Annotation of src/usr.bin/ssh/monitor.c, Revision 1.114
1.114 ! djm 1: /* $OpenBSD: monitor.c,v 1.113 2011/05/23 03:30:07 djm Exp $ */
1.1 provos 2: /*
3: * Copyright 2002 Niels Provos <provos@citi.umich.edu>
4: * Copyright 2002 Markus Friedl <markus@openbsd.org>
5: * All rights reserved.
6: *
7: * Redistribution and use in source and binary forms, with or without
8: * modification, are permitted provided that the following conditions
9: * are met:
10: * 1. Redistributions of source code must retain the above copyright
11: * notice, this list of conditions and the following disclaimer.
12: * 2. Redistributions in binary form must reproduce the above copyright
13: * notice, this list of conditions and the following disclaimer in the
14: * documentation and/or other materials provided with the distribution.
15: *
16: * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
17: * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
18: * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
19: * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
20: * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
21: * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
22: * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
23: * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
24: * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
25: * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26: */
27:
1.67 stevesk 28: #include <sys/types.h>
29: #include <sys/wait.h>
1.79 stevesk 30: #include <sys/socket.h>
1.85 deraadt 31: #include <sys/tree.h>
1.83 stevesk 32: #include <sys/param.h>
1.95 djm 33: #include <sys/queue.h>
1.1 provos 34:
1.78 stevesk 35: #include <openssl/dh.h>
36:
1.81 stevesk 37: #include <errno.h>
1.80 stevesk 38: #include <fcntl.h>
1.65 stevesk 39: #include <paths.h>
1.114 ! djm 40: #include <poll.h>
1.78 stevesk 41: #include <pwd.h>
1.68 stevesk 42: #include <signal.h>
1.84 stevesk 43: #include <stdlib.h>
1.82 stevesk 44: #include <string.h>
1.1 provos 45:
1.114 ! djm 46: #include "atomicio.h"
1.85 deraadt 47: #include "xmalloc.h"
1.1 provos 48: #include "ssh.h"
1.85 deraadt 49: #include "key.h"
50: #include "buffer.h"
51: #include "hostfile.h"
1.1 provos 52: #include "auth.h"
1.85 deraadt 53: #include "cipher.h"
1.1 provos 54: #include "kex.h"
55: #include "dh.h"
1.88 miod 56: #include <zlib.h>
1.1 provos 57: #include "packet.h"
58: #include "auth-options.h"
59: #include "sshpty.h"
60: #include "channels.h"
61: #include "session.h"
62: #include "sshlogin.h"
63: #include "canohost.h"
64: #include "log.h"
65: #include "servconf.h"
66: #include "monitor.h"
67: #include "monitor_mm.h"
1.85 deraadt 68: #ifdef GSSAPI
69: #include "ssh-gss.h"
70: #endif
1.1 provos 71: #include "monitor_wrap.h"
72: #include "monitor_fdpass.h"
73: #include "misc.h"
74: #include "compat.h"
75: #include "ssh2.h"
1.100 djm 76: #include "jpake.h"
1.104 andreas 77: #include "roaming.h"
1.1 provos 78:
1.46 markus 79: #ifdef GSSAPI
80: static Gssctxt *gsscontext = NULL;
81: #endif
82:
1.1 provos 83: /* Imports */
84: extern ServerOptions options;
85: extern u_int utmp_len;
86: extern Newkeys *current_keys[];
87: extern z_stream incoming_stream;
88: extern z_stream outgoing_stream;
89: extern u_char session_id[];
90: extern Buffer auth_debug;
91: extern int auth_debug_init;
1.61 dtucker 92: extern Buffer loginmsg;
1.1 provos 93:
94: /* State exported from the child */
95:
96: struct {
97: z_stream incoming;
98: z_stream outgoing;
99: u_char *keyin;
100: u_int keyinlen;
101: u_char *keyout;
102: u_int keyoutlen;
103: u_char *ivin;
104: u_int ivinlen;
105: u_char *ivout;
106: u_int ivoutlen;
1.15 markus 107: u_char *ssh1key;
108: u_int ssh1keylen;
1.1 provos 109: int ssh1cipher;
110: int ssh1protoflags;
111: u_char *input;
112: u_int ilen;
113: u_char *output;
114: u_int olen;
1.103 andreas 115: u_int64_t sent_bytes;
116: u_int64_t recv_bytes;
1.1 provos 117: } child_state;
118:
1.43 markus 119: /* Functions on the monitor that answer unprivileged requests */
1.1 provos 120:
121: int mm_answer_moduli(int, Buffer *);
122: int mm_answer_sign(int, Buffer *);
123: int mm_answer_pwnamallow(int, Buffer *);
1.10 djm 124: int mm_answer_auth2_read_banner(int, Buffer *);
1.1 provos 125: int mm_answer_authserv(int, Buffer *);
126: int mm_answer_authpassword(int, Buffer *);
127: int mm_answer_bsdauthquery(int, Buffer *);
128: int mm_answer_bsdauthrespond(int, Buffer *);
129: int mm_answer_skeyquery(int, Buffer *);
130: int mm_answer_skeyrespond(int, Buffer *);
131: int mm_answer_keyallowed(int, Buffer *);
132: int mm_answer_keyverify(int, Buffer *);
133: int mm_answer_pty(int, Buffer *);
134: int mm_answer_pty_cleanup(int, Buffer *);
135: int mm_answer_term(int, Buffer *);
136: int mm_answer_rsa_keyallowed(int, Buffer *);
137: int mm_answer_rsa_challenge(int, Buffer *);
138: int mm_answer_rsa_response(int, Buffer *);
139: int mm_answer_sesskey(int, Buffer *);
140: int mm_answer_sessid(int, Buffer *);
1.100 djm 141: int mm_answer_jpake_get_pwdata(int, Buffer *);
142: int mm_answer_jpake_step1(int, Buffer *);
143: int mm_answer_jpake_step2(int, Buffer *);
144: int mm_answer_jpake_key_confirm(int, Buffer *);
145: int mm_answer_jpake_check_confirm(int, Buffer *);
1.1 provos 146:
1.46 markus 147: #ifdef GSSAPI
148: int mm_answer_gss_setup_ctx(int, Buffer *);
149: int mm_answer_gss_accept_ctx(int, Buffer *);
150: int mm_answer_gss_userok(int, Buffer *);
1.52 markus 151: int mm_answer_gss_checkmic(int, Buffer *);
1.46 markus 152: #endif
1.25 itojun 153:
1.114 ! djm 154: static int monitor_read_log(struct monitor *);
! 155:
1.1 provos 156: static Authctxt *authctxt;
157: static BIGNUM *ssh1_challenge = NULL; /* used for ssh1 rsa auth */
158:
159: /* local state for key verify */
160: static u_char *key_blob = NULL;
161: static u_int key_bloblen = 0;
162: static int key_blobtype = MM_NOKEY;
1.26 markus 163: static char *hostbased_cuser = NULL;
164: static char *hostbased_chost = NULL;
1.1 provos 165: static char *auth_method = "unknown";
1.44 markus 166: static u_int session_id2_len = 0;
1.13 markus 167: static u_char *session_id2 = NULL;
1.40 markus 168: static pid_t monitor_child_pid;
1.1 provos 169:
170: struct mon_table {
171: enum monitor_reqtype type;
172: int flags;
173: int (*f)(int, Buffer *);
174: };
175:
176: #define MON_ISAUTH 0x0004 /* Required for Authentication */
177: #define MON_AUTHDECIDE 0x0008 /* Decides Authentication */
178: #define MON_ONCE 0x0010 /* Disable after calling */
1.77 dtucker 179: #define MON_ALOG 0x0020 /* Log auth attempt without authenticating */
1.1 provos 180:
181: #define MON_AUTH (MON_ISAUTH|MON_AUTHDECIDE)
182:
183: #define MON_PERMIT 0x1000 /* Request is permitted */
184:
185: struct mon_table mon_dispatch_proto20[] = {
186: {MONITOR_REQ_MODULI, MON_ONCE, mm_answer_moduli},
187: {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign},
188: {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow},
189: {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv},
1.10 djm 190: {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner},
1.1 provos 191: {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword},
192: {MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery},
1.66 stevesk 193: {MONITOR_REQ_BSDAUTHRESPOND, MON_AUTH, mm_answer_bsdauthrespond},
1.1 provos 194: {MONITOR_REQ_KEYALLOWED, MON_ISAUTH, mm_answer_keyallowed},
195: {MONITOR_REQ_KEYVERIFY, MON_AUTH, mm_answer_keyverify},
1.46 markus 196: #ifdef GSSAPI
197: {MONITOR_REQ_GSSSETUP, MON_ISAUTH, mm_answer_gss_setup_ctx},
198: {MONITOR_REQ_GSSSTEP, MON_ISAUTH, mm_answer_gss_accept_ctx},
199: {MONITOR_REQ_GSSUSEROK, MON_AUTH, mm_answer_gss_userok},
1.52 markus 200: {MONITOR_REQ_GSSCHECKMIC, MON_ISAUTH, mm_answer_gss_checkmic},
1.46 markus 201: #endif
1.100 djm 202: #ifdef JPAKE
203: {MONITOR_REQ_JPAKE_GET_PWDATA, MON_ONCE, mm_answer_jpake_get_pwdata},
204: {MONITOR_REQ_JPAKE_STEP1, MON_ISAUTH, mm_answer_jpake_step1},
205: {MONITOR_REQ_JPAKE_STEP2, MON_ONCE, mm_answer_jpake_step2},
206: {MONITOR_REQ_JPAKE_KEY_CONFIRM, MON_ONCE, mm_answer_jpake_key_confirm},
207: {MONITOR_REQ_JPAKE_CHECK_CONFIRM, MON_AUTH, mm_answer_jpake_check_confirm},
208: #endif
1.1 provos 209: {0, 0, NULL}
210: };
211:
212: struct mon_table mon_dispatch_postauth20[] = {
213: {MONITOR_REQ_MODULI, 0, mm_answer_moduli},
214: {MONITOR_REQ_SIGN, 0, mm_answer_sign},
215: {MONITOR_REQ_PTY, 0, mm_answer_pty},
216: {MONITOR_REQ_PTYCLEANUP, 0, mm_answer_pty_cleanup},
217: {MONITOR_REQ_TERM, 0, mm_answer_term},
218: {0, 0, NULL}
219: };
220:
221: struct mon_table mon_dispatch_proto15[] = {
222: {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow},
223: {MONITOR_REQ_SESSKEY, MON_ONCE, mm_answer_sesskey},
224: {MONITOR_REQ_SESSID, MON_ONCE, mm_answer_sessid},
225: {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword},
1.77 dtucker 226: {MONITOR_REQ_RSAKEYALLOWED, MON_ISAUTH|MON_ALOG, mm_answer_rsa_keyallowed},
227: {MONITOR_REQ_KEYALLOWED, MON_ISAUTH|MON_ALOG, mm_answer_keyallowed},
1.1 provos 228: {MONITOR_REQ_RSACHALLENGE, MON_ONCE, mm_answer_rsa_challenge},
229: {MONITOR_REQ_RSARESPONSE, MON_ONCE|MON_AUTHDECIDE, mm_answer_rsa_response},
230: {MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery},
1.66 stevesk 231: {MONITOR_REQ_BSDAUTHRESPOND, MON_AUTH, mm_answer_bsdauthrespond},
1.1 provos 232: {0, 0, NULL}
233: };
234:
235: struct mon_table mon_dispatch_postauth15[] = {
236: {MONITOR_REQ_PTY, MON_ONCE, mm_answer_pty},
237: {MONITOR_REQ_PTYCLEANUP, MON_ONCE, mm_answer_pty_cleanup},
238: {MONITOR_REQ_TERM, 0, mm_answer_term},
239: {0, 0, NULL}
240: };
241:
242: struct mon_table *mon_dispatch;
243:
244: /* Specifies if a certain message is allowed at the moment */
245:
246: static void
247: monitor_permit(struct mon_table *ent, enum monitor_reqtype type, int permit)
248: {
249: while (ent->f != NULL) {
250: if (ent->type == type) {
251: ent->flags &= ~MON_PERMIT;
252: ent->flags |= permit ? MON_PERMIT : 0;
253: return;
254: }
255: ent++;
256: }
257: }
258:
259: static void
260: monitor_permit_authentications(int permit)
261: {
262: struct mon_table *ent = mon_dispatch;
263:
264: while (ent->f != NULL) {
265: if (ent->flags & MON_AUTH) {
266: ent->flags &= ~MON_PERMIT;
267: ent->flags |= permit ? MON_PERMIT : 0;
268: }
269: ent++;
270: }
271: }
272:
1.50 markus 273: void
274: monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor)
1.1 provos 275: {
276: struct mon_table *ent;
277: int authenticated = 0;
278:
279: debug3("preauth child monitor started");
280:
1.114 ! djm 281: close(pmonitor->m_recvfd);
! 282: close(pmonitor->m_log_sendfd);
! 283: pmonitor->m_log_sendfd = pmonitor->m_recvfd = -1;
! 284:
1.50 markus 285: authctxt = _authctxt;
286: memset(authctxt, 0, sizeof(*authctxt));
287:
1.1 provos 288: if (compat20) {
289: mon_dispatch = mon_dispatch_proto20;
290:
291: /* Permit requests for moduli and signatures */
292: monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1);
293: monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1);
294: } else {
295: mon_dispatch = mon_dispatch_proto15;
296:
297: monitor_permit(mon_dispatch, MONITOR_REQ_SESSKEY, 1);
298: }
299:
300: /* The first few requests do not require asynchronous access */
301: while (!authenticated) {
1.77 dtucker 302: auth_method = "unknown";
1.89 markus 303: authenticated = (monitor_read(pmonitor, mon_dispatch, &ent) == 1);
1.1 provos 304: if (authenticated) {
305: if (!(ent->flags & MON_AUTHDECIDE))
306: fatal("%s: unexpected authentication from %d",
1.14 markus 307: __func__, ent->type);
1.1 provos 308: if (authctxt->pw->pw_uid == 0 &&
309: !auth_root_allowed(auth_method))
310: authenticated = 0;
311: }
312:
1.77 dtucker 313: if (ent->flags & (MON_AUTHDECIDE|MON_ALOG)) {
1.1 provos 314: auth_log(authctxt, authenticated, auth_method,
315: compat20 ? " ssh2" : "");
316: if (!authenticated)
317: authctxt->failures++;
318: }
1.100 djm 319: #ifdef JPAKE
320: /* Cleanup JPAKE context after authentication */
321: if (ent->flags & MON_AUTHDECIDE) {
322: if (authctxt->jpake_ctx != NULL) {
323: jpake_free(authctxt->jpake_ctx);
324: authctxt->jpake_ctx = NULL;
325: }
326: }
327: #endif
1.1 provos 328: }
329:
1.114 ! djm 330: /* Drain any buffered messages from the child */
! 331: while (pmonitor->m_log_recvfd != -1 && monitor_read_log(pmonitor) == 0)
! 332: ;
! 333:
1.1 provos 334: if (!authctxt->valid)
1.14 markus 335: fatal("%s: authenticated invalid user", __func__);
1.77 dtucker 336: if (strcmp(auth_method, "unknown") == 0)
337: fatal("%s: authentication method name unknown", __func__);
1.1 provos 338:
339: debug("%s: %s has been authenticated by privileged process",
1.14 markus 340: __func__, authctxt->user);
1.1 provos 341:
1.11 mouring 342: mm_get_keystate(pmonitor);
1.114 ! djm 343:
! 344: close(pmonitor->m_sendfd);
! 345: close(pmonitor->m_log_recvfd);
! 346: pmonitor->m_sendfd = pmonitor->m_log_recvfd = -1;
1.1 provos 347: }
348:
1.40 markus 349: static void
350: monitor_set_child_handler(pid_t pid)
351: {
352: monitor_child_pid = pid;
353: }
354:
355: static void
1.59 avsm 356: monitor_child_handler(int sig)
1.40 markus 357: {
1.59 avsm 358: kill(monitor_child_pid, sig);
1.40 markus 359: }
360:
1.1 provos 361: void
1.11 mouring 362: monitor_child_postauth(struct monitor *pmonitor)
1.1 provos 363: {
1.114 ! djm 364: close(pmonitor->m_recvfd);
! 365: pmonitor->m_recvfd = -1;
! 366:
1.40 markus 367: monitor_set_child_handler(pmonitor->m_pid);
368: signal(SIGHUP, &monitor_child_handler);
369: signal(SIGTERM, &monitor_child_handler);
1.91 djm 370: signal(SIGINT, &monitor_child_handler);
1.40 markus 371:
1.1 provos 372: if (compat20) {
373: mon_dispatch = mon_dispatch_postauth20;
374:
375: /* Permit requests for moduli and signatures */
376: monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1);
377: monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1);
378: monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1);
379: } else {
380: mon_dispatch = mon_dispatch_postauth15;
381: monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1);
382: }
383: if (!no_pty_flag) {
384: monitor_permit(mon_dispatch, MONITOR_REQ_PTY, 1);
385: monitor_permit(mon_dispatch, MONITOR_REQ_PTYCLEANUP, 1);
386: }
387:
388: for (;;)
1.11 mouring 389: monitor_read(pmonitor, mon_dispatch, NULL);
1.114 ! djm 390:
! 391: close(pmonitor->m_sendfd);
! 392: pmonitor->m_sendfd = -1;
1.1 provos 393: }
394:
395: void
1.11 mouring 396: monitor_sync(struct monitor *pmonitor)
1.1 provos 397: {
1.16 djm 398: if (options.compression) {
399: /* The member allocation is not visible, so sync it */
400: mm_share_sync(&pmonitor->m_zlib, &pmonitor->m_zback);
401: }
1.1 provos 402: }
403:
1.114 ! djm 404: static int
! 405: monitor_read_log(struct monitor *pmonitor)
! 406: {
! 407: Buffer logmsg;
! 408: u_int len, level;
! 409: char *msg;
! 410:
! 411: buffer_init(&logmsg);
! 412:
! 413: /* Read length */
! 414: buffer_append_space(&logmsg, 4);
! 415: if (atomicio(read, pmonitor->m_log_recvfd,
! 416: buffer_ptr(&logmsg), buffer_len(&logmsg)) != buffer_len(&logmsg)) {
! 417: if (errno == EPIPE) {
! 418: debug("%s: child log fd closed", __func__);
! 419: close(pmonitor->m_log_recvfd);
! 420: pmonitor->m_log_recvfd = -1;
! 421: return -1;
! 422: }
! 423: fatal("%s: log fd read: %s", __func__, strerror(errno));
! 424: }
! 425: len = buffer_get_int(&logmsg);
! 426: if (len <= 4 || len > 8192)
! 427: fatal("%s: invalid log message length %u", __func__, len);
! 428:
! 429: /* Read severity, message */
! 430: buffer_clear(&logmsg);
! 431: buffer_append_space(&logmsg, len);
! 432: if (atomicio(read, pmonitor->m_log_recvfd,
! 433: buffer_ptr(&logmsg), buffer_len(&logmsg)) != buffer_len(&logmsg))
! 434: fatal("%s: log fd read: %s", __func__, strerror(errno));
! 435:
! 436: /* Log it */
! 437: level = buffer_get_int(&logmsg);
! 438: msg = buffer_get_string(&logmsg, NULL);
! 439: if (log_level_name(level) == NULL)
! 440: fatal("%s: invalid log level %u (corrupted message?)",
! 441: __func__, level);
! 442: do_log2(level, "%s [preauth]", msg);
! 443:
! 444: buffer_free(&logmsg);
! 445: xfree(msg);
! 446:
! 447: return 0;
! 448: }
! 449:
1.1 provos 450: int
1.11 mouring 451: monitor_read(struct monitor *pmonitor, struct mon_table *ent,
1.1 provos 452: struct mon_table **pent)
453: {
454: Buffer m;
455: int ret;
456: u_char type;
1.114 ! djm 457: struct pollfd pfd[2];
! 458:
! 459: for (;;) {
! 460: bzero(&pfd, sizeof(pfd));
! 461: pfd[0].fd = pmonitor->m_sendfd;
! 462: pfd[0].events = POLLIN;
! 463: pfd[1].fd = pmonitor->m_log_recvfd;
! 464: pfd[1].events = pfd[1].fd == -1 ? 0 : POLLIN;
! 465: if (poll(pfd, pfd[1].fd == -1 ? 1 : 2, -1) == -1)
! 466: fatal("%s: poll: %s", __func__, strerror(errno));
! 467: if (pfd[1].revents) {
! 468: /*
! 469: * Drain all log messages before processing next
! 470: * monitor request.
! 471: */
! 472: monitor_read_log(pmonitor);
! 473: continue;
! 474: }
! 475: if (pfd[0].revents)
! 476: break; /* Continues below */
! 477: }
1.1 provos 478:
479: buffer_init(&m);
480:
1.11 mouring 481: mm_request_receive(pmonitor->m_sendfd, &m);
1.1 provos 482: type = buffer_get_char(&m);
483:
1.14 markus 484: debug3("%s: checking request %d", __func__, type);
1.1 provos 485:
486: while (ent->f != NULL) {
487: if (ent->type == type)
488: break;
489: ent++;
490: }
491:
492: if (ent->f != NULL) {
493: if (!(ent->flags & MON_PERMIT))
1.14 markus 494: fatal("%s: unpermitted request %d", __func__,
1.1 provos 495: type);
1.11 mouring 496: ret = (*ent->f)(pmonitor->m_sendfd, &m);
1.1 provos 497: buffer_free(&m);
498:
499: /* The child may use this request only once, disable it */
500: if (ent->flags & MON_ONCE) {
1.14 markus 501: debug2("%s: %d used once, disabling now", __func__,
1.1 provos 502: type);
503: ent->flags &= ~MON_PERMIT;
504: }
505:
506: if (pent != NULL)
507: *pent = ent;
1.3 markus 508:
1.1 provos 509: return ret;
510: }
511:
1.14 markus 512: fatal("%s: unsupported request: %d", __func__, type);
1.1 provos 513:
514: /* NOTREACHED */
515: return (-1);
516: }
517:
518: /* allowed key state */
519: static int
520: monitor_allowed_key(u_char *blob, u_int bloblen)
521: {
522: /* make sure key is allowed */
523: if (key_blob == NULL || key_bloblen != bloblen ||
1.108 djm 524: timingsafe_bcmp(key_blob, blob, key_bloblen))
1.1 provos 525: return (0);
526: return (1);
527: }
528:
529: static void
530: monitor_reset_key_state(void)
531: {
532: /* reset state */
533: if (key_blob != NULL)
534: xfree(key_blob);
535: if (hostbased_cuser != NULL)
536: xfree(hostbased_cuser);
537: if (hostbased_chost != NULL)
538: xfree(hostbased_chost);
539: key_blob = NULL;
540: key_bloblen = 0;
541: key_blobtype = MM_NOKEY;
542: hostbased_cuser = NULL;
543: hostbased_chost = NULL;
544: }
545:
546: int
1.59 avsm 547: mm_answer_moduli(int sock, Buffer *m)
1.1 provos 548: {
549: DH *dh;
550: int min, want, max;
551:
552: min = buffer_get_int(m);
553: want = buffer_get_int(m);
554: max = buffer_get_int(m);
555:
556: debug3("%s: got parameters: %d %d %d",
1.14 markus 557: __func__, min, want, max);
1.1 provos 558: /* We need to check here, too, in case the child got corrupted */
559: if (max < min || want < min || max < want)
560: fatal("%s: bad parameters: %d %d %d",
1.14 markus 561: __func__, min, want, max);
1.1 provos 562:
563: buffer_clear(m);
564:
565: dh = choose_dh(min, want, max);
566: if (dh == NULL) {
567: buffer_put_char(m, 0);
568: return (0);
569: } else {
570: /* Send first bignum */
571: buffer_put_char(m, 1);
572: buffer_put_bignum2(m, dh->p);
573: buffer_put_bignum2(m, dh->g);
1.3 markus 574:
1.1 provos 575: DH_free(dh);
576: }
1.59 avsm 577: mm_request_send(sock, MONITOR_ANS_MODULI, m);
1.1 provos 578: return (0);
579: }
580:
581: int
1.59 avsm 582: mm_answer_sign(int sock, Buffer *m)
1.1 provos 583: {
584: Key *key;
585: u_char *p;
586: u_char *signature;
587: u_int siglen, datlen;
588: int keyid;
1.3 markus 589:
1.14 markus 590: debug3("%s", __func__);
1.1 provos 591:
1.3 markus 592: keyid = buffer_get_int(m);
593: p = buffer_get_string(m, &datlen);
1.1 provos 594:
1.69 djm 595: /*
1.110 djm 596: * Supported KEX types use SHA1 (20 bytes), SHA256 (32 bytes),
597: * SHA384 (48 bytes) and SHA512 (64 bytes).
1.69 djm 598: */
1.110 djm 599: if (datlen != 20 && datlen != 32 && datlen != 48 && datlen != 64)
1.19 deraadt 600: fatal("%s: data length incorrect: %u", __func__, datlen);
1.1 provos 601:
1.13 markus 602: /* save session id, it will be passed on the first call */
603: if (session_id2_len == 0) {
604: session_id2_len = datlen;
605: session_id2 = xmalloc(session_id2_len);
606: memcpy(session_id2, p, session_id2_len);
607: }
608:
1.1 provos 609: if ((key = get_hostkey_by_index(keyid)) == NULL)
1.14 markus 610: fatal("%s: no hostkey from index %d", __func__, keyid);
1.1 provos 611: if (key_sign(key, &signature, &siglen, p, datlen) < 0)
1.14 markus 612: fatal("%s: key_sign failed", __func__);
1.1 provos 613:
1.19 deraadt 614: debug3("%s: signature %p(%u)", __func__, signature, siglen);
1.1 provos 615:
616: buffer_clear(m);
617: buffer_put_string(m, signature, siglen);
618:
619: xfree(p);
620: xfree(signature);
621:
1.59 avsm 622: mm_request_send(sock, MONITOR_ANS_SIGN, m);
1.1 provos 623:
624: /* Turn on permissions for getpwnam */
625: monitor_permit(mon_dispatch, MONITOR_REQ_PWNAM, 1);
626:
627: return (0);
628: }
629:
630: /* Retrieves the password entry and also checks if the user is permitted */
631:
632: int
1.59 avsm 633: mm_answer_pwnamallow(int sock, Buffer *m)
1.1 provos 634: {
1.60 dtucker 635: char *username;
1.1 provos 636: struct passwd *pwent;
637: int allowed = 0;
1.113 djm 638: u_int i;
1.3 markus 639:
1.14 markus 640: debug3("%s", __func__);
1.1 provos 641:
642: if (authctxt->attempt++ != 0)
1.14 markus 643: fatal("%s: multiple attempts for getpwnam", __func__);
1.1 provos 644:
1.60 dtucker 645: username = buffer_get_string(m, NULL);
1.1 provos 646:
1.60 dtucker 647: pwent = getpwnamallow(username);
1.1 provos 648:
1.60 dtucker 649: authctxt->user = xstrdup(username);
650: setproctitle("%s [priv]", pwent ? username : "unknown");
651: xfree(username);
1.1 provos 652:
653: buffer_clear(m);
654:
655: if (pwent == NULL) {
656: buffer_put_char(m, 0);
1.53 djm 657: authctxt->pw = fakepw();
1.1 provos 658: goto out;
659: }
660:
661: allowed = 1;
1.4 markus 662: authctxt->pw = pwent;
1.1 provos 663: authctxt->valid = 1;
664:
665: buffer_put_char(m, 1);
666: buffer_put_string(m, pwent, sizeof(struct passwd));
667: buffer_put_cstring(m, pwent->pw_name);
668: buffer_put_cstring(m, "*");
669: buffer_put_cstring(m, pwent->pw_gecos);
670: buffer_put_cstring(m, pwent->pw_class);
671: buffer_put_cstring(m, pwent->pw_dir);
672: buffer_put_cstring(m, pwent->pw_shell);
1.94 dtucker 673:
674: out:
1.90 dtucker 675: buffer_put_string(m, &options, sizeof(options));
1.112 djm 676:
677: #define M_CP_STROPT(x) do { \
678: if (options.x != NULL) \
679: buffer_put_cstring(m, options.x); \
680: } while (0)
1.113 djm 681: #define M_CP_STRARRAYOPT(x, nx) do { \
682: for (i = 0; i < options.nx; i++) \
683: buffer_put_cstring(m, options.x[i]); \
684: } while (0)
1.112 djm 685: /* See comment in servconf.h */
686: COPY_MATCH_STRING_OPTS();
687: #undef M_CP_STROPT
1.113 djm 688: #undef M_CP_STRARRAYOPT
1.112 djm 689:
1.14 markus 690: debug3("%s: sending MONITOR_ANS_PWNAM: %d", __func__, allowed);
1.59 avsm 691: mm_request_send(sock, MONITOR_ANS_PWNAM, m);
1.1 provos 692:
693: /* For SSHv1 allow authentication now */
694: if (!compat20)
695: monitor_permit_authentications(1);
1.10 djm 696: else {
1.1 provos 697: /* Allow service/style information on the auth context */
698: monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1);
1.10 djm 699: monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1);
700: }
701:
702: return (0);
703: }
704:
1.59 avsm 705: int mm_answer_auth2_read_banner(int sock, Buffer *m)
1.10 djm 706: {
707: char *banner;
708:
709: buffer_clear(m);
710: banner = auth2_read_banner();
711: buffer_put_cstring(m, banner != NULL ? banner : "");
1.59 avsm 712: mm_request_send(sock, MONITOR_ANS_AUTH2_READ_BANNER, m);
1.1 provos 713:
1.10 djm 714: if (banner != NULL)
1.21 deraadt 715: xfree(banner);
1.1 provos 716:
717: return (0);
718: }
719:
720: int
1.59 avsm 721: mm_answer_authserv(int sock, Buffer *m)
1.1 provos 722: {
723: monitor_permit_authentications(1);
724:
725: authctxt->service = buffer_get_string(m, NULL);
726: authctxt->style = buffer_get_string(m, NULL);
1.6 stevesk 727: debug3("%s: service=%s, style=%s",
1.14 markus 728: __func__, authctxt->service, authctxt->style);
1.6 stevesk 729:
1.1 provos 730: if (strlen(authctxt->style) == 0) {
731: xfree(authctxt->style);
732: authctxt->style = NULL;
733: }
734:
735: return (0);
736: }
737:
738: int
1.59 avsm 739: mm_answer_authpassword(int sock, Buffer *m)
1.1 provos 740: {
741: static int call_count;
742: char *passwd;
1.22 stevesk 743: int authenticated;
744: u_int plen;
1.1 provos 745:
746: passwd = buffer_get_string(m, &plen);
747: /* Only authenticate if the context is valid */
1.12 markus 748: authenticated = options.password_authentication &&
1.48 markus 749: auth_password(authctxt, passwd);
1.1 provos 750: memset(passwd, 0, strlen(passwd));
751: xfree(passwd);
752:
753: buffer_clear(m);
754: buffer_put_int(m, authenticated);
755:
1.14 markus 756: debug3("%s: sending result %d", __func__, authenticated);
1.59 avsm 757: mm_request_send(sock, MONITOR_ANS_AUTHPASSWORD, m);
1.1 provos 758:
759: call_count++;
760: if (plen == 0 && call_count == 1)
761: auth_method = "none";
762: else
763: auth_method = "password";
764:
765: /* Causes monitor loop to terminate if authenticated */
766: return (authenticated);
767: }
768:
769: int
1.59 avsm 770: mm_answer_bsdauthquery(int sock, Buffer *m)
1.1 provos 771: {
772: char *name, *infotxt;
773: u_int numprompts;
774: u_int *echo_on;
775: char **prompts;
1.31 markus 776: u_int success;
1.1 provos 777:
1.31 markus 778: success = bsdauth_query(authctxt, &name, &infotxt, &numprompts,
779: &prompts, &echo_on) < 0 ? 0 : 1;
1.1 provos 780:
781: buffer_clear(m);
1.31 markus 782: buffer_put_int(m, success);
783: if (success)
1.1 provos 784: buffer_put_cstring(m, prompts[0]);
785:
1.31 markus 786: debug3("%s: sending challenge success: %u", __func__, success);
1.59 avsm 787: mm_request_send(sock, MONITOR_ANS_BSDAUTHQUERY, m);
1.1 provos 788:
1.31 markus 789: if (success) {
1.1 provos 790: xfree(name);
791: xfree(infotxt);
792: xfree(prompts);
793: xfree(echo_on);
794: }
795:
796: return (0);
797: }
798:
799: int
1.59 avsm 800: mm_answer_bsdauthrespond(int sock, Buffer *m)
1.1 provos 801: {
802: char *response;
803: int authok;
804:
805: if (authctxt->as == 0)
1.14 markus 806: fatal("%s: no bsd auth session", __func__);
1.1 provos 807:
808: response = buffer_get_string(m, NULL);
1.12 markus 809: authok = options.challenge_response_authentication &&
810: auth_userresponse(authctxt->as, response, 0);
1.1 provos 811: authctxt->as = NULL;
1.14 markus 812: debug3("%s: <%s> = <%d>", __func__, response, authok);
1.1 provos 813: xfree(response);
814:
815: buffer_clear(m);
816: buffer_put_int(m, authok);
817:
1.14 markus 818: debug3("%s: sending authenticated: %d", __func__, authok);
1.59 avsm 819: mm_request_send(sock, MONITOR_ANS_BSDAUTHRESPOND, m);
1.1 provos 820:
821: auth_method = "bsdauth";
822:
823: return (authok != 0);
824: }
825:
826: int
1.59 avsm 827: mm_answer_keyallowed(int sock, Buffer *m)
1.1 provos 828: {
829: Key *key;
1.26 markus 830: char *cuser, *chost;
831: u_char *blob;
1.1 provos 832: u_int bloblen;
833: enum mm_keytype type = 0;
834: int allowed = 0;
835:
1.14 markus 836: debug3("%s entering", __func__);
1.3 markus 837:
1.1 provos 838: type = buffer_get_int(m);
839: cuser = buffer_get_string(m, NULL);
840: chost = buffer_get_string(m, NULL);
841: blob = buffer_get_string(m, &bloblen);
842:
843: key = key_from_blob(blob, bloblen);
844:
845: if ((compat20 && type == MM_RSAHOSTKEY) ||
846: (!compat20 && type != MM_RSAHOSTKEY))
1.14 markus 847: fatal("%s: key type and protocol mismatch", __func__);
1.1 provos 848:
1.14 markus 849: debug3("%s: key_from_blob: %p", __func__, key);
1.1 provos 850:
1.51 djm 851: if (key != NULL && authctxt->valid) {
1.63 deraadt 852: switch (type) {
1.1 provos 853: case MM_USERKEY:
1.12 markus 854: allowed = options.pubkey_authentication &&
855: user_key_allowed(authctxt->pw, key);
1.77 dtucker 856: auth_method = "publickey";
1.97 dtucker 857: if (options.pubkey_authentication && allowed != 1)
858: auth_clear_options();
1.1 provos 859: break;
860: case MM_HOSTKEY:
1.12 markus 861: allowed = options.hostbased_authentication &&
862: hostbased_key_allowed(authctxt->pw,
1.1 provos 863: cuser, chost, key);
1.77 dtucker 864: auth_method = "hostbased";
1.1 provos 865: break;
866: case MM_RSAHOSTKEY:
867: key->type = KEY_RSA1; /* XXX */
1.12 markus 868: allowed = options.rhosts_rsa_authentication &&
869: auth_rhosts_rsa_key_allowed(authctxt->pw,
1.1 provos 870: cuser, chost, key);
1.97 dtucker 871: if (options.rhosts_rsa_authentication && allowed != 1)
872: auth_clear_options();
1.77 dtucker 873: auth_method = "rsa";
1.1 provos 874: break;
875: default:
1.14 markus 876: fatal("%s: unknown key type %d", __func__, type);
1.1 provos 877: break;
878: }
1.33 markus 879: }
880: if (key != NULL)
1.1 provos 881: key_free(key);
882:
883: /* clear temporarily storage (used by verify) */
884: monitor_reset_key_state();
885:
886: if (allowed) {
887: /* Save temporarily for comparison in verify */
888: key_blob = blob;
889: key_bloblen = bloblen;
890: key_blobtype = type;
891: hostbased_cuser = cuser;
892: hostbased_chost = chost;
1.72 djm 893: } else {
1.77 dtucker 894: /* Log failed attempt */
895: auth_log(authctxt, 0, auth_method, compat20 ? " ssh2" : "");
1.72 djm 896: xfree(blob);
897: xfree(cuser);
898: xfree(chost);
1.1 provos 899: }
900:
901: debug3("%s: key %p is %s",
1.98 dtucker 902: __func__, key, allowed ? "allowed" : "not allowed");
1.1 provos 903:
904: buffer_clear(m);
905: buffer_put_int(m, allowed);
1.32 markus 906: buffer_put_int(m, forced_command != NULL);
1.1 provos 907:
1.59 avsm 908: mm_request_send(sock, MONITOR_ANS_KEYALLOWED, m);
1.1 provos 909:
910: if (type == MM_RSAHOSTKEY)
911: monitor_permit(mon_dispatch, MONITOR_REQ_RSACHALLENGE, allowed);
912:
913: return (0);
914: }
915:
916: static int
917: monitor_valid_userblob(u_char *data, u_int datalen)
918: {
919: Buffer b;
1.26 markus 920: char *p;
1.1 provos 921: u_int len;
922: int fail = 0;
923:
924: buffer_init(&b);
925: buffer_append(&b, data, datalen);
1.3 markus 926:
1.1 provos 927: if (datafellows & SSH_OLD_SESSIONID) {
1.13 markus 928: p = buffer_ptr(&b);
929: len = buffer_len(&b);
930: if ((session_id2 == NULL) ||
931: (len < session_id2_len) ||
1.108 djm 932: (timingsafe_bcmp(p, session_id2, session_id2_len) != 0))
1.13 markus 933: fail++;
1.1 provos 934: buffer_consume(&b, session_id2_len);
935: } else {
1.13 markus 936: p = buffer_get_string(&b, &len);
937: if ((session_id2 == NULL) ||
938: (len != session_id2_len) ||
1.108 djm 939: (timingsafe_bcmp(p, session_id2, session_id2_len) != 0))
1.1 provos 940: fail++;
1.13 markus 941: xfree(p);
1.1 provos 942: }
943: if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST)
944: fail++;
945: p = buffer_get_string(&b, NULL);
946: if (strcmp(authctxt->user, p) != 0) {
1.38 itojun 947: logit("wrong user name passed to monitor: expected %s != %.100s",
1.1 provos 948: authctxt->user, p);
949: fail++;
950: }
951: xfree(p);
952: buffer_skip_string(&b);
953: if (datafellows & SSH_BUG_PKAUTH) {
954: if (!buffer_get_char(&b))
955: fail++;
956: } else {
957: p = buffer_get_string(&b, NULL);
958: if (strcmp("publickey", p) != 0)
959: fail++;
960: xfree(p);
961: if (!buffer_get_char(&b))
962: fail++;
963: buffer_skip_string(&b);
964: }
965: buffer_skip_string(&b);
966: if (buffer_len(&b) != 0)
967: fail++;
968: buffer_free(&b);
969: return (fail == 0);
970: }
971:
972: static int
1.26 markus 973: monitor_valid_hostbasedblob(u_char *data, u_int datalen, char *cuser,
974: char *chost)
1.1 provos 975: {
976: Buffer b;
1.26 markus 977: char *p;
1.1 provos 978: u_int len;
979: int fail = 0;
980:
981: buffer_init(&b);
982: buffer_append(&b, data, datalen);
1.3 markus 983:
1.13 markus 984: p = buffer_get_string(&b, &len);
985: if ((session_id2 == NULL) ||
986: (len != session_id2_len) ||
1.108 djm 987: (timingsafe_bcmp(p, session_id2, session_id2_len) != 0))
1.1 provos 988: fail++;
1.13 markus 989: xfree(p);
990:
1.1 provos 991: if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST)
992: fail++;
993: p = buffer_get_string(&b, NULL);
994: if (strcmp(authctxt->user, p) != 0) {
1.38 itojun 995: logit("wrong user name passed to monitor: expected %s != %.100s",
1.1 provos 996: authctxt->user, p);
997: fail++;
998: }
999: xfree(p);
1000: buffer_skip_string(&b); /* service */
1001: p = buffer_get_string(&b, NULL);
1002: if (strcmp(p, "hostbased") != 0)
1003: fail++;
1004: xfree(p);
1005: buffer_skip_string(&b); /* pkalg */
1006: buffer_skip_string(&b); /* pkblob */
1007:
1008: /* verify client host, strip trailing dot if necessary */
1009: p = buffer_get_string(&b, NULL);
1010: if (((len = strlen(p)) > 0) && p[len - 1] == '.')
1011: p[len - 1] = '\0';
1012: if (strcmp(p, chost) != 0)
1013: fail++;
1014: xfree(p);
1015:
1016: /* verify client user */
1017: p = buffer_get_string(&b, NULL);
1018: if (strcmp(p, cuser) != 0)
1019: fail++;
1020: xfree(p);
1021:
1022: if (buffer_len(&b) != 0)
1023: fail++;
1024: buffer_free(&b);
1025: return (fail == 0);
1026: }
1027:
1028: int
1.59 avsm 1029: mm_answer_keyverify(int sock, Buffer *m)
1.1 provos 1030: {
1031: Key *key;
1032: u_char *signature, *data, *blob;
1033: u_int signaturelen, datalen, bloblen;
1034: int verified = 0;
1035: int valid_data = 0;
1036:
1037: blob = buffer_get_string(m, &bloblen);
1038: signature = buffer_get_string(m, &signaturelen);
1039: data = buffer_get_string(m, &datalen);
1040:
1041: if (hostbased_cuser == NULL || hostbased_chost == NULL ||
1.8 mouring 1042: !monitor_allowed_key(blob, bloblen))
1.14 markus 1043: fatal("%s: bad key, not previously allowed", __func__);
1.1 provos 1044:
1045: key = key_from_blob(blob, bloblen);
1046: if (key == NULL)
1.14 markus 1047: fatal("%s: bad public key blob", __func__);
1.1 provos 1048:
1049: switch (key_blobtype) {
1050: case MM_USERKEY:
1051: valid_data = monitor_valid_userblob(data, datalen);
1052: break;
1053: case MM_HOSTKEY:
1054: valid_data = monitor_valid_hostbasedblob(data, datalen,
1055: hostbased_cuser, hostbased_chost);
1056: break;
1057: default:
1058: valid_data = 0;
1059: break;
1060: }
1061: if (!valid_data)
1.14 markus 1062: fatal("%s: bad signature data blob", __func__);
1.1 provos 1063:
1064: verified = key_verify(key, signature, signaturelen, data, datalen);
1065: debug3("%s: key %p signature %s",
1.89 markus 1066: __func__, key, (verified == 1) ? "verified" : "unverified");
1.1 provos 1067:
1068: key_free(key);
1069: xfree(blob);
1070: xfree(signature);
1071: xfree(data);
1072:
1.17 stevesk 1073: auth_method = key_blobtype == MM_USERKEY ? "publickey" : "hostbased";
1074:
1.1 provos 1075: monitor_reset_key_state();
1.3 markus 1076:
1.1 provos 1077: buffer_clear(m);
1078: buffer_put_int(m, verified);
1.59 avsm 1079: mm_request_send(sock, MONITOR_ANS_KEYVERIFY, m);
1.1 provos 1080:
1.89 markus 1081: return (verified == 1);
1.1 provos 1082: }
1083:
1.2 markus 1084: static void
1.1 provos 1085: mm_record_login(Session *s, struct passwd *pw)
1086: {
1087: socklen_t fromlen;
1088: struct sockaddr_storage from;
1089:
1090: /*
1091: * Get IP address of client. If the connection is not a socket, let
1092: * the address be 0.0.0.0.
1093: */
1094: memset(&from, 0, sizeof(from));
1.24 stevesk 1095: fromlen = sizeof(from);
1.1 provos 1096: if (packet_connection_is_on_socket()) {
1097: if (getpeername(packet_get_connection_in(),
1.74 deraadt 1098: (struct sockaddr *)&from, &fromlen) < 0) {
1.1 provos 1099: debug("getpeername: %.100s", strerror(errno));
1.50 markus 1100: cleanup_exit(255);
1.1 provos 1101: }
1102: }
1103: /* Record that there was a login on that tty from the remote host. */
1104: record_login(s->pid, s->tty, pw->pw_name, pw->pw_uid,
1.42 markus 1105: get_remote_name_or_ip(utmp_len, options.use_dns),
1.24 stevesk 1106: (struct sockaddr *)&from, fromlen);
1.1 provos 1107: }
1108:
1109: static void
1110: mm_session_close(Session *s)
1111: {
1.41 djm 1112: debug3("%s: session %d pid %ld", __func__, s->self, (long)s->pid);
1.1 provos 1113: if (s->ttyfd != -1) {
1.86 stevesk 1114: debug3("%s: tty %s ptyfd %d", __func__, s->tty, s->ptyfd);
1.1 provos 1115: session_pty_cleanup2(s);
1116: }
1.96 djm 1117: session_unused(s->self);
1.1 provos 1118: }
1119:
1120: int
1.59 avsm 1121: mm_answer_pty(int sock, Buffer *m)
1.1 provos 1122: {
1.11 mouring 1123: extern struct monitor *pmonitor;
1.1 provos 1124: Session *s;
1125: int res, fd0;
1126:
1.14 markus 1127: debug3("%s entering", __func__);
1.1 provos 1128:
1129: buffer_clear(m);
1130: s = session_new();
1131: if (s == NULL)
1132: goto error;
1133: s->authctxt = authctxt;
1134: s->pw = authctxt->pw;
1.11 mouring 1135: s->pid = pmonitor->m_pid;
1.1 provos 1136: res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty));
1137: if (res == 0)
1138: goto error;
1139: pty_setowner(authctxt->pw, s->tty);
1140:
1141: buffer_put_int(m, 1);
1142: buffer_put_cstring(m, s->tty);
1143:
1144: /* We need to trick ttyslot */
1145: if (dup2(s->ttyfd, 0) == -1)
1.14 markus 1146: fatal("%s: dup2", __func__);
1.1 provos 1147:
1148: mm_record_login(s, authctxt->pw);
1149:
1150: /* Now we can close the file descriptor again */
1151: close(0);
1.61 dtucker 1152:
1153: /* send messages generated by record_login */
1154: buffer_put_string(m, buffer_ptr(&loginmsg), buffer_len(&loginmsg));
1155: buffer_clear(&loginmsg);
1156:
1157: mm_request_send(sock, MONITOR_ANS_PTY, m);
1158:
1.92 djm 1159: if (mm_send_fd(sock, s->ptyfd) == -1 ||
1160: mm_send_fd(sock, s->ttyfd) == -1)
1161: fatal("%s: send fds failed", __func__);
1.1 provos 1162:
1163: /* make sure nothing uses fd 0 */
1164: if ((fd0 = open(_PATH_DEVNULL, O_RDONLY)) < 0)
1.14 markus 1165: fatal("%s: open(/dev/null): %s", __func__, strerror(errno));
1.1 provos 1166: if (fd0 != 0)
1.14 markus 1167: error("%s: fd0 %d != 0", __func__, fd0);
1.1 provos 1168:
1169: /* slave is not needed */
1170: close(s->ttyfd);
1171: s->ttyfd = s->ptyfd;
1172: /* no need to dup() because nobody closes ptyfd */
1173: s->ptymaster = s->ptyfd;
1174:
1.86 stevesk 1175: debug3("%s: tty %s ptyfd %d", __func__, s->tty, s->ttyfd);
1.1 provos 1176:
1177: return (0);
1178:
1179: error:
1180: if (s != NULL)
1181: mm_session_close(s);
1182: buffer_put_int(m, 0);
1.59 avsm 1183: mm_request_send(sock, MONITOR_ANS_PTY, m);
1.1 provos 1184: return (0);
1185: }
1186:
1187: int
1.59 avsm 1188: mm_answer_pty_cleanup(int sock, Buffer *m)
1.1 provos 1189: {
1190: Session *s;
1191: char *tty;
1192:
1.14 markus 1193: debug3("%s entering", __func__);
1.1 provos 1194:
1195: tty = buffer_get_string(m, NULL);
1196: if ((s = session_by_tty(tty)) != NULL)
1197: mm_session_close(s);
1198: buffer_clear(m);
1199: xfree(tty);
1200: return (0);
1201: }
1202:
1203: int
1.59 avsm 1204: mm_answer_sesskey(int sock, Buffer *m)
1.1 provos 1205: {
1206: BIGNUM *p;
1207: int rsafail;
1208:
1209: /* Turn off permissions */
1.62 dtucker 1210: monitor_permit(mon_dispatch, MONITOR_REQ_SESSKEY, 0);
1.1 provos 1211:
1212: if ((p = BN_new()) == NULL)
1.14 markus 1213: fatal("%s: BN_new", __func__);
1.1 provos 1214:
1215: buffer_get_bignum2(m, p);
1216:
1217: rsafail = ssh1_session_key(p);
1218:
1219: buffer_clear(m);
1220: buffer_put_int(m, rsafail);
1221: buffer_put_bignum2(m, p);
1222:
1223: BN_clear_free(p);
1224:
1.59 avsm 1225: mm_request_send(sock, MONITOR_ANS_SESSKEY, m);
1.1 provos 1226:
1227: /* Turn on permissions for sessid passing */
1228: monitor_permit(mon_dispatch, MONITOR_REQ_SESSID, 1);
1229:
1230: return (0);
1231: }
1232:
1233: int
1.59 avsm 1234: mm_answer_sessid(int sock, Buffer *m)
1.1 provos 1235: {
1236: int i;
1237:
1.14 markus 1238: debug3("%s entering", __func__);
1.1 provos 1239:
1240: if (buffer_len(m) != 16)
1.14 markus 1241: fatal("%s: bad ssh1 session id", __func__);
1.1 provos 1242: for (i = 0; i < 16; i++)
1243: session_id[i] = buffer_get_char(m);
1244:
1245: /* Turn on permissions for getpwnam */
1246: monitor_permit(mon_dispatch, MONITOR_REQ_PWNAM, 1);
1247:
1248: return (0);
1249: }
1250:
1251: int
1.59 avsm 1252: mm_answer_rsa_keyallowed(int sock, Buffer *m)
1.1 provos 1253: {
1254: BIGNUM *client_n;
1255: Key *key = NULL;
1.3 markus 1256: u_char *blob = NULL;
1257: u_int blen = 0;
1.1 provos 1258: int allowed = 0;
1259:
1.14 markus 1260: debug3("%s entering", __func__);
1.1 provos 1261:
1.77 dtucker 1262: auth_method = "rsa";
1.12 markus 1263: if (options.rsa_authentication && authctxt->valid) {
1.1 provos 1264: if ((client_n = BN_new()) == NULL)
1.14 markus 1265: fatal("%s: BN_new", __func__);
1.1 provos 1266: buffer_get_bignum2(m, client_n);
1267: allowed = auth_rsa_key_allowed(authctxt->pw, client_n, &key);
1268: BN_clear_free(client_n);
1269: }
1270: buffer_clear(m);
1271: buffer_put_int(m, allowed);
1.32 markus 1272: buffer_put_int(m, forced_command != NULL);
1.1 provos 1273:
1274: /* clear temporarily storage (used by generate challenge) */
1275: monitor_reset_key_state();
1276:
1277: if (allowed && key != NULL) {
1278: key->type = KEY_RSA; /* cheat for key_to_blob */
1279: if (key_to_blob(key, &blob, &blen) == 0)
1.14 markus 1280: fatal("%s: key_to_blob failed", __func__);
1.1 provos 1281: buffer_put_string(m, blob, blen);
1282:
1283: /* Save temporarily for comparison in verify */
1284: key_blob = blob;
1285: key_bloblen = blen;
1286: key_blobtype = MM_RSAUSERKEY;
1.33 markus 1287: }
1288: if (key != NULL)
1.1 provos 1289: key_free(key);
1290:
1.59 avsm 1291: mm_request_send(sock, MONITOR_ANS_RSAKEYALLOWED, m);
1.1 provos 1292:
1293: monitor_permit(mon_dispatch, MONITOR_REQ_RSACHALLENGE, allowed);
1294: monitor_permit(mon_dispatch, MONITOR_REQ_RSARESPONSE, 0);
1295: return (0);
1296: }
1297:
1298: int
1.59 avsm 1299: mm_answer_rsa_challenge(int sock, Buffer *m)
1.1 provos 1300: {
1301: Key *key = NULL;
1.3 markus 1302: u_char *blob;
1303: u_int blen;
1.1 provos 1304:
1.14 markus 1305: debug3("%s entering", __func__);
1.1 provos 1306:
1307: if (!authctxt->valid)
1.14 markus 1308: fatal("%s: authctxt not valid", __func__);
1.1 provos 1309: blob = buffer_get_string(m, &blen);
1310: if (!monitor_allowed_key(blob, blen))
1.14 markus 1311: fatal("%s: bad key, not previously allowed", __func__);
1.1 provos 1312: if (key_blobtype != MM_RSAUSERKEY && key_blobtype != MM_RSAHOSTKEY)
1.14 markus 1313: fatal("%s: key type mismatch", __func__);
1.1 provos 1314: if ((key = key_from_blob(blob, blen)) == NULL)
1.14 markus 1315: fatal("%s: received bad key", __func__);
1.101 djm 1316: if (key->type != KEY_RSA)
1317: fatal("%s: received bad key type %d", __func__, key->type);
1318: key->type = KEY_RSA1;
1.1 provos 1319: if (ssh1_challenge)
1320: BN_clear_free(ssh1_challenge);
1321: ssh1_challenge = auth_rsa_generate_challenge(key);
1322:
1323: buffer_clear(m);
1324: buffer_put_bignum2(m, ssh1_challenge);
1325:
1.14 markus 1326: debug3("%s sending reply", __func__);
1.59 avsm 1327: mm_request_send(sock, MONITOR_ANS_RSACHALLENGE, m);
1.1 provos 1328:
1329: monitor_permit(mon_dispatch, MONITOR_REQ_RSARESPONSE, 1);
1.33 markus 1330:
1331: xfree(blob);
1332: key_free(key);
1.1 provos 1333: return (0);
1334: }
1335:
1336: int
1.59 avsm 1337: mm_answer_rsa_response(int sock, Buffer *m)
1.1 provos 1338: {
1339: Key *key = NULL;
1.3 markus 1340: u_char *blob, *response;
1341: u_int blen, len;
1342: int success;
1.1 provos 1343:
1.14 markus 1344: debug3("%s entering", __func__);
1.1 provos 1345:
1346: if (!authctxt->valid)
1.14 markus 1347: fatal("%s: authctxt not valid", __func__);
1.1 provos 1348: if (ssh1_challenge == NULL)
1.14 markus 1349: fatal("%s: no ssh1_challenge", __func__);
1.1 provos 1350:
1351: blob = buffer_get_string(m, &blen);
1352: if (!monitor_allowed_key(blob, blen))
1.14 markus 1353: fatal("%s: bad key, not previously allowed", __func__);
1.1 provos 1354: if (key_blobtype != MM_RSAUSERKEY && key_blobtype != MM_RSAHOSTKEY)
1.14 markus 1355: fatal("%s: key type mismatch: %d", __func__, key_blobtype);
1.1 provos 1356: if ((key = key_from_blob(blob, blen)) == NULL)
1.14 markus 1357: fatal("%s: received bad key", __func__);
1.1 provos 1358: response = buffer_get_string(m, &len);
1359: if (len != 16)
1.14 markus 1360: fatal("%s: received bad response to challenge", __func__);
1.1 provos 1361: success = auth_rsa_verify_response(key, ssh1_challenge, response);
1362:
1.33 markus 1363: xfree(blob);
1.1 provos 1364: key_free(key);
1365: xfree(response);
1366:
1367: auth_method = key_blobtype == MM_RSAUSERKEY ? "rsa" : "rhosts-rsa";
1368:
1369: /* reset state */
1370: BN_clear_free(ssh1_challenge);
1371: ssh1_challenge = NULL;
1372: monitor_reset_key_state();
1373:
1374: buffer_clear(m);
1375: buffer_put_int(m, success);
1.59 avsm 1376: mm_request_send(sock, MONITOR_ANS_RSARESPONSE, m);
1.1 provos 1377:
1378: return (success);
1379: }
1380:
1381: int
1.59 avsm 1382: mm_answer_term(int sock, Buffer *req)
1.1 provos 1383: {
1.11 mouring 1384: extern struct monitor *pmonitor;
1.1 provos 1385: int res, status;
1386:
1.14 markus 1387: debug3("%s: tearing down sessions", __func__);
1.1 provos 1388:
1389: /* The child is terminating */
1390: session_destroy_all(&mm_session_close);
1391:
1.11 mouring 1392: while (waitpid(pmonitor->m_pid, &status, 0) == -1)
1.9 markus 1393: if (errno != EINTR)
1394: exit(1);
1.1 provos 1395:
1396: res = WIFEXITED(status) ? WEXITSTATUS(status) : 1;
1397:
1398: /* Terminate process */
1.57 deraadt 1399: exit(res);
1.1 provos 1400: }
1401:
1402: void
1.11 mouring 1403: monitor_apply_keystate(struct monitor *pmonitor)
1.1 provos 1404: {
1405: if (compat20) {
1406: set_newkeys(MODE_IN);
1407: set_newkeys(MODE_OUT);
1408: } else {
1409: packet_set_protocol_flags(child_state.ssh1protoflags);
1.15 markus 1410: packet_set_encryption_key(child_state.ssh1key,
1411: child_state.ssh1keylen, child_state.ssh1cipher);
1412: xfree(child_state.ssh1key);
1.1 provos 1413: }
1414:
1.15 markus 1415: /* for rc4 and other stateful ciphers */
1.1 provos 1416: packet_set_keycontext(MODE_OUT, child_state.keyout);
1417: xfree(child_state.keyout);
1418: packet_set_keycontext(MODE_IN, child_state.keyin);
1419: xfree(child_state.keyin);
1420:
1421: if (!compat20) {
1422: packet_set_iv(MODE_OUT, child_state.ivout);
1423: xfree(child_state.ivout);
1424: packet_set_iv(MODE_IN, child_state.ivin);
1425: xfree(child_state.ivin);
1426: }
1427:
1428: memcpy(&incoming_stream, &child_state.incoming,
1429: sizeof(incoming_stream));
1430: memcpy(&outgoing_stream, &child_state.outgoing,
1431: sizeof(outgoing_stream));
1.3 markus 1432:
1.1 provos 1433: /* Update with new address */
1.16 djm 1434: if (options.compression)
1435: mm_init_compression(pmonitor->m_zlib);
1.1 provos 1436:
1437: /* Network I/O buffers */
1438: /* XXX inefficient for large buffers, need: buffer_init_from_string */
1.102 andreas 1439: buffer_clear(packet_get_input());
1440: buffer_append(packet_get_input(), child_state.input, child_state.ilen);
1.1 provos 1441: memset(child_state.input, 0, child_state.ilen);
1442: xfree(child_state.input);
1443:
1.102 andreas 1444: buffer_clear(packet_get_output());
1445: buffer_append(packet_get_output(), child_state.output,
1446: child_state.olen);
1.1 provos 1447: memset(child_state.output, 0, child_state.olen);
1448: xfree(child_state.output);
1.103 andreas 1449:
1450: /* Roaming */
1451: if (compat20)
1452: roam_set_bytes(child_state.sent_bytes, child_state.recv_bytes);
1.1 provos 1453: }
1454:
1.2 markus 1455: static Kex *
1.1 provos 1456: mm_get_kex(Buffer *m)
1457: {
1458: Kex *kex;
1459: void *blob;
1460: u_int bloblen;
1461:
1.75 djm 1462: kex = xcalloc(1, sizeof(*kex));
1.1 provos 1463: kex->session_id = buffer_get_string(m, &kex->session_id_len);
1.107 djm 1464: if (session_id2 == NULL ||
1465: kex->session_id_len != session_id2_len ||
1.108 djm 1466: timingsafe_bcmp(kex->session_id, session_id2, session_id2_len) != 0)
1.13 markus 1467: fatal("mm_get_get: internal error: bad session id");
1.1 provos 1468: kex->we_need = buffer_get_int(m);
1.34 markus 1469: kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;
1.58 djm 1470: kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server;
1.34 markus 1471: kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
1.69 djm 1472: kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
1.109 djm 1473: kex->kex[KEX_ECDH_SHA2] = kexecdh_server;
1.1 provos 1474: kex->server = 1;
1475: kex->hostkey_type = buffer_get_int(m);
1476: kex->kex_type = buffer_get_int(m);
1477: blob = buffer_get_string(m, &bloblen);
1478: buffer_init(&kex->my);
1479: buffer_append(&kex->my, blob, bloblen);
1480: xfree(blob);
1481: blob = buffer_get_string(m, &bloblen);
1482: buffer_init(&kex->peer);
1483: buffer_append(&kex->peer, blob, bloblen);
1484: xfree(blob);
1485: kex->done = 1;
1486: kex->flags = buffer_get_int(m);
1487: kex->client_version_string = buffer_get_string(m, NULL);
1488: kex->server_version_string = buffer_get_string(m, NULL);
1.105 djm 1489: kex->load_host_public_key=&get_hostkey_public_by_type;
1490: kex->load_host_private_key=&get_hostkey_private_by_type;
1.1 provos 1491: kex->host_key_index=&get_hostkey_index;
1492:
1493: return (kex);
1494: }
1495:
1496: /* This function requries careful sanity checking */
1497:
1498: void
1.11 mouring 1499: mm_get_keystate(struct monitor *pmonitor)
1.1 provos 1500: {
1501: Buffer m;
1502: u_char *blob, *p;
1503: u_int bloblen, plen;
1.37 markus 1504: u_int32_t seqnr, packets;
1.99 markus 1505: u_int64_t blocks, bytes;
1.1 provos 1506:
1.14 markus 1507: debug3("%s: Waiting for new keys", __func__);
1.1 provos 1508:
1509: buffer_init(&m);
1.11 mouring 1510: mm_request_receive_expect(pmonitor->m_sendfd, MONITOR_REQ_KEYEXPORT, &m);
1.1 provos 1511: if (!compat20) {
1512: child_state.ssh1protoflags = buffer_get_int(&m);
1513: child_state.ssh1cipher = buffer_get_int(&m);
1.15 markus 1514: child_state.ssh1key = buffer_get_string(&m,
1515: &child_state.ssh1keylen);
1.1 provos 1516: child_state.ivout = buffer_get_string(&m,
1517: &child_state.ivoutlen);
1518: child_state.ivin = buffer_get_string(&m, &child_state.ivinlen);
1519: goto skip;
1520: } else {
1521: /* Get the Kex for rekeying */
1.11 mouring 1522: *pmonitor->m_pkex = mm_get_kex(&m);
1.1 provos 1523: }
1524:
1525: blob = buffer_get_string(&m, &bloblen);
1526: current_keys[MODE_OUT] = mm_newkeys_from_blob(blob, bloblen);
1527: xfree(blob);
1528:
1.14 markus 1529: debug3("%s: Waiting for second key", __func__);
1.1 provos 1530: blob = buffer_get_string(&m, &bloblen);
1531: current_keys[MODE_IN] = mm_newkeys_from_blob(blob, bloblen);
1532: xfree(blob);
1.3 markus 1533:
1.1 provos 1534: /* Now get sequence numbers for the packets */
1.37 markus 1535: seqnr = buffer_get_int(&m);
1536: blocks = buffer_get_int64(&m);
1537: packets = buffer_get_int(&m);
1.99 markus 1538: bytes = buffer_get_int64(&m);
1539: packet_set_state(MODE_OUT, seqnr, blocks, packets, bytes);
1.37 markus 1540: seqnr = buffer_get_int(&m);
1541: blocks = buffer_get_int64(&m);
1542: packets = buffer_get_int(&m);
1.99 markus 1543: bytes = buffer_get_int64(&m);
1544: packet_set_state(MODE_IN, seqnr, blocks, packets, bytes);
1.1 provos 1545:
1546: skip:
1547: /* Get the key context */
1548: child_state.keyout = buffer_get_string(&m, &child_state.keyoutlen);
1549: child_state.keyin = buffer_get_string(&m, &child_state.keyinlen);
1550:
1.14 markus 1551: debug3("%s: Getting compression state", __func__);
1.1 provos 1552: /* Get compression state */
1553: p = buffer_get_string(&m, &plen);
1554: if (plen != sizeof(child_state.outgoing))
1.14 markus 1555: fatal("%s: bad request size", __func__);
1.1 provos 1556: memcpy(&child_state.outgoing, p, sizeof(child_state.outgoing));
1557: xfree(p);
1558:
1559: p = buffer_get_string(&m, &plen);
1560: if (plen != sizeof(child_state.incoming))
1.14 markus 1561: fatal("%s: bad request size", __func__);
1.1 provos 1562: memcpy(&child_state.incoming, p, sizeof(child_state.incoming));
1563: xfree(p);
1564:
1565: /* Network I/O buffers */
1.14 markus 1566: debug3("%s: Getting Network I/O buffers", __func__);
1.1 provos 1567: child_state.input = buffer_get_string(&m, &child_state.ilen);
1568: child_state.output = buffer_get_string(&m, &child_state.olen);
1.103 andreas 1569:
1570: /* Roaming */
1571: if (compat20) {
1572: child_state.sent_bytes = buffer_get_int64(&m);
1573: child_state.recv_bytes = buffer_get_int64(&m);
1574: }
1.1 provos 1575:
1576: buffer_free(&m);
1577: }
1578:
1579:
1580: /* Allocation functions for zlib */
1581: void *
1582: mm_zalloc(struct mm_master *mm, u_int ncount, u_int size)
1583: {
1.30 markus 1584: size_t len = (size_t) size * ncount;
1.1 provos 1585: void *address;
1586:
1.23 millert 1587: if (len == 0 || ncount > SIZE_T_MAX / size)
1.18 deraadt 1588: fatal("%s: mm_zalloc(%u, %u)", __func__, ncount, size);
1589:
1590: address = mm_malloc(mm, len);
1.1 provos 1591:
1592: return (address);
1593: }
1594:
1595: void
1596: mm_zfree(struct mm_master *mm, void *address)
1597: {
1598: mm_free(mm, address);
1599: }
1600:
1601: void
1602: mm_init_compression(struct mm_master *mm)
1603: {
1604: outgoing_stream.zalloc = (alloc_func)mm_zalloc;
1605: outgoing_stream.zfree = (free_func)mm_zfree;
1606: outgoing_stream.opaque = mm;
1607:
1608: incoming_stream.zalloc = (alloc_func)mm_zalloc;
1609: incoming_stream.zfree = (free_func)mm_zfree;
1610: incoming_stream.opaque = mm;
1611: }
1612:
1613: /* XXX */
1614:
1615: #define FD_CLOSEONEXEC(x) do { \
1.111 djm 1616: if (fcntl(x, F_SETFD, FD_CLOEXEC) == -1) \
1.1 provos 1617: fatal("fcntl(%d, F_SETFD)", x); \
1618: } while (0)
1619:
1.2 markus 1620: static void
1.114 ! djm 1621: monitor_openfds(struct monitor *mon, int do_logfds)
1.3 markus 1622: {
1.114 ! djm 1623: int pair[2];
! 1624:
1.1 provos 1625: if (socketpair(AF_UNIX, SOCK_STREAM, 0, pair) == -1)
1.114 ! djm 1626: fatal("%s: socketpair: %s", __func__, strerror(errno));
1.1 provos 1627: FD_CLOSEONEXEC(pair[0]);
1628: FD_CLOSEONEXEC(pair[1]);
1.114 ! djm 1629: mon->m_recvfd = pair[0];
! 1630: mon->m_sendfd = pair[1];
! 1631:
! 1632: if (do_logfds) {
! 1633: if (pipe(pair) == -1)
! 1634: fatal("%s: pipe: %s", __func__, strerror(errno));
! 1635: FD_CLOSEONEXEC(pair[0]);
! 1636: FD_CLOSEONEXEC(pair[1]);
! 1637: mon->m_log_recvfd = pair[0];
! 1638: mon->m_log_sendfd = pair[1];
! 1639: } else
! 1640: mon->m_log_recvfd = mon->m_log_sendfd = -1;
1.1 provos 1641: }
1642:
1643: #define MM_MEMSIZE 65536
1644:
1645: struct monitor *
1646: monitor_init(void)
1647: {
1648: struct monitor *mon;
1649:
1.75 djm 1650: mon = xcalloc(1, sizeof(*mon));
1.1 provos 1651:
1.114 ! djm 1652: monitor_openfds(mon, 1);
1.1 provos 1653:
1654: /* Used to share zlib space across processes */
1.16 djm 1655: if (options.compression) {
1656: mon->m_zback = mm_create(NULL, MM_MEMSIZE);
1657: mon->m_zlib = mm_create(mon->m_zback, 20 * MM_MEMSIZE);
1.1 provos 1658:
1.16 djm 1659: /* Compression needs to share state across borders */
1660: mm_init_compression(mon->m_zlib);
1661: }
1.1 provos 1662:
1663: return mon;
1664: }
1665:
1666: void
1667: monitor_reinit(struct monitor *mon)
1668: {
1.114 ! djm 1669: monitor_openfds(mon, 0);
1.1 provos 1670: }
1.46 markus 1671:
1672: #ifdef GSSAPI
1673: int
1.59 avsm 1674: mm_answer_gss_setup_ctx(int sock, Buffer *m)
1.46 markus 1675: {
1.59 avsm 1676: gss_OID_desc goid;
1.46 markus 1677: OM_uint32 major;
1678: u_int len;
1679:
1.59 avsm 1680: goid.elements = buffer_get_string(m, &len);
1681: goid.length = len;
1.46 markus 1682:
1.59 avsm 1683: major = ssh_gssapi_server_ctx(&gsscontext, &goid);
1.46 markus 1684:
1.59 avsm 1685: xfree(goid.elements);
1.46 markus 1686:
1687: buffer_clear(m);
1688: buffer_put_int(m, major);
1689:
1.64 stevesk 1690: mm_request_send(sock, MONITOR_ANS_GSSSETUP, m);
1.46 markus 1691:
1692: /* Now we have a context, enable the step */
1693: monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 1);
1694:
1695: return (0);
1696: }
1697:
1698: int
1.59 avsm 1699: mm_answer_gss_accept_ctx(int sock, Buffer *m)
1.46 markus 1700: {
1701: gss_buffer_desc in;
1702: gss_buffer_desc out = GSS_C_EMPTY_BUFFER;
1.64 stevesk 1703: OM_uint32 major, minor;
1.46 markus 1704: OM_uint32 flags = 0; /* GSI needs this */
1.47 deraadt 1705: u_int len;
1.46 markus 1706:
1.47 deraadt 1707: in.value = buffer_get_string(m, &len);
1708: in.length = len;
1.46 markus 1709: major = ssh_gssapi_accept_ctx(gsscontext, &in, &out, &flags);
1710: xfree(in.value);
1711:
1712: buffer_clear(m);
1713: buffer_put_int(m, major);
1714: buffer_put_string(m, out.value, out.length);
1715: buffer_put_int(m, flags);
1.59 avsm 1716: mm_request_send(sock, MONITOR_ANS_GSSSTEP, m);
1.46 markus 1717:
1718: gss_release_buffer(&minor, &out);
1719:
1.64 stevesk 1720: if (major == GSS_S_COMPLETE) {
1.46 markus 1721: monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 0);
1722: monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1);
1.52 markus 1723: monitor_permit(mon_dispatch, MONITOR_REQ_GSSCHECKMIC, 1);
1.46 markus 1724: }
1725: return (0);
1726: }
1727:
1728: int
1.59 avsm 1729: mm_answer_gss_checkmic(int sock, Buffer *m)
1.52 markus 1730: {
1731: gss_buffer_desc gssbuf, mic;
1732: OM_uint32 ret;
1733: u_int len;
1.54 djm 1734:
1.52 markus 1735: gssbuf.value = buffer_get_string(m, &len);
1736: gssbuf.length = len;
1737: mic.value = buffer_get_string(m, &len);
1738: mic.length = len;
1.54 djm 1739:
1.52 markus 1740: ret = ssh_gssapi_checkmic(gsscontext, &gssbuf, &mic);
1.54 djm 1741:
1.52 markus 1742: xfree(gssbuf.value);
1743: xfree(mic.value);
1.54 djm 1744:
1.52 markus 1745: buffer_clear(m);
1746: buffer_put_int(m, ret);
1.54 djm 1747:
1.59 avsm 1748: mm_request_send(sock, MONITOR_ANS_GSSCHECKMIC, m);
1.54 djm 1749:
1.52 markus 1750: if (!GSS_ERROR(ret))
1751: monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1);
1.54 djm 1752:
1.52 markus 1753: return (0);
1754: }
1755:
1756: int
1.59 avsm 1757: mm_answer_gss_userok(int sock, Buffer *m)
1.46 markus 1758: {
1759: int authenticated;
1760:
1761: authenticated = authctxt->valid && ssh_gssapi_userok(authctxt->user);
1762:
1763: buffer_clear(m);
1764: buffer_put_int(m, authenticated);
1765:
1766: debug3("%s: sending result %d", __func__, authenticated);
1.59 avsm 1767: mm_request_send(sock, MONITOR_ANS_GSSUSEROK, m);
1.46 markus 1768:
1.64 stevesk 1769: auth_method = "gssapi-with-mic";
1.46 markus 1770:
1771: /* Monitor loop will terminate if authenticated */
1772: return (authenticated);
1773: }
1774: #endif /* GSSAPI */
1.100 djm 1775:
1776: #ifdef JPAKE
1777: int
1778: mm_answer_jpake_step1(int sock, Buffer *m)
1779: {
1780: struct jpake_ctx *pctx;
1781: u_char *x3_proof, *x4_proof;
1782: u_int x3_proof_len, x4_proof_len;
1783:
1784: if (!options.zero_knowledge_password_authentication)
1785: fatal("zero_knowledge_password_authentication disabled");
1786:
1787: if (authctxt->jpake_ctx != NULL)
1788: fatal("%s: authctxt->jpake_ctx already set (%p)",
1789: __func__, authctxt->jpake_ctx);
1790: authctxt->jpake_ctx = pctx = jpake_new();
1791:
1792: jpake_step1(pctx->grp,
1793: &pctx->server_id, &pctx->server_id_len,
1794: &pctx->x3, &pctx->x4, &pctx->g_x3, &pctx->g_x4,
1795: &x3_proof, &x3_proof_len,
1796: &x4_proof, &x4_proof_len);
1797:
1798: JPAKE_DEBUG_CTX((pctx, "step1 done in %s", __func__));
1799:
1800: buffer_clear(m);
1801:
1802: buffer_put_string(m, pctx->server_id, pctx->server_id_len);
1803: buffer_put_bignum2(m, pctx->g_x3);
1804: buffer_put_bignum2(m, pctx->g_x4);
1805: buffer_put_string(m, x3_proof, x3_proof_len);
1806: buffer_put_string(m, x4_proof, x4_proof_len);
1807:
1808: debug3("%s: sending step1", __func__);
1809: mm_request_send(sock, MONITOR_ANS_JPAKE_STEP1, m);
1810:
1811: bzero(x3_proof, x3_proof_len);
1812: bzero(x4_proof, x4_proof_len);
1813: xfree(x3_proof);
1814: xfree(x4_proof);
1815:
1816: monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_GET_PWDATA, 1);
1817: monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_STEP1, 0);
1818:
1819: return 0;
1820: }
1821:
1822: int
1823: mm_answer_jpake_get_pwdata(int sock, Buffer *m)
1824: {
1825: struct jpake_ctx *pctx = authctxt->jpake_ctx;
1826: char *hash_scheme, *salt;
1827:
1828: if (pctx == NULL)
1829: fatal("%s: pctx == NULL", __func__);
1830:
1831: auth2_jpake_get_pwdata(authctxt, &pctx->s, &hash_scheme, &salt);
1832:
1833: buffer_clear(m);
1834: /* pctx->s is sensitive, not returned to slave */
1835: buffer_put_cstring(m, hash_scheme);
1836: buffer_put_cstring(m, salt);
1837:
1838: debug3("%s: sending pwdata", __func__);
1839: mm_request_send(sock, MONITOR_ANS_JPAKE_GET_PWDATA, m);
1840:
1841: bzero(hash_scheme, strlen(hash_scheme));
1842: bzero(salt, strlen(salt));
1843: xfree(hash_scheme);
1844: xfree(salt);
1845:
1846: monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_STEP2, 1);
1847:
1848: return 0;
1849: }
1850:
1851: int
1852: mm_answer_jpake_step2(int sock, Buffer *m)
1853: {
1854: struct jpake_ctx *pctx = authctxt->jpake_ctx;
1855: u_char *x1_proof, *x2_proof, *x4_s_proof;
1856: u_int x1_proof_len, x2_proof_len, x4_s_proof_len;
1857:
1858: if (pctx == NULL)
1859: fatal("%s: pctx == NULL", __func__);
1860:
1861: if ((pctx->g_x1 = BN_new()) == NULL ||
1862: (pctx->g_x2 = BN_new()) == NULL)
1863: fatal("%s: BN_new", __func__);
1864: buffer_get_bignum2(m, pctx->g_x1);
1865: buffer_get_bignum2(m, pctx->g_x2);
1866: pctx->client_id = buffer_get_string(m, &pctx->client_id_len);
1867: x1_proof = buffer_get_string(m, &x1_proof_len);
1868: x2_proof = buffer_get_string(m, &x2_proof_len);
1869:
1870: jpake_step2(pctx->grp, pctx->s, pctx->g_x3,
1871: pctx->g_x1, pctx->g_x2, pctx->x4,
1872: pctx->client_id, pctx->client_id_len,
1873: pctx->server_id, pctx->server_id_len,
1874: x1_proof, x1_proof_len,
1875: x2_proof, x2_proof_len,
1876: &pctx->b,
1877: &x4_s_proof, &x4_s_proof_len);
1878:
1879: JPAKE_DEBUG_CTX((pctx, "step2 done in %s", __func__));
1880:
1881: bzero(x1_proof, x1_proof_len);
1882: bzero(x2_proof, x2_proof_len);
1883: xfree(x1_proof);
1884: xfree(x2_proof);
1885:
1886: buffer_clear(m);
1887:
1888: buffer_put_bignum2(m, pctx->b);
1889: buffer_put_string(m, x4_s_proof, x4_s_proof_len);
1890:
1891: debug3("%s: sending step2", __func__);
1892: mm_request_send(sock, MONITOR_ANS_JPAKE_STEP2, m);
1893:
1894: bzero(x4_s_proof, x4_s_proof_len);
1895: xfree(x4_s_proof);
1896:
1897: monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_KEY_CONFIRM, 1);
1898:
1899: return 0;
1900: }
1901:
1902: int
1903: mm_answer_jpake_key_confirm(int sock, Buffer *m)
1904: {
1905: struct jpake_ctx *pctx = authctxt->jpake_ctx;
1906: u_char *x2_s_proof;
1907: u_int x2_s_proof_len;
1908:
1909: if (pctx == NULL)
1910: fatal("%s: pctx == NULL", __func__);
1911:
1912: if ((pctx->a = BN_new()) == NULL)
1913: fatal("%s: BN_new", __func__);
1914: buffer_get_bignum2(m, pctx->a);
1915: x2_s_proof = buffer_get_string(m, &x2_s_proof_len);
1916:
1917: jpake_key_confirm(pctx->grp, pctx->s, pctx->a,
1918: pctx->x4, pctx->g_x3, pctx->g_x4, pctx->g_x1, pctx->g_x2,
1919: pctx->server_id, pctx->server_id_len,
1920: pctx->client_id, pctx->client_id_len,
1921: session_id2, session_id2_len,
1922: x2_s_proof, x2_s_proof_len,
1923: &pctx->k,
1924: &pctx->h_k_sid_sessid, &pctx->h_k_sid_sessid_len);
1925:
1926: JPAKE_DEBUG_CTX((pctx, "key_confirm done in %s", __func__));
1927:
1928: bzero(x2_s_proof, x2_s_proof_len);
1929: buffer_clear(m);
1930:
1931: /* pctx->k is sensitive, not sent */
1932: buffer_put_string(m, pctx->h_k_sid_sessid, pctx->h_k_sid_sessid_len);
1933:
1934: debug3("%s: sending confirmation hash", __func__);
1935: mm_request_send(sock, MONITOR_ANS_JPAKE_KEY_CONFIRM, m);
1936:
1937: monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_CHECK_CONFIRM, 1);
1938:
1939: return 0;
1940: }
1941:
1942: int
1943: mm_answer_jpake_check_confirm(int sock, Buffer *m)
1944: {
1945: int authenticated = 0;
1946: u_char *peer_confirm_hash;
1947: u_int peer_confirm_hash_len;
1948: struct jpake_ctx *pctx = authctxt->jpake_ctx;
1949:
1950: if (pctx == NULL)
1951: fatal("%s: pctx == NULL", __func__);
1952:
1953: peer_confirm_hash = buffer_get_string(m, &peer_confirm_hash_len);
1954:
1955: authenticated = jpake_check_confirm(pctx->k,
1956: pctx->client_id, pctx->client_id_len,
1957: session_id2, session_id2_len,
1958: peer_confirm_hash, peer_confirm_hash_len) && authctxt->valid;
1959:
1960: JPAKE_DEBUG_CTX((pctx, "check_confirm done in %s", __func__));
1961:
1962: bzero(peer_confirm_hash, peer_confirm_hash_len);
1963: xfree(peer_confirm_hash);
1964:
1965: buffer_clear(m);
1966: buffer_put_int(m, authenticated);
1967:
1968: debug3("%s: sending result %d", __func__, authenticated);
1969: mm_request_send(sock, MONITOR_ANS_JPAKE_CHECK_CONFIRM, m);
1970:
1971: monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_STEP1, 1);
1972:
1973: auth_method = "jpake-01@openssh.com";
1974: return authenticated;
1975: }
1976:
1977: #endif /* JPAKE */