#define SSH1_AUTH_TIS 5 /* 0x5 */
#define SSH1_AUTH_CCARD 16 /* 0x10 */
-#define SSH_AGENTC_REQUEST_RSA_IDENTITIES 1 /* 0x1 */
-#define SSH_AGENT_RSA_IDENTITIES_ANSWER 2 /* 0x2 */
-#define SSH_AGENTC_RSA_CHALLENGE 3 /* 0x3 */
-#define SSH_AGENT_RSA_RESPONSE 4 /* 0x4 */
-#define SSH_AGENT_FAILURE 5 /* 0x5 */
-#define SSH_AGENT_SUCCESS 6 /* 0x6 */
-#define SSH_AGENTC_ADD_RSA_IDENTITY 7 /* 0x7 */
-#define SSH_AGENTC_REMOVE_RSA_IDENTITY 8 /* 0x8 */
-
#define SSH2_MSG_DISCONNECT 1 /* 0x1 */
#define SSH2_MSG_IGNORE 2 /* 0x2 */
#define SSH2_MSG_UNIMPLEMENTED 3 /* 0x3 */
#define crWaitUntil(c) do { crReturn(0); } while (!(c))
#define crWaitUntilV(c) do { crReturnV; } while (!(c))
-extern const struct ssh_cipher ssh_3des;
-extern const struct ssh_cipher ssh_3des_ssh2;
-extern const struct ssh_cipher ssh_des;
-extern const struct ssh_cipher ssh_aes128_ssh2;
-extern const struct ssh_cipher ssh_aes192_ssh2;
-extern const struct ssh_cipher ssh_aes256_ssh2;
-extern const struct ssh_cipher ssh_blowfish_ssh1;
-extern const struct ssh_cipher ssh_blowfish_ssh2;
-
extern char *x11_init (Socket *, char *, void *);
extern void x11_close (Socket);
extern void x11_send (Socket , char *, int);
* SSH1. (3DES uses outer chaining; Blowfish has the opposite
* endianness and different-sized keys.)
*/
-const static struct ssh_cipher *ciphers[] = {
- &ssh_aes256_ssh2,
- &ssh_aes192_ssh2,
- &ssh_aes128_ssh2,
- &ssh_blowfish_ssh2,
- &ssh_3des_ssh2
+const static struct ssh2_ciphers *ciphers[] = {
+ &ssh2_aes,
+ &ssh2_blowfish,
+ &ssh2_3des,
};
-extern const struct ssh_kex ssh_diffiehellman;
-extern const struct ssh_kex ssh_diffiehellman_gex;
const static struct ssh_kex *kex_algs[] = {
#ifdef DO_DIFFIE_HELLMAN_GEX
&ssh_diffiehellman_gex,
#endif
&ssh_diffiehellman };
-extern const struct ssh_signkey ssh_dss;
-const static struct ssh_signkey *hostkey_algs[] = { &ssh_dss };
-
-extern const struct ssh_mac ssh_md5, ssh_sha1, ssh_sha1_buggy;
+const static struct ssh_signkey *hostkey_algs[] = { &ssh_rsa, &ssh_dss };
static void nullmac_key(unsigned char *key) { }
static void nullmac_generate(unsigned char *blk, int len, unsigned long seq) { }
static int ssh_agentfwd_enabled;
static int ssh_X11_fwd_enabled;
static const struct ssh_cipher *cipher = NULL;
-static const struct ssh_cipher *cscipher = NULL;
-static const struct ssh_cipher *sccipher = NULL;
+static const struct ssh2_cipher *cscipher = NULL;
+static const struct ssh2_cipher *sccipher = NULL;
static const struct ssh_mac *csmac = NULL;
static const struct ssh_mac *scmac = NULL;
static const struct ssh_compress *cscomp = NULL;
static const struct ssh_compress *sccomp = NULL;
static const struct ssh_kex *kex = NULL;
static const struct ssh_signkey *hostkey = NULL;
+static unsigned char ssh2_session_id[20];
int (*ssh_get_password)(const char *prompt, char *str, int maxlen) = NULL;
static char *savedhost;
from_backend(1, buf, len);
}
+static void c_write_str (char *buf) {
+ c_write(buf, strlen(buf));
+}
+
/*
* Collect incoming data in the incoming packet buffer.
* Decipher and verify the packet when it is completely read.
pktin.savedpos += 4;
return value;
}
+static int ssh2_pkt_getbool(void) {
+ unsigned long value;
+ if (pktin.length - pktin.savedpos < 1)
+ return 0; /* arrgh, no way to decline (FIXME?) */
+ value = pktin.data[pktin.savedpos] != 0;
+ pktin.savedpos++;
+ return value;
+}
static void ssh2_pkt_getstring(char **p, int *length) {
*p = NULL;
if (pktin.length - pktin.savedpos < 4)
logevent("Encrypted session key");
- cipher_type = cfg.cipher == CIPHER_BLOWFISH ? SSH_CIPHER_BLOWFISH :
- cfg.cipher == CIPHER_DES ? SSH_CIPHER_DES :
- SSH_CIPHER_3DES;
+ switch (cfg.cipher) {
+ case CIPHER_BLOWFISH: cipher_type = SSH_CIPHER_BLOWFISH; break;
+ case CIPHER_DES: cipher_type = SSH_CIPHER_DES; break;
+ case CIPHER_3DES: cipher_type = SSH_CIPHER_3DES; break;
+ case CIPHER_AES:
+ c_write_str("AES not supported in SSH1, falling back to 3DES\r\n");
+ cipher_type = SSH_CIPHER_3DES;
+ break;
+ }
if ((supported_ciphers_mask & (1 << cipher_type)) == 0) {
- c_write("Selected cipher not supported, falling back to 3DES\r\n", 53);
+ c_write_str("Selected cipher not supported, falling back to 3DES\r\n");
cipher_type = SSH_CIPHER_3DES;
}
switch (cipher_type) {
static int pos = 0;
static char c;
if ((flags & FLAG_INTERACTIVE) && !*cfg.username) {
- c_write("login as: ", 10);
+ c_write_str("login as: ");
ssh_send_ok = 1;
while (pos >= 0) {
crWaitUntil(!ispkt);
break;
case 8: case 127:
if (pos > 0) {
- c_write("\b \b", 3);
+ c_write_str("\b \b");
pos--;
}
break;
case 21: case 27:
while (pos > 0) {
- c_write("\b \b", 3);
+ c_write_str("\b \b");
pos--;
}
break;
break;
}
}
- c_write("\r\n", 2);
+ c_write_str("\r\n");
username[strcspn(username, "\n\r")] = '\0';
} else {
strncpy(username, cfg.username, 99);
if (flags & FLAG_INTERACTIVE &&
(!((flags & FLAG_STDERR) && (flags & FLAG_VERBOSE)))) {
strcat(userlog, "\r\n");
- c_write(userlog, strlen(userlog));
+ c_write_str(userlog);
}
}
}
/* Request the keys held by the agent. */
PUT_32BIT(request, 1);
- request[4] = SSH_AGENTC_REQUEST_RSA_IDENTITIES;
+ request[4] = SSH1_AGENTC_REQUEST_RSA_IDENTITIES;
agent_query(request, 5, &r, &responselen);
response = (unsigned char *)r;
if (response) {
agentreq = smalloc(4 + len);
PUT_32BIT(agentreq, len);
q = agentreq + 4;
- *q++ = SSH_AGENTC_RSA_CHALLENGE;
+ *q++ = SSH1_AGENTC_RSA_CHALLENGE;
PUT_32BIT(q, ssh1_bignum_bitcount(key.modulus));
q += 4;
q += ssh1_write_bignum(q, key.exponent);
agent_query(agentreq, len+4, &ret, &retlen);
sfree(agentreq);
if (ret) {
- if (ret[4] == SSH_AGENT_RSA_RESPONSE) {
+ if (ret[4] == SSH1_AGENT_RSA_RESPONSE) {
logevent("Sending Pageant's response");
send_packet(SSH1_CMSG_AUTH_RSA_RESPONSE,
PKT_DATA, ret+5, 16, PKT_END);
if (pktin.type == SSH1_SMSG_SUCCESS) {
logevent("Pageant's response accepted");
if (flags & FLAG_VERBOSE) {
- c_write("Authenticated using RSA key \"",
- 29);
+ c_write_str("Authenticated using RSA key \"");
c_write(commentp, commentlen);
- c_write("\" from agent\r\n", 14);
+ c_write_str("\" from agent\r\n");
}
authed = TRUE;
} else
if (pktin.type != SSH1_SMSG_AUTH_TIS_CHALLENGE) {
logevent("TIS authentication declined");
if (flags & FLAG_INTERACTIVE)
- c_write("TIS authentication refused.\r\n", 29);
+ c_write_str("TIS authentication refused.\r\n");
} else {
int challengelen = ((pktin.body[0] << 24) |
(pktin.body[1] << 16) |
crWaitUntil(ispkt);
if (pktin.type != SSH1_SMSG_AUTH_CCARD_CHALLENGE) {
logevent("CryptoCard authentication declined");
- c_write("CryptoCard authentication refused.\r\n", 29);
+ c_write_str("CryptoCard authentication refused.\r\n");
} else {
int challengelen = ((pktin.body[0] << 24) |
(pktin.body[1] << 16) |
if (pwpkt_type == SSH1_CMSG_AUTH_RSA) {
char *comment = NULL;
if (flags & FLAG_VERBOSE)
- c_write("Trying public key authentication.\r\n", 35);
+ c_write_str("Trying public key authentication.\r\n");
if (!rsakey_encrypted(cfg.keyfile, &comment)) {
if (flags & FLAG_VERBOSE)
- c_write("No passphrase required.\r\n", 25);
+ c_write_str("No passphrase required.\r\n");
goto tryauth;
}
sprintf(prompt, "Passphrase for key \"%.100s\": ", comment);
crReturn(1);
}
} else {
- c_write(prompt, strlen(prompt));
+ c_write_str(prompt);
pos = 0;
ssh_send_ok = 1;
while (pos >= 0) {
break;
}
}
- c_write("\r\n", 2);
+ c_write_str("\r\n");
}
tryauth:
static unsigned char buffer[32];
tried_publickey = 1;
- i = loadrsakey(cfg.keyfile, &pubkey, NULL, password);
+ i = loadrsakey(cfg.keyfile, &pubkey, password);
if (i == 0) {
- c_write("Couldn't load public key from ", 30);
- c_write(cfg.keyfile, strlen(cfg.keyfile));
- c_write(".\r\n", 3);
+ c_write_str("Couldn't load public key from ");
+ c_write_str(cfg.keyfile);
+ c_write_str(".\r\n");
continue; /* go and try password */
}
if (i == -1) {
- c_write("Wrong passphrase.\r\n", 19);
+ c_write_str("Wrong passphrase.\r\n");
tried_publickey = 0;
continue; /* try again */
}
crWaitUntil(ispkt);
if (pktin.type == SSH1_SMSG_FAILURE) {
- c_write("Server refused our public key.\r\n", 32);
+ c_write_str("Server refused our public key.\r\n");
continue; /* go and try password */
}
if (pktin.type != SSH1_SMSG_AUTH_RSA_CHALLENGE) {
crWaitUntil(ispkt);
if (pktin.type == SSH1_SMSG_FAILURE) {
if (flags & FLAG_VERBOSE)
- c_write("Failed to authenticate with our public key.\r\n",
- 45);
+ c_write_str("Failed to authenticate with our public key.\r\n");
continue; /* go and try password */
} else if (pktin.type != SSH1_SMSG_SUCCESS) {
bombout(("Bizarre response to RSA authentication response"));
crWaitUntil(ispkt);
if (pktin.type == SSH1_SMSG_FAILURE) {
if (flags & FLAG_VERBOSE)
- c_write("Access denied\r\n", 15);
+ c_write_str("Access denied\r\n");
logevent("Authentication refused");
} else if (pktin.type == SSH1_MSG_DISCONNECT) {
logevent("Received disconnect request");
bombout(("Protocol confusion"));
crReturnV;
} else if (pktin.type == SSH1_SMSG_FAILURE) {
- c_write("Server refused to allocate pty\r\n", 32);
+ c_write_str("Server refused to allocate pty\r\n");
ssh_editing = ssh_echoing = 1;
}
logevent("Allocated pty");
bombout(("Protocol confusion"));
crReturnV;
} else if (pktin.type == SSH1_SMSG_FAILURE) {
- c_write("Server refused to compress\r\n", 32);
+ c_write_str("Server refused to compress\r\n");
}
logevent("Started compression");
ssh1_compressing = TRUE;
*/
static int do_ssh2_transport(unsigned char *in, int inlen, int ispkt)
{
- static int i, len, nbits;
+ static int i, j, len, nbits;
static char *str;
static Bignum p, g, e, f, K;
static int kex_init_value, kex_reply_value;
static const struct ssh_mac **maclist;
static int nmacs;
- static const struct ssh_cipher *cscipher_tobe = NULL;
- static const struct ssh_cipher *sccipher_tobe = NULL;
+ static const struct ssh2_cipher *cscipher_tobe = NULL;
+ static const struct ssh2_cipher *sccipher_tobe = NULL;
static const struct ssh_mac *csmac_tobe = NULL;
static const struct ssh_mac *scmac_tobe = NULL;
static const struct ssh_compress *cscomp_tobe = NULL;
static int hostkeylen, siglen;
static void *hkey; /* actual host key */
static unsigned char exchange_hash[20];
- static unsigned char first_exchange_hash[20];
static unsigned char keyspace[40];
- static const struct ssh_cipher *preferred_cipher;
+ static const struct ssh2_ciphers *preferred_cipher;
static const struct ssh_compress *preferred_comp;
static int first_kex;
* Set up the preferred cipher and compression.
*/
if (cfg.cipher == CIPHER_BLOWFISH) {
- preferred_cipher = &ssh_blowfish_ssh2;
+ preferred_cipher = &ssh2_blowfish;
} else if (cfg.cipher == CIPHER_DES) {
logevent("Single DES not supported in SSH2; using 3DES");
- preferred_cipher = &ssh_3des_ssh2;
+ preferred_cipher = &ssh2_3des;
} else if (cfg.cipher == CIPHER_3DES) {
- preferred_cipher = &ssh_3des_ssh2;
+ preferred_cipher = &ssh2_3des;
+ } else if (cfg.cipher == CIPHER_AES) {
+ preferred_cipher = &ssh2_aes;
} else {
/* Shouldn't happen, but we do want to initialise to _something_. */
- preferred_cipher = &ssh_3des_ssh2;
+ preferred_cipher = &ssh2_3des;
}
if (cfg.compression)
preferred_comp = &ssh_zlib;
/* List client->server encryption algorithms. */
ssh2_pkt_addstring_start();
for (i = 0; i < lenof(ciphers)+1; i++) {
- const struct ssh_cipher *c = i==0 ? preferred_cipher : ciphers[i-1];
- ssh2_pkt_addstring_str(c->name);
- if (i < lenof(ciphers))
- ssh2_pkt_addstring_str(",");
+ const struct ssh2_ciphers *c = i==0 ? preferred_cipher : ciphers[i-1];
+ for (j = 0; j < c->nciphers; j++) {
+ ssh2_pkt_addstring_str(c->list[j]->name);
+ if (i < lenof(ciphers) || j < c->nciphers-1)
+ ssh2_pkt_addstring_str(",");
+ }
}
/* List server->client encryption algorithms. */
ssh2_pkt_addstring_start();
for (i = 0; i < lenof(ciphers)+1; i++) {
- const struct ssh_cipher *c = i==0 ? preferred_cipher : ciphers[i-1];
- ssh2_pkt_addstring_str(c->name);
- if (i < lenof(ciphers))
- ssh2_pkt_addstring_str(",");
+ const struct ssh2_ciphers *c = i==0 ? preferred_cipher : ciphers[i-1];
+ for (j = 0; j < c->nciphers; j++) {
+ ssh2_pkt_addstring_str(c->list[j]->name);
+ if (i < lenof(ciphers) || j < c->nciphers-1)
+ ssh2_pkt_addstring_str(",");
+ }
}
/* List client->server MAC algorithms. */
ssh2_pkt_addstring_start();
}
ssh2_pkt_getstring(&str, &len); /* client->server cipher */
for (i = 0; i < lenof(ciphers)+1; i++) {
- const struct ssh_cipher *c = i==0 ? preferred_cipher : ciphers[i-1];
- if (in_commasep_string(c->name, str, len)) {
- cscipher_tobe = c;
- break;
+ const struct ssh2_ciphers *c = i==0 ? preferred_cipher : ciphers[i-1];
+ for (j = 0; j < c->nciphers; j++) {
+ if (in_commasep_string(c->list[j]->name, str, len)) {
+ cscipher_tobe = c->list[j];
+ break;
+ }
}
+ if (cscipher_tobe)
+ break;
}
ssh2_pkt_getstring(&str, &len); /* server->client cipher */
for (i = 0; i < lenof(ciphers)+1; i++) {
- const struct ssh_cipher *c = i==0 ? preferred_cipher : ciphers[i-1];
- if (in_commasep_string(c->name, str, len)) {
- sccipher_tobe = c;
- break;
+ const struct ssh2_ciphers *c = i==0 ? preferred_cipher : ciphers[i-1];
+ for (j = 0; j < c->nciphers; j++) {
+ if (in_commasep_string(c->list[j]->name, str, len)) {
+ sccipher_tobe = c->list[j];
+ break;
+ }
}
+ if (sccipher_tobe)
+ break;
}
ssh2_pkt_getstring(&str, &len); /* client->server mac */
for (i = 0; i < nmacs; i++) {
* _first_ key exchange.
*/
if (first_kex)
- memcpy(first_exchange_hash, exchange_hash, sizeof(exchange_hash));
- ssh2_mkkey(K, exchange_hash, first_exchange_hash, 'C', keyspace);
+ memcpy(ssh2_session_id, exchange_hash, sizeof(exchange_hash));
+ ssh2_mkkey(K, exchange_hash, ssh2_session_id, 'C', keyspace);
cscipher->setcskey(keyspace);
- ssh2_mkkey(K, exchange_hash, first_exchange_hash, 'D', keyspace);
+ ssh2_mkkey(K, exchange_hash, ssh2_session_id, 'D', keyspace);
sccipher->setsckey(keyspace);
- ssh2_mkkey(K, exchange_hash, first_exchange_hash, 'A', keyspace);
+ ssh2_mkkey(K, exchange_hash, ssh2_session_id, 'A', keyspace);
cscipher->setcsiv(keyspace);
- ssh2_mkkey(K, exchange_hash, first_exchange_hash, 'B', keyspace);
+ ssh2_mkkey(K, exchange_hash, ssh2_session_id, 'B', keyspace);
sccipher->setsciv(keyspace);
- ssh2_mkkey(K, exchange_hash, first_exchange_hash, 'E', keyspace);
+ ssh2_mkkey(K, exchange_hash, ssh2_session_id, 'E', keyspace);
csmac->setcskey(keyspace);
- ssh2_mkkey(K, exchange_hash, first_exchange_hash, 'F', keyspace);
+ ssh2_mkkey(K, exchange_hash, ssh2_session_id, 'F', keyspace);
scmac->setsckey(keyspace);
/*
{
static unsigned long remote_winsize;
static unsigned long remote_maxpkt;
+ static enum {
+ AUTH_INVALID, AUTH_PUBLICKEY_AGENT, AUTH_PUBLICKEY_FILE, AUTH_PASSWORD
+ } method;
+ static enum {
+ AUTH_TYPE_NONE,
+ AUTH_TYPE_PUBLICKEY,
+ AUTH_TYPE_PUBLICKEY_OFFER_LOUD,
+ AUTH_TYPE_PUBLICKEY_OFFER_QUIET,
+ AUTH_TYPE_PASSWORD
+ } type;
+ static int gotit, need_pw, can_pubkey, can_passwd;
+ static int tried_pubkey_config, tried_agent;
+ static int we_are_in;
+ static char username[100];
+ static char pwprompt[200];
+ static char password[100];
crBegin;
}
/*
- * FIXME: currently we support only password authentication.
- * (This places us technically in violation of the SSH2 spec.
- * We must fix this.)
+ * We repeat this whole loop, including the username prompt,
+ * until we manage a successful authentication. If the user
+ * types the wrong _password_, they are sent back to the
+ * beginning to try another username. (If they specify a
+ * username in the config, they are never asked, even if they
+ * do give a wrong password.)
+ *
+ * I think this best serves the needs of
+ *
+ * - the people who have no configuration, no keys, and just
+ * want to try repeated (username,password) pairs until they
+ * type both correctly
+ *
+ * - people who have keys and configuration but occasionally
+ * need to fall back to passwords
+ *
+ * - people with a key held in Pageant, who might not have
+ * logged in to a particular machine before; so they want to
+ * type a username, and then _either_ their key will be
+ * accepted, _or_ they will type a password. If they mistype
+ * the username they will want to be able to get back and
+ * retype it!
*/
- while (1) {
- /*
- * Get a username and a password.
- */
- static char username[100];
- static char password[100];
- static int pos = 0;
+ do {
+ static int pos;
static char c;
+ /*
+ * Get a username.
+ */
+ pos = 0;
if ((flags & FLAG_INTERACTIVE) && !*cfg.username) {
- c_write("login as: ", 10);
- ssh_send_ok = 1;
+ c_write_str("login as: ");
+ ssh_send_ok = 1;
while (pos >= 0) {
crWaitUntilV(!ispkt);
while (inlen--) switch (c = *in++) {
break;
case 8: case 127:
if (pos > 0) {
- c_write("\b \b", 3);
+ c_write_str("\b \b");
pos--;
}
break;
case 21: case 27:
while (pos > 0) {
- c_write("\b \b", 3);
+ c_write_str("\b \b");
pos--;
}
break;
break;
default:
if (((c >= ' ' && c <= '~') ||
- ((unsigned char)c >= 160)) && pos < 40) {
+ ((unsigned char)c >= 160)) && pos < 40) {
username[pos++] = c;
c_write(&c, 1);
}
break;
}
}
- c_write("\r\n", 2);
+ c_write_str("\r\n");
username[strcspn(username, "\n\r")] = '\0';
} else {
char stuff[200];
strncpy(username, cfg.username, 99);
username[99] = '\0';
- if ((flags & FLAG_VERBOSE) || (flags & FLAG_INTERACTIVE)) {
+ if ((flags & FLAG_VERBOSE) || (flags & FLAG_INTERACTIVE)) {
sprintf(stuff, "Using username \"%s\".\r\n", username);
- c_write(stuff, strlen(stuff));
+ c_write_str(stuff);
}
}
- if (ssh_get_password) {
- char prompt[200];
- sprintf(prompt, "%.90s@%.90s's password: ", username, savedhost);
- if (!ssh_get_password(prompt, password, sizeof(password))) {
- /*
- * get_password failed to get a password (for
- * example because one was supplied on the command
- * line which has already failed to work).
- * Terminate.
- */
- logevent("No more passwords to try");
- ssh_state = SSH_STATE_CLOSED;
- crReturnV;
- }
- } else {
- c_write("password: ", 10);
- ssh_send_ok = 1;
+ /*
+ * Send an authentication request using method "none": (a)
+ * just in case it succeeds, and (b) so that we know what
+ * authentication methods we can usefully try next.
+ */
+ ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
+ ssh2_pkt_addstring(username);
+ ssh2_pkt_addstring("ssh-connection"); /* service requested */
+ ssh2_pkt_addstring("none"); /* method */
+ ssh2_pkt_send();
+ type = AUTH_TYPE_NONE;
+ gotit = FALSE;
+ we_are_in = FALSE;
+
+ tried_pubkey_config = FALSE;
+ tried_agent = FALSE;
+
+ while (1) {
+ /*
+ * Wait for the result of the last authentication request.
+ */
+ if (!gotit)
+ crWaitUntilV(ispkt);
+ while (pktin.type == SSH2_MSG_USERAUTH_BANNER) {
+ /* FIXME: should support this */
+ crWaitUntilV(ispkt);
+ }
+ if (pktin.type == SSH2_MSG_USERAUTH_SUCCESS) {
+ logevent("Access granted");
+ we_are_in = TRUE;
+ break;
+ }
- pos = 0;
- while (pos >= 0) {
- crWaitUntilV(!ispkt);
- while (inlen--) switch (c = *in++) {
- case 10: case 13:
- password[pos] = 0;
- pos = -1;
- break;
- case 8: case 127:
- if (pos > 0)
- pos--;
- break;
- case 21: case 27:
- pos = 0;
- break;
- case 3: case 4:
- random_save_seed();
- exit(0);
- break;
- default:
- if (((c >= ' ' && c <= '~') ||
- ((unsigned char)c >= 160)) && pos < 40)
- password[pos++] = c;
- break;
- }
- }
- c_write("\r\n", 2);
- }
+ if (pktin.type != SSH2_MSG_USERAUTH_FAILURE) {
+ bombout(("Strange packet received during authentication: type %d",
+ pktin.type));
+ }
- /*
- * We send the password packet lumped tightly together with
- * an SSH_MSG_IGNORE packet. The IGNORE packet contains a
- * string long enough to make the total length of the two
- * packets constant. This should ensure that a passive
- * listener doing traffic analyis can't work out the length
- * of the password.
- *
- * For this to work, we need an assumption about the
- * maximum length of the password packet. I think 256 is
- * pretty conservative. Anyone using a password longer than
- * that probably doesn't have much to worry about from
- * people who find out how long their password is!
- */
- ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
- ssh2_pkt_addstring(username);
- ssh2_pkt_addstring("ssh-connection"); /* service requested */
- ssh2_pkt_addstring("password");
- ssh2_pkt_addbool(FALSE);
- ssh2_pkt_addstring(password);
- ssh2_pkt_defer();
- /*
- * We'll include a string that's an exact multiple of the
- * cipher block size. If the cipher is NULL for some
- * reason, we don't do this trick at all because we gain
- * nothing by it.
- */
- if (cscipher) {
- int i, j;
- ssh2_pkt_init(SSH2_MSG_IGNORE);
- ssh2_pkt_addstring_start();
- for (i = deferred_len; i <= 256; i += cscipher->blksize) {
- for (j = 0; j < cscipher->blksize; j++) {
- char c = (char)random_byte();
- ssh2_pkt_addstring_data(&c, 1);
- }
- }
- ssh2_pkt_defer();
- }
- ssh2_pkt_defersend();
+ gotit = FALSE;
+
+ /*
+ * OK, we're now sitting on a USERAUTH_FAILURE message, so
+ * we can look at the string in it and know what we can
+ * helpfully try next.
+ */
+ {
+ char *methods;
+ int methlen;
+ ssh2_pkt_getstring(&methods, &methlen);
+ if (!ssh2_pkt_getbool()) {
+ /*
+ * We have received an unequivocal Access
+ * Denied. This can translate to a variety of
+ * messages:
+ *
+ * - if we'd just tried "none" authentication,
+ * it's not worth printing anything at all
+ *
+ * - if we'd just tried a public key _offer_,
+ * the message should be "Server refused our
+ * key" (or no message at all if the key
+ * came from Pageant)
+ *
+ * - if we'd just tried anything else, the
+ * message really should be "Access denied".
+ *
+ * Additionally, if we'd just tried password
+ * authentication, we should break out of this
+ * whole loop so as to go back to the username
+ * prompt.
+ */
+ if (type == AUTH_TYPE_NONE) {
+ /* do nothing */
+ } else if (type == AUTH_TYPE_PUBLICKEY_OFFER_LOUD ||
+ type == AUTH_TYPE_PUBLICKEY_OFFER_QUIET) {
+ if (type == AUTH_TYPE_PUBLICKEY_OFFER_LOUD)
+ c_write_str("Server refused our key\r\n");
+ logevent("Server refused public key");
+ } else {
+ c_write_str("Access denied\r\n");
+ logevent("Access denied");
+ if (type == AUTH_TYPE_PASSWORD) {
+ we_are_in = FALSE;
+ break;
+ }
+ }
+ } else {
+ c_write_str("Further authentication required\r\n");
+ logevent("Further authentication required");
+ }
- crWaitUntilV(ispkt);
- if (pktin.type != SSH2_MSG_USERAUTH_SUCCESS) {
- c_write("Access denied\r\n", 15);
- logevent("Authentication refused");
- } else
- break;
- }
+ can_pubkey = in_commasep_string("publickey", methods, methlen);
+ can_passwd = in_commasep_string("password", methods, methlen);
+ }
+
+ method = 0;
+
+ if (!method && can_pubkey && agent_exists && !tried_agent) {
+ /*
+ * Attempt public-key authentication using Pageant.
+ */
+ static unsigned char request[5], *response, *p;
+ static int responselen;
+ static int i, nkeys;
+ static int authed = FALSE;
+ void *r;
+
+ tried_agent = TRUE;
+
+ logevent("Pageant is running. Requesting keys.");
+
+ /* Request the keys held by the agent. */
+ PUT_32BIT(request, 1);
+ request[4] = SSH2_AGENTC_REQUEST_IDENTITIES;
+ agent_query(request, 5, &r, &responselen);
+ response = (unsigned char *)r;
+ if (response) {
+ p = response + 5;
+ nkeys = GET_32BIT(p); p += 4;
+ { char buf[64]; sprintf(buf, "Pageant has %d keys", nkeys);
+ logevent(buf); }
+ for (i = 0; i < nkeys; i++) {
+ static char *pkblob, *alg, *commentp;
+ static int pklen, alglen, commentlen;
+ static int siglen, retlen, len;
+ static char *q, *agentreq, *ret;
+
+ { char buf[64]; sprintf(buf, "Trying Pageant key #%d", i);
+ logevent(buf); }
+ pklen = GET_32BIT(p); p += 4;
+ pkblob = p; p += pklen;
+ alglen = GET_32BIT(pkblob);
+ alg = pkblob + 4;
+ commentlen = GET_32BIT(p); p += 4;
+ commentp = p; p += commentlen;
+ ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
+ ssh2_pkt_addstring(username);
+ ssh2_pkt_addstring("ssh-connection");/* service requested */
+ ssh2_pkt_addstring("publickey");/* method */
+ ssh2_pkt_addbool(FALSE); /* no signature included */
+ ssh2_pkt_addstring_start();
+ ssh2_pkt_addstring_data(alg, alglen);
+ ssh2_pkt_addstring_start();
+ ssh2_pkt_addstring_data(pkblob, pklen);
+ ssh2_pkt_send();
+
+ crWaitUntilV(ispkt);
+ if (pktin.type != SSH2_MSG_USERAUTH_PK_OK) {
+ logevent("Key refused");
+ continue;
+ }
+
+ c_write_str("Authenticating with public key \"");
+ c_write(commentp, commentlen);
+ c_write_str("\" from agent\r\n");
+
+ /*
+ * Server is willing to accept the key.
+ * Construct a SIGN_REQUEST.
+ */
+ ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
+ ssh2_pkt_addstring(username);
+ ssh2_pkt_addstring("ssh-connection"); /* service requested */
+ ssh2_pkt_addstring("publickey"); /* method */
+ ssh2_pkt_addbool(TRUE);
+ ssh2_pkt_addstring_start();
+ ssh2_pkt_addstring_data(alg, alglen);
+ ssh2_pkt_addstring_start();
+ ssh2_pkt_addstring_data(pkblob, pklen);
+
+ siglen = pktout.length - 5 + 4 + 20;
+ len = 1; /* message type */
+ len += 4 + pklen; /* key blob */
+ len += 4 + siglen; /* data to sign */
+ len += 4; /* flags */
+ agentreq = smalloc(4 + len);
+ PUT_32BIT(agentreq, len);
+ q = agentreq + 4;
+ *q++ = SSH2_AGENTC_SIGN_REQUEST;
+ PUT_32BIT(q, pklen); q += 4;
+ memcpy(q, pkblob, pklen); q += pklen;
+ PUT_32BIT(q, siglen); q += 4;
+ /* Now the data to be signed... */
+ PUT_32BIT(q, 20); q += 4;
+ memcpy(q, ssh2_session_id, 20); q += 20;
+ memcpy(q, pktout.data+5, pktout.length-5);
+ q += pktout.length-5;
+ /* And finally the (zero) flags word. */
+ PUT_32BIT(q, 0);
+ agent_query(agentreq, len+4, &ret, &retlen);
+ sfree(agentreq);
+ if (ret) {
+ if (ret[4] == SSH2_AGENT_SIGN_RESPONSE) {
+ logevent("Sending Pageant's response");
+ ssh2_pkt_addstring_start();
+ ssh2_pkt_addstring_data(ret+9, GET_32BIT(ret+5));
+ ssh2_pkt_send();
+ authed = TRUE;
+ break;
+ } else {
+ logevent("Pageant failed to answer challenge");
+ sfree(ret);
+ }
+ }
+ }
+ if (authed)
+ continue;
+ }
+ }
+
+ if (!method && can_pubkey && *cfg.keyfile && !tried_pubkey_config) {
+ unsigned char *pub_blob;
+ char *algorithm, *comment;
+ int pub_blob_len;
+
+ tried_pubkey_config = TRUE;
+
+ /*
+ * Try the public key supplied in the configuration.
+ *
+ * First, offer the public blob to see if the server is
+ * willing to accept it.
+ */
+ pub_blob = ssh2_userkey_loadpub(cfg.keyfile, &algorithm,
+ &pub_blob_len);
+ if (pub_blob) {
+ ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
+ ssh2_pkt_addstring(username);
+ ssh2_pkt_addstring("ssh-connection"); /* service requested */
+ ssh2_pkt_addstring("publickey");/* method */
+ ssh2_pkt_addbool(FALSE); /* no signature included */
+ ssh2_pkt_addstring(algorithm);
+ ssh2_pkt_addstring_start();
+ ssh2_pkt_addstring_data(pub_blob, pub_blob_len);
+ ssh2_pkt_send();
+ logevent("Offered public key"); /* FIXME */
+
+ crWaitUntilV(ispkt);
+ if (pktin.type != SSH2_MSG_USERAUTH_PK_OK) {
+ gotit = TRUE;
+ type = AUTH_TYPE_PUBLICKEY_OFFER_LOUD;
+ continue; /* key refused; give up on it */
+ }
+
+ logevent("Offer of public key accepted");
+ /*
+ * Actually attempt a serious authentication using
+ * the key.
+ */
+ if (ssh2_userkey_encrypted(cfg.keyfile, &comment)) {
+ sprintf(pwprompt, "Passphrase for key \"%.100s\": ", comment);
+ need_pw = TRUE;
+ } else {
+ need_pw = FALSE;
+ }
+ c_write_str("Authenticating with public key \"");
+ c_write_str(comment);
+ c_write_str("\"\r\n");
+ method = AUTH_PUBLICKEY_FILE;
+ }
+ }
+
+ if (!method && can_passwd) {
+ method = AUTH_PASSWORD;
+ sprintf(pwprompt, "%.90s@%.90s's password: ", username, savedhost);
+ need_pw = TRUE;
+ }
+
+ if (need_pw) {
+ if (ssh_get_password) {
+ if (!ssh_get_password(pwprompt, password, sizeof(password))) {
+ /*
+ * get_password failed to get a password (for
+ * example because one was supplied on the command
+ * line which has already failed to work).
+ * Terminate.
+ */
+ logevent("No more passwords to try");
+ ssh_state = SSH_STATE_CLOSED;
+ crReturnV;
+ }
+ } else {
+ static int pos = 0;
+ static char c;
+
+ c_write_str(pwprompt);
+ ssh_send_ok = 1;
+
+ pos = 0;
+ while (pos >= 0) {
+ crWaitUntilV(!ispkt);
+ while (inlen--) switch (c = *in++) {
+ case 10: case 13:
+ password[pos] = 0;
+ pos = -1;
+ break;
+ case 8: case 127:
+ if (pos > 0)
+ pos--;
+ break;
+ case 21: case 27:
+ pos = 0;
+ break;
+ case 3: case 4:
+ random_save_seed();
+ exit(0);
+ break;
+ default:
+ if (((c >= ' ' && c <= '~') ||
+ ((unsigned char)c >= 160)) && pos < 40)
+ password[pos++] = c;
+ break;
+ }
+ }
+ c_write_str("\r\n");
+ }
+ }
+
+ if (method == AUTH_PUBLICKEY_FILE) {
+ /*
+ * We have our passphrase. Now try the actual authentication.
+ */
+ struct ssh2_userkey *key;
+
+ key = ssh2_load_userkey(cfg.keyfile, password);
+ if (key == SSH2_WRONG_PASSPHRASE || key == NULL) {
+ if (key == SSH2_WRONG_PASSPHRASE) {
+ c_write_str("Wrong passphrase\r\n");
+ tried_pubkey_config = FALSE;
+ } else {
+ c_write_str("Unable to load private key\r\n");
+ tried_pubkey_config = TRUE;
+ }
+ /* Send a spurious AUTH_NONE to return to the top. */
+ ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
+ ssh2_pkt_addstring(username);
+ ssh2_pkt_addstring("ssh-connection"); /* service requested */
+ ssh2_pkt_addstring("none"); /* method */
+ ssh2_pkt_send();
+ type = AUTH_TYPE_NONE;
+ } else {
+ unsigned char *blob, *sigdata;
+ int blob_len, sigdata_len;
+
+ /*
+ * We have loaded the private key and the server
+ * has announced that it's willing to accept it.
+ * Hallelujah. Generate a signature and send it.
+ */
+ ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
+ ssh2_pkt_addstring(username);
+ ssh2_pkt_addstring("ssh-connection"); /* service requested */
+ ssh2_pkt_addstring("publickey"); /* method */
+ ssh2_pkt_addbool(TRUE);
+ ssh2_pkt_addstring(key->alg->name);
+ blob = key->alg->public_blob(key->data, &blob_len);
+ ssh2_pkt_addstring_start();
+ ssh2_pkt_addstring_data(blob, blob_len);
+ sfree(blob);
+
+ /*
+ * The data to be signed is:
+ *
+ * string session-id
+ *
+ * followed by everything so far placed in the
+ * outgoing packet.
+ */
+ sigdata_len = pktout.length - 5 + 4 + 20;
+ sigdata = smalloc(sigdata_len);
+ PUT_32BIT(sigdata, 20);
+ memcpy(sigdata+4, ssh2_session_id, 20);
+ memcpy(sigdata+24, pktout.data+5, pktout.length-5);
+ blob = key->alg->sign(key->data, sigdata, sigdata_len, &blob_len);
+ ssh2_pkt_addstring_start();
+ ssh2_pkt_addstring_data(blob, blob_len);
+ sfree(blob);
+ sfree(sigdata);
+
+ ssh2_pkt_send();
+ type = AUTH_TYPE_PUBLICKEY;
+ }
+ } else if (method == AUTH_PASSWORD) {
+ /*
+ * We send the password packet lumped tightly together with
+ * an SSH_MSG_IGNORE packet. The IGNORE packet contains a
+ * string long enough to make the total length of the two
+ * packets constant. This should ensure that a passive
+ * listener doing traffic analyis can't work out the length
+ * of the password.
+ *
+ * For this to work, we need an assumption about the
+ * maximum length of the password packet. I think 256 is
+ * pretty conservative. Anyone using a password longer than
+ * that probably doesn't have much to worry about from
+ * people who find out how long their password is!
+ */
+ ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
+ ssh2_pkt_addstring(username);
+ ssh2_pkt_addstring("ssh-connection"); /* service requested */
+ ssh2_pkt_addstring("password");
+ ssh2_pkt_addbool(FALSE);
+ ssh2_pkt_addstring(password);
+ ssh2_pkt_defer();
+ /*
+ * We'll include a string that's an exact multiple of the
+ * cipher block size. If the cipher is NULL for some
+ * reason, we don't do this trick at all because we gain
+ * nothing by it.
+ */
+ if (cscipher) {
+ int i, j;
+ ssh2_pkt_init(SSH2_MSG_IGNORE);
+ ssh2_pkt_addstring_start();
+ for (i = deferred_len; i <= 256; i += cscipher->blksize) {
+ for (j = 0; j < cscipher->blksize; j++) {
+ char c = (char)random_byte();
+ ssh2_pkt_addstring_data(&c, 1);
+ }
+ }
+ ssh2_pkt_defer();
+ }
+ ssh2_pkt_defersend();
+ logevent("Sent password\r\n");
+ type = AUTH_TYPE_PASSWORD;
+ } else {
+ c_write_str("No supported authentication methods left to try!\r\n");
+ logevent("No supported authentications offered. Disconnecting");
+ ssh2_pkt_init(SSH2_MSG_DISCONNECT);
+ ssh2_pkt_adduint32(SSH2_DISCONNECT_BY_APPLICATION);
+ ssh2_pkt_addstring("No supported authentication methods available");
+ ssh2_pkt_addstring("en"); /* language tag */
+ ssh2_pkt_send();
+ ssh_state = SSH_STATE_CLOSED;
+ crReturnV;
+ }
+ }
+ } while (!we_are_in);
/*
* Now we're authenticated for the connection protocol. The
bombout(("Server got confused by pty request"));
crReturnV;
}
- c_write("Server refused to allocate pty\r\n", 32);
+ c_write_str("Server refused to allocate pty\r\n");
ssh_editing = ssh_echoing = 1;
} else {
logevent("Allocated pty");
projects / u / mdw / putty / blobdiff