search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
attempt at updating RPM specs for sshd-session
[openssh.git] / monitor_wrap.c
blob7807895c23463ae496814ecc93dbede0b7b29690
1 /* $OpenBSD: monitor_wrap.c,v 1.130 2024/05/17 00:30:24 djm Exp $ */
2 /*
3 * Copyright 2002 Niels Provos <provos@citi.umich.edu>
4 * Copyright 2002 Markus Friedl <markus@openbsd.org>
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 *
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
17 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
18 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
19 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
21 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
22 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
23 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
25 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26 */
27
28 #include "includes.h"
29
30 #include <sys/types.h>
31 #include <sys/uio.h>
32
33 #include <errno.h>
34 #include <pwd.h>
35 #include <signal.h>
36 #include <stdarg.h>
37 #include <stdio.h>
38 #include <string.h>
39 #include <unistd.h>
40
41 #ifdef WITH_OPENSSL
42 #include <openssl/bn.h>
43 #include <openssl/dh.h>
44 #include <openssl/evp.h>
45 #endif
46
47 #include "openbsd-compat/sys-queue.h"
48 #include "xmalloc.h"
49 #include "ssh.h"
50 #ifdef WITH_OPENSSL
51 #include "dh.h"
52 #endif
53 #include "sshbuf.h"
54 #include "sshkey.h"
55 #include "cipher.h"
56 #include "kex.h"
57 #include "hostfile.h"
58 #include "auth.h"
59 #include "auth-options.h"
60 #include "packet.h"
61 #include "mac.h"
62 #include "log.h"
63 #include "auth-pam.h"
64 #include "monitor.h"
65 #ifdef GSSAPI
66 #include "ssh-gss.h"
67 #endif
68 #include "atomicio.h"
69 #include "monitor_fdpass.h"
70 #include "misc.h"
71
72 #include "channels.h"
73 #include "session.h"
74 #include "servconf.h"
75 #include "monitor_wrap.h"
76
77 #include "ssherr.h"
78
79 /* Imports */
80 extern struct monitor *pmonitor;
81 extern struct sshbuf *loginmsg;
82 extern ServerOptions options;
83
84 void
85 mm_log_handler(LogLevel level, int forced, const char *msg, void *ctx)
86 {
87 struct sshbuf *log_msg;
88 struct monitor *mon = (struct monitor *)ctx;
89 int r;
90 size_t len;
91
92 if (mon->m_log_sendfd == -1)
93 fatal_f("no log channel");
94
95 if ((log_msg = sshbuf_new()) == NULL)
96 fatal_f("sshbuf_new failed");
97
98 if ((r = sshbuf_put_u32(log_msg, 0)) != 0 || /* length; filled below */
99 (r = sshbuf_put_u32(log_msg, level)) != 0 ||
100 (r = sshbuf_put_u32(log_msg, forced)) != 0 ||
101 (r = sshbuf_put_cstring(log_msg, msg)) != 0)
102 fatal_fr(r, "assemble");
103 if ((len = sshbuf_len(log_msg)) < 4 || len > 0xffffffff)
104 fatal_f("bad length %zu", len);
105 POKE_U32(sshbuf_mutable_ptr(log_msg), len - 4);
106 if (atomicio(vwrite, mon->m_log_sendfd,
107 sshbuf_mutable_ptr(log_msg), len) != len)
108 fatal_f("write: %s", strerror(errno));
109 sshbuf_free(log_msg);
110 }
111
112 int
113 mm_is_monitor(void)
114 {
115 /*
116 * m_pid is only set in the privileged part, and
117 * points to the unprivileged child.
118 */
119 return (pmonitor && pmonitor->m_pid > 0);
120 }
121
122 void
123 mm_request_send(int sock, enum monitor_reqtype type, struct sshbuf *m)
124 {
125 size_t mlen = sshbuf_len(m);
126 u_char buf[5];
127
128 debug3_f("entering, type %d", type);
129
130 if (mlen >= 0xffffffff)
131 fatal_f("bad length %zu", mlen);
132 POKE_U32(buf, mlen + 1);
133 buf[4] = (u_char) type; /* 1st byte of payload is mesg-type */
134 if (atomicio(vwrite, sock, buf, sizeof(buf)) != sizeof(buf))
135 fatal_f("write: %s", strerror(errno));
136 if (atomicio(vwrite, sock, sshbuf_mutable_ptr(m), mlen) != mlen)
137 fatal_f("write: %s", strerror(errno));
138 }
139
140 void
141 mm_request_receive(int sock, struct sshbuf *m)
142 {
143 u_char buf[4], *p = NULL;
144 u_int msg_len;
145 int r;
146
147 debug3_f("entering");
148
149 if (atomicio(read, sock, buf, sizeof(buf)) != sizeof(buf)) {
150 if (errno == EPIPE) {
151 debug3_f("monitor fd closed");
152 cleanup_exit(255);
153 }
154 fatal_f("read: %s", strerror(errno));
155 }
156 msg_len = PEEK_U32(buf);
157 if (msg_len > 256 * 1024)
158 fatal_f("read: bad msg_len %d", msg_len);
159 sshbuf_reset(m);
160 if ((r = sshbuf_reserve(m, msg_len, &p)) != 0)
161 fatal_fr(r, "reserve");
162 if (atomicio(read, sock, p, msg_len) != msg_len)
163 fatal_f("read: %s", strerror(errno));
164 }
165
166 void
167 mm_request_receive_expect(int sock, enum monitor_reqtype type, struct sshbuf *m)
168 {
169 u_char rtype;
170 int r;
171
172 debug3_f("entering, type %d", type);
173
174 mm_request_receive(sock, m);
175 if ((r = sshbuf_get_u8(m, &rtype)) != 0)
176 fatal_fr(r, "parse");
177 if (rtype != type)
178 fatal_f("read: rtype %d != type %d", rtype, type);
179 }
180
181 #ifdef WITH_OPENSSL
182 DH *
183 mm_choose_dh(int min, int nbits, int max)
184 {
185 BIGNUM *p, *g;
186 int r;
187 u_char success = 0;
188 struct sshbuf *m;
189
190 if ((m = sshbuf_new()) == NULL)
191 fatal_f("sshbuf_new failed");
192 if ((r = sshbuf_put_u32(m, min)) != 0 ||
193 (r = sshbuf_put_u32(m, nbits)) != 0 ||
194 (r = sshbuf_put_u32(m, max)) != 0)
195 fatal_fr(r, "assemble");
196
197 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_MODULI, m);
198
199 debug3_f("waiting for MONITOR_ANS_MODULI");
200 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_MODULI, m);
201
202 if ((r = sshbuf_get_u8(m, &success)) != 0)
203 fatal_fr(r, "parse success");
204 if (success == 0)
205 fatal_f("MONITOR_ANS_MODULI failed");
206
207 if ((r = sshbuf_get_bignum2(m, &p)) != 0 ||
208 (r = sshbuf_get_bignum2(m, &g)) != 0)
209 fatal_fr(r, "parse group");
210
211 debug3_f("remaining %zu", sshbuf_len(m));
212 sshbuf_free(m);
213
214 return (dh_new_group(g, p));
215 }
216 #endif
217
218 int
219 mm_sshkey_sign(struct ssh *ssh, struct sshkey *key, u_char **sigp, size_t *lenp,
220 const u_char *data, size_t datalen, const char *hostkey_alg,
221 const char *sk_provider, const char *sk_pin, u_int compat)
222 {
223 struct kex *kex = *pmonitor->m_pkex;
224 struct sshbuf *m;
225 u_int ndx = kex->host_key_index(key, 0, ssh);
226 int r;
227
228 debug3_f("entering");
229 if ((m = sshbuf_new()) == NULL)
230 fatal_f("sshbuf_new failed");
231 if ((r = sshbuf_put_u32(m, ndx)) != 0 ||
232 (r = sshbuf_put_string(m, data, datalen)) != 0 ||
233 (r = sshbuf_put_cstring(m, hostkey_alg)) != 0 ||
234 (r = sshbuf_put_u32(m, compat)) != 0)
235 fatal_fr(r, "assemble");
236
237 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SIGN, m);
238
239 debug3_f("waiting for MONITOR_ANS_SIGN");
240 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_SIGN, m);
241 if ((r = sshbuf_get_string(m, sigp, lenp)) != 0)
242 fatal_fr(r, "parse");
243 sshbuf_free(m);
244
245 return (0);
246 }
247
248 void
249 mm_decode_activate_server_options(struct ssh *ssh, struct sshbuf *m)
250 {
251 const u_char *p;
252 size_t len;
253 u_int i;
254 ServerOptions *newopts;
255 int r;
256
257 if ((r = sshbuf_get_string_direct(m, &p, &len)) != 0)
258 fatal_fr(r, "parse opts");
259 if (len != sizeof(*newopts))
260 fatal_f("option block size mismatch");
261 newopts = xcalloc(sizeof(*newopts), 1);
262 memcpy(newopts, p, sizeof(*newopts));
263
264 #define M_CP_STROPT(x) do { \
265 if (newopts->x != NULL && \
266 (r = sshbuf_get_cstring(m, &newopts->x, NULL)) != 0) \
267 fatal_fr(r, "parse %s", #x); \
268 } while (0)
269 #define M_CP_STRARRAYOPT(x, nx) do { \
270 newopts->x = newopts->nx == 0 ? \
271 NULL : xcalloc(newopts->nx, sizeof(*newopts->x)); \
272 for (i = 0; i < newopts->nx; i++) { \
273 if ((r = sshbuf_get_cstring(m, \
274 &newopts->x[i], NULL)) != 0) \
275 fatal_fr(r, "parse %s", #x); \
276 } \
277 } while (0)
278 /* See comment in servconf.h */
279 COPY_MATCH_STRING_OPTS();
280 #undef M_CP_STROPT
281 #undef M_CP_STRARRAYOPT
282
283 copy_set_server_options(&options, newopts, 1);
284 log_change_level(options.log_level);
285 log_verbose_reset();
286 for (i = 0; i < options.num_log_verbose; i++)
287 log_verbose_add(options.log_verbose[i]);
288 free(newopts);
289 }
290
291 #define GETPW(b, id) \
292 do { \
293 if ((r = sshbuf_get_string_direct(b, &p, &len)) != 0) \
294 fatal_fr(r, "parse pw %s", #id); \
295 if (len != sizeof(pw->id)) \
296 fatal_fr(r, "bad length for %s", #id); \
297 memcpy(&pw->id, p, len); \
298 } while (0)
299
300 struct passwd *
301 mm_getpwnamallow(struct ssh *ssh, const char *username)
302 {
303 struct sshbuf *m;
304 struct passwd *pw;
305 size_t len;
306 int r;
307 u_char ok;
308 const u_char *p;
309
310 debug3_f("entering");
311
312 if ((m = sshbuf_new()) == NULL)
313 fatal_f("sshbuf_new failed");
314 if ((r = sshbuf_put_cstring(m, username)) != 0)
315 fatal_fr(r, "assemble");
316
317 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PWNAM, m);
318
319 debug3_f("waiting for MONITOR_ANS_PWNAM");
320 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PWNAM, m);
321
322 if ((r = sshbuf_get_u8(m, &ok)) != 0)
323 fatal_fr(r, "parse success");
324 if (ok == 0) {
325 pw = NULL;
326 goto out;
327 }
328
329 /* XXX don't like passing struct passwd like this */
330 pw = xcalloc(sizeof(*pw), 1);
331 GETPW(m, pw_uid);
332 GETPW(m, pw_gid);
333 #ifdef HAVE_STRUCT_PASSWD_PW_CHANGE
334 GETPW(m, pw_change);
335 #endif
336 #ifdef HAVE_STRUCT_PASSWD_PW_EXPIRE
337 GETPW(m, pw_expire);
338 #endif
339 if ((r = sshbuf_get_cstring(m, &pw->pw_name, NULL)) != 0 ||
340 (r = sshbuf_get_cstring(m, &pw->pw_passwd, NULL)) != 0 ||
341 #ifdef HAVE_STRUCT_PASSWD_PW_GECOS
342 (r = sshbuf_get_cstring(m, &pw->pw_gecos, NULL)) != 0 ||
343 #endif
344 #ifdef HAVE_STRUCT_PASSWD_PW_CLASS
345 (r = sshbuf_get_cstring(m, &pw->pw_class, NULL)) != 0 ||
346 #endif
347 (r = sshbuf_get_cstring(m, &pw->pw_dir, NULL)) != 0 ||
348 (r = sshbuf_get_cstring(m, &pw->pw_shell, NULL)) != 0)
349 fatal_fr(r, "parse pw");
350
351 out:
352 /* copy options block as a Match directive may have changed some */
353 mm_decode_activate_server_options(ssh, m);
354 server_process_permitopen(ssh);
355 server_process_channel_timeouts(ssh);
356 kex_set_server_sig_algs(ssh, options.pubkey_accepted_algos);
357 sshbuf_free(m);
358
359 return (pw);
360 }
361
362 char *
363 mm_auth2_read_banner(void)
364 {
365 struct sshbuf *m;
366 char *banner;
367 int r;
368
369 debug3_f("entering");
370
371 if ((m = sshbuf_new()) == NULL)
372 fatal_f("sshbuf_new failed");
373 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTH2_READ_BANNER, m);
374 sshbuf_reset(m);
375
376 mm_request_receive_expect(pmonitor->m_recvfd,
377 MONITOR_ANS_AUTH2_READ_BANNER, m);
378 if ((r = sshbuf_get_cstring(m, &banner, NULL)) != 0)
379 fatal_fr(r, "parse");
380 sshbuf_free(m);
381
382 /* treat empty banner as missing banner */
383 if (strlen(banner) == 0) {
384 free(banner);
385 banner = NULL;
386 }
387 return (banner);
388 }
389
390 /* Inform the privileged process about service and style */
391
392 void
393 mm_inform_authserv(char *service, char *style)
394 {
395 struct sshbuf *m;
396 int r;
397
398 debug3_f("entering");
399
400 if ((m = sshbuf_new()) == NULL)
401 fatal_f("sshbuf_new failed");
402 if ((r = sshbuf_put_cstring(m, service)) != 0 ||
403 (r = sshbuf_put_cstring(m, style ? style : "")) != 0)
404 fatal_fr(r, "assemble");
405
406 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHSERV, m);
407
408 sshbuf_free(m);
409 }
410
411 /* Do the password authentication */
412 int
413 mm_auth_password(struct ssh *ssh, char *password)
414 {
415 struct sshbuf *m;
416 int r, authenticated = 0;
417 #ifdef USE_PAM
418 u_int maxtries = 0;
419 #endif
420
421 debug3_f("entering");
422
423 if ((m = sshbuf_new()) == NULL)
424 fatal_f("sshbuf_new failed");
425 if ((r = sshbuf_put_cstring(m, password)) != 0)
426 fatal_fr(r, "assemble");
427 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHPASSWORD, m);
428
429 debug3_f("waiting for MONITOR_ANS_AUTHPASSWORD");
430 mm_request_receive_expect(pmonitor->m_recvfd,
431 MONITOR_ANS_AUTHPASSWORD, m);
432
433 if ((r = sshbuf_get_u32(m, &authenticated)) != 0)
434 fatal_fr(r, "parse");
435 #ifdef USE_PAM
436 if ((r = sshbuf_get_u32(m, &maxtries)) != 0)
437 fatal_fr(r, "parse PAM");
438 if (maxtries > INT_MAX)
439 fatal_fr(r, "bad maxtries");
440 sshpam_set_maxtries_reached(maxtries);
441 #endif
442
443 sshbuf_free(m);
444
445 debug3_f("user %sauthenticated", authenticated ? "" : "not ");
446 return (authenticated);
447 }
448
449 int
450 mm_user_key_allowed(struct ssh *ssh, struct passwd *pw, struct sshkey *key,
451 int pubkey_auth_attempt, struct sshauthopt **authoptp)
452 {
453 return (mm_key_allowed(MM_USERKEY, NULL, NULL, key,
454 pubkey_auth_attempt, authoptp));
455 }
456
457 int
458 mm_hostbased_key_allowed(struct ssh *ssh, struct passwd *pw,
459 const char *user, const char *host, struct sshkey *key)
460 {
461 return (mm_key_allowed(MM_HOSTKEY, user, host, key, 0, NULL));
462 }
463
464 int
465 mm_key_allowed(enum mm_keytype type, const char *user, const char *host,
466 struct sshkey *key, int pubkey_auth_attempt, struct sshauthopt **authoptp)
467 {
468 struct sshbuf *m;
469 int r, allowed = 0;
470 struct sshauthopt *opts = NULL;
471
472 debug3_f("entering");
473
474 if (authoptp != NULL)
475 *authoptp = NULL;
476
477 if ((m = sshbuf_new()) == NULL)
478 fatal_f("sshbuf_new failed");
479 if ((r = sshbuf_put_u32(m, type)) != 0 ||
480 (r = sshbuf_put_cstring(m, user ? user : "")) != 0 ||
481 (r = sshbuf_put_cstring(m, host ? host : "")) != 0 ||
482 (r = sshkey_puts(key, m)) != 0 ||
483 (r = sshbuf_put_u32(m, pubkey_auth_attempt)) != 0)
484 fatal_fr(r, "assemble");
485
486 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYALLOWED, m);
487
488 debug3_f("waiting for MONITOR_ANS_KEYALLOWED");
489 mm_request_receive_expect(pmonitor->m_recvfd,
490 MONITOR_ANS_KEYALLOWED, m);
491
492 if ((r = sshbuf_get_u32(m, &allowed)) != 0)
493 fatal_fr(r, "parse");
494 if (allowed && type == MM_USERKEY &&
495 (r = sshauthopt_deserialise(m, &opts)) != 0)
496 fatal_fr(r, "sshauthopt_deserialise");
497 sshbuf_free(m);
498
499 if (authoptp != NULL) {
500 *authoptp = opts;
501 opts = NULL;
502 }
503 sshauthopt_free(opts);
504
505 return allowed;
506 }
507
508 /*
509 * This key verify needs to send the key type along, because the
510 * privileged parent makes the decision if the key is allowed
511 * for authentication.
512 */
513
514 int
515 mm_sshkey_verify(const struct sshkey *key, const u_char *sig, size_t siglen,
516 const u_char *data, size_t datalen, const char *sigalg, u_int compat,
517 struct sshkey_sig_details **sig_detailsp)
518 {
519 struct sshbuf *m;
520 u_int encoded_ret = 0;
521 int r;
522 u_char sig_details_present, flags;
523 u_int counter;
524
525 debug3_f("entering");
526
527 if (sig_detailsp != NULL)
528 *sig_detailsp = NULL;
529 if ((m = sshbuf_new()) == NULL)
530 fatal_f("sshbuf_new failed");
531 if ((r = sshkey_puts(key, m)) != 0 ||
532 (r = sshbuf_put_string(m, sig, siglen)) != 0 ||
533 (r = sshbuf_put_string(m, data, datalen)) != 0 ||
534 (r = sshbuf_put_cstring(m, sigalg == NULL ? "" : sigalg)) != 0)
535 fatal_fr(r, "assemble");
536
537 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYVERIFY, m);
538
539 debug3_f("waiting for MONITOR_ANS_KEYVERIFY");
540 mm_request_receive_expect(pmonitor->m_recvfd,
541 MONITOR_ANS_KEYVERIFY, m);
542
543 if ((r = sshbuf_get_u32(m, &encoded_ret)) != 0 ||
544 (r = sshbuf_get_u8(m, &sig_details_present)) != 0)
545 fatal_fr(r, "parse");
546 if (sig_details_present && encoded_ret == 0) {
547 if ((r = sshbuf_get_u32(m, &counter)) != 0 ||
548 (r = sshbuf_get_u8(m, &flags)) != 0)
549 fatal_fr(r, "parse sig_details");
550 if (sig_detailsp != NULL) {
551 *sig_detailsp = xcalloc(1, sizeof(**sig_detailsp));
552 (*sig_detailsp)->sk_counter = counter;
553 (*sig_detailsp)->sk_flags = flags;
554 }
555 }
556
557 sshbuf_free(m);
558
559 if (encoded_ret != 0)
560 return SSH_ERR_SIGNATURE_INVALID;
561 return 0;
562 }
563
564 void
565 mm_send_keystate(struct ssh *ssh, struct monitor *monitor)
566 {
567 struct sshbuf *m;
568 int r;
569
570 if ((m = sshbuf_new()) == NULL)
571 fatal_f("sshbuf_new failed");
572 if ((r = ssh_packet_get_state(ssh, m)) != 0)
573 fatal_fr(r, "ssh_packet_get_state");
574 mm_request_send(monitor->m_recvfd, MONITOR_REQ_KEYEXPORT, m);
575 debug3_f("Finished sending state");
576 sshbuf_free(m);
577 }
578
579 int
580 mm_pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, size_t namebuflen)
581 {
582 struct sshbuf *m;
583 char *p, *msg;
584 int success = 0, tmp1 = -1, tmp2 = -1, r;
585
586 /* Kludge: ensure there are fds free to receive the pty/tty */
587 if ((tmp1 = dup(pmonitor->m_recvfd)) == -1 ||
588 (tmp2 = dup(pmonitor->m_recvfd)) == -1) {
589 error_f("cannot allocate fds for pty");
590 if (tmp1 >= 0)
591 close(tmp1);
592 return 0;
593 }
594 close(tmp1);
595 close(tmp2);
596
597 if ((m = sshbuf_new()) == NULL)
598 fatal_f("sshbuf_new failed");
599 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PTY, m);
600
601 debug3_f("waiting for MONITOR_ANS_PTY");
602 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PTY, m);
603
604 if ((r = sshbuf_get_u32(m, &success)) != 0)
605 fatal_fr(r, "parse success");
606 if (success == 0) {
607 debug3_f("pty alloc failed");
608 sshbuf_free(m);
609 return (0);
610 }
611 if ((r = sshbuf_get_cstring(m, &p, NULL)) != 0 ||
612 (r = sshbuf_get_cstring(m, &msg, NULL)) != 0)
613 fatal_fr(r, "parse");
614 sshbuf_free(m);
615
616 strlcpy(namebuf, p, namebuflen); /* Possible truncation */
617 free(p);
618
619 if ((r = sshbuf_put(loginmsg, msg, strlen(msg))) != 0)
620 fatal_fr(r, "put loginmsg");
621 free(msg);
622
623 if ((*ptyfd = mm_receive_fd(pmonitor->m_recvfd)) == -1 ||
624 (*ttyfd = mm_receive_fd(pmonitor->m_recvfd)) == -1)
625 fatal_f("receive fds failed");
626
627 /* Success */
628 return (1);
629 }
630
631 void
632 mm_session_pty_cleanup2(Session *s)
633 {
634 struct sshbuf *m;
635 int r;
636
637 if (s->ttyfd == -1)
638 return;
639 if ((m = sshbuf_new()) == NULL)
640 fatal_f("sshbuf_new failed");
641 if ((r = sshbuf_put_cstring(m, s->tty)) != 0)
642 fatal_fr(r, "assmble");
643 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PTYCLEANUP, m);
644 sshbuf_free(m);
645
646 /* closed dup'ed master */
647 if (s->ptymaster != -1 && close(s->ptymaster) == -1)
648 error("close(s->ptymaster/%d): %s",
649 s->ptymaster, strerror(errno));
650
651 /* unlink pty from session */
652 s->ttyfd = -1;
653 }
654
655 #ifdef USE_PAM
656 void
657 mm_start_pam(struct ssh *ssh)
658 {
659 struct sshbuf *m;
660
661 debug3("%s entering", __func__);
662 if (!options.use_pam)
663 fatal("UsePAM=no, but ended up in %s anyway", __func__);
664 if ((m = sshbuf_new()) == NULL)
665 fatal("%s: sshbuf_new failed", __func__);
666 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_START, m);
667
668 sshbuf_free(m);
669 }
670
671 u_int
672 mm_do_pam_account(void)
673 {
674 struct sshbuf *m;
675 u_int ret;
676 char *msg;
677 size_t msglen;
678 int r;
679
680 debug3("%s entering", __func__);
681 if (!options.use_pam)
682 fatal("UsePAM=no, but ended up in %s anyway", __func__);
683
684 if ((m = sshbuf_new()) == NULL)
685 fatal("%s: sshbuf_new failed", __func__);
686 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_ACCOUNT, m);
687
688 mm_request_receive_expect(pmonitor->m_recvfd,
689 MONITOR_ANS_PAM_ACCOUNT, m);
690 if ((r = sshbuf_get_u32(m, &ret)) != 0 ||
691 (r = sshbuf_get_cstring(m, &msg, &msglen)) != 0 ||
692 (r = sshbuf_put(loginmsg, msg, msglen)) != 0)
693 fatal("%s: buffer error: %s", __func__, ssh_err(r));
694
695 free(msg);
696 sshbuf_free(m);
697
698 debug3("%s returning %d", __func__, ret);
699
700 return (ret);
701 }
702
703 void *
704 mm_sshpam_init_ctx(Authctxt *authctxt)
705 {
706 struct sshbuf *m;
707 int r, success;
708
709 debug3("%s", __func__);
710 if ((m = sshbuf_new()) == NULL)
711 fatal("%s: sshbuf_new failed", __func__);
712 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_INIT_CTX, m);
713 debug3("%s: waiting for MONITOR_ANS_PAM_INIT_CTX", __func__);
714 mm_request_receive_expect(pmonitor->m_recvfd,
715 MONITOR_ANS_PAM_INIT_CTX, m);
716 if ((r = sshbuf_get_u32(m, &success)) != 0)
717 fatal("%s: buffer error: %s", __func__, ssh_err(r));
718 if (success == 0) {
719 debug3("%s: pam_init_ctx failed", __func__);
720 sshbuf_free(m);
721 return (NULL);
722 }
723 sshbuf_free(m);
724 return (authctxt);
725 }
726
727 int
728 mm_sshpam_query(void *ctx, char **name, char **info,
729 u_int *num, char ***prompts, u_int **echo_on)
730 {
731 struct sshbuf *m;
732 u_int i, n;
733 int r, ret;
734
735 debug3("%s", __func__);
736 if ((m = sshbuf_new()) == NULL)
737 fatal("%s: sshbuf_new failed", __func__);
738 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_QUERY, m);
739 debug3("%s: waiting for MONITOR_ANS_PAM_QUERY", __func__);
740 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_QUERY, m);
741 if ((r = sshbuf_get_u32(m, &ret)) != 0 ||
742 (r = sshbuf_get_cstring(m, name, NULL)) != 0 ||
743 (r = sshbuf_get_cstring(m, info, NULL)) != 0 ||
744 (r = sshbuf_get_u32(m, &n)) != 0 ||
745 (r = sshbuf_get_u32(m, num)) != 0)
746 fatal("%s: buffer error: %s", __func__, ssh_err(r));
747 debug3("%s: pam_query returned %d", __func__, ret);
748 sshpam_set_maxtries_reached(n);
749 if (*num > PAM_MAX_NUM_MSG)
750 fatal("%s: received %u PAM messages, expected <= %u",
751 __func__, *num, PAM_MAX_NUM_MSG);
752 *prompts = xcalloc((*num + 1), sizeof(char *));
753 *echo_on = xcalloc((*num + 1), sizeof(u_int));
754 for (i = 0; i < *num; ++i) {
755 if ((r = sshbuf_get_cstring(m, &((*prompts)[i]), NULL)) != 0 ||
756 (r = sshbuf_get_u32(m, &((*echo_on)[i]))) != 0)
757 fatal("%s: buffer error: %s", __func__, ssh_err(r));
758 }
759 sshbuf_free(m);
760 return (ret);
761 }
762
763 int
764 mm_sshpam_respond(void *ctx, u_int num, char **resp)
765 {
766 struct sshbuf *m;
767 u_int n, i;
768 int r, ret;
769
770 debug3("%s", __func__);
771 if ((m = sshbuf_new()) == NULL)
772 fatal("%s: sshbuf_new failed", __func__);
773 if ((r = sshbuf_put_u32(m, num)) != 0)
774 fatal("%s: buffer error: %s", __func__, ssh_err(r));
775 for (i = 0; i < num; ++i) {
776 if ((r = sshbuf_put_cstring(m, resp[i])) != 0)
777 fatal("%s: buffer error: %s", __func__, ssh_err(r));
778 }
779 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_RESPOND, m);
780 debug3("%s: waiting for MONITOR_ANS_PAM_RESPOND", __func__);
781 mm_request_receive_expect(pmonitor->m_recvfd,
782 MONITOR_ANS_PAM_RESPOND, m);
783 if ((r = sshbuf_get_u32(m, &n)) != 0)
784 fatal("%s: buffer error: %s", __func__, ssh_err(r));
785 ret = (int)n; /* XXX */
786 debug3("%s: pam_respond returned %d", __func__, ret);
787 sshbuf_free(m);
788 return (ret);
789 }
790
791 void
792 mm_sshpam_free_ctx(void *ctxtp)
793 {
794 struct sshbuf *m;
795
796 debug3("%s", __func__);
797 if ((m = sshbuf_new()) == NULL)
798 fatal("%s: sshbuf_new failed", __func__);
799 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_FREE_CTX, m);
800 debug3("%s: waiting for MONITOR_ANS_PAM_FREE_CTX", __func__);
801 mm_request_receive_expect(pmonitor->m_recvfd,
802 MONITOR_ANS_PAM_FREE_CTX, m);
803 sshbuf_free(m);
804 }
805 #endif /* USE_PAM */
806
807 /* Request process termination */
808
809 void
810 mm_terminate(void)
811 {
812 struct sshbuf *m;
813
814 if ((m = sshbuf_new()) == NULL)
815 fatal_f("sshbuf_new failed");
816 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_TERM, m);
817 sshbuf_free(m);
818 }
819
820 static void
821 mm_chall_setup(char **name, char **infotxt, u_int *numprompts,
822 char ***prompts, u_int **echo_on)
823 {
824 *name = xstrdup("");
825 *infotxt = xstrdup("");
826 *numprompts = 1;
827 *prompts = xcalloc(*numprompts, sizeof(char *));
828 *echo_on = xcalloc(*numprompts, sizeof(u_int));
829 (*echo_on)[0] = 0;
830 }
831
832 int
833 mm_bsdauth_query(void *ctx, char **name, char **infotxt,
834 u_int *numprompts, char ***prompts, u_int **echo_on)
835 {
836 struct sshbuf *m;
837 u_int success;
838 char *challenge;
839 int r;
840
841 debug3_f("entering");
842
843 if ((m = sshbuf_new()) == NULL)
844 fatal_f("sshbuf_new failed");
845 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_BSDAUTHQUERY, m);
846
847 mm_request_receive_expect(pmonitor->m_recvfd,
848 MONITOR_ANS_BSDAUTHQUERY, m);
849 if ((r = sshbuf_get_u32(m, &success)) != 0)
850 fatal_fr(r, "parse success");
851 if (success == 0) {
852 debug3_f("no challenge");
853 sshbuf_free(m);
854 return (-1);
855 }
856
857 /* Get the challenge, and format the response */
858 if ((r = sshbuf_get_cstring(m, &challenge, NULL)) != 0)
859 fatal_fr(r, "parse challenge");
860 sshbuf_free(m);
861
862 mm_chall_setup(name, infotxt, numprompts, prompts, echo_on);
863 (*prompts)[0] = challenge;
864
865 debug3_f("received challenge: %s", challenge);
866
867 return (0);
868 }
869
870 int
871 mm_bsdauth_respond(void *ctx, u_int numresponses, char **responses)
872 {
873 struct sshbuf *m;
874 int r, authok;
875
876 debug3_f("entering");
877 if (numresponses != 1)
878 return (-1);
879
880 if ((m = sshbuf_new()) == NULL)
881 fatal_f("sshbuf_new failed");
882 if ((r = sshbuf_put_cstring(m, responses[0])) != 0)
883 fatal_fr(r, "assemble");
884 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_BSDAUTHRESPOND, m);
885
886 mm_request_receive_expect(pmonitor->m_recvfd,
887 MONITOR_ANS_BSDAUTHRESPOND, m);
888
889 if ((r = sshbuf_get_u32(m, &authok)) != 0)
890 fatal_fr(r, "parse");
891 sshbuf_free(m);
892
893 return ((authok == 0) ? -1 : 0);
894 }
895
896 #ifdef SSH_AUDIT_EVENTS
897 void
898 mm_audit_event(struct ssh *ssh, ssh_audit_event_t event)
899 {
900 struct sshbuf *m;
901 int r;
902
903 debug3("%s entering", __func__);
904
905 if ((m = sshbuf_new()) == NULL)
906 fatal("%s: sshbuf_new failed", __func__);
907 if ((r = sshbuf_put_u32(m, event)) != 0)
908 fatal("%s: buffer error: %s", __func__, ssh_err(r));
909
910 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_EVENT, m);
911 sshbuf_free(m);
912 }
913
914 void
915 mm_audit_run_command(const char *command)
916 {
917 struct sshbuf *m;
918 int r;
919
920 debug3("%s entering command %s", __func__, command);
921
922 if ((m = sshbuf_new()) == NULL)
923 fatal("%s: sshbuf_new failed", __func__);
924 if ((r = sshbuf_put_cstring(m, command)) != 0)
925 fatal("%s: buffer error: %s", __func__, ssh_err(r));
926
927 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_COMMAND, m);
928 sshbuf_free(m);
929 }
930 #endif /* SSH_AUDIT_EVENTS */
931
932 #ifdef GSSAPI
933 OM_uint32
934 mm_ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID goid)
935 {
936 struct sshbuf *m;
937 OM_uint32 major;
938 int r;
939
940 /* Client doesn't get to see the context */
941 *ctx = NULL;
942
943 if ((m = sshbuf_new()) == NULL)
944 fatal_f("sshbuf_new failed");
945 if ((r = sshbuf_put_string(m, goid->elements, goid->length)) != 0)
946 fatal_fr(r, "assemble");
947
948 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSETUP, m);
949 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSETUP, m);
950
951 if ((r = sshbuf_get_u32(m, &major)) != 0)
952 fatal_fr(r, "parse");
953
954 sshbuf_free(m);
955 return (major);
956 }
957
958 OM_uint32
959 mm_ssh_gssapi_accept_ctx(Gssctxt *ctx, gss_buffer_desc *in,
960 gss_buffer_desc *out, OM_uint32 *flagsp)
961 {
962 struct sshbuf *m;
963 OM_uint32 major;
964 u_int flags;
965 int r;
966
967 if ((m = sshbuf_new()) == NULL)
968 fatal_f("sshbuf_new failed");
969 if ((r = sshbuf_put_string(m, in->value, in->length)) != 0)
970 fatal_fr(r, "assemble");
971
972 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSTEP, m);
973 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSTEP, m);
974
975 if ((r = sshbuf_get_u32(m, &major)) != 0 ||
976 (r = ssh_gssapi_get_buffer_desc(m, out)) != 0)
977 fatal_fr(r, "parse");
978 if (flagsp != NULL) {
979 if ((r = sshbuf_get_u32(m, &flags)) != 0)
980 fatal_fr(r, "parse flags");
981 *flagsp = flags;
982 }
983
984 sshbuf_free(m);
985
986 return (major);
987 }
988
989 OM_uint32
990 mm_ssh_gssapi_checkmic(Gssctxt *ctx, gss_buffer_t gssbuf, gss_buffer_t gssmic)
991 {
992 struct sshbuf *m;
993 OM_uint32 major;
994 int r;
995
996 if ((m = sshbuf_new()) == NULL)
997 fatal_f("sshbuf_new failed");
998 if ((r = sshbuf_put_string(m, gssbuf->value, gssbuf->length)) != 0 ||
999 (r = sshbuf_put_string(m, gssmic->value, gssmic->length)) != 0)
1000 fatal_fr(r, "assemble");
1001
1002 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSCHECKMIC, m);
1003 mm_request_receive_expect(pmonitor->m_recvfd,
1004 MONITOR_ANS_GSSCHECKMIC, m);
1005
1006 if ((r = sshbuf_get_u32(m, &major)) != 0)
1007 fatal_fr(r, "parse");
1008 sshbuf_free(m);
1009 return(major);
1010 }
1011
1012 int
1013 mm_ssh_gssapi_userok(char *user)
1014 {
1015 struct sshbuf *m;
1016 int r, authenticated = 0;
1017
1018 if ((m = sshbuf_new()) == NULL)
1019 fatal_f("sshbuf_new failed");
1020
1021 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSUSEROK, m);
1022 mm_request_receive_expect(pmonitor->m_recvfd,
1023 MONITOR_ANS_GSSUSEROK, m);
1024
1025 if ((r = sshbuf_get_u32(m, &authenticated)) != 0)
1026 fatal_fr(r, "parse");
1027
1028 sshbuf_free(m);
1029 debug3_f("user %sauthenticated", authenticated ? "" : "not ");
1030 return (authenticated);
1031 }
1032 #endif /* GSSAPI */
1033
1034 /*
1035 * Inform channels layer of permitopen options for a single forwarding
1036 * direction (local/remote).
1037 */
1038 static void
1039 server_process_permitopen_list(struct ssh *ssh, int listen,
1040 char **opens, u_int num_opens)
1041 {
1042 u_int i;
1043 int port;
1044 char *host, *arg, *oarg;
1045 int where = listen ? FORWARD_REMOTE : FORWARD_LOCAL;
1046 const char *what = listen ? "permitlisten" : "permitopen";
1047
1048 channel_clear_permission(ssh, FORWARD_ADM, where);
1049 if (num_opens == 0)
1050 return; /* permit any */
1051
1052 /* handle keywords: "any" / "none" */
1053 if (num_opens == 1 && strcmp(opens[0], "any") == 0)
1054 return;
1055 if (num_opens == 1 && strcmp(opens[0], "none") == 0) {
1056 channel_disable_admin(ssh, where);
1057 return;
1058 }
1059 /* Otherwise treat it as a list of permitted host:port */
1060 for (i = 0; i < num_opens; i++) {
1061 oarg = arg = xstrdup(opens[i]);
1062 host = hpdelim(&arg);
1063 if (host == NULL)
1064 fatal_f("missing host in %s", what);
1065 host = cleanhostname(host);
1066 if (arg == NULL || ((port = permitopen_port(arg)) < 0))
1067 fatal_f("bad port number in %s", what);
1068 /* Send it to channels layer */
1069 channel_add_permission(ssh, FORWARD_ADM,
1070 where, host, port);
1071 free(oarg);
1072 }
1073 }
1074
1075 /*
1076 * Inform channels layer of permitopen options from configuration.
1077 */
1078 void
1079 server_process_permitopen(struct ssh *ssh)
1080 {
1081 server_process_permitopen_list(ssh, 0,
1082 options.permitted_opens, options.num_permitted_opens);
1083 server_process_permitopen_list(ssh, 1,
1084 options.permitted_listens, options.num_permitted_listens);
1085 }
1086
1087 void
1088 server_process_channel_timeouts(struct ssh *ssh)
1089 {
1090 u_int i, secs;
1091 char *type;
1092
1093 debug3_f("setting %u timeouts", options.num_channel_timeouts);
1094 channel_clear_timeouts(ssh);
1095 for (i = 0; i < options.num_channel_timeouts; i++) {
1096 if (parse_pattern_interval(options.channel_timeouts[i],
1097 &type, &secs) != 0) {
1098 fatal_f("internal error: bad timeout %s",
1099 options.channel_timeouts[i]);
1100 }
1101 channel_add_timeout(ssh, type, secs);
1102 free(type);
1103 }
1104 }
1105
1106 struct connection_info *
1107 server_get_connection_info(struct ssh *ssh, int populate, int use_dns)
1108 {
1109 static struct connection_info ci;
1110
1111 if (ssh == NULL || !populate)
1112 return &ci;
1113 ci.host = use_dns ? ssh_remote_hostname(ssh) : ssh_remote_ipaddr(ssh);
1114 ci.address = ssh_remote_ipaddr(ssh);
1115 ci.laddress = ssh_local_ipaddr(ssh);
1116 ci.lport = ssh_local_port(ssh);
1117 ci.rdomain = ssh_packet_rdomain_in(ssh);
1118 return &ci;
1119 }
1120
Portable OpenSSH is a multi-platform compatible version of OpenBSD's OpenSSH