userauth2-server.c 13 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401
  1. /*
  2. * Packet protocol layer for the server side of the SSH-2 userauth
  3. * protocol (RFC 4252).
  4. */
  5. #include <assert.h>
  6. #include "putty.h"
  7. #include "ssh.h"
  8. #include "bpp.h"
  9. #include "ppl.h"
  10. #include "sshcr.h"
  11. #include "server.h"
  12. #ifndef NO_GSSAPI
  13. #include "gssc.h"
  14. #include "gss.h"
  15. #endif
  16. struct ssh2_userauth_server_state {
  17. int crState;
  18. PacketProtocolLayer *transport_layer, *successor_layer;
  19. ptrlen session_id;
  20. AuthPolicy *authpolicy;
  21. const SshServerConfig *ssc;
  22. ptrlen username, service, method;
  23. unsigned methods, this_method;
  24. bool partial_success;
  25. AuthKbdInt *aki;
  26. PacketProtocolLayer ppl;
  27. };
  28. static void ssh2_userauth_server_free(PacketProtocolLayer *);
  29. static void ssh2_userauth_server_process_queue(PacketProtocolLayer *);
  30. static const PacketProtocolLayerVtable ssh2_userauth_server_vtable = {
  31. .free = ssh2_userauth_server_free,
  32. .process_queue = ssh2_userauth_server_process_queue,
  33. .queued_data_size = ssh_ppl_default_queued_data_size,
  34. .final_output = ssh_ppl_default_final_output,
  35. .name = "ssh-userauth",
  36. /* other methods are NULL */
  37. };
  38. static void free_auth_kbdint(AuthKbdInt *aki)
  39. {
  40. int i;
  41. if (!aki)
  42. return;
  43. sfree(aki->title);
  44. sfree(aki->instruction);
  45. for (i = 0; i < aki->nprompts; i++)
  46. sfree(aki->prompts[i].prompt);
  47. sfree(aki->prompts);
  48. sfree(aki);
  49. }
  50. PacketProtocolLayer *ssh2_userauth_server_new(
  51. PacketProtocolLayer *successor_layer, AuthPolicy *authpolicy,
  52. const SshServerConfig *ssc)
  53. {
  54. struct ssh2_userauth_server_state *s =
  55. snew(struct ssh2_userauth_server_state);
  56. memset(s, 0, sizeof(*s));
  57. s->ppl.vt = &ssh2_userauth_server_vtable;
  58. s->successor_layer = successor_layer;
  59. s->authpolicy = authpolicy;
  60. s->ssc = ssc;
  61. return &s->ppl;
  62. }
  63. void ssh2_userauth_server_set_transport_layer(PacketProtocolLayer *userauth,
  64. PacketProtocolLayer *transport)
  65. {
  66. struct ssh2_userauth_server_state *s =
  67. container_of(userauth, struct ssh2_userauth_server_state, ppl);
  68. s->transport_layer = transport;
  69. }
  70. static void ssh2_userauth_server_free(PacketProtocolLayer *ppl)
  71. {
  72. struct ssh2_userauth_server_state *s =
  73. container_of(ppl, struct ssh2_userauth_server_state, ppl);
  74. if (s->successor_layer)
  75. ssh_ppl_free(s->successor_layer);
  76. free_auth_kbdint(s->aki);
  77. sfree(s);
  78. }
  79. static PktIn *ssh2_userauth_server_pop(struct ssh2_userauth_server_state *s)
  80. {
  81. return pq_pop(s->ppl.in_pq);
  82. }
  83. static void ssh2_userauth_server_add_session_id(
  84. struct ssh2_userauth_server_state *s, strbuf *sigdata)
  85. {
  86. if (s->ppl.remote_bugs & BUG_SSH2_PK_SESSIONID) {
  87. put_datapl(sigdata, s->session_id);
  88. } else {
  89. put_stringpl(sigdata, s->session_id);
  90. }
  91. }
  92. static void ssh2_userauth_server_close_after_banner(void *vctx)
  93. {
  94. struct ssh2_userauth_server_state *s =
  95. (struct ssh2_userauth_server_state *)vctx;
  96. if (pq_peek(s->ppl.out_pq)) {
  97. /* Don't close the connection until we've passed on our final banner
  98. * packet to the lower layer */
  99. queue_toplevel_callback(ssh2_userauth_server_close_after_banner, s);
  100. } else {
  101. ssh_user_close(s->ppl.ssh, "Closing connection on request due to "
  102. "--close-after-banner");
  103. }
  104. }
  105. static void ssh2_userauth_server_process_queue(PacketProtocolLayer *ppl)
  106. {
  107. struct ssh2_userauth_server_state *s =
  108. container_of(ppl, struct ssh2_userauth_server_state, ppl);
  109. PktIn *pktin;
  110. PktOut *pktout;
  111. crBegin(s->crState);
  112. s->session_id = ssh2_transport_get_session_id(s->transport_layer);
  113. if (s->ssc->banner.ptr) {
  114. pktout = ssh_bpp_new_pktout(s->ppl.bpp, SSH2_MSG_USERAUTH_BANNER);
  115. put_stringpl(pktout, s->ssc->banner);
  116. put_stringz(pktout, ""); /* language tag */
  117. pq_push(s->ppl.out_pq, pktout);
  118. }
  119. if (s->ssc->stunt_close_after_banner) {
  120. queue_toplevel_callback(ssh2_userauth_server_close_after_banner, s);
  121. crReturnV;
  122. }
  123. while (1) {
  124. crMaybeWaitUntilV((pktin = ssh2_userauth_server_pop(s)) != NULL);
  125. if (pktin->type != SSH2_MSG_USERAUTH_REQUEST) {
  126. ssh_proto_error(s->ppl.ssh, "Received unexpected packet when "
  127. "expecting USERAUTH_REQUEST, type %d (%s)",
  128. pktin->type,
  129. ssh2_pkt_type(s->ppl.bpp->pls->kctx,
  130. s->ppl.bpp->pls->actx, pktin->type));
  131. return;
  132. }
  133. s->username = get_string(pktin);
  134. s->service = get_string(pktin);
  135. s->method = get_string(pktin);
  136. if (!ptrlen_eq_string(s->service, s->successor_layer->vt->name)) {
  137. /*
  138. * Unconditionally reject authentication for any service
  139. * other than the one we're going to hand over to.
  140. */
  141. pktout = ssh_bpp_new_pktout(s->ppl.bpp, SSH2_MSG_USERAUTH_FAILURE);
  142. put_stringz(pktout, "");
  143. put_bool(pktout, false);
  144. pq_push(s->ppl.out_pq, pktout);
  145. continue;
  146. }
  147. s->methods = auth_methods(s->authpolicy);
  148. s->partial_success = false;
  149. if (ptrlen_eq_string(s->method, "none")) {
  150. s->this_method = AUTHMETHOD_NONE;
  151. if (!(s->methods & s->this_method))
  152. goto failure;
  153. if (!auth_none(s->authpolicy, s->username))
  154. goto failure;
  155. } else if (ptrlen_eq_string(s->method, "password")) {
  156. bool changing;
  157. ptrlen password, new_password, *new_password_ptr;
  158. s->this_method = AUTHMETHOD_PASSWORD;
  159. if (!(s->methods & s->this_method))
  160. goto failure;
  161. changing = get_bool(pktin);
  162. password = get_string(pktin);
  163. if (changing) {
  164. new_password = get_string(pktin);
  165. new_password_ptr = &new_password;
  166. } else {
  167. new_password_ptr = NULL;
  168. }
  169. int result = auth_password(s->authpolicy, s->username,
  170. password, new_password_ptr);
  171. if (result == 2) {
  172. pktout = ssh_bpp_new_pktout(
  173. s->ppl.bpp, SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ);
  174. put_stringz(pktout, "Please change your password");
  175. put_stringz(pktout, ""); /* language tag */
  176. pq_push(s->ppl.out_pq, pktout);
  177. continue; /* skip USERAUTH_{SUCCESS,FAILURE} epilogue */
  178. } else if (result != 1) {
  179. goto failure;
  180. }
  181. } else if (ptrlen_eq_string(s->method, "publickey")) {
  182. bool has_signature, success, send_pk_ok, key_really_ok;
  183. ptrlen algorithm, blob, signature;
  184. const ssh_keyalg *keyalg;
  185. ssh_key *key;
  186. strbuf *sigdata;
  187. s->this_method = AUTHMETHOD_PUBLICKEY;
  188. if (!(s->methods & s->this_method))
  189. goto failure;
  190. has_signature = get_bool(pktin) ||
  191. s->ssc->stunt_return_success_to_pubkey_offer;
  192. algorithm = get_string(pktin);
  193. blob = get_string(pktin);
  194. key_really_ok = auth_publickey(s->authpolicy, s->username, blob);
  195. send_pk_ok = key_really_ok ||
  196. s->ssc->stunt_pretend_to_accept_any_pubkey;
  197. if (!has_signature) {
  198. if (!send_pk_ok)
  199. goto failure;
  200. pktout = ssh_bpp_new_pktout(
  201. s->ppl.bpp, SSH2_MSG_USERAUTH_PK_OK);
  202. put_stringpl(pktout, algorithm);
  203. put_stringpl(pktout, blob);
  204. pq_push(s->ppl.out_pq, pktout);
  205. continue; /* skip USERAUTH_{SUCCESS,FAILURE} epilogue */
  206. }
  207. if (!key_really_ok)
  208. goto failure;
  209. keyalg = find_pubkey_alg_len(algorithm);
  210. if (!keyalg)
  211. goto failure;
  212. key = ssh_key_new_pub(keyalg, blob);
  213. if (!key)
  214. goto failure;
  215. sigdata = strbuf_new();
  216. ssh2_userauth_server_add_session_id(s, sigdata);
  217. put_byte(sigdata, SSH2_MSG_USERAUTH_REQUEST);
  218. put_stringpl(sigdata, s->username);
  219. put_stringpl(sigdata, s->service);
  220. put_stringpl(sigdata, s->method);
  221. put_bool(sigdata, has_signature);
  222. put_stringpl(sigdata, algorithm);
  223. put_stringpl(sigdata, blob);
  224. signature = get_string(pktin);
  225. success = ssh_key_verify(key, signature,
  226. ptrlen_from_strbuf(sigdata)) ||
  227. s->ssc->stunt_return_success_to_pubkey_offer;
  228. ssh_key_free(key);
  229. strbuf_free(sigdata);
  230. if (!success)
  231. goto failure;
  232. } else if (ptrlen_eq_string(s->method, "keyboard-interactive")) {
  233. int i, ok;
  234. unsigned n;
  235. s->this_method = AUTHMETHOD_KBDINT;
  236. if (!(s->methods & s->this_method))
  237. goto failure;
  238. do {
  239. s->aki = auth_kbdint_prompts(s->authpolicy, s->username);
  240. if (!s->aki)
  241. goto failure;
  242. pktout = ssh_bpp_new_pktout(
  243. s->ppl.bpp, SSH2_MSG_USERAUTH_INFO_REQUEST);
  244. put_stringz(pktout, s->aki->title);
  245. put_stringz(pktout, s->aki->instruction);
  246. put_stringz(pktout, ""); /* language tag */
  247. put_uint32(pktout, s->aki->nprompts);
  248. for (i = 0; i < s->aki->nprompts; i++) {
  249. put_stringz(pktout, s->aki->prompts[i].prompt);
  250. put_bool(pktout, s->aki->prompts[i].echo);
  251. }
  252. pq_push(s->ppl.out_pq, pktout);
  253. crMaybeWaitUntilV(
  254. (pktin = ssh2_userauth_server_pop(s)) != NULL);
  255. if (pktin->type != SSH2_MSG_USERAUTH_INFO_RESPONSE) {
  256. ssh_proto_error(
  257. s->ppl.ssh, "Received unexpected packet when "
  258. "expecting USERAUTH_INFO_RESPONSE, type %d (%s)",
  259. pktin->type,
  260. ssh2_pkt_type(s->ppl.bpp->pls->kctx,
  261. s->ppl.bpp->pls->actx, pktin->type));
  262. return;
  263. }
  264. n = get_uint32(pktin);
  265. if (n != s->aki->nprompts) {
  266. ssh_proto_error(
  267. s->ppl.ssh, "Received %u keyboard-interactive "
  268. "responses after sending %u prompts",
  269. n, s->aki->nprompts);
  270. return;
  271. }
  272. {
  273. ptrlen *responses = snewn(s->aki->nprompts, ptrlen);
  274. for (i = 0; i < s->aki->nprompts; i++)
  275. responses[i] = get_string(pktin);
  276. ok = auth_kbdint_responses(s->authpolicy, responses);
  277. sfree(responses);
  278. }
  279. free_auth_kbdint(s->aki);
  280. s->aki = NULL;
  281. } while (ok == 0);
  282. if (ok <= 0)
  283. goto failure;
  284. } else {
  285. goto failure;
  286. }
  287. /*
  288. * If we get here, we've successfully completed this
  289. * authentication step.
  290. */
  291. if (auth_successful(s->authpolicy, s->username, s->this_method)) {
  292. /*
  293. * ... and it was the last one, so we're completely done.
  294. */
  295. pktout = ssh_bpp_new_pktout(s->ppl.bpp, SSH2_MSG_USERAUTH_SUCCESS);
  296. pq_push(s->ppl.out_pq, pktout);
  297. break;
  298. } else {
  299. /*
  300. * ... but another is required, so fall through to
  301. * generation of USERAUTH_FAILURE, having first refreshed
  302. * the bit mask of available methods.
  303. */
  304. s->methods = auth_methods(s->authpolicy);
  305. }
  306. s->partial_success = true;
  307. failure:
  308. pktout = ssh_bpp_new_pktout(s->ppl.bpp, SSH2_MSG_USERAUTH_FAILURE);
  309. {
  310. strbuf *list = strbuf_new();
  311. if (s->methods & AUTHMETHOD_NONE)
  312. add_to_commasep(list, "none");
  313. if (s->methods & AUTHMETHOD_PASSWORD)
  314. add_to_commasep(list, "password");
  315. if (s->methods & AUTHMETHOD_PUBLICKEY)
  316. add_to_commasep(list, "publickey");
  317. if (s->methods & AUTHMETHOD_KBDINT)
  318. add_to_commasep(list, "keyboard-interactive");
  319. put_stringsb(pktout, list);
  320. }
  321. put_bool(pktout, s->partial_success);
  322. pq_push(s->ppl.out_pq, pktout);
  323. }
  324. /*
  325. * Finally, hand over to our successor layer, and return
  326. * immediately without reaching the crFinishV: ssh_ppl_replace
  327. * will have freed us, so crFinishV's zeroing-out of crState would
  328. * be a use-after-free bug.
  329. */
  330. {
  331. PacketProtocolLayer *successor = s->successor_layer;
  332. s->successor_layer = NULL; /* avoid freeing it ourself */
  333. ssh_ppl_replace(&s->ppl, successor);
  334. return; /* we've just freed s, so avoid even touching s->crState */
  335. }
  336. crFinishV;
  337. }