monitor_wrap.c 32 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175
  1. /* $OpenBSD: monitor_wrap.c,v 1.118 2020/08/27 01:06:18 djm Exp $ */
  2. /*
  3. * Copyright 2002 Niels Provos <provos@citi.umich.edu>
  4. * Copyright 2002 Markus Friedl <markus@openbsd.org>
  5. * All rights reserved.
  6. *
  7. * Redistribution and use in source and binary forms, with or without
  8. * modification, are permitted provided that the following conditions
  9. * are met:
  10. * 1. Redistributions of source code must retain the above copyright
  11. * notice, this list of conditions and the following disclaimer.
  12. * 2. Redistributions in binary form must reproduce the above copyright
  13. * notice, this list of conditions and the following disclaimer in the
  14. * documentation and/or other materials provided with the distribution.
  15. *
  16. * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
  17. * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
  18. * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
  19. * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
  20. * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  21. * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  22. * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  23. * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  24. * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  25. * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  26. */
  27. #include "includes.h"
  28. #include <sys/types.h>
  29. #include <sys/uio.h>
  30. #include <errno.h>
  31. #include <pwd.h>
  32. #include <signal.h>
  33. #include <stdarg.h>
  34. #include <stdio.h>
  35. #include <string.h>
  36. #include <unistd.h>
  37. #ifdef WITH_OPENSSL
  38. #include <openssl/bn.h>
  39. #include <openssl/dh.h>
  40. #include <openssl/evp.h>
  41. #endif
  42. #include "openbsd-compat/sys-queue.h"
  43. #include "xmalloc.h"
  44. #include "ssh.h"
  45. #ifdef WITH_OPENSSL
  46. #include "dh.h"
  47. #endif
  48. #include "sshbuf.h"
  49. #include "sshkey.h"
  50. #include "cipher.h"
  51. #include "kex.h"
  52. #include "hostfile.h"
  53. #include "auth.h"
  54. #include "auth-options.h"
  55. #include "packet.h"
  56. #include "mac.h"
  57. #include "log.h"
  58. #include "auth-pam.h"
  59. #include "monitor.h"
  60. #ifdef GSSAPI
  61. #include "ssh-gss.h"
  62. #endif
  63. #include "monitor_wrap.h"
  64. #include "atomicio.h"
  65. #include "monitor_fdpass.h"
  66. #include "misc.h"
  67. #include "channels.h"
  68. #include "session.h"
  69. #include "servconf.h"
  70. #include "ssherr.h"
  71. /* Imports */
  72. extern struct monitor *pmonitor;
  73. extern struct sshbuf *loginmsg;
  74. extern ServerOptions options;
  75. void
  76. mm_log_handler(LogLevel level, const char *msg, void *ctx)
  77. {
  78. struct sshbuf *log_msg;
  79. struct monitor *mon = (struct monitor *)ctx;
  80. int r;
  81. size_t len;
  82. if (mon->m_log_sendfd == -1)
  83. fatal("%s: no log channel", __func__);
  84. if ((log_msg = sshbuf_new()) == NULL)
  85. fatal("%s: sshbuf_new failed", __func__);
  86. if ((r = sshbuf_put_u32(log_msg, 0)) != 0 || /* length; filled below */
  87. (r = sshbuf_put_u32(log_msg, level)) != 0 ||
  88. (r = sshbuf_put_cstring(log_msg, msg)) != 0)
  89. fatal("%s: buffer error: %s", __func__, ssh_err(r));
  90. if ((len = sshbuf_len(log_msg)) < 4 || len > 0xffffffff)
  91. fatal("%s: bad length %zu", __func__, len);
  92. POKE_U32(sshbuf_mutable_ptr(log_msg), len - 4);
  93. if (atomicio(vwrite, mon->m_log_sendfd,
  94. sshbuf_mutable_ptr(log_msg), len) != len)
  95. fatal("%s: write: %s", __func__, strerror(errno));
  96. sshbuf_free(log_msg);
  97. }
  98. int
  99. mm_is_monitor(void)
  100. {
  101. /*
  102. * m_pid is only set in the privileged part, and
  103. * points to the unprivileged child.
  104. */
  105. return (pmonitor && pmonitor->m_pid > 0);
  106. }
  107. void
  108. mm_request_send(int sock, enum monitor_reqtype type, struct sshbuf *m)
  109. {
  110. size_t mlen = sshbuf_len(m);
  111. u_char buf[5];
  112. debug3("%s entering: type %d", __func__, type);
  113. if (mlen >= 0xffffffff)
  114. fatal("%s: bad length %zu", __func__, mlen);
  115. POKE_U32(buf, mlen + 1);
  116. buf[4] = (u_char) type; /* 1st byte of payload is mesg-type */
  117. if (atomicio(vwrite, sock, buf, sizeof(buf)) != sizeof(buf))
  118. fatal("%s: write: %s", __func__, strerror(errno));
  119. if (atomicio(vwrite, sock, sshbuf_mutable_ptr(m), mlen) != mlen)
  120. fatal("%s: write: %s", __func__, strerror(errno));
  121. }
  122. void
  123. mm_request_receive(int sock, struct sshbuf *m)
  124. {
  125. u_char buf[4], *p = NULL;
  126. u_int msg_len;
  127. int r;
  128. debug3("%s entering", __func__);
  129. if (atomicio(read, sock, buf, sizeof(buf)) != sizeof(buf)) {
  130. if (errno == EPIPE)
  131. cleanup_exit(255);
  132. fatal("%s: read: %s", __func__, strerror(errno));
  133. }
  134. msg_len = PEEK_U32(buf);
  135. if (msg_len > 256 * 1024)
  136. fatal("%s: read: bad msg_len %d", __func__, msg_len);
  137. sshbuf_reset(m);
  138. if ((r = sshbuf_reserve(m, msg_len, &p)) != 0)
  139. fatal("%s: buffer error: %s", __func__, ssh_err(r));
  140. if (atomicio(read, sock, p, msg_len) != msg_len)
  141. fatal("%s: read: %s", __func__, strerror(errno));
  142. }
  143. void
  144. mm_request_receive_expect(int sock, enum monitor_reqtype type, struct sshbuf *m)
  145. {
  146. u_char rtype;
  147. int r;
  148. debug3("%s entering: type %d", __func__, type);
  149. mm_request_receive(sock, m);
  150. if ((r = sshbuf_get_u8(m, &rtype)) != 0)
  151. fatal("%s: buffer error: %s", __func__, ssh_err(r));
  152. if (rtype != type)
  153. fatal("%s: read: rtype %d != type %d", __func__,
  154. rtype, type);
  155. }
  156. #ifdef WITH_OPENSSL
  157. DH *
  158. mm_choose_dh(int min, int nbits, int max)
  159. {
  160. BIGNUM *p, *g;
  161. int r;
  162. u_char success = 0;
  163. struct sshbuf *m;
  164. if ((m = sshbuf_new()) == NULL)
  165. fatal("%s: sshbuf_new failed", __func__);
  166. if ((r = sshbuf_put_u32(m, min)) != 0 ||
  167. (r = sshbuf_put_u32(m, nbits)) != 0 ||
  168. (r = sshbuf_put_u32(m, max)) != 0)
  169. fatal("%s: buffer error: %s", __func__, ssh_err(r));
  170. mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_MODULI, m);
  171. debug3("%s: waiting for MONITOR_ANS_MODULI", __func__);
  172. mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_MODULI, m);
  173. if ((r = sshbuf_get_u8(m, &success)) != 0)
  174. fatal("%s: buffer error: %s", __func__, ssh_err(r));
  175. if (success == 0)
  176. fatal("%s: MONITOR_ANS_MODULI failed", __func__);
  177. if ((r = sshbuf_get_bignum2(m, &p)) != 0 ||
  178. (r = sshbuf_get_bignum2(m, &g)) != 0)
  179. fatal("%s: buffer error: %s", __func__, ssh_err(r));
  180. debug3("%s: remaining %zu", __func__, sshbuf_len(m));
  181. sshbuf_free(m);
  182. return (dh_new_group(g, p));
  183. }
  184. #endif
  185. int
  186. mm_sshkey_sign(struct ssh *ssh, struct sshkey *key, u_char **sigp, size_t *lenp,
  187. const u_char *data, size_t datalen, const char *hostkey_alg,
  188. const char *sk_provider, const char *sk_pin, u_int compat)
  189. {
  190. struct kex *kex = *pmonitor->m_pkex;
  191. struct sshbuf *m;
  192. u_int ndx = kex->host_key_index(key, 0, ssh);
  193. int r;
  194. debug3("%s entering", __func__);
  195. if ((m = sshbuf_new()) == NULL)
  196. fatal("%s: sshbuf_new failed", __func__);
  197. if ((r = sshbuf_put_u32(m, ndx)) != 0 ||
  198. (r = sshbuf_put_string(m, data, datalen)) != 0 ||
  199. (r = sshbuf_put_cstring(m, hostkey_alg)) != 0 ||
  200. (r = sshbuf_put_u32(m, compat)) != 0)
  201. fatal("%s: buffer error: %s", __func__, ssh_err(r));
  202. mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SIGN, m);
  203. debug3("%s: waiting for MONITOR_ANS_SIGN", __func__);
  204. mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_SIGN, m);
  205. if ((r = sshbuf_get_string(m, sigp, lenp)) != 0)
  206. fatal("%s: buffer error: %s", __func__, ssh_err(r));
  207. sshbuf_free(m);
  208. return (0);
  209. }
  210. #define GETPW(b, id) \
  211. do { \
  212. if ((r = sshbuf_get_string_direct(b, &p, &len)) != 0) \
  213. fatal(r, "parse pw %s", #id); \
  214. if (len != sizeof(pw->id)) \
  215. fatal(r, "bad length for %s", #id); \
  216. memcpy(&pw->id, p, len); \
  217. } while (0)
  218. struct passwd *
  219. mm_getpwnamallow(struct ssh *ssh, const char *username)
  220. {
  221. struct sshbuf *m;
  222. struct passwd *pw;
  223. size_t len;
  224. u_int i;
  225. ServerOptions *newopts;
  226. int r;
  227. u_char ok;
  228. const u_char *p;
  229. debug3("%s entering", __func__);
  230. if ((m = sshbuf_new()) == NULL)
  231. fatal("%s: sshbuf_new failed", __func__);
  232. if ((r = sshbuf_put_cstring(m, username)) != 0)
  233. fatal("%s: buffer error: %s", __func__, ssh_err(r));
  234. mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PWNAM, m);
  235. debug3("%s: waiting for MONITOR_ANS_PWNAM", __func__);
  236. mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PWNAM, m);
  237. if ((r = sshbuf_get_u8(m, &ok)) != 0)
  238. fatal("%s: buffer error: %s", __func__, ssh_err(r));
  239. if (ok == 0) {
  240. pw = NULL;
  241. goto out;
  242. }
  243. /* XXX don't like passing struct passwd like this */
  244. pw = xcalloc(sizeof(*pw), 1);
  245. // if ((r = sshbuf_get_string_direct(m, &p, &len)) != 0)
  246. // fatal("%s: buffer error: %s", __func__, ssh_err(r));
  247. // if (len != sizeof(*pw))
  248. // fatal("%s: struct passwd size mismatch", __func__);
  249. // memcpy(pw, p, sizeof(*pw));
  250. GETPW(m, pw_uid);
  251. GETPW(m, pw_gid);
  252. #ifdef HAVE_STRUCT_PASSWD_PW_CHANGE
  253. GETPW(m, pw_change);
  254. #endif
  255. #ifdef HAVE_STRUCT_PASSWD_PW_EXPIRE
  256. GETPW(m, pw_expire);
  257. #endif
  258. if ((r = sshbuf_get_cstring(m, &pw->pw_name, NULL)) != 0 ||
  259. (r = sshbuf_get_cstring(m, &pw->pw_passwd, NULL)) != 0 ||
  260. #ifdef HAVE_STRUCT_PASSWD_PW_GECOS
  261. (r = sshbuf_get_cstring(m, &pw->pw_gecos, NULL)) != 0 ||
  262. #endif
  263. #ifdef HAVE_STRUCT_PASSWD_PW_CLASS
  264. (r = sshbuf_get_cstring(m, &pw->pw_class, NULL)) != 0 ||
  265. #endif
  266. (r = sshbuf_get_cstring(m, &pw->pw_dir, NULL)) != 0 ||
  267. (r = sshbuf_get_cstring(m, &pw->pw_shell, NULL)) != 0)
  268. fatal("%s: buffer error: %s", __func__, ssh_err(r));
  269. out:
  270. /* copy options block as a Match directive may have changed some */
  271. if ((r = sshbuf_get_string_direct(m, &p, &len)) != 0)
  272. fatal("%s: buffer error: %s", __func__, ssh_err(r));
  273. if (len != sizeof(*newopts))
  274. fatal("%s: option block size mismatch", __func__);
  275. newopts = xcalloc(sizeof(*newopts), 1);
  276. memcpy(newopts, p, sizeof(*newopts));
  277. #define M_CP_STROPT(x) do { \
  278. if (newopts->x != NULL) { \
  279. if ((r = sshbuf_get_cstring(m, \
  280. &newopts->x, NULL)) != 0) \
  281. fatal("%s: buffer error: %s", \
  282. __func__, ssh_err(r)); \
  283. } \
  284. } while (0)
  285. #define M_CP_STRARRAYOPT(x, nx) do { \
  286. newopts->x = newopts->nx == 0 ? \
  287. NULL : xcalloc(newopts->nx, sizeof(*newopts->x)); \
  288. for (i = 0; i < newopts->nx; i++) { \
  289. if ((r = sshbuf_get_cstring(m, \
  290. &newopts->x[i], NULL)) != 0) \
  291. fatal("%s: buffer error: %s", \
  292. __func__, ssh_err(r)); \
  293. } \
  294. } while (0)
  295. /* See comment in servconf.h */
  296. COPY_MATCH_STRING_OPTS();
  297. #undef M_CP_STROPT
  298. #undef M_CP_STRARRAYOPT
  299. copy_set_server_options(&options, newopts, 1);
  300. log_change_level(options.log_level);
  301. process_permitopen(ssh, &options);
  302. free(newopts);
  303. sshbuf_free(m);
  304. return (pw);
  305. }
  306. char *
  307. mm_auth2_read_banner(void)
  308. {
  309. struct sshbuf *m;
  310. char *banner;
  311. int r;
  312. debug3("%s entering", __func__);
  313. if ((m = sshbuf_new()) == NULL)
  314. fatal("%s: sshbuf_new failed", __func__);
  315. mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTH2_READ_BANNER, m);
  316. sshbuf_reset(m);
  317. mm_request_receive_expect(pmonitor->m_recvfd,
  318. MONITOR_ANS_AUTH2_READ_BANNER, m);
  319. if ((r = sshbuf_get_cstring(m, &banner, NULL)) != 0)
  320. fatal("%s: buffer error: %s", __func__, ssh_err(r));
  321. sshbuf_free(m);
  322. /* treat empty banner as missing banner */
  323. if (strlen(banner) == 0) {
  324. free(banner);
  325. banner = NULL;
  326. }
  327. return (banner);
  328. }
  329. /* Inform the privileged process about service and style */
  330. void
  331. mm_inform_authserv(char *service, char *style)
  332. {
  333. struct sshbuf *m;
  334. int r;
  335. debug3("%s entering", __func__);
  336. if ((m = sshbuf_new()) == NULL)
  337. fatal("%s: sshbuf_new failed", __func__);
  338. if ((r = sshbuf_put_cstring(m, service)) != 0 ||
  339. (r = sshbuf_put_cstring(m, style ? style : "")) != 0)
  340. fatal("%s: buffer error: %s", __func__, ssh_err(r));
  341. mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHSERV, m);
  342. sshbuf_free(m);
  343. }
  344. /* Inform the privileged process about role */
  345. #ifdef WITH_SELINUX
  346. void
  347. mm_inform_authrole(char *role)
  348. {
  349. int r;
  350. struct sshbuf *m;
  351. debug3("%s entering", __func__);
  352. if ((m = sshbuf_new()) == NULL)
  353. fatal("%s: sshbuf_new failed", __func__);
  354. if ((r = sshbuf_put_cstring(m, role ? role : "")) != 0)
  355. fatal("%s: buffer error: %s", __func__, ssh_err(r));
  356. mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHROLE, m);
  357. sshbuf_free(m);
  358. }
  359. #endif
  360. /* Do the password authentication */
  361. int
  362. mm_auth_password(struct ssh *ssh, char *password)
  363. {
  364. struct sshbuf *m;
  365. int r, authenticated = 0;
  366. #ifdef USE_PAM
  367. u_int maxtries = 0;
  368. #endif
  369. debug3("%s entering", __func__);
  370. if ((m = sshbuf_new()) == NULL)
  371. fatal("%s: sshbuf_new failed", __func__);
  372. if ((r = sshbuf_put_cstring(m, password)) != 0)
  373. fatal("%s: buffer error: %s", __func__, ssh_err(r));
  374. mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHPASSWORD, m);
  375. debug3("%s: waiting for MONITOR_ANS_AUTHPASSWORD", __func__);
  376. mm_request_receive_expect(pmonitor->m_recvfd,
  377. MONITOR_ANS_AUTHPASSWORD, m);
  378. if ((r = sshbuf_get_u32(m, &authenticated)) != 0)
  379. fatal("%s: buffer error: %s", __func__, ssh_err(r));
  380. #ifdef USE_PAM
  381. if ((r = sshbuf_get_u32(m, &maxtries)) != 0)
  382. fatal("%s: buffer error: %s", __func__, ssh_err(r));
  383. if (maxtries > INT_MAX)
  384. fatal("%s: bad maxtries %u", __func__, maxtries);
  385. sshpam_set_maxtries_reached(maxtries);
  386. #endif
  387. sshbuf_free(m);
  388. debug3("%s: user %sauthenticated",
  389. __func__, authenticated ? "" : "not ");
  390. return (authenticated);
  391. }
  392. int
  393. mm_user_key_allowed(struct ssh *ssh, struct passwd *pw, struct sshkey *key,
  394. int pubkey_auth_attempt, struct sshauthopt **authoptp)
  395. {
  396. return (mm_key_allowed(MM_USERKEY, NULL, NULL, key,
  397. pubkey_auth_attempt, authoptp));
  398. }
  399. int
  400. mm_hostbased_key_allowed(struct ssh *ssh, struct passwd *pw,
  401. const char *user, const char *host, struct sshkey *key)
  402. {
  403. return (mm_key_allowed(MM_HOSTKEY, user, host, key, 0, NULL));
  404. }
  405. int
  406. mm_key_allowed(enum mm_keytype type, const char *user, const char *host,
  407. struct sshkey *key, int pubkey_auth_attempt, struct sshauthopt **authoptp)
  408. {
  409. struct sshbuf *m;
  410. int r, allowed = 0;
  411. struct sshauthopt *opts = NULL;
  412. debug3("%s entering", __func__);
  413. if (authoptp != NULL)
  414. *authoptp = NULL;
  415. if ((m = sshbuf_new()) == NULL)
  416. fatal("%s: sshbuf_new failed", __func__);
  417. if ((r = sshbuf_put_u32(m, type)) != 0 ||
  418. (r = sshbuf_put_cstring(m, user ? user : "")) != 0 ||
  419. (r = sshbuf_put_cstring(m, host ? host : "")) != 0 ||
  420. (r = sshkey_puts(key, m)) != 0 ||
  421. (r = sshbuf_put_u32(m, pubkey_auth_attempt)) != 0)
  422. fatal("%s: buffer error: %s", __func__, ssh_err(r));
  423. mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYALLOWED, m);
  424. debug3("%s: waiting for MONITOR_ANS_KEYALLOWED", __func__);
  425. mm_request_receive_expect(pmonitor->m_recvfd,
  426. MONITOR_ANS_KEYALLOWED, m);
  427. if ((r = sshbuf_get_u32(m, &allowed)) != 0)
  428. fatal("%s: buffer error: %s", __func__, ssh_err(r));
  429. if (allowed && type == MM_USERKEY) {
  430. if ((r = sshauthopt_deserialise(m, &opts)) != 0)
  431. fatal("%s: sshauthopt_deserialise: %s",
  432. __func__, ssh_err(r));
  433. }
  434. sshbuf_free(m);
  435. if (authoptp != NULL) {
  436. *authoptp = opts;
  437. opts = NULL;
  438. }
  439. sshauthopt_free(opts);
  440. return allowed;
  441. }
  442. /*
  443. * This key verify needs to send the key type along, because the
  444. * privileged parent makes the decision if the key is allowed
  445. * for authentication.
  446. */
  447. int
  448. mm_sshkey_verify(enum mm_keytype type, const struct sshkey *key, const u_char *sig, size_t siglen,
  449. const u_char *data, size_t datalen, const char *sigalg, u_int compat,
  450. struct sshkey_sig_details **sig_detailsp)
  451. {
  452. struct sshbuf *m;
  453. u_int encoded_ret = 0;
  454. int r;
  455. u_char sig_details_present, flags;
  456. u_int counter;
  457. debug3("%s entering", __func__);
  458. if (sig_detailsp != NULL)
  459. *sig_detailsp = NULL;
  460. if ((m = sshbuf_new()) == NULL)
  461. fatal("%s: sshbuf_new failed", __func__);
  462. if ((r = sshbuf_put_u32(m, type)) != 0 ||
  463. (r = sshkey_puts(key, m)) != 0 ||
  464. (r = sshbuf_put_string(m, sig, siglen)) != 0 ||
  465. (r = sshbuf_put_string(m, data, datalen)) != 0 ||
  466. (r = sshbuf_put_cstring(m, sigalg == NULL ? "" : sigalg)) != 0)
  467. fatal("%s: buffer error: %s", __func__, ssh_err(r));
  468. mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYVERIFY, m);
  469. debug3("%s: waiting for MONITOR_ANS_KEYVERIFY", __func__);
  470. mm_request_receive_expect(pmonitor->m_recvfd,
  471. MONITOR_ANS_KEYVERIFY, m);
  472. if ((r = sshbuf_get_u32(m, &encoded_ret)) != 0 ||
  473. (r = sshbuf_get_u8(m, &sig_details_present)) != 0)
  474. fatal("%s: buffer error: %s", __func__, ssh_err(r));
  475. if (sig_details_present && encoded_ret == 0) {
  476. if ((r = sshbuf_get_u32(m, &counter)) != 0 ||
  477. (r = sshbuf_get_u8(m, &flags)) != 0)
  478. fatal("%s: buffer error: %s", __func__, ssh_err(r));
  479. if (sig_detailsp != NULL) {
  480. *sig_detailsp = xcalloc(1, sizeof(**sig_detailsp));
  481. (*sig_detailsp)->sk_counter = counter;
  482. (*sig_detailsp)->sk_flags = flags;
  483. }
  484. }
  485. sshbuf_free(m);
  486. if (encoded_ret != 0)
  487. return SSH_ERR_SIGNATURE_INVALID;
  488. return 0;
  489. }
  490. int
  491. mm_hostbased_key_verify(struct ssh *ssh, const struct sshkey *key, const u_char *sig, size_t siglen,
  492. const u_char *data, size_t datalen, const char *pkalg, u_int compat,
  493. struct sshkey_sig_details **detailsp)
  494. {
  495. return mm_sshkey_verify(MM_HOSTKEY, key, sig, siglen, data, datalen, pkalg, compat, detailsp);
  496. }
  497. int
  498. mm_user_key_verify(struct ssh *ssh, const struct sshkey *key, const u_char *sig, size_t siglen,
  499. const u_char *data, size_t datalen, const char *pkalg, u_int compat,
  500. struct sshkey_sig_details **detailsp)
  501. {
  502. return mm_sshkey_verify(MM_USERKEY, key, sig, siglen, data, datalen, pkalg, compat, detailsp);
  503. }
  504. void
  505. mm_send_keystate(struct ssh *ssh, struct monitor *monitor)
  506. {
  507. struct sshbuf *m;
  508. int r;
  509. if ((m = sshbuf_new()) == NULL)
  510. fatal("%s: sshbuf_new failed", __func__);
  511. if ((r = ssh_packet_get_state(ssh, m)) != 0)
  512. fatal("%s: get_state failed: %s",
  513. __func__, ssh_err(r));
  514. mm_request_send(monitor->m_recvfd, MONITOR_REQ_KEYEXPORT, m);
  515. debug3("%s: Finished sending state", __func__);
  516. sshbuf_free(m);
  517. }
  518. int
  519. mm_pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, size_t namebuflen)
  520. {
  521. struct sshbuf *m;
  522. char *p, *msg;
  523. int success = 0, tmp1 = -1, tmp2 = -1, r;
  524. /* Kludge: ensure there are fds free to receive the pty/tty */
  525. if ((tmp1 = dup(pmonitor->m_recvfd)) == -1 ||
  526. (tmp2 = dup(pmonitor->m_recvfd)) == -1) {
  527. error("%s: cannot allocate fds for pty", __func__);
  528. if (tmp1 >= 0)
  529. close(tmp1);
  530. /*DEAD CODE if (tmp2 >= 0)
  531. close(tmp2);*/
  532. return 0;
  533. }
  534. close(tmp1);
  535. close(tmp2);
  536. if ((m = sshbuf_new()) == NULL)
  537. fatal("%s: sshbuf_new failed", __func__);
  538. mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PTY, m);
  539. debug3("%s: waiting for MONITOR_ANS_PTY", __func__);
  540. mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PTY, m);
  541. if ((r = sshbuf_get_u32(m, &success)) != 0)
  542. fatal("%s: buffer error: %s", __func__, ssh_err(r));
  543. if (success == 0) {
  544. debug3("%s: pty alloc failed", __func__);
  545. sshbuf_free(m);
  546. return (0);
  547. }
  548. if ((r = sshbuf_get_cstring(m, &p, NULL)) != 0 ||
  549. (r = sshbuf_get_cstring(m, &msg, NULL)) != 0)
  550. fatal("%s: buffer error: %s", __func__, ssh_err(r));
  551. sshbuf_free(m);
  552. strlcpy(namebuf, p, namebuflen); /* Possible truncation */
  553. free(p);
  554. if ((r = sshbuf_put(loginmsg, msg, strlen(msg))) != 0)
  555. fatal("%s: buffer error: %s", __func__, ssh_err(r));
  556. free(msg);
  557. if ((*ptyfd = mm_receive_fd(pmonitor->m_recvfd)) == -1 ||
  558. (*ttyfd = mm_receive_fd(pmonitor->m_recvfd)) == -1)
  559. fatal("%s: receive fds failed", __func__);
  560. /* Success */
  561. return (1);
  562. }
  563. void
  564. mm_session_pty_cleanup2(Session *s)
  565. {
  566. struct sshbuf *m;
  567. int r;
  568. if (s->ttyfd == -1)
  569. return;
  570. if ((m = sshbuf_new()) == NULL)
  571. fatal("%s: sshbuf_new failed", __func__);
  572. if ((r = sshbuf_put_cstring(m, s->tty)) != 0)
  573. fatal("%s: buffer error: %s", __func__, ssh_err(r));
  574. mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PTYCLEANUP, m);
  575. sshbuf_free(m);
  576. /* closed dup'ed master */
  577. if (s->ptymaster != -1 && close(s->ptymaster) == -1)
  578. error("close(s->ptymaster/%d): %s",
  579. s->ptymaster, strerror(errno));
  580. /* unlink pty from session */
  581. s->ttyfd = -1;
  582. }
  583. #ifdef USE_PAM
  584. void
  585. mm_start_pam(struct ssh *ssh)
  586. {
  587. struct sshbuf *m;
  588. debug3("%s entering", __func__);
  589. if (!options.use_pam)
  590. fatal("UsePAM=no, but ended up in %s anyway", __func__);
  591. if ((m = sshbuf_new()) == NULL)
  592. fatal("%s: sshbuf_new failed", __func__);
  593. mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_START, m);
  594. sshbuf_free(m);
  595. }
  596. u_int
  597. mm_do_pam_account(void)
  598. {
  599. struct sshbuf *m;
  600. u_int ret;
  601. char *msg;
  602. size_t msglen;
  603. int r;
  604. debug3("%s entering", __func__);
  605. if (!options.use_pam)
  606. fatal("UsePAM=no, but ended up in %s anyway", __func__);
  607. if ((m = sshbuf_new()) == NULL)
  608. fatal("%s: sshbuf_new failed", __func__);
  609. mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_ACCOUNT, m);
  610. mm_request_receive_expect(pmonitor->m_recvfd,
  611. MONITOR_ANS_PAM_ACCOUNT, m);
  612. if ((r = sshbuf_get_u32(m, &ret)) != 0 ||
  613. (r = sshbuf_get_cstring(m, &msg, &msglen)) != 0 ||
  614. (r = sshbuf_put(loginmsg, msg, msglen)) != 0)
  615. fatal("%s: buffer error: %s", __func__, ssh_err(r));
  616. free(msg);
  617. sshbuf_free(m);
  618. debug3("%s returning %d", __func__, ret);
  619. return (ret);
  620. }
  621. void *
  622. mm_sshpam_init_ctx(Authctxt *authctxt)
  623. {
  624. struct sshbuf *m;
  625. int r, success;
  626. debug3("%s", __func__);
  627. if ((m = sshbuf_new()) == NULL)
  628. fatal("%s: sshbuf_new failed", __func__);
  629. mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_INIT_CTX, m);
  630. debug3("%s: waiting for MONITOR_ANS_PAM_INIT_CTX", __func__);
  631. mm_request_receive_expect(pmonitor->m_recvfd,
  632. MONITOR_ANS_PAM_INIT_CTX, m);
  633. if ((r = sshbuf_get_u32(m, &success)) != 0)
  634. fatal("%s: buffer error: %s", __func__, ssh_err(r));
  635. if (success == 0) {
  636. debug3("%s: pam_init_ctx failed", __func__);
  637. sshbuf_free(m);
  638. return (NULL);
  639. }
  640. sshbuf_free(m);
  641. return (authctxt);
  642. }
  643. int
  644. mm_sshpam_query(void *ctx, char **name, char **info,
  645. u_int *num, char ***prompts, u_int **echo_on)
  646. {
  647. struct sshbuf *m;
  648. u_int i, n;
  649. int r, ret;
  650. debug3("%s", __func__);
  651. if ((m = sshbuf_new()) == NULL)
  652. fatal("%s: sshbuf_new failed", __func__);
  653. mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_QUERY, m);
  654. debug3("%s: waiting for MONITOR_ANS_PAM_QUERY", __func__);
  655. mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_QUERY, m);
  656. if ((r = sshbuf_get_u32(m, &ret)) != 0 ||
  657. (r = sshbuf_get_cstring(m, name, NULL)) != 0 ||
  658. (r = sshbuf_get_cstring(m, info, NULL)) != 0 ||
  659. (r = sshbuf_get_u32(m, &n)) != 0 ||
  660. (r = sshbuf_get_u32(m, num)) != 0)
  661. fatal("%s: buffer error: %s", __func__, ssh_err(r));
  662. debug3("%s: pam_query returned %d", __func__, ret);
  663. sshpam_set_maxtries_reached(n);
  664. if (*num > PAM_MAX_NUM_MSG)
  665. fatal("%s: received %u PAM messages, expected <= %u",
  666. __func__, *num, PAM_MAX_NUM_MSG);
  667. *prompts = xcalloc((*num + 1), sizeof(char *));
  668. *echo_on = xcalloc((*num + 1), sizeof(u_int));
  669. for (i = 0; i < *num; ++i) {
  670. if ((r = sshbuf_get_cstring(m, &((*prompts)[i]), NULL)) != 0 ||
  671. (r = sshbuf_get_u32(m, &((*echo_on)[i]))) != 0)
  672. fatal("%s: buffer error: %s", __func__, ssh_err(r));
  673. }
  674. sshbuf_free(m);
  675. return (ret);
  676. }
  677. int
  678. mm_sshpam_respond(void *ctx, u_int num, char **resp)
  679. {
  680. struct sshbuf *m;
  681. u_int n, i;
  682. int r, ret;
  683. debug3("%s", __func__);
  684. if ((m = sshbuf_new()) == NULL)
  685. fatal("%s: sshbuf_new failed", __func__);
  686. if ((r = sshbuf_put_u32(m, num)) != 0)
  687. fatal("%s: buffer error: %s", __func__, ssh_err(r));
  688. for (i = 0; i < num; ++i) {
  689. if ((r = sshbuf_put_cstring(m, resp[i])) != 0)
  690. fatal("%s: buffer error: %s", __func__, ssh_err(r));
  691. }
  692. mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_RESPOND, m);
  693. debug3("%s: waiting for MONITOR_ANS_PAM_RESPOND", __func__);
  694. mm_request_receive_expect(pmonitor->m_recvfd,
  695. MONITOR_ANS_PAM_RESPOND, m);
  696. if ((r = sshbuf_get_u32(m, &n)) != 0)
  697. fatal("%s: buffer error: %s", __func__, ssh_err(r));
  698. ret = (int)n; /* XXX */
  699. debug3("%s: pam_respond returned %d", __func__, ret);
  700. sshbuf_free(m);
  701. return (ret);
  702. }
  703. void
  704. mm_sshpam_free_ctx(void *ctxtp)
  705. {
  706. struct sshbuf *m;
  707. debug3("%s", __func__);
  708. if ((m = sshbuf_new()) == NULL)
  709. fatal("%s: sshbuf_new failed", __func__);
  710. mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_FREE_CTX, m);
  711. debug3("%s: waiting for MONITOR_ANS_PAM_FREE_CTX", __func__);
  712. mm_request_receive_expect(pmonitor->m_recvfd,
  713. MONITOR_ANS_PAM_FREE_CTX, m);
  714. sshbuf_free(m);
  715. }
  716. #endif /* USE_PAM */
  717. /* Request process termination */
  718. void
  719. mm_terminate(void)
  720. {
  721. struct sshbuf *m;
  722. if ((m = sshbuf_new()) == NULL)
  723. fatal("%s: sshbuf_new failed", __func__);
  724. mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_TERM, m);
  725. sshbuf_free(m);
  726. }
  727. static void
  728. mm_chall_setup(char **name, char **infotxt, u_int *numprompts,
  729. char ***prompts, u_int **echo_on)
  730. {
  731. *name = xstrdup("");
  732. *infotxt = xstrdup("");
  733. *numprompts = 1;
  734. *prompts = xcalloc(*numprompts, sizeof(char *));
  735. *echo_on = xcalloc(*numprompts, sizeof(u_int));
  736. (*echo_on)[0] = 0;
  737. }
  738. int
  739. mm_bsdauth_query(void *ctx, char **name, char **infotxt,
  740. u_int *numprompts, char ***prompts, u_int **echo_on)
  741. {
  742. struct sshbuf *m;
  743. u_int success;
  744. char *challenge;
  745. int r;
  746. debug3("%s: entering", __func__);
  747. if ((m = sshbuf_new()) == NULL)
  748. fatal("%s: sshbuf_new failed", __func__);
  749. mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_BSDAUTHQUERY, m);
  750. mm_request_receive_expect(pmonitor->m_recvfd,
  751. MONITOR_ANS_BSDAUTHQUERY, m);
  752. if ((r = sshbuf_get_u32(m, &success)) != 0)
  753. fatal("%s: buffer error: %s", __func__, ssh_err(r));
  754. if (success == 0) {
  755. debug3("%s: no challenge", __func__);
  756. sshbuf_free(m);
  757. return (-1);
  758. }
  759. /* Get the challenge, and format the response */
  760. if ((r = sshbuf_get_cstring(m, &challenge, NULL)) != 0)
  761. fatal("%s: buffer error: %s", __func__, ssh_err(r));
  762. sshbuf_free(m);
  763. mm_chall_setup(name, infotxt, numprompts, prompts, echo_on);
  764. (*prompts)[0] = challenge;
  765. debug3("%s: received challenge: %s", __func__, challenge);
  766. return (0);
  767. }
  768. int
  769. mm_bsdauth_respond(void *ctx, u_int numresponses, char **responses)
  770. {
  771. struct sshbuf *m;
  772. int r, authok;
  773. debug3("%s: entering", __func__);
  774. if (numresponses != 1)
  775. return (-1);
  776. if ((m = sshbuf_new()) == NULL)
  777. fatal("%s: sshbuf_new failed", __func__);
  778. if ((r = sshbuf_put_cstring(m, responses[0])) != 0)
  779. fatal("%s: buffer error: %s", __func__, ssh_err(r));
  780. mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_BSDAUTHRESPOND, m);
  781. mm_request_receive_expect(pmonitor->m_recvfd,
  782. MONITOR_ANS_BSDAUTHRESPOND, m);
  783. if ((r = sshbuf_get_u32(m, &authok)) != 0)
  784. fatal("%s: buffer error: %s", __func__, ssh_err(r));
  785. sshbuf_free(m);
  786. return ((authok == 0) ? -1 : 0);
  787. }
  788. #ifdef SSH_AUDIT_EVENTS
  789. void
  790. mm_audit_event(struct ssh *ssh, ssh_audit_event_t event)
  791. {
  792. struct sshbuf *m;
  793. int r;
  794. debug3("%s entering", __func__);
  795. if ((m = sshbuf_new()) == NULL)
  796. fatal("%s: sshbuf_new failed", __func__);
  797. if ((r = sshbuf_put_u32(m, event)) != 0)
  798. fatal("%s: buffer error: %s", __func__, ssh_err(r));
  799. mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_EVENT, m);
  800. sshbuf_free(m);
  801. }
  802. int
  803. mm_audit_run_command(struct ssh *ssh, const char *command)
  804. {
  805. struct sshbuf *m;
  806. int r;
  807. int handle;
  808. debug3("%s entering command %s", __func__, command);
  809. if ((m = sshbuf_new()) == NULL)
  810. fatal("%s: sshbuf_new failed", __func__);
  811. if ((r = sshbuf_put_cstring(m, command)) != 0)
  812. fatal("%s: buffer error: %s", __func__, ssh_err(r));
  813. mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_COMMAND, m);
  814. mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUDIT_COMMAND, m);
  815. if ((r = sshbuf_get_u32(m, &handle)) != 0)
  816. fatal("%s: buffer error: %s", __func__, ssh_err(r));
  817. sshbuf_free(m);
  818. return (handle);
  819. }
  820. void
  821. mm_audit_end_command(struct ssh *ssh, int handle, const char *command)
  822. {
  823. int r;
  824. struct sshbuf *m;
  825. debug3("%s entering command %s", __func__, command);
  826. if ((m = sshbuf_new()) == NULL)
  827. fatal("%s: sshbuf_new failed", __func__);
  828. if ((r = sshbuf_put_u32(m, handle)) != 0 ||
  829. (r = sshbuf_put_cstring(m, command)) != 0)
  830. fatal("%s: buffer error: %s", __func__, ssh_err(r));
  831. mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_END_COMMAND, m);
  832. sshbuf_free(m);
  833. }
  834. #endif /* SSH_AUDIT_EVENTS */
  835. #ifdef GSSAPI
  836. OM_uint32
  837. mm_ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID goid)
  838. {
  839. struct sshbuf *m;
  840. OM_uint32 major;
  841. int r;
  842. /* Client doesn't get to see the context */
  843. *ctx = NULL;
  844. if ((m = sshbuf_new()) == NULL)
  845. fatal("%s: sshbuf_new failed", __func__);
  846. if ((r = sshbuf_put_string(m, goid->elements, goid->length)) != 0)
  847. fatal("%s: buffer error: %s", __func__, ssh_err(r));
  848. mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSETUP, m);
  849. mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSETUP, m);
  850. if ((r = sshbuf_get_u32(m, &major)) != 0)
  851. fatal("%s: buffer error: %s", __func__, ssh_err(r));
  852. sshbuf_free(m);
  853. return (major);
  854. }
  855. OM_uint32
  856. mm_ssh_gssapi_accept_ctx(Gssctxt *ctx, gss_buffer_desc *in,
  857. gss_buffer_desc *out, OM_uint32 *flagsp)
  858. {
  859. struct sshbuf *m;
  860. OM_uint32 major;
  861. u_int flags;
  862. int r;
  863. if ((m = sshbuf_new()) == NULL)
  864. fatal("%s: sshbuf_new failed", __func__);
  865. if ((r = sshbuf_put_string(m, in->value, in->length)) != 0)
  866. fatal("%s: buffer error: %s", __func__, ssh_err(r));
  867. mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSTEP, m);
  868. mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSTEP, m);
  869. if ((r = sshbuf_get_u32(m, &major)) != 0 ||
  870. (r = ssh_gssapi_get_buffer_desc(m, out)) != 0)
  871. fatal("%s: buffer error: %s", __func__, ssh_err(r));
  872. if (flagsp != NULL) {
  873. if ((r = sshbuf_get_u32(m, &flags)) != 0)
  874. fatal("%s: buffer error: %s", __func__, ssh_err(r));
  875. *flagsp = flags;
  876. }
  877. sshbuf_free(m);
  878. return (major);
  879. }
  880. OM_uint32
  881. mm_ssh_gssapi_checkmic(Gssctxt *ctx, gss_buffer_t gssbuf, gss_buffer_t gssmic)
  882. {
  883. struct sshbuf *m;
  884. OM_uint32 major;
  885. int r;
  886. if ((m = sshbuf_new()) == NULL)
  887. fatal("%s: sshbuf_new failed", __func__);
  888. if ((r = sshbuf_put_string(m, gssbuf->value, gssbuf->length)) != 0 ||
  889. (r = sshbuf_put_string(m, gssmic->value, gssmic->length)) != 0)
  890. fatal("%s: buffer error: %s", __func__, ssh_err(r));
  891. mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSCHECKMIC, m);
  892. mm_request_receive_expect(pmonitor->m_recvfd,
  893. MONITOR_ANS_GSSCHECKMIC, m);
  894. if ((r = sshbuf_get_u32(m, &major)) != 0)
  895. fatal("%s: buffer error: %s", __func__, ssh_err(r));
  896. sshbuf_free(m);
  897. return(major);
  898. }
  899. int
  900. mm_ssh_gssapi_userok(char *user)
  901. {
  902. struct sshbuf *m;
  903. int r, authenticated = 0;
  904. if ((m = sshbuf_new()) == NULL)
  905. fatal("%s: sshbuf_new failed", __func__);
  906. mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSUSEROK, m);
  907. mm_request_receive_expect(pmonitor->m_recvfd,
  908. MONITOR_ANS_GSSUSEROK, m);
  909. if ((r = sshbuf_get_u32(m, &authenticated)) != 0)
  910. fatal("%s: buffer error: %s", __func__, ssh_err(r));
  911. sshbuf_free(m);
  912. debug3("%s: user %sauthenticated",__func__, authenticated ? "" : "not ");
  913. return (authenticated);
  914. }
  915. #endif /* GSSAPI */
  916. #ifdef SSH_AUDIT_EVENTS
  917. void
  918. mm_audit_unsupported_body(struct ssh *ssh, int what)
  919. {
  920. int r;
  921. struct sshbuf *m;
  922. if ((m = sshbuf_new()) == NULL)
  923. fatal("%s: sshbuf_new failed", __func__);
  924. if ((r = sshbuf_put_u32(m, what)) != 0)
  925. fatal("%s: buffer error: %s", __func__, ssh_err(r));
  926. mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_UNSUPPORTED, m);
  927. mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUDIT_UNSUPPORTED,
  928. m);
  929. sshbuf_free(m);
  930. }
  931. void
  932. mm_audit_kex_body(struct ssh *ssh, int ctos, char *cipher, char *mac, char *compress, char *fps, pid_t pid,
  933. uid_t uid)
  934. {
  935. int r;
  936. struct sshbuf *m;
  937. if ((m = sshbuf_new()) == NULL)
  938. fatal("%s: sshbuf_new failed", __func__);
  939. if ((r = sshbuf_put_u32(m, ctos)) != 0 ||
  940. (r = sshbuf_put_cstring(m, cipher)) != 0 ||
  941. (r = sshbuf_put_cstring(m, (mac ? mac : "<implicit>"))) != 0 ||
  942. (r = sshbuf_put_cstring(m, compress)) != 0 ||
  943. (r = sshbuf_put_cstring(m, fps)) != 0 ||
  944. (r = sshbuf_put_u64(m, pid)) != 0 ||
  945. (r = sshbuf_put_u64(m, uid)) != 0)
  946. fatal("%s: buffer error: %s", __func__, ssh_err(r));
  947. mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_KEX, m);
  948. mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUDIT_KEX,
  949. m);
  950. sshbuf_free(m);
  951. }
  952. void
  953. mm_audit_session_key_free_body(struct ssh *ssh, int ctos, pid_t pid, uid_t uid)
  954. {
  955. int r;
  956. struct sshbuf *m;
  957. if ((m = sshbuf_new()) == NULL)
  958. fatal("%s: sshbuf_new failed", __func__);
  959. if ((r = sshbuf_put_u32(m, ctos)) != 0 ||
  960. (r = sshbuf_put_u64(m, pid)) != 0 ||
  961. (r = sshbuf_put_u64(m, uid)) != 0)
  962. fatal("%s: buffer error: %s", __func__, ssh_err(r));
  963. mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_SESSION_KEY_FREE, m);
  964. mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUDIT_SESSION_KEY_FREE,
  965. m);
  966. sshbuf_free(m);
  967. }
  968. void
  969. mm_audit_destroy_sensitive_data(struct ssh *ssh, const char *fp, pid_t pid, uid_t uid)
  970. {
  971. int r;
  972. struct sshbuf *m;
  973. if ((m = sshbuf_new()) == NULL)
  974. fatal("%s: sshbuf_new failed", __func__);
  975. if ((r = sshbuf_put_cstring(m, fp)) != 0 ||
  976. (r = sshbuf_put_u64(m, pid)) != 0 ||
  977. (r = sshbuf_put_u64(m, uid)) != 0)
  978. fatal("%s: buffer error: %s", __func__, ssh_err(r));
  979. mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_SERVER_KEY_FREE, m);
  980. sshbuf_free(m);
  981. }
  982. #endif /* SSH_AUDIT_EVENTS */