GCC Code Coverage Report
Directory: ./ Exec Total Coverage
File: usr.bin/ssh/sshd/../monitor.c Lines: 0 637 0.0 %
Date: 2017-11-13 Branches: 0 340 0.0 %

Line Branch Exec Source
1
/* $OpenBSD: monitor.c,v 1.175 2017/10/05 15:52:03 djm Exp $ */
2
/*
3
 * Copyright 2002 Niels Provos <provos@citi.umich.edu>
4
 * Copyright 2002 Markus Friedl <markus@openbsd.org>
5
 * All rights reserved.
6
 *
7
 * Redistribution and use in source and binary forms, with or without
8
 * modification, are permitted provided that the following conditions
9
 * are met:
10
 * 1. Redistributions of source code must retain the above copyright
11
 *    notice, this list of conditions and the following disclaimer.
12
 * 2. Redistributions in binary form must reproduce the above copyright
13
 *    notice, this list of conditions and the following disclaimer in the
14
 *    documentation and/or other materials provided with the distribution.
15
 *
16
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
17
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
18
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
19
 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
20
 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
21
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
22
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
23
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
24
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
25
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26
 */
27
28
#include <sys/types.h>
29
#include <sys/wait.h>
30
#include <sys/socket.h>
31
#include <sys/tree.h>
32
#include <sys/queue.h>
33
34
#ifdef WITH_OPENSSL
35
#include <openssl/dh.h>
36
#endif
37
38
#include <errno.h>
39
#include <fcntl.h>
40
#include <limits.h>
41
#include <paths.h>
42
#include <poll.h>
43
#include <pwd.h>
44
#include <signal.h>
45
#include <stdarg.h>
46
#include <stdint.h>
47
#include <stdio.h>
48
#include <stdlib.h>
49
#include <string.h>
50
51
#include "atomicio.h"
52
#include "xmalloc.h"
53
#include "ssh.h"
54
#include "key.h"
55
#include "buffer.h"
56
#include "hostfile.h"
57
#include "auth.h"
58
#include "cipher.h"
59
#include "kex.h"
60
#include "dh.h"
61
#include <zlib.h>
62
#include "packet.h"
63
#include "auth-options.h"
64
#include "sshpty.h"
65
#include "channels.h"
66
#include "session.h"
67
#include "sshlogin.h"
68
#include "canohost.h"
69
#include "log.h"
70
#include "misc.h"
71
#include "servconf.h"
72
#include "monitor.h"
73
#ifdef GSSAPI
74
#include "ssh-gss.h"
75
#endif
76
#include "monitor_wrap.h"
77
#include "monitor_fdpass.h"
78
#include "compat.h"
79
#include "ssh2.h"
80
#include "authfd.h"
81
#include "match.h"
82
#include "ssherr.h"
83
84
#ifdef GSSAPI
85
static Gssctxt *gsscontext = NULL;
86
#endif
87
88
/* Imports */
89
extern ServerOptions options;
90
extern u_int utmp_len;
91
extern u_char session_id[];
92
extern Buffer auth_debug;
93
extern int auth_debug_init;
94
extern Buffer loginmsg;
95
96
/* State exported from the child */
97
static struct sshbuf *child_state;
98
99
/* Functions on the monitor that answer unprivileged requests */
100
101
int mm_answer_moduli(int, Buffer *);
102
int mm_answer_sign(int, Buffer *);
103
int mm_answer_pwnamallow(int, Buffer *);
104
int mm_answer_auth2_read_banner(int, Buffer *);
105
int mm_answer_authserv(int, Buffer *);
106
int mm_answer_authpassword(int, Buffer *);
107
int mm_answer_bsdauthquery(int, Buffer *);
108
int mm_answer_bsdauthrespond(int, Buffer *);
109
int mm_answer_skeyquery(int, Buffer *);
110
int mm_answer_skeyrespond(int, Buffer *);
111
int mm_answer_keyallowed(int, Buffer *);
112
int mm_answer_keyverify(int, Buffer *);
113
int mm_answer_pty(int, Buffer *);
114
int mm_answer_pty_cleanup(int, Buffer *);
115
int mm_answer_term(int, Buffer *);
116
int mm_answer_rsa_keyallowed(int, Buffer *);
117
int mm_answer_rsa_challenge(int, Buffer *);
118
int mm_answer_rsa_response(int, Buffer *);
119
int mm_answer_sesskey(int, Buffer *);
120
int mm_answer_sessid(int, Buffer *);
121
122
#ifdef GSSAPI
123
int mm_answer_gss_setup_ctx(int, Buffer *);
124
int mm_answer_gss_accept_ctx(int, Buffer *);
125
int mm_answer_gss_userok(int, Buffer *);
126
int mm_answer_gss_checkmic(int, Buffer *);
127
#endif
128
129
static int monitor_read_log(struct monitor *);
130
131
static Authctxt *authctxt;
132
133
/* local state for key verify */
134
static u_char *key_blob = NULL;
135
static u_int key_bloblen = 0;
136
static int key_blobtype = MM_NOKEY;
137
static char *hostbased_cuser = NULL;
138
static char *hostbased_chost = NULL;
139
static char *auth_method = "unknown";
140
static char *auth_submethod = NULL;
141
static u_int session_id2_len = 0;
142
static u_char *session_id2 = NULL;
143
static pid_t monitor_child_pid;
144
145
struct mon_table {
146
	enum monitor_reqtype type;
147
	int flags;
148
	int (*f)(int, Buffer *);
149
};
150
151
#define MON_ISAUTH	0x0004	/* Required for Authentication */
152
#define MON_AUTHDECIDE	0x0008	/* Decides Authentication */
153
#define MON_ONCE	0x0010	/* Disable after calling */
154
#define MON_ALOG	0x0020	/* Log auth attempt without authenticating */
155
156
#define MON_AUTH	(MON_ISAUTH|MON_AUTHDECIDE)
157
158
#define MON_PERMIT	0x1000	/* Request is permitted */
159
160
struct mon_table mon_dispatch_proto20[] = {
161
#ifdef WITH_OPENSSL
162
    {MONITOR_REQ_MODULI, MON_ONCE, mm_answer_moduli},
163
#endif
164
    {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign},
165
    {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow},
166
    {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv},
167
    {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner},
168
    {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword},
169
    {MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery},
170
    {MONITOR_REQ_BSDAUTHRESPOND, MON_AUTH, mm_answer_bsdauthrespond},
171
    {MONITOR_REQ_KEYALLOWED, MON_ISAUTH, mm_answer_keyallowed},
172
    {MONITOR_REQ_KEYVERIFY, MON_AUTH, mm_answer_keyverify},
173
#ifdef GSSAPI
174
    {MONITOR_REQ_GSSSETUP, MON_ISAUTH, mm_answer_gss_setup_ctx},
175
    {MONITOR_REQ_GSSSTEP, 0, mm_answer_gss_accept_ctx},
176
    {MONITOR_REQ_GSSUSEROK, MON_ONCE|MON_AUTHDECIDE, mm_answer_gss_userok},
177
    {MONITOR_REQ_GSSCHECKMIC, MON_ONCE, mm_answer_gss_checkmic},
178
#endif
179
    {0, 0, NULL}
180
};
181
182
struct mon_table mon_dispatch_postauth20[] = {
183
#ifdef WITH_OPENSSL
184
    {MONITOR_REQ_MODULI, 0, mm_answer_moduli},
185
#endif
186
    {MONITOR_REQ_SIGN, 0, mm_answer_sign},
187
    {MONITOR_REQ_PTY, 0, mm_answer_pty},
188
    {MONITOR_REQ_PTYCLEANUP, 0, mm_answer_pty_cleanup},
189
    {MONITOR_REQ_TERM, 0, mm_answer_term},
190
    {0, 0, NULL}
191
};
192
193
struct mon_table *mon_dispatch;
194
195
/* Specifies if a certain message is allowed at the moment */
196
197
static void
198
monitor_permit(struct mon_table *ent, enum monitor_reqtype type, int permit)
199
{
200
	while (ent->f != NULL) {
201
		if (ent->type == type) {
202
			ent->flags &= ~MON_PERMIT;
203
			ent->flags |= permit ? MON_PERMIT : 0;
204
			return;
205
		}
206
		ent++;
207
	}
208
}
209
210
static void
211
monitor_permit_authentications(int permit)
212
{
213
	struct mon_table *ent = mon_dispatch;
214
215
	while (ent->f != NULL) {
216
		if (ent->flags & MON_AUTH) {
217
			ent->flags &= ~MON_PERMIT;
218
			ent->flags |= permit ? MON_PERMIT : 0;
219
		}
220
		ent++;
221
	}
222
}
223
224
void
225
monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor)
226
{
227
	struct ssh *ssh = active_state;	/* XXX */
228
	struct mon_table *ent;
229
	int authenticated = 0, partial = 0;
230
231
	debug3("preauth child monitor started");
232
233
	close(pmonitor->m_recvfd);
234
	close(pmonitor->m_log_sendfd);
235
	pmonitor->m_log_sendfd = pmonitor->m_recvfd = -1;
236
237
	authctxt = _authctxt;
238
	memset(authctxt, 0, sizeof(*authctxt));
239
240
	mon_dispatch = mon_dispatch_proto20;
241
	/* Permit requests for moduli and signatures */
242
	monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1);
243
	monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1);
244
245
	/* The first few requests do not require asynchronous access */
246
	while (!authenticated) {
247
		partial = 0;
248
		auth_method = "unknown";
249
		auth_submethod = NULL;
250
		auth2_authctxt_reset_info(authctxt);
251
252
		authenticated = (monitor_read(pmonitor, mon_dispatch, &ent) == 1);
253
254
		/* Special handling for multiple required authentications */
255
		if (options.num_auth_methods != 0) {
256
			if (authenticated &&
257
			    !auth2_update_methods_lists(authctxt,
258
			    auth_method, auth_submethod)) {
259
				debug3("%s: method %s: partial", __func__,
260
				    auth_method);
261
				authenticated = 0;
262
				partial = 1;
263
			}
264
		}
265
266
		if (authenticated) {
267
			if (!(ent->flags & MON_AUTHDECIDE))
268
				fatal("%s: unexpected authentication from %d",
269
				    __func__, ent->type);
270
			if (authctxt->pw->pw_uid == 0 &&
271
			    !auth_root_allowed(auth_method))
272
				authenticated = 0;
273
		}
274
		if (ent->flags & (MON_AUTHDECIDE|MON_ALOG)) {
275
			auth_log(authctxt, authenticated, partial,
276
			    auth_method, auth_submethod);
277
			if (!partial && !authenticated)
278
				authctxt->failures++;
279
			if (authenticated || partial) {
280
				auth2_update_session_info(authctxt,
281
				    auth_method, auth_submethod);
282
			}
283
		}
284
	}
285
286
	if (!authctxt->valid)
287
		fatal("%s: authenticated invalid user", __func__);
288
	if (strcmp(auth_method, "unknown") == 0)
289
		fatal("%s: authentication method name unknown", __func__);
290
291
	debug("%s: %s has been authenticated by privileged process",
292
	    __func__, authctxt->user);
293
	ssh_packet_set_log_preamble(ssh, "user %s", authctxt->user);
294
295
	mm_get_keystate(pmonitor);
296
297
	/* Drain any buffered messages from the child */
298
	while (pmonitor->m_log_recvfd != -1 && monitor_read_log(pmonitor) == 0)
299
		;
300
301
	close(pmonitor->m_sendfd);
302
	close(pmonitor->m_log_recvfd);
303
	pmonitor->m_sendfd = pmonitor->m_log_recvfd = -1;
304
}
305
306
static void
307
monitor_set_child_handler(pid_t pid)
308
{
309
	monitor_child_pid = pid;
310
}
311
312
static void
313
monitor_child_handler(int sig)
314
{
315
	kill(monitor_child_pid, sig);
316
}
317
318
void
319
monitor_child_postauth(struct monitor *pmonitor)
320
{
321
	close(pmonitor->m_recvfd);
322
	pmonitor->m_recvfd = -1;
323
324
	monitor_set_child_handler(pmonitor->m_pid);
325
	signal(SIGHUP, &monitor_child_handler);
326
	signal(SIGTERM, &monitor_child_handler);
327
	signal(SIGINT, &monitor_child_handler);
328
329
	mon_dispatch = mon_dispatch_postauth20;
330
331
	/* Permit requests for moduli and signatures */
332
	monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1);
333
	monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1);
334
	monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1);
335
336
	if (!no_pty_flag) {
337
		monitor_permit(mon_dispatch, MONITOR_REQ_PTY, 1);
338
		monitor_permit(mon_dispatch, MONITOR_REQ_PTYCLEANUP, 1);
339
	}
340
341
	for (;;)
342
		monitor_read(pmonitor, mon_dispatch, NULL);
343
}
344
345
static int
346
monitor_read_log(struct monitor *pmonitor)
347
{
348
	Buffer logmsg;
349
	u_int len, level;
350
	char *msg;
351
352
	buffer_init(&logmsg);
353
354
	/* Read length */
355
	buffer_append_space(&logmsg, 4);
356
	if (atomicio(read, pmonitor->m_log_recvfd,
357
	    buffer_ptr(&logmsg), buffer_len(&logmsg)) != buffer_len(&logmsg)) {
358
		if (errno == EPIPE) {
359
			buffer_free(&logmsg);
360
			debug("%s: child log fd closed", __func__);
361
			close(pmonitor->m_log_recvfd);
362
			pmonitor->m_log_recvfd = -1;
363
			return -1;
364
		}
365
		fatal("%s: log fd read: %s", __func__, strerror(errno));
366
	}
367
	len = buffer_get_int(&logmsg);
368
	if (len <= 4 || len > 8192)
369
		fatal("%s: invalid log message length %u", __func__, len);
370
371
	/* Read severity, message */
372
	buffer_clear(&logmsg);
373
	buffer_append_space(&logmsg, len);
374
	if (atomicio(read, pmonitor->m_log_recvfd,
375
	    buffer_ptr(&logmsg), buffer_len(&logmsg)) != buffer_len(&logmsg))
376
		fatal("%s: log fd read: %s", __func__, strerror(errno));
377
378
	/* Log it */
379
	level = buffer_get_int(&logmsg);
380
	msg = buffer_get_string(&logmsg, NULL);
381
	if (log_level_name(level) == NULL)
382
		fatal("%s: invalid log level %u (corrupted message?)",
383
		    __func__, level);
384
	do_log2(level, "%s [preauth]", msg);
385
386
	buffer_free(&logmsg);
387
	free(msg);
388
389
	return 0;
390
}
391
392
int
393
monitor_read(struct monitor *pmonitor, struct mon_table *ent,
394
    struct mon_table **pent)
395
{
396
	Buffer m;
397
	int ret;
398
	u_char type;
399
	struct pollfd pfd[2];
400
401
	for (;;) {
402
		memset(&pfd, 0, sizeof(pfd));
403
		pfd[0].fd = pmonitor->m_sendfd;
404
		pfd[0].events = POLLIN;
405
		pfd[1].fd = pmonitor->m_log_recvfd;
406
		pfd[1].events = pfd[1].fd == -1 ? 0 : POLLIN;
407
		if (poll(pfd, pfd[1].fd == -1 ? 1 : 2, -1) == -1) {
408
			if (errno == EINTR || errno == EAGAIN)
409
				continue;
410
			fatal("%s: poll: %s", __func__, strerror(errno));
411
		}
412
		if (pfd[1].revents) {
413
			/*
414
			 * Drain all log messages before processing next
415
			 * monitor request.
416
			 */
417
			monitor_read_log(pmonitor);
418
			continue;
419
		}
420
		if (pfd[0].revents)
421
			break;  /* Continues below */
422
	}
423
424
	buffer_init(&m);
425
426
	mm_request_receive(pmonitor->m_sendfd, &m);
427
	type = buffer_get_char(&m);
428
429
	debug3("%s: checking request %d", __func__, type);
430
431
	while (ent->f != NULL) {
432
		if (ent->type == type)
433
			break;
434
		ent++;
435
	}
436
437
	if (ent->f != NULL) {
438
		if (!(ent->flags & MON_PERMIT))
439
			fatal("%s: unpermitted request %d", __func__,
440
			    type);
441
		ret = (*ent->f)(pmonitor->m_sendfd, &m);
442
		buffer_free(&m);
443
444
		/* The child may use this request only once, disable it */
445
		if (ent->flags & MON_ONCE) {
446
			debug2("%s: %d used once, disabling now", __func__,
447
			    type);
448
			ent->flags &= ~MON_PERMIT;
449
		}
450
451
		if (pent != NULL)
452
			*pent = ent;
453
454
		return ret;
455
	}
456
457
	fatal("%s: unsupported request: %d", __func__, type);
458
459
	/* NOTREACHED */
460
	return (-1);
461
}
462
463
/* allowed key state */
464
static int
465
monitor_allowed_key(u_char *blob, u_int bloblen)
466
{
467
	/* make sure key is allowed */
468
	if (key_blob == NULL || key_bloblen != bloblen ||
469
	    timingsafe_bcmp(key_blob, blob, key_bloblen))
470
		return (0);
471
	return (1);
472
}
473
474
static void
475
monitor_reset_key_state(void)
476
{
477
	/* reset state */
478
	free(key_blob);
479
	free(hostbased_cuser);
480
	free(hostbased_chost);
481
	key_blob = NULL;
482
	key_bloblen = 0;
483
	key_blobtype = MM_NOKEY;
484
	hostbased_cuser = NULL;
485
	hostbased_chost = NULL;
486
}
487
488
#ifdef WITH_OPENSSL
489
int
490
mm_answer_moduli(int sock, Buffer *m)
491
{
492
	DH *dh;
493
	int min, want, max;
494
495
	min = buffer_get_int(m);
496
	want = buffer_get_int(m);
497
	max = buffer_get_int(m);
498
499
	debug3("%s: got parameters: %d %d %d",
500
	    __func__, min, want, max);
501
	/* We need to check here, too, in case the child got corrupted */
502
	if (max < min || want < min || max < want)
503
		fatal("%s: bad parameters: %d %d %d",
504
		    __func__, min, want, max);
505
506
	buffer_clear(m);
507
508
	dh = choose_dh(min, want, max);
509
	if (dh == NULL) {
510
		buffer_put_char(m, 0);
511
		return (0);
512
	} else {
513
		/* Send first bignum */
514
		buffer_put_char(m, 1);
515
		buffer_put_bignum2(m, dh->p);
516
		buffer_put_bignum2(m, dh->g);
517
518
		DH_free(dh);
519
	}
520
	mm_request_send(sock, MONITOR_ANS_MODULI, m);
521
	return (0);
522
}
523
#endif
524
525
int
526
mm_answer_sign(int sock, Buffer *m)
527
{
528
	struct ssh *ssh = active_state; 	/* XXX */
529
	extern int auth_sock;			/* XXX move to state struct? */
530
	struct sshkey *key;
531
	struct sshbuf *sigbuf = NULL;
532
	u_char *p = NULL, *signature = NULL;
533
	char *alg = NULL;
534
	size_t datlen, siglen, alglen;
535
	int r, is_proof = 0;
536
	u_int keyid;
537
	const char proof_req[] = "hostkeys-prove-00@openssh.com";
538
539
	debug3("%s", __func__);
540
541
	if ((r = sshbuf_get_u32(m, &keyid)) != 0 ||
542
	    (r = sshbuf_get_string(m, &p, &datlen)) != 0 ||
543
	    (r = sshbuf_get_cstring(m, &alg, &alglen)) != 0)
544
		fatal("%s: buffer error: %s", __func__, ssh_err(r));
545
	if (keyid > INT_MAX)
546
		fatal("%s: invalid key ID", __func__);
547
548
	/*
549
	 * Supported KEX types use SHA1 (20 bytes), SHA256 (32 bytes),
550
	 * SHA384 (48 bytes) and SHA512 (64 bytes).
551
	 *
552
	 * Otherwise, verify the signature request is for a hostkey
553
	 * proof.
554
	 *
555
	 * XXX perform similar check for KEX signature requests too?
556
	 * it's not trivial, since what is signed is the hash, rather
557
	 * than the full kex structure...
558
	 */
559
	if (datlen != 20 && datlen != 32 && datlen != 48 && datlen != 64) {
560
		/*
561
		 * Construct expected hostkey proof and compare it to what
562
		 * the client sent us.
563
		 */
564
		if (session_id2_len == 0) /* hostkeys is never first */
565
			fatal("%s: bad data length: %zu", __func__, datlen);
566
		if ((key = get_hostkey_public_by_index(keyid, ssh)) == NULL)
567
			fatal("%s: no hostkey for index %d", __func__, keyid);
568
		if ((sigbuf = sshbuf_new()) == NULL)
569
			fatal("%s: sshbuf_new", __func__);
570
		if ((r = sshbuf_put_cstring(sigbuf, proof_req)) != 0 ||
571
		    (r = sshbuf_put_string(sigbuf, session_id2,
572
		    session_id2_len)) != 0 ||
573
		    (r = sshkey_puts(key, sigbuf)) != 0)
574
			fatal("%s: couldn't prepare private key "
575
			    "proof buffer: %s", __func__, ssh_err(r));
576
		if (datlen != sshbuf_len(sigbuf) ||
577
		    memcmp(p, sshbuf_ptr(sigbuf), sshbuf_len(sigbuf)) != 0)
578
			fatal("%s: bad data length: %zu, hostkey proof len %zu",
579
			    __func__, datlen, sshbuf_len(sigbuf));
580
		sshbuf_free(sigbuf);
581
		is_proof = 1;
582
	}
583
584
	/* save session id, it will be passed on the first call */
585
	if (session_id2_len == 0) {
586
		session_id2_len = datlen;
587
		session_id2 = xmalloc(session_id2_len);
588
		memcpy(session_id2, p, session_id2_len);
589
	}
590
591
	if ((key = get_hostkey_by_index(keyid)) != NULL) {
592
		if ((r = sshkey_sign(key, &signature, &siglen, p, datlen, alg,
593
		    datafellows)) != 0)
594
			fatal("%s: sshkey_sign failed: %s",
595
			    __func__, ssh_err(r));
596
	} else if ((key = get_hostkey_public_by_index(keyid, ssh)) != NULL &&
597
	    auth_sock > 0) {
598
		if ((r = ssh_agent_sign(auth_sock, key, &signature, &siglen,
599
		    p, datlen, alg, datafellows)) != 0) {
600
			fatal("%s: ssh_agent_sign failed: %s",
601
			    __func__, ssh_err(r));
602
		}
603
	} else
604
		fatal("%s: no hostkey from index %d", __func__, keyid);
605
606
	debug3("%s: %s signature %p(%zu)", __func__,
607
	    is_proof ? "KEX" : "hostkey proof", signature, siglen);
608
609
	sshbuf_reset(m);
610
	if ((r = sshbuf_put_string(m, signature, siglen)) != 0)
611
		fatal("%s: buffer error: %s", __func__, ssh_err(r));
612
613
	free(alg);
614
	free(p);
615
	free(signature);
616
617
	mm_request_send(sock, MONITOR_ANS_SIGN, m);
618
619
	/* Turn on permissions for getpwnam */
620
	monitor_permit(mon_dispatch, MONITOR_REQ_PWNAM, 1);
621
622
	return (0);
623
}
624
625
/* Retrieves the password entry and also checks if the user is permitted */
626
627
int
628
mm_answer_pwnamallow(int sock, Buffer *m)
629
{
630
	struct ssh *ssh = active_state;	/* XXX */
631
	char *username;
632
	struct passwd *pwent;
633
	int allowed = 0;
634
	u_int i;
635
636
	debug3("%s", __func__);
637
638
	if (authctxt->attempt++ != 0)
639
		fatal("%s: multiple attempts for getpwnam", __func__);
640
641
	username = buffer_get_string(m, NULL);
642
643
	pwent = getpwnamallow(username);
644
645
	authctxt->user = xstrdup(username);
646
	setproctitle("%s [priv]", pwent ? username : "unknown");
647
	free(username);
648
649
	buffer_clear(m);
650
651
	if (pwent == NULL) {
652
		buffer_put_char(m, 0);
653
		authctxt->pw = fakepw();
654
		goto out;
655
	}
656
657
	allowed = 1;
658
	authctxt->pw = pwent;
659
	authctxt->valid = 1;
660
661
	buffer_put_char(m, 1);
662
	buffer_put_string(m, pwent, sizeof(struct passwd));
663
	buffer_put_cstring(m, pwent->pw_name);
664
	buffer_put_cstring(m, "*");
665
	buffer_put_cstring(m, pwent->pw_gecos);
666
	buffer_put_cstring(m, pwent->pw_class);
667
	buffer_put_cstring(m, pwent->pw_dir);
668
	buffer_put_cstring(m, pwent->pw_shell);
669
670
 out:
671
	ssh_packet_set_log_preamble(ssh, "%suser %s",
672
	    authctxt->valid ? "authenticating" : "invalid ", authctxt->user);
673
	buffer_put_string(m, &options, sizeof(options));
674
675
#define M_CP_STROPT(x) do { \
676
		if (options.x != NULL) \
677
			buffer_put_cstring(m, options.x); \
678
	} while (0)
679
#define M_CP_STRARRAYOPT(x, nx) do { \
680
		for (i = 0; i < options.nx; i++) \
681
			buffer_put_cstring(m, options.x[i]); \
682
	} while (0)
683
	/* See comment in servconf.h */
684
	COPY_MATCH_STRING_OPTS();
685
#undef M_CP_STROPT
686
#undef M_CP_STRARRAYOPT
687
688
	/* Create valid auth method lists */
689
	if (auth2_setup_methods_lists(authctxt) != 0) {
690
		/*
691
		 * The monitor will continue long enough to let the child
692
		 * run to it's packet_disconnect(), but it must not allow any
693
		 * authentication to succeed.
694
		 */
695
		debug("%s: no valid authentication method lists", __func__);
696
	}
697
698
	debug3("%s: sending MONITOR_ANS_PWNAM: %d", __func__, allowed);
699
	mm_request_send(sock, MONITOR_ANS_PWNAM, m);
700
701
	/* Allow service/style information on the auth context */
702
	monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1);
703
	monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1);
704
705
	return (0);
706
}
707
708
int mm_answer_auth2_read_banner(int sock, Buffer *m)
709
{
710
	char *banner;
711
712
	buffer_clear(m);
713
	banner = auth2_read_banner();
714
	buffer_put_cstring(m, banner != NULL ? banner : "");
715
	mm_request_send(sock, MONITOR_ANS_AUTH2_READ_BANNER, m);
716
	free(banner);
717
718
	return (0);
719
}
720
721
int
722
mm_answer_authserv(int sock, Buffer *m)
723
{
724
	monitor_permit_authentications(1);
725
726
	authctxt->service = buffer_get_string(m, NULL);
727
	authctxt->style = buffer_get_string(m, NULL);
728
	debug3("%s: service=%s, style=%s",
729
	    __func__, authctxt->service, authctxt->style);
730
731
	if (strlen(authctxt->style) == 0) {
732
		free(authctxt->style);
733
		authctxt->style = NULL;
734
	}
735
736
	return (0);
737
}
738
739
int
740
mm_answer_authpassword(int sock, Buffer *m)
741
{
742
	static int call_count;
743
	char *passwd;
744
	int authenticated;
745
	u_int plen;
746
747
	if (!options.password_authentication)
748
		fatal("%s: password authentication not enabled", __func__);
749
	passwd = buffer_get_string(m, &plen);
750
	/* Only authenticate if the context is valid */
751
	authenticated = options.password_authentication &&
752
	    auth_password(authctxt, passwd);
753
	explicit_bzero(passwd, strlen(passwd));
754
	free(passwd);
755
756
	buffer_clear(m);
757
	buffer_put_int(m, authenticated);
758
759
	debug3("%s: sending result %d", __func__, authenticated);
760
	mm_request_send(sock, MONITOR_ANS_AUTHPASSWORD, m);
761
762
	call_count++;
763
	if (plen == 0 && call_count == 1)
764
		auth_method = "none";
765
	else
766
		auth_method = "password";
767
768
	/* Causes monitor loop to terminate if authenticated */
769
	return (authenticated);
770
}
771
772
int
773
mm_answer_bsdauthquery(int sock, Buffer *m)
774
{
775
	char *name, *infotxt;
776
	u_int numprompts;
777
	u_int *echo_on;
778
	char **prompts;
779
	u_int success;
780
781
	if (!options.kbd_interactive_authentication)
782
		fatal("%s: kbd-int authentication not enabled", __func__);
783
	success = bsdauth_query(authctxt, &name, &infotxt, &numprompts,
784
	    &prompts, &echo_on) < 0 ? 0 : 1;
785
786
	buffer_clear(m);
787
	buffer_put_int(m, success);
788
	if (success)
789
		buffer_put_cstring(m, prompts[0]);
790
791
	debug3("%s: sending challenge success: %u", __func__, success);
792
	mm_request_send(sock, MONITOR_ANS_BSDAUTHQUERY, m);
793
794
	if (success) {
795
		free(name);
796
		free(infotxt);
797
		free(prompts);
798
		free(echo_on);
799
	}
800
801
	return (0);
802
}
803
804
int
805
mm_answer_bsdauthrespond(int sock, Buffer *m)
806
{
807
	char *response;
808
	int authok;
809
810
	if (!options.kbd_interactive_authentication)
811
		fatal("%s: kbd-int authentication not enabled", __func__);
812
	if (authctxt->as == NULL)
813
		fatal("%s: no bsd auth session", __func__);
814
815
	response = buffer_get_string(m, NULL);
816
	authok = options.challenge_response_authentication &&
817
	    auth_userresponse(authctxt->as, response, 0);
818
	authctxt->as = NULL;
819
	debug3("%s: <%s> = <%d>", __func__, response, authok);
820
	free(response);
821
822
	buffer_clear(m);
823
	buffer_put_int(m, authok);
824
825
	debug3("%s: sending authenticated: %d", __func__, authok);
826
	mm_request_send(sock, MONITOR_ANS_BSDAUTHRESPOND, m);
827
828
	auth_method = "keyboard-interactive";
829
	auth_submethod = "bsdauth";
830
831
	return (authok != 0);
832
}
833
834
int
835
mm_answer_keyallowed(int sock, Buffer *m)
836
{
837
	struct sshkey *key;
838
	char *cuser, *chost;
839
	u_char *blob;
840
	u_int bloblen, pubkey_auth_attempt;
841
	enum mm_keytype type = 0;
842
	int allowed = 0;
843
844
	debug3("%s entering", __func__);
845
846
	type = buffer_get_int(m);
847
	cuser = buffer_get_string(m, NULL);
848
	chost = buffer_get_string(m, NULL);
849
	blob = buffer_get_string(m, &bloblen);
850
	pubkey_auth_attempt = buffer_get_int(m);
851
852
	key = key_from_blob(blob, bloblen);
853
854
	debug3("%s: key_from_blob: %p", __func__, key);
855
856
	if (key != NULL && authctxt->valid) {
857
		/* These should not make it past the privsep child */
858
		if (key_type_plain(key->type) == KEY_RSA &&
859
		    (datafellows & SSH_BUG_RSASIGMD5) != 0)
860
			fatal("%s: passed a SSH_BUG_RSASIGMD5 key", __func__);
861
862
		switch (type) {
863
		case MM_USERKEY:
864
			allowed = options.pubkey_authentication &&
865
			    !auth2_key_already_used(authctxt, key) &&
866
			    match_pattern_list(sshkey_ssh_name(key),
867
			    options.pubkey_key_types, 0) == 1 &&
868
			    user_key_allowed(authctxt->pw, key,
869
			    pubkey_auth_attempt);
870
			auth_method = "publickey";
871
			if (options.pubkey_authentication &&
872
			    (!pubkey_auth_attempt || allowed != 1))
873
				auth_clear_options();
874
			break;
875
		case MM_HOSTKEY:
876
			allowed = options.hostbased_authentication &&
877
			    !auth2_key_already_used(authctxt, key) &&
878
			    match_pattern_list(sshkey_ssh_name(key),
879
			    options.hostbased_key_types, 0) == 1 &&
880
			    hostbased_key_allowed(authctxt->pw,
881
			    cuser, chost, key);
882
			auth2_record_info(authctxt,
883
			    "client user \"%.100s\", client host \"%.100s\"",
884
			    cuser, chost);
885
			auth_method = "hostbased";
886
			break;
887
		default:
888
			fatal("%s: unknown key type %d", __func__, type);
889
			break;
890
		}
891
	}
892
893
	debug3("%s: key is %s", __func__, allowed ? "allowed" : "not allowed");
894
895
	auth2_record_key(authctxt, 0, key);
896
	sshkey_free(key);
897
898
	/* clear temporarily storage (used by verify) */
899
	monitor_reset_key_state();
900
901
	if (allowed) {
902
		/* Save temporarily for comparison in verify */
903
		key_blob = blob;
904
		key_bloblen = bloblen;
905
		key_blobtype = type;
906
		hostbased_cuser = cuser;
907
		hostbased_chost = chost;
908
	} else {
909
		/* Log failed attempt */
910
		auth_log(authctxt, 0, 0, auth_method, NULL);
911
		free(blob);
912
		free(cuser);
913
		free(chost);
914
	}
915
916
	buffer_clear(m);
917
	buffer_put_int(m, allowed);
918
	buffer_put_int(m, forced_command != NULL);
919
920
	mm_request_send(sock, MONITOR_ANS_KEYALLOWED, m);
921
922
	return (0);
923
}
924
925
static int
926
monitor_valid_userblob(u_char *data, u_int datalen)
927
{
928
	Buffer b;
929
	u_char *p;
930
	char *userstyle, *cp;
931
	u_int len;
932
	int fail = 0;
933
934
	buffer_init(&b);
935
	buffer_append(&b, data, datalen);
936
937
	if (datafellows & SSH_OLD_SESSIONID) {
938
		p = buffer_ptr(&b);
939
		len = buffer_len(&b);
940
		if ((session_id2 == NULL) ||
941
		    (len < session_id2_len) ||
942
		    (timingsafe_bcmp(p, session_id2, session_id2_len) != 0))
943
			fail++;
944
		buffer_consume(&b, session_id2_len);
945
	} else {
946
		p = buffer_get_string(&b, &len);
947
		if ((session_id2 == NULL) ||
948
		    (len != session_id2_len) ||
949
		    (timingsafe_bcmp(p, session_id2, session_id2_len) != 0))
950
			fail++;
951
		free(p);
952
	}
953
	if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST)
954
		fail++;
955
	cp = buffer_get_cstring(&b, NULL);
956
	xasprintf(&userstyle, "%s%s%s", authctxt->user,
957
	    authctxt->style ? ":" : "",
958
	    authctxt->style ? authctxt->style : "");
959
	if (strcmp(userstyle, cp) != 0) {
960
		logit("wrong user name passed to monitor: "
961
		    "expected %s != %.100s", userstyle, cp);
962
		fail++;
963
	}
964
	free(userstyle);
965
	free(cp);
966
	buffer_skip_string(&b);
967
	if (datafellows & SSH_BUG_PKAUTH) {
968
		if (!buffer_get_char(&b))
969
			fail++;
970
	} else {
971
		cp = buffer_get_cstring(&b, NULL);
972
		if (strcmp("publickey", cp) != 0)
973
			fail++;
974
		free(cp);
975
		if (!buffer_get_char(&b))
976
			fail++;
977
		buffer_skip_string(&b);
978
	}
979
	buffer_skip_string(&b);
980
	if (buffer_len(&b) != 0)
981
		fail++;
982
	buffer_free(&b);
983
	return (fail == 0);
984
}
985
986
static int
987
monitor_valid_hostbasedblob(u_char *data, u_int datalen, char *cuser,
988
    char *chost)
989
{
990
	Buffer b;
991
	char *p, *userstyle;
992
	u_int len;
993
	int fail = 0;
994
995
	buffer_init(&b);
996
	buffer_append(&b, data, datalen);
997
998
	p = buffer_get_string(&b, &len);
999
	if ((session_id2 == NULL) ||
1000
	    (len != session_id2_len) ||
1001
	    (timingsafe_bcmp(p, session_id2, session_id2_len) != 0))
1002
		fail++;
1003
	free(p);
1004
1005
	if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST)
1006
		fail++;
1007
	p = buffer_get_cstring(&b, NULL);
1008
	xasprintf(&userstyle, "%s%s%s", authctxt->user,
1009
	    authctxt->style ? ":" : "",
1010
	    authctxt->style ? authctxt->style : "");
1011
	if (strcmp(userstyle, p) != 0) {
1012
		logit("wrong user name passed to monitor: expected %s != %.100s",
1013
		    userstyle, p);
1014
		fail++;
1015
	}
1016
	free(userstyle);
1017
	free(p);
1018
	buffer_skip_string(&b);	/* service */
1019
	p = buffer_get_cstring(&b, NULL);
1020
	if (strcmp(p, "hostbased") != 0)
1021
		fail++;
1022
	free(p);
1023
	buffer_skip_string(&b);	/* pkalg */
1024
	buffer_skip_string(&b);	/* pkblob */
1025
1026
	/* verify client host, strip trailing dot if necessary */
1027
	p = buffer_get_string(&b, NULL);
1028
	if (((len = strlen(p)) > 0) && p[len - 1] == '.')
1029
		p[len - 1] = '\0';
1030
	if (strcmp(p, chost) != 0)
1031
		fail++;
1032
	free(p);
1033
1034
	/* verify client user */
1035
	p = buffer_get_string(&b, NULL);
1036
	if (strcmp(p, cuser) != 0)
1037
		fail++;
1038
	free(p);
1039
1040
	if (buffer_len(&b) != 0)
1041
		fail++;
1042
	buffer_free(&b);
1043
	return (fail == 0);
1044
}
1045
1046
int
1047
mm_answer_keyverify(int sock, struct sshbuf *m)
1048
{
1049
	struct sshkey *key;
1050
	u_char *signature, *data, *blob;
1051
	size_t signaturelen, datalen, bloblen;
1052
	int r, ret, valid_data = 0, encoded_ret;
1053
1054
	if ((r = sshbuf_get_string(m, &blob, &bloblen)) != 0 ||
1055
	    (r = sshbuf_get_string(m, &signature, &signaturelen)) != 0 ||
1056
	    (r = sshbuf_get_string(m, &data, &datalen)) != 0)
1057
		fatal("%s: buffer error: %s", __func__, ssh_err(r));
1058
1059
	if (hostbased_cuser == NULL || hostbased_chost == NULL ||
1060
	  !monitor_allowed_key(blob, bloblen))
1061
		fatal("%s: bad key, not previously allowed", __func__);
1062
1063
	/* XXX use sshkey_froms here; need to change key_blob, etc. */
1064
	if ((r = sshkey_from_blob(blob, bloblen, &key)) != 0)
1065
		fatal("%s: bad public key blob: %s", __func__, ssh_err(r));
1066
1067
	switch (key_blobtype) {
1068
	case MM_USERKEY:
1069
		valid_data = monitor_valid_userblob(data, datalen);
1070
		auth_method = "publickey";
1071
		break;
1072
	case MM_HOSTKEY:
1073
		valid_data = monitor_valid_hostbasedblob(data, datalen,
1074
		    hostbased_cuser, hostbased_chost);
1075
		auth_method = "hostbased";
1076
		break;
1077
	default:
1078
		valid_data = 0;
1079
		break;
1080
	}
1081
	if (!valid_data)
1082
		fatal("%s: bad signature data blob", __func__);
1083
1084
	ret = sshkey_verify(key, signature, signaturelen, data, datalen,
1085
	    active_state->compat);
1086
	debug3("%s: %s %p signature %s", __func__, auth_method, key,
1087
	    (ret == 0) ? "verified" : "unverified");
1088
	auth2_record_key(authctxt, ret == 0, key);
1089
1090
	free(blob);
1091
	free(signature);
1092
	free(data);
1093
1094
	monitor_reset_key_state();
1095
1096
	sshkey_free(key);
1097
	sshbuf_reset(m);
1098
1099
	/* encode ret != 0 as positive integer, since we're sending u32 */
1100
	encoded_ret = (ret != 0);
1101
	if ((r = sshbuf_put_u32(m, encoded_ret)) != 0)
1102
		fatal("%s: buffer error: %s", __func__, ssh_err(r));
1103
	mm_request_send(sock, MONITOR_ANS_KEYVERIFY, m);
1104
1105
	return ret == 0;
1106
}
1107
1108
static void
1109
mm_record_login(Session *s, struct passwd *pw)
1110
{
1111
	struct ssh *ssh = active_state;	/* XXX */
1112
	socklen_t fromlen;
1113
	struct sockaddr_storage from;
1114
1115
	/*
1116
	 * Get IP address of client. If the connection is not a socket, let
1117
	 * the address be 0.0.0.0.
1118
	 */
1119
	memset(&from, 0, sizeof(from));
1120
	fromlen = sizeof(from);
1121
	if (packet_connection_is_on_socket()) {
1122
		if (getpeername(packet_get_connection_in(),
1123
		    (struct sockaddr *)&from, &fromlen) < 0) {
1124
			debug("getpeername: %.100s", strerror(errno));
1125
			cleanup_exit(255);
1126
		}
1127
	}
1128
	/* Record that there was a login on that tty from the remote host. */
1129
	record_login(s->pid, s->tty, pw->pw_name, pw->pw_uid,
1130
	    session_get_remote_name_or_ip(ssh, utmp_len, options.use_dns),
1131
	    (struct sockaddr *)&from, fromlen);
1132
}
1133
1134
static void
1135
mm_session_close(Session *s)
1136
{
1137
	debug3("%s: session %d pid %ld", __func__, s->self, (long)s->pid);
1138
	if (s->ttyfd != -1) {
1139
		debug3("%s: tty %s ptyfd %d", __func__, s->tty, s->ptyfd);
1140
		session_pty_cleanup2(s);
1141
	}
1142
	session_unused(s->self);
1143
}
1144
1145
int
1146
mm_answer_pty(int sock, Buffer *m)
1147
{
1148
	extern struct monitor *pmonitor;
1149
	Session *s;
1150
	int res, fd0;
1151
1152
	debug3("%s entering", __func__);
1153
1154
	buffer_clear(m);
1155
	s = session_new();
1156
	if (s == NULL)
1157
		goto error;
1158
	s->authctxt = authctxt;
1159
	s->pw = authctxt->pw;
1160
	s->pid = pmonitor->m_pid;
1161
	res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty));
1162
	if (res == 0)
1163
		goto error;
1164
	pty_setowner(authctxt->pw, s->tty);
1165
1166
	buffer_put_int(m, 1);
1167
	buffer_put_cstring(m, s->tty);
1168
1169
	/* We need to trick ttyslot */
1170
	if (dup2(s->ttyfd, 0) == -1)
1171
		fatal("%s: dup2", __func__);
1172
1173
	mm_record_login(s, authctxt->pw);
1174
1175
	/* Now we can close the file descriptor again */
1176
	close(0);
1177
1178
	/* send messages generated by record_login */
1179
	buffer_put_string(m, buffer_ptr(&loginmsg), buffer_len(&loginmsg));
1180
	buffer_clear(&loginmsg);
1181
1182
	mm_request_send(sock, MONITOR_ANS_PTY, m);
1183
1184
	if (mm_send_fd(sock, s->ptyfd) == -1 ||
1185
	    mm_send_fd(sock, s->ttyfd) == -1)
1186
		fatal("%s: send fds failed", __func__);
1187
1188
	/* make sure nothing uses fd 0 */
1189
	if ((fd0 = open(_PATH_DEVNULL, O_RDONLY)) < 0)
1190
		fatal("%s: open(/dev/null): %s", __func__, strerror(errno));
1191
	if (fd0 != 0)
1192
		error("%s: fd0 %d != 0", __func__, fd0);
1193
1194
	/* slave is not needed */
1195
	close(s->ttyfd);
1196
	s->ttyfd = s->ptyfd;
1197
	/* no need to dup() because nobody closes ptyfd */
1198
	s->ptymaster = s->ptyfd;
1199
1200
	debug3("%s: tty %s ptyfd %d", __func__, s->tty, s->ttyfd);
1201
1202
	return (0);
1203
1204
 error:
1205
	if (s != NULL)
1206
		mm_session_close(s);
1207
	buffer_put_int(m, 0);
1208
	mm_request_send(sock, MONITOR_ANS_PTY, m);
1209
	return (0);
1210
}
1211
1212
int
1213
mm_answer_pty_cleanup(int sock, Buffer *m)
1214
{
1215
	Session *s;
1216
	char *tty;
1217
1218
	debug3("%s entering", __func__);
1219
1220
	tty = buffer_get_string(m, NULL);
1221
	if ((s = session_by_tty(tty)) != NULL)
1222
		mm_session_close(s);
1223
	buffer_clear(m);
1224
	free(tty);
1225
	return (0);
1226
}
1227
1228
int
1229
mm_answer_term(int sock, Buffer *req)
1230
{
1231
	struct ssh *ssh = active_state;	/* XXX */
1232
	extern struct monitor *pmonitor;
1233
	int res, status;
1234
1235
	debug3("%s: tearing down sessions", __func__);
1236
1237
	/* The child is terminating */
1238
	session_destroy_all(ssh, &mm_session_close);
1239
1240
	while (waitpid(pmonitor->m_pid, &status, 0) == -1)
1241
		if (errno != EINTR)
1242
			exit(1);
1243
1244
	res = WIFEXITED(status) ? WEXITSTATUS(status) : 1;
1245
1246
	/* Terminate process */
1247
	exit(res);
1248
}
1249
1250
void
1251
monitor_clear_keystate(struct monitor *pmonitor)
1252
{
1253
	struct ssh *ssh = active_state;	/* XXX */
1254
1255
	ssh_clear_newkeys(ssh, MODE_IN);
1256
	ssh_clear_newkeys(ssh, MODE_OUT);
1257
	sshbuf_free(child_state);
1258
	child_state = NULL;
1259
}
1260
1261
void
1262
monitor_apply_keystate(struct monitor *pmonitor)
1263
{
1264
	struct ssh *ssh = active_state;	/* XXX */
1265
	struct kex *kex;
1266
	int r;
1267
1268
	debug3("%s: packet_set_state", __func__);
1269
	if ((r = ssh_packet_set_state(ssh, child_state)) != 0)
1270
                fatal("%s: packet_set_state: %s", __func__, ssh_err(r));
1271
	sshbuf_free(child_state);
1272
	child_state = NULL;
1273
1274
	if ((kex = ssh->kex) != NULL) {
1275
		/* XXX set callbacks */
1276
#ifdef WITH_OPENSSL
1277
		kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;
1278
		kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server;
1279
		kex->kex[KEX_DH_GRP14_SHA256] = kexdh_server;
1280
		kex->kex[KEX_DH_GRP16_SHA512] = kexdh_server;
1281
		kex->kex[KEX_DH_GRP18_SHA512] = kexdh_server;
1282
		kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
1283
		kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
1284
		kex->kex[KEX_ECDH_SHA2] = kexecdh_server;
1285
#endif
1286
		kex->kex[KEX_C25519_SHA256] = kexc25519_server;
1287
		kex->load_host_public_key=&get_hostkey_public_by_type;
1288
		kex->load_host_private_key=&get_hostkey_private_by_type;
1289
		kex->host_key_index=&get_hostkey_index;
1290
		kex->sign = sshd_hostkey_sign;
1291
	}
1292
}
1293
1294
/* This function requries careful sanity checking */
1295
1296
void
1297
mm_get_keystate(struct monitor *pmonitor)
1298
{
1299
	debug3("%s: Waiting for new keys", __func__);
1300
1301
	if ((child_state = sshbuf_new()) == NULL)
1302
		fatal("%s: sshbuf_new failed", __func__);
1303
	mm_request_receive_expect(pmonitor->m_sendfd, MONITOR_REQ_KEYEXPORT,
1304
	    child_state);
1305
	debug3("%s: GOT new keys", __func__);
1306
}
1307
1308
1309
/* XXX */
1310
1311
#define FD_CLOSEONEXEC(x) do { \
1312
	if (fcntl(x, F_SETFD, FD_CLOEXEC) == -1) \
1313
		fatal("fcntl(%d, F_SETFD)", x); \
1314
} while (0)
1315
1316
static void
1317
monitor_openfds(struct monitor *mon, int do_logfds)
1318
{
1319
	int pair[2];
1320
#ifdef SO_ZEROIZE
1321
	int on = 1;
1322
#endif
1323
1324
	if (socketpair(AF_UNIX, SOCK_STREAM, 0, pair) == -1)
1325
		fatal("%s: socketpair: %s", __func__, strerror(errno));
1326
#ifdef SO_ZEROIZE
1327
	if (setsockopt(pair[0], SOL_SOCKET, SO_ZEROIZE, &on, sizeof(on)) < 0)
1328
		error("setsockopt SO_ZEROIZE(0): %.100s", strerror(errno));
1329
	if (setsockopt(pair[1], SOL_SOCKET, SO_ZEROIZE, &on, sizeof(on)) < 0)
1330
		error("setsockopt SO_ZEROIZE(1): %.100s", strerror(errno));
1331
#endif
1332
	FD_CLOSEONEXEC(pair[0]);
1333
	FD_CLOSEONEXEC(pair[1]);
1334
	mon->m_recvfd = pair[0];
1335
	mon->m_sendfd = pair[1];
1336
1337
	if (do_logfds) {
1338
		if (pipe(pair) == -1)
1339
			fatal("%s: pipe: %s", __func__, strerror(errno));
1340
		FD_CLOSEONEXEC(pair[0]);
1341
		FD_CLOSEONEXEC(pair[1]);
1342
		mon->m_log_recvfd = pair[0];
1343
		mon->m_log_sendfd = pair[1];
1344
	} else
1345
		mon->m_log_recvfd = mon->m_log_sendfd = -1;
1346
}
1347
1348
#define MM_MEMSIZE	65536
1349
1350
struct monitor *
1351
monitor_init(void)
1352
{
1353
	struct monitor *mon;
1354
1355
	mon = xcalloc(1, sizeof(*mon));
1356
	monitor_openfds(mon, 1);
1357
1358
	return mon;
1359
}
1360
1361
void
1362
monitor_reinit(struct monitor *mon)
1363
{
1364
	monitor_openfds(mon, 0);
1365
}
1366
1367
#ifdef GSSAPI
1368
int
1369
mm_answer_gss_setup_ctx(int sock, Buffer *m)
1370
{
1371
	gss_OID_desc goid;
1372
	OM_uint32 major;
1373
	u_int len;
1374
1375
	if (!options.gss_authentication)
1376
		fatal("%s: GSSAPI authentication not enabled", __func__);
1377
1378
	goid.elements = buffer_get_string(m, &len);
1379
	goid.length = len;
1380
1381
	major = ssh_gssapi_server_ctx(&gsscontext, &goid);
1382
1383
	free(goid.elements);
1384
1385
	buffer_clear(m);
1386
	buffer_put_int(m, major);
1387
1388
	mm_request_send(sock, MONITOR_ANS_GSSSETUP, m);
1389
1390
	/* Now we have a context, enable the step */
1391
	monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 1);
1392
1393
	return (0);
1394
}
1395
1396
int
1397
mm_answer_gss_accept_ctx(int sock, Buffer *m)
1398
{
1399
	gss_buffer_desc in;
1400
	gss_buffer_desc out = GSS_C_EMPTY_BUFFER;
1401
	OM_uint32 major, minor;
1402
	OM_uint32 flags = 0; /* GSI needs this */
1403
	u_int len;
1404
1405
	if (!options.gss_authentication)
1406
		fatal("%s: GSSAPI authentication not enabled", __func__);
1407
1408
	in.value = buffer_get_string(m, &len);
1409
	in.length = len;
1410
	major = ssh_gssapi_accept_ctx(gsscontext, &in, &out, &flags);
1411
	free(in.value);
1412
1413
	buffer_clear(m);
1414
	buffer_put_int(m, major);
1415
	buffer_put_string(m, out.value, out.length);
1416
	buffer_put_int(m, flags);
1417
	mm_request_send(sock, MONITOR_ANS_GSSSTEP, m);
1418
1419
	gss_release_buffer(&minor, &out);
1420
1421
	if (major == GSS_S_COMPLETE) {
1422
		monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 0);
1423
		monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1);
1424
		monitor_permit(mon_dispatch, MONITOR_REQ_GSSCHECKMIC, 1);
1425
	}
1426
	return (0);
1427
}
1428
1429
int
1430
mm_answer_gss_checkmic(int sock, Buffer *m)
1431
{
1432
	gss_buffer_desc gssbuf, mic;
1433
	OM_uint32 ret;
1434
	u_int len;
1435
1436
	if (!options.gss_authentication)
1437
		fatal("%s: GSSAPI authentication not enabled", __func__);
1438
1439
	gssbuf.value = buffer_get_string(m, &len);
1440
	gssbuf.length = len;
1441
	mic.value = buffer_get_string(m, &len);
1442
	mic.length = len;
1443
1444
	ret = ssh_gssapi_checkmic(gsscontext, &gssbuf, &mic);
1445
1446
	free(gssbuf.value);
1447
	free(mic.value);
1448
1449
	buffer_clear(m);
1450
	buffer_put_int(m, ret);
1451
1452
	mm_request_send(sock, MONITOR_ANS_GSSCHECKMIC, m);
1453
1454
	if (!GSS_ERROR(ret))
1455
		monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1);
1456
1457
	return (0);
1458
}
1459
1460
int
1461
mm_answer_gss_userok(int sock, Buffer *m)
1462
{
1463
	int authenticated;
1464
	const char *displayname;
1465
1466
	if (!options.gss_authentication)
1467
		fatal("%s: GSSAPI authentication not enabled", __func__);
1468
1469
	authenticated = authctxt->valid && ssh_gssapi_userok(authctxt->user);
1470
1471
	buffer_clear(m);
1472
	buffer_put_int(m, authenticated);
1473
1474
	debug3("%s: sending result %d", __func__, authenticated);
1475
	mm_request_send(sock, MONITOR_ANS_GSSUSEROK, m);
1476
1477
	auth_method = "gssapi-with-mic";
1478
1479
	if ((displayname = ssh_gssapi_displayname()) != NULL)
1480
		auth2_record_info(authctxt, "%s", displayname);
1481
1482
	/* Monitor loop will terminate if authenticated */
1483
	return (authenticated);
1484
}
1485
#endif /* GSSAPI */
1486