Annotation of src/usr.bin/ssh/monitor_wrap.c, Revision 1.19.2.2
1.1 provos 1: /*
2: * Copyright 2002 Niels Provos <provos@citi.umich.edu>
3: * Copyright 2002 Markus Friedl <markus@openbsd.org>
4: * All rights reserved.
5: *
6: * Redistribution and use in source and binary forms, with or without
7: * modification, are permitted provided that the following conditions
8: * are met:
9: * 1. Redistributions of source code must retain the above copyright
10: * notice, this list of conditions and the following disclaimer.
11: * 2. Redistributions in binary form must reproduce the above copyright
12: * notice, this list of conditions and the following disclaimer in the
13: * documentation and/or other materials provided with the distribution.
14: *
15: * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
16: * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
17: * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
18: * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
19: * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
20: * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
21: * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
22: * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23: * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
24: * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25: */
26:
27: #include "includes.h"
1.19.2.2! brad 28: RCSID("$OpenBSD: monitor_wrap.c,v 1.31 2003/08/28 12:54:34 markus Exp $");
1.1 provos 29:
30: #include <openssl/bn.h>
31: #include <openssl/dh.h>
32:
33: #include "ssh.h"
34: #include "dh.h"
35: #include "kex.h"
36: #include "auth.h"
1.19.2.1 margarid 37: #include "auth-options.h"
1.1 provos 38: #include "buffer.h"
39: #include "bufaux.h"
40: #include "packet.h"
41: #include "mac.h"
42: #include "log.h"
43: #include "zlib.h"
44: #include "monitor.h"
45: #include "monitor_wrap.h"
46: #include "xmalloc.h"
47: #include "atomicio.h"
48: #include "monitor_fdpass.h"
49: #include "getput.h"
50:
51: #include "auth.h"
52: #include "channels.h"
53: #include "session.h"
54:
1.19.2.2! brad 55: #ifdef GSSAPI
! 56: #include "ssh-gss.h"
! 57: #endif
! 58:
1.1 provos 59: /* Imports */
60: extern int compat20;
61: extern Newkeys *newkeys[];
62: extern z_stream incoming_stream;
63: extern z_stream outgoing_stream;
1.7 mouring 64: extern struct monitor *pmonitor;
1.1 provos 65: extern Buffer input, output;
66:
67: void
68: mm_request_send(int socket, enum monitor_reqtype type, Buffer *m)
69: {
1.13 deraadt 70: u_int mlen = buffer_len(m);
1.1 provos 71: u_char buf[5];
72:
1.8 markus 73: debug3("%s entering: type %d", __func__, type);
1.1 provos 74:
75: PUT_32BIT(buf, mlen + 1);
1.10 deraadt 76: buf[4] = (u_char) type; /* 1st byte of payload is mesg-type */
1.19.2.2! brad 77: if (atomicio(vwrite, socket, buf, sizeof(buf)) != sizeof(buf))
1.8 markus 78: fatal("%s: write", __func__);
1.19.2.2! brad 79: if (atomicio(vwrite, socket, buffer_ptr(m), mlen) != mlen)
1.8 markus 80: fatal("%s: write", __func__);
1.1 provos 81: }
82:
83: void
84: mm_request_receive(int socket, Buffer *m)
85: {
86: u_char buf[4];
1.13 deraadt 87: u_int msg_len;
1.1 provos 88: ssize_t res;
89:
1.8 markus 90: debug3("%s entering", __func__);
1.1 provos 91:
92: res = atomicio(read, socket, buf, sizeof(buf));
93: if (res != sizeof(buf)) {
94: if (res == 0)
95: fatal_cleanup();
1.8 markus 96: fatal("%s: read: %ld", __func__, (long)res);
1.1 provos 97: }
98: msg_len = GET_32BIT(buf);
99: if (msg_len > 256 * 1024)
1.8 markus 100: fatal("%s: read: bad msg_len %d", __func__, msg_len);
1.1 provos 101: buffer_clear(m);
102: buffer_append_space(m, msg_len);
103: res = atomicio(read, socket, buffer_ptr(m), msg_len);
104: if (res != msg_len)
1.8 markus 105: fatal("%s: read: %ld != msg_len", __func__, (long)res);
1.1 provos 106: }
107:
108: void
109: mm_request_receive_expect(int socket, enum monitor_reqtype type, Buffer *m)
110: {
111: u_char rtype;
112:
1.8 markus 113: debug3("%s entering: type %d", __func__, type);
1.1 provos 114:
115: mm_request_receive(socket, m);
116: rtype = buffer_get_char(m);
117: if (rtype != type)
1.8 markus 118: fatal("%s: read: rtype %d != type %d", __func__,
1.1 provos 119: rtype, type);
120: }
121:
122: DH *
123: mm_choose_dh(int min, int nbits, int max)
124: {
125: BIGNUM *p, *g;
126: int success = 0;
127: Buffer m;
128:
129: buffer_init(&m);
130: buffer_put_int(&m, min);
131: buffer_put_int(&m, nbits);
132: buffer_put_int(&m, max);
133:
1.7 mouring 134: mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_MODULI, &m);
1.1 provos 135:
1.8 markus 136: debug3("%s: waiting for MONITOR_ANS_MODULI", __func__);
1.7 mouring 137: mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_MODULI, &m);
1.1 provos 138:
139: success = buffer_get_char(&m);
140: if (success == 0)
1.8 markus 141: fatal("%s: MONITOR_ANS_MODULI failed", __func__);
1.1 provos 142:
143: if ((p = BN_new()) == NULL)
1.8 markus 144: fatal("%s: BN_new failed", __func__);
1.3 markus 145: if ((g = BN_new()) == NULL)
1.8 markus 146: fatal("%s: BN_new failed", __func__);
1.1 provos 147: buffer_get_bignum2(&m, p);
148: buffer_get_bignum2(&m, g);
149:
1.8 markus 150: debug3("%s: remaining %d", __func__, buffer_len(&m));
1.1 provos 151: buffer_free(&m);
152:
153: return (dh_new_group(g, p));
154: }
155:
156: int
157: mm_key_sign(Key *key, u_char **sigp, u_int *lenp, u_char *data, u_int datalen)
158: {
1.7 mouring 159: Kex *kex = *pmonitor->m_pkex;
1.1 provos 160: Buffer m;
161:
1.8 markus 162: debug3("%s entering", __func__);
1.1 provos 163:
164: buffer_init(&m);
165: buffer_put_int(&m, kex->host_key_index(key));
166: buffer_put_string(&m, data, datalen);
167:
1.7 mouring 168: mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SIGN, &m);
1.1 provos 169:
1.8 markus 170: debug3("%s: waiting for MONITOR_ANS_SIGN", __func__);
1.7 mouring 171: mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_SIGN, &m);
1.1 provos 172: *sigp = buffer_get_string(&m, lenp);
173: buffer_free(&m);
174:
175: return (0);
176: }
177:
178: struct passwd *
179: mm_getpwnamallow(const char *login)
180: {
181: Buffer m;
182: struct passwd *pw;
183: u_int pwlen;
184:
1.8 markus 185: debug3("%s entering", __func__);
1.1 provos 186:
187: buffer_init(&m);
188: buffer_put_cstring(&m, login);
189:
1.7 mouring 190: mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PWNAM, &m);
1.1 provos 191:
1.8 markus 192: debug3("%s: waiting for MONITOR_ANS_PWNAM", __func__);
1.7 mouring 193: mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PWNAM, &m);
1.1 provos 194:
195: if (buffer_get_char(&m) == 0) {
196: buffer_free(&m);
197: return (NULL);
198: }
199: pw = buffer_get_string(&m, &pwlen);
200: if (pwlen != sizeof(struct passwd))
1.8 markus 201: fatal("%s: struct passwd size mismatch", __func__);
1.1 provos 202: pw->pw_name = buffer_get_string(&m, NULL);
203: pw->pw_passwd = buffer_get_string(&m, NULL);
204: pw->pw_gecos = buffer_get_string(&m, NULL);
205: pw->pw_class = buffer_get_string(&m, NULL);
206: pw->pw_dir = buffer_get_string(&m, NULL);
207: pw->pw_shell = buffer_get_string(&m, NULL);
208: buffer_free(&m);
209:
210: return (pw);
1.6 djm 211: }
212:
1.14 deraadt 213: char *mm_auth2_read_banner(void)
1.6 djm 214: {
215: Buffer m;
216: char *banner;
217:
1.8 markus 218: debug3("%s entering", __func__);
1.6 djm 219:
220: buffer_init(&m);
1.7 mouring 221: mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTH2_READ_BANNER, &m);
1.6 djm 222: buffer_clear(&m);
223:
1.7 mouring 224: mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUTH2_READ_BANNER, &m);
1.6 djm 225: banner = buffer_get_string(&m, NULL);
226: buffer_free(&m);
1.10 deraadt 227:
1.6 djm 228: return (banner);
1.1 provos 229: }
230:
231: /* Inform the privileged process about service and style */
232:
233: void
234: mm_inform_authserv(char *service, char *style)
235: {
236: Buffer m;
237:
1.8 markus 238: debug3("%s entering", __func__);
1.1 provos 239:
240: buffer_init(&m);
241: buffer_put_cstring(&m, service);
242: buffer_put_cstring(&m, style ? style : "");
243:
1.7 mouring 244: mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHSERV, &m);
1.1 provos 245:
246: buffer_free(&m);
247: }
248:
249: /* Do the password authentication */
250: int
251: mm_auth_password(Authctxt *authctxt, char *password)
252: {
253: Buffer m;
254: int authenticated = 0;
255:
1.8 markus 256: debug3("%s entering", __func__);
1.1 provos 257:
258: buffer_init(&m);
259: buffer_put_cstring(&m, password);
1.7 mouring 260: mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHPASSWORD, &m);
1.1 provos 261:
1.8 markus 262: debug3("%s: waiting for MONITOR_ANS_AUTHPASSWORD", __func__);
1.7 mouring 263: mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUTHPASSWORD, &m);
1.1 provos 264:
265: authenticated = buffer_get_int(&m);
266:
267: buffer_free(&m);
268:
1.3 markus 269: debug3("%s: user %sauthenticated",
1.8 markus 270: __func__, authenticated ? "" : "not ");
1.1 provos 271: return (authenticated);
272: }
273:
274: int
275: mm_user_key_allowed(struct passwd *pw, Key *key)
276: {
277: return (mm_key_allowed(MM_USERKEY, NULL, NULL, key));
278: }
279:
280: int
281: mm_hostbased_key_allowed(struct passwd *pw, char *user, char *host,
282: Key *key)
283: {
284: return (mm_key_allowed(MM_HOSTKEY, user, host, key));
285: }
286:
287: int
288: mm_auth_rhosts_rsa_key_allowed(struct passwd *pw, char *user,
289: char *host, Key *key)
290: {
291: int ret;
292:
293: key->type = KEY_RSA; /* XXX hack for key_to_blob */
294: ret = mm_key_allowed(MM_RSAHOSTKEY, user, host, key);
295: key->type = KEY_RSA1;
296: return (ret);
297: }
298:
1.2 markus 299: static void
1.1 provos 300: mm_send_debug(Buffer *m)
301: {
302: char *msg;
303:
304: while (buffer_len(m)) {
305: msg = buffer_get_string(m, NULL);
1.8 markus 306: debug3("%s: Sending debug: %s", __func__, msg);
1.1 provos 307: packet_send_debug("%s", msg);
308: xfree(msg);
309: }
310: }
311:
312: int
313: mm_key_allowed(enum mm_keytype type, char *user, char *host, Key *key)
314: {
315: Buffer m;
316: u_char *blob;
317: u_int len;
1.19.2.1 margarid 318: int allowed = 0, have_forced = 0;
1.1 provos 319:
1.8 markus 320: debug3("%s entering", __func__);
1.1 provos 321:
322: /* Convert the key to a blob and the pass it over */
323: if (!key_to_blob(key, &blob, &len))
324: return (0);
325:
326: buffer_init(&m);
327: buffer_put_int(&m, type);
328: buffer_put_cstring(&m, user ? user : "");
329: buffer_put_cstring(&m, host ? host : "");
330: buffer_put_string(&m, blob, len);
331: xfree(blob);
332:
1.7 mouring 333: mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYALLOWED, &m);
1.1 provos 334:
1.8 markus 335: debug3("%s: waiting for MONITOR_ANS_KEYALLOWED", __func__);
1.7 mouring 336: mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_KEYALLOWED, &m);
1.1 provos 337:
338: allowed = buffer_get_int(&m);
339:
1.19.2.1 margarid 340: /* fake forced command */
341: auth_clear_options();
342: have_forced = buffer_get_int(&m);
343: forced_command = have_forced ? xstrdup("true") : NULL;
344:
1.1 provos 345: /* Send potential debug messages */
346: mm_send_debug(&m);
347:
348: buffer_free(&m);
349:
350: return (allowed);
351: }
352:
1.3 markus 353: /*
1.1 provos 354: * This key verify needs to send the key type along, because the
355: * privileged parent makes the decision if the key is allowed
356: * for authentication.
357: */
358:
359: int
360: mm_key_verify(Key *key, u_char *sig, u_int siglen, u_char *data, u_int datalen)
361: {
362: Buffer m;
363: u_char *blob;
364: u_int len;
365: int verified = 0;
366:
1.8 markus 367: debug3("%s entering", __func__);
1.1 provos 368:
369: /* Convert the key to a blob and the pass it over */
370: if (!key_to_blob(key, &blob, &len))
371: return (0);
372:
373: buffer_init(&m);
374: buffer_put_string(&m, blob, len);
375: buffer_put_string(&m, sig, siglen);
376: buffer_put_string(&m, data, datalen);
377: xfree(blob);
378:
1.7 mouring 379: mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYVERIFY, &m);
1.1 provos 380:
1.8 markus 381: debug3("%s: waiting for MONITOR_ANS_KEYVERIFY", __func__);
1.7 mouring 382: mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_KEYVERIFY, &m);
1.1 provos 383:
384: verified = buffer_get_int(&m);
385:
386: buffer_free(&m);
387:
388: return (verified);
389: }
390:
391: /* Export key state after authentication */
392: Newkeys *
393: mm_newkeys_from_blob(u_char *blob, int blen)
394: {
395: Buffer b;
396: u_int len;
397: Newkeys *newkey = NULL;
398: Enc *enc;
399: Mac *mac;
400: Comp *comp;
401:
1.8 markus 402: debug3("%s: %p(%d)", __func__, blob, blen);
1.1 provos 403: #ifdef DEBUG_PK
404: dump_base64(stderr, blob, blen);
405: #endif
406: buffer_init(&b);
407: buffer_append(&b, blob, blen);
408:
409: newkey = xmalloc(sizeof(*newkey));
410: enc = &newkey->enc;
411: mac = &newkey->mac;
412: comp = &newkey->comp;
413:
414: /* Enc structure */
415: enc->name = buffer_get_string(&b, NULL);
416: buffer_get(&b, &enc->cipher, sizeof(enc->cipher));
417: enc->enabled = buffer_get_int(&b);
418: enc->block_size = buffer_get_int(&b);
419: enc->key = buffer_get_string(&b, &enc->key_len);
420: enc->iv = buffer_get_string(&b, &len);
421: if (len != enc->block_size)
1.12 deraadt 422: fatal("%s: bad ivlen: expected %u != %u", __func__,
1.1 provos 423: enc->block_size, len);
424:
425: if (enc->name == NULL || cipher_by_name(enc->name) != enc->cipher)
1.8 markus 426: fatal("%s: bad cipher name %s or pointer %p", __func__,
1.1 provos 427: enc->name, enc->cipher);
428:
429: /* Mac structure */
430: mac->name = buffer_get_string(&b, NULL);
431: if (mac->name == NULL || mac_init(mac, mac->name) == -1)
1.8 markus 432: fatal("%s: can not init mac %s", __func__, mac->name);
1.1 provos 433: mac->enabled = buffer_get_int(&b);
434: mac->key = buffer_get_string(&b, &len);
435: if (len > mac->key_len)
1.12 deraadt 436: fatal("%s: bad mac key length: %u > %d", __func__, len,
1.1 provos 437: mac->key_len);
438: mac->key_len = len;
439:
440: /* Comp structure */
441: comp->type = buffer_get_int(&b);
442: comp->enabled = buffer_get_int(&b);
443: comp->name = buffer_get_string(&b, NULL);
444:
445: len = buffer_len(&b);
446: if (len != 0)
1.12 deraadt 447: error("newkeys_from_blob: remaining bytes in blob %u", len);
1.1 provos 448: buffer_free(&b);
449: return (newkey);
450: }
451:
452: int
453: mm_newkeys_to_blob(int mode, u_char **blobp, u_int *lenp)
454: {
455: Buffer b;
456: int len;
457: Enc *enc;
458: Mac *mac;
459: Comp *comp;
460: Newkeys *newkey = newkeys[mode];
461:
1.8 markus 462: debug3("%s: converting %p", __func__, newkey);
1.1 provos 463:
464: if (newkey == NULL) {
1.8 markus 465: error("%s: newkey == NULL", __func__);
1.1 provos 466: return 0;
467: }
468: enc = &newkey->enc;
469: mac = &newkey->mac;
470: comp = &newkey->comp;
471:
472: buffer_init(&b);
473: /* Enc structure */
474: buffer_put_cstring(&b, enc->name);
475: /* The cipher struct is constant and shared, you export pointer */
476: buffer_append(&b, &enc->cipher, sizeof(enc->cipher));
477: buffer_put_int(&b, enc->enabled);
478: buffer_put_int(&b, enc->block_size);
479: buffer_put_string(&b, enc->key, enc->key_len);
480: packet_get_keyiv(mode, enc->iv, enc->block_size);
481: buffer_put_string(&b, enc->iv, enc->block_size);
482:
483: /* Mac structure */
484: buffer_put_cstring(&b, mac->name);
485: buffer_put_int(&b, mac->enabled);
486: buffer_put_string(&b, mac->key, mac->key_len);
487:
488: /* Comp structure */
489: buffer_put_int(&b, comp->type);
490: buffer_put_int(&b, comp->enabled);
491: buffer_put_cstring(&b, comp->name);
492:
493: len = buffer_len(&b);
1.16 markus 494: if (lenp != NULL)
495: *lenp = len;
496: if (blobp != NULL) {
497: *blobp = xmalloc(len);
498: memcpy(*blobp, buffer_ptr(&b), len);
499: }
1.1 provos 500: memset(buffer_ptr(&b), 0, len);
501: buffer_free(&b);
502: return len;
503: }
504:
1.2 markus 505: static void
1.1 provos 506: mm_send_kex(Buffer *m, Kex *kex)
507: {
508: buffer_put_string(m, kex->session_id, kex->session_id_len);
509: buffer_put_int(m, kex->we_need);
510: buffer_put_int(m, kex->hostkey_type);
511: buffer_put_int(m, kex->kex_type);
512: buffer_put_string(m, buffer_ptr(&kex->my), buffer_len(&kex->my));
513: buffer_put_string(m, buffer_ptr(&kex->peer), buffer_len(&kex->peer));
514: buffer_put_int(m, kex->flags);
515: buffer_put_cstring(m, kex->client_version_string);
516: buffer_put_cstring(m, kex->server_version_string);
517: }
518:
519: void
1.7 mouring 520: mm_send_keystate(struct monitor *pmonitor)
1.1 provos 521: {
522: Buffer m;
523: u_char *blob, *p;
524: u_int bloblen, plen;
1.19.2.2! brad 525: u_int32_t seqnr, packets;
! 526: u_int64_t blocks;
1.1 provos 527:
528: buffer_init(&m);
529:
530: if (!compat20) {
531: u_char iv[24];
1.11 markus 532: u_char *key;
533: u_int ivlen, keylen;
1.1 provos 534:
535: buffer_put_int(&m, packet_get_protocol_flags());
536:
537: buffer_put_int(&m, packet_get_ssh1_cipher());
538:
1.11 markus 539: debug3("%s: Sending ssh1 KEY+IV", __func__);
540: keylen = packet_get_encryption_key(NULL);
541: key = xmalloc(keylen+1); /* add 1 if keylen == 0 */
542: keylen = packet_get_encryption_key(key);
543: buffer_put_string(&m, key, keylen);
544: memset(key, 0, keylen);
545: xfree(key);
546:
1.1 provos 547: ivlen = packet_get_keyiv_len(MODE_OUT);
548: packet_get_keyiv(MODE_OUT, iv, ivlen);
549: buffer_put_string(&m, iv, ivlen);
550: ivlen = packet_get_keyiv_len(MODE_OUT);
551: packet_get_keyiv(MODE_IN, iv, ivlen);
552: buffer_put_string(&m, iv, ivlen);
553: goto skip;
554: } else {
555: /* Kex for rekeying */
1.7 mouring 556: mm_send_kex(&m, *pmonitor->m_pkex);
1.1 provos 557: }
558:
559: debug3("%s: Sending new keys: %p %p",
1.8 markus 560: __func__, newkeys[MODE_OUT], newkeys[MODE_IN]);
1.1 provos 561:
562: /* Keys from Kex */
563: if (!mm_newkeys_to_blob(MODE_OUT, &blob, &bloblen))
1.8 markus 564: fatal("%s: conversion of newkeys failed", __func__);
1.1 provos 565:
566: buffer_put_string(&m, blob, bloblen);
567: xfree(blob);
568:
569: if (!mm_newkeys_to_blob(MODE_IN, &blob, &bloblen))
1.8 markus 570: fatal("%s: conversion of newkeys failed", __func__);
1.1 provos 571:
572: buffer_put_string(&m, blob, bloblen);
573: xfree(blob);
574:
1.19.2.2! brad 575: packet_get_state(MODE_OUT, &seqnr, &blocks, &packets);
! 576: buffer_put_int(&m, seqnr);
! 577: buffer_put_int64(&m, blocks);
! 578: buffer_put_int(&m, packets);
! 579: packet_get_state(MODE_IN, &seqnr, &blocks, &packets);
! 580: buffer_put_int(&m, seqnr);
! 581: buffer_put_int64(&m, blocks);
! 582: buffer_put_int(&m, packets);
1.1 provos 583:
1.8 markus 584: debug3("%s: New keys have been sent", __func__);
1.1 provos 585: skip:
586: /* More key context */
587: plen = packet_get_keycontext(MODE_OUT, NULL);
588: p = xmalloc(plen+1);
589: packet_get_keycontext(MODE_OUT, p);
590: buffer_put_string(&m, p, plen);
591: xfree(p);
592:
593: plen = packet_get_keycontext(MODE_IN, NULL);
594: p = xmalloc(plen+1);
595: packet_get_keycontext(MODE_IN, p);
596: buffer_put_string(&m, p, plen);
597: xfree(p);
598:
599: /* Compression state */
1.8 markus 600: debug3("%s: Sending compression state", __func__);
1.1 provos 601: buffer_put_string(&m, &outgoing_stream, sizeof(outgoing_stream));
602: buffer_put_string(&m, &incoming_stream, sizeof(incoming_stream));
603:
604: /* Network I/O buffers */
605: buffer_put_string(&m, buffer_ptr(&input), buffer_len(&input));
606: buffer_put_string(&m, buffer_ptr(&output), buffer_len(&output));
607:
1.7 mouring 608: mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYEXPORT, &m);
1.8 markus 609: debug3("%s: Finished sending state", __func__);
1.1 provos 610:
611: buffer_free(&m);
612: }
613:
614: int
615: mm_pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, int namebuflen)
616: {
617: Buffer m;
1.18 markus 618: char *p;
1.1 provos 619: int success = 0;
620:
621: buffer_init(&m);
1.7 mouring 622: mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PTY, &m);
1.1 provos 623:
1.8 markus 624: debug3("%s: waiting for MONITOR_ANS_PTY", __func__);
1.7 mouring 625: mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PTY, &m);
1.1 provos 626:
627: success = buffer_get_int(&m);
628: if (success == 0) {
1.8 markus 629: debug3("%s: pty alloc failed", __func__);
1.1 provos 630: buffer_free(&m);
631: return (0);
632: }
633: p = buffer_get_string(&m, NULL);
634: buffer_free(&m);
635:
636: strlcpy(namebuf, p, namebuflen); /* Possible truncation */
637: xfree(p);
638:
1.7 mouring 639: *ptyfd = mm_receive_fd(pmonitor->m_recvfd);
640: *ttyfd = mm_receive_fd(pmonitor->m_recvfd);
1.1 provos 641:
642: /* Success */
643: return (1);
644: }
645:
646: void
647: mm_session_pty_cleanup2(void *session)
648: {
649: Session *s = session;
650: Buffer m;
651:
652: if (s->ttyfd == -1)
653: return;
654: buffer_init(&m);
655: buffer_put_cstring(&m, s->tty);
1.7 mouring 656: mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PTYCLEANUP, &m);
1.1 provos 657: buffer_free(&m);
1.3 markus 658:
1.1 provos 659: /* closed dup'ed master */
660: if (close(s->ptymaster) < 0)
661: error("close(s->ptymaster): %s", strerror(errno));
662:
663: /* unlink pty from session */
664: s->ttyfd = -1;
665: }
666:
667: /* Request process termination */
668:
669: void
670: mm_terminate(void)
671: {
672: Buffer m;
673:
674: buffer_init(&m);
1.7 mouring 675: mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_TERM, &m);
1.1 provos 676: buffer_free(&m);
677: }
678:
679: int
680: mm_ssh1_session_key(BIGNUM *num)
681: {
682: int rsafail;
683: Buffer m;
684:
685: buffer_init(&m);
686: buffer_put_bignum2(&m, num);
1.7 mouring 687: mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SESSKEY, &m);
1.1 provos 688:
1.7 mouring 689: mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_SESSKEY, &m);
1.1 provos 690:
691: rsafail = buffer_get_int(&m);
692: buffer_get_bignum2(&m, num);
693:
694: buffer_free(&m);
695:
696: return (rsafail);
697: }
698:
1.2 markus 699: static void
1.1 provos 700: mm_chall_setup(char **name, char **infotxt, u_int *numprompts,
701: char ***prompts, u_int **echo_on)
702: {
1.10 deraadt 703: *name = xstrdup("");
704: *infotxt = xstrdup("");
1.1 provos 705: *numprompts = 1;
1.14 deraadt 706: *prompts = xmalloc(*numprompts * sizeof(char *));
1.1 provos 707: *echo_on = xmalloc(*numprompts * sizeof(u_int));
708: (*echo_on)[0] = 0;
709: }
710:
711: int
712: mm_bsdauth_query(void *ctx, char **name, char **infotxt,
713: u_int *numprompts, char ***prompts, u_int **echo_on)
714: {
715: Buffer m;
1.19.2.1 margarid 716: u_int success;
1.1 provos 717: char *challenge;
718:
1.8 markus 719: debug3("%s: entering", __func__);
1.1 provos 720:
721: buffer_init(&m);
1.7 mouring 722: mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_BSDAUTHQUERY, &m);
1.1 provos 723:
1.7 mouring 724: mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_BSDAUTHQUERY,
1.1 provos 725: &m);
1.19.2.1 margarid 726: success = buffer_get_int(&m);
727: if (success == 0) {
1.8 markus 728: debug3("%s: no challenge", __func__);
1.1 provos 729: buffer_free(&m);
730: return (-1);
731: }
732:
733: /* Get the challenge, and format the response */
734: challenge = buffer_get_string(&m, NULL);
735: buffer_free(&m);
736:
737: mm_chall_setup(name, infotxt, numprompts, prompts, echo_on);
738: (*prompts)[0] = challenge;
739:
1.8 markus 740: debug3("%s: received challenge: %s", __func__, challenge);
1.1 provos 741:
742: return (0);
743: }
744:
745: int
746: mm_bsdauth_respond(void *ctx, u_int numresponses, char **responses)
747: {
748: Buffer m;
749: int authok;
750:
1.8 markus 751: debug3("%s: entering", __func__);
1.1 provos 752: if (numresponses != 1)
753: return (-1);
754:
755: buffer_init(&m);
756: buffer_put_cstring(&m, responses[0]);
1.7 mouring 757: mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_BSDAUTHRESPOND, &m);
1.1 provos 758:
1.7 mouring 759: mm_request_receive_expect(pmonitor->m_recvfd,
1.1 provos 760: MONITOR_ANS_BSDAUTHRESPOND, &m);
761:
762: authok = buffer_get_int(&m);
763: buffer_free(&m);
764:
765: return ((authok == 0) ? -1 : 0);
766: }
767:
768: int
769: mm_skey_query(void *ctx, char **name, char **infotxt,
770: u_int *numprompts, char ***prompts, u_int **echo_on)
771: {
772: Buffer m;
1.19.2.1 margarid 773: int len;
774: u_int success;
1.1 provos 775: char *p, *challenge;
776:
1.8 markus 777: debug3("%s: entering", __func__);
1.1 provos 778:
779: buffer_init(&m);
1.7 mouring 780: mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SKEYQUERY, &m);
1.1 provos 781:
1.7 mouring 782: mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_SKEYQUERY,
1.1 provos 783: &m);
1.19.2.1 margarid 784: success = buffer_get_int(&m);
785: if (success == 0) {
1.8 markus 786: debug3("%s: no challenge", __func__);
1.1 provos 787: buffer_free(&m);
788: return (-1);
789: }
790:
791: /* Get the challenge, and format the response */
792: challenge = buffer_get_string(&m, NULL);
793: buffer_free(&m);
794:
1.8 markus 795: debug3("%s: received challenge: %s", __func__, challenge);
1.1 provos 796:
797: mm_chall_setup(name, infotxt, numprompts, prompts, echo_on);
798:
799: len = strlen(challenge) + strlen(SKEY_PROMPT) + 1;
800: p = xmalloc(len);
801: strlcpy(p, challenge, len);
802: strlcat(p, SKEY_PROMPT, len);
803: (*prompts)[0] = p;
804: xfree(challenge);
805:
806: return (0);
807: }
808:
809: int
810: mm_skey_respond(void *ctx, u_int numresponses, char **responses)
811: {
812: Buffer m;
813: int authok;
814:
1.8 markus 815: debug3("%s: entering", __func__);
1.1 provos 816: if (numresponses != 1)
817: return (-1);
818:
819: buffer_init(&m);
820: buffer_put_cstring(&m, responses[0]);
1.7 mouring 821: mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SKEYRESPOND, &m);
1.1 provos 822:
1.7 mouring 823: mm_request_receive_expect(pmonitor->m_recvfd,
1.1 provos 824: MONITOR_ANS_SKEYRESPOND, &m);
825:
826: authok = buffer_get_int(&m);
827: buffer_free(&m);
828:
829: return ((authok == 0) ? -1 : 0);
830: }
831:
832: void
833: mm_ssh1_session_id(u_char session_id[16])
834: {
835: Buffer m;
836: int i;
837:
1.8 markus 838: debug3("%s entering", __func__);
1.1 provos 839:
840: buffer_init(&m);
841: for (i = 0; i < 16; i++)
842: buffer_put_char(&m, session_id[i]);
843:
1.7 mouring 844: mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SESSID, &m);
1.1 provos 845: buffer_free(&m);
846: }
847:
848: int
849: mm_auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
850: {
851: Buffer m;
852: Key *key;
853: u_char *blob;
854: u_int blen;
1.19.2.1 margarid 855: int allowed = 0, have_forced = 0;
1.1 provos 856:
1.8 markus 857: debug3("%s entering", __func__);
1.1 provos 858:
859: buffer_init(&m);
860: buffer_put_bignum2(&m, client_n);
861:
1.7 mouring 862: mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_RSAKEYALLOWED, &m);
863: mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_RSAKEYALLOWED, &m);
1.1 provos 864:
865: allowed = buffer_get_int(&m);
866:
1.19.2.1 margarid 867: /* fake forced command */
868: auth_clear_options();
869: have_forced = buffer_get_int(&m);
870: forced_command = have_forced ? xstrdup("true") : NULL;
871:
1.1 provos 872: if (allowed && rkey != NULL) {
873: blob = buffer_get_string(&m, &blen);
874: if ((key = key_from_blob(blob, blen)) == NULL)
1.8 markus 875: fatal("%s: key_from_blob failed", __func__);
1.1 provos 876: *rkey = key;
877: xfree(blob);
878: }
879: mm_send_debug(&m);
880: buffer_free(&m);
881:
882: return (allowed);
883: }
884:
885: BIGNUM *
886: mm_auth_rsa_generate_challenge(Key *key)
887: {
888: Buffer m;
889: BIGNUM *challenge;
890: u_char *blob;
891: u_int blen;
892:
1.8 markus 893: debug3("%s entering", __func__);
1.1 provos 894:
895: if ((challenge = BN_new()) == NULL)
1.8 markus 896: fatal("%s: BN_new failed", __func__);
1.1 provos 897:
898: key->type = KEY_RSA; /* XXX cheat for key_to_blob */
899: if (key_to_blob(key, &blob, &blen) == 0)
1.8 markus 900: fatal("%s: key_to_blob failed", __func__);
1.1 provos 901: key->type = KEY_RSA1;
902:
903: buffer_init(&m);
904: buffer_put_string(&m, blob, blen);
905: xfree(blob);
906:
1.7 mouring 907: mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_RSACHALLENGE, &m);
908: mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_RSACHALLENGE, &m);
1.1 provos 909:
910: buffer_get_bignum2(&m, challenge);
911: buffer_free(&m);
912:
913: return (challenge);
914: }
915:
916: int
917: mm_auth_rsa_verify_response(Key *key, BIGNUM *p, u_char response[16])
918: {
919: Buffer m;
920: u_char *blob;
921: u_int blen;
922: int success = 0;
923:
1.8 markus 924: debug3("%s entering", __func__);
1.1 provos 925:
926: key->type = KEY_RSA; /* XXX cheat for key_to_blob */
927: if (key_to_blob(key, &blob, &blen) == 0)
1.8 markus 928: fatal("%s: key_to_blob failed", __func__);
1.1 provos 929: key->type = KEY_RSA1;
930:
931: buffer_init(&m);
932: buffer_put_string(&m, blob, blen);
933: buffer_put_string(&m, response, 16);
934: xfree(blob);
935:
1.7 mouring 936: mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_RSARESPONSE, &m);
937: mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_RSARESPONSE, &m);
1.1 provos 938:
939: success = buffer_get_int(&m);
940: buffer_free(&m);
941:
942: return (success);
943: }
1.19 markus 944:
1.19.2.2! brad 945: #ifdef GSSAPI
! 946: OM_uint32
! 947: mm_ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID oid)
1.19 markus 948: {
1.19.2.2! brad 949: Buffer m;
! 950: OM_uint32 major;
1.19 markus 951:
1.19.2.2! brad 952: /* Client doesn't get to see the context */
! 953: *ctx = NULL;
1.19 markus 954:
955: buffer_init(&m);
1.19.2.2! brad 956: buffer_put_string(&m, oid->elements, oid->length);
1.19 markus 957:
1.19.2.2! brad 958: mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSETUP, &m);
! 959: mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSETUP, &m);
! 960:
! 961: major = buffer_get_int(&m);
1.19 markus 962:
963: buffer_free(&m);
1.19.2.2! brad 964: return (major);
1.19 markus 965: }
1.17 itojun 966:
1.19.2.2! brad 967: OM_uint32
! 968: mm_ssh_gssapi_accept_ctx(Gssctxt *ctx, gss_buffer_desc *in,
! 969: gss_buffer_desc *out, OM_uint32 *flags)
1.17 itojun 970: {
971: Buffer m;
1.19.2.2! brad 972: OM_uint32 major;
! 973: u_int len;
1.17 itojun 974:
975: buffer_init(&m);
1.19.2.2! brad 976: buffer_put_string(&m, in->value, in->length);
1.17 itojun 977:
1.19.2.2! brad 978: mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSTEP, &m);
! 979: mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSTEP, &m);
1.17 itojun 980:
1.19.2.2! brad 981: major = buffer_get_int(&m);
! 982: out->value = buffer_get_string(&m, &len);
! 983: out->length = len;
! 984: if (flags)
! 985: *flags = buffer_get_int(&m);
1.17 itojun 986:
1.19.2.2! brad 987: buffer_free(&m);
! 988:
! 989: return (major);
! 990: }
! 991:
! 992: int
! 993: mm_ssh_gssapi_userok(char *user)
! 994: {
! 995: Buffer m;
! 996: int authenticated = 0;
! 997:
! 998: buffer_init(&m);
! 999:
! 1000: mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSUSEROK, &m);
! 1001: mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSUSEROK,
! 1002: &m);
! 1003:
! 1004: authenticated = buffer_get_int(&m);
1.17 itojun 1005:
1006: buffer_free(&m);
1.19.2.2! brad 1007: debug3("%s: user %sauthenticated",__func__, authenticated ? "" : "not ");
! 1008: return (authenticated);
1.17 itojun 1009: }
1.19.2.2! brad 1010: #endif /* GSSAPI */