version 1.131, 2014/02/02 03:44:31 |
version 1.132, 2014/04/29 18:01:49 |
|
|
#include <sys/param.h> |
#include <sys/param.h> |
#include <sys/queue.h> |
#include <sys/queue.h> |
|
|
|
#ifdef WITH_OPENSSL |
#include <openssl/dh.h> |
#include <openssl/dh.h> |
|
#endif |
|
|
#include <errno.h> |
#include <errno.h> |
#include <fcntl.h> |
#include <fcntl.h> |
|
|
static int monitor_read_log(struct monitor *); |
static int monitor_read_log(struct monitor *); |
|
|
static Authctxt *authctxt; |
static Authctxt *authctxt; |
|
|
|
#ifdef WITH_SSH1 |
static BIGNUM *ssh1_challenge = NULL; /* used for ssh1 rsa auth */ |
static BIGNUM *ssh1_challenge = NULL; /* used for ssh1 rsa auth */ |
|
#endif |
|
|
/* local state for key verify */ |
/* local state for key verify */ |
static u_char *key_blob = NULL; |
static u_char *key_blob = NULL; |
|
|
#define MON_PERMIT 0x1000 /* Request is permitted */ |
#define MON_PERMIT 0x1000 /* Request is permitted */ |
|
|
struct mon_table mon_dispatch_proto20[] = { |
struct mon_table mon_dispatch_proto20[] = { |
|
#ifdef WITH_OPENSSL |
{MONITOR_REQ_MODULI, MON_ONCE, mm_answer_moduli}, |
{MONITOR_REQ_MODULI, MON_ONCE, mm_answer_moduli}, |
|
#endif |
{MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign}, |
{MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign}, |
{MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow}, |
{MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow}, |
{MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv}, |
{MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv}, |
|
|
}; |
}; |
|
|
struct mon_table mon_dispatch_postauth20[] = { |
struct mon_table mon_dispatch_postauth20[] = { |
|
#ifdef WITH_OPENSSL |
{MONITOR_REQ_MODULI, 0, mm_answer_moduli}, |
{MONITOR_REQ_MODULI, 0, mm_answer_moduli}, |
|
#endif |
{MONITOR_REQ_SIGN, 0, mm_answer_sign}, |
{MONITOR_REQ_SIGN, 0, mm_answer_sign}, |
{MONITOR_REQ_PTY, 0, mm_answer_pty}, |
{MONITOR_REQ_PTY, 0, mm_answer_pty}, |
{MONITOR_REQ_PTYCLEANUP, 0, mm_answer_pty_cleanup}, |
{MONITOR_REQ_PTYCLEANUP, 0, mm_answer_pty_cleanup}, |
|
|
}; |
}; |
|
|
struct mon_table mon_dispatch_proto15[] = { |
struct mon_table mon_dispatch_proto15[] = { |
|
#ifdef WITH_SSH1 |
{MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow}, |
{MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow}, |
{MONITOR_REQ_SESSKEY, MON_ONCE, mm_answer_sesskey}, |
{MONITOR_REQ_SESSKEY, MON_ONCE, mm_answer_sesskey}, |
{MONITOR_REQ_SESSID, MON_ONCE, mm_answer_sessid}, |
{MONITOR_REQ_SESSID, MON_ONCE, mm_answer_sessid}, |
|
|
{MONITOR_REQ_RSARESPONSE, MON_ONCE|MON_AUTHDECIDE, mm_answer_rsa_response}, |
{MONITOR_REQ_RSARESPONSE, MON_ONCE|MON_AUTHDECIDE, mm_answer_rsa_response}, |
{MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery}, |
{MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery}, |
{MONITOR_REQ_BSDAUTHRESPOND, MON_AUTH, mm_answer_bsdauthrespond}, |
{MONITOR_REQ_BSDAUTHRESPOND, MON_AUTH, mm_answer_bsdauthrespond}, |
|
#endif |
{0, 0, NULL} |
{0, 0, NULL} |
}; |
}; |
|
|
struct mon_table mon_dispatch_postauth15[] = { |
struct mon_table mon_dispatch_postauth15[] = { |
|
#ifdef WITH_SSH1 |
{MONITOR_REQ_PTY, MON_ONCE, mm_answer_pty}, |
{MONITOR_REQ_PTY, MON_ONCE, mm_answer_pty}, |
{MONITOR_REQ_PTYCLEANUP, MON_ONCE, mm_answer_pty_cleanup}, |
{MONITOR_REQ_PTYCLEANUP, MON_ONCE, mm_answer_pty_cleanup}, |
{MONITOR_REQ_TERM, 0, mm_answer_term}, |
{MONITOR_REQ_TERM, 0, mm_answer_term}, |
|
#endif |
{0, 0, NULL} |
{0, 0, NULL} |
}; |
}; |
|
|
|
|
hostbased_chost = NULL; |
hostbased_chost = NULL; |
} |
} |
|
|
|
#ifdef WITH_OPENSSL |
int |
int |
mm_answer_moduli(int sock, Buffer *m) |
mm_answer_moduli(int sock, Buffer *m) |
{ |
{ |
|
|
mm_request_send(sock, MONITOR_ANS_MODULI, m); |
mm_request_send(sock, MONITOR_ANS_MODULI, m); |
return (0); |
return (0); |
} |
} |
|
#endif |
|
|
extern AuthenticationConnection *auth_conn; |
extern AuthenticationConnection *auth_conn; |
|
|
|
|
cuser, chost); |
cuser, chost); |
auth_method = "hostbased"; |
auth_method = "hostbased"; |
break; |
break; |
|
#ifdef WITH_SSH1 |
case MM_RSAHOSTKEY: |
case MM_RSAHOSTKEY: |
key->type = KEY_RSA1; /* XXX */ |
key->type = KEY_RSA1; /* XXX */ |
allowed = options.rhosts_rsa_authentication && |
allowed = options.rhosts_rsa_authentication && |
|
|
auth_clear_options(); |
auth_clear_options(); |
auth_method = "rsa"; |
auth_method = "rsa"; |
break; |
break; |
|
#endif |
default: |
default: |
fatal("%s: unknown key type %d", __func__, type); |
fatal("%s: unknown key type %d", __func__, type); |
break; |
break; |
|
|
return (0); |
return (0); |
} |
} |
|
|
|
#ifdef WITH_SSH1 |
int |
int |
mm_answer_sesskey(int sock, Buffer *m) |
mm_answer_sesskey(int sock, Buffer *m) |
{ |
{ |
|
|
|
|
return (success); |
return (success); |
} |
} |
|
#endif |
|
|
int |
int |
mm_answer_term(int sock, Buffer *req) |
mm_answer_term(int sock, Buffer *req) |
|
|
timingsafe_bcmp(kex->session_id, session_id2, session_id2_len) != 0) |
timingsafe_bcmp(kex->session_id, session_id2, session_id2_len) != 0) |
fatal("mm_get_get: internal error: bad session id"); |
fatal("mm_get_get: internal error: bad session id"); |
kex->we_need = buffer_get_int(m); |
kex->we_need = buffer_get_int(m); |
|
#ifdef WITH_OPENSSL |
kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; |
kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; |
kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; |
kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; |
kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; |
kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; |
kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; |
kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; |
kex->kex[KEX_ECDH_SHA2] = kexecdh_server; |
kex->kex[KEX_ECDH_SHA2] = kexecdh_server; |
|
#endif |
kex->kex[KEX_C25519_SHA256] = kexc25519_server; |
kex->kex[KEX_C25519_SHA256] = kexc25519_server; |
kex->server = 1; |
kex->server = 1; |
kex->hostkey_type = buffer_get_int(m); |
kex->hostkey_type = buffer_get_int(m); |