xref: /freebsd/crypto/openssh/monitor.c (revision 4f52dfbb8d6c4d446500c5b097e3806ec219fbd4)
1 /* $OpenBSD: monitor.c,v 1.174 2017/10/02 19:33:20 djm Exp $ */
2 /*
3  * Copyright 2002 Niels Provos <provos@citi.umich.edu>
4  * Copyright 2002 Markus Friedl <markus@openbsd.org>
5  * All rights reserved.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that the following conditions
9  * are met:
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  * 2. Redistributions in binary form must reproduce the above copyright
13  *    notice, this list of conditions and the following disclaimer in the
14  *    documentation and/or other materials provided with the distribution.
15  *
16  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
17  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
18  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
19  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
20  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
21  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
22  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
23  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
24  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
25  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26  */
27 
28 #include "includes.h"
29 
30 #include <sys/types.h>
31 #include <sys/socket.h>
32 #include "openbsd-compat/sys-tree.h"
33 #include <sys/wait.h>
34 
35 #include <errno.h>
36 #include <fcntl.h>
37 #include <limits.h>
38 #ifdef HAVE_PATHS_H
39 #include <paths.h>
40 #endif
41 #include <pwd.h>
42 #include <signal.h>
43 #ifdef HAVE_STDINT_H
44 #include <stdint.h>
45 #endif
46 #include <stdlib.h>
47 #include <string.h>
48 #include <stdarg.h>
49 #include <stdio.h>
50 #include <unistd.h>
51 #ifdef HAVE_POLL_H
52 #include <poll.h>
53 #else
54 # ifdef HAVE_SYS_POLL_H
55 #  include <sys/poll.h>
56 # endif
57 #endif
58 
59 #ifdef SKEY
60 #include <skey.h>
61 #endif
62 
63 #ifdef WITH_OPENSSL
64 #include <openssl/dh.h>
65 #endif
66 
67 #include "openbsd-compat/sys-queue.h"
68 #include "atomicio.h"
69 #include "xmalloc.h"
70 #include "ssh.h"
71 #include "key.h"
72 #include "buffer.h"
73 #include "hostfile.h"
74 #include "auth.h"
75 #include "cipher.h"
76 #include "kex.h"
77 #include "dh.h"
78 #include "auth-pam.h"
79 #ifdef TARGET_OS_MAC	/* XXX Broken krb5 headers on Mac */
80 #undef TARGET_OS_MAC
81 #include "zlib.h"
82 #define TARGET_OS_MAC 1
83 #else
84 #include "zlib.h"
85 #endif
86 #include "packet.h"
87 #include "auth-options.h"
88 #include "sshpty.h"
89 #include "channels.h"
90 #include "session.h"
91 #include "sshlogin.h"
92 #include "canohost.h"
93 #include "log.h"
94 #include "misc.h"
95 #include "servconf.h"
96 #include "monitor.h"
97 #ifdef GSSAPI
98 #include "ssh-gss.h"
99 #endif
100 #include "monitor_wrap.h"
101 #include "monitor_fdpass.h"
102 #include "compat.h"
103 #include "ssh2.h"
104 #include "authfd.h"
105 #include "match.h"
106 #include "ssherr.h"
107 
108 #ifdef GSSAPI
109 static Gssctxt *gsscontext = NULL;
110 #endif
111 
112 /* Imports */
113 extern ServerOptions options;
114 extern u_int utmp_len;
115 extern u_char session_id[];
116 extern Buffer auth_debug;
117 extern int auth_debug_init;
118 extern Buffer loginmsg;
119 
120 /* State exported from the child */
121 static struct sshbuf *child_state;
122 
123 /* Functions on the monitor that answer unprivileged requests */
124 
125 int mm_answer_moduli(int, Buffer *);
126 int mm_answer_sign(int, Buffer *);
127 int mm_answer_pwnamallow(int, Buffer *);
128 int mm_answer_auth2_read_banner(int, Buffer *);
129 int mm_answer_authserv(int, Buffer *);
130 int mm_answer_authpassword(int, Buffer *);
131 int mm_answer_bsdauthquery(int, Buffer *);
132 int mm_answer_bsdauthrespond(int, Buffer *);
133 int mm_answer_skeyquery(int, Buffer *);
134 int mm_answer_skeyrespond(int, Buffer *);
135 int mm_answer_keyallowed(int, Buffer *);
136 int mm_answer_keyverify(int, Buffer *);
137 int mm_answer_pty(int, Buffer *);
138 int mm_answer_pty_cleanup(int, Buffer *);
139 int mm_answer_term(int, Buffer *);
140 int mm_answer_rsa_keyallowed(int, Buffer *);
141 int mm_answer_rsa_challenge(int, Buffer *);
142 int mm_answer_rsa_response(int, Buffer *);
143 int mm_answer_sesskey(int, Buffer *);
144 int mm_answer_sessid(int, Buffer *);
145 
146 #ifdef USE_PAM
147 int mm_answer_pam_start(int, Buffer *);
148 int mm_answer_pam_account(int, Buffer *);
149 int mm_answer_pam_init_ctx(int, Buffer *);
150 int mm_answer_pam_query(int, Buffer *);
151 int mm_answer_pam_respond(int, Buffer *);
152 int mm_answer_pam_free_ctx(int, Buffer *);
153 #endif
154 
155 #ifdef GSSAPI
156 int mm_answer_gss_setup_ctx(int, Buffer *);
157 int mm_answer_gss_accept_ctx(int, Buffer *);
158 int mm_answer_gss_userok(int, Buffer *);
159 int mm_answer_gss_checkmic(int, Buffer *);
160 #endif
161 
162 #ifdef SSH_AUDIT_EVENTS
163 int mm_answer_audit_event(int, Buffer *);
164 int mm_answer_audit_command(int, Buffer *);
165 #endif
166 
167 static int monitor_read_log(struct monitor *);
168 
169 static Authctxt *authctxt;
170 
171 /* local state for key verify */
172 static u_char *key_blob = NULL;
173 static u_int key_bloblen = 0;
174 static int key_blobtype = MM_NOKEY;
175 static char *hostbased_cuser = NULL;
176 static char *hostbased_chost = NULL;
177 static char *auth_method = "unknown";
178 static char *auth_submethod = NULL;
179 static u_int session_id2_len = 0;
180 static u_char *session_id2 = NULL;
181 static pid_t monitor_child_pid;
182 
183 struct mon_table {
184 	enum monitor_reqtype type;
185 	int flags;
186 	int (*f)(int, Buffer *);
187 };
188 
189 #define MON_ISAUTH	0x0004	/* Required for Authentication */
190 #define MON_AUTHDECIDE	0x0008	/* Decides Authentication */
191 #define MON_ONCE	0x0010	/* Disable after calling */
192 #define MON_ALOG	0x0020	/* Log auth attempt without authenticating */
193 
194 #define MON_AUTH	(MON_ISAUTH|MON_AUTHDECIDE)
195 
196 #define MON_PERMIT	0x1000	/* Request is permitted */
197 
198 struct mon_table mon_dispatch_proto20[] = {
199 #ifdef WITH_OPENSSL
200     {MONITOR_REQ_MODULI, MON_ONCE, mm_answer_moduli},
201 #endif
202     {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign},
203     {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow},
204     {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv},
205     {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner},
206     {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword},
207 #ifdef USE_PAM
208     {MONITOR_REQ_PAM_START, MON_ONCE, mm_answer_pam_start},
209     {MONITOR_REQ_PAM_ACCOUNT, 0, mm_answer_pam_account},
210     {MONITOR_REQ_PAM_INIT_CTX, MON_ONCE, mm_answer_pam_init_ctx},
211     {MONITOR_REQ_PAM_QUERY, 0, mm_answer_pam_query},
212     {MONITOR_REQ_PAM_RESPOND, MON_ONCE, mm_answer_pam_respond},
213     {MONITOR_REQ_PAM_FREE_CTX, MON_ONCE|MON_AUTHDECIDE, mm_answer_pam_free_ctx},
214 #endif
215 #ifdef SSH_AUDIT_EVENTS
216     {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
217 #endif
218 #ifdef BSD_AUTH
219     {MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery},
220     {MONITOR_REQ_BSDAUTHRESPOND, MON_AUTH, mm_answer_bsdauthrespond},
221 #endif
222 #ifdef SKEY
223     {MONITOR_REQ_SKEYQUERY, MON_ISAUTH, mm_answer_skeyquery},
224     {MONITOR_REQ_SKEYRESPOND, MON_AUTH, mm_answer_skeyrespond},
225 #endif
226     {MONITOR_REQ_KEYALLOWED, MON_ISAUTH, mm_answer_keyallowed},
227     {MONITOR_REQ_KEYVERIFY, MON_AUTH, mm_answer_keyverify},
228 #ifdef GSSAPI
229     {MONITOR_REQ_GSSSETUP, MON_ISAUTH, mm_answer_gss_setup_ctx},
230     {MONITOR_REQ_GSSSTEP, 0, mm_answer_gss_accept_ctx},
231     {MONITOR_REQ_GSSUSEROK, MON_ONCE|MON_AUTHDECIDE, mm_answer_gss_userok},
232     {MONITOR_REQ_GSSCHECKMIC, MON_ONCE, mm_answer_gss_checkmic},
233 #endif
234     {0, 0, NULL}
235 };
236 
237 struct mon_table mon_dispatch_postauth20[] = {
238 #ifdef WITH_OPENSSL
239     {MONITOR_REQ_MODULI, 0, mm_answer_moduli},
240 #endif
241     {MONITOR_REQ_SIGN, 0, mm_answer_sign},
242     {MONITOR_REQ_PTY, 0, mm_answer_pty},
243     {MONITOR_REQ_PTYCLEANUP, 0, mm_answer_pty_cleanup},
244     {MONITOR_REQ_TERM, 0, mm_answer_term},
245 #ifdef SSH_AUDIT_EVENTS
246     {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
247     {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT, mm_answer_audit_command},
248 #endif
249     {0, 0, NULL}
250 };
251 
252 struct mon_table *mon_dispatch;
253 
254 /* Specifies if a certain message is allowed at the moment */
255 
256 static void
257 monitor_permit(struct mon_table *ent, enum monitor_reqtype type, int permit)
258 {
259 	while (ent->f != NULL) {
260 		if (ent->type == type) {
261 			ent->flags &= ~MON_PERMIT;
262 			ent->flags |= permit ? MON_PERMIT : 0;
263 			return;
264 		}
265 		ent++;
266 	}
267 }
268 
269 static void
270 monitor_permit_authentications(int permit)
271 {
272 	struct mon_table *ent = mon_dispatch;
273 
274 	while (ent->f != NULL) {
275 		if (ent->flags & MON_AUTH) {
276 			ent->flags &= ~MON_PERMIT;
277 			ent->flags |= permit ? MON_PERMIT : 0;
278 		}
279 		ent++;
280 	}
281 }
282 
283 void
284 monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor)
285 {
286 	struct ssh *ssh = active_state;	/* XXX */
287 	struct mon_table *ent;
288 	int authenticated = 0, partial = 0;
289 
290 	debug3("preauth child monitor started");
291 
292 	close(pmonitor->m_recvfd);
293 	close(pmonitor->m_log_sendfd);
294 	pmonitor->m_log_sendfd = pmonitor->m_recvfd = -1;
295 
296 	authctxt = _authctxt;
297 	memset(authctxt, 0, sizeof(*authctxt));
298 
299 	authctxt->loginmsg = &loginmsg;
300 
301 	mon_dispatch = mon_dispatch_proto20;
302 	/* Permit requests for moduli and signatures */
303 	monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1);
304 	monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1);
305 
306 	/* The first few requests do not require asynchronous access */
307 	while (!authenticated) {
308 		partial = 0;
309 		auth_method = "unknown";
310 		auth_submethod = NULL;
311 		auth2_authctxt_reset_info(authctxt);
312 
313 		authenticated = (monitor_read(pmonitor, mon_dispatch, &ent) == 1);
314 
315 		/* Special handling for multiple required authentications */
316 		if (options.num_auth_methods != 0) {
317 			if (authenticated &&
318 			    !auth2_update_methods_lists(authctxt,
319 			    auth_method, auth_submethod)) {
320 				debug3("%s: method %s: partial", __func__,
321 				    auth_method);
322 				authenticated = 0;
323 				partial = 1;
324 			}
325 		}
326 
327 		if (authenticated) {
328 			if (!(ent->flags & MON_AUTHDECIDE))
329 				fatal("%s: unexpected authentication from %d",
330 				    __func__, ent->type);
331 			if (authctxt->pw->pw_uid == 0 &&
332 			    !auth_root_allowed(auth_method))
333 				authenticated = 0;
334 #ifdef USE_PAM
335 			/* PAM needs to perform account checks after auth */
336 			if (options.use_pam && authenticated) {
337 				Buffer m;
338 
339 				buffer_init(&m);
340 				mm_request_receive_expect(pmonitor->m_sendfd,
341 				    MONITOR_REQ_PAM_ACCOUNT, &m);
342 				authenticated = mm_answer_pam_account(pmonitor->m_sendfd, &m);
343 				buffer_free(&m);
344 			}
345 #endif
346 		}
347 		if (ent->flags & (MON_AUTHDECIDE|MON_ALOG)) {
348 			auth_log(authctxt, authenticated, partial,
349 			    auth_method, auth_submethod);
350 			if (!partial && !authenticated)
351 				authctxt->failures++;
352 			if (authenticated || partial) {
353 				auth2_update_session_info(authctxt,
354 				    auth_method, auth_submethod);
355 			}
356 		}
357 	}
358 
359 	if (!authctxt->valid)
360 		fatal("%s: authenticated invalid user", __func__);
361 	if (strcmp(auth_method, "unknown") == 0)
362 		fatal("%s: authentication method name unknown", __func__);
363 
364 	debug("%s: %s has been authenticated by privileged process",
365 	    __func__, authctxt->user);
366 	ssh_packet_set_log_preamble(ssh, "user %s", authctxt->user);
367 
368 	mm_get_keystate(pmonitor);
369 
370 	/* Drain any buffered messages from the child */
371 	while (pmonitor->m_log_recvfd != -1 && monitor_read_log(pmonitor) == 0)
372 		;
373 
374 	close(pmonitor->m_sendfd);
375 	close(pmonitor->m_log_recvfd);
376 	pmonitor->m_sendfd = pmonitor->m_log_recvfd = -1;
377 }
378 
379 static void
380 monitor_set_child_handler(pid_t pid)
381 {
382 	monitor_child_pid = pid;
383 }
384 
385 static void
386 monitor_child_handler(int sig)
387 {
388 	kill(monitor_child_pid, sig);
389 }
390 
391 void
392 monitor_child_postauth(struct monitor *pmonitor)
393 {
394 	close(pmonitor->m_recvfd);
395 	pmonitor->m_recvfd = -1;
396 
397 	monitor_set_child_handler(pmonitor->m_pid);
398 	signal(SIGHUP, &monitor_child_handler);
399 	signal(SIGTERM, &monitor_child_handler);
400 	signal(SIGINT, &monitor_child_handler);
401 #ifdef SIGXFSZ
402 	signal(SIGXFSZ, SIG_IGN);
403 #endif
404 
405 	mon_dispatch = mon_dispatch_postauth20;
406 
407 	/* Permit requests for moduli and signatures */
408 	monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1);
409 	monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1);
410 	monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1);
411 
412 	if (!no_pty_flag) {
413 		monitor_permit(mon_dispatch, MONITOR_REQ_PTY, 1);
414 		monitor_permit(mon_dispatch, MONITOR_REQ_PTYCLEANUP, 1);
415 	}
416 
417 	for (;;)
418 		monitor_read(pmonitor, mon_dispatch, NULL);
419 }
420 
421 static int
422 monitor_read_log(struct monitor *pmonitor)
423 {
424 	Buffer logmsg;
425 	u_int len, level;
426 	char *msg;
427 
428 	buffer_init(&logmsg);
429 
430 	/* Read length */
431 	buffer_append_space(&logmsg, 4);
432 	if (atomicio(read, pmonitor->m_log_recvfd,
433 	    buffer_ptr(&logmsg), buffer_len(&logmsg)) != buffer_len(&logmsg)) {
434 		if (errno == EPIPE) {
435 			buffer_free(&logmsg);
436 			debug("%s: child log fd closed", __func__);
437 			close(pmonitor->m_log_recvfd);
438 			pmonitor->m_log_recvfd = -1;
439 			return -1;
440 		}
441 		fatal("%s: log fd read: %s", __func__, strerror(errno));
442 	}
443 	len = buffer_get_int(&logmsg);
444 	if (len <= 4 || len > 8192)
445 		fatal("%s: invalid log message length %u", __func__, len);
446 
447 	/* Read severity, message */
448 	buffer_clear(&logmsg);
449 	buffer_append_space(&logmsg, len);
450 	if (atomicio(read, pmonitor->m_log_recvfd,
451 	    buffer_ptr(&logmsg), buffer_len(&logmsg)) != buffer_len(&logmsg))
452 		fatal("%s: log fd read: %s", __func__, strerror(errno));
453 
454 	/* Log it */
455 	level = buffer_get_int(&logmsg);
456 	msg = buffer_get_string(&logmsg, NULL);
457 	if (log_level_name(level) == NULL)
458 		fatal("%s: invalid log level %u (corrupted message?)",
459 		    __func__, level);
460 	do_log2(level, "%s [preauth]", msg);
461 
462 	buffer_free(&logmsg);
463 	free(msg);
464 
465 	return 0;
466 }
467 
468 int
469 monitor_read(struct monitor *pmonitor, struct mon_table *ent,
470     struct mon_table **pent)
471 {
472 	Buffer m;
473 	int ret;
474 	u_char type;
475 	struct pollfd pfd[2];
476 
477 	for (;;) {
478 		memset(&pfd, 0, sizeof(pfd));
479 		pfd[0].fd = pmonitor->m_sendfd;
480 		pfd[0].events = POLLIN;
481 		pfd[1].fd = pmonitor->m_log_recvfd;
482 		pfd[1].events = pfd[1].fd == -1 ? 0 : POLLIN;
483 		if (poll(pfd, pfd[1].fd == -1 ? 1 : 2, -1) == -1) {
484 			if (errno == EINTR || errno == EAGAIN)
485 				continue;
486 			fatal("%s: poll: %s", __func__, strerror(errno));
487 		}
488 		if (pfd[1].revents) {
489 			/*
490 			 * Drain all log messages before processing next
491 			 * monitor request.
492 			 */
493 			monitor_read_log(pmonitor);
494 			continue;
495 		}
496 		if (pfd[0].revents)
497 			break;  /* Continues below */
498 	}
499 
500 	buffer_init(&m);
501 
502 	mm_request_receive(pmonitor->m_sendfd, &m);
503 	type = buffer_get_char(&m);
504 
505 	debug3("%s: checking request %d", __func__, type);
506 
507 	while (ent->f != NULL) {
508 		if (ent->type == type)
509 			break;
510 		ent++;
511 	}
512 
513 	if (ent->f != NULL) {
514 		if (!(ent->flags & MON_PERMIT))
515 			fatal("%s: unpermitted request %d", __func__,
516 			    type);
517 		ret = (*ent->f)(pmonitor->m_sendfd, &m);
518 		buffer_free(&m);
519 
520 		/* The child may use this request only once, disable it */
521 		if (ent->flags & MON_ONCE) {
522 			debug2("%s: %d used once, disabling now", __func__,
523 			    type);
524 			ent->flags &= ~MON_PERMIT;
525 		}
526 
527 		if (pent != NULL)
528 			*pent = ent;
529 
530 		return ret;
531 	}
532 
533 	fatal("%s: unsupported request: %d", __func__, type);
534 
535 	/* NOTREACHED */
536 	return (-1);
537 }
538 
539 /* allowed key state */
540 static int
541 monitor_allowed_key(u_char *blob, u_int bloblen)
542 {
543 	/* make sure key is allowed */
544 	if (key_blob == NULL || key_bloblen != bloblen ||
545 	    timingsafe_bcmp(key_blob, blob, key_bloblen))
546 		return (0);
547 	return (1);
548 }
549 
550 static void
551 monitor_reset_key_state(void)
552 {
553 	/* reset state */
554 	free(key_blob);
555 	free(hostbased_cuser);
556 	free(hostbased_chost);
557 	key_blob = NULL;
558 	key_bloblen = 0;
559 	key_blobtype = MM_NOKEY;
560 	hostbased_cuser = NULL;
561 	hostbased_chost = NULL;
562 }
563 
564 #ifdef WITH_OPENSSL
565 int
566 mm_answer_moduli(int sock, Buffer *m)
567 {
568 	DH *dh;
569 	int min, want, max;
570 
571 	min = buffer_get_int(m);
572 	want = buffer_get_int(m);
573 	max = buffer_get_int(m);
574 
575 	debug3("%s: got parameters: %d %d %d",
576 	    __func__, min, want, max);
577 	/* We need to check here, too, in case the child got corrupted */
578 	if (max < min || want < min || max < want)
579 		fatal("%s: bad parameters: %d %d %d",
580 		    __func__, min, want, max);
581 
582 	buffer_clear(m);
583 
584 	dh = choose_dh(min, want, max);
585 	if (dh == NULL) {
586 		buffer_put_char(m, 0);
587 		return (0);
588 	} else {
589 		/* Send first bignum */
590 		buffer_put_char(m, 1);
591 		buffer_put_bignum2(m, dh->p);
592 		buffer_put_bignum2(m, dh->g);
593 
594 		DH_free(dh);
595 	}
596 	mm_request_send(sock, MONITOR_ANS_MODULI, m);
597 	return (0);
598 }
599 #endif
600 
601 int
602 mm_answer_sign(int sock, Buffer *m)
603 {
604 	struct ssh *ssh = active_state; 	/* XXX */
605 	extern int auth_sock;			/* XXX move to state struct? */
606 	struct sshkey *key;
607 	struct sshbuf *sigbuf = NULL;
608 	u_char *p = NULL, *signature = NULL;
609 	char *alg = NULL;
610 	size_t datlen, siglen, alglen;
611 	int r, is_proof = 0;
612 	u_int keyid;
613 	const char proof_req[] = "hostkeys-prove-00@openssh.com";
614 
615 	debug3("%s", __func__);
616 
617 	if ((r = sshbuf_get_u32(m, &keyid)) != 0 ||
618 	    (r = sshbuf_get_string(m, &p, &datlen)) != 0 ||
619 	    (r = sshbuf_get_cstring(m, &alg, &alglen)) != 0)
620 		fatal("%s: buffer error: %s", __func__, ssh_err(r));
621 	if (keyid > INT_MAX)
622 		fatal("%s: invalid key ID", __func__);
623 
624 	/*
625 	 * Supported KEX types use SHA1 (20 bytes), SHA256 (32 bytes),
626 	 * SHA384 (48 bytes) and SHA512 (64 bytes).
627 	 *
628 	 * Otherwise, verify the signature request is for a hostkey
629 	 * proof.
630 	 *
631 	 * XXX perform similar check for KEX signature requests too?
632 	 * it's not trivial, since what is signed is the hash, rather
633 	 * than the full kex structure...
634 	 */
635 	if (datlen != 20 && datlen != 32 && datlen != 48 && datlen != 64) {
636 		/*
637 		 * Construct expected hostkey proof and compare it to what
638 		 * the client sent us.
639 		 */
640 		if (session_id2_len == 0) /* hostkeys is never first */
641 			fatal("%s: bad data length: %zu", __func__, datlen);
642 		if ((key = get_hostkey_public_by_index(keyid, ssh)) == NULL)
643 			fatal("%s: no hostkey for index %d", __func__, keyid);
644 		if ((sigbuf = sshbuf_new()) == NULL)
645 			fatal("%s: sshbuf_new", __func__);
646 		if ((r = sshbuf_put_cstring(sigbuf, proof_req)) != 0 ||
647 		    (r = sshbuf_put_string(sigbuf, session_id2,
648 		    session_id2_len)) != 0 ||
649 		    (r = sshkey_puts(key, sigbuf)) != 0)
650 			fatal("%s: couldn't prepare private key "
651 			    "proof buffer: %s", __func__, ssh_err(r));
652 		if (datlen != sshbuf_len(sigbuf) ||
653 		    memcmp(p, sshbuf_ptr(sigbuf), sshbuf_len(sigbuf)) != 0)
654 			fatal("%s: bad data length: %zu, hostkey proof len %zu",
655 			    __func__, datlen, sshbuf_len(sigbuf));
656 		sshbuf_free(sigbuf);
657 		is_proof = 1;
658 	}
659 
660 	/* save session id, it will be passed on the first call */
661 	if (session_id2_len == 0) {
662 		session_id2_len = datlen;
663 		session_id2 = xmalloc(session_id2_len);
664 		memcpy(session_id2, p, session_id2_len);
665 	}
666 
667 	if ((key = get_hostkey_by_index(keyid)) != NULL) {
668 		if ((r = sshkey_sign(key, &signature, &siglen, p, datlen, alg,
669 		    datafellows)) != 0)
670 			fatal("%s: sshkey_sign failed: %s",
671 			    __func__, ssh_err(r));
672 	} else if ((key = get_hostkey_public_by_index(keyid, ssh)) != NULL &&
673 	    auth_sock > 0) {
674 		if ((r = ssh_agent_sign(auth_sock, key, &signature, &siglen,
675 		    p, datlen, alg, datafellows)) != 0) {
676 			fatal("%s: ssh_agent_sign failed: %s",
677 			    __func__, ssh_err(r));
678 		}
679 	} else
680 		fatal("%s: no hostkey from index %d", __func__, keyid);
681 
682 	debug3("%s: %s signature %p(%zu)", __func__,
683 	    is_proof ? "KEX" : "hostkey proof", signature, siglen);
684 
685 	sshbuf_reset(m);
686 	if ((r = sshbuf_put_string(m, signature, siglen)) != 0)
687 		fatal("%s: buffer error: %s", __func__, ssh_err(r));
688 
689 	free(alg);
690 	free(p);
691 	free(signature);
692 
693 	mm_request_send(sock, MONITOR_ANS_SIGN, m);
694 
695 	/* Turn on permissions for getpwnam */
696 	monitor_permit(mon_dispatch, MONITOR_REQ_PWNAM, 1);
697 
698 	return (0);
699 }
700 
701 /* Retrieves the password entry and also checks if the user is permitted */
702 
703 int
704 mm_answer_pwnamallow(int sock, Buffer *m)
705 {
706 	struct ssh *ssh = active_state;	/* XXX */
707 	char *username;
708 	struct passwd *pwent;
709 	int allowed = 0;
710 	u_int i;
711 
712 	debug3("%s", __func__);
713 
714 	if (authctxt->attempt++ != 0)
715 		fatal("%s: multiple attempts for getpwnam", __func__);
716 
717 	username = buffer_get_string(m, NULL);
718 
719 	pwent = getpwnamallow(username);
720 
721 	authctxt->user = xstrdup(username);
722 	setproctitle("%s [priv]", pwent ? username : "unknown");
723 	free(username);
724 
725 	buffer_clear(m);
726 
727 	if (pwent == NULL) {
728 		buffer_put_char(m, 0);
729 		authctxt->pw = fakepw();
730 		goto out;
731 	}
732 
733 	allowed = 1;
734 	authctxt->pw = pwent;
735 	authctxt->valid = 1;
736 
737 	buffer_put_char(m, 1);
738 	buffer_put_string(m, pwent, sizeof(struct passwd));
739 	buffer_put_cstring(m, pwent->pw_name);
740 	buffer_put_cstring(m, "*");
741 #ifdef HAVE_STRUCT_PASSWD_PW_GECOS
742 	buffer_put_cstring(m, pwent->pw_gecos);
743 #endif
744 #ifdef HAVE_STRUCT_PASSWD_PW_CLASS
745 	buffer_put_cstring(m, pwent->pw_class);
746 #endif
747 	buffer_put_cstring(m, pwent->pw_dir);
748 	buffer_put_cstring(m, pwent->pw_shell);
749 
750  out:
751 	ssh_packet_set_log_preamble(ssh, "%suser %s",
752 	    authctxt->valid ? "authenticating" : "invalid ", authctxt->user);
753 	buffer_put_string(m, &options, sizeof(options));
754 
755 #define M_CP_STROPT(x) do { \
756 		if (options.x != NULL) \
757 			buffer_put_cstring(m, options.x); \
758 	} while (0)
759 #define M_CP_STRARRAYOPT(x, nx) do { \
760 		for (i = 0; i < options.nx; i++) \
761 			buffer_put_cstring(m, options.x[i]); \
762 	} while (0)
763 #define M_CP_STRARRAYOPT_ALLOC(x, nx) M_CP_STRARRAYOPT(x, nx)
764 	/* See comment in servconf.h */
765 	COPY_MATCH_STRING_OPTS();
766 #undef M_CP_STROPT
767 #undef M_CP_STRARRAYOPT
768 #undef M_CP_STRARRAYOPT_ALLOC
769 
770 	/* Create valid auth method lists */
771 	if (auth2_setup_methods_lists(authctxt) != 0) {
772 		/*
773 		 * The monitor will continue long enough to let the child
774 		 * run to it's packet_disconnect(), but it must not allow any
775 		 * authentication to succeed.
776 		 */
777 		debug("%s: no valid authentication method lists", __func__);
778 	}
779 
780 	debug3("%s: sending MONITOR_ANS_PWNAM: %d", __func__, allowed);
781 	mm_request_send(sock, MONITOR_ANS_PWNAM, m);
782 
783 	/* Allow service/style information on the auth context */
784 	monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1);
785 	monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1);
786 
787 #ifdef USE_PAM
788 	if (options.use_pam)
789 		monitor_permit(mon_dispatch, MONITOR_REQ_PAM_START, 1);
790 #endif
791 
792 	return (0);
793 }
794 
795 int mm_answer_auth2_read_banner(int sock, Buffer *m)
796 {
797 	char *banner;
798 
799 	buffer_clear(m);
800 	banner = auth2_read_banner();
801 	buffer_put_cstring(m, banner != NULL ? banner : "");
802 	mm_request_send(sock, MONITOR_ANS_AUTH2_READ_BANNER, m);
803 	free(banner);
804 
805 	return (0);
806 }
807 
808 int
809 mm_answer_authserv(int sock, Buffer *m)
810 {
811 	monitor_permit_authentications(1);
812 
813 	authctxt->service = buffer_get_string(m, NULL);
814 	authctxt->style = buffer_get_string(m, NULL);
815 	debug3("%s: service=%s, style=%s",
816 	    __func__, authctxt->service, authctxt->style);
817 
818 	if (strlen(authctxt->style) == 0) {
819 		free(authctxt->style);
820 		authctxt->style = NULL;
821 	}
822 
823 	return (0);
824 }
825 
826 int
827 mm_answer_authpassword(int sock, Buffer *m)
828 {
829 	static int call_count;
830 	char *passwd;
831 	int authenticated;
832 	u_int plen;
833 
834 	if (!options.password_authentication)
835 		fatal("%s: password authentication not enabled", __func__);
836 	passwd = buffer_get_string(m, &plen);
837 	/* Only authenticate if the context is valid */
838 	authenticated = options.password_authentication &&
839 	    auth_password(authctxt, passwd);
840 	explicit_bzero(passwd, strlen(passwd));
841 	free(passwd);
842 
843 	buffer_clear(m);
844 	buffer_put_int(m, authenticated);
845 #ifdef USE_PAM
846 	buffer_put_int(m, sshpam_get_maxtries_reached());
847 #endif
848 
849 	debug3("%s: sending result %d", __func__, authenticated);
850 	mm_request_send(sock, MONITOR_ANS_AUTHPASSWORD, m);
851 
852 	call_count++;
853 	if (plen == 0 && call_count == 1)
854 		auth_method = "none";
855 	else
856 		auth_method = "password";
857 
858 	/* Causes monitor loop to terminate if authenticated */
859 	return (authenticated);
860 }
861 
862 #ifdef BSD_AUTH
863 int
864 mm_answer_bsdauthquery(int sock, Buffer *m)
865 {
866 	char *name, *infotxt;
867 	u_int numprompts;
868 	u_int *echo_on;
869 	char **prompts;
870 	u_int success;
871 
872 	if (!options.kbd_interactive_authentication)
873 		fatal("%s: kbd-int authentication not enabled", __func__);
874 	success = bsdauth_query(authctxt, &name, &infotxt, &numprompts,
875 	    &prompts, &echo_on) < 0 ? 0 : 1;
876 
877 	buffer_clear(m);
878 	buffer_put_int(m, success);
879 	if (success)
880 		buffer_put_cstring(m, prompts[0]);
881 
882 	debug3("%s: sending challenge success: %u", __func__, success);
883 	mm_request_send(sock, MONITOR_ANS_BSDAUTHQUERY, m);
884 
885 	if (success) {
886 		free(name);
887 		free(infotxt);
888 		free(prompts);
889 		free(echo_on);
890 	}
891 
892 	return (0);
893 }
894 
895 int
896 mm_answer_bsdauthrespond(int sock, Buffer *m)
897 {
898 	char *response;
899 	int authok;
900 
901 	if (!options.kbd_interactive_authentication)
902 		fatal("%s: kbd-int authentication not enabled", __func__);
903 	if (authctxt->as == NULL)
904 		fatal("%s: no bsd auth session", __func__);
905 
906 	response = buffer_get_string(m, NULL);
907 	authok = options.challenge_response_authentication &&
908 	    auth_userresponse(authctxt->as, response, 0);
909 	authctxt->as = NULL;
910 	debug3("%s: <%s> = <%d>", __func__, response, authok);
911 	free(response);
912 
913 	buffer_clear(m);
914 	buffer_put_int(m, authok);
915 
916 	debug3("%s: sending authenticated: %d", __func__, authok);
917 	mm_request_send(sock, MONITOR_ANS_BSDAUTHRESPOND, m);
918 
919 	auth_method = "keyboard-interactive";
920 	auth_submethod = "bsdauth";
921 
922 	return (authok != 0);
923 }
924 #endif
925 
926 #ifdef SKEY
927 int
928 mm_answer_skeyquery(int sock, Buffer *m)
929 {
930 	struct skey skey;
931 	char challenge[1024];
932 	u_int success;
933 
934 	success = _compat_skeychallenge(&skey, authctxt->user, challenge,
935 	    sizeof(challenge)) < 0 ? 0 : 1;
936 
937 	buffer_clear(m);
938 	buffer_put_int(m, success);
939 	if (success)
940 		buffer_put_cstring(m, challenge);
941 
942 	debug3("%s: sending challenge success: %u", __func__, success);
943 	mm_request_send(sock, MONITOR_ANS_SKEYQUERY, m);
944 
945 	return (0);
946 }
947 
948 int
949 mm_answer_skeyrespond(int sock, Buffer *m)
950 {
951 	char *response;
952 	int authok;
953 
954 	response = buffer_get_string(m, NULL);
955 
956 	authok = (options.challenge_response_authentication &&
957 	    authctxt->valid &&
958 	    skey_haskey(authctxt->pw->pw_name) == 0 &&
959 	    skey_passcheck(authctxt->pw->pw_name, response) != -1);
960 
961 	free(response);
962 
963 	buffer_clear(m);
964 	buffer_put_int(m, authok);
965 
966 	debug3("%s: sending authenticated: %d", __func__, authok);
967 	mm_request_send(sock, MONITOR_ANS_SKEYRESPOND, m);
968 
969 	auth_method = "keyboard-interactive";
970 	auth_submethod = "skey";
971 
972 	return (authok != 0);
973 }
974 #endif
975 
976 #ifdef USE_PAM
977 int
978 mm_answer_pam_start(int sock, Buffer *m)
979 {
980 	if (!options.use_pam)
981 		fatal("UsePAM not set, but ended up in %s anyway", __func__);
982 
983 	start_pam(authctxt);
984 
985 	monitor_permit(mon_dispatch, MONITOR_REQ_PAM_ACCOUNT, 1);
986 	if (options.kbd_interactive_authentication)
987 		monitor_permit(mon_dispatch, MONITOR_REQ_PAM_INIT_CTX, 1);
988 
989 	return (0);
990 }
991 
992 int
993 mm_answer_pam_account(int sock, Buffer *m)
994 {
995 	u_int ret;
996 
997 	if (!options.use_pam)
998 		fatal("%s: PAM not enabled", __func__);
999 
1000 	ret = do_pam_account();
1001 
1002 	buffer_put_int(m, ret);
1003 	buffer_put_string(m, buffer_ptr(&loginmsg), buffer_len(&loginmsg));
1004 
1005 	mm_request_send(sock, MONITOR_ANS_PAM_ACCOUNT, m);
1006 
1007 	return (ret);
1008 }
1009 
1010 static void *sshpam_ctxt, *sshpam_authok;
1011 extern KbdintDevice sshpam_device;
1012 
1013 int
1014 mm_answer_pam_init_ctx(int sock, Buffer *m)
1015 {
1016 	debug3("%s", __func__);
1017 	if (!options.kbd_interactive_authentication)
1018 		fatal("%s: kbd-int authentication not enabled", __func__);
1019 	if (sshpam_ctxt != NULL)
1020 		fatal("%s: already called", __func__);
1021 	sshpam_ctxt = (sshpam_device.init_ctx)(authctxt);
1022 	sshpam_authok = NULL;
1023 	buffer_clear(m);
1024 	if (sshpam_ctxt != NULL) {
1025 		monitor_permit(mon_dispatch, MONITOR_REQ_PAM_FREE_CTX, 1);
1026 		monitor_permit(mon_dispatch, MONITOR_REQ_PAM_QUERY, 1);
1027 		buffer_put_int(m, 1);
1028 	} else {
1029 		buffer_put_int(m, 0);
1030 	}
1031 	mm_request_send(sock, MONITOR_ANS_PAM_INIT_CTX, m);
1032 	return (0);
1033 }
1034 
1035 int
1036 mm_answer_pam_query(int sock, Buffer *m)
1037 {
1038 	char *name = NULL, *info = NULL, **prompts = NULL;
1039 	u_int i, num = 0, *echo_on = 0;
1040 	int ret;
1041 
1042 	debug3("%s", __func__);
1043 	sshpam_authok = NULL;
1044 	if (sshpam_ctxt == NULL)
1045 		fatal("%s: no context", __func__);
1046 	ret = (sshpam_device.query)(sshpam_ctxt, &name, &info,
1047 	    &num, &prompts, &echo_on);
1048 	if (ret == 0 && num == 0)
1049 		sshpam_authok = sshpam_ctxt;
1050 	if (num > 1 || name == NULL || info == NULL)
1051 		fatal("sshpam_device.query failed");
1052 	monitor_permit(mon_dispatch, MONITOR_REQ_PAM_RESPOND, 1);
1053 	buffer_clear(m);
1054 	buffer_put_int(m, ret);
1055 	buffer_put_cstring(m, name);
1056 	free(name);
1057 	buffer_put_cstring(m, info);
1058 	free(info);
1059 	buffer_put_int(m, sshpam_get_maxtries_reached());
1060 	buffer_put_int(m, num);
1061 	for (i = 0; i < num; ++i) {
1062 		buffer_put_cstring(m, prompts[i]);
1063 		free(prompts[i]);
1064 		buffer_put_int(m, echo_on[i]);
1065 	}
1066 	free(prompts);
1067 	free(echo_on);
1068 	auth_method = "keyboard-interactive";
1069 	auth_submethod = "pam";
1070 	mm_request_send(sock, MONITOR_ANS_PAM_QUERY, m);
1071 	return (0);
1072 }
1073 
1074 int
1075 mm_answer_pam_respond(int sock, Buffer *m)
1076 {
1077 	char **resp;
1078 	u_int i, num;
1079 	int ret;
1080 
1081 	debug3("%s", __func__);
1082 	if (sshpam_ctxt == NULL)
1083 		fatal("%s: no context", __func__);
1084 	sshpam_authok = NULL;
1085 	num = buffer_get_int(m);
1086 	if (num > 0) {
1087 		resp = xcalloc(num, sizeof(char *));
1088 		for (i = 0; i < num; ++i)
1089 			resp[i] = buffer_get_string(m, NULL);
1090 		ret = (sshpam_device.respond)(sshpam_ctxt, num, resp);
1091 		for (i = 0; i < num; ++i)
1092 			free(resp[i]);
1093 		free(resp);
1094 	} else {
1095 		ret = (sshpam_device.respond)(sshpam_ctxt, num, NULL);
1096 	}
1097 	buffer_clear(m);
1098 	buffer_put_int(m, ret);
1099 	mm_request_send(sock, MONITOR_ANS_PAM_RESPOND, m);
1100 	auth_method = "keyboard-interactive";
1101 	auth_submethod = "pam";
1102 	if (ret == 0)
1103 		sshpam_authok = sshpam_ctxt;
1104 	return (0);
1105 }
1106 
1107 int
1108 mm_answer_pam_free_ctx(int sock, Buffer *m)
1109 {
1110 	int r = sshpam_authok != NULL && sshpam_authok == sshpam_ctxt;
1111 
1112 	debug3("%s", __func__);
1113 	if (sshpam_ctxt == NULL)
1114 		fatal("%s: no context", __func__);
1115 	(sshpam_device.free_ctx)(sshpam_ctxt);
1116 	sshpam_ctxt = sshpam_authok = NULL;
1117 	buffer_clear(m);
1118 	mm_request_send(sock, MONITOR_ANS_PAM_FREE_CTX, m);
1119 	/* Allow another attempt */
1120 	monitor_permit(mon_dispatch, MONITOR_REQ_PAM_INIT_CTX, 1);
1121 	auth_method = "keyboard-interactive";
1122 	auth_submethod = "pam";
1123 	return r;
1124 }
1125 #endif
1126 
1127 int
1128 mm_answer_keyallowed(int sock, Buffer *m)
1129 {
1130 	struct sshkey *key;
1131 	char *cuser, *chost;
1132 	u_char *blob;
1133 	u_int bloblen, pubkey_auth_attempt;
1134 	enum mm_keytype type = 0;
1135 	int allowed = 0;
1136 
1137 	debug3("%s entering", __func__);
1138 
1139 	type = buffer_get_int(m);
1140 	cuser = buffer_get_string(m, NULL);
1141 	chost = buffer_get_string(m, NULL);
1142 	blob = buffer_get_string(m, &bloblen);
1143 	pubkey_auth_attempt = buffer_get_int(m);
1144 
1145 	key = key_from_blob(blob, bloblen);
1146 
1147 	debug3("%s: key_from_blob: %p", __func__, key);
1148 
1149 	if (key != NULL && authctxt->valid) {
1150 		/* These should not make it past the privsep child */
1151 		if (key_type_plain(key->type) == KEY_RSA &&
1152 		    (datafellows & SSH_BUG_RSASIGMD5) != 0)
1153 			fatal("%s: passed a SSH_BUG_RSASIGMD5 key", __func__);
1154 
1155 		switch (type) {
1156 		case MM_USERKEY:
1157 			allowed = options.pubkey_authentication &&
1158 			    !auth2_key_already_used(authctxt, key) &&
1159 			    match_pattern_list(sshkey_ssh_name(key),
1160 			    options.pubkey_key_types, 0) == 1 &&
1161 			    user_key_allowed(authctxt->pw, key,
1162 			    pubkey_auth_attempt);
1163 			auth_method = "publickey";
1164 			if (options.pubkey_authentication &&
1165 			    (!pubkey_auth_attempt || allowed != 1))
1166 				auth_clear_options();
1167 			break;
1168 		case MM_HOSTKEY:
1169 			allowed = options.hostbased_authentication &&
1170 			    !auth2_key_already_used(authctxt, key) &&
1171 			    match_pattern_list(sshkey_ssh_name(key),
1172 			    options.hostbased_key_types, 0) == 1 &&
1173 			    hostbased_key_allowed(authctxt->pw,
1174 			    cuser, chost, key);
1175 			auth2_record_info(authctxt,
1176 			    "client user \"%.100s\", client host \"%.100s\"",
1177 			    cuser, chost);
1178 			auth_method = "hostbased";
1179 			break;
1180 		default:
1181 			fatal("%s: unknown key type %d", __func__, type);
1182 			break;
1183 		}
1184 	}
1185 
1186 	debug3("%s: key is %s", __func__, allowed ? "allowed" : "not allowed");
1187 
1188 	auth2_record_key(authctxt, 0, key);
1189 	sshkey_free(key);
1190 
1191 	/* clear temporarily storage (used by verify) */
1192 	monitor_reset_key_state();
1193 
1194 	if (allowed) {
1195 		/* Save temporarily for comparison in verify */
1196 		key_blob = blob;
1197 		key_bloblen = bloblen;
1198 		key_blobtype = type;
1199 		hostbased_cuser = cuser;
1200 		hostbased_chost = chost;
1201 	} else {
1202 		/* Log failed attempt */
1203 		auth_log(authctxt, 0, 0, auth_method, NULL);
1204 		free(blob);
1205 		free(cuser);
1206 		free(chost);
1207 	}
1208 
1209 	buffer_clear(m);
1210 	buffer_put_int(m, allowed);
1211 	buffer_put_int(m, forced_command != NULL);
1212 
1213 	mm_request_send(sock, MONITOR_ANS_KEYALLOWED, m);
1214 
1215 	return (0);
1216 }
1217 
1218 static int
1219 monitor_valid_userblob(u_char *data, u_int datalen)
1220 {
1221 	Buffer b;
1222 	u_char *p;
1223 	char *userstyle, *cp;
1224 	u_int len;
1225 	int fail = 0;
1226 
1227 	buffer_init(&b);
1228 	buffer_append(&b, data, datalen);
1229 
1230 	if (datafellows & SSH_OLD_SESSIONID) {
1231 		p = buffer_ptr(&b);
1232 		len = buffer_len(&b);
1233 		if ((session_id2 == NULL) ||
1234 		    (len < session_id2_len) ||
1235 		    (timingsafe_bcmp(p, session_id2, session_id2_len) != 0))
1236 			fail++;
1237 		buffer_consume(&b, session_id2_len);
1238 	} else {
1239 		p = buffer_get_string(&b, &len);
1240 		if ((session_id2 == NULL) ||
1241 		    (len != session_id2_len) ||
1242 		    (timingsafe_bcmp(p, session_id2, session_id2_len) != 0))
1243 			fail++;
1244 		free(p);
1245 	}
1246 	if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST)
1247 		fail++;
1248 	cp = buffer_get_cstring(&b, NULL);
1249 	xasprintf(&userstyle, "%s%s%s", authctxt->user,
1250 	    authctxt->style ? ":" : "",
1251 	    authctxt->style ? authctxt->style : "");
1252 	if (strcmp(userstyle, cp) != 0) {
1253 		logit("wrong user name passed to monitor: "
1254 		    "expected %s != %.100s", userstyle, cp);
1255 		fail++;
1256 	}
1257 	free(userstyle);
1258 	free(cp);
1259 	buffer_skip_string(&b);
1260 	if (datafellows & SSH_BUG_PKAUTH) {
1261 		if (!buffer_get_char(&b))
1262 			fail++;
1263 	} else {
1264 		cp = buffer_get_cstring(&b, NULL);
1265 		if (strcmp("publickey", cp) != 0)
1266 			fail++;
1267 		free(cp);
1268 		if (!buffer_get_char(&b))
1269 			fail++;
1270 		buffer_skip_string(&b);
1271 	}
1272 	buffer_skip_string(&b);
1273 	if (buffer_len(&b) != 0)
1274 		fail++;
1275 	buffer_free(&b);
1276 	return (fail == 0);
1277 }
1278 
1279 static int
1280 monitor_valid_hostbasedblob(u_char *data, u_int datalen, char *cuser,
1281     char *chost)
1282 {
1283 	Buffer b;
1284 	char *p, *userstyle;
1285 	u_int len;
1286 	int fail = 0;
1287 
1288 	buffer_init(&b);
1289 	buffer_append(&b, data, datalen);
1290 
1291 	p = buffer_get_string(&b, &len);
1292 	if ((session_id2 == NULL) ||
1293 	    (len != session_id2_len) ||
1294 	    (timingsafe_bcmp(p, session_id2, session_id2_len) != 0))
1295 		fail++;
1296 	free(p);
1297 
1298 	if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST)
1299 		fail++;
1300 	p = buffer_get_cstring(&b, NULL);
1301 	xasprintf(&userstyle, "%s%s%s", authctxt->user,
1302 	    authctxt->style ? ":" : "",
1303 	    authctxt->style ? authctxt->style : "");
1304 	if (strcmp(userstyle, p) != 0) {
1305 		logit("wrong user name passed to monitor: expected %s != %.100s",
1306 		    userstyle, p);
1307 		fail++;
1308 	}
1309 	free(userstyle);
1310 	free(p);
1311 	buffer_skip_string(&b);	/* service */
1312 	p = buffer_get_cstring(&b, NULL);
1313 	if (strcmp(p, "hostbased") != 0)
1314 		fail++;
1315 	free(p);
1316 	buffer_skip_string(&b);	/* pkalg */
1317 	buffer_skip_string(&b);	/* pkblob */
1318 
1319 	/* verify client host, strip trailing dot if necessary */
1320 	p = buffer_get_string(&b, NULL);
1321 	if (((len = strlen(p)) > 0) && p[len - 1] == '.')
1322 		p[len - 1] = '\0';
1323 	if (strcmp(p, chost) != 0)
1324 		fail++;
1325 	free(p);
1326 
1327 	/* verify client user */
1328 	p = buffer_get_string(&b, NULL);
1329 	if (strcmp(p, cuser) != 0)
1330 		fail++;
1331 	free(p);
1332 
1333 	if (buffer_len(&b) != 0)
1334 		fail++;
1335 	buffer_free(&b);
1336 	return (fail == 0);
1337 }
1338 
1339 int
1340 mm_answer_keyverify(int sock, struct sshbuf *m)
1341 {
1342 	struct sshkey *key;
1343 	u_char *signature, *data, *blob;
1344 	size_t signaturelen, datalen, bloblen;
1345 	int r, ret, valid_data = 0, encoded_ret;
1346 
1347 	if ((r = sshbuf_get_string(m, &blob, &bloblen)) != 0 ||
1348 	    (r = sshbuf_get_string(m, &signature, &signaturelen)) != 0 ||
1349 	    (r = sshbuf_get_string(m, &data, &datalen)) != 0)
1350 		fatal("%s: buffer error: %s", __func__, ssh_err(r));
1351 
1352 	if (hostbased_cuser == NULL || hostbased_chost == NULL ||
1353 	  !monitor_allowed_key(blob, bloblen))
1354 		fatal("%s: bad key, not previously allowed", __func__);
1355 
1356 	/* XXX use sshkey_froms here; need to change key_blob, etc. */
1357 	if ((r = sshkey_from_blob(blob, bloblen, &key)) != 0)
1358 		fatal("%s: bad public key blob: %s", __func__, ssh_err(r));
1359 
1360 	switch (key_blobtype) {
1361 	case MM_USERKEY:
1362 		valid_data = monitor_valid_userblob(data, datalen);
1363 		auth_method = "publickey";
1364 		break;
1365 	case MM_HOSTKEY:
1366 		valid_data = monitor_valid_hostbasedblob(data, datalen,
1367 		    hostbased_cuser, hostbased_chost);
1368 		auth_method = "hostbased";
1369 		break;
1370 	default:
1371 		valid_data = 0;
1372 		break;
1373 	}
1374 	if (!valid_data)
1375 		fatal("%s: bad signature data blob", __func__);
1376 
1377 	ret = sshkey_verify(key, signature, signaturelen, data, datalen,
1378 	    active_state->compat);
1379 	debug3("%s: %s %p signature %s", __func__, auth_method, key,
1380 	    (ret == 0) ? "verified" : "unverified");
1381 	auth2_record_key(authctxt, ret == 0, key);
1382 
1383 	free(blob);
1384 	free(signature);
1385 	free(data);
1386 
1387 	monitor_reset_key_state();
1388 
1389 	sshkey_free(key);
1390 	sshbuf_reset(m);
1391 
1392 	/* encode ret != 0 as positive integer, since we're sending u32 */
1393 	encoded_ret = (ret != 0);
1394 	if ((r = sshbuf_put_u32(m, encoded_ret)) != 0)
1395 		fatal("%s: buffer error: %s", __func__, ssh_err(r));
1396 	mm_request_send(sock, MONITOR_ANS_KEYVERIFY, m);
1397 
1398 	return ret == 0;
1399 }
1400 
1401 static void
1402 mm_record_login(Session *s, struct passwd *pw)
1403 {
1404 	struct ssh *ssh = active_state;	/* XXX */
1405 	socklen_t fromlen;
1406 	struct sockaddr_storage from;
1407 
1408 	/*
1409 	 * Get IP address of client. If the connection is not a socket, let
1410 	 * the address be 0.0.0.0.
1411 	 */
1412 	memset(&from, 0, sizeof(from));
1413 	fromlen = sizeof(from);
1414 	if (packet_connection_is_on_socket()) {
1415 		if (getpeername(packet_get_connection_in(),
1416 		    (struct sockaddr *)&from, &fromlen) < 0) {
1417 			debug("getpeername: %.100s", strerror(errno));
1418 			cleanup_exit(255);
1419 		}
1420 	}
1421 	/* Record that there was a login on that tty from the remote host. */
1422 	record_login(s->pid, s->tty, pw->pw_name, pw->pw_uid,
1423 	    session_get_remote_name_or_ip(ssh, utmp_len, options.use_dns),
1424 	    (struct sockaddr *)&from, fromlen);
1425 }
1426 
1427 static void
1428 mm_session_close(Session *s)
1429 {
1430 	debug3("%s: session %d pid %ld", __func__, s->self, (long)s->pid);
1431 	if (s->ttyfd != -1) {
1432 		debug3("%s: tty %s ptyfd %d", __func__, s->tty, s->ptyfd);
1433 		session_pty_cleanup2(s);
1434 	}
1435 	session_unused(s->self);
1436 }
1437 
1438 int
1439 mm_answer_pty(int sock, Buffer *m)
1440 {
1441 	extern struct monitor *pmonitor;
1442 	Session *s;
1443 	int res, fd0;
1444 
1445 	debug3("%s entering", __func__);
1446 
1447 	buffer_clear(m);
1448 	s = session_new();
1449 	if (s == NULL)
1450 		goto error;
1451 	s->authctxt = authctxt;
1452 	s->pw = authctxt->pw;
1453 	s->pid = pmonitor->m_pid;
1454 	res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty));
1455 	if (res == 0)
1456 		goto error;
1457 	pty_setowner(authctxt->pw, s->tty);
1458 
1459 	buffer_put_int(m, 1);
1460 	buffer_put_cstring(m, s->tty);
1461 
1462 	/* We need to trick ttyslot */
1463 	if (dup2(s->ttyfd, 0) == -1)
1464 		fatal("%s: dup2", __func__);
1465 
1466 	mm_record_login(s, authctxt->pw);
1467 
1468 	/* Now we can close the file descriptor again */
1469 	close(0);
1470 
1471 	/* send messages generated by record_login */
1472 	buffer_put_string(m, buffer_ptr(&loginmsg), buffer_len(&loginmsg));
1473 	buffer_clear(&loginmsg);
1474 
1475 	mm_request_send(sock, MONITOR_ANS_PTY, m);
1476 
1477 	if (mm_send_fd(sock, s->ptyfd) == -1 ||
1478 	    mm_send_fd(sock, s->ttyfd) == -1)
1479 		fatal("%s: send fds failed", __func__);
1480 
1481 	/* make sure nothing uses fd 0 */
1482 	if ((fd0 = open(_PATH_DEVNULL, O_RDONLY)) < 0)
1483 		fatal("%s: open(/dev/null): %s", __func__, strerror(errno));
1484 	if (fd0 != 0)
1485 		error("%s: fd0 %d != 0", __func__, fd0);
1486 
1487 	/* slave is not needed */
1488 	close(s->ttyfd);
1489 	s->ttyfd = s->ptyfd;
1490 	/* no need to dup() because nobody closes ptyfd */
1491 	s->ptymaster = s->ptyfd;
1492 
1493 	debug3("%s: tty %s ptyfd %d", __func__, s->tty, s->ttyfd);
1494 
1495 	return (0);
1496 
1497  error:
1498 	if (s != NULL)
1499 		mm_session_close(s);
1500 	buffer_put_int(m, 0);
1501 	mm_request_send(sock, MONITOR_ANS_PTY, m);
1502 	return (0);
1503 }
1504 
1505 int
1506 mm_answer_pty_cleanup(int sock, Buffer *m)
1507 {
1508 	Session *s;
1509 	char *tty;
1510 
1511 	debug3("%s entering", __func__);
1512 
1513 	tty = buffer_get_string(m, NULL);
1514 	if ((s = session_by_tty(tty)) != NULL)
1515 		mm_session_close(s);
1516 	buffer_clear(m);
1517 	free(tty);
1518 	return (0);
1519 }
1520 
1521 int
1522 mm_answer_term(int sock, Buffer *req)
1523 {
1524 	struct ssh *ssh = active_state;	/* XXX */
1525 	extern struct monitor *pmonitor;
1526 	int res, status;
1527 
1528 	debug3("%s: tearing down sessions", __func__);
1529 
1530 	/* The child is terminating */
1531 	session_destroy_all(ssh, &mm_session_close);
1532 
1533 #ifdef USE_PAM
1534 	if (options.use_pam)
1535 		sshpam_cleanup();
1536 #endif
1537 
1538 	while (waitpid(pmonitor->m_pid, &status, 0) == -1)
1539 		if (errno != EINTR)
1540 			exit(1);
1541 
1542 	res = WIFEXITED(status) ? WEXITSTATUS(status) : 1;
1543 
1544 	/* Terminate process */
1545 	exit(res);
1546 }
1547 
1548 #ifdef SSH_AUDIT_EVENTS
1549 /* Report that an audit event occurred */
1550 int
1551 mm_answer_audit_event(int socket, Buffer *m)
1552 {
1553 	ssh_audit_event_t event;
1554 
1555 	debug3("%s entering", __func__);
1556 
1557 	event = buffer_get_int(m);
1558 	switch(event) {
1559 	case SSH_AUTH_FAIL_PUBKEY:
1560 	case SSH_AUTH_FAIL_HOSTBASED:
1561 	case SSH_AUTH_FAIL_GSSAPI:
1562 	case SSH_LOGIN_EXCEED_MAXTRIES:
1563 	case SSH_LOGIN_ROOT_DENIED:
1564 	case SSH_CONNECTION_CLOSE:
1565 	case SSH_INVALID_USER:
1566 		audit_event(event);
1567 		break;
1568 	default:
1569 		fatal("Audit event type %d not permitted", event);
1570 	}
1571 
1572 	return (0);
1573 }
1574 
1575 int
1576 mm_answer_audit_command(int socket, Buffer *m)
1577 {
1578 	u_int len;
1579 	char *cmd;
1580 
1581 	debug3("%s entering", __func__);
1582 	cmd = buffer_get_string(m, &len);
1583 	/* sanity check command, if so how? */
1584 	audit_run_command(cmd);
1585 	free(cmd);
1586 	return (0);
1587 }
1588 #endif /* SSH_AUDIT_EVENTS */
1589 
1590 void
1591 monitor_clear_keystate(struct monitor *pmonitor)
1592 {
1593 	struct ssh *ssh = active_state;	/* XXX */
1594 
1595 	ssh_clear_newkeys(ssh, MODE_IN);
1596 	ssh_clear_newkeys(ssh, MODE_OUT);
1597 	sshbuf_free(child_state);
1598 	child_state = NULL;
1599 }
1600 
1601 void
1602 monitor_apply_keystate(struct monitor *pmonitor)
1603 {
1604 	struct ssh *ssh = active_state;	/* XXX */
1605 	struct kex *kex;
1606 	int r;
1607 
1608 	debug3("%s: packet_set_state", __func__);
1609 	if ((r = ssh_packet_set_state(ssh, child_state)) != 0)
1610                 fatal("%s: packet_set_state: %s", __func__, ssh_err(r));
1611 	sshbuf_free(child_state);
1612 	child_state = NULL;
1613 
1614 	if ((kex = ssh->kex) != NULL) {
1615 		/* XXX set callbacks */
1616 #ifdef WITH_OPENSSL
1617 		kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;
1618 		kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server;
1619 		kex->kex[KEX_DH_GRP14_SHA256] = kexdh_server;
1620 		kex->kex[KEX_DH_GRP16_SHA512] = kexdh_server;
1621 		kex->kex[KEX_DH_GRP18_SHA512] = kexdh_server;
1622 		kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
1623 		kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
1624 # ifdef OPENSSL_HAS_ECC
1625 		kex->kex[KEX_ECDH_SHA2] = kexecdh_server;
1626 # endif
1627 #endif /* WITH_OPENSSL */
1628 		kex->kex[KEX_C25519_SHA256] = kexc25519_server;
1629 		kex->load_host_public_key=&get_hostkey_public_by_type;
1630 		kex->load_host_private_key=&get_hostkey_private_by_type;
1631 		kex->host_key_index=&get_hostkey_index;
1632 		kex->sign = sshd_hostkey_sign;
1633 	}
1634 }
1635 
1636 /* This function requries careful sanity checking */
1637 
1638 void
1639 mm_get_keystate(struct monitor *pmonitor)
1640 {
1641 	debug3("%s: Waiting for new keys", __func__);
1642 
1643 	if ((child_state = sshbuf_new()) == NULL)
1644 		fatal("%s: sshbuf_new failed", __func__);
1645 	mm_request_receive_expect(pmonitor->m_sendfd, MONITOR_REQ_KEYEXPORT,
1646 	    child_state);
1647 	debug3("%s: GOT new keys", __func__);
1648 }
1649 
1650 
1651 /* XXX */
1652 
1653 #define FD_CLOSEONEXEC(x) do { \
1654 	if (fcntl(x, F_SETFD, FD_CLOEXEC) == -1) \
1655 		fatal("fcntl(%d, F_SETFD)", x); \
1656 } while (0)
1657 
1658 static void
1659 monitor_openfds(struct monitor *mon, int do_logfds)
1660 {
1661 	int pair[2];
1662 #ifdef SO_ZEROIZE
1663 	int on = 1;
1664 #endif
1665 
1666 	if (socketpair(AF_UNIX, SOCK_STREAM, 0, pair) == -1)
1667 		fatal("%s: socketpair: %s", __func__, strerror(errno));
1668 #ifdef SO_ZEROIZE
1669 	if (setsockopt(pair[0], SOL_SOCKET, SO_ZEROIZE, &on, sizeof(on)) < 0)
1670 		error("setsockopt SO_ZEROIZE(0): %.100s", strerror(errno));
1671 	if (setsockopt(pair[1], SOL_SOCKET, SO_ZEROIZE, &on, sizeof(on)) < 0)
1672 		error("setsockopt SO_ZEROIZE(1): %.100s", strerror(errno));
1673 #endif
1674 	FD_CLOSEONEXEC(pair[0]);
1675 	FD_CLOSEONEXEC(pair[1]);
1676 	mon->m_recvfd = pair[0];
1677 	mon->m_sendfd = pair[1];
1678 
1679 	if (do_logfds) {
1680 		if (pipe(pair) == -1)
1681 			fatal("%s: pipe: %s", __func__, strerror(errno));
1682 		FD_CLOSEONEXEC(pair[0]);
1683 		FD_CLOSEONEXEC(pair[1]);
1684 		mon->m_log_recvfd = pair[0];
1685 		mon->m_log_sendfd = pair[1];
1686 	} else
1687 		mon->m_log_recvfd = mon->m_log_sendfd = -1;
1688 }
1689 
1690 #define MM_MEMSIZE	65536
1691 
1692 struct monitor *
1693 monitor_init(void)
1694 {
1695 	struct monitor *mon;
1696 
1697 	mon = xcalloc(1, sizeof(*mon));
1698 	monitor_openfds(mon, 1);
1699 
1700 	return mon;
1701 }
1702 
1703 void
1704 monitor_reinit(struct monitor *mon)
1705 {
1706 	monitor_openfds(mon, 0);
1707 }
1708 
1709 #ifdef GSSAPI
1710 int
1711 mm_answer_gss_setup_ctx(int sock, Buffer *m)
1712 {
1713 	gss_OID_desc goid;
1714 	OM_uint32 major;
1715 	u_int len;
1716 
1717 	if (!options.gss_authentication)
1718 		fatal("%s: GSSAPI authentication not enabled", __func__);
1719 
1720 	goid.elements = buffer_get_string(m, &len);
1721 	goid.length = len;
1722 
1723 	major = ssh_gssapi_server_ctx(&gsscontext, &goid);
1724 
1725 	free(goid.elements);
1726 
1727 	buffer_clear(m);
1728 	buffer_put_int(m, major);
1729 
1730 	mm_request_send(sock, MONITOR_ANS_GSSSETUP, m);
1731 
1732 	/* Now we have a context, enable the step */
1733 	monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 1);
1734 
1735 	return (0);
1736 }
1737 
1738 int
1739 mm_answer_gss_accept_ctx(int sock, Buffer *m)
1740 {
1741 	gss_buffer_desc in;
1742 	gss_buffer_desc out = GSS_C_EMPTY_BUFFER;
1743 	OM_uint32 major, minor;
1744 	OM_uint32 flags = 0; /* GSI needs this */
1745 	u_int len;
1746 
1747 	if (!options.gss_authentication)
1748 		fatal("%s: GSSAPI authentication not enabled", __func__);
1749 
1750 	in.value = buffer_get_string(m, &len);
1751 	in.length = len;
1752 	major = ssh_gssapi_accept_ctx(gsscontext, &in, &out, &flags);
1753 	free(in.value);
1754 
1755 	buffer_clear(m);
1756 	buffer_put_int(m, major);
1757 	buffer_put_string(m, out.value, out.length);
1758 	buffer_put_int(m, flags);
1759 	mm_request_send(sock, MONITOR_ANS_GSSSTEP, m);
1760 
1761 	gss_release_buffer(&minor, &out);
1762 
1763 	if (major == GSS_S_COMPLETE) {
1764 		monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 0);
1765 		monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1);
1766 		monitor_permit(mon_dispatch, MONITOR_REQ_GSSCHECKMIC, 1);
1767 	}
1768 	return (0);
1769 }
1770 
1771 int
1772 mm_answer_gss_checkmic(int sock, Buffer *m)
1773 {
1774 	gss_buffer_desc gssbuf, mic;
1775 	OM_uint32 ret;
1776 	u_int len;
1777 
1778 	if (!options.gss_authentication)
1779 		fatal("%s: GSSAPI authentication not enabled", __func__);
1780 
1781 	gssbuf.value = buffer_get_string(m, &len);
1782 	gssbuf.length = len;
1783 	mic.value = buffer_get_string(m, &len);
1784 	mic.length = len;
1785 
1786 	ret = ssh_gssapi_checkmic(gsscontext, &gssbuf, &mic);
1787 
1788 	free(gssbuf.value);
1789 	free(mic.value);
1790 
1791 	buffer_clear(m);
1792 	buffer_put_int(m, ret);
1793 
1794 	mm_request_send(sock, MONITOR_ANS_GSSCHECKMIC, m);
1795 
1796 	if (!GSS_ERROR(ret))
1797 		monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1);
1798 
1799 	return (0);
1800 }
1801 
1802 int
1803 mm_answer_gss_userok(int sock, Buffer *m)
1804 {
1805 	int authenticated;
1806 	const char *displayname;
1807 
1808 	if (!options.gss_authentication)
1809 		fatal("%s: GSSAPI authentication not enabled", __func__);
1810 
1811 	authenticated = authctxt->valid && ssh_gssapi_userok(authctxt->user);
1812 
1813 	buffer_clear(m);
1814 	buffer_put_int(m, authenticated);
1815 
1816 	debug3("%s: sending result %d", __func__, authenticated);
1817 	mm_request_send(sock, MONITOR_ANS_GSSUSEROK, m);
1818 
1819 	auth_method = "gssapi-with-mic";
1820 
1821 	if ((displayname = ssh_gssapi_displayname()) != NULL)
1822 		auth2_record_info(authctxt, "%s", displayname);
1823 
1824 	/* Monitor loop will terminate if authenticated */
1825 	return (authenticated);
1826 }
1827 #endif /* GSSAPI */
1828 
1829