summaryrefslogtreecommitdiff
path: root/monitor_wrap.c
diff options
context:
space:
mode:
Diffstat (limited to 'monitor_wrap.c')
-rw-r--r--monitor_wrap.c191
1 files changed, 188 insertions, 3 deletions
diff --git a/monitor_wrap.c b/monitor_wrap.c
index b559c77bf..5f608b3b6 100644
--- a/monitor_wrap.c
+++ b/monitor_wrap.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: monitor_wrap.c,v 1.63 2008/07/10 18:08:11 markus Exp $ */ 1/* $OpenBSD: monitor_wrap.c,v 1.64 2008/11/04 08:22:13 djm Exp $ */
2/* 2/*
3 * Copyright 2002 Niels Provos <provos@citi.umich.edu> 3 * Copyright 2002 Niels Provos <provos@citi.umich.edu>
4 * Copyright 2002 Markus Friedl <markus@openbsd.org> 4 * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -40,6 +40,7 @@
40 40
41#include <openssl/bn.h> 41#include <openssl/bn.h>
42#include <openssl/dh.h> 42#include <openssl/dh.h>
43#include <openssl/evp.h>
43 44
44#include "openbsd-compat/sys-queue.h" 45#include "openbsd-compat/sys-queue.h"
45#include "xmalloc.h" 46#include "xmalloc.h"
@@ -70,7 +71,7 @@
70#include "atomicio.h" 71#include "atomicio.h"
71#include "monitor_fdpass.h" 72#include "monitor_fdpass.h"
72#include "misc.h" 73#include "misc.h"
73#include "servconf.h" 74#include "jpake.h"
74 75
75#include "channels.h" 76#include "channels.h"
76#include "session.h" 77#include "session.h"
@@ -1238,7 +1239,7 @@ mm_ssh_gssapi_checkmic(Gssctxt *ctx, gss_buffer_t gssbuf, gss_buffer_t gssmic)
1238} 1239}
1239 1240
1240int 1241int
1241mm_ssh_gssapi_userok(char *user) 1242mm_ssh_gssapi_userok(char *user, struct passwd *pw)
1242{ 1243{
1243 Buffer m; 1244 Buffer m;
1244 int authenticated = 0; 1245 int authenticated = 0;
@@ -1278,4 +1279,188 @@ mm_ssh_gssapi_sign(Gssctxt *ctx, gss_buffer_desc *data, gss_buffer_desc *hash)
1278 return(major); 1279 return(major);
1279} 1280}
1280 1281
1282int
1283mm_ssh_gssapi_update_creds(ssh_gssapi_ccache *store)
1284{
1285 Buffer m;
1286 int ok;
1287
1288 buffer_init(&m);
1289
1290 buffer_put_cstring(&m, store->filename ? store->filename : "");
1291 buffer_put_cstring(&m, store->envvar ? store->envvar : "");
1292 buffer_put_cstring(&m, store->envval ? store->envval : "");
1293
1294 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSUPCREDS, &m);
1295 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSUPCREDS, &m);
1296
1297 ok = buffer_get_int(&m);
1298
1299 buffer_free(&m);
1300
1301 return (ok);
1302}
1303
1281#endif /* GSSAPI */ 1304#endif /* GSSAPI */
1305
1306#ifdef JPAKE
1307void
1308mm_auth2_jpake_get_pwdata(Authctxt *authctxt, BIGNUM **s,
1309 char **hash_scheme, char **salt)
1310{
1311 Buffer m;
1312
1313 debug3("%s entering", __func__);
1314
1315 buffer_init(&m);
1316 mm_request_send(pmonitor->m_recvfd,
1317 MONITOR_REQ_JPAKE_GET_PWDATA, &m);
1318
1319 debug3("%s: waiting for MONITOR_ANS_JPAKE_GET_PWDATA", __func__);
1320 mm_request_receive_expect(pmonitor->m_recvfd,
1321 MONITOR_ANS_JPAKE_GET_PWDATA, &m);
1322
1323 *hash_scheme = buffer_get_string(&m, NULL);
1324 *salt = buffer_get_string(&m, NULL);
1325
1326 buffer_free(&m);
1327}
1328
1329void
1330mm_jpake_step1(struct jpake_group *grp,
1331 u_char **id, u_int *id_len,
1332 BIGNUM **priv1, BIGNUM **priv2, BIGNUM **g_priv1, BIGNUM **g_priv2,
1333 u_char **priv1_proof, u_int *priv1_proof_len,
1334 u_char **priv2_proof, u_int *priv2_proof_len)
1335{
1336 Buffer m;
1337
1338 debug3("%s entering", __func__);
1339
1340 buffer_init(&m);
1341 mm_request_send(pmonitor->m_recvfd,
1342 MONITOR_REQ_JPAKE_STEP1, &m);
1343
1344 debug3("%s: waiting for MONITOR_ANS_JPAKE_STEP1", __func__);
1345 mm_request_receive_expect(pmonitor->m_recvfd,
1346 MONITOR_ANS_JPAKE_STEP1, &m);
1347
1348 if ((*priv1 = BN_new()) == NULL ||
1349 (*priv2 = BN_new()) == NULL ||
1350 (*g_priv1 = BN_new()) == NULL ||
1351 (*g_priv2 = BN_new()) == NULL)
1352 fatal("%s: BN_new", __func__);
1353
1354 *id = buffer_get_string(&m, id_len);
1355 /* priv1 and priv2 are, well, private */
1356 buffer_get_bignum2(&m, *g_priv1);
1357 buffer_get_bignum2(&m, *g_priv2);
1358 *priv1_proof = buffer_get_string(&m, priv1_proof_len);
1359 *priv2_proof = buffer_get_string(&m, priv2_proof_len);
1360
1361 buffer_free(&m);
1362}
1363
1364void
1365mm_jpake_step2(struct jpake_group *grp, BIGNUM *s,
1366 BIGNUM *mypub1, BIGNUM *theirpub1, BIGNUM *theirpub2, BIGNUM *mypriv2,
1367 const u_char *theirid, u_int theirid_len,
1368 const u_char *myid, u_int myid_len,
1369 const u_char *theirpub1_proof, u_int theirpub1_proof_len,
1370 const u_char *theirpub2_proof, u_int theirpub2_proof_len,
1371 BIGNUM **newpub,
1372 u_char **newpub_exponent_proof, u_int *newpub_exponent_proof_len)
1373{
1374 Buffer m;
1375
1376 debug3("%s entering", __func__);
1377
1378 buffer_init(&m);
1379 /* monitor already has all bignums except theirpub1, theirpub2 */
1380 buffer_put_bignum2(&m, theirpub1);
1381 buffer_put_bignum2(&m, theirpub2);
1382 /* monitor already knows our id */
1383 buffer_put_string(&m, theirid, theirid_len);
1384 buffer_put_string(&m, theirpub1_proof, theirpub1_proof_len);
1385 buffer_put_string(&m, theirpub2_proof, theirpub2_proof_len);
1386
1387 mm_request_send(pmonitor->m_recvfd,
1388 MONITOR_REQ_JPAKE_STEP2, &m);
1389
1390 debug3("%s: waiting for MONITOR_ANS_JPAKE_STEP2", __func__);
1391 mm_request_receive_expect(pmonitor->m_recvfd,
1392 MONITOR_ANS_JPAKE_STEP2, &m);
1393
1394 if ((*newpub = BN_new()) == NULL)
1395 fatal("%s: BN_new", __func__);
1396
1397 buffer_get_bignum2(&m, *newpub);
1398 *newpub_exponent_proof = buffer_get_string(&m,
1399 newpub_exponent_proof_len);
1400
1401 buffer_free(&m);
1402}
1403
1404void
1405mm_jpake_key_confirm(struct jpake_group *grp, BIGNUM *s, BIGNUM *step2_val,
1406 BIGNUM *mypriv2, BIGNUM *mypub1, BIGNUM *mypub2,
1407 BIGNUM *theirpub1, BIGNUM *theirpub2,
1408 const u_char *my_id, u_int my_id_len,
1409 const u_char *their_id, u_int their_id_len,
1410 const u_char *sess_id, u_int sess_id_len,
1411 const u_char *theirpriv2_s_proof, u_int theirpriv2_s_proof_len,
1412 BIGNUM **k,
1413 u_char **confirm_hash, u_int *confirm_hash_len)
1414{
1415 Buffer m;
1416
1417 debug3("%s entering", __func__);
1418
1419 buffer_init(&m);
1420 /* monitor already has all bignums except step2_val */
1421 buffer_put_bignum2(&m, step2_val);
1422 /* monitor already knows all the ids */
1423 buffer_put_string(&m, theirpriv2_s_proof, theirpriv2_s_proof_len);
1424
1425 mm_request_send(pmonitor->m_recvfd,
1426 MONITOR_REQ_JPAKE_KEY_CONFIRM, &m);
1427
1428 debug3("%s: waiting for MONITOR_ANS_JPAKE_KEY_CONFIRM", __func__);
1429 mm_request_receive_expect(pmonitor->m_recvfd,
1430 MONITOR_ANS_JPAKE_KEY_CONFIRM, &m);
1431
1432 /* 'k' is sensitive and stays in the monitor */
1433 *confirm_hash = buffer_get_string(&m, confirm_hash_len);
1434
1435 buffer_free(&m);
1436}
1437
1438int
1439mm_jpake_check_confirm(const BIGNUM *k,
1440 const u_char *peer_id, u_int peer_id_len,
1441 const u_char *sess_id, u_int sess_id_len,
1442 const u_char *peer_confirm_hash, u_int peer_confirm_hash_len)
1443{
1444 Buffer m;
1445 int success = 0;
1446
1447 debug3("%s entering", __func__);
1448
1449 buffer_init(&m);
1450 /* k is dummy in slave, ignored */
1451 /* monitor knows all the ids */
1452 buffer_put_string(&m, peer_confirm_hash, peer_confirm_hash_len);
1453 mm_request_send(pmonitor->m_recvfd,
1454 MONITOR_REQ_JPAKE_CHECK_CONFIRM, &m);
1455
1456 debug3("%s: waiting for MONITOR_ANS_JPAKE_CHECK_CONFIRM", __func__);
1457 mm_request_receive_expect(pmonitor->m_recvfd,
1458 MONITOR_ANS_JPAKE_CHECK_CONFIRM, &m);
1459
1460 success = buffer_get_int(&m);
1461 buffer_free(&m);
1462
1463 debug3("%s: success = %d", __func__, success);
1464 return success;
1465}
1466#endif /* JPAKE */