示例#1
0
static int
send_userauth_info_request(struct ssh *ssh)
{
	struct authctxt *authctxt = ssh->authctxt;
	struct kbdintctxt *kbdintctxt = authctxt->kbdintctxt;
	char *name, *instr, **prompts;
	u_int r, i, *echo_on;

	if (kbdintctxt->device->query(kbdintctxt->ctxt,
	    &name, &instr, &kbdintctxt->nreq, &prompts, &echo_on))
		return 0;

	if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_INFO_REQUEST)) != 0 ||
	    (r = sshpkt_put_cstring(ssh, name)) != 0 ||
	    (r = sshpkt_put_cstring(ssh, instr)) != 0 ||
	    (r = sshpkt_put_cstring(ssh, "")) != 0 ||	/* language not used */
	    (r = sshpkt_put_u32(ssh, kbdintctxt->nreq)) != 0)
		fatal("%s: %s", __func__, ssh_err(r));
	for (i = 0; i < kbdintctxt->nreq; i++) {
		if ((r = sshpkt_put_cstring(ssh, prompts[i])) != 0 ||
		    (r = sshpkt_put_u8(ssh, echo_on[i])) != 0)
			fatal("%s: %s", __func__, ssh_err(r));
	}
	if ((r = sshpkt_send(ssh)) != 0)
		fatal("%s: %s", __func__, ssh_err(r));
	ssh_packet_write_wait(ssh);

	for (i = 0; i < kbdintctxt->nreq; i++)
		free(prompts[i]);
	free(prompts);
	free(echo_on);
	free(name);
	free(instr);
	return 1;
}
示例#2
0
static int
server_input_channel_open(int type, u_int32_t seq, struct ssh *ssh)
{
	Channel *c = NULL;
	char *ctype = 0;
	int r;
	u_int rchan, rmaxpack, rwindow;
	size_t len;

	if ((r = sshpkt_get_cstring(ssh, &ctype, &len)) != 0 ||
	    (r = sshpkt_get_u32(ssh, &rchan)) != 0 ||
	    (r = sshpkt_get_u32(ssh, &rwindow)) != 0 ||
	    (r = sshpkt_get_u32(ssh, &rmaxpack)) != 0)
		goto out;

	debug("server_input_channel_open: ctype %s rchan %d win %d max %d",
	    ctype, rchan, rwindow, rmaxpack);

	if (strcmp(ctype, "session") == 0) {
		c = server_request_session(ssh);
	} else if (strcmp(ctype, "direct-tcpip") == 0) {
		c = server_request_direct_tcpip(ssh);
	} else if (strcmp(ctype, "*****@*****.**") == 0) {
		c = server_request_direct_streamlocal(ssh);
	} else if (strcmp(ctype, "*****@*****.**") == 0) {
		c = server_request_tun(ssh);
	}
	if (c != NULL) {
		debug("server_input_channel_open: confirm %s", ctype);
		c->remote_id = rchan;
		c->remote_window = rwindow;
		c->remote_maxpacket = rmaxpack;
		if (c->type != SSH_CHANNEL_CONNECTING) {
			if ((r = sshpkt_start(ssh,
			    SSH2_MSG_CHANNEL_OPEN_CONFIRMATION)) != 0 ||
			    (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 ||
			    (r = sshpkt_put_u32(ssh, c->self)) != 0 ||
			    (r = sshpkt_put_u32(ssh, c->local_window)) != 0 ||
			    (r = sshpkt_put_u32(ssh, c->local_maxpacket)) != 0||
			    (r = sshpkt_send(ssh)) != 0)
				goto out;
		}
	} else {
		debug("server_input_channel_open: failure %s", ctype);
		if ((r = sshpkt_start(ssh, SSH2_MSG_CHANNEL_OPEN_FAILURE)) != 0 ||
		    (r = sshpkt_put_u32(ssh, rchan)) != 0 ||
		    (r = sshpkt_put_u32(ssh,
		    SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED)) != 0 ||
		    (!(ssh->compat & SSH_BUG_OPENFAILURE) &&
		    (r = sshpkt_put_cstring(ssh, "open failed")) != 0) ||
		    (!(ssh->compat & SSH_BUG_OPENFAILURE) &&
		    (r = sshpkt_put_cstring(ssh, "")) != 0) ||
		    (r = sshpkt_send(ssh)) != 0)
			goto out;
	}
	r = 0;
 out:
	free(ctype);
	return r;
}
示例#3
0
static int
kex_send_ext_info(struct ssh *ssh)
{
	int r;

	if ((r = sshpkt_start(ssh, SSH2_MSG_EXT_INFO)) != 0 ||
	    (r = sshpkt_put_u32(ssh, 1)) != 0 ||
	    (r = sshpkt_put_cstring(ssh, "server-sig-algs")) != 0 ||
	    (r = sshpkt_put_cstring(ssh, "rsa-sha2-256,rsa-sha2-512")) != 0 ||
	    (r = sshpkt_send(ssh)) != 0)
		return r;
	return 0;
}
示例#4
0
static void
client_alive_check(struct ssh *ssh)
{
	u_int channel_id;
	int r;

	/* timeout, check to see how many we have had */
	if (ssh_packet_inc_alive_timeouts(ssh) > options.client_alive_count_max) {
		logit("Timeout, client not responding.");
		cleanup_exit(255);
	}

	/*
	 * send a bogus global/channel request with "wantreply",
	 * we should get back a failure
	 */
	if ((channel_id = channel_find_open()) == CHANNEL_ID_NONE) {
		if ((r = sshpkt_start(ssh, SSH2_MSG_GLOBAL_REQUEST)) != 0 ||
		    (r = sshpkt_put_cstring(ssh, "*****@*****.**"))
		    != 0 ||
		    (r = sshpkt_put_u8(ssh, 1)) != 0) /* boolean: want reply */
			fatal("%s: %s", __func__, ssh_err(r));
	} else {
		channel_request_start(channel_id, "*****@*****.**", 1);
	}
	if ((r = sshpkt_send(ssh)) != 0)
		fatal("%s: %s", __func__, ssh_err(r));
}
示例#5
0
void
ssh_packet_put_cstring(struct ssh *ssh, const char *str)
{
	int r;

	if ((r = sshpkt_put_cstring(ssh, str)) != 0)
		fatal("%s: %s", __func__, ssh_err(r));
}
示例#6
0
static int
kex_send_ext_info(struct ssh *ssh)
{
	int r;
	char *algs;

	if ((algs = sshkey_alg_list(0, 1, ',')) == NULL)
		return SSH_ERR_ALLOC_FAIL;
	if ((r = sshpkt_start(ssh, SSH2_MSG_EXT_INFO)) != 0 ||
	    (r = sshpkt_put_u32(ssh, 1)) != 0 ||
	    (r = sshpkt_put_cstring(ssh, "server-sig-algs")) != 0 ||
	    (r = sshpkt_put_cstring(ssh, algs)) != 0 ||
	    (r = sshpkt_send(ssh)) != 0)
		goto out;
	/* success */
	r = 0;
 out:
	free(algs);
	return r;
}
示例#7
0
文件: auth2.c 项目: djmdjm/libopenssh
static void
userauth_banner(struct ssh *ssh)
{
    char *banner = NULL;
    int r;

    if (options.banner == NULL || (ssh->compat & SSH_BUG_BANNER) != 0)
        return;

    if ((banner = PRIVSEP(auth2_read_banner())) == NULL)
        goto done;

    if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_BANNER)) != 0 ||
            (r = sshpkt_put_cstring(ssh, banner)) != 0 ||
            (r = sshpkt_put_cstring(ssh, "")) != 0 ||	/* language, unused */
            (r = sshpkt_send(ssh)) != 0)
        fatal("%s: %s", __func__, ssh_err(r));
    debug("userauth_banner: sent");
done:
    free(banner);
}
示例#8
0
int
ssh_put_password(struct ssh *ssh, char *password)
{
	int r, size;
	char *padded;

	if (ssh->compat & SSH_BUG_PASSWORDPAD)
		return sshpkt_put_cstring(ssh, password);
	size = roundup(strlen(password) + 1, 32);
	if ((padded = calloc(1, size)) == NULL)
		return SSH_ERR_ALLOC_FAIL;
	strlcpy(padded, password, size);
	r = sshpkt_put_string(ssh, padded, size);
	explicit_bzero(padded, size);
	free(padded);
	return r;
}
示例#9
0
文件: auth2.c 项目: djmdjm/libopenssh
/*ARGSUSED*/
static int
input_service_request(int type, u_int32_t seq, struct ssh *ssh)
{
    struct authctxt *authctxt = ssh->authctxt;
    char *service = NULL;
    int r, acceptit = 0;

    if ((r = sshpkt_get_cstring(ssh, &service, NULL)) != 0 ||
            (r = sshpkt_get_end(ssh)) != 0)
        goto out;

    if (authctxt == NULL)
        fatal("input_service_request: no authctxt");

    if (strcmp(service, "ssh-userauth") == 0) {
        if (!authctxt->success) {
            acceptit = 1;
            /* now we can handle user-auth requests */
            ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_REQUEST,
                             &input_userauth_request);
        }
    }
    /* XXX all other service requests are denied */

    if (acceptit) {
        if ((r = sshpkt_start(ssh, SSH2_MSG_SERVICE_ACCEPT)) != 0 ||
                (r = sshpkt_put_cstring(ssh, service)) != 0 ||
                (r = sshpkt_send(ssh)) != 0)
            goto out;
        ssh_packet_write_wait(ssh);
    } else {
        debug("bad service request %s", service);
        ssh_packet_disconnect(ssh, "bad service request %s", service);
    }
    r = 0;
out:
    free(service);
    return r;
}
示例#10
0
static void
chan_send_eow2(struct ssh *ssh, Channel *c)
{
	int r;

	debug2("channel %d: send eow", c->self);
	if (c->ostate == CHAN_OUTPUT_CLOSED) {
		error("channel %d: must not sent eow on closed output",
		    c->self);
		return;
	}
	if (!(datafellows & SSH_NEW_OPENSSH))
		return;
	if (!c->have_remote_id)
		fatal("%s: channel %d: no remote_id", __func__, c->self);
	if ((r = sshpkt_start(ssh, SSH2_MSG_CHANNEL_REQUEST)) != 0 ||
	    (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 ||
	    (r = sshpkt_put_cstring(ssh, "*****@*****.**")) != 0 ||
	    (r = sshpkt_put_u8(ssh, 0)) != 0 ||
	    (r = sshpkt_send(ssh)) != 0)
		fatal("%s: send CHANNEL_EOF: %s", __func__, ssh_err(r));
}
示例#11
0
文件: auth2.c 项目: djmdjm/libopenssh
void
userauth_finish(struct ssh *ssh, int authenticated, const char *method,
                const char *submethod)
{
    struct authctxt *authctxt = ssh->authctxt;
    char *methods;
    int r, partial = 0;

    if (!authctxt->valid && authenticated)
        fatal("INTERNAL ERROR: authenticated invalid user %s",
              authctxt->user);
    if (authenticated && authctxt->postponed)
        fatal("INTERNAL ERROR: authenticated and postponed");

    /* Special handling for root */
    if (authenticated && authctxt->pw->pw_uid == 0 &&
            !auth_root_allowed(method))
        authenticated = 0;

    if (authenticated && options.num_auth_methods != 0) {
        if (!auth2_update_methods_lists(authctxt, method, submethod)) {
            authenticated = 0;
            partial = 1;
        }
    }

    /* Log before sending the reply */
    auth_log(authctxt, authenticated, partial, method, submethod);

    if (authctxt->postponed)
        return;

    if (authenticated == 1) {
        /* turn off userauth */
        ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_REQUEST,
                         &dispatch_protocol_ignore);
        if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_SUCCESS)) != 0 ||
                (r = sshpkt_send(ssh)) != 0)
            fatal("%s: %s", __func__, ssh_err(r));
        ssh_packet_write_wait(ssh);
        /* now we can break out */
        authctxt->success = 1;
    } else {
        /* Allow initial try of "none" auth without failure penalty */
        if (!partial && !authctxt->server_caused_failure &&
                (authctxt->attempt > 1 || strcmp(method, "none") != 0))
            authctxt->failures++;
        if (authctxt->failures >= options.max_authtries)
            auth_maxtries_exceeded(ssh, authctxt);
        methods = authmethods_get(authctxt);
        debug3("%s: failure partial=%d next methods=\"%s\"", __func__,
               partial, methods);
        if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_FAILURE)) != 0 ||
                (r = sshpkt_put_cstring(ssh, methods)) != 0 ||
                (r = sshpkt_put_u8(ssh, partial)) != 0 ||
                (r = sshpkt_send(ssh)) != 0)
            fatal("%s: %s", __func__, ssh_err(r));
        ssh_packet_write_wait(ssh);
        free(methods);
    }
}