1761efaa7SDag-Erling Smørgrav /* $OpenBSD: auth-bsdauth.c,v 1.10 2006/08/03 03:34:41 deraadt Exp $ */ 2ae1f160dSDag-Erling Smørgrav /* 3ae1f160dSDag-Erling Smørgrav * Copyright (c) 2001 Markus Friedl. All rights reserved. 4ae1f160dSDag-Erling Smørgrav * 5ae1f160dSDag-Erling Smørgrav * Redistribution and use in source and binary forms, with or without 6ae1f160dSDag-Erling Smørgrav * modification, are permitted provided that the following conditions 7ae1f160dSDag-Erling Smørgrav * are met: 8ae1f160dSDag-Erling Smørgrav * 1. Redistributions of source code must retain the above copyright 9ae1f160dSDag-Erling Smørgrav * notice, this list of conditions and the following disclaimer. 10ae1f160dSDag-Erling Smørgrav * 2. Redistributions in binary form must reproduce the above copyright 11ae1f160dSDag-Erling Smørgrav * notice, this list of conditions and the following disclaimer in the 12ae1f160dSDag-Erling Smørgrav * documentation and/or other materials provided with the distribution. 13ae1f160dSDag-Erling Smørgrav * 14ae1f160dSDag-Erling Smørgrav * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 15ae1f160dSDag-Erling Smørgrav * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 16ae1f160dSDag-Erling Smørgrav * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 17ae1f160dSDag-Erling Smørgrav * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 18ae1f160dSDag-Erling Smørgrav * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 19ae1f160dSDag-Erling Smørgrav * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 20ae1f160dSDag-Erling Smørgrav * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 21ae1f160dSDag-Erling Smørgrav * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 22ae1f160dSDag-Erling Smørgrav * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 23ae1f160dSDag-Erling Smørgrav * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24ae1f160dSDag-Erling Smørgrav */ 25761efaa7SDag-Erling Smørgrav 26ae1f160dSDag-Erling Smørgrav #include "includes.h" 27761efaa7SDag-Erling Smørgrav 28761efaa7SDag-Erling Smørgrav #include <sys/types.h> 29761efaa7SDag-Erling Smørgrav 30761efaa7SDag-Erling Smørgrav #include <stdarg.h> 31ae1f160dSDag-Erling Smørgrav 32ae1f160dSDag-Erling Smørgrav #ifdef BSD_AUTH 33ae1f160dSDag-Erling Smørgrav #include "xmalloc.h" 34761efaa7SDag-Erling Smørgrav #include "key.h" 35761efaa7SDag-Erling Smørgrav #include "hostfile.h" 36ae1f160dSDag-Erling Smørgrav #include "auth.h" 37ae1f160dSDag-Erling Smørgrav #include "log.h" 38761efaa7SDag-Erling Smørgrav #include "buffer.h" 39761efaa7SDag-Erling Smørgrav #ifdef GSSAPI 40761efaa7SDag-Erling Smørgrav #include "ssh-gss.h" 41761efaa7SDag-Erling Smørgrav #endif 42545d5ecaSDag-Erling Smørgrav #include "monitor_wrap.h" 43ae1f160dSDag-Erling Smørgrav 44ae1f160dSDag-Erling Smørgrav static void * 45ae1f160dSDag-Erling Smørgrav bsdauth_init_ctx(Authctxt *authctxt) 46ae1f160dSDag-Erling Smørgrav { 47ae1f160dSDag-Erling Smørgrav return authctxt; 48ae1f160dSDag-Erling Smørgrav } 49ae1f160dSDag-Erling Smørgrav 50545d5ecaSDag-Erling Smørgrav int 51ae1f160dSDag-Erling Smørgrav bsdauth_query(void *ctx, char **name, char **infotxt, 52ae1f160dSDag-Erling Smørgrav u_int *numprompts, char ***prompts, u_int **echo_on) 53ae1f160dSDag-Erling Smørgrav { 54ae1f160dSDag-Erling Smørgrav Authctxt *authctxt = ctx; 55ae1f160dSDag-Erling Smørgrav char *challenge = NULL; 56ae1f160dSDag-Erling Smørgrav 57ae1f160dSDag-Erling Smørgrav if (authctxt->as != NULL) { 58ae1f160dSDag-Erling Smørgrav debug2("bsdauth_query: try reuse session"); 59ae1f160dSDag-Erling Smørgrav challenge = auth_getitem(authctxt->as, AUTHV_CHALLENGE); 60ae1f160dSDag-Erling Smørgrav if (challenge == NULL) { 61ae1f160dSDag-Erling Smørgrav auth_close(authctxt->as); 62ae1f160dSDag-Erling Smørgrav authctxt->as = NULL; 63ae1f160dSDag-Erling Smørgrav } 64ae1f160dSDag-Erling Smørgrav } 65ae1f160dSDag-Erling Smørgrav 66ae1f160dSDag-Erling Smørgrav if (challenge == NULL) { 67ae1f160dSDag-Erling Smørgrav debug2("bsdauth_query: new bsd auth session"); 68ae1f160dSDag-Erling Smørgrav debug3("bsdauth_query: style %s", 69ae1f160dSDag-Erling Smørgrav authctxt->style ? authctxt->style : "<default>"); 70ae1f160dSDag-Erling Smørgrav authctxt->as = auth_userchallenge(authctxt->user, 71ae1f160dSDag-Erling Smørgrav authctxt->style, "auth-ssh", &challenge); 72ae1f160dSDag-Erling Smørgrav if (authctxt->as == NULL) 73ae1f160dSDag-Erling Smørgrav challenge = NULL; 74ae1f160dSDag-Erling Smørgrav debug2("bsdauth_query: <%s>", challenge ? challenge : "empty"); 75ae1f160dSDag-Erling Smørgrav } 76ae1f160dSDag-Erling Smørgrav 77ae1f160dSDag-Erling Smørgrav if (challenge == NULL) 78ae1f160dSDag-Erling Smørgrav return -1; 79ae1f160dSDag-Erling Smørgrav 80ae1f160dSDag-Erling Smørgrav *name = xstrdup(""); 81ae1f160dSDag-Erling Smørgrav *infotxt = xstrdup(""); 82ae1f160dSDag-Erling Smørgrav *numprompts = 1; 83761efaa7SDag-Erling Smørgrav *prompts = xcalloc(*numprompts, sizeof(char *)); 84761efaa7SDag-Erling Smørgrav *echo_on = xcalloc(*numprompts, sizeof(u_int)); 85ae1f160dSDag-Erling Smørgrav (*prompts)[0] = xstrdup(challenge); 86ae1f160dSDag-Erling Smørgrav 87ae1f160dSDag-Erling Smørgrav return 0; 88ae1f160dSDag-Erling Smørgrav } 89ae1f160dSDag-Erling Smørgrav 90545d5ecaSDag-Erling Smørgrav int 91ae1f160dSDag-Erling Smørgrav bsdauth_respond(void *ctx, u_int numresponses, char **responses) 92ae1f160dSDag-Erling Smørgrav { 93ae1f160dSDag-Erling Smørgrav Authctxt *authctxt = ctx; 94ae1f160dSDag-Erling Smørgrav int authok; 95ae1f160dSDag-Erling Smørgrav 965e8dbd04SDag-Erling Smørgrav if (!authctxt->valid) 975e8dbd04SDag-Erling Smørgrav return -1; 985e8dbd04SDag-Erling Smørgrav 99ae1f160dSDag-Erling Smørgrav if (authctxt->as == 0) 100ae1f160dSDag-Erling Smørgrav error("bsdauth_respond: no bsd auth session"); 101ae1f160dSDag-Erling Smørgrav 102ae1f160dSDag-Erling Smørgrav if (numresponses != 1) 103ae1f160dSDag-Erling Smørgrav return -1; 104ae1f160dSDag-Erling Smørgrav 105ae1f160dSDag-Erling Smørgrav authok = auth_userresponse(authctxt->as, responses[0], 0); 106ae1f160dSDag-Erling Smørgrav authctxt->as = NULL; 107ae1f160dSDag-Erling Smørgrav debug3("bsdauth_respond: <%s> = <%d>", responses[0], authok); 108ae1f160dSDag-Erling Smørgrav 109ae1f160dSDag-Erling Smørgrav return (authok == 0) ? -1 : 0; 110ae1f160dSDag-Erling Smørgrav } 111ae1f160dSDag-Erling Smørgrav 112ae1f160dSDag-Erling Smørgrav static void 113ae1f160dSDag-Erling Smørgrav bsdauth_free_ctx(void *ctx) 114ae1f160dSDag-Erling Smørgrav { 115ae1f160dSDag-Erling Smørgrav Authctxt *authctxt = ctx; 116ae1f160dSDag-Erling Smørgrav 117ae1f160dSDag-Erling Smørgrav if (authctxt && authctxt->as) { 118ae1f160dSDag-Erling Smørgrav auth_close(authctxt->as); 119ae1f160dSDag-Erling Smørgrav authctxt->as = NULL; 120ae1f160dSDag-Erling Smørgrav } 121ae1f160dSDag-Erling Smørgrav } 122ae1f160dSDag-Erling Smørgrav 123ae1f160dSDag-Erling Smørgrav KbdintDevice bsdauth_device = { 124ae1f160dSDag-Erling Smørgrav "bsdauth", 125ae1f160dSDag-Erling Smørgrav bsdauth_init_ctx, 126ae1f160dSDag-Erling Smørgrav bsdauth_query, 127ae1f160dSDag-Erling Smørgrav bsdauth_respond, 128ae1f160dSDag-Erling Smørgrav bsdauth_free_ctx 129ae1f160dSDag-Erling Smørgrav }; 130545d5ecaSDag-Erling Smørgrav 131545d5ecaSDag-Erling Smørgrav KbdintDevice mm_bsdauth_device = { 132545d5ecaSDag-Erling Smørgrav "bsdauth", 133545d5ecaSDag-Erling Smørgrav bsdauth_init_ctx, 134545d5ecaSDag-Erling Smørgrav mm_bsdauth_query, 135545d5ecaSDag-Erling Smørgrav mm_bsdauth_respond, 136545d5ecaSDag-Erling Smørgrav bsdauth_free_ctx 137545d5ecaSDag-Erling Smørgrav }; 138ae1f160dSDag-Erling Smørgrav #endif 139