summaryrefslogtreecommitdiff
path: root/monitor.c
diff options
context:
space:
mode:
Diffstat (limited to 'monitor.c')
-rw-r--r--monitor.c214
1 files changed, 117 insertions, 97 deletions
diff --git a/monitor.c b/monitor.c
index d7a782f89..bd9303bdb 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: monitor.c,v 1.120 2012/12/11 22:16:21 markus Exp $ */ 1/* $OpenBSD: monitor.c,v 1.127 2013/07/19 07:37:48 markus Exp $ */
2/* 2/*
3 * Copyright 2002 Niels Provos <provos@citi.umich.edu> 3 * Copyright 2002 Niels Provos <provos@citi.umich.edu>
4 * Copyright 2002 Markus Friedl <markus@openbsd.org> 4 * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -97,6 +97,7 @@
97#include "ssh2.h" 97#include "ssh2.h"
98#include "jpake.h" 98#include "jpake.h"
99#include "roaming.h" 99#include "roaming.h"
100#include "authfd.h"
100 101
101#ifdef GSSAPI 102#ifdef GSSAPI
102static Gssctxt *gsscontext = NULL; 103static Gssctxt *gsscontext = NULL;
@@ -405,7 +406,7 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor)
405 "with SSH protocol 1"); 406 "with SSH protocol 1");
406 if (authenticated && 407 if (authenticated &&
407 !auth2_update_methods_lists(authctxt, 408 !auth2_update_methods_lists(authctxt,
408 auth_method)) { 409 auth_method, auth_submethod)) {
409 debug3("%s: method %s: partial", __func__, 410 debug3("%s: method %s: partial", __func__,
410 auth_method); 411 auth_method);
411 authenticated = 0; 412 authenticated = 0;
@@ -435,8 +436,7 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor)
435 } 436 }
436 if (ent->flags & (MON_AUTHDECIDE|MON_ALOG)) { 437 if (ent->flags & (MON_AUTHDECIDE|MON_ALOG)) {
437 auth_log(authctxt, authenticated, partial, 438 auth_log(authctxt, authenticated, partial,
438 auth_method, auth_submethod, 439 auth_method, auth_submethod);
439 compat20 ? " ssh2" : "");
440 if (!authenticated) 440 if (!authenticated)
441 authctxt->failures++; 441 authctxt->failures++;
442 } 442 }
@@ -568,7 +568,7 @@ monitor_read_log(struct monitor *pmonitor)
568 do_log2(level, "%s [preauth]", msg); 568 do_log2(level, "%s [preauth]", msg);
569 569
570 buffer_free(&logmsg); 570 buffer_free(&logmsg);
571 xfree(msg); 571 free(msg);
572 572
573 return 0; 573 return 0;
574} 574}
@@ -659,12 +659,9 @@ static void
659monitor_reset_key_state(void) 659monitor_reset_key_state(void)
660{ 660{
661 /* reset state */ 661 /* reset state */
662 if (key_blob != NULL) 662 free(key_blob);
663 xfree(key_blob); 663 free(hostbased_cuser);
664 if (hostbased_cuser != NULL) 664 free(hostbased_chost);
665 xfree(hostbased_cuser);
666 if (hostbased_chost != NULL)
667 xfree(hostbased_chost);
668 key_blob = NULL; 665 key_blob = NULL;
669 key_bloblen = 0; 666 key_bloblen = 0;
670 key_blobtype = MM_NOKEY; 667 key_blobtype = MM_NOKEY;
@@ -707,6 +704,8 @@ mm_answer_moduli(int sock, Buffer *m)
707 return (0); 704 return (0);
708} 705}
709 706
707extern AuthenticationConnection *auth_conn;
708
710int 709int
711mm_answer_sign(int sock, Buffer *m) 710mm_answer_sign(int sock, Buffer *m)
712{ 711{
@@ -735,18 +734,24 @@ mm_answer_sign(int sock, Buffer *m)
735 memcpy(session_id2, p, session_id2_len); 734 memcpy(session_id2, p, session_id2_len);
736 } 735 }
737 736
738 if ((key = get_hostkey_by_index(keyid)) == NULL) 737 if ((key = get_hostkey_by_index(keyid)) != NULL) {
738 if (key_sign(key, &signature, &siglen, p, datlen) < 0)
739 fatal("%s: key_sign failed", __func__);
740 } else if ((key = get_hostkey_public_by_index(keyid)) != NULL &&
741 auth_conn != NULL) {
742 if (ssh_agent_sign(auth_conn, key, &signature, &siglen, p,
743 datlen) < 0)
744 fatal("%s: ssh_agent_sign failed", __func__);
745 } else
739 fatal("%s: no hostkey from index %d", __func__, keyid); 746 fatal("%s: no hostkey from index %d", __func__, keyid);
740 if (key_sign(key, &signature, &siglen, p, datlen) < 0)
741 fatal("%s: key_sign failed", __func__);
742 747
743 debug3("%s: signature %p(%u)", __func__, signature, siglen); 748 debug3("%s: signature %p(%u)", __func__, signature, siglen);
744 749
745 buffer_clear(m); 750 buffer_clear(m);
746 buffer_put_string(m, signature, siglen); 751 buffer_put_string(m, signature, siglen);
747 752
748 xfree(p); 753 free(p);
749 xfree(signature); 754 free(signature);
750 755
751 mm_request_send(sock, MONITOR_ANS_SIGN, m); 756 mm_request_send(sock, MONITOR_ANS_SIGN, m);
752 757
@@ -777,7 +782,7 @@ mm_answer_pwnamallow(int sock, Buffer *m)
777 782
778 authctxt->user = xstrdup(username); 783 authctxt->user = xstrdup(username);
779 setproctitle("%s [priv]", pwent ? username : "unknown"); 784 setproctitle("%s [priv]", pwent ? username : "unknown");
780 xfree(username); 785 free(username);
781 786
782 buffer_clear(m); 787 buffer_clear(m);
783 788
@@ -795,8 +800,10 @@ mm_answer_pwnamallow(int sock, Buffer *m)
795 buffer_put_string(m, pwent, sizeof(struct passwd)); 800 buffer_put_string(m, pwent, sizeof(struct passwd));
796 buffer_put_cstring(m, pwent->pw_name); 801 buffer_put_cstring(m, pwent->pw_name);
797 buffer_put_cstring(m, "*"); 802 buffer_put_cstring(m, "*");
803#ifdef HAVE_STRUCT_PASSWD_PW_GECOS
798 buffer_put_cstring(m, pwent->pw_gecos); 804 buffer_put_cstring(m, pwent->pw_gecos);
799#ifdef HAVE_PW_CLASS_IN_PASSWD 805#endif
806#ifdef HAVE_STRUCT_PASSWD_PW_CLASS
800 buffer_put_cstring(m, pwent->pw_class); 807 buffer_put_cstring(m, pwent->pw_class);
801#endif 808#endif
802 buffer_put_cstring(m, pwent->pw_dir); 809 buffer_put_cstring(m, pwent->pw_dir);
@@ -855,9 +862,7 @@ int mm_answer_auth2_read_banner(int sock, Buffer *m)
855 banner = auth2_read_banner(); 862 banner = auth2_read_banner();
856 buffer_put_cstring(m, banner != NULL ? banner : ""); 863 buffer_put_cstring(m, banner != NULL ? banner : "");
857 mm_request_send(sock, MONITOR_ANS_AUTH2_READ_BANNER, m); 864 mm_request_send(sock, MONITOR_ANS_AUTH2_READ_BANNER, m);
858 865 free(banner);
859 if (banner != NULL)
860 xfree(banner);
861 866
862 return (0); 867 return (0);
863} 868}
@@ -873,7 +878,7 @@ mm_answer_authserv(int sock, Buffer *m)
873 __func__, authctxt->service, authctxt->style); 878 __func__, authctxt->service, authctxt->style);
874 879
875 if (strlen(authctxt->style) == 0) { 880 if (strlen(authctxt->style) == 0) {
876 xfree(authctxt->style); 881 free(authctxt->style);
877 authctxt->style = NULL; 882 authctxt->style = NULL;
878 } 883 }
879 884
@@ -893,7 +898,7 @@ mm_answer_authpassword(int sock, Buffer *m)
893 authenticated = options.password_authentication && 898 authenticated = options.password_authentication &&
894 auth_password(authctxt, passwd); 899 auth_password(authctxt, passwd);
895 memset(passwd, 0, strlen(passwd)); 900 memset(passwd, 0, strlen(passwd));
896 xfree(passwd); 901 free(passwd);
897 902
898 buffer_clear(m); 903 buffer_clear(m);
899 buffer_put_int(m, authenticated); 904 buffer_put_int(m, authenticated);
@@ -933,10 +938,10 @@ mm_answer_bsdauthquery(int sock, Buffer *m)
933 mm_request_send(sock, MONITOR_ANS_BSDAUTHQUERY, m); 938 mm_request_send(sock, MONITOR_ANS_BSDAUTHQUERY, m);
934 939
935 if (success) { 940 if (success) {
936 xfree(name); 941 free(name);
937 xfree(infotxt); 942 free(infotxt);
938 xfree(prompts); 943 free(prompts);
939 xfree(echo_on); 944 free(echo_on);
940 } 945 }
941 946
942 return (0); 947 return (0);
@@ -956,7 +961,7 @@ mm_answer_bsdauthrespond(int sock, Buffer *m)
956 auth_userresponse(authctxt->as, response, 0); 961 auth_userresponse(authctxt->as, response, 0);
957 authctxt->as = NULL; 962 authctxt->as = NULL;
958 debug3("%s: <%s> = <%d>", __func__, response, authok); 963 debug3("%s: <%s> = <%d>", __func__, response, authok);
959 xfree(response); 964 free(response);
960 965
961 buffer_clear(m); 966 buffer_clear(m);
962 buffer_put_int(m, authok); 967 buffer_put_int(m, authok);
@@ -964,9 +969,10 @@ mm_answer_bsdauthrespond(int sock, Buffer *m)
964 debug3("%s: sending authenticated: %d", __func__, authok); 969 debug3("%s: sending authenticated: %d", __func__, authok);
965 mm_request_send(sock, MONITOR_ANS_BSDAUTHRESPOND, m); 970 mm_request_send(sock, MONITOR_ANS_BSDAUTHRESPOND, m);
966 971
967 if (compat20) 972 if (compat20) {
968 auth_method = "keyboard-interactive"; /* XXX auth_submethod */ 973 auth_method = "keyboard-interactive";
969 else 974 auth_submethod = "bsdauth";
975 } else
970 auth_method = "bsdauth"; 976 auth_method = "bsdauth";
971 977
972 return (authok != 0); 978 return (authok != 0);
@@ -1008,7 +1014,7 @@ mm_answer_skeyrespond(int sock, Buffer *m)
1008 skey_haskey(authctxt->pw->pw_name) == 0 && 1014 skey_haskey(authctxt->pw->pw_name) == 0 &&
1009 skey_passcheck(authctxt->pw->pw_name, response) != -1); 1015 skey_passcheck(authctxt->pw->pw_name, response) != -1);
1010 1016
1011 xfree(response); 1017 free(response);
1012 1018
1013 buffer_clear(m); 1019 buffer_clear(m);
1014 buffer_put_int(m, authok); 1020 buffer_put_int(m, authok);
@@ -1093,19 +1099,17 @@ mm_answer_pam_query(int sock, Buffer *m)
1093 buffer_clear(m); 1099 buffer_clear(m);
1094 buffer_put_int(m, ret); 1100 buffer_put_int(m, ret);
1095 buffer_put_cstring(m, name); 1101 buffer_put_cstring(m, name);
1096 xfree(name); 1102 free(name);
1097 buffer_put_cstring(m, info); 1103 buffer_put_cstring(m, info);
1098 xfree(info); 1104 free(info);
1099 buffer_put_int(m, num); 1105 buffer_put_int(m, num);
1100 for (i = 0; i < num; ++i) { 1106 for (i = 0; i < num; ++i) {
1101 buffer_put_cstring(m, prompts[i]); 1107 buffer_put_cstring(m, prompts[i]);
1102 xfree(prompts[i]); 1108 free(prompts[i]);
1103 buffer_put_int(m, echo_on[i]); 1109 buffer_put_int(m, echo_on[i]);
1104 } 1110 }
1105 if (prompts != NULL) 1111 free(prompts);
1106 xfree(prompts); 1112 free(echo_on);
1107 if (echo_on != NULL)
1108 xfree(echo_on);
1109 auth_method = "keyboard-interactive"; 1113 auth_method = "keyboard-interactive";
1110 auth_submethod = "pam"; 1114 auth_submethod = "pam";
1111 mm_request_send(sock, MONITOR_ANS_PAM_QUERY, m); 1115 mm_request_send(sock, MONITOR_ANS_PAM_QUERY, m);
@@ -1128,8 +1132,8 @@ mm_answer_pam_respond(int sock, Buffer *m)
1128 resp[i] = buffer_get_string(m, NULL); 1132 resp[i] = buffer_get_string(m, NULL);
1129 ret = (sshpam_device.respond)(sshpam_ctxt, num, resp); 1133 ret = (sshpam_device.respond)(sshpam_ctxt, num, resp);
1130 for (i = 0; i < num; ++i) 1134 for (i = 0; i < num; ++i)
1131 xfree(resp[i]); 1135 free(resp[i]);
1132 xfree(resp); 1136 free(resp);
1133 } else { 1137 } else {
1134 ret = (sshpam_device.respond)(sshpam_ctxt, num, NULL); 1138 ret = (sshpam_device.respond)(sshpam_ctxt, num, NULL);
1135 } 1139 }
@@ -1187,6 +1191,7 @@ mm_answer_keyallowed(int sock, Buffer *m)
1187 case MM_USERKEY: 1191 case MM_USERKEY:
1188 allowed = options.pubkey_authentication && 1192 allowed = options.pubkey_authentication &&
1189 user_key_allowed(authctxt->pw, key); 1193 user_key_allowed(authctxt->pw, key);
1194 pubkey_auth_info(authctxt, key, NULL);
1190 auth_method = "publickey"; 1195 auth_method = "publickey";
1191 if (options.pubkey_authentication && allowed != 1) 1196 if (options.pubkey_authentication && allowed != 1)
1192 auth_clear_options(); 1197 auth_clear_options();
@@ -1195,6 +1200,9 @@ mm_answer_keyallowed(int sock, Buffer *m)
1195 allowed = options.hostbased_authentication && 1200 allowed = options.hostbased_authentication &&
1196 hostbased_key_allowed(authctxt->pw, 1201 hostbased_key_allowed(authctxt->pw,
1197 cuser, chost, key); 1202 cuser, chost, key);
1203 pubkey_auth_info(authctxt, key,
1204 "client user \"%.100s\", client host \"%.100s\"",
1205 cuser, chost);
1198 auth_method = "hostbased"; 1206 auth_method = "hostbased";
1199 break; 1207 break;
1200 case MM_RSAHOSTKEY: 1208 case MM_RSAHOSTKEY:
@@ -1226,11 +1234,10 @@ mm_answer_keyallowed(int sock, Buffer *m)
1226 hostbased_chost = chost; 1234 hostbased_chost = chost;
1227 } else { 1235 } else {
1228 /* Log failed attempt */ 1236 /* Log failed attempt */
1229 auth_log(authctxt, 0, 0, auth_method, NULL, 1237 auth_log(authctxt, 0, 0, auth_method, NULL);
1230 compat20 ? " ssh2" : ""); 1238 free(blob);
1231 xfree(blob); 1239 free(cuser);
1232 xfree(cuser); 1240 free(chost);
1233 xfree(chost);
1234 } 1241 }
1235 1242
1236 debug3("%s: key %p is %s", 1243 debug3("%s: key %p is %s",
@@ -1252,7 +1259,7 @@ static int
1252monitor_valid_userblob(u_char *data, u_int datalen) 1259monitor_valid_userblob(u_char *data, u_int datalen)
1253{ 1260{
1254 Buffer b; 1261 Buffer b;
1255 char *p; 1262 char *p, *userstyle;
1256 u_int len; 1263 u_int len;
1257 int fail = 0; 1264 int fail = 0;
1258 1265
@@ -1273,26 +1280,30 @@ monitor_valid_userblob(u_char *data, u_int datalen)
1273 (len != session_id2_len) || 1280 (len != session_id2_len) ||
1274 (timingsafe_bcmp(p, session_id2, session_id2_len) != 0)) 1281 (timingsafe_bcmp(p, session_id2, session_id2_len) != 0))
1275 fail++; 1282 fail++;
1276 xfree(p); 1283 free(p);
1277 } 1284 }
1278 if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST) 1285 if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST)
1279 fail++; 1286 fail++;
1280 p = buffer_get_string(&b, NULL); 1287 p = buffer_get_cstring(&b, NULL);
1281 if (strcmp(authctxt->user, p) != 0) { 1288 xasprintf(&userstyle, "%s%s%s", authctxt->user,
1289 authctxt->style ? ":" : "",
1290 authctxt->style ? authctxt->style : "");
1291 if (strcmp(userstyle, p) != 0) {
1282 logit("wrong user name passed to monitor: expected %s != %.100s", 1292 logit("wrong user name passed to monitor: expected %s != %.100s",
1283 authctxt->user, p); 1293 userstyle, p);
1284 fail++; 1294 fail++;
1285 } 1295 }
1286 xfree(p); 1296 free(userstyle);
1297 free(p);
1287 buffer_skip_string(&b); 1298 buffer_skip_string(&b);
1288 if (datafellows & SSH_BUG_PKAUTH) { 1299 if (datafellows & SSH_BUG_PKAUTH) {
1289 if (!buffer_get_char(&b)) 1300 if (!buffer_get_char(&b))
1290 fail++; 1301 fail++;
1291 } else { 1302 } else {
1292 p = buffer_get_string(&b, NULL); 1303 p = buffer_get_cstring(&b, NULL);
1293 if (strcmp("publickey", p) != 0) 1304 if (strcmp("publickey", p) != 0)
1294 fail++; 1305 fail++;
1295 xfree(p); 1306 free(p);
1296 if (!buffer_get_char(&b)) 1307 if (!buffer_get_char(&b))
1297 fail++; 1308 fail++;
1298 buffer_skip_string(&b); 1309 buffer_skip_string(&b);
@@ -1309,7 +1320,7 @@ monitor_valid_hostbasedblob(u_char *data, u_int datalen, char *cuser,
1309 char *chost) 1320 char *chost)
1310{ 1321{
1311 Buffer b; 1322 Buffer b;
1312 char *p; 1323 char *p, *userstyle;
1313 u_int len; 1324 u_int len;
1314 int fail = 0; 1325 int fail = 0;
1315 1326
@@ -1321,22 +1332,26 @@ monitor_valid_hostbasedblob(u_char *data, u_int datalen, char *cuser,
1321 (len != session_id2_len) || 1332 (len != session_id2_len) ||
1322 (timingsafe_bcmp(p, session_id2, session_id2_len) != 0)) 1333 (timingsafe_bcmp(p, session_id2, session_id2_len) != 0))
1323 fail++; 1334 fail++;
1324 xfree(p); 1335 free(p);
1325 1336
1326 if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST) 1337 if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST)
1327 fail++; 1338 fail++;
1328 p = buffer_get_string(&b, NULL); 1339 p = buffer_get_cstring(&b, NULL);
1329 if (strcmp(authctxt->user, p) != 0) { 1340 xasprintf(&userstyle, "%s%s%s", authctxt->user,
1341 authctxt->style ? ":" : "",
1342 authctxt->style ? authctxt->style : "");
1343 if (strcmp(userstyle, p) != 0) {
1330 logit("wrong user name passed to monitor: expected %s != %.100s", 1344 logit("wrong user name passed to monitor: expected %s != %.100s",
1331 authctxt->user, p); 1345 userstyle, p);
1332 fail++; 1346 fail++;
1333 } 1347 }
1334 xfree(p); 1348 free(userstyle);
1349 free(p);
1335 buffer_skip_string(&b); /* service */ 1350 buffer_skip_string(&b); /* service */
1336 p = buffer_get_string(&b, NULL); 1351 p = buffer_get_cstring(&b, NULL);
1337 if (strcmp(p, "hostbased") != 0) 1352 if (strcmp(p, "hostbased") != 0)
1338 fail++; 1353 fail++;
1339 xfree(p); 1354 free(p);
1340 buffer_skip_string(&b); /* pkalg */ 1355 buffer_skip_string(&b); /* pkalg */
1341 buffer_skip_string(&b); /* pkblob */ 1356 buffer_skip_string(&b); /* pkblob */
1342 1357
@@ -1346,13 +1361,13 @@ monitor_valid_hostbasedblob(u_char *data, u_int datalen, char *cuser,
1346 p[len - 1] = '\0'; 1361 p[len - 1] = '\0';
1347 if (strcmp(p, chost) != 0) 1362 if (strcmp(p, chost) != 0)
1348 fail++; 1363 fail++;
1349 xfree(p); 1364 free(p);
1350 1365
1351 /* verify client user */ 1366 /* verify client user */
1352 p = buffer_get_string(&b, NULL); 1367 p = buffer_get_string(&b, NULL);
1353 if (strcmp(p, cuser) != 0) 1368 if (strcmp(p, cuser) != 0)
1354 fail++; 1369 fail++;
1355 xfree(p); 1370 free(p);
1356 1371
1357 if (buffer_len(&b) != 0) 1372 if (buffer_len(&b) != 0)
1358 fail++; 1373 fail++;
@@ -1401,9 +1416,9 @@ mm_answer_keyverify(int sock, Buffer *m)
1401 __func__, key, (verified == 1) ? "verified" : "unverified"); 1416 __func__, key, (verified == 1) ? "verified" : "unverified");
1402 1417
1403 key_free(key); 1418 key_free(key);
1404 xfree(blob); 1419 free(blob);
1405 xfree(signature); 1420 free(signature);
1406 xfree(data); 1421 free(data);
1407 1422
1408 auth_method = key_blobtype == MM_USERKEY ? "publickey" : "hostbased"; 1423 auth_method = key_blobtype == MM_USERKEY ? "publickey" : "hostbased";
1409 1424
@@ -1531,7 +1546,7 @@ mm_answer_pty_cleanup(int sock, Buffer *m)
1531 if ((s = session_by_tty(tty)) != NULL) 1546 if ((s = session_by_tty(tty)) != NULL)
1532 mm_session_close(s); 1547 mm_session_close(s);
1533 buffer_clear(m); 1548 buffer_clear(m);
1534 xfree(tty); 1549 free(tty);
1535 return (0); 1550 return (0);
1536} 1551}
1537 1552
@@ -1663,7 +1678,7 @@ mm_answer_rsa_challenge(int sock, Buffer *m)
1663 1678
1664 monitor_permit(mon_dispatch, MONITOR_REQ_RSARESPONSE, 1); 1679 monitor_permit(mon_dispatch, MONITOR_REQ_RSARESPONSE, 1);
1665 1680
1666 xfree(blob); 1681 free(blob);
1667 key_free(key); 1682 key_free(key);
1668 return (0); 1683 return (0);
1669} 1684}
@@ -1695,9 +1710,9 @@ mm_answer_rsa_response(int sock, Buffer *m)
1695 fatal("%s: received bad response to challenge", __func__); 1710 fatal("%s: received bad response to challenge", __func__);
1696 success = auth_rsa_verify_response(key, ssh1_challenge, response); 1711 success = auth_rsa_verify_response(key, ssh1_challenge, response);
1697 1712
1698 xfree(blob); 1713 free(blob);
1699 key_free(key); 1714 key_free(key);
1700 xfree(response); 1715 free(response);
1701 1716
1702 auth_method = key_blobtype == MM_RSAUSERKEY ? "rsa" : "rhosts-rsa"; 1717 auth_method = key_blobtype == MM_RSAUSERKEY ? "rsa" : "rhosts-rsa";
1703 1718
@@ -1776,7 +1791,7 @@ mm_answer_audit_command(int socket, Buffer *m)
1776 cmd = buffer_get_string(m, &len); 1791 cmd = buffer_get_string(m, &len);
1777 /* sanity check command, if so how? */ 1792 /* sanity check command, if so how? */
1778 audit_run_command(cmd); 1793 audit_run_command(cmd);
1779 xfree(cmd); 1794 free(cmd);
1780 return (0); 1795 return (0);
1781} 1796}
1782#endif /* SSH_AUDIT_EVENTS */ 1797#endif /* SSH_AUDIT_EVENTS */
@@ -1791,20 +1806,20 @@ monitor_apply_keystate(struct monitor *pmonitor)
1791 packet_set_protocol_flags(child_state.ssh1protoflags); 1806 packet_set_protocol_flags(child_state.ssh1protoflags);
1792 packet_set_encryption_key(child_state.ssh1key, 1807 packet_set_encryption_key(child_state.ssh1key,
1793 child_state.ssh1keylen, child_state.ssh1cipher); 1808 child_state.ssh1keylen, child_state.ssh1cipher);
1794 xfree(child_state.ssh1key); 1809 free(child_state.ssh1key);
1795 } 1810 }
1796 1811
1797 /* for rc4 and other stateful ciphers */ 1812 /* for rc4 and other stateful ciphers */
1798 packet_set_keycontext(MODE_OUT, child_state.keyout); 1813 packet_set_keycontext(MODE_OUT, child_state.keyout);
1799 xfree(child_state.keyout); 1814 free(child_state.keyout);
1800 packet_set_keycontext(MODE_IN, child_state.keyin); 1815 packet_set_keycontext(MODE_IN, child_state.keyin);
1801 xfree(child_state.keyin); 1816 free(child_state.keyin);
1802 1817
1803 if (!compat20) { 1818 if (!compat20) {
1804 packet_set_iv(MODE_OUT, child_state.ivout); 1819 packet_set_iv(MODE_OUT, child_state.ivout);
1805 xfree(child_state.ivout); 1820 free(child_state.ivout);
1806 packet_set_iv(MODE_IN, child_state.ivin); 1821 packet_set_iv(MODE_IN, child_state.ivin);
1807 xfree(child_state.ivin); 1822 free(child_state.ivin);
1808 } 1823 }
1809 1824
1810 memcpy(&incoming_stream, &child_state.incoming, 1825 memcpy(&incoming_stream, &child_state.incoming,
@@ -1816,18 +1831,22 @@ monitor_apply_keystate(struct monitor *pmonitor)
1816 if (options.compression) 1831 if (options.compression)
1817 mm_init_compression(pmonitor->m_zlib); 1832 mm_init_compression(pmonitor->m_zlib);
1818 1833
1834 if (options.rekey_limit || options.rekey_interval)
1835 packet_set_rekey_limits((u_int32_t)options.rekey_limit,
1836 (time_t)options.rekey_interval);
1837
1819 /* Network I/O buffers */ 1838 /* Network I/O buffers */
1820 /* XXX inefficient for large buffers, need: buffer_init_from_string */ 1839 /* XXX inefficient for large buffers, need: buffer_init_from_string */
1821 buffer_clear(packet_get_input()); 1840 buffer_clear(packet_get_input());
1822 buffer_append(packet_get_input(), child_state.input, child_state.ilen); 1841 buffer_append(packet_get_input(), child_state.input, child_state.ilen);
1823 memset(child_state.input, 0, child_state.ilen); 1842 memset(child_state.input, 0, child_state.ilen);
1824 xfree(child_state.input); 1843 free(child_state.input);
1825 1844
1826 buffer_clear(packet_get_output()); 1845 buffer_clear(packet_get_output());
1827 buffer_append(packet_get_output(), child_state.output, 1846 buffer_append(packet_get_output(), child_state.output,
1828 child_state.olen); 1847 child_state.olen);
1829 memset(child_state.output, 0, child_state.olen); 1848 memset(child_state.output, 0, child_state.olen);
1830 xfree(child_state.output); 1849 free(child_state.output);
1831 1850
1832 /* Roaming */ 1851 /* Roaming */
1833 if (compat20) 1852 if (compat20)
@@ -1866,11 +1885,11 @@ mm_get_kex(Buffer *m)
1866 blob = buffer_get_string(m, &bloblen); 1885 blob = buffer_get_string(m, &bloblen);
1867 buffer_init(&kex->my); 1886 buffer_init(&kex->my);
1868 buffer_append(&kex->my, blob, bloblen); 1887 buffer_append(&kex->my, blob, bloblen);
1869 xfree(blob); 1888 free(blob);
1870 blob = buffer_get_string(m, &bloblen); 1889 blob = buffer_get_string(m, &bloblen);
1871 buffer_init(&kex->peer); 1890 buffer_init(&kex->peer);
1872 buffer_append(&kex->peer, blob, bloblen); 1891 buffer_append(&kex->peer, blob, bloblen);
1873 xfree(blob); 1892 free(blob);
1874 kex->done = 1; 1893 kex->done = 1;
1875 kex->flags = buffer_get_int(m); 1894 kex->flags = buffer_get_int(m);
1876 kex->client_version_string = buffer_get_string(m, NULL); 1895 kex->client_version_string = buffer_get_string(m, NULL);
@@ -1878,6 +1897,7 @@ mm_get_kex(Buffer *m)
1878 kex->load_host_public_key=&get_hostkey_public_by_type; 1897 kex->load_host_public_key=&get_hostkey_public_by_type;
1879 kex->load_host_private_key=&get_hostkey_private_by_type; 1898 kex->load_host_private_key=&get_hostkey_private_by_type;
1880 kex->host_key_index=&get_hostkey_index; 1899 kex->host_key_index=&get_hostkey_index;
1900 kex->sign = sshd_hostkey_sign;
1881 1901
1882 return (kex); 1902 return (kex);
1883} 1903}
@@ -1913,12 +1933,12 @@ mm_get_keystate(struct monitor *pmonitor)
1913 1933
1914 blob = buffer_get_string(&m, &bloblen); 1934 blob = buffer_get_string(&m, &bloblen);
1915 current_keys[MODE_OUT] = mm_newkeys_from_blob(blob, bloblen); 1935 current_keys[MODE_OUT] = mm_newkeys_from_blob(blob, bloblen);
1916 xfree(blob); 1936 free(blob);
1917 1937
1918 debug3("%s: Waiting for second key", __func__); 1938 debug3("%s: Waiting for second key", __func__);
1919 blob = buffer_get_string(&m, &bloblen); 1939 blob = buffer_get_string(&m, &bloblen);
1920 current_keys[MODE_IN] = mm_newkeys_from_blob(blob, bloblen); 1940 current_keys[MODE_IN] = mm_newkeys_from_blob(blob, bloblen);
1921 xfree(blob); 1941 free(blob);
1922 1942
1923 /* Now get sequence numbers for the packets */ 1943 /* Now get sequence numbers for the packets */
1924 seqnr = buffer_get_int(&m); 1944 seqnr = buffer_get_int(&m);
@@ -1943,13 +1963,13 @@ mm_get_keystate(struct monitor *pmonitor)
1943 if (plen != sizeof(child_state.outgoing)) 1963 if (plen != sizeof(child_state.outgoing))
1944 fatal("%s: bad request size", __func__); 1964 fatal("%s: bad request size", __func__);
1945 memcpy(&child_state.outgoing, p, sizeof(child_state.outgoing)); 1965 memcpy(&child_state.outgoing, p, sizeof(child_state.outgoing));
1946 xfree(p); 1966 free(p);
1947 1967
1948 p = buffer_get_string(&m, &plen); 1968 p = buffer_get_string(&m, &plen);
1949 if (plen != sizeof(child_state.incoming)) 1969 if (plen != sizeof(child_state.incoming))
1950 fatal("%s: bad request size", __func__); 1970 fatal("%s: bad request size", __func__);
1951 memcpy(&child_state.incoming, p, sizeof(child_state.incoming)); 1971 memcpy(&child_state.incoming, p, sizeof(child_state.incoming));
1952 xfree(p); 1972 free(p);
1953 1973
1954 /* Network I/O buffers */ 1974 /* Network I/O buffers */
1955 debug3("%s: Getting Network I/O buffers", __func__); 1975 debug3("%s: Getting Network I/O buffers", __func__);
@@ -2074,7 +2094,7 @@ mm_answer_gss_setup_ctx(int sock, Buffer *m)
2074 2094
2075 major = ssh_gssapi_server_ctx(&gsscontext, &goid); 2095 major = ssh_gssapi_server_ctx(&gsscontext, &goid);
2076 2096
2077 xfree(goid.elements); 2097 free(goid.elements);
2078 2098
2079 buffer_clear(m); 2099 buffer_clear(m);
2080 buffer_put_int(m, major); 2100 buffer_put_int(m, major);
@@ -2102,7 +2122,7 @@ mm_answer_gss_accept_ctx(int sock, Buffer *m)
2102 in.value = buffer_get_string(m, &len); 2122 in.value = buffer_get_string(m, &len);
2103 in.length = len; 2123 in.length = len;
2104 major = ssh_gssapi_accept_ctx(gsscontext, &in, &out, &flags); 2124 major = ssh_gssapi_accept_ctx(gsscontext, &in, &out, &flags);
2105 xfree(in.value); 2125 free(in.value);
2106 2126
2107 buffer_clear(m); 2127 buffer_clear(m);
2108 buffer_put_int(m, major); 2128 buffer_put_int(m, major);
@@ -2138,8 +2158,8 @@ mm_answer_gss_checkmic(int sock, Buffer *m)
2138 2158
2139 ret = ssh_gssapi_checkmic(gsscontext, &gssbuf, &mic); 2159 ret = ssh_gssapi_checkmic(gsscontext, &gssbuf, &mic);
2140 2160
2141 xfree(gssbuf.value); 2161 free(gssbuf.value);
2142 xfree(mic.value); 2162 free(mic.value);
2143 2163
2144 buffer_clear(m); 2164 buffer_clear(m);
2145 buffer_put_int(m, ret); 2165 buffer_put_int(m, ret);
@@ -2281,8 +2301,8 @@ mm_answer_jpake_step1(int sock, Buffer *m)
2281 2301
2282 bzero(x3_proof, x3_proof_len); 2302 bzero(x3_proof, x3_proof_len);
2283 bzero(x4_proof, x4_proof_len); 2303 bzero(x4_proof, x4_proof_len);
2284 xfree(x3_proof); 2304 free(x3_proof);
2285 xfree(x4_proof); 2305 free(x4_proof);
2286 2306
2287 monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_GET_PWDATA, 1); 2307 monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_GET_PWDATA, 1);
2288 monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_STEP1, 0); 2308 monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_STEP1, 0);
@@ -2311,8 +2331,8 @@ mm_answer_jpake_get_pwdata(int sock, Buffer *m)
2311 2331
2312 bzero(hash_scheme, strlen(hash_scheme)); 2332 bzero(hash_scheme, strlen(hash_scheme));
2313 bzero(salt, strlen(salt)); 2333 bzero(salt, strlen(salt));
2314 xfree(hash_scheme); 2334 free(hash_scheme);
2315 xfree(salt); 2335 free(salt);
2316 2336
2317 monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_STEP2, 1); 2337 monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_STEP2, 1);
2318 2338
@@ -2351,8 +2371,8 @@ mm_answer_jpake_step2(int sock, Buffer *m)
2351 2371
2352 bzero(x1_proof, x1_proof_len); 2372 bzero(x1_proof, x1_proof_len);
2353 bzero(x2_proof, x2_proof_len); 2373 bzero(x2_proof, x2_proof_len);
2354 xfree(x1_proof); 2374 free(x1_proof);
2355 xfree(x2_proof); 2375 free(x2_proof);
2356 2376
2357 buffer_clear(m); 2377 buffer_clear(m);
2358 2378
@@ -2363,7 +2383,7 @@ mm_answer_jpake_step2(int sock, Buffer *m)
2363 mm_request_send(sock, MONITOR_ANS_JPAKE_STEP2, m); 2383 mm_request_send(sock, MONITOR_ANS_JPAKE_STEP2, m);
2364 2384
2365 bzero(x4_s_proof, x4_s_proof_len); 2385 bzero(x4_s_proof, x4_s_proof_len);
2366 xfree(x4_s_proof); 2386 free(x4_s_proof);
2367 2387
2368 monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_KEY_CONFIRM, 1); 2388 monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_KEY_CONFIRM, 1);
2369 2389
@@ -2431,7 +2451,7 @@ mm_answer_jpake_check_confirm(int sock, Buffer *m)
2431 JPAKE_DEBUG_CTX((pctx, "check_confirm done in %s", __func__)); 2451 JPAKE_DEBUG_CTX((pctx, "check_confirm done in %s", __func__));
2432 2452
2433 bzero(peer_confirm_hash, peer_confirm_hash_len); 2453 bzero(peer_confirm_hash, peer_confirm_hash_len);
2434 xfree(peer_confirm_hash); 2454 free(peer_confirm_hash);
2435 2455
2436 buffer_clear(m); 2456 buffer_clear(m);
2437 buffer_put_int(m, authenticated); 2457 buffer_put_int(m, authenticated);
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-02 00:40:48 +0000