diff options
Diffstat (limited to 'monitor_wrap.c')
-rw-r--r-- | monitor_wrap.c | 36 |
1 files changed, 17 insertions, 19 deletions
diff --git a/monitor_wrap.c b/monitor_wrap.c index fd4d7eb3b..6b3a6251c 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: monitor_wrap.c,v 1.107 2018/07/20 03:46:34 djm Exp $ */ | 1 | /* $OpenBSD: monitor_wrap.c,v 1.112 2019/01/21 09:54:11 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> | 3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> |
4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> | 4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> |
@@ -202,12 +202,8 @@ mm_choose_dh(int min, int nbits, int max) | |||
202 | if (success == 0) | 202 | if (success == 0) |
203 | fatal("%s: MONITOR_ANS_MODULI failed", __func__); | 203 | fatal("%s: MONITOR_ANS_MODULI failed", __func__); |
204 | 204 | ||
205 | if ((p = BN_new()) == NULL) | 205 | if ((r = sshbuf_get_bignum2(m, &p)) != 0 || |
206 | fatal("%s: BN_new failed", __func__); | 206 | (r = sshbuf_get_bignum2(m, &g)) != 0) |
207 | if ((g = BN_new()) == NULL) | ||
208 | fatal("%s: BN_new failed", __func__); | ||
209 | if ((r = sshbuf_get_bignum2(m, p)) != 0 || | ||
210 | (r = sshbuf_get_bignum2(m, g)) != 0) | ||
211 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | 207 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
212 | 208 | ||
213 | debug3("%s: remaining %zu", __func__, sshbuf_len(m)); | 209 | debug3("%s: remaining %zu", __func__, sshbuf_len(m)); |
@@ -218,12 +214,12 @@ mm_choose_dh(int min, int nbits, int max) | |||
218 | #endif | 214 | #endif |
219 | 215 | ||
220 | int | 216 | int |
221 | mm_sshkey_sign(struct sshkey *key, u_char **sigp, size_t *lenp, | 217 | mm_sshkey_sign(struct ssh *ssh, struct sshkey *key, u_char **sigp, size_t *lenp, |
222 | const u_char *data, size_t datalen, const char *hostkey_alg, u_int compat) | 218 | const u_char *data, size_t datalen, const char *hostkey_alg, u_int compat) |
223 | { | 219 | { |
224 | struct kex *kex = *pmonitor->m_pkex; | 220 | struct kex *kex = *pmonitor->m_pkex; |
225 | struct sshbuf *m; | 221 | struct sshbuf *m; |
226 | u_int ndx = kex->host_key_index(key, 0, active_state); | 222 | u_int ndx = kex->host_key_index(key, 0, ssh); |
227 | int r; | 223 | int r; |
228 | 224 | ||
229 | debug3("%s entering", __func__); | 225 | debug3("%s entering", __func__); |
@@ -248,9 +244,8 @@ mm_sshkey_sign(struct sshkey *key, u_char **sigp, size_t *lenp, | |||
248 | } | 244 | } |
249 | 245 | ||
250 | struct passwd * | 246 | struct passwd * |
251 | mm_getpwnamallow(const char *username) | 247 | mm_getpwnamallow(struct ssh *ssh, const char *username) |
252 | { | 248 | { |
253 | struct ssh *ssh = active_state; /* XXX */ | ||
254 | struct sshbuf *m; | 249 | struct sshbuf *m; |
255 | struct passwd *pw; | 250 | struct passwd *pw; |
256 | size_t len; | 251 | size_t len; |
@@ -459,8 +454,8 @@ mm_user_key_allowed(struct ssh *ssh, struct passwd *pw, struct sshkey *key, | |||
459 | } | 454 | } |
460 | 455 | ||
461 | int | 456 | int |
462 | mm_hostbased_key_allowed(struct passwd *pw, const char *user, const char *host, | 457 | mm_hostbased_key_allowed(struct ssh *ssh, struct passwd *pw, |
463 | struct sshkey *key) | 458 | const char *user, const char *host, struct sshkey *key) |
464 | { | 459 | { |
465 | return (mm_key_allowed(MM_HOSTKEY, user, host, key, 0, NULL)); | 460 | return (mm_key_allowed(MM_HOSTKEY, user, host, key, 0, NULL)); |
466 | } | 461 | } |
@@ -553,9 +548,8 @@ mm_sshkey_verify(const struct sshkey *key, const u_char *sig, size_t siglen, | |||
553 | } | 548 | } |
554 | 549 | ||
555 | void | 550 | void |
556 | mm_send_keystate(struct monitor *monitor) | 551 | mm_send_keystate(struct ssh *ssh, struct monitor *monitor) |
557 | { | 552 | { |
558 | struct ssh *ssh = active_state; /* XXX */ | ||
559 | struct sshbuf *m; | 553 | struct sshbuf *m; |
560 | int r; | 554 | int r; |
561 | 555 | ||
@@ -649,7 +643,7 @@ mm_session_pty_cleanup2(Session *s) | |||
649 | 643 | ||
650 | #ifdef USE_PAM | 644 | #ifdef USE_PAM |
651 | void | 645 | void |
652 | mm_start_pam(Authctxt *authctxt) | 646 | mm_start_pam(struct ssh *ssh) |
653 | { | 647 | { |
654 | struct sshbuf *m; | 648 | struct sshbuf *m; |
655 | 649 | ||
@@ -890,7 +884,7 @@ mm_bsdauth_respond(void *ctx, u_int numresponses, char **responses) | |||
890 | 884 | ||
891 | #ifdef SSH_AUDIT_EVENTS | 885 | #ifdef SSH_AUDIT_EVENTS |
892 | void | 886 | void |
893 | mm_audit_event(ssh_audit_event_t event) | 887 | mm_audit_event(struct ssh *ssh, ssh_audit_event_t event) |
894 | { | 888 | { |
895 | struct sshbuf *m; | 889 | struct sshbuf *m; |
896 | int r; | 890 | int r; |
@@ -1005,13 +999,15 @@ mm_ssh_gssapi_checkmic(Gssctxt *ctx, gss_buffer_t gssbuf, gss_buffer_t gssmic) | |||
1005 | } | 999 | } |
1006 | 1000 | ||
1007 | int | 1001 | int |
1008 | mm_ssh_gssapi_userok(char *user, struct passwd *pw) | 1002 | mm_ssh_gssapi_userok(char *user, struct passwd *pw, int kex) |
1009 | { | 1003 | { |
1010 | struct sshbuf *m; | 1004 | struct sshbuf *m; |
1011 | int r, authenticated = 0; | 1005 | int r, authenticated = 0; |
1012 | 1006 | ||
1013 | if ((m = sshbuf_new()) == NULL) | 1007 | if ((m = sshbuf_new()) == NULL) |
1014 | fatal("%s: sshbuf_new failed", __func__); | 1008 | fatal("%s: sshbuf_new failed", __func__); |
1009 | if ((r = sshbuf_put_u32(m, kex)) != 0) | ||
1010 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | ||
1015 | 1011 | ||
1016 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSUSEROK, m); | 1012 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSUSEROK, m); |
1017 | mm_request_receive_expect(pmonitor->m_recvfd, | 1013 | mm_request_receive_expect(pmonitor->m_recvfd, |
@@ -1046,7 +1042,7 @@ mm_ssh_gssapi_sign(Gssctxt *ctx, gss_buffer_desc *data, gss_buffer_desc *hash) | |||
1046 | 1042 | ||
1047 | sshbuf_free(m); | 1043 | sshbuf_free(m); |
1048 | 1044 | ||
1049 | return(major); | 1045 | return (major); |
1050 | } | 1046 | } |
1051 | 1047 | ||
1052 | int | 1048 | int |
@@ -1057,6 +1053,7 @@ mm_ssh_gssapi_update_creds(ssh_gssapi_ccache *store) | |||
1057 | 1053 | ||
1058 | if ((m = sshbuf_new()) == NULL) | 1054 | if ((m = sshbuf_new()) == NULL) |
1059 | fatal("%s: sshbuf_new failed", __func__); | 1055 | fatal("%s: sshbuf_new failed", __func__); |
1056 | |||
1060 | if ((r = sshbuf_put_cstring(m, | 1057 | if ((r = sshbuf_put_cstring(m, |
1061 | store->filename ? store->filename : "")) != 0 || | 1058 | store->filename ? store->filename : "")) != 0 || |
1062 | (r = sshbuf_put_cstring(m, | 1059 | (r = sshbuf_put_cstring(m, |
@@ -1070,6 +1067,7 @@ mm_ssh_gssapi_update_creds(ssh_gssapi_ccache *store) | |||
1070 | 1067 | ||
1071 | if ((r = sshbuf_get_u32(m, &ok)) != 0) | 1068 | if ((r = sshbuf_get_u32(m, &ok)) != 0) |
1072 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | 1069 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
1070 | |||
1073 | sshbuf_free(m); | 1071 | sshbuf_free(m); |
1074 | 1072 | ||
1075 | return (ok); | 1073 | return (ok); |