1*190cef3dSDag-Erling Smørgrav /* $OpenBSD: auth-bsdauth.c,v 1.15 2018/07/09 21:35:50 markus Exp $ */ 2ae1f160dSDag-Erling Smørgrav /* 3ae1f160dSDag-Erling Smørgrav * Copyright (c) 2001 Markus Friedl. All rights reserved. 4ae1f160dSDag-Erling Smørgrav * 5ae1f160dSDag-Erling Smørgrav * Redistribution and use in source and binary forms, with or without 6ae1f160dSDag-Erling Smørgrav * modification, are permitted provided that the following conditions 7ae1f160dSDag-Erling Smørgrav * are met: 8ae1f160dSDag-Erling Smørgrav * 1. Redistributions of source code must retain the above copyright 9ae1f160dSDag-Erling Smørgrav * notice, this list of conditions and the following disclaimer. 10ae1f160dSDag-Erling Smørgrav * 2. Redistributions in binary form must reproduce the above copyright 11ae1f160dSDag-Erling Smørgrav * notice, this list of conditions and the following disclaimer in the 12ae1f160dSDag-Erling Smørgrav * documentation and/or other materials provided with the distribution. 13ae1f160dSDag-Erling Smørgrav * 14ae1f160dSDag-Erling Smørgrav * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 15ae1f160dSDag-Erling Smørgrav * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 16ae1f160dSDag-Erling Smørgrav * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 17ae1f160dSDag-Erling Smørgrav * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 18ae1f160dSDag-Erling Smørgrav * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 19ae1f160dSDag-Erling Smørgrav * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 20ae1f160dSDag-Erling Smørgrav * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 21ae1f160dSDag-Erling Smørgrav * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 22ae1f160dSDag-Erling Smørgrav * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 23ae1f160dSDag-Erling Smørgrav * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24ae1f160dSDag-Erling Smørgrav */ 25761efaa7SDag-Erling Smørgrav 26ae1f160dSDag-Erling Smørgrav #include "includes.h" 27761efaa7SDag-Erling Smørgrav 28761efaa7SDag-Erling Smørgrav #include <sys/types.h> 29a0ee8cc6SDag-Erling Smørgrav #include <stdarg.h> 30a0ee8cc6SDag-Erling Smørgrav #include <stdio.h> 31761efaa7SDag-Erling Smørgrav 32761efaa7SDag-Erling Smørgrav #include <stdarg.h> 33ae1f160dSDag-Erling Smørgrav 34ae1f160dSDag-Erling Smørgrav #ifdef BSD_AUTH 35ae1f160dSDag-Erling Smørgrav #include "xmalloc.h" 36*190cef3dSDag-Erling Smørgrav #include "sshkey.h" 37*190cef3dSDag-Erling Smørgrav #include "sshbuf.h" 38761efaa7SDag-Erling Smørgrav #include "hostfile.h" 39ae1f160dSDag-Erling Smørgrav #include "auth.h" 40ae1f160dSDag-Erling Smørgrav #include "log.h" 41761efaa7SDag-Erling Smørgrav #ifdef GSSAPI 42761efaa7SDag-Erling Smørgrav #include "ssh-gss.h" 43761efaa7SDag-Erling Smørgrav #endif 44545d5ecaSDag-Erling Smørgrav #include "monitor_wrap.h" 45ae1f160dSDag-Erling Smørgrav 46ae1f160dSDag-Erling Smørgrav static void * 47ae1f160dSDag-Erling Smørgrav bsdauth_init_ctx(Authctxt *authctxt) 48ae1f160dSDag-Erling Smørgrav { 49ae1f160dSDag-Erling Smørgrav return authctxt; 50ae1f160dSDag-Erling Smørgrav } 51ae1f160dSDag-Erling Smørgrav 52545d5ecaSDag-Erling Smørgrav int 53ae1f160dSDag-Erling Smørgrav bsdauth_query(void *ctx, char **name, char **infotxt, 54ae1f160dSDag-Erling Smørgrav u_int *numprompts, char ***prompts, u_int **echo_on) 55ae1f160dSDag-Erling Smørgrav { 56ae1f160dSDag-Erling Smørgrav Authctxt *authctxt = ctx; 57ae1f160dSDag-Erling Smørgrav char *challenge = NULL; 58ae1f160dSDag-Erling Smørgrav 59a0ee8cc6SDag-Erling Smørgrav *infotxt = NULL; 60a0ee8cc6SDag-Erling Smørgrav *numprompts = 0; 61a0ee8cc6SDag-Erling Smørgrav *prompts = NULL; 62a0ee8cc6SDag-Erling Smørgrav *echo_on = NULL; 63a0ee8cc6SDag-Erling Smørgrav 64ae1f160dSDag-Erling Smørgrav if (authctxt->as != NULL) { 65ae1f160dSDag-Erling Smørgrav debug2("bsdauth_query: try reuse session"); 66ae1f160dSDag-Erling Smørgrav challenge = auth_getitem(authctxt->as, AUTHV_CHALLENGE); 67ae1f160dSDag-Erling Smørgrav if (challenge == NULL) { 68ae1f160dSDag-Erling Smørgrav auth_close(authctxt->as); 69ae1f160dSDag-Erling Smørgrav authctxt->as = NULL; 70ae1f160dSDag-Erling Smørgrav } 71ae1f160dSDag-Erling Smørgrav } 72ae1f160dSDag-Erling Smørgrav 73ae1f160dSDag-Erling Smørgrav if (challenge == NULL) { 74ae1f160dSDag-Erling Smørgrav debug2("bsdauth_query: new bsd auth session"); 75ae1f160dSDag-Erling Smørgrav debug3("bsdauth_query: style %s", 76ae1f160dSDag-Erling Smørgrav authctxt->style ? authctxt->style : "<default>"); 77ae1f160dSDag-Erling Smørgrav authctxt->as = auth_userchallenge(authctxt->user, 78ae1f160dSDag-Erling Smørgrav authctxt->style, "auth-ssh", &challenge); 79ae1f160dSDag-Erling Smørgrav if (authctxt->as == NULL) 80ae1f160dSDag-Erling Smørgrav challenge = NULL; 81ae1f160dSDag-Erling Smørgrav debug2("bsdauth_query: <%s>", challenge ? challenge : "empty"); 82ae1f160dSDag-Erling Smørgrav } 83ae1f160dSDag-Erling Smørgrav 84ae1f160dSDag-Erling Smørgrav if (challenge == NULL) 85ae1f160dSDag-Erling Smørgrav return -1; 86ae1f160dSDag-Erling Smørgrav 87ae1f160dSDag-Erling Smørgrav *name = xstrdup(""); 88ae1f160dSDag-Erling Smørgrav *infotxt = xstrdup(""); 89ae1f160dSDag-Erling Smørgrav *numprompts = 1; 90761efaa7SDag-Erling Smørgrav *prompts = xcalloc(*numprompts, sizeof(char *)); 91761efaa7SDag-Erling Smørgrav *echo_on = xcalloc(*numprompts, sizeof(u_int)); 92ae1f160dSDag-Erling Smørgrav (*prompts)[0] = xstrdup(challenge); 93ae1f160dSDag-Erling Smørgrav 94ae1f160dSDag-Erling Smørgrav return 0; 95ae1f160dSDag-Erling Smørgrav } 96ae1f160dSDag-Erling Smørgrav 97545d5ecaSDag-Erling Smørgrav int 98ae1f160dSDag-Erling Smørgrav bsdauth_respond(void *ctx, u_int numresponses, char **responses) 99ae1f160dSDag-Erling Smørgrav { 100ae1f160dSDag-Erling Smørgrav Authctxt *authctxt = ctx; 101ae1f160dSDag-Erling Smørgrav int authok; 102ae1f160dSDag-Erling Smørgrav 1035e8dbd04SDag-Erling Smørgrav if (!authctxt->valid) 1045e8dbd04SDag-Erling Smørgrav return -1; 1055e8dbd04SDag-Erling Smørgrav 106acc1a9efSDag-Erling Smørgrav if (authctxt->as == NULL) 107ae1f160dSDag-Erling Smørgrav error("bsdauth_respond: no bsd auth session"); 108ae1f160dSDag-Erling Smørgrav 109ae1f160dSDag-Erling Smørgrav if (numresponses != 1) 110ae1f160dSDag-Erling Smørgrav return -1; 111ae1f160dSDag-Erling Smørgrav 112ae1f160dSDag-Erling Smørgrav authok = auth_userresponse(authctxt->as, responses[0], 0); 113ae1f160dSDag-Erling Smørgrav authctxt->as = NULL; 114ae1f160dSDag-Erling Smørgrav debug3("bsdauth_respond: <%s> = <%d>", responses[0], authok); 115ae1f160dSDag-Erling Smørgrav 116ae1f160dSDag-Erling Smørgrav return (authok == 0) ? -1 : 0; 117ae1f160dSDag-Erling Smørgrav } 118ae1f160dSDag-Erling Smørgrav 119ae1f160dSDag-Erling Smørgrav static void 120ae1f160dSDag-Erling Smørgrav bsdauth_free_ctx(void *ctx) 121ae1f160dSDag-Erling Smørgrav { 122ae1f160dSDag-Erling Smørgrav Authctxt *authctxt = ctx; 123ae1f160dSDag-Erling Smørgrav 124ae1f160dSDag-Erling Smørgrav if (authctxt && authctxt->as) { 125ae1f160dSDag-Erling Smørgrav auth_close(authctxt->as); 126ae1f160dSDag-Erling Smørgrav authctxt->as = NULL; 127ae1f160dSDag-Erling Smørgrav } 128ae1f160dSDag-Erling Smørgrav } 129ae1f160dSDag-Erling Smørgrav 130ae1f160dSDag-Erling Smørgrav KbdintDevice bsdauth_device = { 131ae1f160dSDag-Erling Smørgrav "bsdauth", 132ae1f160dSDag-Erling Smørgrav bsdauth_init_ctx, 133ae1f160dSDag-Erling Smørgrav bsdauth_query, 134ae1f160dSDag-Erling Smørgrav bsdauth_respond, 135ae1f160dSDag-Erling Smørgrav bsdauth_free_ctx 136ae1f160dSDag-Erling Smørgrav }; 137545d5ecaSDag-Erling Smørgrav 138545d5ecaSDag-Erling Smørgrav KbdintDevice mm_bsdauth_device = { 139545d5ecaSDag-Erling Smørgrav "bsdauth", 140545d5ecaSDag-Erling Smørgrav bsdauth_init_ctx, 141545d5ecaSDag-Erling Smørgrav mm_bsdauth_query, 142545d5ecaSDag-Erling Smørgrav mm_bsdauth_respond, 143545d5ecaSDag-Erling Smørgrav bsdauth_free_ctx 144545d5ecaSDag-Erling Smørgrav }; 145ae1f160dSDag-Erling Smørgrav #endif 146