1 /* $OpenBSD: monitor_wrap.c,v 1.136 2024/06/19 23:24:47 djm Exp $ */
3 * Copyright 2002 Niels Provos <provos@citi.umich.edu>
4 * Copyright 2002 Markus Friedl <markus@openbsd.org>
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
17 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
18 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
19 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
21 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
22 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
23 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
25 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30 #include <sys/types.h>
43 #include <openssl/bn.h>
44 #include <openssl/dh.h>
45 #include <openssl/evp.h>
48 #include "openbsd-compat/sys-queue.h"
60 #include "auth-options.h"
70 #include "monitor_fdpass.h"
76 #include "monitor_wrap.h"
82 extern struct monitor
*pmonitor
;
83 extern struct sshbuf
*loginmsg
;
84 extern ServerOptions options
;
87 mm_log_handler(LogLevel level
, int forced
, const char *msg
, void *ctx
)
89 struct sshbuf
*log_msg
;
90 struct monitor
*mon
= (struct monitor
*)ctx
;
94 if (mon
->m_log_sendfd
== -1)
95 fatal_f("no log channel");
97 if ((log_msg
= sshbuf_new()) == NULL
)
98 fatal_f("sshbuf_new failed");
100 if ((r
= sshbuf_put_u32(log_msg
, 0)) != 0 || /* length; filled below */
101 (r
= sshbuf_put_u32(log_msg
, level
)) != 0 ||
102 (r
= sshbuf_put_u32(log_msg
, forced
)) != 0 ||
103 (r
= sshbuf_put_cstring(log_msg
, msg
)) != 0)
104 fatal_fr(r
, "assemble");
105 if ((len
= sshbuf_len(log_msg
)) < 4 || len
> 0xffffffff)
106 fatal_f("bad length %zu", len
);
107 POKE_U32(sshbuf_mutable_ptr(log_msg
), len
- 4);
108 if (atomicio(vwrite
, mon
->m_log_sendfd
,
109 sshbuf_mutable_ptr(log_msg
), len
) != len
)
110 fatal_f("write: %s", strerror(errno
));
111 sshbuf_free(log_msg
);
118 * m_pid is only set in the privileged part, and
119 * points to the unprivileged child.
121 return (pmonitor
&& pmonitor
->m_pid
> 0);
129 if (!mm_is_monitor())
131 while (waitpid(pmonitor
->m_pid
, &status
, 0) == -1) {
134 pmonitor
->m_pid
= -1;
135 fatal_f("waitpid: %s", strerror(errno
));
137 if (WIFEXITED(status
)) {
138 if (WEXITSTATUS(status
) != 0) {
139 debug_f("preauth child exited with status %d",
140 WEXITSTATUS(status
));
143 } else if (WIFSIGNALED(status
)) {
144 error_f("preauth child terminated by signal %d",
146 cleanup_exit(signal_is_crash(WTERMSIG(status
)) ?
147 EXIT_CHILD_CRASH
: 255);
149 error_f("preauth child terminated abnormally (status=0x%x)",
151 cleanup_exit(EXIT_CHILD_CRASH
);
156 mm_request_send(int sock
, enum monitor_reqtype type
, struct sshbuf
*m
)
158 size_t mlen
= sshbuf_len(m
);
161 debug3_f("entering, type %d", type
);
163 if (mlen
>= 0xffffffff)
164 fatal_f("bad length %zu", mlen
);
165 POKE_U32(buf
, mlen
+ 1);
166 buf
[4] = (u_char
) type
; /* 1st byte of payload is mesg-type */
167 if (atomicio(vwrite
, sock
, buf
, sizeof(buf
)) != sizeof(buf
) ||
168 atomicio(vwrite
, sock
, sshbuf_mutable_ptr(m
), mlen
) != mlen
) {
169 if (errno
== EPIPE
) {
170 debug3_f("monitor fd closed");
174 fatal_f("write: %s", strerror(errno
));
179 mm_request_receive(int sock
, struct sshbuf
*m
)
181 u_char buf
[4], *p
= NULL
;
185 debug3_f("entering");
187 if (atomicio(read
, sock
, buf
, sizeof(buf
)) != sizeof(buf
)) {
188 if (errno
== EPIPE
) {
189 debug3_f("monitor fd closed");
193 fatal_f("read: %s", strerror(errno
));
195 msg_len
= PEEK_U32(buf
);
196 if (msg_len
> 256 * 1024)
197 fatal_f("read: bad msg_len %d", msg_len
);
199 if ((r
= sshbuf_reserve(m
, msg_len
, &p
)) != 0)
200 fatal_fr(r
, "reserve");
201 if (atomicio(read
, sock
, p
, msg_len
) != msg_len
) {
203 error_f("read: %s", strerror(errno
));
211 mm_request_receive_expect(int sock
, enum monitor_reqtype type
, struct sshbuf
*m
)
216 debug3_f("entering, type %d", type
);
218 mm_request_receive(sock
, m
);
219 if ((r
= sshbuf_get_u8(m
, &rtype
)) != 0)
220 fatal_fr(r
, "parse");
222 fatal_f("read: rtype %d != type %d", rtype
, type
);
227 mm_choose_dh(int min
, int nbits
, int max
)
234 if ((m
= sshbuf_new()) == NULL
)
235 fatal_f("sshbuf_new failed");
236 if ((r
= sshbuf_put_u32(m
, min
)) != 0 ||
237 (r
= sshbuf_put_u32(m
, nbits
)) != 0 ||
238 (r
= sshbuf_put_u32(m
, max
)) != 0)
239 fatal_fr(r
, "assemble");
241 mm_request_send(pmonitor
->m_recvfd
, MONITOR_REQ_MODULI
, m
);
243 debug3_f("waiting for MONITOR_ANS_MODULI");
244 mm_request_receive_expect(pmonitor
->m_recvfd
, MONITOR_ANS_MODULI
, m
);
246 if ((r
= sshbuf_get_u8(m
, &success
)) != 0)
247 fatal_fr(r
, "parse success");
249 fatal_f("MONITOR_ANS_MODULI failed");
251 if ((r
= sshbuf_get_bignum2(m
, &p
)) != 0 ||
252 (r
= sshbuf_get_bignum2(m
, &g
)) != 0)
253 fatal_fr(r
, "parse group");
255 debug3_f("remaining %zu", sshbuf_len(m
));
258 return (dh_new_group(g
, p
));
263 mm_sshkey_sign(struct ssh
*ssh
, struct sshkey
*key
, u_char
**sigp
, size_t *lenp
,
264 const u_char
*data
, size_t datalen
, const char *hostkey_alg
,
265 const char *sk_provider
, const char *sk_pin
, u_int compat
)
267 struct kex
*kex
= *pmonitor
->m_pkex
;
269 u_int ndx
= kex
->host_key_index(key
, 0, ssh
);
272 debug3_f("entering");
273 if ((m
= sshbuf_new()) == NULL
)
274 fatal_f("sshbuf_new failed");
275 if ((r
= sshbuf_put_u32(m
, ndx
)) != 0 ||
276 (r
= sshbuf_put_string(m
, data
, datalen
)) != 0 ||
277 (r
= sshbuf_put_cstring(m
, hostkey_alg
)) != 0 ||
278 (r
= sshbuf_put_u32(m
, compat
)) != 0)
279 fatal_fr(r
, "assemble");
281 mm_request_send(pmonitor
->m_recvfd
, MONITOR_REQ_SIGN
, m
);
283 debug3_f("waiting for MONITOR_ANS_SIGN");
284 mm_request_receive_expect(pmonitor
->m_recvfd
, MONITOR_ANS_SIGN
, m
);
285 if ((r
= sshbuf_get_string(m
, sigp
, lenp
)) != 0)
286 fatal_fr(r
, "parse");
293 mm_decode_activate_server_options(struct ssh
*ssh
, struct sshbuf
*m
)
298 ServerOptions
*newopts
;
301 if ((r
= sshbuf_get_string_direct(m
, &p
, &len
)) != 0)
302 fatal_fr(r
, "parse opts");
303 if (len
!= sizeof(*newopts
))
304 fatal_f("option block size mismatch");
305 newopts
= xcalloc(sizeof(*newopts
), 1);
306 memcpy(newopts
, p
, sizeof(*newopts
));
308 #define M_CP_STROPT(x) do { \
309 if (newopts->x != NULL && \
310 (r = sshbuf_get_cstring(m, &newopts->x, NULL)) != 0) \
311 fatal_fr(r, "parse %s", #x); \
313 #define M_CP_STRARRAYOPT(x, nx) do { \
314 newopts->x = newopts->nx == 0 ? \
315 NULL : xcalloc(newopts->nx, sizeof(*newopts->x)); \
316 for (i = 0; i < newopts->nx; i++) { \
317 if ((r = sshbuf_get_cstring(m, \
318 &newopts->x[i], NULL)) != 0) \
319 fatal_fr(r, "parse %s", #x); \
322 /* See comment in servconf.h */
323 COPY_MATCH_STRING_OPTS();
325 #undef M_CP_STRARRAYOPT
327 copy_set_server_options(&options
, newopts
, 1);
328 log_change_level(options
.log_level
);
330 for (i
= 0; i
< options
.num_log_verbose
; i
++)
331 log_verbose_add(options
.log_verbose
[i
]);
335 #define GETPW(b, id) \
337 if ((r = sshbuf_get_string_direct(b, &p, &len)) != 0) \
338 fatal_fr(r, "parse pw %s", #id); \
339 if (len != sizeof(pw->id)) \
340 fatal_fr(r, "bad length for %s", #id); \
341 memcpy(&pw->id, p, len); \
345 mm_getpwnamallow(struct ssh
*ssh
, const char *username
)
354 debug3_f("entering");
356 if ((m
= sshbuf_new()) == NULL
)
357 fatal_f("sshbuf_new failed");
358 if ((r
= sshbuf_put_cstring(m
, username
)) != 0)
359 fatal_fr(r
, "assemble");
361 mm_request_send(pmonitor
->m_recvfd
, MONITOR_REQ_PWNAM
, m
);
363 debug3_f("waiting for MONITOR_ANS_PWNAM");
364 mm_request_receive_expect(pmonitor
->m_recvfd
, MONITOR_ANS_PWNAM
, m
);
366 if ((r
= sshbuf_get_u8(m
, &ok
)) != 0)
367 fatal_fr(r
, "parse success");
373 /* XXX don't like passing struct passwd like this */
374 pw
= xcalloc(sizeof(*pw
), 1);
377 #ifdef HAVE_STRUCT_PASSWD_PW_CHANGE
380 #ifdef HAVE_STRUCT_PASSWD_PW_EXPIRE
383 if ((r
= sshbuf_get_cstring(m
, &pw
->pw_name
, NULL
)) != 0 ||
384 (r
= sshbuf_get_cstring(m
, &pw
->pw_passwd
, NULL
)) != 0 ||
385 #ifdef HAVE_STRUCT_PASSWD_PW_GECOS
386 (r
= sshbuf_get_cstring(m
, &pw
->pw_gecos
, NULL
)) != 0 ||
388 #ifdef HAVE_STRUCT_PASSWD_PW_CLASS
389 (r
= sshbuf_get_cstring(m
, &pw
->pw_class
, NULL
)) != 0 ||
391 (r
= sshbuf_get_cstring(m
, &pw
->pw_dir
, NULL
)) != 0 ||
392 (r
= sshbuf_get_cstring(m
, &pw
->pw_shell
, NULL
)) != 0)
393 fatal_fr(r
, "parse pw");
396 /* copy options block as a Match directive may have changed some */
397 mm_decode_activate_server_options(ssh
, m
);
398 server_process_permitopen(ssh
);
399 server_process_channel_timeouts(ssh
);
400 kex_set_server_sig_algs(ssh
, options
.pubkey_accepted_algos
);
407 mm_auth2_read_banner(void)
413 debug3_f("entering");
415 if ((m
= sshbuf_new()) == NULL
)
416 fatal_f("sshbuf_new failed");
417 mm_request_send(pmonitor
->m_recvfd
, MONITOR_REQ_AUTH2_READ_BANNER
, m
);
420 mm_request_receive_expect(pmonitor
->m_recvfd
,
421 MONITOR_ANS_AUTH2_READ_BANNER
, m
);
422 if ((r
= sshbuf_get_cstring(m
, &banner
, NULL
)) != 0)
423 fatal_fr(r
, "parse");
426 /* treat empty banner as missing banner */
427 if (strlen(banner
) == 0) {
434 /* Inform the privileged process about service and style */
437 mm_inform_authserv(char *service
, char *style
)
442 debug3_f("entering");
444 if ((m
= sshbuf_new()) == NULL
)
445 fatal_f("sshbuf_new failed");
446 if ((r
= sshbuf_put_cstring(m
, service
)) != 0 ||
447 (r
= sshbuf_put_cstring(m
, style
? style
: "")) != 0)
448 fatal_fr(r
, "assemble");
450 mm_request_send(pmonitor
->m_recvfd
, MONITOR_REQ_AUTHSERV
, m
);
455 /* Do the password authentication */
457 mm_auth_password(struct ssh
*ssh
, char *password
)
460 int r
, authenticated
= 0;
465 debug3_f("entering");
467 if ((m
= sshbuf_new()) == NULL
)
468 fatal_f("sshbuf_new failed");
469 if ((r
= sshbuf_put_cstring(m
, password
)) != 0)
470 fatal_fr(r
, "assemble");
471 mm_request_send(pmonitor
->m_recvfd
, MONITOR_REQ_AUTHPASSWORD
, m
);
473 debug3_f("waiting for MONITOR_ANS_AUTHPASSWORD");
474 mm_request_receive_expect(pmonitor
->m_recvfd
,
475 MONITOR_ANS_AUTHPASSWORD
, m
);
477 if ((r
= sshbuf_get_u32(m
, &authenticated
)) != 0)
478 fatal_fr(r
, "parse");
480 if ((r
= sshbuf_get_u32(m
, &maxtries
)) != 0)
481 fatal_fr(r
, "parse PAM");
482 if (maxtries
> INT_MAX
)
483 fatal_fr(r
, "bad maxtries");
484 sshpam_set_maxtries_reached(maxtries
);
489 debug3_f("user %sauthenticated", authenticated
? "" : "not ");
490 return (authenticated
);
494 mm_user_key_allowed(struct ssh
*ssh
, struct passwd
*pw
, struct sshkey
*key
,
495 int pubkey_auth_attempt
, struct sshauthopt
**authoptp
)
497 return (mm_key_allowed(MM_USERKEY
, NULL
, NULL
, key
,
498 pubkey_auth_attempt
, authoptp
));
502 mm_hostbased_key_allowed(struct ssh
*ssh
, struct passwd
*pw
,
503 const char *user
, const char *host
, struct sshkey
*key
)
505 return (mm_key_allowed(MM_HOSTKEY
, user
, host
, key
, 0, NULL
));
509 mm_key_allowed(enum mm_keytype type
, const char *user
, const char *host
,
510 struct sshkey
*key
, int pubkey_auth_attempt
, struct sshauthopt
**authoptp
)
514 struct sshauthopt
*opts
= NULL
;
516 debug3_f("entering");
518 if (authoptp
!= NULL
)
521 if ((m
= sshbuf_new()) == NULL
)
522 fatal_f("sshbuf_new failed");
523 if ((r
= sshbuf_put_u32(m
, type
)) != 0 ||
524 (r
= sshbuf_put_cstring(m
, user
? user
: "")) != 0 ||
525 (r
= sshbuf_put_cstring(m
, host
? host
: "")) != 0 ||
526 (r
= sshkey_puts(key
, m
)) != 0 ||
527 (r
= sshbuf_put_u32(m
, pubkey_auth_attempt
)) != 0)
528 fatal_fr(r
, "assemble");
530 mm_request_send(pmonitor
->m_recvfd
, MONITOR_REQ_KEYALLOWED
, m
);
532 debug3_f("waiting for MONITOR_ANS_KEYALLOWED");
533 mm_request_receive_expect(pmonitor
->m_recvfd
,
534 MONITOR_ANS_KEYALLOWED
, m
);
536 if ((r
= sshbuf_get_u32(m
, &allowed
)) != 0)
537 fatal_fr(r
, "parse");
538 if (allowed
&& type
== MM_USERKEY
&&
539 (r
= sshauthopt_deserialise(m
, &opts
)) != 0)
540 fatal_fr(r
, "sshauthopt_deserialise");
543 if (authoptp
!= NULL
) {
547 sshauthopt_free(opts
);
553 * This key verify needs to send the key type along, because the
554 * privileged parent makes the decision if the key is allowed
555 * for authentication.
559 mm_sshkey_verify(const struct sshkey
*key
, const u_char
*sig
, size_t siglen
,
560 const u_char
*data
, size_t datalen
, const char *sigalg
, u_int compat
,
561 struct sshkey_sig_details
**sig_detailsp
)
564 u_int encoded_ret
= 0;
566 u_char sig_details_present
, flags
;
569 debug3_f("entering");
571 if (sig_detailsp
!= NULL
)
572 *sig_detailsp
= NULL
;
573 if ((m
= sshbuf_new()) == NULL
)
574 fatal_f("sshbuf_new failed");
575 if ((r
= sshkey_puts(key
, m
)) != 0 ||
576 (r
= sshbuf_put_string(m
, sig
, siglen
)) != 0 ||
577 (r
= sshbuf_put_string(m
, data
, datalen
)) != 0 ||
578 (r
= sshbuf_put_cstring(m
, sigalg
== NULL
? "" : sigalg
)) != 0)
579 fatal_fr(r
, "assemble");
581 mm_request_send(pmonitor
->m_recvfd
, MONITOR_REQ_KEYVERIFY
, m
);
583 debug3_f("waiting for MONITOR_ANS_KEYVERIFY");
584 mm_request_receive_expect(pmonitor
->m_recvfd
,
585 MONITOR_ANS_KEYVERIFY
, m
);
587 if ((r
= sshbuf_get_u32(m
, &encoded_ret
)) != 0 ||
588 (r
= sshbuf_get_u8(m
, &sig_details_present
)) != 0)
589 fatal_fr(r
, "parse");
590 if (sig_details_present
&& encoded_ret
== 0) {
591 if ((r
= sshbuf_get_u32(m
, &counter
)) != 0 ||
592 (r
= sshbuf_get_u8(m
, &flags
)) != 0)
593 fatal_fr(r
, "parse sig_details");
594 if (sig_detailsp
!= NULL
) {
595 *sig_detailsp
= xcalloc(1, sizeof(**sig_detailsp
));
596 (*sig_detailsp
)->sk_counter
= counter
;
597 (*sig_detailsp
)->sk_flags
= flags
;
603 if (encoded_ret
!= 0)
604 return SSH_ERR_SIGNATURE_INVALID
;
609 mm_send_keystate(struct ssh
*ssh
, struct monitor
*monitor
)
614 if ((m
= sshbuf_new()) == NULL
)
615 fatal_f("sshbuf_new failed");
616 if ((r
= ssh_packet_get_state(ssh
, m
)) != 0)
617 fatal_fr(r
, "ssh_packet_get_state");
618 mm_request_send(monitor
->m_recvfd
, MONITOR_REQ_KEYEXPORT
, m
);
619 debug3_f("Finished sending state");
624 mm_pty_allocate(int *ptyfd
, int *ttyfd
, char *namebuf
, size_t namebuflen
)
628 int success
= 0, tmp1
= -1, tmp2
= -1, r
;
630 /* Kludge: ensure there are fds free to receive the pty/tty */
631 if ((tmp1
= dup(pmonitor
->m_recvfd
)) == -1 ||
632 (tmp2
= dup(pmonitor
->m_recvfd
)) == -1) {
633 error_f("cannot allocate fds for pty");
641 if ((m
= sshbuf_new()) == NULL
)
642 fatal_f("sshbuf_new failed");
643 mm_request_send(pmonitor
->m_recvfd
, MONITOR_REQ_PTY
, m
);
645 debug3_f("waiting for MONITOR_ANS_PTY");
646 mm_request_receive_expect(pmonitor
->m_recvfd
, MONITOR_ANS_PTY
, m
);
648 if ((r
= sshbuf_get_u32(m
, &success
)) != 0)
649 fatal_fr(r
, "parse success");
651 debug3_f("pty alloc failed");
655 if ((r
= sshbuf_get_cstring(m
, &p
, NULL
)) != 0 ||
656 (r
= sshbuf_get_cstring(m
, &msg
, NULL
)) != 0)
657 fatal_fr(r
, "parse");
660 strlcpy(namebuf
, p
, namebuflen
); /* Possible truncation */
663 if ((r
= sshbuf_put(loginmsg
, msg
, strlen(msg
))) != 0)
664 fatal_fr(r
, "put loginmsg");
667 if ((*ptyfd
= mm_receive_fd(pmonitor
->m_recvfd
)) == -1 ||
668 (*ttyfd
= mm_receive_fd(pmonitor
->m_recvfd
)) == -1)
669 fatal_f("receive fds failed");
676 mm_session_pty_cleanup2(Session
*s
)
683 if ((m
= sshbuf_new()) == NULL
)
684 fatal_f("sshbuf_new failed");
685 if ((r
= sshbuf_put_cstring(m
, s
->tty
)) != 0)
686 fatal_fr(r
, "assmble");
687 mm_request_send(pmonitor
->m_recvfd
, MONITOR_REQ_PTYCLEANUP
, m
);
690 /* closed dup'ed master */
691 if (s
->ptymaster
!= -1 && close(s
->ptymaster
) == -1)
692 error("close(s->ptymaster/%d): %s",
693 s
->ptymaster
, strerror(errno
));
695 /* unlink pty from session */
701 mm_start_pam(struct ssh
*ssh
)
705 debug3("%s entering", __func__
);
706 if (!options
.use_pam
)
707 fatal("UsePAM=no, but ended up in %s anyway", __func__
);
708 if ((m
= sshbuf_new()) == NULL
)
709 fatal("%s: sshbuf_new failed", __func__
);
710 mm_request_send(pmonitor
->m_recvfd
, MONITOR_REQ_PAM_START
, m
);
716 mm_do_pam_account(void)
724 debug3("%s entering", __func__
);
725 if (!options
.use_pam
)
726 fatal("UsePAM=no, but ended up in %s anyway", __func__
);
728 if ((m
= sshbuf_new()) == NULL
)
729 fatal("%s: sshbuf_new failed", __func__
);
730 mm_request_send(pmonitor
->m_recvfd
, MONITOR_REQ_PAM_ACCOUNT
, m
);
732 mm_request_receive_expect(pmonitor
->m_recvfd
,
733 MONITOR_ANS_PAM_ACCOUNT
, m
);
734 if ((r
= sshbuf_get_u32(m
, &ret
)) != 0 ||
735 (r
= sshbuf_get_cstring(m
, &msg
, &msglen
)) != 0 ||
736 (r
= sshbuf_put(loginmsg
, msg
, msglen
)) != 0)
737 fatal("%s: buffer error: %s", __func__
, ssh_err(r
));
742 debug3("%s returning %d", __func__
, ret
);
748 mm_sshpam_init_ctx(Authctxt
*authctxt
)
753 debug3("%s", __func__
);
754 if ((m
= sshbuf_new()) == NULL
)
755 fatal("%s: sshbuf_new failed", __func__
);
756 mm_request_send(pmonitor
->m_recvfd
, MONITOR_REQ_PAM_INIT_CTX
, m
);
757 debug3("%s: waiting for MONITOR_ANS_PAM_INIT_CTX", __func__
);
758 mm_request_receive_expect(pmonitor
->m_recvfd
,
759 MONITOR_ANS_PAM_INIT_CTX
, m
);
760 if ((r
= sshbuf_get_u32(m
, &success
)) != 0)
761 fatal("%s: buffer error: %s", __func__
, ssh_err(r
));
763 debug3("%s: pam_init_ctx failed", __func__
);
772 mm_sshpam_query(void *ctx
, char **name
, char **info
,
773 u_int
*num
, char ***prompts
, u_int
**echo_on
)
779 debug3("%s", __func__
);
780 if ((m
= sshbuf_new()) == NULL
)
781 fatal("%s: sshbuf_new failed", __func__
);
782 mm_request_send(pmonitor
->m_recvfd
, MONITOR_REQ_PAM_QUERY
, m
);
783 debug3("%s: waiting for MONITOR_ANS_PAM_QUERY", __func__
);
784 mm_request_receive_expect(pmonitor
->m_recvfd
, MONITOR_ANS_PAM_QUERY
, m
);
785 if ((r
= sshbuf_get_u32(m
, &ret
)) != 0 ||
786 (r
= sshbuf_get_cstring(m
, name
, NULL
)) != 0 ||
787 (r
= sshbuf_get_cstring(m
, info
, NULL
)) != 0 ||
788 (r
= sshbuf_get_u32(m
, &n
)) != 0 ||
789 (r
= sshbuf_get_u32(m
, num
)) != 0)
790 fatal("%s: buffer error: %s", __func__
, ssh_err(r
));
791 debug3("%s: pam_query returned %d", __func__
, ret
);
792 sshpam_set_maxtries_reached(n
);
793 if (*num
> PAM_MAX_NUM_MSG
)
794 fatal("%s: received %u PAM messages, expected <= %u",
795 __func__
, *num
, PAM_MAX_NUM_MSG
);
796 *prompts
= xcalloc((*num
+ 1), sizeof(char *));
797 *echo_on
= xcalloc((*num
+ 1), sizeof(u_int
));
798 for (i
= 0; i
< *num
; ++i
) {
799 if ((r
= sshbuf_get_cstring(m
, &((*prompts
)[i
]), NULL
)) != 0 ||
800 (r
= sshbuf_get_u32(m
, &((*echo_on
)[i
]))) != 0)
801 fatal("%s: buffer error: %s", __func__
, ssh_err(r
));
808 mm_sshpam_respond(void *ctx
, u_int num
, char **resp
)
814 debug3("%s", __func__
);
815 if ((m
= sshbuf_new()) == NULL
)
816 fatal("%s: sshbuf_new failed", __func__
);
817 if ((r
= sshbuf_put_u32(m
, num
)) != 0)
818 fatal("%s: buffer error: %s", __func__
, ssh_err(r
));
819 for (i
= 0; i
< num
; ++i
) {
820 if ((r
= sshbuf_put_cstring(m
, resp
[i
])) != 0)
821 fatal("%s: buffer error: %s", __func__
, ssh_err(r
));
823 mm_request_send(pmonitor
->m_recvfd
, MONITOR_REQ_PAM_RESPOND
, m
);
824 debug3("%s: waiting for MONITOR_ANS_PAM_RESPOND", __func__
);
825 mm_request_receive_expect(pmonitor
->m_recvfd
,
826 MONITOR_ANS_PAM_RESPOND
, m
);
827 if ((r
= sshbuf_get_u32(m
, &n
)) != 0)
828 fatal("%s: buffer error: %s", __func__
, ssh_err(r
));
829 ret
= (int)n
; /* XXX */
830 debug3("%s: pam_respond returned %d", __func__
, ret
);
836 mm_sshpam_free_ctx(void *ctxtp
)
840 debug3("%s", __func__
);
841 if ((m
= sshbuf_new()) == NULL
)
842 fatal("%s: sshbuf_new failed", __func__
);
843 mm_request_send(pmonitor
->m_recvfd
, MONITOR_REQ_PAM_FREE_CTX
, m
);
844 debug3("%s: waiting for MONITOR_ANS_PAM_FREE_CTX", __func__
);
845 mm_request_receive_expect(pmonitor
->m_recvfd
,
846 MONITOR_ANS_PAM_FREE_CTX
, m
);
851 /* Request process termination */
858 if ((m
= sshbuf_new()) == NULL
)
859 fatal_f("sshbuf_new failed");
860 mm_request_send(pmonitor
->m_recvfd
, MONITOR_REQ_TERM
, m
);
865 mm_chall_setup(char **name
, char **infotxt
, u_int
*numprompts
,
866 char ***prompts
, u_int
**echo_on
)
869 *infotxt
= xstrdup("");
871 *prompts
= xcalloc(*numprompts
, sizeof(char *));
872 *echo_on
= xcalloc(*numprompts
, sizeof(u_int
));
877 mm_bsdauth_query(void *ctx
, char **name
, char **infotxt
,
878 u_int
*numprompts
, char ***prompts
, u_int
**echo_on
)
885 debug3_f("entering");
887 if ((m
= sshbuf_new()) == NULL
)
888 fatal_f("sshbuf_new failed");
889 mm_request_send(pmonitor
->m_recvfd
, MONITOR_REQ_BSDAUTHQUERY
, m
);
891 mm_request_receive_expect(pmonitor
->m_recvfd
,
892 MONITOR_ANS_BSDAUTHQUERY
, m
);
893 if ((r
= sshbuf_get_u32(m
, &success
)) != 0)
894 fatal_fr(r
, "parse success");
896 debug3_f("no challenge");
901 /* Get the challenge, and format the response */
902 if ((r
= sshbuf_get_cstring(m
, &challenge
, NULL
)) != 0)
903 fatal_fr(r
, "parse challenge");
906 mm_chall_setup(name
, infotxt
, numprompts
, prompts
, echo_on
);
907 (*prompts
)[0] = challenge
;
909 debug3_f("received challenge: %s", challenge
);
915 mm_bsdauth_respond(void *ctx
, u_int numresponses
, char **responses
)
920 debug3_f("entering");
921 if (numresponses
!= 1)
924 if ((m
= sshbuf_new()) == NULL
)
925 fatal_f("sshbuf_new failed");
926 if ((r
= sshbuf_put_cstring(m
, responses
[0])) != 0)
927 fatal_fr(r
, "assemble");
928 mm_request_send(pmonitor
->m_recvfd
, MONITOR_REQ_BSDAUTHRESPOND
, m
);
930 mm_request_receive_expect(pmonitor
->m_recvfd
,
931 MONITOR_ANS_BSDAUTHRESPOND
, m
);
933 if ((r
= sshbuf_get_u32(m
, &authok
)) != 0)
934 fatal_fr(r
, "parse");
937 return ((authok
== 0) ? -1 : 0);
940 #ifdef SSH_AUDIT_EVENTS
942 mm_audit_event(struct ssh
*ssh
, ssh_audit_event_t event
)
947 debug3("%s entering", __func__
);
949 if ((m
= sshbuf_new()) == NULL
)
950 fatal("%s: sshbuf_new failed", __func__
);
951 if ((r
= sshbuf_put_u32(m
, event
)) != 0)
952 fatal("%s: buffer error: %s", __func__
, ssh_err(r
));
954 mm_request_send(pmonitor
->m_recvfd
, MONITOR_REQ_AUDIT_EVENT
, m
);
959 mm_audit_run_command(const char *command
)
964 debug3("%s entering command %s", __func__
, command
);
966 if ((m
= sshbuf_new()) == NULL
)
967 fatal("%s: sshbuf_new failed", __func__
);
968 if ((r
= sshbuf_put_cstring(m
, command
)) != 0)
969 fatal("%s: buffer error: %s", __func__
, ssh_err(r
));
971 mm_request_send(pmonitor
->m_recvfd
, MONITOR_REQ_AUDIT_COMMAND
, m
);
974 #endif /* SSH_AUDIT_EVENTS */
978 mm_ssh_gssapi_server_ctx(Gssctxt
**ctx
, gss_OID goid
)
984 /* Client doesn't get to see the context */
987 if ((m
= sshbuf_new()) == NULL
)
988 fatal_f("sshbuf_new failed");
989 if ((r
= sshbuf_put_string(m
, goid
->elements
, goid
->length
)) != 0)
990 fatal_fr(r
, "assemble");
992 mm_request_send(pmonitor
->m_recvfd
, MONITOR_REQ_GSSSETUP
, m
);
993 mm_request_receive_expect(pmonitor
->m_recvfd
, MONITOR_ANS_GSSSETUP
, m
);
995 if ((r
= sshbuf_get_u32(m
, &major
)) != 0)
996 fatal_fr(r
, "parse");
1003 mm_ssh_gssapi_accept_ctx(Gssctxt
*ctx
, gss_buffer_desc
*in
,
1004 gss_buffer_desc
*out
, OM_uint32
*flagsp
)
1011 if ((m
= sshbuf_new()) == NULL
)
1012 fatal_f("sshbuf_new failed");
1013 if ((r
= sshbuf_put_string(m
, in
->value
, in
->length
)) != 0)
1014 fatal_fr(r
, "assemble");
1016 mm_request_send(pmonitor
->m_recvfd
, MONITOR_REQ_GSSSTEP
, m
);
1017 mm_request_receive_expect(pmonitor
->m_recvfd
, MONITOR_ANS_GSSSTEP
, m
);
1019 if ((r
= sshbuf_get_u32(m
, &major
)) != 0 ||
1020 (r
= ssh_gssapi_get_buffer_desc(m
, out
)) != 0)
1021 fatal_fr(r
, "parse");
1022 if (flagsp
!= NULL
) {
1023 if ((r
= sshbuf_get_u32(m
, &flags
)) != 0)
1024 fatal_fr(r
, "parse flags");
1034 mm_ssh_gssapi_checkmic(Gssctxt
*ctx
, gss_buffer_t gssbuf
, gss_buffer_t gssmic
)
1040 if ((m
= sshbuf_new()) == NULL
)
1041 fatal_f("sshbuf_new failed");
1042 if ((r
= sshbuf_put_string(m
, gssbuf
->value
, gssbuf
->length
)) != 0 ||
1043 (r
= sshbuf_put_string(m
, gssmic
->value
, gssmic
->length
)) != 0)
1044 fatal_fr(r
, "assemble");
1046 mm_request_send(pmonitor
->m_recvfd
, MONITOR_REQ_GSSCHECKMIC
, m
);
1047 mm_request_receive_expect(pmonitor
->m_recvfd
,
1048 MONITOR_ANS_GSSCHECKMIC
, m
);
1050 if ((r
= sshbuf_get_u32(m
, &major
)) != 0)
1051 fatal_fr(r
, "parse");
1057 mm_ssh_gssapi_userok(char *user
)
1060 int r
, authenticated
= 0;
1062 if ((m
= sshbuf_new()) == NULL
)
1063 fatal_f("sshbuf_new failed");
1065 mm_request_send(pmonitor
->m_recvfd
, MONITOR_REQ_GSSUSEROK
, m
);
1066 mm_request_receive_expect(pmonitor
->m_recvfd
,
1067 MONITOR_ANS_GSSUSEROK
, m
);
1069 if ((r
= sshbuf_get_u32(m
, &authenticated
)) != 0)
1070 fatal_fr(r
, "parse");
1073 debug3_f("user %sauthenticated", authenticated
? "" : "not ");
1074 return (authenticated
);
1079 * Inform channels layer of permitopen options for a single forwarding
1080 * direction (local/remote).
1083 server_process_permitopen_list(struct ssh
*ssh
, int listen
,
1084 char **opens
, u_int num_opens
)
1088 char *host
, *arg
, *oarg
;
1089 int where
= listen
? FORWARD_REMOTE
: FORWARD_LOCAL
;
1090 const char *what
= listen
? "permitlisten" : "permitopen";
1092 channel_clear_permission(ssh
, FORWARD_ADM
, where
);
1094 return; /* permit any */
1096 /* handle keywords: "any" / "none" */
1097 if (num_opens
== 1 && strcmp(opens
[0], "any") == 0)
1099 if (num_opens
== 1 && strcmp(opens
[0], "none") == 0) {
1100 channel_disable_admin(ssh
, where
);
1103 /* Otherwise treat it as a list of permitted host:port */
1104 for (i
= 0; i
< num_opens
; i
++) {
1105 oarg
= arg
= xstrdup(opens
[i
]);
1106 host
= hpdelim(&arg
);
1108 fatal_f("missing host in %s", what
);
1109 host
= cleanhostname(host
);
1110 if (arg
== NULL
|| ((port
= permitopen_port(arg
)) < 0))
1111 fatal_f("bad port number in %s", what
);
1112 /* Send it to channels layer */
1113 channel_add_permission(ssh
, FORWARD_ADM
,
1120 * Inform channels layer of permitopen options from configuration.
1123 server_process_permitopen(struct ssh
*ssh
)
1125 server_process_permitopen_list(ssh
, 0,
1126 options
.permitted_opens
, options
.num_permitted_opens
);
1127 server_process_permitopen_list(ssh
, 1,
1128 options
.permitted_listens
, options
.num_permitted_listens
);
1132 server_process_channel_timeouts(struct ssh
*ssh
)
1137 debug3_f("setting %u timeouts", options
.num_channel_timeouts
);
1138 channel_clear_timeouts(ssh
);
1139 for (i
= 0; i
< options
.num_channel_timeouts
; i
++) {
1140 if (parse_pattern_interval(options
.channel_timeouts
[i
],
1141 &type
, &secs
) != 0) {
1142 fatal_f("internal error: bad timeout %s",
1143 options
.channel_timeouts
[i
]);
1145 channel_add_timeout(ssh
, type
, secs
);
1150 struct connection_info
*
1151 server_get_connection_info(struct ssh
*ssh
, int populate
, int use_dns
)
1153 static struct connection_info ci
;
1155 if (ssh
== NULL
|| !populate
)
1157 ci
.host
= use_dns
? ssh_remote_hostname(ssh
) : ssh_remote_ipaddr(ssh
);
1158 ci
.address
= ssh_remote_ipaddr(ssh
);
1159 ci
.laddress
= ssh_local_ipaddr(ssh
);
1160 ci
.lport
= ssh_local_port(ssh
);
1161 ci
.rdomain
= ssh_packet_rdomain_in(ssh
);