diff options
Diffstat (limited to 'monitor_wrap.c')
| -rw-r--r-- | monitor_wrap.c | 56 |
1 files changed, 31 insertions, 25 deletions
diff --git a/monitor_wrap.c b/monitor_wrap.c index 69212aaf330b..9666bda4ba8a 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_wrap.c,v 1.94 2017/10/02 19:33:20 djm Exp $ */ +/* $OpenBSD: monitor_wrap.c,v 1.99 2018/03/03 03:15:51 djm Exp $ */ /* * Copyright 2002 Niels Provos <provos@citi.umich.edu> * Copyright 2002 Markus Friedl <markus@openbsd.org> @@ -76,7 +76,6 @@ #include "atomicio.h" #include "monitor_fdpass.h" #include "misc.h" -#include "uuencode.h" #include "channels.h" #include "session.h" @@ -287,19 +286,15 @@ out: newopts->x = buffer_get_string(&m, NULL); \ } while (0) #define M_CP_STRARRAYOPT(x, nx) do { \ - for (i = 0; i < newopts->nx; i++) \ - newopts->x[i] = buffer_get_string(&m, NULL); \ - } while (0) -#define M_CP_STRARRAYOPT_ALLOC(x, nx) do { \ newopts->x = newopts->nx == 0 ? \ NULL : xcalloc(newopts->nx, sizeof(*newopts->x)); \ - M_CP_STRARRAYOPT(x, nx); \ + for (i = 0; i < newopts->nx; i++) \ + newopts->x[i] = buffer_get_string(&m, NULL); \ } while (0) /* See comment in servconf.h */ COPY_MATCH_STRING_OPTS(); #undef M_CP_STROPT #undef M_CP_STRARRAYOPT -#undef M_CP_STRARRAYOPT_ALLOC copy_set_server_options(&options, newopts, 1); log_change_level(options.log_level); @@ -356,7 +351,7 @@ mm_inform_authserv(char *service, char *style) /* Do the password authentication */ int -mm_auth_password(Authctxt *authctxt, char *password) +mm_auth_password(struct ssh *ssh, char *password) { Buffer m; int authenticated = 0; @@ -383,34 +378,38 @@ mm_auth_password(Authctxt *authctxt, char *password) } int -mm_user_key_allowed(struct passwd *pw, struct sshkey *key, - int pubkey_auth_attempt) +mm_user_key_allowed(struct ssh *ssh, struct passwd *pw, struct sshkey *key, + int pubkey_auth_attempt, struct sshauthopt **authoptp) { return (mm_key_allowed(MM_USERKEY, NULL, NULL, key, - pubkey_auth_attempt)); + pubkey_auth_attempt, authoptp)); } int mm_hostbased_key_allowed(struct passwd *pw, const char *user, const char *host, struct sshkey *key) { - return (mm_key_allowed(MM_HOSTKEY, user, host, key, 0)); + return (mm_key_allowed(MM_HOSTKEY, user, host, key, 0, NULL)); } int mm_key_allowed(enum mm_keytype type, const char *user, const char *host, - struct sshkey *key, int pubkey_auth_attempt) + struct sshkey *key, int pubkey_auth_attempt, struct sshauthopt **authoptp) { Buffer m; u_char *blob; u_int len; - int allowed = 0, have_forced = 0; + int r, allowed = 0; + struct sshauthopt *opts = NULL; debug3("%s entering", __func__); + if (authoptp != NULL) + *authoptp = NULL; + /* Convert the key to a blob and the pass it over */ if (!key_to_blob(key, &blob, &len)) - return (0); + return 0; buffer_init(&m); buffer_put_int(&m, type); @@ -423,18 +422,24 @@ mm_key_allowed(enum mm_keytype type, const char *user, const char *host, mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYALLOWED, &m); debug3("%s: waiting for MONITOR_ANS_KEYALLOWED", __func__); - mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_KEYALLOWED, &m); + mm_request_receive_expect(pmonitor->m_recvfd, + MONITOR_ANS_KEYALLOWED, &m); allowed = buffer_get_int(&m); - - /* fake forced command */ - auth_clear_options(); - have_forced = buffer_get_int(&m); - forced_command = have_forced ? xstrdup("true") : NULL; - + if (allowed && type == MM_USERKEY) { + if ((r = sshauthopt_deserialise(&m, &opts)) != 0) + fatal("%s: sshauthopt_deserialise: %s", + __func__, ssh_err(r)); + } buffer_free(&m); - return (allowed); + if (authoptp != NULL) { + *authoptp = opts; + opts = NULL; + } + sshauthopt_free(opts); + + return allowed; } /* @@ -445,7 +450,7 @@ mm_key_allowed(enum mm_keytype type, const char *user, const char *host, int mm_sshkey_verify(const struct sshkey *key, const u_char *sig, size_t siglen, - const u_char *data, size_t datalen, u_int compat) + const u_char *data, size_t datalen, const char *sigalg, u_int compat) { Buffer m; u_char *blob; @@ -462,6 +467,7 @@ mm_sshkey_verify(const struct sshkey *key, const u_char *sig, size_t siglen, buffer_put_string(&m, blob, len); buffer_put_string(&m, sig, siglen); buffer_put_string(&m, data, datalen); + buffer_put_cstring(&m, sigalg == NULL ? "" : sigalg); free(blob); mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYVERIFY, &m); |