summaryrefslogtreecommitdiff
path: root/monitor_wrap.c
diff options
context:
space:
mode:
Diffstat (limited to 'monitor_wrap.c')
-rw-r--r--monitor_wrap.c230
1 files changed, 174 insertions, 56 deletions
diff --git a/monitor_wrap.c b/monitor_wrap.c
index c9714138a..4034d569c 100644
--- a/monitor_wrap.c
+++ b/monitor_wrap.c
@@ -25,7 +25,7 @@
25 */ 25 */
26 26
27#include "includes.h" 27#include "includes.h"
28RCSID("$OpenBSD: monitor_wrap.c,v 1.24 2003/04/01 10:22:21 markus Exp $"); 28RCSID("$OpenBSD: monitor_wrap.c,v 1.31 2003/08/28 12:54:34 markus Exp $");
29 29
30#include <openssl/bn.h> 30#include <openssl/bn.h>
31#include <openssl/dh.h> 31#include <openssl/dh.h>
@@ -47,11 +47,16 @@ RCSID("$OpenBSD: monitor_wrap.c,v 1.24 2003/04/01 10:22:21 markus Exp $");
47#include "atomicio.h" 47#include "atomicio.h"
48#include "monitor_fdpass.h" 48#include "monitor_fdpass.h"
49#include "getput.h" 49#include "getput.h"
50#include "servconf.h"
50 51
51#include "auth.h" 52#include "auth.h"
52#include "channels.h" 53#include "channels.h"
53#include "session.h" 54#include "session.h"
54 55
56#ifdef GSSAPI
57#include "ssh-gss.h"
58#endif
59
55/* Imports */ 60/* Imports */
56extern int compat20; 61extern int compat20;
57extern Newkeys *newkeys[]; 62extern Newkeys *newkeys[];
@@ -59,6 +64,7 @@ extern z_stream incoming_stream;
59extern z_stream outgoing_stream; 64extern z_stream outgoing_stream;
60extern struct monitor *pmonitor; 65extern struct monitor *pmonitor;
61extern Buffer input, output; 66extern Buffer input, output;
67extern ServerOptions options;
62 68
63void 69void
64mm_request_send(int socket, enum monitor_reqtype type, Buffer *m) 70mm_request_send(int socket, enum monitor_reqtype type, Buffer *m)
@@ -70,9 +76,9 @@ mm_request_send(int socket, enum monitor_reqtype type, Buffer *m)
70 76
71 PUT_32BIT(buf, mlen + 1); 77 PUT_32BIT(buf, mlen + 1);
72 buf[4] = (u_char) type; /* 1st byte of payload is mesg-type */ 78 buf[4] = (u_char) type; /* 1st byte of payload is mesg-type */
73 if (atomicio(write, socket, buf, sizeof(buf)) != sizeof(buf)) 79 if (atomicio(vwrite, socket, buf, sizeof(buf)) != sizeof(buf))
74 fatal("%s: write", __func__); 80 fatal("%s: write", __func__);
75 if (atomicio(write, socket, buffer_ptr(m), mlen) != mlen) 81 if (atomicio(vwrite, socket, buffer_ptr(m), mlen) != mlen)
76 fatal("%s: write", __func__); 82 fatal("%s: write", __func__);
77} 83}
78 84
@@ -520,6 +526,8 @@ mm_send_keystate(struct monitor *pmonitor)
520 Buffer m; 526 Buffer m;
521 u_char *blob, *p; 527 u_char *blob, *p;
522 u_int bloblen, plen; 528 u_int bloblen, plen;
529 u_int32_t seqnr, packets;
530 u_int64_t blocks;
523 531
524 buffer_init(&m); 532 buffer_init(&m);
525 533
@@ -568,8 +576,14 @@ mm_send_keystate(struct monitor *pmonitor)
568 buffer_put_string(&m, blob, bloblen); 576 buffer_put_string(&m, blob, bloblen);
569 xfree(blob); 577 xfree(blob);
570 578
571 buffer_put_int(&m, packet_get_seqnr(MODE_OUT)); 579 packet_get_state(MODE_OUT, &seqnr, &blocks, &packets);
572 buffer_put_int(&m, packet_get_seqnr(MODE_IN)); 580 buffer_put_int(&m, seqnr);
581 buffer_put_int64(&m, blocks);
582 buffer_put_int(&m, packets);
583 packet_get_state(MODE_IN, &seqnr, &blocks, &packets);
584 buffer_put_int(&m, seqnr);
585 buffer_put_int64(&m, blocks);
586 buffer_put_int(&m, packets);
573 587
574 debug3("%s: New keys have been sent", __func__); 588 debug3("%s: New keys have been sent", __func__);
575 skip: 589 skip:
@@ -661,6 +675,8 @@ mm_start_pam(char *user)
661 Buffer m; 675 Buffer m;
662 676
663 debug3("%s entering", __func__); 677 debug3("%s entering", __func__);
678 if (!options.use_pam)
679 fatal("UsePAM=no, but ended up in %s anyway", __func__);
664 680
665 buffer_init(&m); 681 buffer_init(&m);
666 buffer_put_cstring(&m, user); 682 buffer_put_cstring(&m, user);
@@ -669,6 +685,112 @@ mm_start_pam(char *user)
669 685
670 buffer_free(&m); 686 buffer_free(&m);
671} 687}
688
689u_int
690mm_do_pam_account(void)
691{
692 Buffer m;
693 u_int ret;
694
695 debug3("%s entering", __func__);
696 if (!options.use_pam)
697 fatal("UsePAM=no, but ended up in %s anyway", __func__);
698
699 buffer_init(&m);
700 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_ACCOUNT, &m);
701
702 mm_request_receive_expect(pmonitor->m_recvfd,
703 MONITOR_ANS_PAM_ACCOUNT, &m);
704 ret = buffer_get_int(&m);
705
706 buffer_free(&m);
707
708 debug3("%s returning %d", __func__, ret);
709
710 return (ret);
711}
712
713void *
714mm_sshpam_init_ctx(Authctxt *authctxt)
715{
716 Buffer m;
717 int success;
718
719 debug3("%s", __func__);
720 buffer_init(&m);
721 buffer_put_cstring(&m, authctxt->user);
722 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_INIT_CTX, &m);
723 debug3("%s: waiting for MONITOR_ANS_PAM_INIT_CTX", __func__);
724 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_INIT_CTX, &m);
725 success = buffer_get_int(&m);
726 if (success == 0) {
727 debug3("%s: pam_init_ctx failed", __func__);
728 buffer_free(&m);
729 return (NULL);
730 }
731 buffer_free(&m);
732 return (authctxt);
733}
734
735int
736mm_sshpam_query(void *ctx, char **name, char **info,
737 u_int *num, char ***prompts, u_int **echo_on)
738{
739 Buffer m;
740 int i, ret;
741
742 debug3("%s", __func__);
743 buffer_init(&m);
744 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_QUERY, &m);
745 debug3("%s: waiting for MONITOR_ANS_PAM_QUERY", __func__);
746 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_QUERY, &m);
747 ret = buffer_get_int(&m);
748 debug3("%s: pam_query returned %d", __func__, ret);
749 *name = buffer_get_string(&m, NULL);
750 *info = buffer_get_string(&m, NULL);
751 *num = buffer_get_int(&m);
752 *prompts = xmalloc((*num + 1) * sizeof(char *));
753 *echo_on = xmalloc((*num + 1) * sizeof(u_int));
754 for (i = 0; i < *num; ++i) {
755 (*prompts)[i] = buffer_get_string(&m, NULL);
756 (*echo_on)[i] = buffer_get_int(&m);
757 }
758 buffer_free(&m);
759 return (ret);
760}
761
762int
763mm_sshpam_respond(void *ctx, u_int num, char **resp)
764{
765 Buffer m;
766 int i, ret;
767
768 debug3("%s", __func__);
769 buffer_init(&m);
770 buffer_put_int(&m, num);
771 for (i = 0; i < num; ++i)
772 buffer_put_cstring(&m, resp[i]);
773 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_RESPOND, &m);
774 debug3("%s: waiting for MONITOR_ANS_PAM_RESPOND", __func__);
775 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_RESPOND, &m);
776 ret = buffer_get_int(&m);
777 debug3("%s: pam_respond returned %d", __func__, ret);
778 buffer_free(&m);
779 return (ret);
780}
781
782void
783mm_sshpam_free_ctx(void *ctxtp)
784{
785 Buffer m;
786
787 debug3("%s", __func__);
788 buffer_init(&m);
789 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_FREE_CTX, &m);
790 debug3("%s: waiting for MONITOR_ANS_PAM_FREE_CTX", __func__);
791 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_FREE_CTX, &m);
792 buffer_free(&m);
793}
672#endif /* USE_PAM */ 794#endif /* USE_PAM */
673 795
674/* Request process termination */ 796/* Request process termination */
@@ -949,73 +1071,69 @@ mm_auth_rsa_verify_response(Key *key, BIGNUM *p, u_char response[16])
949 return (success); 1071 return (success);
950} 1072}
951 1073
952#ifdef KRB4 1074#ifdef GSSAPI
953int 1075OM_uint32
954mm_auth_krb4(Authctxt *authctxt, void *_auth, char **client, void *_reply) 1076mm_ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID oid)
955{ 1077{
956 KTEXT auth, reply; 1078 Buffer m;
957 Buffer m; 1079 OM_uint32 major;
958 u_int rlen;
959 int success = 0;
960 char *p;
961 1080
962 debug3("%s entering", __func__); 1081 /* Client doesn't get to see the context */
963 auth = _auth; 1082 *ctx = NULL;
964 reply = _reply;
965 1083
966 buffer_init(&m); 1084 buffer_init(&m);
967 buffer_put_string(&m, auth->dat, auth->length); 1085 buffer_put_string(&m, oid->elements, oid->length);
968 1086
969 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KRB4, &m); 1087 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSETUP, &m);
970 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_KRB4, &m); 1088 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSETUP, &m);
1089
1090 major = buffer_get_int(&m);
971 1091
972 success = buffer_get_int(&m);
973 if (success) {
974 *client = buffer_get_string(&m, NULL);
975 p = buffer_get_string(&m, &rlen);
976 if (rlen >= MAX_KTXT_LEN)
977 fatal("%s: reply from monitor too large", __func__);
978 reply->length = rlen;
979 memcpy(reply->dat, p, rlen);
980 memset(p, 0, rlen);
981 xfree(p);
982 }
983 buffer_free(&m); 1092 buffer_free(&m);
984 return (success); 1093 return (major);
985} 1094}
986#endif
987 1095
988#ifdef KRB5 1096OM_uint32
989int 1097mm_ssh_gssapi_accept_ctx(Gssctxt *ctx, gss_buffer_desc *in,
990mm_auth_krb5(void *ctx, void *argp, char **userp, void *resp) 1098 gss_buffer_desc *out, OM_uint32 *flags)
991{ 1099{
992 krb5_data *tkt, *reply;
993 Buffer m; 1100 Buffer m;
994 int success; 1101 OM_uint32 major;
995 1102 u_int len;
996 debug3("%s entering", __func__);
997 tkt = (krb5_data *) argp;
998 reply = (krb5_data *) resp;
999 1103
1000 buffer_init(&m); 1104 buffer_init(&m);
1001 buffer_put_string(&m, tkt->data, tkt->length); 1105 buffer_put_string(&m, in->value, in->length);
1002 1106
1003 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KRB5, &m); 1107 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSTEP, &m);
1004 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_KRB5, &m); 1108 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSTEP, &m);
1005 1109
1006 success = buffer_get_int(&m); 1110 major = buffer_get_int(&m);
1007 if (success) { 1111 out->value = buffer_get_string(&m, &len);
1008 u_int len; 1112 out->length = len;
1113 if (flags)
1114 *flags = buffer_get_int(&m);
1009 1115
1010 *userp = buffer_get_string(&m, NULL); 1116 buffer_free(&m);
1011 reply->data = buffer_get_string(&m, &len); 1117
1012 reply->length = len; 1118 return (major);
1013 } else { 1119}
1014 memset(reply, 0, sizeof(*reply)); 1120
1015 *userp = NULL; 1121int
1016 } 1122mm_ssh_gssapi_userok(char *user)
1123{
1124 Buffer m;
1125 int authenticated = 0;
1126
1127 buffer_init(&m);
1128
1129 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSUSEROK, &m);
1130 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSUSEROK,
1131 &m);
1132
1133 authenticated = buffer_get_int(&m);
1017 1134
1018 buffer_free(&m); 1135 buffer_free(&m);
1019 return (success); 1136 debug3("%s: user %sauthenticated",__func__, authenticated ? "" : "not ");
1137 return (authenticated);
1020} 1138}
1021#endif 1139#endif /* GSSAPI */