Mercurial > dropbear

comparison svr-auth.c @ 4:fe6bca95afa7

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Makefile.in contains updated files required
author Matt Johnston <matt@ucc.asn.au>
date Tue, 01 Jun 2004 02:46:09 +0000
parents
children f76c9389e9e0
comparison
equal deleted inserted replaced
-1:000000000000 4:fe6bca95afa7
1 /*
2 * Dropbear - a SSH2 server
3 *
4 * Copyright (c) 2002,2003 Matt Johnston
5 * All rights reserved.
6 *
7 * Permission is hereby granted, free of charge, to any person obtaining a copy
8 * of this software and associated documentation files (the "Software"), to deal
9 * in the Software without restriction, including without limitation the rights
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 * copies of the Software, and to permit persons to whom the Software is
12 * furnished to do so, subject to the following conditions:
13 *
14 * The above copyright notice and this permission notice shall be included in
15 * all copies or substantial portions of the Software.
16 *
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
20 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
23 * SOFTWARE. */
24
25 /* This file (auth.c) handles authentication requests, passing it to the
26 * particular type (auth-passwd, auth-pubkey). */
27
28 #include "includes.h"
29 #include "dbutil.h"
30 #include "session.h"
31 #include "buffer.h"
32 #include "ssh.h"
33 #include "packet.h"
34 #include "auth.h"
35 #include "authpasswd.h"
36 #include "authpubkey.h"
37
38 static void authclear();
39 static int checkusername(unsigned char *username, unsigned int userlen);
40 static void send_msg_userauth_banner();
41
42 /* initialise the first time for a session, resetting all parameters */
43 void authinitialise() {
44
45 svr_ses.authstate.failcount = 0;
46 authclear();
47
48 }
49
50 /* Reset the auth state, but don't reset the failcount. This is for if the
51 * user decides to try with a different username etc, and is also invoked
52 * on initialisation */
53 static void authclear() {
54
55 svr_ses.authstate.authdone = 0;
56 svr_ses.authstate.pw = NULL;
57 svr_ses.authstate.username = NULL;
58 svr_ses.authstate.printableuser = NULL;
59 svr_ses.authstate.authtypes = 0;
60 #ifdef DROPBEAR_PUBKEY_AUTH
61 svr_ses.authstate.authtypes |= AUTH_TYPE_PUBKEY;
62 #endif
63 #ifdef DROPBEAR_PASSWORD_AUTH
64 if (!ses.opts->noauthpass) {
65 svr_ses.authstate.authtypes |= AUTH_TYPE_PASSWORD;
66 }
67 #endif
68
69 }
70
71 /* Send a banner message if specified to the client. The client might
72 * ignore this, but possibly serves as a legal "no trespassing" sign */
73 static void send_msg_userauth_banner() {
74
75 TRACE(("enter send_msg_userauth_banner"));
76 if (ses.opts->banner == NULL) {
77 TRACE(("leave send_msg_userauth_banner: banner is NULL"));
78 return;
79 }
80
81 CHECKCLEARTOWRITE();
82
83 buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_BANNER);
84 buf_putstring(ses.writepayload, buf_getptr(ses.opts->banner,
85 ses.opts->banner->len), ses.opts->banner->len);
86 buf_putstring(ses.writepayload, "en", 2);
87
88 encrypt_packet();
89 buf_free(ses.opts->banner);
90 ses.opts->banner = NULL;
91
92 TRACE(("leave send_msg_userauth_banner"));
93 }
94
95 /* handle a userauth request, check validity, pass to password or pubkey
96 * checking, and handle success or failure */
97 void recv_msg_userauth_request() {
98
99 unsigned char *username, *servicename, *methodname;
100 unsigned int userlen, servicelen, methodlen;
101
102 TRACE(("enter recv_msg_userauth_request"));
103
104 /* ignore packets if auth is already done */
105 if (svr_ses.authstate.authdone == 1) {
106 return;
107 }
108
109 /* send the banner if it exists, it will only exist once */
110 if (ses.opts->banner) {
111 send_msg_userauth_banner();
112 }
113
114
115 username = buf_getstring(ses.payload, &userlen);
116 servicename = buf_getstring(ses.payload, &servicelen);
117 methodname = buf_getstring(ses.payload, &methodlen);
118
119 /* only handle 'ssh-connection' currently */
120 if (servicelen != SSH_SERVICE_CONNECTION_LEN
121 && (strncmp(servicename, SSH_SERVICE_CONNECTION,
122 SSH_SERVICE_CONNECTION_LEN) != 0)) {
123
124 /* TODO - disconnect here */
125 m_free(username);
126 m_free(servicename);
127 m_free(methodname);
128 dropbear_exit("unknown service in auth");
129 }
130
131 /* user wants to know what methods are supported */
132 if (methodlen == AUTH_METHOD_NONE_LEN &&
133 strncmp(methodname, AUTH_METHOD_NONE,
134 AUTH_METHOD_NONE_LEN) == 0) {
135 send_msg_userauth_failure(0, 0);
136 goto out;
137 }
138
139 /* check username is good before continuing */
140 if (checkusername(username, userlen) == DROPBEAR_FAILURE) {
141 /* username is invalid/no shell/etc - send failure */
142 TRACE(("sending checkusername failure"));
143 send_msg_userauth_failure(0, 1);
144 goto out;
145 }
146
147 #ifdef DROPBEAR_PASSWORD_AUTH
148 if (!ses.opts->noauthpass &&
149 !(ses.opts->norootpass && svr_ses.authstate.pw->pw_uid == 0) ) {
150 /* user wants to try password auth */
151 if (methodlen == AUTH_METHOD_PASSWORD_LEN &&
152 strncmp(methodname, AUTH_METHOD_PASSWORD,
153 AUTH_METHOD_PASSWORD_LEN) == 0) {
154 passwordauth(username, userlen);
155 goto out;
156 }
157 }
158 #endif
159
160 #ifdef DROPBEAR_PUBKEY_AUTH
161 /* user wants to try pubkey auth */
162 if (methodlen == AUTH_METHOD_PUBKEY_LEN &&
163 strncmp(methodname, AUTH_METHOD_PUBKEY,
164 AUTH_METHOD_PUBKEY_LEN) == 0) {
165 pubkeyauth(username, userlen);
166 goto out;
167 }
168 #endif
169
170 /* nothing matched, we just fail */
171 send_msg_userauth_failure(0, 1);
172
173 out:
174
175 m_free(username);
176 m_free(servicename);
177 m_free(methodname);
178 }
179
180 /* Check that the username exists, has a non-empty password, and has a valid
181 * shell.
182 * returns DROPBEAR_SUCCESS on valid username, DROPBEAR_FAILURE on failure */
183 static int checkusername(unsigned char *username, unsigned int userlen) {
184
185 char* listshell = NULL;
186 char* usershell = NULL;
187
188 TRACE(("enter checkusername"));
189 if (userlen > MAX_USERNAME_LEN) {
190 return DROPBEAR_FAILURE;
191 }
192
193 /* new user or username has changed */
194 if (svr_ses.authstate.username == NULL ||
195 strcmp(username, svr_ses.authstate.username) != 0) {
196 /* the username needs resetting */
197 if (svr_ses.authstate.username != NULL) {
198 dropbear_log(LOG_WARNING, "client trying multiple usernames");
199 m_free(svr_ses.authstate.username);
200 }
201 authclear();
202 svr_ses.authstate.pw = getpwnam((char*)username);
203 svr_ses.authstate.username = strdup(username);
204 m_free(svr_ses.authstate.printableuser);
205 }
206
207 /* check that user exists */
208 if (svr_ses.authstate.pw == NULL) {
209 TRACE(("leave checkusername: user '%s' doesn't exist", username));
210 dropbear_log(LOG_WARNING,
211 "login attempt for nonexistent user");
212 send_msg_userauth_failure(0, 1);
213 return DROPBEAR_FAILURE;
214 }
215
216 /* We can set it once we know its a real user */
217 svr_ses.authstate.printableuser = strdup(svr_ses.authstate.pw->pw_name);
218
219 /* check for non-root if desired */
220 if (ses.opts->norootlogin && svr_ses.authstate.pw->pw_uid == 0) {
221 TRACE(("leave checkusername: root login disabled"));
222 dropbear_log(LOG_WARNING, "root login rejected");
223 send_msg_userauth_failure(0, 1);
224 return DROPBEAR_FAILURE;
225 }
226
227 /* check for an empty password */
228 if (svr_ses.authstate.pw->pw_passwd[0] == '\0') {
229 TRACE(("leave checkusername: empty pword"));
230 dropbear_log(LOG_WARNING, "user '%s' has blank password, rejected",
231 svr_ses.authstate.printableuser);
232 send_msg_userauth_failure(0, 1);
233 return DROPBEAR_FAILURE;
234 }
235
236 TRACE(("shell is %s", svr_ses.authstate.pw->pw_shell));
237
238 /* check that the shell is set */
239 usershell = svr_ses.authstate.pw->pw_shell;
240 if (usershell[0] == '\0') {
241 /* empty shell in /etc/passwd means /bin/sh according to passwd(5) */
242 usershell = "/bin/sh";
243 }
244
245 /* check the shell is valid. If /etc/shells doesn't exist, getusershell()
246 * should return some standard shells like "/bin/sh" and "/bin/csh" (this
247 * is platform-specific) */
248 setusershell();
249 while ((listshell = getusershell()) != NULL) {
250 TRACE(("test shell is '%s'", listshell));
251 if (strcmp(listshell, usershell) == 0) {
252 /* have a match */
253 goto goodshell;
254 }
255 }
256 /* no matching shell */
257 endusershell();
258 TRACE(("no matching shell"));
259 dropbear_log(LOG_WARNING, "user '%s' has invalid shell, rejected",
260 svr_ses.authstate.printableuser);
261 send_msg_userauth_failure(0, 1);
262 return DROPBEAR_FAILURE;
263
264 goodshell:
265 endusershell();
266 TRACE(("matching shell"));
267
268 TRACE(("uid = %d", svr_ses.authstate.pw->pw_uid));
269 TRACE(("leave checkusername"));
270 return DROPBEAR_SUCCESS;
271
272 }
273
274 /* Send a failure message to the client, in responds to a userauth_request.
275 * Partial indicates whether to set the "partial success" flag,
276 * incrfail is whether to count this failure in the failure count (which
277 * is limited. This function also handles disconnection after too many
278 * failures */
279 void send_msg_userauth_failure(int partial, int incrfail) {
280
281 buffer *typebuf;
282
283 TRACE(("enter send_msg_userauth_failure"));
284
285 CHECKCLEARTOWRITE();
286
287 buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_FAILURE);
288
289 /* put a list of allowed types */
290 typebuf = buf_new(30); /* long enough for PUBKEY and PASSWORD */
291
292 if (svr_ses.authstate.authtypes & AUTH_TYPE_PUBKEY) {
293 buf_putbytes(typebuf, AUTH_METHOD_PUBKEY, AUTH_METHOD_PUBKEY_LEN);
294 if (svr_ses.authstate.authtypes & AUTH_TYPE_PASSWORD) {
295 buf_putbyte(typebuf, ',');
296 }
297 }
298
299 if (svr_ses.authstate.authtypes & AUTH_TYPE_PASSWORD) {
300 buf_putbytes(typebuf, AUTH_METHOD_PASSWORD, AUTH_METHOD_PASSWORD_LEN);
301 }
302
303 buf_setpos(typebuf, 0);
304 buf_putstring(ses.writepayload, buf_getptr(typebuf, typebuf->len),
305 typebuf->len);
306 buf_free(typebuf);
307
308 buf_putbyte(ses.writepayload, partial ? 1 : 0);
309 encrypt_packet();
310
311 if (incrfail) {
312 usleep(300000); /* XXX improve this */
313 svr_ses.authstate.failcount++;
314 }
315
316 if (svr_ses.authstate.failcount >= MAX_AUTH_TRIES) {
317 char * userstr;
318 /* XXX - send disconnect ? */
319 TRACE(("Max auth tries reached, exiting"));
320
321 if (svr_ses.authstate.printableuser == NULL) {
322 userstr = "is invalid";
323 } else {
324 userstr = svr_ses.authstate.printableuser;
325 }
326 dropbear_exit("Max auth tries reached - user %s", userstr);
327 }
328
329 TRACE(("leave send_msg_userauth_failure"));
330 }
331
332 /* Send a success message to the user, and set the "authdone" flag */
333 void send_msg_userauth_success() {
334
335 TRACE(("enter send_msg_userauth_success"));
336
337 CHECKCLEARTOWRITE();
338
339 buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_SUCCESS);
340 encrypt_packet();
341
342 svr_ses.authstate.authdone = 1;
343
344 /* Remove from the list of pre-auth sockets. Should be m_close(), since if
345 * we fail, we might end up leaking connection slots, and disallow new
346 * logins - a nasty situation. */
347 m_close(svr_ses.childpipe);
348
349 TRACE(("leave send_msg_userauth_success"));
350
351 }