Blame - monitor_wrap.c - platform/external/openssh

blob: 552004902b2c511daec7083ddc0cc74e7de94a1d [file] [log] [blame]

djm@openbsd.org	9576726	2016-03-07 19:02:43 +0000	[diff] [blame]	1	/* $OpenBSD: monitor_wrap.c,v 1.88 2016/03/07 19:02:43 djm Exp $ */
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	2	/*
				3	* Copyright 2002 Niels Provos <provos@citi.umich.edu>
				4	* Copyright 2002 Markus Friedl <markus@openbsd.org>
				5	* All rights reserved.
				6	*
				7	* Redistribution and use in source and binary forms, with or without
				8	* modification, are permitted provided that the following conditions
				9	* are met:
				10	* 1. Redistributions of source code must retain the above copyright
				11	* notice, this list of conditions and the following disclaimer.
				12	* 2. Redistributions in binary form must reproduce the above copyright
				13	* notice, this list of conditions and the following disclaimer in the
				14	* documentation and/or other materials provided with the distribution.
				15	*
				16	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
				17	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
				18	* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
				19	* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
				20	* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
				21	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
				22	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
				23	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
				24	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
				25	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
				26	*/
				27
				28	#include "includes.h"
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	29
Damien Miller	9f2abc4	2006-07-10 20:53:08 +1000	[diff] [blame]	30	#include <sys/types.h>
Darren Tucker	1a3d6e7	2006-08-05 18:46:47 +1000	[diff] [blame]	31	#include <sys/uio.h>
Damien Miller	9f2abc4	2006-07-10 20:53:08 +1000	[diff] [blame]	32
Darren Tucker	3997249	2006-07-12 22:22:46 +1000	[diff] [blame]	33	#include <errno.h>
Damien Miller	9f2abc4	2006-07-10 20:53:08 +1000	[diff] [blame]	34	#include <pwd.h>
Damien Miller	d783435	2006-08-05 12:39:39 +1000	[diff] [blame]	35	#include <signal.h>
Damien Miller	ded319c	2006-09-01 15:38:36 +1000	[diff] [blame]	36	#include <stdarg.h>
Damien Miller	a7a73ee	2006-08-05 11:37:59 +1000	[diff] [blame]	37	#include <stdio.h>
Damien Miller	e3476ed	2006-07-24 14:13:33 +1000	[diff] [blame]	38	#include <string.h>
Darren Tucker	1a3d6e7	2006-08-05 18:46:47 +1000	[diff] [blame]	39	#include <unistd.h>
Damien Miller	9f2abc4	2006-07-10 20:53:08 +1000	[diff] [blame]	40
Damien Miller	1f0311c	2014-05-15 14:24:09 +1000	[diff] [blame]	41	#ifdef WITH_OPENSSL
Damien Miller	d783435	2006-08-05 12:39:39 +1000	[diff] [blame]	42	#include <openssl/bn.h>
				43	#include <openssl/dh.h>
Damien Miller	01ed227	2008-11-05 16:20:46 +1100	[diff] [blame]	44	#include <openssl/evp.h>
Damien Miller	1f0311c	2014-05-15 14:24:09 +1000	[diff] [blame]	45	#endif
Damien Miller	d783435	2006-08-05 12:39:39 +1000	[diff] [blame]	46
Damien Miller	b84886b	2008-05-19 15:05:07 +1000	[diff] [blame]	47	#include "openbsd-compat/sys-queue.h"
Damien Miller	d783435	2006-08-05 12:39:39 +1000	[diff] [blame]	48	#include "xmalloc.h"
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	49	#include "ssh.h"
Damien Miller	1f0311c	2014-05-15 14:24:09 +1000	[diff] [blame]	50	#ifdef WITH_OPENSSL
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	51	#include "dh.h"
Damien Miller	1f0311c	2014-05-15 14:24:09 +1000	[diff] [blame]	52	#endif
Damien Miller	d783435	2006-08-05 12:39:39 +1000	[diff] [blame]	53	#include "buffer.h"
				54	#include "key.h"
				55	#include "cipher.h"
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	56	#include "kex.h"
Damien Miller	d783435	2006-08-05 12:39:39 +1000	[diff] [blame]	57	#include "hostfile.h"
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	58	#include "auth.h"
Damien Miller	06ebedf	2003-02-24 12:03:38 +1100	[diff] [blame]	59	#include "auth-options.h"
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	60	#include "packet.h"
				61	#include "mac.h"
				62	#include "log.h"
Ben Lindstrom	036768e	2004-04-08 16:12:30 +0000	[diff] [blame]	63	#ifdef TARGET_OS_MAC /* XXX Broken krb5 headers on Mac */
				64	#undef TARGET_OS_MAC
Ben Lindstrom	1b9f2a6	2004-04-08 05:11:03 +0000	[diff] [blame]	65	#include "zlib.h"
Ben Lindstrom	036768e	2004-04-08 16:12:30 +0000	[diff] [blame]	66	#define TARGET_OS_MAC 1
				67	#else
				68	#include "zlib.h"
				69	#endif
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	70	#include "monitor.h"
Damien Miller	d783435	2006-08-05 12:39:39 +1000	[diff] [blame]	71	#ifdef GSSAPI
				72	#include "ssh-gss.h"
				73	#endif
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	74	#include "monitor_wrap.h"
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	75	#include "atomicio.h"
				76	#include "monitor_fdpass.h"
Damien Miller	3f94188	2006-03-31 23:13:02 +1100	[diff] [blame]	77	#include "misc.h"
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	78	#include "uuencode.h"
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	79
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	80	#include "channels.h"
				81	#include "session.h"
Darren Tucker	1629c07	2007-02-19 22:25:37 +1100	[diff] [blame]	82	#include "servconf.h"
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	83
markus@openbsd.org	091c302	2015-01-19 19:52:16 +0000	[diff] [blame]	84	#include "ssherr.h"
				85
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	86	/* Imports */
				87	extern int compat20;
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	88	extern z_stream incoming_stream;
				89	extern z_stream outgoing_stream;
Ben Lindstrom	7339b2a	2002-05-15 16:25:01 +0000	[diff] [blame]	90	extern struct monitor *pmonitor;
Darren Tucker	0999174	2004-07-17 17:05:14 +1000	[diff] [blame]	91	extern Buffer loginmsg;
Damien Miller	4e448a3	2003-05-14 15:11:48 +1000	[diff] [blame]	92	extern ServerOptions options;
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	93
Damien Miller	8f0bf23	2011-06-20 14:42:23 +1000	[diff] [blame]	94	void
				95	mm_log_handler(LogLevel level, const char msg, void ctx)
				96	{
				97	Buffer log_msg;
				98	struct monitor mon = (struct monitor )ctx;
				99
				100	if (mon->m_log_sendfd == -1)
				101	fatal("%s: no log channel", __func__);
				102
				103	buffer_init(&log_msg);
				104	/*
				105	* Placeholder for packet length. Will be filled in with the actual
				106	* packet length once the packet has been constucted. This saves
				107	* fragile math.
				108	*/
				109	buffer_put_int(&log_msg, 0);
				110
				111	buffer_put_int(&log_msg, level);
				112	buffer_put_cstring(&log_msg, msg);
				113	put_u32(buffer_ptr(&log_msg), buffer_len(&log_msg) - 4);
				114	if (atomicio(vwrite, mon->m_log_sendfd, buffer_ptr(&log_msg),
				115	buffer_len(&log_msg)) != buffer_len(&log_msg))
				116	fatal("%s: write: %s", __func__, strerror(errno));
				117	buffer_free(&log_msg);
				118	}
				119
Darren Tucker	3e33cec	2003-10-02 16:12:36 +1000	[diff] [blame]	120	int
				121	mm_is_monitor(void)
				122	{
				123	/*
				124	* m_pid is only set in the privileged part, and
				125	* points to the unprivileged child.
				126	*/
Darren Tucker	a47c9bc	2003-11-03 20:03:25 +1100	[diff] [blame]	127	return (pmonitor && pmonitor->m_pid > 0);
Darren Tucker	3e33cec	2003-10-02 16:12:36 +1000	[diff] [blame]	128	}
				129
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	130	void
Darren Tucker	3f9fdc7	2004-06-22 12:56:01 +1000	[diff] [blame]	131	mm_request_send(int sock, enum monitor_reqtype type, Buffer *m)
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	132	{
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	133	u_int mlen = buffer_len(m);
Ben Lindstrom	b1bdc5a	2002-07-04 00:09:26 +0000	[diff] [blame]	134	u_char buf[5];
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	135
Ben Lindstrom	7d9c38f	2002-06-06 21:40:51 +0000	[diff] [blame]	136	debug3("%s entering: type %d", __func__, type);
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	137
Damien Miller	3f94188	2006-03-31 23:13:02 +1100	[diff] [blame]	138	put_u32(buf, mlen + 1);
Ben Lindstrom	cb72e4f	2002-06-21 00:41:51 +0000	[diff] [blame]	139	buf[4] = (u_char) type; /* 1st byte of payload is mesg-type */
Darren Tucker	3f9fdc7	2004-06-22 12:56:01 +1000	[diff] [blame]	140	if (atomicio(vwrite, sock, buf, sizeof(buf)) != sizeof(buf))
Damien Miller	b253cc4	2005-05-26 12:23:44 +1000	[diff] [blame]	141	fatal("%s: write: %s", __func__, strerror(errno));
Darren Tucker	3f9fdc7	2004-06-22 12:56:01 +1000	[diff] [blame]	142	if (atomicio(vwrite, sock, buffer_ptr(m), mlen) != mlen)
Damien Miller	b253cc4	2005-05-26 12:23:44 +1000	[diff] [blame]	143	fatal("%s: write: %s", __func__, strerror(errno));
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	144	}
				145
				146	void
Darren Tucker	3f9fdc7	2004-06-22 12:56:01 +1000	[diff] [blame]	147	mm_request_receive(int sock, Buffer *m)
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	148	{
				149	u_char buf[4];
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	150	u_int msg_len;
				151
Ben Lindstrom	7d9c38f	2002-06-06 21:40:51 +0000	[diff] [blame]	152	debug3("%s entering", __func__);
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	153
Damien Miller	b253cc4	2005-05-26 12:23:44 +1000	[diff] [blame]	154	if (atomicio(read, sock, buf, sizeof(buf)) != sizeof(buf)) {
Damien Miller	4d24b3b	2015-03-20 09:11:59 +1100	[diff] [blame]	155	if (errno == EPIPE)
Darren Tucker	3e33cec	2003-10-02 16:12:36 +1000	[diff] [blame]	156	cleanup_exit(255);
Damien Miller	b253cc4	2005-05-26 12:23:44 +1000	[diff] [blame]	157	fatal("%s: read: %s", __func__, strerror(errno));
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	158	}
Damien Miller	3f94188	2006-03-31 23:13:02 +1100	[diff] [blame]	159	msg_len = get_u32(buf);
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	160	if (msg_len > 256 * 1024)
Ben Lindstrom	7d9c38f	2002-06-06 21:40:51 +0000	[diff] [blame]	161	fatal("%s: read: bad msg_len %d", __func__, msg_len);
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	162	buffer_clear(m);
				163	buffer_append_space(m, msg_len);
Damien Miller	b253cc4	2005-05-26 12:23:44 +1000	[diff] [blame]	164	if (atomicio(read, sock, buffer_ptr(m), msg_len) != msg_len)
				165	fatal("%s: read: %s", __func__, strerror(errno));
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	166	}
				167
				168	void
Darren Tucker	3f9fdc7	2004-06-22 12:56:01 +1000	[diff] [blame]	169	mm_request_receive_expect(int sock, enum monitor_reqtype type, Buffer *m)
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	170	{
				171	u_char rtype;
				172
Ben Lindstrom	7d9c38f	2002-06-06 21:40:51 +0000	[diff] [blame]	173	debug3("%s entering: type %d", __func__, type);
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	174
Darren Tucker	3f9fdc7	2004-06-22 12:56:01 +1000	[diff] [blame]	175	mm_request_receive(sock, m);
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	176	rtype = buffer_get_char(m);
				177	if (rtype != type)
Ben Lindstrom	7d9c38f	2002-06-06 21:40:51 +0000	[diff] [blame]	178	fatal("%s: read: rtype %d != type %d", __func__,
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	179	rtype, type);
				180	}
				181
Damien Miller	1f0311c	2014-05-15 14:24:09 +1000	[diff] [blame]	182	#ifdef WITH_OPENSSL
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	183	DH *
				184	mm_choose_dh(int min, int nbits, int max)
				185	{
				186	BIGNUM p, g;
				187	int success = 0;
				188	Buffer m;
				189
				190	buffer_init(&m);
				191	buffer_put_int(&m, min);
				192	buffer_put_int(&m, nbits);
				193	buffer_put_int(&m, max);
				194
Ben Lindstrom	7339b2a	2002-05-15 16:25:01 +0000	[diff] [blame]	195	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_MODULI, &m);
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	196
Ben Lindstrom	7d9c38f	2002-06-06 21:40:51 +0000	[diff] [blame]	197	debug3("%s: waiting for MONITOR_ANS_MODULI", __func__);
Ben Lindstrom	7339b2a	2002-05-15 16:25:01 +0000	[diff] [blame]	198	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_MODULI, &m);
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	199
				200	success = buffer_get_char(&m);
				201	if (success == 0)
Ben Lindstrom	7d9c38f	2002-06-06 21:40:51 +0000	[diff] [blame]	202	fatal("%s: MONITOR_ANS_MODULI failed", __func__);
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	203
				204	if ((p = BN_new()) == NULL)
Ben Lindstrom	7d9c38f	2002-06-06 21:40:51 +0000	[diff] [blame]	205	fatal("%s: BN_new failed", __func__);
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	206	if ((g = BN_new()) == NULL)
Ben Lindstrom	7d9c38f	2002-06-06 21:40:51 +0000	[diff] [blame]	207	fatal("%s: BN_new failed", __func__);
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	208	buffer_get_bignum2(&m, p);
				209	buffer_get_bignum2(&m, g);
				210
Ben Lindstrom	7d9c38f	2002-06-06 21:40:51 +0000	[diff] [blame]	211	debug3("%s: remaining %d", __func__, buffer_len(&m));
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	212	buffer_free(&m);
				213
				214	return (dh_new_group(g, p));
				215	}
Damien Miller	1f0311c	2014-05-15 14:24:09 +1000	[diff] [blame]	216	#endif
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	217
				218	int
djm@openbsd.org	523463a	2015-02-16 22:13:32 +0000	[diff] [blame]	219	mm_key_sign(Key key, u_char sigp, u_int lenp,
markus@openbsd.org	76c9fbb	2015-12-04 16:41:28 +0000	[diff] [blame]	220	const u_char data, u_int datalen, const char hostkey_alg)
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	221	{
markus@openbsd.org	57d10cb	2015-01-19 20:16:15 +0000	[diff] [blame]	222	struct kex kex = pmonitor->m_pkex;
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	223	Buffer m;
				224
Ben Lindstrom	7d9c38f	2002-06-06 21:40:51 +0000	[diff] [blame]	225	debug3("%s entering", __func__);
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	226
				227	buffer_init(&m);
djm@openbsd.org	523463a	2015-02-16 22:13:32 +0000	[diff] [blame]	228	buffer_put_int(&m, kex->host_key_index(key, 0, active_state));
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	229	buffer_put_string(&m, data, datalen);
markus@openbsd.org	76c9fbb	2015-12-04 16:41:28 +0000	[diff] [blame]	230	buffer_put_cstring(&m, hostkey_alg);
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	231
Ben Lindstrom	7339b2a	2002-05-15 16:25:01 +0000	[diff] [blame]	232	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SIGN, &m);
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	233
Ben Lindstrom	7d9c38f	2002-06-06 21:40:51 +0000	[diff] [blame]	234	debug3("%s: waiting for MONITOR_ANS_SIGN", __func__);
Ben Lindstrom	7339b2a	2002-05-15 16:25:01 +0000	[diff] [blame]	235	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_SIGN, &m);
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	236	*sigp = buffer_get_string(&m, lenp);
				237	buffer_free(&m);
				238
				239	return (0);
				240	}
				241
				242	struct passwd *
Darren Tucker	b09b677	2004-06-22 15:06:46 +1000	[diff] [blame]	243	mm_getpwnamallow(const char *username)
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	244	{
				245	Buffer m;
				246	struct passwd *pw;
Damien Miller	d8478b6	2011-05-29 21:39:36 +1000	[diff] [blame]	247	u_int len, i;
Darren Tucker	1629c07	2007-02-19 22:25:37 +1100	[diff] [blame]	248	ServerOptions *newopts;
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	249
Ben Lindstrom	7d9c38f	2002-06-06 21:40:51 +0000	[diff] [blame]	250	debug3("%s entering", __func__);
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	251
				252	buffer_init(&m);
Darren Tucker	b09b677	2004-06-22 15:06:46 +1000	[diff] [blame]	253	buffer_put_cstring(&m, username);
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	254
Ben Lindstrom	7339b2a	2002-05-15 16:25:01 +0000	[diff] [blame]	255	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PWNAM, &m);
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	256
Ben Lindstrom	7d9c38f	2002-06-06 21:40:51 +0000	[diff] [blame]	257	debug3("%s: waiting for MONITOR_ANS_PWNAM", __func__);
Ben Lindstrom	7339b2a	2002-05-15 16:25:01 +0000	[diff] [blame]	258	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PWNAM, &m);
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	259
				260	if (buffer_get_char(&m) == 0) {
Darren Tucker	2f8b3d9	2007-12-02 23:02:15 +1100	[diff] [blame]	261	pw = NULL;
				262	goto out;
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	263	}
Darren Tucker	1629c07	2007-02-19 22:25:37 +1100	[diff] [blame]	264	pw = buffer_get_string(&m, &len);
				265	if (len != sizeof(struct passwd))
Ben Lindstrom	7d9c38f	2002-06-06 21:40:51 +0000	[diff] [blame]	266	fatal("%s: struct passwd size mismatch", __func__);
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	267	pw->pw_name = buffer_get_string(&m, NULL);
				268	pw->pw_passwd = buffer_get_string(&m, NULL);
Damien Miller	6332da2	2013-04-23 14:25:52 +1000	[diff] [blame]	269	#ifdef HAVE_STRUCT_PASSWD_PW_GECOS
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	270	pw->pw_gecos = buffer_get_string(&m, NULL);
Damien Miller	6332da2	2013-04-23 14:25:52 +1000	[diff] [blame]	271	#endif
				272	#ifdef HAVE_STRUCT_PASSWD_PW_CLASS
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	273	pw->pw_class = buffer_get_string(&m, NULL);
Kevin Steves	7e14760	2002-03-22 18:07:17 +0000	[diff] [blame]	274	#endif
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	275	pw->pw_dir = buffer_get_string(&m, NULL);
				276	pw->pw_shell = buffer_get_string(&m, NULL);
Darren Tucker	1629c07	2007-02-19 22:25:37 +1100	[diff] [blame]	277
Darren Tucker	2f8b3d9	2007-12-02 23:02:15 +1100	[diff] [blame]	278	out:
Darren Tucker	1629c07	2007-02-19 22:25:37 +1100	[diff] [blame]	279	/* copy options block as a Match directive may have changed some */
				280	newopts = buffer_get_string(&m, &len);
				281	if (len != sizeof(*newopts))
				282	fatal("%s: option block size mismatch", __func__);
Damien Miller	f2e407e	2011-05-20 19:04:14 +1000	[diff] [blame]	283
				284	#define M_CP_STROPT(x) do { \
				285	if (newopts->x != NULL) \
				286	newopts->x = buffer_get_string(&m, NULL); \
				287	} while (0)
Damien Miller	d8478b6	2011-05-29 21:39:36 +1000	[diff] [blame]	288	#define M_CP_STRARRAYOPT(x, nx) do { \
				289	for (i = 0; i < newopts->nx; i++) \
				290	newopts->x[i] = buffer_get_string(&m, NULL); \
				291	} while (0)
Damien Miller	f2e407e	2011-05-20 19:04:14 +1000	[diff] [blame]	292	/* See comment in servconf.h */
				293	COPY_MATCH_STRING_OPTS();
				294	#undef M_CP_STROPT
Damien Miller	d8478b6	2011-05-29 21:39:36 +1000	[diff] [blame]	295	#undef M_CP_STRARRAYOPT
Damien Miller	f2e407e	2011-05-20 19:04:14 +1000	[diff] [blame]	296
Darren Tucker	1629c07	2007-02-19 22:25:37 +1100	[diff] [blame]	297	copy_set_server_options(&options, newopts, 1);
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	298	free(newopts);
Darren Tucker	1629c07	2007-02-19 22:25:37 +1100	[diff] [blame]	299
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	300	buffer_free(&m);
				301
				302	return (pw);
				303	}
				304
Darren Tucker	7eb3de0	2003-10-15 15:56:58 +1000	[diff] [blame]	305	char *
				306	mm_auth2_read_banner(void)
Damien Miller	5ad9fd9	2002-05-13 11:07:41 +1000	[diff] [blame]	307	{
				308	Buffer m;
				309	char *banner;
				310
Ben Lindstrom	7d9c38f	2002-06-06 21:40:51 +0000	[diff] [blame]	311	debug3("%s entering", __func__);
Damien Miller	5ad9fd9	2002-05-13 11:07:41 +1000	[diff] [blame]	312
				313	buffer_init(&m);
Ben Lindstrom	7339b2a	2002-05-15 16:25:01 +0000	[diff] [blame]	314	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTH2_READ_BANNER, &m);
Damien Miller	5ad9fd9	2002-05-13 11:07:41 +1000	[diff] [blame]	315	buffer_clear(&m);
				316
Darren Tucker	7eb3de0	2003-10-15 15:56:58 +1000	[diff] [blame]	317	mm_request_receive_expect(pmonitor->m_recvfd,
				318	MONITOR_ANS_AUTH2_READ_BANNER, &m);
Damien Miller	5ad9fd9	2002-05-13 11:07:41 +1000	[diff] [blame]	319	banner = buffer_get_string(&m, NULL);
				320	buffer_free(&m);
Ben Lindstrom	cb72e4f	2002-06-21 00:41:51 +0000	[diff] [blame]	321
Darren Tucker	7eb3de0	2003-10-15 15:56:58 +1000	[diff] [blame]	322	/* treat empty banner as missing banner */
				323	if (strlen(banner) == 0) {
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	324	free(banner);
Darren Tucker	7eb3de0	2003-10-15 15:56:58 +1000	[diff] [blame]	325	banner = NULL;
				326	}
Damien Miller	5ad9fd9	2002-05-13 11:07:41 +1000	[diff] [blame]	327	return (banner);
				328	}
				329
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	330	/* Inform the privileged process about service and style */
				331
				332	void
				333	mm_inform_authserv(char service, char style)
				334	{
				335	Buffer m;
				336
Ben Lindstrom	7d9c38f	2002-06-06 21:40:51 +0000	[diff] [blame]	337	debug3("%s entering", __func__);
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	338
				339	buffer_init(&m);
				340	buffer_put_cstring(&m, service);
				341	buffer_put_cstring(&m, style ? style : "");
				342
Ben Lindstrom	7339b2a	2002-05-15 16:25:01 +0000	[diff] [blame]	343	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHSERV, &m);
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	344
				345	buffer_free(&m);
				346	}
				347
				348	/* Do the password authentication */
				349	int
				350	mm_auth_password(Authctxt authctxt, char password)
				351	{
				352	Buffer m;
				353	int authenticated = 0;
				354
Ben Lindstrom	7d9c38f	2002-06-06 21:40:51 +0000	[diff] [blame]	355	debug3("%s entering", __func__);
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	356
				357	buffer_init(&m);
				358	buffer_put_cstring(&m, password);
Ben Lindstrom	7339b2a	2002-05-15 16:25:01 +0000	[diff] [blame]	359	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHPASSWORD, &m);
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	360
Ben Lindstrom	7d9c38f	2002-06-06 21:40:51 +0000	[diff] [blame]	361	debug3("%s: waiting for MONITOR_ANS_AUTHPASSWORD", __func__);
Ben Lindstrom	7339b2a	2002-05-15 16:25:01 +0000	[diff] [blame]	362	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUTHPASSWORD, &m);
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	363
				364	authenticated = buffer_get_int(&m);
				365
				366	buffer_free(&m);
				367
				368	debug3("%s: user %sauthenticated",
Ben Lindstrom	7d9c38f	2002-06-06 21:40:51 +0000	[diff] [blame]	369	__func__, authenticated ? "" : "not ");
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	370	return (authenticated);
				371	}
				372
				373	int
djm@openbsd.org	179be0f	2015-05-01 03:23:51 +0000	[diff] [blame]	374	mm_user_key_allowed(struct passwd pw, Key key, int pubkey_auth_attempt)
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	375	{
djm@openbsd.org	179be0f	2015-05-01 03:23:51 +0000	[diff] [blame]	376	return (mm_key_allowed(MM_USERKEY, NULL, NULL, key,
				377	pubkey_auth_attempt));
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	378	}
				379
				380	int
djm@openbsd.org	9576726	2016-03-07 19:02:43 +0000	[diff] [blame]	381	mm_hostbased_key_allowed(struct passwd pw, const char user, const char *host,
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	382	Key *key)
				383	{
djm@openbsd.org	179be0f	2015-05-01 03:23:51 +0000	[diff] [blame]	384	return (mm_key_allowed(MM_HOSTKEY, user, host, key, 0));
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	385	}
				386
				387	int
djm@openbsd.org	9576726	2016-03-07 19:02:43 +0000	[diff] [blame]	388	mm_auth_rhosts_rsa_key_allowed(struct passwd pw, const char user,
				389	const char host, Key key)
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	390	{
				391	int ret;
				392
				393	key->type = KEY_RSA; /* XXX hack for key_to_blob */
djm@openbsd.org	179be0f	2015-05-01 03:23:51 +0000	[diff] [blame]	394	ret = mm_key_allowed(MM_RSAHOSTKEY, user, host, key, 0);
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	395	key->type = KEY_RSA1;
				396	return (ret);
				397	}
				398
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	399	int
djm@openbsd.org	9576726	2016-03-07 19:02:43 +0000	[diff] [blame]	400	mm_key_allowed(enum mm_keytype type, const char user, const char host,
				401	Key *key, int pubkey_auth_attempt)
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	402	{
				403	Buffer m;
				404	u_char *blob;
				405	u_int len;
Damien Miller	06ebedf	2003-02-24 12:03:38 +1100	[diff] [blame]	406	int allowed = 0, have_forced = 0;
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	407
Ben Lindstrom	7d9c38f	2002-06-06 21:40:51 +0000	[diff] [blame]	408	debug3("%s entering", __func__);
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	409
				410	/* Convert the key to a blob and the pass it over */
				411	if (!key_to_blob(key, &blob, &len))
				412	return (0);
				413
				414	buffer_init(&m);
				415	buffer_put_int(&m, type);
				416	buffer_put_cstring(&m, user ? user : "");
				417	buffer_put_cstring(&m, host ? host : "");
				418	buffer_put_string(&m, blob, len);
djm@openbsd.org	179be0f	2015-05-01 03:23:51 +0000	[diff] [blame]	419	buffer_put_int(&m, pubkey_auth_attempt);
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	420	free(blob);
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	421
Ben Lindstrom	7339b2a	2002-05-15 16:25:01 +0000	[diff] [blame]	422	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYALLOWED, &m);
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	423
Ben Lindstrom	7d9c38f	2002-06-06 21:40:51 +0000	[diff] [blame]	424	debug3("%s: waiting for MONITOR_ANS_KEYALLOWED", __func__);
Ben Lindstrom	7339b2a	2002-05-15 16:25:01 +0000	[diff] [blame]	425	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_KEYALLOWED, &m);
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	426
				427	allowed = buffer_get_int(&m);
				428
Damien Miller	06ebedf	2003-02-24 12:03:38 +1100	[diff] [blame]	429	/* fake forced command */
				430	auth_clear_options();
				431	have_forced = buffer_get_int(&m);
				432	forced_command = have_forced ? xstrdup("true") : NULL;
				433
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	434	buffer_free(&m);
				435
				436	return (allowed);
				437	}
				438
				439	/*
				440	* This key verify needs to send the key type along, because the
				441	* privileged parent makes the decision if the key is allowed
				442	* for authentication.
				443	*/
				444
				445	int
				446	mm_key_verify(Key key, u_char sig, u_int siglen, u_char *data, u_int datalen)
				447	{
				448	Buffer m;
				449	u_char *blob;
				450	u_int len;
				451	int verified = 0;
				452
Ben Lindstrom	7d9c38f	2002-06-06 21:40:51 +0000	[diff] [blame]	453	debug3("%s entering", __func__);
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	454
				455	/* Convert the key to a blob and the pass it over */
				456	if (!key_to_blob(key, &blob, &len))
				457	return (0);
				458
				459	buffer_init(&m);
				460	buffer_put_string(&m, blob, len);
				461	buffer_put_string(&m, sig, siglen);
				462	buffer_put_string(&m, data, datalen);
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	463	free(blob);
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	464
Ben Lindstrom	7339b2a	2002-05-15 16:25:01 +0000	[diff] [blame]	465	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYVERIFY, &m);
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	466
Ben Lindstrom	7d9c38f	2002-06-06 21:40:51 +0000	[diff] [blame]	467	debug3("%s: waiting for MONITOR_ANS_KEYVERIFY", __func__);
Ben Lindstrom	7339b2a	2002-05-15 16:25:01 +0000	[diff] [blame]	468	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_KEYVERIFY, &m);
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	469
				470	verified = buffer_get_int(&m);
				471
				472	buffer_free(&m);
				473
				474	return (verified);
				475	}
				476
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	477	void
Darren Tucker	3f9fdc7	2004-06-22 12:56:01 +1000	[diff] [blame]	478	mm_send_keystate(struct monitor *monitor)
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	479	{
markus@openbsd.org	091c302	2015-01-19 19:52:16 +0000	[diff] [blame]	480	struct ssh ssh = active_state; / XXX */
				481	struct sshbuf *m;
				482	int r;
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	483
markus@openbsd.org	091c302	2015-01-19 19:52:16 +0000	[diff] [blame]	484	if ((m = sshbuf_new()) == NULL)
				485	fatal("%s: sshbuf_new failed", __func__);
				486	if ((r = ssh_packet_get_state(ssh, m)) != 0)
				487	fatal("%s: get_state failed: %s",
				488	__func__, ssh_err(r));
				489	mm_request_send(monitor->m_recvfd, MONITOR_REQ_KEYEXPORT, m);
Ben Lindstrom	7d9c38f	2002-06-06 21:40:51 +0000	[diff] [blame]	490	debug3("%s: Finished sending state", __func__);
markus@openbsd.org	091c302	2015-01-19 19:52:16 +0000	[diff] [blame]	491	sshbuf_free(m);
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	492	}
				493
				494	int
Damien Miller	71a7367	2006-03-26 14:04:36 +1100	[diff] [blame]	495	mm_pty_allocate(int ptyfd, int ttyfd, char *namebuf, size_t namebuflen)
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	496	{
				497	Buffer m;
Darren Tucker	0999174	2004-07-17 17:05:14 +1000	[diff] [blame]	498	char p, msg;
Damien Miller	7207f64	2008-05-19 15:34:50 +1000	[diff] [blame]	499	int success = 0, tmp1 = -1, tmp2 = -1;
				500
				501	/* Kludge: ensure there are fds free to receive the pty/tty */
				502	if ((tmp1 = dup(pmonitor->m_recvfd)) == -1 \|\|
				503	(tmp2 = dup(pmonitor->m_recvfd)) == -1) {
				504	error("%s: cannot allocate fds for pty", __func__);
				505	if (tmp1 > 0)
				506	close(tmp1);
				507	if (tmp2 > 0)
				508	close(tmp2);
				509	return 0;
				510	}
				511	close(tmp1);
				512	close(tmp2);
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	513
				514	buffer_init(&m);
Ben Lindstrom	7339b2a	2002-05-15 16:25:01 +0000	[diff] [blame]	515	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PTY, &m);
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	516
Ben Lindstrom	7d9c38f	2002-06-06 21:40:51 +0000	[diff] [blame]	517	debug3("%s: waiting for MONITOR_ANS_PTY", __func__);
Ben Lindstrom	7339b2a	2002-05-15 16:25:01 +0000	[diff] [blame]	518	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PTY, &m);
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	519
				520	success = buffer_get_int(&m);
				521	if (success == 0) {
Ben Lindstrom	7d9c38f	2002-06-06 21:40:51 +0000	[diff] [blame]	522	debug3("%s: pty alloc failed", __func__);
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	523	buffer_free(&m);
				524	return (0);
				525	}
				526	p = buffer_get_string(&m, NULL);
Darren Tucker	0999174	2004-07-17 17:05:14 +1000	[diff] [blame]	527	msg = buffer_get_string(&m, NULL);
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	528	buffer_free(&m);
				529
				530	strlcpy(namebuf, p, namebuflen); /* Possible truncation */
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	531	free(p);
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	532
Darren Tucker	0999174	2004-07-17 17:05:14 +1000	[diff] [blame]	533	buffer_append(&loginmsg, msg, strlen(msg));
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	534	free(msg);
Darren Tucker	0999174	2004-07-17 17:05:14 +1000	[diff] [blame]	535
Damien Miller	54fd7cf	2007-09-17 12:04:08 +1000	[diff] [blame]	536	if ((*ptyfd = mm_receive_fd(pmonitor->m_recvfd)) == -1 \|\|
				537	(*ttyfd = mm_receive_fd(pmonitor->m_recvfd)) == -1)
				538	fatal("%s: receive fds failed", __func__);
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	539
				540	/* Success */
				541	return (1);
				542	}
				543
				544	void
Darren Tucker	3e33cec	2003-10-02 16:12:36 +1000	[diff] [blame]	545	mm_session_pty_cleanup2(Session *s)
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	546	{
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	547	Buffer m;
				548
				549	if (s->ttyfd == -1)
				550	return;
				551	buffer_init(&m);
				552	buffer_put_cstring(&m, s->tty);
Ben Lindstrom	7339b2a	2002-05-15 16:25:01 +0000	[diff] [blame]	553	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PTYCLEANUP, &m);
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	554	buffer_free(&m);
				555
				556	/* closed dup'ed master */
Damien Miller	7207f64	2008-05-19 15:34:50 +1000	[diff] [blame]	557	if (s->ptymaster != -1 && close(s->ptymaster) < 0)
				558	error("close(s->ptymaster/%d): %s",
				559	s->ptymaster, strerror(errno));
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	560
				561	/* unlink pty from session */
				562	s->ttyfd = -1;
				563	}
				564
Damien Miller	7941855	2002-04-23 20:28:48 +1000	[diff] [blame]	565	#ifdef USE_PAM
				566	void
Darren Tucker	dbf7a74	2004-03-08 23:04:06 +1100	[diff] [blame]	567	mm_start_pam(Authctxt *authctxt)
Damien Miller	7941855	2002-04-23 20:28:48 +1000	[diff] [blame]	568	{
				569	Buffer m;
				570
Ben Lindstrom	7d9c38f	2002-06-06 21:40:51 +0000	[diff] [blame]	571	debug3("%s entering", __func__);
Damien Miller	4e448a3	2003-05-14 15:11:48 +1000	[diff] [blame]	572	if (!options.use_pam)
				573	fatal("UsePAM=no, but ended up in %s anyway", __func__);
Damien Miller	7941855	2002-04-23 20:28:48 +1000	[diff] [blame]	574
				575	buffer_init(&m);
Ben Lindstrom	7339b2a	2002-05-15 16:25:01 +0000	[diff] [blame]	576	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_START, &m);
Damien Miller	7941855	2002-04-23 20:28:48 +1000	[diff] [blame]	577
				578	buffer_free(&m);
				579	}
Damien Miller	4f9f42a	2003-05-10 19:28:02 +1000	[diff] [blame]	580
Damien Miller	1f499fd	2003-08-25 13:08:49 +1000	[diff] [blame]	581	u_int
				582	mm_do_pam_account(void)
				583	{
				584	Buffer m;
				585	u_int ret;
Darren Tucker	77fc29e	2004-09-11 23:07:03 +1000	[diff] [blame]	586	char *msg;
Damien Miller	1f499fd	2003-08-25 13:08:49 +1000	[diff] [blame]	587
				588	debug3("%s entering", __func__);
				589	if (!options.use_pam)
				590	fatal("UsePAM=no, but ended up in %s anyway", __func__);
				591
				592	buffer_init(&m);
				593	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_ACCOUNT, &m);
				594
Damien Miller	a8e06ce	2003-11-21 23:48:55 +1100	[diff] [blame]	595	mm_request_receive_expect(pmonitor->m_recvfd,
Damien Miller	1f499fd	2003-08-25 13:08:49 +1000	[diff] [blame]	596	MONITOR_ANS_PAM_ACCOUNT, &m);
				597	ret = buffer_get_int(&m);
Darren Tucker	77fc29e	2004-09-11 23:07:03 +1000	[diff] [blame]	598	msg = buffer_get_string(&m, NULL);
				599	buffer_append(&loginmsg, msg, strlen(msg));
Darren Tucker	f60845f	2013-06-02 08:07:31 +1000	[diff] [blame]	600	free(msg);
Damien Miller	1f499fd	2003-08-25 13:08:49 +1000	[diff] [blame]	601
				602	buffer_free(&m);
Damien Miller	787b2ec	2003-11-21 23:56:47 +1100	[diff] [blame]	603
Damien Miller	1f499fd	2003-08-25 13:08:49 +1000	[diff] [blame]	604	debug3("%s returning %d", __func__, ret);
				605
				606	return (ret);
				607	}
				608
Damien Miller	4f9f42a	2003-05-10 19:28:02 +1000	[diff] [blame]	609	void *
				610	mm_sshpam_init_ctx(Authctxt *authctxt)
				611	{
				612	Buffer m;
				613	int success;
				614
				615	debug3("%s", __func__);
				616	buffer_init(&m);
Damien Miller	4f9f42a	2003-05-10 19:28:02 +1000	[diff] [blame]	617	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_INIT_CTX, &m);
				618	debug3("%s: waiting for MONITOR_ANS_PAM_INIT_CTX", __func__);
				619	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_INIT_CTX, &m);
				620	success = buffer_get_int(&m);
				621	if (success == 0) {
				622	debug3("%s: pam_init_ctx failed", __func__);
				623	buffer_free(&m);
				624	return (NULL);
				625	}
				626	buffer_free(&m);
				627	return (authctxt);
				628	}
				629
				630	int
				631	mm_sshpam_query(void ctx, char name, char *info,
				632	u_int num, char prompts, u_int echo_on)
				633	{
				634	Buffer m;
Damien Miller	04b6533	2005-07-17 17:53:31 +1000	[diff] [blame]	635	u_int i;
				636	int ret;
Damien Miller	4f9f42a	2003-05-10 19:28:02 +1000	[diff] [blame]	637
				638	debug3("%s", __func__);
				639	buffer_init(&m);
				640	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_QUERY, &m);
				641	debug3("%s: waiting for MONITOR_ANS_PAM_QUERY", __func__);
				642	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_QUERY, &m);
				643	ret = buffer_get_int(&m);
				644	debug3("%s: pam_query returned %d", __func__, ret);
				645	*name = buffer_get_string(&m, NULL);
				646	*info = buffer_get_string(&m, NULL);
				647	*num = buffer_get_int(&m);
Darren Tucker	d8093e4	2006-05-04 16:24:34 +1000	[diff] [blame]	648	if (*num > PAM_MAX_NUM_MSG)
				649	fatal("%s: recieved %u PAM messages, expected <= %u",
				650	__func__, *num, PAM_MAX_NUM_MSG);
				651	prompts = xcalloc((num + 1), sizeof(char *));
				652	echo_on = xcalloc((num + 1), sizeof(u_int));
Damien Miller	4f9f42a	2003-05-10 19:28:02 +1000	[diff] [blame]	653	for (i = 0; i < *num; ++i) {
				654	(*prompts)[i] = buffer_get_string(&m, NULL);
				655	(*echo_on)[i] = buffer_get_int(&m);
				656	}
				657	buffer_free(&m);
				658	return (ret);
				659	}
				660
				661	int
				662	mm_sshpam_respond(void ctx, u_int num, char *resp)
				663	{
				664	Buffer m;
Damien Miller	04b6533	2005-07-17 17:53:31 +1000	[diff] [blame]	665	u_int i;
				666	int ret;
Damien Miller	4f9f42a	2003-05-10 19:28:02 +1000	[diff] [blame]	667
				668	debug3("%s", __func__);
				669	buffer_init(&m);
				670	buffer_put_int(&m, num);
				671	for (i = 0; i < num; ++i)
				672	buffer_put_cstring(&m, resp[i]);
				673	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_RESPOND, &m);
				674	debug3("%s: waiting for MONITOR_ANS_PAM_RESPOND", __func__);
				675	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_RESPOND, &m);
				676	ret = buffer_get_int(&m);
				677	debug3("%s: pam_respond returned %d", __func__, ret);
				678	buffer_free(&m);
				679	return (ret);
				680	}
				681
				682	void
				683	mm_sshpam_free_ctx(void *ctxtp)
				684	{
				685	Buffer m;
				686
				687	debug3("%s", __func__);
				688	buffer_init(&m);
				689	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_FREE_CTX, &m);
				690	debug3("%s: waiting for MONITOR_ANS_PAM_FREE_CTX", __func__);
				691	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_FREE_CTX, &m);
				692	buffer_free(&m);
				693	}
Damien Miller	7941855	2002-04-23 20:28:48 +1000	[diff] [blame]	694	#endif /* USE_PAM */
				695
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	696	/* Request process termination */
				697
				698	void
				699	mm_terminate(void)
				700	{
				701	Buffer m;
				702
				703	buffer_init(&m);
Ben Lindstrom	7339b2a	2002-05-15 16:25:01 +0000	[diff] [blame]	704	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_TERM, &m);
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	705	buffer_free(&m);
				706	}
				707
Damien Miller	1f0311c	2014-05-15 14:24:09 +1000	[diff] [blame]	708	#ifdef WITH_SSH1
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	709	int
				710	mm_ssh1_session_key(BIGNUM *num)
				711	{
				712	int rsafail;
				713	Buffer m;
				714
				715	buffer_init(&m);
				716	buffer_put_bignum2(&m, num);
Ben Lindstrom	7339b2a	2002-05-15 16:25:01 +0000	[diff] [blame]	717	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SESSKEY, &m);
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	718
Ben Lindstrom	7339b2a	2002-05-15 16:25:01 +0000	[diff] [blame]	719	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_SESSKEY, &m);
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	720
				721	rsafail = buffer_get_int(&m);
				722	buffer_get_bignum2(&m, num);
				723
				724	buffer_free(&m);
				725
				726	return (rsafail);
				727	}
Damien Miller	1f0311c	2014-05-15 14:24:09 +1000	[diff] [blame]	728	#endif
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	729
				730	static void
				731	mm_chall_setup(char name, char infotxt, u_int *numprompts,
				732	char *prompts, u_int echo_on)
				733	{
Ben Lindstrom	cb72e4f	2002-06-21 00:41:51 +0000	[diff] [blame]	734	*name = xstrdup("");
				735	*infotxt = xstrdup("");
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	736	*numprompts = 1;
Damien Miller	07d86be	2006-03-26 14:19:21 +1100	[diff] [blame]	737	prompts = xcalloc(numprompts, sizeof(char *));
				738	echo_on = xcalloc(numprompts, sizeof(u_int));
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	739	(*echo_on)[0] = 0;
				740	}
				741
				742	int
				743	mm_bsdauth_query(void ctx, char name, char *infotxt,
				744	u_int numprompts, char prompts, u_int echo_on)
				745	{
				746	Buffer m;
Damien Miller	b7df3af	2003-02-24 11:55:46 +1100	[diff] [blame]	747	u_int success;
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	748	char *challenge;
				749
Ben Lindstrom	7d9c38f	2002-06-06 21:40:51 +0000	[diff] [blame]	750	debug3("%s: entering", __func__);
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	751
				752	buffer_init(&m);
Ben Lindstrom	7339b2a	2002-05-15 16:25:01 +0000	[diff] [blame]	753	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_BSDAUTHQUERY, &m);
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	754
Ben Lindstrom	7339b2a	2002-05-15 16:25:01 +0000	[diff] [blame]	755	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_BSDAUTHQUERY,
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	756	&m);
Damien Miller	b7df3af	2003-02-24 11:55:46 +1100	[diff] [blame]	757	success = buffer_get_int(&m);
				758	if (success == 0) {
Ben Lindstrom	7d9c38f	2002-06-06 21:40:51 +0000	[diff] [blame]	759	debug3("%s: no challenge", __func__);
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	760	buffer_free(&m);
				761	return (-1);
				762	}
				763
				764	/* Get the challenge, and format the response */
				765	challenge = buffer_get_string(&m, NULL);
				766	buffer_free(&m);
				767
				768	mm_chall_setup(name, infotxt, numprompts, prompts, echo_on);
				769	(*prompts)[0] = challenge;
				770
Ben Lindstrom	7d9c38f	2002-06-06 21:40:51 +0000	[diff] [blame]	771	debug3("%s: received challenge: %s", __func__, challenge);
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	772
				773	return (0);
				774	}
				775
				776	int
				777	mm_bsdauth_respond(void ctx, u_int numresponses, char *responses)
				778	{
				779	Buffer m;
				780	int authok;
				781
Ben Lindstrom	7d9c38f	2002-06-06 21:40:51 +0000	[diff] [blame]	782	debug3("%s: entering", __func__);
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	783	if (numresponses != 1)
				784	return (-1);
				785
				786	buffer_init(&m);
				787	buffer_put_cstring(&m, responses[0]);
Ben Lindstrom	7339b2a	2002-05-15 16:25:01 +0000	[diff] [blame]	788	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_BSDAUTHRESPOND, &m);
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	789
Ben Lindstrom	7339b2a	2002-05-15 16:25:01 +0000	[diff] [blame]	790	mm_request_receive_expect(pmonitor->m_recvfd,
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	791	MONITOR_ANS_BSDAUTHRESPOND, &m);
				792
				793	authok = buffer_get_int(&m);
				794	buffer_free(&m);
				795
				796	return ((authok == 0) ? -1 : 0);
				797	}
				798
Darren Tucker	042e2e8	2004-07-08 23:09:42 +1000	[diff] [blame]	799	#ifdef SKEY
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	800	int
				801	mm_skey_query(void ctx, char name, char *infotxt,
				802	u_int numprompts, char prompts, u_int echo_on)
				803	{
				804	Buffer m;
Damien Miller	b7df3af	2003-02-24 11:55:46 +1100	[diff] [blame]	805	u_int success;
Darren Tucker	d6a23f2	2006-08-05 18:50:35 +1000	[diff] [blame]	806	char *challenge;
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	807
Ben Lindstrom	7d9c38f	2002-06-06 21:40:51 +0000	[diff] [blame]	808	debug3("%s: entering", __func__);
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	809
				810	buffer_init(&m);
Ben Lindstrom	7339b2a	2002-05-15 16:25:01 +0000	[diff] [blame]	811	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SKEYQUERY, &m);
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	812
Ben Lindstrom	7339b2a	2002-05-15 16:25:01 +0000	[diff] [blame]	813	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_SKEYQUERY,
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	814	&m);
Damien Miller	b7df3af	2003-02-24 11:55:46 +1100	[diff] [blame]	815	success = buffer_get_int(&m);
				816	if (success == 0) {
Ben Lindstrom	7d9c38f	2002-06-06 21:40:51 +0000	[diff] [blame]	817	debug3("%s: no challenge", __func__);
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	818	buffer_free(&m);
				819	return (-1);
				820	}
				821
				822	/* Get the challenge, and format the response */
				823	challenge = buffer_get_string(&m, NULL);
				824	buffer_free(&m);
				825
Ben Lindstrom	7d9c38f	2002-06-06 21:40:51 +0000	[diff] [blame]	826	debug3("%s: received challenge: %s", __func__, challenge);
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	827
				828	mm_chall_setup(name, infotxt, numprompts, prompts, echo_on);
				829
Damien Miller	07d86be	2006-03-26 14:19:21 +1100	[diff] [blame]	830	xasprintf(*prompts, "%s%s", challenge, SKEY_PROMPT);
Darren Tucker	f60845f	2013-06-02 08:07:31 +1000	[diff] [blame]	831	free(challenge);
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	832
				833	return (0);
				834	}
				835
				836	int
				837	mm_skey_respond(void ctx, u_int numresponses, char *responses)
				838	{
				839	Buffer m;
				840	int authok;
				841
Ben Lindstrom	7d9c38f	2002-06-06 21:40:51 +0000	[diff] [blame]	842	debug3("%s: entering", __func__);
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	843	if (numresponses != 1)
				844	return (-1);
				845
				846	buffer_init(&m);
				847	buffer_put_cstring(&m, responses[0]);
Ben Lindstrom	7339b2a	2002-05-15 16:25:01 +0000	[diff] [blame]	848	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SKEYRESPOND, &m);
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	849
Ben Lindstrom	7339b2a	2002-05-15 16:25:01 +0000	[diff] [blame]	850	mm_request_receive_expect(pmonitor->m_recvfd,
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	851	MONITOR_ANS_SKEYRESPOND, &m);
				852
				853	authok = buffer_get_int(&m);
				854	buffer_free(&m);
				855
				856	return ((authok == 0) ? -1 : 0);
				857	}
Darren Tucker	042e2e8	2004-07-08 23:09:42 +1000	[diff] [blame]	858	#endif /* SKEY */
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	859
				860	void
				861	mm_ssh1_session_id(u_char session_id[16])
				862	{
				863	Buffer m;
				864	int i;
				865
Ben Lindstrom	7d9c38f	2002-06-06 21:40:51 +0000	[diff] [blame]	866	debug3("%s entering", __func__);
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	867
				868	buffer_init(&m);
				869	for (i = 0; i < 16; i++)
				870	buffer_put_char(&m, session_id[i]);
				871
Ben Lindstrom	7339b2a	2002-05-15 16:25:01 +0000	[diff] [blame]	872	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SESSID, &m);
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	873	buffer_free(&m);
				874	}
				875
Damien Miller	1f0311c	2014-05-15 14:24:09 +1000	[diff] [blame]	876	#ifdef WITH_SSH1
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	877	int
				878	mm_auth_rsa_key_allowed(struct passwd pw, BIGNUM client_n, Key **rkey)
				879	{
				880	Buffer m;
				881	Key *key;
				882	u_char *blob;
				883	u_int blen;
Damien Miller	06ebedf	2003-02-24 12:03:38 +1100	[diff] [blame]	884	int allowed = 0, have_forced = 0;
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	885
Ben Lindstrom	7d9c38f	2002-06-06 21:40:51 +0000	[diff] [blame]	886	debug3("%s entering", __func__);
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	887
				888	buffer_init(&m);
				889	buffer_put_bignum2(&m, client_n);
				890
Ben Lindstrom	7339b2a	2002-05-15 16:25:01 +0000	[diff] [blame]	891	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_RSAKEYALLOWED, &m);
				892	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_RSAKEYALLOWED, &m);
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	893
				894	allowed = buffer_get_int(&m);
				895
Damien Miller	06ebedf	2003-02-24 12:03:38 +1100	[diff] [blame]	896	/* fake forced command */
				897	auth_clear_options();
				898	have_forced = buffer_get_int(&m);
				899	forced_command = have_forced ? xstrdup("true") : NULL;
				900
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	901	if (allowed && rkey != NULL) {
				902	blob = buffer_get_string(&m, &blen);
				903	if ((key = key_from_blob(blob, blen)) == NULL)
Ben Lindstrom	7d9c38f	2002-06-06 21:40:51 +0000	[diff] [blame]	904	fatal("%s: key_from_blob failed", __func__);
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	905	*rkey = key;
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	906	free(blob);
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	907	}
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	908	buffer_free(&m);
				909
				910	return (allowed);
				911	}
				912
				913	BIGNUM *
				914	mm_auth_rsa_generate_challenge(Key *key)
				915	{
				916	Buffer m;
				917	BIGNUM *challenge;
				918	u_char *blob;
				919	u_int blen;
				920
Ben Lindstrom	7d9c38f	2002-06-06 21:40:51 +0000	[diff] [blame]	921	debug3("%s entering", __func__);
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	922
				923	if ((challenge = BN_new()) == NULL)
Ben Lindstrom	7d9c38f	2002-06-06 21:40:51 +0000	[diff] [blame]	924	fatal("%s: BN_new failed", __func__);
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	925
				926	key->type = KEY_RSA; /* XXX cheat for key_to_blob */
				927	if (key_to_blob(key, &blob, &blen) == 0)
Ben Lindstrom	7d9c38f	2002-06-06 21:40:51 +0000	[diff] [blame]	928	fatal("%s: key_to_blob failed", __func__);
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	929	key->type = KEY_RSA1;
				930
				931	buffer_init(&m);
				932	buffer_put_string(&m, blob, blen);
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	933	free(blob);
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	934
Ben Lindstrom	7339b2a	2002-05-15 16:25:01 +0000	[diff] [blame]	935	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_RSACHALLENGE, &m);
				936	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_RSACHALLENGE, &m);
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	937
				938	buffer_get_bignum2(&m, challenge);
				939	buffer_free(&m);
				940
				941	return (challenge);
				942	}
				943
				944	int
				945	mm_auth_rsa_verify_response(Key key, BIGNUM p, u_char response[16])
				946	{
				947	Buffer m;
				948	u_char *blob;
				949	u_int blen;
				950	int success = 0;
				951
Ben Lindstrom	7d9c38f	2002-06-06 21:40:51 +0000	[diff] [blame]	952	debug3("%s entering", __func__);
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	953
				954	key->type = KEY_RSA; /* XXX cheat for key_to_blob */
				955	if (key_to_blob(key, &blob, &blen) == 0)
Ben Lindstrom	7d9c38f	2002-06-06 21:40:51 +0000	[diff] [blame]	956	fatal("%s: key_to_blob failed", __func__);
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	957	key->type = KEY_RSA1;
				958
				959	buffer_init(&m);
				960	buffer_put_string(&m, blob, blen);
				961	buffer_put_string(&m, response, 16);
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	962	free(blob);
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	963
Ben Lindstrom	7339b2a	2002-05-15 16:25:01 +0000	[diff] [blame]	964	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_RSARESPONSE, &m);
				965	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_RSARESPONSE, &m);
Ben Lindstrom	7a2073c	2002-03-22 02:30:41 +0000	[diff] [blame]	966
				967	success = buffer_get_int(&m);
				968	buffer_free(&m);
				969
				970	return (success);
				971	}
Damien Miller	1f0311c	2014-05-15 14:24:09 +1000	[diff] [blame]	972	#endif
Damien Miller	25162f2	2002-09-12 09:47:29 +1000	[diff] [blame]	973
Darren Tucker	2e0cf0d	2005-02-08 21:52:47 +1100	[diff] [blame]	974	#ifdef SSH_AUDIT_EVENTS
Darren Tucker	269a1ea	2005-02-03 00:20:53 +1100	[diff] [blame]	975	void
				976	mm_audit_event(ssh_audit_event_t event)
				977	{
				978	Buffer m;
				979
				980	debug3("%s entering", __func__);
				981
				982	buffer_init(&m);
				983	buffer_put_int(&m, event);
				984
				985	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_EVENT, &m);
				986	buffer_free(&m);
				987	}
				988
				989	void
				990	mm_audit_run_command(const char *command)
				991	{
				992	Buffer m;
				993
				994	debug3("%s entering command %s", __func__, command);
				995
				996	buffer_init(&m);
				997	buffer_put_cstring(&m, command);
				998
				999	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_COMMAND, &m);
				1000	buffer_free(&m);
				1001	}
Darren Tucker	2e0cf0d	2005-02-08 21:52:47 +1100	[diff] [blame]	1002	#endif /* SSH_AUDIT_EVENTS */
Darren Tucker	269a1ea	2005-02-03 00:20:53 +1100	[diff] [blame]	1003
Darren Tucker	0efd155	2003-08-26 11:49:55 +1000	[diff] [blame]	1004	#ifdef GSSAPI
				1005	OM_uint32
Darren Tucker	3f9fdc7	2004-06-22 12:56:01 +1000	[diff] [blame]	1006	mm_ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID goid)
Darren Tucker	0efd155	2003-08-26 11:49:55 +1000	[diff] [blame]	1007	{
				1008	Buffer m;
				1009	OM_uint32 major;
				1010
				1011	/* Client doesn't get to see the context */
				1012	*ctx = NULL;
				1013
				1014	buffer_init(&m);
Darren Tucker	3f9fdc7	2004-06-22 12:56:01 +1000	[diff] [blame]	1015	buffer_put_string(&m, goid->elements, goid->length);
Darren Tucker	0efd155	2003-08-26 11:49:55 +1000	[diff] [blame]	1016
				1017	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSETUP, &m);
				1018	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSETUP, &m);
				1019
				1020	major = buffer_get_int(&m);
				1021
				1022	buffer_free(&m);
				1023	return (major);
				1024	}
				1025
				1026	OM_uint32
				1027	mm_ssh_gssapi_accept_ctx(Gssctxt ctx, gss_buffer_desc in,
				1028	gss_buffer_desc out, OM_uint32 flags)
				1029	{
				1030	Buffer m;
				1031	OM_uint32 major;
Darren Tucker	600ad8d	2003-08-26 12:10:48 +1000	[diff] [blame]	1032	u_int len;
Darren Tucker	0efd155	2003-08-26 11:49:55 +1000	[diff] [blame]	1033
				1034	buffer_init(&m);
				1035	buffer_put_string(&m, in->value, in->length);
				1036
				1037	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSTEP, &m);
				1038	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSTEP, &m);
				1039
				1040	major = buffer_get_int(&m);
Darren Tucker	600ad8d	2003-08-26 12:10:48 +1000	[diff] [blame]	1041	out->value = buffer_get_string(&m, &len);
				1042	out->length = len;
Darren Tucker	0efd155	2003-08-26 11:49:55 +1000	[diff] [blame]	1043	if (flags)
				1044	*flags = buffer_get_int(&m);
				1045
				1046	buffer_free(&m);
				1047
				1048	return (major);
				1049	}
				1050
Damien Miller	0425d40	2003-11-17 22:18:21 +1100	[diff] [blame]	1051	OM_uint32
				1052	mm_ssh_gssapi_checkmic(Gssctxt *ctx, gss_buffer_t gssbuf, gss_buffer_t gssmic)
				1053	{
				1054	Buffer m;
				1055	OM_uint32 major;
				1056
				1057	buffer_init(&m);
				1058	buffer_put_string(&m, gssbuf->value, gssbuf->length);
				1059	buffer_put_string(&m, gssmic->value, gssmic->length);
				1060
				1061	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSCHECKMIC, &m);
				1062	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSCHECKMIC,
				1063	&m);
				1064
				1065	major = buffer_get_int(&m);
				1066	buffer_free(&m);
				1067	return(major);
				1068	}
				1069
Darren Tucker	0efd155	2003-08-26 11:49:55 +1000	[diff] [blame]	1070	int
				1071	mm_ssh_gssapi_userok(char *user)
				1072	{
				1073	Buffer m;
				1074	int authenticated = 0;
				1075
				1076	buffer_init(&m);
				1077
				1078	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSUSEROK, &m);
				1079	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSUSEROK,
				1080	&m);
				1081
				1082	authenticated = buffer_get_int(&m);
				1083
				1084	buffer_free(&m);
				1085	debug3("%s: user %sauthenticated",__func__, authenticated ? "" : "not ");
				1086	return (authenticated);
				1087	}
				1088	#endif /* GSSAPI */
Damien Miller	01ed227	2008-11-05 16:20:46 +1100	[diff] [blame]	1089