1/* $OpenBSD: monitor.c,v 1.120 2012/12/11 22:16:21 markus Exp $ */ 2/* 3 * Copyright 2002 Niels Provos <provos@citi.umich.edu> 4 * Copyright 2002 Markus Friedl <markus@openbsd.org> 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 17 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 18 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 19 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 21 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 22 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 23 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 25 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 26 */ 27 28#include "includes.h" 29 30#include <sys/types.h> 31#include <sys/param.h> 32#include <sys/socket.h> 33#include "openbsd-compat/sys-tree.h" 34#include <sys/wait.h> 35 36#include <errno.h> 37#include <fcntl.h> 38#ifdef HAVE_PATHS_H 39#include <paths.h> 40#endif 41#include <pwd.h> 42#include <signal.h> 43#include <stdarg.h> 44#include <stdlib.h> 45#include <string.h> 46#include <unistd.h> 47#ifdef HAVE_POLL_H 48#include <poll.h> 49#else 50# ifdef HAVE_SYS_POLL_H 51# include <sys/poll.h> 52# endif 53#endif 54 55#ifdef SKEY 56#include <skey.h> 57#endif 58 59#ifdef __APPLE_CRYPTO__ 60#include "ossl-dh.h" 61#else 62#include <openssl/dh.h> 63#endif 64 65#include "openbsd-compat/sys-queue.h" 66#include "atomicio.h" 67#include "xmalloc.h" 68#include "ssh.h" 69#include "key.h" 70#include "buffer.h" 71#include "hostfile.h" 72#include "auth.h" 73#include "cipher.h" 74#include "kex.h" 75#include "dh.h" 76#ifdef TARGET_OS_MAC /* XXX Broken krb5 headers on Mac */ 77#undef TARGET_OS_MAC 78#include "zlib.h" 79#define TARGET_OS_MAC 1 80#else 81#include "zlib.h" 82#endif 83#include "packet.h" 84#include "auth-options.h" 85#include "sshpty.h" 86#include "channels.h" 87#include "session.h" 88#include "sshlogin.h" 89#include "canohost.h" 90#include "log.h" 91#include "servconf.h" 92#include "monitor.h" 93#include "monitor_mm.h" 94#ifdef GSSAPI 95#include "ssh-gss.h" 96#endif 97#include "monitor_wrap.h" 98#include "monitor_fdpass.h" 99#include "misc.h" 100#include "compat.h" 101#include "ssh2.h" 102#include "jpake.h" 103#include "roaming.h" 104 105#ifdef GSSAPI 106static Gssctxt *gsscontext = NULL; 107#endif 108 109/* Imports */ 110extern ServerOptions options; 111extern u_int utmp_len; 112extern Newkeys *current_keys[]; 113extern z_stream incoming_stream; 114extern z_stream outgoing_stream; 115extern u_char session_id[]; 116extern Buffer auth_debug; 117extern int auth_debug_init; 118extern Buffer loginmsg; 119 120/* State exported from the child */ 121 122struct { 123 z_stream incoming; 124 z_stream outgoing; 125 u_char *keyin; 126 u_int keyinlen; 127 u_char *keyout; 128 u_int keyoutlen; 129 u_char *ivin; 130 u_int ivinlen; 131 u_char *ivout; 132 u_int ivoutlen; 133 u_char *ssh1key; 134 u_int ssh1keylen; 135 int ssh1cipher; 136 int ssh1protoflags; 137 u_char *input; 138 u_int ilen; 139 u_char *output; 140 u_int olen; 141 u_int64_t sent_bytes; 142 u_int64_t recv_bytes; 143} child_state; 144 145/* Functions on the monitor that answer unprivileged requests */ 146 147int mm_answer_moduli(int, Buffer *); 148int mm_answer_sign(int, Buffer *); 149int mm_answer_pwnamallow(int, Buffer *); 150int mm_answer_auth2_read_banner(int, Buffer *); 151int mm_answer_authserv(int, Buffer *); 152int mm_answer_authpassword(int, Buffer *); 153int mm_answer_bsdauthquery(int, Buffer *); 154int mm_answer_bsdauthrespond(int, Buffer *); 155int mm_answer_skeyquery(int, Buffer *); 156int mm_answer_skeyrespond(int, Buffer *); 157int mm_answer_keyallowed(int, Buffer *); 158int mm_answer_keyverify(int, Buffer *); 159int mm_answer_pty(int, Buffer *); 160int mm_answer_pty_cleanup(int, Buffer *); 161int mm_answer_term(int, Buffer *); 162int mm_answer_rsa_keyallowed(int, Buffer *); 163int mm_answer_rsa_challenge(int, Buffer *); 164int mm_answer_rsa_response(int, Buffer *); 165int mm_answer_sesskey(int, Buffer *); 166int mm_answer_sessid(int, Buffer *); 167int mm_answer_jpake_get_pwdata(int, Buffer *); 168int mm_answer_jpake_step1(int, Buffer *); 169int mm_answer_jpake_step2(int, Buffer *); 170int mm_answer_jpake_key_confirm(int, Buffer *); 171int mm_answer_jpake_check_confirm(int, Buffer *); 172 173#ifdef USE_PAM 174int mm_answer_pam_start(int, Buffer *); 175int mm_answer_pam_account(int, Buffer *); 176int mm_answer_pam_init_ctx(int, Buffer *); 177int mm_answer_pam_query(int, Buffer *); 178int mm_answer_pam_respond(int, Buffer *); 179int mm_answer_pam_free_ctx(int, Buffer *); 180#endif 181 182#ifdef GSSAPI 183int mm_answer_gss_setup_ctx(int, Buffer *); 184int mm_answer_gss_accept_ctx(int, Buffer *); 185int mm_answer_gss_userok(int, Buffer *); 186int mm_answer_gss_checkmic(int, Buffer *); 187int mm_answer_gss_sign(int, Buffer *); 188int mm_answer_gss_updatecreds(int, Buffer *); 189#endif 190 191#ifdef SSH_AUDIT_EVENTS 192int mm_answer_audit_event(int, Buffer *); 193int mm_answer_audit_command(int, Buffer *); 194#endif 195 196static int monitor_read_log(struct monitor *); 197 198static Authctxt *authctxt; 199static BIGNUM *ssh1_challenge = NULL; /* used for ssh1 rsa auth */ 200 201/* local state for key verify */ 202static u_char *key_blob = NULL; 203static u_int key_bloblen = 0; 204static int key_blobtype = MM_NOKEY; 205static char *hostbased_cuser = NULL; 206static char *hostbased_chost = NULL; 207static char *auth_method = "unknown"; 208static char *auth_submethod = NULL; 209static u_int session_id2_len = 0; 210static u_char *session_id2 = NULL; 211static pid_t monitor_child_pid; 212 213struct mon_table { 214 enum monitor_reqtype type; 215 int flags; 216 int (*f)(int, Buffer *); 217}; 218 219#define MON_ISAUTH 0x0004 /* Required for Authentication */ 220#define MON_AUTHDECIDE 0x0008 /* Decides Authentication */ 221#define MON_ONCE 0x0010 /* Disable after calling */ 222#define MON_ALOG 0x0020 /* Log auth attempt without authenticating */ 223 224#define MON_AUTH (MON_ISAUTH|MON_AUTHDECIDE) 225 226#define MON_PERMIT 0x1000 /* Request is permitted */ 227 228struct mon_table mon_dispatch_proto20[] = { 229 {MONITOR_REQ_MODULI, MON_ONCE, mm_answer_moduli}, 230 {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign}, 231 {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow}, 232 {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv}, 233 {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner}, 234 {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword}, 235#ifdef USE_PAM 236 {MONITOR_REQ_PAM_START, MON_ONCE, mm_answer_pam_start}, 237 {MONITOR_REQ_PAM_ACCOUNT, 0, mm_answer_pam_account}, 238 {MONITOR_REQ_PAM_INIT_CTX, MON_ISAUTH, mm_answer_pam_init_ctx}, 239 {MONITOR_REQ_PAM_QUERY, MON_ISAUTH, mm_answer_pam_query}, 240 {MONITOR_REQ_PAM_RESPOND, MON_ISAUTH, mm_answer_pam_respond}, 241 {MONITOR_REQ_PAM_FREE_CTX, MON_ONCE|MON_AUTHDECIDE, mm_answer_pam_free_ctx}, 242#endif 243#ifdef SSH_AUDIT_EVENTS 244 {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, 245#endif 246#ifdef BSD_AUTH 247 {MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery}, 248 {MONITOR_REQ_BSDAUTHRESPOND, MON_AUTH, mm_answer_bsdauthrespond}, 249#endif 250#ifdef SKEY 251 {MONITOR_REQ_SKEYQUERY, MON_ISAUTH, mm_answer_skeyquery}, 252 {MONITOR_REQ_SKEYRESPOND, MON_AUTH, mm_answer_skeyrespond}, 253#endif 254 {MONITOR_REQ_KEYALLOWED, MON_ISAUTH, mm_answer_keyallowed}, 255 {MONITOR_REQ_KEYVERIFY, MON_AUTH, mm_answer_keyverify}, 256#ifdef GSSAPI 257 {MONITOR_REQ_GSSSETUP, MON_ISAUTH, mm_answer_gss_setup_ctx}, 258 {MONITOR_REQ_GSSSTEP, MON_ISAUTH, mm_answer_gss_accept_ctx}, 259 {MONITOR_REQ_GSSUSEROK, MON_AUTH, mm_answer_gss_userok}, 260 {MONITOR_REQ_GSSCHECKMIC, MON_ISAUTH, mm_answer_gss_checkmic}, 261 {MONITOR_REQ_GSSSIGN, MON_ONCE, mm_answer_gss_sign}, 262#endif 263#ifdef JPAKE 264 {MONITOR_REQ_JPAKE_GET_PWDATA, MON_ONCE, mm_answer_jpake_get_pwdata}, 265 {MONITOR_REQ_JPAKE_STEP1, MON_ISAUTH, mm_answer_jpake_step1}, 266 {MONITOR_REQ_JPAKE_STEP2, MON_ONCE, mm_answer_jpake_step2}, 267 {MONITOR_REQ_JPAKE_KEY_CONFIRM, MON_ONCE, mm_answer_jpake_key_confirm}, 268 {MONITOR_REQ_JPAKE_CHECK_CONFIRM, MON_AUTH, mm_answer_jpake_check_confirm}, 269#endif 270 {0, 0, NULL} 271}; 272 273struct mon_table mon_dispatch_postauth20[] = { 274#ifdef GSSAPI 275 {MONITOR_REQ_GSSSETUP, 0, mm_answer_gss_setup_ctx}, 276 {MONITOR_REQ_GSSSTEP, 0, mm_answer_gss_accept_ctx}, 277 {MONITOR_REQ_GSSSIGN, 0, mm_answer_gss_sign}, 278 {MONITOR_REQ_GSSUPCREDS, 0, mm_answer_gss_updatecreds}, 279#endif 280 {MONITOR_REQ_MODULI, 0, mm_answer_moduli}, 281 {MONITOR_REQ_SIGN, 0, mm_answer_sign}, 282 {MONITOR_REQ_PTY, 0, mm_answer_pty}, 283 {MONITOR_REQ_PTYCLEANUP, 0, mm_answer_pty_cleanup}, 284 {MONITOR_REQ_TERM, 0, mm_answer_term}, 285#ifdef SSH_AUDIT_EVENTS 286 {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, 287 {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT, mm_answer_audit_command}, 288#endif 289 {0, 0, NULL} 290}; 291 292struct mon_table mon_dispatch_proto15[] = { 293 {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow}, 294 {MONITOR_REQ_SESSKEY, MON_ONCE, mm_answer_sesskey}, 295 {MONITOR_REQ_SESSID, MON_ONCE, mm_answer_sessid}, 296 {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword}, 297 {MONITOR_REQ_RSAKEYALLOWED, MON_ISAUTH|MON_ALOG, mm_answer_rsa_keyallowed}, 298 {MONITOR_REQ_KEYALLOWED, MON_ISAUTH|MON_ALOG, mm_answer_keyallowed}, 299 {MONITOR_REQ_RSACHALLENGE, MON_ONCE, mm_answer_rsa_challenge}, 300 {MONITOR_REQ_RSARESPONSE, MON_ONCE|MON_AUTHDECIDE, mm_answer_rsa_response}, 301#ifdef BSD_AUTH 302 {MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery}, 303 {MONITOR_REQ_BSDAUTHRESPOND, MON_AUTH, mm_answer_bsdauthrespond}, 304#endif 305#ifdef SKEY 306 {MONITOR_REQ_SKEYQUERY, MON_ISAUTH, mm_answer_skeyquery}, 307 {MONITOR_REQ_SKEYRESPOND, MON_AUTH, mm_answer_skeyrespond}, 308#endif 309#ifdef USE_PAM 310 {MONITOR_REQ_PAM_START, MON_ONCE, mm_answer_pam_start}, 311 {MONITOR_REQ_PAM_ACCOUNT, 0, mm_answer_pam_account}, 312 {MONITOR_REQ_PAM_INIT_CTX, MON_ISAUTH, mm_answer_pam_init_ctx}, 313 {MONITOR_REQ_PAM_QUERY, MON_ISAUTH, mm_answer_pam_query}, 314 {MONITOR_REQ_PAM_RESPOND, MON_ISAUTH, mm_answer_pam_respond}, 315 {MONITOR_REQ_PAM_FREE_CTX, MON_ONCE|MON_AUTHDECIDE, mm_answer_pam_free_ctx}, 316#endif 317#ifdef SSH_AUDIT_EVENTS 318 {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, 319#endif 320 {0, 0, NULL} 321}; 322 323struct mon_table mon_dispatch_postauth15[] = { 324 {MONITOR_REQ_PTY, MON_ONCE, mm_answer_pty}, 325 {MONITOR_REQ_PTYCLEANUP, MON_ONCE, mm_answer_pty_cleanup}, 326 {MONITOR_REQ_TERM, 0, mm_answer_term}, 327#ifdef SSH_AUDIT_EVENTS 328 {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, 329 {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT|MON_ONCE, mm_answer_audit_command}, 330#endif 331 {0, 0, NULL} 332}; 333 334struct mon_table *mon_dispatch; 335 336/* Specifies if a certain message is allowed at the moment */ 337 338static void 339monitor_permit(struct mon_table *ent, enum monitor_reqtype type, int permit) 340{ 341 while (ent->f != NULL) { 342 if (ent->type == type) { 343 ent->flags &= ~MON_PERMIT; 344 ent->flags |= permit ? MON_PERMIT : 0; 345 return; 346 } 347 ent++; 348 } 349} 350 351static void 352monitor_permit_authentications(int permit) 353{ 354 struct mon_table *ent = mon_dispatch; 355 356 while (ent->f != NULL) { 357 if (ent->flags & MON_AUTH) { 358 ent->flags &= ~MON_PERMIT; 359 ent->flags |= permit ? MON_PERMIT : 0; 360 } 361 ent++; 362 } 363} 364 365void 366monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor) 367{ 368 struct mon_table *ent; 369 int authenticated = 0, partial = 0; 370 371 debug3("preauth child monitor started"); 372 373 close(pmonitor->m_recvfd); 374 close(pmonitor->m_log_sendfd); 375 pmonitor->m_log_sendfd = pmonitor->m_recvfd = -1; 376 377 authctxt = _authctxt; 378 memset(authctxt, 0, sizeof(*authctxt)); 379 380 authctxt->loginmsg = &loginmsg; 381 382 if (compat20) { 383 mon_dispatch = mon_dispatch_proto20; 384 385 /* Permit requests for moduli and signatures */ 386 monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1); 387 monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1); 388#ifdef GSSAPI 389 /* and for the GSSAPI key exchange */ 390 monitor_permit(mon_dispatch, MONITOR_REQ_GSSSETUP, 1); 391#endif 392 } else { 393 mon_dispatch = mon_dispatch_proto15; 394 395 monitor_permit(mon_dispatch, MONITOR_REQ_SESSKEY, 1); 396 } 397 398 /* The first few requests do not require asynchronous access */ 399 while (!authenticated) { 400 partial = 0; 401 auth_method = "unknown"; 402 auth_submethod = NULL; 403 authenticated = (monitor_read(pmonitor, mon_dispatch, &ent) == 1); 404 405 /* Special handling for multiple required authentications */ 406 if (options.num_auth_methods != 0) { 407 if (!compat20) 408 fatal("AuthenticationMethods is not supported" 409 "with SSH protocol 1"); 410 if (authenticated && 411 !auth2_update_methods_lists(authctxt, 412 auth_method)) { 413 debug3("%s: method %s: partial", __func__, 414 auth_method); 415 authenticated = 0; 416 partial = 1; 417 } 418 } 419 420 if (authenticated) { 421 if (!(ent->flags & MON_AUTHDECIDE)) 422 fatal("%s: unexpected authentication from %d", 423 __func__, ent->type); 424 if (authctxt->pw->pw_uid == 0 && 425 !auth_root_allowed(auth_method)) 426 authenticated = 0; 427#ifdef USE_PAM 428 /* PAM needs to perform account checks after auth */ 429 if (options.use_pam && authenticated) { 430 Buffer m; 431 432 buffer_init(&m); 433 mm_request_receive_expect(pmonitor->m_sendfd, 434 MONITOR_REQ_PAM_ACCOUNT, &m); 435 authenticated = mm_answer_pam_account(pmonitor->m_sendfd, &m); 436 buffer_free(&m); 437 } 438#endif 439 } 440 if (ent->flags & (MON_AUTHDECIDE|MON_ALOG)) { 441 auth_log(authctxt, authenticated, partial, 442 auth_method, auth_submethod, 443 compat20 ? " ssh2" : ""); 444 if (!authenticated) 445 authctxt->failures++; 446 } 447#ifdef JPAKE 448 /* Cleanup JPAKE context after authentication */ 449 if (ent->flags & MON_AUTHDECIDE) { 450 if (authctxt->jpake_ctx != NULL) { 451 jpake_free(authctxt->jpake_ctx); 452 authctxt->jpake_ctx = NULL; 453 } 454 } 455#endif 456 } 457 458 if (!authctxt->valid) 459 fatal("%s: authenticated invalid user", __func__); 460 if (strcmp(auth_method, "unknown") == 0) 461 fatal("%s: authentication method name unknown", __func__); 462 463 debug("%s: %s has been authenticated by privileged process", 464 __func__, authctxt->user); 465 466 mm_get_keystate(pmonitor); 467 468 /* Drain any buffered messages from the child */ 469 while (pmonitor->m_log_recvfd != -1 && monitor_read_log(pmonitor) == 0) 470 ; 471 472 close(pmonitor->m_sendfd); 473 close(pmonitor->m_log_recvfd); 474 pmonitor->m_sendfd = pmonitor->m_log_recvfd = -1; 475} 476 477static void 478monitor_set_child_handler(pid_t pid) 479{ 480 monitor_child_pid = pid; 481} 482 483static void 484monitor_child_handler(int sig) 485{ 486 kill(monitor_child_pid, sig); 487} 488 489void 490monitor_child_postauth(struct monitor *pmonitor) 491{ 492 close(pmonitor->m_recvfd); 493 pmonitor->m_recvfd = -1; 494 495 monitor_set_child_handler(pmonitor->m_pid); 496 signal(SIGHUP, &monitor_child_handler); 497 signal(SIGTERM, &monitor_child_handler); 498 signal(SIGINT, &monitor_child_handler); 499 500 if (compat20) { 501 mon_dispatch = mon_dispatch_postauth20; 502 503 /* Permit requests for moduli and signatures */ 504 monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1); 505 monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1); 506 monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1); 507#ifdef GSSAPI 508 /* and for the GSSAPI key exchange */ 509 monitor_permit(mon_dispatch, MONITOR_REQ_GSSSETUP, 1); 510#endif 511 } else { 512 mon_dispatch = mon_dispatch_postauth15; 513 monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1); 514 } 515 if (!no_pty_flag) { 516 monitor_permit(mon_dispatch, MONITOR_REQ_PTY, 1); 517 monitor_permit(mon_dispatch, MONITOR_REQ_PTYCLEANUP, 1); 518 } 519 520 for (;;) 521 monitor_read(pmonitor, mon_dispatch, NULL); 522} 523 524void 525monitor_sync(struct monitor *pmonitor) 526{ 527 if (options.compression) { 528 /* The member allocation is not visible, so sync it */ 529 mm_share_sync(&pmonitor->m_zlib, &pmonitor->m_zback); 530 } 531} 532 533static int 534monitor_read_log(struct monitor *pmonitor) 535{ 536 Buffer logmsg; 537 u_int len, level; 538 char *msg; 539 540 buffer_init(&logmsg); 541 542 /* Read length */ 543 buffer_append_space(&logmsg, 4); 544 if (atomicio(read, pmonitor->m_log_recvfd, 545 buffer_ptr(&logmsg), buffer_len(&logmsg)) != buffer_len(&logmsg)) { 546 if (errno == EPIPE) { 547 buffer_free(&logmsg); 548 debug("%s: child log fd closed", __func__); 549 close(pmonitor->m_log_recvfd); 550 pmonitor->m_log_recvfd = -1; 551 return -1; 552 } 553 fatal("%s: log fd read: %s", __func__, strerror(errno)); 554 } 555 len = buffer_get_int(&logmsg); 556 if (len <= 4 || len > 8192) 557 fatal("%s: invalid log message length %u", __func__, len); 558 559 /* Read severity, message */ 560 buffer_clear(&logmsg); 561 buffer_append_space(&logmsg, len); 562 if (atomicio(read, pmonitor->m_log_recvfd, 563 buffer_ptr(&logmsg), buffer_len(&logmsg)) != buffer_len(&logmsg)) 564 fatal("%s: log fd read: %s", __func__, strerror(errno)); 565 566 /* Log it */ 567 level = buffer_get_int(&logmsg); 568 msg = buffer_get_string(&logmsg, NULL); 569 if (log_level_name(level) == NULL) 570 fatal("%s: invalid log level %u (corrupted message?)", 571 __func__, level); 572 do_log2(level, "%s [preauth]", msg); 573 574 buffer_free(&logmsg); 575 xfree(msg); 576 577 return 0; 578} 579 580int 581monitor_read(struct monitor *pmonitor, struct mon_table *ent, 582 struct mon_table **pent) 583{ 584 Buffer m; 585 int ret; 586 u_char type; 587 struct pollfd pfd[2]; 588 589 for (;;) { 590 bzero(&pfd, sizeof(pfd)); 591 pfd[0].fd = pmonitor->m_sendfd; 592 pfd[0].events = POLLIN; 593 pfd[1].fd = pmonitor->m_log_recvfd; 594 pfd[1].events = pfd[1].fd == -1 ? 0 : POLLIN; 595 if (poll(pfd, pfd[1].fd == -1 ? 1 : 2, -1) == -1) { 596 if (errno == EINTR || errno == EAGAIN) 597 continue; 598 fatal("%s: poll: %s", __func__, strerror(errno)); 599 } 600 if (pfd[1].revents) { 601 /* 602 * Drain all log messages before processing next 603 * monitor request. 604 */ 605 monitor_read_log(pmonitor); 606 continue; 607 } 608 if (pfd[0].revents) 609 break; /* Continues below */ 610 } 611 612 buffer_init(&m); 613 614 mm_request_receive(pmonitor->m_sendfd, &m); 615 type = buffer_get_char(&m); 616 617 debug3("%s: checking request %d", __func__, type); 618 619 while (ent->f != NULL) { 620 if (ent->type == type) 621 break; 622 ent++; 623 } 624 625 if (ent->f != NULL) { 626 if (!(ent->flags & MON_PERMIT)) 627 fatal("%s: unpermitted request %d", __func__, 628 type); 629 ret = (*ent->f)(pmonitor->m_sendfd, &m); 630 buffer_free(&m); 631 632 /* The child may use this request only once, disable it */ 633 if (ent->flags & MON_ONCE) { 634 debug2("%s: %d used once, disabling now", __func__, 635 type); 636 ent->flags &= ~MON_PERMIT; 637 } 638 639 if (pent != NULL) 640 *pent = ent; 641 642 return ret; 643 } 644 645 fatal("%s: unsupported request: %d", __func__, type); 646 647 /* NOTREACHED */ 648 return (-1); 649} 650 651/* allowed key state */ 652static int 653monitor_allowed_key(u_char *blob, u_int bloblen) 654{ 655 /* make sure key is allowed */ 656 if (key_blob == NULL || key_bloblen != bloblen || 657 timingsafe_bcmp(key_blob, blob, key_bloblen)) 658 return (0); 659 return (1); 660} 661 662static void 663monitor_reset_key_state(void) 664{ 665 /* reset state */ 666 if (key_blob != NULL) 667 xfree(key_blob); 668 if (hostbased_cuser != NULL) 669 xfree(hostbased_cuser); 670 if (hostbased_chost != NULL) 671 xfree(hostbased_chost); 672 key_blob = NULL; 673 key_bloblen = 0; 674 key_blobtype = MM_NOKEY; 675 hostbased_cuser = NULL; 676 hostbased_chost = NULL; 677} 678 679int 680mm_answer_moduli(int sock, Buffer *m) 681{ 682 DH *dh; 683 int min, want, max; 684 685 min = buffer_get_int(m); 686 want = buffer_get_int(m); 687 max = buffer_get_int(m); 688 689 debug3("%s: got parameters: %d %d %d", 690 __func__, min, want, max); 691 /* We need to check here, too, in case the child got corrupted */ 692 if (max < min || want < min || max < want) 693 fatal("%s: bad parameters: %d %d %d", 694 __func__, min, want, max); 695 696 buffer_clear(m); 697 698 dh = choose_dh(min, want, max); 699 if (dh == NULL) { 700 buffer_put_char(m, 0); 701 return (0); 702 } else { 703 /* Send first bignum */ 704 buffer_put_char(m, 1); 705 buffer_put_bignum2(m, dh->p); 706 buffer_put_bignum2(m, dh->g); 707 708 DH_free(dh); 709 } 710 mm_request_send(sock, MONITOR_ANS_MODULI, m); 711 return (0); 712} 713 714int 715mm_answer_sign(int sock, Buffer *m) 716{ 717 Key *key; 718 u_char *p; 719 u_char *signature; 720 u_int siglen, datlen; 721 int keyid; 722 723 debug3("%s", __func__); 724 725 keyid = buffer_get_int(m); 726 p = buffer_get_string(m, &datlen); 727 728 /* 729 * Supported KEX types use SHA1 (20 bytes), SHA256 (32 bytes), 730 * SHA384 (48 bytes) and SHA512 (64 bytes). 731 */ 732 if (datlen != 20 && datlen != 32 && datlen != 48 && datlen != 64) 733 fatal("%s: data length incorrect: %u", __func__, datlen); 734 735 /* save session id, it will be passed on the first call */ 736 if (session_id2_len == 0) { 737 session_id2_len = datlen; 738 session_id2 = xmalloc(session_id2_len); 739 memcpy(session_id2, p, session_id2_len); 740 } 741 742 if ((key = get_hostkey_by_index(keyid)) == NULL) 743 fatal("%s: no hostkey from index %d", __func__, keyid); 744 if (key_sign(key, &signature, &siglen, p, datlen) < 0) 745 fatal("%s: key_sign failed", __func__); 746 747 debug3("%s: signature %p(%u)", __func__, signature, siglen); 748 749 buffer_clear(m); 750 buffer_put_string(m, signature, siglen); 751 752 xfree(p); 753 xfree(signature); 754 755 mm_request_send(sock, MONITOR_ANS_SIGN, m); 756 757 /* Turn on permissions for getpwnam */ 758 monitor_permit(mon_dispatch, MONITOR_REQ_PWNAM, 1); 759 760 return (0); 761} 762 763/* Retrieves the password entry and also checks if the user is permitted */ 764 765int 766mm_answer_pwnamallow(int sock, Buffer *m) 767{ 768 char *username; 769 struct passwd *pwent; 770 int allowed = 0; 771 u_int i; 772 773 debug3("%s", __func__); 774 775 if (authctxt->attempt++ != 0) 776 fatal("%s: multiple attempts for getpwnam", __func__); 777 778 username = buffer_get_string(m, NULL); 779 780 pwent = getpwnamallow(username); 781 782 authctxt->user = xstrdup(username); 783 setproctitle("%s [priv]", pwent ? username : "unknown"); 784 xfree(username); 785 786 buffer_clear(m); 787 788 if (pwent == NULL) { 789 buffer_put_char(m, 0); 790 authctxt->pw = fakepw(); 791 goto out; 792 } 793 794 allowed = 1; 795 authctxt->pw = pwent; 796 authctxt->valid = 1; 797 798 buffer_put_char(m, 1); 799 buffer_put_string(m, pwent, sizeof(struct passwd)); 800 buffer_put_cstring(m, pwent->pw_name); 801 buffer_put_cstring(m, "*"); 802 buffer_put_cstring(m, pwent->pw_gecos); 803#ifdef HAVE_PW_CLASS_IN_PASSWD 804 buffer_put_cstring(m, pwent->pw_class); 805#endif 806 buffer_put_cstring(m, pwent->pw_dir); 807 buffer_put_cstring(m, pwent->pw_shell); 808 809 out: 810 buffer_put_string(m, &options, sizeof(options)); 811 812#define M_CP_STROPT(x) do { \ 813 if (options.x != NULL) \ 814 buffer_put_cstring(m, options.x); \ 815 } while (0) 816#define M_CP_STRARRAYOPT(x, nx) do { \ 817 for (i = 0; i < options.nx; i++) \ 818 buffer_put_cstring(m, options.x[i]); \ 819 } while (0) 820 /* See comment in servconf.h */ 821 COPY_MATCH_STRING_OPTS(); 822#undef M_CP_STROPT 823#undef M_CP_STRARRAYOPT 824 825 /* Create valid auth method lists */ 826 if (compat20 && auth2_setup_methods_lists(authctxt) != 0) { 827 /* 828 * The monitor will continue long enough to let the child 829 * run to it's packet_disconnect(), but it must not allow any 830 * authentication to succeed. 831 */ 832 debug("%s: no valid authentication method lists", __func__); 833 } 834 835 debug3("%s: sending MONITOR_ANS_PWNAM: %d", __func__, allowed); 836 mm_request_send(sock, MONITOR_ANS_PWNAM, m); 837 838 /* For SSHv1 allow authentication now */ 839 if (!compat20) 840 monitor_permit_authentications(1); 841 else { 842 /* Allow service/style information on the auth context */ 843 monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1); 844 monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1); 845 } 846#ifdef USE_PAM 847 if (options.use_pam) 848 monitor_permit(mon_dispatch, MONITOR_REQ_PAM_START, 1); 849#endif 850 851 return (0); 852} 853 854int mm_answer_auth2_read_banner(int sock, Buffer *m) 855{ 856 char *banner; 857 858 buffer_clear(m); 859 banner = auth2_read_banner(); 860 buffer_put_cstring(m, banner != NULL ? banner : ""); 861 mm_request_send(sock, MONITOR_ANS_AUTH2_READ_BANNER, m); 862 863 if (banner != NULL) 864 xfree(banner); 865 866 return (0); 867} 868 869int 870mm_answer_authserv(int sock, Buffer *m) 871{ 872 monitor_permit_authentications(1); 873 874 authctxt->service = buffer_get_string(m, NULL); 875 authctxt->style = buffer_get_string(m, NULL); 876 debug3("%s: service=%s, style=%s", 877 __func__, authctxt->service, authctxt->style); 878 879 if (strlen(authctxt->style) == 0) { 880 xfree(authctxt->style); 881 authctxt->style = NULL; 882 } 883 884 return (0); 885} 886 887int 888mm_answer_authpassword(int sock, Buffer *m) 889{ 890 static int call_count; 891 char *passwd; 892 int authenticated; 893 u_int plen; 894 895 passwd = buffer_get_string(m, &plen); 896 /* Only authenticate if the context is valid */ 897 authenticated = options.password_authentication && 898 auth_password(authctxt, passwd); 899 memset(passwd, 0, strlen(passwd)); 900 xfree(passwd); 901 902 buffer_clear(m); 903 buffer_put_int(m, authenticated); 904 905 debug3("%s: sending result %d", __func__, authenticated); 906 mm_request_send(sock, MONITOR_ANS_AUTHPASSWORD, m); 907 908 call_count++; 909 if (plen == 0 && call_count == 1) 910 auth_method = "none"; 911 else 912 auth_method = "password"; 913 914 /* Causes monitor loop to terminate if authenticated */ 915 return (authenticated); 916} 917 918#ifdef BSD_AUTH 919int 920mm_answer_bsdauthquery(int sock, Buffer *m) 921{ 922 char *name, *infotxt; 923 u_int numprompts; 924 u_int *echo_on; 925 char **prompts; 926 u_int success; 927 928 success = bsdauth_query(authctxt, &name, &infotxt, &numprompts, 929 &prompts, &echo_on) < 0 ? 0 : 1; 930 931 buffer_clear(m); 932 buffer_put_int(m, success); 933 if (success) 934 buffer_put_cstring(m, prompts[0]); 935 936 debug3("%s: sending challenge success: %u", __func__, success); 937 mm_request_send(sock, MONITOR_ANS_BSDAUTHQUERY, m); 938 939 if (success) { 940 xfree(name); 941 xfree(infotxt); 942 xfree(prompts); 943 xfree(echo_on); 944 } 945 946 return (0); 947} 948 949int 950mm_answer_bsdauthrespond(int sock, Buffer *m) 951{ 952 char *response; 953 int authok; 954 955 if (authctxt->as == 0) 956 fatal("%s: no bsd auth session", __func__); 957 958 response = buffer_get_string(m, NULL); 959 authok = options.challenge_response_authentication && 960 auth_userresponse(authctxt->as, response, 0); 961 authctxt->as = NULL; 962 debug3("%s: <%s> = <%d>", __func__, response, authok); 963 xfree(response); 964 965 buffer_clear(m); 966 buffer_put_int(m, authok); 967 968 debug3("%s: sending authenticated: %d", __func__, authok); 969 mm_request_send(sock, MONITOR_ANS_BSDAUTHRESPOND, m); 970 971 if (compat20) 972 auth_method = "keyboard-interactive"; /* XXX auth_submethod */ 973 else 974 auth_method = "bsdauth"; 975 976 return (authok != 0); 977} 978#endif 979 980#ifdef SKEY 981int 982mm_answer_skeyquery(int sock, Buffer *m) 983{ 984 struct skey skey; 985 char challenge[1024]; 986 u_int success; 987 988 success = _compat_skeychallenge(&skey, authctxt->user, challenge, 989 sizeof(challenge)) < 0 ? 0 : 1; 990 991 buffer_clear(m); 992 buffer_put_int(m, success); 993 if (success) 994 buffer_put_cstring(m, challenge); 995 996 debug3("%s: sending challenge success: %u", __func__, success); 997 mm_request_send(sock, MONITOR_ANS_SKEYQUERY, m); 998 999 return (0); 1000} 1001 1002int 1003mm_answer_skeyrespond(int sock, Buffer *m) 1004{ 1005 char *response; 1006 int authok; 1007 1008 response = buffer_get_string(m, NULL); 1009 1010 authok = (options.challenge_response_authentication && 1011 authctxt->valid && 1012 skey_haskey(authctxt->pw->pw_name) == 0 && 1013 skey_passcheck(authctxt->pw->pw_name, response) != -1); 1014 1015 xfree(response); 1016 1017 buffer_clear(m); 1018 buffer_put_int(m, authok); 1019 1020 debug3("%s: sending authenticated: %d", __func__, authok); 1021 mm_request_send(sock, MONITOR_ANS_SKEYRESPOND, m); 1022 1023 auth_method = "skey"; 1024 1025 return (authok != 0); 1026} 1027#endif 1028 1029#ifdef USE_PAM 1030int 1031mm_answer_pam_start(int sock, Buffer *m) 1032{ 1033 if (!options.use_pam) 1034 fatal("UsePAM not set, but ended up in %s anyway", __func__); 1035 1036 start_pam(authctxt); 1037 1038 monitor_permit(mon_dispatch, MONITOR_REQ_PAM_ACCOUNT, 1); 1039 1040 return (0); 1041} 1042 1043int 1044mm_answer_pam_account(int sock, Buffer *m) 1045{ 1046 u_int ret; 1047 1048 if (!options.use_pam) 1049 fatal("UsePAM not set, but ended up in %s anyway", __func__); 1050 1051 ret = do_pam_account(); 1052 1053 buffer_put_int(m, ret); 1054 buffer_put_string(m, buffer_ptr(&loginmsg), buffer_len(&loginmsg)); 1055 1056 mm_request_send(sock, MONITOR_ANS_PAM_ACCOUNT, m); 1057 1058 return (ret); 1059} 1060 1061static void *sshpam_ctxt, *sshpam_authok; 1062extern KbdintDevice sshpam_device; 1063 1064int 1065mm_answer_pam_init_ctx(int sock, Buffer *m) 1066{ 1067 1068 debug3("%s", __func__); 1069 authctxt->user = buffer_get_string(m, NULL); 1070 sshpam_ctxt = (sshpam_device.init_ctx)(authctxt); 1071 sshpam_authok = NULL; 1072 buffer_clear(m); 1073 if (sshpam_ctxt != NULL) { 1074 monitor_permit(mon_dispatch, MONITOR_REQ_PAM_FREE_CTX, 1); 1075 buffer_put_int(m, 1); 1076 } else { 1077 buffer_put_int(m, 0); 1078 } 1079 mm_request_send(sock, MONITOR_ANS_PAM_INIT_CTX, m); 1080 return (0); 1081} 1082 1083int 1084mm_answer_pam_query(int sock, Buffer *m) 1085{ 1086 char *name = NULL, *info = NULL, **prompts = NULL; 1087 u_int i, num = 0, *echo_on = 0; 1088 int ret; 1089 1090 debug3("%s", __func__); 1091 sshpam_authok = NULL; 1092 ret = (sshpam_device.query)(sshpam_ctxt, &name, &info, &num, &prompts, &echo_on); 1093 if (ret == 0 && num == 0) 1094 sshpam_authok = sshpam_ctxt; 1095 if (num > 1 || name == NULL || info == NULL) 1096 ret = -1; 1097 buffer_clear(m); 1098 buffer_put_int(m, ret); 1099 buffer_put_cstring(m, name); 1100 xfree(name); 1101 buffer_put_cstring(m, info); 1102 xfree(info); 1103 buffer_put_int(m, num); 1104 for (i = 0; i < num; ++i) { 1105 buffer_put_cstring(m, prompts[i]); 1106 xfree(prompts[i]); 1107 buffer_put_int(m, echo_on[i]); 1108 } 1109 if (prompts != NULL) 1110 xfree(prompts); 1111 if (echo_on != NULL) 1112 xfree(echo_on); 1113 auth_method = "keyboard-interactive"; 1114 auth_submethod = "pam"; 1115 mm_request_send(sock, MONITOR_ANS_PAM_QUERY, m); 1116 return (0); 1117} 1118 1119int 1120mm_answer_pam_respond(int sock, Buffer *m) 1121{ 1122 char **resp; 1123 u_int i, num; 1124 int ret; 1125 1126 debug3("%s", __func__); 1127 sshpam_authok = NULL; 1128 num = buffer_get_int(m); 1129 if (num > 0) { 1130 resp = xcalloc(num, sizeof(char *)); 1131 for (i = 0; i < num; ++i) 1132 resp[i] = buffer_get_string(m, NULL); 1133 ret = (sshpam_device.respond)(sshpam_ctxt, num, resp); 1134 for (i = 0; i < num; ++i) 1135 xfree(resp[i]); 1136 xfree(resp); 1137 } else { 1138 ret = (sshpam_device.respond)(sshpam_ctxt, num, NULL); 1139 } 1140 buffer_clear(m); 1141 buffer_put_int(m, ret); 1142 mm_request_send(sock, MONITOR_ANS_PAM_RESPOND, m); 1143 auth_method = "keyboard-interactive"; 1144 auth_submethod = "pam"; 1145 if (ret == 0) 1146 sshpam_authok = sshpam_ctxt; 1147 return (0); 1148} 1149 1150int 1151mm_answer_pam_free_ctx(int sock, Buffer *m) 1152{ 1153 1154 debug3("%s", __func__); 1155 (sshpam_device.free_ctx)(sshpam_ctxt); 1156 buffer_clear(m); 1157 mm_request_send(sock, MONITOR_ANS_PAM_FREE_CTX, m); 1158 auth_method = "keyboard-interactive"; 1159 auth_submethod = "pam"; 1160 return (sshpam_authok == sshpam_ctxt); 1161} 1162#endif 1163 1164int 1165mm_answer_keyallowed(int sock, Buffer *m) 1166{ 1167 Key *key; 1168 char *cuser, *chost; 1169 u_char *blob; 1170 u_int bloblen; 1171 enum mm_keytype type = 0; 1172 int allowed = 0; 1173 1174 debug3("%s entering", __func__); 1175 1176 type = buffer_get_int(m); 1177 cuser = buffer_get_string(m, NULL); 1178 chost = buffer_get_string(m, NULL); 1179 blob = buffer_get_string(m, &bloblen); 1180 1181 key = key_from_blob(blob, bloblen); 1182 1183 if ((compat20 && type == MM_RSAHOSTKEY) || 1184 (!compat20 && type != MM_RSAHOSTKEY)) 1185 fatal("%s: key type and protocol mismatch", __func__); 1186 1187 debug3("%s: key_from_blob: %p", __func__, key); 1188 1189 if (key != NULL && authctxt->valid) { 1190 switch (type) { 1191 case MM_USERKEY: 1192 allowed = options.pubkey_authentication && 1193 user_key_allowed(authctxt->pw, key); 1194 auth_method = "publickey"; 1195 if (options.pubkey_authentication && allowed != 1) 1196 auth_clear_options(); 1197 break; 1198 case MM_HOSTKEY: 1199 allowed = options.hostbased_authentication && 1200 hostbased_key_allowed(authctxt->pw, 1201 cuser, chost, key); 1202 auth_method = "hostbased"; 1203 break; 1204 case MM_RSAHOSTKEY: 1205 key->type = KEY_RSA1; /* XXX */ 1206 allowed = options.rhosts_rsa_authentication && 1207 auth_rhosts_rsa_key_allowed(authctxt->pw, 1208 cuser, chost, key); 1209 if (options.rhosts_rsa_authentication && allowed != 1) 1210 auth_clear_options(); 1211 auth_method = "rsa"; 1212 break; 1213 default: 1214 fatal("%s: unknown key type %d", __func__, type); 1215 break; 1216 } 1217 } 1218 if (key != NULL) 1219 key_free(key); 1220 1221 /* clear temporarily storage (used by verify) */ 1222 monitor_reset_key_state(); 1223 1224 if (allowed) { 1225 /* Save temporarily for comparison in verify */ 1226 key_blob = blob; 1227 key_bloblen = bloblen; 1228 key_blobtype = type; 1229 hostbased_cuser = cuser; 1230 hostbased_chost = chost; 1231 } else { 1232 /* Log failed attempt */ 1233 auth_log(authctxt, 0, 0, auth_method, NULL, 1234 compat20 ? " ssh2" : ""); 1235 xfree(blob); 1236 xfree(cuser); 1237 xfree(chost); 1238 } 1239 1240 debug3("%s: key %p is %s", 1241 __func__, key, allowed ? "allowed" : "not allowed"); 1242 1243 buffer_clear(m); 1244 buffer_put_int(m, allowed); 1245 buffer_put_int(m, forced_command != NULL); 1246 1247 mm_request_send(sock, MONITOR_ANS_KEYALLOWED, m); 1248 1249 if (type == MM_RSAHOSTKEY) 1250 monitor_permit(mon_dispatch, MONITOR_REQ_RSACHALLENGE, allowed); 1251 1252 return (0); 1253} 1254 1255static int 1256monitor_valid_userblob(u_char *data, u_int datalen) 1257{ 1258 Buffer b; 1259 char *p; 1260 u_int len; 1261 int fail = 0; 1262 1263 buffer_init(&b); 1264 buffer_append(&b, data, datalen); 1265 1266 if (datafellows & SSH_OLD_SESSIONID) { 1267 p = buffer_ptr(&b); 1268 len = buffer_len(&b); 1269 if ((session_id2 == NULL) || 1270 (len < session_id2_len) || 1271 (timingsafe_bcmp(p, session_id2, session_id2_len) != 0)) 1272 fail++; 1273 buffer_consume(&b, session_id2_len); 1274 } else { 1275 p = buffer_get_string(&b, &len); 1276 if ((session_id2 == NULL) || 1277 (len != session_id2_len) || 1278 (timingsafe_bcmp(p, session_id2, session_id2_len) != 0)) 1279 fail++; 1280 xfree(p); 1281 } 1282 if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST) 1283 fail++; 1284 p = buffer_get_string(&b, NULL); 1285 if (strcmp(authctxt->user, p) != 0) { 1286 logit("wrong user name passed to monitor: expected %s != %.100s", 1287 authctxt->user, p); 1288 fail++; 1289 } 1290 xfree(p); 1291 buffer_skip_string(&b); 1292 if (datafellows & SSH_BUG_PKAUTH) { 1293 if (!buffer_get_char(&b)) 1294 fail++; 1295 } else { 1296 p = buffer_get_string(&b, NULL); 1297 if (strcmp("publickey", p) != 0) 1298 fail++; 1299 xfree(p); 1300 if (!buffer_get_char(&b)) 1301 fail++; 1302 buffer_skip_string(&b); 1303 } 1304 buffer_skip_string(&b); 1305 if (buffer_len(&b) != 0) 1306 fail++; 1307 buffer_free(&b); 1308 return (fail == 0); 1309} 1310 1311static int 1312monitor_valid_hostbasedblob(u_char *data, u_int datalen, char *cuser, 1313 char *chost) 1314{ 1315 Buffer b; 1316 char *p; 1317 u_int len; 1318 int fail = 0; 1319 1320 buffer_init(&b); 1321 buffer_append(&b, data, datalen); 1322 1323 p = buffer_get_string(&b, &len); 1324 if ((session_id2 == NULL) || 1325 (len != session_id2_len) || 1326 (timingsafe_bcmp(p, session_id2, session_id2_len) != 0)) 1327 fail++; 1328 xfree(p); 1329 1330 if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST) 1331 fail++; 1332 p = buffer_get_string(&b, NULL); 1333 if (strcmp(authctxt->user, p) != 0) { 1334 logit("wrong user name passed to monitor: expected %s != %.100s", 1335 authctxt->user, p); 1336 fail++; 1337 } 1338 xfree(p); 1339 buffer_skip_string(&b); /* service */ 1340 p = buffer_get_string(&b, NULL); 1341 if (strcmp(p, "hostbased") != 0) 1342 fail++; 1343 xfree(p); 1344 buffer_skip_string(&b); /* pkalg */ 1345 buffer_skip_string(&b); /* pkblob */ 1346 1347 /* verify client host, strip trailing dot if necessary */ 1348 p = buffer_get_string(&b, NULL); 1349 if (((len = strlen(p)) > 0) && p[len - 1] == '.') 1350 p[len - 1] = '\0'; 1351 if (strcmp(p, chost) != 0) 1352 fail++; 1353 xfree(p); 1354 1355 /* verify client user */ 1356 p = buffer_get_string(&b, NULL); 1357 if (strcmp(p, cuser) != 0) 1358 fail++; 1359 xfree(p); 1360 1361 if (buffer_len(&b) != 0) 1362 fail++; 1363 buffer_free(&b); 1364 return (fail == 0); 1365} 1366 1367int 1368mm_answer_keyverify(int sock, Buffer *m) 1369{ 1370 Key *key; 1371 u_char *signature, *data, *blob; 1372 u_int signaturelen, datalen, bloblen; 1373 int verified = 0; 1374 int valid_data = 0; 1375 1376 blob = buffer_get_string(m, &bloblen); 1377 signature = buffer_get_string(m, &signaturelen); 1378 data = buffer_get_string(m, &datalen); 1379 1380 if (hostbased_cuser == NULL || hostbased_chost == NULL || 1381 !monitor_allowed_key(blob, bloblen)) 1382 fatal("%s: bad key, not previously allowed", __func__); 1383 1384 key = key_from_blob(blob, bloblen); 1385 if (key == NULL) 1386 fatal("%s: bad public key blob", __func__); 1387 1388 switch (key_blobtype) { 1389 case MM_USERKEY: 1390 valid_data = monitor_valid_userblob(data, datalen); 1391 break; 1392 case MM_HOSTKEY: 1393 valid_data = monitor_valid_hostbasedblob(data, datalen, 1394 hostbased_cuser, hostbased_chost); 1395 break; 1396 default: 1397 valid_data = 0; 1398 break; 1399 } 1400 if (!valid_data) 1401 fatal("%s: bad signature data blob", __func__); 1402 1403 verified = key_verify(key, signature, signaturelen, data, datalen); 1404 debug3("%s: key %p signature %s", 1405 __func__, key, (verified == 1) ? "verified" : "unverified"); 1406 1407 key_free(key); 1408 xfree(blob); 1409 xfree(signature); 1410 xfree(data); 1411 1412 auth_method = key_blobtype == MM_USERKEY ? "publickey" : "hostbased"; 1413 1414 monitor_reset_key_state(); 1415 1416 buffer_clear(m); 1417 buffer_put_int(m, verified); 1418 mm_request_send(sock, MONITOR_ANS_KEYVERIFY, m); 1419 1420 return (verified == 1); 1421} 1422 1423static void 1424mm_record_login(Session *s, struct passwd *pw) 1425{ 1426 socklen_t fromlen; 1427 struct sockaddr_storage from; 1428 1429 /* 1430 * Get IP address of client. If the connection is not a socket, let 1431 * the address be 0.0.0.0. 1432 */ 1433 memset(&from, 0, sizeof(from)); 1434 fromlen = sizeof(from); 1435 if (packet_connection_is_on_socket()) { 1436 if (getpeername(packet_get_connection_in(), 1437 (struct sockaddr *)&from, &fromlen) < 0) { 1438 debug("getpeername: %.100s", strerror(errno)); 1439 cleanup_exit(255); 1440 } 1441 } 1442 /* Record that there was a login on that tty from the remote host. */ 1443 record_login(s->pid, s->tty, pw->pw_name, pw->pw_uid, 1444 get_remote_name_or_ip(utmp_len, options.use_dns), 1445 (struct sockaddr *)&from, fromlen); 1446} 1447 1448static void 1449mm_session_close(Session *s) 1450{ 1451 debug3("%s: session %d pid %ld", __func__, s->self, (long)s->pid); 1452 if (s->ttyfd != -1) { 1453 debug3("%s: tty %s ptyfd %d", __func__, s->tty, s->ptyfd); 1454 session_pty_cleanup2(s); 1455 } 1456 session_unused(s->self); 1457} 1458 1459int 1460mm_answer_pty(int sock, Buffer *m) 1461{ 1462 extern struct monitor *pmonitor; 1463 Session *s; 1464 int res, fd0; 1465 1466 debug3("%s entering", __func__); 1467 1468 buffer_clear(m); 1469 s = session_new(); 1470 if (s == NULL) 1471 goto error; 1472 s->authctxt = authctxt; 1473 s->pw = authctxt->pw; 1474 s->pid = pmonitor->m_pid; 1475 res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty)); 1476 if (res == 0) 1477 goto error; 1478 pty_setowner(authctxt->pw, s->tty); 1479 1480 buffer_put_int(m, 1); 1481 buffer_put_cstring(m, s->tty); 1482 1483 /* We need to trick ttyslot */ 1484 if (dup2(s->ttyfd, 0) == -1) 1485 fatal("%s: dup2", __func__); 1486 1487 mm_record_login(s, authctxt->pw); 1488 1489 /* Now we can close the file descriptor again */ 1490 close(0); 1491 1492 /* send messages generated by record_login */ 1493 buffer_put_string(m, buffer_ptr(&loginmsg), buffer_len(&loginmsg)); 1494 buffer_clear(&loginmsg); 1495 1496 mm_request_send(sock, MONITOR_ANS_PTY, m); 1497 1498 if (mm_send_fd(sock, s->ptyfd) == -1 || 1499 mm_send_fd(sock, s->ttyfd) == -1) 1500 fatal("%s: send fds failed", __func__); 1501 1502 /* make sure nothing uses fd 0 */ 1503 if ((fd0 = open(_PATH_DEVNULL, O_RDONLY)) < 0) 1504 fatal("%s: open(/dev/null): %s", __func__, strerror(errno)); 1505 if (fd0 != 0) 1506 error("%s: fd0 %d != 0", __func__, fd0); 1507 1508 /* slave is not needed */ 1509 close(s->ttyfd); 1510 s->ttyfd = s->ptyfd; 1511 /* no need to dup() because nobody closes ptyfd */ 1512 s->ptymaster = s->ptyfd; 1513 1514 debug3("%s: tty %s ptyfd %d", __func__, s->tty, s->ttyfd); 1515 1516 return (0); 1517 1518 error: 1519 if (s != NULL) 1520 mm_session_close(s); 1521 buffer_put_int(m, 0); 1522 mm_request_send(sock, MONITOR_ANS_PTY, m); 1523 return (0); 1524} 1525 1526int 1527mm_answer_pty_cleanup(int sock, Buffer *m) 1528{ 1529 Session *s; 1530 char *tty; 1531 1532 debug3("%s entering", __func__); 1533 1534 tty = buffer_get_string(m, NULL); 1535 if ((s = session_by_tty(tty)) != NULL) 1536 mm_session_close(s); 1537 buffer_clear(m); 1538 xfree(tty); 1539 return (0); 1540} 1541 1542int 1543mm_answer_sesskey(int sock, Buffer *m) 1544{ 1545 BIGNUM *p; 1546 int rsafail; 1547 1548 /* Turn off permissions */ 1549 monitor_permit(mon_dispatch, MONITOR_REQ_SESSKEY, 0); 1550 1551 if ((p = BN_new()) == NULL) 1552 fatal("%s: BN_new", __func__); 1553 1554 buffer_get_bignum2(m, p); 1555 1556 rsafail = ssh1_session_key(p); 1557 1558 buffer_clear(m); 1559 buffer_put_int(m, rsafail); 1560 buffer_put_bignum2(m, p); 1561 1562 BN_clear_free(p); 1563 1564 mm_request_send(sock, MONITOR_ANS_SESSKEY, m); 1565 1566 /* Turn on permissions for sessid passing */ 1567 monitor_permit(mon_dispatch, MONITOR_REQ_SESSID, 1); 1568 1569 return (0); 1570} 1571 1572int 1573mm_answer_sessid(int sock, Buffer *m) 1574{ 1575 int i; 1576 1577 debug3("%s entering", __func__); 1578 1579 if (buffer_len(m) != 16) 1580 fatal("%s: bad ssh1 session id", __func__); 1581 for (i = 0; i < 16; i++) 1582 session_id[i] = buffer_get_char(m); 1583 1584 /* Turn on permissions for getpwnam */ 1585 monitor_permit(mon_dispatch, MONITOR_REQ_PWNAM, 1); 1586 1587 return (0); 1588} 1589 1590int 1591mm_answer_rsa_keyallowed(int sock, Buffer *m) 1592{ 1593 BIGNUM *client_n; 1594 Key *key = NULL; 1595 u_char *blob = NULL; 1596 u_int blen = 0; 1597 int allowed = 0; 1598 1599 debug3("%s entering", __func__); 1600 1601 auth_method = "rsa"; 1602 if (options.rsa_authentication && authctxt->valid) { 1603 if ((client_n = BN_new()) == NULL) 1604 fatal("%s: BN_new", __func__); 1605 buffer_get_bignum2(m, client_n); 1606 allowed = auth_rsa_key_allowed(authctxt->pw, client_n, &key); 1607 BN_clear_free(client_n); 1608 } 1609 buffer_clear(m); 1610 buffer_put_int(m, allowed); 1611 buffer_put_int(m, forced_command != NULL); 1612 1613 /* clear temporarily storage (used by generate challenge) */ 1614 monitor_reset_key_state(); 1615 1616 if (allowed && key != NULL) { 1617 key->type = KEY_RSA; /* cheat for key_to_blob */ 1618 if (key_to_blob(key, &blob, &blen) == 0) 1619 fatal("%s: key_to_blob failed", __func__); 1620 buffer_put_string(m, blob, blen); 1621 1622 /* Save temporarily for comparison in verify */ 1623 key_blob = blob; 1624 key_bloblen = blen; 1625 key_blobtype = MM_RSAUSERKEY; 1626 } 1627 if (key != NULL) 1628 key_free(key); 1629 1630 mm_request_send(sock, MONITOR_ANS_RSAKEYALLOWED, m); 1631 1632 monitor_permit(mon_dispatch, MONITOR_REQ_RSACHALLENGE, allowed); 1633 monitor_permit(mon_dispatch, MONITOR_REQ_RSARESPONSE, 0); 1634 return (0); 1635} 1636 1637int 1638mm_answer_rsa_challenge(int sock, Buffer *m) 1639{ 1640 Key *key = NULL; 1641 u_char *blob; 1642 u_int blen; 1643 1644 debug3("%s entering", __func__); 1645 1646 if (!authctxt->valid) 1647 fatal("%s: authctxt not valid", __func__); 1648 blob = buffer_get_string(m, &blen); 1649 if (!monitor_allowed_key(blob, blen)) 1650 fatal("%s: bad key, not previously allowed", __func__); 1651 if (key_blobtype != MM_RSAUSERKEY && key_blobtype != MM_RSAHOSTKEY) 1652 fatal("%s: key type mismatch", __func__); 1653 if ((key = key_from_blob(blob, blen)) == NULL) 1654 fatal("%s: received bad key", __func__); 1655 if (key->type != KEY_RSA) 1656 fatal("%s: received bad key type %d", __func__, key->type); 1657 key->type = KEY_RSA1; 1658 if (ssh1_challenge) 1659 BN_clear_free(ssh1_challenge); 1660 ssh1_challenge = auth_rsa_generate_challenge(key); 1661 1662 buffer_clear(m); 1663 buffer_put_bignum2(m, ssh1_challenge); 1664 1665 debug3("%s sending reply", __func__); 1666 mm_request_send(sock, MONITOR_ANS_RSACHALLENGE, m); 1667 1668 monitor_permit(mon_dispatch, MONITOR_REQ_RSARESPONSE, 1); 1669 1670 xfree(blob); 1671 key_free(key); 1672 return (0); 1673} 1674 1675int 1676mm_answer_rsa_response(int sock, Buffer *m) 1677{ 1678 Key *key = NULL; 1679 u_char *blob, *response; 1680 u_int blen, len; 1681 int success; 1682 1683 debug3("%s entering", __func__); 1684 1685 if (!authctxt->valid) 1686 fatal("%s: authctxt not valid", __func__); 1687 if (ssh1_challenge == NULL) 1688 fatal("%s: no ssh1_challenge", __func__); 1689 1690 blob = buffer_get_string(m, &blen); 1691 if (!monitor_allowed_key(blob, blen)) 1692 fatal("%s: bad key, not previously allowed", __func__); 1693 if (key_blobtype != MM_RSAUSERKEY && key_blobtype != MM_RSAHOSTKEY) 1694 fatal("%s: key type mismatch: %d", __func__, key_blobtype); 1695 if ((key = key_from_blob(blob, blen)) == NULL) 1696 fatal("%s: received bad key", __func__); 1697 response = buffer_get_string(m, &len); 1698 if (len != 16) 1699 fatal("%s: received bad response to challenge", __func__); 1700 success = auth_rsa_verify_response(key, ssh1_challenge, response); 1701 1702 xfree(blob); 1703 key_free(key); 1704 xfree(response); 1705 1706 auth_method = key_blobtype == MM_RSAUSERKEY ? "rsa" : "rhosts-rsa"; 1707 1708 /* reset state */ 1709 BN_clear_free(ssh1_challenge); 1710 ssh1_challenge = NULL; 1711 monitor_reset_key_state(); 1712 1713 buffer_clear(m); 1714 buffer_put_int(m, success); 1715 mm_request_send(sock, MONITOR_ANS_RSARESPONSE, m); 1716 1717 return (success); 1718} 1719 1720int 1721mm_answer_term(int sock, Buffer *req) 1722{ 1723 extern struct monitor *pmonitor; 1724 int res, status; 1725 1726 debug3("%s: tearing down sessions", __func__); 1727 1728 /* The child is terminating */ 1729 session_destroy_all(&mm_session_close); 1730 1731#ifdef USE_PAM 1732 if (options.use_pam) 1733 sshpam_cleanup(); 1734#endif 1735 1736 while (waitpid(pmonitor->m_pid, &status, 0) == -1) 1737 if (errno != EINTR) 1738 exit(1); 1739 1740 res = WIFEXITED(status) ? WEXITSTATUS(status) : 1; 1741 1742 /* Terminate process */ 1743 exit(res); 1744} 1745 1746#ifdef SSH_AUDIT_EVENTS 1747/* Report that an audit event occurred */ 1748int 1749mm_answer_audit_event(int socket, Buffer *m) 1750{ 1751 ssh_audit_event_t event; 1752 1753 debug3("%s entering", __func__); 1754 1755 event = buffer_get_int(m); 1756 switch(event) { 1757 case SSH_AUTH_FAIL_PUBKEY: 1758 case SSH_AUTH_FAIL_HOSTBASED: 1759 case SSH_AUTH_FAIL_GSSAPI: 1760 case SSH_LOGIN_EXCEED_MAXTRIES: 1761 case SSH_LOGIN_ROOT_DENIED: 1762 case SSH_CONNECTION_CLOSE: 1763 case SSH_INVALID_USER: 1764 audit_event(event); 1765 break; 1766 default: 1767 fatal("Audit event type %d not permitted", event); 1768 } 1769 1770 return (0); 1771} 1772 1773int 1774mm_answer_audit_command(int socket, Buffer *m) 1775{ 1776 u_int len; 1777 char *cmd; 1778 1779 debug3("%s entering", __func__); 1780 cmd = buffer_get_string(m, &len); 1781 /* sanity check command, if so how? */ 1782 audit_run_command(cmd); 1783 xfree(cmd); 1784 return (0); 1785} 1786#endif /* SSH_AUDIT_EVENTS */ 1787 1788void 1789monitor_apply_keystate(struct monitor *pmonitor) 1790{ 1791 if (compat20) { 1792 set_newkeys(MODE_IN); 1793 set_newkeys(MODE_OUT); 1794 } else { 1795 packet_set_protocol_flags(child_state.ssh1protoflags); 1796 packet_set_encryption_key(child_state.ssh1key, 1797 child_state.ssh1keylen, child_state.ssh1cipher); 1798 xfree(child_state.ssh1key); 1799 } 1800 1801 /* for rc4 and other stateful ciphers */ 1802 packet_set_keycontext(MODE_OUT, child_state.keyout); 1803 xfree(child_state.keyout); 1804 packet_set_keycontext(MODE_IN, child_state.keyin); 1805 xfree(child_state.keyin); 1806 1807 if (!compat20) { 1808 packet_set_iv(MODE_OUT, child_state.ivout); 1809 xfree(child_state.ivout); 1810 packet_set_iv(MODE_IN, child_state.ivin); 1811 xfree(child_state.ivin); 1812 } 1813 1814 memcpy(&incoming_stream, &child_state.incoming, 1815 sizeof(incoming_stream)); 1816 memcpy(&outgoing_stream, &child_state.outgoing, 1817 sizeof(outgoing_stream)); 1818 1819 /* Update with new address */ 1820 if (options.compression) 1821 mm_init_compression(pmonitor->m_zlib); 1822 1823 /* Network I/O buffers */ 1824 /* XXX inefficient for large buffers, need: buffer_init_from_string */ 1825 buffer_clear(packet_get_input()); 1826 buffer_append(packet_get_input(), child_state.input, child_state.ilen); 1827 memset(child_state.input, 0, child_state.ilen); 1828 xfree(child_state.input); 1829 1830 buffer_clear(packet_get_output()); 1831 buffer_append(packet_get_output(), child_state.output, 1832 child_state.olen); 1833 memset(child_state.output, 0, child_state.olen); 1834 xfree(child_state.output); 1835 1836 /* Roaming */ 1837 if (compat20) 1838 roam_set_bytes(child_state.sent_bytes, child_state.recv_bytes); 1839} 1840 1841static Kex * 1842mm_get_kex(Buffer *m) 1843{ 1844 Kex *kex; 1845 void *blob; 1846 u_int bloblen; 1847 1848 kex = xcalloc(1, sizeof(*kex)); 1849 kex->session_id = buffer_get_string(m, &kex->session_id_len); 1850 if (session_id2 == NULL || 1851 kex->session_id_len != session_id2_len || 1852 timingsafe_bcmp(kex->session_id, session_id2, session_id2_len) != 0) 1853 fatal("mm_get_get: internal error: bad session id"); 1854 kex->we_need = buffer_get_int(m); 1855 kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; 1856 kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; 1857 kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; 1858 kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; 1859 kex->kex[KEX_ECDH_SHA2] = kexecdh_server; 1860#ifdef GSSAPI 1861 if (options.gss_keyex) { 1862 kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_server; 1863 kex->kex[KEX_GSS_GRP14_SHA1] = kexgss_server; 1864 kex->kex[KEX_GSS_GEX_SHA1] = kexgss_server; 1865 } 1866#endif 1867 kex->server = 1; 1868 kex->hostkey_type = buffer_get_int(m); 1869 kex->kex_type = buffer_get_int(m); 1870 blob = buffer_get_string(m, &bloblen); 1871 buffer_init(&kex->my); 1872 buffer_append(&kex->my, blob, bloblen); 1873 xfree(blob); 1874 blob = buffer_get_string(m, &bloblen); 1875 buffer_init(&kex->peer); 1876 buffer_append(&kex->peer, blob, bloblen); 1877 xfree(blob); 1878 kex->done = 1; 1879 kex->flags = buffer_get_int(m); 1880 kex->client_version_string = buffer_get_string(m, NULL); 1881 kex->server_version_string = buffer_get_string(m, NULL); 1882 kex->load_host_public_key=&get_hostkey_public_by_type; 1883 kex->load_host_private_key=&get_hostkey_private_by_type; 1884 kex->host_key_index=&get_hostkey_index; 1885 1886 return (kex); 1887} 1888 1889/* This function requries careful sanity checking */ 1890 1891void 1892mm_get_keystate(struct monitor *pmonitor) 1893{ 1894 Buffer m; 1895 u_char *blob, *p; 1896 u_int bloblen, plen; 1897 u_int32_t seqnr, packets; 1898 u_int64_t blocks, bytes; 1899 1900 debug3("%s: Waiting for new keys", __func__); 1901 1902 buffer_init(&m); 1903 mm_request_receive_expect(pmonitor->m_sendfd, MONITOR_REQ_KEYEXPORT, &m); 1904 if (!compat20) { 1905 child_state.ssh1protoflags = buffer_get_int(&m); 1906 child_state.ssh1cipher = buffer_get_int(&m); 1907 child_state.ssh1key = buffer_get_string(&m, 1908 &child_state.ssh1keylen); 1909 child_state.ivout = buffer_get_string(&m, 1910 &child_state.ivoutlen); 1911 child_state.ivin = buffer_get_string(&m, &child_state.ivinlen); 1912 goto skip; 1913 } else { 1914 /* Get the Kex for rekeying */ 1915 *pmonitor->m_pkex = mm_get_kex(&m); 1916 } 1917 1918 blob = buffer_get_string(&m, &bloblen); 1919 current_keys[MODE_OUT] = mm_newkeys_from_blob(blob, bloblen); 1920 xfree(blob); 1921 1922 debug3("%s: Waiting for second key", __func__); 1923 blob = buffer_get_string(&m, &bloblen); 1924 current_keys[MODE_IN] = mm_newkeys_from_blob(blob, bloblen); 1925 xfree(blob); 1926 1927 /* Now get sequence numbers for the packets */ 1928 seqnr = buffer_get_int(&m); 1929 blocks = buffer_get_int64(&m); 1930 packets = buffer_get_int(&m); 1931 bytes = buffer_get_int64(&m); 1932 packet_set_state(MODE_OUT, seqnr, blocks, packets, bytes); 1933 seqnr = buffer_get_int(&m); 1934 blocks = buffer_get_int64(&m); 1935 packets = buffer_get_int(&m); 1936 bytes = buffer_get_int64(&m); 1937 packet_set_state(MODE_IN, seqnr, blocks, packets, bytes); 1938 1939 skip: 1940 /* Get the key context */ 1941 child_state.keyout = buffer_get_string(&m, &child_state.keyoutlen); 1942 child_state.keyin = buffer_get_string(&m, &child_state.keyinlen); 1943 1944 debug3("%s: Getting compression state", __func__); 1945 /* Get compression state */ 1946 p = buffer_get_string(&m, &plen); 1947 if (plen != sizeof(child_state.outgoing)) 1948 fatal("%s: bad request size", __func__); 1949 memcpy(&child_state.outgoing, p, sizeof(child_state.outgoing)); 1950 xfree(p); 1951 1952 p = buffer_get_string(&m, &plen); 1953 if (plen != sizeof(child_state.incoming)) 1954 fatal("%s: bad request size", __func__); 1955 memcpy(&child_state.incoming, p, sizeof(child_state.incoming)); 1956 xfree(p); 1957 1958 /* Network I/O buffers */ 1959 debug3("%s: Getting Network I/O buffers", __func__); 1960 child_state.input = buffer_get_string(&m, &child_state.ilen); 1961 child_state.output = buffer_get_string(&m, &child_state.olen); 1962 1963 /* Roaming */ 1964 if (compat20) { 1965 child_state.sent_bytes = buffer_get_int64(&m); 1966 child_state.recv_bytes = buffer_get_int64(&m); 1967 } 1968 1969 buffer_free(&m); 1970} 1971 1972 1973/* Allocation functions for zlib */ 1974void * 1975mm_zalloc(struct mm_master *mm, u_int ncount, u_int size) 1976{ 1977 size_t len = (size_t) size * ncount; 1978 void *address; 1979 1980 if (len == 0 || ncount > SIZE_T_MAX / size) 1981 fatal("%s: mm_zalloc(%u, %u)", __func__, ncount, size); 1982 1983 address = mm_malloc(mm, len); 1984 1985 return (address); 1986} 1987 1988void 1989mm_zfree(struct mm_master *mm, void *address) 1990{ 1991 mm_free(mm, address); 1992} 1993 1994void 1995mm_init_compression(struct mm_master *mm) 1996{ 1997 outgoing_stream.zalloc = (alloc_func)mm_zalloc; 1998 outgoing_stream.zfree = (free_func)mm_zfree; 1999 outgoing_stream.opaque = mm; 2000 2001 incoming_stream.zalloc = (alloc_func)mm_zalloc; 2002 incoming_stream.zfree = (free_func)mm_zfree; 2003 incoming_stream.opaque = mm; 2004} 2005 2006/* XXX */ 2007 2008#define FD_CLOSEONEXEC(x) do { \ 2009 if (fcntl(x, F_SETFD, FD_CLOEXEC) == -1) \ 2010 fatal("fcntl(%d, F_SETFD)", x); \ 2011} while (0) 2012 2013static void 2014monitor_openfds(struct monitor *mon, int do_logfds) 2015{ 2016 int pair[2]; 2017 2018 if (socketpair(AF_UNIX, SOCK_STREAM, 0, pair) == -1) 2019 fatal("%s: socketpair: %s", __func__, strerror(errno)); 2020 FD_CLOSEONEXEC(pair[0]); 2021 FD_CLOSEONEXEC(pair[1]); 2022 mon->m_recvfd = pair[0]; 2023 mon->m_sendfd = pair[1]; 2024 2025 if (do_logfds) { 2026 if (pipe(pair) == -1) 2027 fatal("%s: pipe: %s", __func__, strerror(errno)); 2028 FD_CLOSEONEXEC(pair[0]); 2029 FD_CLOSEONEXEC(pair[1]); 2030 mon->m_log_recvfd = pair[0]; 2031 mon->m_log_sendfd = pair[1]; 2032 } else 2033 mon->m_log_recvfd = mon->m_log_sendfd = -1; 2034} 2035 2036#define MM_MEMSIZE 65536 2037 2038struct monitor * 2039monitor_init(void) 2040{ 2041 struct monitor *mon; 2042 2043 mon = xcalloc(1, sizeof(*mon)); 2044 2045 monitor_openfds(mon, 1); 2046 2047 /* Used to share zlib space across processes */ 2048 if (options.compression) { 2049 mon->m_zback = mm_create(NULL, MM_MEMSIZE); 2050 mon->m_zlib = mm_create(mon->m_zback, 20 * MM_MEMSIZE); 2051 2052 /* Compression needs to share state across borders */ 2053 mm_init_compression(mon->m_zlib); 2054 } 2055 2056 return mon; 2057} 2058 2059void 2060monitor_reinit(struct monitor *mon) 2061{ 2062 monitor_openfds(mon, 0); 2063} 2064 2065#ifdef GSSAPI 2066int 2067mm_answer_gss_setup_ctx(int sock, Buffer *m) 2068{ 2069 gss_OID_desc goid; 2070 OM_uint32 major; 2071 u_int len; 2072 2073 if (!options.gss_authentication && !options.gss_keyex) 2074 fatal("In GSSAPI monitor when GSSAPI is disabled"); 2075 2076 goid.elements = buffer_get_string(m, &len); 2077 goid.length = len; 2078 2079 major = ssh_gssapi_server_ctx(&gsscontext, &goid); 2080 2081 xfree(goid.elements); 2082 2083 buffer_clear(m); 2084 buffer_put_int(m, major); 2085 2086 mm_request_send(sock, MONITOR_ANS_GSSSETUP, m); 2087 2088 /* Now we have a context, enable the step */ 2089 monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 1); 2090 2091 return (0); 2092} 2093 2094int 2095mm_answer_gss_accept_ctx(int sock, Buffer *m) 2096{ 2097 gss_buffer_desc in; 2098 gss_buffer_desc out = GSS_C_EMPTY_BUFFER; 2099 OM_uint32 major, minor; 2100 OM_uint32 flags = 0; /* GSI needs this */ 2101 u_int len; 2102 2103 if (!options.gss_authentication && !options.gss_keyex) 2104 fatal("In GSSAPI monitor when GSSAPI is disabled"); 2105 2106 in.value = buffer_get_string(m, &len); 2107 in.length = len; 2108 major = ssh_gssapi_accept_ctx(gsscontext, &in, &out, &flags); 2109 xfree(in.value); 2110 2111 buffer_clear(m); 2112 buffer_put_int(m, major); 2113 buffer_put_string(m, out.value, out.length); 2114 buffer_put_int(m, flags); 2115 mm_request_send(sock, MONITOR_ANS_GSSSTEP, m); 2116 2117 gss_release_buffer(&minor, &out); 2118 2119 if (major == GSS_S_COMPLETE) { 2120 monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 0); 2121 monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1); 2122 monitor_permit(mon_dispatch, MONITOR_REQ_GSSCHECKMIC, 1); 2123 monitor_permit(mon_dispatch, MONITOR_REQ_GSSSIGN, 1); 2124 } 2125 return (0); 2126} 2127 2128int 2129mm_answer_gss_checkmic(int sock, Buffer *m) 2130{ 2131 gss_buffer_desc gssbuf, mic; 2132 OM_uint32 ret; 2133 u_int len; 2134 2135 if (!options.gss_authentication && !options.gss_keyex) 2136 fatal("In GSSAPI monitor when GSSAPI is disabled"); 2137 2138 gssbuf.value = buffer_get_string(m, &len); 2139 gssbuf.length = len; 2140 mic.value = buffer_get_string(m, &len); 2141 mic.length = len; 2142 2143 ret = ssh_gssapi_checkmic(gsscontext, &gssbuf, &mic); 2144 2145 xfree(gssbuf.value); 2146 xfree(mic.value); 2147 2148 buffer_clear(m); 2149 buffer_put_int(m, ret); 2150 2151 mm_request_send(sock, MONITOR_ANS_GSSCHECKMIC, m); 2152 2153 if (!GSS_ERROR(ret)) 2154 monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1); 2155 2156 return (0); 2157} 2158 2159int 2160mm_answer_gss_userok(int sock, Buffer *m) 2161{ 2162 int authenticated; 2163 2164 if (!options.gss_authentication && !options.gss_keyex) 2165 fatal("In GSSAPI monitor when GSSAPI is disabled"); 2166 2167 authenticated = authctxt->valid && 2168 ssh_gssapi_userok(authctxt->user, authctxt->pw); 2169 2170 buffer_clear(m); 2171 buffer_put_int(m, authenticated); 2172 2173 debug3("%s: sending result %d", __func__, authenticated); 2174 mm_request_send(sock, MONITOR_ANS_GSSUSEROK, m); 2175 2176 auth_method = "gssapi-with-mic"; 2177 2178 /* Monitor loop will terminate if authenticated */ 2179 return (authenticated); 2180} 2181 2182int 2183mm_answer_gss_sign(int socket, Buffer *m) 2184{ 2185 gss_buffer_desc data; 2186 gss_buffer_desc hash = GSS_C_EMPTY_BUFFER; 2187 OM_uint32 major, minor; 2188 u_int len; 2189 2190 if (!options.gss_authentication && !options.gss_keyex) 2191 fatal("In GSSAPI monitor when GSSAPI is disabled"); 2192 2193 data.value = buffer_get_string(m, &len); 2194 data.length = len; 2195 if (data.length != 20) 2196 fatal("%s: data length incorrect: %d", __func__, 2197 (int) data.length); 2198 2199 /* Save the session ID on the first time around */ 2200 if (session_id2_len == 0) { 2201 session_id2_len = data.length; 2202 session_id2 = xmalloc(session_id2_len); 2203 memcpy(session_id2, data.value, session_id2_len); 2204 } 2205 major = ssh_gssapi_sign(gsscontext, &data, &hash); 2206 2207 xfree(data.value); 2208 2209 buffer_clear(m); 2210 buffer_put_int(m, major); 2211 buffer_put_string(m, hash.value, hash.length); 2212 2213 mm_request_send(socket, MONITOR_ANS_GSSSIGN, m); 2214 2215 gss_release_buffer(&minor, &hash); 2216 2217 /* Turn on getpwnam permissions */ 2218 monitor_permit(mon_dispatch, MONITOR_REQ_PWNAM, 1); 2219 2220 /* And credential updating, for when rekeying */ 2221 monitor_permit(mon_dispatch, MONITOR_REQ_GSSUPCREDS, 1); 2222 2223 return (0); 2224} 2225 2226int 2227mm_answer_gss_updatecreds(int socket, Buffer *m) { 2228 ssh_gssapi_ccache store; 2229 int ok; 2230 2231 store.filename = buffer_get_string(m, NULL); 2232 store.envvar = buffer_get_string(m, NULL); 2233 store.envval = buffer_get_string(m, NULL); 2234 2235 ok = ssh_gssapi_update_creds(&store); 2236 2237 xfree(store.filename); 2238 xfree(store.envvar); 2239 xfree(store.envval); 2240 2241 buffer_clear(m); 2242 buffer_put_int(m, ok); 2243 2244 mm_request_send(socket, MONITOR_ANS_GSSUPCREDS, m); 2245 2246 return(0); 2247} 2248 2249#endif /* GSSAPI */ 2250 2251#ifdef JPAKE 2252int 2253mm_answer_jpake_step1(int sock, Buffer *m) 2254{ 2255 struct jpake_ctx *pctx; 2256 u_char *x3_proof, *x4_proof; 2257 u_int x3_proof_len, x4_proof_len; 2258 2259 if (!options.zero_knowledge_password_authentication) 2260 fatal("zero_knowledge_password_authentication disabled"); 2261 2262 if (authctxt->jpake_ctx != NULL) 2263 fatal("%s: authctxt->jpake_ctx already set (%p)", 2264 __func__, authctxt->jpake_ctx); 2265 authctxt->jpake_ctx = pctx = jpake_new(); 2266 2267 jpake_step1(pctx->grp, 2268 &pctx->server_id, &pctx->server_id_len, 2269 &pctx->x3, &pctx->x4, &pctx->g_x3, &pctx->g_x4, 2270 &x3_proof, &x3_proof_len, 2271 &x4_proof, &x4_proof_len); 2272 2273 JPAKE_DEBUG_CTX((pctx, "step1 done in %s", __func__)); 2274 2275 buffer_clear(m); 2276 2277 buffer_put_string(m, pctx->server_id, pctx->server_id_len); 2278 buffer_put_bignum2(m, pctx->g_x3); 2279 buffer_put_bignum2(m, pctx->g_x4); 2280 buffer_put_string(m, x3_proof, x3_proof_len); 2281 buffer_put_string(m, x4_proof, x4_proof_len); 2282 2283 debug3("%s: sending step1", __func__); 2284 mm_request_send(sock, MONITOR_ANS_JPAKE_STEP1, m); 2285 2286 bzero(x3_proof, x3_proof_len); 2287 bzero(x4_proof, x4_proof_len); 2288 xfree(x3_proof); 2289 xfree(x4_proof); 2290 2291 monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_GET_PWDATA, 1); 2292 monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_STEP1, 0); 2293 2294 return 0; 2295} 2296 2297int 2298mm_answer_jpake_get_pwdata(int sock, Buffer *m) 2299{ 2300 struct jpake_ctx *pctx = authctxt->jpake_ctx; 2301 char *hash_scheme, *salt; 2302 2303 if (pctx == NULL) 2304 fatal("%s: pctx == NULL", __func__); 2305 2306 auth2_jpake_get_pwdata(authctxt, &pctx->s, &hash_scheme, &salt); 2307 2308 buffer_clear(m); 2309 /* pctx->s is sensitive, not returned to slave */ 2310 buffer_put_cstring(m, hash_scheme); 2311 buffer_put_cstring(m, salt); 2312 2313 debug3("%s: sending pwdata", __func__); 2314 mm_request_send(sock, MONITOR_ANS_JPAKE_GET_PWDATA, m); 2315 2316 bzero(hash_scheme, strlen(hash_scheme)); 2317 bzero(salt, strlen(salt)); 2318 xfree(hash_scheme); 2319 xfree(salt); 2320 2321 monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_STEP2, 1); 2322 2323 return 0; 2324} 2325 2326int 2327mm_answer_jpake_step2(int sock, Buffer *m) 2328{ 2329 struct jpake_ctx *pctx = authctxt->jpake_ctx; 2330 u_char *x1_proof, *x2_proof, *x4_s_proof; 2331 u_int x1_proof_len, x2_proof_len, x4_s_proof_len; 2332 2333 if (pctx == NULL) 2334 fatal("%s: pctx == NULL", __func__); 2335 2336 if ((pctx->g_x1 = BN_new()) == NULL || 2337 (pctx->g_x2 = BN_new()) == NULL) 2338 fatal("%s: BN_new", __func__); 2339 buffer_get_bignum2(m, pctx->g_x1); 2340 buffer_get_bignum2(m, pctx->g_x2); 2341 pctx->client_id = buffer_get_string(m, &pctx->client_id_len); 2342 x1_proof = buffer_get_string(m, &x1_proof_len); 2343 x2_proof = buffer_get_string(m, &x2_proof_len); 2344 2345 jpake_step2(pctx->grp, pctx->s, pctx->g_x3, 2346 pctx->g_x1, pctx->g_x2, pctx->x4, 2347 pctx->client_id, pctx->client_id_len, 2348 pctx->server_id, pctx->server_id_len, 2349 x1_proof, x1_proof_len, 2350 x2_proof, x2_proof_len, 2351 &pctx->b, 2352 &x4_s_proof, &x4_s_proof_len); 2353 2354 JPAKE_DEBUG_CTX((pctx, "step2 done in %s", __func__)); 2355 2356 bzero(x1_proof, x1_proof_len); 2357 bzero(x2_proof, x2_proof_len); 2358 xfree(x1_proof); 2359 xfree(x2_proof); 2360 2361 buffer_clear(m); 2362 2363 buffer_put_bignum2(m, pctx->b); 2364 buffer_put_string(m, x4_s_proof, x4_s_proof_len); 2365 2366 debug3("%s: sending step2", __func__); 2367 mm_request_send(sock, MONITOR_ANS_JPAKE_STEP2, m); 2368 2369 bzero(x4_s_proof, x4_s_proof_len); 2370 xfree(x4_s_proof); 2371 2372 monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_KEY_CONFIRM, 1); 2373 2374 return 0; 2375} 2376 2377int 2378mm_answer_jpake_key_confirm(int sock, Buffer *m) 2379{ 2380 struct jpake_ctx *pctx = authctxt->jpake_ctx; 2381 u_char *x2_s_proof; 2382 u_int x2_s_proof_len; 2383 2384 if (pctx == NULL) 2385 fatal("%s: pctx == NULL", __func__); 2386 2387 if ((pctx->a = BN_new()) == NULL) 2388 fatal("%s: BN_new", __func__); 2389 buffer_get_bignum2(m, pctx->a); 2390 x2_s_proof = buffer_get_string(m, &x2_s_proof_len); 2391 2392 jpake_key_confirm(pctx->grp, pctx->s, pctx->a, 2393 pctx->x4, pctx->g_x3, pctx->g_x4, pctx->g_x1, pctx->g_x2, 2394 pctx->server_id, pctx->server_id_len, 2395 pctx->client_id, pctx->client_id_len, 2396 session_id2, session_id2_len, 2397 x2_s_proof, x2_s_proof_len, 2398 &pctx->k, 2399 &pctx->h_k_sid_sessid, &pctx->h_k_sid_sessid_len); 2400 2401 JPAKE_DEBUG_CTX((pctx, "key_confirm done in %s", __func__)); 2402 2403 bzero(x2_s_proof, x2_s_proof_len); 2404 buffer_clear(m); 2405 2406 /* pctx->k is sensitive, not sent */ 2407 buffer_put_string(m, pctx->h_k_sid_sessid, pctx->h_k_sid_sessid_len); 2408 2409 debug3("%s: sending confirmation hash", __func__); 2410 mm_request_send(sock, MONITOR_ANS_JPAKE_KEY_CONFIRM, m); 2411 2412 monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_CHECK_CONFIRM, 1); 2413 2414 return 0; 2415} 2416 2417int 2418mm_answer_jpake_check_confirm(int sock, Buffer *m) 2419{ 2420 int authenticated = 0; 2421 u_char *peer_confirm_hash; 2422 u_int peer_confirm_hash_len; 2423 struct jpake_ctx *pctx = authctxt->jpake_ctx; 2424 2425 if (pctx == NULL) 2426 fatal("%s: pctx == NULL", __func__); 2427 2428 peer_confirm_hash = buffer_get_string(m, &peer_confirm_hash_len); 2429 2430 authenticated = jpake_check_confirm(pctx->k, 2431 pctx->client_id, pctx->client_id_len, 2432 session_id2, session_id2_len, 2433 peer_confirm_hash, peer_confirm_hash_len) && authctxt->valid; 2434 2435 JPAKE_DEBUG_CTX((pctx, "check_confirm done in %s", __func__)); 2436 2437 bzero(peer_confirm_hash, peer_confirm_hash_len); 2438 xfree(peer_confirm_hash); 2439 2440 buffer_clear(m); 2441 buffer_put_int(m, authenticated); 2442 2443 debug3("%s: sending result %d", __func__, authenticated); 2444 mm_request_send(sock, MONITOR_ANS_JPAKE_CHECK_CONFIRM, m); 2445 2446 monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_STEP1, 1); 2447 2448 auth_method = "jpake-01@openssh.com"; 2449 return authenticated; 2450} 2451 2452#endif /* JPAKE */ 2453