summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authordjm@openbsd.org <djm@openbsd.org>2019-01-19 21:43:07 +0000
committerDamien Miller <djm@mindrot.org>2019-01-20 09:45:18 +1100
commitec00f918b8ad90295044266c433340a8adc93452 (patch)
tree445c6ca9d5f6e17cdd7ddc891816dd03d0266872
parent6350e0316981489d4205952d6904d6fedba5bfe0 (diff)
upstream: convert monitor.c to new packet API
with & ok markus@ OpenBSD-Commit-ID: 61ecd154bd9804461a0cf5f495a29d919e0014d5
-rw-r--r--monitor.c169
-rw-r--r--monitor.h12
-rw-r--r--monitor_wrap.c3
-rw-r--r--monitor_wrap.h4
-rw-r--r--sshd.c11
5 files changed, 94 insertions, 105 deletions
diff --git a/monitor.c b/monitor.c
index 39bf7705..387b5002 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor.c,v 1.190 2019/01/19 21:41:18 djm Exp $ */
+/* $OpenBSD: monitor.c,v 1.191 2019/01/19 21:43:07 djm Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
* Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -96,9 +96,6 @@
#include "match.h"
#include "ssherr.h"
-#include "opacket.h" /* XXX */
-extern struct ssh *active_state; /* XXX */
-
#ifdef GSSAPI
static Gssctxt *gsscontext = NULL;
#endif
@@ -115,48 +112,48 @@ static struct sshbuf *child_state;
/* Functions on the monitor that answer unprivileged requests */
-int mm_answer_moduli(int, struct sshbuf *);
-int mm_answer_sign(int, struct sshbuf *);
-int mm_answer_pwnamallow(int, struct sshbuf *);
-int mm_answer_auth2_read_banner(int, struct sshbuf *);
-int mm_answer_authserv(int, struct sshbuf *);
-int mm_answer_authpassword(int, struct sshbuf *);
-int mm_answer_bsdauthquery(int, struct sshbuf *);
-int mm_answer_bsdauthrespond(int, struct sshbuf *);
-int mm_answer_keyallowed(int, struct sshbuf *);
-int mm_answer_keyverify(int, struct sshbuf *);
-int mm_answer_pty(int, struct sshbuf *);
-int mm_answer_pty_cleanup(int, struct sshbuf *);
-int mm_answer_term(int, struct sshbuf *);
-int mm_answer_rsa_keyallowed(int, struct sshbuf *);
-int mm_answer_rsa_challenge(int, struct sshbuf *);
-int mm_answer_rsa_response(int, struct sshbuf *);
-int mm_answer_sesskey(int, struct sshbuf *);
-int mm_answer_sessid(int, struct sshbuf *);
+int mm_answer_moduli(struct ssh *, int, struct sshbuf *);
+int mm_answer_sign(struct ssh *, int, struct sshbuf *);
+int mm_answer_pwnamallow(struct ssh *, int, struct sshbuf *);
+int mm_answer_auth2_read_banner(struct ssh *, int, struct sshbuf *);
+int mm_answer_authserv(struct ssh *, int, struct sshbuf *);
+int mm_answer_authpassword(struct ssh *, int, struct sshbuf *);
+int mm_answer_bsdauthquery(struct ssh *, int, struct sshbuf *);
+int mm_answer_bsdauthrespond(struct ssh *, int, struct sshbuf *);
+int mm_answer_skeyquery(struct ssh *, int, struct sshbuf *);
+int mm_answer_skeyrespond(struct ssh *, int, struct sshbuf *);
+int mm_answer_keyallowed(struct ssh *, int, struct sshbuf *);
+int mm_answer_keyverify(struct ssh *, int, struct sshbuf *);
+int mm_answer_pty(struct ssh *, int, struct sshbuf *);
+int mm_answer_pty_cleanup(struct ssh *, int, struct sshbuf *);
+int mm_answer_term(struct ssh *, int, struct sshbuf *);
+int mm_answer_rsa_keyallowed(struct ssh *, int, struct sshbuf *);
+int mm_answer_rsa_challenge(struct ssh *, int, struct sshbuf *);
+int mm_answer_rsa_response(struct ssh *, int, struct sshbuf *);
+int mm_answer_sesskey(struct ssh *, int, struct sshbuf *);
+int mm_answer_sessid(struct ssh *, int, struct sshbuf *);
#ifdef USE_PAM
-int mm_answer_pam_start(int, struct sshbuf *);
-int mm_answer_pam_account(int, struct sshbuf *);
-int mm_answer_pam_init_ctx(int, struct sshbuf *);
-int mm_answer_pam_query(int, struct sshbuf *);
-int mm_answer_pam_respond(int, struct sshbuf *);
-int mm_answer_pam_free_ctx(int, struct sshbuf *);
+int mm_answer_pam_start(struct ssh *, int, struct sshbuf *);
+int mm_answer_pam_account(struct ssh *, int, struct sshbuf *);
+int mm_answer_pam_init_ctx(struct ssh *, int, struct sshbuf *);
+int mm_answer_pam_query(struct ssh *, int, struct sshbuf *);
+int mm_answer_pam_respond(struct ssh *, int, struct sshbuf *);
+int mm_answer_pam_free_ctx(struct ssh *, int, struct sshbuf *);
#endif
#ifdef GSSAPI
-int mm_answer_gss_setup_ctx(int, struct sshbuf *);
-int mm_answer_gss_accept_ctx(int, struct sshbuf *);
-int mm_answer_gss_userok(int, struct sshbuf *);
-int mm_answer_gss_checkmic(int, struct sshbuf *);
+int mm_answer_gss_setup_ctx(struct ssh *, int, struct sshbuf *);
+int mm_answer_gss_accept_ctx(struct ssh *, int, struct sshbuf *);
+int mm_answer_gss_userok(struct ssh *, int, struct sshbuf *);
+int mm_answer_gss_checkmic(struct ssh *, int, struct sshbuf *);
#endif
#ifdef SSH_AUDIT_EVENTS
-int mm_answer_audit_event(int, struct sshbuf *);
-int mm_answer_audit_command(int, struct sshbuf *);
+int mm_answer_audit_event(struct ssh *, int, struct sshbuf *);
+int mm_answer_audit_command(struct ssh *, int, struct sshbuf *);
#endif
-static int monitor_read_log(struct monitor *);
-
static Authctxt *authctxt;
/* local state for key verify */
@@ -175,7 +172,7 @@ static pid_t monitor_child_pid;
struct mon_table {
enum monitor_reqtype type;
int flags;
- int (*f)(int, struct sshbuf *);
+ int (*f)(struct ssh *, int, struct sshbuf *);
};
#define MON_ISAUTH 0x0004 /* Required for Authentication */
@@ -187,6 +184,10 @@ struct mon_table {
#define MON_PERMIT 0x1000 /* Request is permitted */
+static int monitor_read(struct ssh *, struct monitor *, struct mon_table *,
+ struct mon_table **);
+static int monitor_read_log(struct monitor *);
+
struct mon_table mon_dispatch_proto20[] = {
#ifdef WITH_OPENSSL
{MONITOR_REQ_MODULI, MON_ONCE, mm_answer_moduli},
@@ -268,9 +269,8 @@ monitor_permit_authentications(int permit)
}
void
-monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor)
+monitor_child_preauth(struct ssh *ssh, struct monitor *pmonitor)
{
- struct ssh *ssh = active_state; /* XXX */
struct mon_table *ent;
int authenticated = 0, partial = 0;
@@ -282,7 +282,7 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor)
close(pmonitor->m_log_sendfd);
pmonitor->m_log_sendfd = pmonitor->m_recvfd = -1;
- authctxt = _authctxt;
+ authctxt = (Authctxt *)ssh->authctxt;
memset(authctxt, 0, sizeof(*authctxt));
ssh->authctxt = authctxt;
@@ -300,7 +300,8 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor)
auth_submethod = NULL;
auth2_authctxt_reset_info(authctxt);
- authenticated = (monitor_read(pmonitor, mon_dispatch, &ent) == 1);
+ authenticated = (monitor_read(ssh, pmonitor,
+ mon_dispatch, &ent) == 1);
/* Special handling for multiple required authentications */
if (options.num_auth_methods != 0) {
@@ -332,7 +333,7 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor)
mm_request_receive_expect(pmonitor->m_sendfd,
MONITOR_REQ_PAM_ACCOUNT, m);
authenticated = mm_answer_pam_account(
- pmonitor->m_sendfd, m);
+ ssh, pmonitor->m_sendfd, m);
sshbuf_free(m);
}
#endif
@@ -385,7 +386,7 @@ monitor_child_handler(int sig)
}
void
-monitor_child_postauth(struct monitor *pmonitor)
+monitor_child_postauth(struct ssh *ssh, struct monitor *pmonitor)
{
close(pmonitor->m_recvfd);
pmonitor->m_recvfd = -1;
@@ -411,7 +412,7 @@ monitor_child_postauth(struct monitor *pmonitor)
}
for (;;)
- monitor_read(pmonitor, mon_dispatch, NULL);
+ monitor_read(ssh, pmonitor, mon_dispatch, NULL);
}
static int
@@ -466,8 +467,8 @@ monitor_read_log(struct monitor *pmonitor)
return 0;
}
-int
-monitor_read(struct monitor *pmonitor, struct mon_table *ent,
+static int
+monitor_read(struct ssh *ssh, struct monitor *pmonitor, struct mon_table *ent,
struct mon_table **pent)
{
struct sshbuf *m;
@@ -517,7 +518,7 @@ monitor_read(struct monitor *pmonitor, struct mon_table *ent,
if (!(ent->flags & MON_PERMIT))
fatal("%s: unpermitted request %d", __func__,
type);
- ret = (*ent->f)(pmonitor->m_sendfd, m);
+ ret = (*ent->f)(ssh, pmonitor->m_sendfd, m);
sshbuf_free(m);
/* The child may use this request only once, disable it */
@@ -568,7 +569,7 @@ monitor_reset_key_state(void)
#ifdef WITH_OPENSSL
int
-mm_answer_moduli(int sock, struct sshbuf *m)
+mm_answer_moduli(struct ssh *ssh, int sock, struct sshbuf *m)
{
DH *dh;
const BIGNUM *dh_p, *dh_g;
@@ -610,9 +611,8 @@ mm_answer_moduli(int sock, struct sshbuf *m)
#endif
int
-mm_answer_sign(int sock, struct sshbuf *m)
+mm_answer_sign(struct ssh *ssh, int sock, struct sshbuf *m)
{
- struct ssh *ssh = active_state; /* XXX */
extern int auth_sock; /* XXX move to state struct? */
struct sshkey *key;
struct sshbuf *sigbuf = NULL;
@@ -713,9 +713,8 @@ mm_answer_sign(int sock, struct sshbuf *m)
/* Retrieves the password entry and also checks if the user is permitted */
int
-mm_answer_pwnamallow(int sock, struct sshbuf *m)
+mm_answer_pwnamallow(struct ssh *ssh, int sock, struct sshbuf *m)
{
- struct ssh *ssh = active_state; /* XXX */
char *username;
struct passwd *pwent;
int r, allowed = 0;
@@ -813,7 +812,7 @@ mm_answer_pwnamallow(int sock, struct sshbuf *m)
return (0);
}
-int mm_answer_auth2_read_banner(int sock, struct sshbuf *m)
+int mm_answer_auth2_read_banner(struct ssh *ssh, int sock, struct sshbuf *m)
{
char *banner;
int r;
@@ -829,7 +828,7 @@ int mm_answer_auth2_read_banner(int sock, struct sshbuf *m)
}
int
-mm_answer_authserv(int sock, struct sshbuf *m)
+mm_answer_authserv(struct ssh *ssh, int sock, struct sshbuf *m)
{
int r;
@@ -879,9 +878,8 @@ key_base_type_match(const char *method, const struct sshkey *key,
}
int
-mm_answer_authpassword(int sock, struct sshbuf *m)
+mm_answer_authpassword(struct ssh *ssh, int sock, struct sshbuf *m)
{
- struct ssh *ssh = active_state; /* XXX */
static int call_count;
char *passwd;
int r, authenticated;
@@ -920,7 +918,7 @@ mm_answer_authpassword(int sock, struct sshbuf *m)
#ifdef BSD_AUTH
int
-mm_answer_bsdauthquery(int sock, struct sshbuf *m)
+mm_answer_bsdauthquery(struct ssh *ssh, int sock, struct sshbuf *m)
{
char *name, *infotxt;
u_int numprompts, *echo_on, success;
@@ -954,7 +952,7 @@ mm_answer_bsdauthquery(int sock, struct sshbuf *m)
}
int
-mm_answer_bsdauthrespond(int sock, struct sshbuf *m)
+mm_answer_bsdauthrespond(struct ssh *ssh, int sock, struct sshbuf *m)
{
char *response;
int r, authok;
@@ -988,7 +986,7 @@ mm_answer_bsdauthrespond(int sock, struct sshbuf *m)
#ifdef USE_PAM
int
-mm_answer_pam_start(int sock, struct sshbuf *m)
+mm_answer_pam_start(struct ssh *ssh, int sock, struct sshbuf *m)
{
if (!options.use_pam)
fatal("UsePAM not set, but ended up in %s anyway", __func__);
@@ -1003,7 +1001,7 @@ mm_answer_pam_start(int sock, struct sshbuf *m)
}
int
-mm_answer_pam_account(int sock, struct sshbuf *m)
+mm_answer_pam_account(struct ssh *ssh, int sock, struct sshbuf *m)
{
u_int ret;
int r;
@@ -1026,7 +1024,7 @@ static void *sshpam_ctxt, *sshpam_authok;
extern KbdintDevice sshpam_device;
int
-mm_answer_pam_init_ctx(int sock, struct sshbuf *m)
+mm_answer_pam_init_ctx(struct ssh *ssh, int sock, struct sshbuf *m)
{
u_int ok = 0;
int r;
@@ -1051,7 +1049,7 @@ mm_answer_pam_init_ctx(int sock, struct sshbuf *m)
}
int
-mm_answer_pam_query(int sock, struct sshbuf *m)
+mm_answer_pam_query(struct ssh *ssh, int sock, struct sshbuf *m)
{
char *name = NULL, *info = NULL, **prompts = NULL;
u_int i, num = 0, *echo_on = 0;
@@ -1092,7 +1090,7 @@ mm_answer_pam_query(int sock, struct sshbuf *m)
}
int
-mm_answer_pam_respond(int sock, struct sshbuf *m)
+mm_answer_pam_respond(struct ssh *ssh, int sock, struct sshbuf *m)
{
char **resp;
u_int i, num;
@@ -1130,7 +1128,7 @@ mm_answer_pam_respond(int sock, struct sshbuf *m)
}
int
-mm_answer_pam_free_ctx(int sock, struct sshbuf *m)
+mm_answer_pam_free_ctx(struct ssh *ssh, int sock, struct sshbuf *m)
{
int r = sshpam_authok != NULL && sshpam_authok == sshpam_ctxt;
@@ -1150,9 +1148,8 @@ mm_answer_pam_free_ctx(int sock, struct sshbuf *m)
#endif
int
-mm_answer_keyallowed(int sock, struct sshbuf *m)
+mm_answer_keyallowed(struct ssh *ssh, int sock, struct sshbuf *m)
{
- struct ssh *ssh = active_state; /* XXX */
struct sshkey *key = NULL;
char *cuser, *chost;
u_int pubkey_auth_attempt;
@@ -1387,9 +1384,8 @@ monitor_valid_hostbasedblob(u_char *data, u_int datalen, char *cuser,
}
int
-mm_answer_keyverify(int sock, struct sshbuf *m)
+mm_answer_keyverify(struct ssh *ssh, int sock, struct sshbuf *m)
{
- struct ssh *ssh = active_state; /* XXX */
struct sshkey *key;
u_char *signature, *data, *blob;
char *sigalg;
@@ -1434,7 +1430,7 @@ mm_answer_keyverify(int sock, struct sshbuf *m)
fatal("%s: bad signature data blob", __func__);
ret = sshkey_verify(key, signature, signaturelen, data, datalen,
- sigalg, active_state->compat);
+ sigalg, ssh->compat);
debug3("%s: %s %p signature %s", __func__, auth_method, key,
(ret == 0) ? "verified" : "unverified");
auth2_record_key(authctxt, ret == 0, key);
@@ -1461,9 +1457,8 @@ mm_answer_keyverify(int sock, struct sshbuf *m)
}
static void
-mm_record_login(Session *s, struct passwd *pw)
+mm_record_login(struct ssh *ssh, Session *s, struct passwd *pw)
{
- struct ssh *ssh = active_state; /* XXX */
socklen_t fromlen;
struct sockaddr_storage from;
@@ -1473,8 +1468,8 @@ mm_record_login(Session *s, struct passwd *pw)
*/
memset(&from, 0, sizeof(from));
fromlen = sizeof(from);
- if (packet_connection_is_on_socket()) {
- if (getpeername(packet_get_connection_in(),
+ if (ssh_packet_connection_is_on_socket(ssh)) {
+ if (getpeername(ssh_packet_get_connection_in(ssh),
(struct sockaddr *)&from, &fromlen) < 0) {
debug("getpeername: %.100s", strerror(errno));
cleanup_exit(255);
@@ -1498,7 +1493,7 @@ mm_session_close(Session *s)
}
int
-mm_answer_pty(int sock, struct sshbuf *m)
+mm_answer_pty(struct ssh *ssh, int sock, struct sshbuf *m)
{
extern struct monitor *pmonitor;
Session *s;
@@ -1526,7 +1521,7 @@ mm_answer_pty(int sock, struct sshbuf *m)
if (dup2(s->ttyfd, 0) == -1)
fatal("%s: dup2", __func__);
- mm_record_login(s, authctxt->pw);
+ mm_record_login(ssh, s, authctxt->pw);
/* Now we can close the file descriptor again */
close(0);
@@ -1568,7 +1563,7 @@ mm_answer_pty(int sock, struct sshbuf *m)
}
int
-mm_answer_pty_cleanup(int sock, struct sshbuf *m)
+mm_answer_pty_cleanup(struct ssh *ssh, int sock, struct sshbuf *m)
{
Session *s;
char *tty;
@@ -1586,9 +1581,8 @@ mm_answer_pty_cleanup(int sock, struct sshbuf *m)
}
int
-mm_answer_term(int sock, struct sshbuf *req)
+mm_answer_term(struct ssh *ssh, int sock, struct sshbuf *req)
{
- struct ssh *ssh = active_state; /* XXX */
extern struct monitor *pmonitor;
int res, status;
@@ -1615,7 +1609,7 @@ mm_answer_term(int sock, struct sshbuf *req)
#ifdef SSH_AUDIT_EVENTS
/* Report that an audit event occurred */
int
-mm_answer_audit_event(int socket, struct sshbuf *m)
+mm_answer_audit_event(struct ssh *ssh, int socket, struct sshbuf *m)
{
u_int n;
ssh_audit_event_t event;
@@ -1644,7 +1638,7 @@ mm_answer_audit_event(int socket, struct sshbuf *m)
}
int
-mm_answer_audit_command(int socket, struct sshbuf *m)
+mm_answer_audit_command(struct ssh *ssh, int socket, struct sshbuf *m)
{
char *cmd;
int r;
@@ -1660,10 +1654,8 @@ mm_answer_audit_command(int socket, struct sshbuf *m)
#endif /* SSH_AUDIT_EVENTS */
void
-monitor_clear_keystate(struct monitor *pmonitor)
+monitor_clear_keystate(struct ssh *ssh, struct monitor *pmonitor)
{
- struct ssh *ssh = active_state; /* XXX */
-
ssh_clear_newkeys(ssh, MODE_IN);
ssh_clear_newkeys(ssh, MODE_OUT);
sshbuf_free(child_state);
@@ -1671,9 +1663,8 @@ monitor_clear_keystate(struct monitor *pmonitor)
}
void
-monitor_apply_keystate(struct monitor *pmonitor)
+monitor_apply_keystate(struct ssh *ssh, struct monitor *pmonitor)
{
- struct ssh *ssh = active_state; /* XXX */
struct kex *kex;
int r;
@@ -1780,7 +1771,7 @@ monitor_reinit(struct monitor *mon)
#ifdef GSSAPI
int
-mm_answer_gss_setup_ctx(int sock, struct sshbuf *m)
+mm_answer_gss_setup_ctx(struct ssh *ssh, int sock, struct sshbuf *m)
{
gss_OID_desc goid;
OM_uint32 major;
@@ -1813,7 +1804,7 @@ mm_answer_gss_setup_ctx(int sock, struct sshbuf *m)
}
int
-mm_answer_gss_accept_ctx(int sock, struct sshbuf *m)
+mm_answer_gss_accept_ctx(struct ssh *ssh, int sock, struct sshbuf *m)
{
gss_buffer_desc in;
gss_buffer_desc out = GSS_C_EMPTY_BUFFER;
@@ -1847,7 +1838,7 @@ mm_answer_gss_accept_ctx(int sock, struct sshbuf *m)
}
int
-mm_answer_gss_checkmic(int sock, struct sshbuf *m)
+mm_answer_gss_checkmic(struct ssh *ssh, int sock, struct sshbuf *m)
{
gss_buffer_desc gssbuf, mic;
OM_uint32 ret;
@@ -1878,7 +1869,7 @@ mm_answer_gss_checkmic(int sock, struct sshbuf *m)
}
int
-mm_answer_gss_userok(int sock, struct sshbuf *m)
+mm_answer_gss_userok(struct ssh *ssh, int sock, struct sshbuf *m)
{
int r, authenticated;
const char *displayname;
diff --git a/monitor.h b/monitor.h
index 16047299..a4b68fbe 100644
--- a/monitor.h
+++ b/monitor.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor.h,v 1.21 2018/07/09 21:53:45 markus Exp $ */
+/* $OpenBSD: monitor.h,v 1.22 2019/01/19 21:43:07 djm Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
@@ -65,6 +65,8 @@ enum monitor_reqtype {
};
+struct ssh;
+
struct monitor {
int m_recvfd;
int m_sendfd;
@@ -78,11 +80,11 @@ struct monitor *monitor_init(void);
void monitor_reinit(struct monitor *);
struct Authctxt;
-void monitor_child_preauth(struct Authctxt *, struct monitor *);
-void monitor_child_postauth(struct monitor *);
+void monitor_child_preauth(struct ssh *, struct monitor *);
+void monitor_child_postauth(struct ssh *, struct monitor *);
-struct mon_table;
-int monitor_read(struct monitor*, struct mon_table *, struct mon_table **);
+void monitor_clear_keystate(struct ssh *, struct monitor *);
+void monitor_apply_keystate(struct ssh *, struct monitor *);
/* Prototypes for request sending and receiving */
void mm_request_send(int, enum monitor_reqtype, struct sshbuf *);
diff --git a/monitor_wrap.c b/monitor_wrap.c
index 5db8a0a9..4bdfd518 100644
--- a/monitor_wrap.c
+++ b/monitor_wrap.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor_wrap.c,v 1.109 2019/01/19 21:41:18 djm Exp $ */
+/* $OpenBSD: monitor_wrap.c,v 1.110 2019/01/19 21:43:07 djm Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
* Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -76,7 +76,6 @@
#include "ssherr.h"
-#include "opacket.h" /* XXX */
extern struct ssh *active_state; /* XXX */
/* Imports */
diff --git a/monitor_wrap.h b/monitor_wrap.h
index 19c58e48..8277cbf4 100644
--- a/monitor_wrap.h
+++ b/monitor_wrap.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor_wrap.h,v 1.39 2019/01/19 21:41:18 djm Exp $ */
+/* $OpenBSD: monitor_wrap.h,v 1.40 2019/01/19 21:43:07 djm Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
@@ -89,8 +89,6 @@ void mm_session_pty_cleanup2(struct Session *);
struct newkeys *mm_newkeys_from_blob(u_char *, int);
int mm_newkeys_to_blob(int, u_char **, u_int *);
-void monitor_clear_keystate(struct monitor *);
-void monitor_apply_keystate(struct monitor *);
void mm_get_keystate(struct monitor *);
void mm_send_keystate(struct monitor*);
diff --git a/sshd.c b/sshd.c
index 9dbb09c6..0c93f7f3 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.525 2019/01/19 21:42:30 djm Exp $ */
+/* $OpenBSD: sshd.c,v 1.526 2019/01/19 21:43:07 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -459,7 +459,6 @@ privsep_preauth_child(void)
static int
privsep_preauth(struct ssh *ssh)
{
- Authctxt *authctxt = (Authctxt *)ssh->authctxt;
int status, r;
pid_t pid;
struct ssh_sandbox *box = NULL;
@@ -488,7 +487,7 @@ privsep_preauth(struct ssh *ssh)
}
if (box != NULL)
ssh_sandbox_parent_preauth(box, pid);
- monitor_child_preauth(authctxt, pmonitor);
+ monitor_child_preauth(ssh, pmonitor);
/* Wait for the child's exit status */
while (waitpid(pid, &status, 0) < 0) {
@@ -548,8 +547,8 @@ privsep_postauth(struct ssh *ssh, Authctxt *authctxt)
else if (pmonitor->m_pid != 0) {
verbose("User child is on pid %ld", (long)pmonitor->m_pid);
sshbuf_reset(loginmsg);
- monitor_clear_keystate(pmonitor);
- monitor_child_postauth(pmonitor);
+ monitor_clear_keystate(ssh, pmonitor);
+ monitor_child_postauth(ssh, pmonitor);
/* NEVERREACHED */
exit(0);
@@ -570,7 +569,7 @@ privsep_postauth(struct ssh *ssh, Authctxt *authctxt)
skip:
/* It is safe now to apply the key state */
- monitor_apply_keystate(pmonitor);
+ monitor_apply_keystate(ssh, pmonitor);
/*
* Tell the packet layer that authentication was successful, since