Import openssh_8.0p1.orig.tar.gz

author: Colin Watson <cjwatson@debian.org> 2019-06-05 06:41:44 +0100
committer: Colin Watson <cjwatson@debian.org> 2019-06-05 06:41:44 +0100
commit: 102062f825fb26a74295a1c089c00c4c4c76b68a (patch)
tree: 3db66bc8c8483cce66516dff36f6ef56065143d9 /sshconnect2.c
parent: 3d246f10429fc9a37b98eabef94fe8dc7c61002b (diff)
parent: fd0fa130ecf06d7d092932adcd5d77f1549bfc8d (diff)
1 files changed, 180 insertions, 155 deletions
diff --git a/sshconnect2.c b/sshconnect2.c
index 1675f3935..dffee90b1 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect2.c,v 1.288 2018/10/11 03:48:04 djm Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.303 2019/02/12 23:53:10 djm Exp $ */
 /*
 * Copyright (c) 2000 Markus Friedl.  All rights reserved.
 * Copyright (c) 2008 Damien Miller.  All rights reserved.
@@ -155,11 +155,10 @@ order_hostkeyalgs(char *host, struct sockaddr *hostaddr, u_short port)
 }
 void
-ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port)
+ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port)
 {
        char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT };
        char *s, *all_key;
-        struct kex *kex;
        int r;
        xxx_host = host;
@@ -195,40 +194,38 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port)
        }
        if (options.rekey_limit || options.rekey_interval)
-                packet_set_rekey_limits(options.rekey_limit,
+                ssh_packet_set_rekey_limits(ssh, options.rekey_limit,
                    options.rekey_interval);
        /* start key exchange */
-        if ((r = kex_setup(active_state, myproposal)) != 0)
+        if ((r = kex_setup(ssh, myproposal)) != 0)
                fatal("kex_setup: %s", ssh_err(r));
-        kex = active_state->kex;
 #ifdef WITH_OPENSSL
-        kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client;
+        ssh->kex->kex[KEX_DH_GRP1_SHA1] = kex_gen_client;
-        kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client;
+        ssh->kex->kex[KEX_DH_GRP14_SHA1] = kex_gen_client;
-        kex->kex[KEX_DH_GRP14_SHA256] = kexdh_client;
+        ssh->kex->kex[KEX_DH_GRP14_SHA256] = kex_gen_client;
-        kex->kex[KEX_DH_GRP16_SHA512] = kexdh_client;
+        ssh->kex->kex[KEX_DH_GRP16_SHA512] = kex_gen_client;
-        kex->kex[KEX_DH_GRP18_SHA512] = kexdh_client;
+        ssh->kex->kex[KEX_DH_GRP18_SHA512] = kex_gen_client;
-        kex->kex[KEX_DH_GEX_SHA1] = kexgex_client;
+        ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_client;
-        kex->kex[KEX_DH_GEX_SHA256] = kexgex_client;
+        ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_client;
 # ifdef OPENSSL_HAS_ECC
-        kex->kex[KEX_ECDH_SHA2] = kexecdh_client;
+        ssh->kex->kex[KEX_ECDH_SHA2] = kex_gen_client;
 # endif
 #endif
-        kex->kex[KEX_C25519_SHA256] = kexc25519_client;
+        ssh->kex->kex[KEX_C25519_SHA256] = kex_gen_client;
-        kex->client_version_string=client_version_string;
+        ssh->kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_gen_client;
-        kex->server_version_string=server_version_string;
+        ssh->kex->verify_host_key=&verify_host_key_callback;
-        kex->verify_host_key=&verify_host_key_callback;
-        ssh_dispatch_run_fatal(active_state, DISPATCH_BLOCK, &kex->done);
+        ssh_dispatch_run_fatal(ssh, DISPATCH_BLOCK, &ssh->kex->done);
        /* remove ext-info from the KEX proposals for rekeying */
        myproposal[PROPOSAL_KEX_ALGS] =
            compat_kex_proposal(options.kex_algorithms);
-        if ((r = kex_prop2buf(kex->my, myproposal)) != 0)
+        if ((r = kex_prop2buf(ssh->kex->my, myproposal)) != 0)
                fatal("kex_prop2buf: %s", ssh_err(r));
-        session_id2 = kex->session_id;
+        session_id2 = ssh->kex->session_id;
-        session_id2_len = kex->session_id_len;
+        session_id2_len = ssh->kex->session_id_len;
 #ifdef DEBUG_KEXDH
        /* send 1st encrypted/maced/compressed message */
@@ -268,7 +265,11 @@ struct cauthctxt {
        struct cauthmethod *method;
        sig_atomic_t success;
        char *authlist;
-        int attempt;
+#ifdef GSSAPI
+        /* gssapi */
+        gss_OID_set gss_supported_mechs;
+        u_int mech_tried;
+#endif
        /* pubkey */
        struct idlist keys;
        int agent_fd;
@@ -278,49 +279,51 @@ struct cauthctxt {
        const char *active_ktype;
        /* kbd-interactive */
        int info_req_seen;
+        int attempt_kbdint;
+        /* password */
+        int attempt_passwd;
        /* generic */
        void *methoddata;
 };
 struct cauthmethod {
        char    *name;          /* string to compare against server's list */
-        int     (*userauth)(Authctxt *authctxt);
+        int     (*userauth)(struct ssh *ssh);
-        void    (*cleanup)(Authctxt *authctxt);
+        void    (*cleanup)(struct ssh *ssh);
        int     *enabled;       /* flag in option struct that enables method */
        int     *batch_flag;    /* flag in option struct that disables method */
 };
-int     input_userauth_service_accept(int, u_int32_t, struct ssh *);
+static int input_userauth_service_accept(int, u_int32_t, struct ssh *);
-int     input_userauth_ext_info(int, u_int32_t, struct ssh *);
+static int input_userauth_ext_info(int, u_int32_t, struct ssh *);
-int     input_userauth_success(int, u_int32_t, struct ssh *);
+static int input_userauth_success(int, u_int32_t, struct ssh *);
-int     input_userauth_success_unexpected(int, u_int32_t, struct ssh *);
+static int input_userauth_failure(int, u_int32_t, struct ssh *);
-int     input_userauth_failure(int, u_int32_t, struct ssh *);
+static int input_userauth_banner(int, u_int32_t, struct ssh *);
-int     input_userauth_banner(int, u_int32_t, struct ssh *);
+static int input_userauth_error(int, u_int32_t, struct ssh *);
-int     input_userauth_error(int, u_int32_t, struct ssh *);
+static int input_userauth_info_req(int, u_int32_t, struct ssh *);
-int     input_userauth_info_req(int, u_int32_t, struct ssh *);
+static int input_userauth_pk_ok(int, u_int32_t, struct ssh *);
-int     input_userauth_pk_ok(int, u_int32_t, struct ssh *);
+static int input_userauth_passwd_changereq(int, u_int32_t, struct ssh *);
-int     input_userauth_passwd_changereq(int, u_int32_t, struct ssh *);
+static int userauth_none(struct ssh *);
-int     userauth_none(Authctxt *);
+static int userauth_pubkey(struct ssh *);
-int     userauth_pubkey(Authctxt *);
+static int userauth_passwd(struct ssh *);
-int     userauth_passwd(Authctxt *);
+static int userauth_kbdint(struct ssh *);
-int     userauth_kbdint(Authctxt *);
+static int userauth_hostbased(struct ssh *);
-int     userauth_hostbased(Authctxt *);
 #ifdef GSSAPI
-int     userauth_gssapi(Authctxt *authctxt);
+static int userauth_gssapi(struct ssh *);
-int     input_gssapi_response(int type, u_int32_t, struct ssh *);
+static void userauth_gssapi_cleanup(struct ssh *);
-int     input_gssapi_token(int type, u_int32_t, struct ssh *);
+static int input_gssapi_response(int type, u_int32_t, struct ssh *);
-int     input_gssapi_hash(int type, u_int32_t, struct ssh *);
+static int input_gssapi_token(int type, u_int32_t, struct ssh *);
-int     input_gssapi_error(int, u_int32_t, struct ssh *);
+static int input_gssapi_error(int, u_int32_t, struct ssh *);
-int     input_gssapi_errtok(int, u_int32_t, struct ssh *);
+static int input_gssapi_errtok(int, u_int32_t, struct ssh *);
 #endif
-void    userauth(Authctxt *, char *);
+void    userauth(struct ssh *, char *);
-static int sign_and_send_pubkey(struct ssh *ssh, Authctxt *, Identity *);
+static void pubkey_cleanup(struct ssh *);
+static int sign_and_send_pubkey(struct ssh *ssh, Identity *);
 static void pubkey_prepare(Authctxt *);
-static void pubkey_cleanup(Authctxt *);
 static void pubkey_reset(Authctxt *);
 static struct sshkey *load_identity_file(Identity *);
@@ -332,7 +335,7 @@ Authmethod authmethods[] = {
 #ifdef GSSAPI
        {"gssapi-with-mic",
                userauth_gssapi,
-                NULL,
+                userauth_gssapi_cleanup,
                &options.gss_authentication,
                NULL},
 #endif
@@ -365,10 +368,9 @@ Authmethod authmethods[] = {
 };
 void
-ssh_userauth2(const char *local_user, const char *server_user, char *host,
+ssh_userauth2(struct ssh *ssh, const char *local_user,
-    Sensitive *sensitive)
+    const char *server_user, char *host, Sensitive *sensitive)
 {
-        struct ssh *ssh = active_state;
        Authctxt authctxt;
        int r;
@@ -379,7 +381,6 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host,
        /* setup authentication context */
        memset(&authctxt, 0, sizeof(authctxt));
-        pubkey_prepare(&authctxt);
        authctxt.server_user = server_user;
        authctxt.local_user = local_user;
        authctxt.host = host;
@@ -391,9 +392,18 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host,
        authctxt.sensitive = sensitive;
        authctxt.active_ktype = authctxt.oktypes = authctxt.ktypes = NULL;
        authctxt.info_req_seen = 0;
+        authctxt.attempt_kbdint = 0;
+        authctxt.attempt_passwd = 0;
+#if GSSAPI
+        authctxt.gss_supported_mechs = NULL;
+        authctxt.mech_tried = 0;
+#endif
        authctxt.agent_fd = -1;
-        if (authctxt.method == NULL)
+        pubkey_prepare(&authctxt);
-                fatal("ssh_userauth2: internal error: cannot send userauth none request");
+        if (authctxt.method == NULL) {
+                fatal("%s: internal error: cannot send userauth none request",
+                    __func__);
+        }
        if ((r = sshpkt_start(ssh, SSH2_MSG_SERVICE_REQUEST)) != 0 ||
            (r = sshpkt_put_cstring(ssh, "ssh-userauth")) != 0 ||
@@ -405,9 +415,9 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host,
        ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, &input_userauth_ext_info);
        ssh_dispatch_set(ssh, SSH2_MSG_SERVICE_ACCEPT, &input_userauth_service_accept);
        ssh_dispatch_run_fatal(ssh, DISPATCH_BLOCK, &authctxt.success); /* loop until success */
+        pubkey_cleanup(ssh);
        ssh->authctxt = NULL;
-        pubkey_cleanup(&authctxt);
        ssh_dispatch_range(ssh, SSH2_MSG_USERAUTH_MIN, SSH2_MSG_USERAUTH_MAX, NULL);
        if (!authctxt.success)
@@ -416,10 +426,9 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host,
 }
 /* ARGSUSED */
-int
+static int
 input_userauth_service_accept(int type, u_int32_t seq, struct ssh *ssh)
 {
-        Authctxt *authctxt = ssh->authctxt;
        int r;
        if (ssh_packet_remaining(ssh) > 0) {
@@ -437,7 +446,7 @@ input_userauth_service_accept(int type, u_int32_t seq, struct ssh *ssh)
        debug("SSH2_MSG_SERVICE_ACCEPT received");
        /* initial userauth request */
-        userauth_none(authctxt);
+        userauth_none(ssh);
        ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, &input_userauth_error);
        ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_SUCCESS, &input_userauth_success);
@@ -449,19 +458,19 @@ input_userauth_service_accept(int type, u_int32_t seq, struct ssh *ssh)
 }
 /* ARGSUSED */
-int
+static int
 input_userauth_ext_info(int type, u_int32_t seqnr, struct ssh *ssh)
 {
        return kex_input_ext_info(type, seqnr, ssh);
 }
 void
-userauth(Authctxt *authctxt, char *authlist)
+userauth(struct ssh *ssh, char *authlist)
 {
-        struct ssh *ssh = active_state; /* XXX */
+        Authctxt *authctxt = (Authctxt *)ssh->authctxt;
        if (authctxt->method != NULL && authctxt->method->cleanup != NULL)
-                authctxt->method->cleanup(authctxt);
+                authctxt->method->cleanup(ssh);
        free(authctxt->methoddata);
        authctxt->methoddata = NULL;
@@ -483,7 +492,7 @@ userauth(Authctxt *authctxt, char *authlist)
                    SSH2_MSG_USERAUTH_PER_METHOD_MAX, NULL);
                /* and try new method */
-                if (method->userauth(authctxt) != 0) {
+                if (method->userauth(ssh) != 0) {
                        debug2("we sent a %s packet, wait for reply", method->name);
                        break;
                } else {
@@ -494,50 +503,53 @@ userauth(Authctxt *authctxt, char *authlist)
 }
 /* ARGSUSED */
-int
+static int
 input_userauth_error(int type, u_int32_t seq, struct ssh *ssh)
 {
-        fatal("input_userauth_error: bad message during authentication: "
+        fatal("%s: bad message during authentication: type %d", __func__, type);
-            "type %d", type);
        return 0;
 }
 /* ARGSUSED */
-int
+static int
 input_userauth_banner(int type, u_int32_t seq, struct ssh *ssh)
 {
-        char *msg, *lang;
+        char *msg = NULL;
-        u_int len;
+        size_t len;
+        int r;
        debug3("%s", __func__);
-        msg = packet_get_string(&len);
+        if ((r = sshpkt_get_cstring(ssh, &msg, &len)) != 0 ||
-        lang = packet_get_string(NULL);
+            (r = sshpkt_get_cstring(ssh, NULL, NULL)) != 0)
+                goto out;
        if (len > 0 && options.log_level >= SYSLOG_LEVEL_INFO)
                fmprintf(stderr, "%s", msg);
+        r = 0;
+ out:
        free(msg);
-        free(lang);
+        return r;
-        return 0;
 }
 /* ARGSUSED */
-int
+static int
 input_userauth_success(int type, u_int32_t seq, struct ssh *ssh)
 {
        Authctxt *authctxt = ssh->authctxt;
        if (authctxt == NULL)
-                fatal("input_userauth_success: no authentication context");
+                fatal("%s: no authentication context", __func__);
        free(authctxt->authlist);
        authctxt->authlist = NULL;
        if (authctxt->method != NULL && authctxt->method->cleanup != NULL)
-                authctxt->method->cleanup(authctxt);
+                authctxt->method->cleanup(ssh);
        free(authctxt->methoddata);
        authctxt->methoddata = NULL;
        authctxt->success = 1;                  /* break out */
        return 0;
 }
-int
+#if 0
+static int
 input_userauth_success_unexpected(int type, u_int32_t seq, struct ssh *ssh)
 {
        Authctxt *authctxt = ssh->authctxt;
@@ -549,9 +561,10 @@ input_userauth_success_unexpected(int type, u_int32_t seq, struct ssh *ssh)
            authctxt->method->name);
        return 0;
 }
+#endif
 /* ARGSUSED */
-int
+static int
 input_userauth_failure(int type, u_int32_t seq, struct ssh *ssh)
 {
        Authctxt *authctxt = ssh->authctxt;
@@ -574,7 +587,7 @@ input_userauth_failure(int type, u_int32_t seq, struct ssh *ssh)
        }
        debug("Authentications that can continue: %s", authlist);
-        userauth(authctxt, authlist);
+        userauth(ssh, authlist);
        authlist = NULL;
 out:
        free(authlist);
@@ -606,7 +619,7 @@ format_identity(Identity *id)
 }
 /* ARGSUSED */
-int
+static int
 input_userauth_pk_ok(int type, u_int32_t seq, struct ssh *ssh)
 {
        Authctxt *authctxt = ssh->authctxt;
@@ -661,7 +674,7 @@ input_userauth_pk_ok(int type, u_int32_t seq, struct ssh *ssh)
        }
        ident = format_identity(id);
        debug("Server accepts key: %s", ident);
-        sent = sign_and_send_pubkey(ssh, authctxt, id);
+        sent = sign_and_send_pubkey(ssh, id);
        r = 0;
 done:
        sshkey_free(key);
@@ -672,40 +685,41 @@ input_userauth_pk_ok(int type, u_int32_t seq, struct ssh *ssh)
        /* try another method if we did not send a packet */
        if (r == 0 && sent == 0)
-                userauth(authctxt, NULL);
+                userauth(ssh, NULL);
        return r;
 }
 #ifdef GSSAPI
-int
+static int
-userauth_gssapi(Authctxt *authctxt)
+userauth_gssapi(struct ssh *ssh)
 {
-        struct ssh *ssh = active_state; /* XXX */
+        Authctxt *authctxt = (Authctxt *)ssh->authctxt;
        Gssctxt *gssctxt = NULL;
-        static gss_OID_set gss_supported = NULL;
-        static u_int mech = 0;
        OM_uint32 min;
        int r, ok = 0;
+        gss_OID mech = NULL;
        /* Try one GSSAPI method at a time, rather than sending them all at
         * once. */
-        if (gss_supported == NULL)
+        if (authctxt->gss_supported_mechs == NULL)
-                gss_indicate_mechs(&min, &gss_supported);
+                gss_indicate_mechs(&min, &authctxt->gss_supported_mechs);
-        /* Check to see if the mechanism is usable before we offer it */
+        /* Check to see whether the mechanism is usable before we offer it */
-        while (mech < gss_supported->count && !ok) {
+        while (authctxt->mech_tried < authctxt->gss_supported_mechs->count &&
+            !ok) {
+                mech = &authctxt->gss_supported_mechs->
+                    elements[authctxt->mech_tried];
                /* My DER encoding requires length<128 */
-                if (gss_supported->elements[mech].length < 128 &&
+                if (mech->length < 128 && ssh_gssapi_check_mechanism(&gssctxt,
-                    ssh_gssapi_check_mechanism(&gssctxt,
+                    mech, authctxt->host)) {
-                    &gss_supported->elements[mech], authctxt->host)) {
                        ok = 1; /* Mechanism works */
                } else {
-                        mech++;
+                        authctxt->mech_tried++;
                }
        }
-        if (!ok)
+        if (!ok || mech == NULL)
                return 0;
        authctxt->methoddata=(void *)gssctxt;
@@ -715,14 +729,10 @@ userauth_gssapi(Authctxt *authctxt)
            (r = sshpkt_put_cstring(ssh, authctxt->service)) != 0 ||
            (r = sshpkt_put_cstring(ssh, authctxt->method->name)) != 0 ||
            (r = sshpkt_put_u32(ssh, 1)) != 0 ||
-            (r = sshpkt_put_u32(ssh,
+            (r = sshpkt_put_u32(ssh, (mech->length) + 2)) != 0 ||
-            (gss_supported->elements[mech].length) + 2)) != 0 ||
            (r = sshpkt_put_u8(ssh, SSH_GSS_OIDTYPE)) != 0 ||
-            (r = sshpkt_put_u8(ssh,
+            (r = sshpkt_put_u8(ssh, mech->length)) != 0 ||
-            gss_supported->elements[mech].length)) != 0 ||
+            (r = sshpkt_put(ssh, mech->elements, mech->length)) != 0 ||
-            (r = sshpkt_put(ssh,
-            gss_supported->elements[mech].elements,
-            gss_supported->elements[mech].length)) != 0 ||
            (r = sshpkt_send(ssh)) != 0)
                fatal("%s: %s", __func__, ssh_err(r));
@@ -731,11 +741,24 @@ userauth_gssapi(Authctxt *authctxt)
        ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_ERROR, &input_gssapi_error);
        ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, &input_gssapi_errtok);
-        mech++; /* Move along to next candidate */
+        authctxt->mech_tried++; /* Move along to next candidate */
        return 1;
 }
+static void
+userauth_gssapi_cleanup(struct ssh *ssh)
+{
+        Authctxt *authctxt = (Authctxt *)ssh->authctxt;
+        Gssctxt *gssctxt = (Gssctxt *)authctxt->methoddata;
+        ssh_gssapi_delete_ctx(&gssctxt);
+        authctxt->methoddata = NULL;
+        free(authctxt->gss_supported_mechs);
+        authctxt->gss_supported_mechs = NULL;
+}
 static OM_uint32
 process_gssapi_token(struct ssh *ssh, gss_buffer_t recv_tok)
 {
@@ -803,7 +826,7 @@ process_gssapi_token(struct ssh *ssh, gss_buffer_t recv_tok)
 }
 /* ARGSUSED */
-int
+static int
 input_gssapi_response(int type, u_int32_t plen, struct ssh *ssh)
 {
        Authctxt *authctxt = ssh->authctxt;
@@ -824,7 +847,7 @@ input_gssapi_response(int type, u_int32_t plen, struct ssh *ssh)
            oidv[0] != SSH_GSS_OIDTYPE ||
            oidv[1] != oidlen - 2) {
                debug("Badly encoded mechanism OID received");
-                userauth(authctxt, NULL);
+                userauth(ssh, NULL);
                goto ok;
        }
@@ -837,7 +860,7 @@ input_gssapi_response(int type, u_int32_t plen, struct ssh *ssh)
        if (GSS_ERROR(process_gssapi_token(ssh, GSS_C_NO_BUFFER))) {
                /* Start again with next method on list */
                debug("Trying to start again");
-                userauth(authctxt, NULL);
+                userauth(ssh, NULL);
                goto ok;
        }
 ok:
@@ -848,7 +871,7 @@ input_gssapi_response(int type, u_int32_t plen, struct ssh *ssh)
 }
 /* ARGSUSED */
-int
+static int
 input_gssapi_token(int type, u_int32_t plen, struct ssh *ssh)
 {
        Authctxt *authctxt = ssh->authctxt;
@@ -871,7 +894,7 @@ input_gssapi_token(int type, u_int32_t plen, struct ssh *ssh)
        /* Start again with the next method in the list */
        if (GSS_ERROR(status)) {
-                userauth(authctxt, NULL);
+                userauth(ssh, NULL);
                /* ok */
        }
        r = 0;
@@ -881,7 +904,7 @@ input_gssapi_token(int type, u_int32_t plen, struct ssh *ssh)
 }
 /* ARGSUSED */
-int
+static int
 input_gssapi_errtok(int type, u_int32_t plen, struct ssh *ssh)
 {
        Authctxt *authctxt = ssh->authctxt;
@@ -916,7 +939,7 @@ input_gssapi_errtok(int type, u_int32_t plen, struct ssh *ssh)
 }
 /* ARGSUSED */
-int
+static int
 input_gssapi_error(int type, u_int32_t plen, struct ssh *ssh)
 {
        char *msg = NULL;
@@ -937,10 +960,10 @@ input_gssapi_error(int type, u_int32_t plen, struct ssh *ssh)
 }
 #endif /* GSSAPI */
-int
+static int
-userauth_none(Authctxt *authctxt)
+userauth_none(struct ssh *ssh)
 {
-        struct ssh *ssh = active_state; /* XXX */
+        Authctxt *authctxt = (Authctxt *)ssh->authctxt;
        int r;
        /* initial userauth request */
@@ -953,25 +976,22 @@ userauth_none(Authctxt *authctxt)
        return 1;
 }
-int
+static int
-userauth_passwd(Authctxt *authctxt)
+userauth_passwd(struct ssh *ssh)
 {
-        struct ssh *ssh = active_state; /* XXX */
+        Authctxt *authctxt = (Authctxt *)ssh->authctxt;
-        static int attempt = 0;
+        char *password, *prompt = NULL;
-        char prompt[256];
-        char *password;
        const char *host = options.host_key_alias ?  options.host_key_alias :
            authctxt->host;
        int r;
-        if (attempt++ >= options.number_of_password_prompts)
+        if (authctxt->attempt_passwd++ >= options.number_of_password_prompts)
                return 0;
-        if (attempt != 1)
+        if (authctxt->attempt_passwd != 1)
                error("Permission denied, please try again.");
-        snprintf(prompt, sizeof(prompt), "%.30s@%.128s's password: ",
+        xasprintf(&prompt, "%s@%s's password: ", authctxt->server_user, host);
-            authctxt->server_user, host);
        password = read_passphrase(prompt, 0);
        if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_REQUEST)) != 0 ||
            (r = sshpkt_put_cstring(ssh, authctxt->server_user)) != 0 ||
@@ -983,7 +1003,8 @@ userauth_passwd(Authctxt *authctxt)
            (r = sshpkt_send(ssh)) != 0)
                fatal("%s: %s", __func__, ssh_err(r));
-        if (password)
+        free(prompt);
+        if (password != NULL)
                freezero(password, strlen(password));
        ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ,
@@ -996,7 +1017,7 @@ userauth_passwd(Authctxt *authctxt)
 * parse PASSWD_CHANGEREQ, prompt user and send SSH2_MSG_USERAUTH_REQUEST
 */
 /* ARGSUSED */
-int
+static int
 input_userauth_passwd_changereq(int type, u_int32_t seqnr, struct ssh *ssh)
 {
        Authctxt *authctxt = ssh->authctxt;
@@ -1180,8 +1201,9 @@ id_filename_matches(Identity *id, Identity *private_id)
 }
 static int
-sign_and_send_pubkey(struct ssh *ssh, Authctxt *authctxt, Identity *id)
+sign_and_send_pubkey(struct ssh *ssh, Identity *id)
 {
+        Authctxt *authctxt = (Authctxt *)ssh->authctxt;
        struct sshbuf *b = NULL;
        Identity *private_id, *sign_id = NULL;
        u_char *signature = NULL;
@@ -1339,8 +1361,9 @@ sign_and_send_pubkey(struct ssh *ssh, Authctxt *authctxt, Identity *id)
 }
 static int
-send_pubkey_test(struct ssh *ssh, Authctxt *authctxt, Identity *id)
+send_pubkey_test(struct ssh *ssh, Identity *id)
 {
+        Authctxt *authctxt = (Authctxt *)ssh->authctxt;
        u_char *blob = NULL;
        char *alg = NULL;
        size_t bloblen;
@@ -1616,12 +1639,15 @@ pubkey_prepare(Authctxt *authctxt)
 }
 static void
-pubkey_cleanup(Authctxt *authctxt)
+pubkey_cleanup(struct ssh *ssh)
 {
+        Authctxt *authctxt = (Authctxt *)ssh->authctxt;
        Identity *id;
-        if (authctxt->agent_fd != -1)
+        if (authctxt->agent_fd != -1) {
                ssh_close_authentication_socket(authctxt->agent_fd);
+                authctxt->agent_fd = -1;
+        }
        for (id = TAILQ_FIRST(&authctxt->keys); id;
            id = TAILQ_FIRST(&authctxt->keys)) {
                TAILQ_REMOVE(&authctxt->keys, id, next);
@@ -1654,10 +1680,10 @@ try_identity(Identity *id)
        return 1;
 }
-int
+static int
-userauth_pubkey(Authctxt *authctxt)
+userauth_pubkey(struct ssh *ssh)
 {
-        struct ssh *ssh = active_state; /* XXX */
+        Authctxt *authctxt = (Authctxt *)ssh->authctxt;
        Identity *id;
        int sent = 0;
        char *ident;
@@ -1678,7 +1704,7 @@ userauth_pubkey(Authctxt *authctxt)
                                ident = format_identity(id);
                                debug("Offering public key: %s", ident);
                                free(ident);
-                                sent = send_pubkey_test(ssh, authctxt, id);
+                                sent = send_pubkey_test(ssh, id);
                        }
                } else {
                        debug("Trying private key: %s", id->filename);
@@ -1686,8 +1712,7 @@ userauth_pubkey(Authctxt *authctxt)
                        if (id->key != NULL) {
                                if (try_identity(id)) {
                                        id->isprivate = 1;
-                                        sent = sign_and_send_pubkey(ssh,
+                                        sent = sign_and_send_pubkey(ssh, id);
-                                            authctxt, id);
                                }
                                sshkey_free(id->key);
                                id->key = NULL;
@@ -1703,17 +1728,16 @@ userauth_pubkey(Authctxt *authctxt)
 /*
 * Send userauth request message specifying keyboard-interactive method.
 */
-int
+static int
-userauth_kbdint(Authctxt *authctxt)
+userauth_kbdint(struct ssh *ssh)
 {
-        struct ssh *ssh = active_state; /* XXX */
+        Authctxt *authctxt = (Authctxt *)ssh->authctxt;
-        static int attempt = 0;
        int r;
-        if (attempt++ >= options.number_of_password_prompts)
+        if (authctxt->attempt_kbdint++ >= options.number_of_password_prompts)
                return 0;
        /* disable if no SSH2_MSG_USERAUTH_INFO_REQUEST has been seen */
-        if (attempt > 1 && !authctxt->info_req_seen) {
+        if (authctxt->attempt_kbdint > 1 && !authctxt->info_req_seen) {
                debug3("userauth_kbdint: disable: no info_req_seen");
                ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_INFO_REQUEST, NULL);
                return 0;
@@ -1737,7 +1761,7 @@ userauth_kbdint(Authctxt *authctxt)
 /*
 * parse INFO_REQUEST, prompt user and send INFO_RESPONSE
 */
-int
+static int
 input_userauth_info_req(int type, u_int32_t seq, struct ssh *ssh)
 {
        Authctxt *authctxt = ssh->authctxt;
@@ -1803,13 +1827,14 @@ input_userauth_info_req(int type, u_int32_t seq, struct ssh *ssh)
 }
 static int
-ssh_keysign(struct sshkey *key, u_char **sigp, size_t *lenp,
+ssh_keysign(struct ssh *ssh, struct sshkey *key, u_char **sigp, size_t *lenp,
    const u_char *data, size_t datalen)
 {
        struct sshbuf *b;
        struct stat st;
        pid_t pid;
-        int i, r, to[2], from[2], status, sock = packet_get_connection_in();
+        int i, r, to[2], from[2], status;
+        int sock = ssh_packet_get_connection_in(ssh);
        u_char rversion = 0, version = 2;
        void (*osigchld)(int);
@@ -1916,10 +1941,10 @@ ssh_keysign(struct sshkey *key, u_char **sigp, size_t *lenp,
        return 0;
 }
-int
+static int
-userauth_hostbased(Authctxt *authctxt)
+userauth_hostbased(struct ssh *ssh)
 {
-        struct ssh *ssh = active_state; /* XXX */
+        Authctxt *authctxt = (Authctxt *)ssh->authctxt;
        struct sshkey *private = NULL;
        struct sshbuf *b = NULL;
        u_char *sig = NULL, *keyblob = NULL;
@@ -1983,7 +2008,8 @@ userauth_hostbased(Authctxt *authctxt)
            __func__, sshkey_ssh_name(private), fp);
        /* figure out a name for the client host */
-        if ((lname = get_local_name(packet_get_connection_in())) == NULL) {
+        lname = get_local_name(ssh_packet_get_connection_in(ssh));
+        if (lname == NULL) {
                error("%s: cannot get local ipaddr/name", __func__);
                goto out;
        }
@@ -2017,9 +2043,8 @@ userauth_hostbased(Authctxt *authctxt)
 #ifdef DEBUG_PK
        sshbuf_dump(b, stderr);
 #endif
-        r = ssh_keysign(private, &sig, &siglen,
+        if ((r = ssh_keysign(ssh, private, &sig, &siglen,
-            sshbuf_ptr(b), sshbuf_len(b));
+            sshbuf_ptr(b), sshbuf_len(b))) != 0) {
-        if (r != 0) {
                error("sign using hostkey %s %s failed",
                    sshkey_ssh_name(private), fp);
                goto out;
author	Colin Watson <cjwatson@debian.org>	2019-06-05 06:41:44 +0100
committer	Colin Watson <cjwatson@debian.org>	2019-06-05 06:41:44 +0100
commit	102062f825fb26a74295a1c089c00c4c4c76b68a (patch)
tree	3db66bc8c8483cce66516dff36f6ef56065143d9 /sshconnect2.c
parent	3d246f10429fc9a37b98eabef94fe8dc7c61002b (diff)
parent	fd0fa130ecf06d7d092932adcd5d77f1549bfc8d (diff)