summaryrefslogtreecommitdiff
path: root/monitor_wrap.c
diff options
context:
space:
mode:
Diffstat (limited to 'monitor_wrap.c')
-rw-r--r--monitor_wrap.c75
1 files changed, 48 insertions, 27 deletions
diff --git a/monitor_wrap.c b/monitor_wrap.c
index c94675c6f..b0ced5ac7 100644
--- a/monitor_wrap.c
+++ b/monitor_wrap.c
@@ -1,3 +1,4 @@
1/* $OpenBSD: monitor_wrap.c,v 1.55 2007/02/19 10:45:58 dtucker Exp $ */
1/* 2/*
2 * Copyright 2002 Niels Provos <provos@citi.umich.edu> 3 * Copyright 2002 Niels Provos <provos@citi.umich.edu>
3 * Copyright 2002 Markus Friedl <markus@openbsd.org> 4 * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -25,18 +26,31 @@
25 */ 26 */
26 27
27#include "includes.h" 28#include "includes.h"
28RCSID("$OpenBSD: monitor_wrap.c,v 1.40 2005/05/24 17:32:43 avsm Exp $"); 29
30#include <sys/types.h>
31#include <sys/uio.h>
32
33#include <errno.h>
34#include <pwd.h>
35#include <signal.h>
36#include <stdarg.h>
37#include <stdio.h>
38#include <string.h>
39#include <unistd.h>
29 40
30#include <openssl/bn.h> 41#include <openssl/bn.h>
31#include <openssl/dh.h> 42#include <openssl/dh.h>
32 43
44#include "xmalloc.h"
33#include "ssh.h" 45#include "ssh.h"
34#include "dh.h" 46#include "dh.h"
47#include "buffer.h"
48#include "key.h"
49#include "cipher.h"
35#include "kex.h" 50#include "kex.h"
51#include "hostfile.h"
36#include "auth.h" 52#include "auth.h"
37#include "auth-options.h" 53#include "auth-options.h"
38#include "buffer.h"
39#include "bufaux.h"
40#include "packet.h" 54#include "packet.h"
41#include "mac.h" 55#include "mac.h"
42#include "log.h" 56#include "log.h"
@@ -48,20 +62,18 @@ RCSID("$OpenBSD: monitor_wrap.c,v 1.40 2005/05/24 17:32:43 avsm Exp $");
48#include "zlib.h" 62#include "zlib.h"
49#endif 63#endif
50#include "monitor.h" 64#include "monitor.h"
65#ifdef GSSAPI
66#include "ssh-gss.h"
67#endif
51#include "monitor_wrap.h" 68#include "monitor_wrap.h"
52#include "xmalloc.h"
53#include "atomicio.h" 69#include "atomicio.h"
54#include "monitor_fdpass.h" 70#include "monitor_fdpass.h"
55#include "getput.h" 71#include "misc.h"
56#include "servconf.h" 72#include "servconf.h"
57 73
58#include "auth.h"
59#include "channels.h" 74#include "channels.h"
60#include "session.h" 75#include "session.h"
61 76#include "servconf.h"
62#ifdef GSSAPI
63#include "ssh-gss.h"
64#endif
65 77
66/* Imports */ 78/* Imports */
67extern int compat20; 79extern int compat20;
@@ -91,7 +103,7 @@ mm_request_send(int sock, enum monitor_reqtype type, Buffer *m)
91 103
92 debug3("%s entering: type %d", __func__, type); 104 debug3("%s entering: type %d", __func__, type);
93 105
94 PUT_32BIT(buf, mlen + 1); 106 put_u32(buf, mlen + 1);
95 buf[4] = (u_char) type; /* 1st byte of payload is mesg-type */ 107 buf[4] = (u_char) type; /* 1st byte of payload is mesg-type */
96 if (atomicio(vwrite, sock, buf, sizeof(buf)) != sizeof(buf)) 108 if (atomicio(vwrite, sock, buf, sizeof(buf)) != sizeof(buf))
97 fatal("%s: write: %s", __func__, strerror(errno)); 109 fatal("%s: write: %s", __func__, strerror(errno));
@@ -112,7 +124,7 @@ mm_request_receive(int sock, Buffer *m)
112 cleanup_exit(255); 124 cleanup_exit(255);
113 fatal("%s: read: %s", __func__, strerror(errno)); 125 fatal("%s: read: %s", __func__, strerror(errno));
114 } 126 }
115 msg_len = GET_32BIT(buf); 127 msg_len = get_u32(buf);
116 if (msg_len > 256 * 1024) 128 if (msg_len > 256 * 1024)
117 fatal("%s: read: bad msg_len %d", __func__, msg_len); 129 fatal("%s: read: bad msg_len %d", __func__, msg_len);
118 buffer_clear(m); 130 buffer_clear(m);
@@ -196,7 +208,8 @@ mm_getpwnamallow(const char *username)
196{ 208{
197 Buffer m; 209 Buffer m;
198 struct passwd *pw; 210 struct passwd *pw;
199 u_int pwlen; 211 u_int len;
212 ServerOptions *newopts;
200 213
201 debug3("%s entering", __func__); 214 debug3("%s entering", __func__);
202 215
@@ -212,8 +225,8 @@ mm_getpwnamallow(const char *username)
212 buffer_free(&m); 225 buffer_free(&m);
213 return (NULL); 226 return (NULL);
214 } 227 }
215 pw = buffer_get_string(&m, &pwlen); 228 pw = buffer_get_string(&m, &len);
216 if (pwlen != sizeof(struct passwd)) 229 if (len != sizeof(struct passwd))
217 fatal("%s: struct passwd size mismatch", __func__); 230 fatal("%s: struct passwd size mismatch", __func__);
218 pw->pw_name = buffer_get_string(&m, NULL); 231 pw->pw_name = buffer_get_string(&m, NULL);
219 pw->pw_passwd = buffer_get_string(&m, NULL); 232 pw->pw_passwd = buffer_get_string(&m, NULL);
@@ -223,6 +236,16 @@ mm_getpwnamallow(const char *username)
223#endif 236#endif
224 pw->pw_dir = buffer_get_string(&m, NULL); 237 pw->pw_dir = buffer_get_string(&m, NULL);
225 pw->pw_shell = buffer_get_string(&m, NULL); 238 pw->pw_shell = buffer_get_string(&m, NULL);
239
240 /* copy options block as a Match directive may have changed some */
241 newopts = buffer_get_string(&m, &len);
242 if (len != sizeof(*newopts))
243 fatal("%s: option block size mismatch", __func__);
244 if (newopts->banner != NULL)
245 newopts->banner = buffer_get_string(&m, NULL);
246 copy_set_server_options(&options, newopts, 1);
247 xfree(newopts);
248
226 buffer_free(&m); 249 buffer_free(&m);
227 250
228 return (pw); 251 return (pw);
@@ -637,7 +660,7 @@ mm_send_keystate(struct monitor *monitor)
637} 660}
638 661
639int 662int
640mm_pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, int namebuflen) 663mm_pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, size_t namebuflen)
641{ 664{
642 Buffer m; 665 Buffer m;
643 char *p, *msg; 666 char *p, *msg;
@@ -776,8 +799,11 @@ mm_sshpam_query(void *ctx, char **name, char **info,
776 *name = buffer_get_string(&m, NULL); 799 *name = buffer_get_string(&m, NULL);
777 *info = buffer_get_string(&m, NULL); 800 *info = buffer_get_string(&m, NULL);
778 *num = buffer_get_int(&m); 801 *num = buffer_get_int(&m);
779 *prompts = xmalloc((*num + 1) * sizeof(char *)); 802 if (*num > PAM_MAX_NUM_MSG)
780 *echo_on = xmalloc((*num + 1) * sizeof(u_int)); 803 fatal("%s: recieved %u PAM messages, expected <= %u",
804 __func__, *num, PAM_MAX_NUM_MSG);
805 *prompts = xcalloc((*num + 1), sizeof(char *));
806 *echo_on = xcalloc((*num + 1), sizeof(u_int));
781 for (i = 0; i < *num; ++i) { 807 for (i = 0; i < *num; ++i) {
782 (*prompts)[i] = buffer_get_string(&m, NULL); 808 (*prompts)[i] = buffer_get_string(&m, NULL);
783 (*echo_on)[i] = buffer_get_int(&m); 809 (*echo_on)[i] = buffer_get_int(&m);
@@ -860,8 +886,8 @@ mm_chall_setup(char **name, char **infotxt, u_int *numprompts,
860 *name = xstrdup(""); 886 *name = xstrdup("");
861 *infotxt = xstrdup(""); 887 *infotxt = xstrdup("");
862 *numprompts = 1; 888 *numprompts = 1;
863 *prompts = xmalloc(*numprompts * sizeof(char *)); 889 *prompts = xcalloc(*numprompts, sizeof(char *));
864 *echo_on = xmalloc(*numprompts * sizeof(u_int)); 890 *echo_on = xcalloc(*numprompts, sizeof(u_int));
865 (*echo_on)[0] = 0; 891 (*echo_on)[0] = 0;
866} 892}
867 893
@@ -928,9 +954,8 @@ mm_skey_query(void *ctx, char **name, char **infotxt,
928 u_int *numprompts, char ***prompts, u_int **echo_on) 954 u_int *numprompts, char ***prompts, u_int **echo_on)
929{ 955{
930 Buffer m; 956 Buffer m;
931 int len;
932 u_int success; 957 u_int success;
933 char *p, *challenge; 958 char *challenge;
934 959
935 debug3("%s: entering", __func__); 960 debug3("%s: entering", __func__);
936 961
@@ -954,11 +979,7 @@ mm_skey_query(void *ctx, char **name, char **infotxt,
954 979
955 mm_chall_setup(name, infotxt, numprompts, prompts, echo_on); 980 mm_chall_setup(name, infotxt, numprompts, prompts, echo_on);
956 981
957 len = strlen(challenge) + strlen(SKEY_PROMPT) + 1; 982 xasprintf(*prompts, "%s%s", challenge, SKEY_PROMPT);
958 p = xmalloc(len);
959 strlcpy(p, challenge, len);
960 strlcat(p, SKEY_PROMPT, len);
961 (*prompts)[0] = p;
962 xfree(challenge); 983 xfree(challenge);
963 984
964 return (0); 985 return (0);