Line | Source | Count |
1 | | - |
2 | | - |
3 | | - |
4 | | - |
5 | | - |
6 | | - |
7 | | - |
8 | | - |
9 | | - |
10 | | - |
11 | | - |
12 | | - |
13 | | - |
14 | | - |
15 | | - |
16 | | - |
17 | | - |
18 | | - |
19 | | - |
20 | | - |
21 | | - |
22 | | - |
23 | | - |
24 | | - |
25 | | - |
26 | | - |
27 | #include "includes.h" | - |
28 | | - |
29 | #include <sys/types.h> | - |
30 | | - |
31 | #include <stdarg.h> | - |
32 | #include <stdio.h> | - |
33 | #include <string.h> | - |
34 | | - |
35 | #include "xmalloc.h" | - |
36 | #include "ssh2.h" | - |
37 | #include "sshkey.h" | - |
38 | #include "hostfile.h" | - |
39 | #include "auth.h" | - |
40 | #include "sshbuf.h" | - |
41 | #include "packet.h" | - |
42 | #include "dispatch.h" | - |
43 | #include "ssherr.h" | - |
44 | #include "log.h" | - |
45 | #include "misc.h" | - |
46 | #include "servconf.h" | - |
47 | | - |
48 | | - |
49 | extern ServerOptions options; | - |
50 | | - |
51 | static int auth2_challenge_start(struct ssh *); | - |
52 | static int send_userauth_info_request(struct ssh *); | - |
53 | static int input_userauth_info_response(int, u_int32_t, struct ssh *); | - |
54 | | - |
55 | #ifdef BSD_AUTH | - |
56 | extern KbdintDevice bsdauth_device; | - |
57 | #else | - |
58 | #ifdef USE_PAM | - |
59 | extern KbdintDevice sshpam_device; | - |
60 | #endif | - |
61 | #endif | - |
62 | | - |
63 | KbdintDevice *devices[] = { | - |
64 | #ifdef BSD_AUTH | - |
65 | &bsdauth_device, | - |
66 | #else | - |
67 | #ifdef USE_PAM | - |
68 | &sshpam_device, | - |
69 | #endif | - |
70 | #endif | - |
71 | NULL | - |
72 | }; | - |
73 | | - |
74 | typedef struct KbdintAuthctxt KbdintAuthctxt; | - |
75 | struct KbdintAuthctxt | - |
76 | { | - |
77 | char *devices; | - |
78 | void *ctxt; | - |
79 | KbdintDevice *device; | - |
80 | u_int nreq; | - |
81 | u_int devices_done; | - |
82 | }; | - |
83 | | - |
84 | #ifdef USE_PAM | - |
85 | void | - |
86 | remove_kbdint_device(const char *devname) | - |
87 | { | - |
88 | int i, j; | - |
89 | | - |
90 | for (i = 0; devices[i] != NULL; i++) | - |
91 | if (strcmp(devices[i]->name, devname) == 0) { | - |
92 | for (j = i; devices[j] != NULL; j++) | - |
93 | devices[j] = devices[j+1]; | - |
94 | i--; | - |
95 | } | - |
96 | } | - |
97 | #endif | - |
98 | | - |
99 | static KbdintAuthctxt * | - |
100 | kbdint_alloc(const char *devs) | - |
101 | { | - |
102 | KbdintAuthctxt *kbdintctxt; | - |
103 | struct sshbuf *b; | - |
104 | int i, r; | - |
105 | | - |
106 | #ifdef USE_PAM | - |
107 | if (!options.use_pam) | - |
108 | remove_kbdint_device("pam"); | - |
109 | #endif | - |
110 | | - |
111 | kbdintctxt = xcalloc(1, sizeof(KbdintAuthctxt)); | - |
112 | if (strcmp(devs, "") == 0) { never executed: __result = (((const unsigned char *) (const char *) ( devs ))[3] - __s2[3]); never executed: end of block never executed: end of block never executed: __result = (((const unsigned char *) (const char *) ( "" ))[3] - __s2[3]); never executed: end of block never executed: end of block TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
113 | if ((b = sshbuf_new()) == NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
114 | fatal("%s: sshbuf_new failed", __func__); never executed: fatal("%s: sshbuf_new failed", __func__); | 0 |
115 | for (i = 0; devices[i]; i++) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
116 | if ((r = sshbuf_putf(b, "%s%s",TRUE | never evaluated | FALSE | never evaluated |
| 0 |
117 | sshbuf_len(b) ? "," : "", devices[i]->name)) != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
118 | fatal("%s: buffer error: %s", never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r)); | 0 |
119 | __func__, ssh_err(r)); never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r)); | 0 |
120 | } never executed: end of block | 0 |
121 | if ((kbdintctxt->devices = sshbuf_dup_string(b)) == NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
122 | fatal("%s: sshbuf_dup_string failed", __func__); never executed: fatal("%s: sshbuf_dup_string failed", __func__); | 0 |
123 | sshbuf_free(b); | - |
124 | } else { never executed: end of block | 0 |
125 | kbdintctxt->devices = xstrdup(devs); | - |
126 | } never executed: end of block | 0 |
127 | debug("kbdint_alloc: devices '%s'", kbdintctxt->devices); | - |
128 | kbdintctxt->ctxt = NULL; | - |
129 | kbdintctxt->device = NULL; | - |
130 | kbdintctxt->nreq = 0; | - |
131 | | - |
132 | return kbdintctxt; never executed: return kbdintctxt; | 0 |
133 | } | - |
134 | static void | - |
135 | kbdint_reset_device(KbdintAuthctxt *kbdintctxt) | - |
136 | { | - |
137 | if (kbdintctxt->ctxt) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
138 | kbdintctxt->device->free_ctx(kbdintctxt->ctxt); | - |
139 | kbdintctxt->ctxt = NULL; | - |
140 | } never executed: end of block | 0 |
141 | kbdintctxt->device = NULL; | - |
142 | } never executed: end of block | 0 |
143 | static void | - |
144 | kbdint_free(KbdintAuthctxt *kbdintctxt) | - |
145 | { | - |
146 | if (kbdintctxt->device)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
147 | kbdint_reset_device(kbdintctxt); never executed: kbdint_reset_device(kbdintctxt); | 0 |
148 | free(kbdintctxt->devices); | - |
149 | explicit_bzero(kbdintctxt, sizeof(*kbdintctxt)); | - |
150 | free(kbdintctxt); | - |
151 | } never executed: end of block | 0 |
152 | | - |
153 | static int | - |
154 | kbdint_next_device(Authctxt *authctxt, KbdintAuthctxt *kbdintctxt) | - |
155 | { | - |
156 | size_t len; | - |
157 | char *t; | - |
158 | int i; | - |
159 | | - |
160 | if (kbdintctxt->device)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
161 | kbdint_reset_device(kbdintctxt); never executed: kbdint_reset_device(kbdintctxt); | 0 |
162 | do { | - |
163 | len = kbdintctxt->devices ?TRUE | never evaluated | FALSE | never evaluated |
| 0 |
164 | strcspn(kbdintctxt->devices, ",") : 0; | - |
165 | | - |
166 | if (len == 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
167 | break; never executed: break; | 0 |
168 | for (i = 0; devices[i]; i++) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
169 | if ((kbdintctxt->devices_done & (1 << i)) != 0 ||TRUE | never evaluated | FALSE | never evaluated |
| 0 |
170 | !auth2_method_allowed(authctxt,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
171 | "keyboard-interactive", devices[i]->name))TRUE | never evaluated | FALSE | never evaluated |
| 0 |
172 | continue; never executed: continue; | 0 |
173 | if (strncmp(kbdintctxt->devices, devices[i]->name, never executed: __result = (((const unsigned char *) (const char *) ( kbdintctxt->devices ))[3] - __s2[3]); never executed: end of block never executed: end of block never executed: __result = (((const unsigned char *) (const char *) ( devices[i]->name ))[3] - __s2[3]); never executed: end of block never executed: end of block TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
174 | len) == 0) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
175 | kbdintctxt->device = devices[i]; | - |
176 | kbdintctxt->devices_done |= 1 << i; | - |
177 | } never executed: end of block | 0 |
178 | } never executed: end of block | 0 |
179 | t = kbdintctxt->devices; | - |
180 | kbdintctxt->devices = t[len] ? xstrdup(t+len+1) : NULL;TRUE | never evaluated | FALSE | never evaluated |
| 0 |
181 | free(t); | - |
182 | debug2("kbdint_next_device: devices %s", kbdintctxt->devices ? | - |
183 | kbdintctxt->devices : "<empty>"); | - |
184 | } while (kbdintctxt->devices && !kbdintctxt->device); never executed: end of block TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
185 | | - |
186 | return kbdintctxt->device ? 1 : 0; never executed: return kbdintctxt->device ? 1 : 0; TRUE | never evaluated | FALSE | never evaluated |
| 0 |
187 | } | - |
188 | | - |
189 | | - |
190 | | - |
191 | | - |
192 | | - |
193 | int | - |
194 | auth2_challenge(struct ssh *ssh, char *devs) | - |
195 | { | - |
196 | Authctxt *authctxt = ssh->authctxt; | - |
197 | debug("auth2_challenge: user=%s devs=%s", | - |
198 | authctxt->user ? authctxt->user : "<nouser>", | - |
199 | devs ? devs : "<no devs>"); | - |
200 | | - |
201 | if (authctxt->user == NULL || !devs)TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
202 | return 0; never executed: return 0; | 0 |
203 | if (authctxt->kbdintctxt == NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
204 | authctxt->kbdintctxt = kbdint_alloc(devs); never executed: authctxt->kbdintctxt = kbdint_alloc(devs); | 0 |
205 | return auth2_challenge_start(ssh); never executed: return auth2_challenge_start(ssh); | 0 |
206 | } | - |
207 | | - |
208 | | - |
209 | void | - |
210 | auth2_challenge_stop(struct ssh *ssh) | - |
211 | { | - |
212 | Authctxt *authctxt = ssh->authctxt; | - |
213 | | - |
214 | ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_INFO_RESPONSE, NULL); | - |
215 | if (authctxt->kbdintctxt != NULL) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
216 | kbdint_free(authctxt->kbdintctxt); | - |
217 | authctxt->kbdintctxt = NULL; | - |
218 | } never executed: end of block | 0 |
219 | } never executed: end of block | 0 |
220 | | - |
221 | | - |
222 | static int | - |
223 | auth2_challenge_start(struct ssh *ssh) | - |
224 | { | - |
225 | Authctxt *authctxt = ssh->authctxt; | - |
226 | KbdintAuthctxt *kbdintctxt = authctxt->kbdintctxt; | - |
227 | | - |
228 | debug2("auth2_challenge_start: devices %s", | - |
229 | kbdintctxt->devices ? kbdintctxt->devices : "<empty>"); | - |
230 | | - |
231 | if (kbdint_next_device(authctxt, kbdintctxt) == 0) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
232 | auth2_challenge_stop(ssh); | - |
233 | return 0; never executed: return 0; | 0 |
234 | } | - |
235 | debug("auth2_challenge_start: trying authentication method '%s'", | - |
236 | kbdintctxt->device->name); | - |
237 | | - |
238 | if ((kbdintctxt->ctxt = kbdintctxt->device->init_ctx(authctxt)) == NULL) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
239 | auth2_challenge_stop(ssh); | - |
240 | return 0; never executed: return 0; | 0 |
241 | } | - |
242 | if (send_userauth_info_request(ssh) == 0) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
243 | auth2_challenge_stop(ssh); | - |
244 | return 0; never executed: return 0; | 0 |
245 | } | - |
246 | ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_INFO_RESPONSE, | - |
247 | &input_userauth_info_response); | - |
248 | | - |
249 | authctxt->postponed = 1; | - |
250 | return 0; never executed: return 0; | 0 |
251 | } | - |
252 | | - |
253 | static int | - |
254 | send_userauth_info_request(struct ssh *ssh) | - |
255 | { | - |
256 | Authctxt *authctxt = ssh->authctxt; | - |
257 | KbdintAuthctxt *kbdintctxt; | - |
258 | char *name, *instr, **prompts; | - |
259 | u_int r, i, *echo_on; | - |
260 | | - |
261 | kbdintctxt = authctxt->kbdintctxt; | - |
262 | if (kbdintctxt->device->query(kbdintctxt->ctxt,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
263 | &name, &instr, &kbdintctxt->nreq, &prompts, &echo_on))TRUE | never evaluated | FALSE | never evaluated |
| 0 |
264 | return 0; never executed: return 0; | 0 |
265 | | - |
266 | if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_INFO_REQUEST)) != 0 ||TRUE | never evaluated | FALSE | never evaluated |
| 0 |
267 | (r = sshpkt_put_cstring(ssh, name)) != 0 ||TRUE | never evaluated | FALSE | never evaluated |
| 0 |
268 | (r = sshpkt_put_cstring(ssh, instr)) != 0 ||TRUE | never evaluated | FALSE | never evaluated |
| 0 |
269 | (r = sshpkt_put_cstring(ssh, "")) != 0 || TRUE | never evaluated | FALSE | never evaluated |
| 0 |
270 | (r = sshpkt_put_u32(ssh, kbdintctxt->nreq)) != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
271 | fatal("%s: %s", __func__, ssh_err(r)); never executed: fatal("%s: %s", __func__, ssh_err(r)); | 0 |
272 | for (i = 0; i < kbdintctxt->nreq; i++) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
273 | if ((r = sshpkt_put_cstring(ssh, prompts[i])) != 0 ||TRUE | never evaluated | FALSE | never evaluated |
| 0 |
274 | (r = sshpkt_put_u8(ssh, echo_on[i])) != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
275 | fatal("%s: %s", __func__, ssh_err(r)); never executed: fatal("%s: %s", __func__, ssh_err(r)); | 0 |
276 | } never executed: end of block | 0 |
277 | if ((r = sshpkt_send(ssh)) != 0 ||TRUE | never evaluated | FALSE | never evaluated |
| 0 |
278 | (r = ssh_packet_write_wait(ssh)) != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
279 | fatal("%s: %s", __func__, ssh_err(r)); never executed: fatal("%s: %s", __func__, ssh_err(r)); | 0 |
280 | | - |
281 | for (i = 0; i < kbdintctxt->nreq; i++)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
282 | free(prompts[i]); never executed: free(prompts[i]); | 0 |
283 | free(prompts); | - |
284 | free(echo_on); | - |
285 | free(name); | - |
286 | free(instr); | - |
287 | return 1; never executed: return 1; | 0 |
288 | } | - |
289 | | - |
290 | static int | - |
291 | input_userauth_info_response(int type, u_int32_t seq, struct ssh *ssh) | - |
292 | { | - |
293 | Authctxt *authctxt = ssh->authctxt; | - |
294 | KbdintAuthctxt *kbdintctxt; | - |
295 | int authenticated = 0, res; | - |
296 | int r; | - |
297 | u_int i, nresp; | - |
298 | const char *devicename = NULL; | - |
299 | char **response = NULL; | - |
300 | | - |
301 | if (authctxt == NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
302 | fatal("input_userauth_info_response: no authctxt"); never executed: fatal("input_userauth_info_response: no authctxt"); | 0 |
303 | kbdintctxt = authctxt->kbdintctxt; | - |
304 | if (kbdintctxt == NULL || kbdintctxt->ctxt == NULL)TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
305 | fatal("input_userauth_info_response: no kbdintctxt"); never executed: fatal("input_userauth_info_response: no kbdintctxt"); | 0 |
306 | if (kbdintctxt->device == NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
307 | fatal("input_userauth_info_response: no device"); never executed: fatal("input_userauth_info_response: no device"); | 0 |
308 | | - |
309 | authctxt->postponed = 0; | - |
310 | if ((r = sshpkt_get_u32(ssh, &nresp)) != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
311 | fatal("%s: %s", __func__, ssh_err(r)); never executed: fatal("%s: %s", __func__, ssh_err(r)); | 0 |
312 | if (nresp != kbdintctxt->nreq)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
313 | fatal("input_userauth_info_response: wrong number of replies"); never executed: fatal("input_userauth_info_response: wrong number of replies"); | 0 |
314 | if (nresp > 100)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
315 | fatal("input_userauth_info_response: too many replies"); never executed: fatal("input_userauth_info_response: too many replies"); | 0 |
316 | if (nresp > 0) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
317 | response = xcalloc(nresp, sizeof(char *)); | - |
318 | for (i = 0; i < nresp; i++)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
319 | if ((r = sshpkt_get_cstring(ssh, &response[i],TRUE | never evaluated | FALSE | never evaluated |
| 0 |
320 | NULL)) != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
321 | fatal("%s: %s", __func__, ssh_err(r)); never executed: fatal("%s: %s", __func__, ssh_err(r)); | 0 |
322 | } never executed: end of block | 0 |
323 | if ((r = sshpkt_get_end(ssh)) != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
324 | fatal("%s: %s", __func__, ssh_err(r)); never executed: fatal("%s: %s", __func__, ssh_err(r)); | 0 |
325 | | - |
326 | res = kbdintctxt->device->respond(kbdintctxt->ctxt, nresp, response); | - |
327 | | - |
328 | for (i = 0; i < nresp; i++) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
329 | explicit_bzero(response[i], strlen(response[i])); | - |
330 | free(response[i]); | - |
331 | } never executed: end of block | 0 |
332 | free(response); | - |
333 | | - |
334 | switch (res) { | - |
335 | case 0: never executed: case 0: | 0 |
336 | | - |
337 | authenticated = authctxt->valid ? 1 : 0;TRUE | never evaluated | FALSE | never evaluated |
| 0 |
338 | break; never executed: break; | 0 |
339 | case 1: never executed: case 1: | 0 |
340 | | - |
341 | if (send_userauth_info_request(ssh) == 1)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
342 | authctxt->postponed = 1; never executed: authctxt->postponed = 1; | 0 |
343 | break; never executed: break; | 0 |
344 | default: never executed: default: | 0 |
345 | | - |
346 | break; never executed: break; | 0 |
347 | } | - |
348 | devicename = kbdintctxt->device->name; | - |
349 | if (!authctxt->postponed) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
350 | if (authenticated) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
351 | auth2_challenge_stop(ssh); | - |
352 | } else { never executed: end of block | 0 |
353 | | - |
354 | | - |
355 | auth2_challenge_start(ssh); | - |
356 | } never executed: end of block | 0 |
357 | } | - |
358 | userauth_finish(ssh, authenticated, "keyboard-interactive", | - |
359 | devicename); | - |
360 | return 0; never executed: return 0; | 0 |
361 | } | - |
362 | | - |
363 | void | - |
364 | privsep_challenge_enable(void) | - |
365 | { | - |
366 | #if defined(BSD_AUTH) || defined(USE_PAM) | - |
367 | int n = 0; | - |
368 | #endif | - |
369 | #ifdef BSD_AUTH | - |
370 | extern KbdintDevice mm_bsdauth_device; | - |
371 | #endif | - |
372 | #ifdef USE_PAM | - |
373 | extern KbdintDevice mm_sshpam_device; | - |
374 | #endif | - |
375 | | - |
376 | #ifdef BSD_AUTH | - |
377 | devices[n++] = &mm_bsdauth_device; | - |
378 | #else | - |
379 | #ifdef USE_PAM | - |
380 | devices[n++] = &mm_sshpam_device; | - |
381 | #endif | - |
382 | #endif | - |
383 | } | - |
| | |