diff options
Diffstat (limited to 'monitor.c')
-rw-r--r-- | monitor.c | 418 |
1 files changed, 63 insertions, 355 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: monitor.c,v 1.161 2016/07/22 03:39:13 djm Exp $ */ | 1 | /* $OpenBSD: monitor.c,v 1.166 2016/09/28 16:33:06 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> | 3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> |
4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> | 4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> |
@@ -94,7 +94,6 @@ | |||
94 | #include "misc.h" | 94 | #include "misc.h" |
95 | #include "servconf.h" | 95 | #include "servconf.h" |
96 | #include "monitor.h" | 96 | #include "monitor.h" |
97 | #include "monitor_mm.h" | ||
98 | #ifdef GSSAPI | 97 | #ifdef GSSAPI |
99 | #include "ssh-gss.h" | 98 | #include "ssh-gss.h" |
100 | #endif | 99 | #endif |
@@ -172,10 +171,6 @@ static int monitor_read_log(struct monitor *); | |||
172 | 171 | ||
173 | static Authctxt *authctxt; | 172 | static Authctxt *authctxt; |
174 | 173 | ||
175 | #ifdef WITH_SSH1 | ||
176 | static BIGNUM *ssh1_challenge = NULL; /* used for ssh1 rsa auth */ | ||
177 | #endif | ||
178 | |||
179 | /* local state for key verify */ | 174 | /* local state for key verify */ |
180 | static u_char *key_blob = NULL; | 175 | static u_char *key_blob = NULL; |
181 | static u_int key_bloblen = 0; | 176 | static u_int key_bloblen = 0; |
@@ -216,9 +211,9 @@ struct mon_table mon_dispatch_proto20[] = { | |||
216 | #ifdef USE_PAM | 211 | #ifdef USE_PAM |
217 | {MONITOR_REQ_PAM_START, MON_ONCE, mm_answer_pam_start}, | 212 | {MONITOR_REQ_PAM_START, MON_ONCE, mm_answer_pam_start}, |
218 | {MONITOR_REQ_PAM_ACCOUNT, 0, mm_answer_pam_account}, | 213 | {MONITOR_REQ_PAM_ACCOUNT, 0, mm_answer_pam_account}, |
219 | {MONITOR_REQ_PAM_INIT_CTX, MON_ISAUTH, mm_answer_pam_init_ctx}, | 214 | {MONITOR_REQ_PAM_INIT_CTX, MON_ONCE, mm_answer_pam_init_ctx}, |
220 | {MONITOR_REQ_PAM_QUERY, MON_ISAUTH, mm_answer_pam_query}, | 215 | {MONITOR_REQ_PAM_QUERY, 0, mm_answer_pam_query}, |
221 | {MONITOR_REQ_PAM_RESPOND, MON_ISAUTH, mm_answer_pam_respond}, | 216 | {MONITOR_REQ_PAM_RESPOND, MON_ONCE, mm_answer_pam_respond}, |
222 | {MONITOR_REQ_PAM_FREE_CTX, MON_ONCE|MON_AUTHDECIDE, mm_answer_pam_free_ctx}, | 217 | {MONITOR_REQ_PAM_FREE_CTX, MON_ONCE|MON_AUTHDECIDE, mm_answer_pam_free_ctx}, |
223 | #endif | 218 | #endif |
224 | #ifdef SSH_AUDIT_EVENTS | 219 | #ifdef SSH_AUDIT_EVENTS |
@@ -236,9 +231,9 @@ struct mon_table mon_dispatch_proto20[] = { | |||
236 | {MONITOR_REQ_KEYVERIFY, MON_AUTH, mm_answer_keyverify}, | 231 | {MONITOR_REQ_KEYVERIFY, MON_AUTH, mm_answer_keyverify}, |
237 | #ifdef GSSAPI | 232 | #ifdef GSSAPI |
238 | {MONITOR_REQ_GSSSETUP, MON_ISAUTH, mm_answer_gss_setup_ctx}, | 233 | {MONITOR_REQ_GSSSETUP, MON_ISAUTH, mm_answer_gss_setup_ctx}, |
239 | {MONITOR_REQ_GSSSTEP, MON_ISAUTH, mm_answer_gss_accept_ctx}, | 234 | {MONITOR_REQ_GSSSTEP, 0, mm_answer_gss_accept_ctx}, |
240 | {MONITOR_REQ_GSSUSEROK, MON_AUTH, mm_answer_gss_userok}, | 235 | {MONITOR_REQ_GSSUSEROK, MON_ONCE|MON_AUTHDECIDE, mm_answer_gss_userok}, |
241 | {MONITOR_REQ_GSSCHECKMIC, MON_ISAUTH, mm_answer_gss_checkmic}, | 236 | {MONITOR_REQ_GSSCHECKMIC, MON_ONCE, mm_answer_gss_checkmic}, |
242 | {MONITOR_REQ_GSSSIGN, MON_ONCE, mm_answer_gss_sign}, | 237 | {MONITOR_REQ_GSSSIGN, MON_ONCE, mm_answer_gss_sign}, |
243 | #endif | 238 | #endif |
244 | {0, 0, NULL} | 239 | {0, 0, NULL} |
@@ -265,52 +260,6 @@ struct mon_table mon_dispatch_postauth20[] = { | |||
265 | {0, 0, NULL} | 260 | {0, 0, NULL} |
266 | }; | 261 | }; |
267 | 262 | ||
268 | struct mon_table mon_dispatch_proto15[] = { | ||
269 | #ifdef WITH_SSH1 | ||
270 | {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow}, | ||
271 | {MONITOR_REQ_SESSKEY, MON_ONCE, mm_answer_sesskey}, | ||
272 | {MONITOR_REQ_SESSID, MON_ONCE, mm_answer_sessid}, | ||
273 | {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword}, | ||
274 | {MONITOR_REQ_RSAKEYALLOWED, MON_ISAUTH|MON_ALOG, mm_answer_rsa_keyallowed}, | ||
275 | {MONITOR_REQ_KEYALLOWED, MON_ISAUTH|MON_ALOG, mm_answer_keyallowed}, | ||
276 | {MONITOR_REQ_RSACHALLENGE, MON_ONCE, mm_answer_rsa_challenge}, | ||
277 | {MONITOR_REQ_RSARESPONSE, MON_ONCE|MON_AUTHDECIDE, mm_answer_rsa_response}, | ||
278 | #ifdef BSD_AUTH | ||
279 | {MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery}, | ||
280 | {MONITOR_REQ_BSDAUTHRESPOND, MON_AUTH, mm_answer_bsdauthrespond}, | ||
281 | #endif | ||
282 | #ifdef SKEY | ||
283 | {MONITOR_REQ_SKEYQUERY, MON_ISAUTH, mm_answer_skeyquery}, | ||
284 | {MONITOR_REQ_SKEYRESPOND, MON_AUTH, mm_answer_skeyrespond}, | ||
285 | #endif | ||
286 | #ifdef USE_PAM | ||
287 | {MONITOR_REQ_PAM_START, MON_ONCE, mm_answer_pam_start}, | ||
288 | {MONITOR_REQ_PAM_ACCOUNT, 0, mm_answer_pam_account}, | ||
289 | {MONITOR_REQ_PAM_INIT_CTX, MON_ISAUTH, mm_answer_pam_init_ctx}, | ||
290 | {MONITOR_REQ_PAM_QUERY, MON_ISAUTH, mm_answer_pam_query}, | ||
291 | {MONITOR_REQ_PAM_RESPOND, MON_ISAUTH, mm_answer_pam_respond}, | ||
292 | {MONITOR_REQ_PAM_FREE_CTX, MON_ONCE|MON_AUTHDECIDE, mm_answer_pam_free_ctx}, | ||
293 | #endif | ||
294 | #ifdef SSH_AUDIT_EVENTS | ||
295 | {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, | ||
296 | #endif | ||
297 | #endif /* WITH_SSH1 */ | ||
298 | {0, 0, NULL} | ||
299 | }; | ||
300 | |||
301 | struct mon_table mon_dispatch_postauth15[] = { | ||
302 | #ifdef WITH_SSH1 | ||
303 | {MONITOR_REQ_PTY, MON_ONCE, mm_answer_pty}, | ||
304 | {MONITOR_REQ_PTYCLEANUP, MON_ONCE, mm_answer_pty_cleanup}, | ||
305 | {MONITOR_REQ_TERM, 0, mm_answer_term}, | ||
306 | #ifdef SSH_AUDIT_EVENTS | ||
307 | {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, | ||
308 | {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT|MON_ONCE, mm_answer_audit_command}, | ||
309 | #endif | ||
310 | #endif /* WITH_SSH1 */ | ||
311 | {0, 0, NULL} | ||
312 | }; | ||
313 | |||
314 | struct mon_table *mon_dispatch; | 263 | struct mon_table *mon_dispatch; |
315 | 264 | ||
316 | /* Specifies if a certain message is allowed at the moment */ | 265 | /* Specifies if a certain message is allowed at the moment */ |
@@ -359,21 +308,14 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor) | |||
359 | 308 | ||
360 | authctxt->loginmsg = &loginmsg; | 309 | authctxt->loginmsg = &loginmsg; |
361 | 310 | ||
362 | if (compat20) { | 311 | mon_dispatch = mon_dispatch_proto20; |
363 | mon_dispatch = mon_dispatch_proto20; | 312 | /* Permit requests for moduli and signatures */ |
364 | 313 | monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1); | |
365 | /* Permit requests for moduli and signatures */ | 314 | monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1); |
366 | monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1); | ||
367 | monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1); | ||
368 | #ifdef GSSAPI | 315 | #ifdef GSSAPI |
369 | /* and for the GSSAPI key exchange */ | 316 | /* and for the GSSAPI key exchange */ |
370 | monitor_permit(mon_dispatch, MONITOR_REQ_GSSSETUP, 1); | 317 | monitor_permit(mon_dispatch, MONITOR_REQ_GSSSETUP, 1); |
371 | #endif | 318 | #endif |
372 | } else { | ||
373 | mon_dispatch = mon_dispatch_proto15; | ||
374 | |||
375 | monitor_permit(mon_dispatch, MONITOR_REQ_SESSKEY, 1); | ||
376 | } | ||
377 | 319 | ||
378 | /* The first few requests do not require asynchronous access */ | 320 | /* The first few requests do not require asynchronous access */ |
379 | while (!authenticated) { | 321 | while (!authenticated) { |
@@ -384,9 +326,6 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor) | |||
384 | 326 | ||
385 | /* Special handling for multiple required authentications */ | 327 | /* Special handling for multiple required authentications */ |
386 | if (options.num_auth_methods != 0) { | 328 | if (options.num_auth_methods != 0) { |
387 | if (!compat20) | ||
388 | fatal("AuthenticationMethods is not supported" | ||
389 | "with SSH protocol 1"); | ||
390 | if (authenticated && | 329 | if (authenticated && |
391 | !auth2_update_methods_lists(authctxt, | 330 | !auth2_update_methods_lists(authctxt, |
392 | auth_method, auth_submethod)) { | 331 | auth_method, auth_submethod)) { |
@@ -470,21 +409,17 @@ monitor_child_postauth(struct monitor *pmonitor) | |||
470 | signal(SIGXFSZ, SIG_IGN); | 409 | signal(SIGXFSZ, SIG_IGN); |
471 | #endif | 410 | #endif |
472 | 411 | ||
473 | if (compat20) { | 412 | mon_dispatch = mon_dispatch_postauth20; |
474 | mon_dispatch = mon_dispatch_postauth20; | ||
475 | 413 | ||
476 | /* Permit requests for moduli and signatures */ | 414 | /* Permit requests for moduli and signatures */ |
477 | monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1); | 415 | monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1); |
478 | monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1); | 416 | monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1); |
479 | monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1); | 417 | monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1); |
480 | #ifdef GSSAPI | 418 | #ifdef GSSAPI |
481 | /* and for the GSSAPI key exchange */ | 419 | /* and for the GSSAPI key exchange */ |
482 | monitor_permit(mon_dispatch, MONITOR_REQ_GSSSETUP, 1); | 420 | monitor_permit(mon_dispatch, MONITOR_REQ_GSSSETUP, 1); |
483 | #endif | 421 | #endif |
484 | } else { | 422 | |
485 | mon_dispatch = mon_dispatch_postauth15; | ||
486 | monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1); | ||
487 | } | ||
488 | if (!no_pty_flag) { | 423 | if (!no_pty_flag) { |
489 | monitor_permit(mon_dispatch, MONITOR_REQ_PTY, 1); | 424 | monitor_permit(mon_dispatch, MONITOR_REQ_PTY, 1); |
490 | monitor_permit(mon_dispatch, MONITOR_REQ_PTYCLEANUP, 1); | 425 | monitor_permit(mon_dispatch, MONITOR_REQ_PTYCLEANUP, 1); |
@@ -494,31 +429,6 @@ monitor_child_postauth(struct monitor *pmonitor) | |||
494 | monitor_read(pmonitor, mon_dispatch, NULL); | 429 | monitor_read(pmonitor, mon_dispatch, NULL); |
495 | } | 430 | } |
496 | 431 | ||
497 | void | ||
498 | monitor_sync(struct monitor *pmonitor) | ||
499 | { | ||
500 | if (options.compression) { | ||
501 | /* The member allocation is not visible, so sync it */ | ||
502 | mm_share_sync(&pmonitor->m_zlib, &pmonitor->m_zback); | ||
503 | } | ||
504 | } | ||
505 | |||
506 | /* Allocation functions for zlib */ | ||
507 | static void * | ||
508 | mm_zalloc(struct mm_master *mm, u_int ncount, u_int size) | ||
509 | { | ||
510 | if (size == 0 || ncount == 0 || ncount > SIZE_MAX / size) | ||
511 | fatal("%s: mm_zalloc(%u, %u)", __func__, ncount, size); | ||
512 | |||
513 | return mm_malloc(mm, size * ncount); | ||
514 | } | ||
515 | |||
516 | static void | ||
517 | mm_zfree(struct mm_master *mm, void *address) | ||
518 | { | ||
519 | mm_free(mm, address); | ||
520 | } | ||
521 | |||
522 | static int | 432 | static int |
523 | monitor_read_log(struct monitor *pmonitor) | 433 | monitor_read_log(struct monitor *pmonitor) |
524 | { | 434 | { |
@@ -864,7 +774,7 @@ mm_answer_pwnamallow(int sock, Buffer *m) | |||
864 | #undef M_CP_STRARRAYOPT | 774 | #undef M_CP_STRARRAYOPT |
865 | 775 | ||
866 | /* Create valid auth method lists */ | 776 | /* Create valid auth method lists */ |
867 | if (compat20 && auth2_setup_methods_lists(authctxt) != 0) { | 777 | if (auth2_setup_methods_lists(authctxt) != 0) { |
868 | /* | 778 | /* |
869 | * The monitor will continue long enough to let the child | 779 | * The monitor will continue long enough to let the child |
870 | * run to it's packet_disconnect(), but it must not allow any | 780 | * run to it's packet_disconnect(), but it must not allow any |
@@ -876,15 +786,11 @@ mm_answer_pwnamallow(int sock, Buffer *m) | |||
876 | debug3("%s: sending MONITOR_ANS_PWNAM: %d", __func__, allowed); | 786 | debug3("%s: sending MONITOR_ANS_PWNAM: %d", __func__, allowed); |
877 | mm_request_send(sock, MONITOR_ANS_PWNAM, m); | 787 | mm_request_send(sock, MONITOR_ANS_PWNAM, m); |
878 | 788 | ||
879 | /* For SSHv1 allow authentication now */ | 789 | /* Allow service/style information on the auth context */ |
880 | if (!compat20) | 790 | monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1); |
881 | monitor_permit_authentications(1); | 791 | monitor_permit(mon_dispatch, MONITOR_REQ_AUTHROLE, 1); |
882 | else { | 792 | monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1); |
883 | /* Allow service/style information on the auth context */ | 793 | |
884 | monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1); | ||
885 | monitor_permit(mon_dispatch, MONITOR_REQ_AUTHROLE, 1); | ||
886 | monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1); | ||
887 | } | ||
888 | #ifdef USE_PAM | 794 | #ifdef USE_PAM |
889 | if (options.use_pam) | 795 | if (options.use_pam) |
890 | monitor_permit(mon_dispatch, MONITOR_REQ_PAM_START, 1); | 796 | monitor_permit(mon_dispatch, MONITOR_REQ_PAM_START, 1); |
@@ -955,6 +861,8 @@ mm_answer_authpassword(int sock, Buffer *m) | |||
955 | int authenticated; | 861 | int authenticated; |
956 | u_int plen; | 862 | u_int plen; |
957 | 863 | ||
864 | if (!options.password_authentication) | ||
865 | fatal("%s: password authentication not enabled", __func__); | ||
958 | passwd = buffer_get_string(m, &plen); | 866 | passwd = buffer_get_string(m, &plen); |
959 | /* Only authenticate if the context is valid */ | 867 | /* Only authenticate if the context is valid */ |
960 | authenticated = options.password_authentication && | 868 | authenticated = options.password_authentication && |
@@ -991,6 +899,8 @@ mm_answer_bsdauthquery(int sock, Buffer *m) | |||
991 | char **prompts; | 899 | char **prompts; |
992 | u_int success; | 900 | u_int success; |
993 | 901 | ||
902 | if (!options.kbd_interactive_authentication) | ||
903 | fatal("%s: kbd-int authentication not enabled", __func__); | ||
994 | success = bsdauth_query(authctxt, &name, &infotxt, &numprompts, | 904 | success = bsdauth_query(authctxt, &name, &infotxt, &numprompts, |
995 | &prompts, &echo_on) < 0 ? 0 : 1; | 905 | &prompts, &echo_on) < 0 ? 0 : 1; |
996 | 906 | ||
@@ -1018,6 +928,8 @@ mm_answer_bsdauthrespond(int sock, Buffer *m) | |||
1018 | char *response; | 928 | char *response; |
1019 | int authok; | 929 | int authok; |
1020 | 930 | ||
931 | if (!options.kbd_interactive_authentication) | ||
932 | fatal("%s: kbd-int authentication not enabled", __func__); | ||
1021 | if (authctxt->as == NULL) | 933 | if (authctxt->as == NULL) |
1022 | fatal("%s: no bsd auth session", __func__); | 934 | fatal("%s: no bsd auth session", __func__); |
1023 | 935 | ||
@@ -1034,11 +946,8 @@ mm_answer_bsdauthrespond(int sock, Buffer *m) | |||
1034 | debug3("%s: sending authenticated: %d", __func__, authok); | 946 | debug3("%s: sending authenticated: %d", __func__, authok); |
1035 | mm_request_send(sock, MONITOR_ANS_BSDAUTHRESPOND, m); | 947 | mm_request_send(sock, MONITOR_ANS_BSDAUTHRESPOND, m); |
1036 | 948 | ||
1037 | if (compat20) { | 949 | auth_method = "keyboard-interactive"; |
1038 | auth_method = "keyboard-interactive"; | 950 | auth_submethod = "bsdauth"; |
1039 | auth_submethod = "bsdauth"; | ||
1040 | } else | ||
1041 | auth_method = "bsdauth"; | ||
1042 | 951 | ||
1043 | return (authok != 0); | 952 | return (authok != 0); |
1044 | } | 953 | } |
@@ -1104,6 +1013,8 @@ mm_answer_pam_start(int sock, Buffer *m) | |||
1104 | start_pam(authctxt); | 1013 | start_pam(authctxt); |
1105 | 1014 | ||
1106 | monitor_permit(mon_dispatch, MONITOR_REQ_PAM_ACCOUNT, 1); | 1015 | monitor_permit(mon_dispatch, MONITOR_REQ_PAM_ACCOUNT, 1); |
1016 | if (options.kbd_interactive_authentication) | ||
1017 | monitor_permit(mon_dispatch, MONITOR_REQ_PAM_INIT_CTX, 1); | ||
1107 | 1018 | ||
1108 | return (0); | 1019 | return (0); |
1109 | } | 1020 | } |
@@ -1114,7 +1025,7 @@ mm_answer_pam_account(int sock, Buffer *m) | |||
1114 | u_int ret; | 1025 | u_int ret; |
1115 | 1026 | ||
1116 | if (!options.use_pam) | 1027 | if (!options.use_pam) |
1117 | fatal("UsePAM not set, but ended up in %s anyway", __func__); | 1028 | fatal("%s: PAM not enabled", __func__); |
1118 | 1029 | ||
1119 | ret = do_pam_account(); | 1030 | ret = do_pam_account(); |
1120 | 1031 | ||
@@ -1133,11 +1044,16 @@ int | |||
1133 | mm_answer_pam_init_ctx(int sock, Buffer *m) | 1044 | mm_answer_pam_init_ctx(int sock, Buffer *m) |
1134 | { | 1045 | { |
1135 | debug3("%s", __func__); | 1046 | debug3("%s", __func__); |
1047 | if (!options.kbd_interactive_authentication) | ||
1048 | fatal("%s: kbd-int authentication not enabled", __func__); | ||
1049 | if (sshpam_ctxt != NULL) | ||
1050 | fatal("%s: already called", __func__); | ||
1136 | sshpam_ctxt = (sshpam_device.init_ctx)(authctxt); | 1051 | sshpam_ctxt = (sshpam_device.init_ctx)(authctxt); |
1137 | sshpam_authok = NULL; | 1052 | sshpam_authok = NULL; |
1138 | buffer_clear(m); | 1053 | buffer_clear(m); |
1139 | if (sshpam_ctxt != NULL) { | 1054 | if (sshpam_ctxt != NULL) { |
1140 | monitor_permit(mon_dispatch, MONITOR_REQ_PAM_FREE_CTX, 1); | 1055 | monitor_permit(mon_dispatch, MONITOR_REQ_PAM_FREE_CTX, 1); |
1056 | monitor_permit(mon_dispatch, MONITOR_REQ_PAM_QUERY, 1); | ||
1141 | buffer_put_int(m, 1); | 1057 | buffer_put_int(m, 1); |
1142 | } else { | 1058 | } else { |
1143 | buffer_put_int(m, 0); | 1059 | buffer_put_int(m, 0); |
@@ -1155,11 +1071,15 @@ mm_answer_pam_query(int sock, Buffer *m) | |||
1155 | 1071 | ||
1156 | debug3("%s", __func__); | 1072 | debug3("%s", __func__); |
1157 | sshpam_authok = NULL; | 1073 | sshpam_authok = NULL; |
1158 | ret = (sshpam_device.query)(sshpam_ctxt, &name, &info, &num, &prompts, &echo_on); | 1074 | if (sshpam_ctxt == NULL) |
1075 | fatal("%s: no context", __func__); | ||
1076 | ret = (sshpam_device.query)(sshpam_ctxt, &name, &info, | ||
1077 | &num, &prompts, &echo_on); | ||
1159 | if (ret == 0 && num == 0) | 1078 | if (ret == 0 && num == 0) |
1160 | sshpam_authok = sshpam_ctxt; | 1079 | sshpam_authok = sshpam_ctxt; |
1161 | if (num > 1 || name == NULL || info == NULL) | 1080 | if (num > 1 || name == NULL || info == NULL) |
1162 | ret = -1; | 1081 | fatal("sshpam_device.query failed"); |
1082 | monitor_permit(mon_dispatch, MONITOR_REQ_PAM_RESPOND, 1); | ||
1163 | buffer_clear(m); | 1083 | buffer_clear(m); |
1164 | buffer_put_int(m, ret); | 1084 | buffer_put_int(m, ret); |
1165 | buffer_put_cstring(m, name); | 1085 | buffer_put_cstring(m, name); |
@@ -1189,6 +1109,8 @@ mm_answer_pam_respond(int sock, Buffer *m) | |||
1189 | int ret; | 1109 | int ret; |
1190 | 1110 | ||
1191 | debug3("%s", __func__); | 1111 | debug3("%s", __func__); |
1112 | if (sshpam_ctxt == NULL) | ||
1113 | fatal("%s: no context", __func__); | ||
1192 | sshpam_authok = NULL; | 1114 | sshpam_authok = NULL; |
1193 | num = buffer_get_int(m); | 1115 | num = buffer_get_int(m); |
1194 | if (num > 0) { | 1116 | if (num > 0) { |
@@ -1218,10 +1140,14 @@ mm_answer_pam_free_ctx(int sock, Buffer *m) | |||
1218 | int r = sshpam_authok != NULL && sshpam_authok == sshpam_ctxt; | 1140 | int r = sshpam_authok != NULL && sshpam_authok == sshpam_ctxt; |
1219 | 1141 | ||
1220 | debug3("%s", __func__); | 1142 | debug3("%s", __func__); |
1143 | if (sshpam_ctxt == NULL) | ||
1144 | fatal("%s: no context", __func__); | ||
1221 | (sshpam_device.free_ctx)(sshpam_ctxt); | 1145 | (sshpam_device.free_ctx)(sshpam_ctxt); |
1222 | sshpam_ctxt = sshpam_authok = NULL; | 1146 | sshpam_ctxt = sshpam_authok = NULL; |
1223 | buffer_clear(m); | 1147 | buffer_clear(m); |
1224 | mm_request_send(sock, MONITOR_ANS_PAM_FREE_CTX, m); | 1148 | mm_request_send(sock, MONITOR_ANS_PAM_FREE_CTX, m); |
1149 | /* Allow another attempt */ | ||
1150 | monitor_permit(mon_dispatch, MONITOR_REQ_PAM_INIT_CTX, 1); | ||
1225 | auth_method = "keyboard-interactive"; | 1151 | auth_method = "keyboard-interactive"; |
1226 | auth_submethod = "pam"; | 1152 | auth_submethod = "pam"; |
1227 | return r; | 1153 | return r; |
@@ -1248,10 +1174,6 @@ mm_answer_keyallowed(int sock, Buffer *m) | |||
1248 | 1174 | ||
1249 | key = key_from_blob(blob, bloblen); | 1175 | key = key_from_blob(blob, bloblen); |
1250 | 1176 | ||
1251 | if ((compat20 && type == MM_RSAHOSTKEY) || | ||
1252 | (!compat20 && type != MM_RSAHOSTKEY)) | ||
1253 | fatal("%s: key type and protocol mismatch", __func__); | ||
1254 | |||
1255 | debug3("%s: key_from_blob: %p", __func__, key); | 1177 | debug3("%s: key_from_blob: %p", __func__, key); |
1256 | 1178 | ||
1257 | if (key != NULL && authctxt->valid) { | 1179 | if (key != NULL && authctxt->valid) { |
@@ -1285,17 +1207,6 @@ mm_answer_keyallowed(int sock, Buffer *m) | |||
1285 | cuser, chost); | 1207 | cuser, chost); |
1286 | auth_method = "hostbased"; | 1208 | auth_method = "hostbased"; |
1287 | break; | 1209 | break; |
1288 | #ifdef WITH_SSH1 | ||
1289 | case MM_RSAHOSTKEY: | ||
1290 | key->type = KEY_RSA1; /* XXX */ | ||
1291 | allowed = options.rhosts_rsa_authentication && | ||
1292 | auth_rhosts_rsa_key_allowed(authctxt->pw, | ||
1293 | cuser, chost, key); | ||
1294 | if (options.rhosts_rsa_authentication && allowed != 1) | ||
1295 | auth_clear_options(); | ||
1296 | auth_method = "rsa"; | ||
1297 | break; | ||
1298 | #endif | ||
1299 | default: | 1210 | default: |
1300 | fatal("%s: unknown key type %d", __func__, type); | 1211 | fatal("%s: unknown key type %d", __func__, type); |
1301 | break; | 1212 | break; |
@@ -1332,9 +1243,6 @@ mm_answer_keyallowed(int sock, Buffer *m) | |||
1332 | 1243 | ||
1333 | mm_request_send(sock, MONITOR_ANS_KEYALLOWED, m); | 1244 | mm_request_send(sock, MONITOR_ANS_KEYALLOWED, m); |
1334 | 1245 | ||
1335 | if (type == MM_RSAHOSTKEY) | ||
1336 | monitor_permit(mon_dispatch, MONITOR_REQ_RSACHALLENGE, allowed); | ||
1337 | |||
1338 | return (0); | 1246 | return (0); |
1339 | } | 1247 | } |
1340 | 1248 | ||
@@ -1527,9 +1435,6 @@ mm_record_login(Session *s, struct passwd *pw) | |||
1527 | socklen_t fromlen; | 1435 | socklen_t fromlen; |
1528 | struct sockaddr_storage from; | 1436 | struct sockaddr_storage from; |
1529 | 1437 | ||
1530 | if (options.use_login) | ||
1531 | return; | ||
1532 | |||
1533 | /* | 1438 | /* |
1534 | * Get IP address of client. If the connection is not a socket, let | 1439 | * Get IP address of client. If the connection is not a socket, let |
1535 | * the address be 0.0.0.0. | 1440 | * the address be 0.0.0.0. |
@@ -1643,186 +1548,6 @@ mm_answer_pty_cleanup(int sock, Buffer *m) | |||
1643 | return (0); | 1548 | return (0); |
1644 | } | 1549 | } |
1645 | 1550 | ||
1646 | #ifdef WITH_SSH1 | ||
1647 | int | ||
1648 | mm_answer_sesskey(int sock, Buffer *m) | ||
1649 | { | ||
1650 | BIGNUM *p; | ||
1651 | int rsafail; | ||
1652 | |||
1653 | /* Turn off permissions */ | ||
1654 | monitor_permit(mon_dispatch, MONITOR_REQ_SESSKEY, 0); | ||
1655 | |||
1656 | if ((p = BN_new()) == NULL) | ||
1657 | fatal("%s: BN_new", __func__); | ||
1658 | |||
1659 | buffer_get_bignum2(m, p); | ||
1660 | |||
1661 | rsafail = ssh1_session_key(p); | ||
1662 | |||
1663 | buffer_clear(m); | ||
1664 | buffer_put_int(m, rsafail); | ||
1665 | buffer_put_bignum2(m, p); | ||
1666 | |||
1667 | BN_clear_free(p); | ||
1668 | |||
1669 | mm_request_send(sock, MONITOR_ANS_SESSKEY, m); | ||
1670 | |||
1671 | /* Turn on permissions for sessid passing */ | ||
1672 | monitor_permit(mon_dispatch, MONITOR_REQ_SESSID, 1); | ||
1673 | |||
1674 | return (0); | ||
1675 | } | ||
1676 | |||
1677 | int | ||
1678 | mm_answer_sessid(int sock, Buffer *m) | ||
1679 | { | ||
1680 | int i; | ||
1681 | |||
1682 | debug3("%s entering", __func__); | ||
1683 | |||
1684 | if (buffer_len(m) != 16) | ||
1685 | fatal("%s: bad ssh1 session id", __func__); | ||
1686 | for (i = 0; i < 16; i++) | ||
1687 | session_id[i] = buffer_get_char(m); | ||
1688 | |||
1689 | /* Turn on permissions for getpwnam */ | ||
1690 | monitor_permit(mon_dispatch, MONITOR_REQ_PWNAM, 1); | ||
1691 | |||
1692 | return (0); | ||
1693 | } | ||
1694 | |||
1695 | int | ||
1696 | mm_answer_rsa_keyallowed(int sock, Buffer *m) | ||
1697 | { | ||
1698 | BIGNUM *client_n; | ||
1699 | Key *key = NULL; | ||
1700 | u_char *blob = NULL; | ||
1701 | u_int blen = 0; | ||
1702 | int allowed = 0; | ||
1703 | |||
1704 | debug3("%s entering", __func__); | ||
1705 | |||
1706 | auth_method = "rsa"; | ||
1707 | if (options.rsa_authentication && authctxt->valid) { | ||
1708 | if ((client_n = BN_new()) == NULL) | ||
1709 | fatal("%s: BN_new", __func__); | ||
1710 | buffer_get_bignum2(m, client_n); | ||
1711 | allowed = auth_rsa_key_allowed(authctxt->pw, client_n, &key); | ||
1712 | BN_clear_free(client_n); | ||
1713 | } | ||
1714 | buffer_clear(m); | ||
1715 | buffer_put_int(m, allowed); | ||
1716 | buffer_put_int(m, forced_command != NULL); | ||
1717 | |||
1718 | /* clear temporarily storage (used by generate challenge) */ | ||
1719 | monitor_reset_key_state(); | ||
1720 | |||
1721 | if (allowed && key != NULL) { | ||
1722 | key->type = KEY_RSA; /* cheat for key_to_blob */ | ||
1723 | if (key_to_blob(key, &blob, &blen) == 0) | ||
1724 | fatal("%s: key_to_blob failed", __func__); | ||
1725 | buffer_put_string(m, blob, blen); | ||
1726 | |||
1727 | /* Save temporarily for comparison in verify */ | ||
1728 | key_blob = blob; | ||
1729 | key_bloblen = blen; | ||
1730 | key_blobtype = MM_RSAUSERKEY; | ||
1731 | } | ||
1732 | if (key != NULL) | ||
1733 | key_free(key); | ||
1734 | |||
1735 | mm_request_send(sock, MONITOR_ANS_RSAKEYALLOWED, m); | ||
1736 | |||
1737 | monitor_permit(mon_dispatch, MONITOR_REQ_RSACHALLENGE, allowed); | ||
1738 | monitor_permit(mon_dispatch, MONITOR_REQ_RSARESPONSE, 0); | ||
1739 | return (0); | ||
1740 | } | ||
1741 | |||
1742 | int | ||
1743 | mm_answer_rsa_challenge(int sock, Buffer *m) | ||
1744 | { | ||
1745 | Key *key = NULL; | ||
1746 | u_char *blob; | ||
1747 | u_int blen; | ||
1748 | |||
1749 | debug3("%s entering", __func__); | ||
1750 | |||
1751 | if (!authctxt->valid) | ||
1752 | fatal("%s: authctxt not valid", __func__); | ||
1753 | blob = buffer_get_string(m, &blen); | ||
1754 | if (!monitor_allowed_key(blob, blen)) | ||
1755 | fatal("%s: bad key, not previously allowed", __func__); | ||
1756 | if (key_blobtype != MM_RSAUSERKEY && key_blobtype != MM_RSAHOSTKEY) | ||
1757 | fatal("%s: key type mismatch", __func__); | ||
1758 | if ((key = key_from_blob(blob, blen)) == NULL) | ||
1759 | fatal("%s: received bad key", __func__); | ||
1760 | if (key->type != KEY_RSA) | ||
1761 | fatal("%s: received bad key type %d", __func__, key->type); | ||
1762 | key->type = KEY_RSA1; | ||
1763 | if (ssh1_challenge) | ||
1764 | BN_clear_free(ssh1_challenge); | ||
1765 | ssh1_challenge = auth_rsa_generate_challenge(key); | ||
1766 | |||
1767 | buffer_clear(m); | ||
1768 | buffer_put_bignum2(m, ssh1_challenge); | ||
1769 | |||
1770 | debug3("%s sending reply", __func__); | ||
1771 | mm_request_send(sock, MONITOR_ANS_RSACHALLENGE, m); | ||
1772 | |||
1773 | monitor_permit(mon_dispatch, MONITOR_REQ_RSARESPONSE, 1); | ||
1774 | |||
1775 | free(blob); | ||
1776 | key_free(key); | ||
1777 | return (0); | ||
1778 | } | ||
1779 | |||
1780 | int | ||
1781 | mm_answer_rsa_response(int sock, Buffer *m) | ||
1782 | { | ||
1783 | Key *key = NULL; | ||
1784 | u_char *blob, *response; | ||
1785 | u_int blen, len; | ||
1786 | int success; | ||
1787 | |||
1788 | debug3("%s entering", __func__); | ||
1789 | |||
1790 | if (!authctxt->valid) | ||
1791 | fatal("%s: authctxt not valid", __func__); | ||
1792 | if (ssh1_challenge == NULL) | ||
1793 | fatal("%s: no ssh1_challenge", __func__); | ||
1794 | |||
1795 | blob = buffer_get_string(m, &blen); | ||
1796 | if (!monitor_allowed_key(blob, blen)) | ||
1797 | fatal("%s: bad key, not previously allowed", __func__); | ||
1798 | if (key_blobtype != MM_RSAUSERKEY && key_blobtype != MM_RSAHOSTKEY) | ||
1799 | fatal("%s: key type mismatch: %d", __func__, key_blobtype); | ||
1800 | if ((key = key_from_blob(blob, blen)) == NULL) | ||
1801 | fatal("%s: received bad key", __func__); | ||
1802 | response = buffer_get_string(m, &len); | ||
1803 | if (len != 16) | ||
1804 | fatal("%s: received bad response to challenge", __func__); | ||
1805 | success = auth_rsa_verify_response(key, ssh1_challenge, response); | ||
1806 | |||
1807 | free(blob); | ||
1808 | key_free(key); | ||
1809 | free(response); | ||
1810 | |||
1811 | auth_method = key_blobtype == MM_RSAUSERKEY ? "rsa" : "rhosts-rsa"; | ||
1812 | |||
1813 | /* reset state */ | ||
1814 | BN_clear_free(ssh1_challenge); | ||
1815 | ssh1_challenge = NULL; | ||
1816 | monitor_reset_key_state(); | ||
1817 | |||
1818 | buffer_clear(m); | ||
1819 | buffer_put_int(m, success); | ||
1820 | mm_request_send(sock, MONITOR_ANS_RSARESPONSE, m); | ||
1821 | |||
1822 | return (success); | ||
1823 | } | ||
1824 | #endif | ||
1825 | |||
1826 | int | 1551 | int |
1827 | mm_answer_term(int sock, Buffer *req) | 1552 | mm_answer_term(int sock, Buffer *req) |
1828 | { | 1553 | { |
@@ -1931,13 +1656,6 @@ monitor_apply_keystate(struct monitor *pmonitor) | |||
1931 | kex->host_key_index=&get_hostkey_index; | 1656 | kex->host_key_index=&get_hostkey_index; |
1932 | kex->sign = sshd_hostkey_sign; | 1657 | kex->sign = sshd_hostkey_sign; |
1933 | } | 1658 | } |
1934 | |||
1935 | /* Update with new address */ | ||
1936 | if (options.compression) { | ||
1937 | ssh_packet_set_compress_hooks(ssh, pmonitor->m_zlib, | ||
1938 | (ssh_packet_comp_alloc_func *)mm_zalloc, | ||
1939 | (ssh_packet_comp_free_func *)mm_zfree); | ||
1940 | } | ||
1941 | } | 1659 | } |
1942 | 1660 | ||
1943 | /* This function requries careful sanity checking */ | 1661 | /* This function requries careful sanity checking */ |
@@ -1990,24 +1708,11 @@ monitor_openfds(struct monitor *mon, int do_logfds) | |||
1990 | struct monitor * | 1708 | struct monitor * |
1991 | monitor_init(void) | 1709 | monitor_init(void) |
1992 | { | 1710 | { |
1993 | struct ssh *ssh = active_state; /* XXX */ | ||
1994 | struct monitor *mon; | 1711 | struct monitor *mon; |
1995 | 1712 | ||
1996 | mon = xcalloc(1, sizeof(*mon)); | 1713 | mon = xcalloc(1, sizeof(*mon)); |
1997 | |||
1998 | monitor_openfds(mon, 1); | 1714 | monitor_openfds(mon, 1); |
1999 | 1715 | ||
2000 | /* Used to share zlib space across processes */ | ||
2001 | if (options.compression) { | ||
2002 | mon->m_zback = mm_create(NULL, MM_MEMSIZE); | ||
2003 | mon->m_zlib = mm_create(mon->m_zback, 20 * MM_MEMSIZE); | ||
2004 | |||
2005 | /* Compression needs to share state across borders */ | ||
2006 | ssh_packet_set_compress_hooks(ssh, mon->m_zlib, | ||
2007 | (ssh_packet_comp_alloc_func *)mm_zalloc, | ||
2008 | (ssh_packet_comp_free_func *)mm_zfree); | ||
2009 | } | ||
2010 | |||
2011 | return mon; | 1716 | return mon; |
2012 | } | 1717 | } |
2013 | 1718 | ||
@@ -2026,7 +1731,7 @@ mm_answer_gss_setup_ctx(int sock, Buffer *m) | |||
2026 | u_int len; | 1731 | u_int len; |
2027 | 1732 | ||
2028 | if (!options.gss_authentication && !options.gss_keyex) | 1733 | if (!options.gss_authentication && !options.gss_keyex) |
2029 | fatal("In GSSAPI monitor when GSSAPI is disabled"); | 1734 | fatal("%s: GSSAPI not enabled", __func__); |
2030 | 1735 | ||
2031 | goid.elements = buffer_get_string(m, &len); | 1736 | goid.elements = buffer_get_string(m, &len); |
2032 | goid.length = len; | 1737 | goid.length = len; |
@@ -2056,7 +1761,7 @@ mm_answer_gss_accept_ctx(int sock, Buffer *m) | |||
2056 | u_int len; | 1761 | u_int len; |
2057 | 1762 | ||
2058 | if (!options.gss_authentication && !options.gss_keyex) | 1763 | if (!options.gss_authentication && !options.gss_keyex) |
2059 | fatal("In GSSAPI monitor when GSSAPI is disabled"); | 1764 | fatal("%s: GSSAPI not enabled", __func__); |
2060 | 1765 | ||
2061 | in.value = buffer_get_string(m, &len); | 1766 | in.value = buffer_get_string(m, &len); |
2062 | in.length = len; | 1767 | in.length = len; |
@@ -2088,7 +1793,7 @@ mm_answer_gss_checkmic(int sock, Buffer *m) | |||
2088 | u_int len; | 1793 | u_int len; |
2089 | 1794 | ||
2090 | if (!options.gss_authentication && !options.gss_keyex) | 1795 | if (!options.gss_authentication && !options.gss_keyex) |
2091 | fatal("In GSSAPI monitor when GSSAPI is disabled"); | 1796 | fatal("%s: GSSAPI not enabled", __func__); |
2092 | 1797 | ||
2093 | gssbuf.value = buffer_get_string(m, &len); | 1798 | gssbuf.value = buffer_get_string(m, &len); |
2094 | gssbuf.length = len; | 1799 | gssbuf.length = len; |
@@ -2117,7 +1822,7 @@ mm_answer_gss_userok(int sock, Buffer *m) | |||
2117 | int authenticated; | 1822 | int authenticated; |
2118 | 1823 | ||
2119 | if (!options.gss_authentication && !options.gss_keyex) | 1824 | if (!options.gss_authentication && !options.gss_keyex) |
2120 | fatal("In GSSAPI monitor when GSSAPI is disabled"); | 1825 | fatal("%s: GSSAPI not enabled", __func__); |
2121 | 1826 | ||
2122 | authenticated = authctxt->valid && | 1827 | authenticated = authctxt->valid && |
2123 | ssh_gssapi_userok(authctxt->user, authctxt->pw); | 1828 | ssh_gssapi_userok(authctxt->user, authctxt->pw); |
@@ -2143,7 +1848,7 @@ mm_answer_gss_sign(int socket, Buffer *m) | |||
2143 | u_int len; | 1848 | u_int len; |
2144 | 1849 | ||
2145 | if (!options.gss_authentication && !options.gss_keyex) | 1850 | if (!options.gss_authentication && !options.gss_keyex) |
2146 | fatal("In GSSAPI monitor when GSSAPI is disabled"); | 1851 | fatal("%s: GSSAPI not enabled", __func__); |
2147 | 1852 | ||
2148 | data.value = buffer_get_string(m, &len); | 1853 | data.value = buffer_get_string(m, &len); |
2149 | data.length = len; | 1854 | data.length = len; |
@@ -2183,6 +1888,9 @@ mm_answer_gss_updatecreds(int socket, Buffer *m) { | |||
2183 | ssh_gssapi_ccache store; | 1888 | ssh_gssapi_ccache store; |
2184 | int ok; | 1889 | int ok; |
2185 | 1890 | ||
1891 | if (!options.gss_authentication && !options.gss_keyex) | ||
1892 | fatal("%s: GSSAPI not enabled", __func__); | ||
1893 | |||
2186 | store.filename = buffer_get_string(m, NULL); | 1894 | store.filename = buffer_get_string(m, NULL); |
2187 | store.envvar = buffer_get_string(m, NULL); | 1895 | store.envvar = buffer_get_string(m, NULL); |
2188 | store.envval = buffer_get_string(m, NULL); | 1896 | store.envval = buffer_get_string(m, NULL); |