summaryrefslogtreecommitdiff
path: root/monitor.c
diff options
context:
space:
mode:
Diffstat (limited to 'monitor.c')
-rw-r--r--monitor.c679
1 files changed, 348 insertions, 331 deletions
diff --git a/monitor.c b/monitor.c
index c68e1b0d912f..d4b4b04719bc 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor.c,v 1.180 2018/03/03 03:15:51 djm Exp $ */
+/* $OpenBSD: monitor.c,v 1.186 2018/07/20 03:46:34 djm Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
* Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -56,10 +56,6 @@
# endif
#endif
-#ifdef SKEY
-#include <skey.h>
-#endif
-
#ifdef WITH_OPENSSL
#include <openssl/dh.h>
#endif
@@ -68,21 +64,14 @@
#include "atomicio.h"
#include "xmalloc.h"
#include "ssh.h"
-#include "key.h"
-#include "buffer.h"
+#include "sshkey.h"
+#include "sshbuf.h"
#include "hostfile.h"
#include "auth.h"
#include "cipher.h"
#include "kex.h"
#include "dh.h"
#include "auth-pam.h"
-#ifdef TARGET_OS_MAC /* XXX Broken krb5 headers on Mac */
-#undef TARGET_OS_MAC
-#include "zlib.h"
-#define TARGET_OS_MAC 1
-#else
-#include "zlib.h"
-#endif
#include "packet.h"
#include "auth-options.h"
#include "sshpty.h"
@@ -113,9 +102,7 @@ static Gssctxt *gsscontext = NULL;
extern ServerOptions options;
extern u_int utmp_len;
extern u_char session_id[];
-extern Buffer auth_debug;
-extern int auth_debug_init;
-extern Buffer loginmsg;
+extern struct sshbuf *loginmsg;
extern struct sshauthopt *auth_opts; /* XXX move to permanent ssh->authctxt? */
/* State exported from the child */
@@ -123,46 +110,44 @@ static struct sshbuf *child_state;
/* Functions on the monitor that answer unprivileged requests */
-int mm_answer_moduli(int, Buffer *);
-int mm_answer_sign(int, Buffer *);
-int mm_answer_pwnamallow(int, Buffer *);
-int mm_answer_auth2_read_banner(int, Buffer *);
-int mm_answer_authserv(int, Buffer *);
-int mm_answer_authpassword(int, Buffer *);
-int mm_answer_bsdauthquery(int, Buffer *);
-int mm_answer_bsdauthrespond(int, Buffer *);
-int mm_answer_skeyquery(int, Buffer *);
-int mm_answer_skeyrespond(int, Buffer *);
-int mm_answer_keyallowed(int, Buffer *);
-int mm_answer_keyverify(int, Buffer *);
-int mm_answer_pty(int, Buffer *);
-int mm_answer_pty_cleanup(int, Buffer *);
-int mm_answer_term(int, Buffer *);
-int mm_answer_rsa_keyallowed(int, Buffer *);
-int mm_answer_rsa_challenge(int, Buffer *);
-int mm_answer_rsa_response(int, Buffer *);
-int mm_answer_sesskey(int, Buffer *);
-int mm_answer_sessid(int, Buffer *);
+int mm_answer_moduli(int, struct sshbuf *);
+int mm_answer_sign(int, struct sshbuf *);
+int mm_answer_pwnamallow(int, struct sshbuf *);
+int mm_answer_auth2_read_banner(int, struct sshbuf *);
+int mm_answer_authserv(int, struct sshbuf *);
+int mm_answer_authpassword(int, struct sshbuf *);
+int mm_answer_bsdauthquery(int, struct sshbuf *);
+int mm_answer_bsdauthrespond(int, struct sshbuf *);
+int mm_answer_keyallowed(int, struct sshbuf *);
+int mm_answer_keyverify(int, struct sshbuf *);
+int mm_answer_pty(int, struct sshbuf *);
+int mm_answer_pty_cleanup(int, struct sshbuf *);
+int mm_answer_term(int, struct sshbuf *);
+int mm_answer_rsa_keyallowed(int, struct sshbuf *);
+int mm_answer_rsa_challenge(int, struct sshbuf *);
+int mm_answer_rsa_response(int, struct sshbuf *);
+int mm_answer_sesskey(int, struct sshbuf *);
+int mm_answer_sessid(int, struct sshbuf *);
#ifdef USE_PAM
-int mm_answer_pam_start(int, Buffer *);
-int mm_answer_pam_account(int, Buffer *);
-int mm_answer_pam_init_ctx(int, Buffer *);
-int mm_answer_pam_query(int, Buffer *);
-int mm_answer_pam_respond(int, Buffer *);
-int mm_answer_pam_free_ctx(int, Buffer *);
+int mm_answer_pam_start(int, struct sshbuf *);
+int mm_answer_pam_account(int, struct sshbuf *);
+int mm_answer_pam_init_ctx(int, struct sshbuf *);
+int mm_answer_pam_query(int, struct sshbuf *);
+int mm_answer_pam_respond(int, struct sshbuf *);
+int mm_answer_pam_free_ctx(int, struct sshbuf *);
#endif
#ifdef GSSAPI
-int mm_answer_gss_setup_ctx(int, Buffer *);
-int mm_answer_gss_accept_ctx(int, Buffer *);
-int mm_answer_gss_userok(int, Buffer *);
-int mm_answer_gss_checkmic(int, Buffer *);
+int mm_answer_gss_setup_ctx(int, struct sshbuf *);
+int mm_answer_gss_accept_ctx(int, struct sshbuf *);
+int mm_answer_gss_userok(int, struct sshbuf *);
+int mm_answer_gss_checkmic(int, struct sshbuf *);
#endif
#ifdef SSH_AUDIT_EVENTS
-int mm_answer_audit_event(int, Buffer *);
-int mm_answer_audit_command(int, Buffer *);
+int mm_answer_audit_event(int, struct sshbuf *);
+int mm_answer_audit_command(int, struct sshbuf *);
#endif
static int monitor_read_log(struct monitor *);
@@ -171,7 +156,7 @@ static Authctxt *authctxt;
/* local state for key verify */
static u_char *key_blob = NULL;
-static u_int key_bloblen = 0;
+static size_t key_bloblen = 0;
static int key_blobtype = MM_NOKEY;
static struct sshauthopt *key_opts = NULL;
static char *hostbased_cuser = NULL;
@@ -185,7 +170,7 @@ static pid_t monitor_child_pid;
struct mon_table {
enum monitor_reqtype type;
int flags;
- int (*f)(int, Buffer *);
+ int (*f)(int, struct sshbuf *);
};
#define MON_ISAUTH 0x0004 /* Required for Authentication */
@@ -221,10 +206,6 @@ struct mon_table mon_dispatch_proto20[] = {
{MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery},
{MONITOR_REQ_BSDAUTHRESPOND, MON_AUTH, mm_answer_bsdauthrespond},
#endif
-#ifdef SKEY
- {MONITOR_REQ_SKEYQUERY, MON_ISAUTH, mm_answer_skeyquery},
- {MONITOR_REQ_SKEYRESPOND, MON_AUTH, mm_answer_skeyrespond},
-#endif
{MONITOR_REQ_KEYALLOWED, MON_ISAUTH, mm_answer_keyallowed},
{MONITOR_REQ_KEYVERIFY, MON_AUTH, mm_answer_keyverify},
#ifdef GSSAPI
@@ -300,7 +281,7 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor)
memset(authctxt, 0, sizeof(*authctxt));
ssh->authctxt = authctxt;
- authctxt->loginmsg = &loginmsg;
+ authctxt->loginmsg = loginmsg;
mon_dispatch = mon_dispatch_proto20;
/* Permit requests for moduli and signatures */
@@ -338,13 +319,16 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor)
#ifdef USE_PAM
/* PAM needs to perform account checks after auth */
if (options.use_pam && authenticated) {
- Buffer m;
+ struct sshbuf *m;
- buffer_init(&m);
+ if ((m = sshbuf_new()) == NULL)
+ fatal("%s: sshbuf_new failed",
+ __func__);
mm_request_receive_expect(pmonitor->m_sendfd,
- MONITOR_REQ_PAM_ACCOUNT, &m);
- authenticated = mm_answer_pam_account(pmonitor->m_sendfd, &m);
- buffer_free(&m);
+ MONITOR_REQ_PAM_ACCOUNT, m);
+ authenticated = mm_answer_pam_account(
+ pmonitor->m_sendfd, m);
+ sshbuf_free(m);
}
#endif
}
@@ -428,18 +412,21 @@ monitor_child_postauth(struct monitor *pmonitor)
static int
monitor_read_log(struct monitor *pmonitor)
{
- Buffer logmsg;
+ struct sshbuf *logmsg;
u_int len, level;
char *msg;
+ u_char *p;
+ int r;
- buffer_init(&logmsg);
+ if ((logmsg = sshbuf_new()) == NULL)
+ fatal("%s: sshbuf_new", __func__);
/* Read length */
- buffer_append_space(&logmsg, 4);
- if (atomicio(read, pmonitor->m_log_recvfd,
- buffer_ptr(&logmsg), buffer_len(&logmsg)) != buffer_len(&logmsg)) {
+ if ((r = sshbuf_reserve(logmsg, 4, &p)) != 0)
+ fatal("%s: reserve: %s", __func__, ssh_err(r));
+ if (atomicio(read, pmonitor->m_log_recvfd, p, 4) != 4) {
if (errno == EPIPE) {
- buffer_free(&logmsg);
+ sshbuf_free(logmsg);
debug("%s: child log fd closed", __func__);
close(pmonitor->m_log_recvfd);
pmonitor->m_log_recvfd = -1;
@@ -447,26 +434,28 @@ monitor_read_log(struct monitor *pmonitor)
}
fatal("%s: log fd read: %s", __func__, strerror(errno));
}
- len = buffer_get_int(&logmsg);
+ if ((r = sshbuf_get_u32(logmsg, &len)) != 0)
+ fatal("%s: get len: %s", __func__, ssh_err(r));
if (len <= 4 || len > 8192)
fatal("%s: invalid log message length %u", __func__, len);
/* Read severity, message */
- buffer_clear(&logmsg);
- buffer_append_space(&logmsg, len);
- if (atomicio(read, pmonitor->m_log_recvfd,
- buffer_ptr(&logmsg), buffer_len(&logmsg)) != buffer_len(&logmsg))
+ sshbuf_reset(logmsg);
+ if ((r = sshbuf_reserve(logmsg, len, &p)) != 0)
+ fatal("%s: reserve: %s", __func__, ssh_err(r));
+ if (atomicio(read, pmonitor->m_log_recvfd, p, len) != len)
fatal("%s: log fd read: %s", __func__, strerror(errno));
+ if ((r = sshbuf_get_u32(logmsg, &level)) != 0 ||
+ (r = sshbuf_get_cstring(logmsg, &msg, NULL)) != 0)
+ fatal("%s: decode: %s", __func__, ssh_err(r));
/* Log it */
- level = buffer_get_int(&logmsg);
- msg = buffer_get_string(&logmsg, NULL);
if (log_level_name(level) == NULL)
fatal("%s: invalid log level %u (corrupted message?)",
__func__, level);
do_log2(level, "%s [preauth]", msg);
- buffer_free(&logmsg);
+ sshbuf_free(logmsg);
free(msg);
return 0;
@@ -476,8 +465,8 @@ int
monitor_read(struct monitor *pmonitor, struct mon_table *ent,
struct mon_table **pent)
{
- Buffer m;
- int ret;
+ struct sshbuf *m;
+ int r, ret;
u_char type;
struct pollfd pfd[2];
@@ -504,10 +493,12 @@ monitor_read(struct monitor *pmonitor, struct mon_table *ent,
break; /* Continues below */
}
- buffer_init(&m);
+ if ((m = sshbuf_new()) == NULL)
+ fatal("%s: sshbuf_new", __func__);
- mm_request_receive(pmonitor->m_sendfd, &m);
- type = buffer_get_char(&m);
+ mm_request_receive(pmonitor->m_sendfd, m);
+ if ((r = sshbuf_get_u8(m, &type)) != 0)
+ fatal("%s: decode: %s", __func__, ssh_err(r));
debug3("%s: checking request %d", __func__, type);
@@ -521,8 +512,8 @@ monitor_read(struct monitor *pmonitor, struct mon_table *ent,
if (!(ent->flags & MON_PERMIT))
fatal("%s: unpermitted request %d", __func__,
type);
- ret = (*ent->f)(pmonitor->m_sendfd, &m);
- buffer_free(&m);
+ ret = (*ent->f)(pmonitor->m_sendfd, m);
+ sshbuf_free(m);
/* The child may use this request only once, disable it */
if (ent->flags & MON_ONCE) {
@@ -572,14 +563,16 @@ monitor_reset_key_state(void)
#ifdef WITH_OPENSSL
int
-mm_answer_moduli(int sock, Buffer *m)
+mm_answer_moduli(int sock, struct sshbuf *m)
{
DH *dh;
- int min, want, max;
+ int r;
+ u_int min, want, max;
- min = buffer_get_int(m);
- want = buffer_get_int(m);
- max = buffer_get_int(m);
+ if ((r = sshbuf_get_u32(m, &min)) != 0 ||
+ (r = sshbuf_get_u32(m, &want)) != 0 ||
+ (r = sshbuf_get_u32(m, &max)) != 0)
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
debug3("%s: got parameters: %d %d %d",
__func__, min, want, max);
@@ -588,17 +581,19 @@ mm_answer_moduli(int sock, Buffer *m)
fatal("%s: bad parameters: %d %d %d",
__func__, min, want, max);
- buffer_clear(m);
+ sshbuf_reset(m);
dh = choose_dh(min, want, max);
if (dh == NULL) {
- buffer_put_char(m, 0);
+ if ((r = sshbuf_put_u8(m, 0)) != 0)
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
return (0);
} else {
/* Send first bignum */
- buffer_put_char(m, 1);
- buffer_put_bignum2(m, dh->p);
- buffer_put_bignum2(m, dh->g);
+ if ((r = sshbuf_put_u8(m, 1)) != 0 ||
+ (r = sshbuf_put_bignum2(m, dh->p)) != 0 ||
+ (r = sshbuf_put_bignum2(m, dh->g)) != 0)
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
DH_free(dh);
}
@@ -608,7 +603,7 @@ mm_answer_moduli(int sock, Buffer *m)
#endif
int
-mm_answer_sign(int sock, Buffer *m)
+mm_answer_sign(int sock, struct sshbuf *m)
{
struct ssh *ssh = active_state; /* XXX */
extern int auth_sock; /* XXX move to state struct? */
@@ -618,14 +613,15 @@ mm_answer_sign(int sock, Buffer *m)
char *alg = NULL;
size_t datlen, siglen, alglen;
int r, is_proof = 0;
- u_int keyid;
+ u_int keyid, compat;
const char proof_req[] = "hostkeys-prove-00@openssh.com";
debug3("%s", __func__);
if ((r = sshbuf_get_u32(m, &keyid)) != 0 ||
(r = sshbuf_get_string(m, &p, &datlen)) != 0 ||
- (r = sshbuf_get_cstring(m, &alg, &alglen)) != 0)
+ (r = sshbuf_get_cstring(m, &alg, &alglen)) != 0 ||
+ (r = sshbuf_get_u32(m, &compat)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
if (keyid > INT_MAX)
fatal("%s: invalid key ID", __func__);
@@ -675,13 +671,13 @@ mm_answer_sign(int sock, Buffer *m)
if ((key = get_hostkey_by_index(keyid)) != NULL) {
if ((r = sshkey_sign(key, &signature, &siglen, p, datlen, alg,
- datafellows)) != 0)
+ compat)) != 0)
fatal("%s: sshkey_sign failed: %s",
__func__, ssh_err(r));
} else if ((key = get_hostkey_public_by_index(keyid, ssh)) != NULL &&
auth_sock > 0) {
if ((r = ssh_agent_sign(auth_sock, key, &signature, &siglen,
- p, datlen, alg, datafellows)) != 0) {
+ p, datlen, alg, compat)) != 0) {
fatal("%s: ssh_agent_sign failed: %s",
__func__, ssh_err(r));
}
@@ -710,12 +706,12 @@ mm_answer_sign(int sock, Buffer *m)
/* Retrieves the password entry and also checks if the user is permitted */
int
-mm_answer_pwnamallow(int sock, Buffer *m)
+mm_answer_pwnamallow(int sock, struct sshbuf *m)
{
struct ssh *ssh = active_state; /* XXX */
char *username;
struct passwd *pwent;
- int allowed = 0;
+ int r, allowed = 0;
u_int i;
debug3("%s", __func__);
@@ -723,7 +719,8 @@ mm_answer_pwnamallow(int sock, Buffer *m)
if (authctxt->attempt++ != 0)
fatal("%s: multiple attempts for getpwnam", __func__);
- username = buffer_get_string(m, NULL);
+ if ((r = sshbuf_get_cstring(m, &username, NULL)) != 0)
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
pwent = getpwnamallow(username);
@@ -731,10 +728,11 @@ mm_answer_pwnamallow(int sock, Buffer *m)
setproctitle("%s [priv]", pwent ? username : "unknown");
free(username);
- buffer_clear(m);
+ sshbuf_reset(m);
if (pwent == NULL) {
- buffer_put_char(m, 0);
+ if ((r = sshbuf_put_u8(m, 0)) != 0)
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
authctxt->pw = fakepw();
goto out;
}
@@ -743,31 +741,40 @@ mm_answer_pwnamallow(int sock, Buffer *m)
authctxt->pw = pwent;
authctxt->valid = 1;
- buffer_put_char(m, 1);
- buffer_put_string(m, pwent, sizeof(struct passwd));
- buffer_put_cstring(m, pwent->pw_name);
- buffer_put_cstring(m, "*");
+ /* XXX don't sent pwent to unpriv; send fake class/dir/shell too */
+ if ((r = sshbuf_put_u8(m, 1)) != 0 ||
+ (r = sshbuf_put_string(m, pwent, sizeof(*pwent))) != 0 ||
+ (r = sshbuf_put_cstring(m, pwent->pw_name)) != 0 ||
+ (r = sshbuf_put_cstring(m, "*")) != 0 ||
#ifdef HAVE_STRUCT_PASSWD_PW_GECOS
- buffer_put_cstring(m, pwent->pw_gecos);
+ (r = sshbuf_put_cstring(m, pwent->pw_gecos)) != 0 ||
#endif
#ifdef HAVE_STRUCT_PASSWD_PW_CLASS
- buffer_put_cstring(m, pwent->pw_class);
+ (r = sshbuf_put_cstring(m, pwent->pw_class)) != 0 ||
#endif
- buffer_put_cstring(m, pwent->pw_dir);
- buffer_put_cstring(m, pwent->pw_shell);
+ (r = sshbuf_put_cstring(m, pwent->pw_dir)) != 0 ||
+ (r = sshbuf_put_cstring(m, pwent->pw_shell)) != 0)
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
out:
ssh_packet_set_log_preamble(ssh, "%suser %s",
authctxt->valid ? "authenticating" : "invalid ", authctxt->user);
- buffer_put_string(m, &options, sizeof(options));
+ if ((r = sshbuf_put_string(m, &options, sizeof(options))) != 0)
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
#define M_CP_STROPT(x) do { \
- if (options.x != NULL) \
- buffer_put_cstring(m, options.x); \
+ if (options.x != NULL) { \
+ if ((r = sshbuf_put_cstring(m, options.x)) != 0) \
+ fatal("%s: buffer error: %s", \
+ __func__, ssh_err(r)); \
+ } \
} while (0)
#define M_CP_STRARRAYOPT(x, nx) do { \
- for (i = 0; i < options.nx; i++) \
- buffer_put_cstring(m, options.x[i]); \
+ for (i = 0; i < options.nx; i++) { \
+ if ((r = sshbuf_put_cstring(m, options.x[i])) != 0) \
+ fatal("%s: buffer error: %s", \
+ __func__, ssh_err(r)); \
+ } \
} while (0)
/* See comment in servconf.h */
COPY_MATCH_STRING_OPTS();
@@ -799,13 +806,15 @@ mm_answer_pwnamallow(int sock, Buffer *m)
return (0);
}
-int mm_answer_auth2_read_banner(int sock, Buffer *m)
+int mm_answer_auth2_read_banner(int sock, struct sshbuf *m)
{
char *banner;
+ int r;
- buffer_clear(m);
+ sshbuf_reset(m);
banner = auth2_read_banner();
- buffer_put_cstring(m, banner != NULL ? banner : "");
+ if ((r = sshbuf_put_cstring(m, banner != NULL ? banner : "")) != 0)
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
mm_request_send(sock, MONITOR_ANS_AUTH2_READ_BANNER, m);
free(banner);
@@ -813,12 +822,15 @@ int mm_answer_auth2_read_banner(int sock, Buffer *m)
}
int
-mm_answer_authserv(int sock, Buffer *m)
+mm_answer_authserv(int sock, struct sshbuf *m)
{
+ int r;
+
monitor_permit_authentications(1);
- authctxt->service = buffer_get_string(m, NULL);
- authctxt->style = buffer_get_string(m, NULL);
+ if ((r = sshbuf_get_cstring(m, &authctxt->service, NULL)) != 0 ||
+ (r = sshbuf_get_cstring(m, &authctxt->style, NULL)) != 0)
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
debug3("%s: service=%s, style=%s",
__func__, authctxt->service, authctxt->style);
@@ -831,27 +843,30 @@ mm_answer_authserv(int sock, Buffer *m)
}
int
-mm_answer_authpassword(int sock, Buffer *m)
+mm_answer_authpassword(int sock, struct sshbuf *m)
{
struct ssh *ssh = active_state; /* XXX */
static int call_count;
char *passwd;
- int authenticated;
- u_int plen;
+ int r, authenticated;
+ size_t plen;
if (!options.password_authentication)
fatal("%s: password authentication not enabled", __func__);
- passwd = buffer_get_string(m, &plen);
+ if ((r = sshbuf_get_cstring(m, &passwd, &plen)) != 0)
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
/* Only authenticate if the context is valid */
authenticated = options.password_authentication &&
auth_password(ssh, passwd);
- explicit_bzero(passwd, strlen(passwd));
+ explicit_bzero(passwd, plen);
free(passwd);
- buffer_clear(m);
- buffer_put_int(m, authenticated);
+ sshbuf_reset(m);
+ if ((r = sshbuf_put_u32(m, authenticated)) != 0)
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
#ifdef USE_PAM
- buffer_put_int(m, sshpam_get_maxtries_reached());
+ if ((r = sshbuf_put_u32(m, sshpam_get_maxtries_reached())) != 0)
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
#endif
debug3("%s: sending result %d", __func__, authenticated);
@@ -869,23 +884,25 @@ mm_answer_authpassword(int sock, Buffer *m)
#ifdef BSD_AUTH
int
-mm_answer_bsdauthquery(int sock, Buffer *m)
+mm_answer_bsdauthquery(int sock, struct sshbuf *m)
{
char *name, *infotxt;
- u_int numprompts;
- u_int *echo_on;
+ u_int numprompts, *echo_on, success;
char **prompts;
- u_int success;
+ int r;
if (!options.kbd_interactive_authentication)
fatal("%s: kbd-int authentication not enabled", __func__);
success = bsdauth_query(authctxt, &name, &infotxt, &numprompts,
&prompts, &echo_on) < 0 ? 0 : 1;
- buffer_clear(m);
- buffer_put_int(m, success);
- if (success)
- buffer_put_cstring(m, prompts[0]);
+ sshbuf_reset(m);
+ if ((r = sshbuf_put_u32(m, success)) != 0)
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
+ if (success) {
+ if ((r = sshbuf_put_cstring(m, prompts[0])) != 0)
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
+ }
debug3("%s: sending challenge success: %u", __func__, success);
mm_request_send(sock, MONITOR_ANS_BSDAUTHQUERY, m);
@@ -901,25 +918,27 @@ mm_answer_bsdauthquery(int sock, Buffer *m)
}
int
-mm_answer_bsdauthrespond(int sock, Buffer *m)
+mm_answer_bsdauthrespond(int sock, struct sshbuf *m)
{
char *response;
- int authok;
+ int r, authok;
if (!options.kbd_interactive_authentication)
fatal("%s: kbd-int authentication not enabled", __func__);
if (authctxt->as == NULL)
fatal("%s: no bsd auth session", __func__);
- response = buffer_get_string(m, NULL);
+ if ((r = sshbuf_get_cstring(m, &response, NULL)) != 0)
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
authok = options.challenge_response_authentication &&
auth_userresponse(authctxt->as, response, 0);
authctxt->as = NULL;
debug3("%s: <%s> = <%d>", __func__, response, authok);
free(response);
- buffer_clear(m);
- buffer_put_int(m, authok);
+ sshbuf_reset(m);
+ if ((r = sshbuf_put_u32(m, authok)) != 0)
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
debug3("%s: sending authenticated: %d", __func__, authok);
mm_request_send(sock, MONITOR_ANS_BSDAUTHRESPOND, m);
@@ -931,59 +950,9 @@ mm_answer_bsdauthrespond(int sock, Buffer *m)
}
#endif
-#ifdef SKEY
-int
-mm_answer_skeyquery(int sock, Buffer *m)
-{
- struct skey skey;
- char challenge[1024];
- u_int success;
-
- success = _compat_skeychallenge(&skey, authctxt->user, challenge,
- sizeof(challenge)) < 0 ? 0 : 1;
-
- buffer_clear(m);
- buffer_put_int(m, success);
- if (success)
- buffer_put_cstring(m, challenge);
-
- debug3("%s: sending challenge success: %u", __func__, success);
- mm_request_send(sock, MONITOR_ANS_SKEYQUERY, m);
-
- return (0);
-}
-
-int
-mm_answer_skeyrespond(int sock, Buffer *m)
-{
- char *response;
- int authok;
-
- response = buffer_get_string(m, NULL);
-
- authok = (options.challenge_response_authentication &&
- authctxt->valid &&
- skey_haskey(authctxt->pw->pw_name) == 0 &&
- skey_passcheck(authctxt->pw->pw_name, response) != -1);
-
- free(response);
-
- buffer_clear(m);
- buffer_put_int(m, authok);
-
- debug3("%s: sending authenticated: %d", __func__, authok);
- mm_request_send(sock, MONITOR_ANS_SKEYRESPOND, m);
-
- auth_method = "keyboard-interactive";
- auth_submethod = "skey";
-
- return (authok != 0);
-}
-#endif
-
#ifdef USE_PAM
int
-mm_answer_pam_start(int sock, Buffer *m)
+mm_answer_pam_start(int sock, struct sshbuf *m)
{
if (!options.use_pam)
fatal("UsePAM not set, but ended up in %s anyway", __func__);
@@ -998,17 +967,19 @@ mm_answer_pam_start(int sock, Buffer *m)
}
int
-mm_answer_pam_account(int sock, Buffer *m)
+mm_answer_pam_account(int sock, struct sshbuf *m)
{
u_int ret;
+ int r;
if (!options.use_pam)
fatal("%s: PAM not enabled", __func__);
ret = do_pam_account();
- buffer_put_int(m, ret);
- buffer_put_string(m, buffer_ptr(&loginmsg), buffer_len(&loginmsg));
+ if ((r = sshbuf_put_u32(m, ret)) != 0 ||
+ (r = sshbuf_put_stringb(m, loginmsg)) != 0)
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
mm_request_send(sock, MONITOR_ANS_PAM_ACCOUNT, m);
@@ -1019,8 +990,11 @@ static void *sshpam_ctxt, *sshpam_authok;
extern KbdintDevice sshpam_device;
int
-mm_answer_pam_init_ctx(int sock, Buffer *m)
+mm_answer_pam_init_ctx(int sock, struct sshbuf *m)
{
+ u_int ok = 0;
+ int r;
+
debug3("%s", __func__);
if (!options.kbd_interactive_authentication)
fatal("%s: kbd-int authentication not enabled", __func__);
@@ -1028,24 +1002,24 @@ mm_answer_pam_init_ctx(int sock, Buffer *m)
fatal("%s: already called", __func__);
sshpam_ctxt = (sshpam_device.init_ctx)(authctxt);
sshpam_authok = NULL;
- buffer_clear(m);
+ sshbuf_reset(m);
if (sshpam_ctxt != NULL) {
monitor_permit(mon_dispatch, MONITOR_REQ_PAM_FREE_CTX, 1);
monitor_permit(mon_dispatch, MONITOR_REQ_PAM_QUERY, 1);
- buffer_put_int(m, 1);
- } else {
- buffer_put_int(m, 0);
+ ok = 1;
}
+ if ((r = sshbuf_put_u32(m, ok)) != 0)
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
mm_request_send(sock, MONITOR_ANS_PAM_INIT_CTX, m);
return (0);
}
int
-mm_answer_pam_query(int sock, Buffer *m)
+mm_answer_pam_query(int sock, struct sshbuf *m)
{
char *name = NULL, *info = NULL, **prompts = NULL;
u_int i, num = 0, *echo_on = 0;
- int ret;
+ int r, ret;
debug3("%s", __func__);
sshpam_authok = NULL;
@@ -1058,18 +1032,20 @@ mm_answer_pam_query(int sock, Buffer *m)
if (num > 1 || name == NULL || info == NULL)
fatal("sshpam_device.query failed");
monitor_permit(mon_dispatch, MONITOR_REQ_PAM_RESPOND, 1);
- buffer_clear(m);
- buffer_put_int(m, ret);
- buffer_put_cstring(m, name);
+ sshbuf_reset(m);
+ if ((r = sshbuf_put_u32(m, ret)) != 0 ||
+ (r = sshbuf_put_cstring(m, name)) != 0 ||
+ (r = sshbuf_put_cstring(m, info)) != 0 ||
+ (r = sshbuf_put_u32(m, sshpam_get_maxtries_reached())) != 0 ||
+ (r = sshbuf_put_u32(m, num)) != 0)
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
free(name);
- buffer_put_cstring(m, info);
free(info);
- buffer_put_int(m, sshpam_get_maxtries_reached());
- buffer_put_int(m, num);
for (i = 0; i < num; ++i) {
- buffer_put_cstring(m, prompts[i]);
+ if ((r = sshbuf_put_cstring(m, prompts[i])) != 0 ||
+ (r = sshbuf_put_u32(m, echo_on[i])) != 0)
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
free(prompts[i]);
- buffer_put_int(m, echo_on[i]);
}
free(prompts);
free(echo_on);
@@ -1080,21 +1056,25 @@ mm_answer_pam_query(int sock, Buffer *m)
}
int
-mm_answer_pam_respond(int sock, Buffer *m)
+mm_answer_pam_respond(int sock, struct sshbuf *m)
{
char **resp;
u_int i, num;
- int ret;
+ int r, ret;
debug3("%s", __func__);
if (sshpam_ctxt == NULL)
fatal("%s: no context", __func__);
sshpam_authok = NULL;
- num = buffer_get_int(m);
+ if ((r = sshbuf_get_u32(m, &num)) != 0)
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
if (num > 0) {
resp = xcalloc(num, sizeof(char *));
- for (i = 0; i < num; ++i)
- resp[i] = buffer_get_string(m, NULL);
+ for (i = 0; i < num; ++i) {
+ if ((r = sshbuf_get_cstring(m, &(resp[i]), NULL)) != 0)
+ fatal("%s: buffer error: %s",
+ __func__, ssh_err(r));
+ }
ret = (sshpam_device.respond)(sshpam_ctxt, num, resp);
for (i = 0; i < num; ++i)
free(resp[i]);
@@ -1102,8 +1082,9 @@ mm_answer_pam_respond(int sock, Buffer *m)
} else {
ret = (sshpam_device.respond)(sshpam_ctxt, num, NULL);
}
- buffer_clear(m);
- buffer_put_int(m, ret);
+ sshbuf_reset(m);
+ if ((r = sshbuf_put_u32(m, ret)) != 0)
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
mm_request_send(sock, MONITOR_ANS_PAM_RESPOND, m);
auth_method = "keyboard-interactive";
auth_submethod = "pam";
@@ -1113,7 +1094,7 @@ mm_answer_pam_respond(int sock, Buffer *m)
}
int
-mm_answer_pam_free_ctx(int sock, Buffer *m)
+mm_answer_pam_free_ctx(int sock, struct sshbuf *m)
{
int r = sshpam_authok != NULL && sshpam_authok == sshpam_ctxt;
@@ -1122,7 +1103,7 @@ mm_answer_pam_free_ctx(int sock, Buffer *m)
fatal("%s: no context", __func__);
(sshpam_device.free_ctx)(sshpam_ctxt);
sshpam_ctxt = sshpam_authok = NULL;
- buffer_clear(m);
+ sshbuf_reset(m);
mm_request_send(sock, MONITOR_ANS_PAM_FREE_CTX, m);
/* Allow another attempt */
monitor_permit(mon_dispatch, MONITOR_REQ_PAM_INIT_CTX, 1);
@@ -1133,31 +1114,29 @@ mm_answer_pam_free_ctx(int sock, Buffer *m)
#endif
int
-mm_answer_keyallowed(int sock, Buffer *m)
+mm_answer_keyallowed(int sock, struct sshbuf *m)
{
struct ssh *ssh = active_state; /* XXX */
- struct sshkey *key;
+ struct sshkey *key = NULL;
char *cuser, *chost;
- u_char *blob;
- u_int bloblen, pubkey_auth_attempt;
+ u_int pubkey_auth_attempt;
enum mm_keytype type = 0;
int r, allowed = 0;
struct sshauthopt *opts = NULL;
debug3("%s entering", __func__);
- type = buffer_get_int(m);
- cuser = buffer_get_string(m, NULL);
- chost = buffer_get_string(m, NULL);
- blob = buffer_get_string(m, &bloblen);
- pubkey_auth_attempt = buffer_get_int(m);
-
- key = key_from_blob(blob, bloblen);
+ if ((r = sshbuf_get_u32(m, &type)) != 0 ||
+ (r = sshbuf_get_cstring(m, &cuser, NULL)) != 0 ||
+ (r = sshbuf_get_cstring(m, &chost, NULL)) != 0 ||
+ (r = sshkey_froms(m, &key)) != 0 ||
+ (r = sshbuf_get_u32(m, &pubkey_auth_attempt)) != 0)
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
debug3("%s: key_from_blob: %p", __func__, key);
if (key != NULL && authctxt->valid) {
/* These should not make it past the privsep child */
- if (key_type_plain(key->type) == KEY_RSA &&
+ if (sshkey_type_plain(key->type) == KEY_RSA &&
(datafellows & SSH_BUG_RSASIGMD5) != 0)
fatal("%s: passed a SSH_BUG_RSASIGMD5 key", __func__);
@@ -1201,15 +1180,14 @@ mm_answer_keyallowed(int sock, Buffer *m)
allowed ? "allowed" : "not allowed");
auth2_record_key(authctxt, 0, key);
- sshkey_free(key);
/* clear temporarily storage (used by verify) */
monitor_reset_key_state();
if (allowed) {
/* Save temporarily for comparison in verify */
- key_blob = blob;
- key_bloblen = bloblen;
+ if ((r = sshkey_to_blob(key, &key_blob, &key_bloblen)) != 0)
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
key_blobtype = type;
key_opts = opts;
hostbased_cuser = cuser;
@@ -1217,13 +1195,14 @@ mm_answer_keyallowed(int sock, Buffer *m)
} else {
/* Log failed attempt */
auth_log(authctxt, 0, 0, auth_method, NULL);
- free(blob);
free(cuser);
free(chost);
}
+ sshkey_free(key);
- buffer_clear(m);
- buffer_put_int(m, allowed);
+ sshbuf_reset(m);
+ if ((r = sshbuf_put_u32(m, allowed)) != 0)
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
if (opts != NULL && (r = sshauthopt_serialise(opts, m, 1)) != 0)
fatal("%s: sshauthopt_serialise: %s", __func__, ssh_err(r));
mm_request_send(sock, MONITOR_ANS_KEYALLOWED, m);
@@ -1237,34 +1216,41 @@ mm_answer_keyallowed(int sock, Buffer *m)
static int
monitor_valid_userblob(u_char *data, u_int datalen)
{
- Buffer b;
- u_char *p;
+ struct sshbuf *b;
+ const u_char *p;
char *userstyle, *cp;
- u_int len;
- int fail = 0;
+ size_t len;
+ u_char type;
+ int r, fail = 0;
- buffer_init(&b);
- buffer_append(&b, data, datalen);
+ if ((b = sshbuf_new()) == NULL)
+ fatal("%s: sshbuf_new", __func__);
+ if ((r = sshbuf_put(b, data, datalen)) != 0)
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
if (datafellows & SSH_OLD_SESSIONID) {
- p = buffer_ptr(&b);
- len = buffer_len(&b);
+ p = sshbuf_ptr(b);
+ len = sshbuf_len(b);
if ((session_id2 == NULL) ||
(len < session_id2_len) ||
(timingsafe_bcmp(p, session_id2, session_id2_len) != 0))
fail++;
- buffer_consume(&b, session_id2_len);
+ if ((r = sshbuf_consume(b, session_id2_len)) != 0)
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
} else {
- p = buffer_get_string(&b, &len);
+ if ((r = sshbuf_get_string_direct(b, &p, &len)) != 0)
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
if ((session_id2 == NULL) ||
(len != session_id2_len) ||
(timingsafe_bcmp(p, session_id2, session_id2_len) != 0))
fail++;
- free(p);
}
- if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST)
+ if ((r = sshbuf_get_u8(b, &type)) != 0)
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
+ if (type != SSH2_MSG_USERAUTH_REQUEST)
fail++;
- cp = buffer_get_cstring(&b, NULL);
+ if ((r = sshbuf_get_cstring(b, &cp, NULL)) != 0)
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
xasprintf(&userstyle, "%s%s%s", authctxt->user,
authctxt->style ? ":" : "",
authctxt->style ? authctxt->style : "");
@@ -1275,18 +1261,22 @@ monitor_valid_userblob(u_char *data, u_int datalen)
}
free(userstyle);
free(cp);
- buffer_skip_string(&b);
- cp = buffer_get_cstring(&b, NULL);
+ if ((r = sshbuf_skip_string(b)) != 0 || /* service */
+ (r = sshbuf_get_cstring(b, &cp, NULL)) != 0)
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
if (strcmp("publickey", cp) != 0)
fail++;
free(cp);
- if (!buffer_get_char(&b))
+ if ((r = sshbuf_get_u8(b, &type)) != 0)
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
+ if (type == 0)
fail++;
- buffer_skip_string(&b);
- buffer_skip_string(&b);
- if (buffer_len(&b) != 0)
+ if ((r = sshbuf_skip_string(b)) != 0 || /* pkalg */
+ (r = sshbuf_skip_string(b)) != 0) /* pkblob */
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
+ if (sshbuf_len(b) != 0)
fail++;
- buffer_free(&b);
+ sshbuf_free(b);
return (fail == 0);
}
@@ -1294,59 +1284,69 @@ static int
monitor_valid_hostbasedblob(u_char *data, u_int datalen, char *cuser,
char *chost)
{
- Buffer b;
- char *p, *userstyle;
- u_int len;
- int fail = 0;
+ struct sshbuf *b;
+ const u_char *p;
+ char *cp, *userstyle;
+ size_t len;
+ int r, fail = 0;
+ u_char type;
- buffer_init(&b);
- buffer_append(&b, data, datalen);
+ if ((b = sshbuf_new()) == NULL)
+ fatal("%s: sshbuf_new", __func__);
+ if ((r = sshbuf_put(b, data, datalen)) != 0 ||
+ (r = sshbuf_get_string_direct(b, &p, &len)) != 0)
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
- p = buffer_get_string(&b, &len);
if ((session_id2 == NULL) ||
(len != session_id2_len) ||
(timingsafe_bcmp(p, session_id2, session_id2_len) != 0))
fail++;
- free(p);
- if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST)
+ if ((r = sshbuf_get_u8(b, &type)) != 0)
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
+ if (type != SSH2_MSG_USERAUTH_REQUEST)
fail++;
- p = buffer_get_cstring(&b, NULL);
+ if ((r = sshbuf_get_cstring(b, &cp, NULL)) != 0)
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
xasprintf(&userstyle, "%s%s%s", authctxt->user,
authctxt->style ? ":" : "",
authctxt->style ? authctxt->style : "");
- if (strcmp(userstyle, p) != 0) {
- logit("wrong user name passed to monitor: expected %s != %.100s",
- userstyle, p);
+ if (strcmp(userstyle, cp) != 0) {
+ logit("wrong user name passed to monitor: "
+ "expected %s != %.100s", userstyle, cp);
fail++;
}
free(userstyle);
- free(p);
- buffer_skip_string(&b); /* service */
- p = buffer_get_cstring(&b, NULL);
- if (strcmp(p, "hostbased") != 0)
+ free(cp);
+ if ((r = sshbuf_skip_string(b)) != 0 || /* service */
+ (r = sshbuf_get_cstring(b, &cp, NULL)) != 0)
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
+ if (strcmp(cp, "hostbased") != 0)
fail++;
- free(p);
- buffer_skip_string(&b); /* pkalg */
- buffer_skip_string(&b); /* pkblob */
+ free(cp);
+ if ((r = sshbuf_skip_string(b)) != 0 || /* pkalg */
+ (r = sshbuf_skip_string(b)) != 0) /* pkblob */
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
/* verify client host, strip trailing dot if necessary */
- p = buffer_get_string(&b, NULL);
- if (((len = strlen(p)) > 0) && p[len - 1] == '.')
- p[len - 1] = '\0';
- if (strcmp(p, chost) != 0)
+ if ((r = sshbuf_get_cstring(b, &cp, NULL)) != 0)
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
+ if (((len = strlen(cp)) > 0) && cp[len - 1] == '.')
+ cp[len - 1] = '\0';
+ if (strcmp(cp, chost) != 0)
fail++;
- free(p);
+ free(cp);
/* verify client user */
- p = buffer_get_string(&b, NULL);
- if (strcmp(p, cuser) != 0)
+ if ((r = sshbuf_get_cstring(b, &cp, NULL)) != 0)
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
+ if (strcmp(cp, cuser) != 0)
fail++;
- free(p);
+ free(cp);
- if (buffer_len(&b) != 0)
+ if (sshbuf_len(b) != 0)
fail++;
- buffer_free(&b);
+ sshbuf_free(b);
return (fail == 0);
}
@@ -1462,15 +1462,15 @@ mm_session_close(Session *s)
}
int
-mm_answer_pty(int sock, Buffer *m)
+mm_answer_pty(int sock, struct sshbuf *m)
{
extern struct monitor *pmonitor;
Session *s;
- int res, fd0;
+ int r, res, fd0;
debug3("%s entering", __func__);
- buffer_clear(m);
+ sshbuf_reset(m);
s = session_new();
if (s == NULL)
goto error;
@@ -1482,8 +1482,9 @@ mm_answer_pty(int sock, Buffer *m)
goto error;
pty_setowner(authctxt->pw, s->tty);
- buffer_put_int(m, 1);
- buffer_put_cstring(m, s->tty);
+ if ((r = sshbuf_put_u32(m, 1)) != 0 ||
+ (r = sshbuf_put_cstring(m, s->tty)) != 0)
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
/* We need to trick ttyslot */
if (dup2(s->ttyfd, 0) == -1)
@@ -1495,8 +1496,9 @@ mm_answer_pty(int sock, Buffer *m)
close(0);
/* send messages generated by record_login */
- buffer_put_string(m, buffer_ptr(&loginmsg), buffer_len(&loginmsg));
- buffer_clear(&loginmsg);
+ if ((r = sshbuf_put_stringb(m, loginmsg)) != 0)
+ fatal("%s: put login message: %s", __func__, ssh_err(r));
+ sshbuf_reset(loginmsg);
mm_request_send(sock, MONITOR_ANS_PTY, m);
@@ -1523,29 +1525,32 @@ mm_answer_pty(int sock, Buffer *m)
error:
if (s != NULL)
mm_session_close(s);
- buffer_put_int(m, 0);
+ if ((r = sshbuf_put_u32(m, 0)) != 0)
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
mm_request_send(sock, MONITOR_ANS_PTY, m);
return (0);
}
int
-mm_answer_pty_cleanup(int sock, Buffer *m)
+mm_answer_pty_cleanup(int sock, struct sshbuf *m)
{
Session *s;
char *tty;
+ int r;
debug3("%s entering", __func__);
- tty = buffer_get_string(m, NULL);
+ if ((r = sshbuf_get_cstring(m, &tty, NULL)) != 0)
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
if ((s = session_by_tty(tty)) != NULL)
mm_session_close(s);
- buffer_clear(m);
+ sshbuf_reset(m);
free(tty);
return (0);
}
int
-mm_answer_term(int sock, Buffer *req)
+mm_answer_term(int sock, struct sshbuf *req)
{
struct ssh *ssh = active_state; /* XXX */
extern struct monitor *pmonitor;
@@ -1574,14 +1579,18 @@ mm_answer_term(int sock, Buffer *req)
#ifdef SSH_AUDIT_EVENTS
/* Report that an audit event occurred */
int
-mm_answer_audit_event(int socket, Buffer *m)
+mm_answer_audit_event(int socket, struct sshbuf *m)
{
+ u_int n;
ssh_audit_event_t event;
+ int r;
debug3("%s entering", __func__);
- event = buffer_get_int(m);
- switch(event) {
+ if ((r = sshbuf_get_u32(m, &n)) != 0)
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
+ event = (ssh_audit_event_t)n;
+ switch (event) {
case SSH_AUTH_FAIL_PUBKEY:
case SSH_AUTH_FAIL_HOSTBASED:
case SSH_AUTH_FAIL_GSSAPI:
@@ -1599,13 +1608,14 @@ mm_answer_audit_event(int socket, Buffer *m)
}
int
-mm_answer_audit_command(int socket, Buffer *m)
+mm_answer_audit_command(int socket, struct sshbuf *m)
{
- u_int len;
char *cmd;
+ int r;
debug3("%s entering", __func__);
- cmd = buffer_get_string(m, &len);
+ if ((r = sshbuf_get_cstring(m, &cmd, NULL)) != 0)
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
/* sanity check command, if so how? */
audit_run_command(cmd);
free(cmd);
@@ -1734,24 +1744,29 @@ monitor_reinit(struct monitor *mon)
#ifdef GSSAPI
int
-mm_answer_gss_setup_ctx(int sock, Buffer *m)
+mm_answer_gss_setup_ctx(int sock, struct sshbuf *m)
{
gss_OID_desc goid;
OM_uint32 major;
- u_int len;
+ size_t len;
+ u_char *p;
+ int r;
if (!options.gss_authentication)
fatal("%s: GSSAPI authentication not enabled", __func__);
- goid.elements = buffer_get_string(m, &len);
+ if ((r = sshbuf_get_string(m, &p, &len)) != 0)
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
+ goid.elements = p;
goid.length = len;
major = ssh_gssapi_server_ctx(&gsscontext, &goid);
free(goid.elements);
- buffer_clear(m);
- buffer_put_int(m, major);
+ sshbuf_reset(m);
+ if ((r = sshbuf_put_u32(m, major)) != 0)
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
mm_request_send(sock, MONITOR_ANS_GSSSETUP, m);
@@ -1762,26 +1777,27 @@ mm_answer_gss_setup_ctx(int sock, Buffer *m)
}
int
-mm_answer_gss_accept_ctx(int sock, Buffer *m)
+mm_answer_gss_accept_ctx(int sock, struct sshbuf *m)
{
gss_buffer_desc in;
gss_buffer_desc out = GSS_C_EMPTY_BUFFER;
OM_uint32 major, minor;
OM_uint32 flags = 0; /* GSI needs this */
- u_int len;
+ int r;
if (!options.gss_authentication)
fatal("%s: GSSAPI authentication not enabled", __func__);
- in.value = buffer_get_string(m, &len);
- in.length = len;
+ if ((r = ssh_gssapi_get_buffer_desc(m, &in)) != 0)
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
major = ssh_gssapi_accept_ctx(gsscontext, &in, &out, &flags);
free(in.value);
- buffer_clear(m);
- buffer_put_int(m, major);
- buffer_put_string(m, out.value, out.length);
- buffer_put_int(m, flags);
+ sshbuf_reset(m);
+ if ((r = sshbuf_put_u32(m, major)) != 0 ||
+ (r = sshbuf_put_string(m, out.value, out.length)) != 0 ||
+ (r = sshbuf_put_u32(m, flags)) != 0)
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
mm_request_send(sock, MONITOR_ANS_GSSSTEP, m);
gss_release_buffer(&minor, &out);
@@ -1795,27 +1811,27 @@ mm_answer_gss_accept_ctx(int sock, Buffer *m)
}
int
-mm_answer_gss_checkmic(int sock, Buffer *m)
+mm_answer_gss_checkmic(int sock, struct sshbuf *m)
{
gss_buffer_desc gssbuf, mic;
OM_uint32 ret;
- u_int len;
+ int r;
if (!options.gss_authentication)
fatal("%s: GSSAPI authentication not enabled", __func__);
- gssbuf.value = buffer_get_string(m, &len);
- gssbuf.length = len;
- mic.value = buffer_get_string(m, &len);
- mic.length = len;
+ if ((r = ssh_gssapi_get_buffer_desc(m, &gssbuf)) != 0 ||
+ (r = ssh_gssapi_get_buffer_desc(m, &mic)) != 0)
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
ret = ssh_gssapi_checkmic(gsscontext, &gssbuf, &mic);
free(gssbuf.value);
free(mic.value);
- buffer_clear(m);
- buffer_put_int(m, ret);
+ sshbuf_reset(m);
+ if ((r = sshbuf_put_u32(m, ret)) != 0)
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
mm_request_send(sock, MONITOR_ANS_GSSCHECKMIC, m);
@@ -1826,9 +1842,9 @@ mm_answer_gss_checkmic(int sock, Buffer *m)
}
int
-mm_answer_gss_userok(int sock, Buffer *m)
+mm_answer_gss_userok(int sock, struct sshbuf *m)
{
- int authenticated;
+ int r, authenticated;
const char *displayname;
if (!options.gss_authentication)
@@ -1836,8 +1852,9 @@ mm_answer_gss_userok(int sock, Buffer *m)
authenticated = authctxt->valid && ssh_gssapi_userok(authctxt->user);
- buffer_clear(m);
- buffer_put_int(m, authenticated);
+ sshbuf_reset(m);
+ if ((r = sshbuf_put_u32(m, authenticated)) != 0)
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
debug3("%s: sending result %d", __func__, authenticated);
mm_request_send(sock, MONITOR_ANS_GSSUSEROK, m);
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-11 03:11:54 +0000