monitor.c revision 1.47
1/* 2 * Copyright 2002 Niels Provos <provos@citi.umich.edu> 3 * Copyright 2002 Markus Friedl <markus@openbsd.org> 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 16 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 17 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 18 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 19 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 20 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 21 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 22 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 24 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 25 */ 26 27#include "includes.h" 28RCSID("$OpenBSD: monitor.c,v 1.47 2003/08/24 17:36:52 deraadt Exp $"); 29 30#include <openssl/dh.h> 31 32#ifdef SKEY 33#include <skey.h> 34#endif 35 36#include "ssh.h" 37#include "auth.h" 38#include "kex.h" 39#include "dh.h" 40#include "zlib.h" 41#include "packet.h" 42#include "auth-options.h" 43#include "sshpty.h" 44#include "channels.h" 45#include "session.h" 46#include "sshlogin.h" 47#include "canohost.h" 48#include "log.h" 49#include "servconf.h" 50#include "monitor.h" 51#include "monitor_mm.h" 52#include "monitor_wrap.h" 53#include "monitor_fdpass.h" 54#include "xmalloc.h" 55#include "misc.h" 56#include "buffer.h" 57#include "bufaux.h" 58#include "compat.h" 59#include "ssh2.h" 60#include "mpaux.h" 61 62#ifdef GSSAPI 63#include "ssh-gss.h" 64static Gssctxt *gsscontext = NULL; 65#endif 66 67/* Imports */ 68extern ServerOptions options; 69extern u_int utmp_len; 70extern Newkeys *current_keys[]; 71extern z_stream incoming_stream; 72extern z_stream outgoing_stream; 73extern u_char session_id[]; 74extern Buffer input, output; 75extern Buffer auth_debug; 76extern int auth_debug_init; 77 78/* State exported from the child */ 79 80struct { 81 z_stream incoming; 82 z_stream outgoing; 83 u_char *keyin; 84 u_int keyinlen; 85 u_char *keyout; 86 u_int keyoutlen; 87 u_char *ivin; 88 u_int ivinlen; 89 u_char *ivout; 90 u_int ivoutlen; 91 u_char *ssh1key; 92 u_int ssh1keylen; 93 int ssh1cipher; 94 int ssh1protoflags; 95 u_char *input; 96 u_int ilen; 97 u_char *output; 98 u_int olen; 99} child_state; 100 101/* Functions on the monitor that answer unprivileged requests */ 102 103int mm_answer_moduli(int, Buffer *); 104int mm_answer_sign(int, Buffer *); 105int mm_answer_pwnamallow(int, Buffer *); 106int mm_answer_auth2_read_banner(int, Buffer *); 107int mm_answer_authserv(int, Buffer *); 108int mm_answer_authpassword(int, Buffer *); 109int mm_answer_bsdauthquery(int, Buffer *); 110int mm_answer_bsdauthrespond(int, Buffer *); 111int mm_answer_skeyquery(int, Buffer *); 112int mm_answer_skeyrespond(int, Buffer *); 113int mm_answer_keyallowed(int, Buffer *); 114int mm_answer_keyverify(int, Buffer *); 115int mm_answer_pty(int, Buffer *); 116int mm_answer_pty_cleanup(int, Buffer *); 117int mm_answer_term(int, Buffer *); 118int mm_answer_rsa_keyallowed(int, Buffer *); 119int mm_answer_rsa_challenge(int, Buffer *); 120int mm_answer_rsa_response(int, Buffer *); 121int mm_answer_sesskey(int, Buffer *); 122int mm_answer_sessid(int, Buffer *); 123 124#ifdef KRB5 125int mm_answer_krb5(int, Buffer *); 126#endif 127#ifdef GSSAPI 128int mm_answer_gss_setup_ctx(int, Buffer *); 129int mm_answer_gss_accept_ctx(int, Buffer *); 130int mm_answer_gss_userok(int, Buffer *); 131#endif 132 133static Authctxt *authctxt; 134static BIGNUM *ssh1_challenge = NULL; /* used for ssh1 rsa auth */ 135 136/* local state for key verify */ 137static u_char *key_blob = NULL; 138static u_int key_bloblen = 0; 139static int key_blobtype = MM_NOKEY; 140static char *hostbased_cuser = NULL; 141static char *hostbased_chost = NULL; 142static char *auth_method = "unknown"; 143static u_int session_id2_len = 0; 144static u_char *session_id2 = NULL; 145static pid_t monitor_child_pid; 146 147struct mon_table { 148 enum monitor_reqtype type; 149 int flags; 150 int (*f)(int, Buffer *); 151}; 152 153#define MON_ISAUTH 0x0004 /* Required for Authentication */ 154#define MON_AUTHDECIDE 0x0008 /* Decides Authentication */ 155#define MON_ONCE 0x0010 /* Disable after calling */ 156 157#define MON_AUTH (MON_ISAUTH|MON_AUTHDECIDE) 158 159#define MON_PERMIT 0x1000 /* Request is permitted */ 160 161struct mon_table mon_dispatch_proto20[] = { 162 {MONITOR_REQ_MODULI, MON_ONCE, mm_answer_moduli}, 163 {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign}, 164 {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow}, 165 {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv}, 166 {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner}, 167 {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword}, 168#ifdef BSD_AUTH 169 {MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery}, 170 {MONITOR_REQ_BSDAUTHRESPOND, MON_AUTH,mm_answer_bsdauthrespond}, 171#endif 172#ifdef SKEY 173 {MONITOR_REQ_SKEYQUERY, MON_ISAUTH, mm_answer_skeyquery}, 174 {MONITOR_REQ_SKEYRESPOND, MON_AUTH, mm_answer_skeyrespond}, 175#endif 176 {MONITOR_REQ_KEYALLOWED, MON_ISAUTH, mm_answer_keyallowed}, 177 {MONITOR_REQ_KEYVERIFY, MON_AUTH, mm_answer_keyverify}, 178#ifdef KRB5 179 {MONITOR_REQ_KRB5, MON_ONCE|MON_AUTH, mm_answer_krb5}, 180#endif 181#ifdef GSSAPI 182 {MONITOR_REQ_GSSSETUP, MON_ISAUTH, mm_answer_gss_setup_ctx}, 183 {MONITOR_REQ_GSSSTEP, MON_ISAUTH, mm_answer_gss_accept_ctx}, 184 {MONITOR_REQ_GSSUSEROK, MON_AUTH, mm_answer_gss_userok}, 185#endif 186 {0, 0, NULL} 187}; 188 189struct mon_table mon_dispatch_postauth20[] = { 190 {MONITOR_REQ_MODULI, 0, mm_answer_moduli}, 191 {MONITOR_REQ_SIGN, 0, mm_answer_sign}, 192 {MONITOR_REQ_PTY, 0, mm_answer_pty}, 193 {MONITOR_REQ_PTYCLEANUP, 0, mm_answer_pty_cleanup}, 194 {MONITOR_REQ_TERM, 0, mm_answer_term}, 195 {0, 0, NULL} 196}; 197 198struct mon_table mon_dispatch_proto15[] = { 199 {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow}, 200 {MONITOR_REQ_SESSKEY, MON_ONCE, mm_answer_sesskey}, 201 {MONITOR_REQ_SESSID, MON_ONCE, mm_answer_sessid}, 202 {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword}, 203 {MONITOR_REQ_RSAKEYALLOWED, MON_ISAUTH, mm_answer_rsa_keyallowed}, 204 {MONITOR_REQ_KEYALLOWED, MON_ISAUTH, mm_answer_keyallowed}, 205 {MONITOR_REQ_RSACHALLENGE, MON_ONCE, mm_answer_rsa_challenge}, 206 {MONITOR_REQ_RSARESPONSE, MON_ONCE|MON_AUTHDECIDE, mm_answer_rsa_response}, 207#ifdef BSD_AUTH 208 {MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery}, 209 {MONITOR_REQ_BSDAUTHRESPOND, MON_AUTH,mm_answer_bsdauthrespond}, 210#endif 211#ifdef SKEY 212 {MONITOR_REQ_SKEYQUERY, MON_ISAUTH, mm_answer_skeyquery}, 213 {MONITOR_REQ_SKEYRESPOND, MON_AUTH, mm_answer_skeyrespond}, 214#endif 215#ifdef KRB5 216 {MONITOR_REQ_KRB5, MON_ONCE|MON_AUTH, mm_answer_krb5}, 217#endif 218 {0, 0, NULL} 219}; 220 221struct mon_table mon_dispatch_postauth15[] = { 222 {MONITOR_REQ_PTY, MON_ONCE, mm_answer_pty}, 223 {MONITOR_REQ_PTYCLEANUP, MON_ONCE, mm_answer_pty_cleanup}, 224 {MONITOR_REQ_TERM, 0, mm_answer_term}, 225 {0, 0, NULL} 226}; 227 228struct mon_table *mon_dispatch; 229 230/* Specifies if a certain message is allowed at the moment */ 231 232static void 233monitor_permit(struct mon_table *ent, enum monitor_reqtype type, int permit) 234{ 235 while (ent->f != NULL) { 236 if (ent->type == type) { 237 ent->flags &= ~MON_PERMIT; 238 ent->flags |= permit ? MON_PERMIT : 0; 239 return; 240 } 241 ent++; 242 } 243} 244 245static void 246monitor_permit_authentications(int permit) 247{ 248 struct mon_table *ent = mon_dispatch; 249 250 while (ent->f != NULL) { 251 if (ent->flags & MON_AUTH) { 252 ent->flags &= ~MON_PERMIT; 253 ent->flags |= permit ? MON_PERMIT : 0; 254 } 255 ent++; 256 } 257} 258 259Authctxt * 260monitor_child_preauth(struct monitor *pmonitor) 261{ 262 struct mon_table *ent; 263 int authenticated = 0; 264 265 debug3("preauth child monitor started"); 266 267 if (compat20) { 268 mon_dispatch = mon_dispatch_proto20; 269 270 /* Permit requests for moduli and signatures */ 271 monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1); 272 monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1); 273 } else { 274 mon_dispatch = mon_dispatch_proto15; 275 276 monitor_permit(mon_dispatch, MONITOR_REQ_SESSKEY, 1); 277 } 278 279 authctxt = authctxt_new(); 280 281 /* The first few requests do not require asynchronous access */ 282 while (!authenticated) { 283 authenticated = monitor_read(pmonitor, mon_dispatch, &ent); 284 if (authenticated) { 285 if (!(ent->flags & MON_AUTHDECIDE)) 286 fatal("%s: unexpected authentication from %d", 287 __func__, ent->type); 288 if (authctxt->pw->pw_uid == 0 && 289 !auth_root_allowed(auth_method)) 290 authenticated = 0; 291 } 292 293 if (ent->flags & MON_AUTHDECIDE) { 294 auth_log(authctxt, authenticated, auth_method, 295 compat20 ? " ssh2" : ""); 296 if (!authenticated) 297 authctxt->failures++; 298 } 299 } 300 301 if (!authctxt->valid) 302 fatal("%s: authenticated invalid user", __func__); 303 304 debug("%s: %s has been authenticated by privileged process", 305 __func__, authctxt->user); 306 307 mm_get_keystate(pmonitor); 308 309 return (authctxt); 310} 311 312static void 313monitor_set_child_handler(pid_t pid) 314{ 315 monitor_child_pid = pid; 316} 317 318static void 319monitor_child_handler(int signal) 320{ 321 kill(monitor_child_pid, signal); 322} 323 324void 325monitor_child_postauth(struct monitor *pmonitor) 326{ 327 monitor_set_child_handler(pmonitor->m_pid); 328 signal(SIGHUP, &monitor_child_handler); 329 signal(SIGTERM, &monitor_child_handler); 330 331 if (compat20) { 332 mon_dispatch = mon_dispatch_postauth20; 333 334 /* Permit requests for moduli and signatures */ 335 monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1); 336 monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1); 337 monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1); 338 } else { 339 mon_dispatch = mon_dispatch_postauth15; 340 monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1); 341 } 342 if (!no_pty_flag) { 343 monitor_permit(mon_dispatch, MONITOR_REQ_PTY, 1); 344 monitor_permit(mon_dispatch, MONITOR_REQ_PTYCLEANUP, 1); 345 } 346 347 for (;;) 348 monitor_read(pmonitor, mon_dispatch, NULL); 349} 350 351void 352monitor_sync(struct monitor *pmonitor) 353{ 354 if (options.compression) { 355 /* The member allocation is not visible, so sync it */ 356 mm_share_sync(&pmonitor->m_zlib, &pmonitor->m_zback); 357 } 358} 359 360int 361monitor_read(struct monitor *pmonitor, struct mon_table *ent, 362 struct mon_table **pent) 363{ 364 Buffer m; 365 int ret; 366 u_char type; 367 368 buffer_init(&m); 369 370 mm_request_receive(pmonitor->m_sendfd, &m); 371 type = buffer_get_char(&m); 372 373 debug3("%s: checking request %d", __func__, type); 374 375 while (ent->f != NULL) { 376 if (ent->type == type) 377 break; 378 ent++; 379 } 380 381 if (ent->f != NULL) { 382 if (!(ent->flags & MON_PERMIT)) 383 fatal("%s: unpermitted request %d", __func__, 384 type); 385 ret = (*ent->f)(pmonitor->m_sendfd, &m); 386 buffer_free(&m); 387 388 /* The child may use this request only once, disable it */ 389 if (ent->flags & MON_ONCE) { 390 debug2("%s: %d used once, disabling now", __func__, 391 type); 392 ent->flags &= ~MON_PERMIT; 393 } 394 395 if (pent != NULL) 396 *pent = ent; 397 398 return ret; 399 } 400 401 fatal("%s: unsupported request: %d", __func__, type); 402 403 /* NOTREACHED */ 404 return (-1); 405} 406 407/* allowed key state */ 408static int 409monitor_allowed_key(u_char *blob, u_int bloblen) 410{ 411 /* make sure key is allowed */ 412 if (key_blob == NULL || key_bloblen != bloblen || 413 memcmp(key_blob, blob, key_bloblen)) 414 return (0); 415 return (1); 416} 417 418static void 419monitor_reset_key_state(void) 420{ 421 /* reset state */ 422 if (key_blob != NULL) 423 xfree(key_blob); 424 if (hostbased_cuser != NULL) 425 xfree(hostbased_cuser); 426 if (hostbased_chost != NULL) 427 xfree(hostbased_chost); 428 key_blob = NULL; 429 key_bloblen = 0; 430 key_blobtype = MM_NOKEY; 431 hostbased_cuser = NULL; 432 hostbased_chost = NULL; 433} 434 435int 436mm_answer_moduli(int socket, Buffer *m) 437{ 438 DH *dh; 439 int min, want, max; 440 441 min = buffer_get_int(m); 442 want = buffer_get_int(m); 443 max = buffer_get_int(m); 444 445 debug3("%s: got parameters: %d %d %d", 446 __func__, min, want, max); 447 /* We need to check here, too, in case the child got corrupted */ 448 if (max < min || want < min || max < want) 449 fatal("%s: bad parameters: %d %d %d", 450 __func__, min, want, max); 451 452 buffer_clear(m); 453 454 dh = choose_dh(min, want, max); 455 if (dh == NULL) { 456 buffer_put_char(m, 0); 457 return (0); 458 } else { 459 /* Send first bignum */ 460 buffer_put_char(m, 1); 461 buffer_put_bignum2(m, dh->p); 462 buffer_put_bignum2(m, dh->g); 463 464 DH_free(dh); 465 } 466 mm_request_send(socket, MONITOR_ANS_MODULI, m); 467 return (0); 468} 469 470int 471mm_answer_sign(int socket, Buffer *m) 472{ 473 Key *key; 474 u_char *p; 475 u_char *signature; 476 u_int siglen, datlen; 477 int keyid; 478 479 debug3("%s", __func__); 480 481 keyid = buffer_get_int(m); 482 p = buffer_get_string(m, &datlen); 483 484 if (datlen != 20) 485 fatal("%s: data length incorrect: %u", __func__, datlen); 486 487 /* save session id, it will be passed on the first call */ 488 if (session_id2_len == 0) { 489 session_id2_len = datlen; 490 session_id2 = xmalloc(session_id2_len); 491 memcpy(session_id2, p, session_id2_len); 492 } 493 494 if ((key = get_hostkey_by_index(keyid)) == NULL) 495 fatal("%s: no hostkey from index %d", __func__, keyid); 496 if (key_sign(key, &signature, &siglen, p, datlen) < 0) 497 fatal("%s: key_sign failed", __func__); 498 499 debug3("%s: signature %p(%u)", __func__, signature, siglen); 500 501 buffer_clear(m); 502 buffer_put_string(m, signature, siglen); 503 504 xfree(p); 505 xfree(signature); 506 507 mm_request_send(socket, MONITOR_ANS_SIGN, m); 508 509 /* Turn on permissions for getpwnam */ 510 monitor_permit(mon_dispatch, MONITOR_REQ_PWNAM, 1); 511 512 return (0); 513} 514 515/* Retrieves the password entry and also checks if the user is permitted */ 516 517int 518mm_answer_pwnamallow(int socket, Buffer *m) 519{ 520 char *login; 521 struct passwd *pwent; 522 int allowed = 0; 523 524 debug3("%s", __func__); 525 526 if (authctxt->attempt++ != 0) 527 fatal("%s: multiple attempts for getpwnam", __func__); 528 529 login = buffer_get_string(m, NULL); 530 531 pwent = getpwnamallow(login); 532 533 authctxt->user = xstrdup(login); 534 setproctitle("%s [priv]", pwent ? login : "unknown"); 535 xfree(login); 536 537 buffer_clear(m); 538 539 if (pwent == NULL) { 540 buffer_put_char(m, 0); 541 goto out; 542 } 543 544 allowed = 1; 545 authctxt->pw = pwent; 546 authctxt->valid = 1; 547 548 buffer_put_char(m, 1); 549 buffer_put_string(m, pwent, sizeof(struct passwd)); 550 buffer_put_cstring(m, pwent->pw_name); 551 buffer_put_cstring(m, "*"); 552 buffer_put_cstring(m, pwent->pw_gecos); 553 buffer_put_cstring(m, pwent->pw_class); 554 buffer_put_cstring(m, pwent->pw_dir); 555 buffer_put_cstring(m, pwent->pw_shell); 556 557 out: 558 debug3("%s: sending MONITOR_ANS_PWNAM: %d", __func__, allowed); 559 mm_request_send(socket, MONITOR_ANS_PWNAM, m); 560 561 /* For SSHv1 allow authentication now */ 562 if (!compat20) 563 monitor_permit_authentications(1); 564 else { 565 /* Allow service/style information on the auth context */ 566 monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1); 567 monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1); 568 } 569 570 571 return (0); 572} 573 574int mm_answer_auth2_read_banner(int socket, Buffer *m) 575{ 576 char *banner; 577 578 buffer_clear(m); 579 banner = auth2_read_banner(); 580 buffer_put_cstring(m, banner != NULL ? banner : ""); 581 mm_request_send(socket, MONITOR_ANS_AUTH2_READ_BANNER, m); 582 583 if (banner != NULL) 584 xfree(banner); 585 586 return (0); 587} 588 589int 590mm_answer_authserv(int socket, Buffer *m) 591{ 592 monitor_permit_authentications(1); 593 594 authctxt->service = buffer_get_string(m, NULL); 595 authctxt->style = buffer_get_string(m, NULL); 596 debug3("%s: service=%s, style=%s", 597 __func__, authctxt->service, authctxt->style); 598 599 if (strlen(authctxt->style) == 0) { 600 xfree(authctxt->style); 601 authctxt->style = NULL; 602 } 603 604 return (0); 605} 606 607int 608mm_answer_authpassword(int socket, Buffer *m) 609{ 610 static int call_count; 611 char *passwd; 612 int authenticated; 613 u_int plen; 614 615 passwd = buffer_get_string(m, &plen); 616 /* Only authenticate if the context is valid */ 617 authenticated = options.password_authentication && 618 authctxt->valid && auth_password(authctxt, passwd); 619 memset(passwd, 0, strlen(passwd)); 620 xfree(passwd); 621 622 buffer_clear(m); 623 buffer_put_int(m, authenticated); 624 625 debug3("%s: sending result %d", __func__, authenticated); 626 mm_request_send(socket, MONITOR_ANS_AUTHPASSWORD, m); 627 628 call_count++; 629 if (plen == 0 && call_count == 1) 630 auth_method = "none"; 631 else 632 auth_method = "password"; 633 634 /* Causes monitor loop to terminate if authenticated */ 635 return (authenticated); 636} 637 638#ifdef BSD_AUTH 639int 640mm_answer_bsdauthquery(int socket, Buffer *m) 641{ 642 char *name, *infotxt; 643 u_int numprompts; 644 u_int *echo_on; 645 char **prompts; 646 u_int success; 647 648 success = bsdauth_query(authctxt, &name, &infotxt, &numprompts, 649 &prompts, &echo_on) < 0 ? 0 : 1; 650 651 buffer_clear(m); 652 buffer_put_int(m, success); 653 if (success) 654 buffer_put_cstring(m, prompts[0]); 655 656 debug3("%s: sending challenge success: %u", __func__, success); 657 mm_request_send(socket, MONITOR_ANS_BSDAUTHQUERY, m); 658 659 if (success) { 660 xfree(name); 661 xfree(infotxt); 662 xfree(prompts); 663 xfree(echo_on); 664 } 665 666 return (0); 667} 668 669int 670mm_answer_bsdauthrespond(int socket, Buffer *m) 671{ 672 char *response; 673 int authok; 674 675 if (authctxt->as == 0) 676 fatal("%s: no bsd auth session", __func__); 677 678 response = buffer_get_string(m, NULL); 679 authok = options.challenge_response_authentication && 680 auth_userresponse(authctxt->as, response, 0); 681 authctxt->as = NULL; 682 debug3("%s: <%s> = <%d>", __func__, response, authok); 683 xfree(response); 684 685 buffer_clear(m); 686 buffer_put_int(m, authok); 687 688 debug3("%s: sending authenticated: %d", __func__, authok); 689 mm_request_send(socket, MONITOR_ANS_BSDAUTHRESPOND, m); 690 691 auth_method = "bsdauth"; 692 693 return (authok != 0); 694} 695#endif 696 697#ifdef SKEY 698int 699mm_answer_skeyquery(int socket, Buffer *m) 700{ 701 struct skey skey; 702 char challenge[1024]; 703 u_int success; 704 705 success = skeychallenge(&skey, authctxt->user, challenge) < 0 ? 0 : 1; 706 707 buffer_clear(m); 708 buffer_put_int(m, success); 709 if (success) 710 buffer_put_cstring(m, challenge); 711 712 debug3("%s: sending challenge success: %u", __func__, success); 713 mm_request_send(socket, MONITOR_ANS_SKEYQUERY, m); 714 715 return (0); 716} 717 718int 719mm_answer_skeyrespond(int socket, Buffer *m) 720{ 721 char *response; 722 int authok; 723 724 response = buffer_get_string(m, NULL); 725 726 authok = (options.challenge_response_authentication && 727 authctxt->valid && 728 skey_haskey(authctxt->pw->pw_name) == 0 && 729 skey_passcheck(authctxt->pw->pw_name, response) != -1); 730 731 xfree(response); 732 733 buffer_clear(m); 734 buffer_put_int(m, authok); 735 736 debug3("%s: sending authenticated: %d", __func__, authok); 737 mm_request_send(socket, MONITOR_ANS_SKEYRESPOND, m); 738 739 auth_method = "skey"; 740 741 return (authok != 0); 742} 743#endif 744 745static void 746mm_append_debug(Buffer *m) 747{ 748 if (auth_debug_init && buffer_len(&auth_debug)) { 749 debug3("%s: Appending debug messages for child", __func__); 750 buffer_append(m, buffer_ptr(&auth_debug), 751 buffer_len(&auth_debug)); 752 buffer_clear(&auth_debug); 753 } 754} 755 756int 757mm_answer_keyallowed(int socket, Buffer *m) 758{ 759 Key *key; 760 char *cuser, *chost; 761 u_char *blob; 762 u_int bloblen; 763 enum mm_keytype type = 0; 764 int allowed = 0; 765 766 debug3("%s entering", __func__); 767 768 type = buffer_get_int(m); 769 cuser = buffer_get_string(m, NULL); 770 chost = buffer_get_string(m, NULL); 771 blob = buffer_get_string(m, &bloblen); 772 773 key = key_from_blob(blob, bloblen); 774 775 if ((compat20 && type == MM_RSAHOSTKEY) || 776 (!compat20 && type != MM_RSAHOSTKEY)) 777 fatal("%s: key type and protocol mismatch", __func__); 778 779 debug3("%s: key_from_blob: %p", __func__, key); 780 781 if (key != NULL && authctxt->pw != NULL) { 782 switch(type) { 783 case MM_USERKEY: 784 allowed = options.pubkey_authentication && 785 user_key_allowed(authctxt->pw, key); 786 break; 787 case MM_HOSTKEY: 788 allowed = options.hostbased_authentication && 789 hostbased_key_allowed(authctxt->pw, 790 cuser, chost, key); 791 break; 792 case MM_RSAHOSTKEY: 793 key->type = KEY_RSA1; /* XXX */ 794 allowed = options.rhosts_rsa_authentication && 795 auth_rhosts_rsa_key_allowed(authctxt->pw, 796 cuser, chost, key); 797 break; 798 default: 799 fatal("%s: unknown key type %d", __func__, type); 800 break; 801 } 802 } 803 if (key != NULL) 804 key_free(key); 805 806 /* clear temporarily storage (used by verify) */ 807 monitor_reset_key_state(); 808 809 if (allowed) { 810 /* Save temporarily for comparison in verify */ 811 key_blob = blob; 812 key_bloblen = bloblen; 813 key_blobtype = type; 814 hostbased_cuser = cuser; 815 hostbased_chost = chost; 816 } 817 818 debug3("%s: key %p is %s", 819 __func__, key, allowed ? "allowed" : "disallowed"); 820 821 buffer_clear(m); 822 buffer_put_int(m, allowed); 823 buffer_put_int(m, forced_command != NULL); 824 825 mm_append_debug(m); 826 827 mm_request_send(socket, MONITOR_ANS_KEYALLOWED, m); 828 829 if (type == MM_RSAHOSTKEY) 830 monitor_permit(mon_dispatch, MONITOR_REQ_RSACHALLENGE, allowed); 831 832 return (0); 833} 834 835static int 836monitor_valid_userblob(u_char *data, u_int datalen) 837{ 838 Buffer b; 839 char *p; 840 u_int len; 841 int fail = 0; 842 843 buffer_init(&b); 844 buffer_append(&b, data, datalen); 845 846 if (datafellows & SSH_OLD_SESSIONID) { 847 p = buffer_ptr(&b); 848 len = buffer_len(&b); 849 if ((session_id2 == NULL) || 850 (len < session_id2_len) || 851 (memcmp(p, session_id2, session_id2_len) != 0)) 852 fail++; 853 buffer_consume(&b, session_id2_len); 854 } else { 855 p = buffer_get_string(&b, &len); 856 if ((session_id2 == NULL) || 857 (len != session_id2_len) || 858 (memcmp(p, session_id2, session_id2_len) != 0)) 859 fail++; 860 xfree(p); 861 } 862 if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST) 863 fail++; 864 p = buffer_get_string(&b, NULL); 865 if (strcmp(authctxt->user, p) != 0) { 866 logit("wrong user name passed to monitor: expected %s != %.100s", 867 authctxt->user, p); 868 fail++; 869 } 870 xfree(p); 871 buffer_skip_string(&b); 872 if (datafellows & SSH_BUG_PKAUTH) { 873 if (!buffer_get_char(&b)) 874 fail++; 875 } else { 876 p = buffer_get_string(&b, NULL); 877 if (strcmp("publickey", p) != 0) 878 fail++; 879 xfree(p); 880 if (!buffer_get_char(&b)) 881 fail++; 882 buffer_skip_string(&b); 883 } 884 buffer_skip_string(&b); 885 if (buffer_len(&b) != 0) 886 fail++; 887 buffer_free(&b); 888 return (fail == 0); 889} 890 891static int 892monitor_valid_hostbasedblob(u_char *data, u_int datalen, char *cuser, 893 char *chost) 894{ 895 Buffer b; 896 char *p; 897 u_int len; 898 int fail = 0; 899 900 buffer_init(&b); 901 buffer_append(&b, data, datalen); 902 903 p = buffer_get_string(&b, &len); 904 if ((session_id2 == NULL) || 905 (len != session_id2_len) || 906 (memcmp(p, session_id2, session_id2_len) != 0)) 907 fail++; 908 xfree(p); 909 910 if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST) 911 fail++; 912 p = buffer_get_string(&b, NULL); 913 if (strcmp(authctxt->user, p) != 0) { 914 logit("wrong user name passed to monitor: expected %s != %.100s", 915 authctxt->user, p); 916 fail++; 917 } 918 xfree(p); 919 buffer_skip_string(&b); /* service */ 920 p = buffer_get_string(&b, NULL); 921 if (strcmp(p, "hostbased") != 0) 922 fail++; 923 xfree(p); 924 buffer_skip_string(&b); /* pkalg */ 925 buffer_skip_string(&b); /* pkblob */ 926 927 /* verify client host, strip trailing dot if necessary */ 928 p = buffer_get_string(&b, NULL); 929 if (((len = strlen(p)) > 0) && p[len - 1] == '.') 930 p[len - 1] = '\0'; 931 if (strcmp(p, chost) != 0) 932 fail++; 933 xfree(p); 934 935 /* verify client user */ 936 p = buffer_get_string(&b, NULL); 937 if (strcmp(p, cuser) != 0) 938 fail++; 939 xfree(p); 940 941 if (buffer_len(&b) != 0) 942 fail++; 943 buffer_free(&b); 944 return (fail == 0); 945} 946 947int 948mm_answer_keyverify(int socket, Buffer *m) 949{ 950 Key *key; 951 u_char *signature, *data, *blob; 952 u_int signaturelen, datalen, bloblen; 953 int verified = 0; 954 int valid_data = 0; 955 956 blob = buffer_get_string(m, &bloblen); 957 signature = buffer_get_string(m, &signaturelen); 958 data = buffer_get_string(m, &datalen); 959 960 if (hostbased_cuser == NULL || hostbased_chost == NULL || 961 !monitor_allowed_key(blob, bloblen)) 962 fatal("%s: bad key, not previously allowed", __func__); 963 964 key = key_from_blob(blob, bloblen); 965 if (key == NULL) 966 fatal("%s: bad public key blob", __func__); 967 968 switch (key_blobtype) { 969 case MM_USERKEY: 970 valid_data = monitor_valid_userblob(data, datalen); 971 break; 972 case MM_HOSTKEY: 973 valid_data = monitor_valid_hostbasedblob(data, datalen, 974 hostbased_cuser, hostbased_chost); 975 break; 976 default: 977 valid_data = 0; 978 break; 979 } 980 if (!valid_data) 981 fatal("%s: bad signature data blob", __func__); 982 983 verified = key_verify(key, signature, signaturelen, data, datalen); 984 debug3("%s: key %p signature %s", 985 __func__, key, verified ? "verified" : "unverified"); 986 987 key_free(key); 988 xfree(blob); 989 xfree(signature); 990 xfree(data); 991 992 auth_method = key_blobtype == MM_USERKEY ? "publickey" : "hostbased"; 993 994 monitor_reset_key_state(); 995 996 buffer_clear(m); 997 buffer_put_int(m, verified); 998 mm_request_send(socket, MONITOR_ANS_KEYVERIFY, m); 999 1000 return (verified); 1001} 1002 1003static void 1004mm_record_login(Session *s, struct passwd *pw) 1005{ 1006 socklen_t fromlen; 1007 struct sockaddr_storage from; 1008 1009 /* 1010 * Get IP address of client. If the connection is not a socket, let 1011 * the address be 0.0.0.0. 1012 */ 1013 memset(&from, 0, sizeof(from)); 1014 fromlen = sizeof(from); 1015 if (packet_connection_is_on_socket()) { 1016 if (getpeername(packet_get_connection_in(), 1017 (struct sockaddr *) & from, &fromlen) < 0) { 1018 debug("getpeername: %.100s", strerror(errno)); 1019 fatal_cleanup(); 1020 } 1021 } 1022 /* Record that there was a login on that tty from the remote host. */ 1023 record_login(s->pid, s->tty, pw->pw_name, pw->pw_uid, 1024 get_remote_name_or_ip(utmp_len, options.use_dns), 1025 (struct sockaddr *)&from, fromlen); 1026} 1027 1028static void 1029mm_session_close(Session *s) 1030{ 1031 debug3("%s: session %d pid %ld", __func__, s->self, (long)s->pid); 1032 if (s->ttyfd != -1) { 1033 debug3("%s: tty %s ptyfd %d", __func__, s->tty, s->ptyfd); 1034 fatal_remove_cleanup(session_pty_cleanup2, (void *)s); 1035 session_pty_cleanup2(s); 1036 } 1037 s->used = 0; 1038} 1039 1040int 1041mm_answer_pty(int socket, Buffer *m) 1042{ 1043 extern struct monitor *pmonitor; 1044 Session *s; 1045 int res, fd0; 1046 1047 debug3("%s entering", __func__); 1048 1049 buffer_clear(m); 1050 s = session_new(); 1051 if (s == NULL) 1052 goto error; 1053 s->authctxt = authctxt; 1054 s->pw = authctxt->pw; 1055 s->pid = pmonitor->m_pid; 1056 res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty)); 1057 if (res == 0) 1058 goto error; 1059 fatal_add_cleanup(session_pty_cleanup2, (void *)s); 1060 pty_setowner(authctxt->pw, s->tty); 1061 1062 buffer_put_int(m, 1); 1063 buffer_put_cstring(m, s->tty); 1064 mm_request_send(socket, MONITOR_ANS_PTY, m); 1065 1066 mm_send_fd(socket, s->ptyfd); 1067 mm_send_fd(socket, s->ttyfd); 1068 1069 /* We need to trick ttyslot */ 1070 if (dup2(s->ttyfd, 0) == -1) 1071 fatal("%s: dup2", __func__); 1072 1073 mm_record_login(s, authctxt->pw); 1074 1075 /* Now we can close the file descriptor again */ 1076 close(0); 1077 1078 /* make sure nothing uses fd 0 */ 1079 if ((fd0 = open(_PATH_DEVNULL, O_RDONLY)) < 0) 1080 fatal("%s: open(/dev/null): %s", __func__, strerror(errno)); 1081 if (fd0 != 0) 1082 error("%s: fd0 %d != 0", __func__, fd0); 1083 1084 /* slave is not needed */ 1085 close(s->ttyfd); 1086 s->ttyfd = s->ptyfd; 1087 /* no need to dup() because nobody closes ptyfd */ 1088 s->ptymaster = s->ptyfd; 1089 1090 debug3("%s: tty %s ptyfd %d", __func__, s->tty, s->ttyfd); 1091 1092 return (0); 1093 1094 error: 1095 if (s != NULL) 1096 mm_session_close(s); 1097 buffer_put_int(m, 0); 1098 mm_request_send(socket, MONITOR_ANS_PTY, m); 1099 return (0); 1100} 1101 1102int 1103mm_answer_pty_cleanup(int socket, Buffer *m) 1104{ 1105 Session *s; 1106 char *tty; 1107 1108 debug3("%s entering", __func__); 1109 1110 tty = buffer_get_string(m, NULL); 1111 if ((s = session_by_tty(tty)) != NULL) 1112 mm_session_close(s); 1113 buffer_clear(m); 1114 xfree(tty); 1115 return (0); 1116} 1117 1118int 1119mm_answer_sesskey(int socket, Buffer *m) 1120{ 1121 BIGNUM *p; 1122 int rsafail; 1123 1124 /* Turn off permissions */ 1125 monitor_permit(mon_dispatch, MONITOR_REQ_SESSKEY, 1); 1126 1127 if ((p = BN_new()) == NULL) 1128 fatal("%s: BN_new", __func__); 1129 1130 buffer_get_bignum2(m, p); 1131 1132 rsafail = ssh1_session_key(p); 1133 1134 buffer_clear(m); 1135 buffer_put_int(m, rsafail); 1136 buffer_put_bignum2(m, p); 1137 1138 BN_clear_free(p); 1139 1140 mm_request_send(socket, MONITOR_ANS_SESSKEY, m); 1141 1142 /* Turn on permissions for sessid passing */ 1143 monitor_permit(mon_dispatch, MONITOR_REQ_SESSID, 1); 1144 1145 return (0); 1146} 1147 1148int 1149mm_answer_sessid(int socket, Buffer *m) 1150{ 1151 int i; 1152 1153 debug3("%s entering", __func__); 1154 1155 if (buffer_len(m) != 16) 1156 fatal("%s: bad ssh1 session id", __func__); 1157 for (i = 0; i < 16; i++) 1158 session_id[i] = buffer_get_char(m); 1159 1160 /* Turn on permissions for getpwnam */ 1161 monitor_permit(mon_dispatch, MONITOR_REQ_PWNAM, 1); 1162 1163 return (0); 1164} 1165 1166int 1167mm_answer_rsa_keyallowed(int socket, Buffer *m) 1168{ 1169 BIGNUM *client_n; 1170 Key *key = NULL; 1171 u_char *blob = NULL; 1172 u_int blen = 0; 1173 int allowed = 0; 1174 1175 debug3("%s entering", __func__); 1176 1177 if (options.rsa_authentication && authctxt->valid) { 1178 if ((client_n = BN_new()) == NULL) 1179 fatal("%s: BN_new", __func__); 1180 buffer_get_bignum2(m, client_n); 1181 allowed = auth_rsa_key_allowed(authctxt->pw, client_n, &key); 1182 BN_clear_free(client_n); 1183 } 1184 buffer_clear(m); 1185 buffer_put_int(m, allowed); 1186 buffer_put_int(m, forced_command != NULL); 1187 1188 /* clear temporarily storage (used by generate challenge) */ 1189 monitor_reset_key_state(); 1190 1191 if (allowed && key != NULL) { 1192 key->type = KEY_RSA; /* cheat for key_to_blob */ 1193 if (key_to_blob(key, &blob, &blen) == 0) 1194 fatal("%s: key_to_blob failed", __func__); 1195 buffer_put_string(m, blob, blen); 1196 1197 /* Save temporarily for comparison in verify */ 1198 key_blob = blob; 1199 key_bloblen = blen; 1200 key_blobtype = MM_RSAUSERKEY; 1201 } 1202 if (key != NULL) 1203 key_free(key); 1204 1205 mm_append_debug(m); 1206 1207 mm_request_send(socket, MONITOR_ANS_RSAKEYALLOWED, m); 1208 1209 monitor_permit(mon_dispatch, MONITOR_REQ_RSACHALLENGE, allowed); 1210 monitor_permit(mon_dispatch, MONITOR_REQ_RSARESPONSE, 0); 1211 return (0); 1212} 1213 1214int 1215mm_answer_rsa_challenge(int socket, Buffer *m) 1216{ 1217 Key *key = NULL; 1218 u_char *blob; 1219 u_int blen; 1220 1221 debug3("%s entering", __func__); 1222 1223 if (!authctxt->valid) 1224 fatal("%s: authctxt not valid", __func__); 1225 blob = buffer_get_string(m, &blen); 1226 if (!monitor_allowed_key(blob, blen)) 1227 fatal("%s: bad key, not previously allowed", __func__); 1228 if (key_blobtype != MM_RSAUSERKEY && key_blobtype != MM_RSAHOSTKEY) 1229 fatal("%s: key type mismatch", __func__); 1230 if ((key = key_from_blob(blob, blen)) == NULL) 1231 fatal("%s: received bad key", __func__); 1232 1233 if (ssh1_challenge) 1234 BN_clear_free(ssh1_challenge); 1235 ssh1_challenge = auth_rsa_generate_challenge(key); 1236 1237 buffer_clear(m); 1238 buffer_put_bignum2(m, ssh1_challenge); 1239 1240 debug3("%s sending reply", __func__); 1241 mm_request_send(socket, MONITOR_ANS_RSACHALLENGE, m); 1242 1243 monitor_permit(mon_dispatch, MONITOR_REQ_RSARESPONSE, 1); 1244 1245 xfree(blob); 1246 key_free(key); 1247 return (0); 1248} 1249 1250int 1251mm_answer_rsa_response(int socket, Buffer *m) 1252{ 1253 Key *key = NULL; 1254 u_char *blob, *response; 1255 u_int blen, len; 1256 int success; 1257 1258 debug3("%s entering", __func__); 1259 1260 if (!authctxt->valid) 1261 fatal("%s: authctxt not valid", __func__); 1262 if (ssh1_challenge == NULL) 1263 fatal("%s: no ssh1_challenge", __func__); 1264 1265 blob = buffer_get_string(m, &blen); 1266 if (!monitor_allowed_key(blob, blen)) 1267 fatal("%s: bad key, not previously allowed", __func__); 1268 if (key_blobtype != MM_RSAUSERKEY && key_blobtype != MM_RSAHOSTKEY) 1269 fatal("%s: key type mismatch: %d", __func__, key_blobtype); 1270 if ((key = key_from_blob(blob, blen)) == NULL) 1271 fatal("%s: received bad key", __func__); 1272 response = buffer_get_string(m, &len); 1273 if (len != 16) 1274 fatal("%s: received bad response to challenge", __func__); 1275 success = auth_rsa_verify_response(key, ssh1_challenge, response); 1276 1277 xfree(blob); 1278 key_free(key); 1279 xfree(response); 1280 1281 auth_method = key_blobtype == MM_RSAUSERKEY ? "rsa" : "rhosts-rsa"; 1282 1283 /* reset state */ 1284 BN_clear_free(ssh1_challenge); 1285 ssh1_challenge = NULL; 1286 monitor_reset_key_state(); 1287 1288 buffer_clear(m); 1289 buffer_put_int(m, success); 1290 mm_request_send(socket, MONITOR_ANS_RSARESPONSE, m); 1291 1292 return (success); 1293} 1294 1295#ifdef KRB5 1296int 1297mm_answer_krb5(int socket, Buffer *m) 1298{ 1299 krb5_data tkt, reply; 1300 char *client_user; 1301 u_int len; 1302 int success; 1303 1304 /* use temporary var to avoid size issues on 64bit arch */ 1305 tkt.data = buffer_get_string(m, &len); 1306 tkt.length = len; 1307 1308 success = options.kerberos_authentication && 1309 authctxt->valid && 1310 auth_krb5(authctxt, &tkt, &client_user, &reply); 1311 1312 if (tkt.length) 1313 xfree(tkt.data); 1314 1315 buffer_clear(m); 1316 buffer_put_int(m, success); 1317 1318 if (success) { 1319 buffer_put_cstring(m, client_user); 1320 buffer_put_string(m, reply.data, reply.length); 1321 if (client_user) 1322 xfree(client_user); 1323 if (reply.length) 1324 xfree(reply.data); 1325 } 1326 mm_request_send(socket, MONITOR_ANS_KRB5, m); 1327 1328 auth_method = "kerberos"; 1329 1330 return success; 1331} 1332#endif 1333 1334int 1335mm_answer_term(int socket, Buffer *req) 1336{ 1337 extern struct monitor *pmonitor; 1338 int res, status; 1339 1340 debug3("%s: tearing down sessions", __func__); 1341 1342 /* The child is terminating */ 1343 session_destroy_all(&mm_session_close); 1344 1345 while (waitpid(pmonitor->m_pid, &status, 0) == -1) 1346 if (errno != EINTR) 1347 exit(1); 1348 1349 res = WIFEXITED(status) ? WEXITSTATUS(status) : 1; 1350 1351 /* Terminate process */ 1352 exit (res); 1353} 1354 1355void 1356monitor_apply_keystate(struct monitor *pmonitor) 1357{ 1358 if (compat20) { 1359 set_newkeys(MODE_IN); 1360 set_newkeys(MODE_OUT); 1361 } else { 1362 packet_set_protocol_flags(child_state.ssh1protoflags); 1363 packet_set_encryption_key(child_state.ssh1key, 1364 child_state.ssh1keylen, child_state.ssh1cipher); 1365 xfree(child_state.ssh1key); 1366 } 1367 1368 /* for rc4 and other stateful ciphers */ 1369 packet_set_keycontext(MODE_OUT, child_state.keyout); 1370 xfree(child_state.keyout); 1371 packet_set_keycontext(MODE_IN, child_state.keyin); 1372 xfree(child_state.keyin); 1373 1374 if (!compat20) { 1375 packet_set_iv(MODE_OUT, child_state.ivout); 1376 xfree(child_state.ivout); 1377 packet_set_iv(MODE_IN, child_state.ivin); 1378 xfree(child_state.ivin); 1379 } 1380 1381 memcpy(&incoming_stream, &child_state.incoming, 1382 sizeof(incoming_stream)); 1383 memcpy(&outgoing_stream, &child_state.outgoing, 1384 sizeof(outgoing_stream)); 1385 1386 /* Update with new address */ 1387 if (options.compression) 1388 mm_init_compression(pmonitor->m_zlib); 1389 1390 /* Network I/O buffers */ 1391 /* XXX inefficient for large buffers, need: buffer_init_from_string */ 1392 buffer_clear(&input); 1393 buffer_append(&input, child_state.input, child_state.ilen); 1394 memset(child_state.input, 0, child_state.ilen); 1395 xfree(child_state.input); 1396 1397 buffer_clear(&output); 1398 buffer_append(&output, child_state.output, child_state.olen); 1399 memset(child_state.output, 0, child_state.olen); 1400 xfree(child_state.output); 1401} 1402 1403static Kex * 1404mm_get_kex(Buffer *m) 1405{ 1406 Kex *kex; 1407 void *blob; 1408 u_int bloblen; 1409 1410 kex = xmalloc(sizeof(*kex)); 1411 memset(kex, 0, sizeof(*kex)); 1412 kex->session_id = buffer_get_string(m, &kex->session_id_len); 1413 if ((session_id2 == NULL) || 1414 (kex->session_id_len != session_id2_len) || 1415 (memcmp(kex->session_id, session_id2, session_id2_len) != 0)) 1416 fatal("mm_get_get: internal error: bad session id"); 1417 kex->we_need = buffer_get_int(m); 1418 kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; 1419 kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; 1420 kex->server = 1; 1421 kex->hostkey_type = buffer_get_int(m); 1422 kex->kex_type = buffer_get_int(m); 1423 blob = buffer_get_string(m, &bloblen); 1424 buffer_init(&kex->my); 1425 buffer_append(&kex->my, blob, bloblen); 1426 xfree(blob); 1427 blob = buffer_get_string(m, &bloblen); 1428 buffer_init(&kex->peer); 1429 buffer_append(&kex->peer, blob, bloblen); 1430 xfree(blob); 1431 kex->done = 1; 1432 kex->flags = buffer_get_int(m); 1433 kex->client_version_string = buffer_get_string(m, NULL); 1434 kex->server_version_string = buffer_get_string(m, NULL); 1435 kex->load_host_key=&get_hostkey_by_type; 1436 kex->host_key_index=&get_hostkey_index; 1437 1438 return (kex); 1439} 1440 1441/* This function requries careful sanity checking */ 1442 1443void 1444mm_get_keystate(struct monitor *pmonitor) 1445{ 1446 Buffer m; 1447 u_char *blob, *p; 1448 u_int bloblen, plen; 1449 u_int32_t seqnr, packets; 1450 u_int64_t blocks; 1451 1452 debug3("%s: Waiting for new keys", __func__); 1453 1454 buffer_init(&m); 1455 mm_request_receive_expect(pmonitor->m_sendfd, MONITOR_REQ_KEYEXPORT, &m); 1456 if (!compat20) { 1457 child_state.ssh1protoflags = buffer_get_int(&m); 1458 child_state.ssh1cipher = buffer_get_int(&m); 1459 child_state.ssh1key = buffer_get_string(&m, 1460 &child_state.ssh1keylen); 1461 child_state.ivout = buffer_get_string(&m, 1462 &child_state.ivoutlen); 1463 child_state.ivin = buffer_get_string(&m, &child_state.ivinlen); 1464 goto skip; 1465 } else { 1466 /* Get the Kex for rekeying */ 1467 *pmonitor->m_pkex = mm_get_kex(&m); 1468 } 1469 1470 blob = buffer_get_string(&m, &bloblen); 1471 current_keys[MODE_OUT] = mm_newkeys_from_blob(blob, bloblen); 1472 xfree(blob); 1473 1474 debug3("%s: Waiting for second key", __func__); 1475 blob = buffer_get_string(&m, &bloblen); 1476 current_keys[MODE_IN] = mm_newkeys_from_blob(blob, bloblen); 1477 xfree(blob); 1478 1479 /* Now get sequence numbers for the packets */ 1480 seqnr = buffer_get_int(&m); 1481 blocks = buffer_get_int64(&m); 1482 packets = buffer_get_int(&m); 1483 packet_set_state(MODE_OUT, seqnr, blocks, packets); 1484 seqnr = buffer_get_int(&m); 1485 blocks = buffer_get_int64(&m); 1486 packets = buffer_get_int(&m); 1487 packet_set_state(MODE_IN, seqnr, blocks, packets); 1488 1489 skip: 1490 /* Get the key context */ 1491 child_state.keyout = buffer_get_string(&m, &child_state.keyoutlen); 1492 child_state.keyin = buffer_get_string(&m, &child_state.keyinlen); 1493 1494 debug3("%s: Getting compression state", __func__); 1495 /* Get compression state */ 1496 p = buffer_get_string(&m, &plen); 1497 if (plen != sizeof(child_state.outgoing)) 1498 fatal("%s: bad request size", __func__); 1499 memcpy(&child_state.outgoing, p, sizeof(child_state.outgoing)); 1500 xfree(p); 1501 1502 p = buffer_get_string(&m, &plen); 1503 if (plen != sizeof(child_state.incoming)) 1504 fatal("%s: bad request size", __func__); 1505 memcpy(&child_state.incoming, p, sizeof(child_state.incoming)); 1506 xfree(p); 1507 1508 /* Network I/O buffers */ 1509 debug3("%s: Getting Network I/O buffers", __func__); 1510 child_state.input = buffer_get_string(&m, &child_state.ilen); 1511 child_state.output = buffer_get_string(&m, &child_state.olen); 1512 1513 buffer_free(&m); 1514} 1515 1516 1517/* Allocation functions for zlib */ 1518void * 1519mm_zalloc(struct mm_master *mm, u_int ncount, u_int size) 1520{ 1521 size_t len = (size_t) size * ncount; 1522 void *address; 1523 1524 if (len == 0 || ncount > SIZE_T_MAX / size) 1525 fatal("%s: mm_zalloc(%u, %u)", __func__, ncount, size); 1526 1527 address = mm_malloc(mm, len); 1528 1529 return (address); 1530} 1531 1532void 1533mm_zfree(struct mm_master *mm, void *address) 1534{ 1535 mm_free(mm, address); 1536} 1537 1538void 1539mm_init_compression(struct mm_master *mm) 1540{ 1541 outgoing_stream.zalloc = (alloc_func)mm_zalloc; 1542 outgoing_stream.zfree = (free_func)mm_zfree; 1543 outgoing_stream.opaque = mm; 1544 1545 incoming_stream.zalloc = (alloc_func)mm_zalloc; 1546 incoming_stream.zfree = (free_func)mm_zfree; 1547 incoming_stream.opaque = mm; 1548} 1549 1550/* XXX */ 1551 1552#define FD_CLOSEONEXEC(x) do { \ 1553 if (fcntl(x, F_SETFD, 1) == -1) \ 1554 fatal("fcntl(%d, F_SETFD)", x); \ 1555} while (0) 1556 1557static void 1558monitor_socketpair(int *pair) 1559{ 1560 if (socketpair(AF_UNIX, SOCK_STREAM, 0, pair) == -1) 1561 fatal("%s: socketpair", __func__); 1562 FD_CLOSEONEXEC(pair[0]); 1563 FD_CLOSEONEXEC(pair[1]); 1564} 1565 1566#define MM_MEMSIZE 65536 1567 1568struct monitor * 1569monitor_init(void) 1570{ 1571 struct monitor *mon; 1572 int pair[2]; 1573 1574 mon = xmalloc(sizeof(*mon)); 1575 1576 monitor_socketpair(pair); 1577 1578 mon->m_recvfd = pair[0]; 1579 mon->m_sendfd = pair[1]; 1580 1581 /* Used to share zlib space across processes */ 1582 if (options.compression) { 1583 mon->m_zback = mm_create(NULL, MM_MEMSIZE); 1584 mon->m_zlib = mm_create(mon->m_zback, 20 * MM_MEMSIZE); 1585 1586 /* Compression needs to share state across borders */ 1587 mm_init_compression(mon->m_zlib); 1588 } 1589 1590 return mon; 1591} 1592 1593void 1594monitor_reinit(struct monitor *mon) 1595{ 1596 int pair[2]; 1597 1598 monitor_socketpair(pair); 1599 1600 mon->m_recvfd = pair[0]; 1601 mon->m_sendfd = pair[1]; 1602} 1603 1604#ifdef GSSAPI 1605int 1606mm_answer_gss_setup_ctx(int socket, Buffer *m) 1607{ 1608 gss_OID_desc oid; 1609 OM_uint32 major; 1610 u_int len; 1611 1612 oid.elements = buffer_get_string(m, &len); 1613 oid.length = len; 1614 1615 major = ssh_gssapi_server_ctx(&gsscontext, &oid); 1616 1617 xfree(oid.elements); 1618 1619 buffer_clear(m); 1620 buffer_put_int(m, major); 1621 1622 mm_request_send(socket,MONITOR_ANS_GSSSETUP, m); 1623 1624 /* Now we have a context, enable the step */ 1625 monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 1); 1626 1627 return (0); 1628} 1629 1630int 1631mm_answer_gss_accept_ctx(int socket, Buffer *m) 1632{ 1633 gss_buffer_desc in; 1634 gss_buffer_desc out = GSS_C_EMPTY_BUFFER; 1635 OM_uint32 major,minor; 1636 OM_uint32 flags = 0; /* GSI needs this */ 1637 u_int len; 1638 1639 in.value = buffer_get_string(m, &len); 1640 in.length = len; 1641 major = ssh_gssapi_accept_ctx(gsscontext, &in, &out, &flags); 1642 xfree(in.value); 1643 1644 buffer_clear(m); 1645 buffer_put_int(m, major); 1646 buffer_put_string(m, out.value, out.length); 1647 buffer_put_int(m, flags); 1648 mm_request_send(socket, MONITOR_ANS_GSSSTEP, m); 1649 1650 gss_release_buffer(&minor, &out); 1651 1652 /* Complete - now we can do signing */ 1653 if (major==GSS_S_COMPLETE) { 1654 monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 0); 1655 monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1); 1656 } 1657 return (0); 1658} 1659 1660int 1661mm_answer_gss_userok(int socket, Buffer *m) 1662{ 1663 int authenticated; 1664 1665 authenticated = authctxt->valid && ssh_gssapi_userok(authctxt->user); 1666 1667 buffer_clear(m); 1668 buffer_put_int(m, authenticated); 1669 1670 debug3("%s: sending result %d", __func__, authenticated); 1671 mm_request_send(socket, MONITOR_ANS_GSSUSEROK, m); 1672 1673 auth_method="gssapi"; 1674 1675 /* Monitor loop will terminate if authenticated */ 1676 return (authenticated); 1677} 1678#endif /* GSSAPI */ 1679