diff options
Diffstat (limited to 'monitor_wrap.c')
-rw-r--r-- | monitor_wrap.c | 726 |
1 files changed, 384 insertions, 342 deletions
diff --git a/monitor_wrap.c b/monitor_wrap.c index 9666bda4ba8a..732fb3476bf0 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_wrap.c,v 1.99 2018/03/03 03:15:51 djm Exp $ */ +/* $OpenBSD: monitor_wrap.c,v 1.107 2018/07/20 03:46:34 djm Exp $ */ /* * Copyright 2002 Niels Provos <provos@citi.umich.edu> * Copyright 2002 Markus Friedl <markus@openbsd.org> @@ -50,8 +50,8 @@ #ifdef WITH_OPENSSL #include "dh.h" #endif -#include "buffer.h" -#include "key.h" +#include "sshbuf.h" +#include "sshkey.h" #include "cipher.h" #include "kex.h" #include "hostfile.h" @@ -61,13 +61,6 @@ #include "mac.h" #include "log.h" #include "auth-pam.h" -#ifdef TARGET_OS_MAC /* XXX Broken krb5 headers on Mac */ -#undef TARGET_OS_MAC -#include "zlib.h" -#define TARGET_OS_MAC 1 -#else -#include "zlib.h" -#endif #include "monitor.h" #ifdef GSSAPI #include "ssh-gss.h" @@ -84,36 +77,35 @@ #include "ssherr.h" /* Imports */ -extern z_stream incoming_stream; -extern z_stream outgoing_stream; extern struct monitor *pmonitor; -extern Buffer loginmsg; +extern struct sshbuf *loginmsg; extern ServerOptions options; void mm_log_handler(LogLevel level, const char *msg, void *ctx) { - Buffer log_msg; + struct sshbuf *log_msg; struct monitor *mon = (struct monitor *)ctx; + int r; + size_t len; if (mon->m_log_sendfd == -1) fatal("%s: no log channel", __func__); - buffer_init(&log_msg); - /* - * Placeholder for packet length. Will be filled in with the actual - * packet length once the packet has been constucted. This saves - * fragile math. - */ - buffer_put_int(&log_msg, 0); + if ((log_msg = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); - buffer_put_int(&log_msg, level); - buffer_put_cstring(&log_msg, msg); - put_u32(buffer_ptr(&log_msg), buffer_len(&log_msg) - 4); - if (atomicio(vwrite, mon->m_log_sendfd, buffer_ptr(&log_msg), - buffer_len(&log_msg)) != buffer_len(&log_msg)) + if ((r = sshbuf_put_u32(log_msg, 0)) != 0 || /* length; filled below */ + (r = sshbuf_put_u32(log_msg, level)) != 0 || + (r = sshbuf_put_cstring(log_msg, msg)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + if ((len = sshbuf_len(log_msg)) < 4 || len > 0xffffffff) + fatal("%s: bad length %zu", __func__, len); + POKE_U32(sshbuf_mutable_ptr(log_msg), len - 4); + if (atomicio(vwrite, mon->m_log_sendfd, + sshbuf_mutable_ptr(log_msg), len) != len) fatal("%s: write: %s", __func__, strerror(errno)); - buffer_free(&log_msg); + sshbuf_free(log_msg); } int @@ -127,26 +119,29 @@ mm_is_monitor(void) } void -mm_request_send(int sock, enum monitor_reqtype type, Buffer *m) +mm_request_send(int sock, enum monitor_reqtype type, struct sshbuf *m) { - u_int mlen = buffer_len(m); + size_t mlen = sshbuf_len(m); u_char buf[5]; debug3("%s entering: type %d", __func__, type); - put_u32(buf, mlen + 1); + if (mlen >= 0xffffffff) + fatal("%s: bad length %zu", __func__, mlen); + POKE_U32(buf, mlen + 1); buf[4] = (u_char) type; /* 1st byte of payload is mesg-type */ if (atomicio(vwrite, sock, buf, sizeof(buf)) != sizeof(buf)) fatal("%s: write: %s", __func__, strerror(errno)); - if (atomicio(vwrite, sock, buffer_ptr(m), mlen) != mlen) + if (atomicio(vwrite, sock, sshbuf_mutable_ptr(m), mlen) != mlen) fatal("%s: write: %s", __func__, strerror(errno)); } void -mm_request_receive(int sock, Buffer *m) +mm_request_receive(int sock, struct sshbuf *m) { - u_char buf[4]; + u_char buf[4], *p = NULL; u_int msg_len; + int r; debug3("%s entering", __func__); @@ -155,24 +150,27 @@ mm_request_receive(int sock, Buffer *m) cleanup_exit(255); fatal("%s: read: %s", __func__, strerror(errno)); } - msg_len = get_u32(buf); + msg_len = PEEK_U32(buf); if (msg_len > 256 * 1024) fatal("%s: read: bad msg_len %d", __func__, msg_len); - buffer_clear(m); - buffer_append_space(m, msg_len); - if (atomicio(read, sock, buffer_ptr(m), msg_len) != msg_len) + sshbuf_reset(m); + if ((r = sshbuf_reserve(m, msg_len, &p)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + if (atomicio(read, sock, p, msg_len) != msg_len) fatal("%s: read: %s", __func__, strerror(errno)); } void -mm_request_receive_expect(int sock, enum monitor_reqtype type, Buffer *m) +mm_request_receive_expect(int sock, enum monitor_reqtype type, struct sshbuf *m) { u_char rtype; + int r; debug3("%s entering: type %d", __func__, type); mm_request_receive(sock, m); - rtype = buffer_get_char(m); + if ((r = sshbuf_get_u8(m, &rtype)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); if (rtype != type) fatal("%s: read: rtype %d != type %d", __func__, rtype, type); @@ -183,20 +181,24 @@ DH * mm_choose_dh(int min, int nbits, int max) { BIGNUM *p, *g; - int success = 0; - Buffer m; + int r; + u_char success = 0; + struct sshbuf *m; - buffer_init(&m); - buffer_put_int(&m, min); - buffer_put_int(&m, nbits); - buffer_put_int(&m, max); + if ((m = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + if ((r = sshbuf_put_u32(m, min)) != 0 || + (r = sshbuf_put_u32(m, nbits)) != 0 || + (r = sshbuf_put_u32(m, max)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_MODULI, &m); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_MODULI, m); debug3("%s: waiting for MONITOR_ANS_MODULI", __func__); - mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_MODULI, &m); + mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_MODULI, m); - success = buffer_get_char(&m); + if ((r = sshbuf_get_u8(m, &success)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); if (success == 0) fatal("%s: MONITOR_ANS_MODULI failed", __func__); @@ -204,36 +206,43 @@ mm_choose_dh(int min, int nbits, int max) fatal("%s: BN_new failed", __func__); if ((g = BN_new()) == NULL) fatal("%s: BN_new failed", __func__); - buffer_get_bignum2(&m, p); - buffer_get_bignum2(&m, g); + if ((r = sshbuf_get_bignum2(m, p)) != 0 || + (r = sshbuf_get_bignum2(m, g)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); - debug3("%s: remaining %d", __func__, buffer_len(&m)); - buffer_free(&m); + debug3("%s: remaining %zu", __func__, sshbuf_len(m)); + sshbuf_free(m); return (dh_new_group(g, p)); } #endif int -mm_key_sign(struct sshkey *key, u_char **sigp, u_int *lenp, - const u_char *data, u_int datalen, const char *hostkey_alg) +mm_sshkey_sign(struct sshkey *key, u_char **sigp, size_t *lenp, + const u_char *data, size_t datalen, const char *hostkey_alg, u_int compat) { struct kex *kex = *pmonitor->m_pkex; - Buffer m; + struct sshbuf *m; + u_int ndx = kex->host_key_index(key, 0, active_state); + int r; debug3("%s entering", __func__); - buffer_init(&m); - buffer_put_int(&m, kex->host_key_index(key, 0, active_state)); - buffer_put_string(&m, data, datalen); - buffer_put_cstring(&m, hostkey_alg); + if ((m = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + if ((r = sshbuf_put_u32(m, ndx)) != 0 || + (r = sshbuf_put_string(m, data, datalen)) != 0 || + (r = sshbuf_put_cstring(m, hostkey_alg)) != 0 || + (r = sshbuf_put_u32(m, compat)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SIGN, &m); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SIGN, m); debug3("%s: waiting for MONITOR_ANS_SIGN", __func__); - mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_SIGN, &m); - *sigp = buffer_get_string(&m, lenp); - buffer_free(&m); + mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_SIGN, m); + if ((r = sshbuf_get_string(m, sigp, lenp)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + sshbuf_free(m); return (0); } @@ -242,54 +251,80 @@ struct passwd * mm_getpwnamallow(const char *username) { struct ssh *ssh = active_state; /* XXX */ - Buffer m; + struct sshbuf *m; struct passwd *pw; - u_int len, i; + size_t len; + u_int i; ServerOptions *newopts; + int r; + u_char ok; + const u_char *p; debug3("%s entering", __func__); - buffer_init(&m); - buffer_put_cstring(&m, username); + if ((m = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + if ((r = sshbuf_put_cstring(m, username)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PWNAM, &m); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PWNAM, m); debug3("%s: waiting for MONITOR_ANS_PWNAM", __func__); - mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PWNAM, &m); + mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PWNAM, m); - if (buffer_get_char(&m) == 0) { + if ((r = sshbuf_get_u8(m, &ok)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + if (ok == 0) { pw = NULL; goto out; } - pw = buffer_get_string(&m, &len); - if (len != sizeof(struct passwd)) + + /* XXX don't like passing struct passwd like this */ + pw = xcalloc(sizeof(*pw), 1); + if ((r = sshbuf_get_string_direct(m, &p, &len)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + if (len != sizeof(*pw)) fatal("%s: struct passwd size mismatch", __func__); - pw->pw_name = buffer_get_string(&m, NULL); - pw->pw_passwd = buffer_get_string(&m, NULL); + memcpy(pw, p, sizeof(*pw)); + + if ((r = sshbuf_get_cstring(m, &pw->pw_name, NULL)) != 0 || + (r = sshbuf_get_cstring(m, &pw->pw_passwd, NULL)) != 0 || #ifdef HAVE_STRUCT_PASSWD_PW_GECOS - pw->pw_gecos = buffer_get_string(&m, NULL); + (r = sshbuf_get_cstring(m, &pw->pw_gecos, NULL)) != 0 || #endif #ifdef HAVE_STRUCT_PASSWD_PW_CLASS - pw->pw_class = buffer_get_string(&m, NULL); + (r = sshbuf_get_cstring(m, &pw->pw_class, NULL)) != 0 || #endif - pw->pw_dir = buffer_get_string(&m, NULL); - pw->pw_shell = buffer_get_string(&m, NULL); + (r = sshbuf_get_cstring(m, &pw->pw_dir, NULL)) != 0 || + (r = sshbuf_get_cstring(m, &pw->pw_shell, NULL)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); out: /* copy options block as a Match directive may have changed some */ - newopts = buffer_get_string(&m, &len); + if ((r = sshbuf_get_string_direct(m, &p, &len)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); if (len != sizeof(*newopts)) fatal("%s: option block size mismatch", __func__); + newopts = xcalloc(sizeof(*newopts), 1); + memcpy(newopts, p, sizeof(*newopts)); #define M_CP_STROPT(x) do { \ - if (newopts->x != NULL) \ - newopts->x = buffer_get_string(&m, NULL); \ + if (newopts->x != NULL) { \ + if ((r = sshbuf_get_cstring(m, \ + &newopts->x, NULL)) != 0) \ + fatal("%s: buffer error: %s", \ + __func__, ssh_err(r)); \ + } \ } while (0) #define M_CP_STRARRAYOPT(x, nx) do { \ newopts->x = newopts->nx == 0 ? \ NULL : xcalloc(newopts->nx, sizeof(*newopts->x)); \ - for (i = 0; i < newopts->nx; i++) \ - newopts->x[i] = buffer_get_string(&m, NULL); \ + for (i = 0; i < newopts->nx; i++) { \ + if ((r = sshbuf_get_cstring(m, \ + &newopts->x[i], NULL)) != 0) \ + fatal("%s: buffer error: %s", \ + __func__, ssh_err(r)); \ + } \ } while (0) /* See comment in servconf.h */ COPY_MATCH_STRING_OPTS(); @@ -301,7 +336,7 @@ out: process_permitopen(ssh, &options); free(newopts); - buffer_free(&m); + sshbuf_free(m); return (pw); } @@ -309,19 +344,22 @@ out: char * mm_auth2_read_banner(void) { - Buffer m; + struct sshbuf *m; char *banner; + int r; debug3("%s entering", __func__); - buffer_init(&m); - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTH2_READ_BANNER, &m); - buffer_clear(&m); + if ((m = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTH2_READ_BANNER, m); + sshbuf_reset(m); mm_request_receive_expect(pmonitor->m_recvfd, - MONITOR_ANS_AUTH2_READ_BANNER, &m); - banner = buffer_get_string(&m, NULL); - buffer_free(&m); + MONITOR_ANS_AUTH2_READ_BANNER, m); + if ((r = sshbuf_get_cstring(m, &banner, NULL)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + sshbuf_free(m); /* treat empty banner as missing banner */ if (strlen(banner) == 0) { @@ -336,41 +374,55 @@ mm_auth2_read_banner(void) void mm_inform_authserv(char *service, char *style) { - Buffer m; + struct sshbuf *m; + int r; debug3("%s entering", __func__); - buffer_init(&m); - buffer_put_cstring(&m, service); - buffer_put_cstring(&m, style ? style : ""); + if ((m = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + if ((r = sshbuf_put_cstring(m, service)) != 0 || + (r = sshbuf_put_cstring(m, style ? style : "")) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHSERV, &m); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHSERV, m); - buffer_free(&m); + sshbuf_free(m); } /* Do the password authentication */ int mm_auth_password(struct ssh *ssh, char *password) { - Buffer m; - int authenticated = 0; + struct sshbuf *m; + int r, authenticated = 0; +#ifdef USE_PAM + u_int maxtries = 0; +#endif debug3("%s entering", __func__); - buffer_init(&m); - buffer_put_cstring(&m, password); - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHPASSWORD, &m); + if ((m = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + if ((r = sshbuf_put_cstring(m, password)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHPASSWORD, m); debug3("%s: waiting for MONITOR_ANS_AUTHPASSWORD", __func__); - mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUTHPASSWORD, &m); + mm_request_receive_expect(pmonitor->m_recvfd, + MONITOR_ANS_AUTHPASSWORD, m); - authenticated = buffer_get_int(&m); + if ((r = sshbuf_get_u32(m, &authenticated)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); #ifdef USE_PAM - sshpam_set_maxtries_reached(buffer_get_int(&m)); + if ((r = sshbuf_get_u32(m, &maxtries)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + if (maxtries > INT_MAX) + fatal("%s: bad maxtries %u", __func__, maxtries); + sshpam_set_maxtries_reached(maxtries); #endif - buffer_free(&m); + sshbuf_free(m); debug3("%s: user %sauthenticated", __func__, authenticated ? "" : "not "); @@ -396,9 +448,7 @@ int mm_key_allowed(enum mm_keytype type, const char *user, const char *host, struct sshkey *key, int pubkey_auth_attempt, struct sshauthopt **authoptp) { - Buffer m; - u_char *blob; - u_int len; + struct sshbuf *m; int r, allowed = 0; struct sshauthopt *opts = NULL; @@ -407,31 +457,29 @@ mm_key_allowed(enum mm_keytype type, const char *user, const char *host, if (authoptp != NULL) *authoptp = NULL; - /* Convert the key to a blob and the pass it over */ - if (!key_to_blob(key, &blob, &len)) - return 0; - - buffer_init(&m); - buffer_put_int(&m, type); - buffer_put_cstring(&m, user ? user : ""); - buffer_put_cstring(&m, host ? host : ""); - buffer_put_string(&m, blob, len); - buffer_put_int(&m, pubkey_auth_attempt); - free(blob); + if ((m = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + if ((r = sshbuf_put_u32(m, type)) != 0 || + (r = sshbuf_put_cstring(m, user ? user : "")) != 0 || + (r = sshbuf_put_cstring(m, host ? host : "")) != 0 || + (r = sshkey_puts(key, m)) != 0 || + (r = sshbuf_put_u32(m, pubkey_auth_attempt)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYALLOWED, &m); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYALLOWED, m); debug3("%s: waiting for MONITOR_ANS_KEYALLOWED", __func__); mm_request_receive_expect(pmonitor->m_recvfd, - MONITOR_ANS_KEYALLOWED, &m); + MONITOR_ANS_KEYALLOWED, m); - allowed = buffer_get_int(&m); + if ((r = sshbuf_get_u32(m, &allowed)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); if (allowed && type == MM_USERKEY) { - if ((r = sshauthopt_deserialise(&m, &opts)) != 0) + if ((r = sshauthopt_deserialise(m, &opts)) != 0) fatal("%s: sshauthopt_deserialise: %s", __func__, ssh_err(r)); } - buffer_free(&m); + sshbuf_free(m); if (authoptp != NULL) { *authoptp = opts; @@ -452,32 +500,31 @@ int mm_sshkey_verify(const struct sshkey *key, const u_char *sig, size_t siglen, const u_char *data, size_t datalen, const char *sigalg, u_int compat) { - Buffer m; - u_char *blob; - u_int len; + struct sshbuf *m; u_int encoded_ret = 0; + int r; debug3("%s entering", __func__); - /* Convert the key to a blob and the pass it over */ - if (!key_to_blob(key, &blob, &len)) - return (0); - buffer_init(&m); - buffer_put_string(&m, blob, len); - buffer_put_string(&m, sig, siglen); - buffer_put_string(&m, data, datalen); - buffer_put_cstring(&m, sigalg == NULL ? "" : sigalg); - free(blob); + if ((m = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + if ((r = sshkey_puts(key, m)) != 0 || + (r = sshbuf_put_string(m, sig, siglen)) != 0 || + (r = sshbuf_put_string(m, data, datalen)) != 0 || + (r = sshbuf_put_cstring(m, sigalg == NULL ? "" : sigalg)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYVERIFY, &m); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYVERIFY, m); debug3("%s: waiting for MONITOR_ANS_KEYVERIFY", __func__); - mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_KEYVERIFY, &m); + mm_request_receive_expect(pmonitor->m_recvfd, + MONITOR_ANS_KEYVERIFY, m); - encoded_ret = buffer_get_int(&m); + if ((r = sshbuf_get_u32(m, &encoded_ret)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); - buffer_free(&m); + sshbuf_free(m); if (encoded_ret != 0) return SSH_ERR_SIGNATURE_INVALID; @@ -504,9 +551,9 @@ mm_send_keystate(struct monitor *monitor) int mm_pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, size_t namebuflen) { - Buffer m; + struct sshbuf *m; char *p, *msg; - int success = 0, tmp1 = -1, tmp2 = -1; + int success = 0, tmp1 = -1, tmp2 = -1, r; /* Kludge: ensure there are fds free to receive the pty/tty */ if ((tmp1 = dup(pmonitor->m_recvfd)) == -1 || @@ -521,26 +568,30 @@ mm_pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, size_t namebuflen) close(tmp1); close(tmp2); - buffer_init(&m); - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PTY, &m); + if ((m = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PTY, m); debug3("%s: waiting for MONITOR_ANS_PTY", __func__); - mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PTY, &m); + mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PTY, m); - success = buffer_get_int(&m); + if ((r = sshbuf_get_u32(m, &success)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); if (success == 0) { debug3("%s: pty alloc failed", __func__); - buffer_free(&m); + sshbuf_free(m); return (0); } - p = buffer_get_string(&m, NULL); - msg = buffer_get_string(&m, NULL); - buffer_free(&m); + if ((r = sshbuf_get_cstring(m, &p, NULL)) != 0 || + (r = sshbuf_get_cstring(m, &msg, NULL)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + sshbuf_free(m); strlcpy(namebuf, p, namebuflen); /* Possible truncation */ free(p); - buffer_append(&loginmsg, msg, strlen(msg)); + if ((r = sshbuf_put(loginmsg, msg, strlen(msg))) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); free(msg); if ((*ptyfd = mm_receive_fd(pmonitor->m_recvfd)) == -1 || @@ -554,14 +605,17 @@ mm_pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, size_t namebuflen) void mm_session_pty_cleanup2(Session *s) { - Buffer m; + struct sshbuf *m; + int r; if (s->ttyfd == -1) return; - buffer_init(&m); - buffer_put_cstring(&m, s->tty); - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PTYCLEANUP, &m); - buffer_free(&m); + if ((m = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + if ((r = sshbuf_put_cstring(m, s->tty)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PTYCLEANUP, m); + sshbuf_free(m); /* closed dup'ed master */ if (s->ptymaster != -1 && close(s->ptymaster) < 0) @@ -576,40 +630,44 @@ mm_session_pty_cleanup2(Session *s) void mm_start_pam(Authctxt *authctxt) { - Buffer m; + struct sshbuf *m; debug3("%s entering", __func__); if (!options.use_pam) fatal("UsePAM=no, but ended up in %s anyway", __func__); + if ((m = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_START, m); - buffer_init(&m); - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_START, &m); - - buffer_free(&m); + sshbuf_free(m); } u_int mm_do_pam_account(void) { - Buffer m; + struct sshbuf *m; u_int ret; char *msg; + size_t msglen; + int r; debug3("%s entering", __func__); if (!options.use_pam) fatal("UsePAM=no, but ended up in %s anyway", __func__); - buffer_init(&m); - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_ACCOUNT, &m); + if ((m = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_ACCOUNT, m); mm_request_receive_expect(pmonitor->m_recvfd, - MONITOR_ANS_PAM_ACCOUNT, &m); - ret = buffer_get_int(&m); - msg = buffer_get_string(&m, NULL); - buffer_append(&loginmsg, msg, strlen(msg)); - free(msg); + MONITOR_ANS_PAM_ACCOUNT, m); + if ((r = sshbuf_get_u32(m, &ret)) != 0 || + (r = sshbuf_get_cstring(m, &msg, &msglen)) != 0 || + (r = sshbuf_put(loginmsg, msg, msglen)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); - buffer_free(&m); + free(msg); + sshbuf_free(m); debug3("%s returning %d", __func__, ret); @@ -619,21 +677,24 @@ mm_do_pam_account(void) void * mm_sshpam_init_ctx(Authctxt *authctxt) { - Buffer m; - int success; + struct sshbuf *m; + int r, success; debug3("%s", __func__); - buffer_init(&m); - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_INIT_CTX, &m); + if ((m = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_INIT_CTX, m); debug3("%s: waiting for MONITOR_ANS_PAM_INIT_CTX", __func__); - mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_INIT_CTX, &m); - success = buffer_get_int(&m); + mm_request_receive_expect(pmonitor->m_recvfd, + MONITOR_ANS_PAM_INIT_CTX, m); + if ((r = sshbuf_get_u32(m, &success)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); if (success == 0) { debug3("%s: pam_init_ctx failed", __func__); - buffer_free(&m); + sshbuf_free(m); return (NULL); } - buffer_free(&m); + sshbuf_free(m); return (authctxt); } @@ -641,66 +702,79 @@ int mm_sshpam_query(void *ctx, char **name, char **info, u_int *num, char ***prompts, u_int **echo_on) { - Buffer m; - u_int i; - int ret; + struct sshbuf *m; + u_int i, n; + int r, ret; debug3("%s", __func__); - buffer_init(&m); - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_QUERY, &m); + if ((m = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_QUERY, m); debug3("%s: waiting for MONITOR_ANS_PAM_QUERY", __func__); - mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_QUERY, &m); - ret = buffer_get_int(&m); + mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_QUERY, m); + if ((r = sshbuf_get_u32(m, &ret)) != 0 || + (r = sshbuf_get_cstring(m, name, NULL)) != 0 || + (r = sshbuf_get_cstring(m, info, NULL)) != 0 || + (r = sshbuf_get_u32(m, &n)) != 0 || + (r = sshbuf_get_u32(m, num)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); debug3("%s: pam_query returned %d", __func__, ret); - *name = buffer_get_string(&m, NULL); - *info = buffer_get_string(&m, NULL); - sshpam_set_maxtries_reached(buffer_get_int(&m)); - *num = buffer_get_int(&m); + sshpam_set_maxtries_reached(n); if (*num > PAM_MAX_NUM_MSG) - fatal("%s: recieved %u PAM messages, expected <= %u", + fatal("%s: received %u PAM messages, expected <= %u", __func__, *num, PAM_MAX_NUM_MSG); *prompts = xcalloc((*num + 1), sizeof(char *)); *echo_on = xcalloc((*num + 1), sizeof(u_int)); for (i = 0; i < *num; ++i) { - (*prompts)[i] = buffer_get_string(&m, NULL); - (*echo_on)[i] = buffer_get_int(&m); + if ((r = sshbuf_get_cstring(m, &((*prompts)[i]), NULL)) != 0 || + (r = sshbuf_get_u32(m, &((*echo_on)[i]))) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); } - buffer_free(&m); + sshbuf_free(m); return (ret); } int mm_sshpam_respond(void *ctx, u_int num, char **resp) { - Buffer m; - u_int i; - int ret; + struct sshbuf *m; + u_int n, i; + int r, ret; debug3("%s", __func__); - buffer_init(&m); - buffer_put_int(&m, num); - for (i = 0; i < num; ++i) - buffer_put_cstring(&m, resp[i]); - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_RESPOND, &m); + if ((m = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + if ((r = sshbuf_put_u32(m, num)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + for (i = 0; i < num; ++i) { + if ((r = sshbuf_put_cstring(m, resp[i])) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + } + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_RESPOND, m); debug3("%s: waiting for MONITOR_ANS_PAM_RESPOND", __func__); - mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_RESPOND, &m); - ret = buffer_get_int(&m); + mm_request_receive_expect(pmonitor->m_recvfd, + MONITOR_ANS_PAM_RESPOND, m); + if ((r = sshbuf_get_u32(m, &n)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + ret = (int)n; /* XXX */ debug3("%s: pam_respond returned %d", __func__, ret); - buffer_free(&m); + sshbuf_free(m); return (ret); } void mm_sshpam_free_ctx(void *ctxtp) { - Buffer m; + struct sshbuf *m; debug3("%s", __func__); - buffer_init(&m); - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_FREE_CTX, &m); + if ((m = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_FREE_CTX, m); debug3("%s: waiting for MONITOR_ANS_PAM_FREE_CTX", __func__); - mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_FREE_CTX, &m); - buffer_free(&m); + mm_request_receive_expect(pmonitor->m_recvfd, + MONITOR_ANS_PAM_FREE_CTX, m); + sshbuf_free(m); } #endif /* USE_PAM */ @@ -709,11 +783,12 @@ mm_sshpam_free_ctx(void *ctxtp) void mm_terminate(void) { - Buffer m; + struct sshbuf *m; - buffer_init(&m); - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_TERM, &m); - buffer_free(&m); + if ((m = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_TERM, m); + sshbuf_free(m); } static void @@ -732,27 +807,31 @@ int mm_bsdauth_query(void *ctx, char **name, char **infotxt, u_int *numprompts, char ***prompts, u_int **echo_on) { - Buffer m; + struct sshbuf *m; u_int success; char *challenge; + int r; debug3("%s: entering", __func__); - buffer_init(&m); - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_BSDAUTHQUERY, &m); + if ((m = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_BSDAUTHQUERY, m); - mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_BSDAUTHQUERY, - &m); - success = buffer_get_int(&m); + mm_request_receive_expect(pmonitor->m_recvfd, + MONITOR_ANS_BSDAUTHQUERY, m); + if ((r = sshbuf_get_u32(m, &success)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); if (success == 0) { debug3("%s: no challenge", __func__); - buffer_free(&m); + sshbuf_free(m); return (-1); } /* Get the challenge, and format the response */ - challenge = buffer_get_string(&m, NULL); - buffer_free(&m); + if ((r = sshbuf_get_cstring(m, &challenge, NULL)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + sshbuf_free(m); mm_chall_setup(name, infotxt, numprompts, prompts, echo_on); (*prompts)[0] = challenge; @@ -765,114 +844,62 @@ mm_bsdauth_query(void *ctx, char **name, char **infotxt, int mm_bsdauth_respond(void *ctx, u_int numresponses, char **responses) { - Buffer m; - int authok; - - debug3("%s: entering", __func__); - if (numresponses != 1) - return (-1); - - buffer_init(&m); - buffer_put_cstring(&m, responses[0]); - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_BSDAUTHRESPOND, &m); - - mm_request_receive_expect(pmonitor->m_recvfd, - MONITOR_ANS_BSDAUTHRESPOND, &m); - - authok = buffer_get_int(&m); - buffer_free(&m); - - return ((authok == 0) ? -1 : 0); -} - -#ifdef SKEY -int -mm_skey_query(void *ctx, char **name, char **infotxt, - u_int *numprompts, char ***prompts, u_int **echo_on) -{ - Buffer m; - u_int success; - char *challenge; - - debug3("%s: entering", __func__); - - buffer_init(&m); - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SKEYQUERY, &m); - - mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_SKEYQUERY, - &m); - success = buffer_get_int(&m); - if (success == 0) { - debug3("%s: no challenge", __func__); - buffer_free(&m); - return (-1); - } - - /* Get the challenge, and format the response */ - challenge = buffer_get_string(&m, NULL); - buffer_free(&m); - - debug3("%s: received challenge: %s", __func__, challenge); - - mm_chall_setup(name, infotxt, numprompts, prompts, echo_on); - - xasprintf(*prompts, "%s%s", challenge, SKEY_PROMPT); - free(challenge); - - return (0); -} - -int -mm_skey_respond(void *ctx, u_int numresponses, char **responses) -{ - Buffer m; - int authok; + struct sshbuf *m; + int r, authok; debug3("%s: entering", __func__); if (numresponses != 1) return (-1); - buffer_init(&m); - buffer_put_cstring(&m, responses[0]); - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SKEYRESPOND, &m); + if ((m = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + if ((r = sshbuf_put_cstring(m, responses[0])) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_BSDAUTHRESPOND, m); mm_request_receive_expect(pmonitor->m_recvfd, - MONITOR_ANS_SKEYRESPOND, &m); + MONITOR_ANS_BSDAUTHRESPOND, m); - authok = buffer_get_int(&m); - buffer_free(&m); + if ((r = sshbuf_get_u32(m, &authok)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + sshbuf_free(m); return ((authok == 0) ? -1 : 0); } -#endif /* SKEY */ #ifdef SSH_AUDIT_EVENTS void mm_audit_event(ssh_audit_event_t event) { - Buffer m; + struct sshbuf *m; + int r; debug3("%s entering", __func__); - buffer_init(&m); - buffer_put_int(&m, event); + if ((m = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + if ((r = sshbuf_put_u32(m, event)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_EVENT, &m); - buffer_free(&m); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_EVENT, m); + sshbuf_free(m); } void mm_audit_run_command(const char *command) { - Buffer m; + struct sshbuf *m; + int r; debug3("%s entering command %s", __func__, command); - buffer_init(&m); - buffer_put_cstring(&m, command); + if ((m = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + if ((r = sshbuf_put_cstring(m, command)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_COMMAND, &m); - buffer_free(&m); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_COMMAND, m); + sshbuf_free(m); } #endif /* SSH_AUDIT_EVENTS */ @@ -880,45 +907,55 @@ mm_audit_run_command(const char *command) OM_uint32 mm_ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID goid) { - Buffer m; + struct sshbuf *m; OM_uint32 major; + int r; /* Client doesn't get to see the context */ *ctx = NULL; - buffer_init(&m); - buffer_put_string(&m, goid->elements, goid->length); + if ((m = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + if ((r = sshbuf_put_string(m, goid->elements, goid->length)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSETUP, &m); - mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSETUP, &m); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSETUP, m); + mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSETUP, m); - major = buffer_get_int(&m); + if ((r = sshbuf_get_u32(m, &major)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); - buffer_free(&m); + sshbuf_free(m); return (major); } OM_uint32 mm_ssh_gssapi_accept_ctx(Gssctxt *ctx, gss_buffer_desc *in, - gss_buffer_desc *out, OM_uint32 *flags) + gss_buffer_desc *out, OM_uint32 *flagsp) { - Buffer m; + struct sshbuf *m; OM_uint32 major; - u_int len; - - buffer_init(&m); - buffer_put_string(&m, in->value, in->length); - - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSTEP, &m); - mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSTEP, &m); + u_int flags; + int r; - major = buffer_get_int(&m); - out->value = buffer_get_string(&m, &len); - out->length = len; - if (flags) - *flags = buffer_get_int(&m); + if ((m = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + if ((r = sshbuf_put_string(m, in->value, in->length)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSTEP, m); + mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSTEP, m); + + if ((r = sshbuf_get_u32(m, &major)) != 0 || + (r = ssh_gssapi_get_buffer_desc(m, out)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + if (flagsp != NULL) { + if ((r = sshbuf_get_u32(m, &flags)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + *flagsp = flags; + } - buffer_free(&m); + sshbuf_free(m); return (major); } @@ -926,39 +963,44 @@ mm_ssh_gssapi_accept_ctx(Gssctxt *ctx, gss_buffer_desc *in, OM_uint32 mm_ssh_gssapi_checkmic(Gssctxt *ctx, gss_buffer_t gssbuf, gss_buffer_t gssmic) { - Buffer m; + struct sshbuf *m; OM_uint32 major; + int r; - buffer_init(&m); - buffer_put_string(&m, gssbuf->value, gssbuf->length); - buffer_put_string(&m, gssmic->value, gssmic->length); + if ((m = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + if ((r = sshbuf_put_string(m, gssbuf->value, gssbuf->length)) != 0 || + (r = sshbuf_put_string(m, gssmic->value, gssmic->length)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSCHECKMIC, &m); - mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSCHECKMIC, - &m); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSCHECKMIC, m); + mm_request_receive_expect(pmonitor->m_recvfd, + MONITOR_ANS_GSSCHECKMIC, m); - major = buffer_get_int(&m); - buffer_free(&m); + if ((r = sshbuf_get_u32(m, &major)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + sshbuf_free(m); return(major); } int mm_ssh_gssapi_userok(char *user) { - Buffer m; - int authenticated = 0; + struct sshbuf *m; + int r, authenticated = 0; - buffer_init(&m); + if ((m = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSUSEROK, &m); - mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSUSEROK, - &m); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSUSEROK, m); + mm_request_receive_expect(pmonitor->m_recvfd, + MONITOR_ANS_GSSUSEROK, m); - authenticated = buffer_get_int(&m); + if ((r = sshbuf_get_u32(m, &authenticated)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); - buffer_free(&m); + sshbuf_free(m); debug3("%s: user %sauthenticated",__func__, authenticated ? "" : "not "); return (authenticated); } #endif /* GSSAPI */ - |