diff options
Diffstat (limited to 'usr.bin')
66 files changed, 2369 insertions, 2767 deletions
diff --git a/usr.bin/ssh/addrmatch.c b/usr.bin/ssh/addrmatch.c index ee1f1708c99..db9d83f4218 100644 --- a/usr.bin/ssh/addrmatch.c +++ b/usr.bin/ssh/addrmatch.c @@ -1,4 +1,4 @@ -/* $OpenBSD: addrmatch.c,v 1.14 2018/07/31 03:07:24 djm Exp $ */ +/* $OpenBSD: addrmatch.c,v 1.15 2020/10/18 11:32:01 djm Exp $ */ /* * Copyright (c) 2004-2008 Damien Miller <djm@mindrot.org> @@ -377,7 +377,7 @@ addr_match_list(const char *addr, const char *_list) int ret = 0, r; if (addr != NULL && addr_pton(addr, &try_addr) != 0) { - debug2("%s: couldn't parse address %.100s", __func__, addr); + debug2_f("couldn't parse address %.100s", addr); return 0; } if ((o = list = strdup(_list)) == NULL) @@ -393,8 +393,8 @@ addr_match_list(const char *addr, const char *_list) /* Prefer CIDR address matching */ r = addr_pton_cidr(cp, &match_addr, &masklen); if (r == -2) { - debug2("%s: inconsistent mask length for " - "match network \"%.100s\"", __func__, cp); + debug2_f("inconsistent mask length for " + "match network \"%.100s\"", cp); ret = -2; break; } else if (r == 0) { @@ -437,15 +437,14 @@ addr_match_cidr_list(const char *addr, const char *_list) int ret = 0, r; if (addr != NULL && addr_pton(addr, &try_addr) != 0) { - debug2("%s: couldn't parse address %.100s", __func__, addr); + debug2_f("couldn't parse address %.100s", addr); return 0; } if ((o = list = strdup(_list)) == NULL) return -1; while ((cp = strsep(&list, ",")) != NULL) { if (*cp == '\0') { - error("%s: empty entry in list \"%.100s\"", - __func__, o); + error_f("empty entry in list \"%.100s\"", o); ret = -1; break; } @@ -458,15 +457,14 @@ addr_match_cidr_list(const char *addr, const char *_list) /* Stop junk from reaching getaddrinfo. +3 is for masklen */ if (strlen(cp) > INET6_ADDRSTRLEN + 3) { - error("%s: list entry \"%.100s\" too long", - __func__, cp); + error_f("list entry \"%.100s\" too long", cp); ret = -1; break; } #define VALID_CIDR_CHARS "0123456789abcdefABCDEF.:/" if (strspn(cp, VALID_CIDR_CHARS) != strlen(cp)) { - error("%s: list entry \"%.100s\" contains invalid " - "characters", __func__, cp); + error_f("list entry \"%.100s\" contains invalid " + "characters", cp); ret = -1; } diff --git a/usr.bin/ssh/auth-options.c b/usr.bin/ssh/auth-options.c index e30e4c3ecc6..a81b2e62e1f 100644 --- a/usr.bin/ssh/auth-options.c +++ b/usr.bin/ssh/auth-options.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-options.c,v 1.93 2020/08/27 01:07:09 djm Exp $ */ +/* $OpenBSD: auth-options.c,v 1.94 2020/10/18 11:32:01 djm Exp $ */ /* * Copyright (c) 2018 Damien Miller <djm@mindrot.org> * @@ -76,7 +76,7 @@ cert_option_list(struct sshauthopt *opts, struct sshbuf *oblob, int r, ret = -1, found; if ((c = sshbuf_fromb(oblob)) == NULL) { - error("%s: sshbuf_fromb failed", __func__); + error_f("sshbuf_fromb failed"); goto out; } @@ -85,8 +85,7 @@ cert_option_list(struct sshauthopt *opts, struct sshbuf *oblob, data = NULL; if ((r = sshbuf_get_cstring(c, &name, NULL)) != 0 || (r = sshbuf_froms(c, &data)) != 0) { - error("Unable to parse certificate options: %s", - ssh_err(r)); + error_r(r, "Unable to parse certificate options"); goto out; } debug3("found certificate option \"%.100s\" len %zu", @@ -122,8 +121,8 @@ cert_option_list(struct sshauthopt *opts, struct sshbuf *oblob, } else if (strcmp(name, "force-command") == 0) { if ((r = sshbuf_get_cstring(data, &command, NULL)) != 0) { - error("Unable to parse \"%s\" " - "section: %s", name, ssh_err(r)); + error_r(r, "Unable to parse \"%s\" " + "section", name); goto out; } if (opts->force_command != NULL) { @@ -137,8 +136,8 @@ cert_option_list(struct sshauthopt *opts, struct sshbuf *oblob, } else if (strcmp(name, "source-address") == 0) { if ((r = sshbuf_get_cstring(data, &allowed, NULL)) != 0) { - error("Unable to parse \"%s\" " - "section: %s", name, ssh_err(r)); + error_r(r, "Unable to parse \"%s\" " + "section", name); goto out; } if (opts->required_from_host_cert != NULL) { diff --git a/usr.bin/ssh/auth-passwd.c b/usr.bin/ssh/auth-passwd.c index 1fd69b7f48e..4a79c75397d 100644 --- a/usr.bin/ssh/auth-passwd.c +++ b/usr.bin/ssh/auth-passwd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-passwd.c,v 1.47 2018/07/09 21:26:02 markus Exp $ */ +/* $OpenBSD: auth-passwd.c,v 1.48 2020/10/18 11:32:01 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -116,14 +116,14 @@ warn_expiry(Authctxt *authctxt, auth_session_t *as) if ((r = sshbuf_putf(loginmsg, "Your password will expire in %lld day%s.\n", daysleft, daysleft == 1 ? "" : "s")) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "buffer error"); } if (actimeleft != 0 && actimeleft < acwarntime) { daysleft = actimeleft / DAY + 1; if ((r = sshbuf_putf(loginmsg, "Your account will expire in %lld day%s.\n", daysleft, daysleft == 1 ? "" : "s")) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "buffer error"); } } diff --git a/usr.bin/ssh/auth-rhosts.c b/usr.bin/ssh/auth-rhosts.c index 89d3f2ae35e..f78f519bde1 100644 --- a/usr.bin/ssh/auth-rhosts.c +++ b/usr.bin/ssh/auth-rhosts.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-rhosts.c,v 1.52 2020/04/17 03:30:05 djm Exp $ */ +/* $OpenBSD: auth-rhosts.c,v 1.53 2020/10/18 11:32:01 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -219,7 +219,7 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname, if (!rhosts_files[rhosts_file_index] && stat(_PATH_RHOSTS_EQUIV, &st) == -1 && stat(_PATH_SSH_HOSTS_EQUIV, &st) == -1) { - debug3("%s: no hosts access files exist", __func__); + debug3_f("no hosts access files exist"); return 0; } @@ -228,7 +228,7 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname, * shosts.equiv. */ if (pw->pw_uid == 0) - debug3("%s: root user, ignoring system hosts files", __func__); + debug3_f("root user, ignoring system hosts files"); else { if (check_rhosts_file(_PATH_RHOSTS_EQUIV, hostname, ipaddr, client_user, pw->pw_name)) { diff --git a/usr.bin/ssh/auth.c b/usr.bin/ssh/auth.c index f5e9175acbd..886ec7dca26 100644 --- a/usr.bin/ssh/auth.c +++ b/usr.bin/ssh/auth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth.c,v 1.148 2020/10/16 13:26:13 djm Exp $ */ +/* $OpenBSD: auth.c,v 1.149 2020/10/18 11:32:01 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -402,10 +402,10 @@ check_key_in_hostfiles(struct passwd *pw, struct sshkey *key, const char *host, error("WARNING: revoked key for %s attempted authentication", host); else if (host_status == HOST_OK) - debug("%s: key for %s found at %s:%ld", __func__, + debug_f("key for %s found at %s:%ld", found->host, found->file, found->line); else - debug("%s: key for host %s not found", __func__, host); + debug_f("key for host %s not found", host); free_hostkeys(hostkeys); @@ -522,7 +522,7 @@ auth_key_is_revoked(struct sshkey *key) if ((fp = sshkey_fingerprint(key, options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) { r = SSH_ERR_ALLOC_FAIL; - error("%s: fingerprint key: %s", __func__, ssh_err(r)); + error_fr(r, "fingerprint key"); goto out; } @@ -535,9 +535,9 @@ auth_key_is_revoked(struct sshkey *key) sshkey_type(key), fp, options.revoked_keys_file); goto out; default: - error("Error checking authentication key %s %s in " - "revoked keys file %s: %s", sshkey_type(key), fp, - options.revoked_keys_file, ssh_err(r)); + error_r(r, "Error checking authentication key %s %s in " + "revoked keys file %s", sshkey_type(key), fp, + options.revoked_keys_file); goto out; } @@ -563,7 +563,7 @@ auth_debug_add(const char *fmt,...) vsnprintf(buf, sizeof(buf), fmt, args); va_end(args); if ((r = sshbuf_put_cstring(auth_debug, buf)) != 0) - fatal("%s: sshbuf_put_cstring: %s", __func__, ssh_err(r)); + fatal_fr(r, "sshbuf_put_cstring"); } void @@ -576,8 +576,7 @@ auth_debug_send(struct ssh *ssh) return; while (sshbuf_len(auth_debug) != 0) { if ((r = sshbuf_get_cstring(auth_debug, &msg, NULL)) != 0) - fatal("%s: sshbuf_get_cstring: %s", - __func__, ssh_err(r)); + fatal_fr(r, "sshbuf_get_cstring"); ssh_packet_send_debug(ssh, "%s", msg); free(msg); } @@ -589,7 +588,7 @@ auth_debug_reset(void) if (auth_debug != NULL) sshbuf_reset(auth_debug); else if ((auth_debug = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); } struct passwd * @@ -745,17 +744,17 @@ subprocess(const char *tag, struct passwd *pw, const char *command, if (child != NULL) *child = NULL; - debug3("%s: %s command \"%s\" running as %s (flags 0x%x)", __func__, + debug3_f("%s command \"%s\" running as %s (flags 0x%x)", tag, command, pw->pw_name, flags); /* Check consistency */ if ((flags & SSH_SUBPROCESS_STDOUT_DISCARD) != 0 && (flags & SSH_SUBPROCESS_STDOUT_CAPTURE) != 0) { - error("%s: inconsistent flags", __func__); + error_f("inconsistent flags"); return 0; } if (((flags & SSH_SUBPROCESS_STDOUT_CAPTURE) == 0) != (child == NULL)) { - error("%s: inconsistent flags/output", __func__); + error_f("inconsistent flags/output"); return 0; } @@ -867,7 +866,7 @@ subprocess(const char *tag, struct passwd *pw, const char *command, return 0; } /* Success */ - debug3("%s: %s pid %ld", __func__, tag, (long)pid); + debug3_f("%s pid %ld", tag, (long)pid); if (child != NULL) *child = f; return pid; @@ -952,7 +951,7 @@ auth_activate_options(struct ssh *ssh, struct sshauthopt *opts) struct sshauthopt *old = auth_opts; const char *emsg = NULL; - debug("%s: setting new authentication options", __func__); + debug_f("setting new authentication options"); if ((auth_opts = sshauthopt_merge(old, opts, &emsg)) == NULL) { error("Inconsistent authentication options: %s", emsg); return -1; @@ -966,7 +965,7 @@ auth_restrict_session(struct ssh *ssh) { struct sshauthopt *restricted; - debug("%s: restricting session", __func__); + debug_f("restricting session"); /* A blank sshauthopt defaults to permitting nothing */ restricted = sshauthopt_new(); @@ -974,7 +973,7 @@ auth_restrict_session(struct ssh *ssh) restricted->restricted = 1; if (auth_activate_options(ssh, restricted) != 0) - fatal("%s: failed to restrict session", __func__); + fatal_f("failed to restrict session"); sshauthopt_free(restricted); } @@ -1049,8 +1048,7 @@ auth_authorise_keyopts(struct ssh *ssh, struct passwd *pw, case -1: default: /* invalid */ - error("%s: Certificate source-address invalid", - loc); + error("%s: Certificate source-address invalid", loc); /* FALLTHROUGH */ case 0: logit("%s: Authentication tried for %.100s with valid " diff --git a/usr.bin/ssh/auth2-chall.c b/usr.bin/ssh/auth2-chall.c index b5f3d6c8629..665ba79518f 100644 --- a/usr.bin/ssh/auth2-chall.c +++ b/usr.bin/ssh/auth2-chall.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-chall.c,v 1.53 2020/02/26 13:40:09 jsg Exp $ */ +/* $OpenBSD: auth2-chall.c,v 1.54 2020/10/18 11:32:01 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * Copyright (c) 2001 Per Allansson. All rights reserved. @@ -73,15 +73,14 @@ kbdint_alloc(const char *devs) kbdintctxt = xcalloc(1, sizeof(KbdintAuthctxt)); if (strcmp(devs, "") == 0) { if ((b = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); for (i = 0; devices[i]; i++) { if ((r = sshbuf_putf(b, "%s%s", sshbuf_len(b) ? "," : "", devices[i]->name)) != 0) - fatal("%s: buffer error: %s", - __func__, ssh_err(r)); + fatal_fr(r, "buffer error"); } if ((kbdintctxt->devices = sshbuf_dup_string(b)) == NULL) - fatal("%s: sshbuf_dup_string failed", __func__); + fatal_f("sshbuf_dup_string failed"); sshbuf_free(b); } else { kbdintctxt->devices = xstrdup(devs); @@ -229,15 +228,15 @@ send_userauth_info_request(struct ssh *ssh) (r = sshpkt_put_cstring(ssh, instr)) != 0 || (r = sshpkt_put_cstring(ssh, "")) != 0 || /* language not used */ (r = sshpkt_put_u32(ssh, kbdintctxt->nreq)) != 0) - fatal("%s: %s", __func__, ssh_err(r)); + fatal_fr(r, "start packet"); for (i = 0; i < kbdintctxt->nreq; i++) { if ((r = sshpkt_put_cstring(ssh, prompts[i])) != 0 || (r = sshpkt_put_u8(ssh, echo_on[i])) != 0) - fatal("%s: %s", __func__, ssh_err(r)); + fatal_fr(r, "assemble packet"); } if ((r = sshpkt_send(ssh)) != 0 || (r = ssh_packet_write_wait(ssh)) != 0) - fatal("%s: %s", __func__, ssh_err(r)); + fatal_fr(r, "send packet"); for (i = 0; i < kbdintctxt->nreq; i++) free(prompts[i]); @@ -260,29 +259,29 @@ input_userauth_info_response(int type, u_int32_t seq, struct ssh *ssh) char **response = NULL; if (authctxt == NULL) - fatal("input_userauth_info_response: no authctxt"); + fatal_f("no authctxt"); kbdintctxt = authctxt->kbdintctxt; if (kbdintctxt == NULL || kbdintctxt->ctxt == NULL) - fatal("input_userauth_info_response: no kbdintctxt"); + fatal_f("no kbdintctxt"); if (kbdintctxt->device == NULL) - fatal("input_userauth_info_response: no device"); + fatal_f("no device"); authctxt->postponed = 0; /* reset */ if ((r = sshpkt_get_u32(ssh, &nresp)) != 0) - fatal("%s: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse packet"); if (nresp != kbdintctxt->nreq) - fatal("input_userauth_info_response: wrong number of replies"); + fatal_f("wrong number of replies"); if (nresp > 100) - fatal("input_userauth_info_response: too many replies"); + fatal_f("too many replies"); if (nresp > 0) { response = xcalloc(nresp, sizeof(char *)); - for (i = 0; i < nresp; i++) - if ((r = sshpkt_get_cstring(ssh, &response[i], - NULL)) != 0) - fatal("%s: %s", __func__, ssh_err(r)); + for (i = 0; i < nresp; i++) { + if ((r = sshpkt_get_cstring(ssh, &response[i], NULL)) != 0) + fatal_fr(r, "parse response"); + } } if ((r = sshpkt_get_end(ssh)) != 0) - fatal("%s: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse packet"); res = kbdintctxt->device->respond(kbdintctxt->ctxt, nresp, response); diff --git a/usr.bin/ssh/auth2-gss.c b/usr.bin/ssh/auth2-gss.c index c919ef4c353..1c63e0508de 100644 --- a/usr.bin/ssh/auth2-gss.c +++ b/usr.bin/ssh/auth2-gss.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-gss.c,v 1.29 2018/07/31 03:10:27 djm Exp $ */ +/* $OpenBSD: auth2-gss.c,v 1.30 2020/10/18 11:32:01 djm Exp $ */ /* * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. @@ -66,7 +66,7 @@ userauth_gssapi(struct ssh *ssh) u_char *doid = NULL; if ((r = sshpkt_get_u32(ssh, &mechs)) != 0) - fatal("%s: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse packet"); if (mechs == 0) { debug("Mechanism negotiation is not supported"); @@ -80,7 +80,7 @@ userauth_gssapi(struct ssh *ssh) present = 0; if ((r = sshpkt_get_string(ssh, &doid, &len)) != 0) - fatal("%s: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse oid"); if (len > 2 && doid[0] == SSH_GSS_OIDTYPE && doid[1] == len - 2) { @@ -99,7 +99,7 @@ userauth_gssapi(struct ssh *ssh) } if (!authctxt->valid || authctxt->user == NULL) { - debug2("%s: disabled because of invalid user", __func__); + debug2_f("disabled because of invalid user"); free(doid); return (0); } @@ -118,7 +118,7 @@ userauth_gssapi(struct ssh *ssh) if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_GSSAPI_RESPONSE)) != 0 || (r = sshpkt_put_string(ssh, doid, len)) != 0 || (r = sshpkt_send(ssh)) != 0) - fatal("%s: %s", __func__, ssh_err(r)); + fatal_fr(r, "send packet"); free(doid); @@ -147,7 +147,7 @@ input_gssapi_token(int type, u_int32_t plen, struct ssh *ssh) gssctxt = authctxt->methoddata; if ((r = sshpkt_get_string(ssh, &p, &len)) != 0 || (r = sshpkt_get_end(ssh)) != 0) - fatal("%s: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse packet"); recv_tok.value = p; recv_tok.length = len; @@ -163,7 +163,7 @@ input_gssapi_token(int type, u_int32_t plen, struct ssh *ssh) (r = sshpkt_put_string(ssh, send_tok.value, send_tok.length)) != 0 || (r = sshpkt_send(ssh)) != 0) - fatal("%s: %s", __func__, ssh_err(r)); + fatal_fr(r, "send ERRTOK packet"); } authctxt->postponed = 0; ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL); @@ -175,7 +175,7 @@ input_gssapi_token(int type, u_int32_t plen, struct ssh *ssh) (r = sshpkt_put_string(ssh, send_tok.value, send_tok.length)) != 0 || (r = sshpkt_send(ssh)) != 0) - fatal("%s: %s", __func__, ssh_err(r)); + fatal_fr(r, "send TOKEN packet"); } if (maj_status == GSS_S_COMPLETE) { ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL); @@ -211,7 +211,7 @@ input_gssapi_errtok(int type, u_int32_t plen, struct ssh *ssh) gssctxt = authctxt->methoddata; if ((r = sshpkt_get_string(ssh, &p, &len)) != 0 || (r = sshpkt_get_end(ssh)) != 0) - fatal("%s: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse packet"); recv_tok.value = p; recv_tok.length = len; @@ -253,7 +253,7 @@ input_gssapi_exchange_complete(int type, u_int32_t plen, struct ssh *ssh) */ if ((r = sshpkt_get_end(ssh)) != 0) - fatal("%s: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse packet"); authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user)); @@ -288,16 +288,16 @@ input_gssapi_mic(int type, u_int32_t plen, struct ssh *ssh) gssctxt = authctxt->methoddata; if ((r = sshpkt_get_string(ssh, &p, &len)) != 0) - fatal("%s: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse packet"); if ((b = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); mic.value = p; mic.length = len; ssh_gssapi_buildmic(b, authctxt->user, authctxt->service, "gssapi-with-mic"); if ((gssbuf.value = sshbuf_mutable_ptr(b)) == NULL) - fatal("%s: sshbuf_mutable_ptr failed", __func__); + fatal_f("sshbuf_mutable_ptr failed"); gssbuf.length = sshbuf_len(b); if (!GSS_ERROR(PRIVSEP(ssh_gssapi_checkmic(gssctxt, &gssbuf, &mic)))) diff --git a/usr.bin/ssh/auth2-hostbased.c b/usr.bin/ssh/auth2-hostbased.c index a1fe6fe0f13..6bbdec25e0f 100644 --- a/usr.bin/ssh/auth2-hostbased.c +++ b/usr.bin/ssh/auth2-hostbased.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-hostbased.c,v 1.42 2019/11/25 00:51:37 djm Exp $ */ +/* $OpenBSD: auth2-hostbased.c,v 1.43 2020/10/18 11:32:01 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -73,9 +73,9 @@ userauth_hostbased(struct ssh *ssh) (r = sshpkt_get_cstring(ssh, &chost, NULL)) != 0 || (r = sshpkt_get_cstring(ssh, &cuser, NULL)) != 0 || (r = sshpkt_get_string(ssh, &sig, &slen)) != 0) - fatal("%s: packet parsing: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse packet"); - debug("%s: cuser %s chost %s pkalg %s slen %zu", __func__, + debug_f("cuser %s chost %s pkalg %s slen %zu", cuser, chost, pkalg, slen); #ifdef DEBUG_PK debug("signature:"); @@ -84,21 +84,21 @@ userauth_hostbased(struct ssh *ssh) pktype = sshkey_type_from_name(pkalg); if (pktype == KEY_UNSPEC) { /* this is perfectly legal */ - logit("%s: unsupported public key algorithm: %s", - __func__, pkalg); + logit_f("unsupported public key algorithm: %s", + pkalg); goto done; } if ((r = sshkey_from_blob(pkblob, blen, &key)) != 0) { - error("%s: key_from_blob: %s", __func__, ssh_err(r)); + error_fr(r, "key_from_blob"); goto done; } if (key == NULL) { - error("%s: cannot decode key: %s", __func__, pkalg); + error_f("cannot decode key: %s", pkalg); goto done; } if (key->type != pktype) { - error("%s: type mismatch for decoded key " - "(received %d, expected %d)", __func__, key->type, pktype); + error_f("type mismatch for decoded key " + "(received %d, expected %d)", key->type, pktype); goto done; } if (sshkey_type_plain(key->type) == KEY_RSA && @@ -108,25 +108,25 @@ userauth_hostbased(struct ssh *ssh) goto done; } if (match_pattern_list(pkalg, options.hostbased_key_types, 0) != 1) { - logit("%s: key type %s not in HostbasedAcceptedKeyTypes", - __func__, sshkey_type(key)); + logit_f("key type %s not in HostbasedAcceptedKeyTypes", + sshkey_type(key)); goto done; } if ((r = sshkey_check_cert_sigtype(key, options.ca_sign_algorithms)) != 0) { - logit("%s: certificate signature algorithm %s: %s", __func__, + logit_fr(r, "certificate signature algorithm %s", (key->cert == NULL || key->cert->signature_type == NULL) ? - "(null)" : key->cert->signature_type, ssh_err(r)); + "(null)" : key->cert->signature_type); goto done; } if (!authctxt->valid || authctxt->user == NULL) { - debug2("%s: disabled because of invalid user", __func__); + debug2_f("disabled because of invalid user"); goto done; } if ((b = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); /* reconstruct packet */ if ((r = sshbuf_put_string(b, session_id2, session_id2_len)) != 0 || (r = sshbuf_put_u8(b, SSH2_MSG_USERAUTH_REQUEST)) != 0 || @@ -137,7 +137,7 @@ userauth_hostbased(struct ssh *ssh) (r = sshbuf_put_string(b, pkblob, blen)) != 0 || (r = sshbuf_put_cstring(b, chost)) != 0 || (r = sshbuf_put_cstring(b, cuser)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "reconstruct packet"); #ifdef DEBUG_PK sshbuf_dump(b, stderr); #endif @@ -156,7 +156,7 @@ userauth_hostbased(struct ssh *ssh) auth2_record_key(authctxt, authenticated, key); sshbuf_free(b); done: - debug2("%s: authenticated %d", __func__, authenticated); + debug2_f("authenticated %d", authenticated); sshkey_free(key); free(pkalg); free(pkblob); @@ -182,7 +182,7 @@ hostbased_key_allowed(struct ssh *ssh, struct passwd *pw, resolvedname = auth_get_canonical_hostname(ssh, options.use_dns); ipaddr = ssh_remote_ipaddr(ssh); - debug2("%s: chost %s resolvedname %s ipaddr %s", __func__, + debug2_f("chost %s resolvedname %s ipaddr %s", chost, resolvedname, ipaddr); if (((len = strlen(chost)) > 0) && chost[len - 1] == '.') { @@ -192,9 +192,8 @@ hostbased_key_allowed(struct ssh *ssh, struct passwd *pw, if (options.hostbased_uses_name_from_packet_only) { if (auth_rhosts2(pw, cuser, chost, chost) == 0) { - debug2("%s: auth_rhosts2 refused " - "user \"%.100s\" host \"%.100s\" (from packet)", - __func__, cuser, chost); + debug2_f("auth_rhosts2 refused user \"%.100s\" " + "host \"%.100s\" (from packet)", cuser, chost); return 0; } lookup = chost; @@ -204,14 +203,14 @@ hostbased_key_allowed(struct ssh *ssh, struct passwd *pw, "client sends %s, but we resolve %s to %s", chost, ipaddr, resolvedname); if (auth_rhosts2(pw, cuser, resolvedname, ipaddr) == 0) { - debug2("%s: auth_rhosts2 refused " + debug2_f("auth_rhosts2 refused " "user \"%.100s\" host \"%.100s\" addr \"%.100s\"", - __func__, cuser, resolvedname, ipaddr); + cuser, resolvedname, ipaddr); return 0; } lookup = resolvedname; } - debug2("%s: access allowed by auth_rhosts2", __func__); + debug2_f("access allowed by auth_rhosts2"); if (sshkey_is_cert(key) && sshkey_cert_check_authority(key, 1, 0, lookup, &reason)) { @@ -236,7 +235,7 @@ hostbased_key_allowed(struct ssh *ssh, struct passwd *pw, if (sshkey_is_cert(key)) { if ((fp = sshkey_fingerprint(key->cert->signature_key, options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) - fatal("%s: sshkey_fingerprint fail", __func__); + fatal_f("sshkey_fingerprint fail"); verbose("Accepted certificate ID \"%s\" signed by " "%s CA %s from %s@%s", key->cert->key_id, sshkey_type(key->cert->signature_key), fp, @@ -244,7 +243,7 @@ hostbased_key_allowed(struct ssh *ssh, struct passwd *pw, } else { if ((fp = sshkey_fingerprint(key, options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) - fatal("%s: sshkey_fingerprint fail", __func__); + fatal_f("sshkey_fingerprint fail"); verbose("Accepted %s public key %s from %s@%s", sshkey_type(key), fp, cuser, lookup); } diff --git a/usr.bin/ssh/auth2-kbdint.c b/usr.bin/ssh/auth2-kbdint.c index d8e1652453a..1f7b153c5ec 100644 --- a/usr.bin/ssh/auth2-kbdint.c +++ b/usr.bin/ssh/auth2-kbdint.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-kbdint.c,v 1.11 2019/11/13 04:47:52 deraadt Exp $ */ +/* $OpenBSD: auth2-kbdint.c,v 1.12 2020/10/18 11:32:01 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -50,7 +50,7 @@ userauth_kbdint(struct ssh *ssh) if ((r = sshpkt_get_cstring(ssh, &lang, NULL)) != 0 || (r = sshpkt_get_cstring(ssh, &devs, NULL)) != 0 || (r = sshpkt_get_end(ssh)) != 0) - fatal("%s: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse packet"); debug("keyboard-interactive devs %s", devs); diff --git a/usr.bin/ssh/auth2-none.c b/usr.bin/ssh/auth2-none.c index 2f9609ce5e7..6e00b115568 100644 --- a/usr.bin/ssh/auth2-none.c +++ b/usr.bin/ssh/auth2-none.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-none.c,v 1.22 2018/07/09 21:35:50 markus Exp $ */ +/* $OpenBSD: auth2-none.c,v 1.23 2020/10/18 11:32:01 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -56,7 +56,7 @@ userauth_none(struct ssh *ssh) none_enabled = 0; if ((r = sshpkt_get_end(ssh)) != 0) - fatal("%s: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse packet"); if (options.permit_empty_passwd && options.password_authentication) return (PRIVSEP(auth_password(ssh, ""))); return (0); diff --git a/usr.bin/ssh/auth2-passwd.c b/usr.bin/ssh/auth2-passwd.c index a19e29ed63b..9ff2b20b81b 100644 --- a/usr.bin/ssh/auth2-passwd.c +++ b/usr.bin/ssh/auth2-passwd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-passwd.c,v 1.18 2020/02/26 13:40:09 jsg Exp $ */ +/* $OpenBSD: auth2-passwd.c,v 1.19 2020/10/18 11:32:01 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -58,7 +58,7 @@ userauth_passwd(struct ssh *ssh) (r = sshpkt_get_cstring(ssh, &password, &len)) != 0 || (change && (r = sshpkt_get_cstring(ssh, NULL, NULL)) != 0) || (r = sshpkt_get_end(ssh)) != 0) - fatal("%s: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse packet"); if (change) logit("password change not supported"); diff --git a/usr.bin/ssh/auth2-pubkey.c b/usr.bin/ssh/auth2-pubkey.c index 8210f404564..9ba735f8729 100644 --- a/usr.bin/ssh/auth2-pubkey.c +++ b/usr.bin/ssh/auth2-pubkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-pubkey.c,v 1.100 2020/08/27 01:07:09 djm Exp $ */ +/* $OpenBSD: auth2-pubkey.c,v 1.101 2020/10/18 11:32:01 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -101,17 +101,17 @@ userauth_pubkey(struct ssh *ssh) if ((r = sshpkt_get_u8(ssh, &have_sig)) != 0 || (r = sshpkt_get_cstring(ssh, &pkalg, NULL)) != 0 || (r = sshpkt_get_string(ssh, &pkblob, &blen)) != 0) - fatal("%s: parse request failed: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse packet"); if (log_level_get() >= SYSLOG_LEVEL_DEBUG2) { char *keystring; struct sshbuf *pkbuf; if ((pkbuf = sshbuf_from(pkblob, blen)) == NULL) - fatal("%s: sshbuf_from failed", __func__); + fatal_f("sshbuf_from failed"); if ((keystring = sshbuf_dtob64_string(pkbuf, 0)) == NULL) - fatal("%s: sshbuf_dtob64 failed", __func__); - debug2("%s: %s user %s %s public key %s %s", __func__, + fatal_f("sshbuf_dtob64 failed"); + debug2_f("%s user %s %s public key %s %s", authctxt->valid ? "valid" : "invalid", authctxt->user, have_sig ? "attempting" : "querying", pkalg, keystring); sshbuf_free(pkbuf); @@ -121,21 +121,20 @@ userauth_pubkey(struct ssh *ssh) pktype = sshkey_type_from_name(pkalg); if (pktype == KEY_UNSPEC) { /* this is perfectly legal */ - verbose("%s: unsupported public key algorithm: %s", - __func__, pkalg); + verbose_f("unsupported public key algorithm: %s", pkalg); goto done; } if ((r = sshkey_from_blob(pkblob, blen, &key)) != 0) { - error("%s: could not parse key: %s", __func__, ssh_err(r)); + error_fr(r, "parse key"); goto done; } if (key == NULL) { - error("%s: cannot decode key: %s", __func__, pkalg); + error_f("cannot decode key: %s", pkalg); goto done; } if (key->type != pktype) { - error("%s: type mismatch for decoded key " - "(received %d, expected %d)", __func__, key->type, pktype); + error_f("type mismatch for decoded key " + "(received %d, expected %d)", key->type, pktype); goto done; } if (sshkey_type_plain(key->type) == KEY_RSA && @@ -149,15 +148,15 @@ userauth_pubkey(struct ssh *ssh) goto done; } if (match_pattern_list(pkalg, options.pubkey_key_types, 0) != 1) { - logit("%s: key type %s not in PubkeyAcceptedKeyTypes", - __func__, sshkey_ssh_name(key)); + logit_f("key type %s not in PubkeyAcceptedKeyTypes", + sshkey_ssh_name(key)); goto done; } if ((r = sshkey_check_cert_sigtype(key, options.ca_sign_algorithms)) != 0) { - logit("%s: certificate signature algorithm %s: %s", __func__, + logit_fr(r, "certificate signature algorithm %s", (key->cert == NULL || key->cert->signature_type == NULL) ? - "(null)" : key->cert->signature_type, ssh_err(r)); + "(null)" : key->cert->signature_type); goto done; } key_s = format_key(key); @@ -165,29 +164,23 @@ userauth_pubkey(struct ssh *ssh) ca_s = format_key(key->cert->signature_key); if (have_sig) { - debug3("%s: have %s signature for %s%s%s", - __func__, pkalg, key_s, - ca_s == NULL ? "" : " CA ", - ca_s == NULL ? "" : ca_s); + debug3_f("have %s signature for %s%s%s", pkalg, key_s, + ca_s == NULL ? "" : " CA ", ca_s == NULL ? "" : ca_s); if ((r = sshpkt_get_string(ssh, &sig, &slen)) != 0 || (r = sshpkt_get_end(ssh)) != 0) - fatal("%s: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse signature packet"); if ((b = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); if (ssh->compat & SSH_OLD_SESSIONID) { - if ((r = sshbuf_put(b, session_id2, - session_id2_len)) != 0) - fatal("%s: sshbuf_put session id: %s", - __func__, ssh_err(r)); + if ((r = sshbuf_put(b, session_id2, session_id2_len)) != 0) + fatal_fr(r, "put old session id"); } else { if ((r = sshbuf_put_string(b, session_id2, session_id2_len)) != 0) - fatal("%s: sshbuf_put_string session id: %s", - __func__, ssh_err(r)); + fatal_fr(r, "put session id"); } if (!authctxt->valid || authctxt->user == NULL) { - debug2("%s: disabled because of invalid user", - __func__); + debug2_f("disabled because of invalid user"); goto done; } /* reconstruct packet */ @@ -201,8 +194,7 @@ userauth_pubkey(struct ssh *ssh) (r = sshbuf_put_u8(b, have_sig)) != 0 || (r = sshbuf_put_cstring(b, pkalg)) != 0 || (r = sshbuf_put_string(b, pkblob, blen)) != 0) - fatal("%s: build packet failed: %s", - __func__, ssh_err(r)); + fatal_fr(r, "reconstruct packet"); #ifdef DEBUG_PK sshbuf_dump(b, stderr); #endif @@ -218,9 +210,8 @@ userauth_pubkey(struct ssh *ssh) if (authenticated == 1 && sig_details != NULL) { auth2_record_info(authctxt, "signature count = %u", sig_details->sk_counter); - debug("%s: sk_counter = %u, sk_flags = 0x%02x", - __func__, sig_details->sk_counter, - sig_details->sk_flags); + debug_f("sk_counter = %u, sk_flags = 0x%02x", + sig_details->sk_counter, sig_details->sk_flags); req_presence = (options.pubkey_auth_options & PUBKEYAUTH_TOUCH_REQUIRED) || !authopts->no_require_user_presence; @@ -253,17 +244,14 @@ userauth_pubkey(struct ssh *ssh) } auth2_record_key(authctxt, authenticated, key); } else { - debug("%s: test pkalg %s pkblob %s%s%s", - __func__, pkalg, key_s, - ca_s == NULL ? "" : " CA ", - ca_s == NULL ? "" : ca_s); + debug_f("test pkalg %s pkblob %s%s%s", pkalg, key_s, + ca_s == NULL ? "" : " CA ", ca_s == NULL ? "" : ca_s); if ((r = sshpkt_get_end(ssh)) != 0) - fatal("%s: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse packet"); if (!authctxt->valid || authctxt->user == NULL) { - debug2("%s: disabled because of invalid user", - __func__); + debug2_f("disabled because of invalid user"); goto done; } /* XXX fake reply and always send PK_OK ? */ @@ -281,16 +269,16 @@ userauth_pubkey(struct ssh *ssh) (r = sshpkt_put_string(ssh, pkblob, blen)) != 0 || (r = sshpkt_send(ssh)) != 0 || (r = ssh_packet_write_wait(ssh)) != 0) - fatal("%s: %s", __func__, ssh_err(r)); + fatal_fr(r, "send packet"); authctxt->postponed = 1; } } done: if (authenticated == 1 && auth_activate_options(ssh, authopts) != 0) { - debug("%s: key options inconsistent with existing", __func__); + debug_f("key options inconsistent with existing"); authenticated = 0; } - debug2("%s: authenticated %d pkalg %s", __func__, authenticated, pkalg); + debug2_f("authenticated %d pkalg %s", authenticated, pkalg); sshbuf_free(b); sshauthopt_free(authopts); @@ -497,20 +485,20 @@ match_principals_command(struct ssh *ssh, struct passwd *user_pw, } if ((ca_fp = sshkey_fingerprint(cert->signature_key, options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) { - error("%s: sshkey_fingerprint failed", __func__); + error_f("sshkey_fingerprint failed"); goto out; } if ((key_fp = sshkey_fingerprint(key, options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) { - error("%s: sshkey_fingerprint failed", __func__); + error_f("sshkey_fingerprint failed"); goto out; } if ((r = sshkey_to_base64(cert->signature_key, &catext)) != 0) { - error("%s: sshkey_to_base64 failed: %s", __func__, ssh_err(r)); + error_fr(r, "sshkey_to_base64 failed"); goto out; } if ((r = sshkey_to_base64(key, &keytext)) != 0) { - error("%s: sshkey_to_base64 failed: %s", __func__, ssh_err(r)); + error_fr(r, "sshkey_to_base64 failed"); goto out; } snprintf(serial_s, sizeof(serial_s), "%llu", @@ -532,7 +520,7 @@ match_principals_command(struct ssh *ssh, struct passwd *user_pw, "s", serial_s, (char *)NULL); if (tmp == NULL) - fatal("%s: percent_expand failed", __func__); + fatal_f("percent_expand failed"); free(av[i]); av[i] = tmp; } @@ -595,7 +583,7 @@ check_authkey_line(struct ssh *ssh, struct passwd *pw, struct sshkey *key, *authoptsp = NULL; if ((found = sshkey_new(want_keytype)) == NULL) { - debug3("%s: keytype %d failed", __func__, want_keytype); + debug3_f("keytype %d failed", want_keytype); goto out; } @@ -637,7 +625,7 @@ check_authkey_line(struct ssh *ssh, struct passwd *pw, struct sshkey *key, /* We have a candidate key, perform authorisation checks */ if ((fp = sshkey_fingerprint(found, options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) - fatal("%s: fingerprint failed", __func__); + fatal_f("fingerprint failed"); debug("%s: matching %s found: %s %s", loc, sshkey_is_cert(key) ? "CA" : "key", sshkey_type(found), fp); @@ -694,7 +682,7 @@ check_authkey_line(struct ssh *ssh, struct passwd *pw, struct sshkey *key, success: if (finalopts == NULL) - fatal("%s: internal error: missing options", __func__); + fatal_f("internal error: missing options"); if (authoptsp != NULL) { *authoptsp = finalopts; finalopts = NULL; @@ -773,9 +761,9 @@ user_cert_trusted_ca(struct ssh *ssh, struct passwd *pw, struct sshkey *key, if ((r = sshkey_in_file(key->cert->signature_key, options.trusted_user_ca_keys, 1, 0)) != 0) { - debug2("%s: CA %s %s is not listed in %s: %s", __func__, + debug2_fr(r, "CA %s %s is not listed in %s", sshkey_type(key->cert->signature_key), ca_fp, - options.trusted_user_ca_keys, ssh_err(r)); + options.trusted_user_ca_keys); goto out; } /* @@ -800,7 +788,7 @@ user_cert_trusted_ca(struct ssh *ssh, struct passwd *pw, struct sshkey *key, goto fail_reason; } if (use_authorized_principals && principals_opts == NULL) - fatal("%s: internal error: missing principals_opts", __func__); + fatal_f("internal error: missing principals_opts"); if (sshkey_cert_check_authority(key, 0, 1, use_authorized_principals ? NULL : pw->pw_name, &reason) != 0) goto fail_reason; @@ -925,11 +913,11 @@ user_key_command_allowed2(struct ssh *ssh, struct passwd *user_pw, /* Prepare AuthorizedKeysCommand */ if ((key_fp = sshkey_fingerprint(key, options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) { - error("%s: sshkey_fingerprint failed", __func__); + error_f("sshkey_fingerprint failed"); goto out; } if ((r = sshkey_to_base64(key, &keytext)) != 0) { - error("%s: sshkey_to_base64 failed: %s", __func__, ssh_err(r)); + error_fr(r, "sshkey_to_base64 failed"); goto out; } @@ -956,7 +944,7 @@ user_key_command_allowed2(struct ssh *ssh, struct passwd *user_pw, "k", keytext, (char *)NULL); if (tmp == NULL) - fatal("%s: percent_expand failed", __func__); + fatal_f("percent_expand failed"); free(av[i]); av[i] = tmp; } diff --git a/usr.bin/ssh/auth2.c b/usr.bin/ssh/auth2.c index c309d0bbea5..0a5c5e12d09 100644 --- a/usr.bin/ssh/auth2.c +++ b/usr.bin/ssh/auth2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2.c,v 1.158 2020/03/06 18:16:21 markus Exp $ */ +/* $OpenBSD: auth2.c,v 1.159 2020/10/18 11:32:01 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -149,7 +149,7 @@ userauth_banner(struct ssh *ssh) (r = sshpkt_put_cstring(ssh, banner)) != 0 || (r = sshpkt_put_cstring(ssh, "")) != 0 || /* language, unused */ (r = sshpkt_send(ssh)) != 0) - fatal("%s: %s", __func__, ssh_err(r)); + fatal_fr(r, "send packet"); debug("userauth_banner: sent"); done: free(banner); @@ -222,11 +222,11 @@ user_specific_delay(const char *user) (void)snprintf(b, sizeof b, "%llu%s", (unsigned long long)options.timing_secret, user); if (ssh_digest_memory(SSH_DIGEST_SHA512, b, strlen(b), hash, len) != 0) - fatal("%s: ssh_digest_memory", __func__); + fatal_f("ssh_digest_memory"); /* 0-4.2 ms of delay */ delay = (double)PEEK_U32(hash) / 1000 / 1000 / 1000 / 1000; freezero(hash, len); - debug3("%s: user specific delay %0.3lfms", __func__, delay/1000); + debug3_f("user specific delay %0.3lfms", delay/1000); return MIN_FAIL_DELAY_SECONDS + delay; } @@ -242,8 +242,8 @@ ensure_minimum_time_since(double start, double seconds) ts.tv_sec = remain; ts.tv_nsec = (remain - ts.tv_sec) * 1000000000; - debug3("%s: elapsed %0.3lfms, delaying %0.3lfms (requested %0.3lfms)", - __func__, elapsed*1000, remain*1000, req*1000); + debug3_f("elapsed %0.3lfms, delaying %0.3lfms (requested %0.3lfms)", + elapsed*1000, remain*1000, req*1000); nanosleep(&ts, NULL); } @@ -275,8 +275,7 @@ input_userauth_request(int type, u_int32_t seq, struct ssh *ssh) authctxt->pw = PRIVSEP(getpwnamallow(ssh, user)); if (authctxt->pw && strcmp(service, "ssh-connection")==0) { authctxt->valid = 1; - debug2("%s: setting up authctxt for %s", - __func__, user); + debug2_f("setting up authctxt for %s", user); } else { /* Invalid user, fake password information */ authctxt->pw = fakepw(); @@ -374,7 +373,7 @@ userauth_finish(struct ssh *ssh, int authenticated, const char *method, if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_SUCCESS)) != 0 || (r = sshpkt_send(ssh)) != 0 || (r = ssh_packet_write_wait(ssh)) != 0) - fatal("%s: %s", __func__, ssh_err(r)); + fatal_fr(r, "send success packet"); /* now we can break out */ authctxt->success = 1; ssh_packet_set_log_preamble(ssh, "user %s", authctxt->user); @@ -386,14 +385,14 @@ userauth_finish(struct ssh *ssh, int authenticated, const char *method, if (authctxt->failures >= options.max_authtries) auth_maxtries_exceeded(ssh); methods = authmethods_get(authctxt); - debug3("%s: failure partial=%d next methods=\"%s\"", __func__, + debug3_f("failure partial=%d next methods=\"%s\"", partial, methods); if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_FAILURE)) != 0 || (r = sshpkt_put_cstring(ssh, methods)) != 0 || (r = sshpkt_put_u8(ssh, partial)) != 0 || (r = sshpkt_send(ssh)) != 0 || (r = ssh_packet_write_wait(ssh)) != 0) - fatal("%s: %s", __func__, ssh_err(r)); + fatal_fr(r, "send failure packet"); free(methods); } } @@ -431,7 +430,7 @@ authmethods_get(Authctxt *authctxt) int i, r; if ((b = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); for (i = 0; authmethods[i] != NULL; i++) { if (strcmp(authmethods[i]->name, "none") == 0) continue; @@ -443,10 +442,10 @@ authmethods_get(Authctxt *authctxt) continue; if ((r = sshbuf_putf(b, "%s%s", sshbuf_len(b) ? "," : "", authmethods[i]->name)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "buffer error"); } if ((list = sshbuf_dup_string(b)) == NULL) - fatal("%s: sshbuf_dup_string failed", __func__); + fatal_f("sshbuf_dup_string failed"); sshbuf_free(b); return list; } @@ -538,7 +537,7 @@ auth2_setup_methods_lists(Authctxt *authctxt) if (options.num_auth_methods == 0) return 0; - debug3("%s: checking methods", __func__); + debug3_f("checking methods"); authctxt->auth_methods = xcalloc(options.num_auth_methods, sizeof(*authctxt->auth_methods)); authctxt->num_auth_methods = 0; @@ -626,7 +625,7 @@ auth2_update_methods_lists(Authctxt *authctxt, const char *method, { u_int i, found = 0; - debug3("%s: updating methods list after \"%s\"", __func__, method); + debug3_f("updating methods list after \"%s\"", method); for (i = 0; i < authctxt->num_auth_methods; i++) { if (!remove_method(&(authctxt->auth_methods[i]), method, submethod)) @@ -641,7 +640,7 @@ auth2_update_methods_lists(Authctxt *authctxt, const char *method, } /* This should not happen, but would be bad if it did */ if (!found) - fatal("%s: method not in AuthenticationMethods", __func__); + fatal_f("method not in AuthenticationMethods"); return 0; } @@ -669,7 +668,7 @@ auth2_record_info(Authctxt *authctxt, const char *fmt, ...) va_end(ap); if (i == -1) - fatal("%s: vasprintf failed", __func__); + fatal_f("vasprintf failed"); } /* @@ -685,7 +684,7 @@ auth2_record_key(Authctxt *authctxt, int authenticated, int r; if ((r = sshkey_from_private(key, &dup)) != 0) - fatal("%s: copy key: %s", __func__, ssh_err(r)); + fatal_fr(r, "copy key"); sshkey_free(authctxt->auth_method_key); authctxt->auth_method_key = dup; @@ -694,11 +693,11 @@ auth2_record_key(Authctxt *authctxt, int authenticated, /* If authenticated, make sure we don't accept this key again */ if ((r = sshkey_from_private(key, &dup)) != 0) - fatal("%s: copy key: %s", __func__, ssh_err(r)); + fatal_fr(r, "copy key"); if (authctxt->nprev_keys >= INT_MAX || (tmp = recallocarray(authctxt->prev_keys, authctxt->nprev_keys, authctxt->nprev_keys + 1, sizeof(*authctxt->prev_keys))) == NULL) - fatal("%s: reallocarray failed", __func__); + fatal_f("reallocarray failed"); authctxt->prev_keys = tmp; authctxt->prev_keys[authctxt->nprev_keys] = dup; authctxt->nprev_keys++; @@ -716,7 +715,7 @@ auth2_key_already_used(Authctxt *authctxt, const struct sshkey *key) if (sshkey_equal_public(key, authctxt->prev_keys[i])) { fp = sshkey_fingerprint(authctxt->prev_keys[i], options.fingerprint_hash, SSH_FP_DEFAULT); - debug3("%s: key already used: %s %s", __func__, + debug3_f("key already used: %s %s", sshkey_type(authctxt->prev_keys[i]), fp == NULL ? "UNKNOWN" : fp); free(fp); @@ -738,35 +737,34 @@ auth2_update_session_info(Authctxt *authctxt, const char *method, if (authctxt->session_info == NULL) { if ((authctxt->session_info = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new", __func__); + fatal_f("sshbuf_new"); } /* Append method[/submethod] */ if ((r = sshbuf_putf(authctxt->session_info, "%s%s%s", method, submethod == NULL ? "" : "/", submethod == NULL ? "" : submethod)) != 0) - fatal("%s: append method: %s", __func__, ssh_err(r)); + fatal_fr(r, "append method"); /* Append key if present */ if (authctxt->auth_method_key != NULL) { if ((r = sshbuf_put_u8(authctxt->session_info, ' ')) != 0 || (r = sshkey_format_text(authctxt->auth_method_key, authctxt->session_info)) != 0) - fatal("%s: append key: %s", __func__, ssh_err(r)); + fatal_fr(r, "append key"); } if (authctxt->auth_method_info != NULL) { /* Ensure no ambiguity here */ if (strchr(authctxt->auth_method_info, '\n') != NULL) - fatal("%s: auth_method_info contains \\n", __func__); + fatal_f("auth_method_info contains \\n"); if ((r = sshbuf_put_u8(authctxt->session_info, ' ')) != 0 || (r = sshbuf_putf(authctxt->session_info, "%s", authctxt->auth_method_info)) != 0) { - fatal("%s: append method info: %s", - __func__, ssh_err(r)); + fatal_fr(r, "append method info"); } } if ((r = sshbuf_put_u8(authctxt->session_info, '\n')) != 0) - fatal("%s: append: %s", __func__, ssh_err(r)); + fatal_fr(r, "append"); } diff --git a/usr.bin/ssh/canohost.c b/usr.bin/ssh/canohost.c index 1a3aeaa9a1c..406c5fd32aa 100644 --- a/usr.bin/ssh/canohost.c +++ b/usr.bin/ssh/canohost.c @@ -1,4 +1,4 @@ -/* $OpenBSD: canohost.c,v 1.74 2019/06/28 13:35:04 deraadt Exp $ */ +/* $OpenBSD: canohost.c,v 1.75 2020/10/18 11:32:01 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -62,7 +62,7 @@ get_socket_address(int sock, int remote, int flags) /* Get the address in ascii. */ if ((r = getnameinfo((struct sockaddr *)&addr, addrlen, ntop, sizeof(ntop), NULL, 0, flags)) != 0) { - error("%s: getnameinfo %d failed: %s", __func__, + error_f("getnameinfo %d failed: %s", flags, ssh_gai_strerror(r)); return NULL; } @@ -107,7 +107,7 @@ get_local_name(int fd) /* Handle the case where we were passed a pipe */ if (gethostname(myname, sizeof(myname)) == -1) { - verbose("%s: gethostname: %s", __func__, strerror(errno)); + verbose_f("gethostname: %s", strerror(errno)); host = xstrdup("UNKNOWN"); } else { host = xstrdup(myname); @@ -148,7 +148,7 @@ get_sock_port(int sock, int local) /* Return port number. */ if ((r = getnameinfo((struct sockaddr *)&from, fromlen, NULL, 0, strport, sizeof(strport), NI_NUMERICSERV)) != 0) - fatal("%s: getnameinfo NI_NUMERICSERV failed: %s", __func__, + fatal_f("getnameinfo NI_NUMERICSERV failed: %s", ssh_gai_strerror(r)); return atoi(strport); } diff --git a/usr.bin/ssh/channels.c b/usr.bin/ssh/channels.c index b678f973e6c..fe548503927 100644 --- a/usr.bin/ssh/channels.c +++ b/usr.bin/ssh/channels.c @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.c,v 1.402 2020/09/20 05:47:25 djm Exp $ */ +/* $OpenBSD: channels.c,v 1.403 2020/10/18 11:32:01 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -222,7 +222,7 @@ channel_init_channels(struct ssh *ssh) struct ssh_channels *sc; if ((sc = calloc(1, sizeof(*sc))) == NULL) - fatal("%s: allocation failed", __func__); + fatal_f("allocation failed"); sc->channels_alloc = 10; sc->channels = xcalloc(sc->channels_alloc, sizeof(*sc->channels)); sc->IPv4or6 = AF_UNSPEC; @@ -237,12 +237,12 @@ channel_by_id(struct ssh *ssh, int id) Channel *c; if (id < 0 || (u_int)id >= ssh->chanctxt->channels_alloc) { - logit("%s: %d: bad id", __func__, id); + logit_f("%d: bad id", id); return NULL; } c = ssh->chanctxt->channels[id]; if (c == NULL) { - logit("%s: %d: bad id: channel free", __func__, id); + logit_f("%d: bad id: channel free", id); return NULL; } return c; @@ -361,8 +361,8 @@ channel_new(struct ssh *ssh, char *ctype, int type, int rfd, int wfd, int efd, */ found = sc->channels_alloc; if (sc->channels_alloc > CHANNELS_MAX_CHANNELS) - fatal("%s: internal error: channels_alloc %d too big", - __func__, sc->channels_alloc); + fatal_f("internal error: channels_alloc %d too big", + sc->channels_alloc); sc->channels = xrecallocarray(sc->channels, sc->channels_alloc, sc->channels_alloc + 10, sizeof(*sc->channels)); sc->channels_alloc += 10; @@ -373,9 +373,9 @@ channel_new(struct ssh *ssh, char *ctype, int type, int rfd, int wfd, int efd, if ((c->input = sshbuf_new()) == NULL || (c->output = sshbuf_new()) == NULL || (c->extended = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); if ((r = sshbuf_set_max_size(c->input, CHAN_INPUT_MAX)) != 0) - fatal("%s: sshbuf_set_max_size: %s", __func__, ssh_err(r)); + fatal_fr(r, "sshbuf_set_max_size"); c->ostate = CHAN_OUTPUT_OPEN; c->istate = CHAN_INPUT_OPEN; channel_register_fds(ssh, c, rfd, wfd, efd, extusage, nonblock, 0); @@ -482,7 +482,7 @@ permission_set_get(struct ssh *ssh, int where) return &sc->remote_perms; break; default: - fatal("%s: invalid forwarding direction %d", __func__, where); + fatal_f("invalid forwarding direction %d", where); } } @@ -503,7 +503,7 @@ permission_set_get_array(struct ssh *ssh, int who, int where, *npermpp = &pset->num_permitted_admin; break; default: - fatal("%s: invalid forwarding client %d", __func__, who); + fatal_f("invalid forwarding client %d", who); } } @@ -520,7 +520,7 @@ permission_set_add(struct ssh *ssh, int who, int where, permission_set_get_array(ssh, who, where, &permp, &npermp); if (*npermp >= INT_MAX) - fatal("%s: %s overflow", __func__, fwd_ident(who, where)); + fatal_f("%s overflow", fwd_ident(who, where)); *permp = xrecallocarray(*permp, *npermp, *npermp + 1, sizeof(**permp)); n = (*npermp)++; @@ -560,8 +560,7 @@ mux_remove_remote_forwardings(struct ssh *ssh, Channel *c) channel_rfwd_bind_host(perm->listen_host))) != 0 || (r = sshpkt_put_u32(ssh, perm->listen_port)) != 0 || (r = sshpkt_send(ssh)) != 0) { - fatal("%s: channel %i: %s", __func__, - c->self, ssh_err(r)); + fatal_fr(r, "channel %i", c->self); } fwd_perm_clear(perm); /* unregister */ } @@ -761,7 +760,7 @@ channel_still_open(struct ssh *ssh) case SSH_CHANNEL_MUX_PROXY: return 1; default: - fatal("%s: bad channel type %d", __func__, c->type); + fatal_f("bad channel type %d", c->type); /* NOTREACHED */ } } @@ -803,7 +802,7 @@ channel_find_open(struct ssh *ssh) case SSH_CHANNEL_X11_OPEN: return i; default: - fatal("%s: bad channel type %d", __func__, c->type); + fatal_f("bad channel type %d", c->type); /* NOTREACHED */ } } @@ -860,10 +859,10 @@ channel_open_message(struct ssh *ssh) char *cp, *ret; if ((buf = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new", __func__); + fatal_f("sshbuf_new"); if ((r = sshbuf_putf(buf, "The following connections are open:\r\n")) != 0) - fatal("%s: sshbuf_putf: %s", __func__, ssh_err(r)); + fatal_fr(r, "sshbuf_putf"); for (i = 0; i < ssh->chanctxt->channels_alloc; i++) { c = ssh->chanctxt->channels[i]; if (c == NULL) @@ -894,18 +893,17 @@ channel_open_message(struct ssh *ssh) if ((r = sshbuf_putf(buf, " #%d %.300s (%s)\r\n", c->self, c->remote_name, cp)) != 0) { free(cp); - fatal("%s: sshbuf_putf: %s", - __func__, ssh_err(r)); + fatal_fr(r, "sshbuf_putf"); } free(cp); continue; default: - fatal("%s: bad channel type %d", __func__, c->type); + fatal_f("bad channel type %d", c->type); /* NOTREACHED */ } } if ((ret = sshbuf_dup_string(buf)) == NULL) - fatal("%s: sshbuf_dup_string", __func__); + fatal_f("sshbuf_dup_string"); sshbuf_free(buf); return ret; } @@ -920,7 +918,7 @@ open_preamble(struct ssh *ssh, const char *where, Channel *c, const char *type) (r = sshpkt_put_u32(ssh, c->self)) != 0 || (r = sshpkt_put_u32(ssh, c->local_window)) != 0 || (r = sshpkt_put_u32(ssh, c->local_maxpacket)) != 0) { - fatal("%s: channel %i: open: %s", where, c->self, ssh_err(r)); + fatal_r(r, "%s: channel %i: open", where, c->self); } } @@ -937,7 +935,7 @@ channel_send_open(struct ssh *ssh, int id) debug2("channel %d: send open", id); open_preamble(ssh, __func__, c, c->ctype); if ((r = sshpkt_send(ssh)) != 0) - fatal("%s: channel %i: %s", __func__, c->self, ssh_err(r)); + fatal_fr(r, "channel %i", c->self); } void @@ -947,18 +945,18 @@ channel_request_start(struct ssh *ssh, int id, char *service, int wantconfirm) int r; if (c == NULL) { - logit("%s: %d: unknown channel id", __func__, id); + logit_f("%d: unknown channel id", id); return; } if (!c->have_remote_id) - fatal(":%s: channel %d: no remote id", __func__, c->self); + fatal_f("channel %d: no remote id", c->self); debug2("channel %d: request %s confirm %d", id, service, wantconfirm); if ((r = sshpkt_start(ssh, SSH2_MSG_CHANNEL_REQUEST)) != 0 || (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 || (r = sshpkt_put_cstring(ssh, service)) != 0 || (r = sshpkt_put_u8(ssh, wantconfirm)) != 0) { - fatal("%s: channel %i: %s", __func__, c->self, ssh_err(r)); + fatal_fr(r, "channel %i", c->self); } } @@ -970,7 +968,7 @@ channel_register_status_confirm(struct ssh *ssh, int id, Channel *c; if ((c = channel_lookup(ssh, id)) == NULL) - fatal("%s: %d: bad id", __func__, id); + fatal_f("%d: bad id", id); cc = xcalloc(1, sizeof(*cc)); cc->cb = cb; @@ -986,7 +984,7 @@ channel_register_open_confirm(struct ssh *ssh, int id, Channel *c = channel_lookup(ssh, id); if (c == NULL) { - logit("%s: %d: bad id", __func__, id); + logit_f("%d: bad id", id); return; } c->open_confirm = fn; @@ -1000,7 +998,7 @@ channel_register_cleanup(struct ssh *ssh, int id, Channel *c = channel_by_id(ssh, id); if (c == NULL) { - logit("%s: %d: bad id", __func__, id); + logit_f("%d: bad id", id); return; } c->detach_user = fn; @@ -1013,7 +1011,7 @@ channel_cancel_cleanup(struct ssh *ssh, int id) Channel *c = channel_by_id(ssh, id); if (c == NULL) { - logit("%s: %d: bad id", __func__, id); + logit_f("%d: bad id", id); return; } c->detach_user = NULL; @@ -1027,7 +1025,7 @@ channel_register_filter(struct ssh *ssh, int id, channel_infilter_fn *ifn, Channel *c = channel_lookup(ssh, id); if (c == NULL) { - logit("%s: %d: bad id", __func__, id); + logit_f("%d: bad id", id); return; } c->input_filter = ifn; @@ -1046,7 +1044,7 @@ channel_set_fds(struct ssh *ssh, int id, int rfd, int wfd, int efd, if (c == NULL || c->type != SSH_CHANNEL_LARVAL) fatal("channel_activate for non-larval channel %d.", id); if (!c->have_remote_id) - fatal(":%s: channel %d: no remote id", __func__, c->self); + fatal_f("channel %d: no remote id", c->self); channel_register_fds(ssh, c, rfd, wfd, efd, extusage, nonblock, is_tty); c->type = SSH_CHANNEL_OPEN; @@ -1056,7 +1054,7 @@ channel_set_fds(struct ssh *ssh, int id, int rfd, int wfd, int efd, (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 || (r = sshpkt_put_u32(ssh, c->local_window)) != 0 || (r = sshpkt_send(ssh)) != 0) - fatal("%s: channel %i: %s", __func__, c->self, ssh_err(r)); + fatal_fr(r, "channel %i", c->self); } static void @@ -1285,24 +1283,21 @@ channel_decode_socks4(Channel *c, struct sshbuf *input, struct sshbuf *output) (r = sshbuf_get(input, &s4_req.command, 1)) != 0 || (r = sshbuf_get(input, &s4_req.dest_port, 2)) != 0 || (r = sshbuf_get(input, &s4_req.dest_addr, 4)) != 0) { - debug("channels %d: decode socks4: %s", c->self, ssh_err(r)); + debug_r(r, "channels %d: decode socks4", c->self); return -1; } have = sshbuf_len(input); p = sshbuf_ptr(input); if (memchr(p, '\0', have) == NULL) { - error("channel %d: decode socks4: user not nul terminated", - c->self); + error("channel %d: decode socks4: unterminated user", c->self); return -1; } len = strlen(p); debug2("channel %d: decode socks4: user %s/%d", c->self, p, len); len++; /* trailing '\0' */ strlcpy(username, p, sizeof(username)); - if ((r = sshbuf_consume(input, len)) != 0) { - fatal("%s: channel %d: consume: %s", __func__, - c->self, ssh_err(r)); - } + if ((r = sshbuf_consume(input, len)) != 0) + fatal_fr(r, "channel %d: consume", c->self); free(c->path); c->path = NULL; if (need == 1) { /* SOCKS4: one string */ @@ -1326,10 +1321,8 @@ channel_decode_socks4(Channel *c, struct sshbuf *input, struct sshbuf *output) return -1; } c->path = xstrdup(p); - if ((r = sshbuf_consume(input, len)) != 0) { - fatal("%s: channel %d: consume: %s", __func__, - c->self, ssh_err(r)); - } + if ((r = sshbuf_consume(input, len)) != 0) + fatal_fr(r, "channel %d: consume", c->self); } c->host_port = ntohs(s4_req.dest_port); @@ -1345,10 +1338,8 @@ channel_decode_socks4(Channel *c, struct sshbuf *input, struct sshbuf *output) s4_rsp.command = 90; /* cd: req granted */ s4_rsp.dest_port = 0; /* ignored */ s4_rsp.dest_addr.s_addr = INADDR_ANY; /* ignored */ - if ((r = sshbuf_put(output, &s4_rsp, sizeof(s4_rsp))) != 0) { - fatal("%s: channel %d: append reply: %s", __func__, - c->self, ssh_err(r)); - } + if ((r = sshbuf_put(output, &s4_rsp, sizeof(s4_rsp))) != 0) + fatal_fr(r, "channel %d: append reply", c->self); return 1; } @@ -1401,16 +1392,12 @@ channel_decode_socks5(Channel *c, struct sshbuf *input, struct sshbuf *output) c->self); return -1; } - if ((r = sshbuf_consume(input, nmethods + 2)) != 0) { - fatal("%s: channel %d: consume: %s", __func__, - c->self, ssh_err(r)); - } + if ((r = sshbuf_consume(input, nmethods + 2)) != 0) + fatal_fr(r, "channel %d: consume", c->self); /* version, method */ if ((r = sshbuf_put_u8(output, 0x05)) != 0 || - (r = sshbuf_put_u8(output, SSH_SOCKS5_NOAUTH)) != 0) { - fatal("%s: channel %d: append reply: %s", __func__, - c->self, ssh_err(r)); - } + (r = sshbuf_put_u8(output, SSH_SOCKS5_NOAUTH)) != 0) + fatal_fr(r, "channel %d: append reply", c->self); c->flags |= SSH_SOCKS5_AUTHDONE; debug2("channel %d: socks5 auth done", c->self); return 0; /* need more */ @@ -1447,20 +1434,16 @@ channel_decode_socks5(Channel *c, struct sshbuf *input, struct sshbuf *output) need++; if (have < need) return 0; - if ((r = sshbuf_consume(input, sizeof(s5_req))) != 0) { - fatal("%s: channel %d: consume: %s", __func__, - c->self, ssh_err(r)); - } + if ((r = sshbuf_consume(input, sizeof(s5_req))) != 0) + fatal_fr(r, "channel %d: consume", c->self); if (s5_req.atyp == SSH_SOCKS5_DOMAIN) { /* host string length */ - if ((r = sshbuf_consume(input, 1)) != 0) { - fatal("%s: channel %d: consume: %s", __func__, - c->self, ssh_err(r)); - } + if ((r = sshbuf_consume(input, 1)) != 0) + fatal_fr(r, "channel %d: consume", c->self); } if ((r = sshbuf_get(input, &dest_addr, addrlen)) != 0 || (r = sshbuf_get(input, &dest_port, 2)) != 0) { - debug("channel %d: parse addr/port: %s", c->self, ssh_err(r)); + debug_r(r, "channel %d: parse addr/port", c->self); return -1; } dest_addr[addrlen] = '\0'; @@ -1492,8 +1475,7 @@ channel_decode_socks5(Channel *c, struct sshbuf *input, struct sshbuf *output) if ((r = sshbuf_put(output, &s5_rsp, sizeof(s5_rsp))) != 0 || (r = sshbuf_put_u32(output, ntohl(INADDR_ANY))) != 0 || (r = sshbuf_put(output, &dest_port, sizeof(dest_port))) != 0) - fatal("%s: channel %d: append reply: %s", __func__, - c->self, ssh_err(r)); + fatal_fr(r, "channel %d: append reply", c->self); return 1; } @@ -1503,7 +1485,7 @@ channel_connect_stdio_fwd(struct ssh *ssh, { Channel *c; - debug("%s %s:%d", __func__, host_to_connect, port_to_connect); + debug_f("%s:%d", host_to_connect, port_to_connect); c = channel_new(ssh, "stdio-forward", SSH_CHANNEL_OPENING, in, out, -1, CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, @@ -1592,10 +1574,8 @@ channel_before_prepare_select_rdynamic(struct ssh *ssh, Channel *c) /* sshbuf_dump(c->output, stderr); */ /* EOF received */ if (c->flags & CHAN_EOF_RCVD) { - if ((r = sshbuf_consume(c->output, have)) != 0) { - fatal("%s: channel %d: consume: %s", - __func__, c->self, ssh_err(r)); - } + if ((r = sshbuf_consume(c->output, have)) != 0) + fatal_fr(r, "channel %d: consume", c->self); rdynamic_close(ssh, c); return; } @@ -1627,13 +1607,10 @@ channel_before_prepare_select_rdynamic(struct ssh *ssh, Channel *c) (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 || (r = sshpkt_put_stringb(ssh, c->input)) != 0 || (r = sshpkt_send(ssh)) != 0) { - fatal("%s: channel %i: rdynamic: %s", __func__, - c->self, ssh_err(r)); - } - if ((r = sshbuf_consume(c->input, len)) != 0) { - fatal("%s: channel %d: consume: %s", - __func__, c->self, ssh_err(r)); + fatal_fr(r, "channel %i: rdynamic", c->self); } + if ((r = sshbuf_consume(c->input, len)) != 0) + fatal_fr(r, "channel %d: consume", c->self); c->remote_window -= len; } } else if (rdynamic_connect_finish(ssh, c) < 0) { @@ -1686,11 +1663,10 @@ channel_post_x11_listener(struct ssh *ssh, Channel *c, open_preamble(ssh, __func__, nc, "x11"); if ((r = sshpkt_put_cstring(ssh, remote_ipaddr)) != 0 || (r = sshpkt_put_u32(ssh, remote_port)) != 0) { - fatal("%s: channel %i: reply %s", __func__, - c->self, ssh_err(r)); + fatal_fr(r, "channel %i: reply", c->self); } if ((r = sshpkt_send(ssh)) != 0) - fatal("%s: channel %i: send %s", __func__, c->self, ssh_err(r)); + fatal_fr(r, "channel %i: send", c->self); free(remote_ipaddr); } @@ -1721,46 +1697,34 @@ port_open_helper(struct ssh *ssh, Channel *c, char *rtype) if (strcmp(rtype, "direct-tcpip") == 0) { /* target host, port */ if ((r = sshpkt_put_cstring(ssh, c->path)) != 0 || - (r = sshpkt_put_u32(ssh, c->host_port)) != 0) { - fatal("%s: channel %i: reply %s", __func__, - c->self, ssh_err(r)); - } + (r = sshpkt_put_u32(ssh, c->host_port)) != 0) + fatal_fr(r, "channel %i: reply", c->self); } else if (strcmp(rtype, "direct-streamlocal@openssh.com") == 0) { /* target path */ - if ((r = sshpkt_put_cstring(ssh, c->path)) != 0) { - fatal("%s: channel %i: reply %s", __func__, - c->self, ssh_err(r)); - } + if ((r = sshpkt_put_cstring(ssh, c->path)) != 0) + fatal_fr(r, "channel %i: reply", c->self); } else if (strcmp(rtype, "forwarded-streamlocal@openssh.com") == 0) { /* listen path */ - if ((r = sshpkt_put_cstring(ssh, c->path)) != 0) { - fatal("%s: channel %i: reply %s", __func__, - c->self, ssh_err(r)); - } + if ((r = sshpkt_put_cstring(ssh, c->path)) != 0) + fatal_fr(r, "channel %i: reply", c->self); } else { /* listen address, port */ if ((r = sshpkt_put_cstring(ssh, c->path)) != 0 || - (r = sshpkt_put_u32(ssh, local_port)) != 0) { - fatal("%s: channel %i: reply %s", __func__, - c->self, ssh_err(r)); - } + (r = sshpkt_put_u32(ssh, local_port)) != 0) + fatal_fr(r, "channel %i: reply", c->self); } if (strcmp(rtype, "forwarded-streamlocal@openssh.com") == 0) { /* reserved for future owner/mode info */ - if ((r = sshpkt_put_cstring(ssh, "")) != 0) { - fatal("%s: channel %i: reply %s", __func__, - c->self, ssh_err(r)); - } + if ((r = sshpkt_put_cstring(ssh, "")) != 0) + fatal_fr(r, "channel %i: reply", c->self); } else { /* originator host and port */ if ((r = sshpkt_put_cstring(ssh, remote_ipaddr)) != 0 || - (r = sshpkt_put_u32(ssh, (u_int)remote_port)) != 0) { - fatal("%s: channel %i: reply %s", __func__, - c->self, ssh_err(r)); - } + (r = sshpkt_put_u32(ssh, (u_int)remote_port)) != 0) + fatal_fr(r, "channel %i: reply", c->self); } if ((r = sshpkt_send(ssh)) != 0) - fatal("%s: channel %i: send %s", __func__, c->self, ssh_err(r)); + fatal_fr(r, "channel %i: send", c->self); free(remote_ipaddr); free(local_ipaddr); } @@ -1860,7 +1824,7 @@ channel_post_auth_listener(struct ssh *ssh, Channel *c, 0, "accepted auth socket", 1); open_preamble(ssh, __func__, nc, "auth-agent@openssh.com"); if ((r = sshpkt_send(ssh)) != 0) - fatal("%s: channel %i: %s", __func__, c->self, ssh_err(r)); + fatal_fr(r, "channel %i", c->self); } static void @@ -1873,7 +1837,7 @@ channel_post_connecting(struct ssh *ssh, Channel *c, if (!FD_ISSET(c->sock, writeset)) return; if (!c->have_remote_id) - fatal(":%s: channel %d: no remote id", __func__, c->self); + fatal_f("channel %d: no remote id", c->self); /* for rdynamic the OPEN_CONFIRMATION has been sent already */ isopen = (c->type == SSH_CHANNEL_RDYNAMIC_FINISH); if (getsockopt(c->sock, SOL_SOCKET, SO_ERROR, &err, &sz) == -1) { @@ -1893,13 +1857,9 @@ channel_post_connecting(struct ssh *ssh, Channel *c, (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 || (r = sshpkt_put_u32(ssh, c->self)) != 0 || (r = sshpkt_put_u32(ssh, c->local_window)) != 0 || - (r = sshpkt_put_u32(ssh, c->local_maxpacket)) - != 0) - fatal("%s: channel %i: confirm: %s", __func__, - c->self, ssh_err(r)); - if ((r = sshpkt_send(ssh)) != 0) - fatal("%s: channel %i: %s", __func__, c->self, - ssh_err(r)); + (r = sshpkt_put_u32(ssh, c->local_maxpacket)) != 0 || + (r = sshpkt_send(ssh)) != 0) + fatal_fr(r, "channel %i open confirm", c->self); } } else { debug("channel %d: connection failed: %s", @@ -1924,13 +1884,9 @@ channel_post_connecting(struct ssh *ssh, Channel *c, (r = sshpkt_put_u32(ssh, SSH2_OPEN_CONNECT_FAILED)) != 0 || (r = sshpkt_put_cstring(ssh, strerror(err))) != 0 || - (r = sshpkt_put_cstring(ssh, "")) != 0) { - fatal("%s: channel %i: failure: %s", __func__, - c->self, ssh_err(r)); - } - if ((r = sshpkt_send(ssh)) != 0) - fatal("%s: channel %i: %s", __func__, c->self, - ssh_err(r)); + (r = sshpkt_put_cstring(ssh, "")) != 0 || + (r = sshpkt_send(ssh)) != 0) + fatal_fr(r, "channel %i: failure", c->self); chan_mark_dead(ssh, c); } } @@ -1969,12 +1925,9 @@ channel_handle_rfd(struct ssh *ssh, Channel *c, } } else if (c->datagram) { if ((r = sshbuf_put_string(c->input, buf, len)) != 0) - fatal("%s: channel %d: put datagram: %s", __func__, - c->self, ssh_err(r)); - } else if ((r = sshbuf_put(c->input, buf, len)) != 0) { - fatal("%s: channel %d: put data: %s", __func__, - c->self, ssh_err(r)); - } + fatal_fr(r, "channel %i: put datagram", c->self); + } else if ((r = sshbuf_put(c->input, buf, len)) != 0) + fatal_fr(r, "channel %i: put data", c->self); return 1; } @@ -2004,8 +1957,7 @@ channel_handle_wfd(struct ssh *ssh, Channel *c, } } else if (c->datagram) { if ((r = sshbuf_get_string(c->output, &data, &dlen)) != 0) - fatal("%s: channel %d: get datagram: %s", __func__, - c->self, ssh_err(r)); + fatal_fr(r, "channel %i: get datagram", c->self); buf = data; } else { buf = data = sshbuf_mutable_ptr(c->output); @@ -2048,14 +2000,11 @@ channel_handle_wfd(struct ssh *ssh, Channel *c, */ if ((r = sshpkt_msg_ignore(ssh, 4+len)) != 0 || (r = sshpkt_send(ssh)) != 0) - fatal("%s: channel %d: ignore: %s", - __func__, c->self, ssh_err(r)); + fatal_fr(r, "channel %i: ignore", c->self); } } - if ((r = sshbuf_consume(c->output, len)) != 0) { - fatal("%s: channel %d: consume: %s", - __func__, c->self, ssh_err(r)); - } + if ((r = sshbuf_consume(c->output, len)) != 0) + fatal_fr(r, "channel %i: consume", c->self); out: c->local_consumed += olen - sshbuf_len(c->output); @@ -2081,10 +2030,8 @@ channel_handle_efd_write(struct ssh *ssh, Channel *c, debug2("channel %d: closing write-efd %d", c->self, c->efd); channel_close_fd(ssh, &c->efd); } else { - if ((r = sshbuf_consume(c->extended, len)) != 0) { - fatal("%s: channel %d: consume: %s", - __func__, c->self, ssh_err(r)); - } + if ((r = sshbuf_consume(c->extended, len)) != 0) + fatal_fr(r, "channel %i: consume", c->self); c->local_consumed += len; } return 1; @@ -2106,18 +2053,12 @@ channel_handle_efd_read(struct ssh *ssh, Channel *c, if (len == -1 && (errno == EINTR || errno == EAGAIN)) return 1; if (len <= 0) { - debug2("channel %d: closing read-efd %d", - c->self, c->efd); + debug2("channel %d: closing read-efd %d", c->self, c->efd); channel_close_fd(ssh, &c->efd); - } else { - if (c->extended_usage == CHAN_EXTENDED_IGNORE) { - debug3("channel %d: discard efd", - c->self); - } else if ((r = sshbuf_put(c->extended, buf, len)) != 0) { - fatal("%s: channel %d: append: %s", - __func__, c->self, ssh_err(r)); - } - } + } else if (c->extended_usage == CHAN_EXTENDED_IGNORE) + debug3("channel %d: discard efd", c->self); + else if ((r = sshbuf_put(c->extended, buf, len)) != 0) + fatal_fr(r, "channel %i: append", c->self); return 1; } @@ -2151,19 +2092,16 @@ channel_check_window(struct ssh *ssh, Channel *c) c->local_window < c->local_window_max/2) && c->local_consumed > 0) { if (!c->have_remote_id) - fatal(":%s: channel %d: no remote id", - __func__, c->self); + fatal_f("channel %d: no remote id", c->self); if ((r = sshpkt_start(ssh, SSH2_MSG_CHANNEL_WINDOW_ADJUST)) != 0 || (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 || (r = sshpkt_put_u32(ssh, c->local_consumed)) != 0 || (r = sshpkt_send(ssh)) != 0) { - fatal("%s: channel %i: %s", __func__, - c->self, ssh_err(r)); + fatal_fr(r, "channel %i", c->self); } - debug2("channel %d: window %d sent adjust %d", - c->self, c->local_window, - c->local_consumed); + debug2("channel %d: window %d sent adjust %d", c->self, + c->local_window, c->local_consumed); c->local_window += c->local_consumed; c->local_consumed = 0; } @@ -2198,10 +2136,8 @@ read_mux(struct ssh *ssh, Channel *c, u_int need) c->self, c->rfd, len); chan_read_failed(ssh, c); return 0; - } else if ((r = sshbuf_put(c->input, buf, len)) != 0) { - fatal("%s: channel %d: append: %s", - __func__, c->self, ssh_err(r)); - } + } else if ((r = sshbuf_put(c->input, buf, len)) != 0) + fatal_fr(r, "channel %i: append", c->self); } return sshbuf_len(c->input); } @@ -2262,8 +2198,7 @@ channel_post_mux_client_write(struct ssh *ssh, Channel *c, return; } if ((r = sshbuf_consume(c->output, len)) != 0) - fatal("%s: channel %d: consume: %s", __func__, - c->self, ssh_err(r)); + fatal_fr(r, "channel %i: consume", c->self); } static void @@ -2297,15 +2232,14 @@ channel_post_mux_listener(struct ssh *ssh, Channel *c, addrlen = sizeof(addr); if ((newsock = accept(c->sock, (struct sockaddr*)&addr, &addrlen)) == -1) { - error("%s accept: %s", __func__, strerror(errno)); + error_f("accept: %s", strerror(errno)); if (errno == EMFILE || errno == ENFILE) c->notbefore = monotime() + 1; return; } if (getpeereid(newsock, &euid, &egid) == -1) { - error("%s getpeereid failed: %s", __func__, - strerror(errno)); + error_f("getpeereid failed: %s", strerror(errno)); close(newsock); return; } @@ -2319,7 +2253,7 @@ channel_post_mux_listener(struct ssh *ssh, Channel *c, newsock, newsock, -1, c->local_window_max, c->local_maxpacket, 0, "mux-control", 1); nc->mux_rcb = c->mux_rcb; - debug3("%s: new mux channel %d fd %d", __func__, nc->self, nc->sock); + debug3_f("new mux channel %d fd %d", nc->self, nc->sock); /* establish state */ nc->mux_rcb(ssh, nc); /* mux state transitions must not elicit protocol messages */ @@ -2333,7 +2267,7 @@ channel_handler_init(struct ssh_channels *sc) if ((pre = calloc(SSH_CHANNEL_MAX_TYPE, sizeof(*pre))) == NULL || (post = calloc(SSH_CHANNEL_MAX_TYPE, sizeof(*post))) == NULL) - fatal("%s: allocation failed", __func__); + fatal_f("allocation failed"); pre[SSH_CHANNEL_OPEN] = &channel_pre_open; pre[SSH_CHANNEL_X11_OPEN] = &channel_pre_x11_open; @@ -2425,8 +2359,8 @@ channel_handler(struct ssh *ssh, int table, * Collect the time that the earliest * channel comes off pause. */ - debug3("%s: chan %d: skip for %d more seconds", - __func__, c->self, + debug3_f("chan %d: skip for %d more " + "seconds", c->self, (int)(c->notbefore - now)); if (*unpause_secs == 0 || (c->notbefore - now) < *unpause_secs) @@ -2436,8 +2370,8 @@ channel_handler(struct ssh *ssh, int table, channel_garbage_collect(ssh, c); } if (unpause_secs != NULL && *unpause_secs != 0) - debug3("%s: first channel unpauses in %d seconds", - __func__, (int)*unpause_secs); + debug3_f("first channel unpauses in %d seconds", + (int)*unpause_secs); } /* @@ -2536,13 +2470,12 @@ channel_output_poll_input_open(struct ssh *ssh, Channel *c) } if (!c->have_remote_id) - fatal(":%s: channel %d: no remote id", __func__, c->self); + fatal_f("channel %d: no remote id", c->self); if (c->datagram) { /* Check datagram will fit; drop if not */ if ((r = sshbuf_get_string_direct(c->input, &pkt, &plen)) != 0) - fatal("%s: channel %d: get datagram: %s", __func__, - c->self, ssh_err(r)); + fatal_fr(r, "channel %i: get datagram", c->self); /* * XXX this does tail-drop on the datagram queue which is * usually suboptimal compared to head-drop. Better to have @@ -2556,10 +2489,8 @@ channel_output_poll_input_open(struct ssh *ssh, Channel *c) if ((r = sshpkt_start(ssh, SSH2_MSG_CHANNEL_DATA)) != 0 || (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 || (r = sshpkt_put_string(ssh, pkt, plen)) != 0 || - (r = sshpkt_send(ssh)) != 0) { - fatal("%s: channel %i: datagram: %s", __func__, - c->self, ssh_err(r)); - } + (r = sshpkt_send(ssh)) != 0) + fatal_fr(r, "channel %i: send datagram", c->self); c->remote_window -= plen; return; } @@ -2574,13 +2505,10 @@ channel_output_poll_input_open(struct ssh *ssh, Channel *c) if ((r = sshpkt_start(ssh, SSH2_MSG_CHANNEL_DATA)) != 0 || (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 || (r = sshpkt_put_string(ssh, sshbuf_ptr(c->input), len)) != 0 || - (r = sshpkt_send(ssh)) != 0) { - fatal("%s: channel %i: data: %s", __func__, - c->self, ssh_err(r)); - } + (r = sshpkt_send(ssh)) != 0) + fatal_fr(r, "channel %i: send data", c->self); if ((r = sshbuf_consume(c->input, len)) != 0) - fatal("%s: channel %i: consume: %s", __func__, - c->self, ssh_err(r)); + fatal_fr(r, "channel %i: consume", c->self); c->remote_window -= len; } @@ -2605,18 +2533,15 @@ channel_output_poll_extended_read(struct ssh *ssh, Channel *c) if (len == 0) return; if (!c->have_remote_id) - fatal(":%s: channel %d: no remote id", __func__, c->self); + fatal_f("channel %d: no remote id", c->self); if ((r = sshpkt_start(ssh, SSH2_MSG_CHANNEL_EXTENDED_DATA)) != 0 || (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 || (r = sshpkt_put_u32(ssh, SSH2_EXTENDED_DATA_STDERR)) != 0 || (r = sshpkt_put_string(ssh, sshbuf_ptr(c->extended), len)) != 0 || - (r = sshpkt_send(ssh)) != 0) { - fatal("%s: channel %i: data: %s", __func__, - c->self, ssh_err(r)); - } + (r = sshpkt_send(ssh)) != 0) + fatal_fr(r, "channel %i: data", c->self); if ((r = sshbuf_consume(c->extended, len)) != 0) - fatal("%s: channel %i: consume: %s", __func__, - c->self, ssh_err(r)); + fatal_fr(r, "channel %i: consume", c->self); c->remote_window -= len; debug2("channel %d: sent ext data %zu", c->self, len); } @@ -2713,11 +2638,11 @@ channel_proxy_downstream(struct ssh *ssh, Channel *downstream) /* sshbuf_dump(downstream->input, stderr); */ if ((r = sshbuf_get_string_direct(downstream->input, &cp, &have)) != 0) { - error("%s: malformed message: %s", __func__, ssh_err(r)); + error_fr(r, "parse"); return -1; } if (have < 2) { - error("%s: short message", __func__); + error_f("short message"); return -1; } type = cp[1]; @@ -2725,19 +2650,19 @@ channel_proxy_downstream(struct ssh *ssh, Channel *downstream) cp += 2; have -= 2; if (ssh_packet_log_type(type)) - debug3("%s: channel %u: down->up: type %u", __func__, + debug3_f("channel %u: down->up: type %u", downstream->self, type); switch (type) { case SSH2_MSG_CHANNEL_OPEN: if ((original = sshbuf_from(cp, have)) == NULL || (modified = sshbuf_new()) == NULL) { - error("%s: alloc", __func__); + error_f("alloc"); goto out; } if ((r = sshbuf_get_cstring(original, &ctype, NULL)) != 0 || (r = sshbuf_get_u32(original, &id)) != 0) { - error("%s: parse error %s", __func__, ssh_err(r)); + error_fr(r, "parse"); goto out; } c = channel_new(ssh, "mux proxy", SSH_CHANNEL_MUX_PROXY, @@ -2747,7 +2672,7 @@ channel_proxy_downstream(struct ssh *ssh, Channel *downstream) if ((r = sshbuf_put_cstring(modified, ctype)) != 0 || (r = sshbuf_put_u32(modified, c->self)) != 0 || (r = sshbuf_putb(modified, original)) != 0) { - error("%s: compose error %s", __func__, ssh_err(r)); + error_fr(r, "compose"); channel_free(ssh, c); goto out; } @@ -2759,12 +2684,12 @@ channel_proxy_downstream(struct ssh *ssh, Channel *downstream) */ if ((original = sshbuf_from(cp, have)) == NULL || (modified = sshbuf_new()) == NULL) { - error("%s: alloc", __func__); + error_f("alloc"); goto out; } if ((r = sshbuf_get_u32(original, &remote_id)) != 0 || (r = sshbuf_get_u32(original, &id)) != 0) { - error("%s: parse error %s", __func__, ssh_err(r)); + error_fr(r, "parse"); goto out; } c = channel_new(ssh, "mux proxy", SSH_CHANNEL_MUX_PROXY, @@ -2776,33 +2701,33 @@ channel_proxy_downstream(struct ssh *ssh, Channel *downstream) if ((r = sshbuf_put_u32(modified, remote_id)) != 0 || (r = sshbuf_put_u32(modified, c->self)) != 0 || (r = sshbuf_putb(modified, original)) != 0) { - error("%s: compose error %s", __func__, ssh_err(r)); + error_fr(r, "compose"); channel_free(ssh, c); goto out; } break; case SSH2_MSG_GLOBAL_REQUEST: if ((original = sshbuf_from(cp, have)) == NULL) { - error("%s: alloc", __func__); + error_f("alloc"); goto out; } if ((r = sshbuf_get_cstring(original, &ctype, NULL)) != 0) { - error("%s: parse error %s", __func__, ssh_err(r)); + error_fr(r, "parse"); goto out; } if (strcmp(ctype, "tcpip-forward") != 0) { - error("%s: unsupported request %s", __func__, ctype); + error_f("unsupported request %s", ctype); goto out; } if ((r = sshbuf_get_u8(original, NULL)) != 0 || (r = sshbuf_get_cstring(original, &listen_host, NULL)) != 0 || (r = sshbuf_get_u32(original, &listen_port)) != 0) { - error("%s: parse error %s", __func__, ssh_err(r)); + error_fr(r, "parse"); goto out; } if (listen_port > 65535) { - error("%s: tcpip-forward for %s: bad port %u", - __func__, listen_host, listen_port); + error_f("tcpip-forward for %s: bad port %u", + listen_host, listen_port); goto out; } /* Record that connection to this host/port is permitted. */ @@ -2826,14 +2751,14 @@ channel_proxy_downstream(struct ssh *ssh, Channel *downstream) if ((r = sshpkt_start(ssh, type)) != 0 || (r = sshpkt_putb(ssh, modified)) != 0 || (r = sshpkt_send(ssh)) != 0) { - error("%s: send %s", __func__, ssh_err(r)); + error_fr(r, "send"); goto out; } } else { if ((r = sshpkt_start(ssh, type)) != 0 || (r = sshpkt_put(ssh, cp, have)) != 0 || (r = sshpkt_send(ssh)) != 0) { - error("%s: send %s", __func__, ssh_err(r)); + error_fr(r, "send"); goto out; } } @@ -2884,18 +2809,17 @@ channel_proxy_upstream(Channel *c, int type, u_int32_t seq, struct ssh *ssh) case SSH2_MSG_CHANNEL_REQUEST: break; default: - debug2("%s: channel %u: unsupported type %u", __func__, - c->self, type); + debug2_f("channel %u: unsupported type %u", c->self, type); return 0; } if ((b = sshbuf_new()) == NULL) { - error("%s: alloc reply", __func__); + error_f("alloc reply"); goto out; } /* get remaining payload (after id) */ cp = sshpkt_ptr(ssh, &len); if (cp == NULL) { - error("%s: no packet", __func__); + error_f("no packet"); goto out; } /* translate id and send to muxclient */ @@ -2904,13 +2828,12 @@ channel_proxy_upstream(Channel *c, int type, u_int32_t seq, struct ssh *ssh) (r = sshbuf_put_u32(b, c->mux_downstream_id)) != 0 || (r = sshbuf_put(b, cp, len)) != 0 || (r = sshbuf_put_stringb(downstream->output, b)) != 0) { - error("%s: compose for muxclient %s", __func__, ssh_err(r)); + error_fr(r, "compose muxclient"); goto out; } /* sshbuf_dump(b, stderr); */ if (ssh_packet_log_type(type)) - debug3("%s: channel %u: up->down: type %u", __func__, c->self, - type); + debug3_f("channel %u: up->down: type %u", c->self, type); out: /* update state */ switch (type) { @@ -2942,11 +2865,11 @@ channel_parse_id(struct ssh *ssh, const char *where, const char *what) int r; if ((r = sshpkt_get_u32(ssh, &id)) != 0) { - error("%s: parse id: %s", where, ssh_err(r)); + error_r(r, "%s: parse id", where); ssh_packet_disconnect(ssh, "Invalid %s message", what); } if (id > INT_MAX) { - error("%s: bad channel id %u: %s", where, id, ssh_err(r)); + error_r(r, "%s: bad channel id %u", where, id); ssh_packet_disconnect(ssh, "Invalid %s channel id", what); } return (int)id; @@ -2987,8 +2910,7 @@ channel_input_data(int type, u_int32_t seq, struct ssh *ssh) /* Get the data. */ if ((r = sshpkt_get_string_direct(ssh, &data, &data_len)) != 0 || (r = sshpkt_get_end(ssh)) != 0) - fatal("%s: channel %d: get data: %s", __func__, - c->self, ssh_err(r)); + fatal_fr(r, "channel %i: get data", c->self); win_len = data_len; if (c->datagram) @@ -3019,11 +2941,9 @@ channel_input_data(int type, u_int32_t seq, struct ssh *ssh) if (c->datagram) { if ((r = sshbuf_put_string(c->output, data, data_len)) != 0) - fatal("%s: channel %d: append datagram: %s", - __func__, c->self, ssh_err(r)); + fatal_fr(r, "channel %i: append datagram", c->self); } else if ((r = sshbuf_put(c->output, data, data_len)) != 0) - fatal("%s: channel %d: append data: %s", - __func__, c->self, ssh_err(r)); + fatal_fr(r, "channel %i: append data", c->self); return 0; } @@ -3053,7 +2973,7 @@ channel_input_extended_data(int type, u_int32_t seq, struct ssh *ssh) } if ((r = sshpkt_get_u32(ssh, &tcode)) != 0) { - error("%s: parse tcode: %s", __func__, ssh_err(r)); + error_fr(r, "parse tcode"); ssh_packet_disconnect(ssh, "Invalid extended_data message"); } if (c->efd == -1 || @@ -3064,7 +2984,7 @@ channel_input_extended_data(int type, u_int32_t seq, struct ssh *ssh) } if ((r = sshpkt_get_string_direct(ssh, &data, &data_len)) != 0 || (r = sshpkt_get_end(ssh)) != 0) { - error("%s: parse data: %s", __func__, ssh_err(r)); + error_fr(r, "parse data"); ssh_packet_disconnect(ssh, "Invalid extended_data message"); } @@ -3076,7 +2996,7 @@ channel_input_extended_data(int type, u_int32_t seq, struct ssh *ssh) debug2("channel %d: rcvd ext data %zu", c->self, data_len); /* XXX sshpkt_getb? */ if ((r = sshbuf_put(c->extended, data, data_len)) != 0) - error("%s: append: %s", __func__, ssh_err(r)); + error_fr(r, "append"); c->local_window -= data_len; return 0; } @@ -3088,7 +3008,7 @@ channel_input_ieof(int type, u_int32_t seq, struct ssh *ssh) int r; if ((r = sshpkt_get_end(ssh)) != 0) { - error("%s: parse data: %s", __func__, ssh_err(r)); + error_fr(r, "parse data"); ssh_packet_disconnect(ssh, "Invalid ieof message"); } @@ -3115,7 +3035,7 @@ channel_input_oclose(int type, u_int32_t seq, struct ssh *ssh) if (channel_proxy_upstream(c, type, seq, ssh)) return 0; if ((r = sshpkt_get_end(ssh)) != 0) { - error("%s: parse data: %s", __func__, ssh_err(r)); + error_fr(r, "parse data"); ssh_packet_disconnect(ssh, "Invalid oclose message"); } chan_rcvd_oclose(ssh, c); @@ -3142,7 +3062,7 @@ channel_input_open_confirmation(int type, u_int32_t seq, struct ssh *ssh) (r = sshpkt_get_u32(ssh, &remote_window)) != 0 || (r = sshpkt_get_u32(ssh, &remote_maxpacket)) != 0 || (r = sshpkt_get_end(ssh)) != 0) { - error("%s: window/maxpacket: %s", __func__, ssh_err(r)); + error_fr(r, "window/maxpacket"); ssh_packet_disconnect(ssh, "Invalid open confirmation message"); } @@ -3151,9 +3071,9 @@ channel_input_open_confirmation(int type, u_int32_t seq, struct ssh *ssh) c->remote_maxpacket = remote_maxpacket; c->type = SSH_CHANNEL_OPEN; if (c->open_confirm) { - debug2("%s: channel %d: callback start", __func__, c->self); + debug2_f("channel %d: callback start", c->self); c->open_confirm(ssh, c->self, 1, c->open_confirm_ctx); - debug2("%s: channel %d: callback done", __func__, c->self); + debug2_f("channel %d: callback done", c->self); } debug2("channel %d: open confirm rwindow %u rmax %u", c->self, c->remote_window, c->remote_maxpacket); @@ -3190,23 +3110,23 @@ channel_input_open_failure(int type, u_int32_t seq, struct ssh *ssh) ssh_packet_disconnect(ssh, "Received open failure for " "non-opening channel %d.", c->self); if ((r = sshpkt_get_u32(ssh, &reason)) != 0) { - error("%s: reason: %s", __func__, ssh_err(r)); + error_fr(r, "parse reason"); ssh_packet_disconnect(ssh, "Invalid open failure message"); } /* skip language */ if ((r = sshpkt_get_cstring(ssh, &msg, NULL)) != 0 || (r = sshpkt_get_string_direct(ssh, NULL, NULL)) != 0 || (r = sshpkt_get_end(ssh)) != 0) { - error("%s: message/lang: %s", __func__, ssh_err(r)); + error_fr(r, "parse msg/lang"); ssh_packet_disconnect(ssh, "Invalid open failure message"); } logit("channel %d: open failed: %s%s%s", c->self, reason2txt(reason), msg ? ": ": "", msg ? msg : ""); free(msg); if (c->open_confirm) { - debug2("%s: channel %d: callback start", __func__, c->self); + debug2_f("channel %d: callback start", c->self); c->open_confirm(ssh, c->self, 0, c->open_confirm_ctx); - debug2("%s: channel %d: callback done", __func__, c->self); + debug2_f("channel %d: callback done", c->self); } /* Schedule the channel for cleanup/deletion. */ chan_mark_dead(ssh, c); @@ -3231,7 +3151,7 @@ channel_input_window_adjust(int type, u_int32_t seq, struct ssh *ssh) return 0; if ((r = sshpkt_get_u32(ssh, &adjust)) != 0 || (r = sshpkt_get_end(ssh)) != 0) { - error("%s: adjust: %s", __func__, ssh_err(r)); + error_fr(r, "parse adjust"); ssh_packet_disconnect(ssh, "Invalid window adjust message"); } debug2("channel %d: rcvd adjust %u", c->self, adjust); @@ -3253,10 +3173,10 @@ channel_input_status_confirm(int type, u_int32_t seq, struct ssh *ssh) /* Reset keepalive timeout */ ssh_packet_set_alive_timeouts(ssh, 0); - debug2("%s: type %d id %d", __func__, type, id); + debug2_f("type %d id %d", type, id); if ((c = channel_lookup(ssh, id)) == NULL) { - logit("%s: %d: unknown", __func__, id); + logit_f("%d: unknown", id); return 0; } if (channel_proxy_upstream(c, type, seq, ssh)) @@ -3381,8 +3301,8 @@ channel_setup_fwd_listener_tcpip(struct ssh *ssh, int type, /* Determine the bind address, cf. channel_fwd_bind_addr() comment */ addr = channel_fwd_bind_addr(ssh, fwd->listen_host, &wildcard, is_client, fwd_opts); - debug3("%s: type %d wildcard %d addr %s", __func__, - type, wildcard, (addr == NULL) ? "NULL" : addr); + debug3_f("type %d wildcard %d addr %s", type, wildcard, + (addr == NULL) ? "NULL" : addr); /* * getaddrinfo returns a loopback address if the hostname is @@ -3399,7 +3319,7 @@ channel_setup_fwd_listener_tcpip(struct ssh *ssh, int type, ssh_packet_disconnect(ssh, "getaddrinfo: fatal error: %s", ssh_gai_strerror(r)); } else { - error("%s: getaddrinfo(%.64s): %s", __func__, addr, + error_f("getaddrinfo(%.64s): %s", addr, ssh_gai_strerror(r)); } return 0; @@ -3431,7 +3351,7 @@ channel_setup_fwd_listener_tcpip(struct ssh *ssh, int type, if (getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, sizeof(ntop), strport, sizeof(strport), NI_NUMERICHOST|NI_NUMERICSERV) != 0) { - error("%s: getnameinfo failed", __func__); + error_f("getnameinfo failed"); continue; } /* Create a port to listen for the host. */ @@ -3495,8 +3415,7 @@ channel_setup_fwd_listener_tcpip(struct ssh *ssh, int type, success = 1; } if (success == 0) - error("%s: cannot listen to port: %d", __func__, - fwd->listen_port); + error_f("cannot listen to port: %d", fwd->listen_port); freeaddrinfo(aitop); return success; } @@ -3539,7 +3458,7 @@ channel_setup_fwd_listener_streamlocal(struct ssh *ssh, int type, port = PORT_STREAMLOCAL; break; default: - error("%s: unexpected channel type %d", __func__, type); + error_f("unexpected channel type %d", type); return 0; } @@ -3552,7 +3471,7 @@ channel_setup_fwd_listener_streamlocal(struct ssh *ssh, int type, return 0; } - debug3("%s: type %d path %s", __func__, type, fwd->listen_path); + debug3_f("type %d path %s", type, fwd->listen_path); /* Start a Unix domain listener. */ omask = umask(fwd_opts->streamlocal_bind_mask); @@ -3587,7 +3506,7 @@ channel_cancel_rport_listener_tcpip(struct ssh *ssh, if (c == NULL || c->type != SSH_CHANNEL_RPORT_LISTENER) continue; if (strcmp(c->path, host) == 0 && c->listening_port == port) { - debug2("%s: close channel %d", __func__, i); + debug2_f("close channel %d", i); channel_free(ssh, c); found = 1; } @@ -3609,7 +3528,7 @@ channel_cancel_rport_listener_streamlocal(struct ssh *ssh, const char *path) if (c->path == NULL) continue; if (strcmp(c->path, path) == 0) { - debug2("%s: close channel %d", __func__, i); + debug2_f("close channel %d", i); channel_free(ssh, c); found = 1; } @@ -3657,7 +3576,7 @@ channel_cancel_lport_listener_tcpip(struct ssh *ssh, (c->listening_addr != NULL && addr == NULL)) continue; if (addr == NULL || strcmp(c->listening_addr, addr) == 0) { - debug2("%s: close channel %d", __func__, i); + debug2_f("close channel %d", i); channel_free(ssh, c); found = 1; } @@ -3673,7 +3592,7 @@ channel_cancel_lport_listener_streamlocal(struct ssh *ssh, const char *path) int found = 0; if (path == NULL) { - error("%s: no path specified.", __func__); + error_f("no path specified."); return 0; } @@ -3684,7 +3603,7 @@ channel_cancel_lport_listener_streamlocal(struct ssh *ssh, const char *path) if (c->listening_addr == NULL) continue; if (strcmp(c->listening_addr, path) == 0) { - debug2("%s: close channel %d", __func__, i); + debug2_f("close channel %d", i); channel_free(ssh, c); found = 1; } @@ -3856,8 +3775,7 @@ channel_request_remote_forwarding(struct ssh *ssh, struct Forward *fwd) (r = sshpkt_put_cstring(ssh, fwd->listen_path)) != 0 || (r = sshpkt_send(ssh)) != 0 || (r = ssh_packet_write_wait(ssh)) != 0) - fatal("%s: request streamlocal: %s", - __func__, ssh_err(r)); + fatal_fr(r, "request streamlocal"); } else { if ((r = sshpkt_start(ssh, SSH2_MSG_GLOBAL_REQUEST)) != 0 || (r = sshpkt_put_cstring(ssh, "tcpip-forward")) != 0 || @@ -3867,8 +3785,7 @@ channel_request_remote_forwarding(struct ssh *ssh, struct Forward *fwd) (r = sshpkt_put_u32(ssh, fwd->listen_port)) != 0 || (r = sshpkt_send(ssh)) != 0 || (r = ssh_packet_write_wait(ssh)) != 0) - fatal("%s: request tcpip-forward: %s", - __func__, ssh_err(r)); + fatal_fr(r, "request tcpip-forward"); } /* Assume that server accepts the request */ success = 1; @@ -3976,7 +3893,7 @@ channel_request_rforward_cancel_tcpip(struct ssh *ssh, perm = NULL; } if (perm == NULL) { - debug("%s: requested forward not found", __func__); + debug_f("requested forward not found"); return -1; } if ((r = sshpkt_start(ssh, SSH2_MSG_GLOBAL_REQUEST)) != 0 || @@ -3985,7 +3902,7 @@ channel_request_rforward_cancel_tcpip(struct ssh *ssh, (r = sshpkt_put_cstring(ssh, channel_rfwd_bind_host(host))) != 0 || (r = sshpkt_put_u32(ssh, port)) != 0 || (r = sshpkt_send(ssh)) != 0) - fatal("%s: send cancel: %s", __func__, ssh_err(r)); + fatal_fr(r, "send cancel"); fwd_perm_clear(perm); /* unregister */ @@ -4012,7 +3929,7 @@ channel_request_rforward_cancel_streamlocal(struct ssh *ssh, const char *path) perm = NULL; } if (perm == NULL) { - debug("%s: requested forward not found", __func__); + debug_f("requested forward not found"); return -1; } if ((r = sshpkt_start(ssh, SSH2_MSG_GLOBAL_REQUEST)) != 0 || @@ -4021,7 +3938,7 @@ channel_request_rforward_cancel_streamlocal(struct ssh *ssh, const char *path) (r = sshpkt_put_u8(ssh, 0)) != 0 || /* want reply */ (r = sshpkt_put_cstring(ssh, path)) != 0 || (r = sshpkt_send(ssh)) != 0) - fatal("%s: send cancel: %s", __func__, ssh_err(r)); + fatal_fr(r, "send cancel"); fwd_perm_clear(perm); /* unregister */ @@ -4116,8 +4033,8 @@ channel_update_permission(struct ssh *ssh, int idx, int newport) struct permission_set *pset = &ssh->chanctxt->local_perms; if (idx < 0 || (u_int)idx >= pset->num_permitted_user) { - debug("%s: index out of range: %d num_permitted_user %d", - __func__, idx, pset->num_permitted_user); + debug_f("index out of range: %d num_permitted_user %d", + idx, pset->num_permitted_user); return; } debug("%s allowed port %d for forwarding to host %s port %d", @@ -4184,7 +4101,7 @@ connect_next(struct channel_connect *cctx) continue; } if (set_nonblock(sock) == -1) - fatal("%s: set_nonblock(%d)", __func__, sock); + fatal_f("set_nonblock(%d)", sock); if (connect(sock, cctx->ai->ai_addr, cctx->ai->ai_addrlen) == -1 && errno != EINPROGRESS) { debug("connect_next: host %.100s ([%.100s]:%s): " @@ -4487,8 +4404,7 @@ channel_send_window_changes(struct ssh *ssh) (r = sshpkt_put_u32(ssh, (u_int)ws.ws_xpixel)) != 0 || (r = sshpkt_put_u32(ssh, (u_int)ws.ws_ypixel)) != 0 || (r = sshpkt_send(ssh)) != 0) - fatal("%s: channel %u: send window-change: %s", - __func__, i, ssh_err(r)); + fatal_fr(r, "channel %u; send window-change", i); } } @@ -4512,10 +4428,8 @@ rdynamic_connect_prepare(struct ssh *ssh, char *ctype, char *rname) (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 || (r = sshpkt_put_u32(ssh, c->self)) != 0 || (r = sshpkt_put_u32(ssh, c->local_window)) != 0 || - (r = sshpkt_put_u32(ssh, c->local_maxpacket)) != 0) { - fatal("%s: channel %i: confirm: %s", __func__, - c->self, ssh_err(r)); - } + (r = sshpkt_put_u32(ssh, c->local_maxpacket)) != 0) + fatal_fr(r, "channel %i; confirm", c->self); return c; } @@ -4589,8 +4503,8 @@ x11_create_display_inet(struct ssh *ssh, int x11_display_offset, } set_reuseaddr(sock); if (bind(sock, ai->ai_addr, ai->ai_addrlen) == -1) { - debug2("%s: bind port %d: %.100s", __func__, - port, strerror(errno)); + debug2_f("bind port %d: %.100s", port, + strerror(errno)); close(sock); for (n = 0; n < num_socks; n++) close(socks[n]); @@ -4795,9 +4709,10 @@ x11_request_forwarding_with_spoofing(struct ssh *ssh, int client_session_id, /* Extract real authentication data. */ sc->x11_saved_data = xmalloc(data_len); for (i = 0; i < data_len; i++) { - if (sscanf(data + 2 * i, "%2x", &value) != 1) + if (sscanf(data + 2 * i, "%2x", &value) != 1) { fatal("x11_request_forwarding: bad " "authentication data: %.100s", data); + } sc->x11_saved_data[i] = value; } sc->x11_saved_data_len = data_len; @@ -4819,6 +4734,6 @@ x11_request_forwarding_with_spoofing(struct ssh *ssh, int client_session_id, (r = sshpkt_put_u32(ssh, screen_number)) != 0 || (r = sshpkt_send(ssh)) != 0 || (r = ssh_packet_write_wait(ssh)) != 0) - fatal("%s: send x11-req: %s", __func__, ssh_err(r)); + fatal_fr(r, "send x11-req"); free(new_data); } diff --git a/usr.bin/ssh/clientloop.c b/usr.bin/ssh/clientloop.c index fa240b1b082..cda0845484a 100644 --- a/usr.bin/ssh/clientloop.c +++ b/usr.bin/ssh/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.353 2020/10/14 00:55:17 djm Exp $ */ +/* $OpenBSD: clientloop.c,v 1.354 2020/10/18 11:32:01 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -226,13 +226,13 @@ set_control_persist_exit_time(struct ssh *ssh) } else if (channel_still_open(ssh)) { /* some client connections are still open */ if (control_persist_exit_time > 0) - debug2("%s: cancel scheduled exit", __func__); + debug2_f("cancel scheduled exit"); control_persist_exit_time = 0; } else if (control_persist_exit_time <= 0) { /* a client connection has recently closed */ control_persist_exit_time = monotime() + (time_t)options.control_persist_timeout; - debug2("%s: schedule exit in %d seconds", __func__, + debug2_f("schedule exit in %d seconds", options.control_persist_timeout); } /* else we are already counting down to the timeout */ @@ -300,7 +300,7 @@ client_x11_get_proto(struct ssh *ssh, const char *display, if ((r = snprintf(xdisplay, sizeof(xdisplay), "unix:%s", display + 10)) < 0 || (size_t)r >= sizeof(xdisplay)) { - error("%s: display name too long", __func__); + error_f("display name too long"); return -1; } display = xdisplay; @@ -315,15 +315,14 @@ client_x11_get_proto(struct ssh *ssh, const char *display, */ mktemp_proto(xauthdir, sizeof(xauthdir)); if (mkdtemp(xauthdir) == NULL) { - error("%s: mkdtemp: %s", - __func__, strerror(errno)); + error_f("mkdtemp: %s", strerror(errno)); return -1; } do_unlink = 1; if ((r = snprintf(xauthfile, sizeof(xauthfile), "%s/xauthfile", xauthdir)) < 0 || (size_t)r >= sizeof(xauthfile)) { - error("%s: xauthfile path too long", __func__); + error_f("xauthfile path too long"); rmdir(xauthdir); return -1; } @@ -349,7 +348,7 @@ client_x11_get_proto(struct ssh *ssh, const char *display, SSH_X11_PROTO, x11_timeout_real, _PATH_DEVNULL); } - debug2("%s: xauth command: %s", __func__, cmd); + debug2_f("xauth command: %s", cmd); if (timeout != 0 && x11_refuse_time == 0) { now = monotime() + 1; @@ -438,7 +437,7 @@ client_check_window_change(struct ssh *ssh) if (!received_window_change_signal) return; received_window_change_signal = 0; - debug2("%s: changed", __func__); + debug2_f("changed"); channel_send_window_changes(ssh); } @@ -480,7 +479,7 @@ server_alive_check(struct ssh *ssh) (r = sshpkt_put_cstring(ssh, "keepalive@openssh.com")) != 0 || (r = sshpkt_put_u8(ssh, 1)) != 0 || /* boolean: want reply */ (r = sshpkt_send(ssh)) != 0) - fatal("%s: send packet: %s", __func__, ssh_err(r)); + fatal_fr(r, "send packet"); /* Insert an empty placeholder to maintain ordering */ client_register_global_confirm(NULL, NULL); schedule_server_alive_check(); @@ -562,7 +561,7 @@ client_wait_until_can_do_something(struct ssh *ssh, /* Note: we might still have data in the buffers. */ if ((r = sshbuf_putf(stderr_buffer, "select: %s\r\n", strerror(errno))) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "sshbuf_putf"); quit_pending = 1; } else if (options.server_alive_interval > 0 && !FD_ISSET(connection_in, *readsetp) && monotime() >= server_alive_time) @@ -622,8 +621,7 @@ client_process_net_input(struct ssh *ssh, fd_set *readset) if ((r = sshbuf_putf(stderr_buffer, "Connection to %.300s closed by remote host.\r\n", host)) != 0) - fatal("%s: buffer error: %s", - __func__, ssh_err(r)); + fatal_fr(r, "sshbuf_putf"); quit_pending = 1; return; } @@ -642,8 +640,7 @@ client_process_net_input(struct ssh *ssh, fd_set *readset) if ((r = sshbuf_putf(stderr_buffer, "Read from remote host %.300s: %.100s\r\n", host, strerror(errno))) != 0) - fatal("%s: buffer error: %s", - __func__, ssh_err(r)); + fatal_fr(r, "sshbuf_putf"); quit_pending = 1; return; } @@ -693,8 +690,7 @@ client_status_confirm(struct ssh *ssh, int type, Channel *c, void *ctx) if (tochan) { if ((r = sshbuf_put(c->extended, errmsg, strlen(errmsg))) != 0) - fatal("%s: buffer error %s", __func__, - ssh_err(r)); + fatal_fr(r, "sshbuf_put"); } else error("%s", errmsg); if (cr->action == CONFIRM_TTY) { @@ -742,8 +738,8 @@ client_register_global_confirm(global_confirm_cb *cb, void *ctx) last_gc = TAILQ_LAST(&global_confirms, global_confirms); if (last_gc && last_gc->cb == cb && last_gc->ctx == ctx) { if (++last_gc->ref_count >= INT_MAX) - fatal("%s: last_gc->ref_count = %d", - __func__, last_gc->ref_count); + fatal_f("last_gc->ref_count = %d", + last_gc->ref_count); return; } @@ -906,7 +902,7 @@ print_escape_help(struct sshbuf *b, int escape_char, int mux_client, if ((r = sshbuf_putf(b, "%c?\r\nSupported escape sequences:\r\n", escape_char)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "sshbuf_putf"); suppress_flags = (mux_client ? SUPPRESS_MUXCLIENT : 0) | @@ -918,14 +914,14 @@ print_escape_help(struct sshbuf *b, int escape_char, int mux_client, continue; if ((r = sshbuf_putf(b, " %c%-3s - %s\r\n", escape_char, esc_txt[i].cmd, esc_txt[i].text)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "sshbuf_putf"); } if ((r = sshbuf_putf(b, " %c%c - send the escape character by typing it twice\r\n" "(Note that escapes are only recognized immediately after " "newline.)\r\n", escape_char, escape_char)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "sshbuf_putf"); } /* @@ -965,8 +961,7 @@ process_escapes(struct ssh *ssh, Channel *c, /* Terminate the connection. */ if ((r = sshbuf_putf(berr, "%c.\r\n", efc->escape_char)) != 0) - fatal("%s: buffer error: %s", - __func__, ssh_err(r)); + fatal_fr(r, "sshbuf_putf"); if (c && c->ctl_chan != -1) { chan_read_failed(ssh, c); chan_write_failed(ssh, c); @@ -995,16 +990,14 @@ process_escapes(struct ssh *ssh, Channel *c, "%c%s escape not available to " "multiplexed sessions\r\n", efc->escape_char, b)) != 0) - fatal("%s: buffer error: %s", - __func__, ssh_err(r)); + fatal_fr(r, "sshbuf_putf"); continue; } /* Suspend the program. Inform the user */ if ((r = sshbuf_putf(berr, "%c^Z [suspend ssh]\r\n", efc->escape_char)) != 0) - fatal("%s: buffer error: %s", - __func__, ssh_err(r)); + fatal_fr(r, "sshbuf_putf"); /* Restore terminal modes and suspend. */ client_suspend_self(bin, bout, berr); @@ -1015,13 +1008,11 @@ process_escapes(struct ssh *ssh, Channel *c, case 'B': if ((r = sshbuf_putf(berr, "%cB\r\n", efc->escape_char)) != 0) - fatal("%s: buffer error: %s", - __func__, ssh_err(r)); + fatal_fr(r, "sshbuf_putf"); channel_request_start(ssh, c->self, "break", 0); if ((r = sshpkt_put_u32(ssh, 1000)) != 0 || (r = sshpkt_send(ssh)) != 0) - fatal("%s: send packet: %s", __func__, - ssh_err(r)); + fatal_fr(r, "send packet"); continue; case 'R': @@ -1041,8 +1032,7 @@ process_escapes(struct ssh *ssh, Channel *c, if ((r = sshbuf_putf(berr, "%c%c [Logging to syslog]\r\n", efc->escape_char, ch)) != 0) - fatal("%s: buffer error: %s", - __func__, ssh_err(r)); + fatal_fr(r, "sshbuf_putf"); continue; } if (ch == 'V' && options.log_level > @@ -1055,8 +1045,7 @@ process_escapes(struct ssh *ssh, Channel *c, "%c%c [LogLevel %s]\r\n", efc->escape_char, ch, log_level_name(options.log_level))) != 0) - fatal("%s: buffer error: %s", - __func__, ssh_err(r)); + fatal_fr(r, "sshbuf_putf"); continue; case '&': @@ -1074,11 +1063,9 @@ process_escapes(struct ssh *ssh, Channel *c, /* Stop listening for new connections. */ channel_stop_listening(ssh); - if ((r = sshbuf_putf(berr, - "%c& [backgrounded]\n", efc->escape_char)) - != 0) - fatal("%s: buffer error: %s", - __func__, ssh_err(r)); + if ((r = sshbuf_putf(berr, "%c& " + "[backgrounded]\n", efc->escape_char)) != 0) + fatal_fr(r, "sshbuf_putf"); /* Fork into background. */ pid = fork(); @@ -1093,8 +1080,7 @@ process_escapes(struct ssh *ssh, Channel *c, /* The child continues serving connections. */ /* fake EOF on stdin */ if ((r = sshbuf_put_u8(bin, 4)) != 0) - fatal("%s: buffer error: %s", - __func__, ssh_err(r)); + fatal_fr(r, "sshbuf_put_u8"); return -1; case '?': print_escape_help(berr, efc->escape_char, @@ -1105,12 +1091,10 @@ process_escapes(struct ssh *ssh, Channel *c, case '#': if ((r = sshbuf_putf(berr, "%c#\r\n", efc->escape_char)) != 0) - fatal("%s: buffer error: %s", - __func__, ssh_err(r)); + fatal_fr(r, "sshbuf_putf"); s = channel_open_message(ssh); if ((r = sshbuf_put(berr, s, strlen(s))) != 0) - fatal("%s: buffer error: %s", - __func__, ssh_err(r)); + fatal_fr(r, "sshbuf_put"); free(s); continue; @@ -1124,8 +1108,7 @@ process_escapes(struct ssh *ssh, Channel *c, if (ch != efc->escape_char) { if ((r = sshbuf_put_u8(bin, efc->escape_char)) != 0) - fatal("%s: buffer error: %s", - __func__, ssh_err(r)); + fatal_fr(r, "sshbuf_put_u8"); bytes++; } /* Escaped characters fall through here */ @@ -1152,7 +1135,7 @@ process_escapes(struct ssh *ssh, Channel *c, */ last_was_cr = (ch == '\r' || ch == '\n'); if ((r = sshbuf_put_u8(bin, ch)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "sshbuf_put_u8"); bytes++; } return bytes; @@ -1238,30 +1221,30 @@ client_loop(struct ssh *ssh, int have_pty, int escape_char_arg, debug("pledge: id"); if (pledge("stdio rpath wpath cpath unix inet dns recvfd sendfd proc exec id tty", NULL) == -1) - fatal("%s pledge(): %s", __func__, strerror(errno)); + fatal_f("pledge(): %s", strerror(errno)); } else if (options.forward_x11 || options.permit_local_command) { debug("pledge: exec"); if (pledge("stdio rpath wpath cpath unix inet dns proc exec tty", NULL) == -1) - fatal("%s pledge(): %s", __func__, strerror(errno)); + fatal_f("pledge(): %s", strerror(errno)); } else if (options.update_hostkeys) { debug("pledge: filesystem full"); if (pledge("stdio rpath wpath cpath unix inet dns proc tty", NULL) == -1) - fatal("%s pledge(): %s", __func__, strerror(errno)); + fatal_f("pledge(): %s", strerror(errno)); } else if (!option_clear_or_none(options.proxy_command) || fork_after_authentication_flag) { debug("pledge: proc"); if (pledge("stdio cpath unix inet dns proc tty", NULL) == -1) - fatal("%s pledge(): %s", __func__, strerror(errno)); + fatal_f("pledge(): %s", strerror(errno)); } else { debug("pledge: network"); if (pledge("stdio unix inet dns proc tty", NULL) == -1) - fatal("%s pledge(): %s", __func__, strerror(errno)); + fatal_f("pledge(): %s", strerror(errno)); } start_time = monotime_double(); @@ -1277,7 +1260,7 @@ client_loop(struct ssh *ssh, int have_pty, int escape_char_arg, /* Initialize buffer. */ if ((stderr_buffer = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); client_init_dispatch(ssh); @@ -1328,8 +1311,7 @@ client_loop(struct ssh *ssh, int have_pty, int escape_char_arg, /* manual rekey request */ debug("need rekeying"); if ((r = kex_start_rekex(ssh)) != 0) - fatal("%s: kex_start_rekex: %s", __func__, - ssh_err(r)); + fatal_fr(r, "kex_start_rekex"); need_rekeying = 0; } else { /* @@ -1406,7 +1388,7 @@ client_loop(struct ssh *ssh, int have_pty, int escape_char_arg, (r = sshpkt_put_cstring(ssh, "")) != 0 || /* language tag */ (r = sshpkt_send(ssh)) != 0 || (r = ssh_packet_write_wait(ssh)) != 0) - fatal("%s: send disconnect: %s", __func__, ssh_err(r)); + fatal_fr(r, "send disconnect"); channel_free_all(ssh); @@ -1443,7 +1425,7 @@ client_loop(struct ssh *ssh, int have_pty, int escape_char_arg, if (have_pty && options.log_level != SYSLOG_LEVEL_QUIET) { if ((r = sshbuf_putf(stderr_buffer, "Connection to %.64s closed.\r\n", host)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "sshbuf_putf"); } /* Output any buffered data for stderr. */ @@ -1454,7 +1436,7 @@ client_loop(struct ssh *ssh, int have_pty, int escape_char_arg, if (len < 0 || (u_int)len != sshbuf_len(stderr_buffer)) error("Write failed flushing stderr buffer."); else if ((r = sshbuf_consume(stderr_buffer, len)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "sshbuf_consume"); } /* Clear and free any buffers. */ @@ -1491,15 +1473,15 @@ client_request_forwarded_tcpip(struct ssh *ssh, const char *request_type, (r = sshpkt_get_cstring(ssh, &originator_address, NULL)) != 0 || (r = sshpkt_get_u32(ssh, &originator_port)) != 0 || (r = sshpkt_get_end(ssh)) != 0) - fatal("%s: parse packet: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse packet"); - debug("%s: listen %s port %d, originator %s port %d", __func__, + debug_f("listen %s port %d, originator %s port %d", listen_address, listen_port, originator_address, originator_port); if (listen_port > 0xffff) - error("%s: invalid listen port", __func__); + error_f("invalid listen port"); else if (originator_port > 0xffff) - error("%s: invalid originator port", __func__); + error_f("invalid originator port"); else { c = channel_connect_by_listen_address(ssh, listen_address, listen_port, "forwarded-tcpip", @@ -1508,7 +1490,7 @@ client_request_forwarded_tcpip(struct ssh *ssh, const char *request_type, if (c != NULL && c->type == SSH_CHANNEL_MUX_CLIENT) { if ((b = sshbuf_new()) == NULL) { - error("%s: alloc reply", __func__); + error_f("alloc reply"); goto out; } /* reconstruct and send to muxclient */ @@ -1523,8 +1505,7 @@ client_request_forwarded_tcpip(struct ssh *ssh, const char *request_type, (r = sshbuf_put_cstring(b, originator_address)) != 0 || (r = sshbuf_put_u32(b, originator_port)) != 0 || (r = sshbuf_put_stringb(c->output, b)) != 0) { - error("%s: compose for muxclient %s", __func__, - ssh_err(r)); + error_fr(r, "compose for muxclient"); goto out; } } @@ -1548,9 +1529,9 @@ client_request_forwarded_streamlocal(struct ssh *ssh, if ((r = sshpkt_get_cstring(ssh, &listen_path, NULL)) != 0 || (r = sshpkt_get_string(ssh, NULL, NULL)) != 0 || /* reserved */ (r = sshpkt_get_end(ssh)) != 0) - fatal("%s: parse packet: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse packet"); - debug("%s: request: %s", __func__, listen_path); + debug_f("request: %s", listen_path); c = channel_connect_by_listen_path(ssh, listen_path, "forwarded-streamlocal@openssh.com", "forwarded-streamlocal"); @@ -1580,7 +1561,7 @@ client_request_x11(struct ssh *ssh, const char *request_type, int rchan) if ((r = sshpkt_get_cstring(ssh, &originator, NULL)) != 0 || (r = sshpkt_get_u32(ssh, &originator_port)) != 0 || (r = sshpkt_get_end(ssh)) != 0) - fatal("%s: parse packet: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse packet"); /* XXX check permission */ /* XXX range check originator port? */ debug("client_request_x11: request from %s %u", originator, @@ -1615,8 +1596,7 @@ client_request_agent(struct ssh *ssh, const char *request_type, int rchan) } if (r != 0) { if (r != SSH_ERR_AGENT_NOT_PRESENT) - debug("%s: ssh_get_authentication_socket: %s", - __func__, ssh_err(r)); + debug_fr(r, "ssh_get_authentication_socket"); return NULL; } c = channel_new(ssh, "authentication agent connection", @@ -1771,16 +1751,15 @@ client_input_channel_req(int type, u_int32_t seq, struct ssh *ssh) exit_status = exitval; } else { /* Probably for a mux channel that has already closed */ - debug("%s: no sink for exit-status on channel %d", - __func__, id); + debug_f("no sink for exit-status on channel %d", + id); } if ((r = sshpkt_get_end(ssh)) != 0) goto out; } if (reply && c != NULL && !(c->flags & CHAN_CLOSE_SENT)) { if (!c->have_remote_id) - fatal("%s: channel %d: no remote_id", - __func__, c->self); + fatal_f("channel %d: no remote_id", c->self); if ((r = sshpkt_start(ssh, success ? SSH2_MSG_CHANNEL_SUCCESS : SSH2_MSG_CHANNEL_FAILURE)) != 0 || (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 || @@ -1881,8 +1860,8 @@ hostkeys_find(struct hostkey_foreach_line *l, void *_ctx) for (i = 0; i < ctx->nkeys; i++) { if (sshkey_equal(l->key, ctx->keys[i])) { ctx->other_name_seen = 1; - debug3("%s: found %s key under different " - "name/addr at %s:%ld", __func__, + debug3_f("found %s key under different " + "name/addr at %s:%ld", sshkey_ssh_name(ctx->keys[i]), l->path, l->linenum); return 0; @@ -1893,8 +1872,8 @@ hostkeys_find(struct hostkey_foreach_line *l, void *_ctx) /* Don't proceed if revocation or CA markers are present */ /* XXX relax this */ if (l->marker != MRK_NONE) { - debug3("%s: hostkeys file %s:%ld has CA/revocation marker", - __func__, l->path, l->linenum); + debug3_f("hostkeys file %s:%ld has CA/revocation marker", + l->path, l->linenum); ctx->complex_hostspec = 1; return 0; } @@ -1903,8 +1882,8 @@ hostkeys_find(struct hostkey_foreach_line *l, void *_ctx) if (ctx->ip_str != NULL && (l->match & HKF_MATCH_HOST) == 0 && strchr(l->hosts, ',') != NULL) { ctx->other_name_seen = 1; - debug3("%s: found address %s against different hostname at " - "%s:%ld", __func__, ctx->ip_str, l->path, l->linenum); + debug3_f("found address %s against different hostname at " + "%s:%ld", ctx->ip_str, l->path, l->linenum); return 0; } @@ -1913,8 +1892,8 @@ hostkeys_find(struct hostkey_foreach_line *l, void *_ctx) * that contain more than two entries (ssh never writes these). */ if (hostspec_is_complex(l->hosts)) { - debug3("%s: hostkeys file %s:%ld complex host specification", - __func__, l->path, l->linenum); + debug3_f("hostkeys file %s:%ld complex host specification", + l->path, l->linenum); ctx->complex_hostspec = 1; return 0; } @@ -1923,18 +1902,17 @@ hostkeys_find(struct hostkey_foreach_line *l, void *_ctx) for (i = 0; i < ctx->nkeys; i++) { if (!sshkey_equal(l->key, ctx->keys[i])) continue; - debug3("%s: found %s key at %s:%ld", __func__, + debug3_f("found %s key at %s:%ld", sshkey_ssh_name(ctx->keys[i]), l->path, l->linenum); ctx->keys_match[i] |= l->match; return 0; } /* This line contained a key that not offered by the server */ - debug3("%s: deprecated %s key at %s:%ld", __func__, - sshkey_ssh_name(l->key), l->path, l->linenum); + debug3_f("deprecated %s key at %s:%ld", sshkey_ssh_name(l->key), + l->path, l->linenum); if ((tmp = recallocarray(ctx->old_keys, ctx->nold, ctx->nold + 1, sizeof(*ctx->old_keys))) == NULL) - fatal("%s: recallocarray failed nold = %zu", - __func__, ctx->nold); + fatal_f("recallocarray failed nold = %zu", ctx->nold); ctx->old_keys = tmp; ctx->old_keys[ctx->nold++] = l->key; l->key = NULL; @@ -1958,7 +1936,7 @@ hostkeys_check_old(struct hostkey_foreach_line *l, void *_ctx) for (i = 0; i < ctx->nold; i++) { if (!sshkey_equal(l->key, ctx->old_keys[i])) continue; - debug3("%s: found deprecated %s key at %s:%ld as %s", __func__, + debug3_f("found deprecated %s key at %s:%ld as %s", sshkey_ssh_name(ctx->keys[i]), l->path, l->linenum, hashed ? "[HASHED]" : l->hosts); ctx->old_key_seen = 1; @@ -1978,21 +1956,21 @@ check_old_keys_othernames(struct hostkeys_update_ctx *ctx) size_t i; int r; - debug2("%s: checking for %zu deprecated keys", __func__, ctx->nold); + debug2_f("checking for %zu deprecated keys", ctx->nold); for (i = 0; i < options.num_user_hostfiles; i++) { - debug3("%s: searching %s for %s / %s", __func__, + debug3_f("searching %s for %s / %s", options.user_hostfiles[i], ctx->host_str, ctx->ip_str ? ctx->ip_str : "(none)"); if ((r = hostkeys_foreach(options.user_hostfiles[i], hostkeys_check_old, ctx, ctx->host_str, ctx->ip_str, HKF_WANT_PARSE_KEY)) != 0) { if (r == SSH_ERR_SYSTEM_ERROR && errno == ENOENT) { - debug("%s: hostkeys file %s does not exist", - __func__, options.user_hostfiles[i]); + debug_f("hostkeys file %s does not exist", + options.user_hostfiles[i]); continue; } - error("%s: hostkeys_foreach failed for %s: %s", - __func__, options.user_hostfiles[i], ssh_err(r)); + error_fr(r, "hostkeys_foreach failed for %s", + options.user_hostfiles[i]); return -1; } } @@ -2022,7 +2000,7 @@ update_known_hosts(struct hostkeys_update_ctx *ctx) continue; if ((fp = sshkey_fingerprint(ctx->keys[i], options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) - fatal("%s: sshkey_fingerprint failed", __func__); + fatal_f("sshkey_fingerprint failed"); if (first && asking) hostkey_change_preamble(loglevel); do_log2(loglevel, "Learned new hostkey: %s %s", @@ -2033,7 +2011,7 @@ update_known_hosts(struct hostkeys_update_ctx *ctx) for (i = 0; i < ctx->nold; i++) { if ((fp = sshkey_fingerprint(ctx->old_keys[i], options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) - fatal("%s: sshkey_fingerprint failed", __func__); + fatal_f("sshkey_fingerprint failed"); if (first && asking) hostkey_change_preamble(loglevel); do_log2(loglevel, "Deprecating obsolete hostkey: %s %s", @@ -2082,11 +2060,12 @@ update_known_hosts(struct hostkeys_update_ctx *ctx) */ if (stat(options.user_hostfiles[i], &sb) != 0) { if (errno == ENOENT) { - debug("%s: known hosts file %s does not exist", - __func__, strerror(errno)); + debug_f("known hosts file %s does not " + "exist", options.user_hostfiles[i]); } else { - error("%s: known hosts file %s inaccessible", - __func__, strerror(errno)); + error_f("known hosts file %s " + "inaccessible: %s", + options.user_hostfiles[i], strerror(errno)); } continue; } @@ -2095,8 +2074,8 @@ update_known_hosts(struct hostkeys_update_ctx *ctx) i == 0 ? ctx->keys : NULL, i == 0 ? ctx->nkeys : 0, options.hash_known_hosts, 0, options.fingerprint_hash)) != 0) { - error("%s: hostfile_replace_entries failed for %s: %s", - __func__, options.user_hostfiles[i], ssh_err(r)); + error_fr(r, "hostfile_replace_entries failed for %s", + options.user_hostfiles[i]); } } } @@ -2113,7 +2092,7 @@ client_global_hostkeys_private_confirm(struct ssh *ssh, int type, size_t siglen; if (ctx->nnew == 0) - fatal("%s: ctx->nnew == 0", __func__); /* sanity */ + fatal_f("ctx->nnew == 0"); /* sanity */ if (type != SSH2_MSG_REQUEST_SUCCESS) { error("Server failed to confirm ownership of " "private host keys"); @@ -2124,10 +2103,10 @@ client_global_hostkeys_private_confirm(struct ssh *ssh, int type, sshkey_type_from_name(ssh->kex->hostkey_alg)); if ((signdata = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); /* Don't want to accidentally accept an unbound signature */ if (ssh->kex->session_id_len == 0) - fatal("%s: ssh->kex->session_id_len == 0", __func__); + fatal_f("ssh->kex->session_id_len == 0"); /* * Expect a signature for each of the ctx->nnew private keys we * haven't seen before. They will be in the same order as the @@ -2143,12 +2122,10 @@ client_global_hostkeys_private_confirm(struct ssh *ssh, int type, (r = sshbuf_put_string(signdata, ssh->kex->session_id, ssh->kex->session_id_len)) != 0 || (r = sshkey_puts(ctx->keys[i], signdata)) != 0) - fatal("%s: failed to prepare signature: %s", - __func__, ssh_err(r)); + fatal_fr(r, "compose signdata"); /* Extract and verify signature */ if ((r = sshpkt_get_string_direct(ssh, &sig, &siglen)) != 0) { - error("%s: couldn't parse message: %s", - __func__, ssh_err(r)); + error_fr(r, "parse sig"); goto out; } /* @@ -2161,19 +2138,19 @@ client_global_hostkeys_private_confirm(struct ssh *ssh, int type, sshbuf_ptr(signdata), sshbuf_len(signdata), use_kexsigtype ? ssh->kex->hostkey_alg : NULL, 0, NULL)) != 0) { - error("%s: server gave bad signature for %s key %zu", - __func__, sshkey_type(ctx->keys[i]), i); + error_f("server gave bad signature for %s key %zu", + sshkey_type(ctx->keys[i]), i); goto out; } /* Key is good. Mark it as 'seen' */ ctx->keys_verified[i] = 1; ndone++; } + /* Shouldn't happen */ if (ndone != ctx->nnew) - fatal("%s: ndone != ctx->nnew (%zu / %zu)", __func__, - ndone, ctx->nnew); /* Shouldn't happen */ + fatal_f("ndone != ctx->nnew (%zu / %zu)", ndone, ctx->nnew); if ((r = sshpkt_get_end(ssh)) != 0) { - error("%s: protocol error", __func__); + error_f("protocol error"); goto out; } @@ -2222,7 +2199,7 @@ client_input_hostkeys(struct ssh *ssh) u_int want; if (hostkeys_seen) - fatal("%s: server already sent hostkeys", __func__); + fatal_f("server already sent hostkeys"); if (options.update_hostkeys == SSH_UPDATE_HOSTKEYS_ASK && options.batch_mode) return 1; /* won't ask in batchmode, so don't even try */ @@ -2234,53 +2211,51 @@ client_input_hostkeys(struct ssh *ssh) sshkey_free(key); key = NULL; if ((r = sshpkt_get_string_direct(ssh, &blob, &len)) != 0) { - error("%s: couldn't parse message: %s", - __func__, ssh_err(r)); + error_fr(r, "parse key"); goto out; } if ((r = sshkey_from_blob(blob, len, &key)) != 0) { - do_log2(r == SSH_ERR_KEY_TYPE_UNKNOWN ? + do_log2_fr(r, r == SSH_ERR_KEY_TYPE_UNKNOWN ? SYSLOG_LEVEL_DEBUG1 : SYSLOG_LEVEL_ERROR, - "%s: parse key: %s", __func__, ssh_err(r)); + "convert key"); continue; } fp = sshkey_fingerprint(key, options.fingerprint_hash, SSH_FP_DEFAULT); - debug3("%s: received %s key %s", __func__, - sshkey_type(key), fp); + debug3_f("received %s key %s", sshkey_type(key), fp); free(fp); if (!key_accepted_by_hostkeyalgs(key)) { - debug3("%s: %s key not permitted by HostkeyAlgorithms", - __func__, sshkey_ssh_name(key)); + debug3_f("%s key not permitted by " + "HostkeyAlgorithms", sshkey_ssh_name(key)); continue; } /* Skip certs */ if (sshkey_is_cert(key)) { - debug3("%s: %s key is a certificate; skipping", - __func__, sshkey_ssh_name(key)); + debug3_f("%s key is a certificate; skipping", + sshkey_ssh_name(key)); continue; } /* Ensure keys are unique */ for (i = 0; i < ctx->nkeys; i++) { if (sshkey_equal(key, ctx->keys[i])) { - error("%s: received duplicated %s host key", - __func__, sshkey_ssh_name(key)); + error_f("received duplicated %s host key", + sshkey_ssh_name(key)); goto out; } } /* Key is good, record it */ if ((tmp = recallocarray(ctx->keys, ctx->nkeys, ctx->nkeys + 1, sizeof(*ctx->keys))) == NULL) - fatal("%s: recallocarray failed nkeys = %zu", - __func__, ctx->nkeys); + fatal_f("recallocarray failed nkeys = %zu", + ctx->nkeys); ctx->keys = tmp; ctx->keys[ctx->nkeys++] = key; key = NULL; } if (ctx->nkeys == 0) { - debug("%s: server sent no hostkeys", __func__); + debug_f("server sent no hostkeys"); goto out; } @@ -2288,7 +2263,7 @@ client_input_hostkeys(struct ssh *ssh) sizeof(*ctx->keys_match))) == NULL || (ctx->keys_verified = calloc(ctx->nkeys, sizeof(*ctx->keys_verified))) == NULL) - fatal("%s: calloc failed", __func__); + fatal_f("calloc failed"); get_hostfile_hostname_ipaddr(host, options.check_host_ip ? (struct sockaddr *)&hostaddr : NULL, @@ -2297,19 +2272,19 @@ client_input_hostkeys(struct ssh *ssh) /* Find which keys we already know about. */ for (i = 0; i < options.num_user_hostfiles; i++) { - debug("%s: searching %s for %s / %s", __func__, + debug_f("searching %s for %s / %s", options.user_hostfiles[i], ctx->host_str, ctx->ip_str ? ctx->ip_str : "(none)"); if ((r = hostkeys_foreach(options.user_hostfiles[i], hostkeys_find, ctx, ctx->host_str, ctx->ip_str, HKF_WANT_PARSE_KEY|HKF_WANT_MATCH)) != 0) { if (r == SSH_ERR_SYSTEM_ERROR && errno == ENOENT) { - debug("%s: hostkeys file %s does not exist", - __func__, options.user_hostfiles[i]); + debug_f("hostkeys file %s does not exist", + options.user_hostfiles[i]); continue; } - error("%s: hostkeys_foreach failed for %s: %s", - __func__, options.user_hostfiles[i], ssh_err(r)); + error_fr(r, "hostkeys_foreach failed for %s", + options.user_hostfiles[i]); goto out; } } @@ -2324,26 +2299,25 @@ client_input_hostkeys(struct ssh *ssh) ctx->nincomplete++; } - debug3("%s: %zu server keys: %zu new, %zu retained, " - "%zu incomplete match. %zu to remove", __func__, ctx->nkeys, - ctx->nnew, ctx->nkeys - ctx->nnew - ctx->nincomplete, + debug3_f("%zu server keys: %zu new, %zu retained, " + "%zu incomplete match. %zu to remove", ctx->nkeys, ctx->nnew, + ctx->nkeys - ctx->nnew - ctx->nincomplete, ctx->nincomplete, ctx->nold); if (ctx->nnew == 0 && ctx->nold == 0) { - debug("%s: no new or deprecated keys from server", __func__); + debug_f("no new or deprecated keys from server"); goto out; } /* Various reasons why we cannot proceed with the update */ if (ctx->complex_hostspec) { - debug("%s: CA/revocation marker, manual host list or wildcard " - "host pattern found, skipping UserKnownHostsFile update", - __func__); + debug_f("CA/revocation marker, manual host list or wildcard " + "host pattern found, skipping UserKnownHostsFile update"); goto out; } if (ctx->other_name_seen) { - debug("%s: host key found matching a different name/address, " - "skipping UserKnownHostsFile update", __func__); + debug_f("host key found matching a different name/address, " + "skipping UserKnownHostsFile update"); goto out; } /* @@ -2357,8 +2331,8 @@ client_input_hostkeys(struct ssh *ssh) if (check_old_keys_othernames(ctx) != 0) goto out; /* error already logged */ if (ctx->old_key_seen) { - debug("%s: key(s) for %s%s%s exist under other names; " - "skipping UserKnownHostsFile update", __func__, + debug_f("key(s) for %s%s%s exist under other names; " + "skipping UserKnownHostsFile update", ctx->host_str, ctx->ip_str == NULL ? "" : ",", ctx->ip_str == NULL ? "" : ctx->ip_str); goto out; @@ -2378,27 +2352,24 @@ client_input_hostkeys(struct ssh *ssh) * We have received previously-unseen keys from the server. * Ask the server to confirm ownership of the private halves. */ - debug3("%s: asking server to prove ownership for %zu keys", - __func__, ctx->nnew); + debug3_f("asking server to prove ownership for %zu keys", ctx->nnew); if ((r = sshpkt_start(ssh, SSH2_MSG_GLOBAL_REQUEST)) != 0 || (r = sshpkt_put_cstring(ssh, "hostkeys-prove-00@openssh.com")) != 0 || (r = sshpkt_put_u8(ssh, 1)) != 0) /* bool: want reply */ - fatal("%s: prepare hostkeys-prove: %s", __func__, ssh_err(r)); + fatal_fr(r, "prepare hostkeys-prove"); if ((buf = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new", __func__); + fatal_f("sshbuf_new"); for (i = 0; i < ctx->nkeys; i++) { if (ctx->keys_match[i]) continue; sshbuf_reset(buf); if ((r = sshkey_putb(ctx->keys[i], buf)) != 0 || - (r = sshpkt_put_stringb(ssh, buf)) != 0) { - fatal("%s: assemble hostkeys-prove: %s", - __func__, ssh_err(r)); - } + (r = sshpkt_put_stringb(ssh, buf)) != 0) + fatal_fr(r, "assemble hostkeys-prove"); } if ((r = sshpkt_send(ssh)) != 0) - fatal("%s: sshpkt_send: %s", __func__, ssh_err(r)); + fatal_fr(r, "send hostkeys-prove"); client_register_global_confirm( client_global_hostkeys_private_confirm, ctx); ctx = NULL; /* will be freed in callback */ @@ -2442,6 +2413,19 @@ client_input_global_request(int type, u_int32_t seq, struct ssh *ssh) return r; } +static void +client_send_env(struct ssh *ssh, int id, const char *name, const char *val) +{ + int r; + + debug("channel %d: setting env %s = \"%s\"", id, name, val); + channel_request_start(ssh, id, "env", 0); + if ((r = sshpkt_put_cstring(ssh, name)) != 0 || + (r = sshpkt_put_cstring(ssh, val)) != 0 || + (r = sshpkt_send(ssh)) != 0) + fatal_fr(r, "send setenv"); +} + void client_session2_setup(struct ssh *ssh, int id, int want_tty, int want_subsystem, const char *term, struct termios *tiop, int in_fd, struct sshbuf *cmd, @@ -2451,10 +2435,10 @@ client_session2_setup(struct ssh *ssh, int id, int want_tty, int want_subsystem, char *name, *val; Channel *c = NULL; - debug2("%s: id %d", __func__, id); + debug2_f("id %d", id); if ((c = channel_lookup(ssh, id)) == NULL) - fatal("%s: channel %d: unknown channel", __func__, id); + fatal_f("channel %d: unknown channel", id); ssh_packet_set_interactive(ssh, want_tty, options.ip_qos_interactive, options.ip_qos_bulk); @@ -2474,12 +2458,12 @@ client_session2_setup(struct ssh *ssh, int id, int want_tty, int want_subsystem, (r = sshpkt_put_u32(ssh, (u_int)ws.ws_row)) != 0 || (r = sshpkt_put_u32(ssh, (u_int)ws.ws_xpixel)) != 0 || (r = sshpkt_put_u32(ssh, (u_int)ws.ws_ypixel)) != 0) - fatal("%s: build packet: %s", __func__, ssh_err(r)); + fatal_fr(r, "build pty-req"); if (tiop == NULL) tiop = get_saved_tio(); ssh_tty_make_modes(ssh, -1, tiop); if ((r = sshpkt_send(ssh)) != 0) - fatal("%s: send packet: %s", __func__, ssh_err(r)); + fatal_fr(r, "send pty-req"); /* XXX wait for reply */ c->client_tty = 1; } @@ -2508,15 +2492,7 @@ client_session2_setup(struct ssh *ssh, int id, int want_tty, int want_subsystem, free(name); continue; } - - debug("Sending env %s = %s", name, val); - channel_request_start(ssh, id, "env", 0); - if ((r = sshpkt_put_cstring(ssh, name)) != 0 || - (r = sshpkt_put_cstring(ssh, val)) != 0 || - (r = sshpkt_send(ssh)) != 0) { - fatal("%s: send packet: %s", - __func__, ssh_err(r)); - } + client_send_env(ssh, id, name, val); free(name); } } @@ -2528,13 +2504,7 @@ client_session2_setup(struct ssh *ssh, int id, int want_tty, int want_subsystem, continue; } *val++ = '\0'; - - debug("Setting env %s = %s", name, val); - channel_request_start(ssh, id, "env", 0); - if ((r = sshpkt_put_cstring(ssh, name)) != 0 || - (r = sshpkt_put_cstring(ssh, val)) != 0 || - (r = sshpkt_send(ssh)) != 0) - fatal("%s: send packet: %s", __func__, ssh_err(r)); + client_send_env(ssh, id, name, val); free(name); } @@ -2556,14 +2526,12 @@ client_session2_setup(struct ssh *ssh, int id, int want_tty, int want_subsystem, } if ((r = sshpkt_put_stringb(ssh, cmd)) != 0 || (r = sshpkt_send(ssh)) != 0) - fatal("%s: send command: %s", __func__, ssh_err(r)); + fatal_fr(r, "send command"); } else { channel_request_start(ssh, id, "shell", 1); client_expect_confirm(ssh, id, "shell", CONFIRM_CLOSE); - if ((r = sshpkt_send(ssh)) != 0) { - fatal("%s: send shell request: %s", - __func__, ssh_err(r)); - } + if ((r = sshpkt_send(ssh)) != 0) + fatal_fr(r, "send shell"); } } diff --git a/usr.bin/ssh/compat.c b/usr.bin/ssh/compat.c index f6266f2a42c..95ee4eb7f70 100644 --- a/usr.bin/ssh/compat.c +++ b/usr.bin/ssh/compat.c @@ -1,4 +1,4 @@ -/* $OpenBSD: compat.c,v 1.115 2020/07/05 23:59:45 djm Exp $ */ +/* $OpenBSD: compat.c,v 1.116 2020/10/18 11:32:01 djm Exp $ */ /* * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved. * @@ -160,10 +160,10 @@ compat_cipher_proposal(char *cipher_prop) { if (!(datafellows & SSH_BUG_BIGENDIANAES)) return cipher_prop; - debug2("%s: original cipher proposal: %s", __func__, cipher_prop); + debug2_f("original cipher proposal: %s", cipher_prop); if ((cipher_prop = match_filter_denylist(cipher_prop, "aes*")) == NULL) fatal("match_filter_denylist failed"); - debug2("%s: compat cipher proposal: %s", __func__, cipher_prop); + debug2_f("compat cipher proposal: %s", cipher_prop); if (*cipher_prop == '\0') fatal("No supported ciphers found"); return cipher_prop; @@ -174,10 +174,10 @@ compat_pkalg_proposal(char *pkalg_prop) { if (!(datafellows & SSH_BUG_RSASIGMD5)) return pkalg_prop; - debug2("%s: original public key proposal: %s", __func__, pkalg_prop); + debug2_f("original public key proposal: %s", pkalg_prop); if ((pkalg_prop = match_filter_denylist(pkalg_prop, "ssh-rsa")) == NULL) fatal("match_filter_denylist failed"); - debug2("%s: compat public key proposal: %s", __func__, pkalg_prop); + debug2_f("compat public key proposal: %s", pkalg_prop); if (*pkalg_prop == '\0') fatal("No supported PK algorithms found"); return pkalg_prop; @@ -188,7 +188,7 @@ compat_kex_proposal(char *p) { if ((datafellows & (SSH_BUG_CURVE25519PAD|SSH_OLD_DHGEX)) == 0) return p; - debug2("%s: original KEX proposal: %s", __func__, p); + debug2_f("original KEX proposal: %s", p); if ((datafellows & SSH_BUG_CURVE25519PAD) != 0) if ((p = match_filter_denylist(p, "curve25519-sha256@libssh.org")) == NULL) @@ -199,7 +199,7 @@ compat_kex_proposal(char *p) "diffie-hellman-group-exchange-sha1")) == NULL) fatal("match_filter_denylist failed"); } - debug2("%s: compat KEX proposal: %s", __func__, p); + debug2_f("compat KEX proposal: %s", p); if (*p == '\0') fatal("No supported key exchange algorithms found"); return p; diff --git a/usr.bin/ssh/dh.c b/usr.bin/ssh/dh.c index e94d30e7104..b9e3484152d 100644 --- a/usr.bin/ssh/dh.c +++ b/usr.bin/ssh/dh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dh.c,v 1.71 2019/09/06 06:08:11 djm Exp $ */ +/* $OpenBSD: dh.c,v 1.72 2020/10/18 11:32:01 djm Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * @@ -233,7 +233,7 @@ dh_pub_is_valid(const DH *dh, const BIGNUM *dh_pub) } if ((tmp = BN_new()) == NULL) { - error("%s: BN_new failed", __func__); + error_f("BN_new failed"); return 0; } if (!BN_sub(tmp, dh_p, BN_value_one()) || @@ -451,7 +451,7 @@ dh_new_group18(void) DH * dh_new_group_fallback(int max) { - debug3("%s: requested max size %d", __func__, max); + debug3_f("requested max size %d", max); if (max < 3072) { debug3("using 2k bit group 14"); return dh_new_group14(); diff --git a/usr.bin/ssh/dns.c b/usr.bin/ssh/dns.c index c56e35e0f37..582e8297bec 100644 --- a/usr.bin/ssh/dns.c +++ b/usr.bin/ssh/dns.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dns.c,v 1.38 2018/02/23 15:58:37 markus Exp $ */ +/* $OpenBSD: dns.c,v 1.39 2020/10/18 11:32:01 djm Exp $ */ /* * Copyright (c) 2003 Wesley Griffin. All rights reserved. @@ -126,8 +126,7 @@ dns_read_key(u_int8_t *algorithm, u_int8_t *digest_type, if (*algorithm && *digest_type) { if ((r = sshkey_fingerprint_raw(key, fp_alg, digest, digest_len)) != 0) - fatal("%s: sshkey_fingerprint_raw: %s", __func__, - ssh_err(r)); + fatal_fr(r, "sshkey_fingerprint_raw"); success = 1; } else { *digest = NULL; @@ -346,7 +345,7 @@ export_dns_rr(const char *hostname, struct sshkey *key, FILE *f, int generic) /* No SSHFP record was generated at all */ if (success == 0) { - error("%s: unsupported algorithm and/or digest_type", __func__); + error_f("unsupported algorithm and/or digest_type"); } return success; diff --git a/usr.bin/ssh/gss-genr.c b/usr.bin/ssh/gss-genr.c index 0b79ec8419e..dff6db18cec 100644 --- a/usr.bin/ssh/gss-genr.c +++ b/usr.bin/ssh/gss-genr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gss-genr.c,v 1.26 2018/07/10 09:13:30 djm Exp $ */ +/* $OpenBSD: gss-genr.c,v 1.27 2020/10/18 11:32:01 djm Exp $ */ /* * Copyright (c) 2001-2007 Simon Wilkinson. All rights reserved. @@ -110,7 +110,7 @@ ssh_gssapi_last_error(Gssctxt *ctxt, OM_uint32 *major_status, int r; if ((b = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); if (major_status != NULL) *major_status = ctxt->major; @@ -125,7 +125,7 @@ ssh_gssapi_last_error(Gssctxt *ctxt, OM_uint32 *major_status, if ((r = sshbuf_put(b, msg.value, msg.length)) != 0 || (r = sshbuf_put_u8(b, '\n')) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "assemble GSS_CODE"); gss_release_buffer(&lmin, &msg); } while (ctx != 0); @@ -137,13 +137,13 @@ ssh_gssapi_last_error(Gssctxt *ctxt, OM_uint32 *major_status, if ((r = sshbuf_put(b, msg.value, msg.length)) != 0 || (r = sshbuf_put_u8(b, '\n')) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "assemble MECH_CODE"); gss_release_buffer(&lmin, &msg); } while (ctx != 0); if ((r = sshbuf_put_u8(b, '\n')) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "assemble newline"); ret = xstrdup((const char *)sshbuf_ptr(b)); sshbuf_free(b); return (ret); @@ -264,7 +264,7 @@ ssh_gssapi_buildmic(struct sshbuf *b, const char *user, const char *service, (r = sshbuf_put_cstring(b, user)) != 0 || (r = sshbuf_put_cstring(b, service)) != 0 || (r = sshbuf_put_cstring(b, context)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "assemble buildmic"); } int diff --git a/usr.bin/ssh/hostfile.c b/usr.bin/ssh/hostfile.c index 75cee95a17b..edee48fe45c 100644 --- a/usr.bin/ssh/hostfile.c +++ b/usr.bin/ssh/hostfile.c @@ -1,4 +1,4 @@ -/* $OpenBSD: hostfile.c,v 1.85 2020/10/11 22:13:37 djm Exp $ */ +/* $OpenBSD: hostfile.c,v 1.86 2020/10/18 11:32:01 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -139,12 +139,12 @@ host_hash(const char *host, const char *name_from_hostfile, u_int src_len) ssh_hmac_init(ctx, salt, len) < 0 || ssh_hmac_update(ctx, host, strlen(host)) < 0 || ssh_hmac_final(ctx, result, sizeof(result))) - fatal("%s: ssh_hmac failed", __func__); + fatal_f("ssh_hmac failed"); ssh_hmac_free(ctx); if (__b64_ntop(salt, len, uu_salt, sizeof(uu_salt)) == -1 || __b64_ntop(result, len, uu_result, sizeof(uu_result)) == -1) - fatal("%s: __b64_ntop failed", __func__); + fatal_f("__b64_ntop failed"); snprintf(encoded, sizeof(encoded), "%s%s%c%s", HASH_MAGIC, uu_salt, HASH_DELIM, uu_result); @@ -244,7 +244,7 @@ record_hostkey(struct hostkey_foreach_line *l, void *_ctx) return 0; } - debug3("%s: found %skey type %s in file %s:%lu", __func__, + debug3_f("found %skey type %s in file %s:%lu", l->marker == MRK_NONE ? "" : (l->marker == MRK_CA ? "ca " : "revoked "), sshkey_type(l->key), l->path, l->linenum); @@ -277,12 +277,10 @@ load_hostkeys(struct hostkeys *hostkeys, const char *host, const char *path) if ((r = hostkeys_foreach(path, record_hostkey, &ctx, host, NULL, HKF_WANT_MATCH|HKF_WANT_PARSE_KEY)) != 0) { if (r != SSH_ERR_SYSTEM_ERROR && errno != ENOENT) - debug("%s: hostkeys_foreach failed for %s: %s", - __func__, path, ssh_err(r)); + debug_fr(r, "hostkeys_foreach failed for %s", path); } if (ctx.num_loaded != 0) - debug3("%s: loaded %lu keys from %s", __func__, - ctx.num_loaded, host); + debug3_f("loaded %lu keys from %s", ctx.num_loaded, host); } void @@ -433,7 +431,7 @@ write_host_entry(FILE *f, const char *host, const char *ip, if (store_hash) { if ((hashed_host = host_hash(lhost, NULL, 0)) == NULL) { - error("%s: host_hash failed", __func__); + error_f("host_hash failed"); free(lhost); return 0; } @@ -447,7 +445,7 @@ write_host_entry(FILE *f, const char *host, const char *ip, if ((r = sshkey_write(key, f)) == 0) success = 1; else - error("%s: sshkey_write failed: %s", __func__, ssh_err(r)); + error_fr(r, "sshkey_write"); fputc('\n', f); /* If hashing is enabled, the IP address needs to go on its own line */ if (success && store_hash && ip != NULL) @@ -539,7 +537,7 @@ host_delete(struct hostkey_foreach_line *l, void *_ctx) continue; ctx->match_keys[i] |= l->match; fprintf(ctx->out, "%s\n", l->line); - debug3("%s: %s key already at %s:%ld", __func__, + debug3_f("%s key already at %s:%ld", sshkey_type(l->key), l->path, l->linenum); return 0; } @@ -601,14 +599,14 @@ hostfile_replace_entries(const char *filename, const char *host, const char *ip, if ((fd = mkstemp(temp)) == -1) { oerrno = errno; - error("%s: mkstemp: %s", __func__, strerror(oerrno)); + error_f("mkstemp: %s", strerror(oerrno)); r = SSH_ERR_SYSTEM_ERROR; goto fail; } if ((ctx.out = fdopen(fd, "w")) == NULL) { oerrno = errno; close(fd); - error("%s: fdopen: %s", __func__, strerror(oerrno)); + error_f("fdopen: %s", strerror(oerrno)); r = SSH_ERR_SYSTEM_ERROR; goto fail; } @@ -617,7 +615,7 @@ hostfile_replace_entries(const char *filename, const char *host, const char *ip, if ((r = hostkeys_foreach(filename, host_delete, &ctx, host, ip, HKF_WANT_PARSE_KEY)) != 0) { oerrno = errno; - error("%s: hostkeys_foreach failed: %s", __func__, ssh_err(r)); + error_fr(r, "hostkeys_foreach"); goto fail; } @@ -669,30 +667,28 @@ hostfile_replace_entries(const char *filename, const char *host, const char *ip, /* Backup the original file and replace it with the temporary */ if (unlink(back) == -1 && errno != ENOENT) { oerrno = errno; - error("%s: unlink %.100s: %s", __func__, - back, strerror(errno)); + error_f("unlink %.100s: %s", back, strerror(errno)); r = SSH_ERR_SYSTEM_ERROR; goto fail; } if (link(filename, back) == -1) { oerrno = errno; - error("%s: link %.100s to %.100s: %s", __func__, - filename, back, strerror(errno)); + error_f("link %.100s to %.100s: %s", filename, + back, strerror(errno)); r = SSH_ERR_SYSTEM_ERROR; goto fail; } if (rename(temp, filename) == -1) { oerrno = errno; - error("%s: rename \"%s\" to \"%s\": %s", __func__, - temp, filename, strerror(errno)); + error_f("rename \"%s\" to \"%s\": %s", temp, + filename, strerror(errno)); r = SSH_ERR_SYSTEM_ERROR; goto fail; } } else { /* No changes made; just delete the temporary file */ if (unlink(temp) != 0) - error("%s: unlink \"%s\": %s", __func__, - temp, strerror(errno)); + error_f("unlink \"%s\": %s", temp, strerror(errno)); } /* success */ @@ -749,7 +745,7 @@ hostkeys_foreach(const char *path, hostkeys_foreach_fn *callback, void *ctx, if ((f = fopen(path, "r")) == NULL) return SSH_ERR_SYSTEM_ERROR; - debug3("%s: reading file \"%s\"", __func__, path); + debug3_f("reading file \"%s\"", path); while (getline(&line, &linesize, f) != -1) { linenum++; line[strcspn(line, "\n")] = '\0'; @@ -777,8 +773,7 @@ hostkeys_foreach(const char *path, hostkeys_foreach_fn *callback, void *ctx, } if ((lineinfo.marker = check_markers(&cp)) == MRK_ERROR) { - verbose("%s: invalid marker at %s:%lu", - __func__, path, linenum); + verbose_f("invalid marker at %s:%lu", path, linenum); if ((options & HKF_WANT_MATCH) == 0) goto bad; continue; @@ -794,8 +789,8 @@ hostkeys_foreach(const char *path, hostkeys_foreach_fn *callback, void *ctx, if (host != NULL) { if ((s = match_maybe_hashed(host, lineinfo.hosts, &hashed)) == -1) { - debug2("%s: %s:%ld: bad host hash \"%.32s\"", - __func__, path, linenum, lineinfo.hosts); + debug2_f("%s:%ld: bad host hash \"%.32s\"", + path, linenum, lineinfo.hosts); goto bad; } if (s == 1) { @@ -807,9 +802,9 @@ hostkeys_foreach(const char *path, hostkeys_foreach_fn *callback, void *ctx, if (ip != NULL) { if ((s = match_maybe_hashed(ip, lineinfo.hosts, &hashed)) == -1) { - debug2("%s: %s:%ld: bad ip hash " - "\"%.32s\"", __func__, path, - linenum, lineinfo.hosts); + debug2_f("%s:%ld: bad ip hash " + "\"%.32s\"", path, linenum, + lineinfo.hosts); goto bad; } if (s == 1) { @@ -844,7 +839,7 @@ hostkeys_foreach(const char *path, hostkeys_foreach_fn *callback, void *ctx, * lines. */ if ((lineinfo.key = sshkey_new(KEY_UNSPEC)) == NULL) { - error("%s: sshkey_new failed", __func__); + error_f("sshkey_new failed"); r = SSH_ERR_ALLOC_FAIL; break; } diff --git a/usr.bin/ssh/kex.c b/usr.bin/ssh/kex.c index e27405d9e4a..e387336c757 100644 --- a/usr.bin/ssh/kex.c +++ b/usr.bin/ssh/kex.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.c,v 1.159 2020/07/05 23:59:45 djm Exp $ */ +/* $OpenBSD: kex.c,v 1.160 2020/10/18 11:32:01 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * @@ -347,14 +347,13 @@ kex_buf2prop(struct sshbuf *raw, int *first_kex_follows, char ***propp) goto out; } if ((r = sshbuf_consume(b, KEX_COOKIE_LEN)) != 0) { /* skip cookie */ - error("%s: consume cookie: %s", __func__, ssh_err(r)); + error_fr(r, "consume cookie"); goto out; } /* extract kex init proposal strings */ for (i = 0; i < PROPOSAL_MAX; i++) { if ((r = sshbuf_get_cstring(b, &(proposal[i]), NULL)) != 0) { - error("%s: parse proposal %u: %s", __func__, - i, ssh_err(r)); + error_fr(r, "parse proposal %u", i); goto out; } debug2("%s: %s", proposal_names[i], proposal[i]); @@ -362,7 +361,7 @@ kex_buf2prop(struct sshbuf *raw, int *first_kex_follows, char ***propp) /* first kex follows / reserved */ if ((r = sshbuf_get_u8(b, &v)) != 0 || /* first_kex_follows */ (r = sshbuf_get_u32(b, &i)) != 0) { /* reserved */ - error("%s: parse: %s", __func__, ssh_err(r)); + error_fr(r, "parse"); goto out; } if (first_kex_follows != NULL) @@ -426,7 +425,7 @@ kex_send_ext_info(struct ssh *ssh) (r = sshpkt_put_cstring(ssh, "server-sig-algs")) != 0 || (r = sshpkt_put_cstring(ssh, algs)) != 0 || (r = sshpkt_send(ssh)) != 0) { - error("%s: compose: %s", __func__, ssh_err(r)); + error_fr(r, "compose"); goto out; } /* success */ @@ -478,14 +477,14 @@ kex_input_ext_info(int type, u_int32_t seq, struct ssh *ssh) if (strcmp(name, "server-sig-algs") == 0) { /* Ensure no \0 lurking in value */ if (memchr(val, '\0', vlen) != NULL) { - error("%s: nul byte in %s", __func__, name); + error_f("nul byte in %s", name); return SSH_ERR_INVALID_FORMAT; } - debug("%s: %s=<%s>", __func__, name, val); + debug_f("%s=<%s>", name, val); kex->server_sig_algs = val; val = NULL; } else - debug("%s: %s (unrecognised)", __func__, name); + debug_f("%s (unrecognised)", name); free(name); free(val); } @@ -523,7 +522,7 @@ kex_send_kexinit(struct ssh *ssh) int r; if (kex == NULL) { - error("%s: no hex", __func__); + error_f("no hex"); return SSH_ERR_INTERNAL_ERROR; } if (kex->flags & KEX_INIT_SENT) @@ -532,12 +531,12 @@ kex_send_kexinit(struct ssh *ssh) /* generate a random cookie */ if (sshbuf_len(kex->my) < KEX_COOKIE_LEN) { - error("%s: bad kex length: %zu < %d", __func__, + error_f("bad kex length: %zu < %d", sshbuf_len(kex->my), KEX_COOKIE_LEN); return SSH_ERR_INVALID_FORMAT; } if ((cookie = sshbuf_mutable_ptr(kex->my)) == NULL) { - error("%s: buffer error", __func__); + error_f("buffer error"); return SSH_ERR_INTERNAL_ERROR; } arc4random_buf(cookie, KEX_COOKIE_LEN); @@ -545,7 +544,7 @@ kex_send_kexinit(struct ssh *ssh) if ((r = sshpkt_start(ssh, SSH2_MSG_KEXINIT)) != 0 || (r = sshpkt_putb(ssh, kex->my)) != 0 || (r = sshpkt_send(ssh)) != 0) { - error("%s: compose reply: %s", __func__, ssh_err(r)); + error_fr(r, "compose reply"); return r; } debug("SSH2_MSG_KEXINIT sent"); @@ -565,7 +564,7 @@ kex_input_kexinit(int type, u_int32_t seq, struct ssh *ssh) debug("SSH2_MSG_KEXINIT received"); if (kex == NULL) { - error("%s: no hex", __func__); + error_f("no hex"); return SSH_ERR_INTERNAL_ERROR; } ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, NULL); @@ -576,13 +575,13 @@ kex_input_kexinit(int type, u_int32_t seq, struct ssh *ssh) /* discard packet */ for (i = 0; i < KEX_COOKIE_LEN; i++) { if ((r = sshpkt_get_u8(ssh, NULL)) != 0) { - error("%s: discard cookie: %s", __func__, ssh_err(r)); + error_fr(r, "discard cookie"); return r; } } for (i = 0; i < PROPOSAL_MAX; i++) { if ((r = sshpkt_get_string(ssh, NULL, NULL)) != 0) { - error("%s: discard proposal: %s", __func__, ssh_err(r)); + error_fr(r, "discard proposal"); return r; } } @@ -610,7 +609,7 @@ kex_input_kexinit(int type, u_int32_t seq, struct ssh *ssh) if (kex->kex_type < KEX_MAX && kex->kex[kex->kex_type] != NULL) return (kex->kex[kex->kex_type])(ssh); - error("%s: unknown kex type %u", __func__, kex->kex_type); + error_f("unknown kex type %u", kex->kex_type); return SSH_ERR_INTERNAL_ERROR; } @@ -724,11 +723,11 @@ int kex_start_rekex(struct ssh *ssh) { if (ssh->kex == NULL) { - error("%s: no kex", __func__); + error_f("no kex"); return SSH_ERR_INTERNAL_ERROR; } if (ssh->kex->done == 0) { - error("%s: requested twice", __func__); + error_f("requested twice"); return SSH_ERR_INTERNAL_ERROR; } ssh->kex->done = 0; @@ -743,7 +742,7 @@ choose_enc(struct sshenc *enc, char *client, char *server) if (name == NULL) return SSH_ERR_NO_CIPHER_ALG_MATCH; if ((enc->cipher = cipher_by_name(name)) == NULL) { - error("%s: unsupported cipher %s", __func__, name); + error_f("unsupported cipher %s", name); free(name); return SSH_ERR_INTERNAL_ERROR; } @@ -765,7 +764,7 @@ choose_mac(struct ssh *ssh, struct sshmac *mac, char *client, char *server) if (name == NULL) return SSH_ERR_NO_MAC_ALG_MATCH; if (mac_setup(mac, name) < 0) { - error("%s: unsupported MAC %s", __func__, name); + error_f("unsupported MAC %s", name); free(name); return SSH_ERR_INTERNAL_ERROR; } @@ -792,7 +791,7 @@ choose_comp(struct sshcomp *comp, char *client, char *server) if (strcmp(name, "none") == 0) { comp->type = COMP_NONE; } else { - error("%s: unsupported compression scheme %s", __func__, name); + error_f("unsupported compression scheme %s", name); free(name); return SSH_ERR_INTERNAL_ERROR; } @@ -811,7 +810,7 @@ choose_kex(struct kex *k, char *client, char *server) if (k->name == NULL) return SSH_ERR_NO_KEX_ALG_MATCH; if ((kexalg = kex_alg_by_name(k->name)) == NULL) { - error("%s: unsupported KEX method %s", __func__, k->name); + error_f("unsupported KEX method %s", k->name); return SSH_ERR_INTERNAL_ERROR; } k->kex_type = kexalg->type; @@ -831,8 +830,7 @@ choose_hostkeyalg(struct kex *k, char *client, char *server) return SSH_ERR_NO_HOSTKEY_ALG_MATCH; k->hostkey_type = sshkey_type_from_name(k->hostkey_alg); if (k->hostkey_type == KEY_UNSPEC) { - error("%s: unsupported hostkey algorithm %s", __func__, - k->hostkey_alg); + error_f("unsupported hostkey algorithm %s", k->hostkey_alg); return SSH_ERR_INTERNAL_ERROR; } k->hostkey_nid = sshkey_ecdsa_nid_from_name(k->hostkey_alg); @@ -1003,7 +1001,7 @@ derive_key(struct ssh *ssh, int id, u_int need, u_char *hash, u_int hashlen, kex->session_id_len) != 0 || ssh_digest_final(hashctx, digest, mdsz) != 0) { r = SSH_ERR_LIBCRYPTO_ERROR; - error("%s: KEX hash failed", __func__); + error_f("KEX hash failed"); goto out; } ssh_digest_free(hashctx); @@ -1020,7 +1018,7 @@ derive_key(struct ssh *ssh, int id, u_int need, u_char *hash, u_int hashlen, ssh_digest_update(hashctx, hash, hashlen) != 0 || ssh_digest_update(hashctx, digest, have) != 0 || ssh_digest_final(hashctx, digest + have, mdsz) != 0) { - error("%s: KDF failed", __func__); + error_f("KDF failed"); r = SSH_ERR_LIBCRYPTO_ERROR; goto out; } @@ -1085,7 +1083,7 @@ kex_load_hostkey(struct ssh *ssh, struct sshkey **prvp, struct sshkey **pubp) *prvp = NULL; if (kex->load_host_public_key == NULL || kex->load_host_private_key == NULL) { - error("%s: missing hostkey loader", __func__); + error_f("missing hostkey loader"); return SSH_ERR_INVALID_ARGUMENT; } *pubp = kex->load_host_public_key(kex->hostkey_type, @@ -1103,7 +1101,7 @@ kex_verify_host_key(struct ssh *ssh, struct sshkey *server_host_key) struct kex *kex = ssh->kex; if (kex->verify_host_key == NULL) { - error("%s: missing hostkey verifier", __func__); + error_f("missing hostkey verifier"); return SSH_ERR_INVALID_ARGUMENT; } if (server_host_key->type != kex->hostkey_type || @@ -1140,7 +1138,7 @@ send_error(struct ssh *ssh, char *msg) msg, strlen(msg)) != strlen(msg) || atomicio(vwrite, ssh_packet_get_connection_out(ssh), crnl, strlen(crnl)) != strlen(crnl)) - error("%s: write: %.100s", __func__, strerror(errno)); + error_f("write: %.100s", strerror(errno)); } /* @@ -1172,7 +1170,7 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms, version_addendum == NULL ? "" : " ", version_addendum == NULL ? "" : version_addendum)) != 0) { oerrno = errno; - error("%s: sshbuf_putf: %s", __func__, ssh_err(r)); + error_fr(r, "sshbuf_putf"); goto out; } @@ -1180,18 +1178,18 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms, sshbuf_mutable_ptr(our_version), sshbuf_len(our_version)) != sshbuf_len(our_version)) { oerrno = errno; - debug("%s: write: %.100s", __func__, strerror(errno)); + debug_f("write: %.100s", strerror(errno)); r = SSH_ERR_SYSTEM_ERROR; goto out; } if ((r = sshbuf_consume_end(our_version, 2)) != 0) { /* trim \r\n */ oerrno = errno; - error("%s: sshbuf_consume_end: %s", __func__, ssh_err(r)); + error_fr(r, "sshbuf_consume_end"); goto out; } our_version_string = sshbuf_dup_string(our_version); if (our_version_string == NULL) { - error("%s: sshbuf_dup_string failed", __func__); + error_f("sshbuf_dup_string failed"); r = SSH_ERR_ALLOC_FAIL; goto out; } @@ -1202,8 +1200,8 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms, if (n >= SSH_MAX_PRE_BANNER_LINES) { send_error(ssh, "No SSH identification string " "received."); - error("%s: No SSH version received in first %u lines " - "from server", __func__, SSH_MAX_PRE_BANNER_LINES); + error_f("No SSH version received in first %u lines " + "from server", SSH_MAX_PRE_BANNER_LINES); r = SSH_ERR_INVALID_FORMAT; goto out; } @@ -1222,8 +1220,7 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms, goto out; } else if (r == -1) { oerrno = errno; - error("%s: %s", - __func__, strerror(errno)); + error_f("%s", strerror(errno)); r = SSH_ERR_SYSTEM_ERROR; goto out; } @@ -1232,14 +1229,12 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms, len = atomicio(read, ssh_packet_get_connection_in(ssh), &c, 1); if (len != 1 && errno == EPIPE) { - error("%s: Connection closed by remote host", - __func__); + error_f("Connection closed by remote host"); r = SSH_ERR_CONN_CLOSED; goto out; } else if (len != 1) { oerrno = errno; - error("%s: read: %.100s", - __func__, strerror(errno)); + error_f("read: %.100s", strerror(errno)); r = SSH_ERR_SYSTEM_ERROR; goto out; } @@ -1250,18 +1245,17 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms, if (c == '\n') break; if (c == '\0' || expect_nl) { - error("%s: banner line contains invalid " - "characters", __func__); + error_f("banner line contains invalid " + "characters"); goto invalid; } if ((r = sshbuf_put_u8(peer_version, c)) != 0) { oerrno = errno; - error("%s: sshbuf_put: %s", - __func__, ssh_err(r)); + error_fr(r, "sshbuf_put"); goto out; } if (sshbuf_len(peer_version) > SSH_MAX_BANNER_LEN) { - error("%s: banner line too long", __func__); + error_f("banner line too long"); goto invalid; } } @@ -1271,26 +1265,26 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms, break; /* If not, then just log the line and continue */ if ((cp = sshbuf_dup_string(peer_version)) == NULL) { - error("%s: sshbuf_dup_string failed", __func__); + error_f("sshbuf_dup_string failed"); r = SSH_ERR_ALLOC_FAIL; goto out; } /* Do not accept lines before the SSH ident from a client */ if (ssh->kex->server) { - error("%s: client sent invalid protocol identifier " - "\"%.256s\"", __func__, cp); + error_f("client sent invalid protocol identifier " + "\"%.256s\"", cp); free(cp); goto invalid; } - debug("%s: banner line %zu: %s", __func__, n, cp); + debug_f("banner line %zu: %s", n, cp); free(cp); } peer_version_string = sshbuf_dup_string(peer_version); if (peer_version_string == NULL) - error("%s: sshbuf_dup_string failed", __func__); + error_f("sshbuf_dup_string failed"); /* XXX must be same size for sscanf */ if ((remote_version = calloc(1, sshbuf_len(peer_version))) == NULL) { - error("%s: calloc failed", __func__); + error_f("calloc failed"); r = SSH_ERR_ALLOC_FAIL; goto out; } diff --git a/usr.bin/ssh/krl.c b/usr.bin/ssh/krl.c index 156a4397c65..4c99d668d58 100644 --- a/usr.bin/ssh/krl.c +++ b/usr.bin/ssh/krl.c @@ -14,7 +14,7 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $OpenBSD: krl.c,v 1.51 2020/08/27 01:06:18 djm Exp $ */ +/* $OpenBSD: krl.c,v 1.52 2020/10/18 11:32:01 djm Exp $ */ #include <sys/types.h> #include <sys/tree.h> @@ -42,7 +42,7 @@ /* #define DEBUG_KRL */ #ifdef DEBUG_KRL -# define KRL_DBG(x) debug3 x +# define KRL_DBG(x) debug3_f x #else # define KRL_DBG(x) #endif @@ -239,8 +239,7 @@ revoked_certs_for_ca_key(struct ssh_krl *krl, const struct sshkey *ca_key, RB_INIT(&rc->revoked_serials); RB_INIT(&rc->revoked_key_ids); TAILQ_INSERT_TAIL(&krl->revoked_certs, rc, entry); - KRL_DBG(("%s: new CA %s", __func__, - ca_key == NULL ? "*" : sshkey_type(ca_key))); + KRL_DBG(("new CA %s", ca_key == NULL ? "*" : sshkey_type(ca_key))); *rcp = rc; return 0; } @@ -250,7 +249,7 @@ insert_serial_range(struct revoked_serial_tree *rt, u_int64_t lo, u_int64_t hi) { struct revoked_serial rs, *ers, *crs, *irs; - KRL_DBG(("%s: insert %llu:%llu", __func__, lo, hi)); + KRL_DBG(("insert %llu:%llu", lo, hi)); memset(&rs, 0, sizeof(rs)); rs.lo = lo; rs.hi = hi; @@ -262,15 +261,14 @@ insert_serial_range(struct revoked_serial_tree *rt, u_int64_t lo, u_int64_t hi) memcpy(irs, &rs, sizeof(*irs)); ers = RB_INSERT(revoked_serial_tree, rt, irs); if (ers != NULL) { - KRL_DBG(("%s: bad: ers != NULL", __func__)); + KRL_DBG(("bad: ers != NULL")); /* Shouldn't happen */ free(irs); return SSH_ERR_INTERNAL_ERROR; } ers = irs; } else { - KRL_DBG(("%s: overlap found %llu:%llu", __func__, - ers->lo, ers->hi)); + KRL_DBG(("overlap found %llu:%llu", ers->lo, ers->hi)); /* * The inserted entry overlaps an existing one. Grow the * existing entry. @@ -288,33 +286,31 @@ insert_serial_range(struct revoked_serial_tree *rt, u_int64_t lo, u_int64_t hi) /* Check predecessors */ while ((crs = RB_PREV(revoked_serial_tree, rt, ers)) != NULL) { - KRL_DBG(("%s: pred %llu:%llu", __func__, crs->lo, crs->hi)); + KRL_DBG(("pred %llu:%llu", crs->lo, crs->hi)); if (ers->lo != 0 && crs->hi < ers->lo - 1) break; /* This entry overlaps. */ if (crs->lo < ers->lo) { ers->lo = crs->lo; - KRL_DBG(("%s: pred extend %llu:%llu", __func__, - ers->lo, ers->hi)); + KRL_DBG(("pred extend %llu:%llu", ers->lo, ers->hi)); } RB_REMOVE(revoked_serial_tree, rt, crs); free(crs); } /* Check successors */ while ((crs = RB_NEXT(revoked_serial_tree, rt, ers)) != NULL) { - KRL_DBG(("%s: succ %llu:%llu", __func__, crs->lo, crs->hi)); + KRL_DBG(("succ %llu:%llu", crs->lo, crs->hi)); if (ers->hi != (u_int64_t)-1 && crs->lo > ers->hi + 1) break; /* This entry overlaps. */ if (crs->hi > ers->hi) { ers->hi = crs->hi; - KRL_DBG(("%s: succ extend %llu:%llu", __func__, - ers->lo, ers->hi)); + KRL_DBG(("succ extend %llu:%llu", ers->lo, ers->hi)); } RB_REMOVE(revoked_serial_tree, rt, crs); free(crs); } - KRL_DBG(("%s: done, final %llu:%llu", __func__, ers->lo, ers->hi)); + KRL_DBG(("done, final %llu:%llu", ers->lo, ers->hi)); return 0; } @@ -350,7 +346,7 @@ ssh_krl_revoke_cert_by_key_id(struct ssh_krl *krl, const struct sshkey *ca_key, if ((r = revoked_certs_for_ca_key(krl, ca_key, &rc, 1)) != 0) return r; - KRL_DBG(("%s: revoke %s", __func__, key_id)); + KRL_DBG(("revoke %s", key_id)); if ((rki = calloc(1, sizeof(*rki))) == NULL || (rki->key_id = strdup(key_id)) == NULL) { free(rki); @@ -409,7 +405,7 @@ ssh_krl_revoke_key_explicit(struct ssh_krl *krl, const struct sshkey *key) size_t len; int r; - debug3("%s: revoke type %s", __func__, sshkey_type(key)); + debug3_f("revoke type %s", sshkey_type(key)); if ((r = plain_key_blob(key, &blob, &len)) != 0) return r; return revoke_blob(&krl->revoked_keys, blob, len); @@ -435,7 +431,7 @@ revoke_by_hash(struct revoked_blob_tree *target, const u_char *p, size_t len) int ssh_krl_revoke_key_sha1(struct ssh_krl *krl, const u_char *p, size_t len) { - debug3("%s: revoke by sha1", __func__); + debug3_f("revoke by sha1"); if (len != 20) return SSH_ERR_INVALID_FORMAT; return revoke_by_hash(&krl->revoked_sha1s, p, len); @@ -444,7 +440,7 @@ ssh_krl_revoke_key_sha1(struct ssh_krl *krl, const u_char *p, size_t len) int ssh_krl_revoke_key_sha256(struct ssh_krl *krl, const u_char *p, size_t len) { - debug3("%s: revoke by sha256", __func__); + debug3_f("revoke by sha256"); if (len != 32) return SSH_ERR_INVALID_FORMAT; return revoke_by_hash(&krl->revoked_sha256s, p, len); @@ -540,9 +536,9 @@ choose_next_state(int current_state, u_int64_t contig, int final, *force_new_section = 1; cost = cost_bitmap_restart; } - KRL_DBG(("%s: contig %llu last_gap %llu next_gap %llu final %d, costs:" + KRL_DBG(("contig %llu last_gap %llu next_gap %llu final %d, costs:" "list %llu range %llu bitmap %llu new bitmap %llu, " - "selected 0x%02x%s", __func__, (long long unsigned)contig, + "selected 0x%02x%s", (long long unsigned)contig, (long long unsigned)last_gap, (long long unsigned)next_gap, final, (long long unsigned)cost_list, (long long unsigned)cost_range, (long long unsigned)cost_bitmap, @@ -600,7 +596,7 @@ revoked_certs_generate(struct revoked_certs *rc, struct sshbuf *buf) for (rs = RB_MIN(revoked_serial_tree, &rc->revoked_serials); rs != NULL; rs = RB_NEXT(revoked_serial_tree, &rc->revoked_serials, rs)) { - KRL_DBG(("%s: serial %llu:%llu state 0x%02x", __func__, + KRL_DBG(("serial %llu:%llu state 0x%02x", (long long unsigned)rs->lo, (long long unsigned)rs->hi, state)); @@ -620,7 +616,7 @@ revoked_certs_generate(struct revoked_certs *rc, struct sshbuf *buf) */ if (state != 0 && (force_new_sect || next_state != state || state == KRL_SECTION_CERT_SERIAL_RANGE)) { - KRL_DBG(("%s: finish state 0x%02x", __func__, state)); + KRL_DBG(("finish state 0x%02x", state)); switch (state) { case KRL_SECTION_CERT_SERIAL_LIST: case KRL_SECTION_CERT_SERIAL_RANGE: @@ -640,7 +636,7 @@ revoked_certs_generate(struct revoked_certs *rc, struct sshbuf *buf) /* If we are starting a new section then prepare it now */ if (next_state != state || force_new_sect) { - KRL_DBG(("%s: start state 0x%02x", __func__, + KRL_DBG(("start state 0x%02x", next_state)); state = next_state; sshbuf_reset(sect); @@ -676,7 +672,7 @@ revoked_certs_generate(struct revoked_certs *rc, struct sshbuf *buf) break; case KRL_SECTION_CERT_SERIAL_BITMAP: if (rs->lo - bitmap_start > INT_MAX) { - error("%s: insane bitmap gap", __func__); + error_f("insane bitmap gap"); goto out; } for (i = 0; i < contig; i++) { @@ -692,8 +688,7 @@ revoked_certs_generate(struct revoked_certs *rc, struct sshbuf *buf) } /* Flush the remaining section, if any */ if (state != 0) { - KRL_DBG(("%s: serial final flush for state 0x%02x", - __func__, state)); + KRL_DBG(("serial final flush for state 0x%02x", state)); switch (state) { case KRL_SECTION_CERT_SERIAL_LIST: case KRL_SECTION_CERT_SERIAL_RANGE: @@ -709,12 +704,12 @@ revoked_certs_generate(struct revoked_certs *rc, struct sshbuf *buf) (r = sshbuf_put_stringb(buf, sect)) != 0) goto out; } - KRL_DBG(("%s: serial done ", __func__)); + KRL_DBG(("serial done ")); /* Now output a section for any revocations by key ID */ sshbuf_reset(sect); RB_FOREACH(rki, revoked_key_id_tree, &rc->revoked_key_ids) { - KRL_DBG(("%s: key ID %s", __func__, rki->key_id)); + KRL_DBG(("key ID %s", rki->key_id)); if ((r = sshbuf_put_cstring(sect, rki->key_id)) != 0) goto out; } @@ -770,7 +765,7 @@ ssh_krl_to_blob(struct ssh_krl *krl, struct sshbuf *buf, /* Finally, output sections for revocations by public key/hash */ sshbuf_reset(sect); RB_FOREACH(rb, revoked_blob_tree, &krl->revoked_keys) { - KRL_DBG(("%s: key len %zu ", __func__, rb->len)); + KRL_DBG(("key len %zu ", rb->len)); if ((r = sshbuf_put_string(sect, rb->blob, rb->len)) != 0) goto out; } @@ -781,7 +776,7 @@ ssh_krl_to_blob(struct ssh_krl *krl, struct sshbuf *buf, } sshbuf_reset(sect); RB_FOREACH(rb, revoked_blob_tree, &krl->revoked_sha1s) { - KRL_DBG(("%s: hash len %zu ", __func__, rb->len)); + KRL_DBG(("hash len %zu ", rb->len)); if ((r = sshbuf_put_string(sect, rb->blob, rb->len)) != 0) goto out; } @@ -793,7 +788,7 @@ ssh_krl_to_blob(struct ssh_krl *krl, struct sshbuf *buf, } sshbuf_reset(sect); RB_FOREACH(rb, revoked_blob_tree, &krl->revoked_sha256s) { - KRL_DBG(("%s: hash len %zu ", __func__, rb->len)); + KRL_DBG(("hash len %zu ", rb->len)); if ((r = sshbuf_put_string(sect, rb->blob, rb->len)) != 0) goto out; } @@ -805,8 +800,7 @@ ssh_krl_to_blob(struct ssh_krl *krl, struct sshbuf *buf, } for (i = 0; i < nsign_keys; i++) { - KRL_DBG(("%s: signature key %s", __func__, - sshkey_ssh_name(sign_keys[i]))); + KRL_DBG(("sig key %s", sshkey_ssh_name(sign_keys[i]))); if ((r = sshbuf_put_u8(buf, KRL_SECTION_SIGNATURE)) != 0 || (r = sshkey_puts(sign_keys[i], buf)) != 0) goto out; @@ -815,7 +809,7 @@ ssh_krl_to_blob(struct ssh_krl *krl, struct sshbuf *buf, sshbuf_ptr(buf), sshbuf_len(buf), NULL, NULL, NULL, 0)) != 0) goto out; - KRL_DBG(("%s: signature sig len %zu", __func__, slen)); + KRL_DBG(("signature sig len %zu", slen)); if ((r = sshbuf_put_string(buf, sblob, slen)) != 0) goto out; } @@ -872,7 +866,7 @@ parse_revoked_certs(struct sshbuf *buf, struct ssh_krl *krl) if ((r = sshbuf_get_u8(buf, &type)) != 0 || (r = sshbuf_froms(buf, &subsect)) != 0) goto out; - KRL_DBG(("%s: subsection type 0x%02x", __func__, type)); + KRL_DBG(("subsection type 0x%02x", type)); /* sshbuf_dump(subsect, stderr); */ switch (type) { @@ -909,7 +903,7 @@ parse_revoked_certs(struct sshbuf *buf, struct ssh_krl *krl) nbits = bitmap_nbits(bitmap); for (serial = 0; serial < (u_int64_t)nbits; serial++) { if (serial > 0 && serial_lo + serial == 0) { - error("%s: bitmap wraps u64", __func__); + error_f("bitmap wraps u64"); r = SSH_ERR_INVALID_FORMAT; goto out; } @@ -968,7 +962,7 @@ blob_section(struct sshbuf *sect, struct revoked_blob_tree *target_tree, if ((r = sshbuf_get_string(sect, &rdata, &rlen)) != 0) return r; if (expected_len != 0 && rlen != expected_len) { - error("%s: bad length", __func__); + error_f("bad length"); free(rdata); return SSH_ERR_INVALID_FORMAT; } @@ -999,7 +993,7 @@ ssh_krl_from_blob(struct sshbuf *buf, struct ssh_krl **krlp, *krlp = NULL; if (sshbuf_len(buf) < sizeof(KRL_MAGIC) - 1 || memcmp(sshbuf_ptr(buf), KRL_MAGIC, sizeof(KRL_MAGIC) - 1) != 0) { - debug3("%s: not a KRL", __func__); + debug3_f("not a KRL"); return SSH_ERR_KRL_BAD_MAGIC; } @@ -1012,7 +1006,7 @@ ssh_krl_from_blob(struct sshbuf *buf, struct ssh_krl **krlp, goto out; if ((krl = ssh_krl_init()) == NULL) { - error("%s: alloc failed", __func__); + error_f("alloc failed"); goto out; } @@ -1049,7 +1043,7 @@ ssh_krl_from_blob(struct sshbuf *buf, struct ssh_krl **krlp, if ((r = sshbuf_get_u8(copy, &type)) != 0 || (r = sshbuf_get_string_direct(copy, &blob, &blen)) != 0) goto out; - KRL_DBG(("%s: first pass, section 0x%02x", __func__, type)); + KRL_DBG(("first pass, section 0x%02x", type)); if (type != KRL_SECTION_SIGNATURE) { if (sig_seen) { error("KRL contains non-signature section " @@ -1125,7 +1119,7 @@ ssh_krl_from_blob(struct sshbuf *buf, struct ssh_krl **krlp, if ((r = sshbuf_get_u8(copy, &type)) != 0 || (r = sshbuf_froms(copy, §)) != 0) goto out; - KRL_DBG(("%s: second pass, section 0x%02x", __func__, type)); + KRL_DBG(("second pass, section 0x%02x", type)); switch (type) { case KRL_SECTION_CERTIFICATES: @@ -1228,7 +1222,7 @@ is_cert_revoked(const struct sshkey *key, struct revoked_certs *rc) rki.key_id = key->cert->key_id; erki = RB_FIND(revoked_key_id_tree, &rc->revoked_key_ids, &rki); if (erki != NULL) { - KRL_DBG(("%s: revoked by key ID", __func__)); + KRL_DBG(("revoked by key ID")); return SSH_ERR_KEY_REVOKED; } @@ -1243,7 +1237,7 @@ is_cert_revoked(const struct sshkey *key, struct revoked_certs *rc) rs.lo = rs.hi = key->cert->serial; ers = RB_FIND(revoked_serial_tree, &rc->revoked_serials, &rs); if (ers != NULL) { - KRL_DBG(("%s: revoked serial %llu matched %llu:%llu", __func__, + KRL_DBG(("revoked serial %llu matched %llu:%llu", key->cert->serial, ers->lo, ers->hi)); return SSH_ERR_KEY_REVOKED; } @@ -1266,7 +1260,7 @@ is_key_revoked(struct ssh_krl *krl, const struct sshkey *key) erb = RB_FIND(revoked_blob_tree, &krl->revoked_sha1s, &rb); free(rb.blob); if (erb != NULL) { - KRL_DBG(("%s: revoked by key SHA1", __func__)); + KRL_DBG(("revoked by key SHA1")); return SSH_ERR_KEY_REVOKED; } memset(&rb, 0, sizeof(rb)); @@ -1276,7 +1270,7 @@ is_key_revoked(struct ssh_krl *krl, const struct sshkey *key) erb = RB_FIND(revoked_blob_tree, &krl->revoked_sha256s, &rb); free(rb.blob); if (erb != NULL) { - KRL_DBG(("%s: revoked by key SHA256", __func__)); + KRL_DBG(("revoked by key SHA256")); return SSH_ERR_KEY_REVOKED; } @@ -1287,7 +1281,7 @@ is_key_revoked(struct ssh_krl *krl, const struct sshkey *key) erb = RB_FIND(revoked_blob_tree, &krl->revoked_keys, &rb); free(rb.blob); if (erb != NULL) { - KRL_DBG(("%s: revoked by explicit key", __func__)); + KRL_DBG(("revoked by explicit key")); return SSH_ERR_KEY_REVOKED; } @@ -1310,7 +1304,7 @@ is_key_revoked(struct ssh_krl *krl, const struct sshkey *key) return r; } - KRL_DBG(("%s: %llu no match", __func__, key->cert->serial)); + KRL_DBG(("%llu no match", key->cert->serial)); return 0; } @@ -1319,15 +1313,15 @@ ssh_krl_check_key(struct ssh_krl *krl, const struct sshkey *key) { int r; - KRL_DBG(("%s: checking key", __func__)); + KRL_DBG(("checking key")); if ((r = is_key_revoked(krl, key)) != 0) return r; if (sshkey_is_cert(key)) { - debug2("%s: checking CA key", __func__); + debug2_f("checking CA key"); if ((r = is_key_revoked(krl, key->cert->signature_key)) != 0) return r; } - KRL_DBG(("%s: key okay", __func__)); + KRL_DBG(("key okay")); return 0; } @@ -1346,7 +1340,7 @@ ssh_krl_file_contains_key(const char *path, const struct sshkey *key) } if ((r = ssh_krl_from_blob(krlbuf, &krl, NULL, 0)) != 0) goto out; - debug2("%s: checking KRL %s", __func__, path); + debug2_f("checking KRL %s", path); r = ssh_krl_check_key(krl, key); out: sshbuf_free(krlbuf); @@ -1383,7 +1377,7 @@ krl_dump(struct ssh_krl *krl, FILE *f) RB_FOREACH(rb, revoked_blob_tree, &krl->revoked_keys) { if ((r = sshkey_from_blob(rb->blob, rb->len, &key)) != 0) { ret = SSH_ERR_INVALID_FORMAT; - error("Parse key in KRL: %s", ssh_err(r)); + error_r(r, "parse KRL key"); continue; } if ((fp = sshkey_fingerprint(key, SSH_FP_HASH_DEFAULT, diff --git a/usr.bin/ssh/misc.c b/usr.bin/ssh/misc.c index 34a46ab485d..59006e54173 100644 --- a/usr.bin/ssh/misc.c +++ b/usr.bin/ssh/misc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.c,v 1.154 2020/10/03 09:22:26 djm Exp $ */ +/* $OpenBSD: misc.c,v 1.155 2020/10/18 11:32:01 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2005-2020 Damien Miller. All rights reserved. @@ -1076,9 +1076,9 @@ vdollar_percent_expand(int *parseerror, int dollar, int percent, size_t len; if ((buf = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); if (parseerror == NULL) - fatal("%s: null parseerror arg", __func__); + fatal_f("null parseerror arg"); *parseerror = 1; /* Gather keys if we're doing percent expansion. */ @@ -1088,14 +1088,15 @@ vdollar_percent_expand(int *parseerror, int dollar, int percent, if (keys[num_keys].key == NULL) break; keys[num_keys].repl = va_arg(ap, char *); - if (keys[num_keys].repl == NULL) - fatal("%s: NULL replacement for token %s", __func__, keys[num_keys].key); + if (keys[num_keys].repl == NULL) { + fatal_f("NULL replacement for token %s", + keys[num_keys].key); + } } if (num_keys == EXPAND_MAX_KEYS && va_arg(ap, char *) != NULL) - fatal("%s: too many keys", __func__); + fatal_f("too many keys"); if (num_keys == 0) - fatal("%s: percent expansion without token list", - __func__); + fatal_f("percent expansion without token list"); } /* Expand string */ @@ -1104,28 +1105,24 @@ vdollar_percent_expand(int *parseerror, int dollar, int percent, if (dollar && string[0] == '$' && string[1] == '{') { string += 2; /* skip over '${' */ if ((varend = strchr(string, '}')) == NULL) { - error("%s: environment variable '%s' missing " - "closing '}'", __func__, string); + error_f("environment variable '%s' missing " + "closing '}'", string); goto out; } len = varend - string; if (len == 0) { - error("%s: zero-length environment variable", - __func__); + error_f("zero-length environment variable"); goto out; } var = xmalloc(len + 1); (void)strlcpy(var, string, len + 1); if ((val = getenv(var)) == NULL) { - error("%s: env var ${%s} has no value", - __func__, var); + error_f("env var ${%s} has no value", var); missingvar = 1; } else { - debug3("%s: expand ${%s} -> '%s'", __func__, - var, val); + debug3_f("expand ${%s} -> '%s'", var, val); if ((r = sshbuf_put(buf, val, strlen(val))) !=0) - fatal("%s: sshbuf_put: %s", __func__, - ssh_err(r)); + fatal_fr(r, "sshbuf_put ${}"); } free(var); string += len; @@ -1139,10 +1136,8 @@ vdollar_percent_expand(int *parseerror, int dollar, int percent, */ if (*string != '%' || !percent) { append: - if ((r = sshbuf_put_u8(buf, *string)) != 0) { - fatal("%s: sshbuf_put_u8: %s", - __func__, ssh_err(r)); - } + if ((r = sshbuf_put_u8(buf, *string)) != 0) + fatal_fr(r, "sshbuf_put_u8 %%"); continue; } string++; @@ -1150,26 +1145,24 @@ vdollar_percent_expand(int *parseerror, int dollar, int percent, if (*string == '%') goto append; if (*string == '\0') { - error("%s: invalid format", __func__); + error_f("invalid format"); goto out; } for (i = 0; i < num_keys; i++) { if (strchr(keys[i].key, *string) != NULL) { if ((r = sshbuf_put(buf, keys[i].repl, - strlen(keys[i].repl))) != 0) { - fatal("%s: sshbuf_put: %s", - __func__, ssh_err(r)); - } + strlen(keys[i].repl))) != 0) + fatal_fr(r, "sshbuf_put %%-repl"); break; } } if (i >= num_keys) { - error("%s: unknown key %%%c", __func__, *string); + error_f("unknown key %%%c", *string); goto out; } } if (!missingvar && (ret = sshbuf_dup_string(buf)) == NULL) - fatal("%s: sshbuf_dup_string failed", __func__); + fatal_f("sshbuf_dup_string failed"); *parseerror = 0; out: sshbuf_free(buf); @@ -1213,7 +1206,7 @@ percent_expand(const char *string, ...) ret = vdollar_percent_expand(&err, 0, 1, string, ap); va_end(ap); if (err) - fatal("%s failed", __func__); + fatal_f("failed"); return ret; } @@ -1232,7 +1225,7 @@ percent_dollar_expand(const char *string, ...) ret = vdollar_percent_expand(&err, 1, 1, string, ap); va_end(ap); if (err) - fatal("%s failed", __func__); + fatal_f("failed"); return ret; } @@ -1262,16 +1255,16 @@ tun_open(int tun, int mode, char **ifname) break; } } else { - debug("%s: invalid tunnel %u", __func__, tun); + debug_f("invalid tunnel %u", tun); return -1; } if (fd == -1) { - debug("%s: %s open: %s", __func__, name, strerror(errno)); + debug_f("%s open: %s", name, strerror(errno)); return -1; } - debug("%s: %s mode %d fd %d", __func__, name, mode, fd); + debug_f("%s mode %d fd %d", name, mode, fd); /* Bring interface up if it is not already */ snprintf(ifr.ifr_name, sizeof(ifr.ifr_name), "%s%d", tunbase, tun); @@ -1279,16 +1272,16 @@ tun_open(int tun, int mode, char **ifname) goto failed; if (ioctl(sock, SIOCGIFFLAGS, &ifr) == -1) { - debug("%s: get interface %s flags: %s", __func__, - ifr.ifr_name, strerror(errno)); + debug_f("get interface %s flags: %s", ifr.ifr_name, + strerror(errno)); goto failed; } if (!(ifr.ifr_flags & IFF_UP)) { ifr.ifr_flags |= IFF_UP; if (ioctl(sock, SIOCSIFFLAGS, &ifr) == -1) { - debug("%s: activate interface %s: %s", __func__, - ifr.ifr_name, strerror(errno)); + debug_f("activate interface %s: %s", ifr.ifr_name, + strerror(errno)); goto failed; } } @@ -1611,7 +1604,7 @@ mktemp_proto(char *s, size_t len) } r = snprintf(s, len, "/tmp/ssh-XXXXXXXXXXXX"); if (r < 0 || (size_t)r >= len) - fatal("%s: template string too short", __func__); + fatal_f("template string too short"); } static const struct { @@ -1698,8 +1691,7 @@ unix_listener(const char *path, int backlog, int unlink_first) sunaddr.sun_family = AF_UNIX; if (strlcpy(sunaddr.sun_path, path, sizeof(sunaddr.sun_path)) >= sizeof(sunaddr.sun_path)) { - error("%s: path \"%s\" too long for Unix domain socket", - __func__, path); + error_f("path \"%s\" too long for Unix domain socket", path); errno = ENAMETOOLONG; return -1; } @@ -1707,7 +1699,7 @@ unix_listener(const char *path, int backlog, int unlink_first) sock = socket(PF_UNIX, SOCK_STREAM, 0); if (sock == -1) { saved_errno = errno; - error("%s: socket: %.100s", __func__, strerror(errno)); + error_f("socket: %.100s", strerror(errno)); errno = saved_errno; return -1; } @@ -1717,16 +1709,14 @@ unix_listener(const char *path, int backlog, int unlink_first) } if (bind(sock, (struct sockaddr *)&sunaddr, sizeof(sunaddr)) == -1) { saved_errno = errno; - error("%s: cannot bind to path %s: %s", - __func__, path, strerror(errno)); + error_f("cannot bind to path %s: %s", path, strerror(errno)); close(sock); errno = saved_errno; return -1; } if (listen(sock, backlog) == -1) { saved_errno = errno; - error("%s: cannot listen on path %s: %s", - __func__, path, strerror(errno)); + error_f("cannot listen on path %s: %s", path, strerror(errno)); close(sock); unlink(path); errno = saved_errno; @@ -1878,7 +1868,7 @@ argv_assemble(int argc, char **argv) struct sshbuf *buf, *arg; if ((buf = sshbuf_new()) == NULL || (arg = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); for (i = 0; i < argc; i++) { ws = 0; @@ -1903,17 +1893,16 @@ argv_assemble(int argc, char **argv) break; } if (r != 0) - fatal("%s: sshbuf_put_u8: %s", - __func__, ssh_err(r)); + fatal_fr(r, "sshbuf_put_u8"); } if ((i != 0 && (r = sshbuf_put_u8(buf, ' ')) != 0) || (ws != 0 && (r = sshbuf_put_u8(buf, '"')) != 0) || (r = sshbuf_putb(buf, arg)) != 0 || (ws != 0 && (r = sshbuf_put_u8(buf, '"')) != 0)) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "assemble"); } if ((ret = malloc(sshbuf_len(buf) + 1)) == NULL) - fatal("%s: malloc failed", __func__); + fatal_f("malloc failed"); memcpy(ret, sshbuf_ptr(buf), sshbuf_len(buf)); ret[sshbuf_len(buf)] = '\0'; sshbuf_free(buf); @@ -1929,7 +1918,7 @@ exited_cleanly(pid_t pid, const char *tag, const char *cmd, int quiet) while (waitpid(pid, &status, 0) == -1) { if (errno != EINTR) { - error("%s: waitpid: %s", tag, strerror(errno)); + error("%s waitpid: %s", tag, strerror(errno)); return -1; } } @@ -2332,14 +2321,14 @@ stdfd_devnull(int do_stdin, int do_stdout, int do_stderr) int devnull, ret = 0; if ((devnull = open(_PATH_DEVNULL, O_RDWR)) == -1) { - error("%s: open %s: %s", __func__, _PATH_DEVNULL, + error_f("open %s: %s", _PATH_DEVNULL, strerror(errno)); return -1; } if ((do_stdin && dup2(devnull, STDIN_FILENO) == -1) || (do_stdout && dup2(devnull, STDOUT_FILENO) == -1) || (do_stderr && dup2(devnull, STDERR_FILENO) == -1)) { - error("%s: dup2: %s", __func__, strerror(errno)); + error_f("dup2: %s", strerror(errno)); ret = -1; } if (devnull > STDERR_FILENO) diff --git a/usr.bin/ssh/monitor.c b/usr.bin/ssh/monitor.c index a298834fcf0..d71520b0d53 100644 --- a/usr.bin/ssh/monitor.c +++ b/usr.bin/ssh/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.216 2020/10/18 11:21:59 djm Exp $ */ +/* $OpenBSD: monitor.c,v 1.217 2020/10/18 11:32:01 djm Exp $ */ /* * Copyright 2002 Niels Provos <provos@citi.umich.edu> * Copyright 2002 Markus Friedl <markus@openbsd.org> @@ -261,8 +261,7 @@ monitor_child_preauth(struct ssh *ssh, struct monitor *pmonitor) if (authenticated && !auth2_update_methods_lists(authctxt, auth_method, auth_submethod)) { - debug3("%s: method %s: partial", __func__, - auth_method); + debug3_f("method %s: partial", auth_method); authenticated = 0; partial = 1; } @@ -270,8 +269,8 @@ monitor_child_preauth(struct ssh *ssh, struct monitor *pmonitor) if (authenticated) { if (!(ent->flags & MON_AUTHDECIDE)) - fatal("%s: unexpected authentication from %d", - __func__, ent->type); + fatal_f("unexpected authentication from %d", + ent->type); if (authctxt->pw->pw_uid == 0 && !auth_root_allowed(ssh, auth_method)) authenticated = 0; @@ -289,12 +288,11 @@ monitor_child_preauth(struct ssh *ssh, struct monitor *pmonitor) } if (!authctxt->valid) - fatal("%s: authenticated invalid user", __func__); + fatal_f("authenticated invalid user"); if (strcmp(auth_method, "unknown") == 0) - fatal("%s: authentication method name unknown", __func__); + fatal_f("authentication method name unknown"); - debug("%s: %s has been authenticated by privileged process", - __func__, authctxt->user); + debug_f("user %s authenticated by privileged process", authctxt->user); ssh->authctxt = NULL; ssh_packet_set_log_preamble(ssh, "user %s", authctxt->user); @@ -360,38 +358,38 @@ monitor_read_log(struct monitor *pmonitor) int r; if ((logmsg = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new", __func__); + fatal_f("sshbuf_new"); /* Read length */ if ((r = sshbuf_reserve(logmsg, 4, &p)) != 0) - fatal("%s: reserve: %s", __func__, ssh_err(r)); + fatal_fr(r, "reserve len"); if (atomicio(read, pmonitor->m_log_recvfd, p, 4) != 4) { if (errno == EPIPE) { sshbuf_free(logmsg); - debug("%s: child log fd closed", __func__); + debug_f("child log fd closed"); close(pmonitor->m_log_recvfd); pmonitor->m_log_recvfd = -1; return -1; } - fatal("%s: log fd read: %s", __func__, strerror(errno)); + fatal_f("log fd read: %s", strerror(errno)); } if ((r = sshbuf_get_u32(logmsg, &len)) != 0) - fatal("%s: get len: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse len"); if (len <= 4 || len > 8192) - fatal("%s: invalid log message length %u", __func__, len); + fatal_f("invalid log message length %u", len); /* Read severity, message */ sshbuf_reset(logmsg); if ((r = sshbuf_reserve(logmsg, len, &p)) != 0) - fatal("%s: reserve: %s", __func__, ssh_err(r)); + fatal_fr(r, "reserve msg"); if (atomicio(read, pmonitor->m_log_recvfd, p, len) != len) - fatal("%s: log fd read: %s", __func__, strerror(errno)); + fatal_f("log fd read: %s", strerror(errno)); if ((r = sshbuf_get_cstring(logmsg, &file, NULL)) != 0 || (r = sshbuf_get_cstring(logmsg, &func, NULL)) != 0 || (r = sshbuf_get_u32(logmsg, &line)) != 0 || (r = sshbuf_get_u32(logmsg, &level)) != 0 || (r = sshbuf_get_cstring(logmsg, &msg, NULL)) != 0) - fatal("%s: decode: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse"); /* Log it */ if (log_level_name(level) == NULL) @@ -424,7 +422,7 @@ monitor_read(struct ssh *ssh, struct monitor *pmonitor, struct mon_table *ent, if (poll(pfd, pfd[1].fd == -1 ? 1 : 2, -1) == -1) { if (errno == EINTR || errno == EAGAIN) continue; - fatal("%s: poll: %s", __func__, strerror(errno)); + fatal_f("poll: %s", strerror(errno)); } if (pfd[1].revents) { /* @@ -439,13 +437,13 @@ monitor_read(struct ssh *ssh, struct monitor *pmonitor, struct mon_table *ent, } if ((m = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new", __func__); + fatal_f("sshbuf_new"); mm_request_receive(pmonitor->m_sendfd, m); if ((r = sshbuf_get_u8(m, &type)) != 0) - fatal("%s: decode: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse type"); - debug3("%s: checking request %d", __func__, type); + debug3_f("checking request %d", type); while (ent->f != NULL) { if (ent->type == type) @@ -455,15 +453,13 @@ monitor_read(struct ssh *ssh, struct monitor *pmonitor, struct mon_table *ent, if (ent->f != NULL) { if (!(ent->flags & MON_PERMIT)) - fatal("%s: unpermitted request %d", __func__, - type); + fatal_f("unpermitted request %d", type); ret = (*ent->f)(ssh, pmonitor->m_sendfd, m); sshbuf_free(m); /* The child may use this request only once, disable it */ if (ent->flags & MON_ONCE) { - debug2("%s: %d used once, disabling now", __func__, - type); + debug2_f("%d used once, disabling now", type); ent->flags &= ~MON_PERMIT; } @@ -473,7 +469,7 @@ monitor_read(struct ssh *ssh, struct monitor *pmonitor, struct mon_table *ent, return ret; } - fatal("%s: unsupported request: %d", __func__, type); + fatal_f("unsupported request: %d", type); /* NOTREACHED */ return (-1); @@ -518,21 +514,19 @@ mm_answer_moduli(struct ssh *ssh, int sock, struct sshbuf *m) if ((r = sshbuf_get_u32(m, &min)) != 0 || (r = sshbuf_get_u32(m, &want)) != 0 || (r = sshbuf_get_u32(m, &max)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse"); - debug3("%s: got parameters: %d %d %d", - __func__, min, want, max); + debug3_f("got parameters: %d %d %d", min, want, max); /* We need to check here, too, in case the child got corrupted */ if (max < min || want < min || max < want) - fatal("%s: bad parameters: %d %d %d", - __func__, min, want, max); + fatal_f("bad parameters: %d %d %d", min, want, max); sshbuf_reset(m); dh = choose_dh(min, want, max); if (dh == NULL) { if ((r = sshbuf_put_u8(m, 0)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "assemble empty"); return (0); } else { /* Send first bignum */ @@ -540,7 +534,7 @@ mm_answer_moduli(struct ssh *ssh, int sock, struct sshbuf *m) if ((r = sshbuf_put_u8(m, 1)) != 0 || (r = sshbuf_put_bignum2(m, dh_p)) != 0 || (r = sshbuf_put_bignum2(m, dh_g)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "assemble"); DH_free(dh); } @@ -562,15 +556,15 @@ mm_answer_sign(struct ssh *ssh, int sock, struct sshbuf *m) u_int keyid, compat; const char proof_req[] = "hostkeys-prove-00@openssh.com"; - debug3("%s", __func__); + debug3_f("entering"); if ((r = sshbuf_get_u32(m, &keyid)) != 0 || (r = sshbuf_get_string(m, &p, &datlen)) != 0 || (r = sshbuf_get_cstring(m, &alg, &alglen)) != 0 || (r = sshbuf_get_u32(m, &compat)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse"); if (keyid > INT_MAX) - fatal("%s: invalid key ID", __func__); + fatal_f("invalid key ID"); /* * Supported KEX types use SHA1 (20 bytes), SHA256 (32 bytes), @@ -589,21 +583,20 @@ mm_answer_sign(struct ssh *ssh, int sock, struct sshbuf *m) * the client sent us. */ if (session_id2_len == 0) /* hostkeys is never first */ - fatal("%s: bad data length: %zu", __func__, datlen); + fatal_f("bad data length: %zu", datlen); if ((key = get_hostkey_public_by_index(keyid, ssh)) == NULL) - fatal("%s: no hostkey for index %d", __func__, keyid); + fatal_f("no hostkey for index %d", keyid); if ((sigbuf = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new", __func__); + fatal_f("sshbuf_new"); if ((r = sshbuf_put_cstring(sigbuf, proof_req)) != 0 || (r = sshbuf_put_string(sigbuf, session_id2, session_id2_len)) != 0 || (r = sshkey_puts(key, sigbuf)) != 0) - fatal("%s: couldn't prepare private key " - "proof buffer: %s", __func__, ssh_err(r)); + fatal_fr(r, "assemble private key proof"); if (datlen != sshbuf_len(sigbuf) || memcmp(p, sshbuf_ptr(sigbuf), sshbuf_len(sigbuf)) != 0) - fatal("%s: bad data length: %zu, hostkey proof len %zu", - __func__, datlen, sshbuf_len(sigbuf)); + fatal_f("bad data length: %zu, hostkey proof len %zu", + datlen, sshbuf_len(sigbuf)); sshbuf_free(sigbuf); is_proof = 1; } @@ -618,24 +611,21 @@ mm_answer_sign(struct ssh *ssh, int sock, struct sshbuf *m) if ((key = get_hostkey_by_index(keyid)) != NULL) { if ((r = sshkey_sign(key, &signature, &siglen, p, datlen, alg, options.sk_provider, NULL, compat)) != 0) - fatal("%s: sshkey_sign failed: %s", - __func__, ssh_err(r)); + fatal_fr(r, "sign"); } else if ((key = get_hostkey_public_by_index(keyid, ssh)) != NULL && auth_sock > 0) { if ((r = ssh_agent_sign(auth_sock, key, &signature, &siglen, - p, datlen, alg, compat)) != 0) { - fatal("%s: ssh_agent_sign failed: %s", - __func__, ssh_err(r)); - } + p, datlen, alg, compat)) != 0) + fatal_fr(r, "agent sign"); } else - fatal("%s: no hostkey from index %d", __func__, keyid); + fatal_f("no hostkey from index %d", keyid); - debug3("%s: %s signature %p(%zu)", __func__, - is_proof ? "hostkey proof" : "KEX", signature, siglen); + debug3_f("%s signature %p(%zu)", is_proof ? "hostkey proof" : "KEX", + signature, siglen); sshbuf_reset(m); if ((r = sshbuf_put_string(m, signature, siglen)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "assemble"); free(alg); free(p); @@ -659,13 +649,13 @@ mm_answer_pwnamallow(struct ssh *ssh, int sock, struct sshbuf *m) int r, allowed = 0; u_int i; - debug3("%s", __func__); + debug3_f("entering"); if (authctxt->attempt++ != 0) - fatal("%s: multiple attempts for getpwnam", __func__); + fatal_f("multiple attempts for getpwnam"); if ((r = sshbuf_get_cstring(m, &username, NULL)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse"); pwent = getpwnamallow(ssh, username); @@ -677,7 +667,7 @@ mm_answer_pwnamallow(struct ssh *ssh, int sock, struct sshbuf *m) if (pwent == NULL) { if ((r = sshbuf_put_u8(m, 0)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "assemble fakepw"); authctxt->pw = fakepw(); goto out; } @@ -695,26 +685,23 @@ mm_answer_pwnamallow(struct ssh *ssh, int sock, struct sshbuf *m) (r = sshbuf_put_cstring(m, pwent->pw_class)) != 0 || (r = sshbuf_put_cstring(m, pwent->pw_dir)) != 0 || (r = sshbuf_put_cstring(m, pwent->pw_shell)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "assemble pw"); out: ssh_packet_set_log_preamble(ssh, "%suser %s", authctxt->valid ? "authenticating" : "invalid ", authctxt->user); if ((r = sshbuf_put_string(m, &options, sizeof(options))) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "assemble options"); #define M_CP_STROPT(x) do { \ - if (options.x != NULL) { \ - if ((r = sshbuf_put_cstring(m, options.x)) != 0) \ - fatal("%s: buffer error: %s", \ - __func__, ssh_err(r)); \ - } \ + if (options.x != NULL && \ + (r = sshbuf_put_cstring(m, options.x)) != 0) \ + fatal_fr(r, "assemble %s", #x); \ } while (0) #define M_CP_STRARRAYOPT(x, nx) do { \ for (i = 0; i < options.nx; i++) { \ if ((r = sshbuf_put_cstring(m, options.x[i])) != 0) \ - fatal("%s: buffer error: %s", \ - __func__, ssh_err(r)); \ + fatal_fr(r, "assemble %s", #x); \ } \ } while (0) /* See comment in servconf.h */ @@ -729,10 +716,10 @@ mm_answer_pwnamallow(struct ssh *ssh, int sock, struct sshbuf *m) * run to it's packet_disconnect(), but it must not allow any * authentication to succeed. */ - debug("%s: no valid authentication method lists", __func__); + debug_f("no valid authentication method lists"); } - debug3("%s: sending MONITOR_ANS_PWNAM: %d", __func__, allowed); + debug3_f("sending MONITOR_ANS_PWNAM: %d", allowed); mm_request_send(sock, MONITOR_ANS_PWNAM, m); /* Allow service/style information on the auth context */ @@ -750,7 +737,7 @@ int mm_answer_auth2_read_banner(struct ssh *ssh, int sock, struct sshbuf *m) sshbuf_reset(m); banner = auth2_read_banner(); if ((r = sshbuf_put_cstring(m, banner != NULL ? banner : "")) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "assemble"); mm_request_send(sock, MONITOR_ANS_AUTH2_READ_BANNER, m); free(banner); @@ -766,9 +753,8 @@ mm_answer_authserv(struct ssh *ssh, int sock, struct sshbuf *m) if ((r = sshbuf_get_cstring(m, &authctxt->service, NULL)) != 0 || (r = sshbuf_get_cstring(m, &authctxt->style, NULL)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); - debug3("%s: service=%s, style=%s", - __func__, authctxt->service, authctxt->style); + fatal_fr(r, "parse"); + debug3_f("service=%s, style=%s", authctxt->service, authctxt->style); if (strlen(authctxt->style) == 0) { free(authctxt->style); @@ -787,9 +773,9 @@ mm_answer_authpassword(struct ssh *ssh, int sock, struct sshbuf *m) size_t plen; if (!options.password_authentication) - fatal("%s: password authentication not enabled", __func__); + fatal_f("password authentication not enabled"); if ((r = sshbuf_get_cstring(m, &passwd, &plen)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse"); /* Only authenticate if the context is valid */ authenticated = options.password_authentication && auth_password(ssh, passwd); @@ -797,9 +783,9 @@ mm_answer_authpassword(struct ssh *ssh, int sock, struct sshbuf *m) sshbuf_reset(m); if ((r = sshbuf_put_u32(m, authenticated)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "assemble"); - debug3("%s: sending result %d", __func__, authenticated); + debug3_f("sending result %d", authenticated); mm_request_send(sock, MONITOR_ANS_AUTHPASSWORD, m); call_count++; @@ -821,19 +807,19 @@ mm_answer_bsdauthquery(struct ssh *ssh, int sock, struct sshbuf *m) int r; if (!options.kbd_interactive_authentication) - fatal("%s: kbd-int authentication not enabled", __func__); + fatal_f("kbd-int authentication not enabled"); success = bsdauth_query(authctxt, &name, &infotxt, &numprompts, &prompts, &echo_on) < 0 ? 0 : 1; sshbuf_reset(m); if ((r = sshbuf_put_u32(m, success)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "assemble"); if (success) { if ((r = sshbuf_put_cstring(m, prompts[0])) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "assemble prompt"); } - debug3("%s: sending challenge success: %u", __func__, success); + debug3_f("sending challenge success: %u", success); mm_request_send(sock, MONITOR_ANS_BSDAUTHQUERY, m); if (success) { @@ -853,23 +839,23 @@ mm_answer_bsdauthrespond(struct ssh *ssh, int sock, struct sshbuf *m) int r, authok; if (!options.kbd_interactive_authentication) - fatal("%s: kbd-int authentication not enabled", __func__); + fatal_f("kbd-int authentication not enabled"); if (authctxt->as == NULL) - fatal("%s: no bsd auth session", __func__); + fatal_f("no bsd auth session"); if ((r = sshbuf_get_cstring(m, &response, NULL)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse"); authok = options.challenge_response_authentication && auth_userresponse(authctxt->as, response, 0); authctxt->as = NULL; - debug3("%s: <%s> = <%d>", __func__, response, authok); + debug3_f("<%s> = <%d>", response, authok); free(response); sshbuf_reset(m); if ((r = sshbuf_put_u32(m, authok)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "assemble"); - debug3("%s: sending authenticated: %d", __func__, authok); + debug3_f("sending authenticated: %d", authok); mm_request_send(sock, MONITOR_ANS_BSDAUTHRESPOND, m); auth_method = "keyboard-interactive"; @@ -917,21 +903,21 @@ mm_answer_keyallowed(struct ssh *ssh, int sock, struct sshbuf *m) int r, allowed = 0; struct sshauthopt *opts = NULL; - debug3("%s entering", __func__); + debug3_f("entering"); if ((r = sshbuf_get_u32(m, &type)) != 0 || (r = sshbuf_get_cstring(m, &cuser, NULL)) != 0 || (r = sshbuf_get_cstring(m, &chost, NULL)) != 0 || (r = sshkey_froms(m, &key)) != 0 || (r = sshbuf_get_u32(m, &pubkey_auth_attempt)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse"); - debug3("%s: key_from_blob: %p", __func__, key); + debug3_f("key_from_blob: %p", key); if (key != NULL && authctxt->valid) { /* These should not make it past the privsep child */ if (sshkey_type_plain(key->type) == KEY_RSA && (datafellows & SSH_BUG_RSASIGMD5) != 0) - fatal("%s: passed a SSH_BUG_RSASIGMD5 key", __func__); + fatal_f("passed a SSH_BUG_RSASIGMD5 key"); switch (type) { case MM_USERKEY: @@ -962,13 +948,13 @@ mm_answer_keyallowed(struct ssh *ssh, int sock, struct sshbuf *m) cuser, chost); break; default: - fatal("%s: unknown key type %d", __func__, type); + fatal_f("unknown key type %d", type); break; } } - debug3("%s: %s authentication%s: %s key is %s", __func__, - auth_method, pubkey_auth_attempt ? "" : " test", + debug3_f("%s authentication%s: %s key is %s", auth_method, + pubkey_auth_attempt ? "" : " test", (key == NULL || !authctxt->valid) ? "invalid" : sshkey_type(key), allowed ? "allowed" : "not allowed"); @@ -980,7 +966,7 @@ mm_answer_keyallowed(struct ssh *ssh, int sock, struct sshbuf *m) if (allowed) { /* Save temporarily for comparison in verify */ if ((r = sshkey_to_blob(key, &key_blob, &key_bloblen)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "sshkey_to_blob"); key_blobtype = type; key_opts = opts; hostbased_cuser = cuser; @@ -995,9 +981,9 @@ mm_answer_keyallowed(struct ssh *ssh, int sock, struct sshbuf *m) sshbuf_reset(m); if ((r = sshbuf_put_u32(m, allowed)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "assemble"); if (opts != NULL && (r = sshauthopt_serialise(opts, m, 1)) != 0) - fatal("%s: sshauthopt_serialise: %s", __func__, ssh_err(r)); + fatal_fr(r, "sshauthopt_serialise"); mm_request_send(sock, MONITOR_ANS_KEYALLOWED, m); if (!allowed) @@ -1017,7 +1003,7 @@ monitor_valid_userblob(const u_char *data, u_int datalen) int r, fail = 0; if ((b = sshbuf_from(data, datalen)) == NULL) - fatal("%s: sshbuf_from", __func__); + fatal_f("sshbuf_from"); if (datafellows & SSH_OLD_SESSIONID) { p = sshbuf_ptr(b); @@ -1027,21 +1013,21 @@ monitor_valid_userblob(const u_char *data, u_int datalen) (timingsafe_bcmp(p, session_id2, session_id2_len) != 0)) fail++; if ((r = sshbuf_consume(b, session_id2_len)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "consume"); } else { if ((r = sshbuf_get_string_direct(b, &p, &len)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse sessionid"); if ((session_id2 == NULL) || (len != session_id2_len) || (timingsafe_bcmp(p, session_id2, session_id2_len) != 0)) fail++; } if ((r = sshbuf_get_u8(b, &type)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse type"); if (type != SSH2_MSG_USERAUTH_REQUEST) fail++; if ((r = sshbuf_get_cstring(b, &cp, NULL)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse userstyle"); xasprintf(&userstyle, "%s%s%s", authctxt->user, authctxt->style ? ":" : "", authctxt->style ? authctxt->style : ""); @@ -1054,17 +1040,17 @@ monitor_valid_userblob(const u_char *data, u_int datalen) free(cp); if ((r = sshbuf_skip_string(b)) != 0 || /* service */ (r = sshbuf_get_cstring(b, &cp, NULL)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse method"); if (strcmp("publickey", cp) != 0) fail++; free(cp); if ((r = sshbuf_get_u8(b, &type)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse pktype"); if (type == 0) fail++; if ((r = sshbuf_skip_string(b)) != 0 || /* pkalg */ (r = sshbuf_skip_string(b)) != 0) /* pkblob */ - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse pk"); if (sshbuf_len(b) != 0) fail++; sshbuf_free(b); @@ -1083,9 +1069,9 @@ monitor_valid_hostbasedblob(const u_char *data, u_int datalen, u_char type; if ((b = sshbuf_from(data, datalen)) == NULL) - fatal("%s: sshbuf_new", __func__); + fatal_f("sshbuf_new"); if ((r = sshbuf_get_string_direct(b, &p, &len)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse sessionid"); if ((session_id2 == NULL) || (len != session_id2_len) || @@ -1093,11 +1079,11 @@ monitor_valid_hostbasedblob(const u_char *data, u_int datalen, fail++; if ((r = sshbuf_get_u8(b, &type)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse type"); if (type != SSH2_MSG_USERAUTH_REQUEST) fail++; if ((r = sshbuf_get_cstring(b, &cp, NULL)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse userstyle"); xasprintf(&userstyle, "%s%s%s", authctxt->user, authctxt->style ? ":" : "", authctxt->style ? authctxt->style : ""); @@ -1110,17 +1096,17 @@ monitor_valid_hostbasedblob(const u_char *data, u_int datalen, free(cp); if ((r = sshbuf_skip_string(b)) != 0 || /* service */ (r = sshbuf_get_cstring(b, &cp, NULL)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse method"); if (strcmp(cp, "hostbased") != 0) fail++; free(cp); if ((r = sshbuf_skip_string(b)) != 0 || /* pkalg */ (r = sshbuf_skip_string(b)) != 0) /* pkblob */ - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse pk"); /* verify client host, strip trailing dot if necessary */ if ((r = sshbuf_get_cstring(b, &cp, NULL)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse host"); if (((len = strlen(cp)) > 0) && cp[len - 1] == '.') cp[len - 1] = '\0'; if (strcmp(cp, chost) != 0) @@ -1129,7 +1115,7 @@ monitor_valid_hostbasedblob(const u_char *data, u_int datalen, /* verify client user */ if ((r = sshbuf_get_cstring(b, &cp, NULL)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse ruser"); if (strcmp(cp, cuser) != 0) fail++; free(cp); @@ -1155,11 +1141,11 @@ mm_answer_keyverify(struct ssh *ssh, int sock, struct sshbuf *m) (r = sshbuf_get_string_direct(m, &signature, &signaturelen)) != 0 || (r = sshbuf_get_string_direct(m, &data, &datalen)) != 0 || (r = sshbuf_get_cstring(m, &sigalg, NULL)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse"); if (hostbased_cuser == NULL || hostbased_chost == NULL || !monitor_allowed_key(blob, bloblen)) - fatal("%s: bad key, not previously allowed", __func__); + fatal_f("bad key, not previously allowed"); /* Empty signature algorithm means NULL. */ if (*sigalg == '\0') { @@ -1169,7 +1155,7 @@ mm_answer_keyverify(struct ssh *ssh, int sock, struct sshbuf *m) /* XXX use sshkey_froms here; need to change key_blob, etc. */ if ((r = sshkey_from_blob(blob, bloblen, &key)) != 0) - fatal("%s: bad public key blob: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse key"); switch (key_blobtype) { case MM_USERKEY: @@ -1186,15 +1172,15 @@ mm_answer_keyverify(struct ssh *ssh, int sock, struct sshbuf *m) break; } if (!valid_data) - fatal("%s: bad signature data blob", __func__); + fatal_f("bad signature data blob"); if ((fp = sshkey_fingerprint(key, options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) - fatal("%s: sshkey_fingerprint failed", __func__); + fatal_f("sshkey_fingerprint failed"); ret = sshkey_verify(key, signature, signaturelen, data, datalen, sigalg, ssh->compat, &sig_details); - debug3("%s: %s %p signature %s%s%s", __func__, auth_method, key, + debug3_f("%s %p signature %s%s%s", auth_method, key, (ret == 0) ? "verified" : "unverified", (ret != 0) ? ": " : "", (ret != 0) ? ssh_err(ret) : ""); @@ -1238,11 +1224,11 @@ mm_answer_keyverify(struct ssh *ssh, int sock, struct sshbuf *m) encoded_ret = (ret != 0); if ((r = sshbuf_put_u32(m, encoded_ret)) != 0 || (r = sshbuf_put_u8(m, sig_details != NULL)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "assemble"); if (sig_details != NULL) { if ((r = sshbuf_put_u32(m, sig_details->sk_counter)) != 0 || (r = sshbuf_put_u8(m, sig_details->sk_flags)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "assemble sk"); } sshkey_sig_details_free(sig_details); mm_request_send(sock, MONITOR_ANS_KEYVERIFY, m); @@ -1282,9 +1268,9 @@ mm_record_login(struct ssh *ssh, Session *s, struct passwd *pw) static void mm_session_close(Session *s) { - debug3("%s: session %d pid %ld", __func__, s->self, (long)s->pid); + debug3_f("session %d pid %ld", s->self, (long)s->pid); if (s->ttyfd != -1) { - debug3("%s: tty %s ptyfd %d", __func__, s->tty, s->ptyfd); + debug3_f("tty %s ptyfd %d", s->tty, s->ptyfd); session_pty_cleanup2(s); } session_unused(s->self); @@ -1297,7 +1283,7 @@ mm_answer_pty(struct ssh *ssh, int sock, struct sshbuf *m) Session *s; int r, res, fd0; - debug3("%s entering", __func__); + debug3_f("entering"); sshbuf_reset(m); s = session_new(); @@ -1313,11 +1299,11 @@ mm_answer_pty(struct ssh *ssh, int sock, struct sshbuf *m) if ((r = sshbuf_put_u32(m, 1)) != 0 || (r = sshbuf_put_cstring(m, s->tty)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "assemble"); /* We need to trick ttyslot */ if (dup2(s->ttyfd, 0) == -1) - fatal("%s: dup2", __func__); + fatal_f("dup2"); mm_record_login(ssh, s, authctxt->pw); @@ -1326,20 +1312,20 @@ mm_answer_pty(struct ssh *ssh, int sock, struct sshbuf *m) /* send messages generated by record_login */ if ((r = sshbuf_put_stringb(m, loginmsg)) != 0) - fatal("%s: put login message: %s", __func__, ssh_err(r)); + fatal_fr(r, "assemble loginmsg"); sshbuf_reset(loginmsg); mm_request_send(sock, MONITOR_ANS_PTY, m); if (mm_send_fd(sock, s->ptyfd) == -1 || mm_send_fd(sock, s->ttyfd) == -1) - fatal("%s: send fds failed", __func__); + fatal_f("send fds failed"); /* make sure nothing uses fd 0 */ if ((fd0 = open(_PATH_DEVNULL, O_RDONLY)) == -1) - fatal("%s: open(/dev/null): %s", __func__, strerror(errno)); + fatal_f("open(/dev/null): %s", strerror(errno)); if (fd0 != 0) - error("%s: fd0 %d != 0", __func__, fd0); + error_f("fd0 %d != 0", fd0); /* slave side of pty is not needed */ close(s->ttyfd); @@ -1347,7 +1333,7 @@ mm_answer_pty(struct ssh *ssh, int sock, struct sshbuf *m) /* no need to dup() because nobody closes ptyfd */ s->ptymaster = s->ptyfd; - debug3("%s: tty %s ptyfd %d", __func__, s->tty, s->ttyfd); + debug3_f("tty %s ptyfd %d", s->tty, s->ttyfd); return (0); @@ -1355,7 +1341,7 @@ mm_answer_pty(struct ssh *ssh, int sock, struct sshbuf *m) if (s != NULL) mm_session_close(s); if ((r = sshbuf_put_u32(m, 0)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "assemble 0"); mm_request_send(sock, MONITOR_ANS_PTY, m); return (0); } @@ -1367,10 +1353,10 @@ mm_answer_pty_cleanup(struct ssh *ssh, int sock, struct sshbuf *m) char *tty; int r; - debug3("%s entering", __func__); + debug3_f("entering"); if ((r = sshbuf_get_cstring(m, &tty, NULL)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse tty"); if ((s = session_by_tty(tty)) != NULL) mm_session_close(s); sshbuf_reset(m); @@ -1384,7 +1370,7 @@ mm_answer_term(struct ssh *ssh, int sock, struct sshbuf *req) extern struct monitor *pmonitor; int res, status; - debug3("%s: tearing down sessions", __func__); + debug3_f("tearing down sessions"); /* The child is terminating */ session_destroy_all(ssh, &mm_session_close); @@ -1414,9 +1400,9 @@ monitor_apply_keystate(struct ssh *ssh, struct monitor *pmonitor) struct kex *kex; int r; - debug3("%s: packet_set_state", __func__); + debug3_f("packet_set_state"); if ((r = ssh_packet_set_state(ssh, child_state)) != 0) - fatal("%s: packet_set_state: %s", __func__, ssh_err(r)); + fatal_fr(r, "packet_set_state"); sshbuf_free(child_state); child_state = NULL; @@ -1446,13 +1432,13 @@ monitor_apply_keystate(struct ssh *ssh, struct monitor *pmonitor) void mm_get_keystate(struct ssh *ssh, struct monitor *pmonitor) { - debug3("%s: Waiting for new keys", __func__); + debug3_f("Waiting for new keys"); if ((child_state = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); mm_request_receive_expect(pmonitor->m_sendfd, MONITOR_REQ_KEYEXPORT, child_state); - debug3("%s: GOT new keys", __func__); + debug3_f("GOT new keys"); } @@ -1472,7 +1458,7 @@ monitor_openfds(struct monitor *mon, int do_logfds) #endif if (socketpair(AF_UNIX, SOCK_STREAM, 0, pair) == -1) - fatal("%s: socketpair: %s", __func__, strerror(errno)); + fatal_f("socketpair: %s", strerror(errno)); #ifdef SO_ZEROIZE if (setsockopt(pair[0], SOL_SOCKET, SO_ZEROIZE, &on, sizeof(on)) == -1) error("setsockopt SO_ZEROIZE(0): %.100s", strerror(errno)); @@ -1486,7 +1472,7 @@ monitor_openfds(struct monitor *mon, int do_logfds) if (do_logfds) { if (pipe(pair) == -1) - fatal("%s: pipe: %s", __func__, strerror(errno)); + fatal_f("pipe: %s", strerror(errno)); FD_CLOSEONEXEC(pair[0]); FD_CLOSEONEXEC(pair[1]); mon->m_log_recvfd = pair[0]; @@ -1525,10 +1511,10 @@ mm_answer_gss_setup_ctx(struct ssh *ssh, int sock, struct sshbuf *m) int r; if (!options.gss_authentication) - fatal("%s: GSSAPI authentication not enabled", __func__); + fatal_f("GSSAPI authentication not enabled"); if ((r = sshbuf_get_string(m, &p, &len)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse"); goid.elements = p; goid.length = len; @@ -1538,7 +1524,7 @@ mm_answer_gss_setup_ctx(struct ssh *ssh, int sock, struct sshbuf *m) sshbuf_reset(m); if ((r = sshbuf_put_u32(m, major)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "assemble"); mm_request_send(sock, MONITOR_ANS_GSSSETUP, m); @@ -1558,10 +1544,10 @@ mm_answer_gss_accept_ctx(struct ssh *ssh, int sock, struct sshbuf *m) int r; if (!options.gss_authentication) - fatal("%s: GSSAPI authentication not enabled", __func__); + fatal_f("GSSAPI authentication not enabled"); if ((r = ssh_gssapi_get_buffer_desc(m, &in)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "ssh_gssapi_get_buffer_desc"); major = ssh_gssapi_accept_ctx(gsscontext, &in, &out, &flags); free(in.value); @@ -1569,7 +1555,7 @@ mm_answer_gss_accept_ctx(struct ssh *ssh, int sock, struct sshbuf *m) if ((r = sshbuf_put_u32(m, major)) != 0 || (r = sshbuf_put_string(m, out.value, out.length)) != 0 || (r = sshbuf_put_u32(m, flags)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "assemble"); mm_request_send(sock, MONITOR_ANS_GSSSTEP, m); gss_release_buffer(&minor, &out); @@ -1590,11 +1576,11 @@ mm_answer_gss_checkmic(struct ssh *ssh, int sock, struct sshbuf *m) int r; if (!options.gss_authentication) - fatal("%s: GSSAPI authentication not enabled", __func__); + fatal_f("GSSAPI authentication not enabled"); if ((r = ssh_gssapi_get_buffer_desc(m, &gssbuf)) != 0 || (r = ssh_gssapi_get_buffer_desc(m, &mic)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "ssh_gssapi_get_buffer_desc"); ret = ssh_gssapi_checkmic(gsscontext, &gssbuf, &mic); @@ -1603,7 +1589,7 @@ mm_answer_gss_checkmic(struct ssh *ssh, int sock, struct sshbuf *m) sshbuf_reset(m); if ((r = sshbuf_put_u32(m, ret)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "assemble"); mm_request_send(sock, MONITOR_ANS_GSSCHECKMIC, m); @@ -1620,15 +1606,15 @@ mm_answer_gss_userok(struct ssh *ssh, int sock, struct sshbuf *m) const char *displayname; if (!options.gss_authentication) - fatal("%s: GSSAPI authentication not enabled", __func__); + fatal_f("GSSAPI authentication not enabled"); authenticated = authctxt->valid && ssh_gssapi_userok(authctxt->user); sshbuf_reset(m); if ((r = sshbuf_put_u32(m, authenticated)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "assemble"); - debug3("%s: sending result %d", __func__, authenticated); + debug3_f("sending result %d", authenticated); mm_request_send(sock, MONITOR_ANS_GSSUSEROK, m); auth_method = "gssapi-with-mic"; diff --git a/usr.bin/ssh/monitor_fdpass.c b/usr.bin/ssh/monitor_fdpass.c index 06278bd9aeb..abba641dd80 100644 --- a/usr.bin/ssh/monitor_fdpass.c +++ b/usr.bin/ssh/monitor_fdpass.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_fdpass.c,v 1.21 2016/02/29 20:22:36 jca Exp $ */ +/* $OpenBSD: monitor_fdpass.c,v 1.22 2020/10/18 11:32:01 djm Exp $ */ /* * Copyright 2001 Niels Provos <provos@citi.umich.edu> * All rights reserved. @@ -69,17 +69,16 @@ mm_send_fd(int sock, int fd) pfd.events = POLLOUT; while ((n = sendmsg(sock, &msg, 0)) == -1 && (errno == EAGAIN || errno == EINTR)) { - debug3("%s: sendmsg(%d): %s", __func__, fd, strerror(errno)); + debug3_f("sendmsg(%d): %s", fd, strerror(errno)); (void)poll(&pfd, 1, -1); } if (n == -1) { - error("%s: sendmsg(%d): %s", __func__, fd, - strerror(errno)); + error_f("sendmsg(%d): %s", fd, strerror(errno)); return -1; } if (n != 1) { - error("%s: sendmsg: expected sent 1 got %zd", __func__, n); + error_f("sendmsg: expected sent 1 got %zd", n); return -1; } return 0; @@ -113,28 +112,27 @@ mm_receive_fd(int sock) pfd.events = POLLIN; while ((n = recvmsg(sock, &msg, 0)) == -1 && (errno == EAGAIN || errno == EINTR)) { - debug3("%s: recvmsg: %s", __func__, strerror(errno)); + debug3_f("recvmsg: %s", strerror(errno)); (void)poll(&pfd, 1, -1); } if (n == -1) { - error("%s: recvmsg: %s", __func__, strerror(errno)); + error_f("recvmsg: %s", strerror(errno)); return -1; } if (n != 1) { - error("%s: recvmsg: expected received 1 got %zd", __func__, n); + error_f("recvmsg: expected received 1 got %zd", n); return -1; } cmsg = CMSG_FIRSTHDR(&msg); if (cmsg == NULL) { - error("%s: no message header", __func__); + error_f("no message header"); return -1; } if (cmsg->cmsg_type != SCM_RIGHTS) { - error("%s: expected type %d got %d", __func__, - SCM_RIGHTS, cmsg->cmsg_type); + error_f("expected %d got %d", SCM_RIGHTS, cmsg->cmsg_type); return -1; } fd = (*(int *)CMSG_DATA(cmsg)); diff --git a/usr.bin/ssh/monitor_wrap.c b/usr.bin/ssh/monitor_wrap.c index 050f15f7050..d4ab8620dad 100644 --- a/usr.bin/ssh/monitor_wrap.c +++ b/usr.bin/ssh/monitor_wrap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_wrap.c,v 1.120 2020/10/16 13:26:13 djm Exp $ */ +/* $OpenBSD: monitor_wrap.c,v 1.121 2020/10/18 11:32:01 djm Exp $ */ /* * Copyright 2002 Niels Provos <provos@citi.umich.edu> * Copyright 2002 Markus Friedl <markus@openbsd.org> @@ -87,10 +87,10 @@ mm_log_handler(const char *file, const char *func, int line, size_t len; if (mon->m_log_sendfd == -1) - fatal("%s: no log channel", __func__); + fatal_f("no log channel"); if ((log_msg = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); if ((r = sshbuf_put_u32(log_msg, 0)) != 0 || /* length; filled below */ (r = sshbuf_put_cstring(log_msg, file)) != 0 || @@ -98,13 +98,13 @@ mm_log_handler(const char *file, const char *func, int line, (r = sshbuf_put_u32(log_msg, (u_int)line)) != 0 || (r = sshbuf_put_u32(log_msg, level)) != 0 || (r = sshbuf_put_cstring(log_msg, msg)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "assemble"); if ((len = sshbuf_len(log_msg)) < 4 || len > 0xffffffff) - fatal("%s: bad length %zu", __func__, len); + fatal_f("bad length %zu", len); POKE_U32(sshbuf_mutable_ptr(log_msg), len - 4); if (atomicio(vwrite, mon->m_log_sendfd, sshbuf_mutable_ptr(log_msg), len) != len) - fatal("%s: write: %s", __func__, strerror(errno)); + fatal_f("write: %s", strerror(errno)); sshbuf_free(log_msg); } @@ -124,16 +124,16 @@ mm_request_send(int sock, enum monitor_reqtype type, struct sshbuf *m) size_t mlen = sshbuf_len(m); u_char buf[5]; - debug3("%s entering: type %d", __func__, type); + debug3_f("entering, type %d", type); if (mlen >= 0xffffffff) - fatal("%s: bad length %zu", __func__, mlen); + fatal_f("bad length %zu", mlen); POKE_U32(buf, mlen + 1); buf[4] = (u_char) type; /* 1st byte of payload is mesg-type */ if (atomicio(vwrite, sock, buf, sizeof(buf)) != sizeof(buf)) - fatal("%s: write: %s", __func__, strerror(errno)); + fatal_f("write: %s", strerror(errno)); if (atomicio(vwrite, sock, sshbuf_mutable_ptr(m), mlen) != mlen) - fatal("%s: write: %s", __func__, strerror(errno)); + fatal_f("write: %s", strerror(errno)); } void @@ -143,21 +143,21 @@ mm_request_receive(int sock, struct sshbuf *m) u_int msg_len; int r; - debug3("%s entering", __func__); + debug3_f("entering"); if (atomicio(read, sock, buf, sizeof(buf)) != sizeof(buf)) { if (errno == EPIPE) cleanup_exit(255); - fatal("%s: read: %s", __func__, strerror(errno)); + fatal_f("read: %s", strerror(errno)); } msg_len = PEEK_U32(buf); if (msg_len > 256 * 1024) - fatal("%s: read: bad msg_len %d", __func__, msg_len); + fatal_f("read: bad msg_len %d", msg_len); sshbuf_reset(m); if ((r = sshbuf_reserve(m, msg_len, &p)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "reserve"); if (atomicio(read, sock, p, msg_len) != msg_len) - fatal("%s: read: %s", __func__, strerror(errno)); + fatal_f("read: %s", strerror(errno)); } void @@ -166,14 +166,13 @@ mm_request_receive_expect(int sock, enum monitor_reqtype type, struct sshbuf *m) u_char rtype; int r; - debug3("%s entering: type %d", __func__, type); + debug3_f("entering, type %d", type); mm_request_receive(sock, m); if ((r = sshbuf_get_u8(m, &rtype)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse"); if (rtype != type) - fatal("%s: read: rtype %d != type %d", __func__, - rtype, type); + fatal_f("read: rtype %d != type %d", rtype, type); } #ifdef WITH_OPENSSL @@ -186,27 +185,27 @@ mm_choose_dh(int min, int nbits, int max) struct sshbuf *m; if ((m = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); if ((r = sshbuf_put_u32(m, min)) != 0 || (r = sshbuf_put_u32(m, nbits)) != 0 || (r = sshbuf_put_u32(m, max)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "assemble"); mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_MODULI, m); - debug3("%s: waiting for MONITOR_ANS_MODULI", __func__); + debug3_f("waiting for MONITOR_ANS_MODULI"); mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_MODULI, m); if ((r = sshbuf_get_u8(m, &success)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse success"); if (success == 0) - fatal("%s: MONITOR_ANS_MODULI failed", __func__); + fatal_f("MONITOR_ANS_MODULI failed"); if ((r = sshbuf_get_bignum2(m, &p)) != 0 || (r = sshbuf_get_bignum2(m, &g)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse group"); - debug3("%s: remaining %zu", __func__, sshbuf_len(m)); + debug3_f("remaining %zu", sshbuf_len(m)); sshbuf_free(m); return (dh_new_group(g, p)); @@ -223,21 +222,21 @@ mm_sshkey_sign(struct ssh *ssh, struct sshkey *key, u_char **sigp, size_t *lenp, u_int ndx = kex->host_key_index(key, 0, ssh); int r; - debug3("%s entering", __func__); + debug3_f("entering"); if ((m = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); if ((r = sshbuf_put_u32(m, ndx)) != 0 || (r = sshbuf_put_string(m, data, datalen)) != 0 || (r = sshbuf_put_cstring(m, hostkey_alg)) != 0 || (r = sshbuf_put_u32(m, compat)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "assemble"); mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SIGN, m); - debug3("%s: waiting for MONITOR_ANS_SIGN", __func__); + debug3_f("waiting for MONITOR_ANS_SIGN"); mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_SIGN, m); if ((r = sshbuf_get_string(m, sigp, lenp)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse"); sshbuf_free(m); return (0); @@ -255,20 +254,20 @@ mm_getpwnamallow(struct ssh *ssh, const char *username) u_char ok; const u_char *p; - debug3("%s entering", __func__); + debug3_f("entering"); if ((m = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); if ((r = sshbuf_put_cstring(m, username)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "assemble"); mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PWNAM, m); - debug3("%s: waiting for MONITOR_ANS_PWNAM", __func__); + debug3_f("waiting for MONITOR_ANS_PWNAM"); mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PWNAM, m); if ((r = sshbuf_get_u8(m, &ok)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse success"); if (ok == 0) { pw = NULL; goto out; @@ -277,9 +276,9 @@ mm_getpwnamallow(struct ssh *ssh, const char *username) /* XXX don't like passing struct passwd like this */ pw = xcalloc(sizeof(*pw), 1); if ((r = sshbuf_get_string_direct(m, &p, &len)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse"); if (len != sizeof(*pw)) - fatal("%s: struct passwd size mismatch", __func__); + fatal_f("struct passwd size mismatch"); memcpy(pw, p, sizeof(*pw)); if ((r = sshbuf_get_cstring(m, &pw->pw_name, NULL)) != 0 || @@ -288,24 +287,21 @@ mm_getpwnamallow(struct ssh *ssh, const char *username) (r = sshbuf_get_cstring(m, &pw->pw_class, NULL)) != 0 || (r = sshbuf_get_cstring(m, &pw->pw_dir, NULL)) != 0 || (r = sshbuf_get_cstring(m, &pw->pw_shell, NULL)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse pw"); out: /* copy options block as a Match directive may have changed some */ if ((r = sshbuf_get_string_direct(m, &p, &len)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse opts"); if (len != sizeof(*newopts)) - fatal("%s: option block size mismatch", __func__); + fatal_f("option block size mismatch"); newopts = xcalloc(sizeof(*newopts), 1); memcpy(newopts, p, sizeof(*newopts)); #define M_CP_STROPT(x) do { \ - if (newopts->x != NULL) { \ - if ((r = sshbuf_get_cstring(m, \ - &newopts->x, NULL)) != 0) \ - fatal("%s: buffer error: %s", \ - __func__, ssh_err(r)); \ - } \ + if (newopts->x != NULL && \ + (r = sshbuf_get_cstring(m, &newopts->x, NULL)) != 0) \ + fatal_fr(r, "parse %s", #x); \ } while (0) #define M_CP_STRARRAYOPT(x, nx) do { \ newopts->x = newopts->nx == 0 ? \ @@ -313,8 +309,7 @@ out: for (i = 0; i < newopts->nx; i++) { \ if ((r = sshbuf_get_cstring(m, \ &newopts->x[i], NULL)) != 0) \ - fatal("%s: buffer error: %s", \ - __func__, ssh_err(r)); \ + fatal_fr(r, "parse %s", #x); \ } \ } while (0) /* See comment in servconf.h */ @@ -342,17 +337,17 @@ mm_auth2_read_banner(void) char *banner; int r; - debug3("%s entering", __func__); + debug3_f("entering"); if ((m = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTH2_READ_BANNER, m); sshbuf_reset(m); mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUTH2_READ_BANNER, m); if ((r = sshbuf_get_cstring(m, &banner, NULL)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse"); sshbuf_free(m); /* treat empty banner as missing banner */ @@ -371,13 +366,13 @@ mm_inform_authserv(char *service, char *style) struct sshbuf *m; int r; - debug3("%s entering", __func__); + debug3_f("entering"); if ((m = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); if ((r = sshbuf_put_cstring(m, service)) != 0 || (r = sshbuf_put_cstring(m, style ? style : "")) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "assemble"); mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHSERV, m); @@ -391,25 +386,24 @@ mm_auth_password(struct ssh *ssh, char *password) struct sshbuf *m; int r, authenticated = 0; - debug3("%s entering", __func__); + debug3_f("entering"); if ((m = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); if ((r = sshbuf_put_cstring(m, password)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "assemble"); mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHPASSWORD, m); - debug3("%s: waiting for MONITOR_ANS_AUTHPASSWORD", __func__); + debug3_f("waiting for MONITOR_ANS_AUTHPASSWORD"); mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUTHPASSWORD, m); if ((r = sshbuf_get_u32(m, &authenticated)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse"); sshbuf_free(m); - debug3("%s: user %sauthenticated", - __func__, authenticated ? "" : "not "); + debug3_f("user %sauthenticated", authenticated ? "" : "not "); return (authenticated); } @@ -436,33 +430,31 @@ mm_key_allowed(enum mm_keytype type, const char *user, const char *host, int r, allowed = 0; struct sshauthopt *opts = NULL; - debug3("%s entering", __func__); + debug3_f("entering"); if (authoptp != NULL) *authoptp = NULL; if ((m = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); if ((r = sshbuf_put_u32(m, type)) != 0 || (r = sshbuf_put_cstring(m, user ? user : "")) != 0 || (r = sshbuf_put_cstring(m, host ? host : "")) != 0 || (r = sshkey_puts(key, m)) != 0 || (r = sshbuf_put_u32(m, pubkey_auth_attempt)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "assemble"); mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYALLOWED, m); - debug3("%s: waiting for MONITOR_ANS_KEYALLOWED", __func__); + debug3_f("waiting for MONITOR_ANS_KEYALLOWED"); mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_KEYALLOWED, m); if ((r = sshbuf_get_u32(m, &allowed)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); - if (allowed && type == MM_USERKEY) { - if ((r = sshauthopt_deserialise(m, &opts)) != 0) - fatal("%s: sshauthopt_deserialise: %s", - __func__, ssh_err(r)); - } + fatal_fr(r, "parse"); + if (allowed && type == MM_USERKEY && + (r = sshauthopt_deserialise(m, &opts)) != 0) + fatal_fr(r, "sshauthopt_deserialise"); sshbuf_free(m); if (authoptp != NULL) { @@ -491,31 +483,31 @@ mm_sshkey_verify(const struct sshkey *key, const u_char *sig, size_t siglen, u_char sig_details_present, flags; u_int counter; - debug3("%s entering", __func__); + debug3_f("entering"); if (sig_detailsp != NULL) *sig_detailsp = NULL; if ((m = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); if ((r = sshkey_puts(key, m)) != 0 || (r = sshbuf_put_string(m, sig, siglen)) != 0 || (r = sshbuf_put_string(m, data, datalen)) != 0 || (r = sshbuf_put_cstring(m, sigalg == NULL ? "" : sigalg)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "assemble"); mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYVERIFY, m); - debug3("%s: waiting for MONITOR_ANS_KEYVERIFY", __func__); + debug3_f("waiting for MONITOR_ANS_KEYVERIFY"); mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_KEYVERIFY, m); if ((r = sshbuf_get_u32(m, &encoded_ret)) != 0 || (r = sshbuf_get_u8(m, &sig_details_present)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse"); if (sig_details_present && encoded_ret == 0) { if ((r = sshbuf_get_u32(m, &counter)) != 0 || (r = sshbuf_get_u8(m, &flags)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse sig_details"); if (sig_detailsp != NULL) { *sig_detailsp = xcalloc(1, sizeof(**sig_detailsp)); (*sig_detailsp)->sk_counter = counter; @@ -537,12 +529,11 @@ mm_send_keystate(struct ssh *ssh, struct monitor *monitor) int r; if ((m = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); if ((r = ssh_packet_get_state(ssh, m)) != 0) - fatal("%s: get_state failed: %s", - __func__, ssh_err(r)); + fatal_fr(r, "ssh_packet_get_state"); mm_request_send(monitor->m_recvfd, MONITOR_REQ_KEYEXPORT, m); - debug3("%s: Finished sending state", __func__); + debug3_f("Finished sending state"); sshbuf_free(m); } @@ -556,7 +547,7 @@ mm_pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, size_t namebuflen) /* Kludge: ensure there are fds free to receive the pty/tty */ if ((tmp1 = dup(pmonitor->m_recvfd)) == -1 || (tmp2 = dup(pmonitor->m_recvfd)) == -1) { - error("%s: cannot allocate fds for pty", __func__); + error_f("cannot allocate fds for pty"); if (tmp1 > 0) close(tmp1); if (tmp2 > 0) @@ -567,34 +558,34 @@ mm_pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, size_t namebuflen) close(tmp2); if ((m = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PTY, m); - debug3("%s: waiting for MONITOR_ANS_PTY", __func__); + debug3_f("waiting for MONITOR_ANS_PTY"); mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PTY, m); if ((r = sshbuf_get_u32(m, &success)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse success"); if (success == 0) { - debug3("%s: pty alloc failed", __func__); + debug3_f("pty alloc failed"); sshbuf_free(m); return (0); } if ((r = sshbuf_get_cstring(m, &p, NULL)) != 0 || (r = sshbuf_get_cstring(m, &msg, NULL)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse"); sshbuf_free(m); strlcpy(namebuf, p, namebuflen); /* Possible truncation */ free(p); if ((r = sshbuf_put(loginmsg, msg, strlen(msg))) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "put loginmsg"); free(msg); if ((*ptyfd = mm_receive_fd(pmonitor->m_recvfd)) == -1 || (*ttyfd = mm_receive_fd(pmonitor->m_recvfd)) == -1) - fatal("%s: receive fds failed", __func__); + fatal_f("receive fds failed"); /* Success */ return (1); @@ -609,9 +600,9 @@ mm_session_pty_cleanup2(Session *s) if (s->ttyfd == -1) return; if ((m = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); if ((r = sshbuf_put_cstring(m, s->tty)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "assmble"); mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PTYCLEANUP, m); sshbuf_free(m); @@ -632,7 +623,7 @@ mm_terminate(void) struct sshbuf *m; if ((m = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_TERM, m); sshbuf_free(m); } @@ -658,31 +649,31 @@ mm_bsdauth_query(void *ctx, char **name, char **infotxt, char *challenge; int r; - debug3("%s: entering", __func__); + debug3_f("entering"); if ((m = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_BSDAUTHQUERY, m); mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_BSDAUTHQUERY, m); if ((r = sshbuf_get_u32(m, &success)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse success"); if (success == 0) { - debug3("%s: no challenge", __func__); + debug3_f("no challenge"); sshbuf_free(m); return (-1); } /* Get the challenge, and format the response */ if ((r = sshbuf_get_cstring(m, &challenge, NULL)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse challenge"); sshbuf_free(m); mm_chall_setup(name, infotxt, numprompts, prompts, echo_on); (*prompts)[0] = challenge; - debug3("%s: received challenge: %s", __func__, challenge); + debug3_f("received challenge: %s", challenge); return (0); } @@ -693,21 +684,21 @@ mm_bsdauth_respond(void *ctx, u_int numresponses, char **responses) struct sshbuf *m; int r, authok; - debug3("%s: entering", __func__); + debug3_f("entering"); if (numresponses != 1) return (-1); if ((m = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); if ((r = sshbuf_put_cstring(m, responses[0])) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "assemble"); mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_BSDAUTHRESPOND, m); mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_BSDAUTHRESPOND, m); if ((r = sshbuf_get_u32(m, &authok)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse"); sshbuf_free(m); return ((authok == 0) ? -1 : 0); @@ -725,15 +716,15 @@ mm_ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID goid) *ctx = NULL; if ((m = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); if ((r = sshbuf_put_string(m, goid->elements, goid->length)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "assemble"); mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSETUP, m); mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSETUP, m); if ((r = sshbuf_get_u32(m, &major)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse"); sshbuf_free(m); return (major); @@ -749,19 +740,19 @@ mm_ssh_gssapi_accept_ctx(Gssctxt *ctx, gss_buffer_desc *in, int r; if ((m = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); if ((r = sshbuf_put_string(m, in->value, in->length)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "assemble"); mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSTEP, m); mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSTEP, m); if ((r = sshbuf_get_u32(m, &major)) != 0 || (r = ssh_gssapi_get_buffer_desc(m, out)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse"); if (flagsp != NULL) { if ((r = sshbuf_get_u32(m, &flags)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse flags"); *flagsp = flags; } @@ -778,17 +769,17 @@ mm_ssh_gssapi_checkmic(Gssctxt *ctx, gss_buffer_t gssbuf, gss_buffer_t gssmic) int r; if ((m = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); if ((r = sshbuf_put_string(m, gssbuf->value, gssbuf->length)) != 0 || (r = sshbuf_put_string(m, gssmic->value, gssmic->length)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "assemble"); mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSCHECKMIC, m); mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSCHECKMIC, m); if ((r = sshbuf_get_u32(m, &major)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse"); sshbuf_free(m); return(major); } @@ -800,17 +791,17 @@ mm_ssh_gssapi_userok(char *user) int r, authenticated = 0; if ((m = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSUSEROK, m); mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSUSEROK, m); if ((r = sshbuf_get_u32(m, &authenticated)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse"); sshbuf_free(m); - debug3("%s: user %sauthenticated",__func__, authenticated ? "" : "not "); + debug3_f("user %sauthenticated", authenticated ? "" : "not "); return (authenticated); } #endif /* GSSAPI */ diff --git a/usr.bin/ssh/msg.c b/usr.bin/ssh/msg.c index 144b0da1b1f..907f233d28e 100644 --- a/usr.bin/ssh/msg.c +++ b/usr.bin/ssh/msg.c @@ -1,4 +1,4 @@ -/* $OpenBSD: msg.c,v 1.19 2020/06/24 15:08:53 markus Exp $ */ +/* $OpenBSD: msg.c,v 1.20 2020/10/18 11:32:01 djm Exp $ */ /* * Copyright (c) 2002 Markus Friedl. All rights reserved. * @@ -45,16 +45,16 @@ ssh_msg_send(int fd, u_char type, struct sshbuf *m) u_char buf[5]; u_int mlen = sshbuf_len(m); - debug3("%s: type %u", __func__, (unsigned int)type & 0xff); + debug3_f("type %u", (unsigned int)type & 0xff); put_u32(buf, mlen + 1); buf[4] = type; /* 1st byte of payload is mesg-type */ if (atomicio(vwrite, fd, buf, sizeof(buf)) != sizeof(buf)) { - error("%s: write: %s", __func__, strerror(errno)); + error_f("write: %s", strerror(errno)); return (-1); } if (atomicio(vwrite, fd, sshbuf_mutable_ptr(m), mlen) != mlen) { - error("%s: write: %s", __func__, strerror(errno)); + error_f("write: %s", strerror(errno)); return (-1); } return (0); @@ -71,21 +71,21 @@ ssh_msg_recv(int fd, struct sshbuf *m) if (atomicio(read, fd, buf, sizeof(buf)) != sizeof(buf)) { if (errno != EPIPE) - error("%s: read header: %s", __func__, strerror(errno)); + error_f("read header: %s", strerror(errno)); return (-1); } msg_len = get_u32(buf); if (msg_len > sshbuf_max_size(m)) { - error("%s: read: bad msg_len %u", __func__, msg_len); + error_f("read: bad msg_len %u", msg_len); return (-1); } sshbuf_reset(m); if ((r = sshbuf_reserve(m, msg_len, &p)) != 0) { - error("%s: buffer error: %s", __func__, ssh_err(r)); + error_fr(r, "reserve"); return -1; } if (atomicio(read, fd, p, msg_len) != msg_len) { - error("%s: read: %s", __func__, strerror(errno)); + error_f("read: %s", strerror(errno)); return (-1); } return (0); diff --git a/usr.bin/ssh/mux.c b/usr.bin/ssh/mux.c index eee83d0e552..90325772ec5 100644 --- a/usr.bin/ssh/mux.c +++ b/usr.bin/ssh/mux.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mux.c,v 1.84 2020/10/03 09:22:26 djm Exp $ */ +/* $OpenBSD: mux.c,v 1.85 2020/10/18 11:32:01 djm Exp $ */ /* * Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org> * @@ -181,13 +181,13 @@ mux_master_session_cleanup_cb(struct ssh *ssh, int cid, void *unused) { Channel *cc, *c = channel_by_id(ssh, cid); - debug3("%s: entering for channel %d", __func__, cid); + debug3_f("entering for channel %d", cid); if (c == NULL) - fatal("%s: channel_by_id(%i) == NULL", __func__, cid); + fatal_f("channel_by_id(%i) == NULL", cid); if (c->ctl_chan != -1) { if ((cc = channel_by_id(ssh, c->ctl_chan)) == NULL) - fatal("%s: channel %d missing control channel %d", - __func__, c->self, c->ctl_chan); + fatal_f("channel %d missing control channel %d", + c->self, c->ctl_chan); c->ctl_chan = -1; cc->remote_id = 0; cc->have_remote_id = 0; @@ -203,19 +203,19 @@ mux_master_control_cleanup_cb(struct ssh *ssh, int cid, void *unused) { Channel *sc, *c = channel_by_id(ssh, cid); - debug3("%s: entering for channel %d", __func__, cid); + debug3_f("entering for channel %d", cid); if (c == NULL) - fatal("%s: channel_by_id(%i) == NULL", __func__, cid); + fatal_f("channel_by_id(%i) == NULL", cid); if (c->have_remote_id) { if ((sc = channel_by_id(ssh, c->remote_id)) == NULL) - fatal("%s: channel %d missing session channel %u", - __func__, c->self, c->remote_id); + fatal_f("channel %d missing session channel %u", + c->self, c->remote_id); c->remote_id = 0; c->have_remote_id = 0; sc->ctl_chan = -1; if (sc->type != SSH_CHANNEL_OPEN && sc->type != SSH_CHANNEL_OPENING) { - debug2("%s: channel %d: not open", __func__, sc->self); + debug2_f("channel %d: not open", sc->self); chan_mark_dead(ssh, sc); } else { if (sc->istate == CHAN_INPUT_OPEN) @@ -238,7 +238,7 @@ env_permitted(char *env) return 0; ret = snprintf(name, sizeof(name), "%.*s", (int)(cp - env), env); if (ret <= 0 || (size_t)ret >= sizeof(name)) { - error("%s: name '%.100s...' too long", __func__, env); + error_f("name '%.100s...' too long", env); return 0; } @@ -260,21 +260,21 @@ mux_master_process_hello(struct ssh *ssh, u_int rid, int r; if (state == NULL) - fatal("%s: channel %d: c->mux_ctx == NULL", __func__, c->self); + fatal_f("channel %d: c->mux_ctx == NULL", c->self); if (state->hello_rcvd) { - error("%s: HELLO received twice", __func__); + error_f("HELLO received twice"); return -1; } if ((r = sshbuf_get_u32(m, &ver)) != 0) { - error("%s: malformed message: %s", __func__, ssh_err(r)); + error_fr(r, "parse"); return -1; } if (ver != SSHMUX_VER) { - error("%s: unsupported multiplexing protocol version %u " - "(expected %u)", __func__, ver, SSHMUX_VER); + error_f("unsupported multiplexing protocol version %u " + "(expected %u)", ver, SSHMUX_VER); return -1; } - debug2("%s: channel %d client version %u", __func__, c->self, ver); + debug2_f("channel %d client version %u", c->self, ver); /* No extensions are presently defined */ while (sshbuf_len(m) > 0) { @@ -283,12 +283,11 @@ mux_master_process_hello(struct ssh *ssh, u_int rid, if ((r = sshbuf_get_cstring(m, &name, NULL)) != 0 || (r = sshbuf_get_string_direct(m, NULL, &value_len)) != 0) { - error("%s: malformed extension: %s", - __func__, ssh_err(r)); + error_fr(r, "parse extension"); return -1; } - debug2("%s: Unrecognised extension \"%s\" length %zu", - __func__, name, value_len); + debug2_f("Unrecognised extension \"%s\" length %zu", + name, value_len); free(name); } state->hello_rcvd = 1; @@ -303,7 +302,7 @@ reply_ok(struct sshbuf *reply, u_int rid) if ((r = sshbuf_put_u32(reply, MUX_S_OK)) != 0 || (r = sshbuf_put_u32(reply, rid)) != 0) - fatal("%s: reply: %s", __func__, ssh_err(r)); + fatal_fr(r, "reply"); } /* Enqueue an error response to the reply buffer */ @@ -315,7 +314,7 @@ reply_error(struct sshbuf *reply, u_int type, u_int rid, const char *msg) if ((r = sshbuf_put_u32(reply, type)) != 0 || (r = sshbuf_put_u32(reply, rid)) != 0 || (r = sshbuf_put_cstring(reply, msg)) != 0) - fatal("%s: reply: %s", __func__, ssh_err(r)); + fatal_fr(r, "reply"); } static int @@ -350,7 +349,7 @@ mux_master_process_new_session(struct ssh *ssh, u_int rid, free(cctx->env); free(cctx->term); free(cctx); - error("%s: malformed message", __func__); + error_f("malformed message"); return -1; } @@ -367,29 +366,28 @@ mux_master_process_new_session(struct ssh *ssh, u_int rid, cctx->env[env_len++] = cp; cctx->env[env_len] = NULL; if (env_len > MUX_MAX_ENV_VARS) { - error("%s: >%d environment variables received, " - "ignoring additional", __func__, MUX_MAX_ENV_VARS); + error_f(">%d environment variables received, " + "ignoring additional", MUX_MAX_ENV_VARS); break; } } - debug2("%s: channel %d: request tty %d, X %d, agent %d, subsys %d, " - "term \"%s\", cmd \"%s\", env %u", __func__, c->self, + debug2_f("channel %d: request tty %d, X %d, agent %d, subsys %d, " + "term \"%s\", cmd \"%s\", env %u", c->self, cctx->want_tty, cctx->want_x_fwd, cctx->want_agent_fwd, cctx->want_subsys, cctx->term, cmd, env_len); if ((cctx->cmd = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new", __func__); + fatal_f("sshbuf_new"); if ((r = sshbuf_put(cctx->cmd, cmd, strlen(cmd))) != 0) - fatal("%s: sshbuf_put: %s", __func__, ssh_err(r)); + fatal_fr(r, "sshbuf_put"); free(cmd); cmd = NULL; /* Gather fds from client */ for(i = 0; i < 3; i++) { if ((new_fd[i] = mm_receive_fd(c->sock)) == -1) { - error("%s: failed to receive fd %d from client", - __func__, i); + error_f("failed to receive fd %d from client", i); for (j = 0; j < i; j++) close(new_fd[j]); for (j = 0; j < env_len; j++) @@ -404,12 +402,12 @@ mux_master_process_new_session(struct ssh *ssh, u_int rid, } } - debug3("%s: got fds stdin %d, stdout %d, stderr %d", __func__, + debug3_f("got fds stdin %d, stdout %d, stderr %d", new_fd[0], new_fd[1], new_fd[2]); /* XXX support multiple child sessions in future */ if (c->have_remote_id) { - debug2("%s: session already open", __func__); + debug2_f("session already open"); reply_error(reply, MUX_S_FAILURE, rid, "Multiple sessions not supported"); cleanup: @@ -430,7 +428,7 @@ mux_master_process_new_session(struct ssh *ssh, u_int rid, if (options.control_master == SSHCTL_MASTER_ASK || options.control_master == SSHCTL_MASTER_AUTO_ASK) { if (!ask_permission("Allow shared connection to %s? ", host)) { - debug2("%s: session refused by user", __func__); + debug2_f("session refused by user"); reply_error(reply, MUX_S_PERMISSION_DENIED, rid, "Permission denied"); goto cleanup; @@ -439,7 +437,7 @@ mux_master_process_new_session(struct ssh *ssh, u_int rid, /* Try to pick up ttymodes from client before it goes raw */ if (cctx->want_tty && tcgetattr(new_fd[0], &cctx->tio) == -1) - error("%s: tcgetattr: %s", __func__, strerror(errno)); + error_f("tcgetattr: %s", strerror(errno)); /* enable nonblocking unless tty */ if (!isatty(new_fd[0])) @@ -471,8 +469,8 @@ mux_master_process_new_session(struct ssh *ssh, u_int rid, client_new_escape_filter_ctx((int)escape_char)); } - debug2("%s: channel_new: %d linked to control channel %d", - __func__, nc->self, nc->ctl_chan); + debug2_f("channel_new: %d linked to control channel %d", + nc->self, nc->ctl_chan); channel_send_open(ssh, nc->self); channel_register_open_confirm(ssh, nc->self, mux_session_confirm, cctx); @@ -490,13 +488,13 @@ mux_master_process_alive_check(struct ssh *ssh, u_int rid, { int r; - debug2("%s: channel %d: alive check", __func__, c->self); + debug2_f("channel %d: alive check", c->self); /* prepare reply */ if ((r = sshbuf_put_u32(reply, MUX_S_ALIVE)) != 0 || (r = sshbuf_put_u32(reply, rid)) != 0 || (r = sshbuf_put_u32(reply, (u_int)getpid())) != 0) - fatal("%s: reply: %s", __func__, ssh_err(r)); + fatal_fr(r, "reply"); return 0; } @@ -505,13 +503,13 @@ static int mux_master_process_terminate(struct ssh *ssh, u_int rid, Channel *c, struct sshbuf *m, struct sshbuf *reply) { - debug2("%s: channel %d: terminate request", __func__, c->self); + debug2_f("channel %d: terminate request", c->self); if (options.control_master == SSHCTL_MASTER_ASK || options.control_master == SSHCTL_MASTER_AUTO_ASK) { if (!ask_permission("Terminate shared connection to %s? ", host)) { - debug2("%s: termination refused by user", __func__); + debug2_f("termination refused by user"); reply_error(reply, MUX_S_PERMISSION_DENIED, rid, "Permission denied"); return 0; @@ -555,7 +553,7 @@ format_forward(u_int ftype, struct Forward *fwd) fwd->connect_host, fwd->connect_port); break; default: - fatal("%s: unknown forward type %u", __func__, ftype); + fatal_f("unknown forward type %u", ftype); } return ret; } @@ -602,11 +600,11 @@ mux_confirm_remote_forward(struct ssh *ssh, int type, u_int32_t seq, void *ctxt) if ((c = channel_by_id(ssh, fctx->cid)) == NULL) { /* no channel for reply */ - error("%s: unknown channel", __func__); + error_f("unknown channel"); return; } if ((out = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new", __func__); + fatal_f("sshbuf_new"); if (fctx->fid >= options.num_remote_forwards || (options.remote_forwards[fctx->fid].connect_path == NULL && options.remote_forwards[fctx->fid].connect_host == NULL)) { @@ -614,15 +612,14 @@ mux_confirm_remote_forward(struct ssh *ssh, int type, u_int32_t seq, void *ctxt) goto fail; } rfwd = &options.remote_forwards[fctx->fid]; - debug("%s: %s for: listen %d, connect %s:%d", __func__, + debug_f("%s for: listen %d, connect %s:%d", type == SSH2_MSG_REQUEST_SUCCESS ? "success" : "failure", rfwd->listen_port, rfwd->connect_path ? rfwd->connect_path : rfwd->connect_host, rfwd->connect_port); if (type == SSH2_MSG_REQUEST_SUCCESS) { if (rfwd->listen_port == 0) { if ((r = sshpkt_get_u32(ssh, &port)) != 0) - fatal("%s: packet error: %s", - __func__, ssh_err(r)); + fatal_fr(r, "parse port"); if (port > 65535) { fatal("Invalid allocated port %u for " "mux remote forward to %s:%d", port, @@ -637,7 +634,7 @@ mux_confirm_remote_forward(struct ssh *ssh, int type, u_int32_t seq, void *ctxt) (r = sshbuf_put_u32(out, fctx->rid)) != 0 || (r = sshbuf_put_u32(out, rfwd->allocated_port)) != 0) - fatal("%s: reply: %s", __func__, ssh_err(r)); + fatal_fr(r, "reply"); channel_update_permission(ssh, rfwd->handle, rfwd->allocated_port); } else { @@ -654,8 +651,8 @@ mux_confirm_remote_forward(struct ssh *ssh, int type, u_int32_t seq, void *ctxt) xasprintf(&failmsg, "remote port forwarding failed for " "listen port %d", rfwd->listen_port); - debug2("%s: clearing registered forwarding for listen %d, " - "connect %s:%d", __func__, rfwd->listen_port, + debug2_f("clearing registered forwarding for listen %d, " + "connect %s:%d", rfwd->listen_port, rfwd->connect_path ? rfwd->connect_path : rfwd->connect_host, rfwd->connect_port); @@ -666,15 +663,15 @@ mux_confirm_remote_forward(struct ssh *ssh, int type, u_int32_t seq, void *ctxt) memset(rfwd, 0, sizeof(*rfwd)); } fail: - error("%s: %s", __func__, failmsg); + error_f("%s", failmsg); reply_error(out, MUX_S_FAILURE, fctx->rid, failmsg); free(failmsg); out: if ((r = sshbuf_put_stringb(c->output, out)) != 0) - fatal("%s: sshbuf_put_stringb: %s", __func__, ssh_err(r)); + fatal_fr(r, "enqueue"); sshbuf_free(out); if (c->mux_pause <= 0) - fatal("%s: mux_pause %d", __func__, c->mux_pause); + fatal_f("mux_pause %d", c->mux_pause); c->mux_pause = 0; /* start processing messages again */ } @@ -699,7 +696,7 @@ mux_master_process_open_fwd(struct ssh *ssh, u_int rid, (r = sshbuf_get_u32(m, &cport)) != 0 || (lport != (u_int)PORT_STREAMLOCAL && lport > 65535) || (cport != (u_int)PORT_STREAMLOCAL && cport > 65535)) { - error("%s: malformed message", __func__); + error_f("malformed message"); ret = -1; goto out; } @@ -724,12 +721,12 @@ mux_master_process_open_fwd(struct ssh *ssh, u_int rid, else fwd.connect_host = connect_addr; - debug2("%s: channel %d: request %s", __func__, c->self, + debug2_f("channel %d: request %s", c->self, (fwd_desc = format_forward(ftype, &fwd))); if (ftype != MUX_FWD_LOCAL && ftype != MUX_FWD_REMOTE && ftype != MUX_FWD_DYNAMIC) { - logit("%s: invalid forwarding type %u", __func__, ftype); + logit_f("invalid forwarding type %u", ftype); invalid: free(listen_addr); free(connect_addr); @@ -738,26 +735,25 @@ mux_master_process_open_fwd(struct ssh *ssh, u_int rid, return 0; } if (ftype == MUX_FWD_DYNAMIC && fwd.listen_path) { - logit("%s: streamlocal and dynamic forwards " - "are mutually exclusive", __func__); + logit_f("streamlocal and dynamic forwards " + "are mutually exclusive"); goto invalid; } if (fwd.listen_port != PORT_STREAMLOCAL && fwd.listen_port >= 65536) { - logit("%s: invalid listen port %u", __func__, - fwd.listen_port); + logit_f("invalid listen port %u", fwd.listen_port); goto invalid; } if ((fwd.connect_port != PORT_STREAMLOCAL && fwd.connect_port >= 65536) || (ftype != MUX_FWD_DYNAMIC && ftype != MUX_FWD_REMOTE && fwd.connect_port == 0)) { - logit("%s: invalid connect port %u", __func__, + logit_f("invalid connect port %u", fwd.connect_port); goto invalid; } if (ftype != MUX_FWD_DYNAMIC && fwd.connect_host == NULL && fwd.connect_path == NULL) { - logit("%s: missing connect host", __func__); + logit_f("missing connect host"); goto invalid; } @@ -769,8 +765,7 @@ mux_master_process_open_fwd(struct ssh *ssh, u_int rid, if (compare_forward(&fwd, options.local_forwards + i)) { exists: - debug2("%s: found existing forwarding", - __func__); + debug2_f("found existing forwarding"); reply_ok(reply, rid); goto out; } @@ -782,13 +777,13 @@ mux_master_process_open_fwd(struct ssh *ssh, u_int rid, continue; if (fwd.listen_port != 0) goto exists; - debug2("%s: found allocated port", __func__); + debug2_f("found allocated port"); if ((r = sshbuf_put_u32(reply, MUX_S_REMOTE_PORT)) != 0 || (r = sshbuf_put_u32(reply, rid)) != 0 || (r = sshbuf_put_u32(reply, options.remote_forwards[i].allocated_port)) != 0) - fatal("%s: reply: %s", __func__, ssh_err(r)); + fatal_fr(r, "reply FWD_REMOTE"); goto out; } break; @@ -797,7 +792,7 @@ mux_master_process_open_fwd(struct ssh *ssh, u_int rid, if (options.control_master == SSHCTL_MASTER_ASK || options.control_master == SSHCTL_MASTER_AUTO_ASK) { if (!ask_permission("Open %s on %s?", fwd_desc, host)) { - debug2("%s: forwarding refused by user", __func__); + debug2_f("forwarding refused by user"); reply_error(reply, MUX_S_PERMISSION_DENIED, rid, "Permission denied"); goto out; @@ -808,7 +803,7 @@ mux_master_process_open_fwd(struct ssh *ssh, u_int rid, if (!channel_setup_local_fwd_listener(ssh, &fwd, &options.fwd_opts)) { fail: - logit("%s: requested %s failed", __func__, fwd_desc); + logit_f("requested %s failed", fwd_desc); reply_error(reply, MUX_S_FAILURE, rid, "Port forwarding failed"); goto out; @@ -866,7 +861,7 @@ mux_master_process_close_fwd(struct ssh *ssh, u_int rid, (r = sshbuf_get_u32(m, &cport)) != 0 || (lport != (u_int)PORT_STREAMLOCAL && lport > 65535) || (cport != (u_int)PORT_STREAMLOCAL && cport > 65535)) { - error("%s: malformed message", __func__); + error_f("malformed message"); ret = -1; goto out; } @@ -892,7 +887,7 @@ mux_master_process_close_fwd(struct ssh *ssh, u_int rid, else fwd.connect_host = connect_addr; - debug2("%s: channel %d: request cancel %s", __func__, c->self, + debug2_f("channel %d: request cancel %s", c->self, (fwd_desc = format_forward(ftype, &fwd))); /* make sure this has been requested */ @@ -971,18 +966,16 @@ mux_master_process_stdio_fwd(struct ssh *ssh, u_int rid, (r = sshbuf_get_cstring(m, &chost, NULL)) != 0 || (r = sshbuf_get_u32(m, &cport)) != 0) { free(chost); - error("%s: malformed message", __func__); + error_f("malformed message"); return -1; } - debug2("%s: channel %d: request stdio fwd to %s:%u", - __func__, c->self, chost, cport); + debug2_f("channel %d: stdio fwd to %s:%u", c->self, chost, cport); /* Gather fds from client */ for(i = 0; i < 2; i++) { if ((new_fd[i] = mm_receive_fd(c->sock)) == -1) { - error("%s: failed to receive fd %d from client", - __func__, i); + error_f("failed to receive fd %d from client", i); for (j = 0; j < i; j++) close(new_fd[j]); free(chost); @@ -994,12 +987,11 @@ mux_master_process_stdio_fwd(struct ssh *ssh, u_int rid, } } - debug3("%s: got fds stdin %d, stdout %d", __func__, - new_fd[0], new_fd[1]); + debug3_f("got fds stdin %d, stdout %d", new_fd[0], new_fd[1]); /* XXX support multiple child sessions in future */ if (c->have_remote_id) { - debug2("%s: session already open", __func__); + debug2_f("session already open"); reply_error(reply, MUX_S_FAILURE, rid, "Multiple sessions not supported"); cleanup: @@ -1013,7 +1005,7 @@ mux_master_process_stdio_fwd(struct ssh *ssh, u_int rid, options.control_master == SSHCTL_MASTER_AUTO_ASK) { if (!ask_permission("Allow forward to %s:%u? ", chost, cport)) { - debug2("%s: stdio fwd refused by user", __func__); + debug2_f("stdio fwd refused by user"); reply_error(reply, MUX_S_PERMISSION_DENIED, rid, "Permission denied"); goto cleanup; @@ -1033,8 +1025,7 @@ mux_master_process_stdio_fwd(struct ssh *ssh, u_int rid, c->remote_id = nc->self; /* link control -> session channel */ c->have_remote_id = 1; - debug2("%s: channel_new: %d linked to control channel %d", - __func__, nc->self, nc->ctl_chan); + debug2_f("channel_new: %d control %d", nc->self, nc->ctl_chan); channel_register_cleanup(ssh, nc->self, mux_master_session_cleanup_cb, 1); @@ -1058,38 +1049,38 @@ mux_stdio_confirm(struct ssh *ssh, int id, int success, void *arg) int r; if (cctx == NULL) - fatal("%s: cctx == NULL", __func__); + fatal_f("cctx == NULL"); if ((c = channel_by_id(ssh, id)) == NULL) - fatal("%s: no channel for id %d", __func__, id); + fatal_f("no channel for id %d", id); if ((cc = channel_by_id(ssh, c->ctl_chan)) == NULL) - fatal("%s: channel %d lacks control channel %d", __func__, + fatal_f("channel %d lacks control channel %d", id, c->ctl_chan); if ((reply = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new", __func__); + fatal_f("sshbuf_new"); if (!success) { - debug3("%s: sending failure reply", __func__); + debug3_f("sending failure reply"); reply_error(reply, MUX_S_FAILURE, cctx->rid, "Session open refused by peer"); /* prepare reply */ goto done; } - debug3("%s: sending success reply", __func__); + debug3_f("sending success reply"); /* prepare reply */ if ((r = sshbuf_put_u32(reply, MUX_S_SESSION_OPENED)) != 0 || (r = sshbuf_put_u32(reply, cctx->rid)) != 0 || (r = sshbuf_put_u32(reply, c->self)) != 0) - fatal("%s: reply: %s", __func__, ssh_err(r)); + fatal_fr(r, "reply"); done: /* Send reply */ if ((r = sshbuf_put_stringb(cc->output, reply)) != 0) - fatal("%s: sshbuf_put_stringb: %s", __func__, ssh_err(r)); + fatal_fr(r, "enqueue"); sshbuf_free(reply); if (cc->mux_pause <= 0) - fatal("%s: mux_pause %d", __func__, cc->mux_pause); + fatal_f("mux_pause %d", cc->mux_pause); cc->mux_pause = 0; /* start processing messages again */ c->open_confirm_ctx = NULL; free(cctx); @@ -1099,13 +1090,13 @@ static int mux_master_process_stop_listening(struct ssh *ssh, u_int rid, Channel *c, struct sshbuf *m, struct sshbuf *reply) { - debug("%s: channel %d: stop listening", __func__, c->self); + debug_f("channel %d: stop listening", c->self); if (options.control_master == SSHCTL_MASTER_ASK || options.control_master == SSHCTL_MASTER_AUTO_ASK) { if (!ask_permission("Disable further multiplexing on shared " "connection to %s? ", host)) { - debug2("%s: stop listen refused by user", __func__); + debug2_f("stop listen refused by user"); reply_error(reply, MUX_S_PERMISSION_DENIED, rid, "Permission denied"); return 0; @@ -1131,12 +1122,12 @@ mux_master_process_proxy(struct ssh *ssh, u_int rid, { int r; - debug("%s: channel %d: proxy request", __func__, c->self); + debug_f("channel %d: proxy request", c->self); c->mux_rcb = channel_proxy_downstream; if ((r = sshbuf_put_u32(reply, MUX_S_PROXY)) != 0 || (r = sshbuf_put_u32(reply, rid)) != 0) - fatal("%s: reply: %s", __func__, ssh_err(r)); + fatal_fr(r, "reply"); return 0; } @@ -1151,7 +1142,7 @@ mux_master_read_cb(struct ssh *ssh, Channel *c) int r, ret = -1; if ((out = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new", __func__); + fatal_f("sshbuf_new"); /* Setup ctx and */ if (c->mux_ctx == NULL) { @@ -1163,12 +1154,11 @@ mux_master_read_cb(struct ssh *ssh, Channel *c) /* Send hello */ if ((r = sshbuf_put_u32(out, MUX_MSG_HELLO)) != 0 || (r = sshbuf_put_u32(out, SSHMUX_VER)) != 0) - fatal("%s: reply: %s", __func__, ssh_err(r)); + fatal_fr(r, "reply"); /* no extensions */ if ((r = sshbuf_put_stringb(c->output, out)) != 0) - fatal("%s: sshbuf_put_stringb: %s", - __func__, ssh_err(r)); - debug3("%s: channel %d: hello sent", __func__, c->self); + fatal_fr(r, "enqueue"); + debug3_f("channel %d: hello sent", c->self); ret = 0; goto out; } @@ -1176,21 +1166,21 @@ mux_master_read_cb(struct ssh *ssh, Channel *c) /* Channel code ensures that we receive whole packets */ if ((r = sshbuf_froms(c->input, &in)) != 0) { malf: - error("%s: malformed message", __func__); + error_f("malformed message"); goto out; } if ((r = sshbuf_get_u32(in, &type)) != 0) goto malf; - debug3("%s: channel %d packet type 0x%08x len %zu", - __func__, c->self, type, sshbuf_len(in)); + debug3_f("channel %d packet type 0x%08x len %zu", c->self, + type, sshbuf_len(in)); if (type == MUX_MSG_HELLO) rid = 0; else { if (!state->hello_rcvd) { - error("%s: expected MUX_MSG_HELLO(0x%08x), " - "received 0x%08x", __func__, MUX_MSG_HELLO, type); + error_f("expected MUX_MSG_HELLO(0x%08x), " + "received 0x%08x", MUX_MSG_HELLO, type); goto out; } if ((r = sshbuf_get_u32(in, &rid)) != 0) @@ -1205,16 +1195,14 @@ mux_master_read_cb(struct ssh *ssh, Channel *c) } } if (mux_master_handlers[i].handler == NULL) { - error("%s: unsupported mux message 0x%08x", __func__, type); + error_f("unsupported mux message 0x%08x", type); reply_error(out, MUX_S_FAILURE, rid, "unsupported request"); ret = 0; } /* Enqueue reply packet */ - if (sshbuf_len(out) != 0) { - if ((r = sshbuf_put_stringb(c->output, out)) != 0) - fatal("%s: sshbuf_put_stringb: %s", - __func__, ssh_err(r)); - } + if (sshbuf_len(out) != 0 && + (r = sshbuf_put_stringb(c->output, out)) != 0) + fatal_fr(r, "enqueue"); out: sshbuf_free(in); sshbuf_free(out); @@ -1228,21 +1216,19 @@ mux_exit_message(struct ssh *ssh, Channel *c, int exitval) Channel *mux_chan; int r; - debug3("%s: channel %d: exit message, exitval %d", __func__, c->self, - exitval); + debug3_f("channel %d: exit message, exitval %d", c->self, exitval); if ((mux_chan = channel_by_id(ssh, c->ctl_chan)) == NULL) - fatal("%s: channel %d missing mux channel %d", - __func__, c->self, c->ctl_chan); + fatal_f("channel %d missing mux %d", c->self, c->ctl_chan); /* Append exit message packet to control socket output queue */ if ((m = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new", __func__); + fatal_f("sshbuf_new"); if ((r = sshbuf_put_u32(m, MUX_S_EXIT_MESSAGE)) != 0 || (r = sshbuf_put_u32(m, c->self)) != 0 || (r = sshbuf_put_u32(m, exitval)) != 0 || (r = sshbuf_put_stringb(mux_chan->output, m)) != 0) - fatal("%s: reply: %s", __func__, ssh_err(r)); + fatal_fr(r, "reply"); sshbuf_free(m); } @@ -1253,19 +1239,18 @@ mux_tty_alloc_failed(struct ssh *ssh, Channel *c) Channel *mux_chan; int r; - debug3("%s: channel %d: TTY alloc failed", __func__, c->self); + debug3_f("channel %d: TTY alloc failed", c->self); if ((mux_chan = channel_by_id(ssh, c->ctl_chan)) == NULL) - fatal("%s: channel %d missing mux channel %d", - __func__, c->self, c->ctl_chan); + fatal_f("channel %d missing mux %d", c->self, c->ctl_chan); /* Append exit message packet to control socket output queue */ if ((m = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new", __func__); + fatal_f("sshbuf_new"); if ((r = sshbuf_put_u32(m, MUX_S_TTY_ALLOC_FAIL)) != 0 || (r = sshbuf_put_u32(m, c->self)) != 0 || (r = sshbuf_put_stringb(mux_chan->output, m)) != 0) - fatal("%s: reply: %s", __func__, ssh_err(r)); + fatal_fr(r, "reply"); sshbuf_free(m); } @@ -1300,7 +1285,7 @@ muxserver_listen(struct ssh *ssh) rbuf[sizeof(rbuf) - 1] = '\0'; options.control_path = NULL; xasprintf(&options.control_path, "%s.%s", orig_control_path, rbuf); - debug3("%s: temporary control path %s", __func__, options.control_path); + debug3_f("temporary control path %s", options.control_path); old_umask = umask(0177); muxserver_sock = unix_listener(options.control_path, 64, 0); @@ -1329,7 +1314,7 @@ muxserver_listen(struct ssh *ssh) /* Now atomically "move" the mux socket into position */ if (link(options.control_path, orig_control_path) != 0) { if (errno != EEXIST) { - fatal("%s: link mux listener %s => %s: %s", __func__, + fatal_f("link mux listener %s => %s: %s", options.control_path, orig_control_path, strerror(errno)); } @@ -1349,7 +1334,7 @@ muxserver_listen(struct ssh *ssh) CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, options.control_path, 1); mux_listener_channel->mux_rcb = mux_master_read_cb; - debug3("%s: mux listener channel %d fd %d", __func__, + debug3_f("mux listener channel %d fd %d", mux_listener_channel->self, mux_listener_channel->sock); } @@ -1364,17 +1349,17 @@ mux_session_confirm(struct ssh *ssh, int id, int success, void *arg) struct sshbuf *reply; if (cctx == NULL) - fatal("%s: cctx == NULL", __func__); + fatal_f("cctx == NULL"); if ((c = channel_by_id(ssh, id)) == NULL) - fatal("%s: no channel for id %d", __func__, id); + fatal_f("no channel for id %d", id); if ((cc = channel_by_id(ssh, c->ctl_chan)) == NULL) - fatal("%s: channel %d lacks control channel %d", __func__, + fatal_f("channel %d lacks control channel %d", id, c->ctl_chan); if ((reply = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new", __func__); + fatal_f("sshbuf_new"); if (!success) { - debug3("%s: sending failure reply", __func__); + debug3_f("sending failure reply"); reply_error(reply, MUX_S_FAILURE, cctx->rid, "Session open refused by peer"); goto done; @@ -1403,27 +1388,27 @@ mux_session_confirm(struct ssh *ssh, int id, int success, void *arg) debug("Requesting authentication agent forwarding."); channel_request_start(ssh, id, "auth-agent-req@openssh.com", 0); if ((r = sshpkt_send(ssh)) != 0) - fatal("%s: packet error: %s", __func__, ssh_err(r)); + fatal_fr(r, "send"); } client_session2_setup(ssh, id, cctx->want_tty, cctx->want_subsys, cctx->term, &cctx->tio, c->rfd, cctx->cmd, cctx->env); - debug3("%s: sending success reply", __func__); + debug3_f("sending success reply"); /* prepare reply */ if ((r = sshbuf_put_u32(reply, MUX_S_SESSION_OPENED)) != 0 || (r = sshbuf_put_u32(reply, cctx->rid)) != 0 || (r = sshbuf_put_u32(reply, c->self)) != 0) - fatal("%s: reply: %s", __func__, ssh_err(r)); + fatal_fr(r, "reply"); done: /* Send reply */ if ((r = sshbuf_put_stringb(cc->output, reply)) != 0) - fatal("%s: sshbuf_put_stringb: %s", __func__, ssh_err(r)); + fatal_fr(r, "enqueue"); sshbuf_free(reply); if (cc->mux_pause <= 0) - fatal("%s: mux_pause %d", __func__, cc->mux_pause); + fatal_f("mux_pause %d", cc->mux_pause); cc->mux_pause = 0; /* start processing messages again */ c->open_confirm_ctx = NULL; sshbuf_free(cctx->cmd); @@ -1472,7 +1457,7 @@ mux_client_read(int fd, struct sshbuf *b, size_t need) pfd.fd = fd; pfd.events = POLLIN; if ((r = sshbuf_reserve(b, need, &p)) != 0) - fatal("%s: reserve: %s", __func__, ssh_err(r)); + fatal_fr(r, "reserve"); for (have = 0; have < need; ) { if (muxclient_terminate) { errno = EINTR; @@ -1511,9 +1496,9 @@ mux_client_write_packet(int fd, struct sshbuf *m) pfd.fd = fd; pfd.events = POLLOUT; if ((queue = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new", __func__); + fatal_f("sshbuf_new"); if ((r = sshbuf_put_stringb(queue, m)) != 0) - fatal("%s: sshbuf_put_stringb: %s", __func__, ssh_err(r)); + fatal_fr(r, "enqueue"); need = sshbuf_len(queue); ptr = sshbuf_ptr(queue); @@ -1559,10 +1544,10 @@ mux_client_read_packet(int fd, struct sshbuf *m) int r, oerrno; if ((queue = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new", __func__); + fatal_f("sshbuf_new"); if (mux_client_read(fd, queue, 4) != 0) { if ((oerrno = errno) == EPIPE) - debug3("%s: read header failed: %s", __func__, + debug3_f("read header failed: %s", strerror(errno)); sshbuf_free(queue); errno = oerrno; @@ -1571,14 +1556,14 @@ mux_client_read_packet(int fd, struct sshbuf *m) need = PEEK_U32(sshbuf_ptr(queue)); if (mux_client_read(fd, queue, need) != 0) { oerrno = errno; - debug3("%s: read body failed: %s", __func__, strerror(errno)); + debug3_f("read body failed: %s", strerror(errno)); sshbuf_free(queue); errno = oerrno; return -1; } if ((r = sshbuf_get_string_direct(queue, &ptr, &have)) != 0 || (r = sshbuf_put(m, ptr, have)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "dequeue"); sshbuf_free(queue); return 0; } @@ -1591,14 +1576,14 @@ mux_client_hello_exchange(int fd) int r, ret = -1; if ((m = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new", __func__); + fatal_f("sshbuf_new"); if ((r = sshbuf_put_u32(m, MUX_MSG_HELLO)) != 0 || (r = sshbuf_put_u32(m, SSHMUX_VER)) != 0) - fatal("%s: hello: %s", __func__, ssh_err(r)); + fatal_fr(r, "assemble hello"); /* no extensions */ if (mux_client_write_packet(fd, m) != 0) { - debug("%s: write packet: %s", __func__, strerror(errno)); + debug_f("write packet: %s", strerror(errno)); goto out; } @@ -1606,33 +1591,31 @@ mux_client_hello_exchange(int fd) /* Read their HELLO */ if (mux_client_read_packet(fd, m) != 0) { - debug("%s: read packet failed", __func__); + debug_f("read packet failed"); goto out; } if ((r = sshbuf_get_u32(m, &type)) != 0) - fatal("%s: decode type: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse type"); if (type != MUX_MSG_HELLO) { - error("%s: expected HELLO (%u) received %u", - __func__, MUX_MSG_HELLO, type); + error_f("expected HELLO (%u) got %u", MUX_MSG_HELLO, type); goto out; } if ((r = sshbuf_get_u32(m, &ver)) != 0) - fatal("%s: decode version: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse version"); if (ver != SSHMUX_VER) { error("Unsupported multiplexing protocol version %d " "(expected %d)", ver, SSHMUX_VER); goto out; } - debug2("%s: master version %u", __func__, ver); + debug2_f("master version %u", ver); /* No extensions are presently defined */ while (sshbuf_len(m) > 0) { char *name = NULL; if ((r = sshbuf_get_cstring(m, &name, NULL)) != 0 || (r = sshbuf_skip_string(m)) != 0) { /* value */ - error("%s: malformed extension: %s", - __func__, ssh_err(r)); + error_fr(r, "parse extension"); goto out; } debug2("Unrecognised master extension \"%s\"", name); @@ -1653,16 +1636,16 @@ mux_client_request_alive(int fd) u_int pid, type, rid; int r; - debug3("%s: entering", __func__); + debug3_f("entering"); if ((m = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new", __func__); + fatal_f("sshbuf_new"); if ((r = sshbuf_put_u32(m, MUX_C_ALIVE_CHECK)) != 0 || (r = sshbuf_put_u32(m, muxclient_request_id)) != 0) - fatal("%s: request: %s", __func__, ssh_err(r)); + fatal_fr(r, "assemble"); if (mux_client_write_packet(fd, m) != 0) - fatal("%s: write packet: %s", __func__, strerror(errno)); + fatal_f("write packet: %s", strerror(errno)); sshbuf_reset(m); @@ -1673,23 +1656,23 @@ mux_client_request_alive(int fd) } if ((r = sshbuf_get_u32(m, &type)) != 0) - fatal("%s: decode type: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse type"); if (type != MUX_S_ALIVE) { if ((r = sshbuf_get_cstring(m, &e, NULL)) != 0) - fatal("%s: decode error: %s", __func__, ssh_err(r)); - fatal("%s: master returned error: %s", __func__, e); + fatal_fr(r, "parse error message"); + fatal_f("master returned error: %s", e); } if ((r = sshbuf_get_u32(m, &rid)) != 0) - fatal("%s: decode remote ID: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse remote ID"); if (rid != muxclient_request_id) - fatal("%s: out of sequence reply: my id %u theirs %u", - __func__, muxclient_request_id, rid); + fatal_f("out of sequence reply: my id %u theirs %u", + muxclient_request_id, rid); if ((r = sshbuf_get_u32(m, &pid)) != 0) - fatal("%s: decode PID: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse PID"); sshbuf_free(m); - debug3("%s: done pid = %u", __func__, pid); + debug3_f("done pid = %u", pid); muxclient_request_id++; @@ -1704,16 +1687,16 @@ mux_client_request_terminate(int fd) u_int type, rid; int r; - debug3("%s: entering", __func__); + debug3_f("entering"); if ((m = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new", __func__); + fatal_f("sshbuf_new"); if ((r = sshbuf_put_u32(m, MUX_C_TERMINATE)) != 0 || (r = sshbuf_put_u32(m, muxclient_request_id)) != 0) - fatal("%s: request: %s", __func__, ssh_err(r)); + fatal_fr(r, "request"); if (mux_client_write_packet(fd, m) != 0) - fatal("%s: write packet: %s", __func__, strerror(errno)); + fatal_f("write packet: %s", strerror(errno)); sshbuf_reset(m); @@ -1724,30 +1707,28 @@ mux_client_request_terminate(int fd) sshbuf_free(m); return; } - fatal("%s: read from master failed: %s", - __func__, strerror(errno)); + fatal_f("read from master failed: %s", strerror(errno)); } if ((r = sshbuf_get_u32(m, &type)) != 0 || (r = sshbuf_get_u32(m, &rid)) != 0) - fatal("%s: decode: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse"); if (rid != muxclient_request_id) - fatal("%s: out of sequence reply: my id %u theirs %u", - __func__, muxclient_request_id, rid); + fatal_f("out of sequence reply: my id %u theirs %u", + muxclient_request_id, rid); switch (type) { case MUX_S_OK: break; case MUX_S_PERMISSION_DENIED: if ((r = sshbuf_get_cstring(m, &e, NULL)) != 0) - fatal("%s: decode error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse error message"); fatal("Master refused termination request: %s", e); case MUX_S_FAILURE: if ((r = sshbuf_get_cstring(m, &e, NULL)) != 0) - fatal("%s: decode error: %s", __func__, ssh_err(r)); - fatal("%s: termination request failed: %s", __func__, e); + fatal_fr(r, "parse error message"); + fatal_f("termination request failed: %s", e); default: - fatal("%s: unexpected response from master 0x%08x", - __func__, type); + fatal_f("unexpected response from master 0x%08x", type); } sshbuf_free(m); muxclient_request_id++; @@ -1785,7 +1766,7 @@ mux_client_forward(int fd, int cancel_flag, u_int ftype, struct Forward *fwd) chost = fwd->connect_host; if ((m = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new", __func__); + fatal_f("sshbuf_new"); if ((r = sshbuf_put_u32(m, type)) != 0 || (r = sshbuf_put_u32(m, muxclient_request_id)) != 0 || (r = sshbuf_put_u32(m, ftype)) != 0 || @@ -1793,10 +1774,10 @@ mux_client_forward(int fd, int cancel_flag, u_int ftype, struct Forward *fwd) (r = sshbuf_put_u32(m, fwd->listen_port)) != 0 || (r = sshbuf_put_cstring(m, chost)) != 0 || (r = sshbuf_put_u32(m, fwd->connect_port)) != 0) - fatal("%s: request: %s", __func__, ssh_err(r)); + fatal_fr(r, "request"); if (mux_client_write_packet(fd, m) != 0) - fatal("%s: write packet: %s", __func__, strerror(errno)); + fatal_f("write packet: %s", strerror(errno)); sshbuf_reset(m); @@ -1808,19 +1789,19 @@ mux_client_forward(int fd, int cancel_flag, u_int ftype, struct Forward *fwd) if ((r = sshbuf_get_u32(m, &type)) != 0 || (r = sshbuf_get_u32(m, &rid)) != 0) - fatal("%s: decode: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse"); if (rid != muxclient_request_id) - fatal("%s: out of sequence reply: my id %u theirs %u", - __func__, muxclient_request_id, rid); + fatal_f("out of sequence reply: my id %u theirs %u", + muxclient_request_id, rid); switch (type) { case MUX_S_OK: break; case MUX_S_REMOTE_PORT: if (cancel_flag) - fatal("%s: got MUX_S_REMOTE_PORT for cancel", __func__); + fatal_f("got MUX_S_REMOTE_PORT for cancel"); if ((r = sshbuf_get_u32(m, &fwd->allocated_port)) != 0) - fatal("%s: decode port: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse port"); verbose("Allocated port %u for remote forward to %s:%d", fwd->allocated_port, fwd->connect_host ? fwd->connect_host : "", @@ -1830,19 +1811,18 @@ mux_client_forward(int fd, int cancel_flag, u_int ftype, struct Forward *fwd) break; case MUX_S_PERMISSION_DENIED: if ((r = sshbuf_get_cstring(m, &e, NULL)) != 0) - fatal("%s: decode error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse error message"); sshbuf_free(m); error("Master refused forwarding request: %s", e); return -1; case MUX_S_FAILURE: if ((r = sshbuf_get_cstring(m, &e, NULL)) != 0) - fatal("%s: decode error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse error message"); sshbuf_free(m); - error("%s: forwarding request failed: %s", __func__, e); + error_f("forwarding request failed: %s", e); return -1; default: - fatal("%s: unexpected response from master 0x%08x", - __func__, type); + fatal_f("unexpected response from master 0x%08x", type); } sshbuf_free(m); @@ -1855,7 +1835,7 @@ mux_client_forwards(int fd, int cancel_flag) { int i, ret = 0; - debug3("%s: %s forwardings: %d local, %d remote", __func__, + debug3_f("%s forwardings: %d local, %d remote", cancel_flag ? "cancel" : "request", options.num_local_forwards, options.num_remote_forwards); @@ -1885,17 +1865,17 @@ mux_client_request_session(int fd) extern char **environ; int r, i, rawmode; - debug3("%s: entering", __func__); + debug3_f("entering"); if ((muxserver_pid = mux_client_request_alive(fd)) == 0) { - error("%s: master alive request failed", __func__); + error_f("master alive request failed"); return -1; } ssh_signal(SIGPIPE, SIG_IGN); if (stdin_null_flag && stdfd_devnull(1, 0, 0) == -1) - fatal("%s: stdfd_devnull failed", __func__); + fatal_f("stdfd_devnull failed"); if ((term = getenv("TERM")) == NULL) term = ""; @@ -1904,7 +1884,7 @@ mux_client_request_session(int fd) echar = (u_int)options.escape_char; if ((m = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new", __func__); + fatal_f("sshbuf_new"); if ((r = sshbuf_put_u32(m, MUX_C_NEW_SESSION)) != 0 || (r = sshbuf_put_u32(m, muxclient_request_id)) != 0 || (r = sshbuf_put_string(m, NULL, 0)) != 0 || /* reserved */ @@ -1915,7 +1895,7 @@ mux_client_request_session(int fd) (r = sshbuf_put_u32(m, echar)) != 0 || (r = sshbuf_put_cstring(m, term)) != 0 || (r = sshbuf_put_stringb(m, command)) != 0) - fatal("%s: request: %s", __func__, ssh_err(r)); + fatal_fr(r, "request"); /* Pass environment */ if (options.num_send_env > 0 && environ != NULL) { @@ -1923,69 +1903,67 @@ mux_client_request_session(int fd) if (!env_permitted(environ[i])) continue; if ((r = sshbuf_put_cstring(m, environ[i])) != 0) - fatal("%s: request: %s", __func__, ssh_err(r)); + fatal_fr(r, "request sendenv"); } } for (i = 0; i < options.num_setenv; i++) { if ((r = sshbuf_put_cstring(m, options.setenv[i])) != 0) - fatal("%s: request: %s", __func__, ssh_err(r)); + fatal_fr(r, "request setenv"); } if (mux_client_write_packet(fd, m) != 0) - fatal("%s: write packet: %s", __func__, strerror(errno)); + fatal_f("write packet: %s", strerror(errno)); /* Send the stdio file descriptors */ if (mm_send_fd(fd, STDIN_FILENO) == -1 || mm_send_fd(fd, STDOUT_FILENO) == -1 || mm_send_fd(fd, STDERR_FILENO) == -1) - fatal("%s: send fds failed", __func__); + fatal_f("send fds failed"); - debug3("%s: session request sent", __func__); + debug3_f("session request sent"); /* Read their reply */ sshbuf_reset(m); if (mux_client_read_packet(fd, m) != 0) { - error("%s: read from master failed: %s", - __func__, strerror(errno)); + error_f("read from master failed: %s", strerror(errno)); sshbuf_free(m); return -1; } if ((r = sshbuf_get_u32(m, &type)) != 0 || (r = sshbuf_get_u32(m, &rid)) != 0) - fatal("%s: decode: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse"); if (rid != muxclient_request_id) - fatal("%s: out of sequence reply: my id %u theirs %u", - __func__, muxclient_request_id, rid); + fatal_f("out of sequence reply: my id %u theirs %u", + muxclient_request_id, rid); switch (type) { case MUX_S_SESSION_OPENED: if ((r = sshbuf_get_u32(m, &sid)) != 0) - fatal("%s: decode ID: %s", __func__, ssh_err(r)); - debug("%s: master session id: %u", __func__, sid); + fatal_fr(r, "parse session ID"); + debug_f("master session id: %u", sid); break; case MUX_S_PERMISSION_DENIED: if ((r = sshbuf_get_cstring(m, &e, NULL)) != 0) - fatal("%s: decode error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse error message"); error("Master refused session request: %s", e); sshbuf_free(m); return -1; case MUX_S_FAILURE: if ((r = sshbuf_get_cstring(m, &e, NULL)) != 0) - fatal("%s: decode error: %s", __func__, ssh_err(r)); - error("%s: session request failed: %s", __func__, e); + fatal_fr(r, "parse error message"); + error_f("session request failed: %s", e); sshbuf_free(m); return -1; default: sshbuf_free(m); - error("%s: unexpected response from master 0x%08x", - __func__, type); + error_f("unexpected response from master 0x%08x", type); return -1; } muxclient_request_id++; if (pledge("stdio proc tty", NULL) == -1) - fatal("%s pledge(): %s", __func__, strerror(errno)); + fatal_f("pledge(): %s", strerror(errno)); ssh_signal(SIGHUP, control_client_sighandler); ssh_signal(SIGINT, control_client_sighandler); @@ -2008,40 +1986,34 @@ mux_client_request_session(int fd) if (mux_client_read_packet(fd, m) != 0) break; if ((r = sshbuf_get_u32(m, &type)) != 0) - fatal("%s: decode type: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse type"); switch (type) { case MUX_S_TTY_ALLOC_FAIL: if ((r = sshbuf_get_u32(m, &esid)) != 0) - fatal("%s: decode ID: %s", - __func__, ssh_err(r)); + fatal_fr(r, "parse session ID"); if (esid != sid) - fatal("%s: tty alloc fail on unknown session: " - "my id %u theirs %u", - __func__, sid, esid); + fatal_f("tty alloc fail on unknown session: " + "my id %u theirs %u", sid, esid); leave_raw_mode(options.request_tty == REQUEST_TTY_FORCE); rawmode = 0; continue; case MUX_S_EXIT_MESSAGE: if ((r = sshbuf_get_u32(m, &esid)) != 0) - fatal("%s: decode ID: %s", - __func__, ssh_err(r)); + fatal_fr(r, "parse session ID"); if (esid != sid) - fatal("%s: exit on unknown session: " - "my id %u theirs %u", - __func__, sid, esid); + fatal_f("exit on unknown session: " + "my id %u theirs %u", sid, esid); if (exitval_seen) - fatal("%s: exitval sent twice", __func__); + fatal_f("exitval sent twice"); if ((r = sshbuf_get_u32(m, &exitval)) != 0) - fatal("%s: decode exit value: %s", - __func__, ssh_err(r)); + fatal_fr(r, "parse exitval"); exitval_seen = 1; continue; default: if ((r = sshbuf_get_cstring(m, &e, NULL)) != 0) - fatal("%s: decode error: %s", - __func__, ssh_err(r)); - fatal("%s: master returned error: %s", __func__, e); + fatal_fr(r, "parse error message"); + fatal_f("master returned error: %s", e); } } @@ -2073,12 +2045,12 @@ mux_client_proxy(int fd) int r; if ((m = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new", __func__); + fatal_f("sshbuf_new"); if ((r = sshbuf_put_u32(m, MUX_C_PROXY)) != 0 || (r = sshbuf_put_u32(m, muxclient_request_id)) != 0) - fatal("%s: request: %s", __func__, ssh_err(r)); + fatal_fr(r, "request"); if (mux_client_write_packet(fd, m) != 0) - fatal("%s: write packet: %s", __func__, strerror(errno)); + fatal_f("write packet: %s", strerror(errno)); sshbuf_reset(m); @@ -2089,18 +2061,18 @@ mux_client_proxy(int fd) } if ((r = sshbuf_get_u32(m, &type)) != 0 || (r = sshbuf_get_u32(m, &rid)) != 0) - fatal("%s: decode: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse"); if (rid != muxclient_request_id) - fatal("%s: out of sequence reply: my id %u theirs %u", - __func__, muxclient_request_id, rid); + fatal_f("out of sequence reply: my id %u theirs %u", + muxclient_request_id, rid); if (type != MUX_S_PROXY) { if ((r = sshbuf_get_cstring(m, &e, NULL)) != 0) - fatal("%s: decode error: %s", __func__, ssh_err(r)); - fatal("%s: master returned error: %s", __func__, e); + fatal_fr(r, "parse error message"); + fatal_f("master returned error: %s", e); } sshbuf_free(m); - debug3("%s: done", __func__); + debug3_f("done"); muxclient_request_id++; return 0; } @@ -2113,76 +2085,74 @@ mux_client_request_stdio_fwd(int fd) u_int type, rid, sid; int r; - debug3("%s: entering", __func__); + debug3_f("entering"); if ((muxserver_pid = mux_client_request_alive(fd)) == 0) { - error("%s: master alive request failed", __func__); + error_f("master alive request failed"); return -1; } ssh_signal(SIGPIPE, SIG_IGN); if (stdin_null_flag && stdfd_devnull(1, 0, 0) == -1) - fatal("%s: stdfd_devnull failed", __func__); + fatal_f("stdfd_devnull failed"); if ((m = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new", __func__); + fatal_f("sshbuf_new"); if ((r = sshbuf_put_u32(m, MUX_C_NEW_STDIO_FWD)) != 0 || (r = sshbuf_put_u32(m, muxclient_request_id)) != 0 || (r = sshbuf_put_string(m, NULL, 0)) != 0 || /* reserved */ (r = sshbuf_put_cstring(m, options.stdio_forward_host)) != 0 || (r = sshbuf_put_u32(m, options.stdio_forward_port)) != 0) - fatal("%s: request: %s", __func__, ssh_err(r)); + fatal_fr(r, "request"); if (mux_client_write_packet(fd, m) != 0) - fatal("%s: write packet: %s", __func__, strerror(errno)); + fatal_f("write packet: %s", strerror(errno)); /* Send the stdio file descriptors */ if (mm_send_fd(fd, STDIN_FILENO) == -1 || mm_send_fd(fd, STDOUT_FILENO) == -1) - fatal("%s: send fds failed", __func__); + fatal_f("send fds failed"); if (pledge("stdio proc tty", NULL) == -1) - fatal("%s pledge(): %s", __func__, strerror(errno)); + fatal_f("pledge(): %s", strerror(errno)); - debug3("%s: stdio forward request sent", __func__); + debug3_f("stdio forward request sent"); /* Read their reply */ sshbuf_reset(m); if (mux_client_read_packet(fd, m) != 0) { - error("%s: read from master failed: %s", - __func__, strerror(errno)); + error_f("read from master failed: %s", strerror(errno)); sshbuf_free(m); return -1; } if ((r = sshbuf_get_u32(m, &type)) != 0 || (r = sshbuf_get_u32(m, &rid)) != 0) - fatal("%s: decode: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse"); if (rid != muxclient_request_id) - fatal("%s: out of sequence reply: my id %u theirs %u", - __func__, muxclient_request_id, rid); + fatal_f("out of sequence reply: my id %u theirs %u", + muxclient_request_id, rid); switch (type) { case MUX_S_SESSION_OPENED: if ((r = sshbuf_get_u32(m, &sid)) != 0) - fatal("%s: decode ID: %s", __func__, ssh_err(r)); - debug("%s: master session id: %u", __func__, sid); + fatal_fr(r, "parse session ID"); + debug_f("master session id: %u", sid); break; case MUX_S_PERMISSION_DENIED: if ((r = sshbuf_get_cstring(m, &e, NULL)) != 0) - fatal("%s: decode error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse error message"); sshbuf_free(m); fatal("Master refused stdio forwarding request: %s", e); case MUX_S_FAILURE: if ((r = sshbuf_get_cstring(m, &e, NULL)) != 0) - fatal("%s: decode error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse error message"); sshbuf_free(m); fatal("Stdio forwarding request failed: %s", e); default: sshbuf_free(m); - error("%s: unexpected response from master 0x%08x", - __func__, type); + error_f("unexpected response from master 0x%08x", type); return -1; } muxclient_request_id++; @@ -2200,10 +2170,9 @@ mux_client_request_stdio_fwd(int fd) if (errno == EPIPE || (errno == EINTR && muxclient_terminate != 0)) return 0; - fatal("%s: mux_client_read_packet: %s", - __func__, strerror(errno)); + fatal_f("mux_client_read_packet: %s", strerror(errno)); } - fatal("%s: master returned unexpected message %u", __func__, type); + fatal_f("master returned unexpected message %u", type); } static void @@ -2214,45 +2183,43 @@ mux_client_request_stop_listening(int fd) u_int type, rid; int r; - debug3("%s: entering", __func__); + debug3_f("entering"); if ((m = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new", __func__); + fatal_f("sshbuf_new"); if ((r = sshbuf_put_u32(m, MUX_C_STOP_LISTENING)) != 0 || (r = sshbuf_put_u32(m, muxclient_request_id)) != 0) - fatal("%s: request: %s", __func__, ssh_err(r)); + fatal_fr(r, "request"); if (mux_client_write_packet(fd, m) != 0) - fatal("%s: write packet: %s", __func__, strerror(errno)); + fatal_f("write packet: %s", strerror(errno)); sshbuf_reset(m); /* Read their reply */ if (mux_client_read_packet(fd, m) != 0) - fatal("%s: read from master failed: %s", - __func__, strerror(errno)); + fatal_f("read from master failed: %s", strerror(errno)); if ((r = sshbuf_get_u32(m, &type)) != 0 || (r = sshbuf_get_u32(m, &rid)) != 0) - fatal("%s: decode: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse"); if (rid != muxclient_request_id) - fatal("%s: out of sequence reply: my id %u theirs %u", - __func__, muxclient_request_id, rid); + fatal_f("out of sequence reply: my id %u theirs %u", + muxclient_request_id, rid); switch (type) { case MUX_S_OK: break; case MUX_S_PERMISSION_DENIED: if ((r = sshbuf_get_cstring(m, &e, NULL)) != 0) - fatal("%s: decode error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse error message"); fatal("Master refused stop listening request: %s", e); case MUX_S_FAILURE: if ((r = sshbuf_get_cstring(m, &e, NULL)) != 0) - fatal("%s: decode error: %s", __func__, ssh_err(r)); - fatal("%s: stop listening request failed: %s", __func__, e); + fatal_fr(r, "parse error message"); + fatal_f("stop listening request failed: %s", e); default: - fatal("%s: unexpected response from master 0x%08x", - __func__, type); + fatal_f("unexpected response from master 0x%08x", type); } sshbuf_free(m); muxclient_request_id++; @@ -2293,7 +2260,7 @@ muxclient(const char *path) (unsigned int)sizeof(addr.sun_path)); if ((sock = socket(PF_UNIX, SOCK_STREAM, 0)) == -1) - fatal("%s socket(): %s", __func__, strerror(errno)); + fatal_f("socket(): %s", strerror(errno)); if (connect(sock, (struct sockaddr *)&addr, sizeof(addr)) == -1) { switch (muxclient_command) { @@ -2320,7 +2287,7 @@ muxclient(const char *path) set_nonblock(sock); if (mux_client_hello_exchange(sock) != 0) { - error("%s: master hello exchange failed", __func__); + error_f("master hello exchange failed"); close(sock); return -1; } @@ -2328,7 +2295,7 @@ muxclient(const char *path) switch (muxclient_command) { case SSHMUX_COMMAND_ALIVE_CHECK: if ((pid = mux_client_request_alive(sock)) == 0) - fatal("%s: master alive check failed", __func__); + fatal_f("master alive check failed"); fprintf(stderr, "Master running (pid=%u)\r\n", pid); exit(0); case SSHMUX_COMMAND_TERMINATE: @@ -2338,11 +2305,11 @@ muxclient(const char *path) exit(0); case SSHMUX_COMMAND_FORWARD: if (mux_client_forwards(sock, 0) != 0) - fatal("%s: master forward request failed", __func__); + fatal_f("master forward request failed"); exit(0); case SSHMUX_COMMAND_OPEN: if (mux_client_forwards(sock, 0) != 0) { - error("%s: master forward request failed", __func__); + error_f("master forward request failed"); return -1; } mux_client_request_session(sock); @@ -2357,8 +2324,7 @@ muxclient(const char *path) exit(0); case SSHMUX_COMMAND_CANCEL_FWD: if (mux_client_forwards(sock, 1) != 0) - error("%s: master cancel forward request failed", - __func__); + error_f("master cancel forward request failed"); exit(0); case SSHMUX_COMMAND_PROXY: mux_client_proxy(sock); diff --git a/usr.bin/ssh/nchan.c b/usr.bin/ssh/nchan.c index 0665cd6e494..9adf901124f 100644 --- a/usr.bin/ssh/nchan.c +++ b/usr.bin/ssh/nchan.c @@ -1,4 +1,4 @@ -/* $OpenBSD: nchan.c,v 1.70 2019/06/28 13:35:04 deraadt Exp $ */ +/* $OpenBSD: nchan.c,v 1.71 2020/10/18 11:32:01 djm Exp $ */ /* * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved. * @@ -183,12 +183,11 @@ chan_send_eof2(struct ssh *ssh, Channel *c) switch (c->istate) { case CHAN_INPUT_WAIT_DRAIN: if (!c->have_remote_id) - fatal("%s: channel %d: no remote_id", - __func__, c->self); + fatal_f("channel %d: no remote_id", c->self); if ((r = sshpkt_start(ssh, SSH2_MSG_CHANNEL_EOF)) != 0 || (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 || (r = sshpkt_send(ssh)) != 0) - fatal("%s: send CHANNEL_EOF: %s", __func__, ssh_err(r)); + fatal_fr(r, "send CHANNEL_EOF"); c->flags |= CHAN_EOF_SENT; break; default: @@ -212,12 +211,11 @@ chan_send_close2(struct ssh *ssh, Channel *c) error("channel %d: already sent close", c->self); } else { if (!c->have_remote_id) - fatal("%s: channel %d: no remote_id", - __func__, c->self); + fatal_f("channel %d: no remote_id", c->self); if ((r = sshpkt_start(ssh, SSH2_MSG_CHANNEL_CLOSE)) != 0 || (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 || (r = sshpkt_send(ssh)) != 0) - fatal("%s: send CHANNEL_EOF: %s", __func__, ssh_err(r)); + fatal_fr(r, "send CHANNEL_EOF"); c->flags |= CHAN_CLOSE_SENT; } } @@ -236,13 +234,13 @@ chan_send_eow2(struct ssh *ssh, Channel *c) if (!(datafellows & SSH_NEW_OPENSSH)) return; if (!c->have_remote_id) - fatal("%s: channel %d: no remote_id", __func__, c->self); + fatal_f("channel %d: no remote_id", c->self); if ((r = sshpkt_start(ssh, SSH2_MSG_CHANNEL_REQUEST)) != 0 || (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 || (r = sshpkt_put_cstring(ssh, "eow@openssh.com")) != 0 || (r = sshpkt_put_u8(ssh, 0)) != 0 || (r = sshpkt_send(ssh)) != 0) - fatal("%s: send CHANNEL_EOF: %s", __func__, ssh_err(r)); + fatal_fr(r, "send CHANNEL_EOF"); } /* shared */ @@ -374,22 +372,20 @@ chan_shutdown_write(struct ssh *ssh, Channel *c) if (c->type == SSH_CHANNEL_LARVAL) return; /* shutdown failure is allowed if write failed already */ - debug2("channel %d: %s (i%d o%d sock %d wfd %d efd %d [%s])", - c->self, __func__, c->istate, c->ostate, c->sock, c->wfd, c->efd, + debug2_f("channel %d: (i%d o%d sock %d wfd %d efd %d [%s])", + c->self, c->istate, c->ostate, c->sock, c->wfd, c->efd, channel_format_extended_usage(c)); if (c->sock != -1) { if (shutdown(c->sock, SHUT_WR) == -1) { - debug2("channel %d: %s: shutdown() failed for " - "fd %d [i%d o%d]: %.100s", c->self, __func__, - c->sock, c->istate, c->ostate, - strerror(errno)); + debug2_f("channel %d: shutdown() failed for " + "fd %d [i%d o%d]: %.100s", c->self, c->sock, + c->istate, c->ostate, strerror(errno)); } } else { if (channel_close_fd(ssh, &c->wfd) < 0) { - logit("channel %d: %s: close() failed for " - "fd %d [i%d o%d]: %.100s", - c->self, __func__, c->wfd, c->istate, c->ostate, - strerror(errno)); + logit_f("channel %d: close() failed for " + "fd %d [i%d o%d]: %.100s", c->self, c->wfd, + c->istate, c->ostate, strerror(errno)); } } } @@ -399,22 +395,20 @@ chan_shutdown_read(struct ssh *ssh, Channel *c) { if (c->type == SSH_CHANNEL_LARVAL) return; - debug2("channel %d: %s (i%d o%d sock %d wfd %d efd %d [%s])", - c->self, __func__, c->istate, c->ostate, c->sock, c->rfd, c->efd, + debug2_f("channel %d: (i%d o%d sock %d wfd %d efd %d [%s])", + c->self, c->istate, c->ostate, c->sock, c->rfd, c->efd, channel_format_extended_usage(c)); if (c->sock != -1) { if (shutdown(c->sock, SHUT_RD) == -1) { - error("channel %d: %s: shutdown() failed for " - "fd %d [i%d o%d]: %.100s", - c->self, __func__, c->sock, c->istate, c->ostate, - strerror(errno)); + error_f("channel %d: shutdown() failed for " + "fd %d [i%d o%d]: %.100s", c->self, c->sock, + c->istate, c->ostate, strerror(errno)); } } else { if (channel_close_fd(ssh, &c->rfd) < 0) { - logit("channel %d: %s: close() failed for " - "fd %d [i%d o%d]: %.100s", - c->self, __func__, c->rfd, c->istate, c->ostate, - strerror(errno)); + logit_f("channel %d: close() failed for " + "fd %d [i%d o%d]: %.100s", c->self, c->rfd, + c->istate, c->ostate, strerror(errno)); } } } @@ -427,13 +421,12 @@ chan_shutdown_extended_read(struct ssh *ssh, Channel *c) if (c->extended_usage != CHAN_EXTENDED_READ && c->extended_usage != CHAN_EXTENDED_IGNORE) return; - debug2("channel %d: %s (i%d o%d sock %d wfd %d efd %d [%s])", - c->self, __func__, c->istate, c->ostate, c->sock, c->rfd, c->efd, + debug_f("channel %d: (i%d o%d sock %d wfd %d efd %d [%s])", + c->self, c->istate, c->ostate, c->sock, c->rfd, c->efd, channel_format_extended_usage(c)); if (channel_close_fd(ssh, &c->efd) < 0) { - logit("channel %d: %s: close() failed for " - "extended fd %d [i%d o%d]: %.100s", - c->self, __func__, c->efd, c->istate, c->ostate, - strerror(errno)); + logit_f("channel %d: close() failed for " + "extended fd %d [i%d o%d]: %.100s", c->self, c->efd, + c->istate, c->ostate, strerror(errno)); } } diff --git a/usr.bin/ssh/packet.c b/usr.bin/ssh/packet.c index e47ad8d589c..1f03beab60b 100644 --- a/usr.bin/ssh/packet.c +++ b/usr.bin/ssh/packet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.c,v 1.296 2020/07/05 23:59:45 djm Exp $ */ +/* $OpenBSD: packet.c,v 1.297 2020/10/18 11:32:01 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -277,13 +277,13 @@ ssh_packet_set_connection(struct ssh *ssh, int fd_in, int fd_out) int r; if (none == NULL) { - error("%s: cannot load cipher 'none'", __func__); + error_f("cannot load cipher 'none'"); return NULL; } if (ssh == NULL) ssh = ssh_alloc_session_state(); if (ssh == NULL) { - error("%s: could not allocate state", __func__); + error_f("could not allocate state"); return NULL; } state = ssh->state; @@ -293,7 +293,7 @@ ssh_packet_set_connection(struct ssh *ssh, int fd_in, int fd_out) (const u_char *)"", 0, NULL, 0, CIPHER_ENCRYPT)) != 0 || (r = cipher_init(&state->receive_context, none, (const u_char *)"", 0, NULL, 0, CIPHER_DECRYPT)) != 0) { - error("%s: cipher_init failed: %s", __func__, ssh_err(r)); + error_fr(r, "cipher_init failed"); free(ssh); /* XXX need ssh_free_session_state? */ return NULL; } @@ -872,8 +872,8 @@ ssh_set_newkeys(struct ssh *ssh, int mode) max_blocks = &state->max_blocks_in; } if (state->newkeys[mode] != NULL) { - debug("%s: rekeying %s, input %llu bytes %llu blocks, " - "output %llu bytes %llu blocks", __func__, dir, + debug_f("rekeying %s, input %llu bytes %llu blocks, " + "output %llu bytes %llu blocks", dir, (unsigned long long)state->p_read.bytes, (unsigned long long)state->p_read.blocks, (unsigned long long)state->p_send.bytes, @@ -895,7 +895,7 @@ ssh_set_newkeys(struct ssh *ssh, int mode) return r; } mac->enabled = 1; - DBG(debug("%s: cipher_init_context: %s", __func__, dir)); + DBG(debug_f("cipher_init_context: %s", dir)); cipher_free(*ccp); *ccp = NULL; if ((r = cipher_init(ccp, enc->cipher, enc->key, enc->key_len, @@ -1118,8 +1118,8 @@ ssh_packet_send2_wrapped(struct ssh *ssh) if (tmp > state->extra_pad) return SSH_ERR_INVALID_ARGUMENT; pad = state->extra_pad - tmp; - DBG(debug3("%s: adding %d (len %d padlen %d extra_pad %d)", - __func__, pad, len, padlen, state->extra_pad)); + DBG(debug3_f("adding %d (len %d padlen %d extra_pad %d)", + pad, len, padlen, state->extra_pad)); tmp = padlen; padlen += pad; /* Check whether padlen calculation overflowed */ @@ -1234,7 +1234,7 @@ ssh_packet_send2(struct ssh *ssh) */ if ((need_rekey || state->rekeying) && !ssh_packet_type_is_kex(type)) { if (need_rekey) - debug3("%s: rekex triggered", __func__); + debug3_f("rekex triggered"); debug("enqueue packet: %u", type); p = calloc(1, sizeof(*p)); if (p == NULL) @@ -1276,8 +1276,7 @@ ssh_packet_send2(struct ssh *ssh) */ if (ssh_packet_need_rekeying(ssh, sshbuf_len(p->payload))) { - debug3("%s: queued packet triggered rekex", - __func__); + debug3_f("queued packet triggered rekex"); return kex_start_rekex(ssh); } debug("dequeue packet: %u", type); @@ -1395,7 +1394,7 @@ ssh_packet_read(struct ssh *ssh) int r; if ((r = ssh_packet_read_seqnr(ssh, &type, NULL)) != 0) - fatal("%s: %s", __func__, ssh_err(r)); + fatal_fr(r, "read"); return type; } @@ -1453,7 +1452,7 @@ ssh_packet_read_poll2_mux(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) (r = sshbuf_get_u8(state->incoming_packet, typep)) != 0) return r; if (ssh_packet_log_type(*typep)) - debug3("%s: type %u", __func__, *typep); + debug3_f("type %u", *typep); /* sshbuf_dump(state->incoming_packet, stderr); */ /* reset for next packet */ state->packlen = 0; @@ -1684,7 +1683,7 @@ ssh_packet_read_poll2(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) /* do we need to rekey? */ if (ssh_packet_need_rekeying(ssh, 0)) { - debug3("%s: rekex triggered", __func__); + debug3_f("rekex triggered"); if ((r = kex_start_rekex(ssh)) != 0) return r; } @@ -1810,7 +1809,7 @@ ssh_packet_send_debug(struct ssh *ssh, const char *fmt,...) (r = sshpkt_put_cstring(ssh, "")) != 0 || (r = sshpkt_send(ssh)) != 0 || (r = ssh_packet_write_wait(ssh)) != 0) - fatal("%s: %s", __func__, ssh_err(r)); + fatal_fr(r, "send DEBUG"); } void @@ -1866,15 +1865,13 @@ sshpkt_vfatal(struct ssh *ssh, int r, const char *fmt, va_list ap) default: if (vasprintf(&tag, fmt, ap) == -1) { ssh_packet_clear_keys(ssh); - logdie("%s: could not allocate failure message", - __func__); + logdie_f("could not allocate failure message"); } ssh_packet_clear_keys(ssh); errno = oerrno; - logdie("%s%sConnection %s %s: %s", + logdie_r(r, "%s%sConnection %s %s", tag != NULL ? tag : "", tag != NULL ? ": " : "", - ssh->state->server_side ? "from" : "to", - remote_id, ssh_err(r)); + ssh->state->server_side ? "from" : "to", remote_id); } } @@ -1887,7 +1884,7 @@ sshpkt_fatal(struct ssh *ssh, int r, const char *fmt, ...) sshpkt_vfatal(ssh, r, fmt, ap); /* NOTREACHED */ va_end(ap); - logdie("%s: should have exited", __func__); + logdie_f("should have exited"); } /* @@ -2048,14 +2045,14 @@ ssh_packet_set_tos(struct ssh *ssh, int tos) return; switch (ssh_packet_connection_af(ssh)) { case AF_INET: - debug3("%s: set IP_TOS 0x%02x", __func__, tos); + debug3_f("set IP_TOS 0x%02x", tos); if (setsockopt(ssh->state->connection_in, IPPROTO_IP, IP_TOS, &tos, sizeof(tos)) == -1) error("setsockopt IP_TOS %d: %.100s:", tos, strerror(errno)); break; case AF_INET6: - debug3("%s: set IPV6_TCLASS 0x%02x", __func__, tos); + debug3_f("set IPV6_TCLASS 0x%02x", tos); if (setsockopt(ssh->state->connection_in, IPPROTO_IPV6, IPV6_TCLASS, &tos, sizeof(tos)) == -1) error("setsockopt IPV6_TCLASS %d: %.100s:", @@ -2182,7 +2179,7 @@ ssh_packet_set_postauth(struct ssh *ssh) { int r; - debug("%s: called", __func__); + debug_f("called"); /* This was set in net child, but is not visible in user child */ ssh->state->after_authentication = 1; ssh->state->rekeying = 0; @@ -2438,7 +2435,7 @@ ssh_packet_set_state(struct ssh *ssh, struct sshbuf *m) if (sshbuf_len(m)) return SSH_ERR_INVALID_FORMAT; - debug3("%s: done", __func__); + debug3_f("done"); return 0; } @@ -2625,7 +2622,7 @@ ssh_packet_send_mux(struct ssh *ssh) cp = sshbuf_mutable_ptr(state->outgoing_packet); type = cp[5]; if (ssh_packet_log_type(type)) - debug3("%s: type %u", __func__, type); + debug3_f("type %u", type); /* drop everything, but the connection protocol */ if (type >= SSH2_MSG_CONNECTION_MIN && type <= SSH2_MSG_CONNECTION_MAX) { diff --git a/usr.bin/ssh/readconf.c b/usr.bin/ssh/readconf.c index 4e871abab3e..722b762205a 100644 --- a/usr.bin/ssh/readconf.c +++ b/usr.bin/ssh/readconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.339 2020/10/16 13:26:13 djm Exp $ */ +/* $OpenBSD: readconf.c,v 1.340 2020/10/18 11:32:01 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -324,7 +324,7 @@ ssh_connection_hash(const char *thishost, const char *host, const char *portstr, ssh_digest_update(md, portstr, strlen(portstr)) < 0 || ssh_digest_update(md, user, strlen(user)) < 0 || ssh_digest_final(md, conn_hash, sizeof(conn_hash)) < 0) - fatal("%s: mux digest failed", __func__); + fatal_f("mux digest failed"); ssh_digest_free(md); return tohex(conn_hash, ssh_digest_bytes(SSH_DIGEST_SHA1)); } @@ -432,7 +432,7 @@ add_certificate_file(Options *options, const char *path, int userprovided) for (i = 0; i < options->num_certificate_files; i++) { if (options->certificate_file_userprovided[i] == userprovided && strcmp(options->certificate_files[i], path) == 0) { - debug2("%s: ignoring duplicate key %s", __func__, path); + debug2_f("ignoring duplicate key %s", path); return; } } @@ -463,7 +463,7 @@ add_identity_file(Options *options, const char *dir, const char *filename, for (i = 0; i < options->num_identity_files; i++) { if (options->identity_file_userprovided[i] == userprovided && strcmp(options->identity_files[i], path) == 0) { - debug2("%s: ignoring duplicate key %s", __func__, path); + debug2_f("ignoring duplicate key %s", path); free(path); return; } @@ -513,7 +513,7 @@ execute_in_shell(const char *cmd) char *argv[4]; if (stdfd_devnull(1, 1, 0) == -1) - fatal("%s: stdfd_devnull failed", __func__); + fatal_f("stdfd_devnull failed"); closefrom(STDERR_FILENO + 1); argv[0] = shell; @@ -530,11 +530,11 @@ execute_in_shell(const char *cmd) } /* Parent. */ if (pid == -1) - fatal("%s: fork: %.100s", __func__, strerror(errno)); + fatal_f("fork: %.100s", strerror(errno)); while (waitpid(pid, &status, 0) == -1) { if (errno != EINTR && errno != EAGAIN) - fatal("%s: waitpid: %s", __func__, strerror(errno)); + fatal_f("waitpid: %s", strerror(errno)); } if (!WIFEXITED(status)) { error("command '%.100s' exited abnormally", cmd); @@ -1451,10 +1451,9 @@ parse_keytypes: (u_char) arg[1] >= 64 && (u_char) arg[1] < 128) value = (u_char) arg[1] & 31; else { + value = 0; /* Avoid compiler warning. */ fatal("%.200s line %d: Bad escape character.", filename, linenum); - /* NOTREACHED */ - value = 0; /* Avoid compiler warning. */ } if (*activep && *intptr == -1) *intptr = value; @@ -1852,7 +1851,7 @@ parse_keytypes: return 0; default: - fatal("%s: Unimplemented opcode %d", __func__, opcode); + fatal_f("Unimplemented opcode %d", opcode); } /* Check that there is no garbage at end of line. */ @@ -2254,7 +2253,7 @@ fill_default_options(Options * options) do { \ if ((r = kex_assemble_names(&options->what, \ defaults, all)) != 0) \ - fatal("%s: %s: %s", __func__, #what, ssh_err(r)); \ + fatal_fr(r, "%s", #what); \ } while (0) ASSEMBLE(ciphers, def_cipher, all_cipher); ASSEMBLE(macs, def_mac, all_mac); @@ -2740,7 +2739,7 @@ dump_client_config(Options *o, const char *host) all_key = sshkey_alg_list(0, 0, 1, ','); if ((r = kex_assemble_names(&o->hostkeyalgorithms, kex_default_pk_alg(), all_key)) != 0) - fatal("%s: expand HostKeyAlgorithms: %s", __func__, ssh_err(r)); + fatal_fr(r, "expand HostKeyAlgorithms"); free(all_key); /* Most interesting options first: user, host, port */ diff --git a/usr.bin/ssh/readpass.c b/usr.bin/ssh/readpass.c index 1397249bf8c..d96d52d3e8f 100644 --- a/usr.bin/ssh/readpass.c +++ b/usr.bin/ssh/readpass.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readpass.c,v 1.64 2020/10/03 09:22:26 djm Exp $ */ +/* $OpenBSD: readpass.c,v 1.65 2020/10/18 11:32:01 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -55,27 +55,27 @@ ssh_askpass(char *askpass, const char *msg, const char *env_hint) void (*osigchld)(int); if (fflush(stdout) != 0) - error("%s: fflush: %s", __func__, strerror(errno)); + error_f("fflush: %s", strerror(errno)); if (askpass == NULL) fatal("internal error: askpass undefined"); if (pipe(p) == -1) { - error("%s: pipe: %s", __func__, strerror(errno)); + error_f("pipe: %s", strerror(errno)); return NULL; } osigchld = ssh_signal(SIGCHLD, SIG_DFL); if ((pid = fork()) == -1) { - error("%s: fork: %s", __func__, strerror(errno)); + error_f("fork: %s", strerror(errno)); ssh_signal(SIGCHLD, osigchld); return NULL; } if (pid == 0) { close(p[0]); if (dup2(p[1], STDOUT_FILENO) == -1) - fatal("%s: dup2: %s", __func__, strerror(errno)); + fatal_f("dup2: %s", strerror(errno)); if (env_hint != NULL) setenv("SSH_ASKPASS_PROMPT", env_hint, 1); execlp(askpass, askpass, msg, (char *)NULL); - fatal("%s: exec(%s): %s", __func__, askpass, strerror(errno)); + fatal_f("exec(%s): %s", askpass, strerror(errno)); } close(p[1]); @@ -138,7 +138,7 @@ read_passphrase(const char *prompt, int flags) rppflags = (flags & RP_ECHO) ? RPP_ECHO_ON : RPP_ECHO_OFF; if (use_askpass) - debug("%s: requested to askpass", __func__); + debug_f("requested to askpass"); else if (flags & RP_USE_ASKPASS) use_askpass = 1; else if (flags & RP_ALLOW_STDIN) { @@ -239,7 +239,7 @@ notify_start(int force_askpass, const char *fmt, ...) va_end(args); if (fflush(NULL) != 0) - error("%s: fflush: %s", __func__, strerror(errno)); + error_f("fflush: %s", strerror(errno)); if (!force_askpass && isatty(STDERR_FILENO)) { (void)write(STDERR_FILENO, "\r", 1); (void)write(STDERR_FILENO, prompt, strlen(prompt)); @@ -249,35 +249,35 @@ notify_start(int force_askpass, const char *fmt, ...) if ((askpass = getenv("SSH_ASKPASS")) == NULL) askpass = _PATH_SSH_ASKPASS_DEFAULT; if (*askpass == '\0') { - debug3("%s: cannot notify: no askpass", __func__); + debug3_f("cannot notify: no askpass"); goto out; } if (getenv("DISPLAY") == NULL && ((s = getenv(SSH_ASKPASS_REQUIRE_ENV)) == NULL || strcmp(s, "force") != 0)) { - debug3("%s: cannot notify: no display", __func__); + debug3_f("cannot notify: no display"); goto out; } osigchld = ssh_signal(SIGCHLD, SIG_DFL); if ((pid = fork()) == -1) { - error("%s: fork: %s", __func__, strerror(errno)); + error_f("fork: %s", strerror(errno)); ssh_signal(SIGCHLD, osigchld); free(prompt); return NULL; } if (pid == 0) { if (stdfd_devnull(1, 1, 0) == -1) - fatal("%s: stdfd_devnull failed", __func__); + fatal_f("stdfd_devnull failed"); closefrom(STDERR_FILENO + 1); setenv("SSH_ASKPASS_PROMPT", "none", 1); /* hint to UI */ execlp(askpass, askpass, prompt, (char *)NULL); - error("%s: exec(%s): %s", __func__, askpass, strerror(errno)); + error_f("exec(%s): %s", askpass, strerror(errno)); _exit(1); /* NOTREACHED */ } if ((ret = calloc(1, sizeof(*ret))) == NULL) { kill(pid, SIGTERM); - fatal("%s: calloc failed", __func__); + fatal_f("calloc failed"); } ret->pid = pid; ret->osigchld = osigchld; @@ -301,7 +301,7 @@ notify_complete(struct notifier_ctx *ctx) break; } if (ret == -1) - fatal("%s: waitpid: %s", __func__, strerror(errno)); + fatal_f("waitpid: %s", strerror(errno)); ssh_signal(SIGCHLD, ctx->osigchld); free(ctx); } diff --git a/usr.bin/ssh/sandbox-pledge.c b/usr.bin/ssh/sandbox-pledge.c index 592e32ba703..9a12dbfead4 100644 --- a/usr.bin/ssh/sandbox-pledge.c +++ b/usr.bin/ssh/sandbox-pledge.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sandbox-pledge.c,v 1.1 2015/10/09 01:37:08 deraadt Exp $ */ +/* $OpenBSD: sandbox-pledge.c,v 1.2 2020/10/18 11:32:01 djm Exp $ */ /* * Copyright (c) 2015 Theo de Raadt <deraadt@openbsd.org> * @@ -42,7 +42,7 @@ ssh_sandbox_init(void) { struct ssh_sandbox *box; - debug3("%s: preparing pledge sandbox", __func__); + debug3_f("preparing pledge sandbox"); box = xcalloc(1, sizeof(*box)); box->child_pid = 0; @@ -53,14 +53,14 @@ void ssh_sandbox_child(struct ssh_sandbox *box) { if (pledge("stdio", NULL) == -1) - fatal("%s: pledge()", __func__); + fatal_f("pledge()"); } void ssh_sandbox_parent_finish(struct ssh_sandbox *box) { free(box); - debug3("%s: finished", __func__); + debug3_f("finished"); } void diff --git a/usr.bin/ssh/sandbox-rlimit.c b/usr.bin/ssh/sandbox-rlimit.c index eab49f4065c..4e86174a03d 100644 --- a/usr.bin/ssh/sandbox-rlimit.c +++ b/usr.bin/ssh/sandbox-rlimit.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sandbox-rlimit.c,v 1.4 2016/09/12 01:22:38 deraadt Exp $ */ +/* $OpenBSD: sandbox-rlimit.c,v 1.5 2020/10/18 11:32:01 djm Exp $ */ /* * Copyright (c) 2011 Damien Miller <djm@mindrot.org> * @@ -45,7 +45,7 @@ ssh_sandbox_init(void) * Strictly, we don't need to maintain any state here but we need * to return non-NULL to satisfy the API. */ - debug3("%s: preparing rlimit sandbox", __func__); + debug3_f("preparing rlimit sandbox"); box = xcalloc(1, sizeof(*box)); box->child_pid = 0; @@ -60,21 +60,21 @@ ssh_sandbox_child(struct ssh_sandbox *box) rl_zero.rlim_cur = rl_zero.rlim_max = 0; if (setrlimit(RLIMIT_FSIZE, &rl_zero) == -1) - fatal("%s: setrlimit(RLIMIT_FSIZE, { 0, 0 }): %s", - __func__, strerror(errno)); + fatal_f("setrlimit(RLIMIT_FSIZE, { 0, 0 }): %s", + strerror(errno)); if (setrlimit(RLIMIT_NOFILE, &rl_zero) == -1) - fatal("%s: setrlimit(RLIMIT_NOFILE, { 0, 0 }): %s", - __func__, strerror(errno)); + fatal_f("setrlimit(RLIMIT_NOFILE, { 0, 0 }): %s", + strerror(errno)); if (setrlimit(RLIMIT_NPROC, &rl_zero) == -1) - fatal("%s: setrlimit(RLIMIT_NPROC, { 0, 0 }): %s", - __func__, strerror(errno)); + fatal_f("setrlimit(RLIMIT_NPROC, { 0, 0 }): %s", + strerror(errno)); } void ssh_sandbox_parent_finish(struct ssh_sandbox *box) { free(box); - debug3("%s: finished", __func__); + debug3_f("finished"); } void diff --git a/usr.bin/ssh/scp.c b/usr.bin/ssh/scp.c index 5a8caff0d36..e9210925268 100644 --- a/usr.bin/ssh/scp.c +++ b/usr.bin/ssh/scp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: scp.c,v 1.212 2020/08/03 02:43:41 djm Exp $ */ +/* $OpenBSD: scp.c,v 1.213 2020/10/18 11:32:01 djm Exp $ */ /* * scp - secure remote copy. This is basically patched BSD rcp which * uses ssh to do the data transfer (instead of using rcmd). @@ -821,7 +821,7 @@ brace_expand(const char *pattern, char ***patternsp, size_t *npatternsp) goto fail; } if (invalid) - fatal("%s: invalid brace pattern \"%s\"", __func__, cp); + fatal_f("invalid brace pattern \"%s\"", cp); if (expanded) { /* * Current entry expanded to new entries on the @@ -1252,7 +1252,7 @@ sink(int argc, char **argv, const char *src) * the requested destination file glob. */ if (brace_expand(src, &patterns, &npatterns) != 0) - fatal("%s: could not expand pattern", __func__); + fatal_f("could not expand pattern"); } for (first = 1;; first = 0) { cp = buf; diff --git a/usr.bin/ssh/servconf.c b/usr.bin/ssh/servconf.c index 4b31d80070a..85629048945 100644 --- a/usr.bin/ssh/servconf.c +++ b/usr.bin/ssh/servconf.c @@ -1,5 +1,5 @@ -/* $OpenBSD: servconf.c,v 1.370 2020/10/16 13:26:13 djm Exp $ */ +/* $OpenBSD: servconf.c,v 1.371 2020/10/18 11:32:02 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved @@ -205,7 +205,7 @@ assemble_algorithms(ServerOptions *o) #define ASSEMBLE(what, defaults, all) \ do { \ if ((r = kex_assemble_names(&o->what, defaults, all)) != 0) \ - fatal("%s: %s: %s", __func__, #what, ssh_err(r)); \ + fatal_fr(r, "%s", #what); \ } while (0) ASSEMBLE(ciphers, def_cipher, all_cipher); ASSEMBLE(macs, def_mac, all_mac); @@ -706,7 +706,7 @@ derelativise_path(const char *path) if (path_absolute(expanded)) return expanded; if (getcwd(cwd, sizeof(cwd)) == NULL) - fatal("%s: getcwd: %s", __func__, strerror(errno)); + fatal_f("getcwd: %s", strerror(errno)); xasprintf(&ret, "%s/%s", cwd, expanded); free(expanded); return ret; @@ -749,7 +749,7 @@ add_one_listen_addr(ServerOptions *options, const char *addr, if (i >= options->num_listen_addrs) { /* No entry for this rdomain; allocate one */ if (i >= INT_MAX) - fatal("%s: too many listen addresses", __func__); + fatal_f("too many listen addresses"); options->listen_addrs = xrecallocarray(options->listen_addrs, options->num_listen_addrs, options->num_listen_addrs + 1, sizeof(*options->listen_addrs)); @@ -879,10 +879,10 @@ process_permitopen_list(struct ssh *ssh, ServerOpCodes opcode, ch = '\0'; host = hpdelim2(&arg, &ch); if (host == NULL || ch == '/') - fatal("%s: missing host in %s", __func__, what); + fatal_f("missing host in %s", what); host = cleanhostname(host); if (arg == NULL || ((port = permitopen_port(arg)) < 0)) - fatal("%s: bad port number in %s", __func__, what); + fatal_f("bad port number in %s", what); /* Send it to channels layer */ channel_add_permission(ssh, FORWARD_ADM, where, host, port); @@ -1993,17 +1993,15 @@ process_server_config_line_depth(ServerOptions *options, char *line, item, entry); } if (gbuf.gl_pathc > INT_MAX) - fatal("%s: too many glob results", __func__); + fatal_f("too many glob results"); for (n = 0; n < (int)gbuf.gl_pathc; n++) { debug2("%s line %d: including %s", filename, linenum, gbuf.gl_pathv[n]); item = xcalloc(1, sizeof(*item)); item->selector = strdup(arg); item->filename = strdup(gbuf.gl_pathv[n]); - if ((item->contents = sshbuf_new()) == NULL) { - fatal("%s: sshbuf_new failed", - __func__); - } + if ((item->contents = sshbuf_new()) == NULL) + fatal_f("sshbuf_new failed"); load_server_config(item->filename, item->contents); parse_server_config_depth(options, @@ -2353,7 +2351,7 @@ load_server_config(const char *filename, struct sshbuf *conf) FILE *f; int r, lineno = 0; - debug2("%s: filename %s", __func__, filename); + debug2_f("filename %s", filename); if ((f = fopen(filename, "r")) == NULL) { perror(filename); exit(1); @@ -2362,7 +2360,7 @@ load_server_config(const char *filename, struct sshbuf *conf) /* grow buffer, so realloc is avoided for large config files */ if (fstat(fileno(f), &st) == 0 && st.st_size > 0 && (r = sshbuf_allocate(conf, st.st_size)) != 0) - fatal("%s: allocate failed: %s", __func__, ssh_err(r)); + fatal_fr(r, "allocate"); while (getline(&line, &linesize, f) != -1) { lineno++; /* @@ -2374,13 +2372,13 @@ load_server_config(const char *filename, struct sshbuf *conf) memcpy(cp, "\n", 2); cp = line + strspn(line, " \t\r"); if ((r = sshbuf_put(conf, cp, strlen(cp))) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "sshbuf_put"); } free(line); if ((r = sshbuf_put_u8(conf, 0)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "sshbuf_put_u8"); fclose(f); - debug2("%s: done config len = %zu", __func__, sshbuf_len(conf)); + debug2_f("done config len = %zu", sshbuf_len(conf)); } void @@ -2548,11 +2546,11 @@ parse_server_config_depth(ServerOptions *options, const char *filename, if (depth < 0 || depth > SERVCONF_MAX_DEPTH) fatal("Too many recursive configuration includes"); - debug2("%s: config %s len %zu%s", __func__, filename, sshbuf_len(conf), + debug2_f("config %s len %zu%s", filename, sshbuf_len(conf), (flags & SSHCFG_NEVERMATCH ? " [checking syntax only]" : "")); if ((obuf = cbuf = sshbuf_dup_string(conf)) == NULL) - fatal("%s: sshbuf_dup_string failed", __func__); + fatal_f("sshbuf_dup_string failed"); linenum = 1; while ((cp = strsep(&cbuf, "\n")) != NULL) { if (process_server_config_line_depth(options, cp, diff --git a/usr.bin/ssh/serverloop.c b/usr.bin/ssh/serverloop.c index ed83bfcd03d..879bd07e788 100644 --- a/usr.bin/ssh/serverloop.c +++ b/usr.bin/ssh/serverloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: serverloop.c,v 1.223 2020/07/03 06:29:57 djm Exp $ */ +/* $OpenBSD: serverloop.c,v 1.224 2020/10/18 11:32:02 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -153,7 +153,7 @@ notify_done(fd_set *readset) if (notify_pipe[0] != -1 && FD_ISSET(notify_pipe[0], readset)) while (read(notify_pipe[0], &c, 1) != -1) - debug2("%s: reading", __func__); + debug2_f("reading"); } /*ARGSUSED*/ @@ -197,13 +197,13 @@ client_alive_check(struct ssh *ssh) (r = sshpkt_put_cstring(ssh, "keepalive@openssh.com")) != 0 || (r = sshpkt_put_u8(ssh, 1)) != 0) /* boolean: want reply */ - fatal("%s: %s", __func__, ssh_err(r)); + fatal_fr(r, "compose"); } else { channel_request_start(ssh, channel_id, "keepalive@openssh.com", 1); } if ((r = sshpkt_send(ssh)) != 0) - fatal("%s: %s", __func__, ssh_err(r)); + fatal_fr(r, "send"); } /* @@ -328,20 +328,16 @@ process_input(struct ssh *ssh, fd_set *readset, int connection_in) ssh_remote_ipaddr(ssh), ssh_remote_port(ssh)); return -1; } else if (len == -1) { - if (errno != EINTR && errno != EAGAIN) { - verbose("Read error from remote host " - "%.100s port %d: %.100s", - ssh_remote_ipaddr(ssh), - ssh_remote_port(ssh), strerror(errno)); - cleanup_exit(255); - } - } else { - /* Buffer any received data. */ - if ((r = ssh_packet_process_incoming(ssh, buf, len)) - != 0) - fatal("%s: ssh_packet_process_incoming: %s", - __func__, ssh_err(r)); + if (errno == EINTR || errno == EAGAIN) + return 0; + verbose("Read error from remote host %s port %d: %s", + ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), + strerror(errno)); + cleanup_exit(255); } + /* Buffer any received data. */ + if ((r = ssh_packet_process_incoming(ssh, buf, len)) != 0) + fatal_fr(r, "ssh_packet_process_incoming"); } return 0; } @@ -489,17 +485,17 @@ server_request_direct_tcpip(struct ssh *ssh, int *reason, const char **errmsg) (r = sshpkt_get_end(ssh)) != 0) sshpkt_fatal(ssh, r, "%s: parse packet", __func__); if (target_port > 0xFFFF) { - error("%s: invalid target port", __func__); + error_f("invalid target port"); *reason = SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED; goto out; } if (originator_port > 0xFFFF) { - error("%s: invalid originator port", __func__); + error_f("invalid originator port"); *reason = SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED; goto out; } - debug("%s: originator %s port %u, target %s port %u", __func__, + debug_f("originator %s port %u, target %s port %u", originator, originator_port, target, target_port); /* XXX fine grained permissions */ @@ -532,7 +528,7 @@ server_request_direct_streamlocal(struct ssh *ssh) int r; if (pw == NULL || !the_authctxt->valid) - fatal("%s: no/invalid user", __func__); + fatal_f("no/invalid user"); if ((r = sshpkt_get_cstring(ssh, &target, NULL)) != 0 || (r = sshpkt_get_cstring(ssh, &originator, NULL)) != 0 || @@ -540,11 +536,11 @@ server_request_direct_streamlocal(struct ssh *ssh) (r = sshpkt_get_end(ssh)) != 0) sshpkt_fatal(ssh, r, "%s: parse packet", __func__); if (originator_port > 0xFFFF) { - error("%s: invalid originator port", __func__); + error_f("invalid originator port"); goto out; } - debug("%s: originator %s port %d, target %s", __func__, + debug_f("originator %s port %d, target %s", originator, originator_port, target); /* XXX fine grained permissions */ @@ -592,7 +588,7 @@ server_request_tun(struct ssh *ssh) if ((r = sshpkt_get_u32(ssh, &tun)) != 0) sshpkt_fatal(ssh, r, "%s: parse device", __func__); if (tun > INT_MAX) { - debug("%s: invalid tun", __func__); + debug_f("invalid tun"); goto done; } if (auth_opts->force_tun_device != -1) { @@ -676,7 +672,7 @@ server_input_channel_open(int type, u_int32_t seq, struct ssh *ssh) (r = sshpkt_get_u32(ssh, &rwindow)) != 0 || (r = sshpkt_get_u32(ssh, &rmaxpack)) != 0) sshpkt_fatal(ssh, r, "%s: parse packet", __func__); - debug("%s: ctype %s rchan %u win %u max %u", __func__, + debug_f("ctype %s rchan %u win %u max %u", ctype, rchan, rwindow, rmaxpack); if (strcmp(ctype, "session") == 0) { @@ -689,7 +685,7 @@ server_input_channel_open(int type, u_int32_t seq, struct ssh *ssh) c = server_request_tun(ssh); } if (c != NULL) { - debug("%s: confirm %s", __func__, ctype); + debug_f("confirm %s", ctype); c->remote_id = rchan; c->have_remote_id = 1; c->remote_window = rwindow; @@ -706,7 +702,7 @@ server_input_channel_open(int type, u_int32_t seq, struct ssh *ssh) } } } else { - debug("%s: failure %s", __func__, ctype); + debug_f("failure %s", ctype); if ((r = sshpkt_start(ssh, SSH2_MSG_CHANNEL_OPEN_FAILURE)) != 0 || (r = sshpkt_put_u32(ssh, rchan)) != 0 || (r = sshpkt_put_u32(ssh, reason)) != 0 || @@ -733,7 +729,7 @@ server_input_hostkeys_prove(struct ssh *ssh, struct sshbuf **respp) size_t blen, slen; if ((resp = sshbuf_new()) == NULL || (sigbuf = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new", __func__); + fatal_f("sshbuf_new"); kexsigtype = sshkey_type_plain( sshkey_type_from_name(ssh->kex->hostkey_alg)); @@ -742,8 +738,7 @@ server_input_hostkeys_prove(struct ssh *ssh, struct sshbuf **respp) key = NULL; if ((r = sshpkt_get_string_direct(ssh, &blob, &blen)) != 0 || (r = sshkey_from_blob(blob, blen, &key)) != 0) { - error("%s: couldn't parse key: %s", - __func__, ssh_err(r)); + error_fr(r, "parse key"); goto out; } /* @@ -751,8 +746,7 @@ server_input_hostkeys_prove(struct ssh *ssh, struct sshbuf **respp) * before attempting to sign anything with it. */ if ((ndx = ssh->kex->host_key_index(key, 1, ssh)) == -1) { - error("%s: unknown host %s key", - __func__, sshkey_type(key)); + error_f("unknown host %s key", sshkey_type(key)); goto out; } /* @@ -761,7 +755,7 @@ server_input_hostkeys_prove(struct ssh *ssh, struct sshbuf **respp) */ if ((key_prv = get_hostkey_by_index(ndx)) == NULL && (key_pub = get_hostkey_public_by_index(ndx, ssh)) == NULL) { - error("%s: can't retrieve hostkey %d", __func__, ndx); + error_f("can't retrieve hostkey %d", ndx); goto out; } sshbuf_reset(sigbuf); @@ -782,8 +776,7 @@ server_input_hostkeys_prove(struct ssh *ssh, struct sshbuf **respp) sshbuf_ptr(sigbuf), sshbuf_len(sigbuf), use_kexsigtype ? ssh->kex->hostkey_alg : NULL)) != 0 || (r = sshbuf_put_string(resp, sig, slen)) != 0) { - error("%s: couldn't prepare signature: %s", - __func__, ssh_err(r)); + error_fr(r, "assemble signature"); goto out; } } @@ -812,19 +805,19 @@ server_input_global_request(int type, u_int32_t seq, struct ssh *ssh) memset(&fwd, 0, sizeof(fwd)); if (pw == NULL || !the_authctxt->valid) - fatal("%s: no/invalid user", __func__); + fatal_f("no/invalid user"); if ((r = sshpkt_get_cstring(ssh, &rtype, NULL)) != 0 || (r = sshpkt_get_u8(ssh, &want_reply)) != 0) sshpkt_fatal(ssh, r, "%s: parse packet", __func__); - debug("%s: rtype %s want_reply %d", __func__, rtype, want_reply); + debug_f("rtype %s want_reply %d", rtype, want_reply); /* -R style forwarding */ if (strcmp(rtype, "tcpip-forward") == 0) { if ((r = sshpkt_get_cstring(ssh, &fwd.listen_host, NULL)) != 0 || (r = sshpkt_get_u32(ssh, &port)) != 0) sshpkt_fatal(ssh, r, "%s: parse tcpip-forward", __func__); - debug("%s: tcpip-forward listen %s port %u", __func__, + debug_f("tcpip-forward listen %s port %u", fwd.listen_host, port); if (port <= INT_MAX) fwd.listen_port = (int)port; @@ -844,16 +837,16 @@ server_input_global_request(int type, u_int32_t seq, struct ssh *ssh) &allocated_listen_port, &options.fwd_opts); } if ((resp = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new", __func__); + fatal_f("sshbuf_new"); if (allocated_listen_port != 0 && (r = sshbuf_put_u32(resp, allocated_listen_port)) != 0) - fatal("%s: sshbuf_put_u32: %s", __func__, ssh_err(r)); + fatal_fr(r, "sshbuf_put_u32"); } else if (strcmp(rtype, "cancel-tcpip-forward") == 0) { if ((r = sshpkt_get_cstring(ssh, &fwd.listen_host, NULL)) != 0 || (r = sshpkt_get_u32(ssh, &port)) != 0) sshpkt_fatal(ssh, r, "%s: parse cancel-tcpip-forward", __func__); - debug("%s: cancel-tcpip-forward addr %s port %d", __func__, + debug_f("cancel-tcpip-forward addr %s port %d", fwd.listen_host, port); if (port <= INT_MAX) { fwd.listen_port = (int)port; @@ -862,7 +855,7 @@ server_input_global_request(int type, u_int32_t seq, struct ssh *ssh) } else if (strcmp(rtype, "streamlocal-forward@openssh.com") == 0) { if ((r = sshpkt_get_cstring(ssh, &fwd.listen_path, NULL)) != 0) sshpkt_fatal(ssh, r, "%s: parse streamlocal-forward@openssh.com", __func__); - debug("%s: streamlocal-forward listen path %s", __func__, + debug_f("streamlocal-forward listen path %s", fwd.listen_path); /* check permissions */ @@ -881,7 +874,7 @@ server_input_global_request(int type, u_int32_t seq, struct ssh *ssh) } else if (strcmp(rtype, "cancel-streamlocal-forward@openssh.com") == 0) { if ((r = sshpkt_get_cstring(ssh, &fwd.listen_path, NULL)) != 0) sshpkt_fatal(ssh, r, "%s: parse cancel-streamlocal-forward@openssh.com", __func__); - debug("%s: cancel-streamlocal-forward path %s", __func__, + debug_f("cancel-streamlocal-forward path %s", fwd.listen_path); success = channel_cancel_rport_listener(ssh, &fwd); @@ -937,8 +930,7 @@ server_input_channel_req(int type, u_int32_t seq, struct ssh *ssh) success = session_input_channel_req(ssh, c, rtype); if (want_reply && !(c->flags & CHAN_CLOSE_SENT)) { if (!c->have_remote_id) - fatal("%s: channel %d: no remote_id", - __func__, c->self); + fatal_f("channel %d: no remote_id", c->self); if ((r = sshpkt_start(ssh, success ? SSH2_MSG_CHANNEL_SUCCESS : SSH2_MSG_CHANNEL_FAILURE)) != 0 || (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 || diff --git a/usr.bin/ssh/session.c b/usr.bin/ssh/session.c index b910d18ab25..cd75af193de 100644 --- a/usr.bin/ssh/session.c +++ b/usr.bin/ssh/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.324 2020/07/07 02:47:21 deraadt Exp $ */ +/* $OpenBSD: session.c,v 1.325 2020/10/18 11:32:02 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved @@ -239,7 +239,7 @@ display_loginmsg(void) if (sshbuf_len(loginmsg) == 0) return; if ((r = sshbuf_put_u8(loginmsg, 0)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "sshbuf_put_u8"); printf("%s", (char *)sshbuf_ptr(loginmsg)); sshbuf_reset(loginmsg); } @@ -255,16 +255,16 @@ prepare_auth_info_file(struct passwd *pw, struct sshbuf *info) temporarily_use_uid(pw); auth_info_file = xstrdup("/tmp/sshauth.XXXXXXXXXXXXXXX"); if ((fd = mkstemp(auth_info_file)) == -1) { - error("%s: mkstemp: %s", __func__, strerror(errno)); + error_f("mkstemp: %s", strerror(errno)); goto out; } if (atomicio(vwrite, fd, sshbuf_mutable_ptr(info), sshbuf_len(info)) != sshbuf_len(info)) { - error("%s: write: %s", __func__, strerror(errno)); + error_f("write: %s", strerror(errno)); goto out; } if (close(fd) != 0) { - error("%s: close: %s", __func__, strerror(errno)); + error_f("close: %s", strerror(errno)); goto out; } success = 1; @@ -291,11 +291,10 @@ set_fwdpermit_from_authopts(struct ssh *ssh, const struct sshauthopt *opts) tmp = cp = xstrdup(auth_opts->permitopen[i]); /* This shouldn't fail as it has already been checked */ if ((host = hpdelim(&cp)) == NULL) - fatal("%s: internal error: hpdelim", __func__); + fatal_f("internal error: hpdelim"); host = cleanhostname(host); if (cp == NULL || (port = permitopen_port(cp)) < 0) - fatal("%s: internal error: permitopen port", - __func__); + fatal_f("internal error: permitopen port"); channel_add_permission(ssh, FORWARD_USER, FORWARD_LOCAL, host, port); free(tmp); @@ -307,11 +306,10 @@ set_fwdpermit_from_authopts(struct ssh *ssh, const struct sshauthopt *opts) tmp = cp = xstrdup(auth_opts->permitlisten[i]); /* This shouldn't fail as it has already been checked */ if ((host = hpdelim(&cp)) == NULL) - fatal("%s: internal error: hpdelim", __func__); + fatal_f("internal error: hpdelim"); host = cleanhostname(host); if (cp == NULL || (port = permitopen_port(cp)) < 0) - fatal("%s: internal error: permitlisten port", - __func__); + fatal_f("internal error: permitlisten port"); channel_add_permission(ssh, FORWARD_USER, FORWARD_REMOTE, host, port); free(tmp); @@ -386,18 +384,17 @@ do_exec_no_pty(struct ssh *ssh, Session *s, const char *command) /* Allocate pipes for communicating with the program. */ if (pipe(pin) == -1) { - error("%s: pipe in: %.100s", __func__, strerror(errno)); + error_f("pipe in: %.100s", strerror(errno)); return -1; } if (pipe(pout) == -1) { - error("%s: pipe out: %.100s", __func__, strerror(errno)); + error_f("pipe out: %.100s", strerror(errno)); close(pin[0]); close(pin[1]); return -1; } if (pipe(perr) == -1) { - error("%s: pipe err: %.100s", __func__, - strerror(errno)); + error_f("pipe err: %.100s", strerror(errno)); close(pin[0]); close(pin[1]); close(pout[0]); @@ -412,12 +409,11 @@ do_exec_no_pty(struct ssh *ssh, Session *s, const char *command) /* Uses socket pairs to communicate with the program. */ if (socketpair(AF_UNIX, SOCK_STREAM, 0, inout) == -1) { - error("%s: socketpair #1: %.100s", __func__, strerror(errno)); + error_f("socketpair #1: %.100s", strerror(errno)); return -1; } if (socketpair(AF_UNIX, SOCK_STREAM, 0, err) == -1) { - error("%s: socketpair #2: %.100s", __func__, - strerror(errno)); + error_f("socketpair #2: %.100s", strerror(errno)); close(inout[0]); close(inout[1]); return -1; @@ -429,7 +425,7 @@ do_exec_no_pty(struct ssh *ssh, Session *s, const char *command) /* Fork the child. */ switch ((pid = fork())) { case -1: - error("%s: fork: %.100s", __func__, strerror(errno)); + error_f("fork: %.100s", strerror(errno)); #ifdef USE_PIPES close(pin[0]); close(pin[1]); @@ -553,14 +549,14 @@ do_exec_pty(struct ssh *ssh, Session *s, const char *command) * detect and gracefully fail out-of-fd conditions. */ if ((fdout = dup(ptyfd)) == -1) { - error("%s: dup #1: %s", __func__, strerror(errno)); + error_f("dup #1: %s", strerror(errno)); close(ttyfd); close(ptyfd); return -1; } /* we keep a reference to the pty master */ if ((ptymaster = dup(ptyfd)) == -1) { - error("%s: dup #2: %s", __func__, strerror(errno)); + error_f("dup #2: %s", strerror(errno)); close(ttyfd); close(ptyfd); close(fdout); @@ -570,7 +566,7 @@ do_exec_pty(struct ssh *ssh, Session *s, const char *command) /* Fork the child. */ switch ((pid = fork())) { case -1: - error("%s: fork: %.100s", __func__, strerror(errno)); + error_f("fork: %.100s", strerror(errno)); close(fdout); close(ptymaster); close(ttyfd); @@ -980,7 +976,7 @@ do_rc_files(struct ssh *ssh, Session *s, const char *shell) stat(user_rc, &st) >= 0) { if (xasprintf(&cmd, "%s -c '%s %s'", shell, _PATH_BSHELL, user_rc) == -1) - fatal("%s: xasprintf: %s", __func__, strerror(errno)); + fatal_f("xasprintf: %s", strerror(errno)); if (debug_flag) fprintf(stderr, "Running %s\n", cmd); f = popen(cmd, "w"); @@ -1017,7 +1013,7 @@ do_rc_files(struct ssh *ssh, Session *s, const char *shell) s->auth_proto, s->auth_data); } if (xasprintf(&cmd, "%s -q -", options.xauth_location) == -1) - fatal("%s: xasprintf: %s", __func__, strerror(errno)); + fatal_f("xasprintf: %s", strerror(errno)); f = popen(cmd, "w"); if (f) { fprintf(f, "remove %s\n", @@ -1091,10 +1087,10 @@ safely_chroot(const char *path, uid_t uid) component[cp - path] = '\0'; } - debug3("%s: checking '%s'", __func__, component); + debug3_f("checking '%s'", component); if (stat(component, &st) != 0) - fatal("%s: stat(\"%s\"): %s", __func__, + fatal_f("stat(\"%s\"): %s", component, strerror(errno)); if (st.st_uid != 0 || (st.st_mode & 022) != 0) fatal("bad ownership or modes for chroot " @@ -1112,8 +1108,7 @@ safely_chroot(const char *path, uid_t uid) if (chroot(path) == -1) fatal("chroot(\"%s\"): %s", path, strerror(errno)); if (chdir("/") == -1) - fatal("%s: chdir(/) after chroot: %s", - __func__, strerror(errno)); + fatal_f("chdir(/) after chroot: %s", strerror(errno)); verbose("Changed root directory to \"%s\"", path); } @@ -1405,11 +1400,11 @@ do_child(struct ssh *ssh, Session *s, const char *command) void session_unused(int id) { - debug3("%s: session id %d unused", __func__, id); + debug3_f("session id %d unused", id); if (id >= options.max_sessions || id >= sessions_nalloc) { - fatal("%s: insane session id %d (max %d nalloc %d)", - __func__, id, options.max_sessions, sessions_nalloc); + fatal_f("insane session id %d (max %d nalloc %d)", + id, options.max_sessions, sessions_nalloc); } memset(&sessions[id], 0, sizeof(*sessions)); sessions[id].self = id; @@ -1431,13 +1426,13 @@ session_new(void) if (sessions_first_unused == -1) { if (sessions_nalloc >= options.max_sessions) return NULL; - debug2("%s: allocate (allocated %d max %d)", - __func__, sessions_nalloc, options.max_sessions); + debug2_f("allocate (allocated %d max %d)", + sessions_nalloc, options.max_sessions); tmp = xrecallocarray(sessions, sessions_nalloc, sessions_nalloc + 1, sizeof(*sessions)); if (tmp == NULL) { - error("%s: cannot allocate %d sessions", - __func__, sessions_nalloc + 1); + error_f("cannot allocate %d sessions", + sessions_nalloc + 1); return NULL; } sessions = tmp; @@ -1446,16 +1441,14 @@ session_new(void) if (sessions_first_unused >= sessions_nalloc || sessions_first_unused < 0) { - fatal("%s: insane first_unused %d max %d nalloc %d", - __func__, sessions_first_unused, options.max_sessions, + fatal_f("insane first_unused %d max %d nalloc %d", + sessions_first_unused, options.max_sessions, sessions_nalloc); } s = &sessions[sessions_first_unused]; - if (s->used) { - fatal("%s: session %d already used", - __func__, sessions_first_unused); - } + if (s->used) + fatal_f("session %d already used", sessions_first_unused); sessions_first_unused = s->next_unused; s->used = 1; s->next_unused = -1; @@ -1823,35 +1816,33 @@ session_signal_req(struct ssh *ssh, Session *s) if ((r = sshpkt_get_cstring(ssh, &signame, NULL)) != 0 || (r = sshpkt_get_end(ssh)) != 0) { - error("%s: parse packet: %s", __func__, ssh_err(r)); + error_fr(r, "parse"); goto out; } if ((sig = name2sig(signame)) == -1) { - error("%s: unsupported signal \"%s\"", __func__, signame); + error_f("unsupported signal \"%s\"", signame); goto out; } if (s->pid <= 0) { - error("%s: no pid for session %d", __func__, s->self); + error_f("no pid for session %d", s->self); goto out; } if (s->forced || s->is_subsystem) { - error("%s: refusing to send signal %s to %s session", __func__, + error_f("refusing to send signal %s to %s session", signame, s->forced ? "forced-command" : "subsystem"); goto out; } if (!use_privsep || mm_is_monitor()) { - error("%s: session signalling requires privilege separation", - __func__); + error_f("session signalling requires privilege separation"); goto out; } - debug("%s: signal %s, killpg(%ld, %d)", __func__, signame, - (long)s->pid, sig); + debug_f("signal %s, killpg(%ld, %d)", signame, (long)s->pid, sig); temporarily_use_uid(s->pw); r = killpg(s->pid, sig); restore_uid(); if (r != 0) { - error("%s: killpg(%ld, %d): %s", __func__, (long)s->pid, + error_f("killpg(%ld, %d): %s", (long)s->pid, sig, strerror(errno)); goto out; } @@ -1873,7 +1864,7 @@ session_auth_agent_req(struct ssh *ssh, Session *s) sshpkt_fatal(ssh, r, "%s: parse packet", __func__); if (!auth_opts->permit_agent_forwarding_flag || !options.allow_agent_forwarding) { - debug("%s: agent forwarding disabled", __func__); + debug_f("agent forwarding disabled"); return 0; } if (called) { @@ -1891,10 +1882,10 @@ session_input_channel_req(struct ssh *ssh, Channel *c, const char *rtype) Session *s; if ((s = session_by_channel(c->self)) == NULL) { - logit("%s: no session %d req %.100s", __func__, c->self, rtype); + logit_f("no session %d req %.100s", c->self, rtype); return 0; } - debug("%s: session %d req %s", __func__, s->self, rtype); + debug_f("session %d req %s", s->self, rtype); /* * a session is in LARVAL state until a shell, a command @@ -1952,13 +1943,13 @@ void session_pty_cleanup2(Session *s) { if (s == NULL) { - error("%s: no session", __func__); + error_f("no session"); return; } if (s->ttyfd == -1) return; - debug("%s: session %d release %s", __func__, s->self, s->tty); + debug_f("session %d release %s", s->self, s->tty); /* Record that the user has logged out. */ if (s->pid != 0) @@ -2014,10 +2005,10 @@ session_close_x11(struct ssh *ssh, int id) Channel *c; if ((c = channel_by_id(ssh, id)) == NULL) { - debug("%s: x11 channel %d missing", __func__, id); + debug_f("x11 channel %d missing", id); } else { /* Detach X11 listener */ - debug("%s: detach x11 channel %d", __func__, id); + debug_f("detach x11 channel %d", id); channel_cancel_cleanup(ssh, id); if (c->ostate != CHAN_OUTPUT_CLOSED) chan_mark_dead(ssh, c); @@ -2030,13 +2021,13 @@ session_close_single_x11(struct ssh *ssh, int id, void *arg) Session *s; u_int i; - debug3("%s: channel %d", __func__, id); + debug3_f("channel %d", id); channel_cancel_cleanup(ssh, id); if ((s = session_by_x11_channel(id)) == NULL) - fatal("%s: no x11 channel %d", __func__, id); + fatal_f("no x11 channel %d", id); for (i = 0; s->x11_chanids[i] != -1; i++) { - debug("%s: session %d: closing channel %d", - __func__, s->self, s->x11_chanids[i]); + debug_f("session %d: closing channel %d", + s->self, s->x11_chanids[i]); /* * The channel "id" is already closing, but make sure we * close all of its siblings. @@ -2063,10 +2054,9 @@ session_exit_message(struct ssh *ssh, Session *s, int status) int r; if ((c = channel_lookup(ssh, s->chanid)) == NULL) - fatal("%s: session %d: no channel %d", - __func__, s->self, s->chanid); - debug("%s: session %d channel %d pid %ld", - __func__, s->self, s->chanid, (long)s->pid); + fatal_f("session %d: no channel %d", s->self, s->chanid); + debug_f("session %d channel %d pid %ld", + s->self, s->chanid, (long)s->pid); if (WIFEXITED(status)) { channel_request_start(ssh, s->chanid, "exit-status", 0); @@ -2087,7 +2077,7 @@ session_exit_message(struct ssh *ssh, Session *s, int status) } /* disconnect channel */ - debug("%s: release channel %d", __func__, s->chanid); + debug_f("release channel %d", s->chanid); /* * Adjust cleanup callback attachment to send close messages when @@ -2142,7 +2132,7 @@ session_close_by_pid(struct ssh *ssh, pid_t pid, int status) { Session *s = session_by_pid(pid); if (s == NULL) { - debug("%s: no session for pid %ld", __func__, (long)pid); + debug_f("no session for pid %ld", (long)pid); return; } if (s->chanid != -1) @@ -2163,13 +2153,12 @@ session_close_by_channel(struct ssh *ssh, int id, void *arg) u_int i; if (s == NULL) { - debug("%s: no session for id %d", __func__, id); + debug_f("no session for id %d", id); return; } - debug("%s: channel %d child %ld", __func__, id, (long)s->pid); + debug_f("channel %d child %ld", id, (long)s->pid); if (s->pid != 0) { - debug("%s: channel %d: has child, ttyfd %d", - __func__, id, s->ttyfd); + debug_f("channel %d: has child, ttyfd %d", id, s->ttyfd); /* * delay detach of session, but release pty, since * the fd's to the child are already closed diff --git a/usr.bin/ssh/sftp-client.c b/usr.bin/ssh/sftp-client.c index 5a19ac14394..7a068da917e 100644 --- a/usr.bin/ssh/sftp-client.c +++ b/usr.bin/ssh/sftp-client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-client.c,v 1.136 2020/05/15 03:57:33 djm Exp $ */ +/* $OpenBSD: sftp-client.c,v 1.137 2020/10/18 11:32:02 djm Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org> * @@ -126,7 +126,7 @@ get_msg_extended(struct sftp_conn *conn, struct sshbuf *m, int initial) int r; if ((r = sshbuf_reserve(m, 4, &p)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "reserve"); if (atomicio6(read, conn->fd_in, p, 4, sftpio, conn->limit_kbps > 0 ? &conn->bwlimit_in : NULL) != 4) { if (errno == EPIPE || errno == ECONNRESET) @@ -136,7 +136,7 @@ get_msg_extended(struct sftp_conn *conn, struct sshbuf *m, int initial) } if ((r = sshbuf_get_u32(m, &msg_len)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "sshbuf_get_u32"); if (msg_len > SFTP_MAX_MSG_LENGTH) { do_log2(initial ? SYSLOG_LEVEL_ERROR : SYSLOG_LEVEL_FATAL, "Received message too long %u", msg_len); @@ -145,7 +145,7 @@ get_msg_extended(struct sftp_conn *conn, struct sshbuf *m, int initial) } if ((r = sshbuf_reserve(m, msg_len, &p)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "reserve"); if (atomicio6(read, conn->fd_in, p, msg_len, sftpio, conn->limit_kbps > 0 ? &conn->bwlimit_in : NULL) != msg_len) { @@ -170,11 +170,11 @@ send_string_request(struct sftp_conn *conn, u_int id, u_int code, const char *s, int r; if ((msg = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); if ((r = sshbuf_put_u8(msg, code)) != 0 || (r = sshbuf_put_u32(msg, id)) != 0 || (r = sshbuf_put_string(msg, s, len)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "compose"); send_msg(conn, msg); debug3("Sent message fd %d T:%u I:%u", conn->fd_out, code, id); sshbuf_free(msg); @@ -188,12 +188,12 @@ send_string_attrs_request(struct sftp_conn *conn, u_int id, u_int code, int r; if ((msg = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); if ((r = sshbuf_put_u8(msg, code)) != 0 || (r = sshbuf_put_u32(msg, id)) != 0 || (r = sshbuf_put_string(msg, s, len)) != 0 || (r = encode_attrib(msg, a)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "compose"); send_msg(conn, msg); debug3("Sent message fd %d T:%u I:%u", conn->fd_out, code, id); sshbuf_free(msg); @@ -208,11 +208,11 @@ get_status(struct sftp_conn *conn, u_int expected_id) int r; if ((msg = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); get_msg(conn, msg); if ((r = sshbuf_get_u8(msg, &type)) != 0 || (r = sshbuf_get_u32(msg, &id)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "compose"); if (id != expected_id) fatal("ID mismatch (%u != %u)", id, expected_id); @@ -221,7 +221,7 @@ get_status(struct sftp_conn *conn, u_int expected_id) SSH2_FXP_STATUS, type); if ((r = sshbuf_get_u32(msg, &status)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse"); sshbuf_free(msg); debug3("SSH2_FXP_STATUS %u", status); @@ -247,18 +247,18 @@ get_handle(struct sftp_conn *conn, u_int expected_id, size_t *len, va_end(args); if ((msg = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); get_msg(conn, msg); if ((r = sshbuf_get_u8(msg, &type)) != 0 || (r = sshbuf_get_u32(msg, &id)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse"); if (id != expected_id) fatal("%s: ID mismatch (%u != %u)", errfmt == NULL ? __func__ : errmsg, id, expected_id); if (type == SSH2_FXP_STATUS) { if ((r = sshbuf_get_u32(msg, &status)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse status"); if (errfmt != NULL) error("%s: %s", errmsg, fx2txt(status)); sshbuf_free(msg); @@ -268,7 +268,7 @@ get_handle(struct sftp_conn *conn, u_int expected_id, size_t *len, errfmt == NULL ? __func__ : errmsg, SSH2_FXP_HANDLE, type); if ((r = sshbuf_get_string(msg, &handle, len)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse handle"); sshbuf_free(msg); return handle; @@ -284,12 +284,12 @@ get_decode_stat(struct sftp_conn *conn, u_int expected_id, int quiet) static Attrib a; if ((msg = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); get_msg(conn, msg); if ((r = sshbuf_get_u8(msg, &type)) != 0 || (r = sshbuf_get_u32(msg, &id)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse"); debug3("Received stat reply T:%u I:%u", type, id); if (id != expected_id) @@ -298,7 +298,7 @@ get_decode_stat(struct sftp_conn *conn, u_int expected_id, int quiet) u_int status; if ((r = sshbuf_get_u32(msg, &status)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse status"); if (quiet) debug("Couldn't stat remote file: %s", fx2txt(status)); else @@ -310,7 +310,7 @@ get_decode_stat(struct sftp_conn *conn, u_int expected_id, int quiet) SSH2_FXP_ATTRS, type); } if ((r = decode_attrib(msg, &a)) != 0) { - error("%s: couldn't decode attrib: %s", __func__, ssh_err(r)); + error_fr(r, "decode_attrib"); sshbuf_free(msg); return NULL; } @@ -330,12 +330,12 @@ get_decode_statvfs(struct sftp_conn *conn, struct sftp_statvfs *st, int r; if ((msg = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); get_msg(conn, msg); if ((r = sshbuf_get_u8(msg, &type)) != 0 || (r = sshbuf_get_u32(msg, &id)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse"); debug3("Received statvfs reply T:%u I:%u", type, id); if (id != expected_id) @@ -344,7 +344,7 @@ get_decode_statvfs(struct sftp_conn *conn, struct sftp_statvfs *st, u_int status; if ((r = sshbuf_get_u32(msg, &status)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse status"); if (quiet) debug("Couldn't statvfs: %s", fx2txt(status)); else @@ -368,7 +368,7 @@ get_decode_statvfs(struct sftp_conn *conn, struct sftp_statvfs *st, (r = sshbuf_get_u64(msg, &st->f_fsid)) != 0 || (r = sshbuf_get_u64(msg, &flag)) != 0 || (r = sshbuf_get_u64(msg, &st->f_namemax)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse statvfs"); st->f_flag = (flag & SSH2_FXE_STATVFS_ST_RDONLY) ? ST_RDONLY : 0; st->f_flag |= (flag & SSH2_FXE_STATVFS_ST_NOSUID) ? ST_NOSUID : 0; @@ -397,10 +397,11 @@ do_init(int fd_in, int fd_out, u_int transfer_buflen, u_int num_requests, ret->limit_kbps = 0; if ((msg = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); if ((r = sshbuf_put_u8(msg, SSH2_FXP_INIT)) != 0 || (r = sshbuf_put_u32(msg, SSH2_FILEXFER_VERSION)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse"); + send_msg(ret, msg); sshbuf_reset(msg); @@ -409,7 +410,7 @@ do_init(int fd_in, int fd_out, u_int transfer_buflen, u_int num_requests, /* Expecting a VERSION reply */ if ((r = sshbuf_get_u8(msg, &type)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse type"); if (type != SSH2_FXP_VERSION) { error("Invalid packet back from SSH2_FXP_INIT (type %u)", type); @@ -418,7 +419,7 @@ do_init(int fd_in, int fd_out, u_int transfer_buflen, u_int num_requests, return(NULL); } if ((r = sshbuf_get_u32(msg, &ret->version)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse version"); debug2("Remote version: %u", ret->version); @@ -431,7 +432,7 @@ do_init(int fd_in, int fd_out, u_int transfer_buflen, u_int num_requests, if ((r = sshbuf_get_cstring(msg, &name, NULL)) != 0 || (r = sshbuf_get_string(msg, &value, &vlen)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse extension"); if (strcmp(name, "posix-rename@openssh.com") == 0 && strcmp((char *)value, "1") == 0) { ret->exts |= SFTP_EXT_POSIX_RENAME; @@ -498,13 +499,13 @@ do_close(struct sftp_conn *conn, const u_char *handle, u_int handle_len) int r; if ((msg = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); id = conn->msg_id++; if ((r = sshbuf_put_u8(msg, SSH2_FXP_CLOSE)) != 0 || (r = sshbuf_put_u32(msg, id)) != 0 || (r = sshbuf_put_string(msg, handle, handle_len)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse"); send_msg(conn, msg); debug3("Sent message SSH2_FXP_CLOSE I:%u", id); @@ -535,11 +536,11 @@ do_lsreaddir(struct sftp_conn *conn, const char *path, int print_flag, id = conn->msg_id++; if ((msg = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); if ((r = sshbuf_put_u8(msg, SSH2_FXP_OPENDIR)) != 0 || (r = sshbuf_put_u32(msg, id)) != 0 || (r = sshbuf_put_cstring(msg, path)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "compose OPENDIR"); send_msg(conn, msg); handle = get_handle(conn, id, &handle_len, @@ -564,7 +565,7 @@ do_lsreaddir(struct sftp_conn *conn, const char *path, int print_flag, if ((r = sshbuf_put_u8(msg, SSH2_FXP_READDIR)) != 0 || (r = sshbuf_put_u32(msg, id)) != 0 || (r = sshbuf_put_string(msg, handle, handle_len)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "compose READDIR"); send_msg(conn, msg); sshbuf_reset(msg); @@ -573,7 +574,7 @@ do_lsreaddir(struct sftp_conn *conn, const char *path, int print_flag, if ((r = sshbuf_get_u8(msg, &type)) != 0 || (r = sshbuf_get_u32(msg, &id)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse"); debug3("Received reply T:%u I:%u", type, id); @@ -584,8 +585,7 @@ do_lsreaddir(struct sftp_conn *conn, const char *path, int print_flag, u_int rstatus; if ((r = sshbuf_get_u32(msg, &rstatus)) != 0) - fatal("%s: buffer error: %s", - __func__, ssh_err(r)); + fatal_fr(r, "parse status"); debug3("Received SSH2_FXP_STATUS %d", rstatus); if (rstatus == SSH2_FX_EOF) break; @@ -596,9 +596,9 @@ do_lsreaddir(struct sftp_conn *conn, const char *path, int print_flag, SSH2_FXP_NAME, type); if ((r = sshbuf_get_u32(msg, &count)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse count"); if (count > SSHBUF_SIZE_MAX) - fatal("%s: nonsensical number of entries", __func__); + fatal_f("nonsensical number of entries"); if (count == 0) break; debug3("Received %d SSH2_FXP_NAME responses", count); @@ -610,11 +610,9 @@ do_lsreaddir(struct sftp_conn *conn, const char *path, int print_flag, NULL)) != 0 || (r = sshbuf_get_cstring(msg, &longname, NULL)) != 0) - fatal("%s: buffer error: %s", - __func__, ssh_err(r)); + fatal_fr(r, "parse filenames"); if ((r = decode_attrib(msg, &a)) != 0) { - error("%s: couldn't decode attrib: %s", - __func__, ssh_err(r)); + error_fr(r, "couldn't decode attrib"); free(filename); free(longname); goto out; @@ -829,12 +827,12 @@ do_realpath(struct sftp_conn *conn, const char *path) strlen(path)); if ((msg = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); get_msg(conn, msg); if ((r = sshbuf_get_u8(msg, &type)) != 0 || (r = sshbuf_get_u32(msg, &id)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse"); if (id != expected_id) fatal("ID mismatch (%u != %u)", id, expected_id); @@ -843,7 +841,7 @@ do_realpath(struct sftp_conn *conn, const char *path) u_int status; if ((r = sshbuf_get_u32(msg, &status)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse status"); error("Couldn't canonicalize: %s", fx2txt(status)); sshbuf_free(msg); return NULL; @@ -852,14 +850,14 @@ do_realpath(struct sftp_conn *conn, const char *path) SSH2_FXP_NAME, type); if ((r = sshbuf_get_u32(msg, &count)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse count"); if (count != 1) fatal("Got multiple names (%d) from SSH_FXP_REALPATH", count); if ((r = sshbuf_get_cstring(msg, &filename, NULL)) != 0 || (r = sshbuf_get_cstring(msg, &longname, NULL)) != 0 || (r = decode_attrib(msg, &a)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse filename/attrib"); debug3("SSH_FXP_REALPATH %s -> %s size %lu", path, filename, (unsigned long)a.size); @@ -880,7 +878,7 @@ do_rename(struct sftp_conn *conn, const char *oldpath, const char *newpath, int r, use_ext = (conn->exts & SFTP_EXT_POSIX_RENAME) && !force_legacy; if ((msg = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); /* Send rename request */ id = conn->msg_id++; @@ -889,15 +887,15 @@ do_rename(struct sftp_conn *conn, const char *oldpath, const char *newpath, (r = sshbuf_put_u32(msg, id)) != 0 || (r = sshbuf_put_cstring(msg, "posix-rename@openssh.com")) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "compose posix-rename"); } else { if ((r = sshbuf_put_u8(msg, SSH2_FXP_RENAME)) != 0 || (r = sshbuf_put_u32(msg, id)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "compose rename"); } if ((r = sshbuf_put_cstring(msg, oldpath)) != 0 || (r = sshbuf_put_cstring(msg, newpath)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "compose paths"); send_msg(conn, msg); debug3("Sent message %s \"%s\" -> \"%s\"", use_ext ? "posix-rename@openssh.com" : @@ -925,7 +923,7 @@ do_hardlink(struct sftp_conn *conn, const char *oldpath, const char *newpath) } if ((msg = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); /* Send link request */ id = conn->msg_id++; @@ -934,7 +932,7 @@ do_hardlink(struct sftp_conn *conn, const char *oldpath, const char *newpath) (r = sshbuf_put_cstring(msg, "hardlink@openssh.com")) != 0 || (r = sshbuf_put_cstring(msg, oldpath)) != 0 || (r = sshbuf_put_cstring(msg, newpath)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "compose"); send_msg(conn, msg); debug3("Sent message hardlink@openssh.com \"%s\" -> \"%s\"", oldpath, newpath); @@ -961,7 +959,7 @@ do_symlink(struct sftp_conn *conn, const char *oldpath, const char *newpath) } if ((msg = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); /* Send symlink request */ id = conn->msg_id++; @@ -969,7 +967,7 @@ do_symlink(struct sftp_conn *conn, const char *oldpath, const char *newpath) (r = sshbuf_put_u32(msg, id)) != 0 || (r = sshbuf_put_cstring(msg, oldpath)) != 0 || (r = sshbuf_put_cstring(msg, newpath)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "compose"); send_msg(conn, msg); debug3("Sent message SSH2_FXP_SYMLINK \"%s\" -> \"%s\"", oldpath, newpath); @@ -996,13 +994,13 @@ do_fsync(struct sftp_conn *conn, u_char *handle, u_int handle_len) /* Send fsync request */ if ((msg = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); id = conn->msg_id++; if ((r = sshbuf_put_u8(msg, SSH2_FXP_EXTENDED)) != 0 || (r = sshbuf_put_u32(msg, id)) != 0 || (r = sshbuf_put_cstring(msg, "fsync@openssh.com")) != 0 || (r = sshbuf_put_string(msg, handle, handle_len)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "compose"); send_msg(conn, msg); debug3("Sent message fsync@openssh.com I:%u", id); sshbuf_free(msg); @@ -1029,12 +1027,12 @@ do_readlink(struct sftp_conn *conn, const char *path) send_string_request(conn, id, SSH2_FXP_READLINK, path, strlen(path)); if ((msg = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); get_msg(conn, msg); if ((r = sshbuf_get_u8(msg, &type)) != 0 || (r = sshbuf_get_u32(msg, &id)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse"); if (id != expected_id) fatal("ID mismatch (%u != %u)", id, expected_id); @@ -1043,7 +1041,7 @@ do_readlink(struct sftp_conn *conn, const char *path) u_int status; if ((r = sshbuf_get_u32(msg, &status)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse status"); error("Couldn't readlink: %s", fx2txt(status)); sshbuf_free(msg); return(NULL); @@ -1052,14 +1050,14 @@ do_readlink(struct sftp_conn *conn, const char *path) SSH2_FXP_NAME, type); if ((r = sshbuf_get_u32(msg, &count)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse count"); if (count != 1) fatal("Got multiple names (%d) from SSH_FXP_READLINK", count); if ((r = sshbuf_get_cstring(msg, &filename, NULL)) != 0 || (r = sshbuf_get_cstring(msg, &longname, NULL)) != 0 || (r = decode_attrib(msg, &a)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse filenames/attrib"); debug3("SSH_FXP_READLINK %s -> %s", path, filename); @@ -1087,12 +1085,12 @@ do_statvfs(struct sftp_conn *conn, const char *path, struct sftp_statvfs *st, id = conn->msg_id++; if ((msg = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); if ((r = sshbuf_put_u8(msg, SSH2_FXP_EXTENDED)) != 0 || (r = sshbuf_put_u32(msg, id)) != 0 || (r = sshbuf_put_cstring(msg, "statvfs@openssh.com")) != 0 || (r = sshbuf_put_cstring(msg, path)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "compose"); send_msg(conn, msg); sshbuf_free(msg); @@ -1115,12 +1113,12 @@ do_fstatvfs(struct sftp_conn *conn, const u_char *handle, u_int handle_len, id = conn->msg_id++; if ((msg = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); if ((r = sshbuf_put_u8(msg, SSH2_FXP_EXTENDED)) != 0 || (r = sshbuf_put_u32(msg, id)) != 0 || (r = sshbuf_put_cstring(msg, "fstatvfs@openssh.com")) != 0 || (r = sshbuf_put_string(msg, handle, handle_len)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "compose"); send_msg(conn, msg); sshbuf_free(msg); @@ -1142,13 +1140,13 @@ do_lsetstat(struct sftp_conn *conn, const char *path, Attrib *a) id = conn->msg_id++; if ((msg = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); if ((r = sshbuf_put_u8(msg, SSH2_FXP_EXTENDED)) != 0 || (r = sshbuf_put_u32(msg, id)) != 0 || (r = sshbuf_put_cstring(msg, "lsetstat@openssh.com")) != 0 || (r = sshbuf_put_cstring(msg, path)) != 0 || (r = encode_attrib(msg, a)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "compose"); send_msg(conn, msg); sshbuf_free(msg); @@ -1168,13 +1166,13 @@ send_read_request(struct sftp_conn *conn, u_int id, u_int64_t offset, int r; if ((msg = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); if ((r = sshbuf_put_u8(msg, SSH2_FXP_READ)) != 0 || (r = sshbuf_put_u32(msg, id)) != 0 || (r = sshbuf_put_string(msg, handle, handle_len)) != 0 || (r = sshbuf_put_u64(msg, offset)) != 0 || (r = sshbuf_put_u32(msg, len)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "compose"); send_msg(conn, msg); sshbuf_free(msg); } @@ -1228,7 +1226,7 @@ do_download(struct sftp_conn *conn, const char *remote_path, buflen = conn->transfer_buflen; if ((msg = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); attrib_clear(&junk); /* Send empty attributes */ @@ -1239,7 +1237,7 @@ do_download(struct sftp_conn *conn, const char *remote_path, (r = sshbuf_put_cstring(msg, remote_path)) != 0 || (r = sshbuf_put_u32(msg, SSH2_FXF_READ)) != 0 || (r = encode_attrib(msg, &junk)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "compose"); send_msg(conn, msg); debug3("Sent message SSH2_FXP_OPEN I:%u P:%s", id, remote_path); @@ -1325,7 +1323,7 @@ do_download(struct sftp_conn *conn, const char *remote_path, get_msg(conn, msg); if ((r = sshbuf_get_u8(msg, &type)) != 0 || (r = sshbuf_get_u32(msg, &id)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse"); debug3("Received reply T:%u I:%u R:%d", type, id, max_req); /* Find the request in our queue */ @@ -1339,8 +1337,7 @@ do_download(struct sftp_conn *conn, const char *remote_path, switch (type) { case SSH2_FXP_STATUS: if ((r = sshbuf_get_u32(msg, &status)) != 0) - fatal("%s: buffer error: %s", - __func__, ssh_err(r)); + fatal_fr(r, "parse status"); if (status != SSH2_FX_EOF) read_error = 1; max_req = 0; @@ -1350,8 +1347,7 @@ do_download(struct sftp_conn *conn, const char *remote_path, break; case SSH2_FXP_DATA: if ((r = sshbuf_get_string(msg, &data, &len)) != 0) - fatal("%s: buffer error: %s", - __func__, ssh_err(r)); + fatal_fr(r, "parse data"); debug3("Received data %llu -> %llu", (unsigned long long)req->offset, (unsigned long long)req->offset + len - 1); @@ -1659,7 +1655,7 @@ do_upload(struct sftp_conn *conn, const char *local_path, } if ((msg = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); /* Send open request */ id = conn->msg_id++; @@ -1669,7 +1665,7 @@ do_upload(struct sftp_conn *conn, const char *local_path, (r = sshbuf_put_u32(msg, SSH2_FXF_WRITE|SSH2_FXF_CREAT| (resume ? SSH2_FXF_APPEND : SSH2_FXF_TRUNC))) != 0 || (r = encode_attrib(msg, &a)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "compose"); send_msg(conn, msg); debug3("Sent message SSH2_FXP_OPEN I:%u P:%s", id, remote_path); @@ -1725,8 +1721,7 @@ do_upload(struct sftp_conn *conn, const char *local_path, handle_len)) != 0 || (r = sshbuf_put_u64(msg, offset)) != 0 || (r = sshbuf_put_string(msg, data, len)) != 0) - fatal("%s: buffer error: %s", - __func__, ssh_err(r)); + fatal_fr(r, "compose"); send_msg(conn, msg); debug3("Sent message SSH2_FXP_WRITE I:%u O:%llu S:%u", id, (unsigned long long)offset, len); @@ -1744,16 +1739,14 @@ do_upload(struct sftp_conn *conn, const char *local_path, get_msg(conn, msg); if ((r = sshbuf_get_u8(msg, &type)) != 0 || (r = sshbuf_get_u32(msg, &rid)) != 0) - fatal("%s: buffer error: %s", - __func__, ssh_err(r)); + fatal_fr(r, "parse"); if (type != SSH2_FXP_STATUS) fatal("Expected SSH2_FXP_STATUS(%d) packet, " "got %d", SSH2_FXP_STATUS, type); if ((r = sshbuf_get_u32(msg, &status)) != 0) - fatal("%s: buffer error: %s", - __func__, ssh_err(r)); + fatal_fr(r, "parse status"); debug3("SSH2_FXP_STATUS %u", status); /* Find the request in our queue */ @@ -1772,7 +1765,7 @@ do_upload(struct sftp_conn *conn, const char *local_path, } offset += len; if (offset < 0) - fatal("%s: offset < 0", __func__); + fatal_f("offset < 0"); } sshbuf_free(msg); diff --git a/usr.bin/ssh/sftp-common.c b/usr.bin/ssh/sftp-common.c index ba8efbfde48..a315470840c 100644 --- a/usr.bin/ssh/sftp-common.c +++ b/usr.bin/ssh/sftp-common.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-common.c,v 1.31 2018/09/13 15:23:32 millert Exp $ */ +/* $OpenBSD: sftp-common.c,v 1.32 2020/10/18 11:32:02 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * Copyright (c) 2001 Damien Miller. All rights reserved. @@ -131,7 +131,7 @@ decode_attrib(struct sshbuf *b, Attrib *a) u_int i, count; if ((r = sshbuf_get_u32(b, &count)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + return r; for (i = 0; i < count; i++) { if ((r = sshbuf_get_cstring(b, &type, NULL)) != 0 || (r = sshbuf_get_string(b, &data, &dlen)) != 0) diff --git a/usr.bin/ssh/sftp-server.c b/usr.bin/ssh/sftp-server.c index 9c0a9043105..7bf7252840f 100644 --- a/usr.bin/ssh/sftp-server.c +++ b/usr.bin/ssh/sftp-server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-server.c,v 1.119 2020/07/17 03:51:32 djm Exp $ */ +/* $OpenBSD: sftp-server.c,v 1.120 2020/10/18 11:32:02 djm Exp $ */ /* * Copyright (c) 2000-2004 Markus Friedl. All rights reserved. * @@ -481,7 +481,7 @@ send_msg(struct sshbuf *m) int r; if ((r = sshbuf_put_stringb(oqueue, m)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "enqueue"); sshbuf_reset(m); } @@ -514,16 +514,16 @@ send_status(u_int32_t id, u_int32_t status) (status != SSH2_FX_OK && status != SSH2_FX_EOF)) logit("sent status %s", status_to_message(status)); if ((msg = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); if ((r = sshbuf_put_u8(msg, SSH2_FXP_STATUS)) != 0 || (r = sshbuf_put_u32(msg, id)) != 0 || (r = sshbuf_put_u32(msg, status)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "compose"); if (version >= 3) { if ((r = sshbuf_put_cstring(msg, status_to_message(status))) != 0 || (r = sshbuf_put_cstring(msg, "")) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "compose message"); } send_msg(msg); sshbuf_free(msg); @@ -535,11 +535,11 @@ send_data_or_handle(char type, u_int32_t id, const u_char *data, int dlen) int r; if ((msg = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); if ((r = sshbuf_put_u8(msg, type)) != 0 || (r = sshbuf_put_u32(msg, id)) != 0 || (r = sshbuf_put_string(msg, data, dlen)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "compose"); send_msg(msg); sshbuf_free(msg); } @@ -570,17 +570,17 @@ send_names(u_int32_t id, int count, const Stat *stats) int i, r; if ((msg = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); if ((r = sshbuf_put_u8(msg, SSH2_FXP_NAME)) != 0 || (r = sshbuf_put_u32(msg, id)) != 0 || (r = sshbuf_put_u32(msg, count)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "compose"); debug("request %u: sent names count %d", id, count); for (i = 0; i < count; i++) { if ((r = sshbuf_put_cstring(msg, stats[i].name)) != 0 || (r = sshbuf_put_cstring(msg, stats[i].long_name)) != 0 || (r = encode_attrib(msg, &stats[i].attrib)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "compose filenames/attrib"); } send_msg(msg); sshbuf_free(msg); @@ -594,11 +594,11 @@ send_attrib(u_int32_t id, const Attrib *a) debug("request %u: sent attrib have 0x%x", id, a->flags); if ((msg = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); if ((r = sshbuf_put_u8(msg, SSH2_FXP_ATTRS)) != 0 || (r = sshbuf_put_u32(msg, id)) != 0 || (r = encode_attrib(msg, a)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "compose"); send_msg(msg); sshbuf_free(msg); } @@ -614,7 +614,7 @@ send_statvfs(u_int32_t id, struct statvfs *st) flag |= (st->f_flag & ST_NOSUID) ? SSH2_FXE_STATVFS_ST_NOSUID : 0; if ((msg = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); if ((r = sshbuf_put_u8(msg, SSH2_FXP_EXTENDED_REPLY)) != 0 || (r = sshbuf_put_u32(msg, id)) != 0 || (r = sshbuf_put_u64(msg, st->f_bsize)) != 0 || @@ -628,7 +628,7 @@ send_statvfs(u_int32_t id, struct statvfs *st) (r = sshbuf_put_u64(msg, st->f_fsid)) != 0 || (r = sshbuf_put_u64(msg, flag)) != 0 || (r = sshbuf_put_u64(msg, st->f_namemax)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "compose"); send_msg(msg); sshbuf_free(msg); } @@ -642,10 +642,10 @@ process_init(void) int r; if ((r = sshbuf_get_u32(iqueue, &version)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse"); verbose("received client version %u", version); if ((msg = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); if ((r = sshbuf_put_u8(msg, SSH2_FXP_VERSION)) != 0 || (r = sshbuf_put_u32(msg, SSH2_FILEXFER_VERSION)) != 0 || /* POSIX rename extension */ @@ -665,7 +665,7 @@ process_init(void) (r = sshbuf_put_cstring(msg, "1")) != 0 || /* version */ (r = sshbuf_put_cstring(msg, "lsetstat@openssh.com")) != 0 || (r = sshbuf_put_cstring(msg, "1")) != 0) /* version */ - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "compose"); send_msg(msg); sshbuf_free(msg); } @@ -681,7 +681,7 @@ process_open(u_int32_t id) if ((r = sshbuf_get_cstring(iqueue, &name, NULL)) != 0 || (r = sshbuf_get_u32(iqueue, &pflags)) != 0 || /* portable flags */ (r = decode_attrib(iqueue, &a)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse"); debug3("request %u: open flags %d", id, pflags); flags = flags_from_portable(pflags); @@ -718,7 +718,7 @@ process_close(u_int32_t id) int r, handle, ret, status = SSH2_FX_FAILURE; if ((r = get_handle(iqueue, &handle)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse"); debug3("request %u: close handle %u", id, handle); handle_log_close(handle, NULL); @@ -738,7 +738,7 @@ process_read(u_int32_t id) if ((r = get_handle(iqueue, &handle)) != 0 || (r = sshbuf_get_u64(iqueue, &off)) != 0 || (r = sshbuf_get_u32(iqueue, &len)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse"); debug("request %u: read \"%s\" (handle %d) off %llu len %d", id, handle_to_name(handle), handle, (unsigned long long)off, len); @@ -779,7 +779,7 @@ process_write(u_int32_t id) if ((r = get_handle(iqueue, &handle)) != 0 || (r = sshbuf_get_u64(iqueue, &off)) != 0 || (r = sshbuf_get_string(iqueue, &data, &len)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse"); debug("request %u: write \"%s\" (handle %d) off %llu len %zu", id, handle_to_name(handle), handle, (unsigned long long)off, len); @@ -791,19 +791,18 @@ process_write(u_int32_t id) if (!(handle_to_flags(handle) & O_APPEND) && lseek(fd, off, SEEK_SET) == -1) { status = errno_to_portable(errno); - error("%s: seek failed", __func__); + error_f("seek failed"); } else { /* XXX ATOMICIO ? */ ret = write(fd, data, len); if (ret == -1) { - error("%s: write: %s", __func__, - strerror(errno)); + error_f("write: %s", strerror(errno)); status = errno_to_portable(errno); } else if ((size_t)ret == len) { status = SSH2_FX_OK; handle_update_write(handle, ret); } else { - debug2("%s: nothing at all written", __func__); + debug2_f("nothing at all written"); status = SSH2_FX_FAILURE; } } @@ -821,7 +820,7 @@ process_do_stat(u_int32_t id, int do_lstat) int r, status = SSH2_FX_FAILURE; if ((r = sshbuf_get_cstring(iqueue, &name, NULL)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse"); debug3("request %u: %sstat", id, do_lstat ? "l" : ""); verbose("%sstat name \"%s\"", do_lstat ? "l" : "", name); @@ -858,7 +857,7 @@ process_fstat(u_int32_t id) int fd, r, handle, status = SSH2_FX_FAILURE; if ((r = get_handle(iqueue, &handle)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse"); debug("request %u: fstat \"%s\" (handle %u)", id, handle_to_name(handle), handle); fd = handle_to_fd(handle); @@ -909,7 +908,7 @@ process_setstat(u_int32_t id) if ((r = sshbuf_get_cstring(iqueue, &name, NULL)) != 0 || (r = decode_attrib(iqueue, &a)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse"); debug("request %u: setstat name \"%s\"", id, name); if (a.flags & SSH2_FILEXFER_ATTR_SIZE) { @@ -956,7 +955,7 @@ process_fsetstat(u_int32_t id) if ((r = get_handle(iqueue, &handle)) != 0 || (r = decode_attrib(iqueue, &a)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse"); debug("request %u: fsetstat handle %d", id, handle); fd = handle_to_fd(handle); @@ -1008,7 +1007,7 @@ process_opendir(u_int32_t id) int r, handle, status = SSH2_FX_FAILURE; if ((r = sshbuf_get_cstring(iqueue, &path, NULL)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse"); debug3("request %u: opendir", id); logit("opendir \"%s\"", path); @@ -1039,7 +1038,7 @@ process_readdir(u_int32_t id) int r, handle; if ((r = get_handle(iqueue, &handle)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse"); debug("request %u: readdir \"%s\" (handle %d)", id, handle_to_name(handle), handle); @@ -1093,7 +1092,7 @@ process_remove(u_int32_t id) int r, status = SSH2_FX_FAILURE; if ((r = sshbuf_get_cstring(iqueue, &name, NULL)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse"); debug3("request %u: remove", id); logit("remove name \"%s\"", name); @@ -1112,7 +1111,7 @@ process_mkdir(u_int32_t id) if ((r = sshbuf_get_cstring(iqueue, &name, NULL)) != 0 || (r = decode_attrib(iqueue, &a)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse"); mode = (a.flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ? a.perm & 07777 : 0777; @@ -1131,7 +1130,7 @@ process_rmdir(u_int32_t id) int r, status; if ((r = sshbuf_get_cstring(iqueue, &name, NULL)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse"); debug3("request %u: rmdir", id); logit("rmdir name \"%s\"", name); @@ -1149,7 +1148,7 @@ process_realpath(u_int32_t id) int r; if ((r = sshbuf_get_cstring(iqueue, &path, NULL)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse"); if (path[0] == '\0') { free(path); @@ -1177,7 +1176,7 @@ process_rename(u_int32_t id) if ((r = sshbuf_get_cstring(iqueue, &oldpath, NULL)) != 0 || (r = sshbuf_get_cstring(iqueue, &newpath, NULL)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse"); debug3("request %u: rename", id); logit("rename old \"%s\" new \"%s\"", oldpath, newpath); @@ -1229,7 +1228,7 @@ process_readlink(u_int32_t id) char *path; if ((r = sshbuf_get_cstring(iqueue, &path, NULL)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse"); debug3("request %u: readlink", id); verbose("readlink \"%s\"", path); @@ -1254,7 +1253,7 @@ process_symlink(u_int32_t id) if ((r = sshbuf_get_cstring(iqueue, &oldpath, NULL)) != 0 || (r = sshbuf_get_cstring(iqueue, &newpath, NULL)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse"); debug3("request %u: symlink", id); logit("symlink old \"%s\" new \"%s\"", oldpath, newpath); @@ -1274,7 +1273,7 @@ process_extended_posix_rename(u_int32_t id) if ((r = sshbuf_get_cstring(iqueue, &oldpath, NULL)) != 0 || (r = sshbuf_get_cstring(iqueue, &newpath, NULL)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse"); debug3("request %u: posix-rename", id); logit("posix-rename old \"%s\" new \"%s\"", oldpath, newpath); @@ -1293,7 +1292,7 @@ process_extended_statvfs(u_int32_t id) int r; if ((r = sshbuf_get_cstring(iqueue, &path, NULL)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse"); debug3("request %u: statvfs", id); logit("statvfs \"%s\"", path); @@ -1311,7 +1310,7 @@ process_extended_fstatvfs(u_int32_t id) struct statvfs st; if ((r = get_handle(iqueue, &handle)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse"); debug("request %u: fstatvfs \"%s\" (handle %u)", id, handle_to_name(handle), handle); if ((fd = handle_to_fd(handle)) < 0) { @@ -1332,7 +1331,7 @@ process_extended_hardlink(u_int32_t id) if ((r = sshbuf_get_cstring(iqueue, &oldpath, NULL)) != 0 || (r = sshbuf_get_cstring(iqueue, &newpath, NULL)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse"); debug3("request %u: hardlink", id); logit("hardlink old \"%s\" new \"%s\"", oldpath, newpath); @@ -1349,7 +1348,7 @@ process_extended_fsync(u_int32_t id) int handle, fd, r, status = SSH2_FX_OP_UNSUPPORTED; if ((r = get_handle(iqueue, &handle)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse"); debug3("request %u: fsync (handle %u)", id, handle); verbose("fsync \"%s\"", handle_to_name(handle)); if ((fd = handle_to_fd(handle)) < 0) @@ -1370,7 +1369,7 @@ process_extended_lsetstat(u_int32_t id) if ((r = sshbuf_get_cstring(iqueue, &name, NULL)) != 0 || (r = decode_attrib(iqueue, &a)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse"); debug("request %u: lsetstat name \"%s\"", id, name); if (a.flags & SSH2_FILEXFER_ATTR_SIZE) { @@ -1417,7 +1416,7 @@ process_extended(u_int32_t id) int i, r; if ((r = sshbuf_get_cstring(iqueue, &request, NULL)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse"); for (i = 0; extended_handlers[i].handler != NULL; i++) { if (strcmp(request, extended_handlers[i].ext_name) == 0) { if (!request_permitted(&extended_handlers[i])) @@ -1460,10 +1459,10 @@ process(void) if (buf_len < msg_len + 4) return; if ((r = sshbuf_consume(iqueue, 4)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "consume"); buf_len -= 4; if ((r = sshbuf_get_u8(iqueue, &type)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse type"); switch (type) { case SSH2_FXP_INIT: @@ -1474,14 +1473,14 @@ process(void) if (!init_done) fatal("Received extended request before init"); if ((r = sshbuf_get_u32(iqueue, &id)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse extended ID"); process_extended(id); break; default: if (!init_done) fatal("Received %u request before init", type); if ((r = sshbuf_get_u32(iqueue, &id)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse ID"); for (i = 0; handlers[i].handler != NULL; i++) { if (type == handlers[i].type) { if (!request_permitted(&handlers[i])) { @@ -1508,7 +1507,7 @@ process(void) } if (msg_len > consumed && (r = sshbuf_consume(iqueue, msg_len - consumed)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "consume"); } /* Cleanup handler that logs active handles upon normal exit */ @@ -1649,9 +1648,9 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw) max = out; if ((iqueue = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); if ((oqueue = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); rset = xcalloc(howmany(max + 1, NFDBITS), sizeof(fd_mask)); wset = xcalloc(howmany(max + 1, NFDBITS), sizeof(fd_mask)); @@ -1678,8 +1677,7 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw) SFTP_MAX_MSG_LENGTH)) == 0) FD_SET(in, rset); else if (r != SSH_ERR_NO_BUFFER_SPACE) - fatal("%s: sshbuf_check_reserve failed: %s", - __func__, ssh_err(r)); + fatal_fr(r, "reserve"); olen = sshbuf_len(oqueue); if (olen > 0) @@ -1701,10 +1699,8 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw) } else if (len == -1) { error("read: %s", strerror(errno)); sftp_server_cleanup_exit(1); - } else if ((r = sshbuf_put(iqueue, buf, len)) != 0) { - fatal("%s: buffer error: %s", - __func__, ssh_err(r)); - } + } else if ((r = sshbuf_put(iqueue, buf, len)) != 0) + fatal_fr(r, "sshbuf_put"); } /* send oqueue to stdout */ if (FD_ISSET(out, wset)) { @@ -1712,10 +1708,8 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw) if (len == -1) { error("write: %s", strerror(errno)); sftp_server_cleanup_exit(1); - } else if ((r = sshbuf_consume(oqueue, len)) != 0) { - fatal("%s: buffer error: %s", - __func__, ssh_err(r)); - } + } else if ((r = sshbuf_consume(oqueue, len)) != 0) + fatal_fr(r, "consume"); } /* @@ -1727,7 +1721,6 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw) if (r == 0) process(); else if (r != SSH_ERR_NO_BUFFER_SPACE) - fatal("%s: sshbuf_check_reserve: %s", - __func__, ssh_err(r)); + fatal_fr(r, "reserve"); } } diff --git a/usr.bin/ssh/sftp.c b/usr.bin/ssh/sftp.c index 084773ea93e..06a2d29734e 100644 --- a/usr.bin/ssh/sftp.c +++ b/usr.bin/ssh/sftp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp.c,v 1.202 2020/10/04 03:04:02 dtucker Exp $ */ +/* $OpenBSD: sftp.c,v 1.203 2020/10/18 11:32:02 djm Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org> * @@ -2072,7 +2072,7 @@ complete(EditLine *el, int ch) lf = el_line(el); if (el_get(el, EL_CLIENTDATA, (void**)&complete_ctx) != 0) - fatal("%s: el_get failed", __func__); + fatal_f("el_get failed"); /* Figure out which argument the cursor points to */ cursor = lf->cursor - lf->buffer; diff --git a/usr.bin/ssh/sk-usbhid.c b/usr.bin/ssh/sk-usbhid.c index 78cd4537b2f..c8f5ed343e8 100644 --- a/usr.bin/ssh/sk-usbhid.c +++ b/usr.bin/ssh/sk-usbhid.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sk-usbhid.c,v 1.27 2020/10/03 03:40:38 djm Exp $ */ +/* $OpenBSD: sk-usbhid.c,v 1.28 2020/10/18 11:32:02 djm Exp $ */ /* * Copyright (c) 2019 Markus Friedl * Copyright (c) 2020 Pedro Martelletto @@ -774,7 +774,7 @@ sk_enroll(uint32_t alg, const uint8_t *challenge, size_t challenge_len, } if ((ptr = fido_cred_x5c_ptr(cred)) != NULL) { len = fido_cred_x5c_len(cred); - debug3("%s: attestation cert len=%zu", __func__, len); + skdebug(__func__, "attestation cert len=%zu", len); if ((response->attestation_cert = calloc(1, len)) == NULL) { skdebug(__func__, "calloc attestation cert failed"); goto out; @@ -784,7 +784,7 @@ sk_enroll(uint32_t alg, const uint8_t *challenge, size_t challenge_len, } if ((ptr = fido_cred_authdata_ptr(cred)) != NULL) { len = fido_cred_authdata_len(cred); - debug3("%s: authdata len=%zu", __func__, len); + skdebug(__func__, "authdata len=%zu", len); if ((response->authdata = calloc(1, len)) == NULL) { skdebug(__func__, "calloc authdata failed"); goto out; diff --git a/usr.bin/ssh/ssh-add.c b/usr.bin/ssh/ssh-add.c index 0ce989f5703..e317396d2aa 100644 --- a/usr.bin/ssh/ssh-add.c +++ b/usr.bin/ssh/ssh-add.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-add.c,v 1.157 2020/08/31 04:33:17 djm Exp $ */ +/* $OpenBSD: ssh-add.c,v 1.158 2020/10/18 11:32:02 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -139,9 +139,9 @@ delete_stdin(int agent_fd, int qflag) if (*cp == '#' || *cp == '\0') continue; if ((key = sshkey_new(KEY_UNSPEC)) == NULL) - fatal("%s: sshkey_new", __func__); + fatal_f("sshkey_new"); if ((r = sshkey_read(key, &cp)) != 0) { - error("(stdin):%d: invalid key: %s", lnum, ssh_err(r)); + error_r(r, "(stdin):%d: invalid key", lnum); continue; } if (delete_one(agent_fd, key, cp, "(stdin)", qflag) == 0) @@ -178,8 +178,7 @@ delete_file(int agent_fd, const char *filename, int key_only, int qflag) xasprintf(&certpath, "%s-cert.pub", filename); if ((r = sshkey_load_public(certpath, &cert, &comment)) != 0) { if (r != SSH_ERR_SYSTEM_ERROR || errno != ENOENT) - error("Failed to load certificate \"%s\": %s", - certpath, ssh_err(r)); + error_r(r, "Failed to load certificate \"%s\"", certpath); goto out; } @@ -386,8 +385,7 @@ add_file(int agent_fd, const char *filename, int key_only, int qflag, xasprintf(&certpath, "%s-cert.pub", filename); if ((r = sshkey_load_public(certpath, &cert, NULL)) != 0) { if (r != SSH_ERR_SYSTEM_ERROR || errno != ENOENT) - error("Failed to load certificate \"%s\": %s", - certpath, ssh_err(r)); + error_r(r, "Failed to load certificate \"%s\"", certpath); goto out; } @@ -400,12 +398,12 @@ add_file(int agent_fd, const char *filename, int key_only, int qflag, /* Graft with private bits */ if ((r = sshkey_to_certified(private)) != 0) { - error("%s: sshkey_to_certified: %s", __func__, ssh_err(r)); + error_fr(r, "sshkey_to_certified"); sshkey_free(cert); goto out; } if ((r = sshkey_cert_copy(cert, private)) != 0) { - error("%s: sshkey_cert_copy: %s", __func__, ssh_err(r)); + error_fr(r, "sshkey_cert_copy"); sshkey_free(cert); goto out; } @@ -413,8 +411,8 @@ add_file(int agent_fd, const char *filename, int key_only, int qflag, if ((r = ssh_add_identity_constrained(agent_fd, private, comment, lifetime, confirm, maxsign, skprovider)) != 0) { - error("Certificate %s (%s) add failed: %s", certpath, - private->cert->key_id, ssh_err(r)); + error_r(r, "Certificate %s (%s) add failed", certpath, + private->cert->key_id); goto out; } /* success */ @@ -477,20 +475,18 @@ test_key(int agent_fd, const char *filename) char data[1024]; if ((r = sshkey_load_public(filename, &key, NULL)) != 0) { - error("Couldn't read public key %s: %s", filename, ssh_err(r)); + error_r(r, "Couldn't read public key %s", filename); return -1; } arc4random_buf(data, sizeof(data)); if ((r = ssh_agent_sign(agent_fd, key, &sig, &slen, data, sizeof(data), NULL, 0)) != 0) { - error("Agent signature failed for %s: %s", - filename, ssh_err(r)); + error_r(r, "Agent signature failed for %s", filename); goto done; } if ((r = sshkey_verify(key, sig, slen, data, sizeof(data), NULL, 0, NULL)) != 0) { - error("Signature verification failed for %s: %s", - filename, ssh_err(r)); + error_r(r, "Signature verification failed for %s", filename); goto done; } /* success */ @@ -585,13 +581,13 @@ load_resident_keys(int agent_fd, const char *skprovider, int qflag) pass = read_passphrase("Enter PIN for authenticator: ", RP_ALLOW_STDIN); if ((r = sshsk_load_resident(skprovider, NULL, pass, &keys, &nkeys)) != 0) { - error("Unable to load resident keys: %s", ssh_err(r)); + error_r(r, "Unable to load resident keys"); return r; } for (i = 0; i < nkeys; i++) { if ((fp = sshkey_fingerprint(keys[i], fingerprint_hash, SSH_FP_DEFAULT)) == NULL) - fatal("%s: sshkey_fingerprint failed", __func__); + fatal_f("sshkey_fingerprint failed"); if ((r = ssh_add_identity_constrained(agent_fd, keys[i], "", lifetime, confirm, maxsign, skprovider)) != 0) { error("Unable to add key %s %s", diff --git a/usr.bin/ssh/ssh-agent.c b/usr.bin/ssh/ssh-agent.c index 86d771e3a39..b9206031da2 100644 --- a/usr.bin/ssh/ssh-agent.c +++ b/usr.bin/ssh/ssh-agent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-agent.c,v 1.265 2020/10/03 09:22:26 djm Exp $ */ +/* $OpenBSD: ssh-agent.c,v 1.266 2020/10/18 11:32:02 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -224,7 +224,7 @@ send_status(SocketEntry *e, int success) if ((r = sshbuf_put_u32(e->output, 1)) != 0 || (r = sshbuf_put_u8(e->output, success ? SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "compose"); } /* send list of supported public keys to 'client' */ @@ -236,21 +236,20 @@ process_request_identities(SocketEntry *e) int r; if ((msg = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); if ((r = sshbuf_put_u8(msg, SSH2_AGENT_IDENTITIES_ANSWER)) != 0 || (r = sshbuf_put_u32(msg, idtab->nentries)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "compose"); TAILQ_FOREACH(id, &idtab->idlist, next) { if ((r = sshkey_puts_opts(id->key, msg, SSHKEY_SERIALIZE_INFO)) != 0 || (r = sshbuf_put_cstring(msg, id->comment)) != 0) { - error("%s: put key/comment: %s", __func__, - ssh_err(r)); + error_fr(r, "compose key/comment"); continue; } } if ((r = sshbuf_put_stringb(e->output, msg)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "enqueue"); sshbuf_free(msg); } @@ -291,7 +290,7 @@ check_websafe_message_contents(struct sshkey *key, struct sshkey *mkey = NULL; if ((b = sshbuf_from(msg, len)) == NULL) - fatal("%s: sshbuf_new", __func__); + fatal_f("sshbuf_new"); /* SSH userauth request */ if ((r = sshbuf_get_string_direct(b, NULL, NULL)) == 0 && /* sess_id */ @@ -303,12 +302,12 @@ check_websafe_message_contents(struct sshkey *key, (r = sshbuf_get_cstring(b, NULL, NULL)) == 0 && /* alg */ (r = sshkey_froms(b, &mkey)) == 0 && /* key */ sshbuf_len(b) == 0) { - debug("%s: parsed userauth", __func__); + debug_f("parsed userauth"); if (m == SSH2_MSG_USERAUTH_REQUEST && n == 1 && strcmp(cp1, "ssh-connection") == 0 && strcmp(cp2, "publickey") == 0 && sshkey_equal(key, mkey)) { - debug("%s: well formed userauth", __func__); + debug_f("well formed userauth"); matched = 1; } } @@ -320,7 +319,7 @@ check_websafe_message_contents(struct sshkey *key, return 1; if ((b = sshbuf_from(msg, len)) == NULL) - fatal("%s: sshbuf_new", __func__); + fatal_f("sshbuf_new"); cp1 = cp2 = NULL; mkey = NULL; @@ -332,7 +331,7 @@ check_websafe_message_contents(struct sshkey *key, (r = sshbuf_get_cstring(b, NULL, NULL)) == 0 && /* hashalg */ (r = sshbuf_get_string_direct(b, NULL, NULL)) == 0 && /* H(msg) */ sshbuf_len(b) == 0) { - debug("%s: parsed sshsig", __func__); + debug_f("parsed sshsig"); matched = 1; } @@ -362,20 +361,20 @@ process_sign_request2(SocketEntry *e) struct notifier_ctx *notifier = NULL; if ((msg = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); if ((r = sshkey_froms(e->request, &key)) != 0 || (r = sshbuf_get_string_direct(e->request, &data, &dlen)) != 0 || (r = sshbuf_get_u32(e->request, &flags)) != 0) { - error("%s: couldn't parse request: %s", __func__, ssh_err(r)); + error_fr(r, "parse"); goto send; } if ((id = lookup_identity(key)) == NULL) { - verbose("%s: %s key not found", __func__, sshkey_type(key)); + verbose_f("%s key not found", sshkey_type(key)); goto send; } if (id->confirm && confirm_key(id) != 0) { - verbose("%s: user refused key", __func__); + verbose_f("user refused key"); goto send; } if (sshkey_is_sk(id->key)) { @@ -387,7 +386,7 @@ process_sign_request2(SocketEntry *e) if ((id->key->sk_flags & SSH_SK_USER_PRESENCE_REQD)) { if ((fp = sshkey_fingerprint(key, SSH_FP_HASH_DEFAULT, SSH_FP_DEFAULT)) == NULL) - fatal("%s: fingerprint failed", __func__); + fatal_f("fingerprint failed"); notifier = notify_start(0, "Confirm user presence for key %s %s", sshkey_type(id->key), fp); @@ -397,7 +396,7 @@ process_sign_request2(SocketEntry *e) if ((r = sshkey_sign(id->key, &signature, &slen, data, dlen, agent_decode_alg(key, flags), id->sk_provider, NULL, compat)) != 0) { - error("%s: sshkey_sign: %s", __func__, ssh_err(r)); + error_fr(r, "sshkey_sign"); goto send; } /* Success */ @@ -409,12 +408,12 @@ process_sign_request2(SocketEntry *e) if (ok == 0) { if ((r = sshbuf_put_u8(msg, SSH2_AGENT_SIGN_RESPONSE)) != 0 || (r = sshbuf_put_string(msg, signature, slen)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "compose"); } else if ((r = sshbuf_put_u8(msg, SSH_AGENT_FAILURE)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "compose failure"); if ((r = sshbuf_put_stringb(e->output, msg)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "enqueue"); sshbuf_free(msg); free(signature); @@ -429,17 +428,16 @@ process_remove_identity(SocketEntry *e) Identity *id; if ((r = sshkey_froms(e->request, &key)) != 0) { - error("%s: get key: %s", __func__, ssh_err(r)); + error_fr(r, "parse key"); goto done; } if ((id = lookup_identity(key)) == NULL) { - debug("%s: key not found", __func__); + debug_f("key not found"); goto done; } /* We have this key, free it. */ if (idtab->nentries < 1) - fatal("%s: internal error: nentries %d", - __func__, idtab->nentries); + fatal_f("internal error: nentries %d", idtab->nentries); TAILQ_REMOVE(&idtab->idlist, id, next); free_identity(id); idtab->nentries--; @@ -510,19 +508,18 @@ process_add_identity(SocketEntry *e) if ((r = sshkey_private_deserialize(e->request, &k)) != 0 || k == NULL || (r = sshbuf_get_cstring(e->request, &comment, NULL)) != 0) { - error("%s: decode private key: %s", __func__, ssh_err(r)); + error_fr(r, "parse"); goto err; } while (sshbuf_len(e->request)) { if ((r = sshbuf_get_u8(e->request, &ctype)) != 0) { - error("%s: buffer error: %s", __func__, ssh_err(r)); + error_fr(r, "parse constraint type"); goto err; } switch (ctype) { case SSH_AGENT_CONSTRAIN_LIFETIME: if ((r = sshbuf_get_u32(e->request, &seconds)) != 0) { - error("%s: bad lifetime constraint: %s", - __func__, ssh_err(r)); + error_fr(r, "parse lifetime constraint"); goto err; } death = monotime() + seconds; @@ -532,24 +529,21 @@ process_add_identity(SocketEntry *e) break; case SSH_AGENT_CONSTRAIN_MAXSIGN: if ((r = sshbuf_get_u32(e->request, &maxsign)) != 0) { - error("%s: bad maxsign constraint: %s", - __func__, ssh_err(r)); + error_fr(r, "parse maxsign constraint"); goto err; } if ((r = sshkey_enable_maxsign(k, maxsign)) != 0) { - error("%s: cannot enable maxsign: %s", - __func__, ssh_err(r)); + error_fr(r, "enable maxsign"); goto err; } break; case SSH_AGENT_CONSTRAIN_EXTENSION: if ((r = sshbuf_get_cstring(e->request, &ext_name, NULL)) != 0) { - error("%s: cannot parse extension: %s", - __func__, ssh_err(r)); + error_fr(r, "parse constraint extension"); goto err; } - debug("%s: constraint ext %s", __func__, ext_name); + debug_f("constraint ext %s", ext_name); if (strcmp(ext_name, "sk-provider@openssh.com") == 0) { if (sk_provider != NULL) { error("%s already set", ext_name); @@ -557,19 +551,18 @@ process_add_identity(SocketEntry *e) } if ((r = sshbuf_get_cstring(e->request, &sk_provider, NULL)) != 0) { - error("%s: cannot parse %s: %s", - __func__, ext_name, ssh_err(r)); + error_fr(r, "parse %s", ext_name); goto err; } } else { - error("%s: unsupported constraint \"%s\"", - __func__, ext_name); + error_f("unsupported constraint \"%s\"", + ext_name); goto err; } free(ext_name); break; default: - error("%s: Unknown constraint %d", __func__, ctype); + error_f("Unknown constraint %d", ctype); err: free(sk_provider); free(ext_name); @@ -587,7 +580,7 @@ process_add_identity(SocketEntry *e) goto send; } if (strcasecmp(sk_provider, "internal") == 0) { - debug("%s: internal provider", __func__); + debug_f("internal provider"); } else { if (realpath(sk_provider, canonical_provider) == NULL) { verbose("failed provider \"%.100s\": " @@ -608,7 +601,7 @@ process_add_identity(SocketEntry *e) } } if ((r = sshkey_shield_private(k)) != 0) { - error("%s: shield private key: %s", __func__, ssh_err(r)); + error_fr(r, "shield private"); goto err; } @@ -634,9 +627,9 @@ process_add_identity(SocketEntry *e) if ((fp = sshkey_fingerprint(k, SSH_FP_HASH_DEFAULT, SSH_FP_DEFAULT)) == NULL) - fatal("%s: sshkey_fingerprint failed", __func__); - debug("%s: add %s %s \"%.100s\" (life: %u) (confirm: %u) " - "(provider: %s)", __func__, sshkey_ssh_name(k), fp, comment, + fatal_f("sshkey_fingerprint failed"); + debug_f("add %s %s \"%.100s\" (life: %u) (confirm: %u) " + "(provider: %s)", sshkey_ssh_name(k), fp, comment, seconds, confirm, sk_provider == NULL ? "none" : sk_provider); free(fp); send: @@ -659,7 +652,7 @@ process_lock_agent(SocketEntry *e, int lock) * do is abort. */ if ((r = sshbuf_get_cstring(e->request, &passwd, &pwlen)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse"); if (pwlen == 0) { debug("empty password not supported"); } else if (locked && !lock) { @@ -702,11 +695,11 @@ no_identities(SocketEntry *e) int r; if ((msg = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); if ((r = sshbuf_put_u8(msg, SSH2_AGENT_IDENTITIES_ANSWER)) != 0 || (r = sshbuf_put_u32(msg, 0)) != 0 || (r = sshbuf_put_stringb(e->output, msg)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "compose"); sshbuf_free(msg); } @@ -725,20 +718,19 @@ process_add_smartcard_key(SocketEntry *e) if ((r = sshbuf_get_cstring(e->request, &provider, NULL)) != 0 || (r = sshbuf_get_cstring(e->request, &pin, NULL)) != 0) { - error("%s: buffer error: %s", __func__, ssh_err(r)); + error_fr(r, "parse"); goto send; } while (sshbuf_len(e->request)) { if ((r = sshbuf_get_u8(e->request, &type)) != 0) { - error("%s: buffer error: %s", __func__, ssh_err(r)); + error_fr(r, "parse type"); goto send; } switch (type) { case SSH_AGENT_CONSTRAIN_LIFETIME: if ((r = sshbuf_get_u32(e->request, &seconds)) != 0) { - error("%s: buffer error: %s", - __func__, ssh_err(r)); + error_fr(r, "parse lifetime"); goto send; } death = monotime() + seconds; @@ -747,7 +739,7 @@ process_add_smartcard_key(SocketEntry *e) confirm = 1; break; default: - error("%s: Unknown constraint type %d", __func__, type); + error_f("Unknown constraint type %d", type); goto send; } } @@ -761,7 +753,7 @@ process_add_smartcard_key(SocketEntry *e) "provider not allowed", canonical_provider); goto send; } - debug("%s: add %.100s", __func__, canonical_provider); + debug_f("add %.100s", canonical_provider); if (lifetime && !death) death = monotime() + lifetime; @@ -805,7 +797,7 @@ process_remove_smartcard_key(SocketEntry *e) if ((r = sshbuf_get_cstring(e->request, &provider, NULL)) != 0 || (r = sshbuf_get_cstring(e->request, &pin, NULL)) != 0) { - error("%s: buffer error: %s", __func__, ssh_err(r)); + error_fr(r, "parse"); goto send; } free(pin); @@ -816,7 +808,7 @@ process_remove_smartcard_key(SocketEntry *e) goto send; } - debug("%s: remove %.100s", __func__, canonical_provider); + debug_f("remove %.100s", canonical_provider); for (id = TAILQ_FIRST(&idtab->idlist); id; id = nxt) { nxt = TAILQ_NEXT(id, next); /* Skip file--based keys */ @@ -831,7 +823,7 @@ process_remove_smartcard_key(SocketEntry *e) if (pkcs11_del_provider(canonical_provider) == 0) success = 1; else - error("%s: pkcs11_del_provider failed", __func__); + error_f("pkcs11_del_provider failed"); send: free(provider); send_status(e, success); @@ -851,10 +843,8 @@ process_message(u_int socknum) int r; SocketEntry *e; - if (socknum >= sockets_alloc) { - fatal("%s: socket number %u >= allocated %u", - __func__, socknum, sockets_alloc); - } + if (socknum >= sockets_alloc) + fatal_f("sock %u >= allocated %u", socknum, sockets_alloc); e = &sockets[socknum]; if (sshbuf_len(e->input) < 5) @@ -862,8 +852,8 @@ process_message(u_int socknum) cp = sshbuf_ptr(e->input); msg_len = PEEK_U32(cp); if (msg_len > AGENT_MAX_LEN) { - debug("%s: socket %u (fd=%d) message too long %u > %u", - __func__, socknum, e->fd, msg_len, AGENT_MAX_LEN); + debug_f("socket %u (fd=%d) message too long %u > %u", + socknum, e->fd, msg_len, AGENT_MAX_LEN); return -1; } if (sshbuf_len(e->input) < msg_len + 4) @@ -875,13 +865,13 @@ process_message(u_int socknum) (r = sshbuf_get_u8(e->request, &type)) != 0) { if (r == SSH_ERR_MESSAGE_INCOMPLETE || r == SSH_ERR_STRING_TOO_LARGE) { - debug("%s: buffer error: %s", __func__, ssh_err(r)); + error_fr(r, "parse"); return -1; } - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse"); } - debug("%s: socket %u (fd=%d) type %d", __func__, socknum, e->fd, type); + debug_f("socket %u (fd=%d) type %d", socknum, e->fd, type); /* check whether agent is locked */ if (locked && type != SSH_AGENTC_UNLOCK) { @@ -955,12 +945,10 @@ new_socket(sock_type type, int fd) for (i = 0; i < sockets_alloc; i++) if (sockets[i].type == AUTH_UNUSED) { sockets[i].fd = fd; - if ((sockets[i].input = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); - if ((sockets[i].output = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); - if ((sockets[i].request = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + if ((sockets[i].input = sshbuf_new()) == NULL || + (sockets[i].output = sshbuf_new()) == NULL || + (sockets[i].request = sshbuf_new()) == NULL) + fatal_f("sshbuf_new failed"); sockets[i].type = type; return; } @@ -971,12 +959,10 @@ new_socket(sock_type type, int fd) sockets[i].type = AUTH_UNUSED; sockets_alloc = new_alloc; sockets[old_alloc].fd = fd; - if ((sockets[old_alloc].input = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); - if ((sockets[old_alloc].output = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); - if ((sockets[old_alloc].request = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + if ((sockets[old_alloc].input = sshbuf_new()) == NULL || + (sockets[old_alloc].output = sshbuf_new()) == NULL || + (sockets[old_alloc].request = sshbuf_new()) == NULL) + fatal_f("sshbuf_new failed"); sockets[old_alloc].type = type; } @@ -1021,14 +1007,13 @@ handle_conn_read(u_int socknum) if (len == -1) { if (errno == EAGAIN || errno == EINTR) return 0; - error("%s: read error on socket %u (fd %d): %s", - __func__, socknum, sockets[socknum].fd, - strerror(errno)); + error_f("read error on socket %u (fd %d): %s", + socknum, sockets[socknum].fd, strerror(errno)); } return -1; } if ((r = sshbuf_put(sockets[socknum].input, buf, len)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "compose"); explicit_bzero(buf, sizeof(buf)); for (;;) { if ((r = process_message(socknum)) == -1) @@ -1053,14 +1038,13 @@ handle_conn_write(u_int socknum) if (len == -1) { if (errno == EAGAIN || errno == EINTR) return 0; - error("%s: read error on socket %u (fd %d): %s", - __func__, socknum, sockets[socknum].fd, - strerror(errno)); + error_f("read error on socket %u (fd %d): %s", + socknum, sockets[socknum].fd, strerror(errno)); } return -1; } if ((r = sshbuf_consume(sockets[socknum].output, len)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "consume"); return 0; } @@ -1082,7 +1066,7 @@ after_poll(struct pollfd *pfd, size_t npfd, u_int maxfds) break; } if (socknum >= sockets_alloc) { - error("%s: no socket for fd %d", __func__, pfd[i].fd); + error_f("no socket for fd %d", pfd[i].fd); continue; } /* Process events */ @@ -1143,7 +1127,7 @@ prepare_poll(struct pollfd **pfdp, size_t *npfdp, int *timeoutp, u_int maxfds) } if (npfd != *npfdp && (pfd = recallocarray(pfd, *npfdp, npfd, sizeof(*pfd))) == NULL) - fatal("%s: recallocarray failed", __func__); + fatal_f("recallocarray failed"); *pfdp = pfd; *npfdp = npfd; @@ -1172,10 +1156,8 @@ prepare_poll(struct pollfd **pfdp, size_t *npfdp, int *timeoutp, u_int maxfds) (r = sshbuf_check_reserve(sockets[i].output, AGENT_MAX_LEN)) == 0) pfd[j].events = POLLIN; - else if (r != SSH_ERR_NO_BUFFER_SPACE) { - fatal("%s: buffer error: %s", - __func__, ssh_err(r)); - } + else if (r != SSH_ERR_NO_BUFFER_SPACE) + fatal_fr(r, "reserve"); if (sshbuf_len(sockets[i].output) > 0) pfd[j].events |= POLLOUT; j++; @@ -1204,7 +1186,7 @@ cleanup_socket(void) { if (cleanup_pid != 0 && getpid() != cleanup_pid) return; - debug("%s: cleanup", __func__); + debug_f("cleanup"); if (socket_name[0]) unlink(socket_name); if (socket_dir[0]) @@ -1475,7 +1457,7 @@ main(int ac, char **av) (void)chdir("/"); if (stdfd_devnull(1, 1, 1) == -1) - error("%s: stdfd_devnull failed", __func__); + error_f("stdfd_devnull failed"); /* deny core dumps, since memory contains unencrypted private keys */ rlim.rlim_cur = rlim.rlim_max = 0; diff --git a/usr.bin/ssh/ssh-ed25519-sk.c b/usr.bin/ssh/ssh-ed25519-sk.c index 44ce9ec591c..8d8ddaaa0e1 100644 --- a/usr.bin/ssh/ssh-ed25519-sk.c +++ b/usr.bin/ssh/ssh-ed25519-sk.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-ed25519-sk.c,v 1.5 2020/02/26 13:40:09 jsg Exp $ */ +/* $OpenBSD: ssh-ed25519-sk.c,v 1.6 2020/10/18 11:32:02 djm Exp $ */ /* * Copyright (c) 2019 Markus Friedl. All rights reserved. * @@ -137,8 +137,7 @@ ssh_ed25519_sk_verify(const struct sshkey *key, } if ((ret = crypto_sign_ed25519_open(m, &mlen, sm, smlen, key->ed25519_pk)) != 0) { - debug2("%s: crypto_sign_ed25519_open failed: %d", - __func__, ret); + debug2_f("crypto_sign_ed25519_open failed: %d", ret); } if (ret != 0 || mlen != smlen - len) { r = SSH_ERR_SIGNATURE_INVALID; diff --git a/usr.bin/ssh/ssh-ed25519.c b/usr.bin/ssh/ssh-ed25519.c index 0c86f9a2b7e..1984c30d6e9 100644 --- a/usr.bin/ssh/ssh-ed25519.c +++ b/usr.bin/ssh/ssh-ed25519.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-ed25519.c,v 1.8 2020/02/26 13:40:09 jsg Exp $ */ +/* $OpenBSD: ssh-ed25519.c,v 1.9 2020/10/18 11:32:02 djm Exp $ */ /* * Copyright (c) 2013 Markus Friedl <markus@openbsd.org> * @@ -137,8 +137,7 @@ ssh_ed25519_verify(const struct sshkey *key, memcpy(sm+len, data, datalen); if ((ret = crypto_sign_ed25519_open(m, &mlen, sm, smlen, key->ed25519_pk)) != 0) { - debug2("%s: crypto_sign_ed25519_open failed: %d", - __func__, ret); + debug2_f("crypto_sign_ed25519_open failed: %d", ret); } if (ret != 0 || mlen != datalen) { r = SSH_ERR_SIGNATURE_INVALID; diff --git a/usr.bin/ssh/ssh-keygen.c b/usr.bin/ssh/ssh-keygen.c index 703a5fb2102..84a28ca3b5f 100644 --- a/usr.bin/ssh/ssh-keygen.c +++ b/usr.bin/ssh/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.420 2020/09/09 03:08:01 djm Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.421 2020/10/18 11:32:02 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -309,7 +309,7 @@ load_identity(const char *filename, char **commentp) if ((r = sshkey_load_private(filename, "", &prv, commentp)) == 0) return prv; if (r != SSH_ERR_KEY_WRONG_PASSPHRASE) - fatal("Load key \"%s\": %s", filename, ssh_err(r)); + fatal_r(r, "Load key \"%s\"", filename); if (identity_passphrase) pass = xstrdup(identity_passphrase); else @@ -317,7 +317,7 @@ load_identity(const char *filename, char **commentp) r = sshkey_load_private(filename, pass, &prv, commentp); freezero(pass, strlen(pass)); if (r != 0) - fatal("Load key \"%s\": %s", filename, ssh_err(r)); + fatal_r(r, "Load key \"%s\"", filename); return prv; } @@ -335,11 +335,11 @@ do_convert_to_ssh2(struct passwd *pw, struct sshkey *k) int r; if ((b = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); if ((r = sshkey_putb(k, b)) != 0) - fatal("key_to_blob failed: %s", ssh_err(r)); + fatal_fr(r, "put key"); if ((b64 = sshbuf_dtob64_string(b, 1)) == NULL) - fatal("%s: sshbuf_dtob64_string failed", __func__); + fatal_f("sshbuf_dtob64_string failed"); /* Comment + surrounds must fit into 72 chars (RFC 4716 sec 3.3) */ snprintf(comment, sizeof(comment), @@ -374,7 +374,7 @@ do_convert_to_pkcs8(struct sshkey *k) fatal("PEM_write_EC_PUBKEY failed"); break; default: - fatal("%s: unsupported key type %s", __func__, sshkey_type(k)); + fatal_f("unsupported key type %s", sshkey_type(k)); } exit(0); } @@ -396,7 +396,7 @@ do_convert_to_pem(struct sshkey *k) fatal("PEM_write_EC_PUBKEY failed"); break; default: - fatal("%s: unsupported key type %s", __func__, sshkey_type(k)); + fatal_f("unsupported key type %s", sshkey_type(k)); } exit(0); } @@ -425,7 +425,7 @@ do_convert_to(struct passwd *pw) do_convert_to_pem(k); break; default: - fatal("%s: unknown key format %d", __func__, convert_format); + fatal_f("unknown key format %d", convert_format); } exit(0); } @@ -441,15 +441,15 @@ buffer_get_bignum_bits(struct sshbuf *b, BIGNUM *value) int r; if ((r = sshbuf_get_u32(b, &bignum_bits)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse"); bytes = (bignum_bits + 7) / 8; if (sshbuf_len(b) < bytes) - fatal("%s: input buffer too small: need %d have %zu", - __func__, bytes, sshbuf_len(b)); + fatal_f("input buffer too small: need %d have %zu", + bytes, sshbuf_len(b)); if (BN_bin2bn(sshbuf_ptr(b), bytes, value) == NULL) - fatal("%s: BN_bin2bn failed", __func__); + fatal_f("BN_bin2bn failed"); if ((r = sshbuf_consume(b, bytes)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "consume"); } static struct sshkey * @@ -468,7 +468,7 @@ do_convert_private_ssh2(struct sshbuf *b) BIGNUM *rsa_p = NULL, *rsa_q = NULL, *rsa_iqmp = NULL; if ((r = sshbuf_get_u32(b, &magic)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse magic"); if (magic != SSH_COM_PRIVATE_KEY_MAGIC) { error("bad magic 0x%x != 0x%x", magic, @@ -481,7 +481,7 @@ do_convert_private_ssh2(struct sshbuf *b) (r = sshbuf_get_u32(b, &i2)) != 0 || (r = sshbuf_get_u32(b, &i3)) != 0 || (r = sshbuf_get_u32(b, &i4)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse"); debug("ignore (%d %d %d %d)", i1, i2, i3, i4); if (strcmp(cipher, "none") != 0) { error("unsupported cipher %s", cipher); @@ -510,24 +510,24 @@ do_convert_private_ssh2(struct sshbuf *b) (dsa_g = BN_new()) == NULL || (dsa_pub_key = BN_new()) == NULL || (dsa_priv_key = BN_new()) == NULL) - fatal("%s: BN_new", __func__); + fatal_f("BN_new"); buffer_get_bignum_bits(b, dsa_p); buffer_get_bignum_bits(b, dsa_g); buffer_get_bignum_bits(b, dsa_q); buffer_get_bignum_bits(b, dsa_pub_key); buffer_get_bignum_bits(b, dsa_priv_key); if (!DSA_set0_pqg(key->dsa, dsa_p, dsa_q, dsa_g)) - fatal("%s: DSA_set0_pqg failed", __func__); + fatal_f("DSA_set0_pqg failed"); dsa_p = dsa_q = dsa_g = NULL; /* transferred */ if (!DSA_set0_key(key->dsa, dsa_pub_key, dsa_priv_key)) - fatal("%s: DSA_set0_key failed", __func__); + fatal_f("DSA_set0_key failed"); dsa_pub_key = dsa_priv_key = NULL; /* transferred */ break; case KEY_RSA: if ((r = sshbuf_get_u8(b, &e1)) != 0 || (e1 < 30 && (r = sshbuf_get_u8(b, &e2)) != 0) || (e1 < 30 && (r = sshbuf_get_u8(b, &e3)) != 0)) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse RSA"); e = e1; debug("e %lx", e); if (e < 30) { @@ -539,7 +539,7 @@ do_convert_private_ssh2(struct sshbuf *b) debug("e %lx", e); } if ((rsa_e = BN_new()) == NULL) - fatal("%s: BN_new", __func__); + fatal_f("BN_new"); if (!BN_set_word(rsa_e, e)) { BN_clear_free(rsa_e); sshkey_free(key); @@ -550,26 +550,26 @@ do_convert_private_ssh2(struct sshbuf *b) (rsa_p = BN_new()) == NULL || (rsa_q = BN_new()) == NULL || (rsa_iqmp = BN_new()) == NULL) - fatal("%s: BN_new", __func__); + fatal_f("BN_new"); buffer_get_bignum_bits(b, rsa_d); buffer_get_bignum_bits(b, rsa_n); buffer_get_bignum_bits(b, rsa_iqmp); buffer_get_bignum_bits(b, rsa_q); buffer_get_bignum_bits(b, rsa_p); if (!RSA_set0_key(key->rsa, rsa_n, rsa_e, rsa_d)) - fatal("%s: RSA_set0_key failed", __func__); + fatal_f("RSA_set0_key failed"); rsa_n = rsa_e = rsa_d = NULL; /* transferred */ if (!RSA_set0_factors(key->rsa, rsa_p, rsa_q)) - fatal("%s: RSA_set0_factors failed", __func__); + fatal_f("RSA_set0_factors failed"); rsa_p = rsa_q = NULL; /* transferred */ if ((r = ssh_rsa_complete_crt_parameters(key, rsa_iqmp)) != 0) - fatal("generate RSA parameters failed: %s", ssh_err(r)); + fatal_fr(r, "generate RSA parameters"); BN_clear_free(rsa_iqmp); break; } rlen = sshbuf_len(b); if (rlen != 0) - error("%s: remaining bytes in key blob %d", __func__, rlen); + error_f("remaining bytes in key blob %d", rlen); /* try the key */ if (sshkey_sign(key, &sig, &slen, data, sizeof(data), @@ -652,12 +652,12 @@ do_convert_from_ssh2(struct passwd *pw, struct sshkey **k, int *private) (encoded[len-3] == '=')) encoded[len-3] = '\0'; if ((r = sshbuf_b64tod(buf, encoded)) != 0) - fatal("%s: base64 decoding failed: %s", __func__, ssh_err(r)); + fatal_fr(r, "base64 decode"); if (*private) { if ((*k = do_convert_private_ssh2(buf)) == NULL) - fatal("%s: private key conversion failed", __func__); + fatal_f("private key conversion failed"); } else if ((r = sshkey_fromb(buf, k)) != 0) - fatal("decode blob failed: %s", ssh_err(r)); + fatal_fr(r, "parse key"); sshbuf_free(buf); fclose(fp); } @@ -671,7 +671,7 @@ do_convert_from_pkcs8(struct sshkey **k, int *private) if ((fp = fopen(identity_file, "r")) == NULL) fatal("%s: %s: %s", __progname, identity_file, strerror(errno)); if ((pubkey = PEM_read_PUBKEY(fp, NULL, NULL, NULL)) == NULL) { - fatal("%s: %s is not a recognised public key format", __func__, + fatal_f("%s is not a recognised public key format", identity_file); } fclose(fp); @@ -696,7 +696,7 @@ do_convert_from_pkcs8(struct sshkey **k, int *private) (*k)->ecdsa_nid = sshkey_ecdsa_key_to_nid((*k)->ecdsa); break; default: - fatal("%s: unsupported pubkey type %d", __func__, + fatal_f("unsupported pubkey type %d", EVP_PKEY_base_id(pubkey)); } EVP_PKEY_free(pubkey); @@ -719,7 +719,7 @@ do_convert_from_pem(struct sshkey **k, int *private) fclose(fp); return; } - fatal("%s: unrecognised raw private key format", __func__); + fatal_f("unrecognised raw private key format"); } static void @@ -745,7 +745,7 @@ do_convert_from(struct passwd *pw) do_convert_from_pem(&k, &private); break; default: - fatal("%s: unknown key format %d", __func__, convert_format); + fatal_f("unknown key format %d", convert_format); } if (!private) { @@ -768,8 +768,7 @@ do_convert_from(struct passwd *pw) NULL, 0, NULL, NULL); break; default: - fatal("%s: unsupported key type %s", __func__, - sshkey_type(k)); + fatal_f("unsupported key type %s", sshkey_type(k)); } } @@ -794,7 +793,7 @@ do_print_public(struct passwd *pw) fatal("%s: %s", identity_file, strerror(errno)); prv = load_identity(identity_file, &comment); if ((r = sshkey_write(prv, stdout)) != 0) - error("sshkey_write failed: %s", ssh_err(r)); + fatal_fr(r, "write key"); if (comment != NULL && *comment != '\0') fprintf(stdout, " %s", comment); fprintf(stdout, "\n"); @@ -830,7 +829,7 @@ do_download(struct passwd *pw) ra = sshkey_fingerprint(keys[i], fingerprint_hash, SSH_FP_RANDOMART); if (fp == NULL || ra == NULL) - fatal("%s: sshkey_fingerprint fail", __func__); + fatal_f("sshkey_fingerprint fail"); printf("%u %s %s (PKCS11 key)\n", sshkey_size(keys[i]), fp, sshkey_type(keys[i])); if (log_level_get() >= SYSLOG_LEVEL_VERBOSE) @@ -881,7 +880,7 @@ fingerprint_one_key(const struct sshkey *public, const char *comment) fp = sshkey_fingerprint(public, fptype, rep); ra = sshkey_fingerprint(public, fingerprint_hash, SSH_FP_RANDOMART); if (fp == NULL || ra == NULL) - fatal("%s: sshkey_fingerprint failed", __func__); + fatal_f("sshkey_fingerprint failed"); mprintf("%u %s %s (%s)\n", sshkey_size(public), fp, comment ? comment : "no comment", sshkey_type(public)); if (log_level_get() >= SYSLOG_LEVEL_VERBOSE) @@ -901,12 +900,12 @@ fingerprint_private(const char *path) if (stat(identity_file, &st) == -1) fatal("%s: %s", path, strerror(errno)); if ((r = sshkey_load_public(path, &pubkey, &comment)) != 0) - debug("load public \"%s\": %s", path, ssh_err(r)); + debug_r(r, "load public \"%s\"", path); if (pubkey == NULL || comment == NULL || *comment == '\0') { free(comment); if ((r = sshkey_load_private(path, NULL, &privkey, &comment)) != 0) - debug("load private \"%s\": %s", path, ssh_err(r)); + debug_r(r, "load private \"%s\"", path); } if (pubkey == NULL && privkey == NULL) fatal("%s is not a key file.", path); @@ -1084,18 +1083,17 @@ do_gen_all_hostkeys(struct passwd *pw) bits = 0; type_bits_valid(type, NULL, &bits); if ((r = sshkey_generate(type, bits, &private)) != 0) { - error("sshkey_generate failed: %s", ssh_err(r)); + error_r(r, "sshkey_generate failed"); goto failnext; } if ((r = sshkey_from_private(private, &public)) != 0) - fatal("sshkey_from_private failed: %s", ssh_err(r)); + fatal_fr(r, "sshkey_from_private"); snprintf(comment, sizeof comment, "%s@%s", pw->pw_name, hostname); if ((r = sshkey_save_private(private, prv_tmp, "", comment, private_key_format, openssh_format_cipher, rounds)) != 0) { - error("Saving key \"%s\" failed: %s", - prv_tmp, ssh_err(r)); + error_r(r, "Saving key \"%s\" failed", prv_tmp); goto failnext; } if ((fd = mkstemp(pub_tmp)) == -1) { @@ -1106,8 +1104,8 @@ do_gen_all_hostkeys(struct passwd *pw) (void)fchmod(fd, 0644); (void)close(fd); if ((r = sshkey_save_public(public, pub_tmp, comment)) != 0) { - fatal("Unable to save public key to %s: %s", - identity_file, ssh_err(r)); + error_r(r, "Unable to save public key to %s", + identity_file); goto failnext; } @@ -1241,8 +1239,7 @@ known_hosts_find_delete(struct hostkey_foreach_line *l, void *_ctx) ra = sshkey_fingerprint(l->key, fingerprint_hash, SSH_FP_RANDOMART); if (fp == NULL || ra == NULL) - fatal("%s: sshkey_fingerprint failed", - __func__); + fatal_f("sshkey_fingerprint failed"); mprintf("%s %s %s%s%s\n", ctx->host, sshkey_type(l->key), fp, l->comment[0] ? " " : "", @@ -1323,7 +1320,7 @@ do_known_hosts(struct passwd *pw, const char *name, int find_host, foreach_options)) != 0) { if (inplace) unlink(tmp); - fatal("%s: hostkeys_foreach failed: %s", __func__, ssh_err(r)); + fatal_fr(r, "hostkeys_foreach"); } if (inplace) @@ -1402,7 +1399,7 @@ do_change_passphrase(struct passwd *pw) goto badkey; } else if (r != 0) { badkey: - fatal("Failed to load key %s: %s", identity_file, ssh_err(r)); + fatal_r(r, "Failed to load key %s", identity_file); } if (comment) mprintf("Key has comment '%s'\n", comment); @@ -1434,8 +1431,7 @@ do_change_passphrase(struct passwd *pw) /* Save the file using the new passphrase. */ if ((r = sshkey_save_private(private, identity_file, passphrase1, comment, private_key_format, openssh_format_cipher, rounds)) != 0) { - error("Saving key \"%s\" failed: %s.", - identity_file, ssh_err(r)); + error_r(r, "Saving key \"%s\" failed", identity_file); freezero(passphrase1, strlen(passphrase1)); sshkey_free(private); free(comment); @@ -1463,15 +1459,14 @@ do_print_resource_record(struct passwd *pw, char *fname, char *hname, int r; if (fname == NULL) - fatal("%s: no filename", __func__); + fatal_f("no filename"); if (stat(fname, &st) == -1) { if (errno == ENOENT) return 0; fatal("%s: %s", fname, strerror(errno)); } if ((r = sshkey_load_public(fname, &public, &comment)) != 0) - fatal("Failed to read v2 public key from \"%s\": %s.", - fname, ssh_err(r)); + fatal_r(r, "Failed to read v2 public key from \"%s\"", fname); export_dns_rr(hname, public, stdout, print_generic); sshkey_free(public); free(comment); @@ -1498,8 +1493,7 @@ do_change_comment(struct passwd *pw, const char *identity_comment) &private, &comment)) == 0) passphrase = xstrdup(""); else if (r != SSH_ERR_KEY_WRONG_PASSPHRASE) - fatal("Cannot load private key \"%s\": %s.", - identity_file, ssh_err(r)); + fatal_r(r, "Cannot load private key \"%s\"", identity_file); else { if (identity_passphrase) passphrase = xstrdup(identity_passphrase); @@ -1512,8 +1506,8 @@ do_change_comment(struct passwd *pw, const char *identity_comment) if ((r = sshkey_load_private(identity_file, passphrase, &private, &comment)) != 0) { freezero(passphrase, strlen(passphrase)); - fatal("Cannot load private key \"%s\": %s.", - identity_file, ssh_err(r)); + fatal_r(r, "Cannot load private key \"%s\"", + identity_file); } } @@ -1554,8 +1548,7 @@ do_change_comment(struct passwd *pw, const char *identity_comment) if ((r = sshkey_save_private(private, identity_file, passphrase, new_comment, private_key_format, openssh_format_cipher, rounds)) != 0) { - error("Saving key \"%s\" failed: %s", - identity_file, ssh_err(r)); + error_r(r, "Saving key \"%s\" failed", identity_file); freezero(passphrase, strlen(passphrase)); sshkey_free(private); free(comment); @@ -1563,14 +1556,12 @@ do_change_comment(struct passwd *pw, const char *identity_comment) } freezero(passphrase, strlen(passphrase)); if ((r = sshkey_from_private(private, &public)) != 0) - fatal("sshkey_from_private failed: %s", ssh_err(r)); + fatal_fr(r, "sshkey_from_private"); sshkey_free(private); strlcat(identity_file, ".pub", sizeof(identity_file)); - if ((r = sshkey_save_public(public, identity_file, new_comment)) != 0) { - fatal("Unable to save public key to %s: %s", - identity_file, ssh_err(r)); - } + if ((r = sshkey_save_public(public, identity_file, new_comment)) != 0) + fatal_r(r, "Unable to save public key to %s", identity_file); sshkey_free(public); free(comment); @@ -1622,7 +1613,7 @@ prepare_options_buf(struct sshbuf *c, int which) const struct cert_ext *ext; if ((b = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); sshbuf_reset(c); for (i = 0; i < ncert_ext; i++) { ext = &cert_ext[i]; @@ -1631,18 +1622,18 @@ prepare_options_buf(struct sshbuf *c, int which) continue; if (ext->val == NULL) { /* flag option */ - debug3("%s: %s", __func__, ext->key); + debug3_f("%s", ext->key); if ((r = sshbuf_put_cstring(c, ext->key)) != 0 || (r = sshbuf_put_string(c, NULL, 0)) != 0) - fatal("%s: buffer: %s", __func__, ssh_err(r)); + fatal_fr(r, "prepare flag"); } else { /* key/value option */ - debug3("%s: %s=%s", __func__, ext->key, ext->val); + debug3_f("%s=%s", ext->key, ext->val); sshbuf_reset(b); if ((r = sshbuf_put_cstring(c, ext->key)) != 0 || (r = sshbuf_put_cstring(b, ext->val)) != 0 || (r = sshbuf_put_stringb(c, b)) != 0) - fatal("%s: buffer: %s", __func__, ssh_err(r)); + fatal_fr(r, "prepare k/v"); } } sshbuf_free(b); @@ -1682,12 +1673,11 @@ load_pkcs11_key(char *path) int r, i, nkeys; if ((r = sshkey_load_public(path, &public, NULL)) != 0) - fatal("Couldn't load CA public key \"%s\": %s", - path, ssh_err(r)); + fatal_r(r, "Couldn't load CA public key \"%s\"", path); nkeys = pkcs11_add_provider(pkcs11provider, identity_passphrase, &keys, NULL); - debug3("%s: %d keys", __func__, nkeys); + debug3_f("%d keys", nkeys); if (nkeys <= 0) fatal("cannot read public key from pkcs11"); for (i = 0; i < nkeys; i++) { @@ -1747,13 +1737,11 @@ do_ca_sign(struct passwd *pw, const char *ca_key_path, int prefer_agent, * agent. */ if ((r = sshkey_load_public(tmp, &ca, NULL)) != 0) - fatal("Cannot load CA public key %s: %s", - tmp, ssh_err(r)); + fatal_r(r, "Cannot load CA public key %s", tmp); if ((r = ssh_get_authentication_socket(&agent_fd)) != 0) - fatal("Cannot use public key for CA signature: %s", - ssh_err(r)); + fatal_r(r, "Cannot use public key for CA signature"); if ((r = ssh_fetch_identitylist(agent_fd, &agent_ids)) != 0) - fatal("Retrieve agent key list: %s", ssh_err(r)); + fatal_r(r, "Retrieve agent key list"); found = 0; for (j = 0; j < agent_ids->nkeys; j++) { if (sshkey_equal(ca, agent_ids->keys[j])) { @@ -1772,7 +1760,7 @@ do_ca_sign(struct passwd *pw, const char *ca_key_path, int prefer_agent, (ca->sk_flags & SSH_SK_USER_VERIFICATION_REQD)) { if ((pin = read_passphrase("Enter PIN for CA key: ", RP_ALLOW_STDIN)) == NULL) - fatal("%s: couldn't read PIN", __func__); + fatal_f("couldn't read PIN"); } } free(tmp); @@ -1807,16 +1795,14 @@ do_ca_sign(struct passwd *pw, const char *ca_key_path, int prefer_agent, tmp = tilde_expand_filename(argv[i], pw->pw_uid); if ((r = sshkey_load_public(tmp, &public, &comment)) != 0) - fatal("%s: unable to open \"%s\": %s", - __func__, tmp, ssh_err(r)); + fatal_r(r, "load pubkey \"%s\"", tmp); if (sshkey_is_cert(public)) - fatal("%s: key \"%s\" type %s cannot be certified", - __func__, tmp, sshkey_type(public)); + fatal_f("key \"%s\" type %s cannot be certified", + tmp, sshkey_type(public)); /* Prepare certificate to sign */ if ((r = sshkey_to_certified(public)) != 0) - fatal("Could not upgrade key %s to certificate: %s", - tmp, ssh_err(r)); + fatal_r(r, "Could not upgrade key %s to certificate", tmp); public->cert->type = cert_key_type; public->cert->serial = (u_int64_t)cert_serial; public->cert->key_id = xstrdup(cert_key_id); @@ -1829,14 +1815,13 @@ do_ca_sign(struct passwd *pw, const char *ca_key_path, int prefer_agent, OPTIONS_EXTENSIONS); if ((r = sshkey_from_private(ca, &public->cert->signature_key)) != 0) - fatal("sshkey_from_private (ca key): %s", ssh_err(r)); + fatal_r(r, "sshkey_from_private (ca key)"); if (agent_fd != -1 && (ca->flags & SSHKEY_FLAG_EXT) != 0) { if ((r = sshkey_certify_custom(public, ca, key_type_name, sk_provider, NULL, agent_signer, &agent_fd)) != 0) - fatal("Couldn't certify key %s via agent: %s", - tmp, ssh_err(r)); + fatal_r(r, "Couldn't certify %s via agent", tmp); } else { if (sshkey_is_sk(ca) && (ca->sk_flags & SSH_SK_USER_PRESENCE_REQD)) { @@ -1848,8 +1833,7 @@ do_ca_sign(struct passwd *pw, const char *ca_key_path, int prefer_agent, sk_provider, pin); notify_complete(notifier); if (r != 0) - fatal("Couldn't certify key %s: %s", - tmp, ssh_err(r)); + fatal_r(r, "Couldn't certify key %s", tmp); } if ((cp = strrchr(tmp, '.')) != NULL && strcmp(cp, ".pub") == 0) @@ -1858,8 +1842,8 @@ do_ca_sign(struct passwd *pw, const char *ca_key_path, int prefer_agent, free(tmp); if ((r = sshkey_save_public(public, out, comment)) != 0) { - fatal("Unable to save public key to %s: %s", - identity_file, ssh_err(r)); + fatal_r(r, "Unable to save public key to %s", + identity_file); } if (!quiet) { @@ -2019,13 +2003,13 @@ show_options(struct sshbuf *optbuf, int in_critical) int r; if ((options = sshbuf_fromb(optbuf)) == NULL) - fatal("%s: sshbuf_fromb failed", __func__); + fatal_f("sshbuf_fromb failed"); while (sshbuf_len(options) != 0) { sshbuf_free(option); option = NULL; if ((r = sshbuf_get_cstring(options, &name, NULL)) != 0 || (r = sshbuf_froms(options, &option)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse option"); printf(" %s", name); if (!in_critical && (strcmp(name, "permit-X11-forwarding") == 0 || @@ -2039,8 +2023,7 @@ show_options(struct sshbuf *optbuf, int in_critical) (strcmp(name, "force-command") == 0 || strcmp(name, "source-address") == 0)) { if ((r = sshbuf_get_cstring(option, &arg, NULL)) != 0) - fatal("%s: buffer error: %s", - __func__, ssh_err(r)); + fatal_fr(r, "parse critical"); printf(" %s\n", arg); free(arg); } else if (sshbuf_len(option) > 0) { @@ -2069,7 +2052,7 @@ print_cert(struct sshkey *key) ca_fp = sshkey_fingerprint(key->cert->signature_key, fingerprint_hash, SSH_FP_DEFAULT); if (key_fp == NULL || ca_fp == NULL) - fatal("%s: sshkey_fingerprint fail", __func__); + fatal_f("sshkey_fingerprint fail"); sshkey_format_cert_validity(key->cert, valid, sizeof(valid)); printf(" Type: %s %s certificate\n", sshkey_ssh_name(key), @@ -2142,8 +2125,7 @@ do_show_cert(struct passwd *pw) if ((key = sshkey_new(KEY_UNSPEC)) == NULL) fatal("sshkey_new"); if ((r = sshkey_read(key, &cp)) != 0) { - error("%s:%lu: invalid key: %s", path, - lnum, ssh_err(r)); + error_r(r, "%s:%lu: invalid key", path, lnum); continue; } if (!sshkey_is_cert(key)) { @@ -2170,11 +2152,11 @@ load_krl(const char *path, struct ssh_krl **krlp) int r; if ((r = sshbuf_load_file(path, &krlbuf)) != 0) - fatal("Unable to load KRL: %s", ssh_err(r)); + fatal_r(r, "Unable to load KRL %s", path); /* XXX check sigs */ if ((r = ssh_krl_from_blob(krlbuf, krlp, NULL, 0)) != 0 || *krlp == NULL) - fatal("Invalid KRL file: %s", ssh_err(r)); + fatal_r(r, "Invalid KRL file %s", path); sshbuf_free(krlbuf); } @@ -2203,9 +2185,9 @@ hash_to_blob(const char *cp, u_char **blobp, size_t *lenp, tmp[tlen] = '\0'; } if ((b = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); if ((r = sshbuf_b64tod(b, tmp)) != 0) - fatal("%s:%lu: decode hash failed: %s", file, lnum, ssh_err(r)); + fatal_r(r, "%s:%lu: decode hash failed", file, lnum); free(tmp); *lenp = sshbuf_len(b); *blobp = xmalloc(*lenp); @@ -2291,8 +2273,7 @@ update_krl_from_file(struct passwd *pw, const char *file, int wild_ca, } if (ssh_krl_revoke_cert_by_serial_range(krl, ca, serial, serial2) != 0) { - fatal("%s: revoke serial failed", - __func__); + fatal_f("revoke serial failed"); } } else if (strncasecmp(cp, "id:", 3) == 0) { if (ca == NULL && !wild_ca) { @@ -2302,15 +2283,14 @@ update_krl_from_file(struct passwd *pw, const char *file, int wild_ca, cp += 3; cp = cp + strspn(cp, " \t"); if (ssh_krl_revoke_cert_by_key_id(krl, ca, cp) != 0) - fatal("%s: revoke key ID failed", __func__); + fatal_f("revoke key ID failed"); } else if (strncasecmp(cp, "hash:", 5) == 0) { cp += 5; cp = cp + strspn(cp, " \t"); hash_to_blob(cp, &blob, &blen, file, lnum); r = ssh_krl_revoke_key_sha256(krl, blob, blen); if (r != 0) - fatal("%s: revoke key failed: %s", - __func__, ssh_err(r)); + fatal_fr(r, "revoke key failed"); } else { if (strncasecmp(cp, "key:", 4) == 0) { cp += 4; @@ -2332,8 +2312,7 @@ update_krl_from_file(struct passwd *pw, const char *file, int wild_ca, if ((key = sshkey_new(KEY_UNSPEC)) == NULL) fatal("sshkey_new"); if ((r = sshkey_read(key, &cp)) != 0) - fatal("%s:%lu: invalid key: %s", - path, lnum, ssh_err(r)); + fatal_r(r, "%s:%lu: invalid key", path, lnum); if (was_explicit_key) r = ssh_krl_revoke_key_explicit(krl, key); else if (was_sha1) { @@ -2353,8 +2332,7 @@ update_krl_from_file(struct passwd *pw, const char *file, int wild_ca, } else r = ssh_krl_revoke_key(krl, key); if (r != 0) - fatal("%s: revoke key failed: %s", - __func__, ssh_err(r)); + fatal_fr(r, "revoke key failed"); freezero(blob, blen); blob = NULL; blen = 0; @@ -2394,8 +2372,7 @@ do_gen_krl(struct passwd *pw, int updating, const char *ca_key_path, else { tmp = tilde_expand_filename(ca_key_path, pw->pw_uid); if ((r = sshkey_load_public(tmp, &ca, NULL)) != 0) - fatal("Cannot load CA public key %s: %s", - tmp, ssh_err(r)); + fatal_r(r, "Cannot load CA public key %s", tmp); free(tmp); } } @@ -2439,8 +2416,7 @@ do_check_krl(struct passwd *pw, int print_krl, int argc, char **argv) krl_dump(krl, stdout); for (i = 0; i < argc; i++) { if ((r = sshkey_load_public(argv[i], &k, &comment)) != 0) - fatal("Cannot load public key %s: %s", - argv[i], ssh_err(r)); + fatal_r(r, "Cannot load public key %s", argv[i]); r = ssh_krl_check_key(krl, k); printf("%s%s%s%s: %s\n", argv[i], *comment ? " (" : "", comment, *comment ? ")" : "", @@ -2474,8 +2450,8 @@ load_sign_key(const char *keypath, const struct sshkey *pubkey) strcmp(privpath + plen - slen, suffixes[i]) != 0) continue; privpath[plen - slen] = '\0'; - debug("%s: %s looks like a public key, using private key " - "path %s instead", __func__, keypath, privpath); + debug_f("%s looks like a public key, using private key " + "path %s instead", keypath, privpath); } if ((privkey = load_identity(privpath, NULL)) == NULL) { error("Couldn't load identity %s", keypath); @@ -2492,12 +2468,11 @@ load_sign_key(const char *keypath, const struct sshkey *pubkey) * it capable of signing. */ if ((r = sshkey_to_certified(privkey)) != 0) { - error("%s: sshkey_to_certified: %s", __func__, - ssh_err(r)); + error_fr(r, "sshkey_to_certified"); goto done; } if ((r = sshkey_cert_copy(pubkey, privkey)) != 0) { - error("%s: sshkey_cert_copy: %s", __func__, ssh_err(r)); + error_fr(r, "sshkey_cert_copy"); goto done; } } @@ -2531,12 +2506,12 @@ sign_one(struct sshkey *signkey, const char *filename, int fd, sshkey_type(signkey)); if ((pin = read_passphrase(prompt, RP_ALLOW_STDIN)) == NULL) - fatal("%s: couldn't read PIN", __func__); + fatal_f("couldn't read PIN"); } if ((signkey->sk_flags & SSH_SK_USER_PRESENCE_REQD)) { if ((fp = sshkey_fingerprint(signkey, fingerprint_hash, SSH_FP_DEFAULT)) == NULL) - fatal("%s: fingerprint failed", __func__); + fatal_f("fingerprint failed"); fprintf(stderr, "Confirm user presence for key %s %s\n", sshkey_type(signkey), fp); free(fp); @@ -2544,15 +2519,15 @@ sign_one(struct sshkey *signkey, const char *filename, int fd, } if ((r = sshsig_sign_fd(signkey, NULL, sk_provider, pin, fd, sig_namespace, &sigbuf, signer, signer_ctx)) != 0) { - error("Signing %s failed: %s", filename, ssh_err(r)); + error_r(r, "Signing %s failed", filename); goto out; } if ((r = sshsig_armor(sigbuf, &abuf)) != 0) { - error("%s: sshsig_armor: %s", __func__, ssh_err(r)); + error_fr(r, "sshsig_armor"); goto out; } if ((asig = sshbuf_dup_string(abuf)) == NULL) { - error("%s: buffer error", __func__); + error_f("buffer error"); r = SSH_ERR_ALLOC_FAIL; goto out; } @@ -2619,17 +2594,17 @@ sig_sign(const char *keypath, const char *sig_namespace, int argc, char **argv) } if ((r = sshkey_load_public(keypath, &pubkey, NULL)) != 0) { - error("Couldn't load public key %s: %s", keypath, ssh_err(r)); + error_r(r, "Couldn't load public key %s", keypath); goto done; } if ((r = ssh_get_authentication_socket(&agent_fd)) != 0) - debug("Couldn't get agent socket: %s", ssh_err(r)); + debug_r(r, "Couldn't get agent socket"); else { if ((r = ssh_agent_has_key(agent_fd, pubkey)) == 0) signer = agent_signer; else - debug("Couldn't find key in agent: %s", ssh_err(r)); + debug_r(r, "Couldn't find key in agent"); } if (signer == NULL) { @@ -2685,12 +2660,12 @@ sig_verify(const char *signature, const char *sig_namespace, memset(&sig_details, 0, sizeof(sig_details)); if ((r = sshbuf_load_file(signature, &abuf)) != 0) { - error("Couldn't read signature file: %s", ssh_err(r)); + error_r(r, "Couldn't read signature file"); goto done; } if ((r = sshsig_dearmor(abuf, &sigbuf)) != 0) { - error("%s: sshsig_armor: %s", __func__, ssh_err(r)); + error_fr(r, "sshsig_armor"); goto done; } if ((r = sshsig_verify_fd(sigbuf, STDIN_FILENO, sig_namespace, @@ -2699,26 +2674,25 @@ sig_verify(const char *signature, const char *sig_namespace, if ((fp = sshkey_fingerprint(sign_key, fingerprint_hash, SSH_FP_DEFAULT)) == NULL) - fatal("%s: sshkey_fingerprint failed", __func__); + fatal_f("sshkey_fingerprint failed"); debug("Valid (unverified) signature from key %s", fp); if (sig_details != NULL) { - debug2("%s: signature details: counter = %u, flags = 0x%02x", - __func__, sig_details->sk_counter, sig_details->sk_flags); + debug2_f("signature details: counter = %u, flags = 0x%02x", + sig_details->sk_counter, sig_details->sk_flags); } free(fp); fp = NULL; if (revoked_keys != NULL) { if ((r = sshkey_check_revoked(sign_key, revoked_keys)) != 0) { - debug3("sshkey_check_revoked failed: %s", ssh_err(r)); + debug3_fr(r, "sshkey_check_revoked"); goto done; } } - if (allowed_keys != NULL && - (r = sshsig_check_allowed_keys(allowed_keys, sign_key, - principal, sig_namespace)) != 0) { - debug3("sshsig_check_allowed_keys failed: %s", ssh_err(r)); + if (allowed_keys != NULL && (r = sshsig_check_allowed_keys(allowed_keys, + sign_key, principal, sig_namespace)) != 0) { + debug3_fr(r, "sshsig_check_allowed_keys"); goto done; } /* success */ @@ -2727,10 +2701,8 @@ done: if (!quiet) { if (ret == 0) { if ((fp = sshkey_fingerprint(sign_key, fingerprint_hash, - SSH_FP_DEFAULT)) == NULL) { - fatal("%s: sshkey_fingerprint failed", - __func__); - } + SSH_FP_DEFAULT)) == NULL) + fatal_f("sshkey_fingerprint failed"); if (principal == NULL) { printf("Good \"%s\" signature with %s key %s\n", sig_namespace, sshkey_type(sign_key), fp); @@ -2760,22 +2732,20 @@ sig_find_principals(const char *signature, const char *allowed_keys) { char *principals = NULL, *cp, *tmp; if ((r = sshbuf_load_file(signature, &abuf)) != 0) { - error("Couldn't read signature file: %s", ssh_err(r)); + error_r(r, "Couldn't read signature file"); goto done; } if ((r = sshsig_dearmor(abuf, &sigbuf)) != 0) { - error("%s: sshsig_armor: %s", __func__, ssh_err(r)); + error_fr(r, "sshsig_armor"); goto done; } if ((r = sshsig_get_pubkey(sigbuf, &sign_key)) != 0) { - error("%s: sshsig_get_pubkey: %s", - __func__, ssh_err(r)); + error_fr(r, "sshsig_get_pubkey"); goto done; } if ((r = sshsig_find_principals(allowed_keys, sign_key, &principals)) != 0) { - error("%s: sshsig_get_principal: %s", - __func__, ssh_err(r)); + error_fr(r, "sshsig_get_principal"); goto done; } ret = 0; @@ -2975,7 +2945,7 @@ do_download_sk(const char *skprovider, const char *device) &keys, &nkeys)) != 0) { if (pin != NULL) freezero(pin, strlen(pin)); - error("Unable to load resident keys: %s", ssh_err(r)); + error_r(r, "Unable to load resident keys"); return -1; } if (nkeys == 0) @@ -2992,8 +2962,8 @@ do_download_sk(const char *skprovider, const char *device) } if ((fp = sshkey_fingerprint(keys[i], fingerprint_hash, SSH_FP_DEFAULT)) == NULL) - fatal("%s: sshkey_fingerprint failed", __func__); - debug("%s: key %zu: %s %s %s (flags 0x%02x)", __func__, i, + fatal_f("sshkey_fingerprint failed"); + debug_f("key %zu: %s %s %s (flags 0x%02x)", i, sshkey_type(keys[i]), fp, keys[i]->sk_application, keys[i]->sk_flags); ext = skip_ssh_url_preamble(keys[i]->sk_application); @@ -3013,8 +2983,7 @@ do_download_sk(const char *skprovider, const char *device) if ((r = sshkey_save_private(keys[i], path, pass, keys[i]->sk_application, private_key_format, openssh_format_cipher, rounds)) != 0) { - error("Saving key \"%s\" failed: %s", - path, ssh_err(r)); + error_r(r, "Saving key \"%s\" failed", path); free(path); break; } @@ -3031,8 +3000,7 @@ do_download_sk(const char *skprovider, const char *device) free(path); if ((r = sshkey_save_public(keys[i], pubpath, keys[i]->sk_application)) != 0) { - error("Saving public key \"%s\" failed: %s", - pubpath, ssh_err(r)); + error_r(r, "Saving public key \"%s\" failed", pubpath); free(pubpath); break; } @@ -3063,8 +3031,7 @@ save_attestation(struct sshbuf *attest, const char *path) r = sshbuf_write_file(path, attest); umask(omask); if (r != 0) - fatal("Unable to write attestation data \"%s\": %s", path, - ssh_err(r)); + fatal_r(r, "Unable to write attestation data \"%s\"", path); if (!quiet) printf("Your FIDO attestation certificate has been saved in " "%s\n", path); @@ -3583,9 +3550,9 @@ main(int argc, char **argv) } else if (strncasecmp(opts[i], "challenge=", 10) == 0) { if ((r = sshbuf_load_file(opts[i] + 10, &challenge)) != 0) { - fatal("Unable to load FIDO enrollment " - "challenge \"%s\": %s", - opts[i] + 10, ssh_err(r)); + fatal_r(r, "Unable to load FIDO " + "enrollment challenge \"%s\"", + opts[i] + 10); } } else if (strncasecmp(opts[i], "write-attestation=", 18) == 0) { @@ -3624,7 +3591,7 @@ main(int argc, char **argv) if (r == 0) break; if (r != SSH_ERR_KEY_WRONG_PASSPHRASE) - fatal("Key enrollment failed: %s", ssh_err(r)); + fatal_r(r, "Key enrollment failed"); else if (passphrase != NULL) { error("PIN incorrect"); freezero(passphrase, strlen(passphrase)); @@ -3651,7 +3618,7 @@ main(int argc, char **argv) break; } if ((r = sshkey_from_private(private, &public)) != 0) - fatal("sshkey_from_private failed: %s\n", ssh_err(r)); + fatal_r(r, "sshkey_from_private"); if (!have_identity) ask_filename(pw, "Enter file in which to save the key"); @@ -3675,8 +3642,7 @@ main(int argc, char **argv) /* Save the key with the given passphrase and comment. */ if ((r = sshkey_save_private(private, identity_file, passphrase, comment, private_key_format, openssh_format_cipher, rounds)) != 0) { - error("Saving key \"%s\" failed: %s", - identity_file, ssh_err(r)); + error_r(r, "Saving key \"%s\" failed", identity_file); freezero(passphrase, strlen(passphrase)); exit(1); } @@ -3689,10 +3655,8 @@ main(int argc, char **argv) } strlcat(identity_file, ".pub", sizeof(identity_file)); - if ((r = sshkey_save_public(public, identity_file, comment)) != 0) { - fatal("Unable to save public key to %s: %s", - identity_file, ssh_err(r)); - } + if ((r = sshkey_save_public(public, identity_file, comment)) != 0) + fatal_r(r, "Unable to save public key to %s", identity_file); if (!quiet) { fp = sshkey_fingerprint(public, fingerprint_hash, diff --git a/usr.bin/ssh/ssh-keyscan.c b/usr.bin/ssh/ssh-keyscan.c index dd5d2344ab7..18c0144c17a 100644 --- a/usr.bin/ssh/ssh-keyscan.c +++ b/usr.bin/ssh/ssh-keyscan.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keyscan.c,v 1.135 2020/10/18 11:21:59 djm Exp $ */ +/* $OpenBSD: ssh-keyscan.c,v 1.136 2020/10/18 11:32:02 djm Exp $ */ /* * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. * @@ -349,7 +349,7 @@ tcpconnect(char *host) continue; } if (set_nonblock(s) == -1) - fatal("%s: set_nonblock(%d)", __func__, s); + fatal_f("set_nonblock(%d)", s); if (connect(s, ai->ai_addr, ai->ai_addrlen) == -1 && errno != EINPROGRESS) error("connect (`%s'): %s", host, strerror(errno)); @@ -383,7 +383,7 @@ conalloc(char *iname, char *oname, int keytype) if (fdcon[s].c_status) fatal("conalloc: attempt to reuse fdno %d", s); - debug3("%s: oname %s kt %d", __func__, oname, keytype); + debug3_f("oname %s kt %d", oname, keytype); fdcon[s].c_fd = s; fdcon[s].c_status = CS_CON; fdcon[s].c_namebase = namebase; @@ -767,8 +767,7 @@ main(int argc, char **argv) if (argv[j] == NULL) fp = stdin; else if ((fp = fopen(argv[j], "r")) == NULL) - fatal("%s: %s: %s", __progname, argv[j], - strerror(errno)); + fatal("%s: %s: %s", __progname, argv[j], strerror(errno)); while (getline(&line, &linesize, fp) != -1) { /* Chomp off trailing whitespace and comments */ @@ -790,8 +789,7 @@ main(int argc, char **argv) } if (ferror(fp)) - fatal("%s: %s: %s", __progname, argv[j], - strerror(errno)); + fatal("%s: %s: %s", __progname, argv[j], strerror(errno)); fclose(fp); } diff --git a/usr.bin/ssh/ssh-keysign.c b/usr.bin/ssh/ssh-keysign.c index 68ef420426c..bf45e263792 100644 --- a/usr.bin/ssh/ssh-keysign.c +++ b/usr.bin/ssh/ssh-keysign.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keysign.c,v 1.64 2020/08/27 01:06:18 djm Exp $ */ +/* $OpenBSD: ssh-keysign.c,v 1.65 2020/10/18 11:32:02 djm Exp $ */ /* * Copyright (c) 2002 Markus Friedl. All rights reserved. * @@ -73,33 +73,33 @@ valid_request(struct passwd *pw, char *host, struct sshkey **ret, fail = 0; if ((b = sshbuf_from(data, datalen)) == NULL) - fatal("%s: sshbuf_from failed", __func__); + fatal_f("sshbuf_from failed"); /* session id, currently limited to SHA1 (20 bytes) or SHA256 (32) */ if ((r = sshbuf_get_string(b, NULL, &len)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse session ID"); if (len != 20 && len != 32) fail++; if ((r = sshbuf_get_u8(b, &type)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse type"); if (type != SSH2_MSG_USERAUTH_REQUEST) fail++; /* server user */ if ((r = sshbuf_skip_string(b)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse user"); /* service */ if ((r = sshbuf_get_cstring(b, &p, NULL)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse service"); if (strcmp("ssh-connection", p) != 0) fail++; free(p); /* method */ if ((r = sshbuf_get_cstring(b, &p, NULL)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse method"); if (strcmp("hostbased", p) != 0) fail++; free(p); @@ -107,13 +107,13 @@ valid_request(struct passwd *pw, char *host, struct sshkey **ret, /* pubkey */ if ((r = sshbuf_get_cstring(b, &pkalg, NULL)) != 0 || (r = sshbuf_get_string(b, &pkblob, &blen)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse pk"); pktype = sshkey_type_from_name(pkalg); if (pktype == KEY_UNSPEC) fail++; else if ((r = sshkey_from_blob(pkblob, blen, &key)) != 0) { - error("%s: bad key blob: %s", __func__, ssh_err(r)); + error_fr(r, "decode key"); fail++; } else if (key->type != pktype) fail++; @@ -122,8 +122,8 @@ valid_request(struct passwd *pw, char *host, struct sshkey **ret, /* client host name, handle trailing dot */ if ((r = sshbuf_get_cstring(b, &p, &len)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); - debug2("%s: check expect chost %s got %s", __func__, host, p); + fatal_fr(r, "parse hostname"); + debug2_f("check expect chost %s got %s", host, p); if (strlen(host) != len - 1) fail++; else if (p[len - 1] != '.') @@ -134,7 +134,7 @@ valid_request(struct passwd *pw, char *host, struct sshkey **ret, /* local user */ if ((r = sshbuf_get_cstring(b, &luser, NULL)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse luser"); if (strcmp(pw->pw_name, luser) != 0) fail++; @@ -145,7 +145,7 @@ valid_request(struct passwd *pw, char *host, struct sshkey **ret, fail++; sshbuf_free(b); - debug3("%s: fail %d", __func__, fail); + debug3_f("fail %d", fail); if (fail) sshkey_free(key); @@ -224,7 +224,7 @@ main(int argc, char **argv) NULL, &key, NULL); close(key_fd[i]); if (r != 0) - debug("parse key %d: %s", i, ssh_err(r)); + debug_r(r, "parse key %d", i); else if (key != NULL) { keys[i] = key; found = 1; @@ -239,22 +239,23 @@ main(int argc, char **argv) if ((b = sshbuf_new()) == NULL) fatal("%s: sshbuf_new failed", __progname); if (ssh_msg_recv(STDIN_FILENO, b) < 0) - fatal("ssh_msg_recv failed"); + fatal("%s: ssh_msg_recv failed", __progname); if ((r = sshbuf_get_u8(b, &rver)) != 0) - fatal("%s: buffer error: %s", __progname, ssh_err(r)); + fatal_r(r, "%s: buffer error", __progname); if (rver != version) - fatal("bad version: received %d, expected %d", rver, version); + fatal("%s: bad version: received %d, expected %d", + __progname, rver, version); if ((r = sshbuf_get_u32(b, (u_int *)&fd)) != 0) - fatal("%s: buffer error: %s", __progname, ssh_err(r)); + fatal_r(r, "%s: buffer error", __progname); if (fd < 0 || fd == STDIN_FILENO || fd == STDOUT_FILENO) - fatal("bad fd = %d", fd); + fatal("%s: bad fd = %d", __progname, fd); if ((host = get_local_name(fd)) == NULL) - fatal("cannot get local name for fd"); + fatal("%s: cannot get local name for fd", __progname); if ((r = sshbuf_get_string(b, &data, &dlen)) != 0) - fatal("%s: buffer error: %s", __progname, ssh_err(r)); + fatal_r(r, "%s: buffer error", __progname); if (valid_request(pw, host, &key, data, dlen) < 0) - fatal("not a valid request"); + fatal("%s: not a valid request", __progname); free(host); found = 0; @@ -269,21 +270,21 @@ main(int argc, char **argv) if ((fp = sshkey_fingerprint(key, options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) fatal("%s: sshkey_fingerprint failed", __progname); - fatal("no matching hostkey found for key %s %s", + fatal("%s: no matching hostkey found for key %s %s", __progname, sshkey_type(key), fp ? fp : ""); } if ((r = sshkey_sign(keys[i], &signature, &slen, data, dlen, NULL, NULL, NULL, 0)) != 0) - fatal("sshkey_sign failed: %s", ssh_err(r)); + fatal_r(r, "%s: sshkey_sign failed", __progname); free(data); /* send reply */ sshbuf_reset(b); if ((r = sshbuf_put_string(b, signature, slen)) != 0) - fatal("%s: buffer error: %s", __progname, ssh_err(r)); + fatal_r(r, "%s: buffer error", __progname); if (ssh_msg_send(STDOUT_FILENO, version, b) == -1) - fatal("ssh_msg_send failed"); + fatal("%s: ssh_msg_send failed", __progname); return (0); } diff --git a/usr.bin/ssh/ssh-pkcs11-client.c b/usr.bin/ssh/ssh-pkcs11-client.c index b40cfe8becc..a230abe308c 100644 --- a/usr.bin/ssh/ssh-pkcs11-client.c +++ b/usr.bin/ssh/ssh-pkcs11-client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-pkcs11-client.c,v 1.16 2020/01/25 00:03:36 djm Exp $ */ +/* $OpenBSD: ssh-pkcs11-client.c,v 1.17 2020/10/18 11:32:02 djm Exp $ */ /* * Copyright (c) 2010 Markus Friedl. All rights reserved. * Copyright (c) 2014 Pedro Martelletto. All rights reserved. @@ -57,7 +57,7 @@ send_msg(struct sshbuf *m) sshbuf_len(m)) != sshbuf_len(m)) error("write to helper failed"); if ((r = sshbuf_consume(m, mlen)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "consume"); } static int @@ -85,11 +85,11 @@ recv_msg(struct sshbuf *m) return (0); /* XXX */ } if ((r = sshbuf_put(m, buf, l)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "sshbuf_put"); len -= l; } if ((r = sshbuf_get_u8(m, &c)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse type"); return c; } @@ -119,29 +119,29 @@ rsa_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa, int padding) goto fail; key = sshkey_new(KEY_UNSPEC); if (key == NULL) { - error("%s: sshkey_new failed", __func__); + error_f("sshkey_new failed"); goto fail; } key->type = KEY_RSA; RSA_up_ref(rsa); key->rsa = rsa; if ((r = sshkey_to_blob(key, &blob, &blen)) != 0) { - error("%s: sshkey_to_blob: %s", __func__, ssh_err(r)); + error_fr(r, "encode key"); goto fail; } if ((msg = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); if ((r = sshbuf_put_u8(msg, SSH2_AGENTC_SIGN_REQUEST)) != 0 || (r = sshbuf_put_string(msg, blob, blen)) != 0 || (r = sshbuf_put_string(msg, from, flen)) != 0 || (r = sshbuf_put_u32(msg, 0)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "compose"); send_msg(msg); sshbuf_reset(msg); if (recv_msg(msg) == SSH2_AGENT_SIGN_RESPONSE) { if ((r = sshbuf_get_string(msg, &signature, &slen)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse"); if (slen <= (size_t)RSA_size(rsa)) { memcpy(to, signature, slen); ret = slen; @@ -169,13 +169,13 @@ ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv, nid = sshkey_ecdsa_key_to_nid(ec); if (nid < 0) { - error("%s: couldn't get curve nid", __func__); + error_f("couldn't get curve nid"); goto fail; } key = sshkey_new(KEY_UNSPEC); if (key == NULL) { - error("%s: sshkey_new failed", __func__); + error_f("sshkey_new failed"); goto fail; } key->ecdsa = ec; @@ -184,22 +184,22 @@ ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv, EC_KEY_up_ref(ec); if ((r = sshkey_to_blob(key, &blob, &blen)) != 0) { - error("%s: sshkey_to_blob: %s", __func__, ssh_err(r)); + error_fr(r, "encode key"); goto fail; } if ((msg = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); if ((r = sshbuf_put_u8(msg, SSH2_AGENTC_SIGN_REQUEST)) != 0 || (r = sshbuf_put_string(msg, blob, blen)) != 0 || (r = sshbuf_put_string(msg, dgst, dgst_len)) != 0 || (r = sshbuf_put_u32(msg, 0)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "compose"); send_msg(msg); sshbuf_reset(msg); if (recv_msg(msg) == SSH2_AGENT_SIGN_RESPONSE) { if ((r = sshbuf_get_string(msg, &signature, &slen)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse"); cp = signature; ret = d2i_ECDSA_SIG(NULL, &cp, slen); free(signature); @@ -224,7 +224,7 @@ wrap_key(struct sshkey *k) else if (k->type == KEY_ECDSA) EC_KEY_set_method(k->ecdsa, helper_ecdsa); else - fatal("%s: unknown key type", __func__); + fatal_f("unknown key type"); } static int @@ -244,10 +244,10 @@ pkcs11_start_helper_methods(void) EC_KEY_METHOD_set_sign(helper_ecdsa, orig_sign, NULL, ecdsa_do_sign); if ((helper_rsa = RSA_meth_dup(RSA_get_default_method())) == NULL) - fatal("%s: RSA_meth_dup failed", __func__); + fatal_f("RSA_meth_dup failed"); if (!RSA_meth_set1_name(helper_rsa, "ssh-pkcs11-helper") || !RSA_meth_set_priv_enc(helper_rsa, rsa_encrypt)) - fatal("%s: failed to prepare method", __func__); + fatal_f("failed to prepare method"); return (0); } @@ -284,7 +284,7 @@ pkcs11_start_helper(void) helper = getenv("SSH_PKCS11_HELPER"); if (helper == NULL || strlen(helper) == 0) helper = _PATH_SSH_PKCS11_HELPER; - debug("%s: starting %s %s", __func__, helper, + debug_f("starting %s %s", helper, verbosity == NULL ? "" : verbosity); execlp(helper, helper, verbosity, (char *)NULL); fprintf(stderr, "exec: %s: %s\n", helper, strerror(errno)); @@ -311,18 +311,18 @@ pkcs11_add_provider(char *name, char *pin, struct sshkey ***keysp, return (-1); if ((msg = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); if ((r = sshbuf_put_u8(msg, SSH_AGENTC_ADD_SMARTCARD_KEY)) != 0 || (r = sshbuf_put_cstring(msg, name)) != 0 || (r = sshbuf_put_cstring(msg, pin)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "compose"); send_msg(msg); sshbuf_reset(msg); type = recv_msg(msg); if (type == SSH2_AGENT_IDENTITIES_ANSWER) { if ((r = sshbuf_get_u32(msg, &nkeys)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse nkeys"); *keysp = xcalloc(nkeys, sizeof(struct sshkey *)); if (labelsp) *labelsp = xcalloc(nkeys, sizeof(char *)); @@ -330,10 +330,9 @@ pkcs11_add_provider(char *name, char *pin, struct sshkey ***keysp, /* XXX clean up properly instead of fatal() */ if ((r = sshbuf_get_string(msg, &blob, &blen)) != 0 || (r = sshbuf_get_cstring(msg, &label, NULL)) != 0) - fatal("%s: buffer error: %s", - __func__, ssh_err(r)); + fatal_fr(r, "parse key"); if ((r = sshkey_from_blob(blob, blen, &k)) != 0) - fatal("%s: bad key: %s", __func__, ssh_err(r)); + fatal_fr(r, "decode key"); wrap_key(k); (*keysp)[i] = k; if (labelsp) @@ -359,11 +358,11 @@ pkcs11_del_provider(char *name) struct sshbuf *msg; if ((msg = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); if ((r = sshbuf_put_u8(msg, SSH_AGENTC_REMOVE_SMARTCARD_KEY)) != 0 || (r = sshbuf_put_cstring(msg, name)) != 0 || (r = sshbuf_put_cstring(msg, "")) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "compose"); send_msg(msg); sshbuf_reset(msg); diff --git a/usr.bin/ssh/ssh-pkcs11-helper.c b/usr.bin/ssh/ssh-pkcs11-helper.c index f93bce24c5f..8c8873016a7 100644 --- a/usr.bin/ssh/ssh-pkcs11-helper.c +++ b/usr.bin/ssh/ssh-pkcs11-helper.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-pkcs11-helper.c,v 1.23 2020/03/06 18:26:21 markus Exp $ */ +/* $OpenBSD: ssh-pkcs11-helper.c,v 1.24 2020/10/18 11:32:02 djm Exp $ */ /* * Copyright (c) 2010 Markus Friedl. All rights reserved. * @@ -102,7 +102,7 @@ send_msg(struct sshbuf *m) int r; if ((r = sshbuf_put_stringb(oqueue, m)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "enqueue"); } static void @@ -117,35 +117,30 @@ process_add(void) char **labels = NULL; if ((msg = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); if ((r = sshbuf_get_cstring(iqueue, &name, NULL)) != 0 || (r = sshbuf_get_cstring(iqueue, &pin, NULL)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse"); if ((nkeys = pkcs11_add_provider(name, pin, &keys, &labels)) > 0) { if ((r = sshbuf_put_u8(msg, SSH2_AGENT_IDENTITIES_ANSWER)) != 0 || (r = sshbuf_put_u32(msg, nkeys)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "compose"); for (i = 0; i < nkeys; i++) { if ((r = sshkey_to_blob(keys[i], &blob, &blen)) != 0) { - debug("%s: sshkey_to_blob: %s", - __func__, ssh_err(r)); + debug_fr(r, "encode key"); continue; } if ((r = sshbuf_put_string(msg, blob, blen)) != 0 || (r = sshbuf_put_cstring(msg, labels[i])) != 0) - fatal("%s: buffer error: %s", - __func__, ssh_err(r)); + fatal_fr(r, "compose key"); free(blob); add_key(keys[i], name, labels[i]); free(labels[i]); } - } else { - if ((r = sshbuf_put_u8(msg, SSH_AGENT_FAILURE)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); - if ((r = sshbuf_put_u32(msg, -nkeys)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); - } + } else if ((r = sshbuf_put_u8(msg, SSH_AGENT_FAILURE)) != 0 || + (r = sshbuf_put_u32(msg, -nkeys)) != 0) + fatal_fr(r, "compose"); free(labels); free(keys); /* keys themselves are transferred to pkcs11_keylist */ free(pin); @@ -162,14 +157,14 @@ process_del(void) int r; if ((msg = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); if ((r = sshbuf_get_cstring(iqueue, &name, NULL)) != 0 || (r = sshbuf_get_cstring(iqueue, &pin, NULL)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse"); del_keys_by_name(name); if ((r = sshbuf_put_u8(msg, pkcs11_del_provider(name) == 0 ? SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "compose"); free(pin); free(name); send_msg(msg); @@ -189,10 +184,10 @@ process_sign(void) if ((r = sshbuf_get_string(iqueue, &blob, &blen)) != 0 || (r = sshbuf_get_string(iqueue, &data, &dlen)) != 0 || (r = sshbuf_get_u32(iqueue, NULL)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse"); if ((r = sshkey_from_blob(blob, blen, &key)) != 0) - error("%s: sshkey_from_blob: %s", __func__, ssh_err(r)); + fatal_fr(r, "decode key"); else { if ((found = lookup_key(key)) != NULL) { #ifdef WITH_OPENSSL @@ -217,25 +212,24 @@ process_sign(void) if (ret != 0) ok = 0; else - error("%s: ECDSA_sign" - " returns %d", __func__, ret); + error_f("ECDSA_sign returned %d", ret); slen = xslen; } else - error("%s: don't know how to sign with key " - "type %d", __func__, (int)key->type); + error_f("don't know how to sign with key " + "type %d", (int)key->type); #endif /* WITH_OPENSSL */ } sshkey_free(key); } if ((msg = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); if (ok == 0) { if ((r = sshbuf_put_u8(msg, SSH2_AGENT_SIGN_RESPONSE)) != 0 || (r = sshbuf_put_string(msg, signature, slen)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "compose response"); } else { if ((r = sshbuf_put_u8(msg, SSH2_AGENT_FAILURE)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "compose failure response"); } free(data); free(blob); @@ -267,7 +261,7 @@ process(void) return; if ((r = sshbuf_consume(iqueue, 4)) != 0 || (r = sshbuf_get_u8(iqueue, &type)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse type/len"); buf_len -= 4; switch (type) { case SSH_AGENTC_ADD_SMARTCARD_KEY: @@ -298,7 +292,7 @@ process(void) } if (msg_len > consumed) { if ((r = sshbuf_consume(iqueue, msg_len - consumed)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "consume"); } } @@ -347,9 +341,9 @@ main(int argc, char **argv) out = STDOUT_FILENO; if ((iqueue = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); if ((oqueue = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); while (1) { memset(pfd, 0, sizeof(pfd)); @@ -365,7 +359,7 @@ main(int argc, char **argv) (r = sshbuf_check_reserve(oqueue, MAX_MSG_LENGTH)) == 0) pfd[0].events = POLLIN; else if (r != SSH_ERR_NO_BUFFER_SPACE) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "reserve"); if (sshbuf_len(oqueue) > 0) pfd[1].events = POLLOUT; @@ -385,10 +379,8 @@ main(int argc, char **argv) } else if (len < 0) { error("read: %s", strerror(errno)); cleanup_exit(1); - } else if ((r = sshbuf_put(iqueue, buf, len)) != 0) { - fatal("%s: buffer error: %s", - __func__, ssh_err(r)); - } + } else if ((r = sshbuf_put(iqueue, buf, len)) != 0) + fatal_fr(r, "sshbuf_put"); } /* send oqueue to stdout */ if ((pfd[1].revents & (POLLOUT|POLLHUP)) != 0) { @@ -397,10 +389,8 @@ main(int argc, char **argv) if (len < 0) { error("write: %s", strerror(errno)); cleanup_exit(1); - } else if ((r = sshbuf_consume(oqueue, len)) != 0) { - fatal("%s: buffer error: %s", - __func__, ssh_err(r)); - } + } else if ((r = sshbuf_consume(oqueue, len)) != 0) + fatal_fr(r, "consume"); } /* @@ -411,7 +401,7 @@ main(int argc, char **argv) if ((r = sshbuf_check_reserve(oqueue, MAX_MSG_LENGTH)) == 0) process(); else if (r != SSH_ERR_NO_BUFFER_SPACE) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "reserve"); } } diff --git a/usr.bin/ssh/ssh-pkcs11.c b/usr.bin/ssh/ssh-pkcs11.c index 4a304034b72..12de6dcd079 100644 --- a/usr.bin/ssh/ssh-pkcs11.c +++ b/usr.bin/ssh/ssh-pkcs11.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-pkcs11.c,v 1.50 2020/05/29 03:14:02 djm Exp $ */ +/* $OpenBSD: ssh-pkcs11.c,v 1.51 2020/10/18 11:32:02 djm Exp $ */ /* * Copyright (c) 2010 Markus Friedl. All rights reserved. * Copyright (c) 2014 Pedro Martelletto. All rights reserved. @@ -74,10 +74,9 @@ ossl_error(const char *msg) { unsigned long e; - error("%s: %s", __func__, msg); + error_f("%s", msg); while ((e = ERR_get_error()) != 0) - error("%s: libcrypto error: %.100s", __func__, - ERR_error_string(e, NULL)); + error_f("libcrypto error: %s", ERR_error_string(e, NULL)); } #endif @@ -193,7 +192,7 @@ pkcs11_k11_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, { struct pkcs11_key *k11 = ptr; - debug("%s: parent %p ptr %p idx %d", __func__, parent, ptr, idx); + debug_f("parent %p ptr %p idx %d", parent, ptr, idx); if (k11 == NULL) return; if (k11->provider) @@ -254,7 +253,7 @@ pkcs11_login_slot(struct pkcs11_provider *provider, struct pkcs11_slotinfo *si, snprintf(prompt, sizeof(prompt), "Enter PIN for '%s': ", si->token.label); if ((pin = read_passphrase(prompt, RP_ALLOW_EOF)) == NULL) { - debug("%s: no pin specified", __func__); + debug_f("no pin specified"); return (-1); /* bail out */ } } @@ -328,8 +327,8 @@ pkcs11_check_obj_bool_attrib(struct pkcs11_key *k11, CK_OBJECT_HANDLE obj, return (-1); } *val = flag != 0; - debug("%s: provider %p slot %lu object %lu: attrib %lu = %d", - __func__, k11->provider, k11->slotidx, obj, type, *val); + debug_f("provider %p slot %lu object %lu: attrib %lu = %d", + k11->provider, k11->slotidx, obj, type, *val); return (0); } @@ -398,7 +397,7 @@ pkcs11_get_key(struct pkcs11_key *k11, CK_MECHANISM_TYPE mech_type) pkcs11_check_obj_bool_attrib(k11, obj, CKA_ALWAYS_AUTHENTICATE, &always_auth); /* ignore errors here */ if (always_auth && !did_login) { - debug("%s: always-auth key", __func__); + debug_f("always-auth key"); if (pkcs11_login(k11, CKU_CONTEXT_SPECIFIC) < 0) { error("login failed for always-auth key"); return (-1); @@ -466,7 +465,7 @@ pkcs11_rsa_start_wrapper(void) if (!RSA_meth_set1_name(rsa_method, "pkcs11") || !RSA_meth_set_priv_enc(rsa_method, pkcs11_rsa_private_encrypt) || !RSA_meth_set_priv_dec(rsa_method, pkcs11_rsa_private_decrypt)) { - error("%s: setup pkcs11 method failed", __func__); + error_f("setup pkcs11 method failed"); return (-1); } return (0); @@ -551,7 +550,7 @@ ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv, goto done; } if (!ECDSA_SIG_set0(ret, r, s)) { - error("%s: ECDSA_SIG_set0 failed", __func__); + error_f("ECDSA_SIG_set0 failed"); ECDSA_SIG_free(ret); ret = NULL; goto done; @@ -870,7 +869,7 @@ pkcs11_fetch_rsa_pubkey(struct pkcs11_provider *p, CK_ULONG slotidx, goto fail; } if (!RSA_set0_key(rsa, rsa_n, rsa_e, NULL)) - fatal("%s: set key", __func__); + fatal_f("set key"); rsa_n = rsa_e = NULL; /* transferred */ if (pkcs11_rsa_wrap(p, slotidx, &key_attr[0], rsa)) @@ -1330,7 +1329,7 @@ pkcs11_rsa_generate_private_key(struct pkcs11_provider *p, CK_ULONG slotidx, if ((rv = f->C_GenerateKeyPair(session, &mech, tpub, npub, tpriv, npriv, &pubKey, &privKey)) != CKR_OK) { - error("%s: key generation failed: error 0x%lx", __func__, rv); + error_f("key generation failed: error 0x%lx", rv); *err = rv; return NULL; } @@ -1409,12 +1408,12 @@ pkcs11_ecdsa_generate_private_key(struct pkcs11_provider *p, CK_ULONG slotidx, break; } if (!ec_curve_infos[i].name) { - error("%s: invalid key size %lu", __func__, bits); + error_f("invalid key size %lu", bits); return NULL; } if (pkcs11_decode_hex(ec_curve_infos[i].oid_encoded, &ecparams, &ecparams_size) == -1) { - error("%s: invalid oid", __func__); + error_f("invalid oid"); return NULL; } @@ -1447,7 +1446,7 @@ pkcs11_ecdsa_generate_private_key(struct pkcs11_provider *p, CK_ULONG slotidx, if ((rv = f->C_GenerateKeyPair(session, &mech, tpub, npub, tpriv, npriv, &pubKey, &privKey)) != CKR_OK) { - error("%s: key generation failed: error 0x%lx", __func__, rv); + error_f("key generation failed: error 0x%lx", rv); *err = rv; return NULL; } @@ -1485,8 +1484,7 @@ pkcs11_register_provider(char *provider_id, char *pin, *labelsp = NULL; if (pkcs11_provider_lookup(provider_id) != NULL) { - debug("%s: provider already registered: %s", - __func__, provider_id); + debug_f("provider already registered: %s", provider_id); goto fail; } /* open shared pkcs11-library */ @@ -1535,8 +1533,7 @@ pkcs11_register_provider(char *provider_id, char *pin, goto fail; } if (p->nslots == 0) { - debug("%s: provider %s returned no slots", __func__, - provider_id); + debug_f("provider %s returned no slots", provider_id); ret = -SSH_PKCS11_ERR_NO_SLOTS; goto fail; } @@ -1555,13 +1552,12 @@ pkcs11_register_provider(char *provider_id, char *pin, if ((rv = f->C_GetTokenInfo(p->slotlist[i], token)) != CKR_OK) { error("C_GetTokenInfo for provider %s slot %lu " - "failed: %lu", provider_id, (unsigned long)i, rv); + "failed: %lu", provider_id, (u_long)i, rv); continue; } if ((token->flags & CKF_TOKEN_INITIALIZED) == 0) { - debug2("%s: ignoring uninitialised token in " - "provider %s slot %lu", __func__, - provider_id, (unsigned long)i); + debug2_f("ignoring uninitialised token in " + "provider %s slot %lu", provider_id, (u_long)i); continue; } rmspace(token->label, sizeof(token->label)); @@ -1643,8 +1639,7 @@ pkcs11_add_provider(char *provider_id, char *pin, struct sshkey ***keyp, pkcs11_provider_unref(p); } if (nkeys == 0) - debug("%s: provider %s returned no keys", __func__, - provider_id); + debug_f("provider %s returned no keys", provider_id); return (nkeys); } @@ -1665,11 +1660,10 @@ pkcs11_gakp(char *provider_id, char *pin, unsigned int slotidx, char *label, *err = 0; if ((p = pkcs11_provider_lookup(provider_id)) != NULL) - debug("%s: provider \"%s\" available", __func__, provider_id); + debug_f("provider \"%s\" available", provider_id); else if ((ret = pkcs11_register_provider(provider_id, pin, NULL, NULL, &p, CKU_SO)) < 0) { - debug("%s: could not register provider %s", __func__, - provider_id); + debug_f("could not register provider %s", provider_id); goto out; } else reset_provider = 1; @@ -1680,7 +1674,7 @@ pkcs11_gakp(char *provider_id, char *pin, unsigned int slotidx, char *label, if ((rv = f->C_SetOperationState(session , pin, strlen(pin), CK_INVALID_HANDLE, CK_INVALID_HANDLE)) != CKR_OK) { - debug("%s: could not supply SO pin: %lu", __func__, rv); + debug_f("could not supply SO pin: %lu", rv); reset_pin = 0; } else reset_pin = 1; @@ -1689,20 +1683,20 @@ pkcs11_gakp(char *provider_id, char *pin, unsigned int slotidx, char *label, case KEY_RSA: if ((k = pkcs11_rsa_generate_private_key(p, slotidx, label, bits, keyid, err)) == NULL) { - debug("%s: failed to generate RSA key", __func__); + debug_f("failed to generate RSA key"); goto out; } break; case KEY_ECDSA: if ((k = pkcs11_ecdsa_generate_private_key(p, slotidx, label, bits, keyid, err)) == NULL) { - debug("%s: failed to generate ECDSA key", __func__); + debug_f("failed to generate ECDSA key"); goto out; } break; default: *err = SSH_PKCS11_ERR_GENERIC; - debug("%s: unknown type %d", __func__, type); + debug_f("unknown type %d", type); goto out; } @@ -1737,10 +1731,10 @@ pkcs11_destroy_keypair(char *provider_id, char *pin, unsigned long slotidx, *err = 0; if ((p = pkcs11_provider_lookup(provider_id)) != NULL) { - debug("%s: using provider \"%s\"", __func__, provider_id); + debug_f("using provider \"%s\"", provider_id); } else if (pkcs11_register_provider(provider_id, pin, NULL, NULL, &p, CKU_SO) < 0) { - debug("%s: could not register provider %s", __func__, + debug_f("could not register provider %s", provider_id); goto out; } else @@ -1752,7 +1746,7 @@ pkcs11_destroy_keypair(char *provider_id, char *pin, unsigned long slotidx, if ((rv = f->C_SetOperationState(session , pin, strlen(pin), CK_INVALID_HANDLE, CK_INVALID_HANDLE)) != CKR_OK) { - debug("%s: could not supply SO pin: %lu", __func__, rv); + debug_f("could not supply SO pin: %lu", rv); reset_pin = 0; } else reset_pin = 1; @@ -1766,8 +1760,8 @@ pkcs11_destroy_keypair(char *provider_id, char *pin, unsigned long slotidx, if (pkcs11_find(p, slotidx, attrs, nattrs, &obj) == 0 && obj != CK_INVALID_HANDLE) { if ((rv = f->C_DestroyObject(session, obj)) != CKR_OK) { - debug("%s: could not destroy private key 0x%hhx", - __func__, keyid); + debug_f("could not destroy private key 0x%hhx", + keyid); *err = rv; goto out; } @@ -1788,8 +1782,8 @@ pkcs11_destroy_keypair(char *provider_id, char *pin, unsigned long slotidx, sizeof(key_type)); rv = f->C_GetAttributeValue(session, obj, attrs, nattrs); if (rv != CKR_OK) { - debug("%s: could not get key type of public key 0x%hhx", - __func__, keyid); + debug_f("could not get key type of public key 0x%hhx", + keyid); *err = rv; key_type = -1; } @@ -1799,8 +1793,7 @@ pkcs11_destroy_keypair(char *provider_id, char *pin, unsigned long slotidx, k = pkcs11_fetch_ecdsa_pubkey(p, slotidx, &obj); if ((rv = f->C_DestroyObject(session, obj)) != CKR_OK) { - debug("%s: could not destroy public key 0x%hhx", - __func__, keyid); + debug_f("could not destroy public key 0x%hhx", keyid); *err = rv; goto out; } diff --git a/usr.bin/ssh/ssh-sk-client.c b/usr.bin/ssh/ssh-sk-client.c index aeb878324e7..d57e0efa71a 100644 --- a/usr.bin/ssh/ssh-sk-client.c +++ b/usr.bin/ssh/ssh-sk-client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-sk-client.c,v 1.7 2020/01/23 07:10:22 dtucker Exp $ */ +/* $OpenBSD: ssh-sk-client.c,v 1.8 2020/10/18 11:32:02 djm Exp $ */ /* * Copyright (c) 2019 Google LLC * @@ -45,7 +45,7 @@ static int start_helper(int *fdp, pid_t *pidp, void (**osigchldp)(int)) { void (*osigchld)(int); - int oerrno, pair[2], r = SSH_ERR_INTERNAL_ERROR; + int oerrno, pair[2]; pid_t pid; char *helper, *verbosity = NULL; @@ -58,8 +58,7 @@ start_helper(int *fdp, pid_t *pidp, void (**osigchldp)(int)) helper = _PATH_SSH_SK_HELPER; if (access(helper, X_OK) != 0) { oerrno = errno; - error("%s: helper \"%s\" unusable: %s", __func__, helper, - strerror(errno)); + error_f("helper \"%s\" unusable: %s", helper, strerror(errno)); errno = oerrno; return SSH_ERR_SYSTEM_ERROR; } @@ -85,22 +84,22 @@ start_helper(int *fdp, pid_t *pidp, void (**osigchldp)(int)) if (pid == 0) { if ((dup2(pair[1], STDIN_FILENO) == -1) || (dup2(pair[1], STDOUT_FILENO) == -1)) { - error("%s: dup2: %s", __func__, ssh_err(r)); + error_f("dup2: %s", strerror(errno)); _exit(1); } close(pair[0]); close(pair[1]); closefrom(STDERR_FILENO + 1); - debug("%s: starting %s %s", __func__, helper, + debug_f("starting %s %s", helper, verbosity == NULL ? "" : verbosity); execlp(helper, helper, verbosity, (char *)NULL); - error("%s: execlp: %s", __func__, strerror(errno)); + error_f("execlp: %s", strerror(errno)); _exit(1); } close(pair[1]); /* success */ - debug3("%s: started pid=%ld", __func__, (long)pid); + debug3_f("started pid=%ld", (long)pid); *fdp = pair[0]; *pidp = pid; *osigchldp = osigchld; @@ -112,7 +111,7 @@ reap_helper(pid_t pid) { int status, oerrno; - debug3("%s: pid=%ld", __func__, (long)pid); + debug3_f("pid=%ld", (long)pid); errno = 0; while (waitpid(pid, &status, 0) == -1) { @@ -121,15 +120,15 @@ reap_helper(pid_t pid) continue; } oerrno = errno; - error("%s: waitpid: %s", __func__, strerror(errno)); + error_f("waitpid: %s", strerror(errno)); errno = oerrno; return SSH_ERR_SYSTEM_ERROR; } if (!WIFEXITED(status)) { - error("%s: helper exited abnormally", __func__); + error_f("helper exited abnormally"); return SSH_ERR_AGENT_FAILURE; } else if (WEXITSTATUS(status) != 0) { - error("%s: helper exited with non-zero exit status", __func__); + error_f("helper exited with non-zero exit status"); return SSH_ERR_AGENT_FAILURE; } return 0; @@ -159,37 +158,37 @@ client_converse(struct sshbuf *msg, struct sshbuf **respp, u_int type) (r = sshbuf_put_u8(req, log_is_on_stderr() != 0)) != 0 || (r = sshbuf_put_u32(req, ll < 0 ? 0 : ll)) != 0 || (r = sshbuf_putb(req, msg)) != 0) { - error("%s: build: %s", __func__, ssh_err(r)); + error_fr(r, "compose"); goto out; } if ((r = ssh_msg_send(fd, SSH_SK_HELPER_VERSION, req)) != 0) { - error("%s: send: %s", __func__, ssh_err(r)); + error_fr(r, "send"); goto out; } if ((r = ssh_msg_recv(fd, resp)) != 0) { - error("%s: receive: %s", __func__, ssh_err(r)); + error_fr(r, "receive"); goto out; } if ((r = sshbuf_get_u8(resp, &version)) != 0) { - error("%s: parse version: %s", __func__, ssh_err(r)); + error_fr(r, "parse version"); goto out; } if (version != SSH_SK_HELPER_VERSION) { - error("%s: unsupported version: got %u, expected %u", - __func__, version, SSH_SK_HELPER_VERSION); + error_f("unsupported version: got %u, expected %u", + version, SSH_SK_HELPER_VERSION); r = SSH_ERR_INVALID_FORMAT; goto out; } if ((r = sshbuf_get_u32(resp, &rtype)) != 0) { - error("%s: parse message type: %s", __func__, ssh_err(r)); + error_fr(r, "parse message type"); goto out; } if (rtype == SSH_SK_HELPER_ERROR) { if ((r = sshbuf_get_u32(resp, &rerr)) != 0) { - error("%s: parse error: %s", __func__, ssh_err(r)); + error_fr(r, "parse"); goto out; } - debug("%s: helper returned error -%u", __func__, rerr); + debug_f("helper returned error -%u", rerr); /* OpenSSH error values are negative; encoded as -err on wire */ if (rerr == 0 || rerr >= INT_MAX) r = SSH_ERR_INTERNAL_ERROR; @@ -197,8 +196,8 @@ client_converse(struct sshbuf *msg, struct sshbuf **respp, u_int type) r = -(int)rerr; goto out; } else if (rtype != type) { - error("%s: helper returned incorrect message type %u, " - "expecting %u", __func__, rtype, type); + error_f("helper returned incorrect message type %u, " + "expecting %u", rtype, type); r = SSH_ERR_INTERNAL_ERROR; goto out; } @@ -244,7 +243,7 @@ sshsk_sign(const char *provider, struct sshkey *key, } if ((r = sshkey_private_serialize(key, kbuf)) != 0) { - error("%s: serialize private key: %s", __func__, ssh_err(r)); + error_fr(r, "encode key"); goto out; } if ((r = sshbuf_put_stringb(req, kbuf)) != 0 || @@ -253,13 +252,13 @@ sshsk_sign(const char *provider, struct sshkey *key, (r = sshbuf_put_cstring(req, NULL)) != 0 || /* alg */ (r = sshbuf_put_u32(req, compat)) != 0 || (r = sshbuf_put_cstring(req, pin)) != 0) { - error("%s: compose: %s", __func__, ssh_err(r)); + error_fr(r, "compose"); goto out; } if ((fp = sshkey_fingerprint(key, SSH_FP_HASH_DEFAULT, SSH_FP_DEFAULT)) == NULL) { - error("%s: sshkey_fingerprint failed", __func__); + error_f("sshkey_fingerprint failed"); r = SSH_ERR_ALLOC_FAIL; goto out; } @@ -267,12 +266,12 @@ sshsk_sign(const char *provider, struct sshkey *key, goto out; if ((r = sshbuf_get_string(resp, sigp, lenp)) != 0) { - error("%s: parse signature: %s", __func__, ssh_err(r)); + error_fr(r, "parse signature"); r = SSH_ERR_INVALID_FORMAT; goto out; } if (sshbuf_len(resp) != 0) { - error("%s: trailing data in response", __func__); + error_f("trailing data in response"); r = SSH_ERR_INVALID_FORMAT; goto out; } @@ -324,7 +323,7 @@ sshsk_enroll(int type, const char *provider_path, const char *device, (r = sshbuf_put_u8(req, flags)) != 0 || (r = sshbuf_put_cstring(req, pin)) != 0 || (r = sshbuf_put_stringb(req, challenge_buf)) != 0) { - error("%s: compose: %s", __func__, ssh_err(r)); + error_fr(r, "compose"); goto out; } @@ -333,21 +332,21 @@ sshsk_enroll(int type, const char *provider_path, const char *device, if ((r = sshbuf_get_stringb(resp, kbuf)) != 0 || (r = sshbuf_get_stringb(resp, abuf)) != 0) { - error("%s: parse signature: %s", __func__, ssh_err(r)); + error_fr(r, "parse"); r = SSH_ERR_INVALID_FORMAT; goto out; } if (sshbuf_len(resp) != 0) { - error("%s: trailing data in response", __func__); + error_f("trailing data in response"); r = SSH_ERR_INVALID_FORMAT; goto out; } if ((r = sshkey_private_deserialize(kbuf, &key)) != 0) { - error("Unable to parse private key: %s", ssh_err(r)); + error_fr(r, "encode"); goto out; } if (attest != NULL && (r = sshbuf_putb(attest, abuf)) != 0) { - error("%s: buffer error: %s", __func__, ssh_err(r)); + error_fr(r, "encode attestation information"); goto out; } @@ -388,7 +387,7 @@ sshsk_load_resident(const char *provider_path, const char *device, if ((r = sshbuf_put_cstring(req, provider_path)) != 0 || (r = sshbuf_put_cstring(req, device)) != 0 || (r = sshbuf_put_cstring(req, pin)) != 0) { - error("%s: compose: %s", __func__, ssh_err(r)); + error_fr(r, "compose"); goto out; } @@ -399,21 +398,21 @@ sshsk_load_resident(const char *provider_path, const char *device, /* key, comment */ if ((r = sshbuf_get_stringb(resp, kbuf)) != 0 || (r = sshbuf_get_cstring(resp, NULL, NULL)) != 0) { - error("%s: parse signature: %s", __func__, ssh_err(r)); + error_fr(r, "parse signature"); r = SSH_ERR_INVALID_FORMAT; goto out; } if ((r = sshkey_private_deserialize(kbuf, &key)) != 0) { - error("Unable to parse private key: %s", ssh_err(r)); + error_fr(r, "decode key"); goto out; } if ((tmp = recallocarray(keys, nkeys, nkeys + 1, sizeof(*keys))) == NULL) { - error("%s: recallocarray keys failed", __func__); + error_f("recallocarray keys failed"); goto out; } - debug("%s: keys[%zu]: %s %s", __func__, - nkeys, sshkey_type(key), key->sk_application); + debug_f("keys[%zu]: %s %s", nkeys, sshkey_type(key), + key->sk_application); keys = tmp; keys[nkeys++] = key; key = NULL; diff --git a/usr.bin/ssh/ssh-sk-helper.c b/usr.bin/ssh/ssh-sk-helper.c index 76a11e2a8d8..aacf3d797d0 100644 --- a/usr.bin/ssh/ssh-sk-helper.c +++ b/usr.bin/ssh/ssh-sk-helper.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-sk-helper.c,v 1.10 2020/05/26 01:59:46 djm Exp $ */ +/* $OpenBSD: ssh-sk-helper.c,v 1.11 2020/10/18 11:32:02 djm Exp $ */ /* * Copyright (c) 2019 Google LLC * @@ -64,7 +64,7 @@ reply_error(int r, char *fmt, ...) free(msg); if (r >= 0) - fatal("%s: invalid error code %d", __func__, r); + fatal_f("invalid error code %d", r); if ((resp = sshbuf_new()) == NULL) fatal("%s: sshbuf_new failed", __progname); @@ -103,17 +103,19 @@ process_sign(struct sshbuf *req) (r = sshbuf_get_cstring(req, NULL, NULL)) != 0 || /* alg */ (r = sshbuf_get_u32(req, &compat)) != 0 || (r = sshbuf_get_cstring(req, &pin, NULL)) != 0) - fatal("%s: buffer error: %s", __progname, ssh_err(r)); + fatal_r(r, "%s: parse", __progname); if (sshbuf_len(req) != 0) fatal("%s: trailing data in request", __progname); if ((r = sshkey_private_deserialize(kbuf, &key)) != 0) - fatal("Unable to parse private key: %s", ssh_err(r)); - if (!sshkey_is_sk(key)) - fatal("Unsupported key type %s", sshkey_ssh_name(key)); + fatal_r(r, "%s: Unable to parse private key", __progname); + if (!sshkey_is_sk(key)) { + fatal("%s: Unsupported key type %s", + __progname, sshkey_ssh_name(key)); + } - debug("%s: ready to sign with key %s, provider %s: " - "msg len %zu, compat 0x%lx", __progname, sshkey_type(key), + debug_f("ready to sign with key %s, provider %s: " + "msg len %zu, compat 0x%lx", sshkey_type(key), provider, msglen, (u_long)compat); null_empty(&pin); @@ -129,7 +131,7 @@ process_sign(struct sshbuf *req) if ((r = sshbuf_put_u32(resp, SSH_SK_HELPER_SIGN)) != 0 || (r = sshbuf_put_string(resp, sig, siglen)) != 0) - fatal("%s: buffer error: %s", __progname, ssh_err(r)); + fatal_r(r, "%s: compose", __progname); out: sshkey_free(key); sshbuf_free(kbuf); @@ -163,7 +165,7 @@ process_enroll(struct sshbuf *req) (r = sshbuf_get_u8(req, &flags)) != 0 || (r = sshbuf_get_cstring(req, &pin, NULL)) != 0 || (r = sshbuf_froms(req, &challenge)) != 0) - fatal("%s: buffer error: %s", __progname, ssh_err(r)); + fatal_r(r, "%s: parse", __progname); if (sshbuf_len(req) != 0) fatal("%s: trailing data in request", __progname); @@ -186,11 +188,11 @@ process_enroll(struct sshbuf *req) if ((resp = sshbuf_new()) == NULL) fatal("%s: sshbuf_new failed", __progname); if ((r = sshkey_private_serialize(key, kbuf)) != 0) - fatal("%s: serialize private key: %s", __progname, ssh_err(r)); + fatal_r(r, "%s: encode key", __progname); if ((r = sshbuf_put_u32(resp, SSH_SK_HELPER_ENROLL)) != 0 || (r = sshbuf_put_stringb(resp, kbuf)) != 0 || (r = sshbuf_put_stringb(resp, attest)) != 0) - fatal("%s: buffer error: %s", __progname, ssh_err(r)); + fatal_r(r, "%s: compose", __progname); out: sshkey_free(key); @@ -220,7 +222,7 @@ process_load_resident(struct sshbuf *req) if ((r = sshbuf_get_cstring(req, &provider, NULL)) != 0 || (r = sshbuf_get_cstring(req, &device, NULL)) != 0 || (r = sshbuf_get_cstring(req, &pin, NULL)) != 0) - fatal("%s: buffer error: %s", __progname, ssh_err(r)); + fatal_r(r, "%s: parse", __progname); if (sshbuf_len(req) != 0) fatal("%s: trailing data in request", __progname); @@ -238,18 +240,17 @@ process_load_resident(struct sshbuf *req) fatal("%s: sshbuf_new failed", __progname); if ((r = sshbuf_put_u32(resp, SSH_SK_HELPER_LOAD_RESIDENT)) != 0) - fatal("%s: buffer error: %s", __progname, ssh_err(r)); + fatal_r(r, "%s: compose", __progname); for (i = 0; i < nkeys; i++) { - debug("%s: key %zu %s %s", __func__, i, - sshkey_type(keys[i]), keys[i]->sk_application); + debug_f("key %zu %s %s", i, sshkey_type(keys[i]), + keys[i]->sk_application); sshbuf_reset(kbuf); if ((r = sshkey_private_serialize(keys[i], kbuf)) != 0) - fatal("%s: serialize private key: %s", - __progname, ssh_err(r)); + fatal_r(r, "%s: encode key", __progname); if ((r = sshbuf_put_stringb(resp, kbuf)) != 0 || (r = sshbuf_put_cstring(resp, "")) != 0) /* comment */ - fatal("%s: buffer error: %s", __progname, ssh_err(r)); + fatal_r(r, "%s: compose key", __progname); } out: @@ -308,10 +309,10 @@ main(int argc, char **argv) if (ssh_msg_recv(in, req) < 0) fatal("ssh_msg_recv failed"); close(in); - debug("%s: received message len %zu", __progname, sshbuf_len(req)); + debug_f("received message len %zu", sshbuf_len(req)); if ((r = sshbuf_get_u8(req, &version)) != 0) - fatal("%s: buffer error: %s", __progname, ssh_err(r)); + fatal_r(r, "%s: parse version", __progname); if (version != SSH_SK_HELPER_VERSION) { fatal("unsupported version: received %d, expected %d", version, SSH_SK_HELPER_VERSION); @@ -320,7 +321,7 @@ main(int argc, char **argv) if ((r = sshbuf_get_u32(req, &rtype)) != 0 || (r = sshbuf_get_u8(req, &log_stderr)) != 0 || (r = sshbuf_get_u32(req, &ll)) != 0) - fatal("%s: buffer error: %s", __progname, ssh_err(r)); + fatal_r(r, "%s: parse", __progname); if (!vflag && log_level_name((LogLevel)ll) != NULL) log_init(__progname, (LogLevel)ll, log_facility, log_stderr); @@ -339,7 +340,7 @@ main(int argc, char **argv) fatal("%s: unsupported request type %u", __progname, rtype); } sshbuf_free(req); - debug("%s: reply len %zu", __progname, sshbuf_len(resp)); + debug_f("reply len %zu", sshbuf_len(resp)); if (ssh_msg_send(out, SSH_SK_HELPER_VERSION, resp) == -1) fatal("ssh_msg_send failed"); diff --git a/usr.bin/ssh/ssh-sk.c b/usr.bin/ssh/ssh-sk.c index 1262bce4b97..fe441aaa574 100644 --- a/usr.bin/ssh/ssh-sk.c +++ b/usr.bin/ssh/ssh-sk.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-sk.c,v 1.32 2020/09/09 03:08:02 djm Exp $ */ +/* $OpenBSD: ssh-sk.c,v 1.33 2020/10/18 11:32:02 djm Exp $ */ /* * Copyright (c) 2019 Google LLC * @@ -99,11 +99,11 @@ sshsk_open(const char *path) return NULL; } if ((ret = calloc(1, sizeof(*ret))) == NULL) { - error("%s: calloc failed", __func__); + error_f("calloc failed"); return NULL; } if ((ret->path = strdup(path)) == NULL) { - error("%s: strdup failed", __func__); + error_f("strdup failed"); goto fail; } /* Skip the rest if we're using the linked in middleware */ @@ -124,8 +124,8 @@ sshsk_open(const char *path) goto fail; } version = ret->sk_api_version(); - debug("%s: provider %s implements version 0x%08lx", __func__, - ret->path, (u_long)version); + debug_f("provider %s implements version 0x%08lx", ret->path, + (u_long)version); if ((version & SSH_SK_VERSION_MAJOR_MASK) != SSH_SK_VERSION_MAJOR) { error("Provider \"%s\" implements unsupported " "version 0x%08lx (supported: 0x%08lx)", @@ -190,7 +190,7 @@ sshsk_ecdsa_assemble(struct sk_enroll_response *resp, struct sshkey **keyp) *keyp = NULL; if ((key = sshkey_new(KEY_ECDSA_SK)) == NULL) { - error("%s: sshkey_new failed", __func__); + error_f("sshkey_new failed"); r = SSH_ERR_ALLOC_FAIL; goto out; } @@ -198,17 +198,17 @@ sshsk_ecdsa_assemble(struct sk_enroll_response *resp, struct sshkey **keyp) if ((key->ecdsa = EC_KEY_new_by_curve_name(key->ecdsa_nid)) == NULL || (q = EC_POINT_new(EC_KEY_get0_group(key->ecdsa))) == NULL || (b = sshbuf_new()) == NULL) { - error("%s: allocation failed", __func__); + error_f("allocation failed"); r = SSH_ERR_ALLOC_FAIL; goto out; } if ((r = sshbuf_put_string(b, resp->public_key, resp->public_key_len)) != 0) { - error("%s: buffer error: %s", __func__, ssh_err(r)); + error_fr(r, "sshbuf_put_string"); goto out; } if ((r = sshbuf_get_ec(b, q, EC_KEY_get0_group(key->ecdsa))) != 0) { - error("%s: parse key: %s", __func__, ssh_err(r)); + error_fr(r, "parse"); r = SSH_ERR_INVALID_FORMAT; goto out; } @@ -219,7 +219,7 @@ sshsk_ecdsa_assemble(struct sk_enroll_response *resp, struct sshkey **keyp) } if (EC_KEY_set_public_key(key->ecdsa, q) != 1) { /* XXX assume it is a allocation error */ - error("%s: allocation failed", __func__); + error_f("allocation failed"); r = SSH_ERR_ALLOC_FAIL; goto out; } @@ -243,17 +243,17 @@ sshsk_ed25519_assemble(struct sk_enroll_response *resp, struct sshkey **keyp) *keyp = NULL; if (resp->public_key_len != ED25519_PK_SZ) { - error("%s: invalid size: %zu", __func__, resp->public_key_len); + error_f("invalid size: %zu", resp->public_key_len); r = SSH_ERR_INVALID_FORMAT; goto out; } if ((key = sshkey_new(KEY_ED25519_SK)) == NULL) { - error("%s: sshkey_new failed", __func__); + error_f("sshkey_new failed"); r = SSH_ERR_ALLOC_FAIL; goto out; } if ((key->ed25519_pk = malloc(ED25519_PK_SZ)) == NULL) { - error("%s: malloc failed", __func__); + error_f("malloc failed"); r = SSH_ERR_ALLOC_FAIL; goto out; } @@ -278,7 +278,7 @@ sshsk_key_from_response(int alg, const char *application, uint8_t flags, /* Check response validity */ if (resp->public_key == NULL || resp->key_handle == NULL) { - error("%s: sk_enroll response invalid", __func__); + error_f("sk_enroll response invalid"); r = SSH_ERR_INVALID_FORMAT; goto out; } @@ -294,25 +294,25 @@ sshsk_key_from_response(int alg, const char *application, uint8_t flags, goto out; break; default: - error("%s: unsupported algorithm %d", __func__, alg); + error_f("unsupported algorithm %d", alg); r = SSH_ERR_INVALID_ARGUMENT; goto out; } key->sk_flags = flags; if ((key->sk_key_handle = sshbuf_new()) == NULL || (key->sk_reserved = sshbuf_new()) == NULL) { - error("%s: allocation failed", __func__); + error_f("allocation failed"); r = SSH_ERR_ALLOC_FAIL; goto out; } if ((key->sk_application = strdup(application)) == NULL) { - error("%s: strdup application failed", __func__); + error_f("strdup application failed"); r = SSH_ERR_ALLOC_FAIL; goto out; } if ((r = sshbuf_put(key->sk_key_handle, resp->key_handle, resp->key_handle_len)) != 0) { - error("%s: buffer error: %s", __func__, ssh_err(r)); + error_fr(r, "put key handle"); goto out; } /* success */ @@ -364,18 +364,18 @@ sshsk_add_option(struct sk_option ***optsp, size_t *noptsp, if ((opts = recallocarray(opts, nopts, nopts + 2, /* extra for NULL */ sizeof(*opts))) == NULL) { - error("%s: array alloc failed", __func__); + error_f("array alloc failed"); return SSH_ERR_ALLOC_FAIL; } *optsp = opts; *noptsp = nopts + 1; if ((opts[nopts] = calloc(1, sizeof(**opts))) == NULL) { - error("%s: alloc failed", __func__); + error_f("alloc failed"); return SSH_ERR_ALLOC_FAIL; } if ((opts[nopts]->name = strdup(name)) == NULL || (opts[nopts]->value = strdup(value)) == NULL) { - error("%s: alloc failed", __func__); + error_f("alloc failed"); return SSH_ERR_ALLOC_FAIL; } opts[nopts]->required = required; @@ -428,7 +428,7 @@ fill_attestation_blob(const struct sk_enroll_response *resp, resp->authdata, resp->authdata_len)) != 0 || (r = sshbuf_put_u32(attest, 0)) != 0 || /* resvd flags */ (r = sshbuf_put_string(attest, NULL, 0)) != 0 /* resvd */) { - error("%s: buffer error: %s", __func__, ssh_err(r)); + error_fr(r, "compose"); return r; } /* success */ @@ -451,8 +451,8 @@ sshsk_enroll(int type, const char *provider_path, const char *device, int r = SSH_ERR_INTERNAL_ERROR; int alg; - debug("%s: provider \"%s\", device \"%s\", application \"%s\", " - "userid \"%s\", flags 0x%02x, challenge len %zu%s", __func__, + debug_f("provider \"%s\", device \"%s\", application \"%s\", " + "userid \"%s\", flags 0x%02x, challenge len %zu%s", provider_path, device, application, userid, flags, challenge_buf == NULL ? 0 : sshbuf_len(challenge_buf), (pin != NULL && *pin != '\0') ? " with-pin" : ""); @@ -474,22 +474,22 @@ sshsk_enroll(int type, const char *provider_path, const char *device, alg = SSH_SK_ED25519; break; default: - error("%s: unsupported key type", __func__); + error_f("unsupported key type"); r = SSH_ERR_INVALID_ARGUMENT; goto out; } if (provider_path == NULL) { - error("%s: missing provider", __func__); + error_f("missing provider"); r = SSH_ERR_INVALID_ARGUMENT; goto out; } if (application == NULL || *application == '\0') { - error("%s: missing application", __func__); + error_f("missing application"); r = SSH_ERR_INVALID_ARGUMENT; goto out; } if (challenge_buf == NULL) { - debug("%s: using random challenge", __func__); + debug_f("using random challenge"); arc4random_buf(randchall, sizeof(randchall)); challenge = randchall; challenge_len = sizeof(randchall); @@ -500,8 +500,7 @@ sshsk_enroll(int type, const char *provider_path, const char *device, } else { challenge = sshbuf_ptr(challenge_buf); challenge_len = sshbuf_len(challenge_buf); - debug3("%s: using explicit challenge len=%zd", - __func__, challenge_len); + debug3_f("using explicit challenge len=%zd", challenge_len); } if ((skp = sshsk_open(provider_path)) == NULL) { r = SSH_ERR_INVALID_FORMAT; /* XXX sshsk_open return code? */ @@ -511,8 +510,7 @@ sshsk_enroll(int type, const char *provider_path, const char *device, /* enroll key */ if ((r = skp->sk_enroll(alg, challenge, challenge_len, application, flags, pin, opts, &resp)) != 0) { - debug("%s: provider \"%s\" returned failure %d", __func__, - provider_path, r); + debug_f("provider \"%s\" failure %d", provider_path, r); r = skerr_to_ssherr(r); goto out; } @@ -547,7 +545,7 @@ sshsk_ecdsa_sig(struct sk_sign_response *resp, struct sshbuf *sig) /* Check response validity */ if (resp->sig_r == NULL || resp->sig_s == NULL) { - error("%s: sk_sign response invalid", __func__); + error_f("sk_sign response invalid"); r = SSH_ERR_INVALID_FORMAT; goto out; } @@ -560,13 +558,13 @@ sshsk_ecdsa_sig(struct sk_sign_response *resp, struct sshbuf *sig) resp->sig_r, resp->sig_r_len)) != 0 || (r = sshbuf_put_bignum2_bytes(inner_sig, resp->sig_s, resp->sig_s_len)) != 0) { - debug("%s: buffer error: %s", __func__, ssh_err(r)); + error_fr(r, "compose inner"); goto out; } if ((r = sshbuf_put_stringb(sig, inner_sig)) != 0 || (r = sshbuf_put_u8(sig, resp->flags)) != 0 || (r = sshbuf_put_u32(sig, resp->counter)) != 0) { - debug("%s: buffer error: %s", __func__, ssh_err(r)); + error_fr(r, "compose"); goto out; } #ifdef DEBUG_SK @@ -591,7 +589,7 @@ sshsk_ed25519_sig(struct sk_sign_response *resp, struct sshbuf *sig) /* Check response validity */ if (resp->sig_r == NULL) { - error("%s: sk_sign response invalid", __func__); + error_f("sk_sign response invalid"); r = SSH_ERR_INVALID_FORMAT; goto out; } @@ -599,7 +597,7 @@ sshsk_ed25519_sig(struct sk_sign_response *resp, struct sshbuf *sig) resp->sig_r, resp->sig_r_len)) != 0 || (r = sshbuf_put_u8(sig, resp->flags)) != 0 || (r = sshbuf_put_u32(sig, resp->counter)) != 0) { - debug("%s: buffer error: %s", __func__, ssh_err(r)); + error_fr(r, "compose"); goto out; } #ifdef DEBUG_SK @@ -623,7 +621,7 @@ sshsk_sign(const char *provider_path, struct sshkey *key, struct sshbuf *inner_sig = NULL, *sig = NULL; struct sk_option **opts = NULL; - debug("%s: provider \"%s\", key %s, flags 0x%02x%s", __func__, + debug_f("provider \"%s\", key %s, flags 0x%02x%s", provider_path, sshkey_type(key), key->sk_flags, (pin != NULL && *pin != '\0') ? " with-pin" : ""); @@ -658,7 +656,7 @@ sshsk_sign(const char *provider_path, struct sshkey *key, if ((r = skp->sk_sign(alg, data, datalen, key->sk_application, sshbuf_ptr(key->sk_key_handle), sshbuf_len(key->sk_key_handle), key->sk_flags, pin, opts, &resp)) != 0) { - debug("%s: sk_sign failed with code %d", __func__, r); + debug_f("sk_sign failed with code %d", r); r = skerr_to_ssherr(r); goto out; } @@ -668,7 +666,7 @@ sshsk_sign(const char *provider_path, struct sshkey *key, goto out; } if ((r = sshbuf_put_cstring(sig, sshkey_ssh_name_plain(key))) != 0) { - debug("%s: buffer error (outer): %s", __func__, ssh_err(r)); + error_fr(r, "compose outer"); goto out; } switch (type) { @@ -742,7 +740,7 @@ sshsk_load_resident(const char *provider_path, const char *device, uint8_t flags; struct sk_option **opts = NULL; - debug("%s: provider \"%s\"%s", __func__, provider_path, + debug_f("provider \"%s\"%s", provider_path, (pin != NULL && *pin != '\0') ? ", have-pin": ""); if (keysp == NULL || nkeysp == NULL) @@ -762,9 +760,8 @@ sshsk_load_resident(const char *provider_path, const char *device, goto out; } for (i = 0; i < nrks; i++) { - debug3("%s: rk %zu: slot = %zu, alg = %d, application = \"%s\"", - __func__, i, rks[i]->slot, rks[i]->alg, - rks[i]->application); + debug3_f("rk %zu: slot = %zu, alg = %d, application = \"%s\"", + i, rks[i]->slot, rks[i]->alg, rks[i]->application); /* XXX need better filter here */ if (strncmp(rks[i]->application, "ssh:", 4) != 0) continue; @@ -783,7 +780,7 @@ sshsk_load_resident(const char *provider_path, const char *device, goto out; if ((tmp = recallocarray(keys, nkeys, nkeys + 1, sizeof(*tmp))) == NULL) { - error("%s: recallocarray failed", __func__); + error_f("recallocarray failed"); r = SSH_ERR_ALLOC_FAIL; goto out; } diff --git a/usr.bin/ssh/ssh-xmss.c b/usr.bin/ssh/ssh-xmss.c index 5aee5614387..9782670dda0 100644 --- a/usr.bin/ssh/ssh-xmss.c +++ b/usr.bin/ssh/ssh-xmss.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-xmss.c,v 1.2 2020/02/26 13:40:09 jsg Exp $*/ +/* $OpenBSD: ssh-xmss.c,v 1.3 2020/10/18 11:32:02 djm Exp $*/ /* * Copyright (c) 2017 Stefan-Lukas Gazdag. * Copyright (c) 2017 Markus Friedl. @@ -161,8 +161,7 @@ ssh_xmss_verify(const struct sshkey *key, memcpy(sm+len, data, datalen); if ((ret = xmss_sign_open(m, &mlen, sm, smlen, key->xmss_pk, sshkey_xmss_params(key))) != 0) { - debug2("%s: crypto_sign_xmss_open failed: %d", - __func__, ret); + debug2_f("xmss_sign_open failed: %d", ret); } if (ret != 0 || mlen != datalen) { r = SSH_ERR_SIGNATURE_INVALID; diff --git a/usr.bin/ssh/ssh.c b/usr.bin/ssh/ssh.c index cc98554274c..f8c0ca01ed0 100644 --- a/usr.bin/ssh/ssh.c +++ b/usr.bin/ssh/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.539 2020/10/16 13:26:13 djm Exp $ */ +/* $OpenBSD: ssh.c,v 1.540 2020/10/18 11:32:02 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -305,8 +305,8 @@ resolve_host(const char *name, int port, int logerr, char *cname, size_t clen) } if (cname != NULL && res->ai_canonname != NULL) { if (strlcpy(cname, res->ai_canonname, clen) >= clen) { - error("%s: host \"%s\" cname \"%s\" too long (max %lu)", - __func__, name, res->ai_canonname, (u_long)clen); + error_f("host \"%s\" cname \"%s\" too long (max %lu)", + name, res->ai_canonname, (u_long)clen); if (clen > 0) *cname = '\0'; } @@ -370,29 +370,27 @@ resolve_addr(const char *name, int port, char *caddr, size_t clen) hints.ai_socktype = SOCK_STREAM; hints.ai_flags = AI_NUMERICHOST|AI_NUMERICSERV; if ((gaierr = getaddrinfo(name, strport, &hints, &res)) != 0) { - debug2("%s: could not resolve name %.100s as address: %s", - __func__, name, ssh_gai_strerror(gaierr)); + debug2_f("could not resolve name %.100s as address: %s", + name, ssh_gai_strerror(gaierr)); return NULL; } if (res == NULL) { - debug("%s: getaddrinfo %.100s returned no addresses", - __func__, name); + debug_f("getaddrinfo %.100s returned no addresses", name); return NULL; } if (res->ai_next != NULL) { - debug("%s: getaddrinfo %.100s returned multiple addresses", - __func__, name); + debug_f("getaddrinfo %.100s returned multiple addresses", name); goto fail; } if ((gaierr = getnameinfo(res->ai_addr, res->ai_addrlen, addr, sizeof(addr), NULL, 0, NI_NUMERICHOST)) != 0) { - debug("%s: Could not format address for name %.100s: %s", - __func__, name, ssh_gai_strerror(gaierr)); + debug_f("Could not format address for name %.100s: %s", + name, ssh_gai_strerror(gaierr)); goto fail; } if (strlcpy(caddr, addr, clen) >= clen) { - error("%s: host \"%s\" addr \"%s\" too long (max %lu)", - __func__, name, addr, (u_long)clen); + error_f("host \"%s\" addr \"%s\" too long (max %lu)", + name, addr, (u_long)clen); if (clen > 0) *caddr = '\0'; fail: @@ -425,7 +423,7 @@ check_follow_cname(int direct, char **namep, const char *cname) if (!direct && options.canonicalize_hostname != SSH_CANONICALISE_ALWAYS) return 0; - debug3("%s: check \"%s\" CNAME \"%s\"", __func__, *namep, cname); + debug3_f("check \"%s\" CNAME \"%s\"", *namep, cname); for (i = 0; i < options.num_permitted_cnames; i++) { rule = options.permitted_cnames + i; if (match_pattern_list(*namep, rule->source_list, 1) != 1 || @@ -459,10 +457,10 @@ resolve_canonicalize(char **hostp, int port) */ if ((addrs = resolve_addr(*hostp, port, newname, sizeof(newname))) != NULL) { - debug2("%s: hostname %.100s is address", __func__, *hostp); + debug2_f("hostname %.100s is address", *hostp); if (strcasecmp(*hostp, newname) != 0) { - debug2("%s: canonicalised address \"%s\" => \"%s\"", - __func__, *hostp, newname); + debug2_f("canonicalised address \"%s\" => \"%s\"", + *hostp, newname); free(*hostp); *hostp = xstrdup(newname); } @@ -475,8 +473,7 @@ resolve_canonicalize(char **hostp, int port) * attempts at canonicalisation. */ if (is_addr_fast(*hostp)) { - debug("%s: hostname %.100s is an unrecognised address", - __func__, *hostp); + debug_f("hostname %.100s is an unrecognised address", *hostp); return NULL; } @@ -495,7 +492,7 @@ resolve_canonicalize(char **hostp, int port) /* If domain name is anchored, then resolve it now */ if ((*hostp)[strlen(*hostp) - 1] == '.') { - debug3("%s: name is fully qualified", __func__); + debug3_f("name is fully qualified"); fullhost = xstrdup(*hostp); if ((addrs = resolve_host(fullhost, port, 0, newname, sizeof(newname))) != NULL) @@ -511,16 +508,15 @@ resolve_canonicalize(char **hostp, int port) ndots++; } if (ndots > options.canonicalize_max_dots) { - debug3("%s: not canonicalizing hostname \"%s\" (max dots %d)", - __func__, *hostp, options.canonicalize_max_dots); + debug3_f("not canonicalizing hostname \"%s\" (max dots %d)", + *hostp, options.canonicalize_max_dots); return NULL; } /* Attempt each supplied suffix */ for (i = 0; i < options.num_canonical_domains; i++) { xasprintf(&fullhost, "%s.%s.", *hostp, options.canonical_domains[i]); - debug3("%s: attempting \"%s\" => \"%s\"", __func__, - *hostp, fullhost); + debug3_f("attempting \"%s\" => \"%s\"", *hostp, fullhost); if ((addrs = resolve_host(fullhost, port, 0, newname, sizeof(newname))) == NULL) { free(fullhost); @@ -541,7 +537,7 @@ resolve_canonicalize(char **hostp, int port) notfound: if (!options.canonicalize_fallback_local) fatal("%s: Could not resolve host \"%s\"", __progname, *hostp); - debug2("%s: host %s not found in any suffix", __func__, *hostp); + debug2_f("host %s not found in any suffix", *hostp); return NULL; } @@ -557,14 +553,14 @@ check_load(int r, const char *path, const char *message) break; case SSH_ERR_INTERNAL_ERROR: case SSH_ERR_ALLOC_FAIL: - fatal("load %s \"%s\": %s", message, path, ssh_err(r)); + fatal_r(r, "load %s \"%s\"", message, path); case SSH_ERR_SYSTEM_ERROR: /* Ignore missing files */ if (errno == ENOENT) break; /* FALLTHROUGH */ default: - error("load %s \"%s\": %s", message, path, ssh_err(r)); + error_r(r, "load %s \"%s\"", message, path); break; } } @@ -1123,8 +1119,7 @@ main(int ac, char **av) for (i = 0; i < ac; i++) { if ((r = sshbuf_putf(command, "%s%s", i ? " " : "", av[i])) != 0) - fatal("%s: buffer error: %s", - __func__, ssh_err(r)); + fatal_fr(r, "buffer error"); } } @@ -1385,7 +1380,7 @@ main(int ac, char **av) free(cp); if ((r = sshbuf_put(command, options.remote_command, strlen(options.remote_command))) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "buffer error"); } if (options.control_path != NULL) { @@ -1551,13 +1546,13 @@ main(int ac, char **av) /* XXX check errors? */ #define L_PUBKEY(p,o) do { \ if ((o) >= sensitive_data.nkeys) \ - fatal("%s pubkey out of array bounds", __func__); \ + fatal_f("pubkey out of array bounds"); \ check_load(sshkey_load_public(p, &(sensitive_data.keys[o]), NULL), \ p, "pubkey"); \ } while (0) #define L_CERT(p,o) do { \ if ((o) >= sensitive_data.nkeys) \ - fatal("%s cert out of array bounds", __func__); \ + fatal_f("cert out of array bounds"); \ check_load(sshkey_load_cert(p, &(sensitive_data.keys[o])), p, "cert"); \ } while (0) @@ -1680,7 +1675,7 @@ control_persist_detach(void) { pid_t pid; - debug("%s: backgrounding master process", __func__); + debug_f("backgrounding master process"); /* * master (current process) into the background, and make the @@ -1688,13 +1683,13 @@ control_persist_detach(void) */ switch ((pid = fork())) { case -1: - fatal("%s: fork: %s", __func__, strerror(errno)); + fatal_f("fork: %s", strerror(errno)); case 0: /* Child: master process continues mainloop */ break; default: /* Parent: set up mux client to connect to backgrounded master */ - debug2("%s: background process is %ld", __func__, (long)pid); + debug2_f("background process is %ld", (long)pid); stdin_null_flag = ostdin_null_flag; options.request_tty = orequest_tty; tty_flag = otty_flag; @@ -1706,7 +1701,7 @@ control_persist_detach(void) fatal("Failed to connect to new control master"); } if (stdfd_devnull(1, 1, !(log_is_on_stderr() && debug_flag)) == -1) - error("%s: stdfd_devnull failed", __func__); + error_f("stdfd_devnull failed"); daemon(1, 1); setproctitle("%s [mux]", options.control_path); } @@ -1722,7 +1717,7 @@ fork_postauth(void) if (daemon(1, 1) == -1) fatal("daemon() failed: %.200s", strerror(errno)); if (stdfd_devnull(1, 1, !(log_is_on_stderr() && debug_flag)) == -1) - error("%s: stdfd_devnull failed", __func__); + error_f("stdfd_devnull failed"); } static void @@ -1731,12 +1726,12 @@ forwarding_success(void) if (forward_confirms_pending == -1) return; if (--forward_confirms_pending == 0) { - debug("%s: all expected forwarding replies received", __func__); + debug_f("all expected forwarding replies received"); if (fork_after_authentication_flag) fork_postauth(); } else { - debug2("%s: %d expected forwarding replies remaining", - __func__, forward_confirms_pending); + debug2_f("%d expected forwarding replies remaining", + forward_confirms_pending); } } @@ -1759,7 +1754,7 @@ ssh_confirm_remote_forward(struct ssh *ssh, int type, u_int32_t seq, void *ctxt) if (rfwd->listen_path == NULL && rfwd->listen_port == 0) { if (type == SSH2_MSG_REQUEST_SUCCESS) { if ((r = sshpkt_get_u32(ssh, &port)) != 0) - fatal("%s: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse packet"); if (port > 65535) { error("Invalid allocated port %u for remote " "forward to %s:%d", port, @@ -1825,7 +1820,7 @@ ssh_tun_confirm(struct ssh *ssh, int id, int success, void *arg) cleanup_exit(255); } - debug("%s: tunnel forward established, id=%d", __func__, id); + debug_f("tunnel forward established, id=%d", id); forwarding_success(); } @@ -1838,7 +1833,7 @@ ssh_init_stdio_forwarding(struct ssh *ssh) if (options.stdio_forward_host == NULL) return; - debug3("%s: %s:%d", __func__, options.stdio_forward_host, + debug3_f("%s:%d", options.stdio_forward_host, options.stdio_forward_port); if ((in = dup(STDIN_FILENO)) == -1 || @@ -1846,7 +1841,7 @@ ssh_init_stdio_forwarding(struct ssh *ssh) fatal("channel_connect_stdio_fwd: dup() in/out failed"); if ((c = channel_connect_stdio_fwd(ssh, options.stdio_forward_host, options.stdio_forward_port, in, out)) == NULL) - fatal("%s: channel_connect_stdio_fwd failed", __func__); + fatal_f("channel_connect_stdio_fwd failed"); channel_register_cleanup(ssh, c->self, client_cleanup_stdio_fwd, 0); channel_register_open_confirm(ssh, c->self, ssh_stdio_confirm, NULL); } @@ -1919,7 +1914,7 @@ ssh_init_forwarding(struct ssh *ssh, char **ifname) error("Could not request tunnel forwarding."); } if (forward_confirms_pending > 0) { - debug("%s: expecting replies for %d forwards", __func__, + debug_f("expecting replies for %d forwards", forward_confirms_pending); } } @@ -1934,8 +1929,7 @@ check_agent_present(void) if ((r = ssh_get_authentication_socket(NULL)) != 0) { options.forward_agent = 0; if (r != SSH_ERR_AGENT_NOT_PRESENT) - debug("ssh_get_authentication_socket: %s", - ssh_err(r)); + debug_r(r, "ssh_get_authentication_socket"); } } } @@ -1972,7 +1966,7 @@ ssh_session2_setup(struct ssh *ssh, int id, int success, void *arg) debug("Requesting authentication agent forwarding."); channel_request_start(ssh, id, "auth-agent-req@openssh.com", 0); if ((r = sshpkt_send(ssh)) != 0) - fatal("%s: %s", __func__, ssh_err(r)); + fatal_fr(r, "send packet"); } /* Tell the packet module whether this is an interactive session. */ @@ -2020,7 +2014,7 @@ ssh_session2_open(struct ssh *ssh) window, packetmax, CHAN_EXTENDED_WRITE, "client-session", /*nonblock*/0); - debug3("%s: channel_new: %d", __func__, c->self); + debug3_f("channel_new: %d", c->self); channel_send_open(ssh, c->self); if (!no_shell_flag) @@ -2106,7 +2100,7 @@ ssh_session2(struct ssh *ssh, struct passwd *pw) "no-more-sessions@openssh.com")) != 0 || (r = sshpkt_put_u8(ssh, 0)) != 0 || (r = sshpkt_send(ssh)) != 0) - fatal("%s: %s", __func__, ssh_err(r)); + fatal_fr(r, "send packet"); } /* Execute a local command */ @@ -2121,7 +2115,7 @@ ssh_session2(struct ssh *ssh, struct passwd *pw) * as it may want to write to stdout. */ if (!need_controlpersist_detach && stdfd_devnull(0, 1, 0) == -1) - error("%s: stdfd_devnull failed", __func__); + error_f("stdfd_devnull failed"); /* * If requested and we are not interested in replies to remote @@ -2229,8 +2223,8 @@ load_public_identity_files(struct passwd *pw) continue; } if (!sshkey_is_cert(public)) { - debug("%s: key %s type %s is not a certificate", - __func__, cp, sshkey_type(public)); + debug_f("key %s type %s is not a certificate", + cp, sshkey_type(public)); sshkey_free(public); free(cp); continue; @@ -2244,7 +2238,7 @@ load_public_identity_files(struct passwd *pw) } if (options.num_certificate_files > SSH_MAX_CERTIFICATE_FILES) - fatal("%s: too many certificates", __func__); + fatal_f("too many certificates"); for (i = 0; i < options.num_certificate_files; i++) { cp = tilde_expand_filename(options.certificate_files[i], getuid()); @@ -2263,8 +2257,8 @@ load_public_identity_files(struct passwd *pw) continue; } if (!sshkey_is_cert(public)) { - debug("%s: key %s type %s is not a certificate", - __func__, filename, sshkey_type(public)); + debug_f("key %s type %s is not a certificate", + filename, sshkey_type(public)); sshkey_free(public); free(filename); continue; diff --git a/usr.bin/ssh/ssh_api.c b/usr.bin/ssh/ssh_api.c index ef10460d0e1..738209a4ce1 100644 --- a/usr.bin/ssh/ssh_api.c +++ b/usr.bin/ssh/ssh_api.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh_api.c,v 1.21 2020/08/27 01:06:18 djm Exp $ */ +/* $OpenBSD: ssh_api.c,v 1.22 2020/10/18 11:32:02 djm Exp $ */ /* * Copyright (c) 2012 Markus Friedl. All rights reserved. * @@ -350,7 +350,7 @@ _ssh_read_banner(struct ssh *ssh, struct sshbuf *banner) if (sshbuf_len(banner) >= 4 && memcmp(sshbuf_ptr(banner), "SSH-", 4) == 0) break; - debug("%s: %.*s", __func__, (int)sshbuf_len(banner), + debug_f("%.*s", (int)sshbuf_len(banner), sshbuf_ptr(banner)); /* Accept lines before banner only on client */ if (ssh->kex->server || ++n > SSH_MAX_PRE_BANNER_LINES) { @@ -463,9 +463,9 @@ _ssh_host_public_key(int type, int nid, struct ssh *ssh) { struct key_entry *k; - debug3("%s: need %d", __func__, type); + debug3_f("need %d", type); TAILQ_FOREACH(k, &ssh->public_keys, next) { - debug3("%s: check %s", __func__, sshkey_type(k->key)); + debug3_f("check %s", sshkey_type(k->key)); if (k->key->type == type && (type != KEY_ECDSA || k->key->ecdsa_nid == nid)) return (k->key); @@ -478,9 +478,9 @@ _ssh_host_private_key(int type, int nid, struct ssh *ssh) { struct key_entry *k; - debug3("%s: need %d", __func__, type); + debug3_f("need %d", type); TAILQ_FOREACH(k, &ssh->private_keys, next) { - debug3("%s: check %s", __func__, sshkey_type(k->key)); + debug3_f("check %s", sshkey_type(k->key)); if (k->key->type == type && (type != KEY_ECDSA || k->key->ecdsa_nid == nid)) return (k->key); @@ -493,9 +493,9 @@ _ssh_verify_host_key(struct sshkey *hostkey, struct ssh *ssh) { struct key_entry *k; - debug3("%s: need %s", __func__, sshkey_type(hostkey)); + debug3_f("need %s", sshkey_type(hostkey)); TAILQ_FOREACH(k, &ssh->public_keys, next) { - debug3("%s: check %s", __func__, sshkey_type(k->key)); + debug3_f("check %s", sshkey_type(k->key)); if (sshkey_equal_public(hostkey, k->key)) return (0); /* ok */ } @@ -541,8 +541,8 @@ _ssh_order_hostkeyalgs(struct ssh *ssh) } } if (*replace != '\0') { - debug2("%s: orig/%d %s", __func__, ssh->kex->server, orig); - debug2("%s: replace/%d %s", __func__, ssh->kex->server, replace); + debug2_f("orig/%d %s", ssh->kex->server, orig); + debug2_f("replace/%d %s", ssh->kex->server, replace); free(orig); proposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = replace; replace = NULL; /* owned by proposal */ diff --git a/usr.bin/ssh/sshconnect.c b/usr.bin/ssh/sshconnect.c index 8151f6a93ca..df1c372cb91 100644 --- a/usr.bin/ssh/sshconnect.c +++ b/usr.bin/ssh/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.340 2020/10/12 08:36:37 kn Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.341 2020/10/18 11:32:02 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -140,7 +140,7 @@ ssh_proxy_fdpass_connect(struct ssh *ssh, const char *host, */ if (!debug_flag && options.control_path != NULL && options.control_persist && stdfd_devnull(0, 0, 1) == -1) - error("%s: stdfd_devnull failed", __func__); + error_f("stdfd_devnull failed"); argv[0] = shell; argv[1] = "-c"; @@ -223,7 +223,7 @@ ssh_proxy_connect(struct ssh *ssh, const char *host, const char *host_arg, */ if (!debug_flag && options.control_path != NULL && options.control_persist && stdfd_devnull(0, 0, 1) == -1) - error("%s: stdfd_devnull failed", __func__); + error_f("stdfd_devnull failed"); argv[0] = shell; argv[1] = "-c"; @@ -301,8 +301,7 @@ check_ifaddrs(const char *ifname, int af, const struct ifaddrs *ifaddrs, htonl(INADDR_LOOPBACK)) continue; if (*rlenp < sizeof(struct sockaddr_in)) { - error("%s: v4 addr doesn't fit", - __func__); + error_f("v4 addr doesn't fit"); return -1; } *rlenp = sizeof(struct sockaddr_in); @@ -316,8 +315,7 @@ check_ifaddrs(const char *ifname, int af, const struct ifaddrs *ifaddrs, IN6_IS_ADDR_LOOPBACK(v6addr))) continue; if (*rlenp < sizeof(struct sockaddr_in6)) { - error("%s: v6 addr doesn't fit", - __func__); + error_f("v6 addr doesn't fit"); return -1; } *rlenp = sizeof(struct sockaddr_in6); @@ -387,15 +385,14 @@ ssh_create_socket(struct addrinfo *ai) } if ((r = getnameinfo((struct sockaddr *)&bindaddr, bindaddrlen, ntop, sizeof(ntop), NULL, 0, NI_NUMERICHOST)) != 0) { - error("%s: getnameinfo failed: %s", __func__, - ssh_gai_strerror(r)); + error_f("getnameinfo failed: %s", ssh_gai_strerror(r)); goto fail; } if (bind(sock, (struct sockaddr *)&bindaddr, bindaddrlen) != 0) { error("bind %s: %s", ntop, strerror(errno)); goto fail; } - debug("%s: bound to %s", __func__, ntop); + debug_f("bound to %s", ntop); /* success */ goto out; fail: @@ -428,7 +425,7 @@ ssh_connect_direct(struct ssh *ssh, const char *host, struct addrinfo *aitop, char ntop[NI_MAXHOST], strport[NI_MAXSERV]; struct addrinfo *ai; - debug2("%s", __func__); + debug3_f("entering"); memset(ntop, 0, sizeof(ntop)); memset(strport, 0, sizeof(strport)); @@ -452,7 +449,7 @@ ssh_connect_direct(struct ssh *ssh, const char *host, struct addrinfo *aitop, ntop, sizeof(ntop), strport, sizeof(strport), NI_NUMERICHOST|NI_NUMERICSERV) != 0) { oerrno = errno; - error("%s: getnameinfo failed", __func__); + error_f("getnameinfo failed"); errno = oerrno; continue; } @@ -523,7 +520,7 @@ ssh_connect(struct ssh *ssh, const char *host, const char *host_arg, (out = dup(STDOUT_FILENO)) == -1) { if (in >= 0) close(in); - error("%s: dup() in/out failed", __func__); + error_f("dup() in/out failed"); return -1; /* ssh_packet_set_connection logs error */ } if ((ssh_packet_set_connection(ssh, in, out)) == NULL) @@ -582,16 +579,15 @@ check_host_cert(const char *host, const struct sshkey *key) } if ((r = sshkey_check_cert_sigtype(key, options.ca_sign_algorithms)) != 0) { - logit("%s: certificate signature algorithm %s: %s", __func__, + logit_fr(r, "certificate signature algorithm %s", (key->cert == NULL || key->cert->signature_type == NULL) ? - "(null)" : key->cert->signature_type, ssh_err(r)); + "(null)" : key->cert->signature_type); return 0; } /* Do not attempt hostkey update if a certificate was successful */ if (options.update_hostkeys != 0) { options.update_hostkeys = 0; - debug3("%s: certificate host key in use; disabling " - "UpdateHostkeys", __func__); + debug3_f("certificate host key in use; disabling UpdateHostkeys"); } return 1; } @@ -629,7 +625,7 @@ get_hostfile_hostname_ipaddr(char *hostname, struct sockaddr *hostaddr, if (options.proxy_command == NULL) { if (getnameinfo(hostaddr, hostaddr->sa_len, ntop, sizeof(ntop), NULL, 0, NI_NUMERICHOST) != 0) - fatal("%s: getnameinfo failed", __func__); + fatal_f("getnameinfo failed"); *hostfile_ipaddr = put_host_port(ntop, port); } else { *hostfile_ipaddr = xstrdup("<no hostip for proxy " @@ -785,8 +781,8 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, path_in_hostfiles(ip_found->file, system_hostfiles, num_system_hostfiles)))) { options.update_hostkeys = 0; - debug3("%s: host key found in GlobalKnownHostsFile; " - "disabling UpdateHostkeys", __func__); + debug3_f("host key found in GlobalKnownHostsFile; " + "disabling UpdateHostkeys"); } if (options.check_host_ip && ip_status == HOST_NEW) { if (readonly || want_cert) @@ -809,7 +805,7 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, ra = sshkey_fingerprint(host_key, options.fingerprint_hash, SSH_FP_RANDOMART); if (fp == NULL || ra == NULL) - fatal("%s: sshkey_fingerprint fail", __func__); + fatal_f("sshkey_fingerprint failed"); logit("Host key fingerprint is %s\n%s", fp, ra); free(ra); free(fp); @@ -856,7 +852,7 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, ra = sshkey_fingerprint(host_key, options.fingerprint_hash, SSH_FP_RANDOMART); if (fp == NULL || ra == NULL) - fatal("%s: sshkey_fingerprint fail", __func__); + fatal_f("sshkey_fingerprint failed"); msg2[0] = '\0'; if (options.verify_host_key_dns) { if (matching_host_key_dns) @@ -1093,8 +1089,8 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, } if (!hostkey_trusted && options.update_hostkeys) { - debug("%s: hostkey not known or explicitly trusted: " - "disabling UpdateHostkeys", __func__); + debug_f("hostkey not known or explicitly trusted: " + "disabling UpdateHostkeys"); options.update_hostkeys = 0; } @@ -1114,10 +1110,9 @@ fail: */ debug("No matching CA found. Retry with plain key"); if ((r = sshkey_from_private(host_key, &raw_key)) != 0) - fatal("%s: sshkey_from_private: %s", - __func__, ssh_err(r)); + fatal_fr(r, "decode key"); if ((r = sshkey_drop_cert(raw_key)) != 0) - fatal("Couldn't drop certificate: %s", ssh_err(r)); + fatal_r(r, "Couldn't drop certificate"); host_key = raw_key; goto retry; } @@ -1142,7 +1137,7 @@ verify_host_key(char *host, struct sockaddr *hostaddr, struct sshkey *host_key) if ((fp = sshkey_fingerprint(host_key, options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) { - error("%s: fingerprint host key: %s", __func__, ssh_err(r)); + error_fr(r, "fingerprint host key"); r = -1; goto out; } @@ -1150,8 +1145,7 @@ verify_host_key(char *host, struct sockaddr *hostaddr, struct sshkey *host_key) if (sshkey_is_cert(host_key)) { if ((cafp = sshkey_fingerprint(host_key->cert->signature_key, options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) { - error("%s: fingerprint CA key: %s", - __func__, ssh_err(r)); + error_fr(r, "fingerprint CA key"); r = -1; goto out; } @@ -1173,8 +1167,8 @@ verify_host_key(char *host, struct sockaddr *hostaddr, struct sshkey *host_key) } if (sshkey_equal(previous_host_key, host_key)) { - debug2("%s: server host key %s %s matches cached key", - __func__, sshkey_type(host_key), fp); + debug2_f("server host key %s %s matches cached key", + sshkey_type(host_key), fp); r = 0; goto out; } @@ -1192,9 +1186,9 @@ verify_host_key(char *host, struct sockaddr *hostaddr, struct sshkey *host_key) r = -1; goto out; default: - error("Error checking host key %s %s in " - "revoked keys file %s: %s", sshkey_type(host_key), - fp, options.revoked_host_keys, ssh_err(r)); + error_r(r, "Error checking host key %s %s in " + "revoked keys file %s", sshkey_type(host_key), + fp, options.revoked_host_keys); r = -1; goto out; } @@ -1309,7 +1303,7 @@ show_other_keys(struct hostkeys *hostkeys, struct sshkey *key) ra = sshkey_fingerprint(found->key, options.fingerprint_hash, SSH_FP_RANDOMART); if (fp == NULL || ra == NULL) - fatal("%s: sshkey_fingerprint fail", __func__); + fatal_f("sshkey_fingerprint fail"); logit("WARNING: %s key found for host %s\n" "in %s:%lu\n" "%s key fingerprint %s.", @@ -1333,7 +1327,7 @@ warn_changed_key(struct sshkey *host_key) fp = sshkey_fingerprint(host_key, options.fingerprint_hash, SSH_FP_DEFAULT); if (fp == NULL) - fatal("%s: sshkey_fingerprint fail", __func__); + fatal_f("sshkey_fingerprint fail"); error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); error("@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @"); diff --git a/usr.bin/ssh/sshconnect2.c b/usr.bin/ssh/sshconnect2.c index 476773faa02..c6770a2263e 100644 --- a/usr.bin/ssh/sshconnect2.c +++ b/usr.bin/ssh/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.330 2020/10/16 02:37:12 djm Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.331 2020/10/18 11:32:02 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -138,8 +138,8 @@ order_hostkeyalgs(char *host, struct sockaddr *hostaddr, u_short port) if (lookup_key_in_hostkeys_by_type(hostkeys, sshkey_type_plain(sshkey_type_from_name(best)), sshkey_ecdsa_nid_from_name(best), NULL)) { - debug3("%s: have matching best-preference key type %s, " - "using HostkeyAlgorithms verbatim", __func__, best); + debug3_f("have matching best-preference key type %s, " + "using HostkeyAlgorithms verbatim", best); ret = xstrdup(options.hostkeyalgorithms); goto out; } @@ -163,7 +163,7 @@ order_hostkeyalgs(char *host, struct sockaddr *hostaddr, u_short port) while ((alg = strsep(&avail, ",")) && *alg != '\0') { if ((ktype = sshkey_type_from_name(alg)) == KEY_UNSPEC) - fatal("%s: unknown alg %s", __func__, alg); + fatal_f("unknown alg %s", alg); /* * If we have a @cert-authority marker in known_hosts then * prefer all certificate algorithms. @@ -187,7 +187,7 @@ order_hostkeyalgs(char *host, struct sockaddr *hostaddr, u_short port) xasprintf(&ret, "%s%s%s", first, (*first == '\0' || *last == '\0') ? "" : ",", last); if (*first != '\0') - debug3("%s: prefer hostkeyalgs: %s", __func__, first); + debug3_f("prefer hostkeyalgs: %s", first); out: free(best); @@ -224,11 +224,11 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port) all_key = sshkey_alg_list(0, 0, 1, ','); if (kex_assemble_names(&options.hostkeyalgorithms, kex_default_pk_alg(), all_key) != 0) - fatal("%s: kex_assemble_namelist", __func__); + fatal_f("kex_assemble_namelist"); free(all_key); if ((s = kex_names_cat(options.kex_algorithms, "ext-info-c")) == NULL) - fatal("%s: kex_names_cat", __func__); + fatal_f("kex_names_cat"); myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(s); myproposal[PROPOSAL_ENC_ALGS_CTOS] = compat_cipher_proposal(options.ciphers); @@ -256,7 +256,7 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port) /* start key exchange */ if ((r = kex_setup(ssh, myproposal)) != 0) - fatal("kex_setup: %s", ssh_err(r)); + fatal_r(r, "kex_setup"); #ifdef WITH_OPENSSL ssh->kex->kex[KEX_DH_GRP1_SHA1] = kex_gen_client; ssh->kex->kex[KEX_DH_GRP14_SHA1] = kex_gen_client; @@ -277,7 +277,7 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port) myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(options.kex_algorithms); if ((r = kex_prop2buf(ssh->kex->my, myproposal)) != 0) - fatal("kex_prop2buf: %s", ssh_err(r)); + fatal_r(r, "kex_prop2buf"); session_id2 = ssh->kex->session_id; session_id2_len = ssh->kex->session_id_len; @@ -288,7 +288,7 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port) (r = sshpkt_put_cstring(ssh, "markus")) != 0 || (r = sshpkt_send(ssh)) != 0 || (r = ssh_packet_write_wait(ssh)) != 0) - fatal("%s: %s", __func__, ssh_err(r)); + fatal_fr(r, "send packet"); #endif } @@ -456,14 +456,13 @@ ssh_userauth2(struct ssh *ssh, const char *local_user, authctxt.agent_fd = -1; pubkey_prepare(&authctxt); if (authctxt.method == NULL) { - fatal("%s: internal error: cannot send userauth none request", - __func__); + fatal_f("internal error: cannot send userauth none request"); } if ((r = sshpkt_start(ssh, SSH2_MSG_SERVICE_REQUEST)) != 0 || (r = sshpkt_put_cstring(ssh, "ssh-userauth")) != 0 || (r = sshpkt_send(ssh)) != 0) - fatal("%s: %s", __func__, ssh_err(r)); + fatal_fr(r, "send packet"); ssh->authctxt = &authctxt; ssh_dispatch_init(ssh, &input_userauth_error); @@ -561,7 +560,7 @@ userauth(struct ssh *ssh, char *authlist) static int input_userauth_error(int type, u_int32_t seq, struct ssh *ssh) { - fatal("%s: bad message during authentication: type %d", __func__, type); + fatal_f("bad message during authentication: type %d", type); return 0; } @@ -573,7 +572,7 @@ input_userauth_banner(int type, u_int32_t seq, struct ssh *ssh) size_t len; int r; - debug3("%s", __func__); + debug3_f("entering"); if ((r = sshpkt_get_cstring(ssh, &msg, &len)) != 0 || (r = sshpkt_get_cstring(ssh, NULL, NULL)) != 0) goto out; @@ -592,7 +591,7 @@ input_userauth_success(int type, u_int32_t seq, struct ssh *ssh) Authctxt *authctxt = ssh->authctxt; if (authctxt == NULL) - fatal("%s: no authentication context", __func__); + fatal_f("no authentication context"); free(authctxt->authlist); authctxt->authlist = NULL; if (authctxt->method != NULL && authctxt->method->cleanup != NULL) @@ -610,7 +609,7 @@ input_userauth_success_unexpected(int type, u_int32_t seq, struct ssh *ssh) Authctxt *authctxt = ssh->authctxt; if (authctxt == NULL) - fatal("%s: no authentication context", __func__); + fatal_f("no authentication context"); fatal("Unexpected authentication success during %s.", authctxt->method->name); @@ -700,11 +699,11 @@ input_userauth_pk_ok(int type, u_int32_t seq, struct ssh *ssh) goto done; if ((pktype = sshkey_type_from_name(pkalg)) == KEY_UNSPEC) { - debug("%s: server sent unknown pkalg %s", __func__, pkalg); + debug_f("server sent unknown pkalg %s", pkalg); goto done; } if ((r = sshkey_from_blob(pkblob, blen, &key)) != 0) { - debug("no key from blob. pkalg %s: %s", pkalg, ssh_err(r)); + debug_r(r, "no key from blob. pkalg %s", pkalg); goto done; } if (key->type != pktype) { @@ -728,7 +727,7 @@ input_userauth_pk_ok(int type, u_int32_t seq, struct ssh *ssh) if (!found || id == NULL) { fp = sshkey_fingerprint(key, options.fingerprint_hash, SSH_FP_DEFAULT); - error("%s: server replied with unknown key: %s %s", __func__, + error_f("server replied with unknown key: %s %s", sshkey_type(key), fp == NULL ? "<ERROR>" : fp); goto done; } @@ -794,7 +793,7 @@ userauth_gssapi(struct ssh *ssh) (r = sshpkt_put_u8(ssh, mech->length)) != 0 || (r = sshpkt_put(ssh, mech->elements, mech->length)) != 0 || (r = sshpkt_send(ssh)) != 0) - fatal("%s: %s", __func__, ssh_err(r)); + fatal_fr(r, "send packet"); ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_RESPONSE, &input_gssapi_response); ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_TOKEN, &input_gssapi_token); @@ -842,7 +841,7 @@ process_gssapi_token(struct ssh *ssh, gss_buffer_t recv_tok) (r = sshpkt_put_string(ssh, send_tok.value, send_tok.length)) != 0 || (r = sshpkt_send(ssh)) != 0) - fatal("%s: %s", __func__, ssh_err(r)); + fatal_fr(r, "send %u packet", type); gss_release_buffer(&ms, &send_tok); } @@ -853,17 +852,17 @@ process_gssapi_token(struct ssh *ssh, gss_buffer_t recv_tok) if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE)) != 0 || (r = sshpkt_send(ssh)) != 0) - fatal("%s: %s", __func__, ssh_err(r)); + fatal_fr(r, "send completion"); } else { struct sshbuf *b; if ((b = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); ssh_gssapi_buildmic(b, authctxt->server_user, authctxt->service, "gssapi-with-mic"); if ((gssbuf.value = sshbuf_mutable_ptr(b)) == NULL) - fatal("%s: sshbuf_mutable_ptr failed", __func__); + fatal_f("sshbuf_mutable_ptr failed"); gssbuf.length = sshbuf_len(b); status = ssh_gssapi_sign(gssctxt, &gssbuf, &mic); @@ -874,7 +873,7 @@ process_gssapi_token(struct ssh *ssh, gss_buffer_t recv_tok) (r = sshpkt_put_string(ssh, mic.value, mic.length)) != 0 || (r = sshpkt_send(ssh)) != 0) - fatal("%s: %s", __func__, ssh_err(r)); + fatal_fr(r, "send MIC"); } sshbuf_free(b); @@ -1032,7 +1031,7 @@ userauth_none(struct ssh *ssh) (r = sshpkt_put_cstring(ssh, authctxt->service)) != 0 || (r = sshpkt_put_cstring(ssh, authctxt->method->name)) != 0 || (r = sshpkt_send(ssh)) != 0) - fatal("%s: %s", __func__, ssh_err(r)); + fatal_fr(r, "send packet"); return 1; } @@ -1061,7 +1060,7 @@ userauth_passwd(struct ssh *ssh) (r = sshpkt_put_cstring(ssh, password)) != 0 || (r = sshpkt_add_padding(ssh, 64)) != 0 || (r = sshpkt_send(ssh)) != 0) - fatal("%s: %s", __func__, ssh_err(r)); + fatal_fr(r, "send packet"); free(prompt); if (password != NULL) @@ -1228,8 +1227,8 @@ identity_sign(struct identity *id, u_char **sigp, size_t *lenp, if ((prv = load_identity_file(id)) == NULL) return SSH_ERR_KEY_NOT_FOUND; if (id->key != NULL && !sshkey_equal_public(prv, id->key)) { - error("%s: private key %s contents do not match public", - __func__, id->filename); + error_f("private key %s contents do not match public", + id->filename); r = SSH_ERR_KEY_NOT_FOUND; goto out; } @@ -1246,7 +1245,7 @@ identity_sign(struct identity *id, u_char **sigp, size_t *lenp, if ((fp = sshkey_fingerprint(sign_key, options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) - fatal("%s: fingerprint", __func__); + fatal_f("fingerprint failed"); notifier = notify_start(options.batch_mode, "Confirm user presence for key %s %s", sshkey_type(sign_key), fp); @@ -1256,7 +1255,7 @@ identity_sign(struct identity *id, u_char **sigp, size_t *lenp, } if ((r = sshkey_sign(sign_key, sigp, lenp, data, datalen, alg, options.sk_provider, pin, compat)) != 0) { - debug("%s: sshkey_sign: %s", __func__, ssh_err(r)); + debug_fr(r, "sshkey_sign"); goto out; } /* @@ -1264,7 +1263,7 @@ identity_sign(struct identity *id, u_char **sigp, size_t *lenp, * so check what we get back. */ if ((r = sshkey_check_sigtype(*sigp, *lenp, alg)) != 0) { - debug("%s: sshkey_check_sigtype: %s", __func__, ssh_err(r)); + debug_fr(r, "sshkey_check_sigtype"); goto out; } /* success */ @@ -1313,7 +1312,7 @@ sign_and_send_pubkey(struct ssh *ssh, Identity *id) SSH_FP_DEFAULT)) == NULL) return 0; - debug3("%s: %s %s", __func__, sshkey_type(id->key), fp); + debug3_f("%s %s", sshkey_type(id->key), fp); /* * If the key is an certificate, try to find a matching private key @@ -1350,12 +1349,12 @@ sign_and_send_pubkey(struct ssh *ssh, Identity *id) } } if (sign_id != NULL) { - debug2("%s: using private key \"%s\"%s for " - "certificate", __func__, id->filename, + debug2_f("using private key \"%s\"%s for " + "certificate", id->filename, id->agent_fd != -1 ? " from agent" : ""); } else { - debug("%s: no separate private key for certificate " - "\"%s\"", __func__, id->filename); + debug_f("no separate private key for certificate " + "\"%s\"", id->filename); } } @@ -1373,26 +1372,22 @@ sign_and_send_pubkey(struct ssh *ssh, Identity *id) signature = NULL; if ((alg = key_sig_algorithm(fallback_sigtype ? NULL : ssh, id->key)) == NULL) { - error("%s: no mutual signature supported", __func__); + error_f("no mutual signature supported"); goto out; } - debug3("%s: signing using %s %s", __func__, alg, fp); + debug3_f("signing using %s %s", alg, fp); sshbuf_free(b); if ((b = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); if (datafellows & SSH_OLD_SESSIONID) { if ((r = sshbuf_put(b, session_id2, - session_id2_len)) != 0) { - fatal("%s: sshbuf_put: %s", - __func__, ssh_err(r)); - } + session_id2_len)) != 0) + fatal_fr(r, "sshbuf_put"); } else { if ((r = sshbuf_put_string(b, session_id2, - session_id2_len)) != 0) { - fatal("%s: sshbuf_put_string: %s", - __func__, ssh_err(r)); - } + session_id2_len)) != 0) + fatal_fr(r, "sshbuf_put_string"); } skip = sshbuf_len(b); if ((r = sshbuf_put_u8(b, SSH2_MSG_USERAUTH_REQUEST)) != 0 || @@ -1402,8 +1397,7 @@ sign_and_send_pubkey(struct ssh *ssh, Identity *id) (r = sshbuf_put_u8(b, 1)) != 0 || (r = sshbuf_put_cstring(b, alg)) != 0 || (r = sshkey_puts(id->key, b)) != 0) { - fatal("%s: assemble signed data: %s", - __func__, ssh_err(r)); + fatal_fr(r, "assemble signed data"); } /* generate signature */ @@ -1423,30 +1417,30 @@ sign_and_send_pubkey(struct ssh *ssh, Identity *id) loc, sshkey_type(id->key), fp); continue; } - error("%s: signing failed for %s \"%s\"%s: %s", __func__, + error_fr(r, "signing failed for %s \"%s\"%s", sshkey_type(sign_id->key), sign_id->filename, - id->agent_fd != -1 ? " from agent" : "", ssh_err(r)); + id->agent_fd != -1 ? " from agent" : ""); goto out; } if (slen == 0 || signature == NULL) /* shouldn't happen */ - fatal("%s: no signature", __func__); + fatal_f("no signature"); /* append signature */ if ((r = sshbuf_put_string(b, signature, slen)) != 0) - fatal("%s: append signature: %s", __func__, ssh_err(r)); + fatal_fr(r, "append signature"); #ifdef DEBUG_PK sshbuf_dump(b, stderr); #endif /* skip session id and packet type */ if ((r = sshbuf_consume(b, skip + 1)) != 0) - fatal("%s: consume: %s", __func__, ssh_err(r)); + fatal_fr(r, "consume"); /* put remaining data from buffer into packet */ if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_REQUEST)) != 0 || (r = sshpkt_putb(ssh, b)) != 0 || (r = sshpkt_send(ssh)) != 0) - fatal("%s: enqueue request: %s", __func__, ssh_err(r)); + fatal_fr(r, "enqueue request"); /* success */ sent = 1; @@ -1470,13 +1464,13 @@ send_pubkey_test(struct ssh *ssh, Identity *id) int sent = 0, r; if ((alg = key_sig_algorithm(ssh, id->key)) == NULL) { - debug("%s: no mutual signature algorithm", __func__); + debug_f("no mutual signature algorithm"); goto out; } if ((r = sshkey_to_blob(id->key, &blob, &bloblen)) != 0) { /* we cannot handle this key */ - debug3("%s: cannot handle key", __func__); + debug3_f("cannot handle key"); goto out; } /* register callback for USERAUTH_PK_OK message */ @@ -1490,7 +1484,7 @@ send_pubkey_test(struct ssh *ssh, Identity *id) (r = sshpkt_put_cstring(ssh, alg)) != 0 || (r = sshpkt_put_string(ssh, blob, bloblen)) != 0 || (r = sshpkt_send(ssh)) != 0) - fatal("%s: %s", __func__, ssh_err(r)); + fatal_fr(r, "send packet"); sent = 1; out: @@ -1540,14 +1534,13 @@ load_identity_file(Identity *id) break; case SSH_ERR_SYSTEM_ERROR: if (errno == ENOENT) { - debug2("Load key \"%s\": %s", - id->filename, ssh_err(r)); + debug2_r(r, "Load key \"%s\"", id->filename); quit = 1; break; } /* FALLTHROUGH */ default: - error("Load key \"%s\": %s", id->filename, ssh_err(r)); + error_r(r, "Load key \"%s\"", id->filename); quit = 1; break; } @@ -1631,15 +1624,14 @@ pubkey_prepare(Authctxt *authctxt) key = options.identity_keys[i]; if (key && key->cert && key->cert->type != SSH2_CERT_TYPE_USER) { - debug("%s: ignoring certificate %s: not a user " - "certificate", __func__, - options.identity_files[i]); + debug_f("ignoring certificate %s: not a user " + "certificate", options.identity_files[i]); continue; } if (key && sshkey_is_sk(key) && options.sk_provider == NULL) { - debug("%s: ignoring authenticator-hosted key %s as no " + debug_f("ignoring authenticator-hosted key %s as no " "SecurityKeyProvider has been specified", - __func__, options.identity_files[i]); + options.identity_files[i]); continue; } options.identity_keys[i] = NULL; @@ -1655,16 +1647,15 @@ pubkey_prepare(Authctxt *authctxt) key = options.certificates[i]; if (!sshkey_is_cert(key) || key->cert == NULL || key->cert->type != SSH2_CERT_TYPE_USER) { - debug("%s: ignoring certificate %s: not a user " - "certificate", __func__, - options.identity_files[i]); + debug_f("ignoring certificate %s: not a user " + "certificate", options.identity_files[i]); continue; } if (key && sshkey_is_sk(key) && options.sk_provider == NULL) { - debug("%s: ignoring authenticator-hosted key " + debug_f("ignoring authenticator-hosted key " "certificate %s as no " "SecurityKeyProvider has been specified", - __func__, options.identity_files[i]); + options.identity_files[i]); continue; } id = xcalloc(1, sizeof(*id)); @@ -1677,12 +1668,10 @@ pubkey_prepare(Authctxt *authctxt) /* list of keys supported by the agent */ if ((r = ssh_get_authentication_socket(&agent_fd)) != 0) { if (r != SSH_ERR_AGENT_NOT_PRESENT) - debug("%s: ssh_get_authentication_socket: %s", - __func__, ssh_err(r)); + debug_fr(r, "ssh_get_authentication_socket"); } else if ((r = ssh_fetch_identitylist(agent_fd, &idlist)) != 0) { if (r != SSH_ERR_AGENT_NO_IDENTITIES) - debug("%s: ssh_fetch_identitylist: %s", - __func__, ssh_err(r)); + debug_fr(r, "ssh_fetch_identitylist"); close(agent_fd); } else { for (j = 0; j < idlist->nkeys; j++) { @@ -1759,7 +1748,7 @@ pubkey_prepare(Authctxt *authctxt) debug("Will attempt key: %s", ident); free(ident); } - debug2("%s: done", __func__); + debug2_f("done"); } static void @@ -1876,7 +1865,7 @@ userauth_kbdint(struct ssh *ssh) (r = sshpkt_put_cstring(ssh, options.kbd_interactive_devices ? options.kbd_interactive_devices : "")) != 0 || (r = sshpkt_send(ssh)) != 0) - fatal("%s: %s", __func__, ssh_err(r)); + fatal_fr(r, "send packet"); ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_INFO_REQUEST, &input_userauth_info_req); return 1; @@ -1966,46 +1955,46 @@ ssh_keysign(struct ssh *ssh, struct sshkey *key, u_char **sigp, size_t *lenp, *lenp = 0; if (stat(_PATH_SSH_KEY_SIGN, &st) == -1) { - error("%s: not installed: %s", __func__, strerror(errno)); + error_f("not installed: %s", strerror(errno)); return -1; } if (fflush(stdout) != 0) { - error("%s: fflush: %s", __func__, strerror(errno)); + error_f("fflush: %s", strerror(errno)); return -1; } if (pipe(to) == -1) { - error("%s: pipe: %s", __func__, strerror(errno)); + error_f("pipe: %s", strerror(errno)); return -1; } if (pipe(from) == -1) { - error("%s: pipe: %s", __func__, strerror(errno)); + error_f("pipe: %s", strerror(errno)); return -1; } if ((pid = fork()) == -1) { - error("%s: fork: %s", __func__, strerror(errno)); + error_f("fork: %s", strerror(errno)); return -1; } osigchld = ssh_signal(SIGCHLD, SIG_DFL); if (pid == 0) { close(from[0]); if (dup2(from[1], STDOUT_FILENO) == -1) - fatal("%s: dup2: %s", __func__, strerror(errno)); + fatal_f("dup2: %s", strerror(errno)); close(to[1]); if (dup2(to[0], STDIN_FILENO) == -1) - fatal("%s: dup2: %s", __func__, strerror(errno)); + fatal_f("dup2: %s", strerror(errno)); close(from[1]); close(to[0]); if (dup2(sock, STDERR_FILENO + 1) == -1) - fatal("%s: dup2: %s", __func__, strerror(errno)); + fatal_f("dup2: %s", strerror(errno)); sock = STDERR_FILENO + 1; fcntl(sock, F_SETFD, 0); /* keep the socket on exec */ closefrom(sock + 1); - debug3("%s: [child] pid=%ld, exec %s", - __func__, (long)getpid(), _PATH_SSH_KEY_SIGN); + debug3_f("[child] pid=%ld, exec %s", + (long)getpid(), _PATH_SSH_KEY_SIGN); execl(_PATH_SSH_KEY_SIGN, _PATH_SSH_KEY_SIGN, (char *)NULL); - fatal("%s: exec(%s): %s", __func__, _PATH_SSH_KEY_SIGN, + fatal_f("exec(%s): %s", _PATH_SSH_KEY_SIGN, strerror(errno)); } close(from[1]); @@ -2013,49 +2002,47 @@ ssh_keysign(struct ssh *ssh, struct sshkey *key, u_char **sigp, size_t *lenp, sock = STDERR_FILENO + 1; if ((b = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); /* send # of sock, data to be signed */ if ((r = sshbuf_put_u32(b, sock)) != 0 || (r = sshbuf_put_string(b, data, datalen)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "buffer error"); if (ssh_msg_send(to[1], version, b) == -1) - fatal("%s: couldn't send request", __func__); + fatal_f("couldn't send request"); sshbuf_reset(b); r = ssh_msg_recv(from[0], b); close(from[0]); close(to[1]); if (r < 0) { - error("%s: no reply", __func__); + error_f("no reply"); goto fail; } errno = 0; while (waitpid(pid, &status, 0) == -1) { if (errno != EINTR) { - error("%s: waitpid %ld: %s", - __func__, (long)pid, strerror(errno)); + error_f("waitpid %ld: %s", (long)pid, strerror(errno)); goto fail; } } if (!WIFEXITED(status)) { - error("%s: exited abnormally", __func__); + error_f("exited abnormally"); goto fail; } if (WEXITSTATUS(status) != 0) { - error("%s: exited with status %d", - __func__, WEXITSTATUS(status)); + error_f("exited with status %d", WEXITSTATUS(status)); goto fail; } if ((r = sshbuf_get_u8(b, &rversion)) != 0) { - error("%s: buffer error: %s", __func__, ssh_err(r)); + error_fr(r, "buffer error"); goto fail; } if (rversion != version) { - error("%s: bad version", __func__); + error_f("bad version"); goto fail; } if ((r = sshbuf_get_string(b, sigp, lenp)) != 0) { - error("%s: buffer error: %s", __func__, ssh_err(r)); + error_fr(r, "buffer error"); fail: ssh_signal(SIGCHLD, osigchld); sshbuf_free(b); @@ -2093,8 +2080,7 @@ userauth_hostbased(struct ssh *ssh) if (authctxt->active_ktype == NULL || *authctxt->active_ktype == '\0') break; - debug3("%s: trying key type %s", __func__, - authctxt->active_ktype); + debug3_f("trying key type %s", authctxt->active_ktype); /* check for a useful key */ private = NULL; @@ -2127,30 +2113,29 @@ userauth_hostbased(struct ssh *ssh) if ((fp = sshkey_fingerprint(private, options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) { - error("%s: sshkey_fingerprint failed", __func__); + error_f("sshkey_fingerprint failed"); goto out; } - debug("%s: trying hostkey %s %s", - __func__, sshkey_ssh_name(private), fp); + debug_f("trying hostkey %s %s", sshkey_ssh_name(private), fp); /* figure out a name for the client host */ lname = get_local_name(ssh_packet_get_connection_in(ssh)); if (lname == NULL) { - error("%s: cannot get local ipaddr/name", __func__); + error_f("cannot get local ipaddr/name"); goto out; } /* XXX sshbuf_put_stringf? */ xasprintf(&chost, "%s.", lname); - debug2("%s: chost %s", __func__, chost); + debug2_f("chost %s", chost); /* construct data */ if ((b = sshbuf_new()) == NULL) { - error("%s: sshbuf_new failed", __func__); + error_f("sshbuf_new failed"); goto out; } if ((r = sshkey_to_blob(private, &keyblob, &keylen)) != 0) { - error("%s: sshkey_to_blob: %s", __func__, ssh_err(r)); + error_fr(r, "sshkey_to_blob"); goto out; } if ((r = sshbuf_put_string(b, session_id2, session_id2_len)) != 0 || @@ -2162,7 +2147,7 @@ userauth_hostbased(struct ssh *ssh) (r = sshbuf_put_string(b, keyblob, keylen)) != 0 || (r = sshbuf_put_cstring(b, chost)) != 0 || (r = sshbuf_put_cstring(b, authctxt->local_user)) != 0) { - error("%s: buffer error: %s", __func__, ssh_err(r)); + error_fr(r, "buffer error"); goto out; } @@ -2185,7 +2170,7 @@ userauth_hostbased(struct ssh *ssh) (r = sshpkt_put_cstring(ssh, authctxt->local_user)) != 0 || (r = sshpkt_put_string(ssh, sig, siglen)) != 0 || (r = sshpkt_send(ssh)) != 0) { - error("%s: packet error: %s", __func__, ssh_err(r)); + error_fr(r, "packet error"); goto out; } success = 1; @@ -2294,17 +2279,16 @@ authmethods_get(void) int r; if ((b = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); for (method = authmethods; method->name != NULL; method++) { if (authmethod_is_enabled(method)) { if ((r = sshbuf_putf(b, "%s%s", sshbuf_len(b) ? "," : "", method->name)) != 0) - fatal("%s: buffer error: %s", - __func__, ssh_err(r)); + fatal_fr(r, "buffer error"); } } if ((list = sshbuf_dup_string(b)) == NULL) - fatal("%s: sshbuf_dup_string failed", __func__); + fatal_f("sshbuf_dup_string failed"); sshbuf_free(b); return list; } diff --git a/usr.bin/ssh/sshd.c b/usr.bin/ssh/sshd.c index 52e7662f0b5..6003bd42710 100644 --- a/usr.bin/ssh/sshd.c +++ b/usr.bin/ssh/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.563 2020/10/16 13:26:13 djm Exp $ */ +/* $OpenBSD: sshd.c,v 1.564 2020/10/18 11:32:02 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -387,9 +387,8 @@ demote_sensitive_data(void) if (sensitive_data.host_keys[i]) { if ((r = sshkey_from_private( sensitive_data.host_keys[i], &tmp)) != 0) - fatal("could not demote host %s key: %s", - sshkey_type(sensitive_data.host_keys[i]), - ssh_err(r)); + fatal_r(r, "could not demote host %s key", + sshkey_type(sensitive_data.host_keys[i])); sshkey_free(sensitive_data.host_keys[i]); sensitive_data.host_keys[i] = tmp; } @@ -467,8 +466,7 @@ privsep_preauth(struct ssh *ssh) if (have_agent) { r = ssh_get_authentication_socket(&auth_sock); if (r != 0) { - error("Could not get agent socket: %s", - ssh_err(r)); + error_r(r, "Could not get agent socket"); have_agent = 0; } } @@ -481,17 +479,17 @@ privsep_preauth(struct ssh *ssh) if (errno == EINTR) continue; pmonitor->m_pid = -1; - fatal("%s: waitpid: %s", __func__, strerror(errno)); + fatal_f("waitpid: %s", strerror(errno)); } privsep_is_preauth = 0; pmonitor->m_pid = -1; if (WIFEXITED(status)) { if (WEXITSTATUS(status) != 0) - fatal("%s: preauth child exited with status %d", - __func__, WEXITSTATUS(status)); + fatal_f("preauth child exited with status %d", + WEXITSTATUS(status)); } else if (WIFSIGNALED(status)) - fatal("%s: preauth child terminated by signal %d", - __func__, WTERMSIG(status)); + fatal_f("preauth child terminated by signal %d", + WTERMSIG(status)); if (box != NULL) ssh_sandbox_parent_finish(box); return 1; @@ -565,12 +563,11 @@ append_hostkey_type(struct sshbuf *b, const char *s) int r; if (match_pattern_list(s, options.hostkeyalgorithms, 0) != 1) { - debug3("%s: %s key not permitted by HostkeyAlgorithms", - __func__, s); + debug3_f("%s key not permitted by HostkeyAlgorithms", s); return; } if ((r = sshbuf_putf(b, "%s%s", sshbuf_len(b) > 0 ? "," : "", s)) != 0) - fatal("%s: sshbuf_putf: %s", __func__, ssh_err(r)); + fatal_fr(r, "sshbuf_putf"); } static char * @@ -582,7 +579,7 @@ list_hostkey_types(void) u_int i; if ((b = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); for (i = 0; i < options.num_host_key_files; i++) { key = sensitive_data.host_keys[i]; if (key == NULL) @@ -627,9 +624,9 @@ list_hostkey_types(void) } } if ((ret = sshbuf_dup_string(b)) == NULL) - fatal("%s: sshbuf_dup_string failed", __func__); + fatal_f("sshbuf_dup_string failed"); sshbuf_free(b); - debug("%s: %s", __func__, ret); + debug_f("%s", ret); return ret; } @@ -743,7 +740,7 @@ notify_hostkeys(struct ssh *ssh) return; if ((buf = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new", __func__); + fatal_f("sshbuf_new"); for (i = nkeys = 0; i < options.num_host_key_files; i++) { key = get_hostkey_public_by_index(i, ssh); if (key == NULL || key->type == KEY_UNSPEC || @@ -751,8 +748,7 @@ notify_hostkeys(struct ssh *ssh) continue; fp = sshkey_fingerprint(key, options.fingerprint_hash, SSH_FP_DEFAULT); - debug3("%s: key %d: %s %s", __func__, i, - sshkey_ssh_name(key), fp); + debug3_f("key %d: %s %s", i, sshkey_ssh_name(key), fp); free(fp); if (nkeys == 0) { /* @@ -767,15 +763,14 @@ notify_hostkeys(struct ssh *ssh) /* Append the key to the request */ sshbuf_reset(buf); if ((r = sshkey_putb(key, buf)) != 0) - fatal("%s: couldn't put hostkey %d: %s", - __func__, i, ssh_err(r)); + fatal_fr(r, "couldn't put hostkey %d", i); if ((r = sshpkt_put_stringb(ssh, buf)) != 0) sshpkt_fatal(ssh, r, "%s: append key", __func__); nkeys++; } - debug3("%s: sent %u hostkeys", __func__, nkeys); + debug3_f("sent %u hostkeys", nkeys); if (nkeys == 0) - fatal("%s: no hostkeys", __func__); + fatal_f("no hostkeys"); if ((r = sshpkt_send(ssh)) != 0) sshpkt_fatal(ssh, r, "%s: send", __func__); sshbuf_free(buf); @@ -805,7 +800,7 @@ should_drop_connection(int startups) p += options.max_startups_rate; r = arc4random_uniform(100); - debug("%s: p %d, r %d", __func__, p, r); + debug_f("p %d, r %d", p, r); return (r < p) ? 1 : 0; } @@ -893,18 +888,18 @@ send_rexec_state(int fd, struct sshbuf *conf) struct include_item *item = NULL; int r; - debug3("%s: entering fd = %d config len %zu", __func__, fd, + debug3_f("entering fd = %d config len %zu", fd, sshbuf_len(conf)); if ((m = sshbuf_new()) == NULL || (inc = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); /* pack includes into a string */ TAILQ_FOREACH(item, &includes, entry) { if ((r = sshbuf_put_cstring(inc, item->selector)) != 0 || (r = sshbuf_put_cstring(inc, item->filename)) != 0 || (r = sshbuf_put_stringb(inc, item->contents)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "compose includes"); } /* @@ -918,14 +913,14 @@ send_rexec_state(int fd, struct sshbuf *conf) */ if ((r = sshbuf_put_stringb(m, conf)) != 0 || (r = sshbuf_put_stringb(m, inc)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "compose config"); if (ssh_msg_send(fd, 0, m) == -1) - error("%s: ssh_msg_send failed", __func__); + error_f("ssh_msg_send failed"); sshbuf_free(m); sshbuf_free(inc); - debug3("%s: done", __func__); + debug3_f("done"); } static void @@ -937,38 +932,38 @@ recv_rexec_state(int fd, struct sshbuf *conf) int r; struct include_item *item; - debug3("%s: entering fd = %d", __func__, fd); + debug3_f("entering fd = %d", fd); if ((m = sshbuf_new()) == NULL || (inc = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); if (ssh_msg_recv(fd, m) == -1) - fatal("%s: ssh_msg_recv failed", __func__); + fatal_f("ssh_msg_recv failed"); if ((r = sshbuf_get_u8(m, &ver)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse version"); if (ver != 0) - fatal("%s: rexec version mismatch", __func__); + fatal_f("rexec version mismatch"); if ((r = sshbuf_get_string(m, &cp, &len)) != 0 || (r = sshbuf_get_stringb(m, inc)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse config"); if (conf != NULL && (r = sshbuf_put(conf, cp, len))) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "sshbuf_put"); while (sshbuf_len(inc) != 0) { item = xcalloc(1, sizeof(*item)); if ((item->contents = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); if ((r = sshbuf_get_cstring(inc, &item->selector, NULL)) != 0 || (r = sshbuf_get_cstring(inc, &item->filename, NULL)) != 0 || (r = sshbuf_get_stringb(inc, item->contents)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse includes"); TAILQ_INSERT_TAIL(&includes, item, entry); } free(cp); sshbuf_free(m); - debug3("%s: done", __func__); + debug3_f("done"); } /* Accept a connection from inetd */ @@ -988,7 +983,7 @@ server_accept_inetd(int *sock_in, int *sock_out) * ttyfd happens to be one of those. */ if (stdfd_devnull(1, 1, !log_stderr) == -1) - error("%s: stdfd_devnull failed", __func__); + error_f("stdfd_devnull failed"); debug("inetd sockets after dupping: %d, %d", *sock_in, *sock_out); } @@ -1165,9 +1160,9 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) if (errno == EINTR || errno == EAGAIN) continue; if (errno != EPIPE) { - error("%s: startup pipe %d (fd=%d): " - "read %s", __func__, i, - startup_pipes[i], strerror(errno)); + error_f("startup pipe %d (fd=%d): " + "read %s", i, startup_pipes[i], + strerror(errno)); } /* FALLTHROUGH */ case 0: @@ -1374,7 +1369,7 @@ set_process_rdomain(struct ssh *ssh, const char *name) if (rtable != ortable && setrtable(rtable) != 0) fatal("Unable to set routing domain %d: %s", rtable, strerror(errno)); - debug("%s: set routing domain %d (was %d)", __func__, rtable, ortable); + debug_f("set routing domain %d (was %d)", rtable, ortable); } static void @@ -1388,16 +1383,16 @@ accumulate_host_timing_secret(struct sshbuf *server_cfg, int r; if (ctx == NULL && (ctx = ssh_digest_start(SSH_DIGEST_SHA512)) == NULL) - fatal("%s: ssh_digest_start", __func__); + fatal_f("ssh_digest_start"); if (key == NULL) { /* finalize */ /* add server config in case we are using agent for host keys */ if (ssh_digest_update(ctx, sshbuf_ptr(server_cfg), sshbuf_len(server_cfg)) != 0) - fatal("%s: ssh_digest_update", __func__); + fatal_f("ssh_digest_update"); len = ssh_digest_bytes(SSH_DIGEST_SHA512); hash = xmalloc(len); if (ssh_digest_final(ctx, hash, len) != 0) - fatal("%s: ssh_digest_final", __func__); + fatal_f("ssh_digest_final"); options.timing_secret = PEEK_U64(hash); freezero(hash, len); ssh_digest_free(ctx); @@ -1405,11 +1400,11 @@ accumulate_host_timing_secret(struct sshbuf *server_cfg, return; } if ((buf = sshbuf_new()) == NULL) - fatal("%s could not allocate buffer", __func__); + fatal_f("could not allocate buffer"); if ((r = sshkey_private_serialize(key, buf)) != 0) - fatal("sshkey_private_serialize: %s", ssh_err(r)); + fatal_fr(r, "decode key"); if (ssh_digest_update(ctx, sshbuf_ptr(buf), sshbuf_len(buf)) != 0) - fatal("%s: ssh_digest_update", __func__); + fatal_f("ssh_digest_update"); sshbuf_reset(buf); sshbuf_free(buf); } @@ -1606,7 +1601,7 @@ main(int ac, char **av) /* Fetch our configuration */ if ((cfg = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); if (rexeced_flag) { setproctitle("%s", "[rexeced]"); recv_rexec_state(REEXEC_CONFIG_PASS_FD, cfg); @@ -1688,8 +1683,8 @@ main(int ac, char **av) if ((r = ssh_get_authentication_socket(NULL)) == 0) have_agent = 1; else - error("Could not connect to agent \"%s\": %s", - options.host_key_agent, ssh_err(r)); + error_r(r, "Could not connect to agent \"%s\"", + options.host_key_agent); } for (i = 0; i < options.num_host_key_files; i++) { @@ -1700,8 +1695,8 @@ main(int ac, char **av) continue; if ((r = sshkey_load_private(options.host_key_files[i], "", &key, NULL)) != 0 && r != SSH_ERR_SYSTEM_ERROR) - do_log2(ll, "Unable to load host key \"%s\": %s", - options.host_key_files[i], ssh_err(r)); + do_log2_r(r, ll, "Unable to load host key \"%s\"", + options.host_key_files[i]); if (sshkey_is_sk(key) && key->sk_flags & SSH_SK_USER_PRESENCE_REQD) { debug("host key %s requires user presence, ignoring", @@ -1710,15 +1705,15 @@ main(int ac, char **av) } if (r == 0 && key != NULL && (r = sshkey_shield_private(key)) != 0) { - do_log2(ll, "Unable to shield host key \"%s\": %s", - options.host_key_files[i], ssh_err(r)); + do_log2_r(r, ll, "Unable to shield host key \"%s\"", + options.host_key_files[i]); sshkey_free(key); key = NULL; } if ((r = sshkey_load_public(options.host_key_files[i], &pubkey, NULL)) != 0 && r != SSH_ERR_SYSTEM_ERROR) - do_log2(ll, "Unable to load host key \"%s\": %s", - options.host_key_files[i], ssh_err(r)); + do_log2_r(r, ll, "Unable to load host key \"%s\"", + options.host_key_files[i]); if (pubkey != NULL && key != NULL) { if (!sshkey_equal(pubkey, key)) { error("Public key for %s does not match " @@ -1729,8 +1724,8 @@ main(int ac, char **av) } if (pubkey == NULL && key != NULL) { if ((r = sshkey_from_private(key, &pubkey)) != 0) - fatal("Could not demote key: \"%s\": %s", - options.host_key_files[i], ssh_err(r)); + fatal_r(r, "Could not demote key: \"%s\"", + options.host_key_files[i]); } sensitive_data.host_keys[i] = key; sensitive_data.host_pubkeys[i] = pubkey; @@ -1789,8 +1784,8 @@ main(int ac, char **av) continue; if ((r = sshkey_load_public(options.host_cert_files[i], &key, NULL)) != 0) { - error("Could not load host certificate \"%s\": %s", - options.host_cert_files[i], ssh_err(r)); + error_r(r, "Could not load host certificate \"%s\"", + options.host_cert_files[i]); continue; } if (!sshkey_is_cert(key)) { @@ -1971,7 +1966,7 @@ main(int ac, char **av) close(REEXEC_CONFIG_PASS_FD); newsock = sock_out = sock_in = dup(STDIN_FILENO); if (stdfd_devnull(1, 1, 0) == -1) - error("%s: stdfd_devnull failed", __func__); + error_f("stdfd_devnull failed"); debug("rexec cleanup in %d out %d newsock %d pipe %d sock %d", sock_in, sock_out, newsock, startup_pipe, config_s[0]); } @@ -2062,7 +2057,7 @@ main(int ac, char **av) /* prepare buffer to collect messages to display to user after login */ if ((loginmsg = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); auth_debug_reset(); if (use_privsep) { @@ -2070,7 +2065,7 @@ main(int ac, char **av) goto authenticated; } else if (have_agent) { if ((r = ssh_get_authentication_socket(&auth_sock)) != 0) { - error("Unable to get agent socket: %s", ssh_err(r)); + error_r(r, "Unable to get agent socket"); have_agent = 0; } } @@ -2150,24 +2145,23 @@ sshd_hostkey_sign(struct ssh *ssh, struct sshkey *privkey, if (mm_sshkey_sign(ssh, privkey, signature, slenp, data, dlen, alg, options.sk_provider, NULL, ssh->compat) < 0) - fatal("%s: privkey sign failed", __func__); + fatal_f("privkey sign failed"); } else { if (mm_sshkey_sign(ssh, pubkey, signature, slenp, data, dlen, alg, options.sk_provider, NULL, ssh->compat) < 0) - fatal("%s: pubkey sign failed", __func__); + fatal_f("pubkey sign failed"); } } else { if (privkey) { if (sshkey_sign(privkey, signature, slenp, data, dlen, alg, options.sk_provider, NULL, ssh->compat) < 0) - fatal("%s: privkey sign failed", __func__); + fatal_f("privkey sign failed"); } else { if ((r = ssh_agent_sign(auth_sock, pubkey, signature, slenp, data, dlen, alg, ssh->compat)) != 0) { - fatal("%s: agent sign failed: %s", - __func__, ssh_err(r)); + fatal_fr(r, "agent sign failed"); } } } @@ -2205,7 +2199,7 @@ do_ssh2_kex(struct ssh *ssh) /* start key exchange */ if ((r = kex_setup(ssh, myproposal)) != 0) - fatal("kex_setup: %s", ssh_err(r)); + fatal_r(r, "kex_setup"); kex = ssh->kex; #ifdef WITH_OPENSSL kex->kex[KEX_DH_GRP1_SHA1] = kex_gen_server; @@ -2235,7 +2229,7 @@ do_ssh2_kex(struct ssh *ssh) (r = sshpkt_put_cstring(ssh, "markus")) != 0 || (r = sshpkt_send(ssh)) != 0 || (r = ssh_packet_write_wait(ssh)) != 0) - fatal("%s: send test: %s", __func__, ssh_err(r)); + fatal_fr(r, "send test"); #endif debug("KEX done"); } @@ -2250,9 +2244,10 @@ cleanup_exit(int i) pmonitor != NULL && pmonitor->m_pid > 1) { debug("Killing privsep child %d", pmonitor->m_pid); if (kill(pmonitor->m_pid, SIGKILL) != 0 && - errno != ESRCH) - error("%s: kill(%d): %s", __func__, - pmonitor->m_pid, strerror(errno)); + errno != ESRCH) { + error_f("kill(%d): %s", pmonitor->m_pid, + strerror(errno)); + } } } _exit(i); diff --git a/usr.bin/ssh/sshlogin.c b/usr.bin/ssh/sshlogin.c index f5ba180ca15..3ff85a85cfc 100644 --- a/usr.bin/ssh/sshlogin.c +++ b/usr.bin/ssh/sshlogin.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshlogin.c,v 1.34 2019/06/28 13:35:04 deraadt Exp $ */ +/* $OpenBSD: sshlogin.c,v 1.35 2020/10/18 11:32:02 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -87,12 +87,12 @@ get_last_login_time(uid_t uid, const char *logname, pos = (off_t)uid * sizeof(ll); r = lseek(fd, pos, SEEK_SET); if (r == -1) { - error("%s: lseek: %s", __func__, strerror(errno)); + error_f("lseek: %s", strerror(errno)); close(fd); return (0); } if (r != pos) { - debug("%s: truncated lastlog", __func__); + debug_f("truncated lastlog"); close(fd); return (0); } @@ -135,7 +135,7 @@ store_lastlog_message(const char *user, uid_t uid) r = sshbuf_putf(loginmsg, "Last login: %s from %s\r\n", time_string, hostname); if (r != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "sshbuf_putf"); } } diff --git a/usr.bin/ssh/sshsig.c b/usr.bin/ssh/sshsig.c index 6931d71cbc4..8371c60a712 100644 --- a/usr.bin/ssh/sshsig.c +++ b/usr.bin/ssh/sshsig.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshsig.c,v 1.17 2020/08/31 00:17:41 djm Exp $ */ +/* $OpenBSD: sshsig.c,v 1.18 2020/10/18 11:32:02 djm Exp $ */ /* * Copyright (c) 2019 Google LLC * @@ -52,27 +52,26 @@ sshsig_armor(const struct sshbuf *blob, struct sshbuf **out) *out = NULL; if ((buf = sshbuf_new()) == NULL) { - error("%s: sshbuf_new failed", __func__); + error_f("sshbuf_new failed"); r = SSH_ERR_ALLOC_FAIL; goto out; } if ((r = sshbuf_put(buf, BEGIN_SIGNATURE, sizeof(BEGIN_SIGNATURE)-1)) != 0) { - error("%s: sshbuf_putf failed: %s", __func__, ssh_err(r)); + error_fr(r, "sshbuf_putf"); goto out; } if ((r = sshbuf_dtob64(blob, buf, 1)) != 0) { - error("%s: Couldn't base64 encode signature blob: %s", - __func__, ssh_err(r)); + error_fr(r, "base64 encode signature"); goto out; } if ((r = sshbuf_put(buf, END_SIGNATURE, sizeof(END_SIGNATURE)-1)) != 0 || (r = sshbuf_put_u8(buf, '\n')) != 0) { - error("%s: sshbuf_put failed: %s", __func__, ssh_err(r)); + error_fr(r, "sshbuf_put"); goto out; } /* success */ @@ -94,7 +93,7 @@ sshsig_dearmor(struct sshbuf *sig, struct sshbuf **out) char *b64 = NULL; if ((sbuf = sshbuf_fromb(sig)) == NULL) { - error("%s: sshbuf_fromb failed", __func__); + error_f("sshbuf_fromb failed"); return SSH_ERR_ALLOC_FAIL; } @@ -105,7 +104,7 @@ sshsig_dearmor(struct sshbuf *sig, struct sshbuf **out) } if ((r = sshbuf_consume(sbuf, sizeof(BEGIN_SIGNATURE)-1)) != 0) { - error("%s: sshbuf_consume failed: %s", __func__, ssh_err(r)); + error_fr(r, "consume"); goto done; } @@ -116,24 +115,24 @@ sshsig_dearmor(struct sshbuf *sig, struct sshbuf **out) } if ((r = sshbuf_consume_end(sbuf, sshbuf_len(sbuf)-eoffset)) != 0) { - error("%s: sshbuf_consume failed: %s", __func__, ssh_err(r)); + error_fr(r, "consume"); goto done; } if ((b64 = sshbuf_dup_string(sbuf)) == NULL) { - error("%s: sshbuf_dup_string failed", __func__); + error_f("sshbuf_dup_string failed"); r = SSH_ERR_ALLOC_FAIL; goto done; } if ((buf = sshbuf_new()) == NULL) { - error("%s: sshbuf_new() failed", __func__); + error_f("sshbuf_new() failed"); r = SSH_ERR_ALLOC_FAIL; goto done; } if ((r = sshbuf_b64tod(buf, b64)) != 0) { - error("Couldn't decode signature: %s", ssh_err(r)); + error_fr(r, "decode base64"); goto done; } @@ -163,7 +162,7 @@ sshsig_wrap_sign(struct sshkey *key, const char *hashalg, if ((tosign = sshbuf_new()) == NULL || (blob = sshbuf_new()) == NULL) { - error("%s: sshbuf_new failed", __func__); + error_f("sshbuf_new failed"); r = SSH_ERR_ALLOC_FAIL; goto done; } @@ -173,7 +172,7 @@ sshsig_wrap_sign(struct sshkey *key, const char *hashalg, (r = sshbuf_put_string(tosign, NULL, 0)) != 0 || /* reserved */ (r = sshbuf_put_cstring(tosign, hashalg)) != 0 || (r = sshbuf_put_stringb(tosign, h_message)) != 0) { - error("Couldn't construct message to sign: %s", ssh_err(r)); + error_fr(r, "assemble message to sign"); goto done; } @@ -185,14 +184,14 @@ sshsig_wrap_sign(struct sshkey *key, const char *hashalg, if ((r = signer(key, &sig, &slen, sshbuf_ptr(tosign), sshbuf_len(tosign), sign_alg, sk_provider, sk_pin, 0, signer_ctx)) != 0) { - error("Couldn't sign message: %s", ssh_err(r)); + error_r(r, "Couldn't sign message (signer)"); goto done; } } else { if ((r = sshkey_sign(key, &sig, &slen, sshbuf_ptr(tosign), sshbuf_len(tosign), sign_alg, sk_provider, sk_pin, 0)) != 0) { - error("Couldn't sign message: %s", ssh_err(r)); + error_r(r, "Couldn't sign message"); goto done; } } @@ -204,7 +203,7 @@ sshsig_wrap_sign(struct sshkey *key, const char *hashalg, (r = sshbuf_put_string(blob, NULL, 0)) != 0 || /* reserved */ (r = sshbuf_put_cstring(blob, hashalg)) != 0 || (r = sshbuf_put_string(blob, sig, slen)) != 0) { - error("Couldn't populate blob: %s", ssh_err(r)); + error_fr(r, "assemble signature object"); goto done; } @@ -248,7 +247,7 @@ sshsig_check_hashalg(const char *hashalg) if (hashalg == NULL || match_pattern_list(hashalg, HASHALG_ALLOWED, 0) == 1) return 0; - error("%s: unsupported hash algorithm \"%.100s\"", __func__, hashalg); + error_f("unsupported hash algorithm \"%.100s\"", hashalg); return SSH_ERR_SIGN_ALG_UNSUPPORTED; } @@ -270,7 +269,7 @@ sshsig_peek_hashalg(struct sshbuf *signature, char **hashalgp) (r = sshbuf_get_string(buf, NULL, NULL)) != 0 || (r = sshbuf_get_cstring(buf, &hashalg, NULL)) != 0 || (r = sshbuf_get_string_direct(buf, NULL, NULL)) != 0) { - error("Couldn't parse signature blob: %s", ssh_err(r)); + error_fr(r, "parse signature object"); goto done; } @@ -296,14 +295,14 @@ sshsig_wrap_verify(struct sshbuf *signature, const char *hashalg, char *got_namespace = NULL, *sigtype = NULL, *sig_hashalg = NULL; size_t siglen; - debug("%s: verify message length %zu", __func__, sshbuf_len(h_message)); + debug_f("verify message length %zu", sshbuf_len(h_message)); if (sig_details != NULL) *sig_details = NULL; if (sign_keyp != NULL) *sign_keyp = NULL; if ((toverify = sshbuf_new()) == NULL) { - error("%s: sshbuf_new failed", __func__); + error_f("sshbuf_new failed"); r = SSH_ERR_ALLOC_FAIL; goto done; } @@ -313,7 +312,7 @@ sshsig_wrap_verify(struct sshbuf *signature, const char *hashalg, (r = sshbuf_put_string(toverify, NULL, 0)) != 0 || /* reserved */ (r = sshbuf_put_cstring(toverify, hashalg)) != 0 || (r = sshbuf_put_stringb(toverify, h_message)) != 0) { - error("Couldn't construct message to verify: %s", ssh_err(r)); + error_fr(r, "assemble message to verify"); goto done; } @@ -325,7 +324,7 @@ sshsig_wrap_verify(struct sshbuf *signature, const char *hashalg, (r = sshbuf_get_string(signature, NULL, NULL)) != 0 || (r = sshbuf_get_cstring(signature, &sig_hashalg, NULL)) != 0 || (r = sshbuf_get_string_direct(signature, &sig, &siglen)) != 0) { - error("Couldn't parse signature blob: %s", ssh_err(r)); + error_fr(r, "parse signature object"); goto done; } @@ -337,23 +336,23 @@ sshsig_wrap_verify(struct sshbuf *signature, const char *hashalg, if (strcmp(expect_namespace, got_namespace) != 0) { error("Couldn't verify signature: namespace does not match"); - debug("%s: expected namespace \"%s\" received \"%s\"", - __func__, expect_namespace, got_namespace); + debug_f("expected namespace \"%s\" received \"%s\"", + expect_namespace, got_namespace); r = SSH_ERR_SIGNATURE_INVALID; goto done; } if (strcmp(hashalg, sig_hashalg) != 0) { error("Couldn't verify signature: hash algorithm mismatch"); - debug("%s: expected algorithm \"%s\" received \"%s\"", - __func__, hashalg, sig_hashalg); + debug_f("expected algorithm \"%s\" received \"%s\"", + hashalg, sig_hashalg); r = SSH_ERR_SIGNATURE_INVALID; goto done; } /* Ensure that RSA keys use an acceptable signature algorithm */ if (sshkey_type_plain(key->type) == KEY_RSA) { if ((r = sshkey_get_sigtype(sig, siglen, &sigtype)) != 0) { - error("Couldn't verify signature: unable to get " - "signature type: %s", ssh_err(r)); + error_r(r, "Couldn't verify signature: unable to get " + "signature type"); goto done; } if (match_pattern_list(sigtype, RSA_SIGN_ALLOWED, 0) != 1) { @@ -365,7 +364,7 @@ sshsig_wrap_verify(struct sshbuf *signature, const char *hashalg, } if ((r = sshkey_verify(key, sig, siglen, sshbuf_ptr(toverify), sshbuf_len(toverify), NULL, 0, sig_details)) != 0) { - error("Signature verification failed: %s", ssh_err(r)); + error_r(r, "Signature verification failed"); goto done; } @@ -398,16 +397,15 @@ hash_buffer(const struct sshbuf *m, const char *hashalg, struct sshbuf **bp) if ((r = sshsig_check_hashalg(hashalg)) != 0) return r; if ((alg = ssh_digest_alg_by_name(hashalg)) == -1) { - error("%s: can't look up hash algorithm %s", - __func__, hashalg); + error_f("can't look up hash algorithm %s", hashalg); return SSH_ERR_INTERNAL_ERROR; } if ((r = ssh_digest_buffer(alg, m, hash, sizeof(hash))) != 0) { - error("%s: ssh_digest_buffer failed: %s", __func__, ssh_err(r)); + error_fr(r, "ssh_digest_buffer"); return r; } if ((hex = tohex(hash, ssh_digest_bytes(alg))) != NULL) { - debug3("%s: final hash: %s", __func__, hex); + debug3_f("final hash: %s", hex); freezero(hex, strlen(hex)); } if ((b = sshbuf_new()) == NULL) { @@ -415,7 +413,7 @@ hash_buffer(const struct sshbuf *m, const char *hashalg, struct sshbuf **bp) goto out; } if ((r = sshbuf_put(b, hash, ssh_digest_bytes(alg))) != 0) { - error("%s: sshbuf_put: %s", __func__, ssh_err(r)); + error_fr(r, "sshbuf_put"); goto out; } *bp = b; @@ -442,7 +440,7 @@ sshsig_signb(struct sshkey *key, const char *hashalg, if (out != NULL) *out = NULL; if ((r = hash_buffer(message, hashalg, &b)) != 0) { - error("%s: hash_buffer failed: %s", __func__, ssh_err(r)); + error_fr(r, "hash buffer"); goto out; } if ((r = sshsig_wrap_sign(key, hashalg, sk_provider, sk_pin, b, @@ -470,9 +468,9 @@ sshsig_verifyb(struct sshbuf *signature, const struct sshbuf *message, *sign_keyp = NULL; if ((r = sshsig_peek_hashalg(signature, &hashalg)) != 0) return r; - debug("%s: signature made with hash \"%s\"", __func__, hashalg); + debug_f("signature made with hash \"%s\"", hashalg); if ((r = hash_buffer(message, hashalg, &b)) != 0) { - error("%s: hash_buffer failed: %s", __func__, ssh_err(r)); + error_fr(r, "hash buffer"); goto out; } if ((r = sshsig_wrap_verify(signature, hashalg, b, expect_namespace, @@ -501,12 +499,11 @@ hash_file(int fd, const char *hashalg, struct sshbuf **bp) if ((r = sshsig_check_hashalg(hashalg)) != 0) return r; if ((alg = ssh_digest_alg_by_name(hashalg)) == -1) { - error("%s: can't look up hash algorithm %s", - __func__, hashalg); + error_f("can't look up hash algorithm %s", hashalg); return SSH_ERR_INTERNAL_ERROR; } if ((ctx = ssh_digest_start(alg)) == NULL) { - error("%s: ssh_digest_start failed", __func__); + error_f("ssh_digest_start failed"); return SSH_ERR_INTERNAL_ERROR; } for (;;) { @@ -514,28 +511,27 @@ hash_file(int fd, const char *hashalg, struct sshbuf **bp) if (errno == EINTR || errno == EAGAIN) continue; oerrno = errno; - error("%s: read: %s", __func__, strerror(errno)); + error_f("read: %s", strerror(errno)); ssh_digest_free(ctx); errno = oerrno; r = SSH_ERR_SYSTEM_ERROR; goto out; } else if (n == 0) { - debug2("%s: hashed %zu bytes", __func__, total); + debug2_f("hashed %zu bytes", total); break; /* EOF */ } total += (size_t)n; if ((r = ssh_digest_update(ctx, rbuf, (size_t)n)) != 0) { - error("%s: ssh_digest_update: %s", - __func__, ssh_err(r)); + error_fr(r, "ssh_digest_update"); goto out; } } if ((r = ssh_digest_final(ctx, hash, sizeof(hash))) != 0) { - error("%s: ssh_digest_final: %s", __func__, ssh_err(r)); + error_fr(r, "ssh_digest_final"); goto out; } if ((hex = tohex(hash, ssh_digest_bytes(alg))) != NULL) { - debug3("%s: final hash: %s", __func__, hex); + debug3_f("final hash: %s", hex); freezero(hex, strlen(hex)); } if ((b = sshbuf_new()) == NULL) { @@ -543,7 +539,7 @@ hash_file(int fd, const char *hashalg, struct sshbuf **bp) goto out; } if ((r = sshbuf_put(b, hash, ssh_digest_bytes(alg))) != 0) { - error("%s: sshbuf_put: %s", __func__, ssh_err(r)); + error_fr(r, "sshbuf_put"); goto out; } *bp = b; @@ -571,7 +567,7 @@ sshsig_sign_fd(struct sshkey *key, const char *hashalg, if (out != NULL) *out = NULL; if ((r = hash_file(fd, hashalg, &b)) != 0) { - error("%s: hash_file failed: %s", __func__, ssh_err(r)); + error_fr(r, "hash_file"); return r; } if ((r = sshsig_wrap_sign(key, hashalg, sk_provider, sk_pin, b, @@ -599,9 +595,9 @@ sshsig_verify_fd(struct sshbuf *signature, int fd, *sign_keyp = NULL; if ((r = sshsig_peek_hashalg(signature, &hashalg)) != 0) return r; - debug("%s: signature made with hash \"%s\"", __func__, hashalg); + debug_f("signature made with hash \"%s\"", hashalg); if ((r = hash_file(fd, hashalg, &b)) != 0) { - error("%s: hash_file failed: %s", __func__, ssh_err(r)); + error_fr(r, "hash_file"); goto out; } if ((r = sshsig_wrap_verify(signature, hashalg, b, expect_namespace, @@ -711,7 +707,7 @@ parse_principals_key_and_options(const char *path, u_long linenum, char *line, goto out; } if ((principals = strdup(tmp)) == NULL) { - error("%s: strdup failed", __func__); + error_f("strdup failed"); r = SSH_ERR_ALLOC_FAIL; goto out; } @@ -726,12 +722,12 @@ parse_principals_key_and_options(const char *path, u_long linenum, char *line, r = SSH_ERR_KEY_NOT_FOUND; goto out; } - debug("%s: %s:%lu: matched principal \"%s\"", - __func__, path, linenum, required_principal); + debug_f("%s:%lu: matched principal \"%s\"", + path, linenum, required_principal); } if ((key = sshkey_new(KEY_UNSPEC)) == NULL) { - error("%s: sshkey_new failed", __func__); + error_f("sshkey_new failed"); r = SSH_ERR_ALLOC_FAIL; goto out; } @@ -902,7 +898,7 @@ cert_filter_principals(const char *path, u_long linenum, } if ((r = sshbuf_putf(nprincipals, "%s%s", sshbuf_len(nprincipals) != 0 ? "," : "", cp)) != 0) { - error("%s: buffer error", __func__); + error_f("buffer error"); goto out; } } @@ -912,7 +908,7 @@ cert_filter_principals(const char *path, u_long linenum, goto out; } if ((principals = sshbuf_dup_string(nprincipals)) == NULL) { - error("%s: buffer error", __func__); + error_f("buffer error"); goto out; } /* success */ @@ -954,8 +950,8 @@ get_matching_principals_from_line(const char *path, u_long linenum, char *line, if ((r = cert_filter_principals(path, linenum, &principals, sign_key)) != 0) { /* error already displayed */ - debug("%s:%lu: cert_filter_principals: %s", - path, linenum, ssh_err(r)); + debug_r(r, "%s:%lu: cert_filter_principals", + path, linenum); goto done; } debug("%s:%lu: matched certificate CA key", path, linenum); diff --git a/usr.bin/ssh/ttymodes.c b/usr.bin/ssh/ttymodes.c index 53459622256..46dc5ce5bcc 100644 --- a/usr.bin/ssh/ttymodes.c +++ b/usr.bin/ssh/ttymodes.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ttymodes.c,v 1.34 2018/07/09 21:20:26 markus Exp $ */ +/* $OpenBSD: ttymodes.c,v 1.35 2020/10/18 11:32:02 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -255,11 +255,11 @@ ssh_tty_make_modes(struct ssh *ssh, int fd, struct termios *tiop) int r, ibaud, obaud; if ((buf = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal_f("sshbuf_new failed"); if (tiop == NULL) { if (fd == -1) { - debug("%s: no fd or tio", __func__); + debug_f("no fd or tio"); goto end; } if (tcgetattr(fd, &tio) == -1) { @@ -276,22 +276,22 @@ ssh_tty_make_modes(struct ssh *ssh, int fd, struct termios *tiop) (r = sshbuf_put_u32(buf, obaud)) != 0 || (r = sshbuf_put_u8(buf, TTY_OP_ISPEED)) != 0 || (r = sshbuf_put_u32(buf, ibaud)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal_fr(r, "compose"); /* Store values of mode flags. */ #define TTYCHAR(NAME, OP) \ if ((r = sshbuf_put_u8(buf, OP)) != 0 || \ (r = sshbuf_put_u32(buf, tio.c_cc[NAME])) != 0) \ - fatal("%s: buffer error: %s", __func__, ssh_err(r)); \ + fatal_fr(r, "compose %s", #NAME); #define SSH_TTYMODE_IUTF8 42 /* for SSH_BUG_UTF8TTYMODE */ #define TTYMODE(NAME, FIELD, OP) \ if (OP == SSH_TTYMODE_IUTF8 && (datafellows & SSH_BUG_UTF8TTYMODE)) { \ - debug3("%s: SSH_BUG_UTF8TTYMODE", __func__); \ + debug3_f("SSH_BUG_UTF8TTYMODE"); \ } else if ((r = sshbuf_put_u8(buf, OP)) != 0 || \ (r = sshbuf_put_u32(buf, ((tio.FIELD & NAME) != 0))) != 0) \ - fatal("%s: buffer error: %s", __func__, ssh_err(r)); \ + fatal_fr(r, "compose %s", #NAME); #include "ttymodes.h" @@ -302,7 +302,7 @@ end: /* Mark end of mode data. */ if ((r = sshbuf_put_u8(buf, TTY_OP_END)) != 0 || (r = sshpkt_put_stringb(ssh, buf)) != 0) - fatal("%s: packet error: %s", __func__, ssh_err(r)); + fatal_fr(r, "compose end"); sshbuf_free(buf); } @@ -322,11 +322,11 @@ ssh_tty_parse_modes(struct ssh *ssh, int fd) size_t len; if ((r = sshpkt_get_string_direct(ssh, &data, &len)) != 0) - fatal("%s: packet error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse"); if (len == 0) return; if ((buf = sshbuf_from(data, len)) == NULL) { - error("%s: sshbuf_from failed", __func__); + error_f("sshbuf_from failed"); return; } @@ -342,15 +342,14 @@ ssh_tty_parse_modes(struct ssh *ssh, int fd) while (sshbuf_len(buf) > 0) { if ((r = sshbuf_get_u8(buf, &opcode)) != 0) - fatal("%s: packet error: %s", __func__, ssh_err(r)); + fatal_fr(r, "parse opcode"); switch (opcode) { case TTY_OP_END: goto set; case TTY_OP_ISPEED: if ((r = sshbuf_get_u32(buf, &baud)) != 0) - fatal("%s: packet error: %s", - __func__, ssh_err(r)); + fatal_fr(r, "parse ispeed"); if (failure != -1 && cfsetispeed(&tio, baud_to_speed(baud)) == -1) error("cfsetispeed failed for %d", baud); @@ -358,8 +357,7 @@ ssh_tty_parse_modes(struct ssh *ssh, int fd) case TTY_OP_OSPEED: if ((r = sshbuf_get_u32(buf, &baud)) != 0) - fatal("%s: packet error: %s", - __func__, ssh_err(r)); + fatal_fr(r, "parse ospeed"); if (failure != -1 && cfsetospeed(&tio, baud_to_speed(baud)) == -1) error("cfsetospeed failed for %d", baud); @@ -368,15 +366,13 @@ ssh_tty_parse_modes(struct ssh *ssh, int fd) #define TTYCHAR(NAME, OP) \ case OP: \ if ((r = sshbuf_get_u32(buf, &u)) != 0) \ - fatal("%s: packet error: %s", __func__, \ - ssh_err(r)); \ + fatal_fr(r, "parse %s", #NAME); \ tio.c_cc[NAME] = u; \ break; #define TTYMODE(NAME, FIELD, OP) \ case OP: \ if ((r = sshbuf_get_u32(buf, &u)) != 0) \ - fatal("%s: packet error: %s", __func__, \ - ssh_err(r)); \ + fatal_fr(r, "parse %s", #NAME); \ if (u) \ tio.FIELD |= NAME; \ else \ @@ -400,12 +396,10 @@ ssh_tty_parse_modes(struct ssh *ssh, int fd) */ if (opcode > 0 && opcode < 160) { if ((r = sshbuf_get_u32(buf, NULL)) != 0) - fatal("%s: packet error: %s", __func__, - ssh_err(r)); + fatal_fr(r, "parse arg"); break; } else { - logit("%s: unknown opcode %d", __func__, - opcode); + logit_f("unknown opcode %d", opcode); goto set; } } @@ -415,7 +409,7 @@ set: len = sshbuf_len(buf); sshbuf_free(buf); if (len > 0) { - logit("%s: %zu bytes left", __func__, len); + logit_f("%zu bytes left", len); return; /* Don't process bytes passed */ } if (failure == -1) |