diff options
author | djm@openbsd.org <djm@openbsd.org> | 2019-01-19 21:40:21 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2019-01-20 09:45:17 +1100 |
commit | 64c9598ac05332d1327cbf55334dee4172d216c4 (patch) | |
tree | 2a7981733723b71383cf329029dc8b0cf55908ce /sshconnect2.c | |
parent | bc5e1169d101d16e3a5962a928db2bc49a8ef5a3 (diff) |
upstream: convert the remainder of sshconnect2.c to new packet
API
with & ok markus@
OpenBSD-Commit-ID: 0986d324f2ceb5e8a12ac21c1bb10b3b4b1e0f71
Diffstat (limited to 'sshconnect2.c')
-rw-r--r-- | sshconnect2.c | 95 |
1 files changed, 46 insertions, 49 deletions
diff --git a/sshconnect2.c b/sshconnect2.c index bd98a12a7..f521f4a55 100644 --- a/sshconnect2.c +++ b/sshconnect2.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshconnect2.c,v 1.294 2019/01/19 21:34:45 djm Exp $ */ | 1 | /* $OpenBSD: sshconnect2.c,v 1.295 2019/01/19 21:40:21 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * Copyright (c) 2008 Damien Miller. All rights reserved. | 4 | * Copyright (c) 2008 Damien Miller. All rights reserved. |
@@ -77,9 +77,6 @@ | |||
77 | #include "ssh-gss.h" | 77 | #include "ssh-gss.h" |
78 | #endif | 78 | #endif |
79 | 79 | ||
80 | #include "opacket.h" /* XXX */ | ||
81 | extern struct ssh *active_state; /* XXX */ | ||
82 | |||
83 | /* import */ | 80 | /* import */ |
84 | extern char *client_version_string; | 81 | extern char *client_version_string; |
85 | extern char *server_version_string; | 82 | extern char *server_version_string; |
@@ -285,8 +282,8 @@ struct cauthctxt { | |||
285 | 282 | ||
286 | struct cauthmethod { | 283 | struct cauthmethod { |
287 | char *name; /* string to compare against server's list */ | 284 | char *name; /* string to compare against server's list */ |
288 | int (*userauth)(Authctxt *authctxt); | 285 | int (*userauth)(struct ssh *ssh); |
289 | void (*cleanup)(Authctxt *authctxt); | 286 | void (*cleanup)(struct ssh *ssh); |
290 | int *enabled; /* flag in option struct that enables method */ | 287 | int *enabled; /* flag in option struct that enables method */ |
291 | int *batch_flag; /* flag in option struct that disables method */ | 288 | int *batch_flag; /* flag in option struct that disables method */ |
292 | }; | 289 | }; |
@@ -302,14 +299,14 @@ int input_userauth_info_req(int, u_int32_t, struct ssh *); | |||
302 | int input_userauth_pk_ok(int, u_int32_t, struct ssh *); | 299 | int input_userauth_pk_ok(int, u_int32_t, struct ssh *); |
303 | int input_userauth_passwd_changereq(int, u_int32_t, struct ssh *); | 300 | int input_userauth_passwd_changereq(int, u_int32_t, struct ssh *); |
304 | 301 | ||
305 | int userauth_none(Authctxt *); | 302 | int userauth_none(struct ssh *); |
306 | int userauth_pubkey(Authctxt *); | 303 | int userauth_pubkey(struct ssh *); |
307 | int userauth_passwd(Authctxt *); | 304 | int userauth_passwd(struct ssh *); |
308 | int userauth_kbdint(Authctxt *); | 305 | int userauth_kbdint(struct ssh *); |
309 | int userauth_hostbased(Authctxt *); | 306 | int userauth_hostbased(struct ssh *); |
310 | 307 | ||
311 | #ifdef GSSAPI | 308 | #ifdef GSSAPI |
312 | int userauth_gssapi(Authctxt *authctxt); | 309 | int userauth_gssapi(struct ssh *); |
313 | int input_gssapi_response(int type, u_int32_t, struct ssh *); | 310 | int input_gssapi_response(int type, u_int32_t, struct ssh *); |
314 | int input_gssapi_token(int type, u_int32_t, struct ssh *); | 311 | int input_gssapi_token(int type, u_int32_t, struct ssh *); |
315 | int input_gssapi_hash(int type, u_int32_t, struct ssh *); | 312 | int input_gssapi_hash(int type, u_int32_t, struct ssh *); |
@@ -317,9 +314,9 @@ int input_gssapi_error(int, u_int32_t, struct ssh *); | |||
317 | int input_gssapi_errtok(int, u_int32_t, struct ssh *); | 314 | int input_gssapi_errtok(int, u_int32_t, struct ssh *); |
318 | #endif | 315 | #endif |
319 | 316 | ||
320 | void userauth(Authctxt *, char *); | 317 | void userauth(struct ssh *, char *); |
321 | 318 | ||
322 | static int sign_and_send_pubkey(struct ssh *ssh, Authctxt *, Identity *); | 319 | static int sign_and_send_pubkey(struct ssh *ssh, Identity *); |
323 | static void pubkey_prepare(Authctxt *); | 320 | static void pubkey_prepare(Authctxt *); |
324 | static void pubkey_cleanup(Authctxt *); | 321 | static void pubkey_cleanup(Authctxt *); |
325 | static void pubkey_reset(Authctxt *); | 322 | static void pubkey_reset(Authctxt *); |
@@ -423,7 +420,6 @@ ssh_userauth2(struct ssh *ssh, const char *local_user, | |||
423 | int | 420 | int |
424 | input_userauth_service_accept(int type, u_int32_t seq, struct ssh *ssh) | 421 | input_userauth_service_accept(int type, u_int32_t seq, struct ssh *ssh) |
425 | { | 422 | { |
426 | Authctxt *authctxt = ssh->authctxt; | ||
427 | int r; | 423 | int r; |
428 | 424 | ||
429 | if (ssh_packet_remaining(ssh) > 0) { | 425 | if (ssh_packet_remaining(ssh) > 0) { |
@@ -441,7 +437,7 @@ input_userauth_service_accept(int type, u_int32_t seq, struct ssh *ssh) | |||
441 | debug("SSH2_MSG_SERVICE_ACCEPT received"); | 437 | debug("SSH2_MSG_SERVICE_ACCEPT received"); |
442 | 438 | ||
443 | /* initial userauth request */ | 439 | /* initial userauth request */ |
444 | userauth_none(authctxt); | 440 | userauth_none(ssh); |
445 | 441 | ||
446 | ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, &input_userauth_error); | 442 | ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, &input_userauth_error); |
447 | ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_SUCCESS, &input_userauth_success); | 443 | ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_SUCCESS, &input_userauth_success); |
@@ -460,12 +456,12 @@ input_userauth_ext_info(int type, u_int32_t seqnr, struct ssh *ssh) | |||
460 | } | 456 | } |
461 | 457 | ||
462 | void | 458 | void |
463 | userauth(Authctxt *authctxt, char *authlist) | 459 | userauth(struct ssh *ssh, char *authlist) |
464 | { | 460 | { |
465 | struct ssh *ssh = active_state; /* XXX */ | 461 | Authctxt *authctxt = (Authctxt *)ssh->authctxt; |
466 | 462 | ||
467 | if (authctxt->method != NULL && authctxt->method->cleanup != NULL) | 463 | if (authctxt->method != NULL && authctxt->method->cleanup != NULL) |
468 | authctxt->method->cleanup(authctxt); | 464 | authctxt->method->cleanup(ssh); |
469 | 465 | ||
470 | free(authctxt->methoddata); | 466 | free(authctxt->methoddata); |
471 | authctxt->methoddata = NULL; | 467 | authctxt->methoddata = NULL; |
@@ -487,7 +483,7 @@ userauth(Authctxt *authctxt, char *authlist) | |||
487 | SSH2_MSG_USERAUTH_PER_METHOD_MAX, NULL); | 483 | SSH2_MSG_USERAUTH_PER_METHOD_MAX, NULL); |
488 | 484 | ||
489 | /* and try new method */ | 485 | /* and try new method */ |
490 | if (method->userauth(authctxt) != 0) { | 486 | if (method->userauth(ssh) != 0) { |
491 | debug2("we sent a %s packet, wait for reply", method->name); | 487 | debug2("we sent a %s packet, wait for reply", method->name); |
492 | break; | 488 | break; |
493 | } else { | 489 | } else { |
@@ -501,8 +497,7 @@ userauth(Authctxt *authctxt, char *authlist) | |||
501 | int | 497 | int |
502 | input_userauth_error(int type, u_int32_t seq, struct ssh *ssh) | 498 | input_userauth_error(int type, u_int32_t seq, struct ssh *ssh) |
503 | { | 499 | { |
504 | fatal("input_userauth_error: bad message during authentication: " | 500 | fatal("%s: bad message during authentication: type %d", __func__, type); |
505 | "type %d", type); | ||
506 | return 0; | 501 | return 0; |
507 | } | 502 | } |
508 | 503 | ||
@@ -510,20 +505,19 @@ input_userauth_error(int type, u_int32_t seq, struct ssh *ssh) | |||
510 | int | 505 | int |
511 | input_userauth_banner(int type, u_int32_t seq, struct ssh *ssh) | 506 | input_userauth_banner(int type, u_int32_t seq, struct ssh *ssh) |
512 | { | 507 | { |
513 | char *msg = NULL, *lang = NULL; | 508 | char *msg = NULL; |
514 | size_t len; | 509 | size_t len; |
515 | int r; | 510 | int r; |
516 | 511 | ||
517 | debug3("%s", __func__); | 512 | debug3("%s", __func__); |
518 | if ((r = sshpkt_get_cstring(ssh, &msg, &len)) != 0 || | 513 | if ((r = sshpkt_get_cstring(ssh, &msg, &len)) != 0 || |
519 | (r = sshpkt_get_cstring(ssh, &lang, NULL)) != 0) | 514 | (r = sshpkt_get_cstring(ssh, NULL, NULL)) != 0) |
520 | goto out; | 515 | goto out; |
521 | if (len > 0 && options.log_level >= SYSLOG_LEVEL_INFO) | 516 | if (len > 0 && options.log_level >= SYSLOG_LEVEL_INFO) |
522 | fmprintf(stderr, "%s", msg); | 517 | fmprintf(stderr, "%s", msg); |
523 | r = 0; | 518 | r = 0; |
524 | out: | 519 | out: |
525 | free(msg); | 520 | free(msg); |
526 | free(lang); | ||
527 | return r; | 521 | return r; |
528 | } | 522 | } |
529 | 523 | ||
@@ -534,11 +528,11 @@ input_userauth_success(int type, u_int32_t seq, struct ssh *ssh) | |||
534 | Authctxt *authctxt = ssh->authctxt; | 528 | Authctxt *authctxt = ssh->authctxt; |
535 | 529 | ||
536 | if (authctxt == NULL) | 530 | if (authctxt == NULL) |
537 | fatal("input_userauth_success: no authentication context"); | 531 | fatal("%s: no authentication context", __func__); |
538 | free(authctxt->authlist); | 532 | free(authctxt->authlist); |
539 | authctxt->authlist = NULL; | 533 | authctxt->authlist = NULL; |
540 | if (authctxt->method != NULL && authctxt->method->cleanup != NULL) | 534 | if (authctxt->method != NULL && authctxt->method->cleanup != NULL) |
541 | authctxt->method->cleanup(authctxt); | 535 | authctxt->method->cleanup(ssh); |
542 | free(authctxt->methoddata); | 536 | free(authctxt->methoddata); |
543 | authctxt->methoddata = NULL; | 537 | authctxt->methoddata = NULL; |
544 | authctxt->success = 1; /* break out */ | 538 | authctxt->success = 1; /* break out */ |
@@ -582,7 +576,7 @@ input_userauth_failure(int type, u_int32_t seq, struct ssh *ssh) | |||
582 | } | 576 | } |
583 | debug("Authentications that can continue: %s", authlist); | 577 | debug("Authentications that can continue: %s", authlist); |
584 | 578 | ||
585 | userauth(authctxt, authlist); | 579 | userauth(ssh, authlist); |
586 | authlist = NULL; | 580 | authlist = NULL; |
587 | out: | 581 | out: |
588 | free(authlist); | 582 | free(authlist); |
@@ -669,7 +663,7 @@ input_userauth_pk_ok(int type, u_int32_t seq, struct ssh *ssh) | |||
669 | } | 663 | } |
670 | ident = format_identity(id); | 664 | ident = format_identity(id); |
671 | debug("Server accepts key: %s", ident); | 665 | debug("Server accepts key: %s", ident); |
672 | sent = sign_and_send_pubkey(ssh, authctxt, id); | 666 | sent = sign_and_send_pubkey(ssh, id); |
673 | r = 0; | 667 | r = 0; |
674 | done: | 668 | done: |
675 | sshkey_free(key); | 669 | sshkey_free(key); |
@@ -680,15 +674,15 @@ input_userauth_pk_ok(int type, u_int32_t seq, struct ssh *ssh) | |||
680 | 674 | ||
681 | /* try another method if we did not send a packet */ | 675 | /* try another method if we did not send a packet */ |
682 | if (r == 0 && sent == 0) | 676 | if (r == 0 && sent == 0) |
683 | userauth(authctxt, NULL); | 677 | userauth(ssh, NULL); |
684 | return r; | 678 | return r; |
685 | } | 679 | } |
686 | 680 | ||
687 | #ifdef GSSAPI | 681 | #ifdef GSSAPI |
688 | int | 682 | int |
689 | userauth_gssapi(Authctxt *authctxt) | 683 | userauth_gssapi(struct ssh *ssh) |
690 | { | 684 | { |
691 | struct ssh *ssh = active_state; /* XXX */ | 685 | Authctxt *authctxt = (Authctxt *)ssh->authctxt; |
692 | Gssctxt *gssctxt = NULL; | 686 | Gssctxt *gssctxt = NULL; |
693 | static gss_OID_set gss_supported = NULL; | 687 | static gss_OID_set gss_supported = NULL; |
694 | static u_int mech = 0; | 688 | static u_int mech = 0; |
@@ -946,9 +940,9 @@ input_gssapi_error(int type, u_int32_t plen, struct ssh *ssh) | |||
946 | #endif /* GSSAPI */ | 940 | #endif /* GSSAPI */ |
947 | 941 | ||
948 | int | 942 | int |
949 | userauth_none(Authctxt *authctxt) | 943 | userauth_none(struct ssh *ssh) |
950 | { | 944 | { |
951 | struct ssh *ssh = active_state; /* XXX */ | 945 | Authctxt *authctxt = (Authctxt *)ssh->authctxt; |
952 | int r; | 946 | int r; |
953 | 947 | ||
954 | /* initial userauth request */ | 948 | /* initial userauth request */ |
@@ -962,9 +956,9 @@ userauth_none(Authctxt *authctxt) | |||
962 | } | 956 | } |
963 | 957 | ||
964 | int | 958 | int |
965 | userauth_passwd(Authctxt *authctxt) | 959 | userauth_passwd(struct ssh *ssh) |
966 | { | 960 | { |
967 | struct ssh *ssh = active_state; /* XXX */ | 961 | Authctxt *authctxt = (Authctxt *)ssh->authctxt; |
968 | char *password, *prompt = NULL; | 962 | char *password, *prompt = NULL; |
969 | const char *host = options.host_key_alias ? options.host_key_alias : | 963 | const char *host = options.host_key_alias ? options.host_key_alias : |
970 | authctxt->host; | 964 | authctxt->host; |
@@ -1186,8 +1180,9 @@ id_filename_matches(Identity *id, Identity *private_id) | |||
1186 | } | 1180 | } |
1187 | 1181 | ||
1188 | static int | 1182 | static int |
1189 | sign_and_send_pubkey(struct ssh *ssh, Authctxt *authctxt, Identity *id) | 1183 | sign_and_send_pubkey(struct ssh *ssh, Identity *id) |
1190 | { | 1184 | { |
1185 | Authctxt *authctxt = (Authctxt *)ssh->authctxt; | ||
1191 | struct sshbuf *b = NULL; | 1186 | struct sshbuf *b = NULL; |
1192 | Identity *private_id, *sign_id = NULL; | 1187 | Identity *private_id, *sign_id = NULL; |
1193 | u_char *signature = NULL; | 1188 | u_char *signature = NULL; |
@@ -1345,8 +1340,9 @@ sign_and_send_pubkey(struct ssh *ssh, Authctxt *authctxt, Identity *id) | |||
1345 | } | 1340 | } |
1346 | 1341 | ||
1347 | static int | 1342 | static int |
1348 | send_pubkey_test(struct ssh *ssh, Authctxt *authctxt, Identity *id) | 1343 | send_pubkey_test(struct ssh *ssh, Identity *id) |
1349 | { | 1344 | { |
1345 | Authctxt *authctxt = (Authctxt *)ssh->authctxt; | ||
1350 | u_char *blob = NULL; | 1346 | u_char *blob = NULL; |
1351 | char *alg = NULL; | 1347 | char *alg = NULL; |
1352 | size_t bloblen; | 1348 | size_t bloblen; |
@@ -1663,9 +1659,9 @@ try_identity(Identity *id) | |||
1663 | } | 1659 | } |
1664 | 1660 | ||
1665 | int | 1661 | int |
1666 | userauth_pubkey(Authctxt *authctxt) | 1662 | userauth_pubkey(struct ssh *ssh) |
1667 | { | 1663 | { |
1668 | struct ssh *ssh = active_state; /* XXX */ | 1664 | Authctxt *authctxt = (Authctxt *)ssh->authctxt; |
1669 | Identity *id; | 1665 | Identity *id; |
1670 | int sent = 0; | 1666 | int sent = 0; |
1671 | char *ident; | 1667 | char *ident; |
@@ -1686,7 +1682,7 @@ userauth_pubkey(Authctxt *authctxt) | |||
1686 | ident = format_identity(id); | 1682 | ident = format_identity(id); |
1687 | debug("Offering public key: %s", ident); | 1683 | debug("Offering public key: %s", ident); |
1688 | free(ident); | 1684 | free(ident); |
1689 | sent = send_pubkey_test(ssh, authctxt, id); | 1685 | sent = send_pubkey_test(ssh, id); |
1690 | } | 1686 | } |
1691 | } else { | 1687 | } else { |
1692 | debug("Trying private key: %s", id->filename); | 1688 | debug("Trying private key: %s", id->filename); |
@@ -1694,8 +1690,7 @@ userauth_pubkey(Authctxt *authctxt) | |||
1694 | if (id->key != NULL) { | 1690 | if (id->key != NULL) { |
1695 | if (try_identity(id)) { | 1691 | if (try_identity(id)) { |
1696 | id->isprivate = 1; | 1692 | id->isprivate = 1; |
1697 | sent = sign_and_send_pubkey(ssh, | 1693 | sent = sign_and_send_pubkey(ssh, id); |
1698 | authctxt, id); | ||
1699 | } | 1694 | } |
1700 | sshkey_free(id->key); | 1695 | sshkey_free(id->key); |
1701 | id->key = NULL; | 1696 | id->key = NULL; |
@@ -1712,9 +1707,9 @@ userauth_pubkey(Authctxt *authctxt) | |||
1712 | * Send userauth request message specifying keyboard-interactive method. | 1707 | * Send userauth request message specifying keyboard-interactive method. |
1713 | */ | 1708 | */ |
1714 | int | 1709 | int |
1715 | userauth_kbdint(Authctxt *authctxt) | 1710 | userauth_kbdint(struct ssh *ssh) |
1716 | { | 1711 | { |
1717 | struct ssh *ssh = active_state; /* XXX */ | 1712 | Authctxt *authctxt = (Authctxt *)ssh->authctxt; |
1718 | int r; | 1713 | int r; |
1719 | 1714 | ||
1720 | if (authctxt->attempt_kbdint++ >= options.number_of_password_prompts) | 1715 | if (authctxt->attempt_kbdint++ >= options.number_of_password_prompts) |
@@ -1816,7 +1811,8 @@ ssh_keysign(struct ssh *ssh, struct sshkey *key, u_char **sigp, size_t *lenp, | |||
1816 | struct sshbuf *b; | 1811 | struct sshbuf *b; |
1817 | struct stat st; | 1812 | struct stat st; |
1818 | pid_t pid; | 1813 | pid_t pid; |
1819 | int i, r, to[2], from[2], status, sock = ssh_packet_get_connection_in(ssh); | 1814 | int i, r, to[2], from[2], status; |
1815 | int sock = ssh_packet_get_connection_in(ssh); | ||
1820 | u_char rversion = 0, version = 2; | 1816 | u_char rversion = 0, version = 2; |
1821 | void (*osigchld)(int); | 1817 | void (*osigchld)(int); |
1822 | 1818 | ||
@@ -1924,9 +1920,9 @@ ssh_keysign(struct ssh *ssh, struct sshkey *key, u_char **sigp, size_t *lenp, | |||
1924 | } | 1920 | } |
1925 | 1921 | ||
1926 | int | 1922 | int |
1927 | userauth_hostbased(Authctxt *authctxt) | 1923 | userauth_hostbased(struct ssh *ssh) |
1928 | { | 1924 | { |
1929 | struct ssh *ssh = active_state; /* XXX */ | 1925 | Authctxt *authctxt = (Authctxt *)ssh->authctxt; |
1930 | struct sshkey *private = NULL; | 1926 | struct sshkey *private = NULL; |
1931 | struct sshbuf *b = NULL; | 1927 | struct sshbuf *b = NULL; |
1932 | u_char *sig = NULL, *keyblob = NULL; | 1928 | u_char *sig = NULL, *keyblob = NULL; |
@@ -1990,7 +1986,8 @@ userauth_hostbased(Authctxt *authctxt) | |||
1990 | __func__, sshkey_ssh_name(private), fp); | 1986 | __func__, sshkey_ssh_name(private), fp); |
1991 | 1987 | ||
1992 | /* figure out a name for the client host */ | 1988 | /* figure out a name for the client host */ |
1993 | if ((lname = get_local_name(ssh_packet_get_connection_in(ssh))) == NULL) { | 1989 | lname = get_local_name(ssh_packet_get_connection_in(ssh)); |
1990 | if (lname == NULL) { | ||
1994 | error("%s: cannot get local ipaddr/name", __func__); | 1991 | error("%s: cannot get local ipaddr/name", __func__); |
1995 | goto out; | 1992 | goto out; |
1996 | } | 1993 | } |