upstream: convert auth.c to new packet API

with & ok markus@ OpenBSD-Commit-ID: 7e10359f614ff522b52a3f05eec576257794e8e4
author: djm@openbsd.org <djm@openbsd.org> 2019-01-19 21:41:18 +0000
committer: Damien Miller <djm@mindrot.org> 2019-01-20 09:45:17 +1100
commit: 3a00a921590d4c4b7e96df11bb10e6f9253ad45e (patch)
tree: 24186d71a6a77de7e303af919a4be64f2c7461bf
parent: 7ec5cb4d15ed2f2c5c9f5d00e6b361d136fc1e2d (diff)
7 files changed, 31 insertions, 37 deletions
diff --git a/auth.c b/auth.c
index d82b4068..fea2c650 100644
--- a/auth.c
+++ b/auth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth.c,v 1.137 2019/01/19 21:37:48 djm Exp $ */
+/* $OpenBSD: auth.c,v 1.138 2019/01/19 21:41:18 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -77,9 +77,6 @@
 #include "compat.h"
 #include "channels.h"
 
-#include "opacket.h" /* XXX */
-extern struct ssh *active_state; /* XXX */
-
 /* import */
 extern ServerOptions options;
 extern int use_privsep;
@@ -100,9 +97,8 @@ static struct sshbuf *auth_debug;
  * Otherwise true is returned.
  */
 int
-allowed_user(struct passwd * pw)
+allowed_user(struct ssh *ssh, struct passwd * pw)
 {
-	struct ssh *ssh = active_state; /* XXX */
 	struct stat st;
 	const char *hostname = NULL, *ipaddr = NULL, *passwd = NULL;
 	u_int i;
@@ -312,10 +308,10 @@ format_method_key(Authctxt *authctxt)
 }
 
 void
-auth_log(Authctxt *authctxt, int authenticated, int partial,
+auth_log(struct ssh *ssh, int authenticated, int partial,
     const char *method, const char *submethod)
 {
-	struct ssh *ssh = active_state; /* XXX */
+	Authctxt *authctxt = (Authctxt *)ssh->authctxt;
 	int level = SYSLOG_LEVEL_VERBOSE;
 	const char *authmsg;
 	char *extra = NULL;
@@ -377,9 +373,9 @@ auth_log(Authctxt *authctxt, int authenticated, int partial,
 
 
 void
-auth_maxtries_exceeded(Authctxt *authctxt)
+auth_maxtries_exceeded(struct ssh *ssh)
 {
-	struct ssh *ssh = active_state; /* XXX */
+	Authctxt *authctxt = (Authctxt *)ssh->authctxt;
 
 	error("maximum authentication attempts exceeded for "
 	    "%s%.100s from %.200s port %d ssh2",
@@ -387,7 +383,7 @@ auth_maxtries_exceeded(Authctxt *authctxt)
 	    authctxt->user,
 	    ssh_remote_ipaddr(ssh),
 	    ssh_remote_port(ssh));
-	packet_disconnect("Too many authentication failures");
+	ssh_packet_disconnect(ssh, "Too many authentication failures");
 	/* NOTREACHED */
 }
 
@@ -562,9 +558,8 @@ auth_openprincipals(const char *file, struct passwd *pw, int strict_modes)
 }
 
 struct passwd *
-getpwnamallow(const char *user)
+getpwnamallow(struct ssh *ssh, const char *user)
 {
-	struct ssh *ssh = active_state; /* XXX */
 #ifdef HAVE_LOGIN_CAP
 	extern login_cap_t *lc;
 #ifdef BSD_AUTH
@@ -614,7 +609,7 @@ getpwnamallow(const char *user)
 #endif /* SSH_AUDIT_EVENTS */
 		return (NULL);
 	}
-	if (!allowed_user(pw))
+	if (!allowed_user(ssh, pw))
 		return (NULL);
 #ifdef HAVE_LOGIN_CAP
 	if ((lc = login_getclass(pw->pw_class)) == NULL) {
@@ -693,9 +688,8 @@ auth_debug_add(const char *fmt,...)
 }
 
 void
-auth_debug_send(void)
+auth_debug_send(struct ssh *ssh)
 {
-	struct ssh *ssh = active_state;		/* XXX */
 	char *msg;
 	int r;
 
diff --git a/auth.h b/auth.h
index 68104e50..71c372e9 100644
--- a/auth.h
+++ b/auth.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth.h,v 1.97 2019/01/19 21:38:24 djm Exp $ */
+/* $OpenBSD: auth.h,v 1.98 2019/01/19 21:41:18 djm Exp $ */
 
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -168,8 +168,8 @@ void remove_kbdint_device(const char *);
 
 void	do_authentication2(struct ssh *);
 
-void	auth_log(Authctxt *, int, int, const char *, const char *);
-void	auth_maxtries_exceeded(Authctxt *) __attribute__((noreturn));
+void	auth_log(struct ssh *, int, int, const char *, const char *);
+void	auth_maxtries_exceeded(struct ssh *) __attribute__((noreturn));
 void	userauth_finish(struct ssh *, int, const char *, const char *);
 int	auth_root_allowed(struct ssh *, const char *);
 
@@ -186,8 +186,8 @@ void	auth2_challenge_stop(struct ssh *);
 int	bsdauth_query(void *, char **, char **, u_int *, char ***, u_int **);
 int	bsdauth_respond(void *, u_int, char **);
 
-int	allowed_user(struct passwd *);
-struct passwd * getpwnamallow(const char *user);
+int	allowed_user(struct ssh *, struct passwd *);
+struct passwd * getpwnamallow(struct ssh *, const char *user);
 
 char	*expand_authorized_keys(const char *, struct passwd *pw);
 char	*authorized_principals_file(struct passwd *);
@@ -222,7 +222,7 @@ void	 auth_log_authopts(const char *, const struct sshauthopt *, int);
 /* debug messages during authentication */
 void	 auth_debug_add(const char *fmt,...)
     __attribute__((format(printf, 1, 2)));
-void	 auth_debug_send(void);
+void	 auth_debug_send(struct ssh *);
 void	 auth_debug_reset(void);
 
 struct passwd *fakepw(void);
diff --git a/auth2.c b/auth2.c
index 2ea71210..1f023e8b 100644
--- a/auth2.c
+++ b/auth2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2.c,v 1.153 2019/01/19 21:38:24 djm Exp $ */
+/* $OpenBSD: auth2.c,v 1.154 2019/01/19 21:41:18 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -284,7 +284,7 @@ input_userauth_request(int type, u_int32_t seq, struct ssh *ssh)
 
 	if (authctxt->attempt++ == 0) {
 		/* setup auth context */
-		authctxt->pw = PRIVSEP(getpwnamallow(user));
+		authctxt->pw = PRIVSEP(getpwnamallow(ssh, user));
 		authctxt->user = xstrdup(user);
 		if (authctxt->pw && strcmp(service, "ssh-connection")==0) {
 			authctxt->valid = 1;
@@ -381,7 +381,7 @@ userauth_finish(struct ssh *ssh, int authenticated, const char *method,
 	}
 
 	/* Log before sending the reply */
-	auth_log(authctxt, authenticated, partial, method, submethod);
+	auth_log(ssh, authenticated, partial, method, submethod);
 
 	/* Update information exposed to session */
 	if (authenticated || partial)
@@ -429,7 +429,7 @@ userauth_finish(struct ssh *ssh, int authenticated, const char *method,
 #ifdef SSH_AUDIT_EVENTS
 			PRIVSEP(audit_event(SSH_LOGIN_EXCEED_MAXTRIES));
 #endif
-			auth_maxtries_exceeded(authctxt);
+			auth_maxtries_exceeded(ssh);
 		}
 		methods = authmethods_get(authctxt);
 		debug3("%s: failure partial=%d next methods=\"%s\"", __func__,
diff --git a/monitor.c b/monitor.c
index e15a5225..39bf7705 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor.c,v 1.189 2019/01/19 21:31:32 djm Exp $ */
+/* $OpenBSD: monitor.c,v 1.190 2019/01/19 21:41:18 djm Exp $ */
 /*
  * Copyright 2002 Niels Provos <provos@citi.umich.edu>
  * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -338,7 +338,7 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor)
 #endif
 		}
 		if (ent->flags & (MON_AUTHDECIDE|MON_ALOG)) {
-			auth_log(authctxt, authenticated, partial,
+			auth_log(ssh, authenticated, partial,
 			    auth_method, auth_submethod);
 			if (!partial && !authenticated)
 				authctxt->failures++;
@@ -729,7 +729,7 @@ mm_answer_pwnamallow(int sock, struct sshbuf *m)
 	if ((r = sshbuf_get_cstring(m, &username, NULL)) != 0)
 		fatal("%s: buffer error: %s", __func__, ssh_err(r));
 
-	pwent = getpwnamallow(username);
+	pwent = getpwnamallow(ssh, username);
 
 	authctxt->user = xstrdup(username);
 	setproctitle("%s [priv]", pwent ? username : "unknown");
@@ -1230,7 +1230,7 @@ mm_answer_keyallowed(int sock, struct sshbuf *m)
 		hostbased_chost = chost;
 	} else {
 		/* Log failed attempt */
-		auth_log(authctxt, 0, 0, auth_method, NULL);
+		auth_log(ssh, 0, 0, auth_method, NULL);
 		free(cuser);
 		free(chost);
 	}
diff --git a/monitor_wrap.c b/monitor_wrap.c
index 6ceaa371..5db8a0a9 100644
--- a/monitor_wrap.c
+++ b/monitor_wrap.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor_wrap.c,v 1.108 2019/01/19 21:31:32 djm Exp $ */
+/* $OpenBSD: monitor_wrap.c,v 1.109 2019/01/19 21:41:18 djm Exp $ */
 /*
  * Copyright 2002 Niels Provos <provos@citi.umich.edu>
  * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -251,9 +251,8 @@ mm_sshkey_sign(struct sshkey *key, u_char **sigp, size_t *lenp,
 }
 
 struct passwd *
-mm_getpwnamallow(const char *username)
+mm_getpwnamallow(struct ssh *ssh, const char *username)
 {
-	struct ssh *ssh = active_state;		/* XXX */
 	struct sshbuf *m;
 	struct passwd *pw;
 	size_t len;
diff --git a/monitor_wrap.h b/monitor_wrap.h
index 644da081..19c58e48 100644
--- a/monitor_wrap.h
+++ b/monitor_wrap.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor_wrap.h,v 1.38 2018/07/11 18:53:29 markus Exp $ */
+/* $OpenBSD: monitor_wrap.h,v 1.39 2019/01/19 21:41:18 djm Exp $ */
 
 /*
  * Copyright 2002 Niels Provos <provos@citi.umich.edu>
@@ -33,6 +33,7 @@ extern int use_privsep;
 
 enum mm_keytype { MM_NOKEY, MM_HOSTKEY, MM_USERKEY };
 
+struct ssh;
 struct monitor;
 struct Authctxt;
 struct sshkey;
@@ -44,7 +45,7 @@ DH *mm_choose_dh(int, int, int);
 int mm_sshkey_sign(struct sshkey *, u_char **, size_t *, const u_char *, size_t,
     const char *, u_int compat);
 void mm_inform_authserv(char *, char *);
-struct passwd *mm_getpwnamallow(const char *);
+struct passwd *mm_getpwnamallow(struct ssh *, const char *);
 char *mm_auth2_read_banner(void);
 int mm_auth_password(struct ssh *, char *);
 int mm_key_allowed(enum mm_keytype, const char *, const char *, struct sshkey *,
diff --git a/session.c b/session.c
index f0dabe11..26ab6f6a 100644
--- a/session.c
+++ b/session.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: session.c,v 1.310 2019/01/19 21:31:32 djm Exp $ */
+/* $OpenBSD: session.c,v 1.311 2019/01/19 21:41:18 djm Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
@@ -362,7 +362,7 @@ do_authenticated(struct ssh *ssh, Authctxt *authctxt)
 		else
 			channel_permit_all(ssh, FORWARD_REMOTE);
 	}
-	auth_debug_send();
+	auth_debug_send(ssh);
 
 	prepare_auth_info_file(authctxt->pw, authctxt->session_info);
author	djm@openbsd.org <djm@openbsd.org>	2019-01-19 21:41:18 +0000
committer	Damien Miller <djm@mindrot.org>	2019-01-20 09:45:17 +1100
commit	3a00a921590d4c4b7e96df11bb10e6f9253ad45e (patch)
tree	24186d71a6a77de7e303af919a4be64f2c7461bf
parent	7ec5cb4d15ed2f2c5c9f5d00e6b361d136fc1e2d (diff)