1 files changed, 542 insertions, 0 deletions
diff --git a/other/openssh-2.1.1p4/auth2.c b/other/openssh-2.1.1p4/auth2.c
new file mode 100644
index 0000000..4926ff8
--- /dev/null
+++ b/other/openssh-2.1.1p4/auth2.c
@@ -0,0 +1,542 @@
+/*
+ * Copyright (c) 2000 Markus Friedl.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by Markus Friedl.
+ * 4. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#include "includes.h"
+RCSID("$OpenBSD: auth2.c,v 1.12 2000/07/07 03:55:03 todd Exp $");
+#include <openssl/dsa.h>
+#include <openssl/rsa.h>
+#include <openssl/evp.h>
+#include "xmalloc.h"
+#include "rsa.h"
+#include "ssh.h"
+#include "pty.h"
+#include "packet.h"
+#include "buffer.h"
+#include "cipher.h"
+#include "servconf.h"
+#include "compat.h"
+#include "channels.h"
+#include "bufaux.h"
+#include "ssh2.h"
+#include "auth.h"
+#include "session.h"
+#include "dispatch.h"
+#include "auth.h"
+#include "key.h"
+#include "kex.h"
+#include "dsa.h"
+#include "uidswap.h"
+#include "auth-options.h"
+#ifdef HAVE_OSF_SIA
+# include <sia.h>
+# include <siad.h>
+#endif
+/* import */
+extern ServerOptions options;
+extern unsigned char *session_id2;
+extern int session_id2_len;
+/* protocol */
+void    input_service_request(int type, int plen);
+void    input_userauth_request(int type, int plen);
+void    protocol_error(int type, int plen);
+/* auth */
+int     ssh2_auth_none(struct passwd *pw);
+int     ssh2_auth_password(struct passwd *pw);
+int     ssh2_auth_pubkey(struct passwd *pw, char *service);
+/* helper */
+struct passwd*   auth_set_user(char *u, char *s);
+int     user_dsa_key_allowed(struct passwd *pw, Key *key);
+typedef struct Authctxt Authctxt;
+struct Authctxt {
+        char *user;
+        char *service;
+        struct passwd pw;
+        int valid;
+};
+static Authctxt *authctxt = NULL;
+static int userauth_success = 0;
+/*
+ * loop until userauth_success == TRUE
+ */
+void
+do_authentication2()
+{
+        /* turn off skey/kerberos, not supported by SSH2 */
+#ifdef SKEY
+        options.skey_authentication = 0;
+#endif
+#ifdef KRB4
+        options.kerberos_authentication = 0;
+#endif
+        dispatch_init(&protocol_error);
+        dispatch_set(SSH2_MSG_SERVICE_REQUEST, &input_service_request);
+        dispatch_run(DISPATCH_BLOCK, &userauth_success);
+        do_authenticated2();
+}
+void
+protocol_error(int type, int plen)
+{
+        log("auth: protocol error: type %d plen %d", type, plen);
+        packet_start(SSH2_MSG_UNIMPLEMENTED);
+        packet_put_int(0);
+        packet_send();
+        packet_write_wait();
+}
+void
+input_service_request(int type, int plen)
+{
+        unsigned int len;
+        int accept = 0;
+        char *service = packet_get_string(&len);
+        packet_done();
+        if (strcmp(service, "ssh-userauth") == 0) {
+                if (!userauth_success) {
+                        accept = 1;
+                        /* now we can handle user-auth requests */
+                        dispatch_set(SSH2_MSG_USERAUTH_REQUEST, &input_userauth_request);
+                }
+        }
+        /* XXX all other service requests are denied */
+        if (accept) {
+                packet_start(SSH2_MSG_SERVICE_ACCEPT);
+                packet_put_cstring(service);
+                packet_send();
+                packet_write_wait();
+        } else {
+                debug("bad service request %s", service);
+                packet_disconnect("bad service request %s", service);
+        }
+        xfree(service);
+}
+void
+input_userauth_request(int type, int plen)
+{
+        static void (*authlog) (const char *fmt,...) = verbose;
+        static int attempt = 0;
+        unsigned int len;
+        int authenticated = 0;
+        char *user, *service, *method, *authmsg = NULL;
+        struct passwd *pw;
+#ifdef WITH_AIXAUTHENTICATE
+        extern char *aixloginmsg;
+#endif /* WITH_AIXAUTHENTICATE */
+        user = packet_get_string(&len);
+        service = packet_get_string(&len);
+        method = packet_get_string(&len);
+        if (++attempt == AUTH_FAIL_MAX) {
+#ifdef WITH_AIXAUTHENTICATE 
+                loginfailed(user,get_canonical_hostname(),"ssh");
+#endif /* WITH_AIXAUTHENTICATE */
+                packet_disconnect("too many failed userauth_requests");
+        }
+        debug("userauth-request for user %s service %s method %s", user, service, method);
+        /* XXX we only allow the ssh-connection service */
+        pw = auth_set_user(user, service);
+        if (pw && strcmp(service, "ssh-connection")==0) {
+                if (strcmp(method, "none") == 0) {
+                        authenticated = ssh2_auth_none(pw);
+                } else if (strcmp(method, "password") == 0) {
+                        authenticated = ssh2_auth_password(pw);
+                } else if (strcmp(method, "publickey") == 0) {
+                        authenticated = ssh2_auth_pubkey(pw, service);
+                }
+        }
+        if (authenticated && pw && pw->pw_uid == 0 && !options.permit_root_login) {
+                authenticated = 0;
+                log("ROOT LOGIN REFUSED FROM %.200s",
+                    get_canonical_hostname());
+        }
+#ifdef USE_PAM
+                if (authenticated && !do_pam_account(pw->pw_name, NULL))
+                        authenticated = 0;
+#endif /* USE_PAM */
+        /* Raise logging level */
+        if (authenticated == 1 ||
+            attempt == AUTH_FAIL_LOG ||
+            strcmp(method, "password") == 0)
+                authlog = log;
+        /* Log before sending the reply */
+        if (authenticated == 1) {
+                authmsg = "Accepted";
+        } else if (authenticated == 0) {
+                authmsg = "Failed";
+        } else {
+                authmsg = "Postponed";
+        }
+        authlog("%s %s for %.200s from %.200s port %d ssh2",
+                authmsg,
+                method,
+                pw && pw->pw_uid == 0 ? "ROOT" : user,
+                get_remote_ipaddr(),
+                get_remote_port());
+        /* XXX todo: check if multiple auth methods are needed */
+        if (authenticated == 1) {
+#ifdef WITH_AIXAUTHENTICATE
+                /* We don't have a pty yet, so just label the line as "ssh" */
+                if (loginsuccess(user,get_canonical_hostname(),"ssh",
+                                &aixloginmsg) < 0)
+                        aixloginmsg = NULL;
+#endif /* WITH_AIXAUTHENTICATE */
+                /* turn off userauth */
+                dispatch_set(SSH2_MSG_USERAUTH_REQUEST, &protocol_error);
+                packet_start(SSH2_MSG_USERAUTH_SUCCESS);
+                packet_send();
+                packet_write_wait();
+                /* now we can break out */
+                userauth_success = 1;
+        } else if (authenticated == 0) {
+                packet_start(SSH2_MSG_USERAUTH_FAILURE);
+                packet_put_cstring("publickey,password");       /* XXX dynamic */
+                packet_put_char(0);                             /* XXX partial success, unused */
+                packet_send();
+                packet_write_wait();
+        }
+        xfree(service);
+        xfree(user);
+        xfree(method);
+}
+int
+ssh2_auth_none(struct passwd *pw)
+{
+#ifdef HAVE_OSF_SIA
+        extern int saved_argc;
+        extern char **saved_argv;
+#endif
+        packet_done();
+#ifdef USE_PAM
+        return auth_pam_password(pw, "");
+#elif defined(HAVE_OSF_SIA)
+        return(sia_validate_user(NULL, saved_argc, saved_argv, 
+                get_canonical_hostname(), pw->pw_name, NULL, 0, NULL, 
+                "") == SIASUCCESS);
+#else /* !HAVE_OSF_SIA && !USE_PAM */
+        return auth_password(pw, "");
+#endif /* USE_PAM */
+}
+int
+ssh2_auth_password(struct passwd *pw)
+{
+        char *password;
+        int authenticated = 0;
+        int change;
+        unsigned int len;
+#ifdef HAVE_OSF_SIA
+        extern int saved_argc;
+        extern char **saved_argv;
+#endif
+        change = packet_get_char();
+        if (change)
+                log("password change not supported");
+        password = packet_get_string(&len);
+        packet_done();
+        if (options.password_authentication &&
+#ifdef USE_PAM
+            auth_pam_password(pw, password) == 1)
+#elif defined(HAVE_OSF_SIA)
+            sia_validate_user(NULL, saved_argc, saved_argv, 
+                        get_canonical_hostname(), pw->pw_name, NULL, 0, 
+                        NULL, password) == SIASUCCESS)
+#else /* !USE_PAM && !HAVE_OSF_SIA */
+            auth_password(pw, password) == 1)
+#endif /* USE_PAM */
+                authenticated = 1;
+        memset(password, 0, len);
+        xfree(password);
+        return authenticated;
+}
+int
+ssh2_auth_pubkey(struct passwd *pw, char *service)
+{
+        Buffer b;
+        Key *key;
+        char *pkalg, *pkblob, *sig;
+        unsigned int alen, blen, slen;
+        int have_sig;
+        int authenticated = 0;
+        if (options.dsa_authentication == 0) {
+                debug("pubkey auth disabled");
+                return 0;
+        }
+        have_sig = packet_get_char();
+        pkalg = packet_get_string(&alen);
+        if (strcmp(pkalg, KEX_DSS) != 0) {
+                xfree(pkalg);
+                log("bad pkalg %s", pkalg);     /*XXX*/
+                return 0;
+        }
+        pkblob = packet_get_string(&blen);
+        key = dsa_key_from_blob(pkblob, blen);
+        if (key != NULL) {
+                if (have_sig) {
+                        sig = packet_get_string(&slen);
+                        packet_done();
+                        buffer_init(&b);
+                        if (datafellows & SSH_COMPAT_SESSIONID_ENCODING) {
+                                buffer_put_string(&b, session_id2, session_id2_len);
+                        } else {
+                                buffer_append(&b, session_id2, session_id2_len);
+                        }
+                        /* reconstruct packet */
+                        buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
+                        buffer_put_cstring(&b, pw->pw_name);
+                        buffer_put_cstring(&b,
+                            datafellows & SSH_BUG_PUBKEYAUTH ?
+                            "ssh-userauth" :
+                            service);
+                        buffer_put_cstring(&b, "publickey");
+                        buffer_put_char(&b, have_sig);
+                        buffer_put_cstring(&b, KEX_DSS);
+                        buffer_put_string(&b, pkblob, blen);
+#ifdef DEBUG_DSS
+                        buffer_dump(&b);
+#endif
+                        /* test for correct signature */
+                        if (user_dsa_key_allowed(pw, key) &&
+                            dsa_verify(key, sig, slen, buffer_ptr(&b), buffer_len(&b)) == 1)
+                                authenticated = 1;
+                        buffer_clear(&b);
+                        xfree(sig);
+                } else {
+                        packet_done();
+                        debug("test key...");
+                        /* test whether pkalg/pkblob are acceptable */
+                        /* XXX fake reply and always send PK_OK ? */
+                        /*
+                         * XXX this allows testing whether a user is allowed
+                         * to login: if you happen to have a valid pubkey this
+                         * message is sent. the message is NEVER sent at all
+                         * if a user is not allowed to login. is this an
+                         * issue? -markus
+                         */
+                        if (user_dsa_key_allowed(pw, key)) {
+                                packet_start(SSH2_MSG_USERAUTH_PK_OK);
+                                packet_put_string(pkalg, alen);
+                                packet_put_string(pkblob, blen);
+                                packet_send();
+                                packet_write_wait();
+                                authenticated = -1;
+                        }
+                }
+                key_free(key);
+        }
+        xfree(pkalg);
+        xfree(pkblob);
+        return authenticated;
+}
+/* set and get current user */
+struct passwd*
+auth_get_user(void)
+{
+        return (authctxt != NULL && authctxt->valid) ? &authctxt->pw : NULL;
+}
+struct passwd*
+auth_set_user(char *u, char *s)
+{
+        struct passwd *pw, *copy;
+        if (authctxt == NULL) {
+                authctxt = xmalloc(sizeof(*authctxt));
+                authctxt->valid = 0;
+                authctxt->user = xstrdup(u);
+                authctxt->service = xstrdup(s);
+                setproctitle("%s", u);
+                pw = getpwnam(u);
+                if (!pw || !allowed_user(pw)) {
+                        log("auth_set_user: illegal user %s", u);
+                        return NULL;
+                }
+#ifdef USE_PAM
+                start_pam(pw);
+#endif
+                copy = &authctxt->pw;
+                memset(copy, 0, sizeof(*copy));
+                copy->pw_name = xstrdup(pw->pw_name);
+                copy->pw_passwd = xstrdup(pw->pw_passwd);
+                copy->pw_uid = pw->pw_uid;
+                copy->pw_gid = pw->pw_gid;
+                copy->pw_dir = xstrdup(pw->pw_dir);
+                copy->pw_shell = xstrdup(pw->pw_shell);
+                authctxt->valid = 1;
+        } else {
+                if (strcmp(u, authctxt->user) != 0 ||
+                    strcmp(s, authctxt->service) != 0) {
+                        log("auth_set_user: missmatch: (%s,%s)!=(%s,%s)",
+                            u, s, authctxt->user, authctxt->service);
+                        return NULL;
+                }
+        }
+        return auth_get_user();
+}
+/* return 1 if user allows given key */
+int
+user_dsa_key_allowed(struct passwd *pw, Key *key)
+{
+        char line[8192], file[1024];
+        int found_key = 0;
+        unsigned int bits = -1;
+        FILE *f;
+        unsigned long linenum = 0;
+        struct stat st;
+        Key *found;
+        /* Temporarily use the user's uid. */
+        temporarily_use_uid(pw->pw_uid);
+        /* The authorized keys. */
+        snprintf(file, sizeof file, "%.500s/%.100s", pw->pw_dir,
+            SSH_USER_PERMITTED_KEYS2);
+        /* Fail quietly if file does not exist */
+        if (stat(file, &st) < 0) {
+                /* Restore the privileged uid. */
+                restore_uid();
+                return 0;
+        }
+        /* Open the file containing the authorized keys. */
+        f = fopen(file, "r");
+        if (!f) {
+                /* Restore the privileged uid. */
+                restore_uid();
+                return 0;
+        }
+        if (options.strict_modes) {
+                int fail = 0;
+                char buf[1024];
+                /* Check open file in order to avoid open/stat races */
+                if (fstat(fileno(f), &st) < 0 ||
+                    (st.st_uid != 0 && st.st_uid != pw->pw_uid) ||
+                    (st.st_mode & 022) != 0) {
+                        snprintf(buf, sizeof buf, "DSA authentication refused for %.100s: "
+                            "bad ownership or modes for '%s'.", pw->pw_name, file);
+                        fail = 1;
+                } else {
+                        /* Check path to SSH_USER_PERMITTED_KEYS */
+                        int i;
+                        static const char *check[] = {
+                                "", SSH_USER_DIR, NULL
+                        };
+                        for (i = 0; check[i]; i++) {
+                                snprintf(line, sizeof line, "%.500s/%.100s",
+                                    pw->pw_dir, check[i]);
+                                if (stat(line, &st) < 0 ||
+                                    (st.st_uid != 0 && st.st_uid != pw->pw_uid) ||
+                                    (st.st_mode & 022) != 0) {
+                                        snprintf(buf, sizeof buf,
+                                            "DSA authentication refused for %.100s: "
+                                            "bad ownership or modes for '%s'.",
+                                            pw->pw_name, line);
+                                        fail = 1;
+                                        break;
+                                }
+                        }
+                }
+                if (fail) {
+                        fclose(f);
+                        log("%s",buf);
+                        restore_uid();
+                        return 0;
+                }
+        }
+        found_key = 0;
+        found = key_new(KEY_DSA);
+        while (fgets(line, sizeof(line), f)) {
+                char *cp, *options = NULL;
+                linenum++;
+                /* Skip leading whitespace, empty and comment lines. */
+                for (cp = line; *cp == ' ' || *cp == '\t'; cp++)
+                        ;
+                if (!*cp || *cp == '\n' || *cp == '#')
+                        continue;
+                bits = key_read(found, &cp);
+                if (bits == 0) {
+                        /* no key?  check if there are options for this key */
+                        int quoted = 0;
+                        options = cp;
+                        for (; *cp && (quoted || (*cp != ' ' && *cp != '\t')); cp++) {
+                                if (*cp == '\\' && cp[1] == '"')
+                                        cp++;   /* Skip both */
+                                else if (*cp == '"')
+                                        quoted = !quoted;
+                        }
+                        /* Skip remaining whitespace. */
+                        for (; *cp == ' ' || *cp == '\t'; cp++)
+                                ;
+                        bits = key_read(found, &cp);
+                        if (bits == 0) {
+                                /* still no key?  advance to next line*/
+                                continue;
+                        }
+                }
+                if (key_equal(found, key) &&
+                    auth_parse_options(pw, options, linenum) == 1) {
+                        found_key = 1;
+                        debug("matching key found: file %s, line %ld",
+                            file, linenum);
+                        break;
+                }
+        }
+        restore_uid();
+        fclose(f);
+        key_free(found);
+        return found_key;
+}

diff --git a/other/openssh-2.1.1p4/auth2.c b/other/openssh-2.1.1p4/auth2.c new file mode 100644 index 0000000..4926ff8 --- /dev/null +++ b/other/openssh-2.1.1p4/auth2.c
@@ -0,0 +1,542 @@
	1	/*
	2	* Copyright (c) 2000 Markus Friedl. All rights reserved.
	3	*
	4	* Redistribution and use in source and binary forms, with or without
	5	* modification, are permitted provided that the following conditions
	6	* are met:
	7	* 1. Redistributions of source code must retain the above copyright
	8	* notice, this list of conditions and the following disclaimer.
	9	* 2. Redistributions in binary form must reproduce the above copyright
	10	* notice, this list of conditions and the following disclaimer in the
	11	* documentation and/or other materials provided with the distribution.
	12	* 3. All advertising materials mentioning features or use of this software
	13	* must display the following acknowledgement:
	14	* This product includes software developed by Markus Friedl.
	15	* 4. The name of the author may not be used to endorse or promote products
	16	* derived from this software without specific prior written permission.
	17	*
	18	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
	19	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
	20	* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
	21	* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
	22	* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
	23	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
	24	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
	25	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
	26	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
	27	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
	28	*/
	29	#include "includes.h"
	30	RCSID("$OpenBSD: auth2.c,v 1.12 2000/07/07 03:55:03 todd Exp $");
	31
	32	#include <openssl/dsa.h>
	33	#include <openssl/rsa.h>
	34	#include <openssl/evp.h>
	35
	36	#include "xmalloc.h"
	37	#include "rsa.h"
	38	#include "ssh.h"
	39	#include "pty.h"
	40	#include "packet.h"
	41	#include "buffer.h"
	42	#include "cipher.h"
	43	#include "servconf.h"
	44	#include "compat.h"
	45	#include "channels.h"
	46	#include "bufaux.h"
	47	#include "ssh2.h"
	48	#include "auth.h"
	49	#include "session.h"
	50	#include "dispatch.h"
	51	#include "auth.h"
	52	#include "key.h"
	53	#include "kex.h"
	54
	55	#include "dsa.h"
	56	#include "uidswap.h"
	57	#include "auth-options.h"
	58
	59	#ifdef HAVE_OSF_SIA
	60	# include <sia.h>
	61	# include <siad.h>
	62	#endif
	63
	64	/* import */
	65	extern ServerOptions options;
	66	extern unsigned char *session_id2;
	67	extern int session_id2_len;
	68
	69	/* protocol */
	70
	71	void input_service_request(int type, int plen);
	72	void input_userauth_request(int type, int plen);
	73	void protocol_error(int type, int plen);
	74
	75	/* auth */
	76	int ssh2_auth_none(struct passwd *pw);
	77	int ssh2_auth_password(struct passwd *pw);
	78	int ssh2_auth_pubkey(struct passwd pw, char service);
	79
	80	/* helper */
	81	struct passwd* auth_set_user(char u, char s);
	82	int user_dsa_key_allowed(struct passwd pw, Key key);
	83
	84	typedef struct Authctxt Authctxt;
	85	struct Authctxt {
	86	char *user;
	87	char *service;
	88	struct passwd pw;
	89	int valid;
	90	};
	91	static Authctxt *authctxt = NULL;
	92	static int userauth_success = 0;
	93
	94	/*
	95	* loop until userauth_success == TRUE
	96	*/
	97
	98	void
	99	do_authentication2()
	100	{
	101	/* turn off skey/kerberos, not supported by SSH2 */
	102	#ifdef SKEY
	103	options.skey_authentication = 0;
	104	#endif
	105	#ifdef KRB4
	106	options.kerberos_authentication = 0;
	107	#endif
	108
	109	dispatch_init(&protocol_error);
	110	dispatch_set(SSH2_MSG_SERVICE_REQUEST, &input_service_request);
	111	dispatch_run(DISPATCH_BLOCK, &userauth_success);
	112	do_authenticated2();
	113	}
	114
	115	void
	116	protocol_error(int type, int plen)
	117	{
	118	log("auth: protocol error: type %d plen %d", type, plen);
	119	packet_start(SSH2_MSG_UNIMPLEMENTED);
	120	packet_put_int(0);
	121	packet_send();
	122	packet_write_wait();
	123	}
	124
	125	void
	126	input_service_request(int type, int plen)
	127	{
	128	unsigned int len;
	129	int accept = 0;
	130	char *service = packet_get_string(&len);
	131	packet_done();
	132
	133	if (strcmp(service, "ssh-userauth") == 0) {
	134	if (!userauth_success) {
	135	accept = 1;
	136	/* now we can handle user-auth requests */
	137	dispatch_set(SSH2_MSG_USERAUTH_REQUEST, &input_userauth_request);
	138	}
	139	}
	140	/* XXX all other service requests are denied */
	141
	142	if (accept) {
	143	packet_start(SSH2_MSG_SERVICE_ACCEPT);
	144	packet_put_cstring(service);
	145	packet_send();
	146	packet_write_wait();
	147	} else {
	148	debug("bad service request %s", service);
	149	packet_disconnect("bad service request %s", service);
	150	}
	151	xfree(service);
	152	}
	153
	154	void
	155	input_userauth_request(int type, int plen)
	156	{
	157	static void (authlog) (const char fmt,...) = verbose;
	158	static int attempt = 0;
	159	unsigned int len;
	160	int authenticated = 0;
	161	char user, service, method, authmsg = NULL;
	162	struct passwd *pw;
	163	#ifdef WITH_AIXAUTHENTICATE
	164	extern char *aixloginmsg;
	165	#endif /* WITH_AIXAUTHENTICATE */
	166
	167	user = packet_get_string(&len);
	168	service = packet_get_string(&len);
	169	method = packet_get_string(&len);
	170	if (++attempt == AUTH_FAIL_MAX) {
	171	#ifdef WITH_AIXAUTHENTICATE
	172	loginfailed(user,get_canonical_hostname(),"ssh");
	173	#endif /* WITH_AIXAUTHENTICATE */
	174	packet_disconnect("too many failed userauth_requests");
	175	}
	176	debug("userauth-request for user %s service %s method %s", user, service, method);
	177
	178	/* XXX we only allow the ssh-connection service */
	179	pw = auth_set_user(user, service);
	180	if (pw && strcmp(service, "ssh-connection")==0) {
	181	if (strcmp(method, "none") == 0) {
	182	authenticated = ssh2_auth_none(pw);
	183	} else if (strcmp(method, "password") == 0) {
	184	authenticated = ssh2_auth_password(pw);
	185	} else if (strcmp(method, "publickey") == 0) {
	186	authenticated = ssh2_auth_pubkey(pw, service);
	187	}
	188	}
	189	if (authenticated && pw && pw->pw_uid == 0 && !options.permit_root_login) {
	190	authenticated = 0;
	191	log("ROOT LOGIN REFUSED FROM %.200s",
	192	get_canonical_hostname());
	193	}
	194
	195	#ifdef USE_PAM
	196	if (authenticated && !do_pam_account(pw->pw_name, NULL))
	197	authenticated = 0;
	198	#endif /* USE_PAM */
	199
	200	/* Raise logging level */
	201	if (authenticated == 1 \|\|
	202	attempt == AUTH_FAIL_LOG \|\|
	203	strcmp(method, "password") == 0)
	204	authlog = log;
	205
	206	/* Log before sending the reply */
	207	if (authenticated == 1) {
	208	authmsg = "Accepted";
	209	} else if (authenticated == 0) {
	210	authmsg = "Failed";
	211	} else {
	212	authmsg = "Postponed";
	213	}
	214	authlog("%s %s for %.200s from %.200s port %d ssh2",
	215	authmsg,
	216	method,
	217	pw && pw->pw_uid == 0 ? "ROOT" : user,
	218	get_remote_ipaddr(),
	219	get_remote_port());
	220
	221	/* XXX todo: check if multiple auth methods are needed */
	222	if (authenticated == 1) {
	223	#ifdef WITH_AIXAUTHENTICATE
	224	/* We don't have a pty yet, so just label the line as "ssh" */
	225	if (loginsuccess(user,get_canonical_hostname(),"ssh",
	226	&aixloginmsg) < 0)
	227	aixloginmsg = NULL;
	228	#endif /* WITH_AIXAUTHENTICATE */
	229	/* turn off userauth */
	230	dispatch_set(SSH2_MSG_USERAUTH_REQUEST, &protocol_error);
	231	packet_start(SSH2_MSG_USERAUTH_SUCCESS);
	232	packet_send();
	233	packet_write_wait();
	234	/* now we can break out */
	235	userauth_success = 1;
	236	} else if (authenticated == 0) {
	237	packet_start(SSH2_MSG_USERAUTH_FAILURE);
	238	packet_put_cstring("publickey,password"); /* XXX dynamic */
	239	packet_put_char(0); /* XXX partial success, unused */
	240	packet_send();
	241	packet_write_wait();
	242	}
	243
	244	xfree(service);
	245	xfree(user);
	246	xfree(method);
	247	}
	248
	249	int
	250	ssh2_auth_none(struct passwd *pw)
	251	{
	252	#ifdef HAVE_OSF_SIA
	253	extern int saved_argc;
	254	extern char **saved_argv;
	255	#endif
	256
	257	packet_done();
	258
	259	#ifdef USE_PAM
	260	return auth_pam_password(pw, "");
	261	#elif defined(HAVE_OSF_SIA)
	262	return(sia_validate_user(NULL, saved_argc, saved_argv,
	263	get_canonical_hostname(), pw->pw_name, NULL, 0, NULL,
	264	"") == SIASUCCESS);
	265	#else /* !HAVE_OSF_SIA && !USE_PAM */
	266	return auth_password(pw, "");
	267	#endif /* USE_PAM */
	268	}
	269	int
	270	ssh2_auth_password(struct passwd *pw)
	271	{
	272	char *password;
	273	int authenticated = 0;
	274	int change;
	275	unsigned int len;
	276	#ifdef HAVE_OSF_SIA
	277	extern int saved_argc;
	278	extern char **saved_argv;
	279	#endif
	280	change = packet_get_char();
	281	if (change)
	282	log("password change not supported");
	283	password = packet_get_string(&len);
	284	packet_done();
	285	if (options.password_authentication &&
	286	#ifdef USE_PAM
	287	auth_pam_password(pw, password) == 1)
	288	#elif defined(HAVE_OSF_SIA)
	289	sia_validate_user(NULL, saved_argc, saved_argv,
	290	get_canonical_hostname(), pw->pw_name, NULL, 0,
	291	NULL, password) == SIASUCCESS)
	292	#else /* !USE_PAM && !HAVE_OSF_SIA */
	293	auth_password(pw, password) == 1)
	294	#endif /* USE_PAM */
	295	authenticated = 1;
	296	memset(password, 0, len);
	297	xfree(password);
	298	return authenticated;
	299	}
	300	int
	301	ssh2_auth_pubkey(struct passwd pw, char service)
	302	{
	303	Buffer b;
	304	Key *key;
	305	char pkalg, pkblob, *sig;
	306	unsigned int alen, blen, slen;
	307	int have_sig;
	308	int authenticated = 0;
	309
	310	if (options.dsa_authentication == 0) {
	311	debug("pubkey auth disabled");
	312	return 0;
	313	}
	314	have_sig = packet_get_char();
	315	pkalg = packet_get_string(&alen);
	316	if (strcmp(pkalg, KEX_DSS) != 0) {
	317	xfree(pkalg);
	318	log("bad pkalg %s", pkalg); /XXX/
	319	return 0;
	320	}
	321	pkblob = packet_get_string(&blen);
	322	key = dsa_key_from_blob(pkblob, blen);
	323	if (key != NULL) {
	324	if (have_sig) {
	325	sig = packet_get_string(&slen);
	326	packet_done();
	327	buffer_init(&b);
	328	if (datafellows & SSH_COMPAT_SESSIONID_ENCODING) {
	329	buffer_put_string(&b, session_id2, session_id2_len);
	330	} else {
	331	buffer_append(&b, session_id2, session_id2_len);
	332	}
	333	/* reconstruct packet */
	334	buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
	335	buffer_put_cstring(&b, pw->pw_name);
	336	buffer_put_cstring(&b,
	337	datafellows & SSH_BUG_PUBKEYAUTH ?
	338	"ssh-userauth" :
	339	service);
	340	buffer_put_cstring(&b, "publickey");
	341	buffer_put_char(&b, have_sig);
	342	buffer_put_cstring(&b, KEX_DSS);
	343	buffer_put_string(&b, pkblob, blen);
	344	#ifdef DEBUG_DSS
	345	buffer_dump(&b);
	346	#endif
	347	/* test for correct signature */
	348	if (user_dsa_key_allowed(pw, key) &&
	349	dsa_verify(key, sig, slen, buffer_ptr(&b), buffer_len(&b)) == 1)
	350	authenticated = 1;
	351	buffer_clear(&b);
	352	xfree(sig);
	353	} else {
	354	packet_done();
	355	debug("test key...");
	356	/* test whether pkalg/pkblob are acceptable */
	357	/* XXX fake reply and always send PK_OK ? */
	358	/*
	359	* XXX this allows testing whether a user is allowed
	360	* to login: if you happen to have a valid pubkey this
	361	* message is sent. the message is NEVER sent at all
	362	* if a user is not allowed to login. is this an
	363	* issue? -markus
	364	*/
	365	if (user_dsa_key_allowed(pw, key)) {
	366	packet_start(SSH2_MSG_USERAUTH_PK_OK);
	367	packet_put_string(pkalg, alen);
	368	packet_put_string(pkblob, blen);
	369	packet_send();
	370	packet_write_wait();
	371	authenticated = -1;
	372	}
	373	}
	374	key_free(key);
	375	}
	376	xfree(pkalg);
	377	xfree(pkblob);
	378	return authenticated;
	379	}
	380
	381	/* set and get current user */
	382
	383	struct passwd*
	384	auth_get_user(void)
	385	{
	386	return (authctxt != NULL && authctxt->valid) ? &authctxt->pw : NULL;
	387	}
	388
	389	struct passwd*
	390	auth_set_user(char u, char s)
	391	{
	392	struct passwd pw, copy;
	393
	394	if (authctxt == NULL) {
	395	authctxt = xmalloc(sizeof(*authctxt));
	396	authctxt->valid = 0;
	397	authctxt->user = xstrdup(u);
	398	authctxt->service = xstrdup(s);
	399	setproctitle("%s", u);
	400	pw = getpwnam(u);
	401	if (!pw \|\| !allowed_user(pw)) {
	402	log("auth_set_user: illegal user %s", u);
	403	return NULL;
	404	}
	405	#ifdef USE_PAM
	406	start_pam(pw);
	407	#endif
	408	copy = &authctxt->pw;
	409	memset(copy, 0, sizeof(*copy));
	410	copy->pw_name = xstrdup(pw->pw_name);
	411	copy->pw_passwd = xstrdup(pw->pw_passwd);
	412	copy->pw_uid = pw->pw_uid;
	413	copy->pw_gid = pw->pw_gid;
	414	copy->pw_dir = xstrdup(pw->pw_dir);
	415	copy->pw_shell = xstrdup(pw->pw_shell);
	416	authctxt->valid = 1;
	417	} else {
	418	if (strcmp(u, authctxt->user) != 0 \|\|
	419	strcmp(s, authctxt->service) != 0) {
	420	log("auth_set_user: missmatch: (%s,%s)!=(%s,%s)",
	421	u, s, authctxt->user, authctxt->service);
	422	return NULL;
	423	}
	424	}
	425	return auth_get_user();
	426	}
	427
	428	/* return 1 if user allows given key */
	429	int
	430	user_dsa_key_allowed(struct passwd pw, Key key)
	431	{
	432	char line[8192], file[1024];
	433	int found_key = 0;
	434	unsigned int bits = -1;
	435	FILE *f;
	436	unsigned long linenum = 0;
	437	struct stat st;
	438	Key *found;
	439
	440	/* Temporarily use the user's uid. */
	441	temporarily_use_uid(pw->pw_uid);
	442
	443	/* The authorized keys. */
	444	snprintf(file, sizeof file, "%.500s/%.100s", pw->pw_dir,
	445	SSH_USER_PERMITTED_KEYS2);
	446
	447	/* Fail quietly if file does not exist */
	448	if (stat(file, &st) < 0) {
	449	/* Restore the privileged uid. */
	450	restore_uid();
	451	return 0;
	452	}
	453	/* Open the file containing the authorized keys. */
	454	f = fopen(file, "r");
	455	if (!f) {
	456	/* Restore the privileged uid. */
	457	restore_uid();
	458	return 0;
	459	}
	460	if (options.strict_modes) {
	461	int fail = 0;
	462	char buf[1024];
	463	/* Check open file in order to avoid open/stat races */
	464	if (fstat(fileno(f), &st) < 0 \|\|
	465	(st.st_uid != 0 && st.st_uid != pw->pw_uid) \|\|
	466	(st.st_mode & 022) != 0) {
	467	snprintf(buf, sizeof buf, "DSA authentication refused for %.100s: "
	468	"bad ownership or modes for '%s'.", pw->pw_name, file);
	469	fail = 1;
	470	} else {
	471	/* Check path to SSH_USER_PERMITTED_KEYS */
	472	int i;
	473	static const char *check[] = {
	474	"", SSH_USER_DIR, NULL
	475	};
	476	for (i = 0; check[i]; i++) {
	477	snprintf(line, sizeof line, "%.500s/%.100s",
	478	pw->pw_dir, check[i]);
	479	if (stat(line, &st) < 0 \|\|
	480	(st.st_uid != 0 && st.st_uid != pw->pw_uid) \|\|
	481	(st.st_mode & 022) != 0) {
	482	snprintf(buf, sizeof buf,
	483	"DSA authentication refused for %.100s: "
	484	"bad ownership or modes for '%s'.",
	485	pw->pw_name, line);
	486	fail = 1;
	487	break;
	488	}
	489	}
	490	}
	491	if (fail) {
	492	fclose(f);
	493	log("%s",buf);
	494	restore_uid();
	495	return 0;
	496	}
	497	}
	498	found_key = 0;
	499	found = key_new(KEY_DSA);
	500
	501	while (fgets(line, sizeof(line), f)) {
	502	char cp, options = NULL;
	503	linenum++;
	504	/* Skip leading whitespace, empty and comment lines. */
	505	for (cp = line; cp == ' ' \|\| cp == '\t'; cp++)
	506	;
	507	if (!cp \|\| cp == '\n' \|\| *cp == '#')
	508	continue;
	509
	510	bits = key_read(found, &cp);
	511	if (bits == 0) {
	512	/* no key? check if there are options for this key */
	513	int quoted = 0;
	514	options = cp;
	515	for (; cp && (quoted \|\| (cp != ' ' && *cp != '\t')); cp++) {
	516	if (*cp == '\\' && cp[1] == '"')
	517	cp++; /* Skip both */
	518	else if (*cp == '"')
	519	quoted = !quoted;
	520	}
	521	/* Skip remaining whitespace. */
	522	for (; cp == ' ' \|\| cp == '\t'; cp++)
	523	;
	524	bits = key_read(found, &cp);
	525	if (bits == 0) {
	526	/* still no key? advance to next line*/
	527	continue;
	528	}
	529	}
	530	if (key_equal(found, key) &&
	531	auth_parse_options(pw, options, linenum) == 1) {
	532	found_key = 1;
	533	debug("matching key found: file %s, line %ld",
	534	file, linenum);
	535	break;
	536	}
	537	}
	538	restore_uid();
	539	fclose(f);
	540	key_free(found);
	541	return found_key;
	542	}