9 files changed, 70 insertions, 68 deletions
diff --git a/auth.h b/auth.h
index db80fd0c7..677935463 100644
--- a/auth.h
+++ b/auth.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth.h,v 1.90 2017/05/30 08:52:19 markus Exp $ */
+/* $OpenBSD: auth.h,v 1.91 2017/05/30 14:29:59 markus Exp $ */
 /*
 * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -91,7 +91,7 @@ struct Authctxt {
 struct Authmethod {
        char    *name;
-        int     (*userauth)(Authctxt *authctxt);
+        int     (*userauth)(struct ssh *);
        int     *enabled;
 };
@@ -155,7 +155,7 @@ void	auth_info(Authctxt *authctxt, const char *, ...)
            __attribute__((__nonnull__ (2)));
 void    auth_log(Authctxt *, int, int, const char *, const char *);
 void    auth_maxtries_exceeded(Authctxt *) __attribute__((noreturn));
-void    userauth_finish(Authctxt *, int, const char *, const char *);
+void    userauth_finish(struct ssh *, int, const char *, const char *);
 int     auth_root_allowed(const char *);
 void    userauth_send_banner(const char *);
@@ -168,8 +168,8 @@ int	 auth2_method_allowed(Authctxt *, const char *, const char *);
 void    privsep_challenge_enable(void);
-int     auth2_challenge(Authctxt *, char *);
+int     auth2_challenge(struct ssh *, char *);
-void    auth2_challenge_stop(Authctxt *);
+void    auth2_challenge_stop(struct ssh *);
 int     bsdauth_query(void *, char **, char **, u_int *, char ***, u_int **);
 int     bsdauth_respond(void *, u_int, char **);
 int     skey_query(void *, char **, char **, u_int *, char ***, u_int **);
diff --git a/auth2-chall.c b/auth2-chall.c
index 954eb4e18..11c8d31b3 100644
--- a/auth2-chall.c
+++ b/auth2-chall.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-chall.c,v 1.47 2017/05/30 14:23:52 markus Exp $ */
+/* $OpenBSD: auth2-chall.c,v 1.48 2017/05/30 14:29:59 markus Exp $ */
 /*
 * Copyright (c) 2001 Markus Friedl.  All rights reserved.
 * Copyright (c) 2001 Per Allansson.  All rights reserved.
@@ -47,7 +47,7 @@
 /* import */
 extern ServerOptions options;
-static int auth2_challenge_start(Authctxt *);
+static int auth2_challenge_start(struct ssh *);
 static int send_userauth_info_request(Authctxt *);
 static int input_userauth_info_response(int, u_int32_t, struct ssh *);
@@ -195,8 +195,9 @@ kbdint_next_device(Authctxt *authctxt, KbdintAuthctxt *kbdintctxt)
 * wait for the response.
 */
 int
-auth2_challenge(Authctxt *authctxt, char *devs)
+auth2_challenge(struct ssh *ssh, char *devs)
 {
+        Authctxt *authctxt = ssh->authctxt;
        debug("auth2_challenge: user=%s devs=%s",
            authctxt->user ? authctxt->user : "<nouser>",
            devs ? devs : "<no devs>");
@@ -205,15 +206,16 @@ auth2_challenge(Authctxt *authctxt, char *devs)
                return 0;
        if (authctxt->kbdintctxt == NULL)
                authctxt->kbdintctxt = kbdint_alloc(devs);
-        return auth2_challenge_start(authctxt);
+        return auth2_challenge_start(ssh);
 }
 /* unregister kbd-int callbacks and context */
 void
-auth2_challenge_stop(Authctxt *authctxt)
+auth2_challenge_stop(struct ssh *ssh)
 {
+        Authctxt *authctxt = ssh->authctxt;
        /* unregister callback */
-        dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE, NULL);
+        ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_INFO_RESPONSE, NULL);
        if (authctxt->kbdintctxt != NULL) {
                kbdint_free(authctxt->kbdintctxt);
                authctxt->kbdintctxt = NULL;
@@ -222,29 +224,30 @@ auth2_challenge_stop(Authctxt *authctxt)
 /* side effect: sets authctxt->postponed if a reply was sent*/
 static int
-auth2_challenge_start(Authctxt *authctxt)
+auth2_challenge_start(struct ssh *ssh)
 {
+        Authctxt *authctxt = ssh->authctxt;
        KbdintAuthctxt *kbdintctxt = authctxt->kbdintctxt;
        debug2("auth2_challenge_start: devices %s",
            kbdintctxt->devices ?  kbdintctxt->devices : "<empty>");
        if (kbdint_next_device(authctxt, kbdintctxt) == 0) {
-                auth2_challenge_stop(authctxt);
+                auth2_challenge_stop(ssh);
                return 0;
        }
        debug("auth2_challenge_start: trying authentication method '%s'",
            kbdintctxt->device->name);
        if ((kbdintctxt->ctxt = kbdintctxt->device->init_ctx(authctxt)) == NULL) {
-                auth2_challenge_stop(authctxt);
+                auth2_challenge_stop(ssh);
                return 0;
        }
        if (send_userauth_info_request(authctxt) == 0) {
-                auth2_challenge_stop(authctxt);
+                auth2_challenge_stop(ssh);
                return 0;
        }
-        dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE,
+        ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_INFO_RESPONSE,
            &input_userauth_info_response);
        authctxt->postponed = 1;
@@ -340,14 +343,14 @@ input_userauth_info_response(int type, u_int32_t seq, struct ssh *ssh)
        devicename = kbdintctxt->device->name;
        if (!authctxt->postponed) {
                if (authenticated) {
-                        auth2_challenge_stop(authctxt);
+                        auth2_challenge_stop(ssh);
                } else {
                        /* start next device */
                        /* may set authctxt->postponed */
-                        auth2_challenge_start(authctxt);
+                        auth2_challenge_start(ssh);
                }
        }
-        userauth_finish(authctxt, authenticated, "keyboard-interactive",
+        userauth_finish(ssh, authenticated, "keyboard-interactive",
            devicename);
        return 0;
 }
diff --git a/auth2-gss.c b/auth2-gss.c
index a762747d6..680d5e712 100644
--- a/auth2-gss.c
+++ b/auth2-gss.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-gss.c,v 1.24 2017/05/30 14:23:52 markus Exp $ */
+/* $OpenBSD: auth2-gss.c,v 1.25 2017/05/30 14:29:59 markus Exp $ */
 /*
 * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
@@ -58,8 +58,9 @@ static int input_gssapi_errtok(int, u_int32_t, struct ssh *);
 * how to check local user kuserok and the like)
 */
 static int
-userauth_gssapi(Authctxt *authctxt)
+userauth_gssapi(struct ssh *ssh)
 {
+        Authctxt *authctxt = ssh->authctxt;
        gss_OID_desc goid = {0, NULL};
        Gssctxt *ctxt = NULL;
        int mechs;
@@ -119,8 +120,8 @@ userauth_gssapi(Authctxt *authctxt)
        packet_send();
        free(doid);
-        dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, &input_gssapi_token);
+        ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_TOKEN, &input_gssapi_token);
-        dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, &input_gssapi_errtok);
+        ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, &input_gssapi_errtok);
        authctxt->postponed = 1;
        return (0);
@@ -157,8 +158,8 @@ input_gssapi_token(int type, u_int32_t plen, struct ssh *ssh)
                        packet_send();
                }
                authctxt->postponed = 0;
-                dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
+                ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
-                userauth_finish(authctxt, 0, "gssapi-with-mic", NULL);
+                userauth_finish(ssh, 0, "gssapi-with-mic", NULL);
        } else {
                if (send_tok.length != 0) {
                        packet_start(SSH2_MSG_USERAUTH_GSSAPI_TOKEN);
@@ -166,12 +167,12 @@ input_gssapi_token(int type, u_int32_t plen, struct ssh *ssh)
                        packet_send();
                }
                if (maj_status == GSS_S_COMPLETE) {
-                        dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
+                        ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
                        if (flags & GSS_C_INTEG_FLAG)
-                                dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_MIC,
+                                ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_MIC,
                                    &input_gssapi_mic);
                        else
-                                dispatch_set(
+                                ssh_dispatch_set(ssh,
                                    SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE,
                                    &input_gssapi_exchange_complete);
                }
@@ -207,8 +208,8 @@ input_gssapi_errtok(int type, u_int32_t plen, struct ssh *ssh)
        free(recv_tok.value);
        /* We can't return anything to the client, even if we wanted to */
-        dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
+        ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
-        dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, NULL);
+        ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, NULL);
        /* The client will have already moved on to the next auth */
@@ -241,11 +242,11 @@ input_gssapi_exchange_complete(int type, u_int32_t plen, struct ssh *ssh)
        authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user));
        authctxt->postponed = 0;
-        dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
+        ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
-        dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, NULL);
+        ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, NULL);
-        dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_MIC, NULL);
+        ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_MIC, NULL);
-        dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE, NULL);
+        ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE, NULL);
-        userauth_finish(authctxt, authenticated, "gssapi-with-mic", NULL);
+        userauth_finish(ssh, authenticated, "gssapi-with-mic", NULL);
        return 0;
 }
@@ -282,11 +283,11 @@ input_gssapi_mic(int type, u_int32_t plen, struct ssh *ssh)
        free(mic.value);
        authctxt->postponed = 0;
-        dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
+        ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
-        dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, NULL);
+        ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, NULL);
-        dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_MIC, NULL);
+        ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_MIC, NULL);
-        dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE, NULL);
+        ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE, NULL);
-        userauth_finish(authctxt, authenticated, "gssapi-with-mic", NULL);
+        userauth_finish(ssh, authenticated, "gssapi-with-mic", NULL);
        return 0;
 }
diff --git a/auth2-hostbased.c b/auth2-hostbased.c
index 728548396..63fe9ae65 100644
--- a/auth2-hostbased.c
+++ b/auth2-hostbased.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-hostbased.c,v 1.29 2017/05/30 14:25:42 markus Exp $ */
+/* $OpenBSD: auth2-hostbased.c,v 1.30 2017/05/30 14:29:59 markus Exp $ */
 /*
 * Copyright (c) 2000 Markus Friedl.  All rights reserved.
 *
@@ -57,9 +57,9 @@ extern u_char *session_id2;
 extern u_int session_id2_len;
 static int
-userauth_hostbased(Authctxt *authctxt)
+userauth_hostbased(struct ssh *ssh)
 {
-        struct ssh *ssh = active_state; /* XXX */
+        Authctxt *authctxt = ssh->authctxt;
        struct sshbuf *b;
        struct sshkey *key = NULL;
        char *pkalg, *cuser, *chost, *service;
diff --git a/auth2-kbdint.c b/auth2-kbdint.c
index bf75c6059..86aad8ddc 100644
--- a/auth2-kbdint.c
+++ b/auth2-kbdint.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-kbdint.c,v 1.7 2014/07/15 15:54:14 millert Exp $ */
+/* $OpenBSD: auth2-kbdint.c,v 1.8 2017/05/30 14:29:59 markus Exp $ */
 /*
 * Copyright (c) 2000 Markus Friedl.  All rights reserved.
 *
@@ -43,7 +43,7 @@
 extern ServerOptions options;
 static int
-userauth_kbdint(Authctxt *authctxt)
+userauth_kbdint(struct ssh *ssh)
 {
        int authenticated = 0;
        char *lang, *devs;
@@ -55,7 +55,7 @@ userauth_kbdint(Authctxt *authctxt)
        debug("keyboard-interactive devs %s", devs);
        if (options.challenge_response_authentication)
-                authenticated = auth2_challenge(authctxt, devs);
+                authenticated = auth2_challenge(ssh, devs);
        free(devs);
        free(lang);
diff --git a/auth2-none.c b/auth2-none.c
index da6e2dd12..35d25fa63 100644
--- a/auth2-none.c
+++ b/auth2-none.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-none.c,v 1.19 2017/05/30 14:27:22 markus Exp $ */
+/* $OpenBSD: auth2-none.c,v 1.20 2017/05/30 14:29:59 markus Exp $ */
 /*
 * Copyright (c) 2000 Markus Friedl.  All rights reserved.
 *
@@ -60,9 +60,8 @@ extern ServerOptions options;
 static int none_enabled = 1;
 static int
-userauth_none(Authctxt *authctxt)
+userauth_none(struct ssh *ssh)
 {
-        struct ssh *ssh = active_state; /* XXX */
        int r;
        none_enabled = 0;
diff --git a/auth2-passwd.c b/auth2-passwd.c
index d36b0cba3..5f7ba3244 100644
--- a/auth2-passwd.c
+++ b/auth2-passwd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-passwd.c,v 1.13 2017/05/30 14:26:49 markus Exp $ */
+/* $OpenBSD: auth2-passwd.c,v 1.14 2017/05/30 14:29:59 markus Exp $ */
 /*
 * Copyright (c) 2000 Markus Friedl.  All rights reserved.
 *
@@ -48,9 +48,8 @@
 extern ServerOptions options;
 static int
-userauth_passwd(Authctxt *authctxt)
+userauth_passwd(struct ssh *ssh)
 {
-        struct ssh *ssh = active_state; /* XXX */
        char *password;
        int authenticated = 0, r;
        u_char change;
diff --git a/auth2-pubkey.c b/auth2-pubkey.c
index a4a091113..7a6280f8d 100644
--- a/auth2-pubkey.c
+++ b/auth2-pubkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-pubkey.c,v 1.64 2017/05/30 14:10:53 markus Exp $ */
+/* $OpenBSD: auth2-pubkey.c,v 1.65 2017/05/30 14:29:59 markus Exp $ */
 /*
 * Copyright (c) 2000 Markus Friedl.  All rights reserved.
 *
@@ -75,9 +75,9 @@ extern u_char *session_id2;
 extern u_int session_id2_len;
 static int
-userauth_pubkey(Authctxt *authctxt)
+userauth_pubkey(struct ssh *ssh)
 {
-        struct ssh *ssh = active_state; /* XXX */
+        Authctxt *authctxt = ssh->authctxt;
        struct sshbuf *b;
        struct sshkey *key = NULL;
        char *pkalg, *userstyle = NULL, *fp = NULL;
diff --git a/auth2.c b/auth2.c
index cfbf9d250..08ea2a802 100644
--- a/auth2.c
+++ b/auth2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2.c,v 1.139 2017/05/30 14:23:52 markus Exp $ */
+/* $OpenBSD: auth2.c,v 1.140 2017/05/30 14:29:59 markus Exp $ */
 /*
 * Copyright (c) 2000 Markus Friedl.  All rights reserved.
 *
@@ -170,9 +170,9 @@ do_authentication2(Authctxt *authctxt)
 {
        struct ssh *ssh = active_state;         /* XXX */
        ssh->authctxt = authctxt;               /* XXX move to caller */
-        dispatch_init(&dispatch_protocol_error);
+        ssh_dispatch_init(ssh, &dispatch_protocol_error);
-        dispatch_set(SSH2_MSG_SERVICE_REQUEST, &input_service_request);
+        ssh_dispatch_set(ssh, SSH2_MSG_SERVICE_REQUEST, &input_service_request);
-        dispatch_run(DISPATCH_BLOCK, &authctxt->success, ssh);
+        ssh_dispatch_run(ssh, DISPATCH_BLOCK, &authctxt->success, ssh);
        ssh->authctxt = NULL;
 }
@@ -193,7 +193,7 @@ input_service_request(int type, u_int32_t seq, struct ssh *ssh)
                if (!authctxt->success) {
                        acceptit = 1;
                        /* now we can handle user-auth requests */
-                        dispatch_set(SSH2_MSG_USERAUTH_REQUEST, &input_userauth_request);
+                        ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_REQUEST, &input_userauth_request);
                }
        }
        /* XXX all other service requests are denied */
@@ -269,12 +269,12 @@ input_userauth_request(int type, u_int32_t seq, struct ssh *ssh)
                    authctxt->user, authctxt->service, user, service);
        }
        /* reset state */
-        auth2_challenge_stop(authctxt);
+        auth2_challenge_stop(ssh);
 #ifdef GSSAPI
        /* XXX move to auth2_gssapi_stop() */
-        dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
+        ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
-        dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE, NULL);
+        ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE, NULL);
 #endif
        authctxt->postponed = 0;
@@ -284,9 +284,9 @@ input_userauth_request(int type, u_int32_t seq, struct ssh *ssh)
        m = authmethod_lookup(authctxt, method);
        if (m != NULL && authctxt->failures < options.max_authtries) {
                debug2("input_userauth_request: try method %s", method);
-                authenticated = m->userauth(authctxt);
+                authenticated = m->userauth(ssh);
        }
-        userauth_finish(authctxt, authenticated, method, NULL);
+        userauth_finish(ssh, authenticated, method, NULL);
        free(service);
        free(user);
@@ -295,10 +295,10 @@ input_userauth_request(int type, u_int32_t seq, struct ssh *ssh)
 }
 void
-userauth_finish(Authctxt *authctxt, int authenticated, const char *method,
+userauth_finish(struct ssh *ssh, int authenticated, const char *method,
    const char *submethod)
 {
-        struct ssh *ssh = active_state; /* XXX */
+        Authctxt *authctxt = ssh->authctxt;
        char *methods;
        int partial = 0;
@@ -354,7 +354,7 @@ userauth_finish(Authctxt *authctxt, int authenticated, const char *method,
        if (authenticated == 1) {
                /* turn off userauth */
-                dispatch_set(SSH2_MSG_USERAUTH_REQUEST, &dispatch_protocol_ignore);
+                ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_REQUEST, &dispatch_protocol_ignore);
                packet_start(SSH2_MSG_USERAUTH_SUCCESS);
                packet_send();
                packet_write_wait();