summaryrefslogtreecommitdiff
path: root/monitor_wrap.c
diff options
context:
space:
mode:
authormarkus@openbsd.org <markus@openbsd.org>2018-07-09 21:53:45 +0000
committerDamien Miller <djm@mindrot.org>2018-07-10 16:40:18 +1000
commit235c7c4e3bf046982c2d8242f30aacffa01073d1 (patch)
treefd07c3d2ef2b932e23f26bbfdb4336e1fcfef3a9 /monitor_wrap.c
parentb8d9214d969775e409e1408ecdf0d58fad99b344 (diff)
upstream: sshd: switch monitor to sshbuf API; lots of help & ok
djm@ OpenBSD-Commit-ID: d89bd02d33974fd35ca0b8940d88572227b34a48
Diffstat (limited to 'monitor_wrap.c')
-rw-r--r--monitor_wrap.c485
1 files changed, 284 insertions, 201 deletions
diff --git a/monitor_wrap.c b/monitor_wrap.c
index 6bf041093..cf38b230b 100644
--- a/monitor_wrap.c
+++ b/monitor_wrap.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: monitor_wrap.c,v 1.102 2018/07/09 21:26:02 markus Exp $ */ 1/* $OpenBSD: monitor_wrap.c,v 1.103 2018/07/09 21:53:45 markus Exp $ */
2/* 2/*
3 * Copyright 2002 Niels Provos <provos@citi.umich.edu> 3 * Copyright 2002 Niels Provos <provos@citi.umich.edu>
4 * Copyright 2002 Markus Friedl <markus@openbsd.org> 4 * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -50,7 +50,7 @@
50#ifdef WITH_OPENSSL 50#ifdef WITH_OPENSSL
51#include "dh.h" 51#include "dh.h"
52#endif 52#endif
53#include "buffer.h" 53#include "sshbuf.h"
54#include "key.h" 54#include "key.h"
55#include "cipher.h" 55#include "cipher.h"
56#include "kex.h" 56#include "kex.h"
@@ -93,27 +93,28 @@ extern ServerOptions options;
93void 93void
94mm_log_handler(LogLevel level, const char *msg, void *ctx) 94mm_log_handler(LogLevel level, const char *msg, void *ctx)
95{ 95{
96 Buffer log_msg; 96 struct sshbuf *log_msg;
97 struct monitor *mon = (struct monitor *)ctx; 97 struct monitor *mon = (struct monitor *)ctx;
98 int r;
99 size_t len;
98 100
99 if (mon->m_log_sendfd == -1) 101 if (mon->m_log_sendfd == -1)
100 fatal("%s: no log channel", __func__); 102 fatal("%s: no log channel", __func__);
101 103
102 buffer_init(&log_msg); 104 if ((log_msg = sshbuf_new()) == NULL)
103 /* 105 fatal("%s: sshbuf_new failed", __func__);
104 * Placeholder for packet length. Will be filled in with the actual
105 * packet length once the packet has been constucted. This saves
106 * fragile math.
107 */
108 buffer_put_int(&log_msg, 0);
109 106
110 buffer_put_int(&log_msg, level); 107 if ((r = sshbuf_put_u32(log_msg, 0)) != 0 || /* length; filled below */
111 buffer_put_cstring(&log_msg, msg); 108 (r = sshbuf_put_u32(log_msg, level)) != 0 ||
112 put_u32(buffer_ptr(&log_msg), buffer_len(&log_msg) - 4); 109 (r = sshbuf_put_cstring(log_msg, msg)) != 0)
113 if (atomicio(vwrite, mon->m_log_sendfd, buffer_ptr(&log_msg), 110 fatal("%s: buffer error: %s", __func__, ssh_err(r));
114 buffer_len(&log_msg)) != buffer_len(&log_msg)) 111 if ((len = sshbuf_len(log_msg)) < 4 || len > 0xffffffff)
112 fatal("%s: bad length %zu", __func__, len);
113 POKE_U32(sshbuf_mutable_ptr(log_msg), len - 4);
114 if (atomicio(vwrite, mon->m_log_sendfd,
115 sshbuf_mutable_ptr(log_msg), len) != len)
115 fatal("%s: write: %s", __func__, strerror(errno)); 116 fatal("%s: write: %s", __func__, strerror(errno));
116 buffer_free(&log_msg); 117 sshbuf_free(log_msg);
117} 118}
118 119
119int 120int
@@ -127,26 +128,29 @@ mm_is_monitor(void)
127} 128}
128 129
129void 130void
130mm_request_send(int sock, enum monitor_reqtype type, Buffer *m) 131mm_request_send(int sock, enum monitor_reqtype type, struct sshbuf *m)
131{ 132{
132 u_int mlen = buffer_len(m); 133 size_t mlen = sshbuf_len(m);
133 u_char buf[5]; 134 u_char buf[5];
134 135
135 debug3("%s entering: type %d", __func__, type); 136 debug3("%s entering: type %d", __func__, type);
136 137
137 put_u32(buf, mlen + 1); 138 if (mlen >= 0xffffffff)
139 fatal("%s: bad length %zu", __func__, mlen);
140 POKE_U32(buf, mlen + 1);
138 buf[4] = (u_char) type; /* 1st byte of payload is mesg-type */ 141 buf[4] = (u_char) type; /* 1st byte of payload is mesg-type */
139 if (atomicio(vwrite, sock, buf, sizeof(buf)) != sizeof(buf)) 142 if (atomicio(vwrite, sock, buf, sizeof(buf)) != sizeof(buf))
140 fatal("%s: write: %s", __func__, strerror(errno)); 143 fatal("%s: write: %s", __func__, strerror(errno));
141 if (atomicio(vwrite, sock, buffer_ptr(m), mlen) != mlen) 144 if (atomicio(vwrite, sock, sshbuf_mutable_ptr(m), mlen) != mlen)
142 fatal("%s: write: %s", __func__, strerror(errno)); 145 fatal("%s: write: %s", __func__, strerror(errno));
143} 146}
144 147
145void 148void
146mm_request_receive(int sock, Buffer *m) 149mm_request_receive(int sock, struct sshbuf *m)
147{ 150{
148 u_char buf[4]; 151 u_char buf[4], *p = NULL;
149 u_int msg_len; 152 u_int msg_len;
153 int r;
150 154
151 debug3("%s entering", __func__); 155 debug3("%s entering", __func__);
152 156
@@ -155,24 +159,27 @@ mm_request_receive(int sock, Buffer *m)
155 cleanup_exit(255); 159 cleanup_exit(255);
156 fatal("%s: read: %s", __func__, strerror(errno)); 160 fatal("%s: read: %s", __func__, strerror(errno));
157 } 161 }
158 msg_len = get_u32(buf); 162 msg_len = PEEK_U32(buf);
159 if (msg_len > 256 * 1024) 163 if (msg_len > 256 * 1024)
160 fatal("%s: read: bad msg_len %d", __func__, msg_len); 164 fatal("%s: read: bad msg_len %d", __func__, msg_len);
161 buffer_clear(m); 165 sshbuf_reset(m);
162 buffer_append_space(m, msg_len); 166 if ((r = sshbuf_reserve(m, msg_len, &p)) != 0)
163 if (atomicio(read, sock, buffer_ptr(m), msg_len) != msg_len) 167 fatal("%s: buffer error: %s", __func__, ssh_err(r));
168 if (atomicio(read, sock, p, msg_len) != msg_len)
164 fatal("%s: read: %s", __func__, strerror(errno)); 169 fatal("%s: read: %s", __func__, strerror(errno));
165} 170}
166 171
167void 172void
168mm_request_receive_expect(int sock, enum monitor_reqtype type, Buffer *m) 173mm_request_receive_expect(int sock, enum monitor_reqtype type, struct sshbuf *m)
169{ 174{
170 u_char rtype; 175 u_char rtype;
176 int r;
171 177
172 debug3("%s entering: type %d", __func__, type); 178 debug3("%s entering: type %d", __func__, type);
173 179
174 mm_request_receive(sock, m); 180 mm_request_receive(sock, m);
175 rtype = buffer_get_char(m); 181 if ((r = sshbuf_get_u8(m, &rtype)) != 0)
182 fatal("%s: buffer error: %s", __func__, ssh_err(r));
176 if (rtype != type) 183 if (rtype != type)
177 fatal("%s: read: rtype %d != type %d", __func__, 184 fatal("%s: read: rtype %d != type %d", __func__,
178 rtype, type); 185 rtype, type);
@@ -183,20 +190,24 @@ DH *
183mm_choose_dh(int min, int nbits, int max) 190mm_choose_dh(int min, int nbits, int max)
184{ 191{
185 BIGNUM *p, *g; 192 BIGNUM *p, *g;
186 int success = 0; 193 int r;
187 Buffer m; 194 u_char success = 0;
195 struct sshbuf *m;
188 196
189 buffer_init(&m); 197 if ((m = sshbuf_new()) == NULL)
190 buffer_put_int(&m, min); 198 fatal("%s: sshbuf_new failed", __func__);
191 buffer_put_int(&m, nbits); 199 if ((r = sshbuf_put_u32(m, min)) != 0 ||
192 buffer_put_int(&m, max); 200 (r = sshbuf_put_u32(m, nbits)) != 0 ||
201 (r = sshbuf_put_u32(m, max)) != 0)
202 fatal("%s: buffer error: %s", __func__, ssh_err(r));
193 203
194 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_MODULI, &m); 204 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_MODULI, m);
195 205
196 debug3("%s: waiting for MONITOR_ANS_MODULI", __func__); 206 debug3("%s: waiting for MONITOR_ANS_MODULI", __func__);
197 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_MODULI, &m); 207 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_MODULI, m);
198 208
199 success = buffer_get_char(&m); 209 if ((r = sshbuf_get_u8(m, &success)) != 0)
210 fatal("%s: buffer error: %s", __func__, ssh_err(r));
200 if (success == 0) 211 if (success == 0)
201 fatal("%s: MONITOR_ANS_MODULI failed", __func__); 212 fatal("%s: MONITOR_ANS_MODULI failed", __func__);
202 213
@@ -204,11 +215,12 @@ mm_choose_dh(int min, int nbits, int max)
204 fatal("%s: BN_new failed", __func__); 215 fatal("%s: BN_new failed", __func__);
205 if ((g = BN_new()) == NULL) 216 if ((g = BN_new()) == NULL)
206 fatal("%s: BN_new failed", __func__); 217 fatal("%s: BN_new failed", __func__);
207 buffer_get_bignum2(&m, p); 218 if ((r = sshbuf_get_bignum2(m, p)) != 0 ||
208 buffer_get_bignum2(&m, g); 219 (r = sshbuf_get_bignum2(m, g)) != 0)
220 fatal("%s: buffer error: %s", __func__, ssh_err(r));
209 221
210 debug3("%s: remaining %d", __func__, buffer_len(&m)); 222 debug3("%s: remaining %zu", __func__, sshbuf_len(m));
211 buffer_free(&m); 223 sshbuf_free(m);
212 224
213 return (dh_new_group(g, p)); 225 return (dh_new_group(g, p));
214} 226}
@@ -219,21 +231,30 @@ mm_key_sign(struct sshkey *key, u_char **sigp, u_int *lenp,
219 const u_char *data, u_int datalen, const char *hostkey_alg) 231 const u_char *data, u_int datalen, const char *hostkey_alg)
220{ 232{
221 struct kex *kex = *pmonitor->m_pkex; 233 struct kex *kex = *pmonitor->m_pkex;
222 Buffer m; 234 struct sshbuf *m;
235 size_t xxxlen;
236 u_int ndx = kex->host_key_index(key, 0, active_state);
237 int r;
223 238
224 debug3("%s entering", __func__); 239 debug3("%s entering", __func__);
225 240
226 buffer_init(&m); 241 if ((m = sshbuf_new()) == NULL)
227 buffer_put_int(&m, kex->host_key_index(key, 0, active_state)); 242 fatal("%s: sshbuf_new failed", __func__);
228 buffer_put_string(&m, data, datalen); 243 if ((r = sshbuf_put_u32(m, ndx)) != 0 ||
229 buffer_put_cstring(&m, hostkey_alg); 244 (r = sshbuf_put_string(m, data, datalen)) != 0 ||
245 (r = sshbuf_put_cstring(m, hostkey_alg)) != 0)
246 fatal("%s: buffer error: %s", __func__, ssh_err(r));
230 247
231 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SIGN, &m); 248 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SIGN, m);
232 249
233 debug3("%s: waiting for MONITOR_ANS_SIGN", __func__); 250 debug3("%s: waiting for MONITOR_ANS_SIGN", __func__);
234 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_SIGN, &m); 251 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_SIGN, m);
235 *sigp = buffer_get_string(&m, lenp); 252 if ((r = sshbuf_get_string(m, sigp, &xxxlen)) != 0)
236 buffer_free(&m); 253 fatal("%s: buffer error: %s", __func__, ssh_err(r));
254 if (xxxlen > 0xffffffff)
255 fatal("%s: bad length %zu", __func__, xxxlen);
256 *lenp = xxxlen; /* XXX fix API: size_t vs u_int */
257 sshbuf_free(m);
237 258
238 return (0); 259 return (0);
239} 260}
@@ -242,54 +263,80 @@ struct passwd *
242mm_getpwnamallow(const char *username) 263mm_getpwnamallow(const char *username)
243{ 264{
244 struct ssh *ssh = active_state; /* XXX */ 265 struct ssh *ssh = active_state; /* XXX */
245 Buffer m; 266 struct sshbuf *m;
246 struct passwd *pw; 267 struct passwd *pw;
247 u_int len, i; 268 size_t len;
269 u_int i;
248 ServerOptions *newopts; 270 ServerOptions *newopts;
271 int r;
272 u_char ok;
273 const u_char *p;
249 274
250 debug3("%s entering", __func__); 275 debug3("%s entering", __func__);
251 276
252 buffer_init(&m); 277 if ((m = sshbuf_new()) == NULL)
253 buffer_put_cstring(&m, username); 278 fatal("%s: sshbuf_new failed", __func__);
279 if ((r = sshbuf_put_cstring(m, username)) != 0)
280 fatal("%s: buffer error: %s", __func__, ssh_err(r));
254 281
255 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PWNAM, &m); 282 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PWNAM, m);
256 283
257 debug3("%s: waiting for MONITOR_ANS_PWNAM", __func__); 284 debug3("%s: waiting for MONITOR_ANS_PWNAM", __func__);
258 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PWNAM, &m); 285 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PWNAM, m);
259 286
260 if (buffer_get_char(&m) == 0) { 287 if ((r = sshbuf_get_u8(m, &ok)) != 0)
288 fatal("%s: buffer error: %s", __func__, ssh_err(r));
289 if (ok == 0) {
261 pw = NULL; 290 pw = NULL;
262 goto out; 291 goto out;
263 } 292 }
264 pw = buffer_get_string(&m, &len); 293
265 if (len != sizeof(struct passwd)) 294 /* XXX don't like passing struct passwd like this */
295 pw = xcalloc(sizeof(*pw), 1);
296 if ((r = sshbuf_get_string_direct(m, &p, &len)) != 0)
297 fatal("%s: buffer error: %s", __func__, ssh_err(r));
298 if (len != sizeof(*pw))
266 fatal("%s: struct passwd size mismatch", __func__); 299 fatal("%s: struct passwd size mismatch", __func__);
267 pw->pw_name = buffer_get_string(&m, NULL); 300 memcpy(pw, p, sizeof(*pw));
268 pw->pw_passwd = buffer_get_string(&m, NULL); 301
302 if ((r = sshbuf_get_cstring(m, &pw->pw_name, NULL)) != 0 ||
303 (r = sshbuf_get_cstring(m, &pw->pw_passwd, NULL)) != 0 ||
269#ifdef HAVE_STRUCT_PASSWD_PW_GECOS 304#ifdef HAVE_STRUCT_PASSWD_PW_GECOS
270 pw->pw_gecos = buffer_get_string(&m, NULL); 305 (r = sshbuf_get_cstring(m, &pw->pw_gecos, NULL)) != 0 ||
271#endif 306#endif
272#ifdef HAVE_STRUCT_PASSWD_PW_CLASS 307#ifdef HAVE_STRUCT_PASSWD_PW_CLASS
273 pw->pw_class = buffer_get_string(&m, NULL); 308 (r = sshbuf_get_cstring(m, &pw->pw_class, NULL)) != 0 ||
274#endif 309#endif
275 pw->pw_dir = buffer_get_string(&m, NULL); 310 (r = sshbuf_get_cstring(m, &pw->pw_dir, NULL)) != 0 ||
276 pw->pw_shell = buffer_get_string(&m, NULL); 311 (r = sshbuf_get_cstring(m, &pw->pw_shell, NULL)) != 0)
312 fatal("%s: buffer error: %s", __func__, ssh_err(r));
277 313
278out: 314out:
279 /* copy options block as a Match directive may have changed some */ 315 /* copy options block as a Match directive may have changed some */
280 newopts = buffer_get_string(&m, &len); 316 if ((r = sshbuf_get_string_direct(m, &p, &len)) != 0)
317 fatal("%s: buffer error: %s", __func__, ssh_err(r));
281 if (len != sizeof(*newopts)) 318 if (len != sizeof(*newopts))
282 fatal("%s: option block size mismatch", __func__); 319 fatal("%s: option block size mismatch", __func__);
320 newopts = xcalloc(sizeof(*newopts), 1);
321 memcpy(newopts, p, sizeof(*newopts));
283 322
284#define M_CP_STROPT(x) do { \ 323#define M_CP_STROPT(x) do { \
285 if (newopts->x != NULL) \ 324 if (newopts->x != NULL) { \
286 newopts->x = buffer_get_string(&m, NULL); \ 325 if ((r = sshbuf_get_cstring(m, \
326 &newopts->x, NULL)) != 0) \
327 fatal("%s: buffer error: %s", \
328 __func__, ssh_err(r)); \
329 } \
287 } while (0) 330 } while (0)
288#define M_CP_STRARRAYOPT(x, nx) do { \ 331#define M_CP_STRARRAYOPT(x, nx) do { \
289 newopts->x = newopts->nx == 0 ? \ 332 newopts->x = newopts->nx == 0 ? \
290 NULL : xcalloc(newopts->nx, sizeof(*newopts->x)); \ 333 NULL : xcalloc(newopts->nx, sizeof(*newopts->x)); \
291 for (i = 0; i < newopts->nx; i++) \ 334 for (i = 0; i < newopts->nx; i++) { \
292 newopts->x[i] = buffer_get_string(&m, NULL); \ 335 if ((r = sshbuf_get_cstring(m, \
336 &newopts->x[i], NULL)) != 0) \
337 fatal("%s: buffer error: %s", \
338 __func__, ssh_err(r)); \
339 } \
293 } while (0) 340 } while (0)
294 /* See comment in servconf.h */ 341 /* See comment in servconf.h */
295 COPY_MATCH_STRING_OPTS(); 342 COPY_MATCH_STRING_OPTS();
@@ -301,7 +348,7 @@ out:
301 process_permitopen(ssh, &options); 348 process_permitopen(ssh, &options);
302 free(newopts); 349 free(newopts);
303 350
304 buffer_free(&m); 351 sshbuf_free(m);
305 352
306 return (pw); 353 return (pw);
307} 354}
@@ -309,19 +356,22 @@ out:
309char * 356char *
310mm_auth2_read_banner(void) 357mm_auth2_read_banner(void)
311{ 358{
312 Buffer m; 359 struct sshbuf *m;
313 char *banner; 360 char *banner;
361 int r;
314 362
315 debug3("%s entering", __func__); 363 debug3("%s entering", __func__);
316 364
317 buffer_init(&m); 365 if ((m = sshbuf_new()) == NULL)
318 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTH2_READ_BANNER, &m); 366 fatal("%s: sshbuf_new failed", __func__);
319 buffer_clear(&m); 367 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTH2_READ_BANNER, m);
368 sshbuf_reset(m);
320 369
321 mm_request_receive_expect(pmonitor->m_recvfd, 370 mm_request_receive_expect(pmonitor->m_recvfd,
322 MONITOR_ANS_AUTH2_READ_BANNER, &m); 371 MONITOR_ANS_AUTH2_READ_BANNER, m);
323 banner = buffer_get_string(&m, NULL); 372 if ((r = sshbuf_get_cstring(m, &banner, NULL)) != 0)
324 buffer_free(&m); 373 fatal("%s: buffer error: %s", __func__, ssh_err(r));
374 sshbuf_free(m);
325 375
326 /* treat empty banner as missing banner */ 376 /* treat empty banner as missing banner */
327 if (strlen(banner) == 0) { 377 if (strlen(banner) == 0) {
@@ -336,41 +386,50 @@ mm_auth2_read_banner(void)
336void 386void
337mm_inform_authserv(char *service, char *style) 387mm_inform_authserv(char *service, char *style)
338{ 388{
339 Buffer m; 389 struct sshbuf *m;
390 int r;
340 391
341 debug3("%s entering", __func__); 392 debug3("%s entering", __func__);
342 393
343 buffer_init(&m); 394 if ((m = sshbuf_new()) == NULL)
344 buffer_put_cstring(&m, service); 395 fatal("%s: sshbuf_new failed", __func__);
345 buffer_put_cstring(&m, style ? style : ""); 396 if ((r = sshbuf_put_cstring(m, service)) != 0 ||
397 (r = sshbuf_put_cstring(m, style ? style : "")) != 0)
398 fatal("%s: buffer error: %s", __func__, ssh_err(r));
346 399
347 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHSERV, &m); 400 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHSERV, m);
348 401
349 buffer_free(&m); 402 sshbuf_free(m);
350} 403}
351 404
352/* Do the password authentication */ 405/* Do the password authentication */
353int 406int
354mm_auth_password(struct ssh *ssh, char *password) 407mm_auth_password(struct ssh *ssh, char *password)
355{ 408{
356 Buffer m; 409 struct sshbuf *m;
357 int authenticated = 0; 410 int r, maxtries = 0, authenticated = 0;
358 411
359 debug3("%s entering", __func__); 412 debug3("%s entering", __func__);
360 413
361 buffer_init(&m); 414 if ((m = sshbuf_new()) == NULL)
362 buffer_put_cstring(&m, password); 415 fatal("%s: sshbuf_new failed", __func__);
363 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHPASSWORD, &m); 416 if ((r = sshbuf_put_cstring(m, password)) != 0)
417 fatal("%s: buffer error: %s", __func__, ssh_err(r));
418 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHPASSWORD, m);
364 419
365 debug3("%s: waiting for MONITOR_ANS_AUTHPASSWORD", __func__); 420 debug3("%s: waiting for MONITOR_ANS_AUTHPASSWORD", __func__);
366 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUTHPASSWORD, &m); 421 mm_request_receive_expect(pmonitor->m_recvfd,
422 MONITOR_ANS_AUTHPASSWORD, m);
367 423
368 authenticated = buffer_get_int(&m); 424 if ((r = sshbuf_get_u32(m, &authenticated)) != 0)
425 fatal("%s: buffer error: %s", __func__, ssh_err(r));
369#ifdef USE_PAM 426#ifdef USE_PAM
370 sshpam_set_maxtries_reached(buffer_get_int(&m)); 427 if ((r = sshbuf_get_u32(m, &maxtries)) != 0)
428 fatal("%s: buffer error: %s", __func__, ssh_err(r));
429 sshpam_set_maxtries_reached(maxtries);
371#endif 430#endif
372 431
373 buffer_free(&m); 432 sshbuf_free(m);
374 433
375 debug3("%s: user %sauthenticated", 434 debug3("%s: user %sauthenticated",
376 __func__, authenticated ? "" : "not "); 435 __func__, authenticated ? "" : "not ");
@@ -396,9 +455,7 @@ int
396mm_key_allowed(enum mm_keytype type, const char *user, const char *host, 455mm_key_allowed(enum mm_keytype type, const char *user, const char *host,
397 struct sshkey *key, int pubkey_auth_attempt, struct sshauthopt **authoptp) 456 struct sshkey *key, int pubkey_auth_attempt, struct sshauthopt **authoptp)
398{ 457{
399 Buffer m; 458 struct sshbuf *m;
400 u_char *blob;
401 u_int len;
402 int r, allowed = 0; 459 int r, allowed = 0;
403 struct sshauthopt *opts = NULL; 460 struct sshauthopt *opts = NULL;
404 461
@@ -407,31 +464,29 @@ mm_key_allowed(enum mm_keytype type, const char *user, const char *host,
407 if (authoptp != NULL) 464 if (authoptp != NULL)
408 *authoptp = NULL; 465 *authoptp = NULL;
409 466
410 /* Convert the key to a blob and the pass it over */ 467 if ((m = sshbuf_new()) == NULL)
411 if (!key_to_blob(key, &blob, &len)) 468 fatal("%s: sshbuf_new failed", __func__);
412 return 0; 469 if ((r = sshbuf_put_u32(m, type)) != 0 ||
413 470 (r = sshbuf_put_cstring(m, user ? user : "")) != 0 ||
414 buffer_init(&m); 471 (r = sshbuf_put_cstring(m, host ? host : "")) != 0 ||
415 buffer_put_int(&m, type); 472 (r = sshkey_puts(key, m)) != 0 ||
416 buffer_put_cstring(&m, user ? user : ""); 473 (r = sshbuf_put_u32(m, pubkey_auth_attempt)) != 0)
417 buffer_put_cstring(&m, host ? host : ""); 474 fatal("%s: buffer error: %s", __func__, ssh_err(r));
418 buffer_put_string(&m, blob, len);
419 buffer_put_int(&m, pubkey_auth_attempt);
420 free(blob);
421 475
422 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYALLOWED, &m); 476 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYALLOWED, m);
423 477
424 debug3("%s: waiting for MONITOR_ANS_KEYALLOWED", __func__); 478 debug3("%s: waiting for MONITOR_ANS_KEYALLOWED", __func__);
425 mm_request_receive_expect(pmonitor->m_recvfd, 479 mm_request_receive_expect(pmonitor->m_recvfd,
426 MONITOR_ANS_KEYALLOWED, &m); 480 MONITOR_ANS_KEYALLOWED, m);
427 481
428 allowed = buffer_get_int(&m); 482 if ((r = sshbuf_get_u32(m, &allowed)) != 0)
483 fatal("%s: buffer error: %s", __func__, ssh_err(r));
429 if (allowed && type == MM_USERKEY) { 484 if (allowed && type == MM_USERKEY) {
430 if ((r = sshauthopt_deserialise(&m, &opts)) != 0) 485 if ((r = sshauthopt_deserialise(m, &opts)) != 0)
431 fatal("%s: sshauthopt_deserialise: %s", 486 fatal("%s: sshauthopt_deserialise: %s",
432 __func__, ssh_err(r)); 487 __func__, ssh_err(r));
433 } 488 }
434 buffer_free(&m); 489 sshbuf_free(m);
435 490
436 if (authoptp != NULL) { 491 if (authoptp != NULL) {
437 *authoptp = opts; 492 *authoptp = opts;
@@ -452,32 +507,31 @@ int
452mm_sshkey_verify(const struct sshkey *key, const u_char *sig, size_t siglen, 507mm_sshkey_verify(const struct sshkey *key, const u_char *sig, size_t siglen,
453 const u_char *data, size_t datalen, const char *sigalg, u_int compat) 508 const u_char *data, size_t datalen, const char *sigalg, u_int compat)
454{ 509{
455 Buffer m; 510 struct sshbuf *m;
456 u_char *blob;
457 u_int len;
458 u_int encoded_ret = 0; 511 u_int encoded_ret = 0;
512 int r;
459 513
460 debug3("%s entering", __func__); 514 debug3("%s entering", __func__);
461 515
462 /* Convert the key to a blob and the pass it over */
463 if (!key_to_blob(key, &blob, &len))
464 return (0);
465 516
466 buffer_init(&m); 517 if ((m = sshbuf_new()) == NULL)
467 buffer_put_string(&m, blob, len); 518 fatal("%s: sshbuf_new failed", __func__);
468 buffer_put_string(&m, sig, siglen); 519 if ((r = sshkey_puts(key, m)) != 0 ||
469 buffer_put_string(&m, data, datalen); 520 (r = sshbuf_put_string(m, sig, siglen)) != 0 ||
470 buffer_put_cstring(&m, sigalg == NULL ? "" : sigalg); 521 (r = sshbuf_put_string(m, data, datalen)) != 0 ||
471 free(blob); 522 (r = sshbuf_put_cstring(m, sigalg == NULL ? "" : sigalg)) != 0)
523 fatal("%s: buffer error: %s", __func__, ssh_err(r));
472 524
473 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYVERIFY, &m); 525 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYVERIFY, m);
474 526
475 debug3("%s: waiting for MONITOR_ANS_KEYVERIFY", __func__); 527 debug3("%s: waiting for MONITOR_ANS_KEYVERIFY", __func__);
476 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_KEYVERIFY, &m); 528 mm_request_receive_expect(pmonitor->m_recvfd,
529 MONITOR_ANS_KEYVERIFY, m);
477 530
478 encoded_ret = buffer_get_int(&m); 531 if ((r = sshbuf_get_u32(m, &encoded_ret)) != 0)
532 fatal("%s: buffer error: %s", __func__, ssh_err(r));
479 533
480 buffer_free(&m); 534 sshbuf_free(m);
481 535
482 if (encoded_ret != 0) 536 if (encoded_ret != 0)
483 return SSH_ERR_SIGNATURE_INVALID; 537 return SSH_ERR_SIGNATURE_INVALID;
@@ -504,7 +558,7 @@ mm_send_keystate(struct monitor *monitor)
504int 558int
505mm_pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, size_t namebuflen) 559mm_pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, size_t namebuflen)
506{ 560{
507 Buffer m; 561 struct sshbuf *m;
508 char *p, *msg; 562 char *p, *msg;
509 int success = 0, tmp1 = -1, tmp2 = -1, r; 563 int success = 0, tmp1 = -1, tmp2 = -1, r;
510 564
@@ -521,21 +575,24 @@ mm_pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, size_t namebuflen)
521 close(tmp1); 575 close(tmp1);
522 close(tmp2); 576 close(tmp2);
523 577
524 buffer_init(&m); 578 if ((m = sshbuf_new()) == NULL)
525 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PTY, &m); 579 fatal("%s: sshbuf_new failed", __func__);
580 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PTY, m);
526 581
527 debug3("%s: waiting for MONITOR_ANS_PTY", __func__); 582 debug3("%s: waiting for MONITOR_ANS_PTY", __func__);
528 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PTY, &m); 583 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PTY, m);
529 584
530 success = buffer_get_int(&m); 585 if ((r = sshbuf_get_u32(m, &success)) != 0)
586 fatal("%s: buffer error: %s", __func__, ssh_err(r));
531 if (success == 0) { 587 if (success == 0) {
532 debug3("%s: pty alloc failed", __func__); 588 debug3("%s: pty alloc failed", __func__);
533 buffer_free(&m); 589 sshbuf_free(m);
534 return (0); 590 return (0);
535 } 591 }
536 p = buffer_get_string(&m, NULL); 592 if ((r = sshbuf_get_cstring(m, &p, NULL)) != 0 ||
537 msg = buffer_get_string(&m, NULL); 593 (r = sshbuf_get_cstring(m, &msg, NULL)) != 0)
538 buffer_free(&m); 594 fatal("%s: buffer error: %s", __func__, ssh_err(r));
595 sshbuf_free(m);
539 596
540 strlcpy(namebuf, p, namebuflen); /* Possible truncation */ 597 strlcpy(namebuf, p, namebuflen); /* Possible truncation */
541 free(p); 598 free(p);
@@ -555,14 +612,17 @@ mm_pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, size_t namebuflen)
555void 612void
556mm_session_pty_cleanup2(Session *s) 613mm_session_pty_cleanup2(Session *s)
557{ 614{
558 Buffer m; 615 struct sshbuf *m;
616 int r;
559 617
560 if (s->ttyfd == -1) 618 if (s->ttyfd == -1)
561 return; 619 return;
562 buffer_init(&m); 620 if ((m = sshbuf_new()) == NULL)
563 buffer_put_cstring(&m, s->tty); 621 fatal("%s: sshbuf_new failed", __func__);
564 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PTYCLEANUP, &m); 622 if ((r = sshbuf_put_cstring(m, s->tty)) != 0)
565 buffer_free(&m); 623 fatal("%s: buffer error: %s", __func__, ssh_err(r));
624 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PTYCLEANUP, m);
625 sshbuf_free(m);
566 626
567 /* closed dup'ed master */ 627 /* closed dup'ed master */
568 if (s->ptymaster != -1 && close(s->ptymaster) < 0) 628 if (s->ptymaster != -1 && close(s->ptymaster) < 0)
@@ -710,11 +770,12 @@ mm_sshpam_free_ctx(void *ctxtp)
710void 770void
711mm_terminate(void) 771mm_terminate(void)
712{ 772{
713 Buffer m; 773 struct sshbuf *m;
714 774
715 buffer_init(&m); 775 if ((m = sshbuf_new()) == NULL)
716 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_TERM, &m); 776 fatal("%s: sshbuf_new failed", __func__);
717 buffer_free(&m); 777 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_TERM, m);
778 sshbuf_free(m);
718} 779}
719 780
720static void 781static void
@@ -733,27 +794,31 @@ int
733mm_bsdauth_query(void *ctx, char **name, char **infotxt, 794mm_bsdauth_query(void *ctx, char **name, char **infotxt,
734 u_int *numprompts, char ***prompts, u_int **echo_on) 795 u_int *numprompts, char ***prompts, u_int **echo_on)
735{ 796{
736 Buffer m; 797 struct sshbuf *m;
737 u_int success; 798 u_int success;
738 char *challenge; 799 char *challenge;
800 int r;
739 801
740 debug3("%s: entering", __func__); 802 debug3("%s: entering", __func__);
741 803
742 buffer_init(&m); 804 if ((m = sshbuf_new()) == NULL)
743 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_BSDAUTHQUERY, &m); 805 fatal("%s: sshbuf_new failed", __func__);
806 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_BSDAUTHQUERY, m);
744 807
745 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_BSDAUTHQUERY, 808 mm_request_receive_expect(pmonitor->m_recvfd,
746 &m); 809 MONITOR_ANS_BSDAUTHQUERY, m);
747 success = buffer_get_int(&m); 810 if ((r = sshbuf_get_u32(m, &success)) != 0)
811 fatal("%s: buffer error: %s", __func__, ssh_err(r));
748 if (success == 0) { 812 if (success == 0) {
749 debug3("%s: no challenge", __func__); 813 debug3("%s: no challenge", __func__);
750 buffer_free(&m); 814 sshbuf_free(m);
751 return (-1); 815 return (-1);
752 } 816 }
753 817
754 /* Get the challenge, and format the response */ 818 /* Get the challenge, and format the response */
755 challenge = buffer_get_string(&m, NULL); 819 if ((r = sshbuf_get_cstring(m, &challenge, NULL)) != 0)
756 buffer_free(&m); 820 fatal("%s: buffer error: %s", __func__, ssh_err(r));
821 sshbuf_free(m);
757 822
758 mm_chall_setup(name, infotxt, numprompts, prompts, echo_on); 823 mm_chall_setup(name, infotxt, numprompts, prompts, echo_on);
759 (*prompts)[0] = challenge; 824 (*prompts)[0] = challenge;
@@ -766,22 +831,25 @@ mm_bsdauth_query(void *ctx, char **name, char **infotxt,
766int 831int
767mm_bsdauth_respond(void *ctx, u_int numresponses, char **responses) 832mm_bsdauth_respond(void *ctx, u_int numresponses, char **responses)
768{ 833{
769 Buffer m; 834 struct sshbuf *m;
770 int authok; 835 int r, authok;
771 836
772 debug3("%s: entering", __func__); 837 debug3("%s: entering", __func__);
773 if (numresponses != 1) 838 if (numresponses != 1)
774 return (-1); 839 return (-1);
775 840
776 buffer_init(&m); 841 if ((m = sshbuf_new()) == NULL)
777 buffer_put_cstring(&m, responses[0]); 842 fatal("%s: sshbuf_new failed", __func__);
778 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_BSDAUTHRESPOND, &m); 843 if ((r = sshbuf_put_cstring(m, responses[0])) != 0)
844 fatal("%s: buffer error: %s", __func__, ssh_err(r));
845 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_BSDAUTHRESPOND, m);
779 846
780 mm_request_receive_expect(pmonitor->m_recvfd, 847 mm_request_receive_expect(pmonitor->m_recvfd,
781 MONITOR_ANS_BSDAUTHRESPOND, &m); 848 MONITOR_ANS_BSDAUTHRESPOND, m);
782 849
783 authok = buffer_get_int(&m); 850 if ((r = sshbuf_get_u32(m, &authok)) != 0)
784 buffer_free(&m); 851 fatal("%s: buffer error: %s", __func__, ssh_err(r));
852 sshbuf_free(m);
785 853
786 return ((authok == 0) ? -1 : 0); 854 return ((authok == 0) ? -1 : 0);
787} 855}
@@ -881,45 +949,55 @@ mm_audit_run_command(const char *command)
881OM_uint32 949OM_uint32
882mm_ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID goid) 950mm_ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID goid)
883{ 951{
884 Buffer m; 952 struct sshbuf *m;
885 OM_uint32 major; 953 OM_uint32 major;
954 int r;
886 955
887 /* Client doesn't get to see the context */ 956 /* Client doesn't get to see the context */
888 *ctx = NULL; 957 *ctx = NULL;
889 958
890 buffer_init(&m); 959 if ((m = sshbuf_new()) == NULL)
891 buffer_put_string(&m, goid->elements, goid->length); 960 fatal("%s: sshbuf_new failed", __func__);
961 if ((r = sshbuf_put_string(m, goid->elements, goid->length)) != 0)
962 fatal("%s: buffer error: %s", __func__, ssh_err(r));
892 963
893 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSETUP, &m); 964 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSETUP, m);
894 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSETUP, &m); 965 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSETUP, m);
895 966
896 major = buffer_get_int(&m); 967 if ((r = sshbuf_get_u32(m, &major)) != 0)
968 fatal("%s: buffer error: %s", __func__, ssh_err(r));
897 969
898 buffer_free(&m); 970 sshbuf_free(m);
899 return (major); 971 return (major);
900} 972}
901 973
902OM_uint32 974OM_uint32
903mm_ssh_gssapi_accept_ctx(Gssctxt *ctx, gss_buffer_desc *in, 975mm_ssh_gssapi_accept_ctx(Gssctxt *ctx, gss_buffer_desc *in,
904 gss_buffer_desc *out, OM_uint32 *flags) 976 gss_buffer_desc *out, OM_uint32 *flagsp)
905{ 977{
906 Buffer m; 978 struct sshbuf *m;
907 OM_uint32 major; 979 OM_uint32 major;
908 u_int len; 980 u_int flags;
981 int r;
909 982
910 buffer_init(&m); 983 if ((m = sshbuf_new()) == NULL)
911 buffer_put_string(&m, in->value, in->length); 984 fatal("%s: sshbuf_new failed", __func__);
985 if ((r = sshbuf_put_string(m, in->value, in->length)) != 0)
986 fatal("%s: buffer error: %s", __func__, ssh_err(r));
912 987
913 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSTEP, &m); 988 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSTEP, m);
914 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSTEP, &m); 989 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSTEP, m);
915 990
916 major = buffer_get_int(&m); 991 if ((r = sshbuf_get_u32(m, &major)) != 0 ||
917 out->value = buffer_get_string(&m, &len); 992 (r = sshbuf_get_string(m, &out->value, &out->length)) != 0)
918 out->length = len; 993 fatal("%s: buffer error: %s", __func__, ssh_err(r));
919 if (flags) 994 if (flagsp != NULL) {
920 *flags = buffer_get_int(&m); 995 if ((r = sshbuf_get_u32(m, &flags)) != 0)
996 fatal("%s: buffer error: %s", __func__, ssh_err(r));
997 *flagsp = flags;
998 }
921 999
922 buffer_free(&m); 1000 sshbuf_free(m);
923 1001
924 return (major); 1002 return (major);
925} 1003}
@@ -927,39 +1005,44 @@ mm_ssh_gssapi_accept_ctx(Gssctxt *ctx, gss_buffer_desc *in,
927OM_uint32 1005OM_uint32
928mm_ssh_gssapi_checkmic(Gssctxt *ctx, gss_buffer_t gssbuf, gss_buffer_t gssmic) 1006mm_ssh_gssapi_checkmic(Gssctxt *ctx, gss_buffer_t gssbuf, gss_buffer_t gssmic)
929{ 1007{
930 Buffer m; 1008 struct sshbuf *m;
931 OM_uint32 major; 1009 OM_uint32 major;
1010 int r;
932 1011
933 buffer_init(&m); 1012 if ((m = sshbuf_new()) == NULL)
934 buffer_put_string(&m, gssbuf->value, gssbuf->length); 1013 fatal("%s: sshbuf_new failed", __func__);
935 buffer_put_string(&m, gssmic->value, gssmic->length); 1014 if ((r = sshbuf_put_string(m, gssbuf->value, gssbuf->length)) != 0 ||
1015 (r = sshbuf_put_string(m, gssmic->value, gssmic->length)) != 0)
1016 fatal("%s: buffer error: %s", __func__, ssh_err(r));
936 1017
937 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSCHECKMIC, &m); 1018 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSCHECKMIC, m);
938 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSCHECKMIC, 1019 mm_request_receive_expect(pmonitor->m_recvfd,
939 &m); 1020 MONITOR_ANS_GSSCHECKMIC, m);
940 1021
941 major = buffer_get_int(&m); 1022 if ((r = sshbuf_get_u32(m, &major)) != 0)
942 buffer_free(&m); 1023 fatal("%s: buffer error: %s", __func__, ssh_err(r));
1024 sshbuf_free(m);
943 return(major); 1025 return(major);
944} 1026}
945 1027
946int 1028int
947mm_ssh_gssapi_userok(char *user) 1029mm_ssh_gssapi_userok(char *user)
948{ 1030{
949 Buffer m; 1031 struct sshbuf *m;
950 int authenticated = 0; 1032 int r, authenticated = 0;
951 1033
952 buffer_init(&m); 1034 if ((m = sshbuf_new()) == NULL)
1035 fatal("%s: sshbuf_new failed", __func__);
953 1036
954 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSUSEROK, &m); 1037 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSUSEROK, m);
955 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSUSEROK, 1038 mm_request_receive_expect(pmonitor->m_recvfd,
956 &m); 1039 MONITOR_ANS_GSSUSEROK, m);
957 1040
958 authenticated = buffer_get_int(&m); 1041 if ((r = sshbuf_get_u32(m, &authenticated)) != 0)
1042 fatal("%s: buffer error: %s", __func__, ssh_err(r));
959 1043
960 buffer_free(&m); 1044 sshbuf_free(m);
961 debug3("%s: user %sauthenticated",__func__, authenticated ? "" : "not "); 1045 debug3("%s: user %sauthenticated",__func__, authenticated ? "" : "not ");
962 return (authenticated); 1046 return (authenticated);
963} 1047}
964#endif /* GSSAPI */ 1048#endif /* GSSAPI */
965
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-03 11:05:08 +0000