New upstream release (7.6p1)

1 files changed, 22 insertions, 9 deletions

diff --git a/monitor_wrap.c b/monitor_wrap.c
index 2ff8064a0..d806bb2e7 100644
--- a/monitor_wrap.c
+++ b/monitor_wrap.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor_wrap.c,v 1.89 2016/08/13 17:47:41 markus Exp $ */
+/* $OpenBSD: monitor_wrap.c,v 1.94 2017/10/02 19:33:20 djm Exp $ */
 /*
  * Copyright 2002 Niels Provos <provos@citi.umich.edu>
  * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -216,7 +216,7 @@ mm_choose_dh(int min, int nbits, int max)
 #endif
 
 int
-mm_key_sign(Key *key, u_char **sigp, u_int *lenp,
+mm_key_sign(struct sshkey *key, u_char **sigp, u_int *lenp,
     const u_char *data, u_int datalen, const char *hostkey_alg)
 {
         struct kex *kex = *pmonitor->m_pkex;
@@ -242,6 +242,7 @@ mm_key_sign(Key *key, u_char **sigp, u_int *lenp,
 struct passwd *
 mm_getpwnamallow(const char *username)
 {
+        struct ssh *ssh = active_state;         /* XXX */
         Buffer m;
         struct passwd *pw;
         u_int len, i;
@@ -289,12 +290,20 @@ out:
                 for (i = 0; i < newopts->nx; i++) \
                         newopts->x[i] = buffer_get_string(&m, NULL); \
         } while (0)
+#define M_CP_STRARRAYOPT_ALLOC(x, nx) do { \
+                newopts->x = newopts->nx == 0 ? \
+                    NULL : xcalloc(newopts->nx, sizeof(*newopts->x)); \
+                M_CP_STRARRAYOPT(x, nx); \
+        } while (0)
         /* See comment in servconf.h */
         COPY_MATCH_STRING_OPTS();
 #undef M_CP_STROPT
 #undef M_CP_STRARRAYOPT
+#undef M_CP_STRARRAYOPT_ALLOC
 
         copy_set_server_options(&options, newopts, 1);
+        log_change_level(options.log_level);
+        process_permitopen(ssh, &options);
         free(newopts);
 
         buffer_free(&m);
@@ -392,7 +401,8 @@ mm_auth_password(Authctxt *authctxt, char *password)
 }
 
 int
-mm_user_key_allowed(struct passwd *pw, Key *key, int pubkey_auth_attempt)
+mm_user_key_allowed(struct passwd *pw, struct sshkey *key,
+    int pubkey_auth_attempt)
 {
         return (mm_key_allowed(MM_USERKEY, NULL, NULL, key,
             pubkey_auth_attempt));
@@ -400,14 +410,14 @@ mm_user_key_allowed(struct passwd *pw, Key *key, int pubkey_auth_attempt)
 
 int
 mm_hostbased_key_allowed(struct passwd *pw, const char *user, const char *host,
-    Key *key)
+    struct sshkey *key)
 {
         return (mm_key_allowed(MM_HOSTKEY, user, host, key, 0));
 }
 
 int
 mm_key_allowed(enum mm_keytype type, const char *user, const char *host,
-    Key *key, int pubkey_auth_attempt)
+    struct sshkey *key, int pubkey_auth_attempt)
 {
         Buffer m;
         u_char *blob;
@@ -452,12 +462,13 @@ mm_key_allowed(enum mm_keytype type, const char *user, const char *host,
  */
 
 int
-mm_key_verify(Key *key, u_char *sig, u_int siglen, u_char *data, u_int datalen)
+mm_sshkey_verify(const struct sshkey *key, const u_char *sig, size_t siglen,
+    const u_char *data, size_t datalen, u_int compat)
 {
         Buffer m;
         u_char *blob;
         u_int len;
-        int verified = 0;
+        u_int encoded_ret = 0;
 
         debug3("%s entering", __func__);
 
@@ -476,11 +487,13 @@ mm_key_verify(Key *key, u_char *sig, u_int siglen, u_char *data, u_int datalen)
         debug3("%s: waiting for MONITOR_ANS_KEYVERIFY", __func__);
         mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_KEYVERIFY, &m);
 
-        verified = buffer_get_int(&m);
+        encoded_ret = buffer_get_int(&m);
 
         buffer_free(&m);
 
-        return (verified);
+        if (encoded_ret != 0)
+                return SSH_ERR_SIGNATURE_INVALID;
+        return 0;
 }
 
 void