summaryrefslogtreecommitdiff
path: root/monitor_wrap.c
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2017-10-04 11:23:58 +0100
committerColin Watson <cjwatson@debian.org>2017-10-05 23:58:12 +0100
commit0556ea972b15607b7e13ff31bc05840881c91dd3 (patch)
treed6b8d48062d0278b5ae0eeff42d0e9afa9f26860 /monitor_wrap.c
parentdb2122d97eb1ecdd8d99b7bf79b0dd2b5addfd92 (diff)
parent801a62eedaaf47b20dbf4b426dc3e084bf0c8d49 (diff)
New upstream release (7.6p1)
Diffstat (limited to 'monitor_wrap.c')
-rw-r--r--monitor_wrap.c31
1 files changed, 22 insertions, 9 deletions
diff --git a/monitor_wrap.c b/monitor_wrap.c
index 2ff8064a0..d806bb2e7 100644
--- a/monitor_wrap.c
+++ b/monitor_wrap.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: monitor_wrap.c,v 1.89 2016/08/13 17:47:41 markus Exp $ */ 1/* $OpenBSD: monitor_wrap.c,v 1.94 2017/10/02 19:33:20 djm Exp $ */
2/* 2/*
3 * Copyright 2002 Niels Provos <provos@citi.umich.edu> 3 * Copyright 2002 Niels Provos <provos@citi.umich.edu>
4 * Copyright 2002 Markus Friedl <markus@openbsd.org> 4 * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -216,7 +216,7 @@ mm_choose_dh(int min, int nbits, int max)
216#endif 216#endif
217 217
218int 218int
219mm_key_sign(Key *key, u_char **sigp, u_int *lenp, 219mm_key_sign(struct sshkey *key, u_char **sigp, u_int *lenp,
220 const u_char *data, u_int datalen, const char *hostkey_alg) 220 const u_char *data, u_int datalen, const char *hostkey_alg)
221{ 221{
222 struct kex *kex = *pmonitor->m_pkex; 222 struct kex *kex = *pmonitor->m_pkex;
@@ -242,6 +242,7 @@ mm_key_sign(Key *key, u_char **sigp, u_int *lenp,
242struct passwd * 242struct passwd *
243mm_getpwnamallow(const char *username) 243mm_getpwnamallow(const char *username)
244{ 244{
245 struct ssh *ssh = active_state; /* XXX */
245 Buffer m; 246 Buffer m;
246 struct passwd *pw; 247 struct passwd *pw;
247 u_int len, i; 248 u_int len, i;
@@ -289,12 +290,20 @@ out:
289 for (i = 0; i < newopts->nx; i++) \ 290 for (i = 0; i < newopts->nx; i++) \
290 newopts->x[i] = buffer_get_string(&m, NULL); \ 291 newopts->x[i] = buffer_get_string(&m, NULL); \
291 } while (0) 292 } while (0)
293#define M_CP_STRARRAYOPT_ALLOC(x, nx) do { \
294 newopts->x = newopts->nx == 0 ? \
295 NULL : xcalloc(newopts->nx, sizeof(*newopts->x)); \
296 M_CP_STRARRAYOPT(x, nx); \
297 } while (0)
292 /* See comment in servconf.h */ 298 /* See comment in servconf.h */
293 COPY_MATCH_STRING_OPTS(); 299 COPY_MATCH_STRING_OPTS();
294#undef M_CP_STROPT 300#undef M_CP_STROPT
295#undef M_CP_STRARRAYOPT 301#undef M_CP_STRARRAYOPT
302#undef M_CP_STRARRAYOPT_ALLOC
296 303
297 copy_set_server_options(&options, newopts, 1); 304 copy_set_server_options(&options, newopts, 1);
305 log_change_level(options.log_level);
306 process_permitopen(ssh, &options);
298 free(newopts); 307 free(newopts);
299 308
300 buffer_free(&m); 309 buffer_free(&m);
@@ -392,7 +401,8 @@ mm_auth_password(Authctxt *authctxt, char *password)
392} 401}
393 402
394int 403int
395mm_user_key_allowed(struct passwd *pw, Key *key, int pubkey_auth_attempt) 404mm_user_key_allowed(struct passwd *pw, struct sshkey *key,
405 int pubkey_auth_attempt)
396{ 406{
397 return (mm_key_allowed(MM_USERKEY, NULL, NULL, key, 407 return (mm_key_allowed(MM_USERKEY, NULL, NULL, key,
398 pubkey_auth_attempt)); 408 pubkey_auth_attempt));
@@ -400,14 +410,14 @@ mm_user_key_allowed(struct passwd *pw, Key *key, int pubkey_auth_attempt)
400 410
401int 411int
402mm_hostbased_key_allowed(struct passwd *pw, const char *user, const char *host, 412mm_hostbased_key_allowed(struct passwd *pw, const char *user, const char *host,
403 Key *key) 413 struct sshkey *key)
404{ 414{
405 return (mm_key_allowed(MM_HOSTKEY, user, host, key, 0)); 415 return (mm_key_allowed(MM_HOSTKEY, user, host, key, 0));
406} 416}
407 417
408int 418int
409mm_key_allowed(enum mm_keytype type, const char *user, const char *host, 419mm_key_allowed(enum mm_keytype type, const char *user, const char *host,
410 Key *key, int pubkey_auth_attempt) 420 struct sshkey *key, int pubkey_auth_attempt)
411{ 421{
412 Buffer m; 422 Buffer m;
413 u_char *blob; 423 u_char *blob;
@@ -452,12 +462,13 @@ mm_key_allowed(enum mm_keytype type, const char *user, const char *host,
452 */ 462 */
453 463
454int 464int
455mm_key_verify(Key *key, u_char *sig, u_int siglen, u_char *data, u_int datalen) 465mm_sshkey_verify(const struct sshkey *key, const u_char *sig, size_t siglen,
466 const u_char *data, size_t datalen, u_int compat)
456{ 467{
457 Buffer m; 468 Buffer m;
458 u_char *blob; 469 u_char *blob;
459 u_int len; 470 u_int len;
460 int verified = 0; 471 u_int encoded_ret = 0;
461 472
462 debug3("%s entering", __func__); 473 debug3("%s entering", __func__);
463 474
@@ -476,11 +487,13 @@ mm_key_verify(Key *key, u_char *sig, u_int siglen, u_char *data, u_int datalen)
476 debug3("%s: waiting for MONITOR_ANS_KEYVERIFY", __func__); 487 debug3("%s: waiting for MONITOR_ANS_KEYVERIFY", __func__);
477 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_KEYVERIFY, &m); 488 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_KEYVERIFY, &m);
478 489
479 verified = buffer_get_int(&m); 490 encoded_ret = buffer_get_int(&m);
480 491
481 buffer_free(&m); 492 buffer_free(&m);
482 493
483 return (verified); 494 if (encoded_ret != 0)
495 return SSH_ERR_SIGNATURE_INVALID;
496 return 0;
484} 497}
485 498
486void 499void