1 /* $OpenBSD: monitor_wrap.c,v 1.130 2024/05/17 00:30:24 djm Exp $ */
3 * Copyright 2002 Niels Provos <provos@citi.umich.edu>
4 * Copyright 2002 Markus Friedl <markus@openbsd.org>
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
17 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
18 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
19 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
21 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
22 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
23 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
25 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30 #include <sys/types.h>
42 #include <openssl/bn.h>
43 #include <openssl/dh.h>
44 #include <openssl/evp.h>
47 #include "openbsd-compat/sys-queue.h"
59 #include "auth-options.h"
69 #include "monitor_fdpass.h"
75 #include "monitor_wrap.h"
80 extern struct monitor
*pmonitor
;
81 extern struct sshbuf
*loginmsg
;
82 extern ServerOptions options
;
85 mm_log_handler(LogLevel level
, int forced
, const char *msg
, void *ctx
)
87 struct sshbuf
*log_msg
;
88 struct monitor
*mon
= (struct monitor
*)ctx
;
92 if (mon
->m_log_sendfd
== -1)
93 fatal_f("no log channel");
95 if ((log_msg
= sshbuf_new()) == NULL
)
96 fatal_f("sshbuf_new failed");
98 if ((r
= sshbuf_put_u32(log_msg
, 0)) != 0 || /* length; filled below */
99 (r
= sshbuf_put_u32(log_msg
, level
)) != 0 ||
100 (r
= sshbuf_put_u32(log_msg
, forced
)) != 0 ||
101 (r
= sshbuf_put_cstring(log_msg
, msg
)) != 0)
102 fatal_fr(r
, "assemble");
103 if ((len
= sshbuf_len(log_msg
)) < 4 || len
> 0xffffffff)
104 fatal_f("bad length %zu", len
);
105 POKE_U32(sshbuf_mutable_ptr(log_msg
), len
- 4);
106 if (atomicio(vwrite
, mon
->m_log_sendfd
,
107 sshbuf_mutable_ptr(log_msg
), len
) != len
)
108 fatal_f("write: %s", strerror(errno
));
109 sshbuf_free(log_msg
);
116 * m_pid is only set in the privileged part, and
117 * points to the unprivileged child.
119 return (pmonitor
&& pmonitor
->m_pid
> 0);
123 mm_request_send(int sock
, enum monitor_reqtype type
, struct sshbuf
*m
)
125 size_t mlen
= sshbuf_len(m
);
128 debug3_f("entering, type %d", type
);
130 if (mlen
>= 0xffffffff)
131 fatal_f("bad length %zu", mlen
);
132 POKE_U32(buf
, mlen
+ 1);
133 buf
[4] = (u_char
) type
; /* 1st byte of payload is mesg-type */
134 if (atomicio(vwrite
, sock
, buf
, sizeof(buf
)) != sizeof(buf
))
135 fatal_f("write: %s", strerror(errno
));
136 if (atomicio(vwrite
, sock
, sshbuf_mutable_ptr(m
), mlen
) != mlen
)
137 fatal_f("write: %s", strerror(errno
));
141 mm_request_receive(int sock
, struct sshbuf
*m
)
143 u_char buf
[4], *p
= NULL
;
147 debug3_f("entering");
149 if (atomicio(read
, sock
, buf
, sizeof(buf
)) != sizeof(buf
)) {
150 if (errno
== EPIPE
) {
151 debug3_f("monitor fd closed");
154 fatal_f("read: %s", strerror(errno
));
156 msg_len
= PEEK_U32(buf
);
157 if (msg_len
> 256 * 1024)
158 fatal_f("read: bad msg_len %d", msg_len
);
160 if ((r
= sshbuf_reserve(m
, msg_len
, &p
)) != 0)
161 fatal_fr(r
, "reserve");
162 if (atomicio(read
, sock
, p
, msg_len
) != msg_len
)
163 fatal_f("read: %s", strerror(errno
));
167 mm_request_receive_expect(int sock
, enum monitor_reqtype type
, struct sshbuf
*m
)
172 debug3_f("entering, type %d", type
);
174 mm_request_receive(sock
, m
);
175 if ((r
= sshbuf_get_u8(m
, &rtype
)) != 0)
176 fatal_fr(r
, "parse");
178 fatal_f("read: rtype %d != type %d", rtype
, type
);
183 mm_choose_dh(int min
, int nbits
, int max
)
190 if ((m
= sshbuf_new()) == NULL
)
191 fatal_f("sshbuf_new failed");
192 if ((r
= sshbuf_put_u32(m
, min
)) != 0 ||
193 (r
= sshbuf_put_u32(m
, nbits
)) != 0 ||
194 (r
= sshbuf_put_u32(m
, max
)) != 0)
195 fatal_fr(r
, "assemble");
197 mm_request_send(pmonitor
->m_recvfd
, MONITOR_REQ_MODULI
, m
);
199 debug3_f("waiting for MONITOR_ANS_MODULI");
200 mm_request_receive_expect(pmonitor
->m_recvfd
, MONITOR_ANS_MODULI
, m
);
202 if ((r
= sshbuf_get_u8(m
, &success
)) != 0)
203 fatal_fr(r
, "parse success");
205 fatal_f("MONITOR_ANS_MODULI failed");
207 if ((r
= sshbuf_get_bignum2(m
, &p
)) != 0 ||
208 (r
= sshbuf_get_bignum2(m
, &g
)) != 0)
209 fatal_fr(r
, "parse group");
211 debug3_f("remaining %zu", sshbuf_len(m
));
214 return (dh_new_group(g
, p
));
219 mm_sshkey_sign(struct ssh
*ssh
, struct sshkey
*key
, u_char
**sigp
, size_t *lenp
,
220 const u_char
*data
, size_t datalen
, const char *hostkey_alg
,
221 const char *sk_provider
, const char *sk_pin
, u_int compat
)
223 struct kex
*kex
= *pmonitor
->m_pkex
;
225 u_int ndx
= kex
->host_key_index(key
, 0, ssh
);
228 debug3_f("entering");
229 if ((m
= sshbuf_new()) == NULL
)
230 fatal_f("sshbuf_new failed");
231 if ((r
= sshbuf_put_u32(m
, ndx
)) != 0 ||
232 (r
= sshbuf_put_string(m
, data
, datalen
)) != 0 ||
233 (r
= sshbuf_put_cstring(m
, hostkey_alg
)) != 0 ||
234 (r
= sshbuf_put_u32(m
, compat
)) != 0)
235 fatal_fr(r
, "assemble");
237 mm_request_send(pmonitor
->m_recvfd
, MONITOR_REQ_SIGN
, m
);
239 debug3_f("waiting for MONITOR_ANS_SIGN");
240 mm_request_receive_expect(pmonitor
->m_recvfd
, MONITOR_ANS_SIGN
, m
);
241 if ((r
= sshbuf_get_string(m
, sigp
, lenp
)) != 0)
242 fatal_fr(r
, "parse");
249 mm_decode_activate_server_options(struct ssh
*ssh
, struct sshbuf
*m
)
254 ServerOptions
*newopts
;
257 if ((r
= sshbuf_get_string_direct(m
, &p
, &len
)) != 0)
258 fatal_fr(r
, "parse opts");
259 if (len
!= sizeof(*newopts
))
260 fatal_f("option block size mismatch");
261 newopts
= xcalloc(sizeof(*newopts
), 1);
262 memcpy(newopts
, p
, sizeof(*newopts
));
264 #define M_CP_STROPT(x) do { \
265 if (newopts->x != NULL && \
266 (r = sshbuf_get_cstring(m, &newopts->x, NULL)) != 0) \
267 fatal_fr(r, "parse %s", #x); \
269 #define M_CP_STRARRAYOPT(x, nx) do { \
270 newopts->x = newopts->nx == 0 ? \
271 NULL : xcalloc(newopts->nx, sizeof(*newopts->x)); \
272 for (i = 0; i < newopts->nx; i++) { \
273 if ((r = sshbuf_get_cstring(m, \
274 &newopts->x[i], NULL)) != 0) \
275 fatal_fr(r, "parse %s", #x); \
278 /* See comment in servconf.h */
279 COPY_MATCH_STRING_OPTS();
281 #undef M_CP_STRARRAYOPT
283 copy_set_server_options(&options
, newopts
, 1);
284 log_change_level(options
.log_level
);
286 for (i
= 0; i
< options
.num_log_verbose
; i
++)
287 log_verbose_add(options
.log_verbose
[i
]);
291 #define GETPW(b, id) \
293 if ((r = sshbuf_get_string_direct(b, &p, &len)) != 0) \
294 fatal_fr(r, "parse pw %s", #id); \
295 if (len != sizeof(pw->id)) \
296 fatal_fr(r, "bad length for %s", #id); \
297 memcpy(&pw->id, p, len); \
301 mm_getpwnamallow(struct ssh
*ssh
, const char *username
)
310 debug3_f("entering");
312 if ((m
= sshbuf_new()) == NULL
)
313 fatal_f("sshbuf_new failed");
314 if ((r
= sshbuf_put_cstring(m
, username
)) != 0)
315 fatal_fr(r
, "assemble");
317 mm_request_send(pmonitor
->m_recvfd
, MONITOR_REQ_PWNAM
, m
);
319 debug3_f("waiting for MONITOR_ANS_PWNAM");
320 mm_request_receive_expect(pmonitor
->m_recvfd
, MONITOR_ANS_PWNAM
, m
);
322 if ((r
= sshbuf_get_u8(m
, &ok
)) != 0)
323 fatal_fr(r
, "parse success");
329 /* XXX don't like passing struct passwd like this */
330 pw
= xcalloc(sizeof(*pw
), 1);
333 #ifdef HAVE_STRUCT_PASSWD_PW_CHANGE
336 #ifdef HAVE_STRUCT_PASSWD_PW_EXPIRE
339 if ((r
= sshbuf_get_cstring(m
, &pw
->pw_name
, NULL
)) != 0 ||
340 (r
= sshbuf_get_cstring(m
, &pw
->pw_passwd
, NULL
)) != 0 ||
341 #ifdef HAVE_STRUCT_PASSWD_PW_GECOS
342 (r
= sshbuf_get_cstring(m
, &pw
->pw_gecos
, NULL
)) != 0 ||
344 #ifdef HAVE_STRUCT_PASSWD_PW_CLASS
345 (r
= sshbuf_get_cstring(m
, &pw
->pw_class
, NULL
)) != 0 ||
347 (r
= sshbuf_get_cstring(m
, &pw
->pw_dir
, NULL
)) != 0 ||
348 (r
= sshbuf_get_cstring(m
, &pw
->pw_shell
, NULL
)) != 0)
349 fatal_fr(r
, "parse pw");
352 /* copy options block as a Match directive may have changed some */
353 mm_decode_activate_server_options(ssh
, m
);
354 server_process_permitopen(ssh
);
355 server_process_channel_timeouts(ssh
);
356 kex_set_server_sig_algs(ssh
, options
.pubkey_accepted_algos
);
363 mm_auth2_read_banner(void)
369 debug3_f("entering");
371 if ((m
= sshbuf_new()) == NULL
)
372 fatal_f("sshbuf_new failed");
373 mm_request_send(pmonitor
->m_recvfd
, MONITOR_REQ_AUTH2_READ_BANNER
, m
);
376 mm_request_receive_expect(pmonitor
->m_recvfd
,
377 MONITOR_ANS_AUTH2_READ_BANNER
, m
);
378 if ((r
= sshbuf_get_cstring(m
, &banner
, NULL
)) != 0)
379 fatal_fr(r
, "parse");
382 /* treat empty banner as missing banner */
383 if (strlen(banner
) == 0) {
390 /* Inform the privileged process about service and style */
393 mm_inform_authserv(char *service
, char *style
)
398 debug3_f("entering");
400 if ((m
= sshbuf_new()) == NULL
)
401 fatal_f("sshbuf_new failed");
402 if ((r
= sshbuf_put_cstring(m
, service
)) != 0 ||
403 (r
= sshbuf_put_cstring(m
, style
? style
: "")) != 0)
404 fatal_fr(r
, "assemble");
406 mm_request_send(pmonitor
->m_recvfd
, MONITOR_REQ_AUTHSERV
, m
);
411 /* Do the password authentication */
413 mm_auth_password(struct ssh
*ssh
, char *password
)
416 int r
, authenticated
= 0;
421 debug3_f("entering");
423 if ((m
= sshbuf_new()) == NULL
)
424 fatal_f("sshbuf_new failed");
425 if ((r
= sshbuf_put_cstring(m
, password
)) != 0)
426 fatal_fr(r
, "assemble");
427 mm_request_send(pmonitor
->m_recvfd
, MONITOR_REQ_AUTHPASSWORD
, m
);
429 debug3_f("waiting for MONITOR_ANS_AUTHPASSWORD");
430 mm_request_receive_expect(pmonitor
->m_recvfd
,
431 MONITOR_ANS_AUTHPASSWORD
, m
);
433 if ((r
= sshbuf_get_u32(m
, &authenticated
)) != 0)
434 fatal_fr(r
, "parse");
436 if ((r
= sshbuf_get_u32(m
, &maxtries
)) != 0)
437 fatal_fr(r
, "parse PAM");
438 if (maxtries
> INT_MAX
)
439 fatal_fr(r
, "bad maxtries");
440 sshpam_set_maxtries_reached(maxtries
);
445 debug3_f("user %sauthenticated", authenticated
? "" : "not ");
446 return (authenticated
);
450 mm_user_key_allowed(struct ssh
*ssh
, struct passwd
*pw
, struct sshkey
*key
,
451 int pubkey_auth_attempt
, struct sshauthopt
**authoptp
)
453 return (mm_key_allowed(MM_USERKEY
, NULL
, NULL
, key
,
454 pubkey_auth_attempt
, authoptp
));
458 mm_hostbased_key_allowed(struct ssh
*ssh
, struct passwd
*pw
,
459 const char *user
, const char *host
, struct sshkey
*key
)
461 return (mm_key_allowed(MM_HOSTKEY
, user
, host
, key
, 0, NULL
));
465 mm_key_allowed(enum mm_keytype type
, const char *user
, const char *host
,
466 struct sshkey
*key
, int pubkey_auth_attempt
, struct sshauthopt
**authoptp
)
470 struct sshauthopt
*opts
= NULL
;
472 debug3_f("entering");
474 if (authoptp
!= NULL
)
477 if ((m
= sshbuf_new()) == NULL
)
478 fatal_f("sshbuf_new failed");
479 if ((r
= sshbuf_put_u32(m
, type
)) != 0 ||
480 (r
= sshbuf_put_cstring(m
, user
? user
: "")) != 0 ||
481 (r
= sshbuf_put_cstring(m
, host
? host
: "")) != 0 ||
482 (r
= sshkey_puts(key
, m
)) != 0 ||
483 (r
= sshbuf_put_u32(m
, pubkey_auth_attempt
)) != 0)
484 fatal_fr(r
, "assemble");
486 mm_request_send(pmonitor
->m_recvfd
, MONITOR_REQ_KEYALLOWED
, m
);
488 debug3_f("waiting for MONITOR_ANS_KEYALLOWED");
489 mm_request_receive_expect(pmonitor
->m_recvfd
,
490 MONITOR_ANS_KEYALLOWED
, m
);
492 if ((r
= sshbuf_get_u32(m
, &allowed
)) != 0)
493 fatal_fr(r
, "parse");
494 if (allowed
&& type
== MM_USERKEY
&&
495 (r
= sshauthopt_deserialise(m
, &opts
)) != 0)
496 fatal_fr(r
, "sshauthopt_deserialise");
499 if (authoptp
!= NULL
) {
503 sshauthopt_free(opts
);
509 * This key verify needs to send the key type along, because the
510 * privileged parent makes the decision if the key is allowed
511 * for authentication.
515 mm_sshkey_verify(const struct sshkey
*key
, const u_char
*sig
, size_t siglen
,
516 const u_char
*data
, size_t datalen
, const char *sigalg
, u_int compat
,
517 struct sshkey_sig_details
**sig_detailsp
)
520 u_int encoded_ret
= 0;
522 u_char sig_details_present
, flags
;
525 debug3_f("entering");
527 if (sig_detailsp
!= NULL
)
528 *sig_detailsp
= NULL
;
529 if ((m
= sshbuf_new()) == NULL
)
530 fatal_f("sshbuf_new failed");
531 if ((r
= sshkey_puts(key
, m
)) != 0 ||
532 (r
= sshbuf_put_string(m
, sig
, siglen
)) != 0 ||
533 (r
= sshbuf_put_string(m
, data
, datalen
)) != 0 ||
534 (r
= sshbuf_put_cstring(m
, sigalg
== NULL
? "" : sigalg
)) != 0)
535 fatal_fr(r
, "assemble");
537 mm_request_send(pmonitor
->m_recvfd
, MONITOR_REQ_KEYVERIFY
, m
);
539 debug3_f("waiting for MONITOR_ANS_KEYVERIFY");
540 mm_request_receive_expect(pmonitor
->m_recvfd
,
541 MONITOR_ANS_KEYVERIFY
, m
);
543 if ((r
= sshbuf_get_u32(m
, &encoded_ret
)) != 0 ||
544 (r
= sshbuf_get_u8(m
, &sig_details_present
)) != 0)
545 fatal_fr(r
, "parse");
546 if (sig_details_present
&& encoded_ret
== 0) {
547 if ((r
= sshbuf_get_u32(m
, &counter
)) != 0 ||
548 (r
= sshbuf_get_u8(m
, &flags
)) != 0)
549 fatal_fr(r
, "parse sig_details");
550 if (sig_detailsp
!= NULL
) {
551 *sig_detailsp
= xcalloc(1, sizeof(**sig_detailsp
));
552 (*sig_detailsp
)->sk_counter
= counter
;
553 (*sig_detailsp
)->sk_flags
= flags
;
559 if (encoded_ret
!= 0)
560 return SSH_ERR_SIGNATURE_INVALID
;
565 mm_send_keystate(struct ssh
*ssh
, struct monitor
*monitor
)
570 if ((m
= sshbuf_new()) == NULL
)
571 fatal_f("sshbuf_new failed");
572 if ((r
= ssh_packet_get_state(ssh
, m
)) != 0)
573 fatal_fr(r
, "ssh_packet_get_state");
574 mm_request_send(monitor
->m_recvfd
, MONITOR_REQ_KEYEXPORT
, m
);
575 debug3_f("Finished sending state");
580 mm_pty_allocate(int *ptyfd
, int *ttyfd
, char *namebuf
, size_t namebuflen
)
584 int success
= 0, tmp1
= -1, tmp2
= -1, r
;
586 /* Kludge: ensure there are fds free to receive the pty/tty */
587 if ((tmp1
= dup(pmonitor
->m_recvfd
)) == -1 ||
588 (tmp2
= dup(pmonitor
->m_recvfd
)) == -1) {
589 error_f("cannot allocate fds for pty");
597 if ((m
= sshbuf_new()) == NULL
)
598 fatal_f("sshbuf_new failed");
599 mm_request_send(pmonitor
->m_recvfd
, MONITOR_REQ_PTY
, m
);
601 debug3_f("waiting for MONITOR_ANS_PTY");
602 mm_request_receive_expect(pmonitor
->m_recvfd
, MONITOR_ANS_PTY
, m
);
604 if ((r
= sshbuf_get_u32(m
, &success
)) != 0)
605 fatal_fr(r
, "parse success");
607 debug3_f("pty alloc failed");
611 if ((r
= sshbuf_get_cstring(m
, &p
, NULL
)) != 0 ||
612 (r
= sshbuf_get_cstring(m
, &msg
, NULL
)) != 0)
613 fatal_fr(r
, "parse");
616 strlcpy(namebuf
, p
, namebuflen
); /* Possible truncation */
619 if ((r
= sshbuf_put(loginmsg
, msg
, strlen(msg
))) != 0)
620 fatal_fr(r
, "put loginmsg");
623 if ((*ptyfd
= mm_receive_fd(pmonitor
->m_recvfd
)) == -1 ||
624 (*ttyfd
= mm_receive_fd(pmonitor
->m_recvfd
)) == -1)
625 fatal_f("receive fds failed");
632 mm_session_pty_cleanup2(Session
*s
)
639 if ((m
= sshbuf_new()) == NULL
)
640 fatal_f("sshbuf_new failed");
641 if ((r
= sshbuf_put_cstring(m
, s
->tty
)) != 0)
642 fatal_fr(r
, "assmble");
643 mm_request_send(pmonitor
->m_recvfd
, MONITOR_REQ_PTYCLEANUP
, m
);
646 /* closed dup'ed master */
647 if (s
->ptymaster
!= -1 && close(s
->ptymaster
) == -1)
648 error("close(s->ptymaster/%d): %s",
649 s
->ptymaster
, strerror(errno
));
651 /* unlink pty from session */
657 mm_start_pam(struct ssh
*ssh
)
661 debug3("%s entering", __func__
);
662 if (!options
.use_pam
)
663 fatal("UsePAM=no, but ended up in %s anyway", __func__
);
664 if ((m
= sshbuf_new()) == NULL
)
665 fatal("%s: sshbuf_new failed", __func__
);
666 mm_request_send(pmonitor
->m_recvfd
, MONITOR_REQ_PAM_START
, m
);
672 mm_do_pam_account(void)
680 debug3("%s entering", __func__
);
681 if (!options
.use_pam
)
682 fatal("UsePAM=no, but ended up in %s anyway", __func__
);
684 if ((m
= sshbuf_new()) == NULL
)
685 fatal("%s: sshbuf_new failed", __func__
);
686 mm_request_send(pmonitor
->m_recvfd
, MONITOR_REQ_PAM_ACCOUNT
, m
);
688 mm_request_receive_expect(pmonitor
->m_recvfd
,
689 MONITOR_ANS_PAM_ACCOUNT
, m
);
690 if ((r
= sshbuf_get_u32(m
, &ret
)) != 0 ||
691 (r
= sshbuf_get_cstring(m
, &msg
, &msglen
)) != 0 ||
692 (r
= sshbuf_put(loginmsg
, msg
, msglen
)) != 0)
693 fatal("%s: buffer error: %s", __func__
, ssh_err(r
));
698 debug3("%s returning %d", __func__
, ret
);
704 mm_sshpam_init_ctx(Authctxt
*authctxt
)
709 debug3("%s", __func__
);
710 if ((m
= sshbuf_new()) == NULL
)
711 fatal("%s: sshbuf_new failed", __func__
);
712 mm_request_send(pmonitor
->m_recvfd
, MONITOR_REQ_PAM_INIT_CTX
, m
);
713 debug3("%s: waiting for MONITOR_ANS_PAM_INIT_CTX", __func__
);
714 mm_request_receive_expect(pmonitor
->m_recvfd
,
715 MONITOR_ANS_PAM_INIT_CTX
, m
);
716 if ((r
= sshbuf_get_u32(m
, &success
)) != 0)
717 fatal("%s: buffer error: %s", __func__
, ssh_err(r
));
719 debug3("%s: pam_init_ctx failed", __func__
);
728 mm_sshpam_query(void *ctx
, char **name
, char **info
,
729 u_int
*num
, char ***prompts
, u_int
**echo_on
)
735 debug3("%s", __func__
);
736 if ((m
= sshbuf_new()) == NULL
)
737 fatal("%s: sshbuf_new failed", __func__
);
738 mm_request_send(pmonitor
->m_recvfd
, MONITOR_REQ_PAM_QUERY
, m
);
739 debug3("%s: waiting for MONITOR_ANS_PAM_QUERY", __func__
);
740 mm_request_receive_expect(pmonitor
->m_recvfd
, MONITOR_ANS_PAM_QUERY
, m
);
741 if ((r
= sshbuf_get_u32(m
, &ret
)) != 0 ||
742 (r
= sshbuf_get_cstring(m
, name
, NULL
)) != 0 ||
743 (r
= sshbuf_get_cstring(m
, info
, NULL
)) != 0 ||
744 (r
= sshbuf_get_u32(m
, &n
)) != 0 ||
745 (r
= sshbuf_get_u32(m
, num
)) != 0)
746 fatal("%s: buffer error: %s", __func__
, ssh_err(r
));
747 debug3("%s: pam_query returned %d", __func__
, ret
);
748 sshpam_set_maxtries_reached(n
);
749 if (*num
> PAM_MAX_NUM_MSG
)
750 fatal("%s: received %u PAM messages, expected <= %u",
751 __func__
, *num
, PAM_MAX_NUM_MSG
);
752 *prompts
= xcalloc((*num
+ 1), sizeof(char *));
753 *echo_on
= xcalloc((*num
+ 1), sizeof(u_int
));
754 for (i
= 0; i
< *num
; ++i
) {
755 if ((r
= sshbuf_get_cstring(m
, &((*prompts
)[i
]), NULL
)) != 0 ||
756 (r
= sshbuf_get_u32(m
, &((*echo_on
)[i
]))) != 0)
757 fatal("%s: buffer error: %s", __func__
, ssh_err(r
));
764 mm_sshpam_respond(void *ctx
, u_int num
, char **resp
)
770 debug3("%s", __func__
);
771 if ((m
= sshbuf_new()) == NULL
)
772 fatal("%s: sshbuf_new failed", __func__
);
773 if ((r
= sshbuf_put_u32(m
, num
)) != 0)
774 fatal("%s: buffer error: %s", __func__
, ssh_err(r
));
775 for (i
= 0; i
< num
; ++i
) {
776 if ((r
= sshbuf_put_cstring(m
, resp
[i
])) != 0)
777 fatal("%s: buffer error: %s", __func__
, ssh_err(r
));
779 mm_request_send(pmonitor
->m_recvfd
, MONITOR_REQ_PAM_RESPOND
, m
);
780 debug3("%s: waiting for MONITOR_ANS_PAM_RESPOND", __func__
);
781 mm_request_receive_expect(pmonitor
->m_recvfd
,
782 MONITOR_ANS_PAM_RESPOND
, m
);
783 if ((r
= sshbuf_get_u32(m
, &n
)) != 0)
784 fatal("%s: buffer error: %s", __func__
, ssh_err(r
));
785 ret
= (int)n
; /* XXX */
786 debug3("%s: pam_respond returned %d", __func__
, ret
);
792 mm_sshpam_free_ctx(void *ctxtp
)
796 debug3("%s", __func__
);
797 if ((m
= sshbuf_new()) == NULL
)
798 fatal("%s: sshbuf_new failed", __func__
);
799 mm_request_send(pmonitor
->m_recvfd
, MONITOR_REQ_PAM_FREE_CTX
, m
);
800 debug3("%s: waiting for MONITOR_ANS_PAM_FREE_CTX", __func__
);
801 mm_request_receive_expect(pmonitor
->m_recvfd
,
802 MONITOR_ANS_PAM_FREE_CTX
, m
);
807 /* Request process termination */
814 if ((m
= sshbuf_new()) == NULL
)
815 fatal_f("sshbuf_new failed");
816 mm_request_send(pmonitor
->m_recvfd
, MONITOR_REQ_TERM
, m
);
821 mm_chall_setup(char **name
, char **infotxt
, u_int
*numprompts
,
822 char ***prompts
, u_int
**echo_on
)
825 *infotxt
= xstrdup("");
827 *prompts
= xcalloc(*numprompts
, sizeof(char *));
828 *echo_on
= xcalloc(*numprompts
, sizeof(u_int
));
833 mm_bsdauth_query(void *ctx
, char **name
, char **infotxt
,
834 u_int
*numprompts
, char ***prompts
, u_int
**echo_on
)
841 debug3_f("entering");
843 if ((m
= sshbuf_new()) == NULL
)
844 fatal_f("sshbuf_new failed");
845 mm_request_send(pmonitor
->m_recvfd
, MONITOR_REQ_BSDAUTHQUERY
, m
);
847 mm_request_receive_expect(pmonitor
->m_recvfd
,
848 MONITOR_ANS_BSDAUTHQUERY
, m
);
849 if ((r
= sshbuf_get_u32(m
, &success
)) != 0)
850 fatal_fr(r
, "parse success");
852 debug3_f("no challenge");
857 /* Get the challenge, and format the response */
858 if ((r
= sshbuf_get_cstring(m
, &challenge
, NULL
)) != 0)
859 fatal_fr(r
, "parse challenge");
862 mm_chall_setup(name
, infotxt
, numprompts
, prompts
, echo_on
);
863 (*prompts
)[0] = challenge
;
865 debug3_f("received challenge: %s", challenge
);
871 mm_bsdauth_respond(void *ctx
, u_int numresponses
, char **responses
)
876 debug3_f("entering");
877 if (numresponses
!= 1)
880 if ((m
= sshbuf_new()) == NULL
)
881 fatal_f("sshbuf_new failed");
882 if ((r
= sshbuf_put_cstring(m
, responses
[0])) != 0)
883 fatal_fr(r
, "assemble");
884 mm_request_send(pmonitor
->m_recvfd
, MONITOR_REQ_BSDAUTHRESPOND
, m
);
886 mm_request_receive_expect(pmonitor
->m_recvfd
,
887 MONITOR_ANS_BSDAUTHRESPOND
, m
);
889 if ((r
= sshbuf_get_u32(m
, &authok
)) != 0)
890 fatal_fr(r
, "parse");
893 return ((authok
== 0) ? -1 : 0);
896 #ifdef SSH_AUDIT_EVENTS
898 mm_audit_event(struct ssh
*ssh
, ssh_audit_event_t event
)
903 debug3("%s entering", __func__
);
905 if ((m
= sshbuf_new()) == NULL
)
906 fatal("%s: sshbuf_new failed", __func__
);
907 if ((r
= sshbuf_put_u32(m
, event
)) != 0)
908 fatal("%s: buffer error: %s", __func__
, ssh_err(r
));
910 mm_request_send(pmonitor
->m_recvfd
, MONITOR_REQ_AUDIT_EVENT
, m
);
915 mm_audit_run_command(const char *command
)
920 debug3("%s entering command %s", __func__
, command
);
922 if ((m
= sshbuf_new()) == NULL
)
923 fatal("%s: sshbuf_new failed", __func__
);
924 if ((r
= sshbuf_put_cstring(m
, command
)) != 0)
925 fatal("%s: buffer error: %s", __func__
, ssh_err(r
));
927 mm_request_send(pmonitor
->m_recvfd
, MONITOR_REQ_AUDIT_COMMAND
, m
);
930 #endif /* SSH_AUDIT_EVENTS */
934 mm_ssh_gssapi_server_ctx(Gssctxt
**ctx
, gss_OID goid
)
940 /* Client doesn't get to see the context */
943 if ((m
= sshbuf_new()) == NULL
)
944 fatal_f("sshbuf_new failed");
945 if ((r
= sshbuf_put_string(m
, goid
->elements
, goid
->length
)) != 0)
946 fatal_fr(r
, "assemble");
948 mm_request_send(pmonitor
->m_recvfd
, MONITOR_REQ_GSSSETUP
, m
);
949 mm_request_receive_expect(pmonitor
->m_recvfd
, MONITOR_ANS_GSSSETUP
, m
);
951 if ((r
= sshbuf_get_u32(m
, &major
)) != 0)
952 fatal_fr(r
, "parse");
959 mm_ssh_gssapi_accept_ctx(Gssctxt
*ctx
, gss_buffer_desc
*in
,
960 gss_buffer_desc
*out
, OM_uint32
*flagsp
)
967 if ((m
= sshbuf_new()) == NULL
)
968 fatal_f("sshbuf_new failed");
969 if ((r
= sshbuf_put_string(m
, in
->value
, in
->length
)) != 0)
970 fatal_fr(r
, "assemble");
972 mm_request_send(pmonitor
->m_recvfd
, MONITOR_REQ_GSSSTEP
, m
);
973 mm_request_receive_expect(pmonitor
->m_recvfd
, MONITOR_ANS_GSSSTEP
, m
);
975 if ((r
= sshbuf_get_u32(m
, &major
)) != 0 ||
976 (r
= ssh_gssapi_get_buffer_desc(m
, out
)) != 0)
977 fatal_fr(r
, "parse");
978 if (flagsp
!= NULL
) {
979 if ((r
= sshbuf_get_u32(m
, &flags
)) != 0)
980 fatal_fr(r
, "parse flags");
990 mm_ssh_gssapi_checkmic(Gssctxt
*ctx
, gss_buffer_t gssbuf
, gss_buffer_t gssmic
)
996 if ((m
= sshbuf_new()) == NULL
)
997 fatal_f("sshbuf_new failed");
998 if ((r
= sshbuf_put_string(m
, gssbuf
->value
, gssbuf
->length
)) != 0 ||
999 (r
= sshbuf_put_string(m
, gssmic
->value
, gssmic
->length
)) != 0)
1000 fatal_fr(r
, "assemble");
1002 mm_request_send(pmonitor
->m_recvfd
, MONITOR_REQ_GSSCHECKMIC
, m
);
1003 mm_request_receive_expect(pmonitor
->m_recvfd
,
1004 MONITOR_ANS_GSSCHECKMIC
, m
);
1006 if ((r
= sshbuf_get_u32(m
, &major
)) != 0)
1007 fatal_fr(r
, "parse");
1013 mm_ssh_gssapi_userok(char *user
)
1016 int r
, authenticated
= 0;
1018 if ((m
= sshbuf_new()) == NULL
)
1019 fatal_f("sshbuf_new failed");
1021 mm_request_send(pmonitor
->m_recvfd
, MONITOR_REQ_GSSUSEROK
, m
);
1022 mm_request_receive_expect(pmonitor
->m_recvfd
,
1023 MONITOR_ANS_GSSUSEROK
, m
);
1025 if ((r
= sshbuf_get_u32(m
, &authenticated
)) != 0)
1026 fatal_fr(r
, "parse");
1029 debug3_f("user %sauthenticated", authenticated
? "" : "not ");
1030 return (authenticated
);
1035 * Inform channels layer of permitopen options for a single forwarding
1036 * direction (local/remote).
1039 server_process_permitopen_list(struct ssh
*ssh
, int listen
,
1040 char **opens
, u_int num_opens
)
1044 char *host
, *arg
, *oarg
;
1045 int where
= listen
? FORWARD_REMOTE
: FORWARD_LOCAL
;
1046 const char *what
= listen
? "permitlisten" : "permitopen";
1048 channel_clear_permission(ssh
, FORWARD_ADM
, where
);
1050 return; /* permit any */
1052 /* handle keywords: "any" / "none" */
1053 if (num_opens
== 1 && strcmp(opens
[0], "any") == 0)
1055 if (num_opens
== 1 && strcmp(opens
[0], "none") == 0) {
1056 channel_disable_admin(ssh
, where
);
1059 /* Otherwise treat it as a list of permitted host:port */
1060 for (i
= 0; i
< num_opens
; i
++) {
1061 oarg
= arg
= xstrdup(opens
[i
]);
1062 host
= hpdelim(&arg
);
1064 fatal_f("missing host in %s", what
);
1065 host
= cleanhostname(host
);
1066 if (arg
== NULL
|| ((port
= permitopen_port(arg
)) < 0))
1067 fatal_f("bad port number in %s", what
);
1068 /* Send it to channels layer */
1069 channel_add_permission(ssh
, FORWARD_ADM
,
1076 * Inform channels layer of permitopen options from configuration.
1079 server_process_permitopen(struct ssh
*ssh
)
1081 server_process_permitopen_list(ssh
, 0,
1082 options
.permitted_opens
, options
.num_permitted_opens
);
1083 server_process_permitopen_list(ssh
, 1,
1084 options
.permitted_listens
, options
.num_permitted_listens
);
1088 server_process_channel_timeouts(struct ssh
*ssh
)
1093 debug3_f("setting %u timeouts", options
.num_channel_timeouts
);
1094 channel_clear_timeouts(ssh
);
1095 for (i
= 0; i
< options
.num_channel_timeouts
; i
++) {
1096 if (parse_pattern_interval(options
.channel_timeouts
[i
],
1097 &type
, &secs
) != 0) {
1098 fatal_f("internal error: bad timeout %s",
1099 options
.channel_timeouts
[i
]);
1101 channel_add_timeout(ssh
, type
, secs
);
1106 struct connection_info
*
1107 server_get_connection_info(struct ssh
*ssh
, int populate
, int use_dns
)
1109 static struct connection_info ci
;
1111 if (ssh
== NULL
|| !populate
)
1113 ci
.host
= use_dns
? ssh_remote_hostname(ssh
) : ssh_remote_ipaddr(ssh
);
1114 ci
.address
= ssh_remote_ipaddr(ssh
);
1115 ci
.laddress
= ssh_local_ipaddr(ssh
);
1116 ci
.lport
= ssh_local_port(ssh
);
1117 ci
.rdomain
= ssh_packet_rdomain_in(ssh
);