4 files changed, 86 insertions, 65 deletions
diff --git a/auth2-gss.c b/auth2-gss.c
index 589283b72..a6f2a7125 100644
--- a/auth2-gss.c
+++ b/auth2-gss.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-gss.c,v 1.26 2017/06/24 06:34:38 djm Exp $ */
+/* $OpenBSD: auth2-gss.c,v 1.27 2018/07/09 21:37:55 markus Exp $ */
 /*
 * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
@@ -33,13 +33,14 @@
 #include <stdarg.h>
 #include "xmalloc.h"
-#include "key.h"
+#include "sshkey.h"
 #include "hostfile.h"
 #include "auth.h"
 #include "ssh2.h"
 #include "log.h"
 #include "dispatch.h"
-#include "buffer.h"
+#include "sshbuf.h"
+#include "ssherr.h"
 #include "misc.h"
 #include "servconf.h"
 #include "packet.h"
@@ -63,16 +64,18 @@ userauth_gssapi(struct ssh *ssh)
        Authctxt *authctxt = ssh->authctxt;
        gss_OID_desc goid = {0, NULL};
        Gssctxt *ctxt = NULL;
-        int mechs;
+        int r, present;
-        int present;
+        u_int mechs;
        OM_uint32 ms;
-        u_int len;
+        size_t len;
        u_char *doid = NULL;
        if (!authctxt->valid || authctxt->user == NULL)
                return (0);
-        mechs = packet_get_int();
+        if ((r = sshpkt_get_u32(ssh, &mechs)) != 0)
+                fatal("%s: %s", __func__, ssh_err(r));
        if (mechs == 0) {
                debug("Mechanism negotiation is not supported");
                return (0);
@@ -84,7 +87,8 @@ userauth_gssapi(struct ssh *ssh)
                free(doid);
                present = 0;
-                doid = packet_get_string(&len);
+                if ((r = sshpkt_get_string(ssh, &doid, &len)) != 0)
+                        fatal("%s: %s", __func__, ssh_err(r));
                if (len > 2 && doid[0] == SSH_GSS_OIDTYPE &&
                    doid[1] == len - 2) {
@@ -112,12 +116,12 @@ userauth_gssapi(struct ssh *ssh)
        authctxt->methoddata = (void *)ctxt;
-        packet_start(SSH2_MSG_USERAUTH_GSSAPI_RESPONSE);
        /* Return the OID that we received */
-        packet_put_string(doid, len);
+        if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_GSSAPI_RESPONSE)) != 0 ||
+            (r = sshpkt_put_string(ssh, doid, len)) != 0 ||
+            (r = sshpkt_send(ssh)) != 0)
+                fatal("%s: %s", __func__, ssh_err(r));
-        packet_send();
        free(doid);
        ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_TOKEN, &input_gssapi_token);
@@ -135,36 +139,45 @@ input_gssapi_token(int type, u_int32_t plen, struct ssh *ssh)
        gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
        gss_buffer_desc recv_tok;
        OM_uint32 maj_status, min_status, flags;
-        u_int len;
+        u_char *p;
+        size_t len;
+        int r;
        if (authctxt == NULL || (authctxt->methoddata == NULL && !use_privsep))
                fatal("No authentication or GSSAPI context");
        gssctxt = authctxt->methoddata;
-        recv_tok.value = packet_get_string(&len);
+        if ((r = sshpkt_get_string(ssh, &p, &len)) != 0 ||
-        recv_tok.length = len; /* u_int vs. size_t */
+            (r = sshpkt_get_end(ssh)) != 0)
+                fatal("%s: %s", __func__, ssh_err(r));
-        packet_check_eom();
+        recv_tok.value = p;
+        recv_tok.length = len;
        maj_status = PRIVSEP(ssh_gssapi_accept_ctx(gssctxt, &recv_tok,
            &send_tok, &flags));
-        free(recv_tok.value);
+        free(p);
        if (GSS_ERROR(maj_status)) {
                if (send_tok.length != 0) {
-                        packet_start(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK);
+                        if ((r = sshpkt_start(ssh,
-                        packet_put_string(send_tok.value, send_tok.length);
+                            SSH2_MSG_USERAUTH_GSSAPI_ERRTOK)) != 0 ||
-                        packet_send();
+                            (r = sshpkt_put_string(ssh, send_tok.value,
+                            send_tok.length)) != 0 ||
+                            (r = sshpkt_send(ssh)) != 0)
+                                fatal("%s: %s", __func__, ssh_err(r));
                }
                authctxt->postponed = 0;
                ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
                userauth_finish(ssh, 0, "gssapi-with-mic", NULL);
        } else {
                if (send_tok.length != 0) {
-                        packet_start(SSH2_MSG_USERAUTH_GSSAPI_TOKEN);
+                        if ((r = sshpkt_start(ssh,
-                        packet_put_string(send_tok.value, send_tok.length);
+                            SSH2_MSG_USERAUTH_GSSAPI_TOKEN)) != 0 ||
-                        packet_send();
+                            (r = sshpkt_put_string(ssh, send_tok.value,
+                            send_tok.length)) != 0 ||
+                            (r = sshpkt_send(ssh)) != 0)
+                                fatal("%s: %s", __func__, ssh_err(r));
                }
                if (maj_status == GSS_S_COMPLETE) {
                        ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
@@ -190,16 +203,16 @@ input_gssapi_errtok(int type, u_int32_t plen, struct ssh *ssh)
        gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
        gss_buffer_desc recv_tok;
        OM_uint32 maj_status;
-        u_int len;
+        int r;
        if (authctxt == NULL || (authctxt->methoddata == NULL && !use_privsep))
                fatal("No authentication or GSSAPI context");
        gssctxt = authctxt->methoddata;
-        recv_tok.value = packet_get_string(&len);
+        if ((r = sshpkt_get_string(ssh,
-        recv_tok.length = len;
+            &recv_tok.value, &recv_tok.length)) != 0 ||
+            (r = sshpkt_get_end(ssh)) != 0)
-        packet_check_eom();
+                fatal("%s: %s", __func__, ssh_err(r));
        /* Push the error token into GSSAPI to see what it says */
        maj_status = PRIVSEP(ssh_gssapi_accept_ctx(gssctxt, &recv_tok,
@@ -238,7 +251,8 @@ input_gssapi_exchange_complete(int type, u_int32_t plen, struct ssh *ssh)
         * the dispatcher once the exchange is complete
         */
-        packet_check_eom();
+        if ((r = sshpkt_get_end(ssh)) != 0)
+                fatal("%s: %s", __func__, ssh_err(r));
        authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user));
@@ -260,10 +274,9 @@ input_gssapi_mic(int type, u_int32_t plen, struct ssh *ssh)
 {
        Authctxt *authctxt = ssh->authctxt;
        Gssctxt *gssctxt;
-        int authenticated = 0;
+        int r, authenticated = 0;
-        Buffer b;
+        struct sshbuf *b;
        gss_buffer_desc mic, gssbuf;
-        u_int len;
        const char *displayname;
        if (authctxt == NULL || (authctxt->methoddata == NULL && !use_privsep))
@@ -271,21 +284,23 @@ input_gssapi_mic(int type, u_int32_t plen, struct ssh *ssh)
        gssctxt = authctxt->methoddata;
-        mic.value = packet_get_string(&len);
+        if ((r = sshpkt_get_string(ssh, &mic.value, &mic.length)) != 0)
-        mic.length = len;
+                fatal("%s: %s", __func__, ssh_err(r));
+        if ((b = sshbuf_new()) == NULL)
-        ssh_gssapi_buildmic(&b, authctxt->user, authctxt->service,
+                fatal("%s: sshbuf_new failed", __func__);
+        ssh_gssapi_buildmic(b, authctxt->user, authctxt->service,
            "gssapi-with-mic");
-        gssbuf.value = buffer_ptr(&b);
+        if ((gssbuf.value = sshbuf_mutable_ptr(b)) == NULL)
-        gssbuf.length = buffer_len(&b);
+                fatal("%s: sshbuf_mutable_ptr failed", __func__);
+        gssbuf.length = sshbuf_len(b);
        if (!GSS_ERROR(PRIVSEP(ssh_gssapi_checkmic(gssctxt, &gssbuf, &mic))))
                authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user));
        else
                logit("GSSAPI MIC check failed");
-        buffer_free(&b);
+        sshbuf_free(b);
        free(mic.value);
        if ((!use_privsep || mm_is_monitor()) &&
diff --git a/gss-genr.c b/gss-genr.c
index 62559ed9e..f794e05b7 100644
--- a/gss-genr.c
+++ b/gss-genr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: gss-genr.c,v 1.24 2016/09/12 01:22:38 deraadt Exp $ */
+/* $OpenBSD: gss-genr.c,v 1.25 2018/07/09 21:37:55 markus Exp $ */
 /*
 * Copyright (c) 2001-2007 Simon Wilkinson. All rights reserved.
@@ -37,7 +37,8 @@
 #include <unistd.h>
 #include "xmalloc.h"
-#include "buffer.h"
+#include "ssherr.h"
+#include "sshbuf.h"
 #include "log.h"
 #include "ssh2.h"
@@ -94,10 +95,12 @@ ssh_gssapi_last_error(Gssctxt *ctxt, OM_uint32 *major_status,
        OM_uint32 lmin;
        gss_buffer_desc msg = GSS_C_EMPTY_BUFFER;
        OM_uint32 ctx;
-        Buffer b;
+        struct sshbuf *b;
        char *ret;
+        int r;
-        buffer_init(&b);
+        if ((b = sshbuf_new()) == NULL)
+                fatal("%s: sshbuf_new failed", __func__);
        if (major_status != NULL)
                *major_status = ctxt->major;
@@ -110,8 +113,9 @@ ssh_gssapi_last_error(Gssctxt *ctxt, OM_uint32 *major_status,
                gss_display_status(&lmin, ctxt->major,
                    GSS_C_GSS_CODE, ctxt->oid, &ctx, &msg);
-                buffer_append(&b, msg.value, msg.length);
+                if ((r = sshbuf_put(b, msg.value, msg.length)) != 0 ||
-                buffer_put_char(&b, '\n');
+                    (r = sshbuf_put_u8(b, '\n')) != 0)
+                        fatal("%s: buffer error: %s", __func__, ssh_err(r));
                gss_release_buffer(&lmin, &msg);
        } while (ctx != 0);
@@ -121,16 +125,17 @@ ssh_gssapi_last_error(Gssctxt *ctxt, OM_uint32 *major_status,
                gss_display_status(&lmin, ctxt->minor,
                    GSS_C_MECH_CODE, ctxt->oid, &ctx, &msg);
-                buffer_append(&b, msg.value, msg.length);
+                if ((r = sshbuf_put(b, msg.value, msg.length)) != 0 ||
-                buffer_put_char(&b, '\n');
+                    (r = sshbuf_put_u8(b, '\n')) != 0)
+                        fatal("%s: buffer error: %s", __func__, ssh_err(r));
                gss_release_buffer(&lmin, &msg);
        } while (ctx != 0);
-        buffer_put_char(&b, '\0');
+        if ((r = sshbuf_put_u8(b, '\n')) != 0)
-        ret = xmalloc(buffer_len(&b));
+                fatal("%s: buffer error: %s", __func__, ssh_err(r));
-        buffer_get(&b, ret, buffer_len(&b));
+        ret = xstrdup((const char *)sshbuf_ptr(b));
-        buffer_free(&b);
+        sshbuf_free(b);
        return (ret);
 }
@@ -238,15 +243,18 @@ ssh_gssapi_sign(Gssctxt *ctx, gss_buffer_t buffer, gss_buffer_t hash)
 }
 void
-ssh_gssapi_buildmic(Buffer *b, const char *user, const char *service,
+ssh_gssapi_buildmic(struct sshbuf *b, const char *user, const char *service,
    const char *context)
 {
-        buffer_init(b);
+        int r;
-        buffer_put_string(b, session_id2, session_id2_len);
-        buffer_put_char(b, SSH2_MSG_USERAUTH_REQUEST);
+        sshbuf_reset(b);
-        buffer_put_cstring(b, user);
+        if ((r = sshbuf_put_string(b, session_id2, session_id2_len)) != 0 ||
-        buffer_put_cstring(b, service);
+            (r = sshbuf_put_u8(b, SSH2_MSG_USERAUTH_REQUEST)) != 0 ||
-        buffer_put_cstring(b, context);
+            (r = sshbuf_put_cstring(b, user)) != 0 ||
+            (r = sshbuf_put_cstring(b, service)) != 0 ||
+            (r = sshbuf_put_cstring(b, context)) != 0)
+                fatal("%s: buffer error: %s", __func__, ssh_err(r));
 }
 int
diff --git a/gss-serv-krb5.c b/gss-serv-krb5.c
index 795992d9f..a151bc1e4 100644
--- a/gss-serv-krb5.c
+++ b/gss-serv-krb5.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: gss-serv-krb5.c,v 1.8 2013/07/20 01:55:13 djm Exp $ */
+/* $OpenBSD: gss-serv-krb5.c,v 1.9 2018/07/09 21:37:55 markus Exp $ */
 /*
 * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
@@ -35,14 +35,13 @@
 #include <string.h>
 #include "xmalloc.h"
-#include "key.h"
+#include "sshkey.h"
 #include "hostfile.h"
 #include "auth.h"
 #include "log.h"
 #include "misc.h"
 #include "servconf.h"
-#include "buffer.h"
 #include "ssh-gss.h"
 extern ServerOptions options;
diff --git a/gss-serv.c b/gss-serv.c
index 6cae720e5..ab3a15f0f 100644
--- a/gss-serv.c
+++ b/gss-serv.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: gss-serv.c,v 1.30 2017/06/24 06:34:38 djm Exp $ */
+/* $OpenBSD: gss-serv.c,v 1.31 2018/07/09 21:37:55 markus Exp $ */
 /*
 * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
@@ -36,8 +36,7 @@
 #include "openbsd-compat/sys-queue.h"
 #include "xmalloc.h"
-#include "buffer.h"
+#include "sshkey.h"
-#include "key.h"
 #include "hostfile.h"
 #include "auth.h"
 #include "log.h"

diff --git a/auth2-gss.c b/auth2-gss.c index 589283b72..a6f2a7125 100644 --- a/auth2-gss.c +++ b/auth2-gss.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: auth2-gss.c,v 1.26 2017/06/24 06:34:38 djm Exp $ */	1	/* $OpenBSD: auth2-gss.c,v 1.27 2018/07/09 21:37:55 markus Exp $ */
2		2
3	/*	3	/*
4	* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.	4	* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
@@ -33,13 +33,14 @@
33	#include <stdarg.h>	33	#include <stdarg.h>
34		34
35	#include "xmalloc.h"	35	#include "xmalloc.h"
36	#include "key.h"	36	#include "sshkey.h"
37	#include "hostfile.h"	37	#include "hostfile.h"
38	#include "auth.h"	38	#include "auth.h"
39	#include "ssh2.h"	39	#include "ssh2.h"
40	#include "log.h"	40	#include "log.h"
41	#include "dispatch.h"	41	#include "dispatch.h"
42	#include "buffer.h"	42	#include "sshbuf.h"
		43	#include "ssherr.h"
43	#include "misc.h"	44	#include "misc.h"
44	#include "servconf.h"	45	#include "servconf.h"
45	#include "packet.h"	46	#include "packet.h"
@@ -63,16 +64,18 @@ userauth_gssapi(struct ssh *ssh)
63	Authctxt *authctxt = ssh->authctxt;	64	Authctxt *authctxt = ssh->authctxt;
64	gss_OID_desc goid = {0, NULL};	65	gss_OID_desc goid = {0, NULL};
65	Gssctxt *ctxt = NULL;	66	Gssctxt *ctxt = NULL;
66	int mechs;	67	int r, present;
67	int present;	68	u_int mechs;
68	OM_uint32 ms;	69	OM_uint32 ms;
69	u_int len;	70	size_t len;
70	u_char *doid = NULL;	71	u_char *doid = NULL;
71		72
72	if (!authctxt->valid \|\| authctxt->user == NULL)	73	if (!authctxt->valid \|\| authctxt->user == NULL)
73	return (0);	74	return (0);
74		75
75	mechs = packet_get_int();	76	if ((r = sshpkt_get_u32(ssh, &mechs)) != 0)
		77	fatal("%s: %s", __func__, ssh_err(r));
		78
76	if (mechs == 0) {	79	if (mechs == 0) {
77	debug("Mechanism negotiation is not supported");	80	debug("Mechanism negotiation is not supported");
78	return (0);	81	return (0);
@@ -84,7 +87,8 @@ userauth_gssapi(struct ssh *ssh)
84	free(doid);	87	free(doid);
85		88
86	present = 0;	89	present = 0;
87	doid = packet_get_string(&len);	90	if ((r = sshpkt_get_string(ssh, &doid, &len)) != 0)
		91	fatal("%s: %s", __func__, ssh_err(r));
88		92
89	if (len > 2 && doid[0] == SSH_GSS_OIDTYPE &&	93	if (len > 2 && doid[0] == SSH_GSS_OIDTYPE &&
90	doid[1] == len - 2) {	94	doid[1] == len - 2) {
@@ -112,12 +116,12 @@ userauth_gssapi(struct ssh *ssh)
112		116
113	authctxt->methoddata = (void *)ctxt;	117	authctxt->methoddata = (void *)ctxt;
114		118
115	packet_start(SSH2_MSG_USERAUTH_GSSAPI_RESPONSE);
116
117	/* Return the OID that we received */	119	/* Return the OID that we received */
118	packet_put_string(doid, len);	120	if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_GSSAPI_RESPONSE)) != 0 \|\|
		121	(r = sshpkt_put_string(ssh, doid, len)) != 0 \|\|
		122	(r = sshpkt_send(ssh)) != 0)
		123	fatal("%s: %s", __func__, ssh_err(r));
119		124
120	packet_send();
121	free(doid);	125	free(doid);
122		126
123	ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_TOKEN, &input_gssapi_token);	127	ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_TOKEN, &input_gssapi_token);
@@ -135,36 +139,45 @@ input_gssapi_token(int type, u_int32_t plen, struct ssh *ssh)
135	gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;	139	gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
136	gss_buffer_desc recv_tok;	140	gss_buffer_desc recv_tok;
137	OM_uint32 maj_status, min_status, flags;	141	OM_uint32 maj_status, min_status, flags;
138	u_int len;	142	u_char *p;
		143	size_t len;
		144	int r;
139		145
140	if (authctxt == NULL \|\| (authctxt->methoddata == NULL && !use_privsep))	146	if (authctxt == NULL \|\| (authctxt->methoddata == NULL && !use_privsep))
141	fatal("No authentication or GSSAPI context");	147	fatal("No authentication or GSSAPI context");
142		148
143	gssctxt = authctxt->methoddata;	149	gssctxt = authctxt->methoddata;
144	recv_tok.value = packet_get_string(&len);	150	if ((r = sshpkt_get_string(ssh, &p, &len)) != 0 \|\|
145	recv_tok.length = len; /* u_int vs. size_t */	151	(r = sshpkt_get_end(ssh)) != 0)
146		152	fatal("%s: %s", __func__, ssh_err(r));
147	packet_check_eom();
148		153
		154	recv_tok.value = p;
		155	recv_tok.length = len;
149	maj_status = PRIVSEP(ssh_gssapi_accept_ctx(gssctxt, &recv_tok,	156	maj_status = PRIVSEP(ssh_gssapi_accept_ctx(gssctxt, &recv_tok,
150	&send_tok, &flags));	157	&send_tok, &flags));
151		158
152	free(recv_tok.value);	159	free(p);
153		160
154	if (GSS_ERROR(maj_status)) {	161	if (GSS_ERROR(maj_status)) {
155	if (send_tok.length != 0) {	162	if (send_tok.length != 0) {
156	packet_start(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK);	163	if ((r = sshpkt_start(ssh,
157	packet_put_string(send_tok.value, send_tok.length);	164	SSH2_MSG_USERAUTH_GSSAPI_ERRTOK)) != 0 \|\|
158	packet_send();	165	(r = sshpkt_put_string(ssh, send_tok.value,
		166	send_tok.length)) != 0 \|\|
		167	(r = sshpkt_send(ssh)) != 0)
		168	fatal("%s: %s", __func__, ssh_err(r));
159	}	169	}
160	authctxt->postponed = 0;	170	authctxt->postponed = 0;
161	ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);	171	ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
162	userauth_finish(ssh, 0, "gssapi-with-mic", NULL);	172	userauth_finish(ssh, 0, "gssapi-with-mic", NULL);
163	} else {	173	} else {
164	if (send_tok.length != 0) {	174	if (send_tok.length != 0) {
165	packet_start(SSH2_MSG_USERAUTH_GSSAPI_TOKEN);	175	if ((r = sshpkt_start(ssh,
166	packet_put_string(send_tok.value, send_tok.length);	176	SSH2_MSG_USERAUTH_GSSAPI_TOKEN)) != 0 \|\|
167	packet_send();	177	(r = sshpkt_put_string(ssh, send_tok.value,
		178	send_tok.length)) != 0 \|\|
		179	(r = sshpkt_send(ssh)) != 0)
		180	fatal("%s: %s", __func__, ssh_err(r));
168	}	181	}
169	if (maj_status == GSS_S_COMPLETE) {	182	if (maj_status == GSS_S_COMPLETE) {
170	ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);	183	ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
@@ -190,16 +203,16 @@ input_gssapi_errtok(int type, u_int32_t plen, struct ssh *ssh)
190	gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;	203	gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
191	gss_buffer_desc recv_tok;	204	gss_buffer_desc recv_tok;
192	OM_uint32 maj_status;	205	OM_uint32 maj_status;
193	u_int len;	206	int r;
194		207
195	if (authctxt == NULL \|\| (authctxt->methoddata == NULL && !use_privsep))	208	if (authctxt == NULL \|\| (authctxt->methoddata == NULL && !use_privsep))
196	fatal("No authentication or GSSAPI context");	209	fatal("No authentication or GSSAPI context");
197		210
198	gssctxt = authctxt->methoddata;	211	gssctxt = authctxt->methoddata;
199	recv_tok.value = packet_get_string(&len);	212	if ((r = sshpkt_get_string(ssh,
200	recv_tok.length = len;	213	&recv_tok.value, &recv_tok.length)) != 0 \|\|
201		214	(r = sshpkt_get_end(ssh)) != 0)
202	packet_check_eom();	215	fatal("%s: %s", __func__, ssh_err(r));
203		216
204	/* Push the error token into GSSAPI to see what it says */	217	/* Push the error token into GSSAPI to see what it says */
205	maj_status = PRIVSEP(ssh_gssapi_accept_ctx(gssctxt, &recv_tok,	218	maj_status = PRIVSEP(ssh_gssapi_accept_ctx(gssctxt, &recv_tok,
@@ -238,7 +251,8 @@ input_gssapi_exchange_complete(int type, u_int32_t plen, struct ssh *ssh)
238	* the dispatcher once the exchange is complete	251	* the dispatcher once the exchange is complete
239	*/	252	*/
240		253
241	packet_check_eom();	254	if ((r = sshpkt_get_end(ssh)) != 0)
		255	fatal("%s: %s", __func__, ssh_err(r));
242		256
243	authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user));	257	authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user));
244		258
@@ -260,10 +274,9 @@ input_gssapi_mic(int type, u_int32_t plen, struct ssh *ssh)
260	{	274	{
261	Authctxt *authctxt = ssh->authctxt;	275	Authctxt *authctxt = ssh->authctxt;
262	Gssctxt *gssctxt;	276	Gssctxt *gssctxt;
263	int authenticated = 0;	277	int r, authenticated = 0;
264	Buffer b;	278	struct sshbuf *b;
265	gss_buffer_desc mic, gssbuf;	279	gss_buffer_desc mic, gssbuf;
266	u_int len;
267	const char *displayname;	280	const char *displayname;
268		281
269	if (authctxt == NULL \|\| (authctxt->methoddata == NULL && !use_privsep))	282	if (authctxt == NULL \|\| (authctxt->methoddata == NULL && !use_privsep))
@@ -271,21 +284,23 @@ input_gssapi_mic(int type, u_int32_t plen, struct ssh *ssh)
271		284
272	gssctxt = authctxt->methoddata;	285	gssctxt = authctxt->methoddata;
273		286
274	mic.value = packet_get_string(&len);	287	if ((r = sshpkt_get_string(ssh, &mic.value, &mic.length)) != 0)
275	mic.length = len;	288	fatal("%s: %s", __func__, ssh_err(r));
276		289	if ((b = sshbuf_new()) == NULL)
277	ssh_gssapi_buildmic(&b, authctxt->user, authctxt->service,	290	fatal("%s: sshbuf_new failed", __func__);
		291	ssh_gssapi_buildmic(b, authctxt->user, authctxt->service,
278	"gssapi-with-mic");	292	"gssapi-with-mic");
279		293
280	gssbuf.value = buffer_ptr(&b);	294	if ((gssbuf.value = sshbuf_mutable_ptr(b)) == NULL)
281	gssbuf.length = buffer_len(&b);	295	fatal("%s: sshbuf_mutable_ptr failed", __func__);
		296	gssbuf.length = sshbuf_len(b);
282		297
283	if (!GSS_ERROR(PRIVSEP(ssh_gssapi_checkmic(gssctxt, &gssbuf, &mic))))	298	if (!GSS_ERROR(PRIVSEP(ssh_gssapi_checkmic(gssctxt, &gssbuf, &mic))))
284	authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user));	299	authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user));
285	else	300	else
286	logit("GSSAPI MIC check failed");	301	logit("GSSAPI MIC check failed");
287		302
288	buffer_free(&b);	303	sshbuf_free(b);
289	free(mic.value);	304	free(mic.value);
290		305
291	if ((!use_privsep \|\| mm_is_monitor()) &&	306	if ((!use_privsep \|\| mm_is_monitor()) &&


diff --git a/gss-genr.c b/gss-genr.c index 62559ed9e..f794e05b7 100644 --- a/gss-genr.c +++ b/gss-genr.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: gss-genr.c,v 1.24 2016/09/12 01:22:38 deraadt Exp $ */	1	/* $OpenBSD: gss-genr.c,v 1.25 2018/07/09 21:37:55 markus Exp $ */
2		2
3	/*	3	/*
4	* Copyright (c) 2001-2007 Simon Wilkinson. All rights reserved.	4	* Copyright (c) 2001-2007 Simon Wilkinson. All rights reserved.
@@ -37,7 +37,8 @@
37	#include <unistd.h>	37	#include <unistd.h>
38		38
39	#include "xmalloc.h"	39	#include "xmalloc.h"
40	#include "buffer.h"	40	#include "ssherr.h"
		41	#include "sshbuf.h"
41	#include "log.h"	42	#include "log.h"
42	#include "ssh2.h"	43	#include "ssh2.h"
43		44
@@ -94,10 +95,12 @@ ssh_gssapi_last_error(Gssctxt ctxt, OM_uint32 major_status,
94	OM_uint32 lmin;	95	OM_uint32 lmin;
95	gss_buffer_desc msg = GSS_C_EMPTY_BUFFER;	96	gss_buffer_desc msg = GSS_C_EMPTY_BUFFER;
96	OM_uint32 ctx;	97	OM_uint32 ctx;
97	Buffer b;	98	struct sshbuf *b;
98	char *ret;	99	char *ret;
		100	int r;
99		101
100	buffer_init(&b);	102	if ((b = sshbuf_new()) == NULL)
		103	fatal("%s: sshbuf_new failed", __func__);
101		104
102	if (major_status != NULL)	105	if (major_status != NULL)
103	*major_status = ctxt->major;	106	*major_status = ctxt->major;
@@ -110,8 +113,9 @@ ssh_gssapi_last_error(Gssctxt ctxt, OM_uint32 major_status,
110	gss_display_status(&lmin, ctxt->major,	113	gss_display_status(&lmin, ctxt->major,
111	GSS_C_GSS_CODE, ctxt->oid, &ctx, &msg);	114	GSS_C_GSS_CODE, ctxt->oid, &ctx, &msg);
112		115
113	buffer_append(&b, msg.value, msg.length);	116	if ((r = sshbuf_put(b, msg.value, msg.length)) != 0 \|\|
114	buffer_put_char(&b, '\n');	117	(r = sshbuf_put_u8(b, '\n')) != 0)
		118	fatal("%s: buffer error: %s", __func__, ssh_err(r));
115		119
116	gss_release_buffer(&lmin, &msg);	120	gss_release_buffer(&lmin, &msg);
117	} while (ctx != 0);	121	} while (ctx != 0);
@@ -121,16 +125,17 @@ ssh_gssapi_last_error(Gssctxt ctxt, OM_uint32 major_status,
121	gss_display_status(&lmin, ctxt->minor,	125	gss_display_status(&lmin, ctxt->minor,
122	GSS_C_MECH_CODE, ctxt->oid, &ctx, &msg);	126	GSS_C_MECH_CODE, ctxt->oid, &ctx, &msg);
123		127
124	buffer_append(&b, msg.value, msg.length);	128	if ((r = sshbuf_put(b, msg.value, msg.length)) != 0 \|\|
125	buffer_put_char(&b, '\n');	129	(r = sshbuf_put_u8(b, '\n')) != 0)
		130	fatal("%s: buffer error: %s", __func__, ssh_err(r));
126		131
127	gss_release_buffer(&lmin, &msg);	132	gss_release_buffer(&lmin, &msg);
128	} while (ctx != 0);	133	} while (ctx != 0);
129		134
130	buffer_put_char(&b, '\0');	135	if ((r = sshbuf_put_u8(b, '\n')) != 0)
131	ret = xmalloc(buffer_len(&b));	136	fatal("%s: buffer error: %s", __func__, ssh_err(r));
132	buffer_get(&b, ret, buffer_len(&b));	137	ret = xstrdup((const char *)sshbuf_ptr(b));
133	buffer_free(&b);	138	sshbuf_free(b);
134	return (ret);	139	return (ret);
135	}	140	}
136		141
@@ -238,15 +243,18 @@ ssh_gssapi_sign(Gssctxt *ctx, gss_buffer_t buffer, gss_buffer_t hash)
238	}	243	}
239		244
240	void	245	void
241	ssh_gssapi_buildmic(Buffer b, const char user, const char *service,	246	ssh_gssapi_buildmic(struct sshbuf b, const char user, const char *service,
242	const char *context)	247	const char *context)
243	{	248	{
244	buffer_init(b);	249	int r;
245	buffer_put_string(b, session_id2, session_id2_len);	250
246	buffer_put_char(b, SSH2_MSG_USERAUTH_REQUEST);	251	sshbuf_reset(b);
247	buffer_put_cstring(b, user);	252	if ((r = sshbuf_put_string(b, session_id2, session_id2_len)) != 0 \|\|
248	buffer_put_cstring(b, service);	253	(r = sshbuf_put_u8(b, SSH2_MSG_USERAUTH_REQUEST)) != 0 \|\|
249	buffer_put_cstring(b, context);	254	(r = sshbuf_put_cstring(b, user)) != 0 \|\|
		255	(r = sshbuf_put_cstring(b, service)) != 0 \|\|
		256	(r = sshbuf_put_cstring(b, context)) != 0)
		257	fatal("%s: buffer error: %s", __func__, ssh_err(r));
250	}	258	}
251		259
252	int	260	int


diff --git a/gss-serv-krb5.c b/gss-serv-krb5.c index 795992d9f..a151bc1e4 100644 --- a/gss-serv-krb5.c +++ b/gss-serv-krb5.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: gss-serv-krb5.c,v 1.8 2013/07/20 01:55:13 djm Exp $ */	1	/* $OpenBSD: gss-serv-krb5.c,v 1.9 2018/07/09 21:37:55 markus Exp $ */
2		2
3	/*	3	/*
4	* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.	4	* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
@@ -35,14 +35,13 @@
35	#include <string.h>	35	#include <string.h>
36		36
37	#include "xmalloc.h"	37	#include "xmalloc.h"
38	#include "key.h"	38	#include "sshkey.h"
39	#include "hostfile.h"	39	#include "hostfile.h"
40	#include "auth.h"	40	#include "auth.h"
41	#include "log.h"	41	#include "log.h"
42	#include "misc.h"	42	#include "misc.h"
43	#include "servconf.h"	43	#include "servconf.h"
44		44
45	#include "buffer.h"
46	#include "ssh-gss.h"	45	#include "ssh-gss.h"
47		46
48	extern ServerOptions options;	47	extern ServerOptions options;


diff --git a/gss-serv.c b/gss-serv.c index 6cae720e5..ab3a15f0f 100644 --- a/gss-serv.c +++ b/gss-serv.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: gss-serv.c,v 1.30 2017/06/24 06:34:38 djm Exp $ */	1	/* $OpenBSD: gss-serv.c,v 1.31 2018/07/09 21:37:55 markus Exp $ */
2		2
3	/*	3	/*
4	* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.	4	* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
@@ -36,8 +36,7 @@
36		36
37	#include "openbsd-compat/sys-queue.h"	37	#include "openbsd-compat/sys-queue.h"
38	#include "xmalloc.h"	38	#include "xmalloc.h"
39	#include "buffer.h"	39	#include "sshkey.h"
40	#include "key.h"
41	#include "hostfile.h"	40	#include "hostfile.h"
42	#include "auth.h"	41	#include "auth.h"
43	#include "log.h"	42	#include "log.h"