tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

upstream: remove last references to active_state 

with & ok markus@

OpenBSD-Commit-ID: 78619a50ea7e4ca2f3b54d4658b3227277490ba2
This commit is contained in:
djm@openbsd.org 2019-01-19 21:43:56 +00:00 committed by Damien Miller
parent ec00f918b8
commit 04c091fc19
15 changed files with 90 additions and 88 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
auth.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: auth.h,v 1.98 2019/01/19 21:41:18 djm Exp $ */
/* $OpenBSD: auth.h,v 1.99 2019/01/19 21:43:56 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
@ -132,8 +132,8 @@ auth_rhosts2(struct passwd *, const char *, const char *, const char *);
int auth_password(struct ssh *, const char *);
int hostbased_key_allowed(struct passwd *, const char *, char *,
struct sshkey *);
int hostbased_key_allowed(struct ssh *, struct passwd *,
const char *, char *, struct sshkey *);
int user_key_allowed(struct ssh *, struct passwd *, struct sshkey *, int,
struct sshauthopt **);
int auth2_key_already_used(Authctxt *, const struct sshkey *);
@ -208,8 +208,8 @@ struct sshkey *get_hostkey_public_by_index(int, struct ssh *);
struct sshkey *get_hostkey_public_by_type(int, int, struct ssh *);
struct sshkey *get_hostkey_private_by_type(int, int, struct ssh *);
int get_hostkey_index(struct sshkey *, int, struct ssh *);
int sshd_hostkey_sign(struct sshkey *, struct sshkey *, u_char **,
size_t *, const u_char *, size_t, const char *, u_int);
int sshd_hostkey_sign(struct ssh *, struct sshkey *, struct sshkey *,
u_char **, size_t *, const u_char *, size_t, const char *);
/* Key / cert options linkage to auth layer */
const struct sshauthopt *auth_options(struct ssh *);

12
auth2-hostbased.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: auth2-hostbased.c,v 1.39 2019/01/19 21:31:32 djm Exp $ */
/* $OpenBSD: auth2-hostbased.c,v 1.40 2019/01/19 21:43:56 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@ -51,8 +51,6 @@
#include "ssherr.h"
#include "match.h"
extern struct ssh *active_state; /* XXX */
/* import */
extern ServerOptions options;
extern u_char *session_id2;
@ -149,7 +147,8 @@ userauth_hostbased(struct ssh *ssh)
/* test for allowed key and correct signature */
authenticated = 0;
if (PRIVSEP(hostbased_key_allowed(authctxt->pw, cuser, chost, key)) &&
if (PRIVSEP(hostbased_key_allowed(ssh, authctxt->pw, cuser,
chost, key)) &&
PRIVSEP(sshkey_verify(key, sig, slen,
sshbuf_ptr(b), sshbuf_len(b), pkalg, ssh->compat)) == 0)
authenticated = 1;
@ -169,10 +168,9 @@ done:
/* return 1 if given hostkey is allowed */
int
hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost,
struct sshkey *key)
hostbased_key_allowed(struct ssh *ssh, struct passwd *pw,
const char *cuser, char *chost, struct sshkey *key)
{
struct ssh *ssh = active_state; /* XXX */
const char *resolvedname, *ipaddr, *lookup, *reason;
HostStatus host_status;
int len;

6
kex.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: kex.h,v 1.93 2018/12/27 03:25:25 djm Exp $ */
/* $OpenBSD: kex.h,v 1.94 2019/01/19 21:43:56 djm Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
@ -156,8 +156,8 @@ struct kex {
struct sshkey *(*load_host_public_key)(int, int, struct ssh *);
struct sshkey *(*load_host_private_key)(int, int, struct ssh *);
int (*host_key_index)(struct sshkey *, int, struct ssh *);
int (*sign)(struct sshkey *, struct sshkey *, u_char **, size_t *,
const u_char *, size_t, const char *, u_int);
int (*sign)(struct ssh *, struct sshkey *, struct sshkey *,
u_char **, size_t *, const u_char *, size_t, const char *);
int (*kex[KEX_MAX])(struct ssh *);
/* kex specific state */
DH *dh; /* DH */

6
kexc25519s.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: kexc25519s.c,v 1.12 2018/12/27 03:25:25 djm Exp $ */
/* $OpenBSD: kexc25519s.c,v 1.13 2019/01/19 21:43:56 djm Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
* Copyright (c) 2010 Damien Miller. All rights reserved.
@ -133,8 +133,8 @@ input_kex_c25519_init(int type, u_int32_t seq, struct ssh *ssh)
}
/* sign H */
if ((r = kex->sign(server_host_private, server_host_public, &signature,
&slen, hash, hashlen, kex->hostkey_alg, ssh->compat)) < 0)
if ((r = kex->sign(ssh, server_host_private, server_host_public,
&signature, &slen, hash, hashlen, kex->hostkey_alg)) < 0)
goto out;
/* send server hostkey, ECDH pubkey 'Q_S' and signed H */

6
kexdhs.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: kexdhs.c,v 1.29 2018/12/27 03:25:25 djm Exp $ */
/* $OpenBSD: kexdhs.c,v 1.30 2019/01/19 21:43:56 djm Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
*
@ -189,8 +189,8 @@ input_kex_dh_init(int type, u_int32_t seq, struct ssh *ssh)
}
/* sign H */
if ((r = kex->sign(server_host_private, server_host_public, &signature,
&slen, hash, hashlen, kex->hostkey_alg, ssh->compat)) < 0)
if ((r = kex->sign(ssh, server_host_private, server_host_public,
&signature, &slen, hash, hashlen, kex->hostkey_alg)) < 0)
goto out;
/* destroy_sensitive_data(); */

6
kexecdhs.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: kexecdhs.c,v 1.18 2018/12/27 03:25:25 djm Exp $ */
/* $OpenBSD: kexecdhs.c,v 1.19 2019/01/19 21:43:56 djm Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
* Copyright (c) 2010 Damien Miller. All rights reserved.
@ -168,8 +168,8 @@ input_kex_ecdh_init(int type, u_int32_t seq, struct ssh *ssh)
}
/* sign H */
if ((r = kex->sign(server_host_private, server_host_public, &signature,
&slen, hash, hashlen, kex->hostkey_alg, ssh->compat)) < 0)
if ((r = kex->sign(ssh, server_host_private, server_host_public,
&signature, &slen, hash, hashlen, kex->hostkey_alg)) < 0)
goto out;
/* destroy_sensitive_data(); */

6
kexgexs.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: kexgexs.c,v 1.36 2018/12/27 03:25:25 djm Exp $ */
/* $OpenBSD: kexgexs.c,v 1.37 2019/01/19 21:43:56 djm Exp $ */
/*
* Copyright (c) 2000 Niels Provos. All rights reserved.
* Copyright (c) 2001 Markus Friedl. All rights reserved.
@ -223,8 +223,8 @@ input_kex_dh_gex_init(int type, u_int32_t seq, struct ssh *ssh)
}
/* sign H */
if ((r = kex->sign(server_host_private, server_host_public, &signature,
&slen, hash, hashlen, kex->hostkey_alg, ssh->compat)) < 0)
if ((r = kex->sign(ssh, server_host_private, server_host_public,
&signature, &slen, hash, hashlen, kex->hostkey_alg)) < 0)
goto out;
/* destroy_sensitive_data(); */

8
monitor.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: monitor.c,v 1.191 2019/01/19 21:43:07 djm Exp $ */
/* $OpenBSD: monitor.c,v 1.192 2019/01/19 21:43:56 djm Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
* Copyright 2002 Markus Friedl <markus@openbsd.org>
@ -360,7 +360,7 @@ monitor_child_preauth(struct ssh *ssh, struct monitor *pmonitor)
ssh->authctxt = NULL;
ssh_packet_set_log_preamble(ssh, "user %s", authctxt->user);
mm_get_keystate(pmonitor);
mm_get_keystate(ssh, pmonitor);
/* Drain any buffered messages from the child */
while (pmonitor->m_log_recvfd != -1 && monitor_read_log(pmonitor) == 0)
@ -1195,7 +1195,7 @@ mm_answer_keyallowed(struct ssh *ssh, int sock, struct sshbuf *m)
if (!key_base_type_match(auth_method, key,
options.hostbased_key_types))
break;
allowed = hostbased_key_allowed(authctxt->pw,
allowed = hostbased_key_allowed(ssh, authctxt->pw,
cuser, chost, key);
auth2_record_info(authctxt,
"client user \"%.100s\", client host \"%.100s\"",
@ -1699,7 +1699,7 @@ monitor_apply_keystate(struct ssh *ssh, struct monitor *pmonitor)
/* This function requries careful sanity checking */
void
mm_get_keystate(struct monitor *pmonitor)
mm_get_keystate(struct ssh *ssh, struct monitor *pmonitor)
{
debug3("%s: Waiting for new keys", __func__);

3
monitor.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: monitor.h,v 1.22 2019/01/19 21:43:07 djm Exp $ */
/* $OpenBSD: monitor.h,v 1.23 2019/01/19 21:43:56 djm Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
@ -90,5 +90,6 @@ void monitor_apply_keystate(struct ssh *, struct monitor *);
void mm_request_send(int, enum monitor_reqtype, struct sshbuf *);
void mm_request_receive(int, struct sshbuf *);
void mm_request_receive_expect(int, enum monitor_reqtype, struct sshbuf *);
void mm_get_keystate(struct ssh *, struct monitor *);
#endif /* _MONITOR_H_ */

15
monitor_wrap.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: monitor_wrap.c,v 1.110 2019/01/19 21:43:07 djm Exp $ */
/* $OpenBSD: monitor_wrap.c,v 1.111 2019/01/19 21:43:56 djm Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
* Copyright 2002 Markus Friedl <markus@openbsd.org>
@ -76,8 +76,6 @@
#include "ssherr.h"
extern struct ssh *active_state; /* XXX */
/* Imports */
extern struct monitor *pmonitor;
extern struct sshbuf *loginmsg;
@ -220,12 +218,12 @@ mm_choose_dh(int min, int nbits, int max)
#endif
int
mm_sshkey_sign(struct sshkey *key, u_char **sigp, size_t *lenp,
mm_sshkey_sign(struct ssh *ssh, struct sshkey *key, u_char **sigp, size_t *lenp,
const u_char *data, size_t datalen, const char *hostkey_alg, u_int compat)
{
struct kex *kex = *pmonitor->m_pkex;
struct sshbuf *m;
u_int ndx = kex->host_key_index(key, 0, active_state);
u_int ndx = kex->host_key_index(key, 0, ssh);
int r;
debug3("%s entering", __func__);
@ -439,8 +437,8 @@ mm_user_key_allowed(struct ssh *ssh, struct passwd *pw, struct sshkey *key,
}
int
mm_hostbased_key_allowed(struct passwd *pw, const char *user, const char *host,
struct sshkey *key)
mm_hostbased_key_allowed(struct ssh *ssh, struct passwd *pw,
const char *user, const char *host, struct sshkey *key)
{
return (mm_key_allowed(MM_HOSTKEY, user, host, key, 0, NULL));
}
@ -533,9 +531,8 @@ mm_sshkey_verify(const struct sshkey *key, const u_char *sig, size_t siglen,
}
void
mm_send_keystate(struct monitor *monitor)
mm_send_keystate(struct ssh *ssh, struct monitor *monitor)
{
struct ssh *ssh = active_state; /* XXX */
struct sshbuf *m;
int r;

11
monitor_wrap.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: monitor_wrap.h,v 1.40 2019/01/19 21:43:07 djm Exp $ */
/* $OpenBSD: monitor_wrap.h,v 1.41 2019/01/19 21:43:56 djm Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
@ -42,8 +42,8 @@ struct sshauthopt;
void mm_log_handler(LogLevel, const char *, void *);
int mm_is_monitor(void);
DH *mm_choose_dh(int, int, int);
int mm_sshkey_sign(struct sshkey *, u_char **, size_t *, const u_char *, size_t,
const char *, u_int compat);
int mm_sshkey_sign(struct ssh *, struct sshkey *, u_char **, size_t *,
const u_char *, size_t, const char *, u_int compat);
void mm_inform_authserv(char *, char *);
struct passwd *mm_getpwnamallow(struct ssh *, const char *);
char *mm_auth2_read_banner(void);
@ -52,7 +52,7 @@ int mm_key_allowed(enum mm_keytype, const char *, const char *, struct sshkey *,
int, struct sshauthopt **);
int mm_user_key_allowed(struct ssh *, struct passwd *, struct sshkey *, int,
struct sshauthopt **);
int mm_hostbased_key_allowed(struct passwd *, const char *,
int mm_hostbased_key_allowed(struct ssh *, struct passwd *, const char *,
const char *, struct sshkey *);
int mm_sshkey_verify(const struct sshkey *, const u_char *, size_t,
const u_char *, size_t, const char *, u_int);
@ -89,8 +89,7 @@ void mm_session_pty_cleanup2(struct Session *);
struct newkeys *mm_newkeys_from_blob(u_char *, int);
int mm_newkeys_to_blob(int, u_char **, u_int *);
void mm_get_keystate(struct monitor *);
void mm_send_keystate(struct monitor*);
void mm_send_keystate(struct ssh *, struct monitor*);
/* bsdauth */
int mm_bsdauth_query(void *, char **, char **, u_int *, char ***, u_int **);

6
serverloop.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: serverloop.c,v 1.211 2019/01/19 21:40:48 djm Exp $ */
/* $OpenBSD: serverloop.c,v 1.212 2019/01/19 21:43:56 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -782,9 +782,9 @@ server_input_hostkeys_prove(struct ssh *ssh, struct sshbuf **respp)
(r = sshbuf_put_string(sigbuf,
ssh->kex->session_id, ssh->kex->session_id_len)) != 0 ||
(r = sshkey_puts(key, sigbuf)) != 0 ||
(r = ssh->kex->sign(key_prv, key_pub, &sig, &slen,
(r = ssh->kex->sign(ssh, key_prv, key_pub, &sig, &slen,
sshbuf_ptr(sigbuf), sshbuf_len(sigbuf),
use_kexsigtype ? ssh->kex->hostkey_alg : NULL, 0)) != 0 ||
use_kexsigtype ? ssh->kex->hostkey_alg : NULL)) != 0 ||
(r = sshbuf_put_string(resp, sig, slen)) != 0) {
error("%s: couldn't prepare signature: %s",
__func__, ssh_err(r));

5
ssh.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssh.c,v 1.499 2019/01/19 21:36:06 djm Exp $ */
/* $OpenBSD: ssh.c,v 1.500 2019/01/19 21:43:56 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -113,8 +113,6 @@
#include "ssh-pkcs11.h"
#endif
extern struct ssh *active_state; /* XXX remove after sshconnect2.c updated */
extern char *__progname;
/* Saves a copy of argv for setproctitle emulation */
@ -652,7 +650,6 @@ main(int ac, char **av)
*/
if ((ssh = ssh_alloc_session_state()) == NULL)
fatal("Couldn't allocate session state");
active_state = ssh; /* XXX */
channel_init_channels(ssh);
/* Parse command-line arguments. */

15
ssh_api.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssh_api.c,v 1.9 2018/12/27 03:25:25 djm Exp $ */
/* $OpenBSD: ssh_api.c,v 1.10 2019/01/19 21:43:56 djm Exp $ */
/*
* Copyright (c) 2012 Markus Friedl. All rights reserved.
*
@ -40,8 +40,8 @@ int _ssh_order_hostkeyalgs(struct ssh *);
int _ssh_verify_host_key(struct sshkey *, struct ssh *);
struct sshkey *_ssh_host_public_key(int, int, struct ssh *);
struct sshkey *_ssh_host_private_key(int, int, struct ssh *);
int _ssh_host_key_sign(struct sshkey *, struct sshkey *,
u_char **, size_t *, const u_char *, size_t, const char *, u_int);
int _ssh_host_key_sign(struct ssh *, struct sshkey *, struct sshkey *,
u_char **, size_t *, const u_char *, size_t, const char *);
/*
* stubs for the server side implementation of kex.
@ -547,9 +547,10 @@ _ssh_order_hostkeyalgs(struct ssh *ssh)
}
int
_ssh_host_key_sign(struct sshkey *privkey, struct sshkey *pubkey,
u_char **signature, size_t *slen, const u_char *data, size_t dlen,
const char *alg, u_int compat)
_ssh_host_key_sign(struct ssh *ssh, struct sshkey *privkey,
struct sshkey *pubkey, u_char **signature, size_t *slen,
const u_char *data, size_t dlen, const char *alg)
{
return sshkey_sign(privkey, signature, slen, data, dlen, alg, compat);
return sshkey_sign(privkey, signature, slen, data, dlen,
alg, ssh->compat);
}

63
sshd.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: sshd.c,v 1.526 2019/01/19 21:43:07 djm Exp $ */
/* $OpenBSD: sshd.c,v 1.527 2019/01/19 21:43:56 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -123,8 +123,6 @@
#include "version.h"
#include "ssherr.h"
extern struct ssh *active_state; /* XXX move decl to this file */
/* Re-exec fds */
#define REEXEC_DEVCRYPTO_RESERVED_FD (STDERR_FILENO + 1)
#define REEXEC_STARTUP_PIPE_FD (STDERR_FILENO + 2)
@ -225,8 +223,9 @@ struct monitor *pmonitor = NULL;
int privsep_is_preauth = 1;
static int privsep_chroot = 1;
/* global authentication context */
/* global connection state and authentication contexts */
Authctxt *the_authctxt = NULL;
struct ssh *the_active_state;
/* global key/cert auth options. XXX move to permanent ssh->authctxt? */
struct sshauthopt *auth_opts = NULL;
@ -353,9 +352,11 @@ grace_alarm_handler(int sig)
kill(0, SIGTERM);
}
/* XXX pre-format ipaddr/port so we don't need to access active_state */
/* Log error and exit. */
sigdie("Timeout before authentication for %s port %d",
ssh_remote_ipaddr(active_state), ssh_remote_port(active_state));
ssh_remote_ipaddr(the_active_state),
ssh_remote_port(the_active_state));
}
/* Destroy the host and server keys. They will no longer be needed. */
@ -742,7 +743,7 @@ notify_hostkeys(struct ssh *ssh)
char *fp;
/* Some clients cannot cope with the hostkeys message, skip those. */
if (datafellows & SSH_BUG_HOSTKEYS)
if (ssh->compat & SSH_BUG_HOSTKEYS)
return;
if ((buf = sshbuf_new()) == NULL)
@ -1960,8 +1961,8 @@ main(int ac, char **av)
*/
if ((ssh = ssh_packet_set_connection(NULL, sock_in, sock_out)) == NULL)
fatal("Unable to create connection");
the_active_state = ssh;
ssh_packet_set_server(ssh);
active_state = ssh; /* XXX needed elsewhere */
check_ip_options(ssh);
@ -2060,7 +2061,7 @@ main(int ac, char **av)
* the current keystate and exits
*/
if (use_privsep) {
mm_send_keystate(pmonitor);
mm_send_keystate(ssh, pmonitor);
ssh_packet_clear_keys(ssh);
exit(0);
}
@ -2139,25 +2140,35 @@ main(int ac, char **av)
}
int
sshd_hostkey_sign(struct sshkey *privkey, struct sshkey *pubkey,
u_char **signature, size_t *slenp, const u_char *data, size_t dlen,
const char *alg, u_int flag)
sshd_hostkey_sign(struct ssh *ssh, struct sshkey *privkey,
struct sshkey *pubkey, u_char **signature, size_t *slenp,
const u_char *data, size_t dlen, const char *alg)
{
int r;
if (privkey) {
if (PRIVSEP(sshkey_sign(privkey, signature, slenp, data, dlen,
alg, datafellows)) < 0)
fatal("%s: key_sign failed", __func__);
} else if (use_privsep) {
if (mm_sshkey_sign(pubkey, signature, slenp, data, dlen,
alg, datafellows) < 0)
fatal("%s: pubkey_sign failed", __func__);
if (use_privsep) {
if (privkey) {
if (mm_sshkey_sign(ssh, privkey, signature, slenp,
data, dlen, alg, ssh->compat) < 0)
fatal("%s: privkey sign failed", __func__);
} else {
if (mm_sshkey_sign(ssh, pubkey, signature, slenp,
data, dlen, alg, ssh->compat) < 0)
fatal("%s: pubkey sign failed", __func__);
}
} else {
if ((r = ssh_agent_sign(auth_sock, pubkey, signature, slenp,
data, dlen, alg, datafellows)) != 0)
fatal("%s: ssh_agent_sign failed: %s",
__func__, ssh_err(r));
if (privkey) {
if (sshkey_sign(privkey, signature, slenp, data, dlen,
alg, ssh->compat) < 0)
fatal("%s: privkey sign failed", __func__);
} else {
if ((r = ssh_agent_sign(auth_sock, pubkey,
signature, slenp, data, dlen, alg,
ssh->compat)) != 0) {
fatal("%s: agent sign failed: %s",
__func__, ssh_err(r));
}
}
}
return 0;
}
@ -2232,10 +2243,8 @@ do_ssh2_kex(struct ssh *ssh)
void
cleanup_exit(int i)
{
struct ssh *ssh = active_state; /* XXX */
if (the_authctxt) {
do_cleanup(ssh, the_authctxt);
if (the_active_state != NULL && the_authctxt != NULL) {
do_cleanup(the_active_state, the_authctxt);
if (use_privsep && privsep_is_preauth &&
pmonitor != NULL && pmonitor->m_pid > 1) {
debug("Killing privsep child %d", pmonitor->m_pid);