summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ChangeLog7
-rw-r--r--kex.c4
-rw-r--r--monitor.c40
-rw-r--r--monitor_wrap.c90
-rw-r--r--sshd.c40
5 files changed, 93 insertions, 88 deletions
diff --git a/ChangeLog b/ChangeLog
index 98ecf640d..7bb00fcca 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -28,6 +28,11 @@
28 [auth-rhosts.c] 28 [auth-rhosts.c]
29 handle debug messages during rhosts-rsa and hostbased authentication; 29 handle debug messages during rhosts-rsa and hostbased authentication;
30 ok provos@ 30 ok provos@
31 - mouring@cvs.openbsd.org 2002/05/15 15:47:49
32 [kex.c monitor.c monitor_wrap.c sshd.c]
33 'monitor' variable clashes with at least one lame platform (NeXT). i
34 Renamed to 'pmonitor'. provos@
35 - (bal) Fixed up PAM case. I think.
31 36
3220020514 3720020514
33 - (stevesk) [README.privsep] PAM+privsep works with Solaris 8. 38 - (stevesk) [README.privsep] PAM+privsep works with Solaris 8.
@@ -632,4 +637,4 @@
632 - (stevesk) entropy.c: typo in debug message 637 - (stevesk) entropy.c: typo in debug message
633 - (djm) ssh-keygen -i needs seeded RNG; report from markus@ 638 - (djm) ssh-keygen -i needs seeded RNG; report from markus@
634 639
635$Id: ChangeLog,v 1.2128 2002/05/15 16:19:37 mouring Exp $ 640$Id: ChangeLog,v 1.2129 2002/05/15 16:25:01 mouring Exp $
diff --git a/kex.c b/kex.c
index 194a865ad..d079ab0e3 100644
--- a/kex.c
+++ b/kex.c
@@ -23,7 +23,7 @@
23 */ 23 */
24 24
25#include "includes.h" 25#include "includes.h"
26RCSID("$OpenBSD: kex.c,v 1.49 2002/03/26 23:14:51 markus Exp $"); 26RCSID("$OpenBSD: kex.c,v 1.50 2002/05/15 15:47:49 mouring Exp $");
27 27
28#include <openssl/crypto.h> 28#include <openssl/crypto.h>
29 29
@@ -46,7 +46,7 @@ RCSID("$OpenBSD: kex.c,v 1.49 2002/03/26 23:14:51 markus Exp $");
46 46
47/* Use privilege separation for sshd */ 47/* Use privilege separation for sshd */
48int use_privsep; 48int use_privsep;
49struct monitor *monitor; 49struct monitor *pmonitor;
50 50
51 51
52/* prototype */ 52/* prototype */
diff --git a/monitor.c b/monitor.c
index 279ec37ff..1e23d913a 100644
--- a/monitor.c
+++ b/monitor.c
@@ -25,7 +25,7 @@
25 */ 25 */
26 26
27#include "includes.h" 27#include "includes.h"
28RCSID("$OpenBSD: monitor.c,v 1.10 2002/05/12 23:53:45 djm Exp $"); 28RCSID("$OpenBSD: monitor.c,v 1.11 2002/05/15 15:47:49 mouring Exp $");
29 29
30#include <openssl/dh.h> 30#include <openssl/dh.h>
31 31
@@ -240,7 +240,7 @@ monitor_permit_authentications(int permit)
240} 240}
241 241
242Authctxt * 242Authctxt *
243monitor_child_preauth(struct monitor *monitor) 243monitor_child_preauth(struct monitor *pmonitor)
244{ 244{
245 struct mon_table *ent; 245 struct mon_table *ent;
246 int authenticated = 0; 246 int authenticated = 0;
@@ -263,7 +263,7 @@ monitor_child_preauth(struct monitor *monitor)
263 263
264 /* The first few requests do not require asynchronous access */ 264 /* The first few requests do not require asynchronous access */
265 while (!authenticated) { 265 while (!authenticated) {
266 authenticated = monitor_read(monitor, mon_dispatch, &ent); 266 authenticated = monitor_read(pmonitor, mon_dispatch, &ent);
267 if (authenticated) { 267 if (authenticated) {
268 if (!(ent->flags & MON_AUTHDECIDE)) 268 if (!(ent->flags & MON_AUTHDECIDE))
269 fatal("%s: unexpected authentication from %d", 269 fatal("%s: unexpected authentication from %d",
@@ -291,13 +291,13 @@ monitor_child_preauth(struct monitor *monitor)
291 debug("%s: %s has been authenticated by privileged process", 291 debug("%s: %s has been authenticated by privileged process",
292 __FUNCTION__, authctxt->user); 292 __FUNCTION__, authctxt->user);
293 293
294 mm_get_keystate(monitor); 294 mm_get_keystate(pmonitor);
295 295
296 return (authctxt); 296 return (authctxt);
297} 297}
298 298
299void 299void
300monitor_child_postauth(struct monitor *monitor) 300monitor_child_postauth(struct monitor *pmonitor)
301{ 301{
302 if (compat20) { 302 if (compat20) {
303 mon_dispatch = mon_dispatch_postauth20; 303 mon_dispatch = mon_dispatch_postauth20;
@@ -317,18 +317,18 @@ monitor_child_postauth(struct monitor *monitor)
317 } 317 }
318 318
319 for (;;) 319 for (;;)
320 monitor_read(monitor, mon_dispatch, NULL); 320 monitor_read(pmonitor, mon_dispatch, NULL);
321} 321}
322 322
323void 323void
324monitor_sync(struct monitor *monitor) 324monitor_sync(struct monitor *pmonitor)
325{ 325{
326 /* The member allocation is not visible, so sync it */ 326 /* The member allocation is not visible, so sync it */
327 mm_share_sync(&monitor->m_zlib, &monitor->m_zback); 327 mm_share_sync(&pmonitor->m_zlib, &pmonitor->m_zback);
328} 328}
329 329
330int 330int
331monitor_read(struct monitor *monitor, struct mon_table *ent, 331monitor_read(struct monitor *pmonitor, struct mon_table *ent,
332 struct mon_table **pent) 332 struct mon_table **pent)
333{ 333{
334 Buffer m; 334 Buffer m;
@@ -337,7 +337,7 @@ monitor_read(struct monitor *monitor, struct mon_table *ent,
337 337
338 buffer_init(&m); 338 buffer_init(&m);
339 339
340 mm_request_receive(monitor->m_sendfd, &m); 340 mm_request_receive(pmonitor->m_sendfd, &m);
341 type = buffer_get_char(&m); 341 type = buffer_get_char(&m);
342 342
343 debug3("%s: checking request %d", __FUNCTION__, type); 343 debug3("%s: checking request %d", __FUNCTION__, type);
@@ -352,7 +352,7 @@ monitor_read(struct monitor *monitor, struct mon_table *ent,
352 if (!(ent->flags & MON_PERMIT)) 352 if (!(ent->flags & MON_PERMIT))
353 fatal("%s: unpermitted request %d", __FUNCTION__, 353 fatal("%s: unpermitted request %d", __FUNCTION__,
354 type); 354 type);
355 ret = (*ent->f)(monitor->m_sendfd, &m); 355 ret = (*ent->f)(pmonitor->m_sendfd, &m);
356 buffer_free(&m); 356 buffer_free(&m);
357 357
358 /* The child may use this request only once, disable it */ 358 /* The child may use this request only once, disable it */
@@ -1003,7 +1003,7 @@ mm_session_close(Session *s)
1003int 1003int
1004mm_answer_pty(int socket, Buffer *m) 1004mm_answer_pty(int socket, Buffer *m)
1005{ 1005{
1006 extern struct monitor *monitor; 1006 extern struct monitor *pmonitor;
1007 Session *s; 1007 Session *s;
1008 int res, fd0; 1008 int res, fd0;
1009 1009
@@ -1015,7 +1015,7 @@ mm_answer_pty(int socket, Buffer *m)
1015 goto error; 1015 goto error;
1016 s->authctxt = authctxt; 1016 s->authctxt = authctxt;
1017 s->pw = authctxt->pw; 1017 s->pw = authctxt->pw;
1018 s->pid = monitor->m_pid; 1018 s->pid = pmonitor->m_pid;
1019 res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty)); 1019 res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty));
1020 if (res == 0) 1020 if (res == 0)
1021 goto error; 1021 goto error;
@@ -1252,7 +1252,7 @@ mm_answer_rsa_response(int socket, Buffer *m)
1252int 1252int
1253mm_answer_term(int socket, Buffer *req) 1253mm_answer_term(int socket, Buffer *req)
1254{ 1254{
1255 extern struct monitor *monitor; 1255 extern struct monitor *pmonitor;
1256 int res, status; 1256 int res, status;
1257 1257
1258 debug3("%s: tearing down sessions", __FUNCTION__); 1258 debug3("%s: tearing down sessions", __FUNCTION__);
@@ -1260,7 +1260,7 @@ mm_answer_term(int socket, Buffer *req)
1260 /* The child is terminating */ 1260 /* The child is terminating */
1261 session_destroy_all(&mm_session_close); 1261 session_destroy_all(&mm_session_close);
1262 1262
1263 while (waitpid(monitor->m_pid, &status, 0) == -1) 1263 while (waitpid(pmonitor->m_pid, &status, 0) == -1)
1264 if (errno != EINTR) 1264 if (errno != EINTR)
1265 exit(1); 1265 exit(1);
1266 1266
@@ -1271,7 +1271,7 @@ mm_answer_term(int socket, Buffer *req)
1271} 1271}
1272 1272
1273void 1273void
1274monitor_apply_keystate(struct monitor *monitor) 1274monitor_apply_keystate(struct monitor *pmonitor)
1275{ 1275{
1276 if (compat20) { 1276 if (compat20) {
1277 set_newkeys(MODE_IN); 1277 set_newkeys(MODE_IN);
@@ -1303,7 +1303,7 @@ monitor_apply_keystate(struct monitor *monitor)
1303 sizeof(outgoing_stream)); 1303 sizeof(outgoing_stream));
1304 1304
1305 /* Update with new address */ 1305 /* Update with new address */
1306 mm_init_compression(monitor->m_zlib); 1306 mm_init_compression(pmonitor->m_zlib);
1307 1307
1308 /* Network I/O buffers */ 1308 /* Network I/O buffers */
1309 /* XXX inefficient for large buffers, need: buffer_init_from_string */ 1309 /* XXX inefficient for large buffers, need: buffer_init_from_string */
@@ -1353,7 +1353,7 @@ mm_get_kex(Buffer *m)
1353/* This function requries careful sanity checking */ 1353/* This function requries careful sanity checking */
1354 1354
1355void 1355void
1356mm_get_keystate(struct monitor *monitor) 1356mm_get_keystate(struct monitor *pmonitor)
1357{ 1357{
1358 Buffer m; 1358 Buffer m;
1359 u_char *blob, *p; 1359 u_char *blob, *p;
@@ -1362,7 +1362,7 @@ mm_get_keystate(struct monitor *monitor)
1362 debug3("%s: Waiting for new keys", __FUNCTION__); 1362 debug3("%s: Waiting for new keys", __FUNCTION__);
1363 1363
1364 buffer_init(&m); 1364 buffer_init(&m);
1365 mm_request_receive_expect(monitor->m_sendfd, MONITOR_REQ_KEYEXPORT, &m); 1365 mm_request_receive_expect(pmonitor->m_sendfd, MONITOR_REQ_KEYEXPORT, &m);
1366 if (!compat20) { 1366 if (!compat20) {
1367 child_state.ssh1protoflags = buffer_get_int(&m); 1367 child_state.ssh1protoflags = buffer_get_int(&m);
1368 child_state.ssh1cipher = buffer_get_int(&m); 1368 child_state.ssh1cipher = buffer_get_int(&m);
@@ -1372,7 +1372,7 @@ mm_get_keystate(struct monitor *monitor)
1372 goto skip; 1372 goto skip;
1373 } else { 1373 } else {
1374 /* Get the Kex for rekeying */ 1374 /* Get the Kex for rekeying */
1375 *monitor->m_pkex = mm_get_kex(&m); 1375 *pmonitor->m_pkex = mm_get_kex(&m);
1376 } 1376 }
1377 1377
1378 blob = buffer_get_string(&m, &bloblen); 1378 blob = buffer_get_string(&m, &bloblen);
diff --git a/monitor_wrap.c b/monitor_wrap.c
index 380175828..c5e3fb988 100644
--- a/monitor_wrap.c
+++ b/monitor_wrap.c
@@ -25,7 +25,7 @@
25 */ 25 */
26 26
27#include "includes.h" 27#include "includes.h"
28RCSID("$OpenBSD: monitor_wrap.c,v 1.6 2002/05/12 23:53:45 djm Exp $"); 28RCSID("$OpenBSD: monitor_wrap.c,v 1.7 2002/05/15 15:47:49 mouring Exp $");
29 29
30#include <openssl/bn.h> 30#include <openssl/bn.h>
31#include <openssl/dh.h> 31#include <openssl/dh.h>
@@ -56,7 +56,7 @@ extern int compat20;
56extern Newkeys *newkeys[]; 56extern Newkeys *newkeys[];
57extern z_stream incoming_stream; 57extern z_stream incoming_stream;
58extern z_stream outgoing_stream; 58extern z_stream outgoing_stream;
59extern struct monitor *monitor; 59extern struct monitor *pmonitor;
60extern Buffer input, output; 60extern Buffer input, output;
61 61
62void 62void
@@ -126,10 +126,10 @@ mm_choose_dh(int min, int nbits, int max)
126 buffer_put_int(&m, nbits); 126 buffer_put_int(&m, nbits);
127 buffer_put_int(&m, max); 127 buffer_put_int(&m, max);
128 128
129 mm_request_send(monitor->m_recvfd, MONITOR_REQ_MODULI, &m); 129 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_MODULI, &m);
130 130
131 debug3("%s: waiting for MONITOR_ANS_MODULI", __FUNCTION__); 131 debug3("%s: waiting for MONITOR_ANS_MODULI", __FUNCTION__);
132 mm_request_receive_expect(monitor->m_recvfd, MONITOR_ANS_MODULI, &m); 132 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_MODULI, &m);
133 133
134 success = buffer_get_char(&m); 134 success = buffer_get_char(&m);
135 if (success == 0) 135 if (success == 0)
@@ -151,7 +151,7 @@ mm_choose_dh(int min, int nbits, int max)
151int 151int
152mm_key_sign(Key *key, u_char **sigp, u_int *lenp, u_char *data, u_int datalen) 152mm_key_sign(Key *key, u_char **sigp, u_int *lenp, u_char *data, u_int datalen)
153{ 153{
154 Kex *kex = *monitor->m_pkex; 154 Kex *kex = *pmonitor->m_pkex;
155 Buffer m; 155 Buffer m;
156 156
157 debug3("%s entering", __FUNCTION__); 157 debug3("%s entering", __FUNCTION__);
@@ -160,10 +160,10 @@ mm_key_sign(Key *key, u_char **sigp, u_int *lenp, u_char *data, u_int datalen)
160 buffer_put_int(&m, kex->host_key_index(key)); 160 buffer_put_int(&m, kex->host_key_index(key));
161 buffer_put_string(&m, data, datalen); 161 buffer_put_string(&m, data, datalen);
162 162
163 mm_request_send(monitor->m_recvfd, MONITOR_REQ_SIGN, &m); 163 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SIGN, &m);
164 164
165 debug3("%s: waiting for MONITOR_ANS_SIGN", __FUNCTION__); 165 debug3("%s: waiting for MONITOR_ANS_SIGN", __FUNCTION__);
166 mm_request_receive_expect(monitor->m_recvfd, MONITOR_ANS_SIGN, &m); 166 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_SIGN, &m);
167 *sigp = buffer_get_string(&m, lenp); 167 *sigp = buffer_get_string(&m, lenp);
168 buffer_free(&m); 168 buffer_free(&m);
169 169
@@ -182,10 +182,10 @@ mm_getpwnamallow(const char *login)
182 buffer_init(&m); 182 buffer_init(&m);
183 buffer_put_cstring(&m, login); 183 buffer_put_cstring(&m, login);
184 184
185 mm_request_send(monitor->m_recvfd, MONITOR_REQ_PWNAM, &m); 185 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PWNAM, &m);
186 186
187 debug3("%s: waiting for MONITOR_ANS_PWNAM", __FUNCTION__); 187 debug3("%s: waiting for MONITOR_ANS_PWNAM", __FUNCTION__);
188 mm_request_receive_expect(monitor->m_recvfd, MONITOR_ANS_PWNAM, &m); 188 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PWNAM, &m);
189 189
190 if (buffer_get_char(&m) == 0) { 190 if (buffer_get_char(&m) == 0) {
191 buffer_free(&m); 191 buffer_free(&m);
@@ -215,10 +215,10 @@ char* mm_auth2_read_banner(void)
215 debug3("%s entering", __FUNCTION__); 215 debug3("%s entering", __FUNCTION__);
216 216
217 buffer_init(&m); 217 buffer_init(&m);
218 mm_request_send(monitor->m_recvfd, MONITOR_REQ_AUTH2_READ_BANNER, &m); 218 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTH2_READ_BANNER, &m);
219 buffer_clear(&m); 219 buffer_clear(&m);
220 220
221 mm_request_receive_expect(monitor->m_recvfd, MONITOR_ANS_AUTH2_READ_BANNER, &m); 221 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUTH2_READ_BANNER, &m);
222 banner = buffer_get_string(&m, NULL); 222 banner = buffer_get_string(&m, NULL);
223 buffer_free(&m); 223 buffer_free(&m);
224 224
@@ -238,7 +238,7 @@ mm_inform_authserv(char *service, char *style)
238 buffer_put_cstring(&m, service); 238 buffer_put_cstring(&m, service);
239 buffer_put_cstring(&m, style ? style : ""); 239 buffer_put_cstring(&m, style ? style : "");
240 240
241 mm_request_send(monitor->m_recvfd, MONITOR_REQ_AUTHSERV, &m); 241 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHSERV, &m);
242 242
243 buffer_free(&m); 243 buffer_free(&m);
244} 244}
@@ -254,10 +254,10 @@ mm_auth_password(Authctxt *authctxt, char *password)
254 254
255 buffer_init(&m); 255 buffer_init(&m);
256 buffer_put_cstring(&m, password); 256 buffer_put_cstring(&m, password);
257 mm_request_send(monitor->m_recvfd, MONITOR_REQ_AUTHPASSWORD, &m); 257 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHPASSWORD, &m);
258 258
259 debug3("%s: waiting for MONITOR_ANS_AUTHPASSWORD", __FUNCTION__); 259 debug3("%s: waiting for MONITOR_ANS_AUTHPASSWORD", __FUNCTION__);
260 mm_request_receive_expect(monitor->m_recvfd, MONITOR_ANS_AUTHPASSWORD, &m); 260 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUTHPASSWORD, &m);
261 261
262 authenticated = buffer_get_int(&m); 262 authenticated = buffer_get_int(&m);
263 263
@@ -327,10 +327,10 @@ mm_key_allowed(enum mm_keytype type, char *user, char *host, Key *key)
327 buffer_put_string(&m, blob, len); 327 buffer_put_string(&m, blob, len);
328 xfree(blob); 328 xfree(blob);
329 329
330 mm_request_send(monitor->m_recvfd, MONITOR_REQ_KEYALLOWED, &m); 330 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYALLOWED, &m);
331 331
332 debug3("%s: waiting for MONITOR_ANS_KEYALLOWED", __FUNCTION__); 332 debug3("%s: waiting for MONITOR_ANS_KEYALLOWED", __FUNCTION__);
333 mm_request_receive_expect(monitor->m_recvfd, MONITOR_ANS_KEYALLOWED, &m); 333 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_KEYALLOWED, &m);
334 334
335 allowed = buffer_get_int(&m); 335 allowed = buffer_get_int(&m);
336 336
@@ -368,10 +368,10 @@ mm_key_verify(Key *key, u_char *sig, u_int siglen, u_char *data, u_int datalen)
368 buffer_put_string(&m, data, datalen); 368 buffer_put_string(&m, data, datalen);
369 xfree(blob); 369 xfree(blob);
370 370
371 mm_request_send(monitor->m_recvfd, MONITOR_REQ_KEYVERIFY, &m); 371 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYVERIFY, &m);
372 372
373 debug3("%s: waiting for MONITOR_ANS_KEYVERIFY", __FUNCTION__); 373 debug3("%s: waiting for MONITOR_ANS_KEYVERIFY", __FUNCTION__);
374 mm_request_receive_expect(monitor->m_recvfd, MONITOR_ANS_KEYVERIFY, &m); 374 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_KEYVERIFY, &m);
375 375
376 verified = buffer_get_int(&m); 376 verified = buffer_get_int(&m);
377 377
@@ -510,7 +510,7 @@ mm_send_kex(Buffer *m, Kex *kex)
510} 510}
511 511
512void 512void
513mm_send_keystate(struct monitor *monitor) 513mm_send_keystate(struct monitor *pmonitor)
514{ 514{
515 Buffer m; 515 Buffer m;
516 u_char *blob, *p; 516 u_char *blob, *p;
@@ -536,7 +536,7 @@ mm_send_keystate(struct monitor *monitor)
536 goto skip; 536 goto skip;
537 } else { 537 } else {
538 /* Kex for rekeying */ 538 /* Kex for rekeying */
539 mm_send_kex(&m, *monitor->m_pkex); 539 mm_send_kex(&m, *pmonitor->m_pkex);
540 } 540 }
541 541
542 debug3("%s: Sending new keys: %p %p", 542 debug3("%s: Sending new keys: %p %p",
@@ -582,7 +582,7 @@ mm_send_keystate(struct monitor *monitor)
582 buffer_put_string(&m, buffer_ptr(&input), buffer_len(&input)); 582 buffer_put_string(&m, buffer_ptr(&input), buffer_len(&input));
583 buffer_put_string(&m, buffer_ptr(&output), buffer_len(&output)); 583 buffer_put_string(&m, buffer_ptr(&output), buffer_len(&output));
584 584
585 mm_request_send(monitor->m_recvfd, MONITOR_REQ_KEYEXPORT, &m); 585 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYEXPORT, &m);
586 debug3("%s: Finished sending state", __FUNCTION__); 586 debug3("%s: Finished sending state", __FUNCTION__);
587 587
588 buffer_free(&m); 588 buffer_free(&m);
@@ -596,10 +596,10 @@ mm_pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, int namebuflen)
596 int success = 0; 596 int success = 0;
597 597
598 buffer_init(&m); 598 buffer_init(&m);
599 mm_request_send(monitor->m_recvfd, MONITOR_REQ_PTY, &m); 599 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PTY, &m);
600 600
601 debug3("%s: waiting for MONITOR_ANS_PTY", __FUNCTION__); 601 debug3("%s: waiting for MONITOR_ANS_PTY", __FUNCTION__);
602 mm_request_receive_expect(monitor->m_recvfd, MONITOR_ANS_PTY, &m); 602 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PTY, &m);
603 603
604 success = buffer_get_int(&m); 604 success = buffer_get_int(&m);
605 if (success == 0) { 605 if (success == 0) {
@@ -613,8 +613,8 @@ mm_pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, int namebuflen)
613 strlcpy(namebuf, p, namebuflen); /* Possible truncation */ 613 strlcpy(namebuf, p, namebuflen); /* Possible truncation */
614 xfree(p); 614 xfree(p);
615 615
616 *ptyfd = mm_receive_fd(monitor->m_recvfd); 616 *ptyfd = mm_receive_fd(pmonitor->m_recvfd);
617 *ttyfd = mm_receive_fd(monitor->m_recvfd); 617 *ttyfd = mm_receive_fd(pmonitor->m_recvfd);
618 618
619 /* Success */ 619 /* Success */
620 return (1); 620 return (1);
@@ -630,7 +630,7 @@ mm_session_pty_cleanup2(void *session)
630 return; 630 return;
631 buffer_init(&m); 631 buffer_init(&m);
632 buffer_put_cstring(&m, s->tty); 632 buffer_put_cstring(&m, s->tty);
633 mm_request_send(monitor->m_recvfd, MONITOR_REQ_PTYCLEANUP, &m); 633 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PTYCLEANUP, &m);
634 buffer_free(&m); 634 buffer_free(&m);
635 635
636 /* closed dup'ed master */ 636 /* closed dup'ed master */
@@ -652,7 +652,7 @@ mm_start_pam(char *user)
652 buffer_init(&m); 652 buffer_init(&m);
653 buffer_put_cstring(&m, user); 653 buffer_put_cstring(&m, user);
654 654
655 mm_request_send(monitor->m_recvfd, MONITOR_REQ_PAM_START, &m); 655 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_START, &m);
656 656
657 buffer_free(&m); 657 buffer_free(&m);
658} 658}
@@ -666,7 +666,7 @@ mm_terminate(void)
666 Buffer m; 666 Buffer m;
667 667
668 buffer_init(&m); 668 buffer_init(&m);
669 mm_request_send(monitor->m_recvfd, MONITOR_REQ_TERM, &m); 669 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_TERM, &m);
670 buffer_free(&m); 670 buffer_free(&m);
671} 671}
672 672
@@ -678,9 +678,9 @@ mm_ssh1_session_key(BIGNUM *num)
678 678
679 buffer_init(&m); 679 buffer_init(&m);
680 buffer_put_bignum2(&m, num); 680 buffer_put_bignum2(&m, num);
681 mm_request_send(monitor->m_recvfd, MONITOR_REQ_SESSKEY, &m); 681 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SESSKEY, &m);
682 682
683 mm_request_receive_expect(monitor->m_recvfd, MONITOR_ANS_SESSKEY, &m); 683 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_SESSKEY, &m);
684 684
685 rsafail = buffer_get_int(&m); 685 rsafail = buffer_get_int(&m);
686 buffer_get_bignum2(&m, num); 686 buffer_get_bignum2(&m, num);
@@ -713,9 +713,9 @@ mm_bsdauth_query(void *ctx, char **name, char **infotxt,
713 debug3("%s: entering", __FUNCTION__); 713 debug3("%s: entering", __FUNCTION__);
714 714
715 buffer_init(&m); 715 buffer_init(&m);
716 mm_request_send(monitor->m_recvfd, MONITOR_REQ_BSDAUTHQUERY, &m); 716 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_BSDAUTHQUERY, &m);
717 717
718 mm_request_receive_expect(monitor->m_recvfd, MONITOR_ANS_BSDAUTHQUERY, 718 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_BSDAUTHQUERY,
719 &m); 719 &m);
720 res = buffer_get_int(&m); 720 res = buffer_get_int(&m);
721 if (res == -1) { 721 if (res == -1) {
@@ -748,9 +748,9 @@ mm_bsdauth_respond(void *ctx, u_int numresponses, char **responses)
748 748
749 buffer_init(&m); 749 buffer_init(&m);
750 buffer_put_cstring(&m, responses[0]); 750 buffer_put_cstring(&m, responses[0]);
751 mm_request_send(monitor->m_recvfd, MONITOR_REQ_BSDAUTHRESPOND, &m); 751 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_BSDAUTHRESPOND, &m);
752 752
753 mm_request_receive_expect(monitor->m_recvfd, 753 mm_request_receive_expect(pmonitor->m_recvfd,
754 MONITOR_ANS_BSDAUTHRESPOND, &m); 754 MONITOR_ANS_BSDAUTHRESPOND, &m);
755 755
756 authok = buffer_get_int(&m); 756 authok = buffer_get_int(&m);
@@ -770,9 +770,9 @@ mm_skey_query(void *ctx, char **name, char **infotxt,
770 debug3("%s: entering", __FUNCTION__); 770 debug3("%s: entering", __FUNCTION__);
771 771
772 buffer_init(&m); 772 buffer_init(&m);
773 mm_request_send(monitor->m_recvfd, MONITOR_REQ_SKEYQUERY, &m); 773 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SKEYQUERY, &m);
774 774
775 mm_request_receive_expect(monitor->m_recvfd, MONITOR_ANS_SKEYQUERY, 775 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_SKEYQUERY,
776 &m); 776 &m);
777 res = buffer_get_int(&m); 777 res = buffer_get_int(&m);
778 if (res == -1) { 778 if (res == -1) {
@@ -811,9 +811,9 @@ mm_skey_respond(void *ctx, u_int numresponses, char **responses)
811 811
812 buffer_init(&m); 812 buffer_init(&m);
813 buffer_put_cstring(&m, responses[0]); 813 buffer_put_cstring(&m, responses[0]);
814 mm_request_send(monitor->m_recvfd, MONITOR_REQ_SKEYRESPOND, &m); 814 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SKEYRESPOND, &m);
815 815
816 mm_request_receive_expect(monitor->m_recvfd, 816 mm_request_receive_expect(pmonitor->m_recvfd,
817 MONITOR_ANS_SKEYRESPOND, &m); 817 MONITOR_ANS_SKEYRESPOND, &m);
818 818
819 authok = buffer_get_int(&m); 819 authok = buffer_get_int(&m);
@@ -834,7 +834,7 @@ mm_ssh1_session_id(u_char session_id[16])
834 for (i = 0; i < 16; i++) 834 for (i = 0; i < 16; i++)
835 buffer_put_char(&m, session_id[i]); 835 buffer_put_char(&m, session_id[i]);
836 836
837 mm_request_send(monitor->m_recvfd, MONITOR_REQ_SESSID, &m); 837 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SESSID, &m);
838 buffer_free(&m); 838 buffer_free(&m);
839} 839}
840 840
@@ -852,8 +852,8 @@ mm_auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
852 buffer_init(&m); 852 buffer_init(&m);
853 buffer_put_bignum2(&m, client_n); 853 buffer_put_bignum2(&m, client_n);
854 854
855 mm_request_send(monitor->m_recvfd, MONITOR_REQ_RSAKEYALLOWED, &m); 855 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_RSAKEYALLOWED, &m);
856 mm_request_receive_expect(monitor->m_recvfd, MONITOR_ANS_RSAKEYALLOWED, &m); 856 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_RSAKEYALLOWED, &m);
857 857
858 allowed = buffer_get_int(&m); 858 allowed = buffer_get_int(&m);
859 859
@@ -892,8 +892,8 @@ mm_auth_rsa_generate_challenge(Key *key)
892 buffer_put_string(&m, blob, blen); 892 buffer_put_string(&m, blob, blen);
893 xfree(blob); 893 xfree(blob);
894 894
895 mm_request_send(monitor->m_recvfd, MONITOR_REQ_RSACHALLENGE, &m); 895 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_RSACHALLENGE, &m);
896 mm_request_receive_expect(monitor->m_recvfd, MONITOR_ANS_RSACHALLENGE, &m); 896 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_RSACHALLENGE, &m);
897 897
898 buffer_get_bignum2(&m, challenge); 898 buffer_get_bignum2(&m, challenge);
899 buffer_free(&m); 899 buffer_free(&m);
@@ -921,8 +921,8 @@ mm_auth_rsa_verify_response(Key *key, BIGNUM *p, u_char response[16])
921 buffer_put_string(&m, response, 16); 921 buffer_put_string(&m, response, 16);
922 xfree(blob); 922 xfree(blob);
923 923
924 mm_request_send(monitor->m_recvfd, MONITOR_REQ_RSARESPONSE, &m); 924 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_RSARESPONSE, &m);
925 mm_request_receive_expect(monitor->m_recvfd, MONITOR_ANS_RSARESPONSE, &m); 925 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_RSARESPONSE, &m);
926 926
927 success = buffer_get_int(&m); 927 success = buffer_get_int(&m);
928 buffer_free(&m); 928 buffer_free(&m);
diff --git a/sshd.c b/sshd.c
index 0bd644777..45ccb3d47 100644
--- a/sshd.c
+++ b/sshd.c
@@ -42,7 +42,7 @@
42 */ 42 */
43 43
44#include "includes.h" 44#include "includes.h"
45RCSID("$OpenBSD: sshd.c,v 1.241 2002/05/13 15:53:19 millert Exp $"); 45RCSID("$OpenBSD: sshd.c,v 1.242 2002/05/15 15:47:49 mouring Exp $");
46 46
47#include <openssl/dh.h> 47#include <openssl/dh.h>
48#include <openssl/bn.h> 48#include <openssl/bn.h>
@@ -202,7 +202,7 @@ int *startup_pipes = NULL;
202int startup_pipe; /* in child */ 202int startup_pipe; /* in child */
203 203
204/* variables used for privilege separation */ 204/* variables used for privilege separation */
205extern struct monitor *monitor; 205extern struct monitor *pmonitor;
206extern int use_privsep; 206extern int use_privsep;
207 207
208/* Prototypes for various functions defined later in this file. */ 208/* Prototypes for various functions defined later in this file. */
@@ -566,9 +566,9 @@ privsep_preauth(void)
566 pid_t pid; 566 pid_t pid;
567 567
568 /* Set up unprivileged child process to deal with network data */ 568 /* Set up unprivileged child process to deal with network data */
569 monitor = monitor_init(); 569 pmonitor = monitor_init();
570 /* Store a pointer to the kex for later rekeying */ 570 /* Store a pointer to the kex for later rekeying */
571 monitor->m_pkex = &xxx_kex; 571 pmonitor->m_pkex = &xxx_kex;
572 572
573 pid = fork(); 573 pid = fork();
574 if (pid == -1) { 574 if (pid == -1) {
@@ -576,12 +576,12 @@ privsep_preauth(void)
576 } else if (pid != 0) { 576 } else if (pid != 0) {
577 debug2("Network child is on pid %d", pid); 577 debug2("Network child is on pid %d", pid);
578 578
579 close(monitor->m_recvfd); 579 close(pmonitor->m_recvfd);
580 authctxt = monitor_child_preauth(monitor); 580 authctxt = monitor_child_preauth(pmonitor);
581 close(monitor->m_sendfd); 581 close(pmonitor->m_sendfd);
582 582
583 /* Sync memory */ 583 /* Sync memory */
584 monitor_sync(monitor); 584 monitor_sync(pmonitor);
585 585
586 /* Wait for the child's exit status */ 586 /* Wait for the child's exit status */
587 while (waitpid(pid, &status, 0) < 0) 587 while (waitpid(pid, &status, 0) < 0)
@@ -591,7 +591,7 @@ privsep_preauth(void)
591 } else { 591 } else {
592 /* child */ 592 /* child */
593 593
594 close(monitor->m_sendfd); 594 close(pmonitor->m_sendfd);
595 595
596 /* Demote the child */ 596 /* Demote the child */
597 if (getuid() == 0 || geteuid() == 0) 597 if (getuid() == 0 || geteuid() == 0)
@@ -611,7 +611,7 @@ privsep_postauth(Authctxt *authctxt)
611 611
612 if (authctxt->pw->pw_uid == 0 || options.use_login) { 612 if (authctxt->pw->pw_uid == 0 || options.use_login) {
613 /* File descriptor passing is broken or root login */ 613 /* File descriptor passing is broken or root login */
614 monitor_apply_keystate(monitor); 614 monitor_apply_keystate(pmonitor);
615 use_privsep = 0; 615 use_privsep = 0;
616 return; 616 return;
617 } 617 }
@@ -624,21 +624,21 @@ privsep_postauth(Authctxt *authctxt)
624 } 624 }
625 625
626 /* New socket pair */ 626 /* New socket pair */
627 monitor_reinit(monitor); 627 monitor_reinit(pmonitor);
628 628
629 monitor->m_pid = fork(); 629 pmonitor->m_pid = fork();
630 if (monitor->m_pid == -1) 630 if (pmonitor->m_pid == -1)
631 fatal("fork of unprivileged child failed"); 631 fatal("fork of unprivileged child failed");
632 else if (monitor->m_pid != 0) { 632 else if (pmonitor->m_pid != 0) {
633 debug2("User child is on pid %d", monitor->m_pid); 633 debug2("User child is on pid %d", pmonitor->m_pid);
634 close(monitor->m_recvfd); 634 close(pmonitor->m_recvfd);
635 monitor_child_postauth(monitor); 635 monitor_child_postauth(pmonitor);
636 636
637 /* NEVERREACHED */ 637 /* NEVERREACHED */
638 exit(0); 638 exit(0);
639 } 639 }
640 640
641 close(monitor->m_sendfd); 641 close(pmonitor->m_sendfd);
642 642
643 /* Demote the private keys to public keys. */ 643 /* Demote the private keys to public keys. */
644 demote_sensitive_data(); 644 demote_sensitive_data();
@@ -647,7 +647,7 @@ privsep_postauth(Authctxt *authctxt)
647 do_setusercontext(authctxt->pw); 647 do_setusercontext(authctxt->pw);
648 648
649 /* It is safe now to apply the key state */ 649 /* It is safe now to apply the key state */
650 monitor_apply_keystate(monitor); 650 monitor_apply_keystate(pmonitor);
651} 651}
652 652
653static char * 653static char *
@@ -1459,7 +1459,7 @@ main(int ac, char **av)
1459 * the current keystate and exits 1459 * the current keystate and exits
1460 */ 1460 */
1461 if (use_privsep) { 1461 if (use_privsep) {
1462 mm_send_keystate(monitor); 1462 mm_send_keystate(pmonitor);
1463 exit(0); 1463 exit(0);
1464 } 1464 }
1465 1465
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-17 06:40:56 +0000