src/usr.bin/ssh/monitor.c - diff

Return to monitor.c CVS log

Up to [local] / src / usr.bin / ssh

Diff for /src/usr.bin/ssh/monitor.c between version 1.68 and 1.68.2.1

version 1.68, 2006/02/20 17:02:44

version 1.68.2.1, 2006/09/30 04:06:50

Line 1

/* $OpenBSD$ */

Line 24

Line 25

* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

#include "includes.h"

RCSID("$OpenBSD$");

#include <sys/types.h>

#include <sys/wait.h>

#include <sys/socket.h>

#include <sys/tree.h>

#include <sys/param.h>

#include <openssl/dh.h>

#include <errno.h>

#include <fcntl.h>

#include <paths.h>

#include <pwd.h>

#include <signal.h>

#include <stdlib.h>

#include <string.h>

#ifdef SKEY

#include <skey.h>

#endif

#include <openssl/dh.h>

#include "xmalloc.h"

#include "ssh.h"

#include "key.h"

#include "buffer.h"

#include "hostfile.h"

#include "auth.h"

#include "cipher.h"

#include "kex.h"

#include "dh.h"

#include "zlib.h"

#include <zlib.h>

#include "packet.h"

#include "auth-options.h"

#include "sshpty.h"

Line 55

Line 66

#include "servconf.h"

#include "monitor.h"

#include "monitor_mm.h"

#ifdef GSSAPI

#include "ssh-gss.h"

#endif

#include "monitor_wrap.h"

#include "monitor_fdpass.h"

#include "xmalloc.h"

#include "misc.h"

#include "buffer.h"

#include "bufaux.h"

#include "compat.h"

#include "ssh2.h"

#ifdef GSSAPI

#include "ssh-gss.h"

static Gssctxt *gsscontext = NULL;

#endif

Line 157

Line 167

#define MON_ISAUTH 0x0004 /* Required for Authentication */

#define MON_AUTHDECIDE 0x0008 /* Decides Authentication */

#define MON_ONCE 0x0010 /* Disable after calling */

#define MON_ALOG 0x0020 /* Log auth attempt without authenticating */

#define MON_AUTH (MON_ISAUTH|MON_AUTHDECIDE)

Line 202

Line 213

{MONITOR_REQ_SESSKEY, MON_ONCE, mm_answer_sesskey},

{MONITOR_REQ_SESSID, MON_ONCE, mm_answer_sessid},

{MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword},

{MONITOR_REQ_RSAKEYALLOWED, MON_ISAUTH, mm_answer_rsa_keyallowed},

{MONITOR_REQ_RSAKEYALLOWED, MON_ISAUTH|MON_ALOG, mm_answer_rsa_keyallowed},

{MONITOR_REQ_KEYALLOWED, MON_ISAUTH, mm_answer_keyallowed},

{MONITOR_REQ_KEYALLOWED, MON_ISAUTH|MON_ALOG, mm_answer_keyallowed},

{MONITOR_REQ_RSACHALLENGE, MON_ONCE, mm_answer_rsa_challenge},

{MONITOR_REQ_RSARESPONSE, MON_ONCE|MON_AUTHDECIDE, mm_answer_rsa_response},

#ifdef BSD_AUTH

Line 280

Line 291

/* The first few requests do not require asynchronous access */

while (!authenticated) {

auth_method = "unknown";

authenticated = monitor_read(pmonitor, mon_dispatch, &ent);

if (authenticated) {

if (!(ent->flags & MON_AUTHDECIDE))

Line 290

Line 302

authenticated = 0;

}

if (ent->flags & MON_AUTHDECIDE) {

if (ent->flags & (MON_AUTHDECIDE|MON_ALOG)) {

auth_log(authctxt, authenticated, auth_method,

compat20 ? " ssh2" : "");

if (!authenticated)

Line 300

Line 312

if (!authctxt->valid)

fatal("%s: authenticated invalid user", __func__);

if (strcmp(auth_method, "unknown") == 0)

fatal("%s: authentication method name unknown", __func__);

debug("%s: %s has been authenticated by privileged process",

__func__, authctxt->user);

Line 479

Line 493

keyid = buffer_get_int(m);

p = buffer_get_string(m, &datlen);

if (datlen != 20)

* Supported KEX types will only return SHA1 (20 byte) or

* SHA256 (32 byte) hashes

if (datlen != 20 && datlen != 32)

fatal("%s: data length incorrect: %u", __func__, datlen);

/* save session id, it will be passed on the first call */

Line 782

Line 800

case MM_USERKEY:

allowed = options.pubkey_authentication &&

user_key_allowed(authctxt->pw, key);

auth_method = "publickey";

break;

case MM_HOSTKEY:

allowed = options.hostbased_authentication &&

hostbased_key_allowed(authctxt->pw,

cuser, chost, key);

auth_method = "hostbased";

break;

case MM_RSAHOSTKEY:

key->type = KEY_RSA1; /* XXX */

allowed = options.rhosts_rsa_authentication &&

auth_rhosts_rsa_key_allowed(authctxt->pw,

cuser, chost, key);

auth_method = "rsa";

break;

default:

fatal("%s: unknown key type %d", __func__, type);

Line 812

Line 833

key_blobtype = type;

hostbased_cuser = cuser;

hostbased_chost = chost;

} else {

/* Log failed attempt */

auth_log(authctxt, 0, auth_method, compat20 ? " ssh2" : "");

xfree(blob);

xfree(cuser);

xfree(chost);

}

debug3("%s: key %p is %s",

Line 1013

Line 1040

fromlen = sizeof(from);

if (packet_connection_is_on_socket()) {

if (getpeername(packet_get_connection_in(),

(struct sockaddr *) & from, &fromlen) < 0) {

(struct sockaddr *)&from, &fromlen) < 0) {

debug("getpeername: %.100s", strerror(errno));

cleanup_exit(255);

}

Line 1029

Line 1056

{

debug3("%s: session %d pid %ld", __func__, s->self, (long)s->pid);

if (s->ttyfd != -1) {

debug3("%s: tty %s ptyfd %d", __func__, s->tty, s->ptyfd);

session_pty_cleanup2(s);

}

s->used = 0;

Line 1089

Line 1116

/* no need to dup() because nobody closes ptyfd */

s->ptymaster = s->ptyfd;

debug3("%s: tty %s ptyfd %d", __func__, s->tty, s->ttyfd);

return (0);

Line 1176

Line 1203

debug3("%s entering", __func__);

auth_method = "rsa";

if (options.rsa_authentication && authctxt->valid) {

if ((client_n = BN_new()) == NULL)

fatal("%s: BN_new", __func__);

Line 1370

Line 1398

void *blob;

u_int bloblen;

kex = xmalloc(sizeof(*kex));

kex = xcalloc(1, sizeof(*kex));

memset(kex, 0, sizeof(*kex));

kex->session_id = buffer_get_string(m, &kex->session_id_len);

if ((session_id2 == NULL) ||

(kex->session_id_len != session_id2_len) ||

Line 1381

Line 1408

kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;

kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server;

kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;

kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;

kex->server = 1;

kex->hostkey_type = buffer_get_int(m);

kex->kex_type = buffer_get_int(m);

Line 1535

Line 1563

struct monitor *mon;

int pair[2];

mon = xmalloc(sizeof(*mon));

mon = xcalloc(1, sizeof(*mon));

mon->m_pid = 0;

monitor_socketpair(pair);

mon->m_recvfd = pair[0];