summaryrefslogtreecommitdiff
path: root/monitor_wrap.c
diff options
context:
space:
mode:
Diffstat (limited to 'monitor_wrap.c')
-rw-r--r--monitor_wrap.c151
1 files changed, 1 insertions, 150 deletions
diff --git a/monitor_wrap.c b/monitor_wrap.c
index 99dc13b61..64ff92885 100644
--- a/monitor_wrap.c
+++ b/monitor_wrap.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: monitor_wrap.c,v 1.88 2016/03/07 19:02:43 djm Exp $ */ 1/* $OpenBSD: monitor_wrap.c,v 1.89 2016/08/13 17:47:41 markus Exp $ */
2/* 2/*
3 * Copyright 2002 Niels Provos <provos@citi.umich.edu> 3 * Copyright 2002 Niels Provos <provos@citi.umich.edu>
4 * Copyright 2002 Markus Friedl <markus@openbsd.org> 4 * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -85,7 +85,6 @@
85#include "ssherr.h" 85#include "ssherr.h"
86 86
87/* Imports */ 87/* Imports */
88extern int compat20;
89extern z_stream incoming_stream; 88extern z_stream incoming_stream;
90extern z_stream outgoing_stream; 89extern z_stream outgoing_stream;
91extern struct monitor *pmonitor; 90extern struct monitor *pmonitor;
@@ -389,18 +388,6 @@ mm_hostbased_key_allowed(struct passwd *pw, const char *user, const char *host,
389} 388}
390 389
391int 390int
392mm_auth_rhosts_rsa_key_allowed(struct passwd *pw, const char *user,
393 const char *host, Key *key)
394{
395 int ret;
396
397 key->type = KEY_RSA; /* XXX hack for key_to_blob */
398 ret = mm_key_allowed(MM_RSAHOSTKEY, user, host, key, 0);
399 key->type = KEY_RSA1;
400 return (ret);
401}
402
403int
404mm_key_allowed(enum mm_keytype type, const char *user, const char *host, 391mm_key_allowed(enum mm_keytype type, const char *user, const char *host,
405 Key *key, int pubkey_auth_attempt) 392 Key *key, int pubkey_auth_attempt)
406{ 393{
@@ -710,28 +697,6 @@ mm_terminate(void)
710 buffer_free(&m); 697 buffer_free(&m);
711} 698}
712 699
713#ifdef WITH_SSH1
714int
715mm_ssh1_session_key(BIGNUM *num)
716{
717 int rsafail;
718 Buffer m;
719
720 buffer_init(&m);
721 buffer_put_bignum2(&m, num);
722 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SESSKEY, &m);
723
724 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_SESSKEY, &m);
725
726 rsafail = buffer_get_int(&m);
727 buffer_get_bignum2(&m, num);
728
729 buffer_free(&m);
730
731 return (rsafail);
732}
733#endif
734
735static void 700static void
736mm_chall_setup(char **name, char **infotxt, u_int *numprompts, 701mm_chall_setup(char **name, char **infotxt, u_int *numprompts,
737 char ***prompts, u_int **echo_on) 702 char ***prompts, u_int **echo_on)
@@ -862,120 +827,6 @@ mm_skey_respond(void *ctx, u_int numresponses, char **responses)
862} 827}
863#endif /* SKEY */ 828#endif /* SKEY */
864 829
865void
866mm_ssh1_session_id(u_char session_id[16])
867{
868 Buffer m;
869 int i;
870
871 debug3("%s entering", __func__);
872
873 buffer_init(&m);
874 for (i = 0; i < 16; i++)
875 buffer_put_char(&m, session_id[i]);
876
877 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SESSID, &m);
878 buffer_free(&m);
879}
880
881#ifdef WITH_SSH1
882int
883mm_auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
884{
885 Buffer m;
886 Key *key;
887 u_char *blob;
888 u_int blen;
889 int allowed = 0, have_forced = 0;
890
891 debug3("%s entering", __func__);
892
893 buffer_init(&m);
894 buffer_put_bignum2(&m, client_n);
895
896 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_RSAKEYALLOWED, &m);
897 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_RSAKEYALLOWED, &m);
898
899 allowed = buffer_get_int(&m);
900
901 /* fake forced command */
902 auth_clear_options();
903 have_forced = buffer_get_int(&m);
904 forced_command = have_forced ? xstrdup("true") : NULL;
905
906 if (allowed && rkey != NULL) {
907 blob = buffer_get_string(&m, &blen);
908 if ((key = key_from_blob(blob, blen)) == NULL)
909 fatal("%s: key_from_blob failed", __func__);
910 *rkey = key;
911 free(blob);
912 }
913 buffer_free(&m);
914
915 return (allowed);
916}
917
918BIGNUM *
919mm_auth_rsa_generate_challenge(Key *key)
920{
921 Buffer m;
922 BIGNUM *challenge;
923 u_char *blob;
924 u_int blen;
925
926 debug3("%s entering", __func__);
927
928 if ((challenge = BN_new()) == NULL)
929 fatal("%s: BN_new failed", __func__);
930
931 key->type = KEY_RSA; /* XXX cheat for key_to_blob */
932 if (key_to_blob(key, &blob, &blen) == 0)
933 fatal("%s: key_to_blob failed", __func__);
934 key->type = KEY_RSA1;
935
936 buffer_init(&m);
937 buffer_put_string(&m, blob, blen);
938 free(blob);
939
940 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_RSACHALLENGE, &m);
941 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_RSACHALLENGE, &m);
942
943 buffer_get_bignum2(&m, challenge);
944 buffer_free(&m);
945
946 return (challenge);
947}
948
949int
950mm_auth_rsa_verify_response(Key *key, BIGNUM *p, u_char response[16])
951{
952 Buffer m;
953 u_char *blob;
954 u_int blen;
955 int success = 0;
956
957 debug3("%s entering", __func__);
958
959 key->type = KEY_RSA; /* XXX cheat for key_to_blob */
960 if (key_to_blob(key, &blob, &blen) == 0)
961 fatal("%s: key_to_blob failed", __func__);
962 key->type = KEY_RSA1;
963
964 buffer_init(&m);
965 buffer_put_string(&m, blob, blen);
966 buffer_put_string(&m, response, 16);
967 free(blob);
968
969 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_RSARESPONSE, &m);
970 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_RSARESPONSE, &m);
971
972 success = buffer_get_int(&m);
973 buffer_free(&m);
974
975 return (success);
976}
977#endif
978
979#ifdef SSH_AUDIT_EVENTS 830#ifdef SSH_AUDIT_EVENTS
980void 831void
981mm_audit_event(ssh_audit_event_t event) 832mm_audit_event(ssh_audit_event_t event)