summaryrefslogtreecommitdiff
path: root/usr.bin
diff options
context:
space:
mode:
authorDamien Miller <djm@cvs.openbsd.org>2019-01-19 21:43:57 +0000
committerDamien Miller <djm@cvs.openbsd.org>2019-01-19 21:43:57 +0000
commitc13a8e4fc99e498936ad59bc82f0b6fa782119d1 (patch)
tree981cdbfce79f931994ca3a8f8da7663cbdb02bef /usr.bin
parent6b1fb1f495d3a29019ae3a1919db924edf979e7c (diff)
remove last references to active_state
with & ok markus@
Diffstat (limited to 'usr.bin')
-rw-r--r--usr.bin/ssh/auth.h10
-rw-r--r--usr.bin/ssh/auth2-hostbased.c12
-rw-r--r--usr.bin/ssh/kex.h6
-rw-r--r--usr.bin/ssh/kexc25519s.c6
-rw-r--r--usr.bin/ssh/kexdhs.c6
-rw-r--r--usr.bin/ssh/kexecdhs.c6
-rw-r--r--usr.bin/ssh/kexgexs.c6
-rw-r--r--usr.bin/ssh/monitor.c8
-rw-r--r--usr.bin/ssh/monitor.h3
-rw-r--r--usr.bin/ssh/monitor_wrap.c15
-rw-r--r--usr.bin/ssh/monitor_wrap.h11
-rw-r--r--usr.bin/ssh/serverloop.c6
-rw-r--r--usr.bin/ssh/ssh.c5
-rw-r--r--usr.bin/ssh/ssh_api.c15
-rw-r--r--usr.bin/ssh/sshd.c63
15 files changed, 90 insertions, 88 deletions
diff --git a/usr.bin/ssh/auth.h b/usr.bin/ssh/auth.h
index 3a501fa2805..d443a1241dc 100644
--- a/usr.bin/ssh/auth.h
+++ b/usr.bin/ssh/auth.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth.h,v 1.98 2019/01/19 21:41:18 djm Exp $ */
+/* $OpenBSD: auth.h,v 1.99 2019/01/19 21:43:56 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
@@ -123,8 +123,8 @@ auth_rhosts2(struct passwd *, const char *, const char *, const char *);
int auth_password(struct ssh *, const char *);
-int hostbased_key_allowed(struct passwd *, const char *, char *,
- struct sshkey *);
+int hostbased_key_allowed(struct ssh *, struct passwd *,
+ const char *, char *, struct sshkey *);
int user_key_allowed(struct ssh *, struct passwd *, struct sshkey *, int,
struct sshauthopt **);
int auth2_key_already_used(Authctxt *, const struct sshkey *);
@@ -189,8 +189,8 @@ struct sshkey *get_hostkey_public_by_index(int, struct ssh *);
struct sshkey *get_hostkey_public_by_type(int, int, struct ssh *);
struct sshkey *get_hostkey_private_by_type(int, int, struct ssh *);
int get_hostkey_index(struct sshkey *, int, struct ssh *);
-int sshd_hostkey_sign(struct sshkey *, struct sshkey *, u_char **,
- size_t *, const u_char *, size_t, const char *, u_int);
+int sshd_hostkey_sign(struct ssh *, struct sshkey *, struct sshkey *,
+ u_char **, size_t *, const u_char *, size_t, const char *);
/* Key / cert options linkage to auth layer */
const struct sshauthopt *auth_options(struct ssh *);
diff --git a/usr.bin/ssh/auth2-hostbased.c b/usr.bin/ssh/auth2-hostbased.c
index a79a56c68a4..1484761a5b3 100644
--- a/usr.bin/ssh/auth2-hostbased.c
+++ b/usr.bin/ssh/auth2-hostbased.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-hostbased.c,v 1.39 2019/01/19 21:31:32 djm Exp $ */
+/* $OpenBSD: auth2-hostbased.c,v 1.40 2019/01/19 21:43:56 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -50,8 +50,6 @@
#include "ssherr.h"
#include "match.h"
-extern struct ssh *active_state; /* XXX */
-
/* import */
extern ServerOptions options;
extern u_char *session_id2;
@@ -148,7 +146,8 @@ userauth_hostbased(struct ssh *ssh)
/* test for allowed key and correct signature */
authenticated = 0;
- if (PRIVSEP(hostbased_key_allowed(authctxt->pw, cuser, chost, key)) &&
+ if (PRIVSEP(hostbased_key_allowed(ssh, authctxt->pw, cuser,
+ chost, key)) &&
PRIVSEP(sshkey_verify(key, sig, slen,
sshbuf_ptr(b), sshbuf_len(b), pkalg, ssh->compat)) == 0)
authenticated = 1;
@@ -168,10 +167,9 @@ done:
/* return 1 if given hostkey is allowed */
int
-hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost,
- struct sshkey *key)
+hostbased_key_allowed(struct ssh *ssh, struct passwd *pw,
+ const char *cuser, char *chost, struct sshkey *key)
{
- struct ssh *ssh = active_state; /* XXX */
const char *resolvedname, *ipaddr, *lookup, *reason;
HostStatus host_status;
int len;
diff --git a/usr.bin/ssh/kex.h b/usr.bin/ssh/kex.h
index 2e33d0f8448..7847aa2568a 100644
--- a/usr.bin/ssh/kex.h
+++ b/usr.bin/ssh/kex.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: kex.h,v 1.93 2018/12/27 03:25:25 djm Exp $ */
+/* $OpenBSD: kex.h,v 1.94 2019/01/19 21:43:56 djm Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
@@ -140,8 +140,8 @@ struct kex {
struct sshkey *(*load_host_public_key)(int, int, struct ssh *);
struct sshkey *(*load_host_private_key)(int, int, struct ssh *);
int (*host_key_index)(struct sshkey *, int, struct ssh *);
- int (*sign)(struct sshkey *, struct sshkey *, u_char **, size_t *,
- const u_char *, size_t, const char *, u_int);
+ int (*sign)(struct ssh *, struct sshkey *, struct sshkey *,
+ u_char **, size_t *, const u_char *, size_t, const char *);
int (*kex[KEX_MAX])(struct ssh *);
/* kex specific state */
DH *dh; /* DH */
diff --git a/usr.bin/ssh/kexc25519s.c b/usr.bin/ssh/kexc25519s.c
index 88123a07f29..fc4f51d6503 100644
--- a/usr.bin/ssh/kexc25519s.c
+++ b/usr.bin/ssh/kexc25519s.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kexc25519s.c,v 1.12 2018/12/27 03:25:25 djm Exp $ */
+/* $OpenBSD: kexc25519s.c,v 1.13 2019/01/19 21:43:56 djm Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
* Copyright (c) 2010 Damien Miller. All rights reserved.
@@ -131,8 +131,8 @@ input_kex_c25519_init(int type, u_int32_t seq, struct ssh *ssh)
}
/* sign H */
- if ((r = kex->sign(server_host_private, server_host_public, &signature,
- &slen, hash, hashlen, kex->hostkey_alg, ssh->compat)) < 0)
+ if ((r = kex->sign(ssh, server_host_private, server_host_public,
+ &signature, &slen, hash, hashlen, kex->hostkey_alg)) < 0)
goto out;
/* send server hostkey, ECDH pubkey 'Q_S' and signed H */
diff --git a/usr.bin/ssh/kexdhs.c b/usr.bin/ssh/kexdhs.c
index 502934c6e09..2956c0cebee 100644
--- a/usr.bin/ssh/kexdhs.c
+++ b/usr.bin/ssh/kexdhs.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kexdhs.c,v 1.29 2018/12/27 03:25:25 djm Exp $ */
+/* $OpenBSD: kexdhs.c,v 1.30 2019/01/19 21:43:56 djm Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
*
@@ -182,8 +182,8 @@ input_kex_dh_init(int type, u_int32_t seq, struct ssh *ssh)
}
/* sign H */
- if ((r = kex->sign(server_host_private, server_host_public, &signature,
- &slen, hash, hashlen, kex->hostkey_alg, ssh->compat)) < 0)
+ if ((r = kex->sign(ssh, server_host_private, server_host_public,
+ &signature, &slen, hash, hashlen, kex->hostkey_alg)) < 0)
goto out;
/* destroy_sensitive_data(); */
diff --git a/usr.bin/ssh/kexecdhs.c b/usr.bin/ssh/kexecdhs.c
index cc20d3ccb47..46883229d49 100644
--- a/usr.bin/ssh/kexecdhs.c
+++ b/usr.bin/ssh/kexecdhs.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kexecdhs.c,v 1.18 2018/12/27 03:25:25 djm Exp $ */
+/* $OpenBSD: kexecdhs.c,v 1.19 2019/01/19 21:43:56 djm Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
* Copyright (c) 2010 Damien Miller. All rights reserved.
@@ -164,8 +164,8 @@ input_kex_ecdh_init(int type, u_int32_t seq, struct ssh *ssh)
}
/* sign H */
- if ((r = kex->sign(server_host_private, server_host_public, &signature,
- &slen, hash, hashlen, kex->hostkey_alg, ssh->compat)) < 0)
+ if ((r = kex->sign(ssh, server_host_private, server_host_public,
+ &signature, &slen, hash, hashlen, kex->hostkey_alg)) < 0)
goto out;
/* destroy_sensitive_data(); */
diff --git a/usr.bin/ssh/kexgexs.c b/usr.bin/ssh/kexgexs.c
index 3589d009e72..146f5922e09 100644
--- a/usr.bin/ssh/kexgexs.c
+++ b/usr.bin/ssh/kexgexs.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kexgexs.c,v 1.36 2018/12/27 03:25:25 djm Exp $ */
+/* $OpenBSD: kexgexs.c,v 1.37 2019/01/19 21:43:56 djm Exp $ */
/*
* Copyright (c) 2000 Niels Provos. All rights reserved.
* Copyright (c) 2001 Markus Friedl. All rights reserved.
@@ -216,8 +216,8 @@ input_kex_dh_gex_init(int type, u_int32_t seq, struct ssh *ssh)
}
/* sign H */
- if ((r = kex->sign(server_host_private, server_host_public, &signature,
- &slen, hash, hashlen, kex->hostkey_alg, ssh->compat)) < 0)
+ if ((r = kex->sign(ssh, server_host_private, server_host_public,
+ &signature, &slen, hash, hashlen, kex->hostkey_alg)) < 0)
goto out;
/* destroy_sensitive_data(); */
diff --git a/usr.bin/ssh/monitor.c b/usr.bin/ssh/monitor.c
index 35cb1da3094..8a536d40c39 100644
--- a/usr.bin/ssh/monitor.c
+++ b/usr.bin/ssh/monitor.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor.c,v 1.191 2019/01/19 21:43:07 djm Exp $ */
+/* $OpenBSD: monitor.c,v 1.192 2019/01/19 21:43:56 djm Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
* Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -297,7 +297,7 @@ monitor_child_preauth(struct ssh *ssh, struct monitor *pmonitor)
ssh->authctxt = NULL;
ssh_packet_set_log_preamble(ssh, "user %s", authctxt->user);
- mm_get_keystate(pmonitor);
+ mm_get_keystate(ssh, pmonitor);
/* Drain any buffered messages from the child */
while (pmonitor->m_log_recvfd != -1 && monitor_read_log(pmonitor) == 0)
@@ -951,7 +951,7 @@ mm_answer_keyallowed(struct ssh *ssh, int sock, struct sshbuf *m)
if (!key_base_type_match(auth_method, key,
options.hostbased_key_types))
break;
- allowed = hostbased_key_allowed(authctxt->pw,
+ allowed = hostbased_key_allowed(ssh, authctxt->pw,
cuser, chost, key);
auth2_record_info(authctxt,
"client user \"%.100s\", client host \"%.100s\"",
@@ -1401,7 +1401,7 @@ monitor_apply_keystate(struct ssh *ssh, struct monitor *pmonitor)
/* This function requries careful sanity checking */
void
-mm_get_keystate(struct monitor *pmonitor)
+mm_get_keystate(struct ssh *ssh, struct monitor *pmonitor)
{
debug3("%s: Waiting for new keys", __func__);
diff --git a/usr.bin/ssh/monitor.h b/usr.bin/ssh/monitor.h
index 5860f31d976..15402c409af 100644
--- a/usr.bin/ssh/monitor.h
+++ b/usr.bin/ssh/monitor.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor.h,v 1.22 2019/01/19 21:43:07 djm Exp $ */
+/* $OpenBSD: monitor.h,v 1.23 2019/01/19 21:43:56 djm Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
@@ -83,5 +83,6 @@ void monitor_apply_keystate(struct ssh *, struct monitor *);
void mm_request_send(int, enum monitor_reqtype, struct sshbuf *);
void mm_request_receive(int, struct sshbuf *);
void mm_request_receive_expect(int, enum monitor_reqtype, struct sshbuf *);
+void mm_get_keystate(struct ssh *, struct monitor *);
#endif /* _MONITOR_H_ */
diff --git a/usr.bin/ssh/monitor_wrap.c b/usr.bin/ssh/monitor_wrap.c
index 3c5134dd0f4..ac887e9cecb 100644
--- a/usr.bin/ssh/monitor_wrap.c
+++ b/usr.bin/ssh/monitor_wrap.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor_wrap.c,v 1.110 2019/01/19 21:43:07 djm Exp $ */
+/* $OpenBSD: monitor_wrap.c,v 1.111 2019/01/19 21:43:56 djm Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
* Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -71,8 +71,6 @@
#include "ssherr.h"
-extern struct ssh *active_state; /* XXX */
-
/* Imports */
extern struct monitor *pmonitor;
extern struct sshbuf *loginmsg;
@@ -215,12 +213,12 @@ mm_choose_dh(int min, int nbits, int max)
#endif
int
-mm_sshkey_sign(struct sshkey *key, u_char **sigp, size_t *lenp,
+mm_sshkey_sign(struct ssh *ssh, struct sshkey *key, u_char **sigp, size_t *lenp,
const u_char *data, size_t datalen, const char *hostkey_alg, u_int compat)
{
struct kex *kex = *pmonitor->m_pkex;
struct sshbuf *m;
- u_int ndx = kex->host_key_index(key, 0, active_state);
+ u_int ndx = kex->host_key_index(key, 0, ssh);
int r;
debug3("%s entering", __func__);
@@ -420,8 +418,8 @@ mm_user_key_allowed(struct ssh *ssh, struct passwd *pw, struct sshkey *key,
}
int
-mm_hostbased_key_allowed(struct passwd *pw, const char *user, const char *host,
- struct sshkey *key)
+mm_hostbased_key_allowed(struct ssh *ssh, struct passwd *pw,
+ const char *user, const char *host, struct sshkey *key)
{
return (mm_key_allowed(MM_HOSTKEY, user, host, key, 0, NULL));
}
@@ -514,9 +512,8 @@ mm_sshkey_verify(const struct sshkey *key, const u_char *sig, size_t siglen,
}
void
-mm_send_keystate(struct monitor *monitor)
+mm_send_keystate(struct ssh *ssh, struct monitor *monitor)
{
- struct ssh *ssh = active_state; /* XXX */
struct sshbuf *m;
int r;
diff --git a/usr.bin/ssh/monitor_wrap.h b/usr.bin/ssh/monitor_wrap.h
index d5bb10f92e2..e5c30227404 100644
--- a/usr.bin/ssh/monitor_wrap.h
+++ b/usr.bin/ssh/monitor_wrap.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor_wrap.h,v 1.40 2019/01/19 21:43:07 djm Exp $ */
+/* $OpenBSD: monitor_wrap.h,v 1.41 2019/01/19 21:43:56 djm Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
@@ -42,8 +42,8 @@ struct sshauthopt;
void mm_log_handler(LogLevel, const char *, void *);
int mm_is_monitor(void);
DH *mm_choose_dh(int, int, int);
-int mm_sshkey_sign(struct sshkey *, u_char **, size_t *, const u_char *, size_t,
- const char *, u_int compat);
+int mm_sshkey_sign(struct ssh *, struct sshkey *, u_char **, size_t *,
+ const u_char *, size_t, const char *, u_int compat);
void mm_inform_authserv(char *, char *);
struct passwd *mm_getpwnamallow(struct ssh *, const char *);
char *mm_auth2_read_banner(void);
@@ -52,7 +52,7 @@ int mm_key_allowed(enum mm_keytype, const char *, const char *, struct sshkey *,
int, struct sshauthopt **);
int mm_user_key_allowed(struct ssh *, struct passwd *, struct sshkey *, int,
struct sshauthopt **);
-int mm_hostbased_key_allowed(struct passwd *, const char *,
+int mm_hostbased_key_allowed(struct ssh *, struct passwd *, const char *,
const char *, struct sshkey *);
int mm_sshkey_verify(const struct sshkey *, const u_char *, size_t,
const u_char *, size_t, const char *, u_int);
@@ -74,8 +74,7 @@ void mm_session_pty_cleanup2(struct Session *);
struct newkeys *mm_newkeys_from_blob(u_char *, int);
int mm_newkeys_to_blob(int, u_char **, u_int *);
-void mm_get_keystate(struct monitor *);
-void mm_send_keystate(struct monitor*);
+void mm_send_keystate(struct ssh *, struct monitor*);
/* bsdauth */
int mm_bsdauth_query(void *, char **, char **, u_int *, char ***, u_int **);
diff --git a/usr.bin/ssh/serverloop.c b/usr.bin/ssh/serverloop.c
index dda8d8d67c5..2f38e54ae0a 100644
--- a/usr.bin/ssh/serverloop.c
+++ b/usr.bin/ssh/serverloop.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: serverloop.c,v 1.211 2019/01/19 21:40:48 djm Exp $ */
+/* $OpenBSD: serverloop.c,v 1.212 2019/01/19 21:43:56 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -772,9 +772,9 @@ server_input_hostkeys_prove(struct ssh *ssh, struct sshbuf **respp)
(r = sshbuf_put_string(sigbuf,
ssh->kex->session_id, ssh->kex->session_id_len)) != 0 ||
(r = sshkey_puts(key, sigbuf)) != 0 ||
- (r = ssh->kex->sign(key_prv, key_pub, &sig, &slen,
+ (r = ssh->kex->sign(ssh, key_prv, key_pub, &sig, &slen,
sshbuf_ptr(sigbuf), sshbuf_len(sigbuf),
- use_kexsigtype ? ssh->kex->hostkey_alg : NULL, 0)) != 0 ||
+ use_kexsigtype ? ssh->kex->hostkey_alg : NULL)) != 0 ||
(r = sshbuf_put_string(resp, sig, slen)) != 0) {
error("%s: couldn't prepare signature: %s",
__func__, ssh_err(r));
diff --git a/usr.bin/ssh/ssh.c b/usr.bin/ssh/ssh.c
index 151428dc128..15c4eb3bcef 100644
--- a/usr.bin/ssh/ssh.c
+++ b/usr.bin/ssh/ssh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.499 2019/01/19 21:36:06 djm Exp $ */
+/* $OpenBSD: ssh.c,v 1.500 2019/01/19 21:43:56 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -102,8 +102,6 @@
#include "ssh-pkcs11.h"
#endif
-extern struct ssh *active_state; /* XXX remove after sshconnect2.c updated */
-
extern char *__progname;
/* Flag indicating whether debug mode is on. May be set on the command line. */
@@ -626,7 +624,6 @@ main(int ac, char **av)
*/
if ((ssh = ssh_alloc_session_state()) == NULL)
fatal("Couldn't allocate session state");
- active_state = ssh; /* XXX */
channel_init_channels(ssh);
/* Parse command-line arguments. */
diff --git a/usr.bin/ssh/ssh_api.c b/usr.bin/ssh/ssh_api.c
index 3a25dd5ba23..c2e18dee704 100644
--- a/usr.bin/ssh/ssh_api.c
+++ b/usr.bin/ssh/ssh_api.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh_api.c,v 1.9 2018/12/27 03:25:25 djm Exp $ */
+/* $OpenBSD: ssh_api.c,v 1.10 2019/01/19 21:43:56 djm Exp $ */
/*
* Copyright (c) 2012 Markus Friedl. All rights reserved.
*
@@ -36,8 +36,8 @@ int _ssh_order_hostkeyalgs(struct ssh *);
int _ssh_verify_host_key(struct sshkey *, struct ssh *);
struct sshkey *_ssh_host_public_key(int, int, struct ssh *);
struct sshkey *_ssh_host_private_key(int, int, struct ssh *);
-int _ssh_host_key_sign(struct sshkey *, struct sshkey *,
- u_char **, size_t *, const u_char *, size_t, const char *, u_int);
+int _ssh_host_key_sign(struct ssh *, struct sshkey *, struct sshkey *,
+ u_char **, size_t *, const u_char *, size_t, const char *);
/*
* stubs for the server side implementation of kex.
@@ -539,9 +539,10 @@ _ssh_order_hostkeyalgs(struct ssh *ssh)
}
int
-_ssh_host_key_sign(struct sshkey *privkey, struct sshkey *pubkey,
- u_char **signature, size_t *slen, const u_char *data, size_t dlen,
- const char *alg, u_int compat)
+_ssh_host_key_sign(struct ssh *ssh, struct sshkey *privkey,
+ struct sshkey *pubkey, u_char **signature, size_t *slen,
+ const u_char *data, size_t dlen, const char *alg)
{
- return sshkey_sign(privkey, signature, slen, data, dlen, alg, compat);
+ return sshkey_sign(privkey, signature, slen, data, dlen,
+ alg, ssh->compat);
}
diff --git a/usr.bin/ssh/sshd.c b/usr.bin/ssh/sshd.c
index 9c508104717..21ddbb17029 100644
--- a/usr.bin/ssh/sshd.c
+++ b/usr.bin/ssh/sshd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.526 2019/01/19 21:43:07 djm Exp $ */
+/* $OpenBSD: sshd.c,v 1.527 2019/01/19 21:43:56 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -105,8 +105,6 @@
#include "version.h"
#include "ssherr.h"
-extern struct ssh *active_state; /* XXX move decl to this file */
-
/* Re-exec fds */
#define REEXEC_DEVCRYPTO_RESERVED_FD (STDERR_FILENO + 1)
#define REEXEC_STARTUP_PIPE_FD (STDERR_FILENO + 2)
@@ -205,8 +203,9 @@ int use_privsep = -1;
struct monitor *pmonitor = NULL;
int privsep_is_preauth = 1;
-/* global authentication context */
+/* global connection state and authentication contexts */
Authctxt *the_authctxt = NULL;
+struct ssh *the_active_state;
/* global key/cert auth options. XXX move to permanent ssh->authctxt? */
struct sshauthopt *auth_opts = NULL;
@@ -329,9 +328,11 @@ grace_alarm_handler(int sig)
kill(0, SIGTERM);
}
+ /* XXX pre-format ipaddr/port so we don't need to access active_state */
/* Log error and exit. */
sigdie("Timeout before authentication for %s port %d",
- ssh_remote_ipaddr(active_state), ssh_remote_port(active_state));
+ ssh_remote_ipaddr(the_active_state),
+ ssh_remote_port(the_active_state));
}
/* Destroy the host and server keys. They will no longer be needed. */
@@ -700,7 +701,7 @@ notify_hostkeys(struct ssh *ssh)
char *fp;
/* Some clients cannot cope with the hostkeys message, skip those. */
- if (datafellows & SSH_BUG_HOSTKEYS)
+ if (ssh->compat & SSH_BUG_HOSTKEYS)
return;
if ((buf = sshbuf_new()) == NULL)
@@ -1812,8 +1813,8 @@ main(int ac, char **av)
*/
if ((ssh = ssh_packet_set_connection(NULL, sock_in, sock_out)) == NULL)
fatal("Unable to create connection");
+ the_active_state = ssh;
ssh_packet_set_server(ssh);
- active_state = ssh; /* XXX needed elsewhere */
check_ip_options(ssh);
@@ -1903,7 +1904,7 @@ main(int ac, char **av)
* the current keystate and exits
*/
if (use_privsep) {
- mm_send_keystate(pmonitor);
+ mm_send_keystate(ssh, pmonitor);
ssh_packet_clear_keys(ssh);
exit(0);
}
@@ -1957,25 +1958,35 @@ main(int ac, char **av)
}
int
-sshd_hostkey_sign(struct sshkey *privkey, struct sshkey *pubkey,
- u_char **signature, size_t *slenp, const u_char *data, size_t dlen,
- const char *alg, u_int flag)
+sshd_hostkey_sign(struct ssh *ssh, struct sshkey *privkey,
+ struct sshkey *pubkey, u_char **signature, size_t *slenp,
+ const u_char *data, size_t dlen, const char *alg)
{
int r;
- if (privkey) {
- if (PRIVSEP(sshkey_sign(privkey, signature, slenp, data, dlen,
- alg, datafellows)) < 0)
- fatal("%s: key_sign failed", __func__);
- } else if (use_privsep) {
- if (mm_sshkey_sign(pubkey, signature, slenp, data, dlen,
- alg, datafellows) < 0)
- fatal("%s: pubkey_sign failed", __func__);
+ if (use_privsep) {
+ if (privkey) {
+ if (mm_sshkey_sign(ssh, privkey, signature, slenp,
+ data, dlen, alg, ssh->compat) < 0)
+ fatal("%s: privkey sign failed", __func__);
+ } else {
+ if (mm_sshkey_sign(ssh, pubkey, signature, slenp,
+ data, dlen, alg, ssh->compat) < 0)
+ fatal("%s: pubkey sign failed", __func__);
+ }
} else {
- if ((r = ssh_agent_sign(auth_sock, pubkey, signature, slenp,
- data, dlen, alg, datafellows)) != 0)
- fatal("%s: ssh_agent_sign failed: %s",
- __func__, ssh_err(r));
+ if (privkey) {
+ if (sshkey_sign(privkey, signature, slenp, data, dlen,
+ alg, ssh->compat) < 0)
+ fatal("%s: privkey sign failed", __func__);
+ } else {
+ if ((r = ssh_agent_sign(auth_sock, pubkey,
+ signature, slenp, data, dlen, alg,
+ ssh->compat)) != 0) {
+ fatal("%s: agent sign failed: %s",
+ __func__, ssh_err(r));
+ }
+ }
}
return 0;
}
@@ -2048,10 +2059,8 @@ do_ssh2_kex(struct ssh *ssh)
void
cleanup_exit(int i)
{
- struct ssh *ssh = active_state; /* XXX */
-
- if (the_authctxt) {
- do_cleanup(ssh, the_authctxt);
+ if (the_active_state != NULL && the_authctxt != NULL) {
+ do_cleanup(the_active_state, the_authctxt);
if (use_privsep && privsep_is_preauth &&
pmonitor != NULL && pmonitor->m_pid > 1) {
debug("Killing privsep child %d", pmonitor->m_pid);