Line | Source | Count |
1 | | - |
2 | | - |
3 | | - |
4 | | - |
5 | | - |
6 | | - |
7 | | - |
8 | | - |
9 | | - |
10 | | - |
11 | | - |
12 | | - |
13 | | - |
14 | | - |
15 | | - |
16 | | - |
17 | | - |
18 | | - |
19 | | - |
20 | | - |
21 | | - |
22 | | - |
23 | | - |
24 | | - |
25 | | - |
26 | | - |
27 | | - |
28 | #include "includes.h" | - |
29 | | - |
30 | #include <sys/types.h> | - |
31 | #include <sys/uio.h> | - |
32 | | - |
33 | #include <errno.h> | - |
34 | #include <pwd.h> | - |
35 | #include <signal.h> | - |
36 | #include <stdarg.h> | - |
37 | #include <stdio.h> | - |
38 | #include <string.h> | - |
39 | #include <unistd.h> | - |
40 | | - |
41 | #ifdef WITH_OPENSSL | - |
42 | #include <openssl/bn.h> | - |
43 | #include <openssl/dh.h> | - |
44 | #include <openssl/evp.h> | - |
45 | #endif | - |
46 | | - |
47 | #include "openbsd-compat/sys-queue.h" | - |
48 | #include "xmalloc.h" | - |
49 | #include "ssh.h" | - |
50 | #ifdef WITH_OPENSSL | - |
51 | #include "dh.h" | - |
52 | #endif | - |
53 | #include "sshbuf.h" | - |
54 | #include "sshkey.h" | - |
55 | #include "cipher.h" | - |
56 | #include "kex.h" | - |
57 | #include "hostfile.h" | - |
58 | #include "auth.h" | - |
59 | #include "auth-options.h" | - |
60 | #include "packet.h" | - |
61 | #include "mac.h" | - |
62 | #include "log.h" | - |
63 | #include "auth-pam.h" | - |
64 | #include "monitor.h" | - |
65 | #ifdef GSSAPI | - |
66 | #include "ssh-gss.h" | - |
67 | #endif | - |
68 | #include "monitor_wrap.h" | - |
69 | #include "atomicio.h" | - |
70 | #include "monitor_fdpass.h" | - |
71 | #include "misc.h" | - |
72 | | - |
73 | #include "channels.h" | - |
74 | #include "session.h" | - |
75 | #include "servconf.h" | - |
76 | | - |
77 | #include "ssherr.h" | - |
78 | | - |
79 | | - |
80 | extern struct monitor *pmonitor; | - |
81 | extern struct sshbuf *loginmsg; | - |
82 | extern ServerOptions options; | - |
83 | | - |
84 | void | - |
85 | mm_log_handler(LogLevel level, const char *msg, void *ctx) | - |
86 | { | - |
87 | struct sshbuf *log_msg; | - |
88 | struct monitor *mon = (struct monitor *)ctx; | - |
89 | int r; | - |
90 | size_t len; | - |
91 | | - |
92 | if (mon->m_log_sendfd == -1)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
93 | fatal("%s: no log channel", __func__); never executed: fatal("%s: no log channel", __func__); | 0 |
94 | | - |
95 | if ((log_msg = sshbuf_new()) == NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
96 | fatal("%s: sshbuf_new failed", __func__); never executed: fatal("%s: sshbuf_new failed", __func__); | 0 |
97 | | - |
98 | if ((r = sshbuf_put_u32(log_msg, 0)) != 0 || TRUE | never evaluated | FALSE | never evaluated |
| 0 |
99 | (r = sshbuf_put_u32(log_msg, level)) != 0 ||TRUE | never evaluated | FALSE | never evaluated |
| 0 |
100 | (r = sshbuf_put_cstring(log_msg, msg)) != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
101 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r)); | 0 |
102 | if ((len = sshbuf_len(log_msg)) < 4 || len > 0xffffffff)TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
103 | fatal("%s: bad length %zu", __func__, len); never executed: fatal("%s: bad length %zu", __func__, len); | 0 |
104 | POKE_U32(sshbuf_mutable_ptr(log_msg), len - 4); | - |
105 | if (atomicio(vwrite, mon->m_log_sendfd,TRUE | never evaluated | FALSE | never evaluated |
| 0 |
106 | sshbuf_mutable_ptr(log_msg), len) != len)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
107 | fatal("%s: write: %s", __func__, strerror(errno)); never executed: fatal("%s: write: %s", __func__, strerror( (*__errno_location ()) )); | 0 |
108 | sshbuf_free(log_msg); | - |
109 | } never executed: end of block | 0 |
110 | | - |
111 | int | - |
112 | mm_is_monitor(void) | - |
113 | { | - |
114 | | - |
115 | | - |
116 | | - |
117 | | - |
118 | return (pmonitor && pmonitor->m_pid > 0); never executed: return (pmonitor && pmonitor->m_pid > 0); TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
119 | } | - |
120 | | - |
121 | void | - |
122 | mm_request_send(int sock, enum monitor_reqtype type, struct sshbuf *m) | - |
123 | { | - |
124 | size_t mlen = sshbuf_len(m); | - |
125 | u_char buf[5]; | - |
126 | | - |
127 | debug3("%s entering: type %d", __func__, type); | - |
128 | | - |
129 | if (mlen >= 0xffffffff)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
130 | fatal("%s: bad length %zu", __func__, mlen); never executed: fatal("%s: bad length %zu", __func__, mlen); | 0 |
131 | POKE_U32(buf, mlen + 1); | - |
132 | buf[4] = (u_char) type; | - |
133 | if (atomicio(vwrite, sock, buf, sizeof(buf)) != sizeof(buf))TRUE | never evaluated | FALSE | never evaluated |
| 0 |
134 | fatal("%s: write: %s", __func__, strerror(errno)); never executed: fatal("%s: write: %s", __func__, strerror( (*__errno_location ()) )); | 0 |
135 | if (atomicio(vwrite, sock, sshbuf_mutable_ptr(m), mlen) != mlen)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
136 | fatal("%s: write: %s", __func__, strerror(errno)); never executed: fatal("%s: write: %s", __func__, strerror( (*__errno_location ()) )); | 0 |
137 | } never executed: end of block | 0 |
138 | | - |
139 | void | - |
140 | mm_request_receive(int sock, struct sshbuf *m) | - |
141 | { | - |
142 | u_char buf[4], *p = NULL; | - |
143 | u_int msg_len; | - |
144 | int r; | - |
145 | | - |
146 | debug3("%s entering", __func__); | - |
147 | | - |
148 | if (atomicio(read, sock, buf, sizeof(buf)) != sizeof(buf)) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
149 | if (errno == EPIPE)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
150 | cleanup_exit(255); never executed: cleanup_exit(255); | 0 |
151 | fatal("%s: read: %s", __func__, strerror(errno)); | - |
152 | } never executed: end of block | 0 |
153 | msg_len = PEEK_U32(buf); | - |
154 | if (msg_len > 256 * 1024)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
155 | fatal("%s: read: bad msg_len %d", __func__, msg_len); never executed: fatal("%s: read: bad msg_len %d", __func__, msg_len); | 0 |
156 | sshbuf_reset(m); | - |
157 | if ((r = sshbuf_reserve(m, msg_len, &p)) != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
158 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r)); | 0 |
159 | if (atomicio(read, sock, p, msg_len) != msg_len)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
160 | fatal("%s: read: %s", __func__, strerror(errno)); never executed: fatal("%s: read: %s", __func__, strerror( (*__errno_location ()) )); | 0 |
161 | } never executed: end of block | 0 |
162 | | - |
163 | void | - |
164 | mm_request_receive_expect(int sock, enum monitor_reqtype type, struct sshbuf *m) | - |
165 | { | - |
166 | u_char rtype; | - |
167 | int r; | - |
168 | | - |
169 | debug3("%s entering: type %d", __func__, type); | - |
170 | | - |
171 | mm_request_receive(sock, m); | - |
172 | if ((r = sshbuf_get_u8(m, &rtype)) != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
173 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r)); | 0 |
174 | if (rtype != type)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
175 | fatal("%s: read: rtype %d != type %d", __func__, never executed: fatal("%s: read: rtype %d != type %d", __func__, rtype, type); | 0 |
176 | rtype, type); never executed: fatal("%s: read: rtype %d != type %d", __func__, rtype, type); | 0 |
177 | } never executed: end of block | 0 |
178 | | - |
179 | #ifdef WITH_OPENSSL | - |
180 | DH * | - |
181 | mm_choose_dh(int min, int nbits, int max) | - |
182 | { | - |
183 | BIGNUM *p, *g; | - |
184 | int r; | - |
185 | u_char success = 0; | - |
186 | struct sshbuf *m; | - |
187 | | - |
188 | if ((m = sshbuf_new()) == NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
189 | fatal("%s: sshbuf_new failed", __func__); never executed: fatal("%s: sshbuf_new failed", __func__); | 0 |
190 | if ((r = sshbuf_put_u32(m, min)) != 0 ||TRUE | never evaluated | FALSE | never evaluated |
| 0 |
191 | (r = sshbuf_put_u32(m, nbits)) != 0 ||TRUE | never evaluated | FALSE | never evaluated |
| 0 |
192 | (r = sshbuf_put_u32(m, max)) != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
193 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r)); | 0 |
194 | | - |
195 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_MODULI, m); | - |
196 | | - |
197 | debug3("%s: waiting for MONITOR_ANS_MODULI", __func__); | - |
198 | mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_MODULI, m); | - |
199 | | - |
200 | if ((r = sshbuf_get_u8(m, &success)) != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
201 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r)); | 0 |
202 | if (success == 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
203 | fatal("%s: MONITOR_ANS_MODULI failed", __func__); never executed: fatal("%s: MONITOR_ANS_MODULI failed", __func__); | 0 |
204 | | - |
205 | if ((p = BN_new()) == NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
206 | fatal("%s: BN_new failed", __func__); never executed: fatal("%s: BN_new failed", __func__); | 0 |
207 | if ((g = BN_new()) == NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
208 | fatal("%s: BN_new failed", __func__); never executed: fatal("%s: BN_new failed", __func__); | 0 |
209 | if ((r = sshbuf_get_bignum2(m, p)) != 0 ||TRUE | never evaluated | FALSE | never evaluated |
| 0 |
210 | (r = sshbuf_get_bignum2(m, g)) != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
211 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r)); | 0 |
212 | | - |
213 | debug3("%s: remaining %zu", __func__, sshbuf_len(m)); | - |
214 | sshbuf_free(m); | - |
215 | | - |
216 | return (dh_new_group(g, p)); never executed: return (dh_new_group(g, p)); | 0 |
217 | } | - |
218 | #endif | - |
219 | | - |
220 | int | - |
221 | mm_sshkey_sign(struct sshkey *key, u_char **sigp, size_t *lenp, | - |
222 | const u_char *data, size_t datalen, const char *hostkey_alg, u_int compat) | - |
223 | { | - |
224 | struct kex *kex = *pmonitor->m_pkex; | - |
225 | struct sshbuf *m; | - |
226 | u_int ndx = kex->host_key_index(key, 0, active_state); | - |
227 | int r; | - |
228 | | - |
229 | debug3("%s entering", __func__); | - |
230 | | - |
231 | if ((m = sshbuf_new()) == NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
232 | fatal("%s: sshbuf_new failed", __func__); never executed: fatal("%s: sshbuf_new failed", __func__); | 0 |
233 | if ((r = sshbuf_put_u32(m, ndx)) != 0 ||TRUE | never evaluated | FALSE | never evaluated |
| 0 |
234 | (r = sshbuf_put_string(m, data, datalen)) != 0 ||TRUE | never evaluated | FALSE | never evaluated |
| 0 |
235 | (r = sshbuf_put_cstring(m, hostkey_alg)) != 0 ||TRUE | never evaluated | FALSE | never evaluated |
| 0 |
236 | (r = sshbuf_put_u32(m, compat)) != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
237 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r)); | 0 |
238 | | - |
239 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SIGN, m); | - |
240 | | - |
241 | debug3("%s: waiting for MONITOR_ANS_SIGN", __func__); | - |
242 | mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_SIGN, m); | - |
243 | if ((r = sshbuf_get_string(m, sigp, lenp)) != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
244 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r)); | 0 |
245 | sshbuf_free(m); | - |
246 | | - |
247 | return (0); never executed: return (0); | 0 |
248 | } | - |
249 | | - |
250 | struct passwd * | - |
251 | mm_getpwnamallow(const char *username) | - |
252 | { | - |
253 | struct ssh *ssh = active_state; | - |
254 | struct sshbuf *m; | - |
255 | struct passwd *pw; | - |
256 | size_t len; | - |
257 | u_int i; | - |
258 | ServerOptions *newopts; | - |
259 | int r; | - |
260 | u_char ok; | - |
261 | const u_char *p; | - |
262 | | - |
263 | debug3("%s entering", __func__); | - |
264 | | - |
265 | if ((m = sshbuf_new()) == NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
266 | fatal("%s: sshbuf_new failed", __func__); never executed: fatal("%s: sshbuf_new failed", __func__); | 0 |
267 | if ((r = sshbuf_put_cstring(m, username)) != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
268 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r)); | 0 |
269 | | - |
270 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PWNAM, m); | - |
271 | | - |
272 | debug3("%s: waiting for MONITOR_ANS_PWNAM", __func__); | - |
273 | mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PWNAM, m); | - |
274 | | - |
275 | if ((r = sshbuf_get_u8(m, &ok)) != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
276 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r)); | 0 |
277 | if (ok == 0) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
278 | pw = NULL; | - |
279 | goto out; never executed: goto out; | 0 |
280 | } | - |
281 | | - |
282 | | - |
283 | pw = xcalloc(sizeof(*pw), 1); | - |
284 | if ((r = sshbuf_get_string_direct(m, &p, &len)) != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
285 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r)); | 0 |
286 | if (len != sizeof(*pw))TRUE | never evaluated | FALSE | never evaluated |
| 0 |
287 | fatal("%s: struct passwd size mismatch", __func__); never executed: fatal("%s: struct passwd size mismatch", __func__); | 0 |
288 | memcpy(pw, p, sizeof(*pw)); | - |
289 | | - |
290 | if ((r = sshbuf_get_cstring(m, &pw->pw_name, NULL)) != 0 ||TRUE | never evaluated | FALSE | never evaluated |
| 0 |
291 | (r = sshbuf_get_cstring(m, &pw->pw_passwd, NULL)) != 0 ||TRUE | never evaluated | FALSE | never evaluated |
| 0 |
292 | #ifdef HAVE_STRUCT_PASSWD_PW_GECOS | - |
293 | (r = sshbuf_get_cstring(m, &pw->pw_gecos, NULL)) != 0 ||TRUE | never evaluated | FALSE | never evaluated |
| 0 |
294 | #endif | - |
295 | #ifdef HAVE_STRUCT_PASSWD_PW_CLASS | - |
296 | (r = sshbuf_get_cstring(m, &pw->pw_class, NULL)) != 0 || | - |
297 | #endif | - |
298 | (r = sshbuf_get_cstring(m, &pw->pw_dir, NULL)) != 0 ||TRUE | never evaluated | FALSE | never evaluated |
| 0 |
299 | (r = sshbuf_get_cstring(m, &pw->pw_shell, NULL)) != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
300 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r)); | 0 |
301 | | - |
302 | out: code before this statement never executed: out: | 0 |
303 | | - |
304 | if ((r = sshbuf_get_string_direct(m, &p, &len)) != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
305 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r)); | 0 |
306 | if (len != sizeof(*newopts))TRUE | never evaluated | FALSE | never evaluated |
| 0 |
307 | fatal("%s: option block size mismatch", __func__); never executed: fatal("%s: option block size mismatch", __func__); | 0 |
308 | newopts = xcalloc(sizeof(*newopts), 1); | - |
309 | memcpy(newopts, p, sizeof(*newopts)); | - |
310 | | - |
311 | #define M_CP_STROPT(x) do { \ | - |
312 | if (newopts->x != NULL) { \ | - |
313 | if ((r = sshbuf_get_cstring(m, \ | - |
314 | &newopts->x, NULL)) != 0) \ | - |
315 | fatal("%s: buffer error: %s", \ | - |
316 | __func__, ssh_err(r)); \ | - |
317 | } \ | - |
318 | } while (0) | - |
319 | #define M_CP_STRARRAYOPT(x, nx) do { \ | - |
320 | newopts->x = newopts->nx == 0 ? \ | - |
321 | NULL : xcalloc(newopts->nx, sizeof(*newopts->x)); \ | - |
322 | for (i = 0; i < newopts->nx; i++) { \ | - |
323 | if ((r = sshbuf_get_cstring(m, \ | - |
324 | &newopts->x[i], NULL)) != 0) \ | - |
325 | fatal("%s: buffer error: %s", \ | - |
326 | __func__, ssh_err(r)); \ | - |
327 | } \ | - |
328 | } while (0) | - |
329 | | - |
330 | COPY_MATCH_STRING_OPTS(); never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r)); never executed: end of block never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r)); never executed: end of block never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r)); never executed: end of block never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r)); never executed: end of block never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r)); never executed: end of block never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r)); never executed: end of block never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r)); never executed: end of block never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r)); never executed: end of block never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r)); never executed: end of block never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r)); never executed: end of block never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r)); never executed: end of block never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r)); never executed: end of block never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r)); never executed: end of block never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r)); never executed: end of block never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r)); never executed: end of block never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r)); never executed: end of block never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r)); never executed: end of block never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r)); never executed: end of block never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r)); never executed: end of block never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r)); never executed: end of block never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r)); never executed: end of block never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r)); never executed: end of block TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
331 | #undef M_CP_STROPT | - |
332 | #undef M_CP_STRARRAYOPT | - |
333 | | - |
334 | copy_set_server_options(&options, newopts, 1); | - |
335 | log_change_level(options.log_level); | - |
336 | process_permitopen(ssh, &options); | - |
337 | free(newopts); | - |
338 | | - |
339 | sshbuf_free(m); | - |
340 | | - |
341 | return (pw); never executed: return (pw); | 0 |
342 | } | - |
343 | | - |
344 | char * | - |
345 | mm_auth2_read_banner(void) | - |
346 | { | - |
347 | struct sshbuf *m; | - |
348 | char *banner; | - |
349 | int r; | - |
350 | | - |
351 | debug3("%s entering", __func__); | - |
352 | | - |
353 | if ((m = sshbuf_new()) == NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
354 | fatal("%s: sshbuf_new failed", __func__); never executed: fatal("%s: sshbuf_new failed", __func__); | 0 |
355 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTH2_READ_BANNER, m); | - |
356 | sshbuf_reset(m); | - |
357 | | - |
358 | mm_request_receive_expect(pmonitor->m_recvfd, | - |
359 | MONITOR_ANS_AUTH2_READ_BANNER, m); | - |
360 | if ((r = sshbuf_get_cstring(m, &banner, NULL)) != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
361 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r)); | 0 |
362 | sshbuf_free(m); | - |
363 | | - |
364 | | - |
365 | if (strlen(banner) == 0) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
366 | free(banner); | - |
367 | banner = NULL; | - |
368 | } never executed: end of block | 0 |
369 | return (banner); never executed: return (banner); | 0 |
370 | } | - |
371 | | - |
372 | | - |
373 | | - |
374 | void | - |
375 | mm_inform_authserv(char *service, char *style) | - |
376 | { | - |
377 | struct sshbuf *m; | - |
378 | int r; | - |
379 | | - |
380 | debug3("%s entering", __func__); | - |
381 | | - |
382 | if ((m = sshbuf_new()) == NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
383 | fatal("%s: sshbuf_new failed", __func__); never executed: fatal("%s: sshbuf_new failed", __func__); | 0 |
384 | if ((r = sshbuf_put_cstring(m, service)) != 0 ||TRUE | never evaluated | FALSE | never evaluated |
| 0 |
385 | (r = sshbuf_put_cstring(m, style ? style : "")) != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
386 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r)); | 0 |
387 | | - |
388 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHSERV, m); | - |
389 | | - |
390 | sshbuf_free(m); | - |
391 | } never executed: end of block | 0 |
392 | | - |
393 | | - |
394 | int | - |
395 | mm_auth_password(struct ssh *ssh, char *password) | - |
396 | { | - |
397 | struct sshbuf *m; | - |
398 | int r, authenticated = 0; | - |
399 | #ifdef USE_PAM | - |
400 | u_int maxtries = 0; | - |
401 | #endif | - |
402 | | - |
403 | debug3("%s entering", __func__); | - |
404 | | - |
405 | if ((m = sshbuf_new()) == NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
406 | fatal("%s: sshbuf_new failed", __func__); never executed: fatal("%s: sshbuf_new failed", __func__); | 0 |
407 | if ((r = sshbuf_put_cstring(m, password)) != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
408 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r)); | 0 |
409 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHPASSWORD, m); | - |
410 | | - |
411 | debug3("%s: waiting for MONITOR_ANS_AUTHPASSWORD", __func__); | - |
412 | mm_request_receive_expect(pmonitor->m_recvfd, | - |
413 | MONITOR_ANS_AUTHPASSWORD, m); | - |
414 | | - |
415 | if ((r = sshbuf_get_u32(m, &authenticated)) != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
416 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r)); | 0 |
417 | #ifdef USE_PAM | - |
418 | if ((r = sshbuf_get_u32(m, &maxtries)) != 0) | - |
419 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | - |
420 | if (maxtries > INT_MAX) | - |
421 | fatal("%s: bad maxtries %u", __func__, maxtries); | - |
422 | sshpam_set_maxtries_reached(maxtries); | - |
423 | #endif | - |
424 | | - |
425 | sshbuf_free(m); | - |
426 | | - |
427 | debug3("%s: user %sauthenticated", | - |
428 | __func__, authenticated ? "" : "not "); | - |
429 | return (authenticated); never executed: return (authenticated); | 0 |
430 | } | - |
431 | | - |
432 | int | - |
433 | mm_user_key_allowed(struct ssh *ssh, struct passwd *pw, struct sshkey *key, | - |
434 | int pubkey_auth_attempt, struct sshauthopt **authoptp) | - |
435 | { | - |
436 | return (mm_key_allowed(MM_USERKEY, NULL, NULL, key, never executed: return (mm_key_allowed(MM_USERKEY, ((void *)0) , ((void *)0) , key, pubkey_auth_attempt, authoptp)); | 0 |
437 | pubkey_auth_attempt, authoptp)); never executed: return (mm_key_allowed(MM_USERKEY, ((void *)0) , ((void *)0) , key, pubkey_auth_attempt, authoptp)); | 0 |
438 | } | - |
439 | | - |
440 | int | - |
441 | mm_hostbased_key_allowed(struct passwd *pw, const char *user, const char *host, | - |
442 | struct sshkey *key) | - |
443 | { | - |
444 | return (mm_key_allowed(MM_HOSTKEY, user, host, key, 0, NULL)); never executed: return (mm_key_allowed(MM_HOSTKEY, user, host, key, 0, ((void *)0) )); | 0 |
445 | } | - |
446 | | - |
447 | int | - |
448 | mm_key_allowed(enum mm_keytype type, const char *user, const char *host, | - |
449 | struct sshkey *key, int pubkey_auth_attempt, struct sshauthopt **authoptp) | - |
450 | { | - |
451 | struct sshbuf *m; | - |
452 | int r, allowed = 0; | - |
453 | struct sshauthopt *opts = NULL; | - |
454 | | - |
455 | debug3("%s entering", __func__); | - |
456 | | - |
457 | if (authoptp != NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
458 | *authoptp = NULL; never executed: *authoptp = ((void *)0) ; | 0 |
459 | | - |
460 | if ((m = sshbuf_new()) == NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
461 | fatal("%s: sshbuf_new failed", __func__); never executed: fatal("%s: sshbuf_new failed", __func__); | 0 |
462 | if ((r = sshbuf_put_u32(m, type)) != 0 ||TRUE | never evaluated | FALSE | never evaluated |
| 0 |
463 | (r = sshbuf_put_cstring(m, user ? user : "")) != 0 ||TRUE | never evaluated | FALSE | never evaluated |
| 0 |
464 | (r = sshbuf_put_cstring(m, host ? host : "")) != 0 ||TRUE | never evaluated | FALSE | never evaluated |
| 0 |
465 | (r = sshkey_puts(key, m)) != 0 ||TRUE | never evaluated | FALSE | never evaluated |
| 0 |
466 | (r = sshbuf_put_u32(m, pubkey_auth_attempt)) != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
467 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r)); | 0 |
468 | | - |
469 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYALLOWED, m); | - |
470 | | - |
471 | debug3("%s: waiting for MONITOR_ANS_KEYALLOWED", __func__); | - |
472 | mm_request_receive_expect(pmonitor->m_recvfd, | - |
473 | MONITOR_ANS_KEYALLOWED, m); | - |
474 | | - |
475 | if ((r = sshbuf_get_u32(m, &allowed)) != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
476 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r)); | 0 |
477 | if (allowed && type == MM_USERKEY) {TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
478 | if ((r = sshauthopt_deserialise(m, &opts)) != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
479 | fatal("%s: sshauthopt_deserialise: %s", never executed: fatal("%s: sshauthopt_deserialise: %s", __func__, ssh_err(r)); | 0 |
480 | __func__, ssh_err(r)); never executed: fatal("%s: sshauthopt_deserialise: %s", __func__, ssh_err(r)); | 0 |
481 | } never executed: end of block | 0 |
482 | sshbuf_free(m); | - |
483 | | - |
484 | if (authoptp != NULL) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
485 | *authoptp = opts; | - |
486 | opts = NULL; | - |
487 | } never executed: end of block | 0 |
488 | sshauthopt_free(opts); | - |
489 | | - |
490 | return allowed; never executed: return allowed; | 0 |
491 | } | - |
492 | | - |
493 | | - |
494 | | - |
495 | | - |
496 | | - |
497 | | - |
498 | | - |
499 | int | - |
500 | mm_sshkey_verify(const struct sshkey *key, const u_char *sig, size_t siglen, | - |
501 | const u_char *data, size_t datalen, const char *sigalg, u_int compat) | - |
502 | { | - |
503 | struct sshbuf *m; | - |
504 | u_int encoded_ret = 0; | - |
505 | int r; | - |
506 | | - |
507 | debug3("%s entering", __func__); | - |
508 | | - |
509 | | - |
510 | if ((m = sshbuf_new()) == NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
511 | fatal("%s: sshbuf_new failed", __func__); never executed: fatal("%s: sshbuf_new failed", __func__); | 0 |
512 | if ((r = sshkey_puts(key, m)) != 0 ||TRUE | never evaluated | FALSE | never evaluated |
| 0 |
513 | (r = sshbuf_put_string(m, sig, siglen)) != 0 ||TRUE | never evaluated | FALSE | never evaluated |
| 0 |
514 | (r = sshbuf_put_string(m, data, datalen)) != 0 ||TRUE | never evaluated | FALSE | never evaluated |
| 0 |
515 | (r = sshbuf_put_cstring(m, sigalg == NULL ? "" : sigalg)) != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
516 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r)); | 0 |
517 | | - |
518 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYVERIFY, m); | - |
519 | | - |
520 | debug3("%s: waiting for MONITOR_ANS_KEYVERIFY", __func__); | - |
521 | mm_request_receive_expect(pmonitor->m_recvfd, | - |
522 | MONITOR_ANS_KEYVERIFY, m); | - |
523 | | - |
524 | if ((r = sshbuf_get_u32(m, &encoded_ret)) != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
525 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r)); | 0 |
526 | | - |
527 | sshbuf_free(m); | - |
528 | | - |
529 | if (encoded_ret != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
530 | return SSH_ERR_SIGNATURE_INVALID; never executed: return -21; | 0 |
531 | return 0; never executed: return 0; | 0 |
532 | } | - |
533 | | - |
534 | void | - |
535 | mm_send_keystate(struct monitor *monitor) | - |
536 | { | - |
537 | struct ssh *ssh = active_state; | - |
538 | struct sshbuf *m; | - |
539 | int r; | - |
540 | | - |
541 | if ((m = sshbuf_new()) == NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
542 | fatal("%s: sshbuf_new failed", __func__); never executed: fatal("%s: sshbuf_new failed", __func__); | 0 |
543 | if ((r = ssh_packet_get_state(ssh, m)) != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
544 | fatal("%s: get_state failed: %s", never executed: fatal("%s: get_state failed: %s", __func__, ssh_err(r)); | 0 |
545 | __func__, ssh_err(r)); never executed: fatal("%s: get_state failed: %s", __func__, ssh_err(r)); | 0 |
546 | mm_request_send(monitor->m_recvfd, MONITOR_REQ_KEYEXPORT, m); | - |
547 | debug3("%s: Finished sending state", __func__); | - |
548 | sshbuf_free(m); | - |
549 | } never executed: end of block | 0 |
550 | | - |
551 | int | - |
552 | mm_pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, size_t namebuflen) | - |
553 | { | - |
554 | struct sshbuf *m; | - |
555 | char *p, *msg; | - |
556 | int success = 0, tmp1 = -1, tmp2 = -1, r; | - |
557 | | - |
558 | | - |
559 | if ((tmp1 = dup(pmonitor->m_recvfd)) == -1 ||TRUE | never evaluated | FALSE | never evaluated |
| 0 |
560 | (tmp2 = dup(pmonitor->m_recvfd)) == -1) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
561 | error("%s: cannot allocate fds for pty", __func__); | - |
562 | if (tmp1 > 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
563 | close(tmp1); never executed: close(tmp1); | 0 |
564 | if (tmp2 > 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
565 | close(tmp2); never executed: close(tmp2); | 0 |
566 | return 0; never executed: return 0; | 0 |
567 | } | - |
568 | close(tmp1); | - |
569 | close(tmp2); | - |
570 | | - |
571 | if ((m = sshbuf_new()) == NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
572 | fatal("%s: sshbuf_new failed", __func__); never executed: fatal("%s: sshbuf_new failed", __func__); | 0 |
573 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PTY, m); | - |
574 | | - |
575 | debug3("%s: waiting for MONITOR_ANS_PTY", __func__); | - |
576 | mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PTY, m); | - |
577 | | - |
578 | if ((r = sshbuf_get_u32(m, &success)) != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
579 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r)); | 0 |
580 | if (success == 0) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
581 | debug3("%s: pty alloc failed", __func__); | - |
582 | sshbuf_free(m); | - |
583 | return (0); never executed: return (0); | 0 |
584 | } | - |
585 | if ((r = sshbuf_get_cstring(m, &p, NULL)) != 0 ||TRUE | never evaluated | FALSE | never evaluated |
| 0 |
586 | (r = sshbuf_get_cstring(m, &msg, NULL)) != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
587 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r)); | 0 |
588 | sshbuf_free(m); | - |
589 | | - |
590 | strlcpy(namebuf, p, namebuflen); | - |
591 | free(p); | - |
592 | | - |
593 | if ((r = sshbuf_put(loginmsg, msg, strlen(msg))) != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
594 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r)); | 0 |
595 | free(msg); | - |
596 | | - |
597 | if ((*ptyfd = mm_receive_fd(pmonitor->m_recvfd)) == -1 ||TRUE | never evaluated | FALSE | never evaluated |
| 0 |
598 | (*ttyfd = mm_receive_fd(pmonitor->m_recvfd)) == -1)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
599 | fatal("%s: receive fds failed", __func__); never executed: fatal("%s: receive fds failed", __func__); | 0 |
600 | | - |
601 | | - |
602 | return (1); never executed: return (1); | 0 |
603 | } | - |
604 | | - |
605 | void | - |
606 | mm_session_pty_cleanup2(Session *s) | - |
607 | { | - |
608 | struct sshbuf *m; | - |
609 | int r; | - |
610 | | - |
611 | if (s->ttyfd == -1)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
612 | return; never executed: return; | 0 |
613 | if ((m = sshbuf_new()) == NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
614 | fatal("%s: sshbuf_new failed", __func__); never executed: fatal("%s: sshbuf_new failed", __func__); | 0 |
615 | if ((r = sshbuf_put_cstring(m, s->tty)) != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
616 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r)); | 0 |
617 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PTYCLEANUP, m); | - |
618 | sshbuf_free(m); | - |
619 | | - |
620 | | - |
621 | if (s->ptymaster != -1 && close(s->ptymaster) < 0)TRUE | never evaluated | FALSE | never evaluated |
TRUE | never evaluated | FALSE | never evaluated |
| 0 |
622 | error("close(s->ptymaster/%d): %s", never executed: error("close(s->ptymaster/%d): %s", s->ptymaster, strerror( (*__errno_location ()) )); | 0 |
623 | s->ptymaster, strerror(errno)); never executed: error("close(s->ptymaster/%d): %s", s->ptymaster, strerror( (*__errno_location ()) )); | 0 |
624 | | - |
625 | | - |
626 | s->ttyfd = -1; | - |
627 | } never executed: end of block | 0 |
628 | | - |
629 | #ifdef USE_PAM | - |
630 | void | - |
631 | mm_start_pam(Authctxt *authctxt) | - |
632 | { | - |
633 | struct sshbuf *m; | - |
634 | | - |
635 | debug3("%s entering", __func__); | - |
636 | if (!options.use_pam) | - |
637 | fatal("UsePAM=no, but ended up in %s anyway", __func__); | - |
638 | if ((m = sshbuf_new()) == NULL) | - |
639 | fatal("%s: sshbuf_new failed", __func__); | - |
640 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_START, m); | - |
641 | | - |
642 | sshbuf_free(m); | - |
643 | } | - |
644 | | - |
645 | u_int | - |
646 | mm_do_pam_account(void) | - |
647 | { | - |
648 | struct sshbuf *m; | - |
649 | u_int ret; | - |
650 | char *msg; | - |
651 | size_t msglen; | - |
652 | int r; | - |
653 | | - |
654 | debug3("%s entering", __func__); | - |
655 | if (!options.use_pam) | - |
656 | fatal("UsePAM=no, but ended up in %s anyway", __func__); | - |
657 | | - |
658 | if ((m = sshbuf_new()) == NULL) | - |
659 | fatal("%s: sshbuf_new failed", __func__); | - |
660 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_ACCOUNT, m); | - |
661 | | - |
662 | mm_request_receive_expect(pmonitor->m_recvfd, | - |
663 | MONITOR_ANS_PAM_ACCOUNT, m); | - |
664 | if ((r = sshbuf_get_u32(m, &ret)) != 0 || | - |
665 | (r = sshbuf_get_cstring(m, &msg, &msglen)) != 0 || | - |
666 | (r = sshbuf_put(loginmsg, msg, msglen)) != 0) | - |
667 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | - |
668 | | - |
669 | free(msg); | - |
670 | sshbuf_free(m); | - |
671 | | - |
672 | debug3("%s returning %d", __func__, ret); | - |
673 | | - |
674 | return (ret); | - |
675 | } | - |
676 | | - |
677 | void * | - |
678 | mm_sshpam_init_ctx(Authctxt *authctxt) | - |
679 | { | - |
680 | struct sshbuf *m; | - |
681 | int r, success; | - |
682 | | - |
683 | debug3("%s", __func__); | - |
684 | if ((m = sshbuf_new()) == NULL) | - |
685 | fatal("%s: sshbuf_new failed", __func__); | - |
686 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_INIT_CTX, m); | - |
687 | debug3("%s: waiting for MONITOR_ANS_PAM_INIT_CTX", __func__); | - |
688 | mm_request_receive_expect(pmonitor->m_recvfd, | - |
689 | MONITOR_ANS_PAM_INIT_CTX, m); | - |
690 | if ((r = sshbuf_get_u32(m, &success)) != 0) | - |
691 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | - |
692 | if (success == 0) { | - |
693 | debug3("%s: pam_init_ctx failed", __func__); | - |
694 | sshbuf_free(m); | - |
695 | return (NULL); | - |
696 | } | - |
697 | sshbuf_free(m); | - |
698 | return (authctxt); | - |
699 | } | - |
700 | | - |
701 | int | - |
702 | mm_sshpam_query(void *ctx, char **name, char **info, | - |
703 | u_int *num, char ***prompts, u_int **echo_on) | - |
704 | { | - |
705 | struct sshbuf *m; | - |
706 | u_int i, n; | - |
707 | int r, ret; | - |
708 | | - |
709 | debug3("%s", __func__); | - |
710 | if ((m = sshbuf_new()) == NULL) | - |
711 | fatal("%s: sshbuf_new failed", __func__); | - |
712 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_QUERY, m); | - |
713 | debug3("%s: waiting for MONITOR_ANS_PAM_QUERY", __func__); | - |
714 | mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_QUERY, m); | - |
715 | if ((r = sshbuf_get_u32(m, &ret)) != 0 || | - |
716 | (r = sshbuf_get_cstring(m, name, NULL)) != 0 || | - |
717 | (r = sshbuf_get_cstring(m, info, NULL)) != 0 || | - |
718 | (r = sshbuf_get_u32(m, &n)) != 0 || | - |
719 | (r = sshbuf_get_u32(m, num)) != 0) | - |
720 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | - |
721 | debug3("%s: pam_query returned %d", __func__, ret); | - |
722 | sshpam_set_maxtries_reached(n); | - |
723 | if (*num > PAM_MAX_NUM_MSG) | - |
724 | fatal("%s: received %u PAM messages, expected <= %u", | - |
725 | __func__, *num, PAM_MAX_NUM_MSG); | - |
726 | *prompts = xcalloc((*num + 1), sizeof(char *)); | - |
727 | *echo_on = xcalloc((*num + 1), sizeof(u_int)); | - |
728 | for (i = 0; i < *num; ++i) { | - |
729 | if ((r = sshbuf_get_cstring(m, &((*prompts)[i]), NULL)) != 0 || | - |
730 | (r = sshbuf_get_u32(m, &((*echo_on)[i]))) != 0) | - |
731 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | - |
732 | } | - |
733 | sshbuf_free(m); | - |
734 | return (ret); | - |
735 | } | - |
736 | | - |
737 | int | - |
738 | mm_sshpam_respond(void *ctx, u_int num, char **resp) | - |
739 | { | - |
740 | struct sshbuf *m; | - |
741 | u_int n, i; | - |
742 | int r, ret; | - |
743 | | - |
744 | debug3("%s", __func__); | - |
745 | if ((m = sshbuf_new()) == NULL) | - |
746 | fatal("%s: sshbuf_new failed", __func__); | - |
747 | if ((r = sshbuf_put_u32(m, num)) != 0) | - |
748 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | - |
749 | for (i = 0; i < num; ++i) { | - |
750 | if ((r = sshbuf_put_cstring(m, resp[i])) != 0) | - |
751 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | - |
752 | } | - |
753 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_RESPOND, m); | - |
754 | debug3("%s: waiting for MONITOR_ANS_PAM_RESPOND", __func__); | - |
755 | mm_request_receive_expect(pmonitor->m_recvfd, | - |
756 | MONITOR_ANS_PAM_RESPOND, m); | - |
757 | if ((r = sshbuf_get_u32(m, &n)) != 0) | - |
758 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | - |
759 | ret = (int)n; | - |
760 | debug3("%s: pam_respond returned %d", __func__, ret); | - |
761 | sshbuf_free(m); | - |
762 | return (ret); | - |
763 | } | - |
764 | | - |
765 | void | - |
766 | mm_sshpam_free_ctx(void *ctxtp) | - |
767 | { | - |
768 | struct sshbuf *m; | - |
769 | | - |
770 | debug3("%s", __func__); | - |
771 | if ((m = sshbuf_new()) == NULL) | - |
772 | fatal("%s: sshbuf_new failed", __func__); | - |
773 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_FREE_CTX, m); | - |
774 | debug3("%s: waiting for MONITOR_ANS_PAM_FREE_CTX", __func__); | - |
775 | mm_request_receive_expect(pmonitor->m_recvfd, | - |
776 | MONITOR_ANS_PAM_FREE_CTX, m); | - |
777 | sshbuf_free(m); | - |
778 | } | - |
779 | #endif /* USE_PAM */ | - |
780 | | - |
781 | | - |
782 | | - |
783 | void | - |
784 | mm_terminate(void) | - |
785 | { | - |
786 | struct sshbuf *m; | - |
787 | | - |
788 | if ((m = sshbuf_new()) == NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
789 | fatal("%s: sshbuf_new failed", __func__); never executed: fatal("%s: sshbuf_new failed", __func__); | 0 |
790 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_TERM, m); | - |
791 | sshbuf_free(m); | - |
792 | } never executed: end of block | 0 |
793 | | - |
794 | static void | - |
795 | mm_chall_setup(char **name, char **infotxt, u_int *numprompts, | - |
796 | char ***prompts, u_int **echo_on) | - |
797 | { | - |
798 | *name = xstrdup(""); | - |
799 | *infotxt = xstrdup(""); | - |
800 | *numprompts = 1; | - |
801 | *prompts = xcalloc(*numprompts, sizeof(char *)); | - |
802 | *echo_on = xcalloc(*numprompts, sizeof(u_int)); | - |
803 | (*echo_on)[0] = 0; | - |
804 | } never executed: end of block | 0 |
805 | | - |
806 | int | - |
807 | mm_bsdauth_query(void *ctx, char **name, char **infotxt, | - |
808 | u_int *numprompts, char ***prompts, u_int **echo_on) | - |
809 | { | - |
810 | struct sshbuf *m; | - |
811 | u_int success; | - |
812 | char *challenge; | - |
813 | int r; | - |
814 | | - |
815 | debug3("%s: entering", __func__); | - |
816 | | - |
817 | if ((m = sshbuf_new()) == NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
818 | fatal("%s: sshbuf_new failed", __func__); never executed: fatal("%s: sshbuf_new failed", __func__); | 0 |
819 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_BSDAUTHQUERY, m); | - |
820 | | - |
821 | mm_request_receive_expect(pmonitor->m_recvfd, | - |
822 | MONITOR_ANS_BSDAUTHQUERY, m); | - |
823 | if ((r = sshbuf_get_u32(m, &success)) != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
824 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r)); | 0 |
825 | if (success == 0) {TRUE | never evaluated | FALSE | never evaluated |
| 0 |
826 | debug3("%s: no challenge", __func__); | - |
827 | sshbuf_free(m); | - |
828 | return (-1); never executed: return (-1); | 0 |
829 | } | - |
830 | | - |
831 | | - |
832 | if ((r = sshbuf_get_cstring(m, &challenge, NULL)) != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
833 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r)); | 0 |
834 | sshbuf_free(m); | - |
835 | | - |
836 | mm_chall_setup(name, infotxt, numprompts, prompts, echo_on); | - |
837 | (*prompts)[0] = challenge; | - |
838 | | - |
839 | debug3("%s: received challenge: %s", __func__, challenge); | - |
840 | | - |
841 | return (0); never executed: return (0); | 0 |
842 | } | - |
843 | | - |
844 | int | - |
845 | mm_bsdauth_respond(void *ctx, u_int numresponses, char **responses) | - |
846 | { | - |
847 | struct sshbuf *m; | - |
848 | int r, authok; | - |
849 | | - |
850 | debug3("%s: entering", __func__); | - |
851 | if (numresponses != 1)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
852 | return (-1); never executed: return (-1); | 0 |
853 | | - |
854 | if ((m = sshbuf_new()) == NULL)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
855 | fatal("%s: sshbuf_new failed", __func__); never executed: fatal("%s: sshbuf_new failed", __func__); | 0 |
856 | if ((r = sshbuf_put_cstring(m, responses[0])) != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
857 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r)); | 0 |
858 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_BSDAUTHRESPOND, m); | - |
859 | | - |
860 | mm_request_receive_expect(pmonitor->m_recvfd, | - |
861 | MONITOR_ANS_BSDAUTHRESPOND, m); | - |
862 | | - |
863 | if ((r = sshbuf_get_u32(m, &authok)) != 0)TRUE | never evaluated | FALSE | never evaluated |
| 0 |
864 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r)); | 0 |
865 | sshbuf_free(m); | - |
866 | | - |
867 | return ((authok == 0) ? -1 : 0); never executed: return ((authok == 0) ? -1 : 0); TRUE | never evaluated | FALSE | never evaluated |
| 0 |
868 | } | - |
869 | | - |
870 | #ifdef SSH_AUDIT_EVENTS | - |
871 | void | - |
872 | mm_audit_event(ssh_audit_event_t event) | - |
873 | { | - |
874 | struct sshbuf *m; | - |
875 | int r; | - |
876 | | - |
877 | debug3("%s entering", __func__); | - |
878 | | - |
879 | if ((m = sshbuf_new()) == NULL) | - |
880 | fatal("%s: sshbuf_new failed", __func__); | - |
881 | if ((r = sshbuf_put_u32(m, event)) != 0) | - |
882 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | - |
883 | | - |
884 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_EVENT, m); | - |
885 | sshbuf_free(m); | - |
886 | } | - |
887 | | - |
888 | void | - |
889 | mm_audit_run_command(const char *command) | - |
890 | { | - |
891 | struct sshbuf *m; | - |
892 | int r; | - |
893 | | - |
894 | debug3("%s entering command %s", __func__, command); | - |
895 | | - |
896 | if ((m = sshbuf_new()) == NULL) | - |
897 | fatal("%s: sshbuf_new failed", __func__); | - |
898 | if ((r = sshbuf_put_cstring(m, command)) != 0) | - |
899 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | - |
900 | | - |
901 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_COMMAND, m); | - |
902 | sshbuf_free(m); | - |
903 | } | - |
904 | #endif /* SSH_AUDIT_EVENTS */ | - |
905 | | - |
906 | #ifdef GSSAPI | - |
907 | OM_uint32 | - |
908 | mm_ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID goid) | - |
909 | { | - |
910 | struct sshbuf *m; | - |
911 | OM_uint32 major; | - |
912 | int r; | - |
913 | | - |
914 | | - |
915 | *ctx = NULL; | - |
916 | | - |
917 | if ((m = sshbuf_new()) == NULL) | - |
918 | fatal("%s: sshbuf_new failed", __func__); | - |
919 | if ((r = sshbuf_put_string(m, goid->elements, goid->length)) != 0) | - |
920 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | - |
921 | | - |
922 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSETUP, m); | - |
923 | mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSETUP, m); | - |
924 | | - |
925 | if ((r = sshbuf_get_u32(m, &major)) != 0) | - |
926 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | - |
927 | | - |
928 | sshbuf_free(m); | - |
929 | return (major); | - |
930 | } | - |
931 | | - |
932 | OM_uint32 | - |
933 | mm_ssh_gssapi_accept_ctx(Gssctxt *ctx, gss_buffer_desc *in, | - |
934 | gss_buffer_desc *out, OM_uint32 *flagsp) | - |
935 | { | - |
936 | struct sshbuf *m; | - |
937 | OM_uint32 major; | - |
938 | u_int flags; | - |
939 | int r; | - |
940 | | - |
941 | if ((m = sshbuf_new()) == NULL) | - |
942 | fatal("%s: sshbuf_new failed", __func__); | - |
943 | if ((r = sshbuf_put_string(m, in->value, in->length)) != 0) | - |
944 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | - |
945 | | - |
946 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSTEP, m); | - |
947 | mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSTEP, m); | - |
948 | | - |
949 | if ((r = sshbuf_get_u32(m, &major)) != 0 || | - |
950 | (r = ssh_gssapi_get_buffer_desc(m, out)) != 0) | - |
951 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | - |
952 | if (flagsp != NULL) { | - |
953 | if ((r = sshbuf_get_u32(m, &flags)) != 0) | - |
954 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | - |
955 | *flagsp = flags; | - |
956 | } | - |
957 | | - |
958 | sshbuf_free(m); | - |
959 | | - |
960 | return (major); | - |
961 | } | - |
962 | | - |
963 | OM_uint32 | - |
964 | mm_ssh_gssapi_checkmic(Gssctxt *ctx, gss_buffer_t gssbuf, gss_buffer_t gssmic) | - |
965 | { | - |
966 | struct sshbuf *m; | - |
967 | OM_uint32 major; | - |
968 | int r; | - |
969 | | - |
970 | if ((m = sshbuf_new()) == NULL) | - |
971 | fatal("%s: sshbuf_new failed", __func__); | - |
972 | if ((r = sshbuf_put_string(m, gssbuf->value, gssbuf->length)) != 0 || | - |
973 | (r = sshbuf_put_string(m, gssmic->value, gssmic->length)) != 0) | - |
974 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | - |
975 | | - |
976 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSCHECKMIC, m); | - |
977 | mm_request_receive_expect(pmonitor->m_recvfd, | - |
978 | MONITOR_ANS_GSSCHECKMIC, m); | - |
979 | | - |
980 | if ((r = sshbuf_get_u32(m, &major)) != 0) | - |
981 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | - |
982 | sshbuf_free(m); | - |
983 | return(major); | - |
984 | } | - |
985 | | - |
986 | int | - |
987 | mm_ssh_gssapi_userok(char *user) | - |
988 | { | - |
989 | struct sshbuf *m; | - |
990 | int r, authenticated = 0; | - |
991 | | - |
992 | if ((m = sshbuf_new()) == NULL) | - |
993 | fatal("%s: sshbuf_new failed", __func__); | - |
994 | | - |
995 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSUSEROK, m); | - |
996 | mm_request_receive_expect(pmonitor->m_recvfd, | - |
997 | MONITOR_ANS_GSSUSEROK, m); | - |
998 | | - |
999 | if ((r = sshbuf_get_u32(m, &authenticated)) != 0) | - |
1000 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | - |
1001 | | - |
1002 | sshbuf_free(m); | - |
1003 | debug3("%s: user %sauthenticated",__func__, authenticated ? "" : "not "); | - |
1004 | return (authenticated); | - |
1005 | } | - |
1006 | #endif /* GSSAPI */ | - |
| | |