monitor.c revision 1.139
1/* $OpenBSD: monitor.c,v 1.139 2015/01/19 19:52:16 markus Exp $ */ 2/* 3 * Copyright 2002 Niels Provos <provos@citi.umich.edu> 4 * Copyright 2002 Markus Friedl <markus@openbsd.org> 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 17 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 18 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 19 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 21 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 22 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 23 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 25 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 26 */ 27 28#include <sys/types.h> 29#include <sys/wait.h> 30#include <sys/socket.h> 31#include <sys/tree.h> 32#include <sys/param.h> 33#include <sys/queue.h> 34 35#ifdef WITH_OPENSSL 36#include <openssl/dh.h> 37#endif 38 39#include <errno.h> 40#include <fcntl.h> 41#include <paths.h> 42#include <poll.h> 43#include <pwd.h> 44#include <signal.h> 45#include <stdarg.h> 46#include <stdio.h> 47#include <stdlib.h> 48#include <string.h> 49 50#include "atomicio.h" 51#include "xmalloc.h" 52#include "ssh.h" 53#include "key.h" 54#include "buffer.h" 55#include "hostfile.h" 56#include "auth.h" 57#include "cipher.h" 58#include "kex.h" 59#include "dh.h" 60#include <zlib.h> 61#include "packet.h" 62#include "auth-options.h" 63#include "sshpty.h" 64#include "channels.h" 65#include "session.h" 66#include "sshlogin.h" 67#include "canohost.h" 68#include "log.h" 69#include "misc.h" 70#include "servconf.h" 71#include "monitor.h" 72#include "monitor_mm.h" 73#ifdef GSSAPI 74#include "ssh-gss.h" 75#endif 76#include "monitor_wrap.h" 77#include "monitor_fdpass.h" 78#include "compat.h" 79#include "ssh2.h" 80#include "roaming.h" 81#include "authfd.h" 82#include "match.h" 83#include "ssherr.h" 84 85#ifdef GSSAPI 86static Gssctxt *gsscontext = NULL; 87#endif 88 89/* Imports */ 90extern ServerOptions options; 91extern u_int utmp_len; 92extern u_char session_id[]; 93extern Buffer auth_debug; 94extern int auth_debug_init; 95extern Buffer loginmsg; 96 97/* State exported from the child */ 98static struct sshbuf *child_state; 99 100/* Functions on the monitor that answer unprivileged requests */ 101 102int mm_answer_moduli(int, Buffer *); 103int mm_answer_sign(int, Buffer *); 104int mm_answer_pwnamallow(int, Buffer *); 105int mm_answer_auth2_read_banner(int, Buffer *); 106int mm_answer_authserv(int, Buffer *); 107int mm_answer_authpassword(int, Buffer *); 108int mm_answer_bsdauthquery(int, Buffer *); 109int mm_answer_bsdauthrespond(int, Buffer *); 110int mm_answer_skeyquery(int, Buffer *); 111int mm_answer_skeyrespond(int, Buffer *); 112int mm_answer_keyallowed(int, Buffer *); 113int mm_answer_keyverify(int, Buffer *); 114int mm_answer_pty(int, Buffer *); 115int mm_answer_pty_cleanup(int, Buffer *); 116int mm_answer_term(int, Buffer *); 117int mm_answer_rsa_keyallowed(int, Buffer *); 118int mm_answer_rsa_challenge(int, Buffer *); 119int mm_answer_rsa_response(int, Buffer *); 120int mm_answer_sesskey(int, Buffer *); 121int mm_answer_sessid(int, Buffer *); 122 123#ifdef GSSAPI 124int mm_answer_gss_setup_ctx(int, Buffer *); 125int mm_answer_gss_accept_ctx(int, Buffer *); 126int mm_answer_gss_userok(int, Buffer *); 127int mm_answer_gss_checkmic(int, Buffer *); 128#endif 129 130static int monitor_read_log(struct monitor *); 131 132static Authctxt *authctxt; 133 134#ifdef WITH_SSH1 135static BIGNUM *ssh1_challenge = NULL; /* used for ssh1 rsa auth */ 136#endif 137 138/* local state for key verify */ 139static u_char *key_blob = NULL; 140static u_int key_bloblen = 0; 141static int key_blobtype = MM_NOKEY; 142static char *hostbased_cuser = NULL; 143static char *hostbased_chost = NULL; 144static char *auth_method = "unknown"; 145static char *auth_submethod = NULL; 146static u_int session_id2_len = 0; 147static u_char *session_id2 = NULL; 148static pid_t monitor_child_pid; 149 150struct mon_table { 151 enum monitor_reqtype type; 152 int flags; 153 int (*f)(int, Buffer *); 154}; 155 156#define MON_ISAUTH 0x0004 /* Required for Authentication */ 157#define MON_AUTHDECIDE 0x0008 /* Decides Authentication */ 158#define MON_ONCE 0x0010 /* Disable after calling */ 159#define MON_ALOG 0x0020 /* Log auth attempt without authenticating */ 160 161#define MON_AUTH (MON_ISAUTH|MON_AUTHDECIDE) 162 163#define MON_PERMIT 0x1000 /* Request is permitted */ 164 165struct mon_table mon_dispatch_proto20[] = { 166#ifdef WITH_OPENSSL 167 {MONITOR_REQ_MODULI, MON_ONCE, mm_answer_moduli}, 168#endif 169 {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign}, 170 {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow}, 171 {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv}, 172 {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner}, 173 {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword}, 174 {MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery}, 175 {MONITOR_REQ_BSDAUTHRESPOND, MON_AUTH, mm_answer_bsdauthrespond}, 176 {MONITOR_REQ_KEYALLOWED, MON_ISAUTH, mm_answer_keyallowed}, 177 {MONITOR_REQ_KEYVERIFY, MON_AUTH, mm_answer_keyverify}, 178#ifdef GSSAPI 179 {MONITOR_REQ_GSSSETUP, MON_ISAUTH, mm_answer_gss_setup_ctx}, 180 {MONITOR_REQ_GSSSTEP, MON_ISAUTH, mm_answer_gss_accept_ctx}, 181 {MONITOR_REQ_GSSUSEROK, MON_AUTH, mm_answer_gss_userok}, 182 {MONITOR_REQ_GSSCHECKMIC, MON_ISAUTH, mm_answer_gss_checkmic}, 183#endif 184 {0, 0, NULL} 185}; 186 187struct mon_table mon_dispatch_postauth20[] = { 188#ifdef WITH_OPENSSL 189 {MONITOR_REQ_MODULI, 0, mm_answer_moduli}, 190#endif 191 {MONITOR_REQ_SIGN, 0, mm_answer_sign}, 192 {MONITOR_REQ_PTY, 0, mm_answer_pty}, 193 {MONITOR_REQ_PTYCLEANUP, 0, mm_answer_pty_cleanup}, 194 {MONITOR_REQ_TERM, 0, mm_answer_term}, 195 {0, 0, NULL} 196}; 197 198struct mon_table mon_dispatch_proto15[] = { 199#ifdef WITH_SSH1 200 {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow}, 201 {MONITOR_REQ_SESSKEY, MON_ONCE, mm_answer_sesskey}, 202 {MONITOR_REQ_SESSID, MON_ONCE, mm_answer_sessid}, 203 {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword}, 204 {MONITOR_REQ_RSAKEYALLOWED, MON_ISAUTH|MON_ALOG, mm_answer_rsa_keyallowed}, 205 {MONITOR_REQ_KEYALLOWED, MON_ISAUTH|MON_ALOG, mm_answer_keyallowed}, 206 {MONITOR_REQ_RSACHALLENGE, MON_ONCE, mm_answer_rsa_challenge}, 207 {MONITOR_REQ_RSARESPONSE, MON_ONCE|MON_AUTHDECIDE, mm_answer_rsa_response}, 208 {MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery}, 209 {MONITOR_REQ_BSDAUTHRESPOND, MON_AUTH, mm_answer_bsdauthrespond}, 210#endif 211 {0, 0, NULL} 212}; 213 214struct mon_table mon_dispatch_postauth15[] = { 215#ifdef WITH_SSH1 216 {MONITOR_REQ_PTY, MON_ONCE, mm_answer_pty}, 217 {MONITOR_REQ_PTYCLEANUP, MON_ONCE, mm_answer_pty_cleanup}, 218 {MONITOR_REQ_TERM, 0, mm_answer_term}, 219#endif 220 {0, 0, NULL} 221}; 222 223struct mon_table *mon_dispatch; 224 225/* Specifies if a certain message is allowed at the moment */ 226 227static void 228monitor_permit(struct mon_table *ent, enum monitor_reqtype type, int permit) 229{ 230 while (ent->f != NULL) { 231 if (ent->type == type) { 232 ent->flags &= ~MON_PERMIT; 233 ent->flags |= permit ? MON_PERMIT : 0; 234 return; 235 } 236 ent++; 237 } 238} 239 240static void 241monitor_permit_authentications(int permit) 242{ 243 struct mon_table *ent = mon_dispatch; 244 245 while (ent->f != NULL) { 246 if (ent->flags & MON_AUTH) { 247 ent->flags &= ~MON_PERMIT; 248 ent->flags |= permit ? MON_PERMIT : 0; 249 } 250 ent++; 251 } 252} 253 254void 255monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor) 256{ 257 struct mon_table *ent; 258 int authenticated = 0, partial = 0; 259 260 debug3("preauth child monitor started"); 261 262 close(pmonitor->m_recvfd); 263 close(pmonitor->m_log_sendfd); 264 pmonitor->m_log_sendfd = pmonitor->m_recvfd = -1; 265 266 authctxt = _authctxt; 267 memset(authctxt, 0, sizeof(*authctxt)); 268 269 if (compat20) { 270 mon_dispatch = mon_dispatch_proto20; 271 272 /* Permit requests for moduli and signatures */ 273 monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1); 274 monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1); 275 } else { 276 mon_dispatch = mon_dispatch_proto15; 277 278 monitor_permit(mon_dispatch, MONITOR_REQ_SESSKEY, 1); 279 } 280 281 /* The first few requests do not require asynchronous access */ 282 while (!authenticated) { 283 partial = 0; 284 auth_method = "unknown"; 285 auth_submethod = NULL; 286 authenticated = (monitor_read(pmonitor, mon_dispatch, &ent) == 1); 287 288 /* Special handling for multiple required authentications */ 289 if (options.num_auth_methods != 0) { 290 if (!compat20) 291 fatal("AuthenticationMethods is not supported" 292 "with SSH protocol 1"); 293 if (authenticated && 294 !auth2_update_methods_lists(authctxt, 295 auth_method, auth_submethod)) { 296 debug3("%s: method %s: partial", __func__, 297 auth_method); 298 authenticated = 0; 299 partial = 1; 300 } 301 } 302 303 if (authenticated) { 304 if (!(ent->flags & MON_AUTHDECIDE)) 305 fatal("%s: unexpected authentication from %d", 306 __func__, ent->type); 307 if (authctxt->pw->pw_uid == 0 && 308 !auth_root_allowed(auth_method)) 309 authenticated = 0; 310 } 311 if (ent->flags & (MON_AUTHDECIDE|MON_ALOG)) { 312 auth_log(authctxt, authenticated, partial, 313 auth_method, auth_submethod); 314 if (!authenticated) 315 authctxt->failures++; 316 } 317 } 318 319 if (!authctxt->valid) 320 fatal("%s: authenticated invalid user", __func__); 321 if (strcmp(auth_method, "unknown") == 0) 322 fatal("%s: authentication method name unknown", __func__); 323 324 debug("%s: %s has been authenticated by privileged process", 325 __func__, authctxt->user); 326 327 mm_get_keystate(pmonitor); 328 329 /* Drain any buffered messages from the child */ 330 while (pmonitor->m_log_recvfd != -1 && monitor_read_log(pmonitor) == 0) 331 ; 332 333 close(pmonitor->m_sendfd); 334 close(pmonitor->m_log_recvfd); 335 pmonitor->m_sendfd = pmonitor->m_log_recvfd = -1; 336} 337 338static void 339monitor_set_child_handler(pid_t pid) 340{ 341 monitor_child_pid = pid; 342} 343 344static void 345monitor_child_handler(int sig) 346{ 347 kill(monitor_child_pid, sig); 348} 349 350void 351monitor_child_postauth(struct monitor *pmonitor) 352{ 353 close(pmonitor->m_recvfd); 354 pmonitor->m_recvfd = -1; 355 356 monitor_set_child_handler(pmonitor->m_pid); 357 signal(SIGHUP, &monitor_child_handler); 358 signal(SIGTERM, &monitor_child_handler); 359 signal(SIGINT, &monitor_child_handler); 360 361 if (compat20) { 362 mon_dispatch = mon_dispatch_postauth20; 363 364 /* Permit requests for moduli and signatures */ 365 monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1); 366 monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1); 367 monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1); 368 } else { 369 mon_dispatch = mon_dispatch_postauth15; 370 monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1); 371 } 372 if (!no_pty_flag) { 373 monitor_permit(mon_dispatch, MONITOR_REQ_PTY, 1); 374 monitor_permit(mon_dispatch, MONITOR_REQ_PTYCLEANUP, 1); 375 } 376 377 for (;;) 378 monitor_read(pmonitor, mon_dispatch, NULL); 379} 380 381void 382monitor_sync(struct monitor *pmonitor) 383{ 384 if (options.compression) { 385 /* The member allocation is not visible, so sync it */ 386 mm_share_sync(&pmonitor->m_zlib, &pmonitor->m_zback); 387 } 388} 389 390/* Allocation functions for zlib */ 391static void * 392mm_zalloc(struct mm_master *mm, u_int ncount, u_int size) 393{ 394 size_t len = (size_t) size * ncount; 395 void *address; 396 397 if (len == 0 || ncount > SIZE_T_MAX / size) 398 fatal("%s: mm_zalloc(%u, %u)", __func__, ncount, size); 399 400 address = mm_malloc(mm, len); 401 402 return (address); 403} 404 405static void 406mm_zfree(struct mm_master *mm, void *address) 407{ 408 mm_free(mm, address); 409} 410 411static int 412monitor_read_log(struct monitor *pmonitor) 413{ 414 Buffer logmsg; 415 u_int len, level; 416 char *msg; 417 418 buffer_init(&logmsg); 419 420 /* Read length */ 421 buffer_append_space(&logmsg, 4); 422 if (atomicio(read, pmonitor->m_log_recvfd, 423 buffer_ptr(&logmsg), buffer_len(&logmsg)) != buffer_len(&logmsg)) { 424 if (errno == EPIPE) { 425 buffer_free(&logmsg); 426 debug("%s: child log fd closed", __func__); 427 close(pmonitor->m_log_recvfd); 428 pmonitor->m_log_recvfd = -1; 429 return -1; 430 } 431 fatal("%s: log fd read: %s", __func__, strerror(errno)); 432 } 433 len = buffer_get_int(&logmsg); 434 if (len <= 4 || len > 8192) 435 fatal("%s: invalid log message length %u", __func__, len); 436 437 /* Read severity, message */ 438 buffer_clear(&logmsg); 439 buffer_append_space(&logmsg, len); 440 if (atomicio(read, pmonitor->m_log_recvfd, 441 buffer_ptr(&logmsg), buffer_len(&logmsg)) != buffer_len(&logmsg)) 442 fatal("%s: log fd read: %s", __func__, strerror(errno)); 443 444 /* Log it */ 445 level = buffer_get_int(&logmsg); 446 msg = buffer_get_string(&logmsg, NULL); 447 if (log_level_name(level) == NULL) 448 fatal("%s: invalid log level %u (corrupted message?)", 449 __func__, level); 450 do_log2(level, "%s [preauth]", msg); 451 452 buffer_free(&logmsg); 453 free(msg); 454 455 return 0; 456} 457 458int 459monitor_read(struct monitor *pmonitor, struct mon_table *ent, 460 struct mon_table **pent) 461{ 462 Buffer m; 463 int ret; 464 u_char type; 465 struct pollfd pfd[2]; 466 467 for (;;) { 468 memset(&pfd, 0, sizeof(pfd)); 469 pfd[0].fd = pmonitor->m_sendfd; 470 pfd[0].events = POLLIN; 471 pfd[1].fd = pmonitor->m_log_recvfd; 472 pfd[1].events = pfd[1].fd == -1 ? 0 : POLLIN; 473 if (poll(pfd, pfd[1].fd == -1 ? 1 : 2, -1) == -1) { 474 if (errno == EINTR || errno == EAGAIN) 475 continue; 476 fatal("%s: poll: %s", __func__, strerror(errno)); 477 } 478 if (pfd[1].revents) { 479 /* 480 * Drain all log messages before processing next 481 * monitor request. 482 */ 483 monitor_read_log(pmonitor); 484 continue; 485 } 486 if (pfd[0].revents) 487 break; /* Continues below */ 488 } 489 490 buffer_init(&m); 491 492 mm_request_receive(pmonitor->m_sendfd, &m); 493 type = buffer_get_char(&m); 494 495 debug3("%s: checking request %d", __func__, type); 496 497 while (ent->f != NULL) { 498 if (ent->type == type) 499 break; 500 ent++; 501 } 502 503 if (ent->f != NULL) { 504 if (!(ent->flags & MON_PERMIT)) 505 fatal("%s: unpermitted request %d", __func__, 506 type); 507 ret = (*ent->f)(pmonitor->m_sendfd, &m); 508 buffer_free(&m); 509 510 /* The child may use this request only once, disable it */ 511 if (ent->flags & MON_ONCE) { 512 debug2("%s: %d used once, disabling now", __func__, 513 type); 514 ent->flags &= ~MON_PERMIT; 515 } 516 517 if (pent != NULL) 518 *pent = ent; 519 520 return ret; 521 } 522 523 fatal("%s: unsupported request: %d", __func__, type); 524 525 /* NOTREACHED */ 526 return (-1); 527} 528 529/* allowed key state */ 530static int 531monitor_allowed_key(u_char *blob, u_int bloblen) 532{ 533 /* make sure key is allowed */ 534 if (key_blob == NULL || key_bloblen != bloblen || 535 timingsafe_bcmp(key_blob, blob, key_bloblen)) 536 return (0); 537 return (1); 538} 539 540static void 541monitor_reset_key_state(void) 542{ 543 /* reset state */ 544 free(key_blob); 545 free(hostbased_cuser); 546 free(hostbased_chost); 547 key_blob = NULL; 548 key_bloblen = 0; 549 key_blobtype = MM_NOKEY; 550 hostbased_cuser = NULL; 551 hostbased_chost = NULL; 552} 553 554#ifdef WITH_OPENSSL 555int 556mm_answer_moduli(int sock, Buffer *m) 557{ 558 DH *dh; 559 int min, want, max; 560 561 min = buffer_get_int(m); 562 want = buffer_get_int(m); 563 max = buffer_get_int(m); 564 565 debug3("%s: got parameters: %d %d %d", 566 __func__, min, want, max); 567 /* We need to check here, too, in case the child got corrupted */ 568 if (max < min || want < min || max < want) 569 fatal("%s: bad parameters: %d %d %d", 570 __func__, min, want, max); 571 572 buffer_clear(m); 573 574 dh = choose_dh(min, want, max); 575 if (dh == NULL) { 576 buffer_put_char(m, 0); 577 return (0); 578 } else { 579 /* Send first bignum */ 580 buffer_put_char(m, 1); 581 buffer_put_bignum2(m, dh->p); 582 buffer_put_bignum2(m, dh->g); 583 584 DH_free(dh); 585 } 586 mm_request_send(sock, MONITOR_ANS_MODULI, m); 587 return (0); 588} 589#endif 590 591int 592mm_answer_sign(int sock, Buffer *m) 593{ 594 extern int auth_sock; /* XXX move to state struct? */ 595 struct sshkey *key; 596 u_char *p; 597 u_char *signature; 598 size_t datlen, siglen; 599 int r, keyid; 600 601 debug3("%s", __func__); 602 603 if ((r = sshbuf_get_u32(m, &keyid)) != 0 || 604 (r = sshbuf_get_string(m, &p, &datlen)) != 0) 605 fatal("%s: buffer error: %s", __func__, ssh_err(r)); 606 607 /* 608 * Supported KEX types use SHA1 (20 bytes), SHA256 (32 bytes), 609 * SHA384 (48 bytes) and SHA512 (64 bytes). 610 */ 611 if (datlen != 20 && datlen != 32 && datlen != 48 && datlen != 64) 612 fatal("%s: data length incorrect: %zu", __func__, datlen); 613 614 /* save session id, it will be passed on the first call */ 615 if (session_id2_len == 0) { 616 session_id2_len = datlen; 617 session_id2 = xmalloc(session_id2_len); 618 memcpy(session_id2, p, session_id2_len); 619 } 620 621 if ((key = get_hostkey_by_index(keyid)) != NULL) { 622 if ((r = sshkey_sign(key, &signature, &siglen, p, datlen, 623 datafellows)) != 0) 624 fatal("%s: sshkey_sign failed: %s", 625 __func__, ssh_err(r)); 626 } else if ((key = get_hostkey_public_by_index(keyid)) != NULL && 627 auth_sock > 0) { 628 if ((r = ssh_agent_sign(auth_sock, key, &signature, &siglen, 629 p, datlen, datafellows)) != 0) { 630 fatal("%s: ssh_agent_sign failed: %s", 631 __func__, ssh_err(r)); 632 } 633 } else 634 fatal("%s: no hostkey from index %d", __func__, keyid); 635 636 debug3("%s: signature %p(%zu)", __func__, signature, siglen); 637 638 sshbuf_reset(m); 639 if ((r = sshbuf_put_string(m, signature, siglen)) != 0) 640 fatal("%s: buffer error: %s", __func__, ssh_err(r)); 641 642 free(p); 643 free(signature); 644 645 mm_request_send(sock, MONITOR_ANS_SIGN, m); 646 647 /* Turn on permissions for getpwnam */ 648 monitor_permit(mon_dispatch, MONITOR_REQ_PWNAM, 1); 649 650 return (0); 651} 652 653/* Retrieves the password entry and also checks if the user is permitted */ 654 655int 656mm_answer_pwnamallow(int sock, Buffer *m) 657{ 658 char *username; 659 struct passwd *pwent; 660 int allowed = 0; 661 u_int i; 662 663 debug3("%s", __func__); 664 665 if (authctxt->attempt++ != 0) 666 fatal("%s: multiple attempts for getpwnam", __func__); 667 668 username = buffer_get_string(m, NULL); 669 670 pwent = getpwnamallow(username); 671 672 authctxt->user = xstrdup(username); 673 setproctitle("%s [priv]", pwent ? username : "unknown"); 674 free(username); 675 676 buffer_clear(m); 677 678 if (pwent == NULL) { 679 buffer_put_char(m, 0); 680 authctxt->pw = fakepw(); 681 goto out; 682 } 683 684 allowed = 1; 685 authctxt->pw = pwent; 686 authctxt->valid = 1; 687 688 buffer_put_char(m, 1); 689 buffer_put_string(m, pwent, sizeof(struct passwd)); 690 buffer_put_cstring(m, pwent->pw_name); 691 buffer_put_cstring(m, "*"); 692 buffer_put_cstring(m, pwent->pw_gecos); 693 buffer_put_cstring(m, pwent->pw_class); 694 buffer_put_cstring(m, pwent->pw_dir); 695 buffer_put_cstring(m, pwent->pw_shell); 696 697 out: 698 buffer_put_string(m, &options, sizeof(options)); 699 700#define M_CP_STROPT(x) do { \ 701 if (options.x != NULL) \ 702 buffer_put_cstring(m, options.x); \ 703 } while (0) 704#define M_CP_STRARRAYOPT(x, nx) do { \ 705 for (i = 0; i < options.nx; i++) \ 706 buffer_put_cstring(m, options.x[i]); \ 707 } while (0) 708 /* See comment in servconf.h */ 709 COPY_MATCH_STRING_OPTS(); 710#undef M_CP_STROPT 711#undef M_CP_STRARRAYOPT 712 713 /* Create valid auth method lists */ 714 if (compat20 && auth2_setup_methods_lists(authctxt) != 0) { 715 /* 716 * The monitor will continue long enough to let the child 717 * run to it's packet_disconnect(), but it must not allow any 718 * authentication to succeed. 719 */ 720 debug("%s: no valid authentication method lists", __func__); 721 } 722 723 debug3("%s: sending MONITOR_ANS_PWNAM: %d", __func__, allowed); 724 mm_request_send(sock, MONITOR_ANS_PWNAM, m); 725 726 /* For SSHv1 allow authentication now */ 727 if (!compat20) 728 monitor_permit_authentications(1); 729 else { 730 /* Allow service/style information on the auth context */ 731 monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1); 732 monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1); 733 } 734 735 return (0); 736} 737 738int mm_answer_auth2_read_banner(int sock, Buffer *m) 739{ 740 char *banner; 741 742 buffer_clear(m); 743 banner = auth2_read_banner(); 744 buffer_put_cstring(m, banner != NULL ? banner : ""); 745 mm_request_send(sock, MONITOR_ANS_AUTH2_READ_BANNER, m); 746 free(banner); 747 748 return (0); 749} 750 751int 752mm_answer_authserv(int sock, Buffer *m) 753{ 754 monitor_permit_authentications(1); 755 756 authctxt->service = buffer_get_string(m, NULL); 757 authctxt->style = buffer_get_string(m, NULL); 758 debug3("%s: service=%s, style=%s", 759 __func__, authctxt->service, authctxt->style); 760 761 if (strlen(authctxt->style) == 0) { 762 free(authctxt->style); 763 authctxt->style = NULL; 764 } 765 766 return (0); 767} 768 769int 770mm_answer_authpassword(int sock, Buffer *m) 771{ 772 static int call_count; 773 char *passwd; 774 int authenticated; 775 u_int plen; 776 777 passwd = buffer_get_string(m, &plen); 778 /* Only authenticate if the context is valid */ 779 authenticated = options.password_authentication && 780 auth_password(authctxt, passwd); 781 explicit_bzero(passwd, strlen(passwd)); 782 free(passwd); 783 784 buffer_clear(m); 785 buffer_put_int(m, authenticated); 786 787 debug3("%s: sending result %d", __func__, authenticated); 788 mm_request_send(sock, MONITOR_ANS_AUTHPASSWORD, m); 789 790 call_count++; 791 if (plen == 0 && call_count == 1) 792 auth_method = "none"; 793 else 794 auth_method = "password"; 795 796 /* Causes monitor loop to terminate if authenticated */ 797 return (authenticated); 798} 799 800int 801mm_answer_bsdauthquery(int sock, Buffer *m) 802{ 803 char *name, *infotxt; 804 u_int numprompts; 805 u_int *echo_on; 806 char **prompts; 807 u_int success; 808 809 success = bsdauth_query(authctxt, &name, &infotxt, &numprompts, 810 &prompts, &echo_on) < 0 ? 0 : 1; 811 812 buffer_clear(m); 813 buffer_put_int(m, success); 814 if (success) 815 buffer_put_cstring(m, prompts[0]); 816 817 debug3("%s: sending challenge success: %u", __func__, success); 818 mm_request_send(sock, MONITOR_ANS_BSDAUTHQUERY, m); 819 820 if (success) { 821 free(name); 822 free(infotxt); 823 free(prompts); 824 free(echo_on); 825 } 826 827 return (0); 828} 829 830int 831mm_answer_bsdauthrespond(int sock, Buffer *m) 832{ 833 char *response; 834 int authok; 835 836 if (authctxt->as == 0) 837 fatal("%s: no bsd auth session", __func__); 838 839 response = buffer_get_string(m, NULL); 840 authok = options.challenge_response_authentication && 841 auth_userresponse(authctxt->as, response, 0); 842 authctxt->as = NULL; 843 debug3("%s: <%s> = <%d>", __func__, response, authok); 844 free(response); 845 846 buffer_clear(m); 847 buffer_put_int(m, authok); 848 849 debug3("%s: sending authenticated: %d", __func__, authok); 850 mm_request_send(sock, MONITOR_ANS_BSDAUTHRESPOND, m); 851 852 if (compat20) { 853 auth_method = "keyboard-interactive"; 854 auth_submethod = "bsdauth"; 855 } else 856 auth_method = "bsdauth"; 857 858 return (authok != 0); 859} 860 861int 862mm_answer_keyallowed(int sock, Buffer *m) 863{ 864 Key *key; 865 char *cuser, *chost; 866 u_char *blob; 867 u_int bloblen; 868 enum mm_keytype type = 0; 869 int allowed = 0; 870 871 debug3("%s entering", __func__); 872 873 type = buffer_get_int(m); 874 cuser = buffer_get_string(m, NULL); 875 chost = buffer_get_string(m, NULL); 876 blob = buffer_get_string(m, &bloblen); 877 878 key = key_from_blob(blob, bloblen); 879 880 if ((compat20 && type == MM_RSAHOSTKEY) || 881 (!compat20 && type != MM_RSAHOSTKEY)) 882 fatal("%s: key type and protocol mismatch", __func__); 883 884 debug3("%s: key_from_blob: %p", __func__, key); 885 886 if (key != NULL && authctxt->valid) { 887 /* These should not make it past the privsep child */ 888 if (key_type_plain(key->type) == KEY_RSA && 889 (datafellows & SSH_BUG_RSASIGMD5) != 0) 890 fatal("%s: passed a SSH_BUG_RSASIGMD5 key", __func__); 891 892 switch (type) { 893 case MM_USERKEY: 894 allowed = options.pubkey_authentication && 895 !auth2_userkey_already_used(authctxt, key) && 896 match_pattern_list(sshkey_ssh_name(key), 897 options.pubkey_key_types, 898 strlen(options.pubkey_key_types), 0) == 1 && 899 user_key_allowed(authctxt->pw, key); 900 pubkey_auth_info(authctxt, key, NULL); 901 auth_method = "publickey"; 902 if (options.pubkey_authentication && allowed != 1) 903 auth_clear_options(); 904 break; 905 case MM_HOSTKEY: 906 allowed = options.hostbased_authentication && 907 match_pattern_list(sshkey_ssh_name(key), 908 options.hostbased_key_types, 909 strlen(options.hostbased_key_types), 0) == 1 && 910 hostbased_key_allowed(authctxt->pw, 911 cuser, chost, key); 912 pubkey_auth_info(authctxt, key, 913 "client user \"%.100s\", client host \"%.100s\"", 914 cuser, chost); 915 auth_method = "hostbased"; 916 break; 917#ifdef WITH_SSH1 918 case MM_RSAHOSTKEY: 919 key->type = KEY_RSA1; /* XXX */ 920 allowed = options.rhosts_rsa_authentication && 921 auth_rhosts_rsa_key_allowed(authctxt->pw, 922 cuser, chost, key); 923 if (options.rhosts_rsa_authentication && allowed != 1) 924 auth_clear_options(); 925 auth_method = "rsa"; 926 break; 927#endif 928 default: 929 fatal("%s: unknown key type %d", __func__, type); 930 break; 931 } 932 } 933 if (key != NULL) 934 key_free(key); 935 936 /* clear temporarily storage (used by verify) */ 937 monitor_reset_key_state(); 938 939 if (allowed) { 940 /* Save temporarily for comparison in verify */ 941 key_blob = blob; 942 key_bloblen = bloblen; 943 key_blobtype = type; 944 hostbased_cuser = cuser; 945 hostbased_chost = chost; 946 } else { 947 /* Log failed attempt */ 948 auth_log(authctxt, 0, 0, auth_method, NULL); 949 free(blob); 950 free(cuser); 951 free(chost); 952 } 953 954 debug3("%s: key %p is %s", 955 __func__, key, allowed ? "allowed" : "not allowed"); 956 957 buffer_clear(m); 958 buffer_put_int(m, allowed); 959 buffer_put_int(m, forced_command != NULL); 960 961 mm_request_send(sock, MONITOR_ANS_KEYALLOWED, m); 962 963 if (type == MM_RSAHOSTKEY) 964 monitor_permit(mon_dispatch, MONITOR_REQ_RSACHALLENGE, allowed); 965 966 return (0); 967} 968 969static int 970monitor_valid_userblob(u_char *data, u_int datalen) 971{ 972 Buffer b; 973 char *p, *userstyle; 974 u_int len; 975 int fail = 0; 976 977 buffer_init(&b); 978 buffer_append(&b, data, datalen); 979 980 if (datafellows & SSH_OLD_SESSIONID) { 981 p = buffer_ptr(&b); 982 len = buffer_len(&b); 983 if ((session_id2 == NULL) || 984 (len < session_id2_len) || 985 (timingsafe_bcmp(p, session_id2, session_id2_len) != 0)) 986 fail++; 987 buffer_consume(&b, session_id2_len); 988 } else { 989 p = buffer_get_string(&b, &len); 990 if ((session_id2 == NULL) || 991 (len != session_id2_len) || 992 (timingsafe_bcmp(p, session_id2, session_id2_len) != 0)) 993 fail++; 994 free(p); 995 } 996 if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST) 997 fail++; 998 p = buffer_get_cstring(&b, NULL); 999 xasprintf(&userstyle, "%s%s%s", authctxt->user, 1000 authctxt->style ? ":" : "", 1001 authctxt->style ? authctxt->style : ""); 1002 if (strcmp(userstyle, p) != 0) { 1003 logit("wrong user name passed to monitor: expected %s != %.100s", 1004 userstyle, p); 1005 fail++; 1006 } 1007 free(userstyle); 1008 free(p); 1009 buffer_skip_string(&b); 1010 if (datafellows & SSH_BUG_PKAUTH) { 1011 if (!buffer_get_char(&b)) 1012 fail++; 1013 } else { 1014 p = buffer_get_cstring(&b, NULL); 1015 if (strcmp("publickey", p) != 0) 1016 fail++; 1017 free(p); 1018 if (!buffer_get_char(&b)) 1019 fail++; 1020 buffer_skip_string(&b); 1021 } 1022 buffer_skip_string(&b); 1023 if (buffer_len(&b) != 0) 1024 fail++; 1025 buffer_free(&b); 1026 return (fail == 0); 1027} 1028 1029static int 1030monitor_valid_hostbasedblob(u_char *data, u_int datalen, char *cuser, 1031 char *chost) 1032{ 1033 Buffer b; 1034 char *p, *userstyle; 1035 u_int len; 1036 int fail = 0; 1037 1038 buffer_init(&b); 1039 buffer_append(&b, data, datalen); 1040 1041 p = buffer_get_string(&b, &len); 1042 if ((session_id2 == NULL) || 1043 (len != session_id2_len) || 1044 (timingsafe_bcmp(p, session_id2, session_id2_len) != 0)) 1045 fail++; 1046 free(p); 1047 1048 if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST) 1049 fail++; 1050 p = buffer_get_cstring(&b, NULL); 1051 xasprintf(&userstyle, "%s%s%s", authctxt->user, 1052 authctxt->style ? ":" : "", 1053 authctxt->style ? authctxt->style : ""); 1054 if (strcmp(userstyle, p) != 0) { 1055 logit("wrong user name passed to monitor: expected %s != %.100s", 1056 userstyle, p); 1057 fail++; 1058 } 1059 free(userstyle); 1060 free(p); 1061 buffer_skip_string(&b); /* service */ 1062 p = buffer_get_cstring(&b, NULL); 1063 if (strcmp(p, "hostbased") != 0) 1064 fail++; 1065 free(p); 1066 buffer_skip_string(&b); /* pkalg */ 1067 buffer_skip_string(&b); /* pkblob */ 1068 1069 /* verify client host, strip trailing dot if necessary */ 1070 p = buffer_get_string(&b, NULL); 1071 if (((len = strlen(p)) > 0) && p[len - 1] == '.') 1072 p[len - 1] = '\0'; 1073 if (strcmp(p, chost) != 0) 1074 fail++; 1075 free(p); 1076 1077 /* verify client user */ 1078 p = buffer_get_string(&b, NULL); 1079 if (strcmp(p, cuser) != 0) 1080 fail++; 1081 free(p); 1082 1083 if (buffer_len(&b) != 0) 1084 fail++; 1085 buffer_free(&b); 1086 return (fail == 0); 1087} 1088 1089int 1090mm_answer_keyverify(int sock, Buffer *m) 1091{ 1092 Key *key; 1093 u_char *signature, *data, *blob; 1094 u_int signaturelen, datalen, bloblen; 1095 int verified = 0; 1096 int valid_data = 0; 1097 1098 blob = buffer_get_string(m, &bloblen); 1099 signature = buffer_get_string(m, &signaturelen); 1100 data = buffer_get_string(m, &datalen); 1101 1102 if (hostbased_cuser == NULL || hostbased_chost == NULL || 1103 !monitor_allowed_key(blob, bloblen)) 1104 fatal("%s: bad key, not previously allowed", __func__); 1105 1106 key = key_from_blob(blob, bloblen); 1107 if (key == NULL) 1108 fatal("%s: bad public key blob", __func__); 1109 1110 switch (key_blobtype) { 1111 case MM_USERKEY: 1112 valid_data = monitor_valid_userblob(data, datalen); 1113 break; 1114 case MM_HOSTKEY: 1115 valid_data = monitor_valid_hostbasedblob(data, datalen, 1116 hostbased_cuser, hostbased_chost); 1117 break; 1118 default: 1119 valid_data = 0; 1120 break; 1121 } 1122 if (!valid_data) 1123 fatal("%s: bad signature data blob", __func__); 1124 1125 verified = key_verify(key, signature, signaturelen, data, datalen); 1126 debug3("%s: key %p signature %s", 1127 __func__, key, (verified == 1) ? "verified" : "unverified"); 1128 1129 /* If auth was successful then record key to ensure it isn't reused */ 1130 if (verified == 1) 1131 auth2_record_userkey(authctxt, key); 1132 else 1133 key_free(key); 1134 1135 free(blob); 1136 free(signature); 1137 free(data); 1138 1139 auth_method = key_blobtype == MM_USERKEY ? "publickey" : "hostbased"; 1140 1141 monitor_reset_key_state(); 1142 1143 buffer_clear(m); 1144 buffer_put_int(m, verified); 1145 mm_request_send(sock, MONITOR_ANS_KEYVERIFY, m); 1146 1147 return (verified == 1); 1148} 1149 1150static void 1151mm_record_login(Session *s, struct passwd *pw) 1152{ 1153 socklen_t fromlen; 1154 struct sockaddr_storage from; 1155 1156 /* 1157 * Get IP address of client. If the connection is not a socket, let 1158 * the address be 0.0.0.0. 1159 */ 1160 memset(&from, 0, sizeof(from)); 1161 fromlen = sizeof(from); 1162 if (packet_connection_is_on_socket()) { 1163 if (getpeername(packet_get_connection_in(), 1164 (struct sockaddr *)&from, &fromlen) < 0) { 1165 debug("getpeername: %.100s", strerror(errno)); 1166 cleanup_exit(255); 1167 } 1168 } 1169 /* Record that there was a login on that tty from the remote host. */ 1170 record_login(s->pid, s->tty, pw->pw_name, pw->pw_uid, 1171 get_remote_name_or_ip(utmp_len, options.use_dns), 1172 (struct sockaddr *)&from, fromlen); 1173} 1174 1175static void 1176mm_session_close(Session *s) 1177{ 1178 debug3("%s: session %d pid %ld", __func__, s->self, (long)s->pid); 1179 if (s->ttyfd != -1) { 1180 debug3("%s: tty %s ptyfd %d", __func__, s->tty, s->ptyfd); 1181 session_pty_cleanup2(s); 1182 } 1183 session_unused(s->self); 1184} 1185 1186int 1187mm_answer_pty(int sock, Buffer *m) 1188{ 1189 extern struct monitor *pmonitor; 1190 Session *s; 1191 int res, fd0; 1192 1193 debug3("%s entering", __func__); 1194 1195 buffer_clear(m); 1196 s = session_new(); 1197 if (s == NULL) 1198 goto error; 1199 s->authctxt = authctxt; 1200 s->pw = authctxt->pw; 1201 s->pid = pmonitor->m_pid; 1202 res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty)); 1203 if (res == 0) 1204 goto error; 1205 pty_setowner(authctxt->pw, s->tty); 1206 1207 buffer_put_int(m, 1); 1208 buffer_put_cstring(m, s->tty); 1209 1210 /* We need to trick ttyslot */ 1211 if (dup2(s->ttyfd, 0) == -1) 1212 fatal("%s: dup2", __func__); 1213 1214 mm_record_login(s, authctxt->pw); 1215 1216 /* Now we can close the file descriptor again */ 1217 close(0); 1218 1219 /* send messages generated by record_login */ 1220 buffer_put_string(m, buffer_ptr(&loginmsg), buffer_len(&loginmsg)); 1221 buffer_clear(&loginmsg); 1222 1223 mm_request_send(sock, MONITOR_ANS_PTY, m); 1224 1225 if (mm_send_fd(sock, s->ptyfd) == -1 || 1226 mm_send_fd(sock, s->ttyfd) == -1) 1227 fatal("%s: send fds failed", __func__); 1228 1229 /* make sure nothing uses fd 0 */ 1230 if ((fd0 = open(_PATH_DEVNULL, O_RDONLY)) < 0) 1231 fatal("%s: open(/dev/null): %s", __func__, strerror(errno)); 1232 if (fd0 != 0) 1233 error("%s: fd0 %d != 0", __func__, fd0); 1234 1235 /* slave is not needed */ 1236 close(s->ttyfd); 1237 s->ttyfd = s->ptyfd; 1238 /* no need to dup() because nobody closes ptyfd */ 1239 s->ptymaster = s->ptyfd; 1240 1241 debug3("%s: tty %s ptyfd %d", __func__, s->tty, s->ttyfd); 1242 1243 return (0); 1244 1245 error: 1246 if (s != NULL) 1247 mm_session_close(s); 1248 buffer_put_int(m, 0); 1249 mm_request_send(sock, MONITOR_ANS_PTY, m); 1250 return (0); 1251} 1252 1253int 1254mm_answer_pty_cleanup(int sock, Buffer *m) 1255{ 1256 Session *s; 1257 char *tty; 1258 1259 debug3("%s entering", __func__); 1260 1261 tty = buffer_get_string(m, NULL); 1262 if ((s = session_by_tty(tty)) != NULL) 1263 mm_session_close(s); 1264 buffer_clear(m); 1265 free(tty); 1266 return (0); 1267} 1268 1269#ifdef WITH_SSH1 1270int 1271mm_answer_sesskey(int sock, Buffer *m) 1272{ 1273 BIGNUM *p; 1274 int rsafail; 1275 1276 /* Turn off permissions */ 1277 monitor_permit(mon_dispatch, MONITOR_REQ_SESSKEY, 0); 1278 1279 if ((p = BN_new()) == NULL) 1280 fatal("%s: BN_new", __func__); 1281 1282 buffer_get_bignum2(m, p); 1283 1284 rsafail = ssh1_session_key(p); 1285 1286 buffer_clear(m); 1287 buffer_put_int(m, rsafail); 1288 buffer_put_bignum2(m, p); 1289 1290 BN_clear_free(p); 1291 1292 mm_request_send(sock, MONITOR_ANS_SESSKEY, m); 1293 1294 /* Turn on permissions for sessid passing */ 1295 monitor_permit(mon_dispatch, MONITOR_REQ_SESSID, 1); 1296 1297 return (0); 1298} 1299 1300int 1301mm_answer_sessid(int sock, Buffer *m) 1302{ 1303 int i; 1304 1305 debug3("%s entering", __func__); 1306 1307 if (buffer_len(m) != 16) 1308 fatal("%s: bad ssh1 session id", __func__); 1309 for (i = 0; i < 16; i++) 1310 session_id[i] = buffer_get_char(m); 1311 1312 /* Turn on permissions for getpwnam */ 1313 monitor_permit(mon_dispatch, MONITOR_REQ_PWNAM, 1); 1314 1315 return (0); 1316} 1317 1318int 1319mm_answer_rsa_keyallowed(int sock, Buffer *m) 1320{ 1321 BIGNUM *client_n; 1322 Key *key = NULL; 1323 u_char *blob = NULL; 1324 u_int blen = 0; 1325 int allowed = 0; 1326 1327 debug3("%s entering", __func__); 1328 1329 auth_method = "rsa"; 1330 if (options.rsa_authentication && authctxt->valid) { 1331 if ((client_n = BN_new()) == NULL) 1332 fatal("%s: BN_new", __func__); 1333 buffer_get_bignum2(m, client_n); 1334 allowed = auth_rsa_key_allowed(authctxt->pw, client_n, &key); 1335 BN_clear_free(client_n); 1336 } 1337 buffer_clear(m); 1338 buffer_put_int(m, allowed); 1339 buffer_put_int(m, forced_command != NULL); 1340 1341 /* clear temporarily storage (used by generate challenge) */ 1342 monitor_reset_key_state(); 1343 1344 if (allowed && key != NULL) { 1345 key->type = KEY_RSA; /* cheat for key_to_blob */ 1346 if (key_to_blob(key, &blob, &blen) == 0) 1347 fatal("%s: key_to_blob failed", __func__); 1348 buffer_put_string(m, blob, blen); 1349 1350 /* Save temporarily for comparison in verify */ 1351 key_blob = blob; 1352 key_bloblen = blen; 1353 key_blobtype = MM_RSAUSERKEY; 1354 } 1355 if (key != NULL) 1356 key_free(key); 1357 1358 mm_request_send(sock, MONITOR_ANS_RSAKEYALLOWED, m); 1359 1360 monitor_permit(mon_dispatch, MONITOR_REQ_RSACHALLENGE, allowed); 1361 monitor_permit(mon_dispatch, MONITOR_REQ_RSARESPONSE, 0); 1362 return (0); 1363} 1364 1365int 1366mm_answer_rsa_challenge(int sock, Buffer *m) 1367{ 1368 Key *key = NULL; 1369 u_char *blob; 1370 u_int blen; 1371 1372 debug3("%s entering", __func__); 1373 1374 if (!authctxt->valid) 1375 fatal("%s: authctxt not valid", __func__); 1376 blob = buffer_get_string(m, &blen); 1377 if (!monitor_allowed_key(blob, blen)) 1378 fatal("%s: bad key, not previously allowed", __func__); 1379 if (key_blobtype != MM_RSAUSERKEY && key_blobtype != MM_RSAHOSTKEY) 1380 fatal("%s: key type mismatch", __func__); 1381 if ((key = key_from_blob(blob, blen)) == NULL) 1382 fatal("%s: received bad key", __func__); 1383 if (key->type != KEY_RSA) 1384 fatal("%s: received bad key type %d", __func__, key->type); 1385 key->type = KEY_RSA1; 1386 if (ssh1_challenge) 1387 BN_clear_free(ssh1_challenge); 1388 ssh1_challenge = auth_rsa_generate_challenge(key); 1389 1390 buffer_clear(m); 1391 buffer_put_bignum2(m, ssh1_challenge); 1392 1393 debug3("%s sending reply", __func__); 1394 mm_request_send(sock, MONITOR_ANS_RSACHALLENGE, m); 1395 1396 monitor_permit(mon_dispatch, MONITOR_REQ_RSARESPONSE, 1); 1397 1398 free(blob); 1399 key_free(key); 1400 return (0); 1401} 1402 1403int 1404mm_answer_rsa_response(int sock, Buffer *m) 1405{ 1406 Key *key = NULL; 1407 u_char *blob, *response; 1408 u_int blen, len; 1409 int success; 1410 1411 debug3("%s entering", __func__); 1412 1413 if (!authctxt->valid) 1414 fatal("%s: authctxt not valid", __func__); 1415 if (ssh1_challenge == NULL) 1416 fatal("%s: no ssh1_challenge", __func__); 1417 1418 blob = buffer_get_string(m, &blen); 1419 if (!monitor_allowed_key(blob, blen)) 1420 fatal("%s: bad key, not previously allowed", __func__); 1421 if (key_blobtype != MM_RSAUSERKEY && key_blobtype != MM_RSAHOSTKEY) 1422 fatal("%s: key type mismatch: %d", __func__, key_blobtype); 1423 if ((key = key_from_blob(blob, blen)) == NULL) 1424 fatal("%s: received bad key", __func__); 1425 response = buffer_get_string(m, &len); 1426 if (len != 16) 1427 fatal("%s: received bad response to challenge", __func__); 1428 success = auth_rsa_verify_response(key, ssh1_challenge, response); 1429 1430 free(blob); 1431 key_free(key); 1432 free(response); 1433 1434 auth_method = key_blobtype == MM_RSAUSERKEY ? "rsa" : "rhosts-rsa"; 1435 1436 /* reset state */ 1437 BN_clear_free(ssh1_challenge); 1438 ssh1_challenge = NULL; 1439 monitor_reset_key_state(); 1440 1441 buffer_clear(m); 1442 buffer_put_int(m, success); 1443 mm_request_send(sock, MONITOR_ANS_RSARESPONSE, m); 1444 1445 return (success); 1446} 1447#endif 1448 1449int 1450mm_answer_term(int sock, Buffer *req) 1451{ 1452 extern struct monitor *pmonitor; 1453 int res, status; 1454 1455 debug3("%s: tearing down sessions", __func__); 1456 1457 /* The child is terminating */ 1458 session_destroy_all(&mm_session_close); 1459 1460 while (waitpid(pmonitor->m_pid, &status, 0) == -1) 1461 if (errno != EINTR) 1462 exit(1); 1463 1464 res = WIFEXITED(status) ? WEXITSTATUS(status) : 1; 1465 1466 /* Terminate process */ 1467 exit(res); 1468} 1469 1470void 1471monitor_apply_keystate(struct monitor *pmonitor) 1472{ 1473 struct ssh *ssh = active_state; /* XXX */ 1474 struct kex *kex; 1475 int r; 1476 1477 debug3("%s: packet_set_state", __func__); 1478 if ((r = ssh_packet_set_state(ssh, child_state)) != 0) 1479 fatal("%s: packet_set_state: %s", __func__, ssh_err(r)); 1480 sshbuf_free(child_state); 1481 child_state = NULL; 1482 1483 if ((kex = ssh->kex) != 0) { 1484 /* XXX set callbacks */ 1485 kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; 1486 kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; 1487 kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; 1488 kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; 1489 kex->kex[KEX_ECDH_SHA2] = kexecdh_server; 1490 kex->kex[KEX_C25519_SHA256] = kexc25519_server; 1491 kex->load_host_public_key=&get_hostkey_public_by_type; 1492 kex->load_host_private_key=&get_hostkey_private_by_type; 1493 kex->host_key_index=&get_hostkey_index; 1494 kex->sign = sshd_hostkey_sign; 1495 } 1496 1497 /* Update with new address */ 1498 if (options.compression) { 1499 ssh_packet_set_compress_hooks(ssh, pmonitor->m_zlib, 1500 (ssh_packet_comp_alloc_func *)mm_zalloc, 1501 (ssh_packet_comp_free_func *)mm_zfree); 1502 } 1503 1504 if (options.rekey_limit || options.rekey_interval) 1505 ssh_packet_set_rekey_limits(ssh, 1506 (u_int32_t)options.rekey_limit, 1507 (time_t)options.rekey_interval); 1508} 1509 1510/* This function requries careful sanity checking */ 1511 1512void 1513mm_get_keystate(struct monitor *pmonitor) 1514{ 1515 debug3("%s: Waiting for new keys", __func__); 1516 1517 if ((child_state = sshbuf_new()) == NULL) 1518 fatal("%s: sshbuf_new failed", __func__); 1519 mm_request_receive_expect(pmonitor->m_sendfd, MONITOR_REQ_KEYEXPORT, 1520 child_state); 1521 debug3("%s: GOT new keys", __func__); 1522} 1523 1524 1525/* XXX */ 1526 1527#define FD_CLOSEONEXEC(x) do { \ 1528 if (fcntl(x, F_SETFD, FD_CLOEXEC) == -1) \ 1529 fatal("fcntl(%d, F_SETFD)", x); \ 1530} while (0) 1531 1532static void 1533monitor_openfds(struct monitor *mon, int do_logfds) 1534{ 1535 int pair[2]; 1536 1537 if (socketpair(AF_UNIX, SOCK_STREAM, 0, pair) == -1) 1538 fatal("%s: socketpair: %s", __func__, strerror(errno)); 1539 FD_CLOSEONEXEC(pair[0]); 1540 FD_CLOSEONEXEC(pair[1]); 1541 mon->m_recvfd = pair[0]; 1542 mon->m_sendfd = pair[1]; 1543 1544 if (do_logfds) { 1545 if (pipe(pair) == -1) 1546 fatal("%s: pipe: %s", __func__, strerror(errno)); 1547 FD_CLOSEONEXEC(pair[0]); 1548 FD_CLOSEONEXEC(pair[1]); 1549 mon->m_log_recvfd = pair[0]; 1550 mon->m_log_sendfd = pair[1]; 1551 } else 1552 mon->m_log_recvfd = mon->m_log_sendfd = -1; 1553} 1554 1555#define MM_MEMSIZE 65536 1556 1557struct monitor * 1558monitor_init(void) 1559{ 1560 struct ssh *ssh = active_state; /* XXX */ 1561 struct monitor *mon; 1562 1563 mon = xcalloc(1, sizeof(*mon)); 1564 1565 monitor_openfds(mon, 1); 1566 1567 /* Used to share zlib space across processes */ 1568 if (options.compression) { 1569 mon->m_zback = mm_create(NULL, MM_MEMSIZE); 1570 mon->m_zlib = mm_create(mon->m_zback, 20 * MM_MEMSIZE); 1571 1572 /* Compression needs to share state across borders */ 1573 ssh_packet_set_compress_hooks(ssh, mon->m_zlib, 1574 (ssh_packet_comp_alloc_func *)mm_zalloc, 1575 (ssh_packet_comp_free_func *)mm_zfree); 1576 } 1577 1578 return mon; 1579} 1580 1581void 1582monitor_reinit(struct monitor *mon) 1583{ 1584 monitor_openfds(mon, 0); 1585} 1586 1587#ifdef GSSAPI 1588int 1589mm_answer_gss_setup_ctx(int sock, Buffer *m) 1590{ 1591 gss_OID_desc goid; 1592 OM_uint32 major; 1593 u_int len; 1594 1595 goid.elements = buffer_get_string(m, &len); 1596 goid.length = len; 1597 1598 major = ssh_gssapi_server_ctx(&gsscontext, &goid); 1599 1600 free(goid.elements); 1601 1602 buffer_clear(m); 1603 buffer_put_int(m, major); 1604 1605 mm_request_send(sock, MONITOR_ANS_GSSSETUP, m); 1606 1607 /* Now we have a context, enable the step */ 1608 monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 1); 1609 1610 return (0); 1611} 1612 1613int 1614mm_answer_gss_accept_ctx(int sock, Buffer *m) 1615{ 1616 gss_buffer_desc in; 1617 gss_buffer_desc out = GSS_C_EMPTY_BUFFER; 1618 OM_uint32 major, minor; 1619 OM_uint32 flags = 0; /* GSI needs this */ 1620 u_int len; 1621 1622 in.value = buffer_get_string(m, &len); 1623 in.length = len; 1624 major = ssh_gssapi_accept_ctx(gsscontext, &in, &out, &flags); 1625 free(in.value); 1626 1627 buffer_clear(m); 1628 buffer_put_int(m, major); 1629 buffer_put_string(m, out.value, out.length); 1630 buffer_put_int(m, flags); 1631 mm_request_send(sock, MONITOR_ANS_GSSSTEP, m); 1632 1633 gss_release_buffer(&minor, &out); 1634 1635 if (major == GSS_S_COMPLETE) { 1636 monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 0); 1637 monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1); 1638 monitor_permit(mon_dispatch, MONITOR_REQ_GSSCHECKMIC, 1); 1639 } 1640 return (0); 1641} 1642 1643int 1644mm_answer_gss_checkmic(int sock, Buffer *m) 1645{ 1646 gss_buffer_desc gssbuf, mic; 1647 OM_uint32 ret; 1648 u_int len; 1649 1650 gssbuf.value = buffer_get_string(m, &len); 1651 gssbuf.length = len; 1652 mic.value = buffer_get_string(m, &len); 1653 mic.length = len; 1654 1655 ret = ssh_gssapi_checkmic(gsscontext, &gssbuf, &mic); 1656 1657 free(gssbuf.value); 1658 free(mic.value); 1659 1660 buffer_clear(m); 1661 buffer_put_int(m, ret); 1662 1663 mm_request_send(sock, MONITOR_ANS_GSSCHECKMIC, m); 1664 1665 if (!GSS_ERROR(ret)) 1666 monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1); 1667 1668 return (0); 1669} 1670 1671int 1672mm_answer_gss_userok(int sock, Buffer *m) 1673{ 1674 int authenticated; 1675 1676 authenticated = authctxt->valid && ssh_gssapi_userok(authctxt->user); 1677 1678 buffer_clear(m); 1679 buffer_put_int(m, authenticated); 1680 1681 debug3("%s: sending result %d", __func__, authenticated); 1682 mm_request_send(sock, MONITOR_ANS_GSSUSEROK, m); 1683 1684 auth_method = "gssapi-with-mic"; 1685 1686 /* Monitor loop will terminate if authenticated */ 1687 return (authenticated); 1688} 1689#endif /* GSSAPI */ 1690 1691