diff options
author | Colin Watson <cjwatson@debian.org> | 2016-12-20 00:22:52 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2016-12-20 00:22:52 +0000 |
commit | 971a7653746a6972b907dfe0ce139c06e4a6f482 (patch) | |
tree | 70fb964265d57ae4967be55b75dbb2a122e9b969 /monitor.c | |
parent | a8ed8d256b2e2c05b0c15565a7938028c5192277 (diff) | |
parent | 4a354fc231174901f2629437c2a6e924a2dd6772 (diff) |
Import openssh_7.4p1.orig.tar.gz
Diffstat (limited to 'monitor.c')
-rw-r--r-- | monitor.c | 407 |
1 files changed, 62 insertions, 345 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: monitor.c,v 1.161 2016/07/22 03:39:13 djm Exp $ */ | 1 | /* $OpenBSD: monitor.c,v 1.166 2016/09/28 16:33:06 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> | 3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> |
4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> | 4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> |
@@ -94,7 +94,6 @@ | |||
94 | #include "misc.h" | 94 | #include "misc.h" |
95 | #include "servconf.h" | 95 | #include "servconf.h" |
96 | #include "monitor.h" | 96 | #include "monitor.h" |
97 | #include "monitor_mm.h" | ||
98 | #ifdef GSSAPI | 97 | #ifdef GSSAPI |
99 | #include "ssh-gss.h" | 98 | #include "ssh-gss.h" |
100 | #endif | 99 | #endif |
@@ -169,10 +168,6 @@ static int monitor_read_log(struct monitor *); | |||
169 | 168 | ||
170 | static Authctxt *authctxt; | 169 | static Authctxt *authctxt; |
171 | 170 | ||
172 | #ifdef WITH_SSH1 | ||
173 | static BIGNUM *ssh1_challenge = NULL; /* used for ssh1 rsa auth */ | ||
174 | #endif | ||
175 | |||
176 | /* local state for key verify */ | 171 | /* local state for key verify */ |
177 | static u_char *key_blob = NULL; | 172 | static u_char *key_blob = NULL; |
178 | static u_int key_bloblen = 0; | 173 | static u_int key_bloblen = 0; |
@@ -212,9 +207,9 @@ struct mon_table mon_dispatch_proto20[] = { | |||
212 | #ifdef USE_PAM | 207 | #ifdef USE_PAM |
213 | {MONITOR_REQ_PAM_START, MON_ONCE, mm_answer_pam_start}, | 208 | {MONITOR_REQ_PAM_START, MON_ONCE, mm_answer_pam_start}, |
214 | {MONITOR_REQ_PAM_ACCOUNT, 0, mm_answer_pam_account}, | 209 | {MONITOR_REQ_PAM_ACCOUNT, 0, mm_answer_pam_account}, |
215 | {MONITOR_REQ_PAM_INIT_CTX, MON_ISAUTH, mm_answer_pam_init_ctx}, | 210 | {MONITOR_REQ_PAM_INIT_CTX, MON_ONCE, mm_answer_pam_init_ctx}, |
216 | {MONITOR_REQ_PAM_QUERY, MON_ISAUTH, mm_answer_pam_query}, | 211 | {MONITOR_REQ_PAM_QUERY, 0, mm_answer_pam_query}, |
217 | {MONITOR_REQ_PAM_RESPOND, MON_ISAUTH, mm_answer_pam_respond}, | 212 | {MONITOR_REQ_PAM_RESPOND, MON_ONCE, mm_answer_pam_respond}, |
218 | {MONITOR_REQ_PAM_FREE_CTX, MON_ONCE|MON_AUTHDECIDE, mm_answer_pam_free_ctx}, | 213 | {MONITOR_REQ_PAM_FREE_CTX, MON_ONCE|MON_AUTHDECIDE, mm_answer_pam_free_ctx}, |
219 | #endif | 214 | #endif |
220 | #ifdef SSH_AUDIT_EVENTS | 215 | #ifdef SSH_AUDIT_EVENTS |
@@ -232,9 +227,9 @@ struct mon_table mon_dispatch_proto20[] = { | |||
232 | {MONITOR_REQ_KEYVERIFY, MON_AUTH, mm_answer_keyverify}, | 227 | {MONITOR_REQ_KEYVERIFY, MON_AUTH, mm_answer_keyverify}, |
233 | #ifdef GSSAPI | 228 | #ifdef GSSAPI |
234 | {MONITOR_REQ_GSSSETUP, MON_ISAUTH, mm_answer_gss_setup_ctx}, | 229 | {MONITOR_REQ_GSSSETUP, MON_ISAUTH, mm_answer_gss_setup_ctx}, |
235 | {MONITOR_REQ_GSSSTEP, MON_ISAUTH, mm_answer_gss_accept_ctx}, | 230 | {MONITOR_REQ_GSSSTEP, 0, mm_answer_gss_accept_ctx}, |
236 | {MONITOR_REQ_GSSUSEROK, MON_AUTH, mm_answer_gss_userok}, | 231 | {MONITOR_REQ_GSSUSEROK, MON_ONCE|MON_AUTHDECIDE, mm_answer_gss_userok}, |
237 | {MONITOR_REQ_GSSCHECKMIC, MON_ISAUTH, mm_answer_gss_checkmic}, | 232 | {MONITOR_REQ_GSSCHECKMIC, MON_ONCE, mm_answer_gss_checkmic}, |
238 | #endif | 233 | #endif |
239 | {0, 0, NULL} | 234 | {0, 0, NULL} |
240 | }; | 235 | }; |
@@ -254,52 +249,6 @@ struct mon_table mon_dispatch_postauth20[] = { | |||
254 | {0, 0, NULL} | 249 | {0, 0, NULL} |
255 | }; | 250 | }; |
256 | 251 | ||
257 | struct mon_table mon_dispatch_proto15[] = { | ||
258 | #ifdef WITH_SSH1 | ||
259 | {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow}, | ||
260 | {MONITOR_REQ_SESSKEY, MON_ONCE, mm_answer_sesskey}, | ||
261 | {MONITOR_REQ_SESSID, MON_ONCE, mm_answer_sessid}, | ||
262 | {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword}, | ||
263 | {MONITOR_REQ_RSAKEYALLOWED, MON_ISAUTH|MON_ALOG, mm_answer_rsa_keyallowed}, | ||
264 | {MONITOR_REQ_KEYALLOWED, MON_ISAUTH|MON_ALOG, mm_answer_keyallowed}, | ||
265 | {MONITOR_REQ_RSACHALLENGE, MON_ONCE, mm_answer_rsa_challenge}, | ||
266 | {MONITOR_REQ_RSARESPONSE, MON_ONCE|MON_AUTHDECIDE, mm_answer_rsa_response}, | ||
267 | #ifdef BSD_AUTH | ||
268 | {MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery}, | ||
269 | {MONITOR_REQ_BSDAUTHRESPOND, MON_AUTH, mm_answer_bsdauthrespond}, | ||
270 | #endif | ||
271 | #ifdef SKEY | ||
272 | {MONITOR_REQ_SKEYQUERY, MON_ISAUTH, mm_answer_skeyquery}, | ||
273 | {MONITOR_REQ_SKEYRESPOND, MON_AUTH, mm_answer_skeyrespond}, | ||
274 | #endif | ||
275 | #ifdef USE_PAM | ||
276 | {MONITOR_REQ_PAM_START, MON_ONCE, mm_answer_pam_start}, | ||
277 | {MONITOR_REQ_PAM_ACCOUNT, 0, mm_answer_pam_account}, | ||
278 | {MONITOR_REQ_PAM_INIT_CTX, MON_ISAUTH, mm_answer_pam_init_ctx}, | ||
279 | {MONITOR_REQ_PAM_QUERY, MON_ISAUTH, mm_answer_pam_query}, | ||
280 | {MONITOR_REQ_PAM_RESPOND, MON_ISAUTH, mm_answer_pam_respond}, | ||
281 | {MONITOR_REQ_PAM_FREE_CTX, MON_ONCE|MON_AUTHDECIDE, mm_answer_pam_free_ctx}, | ||
282 | #endif | ||
283 | #ifdef SSH_AUDIT_EVENTS | ||
284 | {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, | ||
285 | #endif | ||
286 | #endif /* WITH_SSH1 */ | ||
287 | {0, 0, NULL} | ||
288 | }; | ||
289 | |||
290 | struct mon_table mon_dispatch_postauth15[] = { | ||
291 | #ifdef WITH_SSH1 | ||
292 | {MONITOR_REQ_PTY, MON_ONCE, mm_answer_pty}, | ||
293 | {MONITOR_REQ_PTYCLEANUP, MON_ONCE, mm_answer_pty_cleanup}, | ||
294 | {MONITOR_REQ_TERM, 0, mm_answer_term}, | ||
295 | #ifdef SSH_AUDIT_EVENTS | ||
296 | {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, | ||
297 | {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT|MON_ONCE, mm_answer_audit_command}, | ||
298 | #endif | ||
299 | #endif /* WITH_SSH1 */ | ||
300 | {0, 0, NULL} | ||
301 | }; | ||
302 | |||
303 | struct mon_table *mon_dispatch; | 252 | struct mon_table *mon_dispatch; |
304 | 253 | ||
305 | /* Specifies if a certain message is allowed at the moment */ | 254 | /* Specifies if a certain message is allowed at the moment */ |
@@ -348,17 +297,10 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor) | |||
348 | 297 | ||
349 | authctxt->loginmsg = &loginmsg; | 298 | authctxt->loginmsg = &loginmsg; |
350 | 299 | ||
351 | if (compat20) { | 300 | mon_dispatch = mon_dispatch_proto20; |
352 | mon_dispatch = mon_dispatch_proto20; | 301 | /* Permit requests for moduli and signatures */ |
353 | 302 | monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1); | |
354 | /* Permit requests for moduli and signatures */ | 303 | monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1); |
355 | monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1); | ||
356 | monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1); | ||
357 | } else { | ||
358 | mon_dispatch = mon_dispatch_proto15; | ||
359 | |||
360 | monitor_permit(mon_dispatch, MONITOR_REQ_SESSKEY, 1); | ||
361 | } | ||
362 | 304 | ||
363 | /* The first few requests do not require asynchronous access */ | 305 | /* The first few requests do not require asynchronous access */ |
364 | while (!authenticated) { | 306 | while (!authenticated) { |
@@ -369,9 +311,6 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor) | |||
369 | 311 | ||
370 | /* Special handling for multiple required authentications */ | 312 | /* Special handling for multiple required authentications */ |
371 | if (options.num_auth_methods != 0) { | 313 | if (options.num_auth_methods != 0) { |
372 | if (!compat20) | ||
373 | fatal("AuthenticationMethods is not supported" | ||
374 | "with SSH protocol 1"); | ||
375 | if (authenticated && | 314 | if (authenticated && |
376 | !auth2_update_methods_lists(authctxt, | 315 | !auth2_update_methods_lists(authctxt, |
377 | auth_method, auth_submethod)) { | 316 | auth_method, auth_submethod)) { |
@@ -455,17 +394,13 @@ monitor_child_postauth(struct monitor *pmonitor) | |||
455 | signal(SIGXFSZ, SIG_IGN); | 394 | signal(SIGXFSZ, SIG_IGN); |
456 | #endif | 395 | #endif |
457 | 396 | ||
458 | if (compat20) { | 397 | mon_dispatch = mon_dispatch_postauth20; |
459 | mon_dispatch = mon_dispatch_postauth20; | 398 | |
399 | /* Permit requests for moduli and signatures */ | ||
400 | monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1); | ||
401 | monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1); | ||
402 | monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1); | ||
460 | 403 | ||
461 | /* Permit requests for moduli and signatures */ | ||
462 | monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1); | ||
463 | monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1); | ||
464 | monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1); | ||
465 | } else { | ||
466 | mon_dispatch = mon_dispatch_postauth15; | ||
467 | monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1); | ||
468 | } | ||
469 | if (!no_pty_flag) { | 404 | if (!no_pty_flag) { |
470 | monitor_permit(mon_dispatch, MONITOR_REQ_PTY, 1); | 405 | monitor_permit(mon_dispatch, MONITOR_REQ_PTY, 1); |
471 | monitor_permit(mon_dispatch, MONITOR_REQ_PTYCLEANUP, 1); | 406 | monitor_permit(mon_dispatch, MONITOR_REQ_PTYCLEANUP, 1); |
@@ -475,31 +410,6 @@ monitor_child_postauth(struct monitor *pmonitor) | |||
475 | monitor_read(pmonitor, mon_dispatch, NULL); | 410 | monitor_read(pmonitor, mon_dispatch, NULL); |
476 | } | 411 | } |
477 | 412 | ||
478 | void | ||
479 | monitor_sync(struct monitor *pmonitor) | ||
480 | { | ||
481 | if (options.compression) { | ||
482 | /* The member allocation is not visible, so sync it */ | ||
483 | mm_share_sync(&pmonitor->m_zlib, &pmonitor->m_zback); | ||
484 | } | ||
485 | } | ||
486 | |||
487 | /* Allocation functions for zlib */ | ||
488 | static void * | ||
489 | mm_zalloc(struct mm_master *mm, u_int ncount, u_int size) | ||
490 | { | ||
491 | if (size == 0 || ncount == 0 || ncount > SIZE_MAX / size) | ||
492 | fatal("%s: mm_zalloc(%u, %u)", __func__, ncount, size); | ||
493 | |||
494 | return mm_malloc(mm, size * ncount); | ||
495 | } | ||
496 | |||
497 | static void | ||
498 | mm_zfree(struct mm_master *mm, void *address) | ||
499 | { | ||
500 | mm_free(mm, address); | ||
501 | } | ||
502 | |||
503 | static int | 413 | static int |
504 | monitor_read_log(struct monitor *pmonitor) | 414 | monitor_read_log(struct monitor *pmonitor) |
505 | { | 415 | { |
@@ -845,7 +755,7 @@ mm_answer_pwnamallow(int sock, Buffer *m) | |||
845 | #undef M_CP_STRARRAYOPT | 755 | #undef M_CP_STRARRAYOPT |
846 | 756 | ||
847 | /* Create valid auth method lists */ | 757 | /* Create valid auth method lists */ |
848 | if (compat20 && auth2_setup_methods_lists(authctxt) != 0) { | 758 | if (auth2_setup_methods_lists(authctxt) != 0) { |
849 | /* | 759 | /* |
850 | * The monitor will continue long enough to let the child | 760 | * The monitor will continue long enough to let the child |
851 | * run to it's packet_disconnect(), but it must not allow any | 761 | * run to it's packet_disconnect(), but it must not allow any |
@@ -857,14 +767,10 @@ mm_answer_pwnamallow(int sock, Buffer *m) | |||
857 | debug3("%s: sending MONITOR_ANS_PWNAM: %d", __func__, allowed); | 767 | debug3("%s: sending MONITOR_ANS_PWNAM: %d", __func__, allowed); |
858 | mm_request_send(sock, MONITOR_ANS_PWNAM, m); | 768 | mm_request_send(sock, MONITOR_ANS_PWNAM, m); |
859 | 769 | ||
860 | /* For SSHv1 allow authentication now */ | 770 | /* Allow service/style information on the auth context */ |
861 | if (!compat20) | 771 | monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1); |
862 | monitor_permit_authentications(1); | 772 | monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1); |
863 | else { | 773 | |
864 | /* Allow service/style information on the auth context */ | ||
865 | monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1); | ||
866 | monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1); | ||
867 | } | ||
868 | #ifdef USE_PAM | 774 | #ifdef USE_PAM |
869 | if (options.use_pam) | 775 | if (options.use_pam) |
870 | monitor_permit(mon_dispatch, MONITOR_REQ_PAM_START, 1); | 776 | monitor_permit(mon_dispatch, MONITOR_REQ_PAM_START, 1); |
@@ -912,6 +818,8 @@ mm_answer_authpassword(int sock, Buffer *m) | |||
912 | int authenticated; | 818 | int authenticated; |
913 | u_int plen; | 819 | u_int plen; |
914 | 820 | ||
821 | if (!options.password_authentication) | ||
822 | fatal("%s: password authentication not enabled", __func__); | ||
915 | passwd = buffer_get_string(m, &plen); | 823 | passwd = buffer_get_string(m, &plen); |
916 | /* Only authenticate if the context is valid */ | 824 | /* Only authenticate if the context is valid */ |
917 | authenticated = options.password_authentication && | 825 | authenticated = options.password_authentication && |
@@ -948,6 +856,8 @@ mm_answer_bsdauthquery(int sock, Buffer *m) | |||
948 | char **prompts; | 856 | char **prompts; |
949 | u_int success; | 857 | u_int success; |
950 | 858 | ||
859 | if (!options.kbd_interactive_authentication) | ||
860 | fatal("%s: kbd-int authentication not enabled", __func__); | ||
951 | success = bsdauth_query(authctxt, &name, &infotxt, &numprompts, | 861 | success = bsdauth_query(authctxt, &name, &infotxt, &numprompts, |
952 | &prompts, &echo_on) < 0 ? 0 : 1; | 862 | &prompts, &echo_on) < 0 ? 0 : 1; |
953 | 863 | ||
@@ -975,6 +885,8 @@ mm_answer_bsdauthrespond(int sock, Buffer *m) | |||
975 | char *response; | 885 | char *response; |
976 | int authok; | 886 | int authok; |
977 | 887 | ||
888 | if (!options.kbd_interactive_authentication) | ||
889 | fatal("%s: kbd-int authentication not enabled", __func__); | ||
978 | if (authctxt->as == NULL) | 890 | if (authctxt->as == NULL) |
979 | fatal("%s: no bsd auth session", __func__); | 891 | fatal("%s: no bsd auth session", __func__); |
980 | 892 | ||
@@ -991,11 +903,8 @@ mm_answer_bsdauthrespond(int sock, Buffer *m) | |||
991 | debug3("%s: sending authenticated: %d", __func__, authok); | 903 | debug3("%s: sending authenticated: %d", __func__, authok); |
992 | mm_request_send(sock, MONITOR_ANS_BSDAUTHRESPOND, m); | 904 | mm_request_send(sock, MONITOR_ANS_BSDAUTHRESPOND, m); |
993 | 905 | ||
994 | if (compat20) { | 906 | auth_method = "keyboard-interactive"; |
995 | auth_method = "keyboard-interactive"; | 907 | auth_submethod = "bsdauth"; |
996 | auth_submethod = "bsdauth"; | ||
997 | } else | ||
998 | auth_method = "bsdauth"; | ||
999 | 908 | ||
1000 | return (authok != 0); | 909 | return (authok != 0); |
1001 | } | 910 | } |
@@ -1061,6 +970,8 @@ mm_answer_pam_start(int sock, Buffer *m) | |||
1061 | start_pam(authctxt); | 970 | start_pam(authctxt); |
1062 | 971 | ||
1063 | monitor_permit(mon_dispatch, MONITOR_REQ_PAM_ACCOUNT, 1); | 972 | monitor_permit(mon_dispatch, MONITOR_REQ_PAM_ACCOUNT, 1); |
973 | if (options.kbd_interactive_authentication) | ||
974 | monitor_permit(mon_dispatch, MONITOR_REQ_PAM_INIT_CTX, 1); | ||
1064 | 975 | ||
1065 | return (0); | 976 | return (0); |
1066 | } | 977 | } |
@@ -1071,7 +982,7 @@ mm_answer_pam_account(int sock, Buffer *m) | |||
1071 | u_int ret; | 982 | u_int ret; |
1072 | 983 | ||
1073 | if (!options.use_pam) | 984 | if (!options.use_pam) |
1074 | fatal("UsePAM not set, but ended up in %s anyway", __func__); | 985 | fatal("%s: PAM not enabled", __func__); |
1075 | 986 | ||
1076 | ret = do_pam_account(); | 987 | ret = do_pam_account(); |
1077 | 988 | ||
@@ -1090,11 +1001,16 @@ int | |||
1090 | mm_answer_pam_init_ctx(int sock, Buffer *m) | 1001 | mm_answer_pam_init_ctx(int sock, Buffer *m) |
1091 | { | 1002 | { |
1092 | debug3("%s", __func__); | 1003 | debug3("%s", __func__); |
1004 | if (!options.kbd_interactive_authentication) | ||
1005 | fatal("%s: kbd-int authentication not enabled", __func__); | ||
1006 | if (sshpam_ctxt != NULL) | ||
1007 | fatal("%s: already called", __func__); | ||
1093 | sshpam_ctxt = (sshpam_device.init_ctx)(authctxt); | 1008 | sshpam_ctxt = (sshpam_device.init_ctx)(authctxt); |
1094 | sshpam_authok = NULL; | 1009 | sshpam_authok = NULL; |
1095 | buffer_clear(m); | 1010 | buffer_clear(m); |
1096 | if (sshpam_ctxt != NULL) { | 1011 | if (sshpam_ctxt != NULL) { |
1097 | monitor_permit(mon_dispatch, MONITOR_REQ_PAM_FREE_CTX, 1); | 1012 | monitor_permit(mon_dispatch, MONITOR_REQ_PAM_FREE_CTX, 1); |
1013 | monitor_permit(mon_dispatch, MONITOR_REQ_PAM_QUERY, 1); | ||
1098 | buffer_put_int(m, 1); | 1014 | buffer_put_int(m, 1); |
1099 | } else { | 1015 | } else { |
1100 | buffer_put_int(m, 0); | 1016 | buffer_put_int(m, 0); |
@@ -1112,11 +1028,15 @@ mm_answer_pam_query(int sock, Buffer *m) | |||
1112 | 1028 | ||
1113 | debug3("%s", __func__); | 1029 | debug3("%s", __func__); |
1114 | sshpam_authok = NULL; | 1030 | sshpam_authok = NULL; |
1115 | ret = (sshpam_device.query)(sshpam_ctxt, &name, &info, &num, &prompts, &echo_on); | 1031 | if (sshpam_ctxt == NULL) |
1032 | fatal("%s: no context", __func__); | ||
1033 | ret = (sshpam_device.query)(sshpam_ctxt, &name, &info, | ||
1034 | &num, &prompts, &echo_on); | ||
1116 | if (ret == 0 && num == 0) | 1035 | if (ret == 0 && num == 0) |
1117 | sshpam_authok = sshpam_ctxt; | 1036 | sshpam_authok = sshpam_ctxt; |
1118 | if (num > 1 || name == NULL || info == NULL) | 1037 | if (num > 1 || name == NULL || info == NULL) |
1119 | ret = -1; | 1038 | fatal("sshpam_device.query failed"); |
1039 | monitor_permit(mon_dispatch, MONITOR_REQ_PAM_RESPOND, 1); | ||
1120 | buffer_clear(m); | 1040 | buffer_clear(m); |
1121 | buffer_put_int(m, ret); | 1041 | buffer_put_int(m, ret); |
1122 | buffer_put_cstring(m, name); | 1042 | buffer_put_cstring(m, name); |
@@ -1146,6 +1066,8 @@ mm_answer_pam_respond(int sock, Buffer *m) | |||
1146 | int ret; | 1066 | int ret; |
1147 | 1067 | ||
1148 | debug3("%s", __func__); | 1068 | debug3("%s", __func__); |
1069 | if (sshpam_ctxt == NULL) | ||
1070 | fatal("%s: no context", __func__); | ||
1149 | sshpam_authok = NULL; | 1071 | sshpam_authok = NULL; |
1150 | num = buffer_get_int(m); | 1072 | num = buffer_get_int(m); |
1151 | if (num > 0) { | 1073 | if (num > 0) { |
@@ -1175,10 +1097,14 @@ mm_answer_pam_free_ctx(int sock, Buffer *m) | |||
1175 | int r = sshpam_authok != NULL && sshpam_authok == sshpam_ctxt; | 1097 | int r = sshpam_authok != NULL && sshpam_authok == sshpam_ctxt; |
1176 | 1098 | ||
1177 | debug3("%s", __func__); | 1099 | debug3("%s", __func__); |
1100 | if (sshpam_ctxt == NULL) | ||
1101 | fatal("%s: no context", __func__); | ||
1178 | (sshpam_device.free_ctx)(sshpam_ctxt); | 1102 | (sshpam_device.free_ctx)(sshpam_ctxt); |
1179 | sshpam_ctxt = sshpam_authok = NULL; | 1103 | sshpam_ctxt = sshpam_authok = NULL; |
1180 | buffer_clear(m); | 1104 | buffer_clear(m); |
1181 | mm_request_send(sock, MONITOR_ANS_PAM_FREE_CTX, m); | 1105 | mm_request_send(sock, MONITOR_ANS_PAM_FREE_CTX, m); |
1106 | /* Allow another attempt */ | ||
1107 | monitor_permit(mon_dispatch, MONITOR_REQ_PAM_INIT_CTX, 1); | ||
1182 | auth_method = "keyboard-interactive"; | 1108 | auth_method = "keyboard-interactive"; |
1183 | auth_submethod = "pam"; | 1109 | auth_submethod = "pam"; |
1184 | return r; | 1110 | return r; |
@@ -1205,10 +1131,6 @@ mm_answer_keyallowed(int sock, Buffer *m) | |||
1205 | 1131 | ||
1206 | key = key_from_blob(blob, bloblen); | 1132 | key = key_from_blob(blob, bloblen); |
1207 | 1133 | ||
1208 | if ((compat20 && type == MM_RSAHOSTKEY) || | ||
1209 | (!compat20 && type != MM_RSAHOSTKEY)) | ||
1210 | fatal("%s: key type and protocol mismatch", __func__); | ||
1211 | |||
1212 | debug3("%s: key_from_blob: %p", __func__, key); | 1134 | debug3("%s: key_from_blob: %p", __func__, key); |
1213 | 1135 | ||
1214 | if (key != NULL && authctxt->valid) { | 1136 | if (key != NULL && authctxt->valid) { |
@@ -1242,17 +1164,6 @@ mm_answer_keyallowed(int sock, Buffer *m) | |||
1242 | cuser, chost); | 1164 | cuser, chost); |
1243 | auth_method = "hostbased"; | 1165 | auth_method = "hostbased"; |
1244 | break; | 1166 | break; |
1245 | #ifdef WITH_SSH1 | ||
1246 | case MM_RSAHOSTKEY: | ||
1247 | key->type = KEY_RSA1; /* XXX */ | ||
1248 | allowed = options.rhosts_rsa_authentication && | ||
1249 | auth_rhosts_rsa_key_allowed(authctxt->pw, | ||
1250 | cuser, chost, key); | ||
1251 | if (options.rhosts_rsa_authentication && allowed != 1) | ||
1252 | auth_clear_options(); | ||
1253 | auth_method = "rsa"; | ||
1254 | break; | ||
1255 | #endif | ||
1256 | default: | 1167 | default: |
1257 | fatal("%s: unknown key type %d", __func__, type); | 1168 | fatal("%s: unknown key type %d", __func__, type); |
1258 | break; | 1169 | break; |
@@ -1289,9 +1200,6 @@ mm_answer_keyallowed(int sock, Buffer *m) | |||
1289 | 1200 | ||
1290 | mm_request_send(sock, MONITOR_ANS_KEYALLOWED, m); | 1201 | mm_request_send(sock, MONITOR_ANS_KEYALLOWED, m); |
1291 | 1202 | ||
1292 | if (type == MM_RSAHOSTKEY) | ||
1293 | monitor_permit(mon_dispatch, MONITOR_REQ_RSACHALLENGE, allowed); | ||
1294 | |||
1295 | return (0); | 1203 | return (0); |
1296 | } | 1204 | } |
1297 | 1205 | ||
@@ -1484,9 +1392,6 @@ mm_record_login(Session *s, struct passwd *pw) | |||
1484 | socklen_t fromlen; | 1392 | socklen_t fromlen; |
1485 | struct sockaddr_storage from; | 1393 | struct sockaddr_storage from; |
1486 | 1394 | ||
1487 | if (options.use_login) | ||
1488 | return; | ||
1489 | |||
1490 | /* | 1395 | /* |
1491 | * Get IP address of client. If the connection is not a socket, let | 1396 | * Get IP address of client. If the connection is not a socket, let |
1492 | * the address be 0.0.0.0. | 1397 | * the address be 0.0.0.0. |
@@ -1600,186 +1505,6 @@ mm_answer_pty_cleanup(int sock, Buffer *m) | |||
1600 | return (0); | 1505 | return (0); |
1601 | } | 1506 | } |
1602 | 1507 | ||
1603 | #ifdef WITH_SSH1 | ||
1604 | int | ||
1605 | mm_answer_sesskey(int sock, Buffer *m) | ||
1606 | { | ||
1607 | BIGNUM *p; | ||
1608 | int rsafail; | ||
1609 | |||
1610 | /* Turn off permissions */ | ||
1611 | monitor_permit(mon_dispatch, MONITOR_REQ_SESSKEY, 0); | ||
1612 | |||
1613 | if ((p = BN_new()) == NULL) | ||
1614 | fatal("%s: BN_new", __func__); | ||
1615 | |||
1616 | buffer_get_bignum2(m, p); | ||
1617 | |||
1618 | rsafail = ssh1_session_key(p); | ||
1619 | |||
1620 | buffer_clear(m); | ||
1621 | buffer_put_int(m, rsafail); | ||
1622 | buffer_put_bignum2(m, p); | ||
1623 | |||
1624 | BN_clear_free(p); | ||
1625 | |||
1626 | mm_request_send(sock, MONITOR_ANS_SESSKEY, m); | ||
1627 | |||
1628 | /* Turn on permissions for sessid passing */ | ||
1629 | monitor_permit(mon_dispatch, MONITOR_REQ_SESSID, 1); | ||
1630 | |||
1631 | return (0); | ||
1632 | } | ||
1633 | |||
1634 | int | ||
1635 | mm_answer_sessid(int sock, Buffer *m) | ||
1636 | { | ||
1637 | int i; | ||
1638 | |||
1639 | debug3("%s entering", __func__); | ||
1640 | |||
1641 | if (buffer_len(m) != 16) | ||
1642 | fatal("%s: bad ssh1 session id", __func__); | ||
1643 | for (i = 0; i < 16; i++) | ||
1644 | session_id[i] = buffer_get_char(m); | ||
1645 | |||
1646 | /* Turn on permissions for getpwnam */ | ||
1647 | monitor_permit(mon_dispatch, MONITOR_REQ_PWNAM, 1); | ||
1648 | |||
1649 | return (0); | ||
1650 | } | ||
1651 | |||
1652 | int | ||
1653 | mm_answer_rsa_keyallowed(int sock, Buffer *m) | ||
1654 | { | ||
1655 | BIGNUM *client_n; | ||
1656 | Key *key = NULL; | ||
1657 | u_char *blob = NULL; | ||
1658 | u_int blen = 0; | ||
1659 | int allowed = 0; | ||
1660 | |||
1661 | debug3("%s entering", __func__); | ||
1662 | |||
1663 | auth_method = "rsa"; | ||
1664 | if (options.rsa_authentication && authctxt->valid) { | ||
1665 | if ((client_n = BN_new()) == NULL) | ||
1666 | fatal("%s: BN_new", __func__); | ||
1667 | buffer_get_bignum2(m, client_n); | ||
1668 | allowed = auth_rsa_key_allowed(authctxt->pw, client_n, &key); | ||
1669 | BN_clear_free(client_n); | ||
1670 | } | ||
1671 | buffer_clear(m); | ||
1672 | buffer_put_int(m, allowed); | ||
1673 | buffer_put_int(m, forced_command != NULL); | ||
1674 | |||
1675 | /* clear temporarily storage (used by generate challenge) */ | ||
1676 | monitor_reset_key_state(); | ||
1677 | |||
1678 | if (allowed && key != NULL) { | ||
1679 | key->type = KEY_RSA; /* cheat for key_to_blob */ | ||
1680 | if (key_to_blob(key, &blob, &blen) == 0) | ||
1681 | fatal("%s: key_to_blob failed", __func__); | ||
1682 | buffer_put_string(m, blob, blen); | ||
1683 | |||
1684 | /* Save temporarily for comparison in verify */ | ||
1685 | key_blob = blob; | ||
1686 | key_bloblen = blen; | ||
1687 | key_blobtype = MM_RSAUSERKEY; | ||
1688 | } | ||
1689 | if (key != NULL) | ||
1690 | key_free(key); | ||
1691 | |||
1692 | mm_request_send(sock, MONITOR_ANS_RSAKEYALLOWED, m); | ||
1693 | |||
1694 | monitor_permit(mon_dispatch, MONITOR_REQ_RSACHALLENGE, allowed); | ||
1695 | monitor_permit(mon_dispatch, MONITOR_REQ_RSARESPONSE, 0); | ||
1696 | return (0); | ||
1697 | } | ||
1698 | |||
1699 | int | ||
1700 | mm_answer_rsa_challenge(int sock, Buffer *m) | ||
1701 | { | ||
1702 | Key *key = NULL; | ||
1703 | u_char *blob; | ||
1704 | u_int blen; | ||
1705 | |||
1706 | debug3("%s entering", __func__); | ||
1707 | |||
1708 | if (!authctxt->valid) | ||
1709 | fatal("%s: authctxt not valid", __func__); | ||
1710 | blob = buffer_get_string(m, &blen); | ||
1711 | if (!monitor_allowed_key(blob, blen)) | ||
1712 | fatal("%s: bad key, not previously allowed", __func__); | ||
1713 | if (key_blobtype != MM_RSAUSERKEY && key_blobtype != MM_RSAHOSTKEY) | ||
1714 | fatal("%s: key type mismatch", __func__); | ||
1715 | if ((key = key_from_blob(blob, blen)) == NULL) | ||
1716 | fatal("%s: received bad key", __func__); | ||
1717 | if (key->type != KEY_RSA) | ||
1718 | fatal("%s: received bad key type %d", __func__, key->type); | ||
1719 | key->type = KEY_RSA1; | ||
1720 | if (ssh1_challenge) | ||
1721 | BN_clear_free(ssh1_challenge); | ||
1722 | ssh1_challenge = auth_rsa_generate_challenge(key); | ||
1723 | |||
1724 | buffer_clear(m); | ||
1725 | buffer_put_bignum2(m, ssh1_challenge); | ||
1726 | |||
1727 | debug3("%s sending reply", __func__); | ||
1728 | mm_request_send(sock, MONITOR_ANS_RSACHALLENGE, m); | ||
1729 | |||
1730 | monitor_permit(mon_dispatch, MONITOR_REQ_RSARESPONSE, 1); | ||
1731 | |||
1732 | free(blob); | ||
1733 | key_free(key); | ||
1734 | return (0); | ||
1735 | } | ||
1736 | |||
1737 | int | ||
1738 | mm_answer_rsa_response(int sock, Buffer *m) | ||
1739 | { | ||
1740 | Key *key = NULL; | ||
1741 | u_char *blob, *response; | ||
1742 | u_int blen, len; | ||
1743 | int success; | ||
1744 | |||
1745 | debug3("%s entering", __func__); | ||
1746 | |||
1747 | if (!authctxt->valid) | ||
1748 | fatal("%s: authctxt not valid", __func__); | ||
1749 | if (ssh1_challenge == NULL) | ||
1750 | fatal("%s: no ssh1_challenge", __func__); | ||
1751 | |||
1752 | blob = buffer_get_string(m, &blen); | ||
1753 | if (!monitor_allowed_key(blob, blen)) | ||
1754 | fatal("%s: bad key, not previously allowed", __func__); | ||
1755 | if (key_blobtype != MM_RSAUSERKEY && key_blobtype != MM_RSAHOSTKEY) | ||
1756 | fatal("%s: key type mismatch: %d", __func__, key_blobtype); | ||
1757 | if ((key = key_from_blob(blob, blen)) == NULL) | ||
1758 | fatal("%s: received bad key", __func__); | ||
1759 | response = buffer_get_string(m, &len); | ||
1760 | if (len != 16) | ||
1761 | fatal("%s: received bad response to challenge", __func__); | ||
1762 | success = auth_rsa_verify_response(key, ssh1_challenge, response); | ||
1763 | |||
1764 | free(blob); | ||
1765 | key_free(key); | ||
1766 | free(response); | ||
1767 | |||
1768 | auth_method = key_blobtype == MM_RSAUSERKEY ? "rsa" : "rhosts-rsa"; | ||
1769 | |||
1770 | /* reset state */ | ||
1771 | BN_clear_free(ssh1_challenge); | ||
1772 | ssh1_challenge = NULL; | ||
1773 | monitor_reset_key_state(); | ||
1774 | |||
1775 | buffer_clear(m); | ||
1776 | buffer_put_int(m, success); | ||
1777 | mm_request_send(sock, MONITOR_ANS_RSARESPONSE, m); | ||
1778 | |||
1779 | return (success); | ||
1780 | } | ||
1781 | #endif | ||
1782 | |||
1783 | int | 1508 | int |
1784 | mm_answer_term(int sock, Buffer *req) | 1509 | mm_answer_term(int sock, Buffer *req) |
1785 | { | 1510 | { |
@@ -1881,13 +1606,6 @@ monitor_apply_keystate(struct monitor *pmonitor) | |||
1881 | kex->host_key_index=&get_hostkey_index; | 1606 | kex->host_key_index=&get_hostkey_index; |
1882 | kex->sign = sshd_hostkey_sign; | 1607 | kex->sign = sshd_hostkey_sign; |
1883 | } | 1608 | } |
1884 | |||
1885 | /* Update with new address */ | ||
1886 | if (options.compression) { | ||
1887 | ssh_packet_set_compress_hooks(ssh, pmonitor->m_zlib, | ||
1888 | (ssh_packet_comp_alloc_func *)mm_zalloc, | ||
1889 | (ssh_packet_comp_free_func *)mm_zfree); | ||
1890 | } | ||
1891 | } | 1609 | } |
1892 | 1610 | ||
1893 | /* This function requries careful sanity checking */ | 1611 | /* This function requries careful sanity checking */ |
@@ -1940,24 +1658,11 @@ monitor_openfds(struct monitor *mon, int do_logfds) | |||
1940 | struct monitor * | 1658 | struct monitor * |
1941 | monitor_init(void) | 1659 | monitor_init(void) |
1942 | { | 1660 | { |
1943 | struct ssh *ssh = active_state; /* XXX */ | ||
1944 | struct monitor *mon; | 1661 | struct monitor *mon; |
1945 | 1662 | ||
1946 | mon = xcalloc(1, sizeof(*mon)); | 1663 | mon = xcalloc(1, sizeof(*mon)); |
1947 | |||
1948 | monitor_openfds(mon, 1); | 1664 | monitor_openfds(mon, 1); |
1949 | 1665 | ||
1950 | /* Used to share zlib space across processes */ | ||
1951 | if (options.compression) { | ||
1952 | mon->m_zback = mm_create(NULL, MM_MEMSIZE); | ||
1953 | mon->m_zlib = mm_create(mon->m_zback, 20 * MM_MEMSIZE); | ||
1954 | |||
1955 | /* Compression needs to share state across borders */ | ||
1956 | ssh_packet_set_compress_hooks(ssh, mon->m_zlib, | ||
1957 | (ssh_packet_comp_alloc_func *)mm_zalloc, | ||
1958 | (ssh_packet_comp_free_func *)mm_zfree); | ||
1959 | } | ||
1960 | |||
1961 | return mon; | 1666 | return mon; |
1962 | } | 1667 | } |
1963 | 1668 | ||
@@ -1975,6 +1680,9 @@ mm_answer_gss_setup_ctx(int sock, Buffer *m) | |||
1975 | OM_uint32 major; | 1680 | OM_uint32 major; |
1976 | u_int len; | 1681 | u_int len; |
1977 | 1682 | ||
1683 | if (!options.gss_authentication) | ||
1684 | fatal("%s: GSSAPI authentication not enabled", __func__); | ||
1685 | |||
1978 | goid.elements = buffer_get_string(m, &len); | 1686 | goid.elements = buffer_get_string(m, &len); |
1979 | goid.length = len; | 1687 | goid.length = len; |
1980 | 1688 | ||
@@ -2002,6 +1710,9 @@ mm_answer_gss_accept_ctx(int sock, Buffer *m) | |||
2002 | OM_uint32 flags = 0; /* GSI needs this */ | 1710 | OM_uint32 flags = 0; /* GSI needs this */ |
2003 | u_int len; | 1711 | u_int len; |
2004 | 1712 | ||
1713 | if (!options.gss_authentication) | ||
1714 | fatal("%s: GSSAPI authentication not enabled", __func__); | ||
1715 | |||
2005 | in.value = buffer_get_string(m, &len); | 1716 | in.value = buffer_get_string(m, &len); |
2006 | in.length = len; | 1717 | in.length = len; |
2007 | major = ssh_gssapi_accept_ctx(gsscontext, &in, &out, &flags); | 1718 | major = ssh_gssapi_accept_ctx(gsscontext, &in, &out, &flags); |
@@ -2030,6 +1741,9 @@ mm_answer_gss_checkmic(int sock, Buffer *m) | |||
2030 | OM_uint32 ret; | 1741 | OM_uint32 ret; |
2031 | u_int len; | 1742 | u_int len; |
2032 | 1743 | ||
1744 | if (!options.gss_authentication) | ||
1745 | fatal("%s: GSSAPI authentication not enabled", __func__); | ||
1746 | |||
2033 | gssbuf.value = buffer_get_string(m, &len); | 1747 | gssbuf.value = buffer_get_string(m, &len); |
2034 | gssbuf.length = len; | 1748 | gssbuf.length = len; |
2035 | mic.value = buffer_get_string(m, &len); | 1749 | mic.value = buffer_get_string(m, &len); |
@@ -2056,6 +1770,9 @@ mm_answer_gss_userok(int sock, Buffer *m) | |||
2056 | { | 1770 | { |
2057 | int authenticated; | 1771 | int authenticated; |
2058 | 1772 | ||
1773 | if (!options.gss_authentication) | ||
1774 | fatal("%s: GSSAPI authentication not enabled", __func__); | ||
1775 | |||
2059 | authenticated = authctxt->valid && ssh_gssapi_userok(authctxt->user); | 1776 | authenticated = authctxt->valid && ssh_gssapi_userok(authctxt->user); |
2060 | 1777 | ||
2061 | buffer_clear(m); | 1778 | buffer_clear(m); |