diff options
author | Damien Miller <djm@mindrot.org> | 2018-07-10 19:39:52 +1000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2018-07-10 19:39:52 +1000 |
commit | 120a1ec74e8d9d29f4eb9a27972ddd22351ddef9 (patch) | |
tree | 52308557de781f1d8ffb083369e0c209bc305c02 /monitor_wrap.c | |
parent | 0f3958c1e6ffb8ea4ba27e2a97a00326fce23246 (diff) |
Adapt portable to legacy buffer API removal
Diffstat (limited to 'monitor_wrap.c')
-rw-r--r-- | monitor_wrap.c | 192 |
1 files changed, 113 insertions, 79 deletions
diff --git a/monitor_wrap.c b/monitor_wrap.c index 682e39dec..e970da2e3 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c | |||
@@ -407,7 +407,10 @@ int | |||
407 | mm_auth_password(struct ssh *ssh, char *password) | 407 | mm_auth_password(struct ssh *ssh, char *password) |
408 | { | 408 | { |
409 | struct sshbuf *m; | 409 | struct sshbuf *m; |
410 | int r, maxtries = 0, authenticated = 0; | 410 | int r, authenticated = 0; |
411 | #ifdef USE_PAM | ||
412 | u_int maxtries = 0; | ||
413 | #endif | ||
411 | 414 | ||
412 | debug3("%s entering", __func__); | 415 | debug3("%s entering", __func__); |
413 | 416 | ||
@@ -426,6 +429,8 @@ mm_auth_password(struct ssh *ssh, char *password) | |||
426 | #ifdef USE_PAM | 429 | #ifdef USE_PAM |
427 | if ((r = sshbuf_get_u32(m, &maxtries)) != 0) | 430 | if ((r = sshbuf_get_u32(m, &maxtries)) != 0) |
428 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | 431 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
432 | if (maxtries > INT_MAX) | ||
433 | fatal("%s: bad maxtries %u", __func__, maxtries); | ||
429 | sshpam_set_maxtries_reached(maxtries); | 434 | sshpam_set_maxtries_reached(maxtries); |
430 | #endif | 435 | #endif |
431 | 436 | ||
@@ -637,40 +642,44 @@ mm_session_pty_cleanup2(Session *s) | |||
637 | void | 642 | void |
638 | mm_start_pam(Authctxt *authctxt) | 643 | mm_start_pam(Authctxt *authctxt) |
639 | { | 644 | { |
640 | Buffer m; | 645 | struct sshbuf *m; |
641 | 646 | ||
642 | debug3("%s entering", __func__); | 647 | debug3("%s entering", __func__); |
643 | if (!options.use_pam) | 648 | if (!options.use_pam) |
644 | fatal("UsePAM=no, but ended up in %s anyway", __func__); | 649 | fatal("UsePAM=no, but ended up in %s anyway", __func__); |
650 | if ((m = sshbuf_new()) == NULL) | ||
651 | fatal("%s: sshbuf_new failed", __func__); | ||
652 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_START, m); | ||
645 | 653 | ||
646 | buffer_init(&m); | 654 | sshbuf_free(m); |
647 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_START, &m); | ||
648 | |||
649 | buffer_free(&m); | ||
650 | } | 655 | } |
651 | 656 | ||
652 | u_int | 657 | u_int |
653 | mm_do_pam_account(void) | 658 | mm_do_pam_account(void) |
654 | { | 659 | { |
655 | Buffer m; | 660 | struct sshbuf *m; |
656 | u_int ret; | 661 | u_int ret; |
657 | char *msg; | 662 | char *msg; |
663 | size_t msglen; | ||
664 | int r; | ||
658 | 665 | ||
659 | debug3("%s entering", __func__); | 666 | debug3("%s entering", __func__); |
660 | if (!options.use_pam) | 667 | if (!options.use_pam) |
661 | fatal("UsePAM=no, but ended up in %s anyway", __func__); | 668 | fatal("UsePAM=no, but ended up in %s anyway", __func__); |
662 | 669 | ||
663 | buffer_init(&m); | 670 | if ((m = sshbuf_new()) == NULL) |
664 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_ACCOUNT, &m); | 671 | fatal("%s: sshbuf_new failed", __func__); |
672 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_ACCOUNT, m); | ||
665 | 673 | ||
666 | mm_request_receive_expect(pmonitor->m_recvfd, | 674 | mm_request_receive_expect(pmonitor->m_recvfd, |
667 | MONITOR_ANS_PAM_ACCOUNT, &m); | 675 | MONITOR_ANS_PAM_ACCOUNT, m); |
668 | ret = buffer_get_int(&m); | 676 | if ((r = sshbuf_get_u32(m, &ret)) != 0 || |
669 | msg = buffer_get_string(&m, NULL); | 677 | (r = sshbuf_get_cstring(m, &msg, &msglen)) != 0 || |
670 | buffer_append(&loginmsg, msg, strlen(msg)); | 678 | (r = sshbuf_put(loginmsg, msg, msglen)) != 0) |
671 | free(msg); | 679 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
672 | 680 | ||
673 | buffer_free(&m); | 681 | free(msg); |
682 | sshbuf_free(m); | ||
674 | 683 | ||
675 | debug3("%s returning %d", __func__, ret); | 684 | debug3("%s returning %d", __func__, ret); |
676 | 685 | ||
@@ -680,21 +689,24 @@ mm_do_pam_account(void) | |||
680 | void * | 689 | void * |
681 | mm_sshpam_init_ctx(Authctxt *authctxt) | 690 | mm_sshpam_init_ctx(Authctxt *authctxt) |
682 | { | 691 | { |
683 | Buffer m; | 692 | struct sshbuf *m; |
684 | int success; | 693 | int r, success; |
685 | 694 | ||
686 | debug3("%s", __func__); | 695 | debug3("%s", __func__); |
687 | buffer_init(&m); | 696 | if ((m = sshbuf_new()) == NULL) |
688 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_INIT_CTX, &m); | 697 | fatal("%s: sshbuf_new failed", __func__); |
698 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_INIT_CTX, m); | ||
689 | debug3("%s: waiting for MONITOR_ANS_PAM_INIT_CTX", __func__); | 699 | debug3("%s: waiting for MONITOR_ANS_PAM_INIT_CTX", __func__); |
690 | mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_INIT_CTX, &m); | 700 | mm_request_receive_expect(pmonitor->m_recvfd, |
691 | success = buffer_get_int(&m); | 701 | MONITOR_ANS_PAM_INIT_CTX, m); |
702 | if ((r = sshbuf_get_u32(m, &success)) != 0) | ||
703 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | ||
692 | if (success == 0) { | 704 | if (success == 0) { |
693 | debug3("%s: pam_init_ctx failed", __func__); | 705 | debug3("%s: pam_init_ctx failed", __func__); |
694 | buffer_free(&m); | 706 | sshbuf_free(m); |
695 | return (NULL); | 707 | return (NULL); |
696 | } | 708 | } |
697 | buffer_free(&m); | 709 | sshbuf_free(m); |
698 | return (authctxt); | 710 | return (authctxt); |
699 | } | 711 | } |
700 | 712 | ||
@@ -702,66 +714,79 @@ int | |||
702 | mm_sshpam_query(void *ctx, char **name, char **info, | 714 | mm_sshpam_query(void *ctx, char **name, char **info, |
703 | u_int *num, char ***prompts, u_int **echo_on) | 715 | u_int *num, char ***prompts, u_int **echo_on) |
704 | { | 716 | { |
705 | Buffer m; | 717 | struct sshbuf *m; |
706 | u_int i; | 718 | u_int i, n; |
707 | int ret; | 719 | int r, ret; |
708 | 720 | ||
709 | debug3("%s", __func__); | 721 | debug3("%s", __func__); |
710 | buffer_init(&m); | 722 | if ((m = sshbuf_new()) == NULL) |
711 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_QUERY, &m); | 723 | fatal("%s: sshbuf_new failed", __func__); |
724 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_QUERY, m); | ||
712 | debug3("%s: waiting for MONITOR_ANS_PAM_QUERY", __func__); | 725 | debug3("%s: waiting for MONITOR_ANS_PAM_QUERY", __func__); |
713 | mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_QUERY, &m); | 726 | mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_QUERY, m); |
714 | ret = buffer_get_int(&m); | 727 | if ((r = sshbuf_get_u32(m, &ret)) != 0 || |
728 | (r = sshbuf_get_cstring(m, name, NULL)) != 0 || | ||
729 | (r = sshbuf_get_cstring(m, info, NULL)) != 0 || | ||
730 | (r = sshbuf_get_u32(m, &n)) != 0 || | ||
731 | (r = sshbuf_get_u32(m, num)) != 0) | ||
732 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | ||
715 | debug3("%s: pam_query returned %d", __func__, ret); | 733 | debug3("%s: pam_query returned %d", __func__, ret); |
716 | *name = buffer_get_string(&m, NULL); | 734 | sshpam_set_maxtries_reached(n); |
717 | *info = buffer_get_string(&m, NULL); | ||
718 | sshpam_set_maxtries_reached(buffer_get_int(&m)); | ||
719 | *num = buffer_get_int(&m); | ||
720 | if (*num > PAM_MAX_NUM_MSG) | 735 | if (*num > PAM_MAX_NUM_MSG) |
721 | fatal("%s: received %u PAM messages, expected <= %u", | 736 | fatal("%s: received %u PAM messages, expected <= %u", |
722 | __func__, *num, PAM_MAX_NUM_MSG); | 737 | __func__, *num, PAM_MAX_NUM_MSG); |
723 | *prompts = xcalloc((*num + 1), sizeof(char *)); | 738 | *prompts = xcalloc((*num + 1), sizeof(char *)); |
724 | *echo_on = xcalloc((*num + 1), sizeof(u_int)); | 739 | *echo_on = xcalloc((*num + 1), sizeof(u_int)); |
725 | for (i = 0; i < *num; ++i) { | 740 | for (i = 0; i < *num; ++i) { |
726 | (*prompts)[i] = buffer_get_string(&m, NULL); | 741 | if ((r = sshbuf_get_cstring(m, &((*prompts)[i]), NULL)) != 0 || |
727 | (*echo_on)[i] = buffer_get_int(&m); | 742 | (r = sshbuf_get_u32(m, &((*echo_on)[i]))) != 0) |
743 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | ||
728 | } | 744 | } |
729 | buffer_free(&m); | 745 | sshbuf_free(m); |
730 | return (ret); | 746 | return (ret); |
731 | } | 747 | } |
732 | 748 | ||
733 | int | 749 | int |
734 | mm_sshpam_respond(void *ctx, u_int num, char **resp) | 750 | mm_sshpam_respond(void *ctx, u_int num, char **resp) |
735 | { | 751 | { |
736 | Buffer m; | 752 | struct sshbuf *m; |
737 | u_int i; | 753 | u_int n, i; |
738 | int ret; | 754 | int r, ret; |
739 | 755 | ||
740 | debug3("%s", __func__); | 756 | debug3("%s", __func__); |
741 | buffer_init(&m); | 757 | if ((m = sshbuf_new()) == NULL) |
742 | buffer_put_int(&m, num); | 758 | fatal("%s: sshbuf_new failed", __func__); |
743 | for (i = 0; i < num; ++i) | 759 | if ((r = sshbuf_put_u32(m, num)) != 0) |
744 | buffer_put_cstring(&m, resp[i]); | 760 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
745 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_RESPOND, &m); | 761 | for (i = 0; i < num; ++i) { |
762 | if ((r = sshbuf_put_cstring(m, resp[i])) != 0) | ||
763 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | ||
764 | } | ||
765 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_RESPOND, m); | ||
746 | debug3("%s: waiting for MONITOR_ANS_PAM_RESPOND", __func__); | 766 | debug3("%s: waiting for MONITOR_ANS_PAM_RESPOND", __func__); |
747 | mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_RESPOND, &m); | 767 | mm_request_receive_expect(pmonitor->m_recvfd, |
748 | ret = buffer_get_int(&m); | 768 | MONITOR_ANS_PAM_RESPOND, m); |
769 | if ((r = sshbuf_get_u32(m, &n)) != 0) | ||
770 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | ||
771 | ret = (int)n; /* XXX */ | ||
749 | debug3("%s: pam_respond returned %d", __func__, ret); | 772 | debug3("%s: pam_respond returned %d", __func__, ret); |
750 | buffer_free(&m); | 773 | sshbuf_free(m); |
751 | return (ret); | 774 | return (ret); |
752 | } | 775 | } |
753 | 776 | ||
754 | void | 777 | void |
755 | mm_sshpam_free_ctx(void *ctxtp) | 778 | mm_sshpam_free_ctx(void *ctxtp) |
756 | { | 779 | { |
757 | Buffer m; | 780 | struct sshbuf *m; |
758 | 781 | ||
759 | debug3("%s", __func__); | 782 | debug3("%s", __func__); |
760 | buffer_init(&m); | 783 | if ((m = sshbuf_new()) == NULL) |
761 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_FREE_CTX, &m); | 784 | fatal("%s: sshbuf_new failed", __func__); |
785 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_FREE_CTX, m); | ||
762 | debug3("%s: waiting for MONITOR_ANS_PAM_FREE_CTX", __func__); | 786 | debug3("%s: waiting for MONITOR_ANS_PAM_FREE_CTX", __func__); |
763 | mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_FREE_CTX, &m); | 787 | mm_request_receive_expect(pmonitor->m_recvfd, |
764 | buffer_free(&m); | 788 | MONITOR_ANS_PAM_FREE_CTX, m); |
789 | sshbuf_free(m); | ||
765 | } | 790 | } |
766 | #endif /* USE_PAM */ | 791 | #endif /* USE_PAM */ |
767 | 792 | ||
@@ -859,27 +884,29 @@ int | |||
859 | mm_skey_query(void *ctx, char **name, char **infotxt, | 884 | mm_skey_query(void *ctx, char **name, char **infotxt, |
860 | u_int *numprompts, char ***prompts, u_int **echo_on) | 885 | u_int *numprompts, char ***prompts, u_int **echo_on) |
861 | { | 886 | { |
862 | Buffer m; | 887 | struct sshbuf *m; |
863 | u_int success; | 888 | u_int success; |
864 | char *challenge; | 889 | char *challenge; |
865 | 890 | ||
866 | debug3("%s: entering", __func__); | 891 | debug3("%s: entering", __func__); |
867 | 892 | ||
868 | buffer_init(&m); | 893 | if ((m = sshbuf_new()) == NULL) |
869 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SKEYQUERY, &m); | 894 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
895 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SKEYQUERY, m); | ||
870 | 896 | ||
871 | mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_SKEYQUERY, | 897 | mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_SKEYQUERY, m); |
872 | &m); | 898 | if ((r = sshbuf_get_u32(m, &success)) != 0) |
873 | success = buffer_get_int(&m); | 899 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
874 | if (success == 0) { | 900 | if (success == 0) { |
875 | debug3("%s: no challenge", __func__); | 901 | debug3("%s: no challenge", __func__); |
876 | buffer_free(&m); | 902 | sshbuf_free(m); |
877 | return (-1); | 903 | return (-1); |
878 | } | 904 | } |
879 | 905 | ||
880 | /* Get the challenge, and format the response */ | 906 | /* Get the challenge, and format the response */ |
881 | challenge = buffer_get_string(&m, NULL); | 907 | if ((r = sshbuf_get_cstring(m, &challenge)) != 0) |
882 | buffer_free(&m); | 908 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
909 | sshbuf_free(m); | ||
883 | 910 | ||
884 | debug3("%s: received challenge: %s", __func__, challenge); | 911 | debug3("%s: received challenge: %s", __func__, challenge); |
885 | 912 | ||
@@ -894,22 +921,25 @@ mm_skey_query(void *ctx, char **name, char **infotxt, | |||
894 | int | 921 | int |
895 | mm_skey_respond(void *ctx, u_int numresponses, char **responses) | 922 | mm_skey_respond(void *ctx, u_int numresponses, char **responses) |
896 | { | 923 | { |
897 | Buffer m; | 924 | struct sshbuf *m; |
898 | int authok; | 925 | int authok; |
899 | 926 | ||
900 | debug3("%s: entering", __func__); | 927 | debug3("%s: entering", __func__); |
901 | if (numresponses != 1) | 928 | if (numresponses != 1) |
902 | return (-1); | 929 | return (-1); |
903 | 930 | ||
904 | buffer_init(&m); | 931 | if ((m = sshbuf_new()) == NULL) |
905 | buffer_put_cstring(&m, responses[0]); | 932 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
906 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SKEYRESPOND, &m); | 933 | if ((r = sshbuf_put_cstring(m, responses[0])) != 0) |
934 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | ||
935 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SKEYRESPOND, m); | ||
907 | 936 | ||
908 | mm_request_receive_expect(pmonitor->m_recvfd, | 937 | mm_request_receive_expect(pmonitor->m_recvfd, |
909 | MONITOR_ANS_SKEYRESPOND, &m); | 938 | MONITOR_ANS_SKEYRESPOND, m); |
910 | 939 | ||
911 | authok = buffer_get_int(&m); | 940 | if ((r = sshbuf_get_u32(m, &authok)) != 0) |
912 | buffer_free(&m); | 941 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
942 | sshbuf_free(m); | ||
913 | 943 | ||
914 | return ((authok == 0) ? -1 : 0); | 944 | return ((authok == 0) ? -1 : 0); |
915 | } | 945 | } |
@@ -919,29 +949,33 @@ mm_skey_respond(void *ctx, u_int numresponses, char **responses) | |||
919 | void | 949 | void |
920 | mm_audit_event(ssh_audit_event_t event) | 950 | mm_audit_event(ssh_audit_event_t event) |
921 | { | 951 | { |
922 | Buffer m; | 952 | struct sshbuf *m; |
923 | 953 | ||
924 | debug3("%s entering", __func__); | 954 | debug3("%s entering", __func__); |
925 | 955 | ||
926 | buffer_init(&m); | 956 | if ((m = sshbuf_new()) == NULL) |
927 | buffer_put_int(&m, event); | 957 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
958 | if ((r = sshbuf_put_u32(m, event)) != 0) | ||
959 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | ||
928 | 960 | ||
929 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_EVENT, &m); | 961 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_EVENT, m); |
930 | buffer_free(&m); | 962 | sshbuf_free(m); |
931 | } | 963 | } |
932 | 964 | ||
933 | void | 965 | void |
934 | mm_audit_run_command(const char *command) | 966 | mm_audit_run_command(const char *command) |
935 | { | 967 | { |
936 | Buffer m; | 968 | struct sshbuf *m; |
937 | 969 | ||
938 | debug3("%s entering command %s", __func__, command); | 970 | debug3("%s entering command %s", __func__, command); |
939 | 971 | ||
940 | buffer_init(&m); | 972 | if ((m = sshbuf_new()) == NULL) |
941 | buffer_put_cstring(&m, command); | 973 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
974 | if ((r = sshbuf_put_cstring(m, command)) != 0) | ||
975 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | ||
942 | 976 | ||
943 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_COMMAND, &m); | 977 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_COMMAND, m); |
944 | buffer_free(&m); | 978 | sshbuf_free(m); |
945 | } | 979 | } |
946 | #endif /* SSH_AUDIT_EVENTS */ | 980 | #endif /* SSH_AUDIT_EVENTS */ |
947 | 981 | ||