diff options
Diffstat (limited to 'auth2.c')
| -rw-r--r-- | auth2.c | 131 |
1 files changed, 79 insertions, 52 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: auth2.c,v 1.149 2018/07/11 18:53:29 markus Exp $ */ +/* $OpenBSD: auth2.c,v 1.155 2019/03/25 22:34:52 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -35,6 +35,7 @@ #include <stdarg.h> #include <string.h> #include <unistd.h> +#include <time.h> #include "atomicio.h" #include "xmalloc.h" @@ -137,18 +138,21 @@ auth2_read_banner(void) return (banner); } -void -userauth_send_banner(const char *msg) +static void +userauth_send_banner(struct ssh *ssh, const char *msg) { - packet_start(SSH2_MSG_USERAUTH_BANNER); - packet_put_cstring(msg); - packet_put_cstring(""); /* language, unused */ - packet_send(); + int r; + + if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_BANNER)) != 0 || + (r = sshpkt_put_cstring(ssh, msg)) != 0 || + (r = sshpkt_put_cstring(ssh, "")) != 0 || /* language, unused */ + (r = sshpkt_send(ssh)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); debug("%s: sent", __func__); } static void -userauth_banner(void) +userauth_banner(struct ssh *ssh) { char *banner = NULL; @@ -157,7 +161,7 @@ userauth_banner(void) if ((banner = PRIVSEP(auth2_read_banner())) == NULL) goto done; - userauth_send_banner(banner); + userauth_send_banner(ssh, banner); done: free(banner); @@ -167,10 +171,10 @@ done: * loop until authctxt->success == TRUE */ void -do_authentication2(Authctxt *authctxt) +do_authentication2(struct ssh *ssh) { - struct ssh *ssh = active_state; /* XXX */ - ssh->authctxt = authctxt; /* XXX move to caller */ + Authctxt *authctxt = ssh->authctxt; + ssh_dispatch_init(ssh, &dispatch_protocol_error); ssh_dispatch_set(ssh, SSH2_MSG_SERVICE_REQUEST, &input_service_request); ssh_dispatch_run_fatal(ssh, DISPATCH_BLOCK, &authctxt->success); @@ -182,10 +186,12 @@ static int input_service_request(int type, u_int32_t seq, struct ssh *ssh) { Authctxt *authctxt = ssh->authctxt; - u_int len; - int acceptit = 0; - char *service = packet_get_cstring(&len); - packet_check_eom(); + char *service = NULL; + int r, acceptit = 0; + + if ((r = sshpkt_get_cstring(ssh, &service, NULL)) != 0 || + (r = sshpkt_get_end(ssh)) != 0) + goto out; if (authctxt == NULL) fatal("input_service_request: no authctxt"); @@ -194,20 +200,24 @@ input_service_request(int type, u_int32_t seq, struct ssh *ssh) if (!authctxt->success) { acceptit = 1; /* now we can handle user-auth requests */ - ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_REQUEST, &input_userauth_request); + ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_REQUEST, + &input_userauth_request); } } /* XXX all other service requests are denied */ if (acceptit) { - packet_start(SSH2_MSG_SERVICE_ACCEPT); - packet_put_cstring(service); - packet_send(); - packet_write_wait(); + if ((r = sshpkt_start(ssh, SSH2_MSG_SERVICE_ACCEPT)) != 0 || + (r = sshpkt_put_cstring(ssh, service)) != 0 || + (r = sshpkt_send(ssh)) != 0 || + (r = ssh_packet_write_wait(ssh)) != 0) + goto out; } else { debug("bad service request %s", service); - packet_disconnect("bad service request %s", service); + ssh_packet_disconnect(ssh, "bad service request %s", service); } + r = 0; + out: free(service); return 0; } @@ -255,16 +265,17 @@ input_userauth_request(int type, u_int32_t seq, struct ssh *ssh) { Authctxt *authctxt = ssh->authctxt; Authmethod *m = NULL; - char *user, *service, *method, *style = NULL; - int authenticated = 0; + char *user = NULL, *service = NULL, *method = NULL, *style = NULL; + int r, authenticated = 0; double tstart = monotime_double(); if (authctxt == NULL) fatal("input_userauth_request: no authctxt"); - user = packet_get_cstring(NULL); - service = packet_get_cstring(NULL); - method = packet_get_cstring(NULL); + if ((r = sshpkt_get_cstring(ssh, &user, NULL)) != 0 || + (r = sshpkt_get_cstring(ssh, &service, NULL)) != 0 || + (r = sshpkt_get_cstring(ssh, &method, NULL)) != 0) + goto out; debug("userauth-request for user %s service %s method %s", user, service, method); debug("attempt %d failures %d", authctxt->attempt, authctxt->failures); @@ -273,7 +284,7 @@ input_userauth_request(int type, u_int32_t seq, struct ssh *ssh) if (authctxt->attempt++ == 0) { /* setup auth context */ - authctxt->pw = PRIVSEP(getpwnamallow(user)); + authctxt->pw = PRIVSEP(getpwnamallow(ssh, user)); authctxt->user = xstrdup(user); if (authctxt->pw && strcmp(service, "ssh-connection")==0) { authctxt->valid = 1; @@ -283,12 +294,12 @@ input_userauth_request(int type, u_int32_t seq, struct ssh *ssh) /* Invalid user, fake password information */ authctxt->pw = fakepw(); #ifdef SSH_AUDIT_EVENTS - PRIVSEP(audit_event(SSH_INVALID_USER)); + PRIVSEP(audit_event(ssh, SSH_INVALID_USER)); #endif } #ifdef USE_PAM if (options.use_pam) - PRIVSEP(start_pam(authctxt)); + PRIVSEP(start_pam(ssh)); #endif ssh_packet_set_log_preamble(ssh, "%suser %s", authctxt->valid ? "authenticating " : "invalid ", user); @@ -298,13 +309,14 @@ input_userauth_request(int type, u_int32_t seq, struct ssh *ssh) authctxt->style = style ? xstrdup(style) : NULL; if (use_privsep) mm_inform_authserv(service, style); - userauth_banner(); + userauth_banner(ssh); if (auth2_setup_methods_lists(authctxt) != 0) - packet_disconnect("no authentication methods enabled"); + ssh_packet_disconnect(ssh, + "no authentication methods enabled"); } else if (strcmp(user, authctxt->user) != 0 || strcmp(service, authctxt->service) != 0) { - packet_disconnect("Change of username or service not allowed: " - "(%s,%s) -> (%s,%s)", + ssh_packet_disconnect(ssh, "Change of username or service " + "not allowed: (%s,%s) -> (%s,%s)", authctxt->user, authctxt->service, user, service); } /* reset state */ @@ -330,11 +342,12 @@ input_userauth_request(int type, u_int32_t seq, struct ssh *ssh) ensure_minimum_time_since(tstart, user_specific_delay(authctxt->user)); userauth_finish(ssh, authenticated, method, NULL); - + r = 0; + out: free(service); free(user); free(method); - return 0; + return r; } void @@ -343,7 +356,7 @@ userauth_finish(struct ssh *ssh, int authenticated, const char *method, { Authctxt *authctxt = ssh->authctxt; char *methods; - int partial = 0; + int r, partial = 0; if (!authctxt->valid && authenticated) fatal("INTERNAL ERROR: authenticated invalid user %s", @@ -356,7 +369,7 @@ userauth_finish(struct ssh *ssh, int authenticated, const char *method, !auth_root_allowed(ssh, method)) { authenticated = 0; #ifdef SSH_AUDIT_EVENTS - PRIVSEP(audit_event(SSH_LOGIN_ROOT_DENIED)); + PRIVSEP(audit_event(ssh, SSH_LOGIN_ROOT_DENIED)); #endif } @@ -368,7 +381,7 @@ userauth_finish(struct ssh *ssh, int authenticated, const char *method, } /* Log before sending the reply */ - auth_log(authctxt, authenticated, partial, method, submethod); + auth_log(ssh, authenticated, partial, method, submethod); /* Update information exposed to session */ if (authenticated || partial) @@ -387,8 +400,11 @@ userauth_finish(struct ssh *ssh, int authenticated, const char *method, if ((r = sshbuf_put(loginmsg, "\0", 1)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); - userauth_send_banner(sshbuf_ptr(loginmsg)); - packet_write_wait(); + userauth_send_banner(ssh, sshbuf_ptr(loginmsg)); + if ((r = ssh_packet_write_wait(ssh)) != 0) { + sshpkt_fatal(ssh, r, + "%s: send PAM banner", __func__); + } } fatal("Access denied for user %s by PAM account " "configuration", authctxt->user); @@ -398,10 +414,12 @@ userauth_finish(struct ssh *ssh, int authenticated, const char *method, if (authenticated == 1) { /* turn off userauth */ - ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_REQUEST, &dispatch_protocol_ignore); - packet_start(SSH2_MSG_USERAUTH_SUCCESS); - packet_send(); - packet_write_wait(); + ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_REQUEST, + &dispatch_protocol_ignore); + if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_SUCCESS)) != 0 || + (r = sshpkt_send(ssh)) != 0 || + (r = ssh_packet_write_wait(ssh)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); /* now we can break out */ authctxt->success = 1; ssh_packet_set_log_preamble(ssh, "user %s", authctxt->user); @@ -412,18 +430,19 @@ userauth_finish(struct ssh *ssh, int authenticated, const char *method, authctxt->failures++; if (authctxt->failures >= options.max_authtries) { #ifdef SSH_AUDIT_EVENTS - PRIVSEP(audit_event(SSH_LOGIN_EXCEED_MAXTRIES)); + PRIVSEP(audit_event(ssh, SSH_LOGIN_EXCEED_MAXTRIES)); #endif - auth_maxtries_exceeded(authctxt); + auth_maxtries_exceeded(ssh); } methods = authmethods_get(authctxt); debug3("%s: failure partial=%d next methods=\"%s\"", __func__, partial, methods); - packet_start(SSH2_MSG_USERAUTH_FAILURE); - packet_put_cstring(methods); - packet_put_char(partial); - packet_send(); - packet_write_wait(); + if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_FAILURE)) != 0 || + (r = sshpkt_put_cstring(ssh, methods)) != 0 || + (r = sshpkt_put_u8(ssh, partial)) != 0 || + (r = sshpkt_send(ssh)) != 0 || + (r = ssh_packet_write_wait(ssh)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); free(methods); } } @@ -558,6 +577,14 @@ auth2_setup_methods_lists(Authctxt *authctxt) { u_int i; + /* First, normalise away the "any" pseudo-method */ + if (options.num_auth_methods == 1 && + strcmp(options.auth_methods[0], "any") == 0) { + free(options.auth_methods[0]); + options.auth_methods[0] = NULL; + options.num_auth_methods = 0; + } + if (options.num_auth_methods == 0) return 0; debug3("%s: checking methods", __func__); |