1/*
2 * Copyright 2002 Niels Provos <provos@citi.umich.edu>
3 * Copyright 2002 Markus Friedl <markus@openbsd.org>
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
14 *
15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
16 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
17 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
18 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
19 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
20 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
21 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
22 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
24 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25 */
26
27#include "includes.h"
| 1/*
2 * Copyright 2002 Niels Provos <provos@citi.umich.edu>
3 * Copyright 2002 Markus Friedl <markus@openbsd.org>
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
14 *
15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
16 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
17 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
18 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
19 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
20 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
21 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
22 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
24 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25 */
26
27#include "includes.h"
|
28RCSID("$OpenBSD: monitor_wrap.c,v 1.35 2003/11/17 11:06:07 markus Exp $");
29RCSID("$FreeBSD: head/crypto/openssh/monitor_wrap.c 128460 2004-04-20 09:46:41Z des $");
| 28RCSID("$OpenBSD: monitor_wrap.c,v 1.39 2004/07/17 05:31:41 dtucker Exp $");
29RCSID("$FreeBSD: head/crypto/openssh/monitor_wrap.c 137019 2004-10-28 16:11:31Z des $");
|
30
31#include <openssl/bn.h>
32#include <openssl/dh.h>
33
34#include "ssh.h"
35#include "dh.h"
36#include "kex.h"
37#include "auth.h"
38#include "auth-options.h"
39#include "buffer.h"
40#include "bufaux.h"
41#include "packet.h"
42#include "mac.h"
43#include "log.h"
44#ifdef TARGET_OS_MAC /* XXX Broken krb5 headers on Mac */
45#undef TARGET_OS_MAC
46#include "zlib.h"
47#define TARGET_OS_MAC 1
48#else
49#include "zlib.h"
50#endif
51#include "monitor.h"
52#include "monitor_wrap.h"
53#include "xmalloc.h"
54#include "atomicio.h"
55#include "monitor_fdpass.h"
56#include "getput.h"
57#include "servconf.h"
58
59#include "auth.h"
60#include "channels.h"
61#include "session.h"
62
63#ifdef GSSAPI
64#include "ssh-gss.h"
65#endif
66
67/* Imports */
68extern int compat20;
69extern Newkeys *newkeys[];
70extern z_stream incoming_stream;
71extern z_stream outgoing_stream;
72extern struct monitor *pmonitor;
73extern Buffer input, output;
| 30
31#include <openssl/bn.h>
32#include <openssl/dh.h>
33
34#include "ssh.h"
35#include "dh.h"
36#include "kex.h"
37#include "auth.h"
38#include "auth-options.h"
39#include "buffer.h"
40#include "bufaux.h"
41#include "packet.h"
42#include "mac.h"
43#include "log.h"
44#ifdef TARGET_OS_MAC /* XXX Broken krb5 headers on Mac */
45#undef TARGET_OS_MAC
46#include "zlib.h"
47#define TARGET_OS_MAC 1
48#else
49#include "zlib.h"
50#endif
51#include "monitor.h"
52#include "monitor_wrap.h"
53#include "xmalloc.h"
54#include "atomicio.h"
55#include "monitor_fdpass.h"
56#include "getput.h"
57#include "servconf.h"
58
59#include "auth.h"
60#include "channels.h"
61#include "session.h"
62
63#ifdef GSSAPI
64#include "ssh-gss.h"
65#endif
66
67/* Imports */
68extern int compat20;
69extern Newkeys *newkeys[];
70extern z_stream incoming_stream;
71extern z_stream outgoing_stream;
72extern struct monitor *pmonitor;
73extern Buffer input, output;
|
| 74extern Buffer loginmsg;
|
74extern ServerOptions options;
75
76int
77mm_is_monitor(void)
78{
79 /*
80 * m_pid is only set in the privileged part, and
81 * points to the unprivileged child.
82 */
83 return (pmonitor && pmonitor->m_pid > 0);
84}
85
86void
| 75extern ServerOptions options;
76
77int
78mm_is_monitor(void)
79{
80 /*
81 * m_pid is only set in the privileged part, and
82 * points to the unprivileged child.
83 */
84 return (pmonitor && pmonitor->m_pid > 0);
85}
86
87void
|
87mm_request_send(int socket, enum monitor_reqtype type, Buffer *m)
| 88mm_request_send(int sock, enum monitor_reqtype type, Buffer *m)
|
88{
89 u_int mlen = buffer_len(m);
90 u_char buf[5];
91
92 debug3("%s entering: type %d", __func__, type);
93
94 PUT_32BIT(buf, mlen + 1);
95 buf[4] = (u_char) type; /* 1st byte of payload is mesg-type */
| 89{
90 u_int mlen = buffer_len(m);
91 u_char buf[5];
92
93 debug3("%s entering: type %d", __func__, type);
94
95 PUT_32BIT(buf, mlen + 1);
96 buf[4] = (u_char) type; /* 1st byte of payload is mesg-type */
|
96 if (atomicio(vwrite, socket, buf, sizeof(buf)) != sizeof(buf))
| 97 if (atomicio(vwrite, sock, buf, sizeof(buf)) != sizeof(buf))
|
97 fatal("%s: write", __func__);
| 98 fatal("%s: write", __func__);
|
98 if (atomicio(vwrite, socket, buffer_ptr(m), mlen) != mlen)
| 99 if (atomicio(vwrite, sock, buffer_ptr(m), mlen) != mlen)
|
99 fatal("%s: write", __func__);
100}
101
102void
| 100 fatal("%s: write", __func__);
101}
102
103void
|
103mm_request_receive(int socket, Buffer *m)
| 104mm_request_receive(int sock, Buffer *m)
|
104{
105 u_char buf[4];
106 u_int msg_len;
107 ssize_t res;
108
109 debug3("%s entering", __func__);
110
| 105{
106 u_char buf[4];
107 u_int msg_len;
108 ssize_t res;
109
110 debug3("%s entering", __func__);
111
|
111 res = atomicio(read, socket, buf, sizeof(buf));
| 112 res = atomicio(read, sock, buf, sizeof(buf));
|
112 if (res != sizeof(buf)) {
113 if (res == 0)
114 cleanup_exit(255);
115 fatal("%s: read: %ld", __func__, (long)res);
116 }
117 msg_len = GET_32BIT(buf);
118 if (msg_len > 256 * 1024)
119 fatal("%s: read: bad msg_len %d", __func__, msg_len);
120 buffer_clear(m);
121 buffer_append_space(m, msg_len);
| 113 if (res != sizeof(buf)) {
114 if (res == 0)
115 cleanup_exit(255);
116 fatal("%s: read: %ld", __func__, (long)res);
117 }
118 msg_len = GET_32BIT(buf);
119 if (msg_len > 256 * 1024)
120 fatal("%s: read: bad msg_len %d", __func__, msg_len);
121 buffer_clear(m);
122 buffer_append_space(m, msg_len);
|
122 res = atomicio(read, socket, buffer_ptr(m), msg_len);
| 123 res = atomicio(read, sock, buffer_ptr(m), msg_len);
|
123 if (res != msg_len)
124 fatal("%s: read: %ld != msg_len", __func__, (long)res);
125}
126
127void
| 124 if (res != msg_len)
125 fatal("%s: read: %ld != msg_len", __func__, (long)res);
126}
127
128void
|
128mm_request_receive_expect(int socket, enum monitor_reqtype type, Buffer *m)
| 129mm_request_receive_expect(int sock, enum monitor_reqtype type, Buffer *m)
|
129{
130 u_char rtype;
131
132 debug3("%s entering: type %d", __func__, type);
133
| 130{
131 u_char rtype;
132
133 debug3("%s entering: type %d", __func__, type);
134
|
134 mm_request_receive(socket, m);
| 135 mm_request_receive(sock, m);
|
135 rtype = buffer_get_char(m);
136 if (rtype != type)
137 fatal("%s: read: rtype %d != type %d", __func__,
138 rtype, type);
139}
140
141DH *
142mm_choose_dh(int min, int nbits, int max)
143{
144 BIGNUM *p, *g;
145 int success = 0;
146 Buffer m;
147
148 buffer_init(&m);
149 buffer_put_int(&m, min);
150 buffer_put_int(&m, nbits);
151 buffer_put_int(&m, max);
152
153 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_MODULI, &m);
154
155 debug3("%s: waiting for MONITOR_ANS_MODULI", __func__);
156 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_MODULI, &m);
157
158 success = buffer_get_char(&m);
159 if (success == 0)
160 fatal("%s: MONITOR_ANS_MODULI failed", __func__);
161
162 if ((p = BN_new()) == NULL)
163 fatal("%s: BN_new failed", __func__);
164 if ((g = BN_new()) == NULL)
165 fatal("%s: BN_new failed", __func__);
166 buffer_get_bignum2(&m, p);
167 buffer_get_bignum2(&m, g);
168
169 debug3("%s: remaining %d", __func__, buffer_len(&m));
170 buffer_free(&m);
171
172 return (dh_new_group(g, p));
173}
174
175int
176mm_key_sign(Key *key, u_char **sigp, u_int *lenp, u_char *data, u_int datalen)
177{
178 Kex *kex = *pmonitor->m_pkex;
179 Buffer m;
180
181 debug3("%s entering", __func__);
182
183 buffer_init(&m);
184 buffer_put_int(&m, kex->host_key_index(key));
185 buffer_put_string(&m, data, datalen);
186
187 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SIGN, &m);
188
189 debug3("%s: waiting for MONITOR_ANS_SIGN", __func__);
190 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_SIGN, &m);
191 *sigp = buffer_get_string(&m, lenp);
192 buffer_free(&m);
193
194 return (0);
195}
196
197struct passwd *
| 136 rtype = buffer_get_char(m);
137 if (rtype != type)
138 fatal("%s: read: rtype %d != type %d", __func__,
139 rtype, type);
140}
141
142DH *
143mm_choose_dh(int min, int nbits, int max)
144{
145 BIGNUM *p, *g;
146 int success = 0;
147 Buffer m;
148
149 buffer_init(&m);
150 buffer_put_int(&m, min);
151 buffer_put_int(&m, nbits);
152 buffer_put_int(&m, max);
153
154 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_MODULI, &m);
155
156 debug3("%s: waiting for MONITOR_ANS_MODULI", __func__);
157 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_MODULI, &m);
158
159 success = buffer_get_char(&m);
160 if (success == 0)
161 fatal("%s: MONITOR_ANS_MODULI failed", __func__);
162
163 if ((p = BN_new()) == NULL)
164 fatal("%s: BN_new failed", __func__);
165 if ((g = BN_new()) == NULL)
166 fatal("%s: BN_new failed", __func__);
167 buffer_get_bignum2(&m, p);
168 buffer_get_bignum2(&m, g);
169
170 debug3("%s: remaining %d", __func__, buffer_len(&m));
171 buffer_free(&m);
172
173 return (dh_new_group(g, p));
174}
175
176int
177mm_key_sign(Key *key, u_char **sigp, u_int *lenp, u_char *data, u_int datalen)
178{
179 Kex *kex = *pmonitor->m_pkex;
180 Buffer m;
181
182 debug3("%s entering", __func__);
183
184 buffer_init(&m);
185 buffer_put_int(&m, kex->host_key_index(key));
186 buffer_put_string(&m, data, datalen);
187
188 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SIGN, &m);
189
190 debug3("%s: waiting for MONITOR_ANS_SIGN", __func__);
191 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_SIGN, &m);
192 *sigp = buffer_get_string(&m, lenp);
193 buffer_free(&m);
194
195 return (0);
196}
197
198struct passwd *
|
198mm_getpwnamallow(const char *login)
| 199mm_getpwnamallow(const char *username)
|
199{
200 Buffer m;
201 struct passwd *pw;
202 u_int pwlen;
203
204 debug3("%s entering", __func__);
205
206 buffer_init(&m);
| 200{
201 Buffer m;
202 struct passwd *pw;
203 u_int pwlen;
204
205 debug3("%s entering", __func__);
206
207 buffer_init(&m);
|
207 buffer_put_cstring(&m, login);
| 208 buffer_put_cstring(&m, username);
|
208
209 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PWNAM, &m);
210
211 debug3("%s: waiting for MONITOR_ANS_PWNAM", __func__);
212 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PWNAM, &m);
213
214 if (buffer_get_char(&m) == 0) {
215 buffer_free(&m);
216 return (NULL);
217 }
218 pw = buffer_get_string(&m, &pwlen);
219 if (pwlen != sizeof(struct passwd))
220 fatal("%s: struct passwd size mismatch", __func__);
221 pw->pw_name = buffer_get_string(&m, NULL);
222 pw->pw_passwd = buffer_get_string(&m, NULL);
223 pw->pw_gecos = buffer_get_string(&m, NULL);
224#ifdef HAVE_PW_CLASS_IN_PASSWD
225 pw->pw_class = buffer_get_string(&m, NULL);
226#endif
227 pw->pw_dir = buffer_get_string(&m, NULL);
228 pw->pw_shell = buffer_get_string(&m, NULL);
229 buffer_free(&m);
230
231 return (pw);
232}
233
234char *
235mm_auth2_read_banner(void)
236{
237 Buffer m;
238 char *banner;
239
240 debug3("%s entering", __func__);
241
242 buffer_init(&m);
243 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTH2_READ_BANNER, &m);
244 buffer_clear(&m);
245
246 mm_request_receive_expect(pmonitor->m_recvfd,
247 MONITOR_ANS_AUTH2_READ_BANNER, &m);
248 banner = buffer_get_string(&m, NULL);
249 buffer_free(&m);
250
251 /* treat empty banner as missing banner */
252 if (strlen(banner) == 0) {
253 xfree(banner);
254 banner = NULL;
255 }
256 return (banner);
257}
258
259/* Inform the privileged process about service and style */
260
261void
262mm_inform_authserv(char *service, char *style)
263{
264 Buffer m;
265
266 debug3("%s entering", __func__);
267
268 buffer_init(&m);
269 buffer_put_cstring(&m, service);
270 buffer_put_cstring(&m, style ? style : "");
271
272 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHSERV, &m);
273
274 buffer_free(&m);
275}
276
277/* Do the password authentication */
278int
279mm_auth_password(Authctxt *authctxt, char *password)
280{
281 Buffer m;
282 int authenticated = 0;
283
284 debug3("%s entering", __func__);
285
286 buffer_init(&m);
287 buffer_put_cstring(&m, password);
288 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHPASSWORD, &m);
289
290 debug3("%s: waiting for MONITOR_ANS_AUTHPASSWORD", __func__);
291 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUTHPASSWORD, &m);
292
293 authenticated = buffer_get_int(&m);
294
295 buffer_free(&m);
296
297 debug3("%s: user %sauthenticated",
298 __func__, authenticated ? "" : "not ");
299 return (authenticated);
300}
301
302int
303mm_user_key_allowed(struct passwd *pw, Key *key)
304{
305 return (mm_key_allowed(MM_USERKEY, NULL, NULL, key));
306}
307
308int
309mm_hostbased_key_allowed(struct passwd *pw, char *user, char *host,
310 Key *key)
311{
312 return (mm_key_allowed(MM_HOSTKEY, user, host, key));
313}
314
315int
316mm_auth_rhosts_rsa_key_allowed(struct passwd *pw, char *user,
317 char *host, Key *key)
318{
319 int ret;
320
321 key->type = KEY_RSA; /* XXX hack for key_to_blob */
322 ret = mm_key_allowed(MM_RSAHOSTKEY, user, host, key);
323 key->type = KEY_RSA1;
324 return (ret);
325}
326
327static void
328mm_send_debug(Buffer *m)
329{
330 char *msg;
331
332 while (buffer_len(m)) {
333 msg = buffer_get_string(m, NULL);
334 debug3("%s: Sending debug: %s", __func__, msg);
335 packet_send_debug("%s", msg);
336 xfree(msg);
337 }
338}
339
340int
341mm_key_allowed(enum mm_keytype type, char *user, char *host, Key *key)
342{
343 Buffer m;
344 u_char *blob;
345 u_int len;
346 int allowed = 0, have_forced = 0;
347
348 debug3("%s entering", __func__);
349
350 /* Convert the key to a blob and the pass it over */
351 if (!key_to_blob(key, &blob, &len))
352 return (0);
353
354 buffer_init(&m);
355 buffer_put_int(&m, type);
356 buffer_put_cstring(&m, user ? user : "");
357 buffer_put_cstring(&m, host ? host : "");
358 buffer_put_string(&m, blob, len);
359 xfree(blob);
360
361 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYALLOWED, &m);
362
363 debug3("%s: waiting for MONITOR_ANS_KEYALLOWED", __func__);
364 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_KEYALLOWED, &m);
365
366 allowed = buffer_get_int(&m);
367
368 /* fake forced command */
369 auth_clear_options();
370 have_forced = buffer_get_int(&m);
371 forced_command = have_forced ? xstrdup("true") : NULL;
372
373 /* Send potential debug messages */
374 mm_send_debug(&m);
375
376 buffer_free(&m);
377
378 return (allowed);
379}
380
381/*
382 * This key verify needs to send the key type along, because the
383 * privileged parent makes the decision if the key is allowed
384 * for authentication.
385 */
386
387int
388mm_key_verify(Key *key, u_char *sig, u_int siglen, u_char *data, u_int datalen)
389{
390 Buffer m;
391 u_char *blob;
392 u_int len;
393 int verified = 0;
394
395 debug3("%s entering", __func__);
396
397 /* Convert the key to a blob and the pass it over */
398 if (!key_to_blob(key, &blob, &len))
399 return (0);
400
401 buffer_init(&m);
402 buffer_put_string(&m, blob, len);
403 buffer_put_string(&m, sig, siglen);
404 buffer_put_string(&m, data, datalen);
405 xfree(blob);
406
407 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYVERIFY, &m);
408
409 debug3("%s: waiting for MONITOR_ANS_KEYVERIFY", __func__);
410 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_KEYVERIFY, &m);
411
412 verified = buffer_get_int(&m);
413
414 buffer_free(&m);
415
416 return (verified);
417}
418
419/* Export key state after authentication */
420Newkeys *
421mm_newkeys_from_blob(u_char *blob, int blen)
422{
423 Buffer b;
424 u_int len;
425 Newkeys *newkey = NULL;
426 Enc *enc;
427 Mac *mac;
428 Comp *comp;
429
430 debug3("%s: %p(%d)", __func__, blob, blen);
431#ifdef DEBUG_PK
432 dump_base64(stderr, blob, blen);
433#endif
434 buffer_init(&b);
435 buffer_append(&b, blob, blen);
436
437 newkey = xmalloc(sizeof(*newkey));
438 enc = &newkey->enc;
439 mac = &newkey->mac;
440 comp = &newkey->comp;
441
442 /* Enc structure */
443 enc->name = buffer_get_string(&b, NULL);
444 buffer_get(&b, &enc->cipher, sizeof(enc->cipher));
445 enc->enabled = buffer_get_int(&b);
446 enc->block_size = buffer_get_int(&b);
447 enc->key = buffer_get_string(&b, &enc->key_len);
448 enc->iv = buffer_get_string(&b, &len);
449 if (len != enc->block_size)
450 fatal("%s: bad ivlen: expected %u != %u", __func__,
451 enc->block_size, len);
452
453 if (enc->name == NULL || cipher_by_name(enc->name) != enc->cipher)
454 fatal("%s: bad cipher name %s or pointer %p", __func__,
455 enc->name, enc->cipher);
456
457 /* Mac structure */
458 mac->name = buffer_get_string(&b, NULL);
459 if (mac->name == NULL || mac_init(mac, mac->name) == -1)
460 fatal("%s: can not init mac %s", __func__, mac->name);
461 mac->enabled = buffer_get_int(&b);
462 mac->key = buffer_get_string(&b, &len);
463 if (len > mac->key_len)
464 fatal("%s: bad mac key length: %u > %d", __func__, len,
465 mac->key_len);
466 mac->key_len = len;
467
468 /* Comp structure */
469 comp->type = buffer_get_int(&b);
470 comp->enabled = buffer_get_int(&b);
471 comp->name = buffer_get_string(&b, NULL);
472
473 len = buffer_len(&b);
474 if (len != 0)
475 error("newkeys_from_blob: remaining bytes in blob %u", len);
476 buffer_free(&b);
477 return (newkey);
478}
479
480int
481mm_newkeys_to_blob(int mode, u_char **blobp, u_int *lenp)
482{
483 Buffer b;
484 int len;
485 Enc *enc;
486 Mac *mac;
487 Comp *comp;
488 Newkeys *newkey = newkeys[mode];
489
490 debug3("%s: converting %p", __func__, newkey);
491
492 if (newkey == NULL) {
493 error("%s: newkey == NULL", __func__);
494 return 0;
495 }
496 enc = &newkey->enc;
497 mac = &newkey->mac;
498 comp = &newkey->comp;
499
500 buffer_init(&b);
501 /* Enc structure */
502 buffer_put_cstring(&b, enc->name);
503 /* The cipher struct is constant and shared, you export pointer */
504 buffer_append(&b, &enc->cipher, sizeof(enc->cipher));
505 buffer_put_int(&b, enc->enabled);
506 buffer_put_int(&b, enc->block_size);
507 buffer_put_string(&b, enc->key, enc->key_len);
508 packet_get_keyiv(mode, enc->iv, enc->block_size);
509 buffer_put_string(&b, enc->iv, enc->block_size);
510
511 /* Mac structure */
512 buffer_put_cstring(&b, mac->name);
513 buffer_put_int(&b, mac->enabled);
514 buffer_put_string(&b, mac->key, mac->key_len);
515
516 /* Comp structure */
517 buffer_put_int(&b, comp->type);
518 buffer_put_int(&b, comp->enabled);
519 buffer_put_cstring(&b, comp->name);
520
521 len = buffer_len(&b);
522 if (lenp != NULL)
523 *lenp = len;
524 if (blobp != NULL) {
525 *blobp = xmalloc(len);
526 memcpy(*blobp, buffer_ptr(&b), len);
527 }
528 memset(buffer_ptr(&b), 0, len);
529 buffer_free(&b);
530 return len;
531}
532
533static void
534mm_send_kex(Buffer *m, Kex *kex)
535{
536 buffer_put_string(m, kex->session_id, kex->session_id_len);
537 buffer_put_int(m, kex->we_need);
538 buffer_put_int(m, kex->hostkey_type);
539 buffer_put_int(m, kex->kex_type);
540 buffer_put_string(m, buffer_ptr(&kex->my), buffer_len(&kex->my));
541 buffer_put_string(m, buffer_ptr(&kex->peer), buffer_len(&kex->peer));
542 buffer_put_int(m, kex->flags);
543 buffer_put_cstring(m, kex->client_version_string);
544 buffer_put_cstring(m, kex->server_version_string);
545}
546
547void
| 209
210 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PWNAM, &m);
211
212 debug3("%s: waiting for MONITOR_ANS_PWNAM", __func__);
213 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PWNAM, &m);
214
215 if (buffer_get_char(&m) == 0) {
216 buffer_free(&m);
217 return (NULL);
218 }
219 pw = buffer_get_string(&m, &pwlen);
220 if (pwlen != sizeof(struct passwd))
221 fatal("%s: struct passwd size mismatch", __func__);
222 pw->pw_name = buffer_get_string(&m, NULL);
223 pw->pw_passwd = buffer_get_string(&m, NULL);
224 pw->pw_gecos = buffer_get_string(&m, NULL);
225#ifdef HAVE_PW_CLASS_IN_PASSWD
226 pw->pw_class = buffer_get_string(&m, NULL);
227#endif
228 pw->pw_dir = buffer_get_string(&m, NULL);
229 pw->pw_shell = buffer_get_string(&m, NULL);
230 buffer_free(&m);
231
232 return (pw);
233}
234
235char *
236mm_auth2_read_banner(void)
237{
238 Buffer m;
239 char *banner;
240
241 debug3("%s entering", __func__);
242
243 buffer_init(&m);
244 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTH2_READ_BANNER, &m);
245 buffer_clear(&m);
246
247 mm_request_receive_expect(pmonitor->m_recvfd,
248 MONITOR_ANS_AUTH2_READ_BANNER, &m);
249 banner = buffer_get_string(&m, NULL);
250 buffer_free(&m);
251
252 /* treat empty banner as missing banner */
253 if (strlen(banner) == 0) {
254 xfree(banner);
255 banner = NULL;
256 }
257 return (banner);
258}
259
260/* Inform the privileged process about service and style */
261
262void
263mm_inform_authserv(char *service, char *style)
264{
265 Buffer m;
266
267 debug3("%s entering", __func__);
268
269 buffer_init(&m);
270 buffer_put_cstring(&m, service);
271 buffer_put_cstring(&m, style ? style : "");
272
273 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHSERV, &m);
274
275 buffer_free(&m);
276}
277
278/* Do the password authentication */
279int
280mm_auth_password(Authctxt *authctxt, char *password)
281{
282 Buffer m;
283 int authenticated = 0;
284
285 debug3("%s entering", __func__);
286
287 buffer_init(&m);
288 buffer_put_cstring(&m, password);
289 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHPASSWORD, &m);
290
291 debug3("%s: waiting for MONITOR_ANS_AUTHPASSWORD", __func__);
292 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUTHPASSWORD, &m);
293
294 authenticated = buffer_get_int(&m);
295
296 buffer_free(&m);
297
298 debug3("%s: user %sauthenticated",
299 __func__, authenticated ? "" : "not ");
300 return (authenticated);
301}
302
303int
304mm_user_key_allowed(struct passwd *pw, Key *key)
305{
306 return (mm_key_allowed(MM_USERKEY, NULL, NULL, key));
307}
308
309int
310mm_hostbased_key_allowed(struct passwd *pw, char *user, char *host,
311 Key *key)
312{
313 return (mm_key_allowed(MM_HOSTKEY, user, host, key));
314}
315
316int
317mm_auth_rhosts_rsa_key_allowed(struct passwd *pw, char *user,
318 char *host, Key *key)
319{
320 int ret;
321
322 key->type = KEY_RSA; /* XXX hack for key_to_blob */
323 ret = mm_key_allowed(MM_RSAHOSTKEY, user, host, key);
324 key->type = KEY_RSA1;
325 return (ret);
326}
327
328static void
329mm_send_debug(Buffer *m)
330{
331 char *msg;
332
333 while (buffer_len(m)) {
334 msg = buffer_get_string(m, NULL);
335 debug3("%s: Sending debug: %s", __func__, msg);
336 packet_send_debug("%s", msg);
337 xfree(msg);
338 }
339}
340
341int
342mm_key_allowed(enum mm_keytype type, char *user, char *host, Key *key)
343{
344 Buffer m;
345 u_char *blob;
346 u_int len;
347 int allowed = 0, have_forced = 0;
348
349 debug3("%s entering", __func__);
350
351 /* Convert the key to a blob and the pass it over */
352 if (!key_to_blob(key, &blob, &len))
353 return (0);
354
355 buffer_init(&m);
356 buffer_put_int(&m, type);
357 buffer_put_cstring(&m, user ? user : "");
358 buffer_put_cstring(&m, host ? host : "");
359 buffer_put_string(&m, blob, len);
360 xfree(blob);
361
362 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYALLOWED, &m);
363
364 debug3("%s: waiting for MONITOR_ANS_KEYALLOWED", __func__);
365 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_KEYALLOWED, &m);
366
367 allowed = buffer_get_int(&m);
368
369 /* fake forced command */
370 auth_clear_options();
371 have_forced = buffer_get_int(&m);
372 forced_command = have_forced ? xstrdup("true") : NULL;
373
374 /* Send potential debug messages */
375 mm_send_debug(&m);
376
377 buffer_free(&m);
378
379 return (allowed);
380}
381
382/*
383 * This key verify needs to send the key type along, because the
384 * privileged parent makes the decision if the key is allowed
385 * for authentication.
386 */
387
388int
389mm_key_verify(Key *key, u_char *sig, u_int siglen, u_char *data, u_int datalen)
390{
391 Buffer m;
392 u_char *blob;
393 u_int len;
394 int verified = 0;
395
396 debug3("%s entering", __func__);
397
398 /* Convert the key to a blob and the pass it over */
399 if (!key_to_blob(key, &blob, &len))
400 return (0);
401
402 buffer_init(&m);
403 buffer_put_string(&m, blob, len);
404 buffer_put_string(&m, sig, siglen);
405 buffer_put_string(&m, data, datalen);
406 xfree(blob);
407
408 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYVERIFY, &m);
409
410 debug3("%s: waiting for MONITOR_ANS_KEYVERIFY", __func__);
411 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_KEYVERIFY, &m);
412
413 verified = buffer_get_int(&m);
414
415 buffer_free(&m);
416
417 return (verified);
418}
419
420/* Export key state after authentication */
421Newkeys *
422mm_newkeys_from_blob(u_char *blob, int blen)
423{
424 Buffer b;
425 u_int len;
426 Newkeys *newkey = NULL;
427 Enc *enc;
428 Mac *mac;
429 Comp *comp;
430
431 debug3("%s: %p(%d)", __func__, blob, blen);
432#ifdef DEBUG_PK
433 dump_base64(stderr, blob, blen);
434#endif
435 buffer_init(&b);
436 buffer_append(&b, blob, blen);
437
438 newkey = xmalloc(sizeof(*newkey));
439 enc = &newkey->enc;
440 mac = &newkey->mac;
441 comp = &newkey->comp;
442
443 /* Enc structure */
444 enc->name = buffer_get_string(&b, NULL);
445 buffer_get(&b, &enc->cipher, sizeof(enc->cipher));
446 enc->enabled = buffer_get_int(&b);
447 enc->block_size = buffer_get_int(&b);
448 enc->key = buffer_get_string(&b, &enc->key_len);
449 enc->iv = buffer_get_string(&b, &len);
450 if (len != enc->block_size)
451 fatal("%s: bad ivlen: expected %u != %u", __func__,
452 enc->block_size, len);
453
454 if (enc->name == NULL || cipher_by_name(enc->name) != enc->cipher)
455 fatal("%s: bad cipher name %s or pointer %p", __func__,
456 enc->name, enc->cipher);
457
458 /* Mac structure */
459 mac->name = buffer_get_string(&b, NULL);
460 if (mac->name == NULL || mac_init(mac, mac->name) == -1)
461 fatal("%s: can not init mac %s", __func__, mac->name);
462 mac->enabled = buffer_get_int(&b);
463 mac->key = buffer_get_string(&b, &len);
464 if (len > mac->key_len)
465 fatal("%s: bad mac key length: %u > %d", __func__, len,
466 mac->key_len);
467 mac->key_len = len;
468
469 /* Comp structure */
470 comp->type = buffer_get_int(&b);
471 comp->enabled = buffer_get_int(&b);
472 comp->name = buffer_get_string(&b, NULL);
473
474 len = buffer_len(&b);
475 if (len != 0)
476 error("newkeys_from_blob: remaining bytes in blob %u", len);
477 buffer_free(&b);
478 return (newkey);
479}
480
481int
482mm_newkeys_to_blob(int mode, u_char **blobp, u_int *lenp)
483{
484 Buffer b;
485 int len;
486 Enc *enc;
487 Mac *mac;
488 Comp *comp;
489 Newkeys *newkey = newkeys[mode];
490
491 debug3("%s: converting %p", __func__, newkey);
492
493 if (newkey == NULL) {
494 error("%s: newkey == NULL", __func__);
495 return 0;
496 }
497 enc = &newkey->enc;
498 mac = &newkey->mac;
499 comp = &newkey->comp;
500
501 buffer_init(&b);
502 /* Enc structure */
503 buffer_put_cstring(&b, enc->name);
504 /* The cipher struct is constant and shared, you export pointer */
505 buffer_append(&b, &enc->cipher, sizeof(enc->cipher));
506 buffer_put_int(&b, enc->enabled);
507 buffer_put_int(&b, enc->block_size);
508 buffer_put_string(&b, enc->key, enc->key_len);
509 packet_get_keyiv(mode, enc->iv, enc->block_size);
510 buffer_put_string(&b, enc->iv, enc->block_size);
511
512 /* Mac structure */
513 buffer_put_cstring(&b, mac->name);
514 buffer_put_int(&b, mac->enabled);
515 buffer_put_string(&b, mac->key, mac->key_len);
516
517 /* Comp structure */
518 buffer_put_int(&b, comp->type);
519 buffer_put_int(&b, comp->enabled);
520 buffer_put_cstring(&b, comp->name);
521
522 len = buffer_len(&b);
523 if (lenp != NULL)
524 *lenp = len;
525 if (blobp != NULL) {
526 *blobp = xmalloc(len);
527 memcpy(*blobp, buffer_ptr(&b), len);
528 }
529 memset(buffer_ptr(&b), 0, len);
530 buffer_free(&b);
531 return len;
532}
533
534static void
535mm_send_kex(Buffer *m, Kex *kex)
536{
537 buffer_put_string(m, kex->session_id, kex->session_id_len);
538 buffer_put_int(m, kex->we_need);
539 buffer_put_int(m, kex->hostkey_type);
540 buffer_put_int(m, kex->kex_type);
541 buffer_put_string(m, buffer_ptr(&kex->my), buffer_len(&kex->my));
542 buffer_put_string(m, buffer_ptr(&kex->peer), buffer_len(&kex->peer));
543 buffer_put_int(m, kex->flags);
544 buffer_put_cstring(m, kex->client_version_string);
545 buffer_put_cstring(m, kex->server_version_string);
546}
547
548void
|
548mm_send_keystate(struct monitor *pmonitor)
| 549mm_send_keystate(struct monitor *monitor)
|
549{
550 Buffer m;
551 u_char *blob, *p;
552 u_int bloblen, plen;
553 u_int32_t seqnr, packets;
554 u_int64_t blocks;
555
556 buffer_init(&m);
557
558 if (!compat20) {
559 u_char iv[24];
560 u_char *key;
561 u_int ivlen, keylen;
562
563 buffer_put_int(&m, packet_get_protocol_flags());
564
565 buffer_put_int(&m, packet_get_ssh1_cipher());
566
567 debug3("%s: Sending ssh1 KEY+IV", __func__);
568 keylen = packet_get_encryption_key(NULL);
569 key = xmalloc(keylen+1); /* add 1 if keylen == 0 */
570 keylen = packet_get_encryption_key(key);
571 buffer_put_string(&m, key, keylen);
572 memset(key, 0, keylen);
573 xfree(key);
574
575 ivlen = packet_get_keyiv_len(MODE_OUT);
576 packet_get_keyiv(MODE_OUT, iv, ivlen);
577 buffer_put_string(&m, iv, ivlen);
578 ivlen = packet_get_keyiv_len(MODE_OUT);
579 packet_get_keyiv(MODE_IN, iv, ivlen);
580 buffer_put_string(&m, iv, ivlen);
581 goto skip;
582 } else {
583 /* Kex for rekeying */
| 550{
551 Buffer m;
552 u_char *blob, *p;
553 u_int bloblen, plen;
554 u_int32_t seqnr, packets;
555 u_int64_t blocks;
556
557 buffer_init(&m);
558
559 if (!compat20) {
560 u_char iv[24];
561 u_char *key;
562 u_int ivlen, keylen;
563
564 buffer_put_int(&m, packet_get_protocol_flags());
565
566 buffer_put_int(&m, packet_get_ssh1_cipher());
567
568 debug3("%s: Sending ssh1 KEY+IV", __func__);
569 keylen = packet_get_encryption_key(NULL);
570 key = xmalloc(keylen+1); /* add 1 if keylen == 0 */
571 keylen = packet_get_encryption_key(key);
572 buffer_put_string(&m, key, keylen);
573 memset(key, 0, keylen);
574 xfree(key);
575
576 ivlen = packet_get_keyiv_len(MODE_OUT);
577 packet_get_keyiv(MODE_OUT, iv, ivlen);
578 buffer_put_string(&m, iv, ivlen);
579 ivlen = packet_get_keyiv_len(MODE_OUT);
580 packet_get_keyiv(MODE_IN, iv, ivlen);
581 buffer_put_string(&m, iv, ivlen);
582 goto skip;
583 } else {
584 /* Kex for rekeying */
|
584 mm_send_kex(&m, *pmonitor->m_pkex);
| 585 mm_send_kex(&m, *monitor->m_pkex);
|
585 }
586
587 debug3("%s: Sending new keys: %p %p",
588 __func__, newkeys[MODE_OUT], newkeys[MODE_IN]);
589
590 /* Keys from Kex */
591 if (!mm_newkeys_to_blob(MODE_OUT, &blob, &bloblen))
592 fatal("%s: conversion of newkeys failed", __func__);
593
594 buffer_put_string(&m, blob, bloblen);
595 xfree(blob);
596
597 if (!mm_newkeys_to_blob(MODE_IN, &blob, &bloblen))
598 fatal("%s: conversion of newkeys failed", __func__);
599
600 buffer_put_string(&m, blob, bloblen);
601 xfree(blob);
602
603 packet_get_state(MODE_OUT, &seqnr, &blocks, &packets);
604 buffer_put_int(&m, seqnr);
605 buffer_put_int64(&m, blocks);
606 buffer_put_int(&m, packets);
607 packet_get_state(MODE_IN, &seqnr, &blocks, &packets);
608 buffer_put_int(&m, seqnr);
609 buffer_put_int64(&m, blocks);
610 buffer_put_int(&m, packets);
611
612 debug3("%s: New keys have been sent", __func__);
613 skip:
614 /* More key context */
615 plen = packet_get_keycontext(MODE_OUT, NULL);
616 p = xmalloc(plen+1);
617 packet_get_keycontext(MODE_OUT, p);
618 buffer_put_string(&m, p, plen);
619 xfree(p);
620
621 plen = packet_get_keycontext(MODE_IN, NULL);
622 p = xmalloc(plen+1);
623 packet_get_keycontext(MODE_IN, p);
624 buffer_put_string(&m, p, plen);
625 xfree(p);
626
627 /* Compression state */
628 debug3("%s: Sending compression state", __func__);
629 buffer_put_string(&m, &outgoing_stream, sizeof(outgoing_stream));
630 buffer_put_string(&m, &incoming_stream, sizeof(incoming_stream));
631
632 /* Network I/O buffers */
633 buffer_put_string(&m, buffer_ptr(&input), buffer_len(&input));
634 buffer_put_string(&m, buffer_ptr(&output), buffer_len(&output));
635
| 586 }
587
588 debug3("%s: Sending new keys: %p %p",
589 __func__, newkeys[MODE_OUT], newkeys[MODE_IN]);
590
591 /* Keys from Kex */
592 if (!mm_newkeys_to_blob(MODE_OUT, &blob, &bloblen))
593 fatal("%s: conversion of newkeys failed", __func__);
594
595 buffer_put_string(&m, blob, bloblen);
596 xfree(blob);
597
598 if (!mm_newkeys_to_blob(MODE_IN, &blob, &bloblen))
599 fatal("%s: conversion of newkeys failed", __func__);
600
601 buffer_put_string(&m, blob, bloblen);
602 xfree(blob);
603
604 packet_get_state(MODE_OUT, &seqnr, &blocks, &packets);
605 buffer_put_int(&m, seqnr);
606 buffer_put_int64(&m, blocks);
607 buffer_put_int(&m, packets);
608 packet_get_state(MODE_IN, &seqnr, &blocks, &packets);
609 buffer_put_int(&m, seqnr);
610 buffer_put_int64(&m, blocks);
611 buffer_put_int(&m, packets);
612
613 debug3("%s: New keys have been sent", __func__);
614 skip:
615 /* More key context */
616 plen = packet_get_keycontext(MODE_OUT, NULL);
617 p = xmalloc(plen+1);
618 packet_get_keycontext(MODE_OUT, p);
619 buffer_put_string(&m, p, plen);
620 xfree(p);
621
622 plen = packet_get_keycontext(MODE_IN, NULL);
623 p = xmalloc(plen+1);
624 packet_get_keycontext(MODE_IN, p);
625 buffer_put_string(&m, p, plen);
626 xfree(p);
627
628 /* Compression state */
629 debug3("%s: Sending compression state", __func__);
630 buffer_put_string(&m, &outgoing_stream, sizeof(outgoing_stream));
631 buffer_put_string(&m, &incoming_stream, sizeof(incoming_stream));
632
633 /* Network I/O buffers */
634 buffer_put_string(&m, buffer_ptr(&input), buffer_len(&input));
635 buffer_put_string(&m, buffer_ptr(&output), buffer_len(&output));
636
|
636 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYEXPORT, &m);
| 637 mm_request_send(monitor->m_recvfd, MONITOR_REQ_KEYEXPORT, &m);
|
637 debug3("%s: Finished sending state", __func__);
638
639 buffer_free(&m);
640}
641
642int
643mm_pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, int namebuflen)
644{
645 Buffer m;
| 638 debug3("%s: Finished sending state", __func__);
639
640 buffer_free(&m);
641}
642
643int
644mm_pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, int namebuflen)
645{
646 Buffer m;
|
646 char *p;
| 647 char *p, *msg;
|
647 int success = 0;
648
649 buffer_init(&m);
650 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PTY, &m);
651
652 debug3("%s: waiting for MONITOR_ANS_PTY", __func__);
653 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PTY, &m);
654
655 success = buffer_get_int(&m);
656 if (success == 0) {
657 debug3("%s: pty alloc failed", __func__);
658 buffer_free(&m);
659 return (0);
660 }
661 p = buffer_get_string(&m, NULL);
| 648 int success = 0;
649
650 buffer_init(&m);
651 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PTY, &m);
652
653 debug3("%s: waiting for MONITOR_ANS_PTY", __func__);
654 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PTY, &m);
655
656 success = buffer_get_int(&m);
657 if (success == 0) {
658 debug3("%s: pty alloc failed", __func__);
659 buffer_free(&m);
660 return (0);
661 }
662 p = buffer_get_string(&m, NULL);
|
| 663 msg = buffer_get_string(&m, NULL);
|
662 buffer_free(&m);
663
664 strlcpy(namebuf, p, namebuflen); /* Possible truncation */
665 xfree(p);
666
| 664 buffer_free(&m);
665
666 strlcpy(namebuf, p, namebuflen); /* Possible truncation */
667 xfree(p);
668
|
| 669 buffer_append(&loginmsg, msg, strlen(msg));
670 xfree(msg);
671
|
667 *ptyfd = mm_receive_fd(pmonitor->m_recvfd);
668 *ttyfd = mm_receive_fd(pmonitor->m_recvfd);
669
670 /* Success */
671 return (1);
672}
673
674void
675mm_session_pty_cleanup2(Session *s)
676{
677 Buffer m;
678
679 if (s->ttyfd == -1)
680 return;
681 buffer_init(&m);
682 buffer_put_cstring(&m, s->tty);
683 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PTYCLEANUP, &m);
684 buffer_free(&m);
685
686 /* closed dup'ed master */
687 if (close(s->ptymaster) < 0)
688 error("close(s->ptymaster): %s", strerror(errno));
689
690 /* unlink pty from session */
691 s->ttyfd = -1;
692}
693
694#ifdef USE_PAM
695void
696mm_start_pam(Authctxt *authctxt)
697{
698 Buffer m;
699
700 debug3("%s entering", __func__);
701 if (!options.use_pam)
702 fatal("UsePAM=no, but ended up in %s anyway", __func__);
703
704 buffer_init(&m);
705 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_START, &m);
706
707 buffer_free(&m);
708}
709
710u_int
711mm_do_pam_account(void)
712{
713 Buffer m;
714 u_int ret;
715
716 debug3("%s entering", __func__);
717 if (!options.use_pam)
718 fatal("UsePAM=no, but ended up in %s anyway", __func__);
719
720 buffer_init(&m);
721 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_ACCOUNT, &m);
722
723 mm_request_receive_expect(pmonitor->m_recvfd,
724 MONITOR_ANS_PAM_ACCOUNT, &m);
725 ret = buffer_get_int(&m);
726
727 buffer_free(&m);
728
729 debug3("%s returning %d", __func__, ret);
730
731 return (ret);
732}
733
734void *
735mm_sshpam_init_ctx(Authctxt *authctxt)
736{
737 Buffer m;
738 int success;
739
740 debug3("%s", __func__);
741 buffer_init(&m);
742 buffer_put_cstring(&m, authctxt->user);
743 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_INIT_CTX, &m);
744 debug3("%s: waiting for MONITOR_ANS_PAM_INIT_CTX", __func__);
745 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_INIT_CTX, &m);
746 success = buffer_get_int(&m);
747 if (success == 0) {
748 debug3("%s: pam_init_ctx failed", __func__);
749 buffer_free(&m);
750 return (NULL);
751 }
752 buffer_free(&m);
753 return (authctxt);
754}
755
756int
757mm_sshpam_query(void *ctx, char **name, char **info,
758 u_int *num, char ***prompts, u_int **echo_on)
759{
760 Buffer m;
761 int i, ret;
762
763 debug3("%s", __func__);
764 buffer_init(&m);
765 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_QUERY, &m);
766 debug3("%s: waiting for MONITOR_ANS_PAM_QUERY", __func__);
767 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_QUERY, &m);
768 ret = buffer_get_int(&m);
769 debug3("%s: pam_query returned %d", __func__, ret);
770 *name = buffer_get_string(&m, NULL);
771 *info = buffer_get_string(&m, NULL);
772 *num = buffer_get_int(&m);
773 *prompts = xmalloc((*num + 1) * sizeof(char *));
774 *echo_on = xmalloc((*num + 1) * sizeof(u_int));
775 for (i = 0; i < *num; ++i) {
776 (*prompts)[i] = buffer_get_string(&m, NULL);
777 (*echo_on)[i] = buffer_get_int(&m);
778 }
779 buffer_free(&m);
780 return (ret);
781}
782
783int
784mm_sshpam_respond(void *ctx, u_int num, char **resp)
785{
786 Buffer m;
787 int i, ret;
788
789 debug3("%s", __func__);
790 buffer_init(&m);
791 buffer_put_int(&m, num);
792 for (i = 0; i < num; ++i)
793 buffer_put_cstring(&m, resp[i]);
794 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_RESPOND, &m);
795 debug3("%s: waiting for MONITOR_ANS_PAM_RESPOND", __func__);
796 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_RESPOND, &m);
797 ret = buffer_get_int(&m);
798 debug3("%s: pam_respond returned %d", __func__, ret);
799 buffer_free(&m);
800 return (ret);
801}
802
803void
804mm_sshpam_free_ctx(void *ctxtp)
805{
806 Buffer m;
807
808 debug3("%s", __func__);
809 buffer_init(&m);
810 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_FREE_CTX, &m);
811 debug3("%s: waiting for MONITOR_ANS_PAM_FREE_CTX", __func__);
812 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_FREE_CTX, &m);
813 buffer_free(&m);
814}
815#endif /* USE_PAM */
816
817/* Request process termination */
818
819void
820mm_terminate(void)
821{
822 Buffer m;
823
824 buffer_init(&m);
825 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_TERM, &m);
826 buffer_free(&m);
827}
828
829int
830mm_ssh1_session_key(BIGNUM *num)
831{
832 int rsafail;
833 Buffer m;
834
835 buffer_init(&m);
836 buffer_put_bignum2(&m, num);
837 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SESSKEY, &m);
838
839 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_SESSKEY, &m);
840
841 rsafail = buffer_get_int(&m);
842 buffer_get_bignum2(&m, num);
843
844 buffer_free(&m);
845
846 return (rsafail);
847}
848
849static void
850mm_chall_setup(char **name, char **infotxt, u_int *numprompts,
851 char ***prompts, u_int **echo_on)
852{
853 *name = xstrdup("");
854 *infotxt = xstrdup("");
855 *numprompts = 1;
856 *prompts = xmalloc(*numprompts * sizeof(char *));
857 *echo_on = xmalloc(*numprompts * sizeof(u_int));
858 (*echo_on)[0] = 0;
859}
860
861int
862mm_bsdauth_query(void *ctx, char **name, char **infotxt,
863 u_int *numprompts, char ***prompts, u_int **echo_on)
864{
865 Buffer m;
866 u_int success;
867 char *challenge;
868
869 debug3("%s: entering", __func__);
870
871 buffer_init(&m);
872 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_BSDAUTHQUERY, &m);
873
874 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_BSDAUTHQUERY,
875 &m);
876 success = buffer_get_int(&m);
877 if (success == 0) {
878 debug3("%s: no challenge", __func__);
879 buffer_free(&m);
880 return (-1);
881 }
882
883 /* Get the challenge, and format the response */
884 challenge = buffer_get_string(&m, NULL);
885 buffer_free(&m);
886
887 mm_chall_setup(name, infotxt, numprompts, prompts, echo_on);
888 (*prompts)[0] = challenge;
889
890 debug3("%s: received challenge: %s", __func__, challenge);
891
892 return (0);
893}
894
895int
896mm_bsdauth_respond(void *ctx, u_int numresponses, char **responses)
897{
898 Buffer m;
899 int authok;
900
901 debug3("%s: entering", __func__);
902 if (numresponses != 1)
903 return (-1);
904
905 buffer_init(&m);
906 buffer_put_cstring(&m, responses[0]);
907 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_BSDAUTHRESPOND, &m);
908
909 mm_request_receive_expect(pmonitor->m_recvfd,
910 MONITOR_ANS_BSDAUTHRESPOND, &m);
911
912 authok = buffer_get_int(&m);
913 buffer_free(&m);
914
915 return ((authok == 0) ? -1 : 0);
916}
917
918#ifdef SKEY
919int
920mm_skey_query(void *ctx, char **name, char **infotxt,
921 u_int *numprompts, char ***prompts, u_int **echo_on)
922{
923 Buffer m;
924 int len;
925 u_int success;
926 char *p, *challenge;
927
928 debug3("%s: entering", __func__);
929
930 buffer_init(&m);
931 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SKEYQUERY, &m);
932
933 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_SKEYQUERY,
934 &m);
935 success = buffer_get_int(&m);
936 if (success == 0) {
937 debug3("%s: no challenge", __func__);
938 buffer_free(&m);
939 return (-1);
940 }
941
942 /* Get the challenge, and format the response */
943 challenge = buffer_get_string(&m, NULL);
944 buffer_free(&m);
945
946 debug3("%s: received challenge: %s", __func__, challenge);
947
948 mm_chall_setup(name, infotxt, numprompts, prompts, echo_on);
949
950 len = strlen(challenge) + strlen(SKEY_PROMPT) + 1;
951 p = xmalloc(len);
952 strlcpy(p, challenge, len);
953 strlcat(p, SKEY_PROMPT, len);
954 (*prompts)[0] = p;
955 xfree(challenge);
956
957 return (0);
958}
959
960int
961mm_skey_respond(void *ctx, u_int numresponses, char **responses)
962{
963 Buffer m;
964 int authok;
965
966 debug3("%s: entering", __func__);
967 if (numresponses != 1)
968 return (-1);
969
970 buffer_init(&m);
971 buffer_put_cstring(&m, responses[0]);
972 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SKEYRESPOND, &m);
973
974 mm_request_receive_expect(pmonitor->m_recvfd,
975 MONITOR_ANS_SKEYRESPOND, &m);
976
977 authok = buffer_get_int(&m);
978 buffer_free(&m);
979
980 return ((authok == 0) ? -1 : 0);
981}
| 672 *ptyfd = mm_receive_fd(pmonitor->m_recvfd);
673 *ttyfd = mm_receive_fd(pmonitor->m_recvfd);
674
675 /* Success */
676 return (1);
677}
678
679void
680mm_session_pty_cleanup2(Session *s)
681{
682 Buffer m;
683
684 if (s->ttyfd == -1)
685 return;
686 buffer_init(&m);
687 buffer_put_cstring(&m, s->tty);
688 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PTYCLEANUP, &m);
689 buffer_free(&m);
690
691 /* closed dup'ed master */
692 if (close(s->ptymaster) < 0)
693 error("close(s->ptymaster): %s", strerror(errno));
694
695 /* unlink pty from session */
696 s->ttyfd = -1;
697}
698
699#ifdef USE_PAM
700void
701mm_start_pam(Authctxt *authctxt)
702{
703 Buffer m;
704
705 debug3("%s entering", __func__);
706 if (!options.use_pam)
707 fatal("UsePAM=no, but ended up in %s anyway", __func__);
708
709 buffer_init(&m);
710 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_START, &m);
711
712 buffer_free(&m);
713}
714
715u_int
716mm_do_pam_account(void)
717{
718 Buffer m;
719 u_int ret;
720
721 debug3("%s entering", __func__);
722 if (!options.use_pam)
723 fatal("UsePAM=no, but ended up in %s anyway", __func__);
724
725 buffer_init(&m);
726 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_ACCOUNT, &m);
727
728 mm_request_receive_expect(pmonitor->m_recvfd,
729 MONITOR_ANS_PAM_ACCOUNT, &m);
730 ret = buffer_get_int(&m);
731
732 buffer_free(&m);
733
734 debug3("%s returning %d", __func__, ret);
735
736 return (ret);
737}
738
739void *
740mm_sshpam_init_ctx(Authctxt *authctxt)
741{
742 Buffer m;
743 int success;
744
745 debug3("%s", __func__);
746 buffer_init(&m);
747 buffer_put_cstring(&m, authctxt->user);
748 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_INIT_CTX, &m);
749 debug3("%s: waiting for MONITOR_ANS_PAM_INIT_CTX", __func__);
750 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_INIT_CTX, &m);
751 success = buffer_get_int(&m);
752 if (success == 0) {
753 debug3("%s: pam_init_ctx failed", __func__);
754 buffer_free(&m);
755 return (NULL);
756 }
757 buffer_free(&m);
758 return (authctxt);
759}
760
761int
762mm_sshpam_query(void *ctx, char **name, char **info,
763 u_int *num, char ***prompts, u_int **echo_on)
764{
765 Buffer m;
766 int i, ret;
767
768 debug3("%s", __func__);
769 buffer_init(&m);
770 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_QUERY, &m);
771 debug3("%s: waiting for MONITOR_ANS_PAM_QUERY", __func__);
772 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_QUERY, &m);
773 ret = buffer_get_int(&m);
774 debug3("%s: pam_query returned %d", __func__, ret);
775 *name = buffer_get_string(&m, NULL);
776 *info = buffer_get_string(&m, NULL);
777 *num = buffer_get_int(&m);
778 *prompts = xmalloc((*num + 1) * sizeof(char *));
779 *echo_on = xmalloc((*num + 1) * sizeof(u_int));
780 for (i = 0; i < *num; ++i) {
781 (*prompts)[i] = buffer_get_string(&m, NULL);
782 (*echo_on)[i] = buffer_get_int(&m);
783 }
784 buffer_free(&m);
785 return (ret);
786}
787
788int
789mm_sshpam_respond(void *ctx, u_int num, char **resp)
790{
791 Buffer m;
792 int i, ret;
793
794 debug3("%s", __func__);
795 buffer_init(&m);
796 buffer_put_int(&m, num);
797 for (i = 0; i < num; ++i)
798 buffer_put_cstring(&m, resp[i]);
799 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_RESPOND, &m);
800 debug3("%s: waiting for MONITOR_ANS_PAM_RESPOND", __func__);
801 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_RESPOND, &m);
802 ret = buffer_get_int(&m);
803 debug3("%s: pam_respond returned %d", __func__, ret);
804 buffer_free(&m);
805 return (ret);
806}
807
808void
809mm_sshpam_free_ctx(void *ctxtp)
810{
811 Buffer m;
812
813 debug3("%s", __func__);
814 buffer_init(&m);
815 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_FREE_CTX, &m);
816 debug3("%s: waiting for MONITOR_ANS_PAM_FREE_CTX", __func__);
817 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_FREE_CTX, &m);
818 buffer_free(&m);
819}
820#endif /* USE_PAM */
821
822/* Request process termination */
823
824void
825mm_terminate(void)
826{
827 Buffer m;
828
829 buffer_init(&m);
830 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_TERM, &m);
831 buffer_free(&m);
832}
833
834int
835mm_ssh1_session_key(BIGNUM *num)
836{
837 int rsafail;
838 Buffer m;
839
840 buffer_init(&m);
841 buffer_put_bignum2(&m, num);
842 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SESSKEY, &m);
843
844 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_SESSKEY, &m);
845
846 rsafail = buffer_get_int(&m);
847 buffer_get_bignum2(&m, num);
848
849 buffer_free(&m);
850
851 return (rsafail);
852}
853
854static void
855mm_chall_setup(char **name, char **infotxt, u_int *numprompts,
856 char ***prompts, u_int **echo_on)
857{
858 *name = xstrdup("");
859 *infotxt = xstrdup("");
860 *numprompts = 1;
861 *prompts = xmalloc(*numprompts * sizeof(char *));
862 *echo_on = xmalloc(*numprompts * sizeof(u_int));
863 (*echo_on)[0] = 0;
864}
865
866int
867mm_bsdauth_query(void *ctx, char **name, char **infotxt,
868 u_int *numprompts, char ***prompts, u_int **echo_on)
869{
870 Buffer m;
871 u_int success;
872 char *challenge;
873
874 debug3("%s: entering", __func__);
875
876 buffer_init(&m);
877 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_BSDAUTHQUERY, &m);
878
879 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_BSDAUTHQUERY,
880 &m);
881 success = buffer_get_int(&m);
882 if (success == 0) {
883 debug3("%s: no challenge", __func__);
884 buffer_free(&m);
885 return (-1);
886 }
887
888 /* Get the challenge, and format the response */
889 challenge = buffer_get_string(&m, NULL);
890 buffer_free(&m);
891
892 mm_chall_setup(name, infotxt, numprompts, prompts, echo_on);
893 (*prompts)[0] = challenge;
894
895 debug3("%s: received challenge: %s", __func__, challenge);
896
897 return (0);
898}
899
900int
901mm_bsdauth_respond(void *ctx, u_int numresponses, char **responses)
902{
903 Buffer m;
904 int authok;
905
906 debug3("%s: entering", __func__);
907 if (numresponses != 1)
908 return (-1);
909
910 buffer_init(&m);
911 buffer_put_cstring(&m, responses[0]);
912 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_BSDAUTHRESPOND, &m);
913
914 mm_request_receive_expect(pmonitor->m_recvfd,
915 MONITOR_ANS_BSDAUTHRESPOND, &m);
916
917 authok = buffer_get_int(&m);
918 buffer_free(&m);
919
920 return ((authok == 0) ? -1 : 0);
921}
922
923#ifdef SKEY
924int
925mm_skey_query(void *ctx, char **name, char **infotxt,
926 u_int *numprompts, char ***prompts, u_int **echo_on)
927{
928 Buffer m;
929 int len;
930 u_int success;
931 char *p, *challenge;
932
933 debug3("%s: entering", __func__);
934
935 buffer_init(&m);
936 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SKEYQUERY, &m);
937
938 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_SKEYQUERY,
939 &m);
940 success = buffer_get_int(&m);
941 if (success == 0) {
942 debug3("%s: no challenge", __func__);
943 buffer_free(&m);
944 return (-1);
945 }
946
947 /* Get the challenge, and format the response */
948 challenge = buffer_get_string(&m, NULL);
949 buffer_free(&m);
950
951 debug3("%s: received challenge: %s", __func__, challenge);
952
953 mm_chall_setup(name, infotxt, numprompts, prompts, echo_on);
954
955 len = strlen(challenge) + strlen(SKEY_PROMPT) + 1;
956 p = xmalloc(len);
957 strlcpy(p, challenge, len);
958 strlcat(p, SKEY_PROMPT, len);
959 (*prompts)[0] = p;
960 xfree(challenge);
961
962 return (0);
963}
964
965int
966mm_skey_respond(void *ctx, u_int numresponses, char **responses)
967{
968 Buffer m;
969 int authok;
970
971 debug3("%s: entering", __func__);
972 if (numresponses != 1)
973 return (-1);
974
975 buffer_init(&m);
976 buffer_put_cstring(&m, responses[0]);
977 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SKEYRESPOND, &m);
978
979 mm_request_receive_expect(pmonitor->m_recvfd,
980 MONITOR_ANS_SKEYRESPOND, &m);
981
982 authok = buffer_get_int(&m);
983 buffer_free(&m);
984
985 return ((authok == 0) ? -1 : 0);
986}
|
982#endif
| 987#endif /* SKEY */
|
983
984void
985mm_ssh1_session_id(u_char session_id[16])
986{
987 Buffer m;
988 int i;
989
990 debug3("%s entering", __func__);
991
992 buffer_init(&m);
993 for (i = 0; i < 16; i++)
994 buffer_put_char(&m, session_id[i]);
995
996 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SESSID, &m);
997 buffer_free(&m);
998}
999
1000int
1001mm_auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
1002{
1003 Buffer m;
1004 Key *key;
1005 u_char *blob;
1006 u_int blen;
1007 int allowed = 0, have_forced = 0;
1008
1009 debug3("%s entering", __func__);
1010
1011 buffer_init(&m);
1012 buffer_put_bignum2(&m, client_n);
1013
1014 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_RSAKEYALLOWED, &m);
1015 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_RSAKEYALLOWED, &m);
1016
1017 allowed = buffer_get_int(&m);
1018
1019 /* fake forced command */
1020 auth_clear_options();
1021 have_forced = buffer_get_int(&m);
1022 forced_command = have_forced ? xstrdup("true") : NULL;
1023
1024 if (allowed && rkey != NULL) {
1025 blob = buffer_get_string(&m, &blen);
1026 if ((key = key_from_blob(blob, blen)) == NULL)
1027 fatal("%s: key_from_blob failed", __func__);
1028 *rkey = key;
1029 xfree(blob);
1030 }
1031 mm_send_debug(&m);
1032 buffer_free(&m);
1033
1034 return (allowed);
1035}
1036
1037BIGNUM *
1038mm_auth_rsa_generate_challenge(Key *key)
1039{
1040 Buffer m;
1041 BIGNUM *challenge;
1042 u_char *blob;
1043 u_int blen;
1044
1045 debug3("%s entering", __func__);
1046
1047 if ((challenge = BN_new()) == NULL)
1048 fatal("%s: BN_new failed", __func__);
1049
1050 key->type = KEY_RSA; /* XXX cheat for key_to_blob */
1051 if (key_to_blob(key, &blob, &blen) == 0)
1052 fatal("%s: key_to_blob failed", __func__);
1053 key->type = KEY_RSA1;
1054
1055 buffer_init(&m);
1056 buffer_put_string(&m, blob, blen);
1057 xfree(blob);
1058
1059 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_RSACHALLENGE, &m);
1060 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_RSACHALLENGE, &m);
1061
1062 buffer_get_bignum2(&m, challenge);
1063 buffer_free(&m);
1064
1065 return (challenge);
1066}
1067
1068int
1069mm_auth_rsa_verify_response(Key *key, BIGNUM *p, u_char response[16])
1070{
1071 Buffer m;
1072 u_char *blob;
1073 u_int blen;
1074 int success = 0;
1075
1076 debug3("%s entering", __func__);
1077
1078 key->type = KEY_RSA; /* XXX cheat for key_to_blob */
1079 if (key_to_blob(key, &blob, &blen) == 0)
1080 fatal("%s: key_to_blob failed", __func__);
1081 key->type = KEY_RSA1;
1082
1083 buffer_init(&m);
1084 buffer_put_string(&m, blob, blen);
1085 buffer_put_string(&m, response, 16);
1086 xfree(blob);
1087
1088 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_RSARESPONSE, &m);
1089 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_RSARESPONSE, &m);
1090
1091 success = buffer_get_int(&m);
1092 buffer_free(&m);
1093
1094 return (success);
1095}
1096
1097#ifdef GSSAPI
1098OM_uint32
| 988
989void
990mm_ssh1_session_id(u_char session_id[16])
991{
992 Buffer m;
993 int i;
994
995 debug3("%s entering", __func__);
996
997 buffer_init(&m);
998 for (i = 0; i < 16; i++)
999 buffer_put_char(&m, session_id[i]);
1000
1001 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SESSID, &m);
1002 buffer_free(&m);
1003}
1004
1005int
1006mm_auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
1007{
1008 Buffer m;
1009 Key *key;
1010 u_char *blob;
1011 u_int blen;
1012 int allowed = 0, have_forced = 0;
1013
1014 debug3("%s entering", __func__);
1015
1016 buffer_init(&m);
1017 buffer_put_bignum2(&m, client_n);
1018
1019 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_RSAKEYALLOWED, &m);
1020 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_RSAKEYALLOWED, &m);
1021
1022 allowed = buffer_get_int(&m);
1023
1024 /* fake forced command */
1025 auth_clear_options();
1026 have_forced = buffer_get_int(&m);
1027 forced_command = have_forced ? xstrdup("true") : NULL;
1028
1029 if (allowed && rkey != NULL) {
1030 blob = buffer_get_string(&m, &blen);
1031 if ((key = key_from_blob(blob, blen)) == NULL)
1032 fatal("%s: key_from_blob failed", __func__);
1033 *rkey = key;
1034 xfree(blob);
1035 }
1036 mm_send_debug(&m);
1037 buffer_free(&m);
1038
1039 return (allowed);
1040}
1041
1042BIGNUM *
1043mm_auth_rsa_generate_challenge(Key *key)
1044{
1045 Buffer m;
1046 BIGNUM *challenge;
1047 u_char *blob;
1048 u_int blen;
1049
1050 debug3("%s entering", __func__);
1051
1052 if ((challenge = BN_new()) == NULL)
1053 fatal("%s: BN_new failed", __func__);
1054
1055 key->type = KEY_RSA; /* XXX cheat for key_to_blob */
1056 if (key_to_blob(key, &blob, &blen) == 0)
1057 fatal("%s: key_to_blob failed", __func__);
1058 key->type = KEY_RSA1;
1059
1060 buffer_init(&m);
1061 buffer_put_string(&m, blob, blen);
1062 xfree(blob);
1063
1064 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_RSACHALLENGE, &m);
1065 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_RSACHALLENGE, &m);
1066
1067 buffer_get_bignum2(&m, challenge);
1068 buffer_free(&m);
1069
1070 return (challenge);
1071}
1072
1073int
1074mm_auth_rsa_verify_response(Key *key, BIGNUM *p, u_char response[16])
1075{
1076 Buffer m;
1077 u_char *blob;
1078 u_int blen;
1079 int success = 0;
1080
1081 debug3("%s entering", __func__);
1082
1083 key->type = KEY_RSA; /* XXX cheat for key_to_blob */
1084 if (key_to_blob(key, &blob, &blen) == 0)
1085 fatal("%s: key_to_blob failed", __func__);
1086 key->type = KEY_RSA1;
1087
1088 buffer_init(&m);
1089 buffer_put_string(&m, blob, blen);
1090 buffer_put_string(&m, response, 16);
1091 xfree(blob);
1092
1093 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_RSARESPONSE, &m);
1094 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_RSARESPONSE, &m);
1095
1096 success = buffer_get_int(&m);
1097 buffer_free(&m);
1098
1099 return (success);
1100}
1101
1102#ifdef GSSAPI
1103OM_uint32
|
1099mm_ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID oid)
| 1104mm_ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID goid)
|
1100{
1101 Buffer m;
1102 OM_uint32 major;
1103
1104 /* Client doesn't get to see the context */
1105 *ctx = NULL;
1106
1107 buffer_init(&m);
| 1105{
1106 Buffer m;
1107 OM_uint32 major;
1108
1109 /* Client doesn't get to see the context */
1110 *ctx = NULL;
1111
1112 buffer_init(&m);
|
1108 buffer_put_string(&m, oid->elements, oid->length);
| 1113 buffer_put_string(&m, goid->elements, goid->length);
|
1109
1110 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSETUP, &m);
1111 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSETUP, &m);
1112
1113 major = buffer_get_int(&m);
1114
1115 buffer_free(&m);
1116 return (major);
1117}
1118
1119OM_uint32
1120mm_ssh_gssapi_accept_ctx(Gssctxt *ctx, gss_buffer_desc *in,
1121 gss_buffer_desc *out, OM_uint32 *flags)
1122{
1123 Buffer m;
1124 OM_uint32 major;
1125 u_int len;
1126
1127 buffer_init(&m);
1128 buffer_put_string(&m, in->value, in->length);
1129
1130 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSTEP, &m);
1131 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSTEP, &m);
1132
1133 major = buffer_get_int(&m);
1134 out->value = buffer_get_string(&m, &len);
1135 out->length = len;
1136 if (flags)
1137 *flags = buffer_get_int(&m);
1138
1139 buffer_free(&m);
1140
1141 return (major);
1142}
1143
1144OM_uint32
1145mm_ssh_gssapi_checkmic(Gssctxt *ctx, gss_buffer_t gssbuf, gss_buffer_t gssmic)
1146{
1147 Buffer m;
1148 OM_uint32 major;
1149
1150 buffer_init(&m);
1151 buffer_put_string(&m, gssbuf->value, gssbuf->length);
1152 buffer_put_string(&m, gssmic->value, gssmic->length);
1153
1154 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSCHECKMIC, &m);
1155 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSCHECKMIC,
1156 &m);
1157
1158 major = buffer_get_int(&m);
1159 buffer_free(&m);
1160 return(major);
1161}
1162
1163int
1164mm_ssh_gssapi_userok(char *user)
1165{
1166 Buffer m;
1167 int authenticated = 0;
1168
1169 buffer_init(&m);
1170
1171 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSUSEROK, &m);
1172 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSUSEROK,
1173 &m);
1174
1175 authenticated = buffer_get_int(&m);
1176
1177 buffer_free(&m);
1178 debug3("%s: user %sauthenticated",__func__, authenticated ? "" : "not ");
1179 return (authenticated);
1180}
1181#endif /* GSSAPI */
| 1114
1115 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSETUP, &m);
1116 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSETUP, &m);
1117
1118 major = buffer_get_int(&m);
1119
1120 buffer_free(&m);
1121 return (major);
1122}
1123
1124OM_uint32
1125mm_ssh_gssapi_accept_ctx(Gssctxt *ctx, gss_buffer_desc *in,
1126 gss_buffer_desc *out, OM_uint32 *flags)
1127{
1128 Buffer m;
1129 OM_uint32 major;
1130 u_int len;
1131
1132 buffer_init(&m);
1133 buffer_put_string(&m, in->value, in->length);
1134
1135 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSTEP, &m);
1136 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSTEP, &m);
1137
1138 major = buffer_get_int(&m);
1139 out->value = buffer_get_string(&m, &len);
1140 out->length = len;
1141 if (flags)
1142 *flags = buffer_get_int(&m);
1143
1144 buffer_free(&m);
1145
1146 return (major);
1147}
1148
1149OM_uint32
1150mm_ssh_gssapi_checkmic(Gssctxt *ctx, gss_buffer_t gssbuf, gss_buffer_t gssmic)
1151{
1152 Buffer m;
1153 OM_uint32 major;
1154
1155 buffer_init(&m);
1156 buffer_put_string(&m, gssbuf->value, gssbuf->length);
1157 buffer_put_string(&m, gssmic->value, gssmic->length);
1158
1159 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSCHECKMIC, &m);
1160 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSCHECKMIC,
1161 &m);
1162
1163 major = buffer_get_int(&m);
1164 buffer_free(&m);
1165 return(major);
1166}
1167
1168int
1169mm_ssh_gssapi_userok(char *user)
1170{
1171 Buffer m;
1172 int authenticated = 0;
1173
1174 buffer_init(&m);
1175
1176 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSUSEROK, &m);
1177 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSUSEROK,
1178 &m);
1179
1180 authenticated = buffer_get_int(&m);
1181
1182 buffer_free(&m);
1183 debug3("%s: user %sauthenticated",__func__, authenticated ? "" : "not ");
1184 return (authenticated);
1185}
1186#endif /* GSSAPI */
|