RepoMirrors/openssh
1
0
Fork 0
mirror of git://anongit.mindrot.org/openssh.git synced 2025-03-11 09:17:38 +00:00
Code Issues Packages Projects Releases Wiki Activity

upstream: sshd: switch monitor to sshbuf API; lots of help & ok

Browse Source 
djm@

OpenBSD-Commit-ID: d89bd02d33974fd35ca0b8940d88572227b34a48
This commit is contained in:
markus@openbsd.org 2018-07-09 21:53:45 +00:00 committed by Damien Miller
parent b8d9214d96
commit 235c7c4e3b
3 changed files with 566 additions and 421 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

494
monitor.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: monitor.c,v 1.182 2018/07/09 21:35:50 markus Exp $ */
/* $OpenBSD: monitor.c,v 1.183 2018/07/09 21:53:45 markus Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
* Copyright 2002 Markus Friedl <markus@openbsd.org>
@ -69,7 +69,7 @@
#include "xmalloc.h"
#include "ssh.h"
#include "key.h"
#include "buffer.h"
#include "sshbuf.h"
#include "hostfile.h"
#include "auth.h"
#include "cipher.h"
@ -121,46 +121,46 @@ static struct sshbuf *child_state;
/* Functions on the monitor that answer unprivileged requests */
int mm_answer_moduli(int, Buffer *);
int mm_answer_sign(int, Buffer *);
int mm_answer_pwnamallow(int, Buffer *);
int mm_answer_auth2_read_banner(int, Buffer *);
int mm_answer_authserv(int, Buffer *);
int mm_answer_authpassword(int, Buffer *);
int mm_answer_bsdauthquery(int, Buffer *);
int mm_answer_bsdauthrespond(int, Buffer *);
int mm_answer_skeyquery(int, Buffer *);
int mm_answer_skeyrespond(int, Buffer *);
int mm_answer_keyallowed(int, Buffer *);
int mm_answer_keyverify(int, Buffer *);
int mm_answer_pty(int, Buffer *);
int mm_answer_pty_cleanup(int, Buffer *);
int mm_answer_term(int, Buffer *);
int mm_answer_rsa_keyallowed(int, Buffer *);
int mm_answer_rsa_challenge(int, Buffer *);
int mm_answer_rsa_response(int, Buffer *);
int mm_answer_sesskey(int, Buffer *);
int mm_answer_sessid(int, Buffer *);
int mm_answer_moduli(int, struct sshbuf *);
int mm_answer_sign(int, struct sshbuf *);
int mm_answer_pwnamallow(int, struct sshbuf *);
int mm_answer_auth2_read_banner(int, struct sshbuf *);
int mm_answer_authserv(int, struct sshbuf *);
int mm_answer_authpassword(int, struct sshbuf *);
int mm_answer_bsdauthquery(int, struct sshbuf *);
int mm_answer_bsdauthrespond(int, struct sshbuf *);
int mm_answer_skeyquery(int, struct sshbuf *);
int mm_answer_skeyrespond(int, struct sshbuf *);
int mm_answer_keyallowed(int, struct sshbuf *);
int mm_answer_keyverify(int, struct sshbuf *);
int mm_answer_pty(int, struct sshbuf *);
int mm_answer_pty_cleanup(int, struct sshbuf *);
int mm_answer_term(int, struct sshbuf *);
int mm_answer_rsa_keyallowed(int, struct sshbuf *);
int mm_answer_rsa_challenge(int, struct sshbuf *);
int mm_answer_rsa_response(int, struct sshbuf *);
int mm_answer_sesskey(int, struct sshbuf *);
int mm_answer_sessid(int, struct sshbuf *);
#ifdef USE_PAM
int mm_answer_pam_start(int, Buffer *);
int mm_answer_pam_account(int, Buffer *);
int mm_answer_pam_init_ctx(int, Buffer *);
int mm_answer_pam_query(int, Buffer *);
int mm_answer_pam_respond(int, Buffer *);
int mm_answer_pam_free_ctx(int, Buffer *);
int mm_answer_pam_start(int, struct sshbuf *);
int mm_answer_pam_account(int, struct sshbuf *);
int mm_answer_pam_init_ctx(int, struct sshbuf *);
int mm_answer_pam_query(int, struct sshbuf *);
int mm_answer_pam_respond(int, struct sshbuf *);
int mm_answer_pam_free_ctx(int, struct sshbuf *);
#endif
#ifdef GSSAPI
int mm_answer_gss_setup_ctx(int, Buffer *);
int mm_answer_gss_accept_ctx(int, Buffer *);
int mm_answer_gss_userok(int, Buffer *);
int mm_answer_gss_checkmic(int, Buffer *);
int mm_answer_gss_setup_ctx(int, struct sshbuf *);
int mm_answer_gss_accept_ctx(int, struct sshbuf *);
int mm_answer_gss_userok(int, struct sshbuf *);
int mm_answer_gss_checkmic(int, struct sshbuf *);
#endif
#ifdef SSH_AUDIT_EVENTS
int mm_answer_audit_event(int, Buffer *);
int mm_answer_audit_command(int, Buffer *);
int mm_answer_audit_event(int, struct sshbuf *);
int mm_answer_audit_command(int, struct sshbuf *);
#endif
static int monitor_read_log(struct monitor *);
@ -169,7 +169,7 @@ static Authctxt *authctxt;
/* local state for key verify */
static u_char *key_blob = NULL;
static u_int key_bloblen = 0;
static size_t key_bloblen = 0;
static int key_blobtype = MM_NOKEY;
static struct sshauthopt *key_opts = NULL;
static char *hostbased_cuser = NULL;
@ -183,7 +183,7 @@ static pid_t monitor_child_pid;
struct mon_table {
enum monitor_reqtype type;
int flags;
int (*f)(int, Buffer *);
int (*f)(int, struct sshbuf *);
};
#define MON_ISAUTH 0x0004 /* Required for Authentication */
@ -426,18 +426,21 @@ monitor_child_postauth(struct monitor *pmonitor)
static int
monitor_read_log(struct monitor *pmonitor)
{
Buffer logmsg;
struct sshbuf *logmsg;
u_int len, level;
char *msg;
u_char *p;
int r;
buffer_init(&logmsg);
if ((logmsg = sshbuf_new()) == NULL)
fatal("%s: sshbuf_new", __func__);
/* Read length */
buffer_append_space(&logmsg, 4);
if (atomicio(read, pmonitor->m_log_recvfd,
buffer_ptr(&logmsg), buffer_len(&logmsg)) != buffer_len(&logmsg)) {
if ((r = sshbuf_reserve(logmsg, 4, &p)) != 0)
fatal("%s: reserve: %s", __func__, ssh_err(r));
if (atomicio(read, pmonitor->m_log_recvfd, p, 4) != 4) {
if (errno == EPIPE) {
buffer_free(&logmsg);
sshbuf_free(logmsg);
debug("%s: child log fd closed", __func__);
close(pmonitor->m_log_recvfd);
pmonitor->m_log_recvfd = -1;
@ -445,26 +448,28 @@ monitor_read_log(struct monitor *pmonitor)
}
fatal("%s: log fd read: %s", __func__, strerror(errno));
}
len = buffer_get_int(&logmsg);
if ((r = sshbuf_get_u32(logmsg, &len)) != 0)
fatal("%s: get len: %s", __func__, ssh_err(r));
if (len <= 4 || len > 8192)
fatal("%s: invalid log message length %u", __func__, len);
/* Read severity, message */
buffer_clear(&logmsg);
buffer_append_space(&logmsg, len);
if (atomicio(read, pmonitor->m_log_recvfd,
buffer_ptr(&logmsg), buffer_len(&logmsg)) != buffer_len(&logmsg))
sshbuf_reset(logmsg);
if ((r = sshbuf_reserve(logmsg, len, &p)) != 0)
fatal("%s: reserve: %s", __func__, ssh_err(r));
if (atomicio(read, pmonitor->m_log_recvfd, p, len) != len)
fatal("%s: log fd read: %s", __func__, strerror(errno));
if ((r = sshbuf_get_u32(logmsg, &level)) != 0 ||
(r = sshbuf_get_cstring(logmsg, &msg, NULL)) != 0)
fatal("%s: decode: %s", __func__, ssh_err(r));
/* Log it */
level = buffer_get_int(&logmsg);
msg = buffer_get_string(&logmsg, NULL);
if (log_level_name(level) == NULL)
fatal("%s: invalid log level %u (corrupted message?)",
__func__, level);
do_log2(level, "%s [preauth]", msg);
buffer_free(&logmsg);
sshbuf_free(logmsg);
free(msg);
return 0;
@ -474,8 +479,8 @@ int
monitor_read(struct monitor *pmonitor, struct mon_table *ent,
struct mon_table **pent)
{
Buffer m;
int ret;
struct sshbuf *m;
int r, ret;
u_char type;
struct pollfd pfd[2];
@ -502,10 +507,12 @@ monitor_read(struct monitor *pmonitor, struct mon_table *ent,
break; /* Continues below */
}
buffer_init(&m);
if ((m = sshbuf_new()) == NULL)
fatal("%s: sshbuf_new", __func__);
mm_request_receive(pmonitor->m_sendfd, &m);
type = buffer_get_char(&m);
mm_request_receive(pmonitor->m_sendfd, m);
if ((r = sshbuf_get_u8(m, &type)) != 0)
fatal("%s: decode: %s", __func__, ssh_err(r));
debug3("%s: checking request %d", __func__, type);
@ -519,8 +526,8 @@ monitor_read(struct monitor *pmonitor, struct mon_table *ent,
if (!(ent->flags & MON_PERMIT))
fatal("%s: unpermitted request %d", __func__,
type);
ret = (*ent->f)(pmonitor->m_sendfd, &m);
buffer_free(&m);
ret = (*ent->f)(pmonitor->m_sendfd, m);
sshbuf_free(m);
/* The child may use this request only once, disable it */
if (ent->flags & MON_ONCE) {
@ -570,14 +577,16 @@ monitor_reset_key_state(void)
#ifdef WITH_OPENSSL
int
mm_answer_moduli(int sock, Buffer *m)
mm_answer_moduli(int sock, struct sshbuf *m)
{
DH *dh;
int min, want, max;
int r;
u_int min, want, max;
min = buffer_get_int(m);
want = buffer_get_int(m);
max = buffer_get_int(m);
if ((r = sshbuf_get_u32(m, &min)) != 0 ||
(r = sshbuf_get_u32(m, &want)) != 0 ||
(r = sshbuf_get_u32(m, &max)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
debug3("%s: got parameters: %d %d %d",
__func__, min, want, max);
@ -586,17 +595,19 @@ mm_answer_moduli(int sock, Buffer *m)
fatal("%s: bad parameters: %d %d %d",
__func__, min, want, max);
buffer_clear(m);
sshbuf_reset(m);
dh = choose_dh(min, want, max);
if (dh == NULL) {
buffer_put_char(m, 0);
if ((r = sshbuf_put_u8(m, 0)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
return (0);
} else {
/* Send first bignum */
buffer_put_char(m, 1);
buffer_put_bignum2(m, dh->p);
buffer_put_bignum2(m, dh->g);
if ((r = sshbuf_put_u8(m, 1)) != 0 ||
(r = sshbuf_put_bignum2(m, dh->p)) != 0 ||
(r = sshbuf_put_bignum2(m, dh->g)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
DH_free(dh);
}
@ -606,7 +617,7 @@ mm_answer_moduli(int sock, Buffer *m)
#endif
int
mm_answer_sign(int sock, Buffer *m)
mm_answer_sign(int sock, struct sshbuf *m)
{
struct ssh *ssh = active_state; /* XXX */
extern int auth_sock; /* XXX move to state struct? */
@ -708,12 +719,12 @@ mm_answer_sign(int sock, Buffer *m)
/* Retrieves the password entry and also checks if the user is permitted */
int
mm_answer_pwnamallow(int sock, Buffer *m)
mm_answer_pwnamallow(int sock, struct sshbuf *m)
{
struct ssh *ssh = active_state; /* XXX */
char *username;
struct passwd *pwent;
int allowed = 0;
int r, allowed = 0;
u_int i;
debug3("%s", __func__);
@ -721,7 +732,8 @@ mm_answer_pwnamallow(int sock, Buffer *m)
if (authctxt->attempt++ != 0)
fatal("%s: multiple attempts for getpwnam", __func__);
username = buffer_get_string(m, NULL);
if ((r = sshbuf_get_cstring(m, &username, NULL)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
pwent = getpwnamallow(username);
@ -729,10 +741,11 @@ mm_answer_pwnamallow(int sock, Buffer *m)
setproctitle("%s [priv]", pwent ? username : "unknown");
free(username);
buffer_clear(m);
sshbuf_reset(m);
if (pwent == NULL) {
buffer_put_char(m, 0);
if ((r = sshbuf_put_u8(m, 0)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
authctxt->pw = fakepw();
goto out;
}
@ -741,31 +754,40 @@ mm_answer_pwnamallow(int sock, Buffer *m)
authctxt->pw = pwent;
authctxt->valid = 1;
buffer_put_char(m, 1);
buffer_put_string(m, pwent, sizeof(struct passwd));
buffer_put_cstring(m, pwent->pw_name);
buffer_put_cstring(m, "*");
/* XXX don't sent pwent to unpriv; send fake class/dir/shell too */
if ((r = sshbuf_put_u8(m, 1)) != 0 ||
(r = sshbuf_put_string(m, pwent, sizeof(*pwent))) != 0 ||
(r = sshbuf_put_cstring(m, pwent->pw_name)) != 0 ||
(r = sshbuf_put_cstring(m, "*")) != 0 ||
#ifdef HAVE_STRUCT_PASSWD_PW_GECOS
buffer_put_cstring(m, pwent->pw_gecos);
(r = sshbuf_put_cstring(m, pwent->pw_gecos)) != 0 ||
#endif
#ifdef HAVE_STRUCT_PASSWD_PW_CLASS
buffer_put_cstring(m, pwent->pw_class);
(r = sshbuf_put_cstring(m, pwent->pw_class)) != 0 ||
#endif
buffer_put_cstring(m, pwent->pw_dir);
buffer_put_cstring(m, pwent->pw_shell);
(r = sshbuf_put_cstring(m, pwent->pw_dir)) != 0 ||
(r = sshbuf_put_cstring(m, pwent->pw_shell)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
out:
ssh_packet_set_log_preamble(ssh, "%suser %s",
authctxt->valid ? "authenticating" : "invalid ", authctxt->user);
buffer_put_string(m, &options, sizeof(options));
if ((r = sshbuf_put_string(m, &options, sizeof(options))) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
#define M_CP_STROPT(x) do { \
if (options.x != NULL) \
buffer_put_cstring(m, options.x); \
if (options.x != NULL) { \
if ((r = sshbuf_put_cstring(m, options.x)) != 0) \
fatal("%s: buffer error: %s", \
__func__, ssh_err(r)); \
} \
} while (0)
#define M_CP_STRARRAYOPT(x, nx) do { \
for (i = 0; i < options.nx; i++) \
buffer_put_cstring(m, options.x[i]); \
for (i = 0; i < options.nx; i++) { \
if ((r = sshbuf_put_cstring(m, options.x[i])) != 0) \
fatal("%s: buffer error: %s", \
__func__, ssh_err(r)); \
} \
} while (0)
/* See comment in servconf.h */
COPY_MATCH_STRING_OPTS();
@ -797,13 +819,15 @@ mm_answer_pwnamallow(int sock, Buffer *m)
return (0);
}
int mm_answer_auth2_read_banner(int sock, Buffer *m)
int mm_answer_auth2_read_banner(int sock, struct sshbuf *m)
{
char *banner;
int r;
buffer_clear(m);
sshbuf_reset(m);
banner = auth2_read_banner();
buffer_put_cstring(m, banner != NULL ? banner : "");
if ((r = sshbuf_put_cstring(m, banner != NULL ? banner : "")) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
mm_request_send(sock, MONITOR_ANS_AUTH2_READ_BANNER, m);
free(banner);
@ -811,12 +835,15 @@ int mm_answer_auth2_read_banner(int sock, Buffer *m)
}
int
mm_answer_authserv(int sock, Buffer *m)
mm_answer_authserv(int sock, struct sshbuf *m)
{
int r;
monitor_permit_authentications(1);
authctxt->service = buffer_get_string(m, NULL);
authctxt->style = buffer_get_string(m, NULL);
if ((r = sshbuf_get_cstring(m, &authctxt->service, NULL)) != 0 ||
(r = sshbuf_get_cstring(m, &authctxt->style, NULL)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
debug3("%s: service=%s, style=%s",
__func__, authctxt->service, authctxt->style);
@ -829,27 +856,30 @@ mm_answer_authserv(int sock, Buffer *m)
}
int
mm_answer_authpassword(int sock, Buffer *m)
mm_answer_authpassword(int sock, struct sshbuf *m)
{
struct ssh *ssh = active_state; /* XXX */
static int call_count;
char *passwd;
int authenticated;
u_int plen;
int r, authenticated;
size_t plen;
if (!options.password_authentication)
fatal("%s: password authentication not enabled", __func__);
passwd = buffer_get_string(m, &plen);
if ((r = sshbuf_get_cstring(m, &passwd, &plen)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
/* Only authenticate if the context is valid */
authenticated = options.password_authentication &&
auth_password(ssh, passwd);
explicit_bzero(passwd, strlen(passwd));
explicit_bzero(passwd, plen);
free(passwd);
buffer_clear(m);
buffer_put_int(m, authenticated);
sshbuf_reset(m);
if ((r = sshbuf_put_u32(m, authenticated)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
#ifdef USE_PAM
buffer_put_int(m, sshpam_get_maxtries_reached());
if ((r = sshbuf_put_u32(m, sshpam_get_maxtries_reached())) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
#endif
debug3("%s: sending result %d", __func__, authenticated);
@ -867,23 +897,25 @@ mm_answer_authpassword(int sock, Buffer *m)
#ifdef BSD_AUTH
int
mm_answer_bsdauthquery(int sock, Buffer *m)
mm_answer_bsdauthquery(int sock, struct sshbuf *m)
{
char *name, *infotxt;
u_int numprompts;
u_int *echo_on;
u_int numprompts, *echo_on, success;
char **prompts;
u_int success;
int r;
if (!options.kbd_interactive_authentication)
fatal("%s: kbd-int authentication not enabled", __func__);
success = bsdauth_query(authctxt, &name, &infotxt, &numprompts,
&prompts, &echo_on) < 0 ? 0 : 1;
buffer_clear(m);
buffer_put_int(m, success);
if (success)
buffer_put_cstring(m, prompts[0]);
sshbuf_reset(m);
if ((r = sshbuf_put_u32(m, success)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
if (success) {
if ((r = sshbuf_put_cstring(m, prompts[0])) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
}
debug3("%s: sending challenge success: %u", __func__, success);
mm_request_send(sock, MONITOR_ANS_BSDAUTHQUERY, m);
@ -899,25 +931,27 @@ mm_answer_bsdauthquery(int sock, Buffer *m)
}
int
mm_answer_bsdauthrespond(int sock, Buffer *m)
mm_answer_bsdauthrespond(int sock, struct sshbuf *m)
{
char *response;
int authok;
int r, authok;
if (!options.kbd_interactive_authentication)
fatal("%s: kbd-int authentication not enabled", __func__);
if (authctxt->as == NULL)
fatal("%s: no bsd auth session", __func__);
response = buffer_get_string(m, NULL);
if ((r = sshbuf_get_cstring(m, &response, NULL)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
authok = options.challenge_response_authentication &&
auth_userresponse(authctxt->as, response, 0);
authctxt->as = NULL;
debug3("%s: <%s> = <%d>", __func__, response, authok);
free(response);
buffer_clear(m);
buffer_put_int(m, authok);
sshbuf_reset(m);
if ((r = sshbuf_put_u32(m, authok)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
debug3("%s: sending authenticated: %d", __func__, authok);
mm_request_send(sock, MONITOR_ANS_BSDAUTHRESPOND, m);
@ -1131,25 +1165,23 @@ mm_answer_pam_free_ctx(int sock, Buffer *m)
#endif
int
mm_answer_keyallowed(int sock, Buffer *m)
mm_answer_keyallowed(int sock, struct sshbuf *m)
{
struct ssh *ssh = active_state; /* XXX */
struct sshkey *key;
struct sshkey *key = NULL;
char *cuser, *chost;
u_char *blob;
u_int bloblen, pubkey_auth_attempt;
u_int pubkey_auth_attempt;
enum mm_keytype type = 0;
int r, allowed = 0;
struct sshauthopt *opts = NULL;
debug3("%s entering", __func__);
type = buffer_get_int(m);
cuser = buffer_get_string(m, NULL);
chost = buffer_get_string(m, NULL);
blob = buffer_get_string(m, &bloblen);
pubkey_auth_attempt = buffer_get_int(m);
key = key_from_blob(blob, bloblen);
if ((r = sshbuf_get_u32(m, &type)) != 0 ||
(r = sshbuf_get_cstring(m, &cuser, NULL)) != 0 ||
(r = sshbuf_get_cstring(m, &chost, NULL)) != 0 ||
(r = sshkey_froms(m, &key)) != 0 ||
(r = sshbuf_get_u32(m, &pubkey_auth_attempt)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
debug3("%s: key_from_blob: %p", __func__, key);
@ -1199,15 +1231,14 @@ mm_answer_keyallowed(int sock, Buffer *m)
allowed ? "allowed" : "not allowed");
auth2_record_key(authctxt, 0, key);
sshkey_free(key);
/* clear temporarily storage (used by verify) */
monitor_reset_key_state();
if (allowed) {
/* Save temporarily for comparison in verify */
key_blob = blob;
key_bloblen = bloblen;
if ((r = sshkey_to_blob(key, &key_blob, &key_bloblen)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
key_blobtype = type;
key_opts = opts;
hostbased_cuser = cuser;
@ -1215,13 +1246,14 @@ mm_answer_keyallowed(int sock, Buffer *m)
} else {
/* Log failed attempt */
auth_log(authctxt, 0, 0, auth_method, NULL);
free(blob);
free(cuser);
free(chost);
}
sshkey_free(key);
buffer_clear(m);
buffer_put_int(m, allowed);
sshbuf_reset(m);
if ((r = sshbuf_put_u32(m, allowed)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
if (opts != NULL && (r = sshauthopt_serialise(opts, m, 1)) != 0)
fatal("%s: sshauthopt_serialise: %s", __func__, ssh_err(r));
mm_request_send(sock, MONITOR_ANS_KEYALLOWED, m);
@ -1235,34 +1267,41 @@ mm_answer_keyallowed(int sock, Buffer *m)
static int
monitor_valid_userblob(u_char *data, u_int datalen)
{
Buffer b;
u_char *p;
struct sshbuf *b;
const u_char *p;
char *userstyle, *cp;
u_int len;
int fail = 0;
size_t len;
u_char type;
int r, fail = 0;
buffer_init(&b);
buffer_append(&b, data, datalen);
if ((b = sshbuf_new()) == NULL)
fatal("%s: sshbuf_new", __func__);
if ((r = sshbuf_put(b, data, datalen)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
if (datafellows & SSH_OLD_SESSIONID) {
p = buffer_ptr(&b);
len = buffer_len(&b);
p = sshbuf_ptr(b);
len = sshbuf_len(b);
if ((session_id2 == NULL) ||
(len < session_id2_len) ||
(timingsafe_bcmp(p, session_id2, session_id2_len) != 0))
fail++;
buffer_consume(&b, session_id2_len);
if ((r = sshbuf_consume(b, session_id2_len)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
} else {
p = buffer_get_string(&b, &len);
if ((r = sshbuf_get_string_direct(b, &p, &len)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
if ((session_id2 == NULL) ||
(len != session_id2_len) ||
(timingsafe_bcmp(p, session_id2, session_id2_len) != 0))
fail++;
free(p);
}
if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST)
if ((r = sshbuf_get_u8(b, &type)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
if (type != SSH2_MSG_USERAUTH_REQUEST)
fail++;
cp = buffer_get_cstring(&b, NULL);
if ((r = sshbuf_get_cstring(b, &cp, NULL)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
xasprintf(&userstyle, "%s%s%s", authctxt->user,
authctxt->style ? ":" : "",
authctxt->style ? authctxt->style : "");
@ -1273,18 +1312,22 @@ monitor_valid_userblob(u_char *data, u_int datalen)
}
free(userstyle);
free(cp);
buffer_skip_string(&b);
cp = buffer_get_cstring(&b, NULL);
if ((r = sshbuf_skip_string(b)) != 0 || /* service */
(r = sshbuf_get_cstring(b, &cp, NULL)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
if (strcmp("publickey", cp) != 0)
fail++;
free(cp);
if (!buffer_get_char(&b))
if ((r = sshbuf_get_u8(b, &type)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
if (type == 0)
fail++;
buffer_skip_string(&b);
buffer_skip_string(&b);
if (buffer_len(&b) != 0)
if ((r = sshbuf_skip_string(b)) != 0 || /* pkalg */
(r = sshbuf_skip_string(b)) != 0) /* pkblob */
fatal("%s: buffer error: %s", __func__, ssh_err(r));
if (sshbuf_len(b) != 0)
fail++;
buffer_free(&b);
sshbuf_free(b);
return (fail == 0);
}
@ -1292,59 +1335,69 @@ static int
monitor_valid_hostbasedblob(u_char *data, u_int datalen, char *cuser,
char *chost)
{
Buffer b;
char *p, *userstyle;
u_int len;
int fail = 0;
struct sshbuf *b;
const u_char *p;
char *cp, *userstyle;
size_t len;
int r, fail = 0;
u_char type;
buffer_init(&b);
buffer_append(&b, data, datalen);
if ((b = sshbuf_new()) == NULL)
fatal("%s: sshbuf_new", __func__);
if ((r = sshbuf_put(b, data, datalen)) != 0 ||
(r = sshbuf_get_string_direct(b, &p, &len)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
p = buffer_get_string(&b, &len);
if ((session_id2 == NULL) ||
(len != session_id2_len) ||
(timingsafe_bcmp(p, session_id2, session_id2_len) != 0))
fail++;
free(p);
if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST)
if ((r = sshbuf_get_u8(b, &type)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
if (type != SSH2_MSG_USERAUTH_REQUEST)
fail++;
p = buffer_get_cstring(&b, NULL);
if ((r = sshbuf_get_cstring(b, &cp, NULL)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
xasprintf(&userstyle, "%s%s%s", authctxt->user,
authctxt->style ? ":" : "",
authctxt->style ? authctxt->style : "");
if (strcmp(userstyle, p) != 0) {
logit("wrong user name passed to monitor: expected %s != %.100s",
userstyle, p);
if (strcmp(userstyle, cp) != 0) {
logit("wrong user name passed to monitor: "
"expected %s != %.100s", userstyle, cp);
fail++;
}
free(userstyle);
free(p);
buffer_skip_string(&b); /* service */
p = buffer_get_cstring(&b, NULL);
if (strcmp(p, "hostbased") != 0)
free(cp);
if ((r = sshbuf_skip_string(b)) != 0 || /* service */
(r = sshbuf_get_cstring(b, &cp, NULL)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
if (strcmp(cp, "hostbased") != 0)
fail++;
free(p);
buffer_skip_string(&b); /* pkalg */
buffer_skip_string(&b); /* pkblob */
free(cp);
if ((r = sshbuf_skip_string(b)) != 0 || /* pkalg */
(r = sshbuf_skip_string(b)) != 0) /* pkblob */
fatal("%s: buffer error: %s", __func__, ssh_err(r));
/* verify client host, strip trailing dot if necessary */
p = buffer_get_string(&b, NULL);
if (((len = strlen(p)) > 0) && p[len - 1] == '.')
p[len - 1] = '\0';
if (strcmp(p, chost) != 0)
if ((r = sshbuf_get_cstring(b, &cp, NULL)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
if (((len = strlen(cp)) > 0) && cp[len - 1] == '.')
cp[len - 1] = '\0';
if (strcmp(cp, chost) != 0)
fail++;
free(p);
free(cp);
/* verify client user */
p = buffer_get_string(&b, NULL);
if (strcmp(p, cuser) != 0)
if ((r = sshbuf_get_cstring(b, &cp, NULL)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
if (strcmp(cp, cuser) != 0)
fail++;
free(p);
free(cp);
if (buffer_len(&b) != 0)
if (sshbuf_len(b) != 0)
fail++;
buffer_free(&b);
sshbuf_free(b);
return (fail == 0);
}
@ -1460,15 +1513,15 @@ mm_session_close(Session *s)
}
int
mm_answer_pty(int sock, Buffer *m)
mm_answer_pty(int sock, struct sshbuf *m)
{
extern struct monitor *pmonitor;
Session *s;
int res, fd0;
int r, res, fd0;
debug3("%s entering", __func__);
buffer_clear(m);
sshbuf_reset(m);
s = session_new();
if (s == NULL)
goto error;
@ -1480,8 +1533,9 @@ mm_answer_pty(int sock, Buffer *m)
goto error;
pty_setowner(authctxt->pw, s->tty);
buffer_put_int(m, 1);
buffer_put_cstring(m, s->tty);
if ((r = sshbuf_put_u32(m, 1)) != 0 ||
(r = sshbuf_put_cstring(m, s->tty)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
/* We need to trick ttyslot */
if (dup2(s->ttyfd, 0) == -1)
@ -1493,8 +1547,9 @@ mm_answer_pty(int sock, Buffer *m)
close(0);
/* send messages generated by record_login */
buffer_put_string(m, buffer_ptr(loginmsg), buffer_len(loginmsg));
buffer_clear(loginmsg);
if ((r = sshbuf_put_stringb(m, loginmsg)) != 0)
fatal("%s: put login message: %s", __func__, ssh_err(r));
sshbuf_reset(loginmsg);
mm_request_send(sock, MONITOR_ANS_PTY, m);
@ -1521,29 +1576,32 @@ mm_answer_pty(int sock, Buffer *m)
error:
if (s != NULL)
mm_session_close(s);
buffer_put_int(m, 0);
if ((r = sshbuf_put_u32(m, 0)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
mm_request_send(sock, MONITOR_ANS_PTY, m);
return (0);
}
int
mm_answer_pty_cleanup(int sock, Buffer *m)
mm_answer_pty_cleanup(int sock, struct sshbuf *m)
{
Session *s;
char *tty;
int r;
debug3("%s entering", __func__);
tty = buffer_get_string(m, NULL);
if ((r = sshbuf_get_cstring(m, &tty, NULL)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
if ((s = session_by_tty(tty)) != NULL)
mm_session_close(s);
buffer_clear(m);
sshbuf_reset(m);
free(tty);
return (0);
}
int
mm_answer_term(int sock, Buffer *req)
mm_answer_term(int sock, struct sshbuf *req)
{
struct ssh *ssh = active_state; /* XXX */
extern struct monitor *pmonitor;
@ -1732,24 +1790,27 @@ monitor_reinit(struct monitor *mon)
#ifdef GSSAPI
int
mm_answer_gss_setup_ctx(int sock, Buffer *m)
mm_answer_gss_setup_ctx(int sock, struct sshbuf *m)
{
gss_OID_desc goid;
OM_uint32 major;
u_int len;
size_t len;
int r;
if (!options.gss_authentication)
fatal("%s: GSSAPI authentication not enabled", __func__);
goid.elements = buffer_get_string(m, &len);
if ((r = sshbuf_get_string(m, &goid.elements, &len)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
goid.length = len;
major = ssh_gssapi_server_ctx(&gsscontext, &goid);
free(goid.elements);
buffer_clear(m);
buffer_put_int(m, major);
sshbuf_reset(m);
if ((r = sshbuf_put_u32(m, major)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
mm_request_send(sock, MONITOR_ANS_GSSSETUP, m);
@ -1760,26 +1821,27 @@ mm_answer_gss_setup_ctx(int sock, Buffer *m)
}
int
mm_answer_gss_accept_ctx(int sock, Buffer *m)
mm_answer_gss_accept_ctx(int sock, struct sshbuf *m)
{
gss_buffer_desc in;
gss_buffer_desc out = GSS_C_EMPTY_BUFFER;
OM_uint32 major, minor;
OM_uint32 flags = 0; /* GSI needs this */
u_int len;
int r;
if (!options.gss_authentication)
fatal("%s: GSSAPI authentication not enabled", __func__);
in.value = buffer_get_string(m, &len);
in.length = len;
if ((r = sshbuf_get_string(m, &in.value, &in.length)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
major = ssh_gssapi_accept_ctx(gsscontext, &in, &out, &flags);
free(in.value);
buffer_clear(m);
buffer_put_int(m, major);
buffer_put_string(m, out.value, out.length);
buffer_put_int(m, flags);
sshbuf_reset(m);
if ((r = sshbuf_put_u32(m, major)) != 0 ||
(r = sshbuf_put_string(m, out.value, out.length)) != 0 ||
(r = sshbuf_put_u32(m, flags)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
mm_request_send(sock, MONITOR_ANS_GSSSTEP, m);
gss_release_buffer(&minor, &out);
@ -1793,27 +1855,26 @@ mm_answer_gss_accept_ctx(int sock, Buffer *m)
}
int
mm_answer_gss_checkmic(int sock, Buffer *m)
mm_answer_gss_checkmic(int sock, struct sshbuf *m)
{
gss_buffer_desc gssbuf, mic;
OM_uint32 ret;
u_int len;
if (!options.gss_authentication)
fatal("%s: GSSAPI authentication not enabled", __func__);
gssbuf.value = buffer_get_string(m, &len);
gssbuf.length = len;
mic.value = buffer_get_string(m, &len);
mic.length = len;
if ((r = sshbuf_get_string(m, &gssbuf.value, &gssbuf.length)) != 0 ||
(r = sshbuf_get_string(m, &mic.value, &mic.length)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
ret = ssh_gssapi_checkmic(gsscontext, &gssbuf, &mic);
free(gssbuf.value);
free(mic.value);
buffer_clear(m);
buffer_put_int(m, ret);
sshbuf_reset(m);
if ((r = sshbuf_put_u32(m, ret)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
mm_request_send(sock, MONITOR_ANS_GSSCHECKMIC, m);
@ -1824,7 +1885,7 @@ mm_answer_gss_checkmic(int sock, Buffer *m)
}
int
mm_answer_gss_userok(int sock, Buffer *m)
mm_answer_gss_userok(int sock, struct sshbuf *m)
{
int authenticated;
const char *displayname;
@ -1834,8 +1895,9 @@ mm_answer_gss_userok(int sock, Buffer *m)
authenticated = authctxt->valid && ssh_gssapi_userok(authctxt->user);
buffer_clear(m);
buffer_put_int(m, authenticated);
sshbuf_reset(m);
if ((r = sshbuf_put_u32(m, authenticated)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
debug3("%s: sending result %d", __func__, authenticated);
mm_request_send(sock, MONITOR_ANS_GSSUSEROK, m);

8
monitor.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: monitor.h,v 1.20 2016/09/28 16:33:07 djm Exp $ */
/* $OpenBSD: monitor.h,v 1.21 2018/07/09 21:53:45 markus Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
@ -87,8 +87,8 @@ struct mon_table;
int monitor_read(struct monitor*, struct mon_table *, struct mon_table **);
/* Prototypes for request sending and receiving */
void mm_request_send(int, enum monitor_reqtype, Buffer *);
void mm_request_receive(int, Buffer *);
void mm_request_receive_expect(int, enum monitor_reqtype, Buffer *);
void mm_request_send(int, enum monitor_reqtype, struct sshbuf *);
void mm_request_receive(int, struct sshbuf *);
void mm_request_receive_expect(int, enum monitor_reqtype, struct sshbuf *);
#endif /* _MONITOR_H_ */

485
monitor_wrap.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: monitor_wrap.c,v 1.102 2018/07/09 21:26:02 markus Exp $ */
/* $OpenBSD: monitor_wrap.c,v 1.103 2018/07/09 21:53:45 markus Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
* Copyright 2002 Markus Friedl <markus@openbsd.org>
@ -50,7 +50,7 @@
#ifdef WITH_OPENSSL
#include "dh.h"
#endif
#include "buffer.h"
#include "sshbuf.h"
#include "key.h"
#include "cipher.h"
#include "kex.h"
@ -93,27 +93,28 @@ extern ServerOptions options;
void
mm_log_handler(LogLevel level, const char *msg, void *ctx)
{
Buffer log_msg;
struct sshbuf *log_msg;
struct monitor *mon = (struct monitor *)ctx;
int r;
size_t len;
if (mon->m_log_sendfd == -1)
fatal("%s: no log channel", __func__);
buffer_init(&log_msg);
/*
* Placeholder for packet length. Will be filled in with the actual
* packet length once the packet has been constucted. This saves
* fragile math.
*/
buffer_put_int(&log_msg, 0);
if ((log_msg = sshbuf_new()) == NULL)
fatal("%s: sshbuf_new failed", __func__);
buffer_put_int(&log_msg, level);
buffer_put_cstring(&log_msg, msg);
put_u32(buffer_ptr(&log_msg), buffer_len(&log_msg) - 4);
if (atomicio(vwrite, mon->m_log_sendfd, buffer_ptr(&log_msg),
buffer_len(&log_msg)) != buffer_len(&log_msg))
if ((r = sshbuf_put_u32(log_msg, 0)) != 0 || /* length; filled below */
(r = sshbuf_put_u32(log_msg, level)) != 0 ||
(r = sshbuf_put_cstring(log_msg, msg)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
if ((len = sshbuf_len(log_msg)) < 4 || len > 0xffffffff)
fatal("%s: bad length %zu", __func__, len);
POKE_U32(sshbuf_mutable_ptr(log_msg), len - 4);
if (atomicio(vwrite, mon->m_log_sendfd,
sshbuf_mutable_ptr(log_msg), len) != len)
fatal("%s: write: %s", __func__, strerror(errno));
buffer_free(&log_msg);
sshbuf_free(log_msg);
}
int
@ -127,26 +128,29 @@ mm_is_monitor(void)
}
void
mm_request_send(int sock, enum monitor_reqtype type, Buffer *m)
mm_request_send(int sock, enum monitor_reqtype type, struct sshbuf *m)
{
u_int mlen = buffer_len(m);
size_t mlen = sshbuf_len(m);
u_char buf[5];
debug3("%s entering: type %d", __func__, type);
put_u32(buf, mlen + 1);
if (mlen >= 0xffffffff)
fatal("%s: bad length %zu", __func__, mlen);
POKE_U32(buf, mlen + 1);
buf[4] = (u_char) type; /* 1st byte of payload is mesg-type */
if (atomicio(vwrite, sock, buf, sizeof(buf)) != sizeof(buf))
fatal("%s: write: %s", __func__, strerror(errno));
if (atomicio(vwrite, sock, buffer_ptr(m), mlen) != mlen)
if (atomicio(vwrite, sock, sshbuf_mutable_ptr(m), mlen) != mlen)
fatal("%s: write: %s", __func__, strerror(errno));
}
void
mm_request_receive(int sock, Buffer *m)
mm_request_receive(int sock, struct sshbuf *m)
{
u_char buf[4];
u_char buf[4], *p = NULL;
u_int msg_len;
int r;
debug3("%s entering", __func__);
@ -155,24 +159,27 @@ mm_request_receive(int sock, Buffer *m)
cleanup_exit(255);
fatal("%s: read: %s", __func__, strerror(errno));
}
msg_len = get_u32(buf);
msg_len = PEEK_U32(buf);
if (msg_len > 256 * 1024)
fatal("%s: read: bad msg_len %d", __func__, msg_len);
buffer_clear(m);
buffer_append_space(m, msg_len);
if (atomicio(read, sock, buffer_ptr(m), msg_len) != msg_len)
sshbuf_reset(m);
if ((r = sshbuf_reserve(m, msg_len, &p)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
if (atomicio(read, sock, p, msg_len) != msg_len)
fatal("%s: read: %s", __func__, strerror(errno));
}
void
mm_request_receive_expect(int sock, enum monitor_reqtype type, Buffer *m)
mm_request_receive_expect(int sock, enum monitor_reqtype type, struct sshbuf *m)
{
u_char rtype;
int r;
debug3("%s entering: type %d", __func__, type);
mm_request_receive(sock, m);
rtype = buffer_get_char(m);
if ((r = sshbuf_get_u8(m, &rtype)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
if (rtype != type)
fatal("%s: read: rtype %d != type %d", __func__,
rtype, type);
@ -183,20 +190,24 @@ DH *
mm_choose_dh(int min, int nbits, int max)
{
BIGNUM *p, *g;
int success = 0;
Buffer m;
int r;
u_char success = 0;
struct sshbuf *m;
buffer_init(&m);
buffer_put_int(&m, min);
buffer_put_int(&m, nbits);
buffer_put_int(&m, max);
if ((m = sshbuf_new()) == NULL)
fatal("%s: sshbuf_new failed", __func__);
if ((r = sshbuf_put_u32(m, min)) != 0 ||
(r = sshbuf_put_u32(m, nbits)) != 0 ||
(r = sshbuf_put_u32(m, max)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_MODULI, &m);
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_MODULI, m);
debug3("%s: waiting for MONITOR_ANS_MODULI", __func__);
mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_MODULI, &m);
mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_MODULI, m);
success = buffer_get_char(&m);
if ((r = sshbuf_get_u8(m, &success)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
if (success == 0)
fatal("%s: MONITOR_ANS_MODULI failed", __func__);
@ -204,11 +215,12 @@ mm_choose_dh(int min, int nbits, int max)
fatal("%s: BN_new failed", __func__);
if ((g = BN_new()) == NULL)
fatal("%s: BN_new failed", __func__);
buffer_get_bignum2(&m, p);
buffer_get_bignum2(&m, g);
if ((r = sshbuf_get_bignum2(m, p)) != 0 ||
(r = sshbuf_get_bignum2(m, g)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
debug3("%s: remaining %d", __func__, buffer_len(&m));
buffer_free(&m);
debug3("%s: remaining %zu", __func__, sshbuf_len(m));
sshbuf_free(m);
return (dh_new_group(g, p));
}
@ -219,21 +231,30 @@ mm_key_sign(struct sshkey *key, u_char **sigp, u_int *lenp,
const u_char *data, u_int datalen, const char *hostkey_alg)
{
struct kex *kex = *pmonitor->m_pkex;
Buffer m;
struct sshbuf *m;
size_t xxxlen;
u_int ndx = kex->host_key_index(key, 0, active_state);
int r;
debug3("%s entering", __func__);
buffer_init(&m);
buffer_put_int(&m, kex->host_key_index(key, 0, active_state));
buffer_put_string(&m, data, datalen);
buffer_put_cstring(&m, hostkey_alg);
if ((m = sshbuf_new()) == NULL)
fatal("%s: sshbuf_new failed", __func__);
if ((r = sshbuf_put_u32(m, ndx)) != 0 ||
(r = sshbuf_put_string(m, data, datalen)) != 0 ||
(r = sshbuf_put_cstring(m, hostkey_alg)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SIGN, &m);
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SIGN, m);
debug3("%s: waiting for MONITOR_ANS_SIGN", __func__);
mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_SIGN, &m);
*sigp = buffer_get_string(&m, lenp);
buffer_free(&m);
mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_SIGN, m);
if ((r = sshbuf_get_string(m, sigp, &xxxlen)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
if (xxxlen > 0xffffffff)
fatal("%s: bad length %zu", __func__, xxxlen);
*lenp = xxxlen; /* XXX fix API: size_t vs u_int */
sshbuf_free(m);
return (0);
}
@ -242,54 +263,80 @@ struct passwd *
mm_getpwnamallow(const char *username)
{
struct ssh *ssh = active_state; /* XXX */
Buffer m;
struct sshbuf *m;
struct passwd *pw;
u_int len, i;
size_t len;
u_int i;
ServerOptions *newopts;
int r;
u_char ok;
const u_char *p;
debug3("%s entering", __func__);
buffer_init(&m);
buffer_put_cstring(&m, username);
if ((m = sshbuf_new()) == NULL)
fatal("%s: sshbuf_new failed", __func__);
if ((r = sshbuf_put_cstring(m, username)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PWNAM, &m);
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PWNAM, m);
debug3("%s: waiting for MONITOR_ANS_PWNAM", __func__);
mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PWNAM, &m);
mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PWNAM, m);
if (buffer_get_char(&m) == 0) {
if ((r = sshbuf_get_u8(m, &ok)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
if (ok == 0) {
pw = NULL;
goto out;
}
pw = buffer_get_string(&m, &len);
if (len != sizeof(struct passwd))
/* XXX don't like passing struct passwd like this */
pw = xcalloc(sizeof(*pw), 1);
if ((r = sshbuf_get_string_direct(m, &p, &len)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
if (len != sizeof(*pw))
fatal("%s: struct passwd size mismatch", __func__);
pw->pw_name = buffer_get_string(&m, NULL);
pw->pw_passwd = buffer_get_string(&m, NULL);
memcpy(pw, p, sizeof(*pw));
if ((r = sshbuf_get_cstring(m, &pw->pw_name, NULL)) != 0 ||
(r = sshbuf_get_cstring(m, &pw->pw_passwd, NULL)) != 0 ||
#ifdef HAVE_STRUCT_PASSWD_PW_GECOS
pw->pw_gecos = buffer_get_string(&m, NULL);
(r = sshbuf_get_cstring(m, &pw->pw_gecos, NULL)) != 0 ||
#endif
#ifdef HAVE_STRUCT_PASSWD_PW_CLASS
pw->pw_class = buffer_get_string(&m, NULL);
(r = sshbuf_get_cstring(m, &pw->pw_class, NULL)) != 0 ||
#endif
pw->pw_dir = buffer_get_string(&m, NULL);
pw->pw_shell = buffer_get_string(&m, NULL);
(r = sshbuf_get_cstring(m, &pw->pw_dir, NULL)) != 0 ||
(r = sshbuf_get_cstring(m, &pw->pw_shell, NULL)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
out:
/* copy options block as a Match directive may have changed some */
newopts = buffer_get_string(&m, &len);
if ((r = sshbuf_get_string_direct(m, &p, &len)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
if (len != sizeof(*newopts))
fatal("%s: option block size mismatch", __func__);
newopts = xcalloc(sizeof(*newopts), 1);
memcpy(newopts, p, sizeof(*newopts));
#define M_CP_STROPT(x) do { \
if (newopts->x != NULL) \
newopts->x = buffer_get_string(&m, NULL); \
if (newopts->x != NULL) { \
if ((r = sshbuf_get_cstring(m, \
&newopts->x, NULL)) != 0) \
fatal("%s: buffer error: %s", \
__func__, ssh_err(r)); \
} \
} while (0)
#define M_CP_STRARRAYOPT(x, nx) do { \
newopts->x = newopts->nx == 0 ? \
NULL : xcalloc(newopts->nx, sizeof(*newopts->x)); \
for (i = 0; i < newopts->nx; i++) \
newopts->x[i] = buffer_get_string(&m, NULL); \
for (i = 0; i < newopts->nx; i++) { \
if ((r = sshbuf_get_cstring(m, \
&newopts->x[i], NULL)) != 0) \
fatal("%s: buffer error: %s", \
__func__, ssh_err(r)); \
} \
} while (0)
/* See comment in servconf.h */
COPY_MATCH_STRING_OPTS();
@ -301,7 +348,7 @@ out:
process_permitopen(ssh, &options);
free(newopts);
buffer_free(&m);
sshbuf_free(m);
return (pw);
}
@ -309,19 +356,22 @@ out:
char *
mm_auth2_read_banner(void)
{
Buffer m;
struct sshbuf *m;
char *banner;
int r;
debug3("%s entering", __func__);
buffer_init(&m);
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTH2_READ_BANNER, &m);
buffer_clear(&m);
if ((m = sshbuf_new()) == NULL)
fatal("%s: sshbuf_new failed", __func__);
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTH2_READ_BANNER, m);
sshbuf_reset(m);
mm_request_receive_expect(pmonitor->m_recvfd,
MONITOR_ANS_AUTH2_READ_BANNER, &m);
banner = buffer_get_string(&m, NULL);
buffer_free(&m);
MONITOR_ANS_AUTH2_READ_BANNER, m);
if ((r = sshbuf_get_cstring(m, &banner, NULL)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
sshbuf_free(m);
/* treat empty banner as missing banner */
if (strlen(banner) == 0) {
@ -336,41 +386,50 @@ mm_auth2_read_banner(void)
void
mm_inform_authserv(char *service, char *style)
{
Buffer m;
struct sshbuf *m;
int r;
debug3("%s entering", __func__);
buffer_init(&m);
buffer_put_cstring(&m, service);
buffer_put_cstring(&m, style ? style : "");
if ((m = sshbuf_new()) == NULL)
fatal("%s: sshbuf_new failed", __func__);
if ((r = sshbuf_put_cstring(m, service)) != 0 ||
(r = sshbuf_put_cstring(m, style ? style : "")) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHSERV, &m);
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHSERV, m);
buffer_free(&m);
sshbuf_free(m);
}
/* Do the password authentication */
int
mm_auth_password(struct ssh *ssh, char *password)
{
Buffer m;
int authenticated = 0;
struct sshbuf *m;
int r, maxtries = 0, authenticated = 0;
debug3("%s entering", __func__);
buffer_init(&m);
buffer_put_cstring(&m, password);
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHPASSWORD, &m);
if ((m = sshbuf_new()) == NULL)
fatal("%s: sshbuf_new failed", __func__);
if ((r = sshbuf_put_cstring(m, password)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHPASSWORD, m);
debug3("%s: waiting for MONITOR_ANS_AUTHPASSWORD", __func__);
mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUTHPASSWORD, &m);
mm_request_receive_expect(pmonitor->m_recvfd,
MONITOR_ANS_AUTHPASSWORD, m);
authenticated = buffer_get_int(&m);
if ((r = sshbuf_get_u32(m, &authenticated)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
#ifdef USE_PAM
sshpam_set_maxtries_reached(buffer_get_int(&m));
if ((r = sshbuf_get_u32(m, &maxtries)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
sshpam_set_maxtries_reached(maxtries);
#endif
buffer_free(&m);
sshbuf_free(m);
debug3("%s: user %sauthenticated",
__func__, authenticated ? "" : "not ");
@ -396,9 +455,7 @@ int
mm_key_allowed(enum mm_keytype type, const char *user, const char *host,
struct sshkey *key, int pubkey_auth_attempt, struct sshauthopt **authoptp)
{
Buffer m;
u_char *blob;
u_int len;
struct sshbuf *m;
int r, allowed = 0;
struct sshauthopt *opts = NULL;
@ -407,31 +464,29 @@ mm_key_allowed(enum mm_keytype type, const char *user, const char *host,
if (authoptp != NULL)
*authoptp = NULL;
/* Convert the key to a blob and the pass it over */
if (!key_to_blob(key, &blob, &len))
return 0;
if ((m = sshbuf_new()) == NULL)
fatal("%s: sshbuf_new failed", __func__);
if ((r = sshbuf_put_u32(m, type)) != 0 ||
(r = sshbuf_put_cstring(m, user ? user : "")) != 0 ||
(r = sshbuf_put_cstring(m, host ? host : "")) != 0 ||
(r = sshkey_puts(key, m)) != 0 ||
(r = sshbuf_put_u32(m, pubkey_auth_attempt)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
buffer_init(&m);
buffer_put_int(&m, type);
buffer_put_cstring(&m, user ? user : "");
buffer_put_cstring(&m, host ? host : "");
buffer_put_string(&m, blob, len);
buffer_put_int(&m, pubkey_auth_attempt);
free(blob);
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYALLOWED, &m);
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYALLOWED, m);
debug3("%s: waiting for MONITOR_ANS_KEYALLOWED", __func__);
mm_request_receive_expect(pmonitor->m_recvfd,
MONITOR_ANS_KEYALLOWED, &m);
MONITOR_ANS_KEYALLOWED, m);
allowed = buffer_get_int(&m);
if ((r = sshbuf_get_u32(m, &allowed)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
if (allowed && type == MM_USERKEY) {
if ((r = sshauthopt_deserialise(&m, &opts)) != 0)
if ((r = sshauthopt_deserialise(m, &opts)) != 0)
fatal("%s: sshauthopt_deserialise: %s",
__func__, ssh_err(r));
}
buffer_free(&m);
sshbuf_free(m);
if (authoptp != NULL) {
*authoptp = opts;
@ -452,32 +507,31 @@ int
mm_sshkey_verify(const struct sshkey *key, const u_char *sig, size_t siglen,
const u_char *data, size_t datalen, const char *sigalg, u_int compat)
{
Buffer m;
u_char *blob;
u_int len;
struct sshbuf *m;
u_int encoded_ret = 0;
int r;
debug3("%s entering", __func__);
/* Convert the key to a blob and the pass it over */
if (!key_to_blob(key, &blob, &len))
return (0);
buffer_init(&m);
buffer_put_string(&m, blob, len);
buffer_put_string(&m, sig, siglen);
buffer_put_string(&m, data, datalen);
buffer_put_cstring(&m, sigalg == NULL ? "" : sigalg);
free(blob);
if ((m = sshbuf_new()) == NULL)
fatal("%s: sshbuf_new failed", __func__);
if ((r = sshkey_puts(key, m)) != 0 ||
(r = sshbuf_put_string(m, sig, siglen)) != 0 ||
(r = sshbuf_put_string(m, data, datalen)) != 0 ||
(r = sshbuf_put_cstring(m, sigalg == NULL ? "" : sigalg)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYVERIFY, &m);
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYVERIFY, m);
debug3("%s: waiting for MONITOR_ANS_KEYVERIFY", __func__);
mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_KEYVERIFY, &m);
mm_request_receive_expect(pmonitor->m_recvfd,
MONITOR_ANS_KEYVERIFY, m);
encoded_ret = buffer_get_int(&m);
if ((r = sshbuf_get_u32(m, &encoded_ret)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
buffer_free(&m);
sshbuf_free(m);
if (encoded_ret != 0)
return SSH_ERR_SIGNATURE_INVALID;
@ -504,7 +558,7 @@ mm_send_keystate(struct monitor *monitor)
int
mm_pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, size_t namebuflen)
{
Buffer m;
struct sshbuf *m;
char *p, *msg;
int success = 0, tmp1 = -1, tmp2 = -1, r;
@ -521,21 +575,24 @@ mm_pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, size_t namebuflen)
close(tmp1);
close(tmp2);
buffer_init(&m);
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PTY, &m);
if ((m = sshbuf_new()) == NULL)
fatal("%s: sshbuf_new failed", __func__);
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PTY, m);
debug3("%s: waiting for MONITOR_ANS_PTY", __func__);
mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PTY, &m);
mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PTY, m);
success = buffer_get_int(&m);
if ((r = sshbuf_get_u32(m, &success)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
if (success == 0) {
debug3("%s: pty alloc failed", __func__);
buffer_free(&m);
sshbuf_free(m);
return (0);
}
p = buffer_get_string(&m, NULL);
msg = buffer_get_string(&m, NULL);
buffer_free(&m);
if ((r = sshbuf_get_cstring(m, &p, NULL)) != 0 ||
(r = sshbuf_get_cstring(m, &msg, NULL)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
sshbuf_free(m);
strlcpy(namebuf, p, namebuflen); /* Possible truncation */
free(p);
@ -555,14 +612,17 @@ mm_pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, size_t namebuflen)
void
mm_session_pty_cleanup2(Session *s)
{
Buffer m;
struct sshbuf *m;
int r;
if (s->ttyfd == -1)
return;
buffer_init(&m);
buffer_put_cstring(&m, s->tty);
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PTYCLEANUP, &m);
buffer_free(&m);
if ((m = sshbuf_new()) == NULL)
fatal("%s: sshbuf_new failed", __func__);
if ((r = sshbuf_put_cstring(m, s->tty)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PTYCLEANUP, m);
sshbuf_free(m);
/* closed dup'ed master */
if (s->ptymaster != -1 && close(s->ptymaster) < 0)
@ -710,11 +770,12 @@ mm_sshpam_free_ctx(void *ctxtp)
void
mm_terminate(void)
{
Buffer m;
struct sshbuf *m;
buffer_init(&m);
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_TERM, &m);
buffer_free(&m);
if ((m = sshbuf_new()) == NULL)
fatal("%s: sshbuf_new failed", __func__);
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_TERM, m);
sshbuf_free(m);
}
static void
@ -733,27 +794,31 @@ int
mm_bsdauth_query(void *ctx, char **name, char **infotxt,
u_int *numprompts, char ***prompts, u_int **echo_on)
{
Buffer m;
struct sshbuf *m;
u_int success;
char *challenge;
int r;
debug3("%s: entering", __func__);
buffer_init(&m);
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_BSDAUTHQUERY, &m);
if ((m = sshbuf_new()) == NULL)
fatal("%s: sshbuf_new failed", __func__);
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_BSDAUTHQUERY, m);
mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_BSDAUTHQUERY,
&m);
success = buffer_get_int(&m);
mm_request_receive_expect(pmonitor->m_recvfd,
MONITOR_ANS_BSDAUTHQUERY, m);
if ((r = sshbuf_get_u32(m, &success)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
if (success == 0) {
debug3("%s: no challenge", __func__);
buffer_free(&m);
sshbuf_free(m);
return (-1);
}
/* Get the challenge, and format the response */
challenge = buffer_get_string(&m, NULL);
buffer_free(&m);
if ((r = sshbuf_get_cstring(m, &challenge, NULL)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
sshbuf_free(m);
mm_chall_setup(name, infotxt, numprompts, prompts, echo_on);
(*prompts)[0] = challenge;
@ -766,22 +831,25 @@ mm_bsdauth_query(void *ctx, char **name, char **infotxt,
int
mm_bsdauth_respond(void *ctx, u_int numresponses, char **responses)
{
Buffer m;
int authok;
struct sshbuf *m;
int r, authok;
debug3("%s: entering", __func__);
if (numresponses != 1)
return (-1);
buffer_init(&m);
buffer_put_cstring(&m, responses[0]);
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_BSDAUTHRESPOND, &m);
if ((m = sshbuf_new()) == NULL)
fatal("%s: sshbuf_new failed", __func__);
if ((r = sshbuf_put_cstring(m, responses[0])) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_BSDAUTHRESPOND, m);
mm_request_receive_expect(pmonitor->m_recvfd,
MONITOR_ANS_BSDAUTHRESPOND, &m);
MONITOR_ANS_BSDAUTHRESPOND, m);
authok = buffer_get_int(&m);
buffer_free(&m);
if ((r = sshbuf_get_u32(m, &authok)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
sshbuf_free(m);
return ((authok == 0) ? -1 : 0);
}
@ -881,45 +949,55 @@ mm_audit_run_command(const char *command)
OM_uint32
mm_ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID goid)
{
Buffer m;
struct sshbuf *m;
OM_uint32 major;
int r;
/* Client doesn't get to see the context */
*ctx = NULL;
buffer_init(&m);
buffer_put_string(&m, goid->elements, goid->length);
if ((m = sshbuf_new()) == NULL)
fatal("%s: sshbuf_new failed", __func__);
if ((r = sshbuf_put_string(m, goid->elements, goid->length)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSETUP, &m);
mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSETUP, &m);
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSETUP, m);
mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSETUP, m);
major = buffer_get_int(&m);
if ((r = sshbuf_get_u32(m, &major)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
buffer_free(&m);
sshbuf_free(m);
return (major);
}
OM_uint32
mm_ssh_gssapi_accept_ctx(Gssctxt *ctx, gss_buffer_desc *in,
gss_buffer_desc *out, OM_uint32 *flags)
gss_buffer_desc *out, OM_uint32 *flagsp)
{
Buffer m;
struct sshbuf *m;
OM_uint32 major;
u_int len;
u_int flags;
int r;
buffer_init(&m);
buffer_put_string(&m, in->value, in->length);
if ((m = sshbuf_new()) == NULL)
fatal("%s: sshbuf_new failed", __func__);
if ((r = sshbuf_put_string(m, in->value, in->length)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSTEP, &m);
mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSTEP, &m);
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSTEP, m);
mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSTEP, m);
major = buffer_get_int(&m);
out->value = buffer_get_string(&m, &len);
out->length = len;
if (flags)
*flags = buffer_get_int(&m);
if ((r = sshbuf_get_u32(m, &major)) != 0 ||
(r = sshbuf_get_string(m, &out->value, &out->length)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
if (flagsp != NULL) {
if ((r = sshbuf_get_u32(m, &flags)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
*flagsp = flags;
}
buffer_free(&m);
sshbuf_free(m);
return (major);
}
@ -927,39 +1005,44 @@ mm_ssh_gssapi_accept_ctx(Gssctxt *ctx, gss_buffer_desc *in,
OM_uint32
mm_ssh_gssapi_checkmic(Gssctxt *ctx, gss_buffer_t gssbuf, gss_buffer_t gssmic)
{
Buffer m;
struct sshbuf *m;
OM_uint32 major;
int r;
buffer_init(&m);
buffer_put_string(&m, gssbuf->value, gssbuf->length);
buffer_put_string(&m, gssmic->value, gssmic->length);
if ((m = sshbuf_new()) == NULL)
fatal("%s: sshbuf_new failed", __func__);
if ((r = sshbuf_put_string(m, gssbuf->value, gssbuf->length)) != 0 ||
(r = sshbuf_put_string(m, gssmic->value, gssmic->length)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSCHECKMIC, &m);
mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSCHECKMIC,
&m);
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSCHECKMIC, m);
mm_request_receive_expect(pmonitor->m_recvfd,
MONITOR_ANS_GSSCHECKMIC, m);
major = buffer_get_int(&m);
buffer_free(&m);
if ((r = sshbuf_get_u32(m, &major)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
sshbuf_free(m);
return(major);
}
int
mm_ssh_gssapi_userok(char *user)
{
Buffer m;
int authenticated = 0;
struct sshbuf *m;
int r, authenticated = 0;
buffer_init(&m);
if ((m = sshbuf_new()) == NULL)
fatal("%s: sshbuf_new failed", __func__);
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSUSEROK, &m);
mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSUSEROK,
&m);
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSUSEROK, m);
mm_request_receive_expect(pmonitor->m_recvfd,
MONITOR_ANS_GSSUSEROK, m);
authenticated = buffer_get_int(&m);
if ((r = sshbuf_get_u32(m, &authenticated)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
buffer_free(&m);
sshbuf_free(m);
debug3("%s: user %sauthenticated",__func__, authenticated ? "" : "not ");
return (authenticated);
}
#endif /* GSSAPI */