diff options
| -rw-r--r-- | usr.bin/ssh/auth.c | 26 | ||||
| -rw-r--r-- | usr.bin/ssh/auth.h | 12 | ||||
| -rw-r--r-- | usr.bin/ssh/auth2.c | 8 | ||||
| -rw-r--r-- | usr.bin/ssh/monitor.c | 8 | ||||
| -rw-r--r-- | usr.bin/ssh/monitor_wrap.c | 5 | ||||
| -rw-r--r-- | usr.bin/ssh/monitor_wrap.h | 5 | ||||
| -rw-r--r-- | usr.bin/ssh/session.c | 4 |
7 files changed, 31 insertions, 37 deletions
diff --git a/usr.bin/ssh/auth.c b/usr.bin/ssh/auth.c index 5754edac1c1..3b039b82542 100644 --- a/usr.bin/ssh/auth.c +++ b/usr.bin/ssh/auth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth.c,v 1.137 2019/01/19 21:37:48 djm Exp $ */ +/* $OpenBSD: auth.c,v 1.138 2019/01/19 21:41:18 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -65,9 +65,6 @@ #include "compat.h" #include "channels.h" -#include "opacket.h" /* XXX */ -extern struct ssh *active_state; /* XXX */ - /* import */ extern ServerOptions options; extern int use_privsep; @@ -86,9 +83,8 @@ static struct sshbuf *auth_debug; * Otherwise true is returned. */ int -allowed_user(struct passwd * pw) +allowed_user(struct ssh *ssh, struct passwd * pw) { - struct ssh *ssh = active_state; /* XXX */ struct stat st; const char *hostname = NULL, *ipaddr = NULL; int r; @@ -242,10 +238,10 @@ format_method_key(Authctxt *authctxt) } void -auth_log(Authctxt *authctxt, int authenticated, int partial, +auth_log(struct ssh *ssh, int authenticated, int partial, const char *method, const char *submethod) { - struct ssh *ssh = active_state; /* XXX */ + Authctxt *authctxt = (Authctxt *)ssh->authctxt; int level = SYSLOG_LEVEL_VERBOSE; const char *authmsg; char *extra = NULL; @@ -287,9 +283,9 @@ auth_log(Authctxt *authctxt, int authenticated, int partial, } void -auth_maxtries_exceeded(Authctxt *authctxt) +auth_maxtries_exceeded(struct ssh *ssh) { - struct ssh *ssh = active_state; /* XXX */ + Authctxt *authctxt = (Authctxt *)ssh->authctxt; error("maximum authentication attempts exceeded for " "%s%.100s from %.200s port %d ssh2", @@ -297,7 +293,7 @@ auth_maxtries_exceeded(Authctxt *authctxt) authctxt->user, ssh_remote_ipaddr(ssh), ssh_remote_port(ssh)); - packet_disconnect("Too many authentication failures"); + ssh_packet_disconnect(ssh, "Too many authentication failures"); /* NOTREACHED */ } @@ -472,9 +468,8 @@ auth_openprincipals(const char *file, struct passwd *pw, int strict_modes) } struct passwd * -getpwnamallow(const char *user) +getpwnamallow(struct ssh *ssh, const char *user) { - struct ssh *ssh = active_state; /* XXX */ extern login_cap_t *lc; auth_session_t *as; struct passwd *pw; @@ -492,7 +487,7 @@ getpwnamallow(const char *user) user, ssh_remote_ipaddr(ssh), ssh_remote_port(ssh)); return (NULL); } - if (!allowed_user(pw)) + if (!allowed_user(ssh, pw)) return (NULL); if ((lc = login_getclass(pw->pw_class)) == NULL) { debug("unable to get login class: %s", user); @@ -567,9 +562,8 @@ auth_debug_add(const char *fmt,...) } void -auth_debug_send(void) +auth_debug_send(struct ssh *ssh) { - struct ssh *ssh = active_state; /* XXX */ char *msg; int r; diff --git a/usr.bin/ssh/auth.h b/usr.bin/ssh/auth.h index 86a7784d231..3a501fa2805 100644 --- a/usr.bin/ssh/auth.h +++ b/usr.bin/ssh/auth.h @@ -1,4 +1,4 @@ -/* $OpenBSD: auth.h,v 1.97 2019/01/19 21:38:24 djm Exp $ */ +/* $OpenBSD: auth.h,v 1.98 2019/01/19 21:41:18 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -149,8 +149,8 @@ void krb5_cleanup_proc(Authctxt *authctxt); void do_authentication2(struct ssh *); -void auth_log(Authctxt *, int, int, const char *, const char *); -void auth_maxtries_exceeded(Authctxt *) __attribute__((noreturn)); +void auth_log(struct ssh *, int, int, const char *, const char *); +void auth_maxtries_exceeded(struct ssh *) __attribute__((noreturn)); void userauth_finish(struct ssh *, int, const char *, const char *); int auth_root_allowed(struct ssh *, const char *); @@ -167,8 +167,8 @@ void auth2_challenge_stop(struct ssh *); int bsdauth_query(void *, char **, char **, u_int *, char ***, u_int **); int bsdauth_respond(void *, u_int, char **); -int allowed_user(struct passwd *); -struct passwd * getpwnamallow(const char *user); +int allowed_user(struct ssh *, struct passwd *); +struct passwd * getpwnamallow(struct ssh *, const char *user); char *expand_authorized_keys(const char *, struct passwd *pw); char *authorized_principals_file(struct passwd *); @@ -203,7 +203,7 @@ void auth_log_authopts(const char *, const struct sshauthopt *, int); /* debug messages during authentication */ void auth_debug_add(const char *fmt,...) __attribute__((format(printf, 1, 2))); -void auth_debug_send(void); +void auth_debug_send(struct ssh *); void auth_debug_reset(void); struct passwd *fakepw(void); diff --git a/usr.bin/ssh/auth2.c b/usr.bin/ssh/auth2.c index 7db3a753f93..1f705fabda1 100644 --- a/usr.bin/ssh/auth2.c +++ b/usr.bin/ssh/auth2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2.c,v 1.153 2019/01/19 21:38:24 djm Exp $ */ +/* $OpenBSD: auth2.c,v 1.154 2019/01/19 21:41:18 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -272,7 +272,7 @@ input_userauth_request(int type, u_int32_t seq, struct ssh *ssh) if (authctxt->attempt++ == 0) { /* setup auth context */ - authctxt->pw = PRIVSEP(getpwnamallow(user)); + authctxt->pw = PRIVSEP(getpwnamallow(ssh, user)); if (authctxt->pw && strcmp(service, "ssh-connection")==0) { authctxt->valid = 1; debug2("%s: setting up authctxt for %s", @@ -358,7 +358,7 @@ userauth_finish(struct ssh *ssh, int authenticated, const char *method, } /* Log before sending the reply */ - auth_log(authctxt, authenticated, partial, method, submethod); + auth_log(ssh, authenticated, partial, method, submethod); /* Update information exposed to session */ if (authenticated || partial) @@ -384,7 +384,7 @@ userauth_finish(struct ssh *ssh, int authenticated, const char *method, (authctxt->attempt > 1 || strcmp(method, "none") != 0)) authctxt->failures++; if (authctxt->failures >= options.max_authtries) - auth_maxtries_exceeded(authctxt); + auth_maxtries_exceeded(ssh); methods = authmethods_get(authctxt); debug3("%s: failure partial=%d next methods=\"%s\"", __func__, partial, methods); diff --git a/usr.bin/ssh/monitor.c b/usr.bin/ssh/monitor.c index 4aabe693828..ec31b801ea2 100644 --- a/usr.bin/ssh/monitor.c +++ b/usr.bin/ssh/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.189 2019/01/19 21:31:32 djm Exp $ */ +/* $OpenBSD: monitor.c,v 1.190 2019/01/19 21:41:18 djm Exp $ */ /* * Copyright 2002 Niels Provos <provos@citi.umich.edu> * Copyright 2002 Markus Friedl <markus@openbsd.org> @@ -277,7 +277,7 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor) authenticated = 0; } if (ent->flags & (MON_AUTHDECIDE|MON_ALOG)) { - auth_log(authctxt, authenticated, partial, + auth_log(ssh, authenticated, partial, auth_method, auth_submethod); if (!partial && !authenticated) authctxt->failures++; @@ -665,7 +665,7 @@ mm_answer_pwnamallow(int sock, struct sshbuf *m) if ((r = sshbuf_get_cstring(m, &username, NULL)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); - pwent = getpwnamallow(username); + pwent = getpwnamallow(ssh, username); authctxt->user = xstrdup(username); setproctitle("%s [priv]", pwent ? username : "unknown"); @@ -988,7 +988,7 @@ mm_answer_keyallowed(int sock, struct sshbuf *m) hostbased_chost = chost; } else { /* Log failed attempt */ - auth_log(authctxt, 0, 0, auth_method, NULL); + auth_log(ssh, 0, 0, auth_method, NULL); free(cuser); free(chost); } diff --git a/usr.bin/ssh/monitor_wrap.c b/usr.bin/ssh/monitor_wrap.c index 0a750733691..d680cdf1863 100644 --- a/usr.bin/ssh/monitor_wrap.c +++ b/usr.bin/ssh/monitor_wrap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_wrap.c,v 1.108 2019/01/19 21:31:32 djm Exp $ */ +/* $OpenBSD: monitor_wrap.c,v 1.109 2019/01/19 21:41:18 djm Exp $ */ /* * Copyright 2002 Niels Provos <provos@citi.umich.edu> * Copyright 2002 Markus Friedl <markus@openbsd.org> @@ -246,9 +246,8 @@ mm_sshkey_sign(struct sshkey *key, u_char **sigp, size_t *lenp, } struct passwd * -mm_getpwnamallow(const char *username) +mm_getpwnamallow(struct ssh *ssh, const char *username) { - struct ssh *ssh = active_state; /* XXX */ struct sshbuf *m; struct passwd *pw; size_t len; diff --git a/usr.bin/ssh/monitor_wrap.h b/usr.bin/ssh/monitor_wrap.h index 09bddb97df7..4e17884e6a9 100644 --- a/usr.bin/ssh/monitor_wrap.h +++ b/usr.bin/ssh/monitor_wrap.h @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_wrap.h,v 1.38 2018/07/11 18:53:29 markus Exp $ */ +/* $OpenBSD: monitor_wrap.h,v 1.39 2019/01/19 21:41:18 djm Exp $ */ /* * Copyright 2002 Niels Provos <provos@citi.umich.edu> @@ -33,6 +33,7 @@ extern int use_privsep; enum mm_keytype { MM_NOKEY, MM_HOSTKEY, MM_USERKEY }; +struct ssh; struct monitor; struct Authctxt; struct sshkey; @@ -44,7 +45,7 @@ DH *mm_choose_dh(int, int, int); int mm_sshkey_sign(struct sshkey *, u_char **, size_t *, const u_char *, size_t, const char *, u_int compat); void mm_inform_authserv(char *, char *); -struct passwd *mm_getpwnamallow(const char *); +struct passwd *mm_getpwnamallow(struct ssh *, const char *); char *mm_auth2_read_banner(void); int mm_auth_password(struct ssh *, char *); int mm_key_allowed(enum mm_keytype, const char *, const char *, struct sshkey *, diff --git a/usr.bin/ssh/session.c b/usr.bin/ssh/session.c index 7d30105fc2e..00e439f7504 100644 --- a/usr.bin/ssh/session.c +++ b/usr.bin/ssh/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.310 2019/01/19 21:31:32 djm Exp $ */ +/* $OpenBSD: session.c,v 1.311 2019/01/19 21:41:18 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved @@ -344,7 +344,7 @@ do_authenticated(struct ssh *ssh, Authctxt *authctxt) else channel_permit_all(ssh, FORWARD_REMOTE); } - auth_debug_send(); + auth_debug_send(ssh); prepare_auth_info_file(authctxt->pw, authctxt->session_info); |