diff options
-rw-r--r-- | auth-skey.c | 215 | ||||
-rw-r--r-- | auth2-skey.c | 107 |
2 files changed, 0 insertions, 322 deletions
diff --git a/auth-skey.c b/auth-skey.c deleted file mode 100644 index 7088b790c..000000000 --- a/auth-skey.c +++ /dev/null | |||
@@ -1,215 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (c) 1999,2000 Markus Friedl. All rights reserved. | ||
3 | * | ||
4 | * Redistribution and use in source and binary forms, with or without | ||
5 | * modification, are permitted provided that the following conditions | ||
6 | * are met: | ||
7 | * 1. Redistributions of source code must retain the above copyright | ||
8 | * notice, this list of conditions and the following disclaimer. | ||
9 | * 2. Redistributions in binary form must reproduce the above copyright | ||
10 | * notice, this list of conditions and the following disclaimer in the | ||
11 | * documentation and/or other materials provided with the distribution. | ||
12 | * | ||
13 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | ||
14 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | ||
15 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | ||
16 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | ||
17 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
18 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | ||
19 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | ||
20 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | ||
21 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | ||
22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | ||
23 | */ | ||
24 | |||
25 | #include "includes.h" | ||
26 | RCSID("$OpenBSD: auth-skey.c,v 1.9 2000/10/19 16:41:13 deraadt Exp $"); | ||
27 | |||
28 | #ifdef SKEY | ||
29 | #include "ssh.h" | ||
30 | #include "packet.h" | ||
31 | #include <openssl/sha.h> | ||
32 | |||
33 | /* from %OpenBSD: skeylogin.c,v 1.32 1999/08/16 14:46:56 millert Exp % */ | ||
34 | |||
35 | /* | ||
36 | * try skey authentication, | ||
37 | * return 1 on success, 0 on failure, -1 if skey is not available | ||
38 | */ | ||
39 | |||
40 | int | ||
41 | auth_skey_password(struct passwd * pw, const char *password) | ||
42 | { | ||
43 | if (strncasecmp(password, "s/key", 5) == 0) { | ||
44 | char *skeyinfo = skey_keyinfo(pw->pw_name); | ||
45 | if (skeyinfo == NULL) { | ||
46 | debug("generating fake skeyinfo for %.100s.", | ||
47 | pw->pw_name); | ||
48 | skeyinfo = skey_fake_keyinfo(pw->pw_name); | ||
49 | } | ||
50 | if (skeyinfo != NULL) | ||
51 | packet_send_debug("%s", skeyinfo); | ||
52 | /* Try again. */ | ||
53 | return 0; | ||
54 | } else if (skey_haskey(pw->pw_name) == 0 && | ||
55 | skey_passcheck(pw->pw_name, (char *) password) != -1) { | ||
56 | /* Authentication succeeded. */ | ||
57 | return 1; | ||
58 | } | ||
59 | /* Fall back to ordinary passwd authentication. */ | ||
60 | return -1; | ||
61 | } | ||
62 | |||
63 | /* from %OpenBSD: skeylogin.c,v 1.32 1999/08/16 14:46:56 millert Exp % */ | ||
64 | |||
65 | #define ROUND(x) (((x)[0] << 24) + (((x)[1]) << 16) + (((x)[2]) << 8) + \ | ||
66 | ((x)[3])) | ||
67 | |||
68 | /* | ||
69 | * hash_collapse() | ||
70 | */ | ||
71 | static u_int32_t | ||
72 | hash_collapse(s) | ||
73 | u_char *s; | ||
74 | { | ||
75 | int len, target; | ||
76 | u_int32_t i; | ||
77 | |||
78 | if ((strlen(s) % sizeof(u_int32_t)) == 0) | ||
79 | target = strlen(s); /* Multiple of 4 */ | ||
80 | else | ||
81 | target = strlen(s) - (strlen(s) % sizeof(u_int32_t)); | ||
82 | |||
83 | for (i = 0, len = 0; len < target; len += 4) | ||
84 | i ^= ROUND(s + len); | ||
85 | |||
86 | return i; | ||
87 | } | ||
88 | |||
89 | char * | ||
90 | skey_fake_keyinfo(char *username) | ||
91 | { | ||
92 | int i; | ||
93 | u_int ptr; | ||
94 | u_char hseed[SKEY_MAX_SEED_LEN], flg = 1, *up; | ||
95 | char pbuf[SKEY_MAX_PW_LEN+1]; | ||
96 | static char skeyprompt[SKEY_MAX_CHALLENGE+1]; | ||
97 | char *secret = NULL; | ||
98 | size_t secretlen = 0; | ||
99 | SHA_CTX ctx; | ||
100 | char *p, *u; | ||
101 | |||
102 | /* | ||
103 | * Base first 4 chars of seed on hostname. | ||
104 | * Add some filler for short hostnames if necessary. | ||
105 | */ | ||
106 | if (gethostname(pbuf, sizeof(pbuf)) == -1) | ||
107 | *(p = pbuf) = '.'; | ||
108 | else | ||
109 | for (p = pbuf; *p && isalnum(*p); p++) | ||
110 | if (isalpha(*p) && isupper(*p)) | ||
111 | *p = tolower(*p); | ||
112 | if (*p && pbuf - p < 4) | ||
113 | (void)strncpy(p, "asjd", 4 - (pbuf - p)); | ||
114 | pbuf[4] = '\0'; | ||
115 | |||
116 | /* Hash the username if possible */ | ||
117 | up = malloc(SHA_DIGEST_LENGTH); | ||
118 | if (up != NULL) { | ||
119 | struct stat sb; | ||
120 | time_t t; | ||
121 | int fd; | ||
122 | |||
123 | SHA1_Init(&ctx); | ||
124 | SHA1_Update(&ctx, username, strlen(username)); | ||
125 | SHA1_Final(up, &ctx); | ||
126 | |||
127 | /* Collapse the hash */ | ||
128 | ptr = hash_collapse(up); | ||
129 | memset(up, 0, strlen(up)); | ||
130 | |||
131 | /* See if the random file's there, else use ctime */ | ||
132 | if ((fd = open(_SKEY_RAND_FILE_PATH_, O_RDONLY)) != -1 | ||
133 | && fstat(fd, &sb) == 0 && | ||
134 | sb.st_size > (off_t)SKEY_MAX_SEED_LEN && | ||
135 | lseek(fd, ptr % (sb.st_size - SKEY_MAX_SEED_LEN), | ||
136 | SEEK_SET) != -1 && read(fd, hseed, | ||
137 | SKEY_MAX_SEED_LEN) == SKEY_MAX_SEED_LEN) { | ||
138 | close(fd); | ||
139 | fd = -1; | ||
140 | secret = hseed; | ||
141 | secretlen = SKEY_MAX_SEED_LEN; | ||
142 | flg = 0; | ||
143 | } else if (!stat(_PATH_MEM, &sb) || !stat("/", &sb)) { | ||
144 | t = sb.st_ctime; | ||
145 | secret = ctime(&t); | ||
146 | secretlen = strlen(secret); | ||
147 | flg = 0; | ||
148 | } | ||
149 | if (fd != -1) | ||
150 | close(fd); | ||
151 | } | ||
152 | |||
153 | /* Put that in your pipe and smoke it */ | ||
154 | if (flg == 0) { | ||
155 | /* Hash secret value with username */ | ||
156 | SHA1_Init(&ctx); | ||
157 | SHA1_Update(&ctx, secret, secretlen); | ||
158 | SHA1_Update(&ctx, username, strlen(username)); | ||
159 | SHA1_Final(up, &ctx); | ||
160 | |||
161 | /* Zero out */ | ||
162 | memset(secret, 0, secretlen); | ||
163 | |||
164 | /* Now hash the hash */ | ||
165 | SHA1_Init(&ctx); | ||
166 | SHA1_Update(&ctx, up, strlen(up)); | ||
167 | SHA1_Final(up, &ctx); | ||
168 | |||
169 | ptr = hash_collapse(up + 4); | ||
170 | |||
171 | for (i = 4; i < 9; i++) { | ||
172 | pbuf[i] = (ptr % 10) + '0'; | ||
173 | ptr /= 10; | ||
174 | } | ||
175 | pbuf[i] = '\0'; | ||
176 | |||
177 | /* Sequence number */ | ||
178 | ptr = ((up[2] + up[3]) % 99) + 1; | ||
179 | |||
180 | memset(up, 0, SHA_DIGEST_LENGTH); /* SHA1 specific */ | ||
181 | free(up); | ||
182 | |||
183 | (void)snprintf(skeyprompt, sizeof skeyprompt, | ||
184 | "otp-%.*s %d %.*s", | ||
185 | SKEY_MAX_HASHNAME_LEN, | ||
186 | skey_get_algorithm(), | ||
187 | ptr, SKEY_MAX_SEED_LEN, | ||
188 | pbuf); | ||
189 | } else { | ||
190 | /* Base last 8 chars of seed on username */ | ||
191 | u = username; | ||
192 | i = 8; | ||
193 | p = &pbuf[4]; | ||
194 | do { | ||
195 | if (*u == 0) { | ||
196 | /* Pad remainder with zeros */ | ||
197 | while (--i >= 0) | ||
198 | *p++ = '0'; | ||
199 | break; | ||
200 | } | ||
201 | |||
202 | *p++ = (*u++ % 10) + '0'; | ||
203 | } while (--i != 0); | ||
204 | pbuf[12] = '\0'; | ||
205 | |||
206 | (void)snprintf(skeyprompt, sizeof skeyprompt, | ||
207 | "otp-%.*s %d %.*s", | ||
208 | SKEY_MAX_HASHNAME_LEN, | ||
209 | skey_get_algorithm(), | ||
210 | 99, SKEY_MAX_SEED_LEN, pbuf); | ||
211 | } | ||
212 | return skeyprompt; | ||
213 | } | ||
214 | |||
215 | #endif /* SKEY */ | ||
diff --git a/auth2-skey.c b/auth2-skey.c deleted file mode 100644 index dbf24f67a..000000000 --- a/auth2-skey.c +++ /dev/null | |||
@@ -1,107 +0,0 @@ | |||
1 | #include "includes.h" | ||
2 | RCSID("$OpenBSD: auth2-skey.c,v 1.2 2000/12/19 23:17:55 markus Exp $"); | ||
3 | |||
4 | #ifdef SKEY | ||
5 | #include "ssh.h" | ||
6 | #include "ssh2.h" | ||
7 | #include "auth.h" | ||
8 | #include "packet.h" | ||
9 | #include "xmalloc.h" | ||
10 | #include "dispatch.h" | ||
11 | |||
12 | void send_userauth_into_request(Authctxt *authctxt, int echo); | ||
13 | void input_userauth_info_response(int type, int plen, void *ctxt); | ||
14 | |||
15 | /* | ||
16 | * try skey authentication, always return -1 (= postponed) since we have to | ||
17 | * wait for the s/key response. | ||
18 | */ | ||
19 | int | ||
20 | auth2_skey(Authctxt *authctxt) | ||
21 | { | ||
22 | send_userauth_into_request(authctxt, 0); | ||
23 | dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE, &input_userauth_info_response); | ||
24 | return -1; | ||
25 | } | ||
26 | |||
27 | void | ||
28 | send_userauth_into_request(Authctxt *authctxt, int echo) | ||
29 | { | ||
30 | int retval = -1; | ||
31 | struct skey skey; | ||
32 | char challenge[SKEY_MAX_CHALLENGE]; | ||
33 | char *fake; | ||
34 | |||
35 | if (authctxt->user == NULL) | ||
36 | fatal("send_userauth_into_request: internal error: no user"); | ||
37 | |||
38 | /* get skey challenge */ | ||
39 | if (authctxt->valid) | ||
40 | retval = skeychallenge(&skey, authctxt->user, challenge); | ||
41 | |||
42 | if (retval == -1) { | ||
43 | fake = skey_fake_keyinfo(authctxt->user); | ||
44 | strlcpy(challenge, fake, sizeof challenge); | ||
45 | } | ||
46 | /* send our info request */ | ||
47 | packet_start(SSH2_MSG_USERAUTH_INFO_REQUEST); | ||
48 | packet_put_cstring("S/Key Authentication"); /* Name */ | ||
49 | packet_put_cstring(challenge); /* Instruction */ | ||
50 | packet_put_cstring(""); /* Language */ | ||
51 | packet_put_int(1); /* Number of prompts */ | ||
52 | packet_put_cstring(echo ? | ||
53 | "Response [Echo]: ": "Response: "); /* Prompt */ | ||
54 | packet_put_char(echo); /* Echo */ | ||
55 | packet_send(); | ||
56 | packet_write_wait(); | ||
57 | memset(challenge, 'c', sizeof challenge); | ||
58 | } | ||
59 | |||
60 | void | ||
61 | input_userauth_info_response(int type, int plen, void *ctxt) | ||
62 | { | ||
63 | Authctxt *authctxt = ctxt; | ||
64 | int authenticated = 0; | ||
65 | u_int nresp, rlen; | ||
66 | char *resp, *method; | ||
67 | |||
68 | if (authctxt == NULL) | ||
69 | fatal("input_userauth_info_response: no authentication context"); | ||
70 | |||
71 | if (authctxt->attempt++ >= AUTH_FAIL_MAX) | ||
72 | packet_disconnect("too many failed userauth_requests"); | ||
73 | |||
74 | nresp = packet_get_int(); | ||
75 | if (nresp == 1) { | ||
76 | /* we only support s/key and assume s/key for nresp == 1 */ | ||
77 | method = "s/key"; | ||
78 | resp = packet_get_string(&rlen); | ||
79 | packet_done(); | ||
80 | if (strlen(resp) == 0) { | ||
81 | /* | ||
82 | * if we received a null response, resend prompt with | ||
83 | * echo enabled | ||
84 | */ | ||
85 | authenticated = -1; | ||
86 | userauth_log(authctxt, authenticated, method); | ||
87 | send_userauth_into_request(authctxt, 1); | ||
88 | } else { | ||
89 | /* verify skey response */ | ||
90 | if (authctxt->valid && | ||
91 | skey_haskey(authctxt->pw->pw_name) == 0 && | ||
92 | skey_passcheck(authctxt->pw->pw_name, resp) != -1) { | ||
93 | authenticated = 1; | ||
94 | } else { | ||
95 | authenticated = 0; | ||
96 | } | ||
97 | memset(resp, 'r', rlen); | ||
98 | /* unregister callback */ | ||
99 | dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE, NULL); | ||
100 | userauth_log(authctxt, authenticated, method); | ||
101 | userauth_reply(authctxt, authenticated); | ||
102 | } | ||
103 | xfree(resp); | ||
104 | } | ||
105 | } | ||
106 | |||
107 | #endif /* SKEY */ | ||