summaryrefslogtreecommitdiff
path: root/sshconnect2.c
diff options
context:
space:
mode:
Diffstat (limited to 'sshconnect2.c')
-rw-r--r--sshconnect2.c335
1 files changed, 180 insertions, 155 deletions
diff --git a/sshconnect2.c b/sshconnect2.c
index 1675f3935..dffee90b1 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshconnect2.c,v 1.288 2018/10/11 03:48:04 djm Exp $ */ 1/* $OpenBSD: sshconnect2.c,v 1.303 2019/02/12 23:53:10 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * Copyright (c) 2008 Damien Miller. All rights reserved. 4 * Copyright (c) 2008 Damien Miller. All rights reserved.
@@ -155,11 +155,10 @@ order_hostkeyalgs(char *host, struct sockaddr *hostaddr, u_short port)
155} 155}
156 156
157void 157void
158ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) 158ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port)
159{ 159{
160 char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT }; 160 char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT };
161 char *s, *all_key; 161 char *s, *all_key;
162 struct kex *kex;
163 int r; 162 int r;
164 163
165 xxx_host = host; 164 xxx_host = host;
@@ -195,40 +194,38 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port)
195 } 194 }
196 195
197 if (options.rekey_limit || options.rekey_interval) 196 if (options.rekey_limit || options.rekey_interval)
198 packet_set_rekey_limits(options.rekey_limit, 197 ssh_packet_set_rekey_limits(ssh, options.rekey_limit,
199 options.rekey_interval); 198 options.rekey_interval);
200 199
201 /* start key exchange */ 200 /* start key exchange */
202 if ((r = kex_setup(active_state, myproposal)) != 0) 201 if ((r = kex_setup(ssh, myproposal)) != 0)
203 fatal("kex_setup: %s", ssh_err(r)); 202 fatal("kex_setup: %s", ssh_err(r));
204 kex = active_state->kex;
205#ifdef WITH_OPENSSL 203#ifdef WITH_OPENSSL
206 kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client; 204 ssh->kex->kex[KEX_DH_GRP1_SHA1] = kex_gen_client;
207 kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client; 205 ssh->kex->kex[KEX_DH_GRP14_SHA1] = kex_gen_client;
208 kex->kex[KEX_DH_GRP14_SHA256] = kexdh_client; 206 ssh->kex->kex[KEX_DH_GRP14_SHA256] = kex_gen_client;
209 kex->kex[KEX_DH_GRP16_SHA512] = kexdh_client; 207 ssh->kex->kex[KEX_DH_GRP16_SHA512] = kex_gen_client;
210 kex->kex[KEX_DH_GRP18_SHA512] = kexdh_client; 208 ssh->kex->kex[KEX_DH_GRP18_SHA512] = kex_gen_client;
211 kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; 209 ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_client;
212 kex->kex[KEX_DH_GEX_SHA256] = kexgex_client; 210 ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_client;
213# ifdef OPENSSL_HAS_ECC 211# ifdef OPENSSL_HAS_ECC
214 kex->kex[KEX_ECDH_SHA2] = kexecdh_client; 212 ssh->kex->kex[KEX_ECDH_SHA2] = kex_gen_client;
215# endif 213# endif
216#endif 214#endif
217 kex->kex[KEX_C25519_SHA256] = kexc25519_client; 215 ssh->kex->kex[KEX_C25519_SHA256] = kex_gen_client;
218 kex->client_version_string=client_version_string; 216 ssh->kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_gen_client;
219 kex->server_version_string=server_version_string; 217 ssh->kex->verify_host_key=&verify_host_key_callback;
220 kex->verify_host_key=&verify_host_key_callback;
221 218
222 ssh_dispatch_run_fatal(active_state, DISPATCH_BLOCK, &kex->done); 219 ssh_dispatch_run_fatal(ssh, DISPATCH_BLOCK, &ssh->kex->done);
223 220
224 /* remove ext-info from the KEX proposals for rekeying */ 221 /* remove ext-info from the KEX proposals for rekeying */
225 myproposal[PROPOSAL_KEX_ALGS] = 222 myproposal[PROPOSAL_KEX_ALGS] =
226 compat_kex_proposal(options.kex_algorithms); 223 compat_kex_proposal(options.kex_algorithms);
227 if ((r = kex_prop2buf(kex->my, myproposal)) != 0) 224 if ((r = kex_prop2buf(ssh->kex->my, myproposal)) != 0)
228 fatal("kex_prop2buf: %s", ssh_err(r)); 225 fatal("kex_prop2buf: %s", ssh_err(r));
229 226
230 session_id2 = kex->session_id; 227 session_id2 = ssh->kex->session_id;
231 session_id2_len = kex->session_id_len; 228 session_id2_len = ssh->kex->session_id_len;
232 229
233#ifdef DEBUG_KEXDH 230#ifdef DEBUG_KEXDH
234 /* send 1st encrypted/maced/compressed message */ 231 /* send 1st encrypted/maced/compressed message */
@@ -268,7 +265,11 @@ struct cauthctxt {
268 struct cauthmethod *method; 265 struct cauthmethod *method;
269 sig_atomic_t success; 266 sig_atomic_t success;
270 char *authlist; 267 char *authlist;
271 int attempt; 268#ifdef GSSAPI
269 /* gssapi */
270 gss_OID_set gss_supported_mechs;
271 u_int mech_tried;
272#endif
272 /* pubkey */ 273 /* pubkey */
273 struct idlist keys; 274 struct idlist keys;
274 int agent_fd; 275 int agent_fd;
@@ -278,49 +279,51 @@ struct cauthctxt {
278 const char *active_ktype; 279 const char *active_ktype;
279 /* kbd-interactive */ 280 /* kbd-interactive */
280 int info_req_seen; 281 int info_req_seen;
282 int attempt_kbdint;
283 /* password */
284 int attempt_passwd;
281 /* generic */ 285 /* generic */
282 void *methoddata; 286 void *methoddata;
283}; 287};
284 288
285struct cauthmethod { 289struct cauthmethod {
286 char *name; /* string to compare against server's list */ 290 char *name; /* string to compare against server's list */
287 int (*userauth)(Authctxt *authctxt); 291 int (*userauth)(struct ssh *ssh);
288 void (*cleanup)(Authctxt *authctxt); 292 void (*cleanup)(struct ssh *ssh);
289 int *enabled; /* flag in option struct that enables method */ 293 int *enabled; /* flag in option struct that enables method */
290 int *batch_flag; /* flag in option struct that disables method */ 294 int *batch_flag; /* flag in option struct that disables method */
291}; 295};
292 296
293int input_userauth_service_accept(int, u_int32_t, struct ssh *); 297static int input_userauth_service_accept(int, u_int32_t, struct ssh *);
294int input_userauth_ext_info(int, u_int32_t, struct ssh *); 298static int input_userauth_ext_info(int, u_int32_t, struct ssh *);
295int input_userauth_success(int, u_int32_t, struct ssh *); 299static int input_userauth_success(int, u_int32_t, struct ssh *);
296int input_userauth_success_unexpected(int, u_int32_t, struct ssh *); 300static int input_userauth_failure(int, u_int32_t, struct ssh *);
297int input_userauth_failure(int, u_int32_t, struct ssh *); 301static int input_userauth_banner(int, u_int32_t, struct ssh *);
298int input_userauth_banner(int, u_int32_t, struct ssh *); 302static int input_userauth_error(int, u_int32_t, struct ssh *);
299int input_userauth_error(int, u_int32_t, struct ssh *); 303static int input_userauth_info_req(int, u_int32_t, struct ssh *);
300int input_userauth_info_req(int, u_int32_t, struct ssh *); 304static int input_userauth_pk_ok(int, u_int32_t, struct ssh *);
301int input_userauth_pk_ok(int, u_int32_t, struct ssh *); 305static int input_userauth_passwd_changereq(int, u_int32_t, struct ssh *);
302int input_userauth_passwd_changereq(int, u_int32_t, struct ssh *); 306
303 307static int userauth_none(struct ssh *);
304int userauth_none(Authctxt *); 308static int userauth_pubkey(struct ssh *);
305int userauth_pubkey(Authctxt *); 309static int userauth_passwd(struct ssh *);
306int userauth_passwd(Authctxt *); 310static int userauth_kbdint(struct ssh *);
307int userauth_kbdint(Authctxt *); 311static int userauth_hostbased(struct ssh *);
308int userauth_hostbased(Authctxt *);
309 312
310#ifdef GSSAPI 313#ifdef GSSAPI
311int userauth_gssapi(Authctxt *authctxt); 314static int userauth_gssapi(struct ssh *);
312int input_gssapi_response(int type, u_int32_t, struct ssh *); 315static void userauth_gssapi_cleanup(struct ssh *);
313int input_gssapi_token(int type, u_int32_t, struct ssh *); 316static int input_gssapi_response(int type, u_int32_t, struct ssh *);
314int input_gssapi_hash(int type, u_int32_t, struct ssh *); 317static int input_gssapi_token(int type, u_int32_t, struct ssh *);
315int input_gssapi_error(int, u_int32_t, struct ssh *); 318static int input_gssapi_error(int, u_int32_t, struct ssh *);
316int input_gssapi_errtok(int, u_int32_t, struct ssh *); 319static int input_gssapi_errtok(int, u_int32_t, struct ssh *);
317#endif 320#endif
318 321
319void userauth(Authctxt *, char *); 322void userauth(struct ssh *, char *);
320 323
321static int sign_and_send_pubkey(struct ssh *ssh, Authctxt *, Identity *); 324static void pubkey_cleanup(struct ssh *);
325static int sign_and_send_pubkey(struct ssh *ssh, Identity *);
322static void pubkey_prepare(Authctxt *); 326static void pubkey_prepare(Authctxt *);
323static void pubkey_cleanup(Authctxt *);
324static void pubkey_reset(Authctxt *); 327static void pubkey_reset(Authctxt *);
325static struct sshkey *load_identity_file(Identity *); 328static struct sshkey *load_identity_file(Identity *);
326 329
@@ -332,7 +335,7 @@ Authmethod authmethods[] = {
332#ifdef GSSAPI 335#ifdef GSSAPI
333 {"gssapi-with-mic", 336 {"gssapi-with-mic",
334 userauth_gssapi, 337 userauth_gssapi,
335 NULL, 338 userauth_gssapi_cleanup,
336 &options.gss_authentication, 339 &options.gss_authentication,
337 NULL}, 340 NULL},
338#endif 341#endif
@@ -365,10 +368,9 @@ Authmethod authmethods[] = {
365}; 368};
366 369
367void 370void
368ssh_userauth2(const char *local_user, const char *server_user, char *host, 371ssh_userauth2(struct ssh *ssh, const char *local_user,
369 Sensitive *sensitive) 372 const char *server_user, char *host, Sensitive *sensitive)
370{ 373{
371 struct ssh *ssh = active_state;
372 Authctxt authctxt; 374 Authctxt authctxt;
373 int r; 375 int r;
374 376
@@ -379,7 +381,6 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host,
379 381
380 /* setup authentication context */ 382 /* setup authentication context */
381 memset(&authctxt, 0, sizeof(authctxt)); 383 memset(&authctxt, 0, sizeof(authctxt));
382 pubkey_prepare(&authctxt);
383 authctxt.server_user = server_user; 384 authctxt.server_user = server_user;
384 authctxt.local_user = local_user; 385 authctxt.local_user = local_user;
385 authctxt.host = host; 386 authctxt.host = host;
@@ -391,9 +392,18 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host,
391 authctxt.sensitive = sensitive; 392 authctxt.sensitive = sensitive;
392 authctxt.active_ktype = authctxt.oktypes = authctxt.ktypes = NULL; 393 authctxt.active_ktype = authctxt.oktypes = authctxt.ktypes = NULL;
393 authctxt.info_req_seen = 0; 394 authctxt.info_req_seen = 0;
395 authctxt.attempt_kbdint = 0;
396 authctxt.attempt_passwd = 0;
397#if GSSAPI
398 authctxt.gss_supported_mechs = NULL;
399 authctxt.mech_tried = 0;
400#endif
394 authctxt.agent_fd = -1; 401 authctxt.agent_fd = -1;
395 if (authctxt.method == NULL) 402 pubkey_prepare(&authctxt);
396 fatal("ssh_userauth2: internal error: cannot send userauth none request"); 403 if (authctxt.method == NULL) {
404 fatal("%s: internal error: cannot send userauth none request",
405 __func__);
406 }
397 407
398 if ((r = sshpkt_start(ssh, SSH2_MSG_SERVICE_REQUEST)) != 0 || 408 if ((r = sshpkt_start(ssh, SSH2_MSG_SERVICE_REQUEST)) != 0 ||
399 (r = sshpkt_put_cstring(ssh, "ssh-userauth")) != 0 || 409 (r = sshpkt_put_cstring(ssh, "ssh-userauth")) != 0 ||
@@ -405,9 +415,9 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host,
405 ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, &input_userauth_ext_info); 415 ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, &input_userauth_ext_info);
406 ssh_dispatch_set(ssh, SSH2_MSG_SERVICE_ACCEPT, &input_userauth_service_accept); 416 ssh_dispatch_set(ssh, SSH2_MSG_SERVICE_ACCEPT, &input_userauth_service_accept);
407 ssh_dispatch_run_fatal(ssh, DISPATCH_BLOCK, &authctxt.success); /* loop until success */ 417 ssh_dispatch_run_fatal(ssh, DISPATCH_BLOCK, &authctxt.success); /* loop until success */
418 pubkey_cleanup(ssh);
408 ssh->authctxt = NULL; 419 ssh->authctxt = NULL;
409 420
410 pubkey_cleanup(&authctxt);
411 ssh_dispatch_range(ssh, SSH2_MSG_USERAUTH_MIN, SSH2_MSG_USERAUTH_MAX, NULL); 421 ssh_dispatch_range(ssh, SSH2_MSG_USERAUTH_MIN, SSH2_MSG_USERAUTH_MAX, NULL);
412 422
413 if (!authctxt.success) 423 if (!authctxt.success)
@@ -416,10 +426,9 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host,
416} 426}
417 427
418/* ARGSUSED */ 428/* ARGSUSED */
419int 429static int
420input_userauth_service_accept(int type, u_int32_t seq, struct ssh *ssh) 430input_userauth_service_accept(int type, u_int32_t seq, struct ssh *ssh)
421{ 431{
422 Authctxt *authctxt = ssh->authctxt;
423 int r; 432 int r;
424 433
425 if (ssh_packet_remaining(ssh) > 0) { 434 if (ssh_packet_remaining(ssh) > 0) {
@@ -437,7 +446,7 @@ input_userauth_service_accept(int type, u_int32_t seq, struct ssh *ssh)
437 debug("SSH2_MSG_SERVICE_ACCEPT received"); 446 debug("SSH2_MSG_SERVICE_ACCEPT received");
438 447
439 /* initial userauth request */ 448 /* initial userauth request */
440 userauth_none(authctxt); 449 userauth_none(ssh);
441 450
442 ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, &input_userauth_error); 451 ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, &input_userauth_error);
443 ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_SUCCESS, &input_userauth_success); 452 ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_SUCCESS, &input_userauth_success);
@@ -449,19 +458,19 @@ input_userauth_service_accept(int type, u_int32_t seq, struct ssh *ssh)
449} 458}
450 459
451/* ARGSUSED */ 460/* ARGSUSED */
452int 461static int
453input_userauth_ext_info(int type, u_int32_t seqnr, struct ssh *ssh) 462input_userauth_ext_info(int type, u_int32_t seqnr, struct ssh *ssh)
454{ 463{
455 return kex_input_ext_info(type, seqnr, ssh); 464 return kex_input_ext_info(type, seqnr, ssh);
456} 465}
457 466
458void 467void
459userauth(Authctxt *authctxt, char *authlist) 468userauth(struct ssh *ssh, char *authlist)
460{ 469{
461 struct ssh *ssh = active_state; /* XXX */ 470 Authctxt *authctxt = (Authctxt *)ssh->authctxt;
462 471
463 if (authctxt->method != NULL && authctxt->method->cleanup != NULL) 472 if (authctxt->method != NULL && authctxt->method->cleanup != NULL)
464 authctxt->method->cleanup(authctxt); 473 authctxt->method->cleanup(ssh);
465 474
466 free(authctxt->methoddata); 475 free(authctxt->methoddata);
467 authctxt->methoddata = NULL; 476 authctxt->methoddata = NULL;
@@ -483,7 +492,7 @@ userauth(Authctxt *authctxt, char *authlist)
483 SSH2_MSG_USERAUTH_PER_METHOD_MAX, NULL); 492 SSH2_MSG_USERAUTH_PER_METHOD_MAX, NULL);
484 493
485 /* and try new method */ 494 /* and try new method */
486 if (method->userauth(authctxt) != 0) { 495 if (method->userauth(ssh) != 0) {
487 debug2("we sent a %s packet, wait for reply", method->name); 496 debug2("we sent a %s packet, wait for reply", method->name);
488 break; 497 break;
489 } else { 498 } else {
@@ -494,50 +503,53 @@ userauth(Authctxt *authctxt, char *authlist)
494} 503}
495 504
496/* ARGSUSED */ 505/* ARGSUSED */
497int 506static int
498input_userauth_error(int type, u_int32_t seq, struct ssh *ssh) 507input_userauth_error(int type, u_int32_t seq, struct ssh *ssh)
499{ 508{
500 fatal("input_userauth_error: bad message during authentication: " 509 fatal("%s: bad message during authentication: type %d", __func__, type);
501 "type %d", type);
502 return 0; 510 return 0;
503} 511}
504 512
505/* ARGSUSED */ 513/* ARGSUSED */
506int 514static int
507input_userauth_banner(int type, u_int32_t seq, struct ssh *ssh) 515input_userauth_banner(int type, u_int32_t seq, struct ssh *ssh)
508{ 516{
509 char *msg, *lang; 517 char *msg = NULL;
510 u_int len; 518 size_t len;
519 int r;
511 520
512 debug3("%s", __func__); 521 debug3("%s", __func__);
513 msg = packet_get_string(&len); 522 if ((r = sshpkt_get_cstring(ssh, &msg, &len)) != 0 ||
514 lang = packet_get_string(NULL); 523 (r = sshpkt_get_cstring(ssh, NULL, NULL)) != 0)
524 goto out;
515 if (len > 0 && options.log_level >= SYSLOG_LEVEL_INFO) 525 if (len > 0 && options.log_level >= SYSLOG_LEVEL_INFO)
516 fmprintf(stderr, "%s", msg); 526 fmprintf(stderr, "%s", msg);
527 r = 0;
528 out:
517 free(msg); 529 free(msg);
518 free(lang); 530 return r;
519 return 0;
520} 531}
521 532
522/* ARGSUSED */ 533/* ARGSUSED */
523int 534static int
524input_userauth_success(int type, u_int32_t seq, struct ssh *ssh) 535input_userauth_success(int type, u_int32_t seq, struct ssh *ssh)
525{ 536{
526 Authctxt *authctxt = ssh->authctxt; 537 Authctxt *authctxt = ssh->authctxt;
527 538
528 if (authctxt == NULL) 539 if (authctxt == NULL)
529 fatal("input_userauth_success: no authentication context"); 540 fatal("%s: no authentication context", __func__);
530 free(authctxt->authlist); 541 free(authctxt->authlist);
531 authctxt->authlist = NULL; 542 authctxt->authlist = NULL;
532 if (authctxt->method != NULL && authctxt->method->cleanup != NULL) 543 if (authctxt->method != NULL && authctxt->method->cleanup != NULL)
533 authctxt->method->cleanup(authctxt); 544 authctxt->method->cleanup(ssh);
534 free(authctxt->methoddata); 545 free(authctxt->methoddata);
535 authctxt->methoddata = NULL; 546 authctxt->methoddata = NULL;
536 authctxt->success = 1; /* break out */ 547 authctxt->success = 1; /* break out */
537 return 0; 548 return 0;
538} 549}
539 550
540int 551#if 0
552static int
541input_userauth_success_unexpected(int type, u_int32_t seq, struct ssh *ssh) 553input_userauth_success_unexpected(int type, u_int32_t seq, struct ssh *ssh)
542{ 554{
543 Authctxt *authctxt = ssh->authctxt; 555 Authctxt *authctxt = ssh->authctxt;
@@ -549,9 +561,10 @@ input_userauth_success_unexpected(int type, u_int32_t seq, struct ssh *ssh)
549 authctxt->method->name); 561 authctxt->method->name);
550 return 0; 562 return 0;
551} 563}
564#endif
552 565
553/* ARGSUSED */ 566/* ARGSUSED */
554int 567static int
555input_userauth_failure(int type, u_int32_t seq, struct ssh *ssh) 568input_userauth_failure(int type, u_int32_t seq, struct ssh *ssh)
556{ 569{
557 Authctxt *authctxt = ssh->authctxt; 570 Authctxt *authctxt = ssh->authctxt;
@@ -574,7 +587,7 @@ input_userauth_failure(int type, u_int32_t seq, struct ssh *ssh)
574 } 587 }
575 debug("Authentications that can continue: %s", authlist); 588 debug("Authentications that can continue: %s", authlist);
576 589
577 userauth(authctxt, authlist); 590 userauth(ssh, authlist);
578 authlist = NULL; 591 authlist = NULL;
579 out: 592 out:
580 free(authlist); 593 free(authlist);
@@ -606,7 +619,7 @@ format_identity(Identity *id)
606} 619}
607 620
608/* ARGSUSED */ 621/* ARGSUSED */
609int 622static int
610input_userauth_pk_ok(int type, u_int32_t seq, struct ssh *ssh) 623input_userauth_pk_ok(int type, u_int32_t seq, struct ssh *ssh)
611{ 624{
612 Authctxt *authctxt = ssh->authctxt; 625 Authctxt *authctxt = ssh->authctxt;
@@ -661,7 +674,7 @@ input_userauth_pk_ok(int type, u_int32_t seq, struct ssh *ssh)
661 } 674 }
662 ident = format_identity(id); 675 ident = format_identity(id);
663 debug("Server accepts key: %s", ident); 676 debug("Server accepts key: %s", ident);
664 sent = sign_and_send_pubkey(ssh, authctxt, id); 677 sent = sign_and_send_pubkey(ssh, id);
665 r = 0; 678 r = 0;
666 done: 679 done:
667 sshkey_free(key); 680 sshkey_free(key);
@@ -672,40 +685,41 @@ input_userauth_pk_ok(int type, u_int32_t seq, struct ssh *ssh)
672 685
673 /* try another method if we did not send a packet */ 686 /* try another method if we did not send a packet */
674 if (r == 0 && sent == 0) 687 if (r == 0 && sent == 0)
675 userauth(authctxt, NULL); 688 userauth(ssh, NULL);
676 return r; 689 return r;
677} 690}
678 691
679#ifdef GSSAPI 692#ifdef GSSAPI
680int 693static int
681userauth_gssapi(Authctxt *authctxt) 694userauth_gssapi(struct ssh *ssh)
682{ 695{
683 struct ssh *ssh = active_state; /* XXX */ 696 Authctxt *authctxt = (Authctxt *)ssh->authctxt;
684 Gssctxt *gssctxt = NULL; 697 Gssctxt *gssctxt = NULL;
685 static gss_OID_set gss_supported = NULL;
686 static u_int mech = 0;
687 OM_uint32 min; 698 OM_uint32 min;
688 int r, ok = 0; 699 int r, ok = 0;
700 gss_OID mech = NULL;
689 701
690 /* Try one GSSAPI method at a time, rather than sending them all at 702 /* Try one GSSAPI method at a time, rather than sending them all at
691 * once. */ 703 * once. */
692 704
693 if (gss_supported == NULL) 705 if (authctxt->gss_supported_mechs == NULL)
694 gss_indicate_mechs(&min, &gss_supported); 706 gss_indicate_mechs(&min, &authctxt->gss_supported_mechs);
695 707
696 /* Check to see if the mechanism is usable before we offer it */ 708 /* Check to see whether the mechanism is usable before we offer it */
697 while (mech < gss_supported->count && !ok) { 709 while (authctxt->mech_tried < authctxt->gss_supported_mechs->count &&
710 !ok) {
711 mech = &authctxt->gss_supported_mechs->
712 elements[authctxt->mech_tried];
698 /* My DER encoding requires length<128 */ 713 /* My DER encoding requires length<128 */
699 if (gss_supported->elements[mech].length < 128 && 714 if (mech->length < 128 && ssh_gssapi_check_mechanism(&gssctxt,
700 ssh_gssapi_check_mechanism(&gssctxt, 715 mech, authctxt->host)) {
701 &gss_supported->elements[mech], authctxt->host)) {
702 ok = 1; /* Mechanism works */ 716 ok = 1; /* Mechanism works */
703 } else { 717 } else {
704 mech++; 718 authctxt->mech_tried++;
705 } 719 }
706 } 720 }
707 721
708 if (!ok) 722 if (!ok || mech == NULL)
709 return 0; 723 return 0;
710 724
711 authctxt->methoddata=(void *)gssctxt; 725 authctxt->methoddata=(void *)gssctxt;
@@ -715,14 +729,10 @@ userauth_gssapi(Authctxt *authctxt)
715 (r = sshpkt_put_cstring(ssh, authctxt->service)) != 0 || 729 (r = sshpkt_put_cstring(ssh, authctxt->service)) != 0 ||
716 (r = sshpkt_put_cstring(ssh, authctxt->method->name)) != 0 || 730 (r = sshpkt_put_cstring(ssh, authctxt->method->name)) != 0 ||
717 (r = sshpkt_put_u32(ssh, 1)) != 0 || 731 (r = sshpkt_put_u32(ssh, 1)) != 0 ||
718 (r = sshpkt_put_u32(ssh, 732 (r = sshpkt_put_u32(ssh, (mech->length) + 2)) != 0 ||
719 (gss_supported->elements[mech].length) + 2)) != 0 ||
720 (r = sshpkt_put_u8(ssh, SSH_GSS_OIDTYPE)) != 0 || 733 (r = sshpkt_put_u8(ssh, SSH_GSS_OIDTYPE)) != 0 ||
721 (r = sshpkt_put_u8(ssh, 734 (r = sshpkt_put_u8(ssh, mech->length)) != 0 ||
722 gss_supported->elements[mech].length)) != 0 || 735 (r = sshpkt_put(ssh, mech->elements, mech->length)) != 0 ||
723 (r = sshpkt_put(ssh,
724 gss_supported->elements[mech].elements,
725 gss_supported->elements[mech].length)) != 0 ||
726 (r = sshpkt_send(ssh)) != 0) 736 (r = sshpkt_send(ssh)) != 0)
727 fatal("%s: %s", __func__, ssh_err(r)); 737 fatal("%s: %s", __func__, ssh_err(r));
728 738
@@ -731,11 +741,24 @@ userauth_gssapi(Authctxt *authctxt)
731 ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_ERROR, &input_gssapi_error); 741 ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_ERROR, &input_gssapi_error);
732 ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, &input_gssapi_errtok); 742 ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, &input_gssapi_errtok);
733 743
734 mech++; /* Move along to next candidate */ 744 authctxt->mech_tried++; /* Move along to next candidate */
735 745
736 return 1; 746 return 1;
737} 747}
738 748
749static void
750userauth_gssapi_cleanup(struct ssh *ssh)
751{
752 Authctxt *authctxt = (Authctxt *)ssh->authctxt;
753 Gssctxt *gssctxt = (Gssctxt *)authctxt->methoddata;
754
755 ssh_gssapi_delete_ctx(&gssctxt);
756 authctxt->methoddata = NULL;
757
758 free(authctxt->gss_supported_mechs);
759 authctxt->gss_supported_mechs = NULL;
760}
761
739static OM_uint32 762static OM_uint32
740process_gssapi_token(struct ssh *ssh, gss_buffer_t recv_tok) 763process_gssapi_token(struct ssh *ssh, gss_buffer_t recv_tok)
741{ 764{
@@ -803,7 +826,7 @@ process_gssapi_token(struct ssh *ssh, gss_buffer_t recv_tok)
803} 826}
804 827
805/* ARGSUSED */ 828/* ARGSUSED */
806int 829static int
807input_gssapi_response(int type, u_int32_t plen, struct ssh *ssh) 830input_gssapi_response(int type, u_int32_t plen, struct ssh *ssh)
808{ 831{
809 Authctxt *authctxt = ssh->authctxt; 832 Authctxt *authctxt = ssh->authctxt;
@@ -824,7 +847,7 @@ input_gssapi_response(int type, u_int32_t plen, struct ssh *ssh)
824 oidv[0] != SSH_GSS_OIDTYPE || 847 oidv[0] != SSH_GSS_OIDTYPE ||
825 oidv[1] != oidlen - 2) { 848 oidv[1] != oidlen - 2) {
826 debug("Badly encoded mechanism OID received"); 849 debug("Badly encoded mechanism OID received");
827 userauth(authctxt, NULL); 850 userauth(ssh, NULL);
828 goto ok; 851 goto ok;
829 } 852 }
830 853
@@ -837,7 +860,7 @@ input_gssapi_response(int type, u_int32_t plen, struct ssh *ssh)
837 if (GSS_ERROR(process_gssapi_token(ssh, GSS_C_NO_BUFFER))) { 860 if (GSS_ERROR(process_gssapi_token(ssh, GSS_C_NO_BUFFER))) {
838 /* Start again with next method on list */ 861 /* Start again with next method on list */
839 debug("Trying to start again"); 862 debug("Trying to start again");
840 userauth(authctxt, NULL); 863 userauth(ssh, NULL);
841 goto ok; 864 goto ok;
842 } 865 }
843 ok: 866 ok:
@@ -848,7 +871,7 @@ input_gssapi_response(int type, u_int32_t plen, struct ssh *ssh)
848} 871}
849 872
850/* ARGSUSED */ 873/* ARGSUSED */
851int 874static int
852input_gssapi_token(int type, u_int32_t plen, struct ssh *ssh) 875input_gssapi_token(int type, u_int32_t plen, struct ssh *ssh)
853{ 876{
854 Authctxt *authctxt = ssh->authctxt; 877 Authctxt *authctxt = ssh->authctxt;
@@ -871,7 +894,7 @@ input_gssapi_token(int type, u_int32_t plen, struct ssh *ssh)
871 894
872 /* Start again with the next method in the list */ 895 /* Start again with the next method in the list */
873 if (GSS_ERROR(status)) { 896 if (GSS_ERROR(status)) {
874 userauth(authctxt, NULL); 897 userauth(ssh, NULL);
875 /* ok */ 898 /* ok */
876 } 899 }
877 r = 0; 900 r = 0;
@@ -881,7 +904,7 @@ input_gssapi_token(int type, u_int32_t plen, struct ssh *ssh)
881} 904}
882 905
883/* ARGSUSED */ 906/* ARGSUSED */
884int 907static int
885input_gssapi_errtok(int type, u_int32_t plen, struct ssh *ssh) 908input_gssapi_errtok(int type, u_int32_t plen, struct ssh *ssh)
886{ 909{
887 Authctxt *authctxt = ssh->authctxt; 910 Authctxt *authctxt = ssh->authctxt;
@@ -916,7 +939,7 @@ input_gssapi_errtok(int type, u_int32_t plen, struct ssh *ssh)
916} 939}
917 940
918/* ARGSUSED */ 941/* ARGSUSED */
919int 942static int
920input_gssapi_error(int type, u_int32_t plen, struct ssh *ssh) 943input_gssapi_error(int type, u_int32_t plen, struct ssh *ssh)
921{ 944{
922 char *msg = NULL; 945 char *msg = NULL;
@@ -937,10 +960,10 @@ input_gssapi_error(int type, u_int32_t plen, struct ssh *ssh)
937} 960}
938#endif /* GSSAPI */ 961#endif /* GSSAPI */
939 962
940int 963static int
941userauth_none(Authctxt *authctxt) 964userauth_none(struct ssh *ssh)
942{ 965{
943 struct ssh *ssh = active_state; /* XXX */ 966 Authctxt *authctxt = (Authctxt *)ssh->authctxt;
944 int r; 967 int r;
945 968
946 /* initial userauth request */ 969 /* initial userauth request */
@@ -953,25 +976,22 @@ userauth_none(Authctxt *authctxt)
953 return 1; 976 return 1;
954} 977}
955 978
956int 979static int
957userauth_passwd(Authctxt *authctxt) 980userauth_passwd(struct ssh *ssh)
958{ 981{
959 struct ssh *ssh = active_state; /* XXX */ 982 Authctxt *authctxt = (Authctxt *)ssh->authctxt;
960 static int attempt = 0; 983 char *password, *prompt = NULL;
961 char prompt[256];
962 char *password;
963 const char *host = options.host_key_alias ? options.host_key_alias : 984 const char *host = options.host_key_alias ? options.host_key_alias :
964 authctxt->host; 985 authctxt->host;
965 int r; 986 int r;
966 987
967 if (attempt++ >= options.number_of_password_prompts) 988 if (authctxt->attempt_passwd++ >= options.number_of_password_prompts)
968 return 0; 989 return 0;
969 990
970 if (attempt != 1) 991 if (authctxt->attempt_passwd != 1)
971 error("Permission denied, please try again."); 992 error("Permission denied, please try again.");
972 993
973 snprintf(prompt, sizeof(prompt), "%.30s@%.128s's password: ", 994 xasprintf(&prompt, "%s@%s's password: ", authctxt->server_user, host);
974 authctxt->server_user, host);
975 password = read_passphrase(prompt, 0); 995 password = read_passphrase(prompt, 0);
976 if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_REQUEST)) != 0 || 996 if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_REQUEST)) != 0 ||
977 (r = sshpkt_put_cstring(ssh, authctxt->server_user)) != 0 || 997 (r = sshpkt_put_cstring(ssh, authctxt->server_user)) != 0 ||
@@ -983,7 +1003,8 @@ userauth_passwd(Authctxt *authctxt)
983 (r = sshpkt_send(ssh)) != 0) 1003 (r = sshpkt_send(ssh)) != 0)
984 fatal("%s: %s", __func__, ssh_err(r)); 1004 fatal("%s: %s", __func__, ssh_err(r));
985 1005
986 if (password) 1006 free(prompt);
1007 if (password != NULL)
987 freezero(password, strlen(password)); 1008 freezero(password, strlen(password));
988 1009
989 ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ, 1010 ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ,
@@ -996,7 +1017,7 @@ userauth_passwd(Authctxt *authctxt)
996 * parse PASSWD_CHANGEREQ, prompt user and send SSH2_MSG_USERAUTH_REQUEST 1017 * parse PASSWD_CHANGEREQ, prompt user and send SSH2_MSG_USERAUTH_REQUEST
997 */ 1018 */
998/* ARGSUSED */ 1019/* ARGSUSED */
999int 1020static int
1000input_userauth_passwd_changereq(int type, u_int32_t seqnr, struct ssh *ssh) 1021input_userauth_passwd_changereq(int type, u_int32_t seqnr, struct ssh *ssh)
1001{ 1022{
1002 Authctxt *authctxt = ssh->authctxt; 1023 Authctxt *authctxt = ssh->authctxt;
@@ -1180,8 +1201,9 @@ id_filename_matches(Identity *id, Identity *private_id)
1180} 1201}
1181 1202
1182static int 1203static int
1183sign_and_send_pubkey(struct ssh *ssh, Authctxt *authctxt, Identity *id) 1204sign_and_send_pubkey(struct ssh *ssh, Identity *id)
1184{ 1205{
1206 Authctxt *authctxt = (Authctxt *)ssh->authctxt;
1185 struct sshbuf *b = NULL; 1207 struct sshbuf *b = NULL;
1186 Identity *private_id, *sign_id = NULL; 1208 Identity *private_id, *sign_id = NULL;
1187 u_char *signature = NULL; 1209 u_char *signature = NULL;
@@ -1339,8 +1361,9 @@ sign_and_send_pubkey(struct ssh *ssh, Authctxt *authctxt, Identity *id)
1339} 1361}
1340 1362
1341static int 1363static int
1342send_pubkey_test(struct ssh *ssh, Authctxt *authctxt, Identity *id) 1364send_pubkey_test(struct ssh *ssh, Identity *id)
1343{ 1365{
1366 Authctxt *authctxt = (Authctxt *)ssh->authctxt;
1344 u_char *blob = NULL; 1367 u_char *blob = NULL;
1345 char *alg = NULL; 1368 char *alg = NULL;
1346 size_t bloblen; 1369 size_t bloblen;
@@ -1616,12 +1639,15 @@ pubkey_prepare(Authctxt *authctxt)
1616} 1639}
1617 1640
1618static void 1641static void
1619pubkey_cleanup(Authctxt *authctxt) 1642pubkey_cleanup(struct ssh *ssh)
1620{ 1643{
1644 Authctxt *authctxt = (Authctxt *)ssh->authctxt;
1621 Identity *id; 1645 Identity *id;
1622 1646
1623 if (authctxt->agent_fd != -1) 1647 if (authctxt->agent_fd != -1) {
1624 ssh_close_authentication_socket(authctxt->agent_fd); 1648 ssh_close_authentication_socket(authctxt->agent_fd);
1649 authctxt->agent_fd = -1;
1650 }
1625 for (id = TAILQ_FIRST(&authctxt->keys); id; 1651 for (id = TAILQ_FIRST(&authctxt->keys); id;
1626 id = TAILQ_FIRST(&authctxt->keys)) { 1652 id = TAILQ_FIRST(&authctxt->keys)) {
1627 TAILQ_REMOVE(&authctxt->keys, id, next); 1653 TAILQ_REMOVE(&authctxt->keys, id, next);
@@ -1654,10 +1680,10 @@ try_identity(Identity *id)
1654 return 1; 1680 return 1;
1655} 1681}
1656 1682
1657int 1683static int
1658userauth_pubkey(Authctxt *authctxt) 1684userauth_pubkey(struct ssh *ssh)
1659{ 1685{
1660 struct ssh *ssh = active_state; /* XXX */ 1686 Authctxt *authctxt = (Authctxt *)ssh->authctxt;
1661 Identity *id; 1687 Identity *id;
1662 int sent = 0; 1688 int sent = 0;
1663 char *ident; 1689 char *ident;
@@ -1678,7 +1704,7 @@ userauth_pubkey(Authctxt *authctxt)
1678 ident = format_identity(id); 1704 ident = format_identity(id);
1679 debug("Offering public key: %s", ident); 1705 debug("Offering public key: %s", ident);
1680 free(ident); 1706 free(ident);
1681 sent = send_pubkey_test(ssh, authctxt, id); 1707 sent = send_pubkey_test(ssh, id);
1682 } 1708 }
1683 } else { 1709 } else {
1684 debug("Trying private key: %s", id->filename); 1710 debug("Trying private key: %s", id->filename);
@@ -1686,8 +1712,7 @@ userauth_pubkey(Authctxt *authctxt)
1686 if (id->key != NULL) { 1712 if (id->key != NULL) {
1687 if (try_identity(id)) { 1713 if (try_identity(id)) {
1688 id->isprivate = 1; 1714 id->isprivate = 1;
1689 sent = sign_and_send_pubkey(ssh, 1715 sent = sign_and_send_pubkey(ssh, id);
1690 authctxt, id);
1691 } 1716 }
1692 sshkey_free(id->key); 1717 sshkey_free(id->key);
1693 id->key = NULL; 1718 id->key = NULL;
@@ -1703,17 +1728,16 @@ userauth_pubkey(Authctxt *authctxt)
1703/* 1728/*
1704 * Send userauth request message specifying keyboard-interactive method. 1729 * Send userauth request message specifying keyboard-interactive method.
1705 */ 1730 */
1706int 1731static int
1707userauth_kbdint(Authctxt *authctxt) 1732userauth_kbdint(struct ssh *ssh)
1708{ 1733{
1709 struct ssh *ssh = active_state; /* XXX */ 1734 Authctxt *authctxt = (Authctxt *)ssh->authctxt;
1710 static int attempt = 0;
1711 int r; 1735 int r;
1712 1736
1713 if (attempt++ >= options.number_of_password_prompts) 1737 if (authctxt->attempt_kbdint++ >= options.number_of_password_prompts)
1714 return 0; 1738 return 0;
1715 /* disable if no SSH2_MSG_USERAUTH_INFO_REQUEST has been seen */ 1739 /* disable if no SSH2_MSG_USERAUTH_INFO_REQUEST has been seen */
1716 if (attempt > 1 && !authctxt->info_req_seen) { 1740 if (authctxt->attempt_kbdint > 1 && !authctxt->info_req_seen) {
1717 debug3("userauth_kbdint: disable: no info_req_seen"); 1741 debug3("userauth_kbdint: disable: no info_req_seen");
1718 ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_INFO_REQUEST, NULL); 1742 ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_INFO_REQUEST, NULL);
1719 return 0; 1743 return 0;
@@ -1737,7 +1761,7 @@ userauth_kbdint(Authctxt *authctxt)
1737/* 1761/*
1738 * parse INFO_REQUEST, prompt user and send INFO_RESPONSE 1762 * parse INFO_REQUEST, prompt user and send INFO_RESPONSE
1739 */ 1763 */
1740int 1764static int
1741input_userauth_info_req(int type, u_int32_t seq, struct ssh *ssh) 1765input_userauth_info_req(int type, u_int32_t seq, struct ssh *ssh)
1742{ 1766{
1743 Authctxt *authctxt = ssh->authctxt; 1767 Authctxt *authctxt = ssh->authctxt;
@@ -1803,13 +1827,14 @@ input_userauth_info_req(int type, u_int32_t seq, struct ssh *ssh)
1803} 1827}
1804 1828
1805static int 1829static int
1806ssh_keysign(struct sshkey *key, u_char **sigp, size_t *lenp, 1830ssh_keysign(struct ssh *ssh, struct sshkey *key, u_char **sigp, size_t *lenp,
1807 const u_char *data, size_t datalen) 1831 const u_char *data, size_t datalen)
1808{ 1832{
1809 struct sshbuf *b; 1833 struct sshbuf *b;
1810 struct stat st; 1834 struct stat st;
1811 pid_t pid; 1835 pid_t pid;
1812 int i, r, to[2], from[2], status, sock = packet_get_connection_in(); 1836 int i, r, to[2], from[2], status;
1837 int sock = ssh_packet_get_connection_in(ssh);
1813 u_char rversion = 0, version = 2; 1838 u_char rversion = 0, version = 2;
1814 void (*osigchld)(int); 1839 void (*osigchld)(int);
1815 1840
@@ -1916,10 +1941,10 @@ ssh_keysign(struct sshkey *key, u_char **sigp, size_t *lenp,
1916 return 0; 1941 return 0;
1917} 1942}
1918 1943
1919int 1944static int
1920userauth_hostbased(Authctxt *authctxt) 1945userauth_hostbased(struct ssh *ssh)
1921{ 1946{
1922 struct ssh *ssh = active_state; /* XXX */ 1947 Authctxt *authctxt = (Authctxt *)ssh->authctxt;
1923 struct sshkey *private = NULL; 1948 struct sshkey *private = NULL;
1924 struct sshbuf *b = NULL; 1949 struct sshbuf *b = NULL;
1925 u_char *sig = NULL, *keyblob = NULL; 1950 u_char *sig = NULL, *keyblob = NULL;
@@ -1983,7 +2008,8 @@ userauth_hostbased(Authctxt *authctxt)
1983 __func__, sshkey_ssh_name(private), fp); 2008 __func__, sshkey_ssh_name(private), fp);
1984 2009
1985 /* figure out a name for the client host */ 2010 /* figure out a name for the client host */
1986 if ((lname = get_local_name(packet_get_connection_in())) == NULL) { 2011 lname = get_local_name(ssh_packet_get_connection_in(ssh));
2012 if (lname == NULL) {
1987 error("%s: cannot get local ipaddr/name", __func__); 2013 error("%s: cannot get local ipaddr/name", __func__);
1988 goto out; 2014 goto out;
1989 } 2015 }
@@ -2017,9 +2043,8 @@ userauth_hostbased(Authctxt *authctxt)
2017#ifdef DEBUG_PK 2043#ifdef DEBUG_PK
2018 sshbuf_dump(b, stderr); 2044 sshbuf_dump(b, stderr);
2019#endif 2045#endif
2020 r = ssh_keysign(private, &sig, &siglen, 2046 if ((r = ssh_keysign(ssh, private, &sig, &siglen,
2021 sshbuf_ptr(b), sshbuf_len(b)); 2047 sshbuf_ptr(b), sshbuf_len(b))) != 0) {
2022 if (r != 0) {
2023 error("sign using hostkey %s %s failed", 2048 error("sign using hostkey %s %s failed",
2024 sshkey_ssh_name(private), fp); 2049 sshkey_ssh_name(private), fp);
2025 goto out; 2050 goto out;