Annotation of src/usr.bin/ssh/monitor_wrap.c, Revision 1.33
1.1 provos 1: /*
2: * Copyright 2002 Niels Provos <provos@citi.umich.edu>
3: * Copyright 2002 Markus Friedl <markus@openbsd.org>
4: * All rights reserved.
5: *
6: * Redistribution and use in source and binary forms, with or without
7: * modification, are permitted provided that the following conditions
8: * are met:
9: * 1. Redistributions of source code must retain the above copyright
10: * notice, this list of conditions and the following disclaimer.
11: * 2. Redistributions in binary form must reproduce the above copyright
12: * notice, this list of conditions and the following disclaimer in the
13: * documentation and/or other materials provided with the distribution.
14: *
15: * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
16: * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
17: * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
18: * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
19: * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
20: * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
21: * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
22: * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23: * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
24: * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25: */
26:
27: #include "includes.h"
1.33 ! markus 28: RCSID("$OpenBSD: monitor_wrap.c,v 1.32 2003/09/23 20:17:11 markus Exp $");
1.1 provos 29:
30: #include <openssl/bn.h>
31: #include <openssl/dh.h>
32:
33: #include "ssh.h"
34: #include "dh.h"
35: #include "kex.h"
36: #include "auth.h"
1.22 markus 37: #include "auth-options.h"
1.1 provos 38: #include "buffer.h"
39: #include "bufaux.h"
40: #include "packet.h"
41: #include "mac.h"
42: #include "log.h"
43: #include "zlib.h"
44: #include "monitor.h"
45: #include "monitor_wrap.h"
46: #include "xmalloc.h"
47: #include "atomicio.h"
48: #include "monitor_fdpass.h"
49: #include "getput.h"
50:
51: #include "auth.h"
52: #include "channels.h"
53: #include "session.h"
54:
1.29 markus 55: #ifdef GSSAPI
56: #include "ssh-gss.h"
57: #endif
58:
1.1 provos 59: /* Imports */
60: extern int compat20;
61: extern Newkeys *newkeys[];
62: extern z_stream incoming_stream;
63: extern z_stream outgoing_stream;
1.7 mouring 64: extern struct monitor *pmonitor;
1.1 provos 65: extern Buffer input, output;
66:
1.32 markus 67: int
68: mm_is_monitor(void)
69: {
70: /*
71: * m_pid is only set in the privileged part, and
72: * points to the unprivileged child.
73: */
74: return (pmonitor->m_pid > 0);
75: }
76:
1.1 provos 77: void
78: mm_request_send(int socket, enum monitor_reqtype type, Buffer *m)
79: {
1.13 deraadt 80: u_int mlen = buffer_len(m);
1.1 provos 81: u_char buf[5];
82:
1.8 markus 83: debug3("%s entering: type %d", __func__, type);
1.1 provos 84:
85: PUT_32BIT(buf, mlen + 1);
1.10 deraadt 86: buf[4] = (u_char) type; /* 1st byte of payload is mesg-type */
1.27 deraadt 87: if (atomicio(vwrite, socket, buf, sizeof(buf)) != sizeof(buf))
1.8 markus 88: fatal("%s: write", __func__);
1.27 deraadt 89: if (atomicio(vwrite, socket, buffer_ptr(m), mlen) != mlen)
1.8 markus 90: fatal("%s: write", __func__);
1.1 provos 91: }
92:
93: void
94: mm_request_receive(int socket, Buffer *m)
95: {
96: u_char buf[4];
1.13 deraadt 97: u_int msg_len;
1.1 provos 98: ssize_t res;
99:
1.8 markus 100: debug3("%s entering", __func__);
1.1 provos 101:
102: res = atomicio(read, socket, buf, sizeof(buf));
103: if (res != sizeof(buf)) {
104: if (res == 0)
1.32 markus 105: cleanup_exit(255);
1.8 markus 106: fatal("%s: read: %ld", __func__, (long)res);
1.1 provos 107: }
108: msg_len = GET_32BIT(buf);
109: if (msg_len > 256 * 1024)
1.8 markus 110: fatal("%s: read: bad msg_len %d", __func__, msg_len);
1.1 provos 111: buffer_clear(m);
112: buffer_append_space(m, msg_len);
113: res = atomicio(read, socket, buffer_ptr(m), msg_len);
114: if (res != msg_len)
1.8 markus 115: fatal("%s: read: %ld != msg_len", __func__, (long)res);
1.1 provos 116: }
117:
118: void
119: mm_request_receive_expect(int socket, enum monitor_reqtype type, Buffer *m)
120: {
121: u_char rtype;
122:
1.8 markus 123: debug3("%s entering: type %d", __func__, type);
1.1 provos 124:
125: mm_request_receive(socket, m);
126: rtype = buffer_get_char(m);
127: if (rtype != type)
1.8 markus 128: fatal("%s: read: rtype %d != type %d", __func__,
1.1 provos 129: rtype, type);
130: }
131:
132: DH *
133: mm_choose_dh(int min, int nbits, int max)
134: {
135: BIGNUM *p, *g;
136: int success = 0;
137: Buffer m;
138:
139: buffer_init(&m);
140: buffer_put_int(&m, min);
141: buffer_put_int(&m, nbits);
142: buffer_put_int(&m, max);
143:
1.7 mouring 144: mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_MODULI, &m);
1.1 provos 145:
1.8 markus 146: debug3("%s: waiting for MONITOR_ANS_MODULI", __func__);
1.7 mouring 147: mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_MODULI, &m);
1.1 provos 148:
149: success = buffer_get_char(&m);
150: if (success == 0)
1.8 markus 151: fatal("%s: MONITOR_ANS_MODULI failed", __func__);
1.1 provos 152:
153: if ((p = BN_new()) == NULL)
1.8 markus 154: fatal("%s: BN_new failed", __func__);
1.3 markus 155: if ((g = BN_new()) == NULL)
1.8 markus 156: fatal("%s: BN_new failed", __func__);
1.1 provos 157: buffer_get_bignum2(&m, p);
158: buffer_get_bignum2(&m, g);
159:
1.8 markus 160: debug3("%s: remaining %d", __func__, buffer_len(&m));
1.1 provos 161: buffer_free(&m);
162:
163: return (dh_new_group(g, p));
164: }
165:
166: int
167: mm_key_sign(Key *key, u_char **sigp, u_int *lenp, u_char *data, u_int datalen)
168: {
1.7 mouring 169: Kex *kex = *pmonitor->m_pkex;
1.1 provos 170: Buffer m;
171:
1.8 markus 172: debug3("%s entering", __func__);
1.1 provos 173:
174: buffer_init(&m);
175: buffer_put_int(&m, kex->host_key_index(key));
176: buffer_put_string(&m, data, datalen);
177:
1.7 mouring 178: mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SIGN, &m);
1.1 provos 179:
1.8 markus 180: debug3("%s: waiting for MONITOR_ANS_SIGN", __func__);
1.7 mouring 181: mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_SIGN, &m);
1.1 provos 182: *sigp = buffer_get_string(&m, lenp);
183: buffer_free(&m);
184:
185: return (0);
186: }
187:
188: struct passwd *
189: mm_getpwnamallow(const char *login)
190: {
191: Buffer m;
192: struct passwd *pw;
193: u_int pwlen;
194:
1.8 markus 195: debug3("%s entering", __func__);
1.1 provos 196:
197: buffer_init(&m);
198: buffer_put_cstring(&m, login);
199:
1.7 mouring 200: mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PWNAM, &m);
1.1 provos 201:
1.8 markus 202: debug3("%s: waiting for MONITOR_ANS_PWNAM", __func__);
1.7 mouring 203: mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PWNAM, &m);
1.1 provos 204:
205: if (buffer_get_char(&m) == 0) {
206: buffer_free(&m);
207: return (NULL);
208: }
209: pw = buffer_get_string(&m, &pwlen);
210: if (pwlen != sizeof(struct passwd))
1.8 markus 211: fatal("%s: struct passwd size mismatch", __func__);
1.1 provos 212: pw->pw_name = buffer_get_string(&m, NULL);
213: pw->pw_passwd = buffer_get_string(&m, NULL);
214: pw->pw_gecos = buffer_get_string(&m, NULL);
215: pw->pw_class = buffer_get_string(&m, NULL);
216: pw->pw_dir = buffer_get_string(&m, NULL);
217: pw->pw_shell = buffer_get_string(&m, NULL);
218: buffer_free(&m);
219:
220: return (pw);
1.6 djm 221: }
222:
1.33 ! markus 223: char *
! 224: mm_auth2_read_banner(void)
1.6 djm 225: {
226: Buffer m;
227: char *banner;
228:
1.8 markus 229: debug3("%s entering", __func__);
1.6 djm 230:
231: buffer_init(&m);
1.7 mouring 232: mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTH2_READ_BANNER, &m);
1.6 djm 233: buffer_clear(&m);
234:
1.33 ! markus 235: mm_request_receive_expect(pmonitor->m_recvfd,
! 236: MONITOR_ANS_AUTH2_READ_BANNER, &m);
1.6 djm 237: banner = buffer_get_string(&m, NULL);
238: buffer_free(&m);
1.10 deraadt 239:
1.33 ! markus 240: /* treat empty banner as missing banner */
! 241: if (strlen(banner) == 0) {
! 242: xfree(banner);
! 243: banner = NULL;
! 244: }
1.6 djm 245: return (banner);
1.1 provos 246: }
247:
248: /* Inform the privileged process about service and style */
249:
250: void
251: mm_inform_authserv(char *service, char *style)
252: {
253: Buffer m;
254:
1.8 markus 255: debug3("%s entering", __func__);
1.1 provos 256:
257: buffer_init(&m);
258: buffer_put_cstring(&m, service);
259: buffer_put_cstring(&m, style ? style : "");
260:
1.7 mouring 261: mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHSERV, &m);
1.1 provos 262:
263: buffer_free(&m);
264: }
265:
266: /* Do the password authentication */
267: int
268: mm_auth_password(Authctxt *authctxt, char *password)
269: {
270: Buffer m;
271: int authenticated = 0;
272:
1.8 markus 273: debug3("%s entering", __func__);
1.1 provos 274:
275: buffer_init(&m);
276: buffer_put_cstring(&m, password);
1.7 mouring 277: mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHPASSWORD, &m);
1.1 provos 278:
1.8 markus 279: debug3("%s: waiting for MONITOR_ANS_AUTHPASSWORD", __func__);
1.7 mouring 280: mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUTHPASSWORD, &m);
1.1 provos 281:
282: authenticated = buffer_get_int(&m);
283:
284: buffer_free(&m);
285:
1.3 markus 286: debug3("%s: user %sauthenticated",
1.8 markus 287: __func__, authenticated ? "" : "not ");
1.1 provos 288: return (authenticated);
289: }
290:
291: int
292: mm_user_key_allowed(struct passwd *pw, Key *key)
293: {
294: return (mm_key_allowed(MM_USERKEY, NULL, NULL, key));
295: }
296:
297: int
298: mm_hostbased_key_allowed(struct passwd *pw, char *user, char *host,
299: Key *key)
300: {
301: return (mm_key_allowed(MM_HOSTKEY, user, host, key));
302: }
303:
304: int
305: mm_auth_rhosts_rsa_key_allowed(struct passwd *pw, char *user,
306: char *host, Key *key)
307: {
308: int ret;
309:
310: key->type = KEY_RSA; /* XXX hack for key_to_blob */
311: ret = mm_key_allowed(MM_RSAHOSTKEY, user, host, key);
312: key->type = KEY_RSA1;
313: return (ret);
314: }
315:
1.2 markus 316: static void
1.1 provos 317: mm_send_debug(Buffer *m)
318: {
319: char *msg;
320:
321: while (buffer_len(m)) {
322: msg = buffer_get_string(m, NULL);
1.8 markus 323: debug3("%s: Sending debug: %s", __func__, msg);
1.1 provos 324: packet_send_debug("%s", msg);
325: xfree(msg);
326: }
327: }
328:
329: int
330: mm_key_allowed(enum mm_keytype type, char *user, char *host, Key *key)
331: {
332: Buffer m;
333: u_char *blob;
334: u_int len;
1.22 markus 335: int allowed = 0, have_forced = 0;
1.1 provos 336:
1.8 markus 337: debug3("%s entering", __func__);
1.1 provos 338:
339: /* Convert the key to a blob and the pass it over */
340: if (!key_to_blob(key, &blob, &len))
341: return (0);
342:
343: buffer_init(&m);
344: buffer_put_int(&m, type);
345: buffer_put_cstring(&m, user ? user : "");
346: buffer_put_cstring(&m, host ? host : "");
347: buffer_put_string(&m, blob, len);
348: xfree(blob);
349:
1.7 mouring 350: mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYALLOWED, &m);
1.1 provos 351:
1.8 markus 352: debug3("%s: waiting for MONITOR_ANS_KEYALLOWED", __func__);
1.7 mouring 353: mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_KEYALLOWED, &m);
1.1 provos 354:
355: allowed = buffer_get_int(&m);
356:
1.22 markus 357: /* fake forced command */
358: auth_clear_options();
359: have_forced = buffer_get_int(&m);
360: forced_command = have_forced ? xstrdup("true") : NULL;
361:
1.1 provos 362: /* Send potential debug messages */
363: mm_send_debug(&m);
364:
365: buffer_free(&m);
366:
367: return (allowed);
368: }
369:
1.3 markus 370: /*
1.1 provos 371: * This key verify needs to send the key type along, because the
372: * privileged parent makes the decision if the key is allowed
373: * for authentication.
374: */
375:
376: int
377: mm_key_verify(Key *key, u_char *sig, u_int siglen, u_char *data, u_int datalen)
378: {
379: Buffer m;
380: u_char *blob;
381: u_int len;
382: int verified = 0;
383:
1.8 markus 384: debug3("%s entering", __func__);
1.1 provos 385:
386: /* Convert the key to a blob and the pass it over */
387: if (!key_to_blob(key, &blob, &len))
388: return (0);
389:
390: buffer_init(&m);
391: buffer_put_string(&m, blob, len);
392: buffer_put_string(&m, sig, siglen);
393: buffer_put_string(&m, data, datalen);
394: xfree(blob);
395:
1.7 mouring 396: mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYVERIFY, &m);
1.1 provos 397:
1.8 markus 398: debug3("%s: waiting for MONITOR_ANS_KEYVERIFY", __func__);
1.7 mouring 399: mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_KEYVERIFY, &m);
1.1 provos 400:
401: verified = buffer_get_int(&m);
402:
403: buffer_free(&m);
404:
405: return (verified);
406: }
407:
408: /* Export key state after authentication */
409: Newkeys *
410: mm_newkeys_from_blob(u_char *blob, int blen)
411: {
412: Buffer b;
413: u_int len;
414: Newkeys *newkey = NULL;
415: Enc *enc;
416: Mac *mac;
417: Comp *comp;
418:
1.8 markus 419: debug3("%s: %p(%d)", __func__, blob, blen);
1.1 provos 420: #ifdef DEBUG_PK
421: dump_base64(stderr, blob, blen);
422: #endif
423: buffer_init(&b);
424: buffer_append(&b, blob, blen);
425:
426: newkey = xmalloc(sizeof(*newkey));
427: enc = &newkey->enc;
428: mac = &newkey->mac;
429: comp = &newkey->comp;
430:
431: /* Enc structure */
432: enc->name = buffer_get_string(&b, NULL);
433: buffer_get(&b, &enc->cipher, sizeof(enc->cipher));
434: enc->enabled = buffer_get_int(&b);
435: enc->block_size = buffer_get_int(&b);
436: enc->key = buffer_get_string(&b, &enc->key_len);
437: enc->iv = buffer_get_string(&b, &len);
438: if (len != enc->block_size)
1.12 deraadt 439: fatal("%s: bad ivlen: expected %u != %u", __func__,
1.1 provos 440: enc->block_size, len);
441:
442: if (enc->name == NULL || cipher_by_name(enc->name) != enc->cipher)
1.8 markus 443: fatal("%s: bad cipher name %s or pointer %p", __func__,
1.1 provos 444: enc->name, enc->cipher);
445:
446: /* Mac structure */
447: mac->name = buffer_get_string(&b, NULL);
448: if (mac->name == NULL || mac_init(mac, mac->name) == -1)
1.8 markus 449: fatal("%s: can not init mac %s", __func__, mac->name);
1.1 provos 450: mac->enabled = buffer_get_int(&b);
451: mac->key = buffer_get_string(&b, &len);
452: if (len > mac->key_len)
1.12 deraadt 453: fatal("%s: bad mac key length: %u > %d", __func__, len,
1.1 provos 454: mac->key_len);
455: mac->key_len = len;
456:
457: /* Comp structure */
458: comp->type = buffer_get_int(&b);
459: comp->enabled = buffer_get_int(&b);
460: comp->name = buffer_get_string(&b, NULL);
461:
462: len = buffer_len(&b);
463: if (len != 0)
1.12 deraadt 464: error("newkeys_from_blob: remaining bytes in blob %u", len);
1.1 provos 465: buffer_free(&b);
466: return (newkey);
467: }
468:
469: int
470: mm_newkeys_to_blob(int mode, u_char **blobp, u_int *lenp)
471: {
472: Buffer b;
473: int len;
474: Enc *enc;
475: Mac *mac;
476: Comp *comp;
477: Newkeys *newkey = newkeys[mode];
478:
1.8 markus 479: debug3("%s: converting %p", __func__, newkey);
1.1 provos 480:
481: if (newkey == NULL) {
1.8 markus 482: error("%s: newkey == NULL", __func__);
1.1 provos 483: return 0;
484: }
485: enc = &newkey->enc;
486: mac = &newkey->mac;
487: comp = &newkey->comp;
488:
489: buffer_init(&b);
490: /* Enc structure */
491: buffer_put_cstring(&b, enc->name);
492: /* The cipher struct is constant and shared, you export pointer */
493: buffer_append(&b, &enc->cipher, sizeof(enc->cipher));
494: buffer_put_int(&b, enc->enabled);
495: buffer_put_int(&b, enc->block_size);
496: buffer_put_string(&b, enc->key, enc->key_len);
497: packet_get_keyiv(mode, enc->iv, enc->block_size);
498: buffer_put_string(&b, enc->iv, enc->block_size);
499:
500: /* Mac structure */
501: buffer_put_cstring(&b, mac->name);
502: buffer_put_int(&b, mac->enabled);
503: buffer_put_string(&b, mac->key, mac->key_len);
504:
505: /* Comp structure */
506: buffer_put_int(&b, comp->type);
507: buffer_put_int(&b, comp->enabled);
508: buffer_put_cstring(&b, comp->name);
509:
510: len = buffer_len(&b);
1.16 markus 511: if (lenp != NULL)
512: *lenp = len;
513: if (blobp != NULL) {
514: *blobp = xmalloc(len);
515: memcpy(*blobp, buffer_ptr(&b), len);
516: }
1.1 provos 517: memset(buffer_ptr(&b), 0, len);
518: buffer_free(&b);
519: return len;
520: }
521:
1.2 markus 522: static void
1.1 provos 523: mm_send_kex(Buffer *m, Kex *kex)
524: {
525: buffer_put_string(m, kex->session_id, kex->session_id_len);
526: buffer_put_int(m, kex->we_need);
527: buffer_put_int(m, kex->hostkey_type);
528: buffer_put_int(m, kex->kex_type);
529: buffer_put_string(m, buffer_ptr(&kex->my), buffer_len(&kex->my));
530: buffer_put_string(m, buffer_ptr(&kex->peer), buffer_len(&kex->peer));
531: buffer_put_int(m, kex->flags);
532: buffer_put_cstring(m, kex->client_version_string);
533: buffer_put_cstring(m, kex->server_version_string);
534: }
535:
536: void
1.7 mouring 537: mm_send_keystate(struct monitor *pmonitor)
1.1 provos 538: {
539: Buffer m;
540: u_char *blob, *p;
541: u_int bloblen, plen;
1.25 markus 542: u_int32_t seqnr, packets;
543: u_int64_t blocks;
1.1 provos 544:
545: buffer_init(&m);
546:
547: if (!compat20) {
548: u_char iv[24];
1.11 markus 549: u_char *key;
550: u_int ivlen, keylen;
1.1 provos 551:
552: buffer_put_int(&m, packet_get_protocol_flags());
553:
554: buffer_put_int(&m, packet_get_ssh1_cipher());
555:
1.11 markus 556: debug3("%s: Sending ssh1 KEY+IV", __func__);
557: keylen = packet_get_encryption_key(NULL);
558: key = xmalloc(keylen+1); /* add 1 if keylen == 0 */
559: keylen = packet_get_encryption_key(key);
560: buffer_put_string(&m, key, keylen);
561: memset(key, 0, keylen);
562: xfree(key);
563:
1.1 provos 564: ivlen = packet_get_keyiv_len(MODE_OUT);
565: packet_get_keyiv(MODE_OUT, iv, ivlen);
566: buffer_put_string(&m, iv, ivlen);
567: ivlen = packet_get_keyiv_len(MODE_OUT);
568: packet_get_keyiv(MODE_IN, iv, ivlen);
569: buffer_put_string(&m, iv, ivlen);
570: goto skip;
571: } else {
572: /* Kex for rekeying */
1.7 mouring 573: mm_send_kex(&m, *pmonitor->m_pkex);
1.1 provos 574: }
575:
576: debug3("%s: Sending new keys: %p %p",
1.8 markus 577: __func__, newkeys[MODE_OUT], newkeys[MODE_IN]);
1.1 provos 578:
579: /* Keys from Kex */
580: if (!mm_newkeys_to_blob(MODE_OUT, &blob, &bloblen))
1.8 markus 581: fatal("%s: conversion of newkeys failed", __func__);
1.1 provos 582:
583: buffer_put_string(&m, blob, bloblen);
584: xfree(blob);
585:
586: if (!mm_newkeys_to_blob(MODE_IN, &blob, &bloblen))
1.8 markus 587: fatal("%s: conversion of newkeys failed", __func__);
1.1 provos 588:
589: buffer_put_string(&m, blob, bloblen);
590: xfree(blob);
591:
1.25 markus 592: packet_get_state(MODE_OUT, &seqnr, &blocks, &packets);
593: buffer_put_int(&m, seqnr);
594: buffer_put_int64(&m, blocks);
595: buffer_put_int(&m, packets);
1.26 markus 596: packet_get_state(MODE_IN, &seqnr, &blocks, &packets);
1.25 markus 597: buffer_put_int(&m, seqnr);
598: buffer_put_int64(&m, blocks);
599: buffer_put_int(&m, packets);
1.1 provos 600:
1.8 markus 601: debug3("%s: New keys have been sent", __func__);
1.1 provos 602: skip:
603: /* More key context */
604: plen = packet_get_keycontext(MODE_OUT, NULL);
605: p = xmalloc(plen+1);
606: packet_get_keycontext(MODE_OUT, p);
607: buffer_put_string(&m, p, plen);
608: xfree(p);
609:
610: plen = packet_get_keycontext(MODE_IN, NULL);
611: p = xmalloc(plen+1);
612: packet_get_keycontext(MODE_IN, p);
613: buffer_put_string(&m, p, plen);
614: xfree(p);
615:
616: /* Compression state */
1.8 markus 617: debug3("%s: Sending compression state", __func__);
1.1 provos 618: buffer_put_string(&m, &outgoing_stream, sizeof(outgoing_stream));
619: buffer_put_string(&m, &incoming_stream, sizeof(incoming_stream));
620:
621: /* Network I/O buffers */
622: buffer_put_string(&m, buffer_ptr(&input), buffer_len(&input));
623: buffer_put_string(&m, buffer_ptr(&output), buffer_len(&output));
624:
1.7 mouring 625: mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYEXPORT, &m);
1.8 markus 626: debug3("%s: Finished sending state", __func__);
1.1 provos 627:
628: buffer_free(&m);
629: }
630:
631: int
632: mm_pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, int namebuflen)
633: {
634: Buffer m;
1.18 markus 635: char *p;
1.1 provos 636: int success = 0;
637:
638: buffer_init(&m);
1.7 mouring 639: mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PTY, &m);
1.1 provos 640:
1.8 markus 641: debug3("%s: waiting for MONITOR_ANS_PTY", __func__);
1.7 mouring 642: mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PTY, &m);
1.1 provos 643:
644: success = buffer_get_int(&m);
645: if (success == 0) {
1.8 markus 646: debug3("%s: pty alloc failed", __func__);
1.1 provos 647: buffer_free(&m);
648: return (0);
649: }
650: p = buffer_get_string(&m, NULL);
651: buffer_free(&m);
652:
653: strlcpy(namebuf, p, namebuflen); /* Possible truncation */
654: xfree(p);
655:
1.7 mouring 656: *ptyfd = mm_receive_fd(pmonitor->m_recvfd);
657: *ttyfd = mm_receive_fd(pmonitor->m_recvfd);
1.1 provos 658:
659: /* Success */
660: return (1);
661: }
662:
663: void
1.32 markus 664: mm_session_pty_cleanup2(Session *s)
1.1 provos 665: {
666: Buffer m;
667:
668: if (s->ttyfd == -1)
669: return;
670: buffer_init(&m);
671: buffer_put_cstring(&m, s->tty);
1.7 mouring 672: mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PTYCLEANUP, &m);
1.1 provos 673: buffer_free(&m);
1.3 markus 674:
1.1 provos 675: /* closed dup'ed master */
676: if (close(s->ptymaster) < 0)
677: error("close(s->ptymaster): %s", strerror(errno));
678:
679: /* unlink pty from session */
680: s->ttyfd = -1;
681: }
682:
683: /* Request process termination */
684:
685: void
686: mm_terminate(void)
687: {
688: Buffer m;
689:
690: buffer_init(&m);
1.7 mouring 691: mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_TERM, &m);
1.1 provos 692: buffer_free(&m);
693: }
694:
695: int
696: mm_ssh1_session_key(BIGNUM *num)
697: {
698: int rsafail;
699: Buffer m;
700:
701: buffer_init(&m);
702: buffer_put_bignum2(&m, num);
1.7 mouring 703: mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SESSKEY, &m);
1.1 provos 704:
1.7 mouring 705: mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_SESSKEY, &m);
1.1 provos 706:
707: rsafail = buffer_get_int(&m);
708: buffer_get_bignum2(&m, num);
709:
710: buffer_free(&m);
711:
712: return (rsafail);
713: }
714:
1.2 markus 715: static void
1.1 provos 716: mm_chall_setup(char **name, char **infotxt, u_int *numprompts,
717: char ***prompts, u_int **echo_on)
718: {
1.10 deraadt 719: *name = xstrdup("");
720: *infotxt = xstrdup("");
1.1 provos 721: *numprompts = 1;
1.14 deraadt 722: *prompts = xmalloc(*numprompts * sizeof(char *));
1.1 provos 723: *echo_on = xmalloc(*numprompts * sizeof(u_int));
724: (*echo_on)[0] = 0;
725: }
726:
727: int
728: mm_bsdauth_query(void *ctx, char **name, char **infotxt,
729: u_int *numprompts, char ***prompts, u_int **echo_on)
730: {
731: Buffer m;
1.21 markus 732: u_int success;
1.1 provos 733: char *challenge;
734:
1.8 markus 735: debug3("%s: entering", __func__);
1.1 provos 736:
737: buffer_init(&m);
1.7 mouring 738: mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_BSDAUTHQUERY, &m);
1.1 provos 739:
1.7 mouring 740: mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_BSDAUTHQUERY,
1.1 provos 741: &m);
1.21 markus 742: success = buffer_get_int(&m);
743: if (success == 0) {
1.8 markus 744: debug3("%s: no challenge", __func__);
1.1 provos 745: buffer_free(&m);
746: return (-1);
747: }
748:
749: /* Get the challenge, and format the response */
750: challenge = buffer_get_string(&m, NULL);
751: buffer_free(&m);
752:
753: mm_chall_setup(name, infotxt, numprompts, prompts, echo_on);
754: (*prompts)[0] = challenge;
755:
1.8 markus 756: debug3("%s: received challenge: %s", __func__, challenge);
1.1 provos 757:
758: return (0);
759: }
760:
761: int
762: mm_bsdauth_respond(void *ctx, u_int numresponses, char **responses)
763: {
764: Buffer m;
765: int authok;
766:
1.8 markus 767: debug3("%s: entering", __func__);
1.1 provos 768: if (numresponses != 1)
769: return (-1);
770:
771: buffer_init(&m);
772: buffer_put_cstring(&m, responses[0]);
1.7 mouring 773: mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_BSDAUTHRESPOND, &m);
1.1 provos 774:
1.7 mouring 775: mm_request_receive_expect(pmonitor->m_recvfd,
1.1 provos 776: MONITOR_ANS_BSDAUTHRESPOND, &m);
777:
778: authok = buffer_get_int(&m);
779: buffer_free(&m);
780:
781: return ((authok == 0) ? -1 : 0);
782: }
783:
784: int
785: mm_skey_query(void *ctx, char **name, char **infotxt,
786: u_int *numprompts, char ***prompts, u_int **echo_on)
787: {
788: Buffer m;
1.21 markus 789: int len;
790: u_int success;
1.1 provos 791: char *p, *challenge;
792:
1.8 markus 793: debug3("%s: entering", __func__);
1.1 provos 794:
795: buffer_init(&m);
1.7 mouring 796: mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SKEYQUERY, &m);
1.1 provos 797:
1.7 mouring 798: mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_SKEYQUERY,
1.1 provos 799: &m);
1.21 markus 800: success = buffer_get_int(&m);
801: if (success == 0) {
1.8 markus 802: debug3("%s: no challenge", __func__);
1.1 provos 803: buffer_free(&m);
804: return (-1);
805: }
806:
807: /* Get the challenge, and format the response */
808: challenge = buffer_get_string(&m, NULL);
809: buffer_free(&m);
810:
1.8 markus 811: debug3("%s: received challenge: %s", __func__, challenge);
1.1 provos 812:
813: mm_chall_setup(name, infotxt, numprompts, prompts, echo_on);
814:
815: len = strlen(challenge) + strlen(SKEY_PROMPT) + 1;
816: p = xmalloc(len);
817: strlcpy(p, challenge, len);
818: strlcat(p, SKEY_PROMPT, len);
819: (*prompts)[0] = p;
820: xfree(challenge);
821:
822: return (0);
823: }
824:
825: int
826: mm_skey_respond(void *ctx, u_int numresponses, char **responses)
827: {
828: Buffer m;
829: int authok;
830:
1.8 markus 831: debug3("%s: entering", __func__);
1.1 provos 832: if (numresponses != 1)
833: return (-1);
834:
835: buffer_init(&m);
836: buffer_put_cstring(&m, responses[0]);
1.7 mouring 837: mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SKEYRESPOND, &m);
1.1 provos 838:
1.7 mouring 839: mm_request_receive_expect(pmonitor->m_recvfd,
1.1 provos 840: MONITOR_ANS_SKEYRESPOND, &m);
841:
842: authok = buffer_get_int(&m);
843: buffer_free(&m);
844:
845: return ((authok == 0) ? -1 : 0);
846: }
847:
848: void
849: mm_ssh1_session_id(u_char session_id[16])
850: {
851: Buffer m;
852: int i;
853:
1.8 markus 854: debug3("%s entering", __func__);
1.1 provos 855:
856: buffer_init(&m);
857: for (i = 0; i < 16; i++)
858: buffer_put_char(&m, session_id[i]);
859:
1.7 mouring 860: mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SESSID, &m);
1.1 provos 861: buffer_free(&m);
862: }
863:
864: int
865: mm_auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
866: {
867: Buffer m;
868: Key *key;
869: u_char *blob;
870: u_int blen;
1.22 markus 871: int allowed = 0, have_forced = 0;
1.1 provos 872:
1.8 markus 873: debug3("%s entering", __func__);
1.1 provos 874:
875: buffer_init(&m);
876: buffer_put_bignum2(&m, client_n);
877:
1.7 mouring 878: mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_RSAKEYALLOWED, &m);
879: mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_RSAKEYALLOWED, &m);
1.1 provos 880:
881: allowed = buffer_get_int(&m);
1.22 markus 882:
883: /* fake forced command */
884: auth_clear_options();
885: have_forced = buffer_get_int(&m);
886: forced_command = have_forced ? xstrdup("true") : NULL;
1.1 provos 887:
888: if (allowed && rkey != NULL) {
889: blob = buffer_get_string(&m, &blen);
890: if ((key = key_from_blob(blob, blen)) == NULL)
1.8 markus 891: fatal("%s: key_from_blob failed", __func__);
1.1 provos 892: *rkey = key;
893: xfree(blob);
894: }
895: mm_send_debug(&m);
896: buffer_free(&m);
897:
898: return (allowed);
899: }
900:
901: BIGNUM *
902: mm_auth_rsa_generate_challenge(Key *key)
903: {
904: Buffer m;
905: BIGNUM *challenge;
906: u_char *blob;
907: u_int blen;
908:
1.8 markus 909: debug3("%s entering", __func__);
1.1 provos 910:
911: if ((challenge = BN_new()) == NULL)
1.8 markus 912: fatal("%s: BN_new failed", __func__);
1.1 provos 913:
914: key->type = KEY_RSA; /* XXX cheat for key_to_blob */
915: if (key_to_blob(key, &blob, &blen) == 0)
1.8 markus 916: fatal("%s: key_to_blob failed", __func__);
1.1 provos 917: key->type = KEY_RSA1;
918:
919: buffer_init(&m);
920: buffer_put_string(&m, blob, blen);
921: xfree(blob);
922:
1.7 mouring 923: mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_RSACHALLENGE, &m);
924: mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_RSACHALLENGE, &m);
1.1 provos 925:
926: buffer_get_bignum2(&m, challenge);
927: buffer_free(&m);
928:
929: return (challenge);
930: }
931:
932: int
933: mm_auth_rsa_verify_response(Key *key, BIGNUM *p, u_char response[16])
934: {
935: Buffer m;
936: u_char *blob;
937: u_int blen;
938: int success = 0;
939:
1.8 markus 940: debug3("%s entering", __func__);
1.1 provos 941:
942: key->type = KEY_RSA; /* XXX cheat for key_to_blob */
943: if (key_to_blob(key, &blob, &blen) == 0)
1.8 markus 944: fatal("%s: key_to_blob failed", __func__);
1.1 provos 945: key->type = KEY_RSA1;
946:
947: buffer_init(&m);
948: buffer_put_string(&m, blob, blen);
949: buffer_put_string(&m, response, 16);
950: xfree(blob);
951:
1.7 mouring 952: mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_RSARESPONSE, &m);
953: mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_RSARESPONSE, &m);
1.1 provos 954:
955: success = buffer_get_int(&m);
956: buffer_free(&m);
957:
958: return (success);
959: }
1.29 markus 960:
961: #ifdef GSSAPI
962: OM_uint32
963: mm_ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID oid)
964: {
965: Buffer m;
966: OM_uint32 major;
967:
968: /* Client doesn't get to see the context */
969: *ctx = NULL;
970:
971: buffer_init(&m);
972: buffer_put_string(&m, oid->elements, oid->length);
973:
974: mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSETUP, &m);
975: mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSETUP, &m);
976:
977: major = buffer_get_int(&m);
978:
979: buffer_free(&m);
980: return (major);
981: }
982:
983: OM_uint32
984: mm_ssh_gssapi_accept_ctx(Gssctxt *ctx, gss_buffer_desc *in,
985: gss_buffer_desc *out, OM_uint32 *flags)
986: {
987: Buffer m;
988: OM_uint32 major;
1.30 deraadt 989: u_int len;
1.29 markus 990:
991: buffer_init(&m);
992: buffer_put_string(&m, in->value, in->length);
993:
994: mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSTEP, &m);
995: mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSTEP, &m);
996:
997: major = buffer_get_int(&m);
1.30 deraadt 998: out->value = buffer_get_string(&m, &len);
999: out->length = len;
1.29 markus 1000: if (flags)
1001: *flags = buffer_get_int(&m);
1002:
1003: buffer_free(&m);
1004:
1005: return (major);
1006: }
1007:
1008: int
1009: mm_ssh_gssapi_userok(char *user)
1010: {
1011: Buffer m;
1012: int authenticated = 0;
1013:
1014: buffer_init(&m);
1015:
1016: mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSUSEROK, &m);
1017: mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSUSEROK,
1018: &m);
1019:
1020: authenticated = buffer_get_int(&m);
1021:
1022: buffer_free(&m);
1023: debug3("%s: user %sauthenticated",__func__, authenticated ? "" : "not ");
1024: return (authenticated);
1025: }
1026: #endif /* GSSAPI */