summaryrefslogtreecommitdiff
path: root/usr.bin/ssh/sshd.c
diff options
context:
space:
mode:
authorDamien Miller <djm@cvs.openbsd.org>2020-10-18 11:32:03 +0000
committerDamien Miller <djm@cvs.openbsd.org>2020-10-18 11:32:03 +0000
commit2ae6dc9f02aa66b5d542918567054297b0034e9c (patch)
tree4e23839ea50465eca0d2e9d8aa6a2bc80fc05df0 /usr.bin/ssh/sshd.c
parent76ac85c3c0818c9e092206a0e616a35f30f07885 (diff)
use the new variant log macros instead of prepending __func__ and
appending ssh_err(r) manually; ok markus@
Diffstat (limited to 'usr.bin/ssh/sshd.c')
-rw-r--r--usr.bin/ssh/sshd.c151
1 files changed, 73 insertions, 78 deletions
diff --git a/usr.bin/ssh/sshd.c b/usr.bin/ssh/sshd.c
index 52e7662f0b5..6003bd42710 100644
--- a/usr.bin/ssh/sshd.c
+++ b/usr.bin/ssh/sshd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.563 2020/10/16 13:26:13 djm Exp $ */
+/* $OpenBSD: sshd.c,v 1.564 2020/10/18 11:32:02 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -387,9 +387,8 @@ demote_sensitive_data(void)
if (sensitive_data.host_keys[i]) {
if ((r = sshkey_from_private(
sensitive_data.host_keys[i], &tmp)) != 0)
- fatal("could not demote host %s key: %s",
- sshkey_type(sensitive_data.host_keys[i]),
- ssh_err(r));
+ fatal_r(r, "could not demote host %s key",
+ sshkey_type(sensitive_data.host_keys[i]));
sshkey_free(sensitive_data.host_keys[i]);
sensitive_data.host_keys[i] = tmp;
}
@@ -467,8 +466,7 @@ privsep_preauth(struct ssh *ssh)
if (have_agent) {
r = ssh_get_authentication_socket(&auth_sock);
if (r != 0) {
- error("Could not get agent socket: %s",
- ssh_err(r));
+ error_r(r, "Could not get agent socket");
have_agent = 0;
}
}
@@ -481,17 +479,17 @@ privsep_preauth(struct ssh *ssh)
if (errno == EINTR)
continue;
pmonitor->m_pid = -1;
- fatal("%s: waitpid: %s", __func__, strerror(errno));
+ fatal_f("waitpid: %s", strerror(errno));
}
privsep_is_preauth = 0;
pmonitor->m_pid = -1;
if (WIFEXITED(status)) {
if (WEXITSTATUS(status) != 0)
- fatal("%s: preauth child exited with status %d",
- __func__, WEXITSTATUS(status));
+ fatal_f("preauth child exited with status %d",
+ WEXITSTATUS(status));
} else if (WIFSIGNALED(status))
- fatal("%s: preauth child terminated by signal %d",
- __func__, WTERMSIG(status));
+ fatal_f("preauth child terminated by signal %d",
+ WTERMSIG(status));
if (box != NULL)
ssh_sandbox_parent_finish(box);
return 1;
@@ -565,12 +563,11 @@ append_hostkey_type(struct sshbuf *b, const char *s)
int r;
if (match_pattern_list(s, options.hostkeyalgorithms, 0) != 1) {
- debug3("%s: %s key not permitted by HostkeyAlgorithms",
- __func__, s);
+ debug3_f("%s key not permitted by HostkeyAlgorithms", s);
return;
}
if ((r = sshbuf_putf(b, "%s%s", sshbuf_len(b) > 0 ? "," : "", s)) != 0)
- fatal("%s: sshbuf_putf: %s", __func__, ssh_err(r));
+ fatal_fr(r, "sshbuf_putf");
}
static char *
@@ -582,7 +579,7 @@ list_hostkey_types(void)
u_int i;
if ((b = sshbuf_new()) == NULL)
- fatal("%s: sshbuf_new failed", __func__);
+ fatal_f("sshbuf_new failed");
for (i = 0; i < options.num_host_key_files; i++) {
key = sensitive_data.host_keys[i];
if (key == NULL)
@@ -627,9 +624,9 @@ list_hostkey_types(void)
}
}
if ((ret = sshbuf_dup_string(b)) == NULL)
- fatal("%s: sshbuf_dup_string failed", __func__);
+ fatal_f("sshbuf_dup_string failed");
sshbuf_free(b);
- debug("%s: %s", __func__, ret);
+ debug_f("%s", ret);
return ret;
}
@@ -743,7 +740,7 @@ notify_hostkeys(struct ssh *ssh)
return;
if ((buf = sshbuf_new()) == NULL)
- fatal("%s: sshbuf_new", __func__);
+ fatal_f("sshbuf_new");
for (i = nkeys = 0; i < options.num_host_key_files; i++) {
key = get_hostkey_public_by_index(i, ssh);
if (key == NULL || key->type == KEY_UNSPEC ||
@@ -751,8 +748,7 @@ notify_hostkeys(struct ssh *ssh)
continue;
fp = sshkey_fingerprint(key, options.fingerprint_hash,
SSH_FP_DEFAULT);
- debug3("%s: key %d: %s %s", __func__, i,
- sshkey_ssh_name(key), fp);
+ debug3_f("key %d: %s %s", i, sshkey_ssh_name(key), fp);
free(fp);
if (nkeys == 0) {
/*
@@ -767,15 +763,14 @@ notify_hostkeys(struct ssh *ssh)
/* Append the key to the request */
sshbuf_reset(buf);
if ((r = sshkey_putb(key, buf)) != 0)
- fatal("%s: couldn't put hostkey %d: %s",
- __func__, i, ssh_err(r));
+ fatal_fr(r, "couldn't put hostkey %d", i);
if ((r = sshpkt_put_stringb(ssh, buf)) != 0)
sshpkt_fatal(ssh, r, "%s: append key", __func__);
nkeys++;
}
- debug3("%s: sent %u hostkeys", __func__, nkeys);
+ debug3_f("sent %u hostkeys", nkeys);
if (nkeys == 0)
- fatal("%s: no hostkeys", __func__);
+ fatal_f("no hostkeys");
if ((r = sshpkt_send(ssh)) != 0)
sshpkt_fatal(ssh, r, "%s: send", __func__);
sshbuf_free(buf);
@@ -805,7 +800,7 @@ should_drop_connection(int startups)
p += options.max_startups_rate;
r = arc4random_uniform(100);
- debug("%s: p %d, r %d", __func__, p, r);
+ debug_f("p %d, r %d", p, r);
return (r < p) ? 1 : 0;
}
@@ -893,18 +888,18 @@ send_rexec_state(int fd, struct sshbuf *conf)
struct include_item *item = NULL;
int r;
- debug3("%s: entering fd = %d config len %zu", __func__, fd,
+ debug3_f("entering fd = %d config len %zu", fd,
sshbuf_len(conf));
if ((m = sshbuf_new()) == NULL || (inc = sshbuf_new()) == NULL)
- fatal("%s: sshbuf_new failed", __func__);
+ fatal_f("sshbuf_new failed");
/* pack includes into a string */
TAILQ_FOREACH(item, &includes, entry) {
if ((r = sshbuf_put_cstring(inc, item->selector)) != 0 ||
(r = sshbuf_put_cstring(inc, item->filename)) != 0 ||
(r = sshbuf_put_stringb(inc, item->contents)) != 0)
- fatal("%s: buffer error: %s", __func__, ssh_err(r));
+ fatal_fr(r, "compose includes");
}
/*
@@ -918,14 +913,14 @@ send_rexec_state(int fd, struct sshbuf *conf)
*/
if ((r = sshbuf_put_stringb(m, conf)) != 0 ||
(r = sshbuf_put_stringb(m, inc)) != 0)
- fatal("%s: buffer error: %s", __func__, ssh_err(r));
+ fatal_fr(r, "compose config");
if (ssh_msg_send(fd, 0, m) == -1)
- error("%s: ssh_msg_send failed", __func__);
+ error_f("ssh_msg_send failed");
sshbuf_free(m);
sshbuf_free(inc);
- debug3("%s: done", __func__);
+ debug3_f("done");
}
static void
@@ -937,38 +932,38 @@ recv_rexec_state(int fd, struct sshbuf *conf)
int r;
struct include_item *item;
- debug3("%s: entering fd = %d", __func__, fd);
+ debug3_f("entering fd = %d", fd);
if ((m = sshbuf_new()) == NULL || (inc = sshbuf_new()) == NULL)
- fatal("%s: sshbuf_new failed", __func__);
+ fatal_f("sshbuf_new failed");
if (ssh_msg_recv(fd, m) == -1)
- fatal("%s: ssh_msg_recv failed", __func__);
+ fatal_f("ssh_msg_recv failed");
if ((r = sshbuf_get_u8(m, &ver)) != 0)
- fatal("%s: buffer error: %s", __func__, ssh_err(r));
+ fatal_fr(r, "parse version");
if (ver != 0)
- fatal("%s: rexec version mismatch", __func__);
+ fatal_f("rexec version mismatch");
if ((r = sshbuf_get_string(m, &cp, &len)) != 0 ||
(r = sshbuf_get_stringb(m, inc)) != 0)
- fatal("%s: buffer error: %s", __func__, ssh_err(r));
+ fatal_fr(r, "parse config");
if (conf != NULL && (r = sshbuf_put(conf, cp, len)))
- fatal("%s: buffer error: %s", __func__, ssh_err(r));
+ fatal_fr(r, "sshbuf_put");
while (sshbuf_len(inc) != 0) {
item = xcalloc(1, sizeof(*item));
if ((item->contents = sshbuf_new()) == NULL)
- fatal("%s: sshbuf_new failed", __func__);
+ fatal_f("sshbuf_new failed");
if ((r = sshbuf_get_cstring(inc, &item->selector, NULL)) != 0 ||
(r = sshbuf_get_cstring(inc, &item->filename, NULL)) != 0 ||
(r = sshbuf_get_stringb(inc, item->contents)) != 0)
- fatal("%s: buffer error: %s", __func__, ssh_err(r));
+ fatal_fr(r, "parse includes");
TAILQ_INSERT_TAIL(&includes, item, entry);
}
free(cp);
sshbuf_free(m);
- debug3("%s: done", __func__);
+ debug3_f("done");
}
/* Accept a connection from inetd */
@@ -988,7 +983,7 @@ server_accept_inetd(int *sock_in, int *sock_out)
* ttyfd happens to be one of those.
*/
if (stdfd_devnull(1, 1, !log_stderr) == -1)
- error("%s: stdfd_devnull failed", __func__);
+ error_f("stdfd_devnull failed");
debug("inetd sockets after dupping: %d, %d", *sock_in, *sock_out);
}
@@ -1165,9 +1160,9 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)
if (errno == EINTR || errno == EAGAIN)
continue;
if (errno != EPIPE) {
- error("%s: startup pipe %d (fd=%d): "
- "read %s", __func__, i,
- startup_pipes[i], strerror(errno));
+ error_f("startup pipe %d (fd=%d): "
+ "read %s", i, startup_pipes[i],
+ strerror(errno));
}
/* FALLTHROUGH */
case 0:
@@ -1374,7 +1369,7 @@ set_process_rdomain(struct ssh *ssh, const char *name)
if (rtable != ortable && setrtable(rtable) != 0)
fatal("Unable to set routing domain %d: %s",
rtable, strerror(errno));
- debug("%s: set routing domain %d (was %d)", __func__, rtable, ortable);
+ debug_f("set routing domain %d (was %d)", rtable, ortable);
}
static void
@@ -1388,16 +1383,16 @@ accumulate_host_timing_secret(struct sshbuf *server_cfg,
int r;
if (ctx == NULL && (ctx = ssh_digest_start(SSH_DIGEST_SHA512)) == NULL)
- fatal("%s: ssh_digest_start", __func__);
+ fatal_f("ssh_digest_start");
if (key == NULL) { /* finalize */
/* add server config in case we are using agent for host keys */
if (ssh_digest_update(ctx, sshbuf_ptr(server_cfg),
sshbuf_len(server_cfg)) != 0)
- fatal("%s: ssh_digest_update", __func__);
+ fatal_f("ssh_digest_update");
len = ssh_digest_bytes(SSH_DIGEST_SHA512);
hash = xmalloc(len);
if (ssh_digest_final(ctx, hash, len) != 0)
- fatal("%s: ssh_digest_final", __func__);
+ fatal_f("ssh_digest_final");
options.timing_secret = PEEK_U64(hash);
freezero(hash, len);
ssh_digest_free(ctx);
@@ -1405,11 +1400,11 @@ accumulate_host_timing_secret(struct sshbuf *server_cfg,
return;
}
if ((buf = sshbuf_new()) == NULL)
- fatal("%s could not allocate buffer", __func__);
+ fatal_f("could not allocate buffer");
if ((r = sshkey_private_serialize(key, buf)) != 0)
- fatal("sshkey_private_serialize: %s", ssh_err(r));
+ fatal_fr(r, "decode key");
if (ssh_digest_update(ctx, sshbuf_ptr(buf), sshbuf_len(buf)) != 0)
- fatal("%s: ssh_digest_update", __func__);
+ fatal_f("ssh_digest_update");
sshbuf_reset(buf);
sshbuf_free(buf);
}
@@ -1606,7 +1601,7 @@ main(int ac, char **av)
/* Fetch our configuration */
if ((cfg = sshbuf_new()) == NULL)
- fatal("%s: sshbuf_new failed", __func__);
+ fatal_f("sshbuf_new failed");
if (rexeced_flag) {
setproctitle("%s", "[rexeced]");
recv_rexec_state(REEXEC_CONFIG_PASS_FD, cfg);
@@ -1688,8 +1683,8 @@ main(int ac, char **av)
if ((r = ssh_get_authentication_socket(NULL)) == 0)
have_agent = 1;
else
- error("Could not connect to agent \"%s\": %s",
- options.host_key_agent, ssh_err(r));
+ error_r(r, "Could not connect to agent \"%s\"",
+ options.host_key_agent);
}
for (i = 0; i < options.num_host_key_files; i++) {
@@ -1700,8 +1695,8 @@ main(int ac, char **av)
continue;
if ((r = sshkey_load_private(options.host_key_files[i], "",
&key, NULL)) != 0 && r != SSH_ERR_SYSTEM_ERROR)
- do_log2(ll, "Unable to load host key \"%s\": %s",
- options.host_key_files[i], ssh_err(r));
+ do_log2_r(r, ll, "Unable to load host key \"%s\"",
+ options.host_key_files[i]);
if (sshkey_is_sk(key) &&
key->sk_flags & SSH_SK_USER_PRESENCE_REQD) {
debug("host key %s requires user presence, ignoring",
@@ -1710,15 +1705,15 @@ main(int ac, char **av)
}
if (r == 0 && key != NULL &&
(r = sshkey_shield_private(key)) != 0) {
- do_log2(ll, "Unable to shield host key \"%s\": %s",
- options.host_key_files[i], ssh_err(r));
+ do_log2_r(r, ll, "Unable to shield host key \"%s\"",
+ options.host_key_files[i]);
sshkey_free(key);
key = NULL;
}
if ((r = sshkey_load_public(options.host_key_files[i],
&pubkey, NULL)) != 0 && r != SSH_ERR_SYSTEM_ERROR)
- do_log2(ll, "Unable to load host key \"%s\": %s",
- options.host_key_files[i], ssh_err(r));
+ do_log2_r(r, ll, "Unable to load host key \"%s\"",
+ options.host_key_files[i]);
if (pubkey != NULL && key != NULL) {
if (!sshkey_equal(pubkey, key)) {
error("Public key for %s does not match "
@@ -1729,8 +1724,8 @@ main(int ac, char **av)
}
if (pubkey == NULL && key != NULL) {
if ((r = sshkey_from_private(key, &pubkey)) != 0)
- fatal("Could not demote key: \"%s\": %s",
- options.host_key_files[i], ssh_err(r));
+ fatal_r(r, "Could not demote key: \"%s\"",
+ options.host_key_files[i]);
}
sensitive_data.host_keys[i] = key;
sensitive_data.host_pubkeys[i] = pubkey;
@@ -1789,8 +1784,8 @@ main(int ac, char **av)
continue;
if ((r = sshkey_load_public(options.host_cert_files[i],
&key, NULL)) != 0) {
- error("Could not load host certificate \"%s\": %s",
- options.host_cert_files[i], ssh_err(r));
+ error_r(r, "Could not load host certificate \"%s\"",
+ options.host_cert_files[i]);
continue;
}
if (!sshkey_is_cert(key)) {
@@ -1971,7 +1966,7 @@ main(int ac, char **av)
close(REEXEC_CONFIG_PASS_FD);
newsock = sock_out = sock_in = dup(STDIN_FILENO);
if (stdfd_devnull(1, 1, 0) == -1)
- error("%s: stdfd_devnull failed", __func__);
+ error_f("stdfd_devnull failed");
debug("rexec cleanup in %d out %d newsock %d pipe %d sock %d",
sock_in, sock_out, newsock, startup_pipe, config_s[0]);
}
@@ -2062,7 +2057,7 @@ main(int ac, char **av)
/* prepare buffer to collect messages to display to user after login */
if ((loginmsg = sshbuf_new()) == NULL)
- fatal("%s: sshbuf_new failed", __func__);
+ fatal_f("sshbuf_new failed");
auth_debug_reset();
if (use_privsep) {
@@ -2070,7 +2065,7 @@ main(int ac, char **av)
goto authenticated;
} else if (have_agent) {
if ((r = ssh_get_authentication_socket(&auth_sock)) != 0) {
- error("Unable to get agent socket: %s", ssh_err(r));
+ error_r(r, "Unable to get agent socket");
have_agent = 0;
}
}
@@ -2150,24 +2145,23 @@ sshd_hostkey_sign(struct ssh *ssh, struct sshkey *privkey,
if (mm_sshkey_sign(ssh, privkey, signature, slenp,
data, dlen, alg, options.sk_provider, NULL,
ssh->compat) < 0)
- fatal("%s: privkey sign failed", __func__);
+ fatal_f("privkey sign failed");
} else {
if (mm_sshkey_sign(ssh, pubkey, signature, slenp,
data, dlen, alg, options.sk_provider, NULL,
ssh->compat) < 0)
- fatal("%s: pubkey sign failed", __func__);
+ fatal_f("pubkey sign failed");
}
} else {
if (privkey) {
if (sshkey_sign(privkey, signature, slenp, data, dlen,
alg, options.sk_provider, NULL, ssh->compat) < 0)
- fatal("%s: privkey sign failed", __func__);
+ fatal_f("privkey sign failed");
} else {
if ((r = ssh_agent_sign(auth_sock, pubkey,
signature, slenp, data, dlen, alg,
ssh->compat)) != 0) {
- fatal("%s: agent sign failed: %s",
- __func__, ssh_err(r));
+ fatal_fr(r, "agent sign failed");
}
}
}
@@ -2205,7 +2199,7 @@ do_ssh2_kex(struct ssh *ssh)
/* start key exchange */
if ((r = kex_setup(ssh, myproposal)) != 0)
- fatal("kex_setup: %s", ssh_err(r));
+ fatal_r(r, "kex_setup");
kex = ssh->kex;
#ifdef WITH_OPENSSL
kex->kex[KEX_DH_GRP1_SHA1] = kex_gen_server;
@@ -2235,7 +2229,7 @@ do_ssh2_kex(struct ssh *ssh)
(r = sshpkt_put_cstring(ssh, "markus")) != 0 ||
(r = sshpkt_send(ssh)) != 0 ||
(r = ssh_packet_write_wait(ssh)) != 0)
- fatal("%s: send test: %s", __func__, ssh_err(r));
+ fatal_fr(r, "send test");
#endif
debug("KEX done");
}
@@ -2250,9 +2244,10 @@ cleanup_exit(int i)
pmonitor != NULL && pmonitor->m_pid > 1) {
debug("Killing privsep child %d", pmonitor->m_pid);
if (kill(pmonitor->m_pid, SIGKILL) != 0 &&
- errno != ESRCH)
- error("%s: kill(%d): %s", __func__,
- pmonitor->m_pid, strerror(errno));
+ errno != ESRCH) {
+ error_f("kill(%d): %s", pmonitor->m_pid,
+ strerror(errno));
+ }
}
}
_exit(i);