=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/monitor.c,v retrieving revision 1.55.2.2 retrieving revision 1.56 diff -u -r1.55.2.2 -r1.56 --- src/usr.bin/ssh/monitor.c 2005/03/10 17:15:04 1.55.2.2 +++ src/usr.bin/ssh/monitor.c 2004/05/09 01:19:27 1.56 @@ -25,7 +25,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: monitor.c,v 1.55.2.2 2005/03/10 17:15:04 brad Exp $"); +RCSID("$OpenBSD: monitor.c,v 1.56 2004/05/09 01:19:27 djm Exp $"); #include @@ -73,7 +73,6 @@ extern Buffer input, output; extern Buffer auth_debug; extern int auth_debug_init; -extern Buffer loginmsg; /* State exported from the child */ @@ -308,9 +307,9 @@ } static void -monitor_child_handler(int sig) +monitor_child_handler(int signal) { - kill(monitor_child_pid, sig); + kill(monitor_child_pid, signal); } void @@ -425,7 +424,7 @@ } int -mm_answer_moduli(int sock, Buffer *m) +mm_answer_moduli(int socket, Buffer *m) { DH *dh; int min, want, max; @@ -455,12 +454,12 @@ DH_free(dh); } - mm_request_send(sock, MONITOR_ANS_MODULI, m); + mm_request_send(socket, MONITOR_ANS_MODULI, m); return (0); } int -mm_answer_sign(int sock, Buffer *m) +mm_answer_sign(int socket, Buffer *m) { Key *key; u_char *p; @@ -496,7 +495,7 @@ xfree(p); xfree(signature); - mm_request_send(sock, MONITOR_ANS_SIGN, m); + mm_request_send(socket, MONITOR_ANS_SIGN, m); /* Turn on permissions for getpwnam */ monitor_permit(mon_dispatch, MONITOR_REQ_PWNAM, 1); @@ -507,9 +506,9 @@ /* Retrieves the password entry and also checks if the user is permitted */ int -mm_answer_pwnamallow(int sock, Buffer *m) +mm_answer_pwnamallow(int socket, Buffer *m) { - char *username; + char *login; struct passwd *pwent; int allowed = 0; @@ -518,13 +517,13 @@ if (authctxt->attempt++ != 0) fatal("%s: multiple attempts for getpwnam", __func__); - username = buffer_get_string(m, NULL); + login = buffer_get_string(m, NULL); - pwent = getpwnamallow(username); + pwent = getpwnamallow(login); - authctxt->user = xstrdup(username); - setproctitle("%s [priv]", pwent ? username : "unknown"); - xfree(username); + authctxt->user = xstrdup(login); + setproctitle("%s [priv]", pwent ? login : "unknown"); + xfree(login); buffer_clear(m); @@ -549,7 +548,7 @@ out: debug3("%s: sending MONITOR_ANS_PWNAM: %d", __func__, allowed); - mm_request_send(sock, MONITOR_ANS_PWNAM, m); + mm_request_send(socket, MONITOR_ANS_PWNAM, m); /* For SSHv1 allow authentication now */ if (!compat20) @@ -564,14 +563,14 @@ return (0); } -int mm_answer_auth2_read_banner(int sock, Buffer *m) +int mm_answer_auth2_read_banner(int socket, Buffer *m) { char *banner; buffer_clear(m); banner = auth2_read_banner(); buffer_put_cstring(m, banner != NULL ? banner : ""); - mm_request_send(sock, MONITOR_ANS_AUTH2_READ_BANNER, m); + mm_request_send(socket, MONITOR_ANS_AUTH2_READ_BANNER, m); if (banner != NULL) xfree(banner); @@ -580,7 +579,7 @@ } int -mm_answer_authserv(int sock, Buffer *m) +mm_answer_authserv(int socket, Buffer *m) { monitor_permit_authentications(1); @@ -598,7 +597,7 @@ } int -mm_answer_authpassword(int sock, Buffer *m) +mm_answer_authpassword(int socket, Buffer *m) { static int call_count; char *passwd; @@ -616,7 +615,7 @@ buffer_put_int(m, authenticated); debug3("%s: sending result %d", __func__, authenticated); - mm_request_send(sock, MONITOR_ANS_AUTHPASSWORD, m); + mm_request_send(socket, MONITOR_ANS_AUTHPASSWORD, m); call_count++; if (plen == 0 && call_count == 1) @@ -630,7 +629,7 @@ #ifdef BSD_AUTH int -mm_answer_bsdauthquery(int sock, Buffer *m) +mm_answer_bsdauthquery(int socket, Buffer *m) { char *name, *infotxt; u_int numprompts; @@ -647,7 +646,7 @@ buffer_put_cstring(m, prompts[0]); debug3("%s: sending challenge success: %u", __func__, success); - mm_request_send(sock, MONITOR_ANS_BSDAUTHQUERY, m); + mm_request_send(socket, MONITOR_ANS_BSDAUTHQUERY, m); if (success) { xfree(name); @@ -660,7 +659,7 @@ } int -mm_answer_bsdauthrespond(int sock, Buffer *m) +mm_answer_bsdauthrespond(int socket, Buffer *m) { char *response; int authok; @@ -679,7 +678,7 @@ buffer_put_int(m, authok); debug3("%s: sending authenticated: %d", __func__, authok); - mm_request_send(sock, MONITOR_ANS_BSDAUTHRESPOND, m); + mm_request_send(socket, MONITOR_ANS_BSDAUTHRESPOND, m); auth_method = "bsdauth"; @@ -689,7 +688,7 @@ #ifdef SKEY int -mm_answer_skeyquery(int sock, Buffer *m) +mm_answer_skeyquery(int socket, Buffer *m) { struct skey skey; char challenge[1024]; @@ -703,13 +702,13 @@ buffer_put_cstring(m, challenge); debug3("%s: sending challenge success: %u", __func__, success); - mm_request_send(sock, MONITOR_ANS_SKEYQUERY, m); + mm_request_send(socket, MONITOR_ANS_SKEYQUERY, m); return (0); } int -mm_answer_skeyrespond(int sock, Buffer *m) +mm_answer_skeyrespond(int socket, Buffer *m) { char *response; int authok; @@ -727,7 +726,7 @@ buffer_put_int(m, authok); debug3("%s: sending authenticated: %d", __func__, authok); - mm_request_send(sock, MONITOR_ANS_SKEYRESPOND, m); + mm_request_send(socket, MONITOR_ANS_SKEYRESPOND, m); auth_method = "skey"; @@ -747,7 +746,7 @@ } int -mm_answer_keyallowed(int sock, Buffer *m) +mm_answer_keyallowed(int socket, Buffer *m) { Key *key; char *cuser, *chost; @@ -817,7 +816,7 @@ mm_append_debug(m); - mm_request_send(sock, MONITOR_ANS_KEYALLOWED, m); + mm_request_send(socket, MONITOR_ANS_KEYALLOWED, m); if (type == MM_RSAHOSTKEY) monitor_permit(mon_dispatch, MONITOR_REQ_RSACHALLENGE, allowed); @@ -938,7 +937,7 @@ } int -mm_answer_keyverify(int sock, Buffer *m) +mm_answer_keyverify(int socket, Buffer *m) { Key *key; u_char *signature, *data, *blob; @@ -988,7 +987,7 @@ buffer_clear(m); buffer_put_int(m, verified); - mm_request_send(sock, MONITOR_ANS_KEYVERIFY, m); + mm_request_send(socket, MONITOR_ANS_KEYVERIFY, m); return (verified); } @@ -1030,7 +1029,7 @@ } int -mm_answer_pty(int sock, Buffer *m) +mm_answer_pty(int socket, Buffer *m) { extern struct monitor *pmonitor; Session *s; @@ -1052,7 +1051,11 @@ buffer_put_int(m, 1); buffer_put_cstring(m, s->tty); + mm_request_send(socket, MONITOR_ANS_PTY, m); + mm_send_fd(socket, s->ptyfd); + mm_send_fd(socket, s->ttyfd); + /* We need to trick ttyslot */ if (dup2(s->ttyfd, 0) == -1) fatal("%s: dup2", __func__); @@ -1062,15 +1065,6 @@ /* Now we can close the file descriptor again */ close(0); - /* send messages generated by record_login */ - buffer_put_string(m, buffer_ptr(&loginmsg), buffer_len(&loginmsg)); - buffer_clear(&loginmsg); - - mm_request_send(sock, MONITOR_ANS_PTY, m); - - mm_send_fd(sock, s->ptyfd); - mm_send_fd(sock, s->ttyfd); - /* make sure nothing uses fd 0 */ if ((fd0 = open(_PATH_DEVNULL, O_RDONLY)) < 0) fatal("%s: open(/dev/null): %s", __func__, strerror(errno)); @@ -1091,12 +1085,12 @@ if (s != NULL) mm_session_close(s); buffer_put_int(m, 0); - mm_request_send(sock, MONITOR_ANS_PTY, m); + mm_request_send(socket, MONITOR_ANS_PTY, m); return (0); } int -mm_answer_pty_cleanup(int sock, Buffer *m) +mm_answer_pty_cleanup(int socket, Buffer *m) { Session *s; char *tty; @@ -1112,13 +1106,13 @@ } int -mm_answer_sesskey(int sock, Buffer *m) +mm_answer_sesskey(int socket, Buffer *m) { BIGNUM *p; int rsafail; /* Turn off permissions */ - monitor_permit(mon_dispatch, MONITOR_REQ_SESSKEY, 0); + monitor_permit(mon_dispatch, MONITOR_REQ_SESSKEY, 1); if ((p = BN_new()) == NULL) fatal("%s: BN_new", __func__); @@ -1133,7 +1127,7 @@ BN_clear_free(p); - mm_request_send(sock, MONITOR_ANS_SESSKEY, m); + mm_request_send(socket, MONITOR_ANS_SESSKEY, m); /* Turn on permissions for sessid passing */ monitor_permit(mon_dispatch, MONITOR_REQ_SESSID, 1); @@ -1142,7 +1136,7 @@ } int -mm_answer_sessid(int sock, Buffer *m) +mm_answer_sessid(int socket, Buffer *m) { int i; @@ -1160,7 +1154,7 @@ } int -mm_answer_rsa_keyallowed(int sock, Buffer *m) +mm_answer_rsa_keyallowed(int socket, Buffer *m) { BIGNUM *client_n; Key *key = NULL; @@ -1200,7 +1194,7 @@ mm_append_debug(m); - mm_request_send(sock, MONITOR_ANS_RSAKEYALLOWED, m); + mm_request_send(socket, MONITOR_ANS_RSAKEYALLOWED, m); monitor_permit(mon_dispatch, MONITOR_REQ_RSACHALLENGE, allowed); monitor_permit(mon_dispatch, MONITOR_REQ_RSARESPONSE, 0); @@ -1208,7 +1202,7 @@ } int -mm_answer_rsa_challenge(int sock, Buffer *m) +mm_answer_rsa_challenge(int socket, Buffer *m) { Key *key = NULL; u_char *blob; @@ -1234,7 +1228,7 @@ buffer_put_bignum2(m, ssh1_challenge); debug3("%s sending reply", __func__); - mm_request_send(sock, MONITOR_ANS_RSACHALLENGE, m); + mm_request_send(socket, MONITOR_ANS_RSACHALLENGE, m); monitor_permit(mon_dispatch, MONITOR_REQ_RSARESPONSE, 1); @@ -1244,7 +1238,7 @@ } int -mm_answer_rsa_response(int sock, Buffer *m) +mm_answer_rsa_response(int socket, Buffer *m) { Key *key = NULL; u_char *blob, *response; @@ -1283,13 +1277,13 @@ buffer_clear(m); buffer_put_int(m, success); - mm_request_send(sock, MONITOR_ANS_RSARESPONSE, m); + mm_request_send(socket, MONITOR_ANS_RSARESPONSE, m); return (success); } int -mm_answer_term(int sock, Buffer *req) +mm_answer_term(int socket, Buffer *req) { extern struct monitor *pmonitor; int res, status; @@ -1306,7 +1300,7 @@ res = WIFEXITED(status) ? WEXITSTATUS(status) : 1; /* Terminate process */ - exit(res); + exit (res); } void @@ -1373,7 +1367,6 @@ fatal("mm_get_get: internal error: bad session id"); kex->we_need = buffer_get_int(m); kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; - kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; kex->server = 1; kex->hostkey_type = buffer_get_int(m); @@ -1562,23 +1555,23 @@ #ifdef GSSAPI int -mm_answer_gss_setup_ctx(int sock, Buffer *m) +mm_answer_gss_setup_ctx(int socket, Buffer *m) { - gss_OID_desc goid; + gss_OID_desc oid; OM_uint32 major; u_int len; - goid.elements = buffer_get_string(m, &len); - goid.length = len; + oid.elements = buffer_get_string(m, &len); + oid.length = len; - major = ssh_gssapi_server_ctx(&gsscontext, &goid); + major = ssh_gssapi_server_ctx(&gsscontext, &oid); - xfree(goid.elements); + xfree(oid.elements); buffer_clear(m); buffer_put_int(m, major); - mm_request_send(sock,MONITOR_ANS_GSSSETUP, m); + mm_request_send(socket,MONITOR_ANS_GSSSETUP, m); /* Now we have a context, enable the step */ monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 1); @@ -1587,7 +1580,7 @@ } int -mm_answer_gss_accept_ctx(int sock, Buffer *m) +mm_answer_gss_accept_ctx(int socket, Buffer *m) { gss_buffer_desc in; gss_buffer_desc out = GSS_C_EMPTY_BUFFER; @@ -1604,7 +1597,7 @@ buffer_put_int(m, major); buffer_put_string(m, out.value, out.length); buffer_put_int(m, flags); - mm_request_send(sock, MONITOR_ANS_GSSSTEP, m); + mm_request_send(socket, MONITOR_ANS_GSSSTEP, m); gss_release_buffer(&minor, &out); @@ -1617,7 +1610,7 @@ } int -mm_answer_gss_checkmic(int sock, Buffer *m) +mm_answer_gss_checkmic(int socket, Buffer *m) { gss_buffer_desc gssbuf, mic; OM_uint32 ret; @@ -1636,7 +1629,7 @@ buffer_clear(m); buffer_put_int(m, ret); - mm_request_send(sock, MONITOR_ANS_GSSCHECKMIC, m); + mm_request_send(socket, MONITOR_ANS_GSSCHECKMIC, m); if (!GSS_ERROR(ret)) monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1); @@ -1645,7 +1638,7 @@ } int -mm_answer_gss_userok(int sock, Buffer *m) +mm_answer_gss_userok(int socket, Buffer *m) { int authenticated; @@ -1655,7 +1648,7 @@ buffer_put_int(m, authenticated); debug3("%s: sending result %d", __func__, authenticated); - mm_request_send(sock, MONITOR_ANS_GSSUSEROK, m); + mm_request_send(socket, MONITOR_ANS_GSSUSEROK, m); auth_method="gssapi-with-mic";