_hostfile(options.user_hostfile, host,
1134 /* Check if the host key is present in the user\'s list of known hosts 1108 host_key->e, host_key->n,
1135 or in the systemwide list. */ 1109 file_key->e, file_key->n);
1136 host_status = check_host_in_hostfile(options.user_hostfile, host, 1110 if (host_status == HOST_NEW)
1137 host_key->e, host_key->n, 1111 host_status = check_host_in_hostfile(options.system_hostfile, host,
1138 file_key->e, file_key->n); 1112 host_key->e, host_key->n,
1139 if (host_status == HOST_NEW) 1113 file_key->e, file_key->n);
1140 host_status = check_host_in_hostfile(options.system_hostfile, host, 1114 /* Force accepting of the host key for localhost and 127.0.0.1.
1141 host_key->e, host_key->n, 1115 The problem is that if the home directory is NFS-mounted to
1142 file_key->e, file_key->n); 1116 multiple machines, localhost will refer to a different machine
1143 /* Force accepting of the host key for localhost and 127.0.0.1. 1117 in each of them, and the user will get bogus HOST_CHANGED
1144 The problem is that if the home directory is NFS-mounted to multiple 1118 warnings. This essentially disables host authentication for
1145 machines, localhost will refer to a different machine in each of them, 1119 localhost; however, this is probably not a real problem. */
1146 and the user will get bogus HOST_CHANGED warnings. This essentially 1120 if (local) {
1147 disables host authentication for localhost; however, this is probably 1121 debug("Forcing accepting of host key for localhost.");
1148 not a real problem. */ 1122 host_status = HOST_OK;
1149 if (local) { 1123 }
1150 debug("Forcing accepting of host key for localhost."); 1124 /* Also perform check for the ip address, skip the check if we are
1151 host_status = HOST_OK; 1125 localhost or the hostname was an ip address to begin with */
1152 } 1126 if (options.check_host_ip && !local && strcmp(host, ip)) {
1153 1127 RSA *ip_key = RSA_new();
1154 /* Also perform check for the ip address, skip the check if we are 1128 ip_key->n = BN_new();
1155 localhost or the hostname was an ip address to begin with */ 1129 ip_key->e = BN_new();
1156 if (options.check_host_ip && !local && strcmp(host, ip)) { 1130 ip_status = check_host_in_hostfile(options.user_hostfile, ip,
1157 RSA *ip_key = RSA_new(); 1131 host_key->e, host_key->n,
1158 ip_key->n = BN_new(); 1132 ip_key->e, ip_key->n);
1159 ip_key->e = BN_new(); 1133
1160 ip_status = check_host_in_hostfile(options.user_hostfile, ip, 1134 if (ip_status == HOST_NEW)
1161 host_key->e, host_key->n, 1135 ip_status = check_host_in_hostfile(options.system_hostfile, ip,
1162 ip_key->e, ip_key->n); 1136 host_key->e, host_key->n,
1163 1137 ip_key->e, ip_key->n);
1164 if (ip_status == HOST_NEW) 1138 if (host_status == HOST_CHANGED &&
1165 ip_status = check_host_in_hostfile(options.system_hostfile, ip, 1139 (ip_status != HOST_CHANGED ||
1166 host_key->e, host_key->n, 1140 (BN_cmp(ip_key->e, file_key->e) || BN_cmp(ip_key->n, file_key->n))))
1167 ip_key->e, ip_key->n); 1141 host_ip_differ = 1;
1168 if (host_status == HOST_CHANGED && 1142
1169 (ip_status != HOST_CHANGED || 1143 RSA_free(ip_key);
1170 (BN_cmp(ip_key->e, file_key->e) || BN_cmp(ip_key->n, file_key->n)))) 1144 } else
1171 host_ip_differ = 1; 1145 ip_status = host_status;
1172 1146
1173 RSA_free(ip_key); 1147 RSA_free(file_key);
1174 } else 1148
1175 ip_status = host_status; 1149 switch (host_status) {
1176 1150 case HOST_OK:
1177 RSA_free(file_key); 1151 /* The host is known and the key matches. */
1178 1152 debug("Host '%.200s' is known and matches the host key.", host);
1179 switch (host_status) { 1153 if (options.check_host_ip) {
1180 case HOST_OK: 1154 if (ip_status == HOST_NEW) {
1181 /* The host is known and the key matches. */ 1155 if (!add_host_to_hostfile(options.user_hostfile, ip,
1182 debug("Host '%.200s' is known and matches the host key.", host); 1156 host_key->e, host_key->n))
1183 if (options.check_host_ip) { 1157 log("Failed to add the host key for IP address '%.30s' to the list of known hosts (%.30s).",
1184 if (ip_status == HOST_NEW) { 1158 ip, options.user_hostfile);
1185 if (!add_host_to_hostfile(options.user_hostfile, ip, 1159 else
1186 host_key->e, host_key->n)) 1160 log("Warning: Permanently added host key for IP address '%.30s' to the list of known hosts.",
1187 log("Failed to add the host key for IP address '%.30s' to the list of known hosts (%.30s).", 1161 ip);
1188 ip, options.user_hostfile); 1162 } else if (ip_status != HOST_OK)
1189 else 1163 log("Warning: the host key for '%.200s' differs from the key for the IP address '%.30s'",
1190 log("Warning: Permanently added host key for IP address '%.30s' to the list of known hosts.", 1164 host, ip);
1191 ip); 1165 }
1192 } else if (ip_status != HOST_OK) 1166 break;
1193 log("Warning: the host key for '%.200s' differs from the key for the IP address '%.30s'", 1167 case HOST_NEW:
1194 host, ip); 1168 /* The host is new. */
1195 } 1169 if (options.strict_host_key_checking == 1) {
1196 1170 /* User has requested strict host key checking. We will not add the host key
1197 break; 1171 automatically. The only alternative left is to abort. */
1198 case HOST_NEW: 1172 fatal("No host key is known for %.200s and you have requested strict checking.", host);
1199 { 1173 } else if (options.strict_host_key_checking == 2) {
1200 char hostline[1000], *hostp = hostline; 1174 /* The default */
1201 /* The host is new. */ 1175 char prompt[1024];
1202 if (options.strict_host_key_checking == 1) { 1176 char *fp = fingerprint(host_key->e, host_key->n);
1203 /* User has requested strict host key checking. We will not 1177 snprintf(prompt, sizeof(prompt),
1204 add the host key automatically. The only alternative left 1178 "The authenticity of host '%.200s' can't be established.\n"
1205 is to abort. */ 1179 "Key fingerprint is %d %s.\n"
1206 fatal("No host key is known for %.200s and you have requested strict checking.", host); 1180 "Are you sure you want to continue connecting (yes/no)? ",
1207 } else if (options.strict_host_key_checking == 2) { /* The default */ 1181 host, BN_num_bits(host_key->n), fp);
1208 char prompt[1024]; 1182 if (!read_yes_or_no(prompt, -1))
1209 char *fp = fingerprint(host_key->e, host_key->n); 1183 fatal("Aborted by user!\n");
1210 snprintf(prompt, sizeof(prompt), 1184 }
1211 "The authenticity of host '%.200s' can't be established.\n" 1185 if (options.check_host_ip && ip_status == HOST_NEW && strcmp(host, ip)) {
1212 "Key fingerprint is %d %s.\n" 1186 snprintf(hostline, sizeof(hostline), "%s,%s", host, ip);
1213 "Are you sure you want to continue connecting (yes/no)? ", 1187 hostp = hostline;
1214 host, BN_num_bits(host_key->n), fp); 1188 } else
1215 if (!read_yes_or_no(prompt, -1)) 1189 hostp = host;
1216 fatal("Aborted by user!\n"); 1190
1217 } 1191 /* If not in strict mode, add the key automatically to the local known_hosts file. */
1218 1192 if (!add_host_to_hostfile(options.user_hostfile, hostp,
1219 if (options.check_host_ip && ip_status == HOST_NEW && strcmp(host, ip)) 1193 host_key->e, host_key->n))
1220 snprintf(hostline, sizeof(hostline), "%s,%s", host, ip); 1194 log("Failed to add the host to the list of known hosts (%.500s).",
1221 else 1195 options.user_hostfile);
1222 hostp = host; 1196 else
1223 1197 log("Warning: Permanently added '%.200s' to the list of known hosts.",
1224 /* If not in strict mode, add the key automatically to the local 1198 hostp);
1225 known_hosts file. */ 1199 break;
1226 if (!add_host_to_hostfile(options.user_hostfile, hostp, 1200 case HOST_CHANGED:
1227 host_key->e, host_key->n)) 1201 if (options.check_host_ip && host_ip_differ) {
1228 log("Failed to add the host to the list of known hosts (%.500s).", 1202 char *msg;
1229 options.user_hostfile); 1203 if (ip_status == HOST_NEW)
1230 else 1204 msg = "is unknown";
1231 log("Warning: Permanently added '%.200s' to the list of known hosts.", 1205 else if (ip_status == HOST_OK)
1232 hostp); 1206 msg = "is unchanged";
1233 break; 1207 else
1234 } 1208 msg = "has a different value";
1235 case HOST_CHANGED: 1209 error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
1236 if (options.check_host_ip) { 1210 error("@ WARNING: POSSIBLE DNS SPOOFING DETECTED! @");
1237 if (host_ip_differ) { 1211 error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
1238 char *msg; 1212 error("The host key for %s has changed,", host);
1239 if (ip_status == HOST_NEW) 1213 error("and the key for the according IP address %s", ip);
1240 msg = "is unknown"; 1214 error("%s. This could either mean that", msg);
1241 else if (ip_status == HOST_OK) 1215 error("DNS SPOOFING is happening or the IP address for the host");
1242 msg = "is unchanged"; 1216 error("and its host key have changed at the same time");
1243 else 1217 }
1244 msg = "has a different value"; 1218 /* The host key has changed. */
1245 error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); 1219 error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
1246 error("@ WARNING: POSSIBLE DNS SPOOFING DETECTED! @"); 1220 error("@ WARNING: HOST IDENTIFICATION HAS CHANGED! @");
1247 error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); 1221 error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
1248 error("The host key for %s has changed,", host); 1222 error("IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!");
1249 error("and the key for the according IP address %s", ip); 1223 error("Someone could be eavesdropping on you right now (man-in-the-middle attack)!");
1250 error("%s. This could either mean that", msg); 1224 error("It is also possible that the host key has just been changed.");
1251 error("DNS SPOOFING is happening or the IP address for the host"); 1225 error("Please contact your system administrator.");
1252 error("and its host key have changed at the same time"); 1226 error("Add correct host key in %.100s to get rid of this message.",
1253 } 1227 options.user_hostfile);
1254 } 1228
1255 1229 /* If strict host key checking is in use, the user will
1256 /* The host key has changed. */ 1230 have to edit the key manually and we can only abort. */
1257 error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); 1231 if (options.strict_host_key_checking)
1258 error("@ WARNING: HOST IDENTIFICATION HAS CHANGED! @"); 1232 fatal("Host key for %.200s has changed and you have requested strict checking.", host);
1259 error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); 1233
1260 error("IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!"); 1234 /* If strict host key checking has not been requested, allow the connection
1261 error("Someone could be eavesdropping on you right now (man-in-the-middle attack)!"); 1235 but without password authentication or agent forwarding. */
1262 error("It is also possible that the host key has just been changed."); 1236 if (options.password_authentication) {
1263 error("Please contact your system administrator."); 1237 error("Password authentication is disabled to avoid trojan horses.");
1264 error("Add correct host key in %.100s to get rid of this message.", 1238 options.password_authentication = 0;
1265 options.user_hostfile); 1239 }
1266 1240 if (options.forward_agent) {
1267 /* If strict host key checking is in use, the user will have to edit 1241 error("Agent forwarding is disabled to avoid trojan horses.");
1268 the key manually and we can only abort. */ 1242 options.forward_agent = 0;
1269 if (options.strict_host_key_checking) 1243 }
1270 fatal("Host key for %.200s has changed and you have requested strict checking.", host); 1244 /* XXX Should permit the user to change to use the new id.
1271 1245 This could be done by converting the host key to an
1272 /* If strict host key checking has not been requested, allow the 1246 identifying sentence, tell that the host identifies
1273 connection but without password authentication or 1247 itself by that sentence, and ask the user if he/she
1274 agent forwarding. */ 1248 whishes to accept the authentication. */
1275 if (options.password_authentication) { 1249 break;
1276 error("Password authentication is disabled to avoid trojan horses."); 1250 }
1277 options.password_authentication = 0; 1251
1278 } 1252 if (options.check_host_ip)
1279 if (options.forward_agent) { 1253 xfree(ip);
1280 error("Agent forwarding is disabled to avoid trojan horses."); 1254
1281 options.forward_agent = 0; 1255 /* Generate a session key. */
1282 } 1256 arc4random_stir();
1283 /* XXX Should permit the user to change to use the new id. This could 1257
1284 be done by converting the host key to an identifying sentence, tell 1258 /* Generate an encryption key for the session. The key is a 256
1285 that the host identifies itself by that sentence, and ask the user 1259 bit random number, interpreted as a 32-byte key, with the least
1286 if he/she whishes to accept the authentication. */ 1260 significant 8 bits being the first byte of the key. */
1287 break; 1261 for (i = 0; i < 32; i++) {
1288 } 1262 if (i % 4 == 0)
1289 1263 rand = arc4random();
1290 if (options.check_host_ip) 1264 session_key[i] = rand & 0xff;
1291 xfree(ip); 1265 rand >>= 8;
1292 1266 }
1293 /* Generate a session key. */ 1267
1294 arc4random_stir(); 1268 /* According to the protocol spec, the first byte of the session
1295 1269 key is the highest byte of the integer. The session key is
1296 /* Generate an encryption key for the session. The key is a 256 bit 1270 xored with the first 16 bytes of the session id. */
1297 random number, interpreted as a 32-byte key, with the least significant 1271 key = BN_new();
1298 8 bits being the first byte of the key. */ 1272 BN_set_word(key, 0);
1299 for (i = 0; i < 32; i++) { 1273 for (i = 0; i < SSH_SESSION_KEY_LENGTH; i++) {
1300 if (i % 4 == 0) 1274 BN_lshift(key, key, 8);
1301 rand = arc4random(); 1275 if (i < 16)
1302 session_key[i] = rand & 0xff; 1276 BN_add_word(key, session_key[i] ^ session_id[i]);
1303 rand >>= 8; 1277 else
1304 } 1278 BN_add_word(key, session_key[i]);
1305 1279 }
1306 /* According to the protocol spec, the first byte of the session key is 1280
1307 the highest byte of the integer. The session key is xored with the 1281 /* Encrypt the integer using the public key and host key of the
1308 first 16 bytes of the session id. */ 1282 server (key with smaller modulus first). */
1309 key = BN_new(); 1283 if (BN_cmp(public_key->n, host_key->n) < 0) {
1310 BN_set_word(key, 0); 1284 /* Public key has smaller modulus. */
1311 for (i = 0; i < SSH_SESSION_KEY_LENGTH; i++) 1285 if (BN_num_bits(host_key->n) <
1312 { 1286 BN_num_bits(public_key->n) + SSH_KEY_BITS_RESERVED) {
1313 BN_lshift(key, key, 8); 1287 fatal("respond_to_rsa_challenge: host_key %d < public_key %d + "
1314 if (i < 16) 1288 "SSH_KEY_BITS_RESERVED %d",
1315 BN_add_word(key, session_key[i] ^ session_id[i]); 1289 BN_num_bits(host_key->n),
1316 else 1290 BN_num_bits(public_key->n),
1317 BN_add_word(key, session_key[i]); 1291 SSH_KEY_BITS_RESERVED);
1318 } 1292 }
1319 1293 rsa_public_encrypt(key, key, public_key);
1320 /* Encrypt the integer using the public key and host key of the server 1294 rsa_public_encrypt(key, key, host_key);
1321 (key with smaller modulus first). */ 1295 } else {
1322 if (BN_cmp(public_key->n, host_key->n) < 0) 1296 /* Host key has smaller modulus (or they are equal). */
1323 { 1297 if (BN_num_bits(public_key->n) <
1324 /* Public key has smaller modulus. */ 1298 BN_num_bits(host_key->n) + SSH_KEY_BITS_RESERVED) {
1325 if (BN_num_bits(host_key->n) < 1299 fatal("respond_to_rsa_challenge: public_key %d < host_key %d + "
1326 BN_num_bits(public_key->n) + SSH_KEY_BITS_RESERVED) { 1300 "SSH_KEY_BITS_RESERVED %d",
1327 fatal("respond_to_rsa_challenge: host_key %d < public_key %d + " 1301 BN_num_bits(public_key->n),
1328 "SSH_KEY_BITS_RESERVED %d", 1302 BN_num_bits(host_key->n),
1329 BN_num_bits(host_key->n), 1303 SSH_KEY_BITS_RESERVED);
1330 BN_num_bits(public_key->n), 1304 }
1331 SSH_KEY_BITS_RESERVED); 1305 rsa_public_encrypt(key, key, host_key);
1332 } 1306 rsa_public_encrypt(key, key, public_key);
1333 1307 }
1334 rsa_public_encrypt(key, key, public_key); 1308
1335 rsa_public_encrypt(key, key, host_key); 1309 if (options.cipher == SSH_CIPHER_NOT_SET) {
1336 } 1310 if (cipher_mask() & supported_ciphers & (1 << ssh_cipher_default))
1337 else 1311 options.cipher = ssh_cipher_default;
1338 { 1312 else {
1339 /* Host key has smaller modulus (or they are equal). */ 1313 debug("Cipher %s not supported, using %.100s instead.",
1340 if (BN_num_bits(public_key->n) < 1314 cipher_name(ssh_cipher_default),
1341 BN_num_bits(host_key->n) + SSH_KEY_BITS_RESERVED) { 1315 cipher_name(SSH_FALLBACK_CIPHER));
1342 fatal("respond_to_rsa_challenge: public_key %d < host_key %d + " 1316 options.cipher = SSH_FALLBACK_CIPHER;
1343 "SSH_KEY_BITS_RESERVED %d", 1317 }
1344 BN_num_bits(public_key->n), 1318 }
1345 BN_num_bits(host_key->n), 1319 /* Check that the selected cipher is supported. */
1346 SSH_KEY_BITS_RESERVED); 1320 if (!(supported_ciphers & (1 << options.cipher)))
1347 } 1321 fatal("Selected cipher type %.100s not supported by server.",
1348 1322 cipher_name(options.cipher));
1349 rsa_public_encrypt(key, key, host_key); 1323
1350 rsa_public_encrypt(key, key, public_key); 1324 debug("Encryption type: %.100s", cipher_name(options.cipher));
1351 } 1325
1352 1326 /* Send the encrypted session key to the server. */
1353 if (options.cipher == SSH_CIPHER_NOT_SET) { 1327 packet_start(SSH_CMSG_SESSION_KEY);
1354 if (cipher_mask() & supported_ciphers & (1 << ssh_cipher_default)) 1328 packet_put_char(options.cipher);
1355 options.cipher = ssh_cipher_default; 1329
1356 else { 1330 /* Send the check bytes back to the server. */
1357 debug("Cipher %s not supported, using %.100s instead.", 1331 for (i = 0; i < 8; i++)
1358 cipher_name(ssh_cipher_default), 1332 packet_put_char(check_bytes[i]);
1359 cipher_name(SSH_FALLBACK_CIPHER)); 1333
1360 options.cipher = SSH_FALLBACK_CIPHER; 1334 /* Send the encrypted encryption key. */
1361 } 1335 packet_put_bignum(key);
1362 } 1336
1363 1337 /* Send protocol flags. */
1364 /* Check that the selected cipher is supported. */ 1338 packet_put_int(SSH_PROTOFLAG_SCREEN_NUMBER | SSH_PROTOFLAG_HOST_IN_FWD_OPEN);
1365 if (!(supported_ciphers & (1 << options.cipher))) 1339
1366 fatal("Selected cipher type %.100s not supported by server.", 1340 /* Send the packet now. */
1367 cipher_name(options.cipher));
1368
1369 debug("Encryption type: %.100s", cipher_name(options.cipher));
1370
1371 /* Send the encrypted session key to the server. */
1372 packet_start(SSH_CMSG_SESSION_KEY);
1373 packet_put_char(options.cipher);
1374
1375 /* Send the check bytes back to the server. */
1376 for (i = 0; i < 8; i++)
1377 packet_put_char(check_bytes[i]);
1378
1379 /* Send the encrypted encryption key. */
1380 packet_put_bignum(key);
1381
1382 /* Send protocol flags. */
1383 packet_put_int(SSH_PROTOFLAG_SCREEN_NUMBER | SSH_PROTOFLAG_HOST_IN_FWD_OPEN);
1384
1385 /* Send the packet now. */
1386 packet_send();
1387 packet_write_wait();
1388
1389 /* Destroy the session key integer and the public keys since we no longer
1390 need them. */
1391 BN_clear_free(key);
1392 RSA_free(public_key);
1393 RSA_free(host_key);
1394
1395 debug("Sent encrypted session key.");
1396
1397 /* Set the encryption key. */
1398 packet_set_encryption_key(session_key, SSH_SESSION_KEY_LENGTH, options.cipher);
1399
1400 /* We will no longer need the session key here. Destroy any extra copies. */
1401 memset(session_key, 0, sizeof(session_key));
1402
1403 /* Expect a success message from the server. Note that this message will
1404 be received in encrypted form. */
1405 packet_read_expect(&payload_len, SSH_SMSG_SUCCESS);
1406
1407 debug("Received encrypted confirmation.");
1408
1409 /* Send the name of the user to log in as on the server. */
1410 packet_start(SSH_CMSG_USER);
1411 packet_put_string(server_user, strlen(server_user));
1412 packet_send();
1413 packet_write_wait();
1414
1415 /* The server should respond with success if no authentication is needed
1416 (the user has no password). Otherwise the server responds with
1417 failure. */
1418 type = packet_read(&payload_len);
1419 if (type == SSH_SMSG_SUCCESS)
1420 return; /* Connection was accepted without authentication. */
1421 if (type != SSH_SMSG_FAILURE)
1422 packet_disconnect("Protocol error: got %d in response to SSH_CMSG_USER",
1423 type);
1424
1425#ifdef AFS
1426 /* Try Kerberos tgt passing if the server supports it. */
1427 if ((supported_authentications & (1 << SSH_PASS_KERBEROS_TGT)) &&
1428 options.kerberos_tgt_passing)
1429 {
1430 if (options.cipher == SSH_CIPHER_NONE)
1431 log("WARNING: Encryption is disabled! Ticket will be transmitted in the clear!");
1432 (void)send_kerberos_tgt();
1433 }
1434
1435 /* Try AFS token passing if the server supports it. */
1436 if ((supported_authentications & (1 << SSH_PASS_AFS_TOKEN)) &&
1437 options.afs_token_passing && k_hasafs()) {
1438 if (options.cipher == SSH_CIPHER_NONE)
1439 log("WARNING: Encryption is disabled! Token will be transmitted in the clear!");
1440 send_afs_tokens();
1441 }
1442#endif /* AFS */
1443
1444#ifdef KRB4
1445 if ((supported_authentications & (1 << SSH_AUTH_KERBEROS)) &&
1446 options.kerberos_authentication)
1447 {
1448 debug("Trying Kerberos authentication.");
1449 if (try_kerberos_authentication()) {
1450 /* The server should respond with success or failure. */
1451 type = packet_read(&payload_len);
1452 if (type == SSH_SMSG_SUCCESS)
1453 return; /* Successful connection. */
1454 if (type != SSH_SMSG_FAILURE)
1455 packet_disconnect("Protocol error: got %d in response to Kerberos auth", type);
1456 }
1457 }
1458#endif /* KRB4 */
1459
1460 /* Use rhosts authentication if running in privileged socket and we do not
1461 wish to remain anonymous. */
1462 if ((supported_authentications & (1 << SSH_AUTH_RHOSTS)) &&
1463 options.rhosts_authentication)
1464 {
1465 debug("Trying rhosts authentication.");
1466 packet_start(SSH_CMSG_AUTH_RHOSTS);
1467 packet_put_string(local_user, strlen(local_user));
1468 packet_send();
1469 packet_write_wait();
1470
1471 /* The server should respond with success or failure. */
1472 type = packet_read(&payload_len);
1473 if (type == SSH_SMSG_SUCCESS)
1474 return; /* Successful connection. */
1475 if (type != SSH_SMSG_FAILURE)
1476 packet_disconnect("Protocol error: got %d in response to rhosts auth",
1477 type);
1478 }
1479
1480 /* Try .rhosts or /etc/hosts.equiv authentication with RSA host
1481 authentication. */
1482 if ((supported_authentications & (1 << SSH_AUTH_RHOSTS_RSA)) &&
1483 options.rhosts_rsa_authentication && host_key_valid)
1484 {
1485 if (try_rhosts_rsa_authentication(local_user, own_host_key))
1486 return; /* Successful authentication. */
1487 }
1488
1489 /* Try RSA authentication if the server supports it. */
1490 if ((supported_authentications & (1 << SSH_AUTH_RSA)) &&
1491 options.rsa_authentication)
1492 {
1493 /* Try RSA authentication using the authentication agent. The agent
1494 is tried first because no passphrase is needed for it, whereas
1495 identity files may require passphrases. */
1496 if (try_agent_authentication())
1497 return; /* Successful connection. */
1498
1499 /* Try RSA authentication for each identity. */
1500 for (i = 0; i < options.num_identity_files; i++)
1501 if (try_rsa_authentication(pw, options.identity_files[i]))
1502 return; /* Successful connection. */
1503 }
1504
1505 /* Try password authentication if the server supports it. */
1506 if ((supported_authentications & (1 << SSH_AUTH_PASSWORD)) &&
1507 options.password_authentication && !options.batch_mode)
1508 {
1509 char prompt[80];
1510 snprintf(prompt, sizeof(prompt), "%.30s@%.30s's password: ",
1511 server_user, host);
1512 debug("Doing password authentication.");
1513 if (options.cipher == SSH_CIPHER_NONE)
1514 log("WARNING: Encryption is disabled! Password will be transmitted in clear text.");
1515 for (i = 0; i < options.number_of_password_prompts; i++) {
1516 if (i != 0)
1517 error("Permission denied, please try again.");
1518 password = read_passphrase(prompt, 0);
1519 packet_start(SSH_CMSG_AUTH_PASSWORD);
1520 packet_put_string(password, strlen(password));
1521 memset(password, 0, strlen(password));
1522 xfree(password);
1523 packet_send(); 1341 packet_send();
1524 packet_write_wait(); 1342 packet_write_wait();
1525 1343
1344 /* Destroy the session key integer and the public keys since we no longer need them. */
1345 BN_clear_free(key);
1346 RSA_free(public_key);
1347 RSA_free(host_key);
1348
1349 debug("Sent encrypted session key.");
1350
1351 /* Set the encryption key. */
1352 packet_set_encryption_key(session_key, SSH_SESSION_KEY_LENGTH, options.cipher);
1353
1354 /* We will no longer need the session key here. Destroy any extra copies. */
1355 memset(session_key, 0, sizeof(session_key));
1356
1357 /* Expect a success message from the server. Note that this
1358 message will be received in encrypted form. */
1359 packet_read_expect(&payload_len, SSH_SMSG_SUCCESS);
1360
1361 debug("Received encrypted confirmation.");
1362
1363 /* Send the name of the user to log in as on the server. */
1364 packet_start(SSH_CMSG_USER);
1365 packet_put_string(server_user, strlen(server_user));
1366 packet_send();
1367 packet_write_wait();
1368
1369 /* The server should respond with success if no authentication is
1370 needed (the user has no password). Otherwise the server
1371 responds with failure. */
1526 type = packet_read(&payload_len); 1372 type = packet_read(&payload_len);
1373
1374 /* check whether the connection was accepted without authentication. */
1527 if (type == SSH_SMSG_SUCCESS) 1375 if (type == SSH_SMSG_SUCCESS)
1528 return; /* Successful connection. */ 1376 return;
1529 if (type != SSH_SMSG_FAILURE) 1377 if (type != SSH_SMSG_FAILURE)
1530 packet_disconnect("Protocol error: got %d in response to passwd auth", type); 1378 packet_disconnect("Protocol error: got %d in response to SSH_CMSG_USER",
1531 } 1379 type);
1532 } 1380
1381#ifdef AFS
1382 /* Try Kerberos tgt passing if the server supports it. */
1383 if ((supported_authentications & (1 << SSH_PASS_KERBEROS_TGT)) &&
1384 options.kerberos_tgt_passing) {
1385 if (options.cipher == SSH_CIPHER_NONE)
1386 log("WARNING: Encryption is disabled! Ticket will be transmitted in the clear!");
1387 (void) send_kerberos_tgt();
1388 }
1389 /* Try AFS token passing if the server supports it. */
1390 if ((supported_authentications & (1 << SSH_PASS_AFS_TOKEN)) &&
1391 options.afs_token_passing && k_hasafs()) {
1392 if (options.cipher == SSH_CIPHER_NONE)
1393 log("WARNING: Encryption is disabled! Token will be transmitted in the clear!");
1394 send_afs_tokens();
1395 }
1396#endif /* AFS */
1533 1397
1534 /* All authentication methods have failed. Exit with an error message. */ 1398#ifdef KRB4
1535 fatal("Permission denied."); 1399 if ((supported_authentications & (1 << SSH_AUTH_KERBEROS)) &&
1536 /*NOTREACHED*/ 1400 options.kerberos_authentication) {
1401 debug("Trying Kerberos authentication.");
1402 if (try_kerberos_authentication()) {
1403 /* The server should respond with success or failure. */
1404 type = packet_read(&payload_len);
1405 if (type == SSH_SMSG_SUCCESS)
1406 return;
1407 if (type != SSH_SMSG_FAILURE)
1408 packet_disconnect("Protocol error: got %d in response to Kerberos auth", type);
1409 }
1410 }
1411#endif /* KRB4 */
1412
1413 /* Use rhosts authentication if running in privileged socket and
1414 we do not wish to remain anonymous. */
1415 if ((supported_authentications & (1 << SSH_AUTH_RHOSTS)) &&
1416 options.rhosts_authentication) {
1417 debug("Trying rhosts authentication.");
1418 packet_start(SSH_CMSG_AUTH_RHOSTS);
1419 packet_put_string(local_user, strlen(local_user));
1420 packet_send();
1421 packet_write_wait();
1422
1423 /* The server should respond with success or failure. */
1424 type = packet_read(&payload_len);
1425 if (type == SSH_SMSG_SUCCESS)
1426 return;
1427 if (type != SSH_SMSG_FAILURE)
1428 packet_disconnect("Protocol error: got %d in response to rhosts auth",
1429 type);
1430 }
1431 /* Try .rhosts or /etc/hosts.equiv authentication with RSA host
1432 authentication. */
1433 if ((supported_authentications & (1 << SSH_AUTH_RHOSTS_RSA)) &&
1434 options.rhosts_rsa_authentication && host_key_valid) {
1435 if (try_rhosts_rsa_authentication(local_user, own_host_key))
1436 return;
1437 }
1438 /* Try RSA authentication if the server supports it. */
1439 if ((supported_authentications & (1 << SSH_AUTH_RSA)) &&
1440 options.rsa_authentication) {
1441 /* Try RSA authentication using the authentication agent.
1442 The agent is tried first because no passphrase is
1443 needed for it, whereas identity files may require
1444 passphrases. */
1445 if (try_agent_authentication())
1446 return;
1447
1448 /* Try RSA authentication for each identity. */
1449 for (i = 0; i < options.num_identity_files; i++)
1450 if (try_rsa_authentication(pw, options.identity_files[i]))
1451 return;
1452 }
1453 /* Try skey authentication if the server supports it. */
1454 if ((supported_authentications & (1 << SSH_AUTH_TIS)) &&
1455 options.skey_authentication && !options.batch_mode) {
1456 debug("Doing skey authentication.");
1457
1458 /* request a challenge */
1459 packet_start(SSH_CMSG_AUTH_TIS);
1460 packet_send();
1461 packet_write_wait();
1462
1463 type = packet_read(&payload_len);
1464 if (type != SSH_SMSG_FAILURE &&
1465 type != SSH_SMSG_AUTH_TIS_CHALLENGE) {
1466 packet_disconnect("Protocol error: got %d in response "
1467 "to skey auth", type);
1468 }
1469 if (type != SSH_SMSG_AUTH_TIS_CHALLENGE) {
1470 debug("No challenge for skey authentication.");
1471 } else {
1472 char *challenge, *response;
1473 challenge = packet_get_string(&payload_len);
1474 if (options.cipher == SSH_CIPHER_NONE)
1475 log("WARNING: Encryption is disabled! "
1476 "Reponse will be transmitted in clear text.");
1477 fprintf(stderr, "%s\n", challenge);
1478 fflush(stderr);
1479 for (i = 0; i < options.number_of_password_prompts; i++) {
1480 if (i != 0)
1481 error("Permission denied, please try again.");
1482 response = read_passphrase("Response: ", 0);
1483 packet_start(SSH_CMSG_AUTH_TIS_RESPONSE);
1484 packet_put_string(response, strlen(response));
1485 memset(response, 0, strlen(response));
1486 xfree(response);
1487 packet_send();
1488 packet_write_wait();
1489 type = packet_read(&payload_len);
1490 if (type == SSH_SMSG_SUCCESS)
1491 return;
1492 if (type != SSH_SMSG_FAILURE)
1493 packet_disconnect("Protocol error: got %d in response "
1494 "to skey auth", type);
1495 }
1496 }
1497 }
1498 /* Try password authentication if the server supports it. */
1499 if ((supported_authentications & (1 << SSH_AUTH_PASSWORD)) &&
1500 options.password_authentication && !options.batch_mode) {
1501 char prompt[80];
1502 snprintf(prompt, sizeof(prompt), "%.30s@%.30s's password: ",
1503 server_user, host);
1504 debug("Doing password authentication.");
1505 if (options.cipher == SSH_CIPHER_NONE)
1506 log("WARNING: Encryption is disabled! Password will be transmitted in clear text.");
1507 for (i = 0; i < options.number_of_password_prompts; i++) {
1508 if (i != 0)
1509 error("Permission denied, please try again.");
1510 password = read_passphrase(prompt, 0);
1511 packet_start(SSH_CMSG_AUTH_PASSWORD);
1512 packet_put_string(password, strlen(password));
1513 memset(password, 0, strlen(password));
1514 xfree(password);
1515 packet_send();
1516 packet_write_wait();
1517
1518 type = packet_read(&payload_len);
1519 if (type == SSH_SMSG_SUCCESS)
1520 return;
1521 if (type != SSH_SMSG_FAILURE)
1522 packet_disconnect("Protocol error: got %d in response to passwd auth", type);
1523 }
1524 }
1525 /* All authentication methods have failed. Exit with an error message. */
1526 fatal("Permission denied.");
1527 /* NOTREACHED */
1537} 1528}
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-30 07:49:31 +0000