1 files changed, 374 insertions, 0 deletions
diff --git a/svr-auth.c b/svr-auth.c
new file mode 100644
index 0000000..d0eba9b
--- /dev/null
+++ b/svr-auth.c
@@ -0,0 +1,374 @@
+/*
+ * Dropbear - a SSH2 server
+ * 
+ * Copyright (c) 2002,2003 Matt Johnston
+ * All rights reserved.
+ * 
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ * 
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE. */
+
+/* This file (auth.c) handles authentication requests, passing it to the
+ * particular type (auth-passwd, auth-pubkey). */
+
+#include "includes.h"
+#include "dbutil.h"
+#include "session.h"
+#include "buffer.h"
+#include "ssh.h"
+#include "packet.h"
+#include "auth.h"
+#include "runopts.h"
+
+static void authclear();
+static int checkusername(unsigned char *username, unsigned int userlen);
+static void send_msg_userauth_banner();
+
+/* initialise the first time for a session, resetting all parameters */
+void svr_authinitialise() {
+
+	ses.authstate.failcount = 0;
+	authclear();
+	
+}
+
+/* Reset the auth state, but don't reset the failcount. This is for if the
+ * user decides to try with a different username etc, and is also invoked
+ * on initialisation */
+static void authclear() {
+	
+	memset(&ses.authstate, 0, sizeof(ses.authstate));
+#ifdef ENABLE_SVR_PUBKEY_AUTH
+	ses.authstate.authtypes |= AUTH_TYPE_PUBKEY;
+#endif
+#if defined(ENABLE_SVR_PASSWORD_AUTH) || defined(ENABLE_SVR_PAM_AUTH)
+	if (!svr_opts.noauthpass) {
+		ses.authstate.authtypes |= AUTH_TYPE_PASSWORD;
+	}
+#endif
+
+}
+
+/* Send a banner message if specified to the client. The client might
+ * ignore this, but possibly serves as a legal "no trespassing" sign */
+static void send_msg_userauth_banner() {
+
+	TRACE(("enter send_msg_userauth_banner"))
+	if (svr_opts.banner == NULL) {
+		TRACE(("leave send_msg_userauth_banner: banner is NULL"))
+		return;
+	}
+
+	CHECKCLEARTOWRITE();
+
+	buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_BANNER);
+	buf_putstring(ses.writepayload, buf_getptr(svr_opts.banner,
+				svr_opts.banner->len), svr_opts.banner->len);
+	buf_putstring(ses.writepayload, "en", 2);
+
+	encrypt_packet();
+	buf_free(svr_opts.banner);
+	svr_opts.banner = NULL;
+
+	TRACE(("leave send_msg_userauth_banner"))
+}
+
+/* handle a userauth request, check validity, pass to password or pubkey
+ * checking, and handle success or failure */
+void recv_msg_userauth_request() {
+
+	unsigned char *username = NULL, *servicename = NULL, *methodname = NULL;
+	unsigned int userlen, servicelen, methodlen;
+
+	TRACE(("enter recv_msg_userauth_request"))
+
+	/* ignore packets if auth is already done */
+	if (ses.authstate.authdone == 1) {
+		TRACE(("leave recv_msg_userauth_request: authdone already"))
+		return;
+	}
+
+	/* send the banner if it exists, it will only exist once */
+	if (svr_opts.banner) {
+		send_msg_userauth_banner();
+	}
+
+	
+	username = buf_getstring(ses.payload, &userlen);
+	servicename = buf_getstring(ses.payload, &servicelen);
+	methodname = buf_getstring(ses.payload, &methodlen);
+
+	/* only handle 'ssh-connection' currently */
+	if (servicelen != SSH_SERVICE_CONNECTION_LEN
+			&& (strncmp(servicename, SSH_SERVICE_CONNECTION,
+					SSH_SERVICE_CONNECTION_LEN) != 0)) {
+		
+		/* TODO - disconnect here */
+		m_free(username);
+		m_free(servicename);
+		m_free(methodname);
+		dropbear_exit("unknown service in auth");
+	}
+
+	/* user wants to know what methods are supported */
+	if (methodlen == AUTH_METHOD_NONE_LEN &&
+			strncmp(methodname, AUTH_METHOD_NONE,
+				AUTH_METHOD_NONE_LEN) == 0) {
+		TRACE(("recv_msg_userauth_request: 'none' request"))
+		send_msg_userauth_failure(0, 0);
+		goto out;
+	}
+	
+	/* check username is good before continuing */
+	if (checkusername(username, userlen) == DROPBEAR_FAILURE) {
+		/* username is invalid/no shell/etc - send failure */
+		TRACE(("sending checkusername failure"))
+		send_msg_userauth_failure(0, 1);
+		goto out;
+	}
+
+#ifdef ENABLE_SVR_PASSWORD_AUTH
+	if (!svr_opts.noauthpass &&
+			!(svr_opts.norootpass && ses.authstate.pw->pw_uid == 0) ) {
+		/* user wants to try password auth */
+		if (methodlen == AUTH_METHOD_PASSWORD_LEN &&
+				strncmp(methodname, AUTH_METHOD_PASSWORD,
+					AUTH_METHOD_PASSWORD_LEN) == 0) {
+			svr_auth_password();
+			goto out;
+		}
+	}
+#endif
+
+#ifdef ENABLE_SVR_PAM_AUTH
+	if (!svr_opts.noauthpass &&
+			!(svr_opts.norootpass && ses.authstate.pw->pw_uid == 0) ) {
+		/* user wants to try password auth */
+		if (methodlen == AUTH_METHOD_PASSWORD_LEN &&
+				strncmp(methodname, AUTH_METHOD_PASSWORD,
+					AUTH_METHOD_PASSWORD_LEN) == 0) {
+			svr_auth_pam();
+			goto out;
+		}
+	}
+#endif
+
+#ifdef ENABLE_SVR_PUBKEY_AUTH
+	/* user wants to try pubkey auth */
+	if (methodlen == AUTH_METHOD_PUBKEY_LEN &&
+			strncmp(methodname, AUTH_METHOD_PUBKEY,
+				AUTH_METHOD_PUBKEY_LEN) == 0) {
+		svr_auth_pubkey();
+		goto out;
+	}
+#endif
+
+	/* nothing matched, we just fail */
+	send_msg_userauth_failure(0, 1);
+
+out:
+
+	m_free(username);
+	m_free(servicename);
+	m_free(methodname);
+}
+
+/* Check that the username exists, has a non-empty password, and has a valid
+ * shell.
+ * returns DROPBEAR_SUCCESS on valid username, DROPBEAR_FAILURE on failure */
+static int checkusername(unsigned char *username, unsigned int userlen) {
+
+	char* listshell = NULL;
+	char* usershell = NULL;
+	
+	TRACE(("enter checkusername"))
+	if (userlen > MAX_USERNAME_LEN) {
+		return DROPBEAR_FAILURE;
+	}
+
+	/* new user or username has changed */
+	if (ses.authstate.username == NULL ||
+		strcmp(username, ses.authstate.username) != 0) {
+			/* the username needs resetting */
+			if (ses.authstate.username != NULL) {
+				dropbear_log(LOG_WARNING, "client trying multiple usernames from %s",
+							svr_ses.addrstring);
+				m_free(ses.authstate.username);
+			}
+			authclear();
+			ses.authstate.pw = getpwnam((char*)username);
+			ses.authstate.username = m_strdup(username);
+			m_free(ses.authstate.printableuser);
+	}
+
+	/* check that user exists */
+	if (ses.authstate.pw == NULL) {
+		TRACE(("leave checkusername: user '%s' doesn't exist", username))
+		dropbear_log(LOG_WARNING,
+				"login attempt for nonexistent user from %s",
+				svr_ses.addrstring);
+		send_msg_userauth_failure(0, 1);
+		return DROPBEAR_FAILURE;
+	}
+
+	/* We can set it once we know its a real user */
+	ses.authstate.printableuser = m_strdup(ses.authstate.pw->pw_name);
+
+	/* check for non-root if desired */
+	if (svr_opts.norootlogin && ses.authstate.pw->pw_uid == 0) {
+		TRACE(("leave checkusername: root login disabled"))
+		dropbear_log(LOG_WARNING, "root login rejected");
+		send_msg_userauth_failure(0, 1);
+		return DROPBEAR_FAILURE;
+	}
+
+	/* check for an empty password */
+	if (ses.authstate.pw->pw_passwd[0] == '\0') {
+		TRACE(("leave checkusername: empty pword"))
+		dropbear_log(LOG_WARNING, "user '%s' has blank password, rejected",
+				ses.authstate.printableuser);
+		send_msg_userauth_failure(0, 1);
+		return DROPBEAR_FAILURE;
+	}
+
+	TRACE(("shell is %s", ses.authstate.pw->pw_shell))
+
+	/* check that the shell is set */
+	usershell = ses.authstate.pw->pw_shell;
+	if (usershell[0] == '\0') {
+		/* empty shell in /etc/passwd means /bin/sh according to passwd(5) */
+		usershell = "/bin/sh";
+	}
+
+	/* check the shell is valid. If /etc/shells doesn't exist, getusershell()
+	 * should return some standard shells like "/bin/sh" and "/bin/csh" (this
+	 * is platform-specific) */
+	setusershell();
+	while ((listshell = getusershell()) != NULL) {
+		TRACE(("test shell is '%s'", listshell))
+		if (strcmp(listshell, usershell) == 0) {
+			/* have a match */
+			goto goodshell;
+		}
+	}
+	/* no matching shell */
+	endusershell();
+	TRACE(("no matching shell"))
+	dropbear_log(LOG_WARNING, "user '%s' has invalid shell, rejected",
+				ses.authstate.printableuser);
+	send_msg_userauth_failure(0, 1);
+	return DROPBEAR_FAILURE;
+	
+goodshell:
+	endusershell();
+	TRACE(("matching shell"))
+
+	TRACE(("uid = %d", ses.authstate.pw->pw_uid))
+	TRACE(("leave checkusername"))
+	return DROPBEAR_SUCCESS;
+
+}
+
+/* Send a failure message to the client, in responds to a userauth_request.
+ * Partial indicates whether to set the "partial success" flag,
+ * incrfail is whether to count this failure in the failure count (which
+ * is limited. This function also handles disconnection after too many
+ * failures */
+void send_msg_userauth_failure(int partial, int incrfail) {
+
+	buffer *typebuf = NULL;
+
+	TRACE(("enter send_msg_userauth_failure"))
+
+	CHECKCLEARTOWRITE();
+	
+	buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_FAILURE);
+
+	/* put a list of allowed types */
+	typebuf = buf_new(30); /* long enough for PUBKEY and PASSWORD */
+
+	if (ses.authstate.authtypes & AUTH_TYPE_PUBKEY) {
+		buf_putbytes(typebuf, AUTH_METHOD_PUBKEY, AUTH_METHOD_PUBKEY_LEN);
+		if (ses.authstate.authtypes & AUTH_TYPE_PASSWORD) {
+			buf_putbyte(typebuf, ',');
+		}
+	}
+	
+	if (ses.authstate.authtypes & AUTH_TYPE_PASSWORD) {
+		buf_putbytes(typebuf, AUTH_METHOD_PASSWORD, AUTH_METHOD_PASSWORD_LEN);
+	}
+
+	buf_setpos(typebuf, 0);
+	buf_putstring(ses.writepayload, buf_getptr(typebuf, typebuf->len),
+			typebuf->len);
+
+	TRACE(("auth fail: methods %d, '%s'", ses.authstate.authtypes,
+				buf_getptr(typebuf, typebuf->len)));
+
+	buf_free(typebuf);
+
+	buf_putbyte(ses.writepayload, partial ? 1 : 0);
+	encrypt_packet();
+
+	if (incrfail) {
+		usleep(300000); /* XXX improve this */
+		ses.authstate.failcount++;
+	}
+
+	if (ses.authstate.failcount >= MAX_AUTH_TRIES) {
+		char * userstr;
+		/* XXX - send disconnect ? */
+		TRACE(("Max auth tries reached, exiting"))
+
+		if (ses.authstate.printableuser == NULL) {
+			userstr = "is invalid";
+		} else {
+			userstr = ses.authstate.printableuser;
+		}
+		dropbear_exit("Max auth tries reached - user '%s' from %s",
+				userstr, svr_ses.addrstring);
+	}
+	
+	TRACE(("leave send_msg_userauth_failure"))
+}
+
+/* Send a success message to the user, and set the "authdone" flag */
+void send_msg_userauth_success() {
+
+	TRACE(("enter send_msg_userauth_success"))
+
+	CHECKCLEARTOWRITE();
+
+	buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_SUCCESS);
+	encrypt_packet();
+
+	ses.authstate.authdone = 1;
+	ses.connecttimeout = 0;
+
+
+	if (ses.authstate.pw->pw_uid == 0) {
+		ses.allowprivport = 1;
+	}
+
+	/* Remove from the list of pre-auth sockets. Should be m_close(), since if
+	 * we fail, we might end up leaking connection slots, and disallow new
+	 * logins - a nasty situation. */							
+	m_close(svr_ses.childpipe);
+
+	TRACE(("leave send_msg_userauth_success"))
+
+}