diff options
| author | Damien Miller <djm@mindrot.org> | 2018-07-10 19:39:52 +1000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2018-07-10 19:39:52 +1000 |
| commit | 120a1ec74e8d9d29f4eb9a27972ddd22351ddef9 (patch) | |
| tree | 52308557de781f1d8ffb083369e0c209bc305c02 /monitor_wrap.c | |
| parent | 0f3958c1e6ffb8ea4ba27e2a97a00326fce23246 (diff) | |
Adapt portable to legacy buffer API removal
Diffstat (limited to 'monitor_wrap.c')
| -rw-r--r-- | monitor_wrap.c | 192 |
1 files changed, 113 insertions, 79 deletions
diff --git a/monitor_wrap.c b/monitor_wrap.c index 682e39dec..e970da2e3 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c | |||
| @@ -407,7 +407,10 @@ int | |||
| 407 | mm_auth_password(struct ssh *ssh, char *password) | 407 | mm_auth_password(struct ssh *ssh, char *password) |
| 408 | { | 408 | { |
| 409 | struct sshbuf *m; | 409 | struct sshbuf *m; |
| 410 | int r, maxtries = 0, authenticated = 0; | 410 | int r, authenticated = 0; |
| 411 | #ifdef USE_PAM | ||
| 412 | u_int maxtries = 0; | ||
| 413 | #endif | ||
| 411 | 414 | ||
| 412 | debug3("%s entering", __func__); | 415 | debug3("%s entering", __func__); |
| 413 | 416 | ||
| @@ -426,6 +429,8 @@ mm_auth_password(struct ssh *ssh, char *password) | |||
| 426 | #ifdef USE_PAM | 429 | #ifdef USE_PAM |
| 427 | if ((r = sshbuf_get_u32(m, &maxtries)) != 0) | 430 | if ((r = sshbuf_get_u32(m, &maxtries)) != 0) |
| 428 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | 431 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
| 432 | if (maxtries > INT_MAX) | ||
| 433 | fatal("%s: bad maxtries %u", __func__, maxtries); | ||
| 429 | sshpam_set_maxtries_reached(maxtries); | 434 | sshpam_set_maxtries_reached(maxtries); |
| 430 | #endif | 435 | #endif |
| 431 | 436 | ||
| @@ -637,40 +642,44 @@ mm_session_pty_cleanup2(Session *s) | |||
| 637 | void | 642 | void |
| 638 | mm_start_pam(Authctxt *authctxt) | 643 | mm_start_pam(Authctxt *authctxt) |
| 639 | { | 644 | { |
| 640 | Buffer m; | 645 | struct sshbuf *m; |
| 641 | 646 | ||
| 642 | debug3("%s entering", __func__); | 647 | debug3("%s entering", __func__); |
| 643 | if (!options.use_pam) | 648 | if (!options.use_pam) |
| 644 | fatal("UsePAM=no, but ended up in %s anyway", __func__); | 649 | fatal("UsePAM=no, but ended up in %s anyway", __func__); |
| 650 | if ((m = sshbuf_new()) == NULL) | ||
| 651 | fatal("%s: sshbuf_new failed", __func__); | ||
| 652 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_START, m); | ||
| 645 | 653 | ||
| 646 | buffer_init(&m); | 654 | sshbuf_free(m); |
| 647 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_START, &m); | ||
| 648 | |||
| 649 | buffer_free(&m); | ||
| 650 | } | 655 | } |
| 651 | 656 | ||
| 652 | u_int | 657 | u_int |
| 653 | mm_do_pam_account(void) | 658 | mm_do_pam_account(void) |
| 654 | { | 659 | { |
| 655 | Buffer m; | 660 | struct sshbuf *m; |
| 656 | u_int ret; | 661 | u_int ret; |
| 657 | char *msg; | 662 | char *msg; |
| 663 | size_t msglen; | ||
| 664 | int r; | ||
| 658 | 665 | ||
| 659 | debug3("%s entering", __func__); | 666 | debug3("%s entering", __func__); |
| 660 | if (!options.use_pam) | 667 | if (!options.use_pam) |
| 661 | fatal("UsePAM=no, but ended up in %s anyway", __func__); | 668 | fatal("UsePAM=no, but ended up in %s anyway", __func__); |
| 662 | 669 | ||
| 663 | buffer_init(&m); | 670 | if ((m = sshbuf_new()) == NULL) |
| 664 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_ACCOUNT, &m); | 671 | fatal("%s: sshbuf_new failed", __func__); |
| 672 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_ACCOUNT, m); | ||
| 665 | 673 | ||
| 666 | mm_request_receive_expect(pmonitor->m_recvfd, | 674 | mm_request_receive_expect(pmonitor->m_recvfd, |
| 667 | MONITOR_ANS_PAM_ACCOUNT, &m); | 675 | MONITOR_ANS_PAM_ACCOUNT, m); |
| 668 | ret = buffer_get_int(&m); | 676 | if ((r = sshbuf_get_u32(m, &ret)) != 0 || |
| 669 | msg = buffer_get_string(&m, NULL); | 677 | (r = sshbuf_get_cstring(m, &msg, &msglen)) != 0 || |
| 670 | buffer_append(&loginmsg, msg, strlen(msg)); | 678 | (r = sshbuf_put(loginmsg, msg, msglen)) != 0) |
| 671 | free(msg); | 679 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
| 672 | 680 | ||
| 673 | buffer_free(&m); | 681 | free(msg); |
| 682 | sshbuf_free(m); | ||
| 674 | 683 | ||
| 675 | debug3("%s returning %d", __func__, ret); | 684 | debug3("%s returning %d", __func__, ret); |
| 676 | 685 | ||
| @@ -680,21 +689,24 @@ mm_do_pam_account(void) | |||
| 680 | void * | 689 | void * |
| 681 | mm_sshpam_init_ctx(Authctxt *authctxt) | 690 | mm_sshpam_init_ctx(Authctxt *authctxt) |
| 682 | { | 691 | { |
| 683 | Buffer m; | 692 | struct sshbuf *m; |
| 684 | int success; | 693 | int r, success; |
| 685 | 694 | ||
| 686 | debug3("%s", __func__); | 695 | debug3("%s", __func__); |
| 687 | buffer_init(&m); | 696 | if ((m = sshbuf_new()) == NULL) |
| 688 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_INIT_CTX, &m); | 697 | fatal("%s: sshbuf_new failed", __func__); |
| 698 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_INIT_CTX, m); | ||
| 689 | debug3("%s: waiting for MONITOR_ANS_PAM_INIT_CTX", __func__); | 699 | debug3("%s: waiting for MONITOR_ANS_PAM_INIT_CTX", __func__); |
| 690 | mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_INIT_CTX, &m); | 700 | mm_request_receive_expect(pmonitor->m_recvfd, |
| 691 | success = buffer_get_int(&m); | 701 | MONITOR_ANS_PAM_INIT_CTX, m); |
| 702 | if ((r = sshbuf_get_u32(m, &success)) != 0) | ||
| 703 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | ||
| 692 | if (success == 0) { | 704 | if (success == 0) { |
| 693 | debug3("%s: pam_init_ctx failed", __func__); | 705 | debug3("%s: pam_init_ctx failed", __func__); |
| 694 | buffer_free(&m); | 706 | sshbuf_free(m); |
| 695 | return (NULL); | 707 | return (NULL); |
| 696 | } | 708 | } |
| 697 | buffer_free(&m); | 709 | sshbuf_free(m); |
| 698 | return (authctxt); | 710 | return (authctxt); |
| 699 | } | 711 | } |
| 700 | 712 | ||
| @@ -702,66 +714,79 @@ int | |||
| 702 | mm_sshpam_query(void *ctx, char **name, char **info, | 714 | mm_sshpam_query(void *ctx, char **name, char **info, |
| 703 | u_int *num, char ***prompts, u_int **echo_on) | 715 | u_int *num, char ***prompts, u_int **echo_on) |
| 704 | { | 716 | { |
| 705 | Buffer m; | 717 | struct sshbuf *m; |
| 706 | u_int i; | 718 | u_int i, n; |
| 707 | int ret; | 719 | int r, ret; |
| 708 | 720 | ||
| 709 | debug3("%s", __func__); | 721 | debug3("%s", __func__); |
| 710 | buffer_init(&m); | 722 | if ((m = sshbuf_new()) == NULL) |
| 711 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_QUERY, &m); | 723 | fatal("%s: sshbuf_new failed", __func__); |
| 724 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_QUERY, m); | ||
| 712 | debug3("%s: waiting for MONITOR_ANS_PAM_QUERY", __func__); | 725 | debug3("%s: waiting for MONITOR_ANS_PAM_QUERY", __func__); |
| 713 | mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_QUERY, &m); | 726 | mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_QUERY, m); |
| 714 | ret = buffer_get_int(&m); | 727 | if ((r = sshbuf_get_u32(m, &ret)) != 0 || |
| 728 | (r = sshbuf_get_cstring(m, name, NULL)) != 0 || | ||
| 729 | (r = sshbuf_get_cstring(m, info, NULL)) != 0 || | ||
| 730 | (r = sshbuf_get_u32(m, &n)) != 0 || | ||
| 731 | (r = sshbuf_get_u32(m, num)) != 0) | ||
| 732 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | ||
| 715 | debug3("%s: pam_query returned %d", __func__, ret); | 733 | debug3("%s: pam_query returned %d", __func__, ret); |
| 716 | *name = buffer_get_string(&m, NULL); | 734 | sshpam_set_maxtries_reached(n); |
| 717 | *info = buffer_get_string(&m, NULL); | ||
| 718 | sshpam_set_maxtries_reached(buffer_get_int(&m)); | ||
| 719 | *num = buffer_get_int(&m); | ||
| 720 | if (*num > PAM_MAX_NUM_MSG) | 735 | if (*num > PAM_MAX_NUM_MSG) |
| 721 | fatal("%s: received %u PAM messages, expected <= %u", | 736 | fatal("%s: received %u PAM messages, expected <= %u", |
| 722 | __func__, *num, PAM_MAX_NUM_MSG); | 737 | __func__, *num, PAM_MAX_NUM_MSG); |
| 723 | *prompts = xcalloc((*num + 1), sizeof(char *)); | 738 | *prompts = xcalloc((*num + 1), sizeof(char *)); |
| 724 | *echo_on = xcalloc((*num + 1), sizeof(u_int)); | 739 | *echo_on = xcalloc((*num + 1), sizeof(u_int)); |
| 725 | for (i = 0; i < *num; ++i) { | 740 | for (i = 0; i < *num; ++i) { |
| 726 | (*prompts)[i] = buffer_get_string(&m, NULL); | 741 | if ((r = sshbuf_get_cstring(m, &((*prompts)[i]), NULL)) != 0 || |
| 727 | (*echo_on)[i] = buffer_get_int(&m); | 742 | (r = sshbuf_get_u32(m, &((*echo_on)[i]))) != 0) |
| 743 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | ||
| 728 | } | 744 | } |
| 729 | buffer_free(&m); | 745 | sshbuf_free(m); |
| 730 | return (ret); | 746 | return (ret); |
| 731 | } | 747 | } |
| 732 | 748 | ||
| 733 | int | 749 | int |
| 734 | mm_sshpam_respond(void *ctx, u_int num, char **resp) | 750 | mm_sshpam_respond(void *ctx, u_int num, char **resp) |
| 735 | { | 751 | { |
| 736 | Buffer m; | 752 | struct sshbuf *m; |
| 737 | u_int i; | 753 | u_int n, i; |
| 738 | int ret; | 754 | int r, ret; |
| 739 | 755 | ||
| 740 | debug3("%s", __func__); | 756 | debug3("%s", __func__); |
| 741 | buffer_init(&m); | 757 | if ((m = sshbuf_new()) == NULL) |
| 742 | buffer_put_int(&m, num); | 758 | fatal("%s: sshbuf_new failed", __func__); |
| 743 | for (i = 0; i < num; ++i) | 759 | if ((r = sshbuf_put_u32(m, num)) != 0) |
| 744 | buffer_put_cstring(&m, resp[i]); | 760 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
| 745 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_RESPOND, &m); | 761 | for (i = 0; i < num; ++i) { |
| 762 | if ((r = sshbuf_put_cstring(m, resp[i])) != 0) | ||
| 763 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | ||
| 764 | } | ||
| 765 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_RESPOND, m); | ||
| 746 | debug3("%s: waiting for MONITOR_ANS_PAM_RESPOND", __func__); | 766 | debug3("%s: waiting for MONITOR_ANS_PAM_RESPOND", __func__); |
| 747 | mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_RESPOND, &m); | 767 | mm_request_receive_expect(pmonitor->m_recvfd, |
| 748 | ret = buffer_get_int(&m); | 768 | MONITOR_ANS_PAM_RESPOND, m); |
| 769 | if ((r = sshbuf_get_u32(m, &n)) != 0) | ||
| 770 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | ||
| 771 | ret = (int)n; /* XXX */ | ||
| 749 | debug3("%s: pam_respond returned %d", __func__, ret); | 772 | debug3("%s: pam_respond returned %d", __func__, ret); |
| 750 | buffer_free(&m); | 773 | sshbuf_free(m); |
| 751 | return (ret); | 774 | return (ret); |
| 752 | } | 775 | } |
| 753 | 776 | ||
| 754 | void | 777 | void |
| 755 | mm_sshpam_free_ctx(void *ctxtp) | 778 | mm_sshpam_free_ctx(void *ctxtp) |
| 756 | { | 779 | { |
| 757 | Buffer m; | 780 | struct sshbuf *m; |
| 758 | 781 | ||
| 759 | debug3("%s", __func__); | 782 | debug3("%s", __func__); |
| 760 | buffer_init(&m); | 783 | if ((m = sshbuf_new()) == NULL) |
| 761 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_FREE_CTX, &m); | 784 | fatal("%s: sshbuf_new failed", __func__); |
| 785 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_FREE_CTX, m); | ||
| 762 | debug3("%s: waiting for MONITOR_ANS_PAM_FREE_CTX", __func__); | 786 | debug3("%s: waiting for MONITOR_ANS_PAM_FREE_CTX", __func__); |
| 763 | mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_FREE_CTX, &m); | 787 | mm_request_receive_expect(pmonitor->m_recvfd, |
| 764 | buffer_free(&m); | 788 | MONITOR_ANS_PAM_FREE_CTX, m); |
| 789 | sshbuf_free(m); | ||
| 765 | } | 790 | } |
| 766 | #endif /* USE_PAM */ | 791 | #endif /* USE_PAM */ |
| 767 | 792 | ||
| @@ -859,27 +884,29 @@ int | |||
| 859 | mm_skey_query(void *ctx, char **name, char **infotxt, | 884 | mm_skey_query(void *ctx, char **name, char **infotxt, |
| 860 | u_int *numprompts, char ***prompts, u_int **echo_on) | 885 | u_int *numprompts, char ***prompts, u_int **echo_on) |
| 861 | { | 886 | { |
| 862 | Buffer m; | 887 | struct sshbuf *m; |
| 863 | u_int success; | 888 | u_int success; |
| 864 | char *challenge; | 889 | char *challenge; |
| 865 | 890 | ||
| 866 | debug3("%s: entering", __func__); | 891 | debug3("%s: entering", __func__); |
| 867 | 892 | ||
| 868 | buffer_init(&m); | 893 | if ((m = sshbuf_new()) == NULL) |
| 869 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SKEYQUERY, &m); | 894 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
| 895 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SKEYQUERY, m); | ||
| 870 | 896 | ||
| 871 | mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_SKEYQUERY, | 897 | mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_SKEYQUERY, m); |
| 872 | &m); | 898 | if ((r = sshbuf_get_u32(m, &success)) != 0) |
| 873 | success = buffer_get_int(&m); | 899 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
| 874 | if (success == 0) { | 900 | if (success == 0) { |
| 875 | debug3("%s: no challenge", __func__); | 901 | debug3("%s: no challenge", __func__); |
| 876 | buffer_free(&m); | 902 | sshbuf_free(m); |
| 877 | return (-1); | 903 | return (-1); |
| 878 | } | 904 | } |
| 879 | 905 | ||
| 880 | /* Get the challenge, and format the response */ | 906 | /* Get the challenge, and format the response */ |
| 881 | challenge = buffer_get_string(&m, NULL); | 907 | if ((r = sshbuf_get_cstring(m, &challenge)) != 0) |
| 882 | buffer_free(&m); | 908 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
| 909 | sshbuf_free(m); | ||
| 883 | 910 | ||
| 884 | debug3("%s: received challenge: %s", __func__, challenge); | 911 | debug3("%s: received challenge: %s", __func__, challenge); |
| 885 | 912 | ||
| @@ -894,22 +921,25 @@ mm_skey_query(void *ctx, char **name, char **infotxt, | |||
| 894 | int | 921 | int |
| 895 | mm_skey_respond(void *ctx, u_int numresponses, char **responses) | 922 | mm_skey_respond(void *ctx, u_int numresponses, char **responses) |
| 896 | { | 923 | { |
| 897 | Buffer m; | 924 | struct sshbuf *m; |
| 898 | int authok; | 925 | int authok; |
| 899 | 926 | ||
| 900 | debug3("%s: entering", __func__); | 927 | debug3("%s: entering", __func__); |
| 901 | if (numresponses != 1) | 928 | if (numresponses != 1) |
| 902 | return (-1); | 929 | return (-1); |
| 903 | 930 | ||
| 904 | buffer_init(&m); | 931 | if ((m = sshbuf_new()) == NULL) |
| 905 | buffer_put_cstring(&m, responses[0]); | 932 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
| 906 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SKEYRESPOND, &m); | 933 | if ((r = sshbuf_put_cstring(m, responses[0])) != 0) |
| 934 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | ||
| 935 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SKEYRESPOND, m); | ||
| 907 | 936 | ||
| 908 | mm_request_receive_expect(pmonitor->m_recvfd, | 937 | mm_request_receive_expect(pmonitor->m_recvfd, |
| 909 | MONITOR_ANS_SKEYRESPOND, &m); | 938 | MONITOR_ANS_SKEYRESPOND, m); |
| 910 | 939 | ||
| 911 | authok = buffer_get_int(&m); | 940 | if ((r = sshbuf_get_u32(m, &authok)) != 0) |
| 912 | buffer_free(&m); | 941 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
| 942 | sshbuf_free(m); | ||
| 913 | 943 | ||
| 914 | return ((authok == 0) ? -1 : 0); | 944 | return ((authok == 0) ? -1 : 0); |
| 915 | } | 945 | } |
| @@ -919,29 +949,33 @@ mm_skey_respond(void *ctx, u_int numresponses, char **responses) | |||
| 919 | void | 949 | void |
| 920 | mm_audit_event(ssh_audit_event_t event) | 950 | mm_audit_event(ssh_audit_event_t event) |
| 921 | { | 951 | { |
| 922 | Buffer m; | 952 | struct sshbuf *m; |
| 923 | 953 | ||
| 924 | debug3("%s entering", __func__); | 954 | debug3("%s entering", __func__); |
| 925 | 955 | ||
| 926 | buffer_init(&m); | 956 | if ((m = sshbuf_new()) == NULL) |
| 927 | buffer_put_int(&m, event); | 957 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
| 958 | if ((r = sshbuf_put_u32(m, event)) != 0) | ||
| 959 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | ||
| 928 | 960 | ||
| 929 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_EVENT, &m); | 961 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_EVENT, m); |
| 930 | buffer_free(&m); | 962 | sshbuf_free(m); |
| 931 | } | 963 | } |
| 932 | 964 | ||
| 933 | void | 965 | void |
| 934 | mm_audit_run_command(const char *command) | 966 | mm_audit_run_command(const char *command) |
| 935 | { | 967 | { |
| 936 | Buffer m; | 968 | struct sshbuf *m; |
| 937 | 969 | ||
| 938 | debug3("%s entering command %s", __func__, command); | 970 | debug3("%s entering command %s", __func__, command); |
| 939 | 971 | ||
| 940 | buffer_init(&m); | 972 | if ((m = sshbuf_new()) == NULL) |
| 941 | buffer_put_cstring(&m, command); | 973 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
| 974 | if ((r = sshbuf_put_cstring(m, command)) != 0) | ||
| 975 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | ||
| 942 | 976 | ||
| 943 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_COMMAND, &m); | 977 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_COMMAND, m); |
| 944 | buffer_free(&m); | 978 | sshbuf_free(m); |
| 945 | } | 979 | } |
| 946 | #endif /* SSH_AUDIT_EVENTS */ | 980 | #endif /* SSH_AUDIT_EVENTS */ |
| 947 | 981 | ||