=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/clientloop.c,v retrieving revision 1.353 retrieving revision 1.354 diff -u -r1.353 -r1.354 --- src/usr.bin/ssh/clientloop.c 2020/10/14 00:55:17 1.353 +++ src/usr.bin/ssh/clientloop.c 2020/10/18 11:32:01 1.354 @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.353 2020/10/14 00:55:17 djm Exp $ */ +/* $OpenBSD: clientloop.c,v 1.354 2020/10/18 11:32:01 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -226,13 +226,13 @@ } else if (channel_still_open(ssh)) { /* some client connections are still open */ if (control_persist_exit_time > 0) - debug2("%s: cancel scheduled exit", __func__); + debug2_f("cancel scheduled exit"); control_persist_exit_time = 0; } else if (control_persist_exit_time <= 0) { /* a client connection has recently closed */ control_persist_exit_time = monotime() + (time_t)options.control_persist_timeout; - debug2("%s: schedule exit in %d seconds", __func__, + debug2_f("schedule exit in %d seconds", options.control_persist_timeout); } /* else we are already counting down to the timeout */ @@ -300,7 +300,7 @@ if ((r = snprintf(xdisplay, sizeof(xdisplay), "unix:%s", display + 10)) < 0 || (size_t)r >= sizeof(xdisplay)) { - error("%s: display name too long", __func__); + error_f("display name too long"); return -1; } display = xdisplay; @@ -315,15 +315,14 @@ */ mktemp_proto(xauthdir, sizeof(xauthdir)); if (mkdtemp(xauthdir) == NULL) { - error("%s: mkdtemp: %s", - __func__, strerror(errno)); + error_f("mkdtemp: %s", strerror(errno)); return -1; } do_unlink = 1; if ((r = snprintf(xauthfile, sizeof(xauthfile), "%s/xauthfile", xauthdir)) < 0 || (size_t)r >= sizeof(xauthfile)) { - error("%s: xauthfile path too long", __func__); + error_f("xauthfile path too long"); rmdir(xauthdir); return -1; } @@ -349,7 +348,7 @@ SSH_X11_PROTO, x11_timeout_real, _PATH_DEVNULL); } - debug2("%s: xauth command: %s", __func__, cmd); + debug2_f("xauth command: %s", cmd); if (timeout != 0 && x11_refuse_time == 0) { now = monotime() + 1; @@ -438,7 +437,7 @@ if (!received_window_change_signal) return; received_window_change_signal = 0; - debug2("%s: changed", __func__); + debug2_f("changed"); channel_send_window_changes(ssh); } @@ -480,7 +479,7 @@ (r = sshpkt_put_cstring(ssh, "keepalive@openssh.com")) != 0 || (r = sshpkt_put_u8(ssh, 1)) != 0 || /* boolean: want reply */ (r = sshpkt_send(ssh)) != 0) - fatal("%s: send packet: %s", __func__, ssh_err(r)); + fatal_fr(r, "send packet"); /* Insert an empty placeholder to maintain ordering */ client_register_global_confirm(NULL, NULL); schedule_server_alive_check(); @@ -562,7 +561,7 @@ /* Note: we might still have data in the buffers. */ if ((r = sshbuf_putf(stderr_buffer, "select: %s\r\n", strerror(errno))) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "sshbuf_putf"); quit_pending = 1; } else if (options.server_alive_interval > 0 && !FD_ISSET(connection_in, *readsetp) && monotime() >= server_alive_time) @@ -622,8 +621,7 @@ if ((r = sshbuf_putf(stderr_buffer, "Connection to %.300s closed by remote host.\r\n", host)) != 0) - fatal("%s: buffer error: %s", - __func__, ssh_err(r)); + fatal_fr(r, "sshbuf_putf"); quit_pending = 1; return; } @@ -642,8 +640,7 @@ if ((r = sshbuf_putf(stderr_buffer, "Read from remote host %.300s: %.100s\r\n", host, strerror(errno))) != 0) - fatal("%s: buffer error: %s", - __func__, ssh_err(r)); + fatal_fr(r, "sshbuf_putf"); quit_pending = 1; return; } @@ -693,8 +690,7 @@ if (tochan) { if ((r = sshbuf_put(c->extended, errmsg, strlen(errmsg))) != 0) - fatal("%s: buffer error %s", __func__, - ssh_err(r)); + fatal_fr(r, "sshbuf_put"); } else error("%s", errmsg); if (cr->action == CONFIRM_TTY) { @@ -742,8 +738,8 @@ last_gc = TAILQ_LAST(&global_confirms, global_confirms); if (last_gc && last_gc->cb == cb && last_gc->ctx == ctx) { if (++last_gc->ref_count >= INT_MAX) - fatal("%s: last_gc->ref_count = %d", - __func__, last_gc->ref_count); + fatal_f("last_gc->ref_count = %d", + last_gc->ref_count); return; } @@ -906,7 +902,7 @@ if ((r = sshbuf_putf(b, "%c?\r\nSupported escape sequences:\r\n", escape_char)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "sshbuf_putf"); suppress_flags = (mux_client ? SUPPRESS_MUXCLIENT : 0) | @@ -918,14 +914,14 @@ continue; if ((r = sshbuf_putf(b, " %c%-3s - %s\r\n", escape_char, esc_txt[i].cmd, esc_txt[i].text)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "sshbuf_putf"); } if ((r = sshbuf_putf(b, " %c%c - send the escape character by typing it twice\r\n" "(Note that escapes are only recognized immediately after " "newline.)\r\n", escape_char, escape_char)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "sshbuf_putf"); } /* @@ -965,8 +961,7 @@ /* Terminate the connection. */ if ((r = sshbuf_putf(berr, "%c.\r\n", efc->escape_char)) != 0) - fatal("%s: buffer error: %s", - __func__, ssh_err(r)); + fatal_fr(r, "sshbuf_putf"); if (c && c->ctl_chan != -1) { chan_read_failed(ssh, c); chan_write_failed(ssh, c); @@ -995,16 +990,14 @@ "%c%s escape not available to " "multiplexed sessions\r\n", efc->escape_char, b)) != 0) - fatal("%s: buffer error: %s", - __func__, ssh_err(r)); + fatal_fr(r, "sshbuf_putf"); continue; } /* Suspend the program. Inform the user */ if ((r = sshbuf_putf(berr, "%c^Z [suspend ssh]\r\n", efc->escape_char)) != 0) - fatal("%s: buffer error: %s", - __func__, ssh_err(r)); + fatal_fr(r, "sshbuf_putf"); /* Restore terminal modes and suspend. */ client_suspend_self(bin, bout, berr); @@ -1015,13 +1008,11 @@ case 'B': if ((r = sshbuf_putf(berr, "%cB\r\n", efc->escape_char)) != 0) - fatal("%s: buffer error: %s", - __func__, ssh_err(r)); + fatal_fr(r, "sshbuf_putf"); channel_request_start(ssh, c->self, "break", 0); if ((r = sshpkt_put_u32(ssh, 1000)) != 0 || (r = sshpkt_send(ssh)) != 0) - fatal("%s: send packet: %s", __func__, - ssh_err(r)); + fatal_fr(r, "send packet"); continue; case 'R': @@ -1041,8 +1032,7 @@ if ((r = sshbuf_putf(berr, "%c%c [Logging to syslog]\r\n", efc->escape_char, ch)) != 0) - fatal("%s: buffer error: %s", - __func__, ssh_err(r)); + fatal_fr(r, "sshbuf_putf"); continue; } if (ch == 'V' && options.log_level > @@ -1055,8 +1045,7 @@ "%c%c [LogLevel %s]\r\n", efc->escape_char, ch, log_level_name(options.log_level))) != 0) - fatal("%s: buffer error: %s", - __func__, ssh_err(r)); + fatal_fr(r, "sshbuf_putf"); continue; case '&': @@ -1074,11 +1063,9 @@ /* Stop listening for new connections. */ channel_stop_listening(ssh); - if ((r = sshbuf_putf(berr, - "%c& [backgrounded]\n", efc->escape_char)) - != 0) - fatal("%s: buffer error: %s", - __func__, ssh_err(r)); + if ((r = sshbuf_putf(berr, "%c& " + "[backgrounded]\n", efc->escape_char)) != 0) + fatal_fr(r, "sshbuf_putf"); /* Fork into background. */ pid = fork(); @@ -1093,8 +1080,7 @@ /* The child continues serving connections. */ /* fake EOF on stdin */ if ((r = sshbuf_put_u8(bin, 4)) != 0) - fatal("%s: buffer error: %s", - __func__, ssh_err(r)); + fatal_fr(r, "sshbuf_put_u8"); return -1; case '?': print_escape_help(berr, efc->escape_char, @@ -1105,12 +1091,10 @@ case '#': if ((r = sshbuf_putf(berr, "%c#\r\n", efc->escape_char)) != 0) - fatal("%s: buffer error: %s", - __func__, ssh_err(r)); + fatal_fr(r, "sshbuf_putf"); s = channel_open_message(ssh); if ((r = sshbuf_put(berr, s, strlen(s))) != 0) - fatal("%s: buffer error: %s", - __func__, ssh_err(r)); + fatal_fr(r, "sshbuf_put"); free(s); continue; @@ -1124,8 +1108,7 @@ if (ch != efc->escape_char) { if ((r = sshbuf_put_u8(bin, efc->escape_char)) != 0) - fatal("%s: buffer error: %s", - __func__, ssh_err(r)); + fatal_fr(r, "sshbuf_put_u8"); bytes++; } /* Escaped characters fall through here */ @@ -1152,7 +1135,7 @@ */ last_was_cr = (ch == '\r' || ch == '\n'); if ((r = sshbuf_put_u8(bin, ch)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "sshbuf_put_u8"); bytes++; } return bytes; @@ -1238,30 +1221,30 @@ debug("pledge: id"); if (pledge("stdio rpath wpath cpath unix inet dns recvfd sendfd proc exec id tty", NULL) == -1) - fatal("%s pledge(): %s", __func__, strerror(errno)); + fatal_f("pledge(): %s", strerror(errno)); } else if (options.forward_x11 || options.permit_local_command) { debug("pledge: exec"); if (pledge("stdio rpath wpath cpath unix inet dns proc exec tty", NULL) == -1) - fatal("%s pledge(): %s", __func__, strerror(errno)); + fatal_f("pledge(): %s", strerror(errno)); } else if (options.update_hostkeys) { debug("pledge: filesystem full"); if (pledge("stdio rpath wpath cpath unix inet dns proc tty", NULL) == -1) - fatal("%s pledge(): %s", __func__, strerror(errno)); + fatal_f("pledge(): %s", strerror(errno)); } else if (!option_clear_or_none(options.proxy_command) || fork_after_authentication_flag) { debug("pledge: proc"); if (pledge("stdio cpath unix inet dns proc tty", NULL) == -1) - fatal("%s pledge(): %s", __func__, strerror(errno)); + fatal_f("pledge(): %s", strerror(errno)); } else { debug("pledge: network"); if (pledge("stdio unix inet dns proc tty", NULL) == -1) - fatal("%s pledge(): %s", __func__, strerror(errno)); + fatal_f("pledge(): %s", strerror(errno)); } start_time = monotime_double(); @@ -1277,7 +1260,7 @@ /* Initialize buffer. */ if ((stderr_buffer = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); client_init_dispatch(ssh); @@ -1328,8 +1311,7 @@ /* manual rekey request */ debug("need rekeying"); if ((r = kex_start_rekex(ssh)) != 0) - fatal("%s: kex_start_rekex: %s", __func__, - ssh_err(r)); + fatal_fr(r, "kex_start_rekex"); need_rekeying = 0; } else { /* @@ -1406,7 +1388,7 @@ (r = sshpkt_put_cstring(ssh, "")) != 0 || /* language tag */ (r = sshpkt_send(ssh)) != 0 || (r = ssh_packet_write_wait(ssh)) != 0) - fatal("%s: send disconnect: %s", __func__, ssh_err(r)); + fatal_fr(r, "send disconnect"); channel_free_all(ssh); @@ -1443,7 +1425,7 @@ if (have_pty && options.log_level != SYSLOG_LEVEL_QUIET) { if ((r = sshbuf_putf(stderr_buffer, "Connection to %.64s closed.\r\n", host)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "sshbuf_putf"); } /* Output any buffered data for stderr. */ @@ -1454,7 +1436,7 @@ if (len < 0 || (u_int)len != sshbuf_len(stderr_buffer)) error("Write failed flushing stderr buffer."); else if ((r = sshbuf_consume(stderr_buffer, len)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "sshbuf_consume"); } /* Clear and free any buffers. */ @@ -1491,15 +1473,15 @@ (r = sshpkt_get_cstring(ssh, &originator_address, NULL)) != 0 || (r = sshpkt_get_u32(ssh, &originator_port)) != 0 || (r = sshpkt_get_end(ssh)) != 0) - fatal("%s: parse packet: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse packet"); - debug("%s: listen %s port %d, originator %s port %d", __func__, + debug_f("listen %s port %d, originator %s port %d", listen_address, listen_port, originator_address, originator_port); if (listen_port > 0xffff) - error("%s: invalid listen port", __func__); + error_f("invalid listen port"); else if (originator_port > 0xffff) - error("%s: invalid originator port", __func__); + error_f("invalid originator port"); else { c = channel_connect_by_listen_address(ssh, listen_address, listen_port, "forwarded-tcpip", @@ -1508,7 +1490,7 @@ if (c != NULL && c->type == SSH_CHANNEL_MUX_CLIENT) { if ((b = sshbuf_new()) == NULL) { - error("%s: alloc reply", __func__); + error_f("alloc reply"); goto out; } /* reconstruct and send to muxclient */ @@ -1523,8 +1505,7 @@ (r = sshbuf_put_cstring(b, originator_address)) != 0 || (r = sshbuf_put_u32(b, originator_port)) != 0 || (r = sshbuf_put_stringb(c->output, b)) != 0) { - error("%s: compose for muxclient %s", __func__, - ssh_err(r)); + error_fr(r, "compose for muxclient"); goto out; } } @@ -1548,9 +1529,9 @@ if ((r = sshpkt_get_cstring(ssh, &listen_path, NULL)) != 0 || (r = sshpkt_get_string(ssh, NULL, NULL)) != 0 || /* reserved */ (r = sshpkt_get_end(ssh)) != 0) - fatal("%s: parse packet: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse packet"); - debug("%s: request: %s", __func__, listen_path); + debug_f("request: %s", listen_path); c = channel_connect_by_listen_path(ssh, listen_path, "forwarded-streamlocal@openssh.com", "forwarded-streamlocal"); @@ -1580,7 +1561,7 @@ if ((r = sshpkt_get_cstring(ssh, &originator, NULL)) != 0 || (r = sshpkt_get_u32(ssh, &originator_port)) != 0 || (r = sshpkt_get_end(ssh)) != 0) - fatal("%s: parse packet: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse packet"); /* XXX check permission */ /* XXX range check originator port? */ debug("client_request_x11: request from %s %u", originator, @@ -1615,8 +1596,7 @@ } if (r != 0) { if (r != SSH_ERR_AGENT_NOT_PRESENT) - debug("%s: ssh_get_authentication_socket: %s", - __func__, ssh_err(r)); + debug_fr(r, "ssh_get_authentication_socket"); return NULL; } c = channel_new(ssh, "authentication agent connection", @@ -1771,16 +1751,15 @@ exit_status = exitval; } else { /* Probably for a mux channel that has already closed */ - debug("%s: no sink for exit-status on channel %d", - __func__, id); + debug_f("no sink for exit-status on channel %d", + id); } if ((r = sshpkt_get_end(ssh)) != 0) goto out; } if (reply && c != NULL && !(c->flags & CHAN_CLOSE_SENT)) { if (!c->have_remote_id) - fatal("%s: channel %d: no remote_id", - __func__, c->self); + fatal_f("channel %d: no remote_id", c->self); if ((r = sshpkt_start(ssh, success ? SSH2_MSG_CHANNEL_SUCCESS : SSH2_MSG_CHANNEL_FAILURE)) != 0 || (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 || @@ -1881,8 +1860,8 @@ for (i = 0; i < ctx->nkeys; i++) { if (sshkey_equal(l->key, ctx->keys[i])) { ctx->other_name_seen = 1; - debug3("%s: found %s key under different " - "name/addr at %s:%ld", __func__, + debug3_f("found %s key under different " + "name/addr at %s:%ld", sshkey_ssh_name(ctx->keys[i]), l->path, l->linenum); return 0; @@ -1893,8 +1872,8 @@ /* Don't proceed if revocation or CA markers are present */ /* XXX relax this */ if (l->marker != MRK_NONE) { - debug3("%s: hostkeys file %s:%ld has CA/revocation marker", - __func__, l->path, l->linenum); + debug3_f("hostkeys file %s:%ld has CA/revocation marker", + l->path, l->linenum); ctx->complex_hostspec = 1; return 0; } @@ -1903,8 +1882,8 @@ if (ctx->ip_str != NULL && (l->match & HKF_MATCH_HOST) == 0 && strchr(l->hosts, ',') != NULL) { ctx->other_name_seen = 1; - debug3("%s: found address %s against different hostname at " - "%s:%ld", __func__, ctx->ip_str, l->path, l->linenum); + debug3_f("found address %s against different hostname at " + "%s:%ld", ctx->ip_str, l->path, l->linenum); return 0; } @@ -1913,8 +1892,8 @@ * that contain more than two entries (ssh never writes these). */ if (hostspec_is_complex(l->hosts)) { - debug3("%s: hostkeys file %s:%ld complex host specification", - __func__, l->path, l->linenum); + debug3_f("hostkeys file %s:%ld complex host specification", + l->path, l->linenum); ctx->complex_hostspec = 1; return 0; } @@ -1923,18 +1902,17 @@ for (i = 0; i < ctx->nkeys; i++) { if (!sshkey_equal(l->key, ctx->keys[i])) continue; - debug3("%s: found %s key at %s:%ld", __func__, + debug3_f("found %s key at %s:%ld", sshkey_ssh_name(ctx->keys[i]), l->path, l->linenum); ctx->keys_match[i] |= l->match; return 0; } /* This line contained a key that not offered by the server */ - debug3("%s: deprecated %s key at %s:%ld", __func__, - sshkey_ssh_name(l->key), l->path, l->linenum); + debug3_f("deprecated %s key at %s:%ld", sshkey_ssh_name(l->key), + l->path, l->linenum); if ((tmp = recallocarray(ctx->old_keys, ctx->nold, ctx->nold + 1, sizeof(*ctx->old_keys))) == NULL) - fatal("%s: recallocarray failed nold = %zu", - __func__, ctx->nold); + fatal_f("recallocarray failed nold = %zu", ctx->nold); ctx->old_keys = tmp; ctx->old_keys[ctx->nold++] = l->key; l->key = NULL; @@ -1958,7 +1936,7 @@ for (i = 0; i < ctx->nold; i++) { if (!sshkey_equal(l->key, ctx->old_keys[i])) continue; - debug3("%s: found deprecated %s key at %s:%ld as %s", __func__, + debug3_f("found deprecated %s key at %s:%ld as %s", sshkey_ssh_name(ctx->keys[i]), l->path, l->linenum, hashed ? "[HASHED]" : l->hosts); ctx->old_key_seen = 1; @@ -1978,21 +1956,21 @@ size_t i; int r; - debug2("%s: checking for %zu deprecated keys", __func__, ctx->nold); + debug2_f("checking for %zu deprecated keys", ctx->nold); for (i = 0; i < options.num_user_hostfiles; i++) { - debug3("%s: searching %s for %s / %s", __func__, + debug3_f("searching %s for %s / %s", options.user_hostfiles[i], ctx->host_str, ctx->ip_str ? ctx->ip_str : "(none)"); if ((r = hostkeys_foreach(options.user_hostfiles[i], hostkeys_check_old, ctx, ctx->host_str, ctx->ip_str, HKF_WANT_PARSE_KEY)) != 0) { if (r == SSH_ERR_SYSTEM_ERROR && errno == ENOENT) { - debug("%s: hostkeys file %s does not exist", - __func__, options.user_hostfiles[i]); + debug_f("hostkeys file %s does not exist", + options.user_hostfiles[i]); continue; } - error("%s: hostkeys_foreach failed for %s: %s", - __func__, options.user_hostfiles[i], ssh_err(r)); + error_fr(r, "hostkeys_foreach failed for %s", + options.user_hostfiles[i]); return -1; } } @@ -2022,7 +2000,7 @@ continue; if ((fp = sshkey_fingerprint(ctx->keys[i], options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) - fatal("%s: sshkey_fingerprint failed", __func__); + fatal_f("sshkey_fingerprint failed"); if (first && asking) hostkey_change_preamble(loglevel); do_log2(loglevel, "Learned new hostkey: %s %s", @@ -2033,7 +2011,7 @@ for (i = 0; i < ctx->nold; i++) { if ((fp = sshkey_fingerprint(ctx->old_keys[i], options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) - fatal("%s: sshkey_fingerprint failed", __func__); + fatal_f("sshkey_fingerprint failed"); if (first && asking) hostkey_change_preamble(loglevel); do_log2(loglevel, "Deprecating obsolete hostkey: %s %s", @@ -2082,11 +2060,12 @@ */ if (stat(options.user_hostfiles[i], &sb) != 0) { if (errno == ENOENT) { - debug("%s: known hosts file %s does not exist", - __func__, strerror(errno)); + debug_f("known hosts file %s does not " + "exist", options.user_hostfiles[i]); } else { - error("%s: known hosts file %s inaccessible", - __func__, strerror(errno)); + error_f("known hosts file %s " + "inaccessible: %s", + options.user_hostfiles[i], strerror(errno)); } continue; } @@ -2095,8 +2074,8 @@ i == 0 ? ctx->keys : NULL, i == 0 ? ctx->nkeys : 0, options.hash_known_hosts, 0, options.fingerprint_hash)) != 0) { - error("%s: hostfile_replace_entries failed for %s: %s", - __func__, options.user_hostfiles[i], ssh_err(r)); + error_fr(r, "hostfile_replace_entries failed for %s", + options.user_hostfiles[i]); } } } @@ -2113,7 +2092,7 @@ size_t siglen; if (ctx->nnew == 0) - fatal("%s: ctx->nnew == 0", __func__); /* sanity */ + fatal_f("ctx->nnew == 0"); /* sanity */ if (type != SSH2_MSG_REQUEST_SUCCESS) { error("Server failed to confirm ownership of " "private host keys"); @@ -2124,10 +2103,10 @@ sshkey_type_from_name(ssh->kex->hostkey_alg)); if ((signdata = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); /* Don't want to accidentally accept an unbound signature */ if (ssh->kex->session_id_len == 0) - fatal("%s: ssh->kex->session_id_len == 0", __func__); + fatal_f("ssh->kex->session_id_len == 0"); /* * Expect a signature for each of the ctx->nnew private keys we * haven't seen before. They will be in the same order as the @@ -2143,12 +2122,10 @@ (r = sshbuf_put_string(signdata, ssh->kex->session_id, ssh->kex->session_id_len)) != 0 || (r = sshkey_puts(ctx->keys[i], signdata)) != 0) - fatal("%s: failed to prepare signature: %s", - __func__, ssh_err(r)); + fatal_fr(r, "compose signdata"); /* Extract and verify signature */ if ((r = sshpkt_get_string_direct(ssh, &sig, &siglen)) != 0) { - error("%s: couldn't parse message: %s", - __func__, ssh_err(r)); + error_fr(r, "parse sig"); goto out; } /* @@ -2161,19 +2138,19 @@ sshbuf_ptr(signdata), sshbuf_len(signdata), use_kexsigtype ? ssh->kex->hostkey_alg : NULL, 0, NULL)) != 0) { - error("%s: server gave bad signature for %s key %zu", - __func__, sshkey_type(ctx->keys[i]), i); + error_f("server gave bad signature for %s key %zu", + sshkey_type(ctx->keys[i]), i); goto out; } /* Key is good. Mark it as 'seen' */ ctx->keys_verified[i] = 1; ndone++; } + /* Shouldn't happen */ if (ndone != ctx->nnew) - fatal("%s: ndone != ctx->nnew (%zu / %zu)", __func__, - ndone, ctx->nnew); /* Shouldn't happen */ + fatal_f("ndone != ctx->nnew (%zu / %zu)", ndone, ctx->nnew); if ((r = sshpkt_get_end(ssh)) != 0) { - error("%s: protocol error", __func__); + error_f("protocol error"); goto out; } @@ -2222,7 +2199,7 @@ u_int want; if (hostkeys_seen) - fatal("%s: server already sent hostkeys", __func__); + fatal_f("server already sent hostkeys"); if (options.update_hostkeys == SSH_UPDATE_HOSTKEYS_ASK && options.batch_mode) return 1; /* won't ask in batchmode, so don't even try */ @@ -2234,53 +2211,51 @@ sshkey_free(key); key = NULL; if ((r = sshpkt_get_string_direct(ssh, &blob, &len)) != 0) { - error("%s: couldn't parse message: %s", - __func__, ssh_err(r)); + error_fr(r, "parse key"); goto out; } if ((r = sshkey_from_blob(blob, len, &key)) != 0) { - do_log2(r == SSH_ERR_KEY_TYPE_UNKNOWN ? + do_log2_fr(r, r == SSH_ERR_KEY_TYPE_UNKNOWN ? SYSLOG_LEVEL_DEBUG1 : SYSLOG_LEVEL_ERROR, - "%s: parse key: %s", __func__, ssh_err(r)); + "convert key"); continue; } fp = sshkey_fingerprint(key, options.fingerprint_hash, SSH_FP_DEFAULT); - debug3("%s: received %s key %s", __func__, - sshkey_type(key), fp); + debug3_f("received %s key %s", sshkey_type(key), fp); free(fp); if (!key_accepted_by_hostkeyalgs(key)) { - debug3("%s: %s key not permitted by HostkeyAlgorithms", - __func__, sshkey_ssh_name(key)); + debug3_f("%s key not permitted by " + "HostkeyAlgorithms", sshkey_ssh_name(key)); continue; } /* Skip certs */ if (sshkey_is_cert(key)) { - debug3("%s: %s key is a certificate; skipping", - __func__, sshkey_ssh_name(key)); + debug3_f("%s key is a certificate; skipping", + sshkey_ssh_name(key)); continue; } /* Ensure keys are unique */ for (i = 0; i < ctx->nkeys; i++) { if (sshkey_equal(key, ctx->keys[i])) { - error("%s: received duplicated %s host key", - __func__, sshkey_ssh_name(key)); + error_f("received duplicated %s host key", + sshkey_ssh_name(key)); goto out; } } /* Key is good, record it */ if ((tmp = recallocarray(ctx->keys, ctx->nkeys, ctx->nkeys + 1, sizeof(*ctx->keys))) == NULL) - fatal("%s: recallocarray failed nkeys = %zu", - __func__, ctx->nkeys); + fatal_f("recallocarray failed nkeys = %zu", + ctx->nkeys); ctx->keys = tmp; ctx->keys[ctx->nkeys++] = key; key = NULL; } if (ctx->nkeys == 0) { - debug("%s: server sent no hostkeys", __func__); + debug_f("server sent no hostkeys"); goto out; } @@ -2288,7 +2263,7 @@ sizeof(*ctx->keys_match))) == NULL || (ctx->keys_verified = calloc(ctx->nkeys, sizeof(*ctx->keys_verified))) == NULL) - fatal("%s: calloc failed", __func__); + fatal_f("calloc failed"); get_hostfile_hostname_ipaddr(host, options.check_host_ip ? (struct sockaddr *)&hostaddr : NULL, @@ -2297,19 +2272,19 @@ /* Find which keys we already know about. */ for (i = 0; i < options.num_user_hostfiles; i++) { - debug("%s: searching %s for %s / %s", __func__, + debug_f("searching %s for %s / %s", options.user_hostfiles[i], ctx->host_str, ctx->ip_str ? ctx->ip_str : "(none)"); if ((r = hostkeys_foreach(options.user_hostfiles[i], hostkeys_find, ctx, ctx->host_str, ctx->ip_str, HKF_WANT_PARSE_KEY|HKF_WANT_MATCH)) != 0) { if (r == SSH_ERR_SYSTEM_ERROR && errno == ENOENT) { - debug("%s: hostkeys file %s does not exist", - __func__, options.user_hostfiles[i]); + debug_f("hostkeys file %s does not exist", + options.user_hostfiles[i]); continue; } - error("%s: hostkeys_foreach failed for %s: %s", - __func__, options.user_hostfiles[i], ssh_err(r)); + error_fr(r, "hostkeys_foreach failed for %s", + options.user_hostfiles[i]); goto out; } } @@ -2324,26 +2299,25 @@ ctx->nincomplete++; } - debug3("%s: %zu server keys: %zu new, %zu retained, " - "%zu incomplete match. %zu to remove", __func__, ctx->nkeys, - ctx->nnew, ctx->nkeys - ctx->nnew - ctx->nincomplete, + debug3_f("%zu server keys: %zu new, %zu retained, " + "%zu incomplete match. %zu to remove", ctx->nkeys, ctx->nnew, + ctx->nkeys - ctx->nnew - ctx->nincomplete, ctx->nincomplete, ctx->nold); if (ctx->nnew == 0 && ctx->nold == 0) { - debug("%s: no new or deprecated keys from server", __func__); + debug_f("no new or deprecated keys from server"); goto out; } /* Various reasons why we cannot proceed with the update */ if (ctx->complex_hostspec) { - debug("%s: CA/revocation marker, manual host list or wildcard " - "host pattern found, skipping UserKnownHostsFile update", - __func__); + debug_f("CA/revocation marker, manual host list or wildcard " + "host pattern found, skipping UserKnownHostsFile update"); goto out; } if (ctx->other_name_seen) { - debug("%s: host key found matching a different name/address, " - "skipping UserKnownHostsFile update", __func__); + debug_f("host key found matching a different name/address, " + "skipping UserKnownHostsFile update"); goto out; } /* @@ -2357,8 +2331,8 @@ if (check_old_keys_othernames(ctx) != 0) goto out; /* error already logged */ if (ctx->old_key_seen) { - debug("%s: key(s) for %s%s%s exist under other names; " - "skipping UserKnownHostsFile update", __func__, + debug_f("key(s) for %s%s%s exist under other names; " + "skipping UserKnownHostsFile update", ctx->host_str, ctx->ip_str == NULL ? "" : ",", ctx->ip_str == NULL ? "" : ctx->ip_str); goto out; @@ -2378,27 +2352,24 @@ * We have received previously-unseen keys from the server. * Ask the server to confirm ownership of the private halves. */ - debug3("%s: asking server to prove ownership for %zu keys", - __func__, ctx->nnew); + debug3_f("asking server to prove ownership for %zu keys", ctx->nnew); if ((r = sshpkt_start(ssh, SSH2_MSG_GLOBAL_REQUEST)) != 0 || (r = sshpkt_put_cstring(ssh, "hostkeys-prove-00@openssh.com")) != 0 || (r = sshpkt_put_u8(ssh, 1)) != 0) /* bool: want reply */ - fatal("%s: prepare hostkeys-prove: %s", __func__, ssh_err(r)); + fatal_fr(r, "prepare hostkeys-prove"); if ((buf = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new", __func__); + fatal_f("sshbuf_new"); for (i = 0; i < ctx->nkeys; i++) { if (ctx->keys_match[i]) continue; sshbuf_reset(buf); if ((r = sshkey_putb(ctx->keys[i], buf)) != 0 || - (r = sshpkt_put_stringb(ssh, buf)) != 0) { - fatal("%s: assemble hostkeys-prove: %s", - __func__, ssh_err(r)); - } + (r = sshpkt_put_stringb(ssh, buf)) != 0) + fatal_fr(r, "assemble hostkeys-prove"); } if ((r = sshpkt_send(ssh)) != 0) - fatal("%s: sshpkt_send: %s", __func__, ssh_err(r)); + fatal_fr(r, "send hostkeys-prove"); client_register_global_confirm( client_global_hostkeys_private_confirm, ctx); ctx = NULL; /* will be freed in callback */ @@ -2442,6 +2413,19 @@ return r; } +static void +client_send_env(struct ssh *ssh, int id, const char *name, const char *val) +{ + int r; + + debug("channel %d: setting env %s = \"%s\"", id, name, val); + channel_request_start(ssh, id, "env", 0); + if ((r = sshpkt_put_cstring(ssh, name)) != 0 || + (r = sshpkt_put_cstring(ssh, val)) != 0 || + (r = sshpkt_send(ssh)) != 0) + fatal_fr(r, "send setenv"); +} + void client_session2_setup(struct ssh *ssh, int id, int want_tty, int want_subsystem, const char *term, struct termios *tiop, int in_fd, struct sshbuf *cmd, @@ -2451,10 +2435,10 @@ char *name, *val; Channel *c = NULL; - debug2("%s: id %d", __func__, id); + debug2_f("id %d", id); if ((c = channel_lookup(ssh, id)) == NULL) - fatal("%s: channel %d: unknown channel", __func__, id); + fatal_f("channel %d: unknown channel", id); ssh_packet_set_interactive(ssh, want_tty, options.ip_qos_interactive, options.ip_qos_bulk); @@ -2474,12 +2458,12 @@ (r = sshpkt_put_u32(ssh, (u_int)ws.ws_row)) != 0 || (r = sshpkt_put_u32(ssh, (u_int)ws.ws_xpixel)) != 0 || (r = sshpkt_put_u32(ssh, (u_int)ws.ws_ypixel)) != 0) - fatal("%s: build packet: %s", __func__, ssh_err(r)); + fatal_fr(r, "build pty-req"); if (tiop == NULL) tiop = get_saved_tio(); ssh_tty_make_modes(ssh, -1, tiop); if ((r = sshpkt_send(ssh)) != 0) - fatal("%s: send packet: %s", __func__, ssh_err(r)); + fatal_fr(r, "send pty-req"); /* XXX wait for reply */ c->client_tty = 1; } @@ -2508,15 +2492,7 @@ free(name); continue; } - - debug("Sending env %s = %s", name, val); - channel_request_start(ssh, id, "env", 0); - if ((r = sshpkt_put_cstring(ssh, name)) != 0 || - (r = sshpkt_put_cstring(ssh, val)) != 0 || - (r = sshpkt_send(ssh)) != 0) { - fatal("%s: send packet: %s", - __func__, ssh_err(r)); - } + client_send_env(ssh, id, name, val); free(name); } } @@ -2528,13 +2504,7 @@ continue; } *val++ = '\0'; - - debug("Setting env %s = %s", name, val); - channel_request_start(ssh, id, "env", 0); - if ((r = sshpkt_put_cstring(ssh, name)) != 0 || - (r = sshpkt_put_cstring(ssh, val)) != 0 || - (r = sshpkt_send(ssh)) != 0) - fatal("%s: send packet: %s", __func__, ssh_err(r)); + client_send_env(ssh, id, name, val); free(name); } @@ -2556,14 +2526,12 @@ } if ((r = sshpkt_put_stringb(ssh, cmd)) != 0 || (r = sshpkt_send(ssh)) != 0) - fatal("%s: send command: %s", __func__, ssh_err(r)); + fatal_fr(r, "send command"); } else { channel_request_start(ssh, id, "shell", 1); client_expect_confirm(ssh, id, "shell", CONFIRM_CLOSE); - if ((r = sshpkt_send(ssh)) != 0) { - fatal("%s: send shell request: %s", - __func__, ssh_err(r)); - } + if ((r = sshpkt_send(ssh)) != 0) + fatal_fr(r, "send shell"); } }