diff options
-rw-r--r-- | ChangeLog | 7 | ||||
-rw-r--r-- | kex.c | 4 | ||||
-rw-r--r-- | monitor.c | 40 | ||||
-rw-r--r-- | monitor_wrap.c | 90 | ||||
-rw-r--r-- | sshd.c | 40 |
5 files changed, 93 insertions, 88 deletions
@@ -28,6 +28,11 @@ | |||
28 | [auth-rhosts.c] | 28 | [auth-rhosts.c] |
29 | handle debug messages during rhosts-rsa and hostbased authentication; | 29 | handle debug messages during rhosts-rsa and hostbased authentication; |
30 | ok provos@ | 30 | ok provos@ |
31 | - mouring@cvs.openbsd.org 2002/05/15 15:47:49 | ||
32 | [kex.c monitor.c monitor_wrap.c sshd.c] | ||
33 | 'monitor' variable clashes with at least one lame platform (NeXT). i | ||
34 | Renamed to 'pmonitor'. provos@ | ||
35 | - (bal) Fixed up PAM case. I think. | ||
31 | 36 | ||
32 | 20020514 | 37 | 20020514 |
33 | - (stevesk) [README.privsep] PAM+privsep works with Solaris 8. | 38 | - (stevesk) [README.privsep] PAM+privsep works with Solaris 8. |
@@ -632,4 +637,4 @@ | |||
632 | - (stevesk) entropy.c: typo in debug message | 637 | - (stevesk) entropy.c: typo in debug message |
633 | - (djm) ssh-keygen -i needs seeded RNG; report from markus@ | 638 | - (djm) ssh-keygen -i needs seeded RNG; report from markus@ |
634 | 639 | ||
635 | $Id: ChangeLog,v 1.2128 2002/05/15 16:19:37 mouring Exp $ | 640 | $Id: ChangeLog,v 1.2129 2002/05/15 16:25:01 mouring Exp $ |
@@ -23,7 +23,7 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: kex.c,v 1.49 2002/03/26 23:14:51 markus Exp $"); | 26 | RCSID("$OpenBSD: kex.c,v 1.50 2002/05/15 15:47:49 mouring Exp $"); |
27 | 27 | ||
28 | #include <openssl/crypto.h> | 28 | #include <openssl/crypto.h> |
29 | 29 | ||
@@ -46,7 +46,7 @@ RCSID("$OpenBSD: kex.c,v 1.49 2002/03/26 23:14:51 markus Exp $"); | |||
46 | 46 | ||
47 | /* Use privilege separation for sshd */ | 47 | /* Use privilege separation for sshd */ |
48 | int use_privsep; | 48 | int use_privsep; |
49 | struct monitor *monitor; | 49 | struct monitor *pmonitor; |
50 | 50 | ||
51 | 51 | ||
52 | /* prototype */ | 52 | /* prototype */ |
@@ -25,7 +25,7 @@ | |||
25 | */ | 25 | */ |
26 | 26 | ||
27 | #include "includes.h" | 27 | #include "includes.h" |
28 | RCSID("$OpenBSD: monitor.c,v 1.10 2002/05/12 23:53:45 djm Exp $"); | 28 | RCSID("$OpenBSD: monitor.c,v 1.11 2002/05/15 15:47:49 mouring Exp $"); |
29 | 29 | ||
30 | #include <openssl/dh.h> | 30 | #include <openssl/dh.h> |
31 | 31 | ||
@@ -240,7 +240,7 @@ monitor_permit_authentications(int permit) | |||
240 | } | 240 | } |
241 | 241 | ||
242 | Authctxt * | 242 | Authctxt * |
243 | monitor_child_preauth(struct monitor *monitor) | 243 | monitor_child_preauth(struct monitor *pmonitor) |
244 | { | 244 | { |
245 | struct mon_table *ent; | 245 | struct mon_table *ent; |
246 | int authenticated = 0; | 246 | int authenticated = 0; |
@@ -263,7 +263,7 @@ monitor_child_preauth(struct monitor *monitor) | |||
263 | 263 | ||
264 | /* The first few requests do not require asynchronous access */ | 264 | /* The first few requests do not require asynchronous access */ |
265 | while (!authenticated) { | 265 | while (!authenticated) { |
266 | authenticated = monitor_read(monitor, mon_dispatch, &ent); | 266 | authenticated = monitor_read(pmonitor, mon_dispatch, &ent); |
267 | if (authenticated) { | 267 | if (authenticated) { |
268 | if (!(ent->flags & MON_AUTHDECIDE)) | 268 | if (!(ent->flags & MON_AUTHDECIDE)) |
269 | fatal("%s: unexpected authentication from %d", | 269 | fatal("%s: unexpected authentication from %d", |
@@ -291,13 +291,13 @@ monitor_child_preauth(struct monitor *monitor) | |||
291 | debug("%s: %s has been authenticated by privileged process", | 291 | debug("%s: %s has been authenticated by privileged process", |
292 | __FUNCTION__, authctxt->user); | 292 | __FUNCTION__, authctxt->user); |
293 | 293 | ||
294 | mm_get_keystate(monitor); | 294 | mm_get_keystate(pmonitor); |
295 | 295 | ||
296 | return (authctxt); | 296 | return (authctxt); |
297 | } | 297 | } |
298 | 298 | ||
299 | void | 299 | void |
300 | monitor_child_postauth(struct monitor *monitor) | 300 | monitor_child_postauth(struct monitor *pmonitor) |
301 | { | 301 | { |
302 | if (compat20) { | 302 | if (compat20) { |
303 | mon_dispatch = mon_dispatch_postauth20; | 303 | mon_dispatch = mon_dispatch_postauth20; |
@@ -317,18 +317,18 @@ monitor_child_postauth(struct monitor *monitor) | |||
317 | } | 317 | } |
318 | 318 | ||
319 | for (;;) | 319 | for (;;) |
320 | monitor_read(monitor, mon_dispatch, NULL); | 320 | monitor_read(pmonitor, mon_dispatch, NULL); |
321 | } | 321 | } |
322 | 322 | ||
323 | void | 323 | void |
324 | monitor_sync(struct monitor *monitor) | 324 | monitor_sync(struct monitor *pmonitor) |
325 | { | 325 | { |
326 | /* The member allocation is not visible, so sync it */ | 326 | /* The member allocation is not visible, so sync it */ |
327 | mm_share_sync(&monitor->m_zlib, &monitor->m_zback); | 327 | mm_share_sync(&pmonitor->m_zlib, &pmonitor->m_zback); |
328 | } | 328 | } |
329 | 329 | ||
330 | int | 330 | int |
331 | monitor_read(struct monitor *monitor, struct mon_table *ent, | 331 | monitor_read(struct monitor *pmonitor, struct mon_table *ent, |
332 | struct mon_table **pent) | 332 | struct mon_table **pent) |
333 | { | 333 | { |
334 | Buffer m; | 334 | Buffer m; |
@@ -337,7 +337,7 @@ monitor_read(struct monitor *monitor, struct mon_table *ent, | |||
337 | 337 | ||
338 | buffer_init(&m); | 338 | buffer_init(&m); |
339 | 339 | ||
340 | mm_request_receive(monitor->m_sendfd, &m); | 340 | mm_request_receive(pmonitor->m_sendfd, &m); |
341 | type = buffer_get_char(&m); | 341 | type = buffer_get_char(&m); |
342 | 342 | ||
343 | debug3("%s: checking request %d", __FUNCTION__, type); | 343 | debug3("%s: checking request %d", __FUNCTION__, type); |
@@ -352,7 +352,7 @@ monitor_read(struct monitor *monitor, struct mon_table *ent, | |||
352 | if (!(ent->flags & MON_PERMIT)) | 352 | if (!(ent->flags & MON_PERMIT)) |
353 | fatal("%s: unpermitted request %d", __FUNCTION__, | 353 | fatal("%s: unpermitted request %d", __FUNCTION__, |
354 | type); | 354 | type); |
355 | ret = (*ent->f)(monitor->m_sendfd, &m); | 355 | ret = (*ent->f)(pmonitor->m_sendfd, &m); |
356 | buffer_free(&m); | 356 | buffer_free(&m); |
357 | 357 | ||
358 | /* The child may use this request only once, disable it */ | 358 | /* The child may use this request only once, disable it */ |
@@ -1003,7 +1003,7 @@ mm_session_close(Session *s) | |||
1003 | int | 1003 | int |
1004 | mm_answer_pty(int socket, Buffer *m) | 1004 | mm_answer_pty(int socket, Buffer *m) |
1005 | { | 1005 | { |
1006 | extern struct monitor *monitor; | 1006 | extern struct monitor *pmonitor; |
1007 | Session *s; | 1007 | Session *s; |
1008 | int res, fd0; | 1008 | int res, fd0; |
1009 | 1009 | ||
@@ -1015,7 +1015,7 @@ mm_answer_pty(int socket, Buffer *m) | |||
1015 | goto error; | 1015 | goto error; |
1016 | s->authctxt = authctxt; | 1016 | s->authctxt = authctxt; |
1017 | s->pw = authctxt->pw; | 1017 | s->pw = authctxt->pw; |
1018 | s->pid = monitor->m_pid; | 1018 | s->pid = pmonitor->m_pid; |
1019 | res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty)); | 1019 | res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty)); |
1020 | if (res == 0) | 1020 | if (res == 0) |
1021 | goto error; | 1021 | goto error; |
@@ -1252,7 +1252,7 @@ mm_answer_rsa_response(int socket, Buffer *m) | |||
1252 | int | 1252 | int |
1253 | mm_answer_term(int socket, Buffer *req) | 1253 | mm_answer_term(int socket, Buffer *req) |
1254 | { | 1254 | { |
1255 | extern struct monitor *monitor; | 1255 | extern struct monitor *pmonitor; |
1256 | int res, status; | 1256 | int res, status; |
1257 | 1257 | ||
1258 | debug3("%s: tearing down sessions", __FUNCTION__); | 1258 | debug3("%s: tearing down sessions", __FUNCTION__); |
@@ -1260,7 +1260,7 @@ mm_answer_term(int socket, Buffer *req) | |||
1260 | /* The child is terminating */ | 1260 | /* The child is terminating */ |
1261 | session_destroy_all(&mm_session_close); | 1261 | session_destroy_all(&mm_session_close); |
1262 | 1262 | ||
1263 | while (waitpid(monitor->m_pid, &status, 0) == -1) | 1263 | while (waitpid(pmonitor->m_pid, &status, 0) == -1) |
1264 | if (errno != EINTR) | 1264 | if (errno != EINTR) |
1265 | exit(1); | 1265 | exit(1); |
1266 | 1266 | ||
@@ -1271,7 +1271,7 @@ mm_answer_term(int socket, Buffer *req) | |||
1271 | } | 1271 | } |
1272 | 1272 | ||
1273 | void | 1273 | void |
1274 | monitor_apply_keystate(struct monitor *monitor) | 1274 | monitor_apply_keystate(struct monitor *pmonitor) |
1275 | { | 1275 | { |
1276 | if (compat20) { | 1276 | if (compat20) { |
1277 | set_newkeys(MODE_IN); | 1277 | set_newkeys(MODE_IN); |
@@ -1303,7 +1303,7 @@ monitor_apply_keystate(struct monitor *monitor) | |||
1303 | sizeof(outgoing_stream)); | 1303 | sizeof(outgoing_stream)); |
1304 | 1304 | ||
1305 | /* Update with new address */ | 1305 | /* Update with new address */ |
1306 | mm_init_compression(monitor->m_zlib); | 1306 | mm_init_compression(pmonitor->m_zlib); |
1307 | 1307 | ||
1308 | /* Network I/O buffers */ | 1308 | /* Network I/O buffers */ |
1309 | /* XXX inefficient for large buffers, need: buffer_init_from_string */ | 1309 | /* XXX inefficient for large buffers, need: buffer_init_from_string */ |
@@ -1353,7 +1353,7 @@ mm_get_kex(Buffer *m) | |||
1353 | /* This function requries careful sanity checking */ | 1353 | /* This function requries careful sanity checking */ |
1354 | 1354 | ||
1355 | void | 1355 | void |
1356 | mm_get_keystate(struct monitor *monitor) | 1356 | mm_get_keystate(struct monitor *pmonitor) |
1357 | { | 1357 | { |
1358 | Buffer m; | 1358 | Buffer m; |
1359 | u_char *blob, *p; | 1359 | u_char *blob, *p; |
@@ -1362,7 +1362,7 @@ mm_get_keystate(struct monitor *monitor) | |||
1362 | debug3("%s: Waiting for new keys", __FUNCTION__); | 1362 | debug3("%s: Waiting for new keys", __FUNCTION__); |
1363 | 1363 | ||
1364 | buffer_init(&m); | 1364 | buffer_init(&m); |
1365 | mm_request_receive_expect(monitor->m_sendfd, MONITOR_REQ_KEYEXPORT, &m); | 1365 | mm_request_receive_expect(pmonitor->m_sendfd, MONITOR_REQ_KEYEXPORT, &m); |
1366 | if (!compat20) { | 1366 | if (!compat20) { |
1367 | child_state.ssh1protoflags = buffer_get_int(&m); | 1367 | child_state.ssh1protoflags = buffer_get_int(&m); |
1368 | child_state.ssh1cipher = buffer_get_int(&m); | 1368 | child_state.ssh1cipher = buffer_get_int(&m); |
@@ -1372,7 +1372,7 @@ mm_get_keystate(struct monitor *monitor) | |||
1372 | goto skip; | 1372 | goto skip; |
1373 | } else { | 1373 | } else { |
1374 | /* Get the Kex for rekeying */ | 1374 | /* Get the Kex for rekeying */ |
1375 | *monitor->m_pkex = mm_get_kex(&m); | 1375 | *pmonitor->m_pkex = mm_get_kex(&m); |
1376 | } | 1376 | } |
1377 | 1377 | ||
1378 | blob = buffer_get_string(&m, &bloblen); | 1378 | blob = buffer_get_string(&m, &bloblen); |
diff --git a/monitor_wrap.c b/monitor_wrap.c index 380175828..c5e3fb988 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c | |||
@@ -25,7 +25,7 @@ | |||
25 | */ | 25 | */ |
26 | 26 | ||
27 | #include "includes.h" | 27 | #include "includes.h" |
28 | RCSID("$OpenBSD: monitor_wrap.c,v 1.6 2002/05/12 23:53:45 djm Exp $"); | 28 | RCSID("$OpenBSD: monitor_wrap.c,v 1.7 2002/05/15 15:47:49 mouring Exp $"); |
29 | 29 | ||
30 | #include <openssl/bn.h> | 30 | #include <openssl/bn.h> |
31 | #include <openssl/dh.h> | 31 | #include <openssl/dh.h> |
@@ -56,7 +56,7 @@ extern int compat20; | |||
56 | extern Newkeys *newkeys[]; | 56 | extern Newkeys *newkeys[]; |
57 | extern z_stream incoming_stream; | 57 | extern z_stream incoming_stream; |
58 | extern z_stream outgoing_stream; | 58 | extern z_stream outgoing_stream; |
59 | extern struct monitor *monitor; | 59 | extern struct monitor *pmonitor; |
60 | extern Buffer input, output; | 60 | extern Buffer input, output; |
61 | 61 | ||
62 | void | 62 | void |
@@ -126,10 +126,10 @@ mm_choose_dh(int min, int nbits, int max) | |||
126 | buffer_put_int(&m, nbits); | 126 | buffer_put_int(&m, nbits); |
127 | buffer_put_int(&m, max); | 127 | buffer_put_int(&m, max); |
128 | 128 | ||
129 | mm_request_send(monitor->m_recvfd, MONITOR_REQ_MODULI, &m); | 129 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_MODULI, &m); |
130 | 130 | ||
131 | debug3("%s: waiting for MONITOR_ANS_MODULI", __FUNCTION__); | 131 | debug3("%s: waiting for MONITOR_ANS_MODULI", __FUNCTION__); |
132 | mm_request_receive_expect(monitor->m_recvfd, MONITOR_ANS_MODULI, &m); | 132 | mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_MODULI, &m); |
133 | 133 | ||
134 | success = buffer_get_char(&m); | 134 | success = buffer_get_char(&m); |
135 | if (success == 0) | 135 | if (success == 0) |
@@ -151,7 +151,7 @@ mm_choose_dh(int min, int nbits, int max) | |||
151 | int | 151 | int |
152 | mm_key_sign(Key *key, u_char **sigp, u_int *lenp, u_char *data, u_int datalen) | 152 | mm_key_sign(Key *key, u_char **sigp, u_int *lenp, u_char *data, u_int datalen) |
153 | { | 153 | { |
154 | Kex *kex = *monitor->m_pkex; | 154 | Kex *kex = *pmonitor->m_pkex; |
155 | Buffer m; | 155 | Buffer m; |
156 | 156 | ||
157 | debug3("%s entering", __FUNCTION__); | 157 | debug3("%s entering", __FUNCTION__); |
@@ -160,10 +160,10 @@ mm_key_sign(Key *key, u_char **sigp, u_int *lenp, u_char *data, u_int datalen) | |||
160 | buffer_put_int(&m, kex->host_key_index(key)); | 160 | buffer_put_int(&m, kex->host_key_index(key)); |
161 | buffer_put_string(&m, data, datalen); | 161 | buffer_put_string(&m, data, datalen); |
162 | 162 | ||
163 | mm_request_send(monitor->m_recvfd, MONITOR_REQ_SIGN, &m); | 163 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SIGN, &m); |
164 | 164 | ||
165 | debug3("%s: waiting for MONITOR_ANS_SIGN", __FUNCTION__); | 165 | debug3("%s: waiting for MONITOR_ANS_SIGN", __FUNCTION__); |
166 | mm_request_receive_expect(monitor->m_recvfd, MONITOR_ANS_SIGN, &m); | 166 | mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_SIGN, &m); |
167 | *sigp = buffer_get_string(&m, lenp); | 167 | *sigp = buffer_get_string(&m, lenp); |
168 | buffer_free(&m); | 168 | buffer_free(&m); |
169 | 169 | ||
@@ -182,10 +182,10 @@ mm_getpwnamallow(const char *login) | |||
182 | buffer_init(&m); | 182 | buffer_init(&m); |
183 | buffer_put_cstring(&m, login); | 183 | buffer_put_cstring(&m, login); |
184 | 184 | ||
185 | mm_request_send(monitor->m_recvfd, MONITOR_REQ_PWNAM, &m); | 185 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PWNAM, &m); |
186 | 186 | ||
187 | debug3("%s: waiting for MONITOR_ANS_PWNAM", __FUNCTION__); | 187 | debug3("%s: waiting for MONITOR_ANS_PWNAM", __FUNCTION__); |
188 | mm_request_receive_expect(monitor->m_recvfd, MONITOR_ANS_PWNAM, &m); | 188 | mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PWNAM, &m); |
189 | 189 | ||
190 | if (buffer_get_char(&m) == 0) { | 190 | if (buffer_get_char(&m) == 0) { |
191 | buffer_free(&m); | 191 | buffer_free(&m); |
@@ -215,10 +215,10 @@ char* mm_auth2_read_banner(void) | |||
215 | debug3("%s entering", __FUNCTION__); | 215 | debug3("%s entering", __FUNCTION__); |
216 | 216 | ||
217 | buffer_init(&m); | 217 | buffer_init(&m); |
218 | mm_request_send(monitor->m_recvfd, MONITOR_REQ_AUTH2_READ_BANNER, &m); | 218 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTH2_READ_BANNER, &m); |
219 | buffer_clear(&m); | 219 | buffer_clear(&m); |
220 | 220 | ||
221 | mm_request_receive_expect(monitor->m_recvfd, MONITOR_ANS_AUTH2_READ_BANNER, &m); | 221 | mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUTH2_READ_BANNER, &m); |
222 | banner = buffer_get_string(&m, NULL); | 222 | banner = buffer_get_string(&m, NULL); |
223 | buffer_free(&m); | 223 | buffer_free(&m); |
224 | 224 | ||
@@ -238,7 +238,7 @@ mm_inform_authserv(char *service, char *style) | |||
238 | buffer_put_cstring(&m, service); | 238 | buffer_put_cstring(&m, service); |
239 | buffer_put_cstring(&m, style ? style : ""); | 239 | buffer_put_cstring(&m, style ? style : ""); |
240 | 240 | ||
241 | mm_request_send(monitor->m_recvfd, MONITOR_REQ_AUTHSERV, &m); | 241 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHSERV, &m); |
242 | 242 | ||
243 | buffer_free(&m); | 243 | buffer_free(&m); |
244 | } | 244 | } |
@@ -254,10 +254,10 @@ mm_auth_password(Authctxt *authctxt, char *password) | |||
254 | 254 | ||
255 | buffer_init(&m); | 255 | buffer_init(&m); |
256 | buffer_put_cstring(&m, password); | 256 | buffer_put_cstring(&m, password); |
257 | mm_request_send(monitor->m_recvfd, MONITOR_REQ_AUTHPASSWORD, &m); | 257 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHPASSWORD, &m); |
258 | 258 | ||
259 | debug3("%s: waiting for MONITOR_ANS_AUTHPASSWORD", __FUNCTION__); | 259 | debug3("%s: waiting for MONITOR_ANS_AUTHPASSWORD", __FUNCTION__); |
260 | mm_request_receive_expect(monitor->m_recvfd, MONITOR_ANS_AUTHPASSWORD, &m); | 260 | mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUTHPASSWORD, &m); |
261 | 261 | ||
262 | authenticated = buffer_get_int(&m); | 262 | authenticated = buffer_get_int(&m); |
263 | 263 | ||
@@ -327,10 +327,10 @@ mm_key_allowed(enum mm_keytype type, char *user, char *host, Key *key) | |||
327 | buffer_put_string(&m, blob, len); | 327 | buffer_put_string(&m, blob, len); |
328 | xfree(blob); | 328 | xfree(blob); |
329 | 329 | ||
330 | mm_request_send(monitor->m_recvfd, MONITOR_REQ_KEYALLOWED, &m); | 330 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYALLOWED, &m); |
331 | 331 | ||
332 | debug3("%s: waiting for MONITOR_ANS_KEYALLOWED", __FUNCTION__); | 332 | debug3("%s: waiting for MONITOR_ANS_KEYALLOWED", __FUNCTION__); |
333 | mm_request_receive_expect(monitor->m_recvfd, MONITOR_ANS_KEYALLOWED, &m); | 333 | mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_KEYALLOWED, &m); |
334 | 334 | ||
335 | allowed = buffer_get_int(&m); | 335 | allowed = buffer_get_int(&m); |
336 | 336 | ||
@@ -368,10 +368,10 @@ mm_key_verify(Key *key, u_char *sig, u_int siglen, u_char *data, u_int datalen) | |||
368 | buffer_put_string(&m, data, datalen); | 368 | buffer_put_string(&m, data, datalen); |
369 | xfree(blob); | 369 | xfree(blob); |
370 | 370 | ||
371 | mm_request_send(monitor->m_recvfd, MONITOR_REQ_KEYVERIFY, &m); | 371 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYVERIFY, &m); |
372 | 372 | ||
373 | debug3("%s: waiting for MONITOR_ANS_KEYVERIFY", __FUNCTION__); | 373 | debug3("%s: waiting for MONITOR_ANS_KEYVERIFY", __FUNCTION__); |
374 | mm_request_receive_expect(monitor->m_recvfd, MONITOR_ANS_KEYVERIFY, &m); | 374 | mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_KEYVERIFY, &m); |
375 | 375 | ||
376 | verified = buffer_get_int(&m); | 376 | verified = buffer_get_int(&m); |
377 | 377 | ||
@@ -510,7 +510,7 @@ mm_send_kex(Buffer *m, Kex *kex) | |||
510 | } | 510 | } |
511 | 511 | ||
512 | void | 512 | void |
513 | mm_send_keystate(struct monitor *monitor) | 513 | mm_send_keystate(struct monitor *pmonitor) |
514 | { | 514 | { |
515 | Buffer m; | 515 | Buffer m; |
516 | u_char *blob, *p; | 516 | u_char *blob, *p; |
@@ -536,7 +536,7 @@ mm_send_keystate(struct monitor *monitor) | |||
536 | goto skip; | 536 | goto skip; |
537 | } else { | 537 | } else { |
538 | /* Kex for rekeying */ | 538 | /* Kex for rekeying */ |
539 | mm_send_kex(&m, *monitor->m_pkex); | 539 | mm_send_kex(&m, *pmonitor->m_pkex); |
540 | } | 540 | } |
541 | 541 | ||
542 | debug3("%s: Sending new keys: %p %p", | 542 | debug3("%s: Sending new keys: %p %p", |
@@ -582,7 +582,7 @@ mm_send_keystate(struct monitor *monitor) | |||
582 | buffer_put_string(&m, buffer_ptr(&input), buffer_len(&input)); | 582 | buffer_put_string(&m, buffer_ptr(&input), buffer_len(&input)); |
583 | buffer_put_string(&m, buffer_ptr(&output), buffer_len(&output)); | 583 | buffer_put_string(&m, buffer_ptr(&output), buffer_len(&output)); |
584 | 584 | ||
585 | mm_request_send(monitor->m_recvfd, MONITOR_REQ_KEYEXPORT, &m); | 585 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYEXPORT, &m); |
586 | debug3("%s: Finished sending state", __FUNCTION__); | 586 | debug3("%s: Finished sending state", __FUNCTION__); |
587 | 587 | ||
588 | buffer_free(&m); | 588 | buffer_free(&m); |
@@ -596,10 +596,10 @@ mm_pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, int namebuflen) | |||
596 | int success = 0; | 596 | int success = 0; |
597 | 597 | ||
598 | buffer_init(&m); | 598 | buffer_init(&m); |
599 | mm_request_send(monitor->m_recvfd, MONITOR_REQ_PTY, &m); | 599 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PTY, &m); |
600 | 600 | ||
601 | debug3("%s: waiting for MONITOR_ANS_PTY", __FUNCTION__); | 601 | debug3("%s: waiting for MONITOR_ANS_PTY", __FUNCTION__); |
602 | mm_request_receive_expect(monitor->m_recvfd, MONITOR_ANS_PTY, &m); | 602 | mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PTY, &m); |
603 | 603 | ||
604 | success = buffer_get_int(&m); | 604 | success = buffer_get_int(&m); |
605 | if (success == 0) { | 605 | if (success == 0) { |
@@ -613,8 +613,8 @@ mm_pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, int namebuflen) | |||
613 | strlcpy(namebuf, p, namebuflen); /* Possible truncation */ | 613 | strlcpy(namebuf, p, namebuflen); /* Possible truncation */ |
614 | xfree(p); | 614 | xfree(p); |
615 | 615 | ||
616 | *ptyfd = mm_receive_fd(monitor->m_recvfd); | 616 | *ptyfd = mm_receive_fd(pmonitor->m_recvfd); |
617 | *ttyfd = mm_receive_fd(monitor->m_recvfd); | 617 | *ttyfd = mm_receive_fd(pmonitor->m_recvfd); |
618 | 618 | ||
619 | /* Success */ | 619 | /* Success */ |
620 | return (1); | 620 | return (1); |
@@ -630,7 +630,7 @@ mm_session_pty_cleanup2(void *session) | |||
630 | return; | 630 | return; |
631 | buffer_init(&m); | 631 | buffer_init(&m); |
632 | buffer_put_cstring(&m, s->tty); | 632 | buffer_put_cstring(&m, s->tty); |
633 | mm_request_send(monitor->m_recvfd, MONITOR_REQ_PTYCLEANUP, &m); | 633 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PTYCLEANUP, &m); |
634 | buffer_free(&m); | 634 | buffer_free(&m); |
635 | 635 | ||
636 | /* closed dup'ed master */ | 636 | /* closed dup'ed master */ |
@@ -652,7 +652,7 @@ mm_start_pam(char *user) | |||
652 | buffer_init(&m); | 652 | buffer_init(&m); |
653 | buffer_put_cstring(&m, user); | 653 | buffer_put_cstring(&m, user); |
654 | 654 | ||
655 | mm_request_send(monitor->m_recvfd, MONITOR_REQ_PAM_START, &m); | 655 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_START, &m); |
656 | 656 | ||
657 | buffer_free(&m); | 657 | buffer_free(&m); |
658 | } | 658 | } |
@@ -666,7 +666,7 @@ mm_terminate(void) | |||
666 | Buffer m; | 666 | Buffer m; |
667 | 667 | ||
668 | buffer_init(&m); | 668 | buffer_init(&m); |
669 | mm_request_send(monitor->m_recvfd, MONITOR_REQ_TERM, &m); | 669 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_TERM, &m); |
670 | buffer_free(&m); | 670 | buffer_free(&m); |
671 | } | 671 | } |
672 | 672 | ||
@@ -678,9 +678,9 @@ mm_ssh1_session_key(BIGNUM *num) | |||
678 | 678 | ||
679 | buffer_init(&m); | 679 | buffer_init(&m); |
680 | buffer_put_bignum2(&m, num); | 680 | buffer_put_bignum2(&m, num); |
681 | mm_request_send(monitor->m_recvfd, MONITOR_REQ_SESSKEY, &m); | 681 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SESSKEY, &m); |
682 | 682 | ||
683 | mm_request_receive_expect(monitor->m_recvfd, MONITOR_ANS_SESSKEY, &m); | 683 | mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_SESSKEY, &m); |
684 | 684 | ||
685 | rsafail = buffer_get_int(&m); | 685 | rsafail = buffer_get_int(&m); |
686 | buffer_get_bignum2(&m, num); | 686 | buffer_get_bignum2(&m, num); |
@@ -713,9 +713,9 @@ mm_bsdauth_query(void *ctx, char **name, char **infotxt, | |||
713 | debug3("%s: entering", __FUNCTION__); | 713 | debug3("%s: entering", __FUNCTION__); |
714 | 714 | ||
715 | buffer_init(&m); | 715 | buffer_init(&m); |
716 | mm_request_send(monitor->m_recvfd, MONITOR_REQ_BSDAUTHQUERY, &m); | 716 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_BSDAUTHQUERY, &m); |
717 | 717 | ||
718 | mm_request_receive_expect(monitor->m_recvfd, MONITOR_ANS_BSDAUTHQUERY, | 718 | mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_BSDAUTHQUERY, |
719 | &m); | 719 | &m); |
720 | res = buffer_get_int(&m); | 720 | res = buffer_get_int(&m); |
721 | if (res == -1) { | 721 | if (res == -1) { |
@@ -748,9 +748,9 @@ mm_bsdauth_respond(void *ctx, u_int numresponses, char **responses) | |||
748 | 748 | ||
749 | buffer_init(&m); | 749 | buffer_init(&m); |
750 | buffer_put_cstring(&m, responses[0]); | 750 | buffer_put_cstring(&m, responses[0]); |
751 | mm_request_send(monitor->m_recvfd, MONITOR_REQ_BSDAUTHRESPOND, &m); | 751 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_BSDAUTHRESPOND, &m); |
752 | 752 | ||
753 | mm_request_receive_expect(monitor->m_recvfd, | 753 | mm_request_receive_expect(pmonitor->m_recvfd, |
754 | MONITOR_ANS_BSDAUTHRESPOND, &m); | 754 | MONITOR_ANS_BSDAUTHRESPOND, &m); |
755 | 755 | ||
756 | authok = buffer_get_int(&m); | 756 | authok = buffer_get_int(&m); |
@@ -770,9 +770,9 @@ mm_skey_query(void *ctx, char **name, char **infotxt, | |||
770 | debug3("%s: entering", __FUNCTION__); | 770 | debug3("%s: entering", __FUNCTION__); |
771 | 771 | ||
772 | buffer_init(&m); | 772 | buffer_init(&m); |
773 | mm_request_send(monitor->m_recvfd, MONITOR_REQ_SKEYQUERY, &m); | 773 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SKEYQUERY, &m); |
774 | 774 | ||
775 | mm_request_receive_expect(monitor->m_recvfd, MONITOR_ANS_SKEYQUERY, | 775 | mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_SKEYQUERY, |
776 | &m); | 776 | &m); |
777 | res = buffer_get_int(&m); | 777 | res = buffer_get_int(&m); |
778 | if (res == -1) { | 778 | if (res == -1) { |
@@ -811,9 +811,9 @@ mm_skey_respond(void *ctx, u_int numresponses, char **responses) | |||
811 | 811 | ||
812 | buffer_init(&m); | 812 | buffer_init(&m); |
813 | buffer_put_cstring(&m, responses[0]); | 813 | buffer_put_cstring(&m, responses[0]); |
814 | mm_request_send(monitor->m_recvfd, MONITOR_REQ_SKEYRESPOND, &m); | 814 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SKEYRESPOND, &m); |
815 | 815 | ||
816 | mm_request_receive_expect(monitor->m_recvfd, | 816 | mm_request_receive_expect(pmonitor->m_recvfd, |
817 | MONITOR_ANS_SKEYRESPOND, &m); | 817 | MONITOR_ANS_SKEYRESPOND, &m); |
818 | 818 | ||
819 | authok = buffer_get_int(&m); | 819 | authok = buffer_get_int(&m); |
@@ -834,7 +834,7 @@ mm_ssh1_session_id(u_char session_id[16]) | |||
834 | for (i = 0; i < 16; i++) | 834 | for (i = 0; i < 16; i++) |
835 | buffer_put_char(&m, session_id[i]); | 835 | buffer_put_char(&m, session_id[i]); |
836 | 836 | ||
837 | mm_request_send(monitor->m_recvfd, MONITOR_REQ_SESSID, &m); | 837 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SESSID, &m); |
838 | buffer_free(&m); | 838 | buffer_free(&m); |
839 | } | 839 | } |
840 | 840 | ||
@@ -852,8 +852,8 @@ mm_auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey) | |||
852 | buffer_init(&m); | 852 | buffer_init(&m); |
853 | buffer_put_bignum2(&m, client_n); | 853 | buffer_put_bignum2(&m, client_n); |
854 | 854 | ||
855 | mm_request_send(monitor->m_recvfd, MONITOR_REQ_RSAKEYALLOWED, &m); | 855 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_RSAKEYALLOWED, &m); |
856 | mm_request_receive_expect(monitor->m_recvfd, MONITOR_ANS_RSAKEYALLOWED, &m); | 856 | mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_RSAKEYALLOWED, &m); |
857 | 857 | ||
858 | allowed = buffer_get_int(&m); | 858 | allowed = buffer_get_int(&m); |
859 | 859 | ||
@@ -892,8 +892,8 @@ mm_auth_rsa_generate_challenge(Key *key) | |||
892 | buffer_put_string(&m, blob, blen); | 892 | buffer_put_string(&m, blob, blen); |
893 | xfree(blob); | 893 | xfree(blob); |
894 | 894 | ||
895 | mm_request_send(monitor->m_recvfd, MONITOR_REQ_RSACHALLENGE, &m); | 895 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_RSACHALLENGE, &m); |
896 | mm_request_receive_expect(monitor->m_recvfd, MONITOR_ANS_RSACHALLENGE, &m); | 896 | mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_RSACHALLENGE, &m); |
897 | 897 | ||
898 | buffer_get_bignum2(&m, challenge); | 898 | buffer_get_bignum2(&m, challenge); |
899 | buffer_free(&m); | 899 | buffer_free(&m); |
@@ -921,8 +921,8 @@ mm_auth_rsa_verify_response(Key *key, BIGNUM *p, u_char response[16]) | |||
921 | buffer_put_string(&m, response, 16); | 921 | buffer_put_string(&m, response, 16); |
922 | xfree(blob); | 922 | xfree(blob); |
923 | 923 | ||
924 | mm_request_send(monitor->m_recvfd, MONITOR_REQ_RSARESPONSE, &m); | 924 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_RSARESPONSE, &m); |
925 | mm_request_receive_expect(monitor->m_recvfd, MONITOR_ANS_RSARESPONSE, &m); | 925 | mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_RSARESPONSE, &m); |
926 | 926 | ||
927 | success = buffer_get_int(&m); | 927 | success = buffer_get_int(&m); |
928 | buffer_free(&m); | 928 | buffer_free(&m); |
@@ -42,7 +42,7 @@ | |||
42 | */ | 42 | */ |
43 | 43 | ||
44 | #include "includes.h" | 44 | #include "includes.h" |
45 | RCSID("$OpenBSD: sshd.c,v 1.241 2002/05/13 15:53:19 millert Exp $"); | 45 | RCSID("$OpenBSD: sshd.c,v 1.242 2002/05/15 15:47:49 mouring Exp $"); |
46 | 46 | ||
47 | #include <openssl/dh.h> | 47 | #include <openssl/dh.h> |
48 | #include <openssl/bn.h> | 48 | #include <openssl/bn.h> |
@@ -202,7 +202,7 @@ int *startup_pipes = NULL; | |||
202 | int startup_pipe; /* in child */ | 202 | int startup_pipe; /* in child */ |
203 | 203 | ||
204 | /* variables used for privilege separation */ | 204 | /* variables used for privilege separation */ |
205 | extern struct monitor *monitor; | 205 | extern struct monitor *pmonitor; |
206 | extern int use_privsep; | 206 | extern int use_privsep; |
207 | 207 | ||
208 | /* Prototypes for various functions defined later in this file. */ | 208 | /* Prototypes for various functions defined later in this file. */ |
@@ -566,9 +566,9 @@ privsep_preauth(void) | |||
566 | pid_t pid; | 566 | pid_t pid; |
567 | 567 | ||
568 | /* Set up unprivileged child process to deal with network data */ | 568 | /* Set up unprivileged child process to deal with network data */ |
569 | monitor = monitor_init(); | 569 | pmonitor = monitor_init(); |
570 | /* Store a pointer to the kex for later rekeying */ | 570 | /* Store a pointer to the kex for later rekeying */ |
571 | monitor->m_pkex = &xxx_kex; | 571 | pmonitor->m_pkex = &xxx_kex; |
572 | 572 | ||
573 | pid = fork(); | 573 | pid = fork(); |
574 | if (pid == -1) { | 574 | if (pid == -1) { |
@@ -576,12 +576,12 @@ privsep_preauth(void) | |||
576 | } else if (pid != 0) { | 576 | } else if (pid != 0) { |
577 | debug2("Network child is on pid %d", pid); | 577 | debug2("Network child is on pid %d", pid); |
578 | 578 | ||
579 | close(monitor->m_recvfd); | 579 | close(pmonitor->m_recvfd); |
580 | authctxt = monitor_child_preauth(monitor); | 580 | authctxt = monitor_child_preauth(pmonitor); |
581 | close(monitor->m_sendfd); | 581 | close(pmonitor->m_sendfd); |
582 | 582 | ||
583 | /* Sync memory */ | 583 | /* Sync memory */ |
584 | monitor_sync(monitor); | 584 | monitor_sync(pmonitor); |
585 | 585 | ||
586 | /* Wait for the child's exit status */ | 586 | /* Wait for the child's exit status */ |
587 | while (waitpid(pid, &status, 0) < 0) | 587 | while (waitpid(pid, &status, 0) < 0) |
@@ -591,7 +591,7 @@ privsep_preauth(void) | |||
591 | } else { | 591 | } else { |
592 | /* child */ | 592 | /* child */ |
593 | 593 | ||
594 | close(monitor->m_sendfd); | 594 | close(pmonitor->m_sendfd); |
595 | 595 | ||
596 | /* Demote the child */ | 596 | /* Demote the child */ |
597 | if (getuid() == 0 || geteuid() == 0) | 597 | if (getuid() == 0 || geteuid() == 0) |
@@ -611,7 +611,7 @@ privsep_postauth(Authctxt *authctxt) | |||
611 | 611 | ||
612 | if (authctxt->pw->pw_uid == 0 || options.use_login) { | 612 | if (authctxt->pw->pw_uid == 0 || options.use_login) { |
613 | /* File descriptor passing is broken or root login */ | 613 | /* File descriptor passing is broken or root login */ |
614 | monitor_apply_keystate(monitor); | 614 | monitor_apply_keystate(pmonitor); |
615 | use_privsep = 0; | 615 | use_privsep = 0; |
616 | return; | 616 | return; |
617 | } | 617 | } |
@@ -624,21 +624,21 @@ privsep_postauth(Authctxt *authctxt) | |||
624 | } | 624 | } |
625 | 625 | ||
626 | /* New socket pair */ | 626 | /* New socket pair */ |
627 | monitor_reinit(monitor); | 627 | monitor_reinit(pmonitor); |
628 | 628 | ||
629 | monitor->m_pid = fork(); | 629 | pmonitor->m_pid = fork(); |
630 | if (monitor->m_pid == -1) | 630 | if (pmonitor->m_pid == -1) |
631 | fatal("fork of unprivileged child failed"); | 631 | fatal("fork of unprivileged child failed"); |
632 | else if (monitor->m_pid != 0) { | 632 | else if (pmonitor->m_pid != 0) { |
633 | debug2("User child is on pid %d", monitor->m_pid); | 633 | debug2("User child is on pid %d", pmonitor->m_pid); |
634 | close(monitor->m_recvfd); | 634 | close(pmonitor->m_recvfd); |
635 | monitor_child_postauth(monitor); | 635 | monitor_child_postauth(pmonitor); |
636 | 636 | ||
637 | /* NEVERREACHED */ | 637 | /* NEVERREACHED */ |
638 | exit(0); | 638 | exit(0); |
639 | } | 639 | } |
640 | 640 | ||
641 | close(monitor->m_sendfd); | 641 | close(pmonitor->m_sendfd); |
642 | 642 | ||
643 | /* Demote the private keys to public keys. */ | 643 | /* Demote the private keys to public keys. */ |
644 | demote_sensitive_data(); | 644 | demote_sensitive_data(); |
@@ -647,7 +647,7 @@ privsep_postauth(Authctxt *authctxt) | |||
647 | do_setusercontext(authctxt->pw); | 647 | do_setusercontext(authctxt->pw); |
648 | 648 | ||
649 | /* It is safe now to apply the key state */ | 649 | /* It is safe now to apply the key state */ |
650 | monitor_apply_keystate(monitor); | 650 | monitor_apply_keystate(pmonitor); |
651 | } | 651 | } |
652 | 652 | ||
653 | static char * | 653 | static char * |
@@ -1459,7 +1459,7 @@ main(int ac, char **av) | |||
1459 | * the current keystate and exits | 1459 | * the current keystate and exits |
1460 | */ | 1460 | */ |
1461 | if (use_privsep) { | 1461 | if (use_privsep) { |
1462 | mm_send_keystate(monitor); | 1462 | mm_send_keystate(pmonitor); |
1463 | exit(0); | 1463 | exit(0); |
1464 | } | 1464 | } |
1465 | 1465 | ||