src - FreeBSD source tree

diff options


context:
space:
mode:

author	Ed Maste <emaste@FreeBSD.org>	2021-02-14 21:04:52 +0000
committer	Ed Maste <emaste@FreeBSD.org>	2021-02-14 21:04:52 +0000
commit	82e5fdc50050d6dccf1f547818312aebd3b6626e (patch)
tree	b461b67d9d667b0417001eb929b26fa3b198d93f /monitor.c
parent	0194e6d04277a638afac6c4a664d3bc6a0d944eb (diff)
download	src-82e5fdc50050d6dccf1f547818312aebd3b6626e.tar.gz src-82e5fdc50050d6dccf1f547818312aebd3b6626e.zip

Vendor import of OpenSSH 8.2p1vendor/openssh/8.2p1

Diffstat (limited to 'monitor.c')

-rw-r--r--

monitor.c

1 files changed, 59 insertions, 33 deletions

diff --git a/monitor.c b/monitor.c
index 00af44f98ba9..2ce89fe901cd 100644
--- a/monitor.c
+++ b/monitor.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: monitor.c,v 1.199 2019/10/07 23:10:38 djm Exp $ */

+/* $OpenBSD: monitor.c,v 1.208 2020/02/06 22:30:54 naddy Exp $ */

@@ -95,6 +95,7 @@

#include "authfd.h"

#include "match.h"

#include "ssherr.h"

+#include "sk-api.h"

#ifdef GSSAPI

static Gssctxt *gsscontext = NULL;

@@ -392,11 +393,11 @@ monitor_child_postauth(struct ssh *ssh, struct monitor *pmonitor)

pmonitor->m_recvfd = -1;

monitor_set_child_handler(pmonitor->m_pid);

- signal(SIGHUP, &monitor_child_handler);

- signal(SIGTERM, &monitor_child_handler);

- signal(SIGINT, &monitor_child_handler);

+ ssh_signal(SIGHUP, &monitor_child_handler);

+ ssh_signal(SIGTERM, &monitor_child_handler);

+ ssh_signal(SIGINT, &monitor_child_handler);

#ifdef SIGXFSZ

- signal(SIGXFSZ, SIG_IGN);

+ ssh_signal(SIGXFSZ, SIG_IGN);

#endif

mon_dispatch = mon_dispatch_postauth20;

@@ -542,7 +543,7 @@ monitor_read(struct ssh *ssh, struct monitor *pmonitor, struct mon_table *ent,

/* allowed key state */

static int

-monitor_allowed_key(u_char *blob, u_int bloblen)

+monitor_allowed_key(const u_char *blob, u_int bloblen)

{

/* make sure key is allowed */

if (key_blob == NULL || key_bloblen != bloblen ||

@@ -678,7 +679,7 @@ mm_answer_sign(struct ssh *ssh, int sock, struct sshbuf *m)

if ((key = get_hostkey_by_index(keyid)) != NULL) {

if ((r = sshkey_sign(key, &signature, &siglen, p, datlen, alg,

- compat)) != 0)

+ options.sk_provider, compat)) != 0)

fatal("%s: sshkey_sign failed: %s",

__func__, ssh_err(r));

} else if ((key = get_hostkey_public_by_index(keyid, ssh)) != NULL &&

@@ -1247,7 +1248,7 @@ mm_answer_keyallowed(struct ssh *ssh, int sock, struct sshbuf *m)

}

static int

-monitor_valid_userblob(u_char *data, u_int datalen)

+monitor_valid_userblob(const u_char *data, u_int datalen)

{

struct sshbuf *b;

const u_char *p;

@@ -1256,10 +1257,8 @@ monitor_valid_userblob(u_char *data, u_int datalen)

u_char type;

int r, fail = 0;

- if ((b = sshbuf_new()) == NULL)

- fatal("%s: sshbuf_new", __func__);

- if ((r = sshbuf_put(b, data, datalen)) != 0)

- fatal("%s: buffer error: %s", __func__, ssh_err(r));

+ if ((b = sshbuf_from(data, datalen)) == NULL)

+ fatal("%s: sshbuf_from", __func__);

if (datafellows & SSH_OLD_SESSIONID) {

p = sshbuf_ptr(b);

@@ -1314,8 +1313,8 @@ monitor_valid_userblob(u_char *data, u_int datalen)

}

static int

-monitor_valid_hostbasedblob(u_char *data, u_int datalen, char *cuser,

- char *chost)

+monitor_valid_hostbasedblob(const u_char *data, u_int datalen,

+ const char *cuser, const char *chost)

{

struct sshbuf *b;

const u_char *p;

@@ -1324,10 +1323,9 @@ monitor_valid_hostbasedblob(u_char *data, u_int datalen, char *cuser,

int r, fail = 0;

u_char type;

- if ((b = sshbuf_new()) == NULL)

+ if ((b = sshbuf_from(data, datalen)) == NULL)

fatal("%s: sshbuf_new", __func__);

- if ((r = sshbuf_put(b, data, datalen)) != 0 ||

- (r = sshbuf_get_string_direct(b, &p, &len)) != 0)

+ if ((r = sshbuf_get_string_direct(b, &p, &len)) != 0)

fatal("%s: buffer error: %s", __func__, ssh_err(r));

if ((session_id2 == NULL) ||

@@ -1387,14 +1385,15 @@ int

mm_answer_keyverify(struct ssh *ssh, int sock, struct sshbuf *m)

{

struct sshkey *key;

- u_char *signature, *data, *blob;

- char *sigalg;

+ const u_char *signature, *data, *blob;

+ char *sigalg = NULL, *fp = NULL;

size_t signaturelen, datalen, bloblen;

- int r, ret, valid_data = 0, encoded_ret;

+ int r, ret, req_presence = 0, valid_data = 0, encoded_ret;

+ struct sshkey_sig_details *sig_details = NULL;

- if ((r = sshbuf_get_string(m, &blob, &bloblen)) != 0 ||

- (r = sshbuf_get_string(m, &signature, &signaturelen)) != 0 ||

- (r = sshbuf_get_string(m, &data, &datalen)) != 0 ||

+ if ((r = sshbuf_get_string_direct(m, &blob, &bloblen)) != 0 ||

+ (r = sshbuf_get_string_direct(m, &signature, &signaturelen)) != 0 ||

+ (r = sshbuf_get_string_direct(m, &data, &datalen)) != 0 ||

(r = sshbuf_get_cstring(m, &sigalg, NULL)) != 0)

fatal("%s: buffer error: %s", __func__, ssh_err(r));

@@ -1429,30 +1428,57 @@ mm_answer_keyverify(struct ssh *ssh, int sock, struct sshbuf *m)

if (!valid_data)

fatal("%s: bad signature data blob", __func__);

+ if ((fp = sshkey_fingerprint(key, options.fingerprint_hash,

+ SSH_FP_DEFAULT)) == NULL)

+ fatal("%s: sshkey_fingerprint failed", __func__);

ret = sshkey_verify(key, signature, signaturelen, data, datalen,

- sigalg, ssh->compat);

- debug3("%s: %s %p signature %s", __func__, auth_method, key,

- (ret == 0) ? "verified" : "unverified");

+ sigalg, ssh->compat, &sig_details);

+ debug3("%s: %s %p signature %s%s%s", __func__, auth_method, key,

+ (ret == 0) ? "verified" : "unverified",

+ (ret != 0) ? ": " : "", (ret != 0) ? ssh_err(ret) : "");

+ if (ret == 0 && key_blobtype == MM_USERKEY && sig_details != NULL) {

+ req_presence = (options.pubkey_auth_options &

+ PUBKEYAUTH_TOUCH_REQUIRED) ||

+ !key_opts->no_require_user_presence;

+ if (req_presence &&

+ (sig_details->sk_flags & SSH_SK_USER_PRESENCE_REQD) == 0) {

+ error("public key %s %s signature for %s%s from %.128s "

+ "port %d rejected: user presence "

+ "(authenticator touch) requirement not met ",

+ sshkey_type(key), fp,

+ authctxt->valid ? "" : "invalid user ",

+ authctxt->user, ssh_remote_ipaddr(ssh),

+ ssh_remote_port(ssh));

+ ret = SSH_ERR_SIGNATURE_INVALID;

+ }

auth2_record_key(authctxt, ret == 0, key);

- free(blob);

- free(signature);

- free(data);

- free(sigalg);

if (key_blobtype == MM_USERKEY)

auth_activate_options(ssh, key_opts);

monitor_reset_key_state();

- sshkey_free(key);

sshbuf_reset(m);

/* encode ret != 0 as positive integer, since we're sending u32 */

encoded_ret = (ret != 0);

- if ((r = sshbuf_put_u32(m, encoded_ret)) != 0)

+ if ((r = sshbuf_put_u32(m, encoded_ret)) != 0 ||

+ (r = sshbuf_put_u8(m, sig_details != NULL)) != 0)

fatal("%s: buffer error: %s", __func__, ssh_err(r));

+ if (sig_details != NULL) {

+ if ((r = sshbuf_put_u32(m, sig_details->sk_counter)) != 0 ||

+ (r = sshbuf_put_u8(m, sig_details->sk_flags)) != 0)

+ fatal("%s: buffer error: %s", __func__, ssh_err(r));

+ }

+ sshkey_sig_details_free(sig_details);

mm_request_send(sock, MONITOR_ANS_KEYVERIFY, m);

+ free(sigalg);

+ free(fp);

+ sshkey_free(key);

return ret == 0;

}