From c7d39ac8dc3587c5f05bdd5bcd098eb5c201c0c8 Mon Sep 17 00:00:00 2001
From: "markus@openbsd.org" <markus@openbsd.org>
Date: Mon, 9 Jul 2018 21:35:50 +0000
Subject: [PATCH] upstream: sshd: switch authentication to sshbuf API; ok djm@
OpenBSD-Commit-ID: 880aa06bce4b140781e836bb56bec34873290641
---
auth-bsdauth.c | 6 ++---
auth-krb5.c | 6 ++---
auth-rhosts.c | 6 ++---
auth.c | 39 ++++++++++++++-------------
auth2-chall.c | 69 +++++++++++++++++++++++++++--------------------
auth2-hostbased.c | 4 +--
auth2-kbdint.c | 14 +++++-----
auth2-none.c | 3 +--
auth2-passwd.c | 3 +--
auth2-pubkey.c | 4 +--
auth2.c | 22 +++++++--------
monitor.c | 4 +--
12 files changed, 95 insertions(+), 85 deletions(-)
diff --git a/auth-bsdauth.c b/auth-bsdauth.c
index e00718f2e..4dc5045c2 100644
--- a/auth-bsdauth.c
+++ b/auth-bsdauth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth-bsdauth.c,v 1.14 2015/10/20 23:24:25 mmcc Exp $ */
+/* $OpenBSD: auth-bsdauth.c,v 1.15 2018/07/09 21:35:50 markus Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
*
@@ -33,11 +33,11 @@
#ifdef BSD_AUTH
#include "xmalloc.h"
-#include "key.h"
+#include "sshkey.h"
+#include "sshbuf.h"
#include "hostfile.h"
#include "auth.h"
#include "log.h"
-#include "buffer.h"
#ifdef GSSAPI
#include "ssh-gss.h"
#endif
diff --git a/auth-krb5.c b/auth-krb5.c
index a5a81ed2e..3096f1c8e 100644
--- a/auth-krb5.c
+++ b/auth-krb5.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth-krb5.c,v 1.22 2016/05/04 14:22:33 markus Exp $ */
+/* $OpenBSD: auth-krb5.c,v 1.23 2018/07/09 21:35:50 markus Exp $ */
/*
* Kerberos v5 authentication and ticket-passing routines.
*
@@ -38,11 +38,11 @@
#include "ssh.h"
#include "packet.h"
#include "log.h"
-#include "buffer.h"
+#include "sshbuf.h"
+#include "sshkey.h"
#include "misc.h"
#include "servconf.h"
#include "uidswap.h"
-#include "key.h"
#include "hostfile.h"
#include "auth.h"
diff --git a/auth-rhosts.c b/auth-rhosts.c
index ecf956f06..57296e1f6 100644
--- a/auth-rhosts.c
+++ b/auth-rhosts.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth-rhosts.c,v 1.48 2016/08/13 17:47:41 markus Exp $ */
+/* $OpenBSD: auth-rhosts.c,v 1.49 2018/07/09 21:35:50 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -34,8 +34,8 @@
#include "pathnames.h"
#include "log.h"
#include "misc.h"
-#include "buffer.h" /* XXX */
-#include "key.h" /* XXX */
+#include "sshbuf.h"
+#include "sshkey.h"
#include "servconf.h"
#include "canohost.h"
#include "sshkey.h"
diff --git a/auth.c b/auth.c
index 0424f1f79..2dddcf1f8 100644
--- a/auth.c
+++ b/auth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth.c,v 1.130 2018/06/06 18:23:32 djm Exp $ */
+/* $OpenBSD: auth.c,v 1.131 2018/07/09 21:35:50 markus Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -55,10 +55,10 @@
#include "match.h"
#include "groupaccess.h"
#include "log.h"
-#include "buffer.h"
+#include "sshbuf.h"
#include "misc.h"
#include "servconf.h"
-#include "key.h"
+#include "sshkey.h"
#include "hostfile.h"
#include "auth.h"
#include "auth-options.h"
@@ -84,8 +84,7 @@ extern struct passwd *privsep_pw;
extern struct sshauthopt *auth_opts;
/* Debugging messages */
-Buffer auth_debug;
-int auth_debug_init;
+static struct sshbuf *auth_debug;
/*
* Check if the user is allowed to log in via ssh. If user is listed
@@ -281,7 +280,7 @@ format_method_key(Authctxt *authctxt)
if (key == NULL)
return NULL;
- if (key_is_cert(key)) {
+ if (sshkey_is_cert(key)) {
fp = sshkey_fingerprint(key->cert->signature_key,
options.fingerprint_hash, SSH_FP_DEFAULT);
xasprintf(&ret, "%s ID %s (serial %llu) CA %s %s%s%s",
@@ -672,26 +671,32 @@ auth_debug_add(const char *fmt,...)
{
char buf[1024];
va_list args;
+ int r;
- if (!auth_debug_init)
+ if (auth_debug == NULL)
return;
va_start(args, fmt);
vsnprintf(buf, sizeof(buf), fmt, args);
va_end(args);
- buffer_put_cstring(&auth_debug, buf);
+ if ((r = sshbuf_put_cstring(auth_debug, buf)) != 0)
+ fatal("%s: sshbuf_put_cstring: %s", __func__, ssh_err(r));
}
void
auth_debug_send(void)
{
+ struct ssh *ssh = active_state; /* XXX */
char *msg;
+ int r;
- if (!auth_debug_init)
+ if (auth_debug == NULL)
return;
- while (buffer_len(&auth_debug)) {
- msg = buffer_get_string(&auth_debug, NULL);
- packet_send_debug("%s", msg);
+ while (sshbuf_len(auth_debug) != 0) {
+ if ((r = sshbuf_get_cstring(auth_debug, &msg, NULL)) != 0)
+ fatal("%s: sshbuf_get_cstring: %s",
+ __func__, ssh_err(r));
+ ssh_packet_send_debug(ssh, "%s", msg);
free(msg);
}
}
@@ -699,12 +704,10 @@ auth_debug_send(void)
void
auth_debug_reset(void)
{
- if (auth_debug_init)
- buffer_clear(&auth_debug);
- else {
- buffer_init(&auth_debug);
- auth_debug_init = 1;
- }
+ if (auth_debug != NULL)
+ sshbuf_reset(auth_debug);
+ else if ((auth_debug = sshbuf_new()) == NULL)
+ fatal("%s: sshbuf_new failed", __func__);
}
struct passwd *
diff --git a/auth2-chall.c b/auth2-chall.c
index 11c8d31b3..5edd0e653 100644
--- a/auth2-chall.c
+++ b/auth2-chall.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-chall.c,v 1.48 2017/05/30 14:29:59 markus Exp $ */
+/* $OpenBSD: auth2-chall.c,v 1.49 2018/07/09 21:35:50 markus Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
* Copyright (c) 2001 Per Allansson. All rights reserved.
@@ -34,12 +34,13 @@
#include "xmalloc.h"
#include "ssh2.h"
-#include "key.h"
+#include "sshkey.h"
#include "hostfile.h"
#include "auth.h"
-#include "buffer.h"
+#include "sshbuf.h"
#include "packet.h"
#include "dispatch.h"
+#include "ssherr.h"
#include "log.h"
#include "misc.h"
#include "servconf.h"
@@ -48,7 +49,7 @@
extern ServerOptions options;
static int auth2_challenge_start(struct ssh *);
-static int send_userauth_info_request(Authctxt *);
+static int send_userauth_info_request(struct ssh *);
static int input_userauth_info_response(int, u_int32_t, struct ssh *);
#ifdef BSD_AUTH
@@ -105,8 +106,8 @@ static KbdintAuthctxt *
kbdint_alloc(const char *devs)
{
KbdintAuthctxt *kbdintctxt;
- Buffer b;
- int i;
+ struct sshbuf *b;
+ int i, r;
#ifdef USE_PAM
if (!options.use_pam)
@@ -115,16 +116,17 @@ kbdint_alloc(const char *devs)
kbdintctxt = xcalloc(1, sizeof(KbdintAuthctxt));
if (strcmp(devs, "") == 0) {
- buffer_init(&b);
+ if ((b = sshbuf_new()) == NULL)
+ fatal("%s: sshbuf_new failed", __func__);
for (i = 0; devices[i]; i++) {
- if (buffer_len(&b) > 0)
- buffer_append(&b, ",", 1);
- buffer_append(&b, devices[i]->name,
- strlen(devices[i]->name));
+ if ((r = sshbuf_putf(b, "%s%s",
+ sshbuf_len(b) ? "," : "", devices[i]->name)) != 0)
+ fatal("%s: buffer error: %s",
+ __func__, ssh_err(r));
}
- if ((kbdintctxt->devices = sshbuf_dup_string(&b)) == NULL)
+ if ((kbdintctxt->devices = sshbuf_dup_string(b)) == NULL)
fatal("%s: sshbuf_dup_string failed", __func__);
- buffer_free(&b);
+ sshbuf_free(b);
} else {
kbdintctxt->devices = xstrdup(devs);
}
@@ -243,7 +245,7 @@ auth2_challenge_start(struct ssh *ssh)
auth2_challenge_stop(ssh);
return 0;
}
- if (send_userauth_info_request(authctxt) == 0) {
+ if (send_userauth_info_request(ssh) == 0) {
auth2_challenge_stop(ssh);
return 0;
}
@@ -255,28 +257,32 @@ auth2_challenge_start(struct ssh *ssh)
}
static int
-send_userauth_info_request(Authctxt *authctxt)
+send_userauth_info_request(struct ssh *ssh)
{
+ Authctxt *authctxt = ssh->authctxt;
KbdintAuthctxt *kbdintctxt;
char *name, *instr, **prompts;
- u_int i, *echo_on;
+ u_int r, i, *echo_on;
kbdintctxt = authctxt->kbdintctxt;
if (kbdintctxt->device->query(kbdintctxt->ctxt,
&name, &instr, &kbdintctxt->nreq, &prompts, &echo_on))
return 0;
- packet_start(SSH2_MSG_USERAUTH_INFO_REQUEST);
- packet_put_cstring(name);
- packet_put_cstring(instr);
- packet_put_cstring(""); /* language not used */
- packet_put_int(kbdintctxt->nreq);
+ if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_INFO_REQUEST)) != 0 ||
+ (r = sshpkt_put_cstring(ssh, name)) != 0 ||
+ (r = sshpkt_put_cstring(ssh, instr)) != 0 ||
+ (r = sshpkt_put_cstring(ssh, "")) != 0 || /* language not used */
+ (r = sshpkt_put_u32(ssh, kbdintctxt->nreq)) != 0)
+ fatal("%s: %s", __func__, ssh_err(r));
for (i = 0; i < kbdintctxt->nreq; i++) {
- packet_put_cstring(prompts[i]);
- packet_put_char(echo_on[i]);
+ if ((r = sshpkt_put_cstring(ssh, prompts[i])) != 0 ||
+ (r = sshpkt_put_u8(ssh, echo_on[i])) != 0)
+ fatal("%s: %s", __func__, ssh_err(r));
}
- packet_send();
- packet_write_wait();
+ if ((r = sshpkt_send(ssh)) != 0)
+ fatal("%s: %s", __func__, ssh_err(r));
+ ssh_packet_write_wait(ssh);
for (i = 0; i < kbdintctxt->nreq; i++)
free(prompts[i]);
@@ -293,6 +299,7 @@ input_userauth_info_response(int type, u_int32_t seq, struct ssh *ssh)
Authctxt *authctxt = ssh->authctxt;
KbdintAuthctxt *kbdintctxt;
int authenticated = 0, res;
+ int r;
u_int i, nresp;
const char *devicename = NULL;
char **response = NULL;
@@ -306,7 +313,8 @@ input_userauth_info_response(int type, u_int32_t seq, struct ssh *ssh)
fatal("input_userauth_info_response: no device");
authctxt->postponed = 0; /* reset */
- nresp = packet_get_int();
+ if ((r = sshpkt_get_u32(ssh, &nresp)) != 0)
+ fatal("%s: %s", __func__, ssh_err(r));
if (nresp != kbdintctxt->nreq)
fatal("input_userauth_info_response: wrong number of replies");
if (nresp > 100)
@@ -314,9 +322,12 @@ input_userauth_info_response(int type, u_int32_t seq, struct ssh *ssh)
if (nresp > 0) {
response = xcalloc(nresp, sizeof(char *));
for (i = 0; i < nresp; i++)
- response[i] = packet_get_string(NULL);
+ if ((r = sshpkt_get_cstring(ssh, &response[i],
+ NULL)) != 0)
+ fatal("%s: %s", __func__, ssh_err(r));
}
- packet_check_eom();
+ if ((r = sshpkt_get_end(ssh)) != 0)
+ fatal("%s: %s", __func__, ssh_err(r));
res = kbdintctxt->device->respond(kbdintctxt->ctxt, nresp, response);
@@ -333,7 +344,7 @@ input_userauth_info_response(int type, u_int32_t seq, struct ssh *ssh)
break;
case 1:
/* Authentication needs further interaction */
- if (send_userauth_info_request(authctxt) == 1)
+ if (send_userauth_info_request(ssh) == 1)
authctxt->postponed = 1;
break;
default:
diff --git a/auth2-hostbased.c b/auth2-hostbased.c
index f70609cb0..60159a56c 100644
--- a/auth2-hostbased.c
+++ b/auth2-hostbased.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-hostbased.c,v 1.34 2018/07/03 11:39:54 djm Exp $ */
+/* $OpenBSD: auth2-hostbased.c,v 1.35 2018/07/09 21:35:50 markus Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -34,7 +34,7 @@
#include "xmalloc.h"
#include "ssh2.h"
#include "packet.h"
-#include "buffer.h"
+#include "sshbuf.h"
#include "log.h"
#include "misc.h"
#include "servconf.h"
diff --git a/auth2-kbdint.c b/auth2-kbdint.c
index 86aad8ddc..a813b8f56 100644
--- a/auth2-kbdint.c
+++ b/auth2-kbdint.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-kbdint.c,v 1.8 2017/05/30 14:29:59 markus Exp $ */
+/* $OpenBSD: auth2-kbdint.c,v 1.9 2018/07/09 21:35:50 markus Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -31,13 +31,12 @@
#include "xmalloc.h"
#include "packet.h"
-#include "key.h"
#include "hostfile.h"
#include "auth.h"
#include "log.h"
-#include "buffer.h"
#include "misc.h"
#include "servconf.h"
+#include "ssherr.h"
/* import */
extern ServerOptions options;
@@ -45,12 +44,13 @@ extern ServerOptions options;
static int
userauth_kbdint(struct ssh *ssh)
{
- int authenticated = 0;
+ int r, authenticated = 0;
char *lang, *devs;
- lang = packet_get_string(NULL);
- devs = packet_get_string(NULL);
- packet_check_eom();
+ if ((r = sshpkt_get_cstring(ssh, &lang, NULL)) != 0 ||
+ (r = sshpkt_get_cstring(ssh, &devs, NULL)) != 0 ||
+ (r = sshpkt_get_end(ssh)) != 0)
+ fatal("%s: %s", __func__, ssh_err(r));
debug("keyboard-interactive devs %s", devs);
diff --git a/auth2-none.c b/auth2-none.c
index 8d4e9bb8c..dacb5fb83 100644
--- a/auth2-none.c
+++ b/auth2-none.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-none.c,v 1.21 2018/03/03 03:15:51 djm Exp $ */
+/* $OpenBSD: auth2-none.c,v 1.22 2018/07/09 21:35:50 markus Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -42,7 +42,6 @@
#include "auth.h"
#include "packet.h"
#include "log.h"
-#include "buffer.h"
#include "misc.h"
#include "servconf.h"
#include "compat.h"
diff --git a/auth2-passwd.c b/auth2-passwd.c
index 445016aec..0395a69f4 100644
--- a/auth2-passwd.c
+++ b/auth2-passwd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-passwd.c,v 1.15 2018/03/03 03:15:51 djm Exp $ */
+/* $OpenBSD: auth2-passwd.c,v 1.16 2018/07/09 21:35:50 markus Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -36,7 +36,6 @@
#include "sshkey.h"
#include "hostfile.h"
#include "auth.h"
-#include "buffer.h"
#ifdef GSSAPI
#include "ssh-gss.h"
#endif
diff --git a/auth2-pubkey.c b/auth2-pubkey.c
index 4feeae3e2..e649a6253 100644
--- a/auth2-pubkey.c
+++ b/auth2-pubkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-pubkey.c,v 1.80 2018/07/03 11:39:54 djm Exp $ */
+/* $OpenBSD: auth2-pubkey.c,v 1.81 2018/07/09 21:35:50 markus Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -46,7 +46,7 @@
#include "ssh.h"
#include "ssh2.h"
#include "packet.h"
-#include "buffer.h"
+#include "sshbuf.h"
#include "log.h"
#include "misc.h"
#include "servconf.h"
diff --git a/auth2.c b/auth2.c
index 01c830467..c3ae56051 100644
--- a/auth2.c
+++ b/auth2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2.c,v 1.147 2018/05/11 03:22:55 dtucker Exp $ */
+/* $OpenBSD: auth2.c,v 1.148 2018/07/09 21:35:50 markus Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -41,7 +41,7 @@
#include "ssh2.h"
#include "packet.h"
#include "log.h"
-#include "buffer.h"
+#include "sshbuf.h"
#include "misc.h"
#include "servconf.h"
#include "compat.h"
@@ -451,11 +451,12 @@ auth2_method_allowed(Authctxt *authctxt, const char *method,
static char *
authmethods_get(Authctxt *authctxt)
{
- Buffer b;
+ struct sshbuf *b;
char *list;
- u_int i;
+ int i, r;
- buffer_init(&b);
+ if ((b = sshbuf_new()) == NULL)
+ fatal("%s: sshbuf_new failed", __func__);
for (i = 0; authmethods[i] != NULL; i++) {
if (strcmp(authmethods[i]->name, "none") == 0)
continue;
@@ -465,14 +466,13 @@ authmethods_get(Authctxt *authctxt)
if (!auth2_method_allowed(authctxt, authmethods[i]->name,
NULL))
continue;
- if (buffer_len(&b) > 0)
- buffer_append(&b, ",", 1);
- buffer_append(&b, authmethods[i]->name,
- strlen(authmethods[i]->name));
+ if ((r = sshbuf_putf(b, "%s%s", sshbuf_len(b) ? "," : "",
+ authmethods[i]->name)) != 0)
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
}
- if ((list = sshbuf_dup_string(&b)) == NULL)
+ if ((list = sshbuf_dup_string(b)) == NULL)
fatal("%s: sshbuf_dup_string failed", __func__);
- buffer_free(&b);
+ sshbuf_free(b);
return list;
}
diff --git a/monitor.c b/monitor.c
index 44af5f489..11f96b72d 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor.c,v 1.181 2018/07/09 21:26:02 markus Exp $ */
+/* $OpenBSD: monitor.c,v 1.182 2018/07/09 21:35:50 markus Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
* Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -113,8 +113,6 @@ static Gssctxt *gsscontext = NULL;
extern ServerOptions options;
extern u_int utmp_len;
extern u_char session_id[];
-extern Buffer auth_debug;
-extern int auth_debug_init;
extern struct sshbuf *loginmsg;
extern struct sshauthopt *auth_opts; /* XXX move to permanent ssh->authctxt? */