1 |
|
|
/* $OpenBSD: monitor.c,v 1.175 2017/10/05 15:52:03 djm Exp $ */ |
2 |
|
|
/* |
3 |
|
|
* Copyright 2002 Niels Provos <provos@citi.umich.edu> |
4 |
|
|
* Copyright 2002 Markus Friedl <markus@openbsd.org> |
5 |
|
|
* All rights reserved. |
6 |
|
|
* |
7 |
|
|
* Redistribution and use in source and binary forms, with or without |
8 |
|
|
* modification, are permitted provided that the following conditions |
9 |
|
|
* are met: |
10 |
|
|
* 1. Redistributions of source code must retain the above copyright |
11 |
|
|
* notice, this list of conditions and the following disclaimer. |
12 |
|
|
* 2. Redistributions in binary form must reproduce the above copyright |
13 |
|
|
* notice, this list of conditions and the following disclaimer in the |
14 |
|
|
* documentation and/or other materials provided with the distribution. |
15 |
|
|
* |
16 |
|
|
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR |
17 |
|
|
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES |
18 |
|
|
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. |
19 |
|
|
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, |
20 |
|
|
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
21 |
|
|
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
22 |
|
|
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
23 |
|
|
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
24 |
|
|
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
25 |
|
|
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
26 |
|
|
*/ |
27 |
|
|
|
28 |
|
|
#include <sys/types.h> |
29 |
|
|
#include <sys/wait.h> |
30 |
|
|
#include <sys/socket.h> |
31 |
|
|
#include <sys/tree.h> |
32 |
|
|
#include <sys/queue.h> |
33 |
|
|
|
34 |
|
|
#ifdef WITH_OPENSSL |
35 |
|
|
#include <openssl/dh.h> |
36 |
|
|
#endif |
37 |
|
|
|
38 |
|
|
#include <errno.h> |
39 |
|
|
#include <fcntl.h> |
40 |
|
|
#include <limits.h> |
41 |
|
|
#include <paths.h> |
42 |
|
|
#include <poll.h> |
43 |
|
|
#include <pwd.h> |
44 |
|
|
#include <signal.h> |
45 |
|
|
#include <stdarg.h> |
46 |
|
|
#include <stdint.h> |
47 |
|
|
#include <stdio.h> |
48 |
|
|
#include <stdlib.h> |
49 |
|
|
#include <string.h> |
50 |
|
|
|
51 |
|
|
#include "atomicio.h" |
52 |
|
|
#include "xmalloc.h" |
53 |
|
|
#include "ssh.h" |
54 |
|
|
#include "key.h" |
55 |
|
|
#include "buffer.h" |
56 |
|
|
#include "hostfile.h" |
57 |
|
|
#include "auth.h" |
58 |
|
|
#include "cipher.h" |
59 |
|
|
#include "kex.h" |
60 |
|
|
#include "dh.h" |
61 |
|
|
#include <zlib.h> |
62 |
|
|
#include "packet.h" |
63 |
|
|
#include "auth-options.h" |
64 |
|
|
#include "sshpty.h" |
65 |
|
|
#include "channels.h" |
66 |
|
|
#include "session.h" |
67 |
|
|
#include "sshlogin.h" |
68 |
|
|
#include "canohost.h" |
69 |
|
|
#include "log.h" |
70 |
|
|
#include "misc.h" |
71 |
|
|
#include "servconf.h" |
72 |
|
|
#include "monitor.h" |
73 |
|
|
#ifdef GSSAPI |
74 |
|
|
#include "ssh-gss.h" |
75 |
|
|
#endif |
76 |
|
|
#include "monitor_wrap.h" |
77 |
|
|
#include "monitor_fdpass.h" |
78 |
|
|
#include "compat.h" |
79 |
|
|
#include "ssh2.h" |
80 |
|
|
#include "authfd.h" |
81 |
|
|
#include "match.h" |
82 |
|
|
#include "ssherr.h" |
83 |
|
|
|
84 |
|
|
#ifdef GSSAPI |
85 |
|
|
static Gssctxt *gsscontext = NULL; |
86 |
|
|
#endif |
87 |
|
|
|
88 |
|
|
/* Imports */ |
89 |
|
|
extern ServerOptions options; |
90 |
|
|
extern u_int utmp_len; |
91 |
|
|
extern u_char session_id[]; |
92 |
|
|
extern Buffer auth_debug; |
93 |
|
|
extern int auth_debug_init; |
94 |
|
|
extern Buffer loginmsg; |
95 |
|
|
|
96 |
|
|
/* State exported from the child */ |
97 |
|
|
static struct sshbuf *child_state; |
98 |
|
|
|
99 |
|
|
/* Functions on the monitor that answer unprivileged requests */ |
100 |
|
|
|
101 |
|
|
int mm_answer_moduli(int, Buffer *); |
102 |
|
|
int mm_answer_sign(int, Buffer *); |
103 |
|
|
int mm_answer_pwnamallow(int, Buffer *); |
104 |
|
|
int mm_answer_auth2_read_banner(int, Buffer *); |
105 |
|
|
int mm_answer_authserv(int, Buffer *); |
106 |
|
|
int mm_answer_authpassword(int, Buffer *); |
107 |
|
|
int mm_answer_bsdauthquery(int, Buffer *); |
108 |
|
|
int mm_answer_bsdauthrespond(int, Buffer *); |
109 |
|
|
int mm_answer_skeyquery(int, Buffer *); |
110 |
|
|
int mm_answer_skeyrespond(int, Buffer *); |
111 |
|
|
int mm_answer_keyallowed(int, Buffer *); |
112 |
|
|
int mm_answer_keyverify(int, Buffer *); |
113 |
|
|
int mm_answer_pty(int, Buffer *); |
114 |
|
|
int mm_answer_pty_cleanup(int, Buffer *); |
115 |
|
|
int mm_answer_term(int, Buffer *); |
116 |
|
|
int mm_answer_rsa_keyallowed(int, Buffer *); |
117 |
|
|
int mm_answer_rsa_challenge(int, Buffer *); |
118 |
|
|
int mm_answer_rsa_response(int, Buffer *); |
119 |
|
|
int mm_answer_sesskey(int, Buffer *); |
120 |
|
|
int mm_answer_sessid(int, Buffer *); |
121 |
|
|
|
122 |
|
|
#ifdef GSSAPI |
123 |
|
|
int mm_answer_gss_setup_ctx(int, Buffer *); |
124 |
|
|
int mm_answer_gss_accept_ctx(int, Buffer *); |
125 |
|
|
int mm_answer_gss_userok(int, Buffer *); |
126 |
|
|
int mm_answer_gss_checkmic(int, Buffer *); |
127 |
|
|
#endif |
128 |
|
|
|
129 |
|
|
static int monitor_read_log(struct monitor *); |
130 |
|
|
|
131 |
|
|
static Authctxt *authctxt; |
132 |
|
|
|
133 |
|
|
/* local state for key verify */ |
134 |
|
|
static u_char *key_blob = NULL; |
135 |
|
|
static u_int key_bloblen = 0; |
136 |
|
|
static int key_blobtype = MM_NOKEY; |
137 |
|
|
static char *hostbased_cuser = NULL; |
138 |
|
|
static char *hostbased_chost = NULL; |
139 |
|
|
static char *auth_method = "unknown"; |
140 |
|
|
static char *auth_submethod = NULL; |
141 |
|
|
static u_int session_id2_len = 0; |
142 |
|
|
static u_char *session_id2 = NULL; |
143 |
|
|
static pid_t monitor_child_pid; |
144 |
|
|
|
145 |
|
|
struct mon_table { |
146 |
|
|
enum monitor_reqtype type; |
147 |
|
|
int flags; |
148 |
|
|
int (*f)(int, Buffer *); |
149 |
|
|
}; |
150 |
|
|
|
151 |
|
|
#define MON_ISAUTH 0x0004 /* Required for Authentication */ |
152 |
|
|
#define MON_AUTHDECIDE 0x0008 /* Decides Authentication */ |
153 |
|
|
#define MON_ONCE 0x0010 /* Disable after calling */ |
154 |
|
|
#define MON_ALOG 0x0020 /* Log auth attempt without authenticating */ |
155 |
|
|
|
156 |
|
|
#define MON_AUTH (MON_ISAUTH|MON_AUTHDECIDE) |
157 |
|
|
|
158 |
|
|
#define MON_PERMIT 0x1000 /* Request is permitted */ |
159 |
|
|
|
160 |
|
|
struct mon_table mon_dispatch_proto20[] = { |
161 |
|
|
#ifdef WITH_OPENSSL |
162 |
|
|
{MONITOR_REQ_MODULI, MON_ONCE, mm_answer_moduli}, |
163 |
|
|
#endif |
164 |
|
|
{MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign}, |
165 |
|
|
{MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow}, |
166 |
|
|
{MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv}, |
167 |
|
|
{MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner}, |
168 |
|
|
{MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword}, |
169 |
|
|
{MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery}, |
170 |
|
|
{MONITOR_REQ_BSDAUTHRESPOND, MON_AUTH, mm_answer_bsdauthrespond}, |
171 |
|
|
{MONITOR_REQ_KEYALLOWED, MON_ISAUTH, mm_answer_keyallowed}, |
172 |
|
|
{MONITOR_REQ_KEYVERIFY, MON_AUTH, mm_answer_keyverify}, |
173 |
|
|
#ifdef GSSAPI |
174 |
|
|
{MONITOR_REQ_GSSSETUP, MON_ISAUTH, mm_answer_gss_setup_ctx}, |
175 |
|
|
{MONITOR_REQ_GSSSTEP, 0, mm_answer_gss_accept_ctx}, |
176 |
|
|
{MONITOR_REQ_GSSUSEROK, MON_ONCE|MON_AUTHDECIDE, mm_answer_gss_userok}, |
177 |
|
|
{MONITOR_REQ_GSSCHECKMIC, MON_ONCE, mm_answer_gss_checkmic}, |
178 |
|
|
#endif |
179 |
|
|
{0, 0, NULL} |
180 |
|
|
}; |
181 |
|
|
|
182 |
|
|
struct mon_table mon_dispatch_postauth20[] = { |
183 |
|
|
#ifdef WITH_OPENSSL |
184 |
|
|
{MONITOR_REQ_MODULI, 0, mm_answer_moduli}, |
185 |
|
|
#endif |
186 |
|
|
{MONITOR_REQ_SIGN, 0, mm_answer_sign}, |
187 |
|
|
{MONITOR_REQ_PTY, 0, mm_answer_pty}, |
188 |
|
|
{MONITOR_REQ_PTYCLEANUP, 0, mm_answer_pty_cleanup}, |
189 |
|
|
{MONITOR_REQ_TERM, 0, mm_answer_term}, |
190 |
|
|
{0, 0, NULL} |
191 |
|
|
}; |
192 |
|
|
|
193 |
|
|
struct mon_table *mon_dispatch; |
194 |
|
|
|
195 |
|
|
/* Specifies if a certain message is allowed at the moment */ |
196 |
|
|
|
197 |
|
|
static void |
198 |
|
|
monitor_permit(struct mon_table *ent, enum monitor_reqtype type, int permit) |
199 |
|
|
{ |
200 |
|
|
while (ent->f != NULL) { |
201 |
|
|
if (ent->type == type) { |
202 |
|
|
ent->flags &= ~MON_PERMIT; |
203 |
|
|
ent->flags |= permit ? MON_PERMIT : 0; |
204 |
|
|
return; |
205 |
|
|
} |
206 |
|
|
ent++; |
207 |
|
|
} |
208 |
|
|
} |
209 |
|
|
|
210 |
|
|
static void |
211 |
|
|
monitor_permit_authentications(int permit) |
212 |
|
|
{ |
213 |
|
|
struct mon_table *ent = mon_dispatch; |
214 |
|
|
|
215 |
|
|
while (ent->f != NULL) { |
216 |
|
|
if (ent->flags & MON_AUTH) { |
217 |
|
|
ent->flags &= ~MON_PERMIT; |
218 |
|
|
ent->flags |= permit ? MON_PERMIT : 0; |
219 |
|
|
} |
220 |
|
|
ent++; |
221 |
|
|
} |
222 |
|
|
} |
223 |
|
|
|
224 |
|
|
void |
225 |
|
|
monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor) |
226 |
|
|
{ |
227 |
|
|
struct ssh *ssh = active_state; /* XXX */ |
228 |
|
|
struct mon_table *ent; |
229 |
|
|
int authenticated = 0, partial = 0; |
230 |
|
|
|
231 |
|
|
debug3("preauth child monitor started"); |
232 |
|
|
|
233 |
|
|
close(pmonitor->m_recvfd); |
234 |
|
|
close(pmonitor->m_log_sendfd); |
235 |
|
|
pmonitor->m_log_sendfd = pmonitor->m_recvfd = -1; |
236 |
|
|
|
237 |
|
|
authctxt = _authctxt; |
238 |
|
|
memset(authctxt, 0, sizeof(*authctxt)); |
239 |
|
|
|
240 |
|
|
mon_dispatch = mon_dispatch_proto20; |
241 |
|
|
/* Permit requests for moduli and signatures */ |
242 |
|
|
monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1); |
243 |
|
|
monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1); |
244 |
|
|
|
245 |
|
|
/* The first few requests do not require asynchronous access */ |
246 |
|
|
while (!authenticated) { |
247 |
|
|
partial = 0; |
248 |
|
|
auth_method = "unknown"; |
249 |
|
|
auth_submethod = NULL; |
250 |
|
|
auth2_authctxt_reset_info(authctxt); |
251 |
|
|
|
252 |
|
|
authenticated = (monitor_read(pmonitor, mon_dispatch, &ent) == 1); |
253 |
|
|
|
254 |
|
|
/* Special handling for multiple required authentications */ |
255 |
|
|
if (options.num_auth_methods != 0) { |
256 |
|
|
if (authenticated && |
257 |
|
|
!auth2_update_methods_lists(authctxt, |
258 |
|
|
auth_method, auth_submethod)) { |
259 |
|
|
debug3("%s: method %s: partial", __func__, |
260 |
|
|
auth_method); |
261 |
|
|
authenticated = 0; |
262 |
|
|
partial = 1; |
263 |
|
|
} |
264 |
|
|
} |
265 |
|
|
|
266 |
|
|
if (authenticated) { |
267 |
|
|
if (!(ent->flags & MON_AUTHDECIDE)) |
268 |
|
|
fatal("%s: unexpected authentication from %d", |
269 |
|
|
__func__, ent->type); |
270 |
|
|
if (authctxt->pw->pw_uid == 0 && |
271 |
|
|
!auth_root_allowed(auth_method)) |
272 |
|
|
authenticated = 0; |
273 |
|
|
} |
274 |
|
|
if (ent->flags & (MON_AUTHDECIDE|MON_ALOG)) { |
275 |
|
|
auth_log(authctxt, authenticated, partial, |
276 |
|
|
auth_method, auth_submethod); |
277 |
|
|
if (!partial && !authenticated) |
278 |
|
|
authctxt->failures++; |
279 |
|
|
if (authenticated || partial) { |
280 |
|
|
auth2_update_session_info(authctxt, |
281 |
|
|
auth_method, auth_submethod); |
282 |
|
|
} |
283 |
|
|
} |
284 |
|
|
} |
285 |
|
|
|
286 |
|
|
if (!authctxt->valid) |
287 |
|
|
fatal("%s: authenticated invalid user", __func__); |
288 |
|
|
if (strcmp(auth_method, "unknown") == 0) |
289 |
|
|
fatal("%s: authentication method name unknown", __func__); |
290 |
|
|
|
291 |
|
|
debug("%s: %s has been authenticated by privileged process", |
292 |
|
|
__func__, authctxt->user); |
293 |
|
|
ssh_packet_set_log_preamble(ssh, "user %s", authctxt->user); |
294 |
|
|
|
295 |
|
|
mm_get_keystate(pmonitor); |
296 |
|
|
|
297 |
|
|
/* Drain any buffered messages from the child */ |
298 |
|
|
while (pmonitor->m_log_recvfd != -1 && monitor_read_log(pmonitor) == 0) |
299 |
|
|
; |
300 |
|
|
|
301 |
|
|
close(pmonitor->m_sendfd); |
302 |
|
|
close(pmonitor->m_log_recvfd); |
303 |
|
|
pmonitor->m_sendfd = pmonitor->m_log_recvfd = -1; |
304 |
|
|
} |
305 |
|
|
|
306 |
|
|
static void |
307 |
|
|
monitor_set_child_handler(pid_t pid) |
308 |
|
|
{ |
309 |
|
|
monitor_child_pid = pid; |
310 |
|
|
} |
311 |
|
|
|
312 |
|
|
static void |
313 |
|
|
monitor_child_handler(int sig) |
314 |
|
|
{ |
315 |
|
|
kill(monitor_child_pid, sig); |
316 |
|
|
} |
317 |
|
|
|
318 |
|
|
void |
319 |
|
|
monitor_child_postauth(struct monitor *pmonitor) |
320 |
|
|
{ |
321 |
|
|
close(pmonitor->m_recvfd); |
322 |
|
|
pmonitor->m_recvfd = -1; |
323 |
|
|
|
324 |
|
|
monitor_set_child_handler(pmonitor->m_pid); |
325 |
|
|
signal(SIGHUP, &monitor_child_handler); |
326 |
|
|
signal(SIGTERM, &monitor_child_handler); |
327 |
|
|
signal(SIGINT, &monitor_child_handler); |
328 |
|
|
|
329 |
|
|
mon_dispatch = mon_dispatch_postauth20; |
330 |
|
|
|
331 |
|
|
/* Permit requests for moduli and signatures */ |
332 |
|
|
monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1); |
333 |
|
|
monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1); |
334 |
|
|
monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1); |
335 |
|
|
|
336 |
|
|
if (!no_pty_flag) { |
337 |
|
|
monitor_permit(mon_dispatch, MONITOR_REQ_PTY, 1); |
338 |
|
|
monitor_permit(mon_dispatch, MONITOR_REQ_PTYCLEANUP, 1); |
339 |
|
|
} |
340 |
|
|
|
341 |
|
|
for (;;) |
342 |
|
|
monitor_read(pmonitor, mon_dispatch, NULL); |
343 |
|
|
} |
344 |
|
|
|
345 |
|
|
static int |
346 |
|
|
monitor_read_log(struct monitor *pmonitor) |
347 |
|
|
{ |
348 |
|
|
Buffer logmsg; |
349 |
|
|
u_int len, level; |
350 |
|
|
char *msg; |
351 |
|
|
|
352 |
|
|
buffer_init(&logmsg); |
353 |
|
|
|
354 |
|
|
/* Read length */ |
355 |
|
|
buffer_append_space(&logmsg, 4); |
356 |
|
|
if (atomicio(read, pmonitor->m_log_recvfd, |
357 |
|
|
buffer_ptr(&logmsg), buffer_len(&logmsg)) != buffer_len(&logmsg)) { |
358 |
|
|
if (errno == EPIPE) { |
359 |
|
|
buffer_free(&logmsg); |
360 |
|
|
debug("%s: child log fd closed", __func__); |
361 |
|
|
close(pmonitor->m_log_recvfd); |
362 |
|
|
pmonitor->m_log_recvfd = -1; |
363 |
|
|
return -1; |
364 |
|
|
} |
365 |
|
|
fatal("%s: log fd read: %s", __func__, strerror(errno)); |
366 |
|
|
} |
367 |
|
|
len = buffer_get_int(&logmsg); |
368 |
|
|
if (len <= 4 || len > 8192) |
369 |
|
|
fatal("%s: invalid log message length %u", __func__, len); |
370 |
|
|
|
371 |
|
|
/* Read severity, message */ |
372 |
|
|
buffer_clear(&logmsg); |
373 |
|
|
buffer_append_space(&logmsg, len); |
374 |
|
|
if (atomicio(read, pmonitor->m_log_recvfd, |
375 |
|
|
buffer_ptr(&logmsg), buffer_len(&logmsg)) != buffer_len(&logmsg)) |
376 |
|
|
fatal("%s: log fd read: %s", __func__, strerror(errno)); |
377 |
|
|
|
378 |
|
|
/* Log it */ |
379 |
|
|
level = buffer_get_int(&logmsg); |
380 |
|
|
msg = buffer_get_string(&logmsg, NULL); |
381 |
|
|
if (log_level_name(level) == NULL) |
382 |
|
|
fatal("%s: invalid log level %u (corrupted message?)", |
383 |
|
|
__func__, level); |
384 |
|
|
do_log2(level, "%s [preauth]", msg); |
385 |
|
|
|
386 |
|
|
buffer_free(&logmsg); |
387 |
|
|
free(msg); |
388 |
|
|
|
389 |
|
|
return 0; |
390 |
|
|
} |
391 |
|
|
|
392 |
|
|
int |
393 |
|
|
monitor_read(struct monitor *pmonitor, struct mon_table *ent, |
394 |
|
|
struct mon_table **pent) |
395 |
|
|
{ |
396 |
|
|
Buffer m; |
397 |
|
|
int ret; |
398 |
|
|
u_char type; |
399 |
|
|
struct pollfd pfd[2]; |
400 |
|
|
|
401 |
|
|
for (;;) { |
402 |
|
|
memset(&pfd, 0, sizeof(pfd)); |
403 |
|
|
pfd[0].fd = pmonitor->m_sendfd; |
404 |
|
|
pfd[0].events = POLLIN; |
405 |
|
|
pfd[1].fd = pmonitor->m_log_recvfd; |
406 |
|
|
pfd[1].events = pfd[1].fd == -1 ? 0 : POLLIN; |
407 |
|
|
if (poll(pfd, pfd[1].fd == -1 ? 1 : 2, -1) == -1) { |
408 |
|
|
if (errno == EINTR || errno == EAGAIN) |
409 |
|
|
continue; |
410 |
|
|
fatal("%s: poll: %s", __func__, strerror(errno)); |
411 |
|
|
} |
412 |
|
|
if (pfd[1].revents) { |
413 |
|
|
/* |
414 |
|
|
* Drain all log messages before processing next |
415 |
|
|
* monitor request. |
416 |
|
|
*/ |
417 |
|
|
monitor_read_log(pmonitor); |
418 |
|
|
continue; |
419 |
|
|
} |
420 |
|
|
if (pfd[0].revents) |
421 |
|
|
break; /* Continues below */ |
422 |
|
|
} |
423 |
|
|
|
424 |
|
|
buffer_init(&m); |
425 |
|
|
|
426 |
|
|
mm_request_receive(pmonitor->m_sendfd, &m); |
427 |
|
|
type = buffer_get_char(&m); |
428 |
|
|
|
429 |
|
|
debug3("%s: checking request %d", __func__, type); |
430 |
|
|
|
431 |
|
|
while (ent->f != NULL) { |
432 |
|
|
if (ent->type == type) |
433 |
|
|
break; |
434 |
|
|
ent++; |
435 |
|
|
} |
436 |
|
|
|
437 |
|
|
if (ent->f != NULL) { |
438 |
|
|
if (!(ent->flags & MON_PERMIT)) |
439 |
|
|
fatal("%s: unpermitted request %d", __func__, |
440 |
|
|
type); |
441 |
|
|
ret = (*ent->f)(pmonitor->m_sendfd, &m); |
442 |
|
|
buffer_free(&m); |
443 |
|
|
|
444 |
|
|
/* The child may use this request only once, disable it */ |
445 |
|
|
if (ent->flags & MON_ONCE) { |
446 |
|
|
debug2("%s: %d used once, disabling now", __func__, |
447 |
|
|
type); |
448 |
|
|
ent->flags &= ~MON_PERMIT; |
449 |
|
|
} |
450 |
|
|
|
451 |
|
|
if (pent != NULL) |
452 |
|
|
*pent = ent; |
453 |
|
|
|
454 |
|
|
return ret; |
455 |
|
|
} |
456 |
|
|
|
457 |
|
|
fatal("%s: unsupported request: %d", __func__, type); |
458 |
|
|
|
459 |
|
|
/* NOTREACHED */ |
460 |
|
|
return (-1); |
461 |
|
|
} |
462 |
|
|
|
463 |
|
|
/* allowed key state */ |
464 |
|
|
static int |
465 |
|
|
monitor_allowed_key(u_char *blob, u_int bloblen) |
466 |
|
|
{ |
467 |
|
|
/* make sure key is allowed */ |
468 |
|
|
if (key_blob == NULL || key_bloblen != bloblen || |
469 |
|
|
timingsafe_bcmp(key_blob, blob, key_bloblen)) |
470 |
|
|
return (0); |
471 |
|
|
return (1); |
472 |
|
|
} |
473 |
|
|
|
474 |
|
|
static void |
475 |
|
|
monitor_reset_key_state(void) |
476 |
|
|
{ |
477 |
|
|
/* reset state */ |
478 |
|
|
free(key_blob); |
479 |
|
|
free(hostbased_cuser); |
480 |
|
|
free(hostbased_chost); |
481 |
|
|
key_blob = NULL; |
482 |
|
|
key_bloblen = 0; |
483 |
|
|
key_blobtype = MM_NOKEY; |
484 |
|
|
hostbased_cuser = NULL; |
485 |
|
|
hostbased_chost = NULL; |
486 |
|
|
} |
487 |
|
|
|
488 |
|
|
#ifdef WITH_OPENSSL |
489 |
|
|
int |
490 |
|
|
mm_answer_moduli(int sock, Buffer *m) |
491 |
|
|
{ |
492 |
|
|
DH *dh; |
493 |
|
|
int min, want, max; |
494 |
|
|
|
495 |
|
|
min = buffer_get_int(m); |
496 |
|
|
want = buffer_get_int(m); |
497 |
|
|
max = buffer_get_int(m); |
498 |
|
|
|
499 |
|
|
debug3("%s: got parameters: %d %d %d", |
500 |
|
|
__func__, min, want, max); |
501 |
|
|
/* We need to check here, too, in case the child got corrupted */ |
502 |
|
|
if (max < min || want < min || max < want) |
503 |
|
|
fatal("%s: bad parameters: %d %d %d", |
504 |
|
|
__func__, min, want, max); |
505 |
|
|
|
506 |
|
|
buffer_clear(m); |
507 |
|
|
|
508 |
|
|
dh = choose_dh(min, want, max); |
509 |
|
|
if (dh == NULL) { |
510 |
|
|
buffer_put_char(m, 0); |
511 |
|
|
return (0); |
512 |
|
|
} else { |
513 |
|
|
/* Send first bignum */ |
514 |
|
|
buffer_put_char(m, 1); |
515 |
|
|
buffer_put_bignum2(m, dh->p); |
516 |
|
|
buffer_put_bignum2(m, dh->g); |
517 |
|
|
|
518 |
|
|
DH_free(dh); |
519 |
|
|
} |
520 |
|
|
mm_request_send(sock, MONITOR_ANS_MODULI, m); |
521 |
|
|
return (0); |
522 |
|
|
} |
523 |
|
|
#endif |
524 |
|
|
|
525 |
|
|
int |
526 |
|
|
mm_answer_sign(int sock, Buffer *m) |
527 |
|
|
{ |
528 |
|
|
struct ssh *ssh = active_state; /* XXX */ |
529 |
|
|
extern int auth_sock; /* XXX move to state struct? */ |
530 |
|
|
struct sshkey *key; |
531 |
|
|
struct sshbuf *sigbuf = NULL; |
532 |
|
|
u_char *p = NULL, *signature = NULL; |
533 |
|
|
char *alg = NULL; |
534 |
|
|
size_t datlen, siglen, alglen; |
535 |
|
|
int r, is_proof = 0; |
536 |
|
|
u_int keyid; |
537 |
|
|
const char proof_req[] = "hostkeys-prove-00@openssh.com"; |
538 |
|
|
|
539 |
|
|
debug3("%s", __func__); |
540 |
|
|
|
541 |
|
|
if ((r = sshbuf_get_u32(m, &keyid)) != 0 || |
542 |
|
|
(r = sshbuf_get_string(m, &p, &datlen)) != 0 || |
543 |
|
|
(r = sshbuf_get_cstring(m, &alg, &alglen)) != 0) |
544 |
|
|
fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
545 |
|
|
if (keyid > INT_MAX) |
546 |
|
|
fatal("%s: invalid key ID", __func__); |
547 |
|
|
|
548 |
|
|
/* |
549 |
|
|
* Supported KEX types use SHA1 (20 bytes), SHA256 (32 bytes), |
550 |
|
|
* SHA384 (48 bytes) and SHA512 (64 bytes). |
551 |
|
|
* |
552 |
|
|
* Otherwise, verify the signature request is for a hostkey |
553 |
|
|
* proof. |
554 |
|
|
* |
555 |
|
|
* XXX perform similar check for KEX signature requests too? |
556 |
|
|
* it's not trivial, since what is signed is the hash, rather |
557 |
|
|
* than the full kex structure... |
558 |
|
|
*/ |
559 |
|
|
if (datlen != 20 && datlen != 32 && datlen != 48 && datlen != 64) { |
560 |
|
|
/* |
561 |
|
|
* Construct expected hostkey proof and compare it to what |
562 |
|
|
* the client sent us. |
563 |
|
|
*/ |
564 |
|
|
if (session_id2_len == 0) /* hostkeys is never first */ |
565 |
|
|
fatal("%s: bad data length: %zu", __func__, datlen); |
566 |
|
|
if ((key = get_hostkey_public_by_index(keyid, ssh)) == NULL) |
567 |
|
|
fatal("%s: no hostkey for index %d", __func__, keyid); |
568 |
|
|
if ((sigbuf = sshbuf_new()) == NULL) |
569 |
|
|
fatal("%s: sshbuf_new", __func__); |
570 |
|
|
if ((r = sshbuf_put_cstring(sigbuf, proof_req)) != 0 || |
571 |
|
|
(r = sshbuf_put_string(sigbuf, session_id2, |
572 |
|
|
session_id2_len)) != 0 || |
573 |
|
|
(r = sshkey_puts(key, sigbuf)) != 0) |
574 |
|
|
fatal("%s: couldn't prepare private key " |
575 |
|
|
"proof buffer: %s", __func__, ssh_err(r)); |
576 |
|
|
if (datlen != sshbuf_len(sigbuf) || |
577 |
|
|
memcmp(p, sshbuf_ptr(sigbuf), sshbuf_len(sigbuf)) != 0) |
578 |
|
|
fatal("%s: bad data length: %zu, hostkey proof len %zu", |
579 |
|
|
__func__, datlen, sshbuf_len(sigbuf)); |
580 |
|
|
sshbuf_free(sigbuf); |
581 |
|
|
is_proof = 1; |
582 |
|
|
} |
583 |
|
|
|
584 |
|
|
/* save session id, it will be passed on the first call */ |
585 |
|
|
if (session_id2_len == 0) { |
586 |
|
|
session_id2_len = datlen; |
587 |
|
|
session_id2 = xmalloc(session_id2_len); |
588 |
|
|
memcpy(session_id2, p, session_id2_len); |
589 |
|
|
} |
590 |
|
|
|
591 |
|
|
if ((key = get_hostkey_by_index(keyid)) != NULL) { |
592 |
|
|
if ((r = sshkey_sign(key, &signature, &siglen, p, datlen, alg, |
593 |
|
|
datafellows)) != 0) |
594 |
|
|
fatal("%s: sshkey_sign failed: %s", |
595 |
|
|
__func__, ssh_err(r)); |
596 |
|
|
} else if ((key = get_hostkey_public_by_index(keyid, ssh)) != NULL && |
597 |
|
|
auth_sock > 0) { |
598 |
|
|
if ((r = ssh_agent_sign(auth_sock, key, &signature, &siglen, |
599 |
|
|
p, datlen, alg, datafellows)) != 0) { |
600 |
|
|
fatal("%s: ssh_agent_sign failed: %s", |
601 |
|
|
__func__, ssh_err(r)); |
602 |
|
|
} |
603 |
|
|
} else |
604 |
|
|
fatal("%s: no hostkey from index %d", __func__, keyid); |
605 |
|
|
|
606 |
|
|
debug3("%s: %s signature %p(%zu)", __func__, |
607 |
|
|
is_proof ? "KEX" : "hostkey proof", signature, siglen); |
608 |
|
|
|
609 |
|
|
sshbuf_reset(m); |
610 |
|
|
if ((r = sshbuf_put_string(m, signature, siglen)) != 0) |
611 |
|
|
fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
612 |
|
|
|
613 |
|
|
free(alg); |
614 |
|
|
free(p); |
615 |
|
|
free(signature); |
616 |
|
|
|
617 |
|
|
mm_request_send(sock, MONITOR_ANS_SIGN, m); |
618 |
|
|
|
619 |
|
|
/* Turn on permissions for getpwnam */ |
620 |
|
|
monitor_permit(mon_dispatch, MONITOR_REQ_PWNAM, 1); |
621 |
|
|
|
622 |
|
|
return (0); |
623 |
|
|
} |
624 |
|
|
|
625 |
|
|
/* Retrieves the password entry and also checks if the user is permitted */ |
626 |
|
|
|
627 |
|
|
int |
628 |
|
|
mm_answer_pwnamallow(int sock, Buffer *m) |
629 |
|
|
{ |
630 |
|
|
struct ssh *ssh = active_state; /* XXX */ |
631 |
|
|
char *username; |
632 |
|
|
struct passwd *pwent; |
633 |
|
|
int allowed = 0; |
634 |
|
|
u_int i; |
635 |
|
|
|
636 |
|
|
debug3("%s", __func__); |
637 |
|
|
|
638 |
|
|
if (authctxt->attempt++ != 0) |
639 |
|
|
fatal("%s: multiple attempts for getpwnam", __func__); |
640 |
|
|
|
641 |
|
|
username = buffer_get_string(m, NULL); |
642 |
|
|
|
643 |
|
|
pwent = getpwnamallow(username); |
644 |
|
|
|
645 |
|
|
authctxt->user = xstrdup(username); |
646 |
|
|
setproctitle("%s [priv]", pwent ? username : "unknown"); |
647 |
|
|
free(username); |
648 |
|
|
|
649 |
|
|
buffer_clear(m); |
650 |
|
|
|
651 |
|
|
if (pwent == NULL) { |
652 |
|
|
buffer_put_char(m, 0); |
653 |
|
|
authctxt->pw = fakepw(); |
654 |
|
|
goto out; |
655 |
|
|
} |
656 |
|
|
|
657 |
|
|
allowed = 1; |
658 |
|
|
authctxt->pw = pwent; |
659 |
|
|
authctxt->valid = 1; |
660 |
|
|
|
661 |
|
|
buffer_put_char(m, 1); |
662 |
|
|
buffer_put_string(m, pwent, sizeof(struct passwd)); |
663 |
|
|
buffer_put_cstring(m, pwent->pw_name); |
664 |
|
|
buffer_put_cstring(m, "*"); |
665 |
|
|
buffer_put_cstring(m, pwent->pw_gecos); |
666 |
|
|
buffer_put_cstring(m, pwent->pw_class); |
667 |
|
|
buffer_put_cstring(m, pwent->pw_dir); |
668 |
|
|
buffer_put_cstring(m, pwent->pw_shell); |
669 |
|
|
|
670 |
|
|
out: |
671 |
|
|
ssh_packet_set_log_preamble(ssh, "%suser %s", |
672 |
|
|
authctxt->valid ? "authenticating" : "invalid ", authctxt->user); |
673 |
|
|
buffer_put_string(m, &options, sizeof(options)); |
674 |
|
|
|
675 |
|
|
#define M_CP_STROPT(x) do { \ |
676 |
|
|
if (options.x != NULL) \ |
677 |
|
|
buffer_put_cstring(m, options.x); \ |
678 |
|
|
} while (0) |
679 |
|
|
#define M_CP_STRARRAYOPT(x, nx) do { \ |
680 |
|
|
for (i = 0; i < options.nx; i++) \ |
681 |
|
|
buffer_put_cstring(m, options.x[i]); \ |
682 |
|
|
} while (0) |
683 |
|
|
/* See comment in servconf.h */ |
684 |
|
|
COPY_MATCH_STRING_OPTS(); |
685 |
|
|
#undef M_CP_STROPT |
686 |
|
|
#undef M_CP_STRARRAYOPT |
687 |
|
|
|
688 |
|
|
/* Create valid auth method lists */ |
689 |
|
|
if (auth2_setup_methods_lists(authctxt) != 0) { |
690 |
|
|
/* |
691 |
|
|
* The monitor will continue long enough to let the child |
692 |
|
|
* run to it's packet_disconnect(), but it must not allow any |
693 |
|
|
* authentication to succeed. |
694 |
|
|
*/ |
695 |
|
|
debug("%s: no valid authentication method lists", __func__); |
696 |
|
|
} |
697 |
|
|
|
698 |
|
|
debug3("%s: sending MONITOR_ANS_PWNAM: %d", __func__, allowed); |
699 |
|
|
mm_request_send(sock, MONITOR_ANS_PWNAM, m); |
700 |
|
|
|
701 |
|
|
/* Allow service/style information on the auth context */ |
702 |
|
|
monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1); |
703 |
|
|
monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1); |
704 |
|
|
|
705 |
|
|
return (0); |
706 |
|
|
} |
707 |
|
|
|
708 |
|
|
int mm_answer_auth2_read_banner(int sock, Buffer *m) |
709 |
|
|
{ |
710 |
|
|
char *banner; |
711 |
|
|
|
712 |
|
|
buffer_clear(m); |
713 |
|
|
banner = auth2_read_banner(); |
714 |
|
|
buffer_put_cstring(m, banner != NULL ? banner : ""); |
715 |
|
|
mm_request_send(sock, MONITOR_ANS_AUTH2_READ_BANNER, m); |
716 |
|
|
free(banner); |
717 |
|
|
|
718 |
|
|
return (0); |
719 |
|
|
} |
720 |
|
|
|
721 |
|
|
int |
722 |
|
|
mm_answer_authserv(int sock, Buffer *m) |
723 |
|
|
{ |
724 |
|
|
monitor_permit_authentications(1); |
725 |
|
|
|
726 |
|
|
authctxt->service = buffer_get_string(m, NULL); |
727 |
|
|
authctxt->style = buffer_get_string(m, NULL); |
728 |
|
|
debug3("%s: service=%s, style=%s", |
729 |
|
|
__func__, authctxt->service, authctxt->style); |
730 |
|
|
|
731 |
|
|
if (strlen(authctxt->style) == 0) { |
732 |
|
|
free(authctxt->style); |
733 |
|
|
authctxt->style = NULL; |
734 |
|
|
} |
735 |
|
|
|
736 |
|
|
return (0); |
737 |
|
|
} |
738 |
|
|
|
739 |
|
|
int |
740 |
|
|
mm_answer_authpassword(int sock, Buffer *m) |
741 |
|
|
{ |
742 |
|
|
static int call_count; |
743 |
|
|
char *passwd; |
744 |
|
|
int authenticated; |
745 |
|
|
u_int plen; |
746 |
|
|
|
747 |
|
|
if (!options.password_authentication) |
748 |
|
|
fatal("%s: password authentication not enabled", __func__); |
749 |
|
|
passwd = buffer_get_string(m, &plen); |
750 |
|
|
/* Only authenticate if the context is valid */ |
751 |
|
|
authenticated = options.password_authentication && |
752 |
|
|
auth_password(authctxt, passwd); |
753 |
|
|
explicit_bzero(passwd, strlen(passwd)); |
754 |
|
|
free(passwd); |
755 |
|
|
|
756 |
|
|
buffer_clear(m); |
757 |
|
|
buffer_put_int(m, authenticated); |
758 |
|
|
|
759 |
|
|
debug3("%s: sending result %d", __func__, authenticated); |
760 |
|
|
mm_request_send(sock, MONITOR_ANS_AUTHPASSWORD, m); |
761 |
|
|
|
762 |
|
|
call_count++; |
763 |
|
|
if (plen == 0 && call_count == 1) |
764 |
|
|
auth_method = "none"; |
765 |
|
|
else |
766 |
|
|
auth_method = "password"; |
767 |
|
|
|
768 |
|
|
/* Causes monitor loop to terminate if authenticated */ |
769 |
|
|
return (authenticated); |
770 |
|
|
} |
771 |
|
|
|
772 |
|
|
int |
773 |
|
|
mm_answer_bsdauthquery(int sock, Buffer *m) |
774 |
|
|
{ |
775 |
|
|
char *name, *infotxt; |
776 |
|
|
u_int numprompts; |
777 |
|
|
u_int *echo_on; |
778 |
|
|
char **prompts; |
779 |
|
|
u_int success; |
780 |
|
|
|
781 |
|
|
if (!options.kbd_interactive_authentication) |
782 |
|
|
fatal("%s: kbd-int authentication not enabled", __func__); |
783 |
|
|
success = bsdauth_query(authctxt, &name, &infotxt, &numprompts, |
784 |
|
|
&prompts, &echo_on) < 0 ? 0 : 1; |
785 |
|
|
|
786 |
|
|
buffer_clear(m); |
787 |
|
|
buffer_put_int(m, success); |
788 |
|
|
if (success) |
789 |
|
|
buffer_put_cstring(m, prompts[0]); |
790 |
|
|
|
791 |
|
|
debug3("%s: sending challenge success: %u", __func__, success); |
792 |
|
|
mm_request_send(sock, MONITOR_ANS_BSDAUTHQUERY, m); |
793 |
|
|
|
794 |
|
|
if (success) { |
795 |
|
|
free(name); |
796 |
|
|
free(infotxt); |
797 |
|
|
free(prompts); |
798 |
|
|
free(echo_on); |
799 |
|
|
} |
800 |
|
|
|
801 |
|
|
return (0); |
802 |
|
|
} |
803 |
|
|
|
804 |
|
|
int |
805 |
|
|
mm_answer_bsdauthrespond(int sock, Buffer *m) |
806 |
|
|
{ |
807 |
|
|
char *response; |
808 |
|
|
int authok; |
809 |
|
|
|
810 |
|
|
if (!options.kbd_interactive_authentication) |
811 |
|
|
fatal("%s: kbd-int authentication not enabled", __func__); |
812 |
|
|
if (authctxt->as == NULL) |
813 |
|
|
fatal("%s: no bsd auth session", __func__); |
814 |
|
|
|
815 |
|
|
response = buffer_get_string(m, NULL); |
816 |
|
|
authok = options.challenge_response_authentication && |
817 |
|
|
auth_userresponse(authctxt->as, response, 0); |
818 |
|
|
authctxt->as = NULL; |
819 |
|
|
debug3("%s: <%s> = <%d>", __func__, response, authok); |
820 |
|
|
free(response); |
821 |
|
|
|
822 |
|
|
buffer_clear(m); |
823 |
|
|
buffer_put_int(m, authok); |
824 |
|
|
|
825 |
|
|
debug3("%s: sending authenticated: %d", __func__, authok); |
826 |
|
|
mm_request_send(sock, MONITOR_ANS_BSDAUTHRESPOND, m); |
827 |
|
|
|
828 |
|
|
auth_method = "keyboard-interactive"; |
829 |
|
|
auth_submethod = "bsdauth"; |
830 |
|
|
|
831 |
|
|
return (authok != 0); |
832 |
|
|
} |
833 |
|
|
|
834 |
|
|
int |
835 |
|
|
mm_answer_keyallowed(int sock, Buffer *m) |
836 |
|
|
{ |
837 |
|
|
struct sshkey *key; |
838 |
|
|
char *cuser, *chost; |
839 |
|
|
u_char *blob; |
840 |
|
|
u_int bloblen, pubkey_auth_attempt; |
841 |
|
|
enum mm_keytype type = 0; |
842 |
|
|
int allowed = 0; |
843 |
|
|
|
844 |
|
|
debug3("%s entering", __func__); |
845 |
|
|
|
846 |
|
|
type = buffer_get_int(m); |
847 |
|
|
cuser = buffer_get_string(m, NULL); |
848 |
|
|
chost = buffer_get_string(m, NULL); |
849 |
|
|
blob = buffer_get_string(m, &bloblen); |
850 |
|
|
pubkey_auth_attempt = buffer_get_int(m); |
851 |
|
|
|
852 |
|
|
key = key_from_blob(blob, bloblen); |
853 |
|
|
|
854 |
|
|
debug3("%s: key_from_blob: %p", __func__, key); |
855 |
|
|
|
856 |
|
|
if (key != NULL && authctxt->valid) { |
857 |
|
|
/* These should not make it past the privsep child */ |
858 |
|
|
if (key_type_plain(key->type) == KEY_RSA && |
859 |
|
|
(datafellows & SSH_BUG_RSASIGMD5) != 0) |
860 |
|
|
fatal("%s: passed a SSH_BUG_RSASIGMD5 key", __func__); |
861 |
|
|
|
862 |
|
|
switch (type) { |
863 |
|
|
case MM_USERKEY: |
864 |
|
|
allowed = options.pubkey_authentication && |
865 |
|
|
!auth2_key_already_used(authctxt, key) && |
866 |
|
|
match_pattern_list(sshkey_ssh_name(key), |
867 |
|
|
options.pubkey_key_types, 0) == 1 && |
868 |
|
|
user_key_allowed(authctxt->pw, key, |
869 |
|
|
pubkey_auth_attempt); |
870 |
|
|
auth_method = "publickey"; |
871 |
|
|
if (options.pubkey_authentication && |
872 |
|
|
(!pubkey_auth_attempt || allowed != 1)) |
873 |
|
|
auth_clear_options(); |
874 |
|
|
break; |
875 |
|
|
case MM_HOSTKEY: |
876 |
|
|
allowed = options.hostbased_authentication && |
877 |
|
|
!auth2_key_already_used(authctxt, key) && |
878 |
|
|
match_pattern_list(sshkey_ssh_name(key), |
879 |
|
|
options.hostbased_key_types, 0) == 1 && |
880 |
|
|
hostbased_key_allowed(authctxt->pw, |
881 |
|
|
cuser, chost, key); |
882 |
|
|
auth2_record_info(authctxt, |
883 |
|
|
"client user \"%.100s\", client host \"%.100s\"", |
884 |
|
|
cuser, chost); |
885 |
|
|
auth_method = "hostbased"; |
886 |
|
|
break; |
887 |
|
|
default: |
888 |
|
|
fatal("%s: unknown key type %d", __func__, type); |
889 |
|
|
break; |
890 |
|
|
} |
891 |
|
|
} |
892 |
|
|
|
893 |
|
|
debug3("%s: key is %s", __func__, allowed ? "allowed" : "not allowed"); |
894 |
|
|
|
895 |
|
|
auth2_record_key(authctxt, 0, key); |
896 |
|
|
sshkey_free(key); |
897 |
|
|
|
898 |
|
|
/* clear temporarily storage (used by verify) */ |
899 |
|
|
monitor_reset_key_state(); |
900 |
|
|
|
901 |
|
|
if (allowed) { |
902 |
|
|
/* Save temporarily for comparison in verify */ |
903 |
|
|
key_blob = blob; |
904 |
|
|
key_bloblen = bloblen; |
905 |
|
|
key_blobtype = type; |
906 |
|
|
hostbased_cuser = cuser; |
907 |
|
|
hostbased_chost = chost; |
908 |
|
|
} else { |
909 |
|
|
/* Log failed attempt */ |
910 |
|
|
auth_log(authctxt, 0, 0, auth_method, NULL); |
911 |
|
|
free(blob); |
912 |
|
|
free(cuser); |
913 |
|
|
free(chost); |
914 |
|
|
} |
915 |
|
|
|
916 |
|
|
buffer_clear(m); |
917 |
|
|
buffer_put_int(m, allowed); |
918 |
|
|
buffer_put_int(m, forced_command != NULL); |
919 |
|
|
|
920 |
|
|
mm_request_send(sock, MONITOR_ANS_KEYALLOWED, m); |
921 |
|
|
|
922 |
|
|
return (0); |
923 |
|
|
} |
924 |
|
|
|
925 |
|
|
static int |
926 |
|
|
monitor_valid_userblob(u_char *data, u_int datalen) |
927 |
|
|
{ |
928 |
|
|
Buffer b; |
929 |
|
|
u_char *p; |
930 |
|
|
char *userstyle, *cp; |
931 |
|
|
u_int len; |
932 |
|
|
int fail = 0; |
933 |
|
|
|
934 |
|
|
buffer_init(&b); |
935 |
|
|
buffer_append(&b, data, datalen); |
936 |
|
|
|
937 |
|
|
if (datafellows & SSH_OLD_SESSIONID) { |
938 |
|
|
p = buffer_ptr(&b); |
939 |
|
|
len = buffer_len(&b); |
940 |
|
|
if ((session_id2 == NULL) || |
941 |
|
|
(len < session_id2_len) || |
942 |
|
|
(timingsafe_bcmp(p, session_id2, session_id2_len) != 0)) |
943 |
|
|
fail++; |
944 |
|
|
buffer_consume(&b, session_id2_len); |
945 |
|
|
} else { |
946 |
|
|
p = buffer_get_string(&b, &len); |
947 |
|
|
if ((session_id2 == NULL) || |
948 |
|
|
(len != session_id2_len) || |
949 |
|
|
(timingsafe_bcmp(p, session_id2, session_id2_len) != 0)) |
950 |
|
|
fail++; |
951 |
|
|
free(p); |
952 |
|
|
} |
953 |
|
|
if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST) |
954 |
|
|
fail++; |
955 |
|
|
cp = buffer_get_cstring(&b, NULL); |
956 |
|
|
xasprintf(&userstyle, "%s%s%s", authctxt->user, |
957 |
|
|
authctxt->style ? ":" : "", |
958 |
|
|
authctxt->style ? authctxt->style : ""); |
959 |
|
|
if (strcmp(userstyle, cp) != 0) { |
960 |
|
|
logit("wrong user name passed to monitor: " |
961 |
|
|
"expected %s != %.100s", userstyle, cp); |
962 |
|
|
fail++; |
963 |
|
|
} |
964 |
|
|
free(userstyle); |
965 |
|
|
free(cp); |
966 |
|
|
buffer_skip_string(&b); |
967 |
|
|
if (datafellows & SSH_BUG_PKAUTH) { |
968 |
|
|
if (!buffer_get_char(&b)) |
969 |
|
|
fail++; |
970 |
|
|
} else { |
971 |
|
|
cp = buffer_get_cstring(&b, NULL); |
972 |
|
|
if (strcmp("publickey", cp) != 0) |
973 |
|
|
fail++; |
974 |
|
|
free(cp); |
975 |
|
|
if (!buffer_get_char(&b)) |
976 |
|
|
fail++; |
977 |
|
|
buffer_skip_string(&b); |
978 |
|
|
} |
979 |
|
|
buffer_skip_string(&b); |
980 |
|
|
if (buffer_len(&b) != 0) |
981 |
|
|
fail++; |
982 |
|
|
buffer_free(&b); |
983 |
|
|
return (fail == 0); |
984 |
|
|
} |
985 |
|
|
|
986 |
|
|
static int |
987 |
|
|
monitor_valid_hostbasedblob(u_char *data, u_int datalen, char *cuser, |
988 |
|
|
char *chost) |
989 |
|
|
{ |
990 |
|
|
Buffer b; |
991 |
|
|
char *p, *userstyle; |
992 |
|
|
u_int len; |
993 |
|
|
int fail = 0; |
994 |
|
|
|
995 |
|
|
buffer_init(&b); |
996 |
|
|
buffer_append(&b, data, datalen); |
997 |
|
|
|
998 |
|
|
p = buffer_get_string(&b, &len); |
999 |
|
|
if ((session_id2 == NULL) || |
1000 |
|
|
(len != session_id2_len) || |
1001 |
|
|
(timingsafe_bcmp(p, session_id2, session_id2_len) != 0)) |
1002 |
|
|
fail++; |
1003 |
|
|
free(p); |
1004 |
|
|
|
1005 |
|
|
if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST) |
1006 |
|
|
fail++; |
1007 |
|
|
p = buffer_get_cstring(&b, NULL); |
1008 |
|
|
xasprintf(&userstyle, "%s%s%s", authctxt->user, |
1009 |
|
|
authctxt->style ? ":" : "", |
1010 |
|
|
authctxt->style ? authctxt->style : ""); |
1011 |
|
|
if (strcmp(userstyle, p) != 0) { |
1012 |
|
|
logit("wrong user name passed to monitor: expected %s != %.100s", |
1013 |
|
|
userstyle, p); |
1014 |
|
|
fail++; |
1015 |
|
|
} |
1016 |
|
|
free(userstyle); |
1017 |
|
|
free(p); |
1018 |
|
|
buffer_skip_string(&b); /* service */ |
1019 |
|
|
p = buffer_get_cstring(&b, NULL); |
1020 |
|
|
if (strcmp(p, "hostbased") != 0) |
1021 |
|
|
fail++; |
1022 |
|
|
free(p); |
1023 |
|
|
buffer_skip_string(&b); /* pkalg */ |
1024 |
|
|
buffer_skip_string(&b); /* pkblob */ |
1025 |
|
|
|
1026 |
|
|
/* verify client host, strip trailing dot if necessary */ |
1027 |
|
|
p = buffer_get_string(&b, NULL); |
1028 |
|
|
if (((len = strlen(p)) > 0) && p[len - 1] == '.') |
1029 |
|
|
p[len - 1] = '\0'; |
1030 |
|
|
if (strcmp(p, chost) != 0) |
1031 |
|
|
fail++; |
1032 |
|
|
free(p); |
1033 |
|
|
|
1034 |
|
|
/* verify client user */ |
1035 |
|
|
p = buffer_get_string(&b, NULL); |
1036 |
|
|
if (strcmp(p, cuser) != 0) |
1037 |
|
|
fail++; |
1038 |
|
|
free(p); |
1039 |
|
|
|
1040 |
|
|
if (buffer_len(&b) != 0) |
1041 |
|
|
fail++; |
1042 |
|
|
buffer_free(&b); |
1043 |
|
|
return (fail == 0); |
1044 |
|
|
} |
1045 |
|
|
|
1046 |
|
|
int |
1047 |
|
|
mm_answer_keyverify(int sock, struct sshbuf *m) |
1048 |
|
|
{ |
1049 |
|
|
struct sshkey *key; |
1050 |
|
|
u_char *signature, *data, *blob; |
1051 |
|
|
size_t signaturelen, datalen, bloblen; |
1052 |
|
|
int r, ret, valid_data = 0, encoded_ret; |
1053 |
|
|
|
1054 |
|
|
if ((r = sshbuf_get_string(m, &blob, &bloblen)) != 0 || |
1055 |
|
|
(r = sshbuf_get_string(m, &signature, &signaturelen)) != 0 || |
1056 |
|
|
(r = sshbuf_get_string(m, &data, &datalen)) != 0) |
1057 |
|
|
fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
1058 |
|
|
|
1059 |
|
|
if (hostbased_cuser == NULL || hostbased_chost == NULL || |
1060 |
|
|
!monitor_allowed_key(blob, bloblen)) |
1061 |
|
|
fatal("%s: bad key, not previously allowed", __func__); |
1062 |
|
|
|
1063 |
|
|
/* XXX use sshkey_froms here; need to change key_blob, etc. */ |
1064 |
|
|
if ((r = sshkey_from_blob(blob, bloblen, &key)) != 0) |
1065 |
|
|
fatal("%s: bad public key blob: %s", __func__, ssh_err(r)); |
1066 |
|
|
|
1067 |
|
|
switch (key_blobtype) { |
1068 |
|
|
case MM_USERKEY: |
1069 |
|
|
valid_data = monitor_valid_userblob(data, datalen); |
1070 |
|
|
auth_method = "publickey"; |
1071 |
|
|
break; |
1072 |
|
|
case MM_HOSTKEY: |
1073 |
|
|
valid_data = monitor_valid_hostbasedblob(data, datalen, |
1074 |
|
|
hostbased_cuser, hostbased_chost); |
1075 |
|
|
auth_method = "hostbased"; |
1076 |
|
|
break; |
1077 |
|
|
default: |
1078 |
|
|
valid_data = 0; |
1079 |
|
|
break; |
1080 |
|
|
} |
1081 |
|
|
if (!valid_data) |
1082 |
|
|
fatal("%s: bad signature data blob", __func__); |
1083 |
|
|
|
1084 |
|
|
ret = sshkey_verify(key, signature, signaturelen, data, datalen, |
1085 |
|
|
active_state->compat); |
1086 |
|
|
debug3("%s: %s %p signature %s", __func__, auth_method, key, |
1087 |
|
|
(ret == 0) ? "verified" : "unverified"); |
1088 |
|
|
auth2_record_key(authctxt, ret == 0, key); |
1089 |
|
|
|
1090 |
|
|
free(blob); |
1091 |
|
|
free(signature); |
1092 |
|
|
free(data); |
1093 |
|
|
|
1094 |
|
|
monitor_reset_key_state(); |
1095 |
|
|
|
1096 |
|
|
sshkey_free(key); |
1097 |
|
|
sshbuf_reset(m); |
1098 |
|
|
|
1099 |
|
|
/* encode ret != 0 as positive integer, since we're sending u32 */ |
1100 |
|
|
encoded_ret = (ret != 0); |
1101 |
|
|
if ((r = sshbuf_put_u32(m, encoded_ret)) != 0) |
1102 |
|
|
fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
1103 |
|
|
mm_request_send(sock, MONITOR_ANS_KEYVERIFY, m); |
1104 |
|
|
|
1105 |
|
|
return ret == 0; |
1106 |
|
|
} |
1107 |
|
|
|
1108 |
|
|
static void |
1109 |
|
|
mm_record_login(Session *s, struct passwd *pw) |
1110 |
|
|
{ |
1111 |
|
|
struct ssh *ssh = active_state; /* XXX */ |
1112 |
|
|
socklen_t fromlen; |
1113 |
|
|
struct sockaddr_storage from; |
1114 |
|
|
|
1115 |
|
|
/* |
1116 |
|
|
* Get IP address of client. If the connection is not a socket, let |
1117 |
|
|
* the address be 0.0.0.0. |
1118 |
|
|
*/ |
1119 |
|
|
memset(&from, 0, sizeof(from)); |
1120 |
|
|
fromlen = sizeof(from); |
1121 |
|
|
if (packet_connection_is_on_socket()) { |
1122 |
|
|
if (getpeername(packet_get_connection_in(), |
1123 |
|
|
(struct sockaddr *)&from, &fromlen) < 0) { |
1124 |
|
|
debug("getpeername: %.100s", strerror(errno)); |
1125 |
|
|
cleanup_exit(255); |
1126 |
|
|
} |
1127 |
|
|
} |
1128 |
|
|
/* Record that there was a login on that tty from the remote host. */ |
1129 |
|
|
record_login(s->pid, s->tty, pw->pw_name, pw->pw_uid, |
1130 |
|
|
session_get_remote_name_or_ip(ssh, utmp_len, options.use_dns), |
1131 |
|
|
(struct sockaddr *)&from, fromlen); |
1132 |
|
|
} |
1133 |
|
|
|
1134 |
|
|
static void |
1135 |
|
|
mm_session_close(Session *s) |
1136 |
|
|
{ |
1137 |
|
|
debug3("%s: session %d pid %ld", __func__, s->self, (long)s->pid); |
1138 |
|
|
if (s->ttyfd != -1) { |
1139 |
|
|
debug3("%s: tty %s ptyfd %d", __func__, s->tty, s->ptyfd); |
1140 |
|
|
session_pty_cleanup2(s); |
1141 |
|
|
} |
1142 |
|
|
session_unused(s->self); |
1143 |
|
|
} |
1144 |
|
|
|
1145 |
|
|
int |
1146 |
|
|
mm_answer_pty(int sock, Buffer *m) |
1147 |
|
|
{ |
1148 |
|
|
extern struct monitor *pmonitor; |
1149 |
|
|
Session *s; |
1150 |
|
|
int res, fd0; |
1151 |
|
|
|
1152 |
|
|
debug3("%s entering", __func__); |
1153 |
|
|
|
1154 |
|
|
buffer_clear(m); |
1155 |
|
|
s = session_new(); |
1156 |
|
|
if (s == NULL) |
1157 |
|
|
goto error; |
1158 |
|
|
s->authctxt = authctxt; |
1159 |
|
|
s->pw = authctxt->pw; |
1160 |
|
|
s->pid = pmonitor->m_pid; |
1161 |
|
|
res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty)); |
1162 |
|
|
if (res == 0) |
1163 |
|
|
goto error; |
1164 |
|
|
pty_setowner(authctxt->pw, s->tty); |
1165 |
|
|
|
1166 |
|
|
buffer_put_int(m, 1); |
1167 |
|
|
buffer_put_cstring(m, s->tty); |
1168 |
|
|
|
1169 |
|
|
/* We need to trick ttyslot */ |
1170 |
|
|
if (dup2(s->ttyfd, 0) == -1) |
1171 |
|
|
fatal("%s: dup2", __func__); |
1172 |
|
|
|
1173 |
|
|
mm_record_login(s, authctxt->pw); |
1174 |
|
|
|
1175 |
|
|
/* Now we can close the file descriptor again */ |
1176 |
|
|
close(0); |
1177 |
|
|
|
1178 |
|
|
/* send messages generated by record_login */ |
1179 |
|
|
buffer_put_string(m, buffer_ptr(&loginmsg), buffer_len(&loginmsg)); |
1180 |
|
|
buffer_clear(&loginmsg); |
1181 |
|
|
|
1182 |
|
|
mm_request_send(sock, MONITOR_ANS_PTY, m); |
1183 |
|
|
|
1184 |
|
|
if (mm_send_fd(sock, s->ptyfd) == -1 || |
1185 |
|
|
mm_send_fd(sock, s->ttyfd) == -1) |
1186 |
|
|
fatal("%s: send fds failed", __func__); |
1187 |
|
|
|
1188 |
|
|
/* make sure nothing uses fd 0 */ |
1189 |
|
|
if ((fd0 = open(_PATH_DEVNULL, O_RDONLY)) < 0) |
1190 |
|
|
fatal("%s: open(/dev/null): %s", __func__, strerror(errno)); |
1191 |
|
|
if (fd0 != 0) |
1192 |
|
|
error("%s: fd0 %d != 0", __func__, fd0); |
1193 |
|
|
|
1194 |
|
|
/* slave is not needed */ |
1195 |
|
|
close(s->ttyfd); |
1196 |
|
|
s->ttyfd = s->ptyfd; |
1197 |
|
|
/* no need to dup() because nobody closes ptyfd */ |
1198 |
|
|
s->ptymaster = s->ptyfd; |
1199 |
|
|
|
1200 |
|
|
debug3("%s: tty %s ptyfd %d", __func__, s->tty, s->ttyfd); |
1201 |
|
|
|
1202 |
|
|
return (0); |
1203 |
|
|
|
1204 |
|
|
error: |
1205 |
|
|
if (s != NULL) |
1206 |
|
|
mm_session_close(s); |
1207 |
|
|
buffer_put_int(m, 0); |
1208 |
|
|
mm_request_send(sock, MONITOR_ANS_PTY, m); |
1209 |
|
|
return (0); |
1210 |
|
|
} |
1211 |
|
|
|
1212 |
|
|
int |
1213 |
|
|
mm_answer_pty_cleanup(int sock, Buffer *m) |
1214 |
|
|
{ |
1215 |
|
|
Session *s; |
1216 |
|
|
char *tty; |
1217 |
|
|
|
1218 |
|
|
debug3("%s entering", __func__); |
1219 |
|
|
|
1220 |
|
|
tty = buffer_get_string(m, NULL); |
1221 |
|
|
if ((s = session_by_tty(tty)) != NULL) |
1222 |
|
|
mm_session_close(s); |
1223 |
|
|
buffer_clear(m); |
1224 |
|
|
free(tty); |
1225 |
|
|
return (0); |
1226 |
|
|
} |
1227 |
|
|
|
1228 |
|
|
int |
1229 |
|
|
mm_answer_term(int sock, Buffer *req) |
1230 |
|
|
{ |
1231 |
|
|
struct ssh *ssh = active_state; /* XXX */ |
1232 |
|
|
extern struct monitor *pmonitor; |
1233 |
|
|
int res, status; |
1234 |
|
|
|
1235 |
|
|
debug3("%s: tearing down sessions", __func__); |
1236 |
|
|
|
1237 |
|
|
/* The child is terminating */ |
1238 |
|
|
session_destroy_all(ssh, &mm_session_close); |
1239 |
|
|
|
1240 |
|
|
while (waitpid(pmonitor->m_pid, &status, 0) == -1) |
1241 |
|
|
if (errno != EINTR) |
1242 |
|
|
exit(1); |
1243 |
|
|
|
1244 |
|
|
res = WIFEXITED(status) ? WEXITSTATUS(status) : 1; |
1245 |
|
|
|
1246 |
|
|
/* Terminate process */ |
1247 |
|
|
exit(res); |
1248 |
|
|
} |
1249 |
|
|
|
1250 |
|
|
void |
1251 |
|
|
monitor_clear_keystate(struct monitor *pmonitor) |
1252 |
|
|
{ |
1253 |
|
|
struct ssh *ssh = active_state; /* XXX */ |
1254 |
|
|
|
1255 |
|
|
ssh_clear_newkeys(ssh, MODE_IN); |
1256 |
|
|
ssh_clear_newkeys(ssh, MODE_OUT); |
1257 |
|
|
sshbuf_free(child_state); |
1258 |
|
|
child_state = NULL; |
1259 |
|
|
} |
1260 |
|
|
|
1261 |
|
|
void |
1262 |
|
|
monitor_apply_keystate(struct monitor *pmonitor) |
1263 |
|
|
{ |
1264 |
|
|
struct ssh *ssh = active_state; /* XXX */ |
1265 |
|
|
struct kex *kex; |
1266 |
|
|
int r; |
1267 |
|
|
|
1268 |
|
|
debug3("%s: packet_set_state", __func__); |
1269 |
|
|
if ((r = ssh_packet_set_state(ssh, child_state)) != 0) |
1270 |
|
|
fatal("%s: packet_set_state: %s", __func__, ssh_err(r)); |
1271 |
|
|
sshbuf_free(child_state); |
1272 |
|
|
child_state = NULL; |
1273 |
|
|
|
1274 |
|
|
if ((kex = ssh->kex) != NULL) { |
1275 |
|
|
/* XXX set callbacks */ |
1276 |
|
|
#ifdef WITH_OPENSSL |
1277 |
|
|
kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; |
1278 |
|
|
kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; |
1279 |
|
|
kex->kex[KEX_DH_GRP14_SHA256] = kexdh_server; |
1280 |
|
|
kex->kex[KEX_DH_GRP16_SHA512] = kexdh_server; |
1281 |
|
|
kex->kex[KEX_DH_GRP18_SHA512] = kexdh_server; |
1282 |
|
|
kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; |
1283 |
|
|
kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; |
1284 |
|
|
kex->kex[KEX_ECDH_SHA2] = kexecdh_server; |
1285 |
|
|
#endif |
1286 |
|
|
kex->kex[KEX_C25519_SHA256] = kexc25519_server; |
1287 |
|
|
kex->load_host_public_key=&get_hostkey_public_by_type; |
1288 |
|
|
kex->load_host_private_key=&get_hostkey_private_by_type; |
1289 |
|
|
kex->host_key_index=&get_hostkey_index; |
1290 |
|
|
kex->sign = sshd_hostkey_sign; |
1291 |
|
|
} |
1292 |
|
|
} |
1293 |
|
|
|
1294 |
|
|
/* This function requries careful sanity checking */ |
1295 |
|
|
|
1296 |
|
|
void |
1297 |
|
|
mm_get_keystate(struct monitor *pmonitor) |
1298 |
|
|
{ |
1299 |
|
|
debug3("%s: Waiting for new keys", __func__); |
1300 |
|
|
|
1301 |
|
|
if ((child_state = sshbuf_new()) == NULL) |
1302 |
|
|
fatal("%s: sshbuf_new failed", __func__); |
1303 |
|
|
mm_request_receive_expect(pmonitor->m_sendfd, MONITOR_REQ_KEYEXPORT, |
1304 |
|
|
child_state); |
1305 |
|
|
debug3("%s: GOT new keys", __func__); |
1306 |
|
|
} |
1307 |
|
|
|
1308 |
|
|
|
1309 |
|
|
/* XXX */ |
1310 |
|
|
|
1311 |
|
|
#define FD_CLOSEONEXEC(x) do { \ |
1312 |
|
|
if (fcntl(x, F_SETFD, FD_CLOEXEC) == -1) \ |
1313 |
|
|
fatal("fcntl(%d, F_SETFD)", x); \ |
1314 |
|
|
} while (0) |
1315 |
|
|
|
1316 |
|
|
static void |
1317 |
|
|
monitor_openfds(struct monitor *mon, int do_logfds) |
1318 |
|
|
{ |
1319 |
|
|
int pair[2]; |
1320 |
|
|
#ifdef SO_ZEROIZE |
1321 |
|
|
int on = 1; |
1322 |
|
|
#endif |
1323 |
|
|
|
1324 |
|
|
if (socketpair(AF_UNIX, SOCK_STREAM, 0, pair) == -1) |
1325 |
|
|
fatal("%s: socketpair: %s", __func__, strerror(errno)); |
1326 |
|
|
#ifdef SO_ZEROIZE |
1327 |
|
|
if (setsockopt(pair[0], SOL_SOCKET, SO_ZEROIZE, &on, sizeof(on)) < 0) |
1328 |
|
|
error("setsockopt SO_ZEROIZE(0): %.100s", strerror(errno)); |
1329 |
|
|
if (setsockopt(pair[1], SOL_SOCKET, SO_ZEROIZE, &on, sizeof(on)) < 0) |
1330 |
|
|
error("setsockopt SO_ZEROIZE(1): %.100s", strerror(errno)); |
1331 |
|
|
#endif |
1332 |
|
|
FD_CLOSEONEXEC(pair[0]); |
1333 |
|
|
FD_CLOSEONEXEC(pair[1]); |
1334 |
|
|
mon->m_recvfd = pair[0]; |
1335 |
|
|
mon->m_sendfd = pair[1]; |
1336 |
|
|
|
1337 |
|
|
if (do_logfds) { |
1338 |
|
|
if (pipe(pair) == -1) |
1339 |
|
|
fatal("%s: pipe: %s", __func__, strerror(errno)); |
1340 |
|
|
FD_CLOSEONEXEC(pair[0]); |
1341 |
|
|
FD_CLOSEONEXEC(pair[1]); |
1342 |
|
|
mon->m_log_recvfd = pair[0]; |
1343 |
|
|
mon->m_log_sendfd = pair[1]; |
1344 |
|
|
} else |
1345 |
|
|
mon->m_log_recvfd = mon->m_log_sendfd = -1; |
1346 |
|
|
} |
1347 |
|
|
|
1348 |
|
|
#define MM_MEMSIZE 65536 |
1349 |
|
|
|
1350 |
|
|
struct monitor * |
1351 |
|
|
monitor_init(void) |
1352 |
|
|
{ |
1353 |
|
|
struct monitor *mon; |
1354 |
|
|
|
1355 |
|
|
mon = xcalloc(1, sizeof(*mon)); |
1356 |
|
|
monitor_openfds(mon, 1); |
1357 |
|
|
|
1358 |
|
|
return mon; |
1359 |
|
|
} |
1360 |
|
|
|
1361 |
|
|
void |
1362 |
|
|
monitor_reinit(struct monitor *mon) |
1363 |
|
|
{ |
1364 |
|
|
monitor_openfds(mon, 0); |
1365 |
|
|
} |
1366 |
|
|
|
1367 |
|
|
#ifdef GSSAPI |
1368 |
|
|
int |
1369 |
|
|
mm_answer_gss_setup_ctx(int sock, Buffer *m) |
1370 |
|
|
{ |
1371 |
|
|
gss_OID_desc goid; |
1372 |
|
|
OM_uint32 major; |
1373 |
|
|
u_int len; |
1374 |
|
|
|
1375 |
|
|
if (!options.gss_authentication) |
1376 |
|
|
fatal("%s: GSSAPI authentication not enabled", __func__); |
1377 |
|
|
|
1378 |
|
|
goid.elements = buffer_get_string(m, &len); |
1379 |
|
|
goid.length = len; |
1380 |
|
|
|
1381 |
|
|
major = ssh_gssapi_server_ctx(&gsscontext, &goid); |
1382 |
|
|
|
1383 |
|
|
free(goid.elements); |
1384 |
|
|
|
1385 |
|
|
buffer_clear(m); |
1386 |
|
|
buffer_put_int(m, major); |
1387 |
|
|
|
1388 |
|
|
mm_request_send(sock, MONITOR_ANS_GSSSETUP, m); |
1389 |
|
|
|
1390 |
|
|
/* Now we have a context, enable the step */ |
1391 |
|
|
monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 1); |
1392 |
|
|
|
1393 |
|
|
return (0); |
1394 |
|
|
} |
1395 |
|
|
|
1396 |
|
|
int |
1397 |
|
|
mm_answer_gss_accept_ctx(int sock, Buffer *m) |
1398 |
|
|
{ |
1399 |
|
|
gss_buffer_desc in; |
1400 |
|
|
gss_buffer_desc out = GSS_C_EMPTY_BUFFER; |
1401 |
|
|
OM_uint32 major, minor; |
1402 |
|
|
OM_uint32 flags = 0; /* GSI needs this */ |
1403 |
|
|
u_int len; |
1404 |
|
|
|
1405 |
|
|
if (!options.gss_authentication) |
1406 |
|
|
fatal("%s: GSSAPI authentication not enabled", __func__); |
1407 |
|
|
|
1408 |
|
|
in.value = buffer_get_string(m, &len); |
1409 |
|
|
in.length = len; |
1410 |
|
|
major = ssh_gssapi_accept_ctx(gsscontext, &in, &out, &flags); |
1411 |
|
|
free(in.value); |
1412 |
|
|
|
1413 |
|
|
buffer_clear(m); |
1414 |
|
|
buffer_put_int(m, major); |
1415 |
|
|
buffer_put_string(m, out.value, out.length); |
1416 |
|
|
buffer_put_int(m, flags); |
1417 |
|
|
mm_request_send(sock, MONITOR_ANS_GSSSTEP, m); |
1418 |
|
|
|
1419 |
|
|
gss_release_buffer(&minor, &out); |
1420 |
|
|
|
1421 |
|
|
if (major == GSS_S_COMPLETE) { |
1422 |
|
|
monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 0); |
1423 |
|
|
monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1); |
1424 |
|
|
monitor_permit(mon_dispatch, MONITOR_REQ_GSSCHECKMIC, 1); |
1425 |
|
|
} |
1426 |
|
|
return (0); |
1427 |
|
|
} |
1428 |
|
|
|
1429 |
|
|
int |
1430 |
|
|
mm_answer_gss_checkmic(int sock, Buffer *m) |
1431 |
|
|
{ |
1432 |
|
|
gss_buffer_desc gssbuf, mic; |
1433 |
|
|
OM_uint32 ret; |
1434 |
|
|
u_int len; |
1435 |
|
|
|
1436 |
|
|
if (!options.gss_authentication) |
1437 |
|
|
fatal("%s: GSSAPI authentication not enabled", __func__); |
1438 |
|
|
|
1439 |
|
|
gssbuf.value = buffer_get_string(m, &len); |
1440 |
|
|
gssbuf.length = len; |
1441 |
|
|
mic.value = buffer_get_string(m, &len); |
1442 |
|
|
mic.length = len; |
1443 |
|
|
|
1444 |
|
|
ret = ssh_gssapi_checkmic(gsscontext, &gssbuf, &mic); |
1445 |
|
|
|
1446 |
|
|
free(gssbuf.value); |
1447 |
|
|
free(mic.value); |
1448 |
|
|
|
1449 |
|
|
buffer_clear(m); |
1450 |
|
|
buffer_put_int(m, ret); |
1451 |
|
|
|
1452 |
|
|
mm_request_send(sock, MONITOR_ANS_GSSCHECKMIC, m); |
1453 |
|
|
|
1454 |
|
|
if (!GSS_ERROR(ret)) |
1455 |
|
|
monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1); |
1456 |
|
|
|
1457 |
|
|
return (0); |
1458 |
|
|
} |
1459 |
|
|
|
1460 |
|
|
int |
1461 |
|
|
mm_answer_gss_userok(int sock, Buffer *m) |
1462 |
|
|
{ |
1463 |
|
|
int authenticated; |
1464 |
|
|
const char *displayname; |
1465 |
|
|
|
1466 |
|
|
if (!options.gss_authentication) |
1467 |
|
|
fatal("%s: GSSAPI authentication not enabled", __func__); |
1468 |
|
|
|
1469 |
|
|
authenticated = authctxt->valid && ssh_gssapi_userok(authctxt->user); |
1470 |
|
|
|
1471 |
|
|
buffer_clear(m); |
1472 |
|
|
buffer_put_int(m, authenticated); |
1473 |
|
|
|
1474 |
|
|
debug3("%s: sending result %d", __func__, authenticated); |
1475 |
|
|
mm_request_send(sock, MONITOR_ANS_GSSUSEROK, m); |
1476 |
|
|
|
1477 |
|
|
auth_method = "gssapi-with-mic"; |
1478 |
|
|
|
1479 |
|
|
if ((displayname = ssh_gssapi_displayname()) != NULL) |
1480 |
|
|
auth2_record_info(authctxt, "%s", displayname); |
1481 |
|
|
|
1482 |
|
|
/* Monitor loop will terminate if authenticated */ |
1483 |
|
|
return (authenticated); |
1484 |
|
|
} |
1485 |
|
|
#endif /* GSSAPI */ |
1486 |
|
|
|