11305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood/* $OpenBSD: auth-skey.c,v 1.27 2007/01/21 01:41:54 stevesk Exp $ */
21305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood/*
31305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * Copyright (c) 2001 Markus Friedl.  All rights reserved.
41305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood *
51305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * Redistribution and use in source and binary forms, with or without
61305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * modification, are permitted provided that the following conditions
71305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * are met:
81305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * 1. Redistributions of source code must retain the above copyright
91305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood *    notice, this list of conditions and the following disclaimer.
101305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * 2. Redistributions in binary form must reproduce the above copyright
111305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood *    notice, this list of conditions and the following disclaimer in the
121305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood *    documentation and/or other materials provided with the distribution.
131305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood *
141305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
151305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
161305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
171305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
181305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
191305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
201305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
211305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
221305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
231305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
241305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood */
251305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood
261305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include "includes.h"
271305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood
281305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#ifdef SKEY
291305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood
301305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include <sys/types.h>
311305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood
321305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include <pwd.h>
331305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include <stdio.h>
341305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood
351305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include <skey.h>
361305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood
371305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include "xmalloc.h"
381305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include "key.h"
391305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include "hostfile.h"
401305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include "auth.h"
411305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include "ssh-gss.h"
421305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include "log.h"
431305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include "monitor_wrap.h"
441305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood
451305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodstatic void *
461305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodskey_init_ctx(Authctxt *authctxt)
471305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood{
481305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood	return authctxt;
491305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood}
501305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood
511305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodint
521305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodskey_query(void *ctx, char **name, char **infotxt,
531305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood    u_int* numprompts, char ***prompts, u_int **echo_on)
541305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood{
551305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood	Authctxt *authctxt = ctx;
561305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood	char challenge[1024];
571305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood	struct skey skey;
581305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood
591305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood	if (_compat_skeychallenge(&skey, authctxt->user, challenge,
601305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood	    sizeof(challenge)) == -1)
611305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood		return -1;
621305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood
631305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood	*name = xstrdup("");
641305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood	*infotxt = xstrdup("");
651305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood	*numprompts = 1;
661305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood	*prompts = xcalloc(*numprompts, sizeof(char *));
671305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood	*echo_on = xcalloc(*numprompts, sizeof(u_int));
681305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood
691305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood	xasprintf(*prompts, "%s%s", challenge, SKEY_PROMPT);
701305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood
711305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood	return 0;
721305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood}
731305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood
741305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodint
751305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodskey_respond(void *ctx, u_int numresponses, char **responses)
761305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood{
771305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood	Authctxt *authctxt = ctx;
781305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood
791305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood	if (authctxt->valid &&
801305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood	    numresponses == 1 &&
811305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood	    skey_haskey(authctxt->pw->pw_name) == 0 &&
821305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood	    skey_passcheck(authctxt->pw->pw_name, responses[0]) != -1)
831305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood	    return 0;
841305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood	return -1;
851305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood}
861305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood
871305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodstatic void
881305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodskey_free_ctx(void *ctx)
891305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood{
901305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood	/* we don't have a special context */
911305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood}
921305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood
931305e95ba6ff9fa202d0818caf10405df4b0f648Mike LockwoodKbdintDevice skey_device = {
941305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood	"skey",
951305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood	skey_init_ctx,
961305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood	skey_query,
971305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood	skey_respond,
981305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood	skey_free_ctx
991305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood};
1001305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood
1011305e95ba6ff9fa202d0818caf10405df4b0f648Mike LockwoodKbdintDevice mm_skey_device = {
1021305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood	"skey",
1031305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood	skey_init_ctx,
1041305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood	mm_skey_query,
1051305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood	mm_skey_respond,
1061305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood	skey_free_ctx
1071305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood};
1081305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#endif /* SKEY */
109