summaryrefslogtreecommitdiff
path: root/monitor.c
diff options
context:
space:
mode:
Diffstat (limited to 'monitor.c')
-rw-r--r--monitor.c92
1 files changed, 59 insertions, 33 deletions
diff --git a/monitor.c b/monitor.c
index 00af44f98..2ce89fe90 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: monitor.c,v 1.199 2019/10/07 23:10:38 djm Exp $ */ 1/* $OpenBSD: monitor.c,v 1.208 2020/02/06 22:30:54 naddy Exp $ */
2/* 2/*
3 * Copyright 2002 Niels Provos <provos@citi.umich.edu> 3 * Copyright 2002 Niels Provos <provos@citi.umich.edu>
4 * Copyright 2002 Markus Friedl <markus@openbsd.org> 4 * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -95,6 +95,7 @@
95#include "authfd.h" 95#include "authfd.h"
96#include "match.h" 96#include "match.h"
97#include "ssherr.h" 97#include "ssherr.h"
98#include "sk-api.h"
98 99
99#ifdef GSSAPI 100#ifdef GSSAPI
100static Gssctxt *gsscontext = NULL; 101static Gssctxt *gsscontext = NULL;
@@ -392,11 +393,11 @@ monitor_child_postauth(struct ssh *ssh, struct monitor *pmonitor)
392 pmonitor->m_recvfd = -1; 393 pmonitor->m_recvfd = -1;
393 394
394 monitor_set_child_handler(pmonitor->m_pid); 395 monitor_set_child_handler(pmonitor->m_pid);
395 signal(SIGHUP, &monitor_child_handler); 396 ssh_signal(SIGHUP, &monitor_child_handler);
396 signal(SIGTERM, &monitor_child_handler); 397 ssh_signal(SIGTERM, &monitor_child_handler);
397 signal(SIGINT, &monitor_child_handler); 398 ssh_signal(SIGINT, &monitor_child_handler);
398#ifdef SIGXFSZ 399#ifdef SIGXFSZ
399 signal(SIGXFSZ, SIG_IGN); 400 ssh_signal(SIGXFSZ, SIG_IGN);
400#endif 401#endif
401 402
402 mon_dispatch = mon_dispatch_postauth20; 403 mon_dispatch = mon_dispatch_postauth20;
@@ -542,7 +543,7 @@ monitor_read(struct ssh *ssh, struct monitor *pmonitor, struct mon_table *ent,
542 543
543/* allowed key state */ 544/* allowed key state */
544static int 545static int
545monitor_allowed_key(u_char *blob, u_int bloblen) 546monitor_allowed_key(const u_char *blob, u_int bloblen)
546{ 547{
547 /* make sure key is allowed */ 548 /* make sure key is allowed */
548 if (key_blob == NULL || key_bloblen != bloblen || 549 if (key_blob == NULL || key_bloblen != bloblen ||
@@ -678,7 +679,7 @@ mm_answer_sign(struct ssh *ssh, int sock, struct sshbuf *m)
678 679
679 if ((key = get_hostkey_by_index(keyid)) != NULL) { 680 if ((key = get_hostkey_by_index(keyid)) != NULL) {
680 if ((r = sshkey_sign(key, &signature, &siglen, p, datlen, alg, 681 if ((r = sshkey_sign(key, &signature, &siglen, p, datlen, alg,
681 compat)) != 0) 682 options.sk_provider, compat)) != 0)
682 fatal("%s: sshkey_sign failed: %s", 683 fatal("%s: sshkey_sign failed: %s",
683 __func__, ssh_err(r)); 684 __func__, ssh_err(r));
684 } else if ((key = get_hostkey_public_by_index(keyid, ssh)) != NULL && 685 } else if ((key = get_hostkey_public_by_index(keyid, ssh)) != NULL &&
@@ -1247,7 +1248,7 @@ mm_answer_keyallowed(struct ssh *ssh, int sock, struct sshbuf *m)
1247} 1248}
1248 1249
1249static int 1250static int
1250monitor_valid_userblob(u_char *data, u_int datalen) 1251monitor_valid_userblob(const u_char *data, u_int datalen)
1251{ 1252{
1252 struct sshbuf *b; 1253 struct sshbuf *b;
1253 const u_char *p; 1254 const u_char *p;
@@ -1256,10 +1257,8 @@ monitor_valid_userblob(u_char *data, u_int datalen)
1256 u_char type; 1257 u_char type;
1257 int r, fail = 0; 1258 int r, fail = 0;
1258 1259
1259 if ((b = sshbuf_new()) == NULL) 1260 if ((b = sshbuf_from(data, datalen)) == NULL)
1260 fatal("%s: sshbuf_new", __func__); 1261 fatal("%s: sshbuf_from", __func__);
1261 if ((r = sshbuf_put(b, data, datalen)) != 0)
1262 fatal("%s: buffer error: %s", __func__, ssh_err(r));
1263 1262
1264 if (datafellows & SSH_OLD_SESSIONID) { 1263 if (datafellows & SSH_OLD_SESSIONID) {
1265 p = sshbuf_ptr(b); 1264 p = sshbuf_ptr(b);
@@ -1314,8 +1313,8 @@ monitor_valid_userblob(u_char *data, u_int datalen)
1314} 1313}
1315 1314
1316static int 1315static int
1317monitor_valid_hostbasedblob(u_char *data, u_int datalen, char *cuser, 1316monitor_valid_hostbasedblob(const u_char *data, u_int datalen,
1318 char *chost) 1317 const char *cuser, const char *chost)
1319{ 1318{
1320 struct sshbuf *b; 1319 struct sshbuf *b;
1321 const u_char *p; 1320 const u_char *p;
@@ -1324,10 +1323,9 @@ monitor_valid_hostbasedblob(u_char *data, u_int datalen, char *cuser,
1324 int r, fail = 0; 1323 int r, fail = 0;
1325 u_char type; 1324 u_char type;
1326 1325
1327 if ((b = sshbuf_new()) == NULL) 1326 if ((b = sshbuf_from(data, datalen)) == NULL)
1328 fatal("%s: sshbuf_new", __func__); 1327 fatal("%s: sshbuf_new", __func__);
1329 if ((r = sshbuf_put(b, data, datalen)) != 0 || 1328 if ((r = sshbuf_get_string_direct(b, &p, &len)) != 0)
1330 (r = sshbuf_get_string_direct(b, &p, &len)) != 0)
1331 fatal("%s: buffer error: %s", __func__, ssh_err(r)); 1329 fatal("%s: buffer error: %s", __func__, ssh_err(r));
1332 1330
1333 if ((session_id2 == NULL) || 1331 if ((session_id2 == NULL) ||
@@ -1387,14 +1385,15 @@ int
1387mm_answer_keyverify(struct ssh *ssh, int sock, struct sshbuf *m) 1385mm_answer_keyverify(struct ssh *ssh, int sock, struct sshbuf *m)
1388{ 1386{
1389 struct sshkey *key; 1387 struct sshkey *key;
1390 u_char *signature, *data, *blob; 1388 const u_char *signature, *data, *blob;
1391 char *sigalg; 1389 char *sigalg = NULL, *fp = NULL;
1392 size_t signaturelen, datalen, bloblen; 1390 size_t signaturelen, datalen, bloblen;
1393 int r, ret, valid_data = 0, encoded_ret; 1391 int r, ret, req_presence = 0, valid_data = 0, encoded_ret;
1392 struct sshkey_sig_details *sig_details = NULL;
1394 1393
1395 if ((r = sshbuf_get_string(m, &blob, &bloblen)) != 0 || 1394 if ((r = sshbuf_get_string_direct(m, &blob, &bloblen)) != 0 ||
1396 (r = sshbuf_get_string(m, &signature, &signaturelen)) != 0 || 1395 (r = sshbuf_get_string_direct(m, &signature, &signaturelen)) != 0 ||
1397 (r = sshbuf_get_string(m, &data, &datalen)) != 0 || 1396 (r = sshbuf_get_string_direct(m, &data, &datalen)) != 0 ||
1398 (r = sshbuf_get_cstring(m, &sigalg, NULL)) != 0) 1397 (r = sshbuf_get_cstring(m, &sigalg, NULL)) != 0)
1399 fatal("%s: buffer error: %s", __func__, ssh_err(r)); 1398 fatal("%s: buffer error: %s", __func__, ssh_err(r));
1400 1399
@@ -1429,30 +1428,57 @@ mm_answer_keyverify(struct ssh *ssh, int sock, struct sshbuf *m)
1429 if (!valid_data) 1428 if (!valid_data)
1430 fatal("%s: bad signature data blob", __func__); 1429 fatal("%s: bad signature data blob", __func__);
1431 1430
1431 if ((fp = sshkey_fingerprint(key, options.fingerprint_hash,
1432 SSH_FP_DEFAULT)) == NULL)
1433 fatal("%s: sshkey_fingerprint failed", __func__);
1434
1432 ret = sshkey_verify(key, signature, signaturelen, data, datalen, 1435 ret = sshkey_verify(key, signature, signaturelen, data, datalen,
1433 sigalg, ssh->compat); 1436 sigalg, ssh->compat, &sig_details);
1434 debug3("%s: %s %p signature %s", __func__, auth_method, key, 1437 debug3("%s: %s %p signature %s%s%s", __func__, auth_method, key,
1435 (ret == 0) ? "verified" : "unverified"); 1438 (ret == 0) ? "verified" : "unverified",
1439 (ret != 0) ? ": " : "", (ret != 0) ? ssh_err(ret) : "");
1440
1441 if (ret == 0 && key_blobtype == MM_USERKEY && sig_details != NULL) {
1442 req_presence = (options.pubkey_auth_options &
1443 PUBKEYAUTH_TOUCH_REQUIRED) ||
1444 !key_opts->no_require_user_presence;
1445 if (req_presence &&
1446 (sig_details->sk_flags & SSH_SK_USER_PRESENCE_REQD) == 0) {
1447 error("public key %s %s signature for %s%s from %.128s "
1448 "port %d rejected: user presence "
1449 "(authenticator touch) requirement not met ",
1450 sshkey_type(key), fp,
1451 authctxt->valid ? "" : "invalid user ",
1452 authctxt->user, ssh_remote_ipaddr(ssh),
1453 ssh_remote_port(ssh));
1454 ret = SSH_ERR_SIGNATURE_INVALID;
1455 }
1456 }
1436 auth2_record_key(authctxt, ret == 0, key); 1457 auth2_record_key(authctxt, ret == 0, key);
1437 1458
1438 free(blob);
1439 free(signature);
1440 free(data);
1441 free(sigalg);
1442
1443 if (key_blobtype == MM_USERKEY) 1459 if (key_blobtype == MM_USERKEY)
1444 auth_activate_options(ssh, key_opts); 1460 auth_activate_options(ssh, key_opts);
1445 monitor_reset_key_state(); 1461 monitor_reset_key_state();
1446 1462
1447 sshkey_free(key);
1448 sshbuf_reset(m); 1463 sshbuf_reset(m);
1449 1464
1450 /* encode ret != 0 as positive integer, since we're sending u32 */ 1465 /* encode ret != 0 as positive integer, since we're sending u32 */
1451 encoded_ret = (ret != 0); 1466 encoded_ret = (ret != 0);
1452 if ((r = sshbuf_put_u32(m, encoded_ret)) != 0) 1467 if ((r = sshbuf_put_u32(m, encoded_ret)) != 0 ||
1468 (r = sshbuf_put_u8(m, sig_details != NULL)) != 0)
1453 fatal("%s: buffer error: %s", __func__, ssh_err(r)); 1469 fatal("%s: buffer error: %s", __func__, ssh_err(r));
1470 if (sig_details != NULL) {
1471 if ((r = sshbuf_put_u32(m, sig_details->sk_counter)) != 0 ||
1472 (r = sshbuf_put_u8(m, sig_details->sk_flags)) != 0)
1473 fatal("%s: buffer error: %s", __func__, ssh_err(r));
1474 }
1475 sshkey_sig_details_free(sig_details);
1454 mm_request_send(sock, MONITOR_ANS_KEYVERIFY, m); 1476 mm_request_send(sock, MONITOR_ANS_KEYVERIFY, m);
1455 1477
1478 free(sigalg);
1479 free(fp);
1480 sshkey_free(key);
1481
1456 return ret == 0; 1482 return ret == 0;
1457} 1483}
1458 1484
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-02 13:39:01 +0000