diff options
author | Colin Watson <cjwatson@debian.org> | 2016-12-20 00:22:52 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2016-12-20 00:22:52 +0000 |
commit | 971a7653746a6972b907dfe0ce139c06e4a6f482 (patch) | |
tree | 70fb964265d57ae4967be55b75dbb2a122e9b969 /monitor_wrap.c | |
parent | a8ed8d256b2e2c05b0c15565a7938028c5192277 (diff) | |
parent | 4a354fc231174901f2629437c2a6e924a2dd6772 (diff) |
Import openssh_7.4p1.orig.tar.gz
Diffstat (limited to 'monitor_wrap.c')
-rw-r--r-- | monitor_wrap.c | 151 |
1 files changed, 1 insertions, 150 deletions
diff --git a/monitor_wrap.c b/monitor_wrap.c index 99dc13b61..64ff92885 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: monitor_wrap.c,v 1.88 2016/03/07 19:02:43 djm Exp $ */ | 1 | /* $OpenBSD: monitor_wrap.c,v 1.89 2016/08/13 17:47:41 markus Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> | 3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> |
4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> | 4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> |
@@ -85,7 +85,6 @@ | |||
85 | #include "ssherr.h" | 85 | #include "ssherr.h" |
86 | 86 | ||
87 | /* Imports */ | 87 | /* Imports */ |
88 | extern int compat20; | ||
89 | extern z_stream incoming_stream; | 88 | extern z_stream incoming_stream; |
90 | extern z_stream outgoing_stream; | 89 | extern z_stream outgoing_stream; |
91 | extern struct monitor *pmonitor; | 90 | extern struct monitor *pmonitor; |
@@ -389,18 +388,6 @@ mm_hostbased_key_allowed(struct passwd *pw, const char *user, const char *host, | |||
389 | } | 388 | } |
390 | 389 | ||
391 | int | 390 | int |
392 | mm_auth_rhosts_rsa_key_allowed(struct passwd *pw, const char *user, | ||
393 | const char *host, Key *key) | ||
394 | { | ||
395 | int ret; | ||
396 | |||
397 | key->type = KEY_RSA; /* XXX hack for key_to_blob */ | ||
398 | ret = mm_key_allowed(MM_RSAHOSTKEY, user, host, key, 0); | ||
399 | key->type = KEY_RSA1; | ||
400 | return (ret); | ||
401 | } | ||
402 | |||
403 | int | ||
404 | mm_key_allowed(enum mm_keytype type, const char *user, const char *host, | 391 | mm_key_allowed(enum mm_keytype type, const char *user, const char *host, |
405 | Key *key, int pubkey_auth_attempt) | 392 | Key *key, int pubkey_auth_attempt) |
406 | { | 393 | { |
@@ -710,28 +697,6 @@ mm_terminate(void) | |||
710 | buffer_free(&m); | 697 | buffer_free(&m); |
711 | } | 698 | } |
712 | 699 | ||
713 | #ifdef WITH_SSH1 | ||
714 | int | ||
715 | mm_ssh1_session_key(BIGNUM *num) | ||
716 | { | ||
717 | int rsafail; | ||
718 | Buffer m; | ||
719 | |||
720 | buffer_init(&m); | ||
721 | buffer_put_bignum2(&m, num); | ||
722 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SESSKEY, &m); | ||
723 | |||
724 | mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_SESSKEY, &m); | ||
725 | |||
726 | rsafail = buffer_get_int(&m); | ||
727 | buffer_get_bignum2(&m, num); | ||
728 | |||
729 | buffer_free(&m); | ||
730 | |||
731 | return (rsafail); | ||
732 | } | ||
733 | #endif | ||
734 | |||
735 | static void | 700 | static void |
736 | mm_chall_setup(char **name, char **infotxt, u_int *numprompts, | 701 | mm_chall_setup(char **name, char **infotxt, u_int *numprompts, |
737 | char ***prompts, u_int **echo_on) | 702 | char ***prompts, u_int **echo_on) |
@@ -862,120 +827,6 @@ mm_skey_respond(void *ctx, u_int numresponses, char **responses) | |||
862 | } | 827 | } |
863 | #endif /* SKEY */ | 828 | #endif /* SKEY */ |
864 | 829 | ||
865 | void | ||
866 | mm_ssh1_session_id(u_char session_id[16]) | ||
867 | { | ||
868 | Buffer m; | ||
869 | int i; | ||
870 | |||
871 | debug3("%s entering", __func__); | ||
872 | |||
873 | buffer_init(&m); | ||
874 | for (i = 0; i < 16; i++) | ||
875 | buffer_put_char(&m, session_id[i]); | ||
876 | |||
877 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SESSID, &m); | ||
878 | buffer_free(&m); | ||
879 | } | ||
880 | |||
881 | #ifdef WITH_SSH1 | ||
882 | int | ||
883 | mm_auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey) | ||
884 | { | ||
885 | Buffer m; | ||
886 | Key *key; | ||
887 | u_char *blob; | ||
888 | u_int blen; | ||
889 | int allowed = 0, have_forced = 0; | ||
890 | |||
891 | debug3("%s entering", __func__); | ||
892 | |||
893 | buffer_init(&m); | ||
894 | buffer_put_bignum2(&m, client_n); | ||
895 | |||
896 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_RSAKEYALLOWED, &m); | ||
897 | mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_RSAKEYALLOWED, &m); | ||
898 | |||
899 | allowed = buffer_get_int(&m); | ||
900 | |||
901 | /* fake forced command */ | ||
902 | auth_clear_options(); | ||
903 | have_forced = buffer_get_int(&m); | ||
904 | forced_command = have_forced ? xstrdup("true") : NULL; | ||
905 | |||
906 | if (allowed && rkey != NULL) { | ||
907 | blob = buffer_get_string(&m, &blen); | ||
908 | if ((key = key_from_blob(blob, blen)) == NULL) | ||
909 | fatal("%s: key_from_blob failed", __func__); | ||
910 | *rkey = key; | ||
911 | free(blob); | ||
912 | } | ||
913 | buffer_free(&m); | ||
914 | |||
915 | return (allowed); | ||
916 | } | ||
917 | |||
918 | BIGNUM * | ||
919 | mm_auth_rsa_generate_challenge(Key *key) | ||
920 | { | ||
921 | Buffer m; | ||
922 | BIGNUM *challenge; | ||
923 | u_char *blob; | ||
924 | u_int blen; | ||
925 | |||
926 | debug3("%s entering", __func__); | ||
927 | |||
928 | if ((challenge = BN_new()) == NULL) | ||
929 | fatal("%s: BN_new failed", __func__); | ||
930 | |||
931 | key->type = KEY_RSA; /* XXX cheat for key_to_blob */ | ||
932 | if (key_to_blob(key, &blob, &blen) == 0) | ||
933 | fatal("%s: key_to_blob failed", __func__); | ||
934 | key->type = KEY_RSA1; | ||
935 | |||
936 | buffer_init(&m); | ||
937 | buffer_put_string(&m, blob, blen); | ||
938 | free(blob); | ||
939 | |||
940 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_RSACHALLENGE, &m); | ||
941 | mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_RSACHALLENGE, &m); | ||
942 | |||
943 | buffer_get_bignum2(&m, challenge); | ||
944 | buffer_free(&m); | ||
945 | |||
946 | return (challenge); | ||
947 | } | ||
948 | |||
949 | int | ||
950 | mm_auth_rsa_verify_response(Key *key, BIGNUM *p, u_char response[16]) | ||
951 | { | ||
952 | Buffer m; | ||
953 | u_char *blob; | ||
954 | u_int blen; | ||
955 | int success = 0; | ||
956 | |||
957 | debug3("%s entering", __func__); | ||
958 | |||
959 | key->type = KEY_RSA; /* XXX cheat for key_to_blob */ | ||
960 | if (key_to_blob(key, &blob, &blen) == 0) | ||
961 | fatal("%s: key_to_blob failed", __func__); | ||
962 | key->type = KEY_RSA1; | ||
963 | |||
964 | buffer_init(&m); | ||
965 | buffer_put_string(&m, blob, blen); | ||
966 | buffer_put_string(&m, response, 16); | ||
967 | free(blob); | ||
968 | |||
969 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_RSARESPONSE, &m); | ||
970 | mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_RSARESPONSE, &m); | ||
971 | |||
972 | success = buffer_get_int(&m); | ||
973 | buffer_free(&m); | ||
974 | |||
975 | return (success); | ||
976 | } | ||
977 | #endif | ||
978 | |||
979 | #ifdef SSH_AUDIT_EVENTS | 830 | #ifdef SSH_AUDIT_EVENTS |
980 | void | 831 | void |
981 | mm_audit_event(ssh_audit_event_t event) | 832 | mm_audit_event(ssh_audit_event_t event) |