upstream: remove last references to active_state

with & ok markus@ OpenBSD-Commit-ID: 78619a50ea7e4ca2f3b54d4658b3227277490ba2
author: djm@openbsd.org <djm@openbsd.org> 2019-01-19 21:43:56 +0000
committer: Damien Miller <djm@mindrot.org> 2019-01-20 09:45:18 +1100
commit: 04c091fc199f17dacf8921df0a06634b454e2722 (patch)
tree: 76b75b5cf39f940bfc418fa7fe6e9ae3dc5c2569 /sshd.c
parent: ec00f918b8ad90295044266c433340a8adc93452 (diff)
1 files changed, 36 insertions, 27 deletions
diff --git a/sshd.c b/sshd.c
index 0c93f7f31..58d17e546 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.526 2019/01/19 21:43:07 djm Exp $ */
+/* $OpenBSD: sshd.c,v 1.527 2019/01/19 21:43:56 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -123,8 +123,6 @@
 #include "version.h"
 #include "ssherr.h"
-extern struct ssh *active_state; /* XXX move decl to this file */
 /* Re-exec fds */
 #define REEXEC_DEVCRYPTO_RESERVED_FD    (STDERR_FILENO + 1)
 #define REEXEC_STARTUP_PIPE_FD          (STDERR_FILENO + 2)
@@ -225,8 +223,9 @@ struct monitor *pmonitor = NULL;
 int privsep_is_preauth = 1;
 static int privsep_chroot = 1;
-/* global authentication context */
+/* global connection state and authentication contexts */
 Authctxt *the_authctxt = NULL;
+struct ssh *the_active_state;
 /* global key/cert auth options. XXX move to permanent ssh->authctxt? */
 struct sshauthopt *auth_opts = NULL;
@@ -353,9 +352,11 @@ grace_alarm_handler(int sig)
                kill(0, SIGTERM);
        }
+        /* XXX pre-format ipaddr/port so we don't need to access active_state */
        /* Log error and exit. */
        sigdie("Timeout before authentication for %s port %d",
-            ssh_remote_ipaddr(active_state), ssh_remote_port(active_state));
+            ssh_remote_ipaddr(the_active_state),
+            ssh_remote_port(the_active_state));
 }
 /* Destroy the host and server keys.  They will no longer be needed. */
@@ -742,7 +743,7 @@ notify_hostkeys(struct ssh *ssh)
        char *fp;
        /* Some clients cannot cope with the hostkeys message, skip those. */
-        if (datafellows & SSH_BUG_HOSTKEYS)
+        if (ssh->compat & SSH_BUG_HOSTKEYS)
                return;
        if ((buf = sshbuf_new()) == NULL)
@@ -1960,8 +1961,8 @@ main(int ac, char **av)
         */
        if ((ssh = ssh_packet_set_connection(NULL, sock_in, sock_out)) == NULL)
                fatal("Unable to create connection");
+        the_active_state = ssh;
        ssh_packet_set_server(ssh);
-        active_state = ssh; /* XXX needed elsewhere */
        check_ip_options(ssh);
@@ -2060,7 +2061,7 @@ main(int ac, char **av)
         * the current keystate and exits
         */
        if (use_privsep) {
-                mm_send_keystate(pmonitor);
+                mm_send_keystate(ssh, pmonitor);
                ssh_packet_clear_keys(ssh);
                exit(0);
        }
@@ -2139,25 +2140,35 @@ main(int ac, char **av)
 }
 int
-sshd_hostkey_sign(struct sshkey *privkey, struct sshkey *pubkey,
+sshd_hostkey_sign(struct ssh *ssh, struct sshkey *privkey,
-    u_char **signature, size_t *slenp, const u_char *data, size_t dlen,
+    struct sshkey *pubkey, u_char **signature, size_t *slenp,
-    const char *alg, u_int flag)
+    const u_char *data, size_t dlen, const char *alg)
 {
        int r;
-        if (privkey) {
+        if (use_privsep) {
-                if (PRIVSEP(sshkey_sign(privkey, signature, slenp, data, dlen,
+                if (privkey) {
-                    alg, datafellows)) < 0)
+                        if (mm_sshkey_sign(ssh, privkey, signature, slenp,
-                        fatal("%s: key_sign failed", __func__);
+                            data, dlen, alg, ssh->compat) < 0)
-        } else if (use_privsep) {
+                                fatal("%s: privkey sign failed", __func__);
-                if (mm_sshkey_sign(pubkey, signature, slenp, data, dlen,
+                } else {
-                    alg, datafellows) < 0)
+                        if (mm_sshkey_sign(ssh, pubkey, signature, slenp,
-                        fatal("%s: pubkey_sign failed", __func__);
+                            data, dlen, alg, ssh->compat) < 0)
+                                fatal("%s: pubkey sign failed", __func__);
+                }
        } else {
-                if ((r = ssh_agent_sign(auth_sock, pubkey, signature, slenp,
+                if (privkey) {
-                    data, dlen, alg, datafellows)) != 0)
+                        if (sshkey_sign(privkey, signature, slenp, data, dlen,
-                        fatal("%s: ssh_agent_sign failed: %s",
+                            alg, ssh->compat) < 0)
-                            __func__, ssh_err(r));
+                                fatal("%s: privkey sign failed", __func__);
+                } else {
+                        if ((r = ssh_agent_sign(auth_sock, pubkey,
+                            signature, slenp, data, dlen, alg,
+                            ssh->compat)) != 0) {
+                                fatal("%s: agent sign failed: %s",
+                                    __func__, ssh_err(r));
+                        }
+                }
        }
        return 0;
 }
@@ -2232,10 +2243,8 @@ do_ssh2_kex(struct ssh *ssh)
 void
 cleanup_exit(int i)
 {
-        struct ssh *ssh = active_state; /* XXX */
+        if (the_active_state != NULL && the_authctxt != NULL) {
+                do_cleanup(the_active_state, the_authctxt);
-        if (the_authctxt) {
-                do_cleanup(ssh, the_authctxt);
                if (use_privsep && privsep_is_preauth &&
                    pmonitor != NULL && pmonitor->m_pid > 1) {
                        debug("Killing privsep child %d", pmonitor->m_pid);
author	djm@openbsd.org <djm@openbsd.org>	2019-01-19 21:43:56 +0000
committer	Damien Miller <djm@mindrot.org>	2019-01-20 09:45:18 +1100
commit	04c091fc199f17dacf8921df0a06634b454e2722 (patch)
tree	76b75b5cf39f940bfc418fa7fe6e9ae3dc5c2569 /sshd.c
parent	ec00f918b8ad90295044266c433340a8adc93452 (diff)

diff --git a/sshd.c b/sshd.c index 0c93f7f31..58d17e546 100644 --- a/sshd.c +++ b/sshd.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: sshd.c,v 1.526 2019/01/19 21:43:07 djm Exp $ */	1	/* $OpenBSD: sshd.c,v 1.527 2019/01/19 21:43:56 djm Exp $ */
2	/*	2	/*
3	* Author: Tatu Ylonen <ylo@cs.hut.fi>	3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -123,8 +123,6 @@
123	#include "version.h"	123	#include "version.h"
124	#include "ssherr.h"	124	#include "ssherr.h"
125		125
126	extern struct ssh active_state; / XXX move decl to this file */
127
128	/* Re-exec fds */	126	/* Re-exec fds */
129	#define REEXEC_DEVCRYPTO_RESERVED_FD (STDERR_FILENO + 1)	127	#define REEXEC_DEVCRYPTO_RESERVED_FD (STDERR_FILENO + 1)
130	#define REEXEC_STARTUP_PIPE_FD (STDERR_FILENO + 2)	128	#define REEXEC_STARTUP_PIPE_FD (STDERR_FILENO + 2)
@@ -225,8 +223,9 @@ struct monitor *pmonitor = NULL;
225	int privsep_is_preauth = 1;	223	int privsep_is_preauth = 1;
226	static int privsep_chroot = 1;	224	static int privsep_chroot = 1;
227		225
228	/* global authentication context */	226	/* global connection state and authentication contexts */
229	Authctxt *the_authctxt = NULL;	227	Authctxt *the_authctxt = NULL;
		228	struct ssh *the_active_state;
230		229
231	/* global key/cert auth options. XXX move to permanent ssh->authctxt? */	230	/* global key/cert auth options. XXX move to permanent ssh->authctxt? */
232	struct sshauthopt *auth_opts = NULL;	231	struct sshauthopt *auth_opts = NULL;
@@ -353,9 +352,11 @@ grace_alarm_handler(int sig)
353	kill(0, SIGTERM);	352	kill(0, SIGTERM);
354	}	353	}
355		354
		355	/* XXX pre-format ipaddr/port so we don't need to access active_state */
356	/* Log error and exit. */	356	/* Log error and exit. */
357	sigdie("Timeout before authentication for %s port %d",	357	sigdie("Timeout before authentication for %s port %d",
358	ssh_remote_ipaddr(active_state), ssh_remote_port(active_state));	358	ssh_remote_ipaddr(the_active_state),
		359	ssh_remote_port(the_active_state));
359	}	360	}
360		361
361	/* Destroy the host and server keys. They will no longer be needed. */	362	/* Destroy the host and server keys. They will no longer be needed. */
@@ -742,7 +743,7 @@ notify_hostkeys(struct ssh *ssh)
742	char *fp;	743	char *fp;
743		744
744	/* Some clients cannot cope with the hostkeys message, skip those. */	745	/* Some clients cannot cope with the hostkeys message, skip those. */
745	if (datafellows & SSH_BUG_HOSTKEYS)	746	if (ssh->compat & SSH_BUG_HOSTKEYS)
746	return;	747	return;
747		748
748	if ((buf = sshbuf_new()) == NULL)	749	if ((buf = sshbuf_new()) == NULL)
@@ -1960,8 +1961,8 @@ main(int ac, char **av)
1960	*/	1961	*/
1961	if ((ssh = ssh_packet_set_connection(NULL, sock_in, sock_out)) == NULL)	1962	if ((ssh = ssh_packet_set_connection(NULL, sock_in, sock_out)) == NULL)
1962	fatal("Unable to create connection");	1963	fatal("Unable to create connection");
		1964	the_active_state = ssh;
1963	ssh_packet_set_server(ssh);	1965	ssh_packet_set_server(ssh);
1964	active_state = ssh; /* XXX needed elsewhere */
1965		1966
1966	check_ip_options(ssh);	1967	check_ip_options(ssh);
1967		1968
@@ -2060,7 +2061,7 @@ main(int ac, char **av)
2060	* the current keystate and exits	2061	* the current keystate and exits
2061	*/	2062	*/
2062	if (use_privsep) {	2063	if (use_privsep) {
2063	mm_send_keystate(pmonitor);	2064	mm_send_keystate(ssh, pmonitor);
2064	ssh_packet_clear_keys(ssh);	2065	ssh_packet_clear_keys(ssh);
2065	exit(0);	2066	exit(0);
2066	}	2067	}
@@ -2139,25 +2140,35 @@ main(int ac, char **av)
2139	}	2140	}
2140		2141
2141	int	2142	int
2142	sshd_hostkey_sign(struct sshkey privkey, struct sshkey pubkey,	2143	sshd_hostkey_sign(struct ssh ssh, struct sshkey privkey,
2143	u_char *signature, size_t slenp, const u_char *data, size_t dlen,	2144	struct sshkey pubkey, u_char signature, size_t slenp,
2144	const char *alg, u_int flag)	2145	const u_char data, size_t dlen, const char alg)
2145	{	2146	{
2146	int r;	2147	int r;
2147		2148
2148	if (privkey) {	2149	if (use_privsep) {
2149	if (PRIVSEP(sshkey_sign(privkey, signature, slenp, data, dlen,	2150	if (privkey) {
2150	alg, datafellows)) < 0)	2151	if (mm_sshkey_sign(ssh, privkey, signature, slenp,
2151	fatal("%s: key_sign failed", __func__);	2152	data, dlen, alg, ssh->compat) < 0)
2152	} else if (use_privsep) {	2153	fatal("%s: privkey sign failed", __func__);
2153	if (mm_sshkey_sign(pubkey, signature, slenp, data, dlen,	2154	} else {
2154	alg, datafellows) < 0)	2155	if (mm_sshkey_sign(ssh, pubkey, signature, slenp,
2155	fatal("%s: pubkey_sign failed", __func__);	2156	data, dlen, alg, ssh->compat) < 0)
		2157	fatal("%s: pubkey sign failed", __func__);
		2158	}
2156	} else {	2159	} else {
2157	if ((r = ssh_agent_sign(auth_sock, pubkey, signature, slenp,	2160	if (privkey) {
2158	data, dlen, alg, datafellows)) != 0)	2161	if (sshkey_sign(privkey, signature, slenp, data, dlen,
2159	fatal("%s: ssh_agent_sign failed: %s",	2162	alg, ssh->compat) < 0)
2160	__func__, ssh_err(r));	2163	fatal("%s: privkey sign failed", __func__);
		2164	} else {
		2165	if ((r = ssh_agent_sign(auth_sock, pubkey,
		2166	signature, slenp, data, dlen, alg,
		2167	ssh->compat)) != 0) {
		2168	fatal("%s: agent sign failed: %s",
		2169	__func__, ssh_err(r));
		2170	}
		2171	}
2161	}	2172	}
2162	return 0;	2173	return 0;
2163	}	2174	}
@@ -2232,10 +2243,8 @@ do_ssh2_kex(struct ssh *ssh)
2232	void	2243	void
2233	cleanup_exit(int i)	2244	cleanup_exit(int i)
2234	{	2245	{
2235	struct ssh ssh = active_state; / XXX */	2246	if (the_active_state != NULL && the_authctxt != NULL) {
2236		2247	do_cleanup(the_active_state, the_authctxt);
2237	if (the_authctxt) {
2238	do_cleanup(ssh, the_authctxt);
2239	if (use_privsep && privsep_is_preauth &&	2248	if (use_privsep && privsep_is_preauth &&
2240	pmonitor != NULL && pmonitor->m_pid > 1) {	2249	pmonitor != NULL && pmonitor->m_pid > 1) {
2241	debug("Killing privsep child %d", pmonitor->m_pid);	2250	debug("Killing privsep child %d", pmonitor->m_pid);