/*ARGSUSED*/
static int
auth1_process_rhosts_rsa(Authctxt *authctxt)
{
int keybits, authenticated = 0;
u_int bits;
Key *client_host_key;
u_int ulen;
/*
* Get client user name. Note that we just have to
* trust the client; root on the client machine can
* claim to be any user.
*/
client_user = packet_get_cstring(&ulen);
/* Get the client host key. */
client_host_key = key_new(KEY_RSA1);
bits = packet_get_int();
packet_get_bignum(client_host_key->rsa->e);
packet_get_bignum(client_host_key->rsa->n);
keybits = BN_num_bits(client_host_key->rsa->n);
if (keybits < 0 || bits != (u_int)keybits) {
verbose("Warning: keysize mismatch for client_host_key: "
"actual %d, announced %d",
BN_num_bits(client_host_key->rsa->n), bits);
}
packet_check_eom();
authenticated = auth_rhosts_rsa(authctxt, client_user,
client_host_key);
key_free(client_host_key);
auth_info(authctxt, "ruser %.100s", client_user);
return (authenticated);
}
/* Callback for remote forward global requests */
static void
ssh_confirm_remote_forward(int type, u_int32_t seq, void *ctxt)
{
Forward *rfwd = (Forward *)ctxt;
/* XXX verbose() on failure? */
debug("remote forward %s for: listen %d, connect %s:%d",
type == SSH2_MSG_REQUEST_SUCCESS ? "success" : "failure",
rfwd->listen_port, rfwd->connect_host, rfwd->connect_port);
if (type == SSH2_MSG_REQUEST_SUCCESS && rfwd->listen_port == 0) {
logit("Allocated port %u for remote forward to %s:%d",
packet_get_int(),
rfwd->connect_host, rfwd->connect_port);
}
if (type == SSH2_MSG_REQUEST_FAILURE) {
if (options.exit_on_forward_failure)
fatal("Error: remote port forwarding failed for "
"listen port %d", rfwd->listen_port);
else
logit("Warning: remote port forwarding failed for "
"listen port %d", rfwd->listen_port);
}
}
/* Callback for remote forward global requests */
static void
ssh_confirm_remote_forward(int type, u_int32_t seq, void *ctxt)
{
Forward *rfwd = (Forward *)ctxt;
/* XXX verbose() on failure? */
debug("remote forward %s for: listen %d, connect %s:%d",
type == SSH2_MSG_REQUEST_SUCCESS ? "success" : "failure",
rfwd->listen_port, rfwd->connect_host, rfwd->connect_port);
if (rfwd->listen_port == 0) {
if (type == SSH2_MSG_REQUEST_SUCCESS) {
rfwd->allocated_port = packet_get_int();
logit("Allocated port %u for remote forward to %s:%d",
rfwd->allocated_port,
rfwd->connect_host, rfwd->connect_port);
channel_update_permitted_opens(rfwd->handle,
rfwd->allocated_port);
} else {
channel_update_permitted_opens(rfwd->handle, -1);
}
}
if (type == SSH2_MSG_REQUEST_FAILURE) {
if (options.exit_on_forward_failure)
fatal("Error: remote port forwarding failed for "
"listen port %d", rfwd->listen_port);
else
logit("Warning: remote port forwarding failed for "
"listen port %d", rfwd->listen_port);
}
if (++remote_forward_confirms_received == options.num_remote_forwards) {
debug("All remote forwarding requests processed");
if (fork_after_authentication_flag)
fork_postauth();
}
}
void kex_input_init(int type, u_int32_t seq, void *ctxt)
{
char *ptr;
u_int i, dlen;
Kex *kex = (Kex *)ctxt;
debug("SSH2_MSG_KEXINIT received");
if (kex == NULL)
fatal("kex_input_kexinit: no kex, cannot rekey");
ptr = packet_get_raw(&dlen);
buffer_append(&kex->peer, ptr, dlen);
/* discard packet */
for (i = 0; i < KEX_COOKIE_LEN; i++)
packet_get_char();
for (i = 0; i < PROPOSAL_MAX; i++)
xfree(packet_get_string(NULL));
(void) packet_get_char();
(void) packet_get_int();
packet_check_eom();
//kex_kexinit_finish(kex);
}
void
input_userauth_info_response_pam(int type, u_int32_t seqnr, void *ctxt)
{
Authctxt *authctxt = ctxt;
unsigned int nresp = 0, rlen = 0, i = 0;
char *resp;
if (authctxt == NULL)
fatal("input_userauth_info_response_pam: no authentication context");
nresp = packet_get_int(); /* Number of responses. */
debug("got %d responses", nresp);
if (nresp != context_pam2.num_expected)
fatal("%s: Received incorrect number of responses "
"(expected %u, received %u)", __func__, nresp,
context_pam2.num_expected);
if (nresp > 100)
fatal("%s: too many replies", __func__);
for (i = 0; i < nresp; i++) {
int j = context_pam2.prompts[i];
resp = packet_get_string(&rlen);
context_pam2.responses[j].resp_retcode = PAM_SUCCESS;
context_pam2.responses[j].resp = xstrdup(resp);
xfree(resp);
context_pam2.num_received++;
}
context_pam2.finished = 1;
packet_check_eom();
}
void
kexgss_server(Kex *kex)
{
OM_uint32 maj_status, min_status;
/*
* Some GSSAPI implementations use the input value of ret_flags (an
* output variable) as a means of triggering mechanism specific
* features. Initializing it to zero avoids inadvertently
* activating this non-standard behaviour.
*/
OM_uint32 ret_flags = 0;
gss_buffer_desc gssbuf, recv_tok, msg_tok;
gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
Gssctxt *ctxt = NULL;
u_int slen, klen, kout, hashlen;
u_char *kbuf, *hash;
DH *dh;
int min = -1, max = -1, nbits = -1;
BIGNUM *shared_secret = NULL;
BIGNUM *dh_client_pub = NULL;
int type = 0;
gss_OID oid;
char *mechs;
/* Initialise GSSAPI */
/* If we're rekeying, privsep means that some of the private structures
* in the GSSAPI code are no longer available. This kludges them back
* into life
*/
if (!ssh_gssapi_oid_table_ok())
if ((mechs = ssh_gssapi_server_mechanisms()))
xfree(mechs);
debug2("%s: Identifying %s", __func__, kex->name);
oid = ssh_gssapi_id_kex(NULL, kex->name, kex->kex_type);
if (oid == GSS_C_NO_OID)
fatal("Unknown gssapi mechanism");
debug2("%s: Acquiring credentials", __func__);
if (GSS_ERROR(PRIVSEP(ssh_gssapi_server_ctx(&ctxt, oid))))
fatal("Unable to acquire credentials for the server");
switch (kex->kex_type) {
case KEX_GSS_GRP1_SHA1:
dh = dh_new_group1();
break;
case KEX_GSS_GRP14_SHA1:
dh = dh_new_group14();
break;
case KEX_GSS_GEX_SHA1:
debug("Doing group exchange");
packet_read_expect(SSH2_MSG_KEXGSS_GROUPREQ);
min = packet_get_int();
nbits = packet_get_int();
max = packet_get_int();
min = MAX(DH_GRP_MIN, min);
max = MIN(DH_GRP_MAX, max);
packet_check_eom();
if (max < min || nbits < min || max < nbits)
fatal("GSS_GEX, bad parameters: %d !< %d !< %d",
min, nbits, max);
dh = PRIVSEP(choose_dh(min, nbits, max));
if (dh == NULL)
packet_disconnect("Protocol error: no matching group found");
packet_start(SSH2_MSG_KEXGSS_GROUP);
packet_put_bignum2(dh->p);
packet_put_bignum2(dh->g);
packet_send();
packet_write_wait();
break;
default:
fatal("%s: Unexpected KEX type %d", __func__, kex->kex_type);
}
dh_gen_key(dh, kex->we_need * 8);
do {
debug("Wait SSH2_MSG_GSSAPI_INIT");
type = packet_read();
switch(type) {
case SSH2_MSG_KEXGSS_INIT:
if (dh_client_pub != NULL)
fatal("Received KEXGSS_INIT after initialising");
recv_tok.value = packet_get_string(&slen);
recv_tok.length = slen;
if ((dh_client_pub = BN_new()) == NULL)
fatal("dh_client_pub == NULL");
packet_get_bignum2(dh_client_pub);
/* Send SSH_MSG_KEXGSS_HOSTKEY here, if we want */
break;
case SSH2_MSG_KEXGSS_CONTINUE:
recv_tok.value = packet_get_string(&slen);
recv_tok.length = slen;
break;
default:
packet_disconnect(
"Protocol error: didn't expect packet type %d",
type);
}
maj_status = PRIVSEP(ssh_gssapi_accept_ctx(ctxt, &recv_tok,
&send_tok, &ret_flags));
xfree(recv_tok.value);
if (maj_status != GSS_S_COMPLETE && send_tok.length == 0)
fatal("Zero length token output when incomplete");
if (dh_client_pub == NULL)
fatal("No client public key");
if (maj_status & GSS_S_CONTINUE_NEEDED) {
debug("Sending GSSAPI_CONTINUE");
packet_start(SSH2_MSG_KEXGSS_CONTINUE);
packet_put_string(send_tok.value, send_tok.length);
packet_send();
gss_release_buffer(&min_status, &send_tok);
}
} while (maj_status & GSS_S_CONTINUE_NEEDED);
if (GSS_ERROR(maj_status)) {
if (send_tok.length > 0) {
packet_start(SSH2_MSG_KEXGSS_CONTINUE);
packet_put_string(send_tok.value, send_tok.length);
packet_send();
}
fatal("accept_ctx died");
}
if (!(ret_flags & GSS_C_MUTUAL_FLAG))
fatal("Mutual Authentication flag wasn't set");
if (!(ret_flags & GSS_C_INTEG_FLAG))
fatal("Integrity flag wasn't set");
if (!dh_pub_is_valid(dh, dh_client_pub))
packet_disconnect("bad client public DH value");
klen = DH_size(dh);
kbuf = xmalloc(klen);
kout = DH_compute_key(kbuf, dh_client_pub, dh);
if (kout < 0)
fatal("DH_compute_key: failed");
shared_secret = BN_new();
if (shared_secret == NULL)
fatal("kexgss_server: BN_new failed");
if (BN_bin2bn(kbuf, kout, shared_secret) == NULL)
fatal("kexgss_server: BN_bin2bn failed");
memset(kbuf, 0, klen);
xfree(kbuf);
switch (kex->kex_type) {
case KEX_GSS_GRP1_SHA1:
case KEX_GSS_GRP14_SHA1:
kex_dh_hash(
kex->client_version_string, kex->server_version_string,
buffer_ptr(&kex->peer), buffer_len(&kex->peer),
buffer_ptr(&kex->my), buffer_len(&kex->my),
NULL, 0, /* Change this if we start sending host keys */
dh_client_pub, dh->pub_key, shared_secret,
&hash, &hashlen
);
break;
case KEX_GSS_GEX_SHA1:
kexgex_hash(
kex->evp_md,
kex->client_version_string, kex->server_version_string,
buffer_ptr(&kex->peer), buffer_len(&kex->peer),
buffer_ptr(&kex->my), buffer_len(&kex->my),
NULL, 0,
min, nbits, max,
dh->p, dh->g,
dh_client_pub,
dh->pub_key,
shared_secret,
&hash, &hashlen
);
break;
default:
fatal("%s: Unexpected KEX type %d", __func__, kex->kex_type);
}
BN_clear_free(dh_client_pub);
if (kex->session_id == NULL) {
kex->session_id_len = hashlen;
kex->session_id = xmalloc(kex->session_id_len);
memcpy(kex->session_id, hash, kex->session_id_len);
}
gssbuf.value = hash;
gssbuf.length = hashlen;
if (GSS_ERROR(PRIVSEP(ssh_gssapi_sign(ctxt,&gssbuf,&msg_tok))))
fatal("Couldn't get MIC");
packet_start(SSH2_MSG_KEXGSS_COMPLETE);
packet_put_bignum2(dh->pub_key);
packet_put_string(msg_tok.value,msg_tok.length);
if (send_tok.length != 0) {
packet_put_char(1); /* true */
packet_put_string(send_tok.value, send_tok.length);
} else {
packet_put_char(0); /* false */
}
packet_send();
gss_release_buffer(&min_status, &send_tok);
gss_release_buffer(&min_status, &msg_tok);
if (gss_kex_context == NULL)
gss_kex_context = ctxt;
else
ssh_gssapi_delete_ctx(&ctxt);
DH_free(dh);
kex_derive_keys(kex, hash, hashlen, shared_secret);
BN_clear_free(shared_secret);
kex_finish(kex);
/* If this was a rekey, then save out any delegated credentials we
* just exchanged. */
if (options.gss_store_rekey)
ssh_gssapi_rekey_creds();
}
/*
* SSH1 key exchange
*/
void
do_ssh1_kex(void)
{
int i, len;
int rsafail = 0;
BIGNUM *session_key_int;
u_char session_key[SSH_SESSION_KEY_LENGTH];
u_char cookie[8];
u_int cipher_type, auth_mask, protocol_flags;
u_int32_t rnd = 0;
/*
* Generate check bytes that the client must send back in the user
* packet in order for it to be accepted; this is used to defy ip
* spoofing attacks. Note that this only works against somebody
* doing IP spoofing from a remote machine; any machine on the local
* network can still see outgoing packets and catch the random
* cookie. This only affects rhosts authentication, and this is one
* of the reasons why it is inherently insecure.
*/
for (i = 0; i < 8; i++) {
if (i % 4 == 0)
rnd = arc4random();
cookie[i] = rnd & 0xff;
rnd >>= 8;
}
/*
* Send our public key. We include in the packet 64 bits of random
* data that must be matched in the reply in order to prevent IP
* spoofing.
*/
packet_start(SSH_SMSG_PUBLIC_KEY);
for (i = 0; i < 8; i++)
packet_put_char(cookie[i]);
/* Store our public server RSA key. */
packet_put_int(BN_num_bits(sensitive_data.server_key->rsa->n));
packet_put_bignum(sensitive_data.server_key->rsa->e);
packet_put_bignum(sensitive_data.server_key->rsa->n);
/* Store our public host RSA key. */
packet_put_int(BN_num_bits(sensitive_data.ssh1_host_key->rsa->n));
packet_put_bignum(sensitive_data.ssh1_host_key->rsa->e);
packet_put_bignum(sensitive_data.ssh1_host_key->rsa->n);
/* Put protocol flags. */
packet_put_int(SSH_PROTOFLAG_HOST_IN_FWD_OPEN);
/* Declare which ciphers we support. */
packet_put_int(cipher_mask_ssh1(0));
/* Declare supported authentication types. */
auth_mask = 0;
if (options.rhosts_rsa_authentication)
auth_mask |= 1 << SSH_AUTH_RHOSTS_RSA;
if (options.rsa_authentication)
auth_mask |= 1 << SSH_AUTH_RSA;
if (options.challenge_response_authentication == 1)
auth_mask |= 1 << SSH_AUTH_TIS;
if (options.password_authentication)
auth_mask |= 1 << SSH_AUTH_PASSWORD;
packet_put_int(auth_mask);
/* Send the packet and wait for it to be sent. */
packet_send();
packet_write_wait();
debug("Sent %d bit server key and %d bit host key.",
BN_num_bits(sensitive_data.server_key->rsa->n),
BN_num_bits(sensitive_data.ssh1_host_key->rsa->n));
/* Read clients reply (cipher type and session key). */
packet_read_expect(SSH_CMSG_SESSION_KEY);
/* Get cipher type and check whether we accept this. */
cipher_type = packet_get_char();
if (!(cipher_mask_ssh1(0) & (1 << cipher_type)))
packet_disconnect("Warning: client selects unsupported cipher.");
/* Get check bytes from the packet. These must match those we
sent earlier with the public key packet. */
for (i = 0; i < 8; i++)
if (cookie[i] != packet_get_char())
packet_disconnect("IP Spoofing check bytes do not match.");
debug("Encryption type: %.200s", cipher_name(cipher_type));
/* Get the encrypted integer. */
if ((session_key_int = BN_new()) == NULL)
fatal("do_ssh1_kex: BN_new failed");
packet_get_bignum(session_key_int);
protocol_flags = packet_get_int();
packet_set_protocol_flags(protocol_flags);
packet_check_eom();
/* Decrypt session_key_int using host/server keys */
rsafail = PRIVSEP(ssh1_session_key(session_key_int));
/*
* Extract session key from the decrypted integer. The key is in the
* least significant 256 bits of the integer; the first byte of the
* key is in the highest bits.
*/
if (!rsafail) {
BN_mask_bits(session_key_int, sizeof(session_key) * 8);
len = BN_num_bytes(session_key_int);
if (len < 0 || len > sizeof(session_key)) {
error("do_connection: bad session key len from %s: "
"session_key_int %d > sizeof(session_key) %lu",
get_remote_ipaddr(), len, (u_long)sizeof(session_key));
rsafail++;
} else {
memset(session_key, 0, sizeof(session_key));
BN_bn2bin(session_key_int,
session_key + sizeof(session_key) - len);
derive_ssh1_session_id(
sensitive_data.ssh1_host_key->rsa->n,
sensitive_data.server_key->rsa->n,
cookie, session_id);
/*
* Xor the first 16 bytes of the session key with the
* session id.
*/
for (i = 0; i < 16; i++)
session_key[i] ^= session_id[i];
}
}
if (rsafail) {
int bytes = BN_num_bytes(session_key_int);
u_char *buf = xmalloc(bytes);
MD5_CTX md;
logit("do_connection: generating a fake encryption key");
BN_bn2bin(session_key_int, buf);
MD5_Init(&md);
MD5_Update(&md, buf, bytes);
MD5_Update(&md, sensitive_data.ssh1_cookie, SSH_SESSION_KEY_LENGTH);
MD5_Final(session_key, &md);
MD5_Init(&md);
MD5_Update(&md, session_key, 16);
MD5_Update(&md, buf, bytes);
MD5_Update(&md, sensitive_data.ssh1_cookie, SSH_SESSION_KEY_LENGTH);
MD5_Final(session_key + 16, &md);
memset(buf, 0, bytes);
xfree(buf);
for (i = 0; i < 16; i++)
session_id[i] = session_key[i] ^ session_key[i + 16];
}
/* Destroy the private and public keys. No longer. */
destroy_sensitive_data();
if (use_privsep)
mm_ssh1_session_id(session_id);
/* Destroy the decrypted integer. It is no longer needed. */
BN_clear_free(session_key_int);
/* Set the session key. From this on all communications will be encrypted. */
packet_set_encryption_key(session_key, SSH_SESSION_KEY_LENGTH, cipher_type);
/* Destroy our copy of the session key. It is no longer needed. */
memset(session_key, 0, sizeof(session_key));
debug("Received session key; encryption turned on.");
/* Send an acknowledgment packet. Note that this packet is sent encrypted. */
packet_start(SSH_SMSG_SUCCESS);
packet_send();
packet_write_wait();
}
static int
server_input_global_request(int type, u_int32_t seq, void *ctxt)
{
char *rtype;
int want_reply;
int r, success = 0, allocated_listen_port = 0;
struct sshbuf *resp = NULL;
rtype = packet_get_string(NULL);
want_reply = packet_get_char();
debug("server_input_global_request: rtype %s want_reply %d", rtype, want_reply);
/* -R style forwarding */
if (strcmp(rtype, "tcpip-forward") == 0) {
struct passwd *pw;
struct Forward fwd;
pw = the_authctxt->pw;
if (pw == NULL || !the_authctxt->valid)
fatal("server_input_global_request: no/invalid user");
memset(&fwd, 0, sizeof(fwd));
fwd.listen_host = packet_get_string(NULL);
fwd.listen_port = (u_short)packet_get_int();
debug("server_input_global_request: tcpip-forward listen %s port %d",
fwd.listen_host, fwd.listen_port);
/* check permissions */
if ((options.allow_tcp_forwarding & FORWARD_REMOTE) == 0 ||
no_port_forwarding_flag ||
(!want_reply && fwd.listen_port == 0)
#ifndef NO_IPPORT_RESERVED_CONCEPT
|| (fwd.listen_port != 0 && fwd.listen_port < IPPORT_RESERVED &&
pw->pw_uid != 0)
#endif
) {
success = 0;
packet_send_debug("Server has disabled port forwarding.");
} else {
/* Start listening on the port */
success = channel_setup_remote_fwd_listener(&fwd,
&allocated_listen_port, &options.fwd_opts);
}
free(fwd.listen_host);
if ((resp = sshbuf_new()) == NULL)
fatal("%s: sshbuf_new", __func__);
if ((r = sshbuf_put_u32(resp, allocated_listen_port)) != 0)
fatal("%s: sshbuf_put_u32: %s", __func__, ssh_err(r));
} else if (strcmp(rtype, "cancel-tcpip-forward") == 0) {
struct Forward fwd;
memset(&fwd, 0, sizeof(fwd));
fwd.listen_host = packet_get_string(NULL);
fwd.listen_port = (u_short)packet_get_int();
debug("%s: cancel-tcpip-forward addr %s port %d", __func__,
fwd.listen_host, fwd.listen_port);
success = channel_cancel_rport_listener(&fwd);
free(fwd.listen_host);
} else if (strcmp(rtype, "*****@*****.**") == 0) {
struct Forward fwd;
memset(&fwd, 0, sizeof(fwd));
fwd.listen_path = packet_get_string(NULL);
debug("server_input_global_request: streamlocal-forward listen path %s",
fwd.listen_path);
/* check permissions */
if ((options.allow_streamlocal_forwarding & FORWARD_REMOTE) == 0
|| no_port_forwarding_flag) {
success = 0;
packet_send_debug("Server has disabled port forwarding.");
} else {
/* Start listening on the socket */
success = channel_setup_remote_fwd_listener(
&fwd, NULL, &options.fwd_opts);
}
free(fwd.listen_path);
} else if (strcmp(rtype, "*****@*****.**") == 0) {
struct Forward fwd;
memset(&fwd, 0, sizeof(fwd));
fwd.listen_path = packet_get_string(NULL);
debug("%s: cancel-streamlocal-forward path %s", __func__,
fwd.listen_path);
success = channel_cancel_rport_listener(&fwd);
free(fwd.listen_path);
} else if (strcmp(rtype, "*****@*****.**") == 0) {
no_more_sessions = 1;
success = 1;
} else if (strcmp(rtype, "*****@*****.**") == 0) {
success = server_input_hostkeys_prove(&resp);
}
if (want_reply) {
packet_start(success ?
SSH2_MSG_REQUEST_SUCCESS : SSH2_MSG_REQUEST_FAILURE);
if (success && resp != NULL)
ssh_packet_put_raw(active_state, sshbuf_ptr(resp),
sshbuf_len(resp));
packet_send();
packet_write_wait();
}
free(rtype);
sshbuf_free(resp);
return 0;
}
void
kexgss_client(Kex *kex) {
gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
gss_buffer_desc recv_tok, gssbuf, msg_tok, *token_ptr;
Gssctxt *ctxt;
OM_uint32 maj_status, min_status, ret_flags;
u_int klen, kout, slen = 0, hashlen, strlen;
DH *dh;
BIGNUM *dh_server_pub = NULL;
BIGNUM *shared_secret = NULL;
BIGNUM *p = NULL;
BIGNUM *g = NULL;
u_char *kbuf, *hash;
u_char *serverhostkey = NULL;
u_char *empty = "";
char *msg;
char *lang;
int type = 0;
int first = 1;
int nbits = 0, min = DH_GRP_MIN, max = DH_GRP_MAX;
/* Initialise our GSSAPI world */
ssh_gssapi_build_ctx(&ctxt);
if (ssh_gssapi_id_kex(ctxt, kex->name, kex->kex_type)
== GSS_C_NO_OID)
fatal("Couldn't identify host exchange");
if (ssh_gssapi_import_name(ctxt, kex->gss_host))
fatal("Couldn't import hostname");
if (kex->gss_client &&
ssh_gssapi_client_identity(ctxt, kex->gss_client))
fatal("Couldn't acquire client credentials");
switch (kex->kex_type) {
case KEX_GSS_GRP1_SHA1:
dh = dh_new_group1();
break;
case KEX_GSS_GRP14_SHA1:
dh = dh_new_group14();
break;
case KEX_GSS_GEX_SHA1:
debug("Doing group exchange\n");
nbits = dh_estimate(kex->we_need * 8);
packet_start(SSH2_MSG_KEXGSS_GROUPREQ);
packet_put_int(min);
packet_put_int(nbits);
packet_put_int(max);
packet_send();
packet_read_expect(SSH2_MSG_KEXGSS_GROUP);
if ((p = BN_new()) == NULL)
fatal("BN_new() failed");
packet_get_bignum2(p);
if ((g = BN_new()) == NULL)
fatal("BN_new() failed");
packet_get_bignum2(g);
packet_check_eom();
if (BN_num_bits(p) < min || BN_num_bits(p) > max)
fatal("GSSGRP_GEX group out of range: %d !< %d !< %d",
min, BN_num_bits(p), max);
dh = dh_new_group(g, p);
break;
default:
fatal("%s: Unexpected KEX type %d", __func__, kex->kex_type);
}
/* Step 1 - e is dh->pub_key */
dh_gen_key(dh, kex->we_need * 8);
/* This is f, we initialise it now to make life easier */
dh_server_pub = BN_new();
if (dh_server_pub == NULL)
fatal("dh_server_pub == NULL");
token_ptr = GSS_C_NO_BUFFER;
do {
debug("Calling gss_init_sec_context");
maj_status = ssh_gssapi_init_ctx(ctxt,
kex->gss_deleg_creds, token_ptr, &send_tok,
&ret_flags);
if (GSS_ERROR(maj_status)) {
if (send_tok.length != 0) {
packet_start(SSH2_MSG_KEXGSS_CONTINUE);
packet_put_string(send_tok.value,
send_tok.length);
}
fatal("gss_init_context failed");
}
/* If we've got an old receive buffer get rid of it */
if (token_ptr != GSS_C_NO_BUFFER)
xfree(recv_tok.value);
if (maj_status == GSS_S_COMPLETE) {
/* If mutual state flag is not true, kex fails */
if (!(ret_flags & GSS_C_MUTUAL_FLAG))
fatal("Mutual authentication failed");
/* If integ avail flag is not true kex fails */
if (!(ret_flags & GSS_C_INTEG_FLAG))
fatal("Integrity check failed");
}
/*
* If we have data to send, then the last message that we
* received cannot have been a 'complete'.
*/
if (send_tok.length != 0) {
if (first) {
packet_start(SSH2_MSG_KEXGSS_INIT);
packet_put_string(send_tok.value,
send_tok.length);
packet_put_bignum2(dh->pub_key);
first = 0;
} else {
packet_start(SSH2_MSG_KEXGSS_CONTINUE);
packet_put_string(send_tok.value,
send_tok.length);
}
packet_send();
gss_release_buffer(&min_status, &send_tok);
/* If we've sent them data, they should reply */
do {
type = packet_read();
if (type == SSH2_MSG_KEXGSS_HOSTKEY) {
debug("Received KEXGSS_HOSTKEY");
if (serverhostkey)
fatal("Server host key received more than once");
serverhostkey =
packet_get_string(&slen);
}
} while (type == SSH2_MSG_KEXGSS_HOSTKEY);
switch (type) {
case SSH2_MSG_KEXGSS_CONTINUE:
debug("Received GSSAPI_CONTINUE");
if (maj_status == GSS_S_COMPLETE)
fatal("GSSAPI Continue received from server when complete");
recv_tok.value = packet_get_string(&strlen);
recv_tok.length = strlen;
break;
case SSH2_MSG_KEXGSS_COMPLETE:
debug("Received GSSAPI_COMPLETE");
packet_get_bignum2(dh_server_pub);
msg_tok.value = packet_get_string(&strlen);
msg_tok.length = strlen;
/* Is there a token included? */
if (packet_get_char()) {
recv_tok.value=
packet_get_string(&strlen);
recv_tok.length = strlen;
/* If we're already complete - protocol error */
if (maj_status == GSS_S_COMPLETE)
packet_disconnect("Protocol error: received token when complete");
} else {
/* No token included */
if (maj_status != GSS_S_COMPLETE)
packet_disconnect("Protocol error: did not receive final token");
}
break;
case SSH2_MSG_KEXGSS_ERROR:
debug("Received Error");
maj_status = packet_get_int();
min_status = packet_get_int();
msg = packet_get_string(NULL);
lang = packet_get_string(NULL);
fatal("GSSAPI Error: \n%.400s",msg);
default:
packet_disconnect("Protocol error: didn't expect packet type %d",
type);
}
token_ptr = &recv_tok;
} else {
/* No data, and not complete */
if (maj_status != GSS_S_COMPLETE)
fatal("Not complete, and no token output");
}
} while (maj_status & GSS_S_CONTINUE_NEEDED);
/*
* We _must_ have received a COMPLETE message in reply from the
* server, which will have set dh_server_pub and msg_tok
*/
if (type != SSH2_MSG_KEXGSS_COMPLETE)
fatal("Didn't receive a SSH2_MSG_KEXGSS_COMPLETE when I expected it");
/* Check f in range [1, p-1] */
if (!dh_pub_is_valid(dh, dh_server_pub))
packet_disconnect("bad server public DH value");
/* compute K=f^x mod p */
klen = DH_size(dh);
kbuf = xmalloc(klen);
kout = DH_compute_key(kbuf, dh_server_pub, dh);
if (kout < 0)
fatal("DH_compute_key: failed");
shared_secret = BN_new();
if (shared_secret == NULL)
fatal("kexgss_client: BN_new failed");
if (BN_bin2bn(kbuf, kout, shared_secret) == NULL)
fatal("kexdh_client: BN_bin2bn failed");
memset(kbuf, 0, klen);
xfree(kbuf);
switch (kex->kex_type) {
case KEX_GSS_GRP1_SHA1:
case KEX_GSS_GRP14_SHA1:
kex_dh_hash( kex->client_version_string,
kex->server_version_string,
buffer_ptr(&kex->my), buffer_len(&kex->my),
buffer_ptr(&kex->peer), buffer_len(&kex->peer),
(serverhostkey ? serverhostkey : empty), slen,
dh->pub_key, /* e */
dh_server_pub, /* f */
shared_secret, /* K */
&hash, &hashlen
);
break;
case KEX_GSS_GEX_SHA1:
kexgex_hash(
kex->evp_md,
kex->client_version_string,
kex->server_version_string,
buffer_ptr(&kex->my), buffer_len(&kex->my),
buffer_ptr(&kex->peer), buffer_len(&kex->peer),
(serverhostkey ? serverhostkey : empty), slen,
min, nbits, max,
dh->p, dh->g,
dh->pub_key,
dh_server_pub,
shared_secret,
&hash, &hashlen
);
break;
default:
fatal("%s: Unexpected KEX type %d", __func__, kex->kex_type);
}
gssbuf.value = hash;
gssbuf.length = hashlen;
/* Verify that the hash matches the MIC we just got. */
if (GSS_ERROR(ssh_gssapi_checkmic(ctxt, &gssbuf, &msg_tok)))
packet_disconnect("Hash's MIC didn't verify");
xfree(msg_tok.value);
DH_free(dh);
if (serverhostkey)
xfree(serverhostkey);
BN_clear_free(dh_server_pub);
/* save session id */
if (kex->session_id == NULL) {
kex->session_id_len = hashlen;
kex->session_id = xmalloc(kex->session_id_len);
memcpy(kex->session_id, hash, kex->session_id_len);
}
if (kex->gss_deleg_creds)
ssh_gssapi_credentials_updated(ctxt);
if (gss_kex_context == NULL)
gss_kex_context = ctxt;
else
ssh_gssapi_delete_ctx(&ctxt);
kex_derive_keys(kex, hash, hashlen, shared_secret);
BN_clear_free(shared_secret);
kex_finish(kex);
}
/*
* We only support those mechanisms that we know about (ie ones that we know
* how to check local user kuserok and the like
*/
static int
userauth_gssapi(Authctxt *authctxt)
{
gss_OID_desc oid = {0, NULL};
Gssctxt *ctxt = NULL;
int mechs;
gss_OID_set supported;
int present;
OM_uint32 ms;
u_int len;
char *doid = NULL;
if (!authctxt->valid || authctxt->user == NULL)
return (0);
mechs = packet_get_int();
if (mechs == 0) {
debug("Mechanism negotiation is not supported");
return (0);
}
ssh_gssapi_supported_oids(&supported);
do {
mechs--;
if (doid)
xfree(doid);
doid = packet_get_string(&len);
if (doid[0] != SSH_GSS_OIDTYPE || doid[1] != len-2) {
logit("Mechanism OID received using the old encoding form");
oid.elements = doid;
oid.length = len;
} else {
oid.elements = doid + 2;
oid.length = len - 2;
}
gss_test_oid_set_member(&ms, &oid, supported, &present);
} while (mechs > 0 && !present);
gss_release_oid_set(&ms, &supported);
if (!present) {
xfree(doid);
return (0);
}
if (GSS_ERROR(PRIVSEP(ssh_gssapi_server_ctx(&ctxt, &oid)))) {
xfree(doid);
return (0);
}
authctxt->methoddata=(void *)ctxt;
packet_start(SSH2_MSG_USERAUTH_GSSAPI_RESPONSE);
/* Return OID in same format as we received it*/
packet_put_string(doid, len);
packet_send();
xfree(doid);
dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, &input_gssapi_token);
dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, &input_gssapi_errtok);
authctxt->postponed = 1;
return (0);
}
/*
* read packets, try to authenticate the user and
* return only if authentication is successful
*/
static void
do_authloop(Authctxt *authctxt)
{
int authenticated = 0;
u_int bits;
Key *client_host_key;
BIGNUM *n;
char *client_user, *password;
char info[1024];
u_int dlen;
u_int ulen;
int prev, type = 0;
struct passwd *pw = authctxt->pw;
debug("Attempting authentication for %s%.100s.",
authctxt->valid ? "" : "illegal user ", authctxt->user);
/* If the user has no password, accept authentication immediately. */
if (options.password_authentication &&
#ifdef KRB5
(!options.kerberos_authentication || options.kerberos_or_local_passwd) &&
#endif
PRIVSEP(auth_password(authctxt, ""))) {
auth_log(authctxt, 1, "without authentication", "");
return;
}
/* Indicate that authentication is needed. */
packet_start(SSH_SMSG_FAILURE);
packet_send();
packet_write_wait();
client_user = NULL;
for (;;) {
/* default to fail */
authenticated = 0;
info[0] = '\0';
/* Get a packet from the client. */
prev = type;
type = packet_read();
/*
* If we started challenge-response authentication but the
* next packet is not a response to our challenge, release
* the resources allocated by get_challenge() (which would
* normally have been released by verify_response() had we
* received such a response)
*/
if (prev == SSH_CMSG_AUTH_TIS &&
type != SSH_CMSG_AUTH_TIS_RESPONSE)
abandon_challenge_response(authctxt);
/* Process the packet. */
switch (type) {
case SSH_CMSG_AUTH_RHOSTS_RSA:
if (!options.rhosts_rsa_authentication) {
verbose("Rhosts with RSA authentication disabled.");
break;
}
/*
* Get client user name. Note that we just have to
* trust the client; root on the client machine can
* claim to be any user.
*/
client_user = packet_get_string(&ulen);
/* Get the client host key. */
client_host_key = key_new(KEY_RSA1);
bits = packet_get_int();
packet_get_bignum(client_host_key->rsa->e);
packet_get_bignum(client_host_key->rsa->n);
if (bits != BN_num_bits(client_host_key->rsa->n))
verbose("Warning: keysize mismatch for client_host_key: "
"actual %d, announced %d",
BN_num_bits(client_host_key->rsa->n), bits);
packet_check_eom();
authenticated = auth_rhosts_rsa(authctxt, client_user,
client_host_key);
key_free(client_host_key);
snprintf(info, sizeof info, " ruser %.100s", client_user);
break;
case SSH_CMSG_AUTH_RSA:
if (!options.rsa_authentication) {
verbose("RSA authentication disabled.");
break;
}
/* RSA authentication requested. */
if ((n = BN_new()) == NULL)
fatal("do_authloop: BN_new failed");
packet_get_bignum(n);
packet_check_eom();
authenticated = auth_rsa(authctxt, n);
BN_clear_free(n);
break;
case SSH_CMSG_AUTH_PASSWORD:
if (!options.password_authentication) {
verbose("Password authentication disabled.");
break;
}
/*
* Read user password. It is in plain text, but was
* transmitted over the encrypted channel so it is
* not visible to an outside observer.
*/
password = packet_get_string(&dlen);
packet_check_eom();
/* Try authentication with the password. */
authenticated = PRIVSEP(auth_password(authctxt, password));
memset(password, 0, strlen(password));
xfree(password);
break;
case SSH_CMSG_AUTH_TIS:
debug("rcvd SSH_CMSG_AUTH_TIS");
if (options.challenge_response_authentication == 1) {
char *challenge = get_challenge(authctxt);
if (challenge != NULL) {
debug("sending challenge '%s'", challenge);
packet_start(SSH_SMSG_AUTH_TIS_CHALLENGE);
packet_put_cstring(challenge);
xfree(challenge);
packet_send();
packet_write_wait();
continue;
}
}
break;
case SSH_CMSG_AUTH_TIS_RESPONSE:
debug("rcvd SSH_CMSG_AUTH_TIS_RESPONSE");
if (options.challenge_response_authentication == 1) {
char *response = packet_get_string(&dlen);
packet_check_eom();
authenticated = verify_response(authctxt, response);
memset(response, 'r', dlen);
xfree(response);
}
break;
default:
/*
* Any unknown messages will be ignored (and failure
* returned) during authentication.
*/
logit("Unknown message during authentication: type %d", type);
break;
}
#ifdef BSD_AUTH
if (authctxt->as) {
auth_close(authctxt->as);
authctxt->as = NULL;
}
#endif
if (!authctxt->valid && authenticated)
fatal("INTERNAL ERROR: authenticated invalid user %s",
authctxt->user);
#ifdef _UNICOS
if (authenticated && cray_access_denied(authctxt->user)) {
authenticated = 0;
fatal("Access denied for user %s.",authctxt->user);
}
#endif /* _UNICOS */
#ifdef HAVE_CYGWIN
if (authenticated &&
!check_nt_auth(type == SSH_CMSG_AUTH_PASSWORD, pw)) {
packet_disconnect("Authentication rejected for uid %d.",
pw == NULL ? -1 : pw->pw_uid);
authenticated = 0;
}
#else
/* Special handling for root */
if (authenticated && authctxt->pw->pw_uid == 0 &&
!auth_root_allowed(get_authname(type))) {
authenticated = 0;
#if defined(HAVE_BSM_AUDIT_H) && defined(HAVE_LIBBSM)
PRIVSEP(solaris_audit_not_console());
#endif /* BSM */
}
#endif
#ifdef USE_PAM
if (options.use_pam && authenticated &&
!PRIVSEP(do_pam_account()))
authenticated = 0;
#endif
/* Log before sending the reply */
auth_log(authctxt, authenticated, get_authname(type), info);
if (client_user != NULL) {
xfree(client_user);
client_user = NULL;
}
if (authenticated)
return;
if (authctxt->failures++ > AUTH_FAIL_MAX) {
#if defined(HAVE_BSM_AUDIT_H) && defined(HAVE_LIBBSM)
PRIVSEP(solaris_audit_maxtrys());
#endif /* BSM */
packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
}
#if defined(HAVE_BSM_AUDIT_H) && defined(HAVE_LIBBSM)
PRIVSEP(solaris_audit_bad_pw("authorization"));
#endif /* BSM */
packet_start(SSH_SMSG_FAILURE);
packet_send();
packet_write_wait();
}
}
static void
input_userauth_info_response(int type, u_int32_t seq, void *ctxt)
{
Authctxt *authctxt = ctxt;
KbdintAuthctxt *kbdintctxt;
int authenticated = 0, res;
u_int i, nresp;
const char *devicename = NULL;
char **response = NULL;
if (authctxt == NULL)
fatal("input_userauth_info_response: no authctxt");
kbdintctxt = authctxt->kbdintctxt;
if (kbdintctxt == NULL || kbdintctxt->ctxt == NULL)
fatal("input_userauth_info_response: no kbdintctxt");
if (kbdintctxt->device == NULL)
fatal("input_userauth_info_response: no device");
authctxt->postponed = 0; /* reset */
nresp = packet_get_int();
if (nresp != kbdintctxt->nreq)
fatal("input_userauth_info_response: wrong number of replies");
if (nresp > 100)
fatal("input_userauth_info_response: too many replies");
if (nresp > 0) {
response = xcalloc(nresp, sizeof(char *));
for (i = 0; i < nresp; i++)
response[i] = packet_get_string(NULL);
}
packet_check_eom();
res = kbdintctxt->device->respond(kbdintctxt->ctxt, nresp, response);
for (i = 0; i < nresp; i++) {
explicit_bzero(response[i], strlen(response[i]));
free(response[i]);
}
free(response);
switch (res) {
case 0:
/* Success! */
authenticated = authctxt->valid ? 1 : 0;
break;
case 1:
/* Authentication needs further interaction */
if (send_userauth_info_request(authctxt) == 1)
authctxt->postponed = 1;
break;
default:
/* Failure! */
break;
}
devicename = kbdintctxt->device->name;
if (!authctxt->postponed) {
if (authenticated) {
auth2_challenge_stop(authctxt);
} else {
/* start next device */
/* may set authctxt->postponed */
auth2_challenge_start(authctxt);
}
}
userauth_finish(authctxt, authenticated, "keyboard-interactive",
devicename);
}
static void
server_input_global_request(int type, u_int32_t seq, void *ctxt)
{
char *rtype;
int want_reply;
int success = 0, allocated_listen_port = 0;
rtype = packet_get_string(NULL);
want_reply = packet_get_char();
debug("server_input_global_request: rtype %s want_reply %d", rtype, want_reply);
/* -R style forwarding */
if (strcmp(rtype, "tcpip-forward") == 0) {
struct passwd *pw;
char *listen_address;
u_short listen_port;
pw = the_authctxt->pw;
if (pw == NULL || !the_authctxt->valid)
fatal("server_input_global_request: no/invalid user");
listen_address = packet_get_string(NULL);
listen_port = (u_short)packet_get_int();
debug("server_input_global_request: tcpip-forward listen %s port %d",
listen_address, listen_port);
/* check permissions */
if ((options.allow_tcp_forwarding & FORWARD_REMOTE) == 0 ||
no_port_forwarding_flag ||
(!want_reply && listen_port == 0)
#ifndef NO_IPPORT_RESERVED_CONCEPT
|| (listen_port != 0 && listen_port < IPPORT_RESERVED &&
pw->pw_uid != 0)
#endif
) {
success = 0;
packet_send_debug("Server has disabled port forwarding.");
} else {
/* Start listening on the port */
success = channel_setup_remote_fwd_listener(
listen_address, listen_port,
&allocated_listen_port, options.gateway_ports);
}
free(listen_address);
} else if (strcmp(rtype, "cancel-tcpip-forward") == 0) {
char *cancel_address;
u_short cancel_port;
cancel_address = packet_get_string(NULL);
cancel_port = (u_short)packet_get_int();
debug("%s: cancel-tcpip-forward addr %s port %d", __func__,
cancel_address, cancel_port);
success = channel_cancel_rport_listener(cancel_address,
cancel_port);
free(cancel_address);
} else if (strcmp(rtype, "*****@*****.**") == 0) {
no_more_sessions = 1;
success = 1;
}
if (want_reply) {
packet_start(success ?
SSH2_MSG_REQUEST_SUCCESS : SSH2_MSG_REQUEST_FAILURE);
if (success && allocated_listen_port > 0)
packet_put_int(allocated_listen_port);
packet_send();
packet_write_wait();
}
free(rtype);
}
/*
* read packets, try to authenticate the user and
* return only if authentication is successful
*/
static void
do_authloop(Authctxt *authctxt)
{
int authenticated = 0;
u_int bits;
Key *client_host_key;
BIGNUM *n;
char *client_user, *password;
char info[1024];
u_int dlen;
u_int ulen;
int type = 0;
struct passwd *pw = authctxt->pw;
debug("Attempting authentication for %s%.100s.",
authctxt->valid ? "" : "illegal user ", authctxt->user);
/* If the user has no password, accept authentication immediately. */
if (options.password_authentication &&
#if defined(KRB4) || defined(KRB5)
(!options.kerberos_authentication || options.kerberos_or_local_passwd) &&
#endif
PRIVSEP(auth_password(authctxt, ""))) {
auth_log(authctxt, 1, "without authentication", "");
return;
}
/* Indicate that authentication is needed. */
packet_start(SSH_SMSG_FAILURE);
packet_send();
packet_write_wait();
client_user = NULL;
for ( ;; ) {
/* default to fail */
authenticated = 0;
info[0] = '\0';
/* Get a packet from the client. */
authctxt->v1_auth_type = type = packet_read();
authctxt->v1_auth_name = get_authname(type);
authctxt->attempt++;
/* Process the packet. */
switch (type) {
#if defined(KRB4) || defined(KRB5)
case SSH_CMSG_AUTH_KERBEROS:
if (!options.kerberos_authentication) {
verbose("Kerberos authentication disabled.");
} else {
char *kdata = packet_get_string(&dlen);
packet_check_eom();
if (kdata[0] == 4) { /* KRB_PROT_VERSION */
#ifdef KRB4
KTEXT_ST tkt, reply;
tkt.length = dlen;
if (tkt.length < MAX_KTXT_LEN)
memcpy(tkt.dat, kdata, tkt.length);
if (PRIVSEP(auth_krb4(authctxt, &tkt,
&client_user, &reply))) {
authenticated = 1;
snprintf(info, sizeof(info),
" tktuser %.100s",
client_user);
packet_start(
SSH_SMSG_AUTH_KERBEROS_RESPONSE);
packet_put_string((char *)
reply.dat, reply.length);
packet_send();
packet_write_wait();
}
#endif /* KRB4 */
} else {
#ifdef KRB5
krb5_data tkt, reply;
tkt.length = dlen;
tkt.data = kdata;
if (PRIVSEP(auth_krb5(authctxt, &tkt,
&client_user, &reply))) {
authenticated = 1;
snprintf(info, sizeof(info),
" tktuser %.100s",
client_user);
/* Send response to client */
packet_start(
SSH_SMSG_AUTH_KERBEROS_RESPONSE);
packet_put_string((char *)
reply.data, reply.length);
packet_send();
packet_write_wait();
if (reply.length)
xfree(reply.data);
}
#endif /* KRB5 */
}
xfree(kdata);
}
break;
#endif /* KRB4 || KRB5 */
#if defined(AFS) || defined(KRB5)
/* XXX - punt on backward compatibility here. */
case SSH_CMSG_HAVE_KERBEROS_TGT:
packet_send_debug("Kerberos TGT passing disabled before authentication.");
break;
#ifdef AFS
case SSH_CMSG_HAVE_AFS_TOKEN:
packet_send_debug("AFS token passing disabled before authentication.");
break;
#endif /* AFS */
#endif /* AFS || KRB5 */
case SSH_CMSG_AUTH_RHOSTS:
if (!options.rhosts_authentication) {
verbose("Rhosts authentication disabled.");
break;
}
/*
* Get client user name. Note that we just have to
* trust the client; this is one reason why rhosts
* authentication is insecure. (Another is
* IP-spoofing on a local network.)
*/
client_user = packet_get_string(&ulen);
packet_check_eom();
/* Try to authenticate using /etc/hosts.equiv and .rhosts. */
authenticated = auth_rhosts(pw, client_user);
snprintf(info, sizeof info, " ruser %.100s", client_user);
break;
case SSH_CMSG_AUTH_RHOSTS_RSA:
if (!options.rhosts_rsa_authentication) {
verbose("Rhosts with RSA authentication disabled.");
break;
}
/*
* Get client user name. Note that we just have to
* trust the client; root on the client machine can
* claim to be any user.
*/
client_user = packet_get_string(&ulen);
/* Get the client host key. */
client_host_key = key_new(KEY_RSA1);
bits = packet_get_int();
packet_get_bignum(client_host_key->rsa->e);
packet_get_bignum(client_host_key->rsa->n);
if (bits != BN_num_bits(client_host_key->rsa->n))
verbose("Warning: keysize mismatch for client_host_key: "
"actual %d, announced %d",
BN_num_bits(client_host_key->rsa->n), bits);
packet_check_eom();
authenticated = auth_rhosts_rsa(pw, client_user,
client_host_key);
key_free(client_host_key);
snprintf(info, sizeof info, " ruser %.100s", client_user);
break;
case SSH_CMSG_AUTH_RSA:
if (!options.rsa_authentication) {
verbose("RSA authentication disabled.");
break;
}
/* RSA authentication requested. */
if ((n = BN_new()) == NULL)
fatal("do_authloop: BN_new failed");
packet_get_bignum(n);
packet_check_eom();
authenticated = auth_rsa(pw, n);
BN_clear_free(n);
break;
case SSH_CMSG_AUTH_PASSWORD:
authctxt->init_attempt++;
if (!options.password_authentication) {
verbose("Password authentication disabled.");
break;
}
/*
* Read user password. It is in plain text, but was
* transmitted over the encrypted channel so it is
* not visible to an outside observer.
*/
password = packet_get_string(&dlen);
packet_check_eom();
/* Try authentication with the password. */
if (authctxt->init_failures <
options.max_init_auth_tries)
authenticated =
PRIVSEP(auth_password(authctxt,
password));
memset(password, 0, strlen(password));
xfree(password);
break;
case SSH_CMSG_AUTH_TIS:
debug("rcvd SSH_CMSG_AUTH_TIS");
if (options.challenge_response_authentication == 1) {
char *challenge = get_challenge(authctxt);
if (challenge != NULL) {
debug("sending challenge '%s'", challenge);
packet_start(SSH_SMSG_AUTH_TIS_CHALLENGE);
packet_put_cstring(challenge);
xfree(challenge);
packet_send();
packet_write_wait();
continue;
}
}
break;
case SSH_CMSG_AUTH_TIS_RESPONSE:
debug("rcvd SSH_CMSG_AUTH_TIS_RESPONSE");
if (options.challenge_response_authentication == 1) {
char *response = packet_get_string(&dlen);
debug("got response '%s'", response);
packet_check_eom();
authenticated = verify_response(authctxt, response);
memset(response, 'r', dlen);
xfree(response);
}
break;
default:
/*
* Any unknown messages will be ignored (and failure
* returned) during authentication.
*/
log("Unknown message during authentication: type %d", type);
break;
}
#ifdef BSD_AUTH
if (authctxt->as) {
auth_close(authctxt->as);
authctxt->as = NULL;
}
#endif
if (!authctxt->valid && authenticated) {
authenticated = 0;
log("Ignoring authenticated invalid user %s",
authctxt->user);
}
#ifdef _UNICOS
if (type == SSH_CMSG_AUTH_PASSWORD && !authenticated)
cray_login_failure(authctxt->user, IA_UDBERR);
if (authenticated && cray_access_denied(authctxt->user)) {
authenticated = 0;
fatal("Access denied for user %s.",authctxt->user);
}
#endif /* _UNICOS */
#ifdef HAVE_CYGWIN
if (authenticated &&
!check_nt_auth(type == SSH_CMSG_AUTH_PASSWORD, pw)) {
packet_disconnect("Authentication rejected for uid %d.",
pw == NULL ? -1 : pw->pw_uid);
authenticated = 0;
}
#else
/* Special handling for root */
if (!use_privsep &&
authenticated && authctxt->pw->pw_uid == 0 &&
!auth_root_allowed(get_authname(type)))
authenticated = 0;
#endif
#ifdef USE_PAM
/* XXX PAM and PRIVSEP don't mix */
if (use_privsep && authenticated)
fatal("Privsep is not supported");
if (authenticated && type != SSH_CMSG_AUTH_PASSWORD)
authenticated = do_pam_non_initial_userauth(authctxt);
else if (authenticated && !AUTHPAM_DONE(authctxt))
authenticated = 0;
if (!authenticated)
authctxt->pam_retval = AUTHPAM_ERROR(authctxt,
PAM_PERM_DENIED);
#endif /* USE_PAM */
/* Log before sending the reply */
auth_log(authctxt, authenticated, get_authname(type), info);
if (client_user != NULL) {
xfree(client_user);
client_user = NULL;
}
if (authenticated)
return;
if (type == SSH_CMSG_AUTH_PASSWORD)
authctxt->init_failures++;
if (authctxt->failures++ > options.max_auth_tries) {
#ifdef HAVE_BSM
fatal_remove_cleanup(audit_failed_login_cleanup,
authctxt);
audit_sshd_login_failure(&ah, PAM_MAXTRIES);
#endif /* HAVE_BSM */
packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
}
packet_start(SSH_SMSG_FAILURE);
packet_send();
packet_write_wait();
}
}
/*示例二:整型转型时的溢出*/
int copy_something(char *buf, int len)
{
#define MAX_LEN 256
char mybuf[MAX_LEN];
if(len > MAX_LEN){ // <---- [1]
return -1;
}
return memcpy(mybuf, buf, len);
}
/*示例三:分配内存*/
size_t nresp = packet_get_int();
if (nresp > 0) {
response = xmalloc(nresp*sizeof(char*));
for (i = 0; i < nresp; i++)
response[i] = packet_get_string(NULL);
}
/*示例四:缓冲区溢出导致安全问题*/
int func(char *buf1, unsigned int len1,
char *buf2, unsigned int len2 )
{
char mybuf[256];
if((len1 + len2) > 256){ //<--- [1]
return -1;
}
static int
userauth_u2f(Authctxt *authctxt)
{
u_int i;
int mode;
mode = packet_get_int();
packet_check_eom();
// TODO: shared constants
if (mode == 0) {
debug("u2f mode is registration");
u_char random[32];
char challenge[((sizeof(random)+2)/3)*4 + 1];
char *json;
arc4random_buf(random, sizeof(random));
if (urlsafe_base64_encode(random, sizeof(random), challenge, sizeof(challenge)) == -1)
fatal("TODO");
xasprintf(&json, "{\"challenge\": \"%s\", \"version\": \"U2F_V2\", \"appId\": \"%s\"}",
challenge, appid);
packet_start(SSH2_MSG_USERAUTH_INFO_REQUEST);
packet_put_cstring(json);
packet_send();
dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE,
&input_userauth_u2f_register_response);
authctxt->postponed = 1;
return (0);
} else {
debug("u2f mode is authentication");
}
// This is on the server. See sshconnect2.c for the client
debug("auth-u2f.c:userauth_u2f");
Key *key;
u_int idx = 0;
// Get multiple keys by increasing idx until key == NULL
// TODO: send multiple challenges for all keys (or something)
key = PRIVSEP(read_user_u2f_key(authctxt->pw, idx));
if (key == NULL)
{
debug("no registered u2f keys found\n");
return (0);
}
// TODO: handle empty signatureData with a nice message. this seems to happen when the keyhandle is wrong?
// TODO: to what should we set the appid?
//
// TODO: what does auth_info() do?
// TODO: we need to store challenge in this authctx somehow :)
packet_start(SSH2_MSG_USERAUTH_INFO_REQUEST);
u_char random[32];
char challenge[((sizeof(random)+2)/3)*4 + 1];
char pubkey[((u2f_pubkey_len+2)/3)*4 + 1];
char keyhandle[((key->u2f_key_handle_len+2)/3)*4 + 1];
char *json;
arc4random_buf(random, sizeof(random));
authctxt->u2f_challenge = xmalloc(sizeof(random));
memcpy(authctxt->u2f_challenge, random, sizeof(random));
authctxt->u2f_key = key;
if (urlsafe_base64_encode(random, sizeof(random), challenge, sizeof(challenge)) == -1)
fatal("TODO");
if (urlsafe_base64_encode(key->u2f_pubkey, u2f_pubkey_len, pubkey, sizeof(pubkey)) == -1)
fatal("TODO");
if (urlsafe_base64_encode(key->u2f_key_handle, key->u2f_key_handle_len, keyhandle, sizeof(keyhandle)) == -1)
fatal("TODO");
xasprintf(&json, "{\"challenge\": \"%s\", \"keyHandle\": \"%s\", \"appId\": \"%s\"}",
challenge, keyhandle, appid);
packet_put_cstring(json);
free(json);
packet_send();
dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE,
&input_userauth_u2f_info_response);
authctxt->postponed = 1;
return (0);
}
/*
* Decodes terminal modes for the terminal referenced by fd in a portable
* manner from a packet being read.
*/
void
tty_parse_modes(int fd, int *n_bytes_ptr)
{
struct termios tio;
int opcode, baud;
int n_bytes = 0;
int failure = 0;
u_int (*get_arg)(void);
int arg_size;
if (compat20) {
*n_bytes_ptr = packet_get_int();
if (*n_bytes_ptr == 0)
return;
get_arg = packet_get_int;
arg_size = 4;
} else {
get_arg = packet_get_char;
arg_size = 1;
}
/*
* Get old attributes for the terminal. We will modify these
* flags. I am hoping that if there are any machine-specific
* modes, they will initially have reasonable values.
*/
if (tcgetattr(fd, &tio) == -1) {
logit("tcgetattr: %.100s", strerror(errno));
failure = -1;
}
for (;;) {
n_bytes += 1;
opcode = packet_get_char();
switch (opcode) {
case TTY_OP_END:
goto set;
/* XXX: future conflict possible */
case TTY_OP_ISPEED_PROTO1:
case TTY_OP_ISPEED_PROTO2:
n_bytes += 4;
baud = packet_get_int();
if (failure != -1 &&
cfsetispeed(&tio, baud_to_speed(baud)) == -1)
error("cfsetispeed failed for %d", baud);
break;
/* XXX: future conflict possible */
case TTY_OP_OSPEED_PROTO1:
case TTY_OP_OSPEED_PROTO2:
n_bytes += 4;
baud = packet_get_int();
if (failure != -1 &&
cfsetospeed(&tio, baud_to_speed(baud)) == -1)
error("cfsetospeed failed for %d", baud);
break;
#define TTYCHAR(NAME, OP) \
case OP: \
n_bytes += arg_size; \
tio.c_cc[NAME] = special_char_decode(get_arg()); \
break;
#define TTYMODE(NAME, FIELD, OP) \
case OP: \
n_bytes += arg_size; \
if (get_arg()) \
tio.FIELD |= NAME; \
else \
tio.FIELD &= ~NAME; \
break;
#include "ttymodes.h"
#undef TTYCHAR
#undef TTYMODE
default:
debug("Ignoring unsupported tty mode opcode %d (0x%x)",
opcode, opcode);
if (!compat20) {
/*
* SSH1:
* Opcodes 1 to 127 are defined to have
* a one-byte argument.
* Opcodes 128 to 159 are defined to have
* an integer argument.
*/
if (opcode > 0 && opcode < 128) {
n_bytes += 1;
(void) packet_get_char();
break;
} else if (opcode >= 128 && opcode < 160) {
n_bytes += 4;
(void) packet_get_int();
break;
} else {
/*
* It is a truly undefined opcode (160 to 255).
* We have no idea about its arguments. So we
* must stop parsing. Note that some data
* may be left in the packet; hopefully there
* is nothing more coming after the mode data.
*/
logit("parse_tty_modes: unknown opcode %d",
opcode);
goto set;
}
} else {
/*
* SSH2:
* Opcodes 1 to 159 are defined to have
* a uint32 argument.
* Opcodes 160 to 255 are undefined and
* cause parsing to stop.
*/
if (opcode > 0 && opcode < 160) {
n_bytes += 4;
(void) packet_get_int();
break;
} else {
logit("parse_tty_modes: unknown opcode %d",
opcode);
goto set;
}
}
}
}
set:
if (*n_bytes_ptr != n_bytes) {
*n_bytes_ptr = n_bytes;
logit("parse_tty_modes: n_bytes_ptr != n_bytes: %d %d",
*n_bytes_ptr, n_bytes);
return; /* Don't process bytes passed */
}
if (failure == -1)
return; /* Packet parsed ok but tcgetattr() failed */
/* Set the new modes for the terminal. */
if (tcsetattr(fd, TCSANOW, &tio) == -1)
logit("Setting tty modes failed: %.100s", strerror(errno));
}
void do_connection(int privileged_port)
{
int i;
MP_INT session_key_int;
unsigned char session_key[SSH_SESSION_KEY_LENGTH];
unsigned char check_bytes[8];
char *user;
unsigned int cipher_type, auth_mask, protocol_flags;
/* Generate check bytes that the client must send back in the user packet
in order for it to be accepted; this is used to defy ip spoofing
attacks. Note that this only works against somebody doing IP spoofing
from a remote machine; any machine on the local network can still see
outgoing packets and catch the random cookie. This only affects
rhosts authentication, and this is one of the reasons why it is
inherently insecure. */
for (i = 0; i < 8; i++)
check_bytes[i] = random_get_byte(&sensitive_data.random_state);
/* Send our public key. We include in the packet 64 bits of random
data that must be matched in the reply in order to prevent IP spoofing. */
packet_start(SSH_SMSG_PUBLIC_KEY);
for (i = 0; i < 8; i++)
packet_put_char(check_bytes[i]);
/* Store our public server RSA key. */
packet_put_int(public_key.bits);
packet_put_mp_int(&public_key.e);
packet_put_mp_int(&public_key.n);
/* Store our public host RSA key. */
packet_put_int(sensitive_data.host_key.bits);
packet_put_mp_int(&sensitive_data.host_key.e);
packet_put_mp_int(&sensitive_data.host_key.n);
/* Put protocol flags. */
packet_put_int(SSH_PROTOFLAG_HOST_IN_FWD_OPEN);
/* Declare which ciphers we support. */
packet_put_int(cipher_mask());
/* Declare supported authentication types. */
auth_mask = 0;
if (options.rhosts_authentication)
auth_mask |= 1 << SSH_AUTH_RHOSTS;
if (options.rhosts_rsa_authentication)
auth_mask |= 1 << SSH_AUTH_RHOSTS_RSA;
if (options.rsa_authentication)
auth_mask |= 1 << SSH_AUTH_RSA;
if (options.password_authentication)
auth_mask |= 1 << SSH_AUTH_PASSWORD;
packet_put_int(auth_mask);
/* Send the packet and wait for it to be sent. */
packet_send();
packet_write_wait();
debug("Sent %d bit public key and %d bit host key.", public_key.bits, sensitive_data.host_key.bits);
/* Read clients reply (cipher type and session key). */
packet_read_expect(SSH_CMSG_SESSION_KEY);
/* Get cipher type. */
cipher_type = packet_get_char();
/* Get check bytes from the packet. These must match those we sent earlier
with the public key packet. */
for (i = 0; i < 8; i++)
if (check_bytes[i] != packet_get_char())
packet_disconnect("IP Spoofing check bytes do not match.");
debug("Encryption type: %.200s", cipher_name(cipher_type));
/* Get the encrypted integer. */
mpz_init(&session_key_int);
packet_get_mp_int(&session_key_int);
/* Get protocol flags. */
protocol_flags = packet_get_int();
packet_set_protocol_flags(protocol_flags);
/* Decrypt it using our private server key and private host key (key with
larger modulus first). */
if (mpz_cmp(&sensitive_data.private_key.n, &sensitive_data.host_key.n) > 0) {
/* Private key has bigger modulus. */
assert(sensitive_data.private_key.bits >= sensitive_data.host_key.bits + SSH_KEY_BITS_RESERVED);
rsa_private_decrypt(&session_key_int, &session_key_int, &sensitive_data.private_key);
rsa_private_decrypt(&session_key_int, &session_key_int, &sensitive_data.host_key);
} else {
/* Host key has bigger modulus (or they are equal). */
assert(sensitive_data.host_key.bits >= sensitive_data.private_key.bits + SSH_KEY_BITS_RESERVED);
rsa_private_decrypt(&session_key_int, &session_key_int, &sensitive_data.host_key);
rsa_private_decrypt(&session_key_int, &session_key_int, &sensitive_data.private_key);
}
/* Compute session id for this session. */
compute_session_id(session_id, check_bytes, sensitive_data.host_key.bits, &sensitive_data.host_key.n, sensitive_data.private_key.bits, &sensitive_data.private_key.n);
/* Extract session key from the decrypted integer. The key is in the
least significant 256 bits of the integer; the first byte of the
key is in the highest bits. */
mp_linearize_msb_first(session_key, sizeof(session_key), &session_key_int);
/* Xor the first 16 bytes of the session key with the session id. */
for (i = 0; i < 16; i++)
session_key[i] ^= session_id[i];
/* Destroy the decrypted integer. It is no longer needed. */
mpz_clear(&session_key_int);
/* Set the session key. From this on all communications will be
encrypted. */
packet_set_encryption_key(session_key, SSH_SESSION_KEY_LENGTH, cipher_type, 0);
/* Destroy our copy of the session key. It is no longer needed. */
memset(session_key, 0, sizeof(session_key));
debug("Received session key; encryption turned on.");
/* Send an acknowledgement packet. Note that this packet is sent
encrypted. */
packet_start(SSH_SMSG_SUCCESS);
packet_send();
packet_write_wait();
/* Get the name of the user that we wish to log in as. */
packet_read_expect(SSH_CMSG_USER);
/* Get the user name. */
user = packet_get_string(NULL);
/* Destroy the private and public keys. They will no longer be needed. */
rsa_clear_public_key(&public_key);
rsa_clear_private_key(&sensitive_data.private_key);
rsa_clear_private_key(&sensitive_data.host_key);
/* Do the authentication. */
do_authentication(user, privileged_port, cipher_type);
}
void
kexgex_server(Kex *kex)
{
BIGNUM *shared_secret = NULL, *dh_client_pub = NULL;
Key *server_host_public, *server_host_private;
DH *dh;
u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL;
u_int sbloblen, klen, slen, hashlen;
int omin = -1, min = -1, omax = -1, max = -1, onbits = -1, nbits = -1;
int type, kout;
if (kex->load_host_public_key == NULL ||
kex->load_host_private_key == NULL)
fatal("Cannot load hostkey");
server_host_public = kex->load_host_public_key(kex->hostkey_type);
if (server_host_public == NULL)
fatal("Unsupported hostkey type %d", kex->hostkey_type);
server_host_private = kex->load_host_private_key(kex->hostkey_type);
type = packet_read();
switch (type) {
case SSH2_MSG_KEX_DH_GEX_REQUEST:
debug("SSH2_MSG_KEX_DH_GEX_REQUEST received");
omin = min = packet_get_int();
onbits = nbits = packet_get_int();
omax = max = packet_get_int();
min = MAX(DH_GRP_MIN, min);
max = MIN(DH_GRP_MAX, max);
nbits = MAX(DH_GRP_MIN, nbits);
nbits = MIN(DH_GRP_MAX, nbits);
break;
case SSH2_MSG_KEX_DH_GEX_REQUEST_OLD:
debug("SSH2_MSG_KEX_DH_GEX_REQUEST_OLD received");
onbits = nbits = packet_get_int();
/* unused for old GEX */
omin = min = DH_GRP_MIN;
omax = max = DH_GRP_MAX;
break;
default:
fatal("protocol error during kex, no DH_GEX_REQUEST: %d", type);
}
packet_check_eom();
if (omax < omin || onbits < omin || omax < onbits)
fatal("DH_GEX_REQUEST, bad parameters: %d !< %d !< %d",
omin, onbits, omax);
/* Contact privileged parent */
dh = PRIVSEP(choose_dh(min, nbits, max));
if (dh == NULL)
packet_disconnect("Protocol error: no matching DH grp found");
debug("SSH2_MSG_KEX_DH_GEX_GROUP sent");
packet_start(SSH2_MSG_KEX_DH_GEX_GROUP);
packet_put_bignum2(dh->p);
packet_put_bignum2(dh->g);
packet_send();
/* flush */
packet_write_wait();
/* Compute our exchange value in parallel with the client */
dh_gen_key(dh, kex->we_need * 8);
debug("expecting SSH2_MSG_KEX_DH_GEX_INIT");
packet_read_expect(SSH2_MSG_KEX_DH_GEX_INIT);
/* key, cert */
if ((dh_client_pub = BN_new()) == NULL)
fatal("dh_client_pub == NULL");
packet_get_bignum2(dh_client_pub);
packet_check_eom();
#ifdef DEBUG_KEXDH
fprintf(stderr, "dh_client_pub= ");
BN_print_fp(stderr, dh_client_pub);
fprintf(stderr, "\n");
debug("bits %d", BN_num_bits(dh_client_pub));
#endif
#ifdef DEBUG_KEXDH
DHparams_print_fp(stderr, dh);
fprintf(stderr, "pub= ");
BN_print_fp(stderr, dh->pub_key);
fprintf(stderr, "\n");
#endif
if (!dh_pub_is_valid(dh, dh_client_pub))
packet_disconnect("bad client public DH value");
klen = DH_size(dh);
kbuf = xmalloc(klen);
if ((kout = DH_compute_key(kbuf, dh_client_pub, dh)) < 0)
fatal("DH_compute_key: failed");
#ifdef DEBUG_KEXDH
dump_digest("shared secret", kbuf, kout);
#endif
if ((shared_secret = BN_new()) == NULL)
fatal("kexgex_server: BN_new failed");
if (BN_bin2bn(kbuf, kout, shared_secret) == NULL)
fatal("kexgex_server: BN_bin2bn failed");
memset(kbuf, 0, klen);
free(kbuf);
key_to_blob(server_host_public, &server_host_key_blob, &sbloblen);
if (type == SSH2_MSG_KEX_DH_GEX_REQUEST_OLD)
omin = min = omax = max = -1;
/* calc H */
kexgex_hash(
kex->evp_md,
kex->client_version_string,
kex->server_version_string,
buffer_ptr(&kex->peer), buffer_len(&kex->peer),
buffer_ptr(&kex->my), buffer_len(&kex->my),
server_host_key_blob, sbloblen,
omin, onbits, omax,
dh->p, dh->g,
dh_client_pub,
dh->pub_key,
shared_secret,
&hash, &hashlen
);
BN_clear_free(dh_client_pub);
/* save session id := H */
if (kex->session_id == NULL) {
kex->session_id_len = hashlen;
kex->session_id = xmalloc(kex->session_id_len);
memcpy(kex->session_id, hash, kex->session_id_len);
}
/* sign H */
kex->sign(server_host_private, server_host_public, &signature, &slen,
hash, hashlen);
/* destroy_sensitive_data(); */
/* send server hostkey, DH pubkey 'f' and singed H */
debug("SSH2_MSG_KEX_DH_GEX_REPLY sent");
packet_start(SSH2_MSG_KEX_DH_GEX_REPLY);
packet_put_string(server_host_key_blob, sbloblen);
packet_put_bignum2(dh->pub_key); /* f */
packet_put_string(signature, slen);
packet_send();
free(signature);
free(server_host_key_blob);
/* have keys, free DH */
DH_free(dh);
kex_derive_keys(kex, hash, hashlen, shared_secret);
BN_clear_free(shared_secret);
kex_finish(kex);
}
/*
* We only support those mechanisms that we know about (ie ones that we know
* how to check local user kuserok and the like)
*/
static int
userauth_gssapi(Authctxt *authctxt)
{
gss_OID_desc goid = {0, NULL};
Gssctxt *ctxt = NULL;
int mechs;
int present;
OM_uint32 ms;
u_int len;
u_char *doid = NULL;
if (!authctxt->valid || authctxt->user == NULL)
return (0);
mechs = packet_get_int();
if (mechs == 0) {
debug("Mechanism negotiation is not supported");
return (0);
}
do {
mechs--;
free(doid);
present = 0;
doid = packet_get_string(&len);
if (len > 2 && doid[0] == SSH_GSS_OIDTYPE &&
doid[1] == len - 2) {
goid.elements = doid + 2;
goid.length = len - 2;
ssh_gssapi_test_oid_supported(&ms, &goid, &present);
} else {
logit("Badly formed OID received");
}
} while (mechs > 0 && !present);
if (!present) {
free(doid);
authctxt->server_caused_failure = 1;
return (0);
}
if (GSS_ERROR(PRIVSEP(ssh_gssapi_server_ctx(&ctxt, &goid)))) {
if (ctxt != NULL)
ssh_gssapi_delete_ctx(&ctxt);
free(doid);
authctxt->server_caused_failure = 1;
return (0);
}
authctxt->methoddata = (void *)ctxt;
packet_start(SSH2_MSG_USERAUTH_GSSAPI_RESPONSE);
/* Return the OID that we received */
packet_put_string(doid, len);
packet_send();
free(doid);
dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, &input_gssapi_token);
dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, &input_gssapi_errtok);
authctxt->postponed = 1;
return (0);
}
void do_authenticated(char *pw)
{
int type;
int compression_level = 0, enable_compression_after_reply = 0;
int row, col, xpixel, ypixel;
unsigned long max_size;
char *display = NULL, *proto = NULL, *data = NULL;
/* Cancel the alarm we set to limit the time taken for authentication. */
alarm(0);
/* Inform the channel mechanism that we are the server side and that
the client may request to connect to any port at all. (The user could
do it anyway, and we wouldn\'t know what is permitted except by the
client telling us, so we can equally well trust the client not to request
anything bogus.) */
/* We stay in this loop until the client requests to execute a shell or a
command. */
while (1) {
/* Get a packet from the client. */
type = packet_read();
/* Process the packet. */
switch (type) {
case SSH_CMSG_REQUEST_COMPRESSION:
/* COMMAN: k core said that compression is not useful */
goto fail;
compression_level = packet_get_int();
if (compression_level < 1 || compression_level > 9) {
packet_send_debug("Received illegal compression level %d.", compression_level);
goto fail;
}
/* Enable compression after we have responded with SUCCESS. */
enable_compression_after_reply = 1;
break;
case SSH_CMSG_MAX_PACKET_SIZE:
/* Get maximum size from paket. */
max_size = packet_get_int();
/* Make sure that it is acceptable. */
if (max_size < 4096 || max_size > 256 * 1024) {
packet_send_debug("Received illegal max packet size %lu.", max_size);
goto fail;
}
/* Set the size and return success. */
packet_set_max_size(max_size);
break;
case SSH_CMSG_REQUEST_PTY:
packet_get_string(NULL);
row = packet_get_int();
col = packet_get_int();
xpixel = packet_get_int();
ypixel = packet_get_int();
do_naws(row, col);
packet_get_all();
debug("Allocating a pty not permitted for this authentication.");
break;
case SSH_CMSG_X11_REQUEST_FORWARDING:
packet_get_all();
debug("X11 forwarding disabled in this site.");
packet_send_debug("X11 forwarding disabled in this site.");
goto fail;
case SSH_CMSG_AGENT_REQUEST_FORWARDING:
packet_get_all();
debug("Authentication agent forwarding not permitted for this authentication.");
goto fail;
case SSH_CMSG_PORT_FORWARD_REQUEST:
packet_get_all();
debug("All port forwardings disabled in this site.");
packet_send_debug("All port forwardings disabled in this site.");
goto fail;
case SSH_CMSG_EXEC_SHELL:
/* Set interactive/non-interactive mode. */
packet_set_interactive(1, options.keepalives);
if (forced_command != NULL)
goto do_forced_command;
debug("Forking shell.");
do_exec_no_pty(NULL, pw, display, proto, data);
return;
case SSH_CMSG_EXEC_CMD:
packet_get_all();
debug("command executing disabled in this site.");
packet_send_debug("command executing disabled in this site.");
goto fail;
case SSH_CMSG_WINDOW_SIZE:
debug("Window change received.");
row = packet_get_int();
col = packet_get_int();
xpixel = packet_get_int();
ypixel = packet_get_int();
do_naws(row, col);
break;
default:
/* Any unknown messages in this phase are ignored, and a failure
message is returned. */
packet_get_all();
log_msg("Unknown packet type received after authentication: %d", type);
goto fail;
}
/* The request was successfully processed. */
packet_start(SSH_SMSG_SUCCESS);
packet_send();
packet_write_wait();
/* Enable compression now that we have replied if appropriate. */
if (enable_compression_after_reply) {
enable_compression_after_reply = 0;
packet_start_compression(compression_level);
}
continue;
fail:
/* The request failed. */
packet_get_all();
packet_start(SSH_SMSG_FAILURE);
packet_send();
packet_write_wait();
continue;
do_forced_command:
/* There is a forced command specified for this login. Execute it. */
debug("Executing forced command: %.900s", forced_command);
return;
}
}
static void
input_userauth_info_response(int type, u_int32_t seq, void *ctxt)
{
Authctxt *authctxt = ctxt;
KbdintAuthctxt *kbdintctxt;
int i, res, len;
u_int nresp;
char **response = NULL, *method;
if (authctxt == NULL)
fatal("input_userauth_info_response: no authctxt");
kbdintctxt = (KbdintAuthctxt *) authctxt->method->method_data;
if (kbdintctxt == NULL || kbdintctxt->ctxt == NULL)
fatal("input_userauth_info_response: no kbdintctxt");
if (kbdintctxt->device == NULL)
fatal("input_userauth_info_response: no device");
nresp = packet_get_int();
if (nresp != kbdintctxt->nreq)
fatal("input_userauth_info_response: wrong number of replies");
if (nresp > 100)
fatal("input_userauth_info_response: too many replies");
if (nresp > 0) {
response = xmalloc(nresp * sizeof(char *));
for (i = 0; i < nresp; i++)
response[i] = packet_get_string(NULL);
}
packet_check_eom();
if (authctxt->valid) {
res = kbdintctxt->device->respond(kbdintctxt->ctxt,
nresp, response);
} else {
res = -1;
}
for (i = 0; i < nresp; i++) {
memset(response[i], 'r', strlen(response[i]));
xfree(response[i]);
}
if (response)
xfree(response);
authctxt->method->postponed = 0; /* reset */
switch (res) {
case 0:
/* Success! */
authctxt->method->authenticated = 1;
break;
case 1:
/* Authentication needs further interaction */
if (send_userauth_info_request(authctxt) == 1) {
authctxt->method->postponed = 1;
}
break;
default:
/* Failure! */
break;
}
len = strlen("keyboard-interactive") + 2 +
strlen(kbdintctxt->device->name);
method = xmalloc(len);
snprintf(method, len, "keyboard-interactive/%s",
kbdintctxt->device->name);
if (authctxt->method->authenticated || authctxt->method->abandoned) {
auth2_challenge_stop(authctxt);
} else {
/* start next device */
/* may set authctxt->method->postponed */
auth2_challenge_start(authctxt);
}
userauth_finish(authctxt, method);
xfree(method);
}
void packet_print(Packet* packet)
{
switch (packet_get_type(packet))
{
case PACKET_TYPE_SEND_MESSAGE:
{
printf("Send Message: Length=%d, Message=%s\n",
packet_get_length(packet),
packet_get_string(packet, SEND_MESSAGE_TEXT));
break;
}
case PACKET_TYPE_SEND_NAME:
{
printf("Send Name: Length=%d, Name=%s\n",
packet_get_length(packet),
packet_get_string(packet, SEND_NAME_NAME));
break;
}
case PACKET_TYPE_MOUSE_DOWN:
{
printf("Mouse Down: Length=%d, X=%lf, Y=%lf\n",
packet_get_length(packet),
packet_get_double(packet, MOUSE_DOWN_X),
packet_get_double(packet, MOUSE_DOWN_Y));
break;
}
case PACKET_TYPE_MOUSE_MOVE:
{
printf("Mouse Move: Length=%d, X=%lf, Y=%lf\n",
packet_get_length(packet),
packet_get_double(packet, MOUSE_MOVE_X),
packet_get_double(packet, MOUSE_MOVE_Y));
break;
}
case PACKET_TYPE_MOUSE_UP:
{
printf("Mouse Up: Length=%d, X=%lf, Y=%lf\n",
packet_get_length(packet),
packet_get_double(packet, MOUSE_UP_X),
packet_get_double(packet, MOUSE_UP_Y));
break;
}
case PACKET_TYPE_NEW_STROKE:
{
printf("New Stroke: Length=%d, ID=%d, X=%lf, Y=%lf, TYPE=%d, FILL=%d, WIDTH=%lf, R=%lf, G=%lf, B=%lf\n",
packet_get_length(packet),
packet_get_int(packet, NEW_STROKE_ID),
packet_get_double(packet, NEW_STROKE_X),
packet_get_double(packet, NEW_STROKE_Y),
packet_get_byte(packet, NEW_STROKE_SHAPE_TYPE),
packet_get_byte(packet, NEW_STROKE_FILL),
packet_get_double(packet, NEW_STROKE_WIDTH),
packet_get_double(packet, NEW_STROKE_R),
packet_get_double(packet, NEW_STROKE_G),
packet_get_double(packet, NEW_STROKE_B));
break;
}
case PACKET_TYPE_ADD_POINT:
{
printf("Add Point: Length=%d, ID=%d, X=%lf, Y=%lf\n",
packet_get_length(packet),
packet_get_int(packet, ADD_POINT_ID),
packet_get_double(packet, ADD_POINT_X),
packet_get_double(packet, ADD_POINT_Y));
break;
}
case PACKET_TYPE_DELETE:
{
printf("New Stroke: Length=%d, ID=%d\n",
packet_get_length(packet),
packet_get_int(packet, DELETE_ID));
break;
}
case PACKET_TYPE_UPDATE:
{
printf("Update: Length=%d, ID=%d, X=%lf, Y=%lf, T=%lf\n",
packet_get_length(packet),
packet_get_int(packet, UPDATE_ID),
packet_get_double(packet, UPDATE_X),
packet_get_double(packet, UPDATE_Y),
packet_get_double(packet, UPDATE_ROTATION));
break;
}
case PACKET_TYPE_PACKETS:
{
printf("Packets: Length=%d\n", packet_get_length(packet));
int i = 0;
Packet* p = NULL;
do
{
printf("\t");
p = packet_get_packet(packet, i);
packet_print(p);
i++;
} while (packet_get_type(p) != PACKET_TYPE_UNDEFINED);
break;
}
case PACKET_TYPE_NEW_CONNECTION:
{
printf("New Connection: Length=1\n");
break;
}
case PACKET_TYPE_INK_POT:
{
printf("Ink: %d\n", packet_get_byte(packet, INK_POT_INK));
break;
}
case PACKET_TYPE_UNDEFINED:
default:
{
printf("Packet Undefined\n");
break;
}
}
}
void ProcessOnePacket(int wait)
{
int type;
char *data;
unsigned int data_len;
int row, col, xpixel, ypixel;
while (1) {
if (wait)
type = packet_read();
else
type = packet_read_poll();
if (type == SSH_MSG_NONE)
goto read_done;
switch (type) {
case SSH_CMSG_STDIN_DATA:
/* Stdin data from the client. Append it to the buffer. */
data = packet_get_string(&data_len);
buffer_append(&NetworkBuf, data, data_len);
memset(data, 0, data_len);
xfree(data);
if (wait)
goto read_done;
break;
case SSH_CMSG_EOF:
/* Eof from the client. The stdin descriptor to the program
will be closed when all buffered data has drained. */
debug("EOF received for stdin.");
goto read_done;
break;
case SSH_CMSG_WINDOW_SIZE:
debug("Window change received.");
row = packet_get_int();
col = packet_get_int();
xpixel = packet_get_int();
ypixel = packet_get_int();
// pty_change_window_size(fdin, row, col, xpixel, ypixel);
break;
case SSH_MSG_PORT_OPEN:
break;
case SSH_MSG_CHANNEL_OPEN_CONFIRMATION:
debug("Received channel open confirmation.");
break;
case SSH_MSG_CHANNEL_OPEN_FAILURE:
debug("Received channel open failure.");
break;
case SSH_MSG_CHANNEL_DATA:
break;
#ifdef SUPPORT_OLD_CHANNELS
case SSH_MSG_CHANNEL_CLOSE:
debug("Received channel close.");
break;
case SSH_MSG_CHANNEL_CLOSE_CONFIRMATION:
debug("Received channel close confirmation.");
break;
#else
case SSH_MSG_CHANNEL_INPUT_EOF:
debug("Received channel input eof.");
break;
case SSH_MSG_CHANNEL_OUTPUT_CLOSED:
debug("Received channel output closed.");
break;
#endif
default:
/* In this phase, any unexpected messages cause a protocol
error. This is to ease debugging; also, since no
confirmations are sent messages, unprocessed unknown
messages could cause strange problems. Any compatible
protocol extensions must be negotiated before entering the
interactive session. */
packet_disconnect("Protocol error during session: type %d", type);
}
}
read_done:
;
}
void do_authentication(char *user, int privileged_port, int cipher_type)
{
int type;
int authenticated = 0;
int authentication_type = 0;
char *password;
int row, col, xpixel, ypixel;
int password_attempts = 0;
if (strlen(user) > 255)
do_authentication_fail_loop();
/* Verify that the user is a valid user. We disallow usernames starting
with any characters that are commonly used to start NIS entries. */
if (user[0] == '-' || user[0] == '+' || user[0] == '@')
do_authentication_fail_loop();
debug("Attempting authentication for %.100s.", user);
/* If the user has no password, accept authentication immediately. */
if (auth_password(user, "")) {
/* Authentication with empty password succeeded. */
authentication_type = SSH_AUTH_PASSWORD;
authenticated = 1;
/* Success packet will be sent after loop below. */
} else {
/* Indicate that authentication is needed. */
packet_start(SSH_SMSG_FAILURE);
packet_send();
packet_write_wait();
}
/* Loop until the user has been authenticated or the connection is closed. */
while (!authenticated) {
/* Get a packet from the client. */
type = packet_read();
/* Process the packet. */
switch (type) {
case SSH_CMSG_AUTH_RHOSTS:
packet_get_all();
log_msg("Rhosts authentication disabled.");
break;
case SSH_CMSG_AUTH_RHOSTS_RSA:
packet_get_all();
log_msg("Rhosts with RSA authentication disabled.");
break;
case SSH_CMSG_AUTH_RSA:
packet_get_all();
log_msg("RSA authentication disabled.");
break;
case SSH_CMSG_AUTH_PASSWORD:
if (cipher_type == SSH_CIPHER_NONE) {
packet_get_all();
log_msg("Password authentication not available for unencrypted session.");
break;
}
/* Password authentication requested. */
/* Read user password. It is in plain text, but was transmitted
over the encrypted channel so it is not visible to an outside
observer. */
password = packet_get_string(NULL);
if (password_attempts >= 5) { /* Too many password authentication attempts. */
packet_disconnect("Too many password authentication attempts from %.100s for user %.100s.", get_canonical_hostname(), user);
/*NOTREACHED*/}
/* Count password authentication attempts, and log if appropriate. */
if (password_attempts > 0) {
/* Log failures if attempted more than once. */
debug("Password authentication failed for user %.100s from %.100s.", user, get_canonical_hostname());
}
password_attempts++;
/* Try authentication with the password. */
if (auth_password(user, password)) {
/* Successful authentication. */
/* Clear the password from memory. */
memset(password, 0, strlen(password));
xfree(password);
log_msg("Password authentication for %.100s accepted.", user);
authentication_type = SSH_AUTH_PASSWORD;
authenticated = 1;
break;
}
debug("Password authentication for %.100s failed.", user);
memset(password, 0, strlen(password));
xfree(password);
break;
case SSH_CMSG_WINDOW_SIZE:
debug("Window change received.");
row = packet_get_int();
col = packet_get_int();
xpixel = packet_get_int();
ypixel = packet_get_int();
do_naws(row, col);
break;
default:
/* Any unknown messages will be ignored (and failure returned)
during authentication. */
packet_get_all();
log_msg("Unknown message during authentication: type %d", type);
break; /* Respond with a failure message. */
}
/* If successfully authenticated, break out of loop. */
if (authenticated)
break;
/* Send a message indicating that the authentication attempt failed. */
packet_start(SSH_SMSG_FAILURE);
packet_send();
packet_write_wait();
}
/* The user has been authenticated and accepted. */
packet_start(SSH_SMSG_SUCCESS);
packet_send();
packet_write_wait();
/* Perform session preparation. */
do_authenticated(NULL);
}
