summaryrefslogtreecommitdiff
path: root/monitor_wrap.c
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2018-07-10 19:39:52 +1000
committerDamien Miller <djm@mindrot.org>2018-07-10 19:39:52 +1000
commit120a1ec74e8d9d29f4eb9a27972ddd22351ddef9 (patch)
tree52308557de781f1d8ffb083369e0c209bc305c02 /monitor_wrap.c
parent0f3958c1e6ffb8ea4ba27e2a97a00326fce23246 (diff)
Adapt portable to legacy buffer API removal
Diffstat (limited to 'monitor_wrap.c')
-rw-r--r--monitor_wrap.c192
1 files changed, 113 insertions, 79 deletions
diff --git a/monitor_wrap.c b/monitor_wrap.c
index 682e39dec..e970da2e3 100644
--- a/monitor_wrap.c
+++ b/monitor_wrap.c
@@ -407,7 +407,10 @@ int
407mm_auth_password(struct ssh *ssh, char *password) 407mm_auth_password(struct ssh *ssh, char *password)
408{ 408{
409 struct sshbuf *m; 409 struct sshbuf *m;
410 int r, maxtries = 0, authenticated = 0; 410 int r, authenticated = 0;
411#ifdef USE_PAM
412 u_int maxtries = 0;
413#endif
411 414
412 debug3("%s entering", __func__); 415 debug3("%s entering", __func__);
413 416
@@ -426,6 +429,8 @@ mm_auth_password(struct ssh *ssh, char *password)
426#ifdef USE_PAM 429#ifdef USE_PAM
427 if ((r = sshbuf_get_u32(m, &maxtries)) != 0) 430 if ((r = sshbuf_get_u32(m, &maxtries)) != 0)
428 fatal("%s: buffer error: %s", __func__, ssh_err(r)); 431 fatal("%s: buffer error: %s", __func__, ssh_err(r));
432 if (maxtries > INT_MAX)
433 fatal("%s: bad maxtries %u", __func__, maxtries);
429 sshpam_set_maxtries_reached(maxtries); 434 sshpam_set_maxtries_reached(maxtries);
430#endif 435#endif
431 436
@@ -637,40 +642,44 @@ mm_session_pty_cleanup2(Session *s)
637void 642void
638mm_start_pam(Authctxt *authctxt) 643mm_start_pam(Authctxt *authctxt)
639{ 644{
640 Buffer m; 645 struct sshbuf *m;
641 646
642 debug3("%s entering", __func__); 647 debug3("%s entering", __func__);
643 if (!options.use_pam) 648 if (!options.use_pam)
644 fatal("UsePAM=no, but ended up in %s anyway", __func__); 649 fatal("UsePAM=no, but ended up in %s anyway", __func__);
650 if ((m = sshbuf_new()) == NULL)
651 fatal("%s: sshbuf_new failed", __func__);
652 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_START, m);
645 653
646 buffer_init(&m); 654 sshbuf_free(m);
647 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_START, &m);
648
649 buffer_free(&m);
650} 655}
651 656
652u_int 657u_int
653mm_do_pam_account(void) 658mm_do_pam_account(void)
654{ 659{
655 Buffer m; 660 struct sshbuf *m;
656 u_int ret; 661 u_int ret;
657 char *msg; 662 char *msg;
663 size_t msglen;
664 int r;
658 665
659 debug3("%s entering", __func__); 666 debug3("%s entering", __func__);
660 if (!options.use_pam) 667 if (!options.use_pam)
661 fatal("UsePAM=no, but ended up in %s anyway", __func__); 668 fatal("UsePAM=no, but ended up in %s anyway", __func__);
662 669
663 buffer_init(&m); 670 if ((m = sshbuf_new()) == NULL)
664 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_ACCOUNT, &m); 671 fatal("%s: sshbuf_new failed", __func__);
672 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_ACCOUNT, m);
665 673
666 mm_request_receive_expect(pmonitor->m_recvfd, 674 mm_request_receive_expect(pmonitor->m_recvfd,
667 MONITOR_ANS_PAM_ACCOUNT, &m); 675 MONITOR_ANS_PAM_ACCOUNT, m);
668 ret = buffer_get_int(&m); 676 if ((r = sshbuf_get_u32(m, &ret)) != 0 ||
669 msg = buffer_get_string(&m, NULL); 677 (r = sshbuf_get_cstring(m, &msg, &msglen)) != 0 ||
670 buffer_append(&loginmsg, msg, strlen(msg)); 678 (r = sshbuf_put(loginmsg, msg, msglen)) != 0)
671 free(msg); 679 fatal("%s: buffer error: %s", __func__, ssh_err(r));
672 680
673 buffer_free(&m); 681 free(msg);
682 sshbuf_free(m);
674 683
675 debug3("%s returning %d", __func__, ret); 684 debug3("%s returning %d", __func__, ret);
676 685
@@ -680,21 +689,24 @@ mm_do_pam_account(void)
680void * 689void *
681mm_sshpam_init_ctx(Authctxt *authctxt) 690mm_sshpam_init_ctx(Authctxt *authctxt)
682{ 691{
683 Buffer m; 692 struct sshbuf *m;
684 int success; 693 int r, success;
685 694
686 debug3("%s", __func__); 695 debug3("%s", __func__);
687 buffer_init(&m); 696 if ((m = sshbuf_new()) == NULL)
688 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_INIT_CTX, &m); 697 fatal("%s: sshbuf_new failed", __func__);
698 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_INIT_CTX, m);
689 debug3("%s: waiting for MONITOR_ANS_PAM_INIT_CTX", __func__); 699 debug3("%s: waiting for MONITOR_ANS_PAM_INIT_CTX", __func__);
690 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_INIT_CTX, &m); 700 mm_request_receive_expect(pmonitor->m_recvfd,
691 success = buffer_get_int(&m); 701 MONITOR_ANS_PAM_INIT_CTX, m);
702 if ((r = sshbuf_get_u32(m, &success)) != 0)
703 fatal("%s: buffer error: %s", __func__, ssh_err(r));
692 if (success == 0) { 704 if (success == 0) {
693 debug3("%s: pam_init_ctx failed", __func__); 705 debug3("%s: pam_init_ctx failed", __func__);
694 buffer_free(&m); 706 sshbuf_free(m);
695 return (NULL); 707 return (NULL);
696 } 708 }
697 buffer_free(&m); 709 sshbuf_free(m);
698 return (authctxt); 710 return (authctxt);
699} 711}
700 712
@@ -702,66 +714,79 @@ int
702mm_sshpam_query(void *ctx, char **name, char **info, 714mm_sshpam_query(void *ctx, char **name, char **info,
703 u_int *num, char ***prompts, u_int **echo_on) 715 u_int *num, char ***prompts, u_int **echo_on)
704{ 716{
705 Buffer m; 717 struct sshbuf *m;
706 u_int i; 718 u_int i, n;
707 int ret; 719 int r, ret;
708 720
709 debug3("%s", __func__); 721 debug3("%s", __func__);
710 buffer_init(&m); 722 if ((m = sshbuf_new()) == NULL)
711 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_QUERY, &m); 723 fatal("%s: sshbuf_new failed", __func__);
724 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_QUERY, m);
712 debug3("%s: waiting for MONITOR_ANS_PAM_QUERY", __func__); 725 debug3("%s: waiting for MONITOR_ANS_PAM_QUERY", __func__);
713 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_QUERY, &m); 726 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_QUERY, m);
714 ret = buffer_get_int(&m); 727 if ((r = sshbuf_get_u32(m, &ret)) != 0 ||
728 (r = sshbuf_get_cstring(m, name, NULL)) != 0 ||
729 (r = sshbuf_get_cstring(m, info, NULL)) != 0 ||
730 (r = sshbuf_get_u32(m, &n)) != 0 ||
731 (r = sshbuf_get_u32(m, num)) != 0)
732 fatal("%s: buffer error: %s", __func__, ssh_err(r));
715 debug3("%s: pam_query returned %d", __func__, ret); 733 debug3("%s: pam_query returned %d", __func__, ret);
716 *name = buffer_get_string(&m, NULL); 734 sshpam_set_maxtries_reached(n);
717 *info = buffer_get_string(&m, NULL);
718 sshpam_set_maxtries_reached(buffer_get_int(&m));
719 *num = buffer_get_int(&m);
720 if (*num > PAM_MAX_NUM_MSG) 735 if (*num > PAM_MAX_NUM_MSG)
721 fatal("%s: received %u PAM messages, expected <= %u", 736 fatal("%s: received %u PAM messages, expected <= %u",
722 __func__, *num, PAM_MAX_NUM_MSG); 737 __func__, *num, PAM_MAX_NUM_MSG);
723 *prompts = xcalloc((*num + 1), sizeof(char *)); 738 *prompts = xcalloc((*num + 1), sizeof(char *));
724 *echo_on = xcalloc((*num + 1), sizeof(u_int)); 739 *echo_on = xcalloc((*num + 1), sizeof(u_int));
725 for (i = 0; i < *num; ++i) { 740 for (i = 0; i < *num; ++i) {
726 (*prompts)[i] = buffer_get_string(&m, NULL); 741 if ((r = sshbuf_get_cstring(m, &((*prompts)[i]), NULL)) != 0 ||
727 (*echo_on)[i] = buffer_get_int(&m); 742 (r = sshbuf_get_u32(m, &((*echo_on)[i]))) != 0)
743 fatal("%s: buffer error: %s", __func__, ssh_err(r));
728 } 744 }
729 buffer_free(&m); 745 sshbuf_free(m);
730 return (ret); 746 return (ret);
731} 747}
732 748
733int 749int
734mm_sshpam_respond(void *ctx, u_int num, char **resp) 750mm_sshpam_respond(void *ctx, u_int num, char **resp)
735{ 751{
736 Buffer m; 752 struct sshbuf *m;
737 u_int i; 753 u_int n, i;
738 int ret; 754 int r, ret;
739 755
740 debug3("%s", __func__); 756 debug3("%s", __func__);
741 buffer_init(&m); 757 if ((m = sshbuf_new()) == NULL)
742 buffer_put_int(&m, num); 758 fatal("%s: sshbuf_new failed", __func__);
743 for (i = 0; i < num; ++i) 759 if ((r = sshbuf_put_u32(m, num)) != 0)
744 buffer_put_cstring(&m, resp[i]); 760 fatal("%s: buffer error: %s", __func__, ssh_err(r));
745 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_RESPOND, &m); 761 for (i = 0; i < num; ++i) {
762 if ((r = sshbuf_put_cstring(m, resp[i])) != 0)
763 fatal("%s: buffer error: %s", __func__, ssh_err(r));
764 }
765 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_RESPOND, m);
746 debug3("%s: waiting for MONITOR_ANS_PAM_RESPOND", __func__); 766 debug3("%s: waiting for MONITOR_ANS_PAM_RESPOND", __func__);
747 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_RESPOND, &m); 767 mm_request_receive_expect(pmonitor->m_recvfd,
748 ret = buffer_get_int(&m); 768 MONITOR_ANS_PAM_RESPOND, m);
769 if ((r = sshbuf_get_u32(m, &n)) != 0)
770 fatal("%s: buffer error: %s", __func__, ssh_err(r));
771 ret = (int)n; /* XXX */
749 debug3("%s: pam_respond returned %d", __func__, ret); 772 debug3("%s: pam_respond returned %d", __func__, ret);
750 buffer_free(&m); 773 sshbuf_free(m);
751 return (ret); 774 return (ret);
752} 775}
753 776
754void 777void
755mm_sshpam_free_ctx(void *ctxtp) 778mm_sshpam_free_ctx(void *ctxtp)
756{ 779{
757 Buffer m; 780 struct sshbuf *m;
758 781
759 debug3("%s", __func__); 782 debug3("%s", __func__);
760 buffer_init(&m); 783 if ((m = sshbuf_new()) == NULL)
761 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_FREE_CTX, &m); 784 fatal("%s: sshbuf_new failed", __func__);
785 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_FREE_CTX, m);
762 debug3("%s: waiting for MONITOR_ANS_PAM_FREE_CTX", __func__); 786 debug3("%s: waiting for MONITOR_ANS_PAM_FREE_CTX", __func__);
763 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_FREE_CTX, &m); 787 mm_request_receive_expect(pmonitor->m_recvfd,
764 buffer_free(&m); 788 MONITOR_ANS_PAM_FREE_CTX, m);
789 sshbuf_free(m);
765} 790}
766#endif /* USE_PAM */ 791#endif /* USE_PAM */
767 792
@@ -859,27 +884,29 @@ int
859mm_skey_query(void *ctx, char **name, char **infotxt, 884mm_skey_query(void *ctx, char **name, char **infotxt,
860 u_int *numprompts, char ***prompts, u_int **echo_on) 885 u_int *numprompts, char ***prompts, u_int **echo_on)
861{ 886{
862 Buffer m; 887 struct sshbuf *m;
863 u_int success; 888 u_int success;
864 char *challenge; 889 char *challenge;
865 890
866 debug3("%s: entering", __func__); 891 debug3("%s: entering", __func__);
867 892
868 buffer_init(&m); 893 if ((m = sshbuf_new()) == NULL)
869 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SKEYQUERY, &m); 894 fatal("%s: buffer error: %s", __func__, ssh_err(r));
895 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SKEYQUERY, m);
870 896
871 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_SKEYQUERY, 897 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_SKEYQUERY, m);
872 &m); 898 if ((r = sshbuf_get_u32(m, &success)) != 0)
873 success = buffer_get_int(&m); 899 fatal("%s: buffer error: %s", __func__, ssh_err(r));
874 if (success == 0) { 900 if (success == 0) {
875 debug3("%s: no challenge", __func__); 901 debug3("%s: no challenge", __func__);
876 buffer_free(&m); 902 sshbuf_free(m);
877 return (-1); 903 return (-1);
878 } 904 }
879 905
880 /* Get the challenge, and format the response */ 906 /* Get the challenge, and format the response */
881 challenge = buffer_get_string(&m, NULL); 907 if ((r = sshbuf_get_cstring(m, &challenge)) != 0)
882 buffer_free(&m); 908 fatal("%s: buffer error: %s", __func__, ssh_err(r));
909 sshbuf_free(m);
883 910
884 debug3("%s: received challenge: %s", __func__, challenge); 911 debug3("%s: received challenge: %s", __func__, challenge);
885 912
@@ -894,22 +921,25 @@ mm_skey_query(void *ctx, char **name, char **infotxt,
894int 921int
895mm_skey_respond(void *ctx, u_int numresponses, char **responses) 922mm_skey_respond(void *ctx, u_int numresponses, char **responses)
896{ 923{
897 Buffer m; 924 struct sshbuf *m;
898 int authok; 925 int authok;
899 926
900 debug3("%s: entering", __func__); 927 debug3("%s: entering", __func__);
901 if (numresponses != 1) 928 if (numresponses != 1)
902 return (-1); 929 return (-1);
903 930
904 buffer_init(&m); 931 if ((m = sshbuf_new()) == NULL)
905 buffer_put_cstring(&m, responses[0]); 932 fatal("%s: buffer error: %s", __func__, ssh_err(r));
906 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SKEYRESPOND, &m); 933 if ((r = sshbuf_put_cstring(m, responses[0])) != 0)
934 fatal("%s: buffer error: %s", __func__, ssh_err(r));
935 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SKEYRESPOND, m);
907 936
908 mm_request_receive_expect(pmonitor->m_recvfd, 937 mm_request_receive_expect(pmonitor->m_recvfd,
909 MONITOR_ANS_SKEYRESPOND, &m); 938 MONITOR_ANS_SKEYRESPOND, m);
910 939
911 authok = buffer_get_int(&m); 940 if ((r = sshbuf_get_u32(m, &authok)) != 0)
912 buffer_free(&m); 941 fatal("%s: buffer error: %s", __func__, ssh_err(r));
942 sshbuf_free(m);
913 943
914 return ((authok == 0) ? -1 : 0); 944 return ((authok == 0) ? -1 : 0);
915} 945}
@@ -919,29 +949,33 @@ mm_skey_respond(void *ctx, u_int numresponses, char **responses)
919void 949void
920mm_audit_event(ssh_audit_event_t event) 950mm_audit_event(ssh_audit_event_t event)
921{ 951{
922 Buffer m; 952 struct sshbuf *m;
923 953
924 debug3("%s entering", __func__); 954 debug3("%s entering", __func__);
925 955
926 buffer_init(&m); 956 if ((m = sshbuf_new()) == NULL)
927 buffer_put_int(&m, event); 957 fatal("%s: buffer error: %s", __func__, ssh_err(r));
958 if ((r = sshbuf_put_u32(m, event)) != 0)
959 fatal("%s: buffer error: %s", __func__, ssh_err(r));
928 960
929 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_EVENT, &m); 961 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_EVENT, m);
930 buffer_free(&m); 962 sshbuf_free(m);
931} 963}
932 964
933void 965void
934mm_audit_run_command(const char *command) 966mm_audit_run_command(const char *command)
935{ 967{
936 Buffer m; 968 struct sshbuf *m;
937 969
938 debug3("%s entering command %s", __func__, command); 970 debug3("%s entering command %s", __func__, command);
939 971
940 buffer_init(&m); 972 if ((m = sshbuf_new()) == NULL)
941 buffer_put_cstring(&m, command); 973 fatal("%s: buffer error: %s", __func__, ssh_err(r));
974 if ((r = sshbuf_put_cstring(m, command)) != 0)
975 fatal("%s: buffer error: %s", __func__, ssh_err(r));
942 976
943 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_COMMAND, &m); 977 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_COMMAND, m);
944 buffer_free(&m); 978 sshbuf_free(m);
945} 979}
946#endif /* SSH_AUDIT_EVENTS */ 980#endif /* SSH_AUDIT_EVENTS */
947 981