diff options
| author | markus@openbsd.org <markus@openbsd.org> | 2018-07-09 21:29:36 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2018-07-10 15:25:25 +1000 |
| commit | c3cb7790e9efb14ba74b2d9f543ad593b3d55b31 (patch) | |
| tree | 54ae8b586e07b7620c2e9f054ff7e2d2d90eed62 | |
| parent | 2808d18ca47ad3d251836c555f0e22aaca03d15c (diff) | |
upstream: sshd: switch config to sshbuf API; ok djm@
OpenBSD-Commit-ID: 72b02017bac7feac48c9dceff8355056bea300bd
| -rw-r--r-- | servconf.c | 30 | ||||
| -rw-r--r-- | serverloop.c | 4 | ||||
| -rw-r--r-- | sshd.c | 58 |
3 files changed, 48 insertions, 44 deletions
diff --git a/servconf.c b/servconf.c index 97c268e3c..7ca67ce6b 100644 --- a/servconf.c +++ b/servconf.c | |||
| @@ -1,5 +1,5 @@ | |||
| 1 | 1 | ||
| 2 | /* $OpenBSD: servconf.c,v 1.337 2018/07/09 13:37:10 sf Exp $ */ | 2 | /* $OpenBSD: servconf.c,v 1.338 2018/07/09 21:29:36 markus Exp $ */ |
| 3 | /* | 3 | /* |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| 5 | * All rights reserved | 5 | * All rights reserved |
| @@ -45,7 +45,7 @@ | |||
| 45 | #include "xmalloc.h" | 45 | #include "xmalloc.h" |
| 46 | #include "ssh.h" | 46 | #include "ssh.h" |
| 47 | #include "log.h" | 47 | #include "log.h" |
| 48 | #include "buffer.h" | 48 | #include "sshbuf.h" |
| 49 | #include "misc.h" | 49 | #include "misc.h" |
| 50 | #include "servconf.h" | 50 | #include "servconf.h" |
| 51 | #include "compat.h" | 51 | #include "compat.h" |
| @@ -59,6 +59,7 @@ | |||
| 59 | #include "groupaccess.h" | 59 | #include "groupaccess.h" |
| 60 | #include "canohost.h" | 60 | #include "canohost.h" |
| 61 | #include "packet.h" | 61 | #include "packet.h" |
| 62 | #include "ssherr.h" | ||
| 62 | #include "hostfile.h" | 63 | #include "hostfile.h" |
| 63 | #include "auth.h" | 64 | #include "auth.h" |
| 64 | #include "myproposal.h" | 65 | #include "myproposal.h" |
| @@ -71,7 +72,7 @@ static void add_one_listen_addr(ServerOptions *, const char *, | |||
| 71 | 72 | ||
| 72 | /* Use of privilege separation or not */ | 73 | /* Use of privilege separation or not */ |
| 73 | extern int use_privsep; | 74 | extern int use_privsep; |
| 74 | extern Buffer cfg; | 75 | extern struct sshbuf *cfg; |
| 75 | 76 | ||
| 76 | /* Initializes the server options to their default values. */ | 77 | /* Initializes the server options to their default values. */ |
| 77 | 78 | ||
| @@ -2163,19 +2164,19 @@ process_server_config_line(ServerOptions *options, char *line, | |||
| 2163 | /* Reads the server configuration file. */ | 2164 | /* Reads the server configuration file. */ |
| 2164 | 2165 | ||
| 2165 | void | 2166 | void |
| 2166 | load_server_config(const char *filename, Buffer *conf) | 2167 | load_server_config(const char *filename, struct sshbuf *conf) |
| 2167 | { | 2168 | { |
| 2168 | char *line = NULL, *cp; | 2169 | char *line = NULL, *cp; |
| 2169 | size_t linesize = 0; | 2170 | size_t linesize = 0; |
| 2170 | FILE *f; | 2171 | FILE *f; |
| 2171 | int lineno = 0; | 2172 | int r, lineno = 0; |
| 2172 | 2173 | ||
| 2173 | debug2("%s: filename %s", __func__, filename); | 2174 | debug2("%s: filename %s", __func__, filename); |
| 2174 | if ((f = fopen(filename, "r")) == NULL) { | 2175 | if ((f = fopen(filename, "r")) == NULL) { |
| 2175 | perror(filename); | 2176 | perror(filename); |
| 2176 | exit(1); | 2177 | exit(1); |
| 2177 | } | 2178 | } |
| 2178 | buffer_clear(conf); | 2179 | sshbuf_reset(conf); |
| 2179 | while (getline(&line, &linesize, f) != -1) { | 2180 | while (getline(&line, &linesize, f) != -1) { |
| 2180 | lineno++; | 2181 | lineno++; |
| 2181 | /* | 2182 | /* |
| @@ -2186,13 +2187,14 @@ load_server_config(const char *filename, Buffer *conf) | |||
| 2186 | if ((cp = strchr(line, '#')) != NULL) | 2187 | if ((cp = strchr(line, '#')) != NULL) |
| 2187 | memcpy(cp, "\n", 2); | 2188 | memcpy(cp, "\n", 2); |
| 2188 | cp = line + strspn(line, " \t\r"); | 2189 | cp = line + strspn(line, " \t\r"); |
| 2189 | 2190 | if ((r = sshbuf_put(conf, cp, strlen(cp))) != 0) | |
| 2190 | buffer_append(conf, cp, strlen(cp)); | 2191 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
| 2191 | } | 2192 | } |
| 2192 | free(line); | 2193 | free(line); |
| 2193 | buffer_append(conf, "\0", 1); | 2194 | if ((r = sshbuf_put_u8(conf, 0)) != 0) |
| 2195 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | ||
| 2194 | fclose(f); | 2196 | fclose(f); |
| 2195 | debug2("%s: done config len = %d", __func__, buffer_len(conf)); | 2197 | debug2("%s: done config len = %zu", __func__, sshbuf_len(conf)); |
| 2196 | } | 2198 | } |
| 2197 | 2199 | ||
| 2198 | void | 2200 | void |
| @@ -2202,7 +2204,7 @@ parse_server_match_config(ServerOptions *options, | |||
| 2202 | ServerOptions mo; | 2204 | ServerOptions mo; |
| 2203 | 2205 | ||
| 2204 | initialize_server_options(&mo); | 2206 | initialize_server_options(&mo); |
| 2205 | parse_server_config(&mo, "reprocess config", &cfg, connectinfo); | 2207 | parse_server_config(&mo, "reprocess config", cfg, connectinfo); |
| 2206 | copy_set_server_options(options, &mo, 0); | 2208 | copy_set_server_options(options, &mo, 0); |
| 2207 | } | 2209 | } |
| 2208 | 2210 | ||
| @@ -2346,13 +2348,13 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) | |||
| 2346 | #undef M_CP_STRARRAYOPT | 2348 | #undef M_CP_STRARRAYOPT |
| 2347 | 2349 | ||
| 2348 | void | 2350 | void |
| 2349 | parse_server_config(ServerOptions *options, const char *filename, Buffer *conf, | 2351 | parse_server_config(ServerOptions *options, const char *filename, |
| 2350 | struct connection_info *connectinfo) | 2352 | struct sshbuf *conf, struct connection_info *connectinfo) |
| 2351 | { | 2353 | { |
| 2352 | int active, linenum, bad_options = 0; | 2354 | int active, linenum, bad_options = 0; |
| 2353 | char *cp, *obuf, *cbuf; | 2355 | char *cp, *obuf, *cbuf; |
| 2354 | 2356 | ||
| 2355 | debug2("%s: config %s len %d", __func__, filename, buffer_len(conf)); | 2357 | debug2("%s: config %s len %zu", __func__, filename, sshbuf_len(conf)); |
| 2356 | 2358 | ||
| 2357 | if ((obuf = cbuf = sshbuf_dup_string(conf)) == NULL) | 2359 | if ((obuf = cbuf = sshbuf_dup_string(conf)) == NULL) |
| 2358 | fatal("%s: sshbuf_dup_string failed", __func__); | 2360 | fatal("%s: sshbuf_dup_string failed", __func__); |
diff --git a/serverloop.c b/serverloop.c index 5ecafded8..f1b676f82 100644 --- a/serverloop.c +++ b/serverloop.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: serverloop.c,v 1.206 2018/06/08 01:55:40 djm Exp $ */ | 1 | /* $OpenBSD: serverloop.c,v 1.207 2018/07/09 21:29:36 markus Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -58,7 +58,7 @@ | |||
| 58 | #include "openbsd-compat/sys-queue.h" | 58 | #include "openbsd-compat/sys-queue.h" |
| 59 | #include "xmalloc.h" | 59 | #include "xmalloc.h" |
| 60 | #include "packet.h" | 60 | #include "packet.h" |
| 61 | #include "buffer.h" | 61 | #include "sshbuf.h" |
| 62 | #include "log.h" | 62 | #include "log.h" |
| 63 | #include "misc.h" | 63 | #include "misc.h" |
| 64 | #include "servconf.h" | 64 | #include "servconf.h" |
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: sshd.c,v 1.510 2018/07/09 21:26:02 markus Exp $ */ | 1 | /* $OpenBSD: sshd.c,v 1.511 2018/07/09 21:29:36 markus Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -91,7 +91,7 @@ | |||
| 91 | #include "sshpty.h" | 91 | #include "sshpty.h" |
| 92 | #include "packet.h" | 92 | #include "packet.h" |
| 93 | #include "log.h" | 93 | #include "log.h" |
| 94 | #include "buffer.h" | 94 | #include "sshbuf.h" |
| 95 | #include "misc.h" | 95 | #include "misc.h" |
| 96 | #include "match.h" | 96 | #include "match.h" |
| 97 | #include "servconf.h" | 97 | #include "servconf.h" |
| @@ -237,7 +237,7 @@ Authctxt *the_authctxt = NULL; | |||
| 237 | struct sshauthopt *auth_opts = NULL; | 237 | struct sshauthopt *auth_opts = NULL; |
| 238 | 238 | ||
| 239 | /* sshd_config buffer */ | 239 | /* sshd_config buffer */ |
| 240 | Buffer cfg; | 240 | struct sshbuf *cfg; |
| 241 | 241 | ||
| 242 | /* message to be displayed after login */ | 242 | /* message to be displayed after login */ |
| 243 | struct sshbuf *loginmsg; | 243 | struct sshbuf *loginmsg; |
| @@ -958,31 +958,33 @@ send_rexec_state(int fd, struct sshbuf *conf) | |||
| 958 | } | 958 | } |
| 959 | 959 | ||
| 960 | static void | 960 | static void |
| 961 | recv_rexec_state(int fd, Buffer *conf) | 961 | recv_rexec_state(int fd, struct sshbuf *conf) |
| 962 | { | 962 | { |
| 963 | Buffer m; | 963 | struct sshbuf *m; |
| 964 | char *cp; | 964 | u_char *cp, ver; |
| 965 | u_int len; | 965 | size_t len; |
| 966 | int r; | ||
| 966 | 967 | ||
| 967 | debug3("%s: entering fd = %d", __func__, fd); | 968 | debug3("%s: entering fd = %d", __func__, fd); |
| 968 | 969 | ||
| 969 | buffer_init(&m); | 970 | if ((m = sshbuf_new()) == NULL) |
| 970 | 971 | fatal("%s: sshbuf_new failed", __func__); | |
| 971 | if (ssh_msg_recv(fd, &m) == -1) | 972 | if (ssh_msg_recv(fd, m) == -1) |
| 972 | fatal("%s: ssh_msg_recv failed", __func__); | 973 | fatal("%s: ssh_msg_recv failed", __func__); |
| 973 | if (buffer_get_char(&m) != 0) | 974 | if ((r = sshbuf_get_u8(m, &ver)) != 0) |
| 975 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | ||
| 976 | if (ver != 0) | ||
| 974 | fatal("%s: rexec version mismatch", __func__); | 977 | fatal("%s: rexec version mismatch", __func__); |
| 975 | 978 | if ((r = sshbuf_get_string(m, &cp, &len)) != 0) | |
| 976 | cp = buffer_get_string(&m, &len); | 979 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
| 977 | if (conf != NULL) | 980 | if (conf != NULL && (r = sshbuf_put(conf, cp, len))) |
| 978 | buffer_append(conf, cp, len); | 981 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
| 979 | free(cp); | ||
| 980 | |||
| 981 | #if defined(WITH_OPENSSL) && !defined(OPENSSL_PRNG_ONLY) | 982 | #if defined(WITH_OPENSSL) && !defined(OPENSSL_PRNG_ONLY) |
| 982 | rexec_recv_rng_seed(&m); | 983 | rexec_recv_rng_seed(m); |
| 983 | #endif | 984 | #endif |
| 984 | 985 | ||
| 985 | buffer_free(&m); | 986 | free(cp); |
| 987 | sshbuf_free(m); | ||
| 986 | 988 | ||
| 987 | debug3("%s: done", __func__); | 989 | debug3("%s: done", __func__); |
| 988 | } | 990 | } |
| @@ -1263,8 +1265,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) | |||
| 1263 | startup_pipe = -1; | 1265 | startup_pipe = -1; |
| 1264 | pid = getpid(); | 1266 | pid = getpid(); |
| 1265 | if (rexec_flag) { | 1267 | if (rexec_flag) { |
| 1266 | send_rexec_state(config_s[0], | 1268 | send_rexec_state(config_s[0], cfg); |
| 1267 | &cfg); | ||
| 1268 | close(config_s[0]); | 1269 | close(config_s[0]); |
| 1269 | } | 1270 | } |
| 1270 | break; | 1271 | break; |
| @@ -1310,7 +1311,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) | |||
| 1310 | close(startup_p[1]); | 1311 | close(startup_p[1]); |
| 1311 | 1312 | ||
| 1312 | if (rexec_flag) { | 1313 | if (rexec_flag) { |
| 1313 | send_rexec_state(config_s[0], &cfg); | 1314 | send_rexec_state(config_s[0], cfg); |
| 1314 | close(config_s[0]); | 1315 | close(config_s[0]); |
| 1315 | close(config_s[1]); | 1316 | close(config_s[1]); |
| 1316 | } | 1317 | } |
| @@ -1662,14 +1663,15 @@ main(int ac, char **av) | |||
| 1662 | "test mode (-T)"); | 1663 | "test mode (-T)"); |
| 1663 | 1664 | ||
| 1664 | /* Fetch our configuration */ | 1665 | /* Fetch our configuration */ |
| 1665 | buffer_init(&cfg); | 1666 | if ((cfg = sshbuf_new()) == NULL) |
| 1667 | fatal("%s: sshbuf_new failed", __func__); | ||
| 1666 | if (rexeced_flag) | 1668 | if (rexeced_flag) |
| 1667 | recv_rexec_state(REEXEC_CONFIG_PASS_FD, &cfg); | 1669 | recv_rexec_state(REEXEC_CONFIG_PASS_FD, cfg); |
| 1668 | else if (strcasecmp(config_file_name, "none") != 0) | 1670 | else if (strcasecmp(config_file_name, "none") != 0) |
| 1669 | load_server_config(config_file_name, &cfg); | 1671 | load_server_config(config_file_name, cfg); |
| 1670 | 1672 | ||
| 1671 | parse_server_config(&options, rexeced_flag ? "rexec" : config_file_name, | 1673 | parse_server_config(&options, rexeced_flag ? "rexec" : config_file_name, |
| 1672 | &cfg, NULL); | 1674 | cfg, NULL); |
| 1673 | 1675 | ||
| 1674 | seed_rng(); | 1676 | seed_rng(); |
| 1675 | 1677 | ||
| @@ -1770,7 +1772,7 @@ main(int ac, char **av) | |||
| 1770 | keytype = pubkey->type; | 1772 | keytype = pubkey->type; |
| 1771 | } else if (key != NULL) { | 1773 | } else if (key != NULL) { |
| 1772 | keytype = key->type; | 1774 | keytype = key->type; |
| 1773 | accumulate_host_timing_secret(&cfg, key); | 1775 | accumulate_host_timing_secret(cfg, key); |
| 1774 | } else { | 1776 | } else { |
| 1775 | error("Could not load host key: %s", | 1777 | error("Could not load host key: %s", |
| 1776 | options.host_key_files[i]); | 1778 | options.host_key_files[i]); |
| @@ -1796,7 +1798,7 @@ main(int ac, char **av) | |||
| 1796 | key ? "private" : "agent", i, sshkey_ssh_name(pubkey), fp); | 1798 | key ? "private" : "agent", i, sshkey_ssh_name(pubkey), fp); |
| 1797 | free(fp); | 1799 | free(fp); |
| 1798 | } | 1800 | } |
| 1799 | accumulate_host_timing_secret(&cfg, NULL); | 1801 | accumulate_host_timing_secret(cfg, NULL); |
| 1800 | if (!sensitive_data.have_ssh2_key) { | 1802 | if (!sensitive_data.have_ssh2_key) { |
| 1801 | logit("sshd: no hostkeys available -- exiting."); | 1803 | logit("sshd: no hostkeys available -- exiting."); |
| 1802 | exit(1); | 1804 | exit(1); |