2005-07-05 01:21:44 +00:00
|
|
|
/*
|
2009-03-29 20:19:18 +00:00
|
|
|
* auth1.c - authentication with SSH protocols
|
|
|
|
|
*
|
|
|
|
|
* This file is part of the SSH Library
|
|
|
|
|
*
|
|
|
|
|
* Copyright (c) 2003-2008 by Aris Adamantiadis
|
|
|
|
|
* Copyright (c) 2008-2009 Andreas Schneider <mail@cynapses.org>
|
|
|
|
|
*
|
|
|
|
|
* The SSH Library is free software; you can redistribute it and/or modify
|
|
|
|
|
* it under the terms of the GNU Lesser General Public License as published by
|
|
|
|
|
* the Free Software Foundation; either version 2.1 of the License, or (at your
|
|
|
|
|
* option) any later version.
|
|
|
|
|
*
|
|
|
|
|
* The SSH Library is distributed in the hope that it will be useful, but
|
|
|
|
|
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
|
|
|
|
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
|
|
|
|
|
* License for more details.
|
|
|
|
|
*
|
|
|
|
|
* You should have received a copy of the GNU Lesser General Public License
|
|
|
|
|
* along with the SSH Library; see the file COPYING. If not, write to
|
|
|
|
|
* the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
|
|
|
|
|
* MA 02111-1307, USA.
|
|
|
|
|
*/
|
2005-07-05 01:21:44 +00:00
|
|
|
|
2005-10-04 22:11:19 +00:00
|
|
|
#include <stdlib.h>
|
|
|
|
|
#include <stdio.h>
|
2005-07-05 01:21:44 +00:00
|
|
|
#include <string.h>
|
2008-03-12 01:27:21 +00:00
|
|
|
|
2009-06-09 12:03:00 +00:00
|
|
|
#ifndef _WIN32
|
|
|
|
|
#include <arpa/inet.h>
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#include "libssh/priv.h"
|
|
|
|
|
#include "libssh/ssh2.h"
|
2009-09-23 23:51:04 +02:00
|
|
|
#include "libssh/buffer.h"
|
|
|
|
|
#include "libssh/agent.h"
|
|
|
|
|
#include "libssh/keyfiles.h"
|
2010-02-28 22:51:21 +01:00
|
|
|
#include "libssh/misc.h"
|
2009-09-23 23:51:04 +02:00
|
|
|
#include "libssh/packet.h"
|
|
|
|
|
#include "libssh/session.h"
|
2009-09-26 01:15:48 +02:00
|
|
|
#include "libssh/keys.h"
|
2009-12-26 20:24:07 +01:00
|
|
|
#include "libssh/auth.h"
|
2009-06-09 12:03:00 +00:00
|
|
|
|
2010-04-04 14:33:08 +02:00
|
|
|
/**
|
|
|
|
|
* @defgroup libssh_auth The SSH authentication functions.
|
|
|
|
|
* @ingroup libssh
|
|
|
|
|
*
|
|
|
|
|
* Functions to authenticate with a server.
|
|
|
|
|
*
|
|
|
|
|
* @{
|
2006-11-12 00:14:55 +00:00
|
|
|
*/
|
|
|
|
|
|
2009-12-26 16:51:33 +01:00
|
|
|
/**
|
|
|
|
|
* @internal
|
2010-04-04 14:33:08 +02:00
|
|
|
*
|
|
|
|
|
* @brief Ask access to the ssh-userauth service.
|
|
|
|
|
*
|
|
|
|
|
* @param[in] session The SSH session handle.
|
|
|
|
|
*
|
|
|
|
|
* @returns SSH_OK on success, SSH_ERROR on error.
|
|
|
|
|
*
|
2009-12-26 16:51:33 +01:00
|
|
|
* @bug current implementation is blocking
|
|
|
|
|
*/
|
2009-09-23 21:55:54 +02:00
|
|
|
static int ask_userauth(ssh_session session) {
|
2009-04-30 14:00:07 +00:00
|
|
|
int rc = 0;
|
|
|
|
|
|
|
|
|
|
enter_function();
|
2009-12-26 16:51:33 +01:00
|
|
|
do {
|
|
|
|
|
rc=ssh_service_request(session,"ssh-userauth");
|
|
|
|
|
if(rc==SSH_AGAIN)
|
2010-01-08 23:05:10 +01:00
|
|
|
ssh_handle_packets(session,-1);
|
2009-12-26 16:51:33 +01:00
|
|
|
} while(rc==SSH_AGAIN);
|
2009-04-30 14:00:07 +00:00
|
|
|
leave_function();
|
|
|
|
|
return rc;
|
2005-07-05 01:21:44 +00:00
|
|
|
}
|
|
|
|
|
|
2010-04-04 14:33:08 +02:00
|
|
|
/**
|
|
|
|
|
* @internal
|
|
|
|
|
*
|
|
|
|
|
* @brief Handles a SSH_USERAUTH_BANNER packet.
|
|
|
|
|
*
|
2009-12-26 20:24:07 +01:00
|
|
|
* This banner should be shown to user prior to authentication
|
|
|
|
|
*/
|
|
|
|
|
SSH_PACKET_CALLBACK(ssh_packet_userauth_banner){
|
|
|
|
|
ssh_string banner;
|
|
|
|
|
(void)type;
|
|
|
|
|
(void)user;
|
|
|
|
|
enter_function();
|
|
|
|
|
banner = buffer_get_ssh_string(packet);
|
|
|
|
|
if (banner == NULL) {
|
|
|
|
|
ssh_log(session, SSH_LOG_RARE,
|
|
|
|
|
"Invalid SSH_USERAUTH_BANNER packet");
|
|
|
|
|
} else {
|
|
|
|
|
ssh_log(session, SSH_LOG_PACKET,
|
|
|
|
|
"Received SSH_USERAUTH_BANNER packet");
|
|
|
|
|
if(session->banner != NULL)
|
2010-05-14 00:51:08 +02:00
|
|
|
ssh_string_free(session->banner);
|
2009-12-26 20:24:07 +01:00
|
|
|
session->banner = banner;
|
|
|
|
|
}
|
|
|
|
|
leave_function();
|
|
|
|
|
return SSH_PACKET_USED;
|
|
|
|
|
}
|
|
|
|
|
|
2010-04-04 14:33:08 +02:00
|
|
|
/**
|
|
|
|
|
* @internal
|
|
|
|
|
*
|
|
|
|
|
* @brief Handles a SSH_USERAUTH_FAILURE packet.
|
|
|
|
|
*
|
|
|
|
|
* This handles the complete or partial authentication failure.
|
2009-12-26 21:59:37 +01:00
|
|
|
*/
|
|
|
|
|
SSH_PACKET_CALLBACK(ssh_packet_userauth_failure){
|
2009-04-30 14:18:44 +00:00
|
|
|
char *auth_methods = NULL;
|
2009-07-24 21:45:41 +02:00
|
|
|
ssh_string auth;
|
2009-07-25 23:19:41 +02:00
|
|
|
uint8_t partial = 0;
|
2009-12-26 21:59:37 +01:00
|
|
|
(void) type;
|
|
|
|
|
(void) user;
|
2009-04-30 14:18:44 +00:00
|
|
|
enter_function();
|
|
|
|
|
|
2009-12-26 21:59:37 +01:00
|
|
|
auth = buffer_get_ssh_string(packet);
|
|
|
|
|
if (auth == NULL || buffer_get_u8(packet, &partial) != 1) {
|
|
|
|
|
ssh_set_error(session, SSH_FATAL,
|
|
|
|
|
"Invalid SSH_MSG_USERAUTH_FAILURE message");
|
|
|
|
|
session->auth_state=SSH_AUTH_STATE_ERROR;
|
|
|
|
|
goto end;
|
|
|
|
|
}
|
2009-04-30 14:18:44 +00:00
|
|
|
|
2010-05-14 00:51:08 +02:00
|
|
|
auth_methods = ssh_string_to_char(auth);
|
2009-12-26 21:59:37 +01:00
|
|
|
if (auth_methods == NULL) {
|
|
|
|
|
ssh_set_error_oom(session);
|
|
|
|
|
goto end;
|
|
|
|
|
}
|
2009-04-30 14:18:44 +00:00
|
|
|
|
2009-12-26 21:59:37 +01:00
|
|
|
if (partial) {
|
|
|
|
|
session->auth_state=SSH_AUTH_STATE_PARTIAL;
|
|
|
|
|
ssh_log(session,SSH_LOG_PROTOCOL,
|
|
|
|
|
"Partial success. Authentication that can continue: %s",
|
|
|
|
|
auth_methods);
|
|
|
|
|
} else {
|
|
|
|
|
session->auth_state=SSH_AUTH_STATE_FAILED;
|
|
|
|
|
ssh_log(session, SSH_LOG_PROTOCOL,
|
|
|
|
|
"Access denied. Authentication that can continue: %s",
|
|
|
|
|
auth_methods);
|
|
|
|
|
ssh_set_error(session, SSH_REQUEST_DENIED,
|
|
|
|
|
"Access denied. Authentication that can continue: %s",
|
|
|
|
|
auth_methods);
|
2009-04-30 14:18:44 +00:00
|
|
|
|
2009-12-26 21:59:37 +01:00
|
|
|
session->auth_methods = 0;
|
|
|
|
|
}
|
|
|
|
|
if (strstr(auth_methods, "password") != NULL) {
|
|
|
|
|
session->auth_methods |= SSH_AUTH_METHOD_PASSWORD;
|
|
|
|
|
}
|
|
|
|
|
if (strstr(auth_methods, "keyboard-interactive") != NULL) {
|
|
|
|
|
session->auth_methods |= SSH_AUTH_METHOD_INTERACTIVE;
|
|
|
|
|
}
|
|
|
|
|
if (strstr(auth_methods, "publickey") != NULL) {
|
|
|
|
|
session->auth_methods |= SSH_AUTH_METHOD_PUBLICKEY;
|
|
|
|
|
}
|
|
|
|
|
if (strstr(auth_methods, "hostbased") != NULL) {
|
|
|
|
|
session->auth_methods |= SSH_AUTH_METHOD_HOSTBASED;
|
|
|
|
|
}
|
2009-04-30 14:18:44 +00:00
|
|
|
|
2009-12-26 21:59:37 +01:00
|
|
|
end:
|
2010-05-14 00:51:08 +02:00
|
|
|
ssh_string_free(auth);
|
2009-12-26 21:59:37 +01:00
|
|
|
SAFE_FREE(auth_methods);
|
|
|
|
|
leave_function();
|
|
|
|
|
return SSH_PACKET_USED;
|
|
|
|
|
}
|
|
|
|
|
|
2010-04-04 14:33:08 +02:00
|
|
|
/**
|
|
|
|
|
* @internal
|
|
|
|
|
*
|
|
|
|
|
* @brief Handles a SSH_USERAUTH_SUCCESS packet.
|
|
|
|
|
*
|
|
|
|
|
* It is also used to communicate the new to the upper levels.
|
2009-12-26 21:59:37 +01:00
|
|
|
*/
|
|
|
|
|
SSH_PACKET_CALLBACK(ssh_packet_userauth_success){
|
|
|
|
|
enter_function();
|
|
|
|
|
(void)packet;
|
|
|
|
|
(void)type;
|
|
|
|
|
(void)user;
|
|
|
|
|
ssh_log(session,SSH_LOG_PACKET,"Received SSH_USERAUTH_SUCCESS");
|
|
|
|
|
ssh_log(session,SSH_LOG_PROTOCOL,"Authentication successful");
|
|
|
|
|
session->auth_state=SSH_AUTH_STATE_SUCCESS;
|
|
|
|
|
session->session_state=SSH_SESSION_STATE_AUTHENTICATED;
|
|
|
|
|
leave_function();
|
|
|
|
|
return SSH_PACKET_USED;
|
|
|
|
|
}
|
|
|
|
|
|
2010-04-04 14:33:08 +02:00
|
|
|
/**
|
|
|
|
|
* @internal
|
|
|
|
|
*
|
|
|
|
|
* @brief Handles a SSH_USERAUTH_PK_OK or SSH_USERAUTH_INFO_REQUEST packet.
|
|
|
|
|
*
|
|
|
|
|
* Since the two types of packets share the same code, additional work is done
|
|
|
|
|
* to understand if we are in a public key or keyboard-interactive context.
|
2009-12-26 21:59:37 +01:00
|
|
|
*/
|
|
|
|
|
SSH_PACKET_CALLBACK(ssh_packet_userauth_pk_ok){
|
2010-05-19 14:07:40 +02:00
|
|
|
int rc;
|
|
|
|
|
enter_function();
|
2009-12-26 21:59:37 +01:00
|
|
|
ssh_log(session,SSH_LOG_PACKET,"Received SSH_USERAUTH_PK_OK/INFO_REQUEST");
|
2010-05-19 14:07:40 +02:00
|
|
|
if(session->auth_state==SSH_AUTH_STATE_KBDINT_SENT){
|
2009-12-26 21:59:37 +01:00
|
|
|
/* Assuming we are in keyboard-interactive context */
|
2010-05-19 14:07:40 +02:00
|
|
|
ssh_log(session,SSH_LOG_PACKET,"keyboard-interactive context, assuming SSH_USERAUTH_INFO_REQUEST");
|
|
|
|
|
rc=ssh_packet_userauth_info_request(session,type,packet,user);
|
2009-12-26 21:59:37 +01:00
|
|
|
} else {
|
|
|
|
|
session->auth_state=SSH_AUTH_STATE_PK_OK;
|
|
|
|
|
ssh_log(session,SSH_LOG_PACKET,"assuming SSH_USERAUTH_PK_OK");
|
2010-05-19 14:07:40 +02:00
|
|
|
rc=SSH_PACKET_USED;
|
2009-04-30 14:18:44 +00:00
|
|
|
}
|
2009-12-26 21:59:37 +01:00
|
|
|
leave_function();
|
2010-05-19 14:07:40 +02:00
|
|
|
return rc;
|
2009-12-26 21:59:37 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int wait_auth_status(ssh_session session) {
|
|
|
|
|
int rc = SSH_AUTH_ERROR;
|
|
|
|
|
|
|
|
|
|
enter_function();
|
2009-04-30 14:18:44 +00:00
|
|
|
|
2010-05-19 14:07:40 +02:00
|
|
|
while (session->auth_state == SSH_AUTH_STATE_NONE ||
|
|
|
|
|
session->auth_state == SSH_AUTH_STATE_KBDINT_SENT) {
|
2010-04-24 22:46:19 +02:00
|
|
|
if (ssh_handle_packets(session,-1) != SSH_OK)
|
|
|
|
|
break;
|
2009-12-26 21:59:37 +01:00
|
|
|
}
|
|
|
|
|
switch(session->auth_state){
|
|
|
|
|
case SSH_AUTH_STATE_ERROR:
|
|
|
|
|
rc=SSH_AUTH_ERROR;
|
|
|
|
|
break;
|
|
|
|
|
case SSH_AUTH_STATE_FAILED:
|
|
|
|
|
rc=SSH_AUTH_DENIED;
|
|
|
|
|
break;
|
|
|
|
|
case SSH_AUTH_STATE_INFO:
|
|
|
|
|
rc=SSH_AUTH_INFO;
|
|
|
|
|
break;
|
|
|
|
|
case SSH_AUTH_STATE_PARTIAL:
|
|
|
|
|
rc=SSH_AUTH_PARTIAL;
|
|
|
|
|
break;
|
|
|
|
|
case SSH_AUTH_STATE_PK_OK:
|
|
|
|
|
case SSH_AUTH_STATE_SUCCESS:
|
|
|
|
|
rc=SSH_AUTH_SUCCESS;
|
|
|
|
|
break;
|
2010-05-19 14:07:40 +02:00
|
|
|
case SSH_AUTH_STATE_KBDINT_SENT:
|
2009-12-26 21:59:37 +01:00
|
|
|
case SSH_AUTH_STATE_NONE:
|
|
|
|
|
/* not reached */
|
|
|
|
|
rc=SSH_AUTH_ERROR;
|
|
|
|
|
break;
|
|
|
|
|
}
|
2009-04-30 14:18:44 +00:00
|
|
|
leave_function();
|
|
|
|
|
return rc;
|
2005-07-05 01:21:44 +00:00
|
|
|
}
|
|
|
|
|
|
2010-08-19 19:51:18 +02:00
|
|
|
/**
|
|
|
|
|
* @brief retrieves available authentication methods for this session
|
2010-08-20 12:59:42 +02:00
|
|
|
* @deprecated
|
2010-08-19 19:51:18 +02:00
|
|
|
* @see ssh_userauth_list
|
|
|
|
|
*/
|
2009-09-23 21:55:54 +02:00
|
|
|
int ssh_auth_list(ssh_session session) {
|
2010-08-19 19:51:18 +02:00
|
|
|
return ssh_userauth_list(session, NULL);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief retrieves available authentication methods for this session
|
|
|
|
|
* @param[in] session the SSH session
|
|
|
|
|
* @param[in] username set to NULL
|
|
|
|
|
* @returns A bitfield of values SSH_AUTH_METHOD_NONE, SSH_AUTH_METHOD_PASSWORD,
|
|
|
|
|
SSH_AUTH_METHOD_PUBLICKEY, SSH_AUTH_METHOD_HOSTBASED,
|
|
|
|
|
SSH_AUTH_METHOD_INTERACTIVE.
|
|
|
|
|
@warning Other reserved flags may appear in future versions.
|
|
|
|
|
*/
|
|
|
|
|
int ssh_userauth_list(ssh_session session, const char *username) {
|
2009-04-30 14:19:14 +00:00
|
|
|
if (session == NULL) {
|
2010-08-19 19:51:18 +02:00
|
|
|
return SSH_AUTH_ERROR;
|
2009-04-30 14:19:14 +00:00
|
|
|
}
|
2010-08-19 19:51:18 +02:00
|
|
|
|
2010-01-25 23:23:01 +01:00
|
|
|
#ifdef WITH_SSH1
|
|
|
|
|
if(session->version==1){
|
|
|
|
|
return SSH_AUTH_METHOD_PASSWORD;
|
|
|
|
|
}
|
|
|
|
|
#endif
|
2009-04-30 14:20:47 +00:00
|
|
|
if (session->auth_methods == 0) {
|
|
|
|
|
ssh_userauth_none(session, username);
|
|
|
|
|
}
|
2010-08-19 19:51:18 +02:00
|
|
|
return session->auth_methods;
|
2008-12-14 21:46:31 +00:00
|
|
|
}
|
|
|
|
|
|
2005-07-05 01:21:44 +00:00
|
|
|
/* use the "none" authentication question */
|
|
|
|
|
|
2009-04-30 14:34:36 +00:00
|
|
|
/**
|
|
|
|
|
* @brief Try to authenticate through the "none" method.
|
|
|
|
|
*
|
2010-04-04 14:33:08 +02:00
|
|
|
* @param[in] session The ssh session to use.
|
2009-04-30 14:34:36 +00:00
|
|
|
*
|
2010-04-04 14:33:08 +02:00
|
|
|
* @param[in] username Deprecated, set to NULL.
|
2009-04-30 14:34:36 +00:00
|
|
|
*
|
|
|
|
|
* @returns SSH_AUTH_ERROR: A serious error happened.\n
|
|
|
|
|
* SSH_AUTH_DENIED: Authentication failed: use another method\n
|
|
|
|
|
* SSH_AUTH_PARTIAL: You've been partially authenticated, you still
|
|
|
|
|
* have to use another method\n
|
|
|
|
|
* SSH_AUTH_SUCCESS: Authentication success
|
2006-11-12 00:14:55 +00:00
|
|
|
*/
|
2009-09-23 21:55:54 +02:00
|
|
|
int ssh_userauth_none(ssh_session session, const char *username) {
|
2009-07-24 21:45:41 +02:00
|
|
|
ssh_string user = NULL;
|
|
|
|
|
ssh_string service = NULL;
|
|
|
|
|
ssh_string method = NULL;
|
2009-04-30 14:34:36 +00:00
|
|
|
int rc = SSH_AUTH_ERROR;
|
2006-11-12 00:14:55 +00:00
|
|
|
|
2009-04-30 14:34:36 +00:00
|
|
|
enter_function();
|
2009-04-07 13:40:40 +00:00
|
|
|
|
2009-07-27 23:17:35 +02:00
|
|
|
#ifdef WITH_SSH1
|
2009-04-30 14:34:36 +00:00
|
|
|
if (session->version == 1) {
|
2010-01-25 23:23:01 +01:00
|
|
|
rc = ssh_userauth1_none(session, username);
|
2009-04-30 14:34:36 +00:00
|
|
|
leave_function();
|
|
|
|
|
return rc;
|
|
|
|
|
}
|
|
|
|
|
#endif
|
2010-04-24 23:01:18 +02:00
|
|
|
if(session->auth_methods != 0){
|
|
|
|
|
/* userauth_none or other method was already tried before */
|
|
|
|
|
ssh_set_error(session,SSH_REQUEST_DENIED,"None method rejected by server");
|
|
|
|
|
leave_function();
|
|
|
|
|
return SSH_AUTH_DENIED;
|
|
|
|
|
}
|
2009-04-30 14:34:36 +00:00
|
|
|
if (username == NULL) {
|
2009-10-02 14:06:41 +02:00
|
|
|
if (session->username == NULL) {
|
2010-05-21 10:21:03 +02:00
|
|
|
if (ssh_options_apply(session) < 0) {
|
2008-06-12 20:14:17 +00:00
|
|
|
leave_function();
|
2009-04-07 13:40:40 +00:00
|
|
|
return rc;
|
2009-04-30 14:34:36 +00:00
|
|
|
}
|
2008-06-12 20:14:17 +00:00
|
|
|
}
|
2010-05-14 00:51:08 +02:00
|
|
|
user = ssh_string_from_char(session->username);
|
2009-04-30 14:34:36 +00:00
|
|
|
} else {
|
2010-05-14 00:51:08 +02:00
|
|
|
user = ssh_string_from_char(username);
|
2009-04-30 14:34:36 +00:00
|
|
|
}
|
2009-04-07 13:40:40 +00:00
|
|
|
|
2009-04-30 14:34:36 +00:00
|
|
|
if (user == NULL) {
|
|
|
|
|
leave_function();
|
|
|
|
|
return rc;
|
|
|
|
|
}
|
2009-04-07 13:40:40 +00:00
|
|
|
|
2009-04-30 14:34:36 +00:00
|
|
|
if (ask_userauth(session) < 0) {
|
2010-05-14 00:51:08 +02:00
|
|
|
ssh_string_free(user);
|
2009-04-30 14:34:36 +00:00
|
|
|
leave_function();
|
|
|
|
|
return rc;
|
|
|
|
|
}
|
2009-04-07 13:40:40 +00:00
|
|
|
|
2010-05-14 00:51:08 +02:00
|
|
|
method = ssh_string_from_char("none");
|
2009-04-30 14:34:36 +00:00
|
|
|
if (method == NULL) {
|
|
|
|
|
goto error;
|
|
|
|
|
}
|
2010-05-14 00:51:08 +02:00
|
|
|
service = ssh_string_from_char("ssh-connection");
|
2009-04-30 14:34:36 +00:00
|
|
|
if (service == NULL) {
|
|
|
|
|
goto error;
|
|
|
|
|
}
|
2009-04-07 13:40:40 +00:00
|
|
|
|
2009-04-30 14:34:36 +00:00
|
|
|
if (buffer_add_u8(session->out_buffer, SSH2_MSG_USERAUTH_REQUEST) < 0 ||
|
|
|
|
|
buffer_add_ssh_string(session->out_buffer, user) < 0 ||
|
|
|
|
|
buffer_add_ssh_string(session->out_buffer, service) < 0 ||
|
|
|
|
|
buffer_add_ssh_string(session->out_buffer, method) < 0) {
|
|
|
|
|
goto error;
|
|
|
|
|
}
|
|
|
|
|
|
2010-05-14 00:51:08 +02:00
|
|
|
ssh_string_free(service);
|
|
|
|
|
ssh_string_free(method);
|
|
|
|
|
ssh_string_free(user);
|
2009-12-26 21:59:37 +01:00
|
|
|
session->auth_state=SSH_AUTH_STATE_NONE;
|
2009-12-26 20:24:07 +01:00
|
|
|
if (packet_send(session) == SSH_ERROR) {
|
2008-06-12 20:14:17 +00:00
|
|
|
leave_function();
|
2009-04-07 13:40:40 +00:00
|
|
|
return rc;
|
2009-04-30 14:34:36 +00:00
|
|
|
}
|
2009-12-26 21:59:37 +01:00
|
|
|
rc = wait_auth_status(session);
|
2009-04-30 14:34:36 +00:00
|
|
|
|
|
|
|
|
leave_function();
|
|
|
|
|
return rc;
|
2009-04-07 13:40:40 +00:00
|
|
|
error:
|
2009-07-28 18:01:07 +02:00
|
|
|
buffer_reinit(session->out_buffer);
|
2010-05-14 00:51:08 +02:00
|
|
|
ssh_string_free(service);
|
|
|
|
|
ssh_string_free(method);
|
|
|
|
|
ssh_string_free(user);
|
2009-04-07 13:40:40 +00:00
|
|
|
|
2009-04-30 14:34:36 +00:00
|
|
|
leave_function();
|
|
|
|
|
return rc;
|
2005-07-05 01:21:44 +00:00
|
|
|
}
|
|
|
|
|
|
2009-04-30 14:40:32 +00:00
|
|
|
/**
|
|
|
|
|
* @brief Try to authenticate through public key.
|
|
|
|
|
*
|
2010-04-04 14:33:08 +02:00
|
|
|
* @param[in] session The ssh session to use.
|
2009-04-30 14:40:32 +00:00
|
|
|
*
|
2010-04-04 14:33:08 +02:00
|
|
|
* @param[in] username The username to authenticate. You can specify NULL if
|
2009-04-30 14:40:32 +00:00
|
|
|
* ssh_option_set_username() has been used. You cannot try
|
|
|
|
|
* two different logins in a row.
|
|
|
|
|
*
|
2010-04-04 14:33:08 +02:00
|
|
|
* @param[in] type The type of the public key. This value is given by
|
2010-04-28 12:48:47 +02:00
|
|
|
* publickey_from_file() or ssh_privatekey_type().
|
2009-04-30 14:40:32 +00:00
|
|
|
*
|
2010-04-04 14:33:08 +02:00
|
|
|
* @param[in] publickey A public key returned by publickey_from_file().
|
2009-04-30 14:40:32 +00:00
|
|
|
*
|
|
|
|
|
* @returns SSH_AUTH_ERROR: A serious error happened.\n
|
|
|
|
|
* SSH_AUTH_DENIED: The server doesn't accept that public key as an
|
|
|
|
|
* authentication token. Try another key or another
|
|
|
|
|
* method.\n
|
|
|
|
|
* SSH_AUTH_PARTIAL: You've been partially authenticated, you still
|
|
|
|
|
* have to use another method.\n
|
|
|
|
|
* SSH_AUTH_SUCCESS: The public key is accepted, you want now to use
|
|
|
|
|
* ssh_userauth_pubkey().
|
|
|
|
|
*
|
|
|
|
|
* @see publickey_from_file()
|
|
|
|
|
* @see privatekey_from_file()
|
2010-04-28 12:48:47 +02:00
|
|
|
* @see ssh_privatekey_type()
|
2009-04-30 14:40:32 +00:00
|
|
|
* @see ssh_userauth_pubkey()
|
2006-11-12 00:14:55 +00:00
|
|
|
*/
|
2009-09-23 21:55:54 +02:00
|
|
|
int ssh_userauth_offer_pubkey(ssh_session session, const char *username,
|
2009-07-24 21:45:41 +02:00
|
|
|
int type, ssh_string publickey) {
|
|
|
|
|
ssh_string user = NULL;
|
|
|
|
|
ssh_string service = NULL;
|
|
|
|
|
ssh_string method = NULL;
|
|
|
|
|
ssh_string algo = NULL;
|
2009-04-30 14:40:32 +00:00
|
|
|
int rc = SSH_AUTH_ERROR;
|
2006-11-12 00:14:55 +00:00
|
|
|
|
2009-04-30 14:40:32 +00:00
|
|
|
enter_function();
|
2009-04-07 13:40:40 +00:00
|
|
|
|
2009-07-27 23:17:35 +02:00
|
|
|
#ifdef WITH_SSH1
|
2009-04-30 14:40:32 +00:00
|
|
|
if (session->version == 1) {
|
|
|
|
|
ssh_userauth1_offer_pubkey(session, username, type, publickey);
|
|
|
|
|
leave_function();
|
|
|
|
|
return rc;
|
|
|
|
|
}
|
2005-07-05 01:21:44 +00:00
|
|
|
#endif
|
2009-04-30 14:40:32 +00:00
|
|
|
|
|
|
|
|
if (username == NULL) {
|
2009-10-02 14:06:41 +02:00
|
|
|
if (session->username == NULL) {
|
2010-05-21 10:21:03 +02:00
|
|
|
if (ssh_options_apply(session) < 0) {
|
2008-06-12 20:14:17 +00:00
|
|
|
leave_function();
|
2009-04-07 13:40:40 +00:00
|
|
|
return rc;
|
2009-04-30 14:40:32 +00:00
|
|
|
}
|
2009-04-07 13:40:40 +00:00
|
|
|
}
|
2010-05-14 00:51:08 +02:00
|
|
|
user = ssh_string_from_char(session->username);
|
2009-04-30 14:40:32 +00:00
|
|
|
} else {
|
2010-05-14 00:51:08 +02:00
|
|
|
user = ssh_string_from_char(username);
|
2009-04-30 14:40:32 +00:00
|
|
|
}
|
2009-04-07 13:40:40 +00:00
|
|
|
|
2009-04-30 14:40:32 +00:00
|
|
|
if (user == NULL) {
|
|
|
|
|
leave_function();
|
|
|
|
|
return rc;
|
|
|
|
|
}
|
2009-04-07 13:40:40 +00:00
|
|
|
|
2009-04-30 14:40:32 +00:00
|
|
|
if (ask_userauth(session) < 0) {
|
2010-05-14 00:51:08 +02:00
|
|
|
ssh_string_free(user);
|
2009-04-30 14:40:32 +00:00
|
|
|
leave_function();
|
|
|
|
|
return rc;
|
|
|
|
|
}
|
2009-04-07 13:40:40 +00:00
|
|
|
|
2010-05-14 00:51:08 +02:00
|
|
|
service = ssh_string_from_char("ssh-connection");
|
2009-04-30 14:40:32 +00:00
|
|
|
if (service == NULL) {
|
|
|
|
|
goto error;
|
|
|
|
|
}
|
2010-05-14 00:51:08 +02:00
|
|
|
method = ssh_string_from_char("publickey");
|
2009-04-30 14:40:32 +00:00
|
|
|
if (method == NULL) {
|
|
|
|
|
goto error;
|
|
|
|
|
}
|
2010-05-14 00:51:08 +02:00
|
|
|
algo = ssh_string_from_char(ssh_type_to_char(type));
|
2009-04-30 14:40:32 +00:00
|
|
|
if (algo == NULL) {
|
|
|
|
|
goto error;
|
|
|
|
|
}
|
2009-04-07 13:40:40 +00:00
|
|
|
|
2009-04-30 14:40:32 +00:00
|
|
|
if (buffer_add_u8(session->out_buffer, SSH2_MSG_USERAUTH_REQUEST) < 0 ||
|
|
|
|
|
buffer_add_ssh_string(session->out_buffer, user) < 0 ||
|
|
|
|
|
buffer_add_ssh_string(session->out_buffer, service) < 0 ||
|
|
|
|
|
buffer_add_ssh_string(session->out_buffer, method) < 0 ||
|
|
|
|
|
buffer_add_u8(session->out_buffer, 0) < 0 ||
|
|
|
|
|
buffer_add_ssh_string(session->out_buffer, algo) < 0 ||
|
|
|
|
|
buffer_add_ssh_string(session->out_buffer, publickey) < 0) {
|
|
|
|
|
goto error;
|
|
|
|
|
}
|
|
|
|
|
|
2010-05-14 00:51:08 +02:00
|
|
|
ssh_string_free(user);
|
|
|
|
|
ssh_string_free(method);
|
|
|
|
|
ssh_string_free(service);
|
|
|
|
|
ssh_string_free(algo);
|
2009-12-26 21:59:37 +01:00
|
|
|
session->auth_state=SSH_AUTH_STATE_NONE;
|
2010-07-23 11:01:06 +02:00
|
|
|
if (packet_send(session) == SSH_ERROR) {
|
2008-06-12 20:14:17 +00:00
|
|
|
leave_function();
|
2009-04-07 13:40:40 +00:00
|
|
|
return rc;
|
2009-04-30 14:40:32 +00:00
|
|
|
}
|
2009-12-26 21:59:37 +01:00
|
|
|
rc = wait_auth_status(session);
|
2009-04-30 14:40:32 +00:00
|
|
|
|
|
|
|
|
leave_function();
|
|
|
|
|
return rc;
|
2009-04-07 13:40:40 +00:00
|
|
|
error:
|
2009-07-28 18:01:07 +02:00
|
|
|
buffer_reinit(session->out_buffer);
|
2010-05-14 00:51:08 +02:00
|
|
|
ssh_string_free(user);
|
|
|
|
|
ssh_string_free(method);
|
|
|
|
|
ssh_string_free(service);
|
|
|
|
|
ssh_string_free(algo);
|
2009-04-07 13:40:40 +00:00
|
|
|
|
2009-04-30 14:40:32 +00:00
|
|
|
leave_function();
|
|
|
|
|
return rc;
|
2005-07-05 01:21:44 +00:00
|
|
|
}
|
|
|
|
|
|
2006-11-12 00:14:55 +00:00
|
|
|
|
2009-04-30 14:46:40 +00:00
|
|
|
/**
|
|
|
|
|
* @brief Try to authenticate through public key.
|
|
|
|
|
*
|
2010-04-04 14:33:08 +02:00
|
|
|
* @param[in] session The ssh session to use.
|
2009-04-30 14:46:40 +00:00
|
|
|
*
|
2010-04-04 14:33:08 +02:00
|
|
|
* @param[in] username The username to authenticate. You can specify NULL if
|
2009-04-30 14:46:40 +00:00
|
|
|
* ssh_option_set_username() has been used. You cannot try
|
|
|
|
|
* two different logins in a row.
|
|
|
|
|
*
|
2010-04-04 14:33:08 +02:00
|
|
|
* @param[in] publickey A public key returned by publickey_from_file(), or NULL
|
|
|
|
|
* to generate automatically from privatekey.
|
2009-04-30 14:46:40 +00:00
|
|
|
*
|
2010-04-04 14:33:08 +02:00
|
|
|
* @param[in] privatekey A private key returned by privatekey_from_file().
|
2009-04-30 14:46:40 +00:00
|
|
|
*
|
|
|
|
|
* @returns SSH_AUTH_ERROR: A serious error happened.\n
|
|
|
|
|
* SSH_AUTH_DENIED: Authentication failed: use another method.\n
|
|
|
|
|
* SSH_AUTH_PARTIAL: You've been partially authenticated, you still
|
|
|
|
|
* have to use another method.\n
|
|
|
|
|
* SSH_AUTH_SUCCESS: Authentication successful.
|
|
|
|
|
*
|
|
|
|
|
* @see publickey_from_file()
|
|
|
|
|
* @see privatekey_from_file()
|
|
|
|
|
* @see privatekey_free()
|
|
|
|
|
* @see ssh_userauth_offer_pubkey()
|
2006-11-12 00:14:55 +00:00
|
|
|
*/
|
2009-09-23 21:55:54 +02:00
|
|
|
int ssh_userauth_pubkey(ssh_session session, const char *username,
|
2009-07-24 22:08:04 +02:00
|
|
|
ssh_string publickey, ssh_private_key privatekey) {
|
2009-07-24 21:45:41 +02:00
|
|
|
ssh_string user = NULL;
|
|
|
|
|
ssh_string service = NULL;
|
|
|
|
|
ssh_string method = NULL;
|
|
|
|
|
ssh_string algo = NULL;
|
|
|
|
|
ssh_string sign = NULL;
|
2009-12-30 10:40:34 +08:00
|
|
|
ssh_public_key pk = NULL;
|
|
|
|
|
ssh_string pkstr = NULL;
|
2009-04-30 14:46:40 +00:00
|
|
|
int rc = SSH_AUTH_ERROR;
|
2006-11-12 00:14:55 +00:00
|
|
|
|
2009-04-30 14:46:40 +00:00
|
|
|
enter_function();
|
2008-12-14 21:46:31 +00:00
|
|
|
|
2009-04-30 14:46:40 +00:00
|
|
|
#if 0
|
|
|
|
|
if (session->version == 1) {
|
|
|
|
|
return ssh_userauth1_pubkey(session, username, publickey, privatekey);
|
|
|
|
|
}
|
|
|
|
|
#endif
|
2009-04-07 13:40:40 +00:00
|
|
|
|
2009-04-30 14:46:40 +00:00
|
|
|
if (username == NULL) {
|
2009-10-02 14:06:41 +02:00
|
|
|
if (session->username == NULL) {
|
2010-05-21 10:21:03 +02:00
|
|
|
if (ssh_options_apply(session) < 0) {
|
2009-04-07 13:40:40 +00:00
|
|
|
leave_function();
|
|
|
|
|
return rc;
|
|
|
|
|
}
|
|
|
|
|
}
|
2010-05-14 00:51:08 +02:00
|
|
|
user = ssh_string_from_char(session->username);
|
2009-04-30 14:46:40 +00:00
|
|
|
} else {
|
2010-05-14 00:51:08 +02:00
|
|
|
user = ssh_string_from_char(username);
|
2009-04-30 14:46:40 +00:00
|
|
|
}
|
2009-04-07 13:40:40 +00:00
|
|
|
|
2009-04-30 14:46:40 +00:00
|
|
|
if (user == NULL) {
|
2008-06-12 20:14:17 +00:00
|
|
|
leave_function();
|
2009-04-07 13:40:40 +00:00
|
|
|
return rc;
|
2009-04-30 14:46:40 +00:00
|
|
|
}
|
2009-04-07 13:40:40 +00:00
|
|
|
|
2009-04-30 14:46:40 +00:00
|
|
|
if (ask_userauth(session) < 0) {
|
2010-05-14 00:51:08 +02:00
|
|
|
ssh_string_free(user);
|
2009-04-07 13:40:40 +00:00
|
|
|
leave_function();
|
|
|
|
|
return rc;
|
2009-04-30 14:46:40 +00:00
|
|
|
}
|
|
|
|
|
|
2010-05-14 00:51:08 +02:00
|
|
|
service = ssh_string_from_char("ssh-connection");
|
2009-04-30 14:46:40 +00:00
|
|
|
if (service == NULL) {
|
|
|
|
|
goto error;
|
|
|
|
|
}
|
2010-05-14 00:51:08 +02:00
|
|
|
method = ssh_string_from_char("publickey");
|
2009-04-30 14:46:40 +00:00
|
|
|
if (method == NULL) {
|
|
|
|
|
goto error;
|
|
|
|
|
}
|
2010-05-14 00:51:08 +02:00
|
|
|
algo = ssh_string_from_char(ssh_type_to_char(privatekey->type));
|
2009-04-30 14:46:40 +00:00
|
|
|
if (algo == NULL) {
|
|
|
|
|
goto error;
|
|
|
|
|
}
|
2009-12-30 10:40:34 +08:00
|
|
|
if (publickey == NULL) {
|
|
|
|
|
pk = publickey_from_privatekey(privatekey);
|
|
|
|
|
if (pk == NULL) {
|
|
|
|
|
goto error;
|
|
|
|
|
}
|
|
|
|
|
pkstr = publickey_to_string(pk);
|
|
|
|
|
publickey_free(pk);
|
|
|
|
|
if (pkstr == NULL) {
|
|
|
|
|
goto error;
|
|
|
|
|
}
|
|
|
|
|
}
|
2009-04-30 14:46:40 +00:00
|
|
|
|
|
|
|
|
/* we said previously the public key was accepted */
|
|
|
|
|
if (buffer_add_u8(session->out_buffer, SSH2_MSG_USERAUTH_REQUEST) < 0 ||
|
|
|
|
|
buffer_add_ssh_string(session->out_buffer, user) < 0 ||
|
|
|
|
|
buffer_add_ssh_string(session->out_buffer, service) < 0 ||
|
|
|
|
|
buffer_add_ssh_string(session->out_buffer, method) < 0 ||
|
|
|
|
|
buffer_add_u8(session->out_buffer, 1) < 0 ||
|
|
|
|
|
buffer_add_ssh_string(session->out_buffer, algo) < 0 ||
|
2009-12-30 10:40:34 +08:00
|
|
|
buffer_add_ssh_string(session->out_buffer, (publickey == NULL ? pkstr : publickey)) < 0) {
|
2009-04-30 14:46:40 +00:00
|
|
|
goto error;
|
|
|
|
|
}
|
|
|
|
|
|
2010-05-14 00:51:08 +02:00
|
|
|
ssh_string_free(user);
|
|
|
|
|
ssh_string_free(service);
|
|
|
|
|
ssh_string_free(method);
|
|
|
|
|
ssh_string_free(algo);
|
|
|
|
|
ssh_string_free(pkstr);
|
2009-04-30 14:46:40 +00:00
|
|
|
|
|
|
|
|
sign = ssh_do_sign(session,session->out_buffer, privatekey);
|
|
|
|
|
if (sign) {
|
|
|
|
|
if (buffer_add_ssh_string(session->out_buffer,sign) < 0) {
|
|
|
|
|
goto error;
|
|
|
|
|
}
|
2010-05-14 00:51:08 +02:00
|
|
|
ssh_string_free(sign);
|
2009-12-26 21:59:37 +01:00
|
|
|
session->auth_state=SSH_AUTH_STATE_NONE;
|
2010-07-23 11:01:06 +02:00
|
|
|
if (packet_send(session) == SSH_ERROR) {
|
2009-04-30 14:46:40 +00:00
|
|
|
leave_function();
|
|
|
|
|
return rc;
|
|
|
|
|
}
|
2009-12-26 21:59:37 +01:00
|
|
|
rc = wait_auth_status(session);
|
2009-04-30 14:46:40 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
leave_function();
|
|
|
|
|
return rc;
|
|
|
|
|
error:
|
2009-07-28 18:01:07 +02:00
|
|
|
buffer_reinit(session->out_buffer);
|
2010-05-14 00:51:08 +02:00
|
|
|
ssh_string_free(user);
|
|
|
|
|
ssh_string_free(service);
|
|
|
|
|
ssh_string_free(method);
|
|
|
|
|
ssh_string_free(algo);
|
|
|
|
|
ssh_string_free(pkstr);
|
2009-04-30 14:46:40 +00:00
|
|
|
|
|
|
|
|
leave_function();
|
|
|
|
|
return rc;
|
2005-07-05 01:21:44 +00:00
|
|
|
}
|
|
|
|
|
|
2009-12-30 12:02:36 +08:00
|
|
|
/**
|
|
|
|
|
* @brief Try to authenticate through a private key file.
|
|
|
|
|
*
|
2010-04-04 14:33:08 +02:00
|
|
|
* @param[in] session The ssh session to use.
|
2009-12-30 12:02:36 +08:00
|
|
|
*
|
2010-04-04 14:33:08 +02:00
|
|
|
* @param[in] username The username to authenticate. You can specify NULL if
|
2009-12-30 12:02:36 +08:00
|
|
|
* ssh_option_set_username() has been used. You cannot try
|
|
|
|
|
* two different logins in a row.
|
|
|
|
|
*
|
2010-04-04 14:33:08 +02:00
|
|
|
* @param[in] filename Filename containing the private key.
|
2009-12-30 12:02:36 +08:00
|
|
|
*
|
2010-04-04 14:33:08 +02:00
|
|
|
* @param[in] passphrase Passphrase to decrypt the private key. Set to null if
|
|
|
|
|
* none is needed or it is unknown.
|
2009-12-30 12:02:36 +08:00
|
|
|
*
|
|
|
|
|
* @returns SSH_AUTH_ERROR: A serious error happened.\n
|
|
|
|
|
* SSH_AUTH_DENIED: Authentication failed: use another method.\n
|
|
|
|
|
* SSH_AUTH_PARTIAL: You've been partially authenticated, you still
|
|
|
|
|
* have to use another method.\n
|
|
|
|
|
* SSH_AUTH_SUCCESS: Authentication successful.
|
|
|
|
|
*
|
|
|
|
|
* @see publickey_from_file()
|
|
|
|
|
* @see privatekey_from_file()
|
|
|
|
|
* @see privatekey_free()
|
|
|
|
|
* @see ssh_userauth_pubkey()
|
|
|
|
|
*/
|
|
|
|
|
int ssh_userauth_privatekey_file(ssh_session session, const char *username,
|
|
|
|
|
const char *filename, const char *passphrase) {
|
|
|
|
|
char *pubkeyfile = NULL;
|
|
|
|
|
ssh_string pubkey = NULL;
|
|
|
|
|
ssh_private_key privkey = NULL;
|
|
|
|
|
int type = 0;
|
|
|
|
|
int rc = SSH_AUTH_ERROR;
|
|
|
|
|
|
|
|
|
|
enter_function();
|
|
|
|
|
|
|
|
|
|
pubkeyfile = malloc(strlen(filename) + 1 + 4);
|
|
|
|
|
if (pubkeyfile == NULL) {
|
|
|
|
|
leave_function();
|
|
|
|
|
return SSH_AUTH_ERROR;
|
|
|
|
|
}
|
|
|
|
|
sprintf(pubkeyfile, "%s.pub", filename);
|
|
|
|
|
|
|
|
|
|
pubkey = publickey_from_file(session, pubkeyfile, &type);
|
|
|
|
|
if (pubkey == NULL) {
|
|
|
|
|
ssh_log(session, SSH_LOG_RARE, "Public key file %s not found. Trying to generate it.", pubkeyfile);
|
|
|
|
|
/* auto-detect the key type with type=0 */
|
|
|
|
|
privkey = privatekey_from_file(session, filename, 0, passphrase);
|
|
|
|
|
} else {
|
|
|
|
|
ssh_log(session, SSH_LOG_RARE, "Public key file %s loaded.", pubkeyfile);
|
|
|
|
|
privkey = privatekey_from_file(session, filename, type, passphrase);
|
|
|
|
|
}
|
|
|
|
|
if (privkey == NULL) {
|
|
|
|
|
goto error;
|
|
|
|
|
}
|
|
|
|
|
/* ssh_userauth_pubkey is responsible for taking care of null-pubkey */
|
|
|
|
|
rc = ssh_userauth_pubkey(session, username, pubkey, privkey);
|
|
|
|
|
privatekey_free(privkey);
|
|
|
|
|
|
|
|
|
|
error:
|
|
|
|
|
SAFE_FREE(pubkeyfile);
|
2010-05-14 00:51:08 +02:00
|
|
|
ssh_string_free(pubkey);
|
2009-12-30 12:02:36 +08:00
|
|
|
|
|
|
|
|
leave_function();
|
|
|
|
|
return rc;
|
|
|
|
|
}
|
|
|
|
|
|
2009-02-06 13:37:43 +00:00
|
|
|
#ifndef _WIN32
|
2009-04-30 14:51:53 +00:00
|
|
|
/**
|
|
|
|
|
* @brief Try to authenticate through public key with an ssh agent.
|
|
|
|
|
*
|
2010-04-04 14:33:08 +02:00
|
|
|
* @param[in] session The ssh session to use.
|
2009-04-30 14:51:53 +00:00
|
|
|
*
|
2010-04-04 14:33:08 +02:00
|
|
|
* @param[in] username The username to authenticate. You can specify NULL if
|
2009-04-30 14:51:53 +00:00
|
|
|
* ssh_option_set_username() has been used. You cannot try
|
|
|
|
|
* two different logins in a row.
|
|
|
|
|
*
|
2010-04-04 14:33:08 +02:00
|
|
|
* @param[in] publickey The public key provided by the agent.
|
2009-04-30 14:51:53 +00:00
|
|
|
*
|
|
|
|
|
* @returns SSH_AUTH_ERROR: A serious error happened.\n
|
|
|
|
|
* SSH_AUTH_DENIED: Authentication failed: use another method.\n
|
|
|
|
|
* SSH_AUTH_PARTIAL: You've been partially authenticated, you still
|
|
|
|
|
* have to use another method.\n
|
|
|
|
|
* SSH_AUTH_SUCCESS: Authentication successful.
|
|
|
|
|
*
|
|
|
|
|
* @see publickey_from_file()
|
|
|
|
|
* @see privatekey_from_file()
|
|
|
|
|
* @see privatekey_free()
|
|
|
|
|
* @see ssh_userauth_offer_pubkey()
|
2009-02-06 09:46:10 +00:00
|
|
|
*/
|
2009-09-23 21:55:54 +02:00
|
|
|
int ssh_userauth_agent_pubkey(ssh_session session, const char *username,
|
2009-07-24 22:02:32 +02:00
|
|
|
ssh_public_key publickey) {
|
2009-07-24 21:45:41 +02:00
|
|
|
ssh_string user = NULL;
|
|
|
|
|
ssh_string service = NULL;
|
|
|
|
|
ssh_string method = NULL;
|
|
|
|
|
ssh_string algo = NULL;
|
|
|
|
|
ssh_string key = NULL;
|
|
|
|
|
ssh_string sign = NULL;
|
2009-04-07 13:40:40 +00:00
|
|
|
int rc = SSH_AUTH_ERROR;
|
2009-02-06 09:46:10 +00:00
|
|
|
|
|
|
|
|
enter_function();
|
2009-04-30 14:51:53 +00:00
|
|
|
|
2009-02-09 12:56:58 +00:00
|
|
|
if (! agent_is_running(session)) {
|
2009-04-07 13:40:40 +00:00
|
|
|
return rc;
|
2009-02-06 09:46:10 +00:00
|
|
|
}
|
|
|
|
|
|
2009-04-30 14:51:53 +00:00
|
|
|
if (username == NULL) {
|
2009-10-02 14:06:41 +02:00
|
|
|
if (session->username == NULL) {
|
2010-05-21 10:21:03 +02:00
|
|
|
if (ssh_options_apply(session) < 0) {
|
2009-02-06 09:46:10 +00:00
|
|
|
leave_function();
|
2009-04-07 13:40:40 +00:00
|
|
|
return rc;
|
2009-02-06 09:46:10 +00:00
|
|
|
}
|
|
|
|
|
}
|
2010-05-14 00:51:08 +02:00
|
|
|
user = ssh_string_from_char(session->username);
|
2009-04-30 14:51:53 +00:00
|
|
|
} else {
|
2010-05-14 00:51:08 +02:00
|
|
|
user = ssh_string_from_char(username);
|
2009-02-06 09:46:10 +00:00
|
|
|
}
|
2009-04-30 14:51:53 +00:00
|
|
|
|
|
|
|
|
if (user == NULL) {
|
2009-02-06 09:46:10 +00:00
|
|
|
leave_function();
|
2009-04-07 13:40:40 +00:00
|
|
|
return rc;
|
2009-02-06 09:46:10 +00:00
|
|
|
}
|
|
|
|
|
|
2009-04-30 14:51:53 +00:00
|
|
|
if (ask_userauth(session) < 0) {
|
2010-05-14 00:51:08 +02:00
|
|
|
ssh_string_free(user);
|
2009-04-30 14:51:53 +00:00
|
|
|
leave_function();
|
|
|
|
|
return rc;
|
2009-04-07 13:40:40 +00:00
|
|
|
}
|
2009-04-30 14:51:53 +00:00
|
|
|
|
2010-05-14 00:51:08 +02:00
|
|
|
service = ssh_string_from_char("ssh-connection");
|
2009-04-07 13:40:40 +00:00
|
|
|
if (service == NULL) {
|
|
|
|
|
goto error;
|
|
|
|
|
}
|
2010-05-14 00:51:08 +02:00
|
|
|
method = ssh_string_from_char("publickey");
|
2009-04-07 13:40:40 +00:00
|
|
|
if (method == NULL) {
|
|
|
|
|
goto error;
|
|
|
|
|
}
|
2010-05-14 00:51:08 +02:00
|
|
|
algo = ssh_string_from_char(ssh_type_to_char(publickey->type));
|
2009-04-07 13:40:40 +00:00
|
|
|
if (algo == NULL) {
|
|
|
|
|
goto error;
|
|
|
|
|
}
|
2009-02-06 09:46:10 +00:00
|
|
|
key = publickey_to_string(publickey);
|
2009-04-07 13:40:40 +00:00
|
|
|
if (key == NULL) {
|
|
|
|
|
goto error;
|
|
|
|
|
}
|
2009-02-06 09:46:10 +00:00
|
|
|
|
|
|
|
|
/* we said previously the public key was accepted */
|
2009-04-30 14:51:53 +00:00
|
|
|
if (buffer_add_u8(session->out_buffer, SSH2_MSG_USERAUTH_REQUEST) < 0 ||
|
|
|
|
|
buffer_add_ssh_string(session->out_buffer, user) < 0 ||
|
|
|
|
|
buffer_add_ssh_string(session->out_buffer, service) < 0 ||
|
|
|
|
|
buffer_add_ssh_string(session->out_buffer, method) < 0 ||
|
|
|
|
|
buffer_add_u8(session->out_buffer, 1) < 0 ||
|
|
|
|
|
buffer_add_ssh_string(session->out_buffer, algo) < 0 ||
|
|
|
|
|
buffer_add_ssh_string(session->out_buffer, key) < 0) {
|
2009-04-07 13:40:40 +00:00
|
|
|
goto error;
|
|
|
|
|
}
|
2009-02-06 12:51:37 +00:00
|
|
|
|
2009-02-06 09:46:10 +00:00
|
|
|
sign = ssh_do_sign_with_agent(session, session->out_buffer, publickey);
|
|
|
|
|
|
|
|
|
|
if (sign) {
|
2009-04-07 13:40:40 +00:00
|
|
|
if (buffer_add_ssh_string(session->out_buffer, sign) < 0) {
|
|
|
|
|
goto error;
|
|
|
|
|
}
|
2010-05-14 00:51:08 +02:00
|
|
|
ssh_string_free(sign);
|
2009-12-26 21:59:37 +01:00
|
|
|
session->auth_state=SSH_AUTH_STATE_NONE;
|
2010-07-23 11:01:06 +02:00
|
|
|
if (packet_send(session) == SSH_ERROR) {
|
2009-04-07 13:40:40 +00:00
|
|
|
leave_function();
|
|
|
|
|
return rc;
|
|
|
|
|
}
|
2009-12-26 21:59:37 +01:00
|
|
|
rc = wait_auth_status(session);
|
2009-02-06 09:46:10 +00:00
|
|
|
}
|
2009-04-30 14:51:53 +00:00
|
|
|
|
2010-05-14 00:51:08 +02:00
|
|
|
ssh_string_free(user);
|
|
|
|
|
ssh_string_free(service);
|
|
|
|
|
ssh_string_free(method);
|
|
|
|
|
ssh_string_free(algo);
|
|
|
|
|
ssh_string_free(key);
|
2009-04-30 14:51:53 +00:00
|
|
|
|
2009-02-06 09:46:10 +00:00
|
|
|
leave_function();
|
|
|
|
|
|
2009-04-07 13:40:40 +00:00
|
|
|
return rc;
|
|
|
|
|
error:
|
2009-07-28 18:01:07 +02:00
|
|
|
buffer_reinit(session->out_buffer);
|
2010-05-14 00:51:08 +02:00
|
|
|
ssh_string_free(sign);
|
|
|
|
|
ssh_string_free(user);
|
|
|
|
|
ssh_string_free(service);
|
|
|
|
|
ssh_string_free(method);
|
|
|
|
|
ssh_string_free(algo);
|
|
|
|
|
ssh_string_free(key);
|
2009-04-07 13:40:40 +00:00
|
|
|
|
|
|
|
|
leave_function();
|
|
|
|
|
return rc;
|
2009-02-06 09:46:10 +00:00
|
|
|
}
|
2009-02-06 12:51:37 +00:00
|
|
|
#endif /* _WIN32 */
|
2009-02-06 09:46:10 +00:00
|
|
|
|
2009-04-30 14:58:08 +00:00
|
|
|
/**
|
|
|
|
|
* @brief Try to authenticate by password.
|
|
|
|
|
*
|
2010-04-04 14:33:08 +02:00
|
|
|
* @param[in] session The ssh session to use.
|
2009-04-30 14:58:08 +00:00
|
|
|
*
|
2010-04-04 14:33:08 +02:00
|
|
|
* @param[in] username The username to authenticate. You can specify NULL if
|
2009-04-30 14:58:08 +00:00
|
|
|
* ssh_option_set_username() has been used. You cannot try
|
|
|
|
|
* two different logins in a row.
|
|
|
|
|
*
|
2010-04-04 14:33:08 +02:00
|
|
|
* @param[in] password The password to use. Take care to clean it after
|
2009-04-30 14:58:08 +00:00
|
|
|
* the authentication.
|
|
|
|
|
*
|
|
|
|
|
* @returns SSH_AUTH_ERROR: A serious error happened.\n
|
|
|
|
|
* SSH_AUTH_DENIED: Authentication failed: use another method.\n
|
|
|
|
|
* SSH_AUTH_PARTIAL: You've been partially authenticated, you still
|
|
|
|
|
* have to use another method.\n
|
|
|
|
|
* SSH_AUTH_SUCCESS: Authentication successful.
|
|
|
|
|
*
|
|
|
|
|
* @see ssh_userauth_kbdint()
|
|
|
|
|
* @see BURN_STRING
|
2006-11-12 00:14:55 +00:00
|
|
|
*/
|
2009-09-23 21:55:54 +02:00
|
|
|
int ssh_userauth_password(ssh_session session, const char *username,
|
2009-04-30 14:58:08 +00:00
|
|
|
const char *password) {
|
2009-07-24 21:45:41 +02:00
|
|
|
ssh_string user = NULL;
|
|
|
|
|
ssh_string service = NULL;
|
|
|
|
|
ssh_string method = NULL;
|
|
|
|
|
ssh_string pwd = NULL;
|
2009-04-30 14:58:08 +00:00
|
|
|
int rc = SSH_AUTH_ERROR;
|
2006-11-12 00:14:55 +00:00
|
|
|
|
2009-04-30 14:58:08 +00:00
|
|
|
enter_function();
|
2006-11-12 00:14:55 +00:00
|
|
|
|
2009-07-27 23:17:35 +02:00
|
|
|
#ifdef WITH_SSH1
|
2009-04-30 14:58:08 +00:00
|
|
|
if (session->version == 1) {
|
|
|
|
|
rc = ssh_userauth1_password(session, username, password);
|
|
|
|
|
leave_function();
|
|
|
|
|
return rc;
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
if (username == NULL) {
|
2009-10-02 14:06:41 +02:00
|
|
|
if (session->username == NULL) {
|
2010-05-21 10:21:03 +02:00
|
|
|
if (ssh_options_apply(session) < 0) {
|
2008-06-12 20:14:17 +00:00
|
|
|
leave_function();
|
2009-04-07 13:40:40 +00:00
|
|
|
return rc;
|
2009-04-30 14:58:08 +00:00
|
|
|
}
|
2008-06-12 20:14:17 +00:00
|
|
|
}
|
2010-05-14 00:51:08 +02:00
|
|
|
user = ssh_string_from_char(session->username);
|
2009-04-30 14:58:08 +00:00
|
|
|
} else {
|
2010-05-14 00:51:08 +02:00
|
|
|
user = ssh_string_from_char(username);
|
2009-04-30 14:58:08 +00:00
|
|
|
}
|
2009-04-07 13:40:40 +00:00
|
|
|
|
2009-04-30 14:58:08 +00:00
|
|
|
if (user == NULL) {
|
|
|
|
|
leave_function();
|
|
|
|
|
return rc;
|
|
|
|
|
}
|
2009-04-07 13:40:40 +00:00
|
|
|
|
2009-04-30 14:58:08 +00:00
|
|
|
if (ask_userauth(session) < 0) {
|
2010-05-14 00:51:08 +02:00
|
|
|
ssh_string_free(user);
|
2009-04-30 14:58:08 +00:00
|
|
|
leave_function();
|
|
|
|
|
return rc;
|
|
|
|
|
}
|
2009-04-07 13:40:40 +00:00
|
|
|
|
2010-05-14 00:51:08 +02:00
|
|
|
service = ssh_string_from_char("ssh-connection");
|
2009-04-30 14:58:08 +00:00
|
|
|
if (service == NULL) {
|
|
|
|
|
goto error;
|
|
|
|
|
}
|
2010-05-14 00:51:08 +02:00
|
|
|
method = ssh_string_from_char("password");
|
2009-04-30 14:58:08 +00:00
|
|
|
if (method == NULL) {
|
|
|
|
|
goto error;
|
|
|
|
|
}
|
2010-05-14 00:51:08 +02:00
|
|
|
pwd = ssh_string_from_char(password);
|
2009-04-30 14:58:08 +00:00
|
|
|
if (pwd == NULL) {
|
|
|
|
|
goto error;
|
|
|
|
|
}
|
2009-04-07 13:40:40 +00:00
|
|
|
|
2009-04-30 14:58:08 +00:00
|
|
|
if (buffer_add_u8(session->out_buffer, SSH2_MSG_USERAUTH_REQUEST) < 0 ||
|
|
|
|
|
buffer_add_ssh_string(session->out_buffer, user) < 0 ||
|
|
|
|
|
buffer_add_ssh_string(session->out_buffer, service) < 0 ||
|
|
|
|
|
buffer_add_ssh_string(session->out_buffer, method) < 0 ||
|
|
|
|
|
buffer_add_u8(session->out_buffer, 0) < 0 ||
|
|
|
|
|
buffer_add_ssh_string(session->out_buffer, pwd) < 0) {
|
|
|
|
|
goto error;
|
|
|
|
|
}
|
|
|
|
|
|
2010-05-14 00:51:08 +02:00
|
|
|
ssh_string_free(user);
|
|
|
|
|
ssh_string_free(service);
|
|
|
|
|
ssh_string_free(method);
|
|
|
|
|
ssh_string_burn(pwd);
|
|
|
|
|
ssh_string_free(pwd);
|
2009-12-26 21:59:37 +01:00
|
|
|
session->auth_state=SSH_AUTH_STATE_NONE;
|
2010-07-23 11:01:06 +02:00
|
|
|
if (packet_send(session) == SSH_ERROR) {
|
2008-06-12 20:14:17 +00:00
|
|
|
leave_function();
|
2009-04-07 13:40:40 +00:00
|
|
|
return rc;
|
2009-04-30 14:58:08 +00:00
|
|
|
}
|
2009-12-26 21:59:37 +01:00
|
|
|
rc = wait_auth_status(session);
|
2009-04-30 14:58:08 +00:00
|
|
|
|
|
|
|
|
leave_function();
|
|
|
|
|
return rc;
|
2009-04-07 13:40:40 +00:00
|
|
|
error:
|
2009-07-28 18:01:07 +02:00
|
|
|
buffer_reinit(session->out_buffer);
|
2010-05-14 00:51:08 +02:00
|
|
|
ssh_string_free(user);
|
|
|
|
|
ssh_string_free(service);
|
|
|
|
|
ssh_string_free(method);
|
|
|
|
|
ssh_string_burn(pwd);
|
|
|
|
|
ssh_string_free(pwd);
|
2009-04-07 13:40:40 +00:00
|
|
|
|
2009-04-30 14:58:08 +00:00
|
|
|
leave_function();
|
|
|
|
|
return rc;
|
2005-07-05 01:21:44 +00:00
|
|
|
}
|
|
|
|
|
|
2009-04-28 19:33:28 +00:00
|
|
|
/**
|
2010-01-06 21:12:00 +01:00
|
|
|
* @brief Tries to automatically authenticate with public key and "none"
|
2009-04-28 19:33:28 +00:00
|
|
|
*
|
|
|
|
|
* It may fail, for instance it doesn't ask for a password and uses a default
|
|
|
|
|
* asker for passphrases (in case the private key is encrypted).
|
|
|
|
|
*
|
2010-04-04 14:33:08 +02:00
|
|
|
* @param[in] session The ssh session to authenticate with.
|
2009-04-28 19:33:28 +00:00
|
|
|
*
|
2010-04-04 14:33:08 +02:00
|
|
|
* @param[in] passphrase Use this passphrase to unlock the privatekey. Use NULL
|
|
|
|
|
* if you don't want to use a passphrase or the user
|
|
|
|
|
* should be asked.
|
2009-04-28 19:33:28 +00:00
|
|
|
*
|
|
|
|
|
* @returns SSH_AUTH_ERROR: A serious error happened\n
|
|
|
|
|
* SSH_AUTH_DENIED: Authentication failed: use another method\n
|
|
|
|
|
* SSH_AUTH_PARTIAL: You've been partially authenticated, you still
|
|
|
|
|
* have to use another method\n
|
|
|
|
|
* SSH_AUTH_SUCCESS: Authentication success
|
|
|
|
|
*
|
|
|
|
|
* @see ssh_userauth_kbdint()
|
|
|
|
|
* @see ssh_userauth_password()
|
2006-11-12 00:14:55 +00:00
|
|
|
*/
|
2009-09-23 21:55:54 +02:00
|
|
|
int ssh_userauth_autopubkey(ssh_session session, const char *passphrase) {
|
2010-02-28 22:51:21 +01:00
|
|
|
struct ssh_iterator *it;
|
2009-07-24 22:08:04 +02:00
|
|
|
ssh_private_key privkey;
|
2010-02-28 22:51:21 +01:00
|
|
|
ssh_public_key pubkey;
|
|
|
|
|
ssh_string pubkey_string;
|
2009-04-28 19:33:28 +00:00
|
|
|
int type = 0;
|
|
|
|
|
int rc;
|
2009-02-06 09:46:10 +00:00
|
|
|
|
2009-04-28 19:33:28 +00:00
|
|
|
enter_function();
|
2009-02-06 09:46:10 +00:00
|
|
|
|
2009-04-28 19:33:28 +00:00
|
|
|
/* Always test none authentication */
|
|
|
|
|
rc = ssh_userauth_none(session, NULL);
|
|
|
|
|
if (rc == SSH_AUTH_ERROR || rc == SSH_AUTH_SUCCESS) {
|
|
|
|
|
leave_function();
|
|
|
|
|
return rc;
|
|
|
|
|
}
|
2009-02-02 14:41:44 +00:00
|
|
|
|
2009-04-28 19:33:28 +00:00
|
|
|
/* Try authentication with ssh-agent first */
|
2009-02-02 14:41:44 +00:00
|
|
|
#ifndef _WIN32
|
2009-04-28 19:33:28 +00:00
|
|
|
if (agent_is_running(session)) {
|
2010-02-28 22:51:21 +01:00
|
|
|
char *privkey_file = NULL;
|
|
|
|
|
|
2009-04-28 19:33:28 +00:00
|
|
|
ssh_log(session, SSH_LOG_RARE,
|
2009-11-12 12:52:05 +01:00
|
|
|
"Trying to authenticate with SSH agent keys as user: %s",
|
|
|
|
|
session->username);
|
2009-04-28 19:33:28 +00:00
|
|
|
|
2010-02-28 22:51:21 +01:00
|
|
|
for (pubkey = agent_get_first_ident(session, &privkey_file);
|
|
|
|
|
pubkey != NULL;
|
|
|
|
|
pubkey = agent_get_next_ident(session, &privkey_file)) {
|
2009-04-28 19:33:28 +00:00
|
|
|
|
2010-02-28 22:51:21 +01:00
|
|
|
ssh_log(session, SSH_LOG_RARE, "Trying identity %s", privkey_file);
|
2009-04-28 19:33:28 +00:00
|
|
|
|
2010-02-28 22:51:21 +01:00
|
|
|
pubkey_string = publickey_to_string(pubkey);
|
|
|
|
|
if (pubkey_string) {
|
|
|
|
|
rc = ssh_userauth_offer_pubkey(session, NULL, pubkey->type, pubkey_string);
|
2010-05-14 00:51:08 +02:00
|
|
|
ssh_string_free(pubkey_string);
|
2009-04-28 19:33:28 +00:00
|
|
|
if (rc == SSH_AUTH_ERROR) {
|
2010-02-28 22:51:21 +01:00
|
|
|
SAFE_FREE(privkey_file);
|
|
|
|
|
publickey_free(pubkey);
|
2009-04-28 19:33:28 +00:00
|
|
|
leave_function();
|
2009-02-06 09:46:10 +00:00
|
|
|
|
2009-04-28 19:33:28 +00:00
|
|
|
return rc;
|
|
|
|
|
} else if (rc != SSH_AUTH_SUCCESS) {
|
2009-12-26 22:12:08 +01:00
|
|
|
ssh_log(session, SSH_LOG_PROTOCOL, "Public key refused by server");
|
2010-02-28 22:51:21 +01:00
|
|
|
SAFE_FREE(privkey_file);
|
|
|
|
|
publickey_free(pubkey);
|
2009-04-28 19:33:28 +00:00
|
|
|
continue;
|
|
|
|
|
}
|
2009-12-26 22:12:08 +01:00
|
|
|
ssh_log(session, SSH_LOG_PROTOCOL, "Public key accepted");
|
2009-04-28 19:33:28 +00:00
|
|
|
/* pubkey accepted by server ! */
|
2010-02-28 22:51:21 +01:00
|
|
|
rc = ssh_userauth_agent_pubkey(session, NULL, pubkey);
|
2009-04-28 19:33:28 +00:00
|
|
|
if (rc == SSH_AUTH_ERROR) {
|
2010-02-28 22:51:21 +01:00
|
|
|
SAFE_FREE(privkey_file);
|
|
|
|
|
publickey_free(pubkey);
|
2009-02-06 09:46:10 +00:00
|
|
|
leave_function();
|
|
|
|
|
|
2009-04-28 19:33:28 +00:00
|
|
|
return rc;
|
|
|
|
|
} else if (rc != SSH_AUTH_SUCCESS) {
|
|
|
|
|
ssh_log(session, SSH_LOG_RARE,
|
2009-12-26 22:12:08 +01:00
|
|
|
"Server accepted public key but refused the signature ;"
|
|
|
|
|
" It might be a bug of libssh");
|
2010-02-28 22:51:21 +01:00
|
|
|
SAFE_FREE(privkey_file);
|
|
|
|
|
publickey_free(pubkey);
|
2009-04-28 19:33:28 +00:00
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
/* auth success */
|
2009-12-26 22:12:08 +01:00
|
|
|
ssh_log(session, SSH_LOG_PROTOCOL, "Authentication using %s success",
|
2010-02-28 22:51:21 +01:00
|
|
|
privkey_file);
|
|
|
|
|
SAFE_FREE(privkey_file);
|
|
|
|
|
publickey_free(pubkey);
|
2009-02-02 14:41:44 +00:00
|
|
|
|
2008-06-12 20:14:17 +00:00
|
|
|
leave_function();
|
2009-04-28 19:33:28 +00:00
|
|
|
|
2005-07-05 01:21:44 +00:00
|
|
|
return SSH_AUTH_SUCCESS;
|
2009-04-28 19:33:28 +00:00
|
|
|
} /* if pubkey */
|
2010-02-28 22:51:21 +01:00
|
|
|
SAFE_FREE(privkey_file);
|
|
|
|
|
publickey_free(pubkey);
|
2009-04-28 19:33:28 +00:00
|
|
|
} /* for each privkey */
|
|
|
|
|
} /* if agent is running */
|
|
|
|
|
#endif
|
|
|
|
|
|
2010-03-25 15:30:23 +01:00
|
|
|
|
2010-02-28 22:51:21 +01:00
|
|
|
for (it = ssh_list_get_iterator(session->identity);
|
|
|
|
|
it != NULL;
|
|
|
|
|
it = it->next) {
|
2010-05-11 02:08:29 +02:00
|
|
|
const char *privkey_file = it->data;
|
2010-02-28 22:51:21 +01:00
|
|
|
int privkey_open = 0;
|
2009-04-28 19:33:28 +00:00
|
|
|
|
2010-03-25 15:30:23 +01:00
|
|
|
privkey = NULL;
|
|
|
|
|
|
2010-02-28 22:51:21 +01:00
|
|
|
ssh_log(session, SSH_LOG_PROTOCOL, "Trying to read privatekey %s", privkey_file);
|
|
|
|
|
|
|
|
|
|
rc = ssh_try_publickey_from_file(session, privkey_file, &pubkey_string, &type);
|
|
|
|
|
if (rc == 1) {
|
|
|
|
|
char *publickey_file;
|
|
|
|
|
size_t len;
|
|
|
|
|
|
|
|
|
|
privkey = privatekey_from_file(session, privkey_file, type, passphrase);
|
|
|
|
|
if (privkey == NULL) {
|
|
|
|
|
ssh_log(session, SSH_LOG_RARE,
|
|
|
|
|
"Reading private key %s failed (bad passphrase ?)",
|
|
|
|
|
privkey_file);
|
|
|
|
|
leave_function();
|
|
|
|
|
return SSH_AUTH_ERROR;
|
|
|
|
|
}
|
|
|
|
|
privkey_open = 1;
|
|
|
|
|
|
|
|
|
|
pubkey = publickey_from_privatekey(privkey);
|
|
|
|
|
if (pubkey == NULL) {
|
|
|
|
|
privatekey_free(privkey);
|
|
|
|
|
ssh_set_error_oom(session);
|
|
|
|
|
leave_function();
|
|
|
|
|
return SSH_AUTH_ERROR;
|
|
|
|
|
}
|
2009-04-28 19:33:28 +00:00
|
|
|
|
2010-02-28 22:51:21 +01:00
|
|
|
pubkey_string = publickey_to_string(pubkey);
|
|
|
|
|
type = pubkey->type;
|
|
|
|
|
publickey_free(pubkey);
|
|
|
|
|
if (pubkey_string == NULL) {
|
|
|
|
|
ssh_set_error_oom(session);
|
|
|
|
|
leave_function();
|
|
|
|
|
return SSH_AUTH_ERROR;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
len = strlen(privkey_file) + 5;
|
|
|
|
|
publickey_file = malloc(len);
|
|
|
|
|
if (publickey_file == NULL) {
|
|
|
|
|
ssh_set_error_oom(session);
|
|
|
|
|
leave_function();
|
|
|
|
|
return SSH_AUTH_ERROR;
|
|
|
|
|
}
|
|
|
|
|
snprintf(publickey_file, len, "%s.pub", privkey_file);
|
|
|
|
|
rc = ssh_publickey_to_file(session, publickey_file, pubkey_string, type);
|
|
|
|
|
if (rc < 0) {
|
|
|
|
|
ssh_log(session, SSH_LOG_PACKET,
|
|
|
|
|
"Could not write public key to file: %s", publickey_file);
|
|
|
|
|
}
|
|
|
|
|
SAFE_FREE(publickey_file);
|
|
|
|
|
} else if (rc < 0) {
|
2009-04-30 13:58:20 +00:00
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
2010-02-28 22:51:21 +01:00
|
|
|
rc = ssh_userauth_offer_pubkey(session, NULL, type, pubkey_string);
|
2009-04-28 19:33:28 +00:00
|
|
|
if (rc == SSH_AUTH_ERROR){
|
2010-05-14 00:51:08 +02:00
|
|
|
ssh_string_free(pubkey_string);
|
2009-09-21 15:54:49 +02:00
|
|
|
ssh_log(session, SSH_LOG_RARE, "Publickey authentication error");
|
2009-04-28 19:33:28 +00:00
|
|
|
leave_function();
|
|
|
|
|
return rc;
|
|
|
|
|
} else {
|
|
|
|
|
if (rc != SSH_AUTH_SUCCESS){
|
2009-12-26 22:12:08 +01:00
|
|
|
ssh_log(session, SSH_LOG_PROTOCOL, "Publickey refused by server");
|
2010-05-14 00:51:08 +02:00
|
|
|
ssh_string_free(pubkey_string);
|
2009-04-28 19:33:28 +00:00
|
|
|
continue;
|
|
|
|
|
}
|
2005-07-05 01:21:44 +00:00
|
|
|
}
|
2009-04-28 19:33:28 +00:00
|
|
|
|
|
|
|
|
/* Public key accepted by server! */
|
2010-02-28 22:51:21 +01:00
|
|
|
if (!privkey_open) {
|
|
|
|
|
ssh_log(session, SSH_LOG_PROTOCOL, "Trying to read privatekey %s",
|
|
|
|
|
privkey_file);
|
|
|
|
|
privkey = privatekey_from_file(session, privkey_file, type, passphrase);
|
|
|
|
|
if (privkey == NULL) {
|
|
|
|
|
ssh_log(session, SSH_LOG_RARE,
|
|
|
|
|
"Reading private key %s failed (bad passphrase ?)",
|
|
|
|
|
privkey_file);
|
2010-05-14 00:51:08 +02:00
|
|
|
ssh_string_free(pubkey_string);
|
2010-02-28 22:51:21 +01:00
|
|
|
continue; /* continue the loop with other pubkey */
|
|
|
|
|
}
|
2009-04-28 19:33:28 +00:00
|
|
|
}
|
|
|
|
|
|
2010-02-28 22:51:21 +01:00
|
|
|
rc = ssh_userauth_pubkey(session, NULL, pubkey_string, privkey);
|
2009-04-28 19:33:28 +00:00
|
|
|
if (rc == SSH_AUTH_ERROR) {
|
2010-05-14 00:51:08 +02:00
|
|
|
ssh_string_free(pubkey_string);
|
2009-04-28 19:33:28 +00:00
|
|
|
privatekey_free(privkey);
|
|
|
|
|
leave_function();
|
|
|
|
|
return rc;
|
|
|
|
|
} else {
|
|
|
|
|
if (rc != SSH_AUTH_SUCCESS){
|
2009-12-26 22:12:08 +01:00
|
|
|
ssh_log(session, SSH_LOG_RARE,
|
2009-04-28 19:33:28 +00:00
|
|
|
"The server accepted the public key but refused the signature");
|
2010-05-14 00:51:08 +02:00
|
|
|
ssh_string_free(pubkey_string);
|
2009-04-28 19:33:28 +00:00
|
|
|
privatekey_free(privkey);
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* auth success */
|
2009-12-26 22:12:08 +01:00
|
|
|
ssh_log(session, SSH_LOG_PROTOCOL,
|
2010-02-28 22:51:21 +01:00
|
|
|
"Successfully authenticated using %s", privkey_file);
|
2010-05-14 00:51:08 +02:00
|
|
|
ssh_string_free(pubkey_string);
|
2009-04-28 19:33:28 +00:00
|
|
|
privatekey_free(privkey);
|
|
|
|
|
|
2008-06-12 20:14:17 +00:00
|
|
|
leave_function();
|
2009-04-28 19:33:28 +00:00
|
|
|
return SSH_AUTH_SUCCESS;
|
|
|
|
|
}
|
2010-02-28 22:51:21 +01:00
|
|
|
|
2009-04-28 19:33:28 +00:00
|
|
|
/* at this point, pubkey is NULL and so is privkeyfile */
|
2009-12-26 22:12:08 +01:00
|
|
|
ssh_log(session, SSH_LOG_PROTOCOL,
|
2009-04-28 19:33:28 +00:00
|
|
|
"Tried every public key, none matched");
|
|
|
|
|
ssh_set_error(session,SSH_NO_ERROR,"No public key matched");
|
|
|
|
|
|
|
|
|
|
leave_function();
|
|
|
|
|
return SSH_AUTH_DENIED;
|
2005-07-05 01:21:44 +00:00
|
|
|
}
|
|
|
|
|
|
2009-09-26 14:05:58 +02:00
|
|
|
struct ssh_kbdint_struct {
|
|
|
|
|
uint32_t nprompts;
|
|
|
|
|
char *name;
|
|
|
|
|
char *instruction;
|
|
|
|
|
char **prompts;
|
|
|
|
|
unsigned char *echo; /* bool array */
|
|
|
|
|
char **answers;
|
|
|
|
|
};
|
|
|
|
|
|
2009-07-25 20:26:01 +02:00
|
|
|
static ssh_kbdint kbdint_new(void) {
|
|
|
|
|
ssh_kbdint kbd;
|
2009-04-01 10:05:15 +00:00
|
|
|
|
2009-07-25 20:26:01 +02:00
|
|
|
kbd = malloc(sizeof (struct ssh_kbdint_struct));
|
2009-04-29 09:53:55 +00:00
|
|
|
if (kbd == NULL) {
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
ZERO_STRUCTP(kbd);
|
|
|
|
|
|
|
|
|
|
return kbd;
|
2005-07-05 01:21:44 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2009-07-25 20:26:01 +02:00
|
|
|
static void kbdint_free(ssh_kbdint kbd) {
|
2009-04-29 09:57:12 +00:00
|
|
|
int i, n;
|
|
|
|
|
|
|
|
|
|
if (kbd == NULL) {
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
n = kbd->nprompts;
|
|
|
|
|
|
|
|
|
|
SAFE_FREE(kbd->name);
|
|
|
|
|
SAFE_FREE(kbd->instruction);
|
|
|
|
|
SAFE_FREE(kbd->echo);
|
|
|
|
|
|
|
|
|
|
if (kbd->prompts) {
|
|
|
|
|
for (i = 0; i < n; i++) {
|
2009-04-30 14:07:33 +00:00
|
|
|
BURN_STRING(kbd->prompts[i]);
|
2009-04-29 09:57:12 +00:00
|
|
|
SAFE_FREE(kbd->prompts[i]);
|
2005-07-05 01:21:44 +00:00
|
|
|
}
|
2009-04-29 09:57:12 +00:00
|
|
|
SAFE_FREE(kbd->prompts);
|
|
|
|
|
}
|
|
|
|
|
if (kbd->answers) {
|
|
|
|
|
for (i = 0; i < n; i++) {
|
2009-04-30 14:07:33 +00:00
|
|
|
BURN_STRING(kbd->answers[i]);
|
2009-04-29 09:57:12 +00:00
|
|
|
SAFE_FREE(kbd->answers[i]);
|
2005-07-05 01:21:44 +00:00
|
|
|
}
|
2009-04-29 09:57:12 +00:00
|
|
|
SAFE_FREE(kbd->answers);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
SAFE_FREE(kbd);
|
2005-07-05 01:21:44 +00:00
|
|
|
}
|
2008-12-14 21:46:31 +00:00
|
|
|
|
2009-07-25 20:26:01 +02:00
|
|
|
static void kbdint_clean(ssh_kbdint kbd) {
|
2009-04-29 10:04:32 +00:00
|
|
|
int i, n;
|
|
|
|
|
|
|
|
|
|
if (kbd == NULL) {
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
n = kbd->nprompts;
|
|
|
|
|
|
|
|
|
|
SAFE_FREE(kbd->name);
|
|
|
|
|
SAFE_FREE(kbd->instruction);
|
|
|
|
|
SAFE_FREE(kbd->echo);
|
|
|
|
|
|
|
|
|
|
if (kbd->prompts) {
|
|
|
|
|
for (i = 0; i < n; i++) {
|
2009-04-30 14:07:33 +00:00
|
|
|
BURN_STRING(kbd->prompts[i]);
|
2009-04-29 10:04:32 +00:00
|
|
|
SAFE_FREE(kbd->prompts[i]);
|
2005-07-05 01:21:44 +00:00
|
|
|
}
|
2009-04-29 10:04:32 +00:00
|
|
|
SAFE_FREE(kbd->prompts);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (kbd->answers) {
|
|
|
|
|
for (i = 0; i < n; i++) {
|
2009-04-30 14:07:33 +00:00
|
|
|
BURN_STRING(kbd->answers[i]);
|
2009-04-29 10:04:32 +00:00
|
|
|
SAFE_FREE(kbd->answers[i]);
|
2005-07-05 01:21:44 +00:00
|
|
|
}
|
2009-04-29 10:04:32 +00:00
|
|
|
SAFE_FREE(kbd->answers);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
kbd->nprompts = 0;
|
2005-07-05 01:21:44 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* this function sends the first packet as explained in section 3.1
|
|
|
|
|
* of the draft */
|
2009-09-23 21:55:54 +02:00
|
|
|
static int kbdauth_init(ssh_session session, const char *user,
|
2009-04-07 13:40:40 +00:00
|
|
|
const char *submethods) {
|
2009-07-24 21:45:41 +02:00
|
|
|
ssh_string usr = NULL;
|
|
|
|
|
ssh_string sub = NULL;
|
|
|
|
|
ssh_string service = NULL;
|
|
|
|
|
ssh_string method = NULL;
|
2009-04-07 13:40:40 +00:00
|
|
|
int rc = SSH_AUTH_ERROR;
|
|
|
|
|
|
|
|
|
|
enter_function();
|
|
|
|
|
|
2010-05-14 00:51:08 +02:00
|
|
|
usr = ssh_string_from_char(user);
|
2009-04-07 13:40:40 +00:00
|
|
|
if (usr == NULL) {
|
|
|
|
|
goto error;
|
|
|
|
|
}
|
2010-05-14 00:51:08 +02:00
|
|
|
sub = (submethods ? ssh_string_from_char(submethods) : ssh_string_from_char(""));
|
2009-04-07 13:40:40 +00:00
|
|
|
if (sub == NULL) {
|
|
|
|
|
goto error;
|
|
|
|
|
}
|
2010-05-14 00:51:08 +02:00
|
|
|
service = ssh_string_from_char("ssh-connection");
|
2009-04-07 13:40:40 +00:00
|
|
|
if (service == NULL) {
|
|
|
|
|
goto error;
|
|
|
|
|
}
|
2010-05-14 00:51:08 +02:00
|
|
|
method = ssh_string_from_char("keyboard-interactive");
|
2009-04-07 13:40:40 +00:00
|
|
|
if (method == NULL) {
|
|
|
|
|
goto error;
|
|
|
|
|
}
|
|
|
|
|
|
2009-04-29 10:09:16 +00:00
|
|
|
if (buffer_add_u8(session->out_buffer, SSH2_MSG_USERAUTH_REQUEST) < 0 ||
|
|
|
|
|
buffer_add_ssh_string(session->out_buffer, usr) < 0 ||
|
|
|
|
|
buffer_add_ssh_string(session->out_buffer, service) < 0 ||
|
|
|
|
|
buffer_add_ssh_string(session->out_buffer, method) < 0 ||
|
|
|
|
|
buffer_add_u32(session->out_buffer, 0) < 0 ||
|
|
|
|
|
buffer_add_ssh_string(session->out_buffer, sub) < 0) {
|
2009-04-07 13:40:40 +00:00
|
|
|
goto error;
|
|
|
|
|
}
|
|
|
|
|
|
2010-05-14 00:51:08 +02:00
|
|
|
ssh_string_free(usr);
|
|
|
|
|
ssh_string_free(service);
|
|
|
|
|
ssh_string_free(method);
|
|
|
|
|
ssh_string_free(sub);
|
2010-05-19 14:07:40 +02:00
|
|
|
session->auth_state=SSH_AUTH_STATE_KBDINT_SENT;
|
2010-07-23 11:01:06 +02:00
|
|
|
if (packet_send(session) == SSH_ERROR) {
|
2008-06-12 20:14:17 +00:00
|
|
|
leave_function();
|
2009-04-07 13:40:40 +00:00
|
|
|
return rc;
|
|
|
|
|
}
|
2009-12-26 21:59:37 +01:00
|
|
|
rc = wait_auth_status(session);
|
2009-04-07 13:40:40 +00:00
|
|
|
|
|
|
|
|
leave_function();
|
|
|
|
|
return rc;
|
|
|
|
|
error:
|
2009-07-28 18:01:07 +02:00
|
|
|
buffer_reinit(session->out_buffer);
|
2010-05-14 00:51:08 +02:00
|
|
|
ssh_string_free(usr);
|
|
|
|
|
ssh_string_free(service);
|
|
|
|
|
ssh_string_free(method);
|
|
|
|
|
ssh_string_free(sub);
|
2009-04-07 13:40:40 +00:00
|
|
|
|
|
|
|
|
leave_function();
|
|
|
|
|
return rc;
|
2005-07-05 01:21:44 +00:00
|
|
|
}
|
|
|
|
|
|
2010-05-19 14:07:40 +02:00
|
|
|
/**
|
|
|
|
|
* @internal
|
|
|
|
|
* @brief handles a SSH_USERAUTH_INFO_REQUEST packet, as used in
|
|
|
|
|
* keyboard-interactive authentication, and changes the
|
|
|
|
|
* authentication state.
|
|
|
|
|
*/
|
|
|
|
|
SSH_PACKET_CALLBACK(ssh_packet_userauth_info_request) {
|
2009-07-24 21:45:41 +02:00
|
|
|
ssh_string name; /* name of the "asking" window showed to client */
|
|
|
|
|
ssh_string instruction;
|
|
|
|
|
ssh_string tmp;
|
2009-07-25 23:19:41 +02:00
|
|
|
uint32_t nprompts;
|
|
|
|
|
uint32_t i;
|
2010-05-19 14:07:40 +02:00
|
|
|
(void)user;
|
|
|
|
|
(void)type;
|
2009-04-29 10:22:59 +00:00
|
|
|
enter_function();
|
|
|
|
|
|
2010-05-19 14:07:40 +02:00
|
|
|
name = buffer_get_ssh_string(packet);
|
|
|
|
|
instruction = buffer_get_ssh_string(packet);
|
|
|
|
|
tmp = buffer_get_ssh_string(packet);
|
|
|
|
|
buffer_get_u32(packet, &nprompts);
|
2009-04-29 10:22:59 +00:00
|
|
|
|
|
|
|
|
if (name == NULL || instruction == NULL || tmp == NULL) {
|
2010-05-14 00:51:08 +02:00
|
|
|
ssh_string_free(name);
|
|
|
|
|
ssh_string_free(instruction);
|
2009-04-29 10:22:59 +00:00
|
|
|
/* tmp if empty if we got here */
|
|
|
|
|
ssh_set_error(session, SSH_FATAL, "Invalid USERAUTH_INFO_REQUEST msg");
|
|
|
|
|
leave_function();
|
2010-05-19 14:07:40 +02:00
|
|
|
return SSH_PACKET_USED;
|
2009-04-29 10:22:59 +00:00
|
|
|
}
|
2010-05-14 00:51:08 +02:00
|
|
|
ssh_string_free(tmp);
|
2009-04-29 10:22:59 +00:00
|
|
|
|
|
|
|
|
if (session->kbdint == NULL) {
|
|
|
|
|
session->kbdint = kbdint_new();
|
|
|
|
|
if (session->kbdint == NULL) {
|
2010-05-19 14:07:40 +02:00
|
|
|
ssh_set_error_oom(session);
|
2010-05-14 00:51:08 +02:00
|
|
|
ssh_string_free(name);
|
|
|
|
|
ssh_string_free(instruction);
|
2009-04-29 10:22:59 +00:00
|
|
|
|
2009-04-01 10:05:15 +00:00
|
|
|
leave_function();
|
2010-05-19 14:07:40 +02:00
|
|
|
return SSH_PACKET_USED;
|
2009-04-01 10:05:15 +00:00
|
|
|
}
|
2009-04-29 10:22:59 +00:00
|
|
|
} else {
|
|
|
|
|
kbdint_clean(session->kbdint);
|
|
|
|
|
}
|
|
|
|
|
|
2010-05-14 00:51:08 +02:00
|
|
|
session->kbdint->name = ssh_string_to_char(name);
|
|
|
|
|
ssh_string_free(name);
|
2009-04-29 10:22:59 +00:00
|
|
|
if (session->kbdint->name == NULL) {
|
2010-05-19 14:07:40 +02:00
|
|
|
ssh_set_error_oom(session);
|
2009-04-29 10:22:59 +00:00
|
|
|
kbdint_free(session->kbdint);
|
|
|
|
|
leave_function();
|
2010-05-19 14:07:40 +02:00
|
|
|
return SSH_PACKET_USED;
|
2009-04-29 10:22:59 +00:00
|
|
|
}
|
|
|
|
|
|
2010-05-14 00:51:08 +02:00
|
|
|
session->kbdint->instruction = ssh_string_to_char(instruction);
|
|
|
|
|
ssh_string_free(instruction);
|
2009-04-29 10:22:59 +00:00
|
|
|
if (session->kbdint->instruction == NULL) {
|
2010-05-19 14:07:40 +02:00
|
|
|
ssh_set_error_oom(session);
|
2009-04-29 10:22:59 +00:00
|
|
|
kbdint_free(session->kbdint);
|
|
|
|
|
session->kbdint = NULL;
|
|
|
|
|
leave_function();
|
2010-05-19 14:07:40 +02:00
|
|
|
return SSH_PACKET_USED;
|
2009-04-29 10:22:59 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
nprompts = ntohl(nprompts);
|
2010-05-19 14:07:40 +02:00
|
|
|
ssh_log(session,SSH_LOG_PACKET,"kbdint: %d prompts",nprompts);
|
2009-04-29 10:22:59 +00:00
|
|
|
if (nprompts > KBDINT_MAX_PROMPT) {
|
|
|
|
|
ssh_set_error(session, SSH_FATAL,
|
|
|
|
|
"Too much prompt asked from server: %u (0x%.4x)",
|
|
|
|
|
nprompts, nprompts);
|
|
|
|
|
kbdint_free(session->kbdint);
|
|
|
|
|
session->kbdint = NULL;
|
|
|
|
|
leave_function();
|
2010-05-19 14:07:40 +02:00
|
|
|
return SSH_PACKET_USED;
|
2009-04-29 10:22:59 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
session->kbdint->nprompts = nprompts;
|
|
|
|
|
session->kbdint->prompts = malloc(nprompts * sizeof(char *));
|
|
|
|
|
if (session->kbdint->prompts == NULL) {
|
|
|
|
|
session->kbdint->nprompts = 0;
|
2010-05-19 14:07:40 +02:00
|
|
|
ssh_set_error_oom(session);
|
2009-04-29 10:22:59 +00:00
|
|
|
kbdint_free(session->kbdint);
|
|
|
|
|
session->kbdint = NULL;
|
|
|
|
|
leave_function();
|
2010-05-19 14:07:40 +02:00
|
|
|
return SSH_PACKET_USED;
|
2009-04-29 10:22:59 +00:00
|
|
|
}
|
|
|
|
|
memset(session->kbdint->prompts, 0, nprompts * sizeof(char *));
|
|
|
|
|
|
|
|
|
|
session->kbdint->echo = malloc(nprompts);
|
|
|
|
|
if (session->kbdint->echo == NULL) {
|
|
|
|
|
session->kbdint->nprompts = 0;
|
2010-05-19 14:07:40 +02:00
|
|
|
ssh_set_error_oom(session);
|
2009-04-29 10:22:59 +00:00
|
|
|
kbdint_free(session->kbdint);
|
|
|
|
|
session->kbdint = NULL;
|
|
|
|
|
leave_function();
|
2010-05-19 14:07:40 +02:00
|
|
|
return SSH_PACKET_USED;
|
2009-04-29 10:22:59 +00:00
|
|
|
}
|
|
|
|
|
memset(session->kbdint->echo, 0, nprompts);
|
|
|
|
|
|
|
|
|
|
for (i = 0; i < nprompts; i++) {
|
2010-05-19 14:07:40 +02:00
|
|
|
tmp = buffer_get_ssh_string(packet);
|
|
|
|
|
buffer_get_u8(packet, &session->kbdint->echo[i]);
|
2009-04-29 10:22:59 +00:00
|
|
|
if (tmp == NULL) {
|
|
|
|
|
ssh_set_error(session, SSH_FATAL, "Short INFO_REQUEST packet");
|
|
|
|
|
kbdint_free(session->kbdint);
|
|
|
|
|
session->kbdint = NULL;
|
2009-04-01 10:05:15 +00:00
|
|
|
leave_function();
|
2010-05-19 14:07:40 +02:00
|
|
|
return SSH_PACKET_USED;
|
2009-04-01 10:05:15 +00:00
|
|
|
}
|
2010-05-14 00:51:08 +02:00
|
|
|
session->kbdint->prompts[i] = ssh_string_to_char(tmp);
|
|
|
|
|
ssh_string_free(tmp);
|
2009-04-29 10:22:59 +00:00
|
|
|
if (session->kbdint->prompts[i] == NULL) {
|
2010-05-19 14:07:40 +02:00
|
|
|
ssh_set_error_oom(session);
|
2009-04-29 10:22:59 +00:00
|
|
|
kbdint_free(session->kbdint);
|
|
|
|
|
session->kbdint = NULL;
|
|
|
|
|
leave_function();
|
2010-05-19 14:07:40 +02:00
|
|
|
return SSH_PACKET_USED;
|
2005-07-05 01:21:44 +00:00
|
|
|
}
|
2009-04-29 10:22:59 +00:00
|
|
|
}
|
2010-05-19 14:07:40 +02:00
|
|
|
session->auth_state=SSH_AUTH_STATE_INFO;
|
2009-04-29 10:22:59 +00:00
|
|
|
leave_function();
|
2010-05-19 14:07:40 +02:00
|
|
|
return SSH_PACKET_USED;
|
2005-07-05 01:21:44 +00:00
|
|
|
}
|
|
|
|
|
|
2010-05-19 14:07:40 +02:00
|
|
|
/**
|
|
|
|
|
* @internal
|
|
|
|
|
* @brief Sends the current challenge response and wait for a
|
|
|
|
|
* reply from the server
|
|
|
|
|
* @returns SSH_AUTH_INFO if more info is needed
|
|
|
|
|
* @returns SSH_AUTH_SUCCESS
|
|
|
|
|
* @returns SSH_AUTH_FAILURE
|
|
|
|
|
* @returns SSH_AUTH_PARTIAL
|
|
|
|
|
*/
|
2009-09-23 21:55:54 +02:00
|
|
|
static int kbdauth_send(ssh_session session) {
|
2009-07-24 21:45:41 +02:00
|
|
|
ssh_string answer = NULL;
|
2009-04-07 13:40:40 +00:00
|
|
|
int rc = SSH_AUTH_ERROR;
|
2009-07-25 23:19:41 +02:00
|
|
|
uint32_t i;
|
2009-04-07 13:40:40 +00:00
|
|
|
|
|
|
|
|
enter_function();
|
|
|
|
|
|
2009-04-29 10:25:00 +00:00
|
|
|
if (buffer_add_u8(session->out_buffer, SSH2_MSG_USERAUTH_INFO_RESPONSE) < 0 ||
|
|
|
|
|
buffer_add_u32(session->out_buffer,
|
|
|
|
|
htonl(session->kbdint->nprompts)) < 0) {
|
2009-04-07 13:40:40 +00:00
|
|
|
goto error;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for (i = 0; i < session->kbdint->nprompts; i++) {
|
|
|
|
|
if (session->kbdint->answers[i]) {
|
2010-05-14 00:51:08 +02:00
|
|
|
answer = ssh_string_from_char(session->kbdint->answers[i]);
|
2009-04-07 13:40:40 +00:00
|
|
|
} else {
|
2010-05-14 00:51:08 +02:00
|
|
|
answer = ssh_string_from_char("");
|
2008-06-12 20:14:17 +00:00
|
|
|
}
|
2009-04-07 13:40:40 +00:00
|
|
|
if (answer == NULL) {
|
|
|
|
|
goto error;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (buffer_add_ssh_string(session->out_buffer, answer) < 0) {
|
|
|
|
|
goto error;
|
|
|
|
|
}
|
|
|
|
|
|
2010-05-14 00:51:08 +02:00
|
|
|
ssh_string_burn(answer);
|
|
|
|
|
ssh_string_free(answer);
|
2009-04-07 13:40:40 +00:00
|
|
|
}
|
2010-05-19 14:07:40 +02:00
|
|
|
session->auth_state=SSH_AUTH_STATE_KBDINT_SENT;
|
|
|
|
|
kbdint_free(session->kbdint);
|
|
|
|
|
session->kbdint = NULL;
|
2010-07-23 11:01:06 +02:00
|
|
|
if (packet_send(session) == SSH_ERROR) {
|
2008-06-12 20:14:17 +00:00
|
|
|
leave_function();
|
2009-04-07 13:40:40 +00:00
|
|
|
return rc;
|
|
|
|
|
}
|
2009-12-26 21:59:37 +01:00
|
|
|
rc = wait_auth_status(session);
|
2009-04-07 13:40:40 +00:00
|
|
|
|
|
|
|
|
leave_function();
|
|
|
|
|
return rc;
|
|
|
|
|
error:
|
2009-07-28 18:01:07 +02:00
|
|
|
buffer_reinit(session->out_buffer);
|
2010-05-14 00:51:08 +02:00
|
|
|
ssh_string_burn(answer);
|
|
|
|
|
ssh_string_free(answer);
|
2009-04-07 13:40:40 +00:00
|
|
|
|
|
|
|
|
leave_function();
|
|
|
|
|
return rc;
|
2005-07-05 01:21:44 +00:00
|
|
|
}
|
|
|
|
|
|
2009-04-29 10:46:45 +00:00
|
|
|
/**
|
|
|
|
|
* @brief Try to authenticate through the "keyboard-interactive" method.
|
|
|
|
|
*
|
2010-04-04 14:33:08 +02:00
|
|
|
* @param[in] session The ssh session to use.
|
2009-04-29 10:46:45 +00:00
|
|
|
*
|
2010-04-04 14:33:08 +02:00
|
|
|
* @param[in] user The username to authenticate. You can specify NULL if
|
2009-04-29 10:46:45 +00:00
|
|
|
* ssh_option_set_username() has been used. You cannot try
|
|
|
|
|
* two different logins in a row.
|
|
|
|
|
*
|
2010-04-04 14:33:08 +02:00
|
|
|
* @param[in] submethods Undocumented. Set it to NULL.
|
2009-04-29 10:46:45 +00:00
|
|
|
*
|
|
|
|
|
* @returns SSH_AUTH_ERROR: A serious error happened\n
|
|
|
|
|
* SSH_AUTH_DENIED: Authentication failed : use another method\n
|
|
|
|
|
* SSH_AUTH_PARTIAL: You've been partially authenticated, you still
|
|
|
|
|
* have to use another method\n
|
|
|
|
|
* SSH_AUTH_SUCCESS: Authentication success\n
|
|
|
|
|
* SSH_AUTH_INFO: The server asked some questions. Use
|
|
|
|
|
* ssh_userauth_kbdint_getnprompts() and such.
|
|
|
|
|
*
|
|
|
|
|
* @see ssh_userauth_kbdint_getnprompts()
|
|
|
|
|
* @see ssh_userauth_kbdint_getname()
|
|
|
|
|
* @see ssh_userauth_kbdint_getinstruction()
|
|
|
|
|
* @see ssh_userauth_kbdint_getprompt()
|
|
|
|
|
* @see ssh_userauth_kbdint_setanswer()
|
2006-11-12 00:14:55 +00:00
|
|
|
*/
|
2009-09-23 21:55:54 +02:00
|
|
|
int ssh_userauth_kbdint(ssh_session session, const char *user,
|
2009-04-29 10:46:45 +00:00
|
|
|
const char *submethods) {
|
|
|
|
|
int rc = SSH_AUTH_ERROR;
|
2006-11-12 00:14:55 +00:00
|
|
|
|
2009-04-29 10:46:45 +00:00
|
|
|
if (session->version == 1) {
|
|
|
|
|
/* No keyb-interactive for ssh1 */
|
|
|
|
|
return SSH_AUTH_DENIED;
|
|
|
|
|
}
|
2006-11-12 00:14:55 +00:00
|
|
|
|
2009-04-29 10:46:45 +00:00
|
|
|
enter_function();
|
|
|
|
|
|
|
|
|
|
if (session->kbdint == NULL) {
|
|
|
|
|
/* first time we call. we must ask for a challenge */
|
|
|
|
|
if (user == NULL) {
|
2009-10-02 14:06:41 +02:00
|
|
|
if ((user = session->username) == NULL) {
|
2010-05-21 10:21:03 +02:00
|
|
|
if (ssh_options_apply(session) < 0) {
|
2009-04-29 10:46:45 +00:00
|
|
|
leave_function();
|
|
|
|
|
return SSH_AUTH_ERROR;
|
|
|
|
|
} else {
|
2009-10-02 14:06:41 +02:00
|
|
|
user = session->username;
|
2005-07-05 01:21:44 +00:00
|
|
|
}
|
2009-04-29 10:46:45 +00:00
|
|
|
}
|
2005-07-05 01:21:44 +00:00
|
|
|
}
|
2009-04-29 10:46:45 +00:00
|
|
|
|
|
|
|
|
if (ask_userauth(session)) {
|
|
|
|
|
leave_function();
|
|
|
|
|
return SSH_AUTH_ERROR;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
rc = kbdauth_init(session, user, submethods);
|
|
|
|
|
|
2008-06-12 20:14:17 +00:00
|
|
|
leave_function();
|
2009-04-29 10:46:45 +00:00
|
|
|
return rc;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
2010-01-06 21:12:00 +01:00
|
|
|
* If we are at this point, it is because session->kbdint exists.
|
2010-03-25 13:46:09 +01:00
|
|
|
* It means the user has set some information there we need to send
|
2009-04-29 10:46:45 +00:00
|
|
|
* the server and then we need to ack the status (new questions or ok
|
|
|
|
|
* pass in).
|
|
|
|
|
*/
|
|
|
|
|
rc = kbdauth_send(session);
|
|
|
|
|
|
|
|
|
|
leave_function();
|
|
|
|
|
return rc;
|
2005-07-05 01:21:44 +00:00
|
|
|
}
|
|
|
|
|
|
2009-04-29 10:50:47 +00:00
|
|
|
/**
|
|
|
|
|
* @brief Get the number of prompts (questions) the server has given.
|
|
|
|
|
*
|
|
|
|
|
* You have called ssh_userauth_kbdint() and got SSH_AUTH_INFO. This
|
|
|
|
|
* function returns the questions from the server.
|
|
|
|
|
*
|
2010-04-04 14:33:08 +02:00
|
|
|
* @param[in] session The ssh session to use.
|
2009-04-29 10:50:47 +00:00
|
|
|
*
|
|
|
|
|
* @returns The number of prompts.
|
2006-11-12 00:14:55 +00:00
|
|
|
*/
|
2009-09-23 21:55:54 +02:00
|
|
|
int ssh_userauth_kbdint_getnprompts(ssh_session session) {
|
2009-04-29 10:50:47 +00:00
|
|
|
return session->kbdint->nprompts;
|
2005-07-05 01:21:44 +00:00
|
|
|
}
|
|
|
|
|
|
2009-04-29 10:50:47 +00:00
|
|
|
/**
|
|
|
|
|
* @brief Get the "name" of the message block.
|
|
|
|
|
*
|
|
|
|
|
* You have called ssh_userauth_kbdint() and got SSH_AUTH_INFO. This
|
|
|
|
|
* function returns the questions from the server.
|
|
|
|
|
*
|
2010-04-04 14:33:08 +02:00
|
|
|
* @param[in] session The ssh session to use.
|
2009-04-29 10:50:47 +00:00
|
|
|
*
|
|
|
|
|
* @returns The name of the message block. Do not free it.
|
2006-11-12 00:14:55 +00:00
|
|
|
*/
|
2009-09-23 21:55:54 +02:00
|
|
|
const char *ssh_userauth_kbdint_getname(ssh_session session) {
|
2009-04-29 10:50:47 +00:00
|
|
|
return session->kbdint->name;
|
2005-07-05 01:21:44 +00:00
|
|
|
}
|
|
|
|
|
|
2009-04-29 10:50:47 +00:00
|
|
|
/**
|
|
|
|
|
* @brief Get the "instruction" of the message block.
|
|
|
|
|
*
|
|
|
|
|
* You have called ssh_userauth_kbdint() and got SSH_AUTH_INFO. This
|
|
|
|
|
* function returns the questions from the server.
|
|
|
|
|
*
|
2010-04-04 14:33:08 +02:00
|
|
|
* @param[in] session The ssh session to use.
|
2009-04-29 10:50:47 +00:00
|
|
|
*
|
|
|
|
|
* @returns The instruction of the message block.
|
2006-11-12 00:14:55 +00:00
|
|
|
*/
|
|
|
|
|
|
2009-09-23 21:55:54 +02:00
|
|
|
const char *ssh_userauth_kbdint_getinstruction(ssh_session session) {
|
2009-04-29 10:50:47 +00:00
|
|
|
return session->kbdint->instruction;
|
2005-07-05 01:21:44 +00:00
|
|
|
}
|
|
|
|
|
|
2009-04-29 10:53:23 +00:00
|
|
|
/**
|
|
|
|
|
* @brief Get a prompt from a message block.
|
|
|
|
|
*
|
|
|
|
|
* You have called ssh_userauth_kbdint() and got SSH_AUTH_INFO. This
|
|
|
|
|
* function returns the questions from the server.
|
|
|
|
|
*
|
2010-04-04 14:33:08 +02:00
|
|
|
* @param[in] session The ssh session to use.
|
2009-04-29 10:53:23 +00:00
|
|
|
*
|
2010-04-04 14:33:08 +02:00
|
|
|
* @param[in] i The index number of the i'th prompt.
|
2009-04-29 10:53:23 +00:00
|
|
|
*
|
2010-04-04 14:33:08 +02:00
|
|
|
* @param[in] echo When different of NULL, it will obtain a boolean meaning
|
2009-04-29 10:53:23 +00:00
|
|
|
* that the resulting user input should be echoed or not
|
|
|
|
|
* (like passwords).
|
|
|
|
|
*
|
|
|
|
|
* @returns A pointer to the prompt. Do not free it.
|
2006-11-12 00:14:55 +00:00
|
|
|
*/
|
2009-09-23 21:55:54 +02:00
|
|
|
const char *ssh_userauth_kbdint_getprompt(ssh_session session, unsigned int i,
|
2009-04-29 10:53:23 +00:00
|
|
|
char *echo) {
|
|
|
|
|
if (i > session->kbdint->nprompts) {
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (echo) {
|
|
|
|
|
*echo = session->kbdint->echo[i];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return session->kbdint->prompts[i];
|
2005-07-05 01:21:44 +00:00
|
|
|
}
|
|
|
|
|
|
2010-04-04 14:33:08 +02:00
|
|
|
/**
|
|
|
|
|
* @brief Set the answer for a question from a message block.
|
|
|
|
|
*
|
|
|
|
|
* If you have called ssh_userauth_kbdint() and got SSH_AUTH_INFO, this
|
|
|
|
|
* function returns the questions from the server.
|
|
|
|
|
*
|
|
|
|
|
* @param[in] session The ssh session to use.
|
|
|
|
|
*
|
|
|
|
|
* @param[in] i index The number of the ith prompt.
|
|
|
|
|
*
|
|
|
|
|
* @param[in] answer The answer to give to the server.
|
|
|
|
|
*
|
|
|
|
|
* @return 0 on success, < 0 on error.
|
2006-11-12 00:14:55 +00:00
|
|
|
*/
|
2009-09-23 21:55:54 +02:00
|
|
|
int ssh_userauth_kbdint_setanswer(ssh_session session, unsigned int i,
|
2009-04-02 09:24:46 +00:00
|
|
|
const char *answer) {
|
2009-07-22 12:18:34 +02:00
|
|
|
if (session == NULL || answer == NULL || i > session->kbdint->nprompts) {
|
2009-04-02 09:24:46 +00:00
|
|
|
return -1;
|
|
|
|
|
}
|
2006-11-12 00:14:55 +00:00
|
|
|
|
2009-04-02 09:24:46 +00:00
|
|
|
if (session->kbdint->answers == NULL) {
|
|
|
|
|
session->kbdint->answers = malloc(sizeof(char*) * session->kbdint->nprompts);
|
2009-04-01 10:05:15 +00:00
|
|
|
if (session->kbdint->answers == NULL) {
|
2009-04-02 09:24:46 +00:00
|
|
|
return -1;
|
2005-07-05 01:21:44 +00:00
|
|
|
}
|
2009-04-02 09:24:46 +00:00
|
|
|
memset(session->kbdint->answers, 0, sizeof(char *) * session->kbdint->nprompts);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (session->kbdint->answers[i]) {
|
2009-04-30 14:07:33 +00:00
|
|
|
BURN_STRING(session->kbdint->answers[i]);
|
2009-04-02 09:24:46 +00:00
|
|
|
SAFE_FREE(session->kbdint->answers[i]);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
session->kbdint->answers[i] = strdup(answer);
|
|
|
|
|
if (session->kbdint->answers[i] == NULL) {
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return 0;
|
2005-07-05 01:21:44 +00:00
|
|
|
}
|
2006-11-12 00:14:55 +00:00
|
|
|
|
2010-08-28 21:32:08 +02:00
|
|
|
/** @} */
|
2010-04-04 14:33:08 +02:00
|
|
|
|
|
|
|
|
/* vim: set ts=4 sw=4 et cindent: */
|
