=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/monitor_wrap.c,v retrieving revision 1.102 retrieving revision 1.103 diff -u -r1.102 -r1.103 --- src/usr.bin/ssh/monitor_wrap.c 2018/07/09 21:26:02 1.102 +++ src/usr.bin/ssh/monitor_wrap.c 2018/07/09 21:53:45 1.103 @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_wrap.c,v 1.102 2018/07/09 21:26:02 markus Exp $ */ +/* $OpenBSD: monitor_wrap.c,v 1.103 2018/07/09 21:53:45 markus Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -46,7 +46,7 @@ #ifdef WITH_OPENSSL #include "dh.h" #endif -#include "buffer.h" +#include "sshbuf.h" #include "key.h" #include "cipher.h" #include "kex.h" @@ -82,27 +82,28 @@ void mm_log_handler(LogLevel level, const char *msg, void *ctx) { - Buffer log_msg; + struct sshbuf *log_msg; struct monitor *mon = (struct monitor *)ctx; + int r; + size_t len; if (mon->m_log_sendfd == -1) fatal("%s: no log channel", __func__); - buffer_init(&log_msg); - /* - * Placeholder for packet length. Will be filled in with the actual - * packet length once the packet has been constucted. This saves - * fragile math. - */ - buffer_put_int(&log_msg, 0); + if ((log_msg = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); - buffer_put_int(&log_msg, level); - buffer_put_cstring(&log_msg, msg); - put_u32(buffer_ptr(&log_msg), buffer_len(&log_msg) - 4); - if (atomicio(vwrite, mon->m_log_sendfd, buffer_ptr(&log_msg), - buffer_len(&log_msg)) != buffer_len(&log_msg)) + if ((r = sshbuf_put_u32(log_msg, 0)) != 0 || /* length; filled below */ + (r = sshbuf_put_u32(log_msg, level)) != 0 || + (r = sshbuf_put_cstring(log_msg, msg)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + if ((len = sshbuf_len(log_msg)) < 4 || len > 0xffffffff) + fatal("%s: bad length %zu", __func__, len); + POKE_U32(sshbuf_mutable_ptr(log_msg), len - 4); + if (atomicio(vwrite, mon->m_log_sendfd, + sshbuf_mutable_ptr(log_msg), len) != len) fatal("%s: write: %s", __func__, strerror(errno)); - buffer_free(&log_msg); + sshbuf_free(log_msg); } int @@ -116,26 +117,29 @@ } void -mm_request_send(int sock, enum monitor_reqtype type, Buffer *m) +mm_request_send(int sock, enum monitor_reqtype type, struct sshbuf *m) { - u_int mlen = buffer_len(m); + size_t mlen = sshbuf_len(m); u_char buf[5]; debug3("%s entering: type %d", __func__, type); - put_u32(buf, mlen + 1); + if (mlen >= 0xffffffff) + fatal("%s: bad length %zu", __func__, mlen); + POKE_U32(buf, mlen + 1); buf[4] = (u_char) type; /* 1st byte of payload is mesg-type */ if (atomicio(vwrite, sock, buf, sizeof(buf)) != sizeof(buf)) fatal("%s: write: %s", __func__, strerror(errno)); - if (atomicio(vwrite, sock, buffer_ptr(m), mlen) != mlen) + if (atomicio(vwrite, sock, sshbuf_mutable_ptr(m), mlen) != mlen) fatal("%s: write: %s", __func__, strerror(errno)); } void -mm_request_receive(int sock, Buffer *m) +mm_request_receive(int sock, struct sshbuf *m) { - u_char buf[4]; + u_char buf[4], *p = NULL; u_int msg_len; + int r; debug3("%s entering", __func__); @@ -144,24 +148,27 @@ cleanup_exit(255); fatal("%s: read: %s", __func__, strerror(errno)); } - msg_len = get_u32(buf); + msg_len = PEEK_U32(buf); if (msg_len > 256 * 1024) fatal("%s: read: bad msg_len %d", __func__, msg_len); - buffer_clear(m); - buffer_append_space(m, msg_len); - if (atomicio(read, sock, buffer_ptr(m), msg_len) != msg_len) + sshbuf_reset(m); + if ((r = sshbuf_reserve(m, msg_len, &p)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + if (atomicio(read, sock, p, msg_len) != msg_len) fatal("%s: read: %s", __func__, strerror(errno)); } void -mm_request_receive_expect(int sock, enum monitor_reqtype type, Buffer *m) +mm_request_receive_expect(int sock, enum monitor_reqtype type, struct sshbuf *m) { u_char rtype; + int r; debug3("%s entering: type %d", __func__, type); mm_request_receive(sock, m); - rtype = buffer_get_char(m); + if ((r = sshbuf_get_u8(m, &rtype)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); if (rtype != type) fatal("%s: read: rtype %d != type %d", __func__, rtype, type); @@ -172,20 +179,24 @@ mm_choose_dh(int min, int nbits, int max) { BIGNUM *p, *g; - int success = 0; - Buffer m; + int r; + u_char success = 0; + struct sshbuf *m; - buffer_init(&m); - buffer_put_int(&m, min); - buffer_put_int(&m, nbits); - buffer_put_int(&m, max); + if ((m = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + if ((r = sshbuf_put_u32(m, min)) != 0 || + (r = sshbuf_put_u32(m, nbits)) != 0 || + (r = sshbuf_put_u32(m, max)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_MODULI, &m); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_MODULI, m); debug3("%s: waiting for MONITOR_ANS_MODULI", __func__); - mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_MODULI, &m); + mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_MODULI, m); - success = buffer_get_char(&m); + if ((r = sshbuf_get_u8(m, &success)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); if (success == 0) fatal("%s: MONITOR_ANS_MODULI failed", __func__); @@ -193,11 +204,12 @@ fatal("%s: BN_new failed", __func__); if ((g = BN_new()) == NULL) fatal("%s: BN_new failed", __func__); - buffer_get_bignum2(&m, p); - buffer_get_bignum2(&m, g); + if ((r = sshbuf_get_bignum2(m, p)) != 0 || + (r = sshbuf_get_bignum2(m, g)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); - debug3("%s: remaining %d", __func__, buffer_len(&m)); - buffer_free(&m); + debug3("%s: remaining %zu", __func__, sshbuf_len(m)); + sshbuf_free(m); return (dh_new_group(g, p)); } @@ -208,21 +220,30 @@ const u_char *data, u_int datalen, const char *hostkey_alg) { struct kex *kex = *pmonitor->m_pkex; - Buffer m; + struct sshbuf *m; + size_t xxxlen; + u_int ndx = kex->host_key_index(key, 0, active_state); + int r; debug3("%s entering", __func__); - buffer_init(&m); - buffer_put_int(&m, kex->host_key_index(key, 0, active_state)); - buffer_put_string(&m, data, datalen); - buffer_put_cstring(&m, hostkey_alg); + if ((m = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + if ((r = sshbuf_put_u32(m, ndx)) != 0 || + (r = sshbuf_put_string(m, data, datalen)) != 0 || + (r = sshbuf_put_cstring(m, hostkey_alg)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SIGN, &m); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SIGN, m); debug3("%s: waiting for MONITOR_ANS_SIGN", __func__); - mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_SIGN, &m); - *sigp = buffer_get_string(&m, lenp); - buffer_free(&m); + mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_SIGN, m); + if ((r = sshbuf_get_string(m, sigp, &xxxlen)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + if (xxxlen > 0xffffffff) + fatal("%s: bad length %zu", __func__, xxxlen); + *lenp = xxxlen; /* XXX fix API: size_t vs u_int */ + sshbuf_free(m); return (0); } @@ -231,50 +252,76 @@ mm_getpwnamallow(const char *username) { struct ssh *ssh = active_state; /* XXX */ - Buffer m; + struct sshbuf *m; struct passwd *pw; - u_int len, i; + size_t len; + u_int i; ServerOptions *newopts; + int r; + u_char ok; + const u_char *p; debug3("%s entering", __func__); - buffer_init(&m); - buffer_put_cstring(&m, username); + if ((m = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + if ((r = sshbuf_put_cstring(m, username)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PWNAM, &m); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PWNAM, m); debug3("%s: waiting for MONITOR_ANS_PWNAM", __func__); - mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PWNAM, &m); + mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PWNAM, m); - if (buffer_get_char(&m) == 0) { + if ((r = sshbuf_get_u8(m, &ok)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + if (ok == 0) { pw = NULL; goto out; } - pw = buffer_get_string(&m, &len); - if (len != sizeof(struct passwd)) + + /* XXX don't like passing struct passwd like this */ + pw = xcalloc(sizeof(*pw), 1); + if ((r = sshbuf_get_string_direct(m, &p, &len)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + if (len != sizeof(*pw)) fatal("%s: struct passwd size mismatch", __func__); - pw->pw_name = buffer_get_string(&m, NULL); - pw->pw_passwd = buffer_get_string(&m, NULL); - pw->pw_gecos = buffer_get_string(&m, NULL); - pw->pw_class = buffer_get_string(&m, NULL); - pw->pw_dir = buffer_get_string(&m, NULL); - pw->pw_shell = buffer_get_string(&m, NULL); + memcpy(pw, p, sizeof(*pw)); + if ((r = sshbuf_get_cstring(m, &pw->pw_name, NULL)) != 0 || + (r = sshbuf_get_cstring(m, &pw->pw_passwd, NULL)) != 0 || + (r = sshbuf_get_cstring(m, &pw->pw_gecos, NULL)) != 0 || + (r = sshbuf_get_cstring(m, &pw->pw_class, NULL)) != 0 || + (r = sshbuf_get_cstring(m, &pw->pw_dir, NULL)) != 0 || + (r = sshbuf_get_cstring(m, &pw->pw_shell, NULL)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + out: /* copy options block as a Match directive may have changed some */ - newopts = buffer_get_string(&m, &len); + if ((r = sshbuf_get_string_direct(m, &p, &len)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); if (len != sizeof(*newopts)) fatal("%s: option block size mismatch", __func__); + newopts = xcalloc(sizeof(*newopts), 1); + memcpy(newopts, p, sizeof(*newopts)); #define M_CP_STROPT(x) do { \ - if (newopts->x != NULL) \ - newopts->x = buffer_get_string(&m, NULL); \ + if (newopts->x != NULL) { \ + if ((r = sshbuf_get_cstring(m, \ + &newopts->x, NULL)) != 0) \ + fatal("%s: buffer error: %s", \ + __func__, ssh_err(r)); \ + } \ } while (0) #define M_CP_STRARRAYOPT(x, nx) do { \ newopts->x = newopts->nx == 0 ? \ NULL : xcalloc(newopts->nx, sizeof(*newopts->x)); \ - for (i = 0; i < newopts->nx; i++) \ - newopts->x[i] = buffer_get_string(&m, NULL); \ + for (i = 0; i < newopts->nx; i++) { \ + if ((r = sshbuf_get_cstring(m, \ + &newopts->x[i], NULL)) != 0) \ + fatal("%s: buffer error: %s", \ + __func__, ssh_err(r)); \ + } \ } while (0) /* See comment in servconf.h */ COPY_MATCH_STRING_OPTS(); @@ -286,7 +333,7 @@ process_permitopen(ssh, &options); free(newopts); - buffer_free(&m); + sshbuf_free(m); return (pw); } @@ -294,19 +341,22 @@ char * mm_auth2_read_banner(void) { - Buffer m; + struct sshbuf *m; char *banner; + int r; debug3("%s entering", __func__); - buffer_init(&m); - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTH2_READ_BANNER, &m); - buffer_clear(&m); + if ((m = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTH2_READ_BANNER, m); + sshbuf_reset(m); mm_request_receive_expect(pmonitor->m_recvfd, - MONITOR_ANS_AUTH2_READ_BANNER, &m); - banner = buffer_get_string(&m, NULL); - buffer_free(&m); + MONITOR_ANS_AUTH2_READ_BANNER, m); + if ((r = sshbuf_get_cstring(m, &banner, NULL)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + sshbuf_free(m); /* treat empty banner as missing banner */ if (strlen(banner) == 0) { @@ -321,38 +371,45 @@ void mm_inform_authserv(char *service, char *style) { - Buffer m; + struct sshbuf *m; + int r; debug3("%s entering", __func__); - buffer_init(&m); - buffer_put_cstring(&m, service); - buffer_put_cstring(&m, style ? style : ""); + if ((m = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + if ((r = sshbuf_put_cstring(m, service)) != 0 || + (r = sshbuf_put_cstring(m, style ? style : "")) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHSERV, &m); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHSERV, m); - buffer_free(&m); + sshbuf_free(m); } /* Do the password authentication */ int mm_auth_password(struct ssh *ssh, char *password) { - Buffer m; - int authenticated = 0; + struct sshbuf *m; + int r, authenticated = 0; debug3("%s entering", __func__); - buffer_init(&m); - buffer_put_cstring(&m, password); - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHPASSWORD, &m); + if ((m = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + if ((r = sshbuf_put_cstring(m, password)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHPASSWORD, m); debug3("%s: waiting for MONITOR_ANS_AUTHPASSWORD", __func__); - mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUTHPASSWORD, &m); + mm_request_receive_expect(pmonitor->m_recvfd, + MONITOR_ANS_AUTHPASSWORD, m); - authenticated = buffer_get_int(&m); + if ((r = sshbuf_get_u32(m, &authenticated)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); - buffer_free(&m); + sshbuf_free(m); debug3("%s: user %sauthenticated", __func__, authenticated ? "" : "not "); @@ -378,9 +435,7 @@ mm_key_allowed(enum mm_keytype type, const char *user, const char *host, struct sshkey *key, int pubkey_auth_attempt, struct sshauthopt **authoptp) { - Buffer m; - u_char *blob; - u_int len; + struct sshbuf *m; int r, allowed = 0; struct sshauthopt *opts = NULL; @@ -389,31 +444,29 @@ if (authoptp != NULL) *authoptp = NULL; - /* Convert the key to a blob and the pass it over */ - if (!key_to_blob(key, &blob, &len)) - return 0; + if ((m = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + if ((r = sshbuf_put_u32(m, type)) != 0 || + (r = sshbuf_put_cstring(m, user ? user : "")) != 0 || + (r = sshbuf_put_cstring(m, host ? host : "")) != 0 || + (r = sshkey_puts(key, m)) != 0 || + (r = sshbuf_put_u32(m, pubkey_auth_attempt)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); - buffer_init(&m); - buffer_put_int(&m, type); - buffer_put_cstring(&m, user ? user : ""); - buffer_put_cstring(&m, host ? host : ""); - buffer_put_string(&m, blob, len); - buffer_put_int(&m, pubkey_auth_attempt); - free(blob); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYALLOWED, m); - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYALLOWED, &m); - debug3("%s: waiting for MONITOR_ANS_KEYALLOWED", __func__); mm_request_receive_expect(pmonitor->m_recvfd, - MONITOR_ANS_KEYALLOWED, &m); + MONITOR_ANS_KEYALLOWED, m); - allowed = buffer_get_int(&m); + if ((r = sshbuf_get_u32(m, &allowed)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); if (allowed && type == MM_USERKEY) { - if ((r = sshauthopt_deserialise(&m, &opts)) != 0) + if ((r = sshauthopt_deserialise(m, &opts)) != 0) fatal("%s: sshauthopt_deserialise: %s", __func__, ssh_err(r)); } - buffer_free(&m); + sshbuf_free(m); if (authoptp != NULL) { *authoptp = opts; @@ -434,32 +487,31 @@ mm_sshkey_verify(const struct sshkey *key, const u_char *sig, size_t siglen, const u_char *data, size_t datalen, const char *sigalg, u_int compat) { - Buffer m; - u_char *blob; - u_int len; + struct sshbuf *m; u_int encoded_ret = 0; + int r; debug3("%s entering", __func__); - /* Convert the key to a blob and the pass it over */ - if (!key_to_blob(key, &blob, &len)) - return (0); - buffer_init(&m); - buffer_put_string(&m, blob, len); - buffer_put_string(&m, sig, siglen); - buffer_put_string(&m, data, datalen); - buffer_put_cstring(&m, sigalg == NULL ? "" : sigalg); - free(blob); + if ((m = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + if ((r = sshkey_puts(key, m)) != 0 || + (r = sshbuf_put_string(m, sig, siglen)) != 0 || + (r = sshbuf_put_string(m, data, datalen)) != 0 || + (r = sshbuf_put_cstring(m, sigalg == NULL ? "" : sigalg)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYVERIFY, &m); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYVERIFY, m); debug3("%s: waiting for MONITOR_ANS_KEYVERIFY", __func__); - mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_KEYVERIFY, &m); + mm_request_receive_expect(pmonitor->m_recvfd, + MONITOR_ANS_KEYVERIFY, m); - encoded_ret = buffer_get_int(&m); + if ((r = sshbuf_get_u32(m, &encoded_ret)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); - buffer_free(&m); + sshbuf_free(m); if (encoded_ret != 0) return SSH_ERR_SIGNATURE_INVALID; @@ -486,7 +538,7 @@ int mm_pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, size_t namebuflen) { - Buffer m; + struct sshbuf *m; char *p, *msg; int success = 0, tmp1 = -1, tmp2 = -1, r; @@ -503,21 +555,24 @@ close(tmp1); close(tmp2); - buffer_init(&m); - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PTY, &m); + if ((m = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PTY, m); debug3("%s: waiting for MONITOR_ANS_PTY", __func__); - mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PTY, &m); + mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PTY, m); - success = buffer_get_int(&m); + if ((r = sshbuf_get_u32(m, &success)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); if (success == 0) { debug3("%s: pty alloc failed", __func__); - buffer_free(&m); + sshbuf_free(m); return (0); } - p = buffer_get_string(&m, NULL); - msg = buffer_get_string(&m, NULL); - buffer_free(&m); + if ((r = sshbuf_get_cstring(m, &p, NULL)) != 0 || + (r = sshbuf_get_cstring(m, &msg, NULL)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + sshbuf_free(m); strlcpy(namebuf, p, namebuflen); /* Possible truncation */ free(p); @@ -537,14 +592,17 @@ void mm_session_pty_cleanup2(Session *s) { - Buffer m; + struct sshbuf *m; + int r; if (s->ttyfd == -1) return; - buffer_init(&m); - buffer_put_cstring(&m, s->tty); - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PTYCLEANUP, &m); - buffer_free(&m); + if ((m = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + if ((r = sshbuf_put_cstring(m, s->tty)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PTYCLEANUP, m); + sshbuf_free(m); /* closed dup'ed master */ if (s->ptymaster != -1 && close(s->ptymaster) < 0) @@ -560,11 +618,12 @@ void mm_terminate(void) { - Buffer m; + struct sshbuf *m; - buffer_init(&m); - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_TERM, &m); - buffer_free(&m); + if ((m = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_TERM, m); + sshbuf_free(m); } static void @@ -583,27 +642,31 @@ mm_bsdauth_query(void *ctx, char **name, char **infotxt, u_int *numprompts, char ***prompts, u_int **echo_on) { - Buffer m; + struct sshbuf *m; u_int success; char *challenge; + int r; debug3("%s: entering", __func__); - buffer_init(&m); - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_BSDAUTHQUERY, &m); + if ((m = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_BSDAUTHQUERY, m); - mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_BSDAUTHQUERY, - &m); - success = buffer_get_int(&m); + mm_request_receive_expect(pmonitor->m_recvfd, + MONITOR_ANS_BSDAUTHQUERY, m); + if ((r = sshbuf_get_u32(m, &success)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); if (success == 0) { debug3("%s: no challenge", __func__); - buffer_free(&m); + sshbuf_free(m); return (-1); } /* Get the challenge, and format the response */ - challenge = buffer_get_string(&m, NULL); - buffer_free(&m); + if ((r = sshbuf_get_cstring(m, &challenge, NULL)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + sshbuf_free(m); mm_chall_setup(name, infotxt, numprompts, prompts, echo_on); (*prompts)[0] = challenge; @@ -616,22 +679,25 @@ int mm_bsdauth_respond(void *ctx, u_int numresponses, char **responses) { - Buffer m; - int authok; + struct sshbuf *m; + int r, authok; debug3("%s: entering", __func__); if (numresponses != 1) return (-1); - buffer_init(&m); - buffer_put_cstring(&m, responses[0]); - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_BSDAUTHRESPOND, &m); + if ((m = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + if ((r = sshbuf_put_cstring(m, responses[0])) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_BSDAUTHRESPOND, m); mm_request_receive_expect(pmonitor->m_recvfd, - MONITOR_ANS_BSDAUTHRESPOND, &m); + MONITOR_ANS_BSDAUTHRESPOND, m); - authok = buffer_get_int(&m); - buffer_free(&m); + if ((r = sshbuf_get_u32(m, &authok)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + sshbuf_free(m); return ((authok == 0) ? -1 : 0); } @@ -640,45 +706,55 @@ OM_uint32 mm_ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID goid) { - Buffer m; + struct sshbuf *m; OM_uint32 major; + int r; /* Client doesn't get to see the context */ *ctx = NULL; - buffer_init(&m); - buffer_put_string(&m, goid->elements, goid->length); + if ((m = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + if ((r = sshbuf_put_string(m, goid->elements, goid->length)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSETUP, &m); - mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSETUP, &m); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSETUP, m); + mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSETUP, m); - major = buffer_get_int(&m); + if ((r = sshbuf_get_u32(m, &major)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); - buffer_free(&m); + sshbuf_free(m); return (major); } OM_uint32 mm_ssh_gssapi_accept_ctx(Gssctxt *ctx, gss_buffer_desc *in, - gss_buffer_desc *out, OM_uint32 *flags) + gss_buffer_desc *out, OM_uint32 *flagsp) { - Buffer m; + struct sshbuf *m; OM_uint32 major; - u_int len; + u_int flags; + int r; - buffer_init(&m); - buffer_put_string(&m, in->value, in->length); + if ((m = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + if ((r = sshbuf_put_string(m, in->value, in->length)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSTEP, &m); - mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSTEP, &m); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSTEP, m); + mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSTEP, m); - major = buffer_get_int(&m); - out->value = buffer_get_string(&m, &len); - out->length = len; - if (flags) - *flags = buffer_get_int(&m); + if ((r = sshbuf_get_u32(m, &major)) != 0 || + (r = sshbuf_get_string(m, &out->value, &out->length)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + if (flagsp != NULL) { + if ((r = sshbuf_get_u32(m, &flags)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + *flagsp = flags; + } - buffer_free(&m); + sshbuf_free(m); return (major); } @@ -686,39 +762,44 @@ OM_uint32 mm_ssh_gssapi_checkmic(Gssctxt *ctx, gss_buffer_t gssbuf, gss_buffer_t gssmic) { - Buffer m; + struct sshbuf *m; OM_uint32 major; + int r; - buffer_init(&m); - buffer_put_string(&m, gssbuf->value, gssbuf->length); - buffer_put_string(&m, gssmic->value, gssmic->length); + if ((m = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + if ((r = sshbuf_put_string(m, gssbuf->value, gssbuf->length)) != 0 || + (r = sshbuf_put_string(m, gssmic->value, gssmic->length)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSCHECKMIC, &m); - mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSCHECKMIC, - &m); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSCHECKMIC, m); + mm_request_receive_expect(pmonitor->m_recvfd, + MONITOR_ANS_GSSCHECKMIC, m); - major = buffer_get_int(&m); - buffer_free(&m); + if ((r = sshbuf_get_u32(m, &major)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + sshbuf_free(m); return(major); } int mm_ssh_gssapi_userok(char *user) { - Buffer m; - int authenticated = 0; + struct sshbuf *m; + int r, authenticated = 0; - buffer_init(&m); + if ((m = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSUSEROK, &m); - mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSUSEROK, - &m); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSUSEROK, m); + mm_request_receive_expect(pmonitor->m_recvfd, + MONITOR_ANS_GSSUSEROK, m); - authenticated = buffer_get_int(&m); + if ((r = sshbuf_get_u32(m, &authenticated)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); - buffer_free(&m); + sshbuf_free(m); debug3("%s: user %sauthenticated",__func__, authenticated ? "" : "not "); return (authenticated); } #endif /* GSSAPI */ -