| version 1.123, 2013/05/16 04:09:13 |
version 1.124, 2013/05/17 00:13:13 |
|
|
| do_log2(level, "%s [preauth]", msg); |
do_log2(level, "%s [preauth]", msg); |
| |
|
| buffer_free(&logmsg); |
buffer_free(&logmsg); |
| xfree(msg); |
free(msg); |
| |
|
| return 0; |
return 0; |
| } |
} |
|
|
| monitor_reset_key_state(void) |
monitor_reset_key_state(void) |
| { |
{ |
| /* reset state */ |
/* reset state */ |
| if (key_blob != NULL) |
free(key_blob); |
| xfree(key_blob); |
free(hostbased_cuser); |
| if (hostbased_cuser != NULL) |
free(hostbased_chost); |
| xfree(hostbased_cuser); |
|
| if (hostbased_chost != NULL) |
|
| xfree(hostbased_chost); |
|
| key_blob = NULL; |
key_blob = NULL; |
| key_bloblen = 0; |
key_bloblen = 0; |
| key_blobtype = MM_NOKEY; |
key_blobtype = MM_NOKEY; |
|
|
| buffer_clear(m); |
buffer_clear(m); |
| buffer_put_string(m, signature, siglen); |
buffer_put_string(m, signature, siglen); |
| |
|
| xfree(p); |
free(p); |
| xfree(signature); |
free(signature); |
| |
|
| mm_request_send(sock, MONITOR_ANS_SIGN, m); |
mm_request_send(sock, MONITOR_ANS_SIGN, m); |
| |
|
|
|
| |
|
| authctxt->user = xstrdup(username); |
authctxt->user = xstrdup(username); |
| setproctitle("%s [priv]", pwent ? username : "unknown"); |
setproctitle("%s [priv]", pwent ? username : "unknown"); |
| xfree(username); |
free(username); |
| |
|
| buffer_clear(m); |
buffer_clear(m); |
| |
|
|
|
| banner = auth2_read_banner(); |
banner = auth2_read_banner(); |
| buffer_put_cstring(m, banner != NULL ? banner : ""); |
buffer_put_cstring(m, banner != NULL ? banner : ""); |
| mm_request_send(sock, MONITOR_ANS_AUTH2_READ_BANNER, m); |
mm_request_send(sock, MONITOR_ANS_AUTH2_READ_BANNER, m); |
| |
free(banner); |
| |
|
| if (banner != NULL) |
|
| xfree(banner); |
|
| |
|
| return (0); |
return (0); |
| } |
} |
| |
|
|
|
| __func__, authctxt->service, authctxt->style); |
__func__, authctxt->service, authctxt->style); |
| |
|
| if (strlen(authctxt->style) == 0) { |
if (strlen(authctxt->style) == 0) { |
| xfree(authctxt->style); |
free(authctxt->style); |
| authctxt->style = NULL; |
authctxt->style = NULL; |
| } |
} |
| |
|
|
|
| authenticated = options.password_authentication && |
authenticated = options.password_authentication && |
| auth_password(authctxt, passwd); |
auth_password(authctxt, passwd); |
| memset(passwd, 0, strlen(passwd)); |
memset(passwd, 0, strlen(passwd)); |
| xfree(passwd); |
free(passwd); |
| |
|
| buffer_clear(m); |
buffer_clear(m); |
| buffer_put_int(m, authenticated); |
buffer_put_int(m, authenticated); |
|
|
| mm_request_send(sock, MONITOR_ANS_BSDAUTHQUERY, m); |
mm_request_send(sock, MONITOR_ANS_BSDAUTHQUERY, m); |
| |
|
| if (success) { |
if (success) { |
| xfree(name); |
free(name); |
| xfree(infotxt); |
free(infotxt); |
| xfree(prompts); |
free(prompts); |
| xfree(echo_on); |
free(echo_on); |
| } |
} |
| |
|
| return (0); |
return (0); |
|
|
| auth_userresponse(authctxt->as, response, 0); |
auth_userresponse(authctxt->as, response, 0); |
| authctxt->as = NULL; |
authctxt->as = NULL; |
| debug3("%s: <%s> = <%d>", __func__, response, authok); |
debug3("%s: <%s> = <%d>", __func__, response, authok); |
| xfree(response); |
free(response); |
| |
|
| buffer_clear(m); |
buffer_clear(m); |
| buffer_put_int(m, authok); |
buffer_put_int(m, authok); |
|
|
| /* Log failed attempt */ |
/* Log failed attempt */ |
| auth_log(authctxt, 0, 0, auth_method, NULL, |
auth_log(authctxt, 0, 0, auth_method, NULL, |
| compat20 ? " ssh2" : ""); |
compat20 ? " ssh2" : ""); |
| xfree(blob); |
free(blob); |
| xfree(cuser); |
free(cuser); |
| xfree(chost); |
free(chost); |
| } |
} |
| |
|
| debug3("%s: key %p is %s", |
debug3("%s: key %p is %s", |
|
|
| (len != session_id2_len) || |
(len != session_id2_len) || |
| (timingsafe_bcmp(p, session_id2, session_id2_len) != 0)) |
(timingsafe_bcmp(p, session_id2, session_id2_len) != 0)) |
| fail++; |
fail++; |
| xfree(p); |
free(p); |
| } |
} |
| if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST) |
if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST) |
| fail++; |
fail++; |
|
|
| userstyle, p); |
userstyle, p); |
| fail++; |
fail++; |
| } |
} |
| xfree(userstyle); |
free(userstyle); |
| xfree(p); |
free(p); |
| buffer_skip_string(&b); |
buffer_skip_string(&b); |
| if (datafellows & SSH_BUG_PKAUTH) { |
if (datafellows & SSH_BUG_PKAUTH) { |
| if (!buffer_get_char(&b)) |
if (!buffer_get_char(&b)) |
|
|
| p = buffer_get_cstring(&b, NULL); |
p = buffer_get_cstring(&b, NULL); |
| if (strcmp("publickey", p) != 0) |
if (strcmp("publickey", p) != 0) |
| fail++; |
fail++; |
| xfree(p); |
free(p); |
| if (!buffer_get_char(&b)) |
if (!buffer_get_char(&b)) |
| fail++; |
fail++; |
| buffer_skip_string(&b); |
buffer_skip_string(&b); |
|
|
| (len != session_id2_len) || |
(len != session_id2_len) || |
| (timingsafe_bcmp(p, session_id2, session_id2_len) != 0)) |
(timingsafe_bcmp(p, session_id2, session_id2_len) != 0)) |
| fail++; |
fail++; |
| xfree(p); |
free(p); |
| |
|
| if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST) |
if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST) |
| fail++; |
fail++; |
|
|
| fail++; |
fail++; |
| } |
} |
| free(userstyle); |
free(userstyle); |
| xfree(p); |
free(p); |
| buffer_skip_string(&b); /* service */ |
buffer_skip_string(&b); /* service */ |
| p = buffer_get_cstring(&b, NULL); |
p = buffer_get_cstring(&b, NULL); |
| if (strcmp(p, "hostbased") != 0) |
if (strcmp(p, "hostbased") != 0) |
| fail++; |
fail++; |
| xfree(p); |
free(p); |
| buffer_skip_string(&b); /* pkalg */ |
buffer_skip_string(&b); /* pkalg */ |
| buffer_skip_string(&b); /* pkblob */ |
buffer_skip_string(&b); /* pkblob */ |
| |
|
|
|
| p[len - 1] = '\0'; |
p[len - 1] = '\0'; |
| if (strcmp(p, chost) != 0) |
if (strcmp(p, chost) != 0) |
| fail++; |
fail++; |
| xfree(p); |
free(p); |
| |
|
| /* verify client user */ |
/* verify client user */ |
| p = buffer_get_string(&b, NULL); |
p = buffer_get_string(&b, NULL); |
| if (strcmp(p, cuser) != 0) |
if (strcmp(p, cuser) != 0) |
| fail++; |
fail++; |
| xfree(p); |
free(p); |
| |
|
| if (buffer_len(&b) != 0) |
if (buffer_len(&b) != 0) |
| fail++; |
fail++; |
|
|
| __func__, key, (verified == 1) ? "verified" : "unverified"); |
__func__, key, (verified == 1) ? "verified" : "unverified"); |
| |
|
| key_free(key); |
key_free(key); |
| xfree(blob); |
free(blob); |
| xfree(signature); |
free(signature); |
| xfree(data); |
free(data); |
| |
|
| auth_method = key_blobtype == MM_USERKEY ? "publickey" : "hostbased"; |
auth_method = key_blobtype == MM_USERKEY ? "publickey" : "hostbased"; |
| |
|
|
|
| if ((s = session_by_tty(tty)) != NULL) |
if ((s = session_by_tty(tty)) != NULL) |
| mm_session_close(s); |
mm_session_close(s); |
| buffer_clear(m); |
buffer_clear(m); |
| xfree(tty); |
free(tty); |
| return (0); |
return (0); |
| } |
} |
| |
|
|
|
| |
|
| monitor_permit(mon_dispatch, MONITOR_REQ_RSARESPONSE, 1); |
monitor_permit(mon_dispatch, MONITOR_REQ_RSARESPONSE, 1); |
| |
|
| xfree(blob); |
free(blob); |
| key_free(key); |
key_free(key); |
| return (0); |
return (0); |
| } |
} |
|
|
| fatal("%s: received bad response to challenge", __func__); |
fatal("%s: received bad response to challenge", __func__); |
| success = auth_rsa_verify_response(key, ssh1_challenge, response); |
success = auth_rsa_verify_response(key, ssh1_challenge, response); |
| |
|
| xfree(blob); |
free(blob); |
| key_free(key); |
key_free(key); |
| xfree(response); |
free(response); |
| |
|
| auth_method = key_blobtype == MM_RSAUSERKEY ? "rsa" : "rhosts-rsa"; |
auth_method = key_blobtype == MM_RSAUSERKEY ? "rsa" : "rhosts-rsa"; |
| |
|
|
|
| packet_set_protocol_flags(child_state.ssh1protoflags); |
packet_set_protocol_flags(child_state.ssh1protoflags); |
| packet_set_encryption_key(child_state.ssh1key, |
packet_set_encryption_key(child_state.ssh1key, |
| child_state.ssh1keylen, child_state.ssh1cipher); |
child_state.ssh1keylen, child_state.ssh1cipher); |
| xfree(child_state.ssh1key); |
free(child_state.ssh1key); |
| } |
} |
| |
|
| /* for rc4 and other stateful ciphers */ |
/* for rc4 and other stateful ciphers */ |
| packet_set_keycontext(MODE_OUT, child_state.keyout); |
packet_set_keycontext(MODE_OUT, child_state.keyout); |
| xfree(child_state.keyout); |
free(child_state.keyout); |
| packet_set_keycontext(MODE_IN, child_state.keyin); |
packet_set_keycontext(MODE_IN, child_state.keyin); |
| xfree(child_state.keyin); |
free(child_state.keyin); |
| |
|
| if (!compat20) { |
if (!compat20) { |
| packet_set_iv(MODE_OUT, child_state.ivout); |
packet_set_iv(MODE_OUT, child_state.ivout); |
| xfree(child_state.ivout); |
free(child_state.ivout); |
| packet_set_iv(MODE_IN, child_state.ivin); |
packet_set_iv(MODE_IN, child_state.ivin); |
| xfree(child_state.ivin); |
free(child_state.ivin); |
| } |
} |
| |
|
| memcpy(&incoming_stream, &child_state.incoming, |
memcpy(&incoming_stream, &child_state.incoming, |
|
|
| buffer_clear(packet_get_input()); |
buffer_clear(packet_get_input()); |
| buffer_append(packet_get_input(), child_state.input, child_state.ilen); |
buffer_append(packet_get_input(), child_state.input, child_state.ilen); |
| memset(child_state.input, 0, child_state.ilen); |
memset(child_state.input, 0, child_state.ilen); |
| xfree(child_state.input); |
free(child_state.input); |
| |
|
| buffer_clear(packet_get_output()); |
buffer_clear(packet_get_output()); |
| buffer_append(packet_get_output(), child_state.output, |
buffer_append(packet_get_output(), child_state.output, |
| child_state.olen); |
child_state.olen); |
| memset(child_state.output, 0, child_state.olen); |
memset(child_state.output, 0, child_state.olen); |
| xfree(child_state.output); |
free(child_state.output); |
| |
|
| /* Roaming */ |
/* Roaming */ |
| if (compat20) |
if (compat20) |
|
|
| blob = buffer_get_string(m, &bloblen); |
blob = buffer_get_string(m, &bloblen); |
| buffer_init(&kex->my); |
buffer_init(&kex->my); |
| buffer_append(&kex->my, blob, bloblen); |
buffer_append(&kex->my, blob, bloblen); |
| xfree(blob); |
free(blob); |
| blob = buffer_get_string(m, &bloblen); |
blob = buffer_get_string(m, &bloblen); |
| buffer_init(&kex->peer); |
buffer_init(&kex->peer); |
| buffer_append(&kex->peer, blob, bloblen); |
buffer_append(&kex->peer, blob, bloblen); |
| xfree(blob); |
free(blob); |
| kex->done = 1; |
kex->done = 1; |
| kex->flags = buffer_get_int(m); |
kex->flags = buffer_get_int(m); |
| kex->client_version_string = buffer_get_string(m, NULL); |
kex->client_version_string = buffer_get_string(m, NULL); |
|
|
| |
|
| blob = buffer_get_string(&m, &bloblen); |
blob = buffer_get_string(&m, &bloblen); |
| current_keys[MODE_OUT] = mm_newkeys_from_blob(blob, bloblen); |
current_keys[MODE_OUT] = mm_newkeys_from_blob(blob, bloblen); |
| xfree(blob); |
free(blob); |
| |
|
| debug3("%s: Waiting for second key", __func__); |
debug3("%s: Waiting for second key", __func__); |
| blob = buffer_get_string(&m, &bloblen); |
blob = buffer_get_string(&m, &bloblen); |
| current_keys[MODE_IN] = mm_newkeys_from_blob(blob, bloblen); |
current_keys[MODE_IN] = mm_newkeys_from_blob(blob, bloblen); |
| xfree(blob); |
free(blob); |
| |
|
| /* Now get sequence numbers for the packets */ |
/* Now get sequence numbers for the packets */ |
| seqnr = buffer_get_int(&m); |
seqnr = buffer_get_int(&m); |
|
|
| if (plen != sizeof(child_state.outgoing)) |
if (plen != sizeof(child_state.outgoing)) |
| fatal("%s: bad request size", __func__); |
fatal("%s: bad request size", __func__); |
| memcpy(&child_state.outgoing, p, sizeof(child_state.outgoing)); |
memcpy(&child_state.outgoing, p, sizeof(child_state.outgoing)); |
| xfree(p); |
free(p); |
| |
|
| p = buffer_get_string(&m, &plen); |
p = buffer_get_string(&m, &plen); |
| if (plen != sizeof(child_state.incoming)) |
if (plen != sizeof(child_state.incoming)) |
| fatal("%s: bad request size", __func__); |
fatal("%s: bad request size", __func__); |
| memcpy(&child_state.incoming, p, sizeof(child_state.incoming)); |
memcpy(&child_state.incoming, p, sizeof(child_state.incoming)); |
| xfree(p); |
free(p); |
| |
|
| /* Network I/O buffers */ |
/* Network I/O buffers */ |
| debug3("%s: Getting Network I/O buffers", __func__); |
debug3("%s: Getting Network I/O buffers", __func__); |
|
|
| |
|
| major = ssh_gssapi_server_ctx(&gsscontext, &goid); |
major = ssh_gssapi_server_ctx(&gsscontext, &goid); |
| |
|
| xfree(goid.elements); |
free(goid.elements); |
| |
|
| buffer_clear(m); |
buffer_clear(m); |
| buffer_put_int(m, major); |
buffer_put_int(m, major); |
|
|
| in.value = buffer_get_string(m, &len); |
in.value = buffer_get_string(m, &len); |
| in.length = len; |
in.length = len; |
| major = ssh_gssapi_accept_ctx(gsscontext, &in, &out, &flags); |
major = ssh_gssapi_accept_ctx(gsscontext, &in, &out, &flags); |
| xfree(in.value); |
free(in.value); |
| |
|
| buffer_clear(m); |
buffer_clear(m); |
| buffer_put_int(m, major); |
buffer_put_int(m, major); |
|
|
| |
|
| ret = ssh_gssapi_checkmic(gsscontext, &gssbuf, &mic); |
ret = ssh_gssapi_checkmic(gsscontext, &gssbuf, &mic); |
| |
|
| xfree(gssbuf.value); |
free(gssbuf.value); |
| xfree(mic.value); |
free(mic.value); |
| |
|
| buffer_clear(m); |
buffer_clear(m); |
| buffer_put_int(m, ret); |
buffer_put_int(m, ret); |
|
|
| |
|
| bzero(x3_proof, x3_proof_len); |
bzero(x3_proof, x3_proof_len); |
| bzero(x4_proof, x4_proof_len); |
bzero(x4_proof, x4_proof_len); |
| xfree(x3_proof); |
free(x3_proof); |
| xfree(x4_proof); |
free(x4_proof); |
| |
|
| monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_GET_PWDATA, 1); |
monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_GET_PWDATA, 1); |
| monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_STEP1, 0); |
monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_STEP1, 0); |
|
|
| |
|
| bzero(hash_scheme, strlen(hash_scheme)); |
bzero(hash_scheme, strlen(hash_scheme)); |
| bzero(salt, strlen(salt)); |
bzero(salt, strlen(salt)); |
| xfree(hash_scheme); |
free(hash_scheme); |
| xfree(salt); |
free(salt); |
| |
|
| monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_STEP2, 1); |
monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_STEP2, 1); |
| |
|
|
|
| |
|
| bzero(x1_proof, x1_proof_len); |
bzero(x1_proof, x1_proof_len); |
| bzero(x2_proof, x2_proof_len); |
bzero(x2_proof, x2_proof_len); |
| xfree(x1_proof); |
free(x1_proof); |
| xfree(x2_proof); |
free(x2_proof); |
| |
|
| buffer_clear(m); |
buffer_clear(m); |
| |
|
|
|
| mm_request_send(sock, MONITOR_ANS_JPAKE_STEP2, m); |
mm_request_send(sock, MONITOR_ANS_JPAKE_STEP2, m); |
| |
|
| bzero(x4_s_proof, x4_s_proof_len); |
bzero(x4_s_proof, x4_s_proof_len); |
| xfree(x4_s_proof); |
free(x4_s_proof); |
| |
|
| monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_KEY_CONFIRM, 1); |
monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_KEY_CONFIRM, 1); |
| |
|
|
|
| JPAKE_DEBUG_CTX((pctx, "check_confirm done in %s", __func__)); |
JPAKE_DEBUG_CTX((pctx, "check_confirm done in %s", __func__)); |
| |
|
| bzero(peer_confirm_hash, peer_confirm_hash_len); |
bzero(peer_confirm_hash, peer_confirm_hash_len); |
| xfree(peer_confirm_hash); |
free(peer_confirm_hash); |
| |
|
| buffer_clear(m); |
buffer_clear(m); |
| buffer_put_int(m, authenticated); |
buffer_put_int(m, authenticated); |
![[BACK]](/icons/back.gif){kind=icon}
Return to monitor.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh