diff options
author | Ed Maste <emaste@FreeBSD.org> | 2021-02-14 21:04:52 +0000 |
---|---|---|
committer | Ed Maste <emaste@FreeBSD.org> | 2021-02-14 21:04:52 +0000 |
commit | 82e5fdc50050d6dccf1f547818312aebd3b6626e (patch) | |
tree | b461b67d9d667b0417001eb929b26fa3b198d93f /monitor.c | |
parent | 0194e6d04277a638afac6c4a664d3bc6a0d944eb (diff) | |
download | src-82e5fdc50050d6dccf1f547818312aebd3b6626e.tar.gz src-82e5fdc50050d6dccf1f547818312aebd3b6626e.zip |
Vendor import of OpenSSH 8.2p1vendor/openssh/8.2p1
Diffstat (limited to 'monitor.c')
-rw-r--r-- | monitor.c | 92 |
1 files changed, 59 insertions, 33 deletions
diff --git a/monitor.c b/monitor.c index 00af44f98ba9..2ce89fe901cd 100644 --- a/monitor.c +++ b/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.199 2019/10/07 23:10:38 djm Exp $ */ +/* $OpenBSD: monitor.c,v 1.208 2020/02/06 22:30:54 naddy Exp $ */ /* * Copyright 2002 Niels Provos <provos@citi.umich.edu> * Copyright 2002 Markus Friedl <markus@openbsd.org> @@ -95,6 +95,7 @@ #include "authfd.h" #include "match.h" #include "ssherr.h" +#include "sk-api.h" #ifdef GSSAPI static Gssctxt *gsscontext = NULL; @@ -392,11 +393,11 @@ monitor_child_postauth(struct ssh *ssh, struct monitor *pmonitor) pmonitor->m_recvfd = -1; monitor_set_child_handler(pmonitor->m_pid); - signal(SIGHUP, &monitor_child_handler); - signal(SIGTERM, &monitor_child_handler); - signal(SIGINT, &monitor_child_handler); + ssh_signal(SIGHUP, &monitor_child_handler); + ssh_signal(SIGTERM, &monitor_child_handler); + ssh_signal(SIGINT, &monitor_child_handler); #ifdef SIGXFSZ - signal(SIGXFSZ, SIG_IGN); + ssh_signal(SIGXFSZ, SIG_IGN); #endif mon_dispatch = mon_dispatch_postauth20; @@ -542,7 +543,7 @@ monitor_read(struct ssh *ssh, struct monitor *pmonitor, struct mon_table *ent, /* allowed key state */ static int -monitor_allowed_key(u_char *blob, u_int bloblen) +monitor_allowed_key(const u_char *blob, u_int bloblen) { /* make sure key is allowed */ if (key_blob == NULL || key_bloblen != bloblen || @@ -678,7 +679,7 @@ mm_answer_sign(struct ssh *ssh, int sock, struct sshbuf *m) if ((key = get_hostkey_by_index(keyid)) != NULL) { if ((r = sshkey_sign(key, &signature, &siglen, p, datlen, alg, - compat)) != 0) + options.sk_provider, compat)) != 0) fatal("%s: sshkey_sign failed: %s", __func__, ssh_err(r)); } else if ((key = get_hostkey_public_by_index(keyid, ssh)) != NULL && @@ -1247,7 +1248,7 @@ mm_answer_keyallowed(struct ssh *ssh, int sock, struct sshbuf *m) } static int -monitor_valid_userblob(u_char *data, u_int datalen) +monitor_valid_userblob(const u_char *data, u_int datalen) { struct sshbuf *b; const u_char *p; @@ -1256,10 +1257,8 @@ monitor_valid_userblob(u_char *data, u_int datalen) u_char type; int r, fail = 0; - if ((b = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new", __func__); - if ((r = sshbuf_put(b, data, datalen)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + if ((b = sshbuf_from(data, datalen)) == NULL) + fatal("%s: sshbuf_from", __func__); if (datafellows & SSH_OLD_SESSIONID) { p = sshbuf_ptr(b); @@ -1314,8 +1313,8 @@ monitor_valid_userblob(u_char *data, u_int datalen) } static int -monitor_valid_hostbasedblob(u_char *data, u_int datalen, char *cuser, - char *chost) +monitor_valid_hostbasedblob(const u_char *data, u_int datalen, + const char *cuser, const char *chost) { struct sshbuf *b; const u_char *p; @@ -1324,10 +1323,9 @@ monitor_valid_hostbasedblob(u_char *data, u_int datalen, char *cuser, int r, fail = 0; u_char type; - if ((b = sshbuf_new()) == NULL) + if ((b = sshbuf_from(data, datalen)) == NULL) fatal("%s: sshbuf_new", __func__); - if ((r = sshbuf_put(b, data, datalen)) != 0 || - (r = sshbuf_get_string_direct(b, &p, &len)) != 0) + if ((r = sshbuf_get_string_direct(b, &p, &len)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); if ((session_id2 == NULL) || @@ -1387,14 +1385,15 @@ int mm_answer_keyverify(struct ssh *ssh, int sock, struct sshbuf *m) { struct sshkey *key; - u_char *signature, *data, *blob; - char *sigalg; + const u_char *signature, *data, *blob; + char *sigalg = NULL, *fp = NULL; size_t signaturelen, datalen, bloblen; - int r, ret, valid_data = 0, encoded_ret; + int r, ret, req_presence = 0, valid_data = 0, encoded_ret; + struct sshkey_sig_details *sig_details = NULL; - if ((r = sshbuf_get_string(m, &blob, &bloblen)) != 0 || - (r = sshbuf_get_string(m, &signature, &signaturelen)) != 0 || - (r = sshbuf_get_string(m, &data, &datalen)) != 0 || + if ((r = sshbuf_get_string_direct(m, &blob, &bloblen)) != 0 || + (r = sshbuf_get_string_direct(m, &signature, &signaturelen)) != 0 || + (r = sshbuf_get_string_direct(m, &data, &datalen)) != 0 || (r = sshbuf_get_cstring(m, &sigalg, NULL)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); @@ -1429,30 +1428,57 @@ mm_answer_keyverify(struct ssh *ssh, int sock, struct sshbuf *m) if (!valid_data) fatal("%s: bad signature data blob", __func__); + if ((fp = sshkey_fingerprint(key, options.fingerprint_hash, + SSH_FP_DEFAULT)) == NULL) + fatal("%s: sshkey_fingerprint failed", __func__); + ret = sshkey_verify(key, signature, signaturelen, data, datalen, - sigalg, ssh->compat); - debug3("%s: %s %p signature %s", __func__, auth_method, key, - (ret == 0) ? "verified" : "unverified"); + sigalg, ssh->compat, &sig_details); + debug3("%s: %s %p signature %s%s%s", __func__, auth_method, key, + (ret == 0) ? "verified" : "unverified", + (ret != 0) ? ": " : "", (ret != 0) ? ssh_err(ret) : ""); + + if (ret == 0 && key_blobtype == MM_USERKEY && sig_details != NULL) { + req_presence = (options.pubkey_auth_options & + PUBKEYAUTH_TOUCH_REQUIRED) || + !key_opts->no_require_user_presence; + if (req_presence && + (sig_details->sk_flags & SSH_SK_USER_PRESENCE_REQD) == 0) { + error("public key %s %s signature for %s%s from %.128s " + "port %d rejected: user presence " + "(authenticator touch) requirement not met ", + sshkey_type(key), fp, + authctxt->valid ? "" : "invalid user ", + authctxt->user, ssh_remote_ipaddr(ssh), + ssh_remote_port(ssh)); + ret = SSH_ERR_SIGNATURE_INVALID; + } + } auth2_record_key(authctxt, ret == 0, key); - free(blob); - free(signature); - free(data); - free(sigalg); - if (key_blobtype == MM_USERKEY) auth_activate_options(ssh, key_opts); monitor_reset_key_state(); - sshkey_free(key); sshbuf_reset(m); /* encode ret != 0 as positive integer, since we're sending u32 */ encoded_ret = (ret != 0); - if ((r = sshbuf_put_u32(m, encoded_ret)) != 0) + if ((r = sshbuf_put_u32(m, encoded_ret)) != 0 || + (r = sshbuf_put_u8(m, sig_details != NULL)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); + if (sig_details != NULL) { + if ((r = sshbuf_put_u32(m, sig_details->sk_counter)) != 0 || + (r = sshbuf_put_u8(m, sig_details->sk_flags)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + } + sshkey_sig_details_free(sig_details); mm_request_send(sock, MONITOR_ANS_KEYVERIFY, m); + free(sigalg); + free(fp); + sshkey_free(key); + return ret == 0; } |