diff options
Diffstat (limited to 'monitor_wrap.c')
| -rw-r--r-- | monitor_wrap.c | 36 |
1 files changed, 17 insertions, 19 deletions
diff --git a/monitor_wrap.c b/monitor_wrap.c index fd4d7eb3b..6b3a6251c 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: monitor_wrap.c,v 1.107 2018/07/20 03:46:34 djm Exp $ */ | 1 | /* $OpenBSD: monitor_wrap.c,v 1.112 2019/01/21 09:54:11 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> | 3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> |
| 4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> | 4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> |
| @@ -202,12 +202,8 @@ mm_choose_dh(int min, int nbits, int max) | |||
| 202 | if (success == 0) | 202 | if (success == 0) |
| 203 | fatal("%s: MONITOR_ANS_MODULI failed", __func__); | 203 | fatal("%s: MONITOR_ANS_MODULI failed", __func__); |
| 204 | 204 | ||
| 205 | if ((p = BN_new()) == NULL) | 205 | if ((r = sshbuf_get_bignum2(m, &p)) != 0 || |
| 206 | fatal("%s: BN_new failed", __func__); | 206 | (r = sshbuf_get_bignum2(m, &g)) != 0) |
| 207 | if ((g = BN_new()) == NULL) | ||
| 208 | fatal("%s: BN_new failed", __func__); | ||
| 209 | if ((r = sshbuf_get_bignum2(m, p)) != 0 || | ||
| 210 | (r = sshbuf_get_bignum2(m, g)) != 0) | ||
| 211 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | 207 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
| 212 | 208 | ||
| 213 | debug3("%s: remaining %zu", __func__, sshbuf_len(m)); | 209 | debug3("%s: remaining %zu", __func__, sshbuf_len(m)); |
| @@ -218,12 +214,12 @@ mm_choose_dh(int min, int nbits, int max) | |||
| 218 | #endif | 214 | #endif |
| 219 | 215 | ||
| 220 | int | 216 | int |
| 221 | mm_sshkey_sign(struct sshkey *key, u_char **sigp, size_t *lenp, | 217 | mm_sshkey_sign(struct ssh *ssh, struct sshkey *key, u_char **sigp, size_t *lenp, |
| 222 | const u_char *data, size_t datalen, const char *hostkey_alg, u_int compat) | 218 | const u_char *data, size_t datalen, const char *hostkey_alg, u_int compat) |
| 223 | { | 219 | { |
| 224 | struct kex *kex = *pmonitor->m_pkex; | 220 | struct kex *kex = *pmonitor->m_pkex; |
| 225 | struct sshbuf *m; | 221 | struct sshbuf *m; |
| 226 | u_int ndx = kex->host_key_index(key, 0, active_state); | 222 | u_int ndx = kex->host_key_index(key, 0, ssh); |
| 227 | int r; | 223 | int r; |
| 228 | 224 | ||
| 229 | debug3("%s entering", __func__); | 225 | debug3("%s entering", __func__); |
| @@ -248,9 +244,8 @@ mm_sshkey_sign(struct sshkey *key, u_char **sigp, size_t *lenp, | |||
| 248 | } | 244 | } |
| 249 | 245 | ||
| 250 | struct passwd * | 246 | struct passwd * |
| 251 | mm_getpwnamallow(const char *username) | 247 | mm_getpwnamallow(struct ssh *ssh, const char *username) |
| 252 | { | 248 | { |
| 253 | struct ssh *ssh = active_state; /* XXX */ | ||
| 254 | struct sshbuf *m; | 249 | struct sshbuf *m; |
| 255 | struct passwd *pw; | 250 | struct passwd *pw; |
| 256 | size_t len; | 251 | size_t len; |
| @@ -459,8 +454,8 @@ mm_user_key_allowed(struct ssh *ssh, struct passwd *pw, struct sshkey *key, | |||
| 459 | } | 454 | } |
| 460 | 455 | ||
| 461 | int | 456 | int |
| 462 | mm_hostbased_key_allowed(struct passwd *pw, const char *user, const char *host, | 457 | mm_hostbased_key_allowed(struct ssh *ssh, struct passwd *pw, |
| 463 | struct sshkey *key) | 458 | const char *user, const char *host, struct sshkey *key) |
| 464 | { | 459 | { |
| 465 | return (mm_key_allowed(MM_HOSTKEY, user, host, key, 0, NULL)); | 460 | return (mm_key_allowed(MM_HOSTKEY, user, host, key, 0, NULL)); |
| 466 | } | 461 | } |
| @@ -553,9 +548,8 @@ mm_sshkey_verify(const struct sshkey *key, const u_char *sig, size_t siglen, | |||
| 553 | } | 548 | } |
| 554 | 549 | ||
| 555 | void | 550 | void |
| 556 | mm_send_keystate(struct monitor *monitor) | 551 | mm_send_keystate(struct ssh *ssh, struct monitor *monitor) |
| 557 | { | 552 | { |
| 558 | struct ssh *ssh = active_state; /* XXX */ | ||
| 559 | struct sshbuf *m; | 553 | struct sshbuf *m; |
| 560 | int r; | 554 | int r; |
| 561 | 555 | ||
| @@ -649,7 +643,7 @@ mm_session_pty_cleanup2(Session *s) | |||
| 649 | 643 | ||
| 650 | #ifdef USE_PAM | 644 | #ifdef USE_PAM |
| 651 | void | 645 | void |
| 652 | mm_start_pam(Authctxt *authctxt) | 646 | mm_start_pam(struct ssh *ssh) |
| 653 | { | 647 | { |
| 654 | struct sshbuf *m; | 648 | struct sshbuf *m; |
| 655 | 649 | ||
| @@ -890,7 +884,7 @@ mm_bsdauth_respond(void *ctx, u_int numresponses, char **responses) | |||
| 890 | 884 | ||
| 891 | #ifdef SSH_AUDIT_EVENTS | 885 | #ifdef SSH_AUDIT_EVENTS |
| 892 | void | 886 | void |
| 893 | mm_audit_event(ssh_audit_event_t event) | 887 | mm_audit_event(struct ssh *ssh, ssh_audit_event_t event) |
| 894 | { | 888 | { |
| 895 | struct sshbuf *m; | 889 | struct sshbuf *m; |
| 896 | int r; | 890 | int r; |
| @@ -1005,13 +999,15 @@ mm_ssh_gssapi_checkmic(Gssctxt *ctx, gss_buffer_t gssbuf, gss_buffer_t gssmic) | |||
| 1005 | } | 999 | } |
| 1006 | 1000 | ||
| 1007 | int | 1001 | int |
| 1008 | mm_ssh_gssapi_userok(char *user, struct passwd *pw) | 1002 | mm_ssh_gssapi_userok(char *user, struct passwd *pw, int kex) |
| 1009 | { | 1003 | { |
| 1010 | struct sshbuf *m; | 1004 | struct sshbuf *m; |
| 1011 | int r, authenticated = 0; | 1005 | int r, authenticated = 0; |
| 1012 | 1006 | ||
| 1013 | if ((m = sshbuf_new()) == NULL) | 1007 | if ((m = sshbuf_new()) == NULL) |
| 1014 | fatal("%s: sshbuf_new failed", __func__); | 1008 | fatal("%s: sshbuf_new failed", __func__); |
| 1009 | if ((r = sshbuf_put_u32(m, kex)) != 0) | ||
| 1010 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | ||
| 1015 | 1011 | ||
| 1016 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSUSEROK, m); | 1012 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSUSEROK, m); |
| 1017 | mm_request_receive_expect(pmonitor->m_recvfd, | 1013 | mm_request_receive_expect(pmonitor->m_recvfd, |
| @@ -1046,7 +1042,7 @@ mm_ssh_gssapi_sign(Gssctxt *ctx, gss_buffer_desc *data, gss_buffer_desc *hash) | |||
| 1046 | 1042 | ||
| 1047 | sshbuf_free(m); | 1043 | sshbuf_free(m); |
| 1048 | 1044 | ||
| 1049 | return(major); | 1045 | return (major); |
| 1050 | } | 1046 | } |
| 1051 | 1047 | ||
| 1052 | int | 1048 | int |
| @@ -1057,6 +1053,7 @@ mm_ssh_gssapi_update_creds(ssh_gssapi_ccache *store) | |||
| 1057 | 1053 | ||
| 1058 | if ((m = sshbuf_new()) == NULL) | 1054 | if ((m = sshbuf_new()) == NULL) |
| 1059 | fatal("%s: sshbuf_new failed", __func__); | 1055 | fatal("%s: sshbuf_new failed", __func__); |
| 1056 | |||
| 1060 | if ((r = sshbuf_put_cstring(m, | 1057 | if ((r = sshbuf_put_cstring(m, |
| 1061 | store->filename ? store->filename : "")) != 0 || | 1058 | store->filename ? store->filename : "")) != 0 || |
| 1062 | (r = sshbuf_put_cstring(m, | 1059 | (r = sshbuf_put_cstring(m, |
| @@ -1070,6 +1067,7 @@ mm_ssh_gssapi_update_creds(ssh_gssapi_ccache *store) | |||
| 1070 | 1067 | ||
| 1071 | if ((r = sshbuf_get_u32(m, &ok)) != 0) | 1068 | if ((r = sshbuf_get_u32(m, &ok)) != 0) |
| 1072 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | 1069 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
| 1070 | |||
| 1073 | sshbuf_free(m); | 1071 | sshbuf_free(m); |
| 1074 | 1072 | ||
| 1075 | return (ok); | 1073 | return (ok); |