OpenCoverage

monitor.c

Absolute File Name:/home/opencoverage/opencoverage/guest-scripts/openssh/src/monitor.c
Source codeSwitch to Preprocessed file
LineSourceCount
1/* $OpenBSD: monitor.c,v 1.186 2018/07/20 03:46:34 djm Exp $ */-
2/*-
3 * Copyright 2002 Niels Provos <provos@citi.umich.edu>-
4 * Copyright 2002 Markus Friedl <markus@openbsd.org>-
5 * All rights reserved.-
6 *-
7 * Redistribution and use in source and binary forms, with or without-
8 * modification, are permitted provided that the following conditions-
9 * are met:-
10 * 1. Redistributions of source code must retain the above copyright-
11 * notice, this list of conditions and the following disclaimer.-
12 * 2. Redistributions in binary form must reproduce the above copyright-
13 * notice, this list of conditions and the following disclaimer in the-
14 * documentation and/or other materials provided with the distribution.-
15 *-
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR-
17 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES-
18 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.-
19 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,-
20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT-
21 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,-
22 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY-
23 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT-
24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF-
25 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.-
26 */-
27-
28#include "includes.h"-
29-
30#include <sys/types.h>-
31#include <sys/socket.h>-
32#include <sys/wait.h>-
33-
34#include <errno.h>-
35#include <fcntl.h>-
36#include <limits.h>-
37#ifdef HAVE_PATHS_H-
38#include <paths.h>-
39#endif-
40#include <pwd.h>-
41#include <signal.h>-
42#ifdef HAVE_STDINT_H-
43#include <stdint.h>-
44#endif-
45#include <stdlib.h>-
46#include <string.h>-
47#include <stdarg.h>-
48#include <stdio.h>-
49#include <unistd.h>-
50#ifdef HAVE_POLL_H-
51#include <poll.h>-
52#else-
53# ifdef HAVE_SYS_POLL_H-
54# include <sys/poll.h>-
55# endif-
56#endif-
57-
58#ifdef WITH_OPENSSL-
59#include <openssl/dh.h>-
60#endif-
61-
62#include "openbsd-compat/sys-tree.h"-
63#include "openbsd-compat/sys-queue.h"-
64#include "openbsd-compat/openssl-compat.h"-
65-
66#include "atomicio.h"-
67#include "xmalloc.h"-
68#include "ssh.h"-
69#include "sshkey.h"-
70#include "sshbuf.h"-
71#include "hostfile.h"-
72#include "auth.h"-
73#include "cipher.h"-
74#include "kex.h"-
75#include "dh.h"-
76#include "auth-pam.h"-
77#include "packet.h"-
78#include "auth-options.h"-
79#include "sshpty.h"-
80#include "channels.h"-
81#include "session.h"-
82#include "sshlogin.h"-
83#include "canohost.h"-
84#include "log.h"-
85#include "misc.h"-
86#include "servconf.h"-
87#include "monitor.h"-
88#ifdef GSSAPI-
89#include "ssh-gss.h"-
90#endif-
91#include "monitor_wrap.h"-
92#include "monitor_fdpass.h"-
93#include "compat.h"-
94#include "ssh2.h"-
95#include "authfd.h"-
96#include "match.h"-
97#include "ssherr.h"-
98-
99#ifdef GSSAPI-
100static Gssctxt *gsscontext = NULL;-
101#endif-
102-
103/* Imports */-
104extern ServerOptions options;-
105extern u_int utmp_len;-
106extern u_char session_id[];-
107extern struct sshbuf *loginmsg;-
108extern struct sshauthopt *auth_opts; /* XXX move to permanent ssh->authctxt? */-
109-
110/* State exported from the child */-
111static struct sshbuf *child_state;-
112-
113/* Functions on the monitor that answer unprivileged requests */-
114-
115int mm_answer_moduli(int, struct sshbuf *);-
116int mm_answer_sign(int, struct sshbuf *);-
117int mm_answer_pwnamallow(int, struct sshbuf *);-
118int mm_answer_auth2_read_banner(int, struct sshbuf *);-
119int mm_answer_authserv(int, struct sshbuf *);-
120int mm_answer_authpassword(int, struct sshbuf *);-
121int mm_answer_bsdauthquery(int, struct sshbuf *);-
122int mm_answer_bsdauthrespond(int, struct sshbuf *);-
123int mm_answer_keyallowed(int, struct sshbuf *);-
124int mm_answer_keyverify(int, struct sshbuf *);-
125int mm_answer_pty(int, struct sshbuf *);-
126int mm_answer_pty_cleanup(int, struct sshbuf *);-
127int mm_answer_term(int, struct sshbuf *);-
128int mm_answer_rsa_keyallowed(int, struct sshbuf *);-
129int mm_answer_rsa_challenge(int, struct sshbuf *);-
130int mm_answer_rsa_response(int, struct sshbuf *);-
131int mm_answer_sesskey(int, struct sshbuf *);-
132int mm_answer_sessid(int, struct sshbuf *);-
133-
134#ifdef USE_PAM-
135int mm_answer_pam_start(int, struct sshbuf *);-
136int mm_answer_pam_account(int, struct sshbuf *);-
137int mm_answer_pam_init_ctx(int, struct sshbuf *);-
138int mm_answer_pam_query(int, struct sshbuf *);-
139int mm_answer_pam_respond(int, struct sshbuf *);-
140int mm_answer_pam_free_ctx(int, struct sshbuf *);-
141#endif-
142-
143#ifdef GSSAPI-
144int mm_answer_gss_setup_ctx(int, struct sshbuf *);-
145int mm_answer_gss_accept_ctx(int, struct sshbuf *);-
146int mm_answer_gss_userok(int, struct sshbuf *);-
147int mm_answer_gss_checkmic(int, struct sshbuf *);-
148#endif-
149-
150#ifdef SSH_AUDIT_EVENTS-
151int mm_answer_audit_event(int, struct sshbuf *);-
152int mm_answer_audit_command(int, struct sshbuf *);-
153#endif-
154-
155static int monitor_read_log(struct monitor *);-
156-
157static Authctxt *authctxt;-
158-
159/* local state for key verify */-
160static u_char *key_blob = NULL;-
161static size_t key_bloblen = 0;-
162static int key_blobtype = MM_NOKEY;-
163static struct sshauthopt *key_opts = NULL;-
164static char *hostbased_cuser = NULL;-
165static char *hostbased_chost = NULL;-
166static char *auth_method = "unknown";-
167static char *auth_submethod = NULL;-
168static u_int session_id2_len = 0;-
169static u_char *session_id2 = NULL;-
170static pid_t monitor_child_pid;-
171-
172struct mon_table {-
173 enum monitor_reqtype type;-
174 int flags;-
175 int (*f)(int, struct sshbuf *);-
176};-
177-
178#define MON_ISAUTH 0x0004 /* Required for Authentication */-
179#define MON_AUTHDECIDE 0x0008 /* Decides Authentication */-
180#define MON_ONCE 0x0010 /* Disable after calling */-
181#define MON_ALOG 0x0020 /* Log auth attempt without authenticating */-
182-
183#define MON_AUTH (MON_ISAUTH|MON_AUTHDECIDE)-
184-
185#define MON_PERMIT 0x1000 /* Request is permitted */-
186-
187struct mon_table mon_dispatch_proto20[] = {-
188#ifdef WITH_OPENSSL-
189 {MONITOR_REQ_MODULI, MON_ONCE, mm_answer_moduli},-
190#endif-
191 {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign},-
192 {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow},-
193 {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv},-
194 {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner},-
195 {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword},-
196#ifdef USE_PAM-
197 {MONITOR_REQ_PAM_START, MON_ONCE, mm_answer_pam_start},-
198 {MONITOR_REQ_PAM_ACCOUNT, 0, mm_answer_pam_account},-
199 {MONITOR_REQ_PAM_INIT_CTX, MON_ONCE, mm_answer_pam_init_ctx},-
200 {MONITOR_REQ_PAM_QUERY, 0, mm_answer_pam_query},-
201 {MONITOR_REQ_PAM_RESPOND, MON_ONCE, mm_answer_pam_respond},-
202 {MONITOR_REQ_PAM_FREE_CTX, MON_ONCE|MON_AUTHDECIDE, mm_answer_pam_free_ctx},-
203#endif-
204#ifdef SSH_AUDIT_EVENTS-
205 {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},-
206#endif-
207#ifdef BSD_AUTH-
208 {MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery},-
209 {MONITOR_REQ_BSDAUTHRESPOND, MON_AUTH, mm_answer_bsdauthrespond},-
210#endif-
211 {MONITOR_REQ_KEYALLOWED, MON_ISAUTH, mm_answer_keyallowed},-
212 {MONITOR_REQ_KEYVERIFY, MON_AUTH, mm_answer_keyverify},-
213#ifdef GSSAPI-
214 {MONITOR_REQ_GSSSETUP, MON_ISAUTH, mm_answer_gss_setup_ctx},-
215 {MONITOR_REQ_GSSSTEP, 0, mm_answer_gss_accept_ctx},-
216 {MONITOR_REQ_GSSUSEROK, MON_ONCE|MON_AUTHDECIDE, mm_answer_gss_userok},-
217 {MONITOR_REQ_GSSCHECKMIC, MON_ONCE, mm_answer_gss_checkmic},-
218#endif-
219 {0, 0, NULL}-
220};-
221-
222struct mon_table mon_dispatch_postauth20[] = {-
223#ifdef WITH_OPENSSL-
224 {MONITOR_REQ_MODULI, 0, mm_answer_moduli},-
225#endif-
226 {MONITOR_REQ_SIGN, 0, mm_answer_sign},-
227 {MONITOR_REQ_PTY, 0, mm_answer_pty},-
228 {MONITOR_REQ_PTYCLEANUP, 0, mm_answer_pty_cleanup},-
229 {MONITOR_REQ_TERM, 0, mm_answer_term},-
230#ifdef SSH_AUDIT_EVENTS-
231 {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},-
232 {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT, mm_answer_audit_command},-
233#endif-
234 {0, 0, NULL}-
235};-
236-
237struct mon_table *mon_dispatch;-
238-
239/* Specifies if a certain message is allowed at the moment */-
240static void-
241monitor_permit(struct mon_table *ent, enum monitor_reqtype type, int permit)-
242{-
243 while (ent->f != NULL) {
ent->f != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
244 if (ent->type == type) {
ent->type == typeDescription
TRUEnever evaluated
FALSEnever evaluated
0
245 ent->flags &= ~MON_PERMIT;-
246 ent->flags |= permit ? MON_PERMIT : 0;
permitDescription
TRUEnever evaluated
FALSEnever evaluated
0
247 return;
never executed: return;
0
248 }-
249 ent++;-
250 }
never executed: end of block
0
251}
never executed: end of block
0
252-
253static void-
254monitor_permit_authentications(int permit)-
255{-
256 struct mon_table *ent = mon_dispatch;-
257-
258 while (ent->f != NULL) {
ent->f != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
259 if (ent->flags & MON_AUTH) {
ent->flags & (0x0004|0x0008)Description
TRUEnever evaluated
FALSEnever evaluated
0
260 ent->flags &= ~MON_PERMIT;-
261 ent->flags |= permit ? MON_PERMIT : 0;
permitDescription
TRUEnever evaluated
FALSEnever evaluated
0
262 }
never executed: end of block
0
263 ent++;-
264 }
never executed: end of block
0
265}
never executed: end of block
0
266-
267void-
268monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor)-
269{-
270 struct ssh *ssh = active_state; /* XXX */-
271 struct mon_table *ent;-
272 int authenticated = 0, partial = 0;-
273-
274 debug3("preauth child monitor started");-
275-
276 if (pmonitor->m_recvfd >= 0)
pmonitor->m_recvfd >= 0Description
TRUEnever evaluated
FALSEnever evaluated
0
277 close(pmonitor->m_recvfd);
never executed: close(pmonitor->m_recvfd);
0
278 if (pmonitor->m_log_sendfd >= 0)
pmonitor->m_log_sendfd >= 0Description
TRUEnever evaluated
FALSEnever evaluated
0
279 close(pmonitor->m_log_sendfd);
never executed: close(pmonitor->m_log_sendfd);
0
280 pmonitor->m_log_sendfd = pmonitor->m_recvfd = -1;-
281-
282 authctxt = _authctxt;-
283 memset(authctxt, 0, sizeof(*authctxt));-
284 ssh->authctxt = authctxt;-
285-
286 authctxt->loginmsg = loginmsg;-
287-
288 mon_dispatch = mon_dispatch_proto20;-
289 /* Permit requests for moduli and signatures */-
290 monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1);-
291 monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1);-
292-
293 /* The first few requests do not require asynchronous access */-
294 while (!authenticated) {
!authenticatedDescription
TRUEnever evaluated
FALSEnever evaluated
0
295 partial = 0;-
296 auth_method = "unknown";-
297 auth_submethod = NULL;-
298 auth2_authctxt_reset_info(authctxt);-
299-
300 authenticated = (monitor_read(pmonitor, mon_dispatch, &ent) == 1);-
301-
302 /* Special handling for multiple required authentications */-
303 if (options.num_auth_methods != 0) {
options.num_auth_methods != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
304 if (authenticated &&
authenticatedDescription
TRUEnever evaluated
FALSEnever evaluated
0
305 !auth2_update_methods_lists(authctxt,
!auth2_update_...uth_submethod)Description
TRUEnever evaluated
FALSEnever evaluated
0
306 auth_method, auth_submethod)) {
!auth2_update_...uth_submethod)Description
TRUEnever evaluated
FALSEnever evaluated
0
307 debug3("%s: method %s: partial", __func__,-
308 auth_method);-
309 authenticated = 0;-
310 partial = 1;-
311 }
never executed: end of block
0
312 }
never executed: end of block
0
313-
314 if (authenticated) {
authenticatedDescription
TRUEnever evaluated
FALSEnever evaluated
0
315 if (!(ent->flags & MON_AUTHDECIDE))
!(ent->flags & 0x0008)Description
TRUEnever evaluated
FALSEnever evaluated
0
316 fatal("%s: unexpected authentication from %d",
never executed: fatal("%s: unexpected authentication from %d", __func__, ent->type);
0
317 __func__, ent->type);
never executed: fatal("%s: unexpected authentication from %d", __func__, ent->type);
0
318 if (authctxt->pw->pw_uid == 0 &&
authctxt->pw->pw_uid == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
319 !auth_root_allowed(ssh, auth_method))
!auth_root_all..., auth_method)Description
TRUEnever evaluated
FALSEnever evaluated
0
320 authenticated = 0;
never executed: authenticated = 0;
0
321#ifdef USE_PAM-
322 /* PAM needs to perform account checks after auth */-
323 if (options.use_pam && authenticated) {-
324 struct sshbuf *m;-
325-
326 if ((m = sshbuf_new()) == NULL)-
327 fatal("%s: sshbuf_new failed",-
328 __func__);-
329 mm_request_receive_expect(pmonitor->m_sendfd,-
330 MONITOR_REQ_PAM_ACCOUNT, m);-
331 authenticated = mm_answer_pam_account(-
332 pmonitor->m_sendfd, m);-
333 sshbuf_free(m);-
334 }-
335#endif-
336 }
never executed: end of block
0
337 if (ent->flags & (MON_AUTHDECIDE|MON_ALOG)) {
ent->flags & (0x0008|0x0020)Description
TRUEnever evaluated
FALSEnever evaluated
0
338 auth_log(authctxt, authenticated, partial,-
339 auth_method, auth_submethod);-
340 if (!partial && !authenticated)
!partialDescription
TRUEnever evaluated
FALSEnever evaluated
!authenticatedDescription
TRUEnever evaluated
FALSEnever evaluated
0
341 authctxt->failures++;
never executed: authctxt->failures++;
0
342 if (authenticated || partial) {
authenticatedDescription
TRUEnever evaluated
FALSEnever evaluated
partialDescription
TRUEnever evaluated
FALSEnever evaluated
0
343 auth2_update_session_info(authctxt,-
344 auth_method, auth_submethod);-
345 }
never executed: end of block
0
346 }
never executed: end of block
0
347 }
never executed: end of block
0
348-
349 if (!authctxt->valid)
!authctxt->validDescription
TRUEnever evaluated
FALSEnever evaluated
0
350 fatal("%s: authenticated invalid user", __func__);
never executed: fatal("%s: authenticated invalid user", __func__);
0
351 if (strcmp(auth_method, "unknown") == 0)
never executed: __result = (((const unsigned char *) (const char *) ( auth_method ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( "unknown" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
__extension__ ... )))); }) == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
352 fatal("%s: authentication method name unknown", __func__);
never executed: fatal("%s: authentication method name unknown", __func__);
0
353-
354 debug("%s: %s has been authenticated by privileged process",-
355 __func__, authctxt->user);-
356 ssh->authctxt = NULL;-
357 ssh_packet_set_log_preamble(ssh, "user %s", authctxt->user);-
358-
359 mm_get_keystate(pmonitor);-
360-
361 /* Drain any buffered messages from the child */-
362 while (pmonitor->m_log_recvfd != -1 && monitor_read_log(pmonitor) == 0)
pmonitor->m_log_recvfd != -1Description
TRUEnever evaluated
FALSEnever evaluated
monitor_read_l...pmonitor) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
363 ;
never executed: ;
0
364-
365 if (pmonitor->m_recvfd >= 0)
pmonitor->m_recvfd >= 0Description
TRUEnever evaluated
FALSEnever evaluated
0
366 close(pmonitor->m_recvfd);
never executed: close(pmonitor->m_recvfd);
0
367 if (pmonitor->m_log_sendfd >= 0)
pmonitor->m_log_sendfd >= 0Description
TRUEnever evaluated
FALSEnever evaluated
0
368 close(pmonitor->m_log_sendfd);
never executed: close(pmonitor->m_log_sendfd);
0
369 pmonitor->m_sendfd = pmonitor->m_log_recvfd = -1;-
370}
never executed: end of block
0
371-
372static void-
373monitor_set_child_handler(pid_t pid)-
374{-
375 monitor_child_pid = pid;-
376}
never executed: end of block
0
377-
378static void-
379monitor_child_handler(int sig)-
380{-
381 kill(monitor_child_pid, sig);-
382}
never executed: end of block
0
383-
384void-
385monitor_child_postauth(struct monitor *pmonitor)-
386{-
387 close(pmonitor->m_recvfd);-
388 pmonitor->m_recvfd = -1;-
389-
390 monitor_set_child_handler(pmonitor->m_pid);-
391 signal(SIGHUP, &monitor_child_handler);-
392 signal(SIGTERM, &monitor_child_handler);-
393 signal(SIGINT, &monitor_child_handler);-
394#ifdef SIGXFSZ-
395 signal(SIGXFSZ, SIG_IGN);-
396#endif-
397-
398 mon_dispatch = mon_dispatch_postauth20;-
399-
400 /* Permit requests for moduli and signatures */-
401 monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1);-
402 monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1);-
403 monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1);-
404-
405 if (auth_opts->permit_pty_flag) {
auth_opts->permit_pty_flagDescription
TRUEnever evaluated
FALSEnever evaluated
0
406 monitor_permit(mon_dispatch, MONITOR_REQ_PTY, 1);-
407 monitor_permit(mon_dispatch, MONITOR_REQ_PTYCLEANUP, 1);-
408 }
never executed: end of block
0
409-
410 for (;;)-
411 monitor_read(pmonitor, mon_dispatch, NULL);
never executed: monitor_read(pmonitor, mon_dispatch, ((void *)0) );
0
412}
never executed: end of block
0
413-
414static int-
415monitor_read_log(struct monitor *pmonitor)-
416{-
417 struct sshbuf *logmsg;-
418 u_int len, level;-
419 char *msg;-
420 u_char *p;-
421 int r;-
422-
423 if ((logmsg = sshbuf_new()) == NULL)
(logmsg = sshb...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
424 fatal("%s: sshbuf_new", __func__);
never executed: fatal("%s: sshbuf_new", __func__);
0
425-
426 /* Read length */-
427 if ((r = sshbuf_reserve(logmsg, 4, &p)) != 0)
(r = sshbuf_re..., 4, &p)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
428 fatal("%s: reserve: %s", __func__, ssh_err(r));
never executed: fatal("%s: reserve: %s", __func__, ssh_err(r));
0
429 if (atomicio(read, pmonitor->m_log_recvfd, p, 4) != 4) {
atomicio(read,...fd, p, 4) != 4Description
TRUEnever evaluated
FALSEnever evaluated
0
430 if (errno == EPIPE) {
(*__errno_location ()) == 32Description
TRUEnever evaluated
FALSEnever evaluated
0
431 sshbuf_free(logmsg);-
432 debug("%s: child log fd closed", __func__);-
433 close(pmonitor->m_log_recvfd);-
434 pmonitor->m_log_recvfd = -1;-
435 return -1;
never executed: return -1;
0
436 }-
437 fatal("%s: log fd read: %s", __func__, strerror(errno));-
438 }
never executed: end of block
0
439 if ((r = sshbuf_get_u32(logmsg, &len)) != 0)
(r = sshbuf_ge...g, &len)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
440 fatal("%s: get len: %s", __func__, ssh_err(r));
never executed: fatal("%s: get len: %s", __func__, ssh_err(r));
0
441 if (len <= 4 || len > 8192)
len <= 4Description
TRUEnever evaluated
FALSEnever evaluated
len > 8192Description
TRUEnever evaluated
FALSEnever evaluated
0
442 fatal("%s: invalid log message length %u", __func__, len);
never executed: fatal("%s: invalid log message length %u", __func__, len);
0
443-
444 /* Read severity, message */-
445 sshbuf_reset(logmsg);-
446 if ((r = sshbuf_reserve(logmsg, len, &p)) != 0)
(r = sshbuf_re...len, &p)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
447 fatal("%s: reserve: %s", __func__, ssh_err(r));
never executed: fatal("%s: reserve: %s", __func__, ssh_err(r));
0
448 if (atomicio(read, pmonitor->m_log_recvfd, p, len) != len)
atomicio(read,...p, len) != lenDescription
TRUEnever evaluated
FALSEnever evaluated
0
449 fatal("%s: log fd read: %s", __func__, strerror(errno));
never executed: fatal("%s: log fd read: %s", __func__, strerror( (*__errno_location ()) ));
0
450 if ((r = sshbuf_get_u32(logmsg, &level)) != 0 ||
(r = sshbuf_ge... &level)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
451 (r = sshbuf_get_cstring(logmsg, &msg, NULL)) != 0)
(r = sshbuf_ge...d *)0) )) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
452 fatal("%s: decode: %s", __func__, ssh_err(r));
never executed: fatal("%s: decode: %s", __func__, ssh_err(r));
0
453-
454 /* Log it */-
455 if (log_level_name(level) == NULL)
log_level_name...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
456 fatal("%s: invalid log level %u (corrupted message?)",
never executed: fatal("%s: invalid log level %u (corrupted message?)", __func__, level);
0
457 __func__, level);
never executed: fatal("%s: invalid log level %u (corrupted message?)", __func__, level);
0
458 do_log2(level, "%s [preauth]", msg);-
459-
460 sshbuf_free(logmsg);-
461 free(msg);-
462-
463 return 0;
never executed: return 0;
0
464}-
465-
466int-
467monitor_read(struct monitor *pmonitor, struct mon_table *ent,-
468 struct mon_table **pent)-
469{-
470 struct sshbuf *m;-
471 int r, ret;-
472 u_char type;-
473 struct pollfd pfd[2];-
474-
475 for (;;) {-
476 memset(&pfd, 0, sizeof(pfd));-
477 pfd[0].fd = pmonitor->m_sendfd;-
478 pfd[0].events = POLLIN;-
479 pfd[1].fd = pmonitor->m_log_recvfd;-
480 pfd[1].events = pfd[1].fd == -1 ? 0 : POLLIN;
pfd[1].fd == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
481 if (poll(pfd, pfd[1].fd == -1 ? 1 : 2, -1) == -1) {
poll(pfd, pfd[...: 2, -1) == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
482 if (errno == EINTR || errno == EAGAIN)
(*__errno_location ()) == 4Description
TRUEnever evaluated
FALSEnever evaluated
(*__errno_location ()) == 11Description
TRUEnever evaluated
FALSEnever evaluated
0
483 continue;
never executed: continue;
0
484 fatal("%s: poll: %s", __func__, strerror(errno));-
485 }
never executed: end of block
0
486 if (pfd[1].revents) {
pfd[1].reventsDescription
TRUEnever evaluated
FALSEnever evaluated
0
487 /*-
488 * Drain all log messages before processing next-
489 * monitor request.-
490 */-
491 monitor_read_log(pmonitor);-
492 continue;
never executed: continue;
0
493 }-
494 if (pfd[0].revents)
pfd[0].reventsDescription
TRUEnever evaluated
FALSEnever evaluated
0
495 break; /* Continues below */
never executed: break;
0
496 }
never executed: end of block
0
497-
498 if ((m = sshbuf_new()) == NULL)
(m = sshbuf_ne...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
499 fatal("%s: sshbuf_new", __func__);
never executed: fatal("%s: sshbuf_new", __func__);
0
500-
501 mm_request_receive(pmonitor->m_sendfd, m);-
502 if ((r = sshbuf_get_u8(m, &type)) != 0)
(r = sshbuf_ge..., &type)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
503 fatal("%s: decode: %s", __func__, ssh_err(r));
never executed: fatal("%s: decode: %s", __func__, ssh_err(r));
0
504-
505 debug3("%s: checking request %d", __func__, type);-
506-
507 while (ent->f != NULL) {
ent->f != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
508 if (ent->type == type)
ent->type == typeDescription
TRUEnever evaluated
FALSEnever evaluated
0
509 break;
never executed: break;
0
510 ent++;-
511 }
never executed: end of block
0
512-
513 if (ent->f != NULL) {
ent->f != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
514 if (!(ent->flags & MON_PERMIT))
!(ent->flags & 0x1000)Description
TRUEnever evaluated
FALSEnever evaluated
0
515 fatal("%s: unpermitted request %d", __func__,
never executed: fatal("%s: unpermitted request %d", __func__, type);
0
516 type);
never executed: fatal("%s: unpermitted request %d", __func__, type);
0
517 ret = (*ent->f)(pmonitor->m_sendfd, m);-
518 sshbuf_free(m);-
519-
520 /* The child may use this request only once, disable it */-
521 if (ent->flags & MON_ONCE) {
ent->flags & 0x0010Description
TRUEnever evaluated
FALSEnever evaluated
0
522 debug2("%s: %d used once, disabling now", __func__,-
523 type);-
524 ent->flags &= ~MON_PERMIT;-
525 }
never executed: end of block
0
526-
527 if (pent != NULL)
pent != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
528 *pent = ent;
never executed: *pent = ent;
0
529-
530 return ret;
never executed: return ret;
0
531 }-
532-
533 fatal("%s: unsupported request: %d", __func__, type);-
534-
535 /* NOTREACHED */-
536 return (-1);
never executed: return (-1);
0
537}-
538-
539/* allowed key state */-
540static int-
541monitor_allowed_key(u_char *blob, u_int bloblen)-
542{-
543 /* make sure key is allowed */-
544 if (key_blob == NULL || key_bloblen != bloblen ||
key_blob == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
key_bloblen != bloblenDescription
TRUEnever evaluated
FALSEnever evaluated
0
545 timingsafe_bcmp(key_blob, blob, key_bloblen))
timingsafe_bcm..., key_bloblen)Description
TRUEnever evaluated
FALSEnever evaluated
0
546 return (0);
never executed: return (0);
0
547 return (1);
never executed: return (1);
0
548}-
549-
550static void-
551monitor_reset_key_state(void)-
552{-
553 /* reset state */-
554 free(key_blob);-
555 free(hostbased_cuser);-
556 free(hostbased_chost);-
557 sshauthopt_free(key_opts);-
558 key_blob = NULL;-
559 key_bloblen = 0;-
560 key_blobtype = MM_NOKEY;-
561 key_opts = NULL;-
562 hostbased_cuser = NULL;-
563 hostbased_chost = NULL;-
564}
never executed: end of block
0
565-
566#ifdef WITH_OPENSSL-
567int-
568mm_answer_moduli(int sock, struct sshbuf *m)-
569{-
570 DH *dh;-
571 const BIGNUM *dh_p, *dh_g;-
572 int r;-
573 u_int min, want, max;-
574-
575 if ((r = sshbuf_get_u32(m, &min)) != 0 ||
(r = sshbuf_ge...m, &min)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
576 (r = sshbuf_get_u32(m, &want)) != 0 ||
(r = sshbuf_ge..., &want)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
577 (r = sshbuf_get_u32(m, &max)) != 0)
(r = sshbuf_ge...m, &max)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
578 fatal("%s: buffer error: %s", __func__, ssh_err(r));
never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r));
0
579-
580 debug3("%s: got parameters: %d %d %d",-
581 __func__, min, want, max);-
582 /* We need to check here, too, in case the child got corrupted */-
583 if (max < min || want < min || max < want)
max < minDescription
TRUEnever evaluated
FALSEnever evaluated
want < minDescription
TRUEnever evaluated
FALSEnever evaluated
max < wantDescription
TRUEnever evaluated
FALSEnever evaluated
0
584 fatal("%s: bad parameters: %d %d %d",
never executed: fatal("%s: bad parameters: %d %d %d", __func__, min, want, max);
0
585 __func__, min, want, max);
never executed: fatal("%s: bad parameters: %d %d %d", __func__, min, want, max);
0
586-
587 sshbuf_reset(m);-
588-
589 dh = choose_dh(min, want, max);-
590 if (dh == NULL) {
dh == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
591 if ((r = sshbuf_put_u8(m, 0)) != 0)
(r = sshbuf_put_u8(m, 0)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
592 fatal("%s: buffer error: %s", __func__, ssh_err(r));
never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r));
0
593 return (0);
never executed: return (0);
0
594 } else {-
595 /* Send first bignum */-
596 DH_get0_pqg(dh, &dh_p, NULL, &dh_g);-
597 if ((r = sshbuf_put_u8(m, 1)) != 0 ||
(r = sshbuf_put_u8(m, 1)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
598 (r = sshbuf_put_bignum2(m, dh_p)) != 0 ||
(r = sshbuf_pu...m, dh_p)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
599 (r = sshbuf_put_bignum2(m, dh_g)) != 0)
(r = sshbuf_pu...m, dh_g)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
600 fatal("%s: buffer error: %s", __func__, ssh_err(r));
never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r));
0
601-
602 DH_free(dh);-
603 }
never executed: end of block
0
604 mm_request_send(sock, MONITOR_ANS_MODULI, m);-
605 return (0);
never executed: return (0);
0
606}-
607#endif-
608-
609int-
610mm_answer_sign(int sock, struct sshbuf *m)-
611{-
612 struct ssh *ssh = active_state; /* XXX */-
613 extern int auth_sock; /* XXX move to state struct? */-
614 struct sshkey *key;-
615 struct sshbuf *sigbuf = NULL;-
616 u_char *p = NULL, *signature = NULL;-
617 char *alg = NULL;-
618 size_t datlen, siglen, alglen;-
619 int r, is_proof = 0;-
620 u_int keyid, compat;-
621 const char proof_req[] = "hostkeys-prove-00@openssh.com";-
622-
623 debug3("%s", __func__);-
624-
625 if ((r = sshbuf_get_u32(m, &keyid)) != 0 ||
(r = sshbuf_ge... &keyid)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
626 (r = sshbuf_get_string(m, &p, &datlen)) != 0 ||
(r = sshbuf_ge...&datlen)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
627 (r = sshbuf_get_cstring(m, &alg, &alglen)) != 0 ||
(r = sshbuf_ge...&alglen)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
628 (r = sshbuf_get_u32(m, &compat)) != 0)
(r = sshbuf_ge...&compat)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
629 fatal("%s: buffer error: %s", __func__, ssh_err(r));
never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r));
0
630 if (keyid > INT_MAX)
keyid > 0x7fffffffDescription
TRUEnever evaluated
FALSEnever evaluated
0
631 fatal("%s: invalid key ID", __func__);
never executed: fatal("%s: invalid key ID", __func__);
0
632-
633 /*-
634 * Supported KEX types use SHA1 (20 bytes), SHA256 (32 bytes),-
635 * SHA384 (48 bytes) and SHA512 (64 bytes).-
636 *-
637 * Otherwise, verify the signature request is for a hostkey-
638 * proof.-
639 *-
640 * XXX perform similar check for KEX signature requests too?-
641 * it's not trivial, since what is signed is the hash, rather-
642 * than the full kex structure...-
643 */-
644 if (datlen != 20 && datlen != 32 && datlen != 48 && datlen != 64) {
datlen != 20Description
TRUEnever evaluated
FALSEnever evaluated
datlen != 32Description
TRUEnever evaluated
FALSEnever evaluated
datlen != 48Description
TRUEnever evaluated
FALSEnever evaluated
datlen != 64Description
TRUEnever evaluated
FALSEnever evaluated
0
645 /*-
646 * Construct expected hostkey proof and compare it to what-
647 * the client sent us.-
648 */-
649 if (session_id2_len == 0) /* hostkeys is never first */
session_id2_len == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
650 fatal("%s: bad data length: %zu", __func__, datlen);
never executed: fatal("%s: bad data length: %zu", __func__, datlen);
0
651 if ((key = get_hostkey_public_by_index(keyid, ssh)) == NULL)
(key = get_hos...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
652 fatal("%s: no hostkey for index %d", __func__, keyid);
never executed: fatal("%s: no hostkey for index %d", __func__, keyid);
0
653 if ((sigbuf = sshbuf_new()) == NULL)
(sigbuf = sshb...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
654 fatal("%s: sshbuf_new", __func__);
never executed: fatal("%s: sshbuf_new", __func__);
0
655 if ((r = sshbuf_put_cstring(sigbuf, proof_req)) != 0 ||
(r = sshbuf_pu...oof_req)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
656 (r = sshbuf_put_string(sigbuf, session_id2,
(r = sshbuf_pu...id2_len)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
657 session_id2_len)) != 0 ||
(r = sshbuf_pu...id2_len)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
658 (r = sshkey_puts(key, sigbuf)) != 0)
(r = sshkey_pu... sigbuf)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
659 fatal("%s: couldn't prepare private key "
never executed: fatal("%s: couldn't prepare private key " "proof buffer: %s", __func__, ssh_err(r));
0
660 "proof buffer: %s", __func__, ssh_err(r));
never executed: fatal("%s: couldn't prepare private key " "proof buffer: %s", __func__, ssh_err(r));
0
661 if (datlen != sshbuf_len(sigbuf) ||
datlen != sshbuf_len(sigbuf)Description
TRUEnever evaluated
FALSEnever evaluated
0
662 memcmp(p, sshbuf_ptr(sigbuf), sshbuf_len(sigbuf)) != 0)
memcmp(p, sshb...(sigbuf)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
663 fatal("%s: bad data length: %zu, hostkey proof len %zu",
never executed: fatal("%s: bad data length: %zu, hostkey proof len %zu", __func__, datlen, sshbuf_len(sigbuf));
0
664 __func__, datlen, sshbuf_len(sigbuf));
never executed: fatal("%s: bad data length: %zu, hostkey proof len %zu", __func__, datlen, sshbuf_len(sigbuf));
0
665 sshbuf_free(sigbuf);-
666 is_proof = 1;-
667 }
never executed: end of block
0
668-
669 /* save session id, it will be passed on the first call */-
670 if (session_id2_len == 0) {
session_id2_len == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
671 session_id2_len = datlen;-
672 session_id2 = xmalloc(session_id2_len);-
673 memcpy(session_id2, p, session_id2_len);-
674 }
never executed: end of block
0
675-
676 if ((key = get_hostkey_by_index(keyid)) != NULL) {
(key = get_hos...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
677 if ((r = sshkey_sign(key, &signature, &siglen, p, datlen, alg,
(r = sshkey_si... compat)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
678 compat)) != 0)
(r = sshkey_si... compat)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
679 fatal("%s: sshkey_sign failed: %s",
never executed: fatal("%s: sshkey_sign failed: %s", __func__, ssh_err(r));
0
680 __func__, ssh_err(r));
never executed: fatal("%s: sshkey_sign failed: %s", __func__, ssh_err(r));
0
681 } else if ((key = get_hostkey_public_by_index(keyid, ssh)) != NULL &&
never executed: end of block
(key = get_hos...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
682 auth_sock > 0) {
auth_sock > 0Description
TRUEnever evaluated
FALSEnever evaluated
0
683 if ((r = ssh_agent_sign(auth_sock, key, &signature, &siglen,
(r = ssh_agent... compat)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
684 p, datlen, alg, compat)) != 0) {
(r = ssh_agent... compat)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
685 fatal("%s: ssh_agent_sign failed: %s",-
686 __func__, ssh_err(r));-
687 }
never executed: end of block
0
688 } else
never executed: end of block
0
689 fatal("%s: no hostkey from index %d", __func__, keyid);
never executed: fatal("%s: no hostkey from index %d", __func__, keyid);
0
690-
691 debug3("%s: %s signature %p(%zu)", __func__,-
692 is_proof ? "KEX" : "hostkey proof", signature, siglen);-
693-
694 sshbuf_reset(m);-
695 if ((r = sshbuf_put_string(m, signature, siglen)) != 0)
(r = sshbuf_pu... siglen)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
696 fatal("%s: buffer error: %s", __func__, ssh_err(r));
never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r));
0
697-
698 free(alg);-
699 free(p);-
700 free(signature);-
701-
702 mm_request_send(sock, MONITOR_ANS_SIGN, m);-
703-
704 /* Turn on permissions for getpwnam */-
705 monitor_permit(mon_dispatch, MONITOR_REQ_PWNAM, 1);-
706-
707 return (0);
never executed: return (0);
0
708}-
709-
710/* Retrieves the password entry and also checks if the user is permitted */-
711-
712int-
713mm_answer_pwnamallow(int sock, struct sshbuf *m)-
714{-
715 struct ssh *ssh = active_state; /* XXX */-
716 char *username;-
717 struct passwd *pwent;-
718 int r, allowed = 0;-
719 u_int i;-
720-
721 debug3("%s", __func__);-
722-
723 if (authctxt->attempt++ != 0)
authctxt->attempt++ != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
724 fatal("%s: multiple attempts for getpwnam", __func__);
never executed: fatal("%s: multiple attempts for getpwnam", __func__);
0
725-
726 if ((r = sshbuf_get_cstring(m, &username, NULL)) != 0)
(r = sshbuf_ge...d *)0) )) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
727 fatal("%s: buffer error: %s", __func__, ssh_err(r));
never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r));
0
728-
729 pwent = getpwnamallow(username);-
730-
731 authctxt->user = xstrdup(username);-
732 setproctitle("%s [priv]", pwent ? username : "unknown");-
733 free(username);-
734-
735 sshbuf_reset(m);-
736-
737 if (pwent == NULL) {
pwent == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
738 if ((r = sshbuf_put_u8(m, 0)) != 0)
(r = sshbuf_put_u8(m, 0)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
739 fatal("%s: buffer error: %s", __func__, ssh_err(r));
never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r));
0
740 authctxt->pw = fakepw();-
741 goto out;
never executed: goto out;
0
742 }-
743-
744 allowed = 1;-
745 authctxt->pw = pwent;-
746 authctxt->valid = 1;-
747-
748 /* XXX don't sent pwent to unpriv; send fake class/dir/shell too */-
749 if ((r = sshbuf_put_u8(m, 1)) != 0 ||
(r = sshbuf_put_u8(m, 1)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
750 (r = sshbuf_put_string(m, pwent, sizeof(*pwent))) != 0 ||
(r = sshbuf_pu...*pwent))) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
751 (r = sshbuf_put_cstring(m, pwent->pw_name)) != 0 ||
(r = sshbuf_pu...pw_name)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
752 (r = sshbuf_put_cstring(m, "*")) != 0 ||
(r = sshbuf_pu...(m, "*")) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
753#ifdef HAVE_STRUCT_PASSWD_PW_GECOS-
754 (r = sshbuf_put_cstring(m, pwent->pw_gecos)) != 0 ||
(r = sshbuf_pu...w_gecos)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
755#endif-
756#ifdef HAVE_STRUCT_PASSWD_PW_CLASS-
757 (r = sshbuf_put_cstring(m, pwent->pw_class)) != 0 ||-
758#endif-
759 (r = sshbuf_put_cstring(m, pwent->pw_dir)) != 0 ||
(r = sshbuf_pu...>pw_dir)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
760 (r = sshbuf_put_cstring(m, pwent->pw_shell)) != 0)
(r = sshbuf_pu...w_shell)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
761 fatal("%s: buffer error: %s", __func__, ssh_err(r));
never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r));
0
762-
763 out:
code before this statement never executed: out:
0
764 ssh_packet_set_log_preamble(ssh, "%suser %s",-
765 authctxt->valid ? "authenticating" : "invalid ", authctxt->user);-
766 if ((r = sshbuf_put_string(m, &options, sizeof(options))) != 0)
(r = sshbuf_pu...ptions))) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
767 fatal("%s: buffer error: %s", __func__, ssh_err(r));
never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r));
0
768-
769#define M_CP_STROPT(x) do { \-
770 if (options.x != NULL) { \-
771 if ((r = sshbuf_put_cstring(m, options.x)) != 0) \-
772 fatal("%s: buffer error: %s", \-
773 __func__, ssh_err(r)); \-
774 } \-
775 } while (0)-
776#define M_CP_STRARRAYOPT(x, nx) do { \-
777 for (i = 0; i < options.nx; i++) { \-
778 if ((r = sshbuf_put_cstring(m, options.x[i])) != 0) \-
779 fatal("%s: buffer error: %s", \-
780 __func__, ssh_err(r)); \-
781 } \-
782 } while (0)-
783 /* See comment in servconf.h */-
784 COPY_MATCH_STRING_OPTS();
never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r));
never executed: end of block
never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r));
never executed: end of block
never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r));
never executed: end of block
never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r));
never executed: end of block
never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r));
never executed: end of block
never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r));
never executed: end of block
never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r));
never executed: end of block
never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r));
never executed: end of block
never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r));
never executed: end of block
never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r));
never executed: end of block
never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r));
never executed: end of block
never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r));
never executed: end of block
never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r));
never executed: end of block
never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r));
never executed: end of block
never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r));
never executed: end of block
never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r));
never executed: end of block
never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r));
never executed: end of block
never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r));
never executed: end of block
never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r));
never executed: end of block
never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r));
never executed: end of block
never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r));
never executed: end of block
never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r));
never executed: end of block
options.banner != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
(r = sshbuf_pu....banner)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
options.truste...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
(r = sshbuf_pu...ca_keys)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
options.revoke...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
(r = sshbuf_pu...ys_file)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
options.author...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
(r = sshbuf_pu...command)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
options.author...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
(r = sshbuf_pu...nd_user)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
options.author...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
(r = sshbuf_pu...ls_file)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
options.author...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
(r = sshbuf_pu...command)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
options.author...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
(r = sshbuf_pu...nd_user)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
options.hostba...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
(r = sshbuf_pu...y_types)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
options.pubkey...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
(r = sshbuf_pu...y_types)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
options.ca_sig...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
(r = sshbuf_pu...orithms)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
options.routin...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
(r = sshbuf_pu..._domain)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
options.permit...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
(r = sshbuf_pu...itelist)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
(r = sshbuf_pu...iles[i])) != 0Description
TRUEnever evaluated
FALSEnever evaluated
(r = sshbuf_pu...sers[i])) != 0Description
TRUEnever evaluated
FALSEnever evaluated
(r = sshbuf_pu...sers[i])) != 0Description
TRUEnever evaluated
FALSEnever evaluated
(r = sshbuf_pu...oups[i])) != 0Description
TRUEnever evaluated
FALSEnever evaluated
(r = sshbuf_pu...oups[i])) != 0Description
TRUEnever evaluated
FALSEnever evaluated
(r = sshbuf_pu..._env[i])) != 0Description
TRUEnever evaluated
FALSEnever evaluated
(r = sshbuf_pu...hods[i])) != 0Description
TRUEnever evaluated
FALSEnever evaluated
(r = sshbuf_pu...pens[i])) != 0Description
TRUEnever evaluated
FALSEnever evaluated
(r = sshbuf_pu...tens[i])) != 0Description
TRUEnever evaluated
FALSEnever evaluated
i < options.num_authkeys_filesDescription
TRUEnever evaluated
FALSEnever evaluated
i < options.num_allow_usersDescription
TRUEnever evaluated
FALSEnever evaluated
i < options.num_deny_usersDescription
TRUEnever evaluated
FALSEnever evaluated
i < options.num_allow_groupsDescription
TRUEnever evaluated
FALSEnever evaluated
i < options.num_deny_groupsDescription
TRUEnever evaluated
FALSEnever evaluated
i < options.num_accept_envDescription
TRUEnever evaluated
FALSEnever evaluated
i < options.num_auth_methodsDescription
TRUEnever evaluated
FALSEnever evaluated
i < options.nu...ermitted_opensDescription
TRUEnever evaluated
FALSEnever evaluated
i < options.nu...mitted_listensDescription
TRUEnever evaluated
FALSEnever evaluated
0
785#undef M_CP_STROPT-
786#undef M_CP_STRARRAYOPT-
787-
788 /* Create valid auth method lists */-
789 if (auth2_setup_methods_lists(authctxt) != 0) {
auth2_setup_me...authctxt) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
790 /*-
791 * The monitor will continue long enough to let the child-
792 * run to it's packet_disconnect(), but it must not allow any-
793 * authentication to succeed.-
794 */-
795 debug("%s: no valid authentication method lists", __func__);-
796 }
never executed: end of block
0
797-
798 debug3("%s: sending MONITOR_ANS_PWNAM: %d", __func__, allowed);-
799 mm_request_send(sock, MONITOR_ANS_PWNAM, m);-
800-
801 /* Allow service/style information on the auth context */-
802 monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1);-
803 monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1);-
804-
805#ifdef USE_PAM-
806 if (options.use_pam)-
807 monitor_permit(mon_dispatch, MONITOR_REQ_PAM_START, 1);-
808#endif-
809-
810 return (0);
never executed: return (0);
0
811}-
812-
813int mm_answer_auth2_read_banner(int sock, struct sshbuf *m)-
814{-
815 char *banner;-
816 int r;-
817-
818 sshbuf_reset(m);-
819 banner = auth2_read_banner();-
820 if ((r = sshbuf_put_cstring(m, banner != NULL ? banner : "")) != 0)
(r = sshbuf_pu...er : "")) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
821 fatal("%s: buffer error: %s", __func__, ssh_err(r));
never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r));
0
822 mm_request_send(sock, MONITOR_ANS_AUTH2_READ_BANNER, m);-
823 free(banner);-
824-
825 return (0);
never executed: return (0);
0
826}-
827-
828int-
829mm_answer_authserv(int sock, struct sshbuf *m)-
830{-
831 int r;-
832-
833 monitor_permit_authentications(1);-
834-
835 if ((r = sshbuf_get_cstring(m, &authctxt->service, NULL)) != 0 ||
(r = sshbuf_ge...d *)0) )) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
836 (r = sshbuf_get_cstring(m, &authctxt->style, NULL)) != 0)
(r = sshbuf_ge...d *)0) )) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
837 fatal("%s: buffer error: %s", __func__, ssh_err(r));
never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r));
0
838 debug3("%s: service=%s, style=%s",-
839 __func__, authctxt->service, authctxt->style);-
840-
841 if (strlen(authctxt->style) == 0) {
strlen(authctxt->style) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
842 free(authctxt->style);-
843 authctxt->style = NULL;-
844 }
never executed: end of block
0
845-
846 return (0);
never executed: return (0);
0
847}-
848-
849int-
850mm_answer_authpassword(int sock, struct sshbuf *m)-
851{-
852 struct ssh *ssh = active_state; /* XXX */-
853 static int call_count;-
854 char *passwd;-
855 int r, authenticated;-
856 size_t plen;-
857-
858 if (!options.password_authentication)
!options.passw...authenticationDescription
TRUEnever evaluated
FALSEnever evaluated
0
859 fatal("%s: password authentication not enabled", __func__);
never executed: fatal("%s: password authentication not enabled", __func__);
0
860 if ((r = sshbuf_get_cstring(m, &passwd, &plen)) != 0)
(r = sshbuf_ge..., &plen)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
861 fatal("%s: buffer error: %s", __func__, ssh_err(r));
never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r));
0
862 /* Only authenticate if the context is valid */-
863 authenticated = options.password_authentication &&
options.passwo...authenticationDescription
TRUEnever evaluated
FALSEnever evaluated
0
864 auth_password(ssh, passwd);
auth_password(ssh, passwd)Description
TRUEnever evaluated
FALSEnever evaluated
0
865 explicit_bzero(passwd, plen);-
866 free(passwd);-
867-
868 sshbuf_reset(m);-
869 if ((r = sshbuf_put_u32(m, authenticated)) != 0)
(r = sshbuf_pu...ticated)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
870 fatal("%s: buffer error: %s", __func__, ssh_err(r));
never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r));
0
871#ifdef USE_PAM-
872 if ((r = sshbuf_put_u32(m, sshpam_get_maxtries_reached())) != 0)-
873 fatal("%s: buffer error: %s", __func__, ssh_err(r));-
874#endif-
875-
876 debug3("%s: sending result %d", __func__, authenticated);-
877 mm_request_send(sock, MONITOR_ANS_AUTHPASSWORD, m);-
878-
879 call_count++;-
880 if (plen == 0 && call_count == 1)
plen == 0Description
TRUEnever evaluated
FALSEnever evaluated
call_count == 1Description
TRUEnever evaluated
FALSEnever evaluated
0
881 auth_method = "none";
never executed: auth_method = "none";
0
882 else-
883 auth_method = "password";
never executed: auth_method = "password";
0
884-
885 /* Causes monitor loop to terminate if authenticated */-
886 return (authenticated);
never executed: return (authenticated);
0
887}-
888-
889#ifdef BSD_AUTH-
890int-
891mm_answer_bsdauthquery(int sock, struct sshbuf *m)-
892{-
893 char *name, *infotxt;-
894 u_int numprompts, *echo_on, success;-
895 char **prompts;-
896 int r;-
897-
898 if (!options.kbd_interactive_authentication)-
899 fatal("%s: kbd-int authentication not enabled", __func__);-
900 success = bsdauth_query(authctxt, &name, &infotxt, &numprompts,-
901 &prompts, &echo_on) < 0 ? 0 : 1;-
902-
903 sshbuf_reset(m);-
904 if ((r = sshbuf_put_u32(m, success)) != 0)-
905 fatal("%s: buffer error: %s", __func__, ssh_err(r));-
906 if (success) {-
907 if ((r = sshbuf_put_cstring(m, prompts[0])) != 0)-
908 fatal("%s: buffer error: %s", __func__, ssh_err(r));-
909 }-
910-
911 debug3("%s: sending challenge success: %u", __func__, success);-
912 mm_request_send(sock, MONITOR_ANS_BSDAUTHQUERY, m);-
913-
914 if (success) {-
915 free(name);-
916 free(infotxt);-
917 free(prompts);-
918 free(echo_on);-
919 }-
920-
921 return (0);-
922}-
923-
924int-
925mm_answer_bsdauthrespond(int sock, struct sshbuf *m)-
926{-
927 char *response;-
928 int r, authok;-
929-
930 if (!options.kbd_interactive_authentication)-
931 fatal("%s: kbd-int authentication not enabled", __func__);-
932 if (authctxt->as == NULL)-
933 fatal("%s: no bsd auth session", __func__);-
934-
935 if ((r = sshbuf_get_cstring(m, &response, NULL)) != 0)-
936 fatal("%s: buffer error: %s", __func__, ssh_err(r));-
937 authok = options.challenge_response_authentication &&-
938 auth_userresponse(authctxt->as, response, 0);-
939 authctxt->as = NULL;-
940 debug3("%s: <%s> = <%d>", __func__, response, authok);-
941 free(response);-
942-
943 sshbuf_reset(m);-
944 if ((r = sshbuf_put_u32(m, authok)) != 0)-
945 fatal("%s: buffer error: %s", __func__, ssh_err(r));-
946-
947 debug3("%s: sending authenticated: %d", __func__, authok);-
948 mm_request_send(sock, MONITOR_ANS_BSDAUTHRESPOND, m);-
949-
950 auth_method = "keyboard-interactive";-
951 auth_submethod = "bsdauth";-
952-
953 return (authok != 0);-
954}-
955#endif-
956-
957#ifdef USE_PAM-
958int-
959mm_answer_pam_start(int sock, struct sshbuf *m)-
960{-
961 if (!options.use_pam)-
962 fatal("UsePAM not set, but ended up in %s anyway", __func__);-
963-
964 start_pam(authctxt);-
965-
966 monitor_permit(mon_dispatch, MONITOR_REQ_PAM_ACCOUNT, 1);-
967 if (options.kbd_interactive_authentication)-
968 monitor_permit(mon_dispatch, MONITOR_REQ_PAM_INIT_CTX, 1);-
969-
970 return (0);-
971}-
972-
973int-
974mm_answer_pam_account(int sock, struct sshbuf *m)-
975{-
976 u_int ret;-
977 int r;-
978-
979 if (!options.use_pam)-
980 fatal("%s: PAM not enabled", __func__);-
981-
982 ret = do_pam_account();-
983-
984 if ((r = sshbuf_put_u32(m, ret)) != 0 ||-
985 (r = sshbuf_put_stringb(m, loginmsg)) != 0)-
986 fatal("%s: buffer error: %s", __func__, ssh_err(r));-
987-
988 mm_request_send(sock, MONITOR_ANS_PAM_ACCOUNT, m);-
989-
990 return (ret);-
991}-
992-
993static void *sshpam_ctxt, *sshpam_authok;-
994extern KbdintDevice sshpam_device;-
995-
996int-
997mm_answer_pam_init_ctx(int sock, struct sshbuf *m)-
998{-
999 u_int ok = 0;-
1000 int r;-
1001-
1002 debug3("%s", __func__);-
1003 if (!options.kbd_interactive_authentication)-
1004 fatal("%s: kbd-int authentication not enabled", __func__);-
1005 if (sshpam_ctxt != NULL)-
1006 fatal("%s: already called", __func__);-
1007 sshpam_ctxt = (sshpam_device.init_ctx)(authctxt);-
1008 sshpam_authok = NULL;-
1009 sshbuf_reset(m);-
1010 if (sshpam_ctxt != NULL) {-
1011 monitor_permit(mon_dispatch, MONITOR_REQ_PAM_FREE_CTX, 1);-
1012 monitor_permit(mon_dispatch, MONITOR_REQ_PAM_QUERY, 1);-
1013 ok = 1;-
1014 }-
1015 if ((r = sshbuf_put_u32(m, ok)) != 0)-
1016 fatal("%s: buffer error: %s", __func__, ssh_err(r));-
1017 mm_request_send(sock, MONITOR_ANS_PAM_INIT_CTX, m);-
1018 return (0);-
1019}-
1020-
1021int-
1022mm_answer_pam_query(int sock, struct sshbuf *m)-
1023{-
1024 char *name = NULL, *info = NULL, **prompts = NULL;-
1025 u_int i, num = 0, *echo_on = 0;-
1026 int r, ret;-
1027-
1028 debug3("%s", __func__);-
1029 sshpam_authok = NULL;-
1030 if (sshpam_ctxt == NULL)-
1031 fatal("%s: no context", __func__);-
1032 ret = (sshpam_device.query)(sshpam_ctxt, &name, &info,-
1033 &num, &prompts, &echo_on);-
1034 if (ret == 0 && num == 0)-
1035 sshpam_authok = sshpam_ctxt;-
1036 if (num > 1 || name == NULL || info == NULL)-
1037 fatal("sshpam_device.query failed");-
1038 monitor_permit(mon_dispatch, MONITOR_REQ_PAM_RESPOND, 1);-
1039 sshbuf_reset(m);-
1040 if ((r = sshbuf_put_u32(m, ret)) != 0 ||-
1041 (r = sshbuf_put_cstring(m, name)) != 0 ||-
1042 (r = sshbuf_put_cstring(m, info)) != 0 ||-
1043 (r = sshbuf_put_u32(m, sshpam_get_maxtries_reached())) != 0 ||-
1044 (r = sshbuf_put_u32(m, num)) != 0)-
1045 fatal("%s: buffer error: %s", __func__, ssh_err(r));-
1046 free(name);-
1047 free(info);-
1048 for (i = 0; i < num; ++i) {-
1049 if ((r = sshbuf_put_cstring(m, prompts[i])) != 0 ||-
1050 (r = sshbuf_put_u32(m, echo_on[i])) != 0)-
1051 fatal("%s: buffer error: %s", __func__, ssh_err(r));-
1052 free(prompts[i]);-
1053 }-
1054 free(prompts);-
1055 free(echo_on);-
1056 auth_method = "keyboard-interactive";-
1057 auth_submethod = "pam";-
1058 mm_request_send(sock, MONITOR_ANS_PAM_QUERY, m);-
1059 return (0);-
1060}-
1061-
1062int-
1063mm_answer_pam_respond(int sock, struct sshbuf *m)-
1064{-
1065 char **resp;-
1066 u_int i, num;-
1067 int r, ret;-
1068-
1069 debug3("%s", __func__);-
1070 if (sshpam_ctxt == NULL)-
1071 fatal("%s: no context", __func__);-
1072 sshpam_authok = NULL;-
1073 if ((r = sshbuf_get_u32(m, &num)) != 0)-
1074 fatal("%s: buffer error: %s", __func__, ssh_err(r));-
1075 if (num > 0) {-
1076 resp = xcalloc(num, sizeof(char *));-
1077 for (i = 0; i < num; ++i) {-
1078 if ((r = sshbuf_get_cstring(m, &(resp[i]), NULL)) != 0)-
1079 fatal("%s: buffer error: %s",-
1080 __func__, ssh_err(r));-
1081 }-
1082 ret = (sshpam_device.respond)(sshpam_ctxt, num, resp);-
1083 for (i = 0; i < num; ++i)-
1084 free(resp[i]);-
1085 free(resp);-
1086 } else {-
1087 ret = (sshpam_device.respond)(sshpam_ctxt, num, NULL);-
1088 }-
1089 sshbuf_reset(m);-
1090 if ((r = sshbuf_put_u32(m, ret)) != 0)-
1091 fatal("%s: buffer error: %s", __func__, ssh_err(r));-
1092 mm_request_send(sock, MONITOR_ANS_PAM_RESPOND, m);-
1093 auth_method = "keyboard-interactive";-
1094 auth_submethod = "pam";-
1095 if (ret == 0)-
1096 sshpam_authok = sshpam_ctxt;-
1097 return (0);-
1098}-
1099-
1100int-
1101mm_answer_pam_free_ctx(int sock, struct sshbuf *m)-
1102{-
1103 int r = sshpam_authok != NULL && sshpam_authok == sshpam_ctxt;-
1104-
1105 debug3("%s", __func__);-
1106 if (sshpam_ctxt == NULL)-
1107 fatal("%s: no context", __func__);-
1108 (sshpam_device.free_ctx)(sshpam_ctxt);-
1109 sshpam_ctxt = sshpam_authok = NULL;-
1110 sshbuf_reset(m);-
1111 mm_request_send(sock, MONITOR_ANS_PAM_FREE_CTX, m);-
1112 /* Allow another attempt */-
1113 monitor_permit(mon_dispatch, MONITOR_REQ_PAM_INIT_CTX, 1);-
1114 auth_method = "keyboard-interactive";-
1115 auth_submethod = "pam";-
1116 return r;-
1117}-
1118#endif-
1119-
1120int-
1121mm_answer_keyallowed(int sock, struct sshbuf *m)-
1122{-
1123 struct ssh *ssh = active_state; /* XXX */-
1124 struct sshkey *key = NULL;-
1125 char *cuser, *chost;-
1126 u_int pubkey_auth_attempt;-
1127 enum mm_keytype type = 0;-
1128 int r, allowed = 0;-
1129 struct sshauthopt *opts = NULL;-
1130-
1131 debug3("%s entering", __func__);-
1132 if ((r = sshbuf_get_u32(m, &type)) != 0 ||
(r = sshbuf_ge..., &type)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1133 (r = sshbuf_get_cstring(m, &cuser, NULL)) != 0 ||
(r = sshbuf_ge...d *)0) )) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1134 (r = sshbuf_get_cstring(m, &chost, NULL)) != 0 ||
(r = sshbuf_ge...d *)0) )) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1135 (r = sshkey_froms(m, &key)) != 0 ||
(r = sshkey_fr...m, &key)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1136 (r = sshbuf_get_u32(m, &pubkey_auth_attempt)) != 0)
(r = sshbuf_ge...attempt)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1137 fatal("%s: buffer error: %s", __func__, ssh_err(r));
never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r));
0
1138-
1139 debug3("%s: key_from_blob: %p", __func__, key);-
1140-
1141 if (key != NULL && authctxt->valid) {
key != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
authctxt->validDescription
TRUEnever evaluated
FALSEnever evaluated
0
1142 /* These should not make it past the privsep child */-
1143 if (sshkey_type_plain(key->type) == KEY_RSA &&
sshkey_type_pl...pe) == KEY_RSADescription
TRUEnever evaluated
FALSEnever evaluated
0
1144 (datafellows & SSH_BUG_RSASIGMD5) != 0)
(datafellows &...00002000) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1145 fatal("%s: passed a SSH_BUG_RSASIGMD5 key", __func__);
never executed: fatal("%s: passed a SSH_BUG_RSASIGMD5 key", __func__);
0
1146-
1147 switch (type) {-
1148 case MM_USERKEY:
never executed: case MM_USERKEY:
0
1149 auth_method = "publickey";-
1150 if (!options.pubkey_authentication)
!options.pubkey_authenticationDescription
TRUEnever evaluated
FALSEnever evaluated
0
1151 break;
never executed: break;
0
1152 if (auth2_key_already_used(authctxt, key))
auth2_key_alre...authctxt, key)Description
TRUEnever evaluated
FALSEnever evaluated
0
1153 break;
never executed: break;
0
1154 if (match_pattern_list(sshkey_ssh_name(key),
match_pattern_...types, 0) != 1Description
TRUEnever evaluated
FALSEnever evaluated
0
1155 options.pubkey_key_types, 0) != 1)
match_pattern_...types, 0) != 1Description
TRUEnever evaluated
FALSEnever evaluated
0
1156 break;
never executed: break;
0
1157 allowed = user_key_allowed(ssh, authctxt->pw, key,-
1158 pubkey_auth_attempt, &opts);-
1159 break;
never executed: break;
0
1160 case MM_HOSTKEY:
never executed: case MM_HOSTKEY:
0
1161 auth_method = "hostbased";-
1162 if (!options.hostbased_authentication)
!options.hostb...authenticationDescription
TRUEnever evaluated
FALSEnever evaluated
0
1163 break;
never executed: break;
0
1164 if (auth2_key_already_used(authctxt, key))
auth2_key_alre...authctxt, key)Description
TRUEnever evaluated
FALSEnever evaluated
0
1165 break;
never executed: break;
0
1166 if (match_pattern_list(sshkey_ssh_name(key),
match_pattern_...types, 0) != 1Description
TRUEnever evaluated
FALSEnever evaluated
0
1167 options.hostbased_key_types, 0) != 1)
match_pattern_...types, 0) != 1Description
TRUEnever evaluated
FALSEnever evaluated
0
1168 break;
never executed: break;
0
1169 allowed = hostbased_key_allowed(authctxt->pw,-
1170 cuser, chost, key);-
1171 auth2_record_info(authctxt,-
1172 "client user \"%.100s\", client host \"%.100s\"",-
1173 cuser, chost);-
1174 break;
never executed: break;
0
1175 default:
never executed: default:
0
1176 fatal("%s: unknown key type %d", __func__, type);-
1177 break;
never executed: break;
0
1178 }-
1179 }-
1180-
1181 debug3("%s: %s authentication%s: %s key is %s", __func__,-
1182 auth_method, pubkey_auth_attempt ? "" : " test",-
1183 (key == NULL || !authctxt->valid) ? "invalid" : sshkey_type(key),-
1184 allowed ? "allowed" : "not allowed");-
1185-
1186 auth2_record_key(authctxt, 0, key);-
1187-
1188 /* clear temporarily storage (used by verify) */-
1189 monitor_reset_key_state();-
1190-
1191 if (allowed) {
allowedDescription
TRUEnever evaluated
FALSEnever evaluated
0
1192 /* Save temporarily for comparison in verify */-
1193 if ((r = sshkey_to_blob(key, &key_blob, &key_bloblen)) != 0)
(r = sshkey_to...bloblen)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1194 fatal("%s: buffer error: %s", __func__, ssh_err(r));
never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r));
0
1195 key_blobtype = type;-
1196 key_opts = opts;-
1197 hostbased_cuser = cuser;-
1198 hostbased_chost = chost;-
1199 } else {
never executed: end of block
0
1200 /* Log failed attempt */-
1201 auth_log(authctxt, 0, 0, auth_method, NULL);-
1202 free(cuser);-
1203 free(chost);-
1204 }
never executed: end of block
0
1205 sshkey_free(key);-
1206-
1207 sshbuf_reset(m);-
1208 if ((r = sshbuf_put_u32(m, allowed)) != 0)
(r = sshbuf_pu...allowed)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1209 fatal("%s: buffer error: %s", __func__, ssh_err(r));
never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r));
0
1210 if (opts != NULL && (r = sshauthopt_serialise(opts, m, 1)) != 0)
opts != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
(r = sshauthop...s, m, 1)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1211 fatal("%s: sshauthopt_serialise: %s", __func__, ssh_err(r));
never executed: fatal("%s: sshauthopt_serialise: %s", __func__, ssh_err(r));
0
1212 mm_request_send(sock, MONITOR_ANS_KEYALLOWED, m);-
1213-
1214 if (!allowed)
!allowedDescription
TRUEnever evaluated
FALSEnever evaluated
0
1215 sshauthopt_free(opts);
never executed: sshauthopt_free(opts);
0
1216-
1217 return (0);
never executed: return (0);
0
1218}-
1219-
1220static int-
1221monitor_valid_userblob(u_char *data, u_int datalen)-
1222{-
1223 struct sshbuf *b;-
1224 const u_char *p;-
1225 char *userstyle, *cp;-
1226 size_t len;-
1227 u_char type;-
1228 int r, fail = 0;-
1229-
1230 if ((b = sshbuf_new()) == NULL)
(b = sshbuf_ne...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1231 fatal("%s: sshbuf_new", __func__);
never executed: fatal("%s: sshbuf_new", __func__);
0
1232 if ((r = sshbuf_put(b, data, datalen)) != 0)
(r = sshbuf_pu...datalen)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1233 fatal("%s: buffer error: %s", __func__, ssh_err(r));
never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r));
0
1234-
1235 if (datafellows & SSH_OLD_SESSIONID) {
datafellows & 0x00000010Description
TRUEnever evaluated
FALSEnever evaluated
0
1236 p = sshbuf_ptr(b);-
1237 len = sshbuf_len(b);-
1238 if ((session_id2 == NULL) ||
(session_id2 == ((void *)0) )Description
TRUEnever evaluated
FALSEnever evaluated
0
1239 (len < session_id2_len) ||
(len < session_id2_len)Description
TRUEnever evaluated
FALSEnever evaluated
0
1240 (timingsafe_bcmp(p, session_id2, session_id2_len) != 0))
(timingsafe_bc...id2_len) != 0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1241 fail++;
never executed: fail++;
0
1242 if ((r = sshbuf_consume(b, session_id2_len)) != 0)
(r = sshbuf_co...id2_len)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1243 fatal("%s: buffer error: %s", __func__, ssh_err(r));
never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r));
0
1244 } else {
never executed: end of block
0
1245 if ((r = sshbuf_get_string_direct(b, &p, &len)) != 0)
(r = sshbuf_ge...p, &len)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1246 fatal("%s: buffer error: %s", __func__, ssh_err(r));
never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r));
0
1247 if ((session_id2 == NULL) ||
(session_id2 == ((void *)0) )Description
TRUEnever evaluated
FALSEnever evaluated
0
1248 (len != session_id2_len) ||
(len != session_id2_len)Description
TRUEnever evaluated
FALSEnever evaluated
0
1249 (timingsafe_bcmp(p, session_id2, session_id2_len) != 0))
(timingsafe_bc...id2_len) != 0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1250 fail++;
never executed: fail++;
0
1251 }
never executed: end of block
0
1252 if ((r = sshbuf_get_u8(b, &type)) != 0)
(r = sshbuf_ge..., &type)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1253 fatal("%s: buffer error: %s", __func__, ssh_err(r));
never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r));
0
1254 if (type != SSH2_MSG_USERAUTH_REQUEST)
type != 50Description
TRUEnever evaluated
FALSEnever evaluated
0
1255 fail++;
never executed: fail++;
0
1256 if ((r = sshbuf_get_cstring(b, &cp, NULL)) != 0)
(r = sshbuf_ge...d *)0) )) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1257 fatal("%s: buffer error: %s", __func__, ssh_err(r));
never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r));
0
1258 xasprintf(&userstyle, "%s%s%s", authctxt->user,-
1259 authctxt->style ? ":" : "",-
1260 authctxt->style ? authctxt->style : "");-
1261 if (strcmp(userstyle, cp) != 0) {
never executed: __result = (((const unsigned char *) (const char *) ( userstyle ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( cp ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
__extension__ ... )))); }) != 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1262 logit("wrong user name passed to monitor: "-
1263 "expected %s != %.100s", userstyle, cp);-
1264 fail++;-
1265 }
never executed: end of block
0
1266 free(userstyle);-
1267 free(cp);-
1268 if ((r = sshbuf_skip_string(b)) != 0 || /* service */
(r = sshbuf_ge...d *)0) )) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1269 (r = sshbuf_get_cstring(b, &cp, NULL)) != 0)
(r = sshbuf_ge...d *)0) )) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1270 fatal("%s: buffer error: %s", __func__, ssh_err(r));
never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r));
0
1271 if (strcmp("publickey", cp) != 0)
never executed: __result = (((const unsigned char *) (const char *) ( "publickey" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( cp ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
__extension__ ... )))); }) != 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1272 fail++;
never executed: fail++;
0
1273 free(cp);-
1274 if ((r = sshbuf_get_u8(b, &type)) != 0)
(r = sshbuf_ge..., &type)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1275 fatal("%s: buffer error: %s", __func__, ssh_err(r));
never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r));
0
1276 if (type == 0)
type == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1277 fail++;
never executed: fail++;
0
1278 if ((r = sshbuf_skip_string(b)) != 0 || /* pkalg */
(r = sshbuf_ge...d *)0) )) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1279 (r = sshbuf_skip_string(b)) != 0) /* pkblob */
(r = sshbuf_ge...d *)0) )) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1280 fatal("%s: buffer error: %s", __func__, ssh_err(r));
never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r));
0
1281 if (sshbuf_len(b) != 0)
sshbuf_len(b) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1282 fail++;
never executed: fail++;
0
1283 sshbuf_free(b);-
1284 return (fail == 0);
never executed: return (fail == 0);
0
1285}-
1286-
1287static int-
1288monitor_valid_hostbasedblob(u_char *data, u_int datalen, char *cuser,-
1289 char *chost)-
1290{-
1291 struct sshbuf *b;-
1292 const u_char *p;-
1293 char *cp, *userstyle;-
1294 size_t len;-
1295 int r, fail = 0;-
1296 u_char type;-
1297-
1298 if ((b = sshbuf_new()) == NULL)
(b = sshbuf_ne...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1299 fatal("%s: sshbuf_new", __func__);
never executed: fatal("%s: sshbuf_new", __func__);
0
1300 if ((r = sshbuf_put(b, data, datalen)) != 0 ||
(r = sshbuf_pu...datalen)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1301 (r = sshbuf_get_string_direct(b, &p, &len)) != 0)
(r = sshbuf_ge...p, &len)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1302 fatal("%s: buffer error: %s", __func__, ssh_err(r));
never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r));
0
1303-
1304 if ((session_id2 == NULL) ||
(session_id2 == ((void *)0) )Description
TRUEnever evaluated
FALSEnever evaluated
0
1305 (len != session_id2_len) ||
(len != session_id2_len)Description
TRUEnever evaluated
FALSEnever evaluated
0
1306 (timingsafe_bcmp(p, session_id2, session_id2_len) != 0))
(timingsafe_bc...id2_len) != 0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1307 fail++;
never executed: fail++;
0
1308-
1309 if ((r = sshbuf_get_u8(b, &type)) != 0)
(r = sshbuf_ge..., &type)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1310 fatal("%s: buffer error: %s", __func__, ssh_err(r));
never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r));
0
1311 if (type != SSH2_MSG_USERAUTH_REQUEST)
type != 50Description
TRUEnever evaluated
FALSEnever evaluated
0
1312 fail++;
never executed: fail++;
0
1313 if ((r = sshbuf_get_cstring(b, &cp, NULL)) != 0)
(r = sshbuf_ge...d *)0) )) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1314 fatal("%s: buffer error: %s", __func__, ssh_err(r));
never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r));
0
1315 xasprintf(&userstyle, "%s%s%s", authctxt->user,-
1316 authctxt->style ? ":" : "",-
1317 authctxt->style ? authctxt->style : "");-
1318 if (strcmp(userstyle, cp) != 0) {
never executed: __result = (((const unsigned char *) (const char *) ( userstyle ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( cp ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
__extension__ ... )))); }) != 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1319 logit("wrong user name passed to monitor: "-
1320 "expected %s != %.100s", userstyle, cp);-
1321 fail++;-
1322 }
never executed: end of block
0
1323 free(userstyle);-
1324 free(cp);-
1325 if ((r = sshbuf_skip_string(b)) != 0 || /* service */
(r = sshbuf_ge...d *)0) )) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1326 (r = sshbuf_get_cstring(b, &cp, NULL)) != 0)
(r = sshbuf_ge...d *)0) )) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1327 fatal("%s: buffer error: %s", __func__, ssh_err(r));
never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r));
0
1328 if (strcmp(cp, "hostbased") != 0)
never executed: __result = (((const unsigned char *) (const char *) ( cp ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( "hostbased" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
__extension__ ... )))); }) != 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1329 fail++;
never executed: fail++;
0
1330 free(cp);-
1331 if ((r = sshbuf_skip_string(b)) != 0 || /* pkalg */
(r = sshbuf_ge...d *)0) )) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1332 (r = sshbuf_skip_string(b)) != 0) /* pkblob */
(r = sshbuf_ge...d *)0) )) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1333 fatal("%s: buffer error: %s", __func__, ssh_err(r));
never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r));
0
1334-
1335 /* verify client host, strip trailing dot if necessary */-
1336 if ((r = sshbuf_get_cstring(b, &cp, NULL)) != 0)
(r = sshbuf_ge...d *)0) )) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1337 fatal("%s: buffer error: %s", __func__, ssh_err(r));
never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r));
0
1338 if (((len = strlen(cp)) > 0) && cp[len - 1] == '.')
((len = strlen(cp)) > 0)Description
TRUEnever evaluated
FALSEnever evaluated
cp[len - 1] == '.'Description
TRUEnever evaluated
FALSEnever evaluated
0
1339 cp[len - 1] = '\0';
never executed: cp[len - 1] = '\0';
0
1340 if (strcmp(cp, chost) != 0)
never executed: __result = (((const unsigned char *) (const char *) ( cp ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( chost ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
__extension__ ... )))); }) != 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1341 fail++;
never executed: fail++;
0
1342 free(cp);-
1343-
1344 /* verify client user */-
1345 if ((r = sshbuf_get_cstring(b, &cp, NULL)) != 0)
(r = sshbuf_ge...d *)0) )) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1346 fatal("%s: buffer error: %s", __func__, ssh_err(r));
never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r));
0
1347 if (strcmp(cp, cuser) != 0)
never executed: __result = (((const unsigned char *) (const char *) ( cp ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( cuser ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
__extension__ ... )))); }) != 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1348 fail++;
never executed: fail++;
0
1349 free(cp);-
1350-
1351 if (sshbuf_len(b) != 0)
sshbuf_len(b) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1352 fail++;
never executed: fail++;
0
1353 sshbuf_free(b);-
1354 return (fail == 0);
never executed: return (fail == 0);
0
1355}-
1356-
1357int-
1358mm_answer_keyverify(int sock, struct sshbuf *m)-
1359{-
1360 struct ssh *ssh = active_state; /* XXX */-
1361 struct sshkey *key;-
1362 u_char *signature, *data, *blob;-
1363 char *sigalg;-
1364 size_t signaturelen, datalen, bloblen;-
1365 int r, ret, valid_data = 0, encoded_ret;-
1366-
1367 if ((r = sshbuf_get_string(m, &blob, &bloblen)) != 0 ||
(r = sshbuf_ge...bloblen)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1368 (r = sshbuf_get_string(m, &signature, &signaturelen)) != 0 ||
(r = sshbuf_ge...turelen)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1369 (r = sshbuf_get_string(m, &data, &datalen)) != 0 ||
(r = sshbuf_ge...datalen)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1370 (r = sshbuf_get_cstring(m, &sigalg, NULL)) != 0)
(r = sshbuf_ge...d *)0) )) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1371 fatal("%s: buffer error: %s", __func__, ssh_err(r));
never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r));
0
1372-
1373 if (hostbased_cuser == NULL || hostbased_chost == NULL ||
hostbased_cuser == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
hostbased_chost == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1374 !monitor_allowed_key(blob, bloblen))
!monitor_allow...blob, bloblen)Description
TRUEnever evaluated
FALSEnever evaluated
0
1375 fatal("%s: bad key, not previously allowed", __func__);
never executed: fatal("%s: bad key, not previously allowed", __func__);
0
1376-
1377 /* Empty signature algorithm means NULL. */-
1378 if (*sigalg == '\0') {
*sigalg == '\0'Description
TRUEnever evaluated
FALSEnever evaluated
0
1379 free(sigalg);-
1380 sigalg = NULL;-
1381 }
never executed: end of block
0
1382-
1383 /* XXX use sshkey_froms here; need to change key_blob, etc. */-
1384 if ((r = sshkey_from_blob(blob, bloblen, &key)) != 0)
(r = sshkey_fr...n, &key)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1385 fatal("%s: bad public key blob: %s", __func__, ssh_err(r));
never executed: fatal("%s: bad public key blob: %s", __func__, ssh_err(r));
0
1386-
1387 switch (key_blobtype) {-
1388 case MM_USERKEY:
never executed: case MM_USERKEY:
0
1389 valid_data = monitor_valid_userblob(data, datalen);-
1390 auth_method = "publickey";-
1391 break;
never executed: break;
0
1392 case MM_HOSTKEY:
never executed: case MM_HOSTKEY:
0
1393 valid_data = monitor_valid_hostbasedblob(data, datalen,-
1394 hostbased_cuser, hostbased_chost);-
1395 auth_method = "hostbased";-
1396 break;
never executed: break;
0
1397 default:
never executed: default:
0
1398 valid_data = 0;-
1399 break;
never executed: break;
0
1400 }-
1401 if (!valid_data)
!valid_dataDescription
TRUEnever evaluated
FALSEnever evaluated
0
1402 fatal("%s: bad signature data blob", __func__);
never executed: fatal("%s: bad signature data blob", __func__);
0
1403-
1404 ret = sshkey_verify(key, signature, signaturelen, data, datalen,-
1405 sigalg, active_state->compat);-
1406 debug3("%s: %s %p signature %s", __func__, auth_method, key,-
1407 (ret == 0) ? "verified" : "unverified");-
1408 auth2_record_key(authctxt, ret == 0, key);-
1409-
1410 free(blob);-
1411 free(signature);-
1412 free(data);-
1413 free(sigalg);-
1414-
1415 if (key_blobtype == MM_USERKEY)
key_blobtype == MM_USERKEYDescription
TRUEnever evaluated
FALSEnever evaluated
0
1416 auth_activate_options(ssh, key_opts);
never executed: auth_activate_options(ssh, key_opts);
0
1417 monitor_reset_key_state();-
1418-
1419 sshkey_free(key);-
1420 sshbuf_reset(m);-
1421-
1422 /* encode ret != 0 as positive integer, since we're sending u32 */-
1423 encoded_ret = (ret != 0);-
1424 if ((r = sshbuf_put_u32(m, encoded_ret)) != 0)
(r = sshbuf_pu...ded_ret)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1425 fatal("%s: buffer error: %s", __func__, ssh_err(r));
never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r));
0
1426 mm_request_send(sock, MONITOR_ANS_KEYVERIFY, m);-
1427-
1428 return ret == 0;
never executed: return ret == 0;
0
1429}-
1430-
1431static void-
1432mm_record_login(Session *s, struct passwd *pw)-
1433{-
1434 struct ssh *ssh = active_state; /* XXX */-
1435 socklen_t fromlen;-
1436 struct sockaddr_storage from;-
1437-
1438 /*-
1439 * Get IP address of client. If the connection is not a socket, let-
1440 * the address be 0.0.0.0.-
1441 */-
1442 memset(&from, 0, sizeof(from));-
1443 fromlen = sizeof(from);-
1444 if (packet_connection_is_on_socket()) {
ssh_packet_con...(active_state)Description
TRUEnever evaluated
FALSEnever evaluated
0
1445 if (getpeername(packet_get_connection_in(),
getpeername(ss... &fromlen) < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1446 (struct sockaddr *)&from, &fromlen) < 0) {
getpeername(ss... &fromlen) < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1447 debug("getpeername: %.100s", strerror(errno));-
1448 cleanup_exit(255);-
1449 }
never executed: end of block
0
1450 }
never executed: end of block
0
1451 /* Record that there was a login on that tty from the remote host. */-
1452 record_login(s->pid, s->tty, pw->pw_name, pw->pw_uid,-
1453 session_get_remote_name_or_ip(ssh, utmp_len, options.use_dns),-
1454 (struct sockaddr *)&from, fromlen);-
1455}
never executed: end of block
0
1456-
1457static void-
1458mm_session_close(Session *s)-
1459{-
1460 debug3("%s: session %d pid %ld", __func__, s->self, (long)s->pid);-
1461 if (s->ttyfd != -1) {
s->ttyfd != -1Description
TRUEnever evaluated
FALSEnever evaluated
0
1462 debug3("%s: tty %s ptyfd %d", __func__, s->tty, s->ptyfd);-
1463 session_pty_cleanup2(s);-
1464 }
never executed: end of block
0
1465 session_unused(s->self);-
1466}
never executed: end of block
0
1467-
1468int-
1469mm_answer_pty(int sock, struct sshbuf *m)-
1470{-
1471 extern struct monitor *pmonitor;-
1472 Session *s;-
1473 int r, res, fd0;-
1474-
1475 debug3("%s entering", __func__);-
1476-
1477 sshbuf_reset(m);-
1478 s = session_new();-
1479 if (s == NULL)
s == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1480 goto error;
never executed: goto error;
0
1481 s->authctxt = authctxt;-
1482 s->pw = authctxt->pw;-
1483 s->pid = pmonitor->m_pid;-
1484 res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty));-
1485 if (res == 0)
res == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1486 goto error;
never executed: goto error;
0
1487 pty_setowner(authctxt->pw, s->tty);-
1488-
1489 if ((r = sshbuf_put_u32(m, 1)) != 0 ||
(r = sshbuf_pu...32(m, 1)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1490 (r = sshbuf_put_cstring(m, s->tty)) != 0)
(r = sshbuf_pu... s->tty)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1491 fatal("%s: buffer error: %s", __func__, ssh_err(r));
never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r));
0
1492-
1493 /* We need to trick ttyslot */-
1494 if (dup2(s->ttyfd, 0) == -1)
dup2(s->ttyfd, 0) == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
1495 fatal("%s: dup2", __func__);
never executed: fatal("%s: dup2", __func__);
0
1496-
1497 mm_record_login(s, authctxt->pw);-
1498-
1499 /* Now we can close the file descriptor again */-
1500 close(0);-
1501-
1502 /* send messages generated by record_login */-
1503 if ((r = sshbuf_put_stringb(m, loginmsg)) != 0)
(r = sshbuf_pu...oginmsg)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1504 fatal("%s: put login message: %s", __func__, ssh_err(r));
never executed: fatal("%s: put login message: %s", __func__, ssh_err(r));
0
1505 sshbuf_reset(loginmsg);-
1506-
1507 mm_request_send(sock, MONITOR_ANS_PTY, m);-
1508-
1509 if (mm_send_fd(sock, s->ptyfd) == -1 ||
mm_send_fd(soc...->ptyfd) == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
1510 mm_send_fd(sock, s->ttyfd) == -1)
mm_send_fd(soc...->ttyfd) == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
1511 fatal("%s: send fds failed", __func__);
never executed: fatal("%s: send fds failed", __func__);
0
1512-
1513 /* make sure nothing uses fd 0 */-
1514 if ((fd0 = open(_PATH_DEVNULL, O_RDONLY)) < 0)
(fd0 = open( "...l" , 00 )) < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1515 fatal("%s: open(/dev/null): %s", __func__, strerror(errno));
never executed: fatal("%s: open(/dev/null): %s", __func__, strerror( (*__errno_location ()) ));
0
1516 if (fd0 != 0)
fd0 != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1517 error("%s: fd0 %d != 0", __func__, fd0);
never executed: error("%s: fd0 %d != 0", __func__, fd0);
0
1518-
1519 /* slave is not needed */-
1520 close(s->ttyfd);-
1521 s->ttyfd = s->ptyfd;-
1522 /* no need to dup() because nobody closes ptyfd */-
1523 s->ptymaster = s->ptyfd;-
1524-
1525 debug3("%s: tty %s ptyfd %d", __func__, s->tty, s->ttyfd);-
1526-
1527 return (0);
never executed: return (0);
0
1528-
1529 error:-
1530 if (s != NULL)
s != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1531 mm_session_close(s);
never executed: mm_session_close(s);
0
1532 if ((r = sshbuf_put_u32(m, 0)) != 0)
(r = sshbuf_pu...32(m, 0)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1533 fatal("%s: buffer error: %s", __func__, ssh_err(r));
never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r));
0
1534 mm_request_send(sock, MONITOR_ANS_PTY, m);-
1535 return (0);
never executed: return (0);
0
1536}-
1537-
1538int-
1539mm_answer_pty_cleanup(int sock, struct sshbuf *m)-
1540{-
1541 Session *s;-
1542 char *tty;-
1543 int r;-
1544-
1545 debug3("%s entering", __func__);-
1546-
1547 if ((r = sshbuf_get_cstring(m, &tty, NULL)) != 0)
(r = sshbuf_ge...d *)0) )) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1548 fatal("%s: buffer error: %s", __func__, ssh_err(r));
never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r));
0
1549 if ((s = session_by_tty(tty)) != NULL)
(s = session_b...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1550 mm_session_close(s);
never executed: mm_session_close(s);
0
1551 sshbuf_reset(m);-
1552 free(tty);-
1553 return (0);
never executed: return (0);
0
1554}-
1555-
1556int-
1557mm_answer_term(int sock, struct sshbuf *req)-
1558{-
1559 struct ssh *ssh = active_state; /* XXX */-
1560 extern struct monitor *pmonitor;-
1561 int res, status;-
1562-
1563 debug3("%s: tearing down sessions", __func__);-
1564-
1565 /* The child is terminating */-
1566 session_destroy_all(ssh, &mm_session_close);-
1567-
1568#ifdef USE_PAM-
1569 if (options.use_pam)-
1570 sshpam_cleanup();-
1571#endif-
1572-
1573 while (waitpid(pmonitor->m_pid, &status, 0) == -1)
waitpid(pmonit...atus, 0) == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
1574 if (errno != EINTR)
(*__errno_location ()) != 4Description
TRUEnever evaluated
FALSEnever evaluated
0
1575 exit(1);
never executed: exit(1);
0
1576-
1577 res = WIFEXITED(status) ? WEXITSTATUS(status) : 1;
((( status ) & 0x7f) == 0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1578-
1579 /* Terminate process */-
1580 exit(res);
never executed: exit(res);
0
1581}-
1582-
1583#ifdef SSH_AUDIT_EVENTS-
1584/* Report that an audit event occurred */-
1585int-
1586mm_answer_audit_event(int socket, struct sshbuf *m)-
1587{-
1588 u_int n;-
1589 ssh_audit_event_t event;-
1590 int r;-
1591-
1592 debug3("%s entering", __func__);-
1593-
1594 if ((r = sshbuf_get_u32(m, &n)) != 0)-
1595 fatal("%s: buffer error: %s", __func__, ssh_err(r));-
1596 event = (ssh_audit_event_t)n;-
1597 switch (event) {-
1598 case SSH_AUTH_FAIL_PUBKEY:-
1599 case SSH_AUTH_FAIL_HOSTBASED:-
1600 case SSH_AUTH_FAIL_GSSAPI:-
1601 case SSH_LOGIN_EXCEED_MAXTRIES:-
1602 case SSH_LOGIN_ROOT_DENIED:-
1603 case SSH_CONNECTION_CLOSE:-
1604 case SSH_INVALID_USER:-
1605 audit_event(event);-
1606 break;-
1607 default:-
1608 fatal("Audit event type %d not permitted", event);-
1609 }-
1610-
1611 return (0);-
1612}-
1613-
1614int-
1615mm_answer_audit_command(int socket, struct sshbuf *m)-
1616{-
1617 char *cmd;-
1618 int r;-
1619-
1620 debug3("%s entering", __func__);-
1621 if ((r = sshbuf_get_cstring(m, &cmd, NULL)) != 0)-
1622 fatal("%s: buffer error: %s", __func__, ssh_err(r));-
1623 /* sanity check command, if so how? */-
1624 audit_run_command(cmd);-
1625 free(cmd);-
1626 return (0);-
1627}-
1628#endif /* SSH_AUDIT_EVENTS */-
1629-
1630void-
1631monitor_clear_keystate(struct monitor *pmonitor)-
1632{-
1633 struct ssh *ssh = active_state; /* XXX */-
1634-
1635 ssh_clear_newkeys(ssh, MODE_IN);-
1636 ssh_clear_newkeys(ssh, MODE_OUT);-
1637 sshbuf_free(child_state);-
1638 child_state = NULL;-
1639}
never executed: end of block
0
1640-
1641void-
1642monitor_apply_keystate(struct monitor *pmonitor)-
1643{-
1644 struct ssh *ssh = active_state; /* XXX */-
1645 struct kex *kex;-
1646 int r;-
1647-
1648 debug3("%s: packet_set_state", __func__);-
1649 if ((r = ssh_packet_set_state(ssh, child_state)) != 0)
(r = ssh_packe...d_state)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1650 fatal("%s: packet_set_state: %s", __func__, ssh_err(r));
never executed: fatal("%s: packet_set_state: %s", __func__, ssh_err(r));
0
1651 sshbuf_free(child_state);-
1652 child_state = NULL;-
1653-
1654 if ((kex = ssh->kex) != NULL) {
(kex = ssh->ke...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1655 /* XXX set callbacks */-
1656#ifdef WITH_OPENSSL-
1657 kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;-
1658 kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server;-
1659 kex->kex[KEX_DH_GRP14_SHA256] = kexdh_server;-
1660 kex->kex[KEX_DH_GRP16_SHA512] = kexdh_server;-
1661 kex->kex[KEX_DH_GRP18_SHA512] = kexdh_server;-
1662 kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;-
1663 kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;-
1664# ifdef OPENSSL_HAS_ECC-
1665 kex->kex[KEX_ECDH_SHA2] = kexecdh_server;-
1666# endif-
1667#endif /* WITH_OPENSSL */-
1668 kex->kex[KEX_C25519_SHA256] = kexc25519_server;-
1669 kex->load_host_public_key=&get_hostkey_public_by_type;-
1670 kex->load_host_private_key=&get_hostkey_private_by_type;-
1671 kex->host_key_index=&get_hostkey_index;-
1672 kex->sign = sshd_hostkey_sign;-
1673 }
never executed: end of block
0
1674}
never executed: end of block
0
1675-
1676/* This function requries careful sanity checking */-
1677-
1678void-
1679mm_get_keystate(struct monitor *pmonitor)-
1680{-
1681 debug3("%s: Waiting for new keys", __func__);-
1682-
1683 if ((child_state = sshbuf_new()) == NULL)
(child_state =...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1684 fatal("%s: sshbuf_new failed", __func__);
never executed: fatal("%s: sshbuf_new failed", __func__);
0
1685 mm_request_receive_expect(pmonitor->m_sendfd, MONITOR_REQ_KEYEXPORT,-
1686 child_state);-
1687 debug3("%s: GOT new keys", __func__);-
1688}
never executed: end of block
0
1689-
1690-
1691/* XXX */-
1692-
1693#define FD_CLOSEONEXEC(x) do { \-
1694 if (fcntl(x, F_SETFD, FD_CLOEXEC) == -1) \-
1695 fatal("fcntl(%d, F_SETFD)", x); \-
1696} while (0)-
1697-
1698static void-
1699monitor_openfds(struct monitor *mon, int do_logfds)-
1700{-
1701 int pair[2];-
1702#ifdef SO_ZEROIZE-
1703 int on = 1;-
1704#endif-
1705-
1706 if (socketpair(AF_UNIX, SOCK_STREAM, 0, pair) == -1)
socketpair( 1 ...0, pair) == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
1707 fatal("%s: socketpair: %s", __func__, strerror(errno));
never executed: fatal("%s: socketpair: %s", __func__, strerror( (*__errno_location ()) ));
0
1708#ifdef SO_ZEROIZE-
1709 if (setsockopt(pair[0], SOL_SOCKET, SO_ZEROIZE, &on, sizeof(on)) < 0)-
1710 error("setsockopt SO_ZEROIZE(0): %.100s", strerror(errno));-
1711 if (setsockopt(pair[1], SOL_SOCKET, SO_ZEROIZE, &on, sizeof(on)) < 0)-
1712 error("setsockopt SO_ZEROIZE(1): %.100s", strerror(errno));-
1713#endif-
1714 FD_CLOSEONEXEC(pair[0]);
never executed: fatal("fcntl(%d, F_SETFD)", pair[0]);
fcntl(pair[0], 2 , 1 ) == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
1715 FD_CLOSEONEXEC(pair[1]);
never executed: fatal("fcntl(%d, F_SETFD)", pair[1]);
fcntl(pair[1], 2 , 1 ) == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
1716 mon->m_recvfd = pair[0];-
1717 mon->m_sendfd = pair[1];-
1718-
1719 if (do_logfds) {
do_logfdsDescription
TRUEnever evaluated
FALSEnever evaluated
0
1720 if (pipe(pair) == -1)
pipe(pair) == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
1721 fatal("%s: pipe: %s", __func__, strerror(errno));
never executed: fatal("%s: pipe: %s", __func__, strerror( (*__errno_location ()) ));
0
1722 FD_CLOSEONEXEC(pair[0]);
never executed: fatal("fcntl(%d, F_SETFD)", pair[0]);
fcntl(pair[0], 2 , 1 ) == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
1723 FD_CLOSEONEXEC(pair[1]);
never executed: fatal("fcntl(%d, F_SETFD)", pair[1]);
fcntl(pair[1], 2 , 1 ) == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
1724 mon->m_log_recvfd = pair[0];-
1725 mon->m_log_sendfd = pair[1];-
1726 } else
never executed: end of block
0
1727 mon->m_log_recvfd = mon->m_log_sendfd = -1;
never executed: mon->m_log_recvfd = mon->m_log_sendfd = -1;
0
1728}-
1729-
1730#define MM_MEMSIZE 65536-
1731-
1732struct monitor *-
1733monitor_init(void)-
1734{-
1735 struct monitor *mon;-
1736-
1737 mon = xcalloc(1, sizeof(*mon));-
1738 monitor_openfds(mon, 1);-
1739-
1740 return mon;
never executed: return mon;
0
1741}-
1742-
1743void-
1744monitor_reinit(struct monitor *mon)-
1745{-
1746 monitor_openfds(mon, 0);-
1747}
never executed: end of block
0
1748-
1749#ifdef GSSAPI-
1750int-
1751mm_answer_gss_setup_ctx(int sock, struct sshbuf *m)-
1752{-
1753 gss_OID_desc goid;-
1754 OM_uint32 major;-
1755 size_t len;-
1756 u_char *p;-
1757 int r;-
1758-
1759 if (!options.gss_authentication)-
1760 fatal("%s: GSSAPI authentication not enabled", __func__);-
1761-
1762 if ((r = sshbuf_get_string(m, &p, &len)) != 0)-
1763 fatal("%s: buffer error: %s", __func__, ssh_err(r));-
1764 goid.elements = p;-
1765 goid.length = len;-
1766-
1767 major = ssh_gssapi_server_ctx(&gsscontext, &goid);-
1768-
1769 free(goid.elements);-
1770-
1771 sshbuf_reset(m);-
1772 if ((r = sshbuf_put_u32(m, major)) != 0)-
1773 fatal("%s: buffer error: %s", __func__, ssh_err(r));-
1774-
1775 mm_request_send(sock, MONITOR_ANS_GSSSETUP, m);-
1776-
1777 /* Now we have a context, enable the step */-
1778 monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 1);-
1779-
1780 return (0);-
1781}-
1782-
1783int-
1784mm_answer_gss_accept_ctx(int sock, struct sshbuf *m)-
1785{-
1786 gss_buffer_desc in;-
1787 gss_buffer_desc out = GSS_C_EMPTY_BUFFER;-
1788 OM_uint32 major, minor;-
1789 OM_uint32 flags = 0; /* GSI needs this */-
1790 int r;-
1791-
1792 if (!options.gss_authentication)-
1793 fatal("%s: GSSAPI authentication not enabled", __func__);-
1794-
1795 if ((r = ssh_gssapi_get_buffer_desc(m, &in)) != 0)-
1796 fatal("%s: buffer error: %s", __func__, ssh_err(r));-
1797 major = ssh_gssapi_accept_ctx(gsscontext, &in, &out, &flags);-
1798 free(in.value);-
1799-
1800 sshbuf_reset(m);-
1801 if ((r = sshbuf_put_u32(m, major)) != 0 ||-
1802 (r = sshbuf_put_string(m, out.value, out.length)) != 0 ||-
1803 (r = sshbuf_put_u32(m, flags)) != 0)-
1804 fatal("%s: buffer error: %s", __func__, ssh_err(r));-
1805 mm_request_send(sock, MONITOR_ANS_GSSSTEP, m);-
1806-
1807 gss_release_buffer(&minor, &out);-
1808-
1809 if (major == GSS_S_COMPLETE) {-
1810 monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 0);-
1811 monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1);-
1812 monitor_permit(mon_dispatch, MONITOR_REQ_GSSCHECKMIC, 1);-
1813 }-
1814 return (0);-
1815}-
1816-
1817int-
1818mm_answer_gss_checkmic(int sock, struct sshbuf *m)-
1819{-
1820 gss_buffer_desc gssbuf, mic;-
1821 OM_uint32 ret;-
1822 int r;-
1823-
1824 if (!options.gss_authentication)-
1825 fatal("%s: GSSAPI authentication not enabled", __func__);-
1826-
1827 if ((r = ssh_gssapi_get_buffer_desc(m, &gssbuf)) != 0 ||-
1828 (r = ssh_gssapi_get_buffer_desc(m, &mic)) != 0)-
1829 fatal("%s: buffer error: %s", __func__, ssh_err(r));-
1830-
1831 ret = ssh_gssapi_checkmic(gsscontext, &gssbuf, &mic);-
1832-
1833 free(gssbuf.value);-
1834 free(mic.value);-
1835-
1836 sshbuf_reset(m);-
1837 if ((r = sshbuf_put_u32(m, ret)) != 0)-
1838 fatal("%s: buffer error: %s", __func__, ssh_err(r));-
1839-
1840 mm_request_send(sock, MONITOR_ANS_GSSCHECKMIC, m);-
1841-
1842 if (!GSS_ERROR(ret))-
1843 monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1);-
1844-
1845 return (0);-
1846}-
1847-
1848int-
1849mm_answer_gss_userok(int sock, struct sshbuf *m)-
1850{-
1851 int r, authenticated;-
1852 const char *displayname;-
1853-
1854 if (!options.gss_authentication)-
1855 fatal("%s: GSSAPI authentication not enabled", __func__);-
1856-
1857 authenticated = authctxt->valid && ssh_gssapi_userok(authctxt->user);-
1858-
1859 sshbuf_reset(m);-
1860 if ((r = sshbuf_put_u32(m, authenticated)) != 0)-
1861 fatal("%s: buffer error: %s", __func__, ssh_err(r));-
1862-
1863 debug3("%s: sending result %d", __func__, authenticated);-
1864 mm_request_send(sock, MONITOR_ANS_GSSUSEROK, m);-
1865-
1866 auth_method = "gssapi-with-mic";-
1867-
1868 if ((displayname = ssh_gssapi_displayname()) != NULL)-
1869 auth2_record_info(authctxt, "%s", displayname);-
1870-
1871 /* Monitor loop will terminate if authenticated */-
1872 return (authenticated);-
1873}-
1874#endif /* GSSAPI */-
1875-
Source codeSwitch to Preprocessed file

Generated by Squish Coco 4.2.2