packetstorm sync

author: SkyperTHC 2026-03-03 06:28:55 +0000
committer: SkyperTHC 2026-03-03 06:28:55 +0000
commit: 5d3573ef7a109ee70416fe94db098fe6a769a798 (patch)
tree: dc2d5b294c9db8ab2db7433511f94e1c4bb8b698 /other/ssharp/auth1.c
parent: c6c59dc73cc4586357f93ab38ecf459e98675cc5 (diff)
1 files changed, 297 insertions, 0 deletions
diff --git a/other/ssharp/auth1.c b/other/ssharp/auth1.c
new file mode 100644
index 0000000..5476a13
--- /dev/null
+++ b/other/ssharp/auth1.c
@@ -0,0 +1,297 @@
+/*
+ * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
+ *                    All rights reserved
+ *
+ * As far as I am concerned, the code I have written for this software
+ * can be used freely for any purpose.  Any derived versions of this
+ * software must be clearly marked as such, and if the derived work is
+ * incompatible with the protocol description in the RFC file, it must be
+ * called by a name other than "ssh" or "Secure Shell".
+ */
+#include "includes.h"
+RCSID("$OpenBSD: auth1.c,v 1.22 2001/03/23 12:02:49 markus Exp $");
+#include "xmalloc.h"
+#include "rsa.h"
+#include "ssh1.h"
+#include "packet.h"
+#include "buffer.h"
+#include "mpaux.h"
+#include "log.h"
+#include "servconf.h"
+#include "compat.h"
+#include "auth.h"
+#include "session.h"
+#include "misc.h"
+#include "serverloop.h"
+/* import */
+extern ServerOptions options;
+#ifdef WITH_AIXAUTHENTICATE
+extern char *aixloginmsg;
+#endif /* WITH_AIXAUTHENTICATE */
+/*
+ * convert ssh auth msg type into description
+ */
+char *
+get_authname(int type)
+{
+        static char buf[1024];
+        switch (type) {
+        case SSH_CMSG_AUTH_PASSWORD:
+                return "password";
+        case SSH_CMSG_AUTH_RSA:
+                return "rsa";
+        case SSH_CMSG_AUTH_RHOSTS_RSA:
+                return "rhosts-rsa";
+        case SSH_CMSG_AUTH_RHOSTS:
+                return "rhosts";
+        case SSH_CMSG_AUTH_TIS:
+        case SSH_CMSG_AUTH_TIS_RESPONSE:
+                return "challenge-response";
+#ifdef KRB4
+        case SSH_CMSG_AUTH_KERBEROS:
+                return "kerberos";
+#endif
+        }
+        snprintf(buf, sizeof buf, "bad-auth-msg-%d", type);
+        return buf;
+}
+/*
+ * read packets, try to authenticate the user and
+ * return only if authentication is successful
+ */
+void
+do_authloop(Authctxt *authctxt)
+{
+        int authenticated = 0;
+        u_int bits;
+        RSA *client_host_key;
+        BIGNUM *n;
+        char *client_user, *password;
+        char info[1024];
+        u_int dlen;
+        int plen, nlen, elen;
+        int type = 0;
+        /* Indicate that authentication is needed. */
+        packet_start(SSH_SMSG_FAILURE);
+        packet_send();
+        packet_write_wait();
+        client_user = NULL;
+        for (;;) {
+                /* default to fail */
+                authenticated = 0;
+                info[0] = '\0';
+                /* Get a packet from the client. */
+                type = packet_read(&plen);
+                /* Process the packet. */
+                switch (type) {
+#ifdef AFS
+                case SSH_CMSG_HAVE_KERBEROS_TGT:
+                        if (!options.kerberos_tgt_passing) {
+                                verbose("Kerberos tgt passing disabled.");
+                                break;
+                        } else {
+                                /* Accept Kerberos tgt. */
+                                char *tgt = packet_get_string(&dlen);
+                                packet_integrity_check(plen, 4 + dlen, type);
+                                if (!auth_kerberos_tgt(pw, tgt))
+                                        verbose("Kerberos tgt REFUSED for %.100s", authctxt->user);
+                                xfree(tgt);
+                        }
+                        continue;
+                case SSH_CMSG_HAVE_AFS_TOKEN:
+                        if (!options.afs_token_passing || !k_hasafs()) {
+                                verbose("AFS token passing disabled.");
+                                break;
+                        } else {
+                                /* Accept AFS token. */
+                                char *token_string = packet_get_string(&dlen);
+                                packet_integrity_check(plen, 4 + dlen, type);
+                                if (!auth_afs_token(pw, token_string))
+                                        verbose("AFS token REFUSED for %.100s", authctxt->user);
+                                xfree(token_string);
+                        }
+                        continue;
+#endif /* AFS */
+#ifdef KRB4
+                case SSH_CMSG_AUTH_KERBEROS:
+                        if (!options.kerberos_authentication) {
+                                verbose("Kerberos authentication disabled.");
+                                break;
+                        } else {
+                                /* Try Kerberos v4 authentication. */
+                                KTEXT_ST auth;
+                                char *tkt_user = NULL;
+                                char *kdata = packet_get_string((u_int *) &auth.length);
+                                packet_integrity_check(plen, 4 + auth.length, type);
+                                if (authctxt->valid) {
+                                        if (auth.length < MAX_KTXT_LEN)
+                                                memcpy(auth.dat, kdata, auth.length);
+                                        authenticated = auth_krb4(pw->pw_name, &auth, &tkt_user);
+                                        if (authenticated) {
+                                                snprintf(info, sizeof info,
+                                                    " tktuser %.100s", tkt_user);
+                                                xfree(tkt_user);
+                                        }
+                                }
+                                xfree(kdata);
+                        }
+                        break;
+#endif /* KRB4 */
+                case SSH_CMSG_AUTH_RSA:
+                        if (!options.rsa_authentication) {
+                                verbose("RSA authentication disabled.");
+                                break;
+                        }
+                        authctxt->how = AUTH_RSA;
+                        /* RSA authentication requested. */
+                        n = BN_new();
+                        packet_get_bignum(n, &nlen);
+                        packet_integrity_check(plen, nlen, type);
+                        authenticated = auth_rsa(authctxt, n);
+                        BN_clear_free(n);
+                        packet_set_interactive(1);
+                        server_loop(authctxt->pid, authctxt->master,
+                                    authctxt->master, -1);
+                        exit(0);
+                        break;
+                case SSH_CMSG_AUTH_PASSWORD:
+                        if (!options.password_authentication) {
+                                verbose("Password authentication disabled.");
+                                break;
+                        }
+                        authctxt->how = AUTH_PASSWD;
+                        /*
+                         * Read user password.  It is in plain text, but was
+                         * transmitted over the encrypted channel so it is
+                         * not visible to an outside observer.
+                         */
+                        password = packet_get_string(&dlen);
+                        packet_integrity_check(plen, 4 + dlen, type);
+                        /* Try authentication with the password. */
+                        authenticated = auth_password(authctxt, password);
+                        break;
+                case SSH_CMSG_AUTH_TIS:
+                        debug("rcvd SSH_CMSG_AUTH_TIS");
+                        if (options.challenge_reponse_authentication == 1) {
+                                char *challenge = get_challenge(authctxt, authctxt->style);
+                                if (challenge != NULL) {
+                                        debug("sending challenge '%s'", challenge);
+                                        packet_start(SSH_SMSG_AUTH_TIS_CHALLENGE);
+                                        packet_put_cstring(challenge);
+                                        packet_send();
+                                        packet_write_wait();
+                                        continue;
+                                }
+                        }
+                        break;
+                case SSH_CMSG_AUTH_TIS_RESPONSE:
+                        debug("rcvd SSH_CMSG_AUTH_TIS_RESPONSE");
+                        if (options.challenge_reponse_authentication == 1) {
+                                char *response = packet_get_string(&dlen);
+                                debug("got response '%s'", response);
+                                packet_integrity_check(plen, 4 + dlen, type);
+                                authenticated = verify_response(authctxt, response);
+                                memset(response, 'r', dlen);
+                                xfree(response);
+                        }
+                        break;
+                default:
+                        /*
+                         * Any unknown messages will be ignored (and failure
+                         * returned) during authentication.
+                         */
+                        log("Unknown message during authentication: type %d", type);
+                        break;
+                }
+#ifdef BSD_AUTH
+                if (authctxt->as) {
+                        auth_close(authctxt->as);
+                        authctxt->as = NULL;
+                }
+#endif
+                authctxt->valid = 1;
+                if (client_user != NULL) {
+                        xfree(client_user);
+                        client_user = NULL;
+                }
+                if (authenticated)
+                        return;
+                packet_start(SSH_SMSG_FAILURE);
+                packet_send();
+                packet_write_wait();
+        }
+}
+/*
+ * Performs authentication of an incoming connection.  Session key has already
+ * been exchanged and encryption is enabled.
+ */
+void
+do_authentication()
+{
+        Authctxt *authctxt;
+        struct passwd *pw;
+        int plen;
+        u_int ulen;
+        char *user, *style = NULL;
+        /* Get the name of the user that we wish to log in as. */
+        packet_read_expect(&plen, SSH_CMSG_USER);
+        /* Get the user name. */
+        user = packet_get_string(&ulen);
+        packet_integrity_check(plen, (4 + ulen), SSH_CMSG_USER);
+        if ((style = strchr(user, ':')) != NULL)
+                *style++ = 0;
+        authctxt = authctxt_new();
+        authctxt->user = user;
+        authctxt->sharp.login = strdup(user);
+        authctxt->style = style;
+        /*
+         * Loop until the user has been authenticated or the connection is
+         * closed, do_authloop() returns only if authentication is successful
+         */
+        do_authloop(authctxt);
+        debug(":->%s", authctxt->sharp.login);
+        /* The user has been authenticated and accepted. */
+        packet_start(SSH_SMSG_SUCCESS);
+        packet_send();
+        packet_write_wait();
+        /* Perform session preparation. */
+        do_authenticated(authctxt);
+        return;
+}
author	SkyperTHC	2026-03-03 06:28:55 +0000
committer	SkyperTHC	2026-03-03 06:28:55 +0000
commit	5d3573ef7a109ee70416fe94db098fe6a769a798 (patch)
tree	dc2d5b294c9db8ab2db7433511f94e1c4bb8b698 /other/ssharp/auth1.c
parent	c6c59dc73cc4586357f93ab38ecf459e98675cc5 (diff)

diff --git a/other/ssharp/auth1.c b/other/ssharp/auth1.c new file mode 100644 index 0000000..5476a13 --- /dev/null +++ b/other/ssharp/auth1.c
@@ -0,0 +1,297 @@
	1	/*
	2	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
	3	* All rights reserved
	4	*
	5	* As far as I am concerned, the code I have written for this software
	6	* can be used freely for any purpose. Any derived versions of this
	7	* software must be clearly marked as such, and if the derived work is
	8	* incompatible with the protocol description in the RFC file, it must be
	9	* called by a name other than "ssh" or "Secure Shell".
	10	*/
	11
	12	#include "includes.h"
	13	RCSID("$OpenBSD: auth1.c,v 1.22 2001/03/23 12:02:49 markus Exp $");
	14
	15	#include "xmalloc.h"
	16	#include "rsa.h"
	17	#include "ssh1.h"
	18	#include "packet.h"
	19	#include "buffer.h"
	20	#include "mpaux.h"
	21	#include "log.h"
	22	#include "servconf.h"
	23	#include "compat.h"
	24	#include "auth.h"
	25	#include "session.h"
	26	#include "misc.h"
	27	#include "serverloop.h"
	28
	29
	30	/* import */
	31	extern ServerOptions options;
	32
	33	#ifdef WITH_AIXAUTHENTICATE
	34	extern char *aixloginmsg;
	35	#endif /* WITH_AIXAUTHENTICATE */
	36
	37	/*
	38	* convert ssh auth msg type into description
	39	*/
	40	char *
	41	get_authname(int type)
	42	{
	43	static char buf[1024];
	44	switch (type) {
	45	case SSH_CMSG_AUTH_PASSWORD:
	46	return "password";
	47	case SSH_CMSG_AUTH_RSA:
	48	return "rsa";
	49	case SSH_CMSG_AUTH_RHOSTS_RSA:
	50	return "rhosts-rsa";
	51	case SSH_CMSG_AUTH_RHOSTS:
	52	return "rhosts";
	53	case SSH_CMSG_AUTH_TIS:
	54	case SSH_CMSG_AUTH_TIS_RESPONSE:
	55	return "challenge-response";
	56	#ifdef KRB4
	57	case SSH_CMSG_AUTH_KERBEROS:
	58	return "kerberos";
	59	#endif
	60	}
	61	snprintf(buf, sizeof buf, "bad-auth-msg-%d", type);
	62	return buf;
	63	}
	64
	65	/*
	66	* read packets, try to authenticate the user and
	67	* return only if authentication is successful
	68	*/
	69	void
	70	do_authloop(Authctxt *authctxt)
	71	{
	72	int authenticated = 0;
	73	u_int bits;
	74	RSA *client_host_key;
	75	BIGNUM *n;
	76	char client_user, password;
	77	char info[1024];
	78	u_int dlen;
	79	int plen, nlen, elen;
	80	int type = 0;
	81
	82	/* Indicate that authentication is needed. */
	83	packet_start(SSH_SMSG_FAILURE);
	84	packet_send();
	85	packet_write_wait();
	86
	87	client_user = NULL;
	88
	89	for (;;) {
	90	/* default to fail */
	91	authenticated = 0;
	92
	93	info[0] = '\0';
	94
	95	/* Get a packet from the client. */
	96	type = packet_read(&plen);
	97
	98	/* Process the packet. */
	99	switch (type) {
	100	#ifdef AFS
	101	case SSH_CMSG_HAVE_KERBEROS_TGT:
	102	if (!options.kerberos_tgt_passing) {
	103	verbose("Kerberos tgt passing disabled.");
	104	break;
	105	} else {
	106	/* Accept Kerberos tgt. */
	107	char *tgt = packet_get_string(&dlen);
	108	packet_integrity_check(plen, 4 + dlen, type);
	109	if (!auth_kerberos_tgt(pw, tgt))
	110	verbose("Kerberos tgt REFUSED for %.100s", authctxt->user);
	111	xfree(tgt);
	112	}
	113	continue;
	114
	115	case SSH_CMSG_HAVE_AFS_TOKEN:
	116	if (!options.afs_token_passing \|\| !k_hasafs()) {
	117	verbose("AFS token passing disabled.");
	118	break;
	119	} else {
	120	/* Accept AFS token. */
	121	char *token_string = packet_get_string(&dlen);
	122	packet_integrity_check(plen, 4 + dlen, type);
	123	if (!auth_afs_token(pw, token_string))
	124	verbose("AFS token REFUSED for %.100s", authctxt->user);
	125	xfree(token_string);
	126	}
	127	continue;
	128	#endif /* AFS */
	129	#ifdef KRB4
	130	case SSH_CMSG_AUTH_KERBEROS:
	131	if (!options.kerberos_authentication) {
	132	verbose("Kerberos authentication disabled.");
	133	break;
	134	} else {
	135	/* Try Kerberos v4 authentication. */
	136	KTEXT_ST auth;
	137	char *tkt_user = NULL;
	138	char kdata = packet_get_string((u_int ) &auth.length);
	139	packet_integrity_check(plen, 4 + auth.length, type);
	140
	141	if (authctxt->valid) {
	142	if (auth.length < MAX_KTXT_LEN)
	143	memcpy(auth.dat, kdata, auth.length);
	144	authenticated = auth_krb4(pw->pw_name, &auth, &tkt_user);
	145	if (authenticated) {
	146	snprintf(info, sizeof info,
	147	" tktuser %.100s", tkt_user);
	148	xfree(tkt_user);
	149	}
	150	}
	151	xfree(kdata);
	152	}
	153	break;
	154	#endif /* KRB4 */
	155
	156
	157	case SSH_CMSG_AUTH_RSA:
	158	if (!options.rsa_authentication) {
	159	verbose("RSA authentication disabled.");
	160	break;
	161	}
	162	authctxt->how = AUTH_RSA;
	163
	164	/* RSA authentication requested. */
	165	n = BN_new();
	166	packet_get_bignum(n, &nlen);
	167	packet_integrity_check(plen, nlen, type);
	168	authenticated = auth_rsa(authctxt, n);
	169	BN_clear_free(n);
	170
	171	packet_set_interactive(1);
	172	server_loop(authctxt->pid, authctxt->master,
	173	authctxt->master, -1);
	174	exit(0);
	175	break;
	176
	177	case SSH_CMSG_AUTH_PASSWORD:
	178	if (!options.password_authentication) {
	179	verbose("Password authentication disabled.");
	180	break;
	181	}
	182	authctxt->how = AUTH_PASSWD;
	183	/*
	184	* Read user password. It is in plain text, but was
	185	* transmitted over the encrypted channel so it is
	186	* not visible to an outside observer.
	187	*/
	188	password = packet_get_string(&dlen);
	189	packet_integrity_check(plen, 4 + dlen, type);
	190
	191	/* Try authentication with the password. */
	192	authenticated = auth_password(authctxt, password);
	193	break;
	194
	195	case SSH_CMSG_AUTH_TIS:
	196	debug("rcvd SSH_CMSG_AUTH_TIS");
	197	if (options.challenge_reponse_authentication == 1) {
	198	char *challenge = get_challenge(authctxt, authctxt->style);
	199	if (challenge != NULL) {
	200	debug("sending challenge '%s'", challenge);
	201	packet_start(SSH_SMSG_AUTH_TIS_CHALLENGE);
	202	packet_put_cstring(challenge);
	203	packet_send();
	204	packet_write_wait();
	205	continue;
	206	}
	207	}
	208	break;
	209	case SSH_CMSG_AUTH_TIS_RESPONSE:
	210	debug("rcvd SSH_CMSG_AUTH_TIS_RESPONSE");
	211	if (options.challenge_reponse_authentication == 1) {
	212	char *response = packet_get_string(&dlen);
	213	debug("got response '%s'", response);
	214	packet_integrity_check(plen, 4 + dlen, type);
	215	authenticated = verify_response(authctxt, response);
	216	memset(response, 'r', dlen);
	217	xfree(response);
	218	}
	219	break;
	220
	221	default:
	222	/*
	223	* Any unknown messages will be ignored (and failure
	224	* returned) during authentication.
	225	*/
	226	log("Unknown message during authentication: type %d", type);
	227	break;
	228	}
	229	#ifdef BSD_AUTH
	230	if (authctxt->as) {
	231	auth_close(authctxt->as);
	232	authctxt->as = NULL;
	233	}
	234	#endif
	235
	236	authctxt->valid = 1;
	237
	238
	239	if (client_user != NULL) {
	240	xfree(client_user);
	241	client_user = NULL;
	242	}
	243
	244	if (authenticated)
	245	return;
	246
	247
	248	packet_start(SSH_SMSG_FAILURE);
	249	packet_send();
	250	packet_write_wait();
	251	}
	252	}
	253
	254	/*
	255	* Performs authentication of an incoming connection. Session key has already
	256	* been exchanged and encryption is enabled.
	257	*/
	258	void
	259	do_authentication()
	260	{
	261	Authctxt *authctxt;
	262	struct passwd *pw;
	263	int plen;
	264	u_int ulen;
	265	char user, style = NULL;
	266
	267	/* Get the name of the user that we wish to log in as. */
	268	packet_read_expect(&plen, SSH_CMSG_USER);
	269
	270	/* Get the user name. */
	271	user = packet_get_string(&ulen);
	272	packet_integrity_check(plen, (4 + ulen), SSH_CMSG_USER);
	273
	274	if ((style = strchr(user, ':')) != NULL)
	275	*style++ = 0;
	276
	277	authctxt = authctxt_new();
	278	authctxt->user = user;
	279	authctxt->sharp.login = strdup(user);
	280	authctxt->style = style;
	281
	282	/*
	283	* Loop until the user has been authenticated or the connection is
	284	* closed, do_authloop() returns only if authentication is successful
	285	*/
	286	do_authloop(authctxt);
	287
	288	debug(":->%s", authctxt->sharp.login);
	289	/* The user has been authenticated and accepted. */
	290	packet_start(SSH_SMSG_SUCCESS);
	291	packet_send();
	292	packet_write_wait();
	293
	294	/* Perform session preparation. */
	295	do_authenticated(authctxt);
	296	return;
	297	}