1/* $OpenBSD: monitor_wrap.c,v 1.136 2024/06/19 23:24:47 djm Exp $ */ 2/* 3 * Copyright 2002 Niels Provos <provos@citi.umich.edu> 4 * Copyright 2002 Markus Friedl <markus@openbsd.org> 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 17 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 18 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 19 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 21 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 22 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 23 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 25 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 26 */ 27 28#include <sys/types.h> 29#include <sys/uio.h> 30#include <sys/queue.h> 31#include <sys/wait.h> 32 33#include <errno.h> 34#include <pwd.h> 35#include <signal.h> 36#include <stdio.h> 37#include <string.h> 38#include <stdarg.h> 39#include <unistd.h> 40 41#ifdef WITH_OPENSSL 42#include <openssl/bn.h> 43#include <openssl/dh.h> 44#endif 45 46#include "xmalloc.h" 47#include "ssh.h" 48#ifdef WITH_OPENSSL 49#include "dh.h" 50#endif 51#include "sshbuf.h" 52#include "sshkey.h" 53#include "cipher.h" 54#include "kex.h" 55#include "hostfile.h" 56#include "auth.h" 57#include "auth-options.h" 58#include "packet.h" 59#include "mac.h" 60#include "log.h" 61#include "monitor.h" 62#ifdef GSSAPI 63#include "ssh-gss.h" 64#endif 65#include "atomicio.h" 66#include "monitor_fdpass.h" 67#include "misc.h" 68 69#include "channels.h" 70#include "session.h" 71#include "servconf.h" 72#include "monitor_wrap.h" 73#include "srclimit.h" 74 75#include "ssherr.h" 76 77/* Imports */ 78extern struct monitor *pmonitor; 79extern struct sshbuf *loginmsg; 80extern ServerOptions options; 81 82void 83mm_log_handler(LogLevel level, int forced, const char *msg, void *ctx) 84{ 85 struct sshbuf *log_msg; 86 struct monitor *mon = (struct monitor *)ctx; 87 int r; 88 size_t len; 89 90 if (mon->m_log_sendfd == -1) 91 fatal_f("no log channel"); 92 93 if ((log_msg = sshbuf_new()) == NULL) 94 fatal_f("sshbuf_new failed"); 95 96 if ((r = sshbuf_put_u32(log_msg, 0)) != 0 || /* length; filled below */ 97 (r = sshbuf_put_u32(log_msg, level)) != 0 || 98 (r = sshbuf_put_u32(log_msg, forced)) != 0 || 99 (r = sshbuf_put_cstring(log_msg, msg)) != 0) 100 fatal_fr(r, "assemble"); 101 if ((len = sshbuf_len(log_msg)) < 4 || len > 0xffffffff) 102 fatal_f("bad length %zu", len); 103 POKE_U32(sshbuf_mutable_ptr(log_msg), len - 4); 104 if (atomicio(vwrite, mon->m_log_sendfd, 105 sshbuf_mutable_ptr(log_msg), len) != len) 106 fatal_f("write: %s", strerror(errno)); 107 sshbuf_free(log_msg); 108} 109 110int 111mm_is_monitor(void) 112{ 113 /* 114 * m_pid is only set in the privileged part, and 115 * points to the unprivileged child. 116 */ 117 return (pmonitor && pmonitor->m_pid > 0); 118} 119 120static void 121mm_reap(void) 122{ 123 int status = -1; 124 125 if (!mm_is_monitor()) 126 return; 127 while (waitpid(pmonitor->m_pid, &status, 0) == -1) { 128 if (errno == EINTR) 129 continue; 130 pmonitor->m_pid = -1; 131 fatal_f("waitpid: %s", strerror(errno)); 132 } 133 if (WIFEXITED(status)) { 134 if (WEXITSTATUS(status) != 0) { 135 debug_f("preauth child exited with status %d", 136 WEXITSTATUS(status)); 137 cleanup_exit(255); 138 } 139 } else if (WIFSIGNALED(status)) { 140 error_f("preauth child terminated by signal %d", 141 WTERMSIG(status)); 142 cleanup_exit(signal_is_crash(WTERMSIG(status)) ? 143 EXIT_CHILD_CRASH : 255); 144 } else { 145 error_f("preauth child terminated abnormally (status=0x%x)", 146 status); 147 cleanup_exit(EXIT_CHILD_CRASH); 148 } 149} 150 151void 152mm_request_send(int sock, enum monitor_reqtype type, struct sshbuf *m) 153{ 154 size_t mlen = sshbuf_len(m); 155 u_char buf[5]; 156 157 debug3_f("entering, type %d", type); 158 159 if (mlen >= 0xffffffff) 160 fatal_f("bad length %zu", mlen); 161 POKE_U32(buf, mlen + 1); 162 buf[4] = (u_char) type; /* 1st byte of payload is mesg-type */ 163 if (atomicio(vwrite, sock, buf, sizeof(buf)) != sizeof(buf) || 164 atomicio(vwrite, sock, sshbuf_mutable_ptr(m), mlen) != mlen) { 165 if (errno == EPIPE) { 166 debug3_f("monitor fd closed"); 167 mm_reap(); 168 cleanup_exit(255); 169 } 170 fatal_f("write: %s", strerror(errno)); 171 } 172} 173 174void 175mm_request_receive(int sock, struct sshbuf *m) 176{ 177 u_char buf[4], *p = NULL; 178 u_int msg_len; 179 int oerrno, r; 180 181 debug3_f("entering"); 182 183 if (atomicio(read, sock, buf, sizeof(buf)) != sizeof(buf)) { 184 if (errno == EPIPE) { 185 debug3_f("monitor fd closed"); 186 mm_reap(); 187 cleanup_exit(255); 188 } 189 fatal_f("read: %s", strerror(errno)); 190 } 191 msg_len = PEEK_U32(buf); 192 if (msg_len > 256 * 1024) 193 fatal_f("read: bad msg_len %d", msg_len); 194 sshbuf_reset(m); 195 if ((r = sshbuf_reserve(m, msg_len, &p)) != 0) 196 fatal_fr(r, "reserve"); 197 if (atomicio(read, sock, p, msg_len) != msg_len) { 198 oerrno = errno; 199 error_f("read: %s", strerror(errno)); 200 if (oerrno == EPIPE) 201 mm_reap(); 202 cleanup_exit(255); 203 } 204} 205 206void 207mm_request_receive_expect(int sock, enum monitor_reqtype type, struct sshbuf *m) 208{ 209 u_char rtype; 210 int r; 211 212 debug3_f("entering, type %d", type); 213 214 mm_request_receive(sock, m); 215 if ((r = sshbuf_get_u8(m, &rtype)) != 0) 216 fatal_fr(r, "parse"); 217 if (rtype != type) 218 fatal_f("read: rtype %d != type %d", rtype, type); 219} 220 221#ifdef WITH_OPENSSL 222DH * 223mm_choose_dh(int min, int nbits, int max) 224{ 225 BIGNUM *p, *g; 226 int r; 227 u_char success = 0; 228 struct sshbuf *m; 229 230 if ((m = sshbuf_new()) == NULL) 231 fatal_f("sshbuf_new failed"); 232 if ((r = sshbuf_put_u32(m, min)) != 0 || 233 (r = sshbuf_put_u32(m, nbits)) != 0 || 234 (r = sshbuf_put_u32(m, max)) != 0) 235 fatal_fr(r, "assemble"); 236 237 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_MODULI, m); 238 239 debug3_f("waiting for MONITOR_ANS_MODULI"); 240 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_MODULI, m); 241 242 if ((r = sshbuf_get_u8(m, &success)) != 0) 243 fatal_fr(r, "parse success"); 244 if (success == 0) 245 fatal_f("MONITOR_ANS_MODULI failed"); 246 247 if ((r = sshbuf_get_bignum2(m, &p)) != 0 || 248 (r = sshbuf_get_bignum2(m, &g)) != 0) 249 fatal_fr(r, "parse group"); 250 251 debug3_f("remaining %zu", sshbuf_len(m)); 252 sshbuf_free(m); 253 254 return (dh_new_group(g, p)); 255} 256#endif 257 258int 259mm_sshkey_sign(struct ssh *ssh, struct sshkey *key, u_char **sigp, size_t *lenp, 260 const u_char *data, size_t datalen, const char *hostkey_alg, 261 const char *sk_provider, const char *sk_pin, u_int compat) 262{ 263 struct kex *kex = *pmonitor->m_pkex; 264 struct sshbuf *m; 265 u_int ndx = kex->host_key_index(key, 0, ssh); 266 int r; 267 268 debug3_f("entering"); 269 if ((m = sshbuf_new()) == NULL) 270 fatal_f("sshbuf_new failed"); 271 if ((r = sshbuf_put_u32(m, ndx)) != 0 || 272 (r = sshbuf_put_string(m, data, datalen)) != 0 || 273 (r = sshbuf_put_cstring(m, hostkey_alg)) != 0 || 274 (r = sshbuf_put_u32(m, compat)) != 0) 275 fatal_fr(r, "assemble"); 276 277 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SIGN, m); 278 279 debug3_f("waiting for MONITOR_ANS_SIGN"); 280 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_SIGN, m); 281 if ((r = sshbuf_get_string(m, sigp, lenp)) != 0) 282 fatal_fr(r, "parse"); 283 sshbuf_free(m); 284 285 return (0); 286} 287 288void 289mm_decode_activate_server_options(struct ssh *ssh, struct sshbuf *m) 290{ 291 const u_char *p; 292 size_t len; 293 u_int i; 294 ServerOptions *newopts; 295 int r; 296 297 if ((r = sshbuf_get_string_direct(m, &p, &len)) != 0) 298 fatal_fr(r, "parse opts"); 299 if (len != sizeof(*newopts)) 300 fatal_f("option block size mismatch"); 301 newopts = xcalloc(sizeof(*newopts), 1); 302 memcpy(newopts, p, sizeof(*newopts)); 303 304#define M_CP_STROPT(x) do { \ 305 if (newopts->x != NULL && \ 306 (r = sshbuf_get_cstring(m, &newopts->x, NULL)) != 0) \ 307 fatal_fr(r, "parse %s", #x); \ 308 } while (0) 309#define M_CP_STRARRAYOPT(x, nx) do { \ 310 newopts->x = newopts->nx == 0 ? \ 311 NULL : xcalloc(newopts->nx, sizeof(*newopts->x)); \ 312 for (i = 0; i < newopts->nx; i++) { \ 313 if ((r = sshbuf_get_cstring(m, \ 314 &newopts->x[i], NULL)) != 0) \ 315 fatal_fr(r, "parse %s", #x); \ 316 } \ 317 } while (0) 318 /* See comment in servconf.h */ 319 COPY_MATCH_STRING_OPTS(); 320#undef M_CP_STROPT 321#undef M_CP_STRARRAYOPT 322 323 copy_set_server_options(&options, newopts, 1); 324 log_change_level(options.log_level); 325 log_verbose_reset(); 326 for (i = 0; i < options.num_log_verbose; i++) 327 log_verbose_add(options.log_verbose[i]); 328 free(newopts); 329} 330 331#define GETPW(b, id) \ 332 do { \ 333 if ((r = sshbuf_get_string_direct(b, &p, &len)) != 0) \ 334 fatal_fr(r, "parse pw %s", #id); \ 335 if (len != sizeof(pw->id)) \ 336 fatal_fr(r, "bad length for %s", #id); \ 337 memcpy(&pw->id, p, len); \ 338 } while (0) 339 340struct passwd * 341mm_getpwnamallow(struct ssh *ssh, const char *username) 342{ 343 struct sshbuf *m; 344 struct passwd *pw; 345 size_t len; 346 int r; 347 u_char ok; 348 const u_char *p; 349 350 debug3_f("entering"); 351 352 if ((m = sshbuf_new()) == NULL) 353 fatal_f("sshbuf_new failed"); 354 if ((r = sshbuf_put_cstring(m, username)) != 0) 355 fatal_fr(r, "assemble"); 356 357 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PWNAM, m); 358 359 debug3_f("waiting for MONITOR_ANS_PWNAM"); 360 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PWNAM, m); 361 362 if ((r = sshbuf_get_u8(m, &ok)) != 0) 363 fatal_fr(r, "parse success"); 364 if (ok == 0) { 365 pw = NULL; 366 goto out; 367 } 368 369 pw = xcalloc(sizeof(*pw), 1); 370 GETPW(m, pw_uid); 371 GETPW(m, pw_gid); 372 GETPW(m, pw_change); 373 GETPW(m, pw_expire); 374 if ((r = sshbuf_get_cstring(m, &pw->pw_name, NULL)) != 0 || 375 (r = sshbuf_get_cstring(m, &pw->pw_passwd, NULL)) != 0 || 376 (r = sshbuf_get_cstring(m, &pw->pw_gecos, NULL)) != 0 || 377 (r = sshbuf_get_cstring(m, &pw->pw_class, NULL)) != 0 || 378 (r = sshbuf_get_cstring(m, &pw->pw_dir, NULL)) != 0 || 379 (r = sshbuf_get_cstring(m, &pw->pw_shell, NULL)) != 0) 380 fatal_fr(r, "parse pw"); 381 382out: 383 /* copy options block as a Match directive may have changed some */ 384 mm_decode_activate_server_options(ssh, m); 385 server_process_permitopen(ssh); 386 server_process_channel_timeouts(ssh); 387 kex_set_server_sig_algs(ssh, options.pubkey_accepted_algos); 388 sshbuf_free(m); 389 390 return (pw); 391} 392 393char * 394mm_auth2_read_banner(void) 395{ 396 struct sshbuf *m; 397 char *banner; 398 int r; 399 400 debug3_f("entering"); 401 402 if ((m = sshbuf_new()) == NULL) 403 fatal_f("sshbuf_new failed"); 404 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTH2_READ_BANNER, m); 405 sshbuf_reset(m); 406 407 mm_request_receive_expect(pmonitor->m_recvfd, 408 MONITOR_ANS_AUTH2_READ_BANNER, m); 409 if ((r = sshbuf_get_cstring(m, &banner, NULL)) != 0) 410 fatal_fr(r, "parse"); 411 sshbuf_free(m); 412 413 /* treat empty banner as missing banner */ 414 if (strlen(banner) == 0) { 415 free(banner); 416 banner = NULL; 417 } 418 return (banner); 419} 420 421/* Inform the privileged process about service and style */ 422 423void 424mm_inform_authserv(char *service, char *style) 425{ 426 struct sshbuf *m; 427 int r; 428 429 debug3_f("entering"); 430 431 if ((m = sshbuf_new()) == NULL) 432 fatal_f("sshbuf_new failed"); 433 if ((r = sshbuf_put_cstring(m, service)) != 0 || 434 (r = sshbuf_put_cstring(m, style ? style : "")) != 0) 435 fatal_fr(r, "assemble"); 436 437 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHSERV, m); 438 439 sshbuf_free(m); 440} 441 442/* Do the password authentication */ 443int 444mm_auth_password(struct ssh *ssh, char *password) 445{ 446 struct sshbuf *m; 447 int r, authenticated = 0; 448 449 debug3_f("entering"); 450 451 if ((m = sshbuf_new()) == NULL) 452 fatal_f("sshbuf_new failed"); 453 if ((r = sshbuf_put_cstring(m, password)) != 0) 454 fatal_fr(r, "assemble"); 455 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHPASSWORD, m); 456 457 debug3_f("waiting for MONITOR_ANS_AUTHPASSWORD"); 458 mm_request_receive_expect(pmonitor->m_recvfd, 459 MONITOR_ANS_AUTHPASSWORD, m); 460 461 if ((r = sshbuf_get_u32(m, &authenticated)) != 0) 462 fatal_fr(r, "parse"); 463 464 sshbuf_free(m); 465 466 debug3_f("user %sauthenticated", authenticated ? "" : "not "); 467 return (authenticated); 468} 469 470int 471mm_user_key_allowed(struct ssh *ssh, struct passwd *pw, struct sshkey *key, 472 int pubkey_auth_attempt, struct sshauthopt **authoptp) 473{ 474 return (mm_key_allowed(MM_USERKEY, NULL, NULL, key, 475 pubkey_auth_attempt, authoptp)); 476} 477 478int 479mm_hostbased_key_allowed(struct ssh *ssh, struct passwd *pw, 480 const char *user, const char *host, struct sshkey *key) 481{ 482 return (mm_key_allowed(MM_HOSTKEY, user, host, key, 0, NULL)); 483} 484 485int 486mm_key_allowed(enum mm_keytype type, const char *user, const char *host, 487 struct sshkey *key, int pubkey_auth_attempt, struct sshauthopt **authoptp) 488{ 489 struct sshbuf *m; 490 int r, allowed = 0; 491 struct sshauthopt *opts = NULL; 492 493 debug3_f("entering"); 494 495 if (authoptp != NULL) 496 *authoptp = NULL; 497 498 if ((m = sshbuf_new()) == NULL) 499 fatal_f("sshbuf_new failed"); 500 if ((r = sshbuf_put_u32(m, type)) != 0 || 501 (r = sshbuf_put_cstring(m, user ? user : "")) != 0 || 502 (r = sshbuf_put_cstring(m, host ? host : "")) != 0 || 503 (r = sshkey_puts(key, m)) != 0 || 504 (r = sshbuf_put_u32(m, pubkey_auth_attempt)) != 0) 505 fatal_fr(r, "assemble"); 506 507 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYALLOWED, m); 508 509 debug3_f("waiting for MONITOR_ANS_KEYALLOWED"); 510 mm_request_receive_expect(pmonitor->m_recvfd, 511 MONITOR_ANS_KEYALLOWED, m); 512 513 if ((r = sshbuf_get_u32(m, &allowed)) != 0) 514 fatal_fr(r, "parse"); 515 if (allowed && type == MM_USERKEY && 516 (r = sshauthopt_deserialise(m, &opts)) != 0) 517 fatal_fr(r, "sshauthopt_deserialise"); 518 sshbuf_free(m); 519 520 if (authoptp != NULL) { 521 *authoptp = opts; 522 opts = NULL; 523 } 524 sshauthopt_free(opts); 525 526 return allowed; 527} 528 529/* 530 * This key verify needs to send the key type along, because the 531 * privileged parent makes the decision if the key is allowed 532 * for authentication. 533 */ 534 535int 536mm_sshkey_verify(const struct sshkey *key, const u_char *sig, size_t siglen, 537 const u_char *data, size_t datalen, const char *sigalg, u_int compat, 538 struct sshkey_sig_details **sig_detailsp) 539{ 540 struct sshbuf *m; 541 u_int encoded_ret = 0; 542 int r; 543 u_char sig_details_present, flags; 544 u_int counter; 545 546 debug3_f("entering"); 547 548 if (sig_detailsp != NULL) 549 *sig_detailsp = NULL; 550 if ((m = sshbuf_new()) == NULL) 551 fatal_f("sshbuf_new failed"); 552 if ((r = sshkey_puts(key, m)) != 0 || 553 (r = sshbuf_put_string(m, sig, siglen)) != 0 || 554 (r = sshbuf_put_string(m, data, datalen)) != 0 || 555 (r = sshbuf_put_cstring(m, sigalg == NULL ? "" : sigalg)) != 0) 556 fatal_fr(r, "assemble"); 557 558 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYVERIFY, m); 559 560 debug3_f("waiting for MONITOR_ANS_KEYVERIFY"); 561 mm_request_receive_expect(pmonitor->m_recvfd, 562 MONITOR_ANS_KEYVERIFY, m); 563 564 if ((r = sshbuf_get_u32(m, &encoded_ret)) != 0 || 565 (r = sshbuf_get_u8(m, &sig_details_present)) != 0) 566 fatal_fr(r, "parse"); 567 if (sig_details_present && encoded_ret == 0) { 568 if ((r = sshbuf_get_u32(m, &counter)) != 0 || 569 (r = sshbuf_get_u8(m, &flags)) != 0) 570 fatal_fr(r, "parse sig_details"); 571 if (sig_detailsp != NULL) { 572 *sig_detailsp = xcalloc(1, sizeof(**sig_detailsp)); 573 (*sig_detailsp)->sk_counter = counter; 574 (*sig_detailsp)->sk_flags = flags; 575 } 576 } 577 578 sshbuf_free(m); 579 580 if (encoded_ret != 0) 581 return SSH_ERR_SIGNATURE_INVALID; 582 return 0; 583} 584 585void 586mm_send_keystate(struct ssh *ssh, struct monitor *monitor) 587{ 588 struct sshbuf *m; 589 int r; 590 591 if ((m = sshbuf_new()) == NULL) 592 fatal_f("sshbuf_new failed"); 593 if ((r = ssh_packet_get_state(ssh, m)) != 0) 594 fatal_fr(r, "ssh_packet_get_state"); 595 mm_request_send(monitor->m_recvfd, MONITOR_REQ_KEYEXPORT, m); 596 debug3_f("Finished sending state"); 597 sshbuf_free(m); 598} 599 600int 601mm_pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, size_t namebuflen) 602{ 603 struct sshbuf *m; 604 char *p, *msg; 605 int success = 0, tmp1 = -1, tmp2 = -1, r; 606 607 /* Kludge: ensure there are fds free to receive the pty/tty */ 608 if ((tmp1 = dup(pmonitor->m_recvfd)) == -1 || 609 (tmp2 = dup(pmonitor->m_recvfd)) == -1) { 610 error_f("cannot allocate fds for pty"); 611 if (tmp1 >= 0) 612 close(tmp1); 613 return 0; 614 } 615 close(tmp1); 616 close(tmp2); 617 618 if ((m = sshbuf_new()) == NULL) 619 fatal_f("sshbuf_new failed"); 620 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PTY, m); 621 622 debug3_f("waiting for MONITOR_ANS_PTY"); 623 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PTY, m); 624 625 if ((r = sshbuf_get_u32(m, &success)) != 0) 626 fatal_fr(r, "parse success"); 627 if (success == 0) { 628 debug3_f("pty alloc failed"); 629 sshbuf_free(m); 630 return (0); 631 } 632 if ((r = sshbuf_get_cstring(m, &p, NULL)) != 0 || 633 (r = sshbuf_get_cstring(m, &msg, NULL)) != 0) 634 fatal_fr(r, "parse"); 635 sshbuf_free(m); 636 637 strlcpy(namebuf, p, namebuflen); /* Possible truncation */ 638 free(p); 639 640 if ((r = sshbuf_put(loginmsg, msg, strlen(msg))) != 0) 641 fatal_fr(r, "put loginmsg"); 642 free(msg); 643 644 if ((*ptyfd = mm_receive_fd(pmonitor->m_recvfd)) == -1 || 645 (*ttyfd = mm_receive_fd(pmonitor->m_recvfd)) == -1) 646 fatal_f("receive fds failed"); 647 648 /* Success */ 649 return (1); 650} 651 652void 653mm_session_pty_cleanup2(Session *s) 654{ 655 struct sshbuf *m; 656 int r; 657 658 if (s->ttyfd == -1) 659 return; 660 if ((m = sshbuf_new()) == NULL) 661 fatal_f("sshbuf_new failed"); 662 if ((r = sshbuf_put_cstring(m, s->tty)) != 0) 663 fatal_fr(r, "assmble"); 664 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PTYCLEANUP, m); 665 sshbuf_free(m); 666 667 /* closed dup'ed master */ 668 if (s->ptymaster != -1 && close(s->ptymaster) == -1) 669 error("close(s->ptymaster/%d): %s", 670 s->ptymaster, strerror(errno)); 671 672 /* unlink pty from session */ 673 s->ttyfd = -1; 674} 675 676/* Request process termination */ 677 678void 679mm_terminate(void) 680{ 681 struct sshbuf *m; 682 683 if ((m = sshbuf_new()) == NULL) 684 fatal_f("sshbuf_new failed"); 685 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_TERM, m); 686 sshbuf_free(m); 687} 688 689static void 690mm_chall_setup(char **name, char **infotxt, u_int *numprompts, 691 char ***prompts, u_int **echo_on) 692{ 693 *name = xstrdup(""); 694 *infotxt = xstrdup(""); 695 *numprompts = 1; 696 *prompts = xcalloc(*numprompts, sizeof(char *)); 697 *echo_on = xcalloc(*numprompts, sizeof(u_int)); 698 (*echo_on)[0] = 0; 699} 700 701int 702mm_bsdauth_query(void *ctx, char **name, char **infotxt, 703 u_int *numprompts, char ***prompts, u_int **echo_on) 704{ 705 struct sshbuf *m; 706 u_int success; 707 char *challenge; 708 int r; 709 710 debug3_f("entering"); 711 712 if ((m = sshbuf_new()) == NULL) 713 fatal_f("sshbuf_new failed"); 714 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_BSDAUTHQUERY, m); 715 716 mm_request_receive_expect(pmonitor->m_recvfd, 717 MONITOR_ANS_BSDAUTHQUERY, m); 718 if ((r = sshbuf_get_u32(m, &success)) != 0) 719 fatal_fr(r, "parse success"); 720 if (success == 0) { 721 debug3_f("no challenge"); 722 sshbuf_free(m); 723 return (-1); 724 } 725 726 /* Get the challenge, and format the response */ 727 if ((r = sshbuf_get_cstring(m, &challenge, NULL)) != 0) 728 fatal_fr(r, "parse challenge"); 729 sshbuf_free(m); 730 731 mm_chall_setup(name, infotxt, numprompts, prompts, echo_on); 732 (*prompts)[0] = challenge; 733 734 debug3_f("received challenge: %s", challenge); 735 736 return (0); 737} 738 739int 740mm_bsdauth_respond(void *ctx, u_int numresponses, char **responses) 741{ 742 struct sshbuf *m; 743 int r, authok; 744 745 debug3_f("entering"); 746 if (numresponses != 1) 747 return (-1); 748 749 if ((m = sshbuf_new()) == NULL) 750 fatal_f("sshbuf_new failed"); 751 if ((r = sshbuf_put_cstring(m, responses[0])) != 0) 752 fatal_fr(r, "assemble"); 753 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_BSDAUTHRESPOND, m); 754 755 mm_request_receive_expect(pmonitor->m_recvfd, 756 MONITOR_ANS_BSDAUTHRESPOND, m); 757 758 if ((r = sshbuf_get_u32(m, &authok)) != 0) 759 fatal_fr(r, "parse"); 760 sshbuf_free(m); 761 762 return ((authok == 0) ? -1 : 0); 763} 764 765#ifdef GSSAPI 766OM_uint32 767mm_ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID goid) 768{ 769 struct sshbuf *m; 770 OM_uint32 major; 771 int r; 772 773 /* Client doesn't get to see the context */ 774 *ctx = NULL; 775 776 if ((m = sshbuf_new()) == NULL) 777 fatal_f("sshbuf_new failed"); 778 if ((r = sshbuf_put_string(m, goid->elements, goid->length)) != 0) 779 fatal_fr(r, "assemble"); 780 781 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSETUP, m); 782 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSETUP, m); 783 784 if ((r = sshbuf_get_u32(m, &major)) != 0) 785 fatal_fr(r, "parse"); 786 787 sshbuf_free(m); 788 return (major); 789} 790 791OM_uint32 792mm_ssh_gssapi_accept_ctx(Gssctxt *ctx, gss_buffer_desc *in, 793 gss_buffer_desc *out, OM_uint32 *flagsp) 794{ 795 struct sshbuf *m; 796 OM_uint32 major; 797 u_int flags; 798 int r; 799 800 if ((m = sshbuf_new()) == NULL) 801 fatal_f("sshbuf_new failed"); 802 if ((r = sshbuf_put_string(m, in->value, in->length)) != 0) 803 fatal_fr(r, "assemble"); 804 805 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSTEP, m); 806 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSTEP, m); 807 808 if ((r = sshbuf_get_u32(m, &major)) != 0 || 809 (r = ssh_gssapi_get_buffer_desc(m, out)) != 0) 810 fatal_fr(r, "parse"); 811 if (flagsp != NULL) { 812 if ((r = sshbuf_get_u32(m, &flags)) != 0) 813 fatal_fr(r, "parse flags"); 814 *flagsp = flags; 815 } 816 817 sshbuf_free(m); 818 819 return (major); 820} 821 822OM_uint32 823mm_ssh_gssapi_checkmic(Gssctxt *ctx, gss_buffer_t gssbuf, gss_buffer_t gssmic) 824{ 825 struct sshbuf *m; 826 OM_uint32 major; 827 int r; 828 829 if ((m = sshbuf_new()) == NULL) 830 fatal_f("sshbuf_new failed"); 831 if ((r = sshbuf_put_string(m, gssbuf->value, gssbuf->length)) != 0 || 832 (r = sshbuf_put_string(m, gssmic->value, gssmic->length)) != 0) 833 fatal_fr(r, "assemble"); 834 835 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSCHECKMIC, m); 836 mm_request_receive_expect(pmonitor->m_recvfd, 837 MONITOR_ANS_GSSCHECKMIC, m); 838 839 if ((r = sshbuf_get_u32(m, &major)) != 0) 840 fatal_fr(r, "parse"); 841 sshbuf_free(m); 842 return(major); 843} 844 845int 846mm_ssh_gssapi_userok(char *user) 847{ 848 struct sshbuf *m; 849 int r, authenticated = 0; 850 851 if ((m = sshbuf_new()) == NULL) 852 fatal_f("sshbuf_new failed"); 853 854 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSUSEROK, m); 855 mm_request_receive_expect(pmonitor->m_recvfd, 856 MONITOR_ANS_GSSUSEROK, m); 857 858 if ((r = sshbuf_get_u32(m, &authenticated)) != 0) 859 fatal_fr(r, "parse"); 860 861 sshbuf_free(m); 862 debug3_f("user %sauthenticated", authenticated ? "" : "not "); 863 return (authenticated); 864} 865#endif /* GSSAPI */ 866 867/* 868 * Inform channels layer of permitopen options for a single forwarding 869 * direction (local/remote). 870 */ 871static void 872server_process_permitopen_list(struct ssh *ssh, int listen, 873 char **opens, u_int num_opens) 874{ 875 u_int i; 876 int port; 877 char *host, *arg, *oarg; 878 int where = listen ? FORWARD_REMOTE : FORWARD_LOCAL; 879 const char *what = listen ? "permitlisten" : "permitopen"; 880 881 channel_clear_permission(ssh, FORWARD_ADM, where); 882 if (num_opens == 0) 883 return; /* permit any */ 884 885 /* handle keywords: "any" / "none" */ 886 if (num_opens == 1 && strcmp(opens[0], "any") == 0) 887 return; 888 if (num_opens == 1 && strcmp(opens[0], "none") == 0) { 889 channel_disable_admin(ssh, where); 890 return; 891 } 892 /* Otherwise treat it as a list of permitted host:port */ 893 for (i = 0; i < num_opens; i++) { 894 oarg = arg = xstrdup(opens[i]); 895 host = hpdelim(&arg); 896 if (host == NULL) 897 fatal_f("missing host in %s", what); 898 host = cleanhostname(host); 899 if (arg == NULL || ((port = permitopen_port(arg)) < 0)) 900 fatal_f("bad port number in %s", what); 901 /* Send it to channels layer */ 902 channel_add_permission(ssh, FORWARD_ADM, 903 where, host, port); 904 free(oarg); 905 } 906} 907 908/* 909 * Inform channels layer of permitopen options from configuration. 910 */ 911void 912server_process_permitopen(struct ssh *ssh) 913{ 914 server_process_permitopen_list(ssh, 0, 915 options.permitted_opens, options.num_permitted_opens); 916 server_process_permitopen_list(ssh, 1, 917 options.permitted_listens, options.num_permitted_listens); 918} 919 920void 921server_process_channel_timeouts(struct ssh *ssh) 922{ 923 u_int i, secs; 924 char *type; 925 926 debug3_f("setting %u timeouts", options.num_channel_timeouts); 927 channel_clear_timeouts(ssh); 928 for (i = 0; i < options.num_channel_timeouts; i++) { 929 if (parse_pattern_interval(options.channel_timeouts[i], 930 &type, &secs) != 0) { 931 fatal_f("internal error: bad timeout %s", 932 options.channel_timeouts[i]); 933 } 934 channel_add_timeout(ssh, type, secs); 935 free(type); 936 } 937} 938 939struct connection_info * 940server_get_connection_info(struct ssh *ssh, int populate, int use_dns) 941{ 942 static struct connection_info ci; 943 944 if (ssh == NULL || !populate) 945 return &ci; 946 ci.host = use_dns ? ssh_remote_hostname(ssh) : ssh_remote_ipaddr(ssh); 947 ci.address = ssh_remote_ipaddr(ssh); 948 ci.laddress = ssh_local_ipaddr(ssh); 949 ci.lport = ssh_local_port(ssh); 950 ci.rdomain = ssh_packet_rdomain_in(ssh); 951 return &ci; 952} 953 954