1 /* $NetBSD: monitor.c,v 1.10 2013/03/29 16:19:45 christos Exp $ */ 2 /* $OpenBSD: monitor.c,v 1.120 2012/12/11 22:16:21 markus Exp $ */ 3 /* 4 * Copyright 2002 Niels Provos <provos@citi.umich.edu> 5 * Copyright 2002 Markus Friedl <markus@openbsd.org> 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 18 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 19 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 20 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 21 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 22 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 23 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 24 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 25 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 26 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 27 */ 28 29 #include "includes.h" 30 __RCSID("$NetBSD: monitor.c,v 1.10 2013/03/29 16:19:45 christos Exp $"); 31 #include <sys/types.h> 32 #include <sys/wait.h> 33 #include <sys/socket.h> 34 #include <sys/tree.h> 35 #include <sys/param.h> 36 #include <sys/queue.h> 37 38 #include <openssl/dh.h> 39 40 #include <errno.h> 41 #include <fcntl.h> 42 #include <paths.h> 43 #include <poll.h> 44 #include <pwd.h> 45 #include <signal.h> 46 #include <stdlib.h> 47 #include <string.h> 48 49 #ifdef SKEY 50 #include <skey.h> 51 #endif 52 53 #include "atomicio.h" 54 #include "xmalloc.h" 55 #include "ssh.h" 56 #include "key.h" 57 #include "buffer.h" 58 #include "hostfile.h" 59 #include "auth.h" 60 #include "cipher.h" 61 #include "kex.h" 62 #include "dh.h" 63 #include <zlib.h> 64 #include "packet.h" 65 #include "auth-options.h" 66 #include "sshpty.h" 67 #include "channels.h" 68 #include "session.h" 69 #include "sshlogin.h" 70 #include "canohost.h" 71 #include "log.h" 72 #include "servconf.h" 73 #include "monitor.h" 74 #include "monitor_mm.h" 75 #ifdef GSSAPI 76 #include "ssh-gss.h" 77 #endif 78 #include "monitor_wrap.h" 79 #include "monitor_fdpass.h" 80 #include "misc.h" 81 #include "compat.h" 82 #include "ssh2.h" 83 #include "jpake.h" 84 #include "roaming.h" 85 86 #ifdef GSSAPI 87 static Gssctxt *gsscontext = NULL; 88 #endif 89 90 /* Imports */ 91 extern ServerOptions options; 92 extern u_int utmp_len; 93 extern Newkeys *current_keys[]; 94 extern z_stream incoming_stream; 95 extern z_stream outgoing_stream; 96 extern u_char session_id[]; 97 extern Buffer auth_debug; 98 extern int auth_debug_init; 99 extern Buffer loginmsg; 100 101 /* State exported from the child */ 102 103 struct { 104 z_stream incoming; 105 z_stream outgoing; 106 u_char *keyin; 107 u_int keyinlen; 108 u_char *keyout; 109 u_int keyoutlen; 110 u_char *ivin; 111 u_int ivinlen; 112 u_char *ivout; 113 u_int ivoutlen; 114 u_char *ssh1key; 115 u_int ssh1keylen; 116 int ssh1cipher; 117 int ssh1protoflags; 118 u_char *input; 119 u_int ilen; 120 u_char *output; 121 u_int olen; 122 u_int64_t sent_bytes; 123 u_int64_t recv_bytes; 124 } child_state; 125 126 /* Functions on the monitor that answer unprivileged requests */ 127 128 int mm_answer_moduli(int, Buffer *); 129 int mm_answer_sign(int, Buffer *); 130 int mm_answer_pwnamallow(int, Buffer *); 131 int mm_answer_auth2_read_banner(int, Buffer *); 132 int mm_answer_authserv(int, Buffer *); 133 int mm_answer_authpassword(int, Buffer *); 134 int mm_answer_bsdauthquery(int, Buffer *); 135 int mm_answer_bsdauthrespond(int, Buffer *); 136 int mm_answer_skeyquery(int, Buffer *); 137 int mm_answer_skeyrespond(int, Buffer *); 138 int mm_answer_keyallowed(int, Buffer *); 139 int mm_answer_keyverify(int, Buffer *); 140 int mm_answer_pty(int, Buffer *); 141 int mm_answer_pty_cleanup(int, Buffer *); 142 int mm_answer_term(int, Buffer *); 143 int mm_answer_rsa_keyallowed(int, Buffer *); 144 int mm_answer_rsa_challenge(int, Buffer *); 145 int mm_answer_rsa_response(int, Buffer *); 146 int mm_answer_sesskey(int, Buffer *); 147 int mm_answer_sessid(int, Buffer *); 148 int mm_answer_jpake_get_pwdata(int, Buffer *); 149 int mm_answer_jpake_step1(int, Buffer *); 150 int mm_answer_jpake_step2(int, Buffer *); 151 int mm_answer_jpake_key_confirm(int, Buffer *); 152 int mm_answer_jpake_check_confirm(int, Buffer *); 153 154 #ifdef USE_PAM 155 int mm_answer_pam_start(int, Buffer *); 156 int mm_answer_pam_account(int, Buffer *); 157 int mm_answer_pam_init_ctx(int, Buffer *); 158 int mm_answer_pam_query(int, Buffer *); 159 int mm_answer_pam_respond(int, Buffer *); 160 int mm_answer_pam_free_ctx(int, Buffer *); 161 #endif 162 163 #ifdef KRB4 164 int mm_answer_krb4(int, Buffer *); 165 #endif 166 #ifdef KRB5 167 int mm_answer_krb5(int, Buffer *); 168 #endif 169 170 #ifdef GSSAPI 171 int mm_answer_gss_setup_ctx(int, Buffer *); 172 int mm_answer_gss_accept_ctx(int, Buffer *); 173 int mm_answer_gss_userok(int, Buffer *); 174 int mm_answer_gss_checkmic(int, Buffer *); 175 #endif 176 177 static int monitor_read_log(struct monitor *); 178 179 static Authctxt *authctxt; 180 static BIGNUM *ssh1_challenge = NULL; /* used for ssh1 rsa auth */ 181 182 /* local state for key verify */ 183 static u_char *key_blob = NULL; 184 static u_int key_bloblen = 0; 185 static int key_blobtype = MM_NOKEY; 186 static char *hostbased_cuser = NULL; 187 static char *hostbased_chost = NULL; 188 static const char *auth_method = "unknown"; 189 static const char *auth_submethod = NULL; 190 static u_int session_id2_len = 0; 191 static u_char *session_id2 = NULL; 192 static pid_t monitor_child_pid; 193 194 struct mon_table { 195 enum monitor_reqtype type; 196 int flags; 197 int (*f)(int, Buffer *); 198 }; 199 200 #define MON_ISAUTH 0x0004 /* Required for Authentication */ 201 #define MON_AUTHDECIDE 0x0008 /* Decides Authentication */ 202 #define MON_ONCE 0x0010 /* Disable after calling */ 203 #define MON_ALOG 0x0020 /* Log auth attempt without authenticating */ 204 205 #define MON_AUTH (MON_ISAUTH|MON_AUTHDECIDE) 206 207 #define MON_PERMIT 0x1000 /* Request is permitted */ 208 209 struct mon_table mon_dispatch_proto20[] = { 210 {MONITOR_REQ_MODULI, MON_ONCE, mm_answer_moduli}, 211 {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign}, 212 {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow}, 213 {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv}, 214 {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner}, 215 {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword}, 216 #ifdef USE_PAM 217 {MONITOR_REQ_PAM_START, MON_ONCE, mm_answer_pam_start}, 218 {MONITOR_REQ_PAM_ACCOUNT, 0, mm_answer_pam_account}, 219 {MONITOR_REQ_PAM_INIT_CTX, MON_ISAUTH, mm_answer_pam_init_ctx}, 220 {MONITOR_REQ_PAM_QUERY, MON_ISAUTH, mm_answer_pam_query}, 221 {MONITOR_REQ_PAM_RESPOND, MON_ISAUTH, mm_answer_pam_respond}, 222 {MONITOR_REQ_PAM_FREE_CTX, MON_ONCE|MON_AUTHDECIDE, mm_answer_pam_free_ctx}, 223 #endif 224 #ifdef BSD_AUTH 225 {MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery}, 226 {MONITOR_REQ_BSDAUTHRESPOND, MON_AUTH, mm_answer_bsdauthrespond}, 227 #endif 228 #ifdef SKEY 229 {MONITOR_REQ_SKEYQUERY, MON_ISAUTH, mm_answer_skeyquery}, 230 {MONITOR_REQ_SKEYRESPOND, MON_AUTH, mm_answer_skeyrespond}, 231 #endif 232 {MONITOR_REQ_KEYALLOWED, MON_ISAUTH, mm_answer_keyallowed}, 233 {MONITOR_REQ_KEYVERIFY, MON_AUTH, mm_answer_keyverify}, 234 #ifdef KRB4 235 {MONITOR_REQ_KRB4, MON_ONCE|MON_AUTH, mm_answer_krb4}, 236 #endif 237 #ifdef KRB5 238 {MONITOR_REQ_KRB5, MON_ONCE|MON_AUTH, mm_answer_krb5}, 239 #endif 240 #ifdef GSSAPI 241 {MONITOR_REQ_GSSSETUP, MON_ISAUTH, mm_answer_gss_setup_ctx}, 242 {MONITOR_REQ_GSSSTEP, MON_ISAUTH, mm_answer_gss_accept_ctx}, 243 {MONITOR_REQ_GSSUSEROK, MON_AUTH, mm_answer_gss_userok}, 244 {MONITOR_REQ_GSSCHECKMIC, MON_ISAUTH, mm_answer_gss_checkmic}, 245 #endif 246 #ifdef JPAKE 247 {MONITOR_REQ_JPAKE_GET_PWDATA, MON_ONCE, mm_answer_jpake_get_pwdata}, 248 {MONITOR_REQ_JPAKE_STEP1, MON_ISAUTH, mm_answer_jpake_step1}, 249 {MONITOR_REQ_JPAKE_STEP2, MON_ONCE, mm_answer_jpake_step2}, 250 {MONITOR_REQ_JPAKE_KEY_CONFIRM, MON_ONCE, mm_answer_jpake_key_confirm}, 251 {MONITOR_REQ_JPAKE_CHECK_CONFIRM, MON_AUTH, mm_answer_jpake_check_confirm}, 252 #endif 253 {0, 0, NULL} 254 }; 255 256 struct mon_table mon_dispatch_postauth20[] = { 257 {MONITOR_REQ_MODULI, 0, mm_answer_moduli}, 258 {MONITOR_REQ_SIGN, 0, mm_answer_sign}, 259 {MONITOR_REQ_PTY, 0, mm_answer_pty}, 260 {MONITOR_REQ_PTYCLEANUP, 0, mm_answer_pty_cleanup}, 261 {MONITOR_REQ_TERM, 0, mm_answer_term}, 262 {0, 0, NULL} 263 }; 264 265 struct mon_table mon_dispatch_proto15[] = { 266 {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow}, 267 {MONITOR_REQ_SESSKEY, MON_ONCE, mm_answer_sesskey}, 268 {MONITOR_REQ_SESSID, MON_ONCE, mm_answer_sessid}, 269 {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword}, 270 {MONITOR_REQ_RSAKEYALLOWED, MON_ISAUTH|MON_ALOG, mm_answer_rsa_keyallowed}, 271 {MONITOR_REQ_KEYALLOWED, MON_ISAUTH|MON_ALOG, mm_answer_keyallowed}, 272 {MONITOR_REQ_RSACHALLENGE, MON_ONCE, mm_answer_rsa_challenge}, 273 {MONITOR_REQ_RSARESPONSE, MON_ONCE|MON_AUTHDECIDE, mm_answer_rsa_response}, 274 #ifdef BSD_AUTH 275 {MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery}, 276 {MONITOR_REQ_BSDAUTHRESPOND, MON_AUTH, mm_answer_bsdauthrespond}, 277 #endif 278 #ifdef SKEY 279 {MONITOR_REQ_SKEYQUERY, MON_ISAUTH, mm_answer_skeyquery}, 280 {MONITOR_REQ_SKEYRESPOND, MON_AUTH, mm_answer_skeyrespond}, 281 #endif 282 #ifdef USE_PAM 283 {MONITOR_REQ_PAM_START, MON_ONCE, mm_answer_pam_start}, 284 {MONITOR_REQ_PAM_ACCOUNT, 0, mm_answer_pam_account}, 285 {MONITOR_REQ_PAM_INIT_CTX, MON_ISAUTH, mm_answer_pam_init_ctx}, 286 {MONITOR_REQ_PAM_QUERY, MON_ISAUTH, mm_answer_pam_query}, 287 {MONITOR_REQ_PAM_RESPOND, MON_ISAUTH, mm_answer_pam_respond}, 288 {MONITOR_REQ_PAM_FREE_CTX, MON_ONCE|MON_AUTHDECIDE, mm_answer_pam_free_ctx}, 289 #endif 290 #ifdef KRB4 291 {MONITOR_REQ_KRB4, MON_ONCE|MON_AUTH, mm_answer_krb4}, 292 #endif 293 #ifdef KRB5 294 {MONITOR_REQ_KRB5, MON_ONCE|MON_AUTH, mm_answer_krb5}, 295 #endif 296 {0, 0, NULL} 297 }; 298 299 struct mon_table mon_dispatch_postauth15[] = { 300 {MONITOR_REQ_PTY, MON_ONCE, mm_answer_pty}, 301 {MONITOR_REQ_PTYCLEANUP, MON_ONCE, mm_answer_pty_cleanup}, 302 {MONITOR_REQ_TERM, 0, mm_answer_term}, 303 {0, 0, NULL} 304 }; 305 306 struct mon_table *mon_dispatch; 307 308 /* Specifies if a certain message is allowed at the moment */ 309 310 static void 311 monitor_permit(struct mon_table *ent, enum monitor_reqtype type, int permit) 312 { 313 while (ent->f != NULL) { 314 if (ent->type == type) { 315 ent->flags &= ~MON_PERMIT; 316 ent->flags |= permit ? MON_PERMIT : 0; 317 return; 318 } 319 ent++; 320 } 321 } 322 323 static void 324 monitor_permit_authentications(int permit) 325 { 326 struct mon_table *ent = mon_dispatch; 327 328 while (ent->f != NULL) { 329 if (ent->flags & MON_AUTH) { 330 ent->flags &= ~MON_PERMIT; 331 ent->flags |= permit ? MON_PERMIT : 0; 332 } 333 ent++; 334 } 335 } 336 337 void 338 monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor) 339 { 340 struct mon_table *ent; 341 int authenticated = 0, partial = 0; 342 343 debug3("preauth child monitor started"); 344 345 close(pmonitor->m_recvfd); 346 close(pmonitor->m_log_sendfd); 347 pmonitor->m_log_sendfd = pmonitor->m_recvfd = -1; 348 349 authctxt = _authctxt; 350 memset(authctxt, 0, sizeof(*authctxt)); 351 352 if (compat20) { 353 mon_dispatch = mon_dispatch_proto20; 354 355 /* Permit requests for moduli and signatures */ 356 monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1); 357 monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1); 358 } else { 359 mon_dispatch = mon_dispatch_proto15; 360 361 monitor_permit(mon_dispatch, MONITOR_REQ_SESSKEY, 1); 362 } 363 364 /* The first few requests do not require asynchronous access */ 365 while (!authenticated) { 366 partial = 0; 367 auth_method = "unknown"; 368 auth_submethod = NULL; 369 authenticated = (monitor_read(pmonitor, mon_dispatch, &ent) == 1); 370 371 /* Special handling for multiple required authentications */ 372 if (options.num_auth_methods != 0) { 373 if (!compat20) 374 fatal("AuthenticationMethods is not supported" 375 "with SSH protocol 1"); 376 if (authenticated && 377 !auth2_update_methods_lists(authctxt, 378 auth_method)) { 379 debug3("%s: method %s: partial", __func__, 380 auth_method); 381 authenticated = 0; 382 partial = 1; 383 } 384 } 385 386 if (authenticated) { 387 if (!(ent->flags & MON_AUTHDECIDE)) 388 fatal("%s: unexpected authentication from %d", 389 __func__, ent->type); 390 if (authctxt->pw->pw_uid == 0 && 391 !auth_root_allowed(auth_method)) 392 authenticated = 0; 393 #ifdef USE_PAM 394 /* PAM needs to perform account checks after auth */ 395 if (options.use_pam && authenticated) { 396 Buffer m; 397 398 buffer_init(&m); 399 mm_request_receive_expect(pmonitor->m_sendfd, 400 MONITOR_REQ_PAM_ACCOUNT, &m); 401 authenticated = mm_answer_pam_account(pmonitor->m_sendfd, &m); 402 buffer_free(&m); 403 } 404 #endif 405 } 406 if (ent->flags & (MON_AUTHDECIDE|MON_ALOG)) { 407 auth_log(authctxt, authenticated, partial, 408 auth_method, auth_submethod, 409 compat20 ? " ssh2" : ""); 410 if (!authenticated) 411 authctxt->failures++; 412 } 413 #ifdef JPAKE 414 /* Cleanup JPAKE context after authentication */ 415 if (ent->flags & MON_AUTHDECIDE) { 416 if (authctxt->jpake_ctx != NULL) { 417 jpake_free(authctxt->jpake_ctx); 418 authctxt->jpake_ctx = NULL; 419 } 420 } 421 #endif 422 } 423 424 if (!authctxt->valid) 425 fatal("%s: authenticated invalid user", __func__); 426 if (strcmp(auth_method, "unknown") == 0) 427 fatal("%s: authentication method name unknown", __func__); 428 429 debug("%s: %s has been authenticated by privileged process", 430 __func__, authctxt->user); 431 432 mm_get_keystate(pmonitor); 433 434 /* Drain any buffered messages from the child */ 435 while (pmonitor->m_log_recvfd != -1 && monitor_read_log(pmonitor) == 0) 436 ; 437 438 close(pmonitor->m_sendfd); 439 close(pmonitor->m_log_recvfd); 440 pmonitor->m_sendfd = pmonitor->m_log_recvfd = -1; 441 } 442 443 static void 444 monitor_set_child_handler(pid_t pid) 445 { 446 monitor_child_pid = pid; 447 } 448 449 static void 450 monitor_child_handler(int sig) 451 { 452 kill(monitor_child_pid, sig); 453 } 454 455 void 456 monitor_child_postauth(struct monitor *pmonitor) 457 { 458 close(pmonitor->m_recvfd); 459 pmonitor->m_recvfd = -1; 460 461 monitor_set_child_handler(pmonitor->m_pid); 462 signal(SIGHUP, &monitor_child_handler); 463 signal(SIGTERM, &monitor_child_handler); 464 signal(SIGINT, &monitor_child_handler); 465 466 if (compat20) { 467 mon_dispatch = mon_dispatch_postauth20; 468 469 /* Permit requests for moduli and signatures */ 470 monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1); 471 monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1); 472 monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1); 473 } else { 474 mon_dispatch = mon_dispatch_postauth15; 475 monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1); 476 } 477 if (!no_pty_flag) { 478 monitor_permit(mon_dispatch, MONITOR_REQ_PTY, 1); 479 monitor_permit(mon_dispatch, MONITOR_REQ_PTYCLEANUP, 1); 480 } 481 482 for (;;) 483 monitor_read(pmonitor, mon_dispatch, NULL); 484 } 485 486 void 487 monitor_sync(struct monitor *pmonitor) 488 { 489 if (options.compression) { 490 /* The member allocation is not visible, so sync it */ 491 mm_share_sync(&pmonitor->m_zlib, &pmonitor->m_zback); 492 } 493 } 494 495 static int 496 monitor_read_log(struct monitor *pmonitor) 497 { 498 Buffer logmsg; 499 u_int len, level; 500 char *msg; 501 502 buffer_init(&logmsg); 503 504 /* Read length */ 505 buffer_append_space(&logmsg, 4); 506 if (atomicio(read, pmonitor->m_log_recvfd, 507 buffer_ptr(&logmsg), buffer_len(&logmsg)) != buffer_len(&logmsg)) { 508 if (errno == EPIPE) { 509 buffer_free(&logmsg); 510 debug("%s: child log fd closed", __func__); 511 close(pmonitor->m_log_recvfd); 512 pmonitor->m_log_recvfd = -1; 513 return -1; 514 } 515 fatal("%s: log fd read: %s", __func__, strerror(errno)); 516 } 517 len = buffer_get_int(&logmsg); 518 if (len <= 4 || len > 8192) 519 fatal("%s: invalid log message length %u", __func__, len); 520 521 /* Read severity, message */ 522 buffer_clear(&logmsg); 523 buffer_append_space(&logmsg, len); 524 if (atomicio(read, pmonitor->m_log_recvfd, 525 buffer_ptr(&logmsg), buffer_len(&logmsg)) != buffer_len(&logmsg)) 526 fatal("%s: log fd read: %s", __func__, strerror(errno)); 527 528 /* Log it */ 529 level = buffer_get_int(&logmsg); 530 msg = buffer_get_string(&logmsg, NULL); 531 if (log_level_name(level) == NULL) 532 fatal("%s: invalid log level %u (corrupted message?)", 533 __func__, level); 534 do_log2(level, "%s [preauth]", msg); 535 536 buffer_free(&logmsg); 537 xfree(msg); 538 539 return 0; 540 } 541 542 int 543 monitor_read(struct monitor *pmonitor, struct mon_table *ent, 544 struct mon_table **pent) 545 { 546 Buffer m; 547 int ret; 548 u_char type; 549 struct pollfd pfd[2]; 550 551 for (;;) { 552 bzero(&pfd, sizeof(pfd)); 553 pfd[0].fd = pmonitor->m_sendfd; 554 pfd[0].events = POLLIN; 555 pfd[1].fd = pmonitor->m_log_recvfd; 556 pfd[1].events = pfd[1].fd == -1 ? 0 : POLLIN; 557 if (poll(pfd, pfd[1].fd == -1 ? 1 : 2, -1) == -1) { 558 if (errno == EINTR || errno == EAGAIN) 559 continue; 560 fatal("%s: poll: %s", __func__, strerror(errno)); 561 } 562 if (pfd[1].revents) { 563 /* 564 * Drain all log messages before processing next 565 * monitor request. 566 */ 567 monitor_read_log(pmonitor); 568 continue; 569 } 570 if (pfd[0].revents) 571 break; /* Continues below */ 572 } 573 574 buffer_init(&m); 575 576 mm_request_receive(pmonitor->m_sendfd, &m); 577 type = buffer_get_char(&m); 578 579 debug3("%s: checking request %d", __func__, type); 580 581 while (ent->f != NULL) { 582 if (ent->type == type) 583 break; 584 ent++; 585 } 586 587 if (ent->f != NULL) { 588 if (!(ent->flags & MON_PERMIT)) 589 fatal("%s: unpermitted request %d", __func__, 590 type); 591 ret = (*ent->f)(pmonitor->m_sendfd, &m); 592 buffer_free(&m); 593 594 /* The child may use this request only once, disable it */ 595 if (ent->flags & MON_ONCE) { 596 debug2("%s: %d used once, disabling now", __func__, 597 type); 598 ent->flags &= ~MON_PERMIT; 599 } 600 601 if (pent != NULL) 602 *pent = ent; 603 604 return ret; 605 } 606 607 fatal("%s: unsupported request: %d", __func__, type); 608 609 /* NOTREACHED */ 610 return (-1); 611 } 612 613 /* allowed key state */ 614 static int 615 monitor_allowed_key(u_char *blob, u_int bloblen) 616 { 617 /* make sure key is allowed */ 618 if (key_blob == NULL || key_bloblen != bloblen || 619 timingsafe_bcmp(key_blob, blob, key_bloblen)) 620 return (0); 621 return (1); 622 } 623 624 static void 625 monitor_reset_key_state(void) 626 { 627 /* reset state */ 628 if (key_blob != NULL) 629 xfree(key_blob); 630 if (hostbased_cuser != NULL) 631 xfree(hostbased_cuser); 632 if (hostbased_chost != NULL) 633 xfree(hostbased_chost); 634 key_blob = NULL; 635 key_bloblen = 0; 636 key_blobtype = MM_NOKEY; 637 hostbased_cuser = NULL; 638 hostbased_chost = NULL; 639 } 640 641 int 642 mm_answer_moduli(int sock, Buffer *m) 643 { 644 DH *dh; 645 int min, want, max; 646 647 min = buffer_get_int(m); 648 want = buffer_get_int(m); 649 max = buffer_get_int(m); 650 651 debug3("%s: got parameters: %d %d %d", 652 __func__, min, want, max); 653 /* We need to check here, too, in case the child got corrupted */ 654 if (max < min || want < min || max < want) 655 fatal("%s: bad parameters: %d %d %d", 656 __func__, min, want, max); 657 658 buffer_clear(m); 659 660 dh = choose_dh(min, want, max); 661 if (dh == NULL) { 662 buffer_put_char(m, 0); 663 return (0); 664 } else { 665 /* Send first bignum */ 666 buffer_put_char(m, 1); 667 buffer_put_bignum2(m, dh->p); 668 buffer_put_bignum2(m, dh->g); 669 670 DH_free(dh); 671 } 672 mm_request_send(sock, MONITOR_ANS_MODULI, m); 673 return (0); 674 } 675 676 int 677 mm_answer_sign(int sock, Buffer *m) 678 { 679 Key *key; 680 u_char *p; 681 u_char *signature; 682 u_int siglen, datlen; 683 int keyid; 684 685 debug3("%s", __func__); 686 687 keyid = buffer_get_int(m); 688 p = buffer_get_string(m, &datlen); 689 690 /* 691 * Supported KEX types use SHA1 (20 bytes), SHA256 (32 bytes), 692 * SHA384 (48 bytes) and SHA512 (64 bytes). 693 */ 694 if (datlen != 20 && datlen != 32 && datlen != 48 && datlen != 64) 695 fatal("%s: data length incorrect: %u", __func__, datlen); 696 697 /* save session id, it will be passed on the first call */ 698 if (session_id2_len == 0) { 699 session_id2_len = datlen; 700 session_id2 = xmalloc(session_id2_len); 701 memcpy(session_id2, p, session_id2_len); 702 } 703 704 if ((key = get_hostkey_by_index(keyid)) == NULL) 705 fatal("%s: no hostkey from index %d", __func__, keyid); 706 if (key_sign(key, &signature, &siglen, p, datlen) < 0) 707 fatal("%s: key_sign failed", __func__); 708 709 debug3("%s: signature %p(%u)", __func__, signature, siglen); 710 711 buffer_clear(m); 712 buffer_put_string(m, signature, siglen); 713 714 xfree(p); 715 xfree(signature); 716 717 mm_request_send(sock, MONITOR_ANS_SIGN, m); 718 719 /* Turn on permissions for getpwnam */ 720 monitor_permit(mon_dispatch, MONITOR_REQ_PWNAM, 1); 721 722 return (0); 723 } 724 725 /* Retrieves the password entry and also checks if the user is permitted */ 726 727 int 728 mm_answer_pwnamallow(int sock, Buffer *m) 729 { 730 char *username; 731 struct passwd *pwent; 732 int allowed = 0; 733 u_int i; 734 735 debug3("%s", __func__); 736 737 if (authctxt->attempt++ != 0) 738 fatal("%s: multiple attempts for getpwnam", __func__); 739 740 username = buffer_get_string(m, NULL); 741 742 pwent = getpwnamallow(username); 743 744 authctxt->user = xstrdup(username); 745 setproctitle("%s [priv]", pwent ? username : "unknown"); 746 xfree(username); 747 748 buffer_clear(m); 749 750 if (pwent == NULL) { 751 buffer_put_char(m, 0); 752 authctxt->pw = fakepw(); 753 goto out; 754 } 755 756 allowed = 1; 757 authctxt->pw = pwent; 758 authctxt->valid = 1; 759 760 buffer_put_char(m, 1); 761 buffer_put_string(m, pwent, sizeof(struct passwd)); 762 buffer_put_cstring(m, pwent->pw_name); 763 buffer_put_cstring(m, "*"); 764 buffer_put_cstring(m, pwent->pw_gecos); 765 buffer_put_cstring(m, pwent->pw_class); 766 buffer_put_cstring(m, pwent->pw_dir); 767 buffer_put_cstring(m, pwent->pw_shell); 768 769 out: 770 buffer_put_string(m, &options, sizeof(options)); 771 772 #define M_CP_STROPT(x) do { \ 773 if (options.x != NULL) \ 774 buffer_put_cstring(m, options.x); \ 775 } while (0) 776 #define M_CP_STRARRAYOPT(x, nx) do { \ 777 for (i = 0; i < options.nx; i++) \ 778 buffer_put_cstring(m, options.x[i]); \ 779 } while (0) 780 /* See comment in servconf.h */ 781 COPY_MATCH_STRING_OPTS(); 782 #undef M_CP_STROPT 783 #undef M_CP_STRARRAYOPT 784 785 /* Create valid auth method lists */ 786 if (compat20 && auth2_setup_methods_lists(authctxt) != 0) { 787 /* 788 * The monitor will continue long enough to let the child 789 * run to it's packet_disconnect(), but it must not allow any 790 * authentication to succeed. 791 */ 792 debug("%s: no valid authentication method lists", __func__); 793 } 794 795 debug3("%s: sending MONITOR_ANS_PWNAM: %d", __func__, allowed); 796 mm_request_send(sock, MONITOR_ANS_PWNAM, m); 797 798 /* For SSHv1 allow authentication now */ 799 if (!compat20) 800 monitor_permit_authentications(1); 801 else { 802 /* Allow service/style information on the auth context */ 803 monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1); 804 monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1); 805 } 806 807 #ifdef USE_PAM 808 if (options.use_pam) 809 monitor_permit(mon_dispatch, MONITOR_REQ_PAM_START, 1); 810 #endif 811 812 return (0); 813 } 814 815 int mm_answer_auth2_read_banner(int sock, Buffer *m) 816 { 817 char *banner; 818 819 buffer_clear(m); 820 banner = auth2_read_banner(); 821 buffer_put_cstring(m, banner != NULL ? banner : ""); 822 mm_request_send(sock, MONITOR_ANS_AUTH2_READ_BANNER, m); 823 824 if (banner != NULL) 825 xfree(banner); 826 827 return (0); 828 } 829 830 int 831 mm_answer_authserv(int sock, Buffer *m) 832 { 833 monitor_permit_authentications(1); 834 835 authctxt->service = buffer_get_string(m, NULL); 836 authctxt->style = buffer_get_string(m, NULL); 837 debug3("%s: service=%s, style=%s", 838 __func__, authctxt->service, authctxt->style); 839 840 if (strlen(authctxt->style) == 0) { 841 xfree(authctxt->style); 842 authctxt->style = NULL; 843 } 844 845 return (0); 846 } 847 848 int 849 mm_answer_authpassword(int sock, Buffer *m) 850 { 851 static int call_count; 852 char *passwd; 853 int authenticated; 854 u_int plen; 855 856 passwd = buffer_get_string(m, &plen); 857 /* Only authenticate if the context is valid */ 858 authenticated = options.password_authentication && 859 auth_password(authctxt, passwd); 860 memset(passwd, 0, strlen(passwd)); 861 xfree(passwd); 862 863 buffer_clear(m); 864 buffer_put_int(m, authenticated); 865 866 debug3("%s: sending result %d", __func__, authenticated); 867 mm_request_send(sock, MONITOR_ANS_AUTHPASSWORD, m); 868 869 call_count++; 870 if (plen == 0 && call_count == 1) 871 auth_method = "none"; 872 else 873 auth_method = "password"; 874 875 /* Causes monitor loop to terminate if authenticated */ 876 return (authenticated); 877 } 878 879 #ifdef BSD_AUTH 880 int 881 mm_answer_bsdauthquery(int sock, Buffer *m) 882 { 883 char *name, *infotxt; 884 u_int numprompts; 885 u_int *echo_on; 886 char **prompts; 887 u_int success; 888 889 success = bsdauth_query(authctxt, &name, &infotxt, &numprompts, 890 &prompts, &echo_on) < 0 ? 0 : 1; 891 892 buffer_clear(m); 893 buffer_put_int(m, success); 894 if (success) 895 buffer_put_cstring(m, prompts[0]); 896 897 debug3("%s: sending challenge success: %u", __func__, success); 898 mm_request_send(sock, MONITOR_ANS_BSDAUTHQUERY, m); 899 900 if (success) { 901 xfree(name); 902 xfree(infotxt); 903 xfree(prompts); 904 xfree(echo_on); 905 } 906 907 return (0); 908 } 909 910 int 911 mm_answer_bsdauthrespond(int sock, Buffer *m) 912 { 913 char *response; 914 int authok; 915 916 if (authctxt->as == 0) 917 fatal("%s: no bsd auth session", __func__); 918 919 response = buffer_get_string(m, NULL); 920 authok = options.challenge_response_authentication && 921 auth_userresponse(authctxt->as, response, 0); 922 authctxt->as = NULL; 923 debug3("%s: <%s> = <%d>", __func__, response, authok); 924 xfree(response); 925 926 buffer_clear(m); 927 buffer_put_int(m, authok); 928 929 debug3("%s: sending authenticated: %d", __func__, authok); 930 mm_request_send(sock, MONITOR_ANS_BSDAUTHRESPOND, m); 931 932 if (compat20) 933 auth_method = "keyboard-interactive"; /* XXX auth_submethod */ 934 else 935 auth_method = "bsdauth"; 936 937 return (authok != 0); 938 } 939 #endif 940 941 #ifdef SKEY 942 int 943 mm_answer_skeyquery(int sock, Buffer *m) 944 { 945 struct skey skey; 946 char challenge[1024]; 947 u_int success; 948 949 success = skeychallenge(&skey, authctxt->user, challenge, 950 sizeof(challenge)) < 0 ? 0 : 1; 951 952 buffer_clear(m); 953 buffer_put_int(m, success); 954 if (success) 955 buffer_put_cstring(m, challenge); 956 957 debug3("%s: sending challenge success: %u", __func__, success); 958 mm_request_send(sock, MONITOR_ANS_SKEYQUERY, m); 959 960 return (0); 961 } 962 963 int 964 mm_answer_skeyrespond(int sock, Buffer *m) 965 { 966 char *response; 967 int authok; 968 969 response = buffer_get_string(m, NULL); 970 971 authok = (options.challenge_response_authentication && 972 authctxt->valid && 973 skey_haskey(authctxt->pw->pw_name) == 0 && 974 skey_passcheck(authctxt->pw->pw_name, response) != -1); 975 976 xfree(response); 977 978 buffer_clear(m); 979 buffer_put_int(m, authok); 980 981 debug3("%s: sending authenticated: %d", __func__, authok); 982 mm_request_send(sock, MONITOR_ANS_SKEYRESPOND, m); 983 984 auth_method = "skey"; 985 986 return (authok != 0); 987 } 988 #endif 989 990 #ifdef USE_PAM 991 int 992 mm_answer_pam_start(int sock, Buffer *m) 993 { 994 if (!options.use_pam) 995 fatal("UsePAM not set, but ended up in %s anyway", __func__); 996 997 start_pam(authctxt); 998 999 monitor_permit(mon_dispatch, MONITOR_REQ_PAM_ACCOUNT, 1); 1000 1001 return (0); 1002 } 1003 1004 int 1005 mm_answer_pam_account(int sock, Buffer *m) 1006 { 1007 u_int ret; 1008 1009 if (!options.use_pam) 1010 fatal("UsePAM not set, but ended up in %s anyway", __func__); 1011 1012 ret = do_pam_account(); 1013 1014 buffer_put_int(m, ret); 1015 buffer_put_string(m, buffer_ptr(&loginmsg), buffer_len(&loginmsg)); 1016 1017 mm_request_send(sock, MONITOR_ANS_PAM_ACCOUNT, m); 1018 1019 return (ret); 1020 } 1021 1022 static void *sshpam_ctxt, *sshpam_authok; 1023 extern KbdintDevice sshpam_device; 1024 1025 int 1026 mm_answer_pam_init_ctx(int sock, Buffer *m) 1027 { 1028 1029 debug3("%s", __func__); 1030 authctxt->user = buffer_get_string(m, NULL); 1031 sshpam_ctxt = (sshpam_device.init_ctx)(authctxt); 1032 sshpam_authok = NULL; 1033 buffer_clear(m); 1034 if (sshpam_ctxt != NULL) { 1035 monitor_permit(mon_dispatch, MONITOR_REQ_PAM_FREE_CTX, 1); 1036 buffer_put_int(m, 1); 1037 } else { 1038 buffer_put_int(m, 0); 1039 } 1040 mm_request_send(sock, MONITOR_ANS_PAM_INIT_CTX, m); 1041 return (0); 1042 } 1043 1044 int 1045 mm_answer_pam_query(int sock, Buffer *m) 1046 { 1047 char *name, *info, **prompts; 1048 u_int i, num, *echo_on; 1049 int ret; 1050 1051 debug3("%s", __func__); 1052 sshpam_authok = NULL; 1053 ret = (sshpam_device.query)(sshpam_ctxt, &name, &info, &num, &prompts, &echo_on); 1054 if (ret == 0 && num == 0) 1055 sshpam_authok = sshpam_ctxt; 1056 if (num > 1 || name == NULL || info == NULL) 1057 ret = -1; 1058 buffer_clear(m); 1059 buffer_put_int(m, ret); 1060 buffer_put_cstring(m, name); 1061 xfree(name); 1062 buffer_put_cstring(m, info); 1063 xfree(info); 1064 buffer_put_int(m, num); 1065 for (i = 0; i < num; ++i) { 1066 buffer_put_cstring(m, prompts[i]); 1067 xfree(prompts[i]); 1068 buffer_put_int(m, echo_on[i]); 1069 } 1070 if (prompts != NULL) 1071 xfree(prompts); 1072 if (echo_on != NULL) 1073 xfree(echo_on); 1074 auth_method = "keyboard-interactive/pam"; 1075 mm_request_send(sock, MONITOR_ANS_PAM_QUERY, m); 1076 return (0); 1077 } 1078 1079 int 1080 mm_answer_pam_respond(int sock, Buffer *m) 1081 { 1082 char **resp; 1083 u_int i, num; 1084 int ret; 1085 1086 debug3("%s", __func__); 1087 sshpam_authok = NULL; 1088 num = buffer_get_int(m); 1089 if (num > 0) { 1090 resp = xmalloc(num * sizeof(char *)); 1091 for (i = 0; i < num; ++i) 1092 resp[i] = buffer_get_string(m, NULL); 1093 ret = (sshpam_device.respond)(sshpam_ctxt, num, resp); 1094 for (i = 0; i < num; ++i) 1095 xfree(resp[i]); 1096 xfree(resp); 1097 } else { 1098 ret = (sshpam_device.respond)(sshpam_ctxt, num, NULL); 1099 } 1100 buffer_clear(m); 1101 buffer_put_int(m, ret); 1102 mm_request_send(sock, MONITOR_ANS_PAM_RESPOND, m); 1103 auth_method = "keyboard-interactive/pam"; 1104 if (ret == 0) 1105 sshpam_authok = sshpam_ctxt; 1106 return (0); 1107 } 1108 1109 int 1110 mm_answer_pam_free_ctx(int sock, Buffer *m) 1111 { 1112 1113 debug3("%s", __func__); 1114 (sshpam_device.free_ctx)(sshpam_ctxt); 1115 buffer_clear(m); 1116 mm_request_send(sock, MONITOR_ANS_PAM_FREE_CTX, m); 1117 auth_method = "keyboard-interactive/pam"; 1118 return (sshpam_authok == sshpam_ctxt); 1119 } 1120 #endif 1121 1122 int 1123 mm_answer_keyallowed(int sock, Buffer *m) 1124 { 1125 Key *key; 1126 char *cuser, *chost; 1127 u_char *blob; 1128 u_int bloblen; 1129 enum mm_keytype type = 0; 1130 int allowed = 0; 1131 1132 debug3("%s entering", __func__); 1133 1134 type = buffer_get_int(m); 1135 cuser = buffer_get_string(m, NULL); 1136 chost = buffer_get_string(m, NULL); 1137 blob = buffer_get_string(m, &bloblen); 1138 1139 key = key_from_blob(blob, bloblen); 1140 1141 if ((compat20 && type == MM_RSAHOSTKEY) || 1142 (!compat20 && type != MM_RSAHOSTKEY)) 1143 fatal("%s: key type and protocol mismatch", __func__); 1144 1145 debug3("%s: key_from_blob: %p", __func__, key); 1146 1147 if (key != NULL && authctxt->valid) { 1148 switch (type) { 1149 case MM_USERKEY: 1150 allowed = options.pubkey_authentication && 1151 user_key_allowed(authctxt->pw, key); 1152 auth_method = "publickey"; 1153 if (options.pubkey_authentication && allowed != 1) 1154 auth_clear_options(); 1155 break; 1156 case MM_HOSTKEY: 1157 allowed = options.hostbased_authentication && 1158 hostbased_key_allowed(authctxt->pw, 1159 cuser, chost, key); 1160 auth_method = "hostbased"; 1161 break; 1162 case MM_RSAHOSTKEY: 1163 key->type = KEY_RSA1; /* XXX */ 1164 allowed = options.rhosts_rsa_authentication && 1165 auth_rhosts_rsa_key_allowed(authctxt->pw, 1166 cuser, chost, key); 1167 if (options.rhosts_rsa_authentication && allowed != 1) 1168 auth_clear_options(); 1169 auth_method = "rsa"; 1170 break; 1171 default: 1172 fatal("%s: unknown key type %d", __func__, type); 1173 break; 1174 } 1175 } 1176 if (key != NULL) 1177 key_free(key); 1178 1179 /* clear temporarily storage (used by verify) */ 1180 monitor_reset_key_state(); 1181 1182 if (allowed) { 1183 /* Save temporarily for comparison in verify */ 1184 key_blob = blob; 1185 key_bloblen = bloblen; 1186 key_blobtype = type; 1187 hostbased_cuser = cuser; 1188 hostbased_chost = chost; 1189 } else { 1190 /* Log failed attempt */ 1191 auth_log(authctxt, 0, 0, auth_method, NULL, 1192 compat20 ? " ssh2" : ""); 1193 xfree(blob); 1194 xfree(cuser); 1195 xfree(chost); 1196 } 1197 1198 debug3("%s: key %p is %s", 1199 __func__, key, allowed ? "allowed" : "not allowed"); 1200 1201 buffer_clear(m); 1202 buffer_put_int(m, allowed); 1203 buffer_put_int(m, forced_command != NULL); 1204 1205 mm_request_send(sock, MONITOR_ANS_KEYALLOWED, m); 1206 1207 if (type == MM_RSAHOSTKEY) 1208 monitor_permit(mon_dispatch, MONITOR_REQ_RSACHALLENGE, allowed); 1209 1210 return (0); 1211 } 1212 1213 static int 1214 monitor_valid_userblob(u_char *data, u_int datalen) 1215 { 1216 Buffer b; 1217 char *p; 1218 u_int len; 1219 int fail = 0; 1220 1221 buffer_init(&b); 1222 buffer_append(&b, data, datalen); 1223 1224 if (datafellows & SSH_OLD_SESSIONID) { 1225 p = buffer_ptr(&b); 1226 len = buffer_len(&b); 1227 if ((session_id2 == NULL) || 1228 (len < session_id2_len) || 1229 (timingsafe_bcmp(p, session_id2, session_id2_len) != 0)) 1230 fail++; 1231 buffer_consume(&b, session_id2_len); 1232 } else { 1233 p = buffer_get_string(&b, &len); 1234 if ((session_id2 == NULL) || 1235 (len != session_id2_len) || 1236 (timingsafe_bcmp(p, session_id2, session_id2_len) != 0)) 1237 fail++; 1238 xfree(p); 1239 } 1240 if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST) 1241 fail++; 1242 p = buffer_get_string(&b, NULL); 1243 if (strcmp(authctxt->user, p) != 0) { 1244 logit("wrong user name passed to monitor: expected %s != %.100s", 1245 authctxt->user, p); 1246 fail++; 1247 } 1248 xfree(p); 1249 buffer_skip_string(&b); 1250 if (datafellows & SSH_BUG_PKAUTH) { 1251 if (!buffer_get_char(&b)) 1252 fail++; 1253 } else { 1254 p = buffer_get_string(&b, NULL); 1255 if (strcmp("publickey", p) != 0) 1256 fail++; 1257 xfree(p); 1258 if (!buffer_get_char(&b)) 1259 fail++; 1260 buffer_skip_string(&b); 1261 } 1262 buffer_skip_string(&b); 1263 if (buffer_len(&b) != 0) 1264 fail++; 1265 buffer_free(&b); 1266 return (fail == 0); 1267 } 1268 1269 static int 1270 monitor_valid_hostbasedblob(u_char *data, u_int datalen, char *cuser, 1271 char *chost) 1272 { 1273 Buffer b; 1274 char *p; 1275 u_int len; 1276 int fail = 0; 1277 1278 buffer_init(&b); 1279 buffer_append(&b, data, datalen); 1280 1281 p = buffer_get_string(&b, &len); 1282 if ((session_id2 == NULL) || 1283 (len != session_id2_len) || 1284 (timingsafe_bcmp(p, session_id2, session_id2_len) != 0)) 1285 fail++; 1286 xfree(p); 1287 1288 if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST) 1289 fail++; 1290 p = buffer_get_string(&b, NULL); 1291 if (strcmp(authctxt->user, p) != 0) { 1292 logit("wrong user name passed to monitor: expected %s != %.100s", 1293 authctxt->user, p); 1294 fail++; 1295 } 1296 xfree(p); 1297 buffer_skip_string(&b); /* service */ 1298 p = buffer_get_string(&b, NULL); 1299 if (strcmp(p, "hostbased") != 0) 1300 fail++; 1301 xfree(p); 1302 buffer_skip_string(&b); /* pkalg */ 1303 buffer_skip_string(&b); /* pkblob */ 1304 1305 /* verify client host, strip trailing dot if necessary */ 1306 p = buffer_get_string(&b, NULL); 1307 if (((len = strlen(p)) > 0) && p[len - 1] == '.') 1308 p[len - 1] = '\0'; 1309 if (strcmp(p, chost) != 0) 1310 fail++; 1311 xfree(p); 1312 1313 /* verify client user */ 1314 p = buffer_get_string(&b, NULL); 1315 if (strcmp(p, cuser) != 0) 1316 fail++; 1317 xfree(p); 1318 1319 if (buffer_len(&b) != 0) 1320 fail++; 1321 buffer_free(&b); 1322 return (fail == 0); 1323 } 1324 1325 int 1326 mm_answer_keyverify(int sock, Buffer *m) 1327 { 1328 Key *key; 1329 u_char *signature, *data, *blob; 1330 u_int signaturelen, datalen, bloblen; 1331 int verified = 0; 1332 int valid_data = 0; 1333 1334 blob = buffer_get_string(m, &bloblen); 1335 signature = buffer_get_string(m, &signaturelen); 1336 data = buffer_get_string(m, &datalen); 1337 1338 if (hostbased_cuser == NULL || hostbased_chost == NULL || 1339 !monitor_allowed_key(blob, bloblen)) 1340 fatal("%s: bad key, not previously allowed", __func__); 1341 1342 key = key_from_blob(blob, bloblen); 1343 if (key == NULL) 1344 fatal("%s: bad public key blob", __func__); 1345 1346 switch (key_blobtype) { 1347 case MM_USERKEY: 1348 valid_data = monitor_valid_userblob(data, datalen); 1349 break; 1350 case MM_HOSTKEY: 1351 valid_data = monitor_valid_hostbasedblob(data, datalen, 1352 hostbased_cuser, hostbased_chost); 1353 break; 1354 default: 1355 valid_data = 0; 1356 break; 1357 } 1358 if (!valid_data) 1359 fatal("%s: bad signature data blob", __func__); 1360 1361 verified = key_verify(key, signature, signaturelen, data, datalen); 1362 debug3("%s: key %p signature %s", 1363 __func__, key, (verified == 1) ? "verified" : "unverified"); 1364 1365 key_free(key); 1366 xfree(blob); 1367 xfree(signature); 1368 xfree(data); 1369 1370 auth_method = key_blobtype == MM_USERKEY ? "publickey" : "hostbased"; 1371 1372 monitor_reset_key_state(); 1373 1374 buffer_clear(m); 1375 buffer_put_int(m, verified); 1376 mm_request_send(sock, MONITOR_ANS_KEYVERIFY, m); 1377 1378 return (verified == 1); 1379 } 1380 1381 static void 1382 mm_record_login(Session *s, struct passwd *pw) 1383 { 1384 socklen_t fromlen; 1385 struct sockaddr_storage from; 1386 1387 /* 1388 * Get IP address of client. If the connection is not a socket, let 1389 * the address be 0.0.0.0. 1390 */ 1391 memset(&from, 0, sizeof(from)); 1392 fromlen = sizeof(from); 1393 if (packet_connection_is_on_socket()) { 1394 if (getpeername(packet_get_connection_in(), 1395 (struct sockaddr *)&from, &fromlen) < 0) { 1396 debug("getpeername: %.100s", strerror(errno)); 1397 cleanup_exit(255); 1398 } 1399 } 1400 /* Record that there was a login on that tty from the remote host. */ 1401 record_login(s->pid, s->tty, pw->pw_name, pw->pw_uid, 1402 get_remote_name_or_ip(utmp_len, options.use_dns), 1403 (struct sockaddr *)&from, fromlen); 1404 } 1405 1406 static void 1407 mm_session_close(Session *s) 1408 { 1409 debug3("%s: session %d pid %ld", __func__, s->self, (long)s->pid); 1410 if (s->ttyfd != -1) { 1411 debug3("%s: tty %s ptyfd %d", __func__, s->tty, s->ptyfd); 1412 session_pty_cleanup2(s); 1413 } 1414 session_unused(s->self); 1415 } 1416 1417 int 1418 mm_answer_pty(int sock, Buffer *m) 1419 { 1420 extern struct monitor *pmonitor; 1421 Session *s; 1422 int res, fd0; 1423 1424 debug3("%s entering", __func__); 1425 1426 buffer_clear(m); 1427 s = session_new(); 1428 if (s == NULL) 1429 goto error; 1430 s->authctxt = authctxt; 1431 s->pw = authctxt->pw; 1432 s->pid = pmonitor->m_pid; 1433 res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty)); 1434 if (res == 0) 1435 goto error; 1436 pty_setowner(authctxt->pw, s->tty); 1437 1438 buffer_put_int(m, 1); 1439 buffer_put_cstring(m, s->tty); 1440 1441 /* We need to trick ttyslot */ 1442 if (dup2(s->ttyfd, 0) == -1) 1443 fatal("%s: dup2", __func__); 1444 1445 mm_record_login(s, authctxt->pw); 1446 1447 /* Now we can close the file descriptor again */ 1448 close(0); 1449 1450 /* send messages generated by record_login */ 1451 buffer_put_string(m, buffer_ptr(&loginmsg), buffer_len(&loginmsg)); 1452 buffer_clear(&loginmsg); 1453 1454 mm_request_send(sock, MONITOR_ANS_PTY, m); 1455 1456 if (mm_send_fd(sock, s->ptyfd) == -1 || 1457 mm_send_fd(sock, s->ttyfd) == -1) 1458 fatal("%s: send fds failed", __func__); 1459 1460 /* make sure nothing uses fd 0 */ 1461 if ((fd0 = open(_PATH_DEVNULL, O_RDONLY)) < 0) 1462 fatal("%s: open(/dev/null): %s", __func__, strerror(errno)); 1463 if (fd0 != 0) 1464 error("%s: fd0 %d != 0", __func__, fd0); 1465 1466 /* slave is not needed */ 1467 close(s->ttyfd); 1468 s->ttyfd = s->ptyfd; 1469 /* no need to dup() because nobody closes ptyfd */ 1470 s->ptymaster = s->ptyfd; 1471 1472 debug3("%s: tty %s ptyfd %d", __func__, s->tty, s->ttyfd); 1473 1474 return (0); 1475 1476 error: 1477 if (s != NULL) 1478 mm_session_close(s); 1479 buffer_put_int(m, 0); 1480 mm_request_send(sock, MONITOR_ANS_PTY, m); 1481 return (0); 1482 } 1483 1484 int 1485 mm_answer_pty_cleanup(int sock, Buffer *m) 1486 { 1487 Session *s; 1488 char *tty; 1489 1490 debug3("%s entering", __func__); 1491 1492 tty = buffer_get_string(m, NULL); 1493 if ((s = session_by_tty(tty)) != NULL) 1494 mm_session_close(s); 1495 buffer_clear(m); 1496 xfree(tty); 1497 return (0); 1498 } 1499 1500 int 1501 mm_answer_sesskey(int sock, Buffer *m) 1502 { 1503 BIGNUM *p; 1504 int rsafail; 1505 1506 /* Turn off permissions */ 1507 monitor_permit(mon_dispatch, MONITOR_REQ_SESSKEY, 0); 1508 1509 if ((p = BN_new()) == NULL) 1510 fatal("%s: BN_new", __func__); 1511 1512 buffer_get_bignum2(m, p); 1513 1514 rsafail = ssh1_session_key(p); 1515 1516 buffer_clear(m); 1517 buffer_put_int(m, rsafail); 1518 buffer_put_bignum2(m, p); 1519 1520 BN_clear_free(p); 1521 1522 mm_request_send(sock, MONITOR_ANS_SESSKEY, m); 1523 1524 /* Turn on permissions for sessid passing */ 1525 monitor_permit(mon_dispatch, MONITOR_REQ_SESSID, 1); 1526 1527 return (0); 1528 } 1529 1530 int 1531 mm_answer_sessid(int sock, Buffer *m) 1532 { 1533 int i; 1534 1535 debug3("%s entering", __func__); 1536 1537 if (buffer_len(m) != 16) 1538 fatal("%s: bad ssh1 session id", __func__); 1539 for (i = 0; i < 16; i++) 1540 session_id[i] = buffer_get_char(m); 1541 1542 /* Turn on permissions for getpwnam */ 1543 monitor_permit(mon_dispatch, MONITOR_REQ_PWNAM, 1); 1544 1545 return (0); 1546 } 1547 1548 int 1549 mm_answer_rsa_keyallowed(int sock, Buffer *m) 1550 { 1551 BIGNUM *client_n; 1552 Key *key = NULL; 1553 u_char *blob = NULL; 1554 u_int blen = 0; 1555 int allowed = 0; 1556 1557 debug3("%s entering", __func__); 1558 1559 auth_method = "rsa"; 1560 if (options.rsa_authentication && authctxt->valid) { 1561 if ((client_n = BN_new()) == NULL) 1562 fatal("%s: BN_new", __func__); 1563 buffer_get_bignum2(m, client_n); 1564 allowed = auth_rsa_key_allowed(authctxt->pw, client_n, &key); 1565 BN_clear_free(client_n); 1566 } 1567 buffer_clear(m); 1568 buffer_put_int(m, allowed); 1569 buffer_put_int(m, forced_command != NULL); 1570 1571 /* clear temporarily storage (used by generate challenge) */ 1572 monitor_reset_key_state(); 1573 1574 if (allowed && key != NULL) { 1575 key->type = KEY_RSA; /* cheat for key_to_blob */ 1576 if (key_to_blob(key, &blob, &blen) == 0) 1577 fatal("%s: key_to_blob failed", __func__); 1578 buffer_put_string(m, blob, blen); 1579 1580 /* Save temporarily for comparison in verify */ 1581 key_blob = blob; 1582 key_bloblen = blen; 1583 key_blobtype = MM_RSAUSERKEY; 1584 } 1585 if (key != NULL) 1586 key_free(key); 1587 1588 mm_request_send(sock, MONITOR_ANS_RSAKEYALLOWED, m); 1589 1590 monitor_permit(mon_dispatch, MONITOR_REQ_RSACHALLENGE, allowed); 1591 monitor_permit(mon_dispatch, MONITOR_REQ_RSARESPONSE, 0); 1592 return (0); 1593 } 1594 1595 int 1596 mm_answer_rsa_challenge(int sock, Buffer *m) 1597 { 1598 Key *key = NULL; 1599 u_char *blob; 1600 u_int blen; 1601 1602 debug3("%s entering", __func__); 1603 1604 if (!authctxt->valid) 1605 fatal("%s: authctxt not valid", __func__); 1606 blob = buffer_get_string(m, &blen); 1607 if (!monitor_allowed_key(blob, blen)) 1608 fatal("%s: bad key, not previously allowed", __func__); 1609 if (key_blobtype != MM_RSAUSERKEY && key_blobtype != MM_RSAHOSTKEY) 1610 fatal("%s: key type mismatch", __func__); 1611 if ((key = key_from_blob(blob, blen)) == NULL) 1612 fatal("%s: received bad key", __func__); 1613 if (key->type != KEY_RSA) 1614 fatal("%s: received bad key type %d", __func__, key->type); 1615 key->type = KEY_RSA1; 1616 if (ssh1_challenge) 1617 BN_clear_free(ssh1_challenge); 1618 ssh1_challenge = auth_rsa_generate_challenge(key); 1619 1620 buffer_clear(m); 1621 buffer_put_bignum2(m, ssh1_challenge); 1622 1623 debug3("%s sending reply", __func__); 1624 mm_request_send(sock, MONITOR_ANS_RSACHALLENGE, m); 1625 1626 monitor_permit(mon_dispatch, MONITOR_REQ_RSARESPONSE, 1); 1627 1628 xfree(blob); 1629 key_free(key); 1630 return (0); 1631 } 1632 1633 int 1634 mm_answer_rsa_response(int sock, Buffer *m) 1635 { 1636 Key *key = NULL; 1637 u_char *blob, *response; 1638 u_int blen, len; 1639 int success; 1640 1641 debug3("%s entering", __func__); 1642 1643 if (!authctxt->valid) 1644 fatal("%s: authctxt not valid", __func__); 1645 if (ssh1_challenge == NULL) 1646 fatal("%s: no ssh1_challenge", __func__); 1647 1648 blob = buffer_get_string(m, &blen); 1649 if (!monitor_allowed_key(blob, blen)) 1650 fatal("%s: bad key, not previously allowed", __func__); 1651 if (key_blobtype != MM_RSAUSERKEY && key_blobtype != MM_RSAHOSTKEY) 1652 fatal("%s: key type mismatch: %d", __func__, key_blobtype); 1653 if ((key = key_from_blob(blob, blen)) == NULL) 1654 fatal("%s: received bad key", __func__); 1655 response = buffer_get_string(m, &len); 1656 if (len != 16) 1657 fatal("%s: received bad response to challenge", __func__); 1658 success = auth_rsa_verify_response(key, ssh1_challenge, response); 1659 1660 xfree(blob); 1661 key_free(key); 1662 xfree(response); 1663 1664 auth_method = key_blobtype == MM_RSAUSERKEY ? "rsa" : "rhosts-rsa"; 1665 1666 /* reset state */ 1667 BN_clear_free(ssh1_challenge); 1668 ssh1_challenge = NULL; 1669 monitor_reset_key_state(); 1670 1671 buffer_clear(m); 1672 buffer_put_int(m, success); 1673 mm_request_send(sock, MONITOR_ANS_RSARESPONSE, m); 1674 1675 return (success); 1676 } 1677 1678 #ifdef KRB4 1679 int 1680 mm_answer_krb4(int socket, Buffer *m) 1681 { 1682 KTEXT_ST auth, reply; 1683 char *client, *p; 1684 int success; 1685 u_int alen; 1686 1687 reply.length = auth.length = 0; 1688 1689 p = buffer_get_string(m, &alen); 1690 if (alen >= MAX_KTXT_LEN) 1691 fatal("%s: auth too large", __func__); 1692 memcpy(auth.dat, p, alen); 1693 auth.length = alen; 1694 memset(p, 0, alen); 1695 xfree(p); 1696 1697 success = options.kerberos_authentication && 1698 authctxt->valid && 1699 auth_krb4(authctxt, &auth, &client, &reply); 1700 1701 memset(auth.dat, 0, alen); 1702 buffer_clear(m); 1703 buffer_put_int(m, success); 1704 1705 if (success) { 1706 buffer_put_cstring(m, client); 1707 buffer_put_string(m, reply.dat, reply.length); 1708 if (client) 1709 xfree(client); 1710 if (reply.length) 1711 memset(reply.dat, 0, reply.length); 1712 } 1713 1714 debug3("%s: sending result %d", __func__, success); 1715 mm_request_send(socket, MONITOR_ANS_KRB4, m); 1716 1717 auth_method = "kerberos"; 1718 1719 /* Causes monitor loop to terminate if authenticated */ 1720 return (success); 1721 } 1722 #endif 1723 1724 #ifdef KRB5 1725 int 1726 mm_answer_krb5(int xsocket, Buffer *m) 1727 { 1728 krb5_data tkt, reply; 1729 char *client_user; 1730 u_int len; 1731 int success; 1732 1733 /* use temporary var to avoid size issues on 64bit arch */ 1734 tkt.data = buffer_get_string(m, &len); 1735 tkt.length = len; 1736 1737 success = options.kerberos_authentication && 1738 authctxt->valid && 1739 auth_krb5(authctxt, &tkt, &client_user, &reply); 1740 1741 if (tkt.length) 1742 xfree(tkt.data); 1743 1744 buffer_clear(m); 1745 buffer_put_int(m, success); 1746 1747 if (success) { 1748 buffer_put_cstring(m, client_user); 1749 buffer_put_string(m, reply.data, reply.length); 1750 if (client_user) 1751 xfree(client_user); 1752 if (reply.length) 1753 xfree(reply.data); 1754 } 1755 mm_request_send(xsocket, MONITOR_ANS_KRB5, m); 1756 1757 auth_method = "kerberos"; 1758 1759 return success; 1760 } 1761 #endif 1762 1763 int 1764 mm_answer_term(int sock, Buffer *req) 1765 { 1766 extern struct monitor *pmonitor; 1767 int res, status; 1768 1769 debug3("%s: tearing down sessions", __func__); 1770 1771 /* The child is terminating */ 1772 session_destroy_all(&mm_session_close); 1773 1774 while (waitpid(pmonitor->m_pid, &status, 0) == -1) 1775 if (errno != EINTR) 1776 exit(1); 1777 1778 res = WIFEXITED(status) ? WEXITSTATUS(status) : 1; 1779 1780 /* Terminate process */ 1781 exit(res); 1782 } 1783 1784 void 1785 monitor_apply_keystate(struct monitor *pmonitor) 1786 { 1787 if (compat20) { 1788 set_newkeys(MODE_IN); 1789 set_newkeys(MODE_OUT); 1790 } else { 1791 packet_set_protocol_flags(child_state.ssh1protoflags); 1792 packet_set_encryption_key(child_state.ssh1key, 1793 child_state.ssh1keylen, child_state.ssh1cipher); 1794 xfree(child_state.ssh1key); 1795 } 1796 1797 /* for rc4 and other stateful ciphers */ 1798 packet_set_keycontext(MODE_OUT, child_state.keyout); 1799 xfree(child_state.keyout); 1800 packet_set_keycontext(MODE_IN, child_state.keyin); 1801 xfree(child_state.keyin); 1802 1803 if (!compat20) { 1804 packet_set_iv(MODE_OUT, child_state.ivout); 1805 xfree(child_state.ivout); 1806 packet_set_iv(MODE_IN, child_state.ivin); 1807 xfree(child_state.ivin); 1808 } 1809 1810 memcpy(&incoming_stream, &child_state.incoming, 1811 sizeof(incoming_stream)); 1812 memcpy(&outgoing_stream, &child_state.outgoing, 1813 sizeof(outgoing_stream)); 1814 1815 /* Update with new address */ 1816 if (options.compression) 1817 mm_init_compression(pmonitor->m_zlib); 1818 1819 /* Network I/O buffers */ 1820 /* XXX inefficient for large buffers, need: buffer_init_from_string */ 1821 buffer_clear(packet_get_input()); 1822 buffer_append(packet_get_input(), child_state.input, child_state.ilen); 1823 memset(child_state.input, 0, child_state.ilen); 1824 xfree(child_state.input); 1825 1826 buffer_clear(packet_get_output()); 1827 buffer_append(packet_get_output(), child_state.output, 1828 child_state.olen); 1829 memset(child_state.output, 0, child_state.olen); 1830 xfree(child_state.output); 1831 1832 /* Roaming */ 1833 if (compat20) 1834 roam_set_bytes(child_state.sent_bytes, child_state.recv_bytes); 1835 } 1836 1837 static Kex * 1838 mm_get_kex(Buffer *m) 1839 { 1840 Kex *kex; 1841 void *blob; 1842 u_int bloblen; 1843 1844 kex = xcalloc(1, sizeof(*kex)); 1845 kex->session_id = buffer_get_string(m, &kex->session_id_len); 1846 if (session_id2 == NULL || 1847 kex->session_id_len != session_id2_len || 1848 timingsafe_bcmp(kex->session_id, session_id2, session_id2_len) != 0) 1849 fatal("mm_get_get: internal error: bad session id"); 1850 kex->we_need = buffer_get_int(m); 1851 kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; 1852 kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; 1853 kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; 1854 kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; 1855 kex->kex[KEX_ECDH_SHA2] = kexecdh_server; 1856 kex->server = 1; 1857 kex->hostkey_type = buffer_get_int(m); 1858 kex->kex_type = buffer_get_int(m); 1859 blob = buffer_get_string(m, &bloblen); 1860 buffer_init(&kex->my); 1861 buffer_append(&kex->my, blob, bloblen); 1862 xfree(blob); 1863 blob = buffer_get_string(m, &bloblen); 1864 buffer_init(&kex->peer); 1865 buffer_append(&kex->peer, blob, bloblen); 1866 xfree(blob); 1867 kex->done = 1; 1868 kex->flags = buffer_get_int(m); 1869 kex->client_version_string = buffer_get_string(m, NULL); 1870 kex->server_version_string = buffer_get_string(m, NULL); 1871 kex->load_host_public_key=&get_hostkey_public_by_type; 1872 kex->load_host_private_key=&get_hostkey_private_by_type; 1873 kex->host_key_index=&get_hostkey_index; 1874 1875 return (kex); 1876 } 1877 1878 /* This function requries careful sanity checking */ 1879 1880 void 1881 mm_get_keystate(struct monitor *pmonitor) 1882 { 1883 Buffer m; 1884 u_char *blob, *p; 1885 u_int bloblen, plen; 1886 u_int32_t seqnr, packets; 1887 u_int64_t blocks, bytes; 1888 1889 debug3("%s: Waiting for new keys", __func__); 1890 1891 buffer_init(&m); 1892 mm_request_receive_expect(pmonitor->m_sendfd, MONITOR_REQ_KEYEXPORT, &m); 1893 if (!compat20) { 1894 child_state.ssh1protoflags = buffer_get_int(&m); 1895 child_state.ssh1cipher = buffer_get_int(&m); 1896 child_state.ssh1key = buffer_get_string(&m, 1897 &child_state.ssh1keylen); 1898 child_state.ivout = buffer_get_string(&m, 1899 &child_state.ivoutlen); 1900 child_state.ivin = buffer_get_string(&m, &child_state.ivinlen); 1901 goto skip; 1902 } else { 1903 /* Get the Kex for rekeying */ 1904 *pmonitor->m_pkex = mm_get_kex(&m); 1905 } 1906 1907 blob = buffer_get_string(&m, &bloblen); 1908 current_keys[MODE_OUT] = mm_newkeys_from_blob(blob, bloblen); 1909 xfree(blob); 1910 1911 debug3("%s: Waiting for second key", __func__); 1912 blob = buffer_get_string(&m, &bloblen); 1913 current_keys[MODE_IN] = mm_newkeys_from_blob(blob, bloblen); 1914 xfree(blob); 1915 1916 /* Now get sequence numbers for the packets */ 1917 seqnr = buffer_get_int(&m); 1918 blocks = buffer_get_int64(&m); 1919 packets = buffer_get_int(&m); 1920 bytes = buffer_get_int64(&m); 1921 packet_set_state(MODE_OUT, seqnr, blocks, packets, bytes); 1922 seqnr = buffer_get_int(&m); 1923 blocks = buffer_get_int64(&m); 1924 packets = buffer_get_int(&m); 1925 bytes = buffer_get_int64(&m); 1926 packet_set_state(MODE_IN, seqnr, blocks, packets, bytes); 1927 1928 skip: 1929 /* Get the key context */ 1930 child_state.keyout = buffer_get_string(&m, &child_state.keyoutlen); 1931 child_state.keyin = buffer_get_string(&m, &child_state.keyinlen); 1932 1933 debug3("%s: Getting compression state", __func__); 1934 /* Get compression state */ 1935 p = buffer_get_string(&m, &plen); 1936 if (plen != sizeof(child_state.outgoing)) 1937 fatal("%s: bad request size", __func__); 1938 memcpy(&child_state.outgoing, p, sizeof(child_state.outgoing)); 1939 xfree(p); 1940 1941 p = buffer_get_string(&m, &plen); 1942 if (plen != sizeof(child_state.incoming)) 1943 fatal("%s: bad request size", __func__); 1944 memcpy(&child_state.incoming, p, sizeof(child_state.incoming)); 1945 xfree(p); 1946 1947 /* Network I/O buffers */ 1948 debug3("%s: Getting Network I/O buffers", __func__); 1949 child_state.input = buffer_get_string(&m, &child_state.ilen); 1950 child_state.output = buffer_get_string(&m, &child_state.olen); 1951 1952 /* Roaming */ 1953 if (compat20) { 1954 child_state.sent_bytes = buffer_get_int64(&m); 1955 child_state.recv_bytes = buffer_get_int64(&m); 1956 } 1957 1958 buffer_free(&m); 1959 } 1960 1961 1962 /* Allocation functions for zlib */ 1963 void * 1964 mm_zalloc(struct mm_master *mm, u_int ncount, u_int size) 1965 { 1966 size_t len = (size_t) size * ncount; 1967 void *address; 1968 1969 if (len == 0 || ncount > SIZE_T_MAX / size) 1970 fatal("%s: mm_zalloc(%u, %u)", __func__, ncount, size); 1971 1972 address = mm_malloc(mm, len); 1973 1974 return (address); 1975 } 1976 1977 void 1978 mm_zfree(struct mm_master *mm, void *address) 1979 { 1980 mm_free(mm, address); 1981 } 1982 1983 void 1984 mm_init_compression(struct mm_master *mm) 1985 { 1986 outgoing_stream.zalloc = (alloc_func)mm_zalloc; 1987 outgoing_stream.zfree = (free_func)mm_zfree; 1988 outgoing_stream.opaque = mm; 1989 1990 incoming_stream.zalloc = (alloc_func)mm_zalloc; 1991 incoming_stream.zfree = (free_func)mm_zfree; 1992 incoming_stream.opaque = mm; 1993 } 1994 1995 /* XXX */ 1996 1997 #define FD_CLOSEONEXEC(x) do { \ 1998 if (fcntl(x, F_SETFD, FD_CLOEXEC) == -1) \ 1999 fatal("fcntl(%d, F_SETFD)", x); \ 2000 } while (0) 2001 2002 static void 2003 monitor_openfds(struct monitor *mon, int do_logfds) 2004 { 2005 int pair[2]; 2006 2007 if (socketpair(AF_UNIX, SOCK_STREAM, 0, pair) == -1) 2008 fatal("%s: socketpair: %s", __func__, strerror(errno)); 2009 FD_CLOSEONEXEC(pair[0]); 2010 FD_CLOSEONEXEC(pair[1]); 2011 mon->m_recvfd = pair[0]; 2012 mon->m_sendfd = pair[1]; 2013 2014 if (do_logfds) { 2015 if (pipe(pair) == -1) 2016 fatal("%s: pipe: %s", __func__, strerror(errno)); 2017 FD_CLOSEONEXEC(pair[0]); 2018 FD_CLOSEONEXEC(pair[1]); 2019 mon->m_log_recvfd = pair[0]; 2020 mon->m_log_sendfd = pair[1]; 2021 } else 2022 mon->m_log_recvfd = mon->m_log_sendfd = -1; 2023 } 2024 2025 #define MM_MEMSIZE 65536 2026 2027 struct monitor * 2028 monitor_init(void) 2029 { 2030 struct monitor *mon; 2031 2032 mon = xcalloc(1, sizeof(*mon)); 2033 2034 monitor_openfds(mon, 1); 2035 2036 /* Used to share zlib space across processes */ 2037 if (options.compression) { 2038 mon->m_zback = mm_create(NULL, MM_MEMSIZE); 2039 mon->m_zlib = mm_create(mon->m_zback, 20 * MM_MEMSIZE); 2040 2041 /* Compression needs to share state across borders */ 2042 mm_init_compression(mon->m_zlib); 2043 } 2044 2045 return mon; 2046 } 2047 2048 void 2049 monitor_reinit(struct monitor *mon) 2050 { 2051 monitor_openfds(mon, 0); 2052 } 2053 2054 #ifdef GSSAPI 2055 int 2056 mm_answer_gss_setup_ctx(int sock, Buffer *m) 2057 { 2058 gss_OID_desc goid; 2059 OM_uint32 major; 2060 u_int len; 2061 2062 goid.elements = buffer_get_string(m, &len); 2063 goid.length = len; 2064 2065 major = ssh_gssapi_server_ctx(&gsscontext, &goid); 2066 2067 xfree(goid.elements); 2068 2069 buffer_clear(m); 2070 buffer_put_int(m, major); 2071 2072 mm_request_send(sock, MONITOR_ANS_GSSSETUP, m); 2073 2074 /* Now we have a context, enable the step */ 2075 monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 1); 2076 2077 return (0); 2078 } 2079 2080 int 2081 mm_answer_gss_accept_ctx(int sock, Buffer *m) 2082 { 2083 gss_buffer_desc in; 2084 gss_buffer_desc out = GSS_C_EMPTY_BUFFER; 2085 OM_uint32 major, minor; 2086 OM_uint32 flags = 0; /* GSI needs this */ 2087 u_int len; 2088 2089 in.value = buffer_get_string(m, &len); 2090 in.length = len; 2091 major = ssh_gssapi_accept_ctx(gsscontext, &in, &out, &flags); 2092 xfree(in.value); 2093 2094 buffer_clear(m); 2095 buffer_put_int(m, major); 2096 buffer_put_string(m, out.value, out.length); 2097 buffer_put_int(m, flags); 2098 mm_request_send(sock, MONITOR_ANS_GSSSTEP, m); 2099 2100 gss_release_buffer(&minor, &out); 2101 2102 if (major == GSS_S_COMPLETE) { 2103 monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 0); 2104 monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1); 2105 monitor_permit(mon_dispatch, MONITOR_REQ_GSSCHECKMIC, 1); 2106 } 2107 return (0); 2108 } 2109 2110 int 2111 mm_answer_gss_checkmic(int sock, Buffer *m) 2112 { 2113 gss_buffer_desc gssbuf, mic; 2114 OM_uint32 ret; 2115 u_int len; 2116 2117 gssbuf.value = buffer_get_string(m, &len); 2118 gssbuf.length = len; 2119 mic.value = buffer_get_string(m, &len); 2120 mic.length = len; 2121 2122 ret = ssh_gssapi_checkmic(gsscontext, &gssbuf, &mic); 2123 2124 xfree(gssbuf.value); 2125 xfree(mic.value); 2126 2127 buffer_clear(m); 2128 buffer_put_int(m, ret); 2129 2130 mm_request_send(sock, MONITOR_ANS_GSSCHECKMIC, m); 2131 2132 if (!GSS_ERROR(ret)) 2133 monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1); 2134 2135 return (0); 2136 } 2137 2138 int 2139 mm_answer_gss_userok(int sock, Buffer *m) 2140 { 2141 int authenticated; 2142 2143 authenticated = authctxt->valid && ssh_gssapi_userok(authctxt->user); 2144 2145 buffer_clear(m); 2146 buffer_put_int(m, authenticated); 2147 2148 debug3("%s: sending result %d", __func__, authenticated); 2149 mm_request_send(sock, MONITOR_ANS_GSSUSEROK, m); 2150 2151 auth_method = "gssapi-with-mic"; 2152 2153 /* Monitor loop will terminate if authenticated */ 2154 return (authenticated); 2155 } 2156 #endif /* GSSAPI */ 2157 2158 #ifdef JPAKE 2159 int 2160 mm_answer_jpake_step1(int sock, Buffer *m) 2161 { 2162 struct jpake_ctx *pctx; 2163 u_char *x3_proof, *x4_proof; 2164 u_int x3_proof_len, x4_proof_len; 2165 2166 if (!options.zero_knowledge_password_authentication) 2167 fatal("zero_knowledge_password_authentication disabled"); 2168 2169 if (authctxt->jpake_ctx != NULL) 2170 fatal("%s: authctxt->jpake_ctx already set (%p)", 2171 __func__, authctxt->jpake_ctx); 2172 authctxt->jpake_ctx = pctx = jpake_new(); 2173 2174 jpake_step1(pctx->grp, 2175 &pctx->server_id, &pctx->server_id_len, 2176 &pctx->x3, &pctx->x4, &pctx->g_x3, &pctx->g_x4, 2177 &x3_proof, &x3_proof_len, 2178 &x4_proof, &x4_proof_len); 2179 2180 JPAKE_DEBUG_CTX((pctx, "step1 done in %s", __func__)); 2181 2182 buffer_clear(m); 2183 2184 buffer_put_string(m, pctx->server_id, pctx->server_id_len); 2185 buffer_put_bignum2(m, pctx->g_x3); 2186 buffer_put_bignum2(m, pctx->g_x4); 2187 buffer_put_string(m, x3_proof, x3_proof_len); 2188 buffer_put_string(m, x4_proof, x4_proof_len); 2189 2190 debug3("%s: sending step1", __func__); 2191 mm_request_send(sock, MONITOR_ANS_JPAKE_STEP1, m); 2192 2193 bzero(x3_proof, x3_proof_len); 2194 bzero(x4_proof, x4_proof_len); 2195 xfree(x3_proof); 2196 xfree(x4_proof); 2197 2198 monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_GET_PWDATA, 1); 2199 monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_STEP1, 0); 2200 2201 return 0; 2202 } 2203 2204 int 2205 mm_answer_jpake_get_pwdata(int sock, Buffer *m) 2206 { 2207 struct jpake_ctx *pctx = authctxt->jpake_ctx; 2208 char *hash_scheme, *salt; 2209 2210 if (pctx == NULL) 2211 fatal("%s: pctx == NULL", __func__); 2212 2213 auth2_jpake_get_pwdata(authctxt, &pctx->s, &hash_scheme, &salt); 2214 2215 buffer_clear(m); 2216 /* pctx->s is sensitive, not returned to slave */ 2217 buffer_put_cstring(m, hash_scheme); 2218 buffer_put_cstring(m, salt); 2219 2220 debug3("%s: sending pwdata", __func__); 2221 mm_request_send(sock, MONITOR_ANS_JPAKE_GET_PWDATA, m); 2222 2223 bzero(hash_scheme, strlen(hash_scheme)); 2224 bzero(salt, strlen(salt)); 2225 xfree(hash_scheme); 2226 xfree(salt); 2227 2228 monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_STEP2, 1); 2229 2230 return 0; 2231 } 2232 2233 int 2234 mm_answer_jpake_step2(int sock, Buffer *m) 2235 { 2236 struct jpake_ctx *pctx = authctxt->jpake_ctx; 2237 u_char *x1_proof, *x2_proof, *x4_s_proof; 2238 u_int x1_proof_len, x2_proof_len, x4_s_proof_len; 2239 2240 if (pctx == NULL) 2241 fatal("%s: pctx == NULL", __func__); 2242 2243 if ((pctx->g_x1 = BN_new()) == NULL || 2244 (pctx->g_x2 = BN_new()) == NULL) 2245 fatal("%s: BN_new", __func__); 2246 buffer_get_bignum2(m, pctx->g_x1); 2247 buffer_get_bignum2(m, pctx->g_x2); 2248 pctx->client_id = buffer_get_string(m, &pctx->client_id_len); 2249 x1_proof = buffer_get_string(m, &x1_proof_len); 2250 x2_proof = buffer_get_string(m, &x2_proof_len); 2251 2252 jpake_step2(pctx->grp, pctx->s, pctx->g_x3, 2253 pctx->g_x1, pctx->g_x2, pctx->x4, 2254 pctx->client_id, pctx->client_id_len, 2255 pctx->server_id, pctx->server_id_len, 2256 x1_proof, x1_proof_len, 2257 x2_proof, x2_proof_len, 2258 &pctx->b, 2259 &x4_s_proof, &x4_s_proof_len); 2260 2261 JPAKE_DEBUG_CTX((pctx, "step2 done in %s", __func__)); 2262 2263 bzero(x1_proof, x1_proof_len); 2264 bzero(x2_proof, x2_proof_len); 2265 xfree(x1_proof); 2266 xfree(x2_proof); 2267 2268 buffer_clear(m); 2269 2270 buffer_put_bignum2(m, pctx->b); 2271 buffer_put_string(m, x4_s_proof, x4_s_proof_len); 2272 2273 debug3("%s: sending step2", __func__); 2274 mm_request_send(sock, MONITOR_ANS_JPAKE_STEP2, m); 2275 2276 bzero(x4_s_proof, x4_s_proof_len); 2277 xfree(x4_s_proof); 2278 2279 monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_KEY_CONFIRM, 1); 2280 2281 return 0; 2282 } 2283 2284 int 2285 mm_answer_jpake_key_confirm(int sock, Buffer *m) 2286 { 2287 struct jpake_ctx *pctx = authctxt->jpake_ctx; 2288 u_char *x2_s_proof; 2289 u_int x2_s_proof_len; 2290 2291 if (pctx == NULL) 2292 fatal("%s: pctx == NULL", __func__); 2293 2294 if ((pctx->a = BN_new()) == NULL) 2295 fatal("%s: BN_new", __func__); 2296 buffer_get_bignum2(m, pctx->a); 2297 x2_s_proof = buffer_get_string(m, &x2_s_proof_len); 2298 2299 jpake_key_confirm(pctx->grp, pctx->s, pctx->a, 2300 pctx->x4, pctx->g_x3, pctx->g_x4, pctx->g_x1, pctx->g_x2, 2301 pctx->server_id, pctx->server_id_len, 2302 pctx->client_id, pctx->client_id_len, 2303 session_id2, session_id2_len, 2304 x2_s_proof, x2_s_proof_len, 2305 &pctx->k, 2306 &pctx->h_k_sid_sessid, &pctx->h_k_sid_sessid_len); 2307 2308 JPAKE_DEBUG_CTX((pctx, "key_confirm done in %s", __func__)); 2309 2310 bzero(x2_s_proof, x2_s_proof_len); 2311 buffer_clear(m); 2312 2313 /* pctx->k is sensitive, not sent */ 2314 buffer_put_string(m, pctx->h_k_sid_sessid, pctx->h_k_sid_sessid_len); 2315 2316 debug3("%s: sending confirmation hash", __func__); 2317 mm_request_send(sock, MONITOR_ANS_JPAKE_KEY_CONFIRM, m); 2318 2319 monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_CHECK_CONFIRM, 1); 2320 2321 return 0; 2322 } 2323 2324 int 2325 mm_answer_jpake_check_confirm(int sock, Buffer *m) 2326 { 2327 int authenticated = 0; 2328 u_char *peer_confirm_hash; 2329 u_int peer_confirm_hash_len; 2330 struct jpake_ctx *pctx = authctxt->jpake_ctx; 2331 2332 if (pctx == NULL) 2333 fatal("%s: pctx == NULL", __func__); 2334 2335 peer_confirm_hash = buffer_get_string(m, &peer_confirm_hash_len); 2336 2337 authenticated = jpake_check_confirm(pctx->k, 2338 pctx->client_id, pctx->client_id_len, 2339 session_id2, session_id2_len, 2340 peer_confirm_hash, peer_confirm_hash_len) && authctxt->valid; 2341 2342 JPAKE_DEBUG_CTX((pctx, "check_confirm done in %s", __func__)); 2343 2344 bzero(peer_confirm_hash, peer_confirm_hash_len); 2345 xfree(peer_confirm_hash); 2346 2347 buffer_clear(m); 2348 buffer_put_int(m, authenticated); 2349 2350 debug3("%s: sending result %d", __func__, authenticated); 2351 mm_request_send(sock, MONITOR_ANS_JPAKE_CHECK_CONFIRM, m); 2352 2353 monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_STEP1, 1); 2354 2355 auth_method = "jpake-01@openssh.com"; 2356 return authenticated; 2357 } 2358 2359 #endif /* JPAKE */ 2360