xref: /freebsd/crypto/openssh/auth2-chall.c (revision 545d5eca429a5967b3300cb527d49cae8184e79f) 
1 /*
2  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
3  * Copyright (c) 2001 Per Allansson.  All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  * 1. Redistributions of source code must retain the above copyright
9  *    notice, this list of conditions and the following disclaimer.
10  * 2. Redistributions in binary form must reproduce the above copyright
11  *    notice, this list of conditions and the following disclaimer in the
12  *    documentation and/or other materials provided with the distribution.
13  *
14  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
18  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24  */
25 #include "includes.h"
26 RCSID("$OpenBSD: auth2-chall.c,v 1.18 2002/06/19 00:27:55 deraadt Exp $");
27 
28 #include "ssh2.h"
29 #include "auth.h"
30 #include "buffer.h"
31 #include "packet.h"
32 #include "xmalloc.h"
33 #include "dispatch.h"
34 #include "auth.h"
35 #include "log.h"
36 
37 static int auth2_challenge_start(Authctxt *);
38 static int send_userauth_info_request(Authctxt *);
39 static void input_userauth_info_response(int, u_int32_t, void *);
40 
41 #ifdef BSD_AUTH
42 extern KbdintDevice bsdauth_device;
43 #else
44 #ifdef SKEY
45 extern KbdintDevice skey_device;
46 #endif
47 #endif
48 
49 KbdintDevice *devices[] = {
50 #ifdef BSD_AUTH
51 	&bsdauth_device,
52 #else
53 #ifdef SKEY
54 	&skey_device,
55 #endif
56 #endif
57 	NULL
58 };
59 
60 typedef struct KbdintAuthctxt KbdintAuthctxt;
61 struct KbdintAuthctxt
62 {
63 	char *devices;
64 	void *ctxt;
65 	KbdintDevice *device;
66 };
67 
68 static KbdintAuthctxt *
69 kbdint_alloc(const char *devs)
70 {
71 	KbdintAuthctxt *kbdintctxt;
72 	Buffer b;
73 	int i;
74 
75 	kbdintctxt = xmalloc(sizeof(KbdintAuthctxt));
76 	if (strcmp(devs, "") == 0) {
77 		buffer_init(&b);
78 		for (i = 0; devices[i]; i++) {
79 			if (buffer_len(&b) > 0)
80 				buffer_append(&b, ",", 1);
81 			buffer_append(&b, devices[i]->name,
82 			    strlen(devices[i]->name));
83 		}
84 		buffer_append(&b, "\0", 1);
85 		kbdintctxt->devices = xstrdup(buffer_ptr(&b));
86 		buffer_free(&b);
87 	} else {
88 		kbdintctxt->devices = xstrdup(devs);
89 	}
90 	debug("kbdint_alloc: devices '%s'", kbdintctxt->devices);
91 	kbdintctxt->ctxt = NULL;
92 	kbdintctxt->device = NULL;
93 
94 	return kbdintctxt;
95 }
96 static void
97 kbdint_reset_device(KbdintAuthctxt *kbdintctxt)
98 {
99 	if (kbdintctxt->ctxt) {
100 		kbdintctxt->device->free_ctx(kbdintctxt->ctxt);
101 		kbdintctxt->ctxt = NULL;
102 	}
103 	kbdintctxt->device = NULL;
104 }
105 static void
106 kbdint_free(KbdintAuthctxt *kbdintctxt)
107 {
108 	if (kbdintctxt->device)
109 		kbdint_reset_device(kbdintctxt);
110 	if (kbdintctxt->devices) {
111 		xfree(kbdintctxt->devices);
112 		kbdintctxt->devices = NULL;
113 	}
114 	xfree(kbdintctxt);
115 }
116 /* get next device */
117 static int
118 kbdint_next_device(KbdintAuthctxt *kbdintctxt)
119 {
120 	size_t len;
121 	char *t;
122 	int i;
123 
124 	if (kbdintctxt->device)
125 		kbdint_reset_device(kbdintctxt);
126 	do {
127 		len = kbdintctxt->devices ?
128 		    strcspn(kbdintctxt->devices, ",") : 0;
129 
130 		if (len == 0)
131 			break;
132 		for (i = 0; devices[i]; i++)
133 			if (strncmp(kbdintctxt->devices, devices[i]->name, len) == 0)
134 				kbdintctxt->device = devices[i];
135 		t = kbdintctxt->devices;
136 		kbdintctxt->devices = t[len] ? xstrdup(t+len+1) : NULL;
137 		xfree(t);
138 		debug2("kbdint_next_device: devices %s", kbdintctxt->devices ?
139 		   kbdintctxt->devices : "<empty>");
140 	} while (kbdintctxt->devices && !kbdintctxt->device);
141 
142 	return kbdintctxt->device ? 1 : 0;
143 }
144 
145 /*
146  * try challenge-response, set authctxt->postponed if we have to
147  * wait for the response.
148  */
149 int
150 auth2_challenge(Authctxt *authctxt, char *devs)
151 {
152 	debug("auth2_challenge: user=%s devs=%s",
153 	    authctxt->user ? authctxt->user : "<nouser>",
154 	    devs ? devs : "<no devs>");
155 
156 	if (authctxt->user == NULL || !devs)
157 		return 0;
158 	if (authctxt->kbdintctxt == NULL)
159 		authctxt->kbdintctxt = kbdint_alloc(devs);
160 	return auth2_challenge_start(authctxt);
161 }
162 
163 /* unregister kbd-int callbacks and context */
164 void
165 auth2_challenge_stop(Authctxt *authctxt)
166 {
167 	/* unregister callback */
168 	dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE, NULL);
169 	if (authctxt->kbdintctxt != NULL)  {
170 		kbdint_free(authctxt->kbdintctxt);
171 		authctxt->kbdintctxt = NULL;
172 	}
173 }
174 
175 /* side effect: sets authctxt->postponed if a reply was sent*/
176 static int
177 auth2_challenge_start(Authctxt *authctxt)
178 {
179 	KbdintAuthctxt *kbdintctxt = authctxt->kbdintctxt;
180 
181 	debug2("auth2_challenge_start: devices %s",
182 	    kbdintctxt->devices ?  kbdintctxt->devices : "<empty>");
183 
184 	if (kbdint_next_device(kbdintctxt) == 0) {
185 		auth2_challenge_stop(authctxt);
186 		return 0;
187 	}
188 	debug("auth2_challenge_start: trying authentication method '%s'",
189 	    kbdintctxt->device->name);
190 
191 	if ((kbdintctxt->ctxt = kbdintctxt->device->init_ctx(authctxt)) == NULL) {
192 		auth2_challenge_stop(authctxt);
193 		return 0;
194 	}
195 	if (send_userauth_info_request(authctxt) == 0) {
196 		auth2_challenge_stop(authctxt);
197 		return 0;
198 	}
199 	dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE,
200 	    &input_userauth_info_response);
201 
202 	authctxt->postponed = 1;
203 	return 0;
204 }
205 
206 static int
207 send_userauth_info_request(Authctxt *authctxt)
208 {
209 	KbdintAuthctxt *kbdintctxt;
210 	char *name, *instr, **prompts;
211 	int i;
212 	u_int numprompts, *echo_on;
213 
214 	kbdintctxt = authctxt->kbdintctxt;
215 	if (kbdintctxt->device->query(kbdintctxt->ctxt,
216 	    &name, &instr, &numprompts, &prompts, &echo_on))
217 		return 0;
218 
219 	packet_start(SSH2_MSG_USERAUTH_INFO_REQUEST);
220 	packet_put_cstring(name);
221 	packet_put_cstring(instr);
222 	packet_put_cstring("");		/* language not used */
223 	packet_put_int(numprompts);
224 	for (i = 0; i < numprompts; i++) {
225 		packet_put_cstring(prompts[i]);
226 		packet_put_char(echo_on[i]);
227 	}
228 	packet_send();
229 	packet_write_wait();
230 
231 	for (i = 0; i < numprompts; i++)
232 		xfree(prompts[i]);
233 	xfree(prompts);
234 	xfree(echo_on);
235 	xfree(name);
236 	xfree(instr);
237 	return 1;
238 }
239 
240 static void
241 input_userauth_info_response(int type, u_int32_t seq, void *ctxt)
242 {
243 	Authctxt *authctxt = ctxt;
244 	KbdintAuthctxt *kbdintctxt;
245 	int i, authenticated = 0, res, len;
246 	u_int nresp;
247 	char **response = NULL, *method;
248 
249 	if (authctxt == NULL)
250 		fatal("input_userauth_info_response: no authctxt");
251 	kbdintctxt = authctxt->kbdintctxt;
252 	if (kbdintctxt == NULL || kbdintctxt->ctxt == NULL)
253 		fatal("input_userauth_info_response: no kbdintctxt");
254 	if (kbdintctxt->device == NULL)
255 		fatal("input_userauth_info_response: no device");
256 
257 	authctxt->postponed = 0;	/* reset */
258 	nresp = packet_get_int();
259 	if (nresp > 0) {
260 		response = xmalloc(nresp * sizeof(char*));
261 		for (i = 0; i < nresp; i++)
262 			response[i] = packet_get_string(NULL);
263 	}
264 	packet_check_eom();
265 
266 	if (authctxt->valid) {
267 		res = kbdintctxt->device->respond(kbdintctxt->ctxt,
268 		    nresp, response);
269 	} else {
270 		res = -1;
271 	}
272 
273 	for (i = 0; i < nresp; i++) {
274 		memset(response[i], 'r', strlen(response[i]));
275 		xfree(response[i]);
276 	}
277 	if (response)
278 		xfree(response);
279 
280 	switch (res) {
281 	case 0:
282 		/* Success! */
283 		authenticated = 1;
284 		break;
285 	case 1:
286 		/* Authentication needs further interaction */
287 		if (send_userauth_info_request(authctxt) == 1)
288 			authctxt->postponed = 1;
289 		break;
290 	default:
291 		/* Failure! */
292 		break;
293 	}
294 
295 	len = strlen("keyboard-interactive") + 2 +
296 		strlen(kbdintctxt->device->name);
297 	method = xmalloc(len);
298 	snprintf(method, len, "keyboard-interactive/%s",
299 	    kbdintctxt->device->name);
300 
301 	if (!authctxt->postponed) {
302 		if (authenticated) {
303 			auth2_challenge_stop(authctxt);
304 		} else {
305 			/* start next device */
306 			/* may set authctxt->postponed */
307 			auth2_challenge_start(authctxt);
308 		}
309 	}
310 	userauth_finish(authctxt, authenticated, method);
311 	xfree(method);
312 }
313 
314 void
315 privsep_challenge_enable(void)
316 {
317 #ifdef BSD_AUTH
318 	extern KbdintDevice mm_bsdauth_device;
319 #endif
320 #ifdef SKEY
321 	extern KbdintDevice mm_skey_device;
322 #endif
323 	/* As long as SSHv1 has devices[0] hard coded this is fine */
324 #ifdef BSD_AUTH
325 	devices[0] = &mm_bsdauth_device;
326 #else
327 #ifdef SKEY
328 	devices[0] = &mm_skey_device;
329 #endif
330 #endif
331 }
332