diff options
| author | Ben Lindstrom <mouring@eviladmin.org> | 2002-06-06 20:58:19 +0000 |
|---|---|---|
| committer | Ben Lindstrom <mouring@eviladmin.org> | 2002-06-06 20:58:19 +0000 |
| commit | f67e07711f16a64f75c476e3f5873e76170a81ba (patch) | |
| tree | 47ea5659c0a6178c4bcf462074e4a5fa2d81eabd /monitor.c | |
| parent | dcf6bfbfbdf1d201b9b9c2b0ceb0bba1ff3c8c1e (diff) | |
- markus@cvs.openbsd.org 2002/06/04 19:53:40
[monitor.c]
save the session id (hash) for ssh2 (it will be passed with the
initial sign request) and verify that this value is used during
authentication; ok provos@
Diffstat (limited to 'monitor.c')
| -rw-r--r-- | monitor.c | 38 |
1 files changed, 31 insertions, 7 deletions
| @@ -25,7 +25,7 @@ | |||
| 25 | */ | 25 | */ |
| 26 | 26 | ||
| 27 | #include "includes.h" | 27 | #include "includes.h" |
| 28 | RCSID("$OpenBSD: monitor.c,v 1.12 2002/06/04 19:42:35 markus Exp $"); | 28 | RCSID("$OpenBSD: monitor.c,v 1.13 2002/06/04 19:53:40 markus Exp $"); |
| 29 | 29 | ||
| 30 | #include <openssl/dh.h> | 30 | #include <openssl/dh.h> |
| 31 | 31 | ||
| @@ -128,6 +128,8 @@ static int key_blobtype = MM_NOKEY; | |||
| 128 | static u_char *hostbased_cuser = NULL; | 128 | static u_char *hostbased_cuser = NULL; |
| 129 | static u_char *hostbased_chost = NULL; | 129 | static u_char *hostbased_chost = NULL; |
| 130 | static char *auth_method = "unknown"; | 130 | static char *auth_method = "unknown"; |
| 131 | static int session_id2_len = 0; | ||
| 132 | static u_char *session_id2 = NULL; | ||
| 131 | 133 | ||
| 132 | struct mon_table { | 134 | struct mon_table { |
| 133 | enum monitor_reqtype type; | 135 | enum monitor_reqtype type; |
| @@ -454,6 +456,13 @@ mm_answer_sign(int socket, Buffer *m) | |||
| 454 | if (datlen != 20) | 456 | if (datlen != 20) |
| 455 | fatal("%s: data length incorrect: %d", __FUNCTION__, datlen); | 457 | fatal("%s: data length incorrect: %d", __FUNCTION__, datlen); |
| 456 | 458 | ||
| 459 | /* save session id, it will be passed on the first call */ | ||
| 460 | if (session_id2_len == 0) { | ||
| 461 | session_id2_len = datlen; | ||
| 462 | session_id2 = xmalloc(session_id2_len); | ||
| 463 | memcpy(session_id2, p, session_id2_len); | ||
| 464 | } | ||
| 465 | |||
| 457 | if ((key = get_hostkey_by_index(keyid)) == NULL) | 466 | if ((key = get_hostkey_by_index(keyid)) == NULL) |
| 458 | fatal("%s: no hostkey from index %d", __FUNCTION__, keyid); | 467 | fatal("%s: no hostkey from index %d", __FUNCTION__, keyid); |
| 459 | if (key_sign(key, &signature, &siglen, p, datlen) < 0) | 468 | if (key_sign(key, &signature, &siglen, p, datlen) < 0) |
| @@ -819,17 +828,25 @@ monitor_valid_userblob(u_char *data, u_int datalen) | |||
| 819 | u_char *p; | 828 | u_char *p; |
| 820 | u_int len; | 829 | u_int len; |
| 821 | int fail = 0; | 830 | int fail = 0; |
| 822 | int session_id2_len = 20 /*XXX should get from [net] */; | ||
| 823 | 831 | ||
| 824 | buffer_init(&b); | 832 | buffer_init(&b); |
| 825 | buffer_append(&b, data, datalen); | 833 | buffer_append(&b, data, datalen); |
| 826 | 834 | ||
| 827 | if (datafellows & SSH_OLD_SESSIONID) { | 835 | if (datafellows & SSH_OLD_SESSIONID) { |
| 836 | p = buffer_ptr(&b); | ||
| 837 | len = buffer_len(&b); | ||
| 838 | if ((session_id2 == NULL) || | ||
| 839 | (len < session_id2_len) || | ||
| 840 | (memcmp(p, session_id2, session_id2_len) != 0)) | ||
| 841 | fail++; | ||
| 828 | buffer_consume(&b, session_id2_len); | 842 | buffer_consume(&b, session_id2_len); |
| 829 | } else { | 843 | } else { |
| 830 | xfree(buffer_get_string(&b, &len)); | 844 | p = buffer_get_string(&b, &len); |
| 831 | if (len != session_id2_len) | 845 | if ((session_id2 == NULL) || |
| 846 | (len != session_id2_len) || | ||
| 847 | (memcmp(p, session_id2, session_id2_len) != 0)) | ||
| 832 | fail++; | 848 | fail++; |
| 849 | xfree(p); | ||
| 833 | } | 850 | } |
| 834 | if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST) | 851 | if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST) |
| 835 | fail++; | 852 | fail++; |
| @@ -868,14 +885,17 @@ monitor_valid_hostbasedblob(u_char *data, u_int datalen, u_char *cuser, | |||
| 868 | u_char *p; | 885 | u_char *p; |
| 869 | u_int len; | 886 | u_int len; |
| 870 | int fail = 0; | 887 | int fail = 0; |
| 871 | int session_id2_len = 20 /*XXX should get from [net] */; | ||
| 872 | 888 | ||
| 873 | buffer_init(&b); | 889 | buffer_init(&b); |
| 874 | buffer_append(&b, data, datalen); | 890 | buffer_append(&b, data, datalen); |
| 875 | 891 | ||
| 876 | xfree(buffer_get_string(&b, &len)); | 892 | p = buffer_get_string(&b, &len); |
| 877 | if (len != session_id2_len) | 893 | if ((session_id2 == NULL) || |
| 894 | (len != session_id2_len) || | ||
| 895 | (memcmp(p, session_id2, session_id2_len) != 0)) | ||
| 878 | fail++; | 896 | fail++; |
| 897 | xfree(p); | ||
| 898 | |||
| 879 | if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST) | 899 | if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST) |
| 880 | fail++; | 900 | fail++; |
| 881 | p = buffer_get_string(&b, NULL); | 901 | p = buffer_get_string(&b, NULL); |
| @@ -1334,6 +1354,10 @@ mm_get_kex(Buffer *m) | |||
| 1334 | kex = xmalloc(sizeof(*kex)); | 1354 | kex = xmalloc(sizeof(*kex)); |
| 1335 | memset(kex, 0, sizeof(*kex)); | 1355 | memset(kex, 0, sizeof(*kex)); |
| 1336 | kex->session_id = buffer_get_string(m, &kex->session_id_len); | 1356 | kex->session_id = buffer_get_string(m, &kex->session_id_len); |
| 1357 | if ((session_id2 == NULL) || | ||
| 1358 | (kex->session_id_len != session_id2_len) || | ||
| 1359 | (memcmp(kex->session_id, session_id2, session_id2_len) != 0)) | ||
| 1360 | fatal("mm_get_get: internal error: bad session id"); | ||
| 1337 | kex->we_need = buffer_get_int(m); | 1361 | kex->we_need = buffer_get_int(m); |
| 1338 | kex->server = 1; | 1362 | kex->server = 1; |
| 1339 | kex->hostkey_type = buffer_get_int(m); | 1363 | kex->hostkey_type = buffer_get_int(m); |