int mm_answer_sesskey(int sock, Buffer *m) { BIGNUM *p; int rsafail; /* Turn off permissions */ monitor_permit(mon_dispatch, MONITOR_REQ_SESSKEY, 0); if ((p = BN_new()) == NULL) fatal("%s: BN_new", __func__); buffer_get_bignum2(m, p); rsafail = ssh1_session_key(p); buffer_clear(m); buffer_put_int(m, rsafail); buffer_put_bignum2(m, p); BN_clear_free(p); mm_request_send(sock, MONITOR_ANS_SESSKEY, m); /* Turn on permissions for sessid passing */ monitor_permit(mon_dispatch, MONITOR_REQ_SESSID, 1); return (0); }
int mm_answer_gss_accept_ctx(int sock, struct sshbuf *m) { gss_buffer_desc in; gss_buffer_desc out = GSS_C_EMPTY_BUFFER; OM_uint32 major, minor; OM_uint32 flags = 0; /* GSI needs this */ size_t len; u_char *p; int r; if ((r = sshbuf_get_string(m, &p, &len)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); in.value = p; in.length = len; major = ssh_gssapi_accept_ctx(gsscontext, &in, &out, &flags); free(in.value); sshbuf_reset(m); if ((r = sshbuf_put_u32(m, major)) != 0 || (r = sshbuf_put_string(m, out.value, out.length)) != 0 || (r = sshbuf_put_u32(m, flags)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); mm_request_send(sock, MONITOR_ANS_GSSSTEP, m); gss_release_buffer(&minor, &out); if (major == GSS_S_COMPLETE) { monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 0); monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1); monitor_permit(mon_dispatch, MONITOR_REQ_GSSCHECKMIC, 1); } return 0; }
int mm_answer_gss_accept_ctx(int sock, Buffer *m) { gss_buffer_desc in; gss_buffer_desc out = GSS_C_EMPTY_BUFFER; OM_uint32 major, minor; OM_uint32 flags = 0; /* GSI needs this */ u_int len; in.value = buffer_get_string(m, &len); in.length = len; major = ssh_gssapi_accept_ctx(gsscontext, &in, &out, &flags); xfree(in.value); buffer_clear(m); buffer_put_int(m, major); buffer_put_string(m, out.value, out.length); buffer_put_int(m, flags); mm_request_send(sock, MONITOR_ANS_GSSSTEP, m); gss_release_buffer(&minor, &out); if (major == GSS_S_COMPLETE) { monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 0); monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1); monitor_permit(mon_dispatch, MONITOR_REQ_GSSCHECKMIC, 1); } return (0); }
void monitor_child_postauth(struct monitor *pmonitor) { close(pmonitor->m_recvfd); pmonitor->m_recvfd = -1; monitor_set_child_handler(pmonitor->m_pid); signal(SIGHUP, &monitor_child_handler); signal(SIGTERM, &monitor_child_handler); signal(SIGINT, &monitor_child_handler); #ifdef SIGXFSZ signal(SIGXFSZ, SIG_IGN); #endif mon_dispatch = mon_dispatch_postauth20; /* Permit requests for moduli and signatures */ monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1); monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1); monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1); if (!no_pty_flag) { monitor_permit(mon_dispatch, MONITOR_REQ_PTY, 1); monitor_permit(mon_dispatch, MONITOR_REQ_PTYCLEANUP, 1); } for (;;) monitor_read(pmonitor, mon_dispatch, NULL); }
int mm_answer_sesskey(int sock, struct sshbuf *m) { BIGNUM *p; int r, rsafail; /* Turn off permissions */ monitor_permit(mon_dispatch, MONITOR_REQ_SESSKEY, 0); if ((p = BN_new()) == NULL) fatal("%s: BN_new", __func__); if ((r = sshbuf_get_bignum2(m, p)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); rsafail = ssh1_session_key(p); sshbuf_reset(m); if ((r = sshbuf_put_u32(m, rsafail)) != 0 || (r = sshbuf_put_bignum2(m, p)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); BN_clear_free(p); mm_request_send(sock, MONITOR_ANS_SESSKEY, m); /* Turn on permissions for sessid passing */ monitor_permit(mon_dispatch, MONITOR_REQ_SESSID, 1); return (0); }
int mm_answer_pwnamallow(int sock, Buffer *m) { char *username; struct passwd *pwent; int allowed = 0; debug3("%s", __func__); if (authctxt->attempt++ != 0) fatal("%s: multiple attempts for getpwnam", __func__); username = buffer_get_string(m, NULL); pwent = getpwnamallow(username); authctxt->user = xstrdup(username); setproctitle("%s [priv]", pwent ? username : "******"); xfree(username); buffer_clear(m); if (pwent == NULL) { buffer_put_char(m, 0); authctxt->pw = fakepw(); goto out; } allowed = 1; authctxt->pw = pwent; authctxt->valid = 1; buffer_put_char(m, 1); buffer_put_string(m, pwent, sizeof(struct passwd)); buffer_put_cstring(m, pwent->pw_name); buffer_put_cstring(m, "*"); buffer_put_cstring(m, pwent->pw_gecos); buffer_put_cstring(m, pwent->pw_class); buffer_put_cstring(m, pwent->pw_dir); buffer_put_cstring(m, pwent->pw_shell); out: buffer_put_string(m, &options, sizeof(options)); if (options.banner != NULL) buffer_put_cstring(m, options.banner); debug3("%s: sending MONITOR_ANS_PWNAM: %d", __func__, allowed); mm_request_send(sock, MONITOR_ANS_PWNAM, m); /* For SSHv1 allow authentication now */ if (!compat20) monitor_permit_authentications(1); else { /* Allow service/style information on the auth context */ monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1); monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1); } return (0); }
Authctxt * monitor_child_preauth(struct monitor *pmonitor) { struct mon_table *ent; int authenticated = 0; debug3("preauth child monitor started"); if (compat20) { mon_dispatch = mon_dispatch_proto20; /* Permit requests for moduli and signatures */ monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1); monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1); } else { mon_dispatch = mon_dispatch_proto15; monitor_permit(mon_dispatch, MONITOR_REQ_SESSKEY, 1); } authctxt = authctxt_new(); /* The first few requests do not require asynchronous access */ while (!authenticated) { authenticated = monitor_read(pmonitor, mon_dispatch, &ent); if (authenticated) { if (!(ent->flags & MON_AUTHDECIDE)) fatal("%s: unexpected authentication from %d", __func__, ent->type); if (authctxt->pw->pw_uid == 0 && !auth_root_allowed(auth_method)) authenticated = 0; #ifdef USE_PAM if (!do_pam_account(authctxt->pw->pw_name, NULL)) authenticated = 0; #endif } if (ent->flags & MON_AUTHDECIDE) { auth_log(authctxt, authenticated, auth_method, compat20 ? " ssh2" : ""); if (!authenticated) authctxt->failures++; } } if (!authctxt->valid) fatal("%s: authenticated invalid user", __func__); debug("%s: %s has been authenticated by privileged process", __func__, authctxt->user); mm_get_keystate(pmonitor); return (authctxt); }
int mm_answer_rsa_keyallowed(int sock, struct sshbuf *m) { BIGNUM *client_n; struct sshkey *key = NULL; u_char *blob = NULL; size_t blen = 0; int r, allowed = 0; debug3("%s entering", __func__); auth_method = "rsa"; if (options.rsa_authentication && authctxt->valid) { if ((client_n = BN_new()) == NULL) fatal("%s: BN_new", __func__); if ((r = sshbuf_get_bignum2(m, client_n)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); allowed = auth_rsa_key_allowed(authctxt->pw, client_n, &key); BN_clear_free(client_n); } sshbuf_reset(m); if ((r = sshbuf_put_u32(m, allowed)) != 0 || (r = sshbuf_put_u32(m, forced_command != NULL)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); /* clear temporarily storage (used by generate challenge) */ monitor_reset_key_state(); if (allowed && key != NULL) { key->type = KEY_RSA; /* cheat for key_to_blob */ if ((r = sshkey_to_blob(key, &blob, &blen)) != 0) fatal("%s: key_to_blob failed: %s", __func__, ssh_err(r)); if ((r = sshbuf_put_string(m, blob, blen)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); /* Save temporarily for comparison in verify */ key_blob = blob; key_bloblen = blen; key_blobtype = MM_RSAUSERKEY; } if (key != NULL) sshkey_free(key); mm_request_send(sock, MONITOR_ANS_RSAKEYALLOWED, m); monitor_permit(mon_dispatch, MONITOR_REQ_RSACHALLENGE, allowed); monitor_permit(mon_dispatch, MONITOR_REQ_RSARESPONSE, 0); return (0); }
int mm_answer_pam_start(int sock, Buffer *m) { if (!options.use_pam) fatal("UsePAM not set, but ended up in %s anyway", __func__); start_pam(authctxt); monitor_permit(mon_dispatch, MONITOR_REQ_PAM_ACCOUNT, 1); if (options.kbd_interactive_authentication) monitor_permit(mon_dispatch, MONITOR_REQ_PAM_INIT_CTX, 1); return (0); }
int mm_answer_gss_checkmic(int sock, struct sshbuf *m) { gss_buffer_desc gssbuf, mic; OM_uint32 ret; size_t len; int r; u_char *p; if ((r = sshbuf_get_string(m, &p, &len)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); gssbuf.value = p; gssbuf.length = len; if ((r = sshbuf_get_string(m, &p, &len)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); mic.value = p; mic.length = len; ret = ssh_gssapi_checkmic(gsscontext, &gssbuf, &mic); free(gssbuf.value); free(mic.value); sshbuf_reset(m); if ((r = sshbuf_put_u32(m, ret)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); mm_request_send(sock, MONITOR_ANS_GSSCHECKMIC, m); if (!GSS_ERROR(ret)) monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1); return 0; }
int mm_answer_gss_setup_ctx(int sock, struct sshbuf *m) { gss_OID_desc goid; OM_uint32 major; size_t len; u_char *p; int r; if ((r = sshbuf_get_string(m, &p, &len)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); goid.elements = p; goid.length = len; major = ssh_gssapi_server_ctx(&gsscontext, &goid); free(goid.elements); sshbuf_reset(m); if ((r = sshbuf_put_u32(m, major)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); mm_request_send(sock, MONITOR_ANS_GSSSETUP, m); /* Now we have a context, enable the step */ monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 1); return (0); }
int mm_answer_jpake_check_confirm(int sock, Buffer *m) { int authenticated = 0; u_char *peer_confirm_hash; u_int peer_confirm_hash_len; struct jpake_ctx *pctx = authctxt->jpake_ctx; if (pctx == NULL) fatal("%s: pctx == NULL", __func__); peer_confirm_hash = buffer_get_string(m, &peer_confirm_hash_len); authenticated = jpake_check_confirm(pctx->k, pctx->client_id, pctx->client_id_len, session_id2, session_id2_len, peer_confirm_hash, peer_confirm_hash_len) && authctxt->valid; JPAKE_DEBUG_CTX((pctx, "check_confirm done in %s", __func__)); bzero(peer_confirm_hash, peer_confirm_hash_len); xfree(peer_confirm_hash); buffer_clear(m); buffer_put_int(m, authenticated); debug3("%s: sending result %d", __func__, authenticated); mm_request_send(sock, MONITOR_ANS_JPAKE_CHECK_CONFIRM, m); monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_STEP1, 1); auth_method = "*****@*****.**"; return authenticated; }
int mm_answer_gss_setup_ctx(int sock, Buffer *m) { gss_OID_desc goid; OM_uint32 major; u_int len; if (!options.gss_authentication) fatal("%s: GSSAPI authentication not enabled", __func__); goid.elements = buffer_get_string(m, &len); goid.length = len; major = ssh_gssapi_server_ctx(&gsscontext, &goid); free(goid.elements); buffer_clear(m); buffer_put_int(m, major); mm_request_send(sock, MONITOR_ANS_GSSSETUP, m); /* Now we have a context, enable the step */ monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 1); return (0); }
int mm_answer_gss_checkmic(int sock, Buffer *m) { gss_buffer_desc gssbuf, mic; OM_uint32 ret; u_int len; gssbuf.value = buffer_get_string(m, &len); gssbuf.length = len; mic.value = buffer_get_string(m, &len); mic.length = len; ret = ssh_gssapi_checkmic(gsscontext, &gssbuf, &mic); xfree(gssbuf.value); xfree(mic.value); buffer_clear(m); buffer_put_int(m, ret); mm_request_send(sock, MONITOR_ANS_GSSCHECKMIC, m); if (!GSS_ERROR(ret)) monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1); return (0); }
int mm_answer_rsa_challenge(int sock, Buffer *m) { Key *key = NULL; u_char *blob; u_int blen; debug3("%s entering", __func__); if (!authctxt->valid) fatal("%s: authctxt not valid", __func__); blob = buffer_get_string(m, &blen); if (!monitor_allowed_key(blob, blen)) fatal("%s: bad key, not previously allowed", __func__); if (key_blobtype != MM_RSAUSERKEY && key_blobtype != MM_RSAHOSTKEY) fatal("%s: key type mismatch", __func__); if ((key = key_from_blob(blob, blen)) == NULL) fatal("%s: received bad key", __func__); if (ssh1_challenge) BN_clear_free(ssh1_challenge); ssh1_challenge = auth_rsa_generate_challenge(key); buffer_clear(m); buffer_put_bignum2(m, ssh1_challenge); debug3("%s sending reply", __func__); mm_request_send(sock, MONITOR_ANS_RSACHALLENGE, m); monitor_permit(mon_dispatch, MONITOR_REQ_RSARESPONSE, 1); xfree(blob); key_free(key); return (0); }
int mm_answer_jpake_get_pwdata(int sock, Buffer *m) { struct jpake_ctx *pctx = authctxt->jpake_ctx; char *hash_scheme, *salt; if (pctx == NULL) fatal("%s: pctx == NULL", __func__); auth2_jpake_get_pwdata(authctxt, &pctx->s, &hash_scheme, &salt); buffer_clear(m); /* pctx->s is sensitive, not returned to slave */ buffer_put_cstring(m, hash_scheme); buffer_put_cstring(m, salt); debug3("%s: sending pwdata", __func__); mm_request_send(sock, MONITOR_ANS_JPAKE_GET_PWDATA, m); bzero(hash_scheme, strlen(hash_scheme)); bzero(salt, strlen(salt)); xfree(hash_scheme); xfree(salt); monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_STEP2, 1); return 0; }
int mm_answer_rsa_keyallowed(int socket, Buffer *m) { BIGNUM *client_n; Key *key = NULL; u_char *blob = NULL; u_int blen = 0; int allowed = 0; debug3("%s entering", __func__); if (options.rsa_authentication && authctxt->valid) { if ((client_n = BN_new()) == NULL) fatal("%s: BN_new", __func__); buffer_get_bignum2(m, client_n); allowed = auth_rsa_key_allowed(authctxt->pw, client_n, &key); BN_clear_free(client_n); } buffer_clear(m); buffer_put_int(m, allowed); /* clear temporarily storage (used by generate challenge) */ monitor_reset_key_state(); if (allowed && key != NULL) { key->type = KEY_RSA; /* cheat for key_to_blob */ if (key_to_blob(key, &blob, &blen) == 0) fatal("%s: key_to_blob failed", __func__); buffer_put_string(m, blob, blen); /* Save temporarily for comparison in verify */ key_blob = blob; key_bloblen = blen; key_blobtype = MM_RSAUSERKEY; key_free(key); } mm_append_debug(m); mm_request_send(socket, MONITOR_ANS_RSAKEYALLOWED, m); monitor_permit(mon_dispatch, MONITOR_REQ_RSACHALLENGE, allowed); monitor_permit(mon_dispatch, MONITOR_REQ_RSARESPONSE, 0); return (0); }
int mm_answer_jpake_step1(int sock, Buffer *m) { struct jpake_ctx *pctx; u_char *x3_proof, *x4_proof; u_int x3_proof_len, x4_proof_len; if (!options.zero_knowledge_password_authentication) fatal("zero_knowledge_password_authentication disabled"); if (authctxt->jpake_ctx != NULL) fatal("%s: authctxt->jpake_ctx already set (%p)", __func__, authctxt->jpake_ctx); authctxt->jpake_ctx = pctx = jpake_new(); jpake_step1(pctx->grp, &pctx->server_id, &pctx->server_id_len, &pctx->x3, &pctx->x4, &pctx->g_x3, &pctx->g_x4, &x3_proof, &x3_proof_len, &x4_proof, &x4_proof_len); JPAKE_DEBUG_CTX((pctx, "step1 done in %s", __func__)); buffer_clear(m); buffer_put_string(m, pctx->server_id, pctx->server_id_len); buffer_put_bignum2(m, pctx->g_x3); buffer_put_bignum2(m, pctx->g_x4); buffer_put_string(m, x3_proof, x3_proof_len); buffer_put_string(m, x4_proof, x4_proof_len); debug3("%s: sending step1", __func__); mm_request_send(sock, MONITOR_ANS_JPAKE_STEP1, m); bzero(x3_proof, x3_proof_len); bzero(x4_proof, x4_proof_len); xfree(x3_proof); xfree(x4_proof); monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_GET_PWDATA, 1); monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_STEP1, 0); return 0; }
int mm_answer_pam_init_ctx(int sock, Buffer *m) { debug3("%s", __func__); if (!options.kbd_interactive_authentication) fatal("%s: kbd-int authentication not enabled", __func__); if (sshpam_ctxt != NULL) fatal("%s: already called", __func__); sshpam_ctxt = (sshpam_device.init_ctx)(authctxt); sshpam_authok = NULL; buffer_clear(m); if (sshpam_ctxt != NULL) { monitor_permit(mon_dispatch, MONITOR_REQ_PAM_FREE_CTX, 1); monitor_permit(mon_dispatch, MONITOR_REQ_PAM_QUERY, 1); buffer_put_int(m, 1); } else { buffer_put_int(m, 0); } mm_request_send(sock, MONITOR_ANS_PAM_INIT_CTX, m); return (0); }
void monitor_child_postauth(struct monitor *pmonitor) { monitor_set_child_handler(pmonitor->m_pid); signal(SIGHUP, &monitor_child_handler); signal(SIGTERM, &monitor_child_handler); if (compat20) { mon_dispatch = mon_dispatch_postauth20; /* Permit requests for moduli and signatures */ monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1); monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1); monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1); } else { mon_dispatch = mon_dispatch_postauth15; monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1); } if (!no_pty_flag) { monitor_permit(mon_dispatch, MONITOR_REQ_PTY, 1); monitor_permit(mon_dispatch, MONITOR_REQ_PTYCLEANUP, 1); } for (;;) monitor_read(pmonitor, mon_dispatch, NULL); }
int mm_answer_jpake_step2(int sock, Buffer *m) { struct jpake_ctx *pctx = authctxt->jpake_ctx; u_char *x1_proof, *x2_proof, *x4_s_proof; u_int x1_proof_len, x2_proof_len, x4_s_proof_len; if (pctx == NULL) fatal("%s: pctx == NULL", __func__); if ((pctx->g_x1 = BN_new()) == NULL || (pctx->g_x2 = BN_new()) == NULL) fatal("%s: BN_new", __func__); buffer_get_bignum2(m, pctx->g_x1); buffer_get_bignum2(m, pctx->g_x2); pctx->client_id = buffer_get_string(m, &pctx->client_id_len); x1_proof = buffer_get_string(m, &x1_proof_len); x2_proof = buffer_get_string(m, &x2_proof_len); jpake_step2(pctx->grp, pctx->s, pctx->g_x3, pctx->g_x1, pctx->g_x2, pctx->x4, pctx->client_id, pctx->client_id_len, pctx->server_id, pctx->server_id_len, x1_proof, x1_proof_len, x2_proof, x2_proof_len, &pctx->b, &x4_s_proof, &x4_s_proof_len); JPAKE_DEBUG_CTX((pctx, "step2 done in %s", __func__)); bzero(x1_proof, x1_proof_len); bzero(x2_proof, x2_proof_len); xfree(x1_proof); xfree(x2_proof); buffer_clear(m); buffer_put_bignum2(m, pctx->b); buffer_put_string(m, x4_s_proof, x4_s_proof_len); debug3("%s: sending step2", __func__); mm_request_send(sock, MONITOR_ANS_JPAKE_STEP2, m); bzero(x4_s_proof, x4_s_proof_len); xfree(x4_s_proof); monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_KEY_CONFIRM, 1); return 0; }
int mm_answer_sign(int sock, Buffer *m) { Key *key; u_char *p; u_char *signature; u_int siglen, datlen; int keyid; debug3("%s", __func__); keyid = buffer_get_int(m); p = buffer_get_string(m, &datlen); /* * Supported KEX types will only return SHA1 (20 byte) or * SHA256 (32 byte) hashes */ if (datlen != 20 && datlen != 32) fatal("%s: data length incorrect: %u", __func__, datlen); /* save session id, it will be passed on the first call */ if (session_id2_len == 0) { session_id2_len = datlen; session_id2 = xmalloc(session_id2_len); memcpy(session_id2, p, session_id2_len); } if ((key = get_hostkey_by_index(keyid)) == NULL) fatal("%s: no hostkey from index %d", __func__, keyid); if (key_sign(key, &signature, &siglen, p, datlen) < 0) fatal("%s: key_sign failed", __func__); debug3("%s: signature %p(%u)", __func__, signature, siglen); buffer_clear(m); buffer_put_string(m, signature, siglen); xfree(p); xfree(signature); mm_request_send(sock, MONITOR_ANS_SIGN, m); /* Turn on permissions for getpwnam */ monitor_permit(mon_dispatch, MONITOR_REQ_PWNAM, 1); return (0); }
int mm_answer_sessid(int sock, Buffer *m) { int i; debug3("%s entering", __func__); if (buffer_len(m) != 16) fatal("%s: bad ssh1 session id", __func__); for (i = 0; i < 16; i++) session_id[i] = buffer_get_char(m); /* Turn on permissions for getpwnam */ monitor_permit(mon_dispatch, MONITOR_REQ_PWNAM, 1); return (0); }
int mm_answer_pam_init_ctx(int sock, Buffer *m) { debug3("%s", __func__); authctxt->user = buffer_get_string(m, NULL); sshpam_ctxt = (sshpam_device.init_ctx)(authctxt); sshpam_authok = NULL; buffer_clear(m); if (sshpam_ctxt != NULL) { monitor_permit(mon_dispatch, MONITOR_REQ_PAM_FREE_CTX, 1); buffer_put_int(m, 1); } else { buffer_put_int(m, 0); } mm_request_send(sock, MONITOR_ANS_PAM_INIT_CTX, m); return (0); }
int mm_answer_pam_free_ctx(int sock, Buffer *m) { int r = sshpam_authok != NULL && sshpam_authok == sshpam_ctxt; debug3("%s", __func__); if (sshpam_ctxt == NULL) fatal("%s: no context", __func__); (sshpam_device.free_ctx)(sshpam_ctxt); sshpam_ctxt = sshpam_authok = NULL; buffer_clear(m); mm_request_send(sock, MONITOR_ANS_PAM_FREE_CTX, m); /* Allow another attempt */ monitor_permit(mon_dispatch, MONITOR_REQ_PAM_INIT_CTX, 1); auth_method = "keyboard-interactive"; auth_submethod = "pam"; return r; }
int mm_answer_sessid(int sock, struct sshbuf *m) { int r; debug3("%s entering", __func__); if (sshbuf_len(m) != 16) fatal("%s: bad ssh1 session id, len = %zu", __func__, sshbuf_len(m)); if ((r = sshbuf_get(m, session_id, 16)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); /* Turn on permissions for getpwnam */ monitor_permit(mon_dispatch, MONITOR_REQ_PWNAM, 1); return (0); }
int mm_answer_rsa_challenge(int sock, struct sshbuf *m) { struct sshkey *key = NULL; u_char *blob; size_t blen; int r; debug3("%s entering", __func__); if (!authctxt->valid) fatal("%s: authctxt not valid", __func__); if ((r = sshbuf_get_string(m, &blob, &blen)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); if (!monitor_allowed_key(blob, blen)) fatal("%s: bad key, not previously allowed", __func__); if (key_blobtype != MM_RSAUSERKEY && key_blobtype != MM_RSAHOSTKEY) fatal("%s: key type mismatch", __func__); if ((r = sshkey_from_blob(blob, blen, &key)) != 0) fatal("%s: received bad key: %s", __func__, ssh_err(r)); if (key->type != KEY_RSA) fatal("%s: received bad key type %d", __func__, key->type); key->type = KEY_RSA1; if (ssh1_challenge) BN_clear_free(ssh1_challenge); ssh1_challenge = auth_rsa_generate_challenge(key); sshbuf_reset(m); if ((r = sshbuf_put_bignum2(m, ssh1_challenge)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); debug3("%s sending reply", __func__); mm_request_send(sock, MONITOR_ANS_RSACHALLENGE, m); monitor_permit(mon_dispatch, MONITOR_REQ_RSARESPONSE, 1); free(blob); sshkey_free(key); return (0); }
int mm_answer_jpake_key_confirm(int sock, Buffer *m) { struct jpake_ctx *pctx = authctxt->jpake_ctx; u_char *x2_s_proof; u_int x2_s_proof_len; if (pctx == NULL) fatal("%s: pctx == NULL", __func__); if ((pctx->a = BN_new()) == NULL) fatal("%s: BN_new", __func__); buffer_get_bignum2(m, pctx->a); x2_s_proof = buffer_get_string(m, &x2_s_proof_len); jpake_key_confirm(pctx->grp, pctx->s, pctx->a, pctx->x4, pctx->g_x3, pctx->g_x4, pctx->g_x1, pctx->g_x2, pctx->server_id, pctx->server_id_len, pctx->client_id, pctx->client_id_len, session_id2, session_id2_len, x2_s_proof, x2_s_proof_len, &pctx->k, &pctx->h_k_sid_sessid, &pctx->h_k_sid_sessid_len); JPAKE_DEBUG_CTX((pctx, "key_confirm done in %s", __func__)); bzero(x2_s_proof, x2_s_proof_len); buffer_clear(m); /* pctx->k is sensitive, not sent */ buffer_put_string(m, pctx->h_k_sid_sessid, pctx->h_k_sid_sessid_len); debug3("%s: sending confirmation hash", __func__); mm_request_send(sock, MONITOR_ANS_JPAKE_KEY_CONFIRM, m); monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_CHECK_CONFIRM, 1); return 0; }
int mm_answer_pam_query(int sock, Buffer *m) { char *name = NULL, *info = NULL, **prompts = NULL; u_int i, num = 0, *echo_on = 0; int ret; debug3("%s", __func__); sshpam_authok = NULL; if (sshpam_ctxt == NULL) fatal("%s: no context", __func__); ret = (sshpam_device.query)(sshpam_ctxt, &name, &info, &num, &prompts, &echo_on); if (ret == 0 && num == 0) sshpam_authok = sshpam_ctxt; if (num > 1 || name == NULL || info == NULL) fatal("sshpam_device.query failed"); monitor_permit(mon_dispatch, MONITOR_REQ_PAM_RESPOND, 1); buffer_clear(m); buffer_put_int(m, ret); buffer_put_cstring(m, name); free(name); buffer_put_cstring(m, info); free(info); buffer_put_int(m, sshpam_get_maxtries_reached()); buffer_put_int(m, num); for (i = 0; i < num; ++i) { buffer_put_cstring(m, prompts[i]); free(prompts[i]); buffer_put_int(m, echo_on[i]); } free(prompts); free(echo_on); auth_method = "keyboard-interactive"; auth_submethod = "pam"; mm_request_send(sock, MONITOR_ANS_PAM_QUERY, m); return (0); }
int mm_answer_keyallowed(int sock, Buffer *m) { Key *key; char *cuser, *chost; u_char *blob; u_int bloblen; enum mm_keytype type = 0; int allowed = 0; debug3("%s entering", __func__); type = buffer_get_int(m); cuser = buffer_get_string(m, NULL); chost = buffer_get_string(m, NULL); blob = buffer_get_string(m, &bloblen); key = key_from_blob(blob, bloblen); if ((compat20 && type == MM_RSAHOSTKEY) || (!compat20 && type != MM_RSAHOSTKEY)) fatal("%s: key type and protocol mismatch", __func__); debug3("%s: key_from_blob: %p", __func__, key); if (key != NULL && authctxt->valid) { switch (type) { case MM_USERKEY: allowed = options.pubkey_authentication && user_key_allowed(authctxt->pw, key); break; case MM_HOSTKEY: allowed = options.hostbased_authentication && hostbased_key_allowed(authctxt->pw, cuser, chost, key); break; case MM_RSAHOSTKEY: key->type = KEY_RSA1; /* XXX */ allowed = options.rhosts_rsa_authentication && auth_rhosts_rsa_key_allowed(authctxt->pw, cuser, chost, key); break; default: fatal("%s: unknown key type %d", __func__, type); break; } } if (key != NULL) key_free(key); /* clear temporarily storage (used by verify) */ monitor_reset_key_state(); if (allowed) { /* Save temporarily for comparison in verify */ key_blob = blob; key_bloblen = bloblen; key_blobtype = type; hostbased_cuser = cuser; hostbased_chost = chost; } debug3("%s: key %p is %s", __func__, key, allowed ? "allowed" : "disallowed"); buffer_clear(m); buffer_put_int(m, allowed); buffer_put_int(m, forced_command != NULL); mm_append_debug(m); mm_request_send(sock, MONITOR_ANS_KEYALLOWED, m); if (type == MM_RSAHOSTKEY) monitor_permit(mon_dispatch, MONITOR_REQ_RSACHALLENGE, allowed); return (0); }