/src/dropbear/auth.h

Source (jump to first uncovered line)
/*
 * Dropbear - a SSH2 server
 * 
 * Copyright (c) 2002,2003 Matt Johnston
 * All rights reserved.
 * 
 * Permission is hereby granted, free of charge, to any person obtaining a copy
 * of this software and associated documentation files (the "Software"), to deal
 * in the Software without restriction, including without limitation the rights
 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 * copies of the Software, and to permit persons to whom the Software is
 * furnished to do so, subject to the following conditions:
 * 
 * The above copyright notice and this permission notice shall be included in
 * all copies or substantial portions of the Software.
 * 
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 * SOFTWARE. */

#ifndef DROPBEAR_AUTH_H_
#define DROPBEAR_AUTH_H_

#include "includes.h"
#include "signkey.h"
#include "chansession.h"
#include "list.h"

void svr_authinitialise(void);

/* Server functions */
void recv_msg_userauth_request(void);
void send_msg_userauth_failure(int partial, int incrfail);
void send_msg_userauth_success(void);
void send_msg_userauth_banner(const buffer *msg);
void svr_auth_password(int valid_user);
void svr_auth_pubkey(int valid_user);
void svr_auth_pam(int valid_user);

#if DROPBEAR_SVR_PUBKEY_OPTIONS_BUILT
int svr_pubkey_allows_agentfwd(void);
int svr_pubkey_allows_tcpfwd(void);
int svr_pubkey_allows_x11fwd(void);
int svr_pubkey_allows_pty(void);
int svr_pubkey_allows_local_tcpfwd(const char *host, unsigned int port);
void svr_pubkey_set_forced_command(struct ChanSess *chansess);
void svr_pubkey_options_cleanup(void);
int svr_add_pubkey_options(buffer *options_buf, int line_num, const char* filename);
#else
/* no option : success */
#define svr_pubkey_allows_agentfwd() 1
#define svr_pubkey_allows_tcpfwd() 1
#define svr_pubkey_allows_x11fwd() 1
#define svr_pubkey_allows_pty() 1
static inline int svr_pubkey_allows_local_tcpfwd(const char *host, unsigned int port)
  { (void)host; (void)port; return 1; }

static inline void svr_pubkey_set_forced_command(struct ChanSess *chansess) { }
static inline void svr_pubkey_options_cleanup(void) { }
#define svr_add_pubkey_options(x,y,z) DROPBEAR_SUCCESS
#endif

/* Client functions */
void recv_msg_userauth_failure(void);
void recv_msg_userauth_success(void);
void recv_msg_userauth_specific_60(void);
void recv_msg_userauth_pk_ok(void);
void recv_msg_userauth_info_request(void);
void cli_get_user(void);
void cli_auth_getmethods(void);
int cli_auth_try(void);
void recv_msg_userauth_banner(void);
void cli_pubkeyfail(void);
void cli_auth_password(void);
int cli_auth_pubkey(void);
void cli_auth_interactive(void);
char* getpass_or_cancel(const char* prompt);
void cli_auth_pubkey_cleanup(void);


#define MAX_USERNAME_LEN 100 /* arbitrary for the moment */

#define AUTH_TYPE_NONE      1
#define AUTH_TYPE_PUBKEY    (1 << 1)
#define AUTH_TYPE_PASSWORD  (1 << 2)
#define AUTH_TYPE_INTERACT  (1 << 3)

#define AUTH_METHOD_NONE "none"
#define AUTH_METHOD_NONE_LEN 4
#define AUTH_METHOD_PUBKEY "publickey"
#define AUTH_METHOD_PUBKEY_LEN 9
#define AUTH_METHOD_PASSWORD "password"
#define AUTH_METHOD_PASSWORD_LEN 8
#define AUTH_METHOD_INTERACT "keyboard-interactive"
#define AUTH_METHOD_INTERACT_LEN 20

#define PUBKEY_OPTIONS_ANY_PORT UINT_MAX


/* This structure is shared between server and client - it contains
 * relatively little extraneous bits when used for the client rather than the
 * server */
struct AuthState {
  char *username; /* This is the username the client presents to check. It
             is updated each run through, used for auth checking */
  unsigned char authtypes; /* Flags indicating which auth types are still 
                valid */
  unsigned int failcount; /* Number of (failed) authentication attempts.*/
  unsigned int authdone; /* 0 if we haven't authed, 1 if we have. Applies for
                client and server (though has differing 
                meanings). */

  unsigned int perm_warn; /* Server only, set if bad permissions on 
                 ~/.ssh/authorized_keys have already been
                 logged. */
  unsigned int checkusername_failed;  /* Server only, set if checkusername
                                  has already failed */
  struct timespec auth_starttime; /* Server only, time of receiving current 
                  SSH_MSG_USERAUTH_REQUEST */

  /* These are only used for the server */
  uid_t pw_uid;
  gid_t pw_gid;
  char *pw_dir;
  char *pw_shell;
  char *pw_name;
  char *pw_passwd;
#if DROPBEAR_SVR_PUBKEY_OPTIONS_BUILT
  struct PubKeyOptions* pubkey_options;
  char *pubkey_info;
#endif
};

#if DROPBEAR_SVR_PUBKEY_OPTIONS_BUILT
struct PubKeyOptions;
struct PubKeyOptions {
  /* Flags */
  int no_port_forwarding_flag;
  int no_agent_forwarding_flag;
  int no_x11_forwarding_flag;
  int no_pty_flag;
  /* "command=" option. */
  char * forced_command;
  /* "permitopen=" option */
  m_list *permit_open_destinations;
  
#if DROPBEAR_SK_ECDSA || DROPBEAR_SK_ED25519
  int no_touch_required_flag;
  int verify_required_flag;
#endif
};

struct PermitTCPFwdEntry {
  char *host;
  unsigned int port;
};
#endif

#endif /* DROPBEAR_AUTH_H_ */

Coverage Report

Created: 2023-03-06 09:28

Line	Count	Source (jump to first uncovered line)
1		/*
2		* Dropbear - a SSH2 server
3		*
4		* Copyright (c) 2002,2003 Matt Johnston
5		* All rights reserved.
6		*
7		* Permission is hereby granted, free of charge, to any person obtaining a copy
8		* of this software and associated documentation files (the "Software"), to deal
9		* in the Software without restriction, including without limitation the rights
10		* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11		* copies of the Software, and to permit persons to whom the Software is
12		* furnished to do so, subject to the following conditions:
13		*
14		* The above copyright notice and this permission notice shall be included in
15		* all copies or substantial portions of the Software.
16		*
17		* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18		* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19		* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
20		* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21		* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22		* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
23		* SOFTWARE. */
24
25		#ifndef DROPBEAR_AUTH_H_
26		#define DROPBEAR_AUTH_H_
27
28		#include "includes.h"
29		#include "signkey.h"
30		#include "chansession.h"
31		#include "list.h"
32
33		void svr_authinitialise(void);
34
35		/* Server functions */
36		void recv_msg_userauth_request(void);
37		void send_msg_userauth_failure(int partial, int incrfail);
38		void send_msg_userauth_success(void);
39		void send_msg_userauth_banner(const buffer *msg);
40		void svr_auth_password(int valid_user);
41		void svr_auth_pubkey(int valid_user);
42		void svr_auth_pam(int valid_user);
43
44		#if DROPBEAR_SVR_PUBKEY_OPTIONS_BUILT
45		int svr_pubkey_allows_agentfwd(void);
46		int svr_pubkey_allows_tcpfwd(void);
47		int svr_pubkey_allows_x11fwd(void);
48		int svr_pubkey_allows_pty(void);
49		int svr_pubkey_allows_local_tcpfwd(const char *host, unsigned int port);
50		void svr_pubkey_set_forced_command(struct ChanSess *chansess);
51		void svr_pubkey_options_cleanup(void);
52		int svr_add_pubkey_options(buffer options_buf, int line_num, const char filename);
53		#else
54		/* no option : success */
55		#define svr_pubkey_allows_agentfwd() 1
56		#define svr_pubkey_allows_tcpfwd() 1
57		#define svr_pubkey_allows_x11fwd() 1
58		#define svr_pubkey_allows_pty() 1
59		static inline int svr_pubkey_allows_local_tcpfwd(const char *host, unsigned int port)
60		{ (void)host; (void)port; return 1; }
61
62		static inline void svr_pubkey_set_forced_command(struct ChanSess *chansess) { }
63		static inline void svr_pubkey_options_cleanup(void) { }
64		#define svr_add_pubkey_options(x,y,z) DROPBEAR_SUCCESS
65		#endif
66
67		/* Client functions */
68		void recv_msg_userauth_failure(void);
69		void recv_msg_userauth_success(void);
70		void recv_msg_userauth_specific_60(void);
71		void recv_msg_userauth_pk_ok(void);
72		void recv_msg_userauth_info_request(void);
73		void cli_get_user(void);
74		void cli_auth_getmethods(void);
75		int cli_auth_try(void);
76		void recv_msg_userauth_banner(void);
77		void cli_pubkeyfail(void);
78		void cli_auth_password(void);
79		int cli_auth_pubkey(void);
80		void cli_auth_interactive(void);
81		char* getpass_or_cancel(const char* prompt);
82		void cli_auth_pubkey_cleanup(void);
83
84
85	0	#define MAX_USERNAME_LEN 100 /* arbitrary for the moment */
86
87	0	#define AUTH_TYPE_NONE 1
88	2.69k	#define AUTH_TYPE_PUBKEY (1 << 1)
89	2.69k	#define AUTH_TYPE_PASSWORD (1 << 2)
90	0	#define AUTH_TYPE_INTERACT (1 << 3)
91
92	0	#define AUTH_METHOD_NONE "none"
93	0	#define AUTH_METHOD_NONE_LEN 4
94	0	#define AUTH_METHOD_PUBKEY "publickey"
95	0	#define AUTH_METHOD_PUBKEY_LEN 9
96	0	#define AUTH_METHOD_PASSWORD "password"
97	0	#define AUTH_METHOD_PASSWORD_LEN 8
98	0	#define AUTH_METHOD_INTERACT "keyboard-interactive"
99	0	#define AUTH_METHOD_INTERACT_LEN 20
100
101	0	#define PUBKEY_OPTIONS_ANY_PORT UINT_MAX
102
103
104		/* This structure is shared between server and client - it contains
105		* relatively little extraneous bits when used for the client rather than the
106		* server */
107		struct AuthState {
108		char username; / This is the username the client presents to check. It
109		is updated each run through, used for auth checking */
110		unsigned char authtypes; /* Flags indicating which auth types are still
111		valid */
112		unsigned int failcount; /* Number of (failed) authentication attempts.*/
113		unsigned int authdone; /* 0 if we haven't authed, 1 if we have. Applies for
114		client and server (though has differing
115		meanings). */
116
117		unsigned int perm_warn; /* Server only, set if bad permissions on
118		~/.ssh/authorized_keys have already been
119		logged. */
120		unsigned int checkusername_failed; /* Server only, set if checkusername
121		has already failed */
122		struct timespec auth_starttime; /* Server only, time of receiving current
123		SSH_MSG_USERAUTH_REQUEST */
124
125		/* These are only used for the server */
126		uid_t pw_uid;
127		gid_t pw_gid;
128		char *pw_dir;
129		char *pw_shell;
130		char *pw_name;
131		char *pw_passwd;
132		#if DROPBEAR_SVR_PUBKEY_OPTIONS_BUILT
133		struct PubKeyOptions* pubkey_options;
134		char *pubkey_info;
135		#endif
136		};
137
138		#if DROPBEAR_SVR_PUBKEY_OPTIONS_BUILT
139		struct PubKeyOptions;
140		struct PubKeyOptions {
141		/* Flags */
142		int no_port_forwarding_flag;
143		int no_agent_forwarding_flag;
144		int no_x11_forwarding_flag;
145		int no_pty_flag;
146		/* "command=" option. */
147		char * forced_command;
148		/* "permitopen=" option */
149		m_list *permit_open_destinations;
150
151		#if DROPBEAR_SK_ECDSA \|\| DROPBEAR_SK_ED25519
152		int no_touch_required_flag;
153		int verify_required_flag;
154		#endif
155		};
156
157		struct PermitTCPFwdEntry {
158		char *host;
159		unsigned int port;
160		};
161		#endif
162
163		#endif /* DROPBEAR_AUTH_H_ */