Home | History | Annotate | Download | only in openssh
      1 /* $OpenBSD: monitor.c,v 1.115 2011/06/23 23:35:42 djm Exp $ */
      2 /*
      3  * Copyright 2002 Niels Provos <provos (at) citi.umich.edu>
      4  * Copyright 2002 Markus Friedl <markus (at) openbsd.org>
      5  * All rights reserved.
      6  *
      7  * Redistribution and use in source and binary forms, with or without
      8  * modification, are permitted provided that the following conditions
      9  * are met:
     10  * 1. Redistributions of source code must retain the above copyright
     11  *    notice, this list of conditions and the following disclaimer.
     12  * 2. Redistributions in binary form must reproduce the above copyright
     13  *    notice, this list of conditions and the following disclaimer in the
     14  *    documentation and/or other materials provided with the distribution.
     15  *
     16  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
     17  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
     18  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
     19  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
     20  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
     21  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
     22  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
     23  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
     24  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
     25  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
     26  */
     27 
     28 #include "includes.h"
     29 
     30 #include <sys/types.h>
     31 #include <sys/param.h>
     32 #include <sys/socket.h>
     33 #include "openbsd-compat/sys-tree.h"
     34 #include <sys/wait.h>
     35 
     36 #include <errno.h>
     37 #include <fcntl.h>
     38 #ifdef HAVE_PATHS_H
     39 #include <paths.h>
     40 #endif
     41 #include <pwd.h>
     42 #include <signal.h>
     43 #include <stdarg.h>
     44 #include <stdlib.h>
     45 #include <string.h>
     46 #include <unistd.h>
     47 #ifdef HAVE_POLL_H
     48 #include <poll.h>
     49 #else
     50 # ifdef HAVE_SYS_POLL_H
     51 #  include <sys/poll.h>
     52 # endif
     53 #endif
     54 
     55 #ifdef SKEY
     56 #include <skey.h>
     57 #endif
     58 
     59 #include <openssl/dh.h>
     60 
     61 #include "openbsd-compat/sys-queue.h"
     62 #include "atomicio.h"
     63 #include "xmalloc.h"
     64 #include "ssh.h"
     65 #include "key.h"
     66 #include "buffer.h"
     67 #include "hostfile.h"
     68 #include "auth.h"
     69 #include "cipher.h"
     70 #include "kex.h"
     71 #include "dh.h"
     72 #ifdef TARGET_OS_MAC	/* XXX Broken krb5 headers on Mac */
     73 #undef TARGET_OS_MAC
     74 #include "zlib.h"
     75 #define TARGET_OS_MAC 1
     76 #else
     77 #include "zlib.h"
     78 #endif
     79 #include "packet.h"
     80 #include "auth-options.h"
     81 #include "sshpty.h"
     82 #include "channels.h"
     83 #include "session.h"
     84 #include "sshlogin.h"
     85 #include "canohost.h"
     86 #include "log.h"
     87 #include "servconf.h"
     88 #include "monitor.h"
     89 #include "monitor_mm.h"
     90 #ifdef GSSAPI
     91 #include "ssh-gss.h"
     92 #endif
     93 #include "monitor_wrap.h"
     94 #include "monitor_fdpass.h"
     95 #include "misc.h"
     96 #include "compat.h"
     97 #include "ssh2.h"
     98 #include "jpake.h"
     99 #include "roaming.h"
    100 
    101 #ifdef GSSAPI
    102 static Gssctxt *gsscontext = NULL;
    103 #endif
    104 
    105 /* Imports */
    106 extern ServerOptions options;
    107 extern u_int utmp_len;
    108 extern Newkeys *current_keys[];
    109 extern z_stream incoming_stream;
    110 extern z_stream outgoing_stream;
    111 extern u_char session_id[];
    112 extern Buffer auth_debug;
    113 extern int auth_debug_init;
    114 extern Buffer loginmsg;
    115 
    116 /* State exported from the child */
    117 
    118 struct {
    119 	z_stream incoming;
    120 	z_stream outgoing;
    121 	u_char *keyin;
    122 	u_int keyinlen;
    123 	u_char *keyout;
    124 	u_int keyoutlen;
    125 	u_char *ivin;
    126 	u_int ivinlen;
    127 	u_char *ivout;
    128 	u_int ivoutlen;
    129 	u_char *ssh1key;
    130 	u_int ssh1keylen;
    131 	int ssh1cipher;
    132 	int ssh1protoflags;
    133 	u_char *input;
    134 	u_int ilen;
    135 	u_char *output;
    136 	u_int olen;
    137 	u_int64_t sent_bytes;
    138 	u_int64_t recv_bytes;
    139 } child_state;
    140 
    141 /* Functions on the monitor that answer unprivileged requests */
    142 
    143 int mm_answer_moduli(int, Buffer *);
    144 int mm_answer_sign(int, Buffer *);
    145 int mm_answer_pwnamallow(int, Buffer *);
    146 int mm_answer_auth2_read_banner(int, Buffer *);
    147 int mm_answer_authserv(int, Buffer *);
    148 int mm_answer_authpassword(int, Buffer *);
    149 int mm_answer_bsdauthquery(int, Buffer *);
    150 int mm_answer_bsdauthrespond(int, Buffer *);
    151 int mm_answer_skeyquery(int, Buffer *);
    152 int mm_answer_skeyrespond(int, Buffer *);
    153 int mm_answer_keyallowed(int, Buffer *);
    154 int mm_answer_keyverify(int, Buffer *);
    155 int mm_answer_pty(int, Buffer *);
    156 int mm_answer_pty_cleanup(int, Buffer *);
    157 int mm_answer_term(int, Buffer *);
    158 int mm_answer_rsa_keyallowed(int, Buffer *);
    159 int mm_answer_rsa_challenge(int, Buffer *);
    160 int mm_answer_rsa_response(int, Buffer *);
    161 int mm_answer_sesskey(int, Buffer *);
    162 int mm_answer_sessid(int, Buffer *);
    163 int mm_answer_jpake_get_pwdata(int, Buffer *);
    164 int mm_answer_jpake_step1(int, Buffer *);
    165 int mm_answer_jpake_step2(int, Buffer *);
    166 int mm_answer_jpake_key_confirm(int, Buffer *);
    167 int mm_answer_jpake_check_confirm(int, Buffer *);
    168 
    169 #ifdef USE_PAM
    170 int mm_answer_pam_start(int, Buffer *);
    171 int mm_answer_pam_account(int, Buffer *);
    172 int mm_answer_pam_init_ctx(int, Buffer *);
    173 int mm_answer_pam_query(int, Buffer *);
    174 int mm_answer_pam_respond(int, Buffer *);
    175 int mm_answer_pam_free_ctx(int, Buffer *);
    176 #endif
    177 
    178 #ifdef GSSAPI
    179 int mm_answer_gss_setup_ctx(int, Buffer *);
    180 int mm_answer_gss_accept_ctx(int, Buffer *);
    181 int mm_answer_gss_userok(int, Buffer *);
    182 int mm_answer_gss_checkmic(int, Buffer *);
    183 #endif
    184 
    185 #ifdef SSH_AUDIT_EVENTS
    186 int mm_answer_audit_event(int, Buffer *);
    187 int mm_answer_audit_command(int, Buffer *);
    188 #endif
    189 
    190 static int monitor_read_log(struct monitor *);
    191 
    192 static Authctxt *authctxt;
    193 static BIGNUM *ssh1_challenge = NULL;	/* used for ssh1 rsa auth */
    194 
    195 /* local state for key verify */
    196 static u_char *key_blob = NULL;
    197 static u_int key_bloblen = 0;
    198 static int key_blobtype = MM_NOKEY;
    199 static char *hostbased_cuser = NULL;
    200 static char *hostbased_chost = NULL;
    201 static char *auth_method = "unknown";
    202 static u_int session_id2_len = 0;
    203 static u_char *session_id2 = NULL;
    204 static pid_t monitor_child_pid;
    205 
    206 struct mon_table {
    207 	enum monitor_reqtype type;
    208 	int flags;
    209 	int (*f)(int, Buffer *);
    210 };
    211 
    212 #define MON_ISAUTH	0x0004	/* Required for Authentication */
    213 #define MON_AUTHDECIDE	0x0008	/* Decides Authentication */
    214 #define MON_ONCE	0x0010	/* Disable after calling */
    215 #define MON_ALOG	0x0020	/* Log auth attempt without authenticating */
    216 
    217 #define MON_AUTH	(MON_ISAUTH|MON_AUTHDECIDE)
    218 
    219 #define MON_PERMIT	0x1000	/* Request is permitted */
    220 
    221 struct mon_table mon_dispatch_proto20[] = {
    222     {MONITOR_REQ_MODULI, MON_ONCE, mm_answer_moduli},
    223     {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign},
    224     {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow},
    225     {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv},
    226     {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner},
    227     {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword},
    228 #ifdef USE_PAM
    229     {MONITOR_REQ_PAM_START, MON_ONCE, mm_answer_pam_start},
    230     {MONITOR_REQ_PAM_ACCOUNT, 0, mm_answer_pam_account},
    231     {MONITOR_REQ_PAM_INIT_CTX, MON_ISAUTH, mm_answer_pam_init_ctx},
    232     {MONITOR_REQ_PAM_QUERY, MON_ISAUTH, mm_answer_pam_query},
    233     {MONITOR_REQ_PAM_RESPOND, MON_ISAUTH, mm_answer_pam_respond},
    234     {MONITOR_REQ_PAM_FREE_CTX, MON_ONCE|MON_AUTHDECIDE, mm_answer_pam_free_ctx},
    235 #endif
    236 #ifdef SSH_AUDIT_EVENTS
    237     {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
    238 #endif
    239 #ifdef BSD_AUTH
    240     {MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery},
    241     {MONITOR_REQ_BSDAUTHRESPOND, MON_AUTH, mm_answer_bsdauthrespond},
    242 #endif
    243 #ifdef SKEY
    244     {MONITOR_REQ_SKEYQUERY, MON_ISAUTH, mm_answer_skeyquery},
    245     {MONITOR_REQ_SKEYRESPOND, MON_AUTH, mm_answer_skeyrespond},
    246 #endif
    247     {MONITOR_REQ_KEYALLOWED, MON_ISAUTH, mm_answer_keyallowed},
    248     {MONITOR_REQ_KEYVERIFY, MON_AUTH, mm_answer_keyverify},
    249 #ifdef GSSAPI
    250     {MONITOR_REQ_GSSSETUP, MON_ISAUTH, mm_answer_gss_setup_ctx},
    251     {MONITOR_REQ_GSSSTEP, MON_ISAUTH, mm_answer_gss_accept_ctx},
    252     {MONITOR_REQ_GSSUSEROK, MON_AUTH, mm_answer_gss_userok},
    253     {MONITOR_REQ_GSSCHECKMIC, MON_ISAUTH, mm_answer_gss_checkmic},
    254 #endif
    255 #ifdef JPAKE
    256     {MONITOR_REQ_JPAKE_GET_PWDATA, MON_ONCE, mm_answer_jpake_get_pwdata},
    257     {MONITOR_REQ_JPAKE_STEP1, MON_ISAUTH, mm_answer_jpake_step1},
    258     {MONITOR_REQ_JPAKE_STEP2, MON_ONCE, mm_answer_jpake_step2},
    259     {MONITOR_REQ_JPAKE_KEY_CONFIRM, MON_ONCE, mm_answer_jpake_key_confirm},
    260     {MONITOR_REQ_JPAKE_CHECK_CONFIRM, MON_AUTH, mm_answer_jpake_check_confirm},
    261 #endif
    262     {0, 0, NULL}
    263 };
    264 
    265 struct mon_table mon_dispatch_postauth20[] = {
    266     {MONITOR_REQ_MODULI, 0, mm_answer_moduli},
    267     {MONITOR_REQ_SIGN, 0, mm_answer_sign},
    268     {MONITOR_REQ_PTY, 0, mm_answer_pty},
    269     {MONITOR_REQ_PTYCLEANUP, 0, mm_answer_pty_cleanup},
    270     {MONITOR_REQ_TERM, 0, mm_answer_term},
    271 #ifdef SSH_AUDIT_EVENTS
    272     {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
    273     {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT, mm_answer_audit_command},
    274 #endif
    275     {0, 0, NULL}
    276 };
    277 
    278 struct mon_table mon_dispatch_proto15[] = {
    279     {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow},
    280     {MONITOR_REQ_SESSKEY, MON_ONCE, mm_answer_sesskey},
    281     {MONITOR_REQ_SESSID, MON_ONCE, mm_answer_sessid},
    282     {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword},
    283     {MONITOR_REQ_RSAKEYALLOWED, MON_ISAUTH|MON_ALOG, mm_answer_rsa_keyallowed},
    284     {MONITOR_REQ_KEYALLOWED, MON_ISAUTH|MON_ALOG, mm_answer_keyallowed},
    285     {MONITOR_REQ_RSACHALLENGE, MON_ONCE, mm_answer_rsa_challenge},
    286     {MONITOR_REQ_RSARESPONSE, MON_ONCE|MON_AUTHDECIDE, mm_answer_rsa_response},
    287 #ifdef BSD_AUTH
    288     {MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery},
    289     {MONITOR_REQ_BSDAUTHRESPOND, MON_AUTH, mm_answer_bsdauthrespond},
    290 #endif
    291 #ifdef SKEY
    292     {MONITOR_REQ_SKEYQUERY, MON_ISAUTH, mm_answer_skeyquery},
    293     {MONITOR_REQ_SKEYRESPOND, MON_AUTH, mm_answer_skeyrespond},
    294 #endif
    295 #ifdef USE_PAM
    296     {MONITOR_REQ_PAM_START, MON_ONCE, mm_answer_pam_start},
    297     {MONITOR_REQ_PAM_ACCOUNT, 0, mm_answer_pam_account},
    298     {MONITOR_REQ_PAM_INIT_CTX, MON_ISAUTH, mm_answer_pam_init_ctx},
    299     {MONITOR_REQ_PAM_QUERY, MON_ISAUTH, mm_answer_pam_query},
    300     {MONITOR_REQ_PAM_RESPOND, MON_ISAUTH, mm_answer_pam_respond},
    301     {MONITOR_REQ_PAM_FREE_CTX, MON_ONCE|MON_AUTHDECIDE, mm_answer_pam_free_ctx},
    302 #endif
    303 #ifdef SSH_AUDIT_EVENTS
    304     {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
    305 #endif
    306     {0, 0, NULL}
    307 };
    308 
    309 struct mon_table mon_dispatch_postauth15[] = {
    310     {MONITOR_REQ_PTY, MON_ONCE, mm_answer_pty},
    311     {MONITOR_REQ_PTYCLEANUP, MON_ONCE, mm_answer_pty_cleanup},
    312     {MONITOR_REQ_TERM, 0, mm_answer_term},
    313 #ifdef SSH_AUDIT_EVENTS
    314     {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
    315     {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT|MON_ONCE, mm_answer_audit_command},
    316 #endif
    317     {0, 0, NULL}
    318 };
    319 
    320 struct mon_table *mon_dispatch;
    321 
    322 /* Specifies if a certain message is allowed at the moment */
    323 
    324 static void
    325 monitor_permit(struct mon_table *ent, enum monitor_reqtype type, int permit)
    326 {
    327 	while (ent->f != NULL) {
    328 		if (ent->type == type) {
    329 			ent->flags &= ~MON_PERMIT;
    330 			ent->flags |= permit ? MON_PERMIT : 0;
    331 			return;
    332 		}
    333 		ent++;
    334 	}
    335 }
    336 
    337 static void
    338 monitor_permit_authentications(int permit)
    339 {
    340 	struct mon_table *ent = mon_dispatch;
    341 
    342 	while (ent->f != NULL) {
    343 		if (ent->flags & MON_AUTH) {
    344 			ent->flags &= ~MON_PERMIT;
    345 			ent->flags |= permit ? MON_PERMIT : 0;
    346 		}
    347 		ent++;
    348 	}
    349 }
    350 
    351 void
    352 monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor)
    353 {
    354 	struct mon_table *ent;
    355 	int authenticated = 0;
    356 
    357 	debug3("preauth child monitor started");
    358 
    359 	close(pmonitor->m_recvfd);
    360 	close(pmonitor->m_log_sendfd);
    361 	pmonitor->m_log_sendfd = pmonitor->m_recvfd = -1;
    362 
    363 	authctxt = _authctxt;
    364 	memset(authctxt, 0, sizeof(*authctxt));
    365 
    366 	authctxt->loginmsg = &loginmsg;
    367 
    368 	if (compat20) {
    369 		mon_dispatch = mon_dispatch_proto20;
    370 
    371 		/* Permit requests for moduli and signatures */
    372 		monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1);
    373 		monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1);
    374 	} else {
    375 		mon_dispatch = mon_dispatch_proto15;
    376 
    377 		monitor_permit(mon_dispatch, MONITOR_REQ_SESSKEY, 1);
    378 	}
    379 
    380 	/* The first few requests do not require asynchronous access */
    381 	while (!authenticated) {
    382 		auth_method = "unknown";
    383 		authenticated = (monitor_read(pmonitor, mon_dispatch, &ent) == 1);
    384 		if (authenticated) {
    385 			if (!(ent->flags & MON_AUTHDECIDE))
    386 				fatal("%s: unexpected authentication from %d",
    387 				    __func__, ent->type);
    388 			if (authctxt->pw->pw_uid == 0 &&
    389 			    !auth_root_allowed(auth_method))
    390 				authenticated = 0;
    391 #ifdef USE_PAM
    392 			/* PAM needs to perform account checks after auth */
    393 			if (options.use_pam && authenticated) {
    394 				Buffer m;
    395 
    396 				buffer_init(&m);
    397 				mm_request_receive_expect(pmonitor->m_sendfd,
    398 				    MONITOR_REQ_PAM_ACCOUNT, &m);
    399 				authenticated = mm_answer_pam_account(pmonitor->m_sendfd, &m);
    400 				buffer_free(&m);
    401 			}
    402 #endif
    403 		}
    404 
    405 		if (ent->flags & (MON_AUTHDECIDE|MON_ALOG)) {
    406 			auth_log(authctxt, authenticated, auth_method,
    407 			    compat20 ? " ssh2" : "");
    408 			if (!authenticated)
    409 				authctxt->failures++;
    410 		}
    411 #ifdef JPAKE
    412 		/* Cleanup JPAKE context after authentication */
    413 		if (ent->flags & MON_AUTHDECIDE) {
    414 			if (authctxt->jpake_ctx != NULL) {
    415 				jpake_free(authctxt->jpake_ctx);
    416 				authctxt->jpake_ctx = NULL;
    417 			}
    418 		}
    419 #endif
    420 	}
    421 
    422 	/* Drain any buffered messages from the child */
    423 	while (pmonitor->m_log_recvfd != -1 && monitor_read_log(pmonitor) == 0)
    424 		;
    425 
    426 	if (!authctxt->valid)
    427 		fatal("%s: authenticated invalid user", __func__);
    428 	if (strcmp(auth_method, "unknown") == 0)
    429 		fatal("%s: authentication method name unknown", __func__);
    430 
    431 	debug("%s: %s has been authenticated by privileged process",
    432 	    __func__, authctxt->user);
    433 
    434 	mm_get_keystate(pmonitor);
    435 
    436 	close(pmonitor->m_sendfd);
    437 	close(pmonitor->m_log_recvfd);
    438 	pmonitor->m_sendfd = pmonitor->m_log_recvfd = -1;
    439 }
    440 
    441 static void
    442 monitor_set_child_handler(pid_t pid)
    443 {
    444 	monitor_child_pid = pid;
    445 }
    446 
    447 static void
    448 monitor_child_handler(int sig)
    449 {
    450 	kill(monitor_child_pid, sig);
    451 }
    452 
    453 void
    454 monitor_child_postauth(struct monitor *pmonitor)
    455 {
    456 	close(pmonitor->m_recvfd);
    457 	pmonitor->m_recvfd = -1;
    458 
    459 	monitor_set_child_handler(pmonitor->m_pid);
    460 	signal(SIGHUP, &monitor_child_handler);
    461 	signal(SIGTERM, &monitor_child_handler);
    462 	signal(SIGINT, &monitor_child_handler);
    463 
    464 	if (compat20) {
    465 		mon_dispatch = mon_dispatch_postauth20;
    466 
    467 		/* Permit requests for moduli and signatures */
    468 		monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1);
    469 		monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1);
    470 		monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1);
    471 	} else {
    472 		mon_dispatch = mon_dispatch_postauth15;
    473 		monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1);
    474 	}
    475 	if (!no_pty_flag) {
    476 		monitor_permit(mon_dispatch, MONITOR_REQ_PTY, 1);
    477 		monitor_permit(mon_dispatch, MONITOR_REQ_PTYCLEANUP, 1);
    478 	}
    479 
    480 	for (;;)
    481 		monitor_read(pmonitor, mon_dispatch, NULL);
    482 
    483 	close(pmonitor->m_sendfd);
    484 	pmonitor->m_sendfd = -1;
    485 }
    486 
    487 void
    488 monitor_sync(struct monitor *pmonitor)
    489 {
    490 	if (options.compression) {
    491 		/* The member allocation is not visible, so sync it */
    492 		mm_share_sync(&pmonitor->m_zlib, &pmonitor->m_zback);
    493 	}
    494 }
    495 
    496 static int
    497 monitor_read_log(struct monitor *pmonitor)
    498 {
    499 	Buffer logmsg;
    500 	u_int len, level;
    501 	char *msg;
    502 
    503 	buffer_init(&logmsg);
    504 
    505 	/* Read length */
    506 	buffer_append_space(&logmsg, 4);
    507 	if (atomicio(read, pmonitor->m_log_recvfd,
    508 	    buffer_ptr(&logmsg), buffer_len(&logmsg)) != buffer_len(&logmsg)) {
    509 		if (errno == EPIPE) {
    510 			debug("%s: child log fd closed", __func__);
    511 			close(pmonitor->m_log_recvfd);
    512 			pmonitor->m_log_recvfd = -1;
    513 			return -1;
    514 		}
    515 		fatal("%s: log fd read: %s", __func__, strerror(errno));
    516 	}
    517 	len = buffer_get_int(&logmsg);
    518 	if (len <= 4 || len > 8192)
    519 		fatal("%s: invalid log message length %u", __func__, len);
    520 
    521 	/* Read severity, message */
    522 	buffer_clear(&logmsg);
    523 	buffer_append_space(&logmsg, len);
    524 	if (atomicio(read, pmonitor->m_log_recvfd,
    525 	    buffer_ptr(&logmsg), buffer_len(&logmsg)) != buffer_len(&logmsg))
    526 		fatal("%s: log fd read: %s", __func__, strerror(errno));
    527 
    528 	/* Log it */
    529 	level = buffer_get_int(&logmsg);
    530 	msg = buffer_get_string(&logmsg, NULL);
    531 	if (log_level_name(level) == NULL)
    532 		fatal("%s: invalid log level %u (corrupted message?)",
    533 		    __func__, level);
    534 	do_log2(level, "%s [preauth]", msg);
    535 
    536 	buffer_free(&logmsg);
    537 	xfree(msg);
    538 
    539 	return 0;
    540 }
    541 
    542 int
    543 monitor_read(struct monitor *pmonitor, struct mon_table *ent,
    544     struct mon_table **pent)
    545 {
    546 	Buffer m;
    547 	int ret;
    548 	u_char type;
    549 	struct pollfd pfd[2];
    550 
    551 	for (;;) {
    552 		bzero(&pfd, sizeof(pfd));
    553 		pfd[0].fd = pmonitor->m_sendfd;
    554 		pfd[0].events = POLLIN;
    555 		pfd[1].fd = pmonitor->m_log_recvfd;
    556 		pfd[1].events = pfd[1].fd == -1 ? 0 : POLLIN;
    557 		if (poll(pfd, pfd[1].fd == -1 ? 1 : 2, -1) == -1) {
    558 			if (errno == EINTR || errno == EAGAIN)
    559 				continue;
    560 			fatal("%s: poll: %s", __func__, strerror(errno));
    561 		}
    562 		if (pfd[1].revents) {
    563 			/*
    564 			 * Drain all log messages before processing next
    565 			 * monitor request.
    566 			 */
    567 			monitor_read_log(pmonitor);
    568 			continue;
    569 		}
    570 		if (pfd[0].revents)
    571 			break;  /* Continues below */
    572 	}
    573 
    574 	buffer_init(&m);
    575 
    576 	mm_request_receive(pmonitor->m_sendfd, &m);
    577 	type = buffer_get_char(&m);
    578 
    579 	debug3("%s: checking request %d", __func__, type);
    580 
    581 	while (ent->f != NULL) {
    582 		if (ent->type == type)
    583 			break;
    584 		ent++;
    585 	}
    586 
    587 	if (ent->f != NULL) {
    588 		if (!(ent->flags & MON_PERMIT))
    589 			fatal("%s: unpermitted request %d", __func__,
    590 			    type);
    591 		ret = (*ent->f)(pmonitor->m_sendfd, &m);
    592 		buffer_free(&m);
    593 
    594 		/* The child may use this request only once, disable it */
    595 		if (ent->flags & MON_ONCE) {
    596 			debug2("%s: %d used once, disabling now", __func__,
    597 			    type);
    598 			ent->flags &= ~MON_PERMIT;
    599 		}
    600 
    601 		if (pent != NULL)
    602 			*pent = ent;
    603 
    604 		return ret;
    605 	}
    606 
    607 	fatal("%s: unsupported request: %d", __func__, type);
    608 
    609 	/* NOTREACHED */
    610 	return (-1);
    611 }
    612 
    613 /* allowed key state */
    614 static int
    615 monitor_allowed_key(u_char *blob, u_int bloblen)
    616 {
    617 	/* make sure key is allowed */
    618 	if (key_blob == NULL || key_bloblen != bloblen ||
    619 	    timingsafe_bcmp(key_blob, blob, key_bloblen))
    620 		return (0);
    621 	return (1);
    622 }
    623 
    624 static void
    625 monitor_reset_key_state(void)
    626 {
    627 	/* reset state */
    628 	if (key_blob != NULL)
    629 		xfree(key_blob);
    630 	if (hostbased_cuser != NULL)
    631 		xfree(hostbased_cuser);
    632 	if (hostbased_chost != NULL)
    633 		xfree(hostbased_chost);
    634 	key_blob = NULL;
    635 	key_bloblen = 0;
    636 	key_blobtype = MM_NOKEY;
    637 	hostbased_cuser = NULL;
    638 	hostbased_chost = NULL;
    639 }
    640 
    641 int
    642 mm_answer_moduli(int sock, Buffer *m)
    643 {
    644 	DH *dh;
    645 	int min, want, max;
    646 
    647 	min = buffer_get_int(m);
    648 	want = buffer_get_int(m);
    649 	max = buffer_get_int(m);
    650 
    651 	debug3("%s: got parameters: %d %d %d",
    652 	    __func__, min, want, max);
    653 	/* We need to check here, too, in case the child got corrupted */
    654 	if (max < min || want < min || max < want)
    655 		fatal("%s: bad parameters: %d %d %d",
    656 		    __func__, min, want, max);
    657 
    658 	buffer_clear(m);
    659 
    660 	dh = choose_dh(min, want, max);
    661 	if (dh == NULL) {
    662 		buffer_put_char(m, 0);
    663 		return (0);
    664 	} else {
    665 		/* Send first bignum */
    666 		buffer_put_char(m, 1);
    667 		buffer_put_bignum2(m, dh->p);
    668 		buffer_put_bignum2(m, dh->g);
    669 
    670 		DH_free(dh);
    671 	}
    672 	mm_request_send(sock, MONITOR_ANS_MODULI, m);
    673 	return (0);
    674 }
    675 
    676 int
    677 mm_answer_sign(int sock, Buffer *m)
    678 {
    679 	Key *key;
    680 	u_char *p;
    681 	u_char *signature;
    682 	u_int siglen, datlen;
    683 	int keyid;
    684 
    685 	debug3("%s", __func__);
    686 
    687 	keyid = buffer_get_int(m);
    688 	p = buffer_get_string(m, &datlen);
    689 
    690 	/*
    691 	 * Supported KEX types use SHA1 (20 bytes), SHA256 (32 bytes),
    692 	 * SHA384 (48 bytes) and SHA512 (64 bytes).
    693 	 */
    694 	if (datlen != 20 && datlen != 32 && datlen != 48 && datlen != 64)
    695 		fatal("%s: data length incorrect: %u", __func__, datlen);
    696 
    697 	/* save session id, it will be passed on the first call */
    698 	if (session_id2_len == 0) {
    699 		session_id2_len = datlen;
    700 		session_id2 = xmalloc(session_id2_len);
    701 		memcpy(session_id2, p, session_id2_len);
    702 	}
    703 
    704 	if ((key = get_hostkey_by_index(keyid)) == NULL)
    705 		fatal("%s: no hostkey from index %d", __func__, keyid);
    706 	if (key_sign(key, &signature, &siglen, p, datlen) < 0)
    707 		fatal("%s: key_sign failed", __func__);
    708 
    709 	debug3("%s: signature %p(%u)", __func__, signature, siglen);
    710 
    711 	buffer_clear(m);
    712 	buffer_put_string(m, signature, siglen);
    713 
    714 	xfree(p);
    715 	xfree(signature);
    716 
    717 	mm_request_send(sock, MONITOR_ANS_SIGN, m);
    718 
    719 	/* Turn on permissions for getpwnam */
    720 	monitor_permit(mon_dispatch, MONITOR_REQ_PWNAM, 1);
    721 
    722 	return (0);
    723 }
    724 
    725 /* Retrieves the password entry and also checks if the user is permitted */
    726 
    727 int
    728 mm_answer_pwnamallow(int sock, Buffer *m)
    729 {
    730 	char *username;
    731 	struct passwd *pwent;
    732 	int allowed = 0;
    733 	u_int i;
    734 
    735 	debug3("%s", __func__);
    736 
    737 	if (authctxt->attempt++ != 0)
    738 		fatal("%s: multiple attempts for getpwnam", __func__);
    739 
    740 	username = buffer_get_string(m, NULL);
    741 
    742 	pwent = getpwnamallow(username);
    743 
    744 	authctxt->user = xstrdup(username);
    745 	setproctitle("%s [priv]", pwent ? username : "unknown");
    746 	xfree(username);
    747 
    748 	buffer_clear(m);
    749 
    750 	if (pwent == NULL) {
    751 		buffer_put_char(m, 0);
    752 		authctxt->pw = fakepw();
    753 		goto out;
    754 	}
    755 
    756 	allowed = 1;
    757 	authctxt->pw = pwent;
    758 	authctxt->valid = 1;
    759 
    760 	buffer_put_char(m, 1);
    761 	buffer_put_string(m, pwent, sizeof(struct passwd));
    762 	buffer_put_cstring(m, pwent->pw_name);
    763 	buffer_put_cstring(m, "*");
    764 #ifdef HAVE_PW_GECOS_IN_PASSWD
    765 	buffer_put_cstring(m, pwent->pw_gecos);
    766 #endif
    767 #ifdef HAVE_PW_CLASS_IN_PASSWD
    768 	buffer_put_cstring(m, pwent->pw_class);
    769 #endif
    770 	buffer_put_cstring(m, pwent->pw_dir);
    771 	buffer_put_cstring(m, pwent->pw_shell);
    772 
    773  out:
    774 	buffer_put_string(m, &options, sizeof(options));
    775 
    776 #define M_CP_STROPT(x) do { \
    777 		if (options.x != NULL) \
    778 			buffer_put_cstring(m, options.x); \
    779 	} while (0)
    780 #define M_CP_STRARRAYOPT(x, nx) do { \
    781 		for (i = 0; i < options.nx; i++) \
    782 			buffer_put_cstring(m, options.x[i]); \
    783 	} while (0)
    784 	/* See comment in servconf.h */
    785 	COPY_MATCH_STRING_OPTS();
    786 #undef M_CP_STROPT
    787 #undef M_CP_STRARRAYOPT
    788 
    789 	debug3("%s: sending MONITOR_ANS_PWNAM: %d", __func__, allowed);
    790 	mm_request_send(sock, MONITOR_ANS_PWNAM, m);
    791 
    792 	/* For SSHv1 allow authentication now */
    793 	if (!compat20)
    794 		monitor_permit_authentications(1);
    795 	else {
    796 		/* Allow service/style information on the auth context */
    797 		monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1);
    798 		monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1);
    799 	}
    800 #ifdef USE_PAM
    801 	if (options.use_pam)
    802 		monitor_permit(mon_dispatch, MONITOR_REQ_PAM_START, 1);
    803 #endif
    804 
    805 	return (0);
    806 }
    807 
    808 int mm_answer_auth2_read_banner(int sock, Buffer *m)
    809 {
    810 	char *banner;
    811 
    812 	buffer_clear(m);
    813 	banner = auth2_read_banner();
    814 	buffer_put_cstring(m, banner != NULL ? banner : "");
    815 	mm_request_send(sock, MONITOR_ANS_AUTH2_READ_BANNER, m);
    816 
    817 	if (banner != NULL)
    818 		xfree(banner);
    819 
    820 	return (0);
    821 }
    822 
    823 int
    824 mm_answer_authserv(int sock, Buffer *m)
    825 {
    826 	monitor_permit_authentications(1);
    827 
    828 	authctxt->service = buffer_get_string(m, NULL);
    829 	authctxt->style = buffer_get_string(m, NULL);
    830 	debug3("%s: service=%s, style=%s",
    831 	    __func__, authctxt->service, authctxt->style);
    832 
    833 	if (strlen(authctxt->style) == 0) {
    834 		xfree(authctxt->style);
    835 		authctxt->style = NULL;
    836 	}
    837 
    838 	return (0);
    839 }
    840 
    841 int
    842 mm_answer_authpassword(int sock, Buffer *m)
    843 {
    844 	static int call_count;
    845 	char *passwd;
    846 	int authenticated;
    847 	u_int plen;
    848 
    849 	passwd = buffer_get_string(m, &plen);
    850 	/* Only authenticate if the context is valid */
    851 #ifndef ANDROID
    852 	/* no password authentication in android */
    853 	authenticated = options.password_authentication &&
    854 	    auth_password(authctxt, passwd);
    855 #else
    856 	authenticated = 0;
    857 #endif
    858 	memset(passwd, 0, strlen(passwd));
    859 	xfree(passwd);
    860 
    861 	buffer_clear(m);
    862 	buffer_put_int(m, authenticated);
    863 
    864 	debug3("%s: sending result %d", __func__, authenticated);
    865 	mm_request_send(sock, MONITOR_ANS_AUTHPASSWORD, m);
    866 
    867 	call_count++;
    868 	if (plen == 0 && call_count == 1)
    869 		auth_method = "none";
    870 	else
    871 		auth_method = "password";
    872 
    873 	/* Causes monitor loop to terminate if authenticated */
    874 	return (authenticated);
    875 }
    876 
    877 #ifdef BSD_AUTH
    878 int
    879 mm_answer_bsdauthquery(int sock, Buffer *m)
    880 {
    881 	char *name, *infotxt;
    882 	u_int numprompts;
    883 	u_int *echo_on;
    884 	char **prompts;
    885 	u_int success;
    886 
    887 	success = bsdauth_query(authctxt, &name, &infotxt, &numprompts,
    888 	    &prompts, &echo_on) < 0 ? 0 : 1;
    889 
    890 	buffer_clear(m);
    891 	buffer_put_int(m, success);
    892 	if (success)
    893 		buffer_put_cstring(m, prompts[0]);
    894 
    895 	debug3("%s: sending challenge success: %u", __func__, success);
    896 	mm_request_send(sock, MONITOR_ANS_BSDAUTHQUERY, m);
    897 
    898 	if (success) {
    899 		xfree(name);
    900 		xfree(infotxt);
    901 		xfree(prompts);
    902 		xfree(echo_on);
    903 	}
    904 
    905 	return (0);
    906 }
    907 
    908 int
    909 mm_answer_bsdauthrespond(int sock, Buffer *m)
    910 {
    911 	char *response;
    912 	int authok;
    913 
    914 	if (authctxt->as == 0)
    915 		fatal("%s: no bsd auth session", __func__);
    916 
    917 	response = buffer_get_string(m, NULL);
    918 	authok = options.challenge_response_authentication &&
    919 	    auth_userresponse(authctxt->as, response, 0);
    920 	authctxt->as = NULL;
    921 	debug3("%s: <%s> = <%d>", __func__, response, authok);
    922 	xfree(response);
    923 
    924 	buffer_clear(m);
    925 	buffer_put_int(m, authok);
    926 
    927 	debug3("%s: sending authenticated: %d", __func__, authok);
    928 	mm_request_send(sock, MONITOR_ANS_BSDAUTHRESPOND, m);
    929 
    930 	auth_method = "bsdauth";
    931 
    932 	return (authok != 0);
    933 }
    934 #endif
    935 
    936 #ifdef SKEY
    937 int
    938 mm_answer_skeyquery(int sock, Buffer *m)
    939 {
    940 	struct skey skey;
    941 	char challenge[1024];
    942 	u_int success;
    943 
    944 	success = _compat_skeychallenge(&skey, authctxt->user, challenge,
    945 	    sizeof(challenge)) < 0 ? 0 : 1;
    946 
    947 	buffer_clear(m);
    948 	buffer_put_int(m, success);
    949 	if (success)
    950 		buffer_put_cstring(m, challenge);
    951 
    952 	debug3("%s: sending challenge success: %u", __func__, success);
    953 	mm_request_send(sock, MONITOR_ANS_SKEYQUERY, m);
    954 
    955 	return (0);
    956 }
    957 
    958 int
    959 mm_answer_skeyrespond(int sock, Buffer *m)
    960 {
    961 	char *response;
    962 	int authok;
    963 
    964 	response = buffer_get_string(m, NULL);
    965 
    966 	authok = (options.challenge_response_authentication &&
    967 	    authctxt->valid &&
    968 	    skey_haskey(authctxt->pw->pw_name) == 0 &&
    969 	    skey_passcheck(authctxt->pw->pw_name, response) != -1);
    970 
    971 	xfree(response);
    972 
    973 	buffer_clear(m);
    974 	buffer_put_int(m, authok);
    975 
    976 	debug3("%s: sending authenticated: %d", __func__, authok);
    977 	mm_request_send(sock, MONITOR_ANS_SKEYRESPOND, m);
    978 
    979 	auth_method = "skey";
    980 
    981 	return (authok != 0);
    982 }
    983 #endif
    984 
    985 #ifdef USE_PAM
    986 int
    987 mm_answer_pam_start(int sock, Buffer *m)
    988 {
    989 	if (!options.use_pam)
    990 		fatal("UsePAM not set, but ended up in %s anyway", __func__);
    991 
    992 	start_pam(authctxt);
    993 
    994 	monitor_permit(mon_dispatch, MONITOR_REQ_PAM_ACCOUNT, 1);
    995 
    996 	return (0);
    997 }
    998 
    999 int
   1000 mm_answer_pam_account(int sock, Buffer *m)
   1001 {
   1002 	u_int ret;
   1003 
   1004 	if (!options.use_pam)
   1005 		fatal("UsePAM not set, but ended up in %s anyway", __func__);
   1006 
   1007 	ret = do_pam_account();
   1008 
   1009 	buffer_put_int(m, ret);
   1010 	buffer_put_string(m, buffer_ptr(&loginmsg), buffer_len(&loginmsg));
   1011 
   1012 	mm_request_send(sock, MONITOR_ANS_PAM_ACCOUNT, m);
   1013 
   1014 	return (ret);
   1015 }
   1016 
   1017 static void *sshpam_ctxt, *sshpam_authok;
   1018 extern KbdintDevice sshpam_device;
   1019 
   1020 int
   1021 mm_answer_pam_init_ctx(int sock, Buffer *m)
   1022 {
   1023 
   1024 	debug3("%s", __func__);
   1025 	authctxt->user = buffer_get_string(m, NULL);
   1026 	sshpam_ctxt = (sshpam_device.init_ctx)(authctxt);
   1027 	sshpam_authok = NULL;
   1028 	buffer_clear(m);
   1029 	if (sshpam_ctxt != NULL) {
   1030 		monitor_permit(mon_dispatch, MONITOR_REQ_PAM_FREE_CTX, 1);
   1031 		buffer_put_int(m, 1);
   1032 	} else {
   1033 		buffer_put_int(m, 0);
   1034 	}
   1035 	mm_request_send(sock, MONITOR_ANS_PAM_INIT_CTX, m);
   1036 	return (0);
   1037 }
   1038 
   1039 int
   1040 mm_answer_pam_query(int sock, Buffer *m)
   1041 {
   1042 	char *name = NULL, *info = NULL, **prompts = NULL;
   1043 	u_int i, num = 0, *echo_on = 0;
   1044 	int ret;
   1045 
   1046 	debug3("%s", __func__);
   1047 	sshpam_authok = NULL;
   1048 	ret = (sshpam_device.query)(sshpam_ctxt, &name, &info, &num, &prompts, &echo_on);
   1049 	if (ret == 0 && num == 0)
   1050 		sshpam_authok = sshpam_ctxt;
   1051 	if (num > 1 || name == NULL || info == NULL)
   1052 		ret = -1;
   1053 	buffer_clear(m);
   1054 	buffer_put_int(m, ret);
   1055 	buffer_put_cstring(m, name);
   1056 	xfree(name);
   1057 	buffer_put_cstring(m, info);
   1058 	xfree(info);
   1059 	buffer_put_int(m, num);
   1060 	for (i = 0; i < num; ++i) {
   1061 		buffer_put_cstring(m, prompts[i]);
   1062 		xfree(prompts[i]);
   1063 		buffer_put_int(m, echo_on[i]);
   1064 	}
   1065 	if (prompts != NULL)
   1066 		xfree(prompts);
   1067 	if (echo_on != NULL)
   1068 		xfree(echo_on);
   1069 	auth_method = "keyboard-interactive/pam";
   1070 	mm_request_send(sock, MONITOR_ANS_PAM_QUERY, m);
   1071 	return (0);
   1072 }
   1073 
   1074 int
   1075 mm_answer_pam_respond(int sock, Buffer *m)
   1076 {
   1077 	char **resp;
   1078 	u_int i, num;
   1079 	int ret;
   1080 
   1081 	debug3("%s", __func__);
   1082 	sshpam_authok = NULL;
   1083 	num = buffer_get_int(m);
   1084 	if (num > 0) {
   1085 		resp = xcalloc(num, sizeof(char *));
   1086 		for (i = 0; i < num; ++i)
   1087 			resp[i] = buffer_get_string(m, NULL);
   1088 		ret = (sshpam_device.respond)(sshpam_ctxt, num, resp);
   1089 		for (i = 0; i < num; ++i)
   1090 			xfree(resp[i]);
   1091 		xfree(resp);
   1092 	} else {
   1093 		ret = (sshpam_device.respond)(sshpam_ctxt, num, NULL);
   1094 	}
   1095 	buffer_clear(m);
   1096 	buffer_put_int(m, ret);
   1097 	mm_request_send(sock, MONITOR_ANS_PAM_RESPOND, m);
   1098 	auth_method = "keyboard-interactive/pam";
   1099 	if (ret == 0)
   1100 		sshpam_authok = sshpam_ctxt;
   1101 	return (0);
   1102 }
   1103 
   1104 int
   1105 mm_answer_pam_free_ctx(int sock, Buffer *m)
   1106 {
   1107 
   1108 	debug3("%s", __func__);
   1109 	(sshpam_device.free_ctx)(sshpam_ctxt);
   1110 	buffer_clear(m);
   1111 	mm_request_send(sock, MONITOR_ANS_PAM_FREE_CTX, m);
   1112 	auth_method = "keyboard-interactive/pam";
   1113 	return (sshpam_authok == sshpam_ctxt);
   1114 }
   1115 #endif
   1116 
   1117 int
   1118 mm_answer_keyallowed(int sock, Buffer *m)
   1119 {
   1120 	Key *key;
   1121 	char *cuser, *chost;
   1122 	u_char *blob;
   1123 	u_int bloblen;
   1124 	enum mm_keytype type = 0;
   1125 	int allowed = 0;
   1126 
   1127 	debug3("%s entering", __func__);
   1128 
   1129 	type = buffer_get_int(m);
   1130 	cuser = buffer_get_string(m, NULL);
   1131 	chost = buffer_get_string(m, NULL);
   1132 	blob = buffer_get_string(m, &bloblen);
   1133 
   1134 	key = key_from_blob(blob, bloblen);
   1135 
   1136 	if ((compat20 && type == MM_RSAHOSTKEY) ||
   1137 	    (!compat20 && type != MM_RSAHOSTKEY))
   1138 		fatal("%s: key type and protocol mismatch", __func__);
   1139 
   1140 	debug3("%s: key_from_blob: %p", __func__, key);
   1141 
   1142 	if (key != NULL && authctxt->valid) {
   1143 		switch (type) {
   1144 		case MM_USERKEY:
   1145 			allowed = options.pubkey_authentication &&
   1146 			    user_key_allowed(authctxt->pw, key);
   1147 			auth_method = "publickey";
   1148 			if (options.pubkey_authentication && allowed != 1)
   1149 				auth_clear_options();
   1150 			break;
   1151 		case MM_HOSTKEY:
   1152 			allowed = options.hostbased_authentication &&
   1153 			    hostbased_key_allowed(authctxt->pw,
   1154 			    cuser, chost, key);
   1155 			auth_method = "hostbased";
   1156 			break;
   1157 		case MM_RSAHOSTKEY:
   1158 			key->type = KEY_RSA1; /* XXX */
   1159 			allowed = options.rhosts_rsa_authentication &&
   1160 			    auth_rhosts_rsa_key_allowed(authctxt->pw,
   1161 			    cuser, chost, key);
   1162 			if (options.rhosts_rsa_authentication && allowed != 1)
   1163 				auth_clear_options();
   1164 			auth_method = "rsa";
   1165 			break;
   1166 		default:
   1167 			fatal("%s: unknown key type %d", __func__, type);
   1168 			break;
   1169 		}
   1170 	}
   1171 	if (key != NULL)
   1172 		key_free(key);
   1173 
   1174 	/* clear temporarily storage (used by verify) */
   1175 	monitor_reset_key_state();
   1176 
   1177 	if (allowed) {
   1178 		/* Save temporarily for comparison in verify */
   1179 		key_blob = blob;
   1180 		key_bloblen = bloblen;
   1181 		key_blobtype = type;
   1182 		hostbased_cuser = cuser;
   1183 		hostbased_chost = chost;
   1184 	} else {
   1185 		/* Log failed attempt */
   1186 		auth_log(authctxt, 0, auth_method, compat20 ? " ssh2" : "");
   1187 		xfree(blob);
   1188 		xfree(cuser);
   1189 		xfree(chost);
   1190 	}
   1191 
   1192 	debug3("%s: key %p is %s",
   1193 	    __func__, key, allowed ? "allowed" : "not allowed");
   1194 
   1195 	buffer_clear(m);
   1196 	buffer_put_int(m, allowed);
   1197 	buffer_put_int(m, forced_command != NULL);
   1198 
   1199 	mm_request_send(sock, MONITOR_ANS_KEYALLOWED, m);
   1200 
   1201 	if (type == MM_RSAHOSTKEY)
   1202 		monitor_permit(mon_dispatch, MONITOR_REQ_RSACHALLENGE, allowed);
   1203 
   1204 	return (0);
   1205 }
   1206 
   1207 static int
   1208 monitor_valid_userblob(u_char *data, u_int datalen)
   1209 {
   1210 	Buffer b;
   1211 	char *p;
   1212 	u_int len;
   1213 	int fail = 0;
   1214 
   1215 	buffer_init(&b);
   1216 	buffer_append(&b, data, datalen);
   1217 
   1218 	if (datafellows & SSH_OLD_SESSIONID) {
   1219 		p = buffer_ptr(&b);
   1220 		len = buffer_len(&b);
   1221 		if ((session_id2 == NULL) ||
   1222 		    (len < session_id2_len) ||
   1223 		    (timingsafe_bcmp(p, session_id2, session_id2_len) != 0))
   1224 			fail++;
   1225 		buffer_consume(&b, session_id2_len);
   1226 	} else {
   1227 		p = buffer_get_string(&b, &len);
   1228 		if ((session_id2 == NULL) ||
   1229 		    (len != session_id2_len) ||
   1230 		    (timingsafe_bcmp(p, session_id2, session_id2_len) != 0))
   1231 			fail++;
   1232 		xfree(p);
   1233 	}
   1234 	if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST)
   1235 		fail++;
   1236 	p = buffer_get_string(&b, NULL);
   1237 	if (strcmp(authctxt->user, p) != 0) {
   1238 		logit("wrong user name passed to monitor: expected %s != %.100s",
   1239 		    authctxt->user, p);
   1240 		fail++;
   1241 	}
   1242 	xfree(p);
   1243 	buffer_skip_string(&b);
   1244 	if (datafellows & SSH_BUG_PKAUTH) {
   1245 		if (!buffer_get_char(&b))
   1246 			fail++;
   1247 	} else {
   1248 		p = buffer_get_string(&b, NULL);
   1249 		if (strcmp("publickey", p) != 0)
   1250 			fail++;
   1251 		xfree(p);
   1252 		if (!buffer_get_char(&b))
   1253 			fail++;
   1254 		buffer_skip_string(&b);
   1255 	}
   1256 	buffer_skip_string(&b);
   1257 	if (buffer_len(&b) != 0)
   1258 		fail++;
   1259 	buffer_free(&b);
   1260 	return (fail == 0);
   1261 }
   1262 
   1263 static int
   1264 monitor_valid_hostbasedblob(u_char *data, u_int datalen, char *cuser,
   1265     char *chost)
   1266 {
   1267 	Buffer b;
   1268 	char *p;
   1269 	u_int len;
   1270 	int fail = 0;
   1271 
   1272 	buffer_init(&b);
   1273 	buffer_append(&b, data, datalen);
   1274 
   1275 	p = buffer_get_string(&b, &len);
   1276 	if ((session_id2 == NULL) ||
   1277 	    (len != session_id2_len) ||
   1278 	    (timingsafe_bcmp(p, session_id2, session_id2_len) != 0))
   1279 		fail++;
   1280 	xfree(p);
   1281 
   1282 	if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST)
   1283 		fail++;
   1284 	p = buffer_get_string(&b, NULL);
   1285 	if (strcmp(authctxt->user, p) != 0) {
   1286 		logit("wrong user name passed to monitor: expected %s != %.100s",
   1287 		    authctxt->user, p);
   1288 		fail++;
   1289 	}
   1290 	xfree(p);
   1291 	buffer_skip_string(&b);	/* service */
   1292 	p = buffer_get_string(&b, NULL);
   1293 	if (strcmp(p, "hostbased") != 0)
   1294 		fail++;
   1295 	xfree(p);
   1296 	buffer_skip_string(&b);	/* pkalg */
   1297 	buffer_skip_string(&b);	/* pkblob */
   1298 
   1299 	/* verify client host, strip trailing dot if necessary */
   1300 	p = buffer_get_string(&b, NULL);
   1301 	if (((len = strlen(p)) > 0) && p[len - 1] == '.')
   1302 		p[len - 1] = '\0';
   1303 	if (strcmp(p, chost) != 0)
   1304 		fail++;
   1305 	xfree(p);
   1306 
   1307 	/* verify client user */
   1308 	p = buffer_get_string(&b, NULL);
   1309 	if (strcmp(p, cuser) != 0)
   1310 		fail++;
   1311 	xfree(p);
   1312 
   1313 	if (buffer_len(&b) != 0)
   1314 		fail++;
   1315 	buffer_free(&b);
   1316 	return (fail == 0);
   1317 }
   1318 
   1319 int
   1320 mm_answer_keyverify(int sock, Buffer *m)
   1321 {
   1322 	Key *key;
   1323 	u_char *signature, *data, *blob;
   1324 	u_int signaturelen, datalen, bloblen;
   1325 	int verified = 0;
   1326 	int valid_data = 0;
   1327 
   1328 	blob = buffer_get_string(m, &bloblen);
   1329 	signature = buffer_get_string(m, &signaturelen);
   1330 	data = buffer_get_string(m, &datalen);
   1331 
   1332 	if (hostbased_cuser == NULL || hostbased_chost == NULL ||
   1333 	  !monitor_allowed_key(blob, bloblen))
   1334 		fatal("%s: bad key, not previously allowed", __func__);
   1335 
   1336 	key = key_from_blob(blob, bloblen);
   1337 	if (key == NULL)
   1338 		fatal("%s: bad public key blob", __func__);
   1339 
   1340 	switch (key_blobtype) {
   1341 	case MM_USERKEY:
   1342 		valid_data = monitor_valid_userblob(data, datalen);
   1343 		break;
   1344 	case MM_HOSTKEY:
   1345 		valid_data = monitor_valid_hostbasedblob(data, datalen,
   1346 		    hostbased_cuser, hostbased_chost);
   1347 		break;
   1348 	default:
   1349 		valid_data = 0;
   1350 		break;
   1351 	}
   1352 	if (!valid_data)
   1353 		fatal("%s: bad signature data blob", __func__);
   1354 
   1355 	verified = key_verify(key, signature, signaturelen, data, datalen);
   1356 	debug3("%s: key %p signature %s",
   1357 	    __func__, key, (verified == 1) ? "verified" : "unverified");
   1358 
   1359 	key_free(key);
   1360 	xfree(blob);
   1361 	xfree(signature);
   1362 	xfree(data);
   1363 
   1364 	auth_method = key_blobtype == MM_USERKEY ? "publickey" : "hostbased";
   1365 
   1366 	monitor_reset_key_state();
   1367 
   1368 	buffer_clear(m);
   1369 	buffer_put_int(m, verified);
   1370 	mm_request_send(sock, MONITOR_ANS_KEYVERIFY, m);
   1371 
   1372 	return (verified == 1);
   1373 }
   1374 
   1375 static void
   1376 mm_record_login(Session *s, struct passwd *pw)
   1377 {
   1378 	socklen_t fromlen;
   1379 	struct sockaddr_storage from;
   1380 
   1381 	/*
   1382 	 * Get IP address of client. If the connection is not a socket, let
   1383 	 * the address be 0.0.0.0.
   1384 	 */
   1385 	memset(&from, 0, sizeof(from));
   1386 	fromlen = sizeof(from);
   1387 	if (packet_connection_is_on_socket()) {
   1388 		if (getpeername(packet_get_connection_in(),
   1389 		    (struct sockaddr *)&from, &fromlen) < 0) {
   1390 			debug("getpeername: %.100s", strerror(errno));
   1391 			cleanup_exit(255);
   1392 		}
   1393 	}
   1394 	/* Record that there was a login on that tty from the remote host. */
   1395 	record_login(s->pid, s->tty, pw->pw_name, pw->pw_uid,
   1396 	    get_remote_name_or_ip(utmp_len, options.use_dns),
   1397 	    (struct sockaddr *)&from, fromlen);
   1398 }
   1399 
   1400 static void
   1401 mm_session_close(Session *s)
   1402 {
   1403 	debug3("%s: session %d pid %ld", __func__, s->self, (long)s->pid);
   1404 	if (s->ttyfd != -1) {
   1405 		debug3("%s: tty %s ptyfd %d", __func__, s->tty, s->ptyfd);
   1406 		session_pty_cleanup2(s);
   1407 	}
   1408 	session_unused(s->self);
   1409 }
   1410 
   1411 int
   1412 mm_answer_pty(int sock, Buffer *m)
   1413 {
   1414 	extern struct monitor *pmonitor;
   1415 	Session *s;
   1416 	int res, fd0;
   1417 
   1418 	debug3("%s entering", __func__);
   1419 
   1420 	buffer_clear(m);
   1421 	s = session_new();
   1422 	if (s == NULL)
   1423 		goto error;
   1424 	s->authctxt = authctxt;
   1425 	s->pw = authctxt->pw;
   1426 	s->pid = pmonitor->m_pid;
   1427 	res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty));
   1428 	if (res == 0)
   1429 		goto error;
   1430 	pty_setowner(authctxt->pw, s->tty);
   1431 
   1432 	buffer_put_int(m, 1);
   1433 	buffer_put_cstring(m, s->tty);
   1434 
   1435 	/* We need to trick ttyslot */
   1436 	if (dup2(s->ttyfd, 0) == -1)
   1437 		fatal("%s: dup2", __func__);
   1438 
   1439 	mm_record_login(s, authctxt->pw);
   1440 
   1441 	/* Now we can close the file descriptor again */
   1442 	close(0);
   1443 
   1444 	/* send messages generated by record_login */
   1445 	buffer_put_string(m, buffer_ptr(&loginmsg), buffer_len(&loginmsg));
   1446 	buffer_clear(&loginmsg);
   1447 
   1448 	mm_request_send(sock, MONITOR_ANS_PTY, m);
   1449 
   1450 	if (mm_send_fd(sock, s->ptyfd) == -1 ||
   1451 	    mm_send_fd(sock, s->ttyfd) == -1)
   1452 		fatal("%s: send fds failed", __func__);
   1453 
   1454 	/* make sure nothing uses fd 0 */
   1455 	if ((fd0 = open(_PATH_DEVNULL, O_RDONLY)) < 0)
   1456 		fatal("%s: open(/dev/null): %s", __func__, strerror(errno));
   1457 	if (fd0 != 0)
   1458 		error("%s: fd0 %d != 0", __func__, fd0);
   1459 
   1460 	/* slave is not needed */
   1461 	close(s->ttyfd);
   1462 	s->ttyfd = s->ptyfd;
   1463 	/* no need to dup() because nobody closes ptyfd */
   1464 	s->ptymaster = s->ptyfd;
   1465 
   1466 	debug3("%s: tty %s ptyfd %d", __func__, s->tty, s->ttyfd);
   1467 
   1468 	return (0);
   1469 
   1470  error:
   1471 	if (s != NULL)
   1472 		mm_session_close(s);
   1473 	buffer_put_int(m, 0);
   1474 	mm_request_send(sock, MONITOR_ANS_PTY, m);
   1475 	return (0);
   1476 }
   1477 
   1478 int
   1479 mm_answer_pty_cleanup(int sock, Buffer *m)
   1480 {
   1481 	Session *s;
   1482 	char *tty;
   1483 
   1484 	debug3("%s entering", __func__);
   1485 
   1486 	tty = buffer_get_string(m, NULL);
   1487 	if ((s = session_by_tty(tty)) != NULL)
   1488 		mm_session_close(s);
   1489 	buffer_clear(m);
   1490 	xfree(tty);
   1491 	return (0);
   1492 }
   1493 
   1494 int
   1495 mm_answer_sesskey(int sock, Buffer *m)
   1496 {
   1497 	BIGNUM *p;
   1498 	int rsafail;
   1499 
   1500 	/* Turn off permissions */
   1501 	monitor_permit(mon_dispatch, MONITOR_REQ_SESSKEY, 0);
   1502 
   1503 	if ((p = BN_new()) == NULL)
   1504 		fatal("%s: BN_new", __func__);
   1505 
   1506 	buffer_get_bignum2(m, p);
   1507 
   1508 	rsafail = ssh1_session_key(p);
   1509 
   1510 	buffer_clear(m);
   1511 	buffer_put_int(m, rsafail);
   1512 	buffer_put_bignum2(m, p);
   1513 
   1514 	BN_clear_free(p);
   1515 
   1516 	mm_request_send(sock, MONITOR_ANS_SESSKEY, m);
   1517 
   1518 	/* Turn on permissions for sessid passing */
   1519 	monitor_permit(mon_dispatch, MONITOR_REQ_SESSID, 1);
   1520 
   1521 	return (0);
   1522 }
   1523 
   1524 int
   1525 mm_answer_sessid(int sock, Buffer *m)
   1526 {
   1527 	int i;
   1528 
   1529 	debug3("%s entering", __func__);
   1530 
   1531 	if (buffer_len(m) != 16)
   1532 		fatal("%s: bad ssh1 session id", __func__);
   1533 	for (i = 0; i < 16; i++)
   1534 		session_id[i] = buffer_get_char(m);
   1535 
   1536 	/* Turn on permissions for getpwnam */
   1537 	monitor_permit(mon_dispatch, MONITOR_REQ_PWNAM, 1);
   1538 
   1539 	return (0);
   1540 }
   1541 
   1542 int
   1543 mm_answer_rsa_keyallowed(int sock, Buffer *m)
   1544 {
   1545 	BIGNUM *client_n;
   1546 	Key *key = NULL;
   1547 	u_char *blob = NULL;
   1548 	u_int blen = 0;
   1549 	int allowed = 0;
   1550 
   1551 	debug3("%s entering", __func__);
   1552 
   1553 	auth_method = "rsa";
   1554 	if (options.rsa_authentication && authctxt->valid) {
   1555 		if ((client_n = BN_new()) == NULL)
   1556 			fatal("%s: BN_new", __func__);
   1557 		buffer_get_bignum2(m, client_n);
   1558 		allowed = auth_rsa_key_allowed(authctxt->pw, client_n, &key);
   1559 		BN_clear_free(client_n);
   1560 	}
   1561 	buffer_clear(m);
   1562 	buffer_put_int(m, allowed);
   1563 	buffer_put_int(m, forced_command != NULL);
   1564 
   1565 	/* clear temporarily storage (used by generate challenge) */
   1566 	monitor_reset_key_state();
   1567 
   1568 	if (allowed && key != NULL) {
   1569 		key->type = KEY_RSA;	/* cheat for key_to_blob */
   1570 		if (key_to_blob(key, &blob, &blen) == 0)
   1571 			fatal("%s: key_to_blob failed", __func__);
   1572 		buffer_put_string(m, blob, blen);
   1573 
   1574 		/* Save temporarily for comparison in verify */
   1575 		key_blob = blob;
   1576 		key_bloblen = blen;
   1577 		key_blobtype = MM_RSAUSERKEY;
   1578 	}
   1579 	if (key != NULL)
   1580 		key_free(key);
   1581 
   1582 	mm_request_send(sock, MONITOR_ANS_RSAKEYALLOWED, m);
   1583 
   1584 	monitor_permit(mon_dispatch, MONITOR_REQ_RSACHALLENGE, allowed);
   1585 	monitor_permit(mon_dispatch, MONITOR_REQ_RSARESPONSE, 0);
   1586 	return (0);
   1587 }
   1588 
   1589 int
   1590 mm_answer_rsa_challenge(int sock, Buffer *m)
   1591 {
   1592 	Key *key = NULL;
   1593 	u_char *blob;
   1594 	u_int blen;
   1595 
   1596 	debug3("%s entering", __func__);
   1597 
   1598 	if (!authctxt->valid)
   1599 		fatal("%s: authctxt not valid", __func__);
   1600 	blob = buffer_get_string(m, &blen);
   1601 	if (!monitor_allowed_key(blob, blen))
   1602 		fatal("%s: bad key, not previously allowed", __func__);
   1603 	if (key_blobtype != MM_RSAUSERKEY && key_blobtype != MM_RSAHOSTKEY)
   1604 		fatal("%s: key type mismatch", __func__);
   1605 	if ((key = key_from_blob(blob, blen)) == NULL)
   1606 		fatal("%s: received bad key", __func__);
   1607 	if (key->type != KEY_RSA)
   1608 		fatal("%s: received bad key type %d", __func__, key->type);
   1609 	key->type = KEY_RSA1;
   1610 	if (ssh1_challenge)
   1611 		BN_clear_free(ssh1_challenge);
   1612 	ssh1_challenge = auth_rsa_generate_challenge(key);
   1613 
   1614 	buffer_clear(m);
   1615 	buffer_put_bignum2(m, ssh1_challenge);
   1616 
   1617 	debug3("%s sending reply", __func__);
   1618 	mm_request_send(sock, MONITOR_ANS_RSACHALLENGE, m);
   1619 
   1620 	monitor_permit(mon_dispatch, MONITOR_REQ_RSARESPONSE, 1);
   1621 
   1622 	xfree(blob);
   1623 	key_free(key);
   1624 	return (0);
   1625 }
   1626 
   1627 int
   1628 mm_answer_rsa_response(int sock, Buffer *m)
   1629 {
   1630 	Key *key = NULL;
   1631 	u_char *blob, *response;
   1632 	u_int blen, len;
   1633 	int success;
   1634 
   1635 	debug3("%s entering", __func__);
   1636 
   1637 	if (!authctxt->valid)
   1638 		fatal("%s: authctxt not valid", __func__);
   1639 	if (ssh1_challenge == NULL)
   1640 		fatal("%s: no ssh1_challenge", __func__);
   1641 
   1642 	blob = buffer_get_string(m, &blen);
   1643 	if (!monitor_allowed_key(blob, blen))
   1644 		fatal("%s: bad key, not previously allowed", __func__);
   1645 	if (key_blobtype != MM_RSAUSERKEY && key_blobtype != MM_RSAHOSTKEY)
   1646 		fatal("%s: key type mismatch: %d", __func__, key_blobtype);
   1647 	if ((key = key_from_blob(blob, blen)) == NULL)
   1648 		fatal("%s: received bad key", __func__);
   1649 	response = buffer_get_string(m, &len);
   1650 	if (len != 16)
   1651 		fatal("%s: received bad response to challenge", __func__);
   1652 	success = auth_rsa_verify_response(key, ssh1_challenge, response);
   1653 
   1654 	xfree(blob);
   1655 	key_free(key);
   1656 	xfree(response);
   1657 
   1658 	auth_method = key_blobtype == MM_RSAUSERKEY ? "rsa" : "rhosts-rsa";
   1659 
   1660 	/* reset state */
   1661 	BN_clear_free(ssh1_challenge);
   1662 	ssh1_challenge = NULL;
   1663 	monitor_reset_key_state();
   1664 
   1665 	buffer_clear(m);
   1666 	buffer_put_int(m, success);
   1667 	mm_request_send(sock, MONITOR_ANS_RSARESPONSE, m);
   1668 
   1669 	return (success);
   1670 }
   1671 
   1672 int
   1673 mm_answer_term(int sock, Buffer *req)
   1674 {
   1675 	extern struct monitor *pmonitor;
   1676 	int res, status;
   1677 
   1678 	debug3("%s: tearing down sessions", __func__);
   1679 
   1680 	/* The child is terminating */
   1681 	session_destroy_all(&mm_session_close);
   1682 
   1683 #ifdef USE_PAM
   1684 	if (options.use_pam)
   1685 		sshpam_cleanup();
   1686 #endif
   1687 
   1688 	while (waitpid(pmonitor->m_pid, &status, 0) == -1)
   1689 		if (errno != EINTR)
   1690 			exit(1);
   1691 
   1692 	res = WIFEXITED(status) ? WEXITSTATUS(status) : 1;
   1693 
   1694 	/* Terminate process */
   1695 	exit(res);
   1696 }
   1697 
   1698 #ifdef SSH_AUDIT_EVENTS
   1699 /* Report that an audit event occurred */
   1700 int
   1701 mm_answer_audit_event(int socket, Buffer *m)
   1702 {
   1703 	ssh_audit_event_t event;
   1704 
   1705 	debug3("%s entering", __func__);
   1706 
   1707 	event = buffer_get_int(m);
   1708 	switch(event) {
   1709 	case SSH_AUTH_FAIL_PUBKEY:
   1710 	case SSH_AUTH_FAIL_HOSTBASED:
   1711 	case SSH_AUTH_FAIL_GSSAPI:
   1712 	case SSH_LOGIN_EXCEED_MAXTRIES:
   1713 	case SSH_LOGIN_ROOT_DENIED:
   1714 	case SSH_CONNECTION_CLOSE:
   1715 	case SSH_INVALID_USER:
   1716 		audit_event(event);
   1717 		break;
   1718 	default:
   1719 		fatal("Audit event type %d not permitted", event);
   1720 	}
   1721 
   1722 	return (0);
   1723 }
   1724 
   1725 int
   1726 mm_answer_audit_command(int socket, Buffer *m)
   1727 {
   1728 	u_int len;
   1729 	char *cmd;
   1730 
   1731 	debug3("%s entering", __func__);
   1732 	cmd = buffer_get_string(m, &len);
   1733 	/* sanity check command, if so how? */
   1734 	audit_run_command(cmd);
   1735 	xfree(cmd);
   1736 	return (0);
   1737 }
   1738 #endif /* SSH_AUDIT_EVENTS */
   1739 
   1740 void
   1741 monitor_apply_keystate(struct monitor *pmonitor)
   1742 {
   1743 	if (compat20) {
   1744 		set_newkeys(MODE_IN);
   1745 		set_newkeys(MODE_OUT);
   1746 	} else {
   1747 		packet_set_protocol_flags(child_state.ssh1protoflags);
   1748 		packet_set_encryption_key(child_state.ssh1key,
   1749 		    child_state.ssh1keylen, child_state.ssh1cipher);
   1750 		xfree(child_state.ssh1key);
   1751 	}
   1752 
   1753 	/* for rc4 and other stateful ciphers */
   1754 	packet_set_keycontext(MODE_OUT, child_state.keyout);
   1755 	xfree(child_state.keyout);
   1756 	packet_set_keycontext(MODE_IN, child_state.keyin);
   1757 	xfree(child_state.keyin);
   1758 
   1759 	if (!compat20) {
   1760 		packet_set_iv(MODE_OUT, child_state.ivout);
   1761 		xfree(child_state.ivout);
   1762 		packet_set_iv(MODE_IN, child_state.ivin);
   1763 		xfree(child_state.ivin);
   1764 	}
   1765 
   1766 	memcpy(&incoming_stream, &child_state.incoming,
   1767 	    sizeof(incoming_stream));
   1768 	memcpy(&outgoing_stream, &child_state.outgoing,
   1769 	    sizeof(outgoing_stream));
   1770 
   1771 	/* Update with new address */
   1772 	if (options.compression)
   1773 		mm_init_compression(pmonitor->m_zlib);
   1774 
   1775 	/* Network I/O buffers */
   1776 	/* XXX inefficient for large buffers, need: buffer_init_from_string */
   1777 	buffer_clear(packet_get_input());
   1778 	buffer_append(packet_get_input(), child_state.input, child_state.ilen);
   1779 	memset(child_state.input, 0, child_state.ilen);
   1780 	xfree(child_state.input);
   1781 
   1782 	buffer_clear(packet_get_output());
   1783 	buffer_append(packet_get_output(), child_state.output,
   1784 		      child_state.olen);
   1785 	memset(child_state.output, 0, child_state.olen);
   1786 	xfree(child_state.output);
   1787 
   1788 	/* Roaming */
   1789 	if (compat20)
   1790 		roam_set_bytes(child_state.sent_bytes, child_state.recv_bytes);
   1791 }
   1792 
   1793 static Kex *
   1794 mm_get_kex(Buffer *m)
   1795 {
   1796 	Kex *kex;
   1797 	void *blob;
   1798 	u_int bloblen;
   1799 
   1800 	kex = xcalloc(1, sizeof(*kex));
   1801 	kex->session_id = buffer_get_string(m, &kex->session_id_len);
   1802 	if (session_id2 == NULL ||
   1803 	    kex->session_id_len != session_id2_len ||
   1804 	    timingsafe_bcmp(kex->session_id, session_id2, session_id2_len) != 0)
   1805 		fatal("mm_get_get: internal error: bad session id");
   1806 	kex->we_need = buffer_get_int(m);
   1807 	kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;
   1808 	kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server;
   1809 	kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
   1810 	kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
   1811 	kex->kex[KEX_ECDH_SHA2] = kexecdh_server;
   1812 	kex->server = 1;
   1813 	kex->hostkey_type = buffer_get_int(m);
   1814 	kex->kex_type = buffer_get_int(m);
   1815 	blob = buffer_get_string(m, &bloblen);
   1816 	buffer_init(&kex->my);
   1817 	buffer_append(&kex->my, blob, bloblen);
   1818 	xfree(blob);
   1819 	blob = buffer_get_string(m, &bloblen);
   1820 	buffer_init(&kex->peer);
   1821 	buffer_append(&kex->peer, blob, bloblen);
   1822 	xfree(blob);
   1823 	kex->done = 1;
   1824 	kex->flags = buffer_get_int(m);
   1825 	kex->client_version_string = buffer_get_string(m, NULL);
   1826 	kex->server_version_string = buffer_get_string(m, NULL);
   1827 	kex->load_host_public_key=&get_hostkey_public_by_type;
   1828 	kex->load_host_private_key=&get_hostkey_private_by_type;
   1829 	kex->host_key_index=&get_hostkey_index;
   1830 
   1831 	return (kex);
   1832 }
   1833 
   1834 /* This function requries careful sanity checking */
   1835 
   1836 void
   1837 mm_get_keystate(struct monitor *pmonitor)
   1838 {
   1839 	Buffer m;
   1840 	u_char *blob, *p;
   1841 	u_int bloblen, plen;
   1842 	u_int32_t seqnr, packets;
   1843 	u_int64_t blocks, bytes;
   1844 
   1845 	debug3("%s: Waiting for new keys", __func__);
   1846 
   1847 	buffer_init(&m);
   1848 	mm_request_receive_expect(pmonitor->m_sendfd, MONITOR_REQ_KEYEXPORT, &m);
   1849 	if (!compat20) {
   1850 		child_state.ssh1protoflags = buffer_get_int(&m);
   1851 		child_state.ssh1cipher = buffer_get_int(&m);
   1852 		child_state.ssh1key = buffer_get_string(&m,
   1853 		    &child_state.ssh1keylen);
   1854 		child_state.ivout = buffer_get_string(&m,
   1855 		    &child_state.ivoutlen);
   1856 		child_state.ivin = buffer_get_string(&m, &child_state.ivinlen);
   1857 		goto skip;
   1858 	} else {
   1859 		/* Get the Kex for rekeying */
   1860 		*pmonitor->m_pkex = mm_get_kex(&m);
   1861 	}
   1862 
   1863 	blob = buffer_get_string(&m, &bloblen);
   1864 	current_keys[MODE_OUT] = mm_newkeys_from_blob(blob, bloblen);
   1865 	xfree(blob);
   1866 
   1867 	debug3("%s: Waiting for second key", __func__);
   1868 	blob = buffer_get_string(&m, &bloblen);
   1869 	current_keys[MODE_IN] = mm_newkeys_from_blob(blob, bloblen);
   1870 	xfree(blob);
   1871 
   1872 	/* Now get sequence numbers for the packets */
   1873 	seqnr = buffer_get_int(&m);
   1874 	blocks = buffer_get_int64(&m);
   1875 	packets = buffer_get_int(&m);
   1876 	bytes = buffer_get_int64(&m);
   1877 	packet_set_state(MODE_OUT, seqnr, blocks, packets, bytes);
   1878 	seqnr = buffer_get_int(&m);
   1879 	blocks = buffer_get_int64(&m);
   1880 	packets = buffer_get_int(&m);
   1881 	bytes = buffer_get_int64(&m);
   1882 	packet_set_state(MODE_IN, seqnr, blocks, packets, bytes);
   1883 
   1884  skip:
   1885 	/* Get the key context */
   1886 	child_state.keyout = buffer_get_string(&m, &child_state.keyoutlen);
   1887 	child_state.keyin  = buffer_get_string(&m, &child_state.keyinlen);
   1888 
   1889 	debug3("%s: Getting compression state", __func__);
   1890 	/* Get compression state */
   1891 	p = buffer_get_string(&m, &plen);
   1892 	if (plen != sizeof(child_state.outgoing))
   1893 		fatal("%s: bad request size", __func__);
   1894 	memcpy(&child_state.outgoing, p, sizeof(child_state.outgoing));
   1895 	xfree(p);
   1896 
   1897 	p = buffer_get_string(&m, &plen);
   1898 	if (plen != sizeof(child_state.incoming))
   1899 		fatal("%s: bad request size", __func__);
   1900 	memcpy(&child_state.incoming, p, sizeof(child_state.incoming));
   1901 	xfree(p);
   1902 
   1903 	/* Network I/O buffers */
   1904 	debug3("%s: Getting Network I/O buffers", __func__);
   1905 	child_state.input = buffer_get_string(&m, &child_state.ilen);
   1906 	child_state.output = buffer_get_string(&m, &child_state.olen);
   1907 
   1908 	/* Roaming */
   1909 	if (compat20) {
   1910 		child_state.sent_bytes = buffer_get_int64(&m);
   1911 		child_state.recv_bytes = buffer_get_int64(&m);
   1912 	}
   1913 
   1914 	buffer_free(&m);
   1915 }
   1916 
   1917 
   1918 /* Allocation functions for zlib */
   1919 void *
   1920 mm_zalloc(struct mm_master *mm, u_int ncount, u_int size)
   1921 {
   1922 	size_t len = (size_t) size * ncount;
   1923 	void *address;
   1924 
   1925 	if (len == 0 || ncount > SIZE_T_MAX / size)
   1926 		fatal("%s: mm_zalloc(%u, %u)", __func__, ncount, size);
   1927 
   1928 	address = mm_malloc(mm, len);
   1929 
   1930 	return (address);
   1931 }
   1932 
   1933 void
   1934 mm_zfree(struct mm_master *mm, void *address)
   1935 {
   1936 	mm_free(mm, address);
   1937 }
   1938 
   1939 void
   1940 mm_init_compression(struct mm_master *mm)
   1941 {
   1942 	outgoing_stream.zalloc = (alloc_func)mm_zalloc;
   1943 	outgoing_stream.zfree = (free_func)mm_zfree;
   1944 	outgoing_stream.opaque = mm;
   1945 
   1946 	incoming_stream.zalloc = (alloc_func)mm_zalloc;
   1947 	incoming_stream.zfree = (free_func)mm_zfree;
   1948 	incoming_stream.opaque = mm;
   1949 }
   1950 
   1951 /* XXX */
   1952 
   1953 #define FD_CLOSEONEXEC(x) do { \
   1954 	if (fcntl(x, F_SETFD, FD_CLOEXEC) == -1) \
   1955 		fatal("fcntl(%d, F_SETFD)", x); \
   1956 } while (0)
   1957 
   1958 static void
   1959 monitor_openfds(struct monitor *mon, int do_logfds)
   1960 {
   1961 	int pair[2];
   1962 
   1963 	if (socketpair(AF_UNIX, SOCK_STREAM, 0, pair) == -1)
   1964 		fatal("%s: socketpair: %s", __func__, strerror(errno));
   1965 	FD_CLOSEONEXEC(pair[0]);
   1966 	FD_CLOSEONEXEC(pair[1]);
   1967 	mon->m_recvfd = pair[0];
   1968 	mon->m_sendfd = pair[1];
   1969 
   1970 	if (do_logfds) {
   1971 		if (pipe(pair) == -1)
   1972 			fatal("%s: pipe: %s", __func__, strerror(errno));
   1973 		FD_CLOSEONEXEC(pair[0]);
   1974 		FD_CLOSEONEXEC(pair[1]);
   1975 		mon->m_log_recvfd = pair[0];
   1976 		mon->m_log_sendfd = pair[1];
   1977 	} else
   1978 		mon->m_log_recvfd = mon->m_log_sendfd = -1;
   1979 }
   1980 
   1981 #define MM_MEMSIZE	65536
   1982 
   1983 struct monitor *
   1984 monitor_init(void)
   1985 {
   1986 	struct monitor *mon;
   1987 
   1988 	mon = xcalloc(1, sizeof(*mon));
   1989 
   1990 	monitor_openfds(mon, 1);
   1991 
   1992 	/* Used to share zlib space across processes */
   1993 	if (options.compression) {
   1994 		mon->m_zback = mm_create(NULL, MM_MEMSIZE);
   1995 		mon->m_zlib = mm_create(mon->m_zback, 20 * MM_MEMSIZE);
   1996 
   1997 		/* Compression needs to share state across borders */
   1998 		mm_init_compression(mon->m_zlib);
   1999 	}
   2000 
   2001 	return mon;
   2002 }
   2003 
   2004 void
   2005 monitor_reinit(struct monitor *mon)
   2006 {
   2007 	monitor_openfds(mon, 0);
   2008 }
   2009 
   2010 #ifdef GSSAPI
   2011 int
   2012 mm_answer_gss_setup_ctx(int sock, Buffer *m)
   2013 {
   2014 	gss_OID_desc goid;
   2015 	OM_uint32 major;
   2016 	u_int len;
   2017 
   2018 	goid.elements = buffer_get_string(m, &len);
   2019 	goid.length = len;
   2020 
   2021 	major = ssh_gssapi_server_ctx(&gsscontext, &goid);
   2022 
   2023 	xfree(goid.elements);
   2024 
   2025 	buffer_clear(m);
   2026 	buffer_put_int(m, major);
   2027 
   2028 	mm_request_send(sock, MONITOR_ANS_GSSSETUP, m);
   2029 
   2030 	/* Now we have a context, enable the step */
   2031 	monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 1);
   2032 
   2033 	return (0);
   2034 }
   2035 
   2036 int
   2037 mm_answer_gss_accept_ctx(int sock, Buffer *m)
   2038 {
   2039 	gss_buffer_desc in;
   2040 	gss_buffer_desc out = GSS_C_EMPTY_BUFFER;
   2041 	OM_uint32 major, minor;
   2042 	OM_uint32 flags = 0; /* GSI needs this */
   2043 	u_int len;
   2044 
   2045 	in.value = buffer_get_string(m, &len);
   2046 	in.length = len;
   2047 	major = ssh_gssapi_accept_ctx(gsscontext, &in, &out, &flags);
   2048 	xfree(in.value);
   2049 
   2050 	buffer_clear(m);
   2051 	buffer_put_int(m, major);
   2052 	buffer_put_string(m, out.value, out.length);
   2053 	buffer_put_int(m, flags);
   2054 	mm_request_send(sock, MONITOR_ANS_GSSSTEP, m);
   2055 
   2056 	gss_release_buffer(&minor, &out);
   2057 
   2058 	if (major == GSS_S_COMPLETE) {
   2059 		monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 0);
   2060 		monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1);
   2061 		monitor_permit(mon_dispatch, MONITOR_REQ_GSSCHECKMIC, 1);
   2062 	}
   2063 	return (0);
   2064 }
   2065 
   2066 int
   2067 mm_answer_gss_checkmic(int sock, Buffer *m)
   2068 {
   2069 	gss_buffer_desc gssbuf, mic;
   2070 	OM_uint32 ret;
   2071 	u_int len;
   2072 
   2073 	gssbuf.value = buffer_get_string(m, &len);
   2074 	gssbuf.length = len;
   2075 	mic.value = buffer_get_string(m, &len);
   2076 	mic.length = len;
   2077 
   2078 	ret = ssh_gssapi_checkmic(gsscontext, &gssbuf, &mic);
   2079 
   2080 	xfree(gssbuf.value);
   2081 	xfree(mic.value);
   2082 
   2083 	buffer_clear(m);
   2084 	buffer_put_int(m, ret);
   2085 
   2086 	mm_request_send(sock, MONITOR_ANS_GSSCHECKMIC, m);
   2087 
   2088 	if (!GSS_ERROR(ret))
   2089 		monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1);
   2090 
   2091 	return (0);
   2092 }
   2093 
   2094 int
   2095 mm_answer_gss_userok(int sock, Buffer *m)
   2096 {
   2097 	int authenticated;
   2098 
   2099 	authenticated = authctxt->valid && ssh_gssapi_userok(authctxt->user);
   2100 
   2101 	buffer_clear(m);
   2102 	buffer_put_int(m, authenticated);
   2103 
   2104 	debug3("%s: sending result %d", __func__, authenticated);
   2105 	mm_request_send(sock, MONITOR_ANS_GSSUSEROK, m);
   2106 
   2107 	auth_method = "gssapi-with-mic";
   2108 
   2109 	/* Monitor loop will terminate if authenticated */
   2110 	return (authenticated);
   2111 }
   2112 #endif /* GSSAPI */
   2113 
   2114 #ifdef JPAKE
   2115 int
   2116 mm_answer_jpake_step1(int sock, Buffer *m)
   2117 {
   2118 	struct jpake_ctx *pctx;
   2119 	u_char *x3_proof, *x4_proof;
   2120 	u_int x3_proof_len, x4_proof_len;
   2121 
   2122 	if (!options.zero_knowledge_password_authentication)
   2123 		fatal("zero_knowledge_password_authentication disabled");
   2124 
   2125 	if (authctxt->jpake_ctx != NULL)
   2126 		fatal("%s: authctxt->jpake_ctx already set (%p)",
   2127 		    __func__, authctxt->jpake_ctx);
   2128 	authctxt->jpake_ctx = pctx = jpake_new();
   2129 
   2130 	jpake_step1(pctx->grp,
   2131 	    &pctx->server_id, &pctx->server_id_len,
   2132 	    &pctx->x3, &pctx->x4, &pctx->g_x3, &pctx->g_x4,
   2133 	    &x3_proof, &x3_proof_len,
   2134 	    &x4_proof, &x4_proof_len);
   2135 
   2136 	JPAKE_DEBUG_CTX((pctx, "step1 done in %s", __func__));
   2137 
   2138 	buffer_clear(m);
   2139 
   2140 	buffer_put_string(m, pctx->server_id, pctx->server_id_len);
   2141 	buffer_put_bignum2(m, pctx->g_x3);
   2142 	buffer_put_bignum2(m, pctx->g_x4);
   2143 	buffer_put_string(m, x3_proof, x3_proof_len);
   2144 	buffer_put_string(m, x4_proof, x4_proof_len);
   2145 
   2146 	debug3("%s: sending step1", __func__);
   2147 	mm_request_send(sock, MONITOR_ANS_JPAKE_STEP1, m);
   2148 
   2149 	bzero(x3_proof, x3_proof_len);
   2150 	bzero(x4_proof, x4_proof_len);
   2151 	xfree(x3_proof);
   2152 	xfree(x4_proof);
   2153 
   2154 	monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_GET_PWDATA, 1);
   2155 	monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_STEP1, 0);
   2156 
   2157 	return 0;
   2158 }
   2159 
   2160 int
   2161 mm_answer_jpake_get_pwdata(int sock, Buffer *m)
   2162 {
   2163 	struct jpake_ctx *pctx = authctxt->jpake_ctx;
   2164 	char *hash_scheme, *salt;
   2165 
   2166 	if (pctx == NULL)
   2167 		fatal("%s: pctx == NULL", __func__);
   2168 
   2169 	auth2_jpake_get_pwdata(authctxt, &pctx->s, &hash_scheme, &salt);
   2170 
   2171 	buffer_clear(m);
   2172 	/* pctx->s is sensitive, not returned to slave */
   2173 	buffer_put_cstring(m, hash_scheme);
   2174 	buffer_put_cstring(m, salt);
   2175 
   2176 	debug3("%s: sending pwdata", __func__);
   2177 	mm_request_send(sock, MONITOR_ANS_JPAKE_GET_PWDATA, m);
   2178 
   2179 	bzero(hash_scheme, strlen(hash_scheme));
   2180 	bzero(salt, strlen(salt));
   2181 	xfree(hash_scheme);
   2182 	xfree(salt);
   2183 
   2184 	monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_STEP2, 1);
   2185 
   2186 	return 0;
   2187 }
   2188 
   2189 int
   2190 mm_answer_jpake_step2(int sock, Buffer *m)
   2191 {
   2192 	struct jpake_ctx *pctx = authctxt->jpake_ctx;
   2193 	u_char *x1_proof, *x2_proof, *x4_s_proof;
   2194 	u_int x1_proof_len, x2_proof_len, x4_s_proof_len;
   2195 
   2196 	if (pctx == NULL)
   2197 		fatal("%s: pctx == NULL", __func__);
   2198 
   2199 	if ((pctx->g_x1 = BN_new()) == NULL ||
   2200 	    (pctx->g_x2 = BN_new()) == NULL)
   2201 		fatal("%s: BN_new", __func__);
   2202 	buffer_get_bignum2(m, pctx->g_x1);
   2203 	buffer_get_bignum2(m, pctx->g_x2);
   2204 	pctx->client_id = buffer_get_string(m, &pctx->client_id_len);
   2205 	x1_proof = buffer_get_string(m, &x1_proof_len);
   2206 	x2_proof = buffer_get_string(m, &x2_proof_len);
   2207 
   2208 	jpake_step2(pctx->grp, pctx->s, pctx->g_x3,
   2209 	    pctx->g_x1, pctx->g_x2, pctx->x4,
   2210 	    pctx->client_id, pctx->client_id_len,
   2211 	    pctx->server_id, pctx->server_id_len,
   2212 	    x1_proof, x1_proof_len,
   2213 	    x2_proof, x2_proof_len,
   2214 	    &pctx->b,
   2215 	    &x4_s_proof, &x4_s_proof_len);
   2216 
   2217 	JPAKE_DEBUG_CTX((pctx, "step2 done in %s", __func__));
   2218 
   2219 	bzero(x1_proof, x1_proof_len);
   2220 	bzero(x2_proof, x2_proof_len);
   2221 	xfree(x1_proof);
   2222 	xfree(x2_proof);
   2223 
   2224 	buffer_clear(m);
   2225 
   2226 	buffer_put_bignum2(m, pctx->b);
   2227 	buffer_put_string(m, x4_s_proof, x4_s_proof_len);
   2228 
   2229 	debug3("%s: sending step2", __func__);
   2230 	mm_request_send(sock, MONITOR_ANS_JPAKE_STEP2, m);
   2231 
   2232 	bzero(x4_s_proof, x4_s_proof_len);
   2233 	xfree(x4_s_proof);
   2234 
   2235 	monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_KEY_CONFIRM, 1);
   2236 
   2237 	return 0;
   2238 }
   2239 
   2240 int
   2241 mm_answer_jpake_key_confirm(int sock, Buffer *m)
   2242 {
   2243 	struct jpake_ctx *pctx = authctxt->jpake_ctx;
   2244 	u_char *x2_s_proof;
   2245 	u_int x2_s_proof_len;
   2246 
   2247 	if (pctx == NULL)
   2248 		fatal("%s: pctx == NULL", __func__);
   2249 
   2250 	if ((pctx->a = BN_new()) == NULL)
   2251 		fatal("%s: BN_new", __func__);
   2252 	buffer_get_bignum2(m, pctx->a);
   2253 	x2_s_proof = buffer_get_string(m, &x2_s_proof_len);
   2254 
   2255 	jpake_key_confirm(pctx->grp, pctx->s, pctx->a,
   2256 	    pctx->x4, pctx->g_x3, pctx->g_x4, pctx->g_x1, pctx->g_x2,
   2257 	    pctx->server_id, pctx->server_id_len,
   2258 	    pctx->client_id, pctx->client_id_len,
   2259 	    session_id2, session_id2_len,
   2260 	    x2_s_proof, x2_s_proof_len,
   2261 	    &pctx->k,
   2262 	    &pctx->h_k_sid_sessid, &pctx->h_k_sid_sessid_len);
   2263 
   2264 	JPAKE_DEBUG_CTX((pctx, "key_confirm done in %s", __func__));
   2265 
   2266 	bzero(x2_s_proof, x2_s_proof_len);
   2267 	buffer_clear(m);
   2268 
   2269 	/* pctx->k is sensitive, not sent */
   2270 	buffer_put_string(m, pctx->h_k_sid_sessid, pctx->h_k_sid_sessid_len);
   2271 
   2272 	debug3("%s: sending confirmation hash", __func__);
   2273 	mm_request_send(sock, MONITOR_ANS_JPAKE_KEY_CONFIRM, m);
   2274 
   2275 	monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_CHECK_CONFIRM, 1);
   2276 
   2277 	return 0;
   2278 }
   2279 
   2280 int
   2281 mm_answer_jpake_check_confirm(int sock, Buffer *m)
   2282 {
   2283 	int authenticated = 0;
   2284 	u_char *peer_confirm_hash;
   2285 	u_int peer_confirm_hash_len;
   2286 	struct jpake_ctx *pctx = authctxt->jpake_ctx;
   2287 
   2288 	if (pctx == NULL)
   2289 		fatal("%s: pctx == NULL", __func__);
   2290 
   2291 	peer_confirm_hash = buffer_get_string(m, &peer_confirm_hash_len);
   2292 
   2293 	authenticated = jpake_check_confirm(pctx->k,
   2294 	    pctx->client_id, pctx->client_id_len,
   2295 	    session_id2, session_id2_len,
   2296 	    peer_confirm_hash, peer_confirm_hash_len) && authctxt->valid;
   2297 
   2298 	JPAKE_DEBUG_CTX((pctx, "check_confirm done in %s", __func__));
   2299 
   2300 	bzero(peer_confirm_hash, peer_confirm_hash_len);
   2301 	xfree(peer_confirm_hash);
   2302 
   2303 	buffer_clear(m);
   2304 	buffer_put_int(m, authenticated);
   2305 
   2306 	debug3("%s: sending result %d", __func__, authenticated);
   2307 	mm_request_send(sock, MONITOR_ANS_JPAKE_CHECK_CONFIRM, m);
   2308 
   2309 	monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_STEP1, 1);
   2310 
   2311 	auth_method = "jpake-01 (at) openssh.com";
   2312 	return authenticated;
   2313 }
   2314 
   2315 #endif /* JPAKE */
   2316