1 /* 2 * Dropbear - a SSH2 server 3 * 4 * Copyright (c) 2002,2003 Matt Johnston 5 * All rights reserved. 6 * 7 * Permission is hereby granted, free of charge, to any person obtaining a copy 8 * of this software and associated documentation files (the "Software"), to deal 9 * in the Software without restriction, including without limitation the rights 10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 11 * copies of the Software, and to permit persons to whom the Software is 12 * furnished to do so, subject to the following conditions: 13 * 14 * The above copyright notice and this permission notice shall be included in 15 * all copies or substantial portions of the Software. 16 * 17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 20 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 23 * SOFTWARE. */ 24 25 /* This file (auth.c) handles authentication requests, passing it to the 26 * particular type (auth-passwd, auth-pubkey). */ 27 28 #include "includes.h" 29 #include "dbutil.h" 30 #include "session.h" 31 #include "buffer.h" 32 #include "ssh.h" 33 #include "packet.h" 34 #include "auth.h" 35 #include "runopts.h" 36 37 static void authclear(); 38 static int checkusername(unsigned char *username, unsigned int userlen); 39 static void send_msg_userauth_banner(); 40 41 /* initialise the first time for a session, resetting all parameters */ 42 void svr_authinitialise() { 43 44 ses.authstate.failcount = 0; 45 authclear(); 46 47 } 48 49 /* Reset the auth state, but don't reset the failcount. This is for if the 50 * user decides to try with a different username etc, and is also invoked 51 * on initialisation */ 52 static void authclear() { 53 54 memset(&ses.authstate, 0, sizeof(ses.authstate)); 55 #ifdef ENABLE_SVR_PUBKEY_AUTH 56 ses.authstate.authtypes |= AUTH_TYPE_PUBKEY; 57 #endif 58 #if defined(ENABLE_SVR_PASSWORD_AUTH) || defined(ENABLE_SVR_PAM_AUTH) 59 if (!svr_opts.noauthpass) { 60 ses.authstate.authtypes |= AUTH_TYPE_PASSWORD; 61 } 62 #endif 63 64 } 65 66 /* Send a banner message if specified to the client. The client might 67 * ignore this, but possibly serves as a legal "no trespassing" sign */ 68 static void send_msg_userauth_banner() { 69 70 TRACE(("enter send_msg_userauth_banner")) 71 if (svr_opts.banner == NULL) { 72 TRACE(("leave send_msg_userauth_banner: banner is NULL")) 73 return; 74 } 75 76 CHECKCLEARTOWRITE(); 77 78 buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_BANNER); 79 buf_putstring(ses.writepayload, buf_getptr(svr_opts.banner, 80 svr_opts.banner->len), svr_opts.banner->len); 81 buf_putstring(ses.writepayload, "en", 2); 82 83 encrypt_packet(); 84 buf_free(svr_opts.banner); 85 svr_opts.banner = NULL; 86 87 TRACE(("leave send_msg_userauth_banner")) 88 } 89 90 /* handle a userauth request, check validity, pass to password or pubkey 91 * checking, and handle success or failure */ 92 void recv_msg_userauth_request() { 93 94 unsigned char *username = NULL, *servicename = NULL, *methodname = NULL; 95 unsigned int userlen, servicelen, methodlen; 96 97 TRACE(("enter recv_msg_userauth_request")) 98 99 /* ignore packets if auth is already done */ 100 if (ses.authstate.authdone == 1) { 101 TRACE(("leave recv_msg_userauth_request: authdone already")) 102 return; 103 } 104 105 /* send the banner if it exists, it will only exist once */ 106 if (svr_opts.banner) { 107 send_msg_userauth_banner(); 108 } 109 110 111 username = buf_getstring(ses.payload, &userlen); 112 servicename = buf_getstring(ses.payload, &servicelen); 113 methodname = buf_getstring(ses.payload, &methodlen); 114 115 /* only handle 'ssh-connection' currently */ 116 if (servicelen != SSH_SERVICE_CONNECTION_LEN 117 && (strncmp(servicename, SSH_SERVICE_CONNECTION, 118 SSH_SERVICE_CONNECTION_LEN) != 0)) { 119 120 /* TODO - disconnect here */ 121 m_free(username); 122 m_free(servicename); 123 m_free(methodname); 124 dropbear_exit("unknown service in auth"); 125 } 126 127 /* user wants to know what methods are supported */ 128 if (methodlen == AUTH_METHOD_NONE_LEN && 129 strncmp(methodname, AUTH_METHOD_NONE, 130 AUTH_METHOD_NONE_LEN) == 0) { 131 TRACE(("recv_msg_userauth_request: 'none' request")) 132 send_msg_userauth_failure(0, 0); 133 goto out; 134 } 135 136 /* check username is good before continuing */ 137 if (checkusername(username, userlen) == DROPBEAR_FAILURE) { 138 /* username is invalid/no shell/etc - send failure */ 139 TRACE(("sending checkusername failure")) 140 send_msg_userauth_failure(0, 1); 141 goto out; 142 } 143 144 #ifdef ENABLE_SVR_PASSWORD_AUTH 145 if (!svr_opts.noauthpass && 146 !(svr_opts.norootpass && ses.authstate.pw->pw_uid == 0) ) { 147 /* user wants to try password auth */ 148 if (methodlen == AUTH_METHOD_PASSWORD_LEN && 149 strncmp(methodname, AUTH_METHOD_PASSWORD, 150 AUTH_METHOD_PASSWORD_LEN) == 0) { 151 svr_auth_password(); 152 goto out; 153 } 154 } 155 #endif 156 157 #ifdef ENABLE_SVR_PAM_AUTH 158 if (!svr_opts.noauthpass && 159 !(svr_opts.norootpass && ses.authstate.pw->pw_uid == 0) ) { 160 /* user wants to try password auth */ 161 if (methodlen == AUTH_METHOD_PASSWORD_LEN && 162 strncmp(methodname, AUTH_METHOD_PASSWORD, 163 AUTH_METHOD_PASSWORD_LEN) == 0) { 164 svr_auth_pam(); 165 goto out; 166 } 167 } 168 #endif 169 170 #ifdef ENABLE_SVR_PUBKEY_AUTH 171 /* user wants to try pubkey auth */ 172 if (methodlen == AUTH_METHOD_PUBKEY_LEN && 173 strncmp(methodname, AUTH_METHOD_PUBKEY, 174 AUTH_METHOD_PUBKEY_LEN) == 0) { 175 svr_auth_pubkey(); 176 goto out; 177 } 178 #endif 179 180 /* nothing matched, we just fail */ 181 send_msg_userauth_failure(0, 1); 182 183 out: 184 185 m_free(username); 186 m_free(servicename); 187 m_free(methodname); 188 } 189 190 /* Check that the username exists, has a non-empty password, and has a valid 191 * shell. 192 * returns DROPBEAR_SUCCESS on valid username, DROPBEAR_FAILURE on failure */ 193 static int checkusername(unsigned char *username, unsigned int userlen) { 194 195 char* listshell = NULL; 196 char* usershell = NULL; 197 198 TRACE(("enter checkusername")) 199 if (userlen > MAX_USERNAME_LEN) { 200 return DROPBEAR_FAILURE; 201 } 202 203 /* new user or username has changed */ 204 if (ses.authstate.username == NULL || 205 strcmp(username, ses.authstate.username) != 0) { 206 /* the username needs resetting */ 207 if (ses.authstate.username != NULL) { 208 dropbear_log(LOG_WARNING, "client trying multiple usernames from %s", 209 svr_ses.addrstring); 210 m_free(ses.authstate.username); 211 } 212 authclear(); 213 ses.authstate.pw = getpwnam((char*)username); 214 ses.authstate.username = m_strdup(username); 215 m_free(ses.authstate.printableuser); 216 } 217 218 /* check that user exists */ 219 if (ses.authstate.pw == NULL) { 220 TRACE(("leave checkusername: user '%s' doesn't exist", username)) 221 dropbear_log(LOG_WARNING, 222 "login attempt for nonexistent user from %s", 223 svr_ses.addrstring); 224 send_msg_userauth_failure(0, 1); 225 return DROPBEAR_FAILURE; 226 } 227 228 /* We can set it once we know its a real user */ 229 ses.authstate.printableuser = m_strdup(ses.authstate.pw->pw_name); 230 231 /* check for non-root if desired */ 232 if (svr_opts.norootlogin && ses.authstate.pw->pw_uid == 0) { 233 TRACE(("leave checkusername: root login disabled")) 234 dropbear_log(LOG_WARNING, "root login rejected"); 235 send_msg_userauth_failure(0, 1); 236 return DROPBEAR_FAILURE; 237 } 238 239 /* check for an empty password */ 240 if (ses.authstate.pw->pw_passwd[0] == '\0') { 241 TRACE(("leave checkusername: empty pword")) 242 dropbear_log(LOG_WARNING, "user '%s' has blank password, rejected", 243 ses.authstate.printableuser); 244 send_msg_userauth_failure(0, 1); 245 return DROPBEAR_FAILURE; 246 } 247 248 TRACE(("shell is %s", ses.authstate.pw->pw_shell)) 249 250 /* check that the shell is set */ 251 usershell = ses.authstate.pw->pw_shell; 252 if (usershell[0] == '\0') { 253 /* empty shell in /etc/passwd means /bin/sh according to passwd(5) */ 254 usershell = "/bin/sh"; 255 } 256 257 /* check the shell is valid. If /etc/shells doesn't exist, getusershell() 258 * should return some standard shells like "/bin/sh" and "/bin/csh" (this 259 * is platform-specific) */ 260 setusershell(); 261 while ((listshell = getusershell()) != NULL) { 262 TRACE(("test shell is '%s'", listshell)) 263 if (strcmp(listshell, usershell) == 0) { 264 /* have a match */ 265 goto goodshell; 266 } 267 } 268 /* no matching shell */ 269 endusershell(); 270 TRACE(("no matching shell")) 271 dropbear_log(LOG_WARNING, "user '%s' has invalid shell, rejected", 272 ses.authstate.printableuser); 273 send_msg_userauth_failure(0, 1); 274 return DROPBEAR_FAILURE; 275 276 goodshell: 277 endusershell(); 278 TRACE(("matching shell")) 279 280 TRACE(("uid = %d", ses.authstate.pw->pw_uid)) 281 TRACE(("leave checkusername")) 282 return DROPBEAR_SUCCESS; 283 284 } 285 286 /* Send a failure message to the client, in responds to a userauth_request. 287 * Partial indicates whether to set the "partial success" flag, 288 * incrfail is whether to count this failure in the failure count (which 289 * is limited. This function also handles disconnection after too many 290 * failures */ 291 void send_msg_userauth_failure(int partial, int incrfail) { 292 293 buffer *typebuf = NULL; 294 295 TRACE(("enter send_msg_userauth_failure")) 296 297 CHECKCLEARTOWRITE(); 298 299 buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_FAILURE); 300 301 /* put a list of allowed types */ 302 typebuf = buf_new(30); /* long enough for PUBKEY and PASSWORD */ 303 304 if (ses.authstate.authtypes & AUTH_TYPE_PUBKEY) { 305 buf_putbytes(typebuf, AUTH_METHOD_PUBKEY, AUTH_METHOD_PUBKEY_LEN); 306 if (ses.authstate.authtypes & AUTH_TYPE_PASSWORD) { 307 buf_putbyte(typebuf, ','); 308 } 309 } 310 311 if (ses.authstate.authtypes & AUTH_TYPE_PASSWORD) { 312 buf_putbytes(typebuf, AUTH_METHOD_PASSWORD, AUTH_METHOD_PASSWORD_LEN); 313 } 314 315 buf_setpos(typebuf, 0); 316 buf_putstring(ses.writepayload, buf_getptr(typebuf, typebuf->len), 317 typebuf->len); 318 319 TRACE(("auth fail: methods %d, '%s'", ses.authstate.authtypes, 320 buf_getptr(typebuf, typebuf->len))); 321 322 buf_free(typebuf); 323 324 buf_putbyte(ses.writepayload, partial ? 1 : 0); 325 encrypt_packet(); 326 327 if (incrfail) { 328 usleep(300000); /* XXX improve this */ 329 ses.authstate.failcount++; 330 } 331 332 if (ses.authstate.failcount >= MAX_AUTH_TRIES) { 333 char * userstr; 334 /* XXX - send disconnect ? */ 335 TRACE(("Max auth tries reached, exiting")) 336 337 if (ses.authstate.printableuser == NULL) { 338 userstr = "is invalid"; 339 } else { 340 userstr = ses.authstate.printableuser; 341 } 342 dropbear_exit("Max auth tries reached - user '%s' from %s", 343 userstr, svr_ses.addrstring); 344 } 345 346 TRACE(("leave send_msg_userauth_failure")) 347 } 348 349 /* Send a success message to the user, and set the "authdone" flag */ 350 void send_msg_userauth_success() { 351 352 TRACE(("enter send_msg_userauth_success")) 353 354 CHECKCLEARTOWRITE(); 355 356 buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_SUCCESS); 357 encrypt_packet(); 358 359 ses.authstate.authdone = 1; 360 ses.connecttimeout = 0; 361 362 363 if (ses.authstate.pw->pw_uid == 0) { 364 ses.allowprivport = 1; 365 } 366 367 /* Remove from the list of pre-auth sockets. Should be m_close(), since if 368 * we fail, we might end up leaking connection slots, and disallow new 369 * logins - a nasty situation. */ 370 m_close(svr_ses.childpipe); 371 372 TRACE(("leave send_msg_userauth_success")) 373 374 } 375
