/*
* Performs the RSA authentication dialog with the client. This returns
* 0 if the client could not be authenticated, and 1 if authentication was
* successful. This may exit if there is a serious protocol violation.
*/
int
auth_rsa(Authctxt *authctxt, BIGNUM *client_n)
{
struct ssh *ssh = active_state;
struct sshkey *key;
char *fp;
struct passwd *pw = authctxt->pw;
/* no user given */
if (!authctxt->valid)
return 0;
if (!PRIVSEP(auth_rsa_key_allowed(pw, client_n, &key))) {
auth_clear_options();
return (0);
}
/* Perform the challenge-response dialog for this key. */
if (!auth_rsa_challenge_dialog(key)) {
/* Wrong response. */
verbose("Wrong response to RSA authentication challenge.");
ssh_packet_send_debug(ssh,
"Wrong response to RSA authentication challenge.");
/*
* Break out of the loop. Otherwise we might send
* another challenge and break the protocol.
*/
sshkey_free(key);
return (0);
}
/*
* Correct response. The client has been successfully
* authenticated. Note that we have not yet processed the
* options; this will be reset if the options cause the
* authentication to be rejected.
*/
fp = sshkey_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
verbose("Found matching %s key: %s",
sshkey_type(key), fp);
xfree(fp);
sshkey_free(key);
ssh_packet_send_debug(ssh, "RSA authentication accepted.");
return (1);
}
void
packet_send_debug(const char *fmt, ...)
{
char buf[1024];
va_list args;
va_start(args, fmt);
vsnprintf(buf, sizeof(buf), fmt, args);
va_end(args);
ssh_packet_send_debug(active_state, "%s", buf);
}
static Channel *
server_request_tun(struct ssh *ssh)
{
Channel *c = NULL;
int r, sock;
u_int tun, mode;
if ((r = sshpkt_get_u32(ssh, &mode)) != 0 ||
(r = sshpkt_get_u32(ssh, &tun)) != 0)
fatal("%s: %s", __func__, ssh_err(r));
switch (mode) {
case SSH_TUNMODE_POINTOPOINT:
case SSH_TUNMODE_ETHERNET:
break;
default:
ssh_packet_send_debug(ssh, "Unsupported tunnel device mode.");
return NULL;
}
if ((options.permit_tun & mode) == 0) {
ssh_packet_send_debug(ssh, "Server has rejected tunnel device "
"forwarding");
return NULL;
}
if (forced_tun_device >= 0) {
if (tun != SSH_TUNID_ANY && (u_int)forced_tun_device != tun)
goto done;
tun = forced_tun_device;
}
sock = tun_open(tun, mode);
if (sock < 0)
goto done;
c = channel_new(ssh, "tun", SSH_CHANNEL_OPEN, sock, sock, -1,
CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1);
c->datagram = 1;
done:
if (c == NULL)
ssh_packet_send_debug(ssh, "Failed to open the tunnel device.");
return c;
}
void
auth_debug_send(void)
{
struct ssh *ssh = active_state; /* XXX */
char *msg;
int r;
if (auth_debug == NULL)
return;
while (sshbuf_len(auth_debug) != 0) {
if ((r = sshbuf_get_cstring(auth_debug, &msg, NULL)) != 0)
fatal("%s: sshbuf_get_cstring: %s",
__func__, ssh_err(r));
ssh_packet_send_debug(ssh, "%s", msg);
free(msg);
}
}
static int
server_input_global_request(int type, u_int32_t seq, struct ssh *ssh)
{
char *rtype = NULL;
u_char want_reply;
int r, success = 0, allocated_listen_port = 0;
struct sshbuf *resp = NULL;
if ((r = sshpkt_get_cstring(ssh, &rtype, NULL)) != 0 ||
(r = sshpkt_get_u8(ssh, &want_reply)) != 0)
goto out;
debug("server_input_global_request: rtype %s want_reply %d", rtype, want_reply);
/* -R style forwarding */
if (strcmp(rtype, "tcpip-forward") == 0) {
struct authctxt *authctxt = ssh->authctxt;
struct Forward fwd;
if (authctxt->pw == NULL || !authctxt->valid)
fatal("server_input_global_request: no/invalid user");
memset(&fwd, 0, sizeof(fwd));
if ((r = sshpkt_get_cstring(ssh, &fwd.listen_host, NULL)) != 0 ||
(r = sshpkt_get_u32(ssh, &fwd.listen_port)) != 0)
goto out;
debug("server_input_global_request: tcpip-forward listen %s port %d",
fwd.listen_host, fwd.listen_port);
/* check permissions */
if ((options.allow_tcp_forwarding & FORWARD_REMOTE) == 0 ||
no_port_forwarding_flag ||
(!want_reply && fwd.listen_port == 0) ||
(fwd.listen_port != 0 && fwd.listen_port < IPPORT_RESERVED &&
authctxt->pw->pw_uid != 0)) {
success = 0;
ssh_packet_send_debug(ssh,
"Server has disabled port forwarding.");
} else {
/* Start listening on the port */
success = channel_setup_remote_fwd_listener(ssh, &fwd,
&allocated_listen_port, &options.fwd_opts);
}
free(fwd.listen_host);
if ((resp = sshbuf_new()) == NULL)
fatal("%s: sshbuf_new", __func__);
if (allocated_listen_port != 0 &&
(r = sshbuf_put_u32(resp, allocated_listen_port)) != 0)
fatal("%s: sshbuf_put_u32: %s", __func__, ssh_err(r));
} else if (strcmp(rtype, "cancel-tcpip-forward") == 0) {
struct Forward fwd;
memset(&fwd, 0, sizeof(fwd));
if ((r = sshpkt_get_cstring(ssh, &fwd.listen_host, NULL)) != 0 ||
(r = sshpkt_get_u32(ssh, &fwd.listen_port)) != 0)
goto out;
debug("%s: cancel-tcpip-forward addr %s port %d", __func__,
fwd.listen_host, fwd.listen_port);
success = channel_cancel_rport_listener(&fwd);
free(fwd.listen_host);
} else if (strcmp(rtype, "*****@*****.**") == 0) {
struct Forward fwd;
memset(&fwd, 0, sizeof(fwd));
if ((r = sshpkt_get_cstring(ssh, &fwd.listen_path, NULL)) != 0)
goto out;
debug("server_input_global_request: streamlocal-forward listen path %s",
fwd.listen_path);
/* check permissions */
if ((options.allow_streamlocal_forwarding & FORWARD_REMOTE) == 0
|| no_port_forwarding_flag) {
success = 0;
ssh_packet_send_debug(ssh, "Server has disabled port forwarding.");
} else {
/* Start listening on the socket */
success = channel_setup_remote_fwd_listener(ssh,
&fwd, NULL, &options.fwd_opts);
}
free(fwd.listen_path);
} else if (strcmp(rtype, "*****@*****.**") == 0) {
struct Forward fwd;
memset(&fwd, 0, sizeof(fwd));
if ((r = sshpkt_get_cstring(ssh, &fwd.listen_path, NULL)) != 0)
goto out;
debug("%s: cancel-streamlocal-forward path %s", __func__,
fwd.listen_path);
success = channel_cancel_rport_listener(&fwd);
free(fwd.listen_path);
} else if (strcmp(rtype, "*****@*****.**") == 0) {
no_more_sessions = 1;
success = 1;
} else if (strcmp(rtype, "*****@*****.**") == 0) {
success = server_input_hostkeys_prove(&resp);
}
if (want_reply) {
if ((r = sshpkt_start(ssh, success ?
SSH2_MSG_REQUEST_SUCCESS : SSH2_MSG_REQUEST_FAILURE)) != 0 ||
(success && resp != NULL &&
(r = sshpkt_put(ssh, sshbuf_ptr(resp), sshbuf_len(resp)))
!= 0) ||
(r = sshpkt_send(ssh)) != 0)
goto out;
ssh_packet_write_wait(ssh);
}
r = 0;
out:
free(rtype);
sshbuf_free(resp);
return r;
}
