-/* $OpenBSD: auth-bsdauth.c,v 1.14 2015/10/20 23:24:25 mmcc Exp $ */
+/* $OpenBSD: auth-bsdauth.c,v 1.15 2018/07/09 21:35:50 markus Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
*
#include <stdio.h>
#include "xmalloc.h"
-#include "key.h"
+#include "sshkey.h"
+#include "sshbuf.h"
#include "hostfile.h"
#include "auth.h"
#include "log.h"
-#include "buffer.h"
#ifdef GSSAPI
#include "ssh-gss.h"
#endif
-/* $OpenBSD: auth-krb5.c,v 1.22 2016/05/04 14:22:33 markus Exp $ */
+/* $OpenBSD: auth-krb5.c,v 1.23 2018/07/09 21:35:50 markus Exp $ */
/*
* Kerberos v5 authentication and ticket-passing routines.
*
#include "ssh.h"
#include "packet.h"
#include "log.h"
-#include "buffer.h"
+#include "sshbuf.h"
+#include "sshkey.h"
#include "servconf.h"
#include "uidswap.h"
-#include "key.h"
#include "hostfile.h"
#include "auth.h"
-/* $OpenBSD: auth-rhosts.c,v 1.48 2016/08/13 17:47:41 markus Exp $ */
+/* $OpenBSD: auth-rhosts.c,v 1.49 2018/07/09 21:35:50 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
#include "pathnames.h"
#include "log.h"
#include "misc.h"
-#include "buffer.h" /* XXX */
-#include "key.h" /* XXX */
+#include "sshbuf.h"
+#include "sshkey.h"
#include "servconf.h"
#include "canohost.h"
#include "sshkey.h"
-/* $OpenBSD: auth.c,v 1.130 2018/06/06 18:23:32 djm Exp $ */
+/* $OpenBSD: auth.c,v 1.131 2018/07/09 21:35:50 markus Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
#include "match.h"
#include "groupaccess.h"
#include "log.h"
-#include "buffer.h"
+#include "sshbuf.h"
#include "misc.h"
#include "servconf.h"
-#include "key.h"
+#include "sshkey.h"
#include "hostfile.h"
#include "auth.h"
#include "auth-options.h"
extern struct sshauthopt *auth_opts;
/* Debugging messages */
-Buffer auth_debug;
-int auth_debug_init;
+static struct sshbuf *auth_debug;
/*
* Check if the user is allowed to log in via ssh. If user is listed
if (key == NULL)
return NULL;
- if (key_is_cert(key)) {
+ if (sshkey_is_cert(key)) {
fp = sshkey_fingerprint(key->cert->signature_key,
options.fingerprint_hash, SSH_FP_DEFAULT);
xasprintf(&ret, "%s ID %s (serial %llu) CA %s %s%s%s",
{
char buf[1024];
va_list args;
+ int r;
- if (!auth_debug_init)
+ if (auth_debug == NULL)
return;
va_start(args, fmt);
vsnprintf(buf, sizeof(buf), fmt, args);
va_end(args);
- buffer_put_cstring(&auth_debug, buf);
+ if ((r = sshbuf_put_cstring(auth_debug, buf)) != 0)
+ fatal("%s: sshbuf_put_cstring: %s", __func__, ssh_err(r));
}
void
auth_debug_send(void)
{
+ struct ssh *ssh = active_state; /* XXX */
char *msg;
+ int r;
- if (!auth_debug_init)
+ if (auth_debug == NULL)
return;
- while (buffer_len(&auth_debug)) {
- msg = buffer_get_string(&auth_debug, NULL);
- packet_send_debug("%s", msg);
+ while (sshbuf_len(auth_debug) != 0) {
+ if ((r = sshbuf_get_cstring(auth_debug, &msg, NULL)) != 0)
+ fatal("%s: sshbuf_get_cstring: %s",
+ __func__, ssh_err(r));
+ ssh_packet_send_debug(ssh, "%s", msg);
free(msg);
}
}
void
auth_debug_reset(void)
{
- if (auth_debug_init)
- buffer_clear(&auth_debug);
- else {
- buffer_init(&auth_debug);
- auth_debug_init = 1;
- }
+ if (auth_debug != NULL)
+ sshbuf_reset(auth_debug);
+ else if ((auth_debug = sshbuf_new()) == NULL)
+ fatal("%s: sshbuf_new failed", __func__);
}
struct passwd *
-/* $OpenBSD: auth2-chall.c,v 1.48 2017/05/30 14:29:59 markus Exp $ */
+/* $OpenBSD: auth2-chall.c,v 1.49 2018/07/09 21:35:50 markus Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
* Copyright (c) 2001 Per Allansson. All rights reserved.
#include "xmalloc.h"
#include "ssh2.h"
-#include "key.h"
+#include "sshkey.h"
#include "hostfile.h"
#include "auth.h"
-#include "buffer.h"
+#include "sshbuf.h"
#include "packet.h"
#include "dispatch.h"
+#include "ssherr.h"
#include "log.h"
static int auth2_challenge_start(struct ssh *);
-static int send_userauth_info_request(Authctxt *);
+static int send_userauth_info_request(struct ssh *);
static int input_userauth_info_response(int, u_int32_t, struct ssh *);
extern KbdintDevice bsdauth_device;
kbdint_alloc(const char *devs)
{
KbdintAuthctxt *kbdintctxt;
- Buffer b;
- int i;
+ struct sshbuf *b;
+ int i, r;
kbdintctxt = xcalloc(1, sizeof(KbdintAuthctxt));
if (strcmp(devs, "") == 0) {
- buffer_init(&b);
+ if ((b = sshbuf_new()) == NULL)
+ fatal("%s: sshbuf_new failed", __func__);
for (i = 0; devices[i]; i++) {
- if (buffer_len(&b) > 0)
- buffer_append(&b, ",", 1);
- buffer_append(&b, devices[i]->name,
- strlen(devices[i]->name));
+ if ((r = sshbuf_putf(b, "%s%s",
+ sshbuf_len(b) ? "," : "", devices[i]->name)) != 0)
+ fatal("%s: buffer error: %s",
+ __func__, ssh_err(r));
}
- if ((kbdintctxt->devices = sshbuf_dup_string(&b)) == NULL)
+ if ((kbdintctxt->devices = sshbuf_dup_string(b)) == NULL)
fatal("%s: sshbuf_dup_string failed", __func__);
- buffer_free(&b);
+ sshbuf_free(b);
} else {
kbdintctxt->devices = xstrdup(devs);
}
auth2_challenge_stop(ssh);
return 0;
}
- if (send_userauth_info_request(authctxt) == 0) {
+ if (send_userauth_info_request(ssh) == 0) {
auth2_challenge_stop(ssh);
return 0;
}
}
static int
-send_userauth_info_request(Authctxt *authctxt)
+send_userauth_info_request(struct ssh *ssh)
{
+ Authctxt *authctxt = ssh->authctxt;
KbdintAuthctxt *kbdintctxt;
char *name, *instr, **prompts;
- u_int i, *echo_on;
+ u_int r, i, *echo_on;
kbdintctxt = authctxt->kbdintctxt;
if (kbdintctxt->device->query(kbdintctxt->ctxt,
&name, &instr, &kbdintctxt->nreq, &prompts, &echo_on))
return 0;
- packet_start(SSH2_MSG_USERAUTH_INFO_REQUEST);
- packet_put_cstring(name);
- packet_put_cstring(instr);
- packet_put_cstring(""); /* language not used */
- packet_put_int(kbdintctxt->nreq);
+ if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_INFO_REQUEST)) != 0 ||
+ (r = sshpkt_put_cstring(ssh, name)) != 0 ||
+ (r = sshpkt_put_cstring(ssh, instr)) != 0 ||
+ (r = sshpkt_put_cstring(ssh, "")) != 0 || /* language not used */
+ (r = sshpkt_put_u32(ssh, kbdintctxt->nreq)) != 0)
+ fatal("%s: %s", __func__, ssh_err(r));
for (i = 0; i < kbdintctxt->nreq; i++) {
- packet_put_cstring(prompts[i]);
- packet_put_char(echo_on[i]);
+ if ((r = sshpkt_put_cstring(ssh, prompts[i])) != 0 ||
+ (r = sshpkt_put_u8(ssh, echo_on[i])) != 0)
+ fatal("%s: %s", __func__, ssh_err(r));
}
- packet_send();
- packet_write_wait();
+ if ((r = sshpkt_send(ssh)) != 0)
+ fatal("%s: %s", __func__, ssh_err(r));
+ ssh_packet_write_wait(ssh);
for (i = 0; i < kbdintctxt->nreq; i++)
free(prompts[i]);
Authctxt *authctxt = ssh->authctxt;
KbdintAuthctxt *kbdintctxt;
int authenticated = 0, res;
+ int r;
u_int i, nresp;
const char *devicename = NULL;
char **response = NULL;
fatal("input_userauth_info_response: no device");
authctxt->postponed = 0; /* reset */
- nresp = packet_get_int();
+ if ((r = sshpkt_get_u32(ssh, &nresp)) != 0)
+ fatal("%s: %s", __func__, ssh_err(r));
if (nresp != kbdintctxt->nreq)
fatal("input_userauth_info_response: wrong number of replies");
if (nresp > 100)
if (nresp > 0) {
response = xcalloc(nresp, sizeof(char *));
for (i = 0; i < nresp; i++)
- response[i] = packet_get_string(NULL);
+ if ((r = sshpkt_get_cstring(ssh, &response[i],
+ NULL)) != 0)
+ fatal("%s: %s", __func__, ssh_err(r));
}
- packet_check_eom();
+ if ((r = sshpkt_get_end(ssh)) != 0)
+ fatal("%s: %s", __func__, ssh_err(r));
res = kbdintctxt->device->respond(kbdintctxt->ctxt, nresp, response);
break;
case 1:
/* Authentication needs further interaction */
- if (send_userauth_info_request(authctxt) == 1)
+ if (send_userauth_info_request(ssh) == 1)
authctxt->postponed = 1;
break;
default:
-/* $OpenBSD: auth2-hostbased.c,v 1.34 2018/07/03 11:39:54 djm Exp $ */
+/* $OpenBSD: auth2-hostbased.c,v 1.35 2018/07/09 21:35:50 markus Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
#include "xmalloc.h"
#include "ssh2.h"
#include "packet.h"
-#include "buffer.h"
+#include "sshbuf.h"
#include "log.h"
#include "misc.h"
#include "servconf.h"
-/* $OpenBSD: auth2-kbdint.c,v 1.8 2017/05/30 14:29:59 markus Exp $ */
+/* $OpenBSD: auth2-kbdint.c,v 1.9 2018/07/09 21:35:50 markus Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
#include "xmalloc.h"
#include "packet.h"
-#include "key.h"
#include "hostfile.h"
#include "auth.h"
#include "log.h"
-#include "buffer.h"
#include "misc.h"
#include "servconf.h"
+#include "ssherr.h"
/* import */
extern ServerOptions options;
static int
userauth_kbdint(struct ssh *ssh)
{
- int authenticated = 0;
+ int r, authenticated = 0;
char *lang, *devs;
- lang = packet_get_string(NULL);
- devs = packet_get_string(NULL);
- packet_check_eom();
+ if ((r = sshpkt_get_cstring(ssh, &lang, NULL)) != 0 ||
+ (r = sshpkt_get_cstring(ssh, &devs, NULL)) != 0 ||
+ (r = sshpkt_get_end(ssh)) != 0)
+ fatal("%s: %s", __func__, ssh_err(r));
debug("keyboard-interactive devs %s", devs);
-/* $OpenBSD: auth2-none.c,v 1.21 2018/03/03 03:15:51 djm Exp $ */
+/* $OpenBSD: auth2-none.c,v 1.22 2018/07/09 21:35:50 markus Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
#include "auth.h"
#include "packet.h"
#include "log.h"
-#include "buffer.h"
#include "misc.h"
#include "servconf.h"
#include "compat.h"
-/* $OpenBSD: auth2-passwd.c,v 1.15 2018/03/03 03:15:51 djm Exp $ */
+/* $OpenBSD: auth2-passwd.c,v 1.16 2018/07/09 21:35:50 markus Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
#include "sshkey.h"
#include "hostfile.h"
#include "auth.h"
-#include "buffer.h"
#ifdef GSSAPI
#include "ssh-gss.h"
#endif
-/* $OpenBSD: auth2-pubkey.c,v 1.80 2018/07/03 11:39:54 djm Exp $ */
+/* $OpenBSD: auth2-pubkey.c,v 1.81 2018/07/09 21:35:50 markus Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
#include "ssh.h"
#include "ssh2.h"
#include "packet.h"
-#include "buffer.h"
+#include "sshbuf.h"
#include "log.h"
#include "misc.h"
#include "servconf.h"
-/* $OpenBSD: auth2.c,v 1.147 2018/05/11 03:22:55 dtucker Exp $ */
+/* $OpenBSD: auth2.c,v 1.148 2018/07/09 21:35:50 markus Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
#include "ssh2.h"
#include "packet.h"
#include "log.h"
-#include "buffer.h"
+#include "sshbuf.h"
#include "misc.h"
#include "servconf.h"
#include "compat.h"
static char *
authmethods_get(Authctxt *authctxt)
{
- Buffer b;
+ struct sshbuf *b;
char *list;
- u_int i;
+ int i, r;
- buffer_init(&b);
+ if ((b = sshbuf_new()) == NULL)
+ fatal("%s: sshbuf_new failed", __func__);
for (i = 0; authmethods[i] != NULL; i++) {
if (strcmp(authmethods[i]->name, "none") == 0)
continue;
if (!auth2_method_allowed(authctxt, authmethods[i]->name,
NULL))
continue;
- if (buffer_len(&b) > 0)
- buffer_append(&b, ",", 1);
- buffer_append(&b, authmethods[i]->name,
- strlen(authmethods[i]->name));
+ if ((r = sshbuf_putf(b, "%s%s", sshbuf_len(b) ? "," : "",
+ authmethods[i]->name)) != 0)
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
}
- if ((list = sshbuf_dup_string(&b)) == NULL)
+ if ((list = sshbuf_dup_string(b)) == NULL)
fatal("%s: sshbuf_dup_string failed", __func__);
- buffer_free(&b);
+ sshbuf_free(b);
return list;
}
-/* $OpenBSD: monitor.c,v 1.181 2018/07/09 21:26:02 markus Exp $ */
+/* $OpenBSD: monitor.c,v 1.182 2018/07/09 21:35:50 markus Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
* Copyright 2002 Markus Friedl <markus@openbsd.org>
extern ServerOptions options;
extern u_int utmp_len;
extern u_char session_id[];
-extern Buffer auth_debug;
-extern int auth_debug_init;
extern struct sshbuf *loginmsg;
extern struct sshauthopt *auth_opts; /* XXX move to permanent ssh->authctxt? */