diff options
Diffstat (limited to 'monitor.c')
-rw-r--r-- | monitor.c | 214 |
1 files changed, 117 insertions, 97 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: monitor.c,v 1.120 2012/12/11 22:16:21 markus Exp $ */ | 1 | /* $OpenBSD: monitor.c,v 1.127 2013/07/19 07:37:48 markus Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> | 3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> |
4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> | 4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> |
@@ -97,6 +97,7 @@ | |||
97 | #include "ssh2.h" | 97 | #include "ssh2.h" |
98 | #include "jpake.h" | 98 | #include "jpake.h" |
99 | #include "roaming.h" | 99 | #include "roaming.h" |
100 | #include "authfd.h" | ||
100 | 101 | ||
101 | #ifdef GSSAPI | 102 | #ifdef GSSAPI |
102 | static Gssctxt *gsscontext = NULL; | 103 | static Gssctxt *gsscontext = NULL; |
@@ -392,7 +393,7 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor) | |||
392 | "with SSH protocol 1"); | 393 | "with SSH protocol 1"); |
393 | if (authenticated && | 394 | if (authenticated && |
394 | !auth2_update_methods_lists(authctxt, | 395 | !auth2_update_methods_lists(authctxt, |
395 | auth_method)) { | 396 | auth_method, auth_submethod)) { |
396 | debug3("%s: method %s: partial", __func__, | 397 | debug3("%s: method %s: partial", __func__, |
397 | auth_method); | 398 | auth_method); |
398 | authenticated = 0; | 399 | authenticated = 0; |
@@ -422,8 +423,7 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor) | |||
422 | } | 423 | } |
423 | if (ent->flags & (MON_AUTHDECIDE|MON_ALOG)) { | 424 | if (ent->flags & (MON_AUTHDECIDE|MON_ALOG)) { |
424 | auth_log(authctxt, authenticated, partial, | 425 | auth_log(authctxt, authenticated, partial, |
425 | auth_method, auth_submethod, | 426 | auth_method, auth_submethod); |
426 | compat20 ? " ssh2" : ""); | ||
427 | if (!authenticated) | 427 | if (!authenticated) |
428 | authctxt->failures++; | 428 | authctxt->failures++; |
429 | } | 429 | } |
@@ -551,7 +551,7 @@ monitor_read_log(struct monitor *pmonitor) | |||
551 | do_log2(level, "%s [preauth]", msg); | 551 | do_log2(level, "%s [preauth]", msg); |
552 | 552 | ||
553 | buffer_free(&logmsg); | 553 | buffer_free(&logmsg); |
554 | xfree(msg); | 554 | free(msg); |
555 | 555 | ||
556 | return 0; | 556 | return 0; |
557 | } | 557 | } |
@@ -642,12 +642,9 @@ static void | |||
642 | monitor_reset_key_state(void) | 642 | monitor_reset_key_state(void) |
643 | { | 643 | { |
644 | /* reset state */ | 644 | /* reset state */ |
645 | if (key_blob != NULL) | 645 | free(key_blob); |
646 | xfree(key_blob); | 646 | free(hostbased_cuser); |
647 | if (hostbased_cuser != NULL) | 647 | free(hostbased_chost); |
648 | xfree(hostbased_cuser); | ||
649 | if (hostbased_chost != NULL) | ||
650 | xfree(hostbased_chost); | ||
651 | key_blob = NULL; | 648 | key_blob = NULL; |
652 | key_bloblen = 0; | 649 | key_bloblen = 0; |
653 | key_blobtype = MM_NOKEY; | 650 | key_blobtype = MM_NOKEY; |
@@ -690,6 +687,8 @@ mm_answer_moduli(int sock, Buffer *m) | |||
690 | return (0); | 687 | return (0); |
691 | } | 688 | } |
692 | 689 | ||
690 | extern AuthenticationConnection *auth_conn; | ||
691 | |||
693 | int | 692 | int |
694 | mm_answer_sign(int sock, Buffer *m) | 693 | mm_answer_sign(int sock, Buffer *m) |
695 | { | 694 | { |
@@ -718,18 +717,24 @@ mm_answer_sign(int sock, Buffer *m) | |||
718 | memcpy(session_id2, p, session_id2_len); | 717 | memcpy(session_id2, p, session_id2_len); |
719 | } | 718 | } |
720 | 719 | ||
721 | if ((key = get_hostkey_by_index(keyid)) == NULL) | 720 | if ((key = get_hostkey_by_index(keyid)) != NULL) { |
721 | if (key_sign(key, &signature, &siglen, p, datlen) < 0) | ||
722 | fatal("%s: key_sign failed", __func__); | ||
723 | } else if ((key = get_hostkey_public_by_index(keyid)) != NULL && | ||
724 | auth_conn != NULL) { | ||
725 | if (ssh_agent_sign(auth_conn, key, &signature, &siglen, p, | ||
726 | datlen) < 0) | ||
727 | fatal("%s: ssh_agent_sign failed", __func__); | ||
728 | } else | ||
722 | fatal("%s: no hostkey from index %d", __func__, keyid); | 729 | fatal("%s: no hostkey from index %d", __func__, keyid); |
723 | if (key_sign(key, &signature, &siglen, p, datlen) < 0) | ||
724 | fatal("%s: key_sign failed", __func__); | ||
725 | 730 | ||
726 | debug3("%s: signature %p(%u)", __func__, signature, siglen); | 731 | debug3("%s: signature %p(%u)", __func__, signature, siglen); |
727 | 732 | ||
728 | buffer_clear(m); | 733 | buffer_clear(m); |
729 | buffer_put_string(m, signature, siglen); | 734 | buffer_put_string(m, signature, siglen); |
730 | 735 | ||
731 | xfree(p); | 736 | free(p); |
732 | xfree(signature); | 737 | free(signature); |
733 | 738 | ||
734 | mm_request_send(sock, MONITOR_ANS_SIGN, m); | 739 | mm_request_send(sock, MONITOR_ANS_SIGN, m); |
735 | 740 | ||
@@ -760,7 +765,7 @@ mm_answer_pwnamallow(int sock, Buffer *m) | |||
760 | 765 | ||
761 | authctxt->user = xstrdup(username); | 766 | authctxt->user = xstrdup(username); |
762 | setproctitle("%s [priv]", pwent ? username : "unknown"); | 767 | setproctitle("%s [priv]", pwent ? username : "unknown"); |
763 | xfree(username); | 768 | free(username); |
764 | 769 | ||
765 | buffer_clear(m); | 770 | buffer_clear(m); |
766 | 771 | ||
@@ -778,8 +783,10 @@ mm_answer_pwnamallow(int sock, Buffer *m) | |||
778 | buffer_put_string(m, pwent, sizeof(struct passwd)); | 783 | buffer_put_string(m, pwent, sizeof(struct passwd)); |
779 | buffer_put_cstring(m, pwent->pw_name); | 784 | buffer_put_cstring(m, pwent->pw_name); |
780 | buffer_put_cstring(m, "*"); | 785 | buffer_put_cstring(m, "*"); |
786 | #ifdef HAVE_STRUCT_PASSWD_PW_GECOS | ||
781 | buffer_put_cstring(m, pwent->pw_gecos); | 787 | buffer_put_cstring(m, pwent->pw_gecos); |
782 | #ifdef HAVE_PW_CLASS_IN_PASSWD | 788 | #endif |
789 | #ifdef HAVE_STRUCT_PASSWD_PW_CLASS | ||
783 | buffer_put_cstring(m, pwent->pw_class); | 790 | buffer_put_cstring(m, pwent->pw_class); |
784 | #endif | 791 | #endif |
785 | buffer_put_cstring(m, pwent->pw_dir); | 792 | buffer_put_cstring(m, pwent->pw_dir); |
@@ -838,9 +845,7 @@ int mm_answer_auth2_read_banner(int sock, Buffer *m) | |||
838 | banner = auth2_read_banner(); | 845 | banner = auth2_read_banner(); |
839 | buffer_put_cstring(m, banner != NULL ? banner : ""); | 846 | buffer_put_cstring(m, banner != NULL ? banner : ""); |
840 | mm_request_send(sock, MONITOR_ANS_AUTH2_READ_BANNER, m); | 847 | mm_request_send(sock, MONITOR_ANS_AUTH2_READ_BANNER, m); |
841 | 848 | free(banner); | |
842 | if (banner != NULL) | ||
843 | xfree(banner); | ||
844 | 849 | ||
845 | return (0); | 850 | return (0); |
846 | } | 851 | } |
@@ -856,7 +861,7 @@ mm_answer_authserv(int sock, Buffer *m) | |||
856 | __func__, authctxt->service, authctxt->style); | 861 | __func__, authctxt->service, authctxt->style); |
857 | 862 | ||
858 | if (strlen(authctxt->style) == 0) { | 863 | if (strlen(authctxt->style) == 0) { |
859 | xfree(authctxt->style); | 864 | free(authctxt->style); |
860 | authctxt->style = NULL; | 865 | authctxt->style = NULL; |
861 | } | 866 | } |
862 | 867 | ||
@@ -876,7 +881,7 @@ mm_answer_authpassword(int sock, Buffer *m) | |||
876 | authenticated = options.password_authentication && | 881 | authenticated = options.password_authentication && |
877 | auth_password(authctxt, passwd); | 882 | auth_password(authctxt, passwd); |
878 | memset(passwd, 0, strlen(passwd)); | 883 | memset(passwd, 0, strlen(passwd)); |
879 | xfree(passwd); | 884 | free(passwd); |
880 | 885 | ||
881 | buffer_clear(m); | 886 | buffer_clear(m); |
882 | buffer_put_int(m, authenticated); | 887 | buffer_put_int(m, authenticated); |
@@ -916,10 +921,10 @@ mm_answer_bsdauthquery(int sock, Buffer *m) | |||
916 | mm_request_send(sock, MONITOR_ANS_BSDAUTHQUERY, m); | 921 | mm_request_send(sock, MONITOR_ANS_BSDAUTHQUERY, m); |
917 | 922 | ||
918 | if (success) { | 923 | if (success) { |
919 | xfree(name); | 924 | free(name); |
920 | xfree(infotxt); | 925 | free(infotxt); |
921 | xfree(prompts); | 926 | free(prompts); |
922 | xfree(echo_on); | 927 | free(echo_on); |
923 | } | 928 | } |
924 | 929 | ||
925 | return (0); | 930 | return (0); |
@@ -939,7 +944,7 @@ mm_answer_bsdauthrespond(int sock, Buffer *m) | |||
939 | auth_userresponse(authctxt->as, response, 0); | 944 | auth_userresponse(authctxt->as, response, 0); |
940 | authctxt->as = NULL; | 945 | authctxt->as = NULL; |
941 | debug3("%s: <%s> = <%d>", __func__, response, authok); | 946 | debug3("%s: <%s> = <%d>", __func__, response, authok); |
942 | xfree(response); | 947 | free(response); |
943 | 948 | ||
944 | buffer_clear(m); | 949 | buffer_clear(m); |
945 | buffer_put_int(m, authok); | 950 | buffer_put_int(m, authok); |
@@ -947,9 +952,10 @@ mm_answer_bsdauthrespond(int sock, Buffer *m) | |||
947 | debug3("%s: sending authenticated: %d", __func__, authok); | 952 | debug3("%s: sending authenticated: %d", __func__, authok); |
948 | mm_request_send(sock, MONITOR_ANS_BSDAUTHRESPOND, m); | 953 | mm_request_send(sock, MONITOR_ANS_BSDAUTHRESPOND, m); |
949 | 954 | ||
950 | if (compat20) | 955 | if (compat20) { |
951 | auth_method = "keyboard-interactive"; /* XXX auth_submethod */ | 956 | auth_method = "keyboard-interactive"; |
952 | else | 957 | auth_submethod = "bsdauth"; |
958 | } else | ||
953 | auth_method = "bsdauth"; | 959 | auth_method = "bsdauth"; |
954 | 960 | ||
955 | return (authok != 0); | 961 | return (authok != 0); |
@@ -991,7 +997,7 @@ mm_answer_skeyrespond(int sock, Buffer *m) | |||
991 | skey_haskey(authctxt->pw->pw_name) == 0 && | 997 | skey_haskey(authctxt->pw->pw_name) == 0 && |
992 | skey_passcheck(authctxt->pw->pw_name, response) != -1); | 998 | skey_passcheck(authctxt->pw->pw_name, response) != -1); |
993 | 999 | ||
994 | xfree(response); | 1000 | free(response); |
995 | 1001 | ||
996 | buffer_clear(m); | 1002 | buffer_clear(m); |
997 | buffer_put_int(m, authok); | 1003 | buffer_put_int(m, authok); |
@@ -1076,19 +1082,17 @@ mm_answer_pam_query(int sock, Buffer *m) | |||
1076 | buffer_clear(m); | 1082 | buffer_clear(m); |
1077 | buffer_put_int(m, ret); | 1083 | buffer_put_int(m, ret); |
1078 | buffer_put_cstring(m, name); | 1084 | buffer_put_cstring(m, name); |
1079 | xfree(name); | 1085 | free(name); |
1080 | buffer_put_cstring(m, info); | 1086 | buffer_put_cstring(m, info); |
1081 | xfree(info); | 1087 | free(info); |
1082 | buffer_put_int(m, num); | 1088 | buffer_put_int(m, num); |
1083 | for (i = 0; i < num; ++i) { | 1089 | for (i = 0; i < num; ++i) { |
1084 | buffer_put_cstring(m, prompts[i]); | 1090 | buffer_put_cstring(m, prompts[i]); |
1085 | xfree(prompts[i]); | 1091 | free(prompts[i]); |
1086 | buffer_put_int(m, echo_on[i]); | 1092 | buffer_put_int(m, echo_on[i]); |
1087 | } | 1093 | } |
1088 | if (prompts != NULL) | 1094 | free(prompts); |
1089 | xfree(prompts); | 1095 | free(echo_on); |
1090 | if (echo_on != NULL) | ||
1091 | xfree(echo_on); | ||
1092 | auth_method = "keyboard-interactive"; | 1096 | auth_method = "keyboard-interactive"; |
1093 | auth_submethod = "pam"; | 1097 | auth_submethod = "pam"; |
1094 | mm_request_send(sock, MONITOR_ANS_PAM_QUERY, m); | 1098 | mm_request_send(sock, MONITOR_ANS_PAM_QUERY, m); |
@@ -1111,8 +1115,8 @@ mm_answer_pam_respond(int sock, Buffer *m) | |||
1111 | resp[i] = buffer_get_string(m, NULL); | 1115 | resp[i] = buffer_get_string(m, NULL); |
1112 | ret = (sshpam_device.respond)(sshpam_ctxt, num, resp); | 1116 | ret = (sshpam_device.respond)(sshpam_ctxt, num, resp); |
1113 | for (i = 0; i < num; ++i) | 1117 | for (i = 0; i < num; ++i) |
1114 | xfree(resp[i]); | 1118 | free(resp[i]); |
1115 | xfree(resp); | 1119 | free(resp); |
1116 | } else { | 1120 | } else { |
1117 | ret = (sshpam_device.respond)(sshpam_ctxt, num, NULL); | 1121 | ret = (sshpam_device.respond)(sshpam_ctxt, num, NULL); |
1118 | } | 1122 | } |
@@ -1170,6 +1174,7 @@ mm_answer_keyallowed(int sock, Buffer *m) | |||
1170 | case MM_USERKEY: | 1174 | case MM_USERKEY: |
1171 | allowed = options.pubkey_authentication && | 1175 | allowed = options.pubkey_authentication && |
1172 | user_key_allowed(authctxt->pw, key); | 1176 | user_key_allowed(authctxt->pw, key); |
1177 | pubkey_auth_info(authctxt, key, NULL); | ||
1173 | auth_method = "publickey"; | 1178 | auth_method = "publickey"; |
1174 | if (options.pubkey_authentication && allowed != 1) | 1179 | if (options.pubkey_authentication && allowed != 1) |
1175 | auth_clear_options(); | 1180 | auth_clear_options(); |
@@ -1178,6 +1183,9 @@ mm_answer_keyallowed(int sock, Buffer *m) | |||
1178 | allowed = options.hostbased_authentication && | 1183 | allowed = options.hostbased_authentication && |
1179 | hostbased_key_allowed(authctxt->pw, | 1184 | hostbased_key_allowed(authctxt->pw, |
1180 | cuser, chost, key); | 1185 | cuser, chost, key); |
1186 | pubkey_auth_info(authctxt, key, | ||
1187 | "client user \"%.100s\", client host \"%.100s\"", | ||
1188 | cuser, chost); | ||
1181 | auth_method = "hostbased"; | 1189 | auth_method = "hostbased"; |
1182 | break; | 1190 | break; |
1183 | case MM_RSAHOSTKEY: | 1191 | case MM_RSAHOSTKEY: |
@@ -1209,11 +1217,10 @@ mm_answer_keyallowed(int sock, Buffer *m) | |||
1209 | hostbased_chost = chost; | 1217 | hostbased_chost = chost; |
1210 | } else { | 1218 | } else { |
1211 | /* Log failed attempt */ | 1219 | /* Log failed attempt */ |
1212 | auth_log(authctxt, 0, 0, auth_method, NULL, | 1220 | auth_log(authctxt, 0, 0, auth_method, NULL); |
1213 | compat20 ? " ssh2" : ""); | 1221 | free(blob); |
1214 | xfree(blob); | 1222 | free(cuser); |
1215 | xfree(cuser); | 1223 | free(chost); |
1216 | xfree(chost); | ||
1217 | } | 1224 | } |
1218 | 1225 | ||
1219 | debug3("%s: key %p is %s", | 1226 | debug3("%s: key %p is %s", |
@@ -1235,7 +1242,7 @@ static int | |||
1235 | monitor_valid_userblob(u_char *data, u_int datalen) | 1242 | monitor_valid_userblob(u_char *data, u_int datalen) |
1236 | { | 1243 | { |
1237 | Buffer b; | 1244 | Buffer b; |
1238 | char *p; | 1245 | char *p, *userstyle; |
1239 | u_int len; | 1246 | u_int len; |
1240 | int fail = 0; | 1247 | int fail = 0; |
1241 | 1248 | ||
@@ -1256,26 +1263,30 @@ monitor_valid_userblob(u_char *data, u_int datalen) | |||
1256 | (len != session_id2_len) || | 1263 | (len != session_id2_len) || |
1257 | (timingsafe_bcmp(p, session_id2, session_id2_len) != 0)) | 1264 | (timingsafe_bcmp(p, session_id2, session_id2_len) != 0)) |
1258 | fail++; | 1265 | fail++; |
1259 | xfree(p); | 1266 | free(p); |
1260 | } | 1267 | } |
1261 | if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST) | 1268 | if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST) |
1262 | fail++; | 1269 | fail++; |
1263 | p = buffer_get_string(&b, NULL); | 1270 | p = buffer_get_cstring(&b, NULL); |
1264 | if (strcmp(authctxt->user, p) != 0) { | 1271 | xasprintf(&userstyle, "%s%s%s", authctxt->user, |
1272 | authctxt->style ? ":" : "", | ||
1273 | authctxt->style ? authctxt->style : ""); | ||
1274 | if (strcmp(userstyle, p) != 0) { | ||
1265 | logit("wrong user name passed to monitor: expected %s != %.100s", | 1275 | logit("wrong user name passed to monitor: expected %s != %.100s", |
1266 | authctxt->user, p); | 1276 | userstyle, p); |
1267 | fail++; | 1277 | fail++; |
1268 | } | 1278 | } |
1269 | xfree(p); | 1279 | free(userstyle); |
1280 | free(p); | ||
1270 | buffer_skip_string(&b); | 1281 | buffer_skip_string(&b); |
1271 | if (datafellows & SSH_BUG_PKAUTH) { | 1282 | if (datafellows & SSH_BUG_PKAUTH) { |
1272 | if (!buffer_get_char(&b)) | 1283 | if (!buffer_get_char(&b)) |
1273 | fail++; | 1284 | fail++; |
1274 | } else { | 1285 | } else { |
1275 | p = buffer_get_string(&b, NULL); | 1286 | p = buffer_get_cstring(&b, NULL); |
1276 | if (strcmp("publickey", p) != 0) | 1287 | if (strcmp("publickey", p) != 0) |
1277 | fail++; | 1288 | fail++; |
1278 | xfree(p); | 1289 | free(p); |
1279 | if (!buffer_get_char(&b)) | 1290 | if (!buffer_get_char(&b)) |
1280 | fail++; | 1291 | fail++; |
1281 | buffer_skip_string(&b); | 1292 | buffer_skip_string(&b); |
@@ -1292,7 +1303,7 @@ monitor_valid_hostbasedblob(u_char *data, u_int datalen, char *cuser, | |||
1292 | char *chost) | 1303 | char *chost) |
1293 | { | 1304 | { |
1294 | Buffer b; | 1305 | Buffer b; |
1295 | char *p; | 1306 | char *p, *userstyle; |
1296 | u_int len; | 1307 | u_int len; |
1297 | int fail = 0; | 1308 | int fail = 0; |
1298 | 1309 | ||
@@ -1304,22 +1315,26 @@ monitor_valid_hostbasedblob(u_char *data, u_int datalen, char *cuser, | |||
1304 | (len != session_id2_len) || | 1315 | (len != session_id2_len) || |
1305 | (timingsafe_bcmp(p, session_id2, session_id2_len) != 0)) | 1316 | (timingsafe_bcmp(p, session_id2, session_id2_len) != 0)) |
1306 | fail++; | 1317 | fail++; |
1307 | xfree(p); | 1318 | free(p); |
1308 | 1319 | ||
1309 | if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST) | 1320 | if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST) |
1310 | fail++; | 1321 | fail++; |
1311 | p = buffer_get_string(&b, NULL); | 1322 | p = buffer_get_cstring(&b, NULL); |
1312 | if (strcmp(authctxt->user, p) != 0) { | 1323 | xasprintf(&userstyle, "%s%s%s", authctxt->user, |
1324 | authctxt->style ? ":" : "", | ||
1325 | authctxt->style ? authctxt->style : ""); | ||
1326 | if (strcmp(userstyle, p) != 0) { | ||
1313 | logit("wrong user name passed to monitor: expected %s != %.100s", | 1327 | logit("wrong user name passed to monitor: expected %s != %.100s", |
1314 | authctxt->user, p); | 1328 | userstyle, p); |
1315 | fail++; | 1329 | fail++; |
1316 | } | 1330 | } |
1317 | xfree(p); | 1331 | free(userstyle); |
1332 | free(p); | ||
1318 | buffer_skip_string(&b); /* service */ | 1333 | buffer_skip_string(&b); /* service */ |
1319 | p = buffer_get_string(&b, NULL); | 1334 | p = buffer_get_cstring(&b, NULL); |
1320 | if (strcmp(p, "hostbased") != 0) | 1335 | if (strcmp(p, "hostbased") != 0) |
1321 | fail++; | 1336 | fail++; |
1322 | xfree(p); | 1337 | free(p); |
1323 | buffer_skip_string(&b); /* pkalg */ | 1338 | buffer_skip_string(&b); /* pkalg */ |
1324 | buffer_skip_string(&b); /* pkblob */ | 1339 | buffer_skip_string(&b); /* pkblob */ |
1325 | 1340 | ||
@@ -1329,13 +1344,13 @@ monitor_valid_hostbasedblob(u_char *data, u_int datalen, char *cuser, | |||
1329 | p[len - 1] = '\0'; | 1344 | p[len - 1] = '\0'; |
1330 | if (strcmp(p, chost) != 0) | 1345 | if (strcmp(p, chost) != 0) |
1331 | fail++; | 1346 | fail++; |
1332 | xfree(p); | 1347 | free(p); |
1333 | 1348 | ||
1334 | /* verify client user */ | 1349 | /* verify client user */ |
1335 | p = buffer_get_string(&b, NULL); | 1350 | p = buffer_get_string(&b, NULL); |
1336 | if (strcmp(p, cuser) != 0) | 1351 | if (strcmp(p, cuser) != 0) |
1337 | fail++; | 1352 | fail++; |
1338 | xfree(p); | 1353 | free(p); |
1339 | 1354 | ||
1340 | if (buffer_len(&b) != 0) | 1355 | if (buffer_len(&b) != 0) |
1341 | fail++; | 1356 | fail++; |
@@ -1384,9 +1399,9 @@ mm_answer_keyverify(int sock, Buffer *m) | |||
1384 | __func__, key, (verified == 1) ? "verified" : "unverified"); | 1399 | __func__, key, (verified == 1) ? "verified" : "unverified"); |
1385 | 1400 | ||
1386 | key_free(key); | 1401 | key_free(key); |
1387 | xfree(blob); | 1402 | free(blob); |
1388 | xfree(signature); | 1403 | free(signature); |
1389 | xfree(data); | 1404 | free(data); |
1390 | 1405 | ||
1391 | auth_method = key_blobtype == MM_USERKEY ? "publickey" : "hostbased"; | 1406 | auth_method = key_blobtype == MM_USERKEY ? "publickey" : "hostbased"; |
1392 | 1407 | ||
@@ -1514,7 +1529,7 @@ mm_answer_pty_cleanup(int sock, Buffer *m) | |||
1514 | if ((s = session_by_tty(tty)) != NULL) | 1529 | if ((s = session_by_tty(tty)) != NULL) |
1515 | mm_session_close(s); | 1530 | mm_session_close(s); |
1516 | buffer_clear(m); | 1531 | buffer_clear(m); |
1517 | xfree(tty); | 1532 | free(tty); |
1518 | return (0); | 1533 | return (0); |
1519 | } | 1534 | } |
1520 | 1535 | ||
@@ -1646,7 +1661,7 @@ mm_answer_rsa_challenge(int sock, Buffer *m) | |||
1646 | 1661 | ||
1647 | monitor_permit(mon_dispatch, MONITOR_REQ_RSARESPONSE, 1); | 1662 | monitor_permit(mon_dispatch, MONITOR_REQ_RSARESPONSE, 1); |
1648 | 1663 | ||
1649 | xfree(blob); | 1664 | free(blob); |
1650 | key_free(key); | 1665 | key_free(key); |
1651 | return (0); | 1666 | return (0); |
1652 | } | 1667 | } |
@@ -1678,9 +1693,9 @@ mm_answer_rsa_response(int sock, Buffer *m) | |||
1678 | fatal("%s: received bad response to challenge", __func__); | 1693 | fatal("%s: received bad response to challenge", __func__); |
1679 | success = auth_rsa_verify_response(key, ssh1_challenge, response); | 1694 | success = auth_rsa_verify_response(key, ssh1_challenge, response); |
1680 | 1695 | ||
1681 | xfree(blob); | 1696 | free(blob); |
1682 | key_free(key); | 1697 | key_free(key); |
1683 | xfree(response); | 1698 | free(response); |
1684 | 1699 | ||
1685 | auth_method = key_blobtype == MM_RSAUSERKEY ? "rsa" : "rhosts-rsa"; | 1700 | auth_method = key_blobtype == MM_RSAUSERKEY ? "rsa" : "rhosts-rsa"; |
1686 | 1701 | ||
@@ -1759,7 +1774,7 @@ mm_answer_audit_command(int socket, Buffer *m) | |||
1759 | cmd = buffer_get_string(m, &len); | 1774 | cmd = buffer_get_string(m, &len); |
1760 | /* sanity check command, if so how? */ | 1775 | /* sanity check command, if so how? */ |
1761 | audit_run_command(cmd); | 1776 | audit_run_command(cmd); |
1762 | xfree(cmd); | 1777 | free(cmd); |
1763 | return (0); | 1778 | return (0); |
1764 | } | 1779 | } |
1765 | #endif /* SSH_AUDIT_EVENTS */ | 1780 | #endif /* SSH_AUDIT_EVENTS */ |
@@ -1774,20 +1789,20 @@ monitor_apply_keystate(struct monitor *pmonitor) | |||
1774 | packet_set_protocol_flags(child_state.ssh1protoflags); | 1789 | packet_set_protocol_flags(child_state.ssh1protoflags); |
1775 | packet_set_encryption_key(child_state.ssh1key, | 1790 | packet_set_encryption_key(child_state.ssh1key, |
1776 | child_state.ssh1keylen, child_state.ssh1cipher); | 1791 | child_state.ssh1keylen, child_state.ssh1cipher); |
1777 | xfree(child_state.ssh1key); | 1792 | free(child_state.ssh1key); |
1778 | } | 1793 | } |
1779 | 1794 | ||
1780 | /* for rc4 and other stateful ciphers */ | 1795 | /* for rc4 and other stateful ciphers */ |
1781 | packet_set_keycontext(MODE_OUT, child_state.keyout); | 1796 | packet_set_keycontext(MODE_OUT, child_state.keyout); |
1782 | xfree(child_state.keyout); | 1797 | free(child_state.keyout); |
1783 | packet_set_keycontext(MODE_IN, child_state.keyin); | 1798 | packet_set_keycontext(MODE_IN, child_state.keyin); |
1784 | xfree(child_state.keyin); | 1799 | free(child_state.keyin); |
1785 | 1800 | ||
1786 | if (!compat20) { | 1801 | if (!compat20) { |
1787 | packet_set_iv(MODE_OUT, child_state.ivout); | 1802 | packet_set_iv(MODE_OUT, child_state.ivout); |
1788 | xfree(child_state.ivout); | 1803 | free(child_state.ivout); |
1789 | packet_set_iv(MODE_IN, child_state.ivin); | 1804 | packet_set_iv(MODE_IN, child_state.ivin); |
1790 | xfree(child_state.ivin); | 1805 | free(child_state.ivin); |
1791 | } | 1806 | } |
1792 | 1807 | ||
1793 | memcpy(&incoming_stream, &child_state.incoming, | 1808 | memcpy(&incoming_stream, &child_state.incoming, |
@@ -1799,18 +1814,22 @@ monitor_apply_keystate(struct monitor *pmonitor) | |||
1799 | if (options.compression) | 1814 | if (options.compression) |
1800 | mm_init_compression(pmonitor->m_zlib); | 1815 | mm_init_compression(pmonitor->m_zlib); |
1801 | 1816 | ||
1817 | if (options.rekey_limit || options.rekey_interval) | ||
1818 | packet_set_rekey_limits((u_int32_t)options.rekey_limit, | ||
1819 | (time_t)options.rekey_interval); | ||
1820 | |||
1802 | /* Network I/O buffers */ | 1821 | /* Network I/O buffers */ |
1803 | /* XXX inefficient for large buffers, need: buffer_init_from_string */ | 1822 | /* XXX inefficient for large buffers, need: buffer_init_from_string */ |
1804 | buffer_clear(packet_get_input()); | 1823 | buffer_clear(packet_get_input()); |
1805 | buffer_append(packet_get_input(), child_state.input, child_state.ilen); | 1824 | buffer_append(packet_get_input(), child_state.input, child_state.ilen); |
1806 | memset(child_state.input, 0, child_state.ilen); | 1825 | memset(child_state.input, 0, child_state.ilen); |
1807 | xfree(child_state.input); | 1826 | free(child_state.input); |
1808 | 1827 | ||
1809 | buffer_clear(packet_get_output()); | 1828 | buffer_clear(packet_get_output()); |
1810 | buffer_append(packet_get_output(), child_state.output, | 1829 | buffer_append(packet_get_output(), child_state.output, |
1811 | child_state.olen); | 1830 | child_state.olen); |
1812 | memset(child_state.output, 0, child_state.olen); | 1831 | memset(child_state.output, 0, child_state.olen); |
1813 | xfree(child_state.output); | 1832 | free(child_state.output); |
1814 | 1833 | ||
1815 | /* Roaming */ | 1834 | /* Roaming */ |
1816 | if (compat20) | 1835 | if (compat20) |
@@ -1842,11 +1861,11 @@ mm_get_kex(Buffer *m) | |||
1842 | blob = buffer_get_string(m, &bloblen); | 1861 | blob = buffer_get_string(m, &bloblen); |
1843 | buffer_init(&kex->my); | 1862 | buffer_init(&kex->my); |
1844 | buffer_append(&kex->my, blob, bloblen); | 1863 | buffer_append(&kex->my, blob, bloblen); |
1845 | xfree(blob); | 1864 | free(blob); |
1846 | blob = buffer_get_string(m, &bloblen); | 1865 | blob = buffer_get_string(m, &bloblen); |
1847 | buffer_init(&kex->peer); | 1866 | buffer_init(&kex->peer); |
1848 | buffer_append(&kex->peer, blob, bloblen); | 1867 | buffer_append(&kex->peer, blob, bloblen); |
1849 | xfree(blob); | 1868 | free(blob); |
1850 | kex->done = 1; | 1869 | kex->done = 1; |
1851 | kex->flags = buffer_get_int(m); | 1870 | kex->flags = buffer_get_int(m); |
1852 | kex->client_version_string = buffer_get_string(m, NULL); | 1871 | kex->client_version_string = buffer_get_string(m, NULL); |
@@ -1854,6 +1873,7 @@ mm_get_kex(Buffer *m) | |||
1854 | kex->load_host_public_key=&get_hostkey_public_by_type; | 1873 | kex->load_host_public_key=&get_hostkey_public_by_type; |
1855 | kex->load_host_private_key=&get_hostkey_private_by_type; | 1874 | kex->load_host_private_key=&get_hostkey_private_by_type; |
1856 | kex->host_key_index=&get_hostkey_index; | 1875 | kex->host_key_index=&get_hostkey_index; |
1876 | kex->sign = sshd_hostkey_sign; | ||
1857 | 1877 | ||
1858 | return (kex); | 1878 | return (kex); |
1859 | } | 1879 | } |
@@ -1889,12 +1909,12 @@ mm_get_keystate(struct monitor *pmonitor) | |||
1889 | 1909 | ||
1890 | blob = buffer_get_string(&m, &bloblen); | 1910 | blob = buffer_get_string(&m, &bloblen); |
1891 | current_keys[MODE_OUT] = mm_newkeys_from_blob(blob, bloblen); | 1911 | current_keys[MODE_OUT] = mm_newkeys_from_blob(blob, bloblen); |
1892 | xfree(blob); | 1912 | free(blob); |
1893 | 1913 | ||
1894 | debug3("%s: Waiting for second key", __func__); | 1914 | debug3("%s: Waiting for second key", __func__); |
1895 | blob = buffer_get_string(&m, &bloblen); | 1915 | blob = buffer_get_string(&m, &bloblen); |
1896 | current_keys[MODE_IN] = mm_newkeys_from_blob(blob, bloblen); | 1916 | current_keys[MODE_IN] = mm_newkeys_from_blob(blob, bloblen); |
1897 | xfree(blob); | 1917 | free(blob); |
1898 | 1918 | ||
1899 | /* Now get sequence numbers for the packets */ | 1919 | /* Now get sequence numbers for the packets */ |
1900 | seqnr = buffer_get_int(&m); | 1920 | seqnr = buffer_get_int(&m); |
@@ -1919,13 +1939,13 @@ mm_get_keystate(struct monitor *pmonitor) | |||
1919 | if (plen != sizeof(child_state.outgoing)) | 1939 | if (plen != sizeof(child_state.outgoing)) |
1920 | fatal("%s: bad request size", __func__); | 1940 | fatal("%s: bad request size", __func__); |
1921 | memcpy(&child_state.outgoing, p, sizeof(child_state.outgoing)); | 1941 | memcpy(&child_state.outgoing, p, sizeof(child_state.outgoing)); |
1922 | xfree(p); | 1942 | free(p); |
1923 | 1943 | ||
1924 | p = buffer_get_string(&m, &plen); | 1944 | p = buffer_get_string(&m, &plen); |
1925 | if (plen != sizeof(child_state.incoming)) | 1945 | if (plen != sizeof(child_state.incoming)) |
1926 | fatal("%s: bad request size", __func__); | 1946 | fatal("%s: bad request size", __func__); |
1927 | memcpy(&child_state.incoming, p, sizeof(child_state.incoming)); | 1947 | memcpy(&child_state.incoming, p, sizeof(child_state.incoming)); |
1928 | xfree(p); | 1948 | free(p); |
1929 | 1949 | ||
1930 | /* Network I/O buffers */ | 1950 | /* Network I/O buffers */ |
1931 | debug3("%s: Getting Network I/O buffers", __func__); | 1951 | debug3("%s: Getting Network I/O buffers", __func__); |
@@ -2047,7 +2067,7 @@ mm_answer_gss_setup_ctx(int sock, Buffer *m) | |||
2047 | 2067 | ||
2048 | major = ssh_gssapi_server_ctx(&gsscontext, &goid); | 2068 | major = ssh_gssapi_server_ctx(&gsscontext, &goid); |
2049 | 2069 | ||
2050 | xfree(goid.elements); | 2070 | free(goid.elements); |
2051 | 2071 | ||
2052 | buffer_clear(m); | 2072 | buffer_clear(m); |
2053 | buffer_put_int(m, major); | 2073 | buffer_put_int(m, major); |
@@ -2072,7 +2092,7 @@ mm_answer_gss_accept_ctx(int sock, Buffer *m) | |||
2072 | in.value = buffer_get_string(m, &len); | 2092 | in.value = buffer_get_string(m, &len); |
2073 | in.length = len; | 2093 | in.length = len; |
2074 | major = ssh_gssapi_accept_ctx(gsscontext, &in, &out, &flags); | 2094 | major = ssh_gssapi_accept_ctx(gsscontext, &in, &out, &flags); |
2075 | xfree(in.value); | 2095 | free(in.value); |
2076 | 2096 | ||
2077 | buffer_clear(m); | 2097 | buffer_clear(m); |
2078 | buffer_put_int(m, major); | 2098 | buffer_put_int(m, major); |
@@ -2104,8 +2124,8 @@ mm_answer_gss_checkmic(int sock, Buffer *m) | |||
2104 | 2124 | ||
2105 | ret = ssh_gssapi_checkmic(gsscontext, &gssbuf, &mic); | 2125 | ret = ssh_gssapi_checkmic(gsscontext, &gssbuf, &mic); |
2106 | 2126 | ||
2107 | xfree(gssbuf.value); | 2127 | free(gssbuf.value); |
2108 | xfree(mic.value); | 2128 | free(mic.value); |
2109 | 2129 | ||
2110 | buffer_clear(m); | 2130 | buffer_clear(m); |
2111 | buffer_put_int(m, ret); | 2131 | buffer_put_int(m, ret); |
@@ -2175,8 +2195,8 @@ mm_answer_jpake_step1(int sock, Buffer *m) | |||
2175 | 2195 | ||
2176 | bzero(x3_proof, x3_proof_len); | 2196 | bzero(x3_proof, x3_proof_len); |
2177 | bzero(x4_proof, x4_proof_len); | 2197 | bzero(x4_proof, x4_proof_len); |
2178 | xfree(x3_proof); | 2198 | free(x3_proof); |
2179 | xfree(x4_proof); | 2199 | free(x4_proof); |
2180 | 2200 | ||
2181 | monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_GET_PWDATA, 1); | 2201 | monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_GET_PWDATA, 1); |
2182 | monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_STEP1, 0); | 2202 | monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_STEP1, 0); |
@@ -2205,8 +2225,8 @@ mm_answer_jpake_get_pwdata(int sock, Buffer *m) | |||
2205 | 2225 | ||
2206 | bzero(hash_scheme, strlen(hash_scheme)); | 2226 | bzero(hash_scheme, strlen(hash_scheme)); |
2207 | bzero(salt, strlen(salt)); | 2227 | bzero(salt, strlen(salt)); |
2208 | xfree(hash_scheme); | 2228 | free(hash_scheme); |
2209 | xfree(salt); | 2229 | free(salt); |
2210 | 2230 | ||
2211 | monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_STEP2, 1); | 2231 | monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_STEP2, 1); |
2212 | 2232 | ||
@@ -2245,8 +2265,8 @@ mm_answer_jpake_step2(int sock, Buffer *m) | |||
2245 | 2265 | ||
2246 | bzero(x1_proof, x1_proof_len); | 2266 | bzero(x1_proof, x1_proof_len); |
2247 | bzero(x2_proof, x2_proof_len); | 2267 | bzero(x2_proof, x2_proof_len); |
2248 | xfree(x1_proof); | 2268 | free(x1_proof); |
2249 | xfree(x2_proof); | 2269 | free(x2_proof); |
2250 | 2270 | ||
2251 | buffer_clear(m); | 2271 | buffer_clear(m); |
2252 | 2272 | ||
@@ -2257,7 +2277,7 @@ mm_answer_jpake_step2(int sock, Buffer *m) | |||
2257 | mm_request_send(sock, MONITOR_ANS_JPAKE_STEP2, m); | 2277 | mm_request_send(sock, MONITOR_ANS_JPAKE_STEP2, m); |
2258 | 2278 | ||
2259 | bzero(x4_s_proof, x4_s_proof_len); | 2279 | bzero(x4_s_proof, x4_s_proof_len); |
2260 | xfree(x4_s_proof); | 2280 | free(x4_s_proof); |
2261 | 2281 | ||
2262 | monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_KEY_CONFIRM, 1); | 2282 | monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_KEY_CONFIRM, 1); |
2263 | 2283 | ||
@@ -2325,7 +2345,7 @@ mm_answer_jpake_check_confirm(int sock, Buffer *m) | |||
2325 | JPAKE_DEBUG_CTX((pctx, "check_confirm done in %s", __func__)); | 2345 | JPAKE_DEBUG_CTX((pctx, "check_confirm done in %s", __func__)); |
2326 | 2346 | ||
2327 | bzero(peer_confirm_hash, peer_confirm_hash_len); | 2347 | bzero(peer_confirm_hash, peer_confirm_hash_len); |
2328 | xfree(peer_confirm_hash); | 2348 | free(peer_confirm_hash); |
2329 | 2349 | ||
2330 | buffer_clear(m); | 2350 | buffer_clear(m); |
2331 | buffer_put_int(m, authenticated); | 2351 | buffer_put_int(m, authenticated); |