*/
#include "includes.h"
-RCSID("$OpenBSD: monitor.c,v 1.10 2002/05/12 23:53:45 djm Exp $");
+RCSID("$OpenBSD: monitor.c,v 1.11 2002/05/15 15:47:49 mouring Exp $");
#include <openssl/dh.h>
}
Authctxt *
-monitor_child_preauth(struct monitor *monitor)
+monitor_child_preauth(struct monitor *pmonitor)
{
struct mon_table *ent;
int authenticated = 0;
/* The first few requests do not require asynchronous access */
while (!authenticated) {
- authenticated = monitor_read(monitor, mon_dispatch, &ent);
+ authenticated = monitor_read(pmonitor, mon_dispatch, &ent);
if (authenticated) {
if (!(ent->flags & MON_AUTHDECIDE))
fatal("%s: unexpected authentication from %d",
debug("%s: %s has been authenticated by privileged process",
__FUNCTION__, authctxt->user);
- mm_get_keystate(monitor);
+ mm_get_keystate(pmonitor);
return (authctxt);
}
void
-monitor_child_postauth(struct monitor *monitor)
+monitor_child_postauth(struct monitor *pmonitor)
{
if (compat20) {
mon_dispatch = mon_dispatch_postauth20;
}
for (;;)
- monitor_read(monitor, mon_dispatch, NULL);
+ monitor_read(pmonitor, mon_dispatch, NULL);
}
void
-monitor_sync(struct monitor *monitor)
+monitor_sync(struct monitor *pmonitor)
{
/* The member allocation is not visible, so sync it */
- mm_share_sync(&monitor->m_zlib, &monitor->m_zback);
+ mm_share_sync(&pmonitor->m_zlib, &pmonitor->m_zback);
}
int
-monitor_read(struct monitor *monitor, struct mon_table *ent,
+monitor_read(struct monitor *pmonitor, struct mon_table *ent,
struct mon_table **pent)
{
Buffer m;
buffer_init(&m);
- mm_request_receive(monitor->m_sendfd, &m);
+ mm_request_receive(pmonitor->m_sendfd, &m);
type = buffer_get_char(&m);
debug3("%s: checking request %d", __FUNCTION__, type);
if (!(ent->flags & MON_PERMIT))
fatal("%s: unpermitted request %d", __FUNCTION__,
type);
- ret = (*ent->f)(monitor->m_sendfd, &m);
+ ret = (*ent->f)(pmonitor->m_sendfd, &m);
buffer_free(&m);
/* The child may use this request only once, disable it */
int
mm_answer_pty(int socket, Buffer *m)
{
- extern struct monitor *monitor;
+ extern struct monitor *pmonitor;
Session *s;
int res, fd0;
goto error;
s->authctxt = authctxt;
s->pw = authctxt->pw;
- s->pid = monitor->m_pid;
+ s->pid = pmonitor->m_pid;
res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty));
if (res == 0)
goto error;
int
mm_answer_term(int socket, Buffer *req)
{
- extern struct monitor *monitor;
+ extern struct monitor *pmonitor;
int res, status;
debug3("%s: tearing down sessions", __FUNCTION__);
/* The child is terminating */
session_destroy_all(&mm_session_close);
- while (waitpid(monitor->m_pid, &status, 0) == -1)
+ while (waitpid(pmonitor->m_pid, &status, 0) == -1)
if (errno != EINTR)
exit(1);
}
void
-monitor_apply_keystate(struct monitor *monitor)
+monitor_apply_keystate(struct monitor *pmonitor)
{
if (compat20) {
set_newkeys(MODE_IN);
sizeof(outgoing_stream));
/* Update with new address */
- mm_init_compression(monitor->m_zlib);
+ mm_init_compression(pmonitor->m_zlib);
/* Network I/O buffers */
/* XXX inefficient for large buffers, need: buffer_init_from_string */
/* This function requries careful sanity checking */
void
-mm_get_keystate(struct monitor *monitor)
+mm_get_keystate(struct monitor *pmonitor)
{
Buffer m;
u_char *blob, *p;
debug3("%s: Waiting for new keys", __FUNCTION__);
buffer_init(&m);
- mm_request_receive_expect(monitor->m_sendfd, MONITOR_REQ_KEYEXPORT, &m);
+ mm_request_receive_expect(pmonitor->m_sendfd, MONITOR_REQ_KEYEXPORT, &m);
if (!compat20) {
child_state.ssh1protoflags = buffer_get_int(&m);
child_state.ssh1cipher = buffer_get_int(&m);
goto skip;
} else {
/* Get the Kex for rekeying */
- *monitor->m_pkex = mm_get_kex(&m);
+ *pmonitor->m_pkex = mm_get_kex(&m);
}
blob = buffer_get_string(&m, &bloblen);
*/
#include "includes.h"
-RCSID("$OpenBSD: monitor_wrap.c,v 1.6 2002/05/12 23:53:45 djm Exp $");
+RCSID("$OpenBSD: monitor_wrap.c,v 1.7 2002/05/15 15:47:49 mouring Exp $");
#include <openssl/bn.h>
#include <openssl/dh.h>
extern Newkeys *newkeys[];
extern z_stream incoming_stream;
extern z_stream outgoing_stream;
-extern struct monitor *monitor;
+extern struct monitor *pmonitor;
extern Buffer input, output;
void
buffer_put_int(&m, nbits);
buffer_put_int(&m, max);
- mm_request_send(monitor->m_recvfd, MONITOR_REQ_MODULI, &m);
+ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_MODULI, &m);
debug3("%s: waiting for MONITOR_ANS_MODULI", __FUNCTION__);
- mm_request_receive_expect(monitor->m_recvfd, MONITOR_ANS_MODULI, &m);
+ mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_MODULI, &m);
success = buffer_get_char(&m);
if (success == 0)
int
mm_key_sign(Key *key, u_char **sigp, u_int *lenp, u_char *data, u_int datalen)
{
- Kex *kex = *monitor->m_pkex;
+ Kex *kex = *pmonitor->m_pkex;
Buffer m;
debug3("%s entering", __FUNCTION__);
buffer_put_int(&m, kex->host_key_index(key));
buffer_put_string(&m, data, datalen);
- mm_request_send(monitor->m_recvfd, MONITOR_REQ_SIGN, &m);
+ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SIGN, &m);
debug3("%s: waiting for MONITOR_ANS_SIGN", __FUNCTION__);
- mm_request_receive_expect(monitor->m_recvfd, MONITOR_ANS_SIGN, &m);
+ mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_SIGN, &m);
*sigp = buffer_get_string(&m, lenp);
buffer_free(&m);
buffer_init(&m);
buffer_put_cstring(&m, login);
- mm_request_send(monitor->m_recvfd, MONITOR_REQ_PWNAM, &m);
+ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PWNAM, &m);
debug3("%s: waiting for MONITOR_ANS_PWNAM", __FUNCTION__);
- mm_request_receive_expect(monitor->m_recvfd, MONITOR_ANS_PWNAM, &m);
+ mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PWNAM, &m);
if (buffer_get_char(&m) == 0) {
buffer_free(&m);
debug3("%s entering", __FUNCTION__);
buffer_init(&m);
- mm_request_send(monitor->m_recvfd, MONITOR_REQ_AUTH2_READ_BANNER, &m);
+ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTH2_READ_BANNER, &m);
buffer_clear(&m);
- mm_request_receive_expect(monitor->m_recvfd, MONITOR_ANS_AUTH2_READ_BANNER, &m);
+ mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUTH2_READ_BANNER, &m);
banner = buffer_get_string(&m, NULL);
buffer_free(&m);
buffer_put_cstring(&m, service);
buffer_put_cstring(&m, style ? style : "");
- mm_request_send(monitor->m_recvfd, MONITOR_REQ_AUTHSERV, &m);
+ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHSERV, &m);
buffer_free(&m);
}
buffer_init(&m);
buffer_put_cstring(&m, password);
- mm_request_send(monitor->m_recvfd, MONITOR_REQ_AUTHPASSWORD, &m);
+ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHPASSWORD, &m);
debug3("%s: waiting for MONITOR_ANS_AUTHPASSWORD", __FUNCTION__);
- mm_request_receive_expect(monitor->m_recvfd, MONITOR_ANS_AUTHPASSWORD, &m);
+ mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUTHPASSWORD, &m);
authenticated = buffer_get_int(&m);
buffer_put_string(&m, blob, len);
xfree(blob);
- mm_request_send(monitor->m_recvfd, MONITOR_REQ_KEYALLOWED, &m);
+ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYALLOWED, &m);
debug3("%s: waiting for MONITOR_ANS_KEYALLOWED", __FUNCTION__);
- mm_request_receive_expect(monitor->m_recvfd, MONITOR_ANS_KEYALLOWED, &m);
+ mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_KEYALLOWED, &m);
allowed = buffer_get_int(&m);
buffer_put_string(&m, data, datalen);
xfree(blob);
- mm_request_send(monitor->m_recvfd, MONITOR_REQ_KEYVERIFY, &m);
+ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYVERIFY, &m);
debug3("%s: waiting for MONITOR_ANS_KEYVERIFY", __FUNCTION__);
- mm_request_receive_expect(monitor->m_recvfd, MONITOR_ANS_KEYVERIFY, &m);
+ mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_KEYVERIFY, &m);
verified = buffer_get_int(&m);
}
void
-mm_send_keystate(struct monitor *monitor)
+mm_send_keystate(struct monitor *pmonitor)
{
Buffer m;
u_char *blob, *p;
goto skip;
} else {
/* Kex for rekeying */
- mm_send_kex(&m, *monitor->m_pkex);
+ mm_send_kex(&m, *pmonitor->m_pkex);
}
debug3("%s: Sending new keys: %p %p",
buffer_put_string(&m, buffer_ptr(&input), buffer_len(&input));
buffer_put_string(&m, buffer_ptr(&output), buffer_len(&output));
- mm_request_send(monitor->m_recvfd, MONITOR_REQ_KEYEXPORT, &m);
+ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYEXPORT, &m);
debug3("%s: Finished sending state", __FUNCTION__);
buffer_free(&m);
int success = 0;
buffer_init(&m);
- mm_request_send(monitor->m_recvfd, MONITOR_REQ_PTY, &m);
+ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PTY, &m);
debug3("%s: waiting for MONITOR_ANS_PTY", __FUNCTION__);
- mm_request_receive_expect(monitor->m_recvfd, MONITOR_ANS_PTY, &m);
+ mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PTY, &m);
success = buffer_get_int(&m);
if (success == 0) {
strlcpy(namebuf, p, namebuflen); /* Possible truncation */
xfree(p);
- *ptyfd = mm_receive_fd(monitor->m_recvfd);
- *ttyfd = mm_receive_fd(monitor->m_recvfd);
+ *ptyfd = mm_receive_fd(pmonitor->m_recvfd);
+ *ttyfd = mm_receive_fd(pmonitor->m_recvfd);
/* Success */
return (1);
return;
buffer_init(&m);
buffer_put_cstring(&m, s->tty);
- mm_request_send(monitor->m_recvfd, MONITOR_REQ_PTYCLEANUP, &m);
+ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PTYCLEANUP, &m);
buffer_free(&m);
/* closed dup'ed master */
buffer_init(&m);
buffer_put_cstring(&m, user);
- mm_request_send(monitor->m_recvfd, MONITOR_REQ_PAM_START, &m);
+ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_START, &m);
buffer_free(&m);
}
Buffer m;
buffer_init(&m);
- mm_request_send(monitor->m_recvfd, MONITOR_REQ_TERM, &m);
+ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_TERM, &m);
buffer_free(&m);
}
buffer_init(&m);
buffer_put_bignum2(&m, num);
- mm_request_send(monitor->m_recvfd, MONITOR_REQ_SESSKEY, &m);
+ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SESSKEY, &m);
- mm_request_receive_expect(monitor->m_recvfd, MONITOR_ANS_SESSKEY, &m);
+ mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_SESSKEY, &m);
rsafail = buffer_get_int(&m);
buffer_get_bignum2(&m, num);
debug3("%s: entering", __FUNCTION__);
buffer_init(&m);
- mm_request_send(monitor->m_recvfd, MONITOR_REQ_BSDAUTHQUERY, &m);
+ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_BSDAUTHQUERY, &m);
- mm_request_receive_expect(monitor->m_recvfd, MONITOR_ANS_BSDAUTHQUERY,
+ mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_BSDAUTHQUERY,
&m);
res = buffer_get_int(&m);
if (res == -1) {
buffer_init(&m);
buffer_put_cstring(&m, responses[0]);
- mm_request_send(monitor->m_recvfd, MONITOR_REQ_BSDAUTHRESPOND, &m);
+ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_BSDAUTHRESPOND, &m);
- mm_request_receive_expect(monitor->m_recvfd,
+ mm_request_receive_expect(pmonitor->m_recvfd,
MONITOR_ANS_BSDAUTHRESPOND, &m);
authok = buffer_get_int(&m);
debug3("%s: entering", __FUNCTION__);
buffer_init(&m);
- mm_request_send(monitor->m_recvfd, MONITOR_REQ_SKEYQUERY, &m);
+ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SKEYQUERY, &m);
- mm_request_receive_expect(monitor->m_recvfd, MONITOR_ANS_SKEYQUERY,
+ mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_SKEYQUERY,
&m);
res = buffer_get_int(&m);
if (res == -1) {
buffer_init(&m);
buffer_put_cstring(&m, responses[0]);
- mm_request_send(monitor->m_recvfd, MONITOR_REQ_SKEYRESPOND, &m);
+ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SKEYRESPOND, &m);
- mm_request_receive_expect(monitor->m_recvfd,
+ mm_request_receive_expect(pmonitor->m_recvfd,
MONITOR_ANS_SKEYRESPOND, &m);
authok = buffer_get_int(&m);
for (i = 0; i < 16; i++)
buffer_put_char(&m, session_id[i]);
- mm_request_send(monitor->m_recvfd, MONITOR_REQ_SESSID, &m);
+ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SESSID, &m);
buffer_free(&m);
}
buffer_init(&m);
buffer_put_bignum2(&m, client_n);
- mm_request_send(monitor->m_recvfd, MONITOR_REQ_RSAKEYALLOWED, &m);
- mm_request_receive_expect(monitor->m_recvfd, MONITOR_ANS_RSAKEYALLOWED, &m);
+ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_RSAKEYALLOWED, &m);
+ mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_RSAKEYALLOWED, &m);
allowed = buffer_get_int(&m);
buffer_put_string(&m, blob, blen);
xfree(blob);
- mm_request_send(monitor->m_recvfd, MONITOR_REQ_RSACHALLENGE, &m);
- mm_request_receive_expect(monitor->m_recvfd, MONITOR_ANS_RSACHALLENGE, &m);
+ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_RSACHALLENGE, &m);
+ mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_RSACHALLENGE, &m);
buffer_get_bignum2(&m, challenge);
buffer_free(&m);
buffer_put_string(&m, response, 16);
xfree(blob);
- mm_request_send(monitor->m_recvfd, MONITOR_REQ_RSARESPONSE, &m);
- mm_request_receive_expect(monitor->m_recvfd, MONITOR_ANS_RSARESPONSE, &m);
+ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_RSARESPONSE, &m);
+ mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_RSARESPONSE, &m);
success = buffer_get_int(&m);
buffer_free(&m);
*/
#include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.241 2002/05/13 15:53:19 millert Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.242 2002/05/15 15:47:49 mouring Exp $");
#include <openssl/dh.h>
#include <openssl/bn.h>
int startup_pipe; /* in child */
/* variables used for privilege separation */
-extern struct monitor *monitor;
+extern struct monitor *pmonitor;
extern int use_privsep;
/* Prototypes for various functions defined later in this file. */
pid_t pid;
/* Set up unprivileged child process to deal with network data */
- monitor = monitor_init();
+ pmonitor = monitor_init();
/* Store a pointer to the kex for later rekeying */
- monitor->m_pkex = &xxx_kex;
+ pmonitor->m_pkex = &xxx_kex;
pid = fork();
if (pid == -1) {
} else if (pid != 0) {
debug2("Network child is on pid %d", pid);
- close(monitor->m_recvfd);
- authctxt = monitor_child_preauth(monitor);
- close(monitor->m_sendfd);
+ close(pmonitor->m_recvfd);
+ authctxt = monitor_child_preauth(pmonitor);
+ close(pmonitor->m_sendfd);
/* Sync memory */
- monitor_sync(monitor);
+ monitor_sync(pmonitor);
/* Wait for the child's exit status */
while (waitpid(pid, &status, 0) < 0)
} else {
/* child */
- close(monitor->m_sendfd);
+ close(pmonitor->m_sendfd);
/* Demote the child */
if (getuid() == 0 || geteuid() == 0)
if (authctxt->pw->pw_uid == 0 || options.use_login) {
/* File descriptor passing is broken or root login */
- monitor_apply_keystate(monitor);
+ monitor_apply_keystate(pmonitor);
use_privsep = 0;
return;
}
}
/* New socket pair */
- monitor_reinit(monitor);
+ monitor_reinit(pmonitor);
- monitor->m_pid = fork();
- if (monitor->m_pid == -1)
+ pmonitor->m_pid = fork();
+ if (pmonitor->m_pid == -1)
fatal("fork of unprivileged child failed");
- else if (monitor->m_pid != 0) {
- debug2("User child is on pid %d", monitor->m_pid);
- close(monitor->m_recvfd);
- monitor_child_postauth(monitor);
+ else if (pmonitor->m_pid != 0) {
+ debug2("User child is on pid %d", pmonitor->m_pid);
+ close(pmonitor->m_recvfd);
+ monitor_child_postauth(pmonitor);
/* NEVERREACHED */
exit(0);
}
- close(monitor->m_sendfd);
+ close(pmonitor->m_sendfd);
/* Demote the private keys to public keys. */
demote_sensitive_data();
do_setusercontext(authctxt->pw);
/* It is safe now to apply the key state */
- monitor_apply_keystate(monitor);
+ monitor_apply_keystate(pmonitor);
}
static char *
* the current keystate and exits
*/
if (use_privsep) {
- mm_send_keystate(monitor);
+ mm_send_keystate(pmonitor);
exit(0);
}
andersk / openssh.git / commitdiff
