summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--auth-passwd.c23
-rw-r--r--monitor.c8
-rw-r--r--monitor_wrap.c9
-rw-r--r--servconf.h6
-rw-r--r--session.c22
-rw-r--r--sshd.c9
-rw-r--r--sshlogin.c22
7 files changed, 56 insertions, 43 deletions
diff --git a/auth-passwd.c b/auth-passwd.c
index 6097fdd24..65f525184 100644
--- a/auth-passwd.c
+++ b/auth-passwd.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth-passwd.c,v 1.46 2018/03/03 03:15:51 djm Exp $ */ 1/* $OpenBSD: auth-passwd.c,v 1.47 2018/07/09 21:26:02 markus Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -46,16 +46,17 @@
46#include <stdarg.h> 46#include <stdarg.h>
47 47
48#include "packet.h" 48#include "packet.h"
49#include "buffer.h" 49#include "sshbuf.h"
50#include "ssherr.h"
50#include "log.h" 51#include "log.h"
51#include "misc.h" 52#include "misc.h"
52#include "servconf.h" 53#include "servconf.h"
53#include "key.h" 54#include "sshkey.h"
54#include "hostfile.h" 55#include "hostfile.h"
55#include "auth.h" 56#include "auth.h"
56#include "auth-options.h" 57#include "auth-options.h"
57 58
58extern Buffer loginmsg; 59extern struct sshbuf *loginmsg;
59extern ServerOptions options; 60extern ServerOptions options;
60 61
61#ifdef HAVE_LOGIN_CAP 62#ifdef HAVE_LOGIN_CAP
@@ -131,7 +132,7 @@ auth_password(struct ssh *ssh, const char *password)
131static void 132static void
132warn_expiry(Authctxt *authctxt, auth_session_t *as) 133warn_expiry(Authctxt *authctxt, auth_session_t *as)
133{ 134{
134 char buf[256]; 135 int r;
135 quad_t pwtimeleft, actimeleft, daysleft, pwwarntime, acwarntime; 136 quad_t pwtimeleft, actimeleft, daysleft, pwwarntime, acwarntime;
136 137
137 pwwarntime = acwarntime = TWO_WEEKS; 138 pwwarntime = acwarntime = TWO_WEEKS;
@@ -148,17 +149,17 @@ warn_expiry(Authctxt *authctxt, auth_session_t *as)
148#endif 149#endif
149 if (pwtimeleft != 0 && pwtimeleft < pwwarntime) { 150 if (pwtimeleft != 0 && pwtimeleft < pwwarntime) {
150 daysleft = pwtimeleft / DAY + 1; 151 daysleft = pwtimeleft / DAY + 1;
151 snprintf(buf, sizeof(buf), 152 if ((r = sshbuf_putf(loginmsg,
152 "Your password will expire in %lld day%s.\n", 153 "Your password will expire in %lld day%s.\n",
153 daysleft, daysleft == 1 ? "" : "s"); 154 daysleft, daysleft == 1 ? "" : "s")) != 0)
154 buffer_append(&loginmsg, buf, strlen(buf)); 155 fatal("%s: buffer error: %s", __func__, ssh_err(r));
155 } 156 }
156 if (actimeleft != 0 && actimeleft < acwarntime) { 157 if (actimeleft != 0 && actimeleft < acwarntime) {
157 daysleft = actimeleft / DAY + 1; 158 daysleft = actimeleft / DAY + 1;
158 snprintf(buf, sizeof(buf), 159 if ((r = sshbuf_putf(loginmsg,
159 "Your account will expire in %lld day%s.\n", 160 "Your account will expire in %lld day%s.\n",
160 daysleft, daysleft == 1 ? "" : "s"); 161 daysleft, daysleft == 1 ? "" : "s")) != 0)
161 buffer_append(&loginmsg, buf, strlen(buf)); 162 fatal("%s: buffer error: %s", __func__, ssh_err(r));
162 } 163 }
163} 164}
164 165
diff --git a/monitor.c b/monitor.c
index c68e1b0d9..44af5f489 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: monitor.c,v 1.180 2018/03/03 03:15:51 djm Exp $ */ 1/* $OpenBSD: monitor.c,v 1.181 2018/07/09 21:26:02 markus Exp $ */
2/* 2/*
3 * Copyright 2002 Niels Provos <provos@citi.umich.edu> 3 * Copyright 2002 Niels Provos <provos@citi.umich.edu>
4 * Copyright 2002 Markus Friedl <markus@openbsd.org> 4 * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -115,7 +115,7 @@ extern u_int utmp_len;
115extern u_char session_id[]; 115extern u_char session_id[];
116extern Buffer auth_debug; 116extern Buffer auth_debug;
117extern int auth_debug_init; 117extern int auth_debug_init;
118extern Buffer loginmsg; 118extern struct sshbuf *loginmsg;
119extern struct sshauthopt *auth_opts; /* XXX move to permanent ssh->authctxt? */ 119extern struct sshauthopt *auth_opts; /* XXX move to permanent ssh->authctxt? */
120 120
121/* State exported from the child */ 121/* State exported from the child */
@@ -1495,8 +1495,8 @@ mm_answer_pty(int sock, Buffer *m)
1495 close(0); 1495 close(0);
1496 1496
1497 /* send messages generated by record_login */ 1497 /* send messages generated by record_login */
1498 buffer_put_string(m, buffer_ptr(&loginmsg), buffer_len(&loginmsg)); 1498 buffer_put_string(m, buffer_ptr(loginmsg), buffer_len(loginmsg));
1499 buffer_clear(&loginmsg); 1499 buffer_clear(loginmsg);
1500 1500
1501 mm_request_send(sock, MONITOR_ANS_PTY, m); 1501 mm_request_send(sock, MONITOR_ANS_PTY, m);
1502 1502
diff --git a/monitor_wrap.c b/monitor_wrap.c
index 012ab01a9..6bf041093 100644
--- a/monitor_wrap.c
+++ b/monitor_wrap.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: monitor_wrap.c,v 1.101 2018/07/09 13:37:10 sf Exp $ */ 1/* $OpenBSD: monitor_wrap.c,v 1.102 2018/07/09 21:26:02 markus Exp $ */
2/* 2/*
3 * Copyright 2002 Niels Provos <provos@citi.umich.edu> 3 * Copyright 2002 Niels Provos <provos@citi.umich.edu>
4 * Copyright 2002 Markus Friedl <markus@openbsd.org> 4 * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -87,7 +87,7 @@
87extern z_stream incoming_stream; 87extern z_stream incoming_stream;
88extern z_stream outgoing_stream; 88extern z_stream outgoing_stream;
89extern struct monitor *pmonitor; 89extern struct monitor *pmonitor;
90extern Buffer loginmsg; 90extern struct sshbuf *loginmsg;
91extern ServerOptions options; 91extern ServerOptions options;
92 92
93void 93void
@@ -506,7 +506,7 @@ mm_pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, size_t namebuflen)
506{ 506{
507 Buffer m; 507 Buffer m;
508 char *p, *msg; 508 char *p, *msg;
509 int success = 0, tmp1 = -1, tmp2 = -1; 509 int success = 0, tmp1 = -1, tmp2 = -1, r;
510 510
511 /* Kludge: ensure there are fds free to receive the pty/tty */ 511 /* Kludge: ensure there are fds free to receive the pty/tty */
512 if ((tmp1 = dup(pmonitor->m_recvfd)) == -1 || 512 if ((tmp1 = dup(pmonitor->m_recvfd)) == -1 ||
@@ -540,7 +540,8 @@ mm_pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, size_t namebuflen)
540 strlcpy(namebuf, p, namebuflen); /* Possible truncation */ 540 strlcpy(namebuf, p, namebuflen); /* Possible truncation */
541 free(p); 541 free(p);
542 542
543 buffer_append(&loginmsg, msg, strlen(msg)); 543 if ((r = sshbuf_put(loginmsg, msg, strlen(msg))) != 0)
544 fatal("%s: buffer error: %s", __func__, ssh_err(r));
544 free(msg); 545 free(msg);
545 546
546 if ((*ptyfd = mm_receive_fd(pmonitor->m_recvfd)) == -1 || 547 if ((*ptyfd = mm_receive_fd(pmonitor->m_recvfd)) == -1 ||
diff --git a/servconf.h b/servconf.h
index 73327135b..557521d73 100644
--- a/servconf.h
+++ b/servconf.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: servconf.h,v 1.135 2018/07/03 10:59:35 djm Exp $ */ 1/* $OpenBSD: servconf.h,v 1.136 2018/07/09 21:26:02 markus Exp $ */
2 2
3/* 3/*
4 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -261,8 +261,8 @@ void fill_default_server_options(ServerOptions *);
261int process_server_config_line(ServerOptions *, char *, const char *, int, 261int process_server_config_line(ServerOptions *, char *, const char *, int,
262 int *, struct connection_info *); 262 int *, struct connection_info *);
263void process_permitopen(struct ssh *ssh, ServerOptions *options); 263void process_permitopen(struct ssh *ssh, ServerOptions *options);
264void load_server_config(const char *, Buffer *); 264void load_server_config(const char *, struct sshbuf *);
265void parse_server_config(ServerOptions *, const char *, Buffer *, 265void parse_server_config(ServerOptions *, const char *, struct sshbuf *,
266 struct connection_info *); 266 struct connection_info *);
267void parse_server_match_config(ServerOptions *, struct connection_info *); 267void parse_server_match_config(ServerOptions *, struct connection_info *);
268int parse_server_match_testspec(struct connection_info *, char *); 268int parse_server_match_testspec(struct connection_info *, char *);
diff --git a/session.c b/session.c
index 882359025..2b46837dc 100644
--- a/session.c
+++ b/session.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: session.c,v 1.302 2018/07/09 21:20:26 markus Exp $ */ 1/* $OpenBSD: session.c,v 1.303 2018/07/09 21:26:02 markus Exp $ */
2/* 2/*
3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4 * All rights reserved 4 * All rights reserved
@@ -69,7 +69,8 @@
69#include "ssh2.h" 69#include "ssh2.h"
70#include "sshpty.h" 70#include "sshpty.h"
71#include "packet.h" 71#include "packet.h"
72#include "buffer.h" 72#include "sshbuf.h"
73#include "ssherr.h"
73#include "match.h" 74#include "match.h"
74#include "uidswap.h" 75#include "uidswap.h"
75#include "compat.h" 76#include "compat.h"
@@ -139,7 +140,7 @@ extern int debug_flag;
139extern u_int utmp_len; 140extern u_int utmp_len;
140extern int startup_pipe; 141extern int startup_pipe;
141extern void destroy_sensitive_data(void); 142extern void destroy_sensitive_data(void);
142extern Buffer loginmsg; 143extern struct sshbuf *loginmsg;
143extern struct sshauthopt *auth_opts; 144extern struct sshauthopt *auth_opts;
144char *tun_fwd_ifnames; /* serverloop.c */ 145char *tun_fwd_ifnames; /* serverloop.c */
145 146
@@ -248,11 +249,14 @@ auth_input_request_forwarding(struct ssh *ssh, struct passwd * pw)
248static void 249static void
249display_loginmsg(void) 250display_loginmsg(void)
250{ 251{
251 if (buffer_len(&loginmsg) > 0) { 252 int r;
252 buffer_append(&loginmsg, "\0", 1); 253
253 printf("%s", (char *)buffer_ptr(&loginmsg)); 254 if (sshbuf_len(loginmsg) == 0)
254 buffer_clear(&loginmsg); 255 return;
255 } 256 if ((r = sshbuf_put_u8(loginmsg, 0)) != 0)
257 fatal("%s: buffer error: %s", __func__, ssh_err(r));
258 printf("%s", (char *)sshbuf_ptr(loginmsg));
259 sshbuf_reset(loginmsg);
256} 260}
257 261
258static void 262static void
@@ -757,7 +761,7 @@ do_exec(struct ssh *ssh, Session *s, const char *command)
757 * it to the user, otherwise multiple sessions may accumulate 761 * it to the user, otherwise multiple sessions may accumulate
758 * multiple copies of the login messages. 762 * multiple copies of the login messages.
759 */ 763 */
760 buffer_clear(&loginmsg); 764 sshbuf_reset(loginmsg);
761 765
762 return ret; 766 return ret;
763} 767}
diff --git a/sshd.c b/sshd.c
index 4cfb72dd3..4777eb217 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshd.c,v 1.509 2018/07/03 11:39:54 djm Exp $ */ 1/* $OpenBSD: sshd.c,v 1.510 2018/07/09 21:26:02 markus Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -240,7 +240,7 @@ struct sshauthopt *auth_opts = NULL;
240Buffer cfg; 240Buffer cfg;
241 241
242/* message to be displayed after login */ 242/* message to be displayed after login */
243Buffer loginmsg; 243struct sshbuf *loginmsg;
244 244
245/* Unprivileged user */ 245/* Unprivileged user */
246struct passwd *privsep_pw = NULL; 246struct passwd *privsep_pw = NULL;
@@ -649,7 +649,7 @@ privsep_postauth(Authctxt *authctxt)
649 fatal("fork of unprivileged child failed"); 649 fatal("fork of unprivileged child failed");
650 else if (pmonitor->m_pid != 0) { 650 else if (pmonitor->m_pid != 0) {
651 verbose("User child is on pid %ld", (long)pmonitor->m_pid); 651 verbose("User child is on pid %ld", (long)pmonitor->m_pid);
652 buffer_clear(&loginmsg); 652 sshbuf_reset(loginmsg);
653 monitor_clear_keystate(pmonitor); 653 monitor_clear_keystate(pmonitor);
654 monitor_child_postauth(pmonitor); 654 monitor_child_postauth(pmonitor);
655 655
@@ -2119,7 +2119,8 @@ main(int ac, char **av)
2119 fatal("allocation failed"); 2119 fatal("allocation failed");
2120 2120
2121 /* prepare buffer to collect messages to display to user after login */ 2121 /* prepare buffer to collect messages to display to user after login */
2122 buffer_init(&loginmsg); 2122 if ((loginmsg = sshbuf_new()) == NULL)
2123 fatal("%s: sshbuf_new failed", __func__);
2123 auth_debug_reset(); 2124 auth_debug_reset();
2124 2125
2125 if (use_privsep) { 2126 if (use_privsep) {
diff --git a/sshlogin.c b/sshlogin.c
index cea3e7697..1b2ee5f85 100644
--- a/sshlogin.c
+++ b/sshlogin.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshlogin.c,v 1.32 2015/12/26 20:51:35 guenther Exp $ */ 1/* $OpenBSD: sshlogin.c,v 1.33 2018/07/09 21:26:02 markus Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -55,13 +55,15 @@
55#include <unistd.h> 55#include <unistd.h>
56#include <limits.h> 56#include <limits.h>
57 57
58#include "sshlogin.h"
59#include "ssherr.h"
58#include "loginrec.h" 60#include "loginrec.h"
59#include "log.h" 61#include "log.h"
60#include "buffer.h" 62#include "sshbuf.h"
61#include "misc.h" 63#include "misc.h"
62#include "servconf.h" 64#include "servconf.h"
63 65
64extern Buffer loginmsg; 66extern struct sshbuf *loginmsg;
65extern ServerOptions options; 67extern ServerOptions options;
66 68
67/* 69/*
@@ -88,8 +90,9 @@ static void
88store_lastlog_message(const char *user, uid_t uid) 90store_lastlog_message(const char *user, uid_t uid)
89{ 91{
90#ifndef NO_SSH_LASTLOG 92#ifndef NO_SSH_LASTLOG
91 char *time_string, hostname[HOST_NAME_MAX+1] = "", buf[512]; 93 char *time_string, hostname[HOST_NAME_MAX+1] = "";
92 time_t last_login_time; 94 time_t last_login_time;
95 int r;
93 96
94 if (!options.print_lastlog) 97 if (!options.print_lastlog)
95 return; 98 return;
@@ -97,7 +100,9 @@ store_lastlog_message(const char *user, uid_t uid)
97# ifdef CUSTOM_SYS_AUTH_GET_LASTLOGIN_MSG 100# ifdef CUSTOM_SYS_AUTH_GET_LASTLOGIN_MSG
98 time_string = sys_auth_get_lastlogin_msg(user, uid); 101 time_string = sys_auth_get_lastlogin_msg(user, uid);
99 if (time_string != NULL) { 102 if (time_string != NULL) {
100 buffer_append(&loginmsg, time_string, strlen(time_string)); 103 if ((r = sshbuf_put(loginmsg,
104 time_string, strlen(time_string))) != 0)
105 fatal("%s: buffer error: %s", __func__, ssh_err(r));
101 free(time_string); 106 free(time_string);
102 } 107 }
103# else 108# else
@@ -108,12 +113,13 @@ store_lastlog_message(const char *user, uid_t uid)
108 time_string = ctime(&last_login_time); 113 time_string = ctime(&last_login_time);
109 time_string[strcspn(time_string, "\n")] = '\0'; 114 time_string[strcspn(time_string, "\n")] = '\0';
110 if (strcmp(hostname, "") == 0) 115 if (strcmp(hostname, "") == 0)
111 snprintf(buf, sizeof(buf), "Last login: %s\r\n", 116 r = sshbuf_putf(loginmsg, "Last login: %s\r\n",
112 time_string); 117 time_string);
113 else 118 else
114 snprintf(buf, sizeof(buf), "Last login: %s from %s\r\n", 119 r = sshbuf_putf(loginmsg, "Last login: %s from %s\r\n",
115 time_string, hostname); 120 time_string, hostname);
116 buffer_append(&loginmsg, buf, strlen(buf)); 121 if (r != 0)
122 fatal("%s: buffer error: %s", __func__, ssh_err(r));
117 } 123 }
118# endif /* CUSTOM_SYS_AUTH_GET_LASTLOGIN_MSG */ 124# endif /* CUSTOM_SYS_AUTH_GET_LASTLOGIN_MSG */
119#endif /* NO_SSH_LASTLOG */ 125#endif /* NO_SSH_LASTLOG */