| /* |
| * Dropbear - a SSH2 server |
| * |
| * Copyright (c) 2002,2003 Matt Johnston |
| * All rights reserved. |
| * |
| * Permission is hereby granted, free of charge, to any person obtaining a copy |
| * of this software and associated documentation files (the "Software"), to deal |
| * in the Software without restriction, including without limitation the rights |
| * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell |
| * copies of the Software, and to permit persons to whom the Software is |
| * furnished to do so, subject to the following conditions: |
| * |
| * The above copyright notice and this permission notice shall be included in |
| * all copies or substantial portions of the Software. |
| * |
| * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR |
| * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, |
| * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE |
| * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER |
| * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, |
| * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE |
| * SOFTWARE. */ |
| |
| /* This file (auth.c) handles authentication requests, passing it to the |
| * particular type (auth-passwd, auth-pubkey). */ |
| |
| #include "includes.h" |
| #include "dbutil.h" |
| #include "session.h" |
| #include "buffer.h" |
| #include "ssh.h" |
| #include "packet.h" |
| #include "auth.h" |
| #include "runopts.h" |
| |
| static void authclear(); |
| static int checkusername(unsigned char *username, unsigned int userlen); |
| static void send_msg_userauth_banner(); |
| |
| /* initialise the first time for a session, resetting all parameters */ |
| void svr_authinitialise() { |
| |
| ses.authstate.failcount = 0; |
| authclear(); |
| |
| } |
| |
| /* Reset the auth state, but don't reset the failcount. This is for if the |
| * user decides to try with a different username etc, and is also invoked |
| * on initialisation */ |
| static void authclear() { |
| |
| memset(&ses.authstate, 0, sizeof(ses.authstate)); |
| #ifdef ENABLE_SVR_PUBKEY_AUTH |
| ses.authstate.authtypes |= AUTH_TYPE_PUBKEY; |
| #endif |
| #if defined(ENABLE_SVR_PASSWORD_AUTH) || defined(ENABLE_SVR_PAM_AUTH) |
| if (!svr_opts.noauthpass) { |
| ses.authstate.authtypes |= AUTH_TYPE_PASSWORD; |
| } |
| #endif |
| |
| } |
| |
| /* Send a banner message if specified to the client. The client might |
| * ignore this, but possibly serves as a legal "no trespassing" sign */ |
| static void send_msg_userauth_banner() { |
| |
| TRACE(("enter send_msg_userauth_banner")) |
| if (svr_opts.banner == NULL) { |
| TRACE(("leave send_msg_userauth_banner: banner is NULL")) |
| return; |
| } |
| |
| CHECKCLEARTOWRITE(); |
| |
| buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_BANNER); |
| buf_putstring(ses.writepayload, buf_getptr(svr_opts.banner, |
| svr_opts.banner->len), svr_opts.banner->len); |
| buf_putstring(ses.writepayload, "en", 2); |
| |
| encrypt_packet(); |
| buf_free(svr_opts.banner); |
| svr_opts.banner = NULL; |
| |
| TRACE(("leave send_msg_userauth_banner")) |
| } |
| |
| /* handle a userauth request, check validity, pass to password or pubkey |
| * checking, and handle success or failure */ |
| void recv_msg_userauth_request() { |
| |
| unsigned char *username = NULL, *servicename = NULL, *methodname = NULL; |
| unsigned int userlen, servicelen, methodlen; |
| |
| TRACE(("enter recv_msg_userauth_request")) |
| |
| /* ignore packets if auth is already done */ |
| if (ses.authstate.authdone == 1) { |
| TRACE(("leave recv_msg_userauth_request: authdone already")) |
| return; |
| } |
| |
| /* send the banner if it exists, it will only exist once */ |
| if (svr_opts.banner) { |
| send_msg_userauth_banner(); |
| } |
| |
| |
| username = buf_getstring(ses.payload, &userlen); |
| servicename = buf_getstring(ses.payload, &servicelen); |
| methodname = buf_getstring(ses.payload, &methodlen); |
| |
| /* only handle 'ssh-connection' currently */ |
| if (servicelen != SSH_SERVICE_CONNECTION_LEN |
| && (strncmp(servicename, SSH_SERVICE_CONNECTION, |
| SSH_SERVICE_CONNECTION_LEN) != 0)) { |
| |
| /* TODO - disconnect here */ |
| m_free(username); |
| m_free(servicename); |
| m_free(methodname); |
| dropbear_exit("unknown service in auth"); |
| } |
| |
| /* user wants to know what methods are supported */ |
| if (methodlen == AUTH_METHOD_NONE_LEN && |
| strncmp(methodname, AUTH_METHOD_NONE, |
| AUTH_METHOD_NONE_LEN) == 0) { |
| TRACE(("recv_msg_userauth_request: 'none' request")) |
| send_msg_userauth_failure(0, 0); |
| goto out; |
| } |
| |
| /* check username is good before continuing */ |
| if (checkusername(username, userlen) == DROPBEAR_FAILURE) { |
| /* username is invalid/no shell/etc - send failure */ |
| TRACE(("sending checkusername failure")) |
| send_msg_userauth_failure(0, 1); |
| goto out; |
| } |
| |
| #ifdef ENABLE_SVR_PASSWORD_AUTH |
| if (!svr_opts.noauthpass && |
| !(svr_opts.norootpass && ses.authstate.pw->pw_uid == 0) ) { |
| /* user wants to try password auth */ |
| if (methodlen == AUTH_METHOD_PASSWORD_LEN && |
| strncmp(methodname, AUTH_METHOD_PASSWORD, |
| AUTH_METHOD_PASSWORD_LEN) == 0) { |
| svr_auth_password(); |
| goto out; |
| } |
| } |
| #endif |
| |
| #ifdef ENABLE_SVR_PAM_AUTH |
| if (!svr_opts.noauthpass && |
| !(svr_opts.norootpass && ses.authstate.pw->pw_uid == 0) ) { |
| /* user wants to try password auth */ |
| if (methodlen == AUTH_METHOD_PASSWORD_LEN && |
| strncmp(methodname, AUTH_METHOD_PASSWORD, |
| AUTH_METHOD_PASSWORD_LEN) == 0) { |
| svr_auth_pam(); |
| goto out; |
| } |
| } |
| #endif |
| |
| #ifdef ENABLE_SVR_PUBKEY_AUTH |
| /* user wants to try pubkey auth */ |
| if (methodlen == AUTH_METHOD_PUBKEY_LEN && |
| strncmp(methodname, AUTH_METHOD_PUBKEY, |
| AUTH_METHOD_PUBKEY_LEN) == 0) { |
| svr_auth_pubkey(); |
| goto out; |
| } |
| #endif |
| |
| /* nothing matched, we just fail */ |
| send_msg_userauth_failure(0, 1); |
| |
| out: |
| |
| m_free(username); |
| m_free(servicename); |
| m_free(methodname); |
| } |
| |
| /* Check that the username exists, has a non-empty password, and has a valid |
| * shell. |
| * returns DROPBEAR_SUCCESS on valid username, DROPBEAR_FAILURE on failure */ |
| static int checkusername(unsigned char *username, unsigned int userlen) { |
| |
| char* listshell = NULL; |
| char* usershell = NULL; |
| |
| TRACE(("enter checkusername")) |
| if (userlen > MAX_USERNAME_LEN) { |
| return DROPBEAR_FAILURE; |
| } |
| |
| /* new user or username has changed */ |
| if (ses.authstate.username == NULL || |
| strcmp(username, ses.authstate.username) != 0) { |
| /* the username needs resetting */ |
| if (ses.authstate.username != NULL) { |
| dropbear_log(LOG_WARNING, "client trying multiple usernames from %s", |
| svr_ses.addrstring); |
| m_free(ses.authstate.username); |
| } |
| authclear(); |
| ses.authstate.pw = getpwnam((char*)username); |
| ses.authstate.username = m_strdup(username); |
| m_free(ses.authstate.printableuser); |
| } |
| |
| /* check that user exists */ |
| if (ses.authstate.pw == NULL) { |
| TRACE(("leave checkusername: user '%s' doesn't exist", username)) |
| dropbear_log(LOG_WARNING, |
| "login attempt for nonexistent user from %s", |
| svr_ses.addrstring); |
| send_msg_userauth_failure(0, 1); |
| return DROPBEAR_FAILURE; |
| } |
| |
| /* We can set it once we know its a real user */ |
| ses.authstate.printableuser = m_strdup(ses.authstate.pw->pw_name); |
| |
| /* check for non-root if desired */ |
| if (svr_opts.norootlogin && ses.authstate.pw->pw_uid == 0) { |
| TRACE(("leave checkusername: root login disabled")) |
| dropbear_log(LOG_WARNING, "root login rejected"); |
| send_msg_userauth_failure(0, 1); |
| return DROPBEAR_FAILURE; |
| } |
| |
| /* check for an empty password */ |
| if (ses.authstate.pw->pw_passwd[0] == '\0') { |
| TRACE(("leave checkusername: empty pword")) |
| dropbear_log(LOG_WARNING, "user '%s' has blank password, rejected", |
| ses.authstate.printableuser); |
| send_msg_userauth_failure(0, 1); |
| return DROPBEAR_FAILURE; |
| } |
| |
| TRACE(("shell is %s", ses.authstate.pw->pw_shell)) |
| |
| /* check that the shell is set */ |
| usershell = ses.authstate.pw->pw_shell; |
| if (usershell[0] == '\0') { |
| /* empty shell in /etc/passwd means /bin/sh according to passwd(5) */ |
| usershell = "/bin/sh"; |
| } |
| |
| /* check the shell is valid. If /etc/shells doesn't exist, getusershell() |
| * should return some standard shells like "/bin/sh" and "/bin/csh" (this |
| * is platform-specific) */ |
| setusershell(); |
| while ((listshell = getusershell()) != NULL) { |
| TRACE(("test shell is '%s'", listshell)) |
| if (strcmp(listshell, usershell) == 0) { |
| /* have a match */ |
| goto goodshell; |
| } |
| } |
| /* no matching shell */ |
| endusershell(); |
| TRACE(("no matching shell")) |
| dropbear_log(LOG_WARNING, "user '%s' has invalid shell, rejected", |
| ses.authstate.printableuser); |
| send_msg_userauth_failure(0, 1); |
| return DROPBEAR_FAILURE; |
| |
| goodshell: |
| endusershell(); |
| TRACE(("matching shell")) |
| |
| TRACE(("uid = %d", ses.authstate.pw->pw_uid)) |
| TRACE(("leave checkusername")) |
| return DROPBEAR_SUCCESS; |
| |
| } |
| |
| /* Send a failure message to the client, in responds to a userauth_request. |
| * Partial indicates whether to set the "partial success" flag, |
| * incrfail is whether to count this failure in the failure count (which |
| * is limited. This function also handles disconnection after too many |
| * failures */ |
| void send_msg_userauth_failure(int partial, int incrfail) { |
| |
| buffer *typebuf = NULL; |
| |
| TRACE(("enter send_msg_userauth_failure")) |
| |
| CHECKCLEARTOWRITE(); |
| |
| buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_FAILURE); |
| |
| /* put a list of allowed types */ |
| typebuf = buf_new(30); /* long enough for PUBKEY and PASSWORD */ |
| |
| if (ses.authstate.authtypes & AUTH_TYPE_PUBKEY) { |
| buf_putbytes(typebuf, AUTH_METHOD_PUBKEY, AUTH_METHOD_PUBKEY_LEN); |
| if (ses.authstate.authtypes & AUTH_TYPE_PASSWORD) { |
| buf_putbyte(typebuf, ','); |
| } |
| } |
| |
| if (ses.authstate.authtypes & AUTH_TYPE_PASSWORD) { |
| buf_putbytes(typebuf, AUTH_METHOD_PASSWORD, AUTH_METHOD_PASSWORD_LEN); |
| } |
| |
| buf_setpos(typebuf, 0); |
| buf_putstring(ses.writepayload, buf_getptr(typebuf, typebuf->len), |
| typebuf->len); |
| |
| TRACE(("auth fail: methods %d, '%s'", ses.authstate.authtypes, |
| buf_getptr(typebuf, typebuf->len))); |
| |
| buf_free(typebuf); |
| |
| buf_putbyte(ses.writepayload, partial ? 1 : 0); |
| encrypt_packet(); |
| |
| if (incrfail) { |
| usleep(300000); /* XXX improve this */ |
| ses.authstate.failcount++; |
| } |
| |
| if (ses.authstate.failcount >= MAX_AUTH_TRIES) { |
| char * userstr; |
| /* XXX - send disconnect ? */ |
| TRACE(("Max auth tries reached, exiting")) |
| |
| if (ses.authstate.printableuser == NULL) { |
| userstr = "is invalid"; |
| } else { |
| userstr = ses.authstate.printableuser; |
| } |
| dropbear_exit("Max auth tries reached - user '%s' from %s", |
| userstr, svr_ses.addrstring); |
| } |
| |
| TRACE(("leave send_msg_userauth_failure")) |
| } |
| |
| /* Send a success message to the user, and set the "authdone" flag */ |
| void send_msg_userauth_success() { |
| |
| TRACE(("enter send_msg_userauth_success")) |
| |
| CHECKCLEARTOWRITE(); |
| |
| buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_SUCCESS); |
| encrypt_packet(); |
| |
| ses.authstate.authdone = 1; |
| ses.connecttimeout = 0; |
| |
| |
| if (ses.authstate.pw->pw_uid == 0) { |
| ses.allowprivport = 1; |
| } |
| |
| /* Remove from the list of pre-auth sockets. Should be m_close(), since if |
| * we fail, we might end up leaking connection slots, and disallow new |
| * logins - a nasty situation. */ |
| m_close(svr_ses.childpipe); |
| |
| TRACE(("leave send_msg_userauth_success")) |
| |
| } |
