upstream: sshd: switch authentication to sshbuf API; ok djm@

OpenBSD-Commit-ID: 880aa06bce4b140781e836bb56bec34873290641

12 files changed, 95 insertions, 85 deletions

diff --git a/auth-bsdauth.c b/auth-bsdauth.c
index e00718f2..4dc5045c 100644
--- a/auth-bsdauth.c
+++ b/auth-bsdauth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth-bsdauth.c,v 1.14 2015/10/20 23:24:25 mmcc Exp $ */
+/* $OpenBSD: auth-bsdauth.c,v 1.15 2018/07/09 21:35:50 markus Exp $ */
 /*
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
  *
@@ -33,11 +33,11 @@
 
 #ifdef BSD_AUTH
 #include "xmalloc.h"
-#include "key.h"
+#include "sshkey.h"
+#include "sshbuf.h"
 #include "hostfile.h"
 #include "auth.h"
 #include "log.h"
-#include "buffer.h"
 #ifdef GSSAPI
 #include "ssh-gss.h"
 #endif
diff --git a/auth-krb5.c b/auth-krb5.c
index a5a81ed2..3096f1c8 100644
--- a/auth-krb5.c
+++ b/auth-krb5.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth-krb5.c,v 1.22 2016/05/04 14:22:33 markus Exp $ */
+/* $OpenBSD: auth-krb5.c,v 1.23 2018/07/09 21:35:50 markus Exp $ */
 /*
  *    Kerberos v5 authentication and ticket-passing routines.
  *
@@ -38,11 +38,11 @@
 #include "ssh.h"
 #include "packet.h"
 #include "log.h"
-#include "buffer.h"
+#include "sshbuf.h"
+#include "sshkey.h"
 #include "misc.h"
 #include "servconf.h"
 #include "uidswap.h"
-#include "key.h"
 #include "hostfile.h"
 #include "auth.h"
 
diff --git a/auth-rhosts.c b/auth-rhosts.c
index ecf956f0..57296e1f 100644
--- a/auth-rhosts.c
+++ b/auth-rhosts.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth-rhosts.c,v 1.48 2016/08/13 17:47:41 markus Exp $ */
+/* $OpenBSD: auth-rhosts.c,v 1.49 2018/07/09 21:35:50 markus Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -34,8 +34,8 @@
 #include "pathnames.h"
 #include "log.h"
 #include "misc.h"
-#include "buffer.h" /* XXX */
-#include "key.h" /* XXX */
+#include "sshbuf.h"
+#include "sshkey.h"
 #include "servconf.h"
 #include "canohost.h"
 #include "sshkey.h"
diff --git a/auth.c b/auth.c
index 0424f1f7..2dddcf1f 100644
--- a/auth.c
+++ b/auth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth.c,v 1.130 2018/06/06 18:23:32 djm Exp $ */
+/* $OpenBSD: auth.c,v 1.131 2018/07/09 21:35:50 markus Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -55,10 +55,10 @@
 #include "match.h"
 #include "groupaccess.h"
 #include "log.h"
-#include "buffer.h"
+#include "sshbuf.h"
 #include "misc.h"
 #include "servconf.h"
-#include "key.h"
+#include "sshkey.h"
 #include "hostfile.h"
 #include "auth.h"
 #include "auth-options.h"
@@ -84,8 +84,7 @@ extern struct passwd *privsep_pw;
 extern struct sshauthopt *auth_opts;
 
 /* Debugging messages */
-Buffer auth_debug;
-int auth_debug_init;
+static struct sshbuf *auth_debug;
 
 /*
  * Check if the user is allowed to log in via ssh. If user is listed
@@ -281,7 +280,7 @@ format_method_key(Authctxt *authctxt)
 	if (key == NULL)
 		return NULL;
 
-	if (key_is_cert(key)) {
+	if (sshkey_is_cert(key)) {
 		fp = sshkey_fingerprint(key->cert->signature_key,
 		    options.fingerprint_hash, SSH_FP_DEFAULT);
 		xasprintf(&ret, "%s ID %s (serial %llu) CA %s %s%s%s",
@@ -672,26 +671,32 @@ auth_debug_add(const char *fmt,...)
 {
 	char buf[1024];
 	va_list args;
+	int r;
 
-	if (!auth_debug_init)
+	if (auth_debug == NULL)
 		return;
 
 	va_start(args, fmt);
 	vsnprintf(buf, sizeof(buf), fmt, args);
 	va_end(args);
-	buffer_put_cstring(&auth_debug, buf);
+	if ((r = sshbuf_put_cstring(auth_debug, buf)) != 0)
+		fatal("%s: sshbuf_put_cstring: %s", __func__, ssh_err(r));
 }
 
 void
 auth_debug_send(void)
 {
+	struct ssh *ssh = active_state;		/* XXX */
 	char *msg;
+	int r;
 
-	if (!auth_debug_init)
+	if (auth_debug == NULL)
 		return;
-	while (buffer_len(&auth_debug)) {
-		msg = buffer_get_string(&auth_debug, NULL);
-		packet_send_debug("%s", msg);
+	while (sshbuf_len(auth_debug) != 0) {
+		if ((r = sshbuf_get_cstring(auth_debug, &msg, NULL)) != 0)
+			fatal("%s: sshbuf_get_cstring: %s",
+			    __func__, ssh_err(r));
+		ssh_packet_send_debug(ssh, "%s", msg);
 		free(msg);
 	}
 }
@@ -699,12 +704,10 @@ auth_debug_send(void)
 void
 auth_debug_reset(void)
 {
-	if (auth_debug_init)
-		buffer_clear(&auth_debug);
-	else {
-		buffer_init(&auth_debug);
-		auth_debug_init = 1;
-	}
+	if (auth_debug != NULL)
+		sshbuf_reset(auth_debug);
+	else if ((auth_debug = sshbuf_new()) == NULL)
+		fatal("%s: sshbuf_new failed", __func__);
 }
 
 struct passwd *
diff --git a/auth2-chall.c b/auth2-chall.c
index 11c8d31b..5edd0e65 100644
--- a/auth2-chall.c
+++ b/auth2-chall.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-chall.c,v 1.48 2017/05/30 14:29:59 markus Exp $ */
+/* $OpenBSD: auth2-chall.c,v 1.49 2018/07/09 21:35:50 markus Exp $ */
 /*
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
  * Copyright (c) 2001 Per Allansson.  All rights reserved.
@@ -34,12 +34,13 @@
 
 #include "xmalloc.h"
 #include "ssh2.h"
-#include "key.h"
+#include "sshkey.h"
 #include "hostfile.h"
 #include "auth.h"
-#include "buffer.h"
+#include "sshbuf.h"
 #include "packet.h"
 #include "dispatch.h"
+#include "ssherr.h"
 #include "log.h"
 #include "misc.h"
 #include "servconf.h"
@@ -48,7 +49,7 @@
 extern ServerOptions options;
 
 static int auth2_challenge_start(struct ssh *);
-static int send_userauth_info_request(Authctxt *);
+static int send_userauth_info_request(struct ssh *);
 static int input_userauth_info_response(int, u_int32_t, struct ssh *);
 
 #ifdef BSD_AUTH
@@ -105,8 +106,8 @@ static KbdintAuthctxt *
 kbdint_alloc(const char *devs)
 {
 	KbdintAuthctxt *kbdintctxt;
-	Buffer b;
-	int i;
+	struct sshbuf *b;
+	int i, r;
 
 #ifdef USE_PAM
 	if (!options.use_pam)
@@ -115,16 +116,17 @@ kbdint_alloc(const char *devs)
 
 	kbdintctxt = xcalloc(1, sizeof(KbdintAuthctxt));
 	if (strcmp(devs, "") == 0) {
-		buffer_init(&b);
+		if ((b = sshbuf_new()) == NULL)
+			fatal("%s: sshbuf_new failed", __func__);
 		for (i = 0; devices[i]; i++) {
-			if (buffer_len(&b) > 0)
-				buffer_append(&b, ",", 1);
-			buffer_append(&b, devices[i]->name,
-			    strlen(devices[i]->name));
+			if ((r = sshbuf_putf(b, "%s%s",
+			    sshbuf_len(b) ? "," : "", devices[i]->name)) != 0)
+				fatal("%s: buffer error: %s",
+				    __func__, ssh_err(r));
 		}
-		if ((kbdintctxt->devices = sshbuf_dup_string(&b)) == NULL)
+		if ((kbdintctxt->devices = sshbuf_dup_string(b)) == NULL)
 			fatal("%s: sshbuf_dup_string failed", __func__);
-		buffer_free(&b);
+		sshbuf_free(b);
 	} else {
 		kbdintctxt->devices = xstrdup(devs);
 	}
@@ -243,7 +245,7 @@ auth2_challenge_start(struct ssh *ssh)
 		auth2_challenge_stop(ssh);
 		return 0;
 	}
-	if (send_userauth_info_request(authctxt) == 0) {
+	if (send_userauth_info_request(ssh) == 0) {
 		auth2_challenge_stop(ssh);
 		return 0;
 	}
@@ -255,28 +257,32 @@ auth2_challenge_start(struct ssh *ssh)
 }
 
 static int
-send_userauth_info_request(Authctxt *authctxt)
+send_userauth_info_request(struct ssh *ssh)
 {
+	Authctxt *authctxt = ssh->authctxt;
 	KbdintAuthctxt *kbdintctxt;
 	char *name, *instr, **prompts;
-	u_int i, *echo_on;
+	u_int r, i, *echo_on;
 
 	kbdintctxt = authctxt->kbdintctxt;
 	if (kbdintctxt->device->query(kbdintctxt->ctxt,
 	    &name, &instr, &kbdintctxt->nreq, &prompts, &echo_on))
 		return 0;
 
-	packet_start(SSH2_MSG_USERAUTH_INFO_REQUEST);
-	packet_put_cstring(name);
-	packet_put_cstring(instr);
-	packet_put_cstring("");		/* language not used */
-	packet_put_int(kbdintctxt->nreq);
+	if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_INFO_REQUEST)) != 0 ||
+	    (r = sshpkt_put_cstring(ssh, name)) != 0 ||
+	    (r = sshpkt_put_cstring(ssh, instr)) != 0 ||
+	    (r = sshpkt_put_cstring(ssh, "")) != 0 ||	/* language not used */
+	    (r = sshpkt_put_u32(ssh, kbdintctxt->nreq)) != 0)
+		fatal("%s: %s", __func__, ssh_err(r));
 	for (i = 0; i < kbdintctxt->nreq; i++) {
-		packet_put_cstring(prompts[i]);
-		packet_put_char(echo_on[i]);
+		if ((r = sshpkt_put_cstring(ssh, prompts[i])) != 0 ||
+		    (r = sshpkt_put_u8(ssh, echo_on[i])) != 0)
+			fatal("%s: %s", __func__, ssh_err(r));
 	}
-	packet_send();
-	packet_write_wait();
+	if ((r = sshpkt_send(ssh)) != 0)
+		fatal("%s: %s", __func__, ssh_err(r));
+	ssh_packet_write_wait(ssh);
 
 	for (i = 0; i < kbdintctxt->nreq; i++)
 		free(prompts[i]);
@@ -293,6 +299,7 @@ input_userauth_info_response(int type, u_int32_t seq, struct ssh *ssh)
 	Authctxt *authctxt = ssh->authctxt;
 	KbdintAuthctxt *kbdintctxt;
 	int authenticated = 0, res;
+	int r;
 	u_int i, nresp;
 	const char *devicename = NULL;
 	char **response = NULL;
@@ -306,7 +313,8 @@ input_userauth_info_response(int type, u_int32_t seq, struct ssh *ssh)
 		fatal("input_userauth_info_response: no device");
 
 	authctxt->postponed = 0;	/* reset */
-	nresp = packet_get_int();
+	if ((r = sshpkt_get_u32(ssh, &nresp)) != 0)
+		fatal("%s: %s", __func__, ssh_err(r));
 	if (nresp != kbdintctxt->nreq)
 		fatal("input_userauth_info_response: wrong number of replies");
 	if (nresp > 100)
@@ -314,9 +322,12 @@ input_userauth_info_response(int type, u_int32_t seq, struct ssh *ssh)
 	if (nresp > 0) {
 		response = xcalloc(nresp, sizeof(char *));
 		for (i = 0; i < nresp; i++)
-			response[i] = packet_get_string(NULL);
+			if ((r = sshpkt_get_cstring(ssh, &response[i],
+			    NULL)) != 0)
+				fatal("%s: %s", __func__, ssh_err(r));
 	}
-	packet_check_eom();
+	if ((r = sshpkt_get_end(ssh)) != 0)
+		fatal("%s: %s", __func__, ssh_err(r));
 
 	res = kbdintctxt->device->respond(kbdintctxt->ctxt, nresp, response);
 
@@ -333,7 +344,7 @@ input_userauth_info_response(int type, u_int32_t seq, struct ssh *ssh)
 		break;
 	case 1:
 		/* Authentication needs further interaction */
-		if (send_userauth_info_request(authctxt) == 1)
+		if (send_userauth_info_request(ssh) == 1)
 			authctxt->postponed = 1;
 		break;
 	default:
diff --git a/auth2-hostbased.c b/auth2-hostbased.c
index f70609cb..60159a56 100644
--- a/auth2-hostbased.c
+++ b/auth2-hostbased.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-hostbased.c,v 1.34 2018/07/03 11:39:54 djm Exp $ */
+/* $OpenBSD: auth2-hostbased.c,v 1.35 2018/07/09 21:35:50 markus Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -34,7 +34,7 @@
 #include "xmalloc.h"
 #include "ssh2.h"
 #include "packet.h"
-#include "buffer.h"
+#include "sshbuf.h"
 #include "log.h"
 #include "misc.h"
 #include "servconf.h"
diff --git a/auth2-kbdint.c b/auth2-kbdint.c
index 86aad8dd..a813b8f5 100644
--- a/auth2-kbdint.c
+++ b/auth2-kbdint.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-kbdint.c,v 1.8 2017/05/30 14:29:59 markus Exp $ */
+/* $OpenBSD: auth2-kbdint.c,v 1.9 2018/07/09 21:35:50 markus Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -31,13 +31,12 @@
 
 #include "xmalloc.h"
 #include "packet.h"
-#include "key.h"
 #include "hostfile.h"
 #include "auth.h"
 #include "log.h"
-#include "buffer.h"
 #include "misc.h"
 #include "servconf.h"
+#include "ssherr.h"
 
 /* import */
 extern ServerOptions options;
@@ -45,12 +44,13 @@ extern ServerOptions options;
 static int
 userauth_kbdint(struct ssh *ssh)
 {
-	int authenticated = 0;
+	int r, authenticated = 0;
 	char *lang, *devs;
 
-	lang = packet_get_string(NULL);
-	devs = packet_get_string(NULL);
-	packet_check_eom();
+	if ((r = sshpkt_get_cstring(ssh, &lang, NULL)) != 0 ||
+	    (r = sshpkt_get_cstring(ssh, &devs, NULL)) != 0 ||
+	    (r = sshpkt_get_end(ssh)) != 0)
+		fatal("%s: %s", __func__, ssh_err(r));
 
 	debug("keyboard-interactive devs %s", devs);
 
diff --git a/auth2-none.c b/auth2-none.c
index 8d4e9bb8..dacb5fb8 100644
--- a/auth2-none.c
+++ b/auth2-none.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-none.c,v 1.21 2018/03/03 03:15:51 djm Exp $ */
+/* $OpenBSD: auth2-none.c,v 1.22 2018/07/09 21:35:50 markus Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -42,7 +42,6 @@
 #include "auth.h"
 #include "packet.h"
 #include "log.h"
-#include "buffer.h"
 #include "misc.h"
 #include "servconf.h"
 #include "compat.h"
diff --git a/auth2-passwd.c b/auth2-passwd.c
index 445016ae..0395a69f 100644
--- a/auth2-passwd.c
+++ b/auth2-passwd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-passwd.c,v 1.15 2018/03/03 03:15:51 djm Exp $ */
+/* $OpenBSD: auth2-passwd.c,v 1.16 2018/07/09 21:35:50 markus Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -36,7 +36,6 @@
 #include "sshkey.h"
 #include "hostfile.h"
 #include "auth.h"
-#include "buffer.h"
 #ifdef GSSAPI
 #include "ssh-gss.h"
 #endif
diff --git a/auth2-pubkey.c b/auth2-pubkey.c
index 4feeae3e..e649a625 100644
--- a/auth2-pubkey.c
+++ b/auth2-pubkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-pubkey.c,v 1.80 2018/07/03 11:39:54 djm Exp $ */
+/* $OpenBSD: auth2-pubkey.c,v 1.81 2018/07/09 21:35:50 markus Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -46,7 +46,7 @@
 #include "ssh.h"
 #include "ssh2.h"
 #include "packet.h"
-#include "buffer.h"
+#include "sshbuf.h"
 #include "log.h"
 #include "misc.h"
 #include "servconf.h"
diff --git a/auth2.c b/auth2.c
index 01c83046..c3ae5605 100644
--- a/auth2.c
+++ b/auth2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2.c,v 1.147 2018/05/11 03:22:55 dtucker Exp $ */
+/* $OpenBSD: auth2.c,v 1.148 2018/07/09 21:35:50 markus Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -41,7 +41,7 @@
 #include "ssh2.h"
 #include "packet.h"
 #include "log.h"
-#include "buffer.h"
+#include "sshbuf.h"
 #include "misc.h"
 #include "servconf.h"
 #include "compat.h"
@@ -451,11 +451,12 @@ auth2_method_allowed(Authctxt *authctxt, const char *method,
 static char *
 authmethods_get(Authctxt *authctxt)
 {
-	Buffer b;
+	struct sshbuf *b;
 	char *list;
-	u_int i;
+	int i, r;
 
-	buffer_init(&b);
+	if ((b = sshbuf_new()) == NULL)
+		fatal("%s: sshbuf_new failed", __func__);
 	for (i = 0; authmethods[i] != NULL; i++) {
 		if (strcmp(authmethods[i]->name, "none") == 0)
 			continue;
@@ -465,14 +466,13 @@ authmethods_get(Authctxt *authctxt)
 		if (!auth2_method_allowed(authctxt, authmethods[i]->name,
 		    NULL))
 			continue;
-		if (buffer_len(&b) > 0)
-			buffer_append(&b, ",", 1);
-		buffer_append(&b, authmethods[i]->name,
-		    strlen(authmethods[i]->name));
+		if ((r = sshbuf_putf(b, "%s%s", sshbuf_len(b) ? "," : "",
+		    authmethods[i]->name)) != 0)
+			fatal("%s: buffer error: %s", __func__, ssh_err(r));
 	}
-	if ((list = sshbuf_dup_string(&b)) == NULL)
+	if ((list = sshbuf_dup_string(b)) == NULL)
 		fatal("%s: sshbuf_dup_string failed", __func__);
-	buffer_free(&b);
+	sshbuf_free(b);
 	return list;
 }
 
diff --git a/monitor.c b/monitor.c
index 44af5f48..11f96b72 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor.c,v 1.181 2018/07/09 21:26:02 markus Exp $ */
+/* $OpenBSD: monitor.c,v 1.182 2018/07/09 21:35:50 markus Exp $ */
 /*
  * Copyright 2002 Niels Provos <provos@citi.umich.edu>
  * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -113,8 +113,6 @@ static Gssctxt *gsscontext = NULL;
 extern ServerOptions options;
 extern u_int utmp_len;
 extern u_char session_id[];
-extern Buffer auth_debug;
-extern int auth_debug_init;
 extern struct sshbuf *loginmsg;
 extern struct sshauthopt *auth_opts; /* XXX move to permanent ssh->authctxt? */