Annotation of src/usr.bin/ssh/monitor_wrap.c, Revision 1.42
1.1 provos 1: /*
2: * Copyright 2002 Niels Provos <provos@citi.umich.edu>
3: * Copyright 2002 Markus Friedl <markus@openbsd.org>
4: * All rights reserved.
5: *
6: * Redistribution and use in source and binary forms, with or without
7: * modification, are permitted provided that the following conditions
8: * are met:
9: * 1. Redistributions of source code must retain the above copyright
10: * notice, this list of conditions and the following disclaimer.
11: * 2. Redistributions in binary form must reproduce the above copyright
12: * notice, this list of conditions and the following disclaimer in the
13: * documentation and/or other materials provided with the distribution.
14: *
15: * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
16: * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
17: * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
18: * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
19: * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
20: * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
21: * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
22: * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23: * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
24: * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25: */
26:
27: #include "includes.h"
28:
29: #include <openssl/bn.h>
30: #include <openssl/dh.h>
31:
32: #include "ssh.h"
33: #include "dh.h"
34: #include "kex.h"
35: #include "auth.h"
1.22 markus 36: #include "auth-options.h"
1.1 provos 37: #include "buffer.h"
38: #include "bufaux.h"
39: #include "packet.h"
40: #include "mac.h"
41: #include "log.h"
42: #include "zlib.h"
43: #include "monitor.h"
44: #include "monitor_wrap.h"
45: #include "xmalloc.h"
46: #include "atomicio.h"
47: #include "monitor_fdpass.h"
48: #include "getput.h"
49:
50: #include "auth.h"
51: #include "channels.h"
52: #include "session.h"
53:
1.29 markus 54: #ifdef GSSAPI
55: #include "ssh-gss.h"
56: #endif
57:
1.1 provos 58: /* Imports */
59: extern int compat20;
60: extern Newkeys *newkeys[];
61: extern z_stream incoming_stream;
62: extern z_stream outgoing_stream;
1.7 mouring 63: extern struct monitor *pmonitor;
1.1 provos 64: extern Buffer input, output;
1.39 dtucker 65: extern Buffer loginmsg;
1.1 provos 66:
1.32 markus 67: int
68: mm_is_monitor(void)
69: {
70: /*
71: * m_pid is only set in the privileged part, and
72: * points to the unprivileged child.
73: */
1.34 markus 74: return (pmonitor && pmonitor->m_pid > 0);
1.32 markus 75: }
76:
1.1 provos 77: void
1.36 avsm 78: mm_request_send(int sock, enum monitor_reqtype type, Buffer *m)
1.1 provos 79: {
1.13 deraadt 80: u_int mlen = buffer_len(m);
1.1 provos 81: u_char buf[5];
82:
1.8 markus 83: debug3("%s entering: type %d", __func__, type);
1.1 provos 84:
85: PUT_32BIT(buf, mlen + 1);
1.10 deraadt 86: buf[4] = (u_char) type; /* 1st byte of payload is mesg-type */
1.36 avsm 87: if (atomicio(vwrite, sock, buf, sizeof(buf)) != sizeof(buf))
1.40 avsm 88: fatal("%s: write: %s", __func__, strerror(errno));
1.36 avsm 89: if (atomicio(vwrite, sock, buffer_ptr(m), mlen) != mlen)
1.40 avsm 90: fatal("%s: write: %s", __func__, strerror(errno));
1.1 provos 91: }
92:
93: void
1.36 avsm 94: mm_request_receive(int sock, Buffer *m)
1.1 provos 95: {
96: u_char buf[4];
1.13 deraadt 97: u_int msg_len;
1.1 provos 98:
1.8 markus 99: debug3("%s entering", __func__);
1.1 provos 100:
1.40 avsm 101: if (atomicio(read, sock, buf, sizeof(buf)) != sizeof(buf)) {
102: if (errno == EPIPE)
1.32 markus 103: cleanup_exit(255);
1.40 avsm 104: fatal("%s: read: %s", __func__, strerror(errno));
1.1 provos 105: }
106: msg_len = GET_32BIT(buf);
107: if (msg_len > 256 * 1024)
1.8 markus 108: fatal("%s: read: bad msg_len %d", __func__, msg_len);
1.1 provos 109: buffer_clear(m);
110: buffer_append_space(m, msg_len);
1.40 avsm 111: if (atomicio(read, sock, buffer_ptr(m), msg_len) != msg_len)
112: fatal("%s: read: %s", __func__, strerror(errno));
1.1 provos 113: }
114:
115: void
1.36 avsm 116: mm_request_receive_expect(int sock, enum monitor_reqtype type, Buffer *m)
1.1 provos 117: {
118: u_char rtype;
119:
1.8 markus 120: debug3("%s entering: type %d", __func__, type);
1.1 provos 121:
1.36 avsm 122: mm_request_receive(sock, m);
1.1 provos 123: rtype = buffer_get_char(m);
124: if (rtype != type)
1.8 markus 125: fatal("%s: read: rtype %d != type %d", __func__,
1.1 provos 126: rtype, type);
127: }
128:
129: DH *
130: mm_choose_dh(int min, int nbits, int max)
131: {
132: BIGNUM *p, *g;
133: int success = 0;
134: Buffer m;
135:
136: buffer_init(&m);
137: buffer_put_int(&m, min);
138: buffer_put_int(&m, nbits);
139: buffer_put_int(&m, max);
140:
1.7 mouring 141: mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_MODULI, &m);
1.1 provos 142:
1.8 markus 143: debug3("%s: waiting for MONITOR_ANS_MODULI", __func__);
1.7 mouring 144: mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_MODULI, &m);
1.1 provos 145:
146: success = buffer_get_char(&m);
147: if (success == 0)
1.8 markus 148: fatal("%s: MONITOR_ANS_MODULI failed", __func__);
1.1 provos 149:
150: if ((p = BN_new()) == NULL)
1.8 markus 151: fatal("%s: BN_new failed", __func__);
1.3 markus 152: if ((g = BN_new()) == NULL)
1.8 markus 153: fatal("%s: BN_new failed", __func__);
1.1 provos 154: buffer_get_bignum2(&m, p);
155: buffer_get_bignum2(&m, g);
156:
1.8 markus 157: debug3("%s: remaining %d", __func__, buffer_len(&m));
1.1 provos 158: buffer_free(&m);
159:
160: return (dh_new_group(g, p));
161: }
162:
163: int
164: mm_key_sign(Key *key, u_char **sigp, u_int *lenp, u_char *data, u_int datalen)
165: {
1.7 mouring 166: Kex *kex = *pmonitor->m_pkex;
1.1 provos 167: Buffer m;
168:
1.8 markus 169: debug3("%s entering", __func__);
1.1 provos 170:
171: buffer_init(&m);
172: buffer_put_int(&m, kex->host_key_index(key));
173: buffer_put_string(&m, data, datalen);
174:
1.7 mouring 175: mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SIGN, &m);
1.1 provos 176:
1.8 markus 177: debug3("%s: waiting for MONITOR_ANS_SIGN", __func__);
1.7 mouring 178: mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_SIGN, &m);
1.1 provos 179: *sigp = buffer_get_string(&m, lenp);
180: buffer_free(&m);
181:
182: return (0);
183: }
184:
185: struct passwd *
1.37 dtucker 186: mm_getpwnamallow(const char *username)
1.1 provos 187: {
188: Buffer m;
189: struct passwd *pw;
190: u_int pwlen;
191:
1.8 markus 192: debug3("%s entering", __func__);
1.1 provos 193:
194: buffer_init(&m);
1.37 dtucker 195: buffer_put_cstring(&m, username);
1.1 provos 196:
1.7 mouring 197: mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PWNAM, &m);
1.1 provos 198:
1.8 markus 199: debug3("%s: waiting for MONITOR_ANS_PWNAM", __func__);
1.7 mouring 200: mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PWNAM, &m);
1.1 provos 201:
202: if (buffer_get_char(&m) == 0) {
203: buffer_free(&m);
204: return (NULL);
205: }
206: pw = buffer_get_string(&m, &pwlen);
207: if (pwlen != sizeof(struct passwd))
1.8 markus 208: fatal("%s: struct passwd size mismatch", __func__);
1.1 provos 209: pw->pw_name = buffer_get_string(&m, NULL);
210: pw->pw_passwd = buffer_get_string(&m, NULL);
211: pw->pw_gecos = buffer_get_string(&m, NULL);
212: pw->pw_class = buffer_get_string(&m, NULL);
213: pw->pw_dir = buffer_get_string(&m, NULL);
214: pw->pw_shell = buffer_get_string(&m, NULL);
215: buffer_free(&m);
216:
217: return (pw);
1.6 djm 218: }
219:
1.33 markus 220: char *
221: mm_auth2_read_banner(void)
1.6 djm 222: {
223: Buffer m;
224: char *banner;
225:
1.8 markus 226: debug3("%s entering", __func__);
1.6 djm 227:
228: buffer_init(&m);
1.7 mouring 229: mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTH2_READ_BANNER, &m);
1.6 djm 230: buffer_clear(&m);
231:
1.33 markus 232: mm_request_receive_expect(pmonitor->m_recvfd,
233: MONITOR_ANS_AUTH2_READ_BANNER, &m);
1.6 djm 234: banner = buffer_get_string(&m, NULL);
235: buffer_free(&m);
1.10 deraadt 236:
1.33 markus 237: /* treat empty banner as missing banner */
238: if (strlen(banner) == 0) {
239: xfree(banner);
240: banner = NULL;
241: }
1.6 djm 242: return (banner);
1.1 provos 243: }
244:
245: /* Inform the privileged process about service and style */
246:
247: void
248: mm_inform_authserv(char *service, char *style)
249: {
250: Buffer m;
251:
1.8 markus 252: debug3("%s entering", __func__);
1.1 provos 253:
254: buffer_init(&m);
255: buffer_put_cstring(&m, service);
256: buffer_put_cstring(&m, style ? style : "");
257:
1.7 mouring 258: mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHSERV, &m);
1.1 provos 259:
260: buffer_free(&m);
261: }
262:
263: /* Do the password authentication */
264: int
265: mm_auth_password(Authctxt *authctxt, char *password)
266: {
267: Buffer m;
268: int authenticated = 0;
269:
1.8 markus 270: debug3("%s entering", __func__);
1.1 provos 271:
272: buffer_init(&m);
273: buffer_put_cstring(&m, password);
1.7 mouring 274: mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHPASSWORD, &m);
1.1 provos 275:
1.8 markus 276: debug3("%s: waiting for MONITOR_ANS_AUTHPASSWORD", __func__);
1.7 mouring 277: mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUTHPASSWORD, &m);
1.1 provos 278:
279: authenticated = buffer_get_int(&m);
280:
281: buffer_free(&m);
282:
1.3 markus 283: debug3("%s: user %sauthenticated",
1.8 markus 284: __func__, authenticated ? "" : "not ");
1.1 provos 285: return (authenticated);
286: }
287:
288: int
289: mm_user_key_allowed(struct passwd *pw, Key *key)
290: {
291: return (mm_key_allowed(MM_USERKEY, NULL, NULL, key));
292: }
293:
294: int
295: mm_hostbased_key_allowed(struct passwd *pw, char *user, char *host,
296: Key *key)
297: {
298: return (mm_key_allowed(MM_HOSTKEY, user, host, key));
299: }
300:
301: int
302: mm_auth_rhosts_rsa_key_allowed(struct passwd *pw, char *user,
303: char *host, Key *key)
304: {
305: int ret;
306:
307: key->type = KEY_RSA; /* XXX hack for key_to_blob */
308: ret = mm_key_allowed(MM_RSAHOSTKEY, user, host, key);
309: key->type = KEY_RSA1;
310: return (ret);
311: }
312:
1.2 markus 313: static void
1.1 provos 314: mm_send_debug(Buffer *m)
315: {
316: char *msg;
317:
318: while (buffer_len(m)) {
319: msg = buffer_get_string(m, NULL);
1.8 markus 320: debug3("%s: Sending debug: %s", __func__, msg);
1.1 provos 321: packet_send_debug("%s", msg);
322: xfree(msg);
323: }
324: }
325:
326: int
327: mm_key_allowed(enum mm_keytype type, char *user, char *host, Key *key)
328: {
329: Buffer m;
330: u_char *blob;
331: u_int len;
1.22 markus 332: int allowed = 0, have_forced = 0;
1.1 provos 333:
1.8 markus 334: debug3("%s entering", __func__);
1.1 provos 335:
336: /* Convert the key to a blob and the pass it over */
337: if (!key_to_blob(key, &blob, &len))
338: return (0);
339:
340: buffer_init(&m);
341: buffer_put_int(&m, type);
342: buffer_put_cstring(&m, user ? user : "");
343: buffer_put_cstring(&m, host ? host : "");
344: buffer_put_string(&m, blob, len);
345: xfree(blob);
346:
1.7 mouring 347: mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYALLOWED, &m);
1.1 provos 348:
1.8 markus 349: debug3("%s: waiting for MONITOR_ANS_KEYALLOWED", __func__);
1.7 mouring 350: mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_KEYALLOWED, &m);
1.1 provos 351:
352: allowed = buffer_get_int(&m);
353:
1.22 markus 354: /* fake forced command */
355: auth_clear_options();
356: have_forced = buffer_get_int(&m);
357: forced_command = have_forced ? xstrdup("true") : NULL;
358:
1.1 provos 359: /* Send potential debug messages */
360: mm_send_debug(&m);
361:
362: buffer_free(&m);
363:
364: return (allowed);
365: }
366:
1.3 markus 367: /*
1.1 provos 368: * This key verify needs to send the key type along, because the
369: * privileged parent makes the decision if the key is allowed
370: * for authentication.
371: */
372:
373: int
374: mm_key_verify(Key *key, u_char *sig, u_int siglen, u_char *data, u_int datalen)
375: {
376: Buffer m;
377: u_char *blob;
378: u_int len;
379: int verified = 0;
380:
1.8 markus 381: debug3("%s entering", __func__);
1.1 provos 382:
383: /* Convert the key to a blob and the pass it over */
384: if (!key_to_blob(key, &blob, &len))
385: return (0);
386:
387: buffer_init(&m);
388: buffer_put_string(&m, blob, len);
389: buffer_put_string(&m, sig, siglen);
390: buffer_put_string(&m, data, datalen);
391: xfree(blob);
392:
1.7 mouring 393: mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYVERIFY, &m);
1.1 provos 394:
1.8 markus 395: debug3("%s: waiting for MONITOR_ANS_KEYVERIFY", __func__);
1.7 mouring 396: mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_KEYVERIFY, &m);
1.1 provos 397:
398: verified = buffer_get_int(&m);
399:
400: buffer_free(&m);
401:
402: return (verified);
403: }
404:
405: /* Export key state after authentication */
406: Newkeys *
407: mm_newkeys_from_blob(u_char *blob, int blen)
408: {
409: Buffer b;
410: u_int len;
411: Newkeys *newkey = NULL;
412: Enc *enc;
413: Mac *mac;
414: Comp *comp;
415:
1.8 markus 416: debug3("%s: %p(%d)", __func__, blob, blen);
1.1 provos 417: #ifdef DEBUG_PK
418: dump_base64(stderr, blob, blen);
419: #endif
420: buffer_init(&b);
421: buffer_append(&b, blob, blen);
422:
423: newkey = xmalloc(sizeof(*newkey));
424: enc = &newkey->enc;
425: mac = &newkey->mac;
426: comp = &newkey->comp;
427:
428: /* Enc structure */
429: enc->name = buffer_get_string(&b, NULL);
430: buffer_get(&b, &enc->cipher, sizeof(enc->cipher));
431: enc->enabled = buffer_get_int(&b);
432: enc->block_size = buffer_get_int(&b);
433: enc->key = buffer_get_string(&b, &enc->key_len);
434: enc->iv = buffer_get_string(&b, &len);
435: if (len != enc->block_size)
1.12 deraadt 436: fatal("%s: bad ivlen: expected %u != %u", __func__,
1.1 provos 437: enc->block_size, len);
438:
439: if (enc->name == NULL || cipher_by_name(enc->name) != enc->cipher)
1.8 markus 440: fatal("%s: bad cipher name %s or pointer %p", __func__,
1.1 provos 441: enc->name, enc->cipher);
442:
443: /* Mac structure */
444: mac->name = buffer_get_string(&b, NULL);
445: if (mac->name == NULL || mac_init(mac, mac->name) == -1)
1.8 markus 446: fatal("%s: can not init mac %s", __func__, mac->name);
1.1 provos 447: mac->enabled = buffer_get_int(&b);
448: mac->key = buffer_get_string(&b, &len);
449: if (len > mac->key_len)
1.12 deraadt 450: fatal("%s: bad mac key length: %u > %d", __func__, len,
1.1 provos 451: mac->key_len);
452: mac->key_len = len;
453:
454: /* Comp structure */
455: comp->type = buffer_get_int(&b);
456: comp->enabled = buffer_get_int(&b);
457: comp->name = buffer_get_string(&b, NULL);
458:
459: len = buffer_len(&b);
460: if (len != 0)
1.12 deraadt 461: error("newkeys_from_blob: remaining bytes in blob %u", len);
1.1 provos 462: buffer_free(&b);
463: return (newkey);
464: }
465:
466: int
467: mm_newkeys_to_blob(int mode, u_char **blobp, u_int *lenp)
468: {
469: Buffer b;
470: int len;
471: Enc *enc;
472: Mac *mac;
473: Comp *comp;
474: Newkeys *newkey = newkeys[mode];
475:
1.8 markus 476: debug3("%s: converting %p", __func__, newkey);
1.1 provos 477:
478: if (newkey == NULL) {
1.8 markus 479: error("%s: newkey == NULL", __func__);
1.1 provos 480: return 0;
481: }
482: enc = &newkey->enc;
483: mac = &newkey->mac;
484: comp = &newkey->comp;
485:
486: buffer_init(&b);
487: /* Enc structure */
488: buffer_put_cstring(&b, enc->name);
489: /* The cipher struct is constant and shared, you export pointer */
490: buffer_append(&b, &enc->cipher, sizeof(enc->cipher));
491: buffer_put_int(&b, enc->enabled);
492: buffer_put_int(&b, enc->block_size);
493: buffer_put_string(&b, enc->key, enc->key_len);
494: packet_get_keyiv(mode, enc->iv, enc->block_size);
495: buffer_put_string(&b, enc->iv, enc->block_size);
496:
497: /* Mac structure */
498: buffer_put_cstring(&b, mac->name);
499: buffer_put_int(&b, mac->enabled);
500: buffer_put_string(&b, mac->key, mac->key_len);
501:
502: /* Comp structure */
503: buffer_put_int(&b, comp->type);
504: buffer_put_int(&b, comp->enabled);
505: buffer_put_cstring(&b, comp->name);
506:
507: len = buffer_len(&b);
1.16 markus 508: if (lenp != NULL)
509: *lenp = len;
510: if (blobp != NULL) {
511: *blobp = xmalloc(len);
512: memcpy(*blobp, buffer_ptr(&b), len);
513: }
1.1 provos 514: memset(buffer_ptr(&b), 0, len);
515: buffer_free(&b);
516: return len;
517: }
518:
1.2 markus 519: static void
1.1 provos 520: mm_send_kex(Buffer *m, Kex *kex)
521: {
522: buffer_put_string(m, kex->session_id, kex->session_id_len);
523: buffer_put_int(m, kex->we_need);
524: buffer_put_int(m, kex->hostkey_type);
525: buffer_put_int(m, kex->kex_type);
526: buffer_put_string(m, buffer_ptr(&kex->my), buffer_len(&kex->my));
527: buffer_put_string(m, buffer_ptr(&kex->peer), buffer_len(&kex->peer));
528: buffer_put_int(m, kex->flags);
529: buffer_put_cstring(m, kex->client_version_string);
530: buffer_put_cstring(m, kex->server_version_string);
531: }
532:
533: void
1.36 avsm 534: mm_send_keystate(struct monitor *monitor)
1.1 provos 535: {
536: Buffer m;
537: u_char *blob, *p;
538: u_int bloblen, plen;
1.25 markus 539: u_int32_t seqnr, packets;
540: u_int64_t blocks;
1.1 provos 541:
542: buffer_init(&m);
543:
544: if (!compat20) {
545: u_char iv[24];
1.11 markus 546: u_char *key;
547: u_int ivlen, keylen;
1.1 provos 548:
549: buffer_put_int(&m, packet_get_protocol_flags());
550:
551: buffer_put_int(&m, packet_get_ssh1_cipher());
552:
1.11 markus 553: debug3("%s: Sending ssh1 KEY+IV", __func__);
554: keylen = packet_get_encryption_key(NULL);
555: key = xmalloc(keylen+1); /* add 1 if keylen == 0 */
556: keylen = packet_get_encryption_key(key);
557: buffer_put_string(&m, key, keylen);
558: memset(key, 0, keylen);
559: xfree(key);
560:
1.1 provos 561: ivlen = packet_get_keyiv_len(MODE_OUT);
562: packet_get_keyiv(MODE_OUT, iv, ivlen);
563: buffer_put_string(&m, iv, ivlen);
564: ivlen = packet_get_keyiv_len(MODE_OUT);
565: packet_get_keyiv(MODE_IN, iv, ivlen);
566: buffer_put_string(&m, iv, ivlen);
567: goto skip;
568: } else {
569: /* Kex for rekeying */
1.36 avsm 570: mm_send_kex(&m, *monitor->m_pkex);
1.1 provos 571: }
572:
573: debug3("%s: Sending new keys: %p %p",
1.8 markus 574: __func__, newkeys[MODE_OUT], newkeys[MODE_IN]);
1.1 provos 575:
576: /* Keys from Kex */
577: if (!mm_newkeys_to_blob(MODE_OUT, &blob, &bloblen))
1.8 markus 578: fatal("%s: conversion of newkeys failed", __func__);
1.1 provos 579:
580: buffer_put_string(&m, blob, bloblen);
581: xfree(blob);
582:
583: if (!mm_newkeys_to_blob(MODE_IN, &blob, &bloblen))
1.8 markus 584: fatal("%s: conversion of newkeys failed", __func__);
1.1 provos 585:
586: buffer_put_string(&m, blob, bloblen);
587: xfree(blob);
588:
1.25 markus 589: packet_get_state(MODE_OUT, &seqnr, &blocks, &packets);
590: buffer_put_int(&m, seqnr);
591: buffer_put_int64(&m, blocks);
592: buffer_put_int(&m, packets);
1.26 markus 593: packet_get_state(MODE_IN, &seqnr, &blocks, &packets);
1.25 markus 594: buffer_put_int(&m, seqnr);
595: buffer_put_int64(&m, blocks);
596: buffer_put_int(&m, packets);
1.1 provos 597:
1.8 markus 598: debug3("%s: New keys have been sent", __func__);
1.1 provos 599: skip:
600: /* More key context */
601: plen = packet_get_keycontext(MODE_OUT, NULL);
602: p = xmalloc(plen+1);
603: packet_get_keycontext(MODE_OUT, p);
604: buffer_put_string(&m, p, plen);
605: xfree(p);
606:
607: plen = packet_get_keycontext(MODE_IN, NULL);
608: p = xmalloc(plen+1);
609: packet_get_keycontext(MODE_IN, p);
610: buffer_put_string(&m, p, plen);
611: xfree(p);
612:
613: /* Compression state */
1.8 markus 614: debug3("%s: Sending compression state", __func__);
1.1 provos 615: buffer_put_string(&m, &outgoing_stream, sizeof(outgoing_stream));
616: buffer_put_string(&m, &incoming_stream, sizeof(incoming_stream));
617:
618: /* Network I/O buffers */
619: buffer_put_string(&m, buffer_ptr(&input), buffer_len(&input));
620: buffer_put_string(&m, buffer_ptr(&output), buffer_len(&output));
621:
1.36 avsm 622: mm_request_send(monitor->m_recvfd, MONITOR_REQ_KEYEXPORT, &m);
1.8 markus 623: debug3("%s: Finished sending state", __func__);
1.1 provos 624:
625: buffer_free(&m);
626: }
627:
628: int
1.42 ! deraadt 629: mm_pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, size_t namebuflen)
1.1 provos 630: {
631: Buffer m;
1.39 dtucker 632: char *p, *msg;
1.1 provos 633: int success = 0;
634:
635: buffer_init(&m);
1.7 mouring 636: mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PTY, &m);
1.1 provos 637:
1.8 markus 638: debug3("%s: waiting for MONITOR_ANS_PTY", __func__);
1.7 mouring 639: mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PTY, &m);
1.1 provos 640:
641: success = buffer_get_int(&m);
642: if (success == 0) {
1.8 markus 643: debug3("%s: pty alloc failed", __func__);
1.1 provos 644: buffer_free(&m);
645: return (0);
646: }
647: p = buffer_get_string(&m, NULL);
1.39 dtucker 648: msg = buffer_get_string(&m, NULL);
1.1 provos 649: buffer_free(&m);
650:
651: strlcpy(namebuf, p, namebuflen); /* Possible truncation */
652: xfree(p);
1.39 dtucker 653:
654: buffer_append(&loginmsg, msg, strlen(msg));
655: xfree(msg);
1.1 provos 656:
1.7 mouring 657: *ptyfd = mm_receive_fd(pmonitor->m_recvfd);
658: *ttyfd = mm_receive_fd(pmonitor->m_recvfd);
1.1 provos 659:
660: /* Success */
661: return (1);
662: }
663:
664: void
1.32 markus 665: mm_session_pty_cleanup2(Session *s)
1.1 provos 666: {
667: Buffer m;
668:
669: if (s->ttyfd == -1)
670: return;
671: buffer_init(&m);
672: buffer_put_cstring(&m, s->tty);
1.7 mouring 673: mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PTYCLEANUP, &m);
1.1 provos 674: buffer_free(&m);
1.3 markus 675:
1.1 provos 676: /* closed dup'ed master */
677: if (close(s->ptymaster) < 0)
678: error("close(s->ptymaster): %s", strerror(errno));
679:
680: /* unlink pty from session */
681: s->ttyfd = -1;
682: }
683:
684: /* Request process termination */
685:
686: void
687: mm_terminate(void)
688: {
689: Buffer m;
690:
691: buffer_init(&m);
1.7 mouring 692: mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_TERM, &m);
1.1 provos 693: buffer_free(&m);
694: }
695:
696: int
697: mm_ssh1_session_key(BIGNUM *num)
698: {
699: int rsafail;
700: Buffer m;
701:
702: buffer_init(&m);
703: buffer_put_bignum2(&m, num);
1.7 mouring 704: mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SESSKEY, &m);
1.1 provos 705:
1.7 mouring 706: mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_SESSKEY, &m);
1.1 provos 707:
708: rsafail = buffer_get_int(&m);
709: buffer_get_bignum2(&m, num);
710:
711: buffer_free(&m);
712:
713: return (rsafail);
714: }
715:
1.2 markus 716: static void
1.1 provos 717: mm_chall_setup(char **name, char **infotxt, u_int *numprompts,
718: char ***prompts, u_int **echo_on)
719: {
1.10 deraadt 720: *name = xstrdup("");
721: *infotxt = xstrdup("");
1.1 provos 722: *numprompts = 1;
1.14 deraadt 723: *prompts = xmalloc(*numprompts * sizeof(char *));
1.1 provos 724: *echo_on = xmalloc(*numprompts * sizeof(u_int));
725: (*echo_on)[0] = 0;
726: }
727:
728: int
729: mm_bsdauth_query(void *ctx, char **name, char **infotxt,
730: u_int *numprompts, char ***prompts, u_int **echo_on)
731: {
732: Buffer m;
1.21 markus 733: u_int success;
1.1 provos 734: char *challenge;
735:
1.8 markus 736: debug3("%s: entering", __func__);
1.1 provos 737:
738: buffer_init(&m);
1.7 mouring 739: mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_BSDAUTHQUERY, &m);
1.1 provos 740:
1.7 mouring 741: mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_BSDAUTHQUERY,
1.1 provos 742: &m);
1.21 markus 743: success = buffer_get_int(&m);
744: if (success == 0) {
1.8 markus 745: debug3("%s: no challenge", __func__);
1.1 provos 746: buffer_free(&m);
747: return (-1);
748: }
749:
750: /* Get the challenge, and format the response */
751: challenge = buffer_get_string(&m, NULL);
752: buffer_free(&m);
753:
754: mm_chall_setup(name, infotxt, numprompts, prompts, echo_on);
755: (*prompts)[0] = challenge;
756:
1.8 markus 757: debug3("%s: received challenge: %s", __func__, challenge);
1.1 provos 758:
759: return (0);
760: }
761:
762: int
763: mm_bsdauth_respond(void *ctx, u_int numresponses, char **responses)
764: {
765: Buffer m;
766: int authok;
767:
1.8 markus 768: debug3("%s: entering", __func__);
1.1 provos 769: if (numresponses != 1)
770: return (-1);
771:
772: buffer_init(&m);
773: buffer_put_cstring(&m, responses[0]);
1.7 mouring 774: mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_BSDAUTHRESPOND, &m);
1.1 provos 775:
1.7 mouring 776: mm_request_receive_expect(pmonitor->m_recvfd,
1.1 provos 777: MONITOR_ANS_BSDAUTHRESPOND, &m);
778:
779: authok = buffer_get_int(&m);
780: buffer_free(&m);
781:
782: return ((authok == 0) ? -1 : 0);
783: }
784:
1.38 dtucker 785: #ifdef SKEY
1.1 provos 786: int
787: mm_skey_query(void *ctx, char **name, char **infotxt,
788: u_int *numprompts, char ***prompts, u_int **echo_on)
789: {
790: Buffer m;
1.21 markus 791: int len;
792: u_int success;
1.1 provos 793: char *p, *challenge;
794:
1.8 markus 795: debug3("%s: entering", __func__);
1.1 provos 796:
797: buffer_init(&m);
1.7 mouring 798: mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SKEYQUERY, &m);
1.1 provos 799:
1.7 mouring 800: mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_SKEYQUERY,
1.1 provos 801: &m);
1.21 markus 802: success = buffer_get_int(&m);
803: if (success == 0) {
1.8 markus 804: debug3("%s: no challenge", __func__);
1.1 provos 805: buffer_free(&m);
806: return (-1);
807: }
808:
809: /* Get the challenge, and format the response */
810: challenge = buffer_get_string(&m, NULL);
811: buffer_free(&m);
812:
1.8 markus 813: debug3("%s: received challenge: %s", __func__, challenge);
1.1 provos 814:
815: mm_chall_setup(name, infotxt, numprompts, prompts, echo_on);
816:
817: len = strlen(challenge) + strlen(SKEY_PROMPT) + 1;
818: p = xmalloc(len);
819: strlcpy(p, challenge, len);
820: strlcat(p, SKEY_PROMPT, len);
821: (*prompts)[0] = p;
822: xfree(challenge);
823:
824: return (0);
825: }
826:
827: int
828: mm_skey_respond(void *ctx, u_int numresponses, char **responses)
829: {
830: Buffer m;
831: int authok;
832:
1.8 markus 833: debug3("%s: entering", __func__);
1.1 provos 834: if (numresponses != 1)
835: return (-1);
836:
837: buffer_init(&m);
838: buffer_put_cstring(&m, responses[0]);
1.7 mouring 839: mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SKEYRESPOND, &m);
1.1 provos 840:
1.7 mouring 841: mm_request_receive_expect(pmonitor->m_recvfd,
1.1 provos 842: MONITOR_ANS_SKEYRESPOND, &m);
843:
844: authok = buffer_get_int(&m);
845: buffer_free(&m);
846:
847: return ((authok == 0) ? -1 : 0);
848: }
1.38 dtucker 849: #endif /* SKEY */
1.1 provos 850:
851: void
852: mm_ssh1_session_id(u_char session_id[16])
853: {
854: Buffer m;
855: int i;
856:
1.8 markus 857: debug3("%s entering", __func__);
1.1 provos 858:
859: buffer_init(&m);
860: for (i = 0; i < 16; i++)
861: buffer_put_char(&m, session_id[i]);
862:
1.7 mouring 863: mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SESSID, &m);
1.1 provos 864: buffer_free(&m);
865: }
866:
867: int
868: mm_auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
869: {
870: Buffer m;
871: Key *key;
872: u_char *blob;
873: u_int blen;
1.22 markus 874: int allowed = 0, have_forced = 0;
1.1 provos 875:
1.8 markus 876: debug3("%s entering", __func__);
1.1 provos 877:
878: buffer_init(&m);
879: buffer_put_bignum2(&m, client_n);
880:
1.7 mouring 881: mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_RSAKEYALLOWED, &m);
882: mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_RSAKEYALLOWED, &m);
1.1 provos 883:
884: allowed = buffer_get_int(&m);
1.22 markus 885:
886: /* fake forced command */
887: auth_clear_options();
888: have_forced = buffer_get_int(&m);
889: forced_command = have_forced ? xstrdup("true") : NULL;
1.1 provos 890:
891: if (allowed && rkey != NULL) {
892: blob = buffer_get_string(&m, &blen);
893: if ((key = key_from_blob(blob, blen)) == NULL)
1.8 markus 894: fatal("%s: key_from_blob failed", __func__);
1.1 provos 895: *rkey = key;
896: xfree(blob);
897: }
898: mm_send_debug(&m);
899: buffer_free(&m);
900:
901: return (allowed);
902: }
903:
904: BIGNUM *
905: mm_auth_rsa_generate_challenge(Key *key)
906: {
907: Buffer m;
908: BIGNUM *challenge;
909: u_char *blob;
910: u_int blen;
911:
1.8 markus 912: debug3("%s entering", __func__);
1.1 provos 913:
914: if ((challenge = BN_new()) == NULL)
1.8 markus 915: fatal("%s: BN_new failed", __func__);
1.1 provos 916:
917: key->type = KEY_RSA; /* XXX cheat for key_to_blob */
918: if (key_to_blob(key, &blob, &blen) == 0)
1.8 markus 919: fatal("%s: key_to_blob failed", __func__);
1.1 provos 920: key->type = KEY_RSA1;
921:
922: buffer_init(&m);
923: buffer_put_string(&m, blob, blen);
924: xfree(blob);
925:
1.7 mouring 926: mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_RSACHALLENGE, &m);
927: mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_RSACHALLENGE, &m);
1.1 provos 928:
929: buffer_get_bignum2(&m, challenge);
930: buffer_free(&m);
931:
932: return (challenge);
933: }
934:
935: int
936: mm_auth_rsa_verify_response(Key *key, BIGNUM *p, u_char response[16])
937: {
938: Buffer m;
939: u_char *blob;
940: u_int blen;
941: int success = 0;
942:
1.8 markus 943: debug3("%s entering", __func__);
1.1 provos 944:
945: key->type = KEY_RSA; /* XXX cheat for key_to_blob */
946: if (key_to_blob(key, &blob, &blen) == 0)
1.8 markus 947: fatal("%s: key_to_blob failed", __func__);
1.1 provos 948: key->type = KEY_RSA1;
949:
950: buffer_init(&m);
951: buffer_put_string(&m, blob, blen);
952: buffer_put_string(&m, response, 16);
953: xfree(blob);
954:
1.7 mouring 955: mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_RSARESPONSE, &m);
956: mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_RSARESPONSE, &m);
1.1 provos 957:
958: success = buffer_get_int(&m);
959: buffer_free(&m);
960:
961: return (success);
962: }
1.29 markus 963:
964: #ifdef GSSAPI
965: OM_uint32
1.36 avsm 966: mm_ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID goid)
1.29 markus 967: {
968: Buffer m;
969: OM_uint32 major;
970:
971: /* Client doesn't get to see the context */
972: *ctx = NULL;
973:
974: buffer_init(&m);
1.36 avsm 975: buffer_put_string(&m, goid->elements, goid->length);
1.29 markus 976:
977: mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSETUP, &m);
978: mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSETUP, &m);
979:
980: major = buffer_get_int(&m);
981:
982: buffer_free(&m);
983: return (major);
984: }
985:
986: OM_uint32
987: mm_ssh_gssapi_accept_ctx(Gssctxt *ctx, gss_buffer_desc *in,
988: gss_buffer_desc *out, OM_uint32 *flags)
989: {
990: Buffer m;
991: OM_uint32 major;
1.30 deraadt 992: u_int len;
1.29 markus 993:
994: buffer_init(&m);
995: buffer_put_string(&m, in->value, in->length);
996:
997: mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSTEP, &m);
998: mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSTEP, &m);
999:
1000: major = buffer_get_int(&m);
1.30 deraadt 1001: out->value = buffer_get_string(&m, &len);
1002: out->length = len;
1.29 markus 1003: if (flags)
1004: *flags = buffer_get_int(&m);
1005:
1006: buffer_free(&m);
1007:
1008: return (major);
1.35 markus 1009: }
1010:
1011: OM_uint32
1012: mm_ssh_gssapi_checkmic(Gssctxt *ctx, gss_buffer_t gssbuf, gss_buffer_t gssmic)
1013: {
1014: Buffer m;
1015: OM_uint32 major;
1016:
1017: buffer_init(&m);
1018: buffer_put_string(&m, gssbuf->value, gssbuf->length);
1019: buffer_put_string(&m, gssmic->value, gssmic->length);
1020:
1021: mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSCHECKMIC, &m);
1022: mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSCHECKMIC,
1023: &m);
1024:
1025: major = buffer_get_int(&m);
1026: buffer_free(&m);
1027: return(major);
1.29 markus 1028: }
1029:
1030: int
1031: mm_ssh_gssapi_userok(char *user)
1032: {
1033: Buffer m;
1034: int authenticated = 0;
1035:
1036: buffer_init(&m);
1037:
1038: mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSUSEROK, &m);
1039: mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSUSEROK,
1040: &m);
1041:
1042: authenticated = buffer_get_int(&m);
1043:
1044: buffer_free(&m);
1045: debug3("%s: user %sauthenticated",__func__, authenticated ? "" : "not ");
1046: return (authenticated);
1047: }
1048: #endif /* GSSAPI */