From 2a35862e664afde774d4a72497d394fe7306ccb5 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Fri, 16 Nov 2018 03:26:01 +0000 Subject: upstream: use path_absolute() for pathname checks; from Manoj Ampalam OpenBSD-Commit-ID: 482ce71a5ea5c5f3bc4d00fd719481a6a584d925 --- session.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'session.c') diff --git a/session.c b/session.c index 2d0958d11..a3f0b3562 100644 --- a/session.c +++ b/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.307 2018/10/04 00:10:11 djm Exp $ */ +/* $OpenBSD: session.c,v 1.308 2018/11/16 03:26:01 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -1334,7 +1334,7 @@ safely_chroot(const char *path, uid_t uid) char component[PATH_MAX]; struct stat st; - if (*path != '/') + if (!path_absolute(path)) fatal("chroot path does not begin at root"); if (strlen(path) >= sizeof(component)) fatal("chroot path too long"); -- cgit v1.2.3 From 8a22ffaa13391cfe5b40316d938fe0fb931e9296 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 7 Dec 2018 15:41:16 +1100 Subject: expose $SSH_CONNECTION in the PAM environment This makes the connection 4-tuple available to PAM modules that wish to use it in decision-making. bz#2741 --- auth-pam.c | 10 ++++++++++ session.c | 11 +++++++---- 2 files changed, 17 insertions(+), 4 deletions(-) (limited to 'session.c') diff --git a/auth-pam.c b/auth-pam.c index 1dec53e92..d67324e1f 100644 --- a/auth-pam.c +++ b/auth-pam.c @@ -673,6 +673,7 @@ sshpam_init(Authctxt *authctxt) { const char *pam_rhost, *pam_user, *user = authctxt->user; const char **ptr_pam_user = &pam_user; + char *laddr, *conninfo; struct ssh *ssh = active_state; /* XXX */ if (sshpam_handle != NULL) { @@ -702,6 +703,15 @@ sshpam_init(Authctxt *authctxt) sshpam_handle = NULL; return (-1); } + + laddr = get_local_ipaddr(packet_get_connection_in()); + xasprintf(&conninfo, "SSH_CONNECTION=%.50s %d %.50s %d", + ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), + laddr, ssh_local_port(ssh)); + pam_putenv(sshpam_handle, conninfo); + free(laddr); + free(conninfo); + #ifdef PAM_TTY_KLUDGE /* * Some silly PAM modules (e.g. pam_time) require a TTY to operate. diff --git a/session.c b/session.c index a3f0b3562..d2e2fbd74 100644 --- a/session.c +++ b/session.c @@ -1162,15 +1162,18 @@ do_setup_env(struct ssh *ssh, Session *s, const char *shell) char **p; /* - * Don't allow SSH_AUTH_INFO variables posted to PAM to leak - * back into the environment. + * Don't allow PAM-internal env vars to leak + * back into the session environment. */ +#define PAM_ENV_BLACKLIST "SSH_AUTH_INFO*,SSH_CONNECTION*" p = fetch_pam_child_environment(); - copy_environment_blacklist(p, &env, &envsize, "SSH_AUTH_INFO*"); + copy_environment_blacklist(p, &env, &envsize, + PAM_ENV_BLACKLIST); free_pam_environment(p); p = fetch_pam_environment(); - copy_environment_blacklist(p, &env, &envsize, "SSH_AUTH_INFO*"); + copy_environment_blacklist(p, &env, &envsize, + PAM_ENV_BLACKLIST); free_pam_environment(p); } #endif /* USE_PAM */ -- cgit v1.2.3 From f47d72ddad75b93d3cbc781718b0fa9046c03df8 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Thu, 17 Jan 2019 04:45:09 +0000 Subject: upstream: tun_fwd_ifnames variable should b =?UTF-8?q?e=20extern;=20from=20Hanno=20B=C3=B6ck?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit OpenBSD-Commit-ID: d53dede6e521161bf04d39d09947db6253a38271 --- session.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'session.c') diff --git a/session.c b/session.c index d2e2fbd74..0452f507a 100644 --- a/session.c +++ b/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.308 2018/11/16 03:26:01 djm Exp $ */ +/* $OpenBSD: session.c,v 1.309 2019/01/17 04:45:09 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -142,7 +142,7 @@ extern int startup_pipe; extern void destroy_sensitive_data(void); extern struct sshbuf *loginmsg; extern struct sshauthopt *auth_opts; -char *tun_fwd_ifnames; /* serverloop.c */ +extern char *tun_fwd_ifnames; /* serverloop.c */ /* original command from peer. */ const char *original_command = NULL; -- cgit v1.2.3 From 0fa174ebe129f3d0aeaf4e2d1dd8de745870d0ff Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Sat, 19 Jan 2019 21:31:32 +0000 Subject: upstream: begin landing remaining refactoring of packet parsing API, started almost exactly six years ago. This change stops including the old packet_* API by default and makes each file that requires the old API include it explicitly. We will commit file-by-file refactoring to remove the old API in consistent steps. with & ok markus@ OpenBSD-Commit-ID: 93c98a6b38f6911fd1ae025a1ec57807fb4d4ef4 --- auth.c | 5 ++++- auth2-hostbased.c | 4 +++- auth2.c | 5 ++++- channels.c | 5 ++++- clientloop.c | 5 ++++- monitor.c | 5 ++++- monitor_wrap.c | 5 ++++- mux.c | 5 ++++- opacket.c | 3 ++- packet.h | 6 +----- servconf.c | 5 ++++- serverloop.c | 5 ++++- session.c | 5 ++++- ssh.c | 5 ++++- sshconnect.c | 5 ++++- sshconnect2.c | 5 ++++- sshd.c | 5 ++++- 17 files changed, 62 insertions(+), 21 deletions(-) (limited to 'session.c') diff --git a/auth.c b/auth.c index 7d48d07a8..94f43a6c2 100644 --- a/auth.c +++ b/auth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth.c,v 1.135 2019/01/17 04:20:53 djm Exp $ */ +/* $OpenBSD: auth.c,v 1.136 2019/01/19 21:31:32 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -77,6 +77,9 @@ #include "compat.h" #include "channels.h" +#include "opacket.h" /* XXX */ +extern struct ssh *active_state; /* XXX */ + /* import */ extern ServerOptions options; extern int use_privsep; diff --git a/auth2-hostbased.c b/auth2-hostbased.c index 764ceff74..e28a48fb3 100644 --- a/auth2-hostbased.c +++ b/auth2-hostbased.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-hostbased.c,v 1.38 2018/09/20 03:28:06 djm Exp $ */ +/* $OpenBSD: auth2-hostbased.c,v 1.39 2019/01/19 21:31:32 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -51,6 +51,8 @@ #include "ssherr.h" #include "match.h" +extern struct ssh *active_state; /* XXX */ + /* import */ extern ServerOptions options; extern u_char *session_id2; diff --git a/auth2.c b/auth2.c index 4415c11ec..3df2acf78 100644 --- a/auth2.c +++ b/auth2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2.c,v 1.151 2019/01/17 04:20:53 djm Exp $ */ +/* $OpenBSD: auth2.c,v 1.152 2019/01/19 21:31:32 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -61,6 +61,9 @@ #include "ssherr.h" #include "digest.h" +#include "opacket.h" /* XXX */ +extern struct ssh *active_state; /* XXX */ + /* import */ extern ServerOptions options; extern u_char *session_id2; diff --git a/channels.c b/channels.c index 6d2e1c6a6..dcda44b07 100644 --- a/channels.c +++ b/channels.c @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.c,v 1.387 2018/12/07 02:31:20 djm Exp $ */ +/* $OpenBSD: channels.c,v 1.388 2019/01/19 21:31:32 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -84,6 +84,9 @@ #include "pathnames.h" #include "match.h" +#include "opacket.h" /* XXX */ +extern struct ssh *active_state; /* XXX */ + /* -- agent forwarding */ #define NUM_SOCKS 10 diff --git a/clientloop.c b/clientloop.c index 8d312cdaa..d29ec00bc 100644 --- a/clientloop.c +++ b/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.318 2018/09/21 12:46:22 djm Exp $ */ +/* $OpenBSD: clientloop.c,v 1.319 2019/01/19 21:31:32 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -112,6 +112,9 @@ #include "ssherr.h" #include "hostfile.h" +#include "opacket.h" /* XXX */ +extern struct ssh *active_state; /* XXX */ + /* import options */ extern Options options; diff --git a/monitor.c b/monitor.c index 09d3a27fd..e15a5225d 100644 --- a/monitor.c +++ b/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.188 2018/11/16 02:43:56 djm Exp $ */ +/* $OpenBSD: monitor.c,v 1.189 2019/01/19 21:31:32 djm Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -96,6 +96,9 @@ #include "match.h" #include "ssherr.h" +#include "opacket.h" /* XXX */ +extern struct ssh *active_state; /* XXX */ + #ifdef GSSAPI static Gssctxt *gsscontext = NULL; #endif diff --git a/monitor_wrap.c b/monitor_wrap.c index 732fb3476..6ceaa3716 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_wrap.c,v 1.107 2018/07/20 03:46:34 djm Exp $ */ +/* $OpenBSD: monitor_wrap.c,v 1.108 2019/01/19 21:31:32 djm Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -76,6 +76,9 @@ #include "ssherr.h" +#include "opacket.h" /* XXX */ +extern struct ssh *active_state; /* XXX */ + /* Imports */ extern struct monitor *pmonitor; extern struct sshbuf *loginmsg; diff --git a/mux.c b/mux.c index 8e4b60827..abc1e05ab 100644 --- a/mux.c +++ b/mux.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mux.c,v 1.77 2018/09/26 07:32:44 djm Exp $ */ +/* $OpenBSD: mux.c,v 1.78 2019/01/19 21:31:32 djm Exp $ */ /* * Copyright (c) 2002-2008 Damien Miller * @@ -68,6 +68,9 @@ #include "clientloop.h" #include "ssherr.h" +#include "opacket.h" /* XXX */ +extern struct ssh *active_state; /* XXX */ + /* from ssh.c */ extern int tty_flag; extern Options options; diff --git a/opacket.c b/opacket.c index e637d7a71..56a76939e 100644 --- a/opacket.c +++ b/opacket.c @@ -2,11 +2,12 @@ /* Written by Markus Friedl. Placed in the public domain. */ #include "includes.h" - +/* $OpenBSD: opacket.c,v 1.8 2019/01/19 21:31:32 djm Exp $ */ #include #include "ssherr.h" #include "packet.h" +#include "opacket.h" /* XXX */ #include "log.h" struct ssh *active_state, *backup_state; diff --git a/packet.h b/packet.h index 170203cab..c58b52d39 100644 --- a/packet.h +++ b/packet.h @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.h,v 1.86 2018/07/09 21:20:26 markus Exp $ */ +/* $OpenBSD: packet.h,v 1.87 2019/01/19 21:31:32 djm Exp $ */ /* * Author: Tatu Ylonen @@ -204,10 +204,6 @@ int sshpkt_get_end(struct ssh *ssh); void sshpkt_fmt_connection_id(struct ssh *ssh, char *s, size_t l); const u_char *sshpkt_ptr(struct ssh *, size_t *lenp); -/* OLD API */ -extern struct ssh *active_state; -#include "opacket.h" - #if !defined(WITH_OPENSSL) # undef BIGNUM # undef EC_KEY diff --git a/servconf.c b/servconf.c index 52d9be429..0ec095bd0 100644 --- a/servconf.c +++ b/servconf.c @@ -1,5 +1,5 @@ -/* $OpenBSD: servconf.c,v 1.344 2018/11/19 04:12:32 djm Exp $ */ +/* $OpenBSD: servconf.c,v 1.345 2019/01/19 21:31:32 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -65,6 +65,9 @@ #include "myproposal.h" #include "digest.h" +#include "opacket.h" /* XXX */ +extern struct ssh *active_state; /* XXX */ + static void add_listen_addr(ServerOptions *, const char *, const char *, int); static void add_one_listen_addr(ServerOptions *, const char *, diff --git a/serverloop.c b/serverloop.c index 7be83e2d3..e0c26bbbc 100644 --- a/serverloop.c +++ b/serverloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: serverloop.c,v 1.209 2018/07/27 05:13:02 dtucker Exp $ */ +/* $OpenBSD: serverloop.c,v 1.210 2019/01/19 21:31:32 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -78,6 +78,9 @@ #include "serverloop.h" #include "ssherr.h" +#include "opacket.h" /* XXX */ +extern struct ssh *active_state; /* XXX */ + extern ServerOptions options; /* XXX */ diff --git a/session.c b/session.c index 0452f507a..f0dabe111 100644 --- a/session.c +++ b/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.309 2019/01/17 04:45:09 djm Exp $ */ +/* $OpenBSD: session.c,v 1.310 2019/01/19 21:31:32 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -105,6 +105,9 @@ #include #endif +#include "opacket.h" /* XXX */ +extern struct ssh *active_state; /* XXX */ + #define IS_INTERNAL_SFTP(c) \ (!strncmp(c, INTERNAL_SFTP_NAME, sizeof(INTERNAL_SFTP_NAME) - 1) && \ (c[sizeof(INTERNAL_SFTP_NAME) - 1] == '\0' || \ diff --git a/ssh.c b/ssh.c index 16536a97a..a206a5fca 100644 --- a/ssh.c +++ b/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.497 2018/12/27 03:25:25 djm Exp $ */ +/* $OpenBSD: ssh.c,v 1.498 2019/01/19 21:31:32 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -113,6 +113,9 @@ #include "ssh-pkcs11.h" #endif +#include "opacket.h" /* XXX */ +extern struct ssh *active_state; /* XXX move here */ + extern char *__progname; /* Saves a copy of argv for setproctitle emulation */ diff --git a/sshconnect.c b/sshconnect.c index 884e33628..346f979d1 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.309 2018/12/27 03:25:25 djm Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.310 2019/01/19 21:31:32 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -70,6 +70,9 @@ #include "authfd.h" #include "kex.h" +#include "opacket.h" /* XXX */ +extern struct ssh *active_state; /* XXX */ + struct sshkey *previous_host_key = NULL; static int matching_host_key_dns = 0; diff --git a/sshconnect2.c b/sshconnect2.c index 0e8f323d6..73ffe77a9 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.292 2019/01/04 03:27:50 djm Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.293 2019/01/19 21:31:32 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -77,6 +77,9 @@ #include "ssh-gss.h" #endif +#include "opacket.h" /* XXX */ +extern struct ssh *active_state; /* XXX */ + /* import */ extern char *client_version_string; extern char *server_version_string; diff --git a/sshd.c b/sshd.c index 1d25c88f3..ad8c152a5 100644 --- a/sshd.c +++ b/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.521 2019/01/17 01:50:24 djm Exp $ */ +/* $OpenBSD: sshd.c,v 1.522 2019/01/19 21:31:32 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -123,6 +123,9 @@ #include "version.h" #include "ssherr.h" +#include "opacket.h" /* XXX */ +extern struct ssh *active_state; /* XXX move decl to this file */ + /* Re-exec fds */ #define REEXEC_DEVCRYPTO_RESERVED_FD (STDERR_FILENO + 1) #define REEXEC_STARTUP_PIPE_FD (STDERR_FILENO + 2) -- cgit v1.2.3 From 3a00a921590d4c4b7e96df11bb10e6f9253ad45e Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Sat, 19 Jan 2019 21:41:18 +0000 Subject: upstream: convert auth.c to new packet API with & ok markus@ OpenBSD-Commit-ID: 7e10359f614ff522b52a3f05eec576257794e8e4 --- auth.c | 26 ++++++++++---------------- auth.h | 12 ++++++------ auth2.c | 8 ++++---- monitor.c | 8 ++++---- monitor_wrap.c | 5 ++--- monitor_wrap.h | 5 +++-- session.c | 4 ++-- 7 files changed, 31 insertions(+), 37 deletions(-) (limited to 'session.c') diff --git a/auth.c b/auth.c index d82b40683..fea2c650f 100644 --- a/auth.c +++ b/auth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth.c,v 1.137 2019/01/19 21:37:48 djm Exp $ */ +/* $OpenBSD: auth.c,v 1.138 2019/01/19 21:41:18 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -77,9 +77,6 @@ #include "compat.h" #include "channels.h" -#include "opacket.h" /* XXX */ -extern struct ssh *active_state; /* XXX */ - /* import */ extern ServerOptions options; extern int use_privsep; @@ -100,9 +97,8 @@ static struct sshbuf *auth_debug; * Otherwise true is returned. */ int -allowed_user(struct passwd * pw) +allowed_user(struct ssh *ssh, struct passwd * pw) { - struct ssh *ssh = active_state; /* XXX */ struct stat st; const char *hostname = NULL, *ipaddr = NULL, *passwd = NULL; u_int i; @@ -312,10 +308,10 @@ format_method_key(Authctxt *authctxt) } void -auth_log(Authctxt *authctxt, int authenticated, int partial, +auth_log(struct ssh *ssh, int authenticated, int partial, const char *method, const char *submethod) { - struct ssh *ssh = active_state; /* XXX */ + Authctxt *authctxt = (Authctxt *)ssh->authctxt; int level = SYSLOG_LEVEL_VERBOSE; const char *authmsg; char *extra = NULL; @@ -377,9 +373,9 @@ auth_log(Authctxt *authctxt, int authenticated, int partial, void -auth_maxtries_exceeded(Authctxt *authctxt) +auth_maxtries_exceeded(struct ssh *ssh) { - struct ssh *ssh = active_state; /* XXX */ + Authctxt *authctxt = (Authctxt *)ssh->authctxt; error("maximum authentication attempts exceeded for " "%s%.100s from %.200s port %d ssh2", @@ -387,7 +383,7 @@ auth_maxtries_exceeded(Authctxt *authctxt) authctxt->user, ssh_remote_ipaddr(ssh), ssh_remote_port(ssh)); - packet_disconnect("Too many authentication failures"); + ssh_packet_disconnect(ssh, "Too many authentication failures"); /* NOTREACHED */ } @@ -562,9 +558,8 @@ auth_openprincipals(const char *file, struct passwd *pw, int strict_modes) } struct passwd * -getpwnamallow(const char *user) +getpwnamallow(struct ssh *ssh, const char *user) { - struct ssh *ssh = active_state; /* XXX */ #ifdef HAVE_LOGIN_CAP extern login_cap_t *lc; #ifdef BSD_AUTH @@ -614,7 +609,7 @@ getpwnamallow(const char *user) #endif /* SSH_AUDIT_EVENTS */ return (NULL); } - if (!allowed_user(pw)) + if (!allowed_user(ssh, pw)) return (NULL); #ifdef HAVE_LOGIN_CAP if ((lc = login_getclass(pw->pw_class)) == NULL) { @@ -693,9 +688,8 @@ auth_debug_add(const char *fmt,...) } void -auth_debug_send(void) +auth_debug_send(struct ssh *ssh) { - struct ssh *ssh = active_state; /* XXX */ char *msg; int r; diff --git a/auth.h b/auth.h index 68104e50b..71c372e97 100644 --- a/auth.h +++ b/auth.h @@ -1,4 +1,4 @@ -/* $OpenBSD: auth.h,v 1.97 2019/01/19 21:38:24 djm Exp $ */ +/* $OpenBSD: auth.h,v 1.98 2019/01/19 21:41:18 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -168,8 +168,8 @@ void remove_kbdint_device(const char *); void do_authentication2(struct ssh *); -void auth_log(Authctxt *, int, int, const char *, const char *); -void auth_maxtries_exceeded(Authctxt *) __attribute__((noreturn)); +void auth_log(struct ssh *, int, int, const char *, const char *); +void auth_maxtries_exceeded(struct ssh *) __attribute__((noreturn)); void userauth_finish(struct ssh *, int, const char *, const char *); int auth_root_allowed(struct ssh *, const char *); @@ -186,8 +186,8 @@ void auth2_challenge_stop(struct ssh *); int bsdauth_query(void *, char **, char **, u_int *, char ***, u_int **); int bsdauth_respond(void *, u_int, char **); -int allowed_user(struct passwd *); -struct passwd * getpwnamallow(const char *user); +int allowed_user(struct ssh *, struct passwd *); +struct passwd * getpwnamallow(struct ssh *, const char *user); char *expand_authorized_keys(const char *, struct passwd *pw); char *authorized_principals_file(struct passwd *); @@ -222,7 +222,7 @@ void auth_log_authopts(const char *, const struct sshauthopt *, int); /* debug messages during authentication */ void auth_debug_add(const char *fmt,...) __attribute__((format(printf, 1, 2))); -void auth_debug_send(void); +void auth_debug_send(struct ssh *); void auth_debug_reset(void); struct passwd *fakepw(void); diff --git a/auth2.c b/auth2.c index 2ea71210c..1f023e8b1 100644 --- a/auth2.c +++ b/auth2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2.c,v 1.153 2019/01/19 21:38:24 djm Exp $ */ +/* $OpenBSD: auth2.c,v 1.154 2019/01/19 21:41:18 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -284,7 +284,7 @@ input_userauth_request(int type, u_int32_t seq, struct ssh *ssh) if (authctxt->attempt++ == 0) { /* setup auth context */ - authctxt->pw = PRIVSEP(getpwnamallow(user)); + authctxt->pw = PRIVSEP(getpwnamallow(ssh, user)); authctxt->user = xstrdup(user); if (authctxt->pw && strcmp(service, "ssh-connection")==0) { authctxt->valid = 1; @@ -381,7 +381,7 @@ userauth_finish(struct ssh *ssh, int authenticated, const char *method, } /* Log before sending the reply */ - auth_log(authctxt, authenticated, partial, method, submethod); + auth_log(ssh, authenticated, partial, method, submethod); /* Update information exposed to session */ if (authenticated || partial) @@ -429,7 +429,7 @@ userauth_finish(struct ssh *ssh, int authenticated, const char *method, #ifdef SSH_AUDIT_EVENTS PRIVSEP(audit_event(SSH_LOGIN_EXCEED_MAXTRIES)); #endif - auth_maxtries_exceeded(authctxt); + auth_maxtries_exceeded(ssh); } methods = authmethods_get(authctxt); debug3("%s: failure partial=%d next methods=\"%s\"", __func__, diff --git a/monitor.c b/monitor.c index e15a5225d..39bf7705c 100644 --- a/monitor.c +++ b/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.189 2019/01/19 21:31:32 djm Exp $ */ +/* $OpenBSD: monitor.c,v 1.190 2019/01/19 21:41:18 djm Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -338,7 +338,7 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor) #endif } if (ent->flags & (MON_AUTHDECIDE|MON_ALOG)) { - auth_log(authctxt, authenticated, partial, + auth_log(ssh, authenticated, partial, auth_method, auth_submethod); if (!partial && !authenticated) authctxt->failures++; @@ -729,7 +729,7 @@ mm_answer_pwnamallow(int sock, struct sshbuf *m) if ((r = sshbuf_get_cstring(m, &username, NULL)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); - pwent = getpwnamallow(username); + pwent = getpwnamallow(ssh, username); authctxt->user = xstrdup(username); setproctitle("%s [priv]", pwent ? username : "unknown"); @@ -1230,7 +1230,7 @@ mm_answer_keyallowed(int sock, struct sshbuf *m) hostbased_chost = chost; } else { /* Log failed attempt */ - auth_log(authctxt, 0, 0, auth_method, NULL); + auth_log(ssh, 0, 0, auth_method, NULL); free(cuser); free(chost); } diff --git a/monitor_wrap.c b/monitor_wrap.c index 6ceaa3716..5db8a0a9c 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_wrap.c,v 1.108 2019/01/19 21:31:32 djm Exp $ */ +/* $OpenBSD: monitor_wrap.c,v 1.109 2019/01/19 21:41:18 djm Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -251,9 +251,8 @@ mm_sshkey_sign(struct sshkey *key, u_char **sigp, size_t *lenp, } struct passwd * -mm_getpwnamallow(const char *username) +mm_getpwnamallow(struct ssh *ssh, const char *username) { - struct ssh *ssh = active_state; /* XXX */ struct sshbuf *m; struct passwd *pw; size_t len; diff --git a/monitor_wrap.h b/monitor_wrap.h index 644da081d..19c58e486 100644 --- a/monitor_wrap.h +++ b/monitor_wrap.h @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_wrap.h,v 1.38 2018/07/11 18:53:29 markus Exp $ */ +/* $OpenBSD: monitor_wrap.h,v 1.39 2019/01/19 21:41:18 djm Exp $ */ /* * Copyright 2002 Niels Provos @@ -33,6 +33,7 @@ extern int use_privsep; enum mm_keytype { MM_NOKEY, MM_HOSTKEY, MM_USERKEY }; +struct ssh; struct monitor; struct Authctxt; struct sshkey; @@ -44,7 +45,7 @@ DH *mm_choose_dh(int, int, int); int mm_sshkey_sign(struct sshkey *, u_char **, size_t *, const u_char *, size_t, const char *, u_int compat); void mm_inform_authserv(char *, char *); -struct passwd *mm_getpwnamallow(const char *); +struct passwd *mm_getpwnamallow(struct ssh *, const char *); char *mm_auth2_read_banner(void); int mm_auth_password(struct ssh *, char *); int mm_key_allowed(enum mm_keytype, const char *, const char *, struct sshkey *, diff --git a/session.c b/session.c index f0dabe111..26ab6f6a0 100644 --- a/session.c +++ b/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.310 2019/01/19 21:31:32 djm Exp $ */ +/* $OpenBSD: session.c,v 1.311 2019/01/19 21:41:18 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -362,7 +362,7 @@ do_authenticated(struct ssh *ssh, Authctxt *authctxt) else channel_permit_all(ssh, FORWARD_REMOTE); } - auth_debug_send(); + auth_debug_send(ssh); prepare_auth_info_file(authctxt->pw, authctxt->session_info); -- cgit v1.2.3 From a5e2ad88acff2b7d131ee6d5dc5d339b0f8c6a6d Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Sat, 19 Jan 2019 21:41:53 +0000 Subject: upstream: convert session.c to new packet API with & ok markus@ OpenBSD-Commit-ID: fae817207e23099ddd248960c984f7b7f26ea68e --- session.c | 151 ++++++++++++++++++++++++++++++++++++-------------------------- 1 file changed, 87 insertions(+), 64 deletions(-) (limited to 'session.c') diff --git a/session.c b/session.c index 26ab6f6a0..b5a382473 100644 --- a/session.c +++ b/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.311 2019/01/19 21:41:18 djm Exp $ */ +/* $OpenBSD: session.c,v 1.312 2019/01/19 21:41:53 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -105,9 +105,6 @@ #include #endif -#include "opacket.h" /* XXX */ -extern struct ssh *active_state; /* XXX */ - #define IS_INTERNAL_SFTP(c) \ (!strncmp(c, INTERNAL_SFTP_NAME, sizeof(INTERNAL_SFTP_NAME) - 1) && \ (c[sizeof(INTERNAL_SFTP_NAME) - 1] == '\0' || \ @@ -207,7 +204,7 @@ auth_input_request_forwarding(struct ssh *ssh, struct passwd * pw) /* Create private directory for socket */ if (mkdtemp(auth_sock_dir) == NULL) { - packet_send_debug("Agent forwarding disabled: " + ssh_packet_send_debug(ssh, "Agent forwarding disabled: " "mkdtemp() failed: %.100s", strerror(errno)); restore_uid(); free(auth_sock_dir); @@ -524,7 +521,7 @@ do_exec_no_pty(struct ssh *ssh, Session *s, const char *command) s->pid = pid; /* Set interactive/non-interactive mode. */ - packet_set_interactive(s->display != NULL, + ssh_packet_set_interactive(ssh, s->display != NULL, options.ip_qos_interactive, options.ip_qos_bulk); /* @@ -653,7 +650,7 @@ do_exec_pty(struct ssh *ssh, Session *s, const char *command) /* Enter interactive session. */ s->ptymaster = ptymaster; - packet_set_interactive(1, + ssh_packet_set_interactive(ssh, 1, options.ip_qos_interactive, options.ip_qos_bulk); session_set_fds(ssh, s, ptyfd, fdout, -1, 1, 1); return 0; @@ -786,8 +783,8 @@ do_login(struct ssh *ssh, Session *s, const char *command) */ memset(&from, 0, sizeof(from)); fromlen = sizeof(from); - if (packet_connection_is_on_socket()) { - if (getpeername(packet_get_connection_in(), + if (ssh_packet_connection_is_on_socket(ssh)) { + if (getpeername(ssh_packet_get_connection_in(ssh), (struct sockaddr *)&from, &fromlen) < 0) { debug("getpeername: %.100s", strerror(errno)); cleanup_exit(255); @@ -1198,7 +1195,7 @@ do_setup_env(struct ssh *ssh, Session *s, const char *shell) ssh_local_port(ssh)); child_set_env(&env, &envsize, "SSH_CLIENT", buf); - laddr = get_local_ipaddr(packet_get_connection_in()); + laddr = get_local_ipaddr(ssh_packet_get_connection_in(ssh)); snprintf(buf, sizeof buf, "%.50s %d %.50s %d", ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), laddr, ssh_local_port(ssh)); @@ -1365,7 +1362,7 @@ safely_chroot(const char *path, uid_t uid) component, strerror(errno)); if (st.st_uid != 0 || (st.st_mode & 022) != 0) fatal("bad ownership or modes for chroot " - "directory %s\"%s\"", + "directory %s\"%s\"", cp == NULL ? "" : "component ", component); if (!S_ISDIR(st.st_mode)) fatal("chroot path %s\"%s\" is not a directory", @@ -1503,11 +1500,12 @@ child_close_fds(struct ssh *ssh) auth_sock = -1; } - if (packet_get_connection_in() == packet_get_connection_out()) - close(packet_get_connection_in()); + if (ssh_packet_get_connection_in(ssh) == + ssh_packet_get_connection_out(ssh)) + close(ssh_packet_get_connection_in(ssh)); else { - close(packet_get_connection_in()); - close(packet_get_connection_out()); + close(ssh_packet_get_connection_in(ssh)); + close(ssh_packet_get_connection_out(ssh)); } /* * Close all descriptors related to channels. They will still remain @@ -1549,7 +1547,7 @@ do_child(struct ssh *ssh, Session *s, const char *command) /* remove hostkey from the child's memory */ destroy_sensitive_data(); - packet_clear_keys(); + ssh_packet_clear_keys(ssh); /* Force a password change */ if (s->authctxt->force_pwchange) { @@ -1911,11 +1909,14 @@ session_by_pid(pid_t pid) static int session_window_change_req(struct ssh *ssh, Session *s) { - s->col = packet_get_int(); - s->row = packet_get_int(); - s->xpixel = packet_get_int(); - s->ypixel = packet_get_int(); - packet_check_eom(); + int r; + + if ((r = sshpkt_get_u32(ssh, &s->col)) != 0 || + (r = sshpkt_get_u32(ssh, &s->row)) != 0 || + (r = sshpkt_get_u32(ssh, &s->xpixel)) != 0 || + (r = sshpkt_get_u32(ssh, &s->ypixel)) != 0 || + (r = sshpkt_get_end(ssh)) != 0) + sshpkt_fatal(ssh, r, "%s: parse packet", __func__); pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel); return 1; } @@ -1923,22 +1924,23 @@ session_window_change_req(struct ssh *ssh, Session *s) static int session_pty_req(struct ssh *ssh, Session *s) { - u_int len; + int r; if (!auth_opts->permit_pty_flag || !options.permit_tty) { debug("Allocating a pty not permitted for this connection."); return 0; } if (s->ttyfd != -1) { - packet_disconnect("Protocol error: you already have a pty."); + ssh_packet_disconnect(ssh, "Protocol error: you already have a pty."); return 0; } - s->term = packet_get_string(&len); - s->col = packet_get_int(); - s->row = packet_get_int(); - s->xpixel = packet_get_int(); - s->ypixel = packet_get_int(); + if ((r = sshpkt_get_cstring(ssh, &s->term, NULL)) != 0 || + (r = sshpkt_get_u32(ssh, &s->col)) != 0 || + (r = sshpkt_get_u32(ssh, &s->row)) != 0 || + (r = sshpkt_get_u32(ssh, &s->xpixel)) != 0 || + (r = sshpkt_get_u32(ssh, &s->ypixel)) != 0) + sshpkt_fatal(ssh, r, "%s: parse packet", __func__); if (strcmp(s->term, "") == 0) { free(s->term); @@ -1960,13 +1962,15 @@ session_pty_req(struct ssh *ssh, Session *s) ssh_tty_parse_modes(ssh, s->ttyfd); + if ((r = sshpkt_get_end(ssh)) != 0) + sshpkt_fatal(ssh, r, "%s: parse packet", __func__); + if (!use_privsep) pty_setowner(s->pw, s->tty); /* Set window size from the packet. */ pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel); - packet_check_eom(); session_proctitle(s); return 1; } @@ -1975,13 +1979,13 @@ static int session_subsystem_req(struct ssh *ssh, Session *s) { struct stat st; - u_int len; - int success = 0; + int r, success = 0; char *prog, *cmd; u_int i; - s->subsys = packet_get_string(&len); - packet_check_eom(); + if ((r = sshpkt_get_cstring(ssh, &s->subsys, NULL)) != 0 || + (r = sshpkt_get_end(ssh)) != 0) + sshpkt_fatal(ssh, r, "%s: parse packet", __func__); debug2("subsystem request for %.100s by user %s", s->subsys, s->pw->pw_name); @@ -2014,18 +2018,22 @@ session_subsystem_req(struct ssh *ssh, Session *s) static int session_x11_req(struct ssh *ssh, Session *s) { - int success; + int r, success; + u_char single_connection = 0; if (s->auth_proto != NULL || s->auth_data != NULL) { error("session_x11_req: session %d: " "x11 forwarding already active", s->self); return 0; } - s->single_connection = packet_get_char(); - s->auth_proto = packet_get_string(NULL); - s->auth_data = packet_get_string(NULL); - s->screen = packet_get_int(); - packet_check_eom(); + if ((r = sshpkt_get_u8(ssh, &single_connection)) != 0 || + (r = sshpkt_get_cstring(ssh, &s->auth_proto, NULL)) != 0 || + (r = sshpkt_get_cstring(ssh, &s->auth_data, NULL)) != 0 || + (r = sshpkt_get_u32(ssh, &s->screen)) != 0 || + (r = sshpkt_get_end(ssh)) != 0) + sshpkt_fatal(ssh, r, "%s: parse packet", __func__); + + s->single_connection = single_connection; if (xauth_valid_string(s->auth_proto) && xauth_valid_string(s->auth_data)) @@ -2046,17 +2054,24 @@ session_x11_req(struct ssh *ssh, Session *s) static int session_shell_req(struct ssh *ssh, Session *s) { - packet_check_eom(); + int r; + + if ((r = sshpkt_get_end(ssh)) != 0) + sshpkt_fatal(ssh, r, "%s: parse packet", __func__); return do_exec(ssh, s, NULL) == 0; } static int session_exec_req(struct ssh *ssh, Session *s) { - u_int len, success; + u_int success; + int r; + char *command = NULL; + + if ((r = sshpkt_get_cstring(ssh, &command, NULL)) != 0 || + (r = sshpkt_get_end(ssh)) != 0) + sshpkt_fatal(ssh, r, "%s: parse packet", __func__); - char *command = packet_get_string(&len); - packet_check_eom(); success = do_exec(ssh, s, command) == 0; free(command); return success; @@ -2065,9 +2080,11 @@ session_exec_req(struct ssh *ssh, Session *s) static int session_break_req(struct ssh *ssh, Session *s) { + int r; - packet_get_int(); /* ignored */ - packet_check_eom(); + if ((r = sshpkt_get_u32(ssh, NULL)) != 0 || /* ignore */ + (r = sshpkt_get_end(ssh)) != 0) + sshpkt_fatal(ssh, r, "%s: parse packet", __func__); if (s->ptymaster == -1 || tcsendbreak(s->ptymaster, 0) < 0) return 0; @@ -2078,11 +2095,13 @@ static int session_env_req(struct ssh *ssh, Session *s) { char *name, *val; - u_int name_len, val_len, i; + u_int i; + int r; - name = packet_get_cstring(&name_len); - val = packet_get_cstring(&val_len); - packet_check_eom(); + if ((r = sshpkt_get_cstring(ssh, &name, NULL)) != 0 || + (r = sshpkt_get_cstring(ssh, &val, NULL)) != 0 || + (r = sshpkt_get_end(ssh)) != 0) + sshpkt_fatal(ssh, r, "%s: parse packet", __func__); /* Don't set too many environment variables */ if (s->num_env > 128) { @@ -2185,8 +2204,10 @@ static int session_auth_agent_req(struct ssh *ssh, Session *s) { static int called = 0; + int r; - packet_check_eom(); + if ((r = sshpkt_get_end(ssh)) != 0) + sshpkt_fatal(ssh, r, "%s: parse packet", __func__); if (!auth_opts->permit_agent_forwarding_flag || !options.allow_agent_forwarding) { debug("%s: agent forwarding disabled", __func__); @@ -2376,6 +2397,7 @@ static void session_exit_message(struct ssh *ssh, Session *s, int status) { Channel *c; + int r; if ((c = channel_lookup(ssh, s->chanid)) == NULL) fatal("%s: session %d: no channel %d", @@ -2385,22 +2407,23 @@ session_exit_message(struct ssh *ssh, Session *s, int status) if (WIFEXITED(status)) { channel_request_start(ssh, s->chanid, "exit-status", 0); - packet_put_int(WEXITSTATUS(status)); - packet_send(); + if ((r = sshpkt_put_u32(ssh, WEXITSTATUS(status))) != 0 || + (r = sshpkt_send(ssh)) != 0) + sshpkt_fatal(ssh, r, "%s: exit reply", __func__); } else if (WIFSIGNALED(status)) { channel_request_start(ssh, s->chanid, "exit-signal", 0); - packet_put_cstring(sig2name(WTERMSIG(status))); -#ifdef WCOREDUMP - packet_put_char(WCOREDUMP(status)? 1 : 0); -#else /* WCOREDUMP */ - packet_put_char(0); -#endif /* WCOREDUMP */ - packet_put_cstring(""); - packet_put_cstring(""); - packet_send(); +#ifndef WCOREDUMP +# define WCOREDUMP(x) (0) +#endif + if ((r = sshpkt_put_cstring(ssh, sig2name(WTERMSIG(status)))) != 0 || + (r = sshpkt_put_u8(ssh, WCOREDUMP(status)? 1 : 0)) != 0 || + (r = sshpkt_put_cstring(ssh, "")) != 0 || + (r = sshpkt_put_cstring(ssh, "")) != 0 || + (r = sshpkt_send(ssh)) != 0) + sshpkt_fatal(ssh, r, "%s: exit reply", __func__); } else { /* Some weird exit cause. Just exit. */ - packet_disconnect("wait returned status %04x.", status); + ssh_packet_disconnect(ssh, "wait returned status %04x.", status); } /* disconnect channel */ @@ -2571,7 +2594,7 @@ session_setup_x11fwd(struct ssh *ssh, Session *s) u_int i; if (!auth_opts->permit_x11_forwarding_flag) { - packet_send_debug("X11 forwarding disabled by key options."); + ssh_packet_send_debug(ssh, "X11 forwarding disabled by key options."); return 0; } if (!options.x11_forwarding) { @@ -2580,7 +2603,7 @@ session_setup_x11fwd(struct ssh *ssh, Session *s) } if (options.xauth_location == NULL || (stat(options.xauth_location, &st) == -1)) { - packet_send_debug("No xauth program; cannot forward X11."); + ssh_packet_send_debug(ssh, "No xauth program; cannot forward X11."); return 0; } if (s->display != NULL) { -- cgit v1.2.3 From 9b655dc9c9a353f0a527f0c6c43a5e35653c9503 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 20 Jan 2019 14:55:27 +1100 Subject: last bits of old packet API / active_state global --- audit-bsm.c | 2 +- audit-linux.c | 4 +--- audit.c | 2 +- audit.h | 4 +++- auth.c | 4 ++-- auth2.c | 6 +++--- monitor.c | 2 +- monitor_wrap.c | 2 +- monitor_wrap.h | 2 +- regress/misc/kexfuzz/kexfuzz.c | 2 -- regress/unittests/kex/test_kex.c | 2 -- session.c | 32 -------------------------------- ssh-keyscan.c | 2 -- ssh-keysign.c | 2 -- sshd.c | 8 ++++---- 15 files changed, 18 insertions(+), 58 deletions(-) (limited to 'session.c') diff --git a/audit-bsm.c b/audit-bsm.c index 1409f69ae..0ba16c72c 100644 --- a/audit-bsm.c +++ b/audit-bsm.c @@ -391,7 +391,7 @@ audit_session_close(struct logininfo *li) } void -audit_event(ssh_audit_event_t event) +audit_event(struct ssh *ssh, ssh_audit_event_t event) { char textbuf[BSM_TEXTBUFSZ]; static int logged_in = 0; diff --git a/audit-linux.c b/audit-linux.c index 136ed76bb..3fcbe5c53 100644 --- a/audit-linux.c +++ b/audit-linux.c @@ -97,10 +97,8 @@ audit_session_close(struct logininfo *li) } void -audit_event(ssh_audit_event_t event) +audit_event(struct ssh *ssh, ssh_audit_event_t event) { - struct ssh *ssh = active_state; /* XXX */ - switch(event) { case SSH_AUTH_SUCCESS: case SSH_CONNECTION_CLOSE: diff --git a/audit.c b/audit.c index 33a04376d..dd2f03558 100644 --- a/audit.c +++ b/audit.c @@ -131,7 +131,7 @@ audit_connection_from(const char *host, int port) * events and what they mean). */ void -audit_event(ssh_audit_event_t event) +audit_event(struct ssh *ssh, ssh_audit_event_t event) { debug("audit event euid %d user %s event %d (%s)", geteuid(), audit_username(), event, audit_event_lookup(event)); diff --git a/audit.h b/audit.h index 0b593666d..38cb5ad31 100644 --- a/audit.h +++ b/audit.h @@ -27,6 +27,8 @@ #include "loginrec.h" +struct ssh; + enum ssh_audit_event_type { SSH_LOGIN_EXCEED_MAXTRIES, SSH_LOGIN_ROOT_DENIED, @@ -46,7 +48,7 @@ enum ssh_audit_event_type { typedef enum ssh_audit_event_type ssh_audit_event_t; void audit_connection_from(const char *, int); -void audit_event(ssh_audit_event_t); +void audit_event(struct ssh *, ssh_audit_event_t); void audit_session_open(struct logininfo *); void audit_session_close(struct logininfo *); void audit_run_command(const char *); diff --git a/auth.c b/auth.c index a4c1dece5..62c58e72f 100644 --- a/auth.c +++ b/auth.c @@ -367,7 +367,7 @@ auth_log(struct ssh *ssh, int authenticated, int partial, #endif #ifdef SSH_AUDIT_EVENTS if (authenticated == 0 && !authctxt->postponed) - audit_event(audit_classify_auth(method)); + audit_event(ssh, audit_classify_auth(method)); #endif } @@ -605,7 +605,7 @@ getpwnamallow(struct ssh *ssh, const char *user) auth_get_canonical_hostname(ssh, options.use_dns), "ssh"); #endif #ifdef SSH_AUDIT_EVENTS - audit_event(SSH_INVALID_USER); + audit_event(ssh, SSH_INVALID_USER); #endif /* SSH_AUDIT_EVENTS */ return (NULL); } diff --git a/auth2.c b/auth2.c index a80b3f872..e43350c36 100644 --- a/auth2.c +++ b/auth2.c @@ -294,7 +294,7 @@ input_userauth_request(int type, u_int32_t seq, struct ssh *ssh) /* Invalid user, fake password information */ authctxt->pw = fakepw(); #ifdef SSH_AUDIT_EVENTS - PRIVSEP(audit_event(SSH_INVALID_USER)); + PRIVSEP(audit_event(ssh, SSH_INVALID_USER)); #endif } #ifdef USE_PAM @@ -369,7 +369,7 @@ userauth_finish(struct ssh *ssh, int authenticated, const char *method, !auth_root_allowed(ssh, method)) { authenticated = 0; #ifdef SSH_AUDIT_EVENTS - PRIVSEP(audit_event(SSH_LOGIN_ROOT_DENIED)); + PRIVSEP(audit_event(ssh, SSH_LOGIN_ROOT_DENIED)); #endif } @@ -430,7 +430,7 @@ userauth_finish(struct ssh *ssh, int authenticated, const char *method, authctxt->failures++; if (authctxt->failures >= options.max_authtries) { #ifdef SSH_AUDIT_EVENTS - PRIVSEP(audit_event(SSH_LOGIN_EXCEED_MAXTRIES)); + PRIVSEP(audit_event(ssh, SSH_LOGIN_EXCEED_MAXTRIES)); #endif auth_maxtries_exceeded(ssh); } diff --git a/monitor.c b/monitor.c index 5fa30b2a8..a9546dad2 100644 --- a/monitor.c +++ b/monitor.c @@ -1628,7 +1628,7 @@ mm_answer_audit_event(struct ssh *ssh, int socket, struct sshbuf *m) case SSH_LOGIN_ROOT_DENIED: case SSH_CONNECTION_CLOSE: case SSH_INVALID_USER: - audit_event(event); + audit_event(ssh, event); break; default: fatal("Audit event type %d not permitted", event); diff --git a/monitor_wrap.c b/monitor_wrap.c index f52b9c88c..9e3c7cd17 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c @@ -867,7 +867,7 @@ mm_bsdauth_respond(void *ctx, u_int numresponses, char **responses) #ifdef SSH_AUDIT_EVENTS void -mm_audit_event(ssh_audit_event_t event) +mm_audit_event(struct ssh *ssh, ssh_audit_event_t event) { struct sshbuf *m; int r; diff --git a/monitor_wrap.h b/monitor_wrap.h index c7e0c91dd..fdebb3aa4 100644 --- a/monitor_wrap.h +++ b/monitor_wrap.h @@ -76,7 +76,7 @@ void mm_sshpam_free_ctx(void *); #ifdef SSH_AUDIT_EVENTS #include "audit.h" -void mm_audit_event(ssh_audit_event_t); +void mm_audit_event(struct ssh *, ssh_audit_event_t); void mm_audit_run_command(const char *); #endif diff --git a/regress/misc/kexfuzz/kexfuzz.c b/regress/misc/kexfuzz/kexfuzz.c index 3e2c48160..61cae042f 100644 --- a/regress/misc/kexfuzz/kexfuzz.c +++ b/regress/misc/kexfuzz/kexfuzz.c @@ -29,8 +29,6 @@ #include "authfile.h" #include "log.h" -struct ssh *active_state = NULL; /* XXX - needed for linking */ - void kex_tests(void); static int do_debug = 0; diff --git a/regress/unittests/kex/test_kex.c b/regress/unittests/kex/test_kex.c index 90f1ebf45..112bc5499 100644 --- a/regress/unittests/kex/test_kex.c +++ b/regress/unittests/kex/test_kex.c @@ -24,8 +24,6 @@ #include "packet.h" #include "myproposal.h" -struct ssh *active_state = NULL; /* XXX - needed for linking */ - void kex_tests(void); static int do_debug = 0; diff --git a/session.c b/session.c index b5a382473..4862e5d63 100644 --- a/session.c +++ b/session.c @@ -123,9 +123,6 @@ int do_exec_no_pty(struct ssh *, Session *, const char *); int do_exec(struct ssh *, Session *, const char *); void do_login(struct ssh *, Session *, const char *); void do_child(struct ssh *, Session *, const char *); -#ifdef LOGIN_NEEDS_UTMPX -static void do_pre_login(Session *s); -#endif void do_motd(void); int check_quietlogin(Session *, const char *); @@ -656,35 +653,6 @@ do_exec_pty(struct ssh *ssh, Session *s, const char *command) return 0; } -#ifdef LOGIN_NEEDS_UTMPX -static void -do_pre_login(Session *s) -{ - struct ssh *ssh = active_state; /* XXX */ - socklen_t fromlen; - struct sockaddr_storage from; - pid_t pid = getpid(); - - /* - * Get IP address of client. If the connection is not a socket, let - * the address be 0.0.0.0. - */ - memset(&from, 0, sizeof(from)); - fromlen = sizeof(from); - if (packet_connection_is_on_socket()) { - if (getpeername(packet_get_connection_in(), - (struct sockaddr *)&from, &fromlen) < 0) { - debug("getpeername: %.100s", strerror(errno)); - cleanup_exit(255); - } - } - - record_utmp_only(pid, s->tty, s->pw->pw_name, - session_get_remote_name_or_ip(ssh, utmp_len, options.use_dns), - (struct sockaddr *)&from, fromlen); -} -#endif - /* * This is called to fork and execute a command. If another command is * to be forced, execute that instead. diff --git a/ssh-keyscan.c b/ssh-keyscan.c index 38b1c548b..88449f672 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c @@ -83,8 +83,6 @@ fd_set *read_wait; size_t read_wait_nfdset; int ncon; -struct ssh *active_state = NULL; /* XXX needed for linking */ - /* * Keep a connection structure for each file descriptor. The state * associated with file descriptor n is held in fdcon[n]. diff --git a/ssh-keysign.c b/ssh-keysign.c index 7ea5ad0e9..601f6ca72 100644 --- a/ssh-keysign.c +++ b/ssh-keysign.c @@ -59,8 +59,6 @@ #include "sshkey.h" #include "ssherr.h" -struct ssh *active_state = NULL; /* XXX needed for linking */ - extern char *__progname; static int diff --git a/sshd.c b/sshd.c index 58d17e546..f6927672e 100644 --- a/sshd.c +++ b/sshd.c @@ -2080,7 +2080,7 @@ main(int ac, char **av) } #ifdef SSH_AUDIT_EVENTS - audit_event(SSH_AUTH_SUCCESS); + audit_event(ssh, SSH_AUTH_SUCCESS); #endif #ifdef GSSAPI @@ -2128,7 +2128,7 @@ main(int ac, char **av) #endif /* USE_PAM */ #ifdef SSH_AUDIT_EVENTS - PRIVSEP(audit_event(SSH_CONNECTION_CLOSE)); + PRIVSEP(audit_event(ssh, SSH_CONNECTION_CLOSE)); #endif ssh_packet_close(ssh); @@ -2256,8 +2256,8 @@ cleanup_exit(int i) } #ifdef SSH_AUDIT_EVENTS /* done after do_cleanup so it can cancel the PAM auth 'thread' */ - if (!use_privsep || mm_is_monitor()) - audit_event(SSH_CONNECTION_ABANDON); + if (the_active_state != NULL && (!use_privsep || mm_is_monitor())) + audit_event(the_active_state, SSH_CONNECTION_ABANDON); #endif _exit(i); } -- cgit v1.2.3 From 8c53d409baeeaf652c0c125a9b164edc9dbeb6de Mon Sep 17 00:00:00 2001 From: "dtucker@openbsd.org" Date: Tue, 5 Feb 2019 11:35:56 +0000 Subject: upstream: Adapt code in the non-USE_PIPES codepath to the new packet API. This code is not normally reachable since USE_PIPES is always defined. bz#2961, patch from adrian.fita at gmail com. OpenBSD-Commit-ID: 8d8428d678d1d5eb4bb21921df34e8173e6d238a --- session.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'session.c') diff --git a/session.c b/session.c index 4862e5d63..4448e6f1f 100644 --- a/session.c +++ b/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.312 2019/01/19 21:41:53 djm Exp $ */ +/* $OpenBSD: session.c,v 1.313 2019/02/05 11:35:56 dtucker Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -545,7 +545,7 @@ do_exec_no_pty(struct ssh *ssh, Session *s, const char *command) * Enter the interactive session. Note: server_loop must be able to * handle the case that fdin and fdout are the same. */ - session_set_fds(s, inout[1], inout[1], err[1], + session_set_fds(ssh, s, inout[1], inout[1], err[1], s->is_subsystem, 0); #endif return 0; -- cgit v1.2.3 From 2ff2e19653b8c0798b8b8eff209651bdb1be2761 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 8 Feb 2019 14:53:35 +1100 Subject: don't set $MAIL if UsePam=yes PAM typically specifies the user environment if it's enabled, so don't second guess. bz#2937; ok dtucker@ --- session.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'session.c') diff --git a/session.c b/session.c index 4448e6f1f..bced1f65a 100644 --- a/session.c +++ b/session.c @@ -1050,8 +1050,11 @@ do_setup_env(struct ssh *ssh, Session *s, const char *shell) # endif /* HAVE_CYGWIN */ #endif /* HAVE_LOGIN_CAP */ - snprintf(buf, sizeof buf, "%.200s/%.50s", _PATH_MAILDIR, pw->pw_name); - child_set_env(&env, &envsize, "MAIL", buf); + if (!options.use_pam) { + snprintf(buf, sizeof buf, "%.200s/%.50s", + _PATH_MAILDIR, pw->pw_name); + child_set_env(&env, &envsize, "MAIL", buf); + } /* Normal systems set SHELL by default. */ child_set_env(&env, &envsize, "SHELL", shell); -- cgit v1.2.3 From 318e4f8548a4f5c0c913f61e27d4fc21ffb1eaae Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Sun, 10 Feb 2019 11:10:57 +0000 Subject: upstream: syslog when connection is dropped for attempting to run a command when ForceCommand=internal-sftp is in effect; bz2960; ok dtucker@ OpenBSD-Commit-ID: 8c87fa66d7fc6c0fffa3a3c28e8ab5e8dde234b8 --- session.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'session.c') diff --git a/session.c b/session.c index bced1f65a..96167548a 100644 --- a/session.c +++ b/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.313 2019/02/05 11:35:56 dtucker Exp $ */ +/* $OpenBSD: session.c,v 1.314 2019/02/10 11:10:57 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -1510,12 +1510,13 @@ void do_child(struct ssh *ssh, Session *s, const char *command) { extern char **environ; - char **env; - char *argv[ARGV_MAX]; + char **env, *argv[ARGV_MAX], remote_id[512]; const char *shell, *shell0; struct passwd *pw = s->pw; int r = 0; + sshpkt_fmt_connection_id(ssh, remote_id, sizeof(remote_id)); + /* remove hostkey from the child's memory */ destroy_sensitive_data(); ssh_packet_clear_keys(ssh); @@ -1638,6 +1639,8 @@ do_child(struct ssh *ssh, Session *s, const char *command) signal(SIGPIPE, SIG_DFL); if (s->is_subsystem == SUBSYSTEM_INT_SFTP_ERROR) { + error("Connection from %s: refusing non-sftp session", + remote_id); printf("This service allows sftp connections only.\n"); fflush(NULL); exit(1); -- cgit v1.2.3 From 625b62634c33eaef4b80d07529954fe5c6435fe5 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Fri, 22 Feb 2019 03:37:11 +0000 Subject: upstream: perform removal of agent-forwarding directory in forward MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit setup error path with user's privileged. This is a no-op as this code always runs with user privilege now that we no longer support running sshd with privilege separation disabled, but as long as the privsep skeleton is there we should follow the rules. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit bz#2969 with patch from Erik Sjölund OpenBSD-Commit-ID: 2b708401a5a8d6133c865d7698d9852210dca846 --- session.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'session.c') diff --git a/session.c b/session.c index 96167548a..48cfaafbf 100644 --- a/session.c +++ b/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.314 2019/02/10 11:10:57 djm Exp $ */ +/* $OpenBSD: session.c,v 1.315 2019/02/22 03:37:11 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -233,7 +233,9 @@ auth_input_request_forwarding(struct ssh *ssh, struct passwd * pw) authsock_err: free(auth_sock_name); if (auth_sock_dir != NULL) { + temporarily_use_uid(pw); rmdir(auth_sock_dir); + restore_uid(); free(auth_sock_dir); } if (sock != -1) -- cgit v1.2.3 From 885bc114692046d55e2a170b932bdc0092fa3456 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 4 Apr 2019 02:47:40 +1100 Subject: session: Do not use removed API from Jakub Jelen --- session.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'session.c') diff --git a/session.c b/session.c index 48cfaafbf..ac06b08e9 100644 --- a/session.c +++ b/session.c @@ -2620,7 +2620,7 @@ session_setup_x11fwd(struct ssh *ssh, Session *s) he = gethostbyname(hostname); if (he == NULL) { error("Can't get IP address for X11 DISPLAY."); - packet_send_debug("Can't get IP address for X11 DISPLAY."); + ssh_packet_send_debug(ssh, "Can't get IP address for X11 DISPLAY."); return 0; } memcpy(&my_addr, he->h_addr_list[0], sizeof(struct in_addr)); -- cgit v1.2.3