1 /* $OpenBSD: monitor.c,v 1.255 2026/03/28 05:06:16 djm Exp $ */ 2 /* 3 * Copyright 2002 Niels Provos <provos@citi.umich.edu> 4 * Copyright 2002 Markus Friedl <markus@openbsd.org> 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 17 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 18 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 19 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 21 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 22 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 23 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 25 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 26 */ 27 28 #include "includes.h" 29 30 #include <sys/types.h> 31 #include <sys/wait.h> 32 #include <sys/socket.h> 33 #include <sys/tree.h> 34 #include <sys/queue.h> 35 36 #include <errno.h> 37 #include <fcntl.h> 38 #include <limits.h> 39 #include <paths.h> 40 #include <poll.h> 41 #include <pwd.h> 42 #include <signal.h> 43 #include <stdarg.h> 44 #include <stdint.h> 45 #include <stdio.h> 46 #include <stdlib.h> 47 #include <string.h> 48 #include <unistd.h> 49 50 #ifdef WITH_OPENSSL 51 #include <openssl/dh.h> 52 #endif 53 54 #include "openbsd-compat/openssl-compat.h" 55 56 #include "atomicio.h" 57 #include "xmalloc.h" 58 #include "ssh.h" 59 #include "sshkey.h" 60 #include "sshbuf.h" 61 #include "hostfile.h" 62 #include "auth.h" 63 #include "cipher.h" 64 #include "kex.h" 65 #include "dh.h" 66 #include "auth-pam.h" 67 #include "packet.h" 68 #include "auth-options.h" 69 #include "sshpty.h" 70 #include "channels.h" 71 #include "session.h" 72 #include "sshlogin.h" 73 #include "canohost.h" 74 #include "log.h" 75 #include "misc.h" 76 #include "servconf.h" 77 #include "monitor.h" 78 #include "blocklist_client.h" 79 80 #ifdef GSSAPI 81 #include "ssh-gss.h" 82 #endif 83 #include "monitor_wrap.h" 84 #include "monitor_fdpass.h" 85 #include "compat.h" 86 #include "ssh2.h" 87 #include "authfd.h" 88 #include "match.h" 89 #include "ssherr.h" 90 #include "sk-api.h" 91 #include "srclimit.h" 92 93 #ifdef GSSAPI 94 static Gssctxt *gsscontext = NULL; 95 #endif 96 97 /* Imports */ 98 extern ServerOptions options; 99 extern u_int utmp_len; 100 extern struct sshbuf *cfg; 101 extern struct sshbuf *loginmsg; 102 extern struct include_list includes; 103 extern struct sshauthopt *auth_opts; /* XXX move to permanent ssh->authctxt? */ 104 105 /* State exported from the child */ 106 static struct sshbuf *child_state; 107 108 /* Functions on the monitor that answer unprivileged requests */ 109 110 int mm_answer_moduli(struct ssh *, int, struct sshbuf *); 111 int mm_answer_setcompat(struct ssh *, int, struct sshbuf *); 112 int mm_answer_sign(struct ssh *, int, struct sshbuf *); 113 int mm_answer_pwnamallow(struct ssh *, int, struct sshbuf *); 114 int mm_answer_auth2_read_banner(struct ssh *, int, struct sshbuf *); 115 int mm_answer_authserv(struct ssh *, int, struct sshbuf *); 116 int mm_answer_authpassword(struct ssh *, int, struct sshbuf *); 117 int mm_answer_bsdauthquery(struct ssh *, int, struct sshbuf *); 118 int mm_answer_bsdauthrespond(struct ssh *, int, struct sshbuf *); 119 int mm_answer_keyallowed(struct ssh *, int, struct sshbuf *); 120 int mm_answer_keyverify(struct ssh *, int, struct sshbuf *); 121 int mm_answer_pty(struct ssh *, int, struct sshbuf *); 122 int mm_answer_pty_cleanup(struct ssh *, int, struct sshbuf *); 123 int mm_answer_term(struct ssh *, int, struct sshbuf *); 124 int mm_answer_state(struct ssh *, int, struct sshbuf *); 125 126 #ifdef USE_PAM 127 int mm_answer_pam_start(struct ssh *, int, struct sshbuf *); 128 int mm_answer_pam_account(struct ssh *, int, struct sshbuf *); 129 int mm_answer_pam_init_ctx(struct ssh *, int, struct sshbuf *); 130 int mm_answer_pam_query(struct ssh *, int, struct sshbuf *); 131 int mm_answer_pam_respond(struct ssh *, int, struct sshbuf *); 132 int mm_answer_pam_free_ctx(struct ssh *, int, struct sshbuf *); 133 #endif 134 135 #ifdef GSSAPI 136 int mm_answer_gss_setup_ctx(struct ssh *, int, struct sshbuf *); 137 int mm_answer_gss_accept_ctx(struct ssh *, int, struct sshbuf *); 138 int mm_answer_gss_userok(struct ssh *, int, struct sshbuf *); 139 int mm_answer_gss_checkmic(struct ssh *, int, struct sshbuf *); 140 #endif 141 142 #ifdef SSH_AUDIT_EVENTS 143 int mm_answer_audit_event(struct ssh *, int, struct sshbuf *); 144 int mm_answer_audit_command(struct ssh *, int, struct sshbuf *); 145 #endif 146 147 static Authctxt *authctxt; 148 149 /* local state for key verify */ 150 static u_char *key_blob = NULL; 151 static size_t key_bloblen = 0; 152 static u_int key_blobtype = MM_NOKEY; 153 static struct sshauthopt *key_opts = NULL; 154 static char *hostbased_cuser = NULL; 155 static char *hostbased_chost = NULL; 156 static char *auth_method = "unknown"; 157 static char *auth_submethod = NULL; 158 static u_int session_id2_len = 0; 159 static u_char *session_id2 = NULL; 160 static pid_t monitor_child_pid; 161 static int auth_attempted = 0; 162 static int invalid_user = 0; 163 static int compat_set = 0; 164 165 struct mon_table { 166 enum monitor_reqtype type; 167 int flags; 168 int (*f)(struct ssh *, int, struct sshbuf *); 169 }; 170 171 #define MON_ISAUTH 0x0004 /* Required for Authentication */ 172 #define MON_AUTHDECIDE 0x0008 /* Decides Authentication */ 173 #define MON_ONCE 0x0010 /* Disable after calling */ 174 #define MON_ALOG 0x0020 /* Log auth attempt without authenticating */ 175 176 #define MON_AUTH (MON_ISAUTH|MON_AUTHDECIDE) 177 178 #define MON_PERMIT 0x1000 /* Request is permitted */ 179 180 static int monitor_read(struct ssh *, struct monitor *, struct mon_table *, 181 struct mon_table **); 182 static int monitor_read_log(struct monitor *); 183 184 struct mon_table mon_dispatch_proto20[] = { 185 {MONITOR_REQ_STATE, MON_ONCE, mm_answer_state}, 186 #ifdef WITH_OPENSSL 187 {MONITOR_REQ_MODULI, MON_ONCE, mm_answer_moduli}, 188 #endif 189 {MONITOR_REQ_SETCOMPAT, MON_ONCE, mm_answer_setcompat}, 190 {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign}, 191 {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow}, 192 {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv}, 193 {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner}, 194 {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword}, 195 #ifdef USE_PAM 196 {MONITOR_REQ_PAM_START, MON_ONCE, mm_answer_pam_start}, 197 {MONITOR_REQ_PAM_ACCOUNT, 0, mm_answer_pam_account}, 198 {MONITOR_REQ_PAM_INIT_CTX, MON_ONCE, mm_answer_pam_init_ctx}, 199 {MONITOR_REQ_PAM_QUERY, 0, mm_answer_pam_query}, 200 {MONITOR_REQ_PAM_RESPOND, MON_ONCE, mm_answer_pam_respond}, 201 {MONITOR_REQ_PAM_FREE_CTX, MON_ONCE|MON_AUTHDECIDE, mm_answer_pam_free_ctx}, 202 #endif 203 #ifdef SSH_AUDIT_EVENTS 204 {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, 205 #endif 206 #ifdef BSD_AUTH 207 {MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery}, 208 {MONITOR_REQ_BSDAUTHRESPOND, MON_AUTH, mm_answer_bsdauthrespond}, 209 #endif 210 {MONITOR_REQ_KEYALLOWED, MON_ISAUTH, mm_answer_keyallowed}, 211 {MONITOR_REQ_KEYVERIFY, MON_AUTH, mm_answer_keyverify}, 212 #ifdef GSSAPI 213 {MONITOR_REQ_GSSSETUP, MON_ISAUTH, mm_answer_gss_setup_ctx}, 214 {MONITOR_REQ_GSSSTEP, 0, mm_answer_gss_accept_ctx}, 215 {MONITOR_REQ_GSSUSEROK, MON_ONCE|MON_AUTHDECIDE, mm_answer_gss_userok}, 216 {MONITOR_REQ_GSSCHECKMIC, MON_ONCE, mm_answer_gss_checkmic}, 217 #endif 218 {0, 0, NULL} 219 }; 220 221 struct mon_table mon_dispatch_postauth20[] = { 222 {MONITOR_REQ_STATE, MON_ONCE, mm_answer_state}, 223 #ifdef WITH_OPENSSL 224 {MONITOR_REQ_MODULI, 0, mm_answer_moduli}, 225 #endif 226 {MONITOR_REQ_SIGN, 0, mm_answer_sign}, 227 {MONITOR_REQ_PTY, 0, mm_answer_pty}, 228 {MONITOR_REQ_PTYCLEANUP, 0, mm_answer_pty_cleanup}, 229 {MONITOR_REQ_TERM, 0, mm_answer_term}, 230 #ifdef SSH_AUDIT_EVENTS 231 {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, 232 {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT, mm_answer_audit_command}, 233 #endif 234 {0, 0, NULL} 235 }; 236 237 struct mon_table *mon_dispatch; 238 239 /* Specifies if a certain message is allowed at the moment */ 240 static void 241 monitor_permit(struct mon_table *ent, enum monitor_reqtype type, int permit) 242 { 243 while (ent->f != NULL) { 244 if (ent->type == type) { 245 ent->flags &= ~MON_PERMIT; 246 ent->flags |= permit ? MON_PERMIT : 0; 247 return; 248 } 249 ent++; 250 } 251 } 252 253 static void 254 monitor_permit_authentications(int permit) 255 { 256 struct mon_table *ent = mon_dispatch; 257 258 while (ent->f != NULL) { 259 if (ent->flags & MON_AUTH) { 260 ent->flags &= ~MON_PERMIT; 261 ent->flags |= permit ? MON_PERMIT : 0; 262 } 263 ent++; 264 } 265 } 266 267 void 268 monitor_child_preauth(struct ssh *ssh, struct monitor *pmonitor) 269 { 270 struct mon_table *ent; 271 int status, authenticated = 0, partial = 0; 272 273 debug3("preauth child monitor started"); 274 275 if (pmonitor->m_recvfd >= 0) 276 close(pmonitor->m_recvfd); 277 if (pmonitor->m_log_sendfd >= 0) 278 close(pmonitor->m_log_sendfd); 279 pmonitor->m_log_sendfd = pmonitor->m_recvfd = -1; 280 281 authctxt = (Authctxt *)ssh->authctxt; 282 memset(authctxt, 0, sizeof(*authctxt)); 283 ssh->authctxt = authctxt; 284 285 authctxt->loginmsg = loginmsg; 286 287 mon_dispatch = mon_dispatch_proto20; 288 /* Permit requests for state, moduli and signatures */ 289 monitor_permit(mon_dispatch, MONITOR_REQ_STATE, 1); 290 monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1); 291 monitor_permit(mon_dispatch, MONITOR_REQ_SETCOMPAT, 1); 292 monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1); 293 294 /* The first few requests do not require asynchronous access */ 295 while (!authenticated) { 296 partial = 0; 297 auth_method = "unknown"; 298 auth_submethod = NULL; 299 auth2_authctxt_reset_info(authctxt); 300 301 authenticated = (monitor_read(ssh, pmonitor, 302 mon_dispatch, &ent) == 1); 303 304 /* Record that auth was attempted to set exit status later */ 305 if ((ent->flags & MON_AUTH) != 0) 306 auth_attempted = 1; 307 308 /* Special handling for multiple required authentications */ 309 if (options.num_auth_methods != 0) { 310 if (authenticated && 311 !auth2_update_methods_lists(authctxt, 312 auth_method, auth_submethod)) { 313 debug3_f("method %s: partial", auth_method); 314 authenticated = 0; 315 partial = 1; 316 } 317 } 318 319 if (authenticated) { 320 if (!(ent->flags & MON_AUTHDECIDE)) 321 fatal_f("unexpected authentication from %d", 322 ent->type); 323 if (authctxt->pw->pw_uid == 0 && 324 !auth_root_allowed(ssh, auth_method)) 325 authenticated = 0; 326 #ifdef USE_PAM 327 /* PAM needs to perform account checks after auth */ 328 if (options.use_pam && authenticated) { 329 struct sshbuf *m; 330 331 if ((m = sshbuf_new()) == NULL) 332 fatal("%s: sshbuf_new failed", 333 __func__); 334 mm_request_receive_expect(pmonitor->m_sendfd, 335 MONITOR_REQ_PAM_ACCOUNT, m); 336 authenticated = mm_answer_pam_account( 337 ssh, pmonitor->m_sendfd, m); 338 sshbuf_free(m); 339 } 340 #endif 341 } 342 if (ent->flags & (MON_AUTHDECIDE|MON_ALOG)) { 343 auth_log(ssh, authenticated, partial, 344 auth_method, auth_submethod); 345 if (!partial && !authenticated) 346 authctxt->failures++; 347 if (authenticated || partial) { 348 auth2_update_session_info(authctxt, 349 auth_method, auth_submethod); 350 } 351 } 352 if (authctxt->failures > options.max_authtries) { 353 BLOCKLIST_NOTIFY(ssh, BLOCKLIST_AUTH_FAIL, 354 "Too many authentication attempts"); 355 /* Shouldn't happen */ 356 fatal_f("privsep child made too many authentication " 357 "attempts"); 358 } 359 } 360 361 if (!authctxt->valid) { 362 BLOCKLIST_NOTIFY(ssh, BLOCKLIST_AUTH_FAIL, 363 "Authenticated invalid user"); 364 fatal_f("authenticated invalid user"); 365 } 366 if (strcmp(auth_method, "unknown") == 0) { 367 BLOCKLIST_NOTIFY(ssh, BLOCKLIST_AUTH_FAIL, 368 "Authentication method name unknown"); 369 fatal_f("authentication method name unknown"); 370 } 371 372 debug_f("user %s authenticated by privileged process", authctxt->user); 373 auth_attempted = 0; 374 ssh->authctxt = NULL; 375 ssh_packet_set_log_preamble(ssh, "user %s", authctxt->user); 376 377 mm_get_keystate(ssh, pmonitor); 378 379 /* Drain any buffered messages from the child */ 380 while (pmonitor->m_log_recvfd != -1 && monitor_read_log(pmonitor) == 0) 381 ; 382 383 /* Wait for the child's exit status */ 384 while (waitpid(pmonitor->m_pid, &status, 0) == -1) { 385 if (errno == EINTR) 386 continue; 387 fatal_f("waitpid: %s", strerror(errno)); 388 } 389 if (WIFEXITED(status)) { 390 if (WEXITSTATUS(status) != 0) 391 fatal_f("preauth child %ld exited with status %d", 392 (long)pmonitor->m_pid, WEXITSTATUS(status)); 393 } else if (WIFSIGNALED(status)) { 394 fatal_f("preauth child %ld terminated by signal %d", 395 (long)pmonitor->m_pid, WTERMSIG(status)); 396 } 397 debug3_f("preauth child %ld terminated successfully", 398 (long)pmonitor->m_pid); 399 400 if (pmonitor->m_recvfd >= 0) 401 close(pmonitor->m_recvfd); 402 if (pmonitor->m_log_sendfd >= 0) 403 close(pmonitor->m_log_sendfd); 404 pmonitor->m_sendfd = pmonitor->m_log_recvfd = -1; 405 pmonitor->m_pid = -1; 406 } 407 408 static void 409 monitor_set_child_handler(pid_t pid) 410 { 411 monitor_child_pid = pid; 412 } 413 414 static void 415 monitor_child_handler(int sig) 416 { 417 kill(monitor_child_pid, sig); 418 } 419 420 void 421 monitor_child_postauth(struct ssh *ssh, struct monitor *pmonitor) 422 { 423 close(pmonitor->m_recvfd); 424 pmonitor->m_recvfd = -1; 425 426 monitor_set_child_handler(pmonitor->m_pid); 427 ssh_signal(SIGHUP, &monitor_child_handler); 428 ssh_signal(SIGTERM, &monitor_child_handler); 429 ssh_signal(SIGINT, &monitor_child_handler); 430 #ifdef SIGXFSZ 431 ssh_signal(SIGXFSZ, SIG_IGN); 432 #endif 433 434 mon_dispatch = mon_dispatch_postauth20; 435 436 /* Permit requests for moduli and signatures */ 437 monitor_permit(mon_dispatch, MONITOR_REQ_STATE, 1); 438 monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1); 439 monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1); 440 monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1); 441 442 if (auth_opts->permit_pty_flag) { 443 monitor_permit(mon_dispatch, MONITOR_REQ_PTY, 1); 444 monitor_permit(mon_dispatch, MONITOR_REQ_PTYCLEANUP, 1); 445 } 446 447 for (;;) 448 monitor_read(ssh, pmonitor, mon_dispatch, NULL); 449 } 450 451 static int 452 monitor_read_log(struct monitor *pmonitor) 453 { 454 struct sshbuf *logmsg; 455 u_int len, level, forced; 456 char *msg; 457 u_char *p; 458 int r; 459 460 if ((logmsg = sshbuf_new()) == NULL) 461 fatal_f("sshbuf_new"); 462 463 /* Read length */ 464 if ((r = sshbuf_reserve(logmsg, 4, &p)) != 0) 465 fatal_fr(r, "reserve len"); 466 if (atomicio(read, pmonitor->m_log_recvfd, p, 4) != 4) { 467 if (errno == EPIPE) { 468 sshbuf_free(logmsg); 469 debug_f("child log fd closed"); 470 close(pmonitor->m_log_recvfd); 471 pmonitor->m_log_recvfd = -1; 472 return -1; 473 } 474 fatal_f("log fd read: %s", strerror(errno)); 475 } 476 if ((r = sshbuf_get_u32(logmsg, &len)) != 0) 477 fatal_fr(r, "parse len"); 478 if (len <= 4 || len > 8192) 479 fatal_f("invalid log message length %u", len); 480 481 /* Read severity, message */ 482 sshbuf_reset(logmsg); 483 if ((r = sshbuf_reserve(logmsg, len, &p)) != 0) 484 fatal_fr(r, "reserve msg"); 485 if (atomicio(read, pmonitor->m_log_recvfd, p, len) != len) 486 fatal_f("log fd read: %s", strerror(errno)); 487 if ((r = sshbuf_get_u32(logmsg, &level)) != 0 || 488 (r = sshbuf_get_u32(logmsg, &forced)) != 0 || 489 (r = sshbuf_get_cstring(logmsg, &msg, NULL)) != 0) 490 fatal_fr(r, "parse"); 491 492 /* Log it */ 493 if (log_level_name(level) == NULL) 494 fatal_f("invalid log level %u (corrupted message?)", level); 495 sshlogdirect(level, forced, "%s [%s]", msg, 496 mon_dispatch == mon_dispatch_postauth20 ? "postauth" : "preauth"); 497 498 sshbuf_free(logmsg); 499 free(msg); 500 501 return 0; 502 } 503 504 static int 505 monitor_read(struct ssh *ssh, struct monitor *pmonitor, struct mon_table *ent, 506 struct mon_table **pent) 507 { 508 struct sshbuf *m; 509 int r, ret; 510 u_char type; 511 struct pollfd pfd[2]; 512 513 for (;;) { 514 memset(&pfd, 0, sizeof(pfd)); 515 pfd[0].fd = pmonitor->m_sendfd; 516 pfd[0].events = POLLIN; 517 pfd[1].fd = pmonitor->m_log_recvfd; 518 pfd[1].events = pfd[1].fd == -1 ? 0 : POLLIN; 519 if (poll(pfd, pfd[1].fd == -1 ? 1 : 2, -1) == -1) { 520 if (errno == EINTR || errno == EAGAIN) 521 continue; 522 fatal_f("poll: %s", strerror(errno)); 523 } 524 if (pfd[1].revents) { 525 /* 526 * Drain all log messages before processing next 527 * monitor request. 528 */ 529 monitor_read_log(pmonitor); 530 continue; 531 } 532 if (pfd[0].revents) 533 break; /* Continues below */ 534 } 535 536 if ((m = sshbuf_new()) == NULL) 537 fatal_f("sshbuf_new"); 538 539 mm_request_receive(pmonitor->m_sendfd, m); 540 if ((r = sshbuf_get_u8(m, &type)) != 0) 541 fatal_fr(r, "parse type"); 542 543 debug3_f("checking request %d", type); 544 545 while (ent->f != NULL) { 546 if (ent->type == type) 547 break; 548 ent++; 549 } 550 551 if (ent->f != NULL) { 552 if (!(ent->flags & MON_PERMIT)) 553 fatal_f("unpermitted request %d", type); 554 ret = (*ent->f)(ssh, pmonitor->m_sendfd, m); 555 sshbuf_free(m); 556 557 /* The child may use this request only once, disable it */ 558 if (ent->flags & MON_ONCE) { 559 debug2_f("%d used once, disabling now", type); 560 ent->flags &= ~MON_PERMIT; 561 } 562 563 if (pent != NULL) 564 *pent = ent; 565 566 return ret; 567 } 568 569 fatal_f("unsupported request: %d", type); 570 571 /* NOTREACHED */ 572 return (-1); 573 } 574 575 /* allowed key state */ 576 static int 577 monitor_allowed_key(const u_char *blob, u_int bloblen) 578 { 579 /* make sure key is allowed */ 580 if (key_blob == NULL || key_bloblen != bloblen || 581 timingsafe_bcmp(key_blob, blob, key_bloblen)) 582 return (0); 583 return (1); 584 } 585 586 static void 587 monitor_reset_key_state(void) 588 { 589 /* reset state */ 590 free(key_blob); 591 free(hostbased_cuser); 592 free(hostbased_chost); 593 sshauthopt_free(key_opts); 594 key_blob = NULL; 595 key_bloblen = 0; 596 key_blobtype = MM_NOKEY; 597 key_opts = NULL; 598 hostbased_cuser = NULL; 599 hostbased_chost = NULL; 600 } 601 602 int 603 mm_answer_state(struct ssh *ssh, int sock, struct sshbuf *unused) 604 { 605 struct sshbuf *m = NULL, *inc = NULL, *hostkeys = NULL; 606 struct sshbuf *opts = NULL, *confdata = NULL; 607 struct include_item *item = NULL; 608 int postauth; 609 int r; 610 611 debug_f("config len %zu", sshbuf_len(cfg)); 612 613 if ((m = sshbuf_new()) == NULL || 614 (inc = sshbuf_new()) == NULL || 615 (opts = sshbuf_new()) == NULL || 616 (confdata = sshbuf_new()) == NULL) 617 fatal_f("sshbuf_new failed"); 618 619 /* XXX unnecessary? */ 620 /* pack includes into a string */ 621 TAILQ_FOREACH(item, &includes, entry) { 622 if ((r = sshbuf_put_cstring(inc, item->selector)) != 0 || 623 (r = sshbuf_put_cstring(inc, item->filename)) != 0 || 624 (r = sshbuf_put_stringb(inc, item->contents)) != 0) 625 fatal_fr(r, "compose includes"); 626 } 627 628 hostkeys = pack_hostkeys(); 629 630 /* 631 * Protocol from monitor to unpriv privsep process: 632 * string configuration 633 * uint64 timing_secret XXX move delays to monitor and remove 634 * string host_keys[] { 635 * string public_key 636 * string certificate 637 * } 638 * string server_banner 639 * string client_banner 640 * string included_files[] { 641 * string selector 642 * string filename 643 * string contents 644 * } 645 * string configuration_data (postauth) 646 * string keystate (postauth) 647 * string authenticated_user (postauth) 648 * string session_info (postauth) 649 * string authopts (postauth) 650 */ 651 if ((r = sshbuf_put_stringb(m, cfg)) != 0 || 652 (r = sshbuf_put_u64(m, options.timing_secret)) != 0 || 653 (r = sshbuf_put_stringb(m, hostkeys)) != 0 || 654 (r = sshbuf_put_stringb(m, ssh->kex->server_version)) != 0 || 655 (r = sshbuf_put_stringb(m, ssh->kex->client_version)) != 0 || 656 (r = sshbuf_put_stringb(m, inc)) != 0) 657 fatal_fr(r, "compose config"); 658 659 postauth = (authctxt && authctxt->pw && authctxt->authenticated); 660 if (postauth) { 661 /* XXX shouldn't be reachable */ 662 fatal_f("internal error: called in postauth"); 663 } 664 665 sshbuf_free(inc); 666 sshbuf_free(opts); 667 sshbuf_free(confdata); 668 sshbuf_free(hostkeys); 669 670 mm_request_send(sock, MONITOR_ANS_STATE, m); 671 sshbuf_free(m); 672 debug3_f("done"); 673 674 return (0); 675 } 676 677 #ifdef WITH_OPENSSL 678 int 679 mm_answer_moduli(struct ssh *ssh, int sock, struct sshbuf *m) 680 { 681 DH *dh; 682 const BIGNUM *dh_p, *dh_g; 683 int r; 684 u_int min, want, max; 685 686 if ((r = sshbuf_get_u32(m, &min)) != 0 || 687 (r = sshbuf_get_u32(m, &want)) != 0 || 688 (r = sshbuf_get_u32(m, &max)) != 0) 689 fatal_fr(r, "parse"); 690 691 debug3_f("got parameters: %d %d %d", min, want, max); 692 /* We need to check here, too, in case the child got corrupted */ 693 if (max < min || want < min || max < want) 694 fatal_f("bad parameters: %d %d %d", min, want, max); 695 696 sshbuf_reset(m); 697 698 dh = choose_dh(min, want, max); 699 if (dh == NULL) { 700 if ((r = sshbuf_put_u8(m, 0)) != 0) 701 fatal_fr(r, "assemble empty"); 702 } else { 703 /* Send first bignum */ 704 DH_get0_pqg(dh, &dh_p, NULL, &dh_g); 705 if ((r = sshbuf_put_u8(m, 1)) != 0 || 706 (r = sshbuf_put_bignum2(m, dh_p)) != 0 || 707 (r = sshbuf_put_bignum2(m, dh_g)) != 0) 708 fatal_fr(r, "assemble"); 709 710 DH_free(dh); 711 } 712 mm_request_send(sock, MONITOR_ANS_MODULI, m); 713 return (0); 714 } 715 #endif 716 717 int 718 mm_answer_setcompat(struct ssh *ssh, int sock, struct sshbuf *m) 719 { 720 int r; 721 722 debug3_f("entering"); 723 724 if ((r = sshbuf_get_u32(m, &ssh->compat)) != 0) 725 fatal_fr(r, "parse"); 726 compat_set = 1; 727 728 return (0); 729 } 730 731 int 732 mm_answer_sign(struct ssh *ssh, int sock, struct sshbuf *m) 733 { 734 extern int auth_sock; /* XXX move to state struct? */ 735 struct sshkey *pubkey, *key; 736 struct sshbuf *sigbuf = NULL; 737 u_char *p = NULL, *signature = NULL; 738 char *alg = NULL; 739 size_t datlen, siglen; 740 int r, is_proof = 0, keyid; 741 u_int compat; 742 const char proof_req[] = "hostkeys-prove-00@openssh.com"; 743 744 debug3_f("entering"); 745 746 /* Make sure the unpriv process sent the compat bits already */ 747 if (!compat_set) 748 fatal_f("state error: setcompat never called"); 749 750 if ((r = sshkey_froms(m, &pubkey)) != 0 || 751 (r = sshbuf_get_string(m, &p, &datlen)) != 0 || 752 (r = sshbuf_get_cstring(m, &alg, NULL)) != 0 || 753 (r = sshbuf_get_u32(m, &compat)) != 0) 754 fatal_fr(r, "parse"); 755 756 if ((keyid = get_hostkey_index(pubkey, 1, ssh)) == -1) 757 fatal_f("unknown hostkey"); 758 debug_f("hostkey %s index %d", sshkey_ssh_name(pubkey), keyid); 759 sshkey_free(pubkey); 760 761 /* 762 * Supported KEX types use SHA1 (20 bytes), SHA256 (32 bytes), 763 * SHA384 (48 bytes) and SHA512 (64 bytes). 764 * 765 * Otherwise, verify the signature request is for a hostkey 766 * proof. 767 * 768 * XXX perform similar check for KEX signature requests too? 769 * it's not trivial, since what is signed is the hash, rather 770 * than the full kex structure... 771 */ 772 if (datlen != 20 && datlen != 32 && datlen != 48 && datlen != 64) { 773 /* 774 * Construct expected hostkey proof and compare it to what 775 * the client sent us. 776 */ 777 if (session_id2_len == 0) /* hostkeys is never first */ 778 fatal_f("bad data length: %zu", datlen); 779 if ((key = get_hostkey_public_by_index(keyid, ssh)) == NULL) 780 fatal_f("no hostkey for index %d", keyid); 781 if ((sigbuf = sshbuf_new()) == NULL) 782 fatal_f("sshbuf_new"); 783 if ((r = sshbuf_put_cstring(sigbuf, proof_req)) != 0 || 784 (r = sshbuf_put_string(sigbuf, session_id2, 785 session_id2_len)) != 0 || 786 (r = sshkey_puts(key, sigbuf)) != 0) 787 fatal_fr(r, "assemble private key proof"); 788 if (datlen != sshbuf_len(sigbuf) || 789 memcmp(p, sshbuf_ptr(sigbuf), sshbuf_len(sigbuf)) != 0) 790 fatal_f("bad data length: %zu, hostkey proof len %zu", 791 datlen, sshbuf_len(sigbuf)); 792 sshbuf_free(sigbuf); 793 is_proof = 1; 794 } 795 796 /* save session id, it will be passed on the first call */ 797 if (session_id2_len == 0) { 798 session_id2_len = datlen; 799 session_id2 = xmalloc(session_id2_len); 800 memcpy(session_id2, p, session_id2_len); 801 } 802 803 if ((key = get_hostkey_by_index(keyid)) != NULL) { 804 if ((r = sshkey_sign(key, &signature, &siglen, p, datlen, alg, 805 options.sk_provider, NULL, compat)) != 0) 806 fatal_fr(r, "sign"); 807 } else if ((key = get_hostkey_public_by_index(keyid, ssh)) != NULL && 808 auth_sock > 0) { 809 if ((r = ssh_agent_sign(auth_sock, key, &signature, &siglen, 810 p, datlen, alg, compat)) != 0) 811 fatal_fr(r, "agent sign"); 812 } else 813 fatal_f("no hostkey from index %d", keyid); 814 815 debug3_f("%s %s signature len=%zu", alg, 816 is_proof ? "hostkey proof" : "KEX", siglen); 817 818 sshbuf_reset(m); 819 if ((r = sshbuf_put_string(m, signature, siglen)) != 0) 820 fatal_fr(r, "assemble"); 821 822 free(alg); 823 free(p); 824 free(signature); 825 826 mm_request_send(sock, MONITOR_ANS_SIGN, m); 827 828 /* Turn on permissions for getpwnam */ 829 monitor_permit(mon_dispatch, MONITOR_REQ_PWNAM, 1); 830 831 return (0); 832 } 833 834 #define PUTPW(b, id) \ 835 do { \ 836 if ((r = sshbuf_put_string(b, \ 837 &pwent->id, sizeof(pwent->id))) != 0) \ 838 fatal_fr(r, "assemble %s", #id); \ 839 } while (0) 840 841 void 842 mm_encode_server_options(struct sshbuf *m) 843 { 844 int r; 845 u_int i; 846 847 /* XXX this leaks raw pointers to the unpriv child processes */ 848 if ((r = sshbuf_put_string(m, &options, sizeof(options))) != 0) 849 fatal_fr(r, "assemble options"); 850 851 #define M_CP_STROPT(x) do { \ 852 if (options.x != NULL && \ 853 (r = sshbuf_put_cstring(m, options.x)) != 0) \ 854 fatal_fr(r, "assemble %s", #x); \ 855 } while (0) 856 #define M_CP_STRARRAYOPT(x, nx, clobber) do { \ 857 for (i = 0; i < options.nx; i++) { \ 858 if ((r = sshbuf_put_cstring(m, options.x[i])) != 0) \ 859 fatal_fr(r, "assemble %s", #x); \ 860 } \ 861 } while (0) 862 /* See comment in servconf.h */ 863 COPY_MATCH_STRING_OPTS(); 864 #undef M_CP_STROPT 865 #undef M_CP_STRARRAYOPT 866 } 867 868 /* Retrieves the password entry and also checks if the user is permitted */ 869 int 870 mm_answer_pwnamallow(struct ssh *ssh, int sock, struct sshbuf *m) 871 { 872 struct passwd *pwent; 873 int r, allowed = 0; 874 875 debug3_f("entering"); 876 877 /* Make sure the unpriv process sent the compat bits already */ 878 if (!compat_set) 879 fatal_f("state error: setcompat never called"); 880 881 if (authctxt->attempt++ != 0) 882 fatal_f("multiple attempts for getpwnam"); 883 884 if ((r = sshbuf_get_cstring(m, &authctxt->user, NULL)) != 0) 885 fatal_fr(r, "parse"); 886 887 pwent = getpwnamallow(ssh, authctxt->user); 888 889 setproctitle("%s [priv]", pwent ? authctxt->user : "unknown"); 890 891 sshbuf_reset(m); 892 893 if (pwent == NULL) { 894 invalid_user = 1; 895 if ((r = sshbuf_put_u8(m, 0)) != 0) 896 fatal_fr(r, "assemble fakepw"); 897 authctxt->pw = fakepw(); 898 goto out; 899 } 900 901 allowed = 1; 902 authctxt->pw = pwent; 903 authctxt->valid = 1; 904 905 /* XXX send fake class/dir/shell, etc. */ 906 if ((r = sshbuf_put_u8(m, 1)) != 0) 907 fatal_fr(r, "assemble ok"); 908 PUTPW(m, pw_uid); 909 PUTPW(m, pw_gid); 910 #ifdef HAVE_STRUCT_PASSWD_PW_CHANGE 911 PUTPW(m, pw_change); 912 #endif 913 #ifdef HAVE_STRUCT_PASSWD_PW_EXPIRE 914 PUTPW(m, pw_expire); 915 #endif 916 if ((r = sshbuf_put_cstring(m, pwent->pw_name)) != 0 || 917 (r = sshbuf_put_cstring(m, "*")) != 0 || 918 #ifdef HAVE_STRUCT_PASSWD_PW_GECOS 919 (r = sshbuf_put_cstring(m, pwent->pw_gecos)) != 0 || 920 #endif 921 #ifdef HAVE_STRUCT_PASSWD_PW_CLASS 922 (r = sshbuf_put_cstring(m, pwent->pw_class)) != 0 || 923 #endif 924 (r = sshbuf_put_cstring(m, pwent->pw_dir)) != 0 || 925 (r = sshbuf_put_cstring(m, pwent->pw_shell)) != 0) 926 fatal_fr(r, "assemble pw"); 927 928 out: 929 ssh_packet_set_log_preamble(ssh, "%suser %s", 930 authctxt->valid ? "authenticating" : "invalid ", authctxt->user); 931 932 if (options.refuse_connection) { 933 logit("administratively prohibited connection for " 934 "%s%s from %.128s port %d", 935 authctxt->valid ? "" : "invalid user ", 936 authctxt->user, ssh_remote_ipaddr(ssh), 937 ssh_remote_port(ssh)); 938 cleanup_exit(EXIT_CONFIG_REFUSED); 939 } 940 941 /* Send active options to unpriv */ 942 mm_encode_server_options(m); 943 944 /* Create valid auth method lists */ 945 if (auth2_setup_methods_lists(authctxt) != 0) { 946 /* 947 * The monitor will continue long enough to let the child 948 * run to its packet_disconnect(), but it must not allow any 949 * authentication to succeed. 950 */ 951 debug_f("no valid authentication method lists"); 952 } 953 954 debug3_f("sending MONITOR_ANS_PWNAM: %d", allowed); 955 mm_request_send(sock, MONITOR_ANS_PWNAM, m); 956 957 /* Allow service/style information on the auth context */ 958 monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1); 959 monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1); 960 961 #ifdef USE_PAM 962 if (options.use_pam) 963 monitor_permit(mon_dispatch, MONITOR_REQ_PAM_START, 1); 964 #endif 965 966 return (0); 967 } 968 969 int mm_answer_auth2_read_banner(struct ssh *ssh, int sock, struct sshbuf *m) 970 { 971 char *banner; 972 int r; 973 974 sshbuf_reset(m); 975 banner = auth2_read_banner(); 976 if ((r = sshbuf_put_cstring(m, banner != NULL ? banner : "")) != 0) 977 fatal_fr(r, "assemble"); 978 mm_request_send(sock, MONITOR_ANS_AUTH2_READ_BANNER, m); 979 free(banner); 980 981 return (0); 982 } 983 984 int 985 mm_answer_authserv(struct ssh *ssh, int sock, struct sshbuf *m) 986 { 987 int r; 988 989 monitor_permit_authentications(1); 990 991 if ((r = sshbuf_get_cstring(m, &authctxt->service, NULL)) != 0 || 992 (r = sshbuf_get_cstring(m, &authctxt->style, NULL)) != 0) 993 fatal_fr(r, "parse"); 994 debug3_f("service=%s, style=%s", authctxt->service, authctxt->style); 995 996 if (strlen(authctxt->style) == 0) { 997 free(authctxt->style); 998 authctxt->style = NULL; 999 } 1000 1001 return (0); 1002 } 1003 1004 /* 1005 * Check that the key type appears in the supplied pattern list, ignoring 1006 * mismatches in the signature algorithm. (Signature algorithm checks are 1007 * performed in the unprivileged authentication code). 1008 * Returns 1 on success, 0 otherwise. 1009 */ 1010 static int 1011 key_base_type_match(const char *method, const struct sshkey *key, 1012 const char *list) 1013 { 1014 char *s, *l, *ol = xstrdup(list); 1015 int found = 0; 1016 1017 l = ol; 1018 for ((s = strsep(&l, ",")); s && *s != '\0'; (s = strsep(&l, ","))) { 1019 if (sshkey_type_from_name(s) == key->type) { 1020 found = 1; 1021 break; 1022 } 1023 } 1024 if (!found) { 1025 error("%s key type %s is not in permitted list %s", method, 1026 sshkey_ssh_name(key), list); 1027 } 1028 1029 free(ol); 1030 return found; 1031 } 1032 1033 int 1034 mm_answer_authpassword(struct ssh *ssh, int sock, struct sshbuf *m) 1035 { 1036 static int call_count; 1037 char *passwd; 1038 int r, authenticated; 1039 size_t plen; 1040 1041 if (!options.password_authentication) 1042 fatal_f("password authentication not enabled"); 1043 if ((r = sshbuf_get_cstring(m, &passwd, &plen)) != 0) 1044 fatal_fr(r, "parse"); 1045 /* Only authenticate if the context is valid */ 1046 authenticated = options.password_authentication && 1047 auth_password(ssh, passwd); 1048 freezero(passwd, plen); 1049 1050 sshbuf_reset(m); 1051 if ((r = sshbuf_put_u32(m, authenticated)) != 0) 1052 fatal_fr(r, "assemble"); 1053 #ifdef USE_PAM 1054 if ((r = sshbuf_put_u32(m, sshpam_get_maxtries_reached())) != 0) 1055 fatal_fr(r, "assemble PAM"); 1056 #endif 1057 1058 debug3_f("sending result %d", authenticated); 1059 mm_request_send(sock, MONITOR_ANS_AUTHPASSWORD, m); 1060 1061 call_count++; 1062 if (plen == 0 && call_count == 1) 1063 auth_method = "none"; 1064 else 1065 auth_method = "password"; 1066 1067 /* Causes monitor loop to terminate if authenticated */ 1068 return (authenticated); 1069 } 1070 1071 #ifdef BSD_AUTH 1072 int 1073 mm_answer_bsdauthquery(struct ssh *ssh, int sock, struct sshbuf *m) 1074 { 1075 char *name, *infotxt; 1076 u_int numprompts, *echo_on, success; 1077 char **prompts; 1078 int r; 1079 1080 if (!options.kbd_interactive_authentication) 1081 fatal_f("kbd-int authentication not enabled"); 1082 success = bsdauth_query(authctxt, &name, &infotxt, &numprompts, 1083 &prompts, &echo_on) < 0 ? 0 : 1; 1084 1085 sshbuf_reset(m); 1086 if ((r = sshbuf_put_u32(m, success)) != 0) 1087 fatal_fr(r, "assemble"); 1088 if (success) { 1089 if ((r = sshbuf_put_cstring(m, prompts[0])) != 0) 1090 fatal_fr(r, "assemble prompt"); 1091 } 1092 1093 debug3_f("sending challenge success: %u", success); 1094 mm_request_send(sock, MONITOR_ANS_BSDAUTHQUERY, m); 1095 1096 if (success) { 1097 free(name); 1098 free(infotxt); 1099 free(prompts); 1100 free(echo_on); 1101 } 1102 1103 return (0); 1104 } 1105 1106 int 1107 mm_answer_bsdauthrespond(struct ssh *ssh, int sock, struct sshbuf *m) 1108 { 1109 char *response; 1110 int r, authok; 1111 1112 if (!options.kbd_interactive_authentication) 1113 fatal_f("kbd-int authentication not enabled"); 1114 if (authctxt->as == NULL) 1115 fatal_f("no bsd auth session"); 1116 1117 if ((r = sshbuf_get_cstring(m, &response, NULL)) != 0) 1118 fatal_fr(r, "parse"); 1119 authok = options.kbd_interactive_authentication && 1120 auth_userresponse(authctxt->as, response, 0); 1121 authctxt->as = NULL; 1122 debug3_f("<%s> = <%d>", response, authok); 1123 free(response); 1124 1125 sshbuf_reset(m); 1126 if ((r = sshbuf_put_u32(m, authok)) != 0) 1127 fatal_fr(r, "assemble"); 1128 1129 debug3_f("sending authenticated: %d", authok); 1130 mm_request_send(sock, MONITOR_ANS_BSDAUTHRESPOND, m); 1131 1132 auth_method = "keyboard-interactive"; 1133 auth_submethod = "bsdauth"; 1134 1135 return (authok != 0); 1136 } 1137 #endif 1138 1139 #ifdef USE_PAM 1140 int 1141 mm_answer_pam_start(struct ssh *ssh, int sock, struct sshbuf *m) 1142 { 1143 if (!options.use_pam) 1144 fatal_f("UsePAM not set, but ended up in %s anyway", __func__); 1145 1146 start_pam(ssh); 1147 1148 monitor_permit(mon_dispatch, MONITOR_REQ_PAM_ACCOUNT, 1); 1149 if (options.kbd_interactive_authentication) 1150 monitor_permit(mon_dispatch, MONITOR_REQ_PAM_INIT_CTX, 1); 1151 1152 return (0); 1153 } 1154 1155 int 1156 mm_answer_pam_account(struct ssh *ssh, int sock, struct sshbuf *m) 1157 { 1158 u_int ret; 1159 int r; 1160 1161 if (!options.use_pam) 1162 fatal_f("PAM not enabled"); 1163 1164 ret = do_pam_account(); 1165 1166 if ((r = sshbuf_put_u32(m, ret)) != 0 || 1167 (r = sshbuf_put_stringb(m, loginmsg)) != 0) 1168 fatal_fr(r, "buffer error"); 1169 sshbuf_reset(loginmsg); 1170 1171 mm_request_send(sock, MONITOR_ANS_PAM_ACCOUNT, m); 1172 1173 return (ret); 1174 } 1175 1176 static void *sshpam_ctxt, *sshpam_authok; 1177 extern KbdintDevice sshpam_device; 1178 1179 int 1180 mm_answer_pam_init_ctx(struct ssh *ssh, int sock, struct sshbuf *m) 1181 { 1182 u_int ok = 0; 1183 int r; 1184 1185 debug3_f("entering"); 1186 if (!options.kbd_interactive_authentication) 1187 fatal_f("kbd-int authentication not enabled"); 1188 if (sshpam_ctxt != NULL) 1189 fatal_f("already called"); 1190 sshpam_ctxt = (sshpam_device.init_ctx)(authctxt); 1191 sshpam_authok = NULL; 1192 sshbuf_reset(m); 1193 if (sshpam_ctxt != NULL) { 1194 monitor_permit(mon_dispatch, MONITOR_REQ_PAM_FREE_CTX, 1); 1195 monitor_permit(mon_dispatch, MONITOR_REQ_PAM_QUERY, 1); 1196 ok = 1; 1197 } 1198 if ((r = sshbuf_put_u32(m, ok)) != 0) 1199 fatal_fr(r, "buffer error"); 1200 mm_request_send(sock, MONITOR_ANS_PAM_INIT_CTX, m); 1201 return (0); 1202 } 1203 1204 int 1205 mm_answer_pam_query(struct ssh *ssh, int sock, struct sshbuf *m) 1206 { 1207 char *name = NULL, *info = NULL, **prompts = NULL; 1208 u_int i, num = 0, *echo_on = 0; 1209 int r, ret; 1210 1211 debug3_f("entering"); 1212 sshpam_authok = NULL; 1213 if (sshpam_ctxt == NULL) 1214 fatal_f("no context"); 1215 ret = (sshpam_device.query)(sshpam_ctxt, &name, &info, 1216 &num, &prompts, &echo_on); 1217 if (ret == 0 && num == 0 && sshpam_priv_kbdint_authdone(sshpam_ctxt)) 1218 sshpam_authok = sshpam_ctxt; 1219 if (num > 1 || name == NULL || info == NULL) 1220 fatal("sshpam_device.query failed"); 1221 monitor_permit(mon_dispatch, MONITOR_REQ_PAM_RESPOND, 1); 1222 sshbuf_reset(m); 1223 if ((r = sshbuf_put_u32(m, ret)) != 0 || 1224 (r = sshbuf_put_cstring(m, name)) != 0 || 1225 (r = sshbuf_put_cstring(m, info)) != 0 || 1226 (r = sshbuf_put_u32(m, sshpam_get_maxtries_reached())) != 0 || 1227 (r = sshbuf_put_u32(m, num)) != 0) 1228 fatal_fr(r, "buffer error"); 1229 free(name); 1230 free(info); 1231 for (i = 0; i < num; ++i) { 1232 if ((r = sshbuf_put_cstring(m, prompts[i])) != 0 || 1233 (r = sshbuf_put_u32(m, echo_on[i])) != 0) 1234 fatal_fr(r, "buffer error"); 1235 free(prompts[i]); 1236 } 1237 free(prompts); 1238 free(echo_on); 1239 auth_method = "keyboard-interactive"; 1240 auth_submethod = "pam"; 1241 mm_request_send(sock, MONITOR_ANS_PAM_QUERY, m); 1242 return (0); 1243 } 1244 1245 int 1246 mm_answer_pam_respond(struct ssh *ssh, int sock, struct sshbuf *m) 1247 { 1248 char **resp; 1249 u_int i, num; 1250 int r, ret; 1251 1252 debug3_f("entering"); 1253 if (sshpam_ctxt == NULL) 1254 fatal_f("no context"); 1255 sshpam_authok = NULL; 1256 if ((r = sshbuf_get_u32(m, &num)) != 0) 1257 fatal_fr(r, "buffer error"); 1258 if (num > PAM_MAX_NUM_MSG) { 1259 fatal_f("Too many PAM messages, got %u, expected <= %u", 1260 num, (unsigned)PAM_MAX_NUM_MSG); 1261 } 1262 if (num > 0) { 1263 resp = xcalloc(num, sizeof(char *)); 1264 for (i = 0; i < num; ++i) { 1265 if ((r = sshbuf_get_cstring(m, &(resp[i]), NULL)) != 0) 1266 fatal("%s: buffer error: %s", 1267 __func__, ssh_err(r)); 1268 } 1269 ret = (sshpam_device.respond)(sshpam_ctxt, num, resp); 1270 for (i = 0; i < num; ++i) 1271 free(resp[i]); 1272 free(resp); 1273 } else { 1274 ret = (sshpam_device.respond)(sshpam_ctxt, num, NULL); 1275 } 1276 sshbuf_reset(m); 1277 if ((r = sshbuf_put_u32(m, ret)) != 0) 1278 fatal_fr(r, "buffer error"); 1279 mm_request_send(sock, MONITOR_ANS_PAM_RESPOND, m); 1280 auth_method = "keyboard-interactive"; 1281 auth_submethod = "pam"; 1282 if (ret == 0) 1283 sshpam_authok = sshpam_ctxt; 1284 return (0); 1285 } 1286 1287 int 1288 mm_answer_pam_free_ctx(struct ssh *ssh, int sock, struct sshbuf *m) 1289 { 1290 int r = sshpam_authok != NULL && sshpam_authok == sshpam_ctxt; 1291 1292 debug3_f("entering"); 1293 if (sshpam_ctxt == NULL) 1294 fatal_f("no context"); 1295 (sshpam_device.free_ctx)(sshpam_ctxt); 1296 sshpam_ctxt = sshpam_authok = NULL; 1297 sshbuf_reset(m); 1298 mm_request_send(sock, MONITOR_ANS_PAM_FREE_CTX, m); 1299 /* Allow another attempt */ 1300 monitor_permit(mon_dispatch, MONITOR_REQ_PAM_INIT_CTX, 1); 1301 auth_method = "keyboard-interactive"; 1302 auth_submethod = "pam"; 1303 return r; 1304 } 1305 #endif 1306 1307 int 1308 mm_answer_keyallowed(struct ssh *ssh, int sock, struct sshbuf *m) 1309 { 1310 struct sshkey *key = NULL; 1311 char *cuser, *chost; 1312 u_int pubkey_auth_attempt; 1313 u_int type = 0; 1314 int r, allowed = 0; 1315 struct sshauthopt *opts = NULL; 1316 1317 debug3_f("entering"); 1318 if ((r = sshbuf_get_u32(m, &type)) != 0 || 1319 (r = sshbuf_get_cstring(m, &cuser, NULL)) != 0 || 1320 (r = sshbuf_get_cstring(m, &chost, NULL)) != 0 || 1321 (r = sshkey_froms(m, &key)) != 0 || 1322 (r = sshbuf_get_u32(m, &pubkey_auth_attempt)) != 0) 1323 fatal_fr(r, "parse"); 1324 1325 if (key != NULL && authctxt->valid) { 1326 switch (type) { 1327 case MM_USERKEY: 1328 auth_method = "publickey"; 1329 if (!options.pubkey_authentication) 1330 break; 1331 if (auth2_key_already_used(authctxt, key)) 1332 break; 1333 if (!key_base_type_match(auth_method, key, 1334 options.pubkey_accepted_algos)) 1335 break; 1336 allowed = user_key_allowed(ssh, authctxt->pw, key, 1337 pubkey_auth_attempt, &opts); 1338 break; 1339 case MM_HOSTKEY: 1340 auth_method = "hostbased"; 1341 if (!options.hostbased_authentication) 1342 break; 1343 if (auth2_key_already_used(authctxt, key)) 1344 break; 1345 if (!key_base_type_match(auth_method, key, 1346 options.hostbased_accepted_algos)) 1347 break; 1348 allowed = hostbased_key_allowed(ssh, authctxt->pw, 1349 cuser, chost, key); 1350 auth2_record_info(authctxt, 1351 "client user \"%.100s\", client host \"%.100s\"", 1352 cuser, chost); 1353 break; 1354 default: 1355 fatal_f("unknown key type %u", type); 1356 break; 1357 } 1358 } 1359 1360 debug3_f("%s authentication%s: %s key is %s", auth_method, 1361 pubkey_auth_attempt ? "" : " test", 1362 (key == NULL || !authctxt->valid) ? "invalid" : sshkey_type(key), 1363 allowed ? "allowed" : "not allowed"); 1364 1365 auth2_record_key(authctxt, 0, key); 1366 1367 /* clear temporarily storage (used by verify) */ 1368 monitor_reset_key_state(); 1369 1370 if (allowed) { 1371 /* Save temporarily for comparison in verify */ 1372 if ((r = sshkey_to_blob(key, &key_blob, &key_bloblen)) != 0) 1373 fatal_fr(r, "sshkey_to_blob"); 1374 key_blobtype = type; 1375 key_opts = opts; 1376 hostbased_cuser = cuser; 1377 hostbased_chost = chost; 1378 } else { 1379 /* Log failed attempt */ 1380 auth_log(ssh, 0, 0, auth_method, NULL); 1381 free(cuser); 1382 free(chost); 1383 } 1384 sshkey_free(key); 1385 1386 sshbuf_reset(m); 1387 if ((r = sshbuf_put_u32(m, allowed)) != 0) 1388 fatal_fr(r, "assemble"); 1389 if (opts != NULL && (r = sshauthopt_serialise(opts, m, 1)) != 0) 1390 fatal_fr(r, "sshauthopt_serialise"); 1391 mm_request_send(sock, MONITOR_ANS_KEYALLOWED, m); 1392 1393 if (!allowed) 1394 sshauthopt_free(opts); 1395 1396 return (0); 1397 } 1398 1399 static int 1400 monitor_valid_userblob(struct ssh *ssh, const u_char *data, u_int datalen) 1401 { 1402 struct sshbuf *b; 1403 struct sshkey *hostkey = NULL; 1404 const u_char *p; 1405 char *userstyle, *cp; 1406 size_t len; 1407 u_char type; 1408 int hostbound = 0, r, fail = 0; 1409 1410 if ((b = sshbuf_from(data, datalen)) == NULL) 1411 fatal_f("sshbuf_from"); 1412 1413 if (ssh->compat & SSH_OLD_SESSIONID) { 1414 p = sshbuf_ptr(b); 1415 len = sshbuf_len(b); 1416 if ((session_id2 == NULL) || 1417 (len < session_id2_len) || 1418 (timingsafe_bcmp(p, session_id2, session_id2_len) != 0)) 1419 fail++; 1420 if ((r = sshbuf_consume(b, session_id2_len)) != 0) 1421 fatal_fr(r, "consume"); 1422 } else { 1423 if ((r = sshbuf_get_string_direct(b, &p, &len)) != 0) 1424 fatal_fr(r, "parse sessionid"); 1425 if ((session_id2 == NULL) || 1426 (len != session_id2_len) || 1427 (timingsafe_bcmp(p, session_id2, session_id2_len) != 0)) 1428 fail++; 1429 } 1430 if ((r = sshbuf_get_u8(b, &type)) != 0) 1431 fatal_fr(r, "parse type"); 1432 if (type != SSH2_MSG_USERAUTH_REQUEST) 1433 fail++; 1434 if ((r = sshbuf_get_cstring(b, &cp, NULL)) != 0) 1435 fatal_fr(r, "parse userstyle"); 1436 xasprintf(&userstyle, "%s%s%s", authctxt->user, 1437 authctxt->style ? ":" : "", 1438 authctxt->style ? authctxt->style : ""); 1439 if (strcmp(userstyle, cp) != 0) { 1440 logit("wrong user name passed to monitor: " 1441 "expected %s != %.100s", userstyle, cp); 1442 fail++; 1443 } 1444 free(userstyle); 1445 free(cp); 1446 if ((r = sshbuf_skip_string(b)) != 0 || /* service */ 1447 (r = sshbuf_get_cstring(b, &cp, NULL)) != 0) 1448 fatal_fr(r, "parse method"); 1449 if (strcmp("publickey", cp) != 0) { 1450 if (strcmp("publickey-hostbound-v00@openssh.com", cp) == 0) 1451 hostbound = 1; 1452 else 1453 fail++; 1454 } 1455 free(cp); 1456 if ((r = sshbuf_get_u8(b, &type)) != 0) 1457 fatal_fr(r, "parse pktype"); 1458 if (type == 0) 1459 fail++; 1460 if ((r = sshbuf_skip_string(b)) != 0 || /* pkalg */ 1461 (r = sshbuf_skip_string(b)) != 0 || /* pkblob */ 1462 (hostbound && (r = sshkey_froms(b, &hostkey)) != 0)) 1463 fatal_fr(r, "parse pk"); 1464 if (sshbuf_len(b) != 0) 1465 fail++; 1466 sshbuf_free(b); 1467 if (hostkey != NULL) { 1468 /* 1469 * Ensure this is actually one of our hostkeys; unfortunately 1470 * can't check ssh->kex->initial_hostkey directly at this point 1471 * as packet state has not yet been exported to monitor. 1472 */ 1473 if (get_hostkey_index(hostkey, 1, ssh) == -1) 1474 fatal_f("hostbound hostkey does not match"); 1475 sshkey_free(hostkey); 1476 } 1477 return (fail == 0); 1478 } 1479 1480 static int 1481 monitor_valid_hostbasedblob(const u_char *data, u_int datalen, 1482 const char *cuser, const char *chost) 1483 { 1484 struct sshbuf *b; 1485 const u_char *p; 1486 char *cp, *userstyle; 1487 size_t len; 1488 int r, fail = 0; 1489 u_char type; 1490 1491 if ((b = sshbuf_from(data, datalen)) == NULL) 1492 fatal_f("sshbuf_new"); 1493 if ((r = sshbuf_get_string_direct(b, &p, &len)) != 0) 1494 fatal_fr(r, "parse sessionid"); 1495 1496 if ((session_id2 == NULL) || 1497 (len != session_id2_len) || 1498 (timingsafe_bcmp(p, session_id2, session_id2_len) != 0)) 1499 fail++; 1500 1501 if ((r = sshbuf_get_u8(b, &type)) != 0) 1502 fatal_fr(r, "parse type"); 1503 if (type != SSH2_MSG_USERAUTH_REQUEST) 1504 fail++; 1505 if ((r = sshbuf_get_cstring(b, &cp, NULL)) != 0) 1506 fatal_fr(r, "parse userstyle"); 1507 xasprintf(&userstyle, "%s%s%s", authctxt->user, 1508 authctxt->style ? ":" : "", 1509 authctxt->style ? authctxt->style : ""); 1510 if (strcmp(userstyle, cp) != 0) { 1511 logit("wrong user name passed to monitor: " 1512 "expected %s != %.100s", userstyle, cp); 1513 fail++; 1514 } 1515 free(userstyle); 1516 free(cp); 1517 if ((r = sshbuf_skip_string(b)) != 0 || /* service */ 1518 (r = sshbuf_get_cstring(b, &cp, NULL)) != 0) 1519 fatal_fr(r, "parse method"); 1520 if (strcmp(cp, "hostbased") != 0) 1521 fail++; 1522 free(cp); 1523 if ((r = sshbuf_skip_string(b)) != 0 || /* pkalg */ 1524 (r = sshbuf_skip_string(b)) != 0) /* pkblob */ 1525 fatal_fr(r, "parse pk"); 1526 1527 /* verify client host, strip trailing dot if necessary */ 1528 if ((r = sshbuf_get_cstring(b, &cp, NULL)) != 0) 1529 fatal_fr(r, "parse host"); 1530 if (((len = strlen(cp)) > 0) && cp[len - 1] == '.') 1531 cp[len - 1] = '\0'; 1532 if (strcmp(cp, chost) != 0) 1533 fail++; 1534 free(cp); 1535 1536 /* verify client user */ 1537 if ((r = sshbuf_get_cstring(b, &cp, NULL)) != 0) 1538 fatal_fr(r, "parse ruser"); 1539 if (strcmp(cp, cuser) != 0) 1540 fail++; 1541 free(cp); 1542 1543 if (sshbuf_len(b) != 0) 1544 fail++; 1545 sshbuf_free(b); 1546 return (fail == 0); 1547 } 1548 1549 int 1550 mm_answer_keyverify(struct ssh *ssh, int sock, struct sshbuf *m) 1551 { 1552 struct sshkey *key; 1553 const u_char *signature, *data, *blob; 1554 char *sigalg = NULL, *fp = NULL; 1555 size_t signaturelen, datalen, bloblen; 1556 int r, ret, req_presence = 0, req_verify = 0, valid_data = 0; 1557 int encoded_ret; 1558 struct sshkey_sig_details *sig_details = NULL; 1559 1560 if ((r = sshbuf_get_string_direct(m, &blob, &bloblen)) != 0 || 1561 (r = sshbuf_get_string_direct(m, &signature, &signaturelen)) != 0 || 1562 (r = sshbuf_get_string_direct(m, &data, &datalen)) != 0 || 1563 (r = sshbuf_get_cstring(m, &sigalg, NULL)) != 0) 1564 fatal_fr(r, "parse"); 1565 1566 if (hostbased_cuser == NULL || hostbased_chost == NULL || 1567 !monitor_allowed_key(blob, bloblen)) 1568 fatal_f("bad key, not previously allowed"); 1569 1570 /* Empty signature algorithm means NULL. */ 1571 if (*sigalg == '\0') { 1572 free(sigalg); 1573 sigalg = NULL; 1574 } 1575 1576 /* XXX use sshkey_froms here; need to change key_blob, etc. */ 1577 if ((r = sshkey_from_blob(blob, bloblen, &key)) != 0) 1578 fatal_fr(r, "parse key"); 1579 1580 switch (key_blobtype) { 1581 case MM_USERKEY: 1582 valid_data = monitor_valid_userblob(ssh, data, datalen); 1583 auth_method = "publickey"; 1584 break; 1585 case MM_HOSTKEY: 1586 valid_data = monitor_valid_hostbasedblob(data, datalen, 1587 hostbased_cuser, hostbased_chost); 1588 auth_method = "hostbased"; 1589 break; 1590 default: 1591 valid_data = 0; 1592 break; 1593 } 1594 if (!valid_data) 1595 fatal_f("bad %s signature data blob", 1596 key_blobtype == MM_USERKEY ? "userkey" : 1597 (key_blobtype == MM_HOSTKEY ? "hostkey" : "unknown")); 1598 1599 if ((fp = sshkey_fingerprint(key, options.fingerprint_hash, 1600 SSH_FP_DEFAULT)) == NULL) 1601 fatal_f("sshkey_fingerprint failed"); 1602 1603 ret = sshkey_verify(key, signature, signaturelen, data, datalen, 1604 sigalg, ssh->compat, &sig_details); 1605 debug3_f("%s %s signature using %s %s%s%s", auth_method, 1606 sshkey_type(key), sigalg == NULL ? "default" : sigalg, 1607 (ret == 0) ? "verified" : "unverified", 1608 (ret != 0) ? ": " : "", (ret != 0) ? ssh_err(ret) : ""); 1609 1610 if (ret == 0 && key_blobtype == MM_USERKEY && sig_details != NULL) { 1611 req_presence = (options.pubkey_auth_options & 1612 PUBKEYAUTH_TOUCH_REQUIRED) || 1613 !key_opts->no_require_user_presence; 1614 if (req_presence && 1615 (sig_details->sk_flags & SSH_SK_USER_PRESENCE_REQD) == 0) { 1616 error("public key %s %s signature for %s%s from %.128s " 1617 "port %d rejected: user presence " 1618 "(authenticator touch) requirement not met ", 1619 sshkey_type(key), fp, 1620 authctxt->valid ? "" : "invalid user ", 1621 authctxt->user, ssh_remote_ipaddr(ssh), 1622 ssh_remote_port(ssh)); 1623 ret = SSH_ERR_SIGNATURE_INVALID; 1624 } 1625 req_verify = (options.pubkey_auth_options & 1626 PUBKEYAUTH_VERIFY_REQUIRED) || key_opts->require_verify; 1627 if (req_verify && 1628 (sig_details->sk_flags & SSH_SK_USER_VERIFICATION_REQD) == 0) { 1629 error("public key %s %s signature for %s%s from %.128s " 1630 "port %d rejected: user verification requirement " 1631 "not met ", sshkey_type(key), fp, 1632 authctxt->valid ? "" : "invalid user ", 1633 authctxt->user, ssh_remote_ipaddr(ssh), 1634 ssh_remote_port(ssh)); 1635 ret = SSH_ERR_SIGNATURE_INVALID; 1636 } 1637 } 1638 auth2_record_key(authctxt, ret == 0, key); 1639 1640 if (key_blobtype == MM_USERKEY && ret == 0) 1641 auth_activate_options(ssh, key_opts); 1642 monitor_reset_key_state(); 1643 1644 sshbuf_reset(m); 1645 1646 /* encode ret != 0 as positive integer, since we're sending u32 */ 1647 encoded_ret = (ret != 0); 1648 if ((r = sshbuf_put_u32(m, encoded_ret)) != 0 || 1649 (r = sshbuf_put_u8(m, sig_details != NULL)) != 0) 1650 fatal_fr(r, "assemble"); 1651 if (sig_details != NULL) { 1652 if ((r = sshbuf_put_u32(m, sig_details->sk_counter)) != 0 || 1653 (r = sshbuf_put_u8(m, sig_details->sk_flags)) != 0) 1654 fatal_fr(r, "assemble sk"); 1655 } 1656 sshkey_sig_details_free(sig_details); 1657 mm_request_send(sock, MONITOR_ANS_KEYVERIFY, m); 1658 1659 free(sigalg); 1660 free(fp); 1661 sshkey_free(key); 1662 1663 return ret == 0; 1664 } 1665 1666 static void 1667 mm_record_login(struct ssh *ssh, Session *s, struct passwd *pw) 1668 { 1669 socklen_t fromlen; 1670 struct sockaddr_storage from; 1671 1672 /* 1673 * Get IP address of client. If the connection is not a socket, let 1674 * the address be 0.0.0.0. 1675 */ 1676 memset(&from, 0, sizeof(from)); 1677 fromlen = sizeof(from); 1678 if (ssh_packet_connection_is_on_socket(ssh)) { 1679 if (getpeername(ssh_packet_get_connection_in(ssh), 1680 (struct sockaddr *)&from, &fromlen) == -1) { 1681 debug("getpeername: %.100s", strerror(errno)); 1682 cleanup_exit(255); 1683 } 1684 } 1685 /* Record that there was a login on that tty from the remote host. */ 1686 record_login(s->pid, s->tty, pw->pw_name, pw->pw_uid, 1687 session_get_remote_name_or_ip(ssh, utmp_len, options.use_dns), 1688 (struct sockaddr *)&from, fromlen); 1689 } 1690 1691 static void 1692 mm_session_close(Session *s) 1693 { 1694 debug3_f("session %d pid %ld", s->self, (long)s->pid); 1695 if (s->ttyfd != -1) { 1696 debug3_f("tty %s ptyfd %d", s->tty, s->ptyfd); 1697 session_pty_cleanup2(s); 1698 } 1699 session_unused(s->self); 1700 } 1701 1702 int 1703 mm_answer_pty(struct ssh *ssh, int sock, struct sshbuf *m) 1704 { 1705 extern struct monitor *pmonitor; 1706 Session *s; 1707 int r, res, fd0; 1708 1709 debug3_f("entering"); 1710 1711 sshbuf_reset(m); 1712 s = session_new(); 1713 if (s == NULL) 1714 goto error; 1715 s->authctxt = authctxt; 1716 s->pw = authctxt->pw; 1717 s->pid = pmonitor->m_pid; 1718 res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty)); 1719 if (res == 0) 1720 goto error; 1721 pty_setowner(authctxt->pw, s->tty); 1722 1723 if ((r = sshbuf_put_u32(m, 1)) != 0 || 1724 (r = sshbuf_put_cstring(m, s->tty)) != 0) 1725 fatal_fr(r, "assemble"); 1726 1727 /* We need to trick ttyslot */ 1728 if (dup2(s->ttyfd, 0) == -1) 1729 fatal_f("dup2"); 1730 1731 mm_record_login(ssh, s, authctxt->pw); 1732 1733 /* Now we can close the file descriptor again */ 1734 close(0); 1735 1736 /* send messages generated by record_login */ 1737 if ((r = sshbuf_put_stringb(m, loginmsg)) != 0) 1738 fatal_fr(r, "assemble loginmsg"); 1739 sshbuf_reset(loginmsg); 1740 1741 mm_request_send(sock, MONITOR_ANS_PTY, m); 1742 1743 if (mm_send_fd(sock, s->ptyfd) == -1 || 1744 mm_send_fd(sock, s->ttyfd) == -1) 1745 fatal_f("send fds failed"); 1746 1747 /* make sure nothing uses fd 0 */ 1748 if ((fd0 = open(_PATH_DEVNULL, O_RDONLY)) == -1) 1749 fatal_f("open(/dev/null): %s", strerror(errno)); 1750 if (fd0 != 0) 1751 error_f("fd0 %d != 0", fd0); 1752 1753 /* slave side of pty is not needed */ 1754 close(s->ttyfd); 1755 s->ttyfd = s->ptyfd; 1756 /* no need to dup() because nobody closes ptyfd */ 1757 s->ptymaster = s->ptyfd; 1758 1759 debug3_f("tty %s ptyfd %d", s->tty, s->ttyfd); 1760 1761 return (0); 1762 1763 error: 1764 if (s != NULL) 1765 mm_session_close(s); 1766 if ((r = sshbuf_put_u32(m, 0)) != 0) 1767 fatal_fr(r, "assemble 0"); 1768 mm_request_send(sock, MONITOR_ANS_PTY, m); 1769 return (0); 1770 } 1771 1772 int 1773 mm_answer_pty_cleanup(struct ssh *ssh, int sock, struct sshbuf *m) 1774 { 1775 Session *s; 1776 char *tty; 1777 int r; 1778 1779 debug3_f("entering"); 1780 1781 if ((r = sshbuf_get_cstring(m, &tty, NULL)) != 0) 1782 fatal_fr(r, "parse tty"); 1783 if ((s = session_by_tty(tty)) != NULL) 1784 mm_session_close(s); 1785 sshbuf_reset(m); 1786 free(tty); 1787 return (0); 1788 } 1789 1790 int 1791 mm_answer_term(struct ssh *ssh, int sock, struct sshbuf *req) 1792 { 1793 extern struct monitor *pmonitor; 1794 int res, status; 1795 1796 debug3_f("tearing down sessions"); 1797 1798 /* The child is terminating */ 1799 session_destroy_all(ssh, &mm_session_close); 1800 1801 #ifdef USE_PAM 1802 if (options.use_pam) 1803 sshpam_cleanup(); 1804 #endif 1805 1806 while (waitpid(pmonitor->m_pid, &status, 0) == -1) 1807 if (errno != EINTR) 1808 exit(1); 1809 1810 res = WIFEXITED(status) ? WEXITSTATUS(status) : 1; 1811 1812 /* Terminate process */ 1813 exit(res); 1814 } 1815 1816 #ifdef SSH_AUDIT_EVENTS 1817 /* Report that an audit event occurred */ 1818 int 1819 mm_answer_audit_event(struct ssh *ssh, int socket, struct sshbuf *m) 1820 { 1821 u_int n; 1822 ssh_audit_event_t event; 1823 int r; 1824 1825 debug3_f("entering"); 1826 1827 if ((r = sshbuf_get_u32(m, &n)) != 0) 1828 fatal_fr(r, "buffer error"); 1829 event = (ssh_audit_event_t)n; 1830 switch (event) { 1831 case SSH_AUTH_FAIL_PUBKEY: 1832 case SSH_AUTH_FAIL_HOSTBASED: 1833 case SSH_AUTH_FAIL_GSSAPI: 1834 case SSH_LOGIN_EXCEED_MAXTRIES: 1835 case SSH_LOGIN_ROOT_DENIED: 1836 case SSH_CONNECTION_CLOSE: 1837 case SSH_INVALID_USER: 1838 audit_event(ssh, event); 1839 break; 1840 default: 1841 fatal("Audit event type %d not permitted", event); 1842 } 1843 1844 return (0); 1845 } 1846 1847 int 1848 mm_answer_audit_command(struct ssh *ssh, int socket, struct sshbuf *m) 1849 { 1850 char *cmd; 1851 int r; 1852 1853 debug3_f("entering"); 1854 if ((r = sshbuf_get_cstring(m, &cmd, NULL)) != 0) 1855 fatal_fr(r, "buffer error"); 1856 /* sanity check command, if so how? */ 1857 audit_run_command(cmd); 1858 free(cmd); 1859 return (0); 1860 } 1861 #endif /* SSH_AUDIT_EVENTS */ 1862 1863 void 1864 monitor_clear_keystate(struct ssh *ssh, struct monitor *pmonitor) 1865 { 1866 ssh_clear_newkeys(ssh, MODE_IN); 1867 ssh_clear_newkeys(ssh, MODE_OUT); 1868 sshbuf_free(child_state); 1869 child_state = NULL; 1870 } 1871 1872 void 1873 monitor_apply_keystate(struct ssh *ssh, struct monitor *pmonitor) 1874 { 1875 struct kex *kex; 1876 int r; 1877 1878 debug3_f("packet_set_state"); 1879 if ((r = ssh_packet_set_state(ssh, child_state)) != 0) 1880 fatal_fr(r, "packet_set_state"); 1881 sshbuf_free(child_state); 1882 child_state = NULL; 1883 if ((kex = ssh->kex) == NULL) 1884 fatal_f("internal error: ssh->kex == NULL"); 1885 if (session_id2_len != sshbuf_len(ssh->kex->session_id)) { 1886 fatal_f("incorrect session id length %zu (expected %u)", 1887 sshbuf_len(ssh->kex->session_id), session_id2_len); 1888 } 1889 if (memcmp(sshbuf_ptr(ssh->kex->session_id), session_id2, 1890 session_id2_len) != 0) 1891 fatal_f("session ID mismatch"); 1892 /* XXX set callbacks */ 1893 #ifdef WITH_OPENSSL 1894 kex->kex[KEX_DH_GRP1_SHA1] = kex_gen_server; 1895 kex->kex[KEX_DH_GRP14_SHA1] = kex_gen_server; 1896 kex->kex[KEX_DH_GRP14_SHA256] = kex_gen_server; 1897 kex->kex[KEX_DH_GRP16_SHA512] = kex_gen_server; 1898 kex->kex[KEX_DH_GRP18_SHA512] = kex_gen_server; 1899 kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; 1900 kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; 1901 # ifdef OPENSSL_HAS_ECC 1902 kex->kex[KEX_ECDH_SHA2] = kex_gen_server; 1903 # endif 1904 #endif /* WITH_OPENSSL */ 1905 kex->kex[KEX_C25519_SHA256] = kex_gen_server; 1906 kex->kex[KEX_KEM_SNTRUP761X25519_SHA512] = kex_gen_server; 1907 kex->kex[KEX_KEM_MLKEM768X25519_SHA256] = kex_gen_server; 1908 kex->load_host_public_key=&get_hostkey_public_by_type; 1909 kex->load_host_private_key=&get_hostkey_private_by_type; 1910 kex->host_key_index=&get_hostkey_index; 1911 kex->sign = sshd_hostkey_sign; 1912 } 1913 1914 /* This function requires careful sanity checking */ 1915 1916 void 1917 mm_get_keystate(struct ssh *ssh, struct monitor *pmonitor) 1918 { 1919 debug3_f("Waiting for new keys"); 1920 1921 if ((child_state = sshbuf_new()) == NULL) 1922 fatal_f("sshbuf_new failed"); 1923 mm_request_receive_expect(pmonitor->m_sendfd, MONITOR_REQ_KEYEXPORT, 1924 child_state); 1925 debug3_f("GOT new keys"); 1926 } 1927 1928 1929 /* XXX */ 1930 1931 static void 1932 monitor_openfds(struct monitor *mon, int do_logfds) 1933 { 1934 int pair[2]; 1935 #ifdef SO_ZEROIZE 1936 int on = 1; 1937 #endif 1938 1939 if (socketpair(AF_UNIX, SOCK_STREAM, 0, pair) == -1) 1940 fatal_f("socketpair: %s", strerror(errno)); 1941 #ifdef SO_ZEROIZE 1942 if (setsockopt(pair[0], SOL_SOCKET, SO_ZEROIZE, &on, sizeof(on)) == -1) 1943 error("setsockopt SO_ZEROIZE(0): %.100s", strerror(errno)); 1944 if (setsockopt(pair[1], SOL_SOCKET, SO_ZEROIZE, &on, sizeof(on)) == -1) 1945 error("setsockopt SO_ZEROIZE(1): %.100s", strerror(errno)); 1946 #endif 1947 FD_CLOSEONEXEC(pair[0]); 1948 FD_CLOSEONEXEC(pair[1]); 1949 mon->m_recvfd = pair[0]; 1950 mon->m_sendfd = pair[1]; 1951 1952 if (do_logfds) { 1953 if (pipe(pair) == -1) 1954 fatal_f("pipe: %s", strerror(errno)); 1955 FD_CLOSEONEXEC(pair[0]); 1956 FD_CLOSEONEXEC(pair[1]); 1957 mon->m_log_recvfd = pair[0]; 1958 mon->m_log_sendfd = pair[1]; 1959 } else 1960 mon->m_log_recvfd = mon->m_log_sendfd = -1; 1961 } 1962 1963 struct monitor * 1964 monitor_init(void) 1965 { 1966 struct monitor *mon; 1967 1968 mon = xcalloc(1, sizeof(*mon)); 1969 monitor_openfds(mon, 1); 1970 1971 return mon; 1972 } 1973 1974 void 1975 monitor_reinit(struct monitor *mon) 1976 { 1977 monitor_openfds(mon, 0); 1978 } 1979 1980 int 1981 monitor_auth_attempted(void) 1982 { 1983 return auth_attempted; 1984 } 1985 1986 int 1987 monitor_invalid_user(void) 1988 { 1989 return invalid_user; 1990 } 1991 1992 #ifdef GSSAPI 1993 int 1994 mm_answer_gss_setup_ctx(struct ssh *ssh, int sock, struct sshbuf *m) 1995 { 1996 gss_OID_desc goid; 1997 OM_uint32 major; 1998 size_t len; 1999 u_char *p; 2000 int r; 2001 2002 if (!options.gss_authentication) 2003 fatal_f("GSSAPI authentication not enabled"); 2004 2005 if ((r = sshbuf_get_string(m, &p, &len)) != 0) 2006 fatal_fr(r, "parse"); 2007 goid.elements = p; 2008 goid.length = len; 2009 2010 major = ssh_gssapi_server_ctx(&gsscontext, &goid); 2011 2012 free(goid.elements); 2013 2014 sshbuf_reset(m); 2015 if ((r = sshbuf_put_u32(m, major)) != 0) 2016 fatal_fr(r, "assemble"); 2017 2018 mm_request_send(sock, MONITOR_ANS_GSSSETUP, m); 2019 2020 /* Now we have a context, enable the step */ 2021 monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 1); 2022 2023 return (0); 2024 } 2025 2026 int 2027 mm_answer_gss_accept_ctx(struct ssh *ssh, int sock, struct sshbuf *m) 2028 { 2029 gss_buffer_desc in; 2030 gss_buffer_desc out = GSS_C_EMPTY_BUFFER; 2031 OM_uint32 major, minor; 2032 OM_uint32 flags = 0; /* GSI needs this */ 2033 int r; 2034 2035 if (!options.gss_authentication) 2036 fatal_f("GSSAPI authentication not enabled"); 2037 2038 if ((r = ssh_gssapi_get_buffer_desc(m, &in)) != 0) 2039 fatal_fr(r, "ssh_gssapi_get_buffer_desc"); 2040 major = ssh_gssapi_accept_ctx(gsscontext, &in, &out, &flags); 2041 free(in.value); 2042 2043 sshbuf_reset(m); 2044 if ((r = sshbuf_put_u32(m, major)) != 0 || 2045 (r = sshbuf_put_string(m, out.value, out.length)) != 0 || 2046 (r = sshbuf_put_u32(m, flags)) != 0) 2047 fatal_fr(r, "assemble"); 2048 mm_request_send(sock, MONITOR_ANS_GSSSTEP, m); 2049 2050 gss_release_buffer(&minor, &out); 2051 2052 if (major == GSS_S_COMPLETE) { 2053 monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 0); 2054 monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1); 2055 monitor_permit(mon_dispatch, MONITOR_REQ_GSSCHECKMIC, 1); 2056 } 2057 return (0); 2058 } 2059 2060 int 2061 mm_answer_gss_checkmic(struct ssh *ssh, int sock, struct sshbuf *m) 2062 { 2063 gss_buffer_desc gssbuf, mic; 2064 OM_uint32 ret; 2065 int r; 2066 2067 if (!options.gss_authentication) 2068 fatal_f("GSSAPI authentication not enabled"); 2069 2070 if ((r = ssh_gssapi_get_buffer_desc(m, &gssbuf)) != 0 || 2071 (r = ssh_gssapi_get_buffer_desc(m, &mic)) != 0) 2072 fatal_fr(r, "ssh_gssapi_get_buffer_desc"); 2073 2074 ret = ssh_gssapi_checkmic(gsscontext, &gssbuf, &mic); 2075 2076 free(gssbuf.value); 2077 free(mic.value); 2078 2079 sshbuf_reset(m); 2080 if ((r = sshbuf_put_u32(m, ret)) != 0) 2081 fatal_fr(r, "assemble"); 2082 2083 mm_request_send(sock, MONITOR_ANS_GSSCHECKMIC, m); 2084 2085 if (!GSS_ERROR(ret)) 2086 monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1); 2087 2088 return (0); 2089 } 2090 2091 int 2092 mm_answer_gss_userok(struct ssh *ssh, int sock, struct sshbuf *m) 2093 { 2094 int r, authenticated; 2095 const char *displayname; 2096 2097 if (!options.gss_authentication) 2098 fatal_f("GSSAPI authentication not enabled"); 2099 2100 authenticated = authctxt->valid && ssh_gssapi_userok(authctxt->user); 2101 2102 sshbuf_reset(m); 2103 if ((r = sshbuf_put_u32(m, authenticated)) != 0) 2104 fatal_fr(r, "assemble"); 2105 2106 debug3_f("sending result %d", authenticated); 2107 mm_request_send(sock, MONITOR_ANS_GSSUSEROK, m); 2108 2109 auth_method = "gssapi-with-mic"; 2110 2111 if ((displayname = ssh_gssapi_displayname()) != NULL) 2112 auth2_record_info(authctxt, "%s", displayname); 2113 2114 /* Monitor loop will terminate if authenticated */ 2115 return (authenticated); 2116 } 2117 #endif /* GSSAPI */ 2118 2119