+ can_pubkey =
+ in_commasep_string("publickey", methods, methlen);
+ can_passwd =
+ in_commasep_string("password", methods, methlen);
+ can_keyb_inter = cfg.try_ki_auth &&
+ in_commasep_string("keyboard-interactive", methods, methlen);
+ }
+
+ method = 0;
+ ssh_pkt_ctx &= ~SSH2_PKTCTX_AUTH_MASK;
+
+ /*
+ * Most password/passphrase prompts will be
+ * non-echoing, so we set this to 0 by default.
+ * Exception is that some keyboard-interactive prompts
+ * can be echoing, in which case we'll set this to 1.
+ */
+ echo = 0;
+
+ if (!method && can_pubkey && agent_exists() && !tried_agent) {
+ /*
+ * Attempt public-key authentication using Pageant.
+ */
+ static unsigned char request[5], *response, *p;
+ static int responselen;
+ static int i, nkeys;
+ static int authed = FALSE;
+ void *r;
+
+ ssh_pkt_ctx &= ~SSH2_PKTCTX_AUTH_MASK;
+ ssh_pkt_ctx |= SSH2_PKTCTX_PUBLICKEY;
+
+ tried_agent = TRUE;
+
+ logevent("Pageant is running. Requesting keys.");
+
+ /* Request the keys held by the agent. */
+ PUT_32BIT(request, 1);
+ request[4] = SSH2_AGENTC_REQUEST_IDENTITIES;
+ agent_query(request, 5, &r, &responselen);
+ response = (unsigned char *) r;
+ if (response && responselen >= 5 &&
+ response[4] == SSH2_AGENT_IDENTITIES_ANSWER) {
+ p = response + 5;
+ nkeys = GET_32BIT(p);
+ p += 4;
+ {
+ char buf[64];
+ sprintf(buf, "Pageant has %d SSH2 keys", nkeys);
+ logevent(buf);
+ }
+ for (i = 0; i < nkeys; i++) {
+ static char *pkblob, *alg, *commentp;
+ static int pklen, alglen, commentlen;
+ static int siglen, retlen, len;
+ static char *q, *agentreq, *ret;
+ void *vret;
+
+ {
+ char buf[64];
+ sprintf(buf, "Trying Pageant key #%d", i);
+ logevent(buf);
+ }
+ pklen = GET_32BIT(p);
+ p += 4;
+ if (publickey_blob &&
+ pklen == publickey_bloblen &&
+ !memcmp(p, publickey_blob, publickey_bloblen)) {
+ logevent("This key matches configured key file");
+ tried_pubkey_config = 1;
+ }
+ pkblob = p;
+ p += pklen;
+ alglen = GET_32BIT(pkblob);
+ alg = pkblob + 4;
+ commentlen = GET_32BIT(p);
+ p += 4;
+ commentp = p;
+ p += commentlen;
+ ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
+ ssh2_pkt_addstring(username);
+ ssh2_pkt_addstring("ssh-connection"); /* service requested */
+ ssh2_pkt_addstring("publickey"); /* method */
+ ssh2_pkt_addbool(FALSE); /* no signature included */
+ ssh2_pkt_addstring_start();
+ ssh2_pkt_addstring_data(alg, alglen);
+ ssh2_pkt_addstring_start();
+ ssh2_pkt_addstring_data(pkblob, pklen);
+ ssh2_pkt_send();
+
+ crWaitUntilV(ispkt);
+ if (pktin.type != SSH2_MSG_USERAUTH_PK_OK) {
+ logevent("Key refused");
+ continue;
+ }
+
+ if (flags & FLAG_VERBOSE) {
+ c_write_str
+ ("Authenticating with public key \"");
+ c_write(commentp, commentlen);
+ c_write_str("\" from agent\r\n");
+ }
+
+ /*
+ * Server is willing to accept the key.
+ * Construct a SIGN_REQUEST.
+ */
+ ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
+ ssh2_pkt_addstring(username);
+ ssh2_pkt_addstring("ssh-connection"); /* service requested */
+ ssh2_pkt_addstring("publickey"); /* method */
+ ssh2_pkt_addbool(TRUE);
+ ssh2_pkt_addstring_start();
+ ssh2_pkt_addstring_data(alg, alglen);
+ ssh2_pkt_addstring_start();
+ ssh2_pkt_addstring_data(pkblob, pklen);
+
+ siglen = pktout.length - 5 + 4 + 20;
+ len = 1; /* message type */
+ len += 4 + pklen; /* key blob */
+ len += 4 + siglen; /* data to sign */
+ len += 4; /* flags */
+ agentreq = smalloc(4 + len);
+ PUT_32BIT(agentreq, len);
+ q = agentreq + 4;
+ *q++ = SSH2_AGENTC_SIGN_REQUEST;
+ PUT_32BIT(q, pklen);
+ q += 4;
+ memcpy(q, pkblob, pklen);
+ q += pklen;
+ PUT_32BIT(q, siglen);
+ q += 4;
+ /* Now the data to be signed... */
+ PUT_32BIT(q, 20);
+ q += 4;
+ memcpy(q, ssh2_session_id, 20);
+ q += 20;
+ memcpy(q, pktout.data + 5, pktout.length - 5);
+ q += pktout.length - 5;
+ /* And finally the (zero) flags word. */
+ PUT_32BIT(q, 0);
+ agent_query(agentreq, len + 4, &vret, &retlen);
+ ret = vret;
+ sfree(agentreq);
+ if (ret) {
+ if (ret[4] == SSH2_AGENT_SIGN_RESPONSE) {
+ logevent("Sending Pageant's response");
+ ssh2_add_sigblob(pkblob, pklen,
+ ret + 9, GET_32BIT(ret + 5));
+ ssh2_pkt_send();
+ authed = TRUE;
+ break;
+ } else {
+ logevent
+ ("Pageant failed to answer challenge");
+ sfree(ret);
+ }
+ }
+ }
+ if (authed)
+ continue;
+ }
+ }
+
+ if (!method && can_pubkey && publickey_blob
+ && !tried_pubkey_config) {
+ unsigned char *pub_blob;
+ char *algorithm, *comment;
+ int pub_blob_len;
+
+ tried_pubkey_config = TRUE;
+
+ ssh_pkt_ctx &= ~SSH2_PKTCTX_AUTH_MASK;
+ ssh_pkt_ctx |= SSH2_PKTCTX_PUBLICKEY;
+
+ /*
+ * Try the public key supplied in the configuration.
+ *
+ * First, offer the public blob to see if the server is
+ * willing to accept it.
+ */
+ pub_blob = ssh2_userkey_loadpub(cfg.keyfile, &algorithm,
+ &pub_blob_len);
+ if (pub_blob) {
+ ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
+ ssh2_pkt_addstring(username);
+ ssh2_pkt_addstring("ssh-connection"); /* service requested */
+ ssh2_pkt_addstring("publickey"); /* method */
+ ssh2_pkt_addbool(FALSE); /* no signature included */
+ ssh2_pkt_addstring(algorithm);
+ ssh2_pkt_addstring_start();
+ ssh2_pkt_addstring_data(pub_blob, pub_blob_len);
+ ssh2_pkt_send();
+ logevent("Offered public key"); /* FIXME */
+
+ crWaitUntilV(ispkt);
+ if (pktin.type != SSH2_MSG_USERAUTH_PK_OK) {
+ gotit = TRUE;
+ type = AUTH_TYPE_PUBLICKEY_OFFER_LOUD;
+ continue; /* key refused; give up on it */
+ }
+
+ logevent("Offer of public key accepted");
+ /*
+ * Actually attempt a serious authentication using
+ * the key.
+ */
+ if (ssh2_userkey_encrypted(cfg.keyfile, &comment)) {
+ sprintf(pwprompt,
+ "Passphrase for key \"%.100s\": ",
+ comment);
+ need_pw = TRUE;
+ } else {
+ need_pw = FALSE;
+ }
+ c_write_str("Authenticating with public key \"");
+ c_write_str(comment);
+ c_write_str("\"\r\n");
+ method = AUTH_PUBLICKEY_FILE;
+ }
+ }
+
+ if (!method && can_keyb_inter && !tried_keyb_inter) {
+ method = AUTH_KEYBOARD_INTERACTIVE;
+ type = AUTH_TYPE_KEYBOARD_INTERACTIVE;
+ tried_keyb_inter = TRUE;
+
+ ssh_pkt_ctx &= ~SSH2_PKTCTX_AUTH_MASK;
+ ssh_pkt_ctx |= SSH2_PKTCTX_KBDINTER;
+
+ ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
+ ssh2_pkt_addstring(username);
+ ssh2_pkt_addstring("ssh-connection"); /* service requested */
+ ssh2_pkt_addstring("keyboard-interactive"); /* method */
+ ssh2_pkt_addstring(""); /* lang */
+ ssh2_pkt_addstring("");
+ ssh2_pkt_send();
+
+ crWaitUntilV(ispkt);
+ if (pktin.type != SSH2_MSG_USERAUTH_INFO_REQUEST) {
+ if (pktin.type == SSH2_MSG_USERAUTH_FAILURE)
+ gotit = TRUE;
+ logevent("Keyboard-interactive authentication refused");
+ type = AUTH_TYPE_KEYBOARD_INTERACTIVE_QUIET;
+ continue;
+ }
+
+ kbd_inter_running = TRUE;
+ curr_prompt = 0;
+ }
+
+ if (kbd_inter_running) {
+ method = AUTH_KEYBOARD_INTERACTIVE;
+ type = AUTH_TYPE_KEYBOARD_INTERACTIVE;
+ tried_keyb_inter = TRUE;
+
+ ssh_pkt_ctx &= ~SSH2_PKTCTX_AUTH_MASK;
+ ssh_pkt_ctx |= SSH2_PKTCTX_KBDINTER;
+
+ if (curr_prompt == 0) {
+ /*
+ * We've got a fresh USERAUTH_INFO_REQUEST.
+ * Display header data, and start going through
+ * the prompts.
+ */
+ char *name, *inst, *lang;
+ int name_len, inst_len, lang_len;
+
+ ssh2_pkt_getstring(&name, &name_len);
+ ssh2_pkt_getstring(&inst, &inst_len);
+ ssh2_pkt_getstring(&lang, &lang_len);
+ if (name_len > 0) {
+ c_write_untrusted(name, name_len);
+ c_write_str("\r\n");
+ }
+ if (inst_len > 0) {
+ c_write_untrusted(inst, inst_len);
+ c_write_str("\r\n");
+ }
+ num_prompts = ssh2_pkt_getuint32();
+ }
+
+ /*
+ * If there are prompts remaining in the packet,
+ * display one and get a response.
+ */
+ if (curr_prompt < num_prompts) {
+ char *prompt;
+ int prompt_len;
+
+ ssh2_pkt_getstring(&prompt, &prompt_len);
+ if (prompt_len > 0) {
+ strncpy(pwprompt, prompt, sizeof(pwprompt));
+ pwprompt[prompt_len < sizeof(pwprompt) ?
+ prompt_len : sizeof(pwprompt)-1] = '\0';
+ } else {
+ strcpy(pwprompt,
+ "<server failed to send prompt>: ");
+ }
+ echo = ssh2_pkt_getbool();
+ need_pw = TRUE;
+ } else
+ need_pw = FALSE;
+ }
+
+ if (!method && can_passwd) {
+ method = AUTH_PASSWORD;
+ ssh_pkt_ctx &= ~SSH2_PKTCTX_AUTH_MASK;
+ ssh_pkt_ctx |= SSH2_PKTCTX_PASSWORD;
+ sprintf(pwprompt, "%.90s@%.90s's password: ", username,
+ savedhost);
+ need_pw = TRUE;
+ }
+
+ if (need_pw) {
+ if (ssh_get_line) {
+ if (!ssh_get_line(pwprompt, password,
+ sizeof(password), TRUE)) {
+ /*
+ * get_line failed to get a password (for
+ * example because one was supplied on the
+ * command line which has already failed to
+ * work). Terminate.
+ */
+ ssh2_pkt_init(SSH2_MSG_DISCONNECT);
+ ssh2_pkt_adduint32(SSH2_DISCONNECT_BY_APPLICATION);
+ ssh2_pkt_addstring
+ ("No more passwords available to try");
+ ssh2_pkt_addstring("en"); /* language tag */
+ ssh2_pkt_send();
+ logevent("Unable to authenticate");
+ connection_fatal("Unable to authenticate");
+ ssh_state = SSH_STATE_CLOSED;
+ crReturnV;
+ }
+ } else {
+ static int ret;
+ c_write_untrusted(pwprompt, strlen(pwprompt));
+ ssh_send_ok = 1;
+
+ setup_userpass_input(password, sizeof(password), echo);
+ do {
+ crWaitUntilV(!ispkt);
+ ret = process_userpass_input(in, inlen);
+ } while (ret == 0);
+ if (ret < 0)
+ cleanup_exit(0);
+ c_write_str("\r\n");
+ }
+ }
+
+ if (method == AUTH_PUBLICKEY_FILE) {
+ /*
+ * We have our passphrase. Now try the actual authentication.
+ */
+ struct ssh2_userkey *key;
+
+ key = ssh2_load_userkey(cfg.keyfile, password);
+ if (key == SSH2_WRONG_PASSPHRASE || key == NULL) {
+ if (key == SSH2_WRONG_PASSPHRASE) {
+ c_write_str("Wrong passphrase\r\n");
+ tried_pubkey_config = FALSE;
+ } else {
+ c_write_str("Unable to load private key\r\n");
+ tried_pubkey_config = TRUE;
+ }
+ /* Send a spurious AUTH_NONE to return to the top. */
+ ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
+ ssh2_pkt_addstring(username);
+ ssh2_pkt_addstring("ssh-connection"); /* service requested */
+ ssh2_pkt_addstring("none"); /* method */
+ ssh2_pkt_send();
+ type = AUTH_TYPE_NONE;
+ } else {
+ unsigned char *pkblob, *sigblob, *sigdata;
+ int pkblob_len, sigblob_len, sigdata_len;
+
+ /*
+ * We have loaded the private key and the server
+ * has announced that it's willing to accept it.
+ * Hallelujah. Generate a signature and send it.
+ */
+ ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
+ ssh2_pkt_addstring(username);
+ ssh2_pkt_addstring("ssh-connection"); /* service requested */
+ ssh2_pkt_addstring("publickey"); /* method */
+ ssh2_pkt_addbool(TRUE);
+ ssh2_pkt_addstring(key->alg->name);
+ pkblob = key->alg->public_blob(key->data, &pkblob_len);
+ ssh2_pkt_addstring_start();
+ ssh2_pkt_addstring_data(pkblob, pkblob_len);
+
+ /*
+ * The data to be signed is:
+ *
+ * string session-id
+ *
+ * followed by everything so far placed in the
+ * outgoing packet.
+ */
+ sigdata_len = pktout.length - 5 + 4 + 20;
+ sigdata = smalloc(sigdata_len);
+ PUT_32BIT(sigdata, 20);
+ memcpy(sigdata + 4, ssh2_session_id, 20);
+ memcpy(sigdata + 24, pktout.data + 5,
+ pktout.length - 5);
+ sigblob = key->alg->sign(key->data, sigdata,
+ sigdata_len, &sigblob_len);
+ ssh2_add_sigblob(pkblob, pkblob_len,
+ sigblob, sigblob_len);
+ sfree(pkblob);
+ sfree(sigblob);
+ sfree(sigdata);
+
+ ssh2_pkt_send();
+ type = AUTH_TYPE_PUBLICKEY;
+ }
+ } else if (method == AUTH_PASSWORD) {
+ /*
+ * We send the password packet lumped tightly together with
+ * an SSH_MSG_IGNORE packet. The IGNORE packet contains a
+ * string long enough to make the total length of the two
+ * packets constant. This should ensure that a passive
+ * listener doing traffic analyis can't work out the length
+ * of the password.
+ *
+ * For this to work, we need an assumption about the
+ * maximum length of the password packet. I think 256 is
+ * pretty conservative. Anyone using a password longer than
+ * that probably doesn't have much to worry about from
+ * people who find out how long their password is!
+ */
+ ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
+ ssh2_pkt_addstring(username);
+ ssh2_pkt_addstring("ssh-connection"); /* service requested */
+ ssh2_pkt_addstring("password");
+ ssh2_pkt_addbool(FALSE);
+ ssh2_pkt_addstring(password);
+ ssh2_pkt_defer();
+ /*
+ * We'll include a string that's an exact multiple of the
+ * cipher block size. If the cipher is NULL for some
+ * reason, we don't do this trick at all because we gain
+ * nothing by it.
+ */
+ if (cscipher) {
+ int stringlen, i;
+
+ stringlen = (256 - deferred_len);
+ stringlen += cscipher->blksize - 1;
+ stringlen -= (stringlen % cscipher->blksize);
+ if (cscomp) {
+ /*
+ * Temporarily disable actual compression,
+ * so we can guarantee to get this string
+ * exactly the length we want it. The
+ * compression-disabling routine should
+ * return an integer indicating how many
+ * bytes we should adjust our string length
+ * by.
+ */
+ stringlen -= cscomp->disable_compression();
+ }
+ ssh2_pkt_init(SSH2_MSG_IGNORE);
+ ssh2_pkt_addstring_start();
+ for (i = 0; i < stringlen; i++) {
+ char c = (char) random_byte();
+ ssh2_pkt_addstring_data(&c, 1);
+ }
+ ssh2_pkt_defer();
+ }
+ ssh_pkt_defersend();
+ logevent("Sent password");
+ type = AUTH_TYPE_PASSWORD;
+ } else if (method == AUTH_KEYBOARD_INTERACTIVE) {
+ if (curr_prompt == 0) {
+ ssh2_pkt_init(SSH2_MSG_USERAUTH_INFO_RESPONSE);
+ ssh2_pkt_adduint32(num_prompts);
+ }
+ if (need_pw) { /* only add pw if we just got one! */
+ ssh2_pkt_addstring(password);
+ memset(password, 0, sizeof(password));
+ curr_prompt++;
+ }
+ if (curr_prompt >= num_prompts) {
+ ssh2_pkt_send();
+ } else {
+ /*
+ * If there are prompts remaining, we set
+ * `gotit' so that we won't attempt to get
+ * another packet. Then we go back round the
+ * loop and will end up retrieving another
+ * prompt out of the existing packet. Funky or
+ * what?
+ */
+ gotit = TRUE;
+ }
+ type = AUTH_TYPE_KEYBOARD_INTERACTIVE;
+ } else {
+ c_write_str
+ ("No supported authentication methods left to try!\r\n");
+ logevent
+ ("No supported authentications offered. Disconnecting");
+ ssh2_pkt_init(SSH2_MSG_DISCONNECT);
+ ssh2_pkt_adduint32(SSH2_DISCONNECT_BY_APPLICATION);
+ ssh2_pkt_addstring
+ ("No supported authentication methods available");
+ ssh2_pkt_addstring("en"); /* language tag */
+ ssh2_pkt_send();
+ ssh_state = SSH_STATE_CLOSED;
+ crReturnV;
+ }
+ }
+ } while (!we_are_in);