diff options
-rw-r--r-- | usr.bin/ssh/auth.h | 10 | ||||
-rw-r--r-- | usr.bin/ssh/auth2-hostbased.c | 12 | ||||
-rw-r--r-- | usr.bin/ssh/kex.h | 6 | ||||
-rw-r--r-- | usr.bin/ssh/kexc25519s.c | 6 | ||||
-rw-r--r-- | usr.bin/ssh/kexdhs.c | 6 | ||||
-rw-r--r-- | usr.bin/ssh/kexecdhs.c | 6 | ||||
-rw-r--r-- | usr.bin/ssh/kexgexs.c | 6 | ||||
-rw-r--r-- | usr.bin/ssh/monitor.c | 8 | ||||
-rw-r--r-- | usr.bin/ssh/monitor.h | 3 | ||||
-rw-r--r-- | usr.bin/ssh/monitor_wrap.c | 15 | ||||
-rw-r--r-- | usr.bin/ssh/monitor_wrap.h | 11 | ||||
-rw-r--r-- | usr.bin/ssh/serverloop.c | 6 | ||||
-rw-r--r-- | usr.bin/ssh/ssh.c | 5 | ||||
-rw-r--r-- | usr.bin/ssh/ssh_api.c | 15 | ||||
-rw-r--r-- | usr.bin/ssh/sshd.c | 63 |
15 files changed, 90 insertions, 88 deletions
diff --git a/usr.bin/ssh/auth.h b/usr.bin/ssh/auth.h index 3a501fa2805..d443a1241dc 100644 --- a/usr.bin/ssh/auth.h +++ b/usr.bin/ssh/auth.h @@ -1,4 +1,4 @@ -/* $OpenBSD: auth.h,v 1.98 2019/01/19 21:41:18 djm Exp $ */ +/* $OpenBSD: auth.h,v 1.99 2019/01/19 21:43:56 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -123,8 +123,8 @@ auth_rhosts2(struct passwd *, const char *, const char *, const char *); int auth_password(struct ssh *, const char *); -int hostbased_key_allowed(struct passwd *, const char *, char *, - struct sshkey *); +int hostbased_key_allowed(struct ssh *, struct passwd *, + const char *, char *, struct sshkey *); int user_key_allowed(struct ssh *, struct passwd *, struct sshkey *, int, struct sshauthopt **); int auth2_key_already_used(Authctxt *, const struct sshkey *); @@ -189,8 +189,8 @@ struct sshkey *get_hostkey_public_by_index(int, struct ssh *); struct sshkey *get_hostkey_public_by_type(int, int, struct ssh *); struct sshkey *get_hostkey_private_by_type(int, int, struct ssh *); int get_hostkey_index(struct sshkey *, int, struct ssh *); -int sshd_hostkey_sign(struct sshkey *, struct sshkey *, u_char **, - size_t *, const u_char *, size_t, const char *, u_int); +int sshd_hostkey_sign(struct ssh *, struct sshkey *, struct sshkey *, + u_char **, size_t *, const u_char *, size_t, const char *); /* Key / cert options linkage to auth layer */ const struct sshauthopt *auth_options(struct ssh *); diff --git a/usr.bin/ssh/auth2-hostbased.c b/usr.bin/ssh/auth2-hostbased.c index a79a56c68a4..1484761a5b3 100644 --- a/usr.bin/ssh/auth2-hostbased.c +++ b/usr.bin/ssh/auth2-hostbased.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-hostbased.c,v 1.39 2019/01/19 21:31:32 djm Exp $ */ +/* $OpenBSD: auth2-hostbased.c,v 1.40 2019/01/19 21:43:56 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -50,8 +50,6 @@ #include "ssherr.h" #include "match.h" -extern struct ssh *active_state; /* XXX */ - /* import */ extern ServerOptions options; extern u_char *session_id2; @@ -148,7 +146,8 @@ userauth_hostbased(struct ssh *ssh) /* test for allowed key and correct signature */ authenticated = 0; - if (PRIVSEP(hostbased_key_allowed(authctxt->pw, cuser, chost, key)) && + if (PRIVSEP(hostbased_key_allowed(ssh, authctxt->pw, cuser, + chost, key)) && PRIVSEP(sshkey_verify(key, sig, slen, sshbuf_ptr(b), sshbuf_len(b), pkalg, ssh->compat)) == 0) authenticated = 1; @@ -168,10 +167,9 @@ done: /* return 1 if given hostkey is allowed */ int -hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost, - struct sshkey *key) +hostbased_key_allowed(struct ssh *ssh, struct passwd *pw, + const char *cuser, char *chost, struct sshkey *key) { - struct ssh *ssh = active_state; /* XXX */ const char *resolvedname, *ipaddr, *lookup, *reason; HostStatus host_status; int len; diff --git a/usr.bin/ssh/kex.h b/usr.bin/ssh/kex.h index 2e33d0f8448..7847aa2568a 100644 --- a/usr.bin/ssh/kex.h +++ b/usr.bin/ssh/kex.h @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.h,v 1.93 2018/12/27 03:25:25 djm Exp $ */ +/* $OpenBSD: kex.h,v 1.94 2019/01/19 21:43:56 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -140,8 +140,8 @@ struct kex { struct sshkey *(*load_host_public_key)(int, int, struct ssh *); struct sshkey *(*load_host_private_key)(int, int, struct ssh *); int (*host_key_index)(struct sshkey *, int, struct ssh *); - int (*sign)(struct sshkey *, struct sshkey *, u_char **, size_t *, - const u_char *, size_t, const char *, u_int); + int (*sign)(struct ssh *, struct sshkey *, struct sshkey *, + u_char **, size_t *, const u_char *, size_t, const char *); int (*kex[KEX_MAX])(struct ssh *); /* kex specific state */ DH *dh; /* DH */ diff --git a/usr.bin/ssh/kexc25519s.c b/usr.bin/ssh/kexc25519s.c index 88123a07f29..fc4f51d6503 100644 --- a/usr.bin/ssh/kexc25519s.c +++ b/usr.bin/ssh/kexc25519s.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexc25519s.c,v 1.12 2018/12/27 03:25:25 djm Exp $ */ +/* $OpenBSD: kexc25519s.c,v 1.13 2019/01/19 21:43:56 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * Copyright (c) 2010 Damien Miller. All rights reserved. @@ -131,8 +131,8 @@ input_kex_c25519_init(int type, u_int32_t seq, struct ssh *ssh) } /* sign H */ - if ((r = kex->sign(server_host_private, server_host_public, &signature, - &slen, hash, hashlen, kex->hostkey_alg, ssh->compat)) < 0) + if ((r = kex->sign(ssh, server_host_private, server_host_public, + &signature, &slen, hash, hashlen, kex->hostkey_alg)) < 0) goto out; /* send server hostkey, ECDH pubkey 'Q_S' and signed H */ diff --git a/usr.bin/ssh/kexdhs.c b/usr.bin/ssh/kexdhs.c index 502934c6e09..2956c0cebee 100644 --- a/usr.bin/ssh/kexdhs.c +++ b/usr.bin/ssh/kexdhs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexdhs.c,v 1.29 2018/12/27 03:25:25 djm Exp $ */ +/* $OpenBSD: kexdhs.c,v 1.30 2019/01/19 21:43:56 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -182,8 +182,8 @@ input_kex_dh_init(int type, u_int32_t seq, struct ssh *ssh) } /* sign H */ - if ((r = kex->sign(server_host_private, server_host_public, &signature, - &slen, hash, hashlen, kex->hostkey_alg, ssh->compat)) < 0) + if ((r = kex->sign(ssh, server_host_private, server_host_public, + &signature, &slen, hash, hashlen, kex->hostkey_alg)) < 0) goto out; /* destroy_sensitive_data(); */ diff --git a/usr.bin/ssh/kexecdhs.c b/usr.bin/ssh/kexecdhs.c index cc20d3ccb47..46883229d49 100644 --- a/usr.bin/ssh/kexecdhs.c +++ b/usr.bin/ssh/kexecdhs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexecdhs.c,v 1.18 2018/12/27 03:25:25 djm Exp $ */ +/* $OpenBSD: kexecdhs.c,v 1.19 2019/01/19 21:43:56 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * Copyright (c) 2010 Damien Miller. All rights reserved. @@ -164,8 +164,8 @@ input_kex_ecdh_init(int type, u_int32_t seq, struct ssh *ssh) } /* sign H */ - if ((r = kex->sign(server_host_private, server_host_public, &signature, - &slen, hash, hashlen, kex->hostkey_alg, ssh->compat)) < 0) + if ((r = kex->sign(ssh, server_host_private, server_host_public, + &signature, &slen, hash, hashlen, kex->hostkey_alg)) < 0) goto out; /* destroy_sensitive_data(); */ diff --git a/usr.bin/ssh/kexgexs.c b/usr.bin/ssh/kexgexs.c index 3589d009e72..146f5922e09 100644 --- a/usr.bin/ssh/kexgexs.c +++ b/usr.bin/ssh/kexgexs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexgexs.c,v 1.36 2018/12/27 03:25:25 djm Exp $ */ +/* $OpenBSD: kexgexs.c,v 1.37 2019/01/19 21:43:56 djm Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -216,8 +216,8 @@ input_kex_dh_gex_init(int type, u_int32_t seq, struct ssh *ssh) } /* sign H */ - if ((r = kex->sign(server_host_private, server_host_public, &signature, - &slen, hash, hashlen, kex->hostkey_alg, ssh->compat)) < 0) + if ((r = kex->sign(ssh, server_host_private, server_host_public, + &signature, &slen, hash, hashlen, kex->hostkey_alg)) < 0) goto out; /* destroy_sensitive_data(); */ diff --git a/usr.bin/ssh/monitor.c b/usr.bin/ssh/monitor.c index 35cb1da3094..8a536d40c39 100644 --- a/usr.bin/ssh/monitor.c +++ b/usr.bin/ssh/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.191 2019/01/19 21:43:07 djm Exp $ */ +/* $OpenBSD: monitor.c,v 1.192 2019/01/19 21:43:56 djm Exp $ */ /* * Copyright 2002 Niels Provos <provos@citi.umich.edu> * Copyright 2002 Markus Friedl <markus@openbsd.org> @@ -297,7 +297,7 @@ monitor_child_preauth(struct ssh *ssh, struct monitor *pmonitor) ssh->authctxt = NULL; ssh_packet_set_log_preamble(ssh, "user %s", authctxt->user); - mm_get_keystate(pmonitor); + mm_get_keystate(ssh, pmonitor); /* Drain any buffered messages from the child */ while (pmonitor->m_log_recvfd != -1 && monitor_read_log(pmonitor) == 0) @@ -951,7 +951,7 @@ mm_answer_keyallowed(struct ssh *ssh, int sock, struct sshbuf *m) if (!key_base_type_match(auth_method, key, options.hostbased_key_types)) break; - allowed = hostbased_key_allowed(authctxt->pw, + allowed = hostbased_key_allowed(ssh, authctxt->pw, cuser, chost, key); auth2_record_info(authctxt, "client user \"%.100s\", client host \"%.100s\"", @@ -1401,7 +1401,7 @@ monitor_apply_keystate(struct ssh *ssh, struct monitor *pmonitor) /* This function requries careful sanity checking */ void -mm_get_keystate(struct monitor *pmonitor) +mm_get_keystate(struct ssh *ssh, struct monitor *pmonitor) { debug3("%s: Waiting for new keys", __func__); diff --git a/usr.bin/ssh/monitor.h b/usr.bin/ssh/monitor.h index 5860f31d976..15402c409af 100644 --- a/usr.bin/ssh/monitor.h +++ b/usr.bin/ssh/monitor.h @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.h,v 1.22 2019/01/19 21:43:07 djm Exp $ */ +/* $OpenBSD: monitor.h,v 1.23 2019/01/19 21:43:56 djm Exp $ */ /* * Copyright 2002 Niels Provos <provos@citi.umich.edu> @@ -83,5 +83,6 @@ void monitor_apply_keystate(struct ssh *, struct monitor *); void mm_request_send(int, enum monitor_reqtype, struct sshbuf *); void mm_request_receive(int, struct sshbuf *); void mm_request_receive_expect(int, enum monitor_reqtype, struct sshbuf *); +void mm_get_keystate(struct ssh *, struct monitor *); #endif /* _MONITOR_H_ */ diff --git a/usr.bin/ssh/monitor_wrap.c b/usr.bin/ssh/monitor_wrap.c index 3c5134dd0f4..ac887e9cecb 100644 --- a/usr.bin/ssh/monitor_wrap.c +++ b/usr.bin/ssh/monitor_wrap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_wrap.c,v 1.110 2019/01/19 21:43:07 djm Exp $ */ +/* $OpenBSD: monitor_wrap.c,v 1.111 2019/01/19 21:43:56 djm Exp $ */ /* * Copyright 2002 Niels Provos <provos@citi.umich.edu> * Copyright 2002 Markus Friedl <markus@openbsd.org> @@ -71,8 +71,6 @@ #include "ssherr.h" -extern struct ssh *active_state; /* XXX */ - /* Imports */ extern struct monitor *pmonitor; extern struct sshbuf *loginmsg; @@ -215,12 +213,12 @@ mm_choose_dh(int min, int nbits, int max) #endif int -mm_sshkey_sign(struct sshkey *key, u_char **sigp, size_t *lenp, +mm_sshkey_sign(struct ssh *ssh, struct sshkey *key, u_char **sigp, size_t *lenp, const u_char *data, size_t datalen, const char *hostkey_alg, u_int compat) { struct kex *kex = *pmonitor->m_pkex; struct sshbuf *m; - u_int ndx = kex->host_key_index(key, 0, active_state); + u_int ndx = kex->host_key_index(key, 0, ssh); int r; debug3("%s entering", __func__); @@ -420,8 +418,8 @@ mm_user_key_allowed(struct ssh *ssh, struct passwd *pw, struct sshkey *key, } int -mm_hostbased_key_allowed(struct passwd *pw, const char *user, const char *host, - struct sshkey *key) +mm_hostbased_key_allowed(struct ssh *ssh, struct passwd *pw, + const char *user, const char *host, struct sshkey *key) { return (mm_key_allowed(MM_HOSTKEY, user, host, key, 0, NULL)); } @@ -514,9 +512,8 @@ mm_sshkey_verify(const struct sshkey *key, const u_char *sig, size_t siglen, } void -mm_send_keystate(struct monitor *monitor) +mm_send_keystate(struct ssh *ssh, struct monitor *monitor) { - struct ssh *ssh = active_state; /* XXX */ struct sshbuf *m; int r; diff --git a/usr.bin/ssh/monitor_wrap.h b/usr.bin/ssh/monitor_wrap.h index d5bb10f92e2..e5c30227404 100644 --- a/usr.bin/ssh/monitor_wrap.h +++ b/usr.bin/ssh/monitor_wrap.h @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_wrap.h,v 1.40 2019/01/19 21:43:07 djm Exp $ */ +/* $OpenBSD: monitor_wrap.h,v 1.41 2019/01/19 21:43:56 djm Exp $ */ /* * Copyright 2002 Niels Provos <provos@citi.umich.edu> @@ -42,8 +42,8 @@ struct sshauthopt; void mm_log_handler(LogLevel, const char *, void *); int mm_is_monitor(void); DH *mm_choose_dh(int, int, int); -int mm_sshkey_sign(struct sshkey *, u_char **, size_t *, const u_char *, size_t, - const char *, u_int compat); +int mm_sshkey_sign(struct ssh *, struct sshkey *, u_char **, size_t *, + const u_char *, size_t, const char *, u_int compat); void mm_inform_authserv(char *, char *); struct passwd *mm_getpwnamallow(struct ssh *, const char *); char *mm_auth2_read_banner(void); @@ -52,7 +52,7 @@ int mm_key_allowed(enum mm_keytype, const char *, const char *, struct sshkey *, int, struct sshauthopt **); int mm_user_key_allowed(struct ssh *, struct passwd *, struct sshkey *, int, struct sshauthopt **); -int mm_hostbased_key_allowed(struct passwd *, const char *, +int mm_hostbased_key_allowed(struct ssh *, struct passwd *, const char *, const char *, struct sshkey *); int mm_sshkey_verify(const struct sshkey *, const u_char *, size_t, const u_char *, size_t, const char *, u_int); @@ -74,8 +74,7 @@ void mm_session_pty_cleanup2(struct Session *); struct newkeys *mm_newkeys_from_blob(u_char *, int); int mm_newkeys_to_blob(int, u_char **, u_int *); -void mm_get_keystate(struct monitor *); -void mm_send_keystate(struct monitor*); +void mm_send_keystate(struct ssh *, struct monitor*); /* bsdauth */ int mm_bsdauth_query(void *, char **, char **, u_int *, char ***, u_int **); diff --git a/usr.bin/ssh/serverloop.c b/usr.bin/ssh/serverloop.c index dda8d8d67c5..2f38e54ae0a 100644 --- a/usr.bin/ssh/serverloop.c +++ b/usr.bin/ssh/serverloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: serverloop.c,v 1.211 2019/01/19 21:40:48 djm Exp $ */ +/* $OpenBSD: serverloop.c,v 1.212 2019/01/19 21:43:56 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -772,9 +772,9 @@ server_input_hostkeys_prove(struct ssh *ssh, struct sshbuf **respp) (r = sshbuf_put_string(sigbuf, ssh->kex->session_id, ssh->kex->session_id_len)) != 0 || (r = sshkey_puts(key, sigbuf)) != 0 || - (r = ssh->kex->sign(key_prv, key_pub, &sig, &slen, + (r = ssh->kex->sign(ssh, key_prv, key_pub, &sig, &slen, sshbuf_ptr(sigbuf), sshbuf_len(sigbuf), - use_kexsigtype ? ssh->kex->hostkey_alg : NULL, 0)) != 0 || + use_kexsigtype ? ssh->kex->hostkey_alg : NULL)) != 0 || (r = sshbuf_put_string(resp, sig, slen)) != 0) { error("%s: couldn't prepare signature: %s", __func__, ssh_err(r)); diff --git a/usr.bin/ssh/ssh.c b/usr.bin/ssh/ssh.c index 151428dc128..15c4eb3bcef 100644 --- a/usr.bin/ssh/ssh.c +++ b/usr.bin/ssh/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.499 2019/01/19 21:36:06 djm Exp $ */ +/* $OpenBSD: ssh.c,v 1.500 2019/01/19 21:43:56 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -102,8 +102,6 @@ #include "ssh-pkcs11.h" #endif -extern struct ssh *active_state; /* XXX remove after sshconnect2.c updated */ - extern char *__progname; /* Flag indicating whether debug mode is on. May be set on the command line. */ @@ -626,7 +624,6 @@ main(int ac, char **av) */ if ((ssh = ssh_alloc_session_state()) == NULL) fatal("Couldn't allocate session state"); - active_state = ssh; /* XXX */ channel_init_channels(ssh); /* Parse command-line arguments. */ diff --git a/usr.bin/ssh/ssh_api.c b/usr.bin/ssh/ssh_api.c index 3a25dd5ba23..c2e18dee704 100644 --- a/usr.bin/ssh/ssh_api.c +++ b/usr.bin/ssh/ssh_api.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh_api.c,v 1.9 2018/12/27 03:25:25 djm Exp $ */ +/* $OpenBSD: ssh_api.c,v 1.10 2019/01/19 21:43:56 djm Exp $ */ /* * Copyright (c) 2012 Markus Friedl. All rights reserved. * @@ -36,8 +36,8 @@ int _ssh_order_hostkeyalgs(struct ssh *); int _ssh_verify_host_key(struct sshkey *, struct ssh *); struct sshkey *_ssh_host_public_key(int, int, struct ssh *); struct sshkey *_ssh_host_private_key(int, int, struct ssh *); -int _ssh_host_key_sign(struct sshkey *, struct sshkey *, - u_char **, size_t *, const u_char *, size_t, const char *, u_int); +int _ssh_host_key_sign(struct ssh *, struct sshkey *, struct sshkey *, + u_char **, size_t *, const u_char *, size_t, const char *); /* * stubs for the server side implementation of kex. @@ -539,9 +539,10 @@ _ssh_order_hostkeyalgs(struct ssh *ssh) } int -_ssh_host_key_sign(struct sshkey *privkey, struct sshkey *pubkey, - u_char **signature, size_t *slen, const u_char *data, size_t dlen, - const char *alg, u_int compat) +_ssh_host_key_sign(struct ssh *ssh, struct sshkey *privkey, + struct sshkey *pubkey, u_char **signature, size_t *slen, + const u_char *data, size_t dlen, const char *alg) { - return sshkey_sign(privkey, signature, slen, data, dlen, alg, compat); + return sshkey_sign(privkey, signature, slen, data, dlen, + alg, ssh->compat); } diff --git a/usr.bin/ssh/sshd.c b/usr.bin/ssh/sshd.c index 9c508104717..21ddbb17029 100644 --- a/usr.bin/ssh/sshd.c +++ b/usr.bin/ssh/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.526 2019/01/19 21:43:07 djm Exp $ */ +/* $OpenBSD: sshd.c,v 1.527 2019/01/19 21:43:56 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -105,8 +105,6 @@ #include "version.h" #include "ssherr.h" -extern struct ssh *active_state; /* XXX move decl to this file */ - /* Re-exec fds */ #define REEXEC_DEVCRYPTO_RESERVED_FD (STDERR_FILENO + 1) #define REEXEC_STARTUP_PIPE_FD (STDERR_FILENO + 2) @@ -205,8 +203,9 @@ int use_privsep = -1; struct monitor *pmonitor = NULL; int privsep_is_preauth = 1; -/* global authentication context */ +/* global connection state and authentication contexts */ Authctxt *the_authctxt = NULL; +struct ssh *the_active_state; /* global key/cert auth options. XXX move to permanent ssh->authctxt? */ struct sshauthopt *auth_opts = NULL; @@ -329,9 +328,11 @@ grace_alarm_handler(int sig) kill(0, SIGTERM); } + /* XXX pre-format ipaddr/port so we don't need to access active_state */ /* Log error and exit. */ sigdie("Timeout before authentication for %s port %d", - ssh_remote_ipaddr(active_state), ssh_remote_port(active_state)); + ssh_remote_ipaddr(the_active_state), + ssh_remote_port(the_active_state)); } /* Destroy the host and server keys. They will no longer be needed. */ @@ -700,7 +701,7 @@ notify_hostkeys(struct ssh *ssh) char *fp; /* Some clients cannot cope with the hostkeys message, skip those. */ - if (datafellows & SSH_BUG_HOSTKEYS) + if (ssh->compat & SSH_BUG_HOSTKEYS) return; if ((buf = sshbuf_new()) == NULL) @@ -1812,8 +1813,8 @@ main(int ac, char **av) */ if ((ssh = ssh_packet_set_connection(NULL, sock_in, sock_out)) == NULL) fatal("Unable to create connection"); + the_active_state = ssh; ssh_packet_set_server(ssh); - active_state = ssh; /* XXX needed elsewhere */ check_ip_options(ssh); @@ -1903,7 +1904,7 @@ main(int ac, char **av) * the current keystate and exits */ if (use_privsep) { - mm_send_keystate(pmonitor); + mm_send_keystate(ssh, pmonitor); ssh_packet_clear_keys(ssh); exit(0); } @@ -1957,25 +1958,35 @@ main(int ac, char **av) } int -sshd_hostkey_sign(struct sshkey *privkey, struct sshkey *pubkey, - u_char **signature, size_t *slenp, const u_char *data, size_t dlen, - const char *alg, u_int flag) +sshd_hostkey_sign(struct ssh *ssh, struct sshkey *privkey, + struct sshkey *pubkey, u_char **signature, size_t *slenp, + const u_char *data, size_t dlen, const char *alg) { int r; - if (privkey) { - if (PRIVSEP(sshkey_sign(privkey, signature, slenp, data, dlen, - alg, datafellows)) < 0) - fatal("%s: key_sign failed", __func__); - } else if (use_privsep) { - if (mm_sshkey_sign(pubkey, signature, slenp, data, dlen, - alg, datafellows) < 0) - fatal("%s: pubkey_sign failed", __func__); + if (use_privsep) { + if (privkey) { + if (mm_sshkey_sign(ssh, privkey, signature, slenp, + data, dlen, alg, ssh->compat) < 0) + fatal("%s: privkey sign failed", __func__); + } else { + if (mm_sshkey_sign(ssh, pubkey, signature, slenp, + data, dlen, alg, ssh->compat) < 0) + fatal("%s: pubkey sign failed", __func__); + } } else { - if ((r = ssh_agent_sign(auth_sock, pubkey, signature, slenp, - data, dlen, alg, datafellows)) != 0) - fatal("%s: ssh_agent_sign failed: %s", - __func__, ssh_err(r)); + if (privkey) { + if (sshkey_sign(privkey, signature, slenp, data, dlen, + alg, ssh->compat) < 0) + fatal("%s: privkey sign failed", __func__); + } else { + if ((r = ssh_agent_sign(auth_sock, pubkey, + signature, slenp, data, dlen, alg, + ssh->compat)) != 0) { + fatal("%s: agent sign failed: %s", + __func__, ssh_err(r)); + } + } } return 0; } @@ -2048,10 +2059,8 @@ do_ssh2_kex(struct ssh *ssh) void cleanup_exit(int i) { - struct ssh *ssh = active_state; /* XXX */ - - if (the_authctxt) { - do_cleanup(ssh, the_authctxt); + if (the_active_state != NULL && the_authctxt != NULL) { + do_cleanup(the_active_state, the_authctxt); if (use_privsep && privsep_is_preauth && pmonitor != NULL && pmonitor->m_pid > 1) { debug("Killing privsep child %d", pmonitor->m_pid); |