1 /*
2 * Dropbear - a SSH2 server
3 *
4 * Copyright (c) 2002,2003 Matt Johnston
5 * All rights reserved.
6 *
7 * Permission is hereby granted, free of charge, to any person obtaining a copy
8 * of this software and associated documentation files (the "Software"), to deal
9 * in the Software without restriction, including without limitation the rights
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 * copies of the Software, and to permit persons to whom the Software is
12 * furnished to do so, subject to the following conditions:
13 *
14 * The above copyright notice and this permission notice shall be included in
15 * all copies or substantial portions of the Software.
16 *
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
20 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
23 * SOFTWARE. */
24
25 /* This file (auth.c) handles authentication requests, passing it to the
26 * particular type (auth-passwd, auth-pubkey). */
27
28 #include "includes.h"
29 #include "dbutil.h"
30 #include "session.h"
31 #include "buffer.h"
32 #include "ssh.h"
33 #include "packet.h"
34 #include "auth.h"
35 #include "runopts.h"
36
37 static void authclear();
38 static int checkusername(unsigned char *username, unsigned int userlen);
39 static void send_msg_userauth_banner();
40
41 /* initialise the first time for a session, resetting all parameters */
svr_authinitialise()42 void svr_authinitialise() {
43
44 ses.authstate.failcount = 0;
45 authclear();
46
47 }
48
49 /* Reset the auth state, but don't reset the failcount. This is for if the
50 * user decides to try with a different username etc, and is also invoked
51 * on initialisation */
authclear()52 static void authclear() {
53
54 memset(&ses.authstate, 0, sizeof(ses.authstate));
55 #ifdef ENABLE_SVR_PUBKEY_AUTH
56 ses.authstate.authtypes |= AUTH_TYPE_PUBKEY;
57 #endif
58 #if defined(ENABLE_SVR_PASSWORD_AUTH) || defined(ENABLE_SVR_PAM_AUTH)
59 if (!svr_opts.noauthpass) {
60 ses.authstate.authtypes |= AUTH_TYPE_PASSWORD;
61 }
62 #endif
63
64 }
65
66 /* Send a banner message if specified to the client. The client might
67 * ignore this, but possibly serves as a legal "no trespassing" sign */
send_msg_userauth_banner()68 static void send_msg_userauth_banner() {
69
70 TRACE(("enter send_msg_userauth_banner"))
71 if (svr_opts.banner == NULL) {
72 TRACE(("leave send_msg_userauth_banner: banner is NULL"))
73 return;
74 }
75
76 CHECKCLEARTOWRITE();
77
78 buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_BANNER);
79 buf_putstring(ses.writepayload, buf_getptr(svr_opts.banner,
80 svr_opts.banner->len), svr_opts.banner->len);
81 buf_putstring(ses.writepayload, "en", 2);
82
83 encrypt_packet();
84 buf_free(svr_opts.banner);
85 svr_opts.banner = NULL;
86
87 TRACE(("leave send_msg_userauth_banner"))
88 }
89
90 /* handle a userauth request, check validity, pass to password or pubkey
91 * checking, and handle success or failure */
recv_msg_userauth_request()92 void recv_msg_userauth_request() {
93
94 unsigned char *username = NULL, *servicename = NULL, *methodname = NULL;
95 unsigned int userlen, servicelen, methodlen;
96
97 TRACE(("enter recv_msg_userauth_request"))
98
99 /* ignore packets if auth is already done */
100 if (ses.authstate.authdone == 1) {
101 TRACE(("leave recv_msg_userauth_request: authdone already"))
102 return;
103 }
104
105 /* send the banner if it exists, it will only exist once */
106 if (svr_opts.banner) {
107 send_msg_userauth_banner();
108 }
109
110
111 username = buf_getstring(ses.payload, &userlen);
112 servicename = buf_getstring(ses.payload, &servicelen);
113 methodname = buf_getstring(ses.payload, &methodlen);
114
115 /* only handle 'ssh-connection' currently */
116 if (servicelen != SSH_SERVICE_CONNECTION_LEN
117 && (strncmp(servicename, SSH_SERVICE_CONNECTION,
118 SSH_SERVICE_CONNECTION_LEN) != 0)) {
119
120 /* TODO - disconnect here */
121 m_free(username);
122 m_free(servicename);
123 m_free(methodname);
124 dropbear_exit("unknown service in auth");
125 }
126
127 /* user wants to know what methods are supported */
128 if (methodlen == AUTH_METHOD_NONE_LEN &&
129 strncmp(methodname, AUTH_METHOD_NONE,
130 AUTH_METHOD_NONE_LEN) == 0) {
131 TRACE(("recv_msg_userauth_request: 'none' request"))
132 send_msg_userauth_failure(0, 0);
133 goto out;
134 }
135
136 /* check username is good before continuing */
137 if (checkusername(username, userlen) == DROPBEAR_FAILURE) {
138 /* username is invalid/no shell/etc - send failure */
139 TRACE(("sending checkusername failure"))
140 send_msg_userauth_failure(0, 1);
141 goto out;
142 }
143
144 #ifdef ENABLE_SVR_PASSWORD_AUTH
145 if (!svr_opts.noauthpass &&
146 !(svr_opts.norootpass && ses.authstate.pw->pw_uid == 0) ) {
147 /* user wants to try password auth */
148 if (methodlen == AUTH_METHOD_PASSWORD_LEN &&
149 strncmp(methodname, AUTH_METHOD_PASSWORD,
150 AUTH_METHOD_PASSWORD_LEN) == 0) {
151 svr_auth_password();
152 goto out;
153 }
154 }
155 #endif
156
157 #ifdef ENABLE_SVR_PAM_AUTH
158 if (!svr_opts.noauthpass &&
159 !(svr_opts.norootpass && ses.authstate.pw->pw_uid == 0) ) {
160 /* user wants to try password auth */
161 if (methodlen == AUTH_METHOD_PASSWORD_LEN &&
162 strncmp(methodname, AUTH_METHOD_PASSWORD,
163 AUTH_METHOD_PASSWORD_LEN) == 0) {
164 svr_auth_pam();
165 goto out;
166 }
167 }
168 #endif
169
170 #ifdef ENABLE_SVR_PUBKEY_AUTH
171 /* user wants to try pubkey auth */
172 if (methodlen == AUTH_METHOD_PUBKEY_LEN &&
173 strncmp(methodname, AUTH_METHOD_PUBKEY,
174 AUTH_METHOD_PUBKEY_LEN) == 0) {
175 svr_auth_pubkey();
176 goto out;
177 }
178 #endif
179
180 /* nothing matched, we just fail */
181 send_msg_userauth_failure(0, 1);
182
183 out:
184
185 m_free(username);
186 m_free(servicename);
187 m_free(methodname);
188 }
189
190 /* Check that the username exists, has a non-empty password, and has a valid
191 * shell.
192 * returns DROPBEAR_SUCCESS on valid username, DROPBEAR_FAILURE on failure */
checkusername(unsigned char * username,unsigned int userlen)193 static int checkusername(unsigned char *username, unsigned int userlen) {
194
195 char* listshell = NULL;
196 char* usershell = NULL;
197
198 TRACE(("enter checkusername"))
199 if (userlen > MAX_USERNAME_LEN) {
200 return DROPBEAR_FAILURE;
201 }
202
203 /* new user or username has changed */
204 if (ses.authstate.username == NULL ||
205 strcmp(username, ses.authstate.username) != 0) {
206 /* the username needs resetting */
207 if (ses.authstate.username != NULL) {
208 dropbear_log(LOG_WARNING, "client trying multiple usernames from %s",
209 svr_ses.addrstring);
210 m_free(ses.authstate.username);
211 }
212 authclear();
213 ses.authstate.pw = getpwnam((char*)username);
214 ses.authstate.username = m_strdup(username);
215 m_free(ses.authstate.printableuser);
216 }
217
218 /* check that user exists */
219 if (ses.authstate.pw == NULL) {
220 TRACE(("leave checkusername: user '%s' doesn't exist", username))
221 dropbear_log(LOG_WARNING,
222 "login attempt for nonexistent user from %s",
223 svr_ses.addrstring);
224 send_msg_userauth_failure(0, 1);
225 return DROPBEAR_FAILURE;
226 }
227
228 /* We can set it once we know its a real user */
229 ses.authstate.printableuser = m_strdup(ses.authstate.pw->pw_name);
230
231 /* check for non-root if desired */
232 if (svr_opts.norootlogin && ses.authstate.pw->pw_uid == 0) {
233 TRACE(("leave checkusername: root login disabled"))
234 dropbear_log(LOG_WARNING, "root login rejected");
235 send_msg_userauth_failure(0, 1);
236 return DROPBEAR_FAILURE;
237 }
238
239 /* check for an empty password */
240 if (ses.authstate.pw->pw_passwd[0] == '\0') {
241 TRACE(("leave checkusername: empty pword"))
242 dropbear_log(LOG_WARNING, "user '%s' has blank password, rejected",
243 ses.authstate.printableuser);
244 send_msg_userauth_failure(0, 1);
245 return DROPBEAR_FAILURE;
246 }
247
248 TRACE(("shell is %s", ses.authstate.pw->pw_shell))
249
250 /* check that the shell is set */
251 usershell = ses.authstate.pw->pw_shell;
252 if (usershell[0] == '\0') {
253 /* empty shell in /etc/passwd means /bin/sh according to passwd(5) */
254 usershell = "/bin/sh";
255 }
256
257 /* check the shell is valid. If /etc/shells doesn't exist, getusershell()
258 * should return some standard shells like "/bin/sh" and "/bin/csh" (this
259 * is platform-specific) */
260 setusershell();
261 while ((listshell = getusershell()) != NULL) {
262 TRACE(("test shell is '%s'", listshell))
263 if (strcmp(listshell, usershell) == 0) {
264 /* have a match */
265 goto goodshell;
266 }
267 }
268 /* no matching shell */
269 endusershell();
270 TRACE(("no matching shell"))
271 dropbear_log(LOG_WARNING, "user '%s' has invalid shell, rejected",
272 ses.authstate.printableuser);
273 send_msg_userauth_failure(0, 1);
274 return DROPBEAR_FAILURE;
275
276 goodshell:
277 endusershell();
278 TRACE(("matching shell"))
279
280 TRACE(("uid = %d", ses.authstate.pw->pw_uid))
281 TRACE(("leave checkusername"))
282 return DROPBEAR_SUCCESS;
283
284 }
285
286 /* Send a failure message to the client, in responds to a userauth_request.
287 * Partial indicates whether to set the "partial success" flag,
288 * incrfail is whether to count this failure in the failure count (which
289 * is limited. This function also handles disconnection after too many
290 * failures */
send_msg_userauth_failure(int partial,int incrfail)291 void send_msg_userauth_failure(int partial, int incrfail) {
292
293 buffer *typebuf = NULL;
294
295 TRACE(("enter send_msg_userauth_failure"))
296
297 CHECKCLEARTOWRITE();
298
299 buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_FAILURE);
300
301 /* put a list of allowed types */
302 typebuf = buf_new(30); /* long enough for PUBKEY and PASSWORD */
303
304 if (ses.authstate.authtypes & AUTH_TYPE_PUBKEY) {
305 buf_putbytes(typebuf, AUTH_METHOD_PUBKEY, AUTH_METHOD_PUBKEY_LEN);
306 if (ses.authstate.authtypes & AUTH_TYPE_PASSWORD) {
307 buf_putbyte(typebuf, ',');
308 }
309 }
310
311 if (ses.authstate.authtypes & AUTH_TYPE_PASSWORD) {
312 buf_putbytes(typebuf, AUTH_METHOD_PASSWORD, AUTH_METHOD_PASSWORD_LEN);
313 }
314
315 buf_setpos(typebuf, 0);
316 buf_putstring(ses.writepayload, buf_getptr(typebuf, typebuf->len),
317 typebuf->len);
318
319 TRACE(("auth fail: methods %d, '%s'", ses.authstate.authtypes,
320 buf_getptr(typebuf, typebuf->len)));
321
322 buf_free(typebuf);
323
324 buf_putbyte(ses.writepayload, partial ? 1 : 0);
325 encrypt_packet();
326
327 if (incrfail) {
328 usleep(300000); /* XXX improve this */
329 ses.authstate.failcount++;
330 }
331
332 if (ses.authstate.failcount >= MAX_AUTH_TRIES) {
333 char * userstr;
334 /* XXX - send disconnect ? */
335 TRACE(("Max auth tries reached, exiting"))
336
337 if (ses.authstate.printableuser == NULL) {
338 userstr = "is invalid";
339 } else {
340 userstr = ses.authstate.printableuser;
341 }
342 dropbear_exit("Max auth tries reached - user '%s' from %s",
343 userstr, svr_ses.addrstring);
344 }
345
346 TRACE(("leave send_msg_userauth_failure"))
347 }
348
349 /* Send a success message to the user, and set the "authdone" flag */
send_msg_userauth_success()350 void send_msg_userauth_success() {
351
352 TRACE(("enter send_msg_userauth_success"))
353
354 CHECKCLEARTOWRITE();
355
356 buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_SUCCESS);
357 encrypt_packet();
358
359 ses.authstate.authdone = 1;
360 ses.connecttimeout = 0;
361
362
363 if (ses.authstate.pw->pw_uid == 0) {
364 ses.allowprivport = 1;
365 }
366
367 /* Remove from the list of pre-auth sockets. Should be m_close(), since if
368 * we fail, we might end up leaking connection slots, and disallow new
369 * logins - a nasty situation. */
370 m_close(svr_ses.childpipe);
371
372 TRACE(("leave send_msg_userauth_success"))
373
374 }
375