cli-authpubkey.c

   1 /*
   2  * Dropbear SSH
   3  *
   4  * Copyright (c) 2002,2003 Matt Johnston
   5  * Copyright (c) 2004 by Mihnea Stoenescu
   6  * All rights reserved.
   7  *
   8  * Permission is hereby granted, free of charge, to any person obtaining a copy
   9  * of this software and associated documentation files (the "Software"), to deal
  10  * in the Software without restriction, including without limitation the rights
  11  * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
  12  * copies of the Software, and to permit persons to whom the Software is
  13  * furnished to do so, subject to the following conditions:
  14  *
  15  * The above copyright notice and this permission notice shall be included in
  16  * all copies or substantial portions of the Software.
  17  *
  18  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
  19  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
  20  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
  21  * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
  22  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
  23  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
  24  * SOFTWARE. */
  25
  26 #include "includes.h"
  27 #include "buffer.h"
  28 #include "dbutil.h"
  29 #include "session.h"
  30 #include "ssh.h"
  31 #include "runopts.h"
  32 #include "auth.h"
  33 #include "agentfwd.h"
  34
  35 #ifdef ENABLE_CLI_PUBKEY_AUTH
  36 static void send_msg_userauth_pubkey(sign_key *key, int type, int realsign);
  37
  38 /* Called when we receive a SSH_MSG_USERAUTH_FAILURE for a pubkey request.
  39  * We use it to remove the key we tried from the list */
  40 void cli_pubkeyfail() {
  41         m_list_elem *iter;
  42         for (iter = cli_opts.privkeys->first; iter; iter = iter->next) {
  43                 sign_key *iter_key = (sign_key*)iter->item;
  44
  45                 if (iter_key == cli_ses.lastprivkey)
  46                 {
  47                         /* found the failing key */
  48                         list_remove(iter);
  49                         sign_key_free(iter_key);
  50                         cli_ses.lastprivkey = NULL;
  51                         return;
  52                 }
  53         }
  54 }
  55
  56 void recv_msg_userauth_pk_ok() {
  57         m_list_elem *iter;
  58         buffer* keybuf = NULL;
  59         char* algotype = NULL;
  60         unsigned int algolen;
  61         int keytype;
  62         unsigned int remotelen;
  63
  64         TRACE(("enter recv_msg_userauth_pk_ok"))
  65
  66         algotype = buf_getstring(ses.payload, &algolen);
  67         keytype = signkey_type_from_name(algotype, algolen);
  68         TRACE(("recv_msg_userauth_pk_ok: type %d", keytype))
  69         m_free(algotype);
  70
  71         keybuf = buf_new(MAX_PUBKEY_SIZE);
  72
  73         remotelen = buf_getint(ses.payload);
  74
  75         /* Iterate through our keys, find which one it was that matched, and
  76          * send a real request with that key */
  77         for (iter = cli_opts.privkeys->first; iter; iter = iter->next) {
  78                 sign_key *key = (sign_key*)iter->item;
  79                 if (key->type != keytype) {
  80                         /* Types differed */
  81                         TRACE(("types differed"))
  82                         continue;
  83                 }
  84
  85                 /* Now we compare the contents of the key */
  86                 keybuf->pos = keybuf->len = 0;
  87                 buf_put_pub_key(keybuf, key, keytype);
  88                 buf_setpos(keybuf, 0);
  89                 buf_incrpos(keybuf, 4); /* first int is the length of the remainder (ie
  90                                                                    remotelen) which has already been taken from
  91                                                                    the remote buffer */
  92
  93
  94                 if (keybuf->len-4 != remotelen) {
  95                         TRACE(("lengths differed: localh %d remote %d", keybuf->len, remotelen))
  96                         /* Lengths differed */
  97                         continue;
  98                 }
  99                 if (memcmp(buf_getptr(keybuf, remotelen),
 100                                         buf_getptr(ses.payload, remotelen), remotelen) != 0) {
 101                         /* Data didn't match this key */
 102                         TRACE(("data differed"))
 103                         continue;
 104                 }
 105
 106                 /* Success */
 107                 break;
 108         }
 109         buf_free(keybuf);
 110
 111         if (iter != NULL) {
 112                 TRACE(("matching key"))
 113                 /* XXX TODO: if it's an encrypted key, here we ask for their
 114                  * password */
 115                 send_msg_userauth_pubkey((sign_key*)iter->item, keytype, 1);
 116         } else {
 117                 TRACE(("That was whacky. We got told that a key was valid, but it didn't match our list. Sounds like dodgy code on Dropbear's part"))
 118         }
 119
 120         TRACE(("leave recv_msg_userauth_pk_ok"))
 121 }
 122
 123 void cli_buf_put_sign(buffer* buf, sign_key *key, int type,
 124                         const unsigned char *data, unsigned int len)
 125 {
 126         if (key->source == SIGNKEY_SOURCE_AGENT) {
 127                 /* Format the agent signature ourselves, as buf_put_sign would. */
 128                 buffer *sigblob;
 129                 sigblob = buf_new(MAX_PUBKEY_SIZE);
 130                 agent_buf_sign(sigblob, key, data, len);
 131                 buf_setpos(sigblob, 0);
 132                 buf_putstring(buf, buf_getptr(sigblob, sigblob->len),
 133                                 sigblob->len);
 134
 135                 buf_free(sigblob);
 136         } else {
 137                 buf_put_sign(buf, key, type, data, len);
 138         }
 139
 140 }
 141
 142 /* TODO: make it take an agent reference to use as well */
 143 static void send_msg_userauth_pubkey(sign_key *key, int type, int realsign) {
 144
 145         const char *algoname = NULL;
 146         int algolen;
 147         buffer* sigbuf = NULL;
 148
 149         TRACE(("enter send_msg_userauth_pubkey"))
 150         CHECKCLEARTOWRITE();
 151
 152         buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_REQUEST);
 153
 154         buf_putstring(ses.writepayload, cli_opts.username,
 155                         strlen(cli_opts.username));
 156
 157         buf_putstring(ses.writepayload, SSH_SERVICE_CONNECTION,
 158                         SSH_SERVICE_CONNECTION_LEN);
 159
 160         buf_putstring(ses.writepayload, AUTH_METHOD_PUBKEY,
 161                         AUTH_METHOD_PUBKEY_LEN);
 162
 163         buf_putbyte(ses.writepayload, realsign);
 164
 165         algoname = signkey_name_from_type(type, &algolen);
 166
 167         buf_putstring(ses.writepayload, algoname, algolen);
 168         buf_put_pub_key(ses.writepayload, key, type);
 169
 170         if (realsign) {
 171                 TRACE(("realsign"))
 172                 /* We put the signature as well - this contains string(session id), then
 173                  * the contents of the write payload to this point */
 174                 sigbuf = buf_new(4 + SHA1_HASH_SIZE + ses.writepayload->len);
 175                 buf_putstring(sigbuf, ses.session_id, SHA1_HASH_SIZE);
 176                 buf_putbytes(sigbuf, ses.writepayload->data, ses.writepayload->len);
 177                 cli_buf_put_sign(ses.writepayload, key, type, sigbuf->data, sigbuf->len);
 178                 buf_free(sigbuf); /* Nothing confidential in the buffer */
 179         }
 180
 181         encrypt_packet();
 182         TRACE(("leave send_msg_userauth_pubkey"))
 183 }
 184
 185 /* Returns 1 if a key was tried */
 186 int cli_auth_pubkey() {
 187
 188         TRACE(("enter cli_auth_pubkey"))
 189
 190         if (!cli_opts.agent_keys_loaded) {
 191                 /* get the list of available keys from the agent */
 192                 cli_load_agent_keys(cli_opts.privkeys);
 193                 cli_opts.agent_keys_loaded = 1;
 194         }
 195
 196         if (cli_opts.privkeys->first) {
 197                 sign_key * key = (sign_key*)cli_opts.privkeys->first->item;
 198                 /* Send a trial request */
 199                 send_msg_userauth_pubkey(key, key->type, 0);
 200                 cli_ses.lastprivkey = key;
 201                 TRACE(("leave cli_auth_pubkey-success"))
 202                 return 1;
 203         } else {
 204                 /* no more keys left */
 205                 TRACE(("leave cli_auth_pubkey-failure"))
 206                 return 0;
 207         }
 208 }
 209
 210 void cli_auth_pubkey_cleanup() {
 211
 212 #ifdef ENABLE_CLI_AGENTFWD
 213         m_close(cli_opts.agent_fd);
 214         cli_opts.agent_fd = -1;
 215 #endif
 216
 217         while (cli_opts.privkeys->first) {
 218                 sign_key * key = list_remove(cli_opts.privkeys->first);
 219                 sign_key_free(key);
 220         }
 221 }
 222 #endif /* Pubkey auth */