84 IN_BUFFER( userNameLength )
const char *userName,
91 assert(
isReadPtr( userName, userNameLength ) );
96 status = openPacketStreamSSH( &stream, sessionInfoPtr,
100 writeString32( &stream, userName, userNameLength );
101 writeString32( &stream,
"ssh-connection", 14 );
102 status = writeString32( &stream,
"none", 4 );
104 status = wrapPacketSSH2( sessionInfoPtr, &stream, 0,
FALSE,
TRUE );
106 status = sendPacketSSH2( sessionInfoPtr, &stream,
TRUE );
107 sMemDisconnect( &stream );
174 sMemConnect( &stream, sessionInfoPtr->receiveBuffer, length );
177 status = readAlgoString( &stream, algoStringUserauthentPWTbl,
184 status = readAlgoString( &stream, algoStringUserauthentPKCTbl,
189 sMemDisconnect( &stream );
200 "Remote system supports neither password nor "
201 "public-key authentication" ) );
217 !memcmp( sessionInfoPtr->receiveBuffer,
238 return( processPamAuthentication( sessionInfoPtr ) );
258 "Server requested password authentication but only a "
259 "public/private key was available" ) );
264 "Server reported: Invalid public-key authentication" ) );
275 "Server requested public-key authentication but only a "
276 "password was available" ) );
281 "Server reported: Invalid password" ) );
287 static
int createPubkeyAuth(
const SESSION_INFO *sessionInfoPtr,
293 void *sigDataPtr, *packetDataPtr;
330 writeString32( stream, userNamePtr->value, userNamePtr->
valueLength );
331 writeString32( stream,
"ssh-connection", 14 );
332 writeString32( stream,
"publickey", 9 );
334 status = writeAlgoString( stream, pkcAlgo );
337 status = exportAttributeToStream( stream, sessionInfoPtr->
privateKey,
338 CRYPT_IATTRIBUTE_KEY_SSH );
341 status = streamBookmarkComplete( stream, &packetDataPtr,
342 &packetDataLength, packetDataLength );
367 handshakeInfo->sessionID,
372 packetDataPtr, packetDataLength );
386 sigOffset = stell( stream );
387 status = sMemGetDataBlockRemaining( stream, &sigDataPtr, &sigDataLength );
390 status = iCryptCreateSignature( sigDataPtr,
392 &sigLength, CRYPT_IFORMAT_SSH,
397 status = sSkip( stream, sigLength );
412 int sigSize,
keySize, delta, i;
424 sseek( stream, sigOffset );
425 readUint32( stream );
426 readUniversal32( stream );
430 if( sigSize >= keySize )
452 delta = keySize - sigSize;
453 if( sigLength + delta > sigDataLength )
455 sseek( stream, sigOffset );
458 writeString32( stream,
"ssh-rsa", 7 );
459 writeUint32( stream, keySize );
460 for( i = 0; i < delta; i++ )
462 return( swrite( stream, sigDataBuffer, sigSize ) );
479 const void *pamRequestData,
483 findSessionInfo( sessionInfoPtr->attributeList,
488 int nameLength, promptLength = -1, noPrompts = -1;
489 int i, iterationCount,
status;
492 assert(
isReadPtr( pamRequestData, pamRequestDataLength ) );
494 REQUIRES( pamRequestDataLength > 0 && \
521 sMemConnect( &stream, pamRequestData, pamRequestDataLength );
526 readUniversal32( &stream );
527 readUniversal32( &stream );
528 status = noPrompts = readUint32( &stream );
532 if( noPrompts <= 0 || noPrompts > 4 )
541 status = readString32( &stream, promptBuffer,
543 sMemDisconnect( &stream );
548 "Invalid PAM authentication request packet" ) );
555 if( promptLength < 8 ||
strCompare( promptBuffer,
"Password", 8 ) )
564 "Server requested unknown PAM authentication type '%s'",
565 ( nameLength > 0 ) ? \
587 status = openPacketStreamSSH( &stream, sessionInfoPtr,
591 status = writeUint32( &stream, noPrompts );
592 for( i = 0, iterationCount = 0;
595 i++, iterationCount++ )
597 status = writeString32( &stream, passwordPtr->value,
600 ENSURES( iterationCount < FAILSAFE_ITERATIONS_MED );
602 status = sendPacketSSH2( sessionInfoPtr, &stream,
FALSE );
603 sMemDisconnect( &stream );
614 findSessionInfo( sessionInfoPtr->attributeList,
639 status = openPacketStreamSSH( &stream, sessionInfoPtr,
643 writeString32( &stream, userNamePtr->value, userNamePtr->
valueLength );
644 writeString32( &stream,
"ssh-connection", 14 );
645 writeString32( &stream,
"keyboard-interactive", 20 );
646 writeUint32( &stream, 0 );
651 status = writeUint32( &stream, 0 );
654 status = writeString32( &stream,
"password", 8 );
656 status = sendPacketSSH2( sessionInfoPtr, &stream,
FALSE );
657 sMemDisconnect( &stream );
665 for( pamIteration = 0; pamIteration < 5; pamIteration++ )
684 type = sessionInfoPtr->sessionSSH->packetType;
700 if( pamIteration <= 0 )
704 memcpy( userNameBuffer, userNamePtr->value,
708 "Server reported: Invalid user name '%s'",
709 sanitiseString( userNameBuffer,
716 return( reportAuthFailure( sessionInfoPtr, length,
TRUE ) );
723 status = pamAuthenticate( sessionInfoPtr,
724 sessionInfoPtr->receiveBuffer, length );
731 "Too many
iterations of negotiation during PAM "
732 "authentication" ) );
748 findSessionInfo( sessionInfoPtr->attributeList,
751 findSessionInfo( sessionInfoPtr->attributeList,
768 status = sendDummyAuth( sessionInfoPtr, userNamePtr->value,
794 status = openPacketStreamSSH( &stream, sessionInfoPtr,
798 if( passwordPtr != NULL )
806 writeString32( &stream, userNamePtr->value,
808 writeString32( &stream,
"ssh-connection", 14 );
809 writeString32( &stream,
"password", 8 );
811 status = writeString32( &stream, passwordPtr->value,
816 status = createPubkeyAuth( sessionInfoPtr, handshakeInfo, &stream,
821 sMemDisconnect( &stream );
826 status = wrapPacketSSH2( sessionInfoPtr, &stream, 0,
TRUE,
TRUE );
828 status = sendPacketSSH2( sessionInfoPtr, &stream,
TRUE );
829 sMemDisconnect( &stream );
851 status = reportAuthFailure( sessionInfoPtr, length,
FALSE );
870 status = sendDummyAuth( sessionInfoPtr, userNamePtr->value,