xref: /freebsd/crypto/openssh/sshconnect2.c (revision af6a5351a1fdb1130f18be6c782c4d48916eb971)
1 /* $OpenBSD: sshconnect2.c,v 1.239 2016/02/23 01:34:14 djm Exp $ */
2 /*
3  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
4  * Copyright (c) 2008 Damien Miller.  All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  * 1. Redistributions of source code must retain the above copyright
10  *    notice, this list of conditions and the following disclaimer.
11  * 2. Redistributions in binary form must reproduce the above copyright
12  *    notice, this list of conditions and the following disclaimer in the
13  *    documentation and/or other materials provided with the distribution.
14  *
15  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
16  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
17  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
18  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
19  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
20  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
21  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
22  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
24  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25  */
26 
27 #include "includes.h"
28 
29 #include <sys/types.h>
30 #include <sys/socket.h>
31 #include <sys/wait.h>
32 #include <sys/stat.h>
33 
34 #include <errno.h>
35 #include <fcntl.h>
36 #include <netdb.h>
37 #include <pwd.h>
38 #include <signal.h>
39 #include <stdarg.h>
40 #include <stdio.h>
41 #include <string.h>
42 #include <unistd.h>
43 #if defined(HAVE_STRNVIS) && defined(HAVE_VIS_H) && !defined(BROKEN_STRNVIS)
44 #include <vis.h>
45 #endif
46 
47 #include "openbsd-compat/sys-queue.h"
48 
49 #include "xmalloc.h"
50 #include "ssh.h"
51 #include "ssh2.h"
52 #include "buffer.h"
53 #include "packet.h"
54 #include "compat.h"
55 #include "cipher.h"
56 #include "key.h"
57 #include "kex.h"
58 #include "myproposal.h"
59 #include "sshconnect.h"
60 #include "authfile.h"
61 #include "dh.h"
62 #include "authfd.h"
63 #include "log.h"
64 #include "misc.h"
65 #include "readconf.h"
66 #include "match.h"
67 #include "dispatch.h"
68 #include "canohost.h"
69 #include "msg.h"
70 #include "pathnames.h"
71 #include "uidswap.h"
72 #include "hostfile.h"
73 #include "ssherr.h"
74 
75 #ifdef GSSAPI
76 #include "ssh-gss.h"
77 #endif
78 
79 /* import */
80 extern char *client_version_string;
81 extern char *server_version_string;
82 extern Options options;
83 
84 /*
85  * SSH2 key exchange
86  */
87 
88 u_char *session_id2 = NULL;
89 u_int session_id2_len = 0;
90 
91 char *xxx_host;
92 struct sockaddr *xxx_hostaddr;
93 
94 static int
95 verify_host_key_callback(Key *hostkey, struct ssh *ssh)
96 {
97 	if (verify_host_key(xxx_host, xxx_hostaddr, hostkey) == -1)
98 		fatal("Host key verification failed.");
99 	return 0;
100 }
101 
102 static char *
103 order_hostkeyalgs(char *host, struct sockaddr *hostaddr, u_short port)
104 {
105 	char *oavail, *avail, *first, *last, *alg, *hostname, *ret;
106 	size_t maxlen;
107 	struct hostkeys *hostkeys;
108 	int ktype;
109 	u_int i;
110 
111 	/* Find all hostkeys for this hostname */
112 	get_hostfile_hostname_ipaddr(host, hostaddr, port, &hostname, NULL);
113 	hostkeys = init_hostkeys();
114 	for (i = 0; i < options.num_user_hostfiles; i++)
115 		load_hostkeys(hostkeys, hostname, options.user_hostfiles[i]);
116 	for (i = 0; i < options.num_system_hostfiles; i++)
117 		load_hostkeys(hostkeys, hostname, options.system_hostfiles[i]);
118 
119 	oavail = avail = xstrdup(KEX_DEFAULT_PK_ALG);
120 	maxlen = strlen(avail) + 1;
121 	first = xmalloc(maxlen);
122 	last = xmalloc(maxlen);
123 	*first = *last = '\0';
124 
125 #define ALG_APPEND(to, from) \
126 	do { \
127 		if (*to != '\0') \
128 			strlcat(to, ",", maxlen); \
129 		strlcat(to, from, maxlen); \
130 	} while (0)
131 
132 	while ((alg = strsep(&avail, ",")) && *alg != '\0') {
133 		if ((ktype = sshkey_type_from_name(alg)) == KEY_UNSPEC)
134 			fatal("%s: unknown alg %s", __func__, alg);
135 		if (lookup_key_in_hostkeys_by_type(hostkeys,
136 		    sshkey_type_plain(ktype), NULL))
137 			ALG_APPEND(first, alg);
138 		else
139 			ALG_APPEND(last, alg);
140 	}
141 #undef ALG_APPEND
142 	xasprintf(&ret, "%s%s%s", first,
143 	    (*first == '\0' || *last == '\0') ? "" : ",", last);
144 	if (*first != '\0')
145 		debug3("%s: prefer hostkeyalgs: %s", __func__, first);
146 
147 	free(first);
148 	free(last);
149 	free(hostname);
150 	free(oavail);
151 	free_hostkeys(hostkeys);
152 
153 	return ret;
154 }
155 
156 void
157 ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port)
158 {
159 	char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT };
160 	char *s;
161 	struct kex *kex;
162 	int r;
163 
164 	xxx_host = host;
165 	xxx_hostaddr = hostaddr;
166 
167 	if ((s = kex_names_cat(options.kex_algorithms, "ext-info-c")) == NULL)
168 		fatal("%s: kex_names_cat", __func__);
169 	myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(s);
170 	myproposal[PROPOSAL_ENC_ALGS_CTOS] =
171 	    compat_cipher_proposal(options.ciphers);
172 	myproposal[PROPOSAL_ENC_ALGS_STOC] =
173 	    compat_cipher_proposal(options.ciphers);
174 	if (options.compression) {
175 		myproposal[PROPOSAL_COMP_ALGS_CTOS] =
176 		myproposal[PROPOSAL_COMP_ALGS_STOC] = "zlib@openssh.com,zlib,none";
177 	} else {
178 		myproposal[PROPOSAL_COMP_ALGS_CTOS] =
179 		myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib@openssh.com,zlib";
180 	}
181 	myproposal[PROPOSAL_MAC_ALGS_CTOS] =
182 	    myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
183 	if (options.hostkeyalgorithms != NULL) {
184 		if (kex_assemble_names(KEX_DEFAULT_PK_ALG,
185 		    &options.hostkeyalgorithms) != 0)
186 			fatal("%s: kex_assemble_namelist", __func__);
187 		myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
188 		    compat_pkalg_proposal(options.hostkeyalgorithms);
189 	} else {
190 		/* Enforce default */
191 		options.hostkeyalgorithms = xstrdup(KEX_DEFAULT_PK_ALG);
192 		/* Prefer algorithms that we already have keys for */
193 		myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
194 		    compat_pkalg_proposal(
195 		    order_hostkeyalgs(host, hostaddr, port));
196 	}
197 
198 	if (options.rekey_limit || options.rekey_interval)
199 		packet_set_rekey_limits((u_int32_t)options.rekey_limit,
200 		    (time_t)options.rekey_interval);
201 
202 	/* start key exchange */
203 	if ((r = kex_setup(active_state, myproposal)) != 0)
204 		fatal("kex_setup: %s", ssh_err(r));
205 	kex = active_state->kex;
206 #ifdef WITH_OPENSSL
207 	kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client;
208 	kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client;
209 	kex->kex[KEX_DH_GEX_SHA1] = kexgex_client;
210 	kex->kex[KEX_DH_GEX_SHA256] = kexgex_client;
211 # ifdef OPENSSL_HAS_ECC
212 	kex->kex[KEX_ECDH_SHA2] = kexecdh_client;
213 # endif
214 #endif
215 	kex->kex[KEX_C25519_SHA256] = kexc25519_client;
216 	kex->client_version_string=client_version_string;
217 	kex->server_version_string=server_version_string;
218 	kex->verify_host_key=&verify_host_key_callback;
219 
220 	dispatch_run(DISPATCH_BLOCK, &kex->done, active_state);
221 
222 	/* remove ext-info from the KEX proposals for rekeying */
223 	myproposal[PROPOSAL_KEX_ALGS] =
224 	    compat_kex_proposal(options.kex_algorithms);
225 	if ((r = kex_prop2buf(kex->my, myproposal)) != 0)
226 		fatal("kex_prop2buf: %s", ssh_err(r));
227 
228 	session_id2 = kex->session_id;
229 	session_id2_len = kex->session_id_len;
230 
231 #ifdef DEBUG_KEXDH
232 	/* send 1st encrypted/maced/compressed message */
233 	packet_start(SSH2_MSG_IGNORE);
234 	packet_put_cstring("markus");
235 	packet_send();
236 	packet_write_wait();
237 #endif
238 }
239 
240 /*
241  * Authenticate user
242  */
243 
244 typedef struct cauthctxt Authctxt;
245 typedef struct cauthmethod Authmethod;
246 typedef struct identity Identity;
247 typedef struct idlist Idlist;
248 
249 struct identity {
250 	TAILQ_ENTRY(identity) next;
251 	int	agent_fd;		/* >=0 if agent supports key */
252 	struct sshkey	*key;		/* public/private key */
253 	char	*filename;		/* comment for agent-only keys */
254 	int	tried;
255 	int	isprivate;		/* key points to the private key */
256 	int	userprovided;
257 };
258 TAILQ_HEAD(idlist, identity);
259 
260 struct cauthctxt {
261 	const char *server_user;
262 	const char *local_user;
263 	const char *host;
264 	const char *service;
265 	struct cauthmethod *method;
266 	sig_atomic_t success;
267 	char *authlist;
268 	int attempt;
269 	/* pubkey */
270 	struct idlist keys;
271 	int agent_fd;
272 	/* hostbased */
273 	Sensitive *sensitive;
274 	char *oktypes, *ktypes;
275 	const char *active_ktype;
276 	/* kbd-interactive */
277 	int info_req_seen;
278 	/* generic */
279 	void *methoddata;
280 };
281 
282 struct cauthmethod {
283 	char	*name;		/* string to compare against server's list */
284 	int	(*userauth)(Authctxt *authctxt);
285 	void	(*cleanup)(Authctxt *authctxt);
286 	int	*enabled;	/* flag in option struct that enables method */
287 	int	*batch_flag;	/* flag in option struct that disables method */
288 };
289 
290 int	input_userauth_service_accept(int, u_int32_t, void *);
291 int	input_userauth_ext_info(int, u_int32_t, void *);
292 int	input_userauth_success(int, u_int32_t, void *);
293 int	input_userauth_success_unexpected(int, u_int32_t, void *);
294 int	input_userauth_failure(int, u_int32_t, void *);
295 int	input_userauth_banner(int, u_int32_t, void *);
296 int	input_userauth_error(int, u_int32_t, void *);
297 int	input_userauth_info_req(int, u_int32_t, void *);
298 int	input_userauth_pk_ok(int, u_int32_t, void *);
299 int	input_userauth_passwd_changereq(int, u_int32_t, void *);
300 
301 int	userauth_none(Authctxt *);
302 int	userauth_pubkey(Authctxt *);
303 int	userauth_passwd(Authctxt *);
304 int	userauth_kbdint(Authctxt *);
305 int	userauth_hostbased(Authctxt *);
306 
307 #ifdef GSSAPI
308 int	userauth_gssapi(Authctxt *authctxt);
309 int	input_gssapi_response(int type, u_int32_t, void *);
310 int	input_gssapi_token(int type, u_int32_t, void *);
311 int	input_gssapi_hash(int type, u_int32_t, void *);
312 int	input_gssapi_error(int, u_int32_t, void *);
313 int	input_gssapi_errtok(int, u_int32_t, void *);
314 #endif
315 
316 void	userauth(Authctxt *, char *);
317 
318 static int sign_and_send_pubkey(Authctxt *, Identity *);
319 static void pubkey_prepare(Authctxt *);
320 static void pubkey_cleanup(Authctxt *);
321 static Key *load_identity_file(Identity *);
322 
323 static Authmethod *authmethod_get(char *authlist);
324 static Authmethod *authmethod_lookup(const char *name);
325 static char *authmethods_get(void);
326 
327 Authmethod authmethods[] = {
328 #ifdef GSSAPI
329 	{"gssapi-with-mic",
330 		userauth_gssapi,
331 		NULL,
332 		&options.gss_authentication,
333 		NULL},
334 #endif
335 	{"hostbased",
336 		userauth_hostbased,
337 		NULL,
338 		&options.hostbased_authentication,
339 		NULL},
340 	{"publickey",
341 		userauth_pubkey,
342 		NULL,
343 		&options.pubkey_authentication,
344 		NULL},
345 	{"keyboard-interactive",
346 		userauth_kbdint,
347 		NULL,
348 		&options.kbd_interactive_authentication,
349 		&options.batch_mode},
350 	{"password",
351 		userauth_passwd,
352 		NULL,
353 		&options.password_authentication,
354 		&options.batch_mode},
355 	{"none",
356 		userauth_none,
357 		NULL,
358 		NULL,
359 		NULL},
360 	{NULL, NULL, NULL, NULL, NULL}
361 };
362 
363 void
364 ssh_userauth2(const char *local_user, const char *server_user, char *host,
365     Sensitive *sensitive)
366 {
367 	struct ssh *ssh = active_state;
368 	Authctxt authctxt;
369 	int r;
370 
371 	if (options.challenge_response_authentication)
372 		options.kbd_interactive_authentication = 1;
373 	if (options.preferred_authentications == NULL)
374 		options.preferred_authentications = authmethods_get();
375 
376 	/* setup authentication context */
377 	memset(&authctxt, 0, sizeof(authctxt));
378 	pubkey_prepare(&authctxt);
379 	authctxt.server_user = server_user;
380 	authctxt.local_user = local_user;
381 	authctxt.host = host;
382 	authctxt.service = "ssh-connection";		/* service name */
383 	authctxt.success = 0;
384 	authctxt.method = authmethod_lookup("none");
385 	authctxt.authlist = NULL;
386 	authctxt.methoddata = NULL;
387 	authctxt.sensitive = sensitive;
388 	authctxt.active_ktype = authctxt.oktypes = authctxt.ktypes = NULL;
389 	authctxt.info_req_seen = 0;
390 	authctxt.agent_fd = -1;
391 	if (authctxt.method == NULL)
392 		fatal("ssh_userauth2: internal error: cannot send userauth none request");
393 
394 	if ((r = sshpkt_start(ssh, SSH2_MSG_SERVICE_REQUEST)) != 0 ||
395 	    (r = sshpkt_put_cstring(ssh, "ssh-userauth")) != 0 ||
396 	    (r = sshpkt_send(ssh)) != 0)
397 		fatal("%s: %s", __func__, ssh_err(r));
398 
399 	ssh_dispatch_init(ssh, &input_userauth_error);
400 	ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, &input_userauth_ext_info);
401 	ssh_dispatch_set(ssh, SSH2_MSG_SERVICE_ACCEPT, &input_userauth_service_accept);
402 	ssh_dispatch_run(ssh, DISPATCH_BLOCK, &authctxt.success, &authctxt);	/* loop until success */
403 
404 	pubkey_cleanup(&authctxt);
405 	ssh_dispatch_range(ssh, SSH2_MSG_USERAUTH_MIN, SSH2_MSG_USERAUTH_MAX, NULL);
406 
407 	debug("Authentication succeeded (%s).", authctxt.method->name);
408 }
409 
410 /* ARGSUSED */
411 int
412 input_userauth_service_accept(int type, u_int32_t seqnr, void *ctxt)
413 {
414 	Authctxt *authctxt = ctxt;
415 	struct ssh *ssh = active_state;
416 	int r;
417 
418 	if (ssh_packet_remaining(ssh) > 0) {
419 		char *reply;
420 
421 		if ((r = sshpkt_get_cstring(ssh, &reply, NULL)) != 0)
422 			goto out;
423 		debug2("service_accept: %s", reply);
424 		free(reply);
425 	} else {
426 		debug2("buggy server: service_accept w/o service");
427 	}
428 	if ((r = sshpkt_get_end(ssh)) != 0)
429 		goto out;
430 	debug("SSH2_MSG_SERVICE_ACCEPT received");
431 
432 	/* initial userauth request */
433 	userauth_none(authctxt);
434 
435 	ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, &input_userauth_error);
436 	ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_SUCCESS, &input_userauth_success);
437 	ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_FAILURE, &input_userauth_failure);
438 	ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_BANNER, &input_userauth_banner);
439 	r = 0;
440  out:
441 	return r;
442 }
443 
444 /* ARGSUSED */
445 int
446 input_userauth_ext_info(int type, u_int32_t seqnr, void *ctxt)
447 {
448 	return kex_input_ext_info(type, seqnr, active_state);
449 }
450 
451 void
452 userauth(Authctxt *authctxt, char *authlist)
453 {
454 	if (authctxt->method != NULL && authctxt->method->cleanup != NULL)
455 		authctxt->method->cleanup(authctxt);
456 
457 	free(authctxt->methoddata);
458 	authctxt->methoddata = NULL;
459 	if (authlist == NULL) {
460 		authlist = authctxt->authlist;
461 	} else {
462 		free(authctxt->authlist);
463 		authctxt->authlist = authlist;
464 	}
465 	for (;;) {
466 		Authmethod *method = authmethod_get(authlist);
467 		if (method == NULL)
468 			fatal("Permission denied (%s).", authlist);
469 		authctxt->method = method;
470 
471 		/* reset the per method handler */
472 		dispatch_range(SSH2_MSG_USERAUTH_PER_METHOD_MIN,
473 		    SSH2_MSG_USERAUTH_PER_METHOD_MAX, NULL);
474 
475 		/* and try new method */
476 		if (method->userauth(authctxt) != 0) {
477 			debug2("we sent a %s packet, wait for reply", method->name);
478 			break;
479 		} else {
480 			debug2("we did not send a packet, disable method");
481 			method->enabled = NULL;
482 		}
483 	}
484 }
485 
486 /* ARGSUSED */
487 int
488 input_userauth_error(int type, u_int32_t seq, void *ctxt)
489 {
490 	fatal("input_userauth_error: bad message during authentication: "
491 	    "type %d", type);
492 	return 0;
493 }
494 
495 /* ARGSUSED */
496 int
497 input_userauth_banner(int type, u_int32_t seq, void *ctxt)
498 {
499 	char *msg, *raw, *lang;
500 	u_int len;
501 
502 	debug3("input_userauth_banner");
503 	raw = packet_get_string(&len);
504 	lang = packet_get_string(NULL);
505 	if (len > 0 && options.log_level >= SYSLOG_LEVEL_INFO) {
506 		if (len > 65536)
507 			len = 65536;
508 		msg = xmalloc(len * 4 + 1); /* max expansion from strnvis() */
509 		strnvis(msg, raw, len * 4 + 1, VIS_SAFE|VIS_OCTAL|VIS_NOSLASH);
510 		fprintf(stderr, "%s", msg);
511 		free(msg);
512 	}
513 	free(raw);
514 	free(lang);
515 	return 0;
516 }
517 
518 /* ARGSUSED */
519 int
520 input_userauth_success(int type, u_int32_t seq, void *ctxt)
521 {
522 	Authctxt *authctxt = ctxt;
523 
524 	if (authctxt == NULL)
525 		fatal("input_userauth_success: no authentication context");
526 	free(authctxt->authlist);
527 	authctxt->authlist = NULL;
528 	if (authctxt->method != NULL && authctxt->method->cleanup != NULL)
529 		authctxt->method->cleanup(authctxt);
530 	free(authctxt->methoddata);
531 	authctxt->methoddata = NULL;
532 	authctxt->success = 1;			/* break out */
533 	return 0;
534 }
535 
536 int
537 input_userauth_success_unexpected(int type, u_int32_t seq, void *ctxt)
538 {
539 	Authctxt *authctxt = ctxt;
540 
541 	if (authctxt == NULL)
542 		fatal("%s: no authentication context", __func__);
543 
544 	fatal("Unexpected authentication success during %s.",
545 	    authctxt->method->name);
546 	return 0;
547 }
548 
549 /* ARGSUSED */
550 int
551 input_userauth_failure(int type, u_int32_t seq, void *ctxt)
552 {
553 	Authctxt *authctxt = ctxt;
554 	char *authlist = NULL;
555 	int partial;
556 
557 	if (authctxt == NULL)
558 		fatal("input_userauth_failure: no authentication context");
559 
560 	authlist = packet_get_string(NULL);
561 	partial = packet_get_char();
562 	packet_check_eom();
563 
564 	if (partial != 0) {
565 		logit("Authenticated with partial success.");
566 		/* reset state */
567 		pubkey_cleanup(authctxt);
568 		pubkey_prepare(authctxt);
569 	}
570 	debug("Authentications that can continue: %s", authlist);
571 
572 	userauth(authctxt, authlist);
573 	return 0;
574 }
575 
576 /* ARGSUSED */
577 int
578 input_userauth_pk_ok(int type, u_int32_t seq, void *ctxt)
579 {
580 	Authctxt *authctxt = ctxt;
581 	Key *key = NULL;
582 	Identity *id = NULL;
583 	Buffer b;
584 	int pktype, sent = 0;
585 	u_int alen, blen;
586 	char *pkalg, *fp;
587 	u_char *pkblob;
588 
589 	if (authctxt == NULL)
590 		fatal("input_userauth_pk_ok: no authentication context");
591 	if (datafellows & SSH_BUG_PKOK) {
592 		/* this is similar to SSH_BUG_PKAUTH */
593 		debug2("input_userauth_pk_ok: SSH_BUG_PKOK");
594 		pkblob = packet_get_string(&blen);
595 		buffer_init(&b);
596 		buffer_append(&b, pkblob, blen);
597 		pkalg = buffer_get_string(&b, &alen);
598 		buffer_free(&b);
599 	} else {
600 		pkalg = packet_get_string(&alen);
601 		pkblob = packet_get_string(&blen);
602 	}
603 	packet_check_eom();
604 
605 	debug("Server accepts key: pkalg %s blen %u", pkalg, blen);
606 
607 	if ((pktype = key_type_from_name(pkalg)) == KEY_UNSPEC) {
608 		debug("unknown pkalg %s", pkalg);
609 		goto done;
610 	}
611 	if ((key = key_from_blob(pkblob, blen)) == NULL) {
612 		debug("no key from blob. pkalg %s", pkalg);
613 		goto done;
614 	}
615 	if (key->type != pktype) {
616 		error("input_userauth_pk_ok: type mismatch "
617 		    "for decoded key (received %d, expected %d)",
618 		    key->type, pktype);
619 		goto done;
620 	}
621 	if ((fp = sshkey_fingerprint(key, options.fingerprint_hash,
622 	    SSH_FP_DEFAULT)) == NULL)
623 		goto done;
624 	debug2("input_userauth_pk_ok: fp %s", fp);
625 	free(fp);
626 
627 	/*
628 	 * search keys in the reverse order, because last candidate has been
629 	 * moved to the end of the queue.  this also avoids confusion by
630 	 * duplicate keys
631 	 */
632 	TAILQ_FOREACH_REVERSE(id, &authctxt->keys, idlist, next) {
633 		if (key_equal(key, id->key)) {
634 			sent = sign_and_send_pubkey(authctxt, id);
635 			break;
636 		}
637 	}
638 done:
639 	if (key != NULL)
640 		key_free(key);
641 	free(pkalg);
642 	free(pkblob);
643 
644 	/* try another method if we did not send a packet */
645 	if (sent == 0)
646 		userauth(authctxt, NULL);
647 	return 0;
648 }
649 
650 #ifdef GSSAPI
651 int
652 userauth_gssapi(Authctxt *authctxt)
653 {
654 	Gssctxt *gssctxt = NULL;
655 	static gss_OID_set gss_supported = NULL;
656 	static u_int mech = 0;
657 	OM_uint32 min;
658 	int ok = 0;
659 
660 	/* Try one GSSAPI method at a time, rather than sending them all at
661 	 * once. */
662 
663 	if (gss_supported == NULL)
664 		gss_indicate_mechs(&min, &gss_supported);
665 
666 	/* Check to see if the mechanism is usable before we offer it */
667 	while (mech < gss_supported->count && !ok) {
668 		/* My DER encoding requires length<128 */
669 		if (gss_supported->elements[mech].length < 128 &&
670 		    ssh_gssapi_check_mechanism(&gssctxt,
671 		    &gss_supported->elements[mech], authctxt->host)) {
672 			ok = 1; /* Mechanism works */
673 		} else {
674 			mech++;
675 		}
676 	}
677 
678 	if (!ok)
679 		return 0;
680 
681 	authctxt->methoddata=(void *)gssctxt;
682 
683 	packet_start(SSH2_MSG_USERAUTH_REQUEST);
684 	packet_put_cstring(authctxt->server_user);
685 	packet_put_cstring(authctxt->service);
686 	packet_put_cstring(authctxt->method->name);
687 
688 	packet_put_int(1);
689 
690 	packet_put_int((gss_supported->elements[mech].length) + 2);
691 	packet_put_char(SSH_GSS_OIDTYPE);
692 	packet_put_char(gss_supported->elements[mech].length);
693 	packet_put_raw(gss_supported->elements[mech].elements,
694 	    gss_supported->elements[mech].length);
695 
696 	packet_send();
697 
698 	dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_RESPONSE, &input_gssapi_response);
699 	dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, &input_gssapi_token);
700 	dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERROR, &input_gssapi_error);
701 	dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, &input_gssapi_errtok);
702 
703 	mech++; /* Move along to next candidate */
704 
705 	return 1;
706 }
707 
708 static OM_uint32
709 process_gssapi_token(void *ctxt, gss_buffer_t recv_tok)
710 {
711 	Authctxt *authctxt = ctxt;
712 	Gssctxt *gssctxt = authctxt->methoddata;
713 	gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
714 	gss_buffer_desc mic = GSS_C_EMPTY_BUFFER;
715 	gss_buffer_desc gssbuf;
716 	OM_uint32 status, ms, flags;
717 	Buffer b;
718 
719 	status = ssh_gssapi_init_ctx(gssctxt, options.gss_deleg_creds,
720 	    recv_tok, &send_tok, &flags);
721 
722 	if (send_tok.length > 0) {
723 		if (GSS_ERROR(status))
724 			packet_start(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK);
725 		else
726 			packet_start(SSH2_MSG_USERAUTH_GSSAPI_TOKEN);
727 
728 		packet_put_string(send_tok.value, send_tok.length);
729 		packet_send();
730 		gss_release_buffer(&ms, &send_tok);
731 	}
732 
733 	if (status == GSS_S_COMPLETE) {
734 		/* send either complete or MIC, depending on mechanism */
735 		if (!(flags & GSS_C_INTEG_FLAG)) {
736 			packet_start(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE);
737 			packet_send();
738 		} else {
739 			ssh_gssapi_buildmic(&b, authctxt->server_user,
740 			    authctxt->service, "gssapi-with-mic");
741 
742 			gssbuf.value = buffer_ptr(&b);
743 			gssbuf.length = buffer_len(&b);
744 
745 			status = ssh_gssapi_sign(gssctxt, &gssbuf, &mic);
746 
747 			if (!GSS_ERROR(status)) {
748 				packet_start(SSH2_MSG_USERAUTH_GSSAPI_MIC);
749 				packet_put_string(mic.value, mic.length);
750 
751 				packet_send();
752 			}
753 
754 			buffer_free(&b);
755 			gss_release_buffer(&ms, &mic);
756 		}
757 	}
758 
759 	return status;
760 }
761 
762 /* ARGSUSED */
763 int
764 input_gssapi_response(int type, u_int32_t plen, void *ctxt)
765 {
766 	Authctxt *authctxt = ctxt;
767 	Gssctxt *gssctxt;
768 	int oidlen;
769 	char *oidv;
770 
771 	if (authctxt == NULL)
772 		fatal("input_gssapi_response: no authentication context");
773 	gssctxt = authctxt->methoddata;
774 
775 	/* Setup our OID */
776 	oidv = packet_get_string(&oidlen);
777 
778 	if (oidlen <= 2 ||
779 	    oidv[0] != SSH_GSS_OIDTYPE ||
780 	    oidv[1] != oidlen - 2) {
781 		free(oidv);
782 		debug("Badly encoded mechanism OID received");
783 		userauth(authctxt, NULL);
784 		return 0;
785 	}
786 
787 	if (!ssh_gssapi_check_oid(gssctxt, oidv + 2, oidlen - 2))
788 		fatal("Server returned different OID than expected");
789 
790 	packet_check_eom();
791 
792 	free(oidv);
793 
794 	if (GSS_ERROR(process_gssapi_token(ctxt, GSS_C_NO_BUFFER))) {
795 		/* Start again with next method on list */
796 		debug("Trying to start again");
797 		userauth(authctxt, NULL);
798 		return 0;
799 	}
800 	return 0;
801 }
802 
803 /* ARGSUSED */
804 int
805 input_gssapi_token(int type, u_int32_t plen, void *ctxt)
806 {
807 	Authctxt *authctxt = ctxt;
808 	gss_buffer_desc recv_tok;
809 	OM_uint32 status;
810 	u_int slen;
811 
812 	if (authctxt == NULL)
813 		fatal("input_gssapi_response: no authentication context");
814 
815 	recv_tok.value = packet_get_string(&slen);
816 	recv_tok.length = slen;	/* safe typecast */
817 
818 	packet_check_eom();
819 
820 	status = process_gssapi_token(ctxt, &recv_tok);
821 
822 	free(recv_tok.value);
823 
824 	if (GSS_ERROR(status)) {
825 		/* Start again with the next method in the list */
826 		userauth(authctxt, NULL);
827 		return 0;
828 	}
829 	return 0;
830 }
831 
832 /* ARGSUSED */
833 int
834 input_gssapi_errtok(int type, u_int32_t plen, void *ctxt)
835 {
836 	Authctxt *authctxt = ctxt;
837 	Gssctxt *gssctxt;
838 	gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
839 	gss_buffer_desc recv_tok;
840 	OM_uint32 ms;
841 	u_int len;
842 
843 	if (authctxt == NULL)
844 		fatal("input_gssapi_response: no authentication context");
845 	gssctxt = authctxt->methoddata;
846 
847 	recv_tok.value = packet_get_string(&len);
848 	recv_tok.length = len;
849 
850 	packet_check_eom();
851 
852 	/* Stick it into GSSAPI and see what it says */
853 	(void)ssh_gssapi_init_ctx(gssctxt, options.gss_deleg_creds,
854 	    &recv_tok, &send_tok, NULL);
855 
856 	free(recv_tok.value);
857 	gss_release_buffer(&ms, &send_tok);
858 
859 	/* Server will be returning a failed packet after this one */
860 	return 0;
861 }
862 
863 /* ARGSUSED */
864 int
865 input_gssapi_error(int type, u_int32_t plen, void *ctxt)
866 {
867 	char *msg;
868 	char *lang;
869 
870 	/* maj */(void)packet_get_int();
871 	/* min */(void)packet_get_int();
872 	msg=packet_get_string(NULL);
873 	lang=packet_get_string(NULL);
874 
875 	packet_check_eom();
876 
877 	debug("Server GSSAPI Error:\n%s", msg);
878 	free(msg);
879 	free(lang);
880 	return 0;
881 }
882 #endif /* GSSAPI */
883 
884 int
885 userauth_none(Authctxt *authctxt)
886 {
887 	/* initial userauth request */
888 	packet_start(SSH2_MSG_USERAUTH_REQUEST);
889 	packet_put_cstring(authctxt->server_user);
890 	packet_put_cstring(authctxt->service);
891 	packet_put_cstring(authctxt->method->name);
892 	packet_send();
893 	return 1;
894 }
895 
896 int
897 userauth_passwd(Authctxt *authctxt)
898 {
899 	static int attempt = 0;
900 	char prompt[150];
901 	char *password;
902 	const char *host = options.host_key_alias ?  options.host_key_alias :
903 	    authctxt->host;
904 
905 	if (attempt++ >= options.number_of_password_prompts)
906 		return 0;
907 
908 	if (attempt != 1)
909 		error("Permission denied, please try again.");
910 
911 	snprintf(prompt, sizeof(prompt), "%.30s@%.128s's password: ",
912 	    authctxt->server_user, host);
913 	password = read_passphrase(prompt, 0);
914 	packet_start(SSH2_MSG_USERAUTH_REQUEST);
915 	packet_put_cstring(authctxt->server_user);
916 	packet_put_cstring(authctxt->service);
917 	packet_put_cstring(authctxt->method->name);
918 	packet_put_char(0);
919 	packet_put_cstring(password);
920 	explicit_bzero(password, strlen(password));
921 	free(password);
922 	packet_add_padding(64);
923 	packet_send();
924 
925 	dispatch_set(SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ,
926 	    &input_userauth_passwd_changereq);
927 
928 	return 1;
929 }
930 
931 /*
932  * parse PASSWD_CHANGEREQ, prompt user and send SSH2_MSG_USERAUTH_REQUEST
933  */
934 /* ARGSUSED */
935 int
936 input_userauth_passwd_changereq(int type, u_int32_t seqnr, void *ctxt)
937 {
938 	Authctxt *authctxt = ctxt;
939 	char *info, *lang, *password = NULL, *retype = NULL;
940 	char prompt[150];
941 	const char *host = options.host_key_alias ? options.host_key_alias :
942 	    authctxt->host;
943 
944 	debug2("input_userauth_passwd_changereq");
945 
946 	if (authctxt == NULL)
947 		fatal("input_userauth_passwd_changereq: "
948 		    "no authentication context");
949 
950 	info = packet_get_string(NULL);
951 	lang = packet_get_string(NULL);
952 	if (strlen(info) > 0)
953 		logit("%s", info);
954 	free(info);
955 	free(lang);
956 	packet_start(SSH2_MSG_USERAUTH_REQUEST);
957 	packet_put_cstring(authctxt->server_user);
958 	packet_put_cstring(authctxt->service);
959 	packet_put_cstring(authctxt->method->name);
960 	packet_put_char(1);			/* additional info */
961 	snprintf(prompt, sizeof(prompt),
962 	    "Enter %.30s@%.128s's old password: ",
963 	    authctxt->server_user, host);
964 	password = read_passphrase(prompt, 0);
965 	packet_put_cstring(password);
966 	explicit_bzero(password, strlen(password));
967 	free(password);
968 	password = NULL;
969 	while (password == NULL) {
970 		snprintf(prompt, sizeof(prompt),
971 		    "Enter %.30s@%.128s's new password: ",
972 		    authctxt->server_user, host);
973 		password = read_passphrase(prompt, RP_ALLOW_EOF);
974 		if (password == NULL) {
975 			/* bail out */
976 			return 0;
977 		}
978 		snprintf(prompt, sizeof(prompt),
979 		    "Retype %.30s@%.128s's new password: ",
980 		    authctxt->server_user, host);
981 		retype = read_passphrase(prompt, 0);
982 		if (strcmp(password, retype) != 0) {
983 			explicit_bzero(password, strlen(password));
984 			free(password);
985 			logit("Mismatch; try again, EOF to quit.");
986 			password = NULL;
987 		}
988 		explicit_bzero(retype, strlen(retype));
989 		free(retype);
990 	}
991 	packet_put_cstring(password);
992 	explicit_bzero(password, strlen(password));
993 	free(password);
994 	packet_add_padding(64);
995 	packet_send();
996 
997 	dispatch_set(SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ,
998 	    &input_userauth_passwd_changereq);
999 	return 0;
1000 }
1001 
1002 static const char *
1003 identity_sign_encode(struct identity *id)
1004 {
1005 	struct ssh *ssh = active_state;
1006 
1007 	if (id->key->type == KEY_RSA) {
1008 		switch (ssh->kex->rsa_sha2) {
1009 		case 256:
1010 			return "rsa-sha2-256";
1011 		case 512:
1012 			return "rsa-sha2-512";
1013 		}
1014 	}
1015 	return key_ssh_name(id->key);
1016 }
1017 
1018 static int
1019 identity_sign(struct identity *id, u_char **sigp, size_t *lenp,
1020     const u_char *data, size_t datalen, u_int compat)
1021 {
1022 	Key *prv;
1023 	int ret;
1024 	const char *alg;
1025 
1026 	alg = identity_sign_encode(id);
1027 
1028 	/* the agent supports this key */
1029 	if (id->agent_fd != -1)
1030 		return ssh_agent_sign(id->agent_fd, id->key, sigp, lenp,
1031 		    data, datalen, alg, compat);
1032 
1033 	/*
1034 	 * we have already loaded the private key or
1035 	 * the private key is stored in external hardware
1036 	 */
1037 	if (id->isprivate || (id->key->flags & SSHKEY_FLAG_EXT))
1038 		return (sshkey_sign(id->key, sigp, lenp, data, datalen, alg,
1039 		    compat));
1040 	/* load the private key from the file */
1041 	if ((prv = load_identity_file(id)) == NULL)
1042 		return SSH_ERR_KEY_NOT_FOUND;
1043 	ret = sshkey_sign(prv, sigp, lenp, data, datalen, alg, compat);
1044 	sshkey_free(prv);
1045 	return (ret);
1046 }
1047 
1048 static int
1049 sign_and_send_pubkey(Authctxt *authctxt, Identity *id)
1050 {
1051 	Buffer b;
1052 	Identity *private_id;
1053 	u_char *blob, *signature;
1054 	size_t slen;
1055 	u_int bloblen, skip = 0;
1056 	int matched, ret = -1, have_sig = 1;
1057 	char *fp;
1058 
1059 	if ((fp = sshkey_fingerprint(id->key, options.fingerprint_hash,
1060 	    SSH_FP_DEFAULT)) == NULL)
1061 		return 0;
1062 	debug3("%s: %s %s", __func__, key_type(id->key), fp);
1063 	free(fp);
1064 
1065 	if (key_to_blob(id->key, &blob, &bloblen) == 0) {
1066 		/* we cannot handle this key */
1067 		debug3("sign_and_send_pubkey: cannot handle key");
1068 		return 0;
1069 	}
1070 	/* data to be signed */
1071 	buffer_init(&b);
1072 	if (datafellows & SSH_OLD_SESSIONID) {
1073 		buffer_append(&b, session_id2, session_id2_len);
1074 		skip = session_id2_len;
1075 	} else {
1076 		buffer_put_string(&b, session_id2, session_id2_len);
1077 		skip = buffer_len(&b);
1078 	}
1079 	buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
1080 	buffer_put_cstring(&b, authctxt->server_user);
1081 	buffer_put_cstring(&b,
1082 	    datafellows & SSH_BUG_PKSERVICE ?
1083 	    "ssh-userauth" :
1084 	    authctxt->service);
1085 	if (datafellows & SSH_BUG_PKAUTH) {
1086 		buffer_put_char(&b, have_sig);
1087 	} else {
1088 		buffer_put_cstring(&b, authctxt->method->name);
1089 		buffer_put_char(&b, have_sig);
1090 		buffer_put_cstring(&b, identity_sign_encode(id));
1091 	}
1092 	buffer_put_string(&b, blob, bloblen);
1093 
1094 	/*
1095 	 * If the key is an certificate, try to find a matching private key
1096 	 * and use it to complete the signature.
1097 	 * If no such private key exists, return failure and continue with
1098 	 * other methods of authentication.
1099 	 */
1100 	if (key_is_cert(id->key)) {
1101 		matched = 0;
1102 		TAILQ_FOREACH(private_id, &authctxt->keys, next) {
1103 			if (sshkey_equal_public(id->key, private_id->key) &&
1104 			    id->key->type != private_id->key->type) {
1105 				id = private_id;
1106 				matched = 1;
1107 				break;
1108 			}
1109 		}
1110 		if (matched) {
1111 			debug2("%s: using private key \"%s\"%s for "
1112 			    "certificate", __func__, id->filename,
1113 			    id->agent_fd != -1 ? " from agent" : "");
1114 		} else {
1115 			/* XXX maybe verbose/error? */
1116 			debug("%s: no private key for certificate "
1117 			    "\"%s\"", __func__, id->filename);
1118 			free(blob);
1119 			buffer_free(&b);
1120 			return 0;
1121 		}
1122 	}
1123 
1124 	/* generate signature */
1125 	ret = identity_sign(id, &signature, &slen,
1126 	    buffer_ptr(&b), buffer_len(&b), datafellows);
1127 	if (ret != 0) {
1128 		if (ret != SSH_ERR_KEY_NOT_FOUND)
1129 			error("%s: signing failed: %s", __func__, ssh_err(ret));
1130 		free(blob);
1131 		buffer_free(&b);
1132 		return 0;
1133 	}
1134 #ifdef DEBUG_PK
1135 	buffer_dump(&b);
1136 #endif
1137 	if (datafellows & SSH_BUG_PKSERVICE) {
1138 		buffer_clear(&b);
1139 		buffer_append(&b, session_id2, session_id2_len);
1140 		skip = session_id2_len;
1141 		buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
1142 		buffer_put_cstring(&b, authctxt->server_user);
1143 		buffer_put_cstring(&b, authctxt->service);
1144 		buffer_put_cstring(&b, authctxt->method->name);
1145 		buffer_put_char(&b, have_sig);
1146 		if (!(datafellows & SSH_BUG_PKAUTH))
1147 			buffer_put_cstring(&b, key_ssh_name(id->key));
1148 		buffer_put_string(&b, blob, bloblen);
1149 	}
1150 	free(blob);
1151 
1152 	/* append signature */
1153 	buffer_put_string(&b, signature, slen);
1154 	free(signature);
1155 
1156 	/* skip session id and packet type */
1157 	if (buffer_len(&b) < skip + 1)
1158 		fatal("userauth_pubkey: internal error");
1159 	buffer_consume(&b, skip + 1);
1160 
1161 	/* put remaining data from buffer into packet */
1162 	packet_start(SSH2_MSG_USERAUTH_REQUEST);
1163 	packet_put_raw(buffer_ptr(&b), buffer_len(&b));
1164 	buffer_free(&b);
1165 	packet_send();
1166 
1167 	return 1;
1168 }
1169 
1170 static int
1171 send_pubkey_test(Authctxt *authctxt, Identity *id)
1172 {
1173 	u_char *blob;
1174 	u_int bloblen, have_sig = 0;
1175 
1176 	debug3("send_pubkey_test");
1177 
1178 	if (key_to_blob(id->key, &blob, &bloblen) == 0) {
1179 		/* we cannot handle this key */
1180 		debug3("send_pubkey_test: cannot handle key");
1181 		return 0;
1182 	}
1183 	/* register callback for USERAUTH_PK_OK message */
1184 	dispatch_set(SSH2_MSG_USERAUTH_PK_OK, &input_userauth_pk_ok);
1185 
1186 	packet_start(SSH2_MSG_USERAUTH_REQUEST);
1187 	packet_put_cstring(authctxt->server_user);
1188 	packet_put_cstring(authctxt->service);
1189 	packet_put_cstring(authctxt->method->name);
1190 	packet_put_char(have_sig);
1191 	if (!(datafellows & SSH_BUG_PKAUTH))
1192 		packet_put_cstring(identity_sign_encode(id));
1193 	packet_put_string(blob, bloblen);
1194 	free(blob);
1195 	packet_send();
1196 	return 1;
1197 }
1198 
1199 static Key *
1200 load_identity_file(Identity *id)
1201 {
1202 	Key *private = NULL;
1203 	char prompt[300], *passphrase, *comment;
1204 	int r, perm_ok = 0, quit = 0, i;
1205 	struct stat st;
1206 
1207 	if (stat(id->filename, &st) < 0) {
1208 		(id->userprovided ? logit : debug3)("no such identity: %s: %s",
1209 		    id->filename, strerror(errno));
1210 		return NULL;
1211 	}
1212 	snprintf(prompt, sizeof prompt,
1213 	    "Enter passphrase for key '%.100s': ", id->filename);
1214 	for (i = 0; i <= options.number_of_password_prompts; i++) {
1215 		if (i == 0)
1216 			passphrase = "";
1217 		else {
1218 			passphrase = read_passphrase(prompt, 0);
1219 			if (*passphrase == '\0') {
1220 				debug2("no passphrase given, try next key");
1221 				free(passphrase);
1222 				break;
1223 			}
1224 		}
1225 		switch ((r = sshkey_load_private_type(KEY_UNSPEC, id->filename,
1226 		    passphrase, &private, &comment, &perm_ok))) {
1227 		case 0:
1228 			break;
1229 		case SSH_ERR_KEY_WRONG_PASSPHRASE:
1230 			if (options.batch_mode) {
1231 				quit = 1;
1232 				break;
1233 			}
1234 			if (i != 0)
1235 				debug2("bad passphrase given, try again...");
1236 			break;
1237 		case SSH_ERR_SYSTEM_ERROR:
1238 			if (errno == ENOENT) {
1239 				debug2("Load key \"%s\": %s",
1240 				    id->filename, ssh_err(r));
1241 				quit = 1;
1242 				break;
1243 			}
1244 			/* FALLTHROUGH */
1245 		default:
1246 			error("Load key \"%s\": %s", id->filename, ssh_err(r));
1247 			quit = 1;
1248 			break;
1249 		}
1250 		if (!quit && private != NULL && id->agent_fd == -1 &&
1251 		    !(id->key && id->isprivate))
1252 			maybe_add_key_to_agent(id->filename, private, comment,
1253 			    passphrase);
1254 		if (i > 0) {
1255 			explicit_bzero(passphrase, strlen(passphrase));
1256 			free(passphrase);
1257 		}
1258 		free(comment);
1259 		if (private != NULL || quit)
1260 			break;
1261 	}
1262 	return private;
1263 }
1264 
1265 /*
1266  * try keys in the following order:
1267  * 	1. certificates listed in the config file
1268  * 	2. other input certificates
1269  *	3. agent keys that are found in the config file
1270  *	4. other agent keys
1271  *	5. keys that are only listed in the config file
1272  */
1273 static void
1274 pubkey_prepare(Authctxt *authctxt)
1275 {
1276 	struct identity *id, *id2, *tmp;
1277 	struct idlist agent, files, *preferred;
1278 	struct sshkey *key;
1279 	int agent_fd = -1, i, r, found;
1280 	size_t j;
1281 	struct ssh_identitylist *idlist;
1282 
1283 	TAILQ_INIT(&agent);	/* keys from the agent */
1284 	TAILQ_INIT(&files);	/* keys from the config file */
1285 	preferred = &authctxt->keys;
1286 	TAILQ_INIT(preferred);	/* preferred order of keys */
1287 
1288 	/* list of keys stored in the filesystem and PKCS#11 */
1289 	for (i = 0; i < options.num_identity_files; i++) {
1290 		key = options.identity_keys[i];
1291 		if (key && key->type == KEY_RSA1)
1292 			continue;
1293 		if (key && key->cert && key->cert->type != SSH2_CERT_TYPE_USER)
1294 			continue;
1295 		options.identity_keys[i] = NULL;
1296 		id = xcalloc(1, sizeof(*id));
1297 		id->agent_fd = -1;
1298 		id->key = key;
1299 		id->filename = xstrdup(options.identity_files[i]);
1300 		id->userprovided = options.identity_file_userprovided[i];
1301 		TAILQ_INSERT_TAIL(&files, id, next);
1302 	}
1303 	/* Prefer PKCS11 keys that are explicitly listed */
1304 	TAILQ_FOREACH_SAFE(id, &files, next, tmp) {
1305 		if (id->key == NULL || (id->key->flags & SSHKEY_FLAG_EXT) == 0)
1306 			continue;
1307 		found = 0;
1308 		TAILQ_FOREACH(id2, &files, next) {
1309 			if (id2->key == NULL ||
1310 			    (id2->key->flags & SSHKEY_FLAG_EXT) == 0)
1311 				continue;
1312 			if (sshkey_equal(id->key, id2->key)) {
1313 				TAILQ_REMOVE(&files, id, next);
1314 				TAILQ_INSERT_TAIL(preferred, id, next);
1315 				found = 1;
1316 				break;
1317 			}
1318 		}
1319 		/* If IdentitiesOnly set and key not found then don't use it */
1320 		if (!found && options.identities_only) {
1321 			TAILQ_REMOVE(&files, id, next);
1322 			explicit_bzero(id, sizeof(*id));
1323 			free(id);
1324 		}
1325 	}
1326 	/* list of certificates specified by user */
1327 	for (i = 0; i < options.num_certificate_files; i++) {
1328 		key = options.certificates[i];
1329 		if (!key_is_cert(key) || key->cert == NULL ||
1330 		    key->cert->type != SSH2_CERT_TYPE_USER)
1331 			continue;
1332 		id = xcalloc(1, sizeof(*id));
1333 		id->agent_fd = -1;
1334 		id->key = key;
1335 		id->filename = xstrdup(options.certificate_files[i]);
1336 		id->userprovided = options.certificate_file_userprovided[i];
1337 		TAILQ_INSERT_TAIL(preferred, id, next);
1338 	}
1339 	/* list of keys supported by the agent */
1340 	if ((r = ssh_get_authentication_socket(&agent_fd)) != 0) {
1341 		if (r != SSH_ERR_AGENT_NOT_PRESENT)
1342 			debug("%s: ssh_get_authentication_socket: %s",
1343 			    __func__, ssh_err(r));
1344 	} else if ((r = ssh_fetch_identitylist(agent_fd, 2, &idlist)) != 0) {
1345 		if (r != SSH_ERR_AGENT_NO_IDENTITIES)
1346 			debug("%s: ssh_fetch_identitylist: %s",
1347 			    __func__, ssh_err(r));
1348 		close(agent_fd);
1349 	} else {
1350 		for (j = 0; j < idlist->nkeys; j++) {
1351 			found = 0;
1352 			TAILQ_FOREACH(id, &files, next) {
1353 				/*
1354 				 * agent keys from the config file are
1355 				 * preferred
1356 				 */
1357 				if (sshkey_equal(idlist->keys[j], id->key)) {
1358 					TAILQ_REMOVE(&files, id, next);
1359 					TAILQ_INSERT_TAIL(preferred, id, next);
1360 					id->agent_fd = agent_fd;
1361 					found = 1;
1362 					break;
1363 				}
1364 			}
1365 			if (!found && !options.identities_only) {
1366 				id = xcalloc(1, sizeof(*id));
1367 				/* XXX "steals" key/comment from idlist */
1368 				id->key = idlist->keys[j];
1369 				id->filename = idlist->comments[j];
1370 				idlist->keys[j] = NULL;
1371 				idlist->comments[j] = NULL;
1372 				id->agent_fd = agent_fd;
1373 				TAILQ_INSERT_TAIL(&agent, id, next);
1374 			}
1375 		}
1376 		ssh_free_identitylist(idlist);
1377 		/* append remaining agent keys */
1378 		for (id = TAILQ_FIRST(&agent); id; id = TAILQ_FIRST(&agent)) {
1379 			TAILQ_REMOVE(&agent, id, next);
1380 			TAILQ_INSERT_TAIL(preferred, id, next);
1381 		}
1382 		authctxt->agent_fd = agent_fd;
1383 	}
1384 	/* append remaining keys from the config file */
1385 	for (id = TAILQ_FIRST(&files); id; id = TAILQ_FIRST(&files)) {
1386 		TAILQ_REMOVE(&files, id, next);
1387 		TAILQ_INSERT_TAIL(preferred, id, next);
1388 	}
1389 	/* finally, filter by PubkeyAcceptedKeyTypes */
1390 	TAILQ_FOREACH_SAFE(id, preferred, next, id2) {
1391 		if (id->key != NULL &&
1392 		    match_pattern_list(sshkey_ssh_name(id->key),
1393 		    options.pubkey_key_types, 0) != 1) {
1394 			debug("Skipping %s key %s - "
1395 			    "not in PubkeyAcceptedKeyTypes",
1396 			    sshkey_ssh_name(id->key), id->filename);
1397 			TAILQ_REMOVE(preferred, id, next);
1398 			sshkey_free(id->key);
1399 			free(id->filename);
1400 			memset(id, 0, sizeof(*id));
1401 			continue;
1402 		}
1403 		debug2("key: %s (%p)%s%s", id->filename, id->key,
1404 		    id->userprovided ? ", explicit" : "",
1405 		    id->agent_fd != -1 ? ", agent" : "");
1406 	}
1407 }
1408 
1409 static void
1410 pubkey_cleanup(Authctxt *authctxt)
1411 {
1412 	Identity *id;
1413 
1414 	if (authctxt->agent_fd != -1)
1415 		ssh_close_authentication_socket(authctxt->agent_fd);
1416 	for (id = TAILQ_FIRST(&authctxt->keys); id;
1417 	    id = TAILQ_FIRST(&authctxt->keys)) {
1418 		TAILQ_REMOVE(&authctxt->keys, id, next);
1419 		sshkey_free(id->key);
1420 		free(id->filename);
1421 		free(id);
1422 	}
1423 }
1424 
1425 static int
1426 try_identity(Identity *id)
1427 {
1428 	if (!id->key)
1429 		return (0);
1430 	if (key_type_plain(id->key->type) == KEY_RSA &&
1431 	    (datafellows & SSH_BUG_RSASIGMD5) != 0) {
1432 		debug("Skipped %s key %s for RSA/MD5 server",
1433 		    key_type(id->key), id->filename);
1434 		return (0);
1435 	}
1436 	return (id->key->type != KEY_RSA1);
1437 }
1438 
1439 int
1440 userauth_pubkey(Authctxt *authctxt)
1441 {
1442 	Identity *id;
1443 	int sent = 0;
1444 
1445 	while ((id = TAILQ_FIRST(&authctxt->keys))) {
1446 		if (id->tried++)
1447 			return (0);
1448 		/* move key to the end of the queue */
1449 		TAILQ_REMOVE(&authctxt->keys, id, next);
1450 		TAILQ_INSERT_TAIL(&authctxt->keys, id, next);
1451 		/*
1452 		 * send a test message if we have the public key. for
1453 		 * encrypted keys we cannot do this and have to load the
1454 		 * private key instead
1455 		 */
1456 		if (id->key != NULL) {
1457 			if (try_identity(id)) {
1458 				debug("Offering %s public key: %s",
1459 				    key_type(id->key), id->filename);
1460 				sent = send_pubkey_test(authctxt, id);
1461 			}
1462 		} else {
1463 			debug("Trying private key: %s", id->filename);
1464 			id->key = load_identity_file(id);
1465 			if (id->key != NULL) {
1466 				if (try_identity(id)) {
1467 					id->isprivate = 1;
1468 					sent = sign_and_send_pubkey(
1469 					    authctxt, id);
1470 				}
1471 				key_free(id->key);
1472 				id->key = NULL;
1473 			}
1474 		}
1475 		if (sent)
1476 			return (sent);
1477 	}
1478 	return (0);
1479 }
1480 
1481 /*
1482  * Send userauth request message specifying keyboard-interactive method.
1483  */
1484 int
1485 userauth_kbdint(Authctxt *authctxt)
1486 {
1487 	static int attempt = 0;
1488 
1489 	if (attempt++ >= options.number_of_password_prompts)
1490 		return 0;
1491 	/* disable if no SSH2_MSG_USERAUTH_INFO_REQUEST has been seen */
1492 	if (attempt > 1 && !authctxt->info_req_seen) {
1493 		debug3("userauth_kbdint: disable: no info_req_seen");
1494 		dispatch_set(SSH2_MSG_USERAUTH_INFO_REQUEST, NULL);
1495 		return 0;
1496 	}
1497 
1498 	debug2("userauth_kbdint");
1499 	packet_start(SSH2_MSG_USERAUTH_REQUEST);
1500 	packet_put_cstring(authctxt->server_user);
1501 	packet_put_cstring(authctxt->service);
1502 	packet_put_cstring(authctxt->method->name);
1503 	packet_put_cstring("");					/* lang */
1504 	packet_put_cstring(options.kbd_interactive_devices ?
1505 	    options.kbd_interactive_devices : "");
1506 	packet_send();
1507 
1508 	dispatch_set(SSH2_MSG_USERAUTH_INFO_REQUEST, &input_userauth_info_req);
1509 	return 1;
1510 }
1511 
1512 /*
1513  * parse INFO_REQUEST, prompt user and send INFO_RESPONSE
1514  */
1515 int
1516 input_userauth_info_req(int type, u_int32_t seq, void *ctxt)
1517 {
1518 	Authctxt *authctxt = ctxt;
1519 	char *name, *inst, *lang, *prompt, *response;
1520 	u_int num_prompts, i;
1521 	int echo = 0;
1522 
1523 	debug2("input_userauth_info_req");
1524 
1525 	if (authctxt == NULL)
1526 		fatal("input_userauth_info_req: no authentication context");
1527 
1528 	authctxt->info_req_seen = 1;
1529 
1530 	name = packet_get_string(NULL);
1531 	inst = packet_get_string(NULL);
1532 	lang = packet_get_string(NULL);
1533 	if (strlen(name) > 0)
1534 		logit("%s", name);
1535 	if (strlen(inst) > 0)
1536 		logit("%s", inst);
1537 	free(name);
1538 	free(inst);
1539 	free(lang);
1540 
1541 	num_prompts = packet_get_int();
1542 	/*
1543 	 * Begin to build info response packet based on prompts requested.
1544 	 * We commit to providing the correct number of responses, so if
1545 	 * further on we run into a problem that prevents this, we have to
1546 	 * be sure and clean this up and send a correct error response.
1547 	 */
1548 	packet_start(SSH2_MSG_USERAUTH_INFO_RESPONSE);
1549 	packet_put_int(num_prompts);
1550 
1551 	debug2("input_userauth_info_req: num_prompts %d", num_prompts);
1552 	for (i = 0; i < num_prompts; i++) {
1553 		prompt = packet_get_string(NULL);
1554 		echo = packet_get_char();
1555 
1556 		response = read_passphrase(prompt, echo ? RP_ECHO : 0);
1557 
1558 		packet_put_cstring(response);
1559 		explicit_bzero(response, strlen(response));
1560 		free(response);
1561 		free(prompt);
1562 	}
1563 	packet_check_eom(); /* done with parsing incoming message. */
1564 
1565 	packet_add_padding(64);
1566 	packet_send();
1567 	return 0;
1568 }
1569 
1570 static int
1571 ssh_keysign(struct sshkey *key, u_char **sigp, size_t *lenp,
1572     const u_char *data, size_t datalen)
1573 {
1574 	struct sshbuf *b;
1575 	struct stat st;
1576 	pid_t pid;
1577 	int i, r, to[2], from[2], status, sock = packet_get_connection_in();
1578 	u_char rversion = 0, version = 2;
1579 	void (*osigchld)(int);
1580 
1581 	*sigp = NULL;
1582 	*lenp = 0;
1583 
1584 	if (stat(_PATH_SSH_KEY_SIGN, &st) < 0) {
1585 		error("%s: not installed: %s", __func__, strerror(errno));
1586 		return -1;
1587 	}
1588 	if (fflush(stdout) != 0) {
1589 		error("%s: fflush: %s", __func__, strerror(errno));
1590 		return -1;
1591 	}
1592 	if (pipe(to) < 0) {
1593 		error("%s: pipe: %s", __func__, strerror(errno));
1594 		return -1;
1595 	}
1596 	if (pipe(from) < 0) {
1597 		error("%s: pipe: %s", __func__, strerror(errno));
1598 		return -1;
1599 	}
1600 	if ((pid = fork()) < 0) {
1601 		error("%s: fork: %s", __func__, strerror(errno));
1602 		return -1;
1603 	}
1604 	osigchld = signal(SIGCHLD, SIG_DFL);
1605 	if (pid == 0) {
1606 		/* keep the socket on exec */
1607 		fcntl(sock, F_SETFD, 0);
1608 		permanently_drop_suid(getuid());
1609 		close(from[0]);
1610 		if (dup2(from[1], STDOUT_FILENO) < 0)
1611 			fatal("%s: dup2: %s", __func__, strerror(errno));
1612 		close(to[1]);
1613 		if (dup2(to[0], STDIN_FILENO) < 0)
1614 			fatal("%s: dup2: %s", __func__, strerror(errno));
1615 		close(from[1]);
1616 		close(to[0]);
1617 		/* Close everything but stdio and the socket */
1618 		for (i = STDERR_FILENO + 1; i < sock; i++)
1619 			close(i);
1620 		closefrom(sock + 1);
1621 		debug3("%s: [child] pid=%ld, exec %s",
1622 		    __func__, (long)getpid(), _PATH_SSH_KEY_SIGN);
1623 		execl(_PATH_SSH_KEY_SIGN, _PATH_SSH_KEY_SIGN, (char *)NULL);
1624 		fatal("%s: exec(%s): %s", __func__, _PATH_SSH_KEY_SIGN,
1625 		    strerror(errno));
1626 	}
1627 	close(from[1]);
1628 	close(to[0]);
1629 
1630 	if ((b = sshbuf_new()) == NULL)
1631 		fatal("%s: sshbuf_new failed", __func__);
1632 	/* send # of sock, data to be signed */
1633 	if ((r = sshbuf_put_u32(b, sock) != 0) ||
1634 	    (r = sshbuf_put_string(b, data, datalen)) != 0)
1635 		fatal("%s: buffer error: %s", __func__, ssh_err(r));
1636 	if (ssh_msg_send(to[1], version, b) == -1)
1637 		fatal("%s: couldn't send request", __func__);
1638 	sshbuf_reset(b);
1639 	r = ssh_msg_recv(from[0], b);
1640 	close(from[0]);
1641 	close(to[1]);
1642 	if (r < 0) {
1643 		error("%s: no reply", __func__);
1644 		goto fail;
1645 	}
1646 
1647 	errno = 0;
1648 	while (waitpid(pid, &status, 0) < 0) {
1649 		if (errno != EINTR) {
1650 			error("%s: waitpid %ld: %s",
1651 			    __func__, (long)pid, strerror(errno));
1652 			goto fail;
1653 		}
1654 	}
1655 	if (!WIFEXITED(status)) {
1656 		error("%s: exited abnormally", __func__);
1657 		goto fail;
1658 	}
1659 	if (WEXITSTATUS(status) != 0) {
1660 		error("%s: exited with status %d",
1661 		    __func__, WEXITSTATUS(status));
1662 		goto fail;
1663 	}
1664 	if ((r = sshbuf_get_u8(b, &rversion)) != 0) {
1665 		error("%s: buffer error: %s", __func__, ssh_err(r));
1666 		goto fail;
1667 	}
1668 	if (rversion != version) {
1669 		error("%s: bad version", __func__);
1670 		goto fail;
1671 	}
1672 	if ((r = sshbuf_get_string(b, sigp, lenp)) != 0) {
1673 		error("%s: buffer error: %s", __func__, ssh_err(r));
1674  fail:
1675 		signal(SIGCHLD, osigchld);
1676 		sshbuf_free(b);
1677 		return -1;
1678 	}
1679 	signal(SIGCHLD, osigchld);
1680 	sshbuf_free(b);
1681 
1682 	return 0;
1683 }
1684 
1685 int
1686 userauth_hostbased(Authctxt *authctxt)
1687 {
1688 	struct ssh *ssh = active_state;
1689 	struct sshkey *private = NULL;
1690 	struct sshbuf *b = NULL;
1691 	const char *service;
1692 	u_char *sig = NULL, *keyblob = NULL;
1693 	char *fp = NULL, *chost = NULL, *lname = NULL;
1694 	size_t siglen = 0, keylen = 0;
1695 	int i, r, success = 0;
1696 
1697 	if (authctxt->ktypes == NULL) {
1698 		authctxt->oktypes = xstrdup(options.hostbased_key_types);
1699 		authctxt->ktypes = authctxt->oktypes;
1700 	}
1701 
1702 	/*
1703 	 * Work through each listed type pattern in HostbasedKeyTypes,
1704 	 * trying each hostkey that matches the type in turn.
1705 	 */
1706 	for (;;) {
1707 		if (authctxt->active_ktype == NULL)
1708 			authctxt->active_ktype = strsep(&authctxt->ktypes, ",");
1709 		if (authctxt->active_ktype == NULL ||
1710 		    *authctxt->active_ktype == '\0')
1711 			break;
1712 		debug3("%s: trying key type %s", __func__,
1713 		    authctxt->active_ktype);
1714 
1715 		/* check for a useful key */
1716 		private = NULL;
1717 		for (i = 0; i < authctxt->sensitive->nkeys; i++) {
1718 			if (authctxt->sensitive->keys[i] == NULL ||
1719 			    authctxt->sensitive->keys[i]->type == KEY_RSA1 ||
1720 			    authctxt->sensitive->keys[i]->type == KEY_UNSPEC)
1721 				continue;
1722 			if (match_pattern_list(
1723 			    sshkey_ssh_name(authctxt->sensitive->keys[i]),
1724 			    authctxt->active_ktype, 0) != 1)
1725 				continue;
1726 			/* we take and free the key */
1727 			private = authctxt->sensitive->keys[i];
1728 			authctxt->sensitive->keys[i] = NULL;
1729 			break;
1730 		}
1731 		/* Found one */
1732 		if (private != NULL)
1733 			break;
1734 		/* No more keys of this type; advance */
1735 		authctxt->active_ktype = NULL;
1736 	}
1737 	if (private == NULL) {
1738 		free(authctxt->oktypes);
1739 		authctxt->oktypes = authctxt->ktypes = NULL;
1740 		authctxt->active_ktype = NULL;
1741 		debug("No more client hostkeys for hostbased authentication.");
1742 		goto out;
1743 	}
1744 
1745 	if ((fp = sshkey_fingerprint(private, options.fingerprint_hash,
1746 	    SSH_FP_DEFAULT)) == NULL) {
1747 		error("%s: sshkey_fingerprint failed", __func__);
1748 		goto out;
1749 	}
1750 	debug("%s: trying hostkey %s %s",
1751 	    __func__, sshkey_ssh_name(private), fp);
1752 
1753 	/* figure out a name for the client host */
1754 	if ((lname = get_local_name(packet_get_connection_in())) == NULL) {
1755 		error("%s: cannot get local ipaddr/name", __func__);
1756 		goto out;
1757 	}
1758 
1759 	/* XXX sshbuf_put_stringf? */
1760 	xasprintf(&chost, "%s.", lname);
1761 	debug2("%s: chost %s", __func__, chost);
1762 
1763 	service = datafellows & SSH_BUG_HBSERVICE ? "ssh-userauth" :
1764 	    authctxt->service;
1765 
1766 	/* construct data */
1767 	if ((b = sshbuf_new()) == NULL) {
1768 		error("%s: sshbuf_new failed", __func__);
1769 		goto out;
1770 	}
1771 	if ((r = sshkey_to_blob(private, &keyblob, &keylen)) != 0) {
1772 		error("%s: sshkey_to_blob: %s", __func__, ssh_err(r));
1773 		goto out;
1774 	}
1775 	if ((r = sshbuf_put_string(b, session_id2, session_id2_len)) != 0 ||
1776 	    (r = sshbuf_put_u8(b, SSH2_MSG_USERAUTH_REQUEST)) != 0 ||
1777 	    (r = sshbuf_put_cstring(b, authctxt->server_user)) != 0 ||
1778 	    (r = sshbuf_put_cstring(b, service)) != 0 ||
1779 	    (r = sshbuf_put_cstring(b, authctxt->method->name)) != 0 ||
1780 	    (r = sshbuf_put_cstring(b, key_ssh_name(private))) != 0 ||
1781 	    (r = sshbuf_put_string(b, keyblob, keylen)) != 0 ||
1782 	    (r = sshbuf_put_cstring(b, chost)) != 0 ||
1783 	    (r = sshbuf_put_cstring(b, authctxt->local_user)) != 0) {
1784 		error("%s: buffer error: %s", __func__, ssh_err(r));
1785 		goto out;
1786 	}
1787 
1788 #ifdef DEBUG_PK
1789 	sshbuf_dump(b, stderr);
1790 #endif
1791 	if (authctxt->sensitive->external_keysign)
1792 		r = ssh_keysign(private, &sig, &siglen,
1793 		    sshbuf_ptr(b), sshbuf_len(b));
1794 	else if ((r = sshkey_sign(private, &sig, &siglen,
1795 	    sshbuf_ptr(b), sshbuf_len(b), NULL, datafellows)) != 0)
1796 		debug("%s: sshkey_sign: %s", __func__, ssh_err(r));
1797 	if (r != 0) {
1798 		error("sign using hostkey %s %s failed",
1799 		    sshkey_ssh_name(private), fp);
1800 		goto out;
1801 	}
1802 	if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_REQUEST)) != 0 ||
1803 	    (r = sshpkt_put_cstring(ssh, authctxt->server_user)) != 0 ||
1804 	    (r = sshpkt_put_cstring(ssh, authctxt->service)) != 0 ||
1805 	    (r = sshpkt_put_cstring(ssh, authctxt->method->name)) != 0 ||
1806 	    (r = sshpkt_put_cstring(ssh, key_ssh_name(private))) != 0 ||
1807 	    (r = sshpkt_put_string(ssh, keyblob, keylen)) != 0 ||
1808 	    (r = sshpkt_put_cstring(ssh, chost)) != 0 ||
1809 	    (r = sshpkt_put_cstring(ssh, authctxt->local_user)) != 0 ||
1810 	    (r = sshpkt_put_string(ssh, sig, siglen)) != 0 ||
1811 	    (r = sshpkt_send(ssh)) != 0) {
1812 		error("%s: packet error: %s", __func__, ssh_err(r));
1813 		goto out;
1814 	}
1815 	success = 1;
1816 
1817  out:
1818 	if (sig != NULL) {
1819 		explicit_bzero(sig, siglen);
1820 		free(sig);
1821 	}
1822 	free(keyblob);
1823 	free(lname);
1824 	free(fp);
1825 	free(chost);
1826 	sshkey_free(private);
1827 	sshbuf_free(b);
1828 
1829 	return success;
1830 }
1831 
1832 /* find auth method */
1833 
1834 /*
1835  * given auth method name, if configurable options permit this method fill
1836  * in auth_ident field and return true, otherwise return false.
1837  */
1838 static int
1839 authmethod_is_enabled(Authmethod *method)
1840 {
1841 	if (method == NULL)
1842 		return 0;
1843 	/* return false if options indicate this method is disabled */
1844 	if  (method->enabled == NULL || *method->enabled == 0)
1845 		return 0;
1846 	/* return false if batch mode is enabled but method needs interactive mode */
1847 	if  (method->batch_flag != NULL && *method->batch_flag != 0)
1848 		return 0;
1849 	return 1;
1850 }
1851 
1852 static Authmethod *
1853 authmethod_lookup(const char *name)
1854 {
1855 	Authmethod *method = NULL;
1856 	if (name != NULL)
1857 		for (method = authmethods; method->name != NULL; method++)
1858 			if (strcmp(name, method->name) == 0)
1859 				return method;
1860 	debug2("Unrecognized authentication method name: %s", name ? name : "NULL");
1861 	return NULL;
1862 }
1863 
1864 /* XXX internal state */
1865 static Authmethod *current = NULL;
1866 static char *supported = NULL;
1867 static char *preferred = NULL;
1868 
1869 /*
1870  * Given the authentication method list sent by the server, return the
1871  * next method we should try.  If the server initially sends a nil list,
1872  * use a built-in default list.
1873  */
1874 static Authmethod *
1875 authmethod_get(char *authlist)
1876 {
1877 	char *name = NULL;
1878 	u_int next;
1879 
1880 	/* Use a suitable default if we're passed a nil list.  */
1881 	if (authlist == NULL || strlen(authlist) == 0)
1882 		authlist = options.preferred_authentications;
1883 
1884 	if (supported == NULL || strcmp(authlist, supported) != 0) {
1885 		debug3("start over, passed a different list %s", authlist);
1886 		free(supported);
1887 		supported = xstrdup(authlist);
1888 		preferred = options.preferred_authentications;
1889 		debug3("preferred %s", preferred);
1890 		current = NULL;
1891 	} else if (current != NULL && authmethod_is_enabled(current))
1892 		return current;
1893 
1894 	for (;;) {
1895 		if ((name = match_list(preferred, supported, &next)) == NULL) {
1896 			debug("No more authentication methods to try.");
1897 			current = NULL;
1898 			return NULL;
1899 		}
1900 		preferred += next;
1901 		debug3("authmethod_lookup %s", name);
1902 		debug3("remaining preferred: %s", preferred);
1903 		if ((current = authmethod_lookup(name)) != NULL &&
1904 		    authmethod_is_enabled(current)) {
1905 			debug3("authmethod_is_enabled %s", name);
1906 			debug("Next authentication method: %s", name);
1907 			free(name);
1908 			return current;
1909 		}
1910 		free(name);
1911 	}
1912 }
1913 
1914 static char *
1915 authmethods_get(void)
1916 {
1917 	Authmethod *method = NULL;
1918 	Buffer b;
1919 	char *list;
1920 
1921 	buffer_init(&b);
1922 	for (method = authmethods; method->name != NULL; method++) {
1923 		if (authmethod_is_enabled(method)) {
1924 			if (buffer_len(&b) > 0)
1925 				buffer_append(&b, ",", 1);
1926 			buffer_append(&b, method->name, strlen(method->name));
1927 		}
1928 	}
1929 	buffer_append(&b, "\0", 1);
1930 	list = xstrdup(buffer_ptr(&b));
1931 	buffer_free(&b);
1932 	return list;
1933 }
1934 
1935