diff options
author | Colin Watson <cjwatson@debian.org> | 2016-02-29 12:15:15 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2016-03-08 11:51:22 +0000 |
commit | 46961f5704f8e86cea3e99253faad55aef4d8f35 (patch) | |
tree | 0dd97fa4fb649a62b4639fe2674380872b1f3e98 | |
parent | c753fe267efb1b027424fa8706cf0385fc3d14c1 (diff) | |
parent | 85e40e87a75fb80a0bf893ac05a417d6c353537d (diff) |
New upstream release (7.2).
188 files changed, 6879 insertions, 3965 deletions
@@ -1,22 +1,1895 @@ | |||
1 | commit c88ac102f0eb89f2eaa314cb2e2e0ca3c890c443 | 1 | commit 72b061d4ba0f909501c595d709ea76e06b01e5c9 |
2 | Author: Darren Tucker <dtucker@zip.com.au> | ||
3 | Date: Fri Feb 26 14:40:04 2016 +1100 | ||
4 | |||
5 | Add a note about using xlc on AIX. | ||
6 | |||
7 | commit fd4e4f2416baa2e6565ea49d52aade296bad3e28 | ||
8 | Author: Darren Tucker <dtucker@zip.com.au> | ||
9 | Date: Wed Feb 24 10:44:25 2016 +1100 | ||
10 | |||
11 | Skip PrintLastLog in config dump mode. | ||
12 | |||
13 | When DISABLE_LASTLOG is set, do not try to include PrintLastLog in the | ||
14 | config dump since it'll be reported as UNKNOWN. | ||
15 | |||
16 | commit 99135c764fa250801da5ec3b8d06cbd0111caae8 | ||
17 | Author: Damien Miller <djm@mindrot.org> | ||
18 | Date: Tue Feb 23 20:17:23 2016 +1100 | ||
19 | |||
20 | update spec/README versions ahead of release | ||
21 | |||
22 | commit b86a334aaaa4d1e643eb1fd71f718573d6d948b5 | ||
23 | Author: Damien Miller <djm@mindrot.org> | ||
24 | Date: Tue Feb 23 20:16:53 2016 +1100 | ||
25 | |||
26 | put back portable patchlevel to p1 | ||
27 | |||
28 | commit 555dd35ff176847e3c6bd068ba2e8db4022eb24f | ||
29 | Author: djm@openbsd.org <djm@openbsd.org> | ||
30 | Date: Tue Feb 23 09:14:34 2016 +0000 | ||
31 | |||
32 | upstream commit | ||
33 | |||
34 | openssh-7.2 | ||
35 | |||
36 | Upstream-ID: 9db776b26014147fc907ece8460ef2bcb0f11e78 | ||
37 | |||
38 | commit 1acc058d0a7913838c830ed998a1a1fb5b7864bf | ||
39 | Author: Damien Miller <djm@mindrot.org> | ||
40 | Date: Tue Feb 23 16:12:13 2016 +1100 | ||
41 | |||
42 | Disable tests where fs perms are incorrect | ||
43 | |||
44 | Some tests have strict requirements on the filesystem permissions | ||
45 | for certain files and directories. This adds a regress/check-perm | ||
46 | tool that copies the relevant logic from sshd to exactly test | ||
47 | the paths in question. This lets us skip tests when the local | ||
48 | filesystem doesn't conform to our expectations rather than | ||
49 | continuing and failing the test run. | ||
50 | |||
51 | ok dtucker@ | ||
52 | |||
53 | commit 39f303b1f36d934d8410b05625f25c7bcb75db4d | ||
54 | Author: Damien Miller <djm@mindrot.org> | ||
55 | Date: Tue Feb 23 12:56:59 2016 +1100 | ||
56 | |||
57 | fix sandbox on OSX Lion | ||
58 | |||
59 | sshd was failing with: | ||
60 | |||
61 | ssh_sandbox_child: sandbox_init: dlopen(/usr/lib/libsandbox.1.dylib, 261):cw | ||
62 | image not found [preauth] | ||
63 | |||
64 | caused by chroot before sandboxing. Avoid by explicitly linking libsandbox | ||
65 | to sshd. Spotted by Darren. | ||
66 | |||
67 | commit 0d1451a32c7436e6d3d482351e776bc5e7824ce4 | ||
68 | Author: djm@openbsd.org <djm@openbsd.org> | ||
69 | Date: Tue Feb 23 01:34:14 2016 +0000 | ||
70 | |||
71 | upstream commit | ||
72 | |||
73 | fix spurious error message when incorrect passphrase | ||
74 | entered for keys; reported by espie@ ok deraadt@ | ||
75 | |||
76 | Upstream-ID: 58b2e46e63ed6912ed1ee780bd3bd8560f9a5899 | ||
77 | |||
78 | commit 09d87d79741beb85768b5e788d7dfdf4bc3543dc | ||
79 | Author: sobrado@openbsd.org <sobrado@openbsd.org> | ||
80 | Date: Sat Feb 20 23:06:23 2016 +0000 | ||
81 | |||
82 | upstream commit | ||
83 | |||
84 | set ssh(1) protocol version to 2 only. | ||
85 | |||
86 | ok djm@ | ||
87 | |||
88 | Upstream-ID: e168daf9d27d7e392e3c9923826bd8e87b2b3a10 | ||
89 | |||
90 | commit 9262e07826ba5eebf8423f7ac9e47ec488c47869 | ||
91 | Author: sobrado@openbsd.org <sobrado@openbsd.org> | ||
92 | Date: Sat Feb 20 23:02:39 2016 +0000 | ||
93 | |||
94 | upstream commit | ||
95 | |||
96 | add missing ~/.ssh/id_ecdsa and ~/.ssh/id_ed25519 to | ||
97 | IdentityFile. | ||
98 | |||
99 | ok djm@ | ||
100 | |||
101 | Upstream-ID: 6ce99466312e4ae7708017c3665e3edb976f70cf | ||
102 | |||
103 | commit c12f0fdce8f985fca8d71829fd64c5b89dc777f5 | ||
104 | Author: sobrado@openbsd.org <sobrado@openbsd.org> | ||
105 | Date: Sat Feb 20 23:01:46 2016 +0000 | ||
106 | |||
107 | upstream commit | ||
108 | |||
109 | AddressFamily defaults to any. | ||
110 | |||
111 | ok djm@ | ||
112 | |||
113 | Upstream-ID: 0d94aa06a4b889bf57a7f631c45ba36d24c13e0c | ||
114 | |||
115 | commit 907091acb188b1057d50c2158f74c3ecf1c2302b | ||
116 | Author: Darren Tucker <dtucker@zip.com.au> | ||
117 | Date: Fri Feb 19 09:05:39 2016 +1100 | ||
118 | |||
119 | Make Solaris privs code build on older systems. | ||
120 | |||
121 | Not all systems with Solaris privs have priv_basicset so factor that | ||
122 | out and provide backward compatibility code. Similarly, not all have | ||
123 | PRIV_NET_ACCESS so wrap that in #ifdef. Based on code from | ||
124 | alex at cooperi.net and djm@ with help from carson at taltos.org and | ||
125 | wieland at purdue.edu. | ||
126 | |||
127 | commit 292a8dee14e5e67dcd1b49ba5c7b9023e8420d59 | ||
128 | Author: djm@openbsd.org <djm@openbsd.org> | ||
129 | Date: Wed Feb 17 22:20:14 2016 +0000 | ||
130 | |||
131 | upstream commit | ||
132 | |||
133 | rekey refactor broke SSH1; spotted by Tom G. Christensen | ||
134 | |||
135 | Upstream-ID: 43f0d57928cc077c949af0bfa71ef574dcb58243 | ||
136 | |||
137 | commit 3a13cb543df9919aec2fc6b75f3dd3802facaeca | ||
138 | Author: djm@openbsd.org <djm@openbsd.org> | ||
139 | Date: Wed Feb 17 08:57:34 2016 +0000 | ||
140 | |||
141 | upstream commit | ||
142 | |||
143 | rsa-sha2-512,rsa-sha2-256 cannot be selected explicitly | ||
144 | in *KeyTypes options yet. Remove them from the lists of algorithms for now. | ||
145 | committing on behalf of markus@ ok djm@ | ||
146 | |||
147 | Upstream-ID: c6e8820eb8e610ac21551832c0c89684a9a51bb7 | ||
148 | |||
149 | commit a685ae8d1c24fb7c712c55a4f3280ee76f5f1e4b | ||
150 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
151 | Date: Wed Feb 17 07:38:19 2016 +0000 | ||
152 | |||
153 | upstream commit | ||
154 | |||
155 | since these pages now clearly tell folks to avoid v1, | ||
156 | normalise the docs from a v2 perspective (i.e. stop pointing out which bits | ||
157 | are v2 only); | ||
158 | |||
159 | ok/tweaks djm ok markus | ||
160 | |||
161 | Upstream-ID: eb474f8c36fb6a532dc05c282f7965e38dcfa129 | ||
162 | |||
163 | commit c5c3f3279a0e4044b8de71b70d3570d692d0f29d | ||
164 | Author: djm@openbsd.org <djm@openbsd.org> | ||
165 | Date: Wed Feb 17 05:29:04 2016 +0000 | ||
166 | |||
167 | upstream commit | ||
168 | |||
169 | make sandboxed privilege separation the default, not just | ||
170 | for new installs; "absolutely" deraadt@ | ||
171 | |||
172 | Upstream-ID: 5221ef3b927d2df044e9aa3f5db74ae91743f69b | ||
173 | |||
174 | commit eb3f7337a651aa01d5dec019025e6cdc124ed081 | ||
175 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
176 | Date: Tue Feb 16 07:47:54 2016 +0000 | ||
177 | |||
178 | upstream commit | ||
179 | |||
180 | no need to state that protocol 2 is the default twice; | ||
181 | |||
182 | Upstream-ID: b1e4c36b0c2e12e338e5b66e2978f2ac953b95eb | ||
183 | |||
184 | commit e7901efa9b24e5b0c7e74f2c5520d47eead4d005 | ||
185 | Author: djm@openbsd.org <djm@openbsd.org> | ||
186 | Date: Tue Feb 16 05:11:04 2016 +0000 | ||
187 | |||
188 | upstream commit | ||
189 | |||
190 | Replace list of ciphers and MACs adjacent to -1/-2 flag | ||
191 | descriptions in ssh(1) with a strong recommendation not to use protocol 1. | ||
192 | Add a similar warning to the Protocol option descriptions in ssh_config(5) | ||
193 | and sshd_config(5); | ||
194 | |||
195 | prompted by and ok mmcc@ | ||
196 | |||
197 | Upstream-ID: 961f99e5437d50e636feca023978950a232ead5e | ||
198 | |||
199 | commit 5a0fcb77287342e2fc2ba1cee79b6af108973dc2 | ||
200 | Author: djm@openbsd.org <djm@openbsd.org> | ||
201 | Date: Tue Feb 16 03:37:48 2016 +0000 | ||
202 | |||
203 | upstream commit | ||
204 | |||
205 | add a "Close session" log entry (at loglevel=verbose) to | ||
206 | correspond to the existing "Starting session" one. Also include the session | ||
207 | id number to make multiplexed sessions more apparent. | ||
208 | |||
209 | feedback and ok dtucker@ | ||
210 | |||
211 | Upstream-ID: e72d2ac080e02774376325136e532cb24c2e617c | ||
212 | |||
213 | commit 624fd395b559820705171f460dd33d67743d13d6 | ||
214 | Author: djm@openbsd.org <djm@openbsd.org> | ||
215 | Date: Wed Feb 17 02:24:17 2016 +0000 | ||
216 | |||
217 | upstream commit | ||
218 | |||
219 | include bad $SSH_CONNECTION in failure output | ||
220 | |||
221 | Upstream-Regress-ID: b22d72edfde78c403aaec2b9c9753ef633cc0529 | ||
222 | |||
223 | commit 60d860e54b4f199e5e89963b1c086981309753cb | ||
224 | Author: Darren Tucker <dtucker@zip.com.au> | ||
225 | Date: Wed Feb 17 13:37:09 2016 +1100 | ||
226 | |||
227 | Rollback addition of va_start. | ||
228 | |||
229 | va_start was added in 0f754e29dd3760fc0b172c1220f18b753fb0957e, however | ||
230 | it has the wrong number of args and it's not usable in non-variadic | ||
231 | functions anyway so it breaks things (for example Solaris 2.6 as | ||
232 | reported by Tom G. Christensen).i ok djm@ | ||
233 | |||
234 | commit 2fee909c3cee2472a98b26eb82696297b81e0d38 | ||
235 | Author: Darren Tucker <dtucker@zip.com.au> | ||
236 | Date: Wed Feb 17 09:48:15 2016 +1100 | ||
237 | |||
238 | Look for gethostbyname in libresolv and libnsl. | ||
239 | |||
240 | Should fix build problem on Solaris 2.6 reported by Tom G. Christensen. | ||
241 | |||
242 | commit 5ac712d81a84396aab441a272ec429af5b738302 | ||
243 | Author: Damien Miller <djm@mindrot.org> | ||
244 | Date: Tue Feb 16 10:45:02 2016 +1100 | ||
245 | |||
246 | make existing ssh_malloc_init only for __OpenBSD__ | ||
247 | |||
248 | commit 24c9bded569d9f2449ded73f92fb6d12db7a9eec | ||
249 | Author: djm@openbsd.org <djm@openbsd.org> | ||
250 | Date: Mon Feb 15 23:32:37 2016 +0000 | ||
251 | |||
252 | upstream commit | ||
253 | |||
254 | memleak of algorithm name in mm_answer_sign; reported by | ||
255 | Jakub Jelen | ||
256 | |||
257 | Upstream-ID: ccd742cd25952240ebd23d7d4d6b605862584d08 | ||
258 | |||
259 | commit ffb1e7e896139a42ceb78676f637658f44612411 | ||
260 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
261 | Date: Mon Feb 15 09:47:49 2016 +0000 | ||
262 | |||
263 | upstream commit | ||
264 | |||
265 | Add a function to enable security-related malloc_options. | ||
266 | With and ok deraadt@, something similar has been in the snaps for a while. | ||
267 | |||
268 | Upstream-ID: 43a95523b832b7f3b943d2908662191110c380ed | ||
269 | |||
270 | commit ef39e8c0497ff0564990a4f9e8b7338b3ba3507c | ||
271 | Author: Damien Miller <djm@mindrot.org> | ||
272 | Date: Tue Feb 16 10:34:39 2016 +1100 | ||
273 | |||
274 | sync ssh-copy-id with upstream 783ef08b0a75 | ||
275 | |||
276 | commit d2d772f55b19bb0e8d03c2fe1b9bb176d9779efd | ||
277 | Author: djm@openbsd.org <djm@openbsd.org> | ||
278 | Date: Fri Feb 12 00:20:30 2016 +0000 | ||
279 | |||
280 | upstream commit | ||
281 | |||
282 | avoid fatal() for PKCS11 tokens that present empty key IDs | ||
283 | bz#1773, ok markus@ | ||
284 | |||
285 | Upstream-ID: 044a764fee526f2c4a9d530bd10695422d01fc54 | ||
286 | |||
287 | commit e4c918a6c721410792b287c9fd21356a1bed5805 | ||
288 | Author: djm@openbsd.org <djm@openbsd.org> | ||
289 | Date: Thu Feb 11 02:56:32 2016 +0000 | ||
290 | |||
291 | upstream commit | ||
292 | |||
293 | sync crypto algorithm lists in ssh_config(5) and | ||
294 | sshd_config(5) with current reality. bz#2527 | ||
295 | |||
296 | Upstream-ID: d7fd1b6c1ed848d866236bcb1d7049d2bb9b2ff6 | ||
297 | |||
298 | commit e30cabfa4ab456a30b3224f7f545f1bdfc4a2517 | ||
299 | Author: djm@openbsd.org <djm@openbsd.org> | ||
300 | Date: Thu Feb 11 02:21:34 2016 +0000 | ||
301 | |||
302 | upstream commit | ||
303 | |||
304 | fix regression in openssh-6.8 sftp client: existing | ||
305 | destination directories would incorrectly terminate recursive uploads; | ||
306 | bz#2528 | ||
307 | |||
308 | Upstream-ID: 3306be469f41f26758e3d447987ac6d662623e18 | ||
309 | |||
310 | commit 714e367226ded4dc3897078be48b961637350b05 | ||
311 | Author: djm@openbsd.org <djm@openbsd.org> | ||
312 | Date: Tue Feb 9 05:30:04 2016 +0000 | ||
313 | |||
314 | upstream commit | ||
315 | |||
316 | turn off more old crypto in the client: hmac-md5, ripemd, | ||
317 | truncated HMACs, RC4, blowfish. ok markus@ dtucker@ | ||
318 | |||
319 | Upstream-ID: 96aa11c2c082be45267a690c12f1d2aae6acd46e | ||
320 | |||
321 | commit 5a622844ff7f78dcb75e223399f9ef0977e8d0a3 | ||
322 | Author: djm@openbsd.org <djm@openbsd.org> | ||
323 | Date: Mon Feb 8 23:40:12 2016 +0000 | ||
324 | |||
325 | upstream commit | ||
326 | |||
327 | don't attempt to percent_expand() already-canonicalised | ||
328 | addresses, avoiding unnecessary failures when attempting to connect to scoped | ||
329 | IPv6 addresses (that naturally contain '%' characters) | ||
330 | |||
331 | Upstream-ID: f24569cffa1a7cbde5f08dc739a72f4d78aa5c6a | ||
332 | |||
333 | commit 19bcf2ea2d17413f2d9730dd2a19575ff86b9b6a | ||
334 | Author: djm@openbsd.org <djm@openbsd.org> | ||
335 | Date: Mon Feb 8 10:57:07 2016 +0000 | ||
336 | |||
337 | upstream commit | ||
338 | |||
339 | refactor activation of rekeying | ||
340 | |||
341 | This makes automatic rekeying internal to the packet code (previously | ||
342 | the server and client loops needed to assist). In doing to it makes | ||
343 | application of rekey limits more accurate by accounting for packets | ||
344 | about to be sent as well as packets queued during rekeying events | ||
345 | themselves. | ||
346 | |||
347 | Based on a patch from dtucker@ which was in turn based on a patch | ||
348 | Aleksander Adamowski in bz#2521; ok markus@ | ||
349 | |||
350 | Upstream-ID: a441227fd64f9739850ca97b4cf794202860fcd8 | ||
351 | |||
352 | commit 603ba41179e4b53951c7b90ee95b6ef3faa3f15d | ||
353 | Author: naddy@openbsd.org <naddy@openbsd.org> | ||
354 | Date: Fri Feb 5 13:28:19 2016 +0000 | ||
355 | |||
356 | upstream commit | ||
357 | |||
358 | Only check errno if read() has returned an error. EOF is | ||
359 | not an error. This fixes a problem where the mux master would sporadically | ||
360 | fail to notice that the client had exited. ok mikeb@ djm@ | ||
361 | |||
362 | Upstream-ID: 3c2dadc21fac6ef64665688aac8a75fffd57ae53 | ||
363 | |||
364 | commit 56d7dac790693ce420d225119283bc355cff9185 | ||
365 | Author: jsg@openbsd.org <jsg@openbsd.org> | ||
366 | Date: Fri Feb 5 04:31:21 2016 +0000 | ||
367 | |||
368 | upstream commit | ||
369 | |||
370 | avoid an uninitialised value when NumberOfPasswordPrompts | ||
371 | is 0 ok markus@ djm@ | ||
372 | |||
373 | Upstream-ID: 11b068d83c2865343aeb46acf1e9eec00f829b6b | ||
374 | |||
375 | commit deae7d52d59c5019c528f977360d87fdda15d20b | ||
376 | Author: djm@openbsd.org <djm@openbsd.org> | ||
377 | Date: Fri Feb 5 03:07:06 2016 +0000 | ||
378 | |||
379 | upstream commit | ||
380 | |||
381 | mention internal DH-GEX fallback groups; bz#2302 | ||
382 | |||
383 | Upstream-ID: e7b395fcca3122cd825515f45a2e41c9a157e09e | ||
384 | |||
385 | commit cac3b6665f884d46192c0dc98a64112e8b11a766 | ||
386 | Author: djm@openbsd.org <djm@openbsd.org> | ||
387 | Date: Fri Feb 5 02:37:56 2016 +0000 | ||
388 | |||
389 | upstream commit | ||
390 | |||
391 | better description for MaxSessions; bz#2531 | ||
392 | |||
393 | Upstream-ID: e2c0d74ee185cd1a3e9d4ca1f1b939b745b354da | ||
394 | |||
395 | commit 5ef4b0fdcc7a239577a754829b50022b91ab4712 | ||
396 | Author: Damien Miller <djm@mindrot.org> | ||
397 | Date: Wed Jan 27 17:45:56 2016 +1100 | ||
398 | |||
399 | avoid FreeBSD RCS Id in comment | ||
400 | |||
401 | Change old $FreeBSD version string in comment so it doesn't | ||
402 | become an RCS ident downstream; requested by des AT des.no | ||
403 | |||
404 | commit 696d12683c90d20a0a9c5f4275fc916b7011fb04 | ||
405 | Author: djm@openbsd.org <djm@openbsd.org> | ||
406 | Date: Thu Feb 4 23:43:48 2016 +0000 | ||
407 | |||
408 | upstream commit | ||
409 | |||
410 | printf argument casts to avoid warnings on strict | ||
411 | compilers | ||
412 | |||
413 | Upstream-ID: 7b9f6712cef01865ad29070262d366cf13587c9c | ||
414 | |||
415 | commit 5658ef2501e785fbbdf5de2dc33b1ff7a4dca73a | ||
416 | Author: millert@openbsd.org <millert@openbsd.org> | ||
417 | Date: Mon Feb 1 21:18:17 2016 +0000 | ||
418 | |||
419 | upstream commit | ||
420 | |||
421 | Avoid ugly "DISPLAY "(null)" invalid; disabling X11 | ||
422 | forwarding" message when DISPLAY is not set. This could also result in a | ||
423 | crash on systems with a printf that doesn't handle NULL. OK djm@ | ||
424 | |||
425 | Upstream-ID: 20ee0cfbda678a247264c20ed75362042b90b412 | ||
426 | |||
427 | commit 537f88ec7bcf40bd444ac5584c707c5588c55c43 | ||
428 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
429 | Date: Fri Jan 29 05:18:15 2016 +0000 | ||
430 | |||
431 | upstream commit | ||
432 | |||
433 | Add regression test for RekeyLimit parsing of >32bit values | ||
434 | (4G and 8G). | ||
435 | |||
436 | Upstream-Regress-ID: 548390350c62747b6234f522a99c319eee401328 | ||
437 | |||
438 | commit 4c6cb8330460f94e6c7ae28a364236d4188156a3 | ||
439 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
440 | Date: Fri Jan 29 23:04:46 2016 +0000 | ||
441 | |||
442 | upstream commit | ||
443 | |||
444 | Remove leftover roaming dead code. ok djm markus. | ||
445 | |||
446 | Upstream-ID: 13d1f9c8b65a5109756bcfd3b74df949d53615be | ||
447 | |||
448 | commit 28136471809806d6246ef41e4341467a39fe2f91 | ||
449 | Author: djm@openbsd.org <djm@openbsd.org> | ||
450 | Date: Fri Jan 29 05:46:01 2016 +0000 | ||
451 | |||
452 | upstream commit | ||
453 | |||
454 | include packet type of non-data packets in debug3 output; | ||
455 | ok markus dtucker | ||
456 | |||
457 | Upstream-ID: 034eaf639acc96459b9c5ce782db9fcd8bd02d41 | ||
458 | |||
459 | commit 6fd6e28daccafaa35f02741036abe64534c361a1 | ||
460 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
461 | Date: Fri Jan 29 03:31:03 2016 +0000 | ||
462 | |||
463 | upstream commit | ||
464 | |||
465 | Revert "account for packets buffered but not yet | ||
466 | processed" change as it breaks for very small RekeyLimit values due to | ||
467 | continuous rekeying. ok djm@ | ||
468 | |||
469 | Upstream-ID: 7e03f636cb45ab60db18850236ccf19079182a19 | ||
470 | |||
471 | commit 921ff00b0ac429666fb361d2d6cb1c8fff0006cb | ||
472 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
473 | Date: Fri Jan 29 02:54:45 2016 +0000 | ||
474 | |||
475 | upstream commit | ||
476 | |||
477 | Allow RekeyLimits in excess of 4G up to 2**63 bits | ||
478 | (limited by the return type of scan_scaled). Part of bz#2521, ok djm. | ||
479 | |||
480 | Upstream-ID: 13bea82be566b9704821b1ea05bf7804335c7979 | ||
481 | |||
482 | commit c0060a65296f01d4634f274eee184c0e93ba0f23 | ||
483 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
484 | Date: Fri Jan 29 02:42:46 2016 +0000 | ||
485 | |||
486 | upstream commit | ||
487 | |||
488 | Account for packets buffered but not yet processed when | ||
489 | computing whether or not it is time to perform rekeying. bz#2521, based | ||
490 | loosely on a patch from olo at fb.com, ok djm@ | ||
491 | |||
492 | Upstream-ID: 67e268b547f990ed220f3cb70a5624d9bda12b8c | ||
493 | |||
494 | commit 44cf930e670488c85c9efeb373fa5f4b455692ac | ||
495 | Author: djm@openbsd.org <djm@openbsd.org> | ||
496 | Date: Wed Jan 27 06:44:58 2016 +0000 | ||
497 | |||
498 | upstream commit | ||
499 | |||
500 | change old $FreeBSD version string in comment so it doesn't | ||
501 | become an RCS ident downstream; requested by des AT des.no | ||
502 | |||
503 | Upstream-ID: 8ca558c01f184e596b45e4fc8885534b2c864722 | ||
504 | |||
505 | commit ebacd377769ac07d1bf3c75169644336056b7060 | ||
506 | Author: djm@openbsd.org <djm@openbsd.org> | ||
507 | Date: Wed Jan 27 00:53:12 2016 +0000 | ||
508 | |||
509 | upstream commit | ||
510 | |||
511 | make the debug messages a bit more useful here | ||
512 | |||
513 | Upstream-ID: 478ccd4e897e0af8486b294aa63aa3f90ab78d64 | ||
514 | |||
515 | commit 458abc2934e82034c5c281336d8dc0f910aecad3 | ||
516 | Author: jsg@openbsd.org <jsg@openbsd.org> | ||
517 | Date: Sat Jan 23 05:31:35 2016 +0000 | ||
518 | |||
519 | upstream commit | ||
520 | |||
521 | Zero a stack buffer with explicit_bzero() instead of | ||
522 | memset() when returning from client_loop() for consistency with | ||
523 | buffer_free()/sshbuf_free(). | ||
524 | |||
525 | ok dtucker@ deraadt@ djm@ | ||
526 | |||
527 | Upstream-ID: bc9975b2095339811c3b954694d7d15ea5c58f66 | ||
528 | |||
529 | commit 65a3c0dacbc7dbb75ddb6a70ebe22d8de084d0b0 | ||
530 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
531 | Date: Wed Jan 20 09:22:39 2016 +0000 | ||
532 | |||
533 | upstream commit | ||
534 | |||
535 | Include sys/time.h for gettimeofday. From sortie at | ||
536 | maxsi.org. | ||
537 | |||
538 | Upstream-ID: 6ed0c33b836d9de0a664cd091e86523ecaa2fb3b | ||
539 | |||
540 | commit fc77ccdc2ce6d5d06628b8da5048a6a5f6ffca5a | ||
541 | Author: markus@openbsd.org <markus@openbsd.org> | ||
542 | Date: Thu Jan 14 22:56:56 2016 +0000 | ||
543 | |||
544 | upstream commit | ||
545 | |||
546 | fd leaks; report Qualys Security Advisory team; ok | ||
547 | deraadt@ | ||
548 | |||
549 | Upstream-ID: 4ec0f12b9d8fa202293c9effa115464185aa071d | ||
550 | |||
551 | commit a306863831c57ec5fad918687cc5d289ee8e2635 | ||
552 | Author: markus@openbsd.org <markus@openbsd.org> | ||
553 | Date: Thu Jan 14 16:17:39 2016 +0000 | ||
554 | |||
555 | upstream commit | ||
556 | |||
557 | remove roaming support; ok djm@ | ||
558 | |||
559 | Upstream-ID: 2cab8f4b197bc95776fb1c8dc2859dad0c64dc56 | ||
560 | |||
561 | commit 6ef49e83e30688504552ac10875feabd5521565f | ||
562 | Author: deraadt@openbsd.org <deraadt@openbsd.org> | ||
563 | Date: Thu Jan 14 14:34:34 2016 +0000 | ||
564 | |||
565 | upstream commit | ||
566 | |||
567 | Disable experimental client-side roaming support. Server | ||
568 | side was disabled/gutted for years already, but this aspect was surprisingly | ||
569 | forgotten. Thanks for report from Qualys | ||
570 | |||
571 | Upstream-ID: 2328004b58f431a554d4c1bf67f5407eae3389df | ||
572 | |||
573 | commit 8d7b523b96d3be180572d9d338cedaafc0570f60 | ||
2 | Author: Damien Miller <djm@mindrot.org> | 574 | Author: Damien Miller <djm@mindrot.org> |
3 | Date: Thu Jan 14 11:08:19 2016 +1100 | 575 | Date: Thu Jan 14 11:08:19 2016 +1100 |
4 | 576 | ||
5 | bump version numbers | 577 | bump version numbers |
6 | 578 | ||
7 | commit 302bc21e6fadacb04b665868cd69b625ef69df90 | 579 | commit 8c3d512a1fac8b9c83b4d0c9c3f2376290bd84ca |
8 | Author: Damien Miller <djm@mindrot.org> | 580 | Author: Damien Miller <djm@mindrot.org> |
9 | Date: Thu Jan 14 11:04:04 2016 +1100 | 581 | Date: Thu Jan 14 11:04:04 2016 +1100 |
10 | 582 | ||
11 | openssh-7.1p2 | 583 | openssh-7.1p2 |
12 | 584 | ||
13 | commit 6b33763242c063e4e0593877e835eeb1fd1b60aa | 585 | commit e6c85f8889c5c9eb04796fdb76d2807636b9eef5 |
14 | Author: Damien Miller <djm@mindrot.org> | 586 | Author: Damien Miller <djm@mindrot.org> |
15 | Date: Thu Jan 14 11:02:58 2016 +1100 | 587 | Date: Fri Jan 15 01:30:36 2016 +1100 |
16 | 588 | ||
17 | forcibly disable roaming support in the client | 589 | forcibly disable roaming support in the client |
18 | 590 | ||
19 | commit 34d364f0d2e1e30a444009f0e04299bb7c94ba13 | 591 | commit ed4ce82dbfa8a3a3c8ea6fa0db113c71e234416c |
592 | Author: djm@openbsd.org <djm@openbsd.org> | ||
593 | Date: Wed Jan 13 23:04:47 2016 +0000 | ||
594 | |||
595 | upstream commit | ||
596 | |||
597 | eliminate fallback from untrusted X11 forwarding to trusted | ||
598 | forwarding when the X server disables the SECURITY extension; Reported by | ||
599 | Thomas Hoger; ok deraadt@ | ||
600 | |||
601 | Upstream-ID: f76195bd2064615a63ef9674a0e4096b0713f938 | ||
602 | |||
603 | commit 9a728cc918fad67c8a9a71201088b1e150340ba4 | ||
604 | Author: djm@openbsd.org <djm@openbsd.org> | ||
605 | Date: Tue Jan 12 23:42:54 2016 +0000 | ||
606 | |||
607 | upstream commit | ||
608 | |||
609 | use explicit_bzero() more liberally in the buffer code; ok | ||
610 | deraadt | ||
611 | |||
612 | Upstream-ID: 0ece37069fd66bc6e4f55eb1321f93df372b65bf | ||
613 | |||
614 | commit 4626cbaf78767fc8e9c86dd04785386c59ae0839 | ||
615 | Author: Damien Miller <djm@mindrot.org> | ||
616 | Date: Fri Jan 8 14:24:56 2016 +1100 | ||
617 | |||
618 | Support Illumos/Solaris fine-grained privileges | ||
619 | |||
620 | Includes a pre-auth privsep sandbox and several pledge() | ||
621 | emulations. bz#2511, patch by Alex Wilson. | ||
622 | |||
623 | ok dtucker@ | ||
624 | |||
625 | commit 422d1b3ee977ff4c724b597fb2e437d38fc8de9d | ||
626 | Author: djm@openbsd.org <djm@openbsd.org> | ||
627 | Date: Thu Dec 31 00:33:52 2015 +0000 | ||
628 | |||
629 | upstream commit | ||
630 | |||
631 | fix three bugs in KRL code related to (unused) signature | ||
632 | support: verification length was being incorrectly calculated, multiple | ||
633 | signatures were being incorrectly processed and a NULL dereference that | ||
634 | occurred when signatures were verified. Reported by Carl Jackson | ||
635 | |||
636 | Upstream-ID: e705e97ad3ccce84291eaa651708dd1b9692576b | ||
637 | |||
638 | commit 6074c84bf95d00f29cc7d5d3cd3798737851aa1a | ||
639 | Author: djm@openbsd.org <djm@openbsd.org> | ||
640 | Date: Wed Dec 30 23:46:14 2015 +0000 | ||
641 | |||
642 | upstream commit | ||
643 | |||
644 | unused prototype | ||
645 | |||
646 | Upstream-ID: f3eef4389d53ed6c0d5c77dcdcca3060c745da97 | ||
647 | |||
648 | commit 6213f0e180e54122bb1ba928e11c784e2b4e5380 | ||
649 | Author: guenther@openbsd.org <guenther@openbsd.org> | ||
650 | Date: Sat Dec 26 20:51:35 2015 +0000 | ||
651 | |||
652 | upstream commit | ||
653 | |||
654 | Use pread/pwrite instead separate lseek+read/write for | ||
655 | lastlog. Cast to off_t before multiplication to avoid truncation on ILP32 | ||
656 | |||
657 | ok kettenis@ mmcc@ | ||
658 | |||
659 | Upstream-ID: fc40092568cd195719ddf1a00aa0742340d616cf | ||
660 | |||
661 | commit d7d2bc95045a43dd56ea696cc1d030ac9d77e81f | ||
662 | Author: semarie@openbsd.org <semarie@openbsd.org> | ||
663 | Date: Sat Dec 26 07:46:03 2015 +0000 | ||
664 | |||
665 | upstream commit | ||
666 | |||
667 | adjust pledge promises for ControlMaster: when using | ||
668 | "ask" or "autoask", the process will use ssh-askpass for asking confirmation. | ||
669 | |||
670 | problem found by halex@ | ||
671 | |||
672 | ok halex@ | ||
673 | |||
674 | Upstream-ID: 38a58b30ae3eef85051c74d3c247216ec0735f80 | ||
675 | |||
676 | commit 271df8185d9689b3fb0523f58514481b858f6843 | ||
677 | Author: djm@openbsd.org <djm@openbsd.org> | ||
678 | Date: Sun Dec 13 22:42:23 2015 +0000 | ||
679 | |||
680 | upstream commit | ||
681 | |||
682 | unbreak connections with peers that set | ||
683 | first_kex_follows; fix from Matt Johnston va bz#2515 | ||
684 | |||
685 | Upstream-ID: decc88ec4fc7515594fdb42b04aa03189a44184b | ||
686 | |||
687 | commit 43849a47c5f8687699eafbcb5604f6b9c395179f | ||
688 | Author: doug@openbsd.org <doug@openbsd.org> | ||
689 | Date: Fri Dec 11 17:41:37 2015 +0000 | ||
690 | |||
691 | upstream commit | ||
692 | |||
693 | Add "id" to ssh-agent pledge for subprocess support. | ||
694 | |||
695 | Found the hard way by Jan Johansson when using ssh-agent with X. Also, | ||
696 | rearranged proc/exec and retval to match other pledge calls in the tree. | ||
697 | |||
698 | ok djm@ | ||
699 | |||
700 | Upstream-ID: 914255f6850e5e7fa830a2de6c38605333b584db | ||
701 | |||
702 | commit 52d7078421844b2f88329f5be3de370b0a938636 | ||
703 | Author: mmcc@openbsd.org <mmcc@openbsd.org> | ||
704 | Date: Fri Dec 11 04:21:11 2015 +0000 | ||
705 | |||
706 | upstream commit | ||
707 | |||
708 | Remove NULL-checks before sshbuf_free(). | ||
709 | |||
710 | ok djm@ | ||
711 | |||
712 | Upstream-ID: 5ebed00ed5f9f03b119a345085e8774565466917 | ||
713 | |||
714 | commit a4b9e0f4e4a6980a0eb8072f76ea611cab5b77e7 | ||
715 | Author: djm@openbsd.org <djm@openbsd.org> | ||
716 | Date: Fri Dec 11 03:24:25 2015 +0000 | ||
717 | |||
718 | upstream commit | ||
719 | |||
720 | include remote port number in a few more messages; makes | ||
721 | tying log messages together into a session a bit easier; bz#2503 ok dtucker@ | ||
722 | |||
723 | Upstream-ID: 9300dc354015f7a7368d94a8ff4a4266a69d237e | ||
724 | |||
725 | commit 6091c362e89079397e68744ae30df121b0a72c07 | ||
726 | Author: djm@openbsd.org <djm@openbsd.org> | ||
727 | Date: Fri Dec 11 03:20:09 2015 +0000 | ||
728 | |||
729 | upstream commit | ||
730 | |||
731 | don't try to load SSHv1 private key when compiled without | ||
732 | SSHv1 support. From Iain Morgan bz#2505 | ||
733 | |||
734 | Upstream-ID: 8b8e7b02a448cf5e5635979df2d83028f58868a7 | ||
735 | |||
736 | commit cce6a36bb95e81fa8bfb46daf22eabcf13afc352 | ||
737 | Author: djm@openbsd.org <djm@openbsd.org> | ||
738 | Date: Fri Dec 11 03:19:09 2015 +0000 | ||
739 | |||
740 | upstream commit | ||
741 | |||
742 | use SSH_MAX_PUBKEY_BYTES consistently as buffer size when | ||
743 | reading key files. Increase it to match the size of the buffers already being | ||
744 | used. | ||
745 | |||
746 | Upstream-ID: 1b60586b484b55a947d99a0b32bd25e0ced56fae | ||
747 | |||
748 | commit 89540b6de025b80404a0cb8418c06377f3f98848 | ||
749 | Author: mmcc@openbsd.org <mmcc@openbsd.org> | ||
750 | Date: Fri Dec 11 02:31:47 2015 +0000 | ||
751 | |||
752 | upstream commit | ||
753 | |||
754 | Remove NULL-checks before sshkey_free(). | ||
755 | |||
756 | ok djm@ | ||
757 | |||
758 | Upstream-ID: 3e35afe8a25e021216696b5d6cde7f5d2e5e3f52 | ||
759 | |||
760 | commit 79394ed6d74572c2d2643d73937dad33727fc240 | ||
761 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
762 | Date: Fri Dec 11 02:29:03 2015 +0000 | ||
763 | |||
764 | upstream commit | ||
765 | |||
766 | fflush stdout so that output is seen even when running in | ||
767 | debug mode when output may otherwise not be flushed. Patch from dustin at | ||
768 | null-ptr.net. | ||
769 | |||
770 | Upstream-ID: b0c6b4cd2cdb01d7e9eefbffdc522e35b5bc4acc | ||
771 | |||
772 | commit ee607cccb6636eb543282ba90e0677b0604d8b7a | ||
773 | Author: Darren Tucker <dtucker@zip.com.au> | ||
774 | Date: Tue Dec 15 15:23:49 2015 +1100 | ||
775 | |||
776 | Increase robustness of redhat/openssh.spec | ||
777 | |||
778 | - remove configure --with-rsh, because this option isn't supported anymore | ||
779 | - replace last occurrence of BuildPreReq by BuildRequires | ||
780 | - update grep statement to query the krb5 include directory | ||
781 | |||
782 | Patch from CarstenGrohmann via github, ok djm. | ||
783 | |||
784 | commit b5fa0cd73555b991a543145603658d7088ec6b60 | ||
785 | Author: Darren Tucker <dtucker@zip.com.au> | ||
786 | Date: Tue Dec 15 15:10:32 2015 +1100 | ||
787 | |||
788 | Allow --without-ssl-engine with --without-openssl | ||
789 | |||
790 | Patch from Mike Frysinger via github. | ||
791 | |||
792 | commit c1d7e546f6029024f3257cc25c92f2bddf163125 | ||
793 | Author: Darren Tucker <dtucker@zip.com.au> | ||
794 | Date: Tue Dec 15 14:27:09 2015 +1100 | ||
795 | |||
796 | Include openssl crypto.h for SSLeay. | ||
797 | |||
798 | Patch from doughdemon via github. | ||
799 | |||
800 | commit c6f5f01651526e88c00d988ce59d71f481ebac62 | ||
801 | Author: Darren Tucker <dtucker@zip.com.au> | ||
802 | Date: Tue Dec 15 13:59:12 2015 +1100 | ||
803 | |||
804 | Add sys/time.h for gettimeofday. | ||
805 | |||
806 | Should allow it it compile with MUSL libc. Based on patch from | ||
807 | doughdemon via github. | ||
808 | |||
809 | commit 39736be06c7498ef57d6970f2d85cf066ae57c82 | ||
810 | Author: djm@openbsd.org <djm@openbsd.org> | ||
811 | Date: Fri Dec 11 02:20:28 2015 +0000 | ||
812 | |||
813 | upstream commit | ||
814 | |||
815 | correct error messages; from Tomas Kuthan bz#2507 | ||
816 | |||
817 | Upstream-ID: 7454a0affeab772398052954c79300aa82077093 | ||
818 | |||
819 | commit 94141b7ade24afceeb6762a3f99e09e47a6c42b6 | ||
820 | Author: mmcc@openbsd.org <mmcc@openbsd.org> | ||
821 | Date: Fri Dec 11 00:20:04 2015 +0000 | ||
822 | |||
823 | upstream commit | ||
824 | |||
825 | Pass (char *)NULL rather than (char *)0 to execl and | ||
826 | execlp. | ||
827 | |||
828 | ok dtucker@ | ||
829 | |||
830 | Upstream-ID: 56c955106cbddba86c3dd9bbf786ac0d1b361492 | ||
831 | |||
832 | commit d59ce08811bf94111c2f442184cf7d1257ffae24 | ||
833 | Author: mmcc@openbsd.org <mmcc@openbsd.org> | ||
834 | Date: Thu Dec 10 17:08:40 2015 +0000 | ||
835 | |||
836 | upstream commit | ||
837 | |||
838 | Remove NULL-checks before free(). | ||
839 | |||
840 | ok dtucker@ | ||
841 | |||
842 | Upstream-ID: e3d3cb1ce900179906af36517b5eea0fb15e6ef8 | ||
843 | |||
844 | commit 8e56dd46cb37879c73bce2d6032cf5e7f82d5a71 | ||
845 | Author: mmcc@openbsd.org <mmcc@openbsd.org> | ||
846 | Date: Thu Dec 10 07:01:35 2015 +0000 | ||
847 | |||
848 | upstream commit | ||
849 | |||
850 | Fix a couple "the the" typos. ok dtucker@ | ||
851 | |||
852 | Upstream-ID: ec364c5af32031f013001fd28d1bd3dfacfe9a72 | ||
853 | |||
854 | commit 6262a0522ddc2c0f2e9358dcb68d59b46e9c533e | ||
855 | Author: markus@openbsd.org <markus@openbsd.org> | ||
856 | Date: Mon Dec 7 20:04:09 2015 +0000 | ||
857 | |||
858 | upstream commit | ||
859 | |||
860 | stricter encoding type checks for ssh-rsa; ok djm@ | ||
861 | |||
862 | Upstream-ID: 8cca7c787599a5e8391e184d0b4f36fdc3665650 | ||
863 | |||
864 | commit d86a3ba7af160c13496102aed861ae48a4297072 | ||
865 | Author: Damien Miller <djm@mindrot.org> | ||
866 | Date: Wed Dec 9 09:18:45 2015 +1100 | ||
867 | |||
868 | Don't set IPV6_V6ONLY on OpenBSD | ||
869 | |||
870 | It isn't necessary and runs afoul of pledge(2) restrictions. | ||
871 | |||
872 | commit da98c11d03d819a15429d8fff9688acd7505439f | ||
873 | Author: djm@openbsd.org <djm@openbsd.org> | ||
874 | Date: Mon Dec 7 02:20:46 2015 +0000 | ||
875 | |||
876 | upstream commit | ||
877 | |||
878 | basic unit tests for rsa-sha2-* signature types | ||
879 | |||
880 | Upstream-Regress-ID: 7dc4b9db809d578ff104d591b4d86560c3598d3c | ||
881 | |||
882 | commit 3da893fdec9936dd2c23739cdb3c0c9d4c59fca0 | ||
883 | Author: markus@openbsd.org <markus@openbsd.org> | ||
884 | Date: Sat Dec 5 20:53:21 2015 +0000 | ||
885 | |||
886 | upstream commit | ||
887 | |||
888 | prefer rsa-sha2-512 over -256 for hostkeys, too; noticed | ||
889 | by naddy@ | ||
890 | |||
891 | Upstream-ID: 685f55f7ec566a8caca587750672723a0faf3ffe | ||
892 | |||
893 | commit 8b56e59714d87181505e4678f0d6d39955caf10e | ||
894 | Author: tobias@openbsd.org <tobias@openbsd.org> | ||
895 | Date: Fri Dec 4 21:51:06 2015 +0000 | ||
896 | |||
897 | upstream commit | ||
898 | |||
899 | Properly handle invalid %-format by calling fatal. | ||
900 | |||
901 | ok deraadt, djm | ||
902 | |||
903 | Upstream-ID: 5692bce7d9f6eaa9c488cb93d3b55e758bef1eac | ||
904 | |||
905 | commit 76c9fbbe35aabc1db977fb78e827644345e9442e | ||
906 | Author: markus@openbsd.org <markus@openbsd.org> | ||
907 | Date: Fri Dec 4 16:41:28 2015 +0000 | ||
908 | |||
909 | upstream commit | ||
910 | |||
911 | implement SHA2-{256,512} for RSASSA-PKCS1-v1_5 signatures | ||
912 | (user and host auth) based on draft-rsa-dsa-sha2-256-03.txt and | ||
913 | draft-ssh-ext-info-04.txt; with & ok djm@ | ||
914 | |||
915 | Upstream-ID: cf82ce532b2733e5c4b34bb7b7c94835632db309 | ||
916 | |||
917 | commit 6064a8b8295cb5a17b5ebcfade53053377714f40 | ||
918 | Author: djm@openbsd.org <djm@openbsd.org> | ||
919 | Date: Fri Dec 4 00:24:55 2015 +0000 | ||
920 | |||
921 | upstream commit | ||
922 | |||
923 | clean up agent_fd handling; properly initialise it to -1 | ||
924 | and make tests consistent | ||
925 | |||
926 | ok markus@ | ||
927 | |||
928 | Upstream-ID: ac9554323d5065745caf17b5e37cb0f0d4825707 | ||
929 | |||
930 | commit b91926a97620f3e51761c271ba57aa5db790f48d | ||
931 | Author: semarie@openbsd.org <semarie@openbsd.org> | ||
932 | Date: Thu Dec 3 17:00:18 2015 +0000 | ||
933 | |||
934 | upstream commit | ||
935 | |||
936 | pledges ssh client: - mux client: which is used when | ||
937 | ControlMaster is in use. will end with "stdio proc tty" (proc is to | ||
938 | permit sending SIGWINCH to mux master on window resize) | ||
939 | |||
940 | - client loop: several levels of pledging depending of your used options | ||
941 | |||
942 | ok deraadt@ | ||
943 | |||
944 | Upstream-ID: 21676155a700e51f2ce911e33538e92a2cd1d94b | ||
945 | |||
946 | commit bcce47466bbc974636f588b5e4a9a18ae386f64a | ||
947 | Author: doug@openbsd.org <doug@openbsd.org> | ||
948 | Date: Wed Dec 2 08:30:50 2015 +0000 | ||
949 | |||
950 | upstream commit | ||
951 | |||
952 | Add "cpath" to the ssh-agent pledge so the cleanup | ||
953 | handler can unlink(). | ||
954 | |||
955 | ok djm@ | ||
956 | |||
957 | Upstream-ID: 9e632991d48241d56db645602d381253a3d8c29d | ||
958 | |||
959 | commit a90d001543f46716b6590c6dcc681d5f5322f8cf | ||
960 | Author: djm@openbsd.org <djm@openbsd.org> | ||
961 | Date: Wed Dec 2 08:00:58 2015 +0000 | ||
962 | |||
963 | upstream commit | ||
964 | |||
965 | ssh-agent pledge needs proc for askpass; spotted by todd@ | ||
966 | |||
967 | Upstream-ID: 349aa261b29cc0e7de47ef56167769c432630b2a | ||
968 | |||
969 | commit d952162b3c158a8f23220587bb6c8fcda75da551 | ||
970 | Author: djm@openbsd.org <djm@openbsd.org> | ||
971 | Date: Tue Dec 1 23:29:24 2015 +0000 | ||
972 | |||
973 | upstream commit | ||
974 | |||
975 | basic pledge() for ssh-agent, more refinement needed | ||
976 | |||
977 | Upstream-ID: 5b5b03c88162fce549e45e1b6dd833f20bbb5e13 | ||
978 | |||
979 | commit f0191d7c8e76e30551084b79341886d9bb38e453 | ||
980 | Author: Damien Miller <djm@mindrot.org> | ||
981 | Date: Mon Nov 30 10:53:25 2015 +1100 | ||
982 | |||
983 | Revert "stub for pledge(2) for systems that lack it" | ||
984 | |||
985 | This reverts commit 14c887c8393adde2d9fd437d498be30f8c98535c. | ||
986 | |||
987 | dtucker beat me to it :/ | ||
988 | |||
989 | commit 6283cc72eb0e49a3470d30e07ca99a1ba9e89676 | ||
990 | Author: Damien Miller <djm@mindrot.org> | ||
991 | Date: Mon Nov 30 10:37:03 2015 +1100 | ||
992 | |||
993 | revert 7d4c7513: bring back S/Key prototypes | ||
994 | |||
995 | (but leave RCSID changes) | ||
996 | |||
997 | commit 14c887c8393adde2d9fd437d498be30f8c98535c | ||
998 | Author: Damien Miller <djm@mindrot.org> | ||
999 | Date: Mon Nov 30 09:45:29 2015 +1100 | ||
1000 | |||
1001 | stub for pledge(2) for systems that lack it | ||
1002 | |||
1003 | commit 452c0b6af5d14c37553e30059bf74456012493f3 | ||
1004 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1005 | Date: Sun Nov 29 22:18:37 2015 +0000 | ||
1006 | |||
1007 | upstream commit | ||
1008 | |||
1009 | pledge, better fatal() messages; feedback deraadt@ | ||
1010 | |||
1011 | Upstream-ID: 3e00f6ccfe2b9a7a2d1dbba5409586180801488f | ||
1012 | |||
1013 | commit 6da413c085dba37127687b2617a415602505729b | ||
1014 | Author: deraadt@openbsd.org <deraadt@openbsd.org> | ||
1015 | Date: Sat Nov 28 06:50:52 2015 +0000 | ||
1016 | |||
1017 | upstream commit | ||
1018 | |||
1019 | do not leak temp file if there is no known_hosts file | ||
1020 | from craig leres, ok djm | ||
1021 | |||
1022 | Upstream-ID: c820497fd5574844c782e79405c55860f170e426 | ||
1023 | |||
1024 | commit 3ddd15e1b63a4d4f06c8ab16fbdd8a5a61764f16 | ||
1025 | Author: Darren Tucker <dtucker@zip.com.au> | ||
1026 | Date: Mon Nov 30 07:23:53 2015 +1100 | ||
1027 | |||
1028 | Add a null implementation of pledge. | ||
1029 | |||
1030 | Fixes builds on almost everything. | ||
1031 | |||
1032 | commit b1d6b3971ef256a08692efc409fc9ada719111cc | ||
1033 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1034 | Date: Sat Nov 28 06:41:03 2015 +0000 | ||
1035 | |||
1036 | upstream commit | ||
1037 | |||
1038 | don't include port number in tcpip-forward replies for | ||
1039 | requests that don't allocate a port; bz#2509 diagnosed by Ron Frederick ok | ||
1040 | markus | ||
1041 | |||
1042 | Upstream-ID: 77efad818addb61ec638b5a2362f1554e21a970a | ||
1043 | |||
1044 | commit 9080bd0b9cf10d0f13b1f642f20cb84285cb8d65 | ||
1045 | Author: deraadt@openbsd.org <deraadt@openbsd.org> | ||
1046 | Date: Fri Nov 27 00:49:31 2015 +0000 | ||
1047 | |||
1048 | upstream commit | ||
1049 | |||
1050 | pledge "stdio rpath wpath cpath fattr tty proc exec" | ||
1051 | except for the -p option (which sadly has insane semantics...) ok semarie | ||
1052 | dtucker | ||
1053 | |||
1054 | Upstream-ID: 8854bbd58279abe00f6c33f8094bdc02c8c65059 | ||
1055 | |||
1056 | commit 4d90625b229cf6b3551d81550a9861897509a65f | ||
1057 | Author: halex@openbsd.org <halex@openbsd.org> | ||
1058 | Date: Fri Nov 20 23:04:01 2015 +0000 | ||
1059 | |||
1060 | upstream commit | ||
1061 | |||
1062 | allow comment change for all supported formats | ||
1063 | |||
1064 | ok djm@ | ||
1065 | |||
1066 | Upstream-ID: 5fc477cf2f119b2d44aa9c683af16cb00bb3744b | ||
1067 | |||
1068 | commit 8ca915fc761519dd1f7766a550ec597a81db5646 | ||
1069 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1070 | Date: Fri Nov 20 01:45:29 2015 +0000 | ||
1071 | |||
1072 | upstream commit | ||
1073 | |||
1074 | add cast to make -Werror clean | ||
1075 | |||
1076 | Upstream-ID: 288db4f8f810bd475be01320c198250a04ff064d | ||
1077 | |||
1078 | commit ac9473580dcd401f8281305af98635cdaae9bf96 | ||
1079 | Author: Damien Miller <djm@mindrot.org> | ||
1080 | Date: Fri Nov 20 12:35:41 2015 +1100 | ||
1081 | |||
1082 | fix multiple authentication using S/Key w/ privsep | ||
1083 | |||
1084 | bz#2502, patch from Kevin Korb and feandil_ | ||
1085 | |||
1086 | commit 88b6fcdeb87a2fb76767854d9eb15006662dca57 | ||
1087 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1088 | Date: Thu Nov 19 08:23:27 2015 +0000 | ||
1089 | |||
1090 | upstream commit | ||
1091 | |||
1092 | ban ConnectionAttempts=0, it makes no sense and would cause | ||
1093 | ssh_connect_direct() to print an uninitialised stack variable; bz#2500 | ||
1094 | reported by dvw AT phas.ubc.ca | ||
1095 | |||
1096 | Upstream-ID: 32b5134c608270583a90b93a07b3feb3cbd5f7d5 | ||
1097 | |||
1098 | commit 964ab3ee7a8f96bdbc963d5b5a91933d6045ebe7 | ||
1099 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1100 | Date: Thu Nov 19 01:12:32 2015 +0000 | ||
1101 | |||
1102 | upstream commit | ||
1103 | |||
1104 | trailing whitespace | ||
1105 | |||
1106 | Upstream-ID: 31fe0ad7c4d08e87f1d69c79372f5e3c5cd79051 | ||
1107 | |||
1108 | commit f96516d052dbe38561f6b92b0e4365d8e24bb686 | ||
1109 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1110 | Date: Thu Nov 19 01:09:38 2015 +0000 | ||
1111 | |||
1112 | upstream commit | ||
1113 | |||
1114 | print host certificate contents at debug level | ||
1115 | |||
1116 | Upstream-ID: 39354cdd8a2b32b308fd03f98645f877f540f00d | ||
1117 | |||
1118 | commit 499cf36fecd6040e30e2912dd25655bc574739a7 | ||
1119 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1120 | Date: Thu Nov 19 01:08:55 2015 +0000 | ||
1121 | |||
1122 | upstream commit | ||
1123 | |||
1124 | move the certificate validity formatting code to | ||
1125 | sshkey.[ch] | ||
1126 | |||
1127 | Upstream-ID: f05f7c78fab20d02ff1d5ceeda533ef52e8fe523 | ||
1128 | |||
1129 | commit bcb7bc77bbb1535d1008c7714085556f3065d99d | ||
1130 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1131 | Date: Wed Nov 18 08:37:28 2015 +0000 | ||
1132 | |||
1133 | upstream commit | ||
1134 | |||
1135 | fix "ssh-keygen -l" of private key, broken in support for | ||
1136 | multiple plain keys on stdin | ||
1137 | |||
1138 | Upstream-ID: 6b3132d2c62d03d0bad6f2bcd7e2d8b7dab5cd9d | ||
1139 | |||
1140 | commit 259adb6179e23195c8f6913635ea71040d1ccd63 | ||
1141 | Author: millert@openbsd.org <millert@openbsd.org> | ||
1142 | Date: Mon Nov 16 23:47:52 2015 +0000 | ||
1143 | |||
1144 | upstream commit | ||
1145 | |||
1146 | Replace remaining calls to index(3) with strchr(3). OK | ||
1147 | jca@ krw@ | ||
1148 | |||
1149 | Upstream-ID: 33837d767a0cf1db1489b96055f9e330bc0bab6d | ||
1150 | |||
1151 | commit c56a255162c2166884539c0a1f7511575325b477 | ||
1152 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1153 | Date: Mon Nov 16 22:53:07 2015 +0000 | ||
1154 | |||
1155 | upstream commit | ||
1156 | |||
1157 | Allow fingerprinting from standard input "ssh-keygen -lf | ||
1158 | -" | ||
1159 | |||
1160 | Support fingerprinting multiple plain keys in a file and authorized_keys | ||
1161 | files too (bz#1319) | ||
1162 | |||
1163 | ok markus@ | ||
1164 | |||
1165 | Upstream-ID: 903f8b4502929d6ccf53509e4e07eae084574b77 | ||
1166 | |||
1167 | commit 5b4010d9b923cf1b46c9c7b1887c013c2967e204 | ||
1168 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1169 | Date: Mon Nov 16 22:51:05 2015 +0000 | ||
1170 | |||
1171 | upstream commit | ||
1172 | |||
1173 | always call privsep_preauth_child() regardless of whether | ||
1174 | sshd was started by root; it does important priming before sandboxing and | ||
1175 | failing to call it could result in sandbox violations later; ok markus@ | ||
1176 | |||
1177 | Upstream-ID: c8a6d0d56c42f3faab38460dc917ca0d1705d383 | ||
1178 | |||
1179 | commit 3a9f84b58b0534bbb485f1eeab75665e2d03371f | ||
1180 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1181 | Date: Mon Nov 16 22:50:01 2015 +0000 | ||
1182 | |||
1183 | upstream commit | ||
1184 | |||
1185 | improve sshkey_read() semantics; only update *cpp when a | ||
1186 | key is successfully read; ok markus@ | ||
1187 | |||
1188 | Upstream-ID: f371e78e8f4fab366cf69a42bdecedaed5d1b089 | ||
1189 | |||
1190 | commit db6f8dc5dd5655b59368efd074994d4568bc3556 | ||
1191 | Author: logan@openbsd.org <logan@openbsd.org> | ||
1192 | Date: Mon Nov 16 06:13:04 2015 +0000 | ||
1193 | |||
1194 | upstream commit | ||
1195 | |||
1196 | 1) Use xcalloc() instead of xmalloc() to check for | ||
1197 | potential overflow. (Feedback from both mmcc@ and djm@) 2) move set_size | ||
1198 | just before the for loop. (suggested by djm@) | ||
1199 | |||
1200 | OK djm@ | ||
1201 | |||
1202 | Upstream-ID: 013534c308187284756c3141f11d2c0f33c47213 | ||
1203 | |||
1204 | commit 383f10fb84a0fee3c01f9d97594f3e22aa3cd5e0 | ||
1205 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1206 | Date: Mon Nov 16 00:30:02 2015 +0000 | ||
1207 | |||
1208 | upstream commit | ||
1209 | |||
1210 | Add a new authorized_keys option "restrict" that | ||
1211 | includes all current and future key restrictions (no-*-forwarding, etc). Also | ||
1212 | add permissive versions of the existing restrictions, e.g. "no-pty" -> "pty". | ||
1213 | This simplifies the task of setting up restricted keys and ensures they are | ||
1214 | maximally-restricted, regardless of any permissions we might implement in the | ||
1215 | future. | ||
1216 | |||
1217 | Example: | ||
1218 | |||
1219 | restrict,pty,command="nethack" ssh-ed25519 AAAAC3NzaC1lZDI1... | ||
1220 | |||
1221 | Idea from Jann Horn; ok markus@ | ||
1222 | |||
1223 | Upstream-ID: 04ceb9d448e46e67e13887a7ae5ea45b4f1719d0 | ||
1224 | |||
1225 | commit e41a071f7bda6af1fb3f081bed0151235fa61f15 | ||
1226 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
1227 | Date: Sun Nov 15 23:58:04 2015 +0000 | ||
1228 | |||
1229 | upstream commit | ||
1230 | |||
1231 | correct section number for ssh-agent; | ||
1232 | |||
1233 | Upstream-ID: 44be72fd8bcc167635c49b357b1beea8d5674bd6 | ||
1234 | |||
1235 | commit 1a11670286acddcc19f5eff0966c380831fc4638 | ||
1236 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
1237 | Date: Sun Nov 15 23:54:15 2015 +0000 | ||
1238 | |||
1239 | upstream commit | ||
1240 | |||
1241 | do not confuse mandoc by presenting "Dd"; | ||
1242 | |||
1243 | Upstream-ID: 1470fce171c47b60bbc7ecd0fc717a442c2cfe65 | ||
1244 | |||
1245 | commit f361df474c49a097bfcf16d1b7b5c36fcd844b4b | ||
1246 | Author: jcs@openbsd.org <jcs@openbsd.org> | ||
1247 | Date: Sun Nov 15 22:26:49 2015 +0000 | ||
1248 | |||
1249 | upstream commit | ||
1250 | |||
1251 | Add an AddKeysToAgent client option which can be set to | ||
1252 | 'yes', 'no', 'ask', or 'confirm', and defaults to 'no'. When enabled, a | ||
1253 | private key that is used during authentication will be added to ssh-agent if | ||
1254 | it is running (with confirmation enabled if set to 'confirm'). | ||
1255 | |||
1256 | Initial version from Joachim Schipper many years ago. | ||
1257 | |||
1258 | ok markus@ | ||
1259 | |||
1260 | Upstream-ID: a680db2248e8064ec55f8be72d539458c987d5f4 | ||
1261 | |||
1262 | commit d87063d9baf5479b6e813d47dfb694a97df6f6f5 | ||
1263 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1264 | Date: Fri Nov 13 04:39:35 2015 +0000 | ||
1265 | |||
1266 | upstream commit | ||
1267 | |||
1268 | send SSH2_MSG_UNIMPLEMENTED replies to unexpected | ||
1269 | messages during KEX; bz#2949, ok dtucker@ | ||
1270 | |||
1271 | Upstream-ID: 2b3abdff344d53c8d505f45c83a7b12e84935786 | ||
1272 | |||
1273 | commit 9fd04681a1e9b0af21e08ff82eb674cf0a499bfc | ||
1274 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1275 | Date: Fri Nov 13 04:38:06 2015 +0000 | ||
1276 | |||
1277 | upstream commit | ||
1278 | |||
1279 | Support "none" as an argument for sshd_config | ||
1280 | ForceCommand and ChrootDirectory. Useful inside Match blocks to override a | ||
1281 | global default. bz#2486 ok dtucker@ | ||
1282 | |||
1283 | Upstream-ID: 7ef478d6592bc7db5c7376fc33b4443e63dccfa5 | ||
1284 | |||
1285 | commit 94bc0b72c29e511cbbc5772190d43282e5acfdfe | ||
1286 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1287 | Date: Fri Nov 13 04:34:15 2015 +0000 | ||
1288 | |||
1289 | upstream commit | ||
1290 | |||
1291 | support multiple certificates (one per line) and | ||
1292 | reading from standard input (using "-f -") for "ssh-keygen -L"; ok dtucker@ | ||
1293 | |||
1294 | Upstream-ID: ecbadeeef3926e5be6281689b7250a32a80e88db | ||
1295 | |||
1296 | commit b6b9108f5b561c83612cb97ece4134eb59fde071 | ||
1297 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1298 | Date: Fri Nov 13 02:57:46 2015 +0000 | ||
1299 | |||
1300 | upstream commit | ||
1301 | |||
1302 | list a couple more options usable in Match blocks; | ||
1303 | bz#2489 | ||
1304 | |||
1305 | Upstream-ID: e4d03f39d254db4c0cc54101921bb89fbda19879 | ||
1306 | |||
1307 | commit a7994b3f5a5a5a33b52b0a6065d08e888f0a99fb | ||
1308 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1309 | Date: Wed Nov 11 04:56:39 2015 +0000 | ||
1310 | |||
1311 | upstream commit | ||
1312 | |||
1313 | improve PEEK/POKE macros: better casts, don't multiply | ||
1314 | evaluate arguments; ok deraadt@ | ||
1315 | |||
1316 | Upstream-ID: 9a1889e19647615ededbbabab89064843ba92d3e | ||
1317 | |||
1318 | commit 7d4c7513a7f209cb303a608ac6e46b3f1dfc11ec | ||
1319 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1320 | Date: Wed Nov 11 01:48:01 2015 +0000 | ||
1321 | |||
1322 | upstream commit | ||
1323 | |||
1324 | remove prototypes for long-gone s/key support; ok | ||
1325 | dtucker@ | ||
1326 | |||
1327 | Upstream-ID: db5bed3c57118af986490ab23d399df807359a79 | ||
1328 | |||
1329 | commit 07889c75926c040b8e095949c724e66af26441cb | ||
1330 | Author: Damien Miller <djm@mindrot.org> | ||
1331 | Date: Sat Nov 14 18:44:49 2015 +1100 | ||
1332 | |||
1333 | read back from libcrypto RAND when privdropping | ||
1334 | |||
1335 | makes certain libcrypto implementations cache a /dev/urandom fd | ||
1336 | in preparation of sandboxing. Based on patch by Greg Hartman. | ||
1337 | |||
1338 | commit 1560596f44c01bb0cef977816410950ed17b8ecd | ||
1339 | Author: Darren Tucker <dtucker@zip.com.au> | ||
1340 | Date: Tue Nov 10 11:14:47 2015 +1100 | ||
1341 | |||
1342 | Fix compiler warnings in the openssl header check. | ||
1343 | |||
1344 | Noted by Austin English. | ||
1345 | |||
1346 | commit e72a8575ffe1d8adff42c9abe9ca36938acc036b | ||
1347 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
1348 | Date: Sun Nov 8 23:24:03 2015 +0000 | ||
1349 | |||
1350 | upstream commit | ||
1351 | |||
1352 | -c before -H, in SYNOPSIS and usage(); | ||
1353 | |||
1354 | Upstream-ID: 25e8c58a69e1f37fcd54ac2cd1699370acb5e404 | ||
1355 | |||
1356 | commit 3a424cdd21db08c7b0ded902f97b8f02af5aa485 | ||
1357 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1358 | Date: Sun Nov 8 22:30:20 2015 +0000 | ||
1359 | |||
1360 | upstream commit | ||
1361 | |||
1362 | Add "ssh-keyscan -c ..." flag to allow fetching | ||
1363 | certificates instead of plain keys; ok markus@ | ||
1364 | |||
1365 | Upstream-ID: 0947e2177dba92339eced9e49d3c5bf7dda69f82 | ||
1366 | |||
1367 | commit 69fead5d7cdaa73bdece9fcba80f8e8e70b90346 | ||
1368 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
1369 | Date: Sun Nov 8 22:08:38 2015 +0000 | ||
1370 | |||
1371 | upstream commit | ||
1372 | |||
1373 | remove slogin links; ok deraadt markus djm | ||
1374 | |||
1375 | Upstream-ID: 39ba08548acde4c54f2d4520c202c2a863a3c730 | ||
1376 | |||
1377 | commit 2fecfd486bdba9f51b3a789277bb0733ca36e1c0 | ||
1378 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1379 | Date: Sun Nov 8 21:59:11 2015 +0000 | ||
1380 | |||
1381 | upstream commit | ||
1382 | |||
1383 | fix OOB read in packet code caused by missing return | ||
1384 | statement found by Ben Hawkes; ok markus@ deraadt@ | ||
1385 | |||
1386 | Upstream-ID: a3e3a85434ebfa0690d4879091959591f30efc62 | ||
1387 | |||
1388 | commit 5e288923a303ca672b686908320bc5368ebec6e6 | ||
1389 | Author: mmcc@openbsd.org <mmcc@openbsd.org> | ||
1390 | Date: Fri Nov 6 00:31:41 2015 +0000 | ||
1391 | |||
1392 | upstream commit | ||
1393 | |||
1394 | 1. rlogin and rsh are long gone 2. protocol version isn't | ||
1395 | of core relevance here, and v1 is going away | ||
1396 | |||
1397 | ok markus@, deraadt@ | ||
1398 | |||
1399 | Upstream-ID: 8b46bc94cf1ca7c8c1a75b1c958b2bb38d7579c8 | ||
1400 | |||
1401 | commit 8b29008bbe97f33381d9b4b93fcfa304168d0286 | ||
1402 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
1403 | Date: Thu Nov 5 09:48:05 2015 +0000 | ||
1404 | |||
1405 | upstream commit | ||
1406 | |||
1407 | "commandline" -> "command line", since there are so few | ||
1408 | examples of the former in the pages, so many of the latter, and in some of | ||
1409 | these pages we had multiple spellings; | ||
1410 | |||
1411 | prompted by tj | ||
1412 | |||
1413 | Upstream-ID: 78459d59bff74223f8139d9001ccd56fc4310659 | ||
1414 | |||
1415 | commit 996b24cebf20077fbe5db07b3a2c20c2d9db736e | ||
1416 | Author: Darren Tucker <dtucker@zip.com.au> | ||
1417 | Date: Thu Oct 29 20:57:34 2015 +1100 | ||
1418 | |||
1419 | (re)wrap SYS_sendsyslog in ifdef. | ||
1420 | |||
1421 | Replace ifdef that went missing in commit | ||
1422 | c61b42f2678f21f05653ac2d3d241b48ab5d59ac. Fixes build on older | ||
1423 | OpenBSDs. | ||
1424 | |||
1425 | commit b67e2e76fcf1ae7c802eb27ca927e16c91a513ff | ||
1426 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1427 | Date: Thu Oct 29 08:05:17 2015 +0000 | ||
1428 | |||
1429 | upstream commit | ||
1430 | |||
1431 | regress test for "PubkeyAcceptedKeyTypes +..." inside a | ||
1432 | Match block | ||
1433 | |||
1434 | Upstream-Regress-ID: 246c37ed64a2e5704d4c158ccdca1ff700e10647 | ||
1435 | |||
1436 | commit abd9dbc3c0d8c8c7561347cfa22166156e78c077 | ||
1437 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
1438 | Date: Mon Oct 26 02:50:58 2015 +0000 | ||
1439 | |||
1440 | upstream commit | ||
1441 | |||
1442 | Fix typo certopt->certopts in shell variable. This would | ||
1443 | cause the test to hang at a host key prompt if you have an A or CNAME for | ||
1444 | "proxy" in your local domain. | ||
1445 | |||
1446 | Upstream-Regress-ID: 6ea03bcd39443a83c89e2c5606392ceb9585836a | ||
1447 | |||
1448 | commit ed08510d38aef930a061ae30d10f2a9cf233bafa | ||
1449 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1450 | Date: Thu Oct 29 08:05:01 2015 +0000 | ||
1451 | |||
1452 | upstream commit | ||
1453 | |||
1454 | Fix "PubkeyAcceptedKeyTypes +..." inside a Match block; | ||
1455 | ok dtucker@ | ||
1456 | |||
1457 | Upstream-ID: 853662c4036730b966aab77684390c47b9738c69 | ||
1458 | |||
1459 | commit a4aef3ed29071719b2af82fdf1ac3c2514f82bc5 | ||
1460 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1461 | Date: Tue Oct 27 08:54:52 2015 +0000 | ||
1462 | |||
1463 | upstream commit | ||
1464 | |||
1465 | fix execv arguments in a way less likely to cause grief | ||
1466 | for -portable; ok dtucker@ | ||
1467 | |||
1468 | Upstream-ID: 5902bf0ea0371f39f1300698dc3b8e4105fc0fc5 | ||
1469 | |||
1470 | commit 63d188175accea83305e89fafa011136ff3d96ad | ||
1471 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1472 | Date: Tue Oct 27 01:44:45 2015 +0000 | ||
1473 | |||
1474 | upstream commit | ||
1475 | |||
1476 | log certificate serial in verbose() messages to match the | ||
1477 | main auth success/fail message; ok dtucker@ | ||
1478 | |||
1479 | Upstream-ID: dfc48b417c320b97c36ff351d303c142f2186288 | ||
1480 | |||
1481 | commit 2aaba0cfd560ecfe92aa50c00750e6143842cf1f | ||
1482 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1483 | Date: Tue Oct 27 00:49:53 2015 +0000 | ||
1484 | |||
1485 | upstream commit | ||
1486 | |||
1487 | avoid de-const warning & shrink; ok dtucker@ | ||
1488 | |||
1489 | Upstream-ID: 69a85ef94832378952a22c172009cbf52aaa11db | ||
1490 | |||
1491 | commit 03239c18312b9bab7d1c3b03062c61e8bbc1ca6e | ||
1492 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
1493 | Date: Sun Oct 25 23:42:00 2015 +0000 | ||
1494 | |||
1495 | upstream commit | ||
1496 | |||
1497 | Expand tildes in filenames passed to -i before checking | ||
1498 | whether or not the identity file exists. This means that if the shell | ||
1499 | doesn't do the expansion (eg because the option and filename were given as a | ||
1500 | single argument) then we'll still add the key. bz#2481, ok markus@ | ||
1501 | |||
1502 | Upstream-ID: db1757178a14ac519e9a3e1a2dbd21113cb3bfc6 | ||
1503 | |||
1504 | commit 97e184e508dd33c37860c732c0eca3fc57698b40 | ||
1505 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
1506 | Date: Sun Oct 25 23:14:03 2015 +0000 | ||
1507 | |||
1508 | upstream commit | ||
1509 | |||
1510 | Do not prepend "exec" to the shell command run by "Match | ||
1511 | exec" in a config file. It's an unnecessary optimization from repurposed | ||
1512 | ProxyCommand code and prevents some things working with some shells. | ||
1513 | bz#2471, pointed out by res at qoxp.net. ok markus@ | ||
1514 | |||
1515 | Upstream-ID: a1ead25ae336bfa15fb58d8c6b5589f85b4c33a3 | ||
1516 | |||
1517 | commit 8db134e7f457bcb069ec72bc4ee722e2af557c69 | ||
1518 | Author: Darren Tucker <dtucker@zip.com.au> | ||
1519 | Date: Thu Oct 29 10:48:23 2015 +1100 | ||
1520 | |||
1521 | Prevent name collisions with system glob (bz#2463) | ||
1522 | |||
1523 | Move glob.h from includes.h to the only caller (sftp) and override the | ||
1524 | names for the symbols. This prevents name collisions with the system glob | ||
1525 | in the case where something other than ssh uses it (eg kerberos). With | ||
1526 | jjelen at redhat.com, ok djm@ | ||
1527 | |||
1528 | commit 86c10dbbef6a5800d2431a66cf7f41a954bb62b5 | ||
1529 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
1530 | Date: Fri Oct 23 02:22:01 2015 +0000 | ||
1531 | |||
1532 | upstream commit | ||
1533 | |||
1534 | Update expected group sizes to match recent code changes. | ||
1535 | |||
1536 | Upstream-Regress-ID: 0004f0ea93428969fe75bcfff0d521c553977794 | ||
1537 | |||
1538 | commit 9ada37d36003a77902e90a3214981e417457cf13 | ||
1539 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1540 | Date: Sat Oct 24 22:56:19 2015 +0000 | ||
1541 | |||
1542 | upstream commit | ||
1543 | |||
1544 | fix keyscan output for multiple hosts/addrs on one line | ||
1545 | when host hashing or a non standard port is in use; bz#2479 ok dtucker@ | ||
1546 | |||
1547 | Upstream-ID: 5321dabfaeceba343da3c8a8b5754c6f4a0a307b | ||
1548 | |||
1549 | commit 44fc7cd7dcef6c52c6b7e9ff830dfa32879bd319 | ||
1550 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1551 | Date: Sat Oct 24 22:52:22 2015 +0000 | ||
1552 | |||
1553 | upstream commit | ||
1554 | |||
1555 | skip "Could not chdir to home directory" message when | ||
1556 | chrooted | ||
1557 | |||
1558 | patch from Christian Hesse in bz#2485 ok dtucker@ | ||
1559 | |||
1560 | Upstream-ID: 86783c1953da426dff5b03b03ce46e699d9e5431 | ||
1561 | |||
1562 | commit a820a8618ec44735dabc688fab96fba38ad66bb2 | ||
1563 | Author: sthen@openbsd.org <sthen@openbsd.org> | ||
1564 | Date: Sat Oct 24 08:34:09 2015 +0000 | ||
1565 | |||
1566 | upstream commit | ||
1567 | |||
1568 | Handle the split of tun(4) "link0" into tap(4) in ssh | ||
1569 | tun-forwarding. Adapted from portable (using separate devices for this is the | ||
1570 | normal case in most OS). ok djm@ | ||
1571 | |||
1572 | Upstream-ID: 90facf4c59ce73d6741db1bc926e578ef465cd39 | ||
1573 | |||
1574 | commit 66d2e229baa9fe57b868c373b05f7ff3bb20055b | ||
1575 | Author: gsoares@openbsd.org <gsoares@openbsd.org> | ||
1576 | Date: Wed Oct 21 11:33:03 2015 +0000 | ||
1577 | |||
1578 | upstream commit | ||
1579 | |||
1580 | fix memory leak in error path ok djm@ | ||
1581 | |||
1582 | Upstream-ID: dd2f402b0a0029b755df029fc7f0679e1365ce35 | ||
1583 | |||
1584 | commit 7d6c0362039ceacdc1366b5df29ad5d2693c13e5 | ||
1585 | Author: mmcc@openbsd.org <mmcc@openbsd.org> | ||
1586 | Date: Tue Oct 20 23:24:25 2015 +0000 | ||
1587 | |||
1588 | upstream commit | ||
1589 | |||
1590 | Compare pointers to NULL rather than 0. | ||
1591 | |||
1592 | ok djm@ | ||
1593 | |||
1594 | Upstream-ID: 21616cfea27eda65a06e772cc887530b9a1a27f8 | ||
1595 | |||
1596 | commit f98a09cacff7baad8748c9aa217afd155a4d493f | ||
1597 | Author: mmcc@openbsd.org <mmcc@openbsd.org> | ||
1598 | Date: Tue Oct 20 03:36:35 2015 +0000 | ||
1599 | |||
1600 | upstream commit | ||
1601 | |||
1602 | Replace a function-local allocation with stack memory. | ||
1603 | |||
1604 | ok djm@ | ||
1605 | |||
1606 | Upstream-ID: c09fbbab637053a2ab9f33ca142b4e20a4c5a17e | ||
1607 | |||
1608 | commit ac908c1eeacccfa85659594d92428659320fd57e | ||
1609 | Author: Damien Miller <djm@mindrot.org> | ||
1610 | Date: Thu Oct 22 09:35:24 2015 +1100 | ||
1611 | |||
1612 | turn off PrintLastLog when --disable-lastlog | ||
1613 | |||
1614 | bz#2278 from Brent Paulson | ||
1615 | |||
1616 | commit b56deb847f4a0115a8bf488bf6ee8524658162fd | ||
1617 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1618 | Date: Fri Oct 16 22:32:22 2015 +0000 | ||
1619 | |||
1620 | upstream commit | ||
1621 | |||
1622 | increase the minimum modulus that we will send or accept in | ||
1623 | diffie-hellman-group-exchange to 2048 bits; ok markus@ | ||
1624 | |||
1625 | Upstream-ID: 06dce7a24c17b999a0f5fadfe95de1ed6a1a9b6a | ||
1626 | |||
1627 | commit 5ee0063f024bf5b3f3ffb275b8cd20055d62b4b9 | ||
1628 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1629 | Date: Fri Oct 16 18:40:49 2015 +0000 | ||
1630 | |||
1631 | upstream commit | ||
1632 | |||
1633 | better handle anchored FQDNs (e.g. 'cvs.openbsd.org.') in | ||
1634 | hostname canonicalisation - treat them as already canonical and remove the | ||
1635 | trailing '.' before matching ssh_config; ok markus@ | ||
1636 | |||
1637 | Upstream-ID: f7619652e074ac3febe8363f19622aa4853b679a | ||
1638 | |||
1639 | commit e92c499a75477ecfe94dd7b4aed89f20b1fac5a7 | ||
1640 | Author: mmcc@openbsd.org <mmcc@openbsd.org> | ||
1641 | Date: Fri Oct 16 17:07:24 2015 +0000 | ||
1642 | |||
1643 | upstream commit | ||
1644 | |||
1645 | 0 -> NULL when comparing with a char*. | ||
1646 | |||
1647 | ok dtucker@, djm@. | ||
1648 | |||
1649 | Upstream-ID: a928e9c21c0a9020727d99738ff64027c1272300 | ||
1650 | |||
1651 | commit b1d38a3cc6fe349feb8d16a5f520ef12d1de7cb2 | ||
1652 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1653 | Date: Thu Oct 15 23:51:40 2015 +0000 | ||
1654 | |||
1655 | upstream commit | ||
1656 | |||
1657 | fix some signed/unsigned integer type mismatches in | ||
1658 | format strings; reported by Nicholas Lemonias | ||
1659 | |||
1660 | Upstream-ID: 78cd55420a0eef68c4095bdfddd1af84afe5f95c | ||
1661 | |||
1662 | commit 1a2663a15d356bb188196b6414b4c50dc12fd42b | ||
1663 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1664 | Date: Thu Oct 15 23:08:23 2015 +0000 | ||
1665 | |||
1666 | upstream commit | ||
1667 | |||
1668 | argument to sshkey_from_private() and sshkey_demote() | ||
1669 | can't be NULL | ||
1670 | |||
1671 | Upstream-ID: 0111245b1641d387977a9b38da15916820a5fd1f | ||
1672 | |||
1673 | commit 0f754e29dd3760fc0b172c1220f18b753fb0957e | ||
1674 | Author: Damien Miller <djm@mindrot.org> | ||
1675 | Date: Fri Oct 16 10:53:14 2015 +1100 | ||
1676 | |||
1677 | need va_copy before va_start | ||
1678 | |||
1679 | reported by Nicholas Lemonias | ||
1680 | |||
1681 | commit eb6c50d82aa1f0d3fc95f5630ea69761e918bfcd | ||
1682 | Author: Damien Miller <djm@mindrot.org> | ||
1683 | Date: Thu Oct 15 15:48:28 2015 -0700 | ||
1684 | |||
1685 | fix compilation on systems without SYMLOOP_MAX | ||
1686 | |||
1687 | commit fafe1d84a210fb3dae7744f268059cc583db8c12 | ||
1688 | Author: Damien Miller <djm@mindrot.org> | ||
1689 | Date: Wed Oct 14 09:22:15 2015 -0700 | ||
1690 | |||
1691 | s/SANDBOX_TAME/SANDBOX_PLEDGE/g | ||
1692 | |||
1693 | commit 8f22911027ff6c17d7226d232ccd20727f389310 | ||
1694 | Author: Damien Miller <djm@mindrot.org> | ||
1695 | Date: Wed Oct 14 08:28:19 2015 +1100 | ||
1696 | |||
1697 | upstream commit | ||
1698 | |||
1699 | revision 1.20 | ||
1700 | date: 2015/10/13 20:55:37; author: millert; state: Exp; lines: +2 -2; commitid: X39sl5ay1czgFIgp; | ||
1701 | In rev 1.15 the sizeof argument was fixed in a strlcat() call but | ||
1702 | the truncation check immediately following it was not updated to | ||
1703 | match. Not an issue in practice since the buffers are the same | ||
1704 | size. OK deraadt@ | ||
1705 | |||
1706 | commit 23fa695bb735f54f04d46123662609edb6c76767 | ||
1707 | Author: Damien Miller <djm@mindrot.org> | ||
1708 | Date: Wed Oct 14 08:27:51 2015 +1100 | ||
1709 | |||
1710 | upstream commit | ||
1711 | |||
1712 | revision 1.19 | ||
1713 | date: 2015/01/16 16:48:51; author: deraadt; state: Exp; lines: +3 -3; commitid: 0DYulI8hhujBHMcR; | ||
1714 | Move to the <limits.h> universe. | ||
1715 | review by millert, binary checking process with doug, concept with guenther | ||
1716 | |||
1717 | commit c71be375a69af00c2d0a0c24d8752bec12d8fd1b | ||
1718 | Author: Damien Miller <djm@mindrot.org> | ||
1719 | Date: Wed Oct 14 08:27:08 2015 +1100 | ||
1720 | |||
1721 | upstream commit | ||
1722 | |||
1723 | revision 1.18 | ||
1724 | date: 2014/10/19 03:56:28; author: doug; state: Exp; lines: +9 -9; commitid: U6QxmtbXrGoc02S5; | ||
1725 | Revert last commit due to changed semantics found by make release. | ||
1726 | |||
1727 | commit c39ad23b06e9aecc3ff788e92f787a08472905b1 | ||
1728 | Author: Damien Miller <djm@mindrot.org> | ||
1729 | Date: Wed Oct 14 08:26:24 2015 +1100 | ||
1730 | |||
1731 | upstream commit | ||
1732 | |||
1733 | revision 1.17 | ||
1734 | date: 2014/10/18 20:43:52; author: doug; state: Exp; lines: +10 -10; commitid: I74hI1tVZtsspKEt; | ||
1735 | Better POSIX compliance in realpath(3). | ||
1736 | |||
1737 | millert@ made changes to realpath.c based on FreeBSD's version. I merged | ||
1738 | Todd's changes into dl_realpath.c. | ||
1739 | |||
1740 | ok millert@, guenther@ | ||
1741 | |||
1742 | commit e929a43f957dbd1254aca2aaf85c8c00cbfc25f4 | ||
1743 | Author: Damien Miller <djm@mindrot.org> | ||
1744 | Date: Wed Oct 14 08:25:55 2015 +1100 | ||
1745 | |||
1746 | upstream commit | ||
1747 | |||
1748 | revision 1.16 | ||
1749 | date: 2013/04/05 12:59:54; author: kurt; state: Exp; lines: +3 -1; | ||
1750 | - Add comments regarding copies of these files also in libexec/ld.so | ||
1751 | okay guenther@ | ||
1752 | |||
1753 | commit 5225db68e58a1048cb17f0e36e0d33bc4a8fc410 | ||
1754 | Author: Damien Miller <djm@mindrot.org> | ||
1755 | Date: Wed Oct 14 08:25:32 2015 +1100 | ||
1756 | |||
1757 | upstream commit | ||
1758 | |||
1759 | revision 1.15 | ||
1760 | date: 2012/09/13 15:39:05; author: deraadt; state: Exp; lines: +2 -2; | ||
1761 | specify the bounds of the dst to strlcat (both values were static and | ||
1762 | equal, but it is more correct) | ||
1763 | from Michal Mazurek | ||
1764 | |||
1765 | commit 7365fe5b4859de2305e40ea132da3823830fa710 | ||
1766 | Author: Damien Miller <djm@mindrot.org> | ||
1767 | Date: Wed Oct 14 08:25:09 2015 +1100 | ||
1768 | |||
1769 | upstream commit | ||
1770 | |||
1771 | revision 1.14 | ||
1772 | date: 2011/07/24 21:03:00; author: miod; state: Exp; lines: +35 -13; | ||
1773 | Recent Single Unix will malloc memory if the second argument of realpath() | ||
1774 | is NULL, and third-party software is starting to rely upon this. | ||
1775 | Adapted from FreeBSD via Jona Joachim (jaj ; hcl-club , .lu), with minor | ||
1776 | tweaks from nicm@ and yours truly. | ||
1777 | |||
1778 | commit e679c09cd1951f963793aa3d9748d1c3fdcf808f | ||
1779 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1780 | Date: Tue Oct 13 16:15:21 2015 +0000 | ||
1781 | |||
1782 | upstream commit | ||
1783 | |||
1784 | apply PubkeyAcceptedKeyTypes filtering earlier, so all | ||
1785 | skipped keys are noted before pubkey authentication starts. ok dtucker@ | ||
1786 | |||
1787 | Upstream-ID: ba4f52f54268a421a2a5f98bb375403f4cb044b8 | ||
1788 | |||
1789 | commit 179c353f564ec7ada64b87730b25fb41107babd7 | ||
1790 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1791 | Date: Tue Oct 13 00:21:27 2015 +0000 | ||
1792 | |||
1793 | upstream commit | ||
1794 | |||
1795 | free the correct IV length, don't assume it's always the | ||
1796 | cipher blocksize; ok dtucker@ | ||
1797 | |||
1798 | Upstream-ID: c260d9e5ec73628d9ff4b067fbb060eff5a7d298 | ||
1799 | |||
1800 | commit 2539dce2a049a8f6bb0d44cac51f07ad48e691d3 | ||
1801 | Author: deraadt@openbsd.org <deraadt@openbsd.org> | ||
1802 | Date: Fri Oct 9 01:37:08 2015 +0000 | ||
1803 | |||
1804 | upstream commit | ||
1805 | |||
1806 | Change all tame callers to namechange to pledge(2). | ||
1807 | |||
1808 | Upstream-ID: 17e654fc27ceaf523c60f4ffd9ec7ae4e7efc7f2 | ||
1809 | |||
1810 | commit 9846a2f4067383bb76b4e31a9d2303e0a9c13a73 | ||
1811 | Author: Damien Miller <djm@mindrot.org> | ||
1812 | Date: Thu Oct 8 04:30:48 2015 +1100 | ||
1813 | |||
1814 | hook tame(2) sandbox up to build | ||
1815 | |||
1816 | OpenBSD only for now | ||
1817 | |||
1818 | commit 0c46bbe68b70bdf0d6d20588e5847e71f3739fe6 | ||
1819 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1820 | Date: Wed Oct 7 15:59:12 2015 +0000 | ||
1821 | |||
1822 | upstream commit | ||
1823 | |||
1824 | include PubkeyAcceptedKeyTypes in ssh -G config dump | ||
1825 | |||
1826 | Upstream-ID: 6c097ce6ffebf6fe393fb7988b5d152a5d6b36bb | ||
1827 | |||
1828 | commit bdcb73fb7641b1cf73c0065d1a0dd57b1e8b778e | ||
1829 | Author: sobrado@openbsd.org <sobrado@openbsd.org> | ||
1830 | Date: Wed Oct 7 14:45:30 2015 +0000 | ||
1831 | |||
1832 | upstream commit | ||
1833 | |||
1834 | UsePrivilegeSeparation defaults to sandbox now. | ||
1835 | |||
1836 | ok djm@ | ||
1837 | |||
1838 | Upstream-ID: bff136c38bcae89df82e044d2f42de21e1ad914f | ||
1839 | |||
1840 | commit 2905d6f99c837bb699b6ebc61711b19acd030709 | ||
1841 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1842 | Date: Wed Oct 7 00:54:06 2015 +0000 | ||
1843 | |||
1844 | upstream commit | ||
1845 | |||
1846 | don't try to change tun device flags if they are already | ||
1847 | what we need; makes it possible to use tun/tap networking as non- root user | ||
1848 | if device permissions and interface flags are pre-established; based on patch | ||
1849 | by Ossi Herrala | ||
1850 | |||
1851 | Upstream-ID: 89099ac4634cd477b066865acf54cb230780fd21 | ||
1852 | |||
1853 | commit 0dc74512bdb105b048883f07de538b37e5e024d4 | ||
1854 | Author: Damien Miller <djm@mindrot.org> | ||
1855 | Date: Mon Oct 5 18:33:05 2015 -0700 | ||
1856 | |||
1857 | unbreak merge botch | ||
1858 | |||
1859 | commit fdd020e86439afa7f537e2429d29d4b744c94331 | ||
1860 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1861 | Date: Tue Oct 6 01:20:59 2015 +0000 | ||
1862 | |||
1863 | upstream commit | ||
1864 | |||
1865 | adapt to recent sshkey_parse_private_fileblob() API | ||
1866 | change | ||
1867 | |||
1868 | Upstream-Regress-ID: 5c0d818da511e33e0abf6a92a31bd7163b7ad988 | ||
1869 | |||
1870 | commit 21ae8ee3b630b0925f973db647a1b9aa5fcdd4c5 | ||
1871 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1872 | Date: Thu Sep 24 07:15:39 2015 +0000 | ||
1873 | |||
1874 | upstream commit | ||
1875 | |||
1876 | fix command-line option to match what was actually | ||
1877 | committed | ||
1878 | |||
1879 | Upstream-Regress-ID: 3e8c24a2044e8afd37e7ce17b69002ca817ac699 | ||
1880 | |||
1881 | commit e14ac43b75e68f1ffbd3e1a5e44143c8ae578dcd | ||
1882 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1883 | Date: Thu Sep 24 06:16:53 2015 +0000 | ||
1884 | |||
1885 | upstream commit | ||
1886 | |||
1887 | regress test for CertificateFile; patch from Meghana Bhat | ||
1888 | via bz#2436 | ||
1889 | |||
1890 | Upstream-Regress-ID: e7a6e980cbe0f8081ba2e83de40d06c17be8bd25 | ||
1891 | |||
1892 | commit 905b054ed24e0d5b4ef226ebf2c8bfc02ae6d4ad | ||
20 | Author: djm@openbsd.org <djm@openbsd.org> | 1893 | Author: djm@openbsd.org <djm@openbsd.org> |
21 | Date: Mon Oct 5 17:11:21 2015 +0000 | 1894 | Date: Mon Oct 5 17:11:21 2015 +0000 |
22 | 1895 | ||
@@ -26,7 +1899,129 @@ Date: Mon Oct 5 17:11:21 2015 +0000 | |||
26 | 1899 | ||
27 | Upstream-ID: 17f19545685c33327db2efdc357c1c9225ff00d0 | 1900 | Upstream-ID: 17f19545685c33327db2efdc357c1c9225ff00d0 |
28 | 1901 | ||
29 | commit 8f5b93026797b9f7fba90d0c717570421ccebbd3 | 1902 | commit b007159a0acdbcf65814b3ee05dbe2cf4ea46011 |
1903 | Author: deraadt@openbsd.org <deraadt@openbsd.org> | ||
1904 | Date: Fri Oct 2 15:52:55 2015 +0000 | ||
1905 | |||
1906 | upstream commit | ||
1907 | |||
1908 | fix email | ||
1909 | |||
1910 | Upstream-ID: 72150f2d54b94de14ebef1ea054ef974281bf834 | ||
1911 | |||
1912 | commit b19e1b4ab11884c4f62aee9f8ab53127a4732658 | ||
1913 | Author: deraadt@openbsd.org <deraadt@openbsd.org> | ||
1914 | Date: Fri Oct 2 01:39:52 2015 +0000 | ||
1915 | |||
1916 | upstream commit | ||
1917 | |||
1918 | a sandbox using tame ok djm | ||
1919 | |||
1920 | Upstream-ID: 4ca24e47895e72f5daaa02f3e3d3e5ca2d820fa3 | ||
1921 | |||
1922 | commit c61b42f2678f21f05653ac2d3d241b48ab5d59ac | ||
1923 | Author: deraadt@openbsd.org <deraadt@openbsd.org> | ||
1924 | Date: Fri Oct 2 01:39:26 2015 +0000 | ||
1925 | |||
1926 | upstream commit | ||
1927 | |||
1928 | re-order system calls in order of risk, ok i'll be | ||
1929 | honest, ordered this way they look like tame... ok djm | ||
1930 | |||
1931 | Upstream-ID: 42a1e6d251fd8be13c8262bee026059ae6328813 | ||
1932 | |||
1933 | commit c5f7c0843cb6e6074a93c8ac34e49ce33a6f5546 | ||
1934 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
1935 | Date: Fri Sep 25 18:19:54 2015 +0000 | ||
1936 | |||
1937 | upstream commit | ||
1938 | |||
1939 | some certificatefile tweaks; ok djm | ||
1940 | |||
1941 | Upstream-ID: 0e5a7852c28c05fc193419cc7e50e64c1c535af0 | ||
1942 | |||
1943 | commit 4e44a79a07d4b88b6a4e5e8c1bed5f58c841b1b8 | ||
1944 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1945 | Date: Thu Sep 24 06:15:11 2015 +0000 | ||
1946 | |||
1947 | upstream commit | ||
1948 | |||
1949 | add ssh_config CertificateFile option to explicitly list | ||
1950 | a certificate; patch from Meghana Bhat on bz#2436; ok markus@ | ||
1951 | |||
1952 | Upstream-ID: 58648ec53c510b41c1f46d8fe293aadc87229ab8 | ||
1953 | |||
1954 | commit e3cbb06ade83c72b640a53728d362bbefa0008e2 | ||
1955 | Author: sobrado@openbsd.org <sobrado@openbsd.org> | ||
1956 | Date: Tue Sep 22 08:33:23 2015 +0000 | ||
1957 | |||
1958 | upstream commit | ||
1959 | |||
1960 | fix two typos. | ||
1961 | |||
1962 | Upstream-ID: 424402c0d8863a11b51749bacd7f8d932083b709 | ||
1963 | |||
1964 | commit 8408218c1ca88cb17d15278174a24a94a6f65fe1 | ||
1965 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1966 | Date: Mon Sep 21 04:31:00 2015 +0000 | ||
1967 | |||
1968 | upstream commit | ||
1969 | |||
1970 | fix possible hang on closed output; bz#2469 reported by Tomas | ||
1971 | Kuthan ok markus@ | ||
1972 | |||
1973 | Upstream-ID: f7afd41810f8540f524284f1be6b970859f94fe3 | ||
1974 | |||
1975 | commit 0097248f90a00865082e8c146b905a6555cc146f | ||
1976 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1977 | Date: Fri Sep 11 04:55:01 2015 +0000 | ||
1978 | |||
1979 | upstream commit | ||
1980 | |||
1981 | skip if running as root; many systems (inc OpenBSD) allow | ||
1982 | root to ptrace arbitrary processes | ||
1983 | |||
1984 | Upstream-Regress-ID: be2b925df89360dff36f972951fa0fa793769038 | ||
1985 | |||
1986 | commit 9c06c814aff925e11a5cc592c06929c258a014f6 | ||
1987 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1988 | Date: Fri Sep 11 03:44:21 2015 +0000 | ||
1989 | |||
1990 | upstream commit | ||
1991 | |||
1992 | try all supported key types here; bz#2455 reported by | ||
1993 | Jakub Jelen | ||
1994 | |||
1995 | Upstream-Regress-ID: 188cb7d9031cdbac3a0fa58b428b8fa2b2482bba | ||
1996 | |||
1997 | commit 3c019a936b43f3e2773f3edbde7c114d73caaa4c | ||
1998 | Author: tim@openbsd.org <tim@openbsd.org> | ||
1999 | Date: Sun Sep 13 14:39:16 2015 +0000 | ||
2000 | |||
2001 | upstream commit | ||
2002 | |||
2003 | - Fix error message: passphrase needs to be at least 5 | ||
2004 | characters, not 4. - Remove unused function argument. - Remove two | ||
2005 | unnecessary variables. | ||
2006 | |||
2007 | OK djm@ | ||
2008 | |||
2009 | Upstream-ID: 13010c05bfa8b523da1c0dc19e81dd180662bc30 | ||
2010 | |||
2011 | commit 2681cdb6e0de7c1af549dac37a9531af202b4434 | ||
2012 | Author: tim@openbsd.org <tim@openbsd.org> | ||
2013 | Date: Sun Sep 13 13:48:19 2015 +0000 | ||
2014 | |||
2015 | upstream commit | ||
2016 | |||
2017 | When adding keys to the agent, don't ignore the comment | ||
2018 | of keys for which the user is prompted for a passphrase. | ||
2019 | |||
2020 | Tweak and OK djm@ | ||
2021 | |||
2022 | Upstream-ID: dc737c620a5a8d282cc4f66e3b9b624e9abefbec | ||
2023 | |||
2024 | commit 14692f7b8251cdda847e648a82735eef8a4d2a33 | ||
30 | Author: guenther@openbsd.org <guenther@openbsd.org> | 2025 | Author: guenther@openbsd.org <guenther@openbsd.org> |
31 | Date: Fri Sep 11 08:50:04 2015 +0000 | 2026 | Date: Fri Sep 11 08:50:04 2015 +0000 |
32 | 2027 | ||
@@ -39,47 +2034,272 @@ Date: Fri Sep 11 08:50:04 2015 +0000 | |||
39 | 2034 | ||
40 | Upstream-ID: 2e3337db046c3fe70c7369ee31515ac73ec00f50 | 2035 | Upstream-ID: 2e3337db046c3fe70c7369ee31515ac73ec00f50 |
41 | 2036 | ||
42 | commit d77148e3a3ef6c29b26ec74331455394581aa257 | 2037 | commit 846f6fa4cfa8483a9195971dbdd162220f199d85 |
2038 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
2039 | Date: Fri Sep 11 06:55:46 2015 +0000 | ||
2040 | |||
2041 | upstream commit | ||
2042 | |||
2043 | sync -Q in usage() to SYNOPSIS; since it's drastically | ||
2044 | shorter, i've reformatted the block to sync with the man (80 cols) and saved | ||
2045 | a line; | ||
2046 | |||
2047 | Upstream-ID: 86e2c65c3989a0777a6258a77e589b9f6f354abd | ||
2048 | |||
2049 | commit 95923e0520a8647417ee6dcdff44694703dfeef0 | ||
2050 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
2051 | Date: Fri Sep 11 06:51:39 2015 +0000 | ||
2052 | |||
2053 | upstream commit | ||
2054 | |||
2055 | tweak previous; | ||
2056 | |||
2057 | Upstream-ID: f29b3cfcfd9aa31fa140c393e7bd48c1c74139d6 | ||
2058 | |||
2059 | commit 86ac462f833b05d8ed9de9c50ccb295d7faa79ff | ||
2060 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
2061 | Date: Fri Sep 11 05:27:02 2015 +0000 | ||
2062 | |||
2063 | upstream commit | ||
2064 | |||
2065 | Update usage to match man page. | ||
2066 | |||
2067 | Upstream-ID: 9e85aefaecfb6aaf34c7cfd0700cd21783a35675 | ||
2068 | |||
2069 | commit 674b3b68c1d36b2562324927cd03857b565e05e8 | ||
43 | Author: djm@openbsd.org <djm@openbsd.org> | 2070 | Author: djm@openbsd.org <djm@openbsd.org> |
44 | Date: Sun Nov 8 21:59:11 2015 +0000 | 2071 | Date: Fri Sep 11 03:47:28 2015 +0000 |
45 | 2072 | ||
46 | upstream commit | 2073 | upstream commit |
47 | 2074 | ||
48 | fix OOB read in packet code caused by missing return | 2075 | expand %i in ControlPath to UID; bz#2449 |
49 | statement found by Ben Hawkes; ok markus@ deraadt@ | ||
50 | 2076 | ||
51 | Upstream-ID: a3e3a85434ebfa0690d4879091959591f30efc62 | 2077 | patch from Christian Hesse w/ feedback from dtucker@ |
2078 | |||
2079 | Upstream-ID: 2ba8d303e555a84e2f2165ab4b324b41e80ab925 | ||
2080 | |||
2081 | commit c0f55db7ee00c8202b05cb4b9ad4ce72cc45df41 | ||
2082 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2083 | Date: Fri Sep 11 03:42:32 2015 +0000 | ||
2084 | |||
2085 | upstream commit | ||
2086 | |||
2087 | mention -Q key-plain and -Q key-cert; bz#2455 pointed out | ||
2088 | by Jakub Jelen | ||
2089 | |||
2090 | Upstream-ID: c8f1f8169332e4fa73ac96b0043e3b84e01d4896 | ||
2091 | |||
2092 | commit cfffbdb10fdf0f02d3f4232232eef7ec3876c383 | ||
2093 | Author: Darren Tucker <dtucker@zip.com.au> | ||
2094 | Date: Mon Sep 14 16:24:21 2015 +1000 | ||
2095 | |||
2096 | Use ssh-keygen -A when generating host keys. | ||
2097 | |||
2098 | Use ssh-keygen -A instead of per-keytype invocations when generating host | ||
2099 | keys. Add tests when doing host-key-force since we can't use ssh-keygen -A | ||
2100 | since it can't specify alternate locations. bz#2459, ok djm@ | ||
2101 | |||
2102 | commit 366bada1e9e124654aac55b72b6ccf878755b0dc | ||
2103 | Author: Darren Tucker <dtucker@zip.com.au> | ||
2104 | Date: Fri Sep 11 13:29:22 2015 +1000 | ||
2105 | |||
2106 | Correct default value for --with-ssh1. | ||
2107 | |||
2108 | bz#2457, from konto-mindrot.org at walimnieto.com. | ||
2109 | |||
2110 | commit 2bca8a43e7dd9b04d7070824ffebb823c72587b2 | ||
2111 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2112 | Date: Fri Sep 11 03:13:36 2015 +0000 | ||
2113 | |||
2114 | upstream commit | ||
2115 | |||
2116 | more clarity on what AuthorizedKeysFile=none does; based | ||
2117 | on diff by Thiebaud Weksteen | ||
2118 | |||
2119 | Upstream-ID: 78ab87f069080f0cc3bc353bb04eddd9e8ad3704 | ||
2120 | |||
2121 | commit 61942ea4a01e6db4fdf37ad61de81312ffe310e9 | ||
2122 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2123 | Date: Wed Sep 9 00:52:44 2015 +0000 | ||
2124 | |||
2125 | upstream commit | ||
2126 | |||
2127 | openssh_RSA_verify return type is int, so don't make it | ||
2128 | size_t within the function itself with only negative numbers or zero assigned | ||
2129 | to it. bz#2460 | ||
2130 | |||
2131 | Upstream-ID: b6e794b0c7fc4f9f329509263c8668d35f83ea55 | ||
2132 | |||
2133 | commit 4f7cc2f8cc861a21e6dbd7f6c25652afb38b9b96 | ||
2134 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
2135 | Date: Fri Sep 4 08:21:47 2015 +0000 | ||
2136 | |||
2137 | upstream commit | ||
2138 | |||
2139 | Plug minor memory leaks when options are used more than | ||
2140 | once. bz#2182, patch from Tiago Cunha, ok deraadt djm | ||
2141 | |||
2142 | Upstream-ID: 5b84d0401e27fe1614c10997010cc55933adb48e | ||
2143 | |||
2144 | commit 7ad8b287c8453a3e61dbc0d34d467632b8b06fc8 | ||
2145 | Author: Darren Tucker <dtucker@zip.com.au> | ||
2146 | Date: Fri Sep 11 13:11:02 2015 +1000 | ||
2147 | |||
2148 | Force resolution of _res for correct detection. | ||
2149 | |||
2150 | bz#2259, from sconeu at yahoo.com. | ||
52 | 2151 | ||
53 | commit 076d849e17ab12603627f87b301e2dca71bae518 | 2152 | commit 26ad18247213ff72b4438abe7fc660c958810fa2 |
54 | Author: Damien Miller <djm@mindrot.org> | 2153 | Author: Damien Miller <djm@mindrot.org> |
55 | Date: Sat Nov 14 18:44:49 2015 +1100 | 2154 | Date: Thu Sep 10 10:57:41 2015 +1000 |
56 | 2155 | ||
57 | read back from libcrypto RAND when privdropping | 2156 | allow getrandom syscall; from Felix von Leitner |
2157 | |||
2158 | commit 5245bc1e6b129a10a928f73f11c3aa32656c44b4 | ||
2159 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
2160 | Date: Fri Sep 4 06:40:45 2015 +0000 | ||
2161 | |||
2162 | upstream commit | ||
58 | 2163 | ||
59 | makes certain libcrypto implementations cache a /dev/urandom fd | 2164 | full stop belongs outside the brackets, not inside; |
60 | in preparation of sandboxing. Based on patch by Greg Hartman. | 2165 | |
2166 | Upstream-ID: 99d098287767799ac33d2442a05b5053fa5a551a | ||
61 | 2167 | ||
62 | commit f72adc0150011a28f177617a8456e1f83733099d | 2168 | commit a85768a9321d74b41219eeb3c9be9f1702cbf6a5 |
63 | Author: djm@openbsd.org <djm@openbsd.org> | 2169 | Author: djm@openbsd.org <djm@openbsd.org> |
64 | Date: Sun Dec 13 22:42:23 2015 +0000 | 2170 | Date: Fri Sep 4 04:56:09 2015 +0000 |
65 | 2171 | ||
66 | upstream commit | 2172 | upstream commit |
67 | 2173 | ||
68 | unbreak connections with peers that set | 2174 | add a debug2() right before DNS resolution; it's a place |
69 | first_kex_follows; fix from Matt Johnston va bz#2515 | 2175 | where ssh could previously silently hang for a while. bz#2433 |
70 | 2176 | ||
71 | Upstream-ID: decc88ec4fc7515594fdb42b04aa03189a44184b | 2177 | Upstream-ID: 52a1a3e0748db66518e7598352c427145692a6a0 |
72 | 2178 | ||
73 | commit 04bd8d019ccd906cac1a2b362517b8505f3759e6 | 2179 | commit 46152af8d27aa34d5d26ed1c371dc8aa142d4730 |
74 | Author: djm@openbsd.org <djm@openbsd.org> | 2180 | Author: djm@openbsd.org <djm@openbsd.org> |
75 | Date: Tue Jan 12 23:42:54 2016 +0000 | 2181 | Date: Fri Sep 4 04:55:24 2015 +0000 |
76 | 2182 | ||
77 | upstream commit | 2183 | upstream commit |
78 | 2184 | ||
79 | use explicit_bzero() more liberally in the buffer code; ok | 2185 | correct function name in error messages |
80 | deraadt | ||
81 | 2186 | ||
82 | Upstream-ID: 0ece37069fd66bc6e4f55eb1321f93df372b65bf | 2187 | Upstream-ID: 92fb2798617ad9561370897f4ab60adef2ff4c0e |
2188 | |||
2189 | commit a954cdb799a4d83c2d40fbf3e7b9f187fbfd72fc | ||
2190 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2191 | Date: Fri Sep 4 04:47:50 2015 +0000 | ||
2192 | |||
2193 | upstream commit | ||
2194 | |||
2195 | better document ExitOnForwardFailure; bz#2444, ok | ||
2196 | dtucker@ | ||
2197 | |||
2198 | Upstream-ID: a126209b5a6d9cb3117ac7ab5bc63d284538bfc2 | ||
2199 | |||
2200 | commit f54d8ac2474b6fc3afa081cf759b48a6c89d3319 | ||
2201 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2202 | Date: Fri Sep 4 04:44:08 2015 +0000 | ||
2203 | |||
2204 | upstream commit | ||
2205 | |||
2206 | don't record hostbased authentication hostkeys as user | ||
2207 | keys in test for multiple authentication with the same key | ||
2208 | |||
2209 | Upstream-ID: 26b368fa2cff481f47f37e01b8da1ae5b57b1adc | ||
2210 | |||
2211 | commit ac3451dd65f27ecf85dc045c46d49e2bbcb8dddd | ||
2212 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2213 | Date: Fri Sep 4 03:57:38 2015 +0000 | ||
2214 | |||
2215 | upstream commit | ||
2216 | |||
2217 | remove extra newline in nethack-mode hostkey; from | ||
2218 | Christian Hesse bz#2686 | ||
2219 | |||
2220 | Upstream-ID: 4f56368b1cc47baeea0531912186f66007fd5b92 | ||
2221 | |||
2222 | commit 9e3ed9ebb1a7e47c155c28399ddf09b306ea05df | ||
2223 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2224 | Date: Fri Sep 4 04:23:10 2015 +0000 | ||
2225 | |||
2226 | upstream commit | ||
2227 | |||
2228 | trim junk from end of file; bz#2455 from Jakub Jelen | ||
2229 | |||
2230 | Upstream-Regress-ID: a4e64e8931e40d23874b047074444eff919cdfe6 | ||
2231 | |||
2232 | commit f3a3ea180afff080bab82087ee0b60db9fd84f6c | ||
2233 | Author: jsg@openbsd.org <jsg@openbsd.org> | ||
2234 | Date: Wed Sep 2 07:51:12 2015 +0000 | ||
2235 | |||
2236 | upstream commit | ||
2237 | |||
2238 | Fix occurrences of "r = func() != 0" which result in the | ||
2239 | wrong error codes being returned due to != having higher precedence than =. | ||
2240 | |||
2241 | ok deraadt@ markus@ | ||
2242 | |||
2243 | Upstream-ID: 5fc35c9fc0319cc6fca243632662d2f06b5fd840 | ||
2244 | |||
2245 | commit f498a98cf83feeb7ea01c15cd1c98b3111361f3a | ||
2246 | Author: Damien Miller <djm@mindrot.org> | ||
2247 | Date: Thu Sep 3 09:11:22 2015 +1000 | ||
2248 | |||
2249 | don't check for yp_match; ok tim@ | ||
2250 | |||
2251 | commit 9690b78b7848b0b376980a61d51b1613e187ddb5 | ||
2252 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2253 | Date: Fri Aug 21 23:57:48 2015 +0000 | ||
2254 | |||
2255 | upstream commit | ||
2256 | |||
2257 | Improve printing of KEX offers and decisions | ||
2258 | |||
2259 | The debug output now labels the client and server offers and the | ||
2260 | negotiated options. ok markus@ | ||
2261 | |||
2262 | Upstream-ID: 8db921b3f92a4565271b1c1fbce6e7f508e1a2cb | ||
2263 | |||
2264 | commit 60a92470e21340e1a3fc10f9c7140d8e1519dc55 | ||
2265 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2266 | Date: Fri Aug 21 23:53:08 2015 +0000 | ||
2267 | |||
2268 | upstream commit | ||
2269 | |||
2270 | Fix printing (ssh -G ...) of HostKeyAlgorithms=+... | ||
2271 | Reported by Bryan Drewery | ||
2272 | |||
2273 | Upstream-ID: 19ad20c41bd5971e006289b6f9af829dd46c1293 | ||
2274 | |||
2275 | commit 6310f60fffca2d1e464168e7d1f7e3b6b0268897 | ||
2276 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2277 | Date: Fri Aug 21 23:52:30 2015 +0000 | ||
2278 | |||
2279 | upstream commit | ||
2280 | |||
2281 | Fix expansion of HostkeyAlgorithms=+... | ||
2282 | |||
2283 | Reported by Bryan Drewery | ||
2284 | |||
2285 | Upstream-ID: 70ca1deea39d758ba36d36428ae832e28566f78d | ||
2286 | |||
2287 | commit e774e5ea56237fd626a8161f9005023dff3e76c9 | ||
2288 | Author: deraadt@openbsd.org <deraadt@openbsd.org> | ||
2289 | Date: Fri Aug 21 23:29:31 2015 +0000 | ||
2290 | |||
2291 | upstream commit | ||
2292 | |||
2293 | Improve size == 0, count == 0 checking in mm_zalloc, | ||
2294 | which is "array" like. Discussed with tedu, millert, otto.... and ok djm | ||
2295 | |||
2296 | Upstream-ID: 899b021be43b913fad3eca1aef44efe710c53e29 | ||
2297 | |||
2298 | commit 189de02d9ad6f3645417c0ddf359b923aae5f926 | ||
2299 | Author: Damien Miller <djm@mindrot.org> | ||
2300 | Date: Fri Aug 21 15:45:02 2015 +1000 | ||
2301 | |||
2302 | expose POLLHUP and POLLNVAL for netcat.c | ||
83 | 2303 | ||
84 | commit e91346dc2bbf460246df2ab591b7613908c1b0ad | 2304 | commit e91346dc2bbf460246df2ab591b7613908c1b0ad |
85 | Author: Damien Miller <djm@mindrot.org> | 2305 | Author: Damien Miller <djm@mindrot.org> |
@@ -6685,931 +8905,3 @@ Date: Sun Mar 2 04:01:00 2014 +1100 | |||
6685 | 8905 | ||
6686 | - (djm) [regress/Makefile] Disable dhgex regress test; it breaks when | 8906 | - (djm) [regress/Makefile] Disable dhgex regress test; it breaks when |
6687 | no moduli file exists at the expected location. | 8907 | no moduli file exists at the expected location. |
6688 | |||
6689 | commit c83fdf30e9db865575b2521b1fe46315cf4c70ae | ||
6690 | Author: Damien Miller <djm@mindrot.org> | ||
6691 | Date: Fri Feb 28 10:34:03 2014 +1100 | ||
6692 | |||
6693 | - (djm) [regress/host-expand.sh] Add RCS Id | ||
6694 | |||
6695 | commit 834aeac3555e53f7d29a6fcf3db010dfb99681c7 | ||
6696 | Author: Damien Miller <djm@mindrot.org> | ||
6697 | Date: Fri Feb 28 10:25:16 2014 +1100 | ||
6698 | |||
6699 | - djm@cvs.openbsd.org 2014/02/27 21:21:25 | ||
6700 | [agent-ptrace.sh agent.sh] | ||
6701 | keep return values that are printed in error messages; | ||
6702 | from portable | ||
6703 | (Id sync only) | ||
6704 | |||
6705 | commit 4f7f1a9a0de24410c30952c7e16d433240422182 | ||
6706 | Author: Damien Miller <djm@mindrot.org> | ||
6707 | Date: Fri Feb 28 10:24:11 2014 +1100 | ||
6708 | |||
6709 | - djm@cvs.openbsd.org 2014/02/27 20:04:16 | ||
6710 | [login-timeout.sh] | ||
6711 | remove any existing LoginGraceTime from sshd_config before adding | ||
6712 | a specific one for the test back in | ||
6713 | |||
6714 | commit d705d987c27f68080c8798eeb5262adbdd6b4ffd | ||
6715 | Author: Damien Miller <djm@mindrot.org> | ||
6716 | Date: Fri Feb 28 10:23:26 2014 +1100 | ||
6717 | |||
6718 | - djm@cvs.openbsd.org 2014/01/26 10:49:17 | ||
6719 | [scp-ssh-wrapper.sh scp.sh] | ||
6720 | make sure $SCP is tested on the remote end rather than whichever one | ||
6721 | happens to be in $PATH; from portable | ||
6722 | (Id sync only) | ||
6723 | |||
6724 | commit 624a3ca376e3955a4b9d936c9e899e241b65d357 | ||
6725 | Author: Damien Miller <djm@mindrot.org> | ||
6726 | Date: Fri Feb 28 10:22:37 2014 +1100 | ||
6727 | |||
6728 | - djm@cvs.openbsd.org 2014/01/26 10:22:10 | ||
6729 | [regress/cert-hostkey.sh] | ||
6730 | automatically generate revoked keys from listed keys rather than | ||
6731 | manually specifying each type; from portable | ||
6732 | (Id sync only) | ||
6733 | |||
6734 | commit b84392328425e4b9a71f8bde5fe6a4a4c48d3ec4 | ||
6735 | Author: Damien Miller <djm@mindrot.org> | ||
6736 | Date: Fri Feb 28 10:21:26 2014 +1100 | ||
6737 | |||
6738 | - dtucker@cvs.openbsd.org 2014/01/25 04:35:32 | ||
6739 | [regress/Makefile regress/dhgex.sh] | ||
6740 | Add a test for DH GEX sizes | ||
6741 | |||
6742 | commit 1e2aa3d90472293ea19008f02336d6d68aa05793 | ||
6743 | Author: Damien Miller <djm@mindrot.org> | ||
6744 | Date: Fri Feb 28 10:19:51 2014 +1100 | ||
6745 | |||
6746 | - dtucker@cvs.openbsd.org 2014/01/20 00:00:30 | ||
6747 | [sftp-chroot.sh] | ||
6748 | append to rather than truncating the log file | ||
6749 | |||
6750 | commit f483cc16fe7314e24a37aa3a4422b03c013c3213 | ||
6751 | Author: Damien Miller <djm@mindrot.org> | ||
6752 | Date: Fri Feb 28 10:19:11 2014 +1100 | ||
6753 | |||
6754 | - dtucker@cvs.openbsd.org 2014/01/19 23:43:02 | ||
6755 | [regress/sftp-chroot.sh] | ||
6756 | Don't use -q on sftp as it suppresses logging, instead redirect the | ||
6757 | output to the regress logfile. | ||
6758 | |||
6759 | commit 6486f16f1c0ebd6f39286f6ab5e08286d90a994a | ||
6760 | Author: Damien Miller <djm@mindrot.org> | ||
6761 | Date: Fri Feb 28 10:03:52 2014 +1100 | ||
6762 | |||
6763 | - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] | ||
6764 | [contrib/suse/openssh.spec] Crank version numbers | ||
6765 | |||
6766 | commit 92cf5adea194140380e6af6ec32751f9ad540794 | ||
6767 | Author: Damien Miller <djm@mindrot.org> | ||
6768 | Date: Fri Feb 28 10:01:53 2014 +1100 | ||
6769 | |||
6770 | - djm@cvs.openbsd.org 2014/02/27 22:57:40 | ||
6771 | [version.h] | ||
6772 | openssh-6.6 | ||
6773 | |||
6774 | commit fc5d6759aba71eb205b296b5f148010ffc828583 | ||
6775 | Author: Damien Miller <djm@mindrot.org> | ||
6776 | Date: Fri Feb 28 10:01:28 2014 +1100 | ||
6777 | |||
6778 | - djm@cvs.openbsd.org 2014/02/27 22:47:07 | ||
6779 | [sshd_config.5] | ||
6780 | bz#2184 clarify behaviour of a keyword that appears in multiple | ||
6781 | matching Match blocks; ok dtucker@ | ||
6782 | |||
6783 | commit 172ec7e0af1a5f1d682f6a2dca335c6c186153d5 | ||
6784 | Author: Damien Miller <djm@mindrot.org> | ||
6785 | Date: Fri Feb 28 10:00:57 2014 +1100 | ||
6786 | |||
6787 | - djm@cvs.openbsd.org 2014/02/27 08:25:09 | ||
6788 | [bufbn.c] | ||
6789 | off by one in range check | ||
6790 | |||
6791 | commit f9a9aaba437c2787e40cf7cc928281950e161678 | ||
6792 | Author: Damien Miller <djm@mindrot.org> | ||
6793 | Date: Fri Feb 28 10:00:27 2014 +1100 | ||
6794 | |||
6795 | - djm@cvs.openbsd.org 2014/02/27 00:41:49 | ||
6796 | [bufbn.c] | ||
6797 | fix unsigned overflow that could lead to reading a short ssh protocol | ||
6798 | 1 bignum value; found by Ben Hawkes; ok deraadt@ | ||
6799 | |||
6800 | commit fb3423b612713d9cde67c8a75f6f51188d6a3de3 | ||
6801 | Author: Damien Miller <djm@mindrot.org> | ||
6802 | Date: Thu Feb 27 10:20:07 2014 +1100 | ||
6803 | |||
6804 | - markus@cvs.openbsd.org 2014/02/26 21:53:37 | ||
6805 | [sshd.c] | ||
6806 | ssh_gssapi_prepare_supported_oids needs GSSAPI | ||
6807 | |||
6808 | commit 1348129a34f0f7728c34d86c100a32dcc8d1f922 | ||
6809 | Author: Damien Miller <djm@mindrot.org> | ||
6810 | Date: Thu Feb 27 10:18:32 2014 +1100 | ||
6811 | |||
6812 | - djm@cvs.openbsd.org 2014/02/26 20:29:29 | ||
6813 | [channels.c] | ||
6814 | don't assume that the socks4 username is \0 terminated; | ||
6815 | spotted by Ben Hawkes; ok markus@ | ||
6816 | |||
6817 | commit e6a74aeeacd01d885262ff8e50eb28faee8c8039 | ||
6818 | Author: Damien Miller <djm@mindrot.org> | ||
6819 | Date: Thu Feb 27 10:17:49 2014 +1100 | ||
6820 | |||
6821 | - djm@cvs.openbsd.org 2014/02/26 20:28:44 | ||
6822 | [auth2-gss.c gss-serv.c ssh-gss.h sshd.c] | ||
6823 | bz#2107 - cache OIDs of supported GSSAPI mechanisms before privsep | ||
6824 | sandboxing, as running this code in the sandbox can cause violations; | ||
6825 | ok markus@ | ||
6826 | |||
6827 | commit 08b57c67f3609340ff703fe2782d7058acf2529e | ||
6828 | Author: Damien Miller <djm@mindrot.org> | ||
6829 | Date: Thu Feb 27 10:17:13 2014 +1100 | ||
6830 | |||
6831 | - djm@cvs.openbsd.org 2014/02/26 20:18:37 | ||
6832 | [ssh.c] | ||
6833 | bz#2205: avoid early hostname lookups unless canonicalisation is enabled; | ||
6834 | ok dtucker@ markus@ | ||
6835 | |||
6836 | commit 13f97b2286142fd0b8eab94e4ce84fe124eeb752 | ||
6837 | Author: Damien Miller <djm@mindrot.org> | ||
6838 | Date: Mon Feb 24 15:57:55 2014 +1100 | ||
6839 | |||
6840 | - djm@cvs.openbsd.org 2014/02/23 20:11:36 | ||
6841 | [readconf.c readconf.h ssh.c ssh_config.5] | ||
6842 | reparse ssh_config and ~/.ssh/config if hostname canonicalisation changes | ||
6843 | the hostname. This allows users to write configurations that always | ||
6844 | refer to canonical hostnames, e.g. | ||
6845 | |||
6846 | CanonicalizeHostname yes | ||
6847 | CanonicalDomains int.example.org example.org | ||
6848 | CanonicalizeFallbackLocal no | ||
6849 | |||
6850 | Host *.int.example.org | ||
6851 | Compression off | ||
6852 | Host *.example.org | ||
6853 | User djm | ||
6854 | |||
6855 | ok markus@ | ||
6856 | |||
6857 | commit bee3a234f3d1ad4244952bcff1b4b7c525330dc2 | ||
6858 | Author: Damien Miller <djm@mindrot.org> | ||
6859 | Date: Mon Feb 24 15:57:22 2014 +1100 | ||
6860 | |||
6861 | - djm@cvs.openbsd.org 2014/02/23 20:03:42 | ||
6862 | [ssh-ed25519.c] | ||
6863 | check for unsigned overflow; not reachable in OpenSSH but others might | ||
6864 | copy our code... | ||
6865 | |||
6866 | commit 0628780abe61e7e50cba48cdafb1837f49ff23b2 | ||
6867 | Author: Damien Miller <djm@mindrot.org> | ||
6868 | Date: Mon Feb 24 15:56:45 2014 +1100 | ||
6869 | |||
6870 | - djm@cvs.openbsd.org 2014/02/22 01:32:19 | ||
6871 | [readconf.c] | ||
6872 | when processing Match blocks, skip 'exec' clauses if previous predicates | ||
6873 | failed to match; ok markus@ | ||
6874 | |||
6875 | commit 0890dc8191bb201eb01c3429feec0300a9d3a930 | ||
6876 | Author: Damien Miller <djm@mindrot.org> | ||
6877 | Date: Mon Feb 24 15:56:07 2014 +1100 | ||
6878 | |||
6879 | - djm@cvs.openbsd.org 2014/02/15 23:05:36 | ||
6880 | [channels.c] | ||
6881 | avoid spurious "getsockname failed: Bad file descriptor" errors in ssh -W; | ||
6882 | bz#2200, debian#738692 via Colin Watson; ok dtucker@ | ||
6883 | |||
6884 | commit d3cf67e1117c25d151d0f86396e77ee3a827045a | ||
6885 | Author: Damien Miller <djm@mindrot.org> | ||
6886 | Date: Mon Feb 24 15:55:36 2014 +1100 | ||
6887 | |||
6888 | - djm@cvs.openbsd.org 2014/02/07 06:55:54 | ||
6889 | [cipher.c mac.c] | ||
6890 | remove some logging that makes ssh debugging output very verbose; | ||
6891 | ok markus | ||
6892 | |||
6893 | commit 03ae081aeaa118361c81ece76eb7cc1aaa2b40c5 | ||
6894 | Author: Tim Rice <tim@multitalents.net> | ||
6895 | Date: Fri Feb 21 09:09:34 2014 -0800 | ||
6896 | |||
6897 | 20140221 | ||
6898 | - (tim) [configure.ac] Fix cut-and-paste error. Patch from Bryan Drewery. | ||
6899 | |||
6900 | commit 4a20959d2e3c90e9d66897c0b4032c785672d815 | ||
6901 | Author: Darren Tucker <dtucker@zip.com.au> | ||
6902 | Date: Thu Feb 13 16:38:32 2014 +1100 | ||
6903 | |||
6904 | - (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}] Add compat | ||
6905 | code for older OpenSSL versions that don't have EVP_MD_CTX_copy_ex. | ||
6906 | |||
6907 | commit d1a7a9c0fd1ac2e3314cceb2891959fd2cd9eabb | ||
6908 | Author: Damien Miller <djm@mindrot.org> | ||
6909 | Date: Fri Feb 7 09:24:33 2014 +1100 | ||
6910 | |||
6911 | - djm@cvs.openbsd.org 2014/02/06 22:21:01 | ||
6912 | [sshconnect.c] | ||
6913 | in ssh_create_socket(), only do the getaddrinfo for BindAddress when | ||
6914 | BindAddress is actually specified. Fixes regression in 6.5 for | ||
6915 | UsePrivilegedPort=yes; patch from Corinna Vinschen | ||
6916 | |||
6917 | commit 6ce35b6cc4ead1bf98abec34cb2e2d6ca0abb15e | ||
6918 | Author: Damien Miller <djm@mindrot.org> | ||
6919 | Date: Fri Feb 7 09:24:14 2014 +1100 | ||
6920 | |||
6921 | - naddy@cvs.openbsd.org 2014/02/05 20:13:25 | ||
6922 | [ssh-keygen.1 ssh-keygen.c] | ||
6923 | tweak synopsis: calling ssh-keygen without any arguments is fine; ok jmc@ | ||
6924 | while here, fix ordering in usage(); requested by jmc@ | ||
6925 | |||
6926 | commit 6434cb2cfbbf0a46375d2d22f2ff9927feb5e478 | ||
6927 | Author: Damien Miller <djm@mindrot.org> | ||
6928 | Date: Thu Feb 6 11:17:50 2014 +1100 | ||
6929 | |||
6930 | - (djm) [sandbox-seccomp-filter.c] Not all Linux architectures define | ||
6931 | __NR_shutdown; some go via the socketcall(2) multiplexer. | ||
6932 | |||
6933 | commit 8d36f9ac71eff2e9f5770c0518b73d875f270647 | ||
6934 | Author: Darren Tucker <dtucker@zip.com.au> | ||
6935 | Date: Thu Feb 6 10:44:13 2014 +1100 | ||
6936 | |||
6937 | - (dtucker) [openbsd-compat/bsd-poll.c] Don't bother checking for non-NULL | ||
6938 | before freeing since free(NULL) is a no-op. ok djm. | ||
6939 | |||
6940 | commit a0959da3680b4ce8cf911caf3293a6d90f88eeb7 | ||
6941 | Author: Damien Miller <djm@mindrot.org> | ||
6942 | Date: Wed Feb 5 10:33:45 2014 +1100 | ||
6943 | |||
6944 | - (djm) [sandbox-capsicum.c] Don't fatal if Capsicum is offered by | ||
6945 | headers/libc but not supported by the kernel. Patch from Loganaden | ||
6946 | Velvindron @ AfriNIC | ||
6947 | |||
6948 | commit 9c449bc183b256c84d8f740727b0bc54d247b15e | ||
6949 | Author: Damien Miller <djm@mindrot.org> | ||
6950 | Date: Tue Feb 4 11:38:28 2014 +1100 | ||
6951 | |||
6952 | - (djm) [regress/setuid-allowed.c] Missing string.h for strerror() | ||
6953 | |||
6954 | commit bf7e0f03be661b6f5b3bfe325135ce19391f9c4d | ||
6955 | Author: Damien Miller <djm@mindrot.org> | ||
6956 | Date: Tue Feb 4 11:37:50 2014 +1100 | ||
6957 | |||
6958 | - (djm) [openbsd-compat/Makefile.in] Add missing explicit_bzero.o | ||
6959 | |||
6960 | commit eb6d870a0ea8661299bb2ea8f013d3ace04e2024 | ||
6961 | Author: Damien Miller <djm@mindrot.org> | ||
6962 | Date: Tue Feb 4 11:26:34 2014 +1100 | ||
6963 | |||
6964 | - djm@cvs.openbsd.org 2014/02/04 00:24:29 | ||
6965 | [ssh.c] | ||
6966 | delay lowercasing of hostname until right before hostname | ||
6967 | canonicalisation to unbreak case-sensitive matching of ssh_config; | ||
6968 | reported by Ike Devolder; ok markus@ | ||
6969 | |||
6970 | commit d56b44d2dfa093883a5c4e91be3f72d99946b170 | ||
6971 | Author: Damien Miller <djm@mindrot.org> | ||
6972 | Date: Tue Feb 4 11:26:04 2014 +1100 | ||
6973 | |||
6974 | - djm@cvs.openbsd.org 2014/02/04 00:24:29 | ||
6975 | [ssh.c] | ||
6976 | delay lowercasing of hostname until right before hostname | ||
6977 | canonicalisation to unbreak case-sensitive matching of ssh_config; | ||
6978 | reported by Ike Devolder; ok markus@ | ||
6979 | |||
6980 | commit db3c595ea74ea9ccd5aa644d7e1f8dc675710731 | ||
6981 | Author: Damien Miller <djm@mindrot.org> | ||
6982 | Date: Tue Feb 4 11:25:45 2014 +1100 | ||
6983 | |||
6984 | - djm@cvs.openbsd.org 2014/02/02 03:44:31 | ||
6985 | [digest-libc.c digest-openssl.c] | ||
6986 | convert memset of potentially-private data to explicit_bzero() | ||
6987 | |||
6988 | commit aae07e2e2000dd318418fd7fd4597760904cae32 | ||
6989 | Author: Damien Miller <djm@mindrot.org> | ||
6990 | Date: Tue Feb 4 11:20:40 2014 +1100 | ||
6991 | |||
6992 | - djm@cvs.openbsd.org 2014/02/03 23:28:00 | ||
6993 | [ssh-ecdsa.c] | ||
6994 | fix memory leak; ECDSA_SIG_new() allocates 'r' and 's' for us, unlike | ||
6995 | DSA_SIG_new. Reported by Batz Spear; ok markus@ | ||
6996 | |||
6997 | commit a5103f413bde6f31bff85d6e1fd29799c647d765 | ||
6998 | Author: Damien Miller <djm@mindrot.org> | ||
6999 | Date: Tue Feb 4 11:20:14 2014 +1100 | ||
7000 | |||
7001 | - djm@cvs.openbsd.org 2014/02/02 03:44:32 | ||
7002 | [auth1.c auth2-chall.c auth2-passwd.c authfile.c bufaux.c bufbn.c] | ||
7003 | [buffer.c cipher-3des1.c cipher.c clientloop.c gss-serv.c kex.c] | ||
7004 | [kexdhc.c kexdhs.c kexecdhc.c kexgexc.c kexecdhs.c kexgexs.c key.c] | ||
7005 | [monitor.c monitor_wrap.c packet.c readpass.c rsa.c serverloop.c] | ||
7006 | [ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c ssh-ed25519.c] | ||
7007 | [ssh-keygen.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c] | ||
7008 | [sshd.c] | ||
7009 | convert memset of potentially-private data to explicit_bzero() | ||
7010 | |||
7011 | commit 1d2c4564265ee827147af246a16f3777741411ed | ||
7012 | Author: Damien Miller <djm@mindrot.org> | ||
7013 | Date: Tue Feb 4 11:18:20 2014 +1100 | ||
7014 | |||
7015 | - tedu@cvs.openbsd.org 2014/01/31 16:39:19 | ||
7016 | [auth2-chall.c authfd.c authfile.c bufaux.c bufec.c canohost.c] | ||
7017 | [channels.c cipher-chachapoly.c clientloop.c configure.ac hostfile.c] | ||
7018 | [kexc25519.c krl.c monitor.c sandbox-systrace.c session.c] | ||
7019 | [sftp-client.c ssh-keygen.c ssh.c sshconnect2.c sshd.c sshlogin.c] | ||
7020 | [openbsd-compat/explicit_bzero.c openbsd-compat/openbsd-compat.h] | ||
7021 | replace most bzero with explicit_bzero, except a few that cna be memset | ||
7022 | ok djm dtucker | ||
7023 | |||
7024 | commit 3928de067c286683a95fbdbdb5fdb3c78a0e5efd | ||
7025 | Author: Damien Miller <djm@mindrot.org> | ||
7026 | Date: Tue Feb 4 11:13:54 2014 +1100 | ||
7027 | |||
7028 | - djm@cvs.openbsd.org 2014/01/30 22:26:14 | ||
7029 | [sandbox-systrace.c] | ||
7030 | allow shutdown(2) syscall in sandbox - it may be called by packet_close() | ||
7031 | from portable | ||
7032 | (Id sync only; change is already in portable) | ||
7033 | |||
7034 | commit e1e480aee8a9af6cfbe7188667b7b940d6b57f9f | ||
7035 | Author: Damien Miller <djm@mindrot.org> | ||
7036 | Date: Tue Feb 4 11:13:17 2014 +1100 | ||
7037 | |||
7038 | - jmc@cvs.openbsd.org 2014/01/29 14:04:51 | ||
7039 | [sshd_config.5] | ||
7040 | document kbdinteractiveauthentication; | ||
7041 | requested From: Ross L Richardson | ||
7042 | |||
7043 | dtucker/markus helped explain its workings; | ||
7044 | |||
7045 | commit 7cc194f70d4a5ec9a82d19422eaf18db4a6624c6 | ||
7046 | Author: Damien Miller <djm@mindrot.org> | ||
7047 | Date: Tue Feb 4 11:12:56 2014 +1100 | ||
7048 | |||
7049 | - djm@cvs.openbsd.org 2014/01/29 06:18:35 | ||
7050 | [Makefile.in auth.h auth2-jpake.c auth2.c jpake.c jpake.h monitor.c] | ||
7051 | [monitor.h monitor_wrap.c monitor_wrap.h readconf.c readconf.h] | ||
7052 | [schnorr.c schnorr.h servconf.c servconf.h ssh2.h sshconnect2.c] | ||
7053 | remove experimental, never-enabled JPAKE code; ok markus@ | ||
7054 | |||
7055 | commit b0f26544cf6f4feeb1a4f6db09fca834f5c9867d | ||
7056 | Author: Damien Miller <djm@mindrot.org> | ||
7057 | Date: Tue Feb 4 11:10:01 2014 +1100 | ||
7058 | |||
7059 | - djm@cvs.openbsd.org 2014/01/29 00:19:26 | ||
7060 | [sshd.c] | ||
7061 | use kill(0, ...) instead of killpg(0, ...); on most operating systems | ||
7062 | they are equivalent, but SUSv2 describes the latter as having undefined | ||
7063 | behaviour; from portable; ok dtucker | ||
7064 | (Id sync only; change is already in portable) | ||
7065 | |||
7066 | commit f8f35bc471500348bb262039fb1fc43175d251b0 | ||
7067 | Author: Damien Miller <djm@mindrot.org> | ||
7068 | Date: Tue Feb 4 11:09:12 2014 +1100 | ||
7069 | |||
7070 | - jmc@cvs.openbsd.org 2014/01/28 14:13:39 | ||
7071 | [ssh-keyscan.1] | ||
7072 | kill some bad Pa; | ||
7073 | From: Jan Stary | ||
7074 | |||
7075 | commit 0ba85d696ae9daf66002c2e4ab0d6bb111e1a787 | ||
7076 | Author: Damien Miller <djm@mindrot.org> | ||
7077 | Date: Tue Feb 4 11:08:38 2014 +1100 | ||
7078 | |||
7079 | ignore a few more regress droppings | ||
7080 | |||
7081 | commit ec93d15170b7a6ddf63fd654bd0f6a752acc19dd | ||
7082 | Author: Damien Miller <djm@mindrot.org> | ||
7083 | Date: Tue Feb 4 11:07:13 2014 +1100 | ||
7084 | |||
7085 | - markus@cvs.openbsd.org 2014/01/27 20:13:46 | ||
7086 | [digest.c digest-openssl.c digest-libc.c Makefile.in] | ||
7087 | rename digest.c to digest-openssl.c and add libc variant; ok djm@ | ||
7088 | |||
7089 | commit 4a1c7aa640fb97d3472d51b215b6a0ec0fd025c7 | ||
7090 | Author: Damien Miller <djm@mindrot.org> | ||
7091 | Date: Tue Feb 4 11:03:36 2014 +1100 | ||
7092 | |||
7093 | - markus@cvs.openbsd.org 2014/01/27 19:18:54 | ||
7094 | [auth-rsa.c cipher.c ssh-agent.c sshconnect1.c sshd.c] | ||
7095 | replace openssl MD5 with our ssh_digest_*; ok djm@ | ||
7096 | |||
7097 | commit 4e8d937af79ce4e253f77ec93489d098b25becc3 | ||
7098 | Author: Damien Miller <djm@mindrot.org> | ||
7099 | Date: Tue Feb 4 11:02:42 2014 +1100 | ||
7100 | |||
7101 | - markus@cvs.openbsd.org 2014/01/27 18:58:14 | ||
7102 | [Makefile.in digest.c digest.h hostfile.c kex.h mac.c hmac.c hmac.h] | ||
7103 | replace openssl HMAC with an implementation based on our ssh_digest_* | ||
7104 | ok and feedback djm@ | ||
7105 | |||
7106 | commit 69d0d09f76bab5aec86fbf78489169f63bd16475 | ||
7107 | Author: Tim Rice <tim@multitalents.net> | ||
7108 | Date: Fri Jan 31 14:25:18 2014 -0800 | ||
7109 | |||
7110 | - (tim) [Makefile.in] build regress/setuid-allow. | ||
7111 | |||
7112 | commit 0eeafcd76b972a3d159f3118227c149a4d7817fe | ||
7113 | Author: Darren Tucker <dtucker@zip.com.au> | ||
7114 | Date: Fri Jan 31 14:18:51 2014 +1100 | ||
7115 | |||
7116 | - (dtucker) [readconf.c] Include <arpa/inet.h> for the hton macros. Fixes | ||
7117 | build with HP-UX's compiler. Patch from Kevin Brott. | ||
7118 | |||
7119 | commit 7e5cec6070673e9f9785ffc749837ada22fbe99f | ||
7120 | Author: Damien Miller <djm@mindrot.org> | ||
7121 | Date: Fri Jan 31 09:25:34 2014 +1100 | ||
7122 | |||
7123 | - (djm) [sandbox-seccomp-filter.c sandbox-systrace.c] Allow shutdown(2) | ||
7124 | syscall from sandboxes; it may be called by packet_close. | ||
7125 | |||
7126 | commit cdb6c90811caa5df2df856be9b0b16db020fe31d | ||
7127 | Author: Damien Miller <djm@mindrot.org> | ||
7128 | Date: Thu Jan 30 12:50:17 2014 +1100 | ||
7129 | |||
7130 | - (djm) Release openssh-6.5p1 | ||
7131 | |||
7132 | commit 996ea80b1884b676a901439f1f2681eb6ff68501 | ||
7133 | Author: Damien Miller <djm@mindrot.org> | ||
7134 | Date: Thu Jan 30 12:49:55 2014 +1100 | ||
7135 | |||
7136 | trim entries prior to openssh-6.0p1 | ||
7137 | |||
7138 | commit f5bbd3b657b6340551c8a95f74a70857ff8fac79 | ||
7139 | Author: Damien Miller <djm@mindrot.org> | ||
7140 | Date: Thu Jan 30 11:26:46 2014 +1100 | ||
7141 | |||
7142 | - (djm) [configure.ac atomicio.c] Kludge around NetBSD offering | ||
7143 | different symbols for 'read' when various compiler flags are | ||
7144 | in use, causing atomicio.c comparisons against it to break and | ||
7145 | read/write operations to hang; ok dtucker | ||
7146 | |||
7147 | commit c2868192ddc4e1420a50389e18c05db20b0b1f32 | ||
7148 | Author: Damien Miller <djm@mindrot.org> | ||
7149 | Date: Thu Jan 30 10:21:19 2014 +1100 | ||
7150 | |||
7151 | - (djm) [configure.ac] Only check for width-specified integer types | ||
7152 | in headers that actually exist. patch from Tom G. Christensen; | ||
7153 | ok dtucker@ | ||
7154 | |||
7155 | commit c161fc90fc86e2035710570238a9e1ca7a68d2a5 | ||
7156 | Author: Damien Miller <djm@mindrot.org> | ||
7157 | Date: Wed Jan 29 21:01:33 2014 +1100 | ||
7158 | |||
7159 | - (djm) [configure.ac] Fix broken shell test '==' vs '='; patch from | ||
7160 | Tom G. Christensen | ||
7161 | |||
7162 | commit 6f917ad376481995ab7d29fb53b08ec8d507eb9e | ||
7163 | Author: Tim Rice <tim@multitalents.net> | ||
7164 | Date: Tue Jan 28 10:26:25 2014 -0800 | ||
7165 | |||
7166 | - (tim) [regress/agent.sh regress/agent-ptrace.sh] Assign $? to a variable | ||
7167 | when used as an error message inside an if statement so we display the | ||
7168 | correct into. agent.sh patch from Petr Lautrbach. | ||
7169 | |||
7170 | commit ab16ef4152914d44ce6f76e48167d26d22f66a06 | ||
7171 | Author: Damien Miller <djm@mindrot.org> | ||
7172 | Date: Tue Jan 28 15:08:12 2014 +1100 | ||
7173 | |||
7174 | - (djm) [sshd.c] Use kill(0, ...) instead of killpg(0, ...); the | ||
7175 | latter being specified to have undefined behaviour in SUSv3; | ||
7176 | ok dtucker | ||
7177 | |||
7178 | commit ab0394905884dc6e58c3721211c6b38fb8fc2ca8 | ||
7179 | Author: Damien Miller <djm@mindrot.org> | ||
7180 | Date: Tue Jan 28 15:07:10 2014 +1100 | ||
7181 | |||
7182 | - (djm) [configure.ac] Search for inet_ntop in libnsl and libresovl; | ||
7183 | ok dtucker | ||
7184 | |||
7185 | commit 4ab20a82d4d4168d62318923f62382f6ef242fcd | ||
7186 | Author: Darren Tucker <dtucker@zip.com.au> | ||
7187 | Date: Mon Jan 27 17:35:04 2014 +1100 | ||
7188 | |||
7189 | - (dtucker) [Makefile.in] Remove trailing backslash which some make | ||
7190 | implementations (eg older Solaris) do not cope with. | ||
7191 | |||
7192 | commit e7e8b3cfe9f8665faaf0e68b33df5bbb431bd129 | ||
7193 | Author: Darren Tucker <dtucker@zip.com.au> | ||
7194 | Date: Mon Jan 27 17:32:50 2014 +1100 | ||
7195 | |||
7196 | Welcome to 2014 | ||
7197 | |||
7198 | commit 5b447c0aac0dd444251e276f6bb3bbbe1c05331c | ||
7199 | Author: Damien Miller <djm@mindrot.org> | ||
7200 | Date: Sun Jan 26 09:46:53 2014 +1100 | ||
7201 | |||
7202 | - (djm) [configure.ac] correct AC_DEFINE for previous. | ||
7203 | |||
7204 | commit 2035b2236d3b1f76c749c642a43e03c85eae76e6 | ||
7205 | Author: Damien Miller <djm@mindrot.org> | ||
7206 | Date: Sun Jan 26 09:39:53 2014 +1100 | ||
7207 | |||
7208 | - (djm) [configure.ac sandbox-capsicum.c sandbox-rlimit.c] Disable | ||
7209 | RLIMIT_NOFILE pseudo-sandbox on FreeBSD. In some configurations, | ||
7210 | libc will attempt to open additional file descriptors for crypto | ||
7211 | offload and crash if they cannot be opened. | ||
7212 | |||
7213 | commit a92ac7410475fbb00383c7402aa954dc0a75ae19 | ||
7214 | Author: Damien Miller <djm@mindrot.org> | ||
7215 | Date: Sun Jan 26 09:38:03 2014 +1100 | ||
7216 | |||
7217 | - markus@cvs.openbsd.org 2014/01/25 20:35:37 | ||
7218 | [kex.c] | ||
7219 | dh_need needs to be set to max(seclen, blocksize, ivlen, mac_len) | ||
7220 | ok dtucker@, noted by mancha | ||
7221 | |||
7222 | commit 76eea4ab4e658670ca6e76dd1e6d17f262208b57 | ||
7223 | Author: Damien Miller <djm@mindrot.org> | ||
7224 | Date: Sun Jan 26 09:37:25 2014 +1100 | ||
7225 | |||
7226 | - dtucker@cvs.openbsd.org 2014/01/25 10:12:50 | ||
7227 | [cipher.c cipher.h kex.c kex.h kexgexc.c] | ||
7228 | Add a special case for the DH group size for 3des-cbc, which has an | ||
7229 | effective strength much lower than the key size. This causes problems | ||
7230 | with some cryptlib implementations, which don't support group sizes larger | ||
7231 | than 4k but also don't use the largest group size it does support as | ||
7232 | specified in the RFC. Based on a patch from Petr Lautrbach at Redhat, | ||
7233 | reduced by me with input from Markus. ok djm@ markus@ | ||
7234 | |||
7235 | commit 603b8f47f1cd9ed95a2017447db8e60ca6704594 | ||
7236 | Author: Damien Miller <djm@mindrot.org> | ||
7237 | Date: Sat Jan 25 13:16:59 2014 +1100 | ||
7238 | |||
7239 | - (djm) [configure.ac] autoconf sets finds to 'yes' not '1', so test | ||
7240 | against the correct thing. | ||
7241 | |||
7242 | commit c96d85376d779b6ac61525b5440010d344d2f23f | ||
7243 | Author: Damien Miller <djm@mindrot.org> | ||
7244 | Date: Sat Jan 25 13:12:28 2014 +1100 | ||
7245 | |||
7246 | - (djm) [configure.ac] Do not attempt to use capsicum sandbox unless | ||
7247 | sys/capability.h exists and cap_rights_limit is in libc. Fixes | ||
7248 | build on FreeBSD9x which provides the header but not the libc | ||
7249 | support. | ||
7250 | |||
7251 | commit f62ecef9939cb3dbeb10602fd705d4db3976d822 | ||
7252 | Author: Damien Miller <djm@mindrot.org> | ||
7253 | Date: Sat Jan 25 12:34:38 2014 +1100 | ||
7254 | |||
7255 | - (djm) [configure.ac] Fix detection of capsicum sandbox on FreeBSD | ||
7256 | |||
7257 | commit b0e0f760b861676a3fe5c40133b270713d5321a9 | ||
7258 | Author: Damien Miller <djm@mindrot.org> | ||
7259 | Date: Fri Jan 24 14:27:04 2014 +1100 | ||
7260 | |||
7261 | - (djm) [Makefile.in regress/scp-ssh-wrapper.sh regress/scp.sh] Make | ||
7262 | the scp regress test actually test the built scp rather than the one | ||
7263 | in $PATH. ok dtucker@ | ||
7264 | |||
7265 | commit 42a092530159637da9cb7f9e1b5f4679e34a85e6 | ||
7266 | Author: Darren Tucker <dtucker@zip.com.au> | ||
7267 | Date: Thu Jan 23 23:14:39 2014 +1100 | ||
7268 | |||
7269 | - (dtucker) [configure.ac] NetBSD's (and FreeBSD's) strnvis is gratuitously | ||
7270 | incompatible with OpenBSD's despite post-dating it by more than a decade. | ||
7271 | Declare it as broken, and document FreeBSD's as the same. ok djm@ | ||
7272 | |||
7273 | commit 617da33c20cb59f9ea6c99c881d92493371ef7b8 | ||
7274 | Author: Tim Rice <tim@multitalents.net> | ||
7275 | Date: Wed Jan 22 19:16:10 2014 -0800 | ||
7276 | |||
7277 | - (tim) [session.c] Improve error reporting on set_id(). | ||
7278 | |||
7279 | commit 5c2ff5e31f57d303ebb414d84a934c02728fa568 | ||
7280 | Author: Damien Miller <djm@mindrot.org> | ||
7281 | Date: Wed Jan 22 21:30:12 2014 +1100 | ||
7282 | |||
7283 | - (djm) [configure.ac aclocal.m4] More tests to detect fallout from | ||
7284 | platform hardening options: include some long long int arithmatic | ||
7285 | to detect missing support functions for -ftrapv in libgcc and | ||
7286 | equivalents, actually test linking when -ftrapv is supplied and | ||
7287 | set either both -pie/-fPIE or neither. feedback and ok dtucker@ | ||
7288 | |||
7289 | commit 852472a54b8a0dc3e53786b313baaa86850a4273 | ||
7290 | Author: Damien Miller <djm@mindrot.org> | ||
7291 | Date: Wed Jan 22 16:31:18 2014 +1100 | ||
7292 | |||
7293 | - (djm) [configure.ac] Unless specifically requested, only attempt | ||
7294 | to build Position Independent Executables on gcc >= 4.x; ok dtucker | ||
7295 | |||
7296 | commit ee87838786cef0194db36ae0675b3e7c4e8ec661 | ||
7297 | Author: Damien Miller <djm@mindrot.org> | ||
7298 | Date: Wed Jan 22 16:30:15 2014 +1100 | ||
7299 | |||
7300 | - (djm) [openbsd-compat/setproctitle.c] Don't fail to compile if a | ||
7301 | platform that is expected to use the reuse-argv style setproctitle | ||
7302 | hack surprises us by providing a setproctitle in libc; ok dtucker | ||
7303 | |||
7304 | commit 5c96a154c7940fa67b1f11c421e390dbbc159f27 | ||
7305 | Author: Damien Miller <djm@mindrot.org> | ||
7306 | Date: Tue Jan 21 13:10:26 2014 +1100 | ||
7307 | |||
7308 | - (djm) [aclocal.m4] Flesh out the code run in the OSSH_CHECK_CFLAG_COMPILE | ||
7309 | and OSSH_CHECK_LDFLAG_LINK tests to give them a better chance of | ||
7310 | detecting toolchain-related problems; ok dtucker | ||
7311 | |||
7312 | commit 9464ba6fb34bb42eb3501ec3c5143662e75674bf | ||
7313 | Author: Tim Rice <tim@multitalents.net> | ||
7314 | Date: Mon Jan 20 17:59:28 2014 -0800 | ||
7315 | |||
7316 | - (tim) [platform.c session.c] Fix bug affecting SVR5 platforms introduced | ||
7317 | with sftp chroot support. Move set_id call after chroot. | ||
7318 | |||
7319 | commit a6d573caa14d490e6c42fb991bcb5c6860ec704b | ||
7320 | Author: Darren Tucker <dtucker@zip.com.au> | ||
7321 | Date: Tue Jan 21 12:50:46 2014 +1100 | ||
7322 | |||
7323 | - (dtucker) [aclocal.m4] Differentiate between compile-time and link-time | ||
7324 | tests in the configure output. ok djm. | ||
7325 | |||
7326 | commit 096118dc73ab14810b3c12785c0b5acb01ad6123 | ||
7327 | Author: Darren Tucker <dtucker@zip.com.au> | ||
7328 | Date: Tue Jan 21 12:48:51 2014 +1100 | ||
7329 | |||
7330 | - (dtucker) [configure.ac] Make PIE a configure-time option which defaults | ||
7331 | to on platforms where it's known to be reliably detected and off elsewhere. | ||
7332 | Works around platforms such as FreeBSD 9.1 where it does not interop with | ||
7333 | -ftrapv (it seems to work but fails when trying to link ssh). ok djm@ | ||
7334 | |||
7335 | commit f9df7f6f477792254eab33cdef71a6d66488cb88 | ||
7336 | Author: Damien Miller <djm@mindrot.org> | ||
7337 | Date: Mon Jan 20 20:07:15 2014 +1100 | ||
7338 | |||
7339 | - (djm) [regress/cert-hostkey.sh] Fix regress failure on platforms that | ||
7340 | skip one or more key types (e.g. RHEL/CentOS 6.5); ok dtucker@ | ||
7341 | |||
7342 | commit c74e70eb52ccc0082bd5a70b5798bb01c114d138 | ||
7343 | Author: Darren Tucker <dtucker@zip.com.au> | ||
7344 | Date: Mon Jan 20 13:18:09 2014 +1100 | ||
7345 | |||
7346 | - (dtucker) [gss-serv-krb5.c] Fall back to krb5_cc_gen_new if the Kerberos | ||
7347 | implementation does not have krb5_cc_new_unique, similar to what we do | ||
7348 | in auth-krb5.c. | ||
7349 | |||
7350 | commit 3510979e83b6a18ec8773c64c3fa04aa08b2e783 | ||
7351 | Author: Damien Miller <djm@mindrot.org> | ||
7352 | Date: Mon Jan 20 12:41:53 2014 +1100 | ||
7353 | |||
7354 | - djm@cvs.openbsd.org 2014/01/20 00:08:48 | ||
7355 | [digest.c] | ||
7356 | memleak; found by Loganaden Velvindron @ AfriNIC; ok markus@ | ||
7357 | |||
7358 | commit 7eee358d7a6580479bee5cd7e52810ebfd03e5b2 | ||
7359 | Author: Darren Tucker <dtucker@zip.com.au> | ||
7360 | Date: Sun Jan 19 22:37:02 2014 +1100 | ||
7361 | |||
7362 | - dtucker@cvs.openbsd.org 2014/01/19 11:21:51 | ||
7363 | [addrmatch.c] | ||
7364 | Cast the sizeof to socklen_t so it'll work even if the supplied len is | ||
7365 | negative. Suggested by and ok djm, ok deraadt. | ||
7366 | |||
7367 | commit b7e01c09b56ab26e8fac56bbce0fd25e36d12bb0 | ||
7368 | Author: Darren Tucker <dtucker@zip.com.au> | ||
7369 | Date: Sun Jan 19 22:36:13 2014 +1100 | ||
7370 | |||
7371 | - djm@cvs.openbsd.org 2014/01/19 04:48:08 | ||
7372 | [ssh_config.5] | ||
7373 | fix inverted meaning of 'no' and 'yes' for CanonicalizeFallbackLocal | ||
7374 | |||
7375 | commit 7b1ded04adce42efa25ada7c3a39818d3109b724 | ||
7376 | Author: Darren Tucker <dtucker@zip.com.au> | ||
7377 | Date: Sun Jan 19 15:30:02 2014 +1100 | ||
7378 | |||
7379 | - dtucker@cvs.openbsd.org 2014/01/19 04:17:29 | ||
7380 | [canohost.c addrmatch.c] | ||
7381 | Cast socklen_t when comparing to size_t and use socklen_t to iterate over | ||
7382 | the ip options, both to prevent signed/unsigned comparison warnings. | ||
7383 | Patch from vinschen at redhat via portable openssh, begrudging ok deraadt. | ||
7384 | |||
7385 | commit 293ee3c9f0796d99ebb033735f0e315f2e0180bf | ||
7386 | Author: Darren Tucker <dtucker@zip.com.au> | ||
7387 | Date: Sun Jan 19 15:28:01 2014 +1100 | ||
7388 | |||
7389 | - dtucker@cvs.openbsd.org 2014/01/18 09:36:26 | ||
7390 | [session.c] | ||
7391 | explicitly define USE_PIPES to 1 to prevent redefinition warnings in | ||
7392 | portable on platforms that use pipes for everything. From redhat @ | ||
7393 | redhat. | ||
7394 | |||
7395 | commit 2aca159d05f9e7880d1d8f1ce49a218840057f53 | ||
7396 | Author: Darren Tucker <dtucker@zip.com.au> | ||
7397 | Date: Sun Jan 19 15:25:34 2014 +1100 | ||
7398 | |||
7399 | - dtucker@cvs.openbsd.org 2014/01/17 06:23:24 | ||
7400 | [sftp-server.c] | ||
7401 | fix log message statvfs. ok djm | ||
7402 | |||
7403 | commit 841f7da89ae8b367bb502d61c5c41916c6e7ae4c | ||
7404 | Author: Darren Tucker <dtucker@zip.com.au> | ||
7405 | Date: Sat Jan 18 22:12:15 2014 +1100 | ||
7406 | |||
7407 | - (dtucker) [sandbox-capsicum.c] Correct some error messages and make the | ||
7408 | return value check for cap_enter() consistent with the other uses in | ||
7409 | FreeBSD. From by Loganaden Velvindron @ AfriNIC via bz#2140. | ||
7410 | |||
7411 | commit fdce3731660699b2429e93e822f2ccbaccd163ae | ||
7412 | Author: Darren Tucker <dtucker@zip.com.au> | ||
7413 | Date: Sat Jan 18 21:12:42 2014 +1100 | ||
7414 | |||
7415 | - (dtucker) [configure.ac] On Cygwin the getopt variables (like optargs, | ||
7416 | optind) are defined in getopt.h already. Unfortunately they are defined as | ||
7417 | "declspec(dllimport)" for historical reasons, because the GNU linker didn't | ||
7418 | allow auto-import on PE/COFF targets way back when. The problem is the | ||
7419 | dllexport attributes collide with the definitions in the various source | ||
7420 | files in OpenSSH, which obviousy define the variables without | ||
7421 | declspec(dllimport). The least intrusive way to get rid of these warnings | ||
7422 | is to disable warnings for GCC compiler attributes when building on Cygwin. | ||
7423 | Patch from vinschen at redhat.com. | ||
7424 | |||
7425 | commit 1411c9263f46e1ee49d0d302bf7258ebe69ce827 | ||
7426 | Author: Darren Tucker <dtucker@zip.com.au> | ||
7427 | Date: Sat Jan 18 21:03:59 2014 +1100 | ||
7428 | |||
7429 | - (dtucker) [openbsd-compat/bsd-cygwin_util.h] Add missing function | ||
7430 | declarations that stopped being included when we stopped including | ||
7431 | <windows.h> from openbsd-compat/bsd-cygwin_util.h. Patch from vinschen at | ||
7432 | redhat.com. | ||
7433 | |||
7434 | commit 89c532d843c95a085777c66365067d64d1937eb9 | ||
7435 | Author: Darren Tucker <dtucker@zip.com.au> | ||
7436 | Date: Sat Jan 18 20:43:49 2014 +1100 | ||
7437 | |||
7438 | - (dtucker) [uidswap.c] Prevent unused variable warnings on Cygwin. Patch | ||
7439 | from vinschen at redhat.com | ||
7440 | |||
7441 | commit 355f861022be7b23d3009fae8f3c9f6f7fc685f7 | ||
7442 | Author: Darren Tucker <dtucker@zip.com.au> | ||
7443 | Date: Sat Jan 18 00:12:38 2014 +1100 | ||
7444 | |||
7445 | - (dtucker) [defines.h] Move our definitions of uintXX_t types down to after | ||
7446 | they're defined if we have to define them ourselves. Fixes builds on old | ||
7447 | AIX. | ||
7448 | |||
7449 | commit a3357661ee1d5d553294f36e4940e8285c7f1332 | ||
7450 | Author: Darren Tucker <dtucker@zip.com.au> | ||
7451 | Date: Sat Jan 18 00:03:57 2014 +1100 | ||
7452 | |||
7453 | - (dtucker) [readconf.c] Wrap paths.h inside an ifdef. Allows building on | ||
7454 | Solaris. | ||
7455 | |||
7456 | commit 9edcbff46ff01c8d5dee9c1aa843f09e9ad8a80e | ||
7457 | Author: Darren Tucker <dtucker@zip.com.au> | ||
7458 | Date: Fri Jan 17 21:54:32 2014 +1100 | ||
7459 | |||
7460 | - (dtucker) [configure.ac] Have --without-toolchain-hardening not turn off | ||
7461 | stack-protector since that has a separate flag that's been around a while. | ||
7462 | |||
7463 | commit 6d725687c490d4ba957a1bbc0ba0a2956c09fa69 | ||
7464 | Author: Darren Tucker <dtucker@zip.com.au> | ||
7465 | Date: Fri Jan 17 19:17:34 2014 +1100 | ||
7466 | |||
7467 | - (dtucker) [configure.ac] Also look in inttypes.h for uintXX_t types. | ||
7468 | |||
7469 | commit 5055699c7f7c7ef21703a443ec73117da392f6ae | ||
7470 | Author: Darren Tucker <dtucker@zip.com.au> | ||
7471 | Date: Fri Jan 17 18:48:22 2014 +1100 | ||
7472 | |||
7473 | - (dtucker) [openbsd-compat/bsd-statvfs.h] Only start including headers if we | ||
7474 | need them to cut down on the name collisions. | ||
7475 | |||
7476 | commit a5cf1e220def07290260e4125e74f41ac75cf88d | ||
7477 | Author: Darren Tucker <dtucker@zip.com.au> | ||
7478 | Date: Fri Jan 17 18:10:58 2014 +1100 | ||
7479 | |||
7480 | - (dtucker) [configure.ac openbsd-compat/bsd-statvfs.c | ||
7481 | openbsd-compat/bsd-statvfs.h] Implement enough of statvfs on top of statfs | ||
7482 | to be useful (and for the regression tests to pass) on platforms that | ||
7483 | have statfs and fstatfs. ok djm@ | ||
7484 | |||
7485 | commit 1357d71d7b6d269969520aaa3e84d312ec971d5b | ||
7486 | Author: Darren Tucker <dtucker@zip.com.au> | ||
7487 | Date: Fri Jan 17 18:00:40 2014 +1100 | ||
7488 | |||
7489 | - (dtucker) Fix typo in #ifndef. | ||
7490 | |||
7491 | commit d23a91ffb289d3553a58b7a60cec39fba9f0f506 | ||
7492 | Author: Darren Tucker <dtucker@zip.com.au> | ||
7493 | Date: Fri Jan 17 17:32:30 2014 +1100 | ||
7494 | |||
7495 | - (dtucker) [configure.ac digest.c openbsd-compat/openssl-compat.c | ||
7496 | openbsd-compat/openssl-compat.h] Add compatibility layer for older | ||
7497 | openssl versions. ok djm@ | ||
7498 | |||
7499 | commit 868ea1ea1c1bfdbee5dbad78f81999c5983ecf31 | ||
7500 | Author: Damien Miller <djm@mindrot.org> | ||
7501 | Date: Fri Jan 17 16:47:04 2014 +1100 | ||
7502 | |||
7503 | - (djm) [Makefile.in configure.ac sandbox-capsicum.c sandbox-darwin.c] | ||
7504 | [sandbox-null.c sandbox-rlimit.c sandbox-seccomp-filter.c] | ||
7505 | [sandbox-systrace.c ssh-sandbox.h sshd.c] Support preauth sandboxing | ||
7506 | using the Capsicum API introduced in FreeBSD 10. Patch by Dag-Erling | ||
7507 | Smorgrav, updated by Loganaden Velvindron @ AfriNIC; ok dtucker@ | ||
7508 | |||
7509 | commit a9d186a8b50d18869a10e9203abf71c83ddb1f79 | ||
7510 | Author: Darren Tucker <dtucker@zip.com.au> | ||
7511 | Date: Fri Jan 17 16:30:49 2014 +1100 | ||
7512 | |||
7513 | - dtucker@cvs.openbsd.org 2014/01/17 05:26:41 | ||
7514 | [digest.c] | ||
7515 | remove unused includes. ok djm@ | ||
7516 | |||
7517 | commit 5f1c57a7a7eb39c0e4fee3367712337dbcaef024 | ||
7518 | Author: Darren Tucker <dtucker@zip.com.au> | ||
7519 | Date: Fri Jan 17 16:29:45 2014 +1100 | ||
7520 | |||
7521 | - djm@cvs.openbsd.org 2014/01/17 00:21:06 | ||
7522 | [sftp-client.c] | ||
7523 | signed/unsigned comparison warning fix; from portable (Id sync only) | ||
7524 | |||
7525 | commit c548722361d89fb12c108528f96b306a26477b18 | ||
7526 | Author: Darren Tucker <dtucker@zip.com.au> | ||
7527 | Date: Fri Jan 17 15:12:16 2014 +1100 | ||
7528 | |||
7529 | - (dtucker) [configure.ac] Split AC_CHECK_FUNCS for OpenSSL functions into | ||
7530 | separate lines and alphabetize for easier diffing of changes. | ||
7531 | |||
7532 | commit acad351a5b1c37de9130c9c1710445cc45a7f6b9 | ||
7533 | Author: Darren Tucker <dtucker@zip.com.au> | ||
7534 | Date: Fri Jan 17 14:20:05 2014 +1100 | ||
7535 | |||
7536 | - (dtucker) [defines.h] Add typedefs for uintXX_t types for platforms that | ||
7537 | don't have them. | ||
7538 | |||
7539 | commit c3ed065ce8417aaa46490836648c173a5010f226 | ||
7540 | Author: Darren Tucker <dtucker@zip.com.au> | ||
7541 | Date: Fri Jan 17 14:18:45 2014 +1100 | ||
7542 | |||
7543 | - (dtucker) [openbsd-compat/bcrypt_pbkdf.c] Wrap stdlib.h include inside | ||
7544 | #ifdef HAVE_STDINT_H. | ||
7545 | |||
7546 | commit f45f78ae437062c7d9506c5f475b7215f486be44 | ||
7547 | Author: Darren Tucker <dtucker@zip.com.au> | ||
7548 | Date: Fri Jan 17 12:43:43 2014 +1100 | ||
7549 | |||
7550 | - (dtucker) [blocks.c fe25519.c ge25519.c hash.c sc25519.c verify.c] Include | ||
7551 | includes.h to pull in all of the compatibility stuff. | ||
7552 | |||
7553 | commit 99df369d0340caac145d57f700d830147ff18b87 | ||
7554 | Author: Darren Tucker <dtucker@zip.com.au> | ||
7555 | Date: Fri Jan 17 12:42:17 2014 +1100 | ||
7556 | |||
7557 | - (dtucker) [poly1305.c] Wrap stdlib.h include inside #ifdef HAVE_STDINT_H. | ||
7558 | |||
7559 | commit ac413b62ea1957e80c711acbe0c11b908273fc01 | ||
7560 | Author: Darren Tucker <dtucker@zip.com.au> | ||
7561 | Date: Fri Jan 17 12:31:33 2014 +1100 | ||
7562 | |||
7563 | - (dtucker) [crypto_api.h] Wrap stdlib.h include inside #ifdef HAVE_STDINT_H. | ||
7564 | |||
7565 | commit 1c4a011e9c939e74815346a560843e1862c300b8 | ||
7566 | Author: Darren Tucker <dtucker@zip.com.au> | ||
7567 | Date: Fri Jan 17 12:23:23 2014 +1100 | ||
7568 | |||
7569 | - (dtucker) [loginrec.c] Cast to the types specfied in the format | ||
7570 | specification to prevent warnings. | ||
7571 | |||
7572 | commit c3d483f9a8275be1113535a1e0d0e384f605f3c4 | ||
7573 | Author: Damien Miller <djm@mindrot.org> | ||
7574 | Date: Fri Jan 17 11:20:26 2014 +1100 | ||
7575 | |||
7576 | - (djm) [sftp-client.c] signed/unsigned comparison fix | ||
7577 | |||
7578 | commit fd994379dd972417d0491767f7cd9b5bf23f4975 | ||
7579 | Author: Darren Tucker <dtucker@zip.com.au> | ||
7580 | Date: Fri Jan 17 09:53:24 2014 +1100 | ||
7581 | |||
7582 | - (dtucker) [aclocal.m4 configure.ac] Add some additional compiler/toolchain | ||
7583 | hardening flags including -fstack-protector-strong. These default to on | ||
7584 | if the toolchain supports them, but there is a configure-time knob | ||
7585 | (--without-hardening) to disable them if necessary. ok djm@ | ||
7586 | |||
7587 | commit 366224d21768ee8ec28cfbcc5fbade1b32582d58 | ||
7588 | Author: Damien Miller <djm@mindrot.org> | ||
7589 | Date: Thu Jan 16 18:51:44 2014 +1100 | ||
7590 | |||
7591 | - (djm) [README] update release notes URL. | ||
7592 | |||
7593 | commit 2ae77e64f8fa82cbf25c9755e8e847709b978b40 | ||
7594 | Author: Damien Miller <djm@mindrot.org> | ||
7595 | Date: Thu Jan 16 18:51:07 2014 +1100 | ||
7596 | |||
7597 | - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec] | ||
7598 | [contrib/suse/openssh.spec] Crank RPM spec version numbers. | ||
7599 | |||
7600 | commit 0fa29e6d777c73a1b4ddd3b996b06ee20022ae8a | ||
7601 | Author: Damien Miller <djm@mindrot.org> | ||
7602 | Date: Thu Jan 16 18:42:31 2014 +1100 | ||
7603 | |||
7604 | - djm@cvs.openbsd.org 2014/01/16 07:32:00 | ||
7605 | [version.h] | ||
7606 | openssh-6.5 | ||
7607 | |||
7608 | commit 52c371cd6d2598cc73d4e633811b3012119c47e2 | ||
7609 | Author: Damien Miller <djm@mindrot.org> | ||
7610 | Date: Thu Jan 16 18:42:10 2014 +1100 | ||
7611 | |||
7612 | - djm@cvs.openbsd.org 2014/01/16 07:31:09 | ||
7613 | [sftp-client.c] | ||
7614 | needless and incorrect cast to size_t can break resumption of | ||
7615 | large download; patch from tobias@ | ||
diff --git a/Makefile.in b/Makefile.in index e161d0e6c..85cde7fc4 100644 --- a/Makefile.in +++ b/Makefile.in | |||
@@ -92,11 +92,11 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \ | |||
92 | kex.o kexdh.o kexgex.o kexecdh.o kexc25519.o \ | 92 | kex.o kexdh.o kexgex.o kexecdh.o kexc25519.o \ |
93 | kexdhc.o kexgexc.o kexecdhc.o kexc25519c.o \ | 93 | kexdhc.o kexgexc.o kexecdhc.o kexc25519c.o \ |
94 | kexdhs.o kexgexs.o kexecdhs.o kexc25519s.o \ | 94 | kexdhs.o kexgexs.o kexecdhs.o kexc25519s.o \ |
95 | kexgssc.o | 95 | kexgssc.o \ |
96 | platform-pledge.o | ||
96 | 97 | ||
97 | SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \ | 98 | SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \ |
98 | sshconnect.o sshconnect1.o sshconnect2.o mux.o \ | 99 | sshconnect.o sshconnect1.o sshconnect2.o mux.o |
99 | roaming_common.o roaming_client.o | ||
100 | 100 | ||
101 | SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \ | 101 | SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \ |
102 | audit.o audit-bsm.o audit-linux.o platform.o \ | 102 | audit.o audit-bsm.o audit-linux.o platform.o \ |
@@ -109,9 +109,9 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \ | |||
109 | auth2-gss.o gss-serv.o gss-serv-krb5.o kexgsss.o \ | 109 | auth2-gss.o gss-serv.o gss-serv-krb5.o kexgsss.o \ |
110 | loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \ | 110 | loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \ |
111 | sftp-server.o sftp-common.o \ | 111 | sftp-server.o sftp-common.o \ |
112 | roaming_common.o roaming_serv.o \ | ||
113 | sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \ | 112 | sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \ |
114 | sandbox-seccomp-filter.o sandbox-capsicum.o | 113 | sandbox-seccomp-filter.o sandbox-capsicum.o sandbox-pledge.o \ |
114 | sandbox-solaris.o | ||
115 | 115 | ||
116 | MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out | 116 | MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out |
117 | MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 sshd_config.5 ssh_config.5 | 117 | MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 sshd_config.5 ssh_config.5 |
@@ -179,14 +179,14 @@ ssh-agent$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-agent.o ssh-pkcs11-client.o | |||
179 | ssh-keygen$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keygen.o | 179 | ssh-keygen$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keygen.o |
180 | $(LD) -o $@ ssh-keygen.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) | 180 | $(LD) -o $@ ssh-keygen.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) |
181 | 181 | ||
182 | ssh-keysign$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keysign.o roaming_dummy.o readconf.o | 182 | ssh-keysign$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keysign.o readconf.o |
183 | $(LD) -o $@ ssh-keysign.o readconf.o roaming_dummy.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) | 183 | $(LD) -o $@ ssh-keysign.o readconf.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) |
184 | 184 | ||
185 | ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-pkcs11-helper.o ssh-pkcs11.o | 185 | ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-pkcs11-helper.o ssh-pkcs11.o |
186 | $(LD) -o $@ ssh-pkcs11-helper.o ssh-pkcs11.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) | 186 | $(LD) -o $@ ssh-pkcs11-helper.o ssh-pkcs11.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) |
187 | 187 | ||
188 | ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o roaming_dummy.o | 188 | ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o |
189 | $(LD) -o $@ ssh-keyscan.o roaming_dummy.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS) | 189 | $(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS) |
190 | 190 | ||
191 | sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o sftp-server-main.o | 191 | sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o sftp-server-main.o |
192 | $(LD) -o $@ sftp-server.o sftp-common.o sftp-server-main.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) | 192 | $(LD) -o $@ sftp-server.o sftp-common.o sftp-server-main.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) |
@@ -329,10 +329,6 @@ install-files: | |||
329 | $(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8 | 329 | $(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8 |
330 | $(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8 | 330 | $(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8 |
331 | $(INSTALL) -m 644 ssh-pkcs11-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8 | 331 | $(INSTALL) -m 644 ssh-pkcs11-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8 |
332 | -rm -f $(DESTDIR)$(bindir)/slogin | ||
333 | ln -s ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin | ||
334 | -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1 | ||
335 | ln -s ssh.1 $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1 | ||
336 | 332 | ||
337 | install-sysconf: | 333 | install-sysconf: |
338 | if [ ! -d $(DESTDIR)$(sysconfdir) ]; then \ | 334 | if [ ! -d $(DESTDIR)$(sysconfdir) ]; then \ |
@@ -361,41 +357,19 @@ install-sysconf: | |||
361 | 357 | ||
362 | host-key: ssh-keygen$(EXEEXT) | 358 | host-key: ssh-keygen$(EXEEXT) |
363 | @if [ -z "$(DESTDIR)" ] ; then \ | 359 | @if [ -z "$(DESTDIR)" ] ; then \ |
364 | if [ -f "$(sysconfdir)/ssh_host_key" ] ; then \ | 360 | ./ssh-keygen -A; \ |
365 | echo "$(sysconfdir)/ssh_host_key already exists, skipping." ; \ | 361 | fi |
366 | else \ | ||
367 | ./ssh-keygen -t rsa1 -f $(sysconfdir)/ssh_host_key -N "" ; \ | ||
368 | fi ; \ | ||
369 | if [ -f $(sysconfdir)/ssh_host_dsa_key ] ; then \ | ||
370 | echo "$(sysconfdir)/ssh_host_dsa_key already exists, skipping." ; \ | ||
371 | else \ | ||
372 | ./ssh-keygen -t dsa -f $(sysconfdir)/ssh_host_dsa_key -N "" ; \ | ||
373 | fi ; \ | ||
374 | if [ -f $(sysconfdir)/ssh_host_rsa_key ] ; then \ | ||
375 | echo "$(sysconfdir)/ssh_host_rsa_key already exists, skipping." ; \ | ||
376 | else \ | ||
377 | ./ssh-keygen -t rsa -f $(sysconfdir)/ssh_host_rsa_key -N "" ; \ | ||
378 | fi ; \ | ||
379 | if [ -f $(sysconfdir)/ssh_host_ed25519_key ] ; then \ | ||
380 | echo "$(sysconfdir)/ssh_host_ed25519_key already exists, skipping." ; \ | ||
381 | else \ | ||
382 | ./ssh-keygen -t ed25519 -f $(sysconfdir)/ssh_host_ed25519_key -N "" ; \ | ||
383 | fi ; \ | ||
384 | if [ -z "@COMMENT_OUT_ECC@" ] ; then \ | ||
385 | if [ -f $(sysconfdir)/ssh_host_ecdsa_key ] ; then \ | ||
386 | echo "$(sysconfdir)/ssh_host_ecdsa_key already exists, skipping." ; \ | ||
387 | else \ | ||
388 | ./ssh-keygen -t ecdsa -f $(sysconfdir)/ssh_host_ecdsa_key -N "" ; \ | ||
389 | fi ; \ | ||
390 | fi ; \ | ||
391 | fi ; | ||
392 | 362 | ||
393 | host-key-force: ssh-keygen$(EXEEXT) | 363 | host-key-force: ssh-keygen$(EXEEXT) ssh$(EXEEXT) |
394 | ./ssh-keygen -t rsa1 -f $(DESTDIR)$(sysconfdir)/ssh_host_key -N "" | 364 | if ./ssh -Q protocol-version | grep '^1$$' >/dev/null; then \ |
365 | ./ssh-keygen -t rsa1 -f $(DESTDIR)$(sysconfdir)/ssh_host_key -N ""; \ | ||
366 | fi | ||
395 | ./ssh-keygen -t dsa -f $(DESTDIR)$(sysconfdir)/ssh_host_dsa_key -N "" | 367 | ./ssh-keygen -t dsa -f $(DESTDIR)$(sysconfdir)/ssh_host_dsa_key -N "" |
396 | ./ssh-keygen -t rsa -f $(DESTDIR)$(sysconfdir)/ssh_host_rsa_key -N "" | 368 | ./ssh-keygen -t rsa -f $(DESTDIR)$(sysconfdir)/ssh_host_rsa_key -N "" |
397 | ./ssh-keygen -t ed25519 -f $(DESTDIR)$(sysconfdir)/ssh_host_ed25519_key -N "" | 369 | ./ssh-keygen -t ed25519 -f $(DESTDIR)$(sysconfdir)/ssh_host_ed25519_key -N "" |
398 | test -z "@COMMENT_OUT_ECC@" && ./ssh-keygen -t ecdsa -f $(DESTDIR)$(sysconfdir)/ssh_host_ecdsa_key -N "" | 370 | if ./ssh -Q key | grep ecdsa >/dev/null ; then \ |
371 | ./ssh-keygen -t ecdsa -f $(DESTDIR)$(sysconfdir)/ssh_host_ecdsa_key -N ""; \ | ||
372 | fi | ||
399 | 373 | ||
400 | uninstallall: uninstall | 374 | uninstallall: uninstall |
401 | -rm -f $(DESTDIR)$(sysconfdir)/ssh_config | 375 | -rm -f $(DESTDIR)$(sysconfdir)/ssh_config |
@@ -409,7 +383,6 @@ uninstallall: uninstall | |||
409 | -rmdir $(DESTDIR)$(libexecdir) | 383 | -rmdir $(DESTDIR)$(libexecdir) |
410 | 384 | ||
411 | uninstall: | 385 | uninstall: |
412 | -rm -f $(DESTDIR)$(bindir)/slogin | ||
413 | -rm -f $(DESTDIR)$(bindir)/ssh$(EXEEXT) | 386 | -rm -f $(DESTDIR)$(bindir)/ssh$(EXEEXT) |
414 | -rm -f $(DESTDIR)$(bindir)/scp$(EXEEXT) | 387 | -rm -f $(DESTDIR)$(bindir)/scp$(EXEEXT) |
415 | -rm -f $(DESTDIR)$(bindir)/ssh-add$(EXEEXT) | 388 | -rm -f $(DESTDIR)$(bindir)/ssh-add$(EXEEXT) |
@@ -432,7 +405,6 @@ uninstall: | |||
432 | -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8 | 405 | -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8 |
433 | -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8 | 406 | -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8 |
434 | -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8 | 407 | -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8 |
435 | -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1 | ||
436 | 408 | ||
437 | regress-prep: | 409 | regress-prep: |
438 | [ -d `pwd`/regress ] || mkdir -p `pwd`/regress | 410 | [ -d `pwd`/regress ] || mkdir -p `pwd`/regress |
@@ -464,6 +436,10 @@ regress/netcat$(EXEEXT): $(srcdir)/regress/netcat.c | |||
464 | $(CC) $(CFLAGS) $(CPPFLAGS) -o $@ $? \ | 436 | $(CC) $(CFLAGS) $(CPPFLAGS) -o $@ $? \ |
465 | $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) | 437 | $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) |
466 | 438 | ||
439 | regress/check-perm$(EXEEXT): $(srcdir)/regress/check-perm.c | ||
440 | $(CC) $(CFLAGS) $(CPPFLAGS) -o $@ $? \ | ||
441 | $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) | ||
442 | |||
467 | UNITTESTS_TEST_HELPER_OBJS=\ | 443 | UNITTESTS_TEST_HELPER_OBJS=\ |
468 | regress/unittests/test_helper/test_helper.o \ | 444 | regress/unittests/test_helper/test_helper.o \ |
469 | regress/unittests/test_helper/fuzz.o | 445 | regress/unittests/test_helper/fuzz.o |
@@ -512,8 +488,7 @@ regress/unittests/bitmap/test_bitmap$(EXEEXT): ${UNITTESTS_TEST_BITMAP_OBJS} \ | |||
512 | 488 | ||
513 | UNITTESTS_TEST_KEX_OBJS=\ | 489 | UNITTESTS_TEST_KEX_OBJS=\ |
514 | regress/unittests/kex/tests.o \ | 490 | regress/unittests/kex/tests.o \ |
515 | regress/unittests/kex/test_kex.o \ | 491 | regress/unittests/kex/test_kex.o |
516 | roaming_dummy.o | ||
517 | 492 | ||
518 | regress/unittests/kex/test_kex$(EXEEXT): ${UNITTESTS_TEST_KEX_OBJS} \ | 493 | regress/unittests/kex/test_kex$(EXEEXT): ${UNITTESTS_TEST_KEX_OBJS} \ |
519 | regress/unittests/test_helper/libtest_helper.a libssh.a | 494 | regress/unittests/test_helper/libtest_helper.a libssh.a |
@@ -536,6 +511,7 @@ REGRESS_BINARIES=\ | |||
536 | regress/modpipe$(EXEEXT) \ | 511 | regress/modpipe$(EXEEXT) \ |
537 | regress/setuid-allowed$(EXEEXT) \ | 512 | regress/setuid-allowed$(EXEEXT) \ |
538 | regress/netcat$(EXEEXT) \ | 513 | regress/netcat$(EXEEXT) \ |
514 | regress/check-perm$(EXEEXT) \ | ||
539 | regress/unittests/sshbuf/test_sshbuf$(EXEEXT) \ | 515 | regress/unittests/sshbuf/test_sshbuf$(EXEEXT) \ |
540 | regress/unittests/sshkey/test_sshkey$(EXEEXT) \ | 516 | regress/unittests/sshkey/test_sshkey$(EXEEXT) \ |
541 | regress/unittests/bitmap/test_bitmap$(EXEEXT) \ | 517 | regress/unittests/bitmap/test_bitmap$(EXEEXT) \ |
@@ -1,4 +1,4 @@ | |||
1 | See http://www.openssh.com/txt/release-7.1p2 for the release notes. | 1 | See http://www.openssh.com/txt/release-7.2p1 for the release notes. |
2 | 2 | ||
3 | Please read http://www.openssh.com/report.html for bug reporting | 3 | Please read http://www.openssh.com/report.html for bug reporting |
4 | instructions and note that we do not use Github for bug reporting or | 4 | instructions and note that we do not use Github for bug reporting or |
diff --git a/README.platform b/README.platform index d1982321e..8d75c16c1 100644 --- a/README.platform +++ b/README.platform | |||
@@ -36,6 +36,9 @@ loginrestrictions() function, in particular that the user has the | |||
36 | "rlogin" attribute set. This check is not done for the root account, | 36 | "rlogin" attribute set. This check is not done for the root account, |
37 | instead the PermitRootLogin setting in sshd_config is used. | 37 | instead the PermitRootLogin setting in sshd_config is used. |
38 | 38 | ||
39 | If you are using the IBM compiler you probably want to use CC=xlc rather | ||
40 | than the default of cc. | ||
41 | |||
39 | 42 | ||
40 | Cygwin | 43 | Cygwin |
41 | ------ | 44 | ------ |
diff --git a/auth-bsdauth.c b/auth-bsdauth.c index 37ff893e6..e00718f2e 100644 --- a/auth-bsdauth.c +++ b/auth-bsdauth.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth-bsdauth.c,v 1.13 2014/06/24 01:13:21 djm Exp $ */ | 1 | /* $OpenBSD: auth-bsdauth.c,v 1.14 2015/10/20 23:24:25 mmcc Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -103,7 +103,7 @@ bsdauth_respond(void *ctx, u_int numresponses, char **responses) | |||
103 | if (!authctxt->valid) | 103 | if (!authctxt->valid) |
104 | return -1; | 104 | return -1; |
105 | 105 | ||
106 | if (authctxt->as == 0) | 106 | if (authctxt->as == NULL) |
107 | error("bsdauth_respond: no bsd auth session"); | 107 | error("bsdauth_respond: no bsd auth session"); |
108 | 108 | ||
109 | if (numresponses != 1) | 109 | if (numresponses != 1) |
diff --git a/auth-krb5.c b/auth-krb5.c index ec4786924..f019fb1a1 100644 --- a/auth-krb5.c +++ b/auth-krb5.c | |||
@@ -1,8 +1,8 @@ | |||
1 | /* $OpenBSD: auth-krb5.c,v 1.20 2013/07/20 01:55:13 djm Exp $ */ | 1 | /* $OpenBSD: auth-krb5.c,v 1.21 2016/01/27 06:44:58 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Kerberos v5 authentication and ticket-passing routines. | 3 | * Kerberos v5 authentication and ticket-passing routines. |
4 | * | 4 | * |
5 | * $FreeBSD: src/crypto/openssh/auth-krb5.c,v 1.6 2001/02/13 16:58:04 assar Exp $ | 5 | * From: FreeBSD: src/crypto/openssh/auth-krb5.c,v 1.6 2001/02/13 16:58:04 assar |
6 | */ | 6 | */ |
7 | /* | 7 | /* |
8 | * Copyright (c) 2002 Daniel Kouril. All rights reserved. | 8 | * Copyright (c) 2002 Daniel Kouril. All rights reserved. |
diff --git a/auth-options.c b/auth-options.c index f1e3ddfdf..bda39df4e 100644 --- a/auth-options.c +++ b/auth-options.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth-options.c,v 1.68 2015/07/03 03:43:18 djm Exp $ */ | 1 | /* $OpenBSD: auth-options.c,v 1.70 2015/12/10 17:08:40 mmcc Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -86,19 +86,45 @@ auth_clear_options(void) | |||
86 | free(ce->s); | 86 | free(ce->s); |
87 | free(ce); | 87 | free(ce); |
88 | } | 88 | } |
89 | if (forced_command) { | 89 | free(forced_command); |
90 | free(forced_command); | 90 | forced_command = NULL; |
91 | forced_command = NULL; | 91 | free(authorized_principals); |
92 | } | 92 | authorized_principals = NULL; |
93 | if (authorized_principals) { | ||
94 | free(authorized_principals); | ||
95 | authorized_principals = NULL; | ||
96 | } | ||
97 | forced_tun_device = -1; | 93 | forced_tun_device = -1; |
98 | channel_clear_permitted_opens(); | 94 | channel_clear_permitted_opens(); |
99 | } | 95 | } |
100 | 96 | ||
101 | /* | 97 | /* |
98 | * Match flag 'opt' in *optsp, and if allow_negate is set then also match | ||
99 | * 'no-opt'. Returns -1 if option not matched, 1 if option matches or 0 | ||
100 | * if negated option matches. | ||
101 | * If the option or negated option matches, then *optsp is updated to | ||
102 | * point to the first character after the option and, if 'msg' is not NULL | ||
103 | * then a message based on it added via auth_debug_add(). | ||
104 | */ | ||
105 | static int | ||
106 | match_flag(const char *opt, int allow_negate, char **optsp, const char *msg) | ||
107 | { | ||
108 | size_t opt_len = strlen(opt); | ||
109 | char *opts = *optsp; | ||
110 | int negate = 0; | ||
111 | |||
112 | if (allow_negate && strncasecmp(opts, "no-", 3) == 0) { | ||
113 | opts += 3; | ||
114 | negate = 1; | ||
115 | } | ||
116 | if (strncasecmp(opts, opt, opt_len) == 0) { | ||
117 | *optsp = opts + opt_len; | ||
118 | if (msg != NULL) { | ||
119 | auth_debug_add("%s %s.", msg, | ||
120 | negate ? "disabled" : "enabled"); | ||
121 | } | ||
122 | return negate ? 0 : 1; | ||
123 | } | ||
124 | return -1; | ||
125 | } | ||
126 | |||
127 | /* | ||
102 | * return 1 if access is granted, 0 if not. | 128 | * return 1 if access is granted, 0 if not. |
103 | * side effect: sets key option flags | 129 | * side effect: sets key option flags |
104 | */ | 130 | */ |
@@ -106,7 +132,7 @@ int | |||
106 | auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) | 132 | auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) |
107 | { | 133 | { |
108 | const char *cp; | 134 | const char *cp; |
109 | int i; | 135 | int i, r; |
110 | 136 | ||
111 | /* reset options */ | 137 | /* reset options */ |
112 | auth_clear_options(); | 138 | auth_clear_options(); |
@@ -115,52 +141,48 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) | |||
115 | return 1; | 141 | return 1; |
116 | 142 | ||
117 | while (*opts && *opts != ' ' && *opts != '\t') { | 143 | while (*opts && *opts != ' ' && *opts != '\t') { |
118 | cp = "cert-authority"; | 144 | if ((r = match_flag("cert-authority", 0, &opts, NULL)) != -1) { |
119 | if (strncasecmp(opts, cp, strlen(cp)) == 0) { | 145 | key_is_cert_authority = r; |
120 | key_is_cert_authority = 1; | ||
121 | opts += strlen(cp); | ||
122 | goto next_option; | 146 | goto next_option; |
123 | } | 147 | } |
124 | cp = "no-port-forwarding"; | 148 | if ((r = match_flag("restrict", 0, &opts, NULL)) != -1) { |
125 | if (strncasecmp(opts, cp, strlen(cp)) == 0) { | 149 | auth_debug_add("Key is restricted."); |
126 | auth_debug_add("Port forwarding disabled."); | ||
127 | no_port_forwarding_flag = 1; | 150 | no_port_forwarding_flag = 1; |
128 | opts += strlen(cp); | 151 | no_agent_forwarding_flag = 1; |
152 | no_x11_forwarding_flag = 1; | ||
153 | no_pty_flag = 1; | ||
154 | no_user_rc = 1; | ||
129 | goto next_option; | 155 | goto next_option; |
130 | } | 156 | } |
131 | cp = "no-agent-forwarding"; | 157 | if ((r = match_flag("port-forwarding", 1, &opts, |
132 | if (strncasecmp(opts, cp, strlen(cp)) == 0) { | 158 | "Port forwarding")) != -1) { |
133 | auth_debug_add("Agent forwarding disabled."); | 159 | no_port_forwarding_flag = r != 1; |
134 | no_agent_forwarding_flag = 1; | ||
135 | opts += strlen(cp); | ||
136 | goto next_option; | 160 | goto next_option; |
137 | } | 161 | } |
138 | cp = "no-X11-forwarding"; | 162 | if ((r = match_flag("agent-forwarding", 1, &opts, |
139 | if (strncasecmp(opts, cp, strlen(cp)) == 0) { | 163 | "Agent forwarding")) != -1) { |
140 | auth_debug_add("X11 forwarding disabled."); | 164 | no_agent_forwarding_flag = r != 1; |
141 | no_x11_forwarding_flag = 1; | ||
142 | opts += strlen(cp); | ||
143 | goto next_option; | 165 | goto next_option; |
144 | } | 166 | } |
145 | cp = "no-pty"; | 167 | if ((r = match_flag("x11-forwarding", 1, &opts, |
146 | if (strncasecmp(opts, cp, strlen(cp)) == 0) { | 168 | "X11 forwarding")) != -1) { |
147 | auth_debug_add("Pty allocation disabled."); | 169 | no_x11_forwarding_flag = r != 1; |
148 | no_pty_flag = 1; | ||
149 | opts += strlen(cp); | ||
150 | goto next_option; | 170 | goto next_option; |
151 | } | 171 | } |
152 | cp = "no-user-rc"; | 172 | if ((r = match_flag("pty", 1, &opts, |
153 | if (strncasecmp(opts, cp, strlen(cp)) == 0) { | 173 | "PTY allocation")) != -1) { |
154 | auth_debug_add("User rc file execution disabled."); | 174 | no_pty_flag = r != 1; |
155 | no_user_rc = 1; | 175 | goto next_option; |
156 | opts += strlen(cp); | 176 | } |
177 | if ((r = match_flag("user-rc", 1, &opts, | ||
178 | "User rc execution")) != -1) { | ||
179 | no_user_rc = r != 1; | ||
157 | goto next_option; | 180 | goto next_option; |
158 | } | 181 | } |
159 | cp = "command=\""; | 182 | cp = "command=\""; |
160 | if (strncasecmp(opts, cp, strlen(cp)) == 0) { | 183 | if (strncasecmp(opts, cp, strlen(cp)) == 0) { |
161 | opts += strlen(cp); | 184 | opts += strlen(cp); |
162 | if (forced_command != NULL) | 185 | free(forced_command); |
163 | free(forced_command); | ||
164 | forced_command = xmalloc(strlen(opts) + 1); | 186 | forced_command = xmalloc(strlen(opts) + 1); |
165 | i = 0; | 187 | i = 0; |
166 | while (*opts) { | 188 | while (*opts) { |
@@ -190,8 +212,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) | |||
190 | cp = "principals=\""; | 212 | cp = "principals=\""; |
191 | if (strncasecmp(opts, cp, strlen(cp)) == 0) { | 213 | if (strncasecmp(opts, cp, strlen(cp)) == 0) { |
192 | opts += strlen(cp); | 214 | opts += strlen(cp); |
193 | if (authorized_principals != NULL) | 215 | free(authorized_principals); |
194 | free(authorized_principals); | ||
195 | authorized_principals = xmalloc(strlen(opts) + 1); | 216 | authorized_principals = xmalloc(strlen(opts) + 1); |
196 | i = 0; | 217 | i = 0; |
197 | while (*opts) { | 218 | while (*opts) { |
@@ -583,8 +604,7 @@ parse_option_list(struct sshbuf *oblob, struct passwd *pw, | |||
583 | free(*cert_forced_command); | 604 | free(*cert_forced_command); |
584 | *cert_forced_command = NULL; | 605 | *cert_forced_command = NULL; |
585 | } | 606 | } |
586 | if (name != NULL) | 607 | free(name); |
587 | free(name); | ||
588 | sshbuf_free(data); | 608 | sshbuf_free(data); |
589 | sshbuf_free(c); | 609 | sshbuf_free(c); |
590 | return ret; | 610 | return ret; |
@@ -628,8 +648,7 @@ auth_cert_options(struct sshkey *k, struct passwd *pw) | |||
628 | no_user_rc |= cert_no_user_rc; | 648 | no_user_rc |= cert_no_user_rc; |
629 | /* CA-specified forced command supersedes key option */ | 649 | /* CA-specified forced command supersedes key option */ |
630 | if (cert_forced_command != NULL) { | 650 | if (cert_forced_command != NULL) { |
631 | if (forced_command != NULL) | 651 | free(forced_command); |
632 | free(forced_command); | ||
633 | forced_command = cert_forced_command; | 652 | forced_command = cert_forced_command; |
634 | } | 653 | } |
635 | return 0; | 654 | return 0; |
diff --git a/auth-pam.c b/auth-pam.c index d94c8285b..8425af1ea 100644 --- a/auth-pam.c +++ b/auth-pam.c | |||
@@ -45,7 +45,8 @@ | |||
45 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | 45 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
46 | */ | 46 | */ |
47 | 47 | ||
48 | /* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */ | 48 | /* Based on FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des */ |
49 | |||
49 | #include "includes.h" | 50 | #include "includes.h" |
50 | 51 | ||
51 | #include <sys/types.h> | 52 | #include <sys/types.h> |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth.h,v 1.84 2015/05/08 06:41:56 djm Exp $ */ | 1 | /* $OpenBSD: auth.h,v 1.86 2015/12/04 16:41:28 markus Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
@@ -210,7 +210,7 @@ Key *get_hostkey_private_by_type(int, int, struct ssh *); | |||
210 | int get_hostkey_index(Key *, int, struct ssh *); | 210 | int get_hostkey_index(Key *, int, struct ssh *); |
211 | int ssh1_session_key(BIGNUM *); | 211 | int ssh1_session_key(BIGNUM *); |
212 | int sshd_hostkey_sign(Key *, Key *, u_char **, size_t *, | 212 | int sshd_hostkey_sign(Key *, Key *, u_char **, size_t *, |
213 | const u_char *, size_t, u_int); | 213 | const u_char *, size_t, const char *, u_int); |
214 | 214 | ||
215 | /* debug messages during authentication */ | 215 | /* debug messages during authentication */ |
216 | void auth_debug_add(const char *fmt,...) __attribute__((format(printf, 1, 2))); | 216 | void auth_debug_add(const char *fmt,...) __attribute__((format(printf, 1, 2))); |
diff --git a/auth2-pubkey.c b/auth2-pubkey.c index 1eee16168..aace7ca15 100644 --- a/auth2-pubkey.c +++ b/auth2-pubkey.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth2-pubkey.c,v 1.53 2015/06/15 18:44:22 jsing Exp $ */ | 1 | /* $OpenBSD: auth2-pubkey.c,v 1.55 2016/01/27 00:53:12 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -79,19 +79,19 @@ userauth_pubkey(Authctxt *authctxt) | |||
79 | { | 79 | { |
80 | Buffer b; | 80 | Buffer b; |
81 | Key *key = NULL; | 81 | Key *key = NULL; |
82 | char *pkalg, *userstyle; | 82 | char *pkalg, *userstyle, *fp = NULL; |
83 | u_char *pkblob, *sig; | 83 | u_char *pkblob, *sig; |
84 | u_int alen, blen, slen; | 84 | u_int alen, blen, slen; |
85 | int have_sig, pktype; | 85 | int have_sig, pktype; |
86 | int authenticated = 0; | 86 | int authenticated = 0; |
87 | 87 | ||
88 | if (!authctxt->valid) { | 88 | if (!authctxt->valid) { |
89 | debug2("userauth_pubkey: disabled because of invalid user"); | 89 | debug2("%s: disabled because of invalid user", __func__); |
90 | return 0; | 90 | return 0; |
91 | } | 91 | } |
92 | have_sig = packet_get_char(); | 92 | have_sig = packet_get_char(); |
93 | if (datafellows & SSH_BUG_PKAUTH) { | 93 | if (datafellows & SSH_BUG_PKAUTH) { |
94 | debug2("userauth_pubkey: SSH_BUG_PKAUTH"); | 94 | debug2("%s: SSH_BUG_PKAUTH", __func__); |
95 | /* no explicit pkalg given */ | 95 | /* no explicit pkalg given */ |
96 | pkblob = packet_get_string(&blen); | 96 | pkblob = packet_get_string(&blen); |
97 | buffer_init(&b); | 97 | buffer_init(&b); |
@@ -106,18 +106,18 @@ userauth_pubkey(Authctxt *authctxt) | |||
106 | pktype = key_type_from_name(pkalg); | 106 | pktype = key_type_from_name(pkalg); |
107 | if (pktype == KEY_UNSPEC) { | 107 | if (pktype == KEY_UNSPEC) { |
108 | /* this is perfectly legal */ | 108 | /* this is perfectly legal */ |
109 | logit("userauth_pubkey: unsupported public key algorithm: %s", | 109 | logit("%s: unsupported public key algorithm: %s", |
110 | pkalg); | 110 | __func__, pkalg); |
111 | goto done; | 111 | goto done; |
112 | } | 112 | } |
113 | key = key_from_blob(pkblob, blen); | 113 | key = key_from_blob(pkblob, blen); |
114 | if (key == NULL) { | 114 | if (key == NULL) { |
115 | error("userauth_pubkey: cannot decode key: %s", pkalg); | 115 | error("%s: cannot decode key: %s", __func__, pkalg); |
116 | goto done; | 116 | goto done; |
117 | } | 117 | } |
118 | if (key->type != pktype) { | 118 | if (key->type != pktype) { |
119 | error("userauth_pubkey: type mismatch for decoded key " | 119 | error("%s: type mismatch for decoded key " |
120 | "(received %d, expected %d)", key->type, pktype); | 120 | "(received %d, expected %d)", __func__, key->type, pktype); |
121 | goto done; | 121 | goto done; |
122 | } | 122 | } |
123 | if (key_type_plain(key->type) == KEY_RSA && | 123 | if (key_type_plain(key->type) == KEY_RSA && |
@@ -126,6 +126,7 @@ userauth_pubkey(Authctxt *authctxt) | |||
126 | "signature scheme"); | 126 | "signature scheme"); |
127 | goto done; | 127 | goto done; |
128 | } | 128 | } |
129 | fp = sshkey_fingerprint(key, options.fingerprint_hash, SSH_FP_DEFAULT); | ||
129 | if (auth2_userkey_already_used(authctxt, key)) { | 130 | if (auth2_userkey_already_used(authctxt, key)) { |
130 | logit("refusing previously-used %s key", key_type(key)); | 131 | logit("refusing previously-used %s key", key_type(key)); |
131 | goto done; | 132 | goto done; |
@@ -138,6 +139,8 @@ userauth_pubkey(Authctxt *authctxt) | |||
138 | } | 139 | } |
139 | 140 | ||
140 | if (have_sig) { | 141 | if (have_sig) { |
142 | debug3("%s: have signature for %s %s", | ||
143 | __func__, sshkey_type(key), fp); | ||
141 | sig = packet_get_string(&slen); | 144 | sig = packet_get_string(&slen); |
142 | packet_check_eom(); | 145 | packet_check_eom(); |
143 | buffer_init(&b); | 146 | buffer_init(&b); |
@@ -183,7 +186,8 @@ userauth_pubkey(Authctxt *authctxt) | |||
183 | buffer_free(&b); | 186 | buffer_free(&b); |
184 | free(sig); | 187 | free(sig); |
185 | } else { | 188 | } else { |
186 | debug("test whether pkalg/pkblob are acceptable"); | 189 | debug("%s: test whether pkalg/pkblob are acceptable for %s %s", |
190 | __func__, sshkey_type(key), fp); | ||
187 | packet_check_eom(); | 191 | packet_check_eom(); |
188 | 192 | ||
189 | /* XXX fake reply and always send PK_OK ? */ | 193 | /* XXX fake reply and always send PK_OK ? */ |
@@ -206,11 +210,12 @@ userauth_pubkey(Authctxt *authctxt) | |||
206 | if (authenticated != 1) | 210 | if (authenticated != 1) |
207 | auth_clear_options(); | 211 | auth_clear_options(); |
208 | done: | 212 | done: |
209 | debug2("userauth_pubkey: authenticated %d pkalg %s", authenticated, pkalg); | 213 | debug2("%s: authenticated %d pkalg %s", __func__, authenticated, pkalg); |
210 | if (key != NULL) | 214 | if (key != NULL) |
211 | key_free(key); | 215 | key_free(key); |
212 | free(pkalg); | 216 | free(pkalg); |
213 | free(pkblob); | 217 | free(pkblob); |
218 | free(fp); | ||
214 | return authenticated; | 219 | return authenticated; |
215 | } | 220 | } |
216 | 221 | ||
@@ -798,8 +803,9 @@ check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw) | |||
798 | free(fp); | 803 | free(fp); |
799 | continue; | 804 | continue; |
800 | } | 805 | } |
801 | verbose("Accepted certificate ID \"%s\" " | 806 | verbose("Accepted certificate ID \"%s\" (serial %llu) " |
802 | "signed by %s CA %s via %s", key->cert->key_id, | 807 | "signed by %s CA %s via %s", key->cert->key_id, |
808 | (unsigned long long)key->cert->serial, | ||
803 | key_type(found), fp, file); | 809 | key_type(found), fp, file); |
804 | free(fp); | 810 | free(fp); |
805 | found_key = 1; | 811 | found_key = 1; |
@@ -878,8 +884,10 @@ user_cert_trusted_ca(struct passwd *pw, Key *key) | |||
878 | if (auth_cert_options(key, pw) != 0) | 884 | if (auth_cert_options(key, pw) != 0) |
879 | goto out; | 885 | goto out; |
880 | 886 | ||
881 | verbose("Accepted certificate ID \"%s\" signed by %s CA %s via %s", | 887 | verbose("Accepted certificate ID \"%s\" (serial %llu) signed by " |
882 | key->cert->key_id, key_type(key->cert->signature_key), ca_fp, | 888 | "%s CA %s via %s", key->cert->key_id, |
889 | (unsigned long long)key->cert->serial, | ||
890 | key_type(key->cert->signature_key), ca_fp, | ||
883 | options.trusted_user_ca_keys); | 891 | options.trusted_user_ca_keys); |
884 | ret = 1; | 892 | ret = 1; |
885 | 893 | ||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: authfd.c,v 1.98 2015/07/03 03:43:18 djm Exp $ */ | 1 | /* $OpenBSD: authfd.c,v 1.100 2015/12/04 16:41:28 markus Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -426,11 +426,24 @@ ssh_decrypt_challenge(int sock, struct sshkey* key, BIGNUM *challenge, | |||
426 | } | 426 | } |
427 | #endif | 427 | #endif |
428 | 428 | ||
429 | /* encode signature algoritm in flag bits, so we can keep the msg format */ | ||
430 | static u_int | ||
431 | agent_encode_alg(struct sshkey *key, const char *alg) | ||
432 | { | ||
433 | if (alg != NULL && key->type == KEY_RSA) { | ||
434 | if (strcmp(alg, "rsa-sha2-256") == 0) | ||
435 | return SSH_AGENT_RSA_SHA2_256; | ||
436 | else if (strcmp(alg, "rsa-sha2-512") == 0) | ||
437 | return SSH_AGENT_RSA_SHA2_512; | ||
438 | } | ||
439 | return 0; | ||
440 | } | ||
441 | |||
429 | /* ask agent to sign data, returns err.h code on error, 0 on success */ | 442 | /* ask agent to sign data, returns err.h code on error, 0 on success */ |
430 | int | 443 | int |
431 | ssh_agent_sign(int sock, struct sshkey *key, | 444 | ssh_agent_sign(int sock, struct sshkey *key, |
432 | u_char **sigp, size_t *lenp, | 445 | u_char **sigp, size_t *lenp, |
433 | const u_char *data, size_t datalen, u_int compat) | 446 | const u_char *data, size_t datalen, const char *alg, u_int compat) |
434 | { | 447 | { |
435 | struct sshbuf *msg; | 448 | struct sshbuf *msg; |
436 | u_char *blob = NULL, type; | 449 | u_char *blob = NULL, type; |
@@ -449,12 +462,13 @@ ssh_agent_sign(int sock, struct sshkey *key, | |||
449 | return SSH_ERR_ALLOC_FAIL; | 462 | return SSH_ERR_ALLOC_FAIL; |
450 | if ((r = sshkey_to_blob(key, &blob, &blen)) != 0) | 463 | if ((r = sshkey_to_blob(key, &blob, &blen)) != 0) |
451 | goto out; | 464 | goto out; |
465 | flags |= agent_encode_alg(key, alg); | ||
452 | if ((r = sshbuf_put_u8(msg, SSH2_AGENTC_SIGN_REQUEST)) != 0 || | 466 | if ((r = sshbuf_put_u8(msg, SSH2_AGENTC_SIGN_REQUEST)) != 0 || |
453 | (r = sshbuf_put_string(msg, blob, blen)) != 0 || | 467 | (r = sshbuf_put_string(msg, blob, blen)) != 0 || |
454 | (r = sshbuf_put_string(msg, data, datalen)) != 0 || | 468 | (r = sshbuf_put_string(msg, data, datalen)) != 0 || |
455 | (r = sshbuf_put_u32(msg, flags)) != 0) | 469 | (r = sshbuf_put_u32(msg, flags)) != 0) |
456 | goto out; | 470 | goto out; |
457 | if ((r = ssh_request_reply(sock, msg, msg) != 0)) | 471 | if ((r = ssh_request_reply(sock, msg, msg)) != 0) |
458 | goto out; | 472 | goto out; |
459 | if ((r = sshbuf_get_u8(msg, &type)) != 0) | 473 | if ((r = sshbuf_get_u8(msg, &type)) != 0) |
460 | goto out; | 474 | goto out; |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: authfd.h,v 1.38 2015/01/14 20:05:27 djm Exp $ */ | 1 | /* $OpenBSD: authfd.h,v 1.39 2015/12/04 16:41:28 markus Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
@@ -41,7 +41,7 @@ int ssh_decrypt_challenge(int sock, struct sshkey* key, BIGNUM *challenge, | |||
41 | u_char session_id[16], u_char response[16]); | 41 | u_char session_id[16], u_char response[16]); |
42 | int ssh_agent_sign(int sock, struct sshkey *key, | 42 | int ssh_agent_sign(int sock, struct sshkey *key, |
43 | u_char **sigp, size_t *lenp, | 43 | u_char **sigp, size_t *lenp, |
44 | const u_char *data, size_t datalen, u_int compat); | 44 | const u_char *data, size_t datalen, const char *alg, u_int compat); |
45 | 45 | ||
46 | /* Messages for the authentication agent connection. */ | 46 | /* Messages for the authentication agent connection. */ |
47 | #define SSH_AGENTC_REQUEST_RSA_IDENTITIES 1 | 47 | #define SSH_AGENTC_REQUEST_RSA_IDENTITIES 1 |
@@ -86,5 +86,7 @@ int ssh_agent_sign(int sock, struct sshkey *key, | |||
86 | #define SSH_COM_AGENT2_FAILURE 102 | 86 | #define SSH_COM_AGENT2_FAILURE 102 |
87 | 87 | ||
88 | #define SSH_AGENT_OLD_SIGNATURE 0x01 | 88 | #define SSH_AGENT_OLD_SIGNATURE 0x01 |
89 | #define SSH_AGENT_RSA_SHA2_256 0x02 | ||
90 | #define SSH_AGENT_RSA_SHA2_512 0x04 | ||
89 | 91 | ||
90 | #endif /* AUTHFD_H */ | 92 | #endif /* AUTHFD_H */ |
diff --git a/authfile.c b/authfile.c index 58f589a47..d67042411 100644 --- a/authfile.c +++ b/authfile.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: authfile.c,v 1.116 2015/07/09 09:49:46 markus Exp $ */ | 1 | /* $OpenBSD: authfile.c,v 1.120 2015/12/11 04:21:11 mmcc Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000, 2013 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000, 2013 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -243,8 +243,7 @@ sshkey_load_private_type_fd(int fd, int type, const char *passphrase, | |||
243 | /* success */ | 243 | /* success */ |
244 | r = 0; | 244 | r = 0; |
245 | out: | 245 | out: |
246 | if (buffer != NULL) | 246 | sshbuf_free(buffer); |
247 | sshbuf_free(buffer); | ||
248 | return r; | 247 | return r; |
249 | } | 248 | } |
250 | 249 | ||
@@ -272,14 +271,13 @@ sshkey_load_private(const char *filename, const char *passphrase, | |||
272 | goto out; | 271 | goto out; |
273 | } | 272 | } |
274 | if ((r = sshkey_load_file(fd, buffer)) != 0 || | 273 | if ((r = sshkey_load_file(fd, buffer)) != 0 || |
275 | (r = sshkey_parse_private_fileblob(buffer, passphrase, filename, | 274 | (r = sshkey_parse_private_fileblob(buffer, passphrase, keyp, |
276 | keyp, commentp)) != 0) | 275 | commentp)) != 0) |
277 | goto out; | 276 | goto out; |
278 | r = 0; | 277 | r = 0; |
279 | out: | 278 | out: |
280 | close(fd); | 279 | close(fd); |
281 | if (buffer != NULL) | 280 | sshbuf_free(buffer); |
282 | sshbuf_free(buffer); | ||
283 | return r; | 281 | return r; |
284 | } | 282 | } |
285 | 283 | ||
@@ -426,10 +424,8 @@ sshkey_load_cert(const char *filename, struct sshkey **keyp) | |||
426 | r = 0; | 424 | r = 0; |
427 | 425 | ||
428 | out: | 426 | out: |
429 | if (file != NULL) | 427 | free(file); |
430 | free(file); | 428 | sshkey_free(pub); |
431 | if (pub != NULL) | ||
432 | sshkey_free(pub); | ||
433 | return r; | 429 | return r; |
434 | } | 430 | } |
435 | 431 | ||
@@ -474,10 +470,8 @@ sshkey_load_private_cert(int type, const char *filename, const char *passphrase, | |||
474 | *keyp = key; | 470 | *keyp = key; |
475 | key = NULL; | 471 | key = NULL; |
476 | out: | 472 | out: |
477 | if (key != NULL) | 473 | sshkey_free(key); |
478 | sshkey_free(key); | 474 | sshkey_free(cert); |
479 | if (cert != NULL) | ||
480 | sshkey_free(cert); | ||
481 | return r; | 475 | return r; |
482 | } | 476 | } |
483 | 477 | ||
@@ -538,8 +532,7 @@ sshkey_in_file(struct sshkey *key, const char *filename, int strict_type, | |||
538 | } | 532 | } |
539 | r = SSH_ERR_KEY_NOT_FOUND; | 533 | r = SSH_ERR_KEY_NOT_FOUND; |
540 | out: | 534 | out: |
541 | if (pub != NULL) | 535 | sshkey_free(pub); |
542 | sshkey_free(pub); | ||
543 | fclose(f); | 536 | fclose(f); |
544 | return r; | 537 | return r; |
545 | } | 538 | } |
diff --git a/channels.c b/channels.c index a84b487e5..c9d2015ee 100644 --- a/channels.c +++ b/channels.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: channels.c,v 1.347 2015/07/01 02:26:31 djm Exp $ */ | 1 | /* $OpenBSD: channels.c,v 1.349 2016/02/05 13:28:19 naddy Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -662,7 +662,7 @@ channel_open_message(void) | |||
662 | case SSH_CHANNEL_INPUT_DRAINING: | 662 | case SSH_CHANNEL_INPUT_DRAINING: |
663 | case SSH_CHANNEL_OUTPUT_DRAINING: | 663 | case SSH_CHANNEL_OUTPUT_DRAINING: |
664 | snprintf(buf, sizeof buf, | 664 | snprintf(buf, sizeof buf, |
665 | " #%d %.300s (t%d r%d i%d/%d o%d/%d fd %d/%d cc %d)\r\n", | 665 | " #%d %.300s (t%d r%d i%u/%d o%u/%d fd %d/%d cc %d)\r\n", |
666 | c->self, c->remote_name, | 666 | c->self, c->remote_name, |
667 | c->type, c->remote_id, | 667 | c->type, c->remote_id, |
668 | c->istate, buffer_len(&c->input), | 668 | c->istate, buffer_len(&c->input), |
@@ -1896,13 +1896,13 @@ read_mux(Channel *c, u_int need) | |||
1896 | if (buffer_len(&c->input) < need) { | 1896 | if (buffer_len(&c->input) < need) { |
1897 | rlen = need - buffer_len(&c->input); | 1897 | rlen = need - buffer_len(&c->input); |
1898 | len = read(c->rfd, buf, MIN(rlen, CHAN_RBUF)); | 1898 | len = read(c->rfd, buf, MIN(rlen, CHAN_RBUF)); |
1899 | if (len < 0 && (errno == EINTR || errno == EAGAIN)) | ||
1900 | return buffer_len(&c->input); | ||
1899 | if (len <= 0) { | 1901 | if (len <= 0) { |
1900 | if (errno != EINTR && errno != EAGAIN) { | 1902 | debug2("channel %d: ctl read<=0 rfd %d len %d", |
1901 | debug2("channel %d: ctl read<=0 rfd %d len %d", | 1903 | c->self, c->rfd, len); |
1902 | c->self, c->rfd, len); | 1904 | chan_read_failed(c); |
1903 | chan_read_failed(c); | 1905 | return 0; |
1904 | return 0; | ||
1905 | } | ||
1906 | } else | 1906 | } else |
1907 | buffer_append(&c->input, buf, len); | 1907 | buffer_append(&c->input, buf, len); |
1908 | } | 1908 | } |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: cipher.c,v 1.100 2015/01/14 10:29:45 djm Exp $ */ | 1 | /* $OpenBSD: cipher.c,v 1.101 2015/12/10 17:08:40 mmcc Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -353,8 +353,7 @@ cipher_init(struct sshcipher_ctx *cc, const struct sshcipher *cipher, | |||
353 | if (cipher->discard_len > 0) { | 353 | if (cipher->discard_len > 0) { |
354 | if ((junk = malloc(cipher->discard_len)) == NULL || | 354 | if ((junk = malloc(cipher->discard_len)) == NULL || |
355 | (discard = malloc(cipher->discard_len)) == NULL) { | 355 | (discard = malloc(cipher->discard_len)) == NULL) { |
356 | if (junk != NULL) | 356 | free(junk); |
357 | free(junk); | ||
358 | ret = SSH_ERR_ALLOC_FAIL; | 357 | ret = SSH_ERR_ALLOC_FAIL; |
359 | goto bad; | 358 | goto bad; |
360 | } | 359 | } |
diff --git a/clientloop.c b/clientloop.c index 5653cc489..3b6cacb08 100644 --- a/clientloop.c +++ b/clientloop.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: clientloop.c,v 1.275 2015/07/10 06:21:53 markus Exp $ */ | 1 | /* $OpenBSD: clientloop.c,v 1.284 2016/02/08 10:57:07 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -111,7 +111,6 @@ | |||
111 | #include "sshpty.h" | 111 | #include "sshpty.h" |
112 | #include "match.h" | 112 | #include "match.h" |
113 | #include "msg.h" | 113 | #include "msg.h" |
114 | #include "roaming.h" | ||
115 | #include "ssherr.h" | 114 | #include "ssherr.h" |
116 | #include "hostfile.h" | 115 | #include "hostfile.h" |
117 | 116 | ||
@@ -173,8 +172,6 @@ static u_int x11_refuse_time; /* If >0, refuse x11 opens after this time. */ | |||
173 | static void client_init_dispatch(void); | 172 | static void client_init_dispatch(void); |
174 | int session_ident = -1; | 173 | int session_ident = -1; |
175 | 174 | ||
176 | int session_resumed = 0; | ||
177 | |||
178 | /* Track escape per proto2 channel */ | 175 | /* Track escape per proto2 channel */ |
179 | struct escape_filter_ctx { | 176 | struct escape_filter_ctx { |
180 | int escape_pending; | 177 | int escape_pending; |
@@ -292,6 +289,9 @@ client_x11_display_valid(const char *display) | |||
292 | { | 289 | { |
293 | size_t i, dlen; | 290 | size_t i, dlen; |
294 | 291 | ||
292 | if (display == NULL) | ||
293 | return 0; | ||
294 | |||
295 | dlen = strlen(display); | 295 | dlen = strlen(display); |
296 | for (i = 0; i < dlen; i++) { | 296 | for (i = 0; i < dlen; i++) { |
297 | if (!isalnum((u_char)display[i]) && | 297 | if (!isalnum((u_char)display[i]) && |
@@ -305,35 +305,34 @@ client_x11_display_valid(const char *display) | |||
305 | 305 | ||
306 | #define SSH_X11_PROTO "MIT-MAGIC-COOKIE-1" | 306 | #define SSH_X11_PROTO "MIT-MAGIC-COOKIE-1" |
307 | #define X11_TIMEOUT_SLACK 60 | 307 | #define X11_TIMEOUT_SLACK 60 |
308 | void | 308 | int |
309 | client_x11_get_proto(const char *display, const char *xauth_path, | 309 | client_x11_get_proto(const char *display, const char *xauth_path, |
310 | u_int trusted, u_int timeout, char **_proto, char **_data) | 310 | u_int trusted, u_int timeout, char **_proto, char **_data) |
311 | { | 311 | { |
312 | char cmd[1024]; | 312 | char cmd[1024], line[512], xdisplay[512]; |
313 | char line[512]; | 313 | char xauthfile[PATH_MAX], xauthdir[PATH_MAX]; |
314 | char xdisplay[512]; | ||
315 | static char proto[512], data[512]; | 314 | static char proto[512], data[512]; |
316 | FILE *f; | 315 | FILE *f; |
317 | int got_data = 0, generated = 0, do_unlink = 0, i; | 316 | int got_data = 0, generated = 0, do_unlink = 0, i, r; |
318 | char *xauthdir, *xauthfile; | ||
319 | struct stat st; | 317 | struct stat st; |
320 | u_int now, x11_timeout_real; | 318 | u_int now, x11_timeout_real; |
321 | 319 | ||
322 | xauthdir = xauthfile = NULL; | ||
323 | *_proto = proto; | 320 | *_proto = proto; |
324 | *_data = data; | 321 | *_data = data; |
325 | proto[0] = data[0] = '\0'; | 322 | proto[0] = data[0] = xauthfile[0] = xauthdir[0] = '\0'; |
326 | 323 | ||
327 | if (xauth_path == NULL ||(stat(xauth_path, &st) == -1)) { | 324 | if (!client_x11_display_valid(display)) { |
325 | if (display != NULL) | ||
326 | logit("DISPLAY \"%s\" invalid; disabling X11 forwarding", | ||
327 | display); | ||
328 | return -1; | ||
329 | } | ||
330 | if (xauth_path != NULL && stat(xauth_path, &st) == -1) { | ||
328 | debug("No xauth program."); | 331 | debug("No xauth program."); |
329 | } else if (!client_x11_display_valid(display)) { | 332 | xauth_path = NULL; |
330 | logit("DISPLAY '%s' invalid, falling back to fake xauth data", | 333 | } |
331 | display); | 334 | |
332 | } else { | 335 | if (xauth_path != NULL) { |
333 | if (display == NULL) { | ||
334 | debug("x11_get_proto: DISPLAY not set"); | ||
335 | return; | ||
336 | } | ||
337 | /* | 336 | /* |
338 | * Handle FamilyLocal case where $DISPLAY does | 337 | * Handle FamilyLocal case where $DISPLAY does |
339 | * not match an authorization entry. For this we | 338 | * not match an authorization entry. For this we |
@@ -342,45 +341,60 @@ client_x11_get_proto(const char *display, const char *xauth_path, | |||
342 | * is not perfect. | 341 | * is not perfect. |
343 | */ | 342 | */ |
344 | if (strncmp(display, "localhost:", 10) == 0) { | 343 | if (strncmp(display, "localhost:", 10) == 0) { |
345 | snprintf(xdisplay, sizeof(xdisplay), "unix:%s", | 344 | if ((r = snprintf(xdisplay, sizeof(xdisplay), "unix:%s", |
346 | display + 10); | 345 | display + 10)) < 0 || |
346 | (size_t)r >= sizeof(xdisplay)) { | ||
347 | error("%s: display name too long", __func__); | ||
348 | return -1; | ||
349 | } | ||
347 | display = xdisplay; | 350 | display = xdisplay; |
348 | } | 351 | } |
349 | if (trusted == 0) { | 352 | if (trusted == 0) { |
350 | xauthdir = xmalloc(PATH_MAX); | ||
351 | xauthfile = xmalloc(PATH_MAX); | ||
352 | mktemp_proto(xauthdir, PATH_MAX); | ||
353 | /* | 353 | /* |
354 | * Generate an untrusted X11 auth cookie. | ||
355 | * | ||
354 | * The authentication cookie should briefly outlive | 356 | * The authentication cookie should briefly outlive |
355 | * ssh's willingness to forward X11 connections to | 357 | * ssh's willingness to forward X11 connections to |
356 | * avoid nasty fail-open behaviour in the X server. | 358 | * avoid nasty fail-open behaviour in the X server. |
357 | */ | 359 | */ |
360 | mktemp_proto(xauthdir, sizeof(xauthdir)); | ||
361 | if (mkdtemp(xauthdir) == NULL) { | ||
362 | error("%s: mkdtemp: %s", | ||
363 | __func__, strerror(errno)); | ||
364 | return -1; | ||
365 | } | ||
366 | do_unlink = 1; | ||
367 | if ((r = snprintf(xauthfile, sizeof(xauthfile), | ||
368 | "%s/xauthfile", xauthdir)) < 0 || | ||
369 | (size_t)r >= sizeof(xauthfile)) { | ||
370 | error("%s: xauthfile path too long", __func__); | ||
371 | unlink(xauthfile); | ||
372 | rmdir(xauthdir); | ||
373 | return -1; | ||
374 | } | ||
375 | |||
358 | if (timeout >= UINT_MAX - X11_TIMEOUT_SLACK) | 376 | if (timeout >= UINT_MAX - X11_TIMEOUT_SLACK) |
359 | x11_timeout_real = UINT_MAX; | 377 | x11_timeout_real = UINT_MAX; |
360 | else | 378 | else |
361 | x11_timeout_real = timeout + X11_TIMEOUT_SLACK; | 379 | x11_timeout_real = timeout + X11_TIMEOUT_SLACK; |
362 | if (mkdtemp(xauthdir) != NULL) { | 380 | if ((r = snprintf(cmd, sizeof(cmd), |
363 | do_unlink = 1; | 381 | "%s -f %s generate %s " SSH_X11_PROTO |
364 | snprintf(xauthfile, PATH_MAX, "%s/xauthfile", | 382 | " untrusted timeout %u 2>" _PATH_DEVNULL, |
365 | xauthdir); | 383 | xauth_path, xauthfile, display, |
366 | snprintf(cmd, sizeof(cmd), | 384 | x11_timeout_real)) < 0 || |
367 | "%s -f %s generate %s " SSH_X11_PROTO | 385 | (size_t)r >= sizeof(cmd)) |
368 | " untrusted timeout %u 2>" _PATH_DEVNULL, | 386 | fatal("%s: cmd too long", __func__); |
369 | xauth_path, xauthfile, display, | 387 | debug2("%s: %s", __func__, cmd); |
370 | x11_timeout_real); | 388 | if (x11_refuse_time == 0) { |
371 | debug2("x11_get_proto: %s", cmd); | 389 | now = monotime() + 1; |
372 | if (x11_refuse_time == 0) { | 390 | if (UINT_MAX - timeout < now) |
373 | now = monotime() + 1; | 391 | x11_refuse_time = UINT_MAX; |
374 | if (UINT_MAX - timeout < now) | 392 | else |
375 | x11_refuse_time = UINT_MAX; | 393 | x11_refuse_time = now + timeout; |
376 | else | 394 | channel_set_x11_refuse_time(x11_refuse_time); |
377 | x11_refuse_time = now + timeout; | ||
378 | channel_set_x11_refuse_time( | ||
379 | x11_refuse_time); | ||
380 | } | ||
381 | if (system(cmd) == 0) | ||
382 | generated = 1; | ||
383 | } | 395 | } |
396 | if (system(cmd) == 0) | ||
397 | generated = 1; | ||
384 | } | 398 | } |
385 | 399 | ||
386 | /* | 400 | /* |
@@ -402,17 +416,20 @@ client_x11_get_proto(const char *display, const char *xauth_path, | |||
402 | got_data = 1; | 416 | got_data = 1; |
403 | if (f) | 417 | if (f) |
404 | pclose(f); | 418 | pclose(f); |
405 | } else | 419 | } |
406 | error("Warning: untrusted X11 forwarding setup failed: " | ||
407 | "xauth key data not generated"); | ||
408 | } | 420 | } |
409 | 421 | ||
410 | if (do_unlink) { | 422 | if (do_unlink) { |
411 | unlink(xauthfile); | 423 | unlink(xauthfile); |
412 | rmdir(xauthdir); | 424 | rmdir(xauthdir); |
413 | } | 425 | } |
414 | free(xauthdir); | 426 | |
415 | free(xauthfile); | 427 | /* Don't fall back to fake X11 data for untrusted forwarding */ |
428 | if (!trusted && !got_data) { | ||
429 | error("Warning: untrusted X11 forwarding setup failed: " | ||
430 | "xauth key data not generated"); | ||
431 | return -1; | ||
432 | } | ||
416 | 433 | ||
417 | /* | 434 | /* |
418 | * If we didn't get authentication data, just make up some | 435 | * If we didn't get authentication data, just make up some |
@@ -436,6 +453,8 @@ client_x11_get_proto(const char *display, const char *xauth_path, | |||
436 | rnd >>= 8; | 453 | rnd >>= 8; |
437 | } | 454 | } |
438 | } | 455 | } |
456 | |||
457 | return 0; | ||
439 | } | 458 | } |
440 | 459 | ||
441 | /* | 460 | /* |
@@ -739,7 +758,7 @@ client_suspend_self(Buffer *bin, Buffer *bout, Buffer *berr) | |||
739 | static void | 758 | static void |
740 | client_process_net_input(fd_set *readset) | 759 | client_process_net_input(fd_set *readset) |
741 | { | 760 | { |
742 | int len, cont = 0; | 761 | int len; |
743 | char buf[SSH_IOBUFSZ]; | 762 | char buf[SSH_IOBUFSZ]; |
744 | 763 | ||
745 | /* | 764 | /* |
@@ -748,8 +767,8 @@ client_process_net_input(fd_set *readset) | |||
748 | */ | 767 | */ |
749 | if (FD_ISSET(connection_in, readset)) { | 768 | if (FD_ISSET(connection_in, readset)) { |
750 | /* Read as much as possible. */ | 769 | /* Read as much as possible. */ |
751 | len = roaming_read(connection_in, buf, sizeof(buf), &cont); | 770 | len = read(connection_in, buf, sizeof(buf)); |
752 | if (len == 0 && cont == 0) { | 771 | if (len == 0) { |
753 | /* | 772 | /* |
754 | * Received EOF. The remote host has closed the | 773 | * Received EOF. The remote host has closed the |
755 | * connection. | 774 | * connection. |
@@ -1487,13 +1506,43 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id) | |||
1487 | { | 1506 | { |
1488 | fd_set *readset = NULL, *writeset = NULL; | 1507 | fd_set *readset = NULL, *writeset = NULL; |
1489 | double start_time, total_time; | 1508 | double start_time, total_time; |
1490 | int r, max_fd = 0, max_fd2 = 0, len, rekeying = 0; | 1509 | int r, max_fd = 0, max_fd2 = 0, len; |
1491 | u_int64_t ibytes, obytes; | 1510 | u_int64_t ibytes, obytes; |
1492 | u_int nalloc = 0; | 1511 | u_int nalloc = 0; |
1493 | char buf[100]; | 1512 | char buf[100]; |
1494 | 1513 | ||
1495 | debug("Entering interactive session."); | 1514 | debug("Entering interactive session."); |
1496 | 1515 | ||
1516 | if (options.control_master && | ||
1517 | ! option_clear_or_none(options.control_path)) { | ||
1518 | debug("pledge: id"); | ||
1519 | if (pledge("stdio rpath wpath cpath unix inet dns proc exec id tty", | ||
1520 | NULL) == -1) | ||
1521 | fatal("%s pledge(): %s", __func__, strerror(errno)); | ||
1522 | |||
1523 | } else if (options.forward_x11 || options.permit_local_command) { | ||
1524 | debug("pledge: exec"); | ||
1525 | if (pledge("stdio rpath wpath cpath unix inet dns proc exec tty", | ||
1526 | NULL) == -1) | ||
1527 | fatal("%s pledge(): %s", __func__, strerror(errno)); | ||
1528 | |||
1529 | } else if (options.update_hostkeys) { | ||
1530 | debug("pledge: filesystem full"); | ||
1531 | if (pledge("stdio rpath wpath cpath unix inet dns proc tty", | ||
1532 | NULL) == -1) | ||
1533 | fatal("%s pledge(): %s", __func__, strerror(errno)); | ||
1534 | |||
1535 | } else if (! option_clear_or_none(options.proxy_command)) { | ||
1536 | debug("pledge: proc"); | ||
1537 | if (pledge("stdio cpath unix inet dns proc tty", NULL) == -1) | ||
1538 | fatal("%s pledge(): %s", __func__, strerror(errno)); | ||
1539 | |||
1540 | } else { | ||
1541 | debug("pledge: network"); | ||
1542 | if (pledge("stdio unix inet dns tty", NULL) == -1) | ||
1543 | fatal("%s pledge(): %s", __func__, strerror(errno)); | ||
1544 | } | ||
1545 | |||
1497 | start_time = get_current_time(); | 1546 | start_time = get_current_time(); |
1498 | 1547 | ||
1499 | /* Initialize variables. */ | 1548 | /* Initialize variables. */ |
@@ -1572,10 +1621,15 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id) | |||
1572 | if (compat20 && session_closed && !channel_still_open()) | 1621 | if (compat20 && session_closed && !channel_still_open()) |
1573 | break; | 1622 | break; |
1574 | 1623 | ||
1575 | rekeying = (active_state->kex != NULL && !active_state->kex->done); | 1624 | if (ssh_packet_is_rekeying(active_state)) { |
1576 | |||
1577 | if (rekeying) { | ||
1578 | debug("rekeying in progress"); | 1625 | debug("rekeying in progress"); |
1626 | } else if (need_rekeying) { | ||
1627 | /* manual rekey request */ | ||
1628 | debug("need rekeying"); | ||
1629 | if ((r = kex_start_rekex(active_state)) != 0) | ||
1630 | fatal("%s: kex_start_rekex: %s", __func__, | ||
1631 | ssh_err(r)); | ||
1632 | need_rekeying = 0; | ||
1579 | } else { | 1633 | } else { |
1580 | /* | 1634 | /* |
1581 | * Make packets of buffered stdin data, and buffer | 1635 | * Make packets of buffered stdin data, and buffer |
@@ -1606,13 +1660,13 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id) | |||
1606 | */ | 1660 | */ |
1607 | max_fd2 = max_fd; | 1661 | max_fd2 = max_fd; |
1608 | client_wait_until_can_do_something(&readset, &writeset, | 1662 | client_wait_until_can_do_something(&readset, &writeset, |
1609 | &max_fd2, &nalloc, rekeying); | 1663 | &max_fd2, &nalloc, ssh_packet_is_rekeying(active_state)); |
1610 | 1664 | ||
1611 | if (quit_pending) | 1665 | if (quit_pending) |
1612 | break; | 1666 | break; |
1613 | 1667 | ||
1614 | /* Do channel operations unless rekeying in progress. */ | 1668 | /* Do channel operations unless rekeying in progress. */ |
1615 | if (!rekeying) { | 1669 | if (!ssh_packet_is_rekeying(active_state)) { |
1616 | channel_after_select(readset, writeset); | 1670 | channel_after_select(readset, writeset); |
1617 | 1671 | ||
1618 | #ifdef GSSAPI | 1672 | #ifdef GSSAPI |
@@ -1622,15 +1676,6 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id) | |||
1622 | need_rekeying = 1; | 1676 | need_rekeying = 1; |
1623 | } | 1677 | } |
1624 | #endif | 1678 | #endif |
1625 | |||
1626 | if (need_rekeying || packet_need_rekeying()) { | ||
1627 | debug("need rekeying"); | ||
1628 | active_state->kex->done = 0; | ||
1629 | if ((r = kex_send_kexinit(active_state)) != 0) | ||
1630 | fatal("%s: kex_send_kexinit: %s", | ||
1631 | __func__, ssh_err(r)); | ||
1632 | need_rekeying = 0; | ||
1633 | } | ||
1634 | } | 1679 | } |
1635 | 1680 | ||
1636 | /* Buffer input from the connection. */ | 1681 | /* Buffer input from the connection. */ |
@@ -1649,14 +1694,6 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id) | |||
1649 | client_process_output(writeset); | 1694 | client_process_output(writeset); |
1650 | } | 1695 | } |
1651 | 1696 | ||
1652 | if (session_resumed) { | ||
1653 | connection_in = packet_get_connection_in(); | ||
1654 | connection_out = packet_get_connection_out(); | ||
1655 | max_fd = MAX(max_fd, connection_out); | ||
1656 | max_fd = MAX(max_fd, connection_in); | ||
1657 | session_resumed = 0; | ||
1658 | } | ||
1659 | |||
1660 | /* | 1697 | /* |
1661 | * Send as much buffered packet data as possible to the | 1698 | * Send as much buffered packet data as possible to the |
1662 | * sender. | 1699 | * sender. |
@@ -1752,7 +1789,7 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id) | |||
1752 | } | 1789 | } |
1753 | 1790 | ||
1754 | /* Clear and free any buffers. */ | 1791 | /* Clear and free any buffers. */ |
1755 | memset(buf, 0, sizeof(buf)); | 1792 | explicit_bzero(buf, sizeof(buf)); |
1756 | buffer_free(&stdin_buffer); | 1793 | buffer_free(&stdin_buffer); |
1757 | buffer_free(&stdout_buffer); | 1794 | buffer_free(&stdout_buffer); |
1758 | buffer_free(&stderr_buffer); | 1795 | buffer_free(&stderr_buffer); |
diff --git a/clientloop.h b/clientloop.h index 338d45186..f4d4c69b7 100644 --- a/clientloop.h +++ b/clientloop.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: clientloop.h,v 1.31 2013/06/02 23:36:29 dtucker Exp $ */ | 1 | /* $OpenBSD: clientloop.h,v 1.32 2016/01/13 23:04:47 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
@@ -39,7 +39,7 @@ | |||
39 | 39 | ||
40 | /* Client side main loop for the interactive session. */ | 40 | /* Client side main loop for the interactive session. */ |
41 | int client_loop(int, int, int); | 41 | int client_loop(int, int, int); |
42 | void client_x11_get_proto(const char *, const char *, u_int, u_int, | 42 | int client_x11_get_proto(const char *, const char *, u_int, u_int, |
43 | char **, char **); | 43 | char **, char **); |
44 | void client_global_request_reply_fwd(int, u_int32_t, void *); | 44 | void client_global_request_reply_fwd(int, u_int32_t, void *); |
45 | void client_session2_setup(int, int, int, const char *, struct termios *, | 45 | void client_session2_setup(int, int, int, const char *, struct termios *, |
diff --git a/config.h.in b/config.h.in index 97accd8ec..621c1396e 100644 --- a/config.h.in +++ b/config.h.in | |||
@@ -694,9 +694,6 @@ | |||
694 | /* Define to 1 if you have the `network' library (-lnetwork). */ | 694 | /* Define to 1 if you have the `network' library (-lnetwork). */ |
695 | #undef HAVE_LIBNETWORK | 695 | #undef HAVE_LIBNETWORK |
696 | 696 | ||
697 | /* Define to 1 if you have the `nsl' library (-lnsl). */ | ||
698 | #undef HAVE_LIBNSL | ||
699 | |||
700 | /* Define to 1 if you have the `pam' library (-lpam). */ | 697 | /* Define to 1 if you have the `pam' library (-lpam). */ |
701 | #undef HAVE_LIBPAM | 698 | #undef HAVE_LIBPAM |
702 | 699 | ||
@@ -845,6 +842,9 @@ | |||
845 | /* define if you have pid_t data type */ | 842 | /* define if you have pid_t data type */ |
846 | #undef HAVE_PID_T | 843 | #undef HAVE_PID_T |
847 | 844 | ||
845 | /* Define to 1 if you have the `pledge' function. */ | ||
846 | #undef HAVE_PLEDGE | ||
847 | |||
848 | /* Define to 1 if you have the `poll' function. */ | 848 | /* Define to 1 if you have the `poll' function. */ |
849 | #undef HAVE_POLL | 849 | #undef HAVE_POLL |
850 | 850 | ||
@@ -854,6 +854,12 @@ | |||
854 | /* Define to 1 if you have the `prctl' function. */ | 854 | /* Define to 1 if you have the `prctl' function. */ |
855 | #undef HAVE_PRCTL | 855 | #undef HAVE_PRCTL |
856 | 856 | ||
857 | /* Define to 1 if you have the `priv_basicset' function. */ | ||
858 | #undef HAVE_PRIV_BASICSET | ||
859 | |||
860 | /* Define to 1 if you have the <priv.h> header file. */ | ||
861 | #undef HAVE_PRIV_H | ||
862 | |||
857 | /* Define if you have /proc/$pid/fd */ | 863 | /* Define if you have /proc/$pid/fd */ |
858 | #undef HAVE_PROC_PID | 864 | #undef HAVE_PROC_PID |
859 | 865 | ||
@@ -956,6 +962,9 @@ | |||
956 | /* Define to 1 if you have the `setpcred' function. */ | 962 | /* Define to 1 if you have the `setpcred' function. */ |
957 | #undef HAVE_SETPCRED | 963 | #undef HAVE_SETPCRED |
958 | 964 | ||
965 | /* Define to 1 if you have the `setppriv' function. */ | ||
966 | #undef HAVE_SETPPRIV | ||
967 | |||
959 | /* Define to 1 if you have the `setproctitle' function. */ | 968 | /* Define to 1 if you have the `setproctitle' function. */ |
960 | #undef HAVE_SETPROCTITLE | 969 | #undef HAVE_SETPROCTITLE |
961 | 970 | ||
@@ -1444,6 +1453,9 @@ | |||
1444 | /* Define if you don't want to use lastlog in session.c */ | 1453 | /* Define if you don't want to use lastlog in session.c */ |
1445 | #undef NO_SSH_LASTLOG | 1454 | #undef NO_SSH_LASTLOG |
1446 | 1455 | ||
1456 | /* Define to disable UID restoration test */ | ||
1457 | #undef NO_UID_RESTORATION_TEST | ||
1458 | |||
1447 | /* Define if X11 doesn't support AF_UNIX sockets on that system */ | 1459 | /* Define if X11 doesn't support AF_UNIX sockets on that system */ |
1448 | #undef NO_X11_UNIX_SOCKETS | 1460 | #undef NO_X11_UNIX_SOCKETS |
1449 | 1461 | ||
@@ -1520,6 +1532,9 @@ | |||
1520 | /* no privsep sandboxing */ | 1532 | /* no privsep sandboxing */ |
1521 | #undef SANDBOX_NULL | 1533 | #undef SANDBOX_NULL |
1522 | 1534 | ||
1535 | /* Sandbox using pledge(2) */ | ||
1536 | #undef SANDBOX_PLEDGE | ||
1537 | |||
1523 | /* Sandbox using setrlimit(2) */ | 1538 | /* Sandbox using setrlimit(2) */ |
1524 | #undef SANDBOX_RLIMIT | 1539 | #undef SANDBOX_RLIMIT |
1525 | 1540 | ||
@@ -1532,6 +1547,9 @@ | |||
1532 | /* define if setrlimit RLIMIT_NOFILE breaks things */ | 1547 | /* define if setrlimit RLIMIT_NOFILE breaks things */ |
1533 | #undef SANDBOX_SKIP_RLIMIT_NOFILE | 1548 | #undef SANDBOX_SKIP_RLIMIT_NOFILE |
1534 | 1549 | ||
1550 | /* Sandbox using Solaris/Illumos privileges */ | ||
1551 | #undef SANDBOX_SOLARIS | ||
1552 | |||
1535 | /* Sandbox using systrace(4) */ | 1553 | /* Sandbox using systrace(4) */ |
1536 | #undef SANDBOX_SYSTRACE | 1554 | #undef SANDBOX_SYSTRACE |
1537 | 1555 | ||
@@ -1644,6 +1662,9 @@ | |||
1644 | /* platform has the Security Authorization Session API */ | 1662 | /* platform has the Security Authorization Session API */ |
1645 | #undef USE_SECURITY_SESSION_API | 1663 | #undef USE_SECURITY_SESSION_API |
1646 | 1664 | ||
1665 | /* Define if you have Solaris privileges */ | ||
1666 | #undef USE_SOLARIS_PRIVS | ||
1667 | |||
1647 | /* Define if you have Solaris process contracts */ | 1668 | /* Define if you have Solaris process contracts */ |
1648 | #undef USE_SOLARIS_PROCESS_CONTRACTS | 1669 | #undef USE_SOLARIS_PROCESS_CONTRACTS |
1649 | 1670 | ||
@@ -1320,7 +1320,7 @@ Optional Packages: | |||
1320 | --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] | 1320 | --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] |
1321 | --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) | 1321 | --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) |
1322 | --without-openssl Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL** | 1322 | --without-openssl Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL** |
1323 | --without-ssh1 Enable support for SSH protocol 1 | 1323 | --with-ssh1 Enable support for SSH protocol 1 |
1324 | --without-stackprotect Don't use compiler's stack protection | 1324 | --without-stackprotect Don't use compiler's stack protection |
1325 | --without-hardening Don't use toolchain hardening flags | 1325 | --without-hardening Don't use toolchain hardening flags |
1326 | --without-rpath Disable auto-added -R linker paths | 1326 | --without-rpath Disable auto-added -R linker paths |
@@ -1331,6 +1331,7 @@ Optional Packages: | |||
1331 | --with-Werror Build main code with -Werror | 1331 | --with-Werror Build main code with -Werror |
1332 | --with-solaris-contracts Enable Solaris process contracts (experimental) | 1332 | --with-solaris-contracts Enable Solaris process contracts (experimental) |
1333 | --with-solaris-projects Enable Solaris projects (experimental) | 1333 | --with-solaris-projects Enable Solaris projects (experimental) |
1334 | --with-solaris-privs Enable Solaris/Illumos privileges (experimental) | ||
1334 | --with-osfsia Enable Digital Unix SIA | 1335 | --with-osfsia Enable Digital Unix SIA |
1335 | --with-zlib=PATH Use zlib in PATH | 1336 | --with-zlib=PATH Use zlib in PATH |
1336 | --without-zlib-version-check Disable zlib version check | 1337 | --without-zlib-version-check Disable zlib version check |
@@ -1346,7 +1347,7 @@ Optional Packages: | |||
1346 | --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool) | 1347 | --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool) |
1347 | --with-pam Enable PAM support | 1348 | --with-pam Enable PAM support |
1348 | --with-privsep-user=user Specify non-privileged user for privilege separation | 1349 | --with-privsep-user=user Specify non-privileged user for privilege separation |
1349 | --with-sandbox=style Specify privilege separation sandbox (no, darwin, rlimit, systrace, seccomp_filter, capsicum) | 1350 | --with-sandbox=style Specify privilege separation sandbox (no, capsicum, darwin, rlimit, seccomp_filter, systrace, pledge) |
1350 | --with-selinux Enable SELinux support | 1351 | --with-selinux Enable SELinux support |
1351 | --with-kerberos5=PATH Enable Kerberos 5 support | 1352 | --with-kerberos5=PATH Enable Kerberos 5 support |
1352 | --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty) | 1353 | --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty) |
@@ -7972,6 +7973,11 @@ done | |||
7972 | SIA_MSG="no" | 7973 | SIA_MSG="no" |
7973 | SPC_MSG="no" | 7974 | SPC_MSG="no" |
7974 | SP_MSG="no" | 7975 | SP_MSG="no" |
7976 | SPP_MSG="no" | ||
7977 | |||
7978 | # Support for Solaris/Illumos privileges (this test is used by both | ||
7979 | # the --with-solaris-privs option and --with-sandbox=solaris). | ||
7980 | SOLARIS_PRIVS="no" | ||
7975 | 7981 | ||
7976 | # Check for some target-specific stuff | 7982 | # Check for some target-specific stuff |
7977 | case "$host" in | 7983 | case "$host" in |
@@ -8960,6 +8966,11 @@ _ACEOF | |||
8960 | 8966 | ||
8961 | 8967 | ||
8962 | cat >>confdefs.h <<\_ACEOF | 8968 | cat >>confdefs.h <<\_ACEOF |
8969 | #define NO_UID_RESTORATION_TEST 1 | ||
8970 | _ACEOF | ||
8971 | |||
8972 | |||
8973 | cat >>confdefs.h <<\_ACEOF | ||
8963 | #define DISABLE_SHADOW 1 | 8974 | #define DISABLE_SHADOW 1 |
8964 | _ACEOF | 8975 | _ACEOF |
8965 | 8976 | ||
@@ -9491,6 +9502,73 @@ fi | |||
9491 | 9502 | ||
9492 | done | 9503 | done |
9493 | 9504 | ||
9505 | { echo "$as_me:$LINENO: checking for sandbox_apply in -lsandbox" >&5 | ||
9506 | echo $ECHO_N "checking for sandbox_apply in -lsandbox... $ECHO_C" >&6; } | ||
9507 | if test "${ac_cv_lib_sandbox_sandbox_apply+set}" = set; then | ||
9508 | echo $ECHO_N "(cached) $ECHO_C" >&6 | ||
9509 | else | ||
9510 | ac_check_lib_save_LIBS=$LIBS | ||
9511 | LIBS="-lsandbox $LIBS" | ||
9512 | cat >conftest.$ac_ext <<_ACEOF | ||
9513 | /* confdefs.h. */ | ||
9514 | _ACEOF | ||
9515 | cat confdefs.h >>conftest.$ac_ext | ||
9516 | cat >>conftest.$ac_ext <<_ACEOF | ||
9517 | /* end confdefs.h. */ | ||
9518 | |||
9519 | /* Override any GCC internal prototype to avoid an error. | ||
9520 | Use char because int might match the return type of a GCC | ||
9521 | builtin and then its argument prototype would still apply. */ | ||
9522 | #ifdef __cplusplus | ||
9523 | extern "C" | ||
9524 | #endif | ||
9525 | char sandbox_apply (); | ||
9526 | int | ||
9527 | main () | ||
9528 | { | ||
9529 | return sandbox_apply (); | ||
9530 | ; | ||
9531 | return 0; | ||
9532 | } | ||
9533 | _ACEOF | ||
9534 | rm -f conftest.$ac_objext conftest$ac_exeext | ||
9535 | if { (ac_try="$ac_link" | ||
9536 | case "(($ac_try" in | ||
9537 | *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; | ||
9538 | *) ac_try_echo=$ac_try;; | ||
9539 | esac | ||
9540 | eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 | ||
9541 | (eval "$ac_link") 2>conftest.er1 | ||
9542 | ac_status=$? | ||
9543 | grep -v '^ *+' conftest.er1 >conftest.err | ||
9544 | rm -f conftest.er1 | ||
9545 | cat conftest.err >&5 | ||
9546 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 | ||
9547 | (exit $ac_status); } && { | ||
9548 | test -z "$ac_c_werror_flag" || | ||
9549 | test ! -s conftest.err | ||
9550 | } && test -s conftest$ac_exeext && | ||
9551 | $as_test_x conftest$ac_exeext; then | ||
9552 | ac_cv_lib_sandbox_sandbox_apply=yes | ||
9553 | else | ||
9554 | echo "$as_me: failed program was:" >&5 | ||
9555 | sed 's/^/| /' conftest.$ac_ext >&5 | ||
9556 | |||
9557 | ac_cv_lib_sandbox_sandbox_apply=no | ||
9558 | fi | ||
9559 | |||
9560 | rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ | ||
9561 | conftest$ac_exeext conftest.$ac_ext | ||
9562 | LIBS=$ac_check_lib_save_LIBS | ||
9563 | fi | ||
9564 | { echo "$as_me:$LINENO: result: $ac_cv_lib_sandbox_sandbox_apply" >&5 | ||
9565 | echo "${ECHO_T}$ac_cv_lib_sandbox_sandbox_apply" >&6; } | ||
9566 | if test $ac_cv_lib_sandbox_sandbox_apply = yes; then | ||
9567 | |||
9568 | SSHDLIBS="$SSHDLIBS -lsandbox" | ||
9569 | |||
9570 | fi | ||
9571 | |||
9494 | ;; | 9572 | ;; |
9495 | *-*-dragonfly*) | 9573 | *-*-dragonfly*) |
9496 | SSHDLIBS="$SSHDLIBS -lcrypt" | 9574 | SSHDLIBS="$SSHDLIBS -lcrypt" |
@@ -10789,6 +10867,339 @@ _ACEOF | |||
10789 | echo "${ECHO_T}no" >&6; } | 10867 | echo "${ECHO_T}no" >&6; } |
10790 | fi | 10868 | fi |
10791 | 10869 | ||
10870 | for ac_func in setppriv | ||
10871 | do | ||
10872 | as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` | ||
10873 | { echo "$as_me:$LINENO: checking for $ac_func" >&5 | ||
10874 | echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; } | ||
10875 | if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then | ||
10876 | echo $ECHO_N "(cached) $ECHO_C" >&6 | ||
10877 | else | ||
10878 | cat >conftest.$ac_ext <<_ACEOF | ||
10879 | /* confdefs.h. */ | ||
10880 | _ACEOF | ||
10881 | cat confdefs.h >>conftest.$ac_ext | ||
10882 | cat >>conftest.$ac_ext <<_ACEOF | ||
10883 | /* end confdefs.h. */ | ||
10884 | /* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func. | ||
10885 | For example, HP-UX 11i <limits.h> declares gettimeofday. */ | ||
10886 | #define $ac_func innocuous_$ac_func | ||
10887 | |||
10888 | /* System header to define __stub macros and hopefully few prototypes, | ||
10889 | which can conflict with char $ac_func (); below. | ||
10890 | Prefer <limits.h> to <assert.h> if __STDC__ is defined, since | ||
10891 | <limits.h> exists even on freestanding compilers. */ | ||
10892 | |||
10893 | #ifdef __STDC__ | ||
10894 | # include <limits.h> | ||
10895 | #else | ||
10896 | # include <assert.h> | ||
10897 | #endif | ||
10898 | |||
10899 | #undef $ac_func | ||
10900 | |||
10901 | /* Override any GCC internal prototype to avoid an error. | ||
10902 | Use char because int might match the return type of a GCC | ||
10903 | builtin and then its argument prototype would still apply. */ | ||
10904 | #ifdef __cplusplus | ||
10905 | extern "C" | ||
10906 | #endif | ||
10907 | char $ac_func (); | ||
10908 | /* The GNU C library defines this for functions which it implements | ||
10909 | to always fail with ENOSYS. Some functions are actually named | ||
10910 | something starting with __ and the normal name is an alias. */ | ||
10911 | #if defined __stub_$ac_func || defined __stub___$ac_func | ||
10912 | choke me | ||
10913 | #endif | ||
10914 | |||
10915 | int | ||
10916 | main () | ||
10917 | { | ||
10918 | return $ac_func (); | ||
10919 | ; | ||
10920 | return 0; | ||
10921 | } | ||
10922 | _ACEOF | ||
10923 | rm -f conftest.$ac_objext conftest$ac_exeext | ||
10924 | if { (ac_try="$ac_link" | ||
10925 | case "(($ac_try" in | ||
10926 | *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; | ||
10927 | *) ac_try_echo=$ac_try;; | ||
10928 | esac | ||
10929 | eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 | ||
10930 | (eval "$ac_link") 2>conftest.er1 | ||
10931 | ac_status=$? | ||
10932 | grep -v '^ *+' conftest.er1 >conftest.err | ||
10933 | rm -f conftest.er1 | ||
10934 | cat conftest.err >&5 | ||
10935 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 | ||
10936 | (exit $ac_status); } && { | ||
10937 | test -z "$ac_c_werror_flag" || | ||
10938 | test ! -s conftest.err | ||
10939 | } && test -s conftest$ac_exeext && | ||
10940 | $as_test_x conftest$ac_exeext; then | ||
10941 | eval "$as_ac_var=yes" | ||
10942 | else | ||
10943 | echo "$as_me: failed program was:" >&5 | ||
10944 | sed 's/^/| /' conftest.$ac_ext >&5 | ||
10945 | |||
10946 | eval "$as_ac_var=no" | ||
10947 | fi | ||
10948 | |||
10949 | rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ | ||
10950 | conftest$ac_exeext conftest.$ac_ext | ||
10951 | fi | ||
10952 | ac_res=`eval echo '${'$as_ac_var'}'` | ||
10953 | { echo "$as_me:$LINENO: result: $ac_res" >&5 | ||
10954 | echo "${ECHO_T}$ac_res" >&6; } | ||
10955 | if test `eval echo '${'$as_ac_var'}'` = yes; then | ||
10956 | cat >>confdefs.h <<_ACEOF | ||
10957 | #define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 | ||
10958 | _ACEOF | ||
10959 | |||
10960 | fi | ||
10961 | done | ||
10962 | |||
10963 | |||
10964 | for ac_func in priv_basicset | ||
10965 | do | ||
10966 | as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` | ||
10967 | { echo "$as_me:$LINENO: checking for $ac_func" >&5 | ||
10968 | echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; } | ||
10969 | if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then | ||
10970 | echo $ECHO_N "(cached) $ECHO_C" >&6 | ||
10971 | else | ||
10972 | cat >conftest.$ac_ext <<_ACEOF | ||
10973 | /* confdefs.h. */ | ||
10974 | _ACEOF | ||
10975 | cat confdefs.h >>conftest.$ac_ext | ||
10976 | cat >>conftest.$ac_ext <<_ACEOF | ||
10977 | /* end confdefs.h. */ | ||
10978 | /* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func. | ||
10979 | For example, HP-UX 11i <limits.h> declares gettimeofday. */ | ||
10980 | #define $ac_func innocuous_$ac_func | ||
10981 | |||
10982 | /* System header to define __stub macros and hopefully few prototypes, | ||
10983 | which can conflict with char $ac_func (); below. | ||
10984 | Prefer <limits.h> to <assert.h> if __STDC__ is defined, since | ||
10985 | <limits.h> exists even on freestanding compilers. */ | ||
10986 | |||
10987 | #ifdef __STDC__ | ||
10988 | # include <limits.h> | ||
10989 | #else | ||
10990 | # include <assert.h> | ||
10991 | #endif | ||
10992 | |||
10993 | #undef $ac_func | ||
10994 | |||
10995 | /* Override any GCC internal prototype to avoid an error. | ||
10996 | Use char because int might match the return type of a GCC | ||
10997 | builtin and then its argument prototype would still apply. */ | ||
10998 | #ifdef __cplusplus | ||
10999 | extern "C" | ||
11000 | #endif | ||
11001 | char $ac_func (); | ||
11002 | /* The GNU C library defines this for functions which it implements | ||
11003 | to always fail with ENOSYS. Some functions are actually named | ||
11004 | something starting with __ and the normal name is an alias. */ | ||
11005 | #if defined __stub_$ac_func || defined __stub___$ac_func | ||
11006 | choke me | ||
11007 | #endif | ||
11008 | |||
11009 | int | ||
11010 | main () | ||
11011 | { | ||
11012 | return $ac_func (); | ||
11013 | ; | ||
11014 | return 0; | ||
11015 | } | ||
11016 | _ACEOF | ||
11017 | rm -f conftest.$ac_objext conftest$ac_exeext | ||
11018 | if { (ac_try="$ac_link" | ||
11019 | case "(($ac_try" in | ||
11020 | *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; | ||
11021 | *) ac_try_echo=$ac_try;; | ||
11022 | esac | ||
11023 | eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 | ||
11024 | (eval "$ac_link") 2>conftest.er1 | ||
11025 | ac_status=$? | ||
11026 | grep -v '^ *+' conftest.er1 >conftest.err | ||
11027 | rm -f conftest.er1 | ||
11028 | cat conftest.err >&5 | ||
11029 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 | ||
11030 | (exit $ac_status); } && { | ||
11031 | test -z "$ac_c_werror_flag" || | ||
11032 | test ! -s conftest.err | ||
11033 | } && test -s conftest$ac_exeext && | ||
11034 | $as_test_x conftest$ac_exeext; then | ||
11035 | eval "$as_ac_var=yes" | ||
11036 | else | ||
11037 | echo "$as_me: failed program was:" >&5 | ||
11038 | sed 's/^/| /' conftest.$ac_ext >&5 | ||
11039 | |||
11040 | eval "$as_ac_var=no" | ||
11041 | fi | ||
11042 | |||
11043 | rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ | ||
11044 | conftest$ac_exeext conftest.$ac_ext | ||
11045 | fi | ||
11046 | ac_res=`eval echo '${'$as_ac_var'}'` | ||
11047 | { echo "$as_me:$LINENO: result: $ac_res" >&5 | ||
11048 | echo "${ECHO_T}$ac_res" >&6; } | ||
11049 | if test `eval echo '${'$as_ac_var'}'` = yes; then | ||
11050 | cat >>confdefs.h <<_ACEOF | ||
11051 | #define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 | ||
11052 | _ACEOF | ||
11053 | |||
11054 | fi | ||
11055 | done | ||
11056 | |||
11057 | |||
11058 | for ac_header in priv.h | ||
11059 | do | ||
11060 | as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` | ||
11061 | if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then | ||
11062 | { echo "$as_me:$LINENO: checking for $ac_header" >&5 | ||
11063 | echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } | ||
11064 | if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then | ||
11065 | echo $ECHO_N "(cached) $ECHO_C" >&6 | ||
11066 | fi | ||
11067 | ac_res=`eval echo '${'$as_ac_Header'}'` | ||
11068 | { echo "$as_me:$LINENO: result: $ac_res" >&5 | ||
11069 | echo "${ECHO_T}$ac_res" >&6; } | ||
11070 | else | ||
11071 | # Is the header compilable? | ||
11072 | { echo "$as_me:$LINENO: checking $ac_header usability" >&5 | ||
11073 | echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; } | ||
11074 | cat >conftest.$ac_ext <<_ACEOF | ||
11075 | /* confdefs.h. */ | ||
11076 | _ACEOF | ||
11077 | cat confdefs.h >>conftest.$ac_ext | ||
11078 | cat >>conftest.$ac_ext <<_ACEOF | ||
11079 | /* end confdefs.h. */ | ||
11080 | $ac_includes_default | ||
11081 | #include <$ac_header> | ||
11082 | _ACEOF | ||
11083 | rm -f conftest.$ac_objext | ||
11084 | if { (ac_try="$ac_compile" | ||
11085 | case "(($ac_try" in | ||
11086 | *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; | ||
11087 | *) ac_try_echo=$ac_try;; | ||
11088 | esac | ||
11089 | eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 | ||
11090 | (eval "$ac_compile") 2>conftest.er1 | ||
11091 | ac_status=$? | ||
11092 | grep -v '^ *+' conftest.er1 >conftest.err | ||
11093 | rm -f conftest.er1 | ||
11094 | cat conftest.err >&5 | ||
11095 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 | ||
11096 | (exit $ac_status); } && { | ||
11097 | test -z "$ac_c_werror_flag" || | ||
11098 | test ! -s conftest.err | ||
11099 | } && test -s conftest.$ac_objext; then | ||
11100 | ac_header_compiler=yes | ||
11101 | else | ||
11102 | echo "$as_me: failed program was:" >&5 | ||
11103 | sed 's/^/| /' conftest.$ac_ext >&5 | ||
11104 | |||
11105 | ac_header_compiler=no | ||
11106 | fi | ||
11107 | |||
11108 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
11109 | { echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 | ||
11110 | echo "${ECHO_T}$ac_header_compiler" >&6; } | ||
11111 | |||
11112 | # Is the header present? | ||
11113 | { echo "$as_me:$LINENO: checking $ac_header presence" >&5 | ||
11114 | echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; } | ||
11115 | cat >conftest.$ac_ext <<_ACEOF | ||
11116 | /* confdefs.h. */ | ||
11117 | _ACEOF | ||
11118 | cat confdefs.h >>conftest.$ac_ext | ||
11119 | cat >>conftest.$ac_ext <<_ACEOF | ||
11120 | /* end confdefs.h. */ | ||
11121 | #include <$ac_header> | ||
11122 | _ACEOF | ||
11123 | if { (ac_try="$ac_cpp conftest.$ac_ext" | ||
11124 | case "(($ac_try" in | ||
11125 | *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; | ||
11126 | *) ac_try_echo=$ac_try;; | ||
11127 | esac | ||
11128 | eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 | ||
11129 | (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 | ||
11130 | ac_status=$? | ||
11131 | grep -v '^ *+' conftest.er1 >conftest.err | ||
11132 | rm -f conftest.er1 | ||
11133 | cat conftest.err >&5 | ||
11134 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 | ||
11135 | (exit $ac_status); } >/dev/null && { | ||
11136 | test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || | ||
11137 | test ! -s conftest.err | ||
11138 | }; then | ||
11139 | ac_header_preproc=yes | ||
11140 | else | ||
11141 | echo "$as_me: failed program was:" >&5 | ||
11142 | sed 's/^/| /' conftest.$ac_ext >&5 | ||
11143 | |||
11144 | ac_header_preproc=no | ||
11145 | fi | ||
11146 | |||
11147 | rm -f conftest.err conftest.$ac_ext | ||
11148 | { echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 | ||
11149 | echo "${ECHO_T}$ac_header_preproc" >&6; } | ||
11150 | |||
11151 | # So? What about this header? | ||
11152 | case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in | ||
11153 | yes:no: ) | ||
11154 | { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5 | ||
11155 | echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;} | ||
11156 | { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5 | ||
11157 | echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;} | ||
11158 | ac_header_preproc=yes | ||
11159 | ;; | ||
11160 | no:yes:* ) | ||
11161 | { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5 | ||
11162 | echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;} | ||
11163 | { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5 | ||
11164 | echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;} | ||
11165 | { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5 | ||
11166 | echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;} | ||
11167 | { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5 | ||
11168 | echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;} | ||
11169 | { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5 | ||
11170 | echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;} | ||
11171 | { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5 | ||
11172 | echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;} | ||
11173 | ( cat <<\_ASBOX | ||
11174 | ## ------------------------------------------- ## | ||
11175 | ## Report this to openssh-unix-dev@mindrot.org ## | ||
11176 | ## ------------------------------------------- ## | ||
11177 | _ASBOX | ||
11178 | ) | sed "s/^/$as_me: WARNING: /" >&2 | ||
11179 | ;; | ||
11180 | esac | ||
11181 | { echo "$as_me:$LINENO: checking for $ac_header" >&5 | ||
11182 | echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } | ||
11183 | if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then | ||
11184 | echo $ECHO_N "(cached) $ECHO_C" >&6 | ||
11185 | else | ||
11186 | eval "$as_ac_Header=\$ac_header_preproc" | ||
11187 | fi | ||
11188 | ac_res=`eval echo '${'$as_ac_Header'}'` | ||
11189 | { echo "$as_me:$LINENO: result: $ac_res" >&5 | ||
11190 | echo "${ECHO_T}$ac_res" >&6; } | ||
11191 | |||
11192 | fi | ||
11193 | if test `eval echo '${'$as_ac_Header'}'` = yes; then | ||
11194 | cat >>confdefs.h <<_ACEOF | ||
11195 | #define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 | ||
11196 | _ACEOF | ||
11197 | |||
11198 | fi | ||
11199 | |||
11200 | done | ||
11201 | |||
11202 | |||
10792 | # Check whether --with-solaris-contracts was given. | 11203 | # Check whether --with-solaris-contracts was given. |
10793 | if test "${with_solaris_contracts+set}" = set; then | 11204 | if test "${with_solaris_contracts+set}" = set; then |
10794 | withval=$with_solaris_contracts; | 11205 | withval=$with_solaris_contracts; |
@@ -10859,7 +11270,7 @@ cat >>confdefs.h <<\_ACEOF | |||
10859 | #define USE_SOLARIS_PROCESS_CONTRACTS 1 | 11270 | #define USE_SOLARIS_PROCESS_CONTRACTS 1 |
10860 | _ACEOF | 11271 | _ACEOF |
10861 | 11272 | ||
10862 | SSHDLIBS="$SSHDLIBS -lcontract" | 11273 | LIBS="$LIBS -lcontract" |
10863 | SPC_MSG="yes" | 11274 | SPC_MSG="yes" |
10864 | fi | 11275 | fi |
10865 | 11276 | ||
@@ -10937,13 +11348,45 @@ cat >>confdefs.h <<\_ACEOF | |||
10937 | #define USE_SOLARIS_PROJECTS 1 | 11348 | #define USE_SOLARIS_PROJECTS 1 |
10938 | _ACEOF | 11349 | _ACEOF |
10939 | 11350 | ||
10940 | SSHDLIBS="$SSHDLIBS -lproject" | 11351 | LIBS="$LIBS -lproject" |
10941 | SP_MSG="yes" | 11352 | SP_MSG="yes" |
10942 | fi | 11353 | fi |
10943 | 11354 | ||
10944 | 11355 | ||
10945 | fi | 11356 | fi |
10946 | 11357 | ||
11358 | |||
11359 | # Check whether --with-solaris-privs was given. | ||
11360 | if test "${with_solaris_privs+set}" = set; then | ||
11361 | withval=$with_solaris_privs; | ||
11362 | { echo "$as_me:$LINENO: checking for Solaris/Illumos privilege support" >&5 | ||
11363 | echo $ECHO_N "checking for Solaris/Illumos privilege support... $ECHO_C" >&6; } | ||
11364 | if test "x$ac_cv_func_setppriv" = "xyes" -a \ | ||
11365 | "x$ac_cv_header_priv_h" = "xyes" ; then | ||
11366 | SOLARIS_PRIVS=yes | ||
11367 | { echo "$as_me:$LINENO: result: found" >&5 | ||
11368 | echo "${ECHO_T}found" >&6; } | ||
11369 | |||
11370 | cat >>confdefs.h <<\_ACEOF | ||
11371 | #define NO_UID_RESTORATION_TEST 1 | ||
11372 | _ACEOF | ||
11373 | |||
11374 | |||
11375 | cat >>confdefs.h <<\_ACEOF | ||
11376 | #define USE_SOLARIS_PRIVS 1 | ||
11377 | _ACEOF | ||
11378 | |||
11379 | SPP_MSG="yes" | ||
11380 | else | ||
11381 | { echo "$as_me:$LINENO: result: not found" >&5 | ||
11382 | echo "${ECHO_T}not found" >&6; } | ||
11383 | { { echo "$as_me:$LINENO: error: *** must have support for Solaris privileges to use --with-solaris-privs" >&5 | ||
11384 | echo "$as_me: error: *** must have support for Solaris privileges to use --with-solaris-privs" >&2;} | ||
11385 | { (exit 1); exit 1; }; } | ||
11386 | fi | ||
11387 | |||
11388 | fi | ||
11389 | |||
10947 | TEST_SHELL=$SHELL # let configure find us a capable shell | 11390 | TEST_SHELL=$SHELL # let configure find us a capable shell |
10948 | ;; | 11391 | ;; |
10949 | *-*-sunos4*) | 11392 | *-*-sunos4*) |
@@ -11942,163 +12385,6 @@ fi | |||
11942 | 12385 | ||
11943 | 12386 | ||
11944 | # Checks for libraries. | 12387 | # Checks for libraries. |
11945 | { echo "$as_me:$LINENO: checking for yp_match" >&5 | ||
11946 | echo $ECHO_N "checking for yp_match... $ECHO_C" >&6; } | ||
11947 | if test "${ac_cv_func_yp_match+set}" = set; then | ||
11948 | echo $ECHO_N "(cached) $ECHO_C" >&6 | ||
11949 | else | ||
11950 | cat >conftest.$ac_ext <<_ACEOF | ||
11951 | /* confdefs.h. */ | ||
11952 | _ACEOF | ||
11953 | cat confdefs.h >>conftest.$ac_ext | ||
11954 | cat >>conftest.$ac_ext <<_ACEOF | ||
11955 | /* end confdefs.h. */ | ||
11956 | /* Define yp_match to an innocuous variant, in case <limits.h> declares yp_match. | ||
11957 | For example, HP-UX 11i <limits.h> declares gettimeofday. */ | ||
11958 | #define yp_match innocuous_yp_match | ||
11959 | |||
11960 | /* System header to define __stub macros and hopefully few prototypes, | ||
11961 | which can conflict with char yp_match (); below. | ||
11962 | Prefer <limits.h> to <assert.h> if __STDC__ is defined, since | ||
11963 | <limits.h> exists even on freestanding compilers. */ | ||
11964 | |||
11965 | #ifdef __STDC__ | ||
11966 | # include <limits.h> | ||
11967 | #else | ||
11968 | # include <assert.h> | ||
11969 | #endif | ||
11970 | |||
11971 | #undef yp_match | ||
11972 | |||
11973 | /* Override any GCC internal prototype to avoid an error. | ||
11974 | Use char because int might match the return type of a GCC | ||
11975 | builtin and then its argument prototype would still apply. */ | ||
11976 | #ifdef __cplusplus | ||
11977 | extern "C" | ||
11978 | #endif | ||
11979 | char yp_match (); | ||
11980 | /* The GNU C library defines this for functions which it implements | ||
11981 | to always fail with ENOSYS. Some functions are actually named | ||
11982 | something starting with __ and the normal name is an alias. */ | ||
11983 | #if defined __stub_yp_match || defined __stub___yp_match | ||
11984 | choke me | ||
11985 | #endif | ||
11986 | |||
11987 | int | ||
11988 | main () | ||
11989 | { | ||
11990 | return yp_match (); | ||
11991 | ; | ||
11992 | return 0; | ||
11993 | } | ||
11994 | _ACEOF | ||
11995 | rm -f conftest.$ac_objext conftest$ac_exeext | ||
11996 | if { (ac_try="$ac_link" | ||
11997 | case "(($ac_try" in | ||
11998 | *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; | ||
11999 | *) ac_try_echo=$ac_try;; | ||
12000 | esac | ||
12001 | eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 | ||
12002 | (eval "$ac_link") 2>conftest.er1 | ||
12003 | ac_status=$? | ||
12004 | grep -v '^ *+' conftest.er1 >conftest.err | ||
12005 | rm -f conftest.er1 | ||
12006 | cat conftest.err >&5 | ||
12007 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 | ||
12008 | (exit $ac_status); } && { | ||
12009 | test -z "$ac_c_werror_flag" || | ||
12010 | test ! -s conftest.err | ||
12011 | } && test -s conftest$ac_exeext && | ||
12012 | $as_test_x conftest$ac_exeext; then | ||
12013 | ac_cv_func_yp_match=yes | ||
12014 | else | ||
12015 | echo "$as_me: failed program was:" >&5 | ||
12016 | sed 's/^/| /' conftest.$ac_ext >&5 | ||
12017 | |||
12018 | ac_cv_func_yp_match=no | ||
12019 | fi | ||
12020 | |||
12021 | rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ | ||
12022 | conftest$ac_exeext conftest.$ac_ext | ||
12023 | fi | ||
12024 | { echo "$as_me:$LINENO: result: $ac_cv_func_yp_match" >&5 | ||
12025 | echo "${ECHO_T}$ac_cv_func_yp_match" >&6; } | ||
12026 | if test $ac_cv_func_yp_match = yes; then | ||
12027 | : | ||
12028 | else | ||
12029 | |||
12030 | { echo "$as_me:$LINENO: checking for yp_match in -lnsl" >&5 | ||
12031 | echo $ECHO_N "checking for yp_match in -lnsl... $ECHO_C" >&6; } | ||
12032 | if test "${ac_cv_lib_nsl_yp_match+set}" = set; then | ||
12033 | echo $ECHO_N "(cached) $ECHO_C" >&6 | ||
12034 | else | ||
12035 | ac_check_lib_save_LIBS=$LIBS | ||
12036 | LIBS="-lnsl $LIBS" | ||
12037 | cat >conftest.$ac_ext <<_ACEOF | ||
12038 | /* confdefs.h. */ | ||
12039 | _ACEOF | ||
12040 | cat confdefs.h >>conftest.$ac_ext | ||
12041 | cat >>conftest.$ac_ext <<_ACEOF | ||
12042 | /* end confdefs.h. */ | ||
12043 | |||
12044 | /* Override any GCC internal prototype to avoid an error. | ||
12045 | Use char because int might match the return type of a GCC | ||
12046 | builtin and then its argument prototype would still apply. */ | ||
12047 | #ifdef __cplusplus | ||
12048 | extern "C" | ||
12049 | #endif | ||
12050 | char yp_match (); | ||
12051 | int | ||
12052 | main () | ||
12053 | { | ||
12054 | return yp_match (); | ||
12055 | ; | ||
12056 | return 0; | ||
12057 | } | ||
12058 | _ACEOF | ||
12059 | rm -f conftest.$ac_objext conftest$ac_exeext | ||
12060 | if { (ac_try="$ac_link" | ||
12061 | case "(($ac_try" in | ||
12062 | *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; | ||
12063 | *) ac_try_echo=$ac_try;; | ||
12064 | esac | ||
12065 | eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 | ||
12066 | (eval "$ac_link") 2>conftest.er1 | ||
12067 | ac_status=$? | ||
12068 | grep -v '^ *+' conftest.er1 >conftest.err | ||
12069 | rm -f conftest.er1 | ||
12070 | cat conftest.err >&5 | ||
12071 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 | ||
12072 | (exit $ac_status); } && { | ||
12073 | test -z "$ac_c_werror_flag" || | ||
12074 | test ! -s conftest.err | ||
12075 | } && test -s conftest$ac_exeext && | ||
12076 | $as_test_x conftest$ac_exeext; then | ||
12077 | ac_cv_lib_nsl_yp_match=yes | ||
12078 | else | ||
12079 | echo "$as_me: failed program was:" >&5 | ||
12080 | sed 's/^/| /' conftest.$ac_ext >&5 | ||
12081 | |||
12082 | ac_cv_lib_nsl_yp_match=no | ||
12083 | fi | ||
12084 | |||
12085 | rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ | ||
12086 | conftest$ac_exeext conftest.$ac_ext | ||
12087 | LIBS=$ac_check_lib_save_LIBS | ||
12088 | fi | ||
12089 | { echo "$as_me:$LINENO: result: $ac_cv_lib_nsl_yp_match" >&5 | ||
12090 | echo "${ECHO_T}$ac_cv_lib_nsl_yp_match" >&6; } | ||
12091 | if test $ac_cv_lib_nsl_yp_match = yes; then | ||
12092 | cat >>confdefs.h <<_ACEOF | ||
12093 | #define HAVE_LIBNSL 1 | ||
12094 | _ACEOF | ||
12095 | |||
12096 | LIBS="-lnsl $LIBS" | ||
12097 | |||
12098 | fi | ||
12099 | |||
12100 | fi | ||
12101 | |||
12102 | { echo "$as_me:$LINENO: checking for setsockopt" >&5 | 12388 | { echo "$as_me:$LINENO: checking for setsockopt" >&5 |
12103 | echo $ECHO_N "checking for setsockopt... $ECHO_C" >&6; } | 12389 | echo $ECHO_N "checking for setsockopt... $ECHO_C" >&6; } |
12104 | if test "${ac_cv_func_setsockopt+set}" = set; then | 12390 | if test "${ac_cv_func_setsockopt+set}" = set; then |
@@ -14599,7 +14885,8 @@ fi | |||
14599 | done | 14885 | done |
14600 | 14886 | ||
14601 | 14887 | ||
14602 | # On some platforms, inet_ntop may be found in libresolv or libnsl. | 14888 | # On some platforms, inet_ntop and gethostbyname may be found in libresolv |
14889 | # or libnsl. | ||
14603 | { echo "$as_me:$LINENO: checking for library containing inet_ntop" >&5 | 14890 | { echo "$as_me:$LINENO: checking for library containing inet_ntop" >&5 |
14604 | echo $ECHO_N "checking for library containing inet_ntop... $ECHO_C" >&6; } | 14891 | echo $ECHO_N "checking for library containing inet_ntop... $ECHO_C" >&6; } |
14605 | if test "${ac_cv_search_inet_ntop+set}" = set; then | 14892 | if test "${ac_cv_search_inet_ntop+set}" = set; then |
@@ -14683,6 +14970,89 @@ if test "$ac_res" != no; then | |||
14683 | 14970 | ||
14684 | fi | 14971 | fi |
14685 | 14972 | ||
14973 | { echo "$as_me:$LINENO: checking for library containing gethostbyname" >&5 | ||
14974 | echo $ECHO_N "checking for library containing gethostbyname... $ECHO_C" >&6; } | ||
14975 | if test "${ac_cv_search_gethostbyname+set}" = set; then | ||
14976 | echo $ECHO_N "(cached) $ECHO_C" >&6 | ||
14977 | else | ||
14978 | ac_func_search_save_LIBS=$LIBS | ||
14979 | cat >conftest.$ac_ext <<_ACEOF | ||
14980 | /* confdefs.h. */ | ||
14981 | _ACEOF | ||
14982 | cat confdefs.h >>conftest.$ac_ext | ||
14983 | cat >>conftest.$ac_ext <<_ACEOF | ||
14984 | /* end confdefs.h. */ | ||
14985 | |||
14986 | /* Override any GCC internal prototype to avoid an error. | ||
14987 | Use char because int might match the return type of a GCC | ||
14988 | builtin and then its argument prototype would still apply. */ | ||
14989 | #ifdef __cplusplus | ||
14990 | extern "C" | ||
14991 | #endif | ||
14992 | char gethostbyname (); | ||
14993 | int | ||
14994 | main () | ||
14995 | { | ||
14996 | return gethostbyname (); | ||
14997 | ; | ||
14998 | return 0; | ||
14999 | } | ||
15000 | _ACEOF | ||
15001 | for ac_lib in '' resolv nsl; do | ||
15002 | if test -z "$ac_lib"; then | ||
15003 | ac_res="none required" | ||
15004 | else | ||
15005 | ac_res=-l$ac_lib | ||
15006 | LIBS="-l$ac_lib $ac_func_search_save_LIBS" | ||
15007 | fi | ||
15008 | rm -f conftest.$ac_objext conftest$ac_exeext | ||
15009 | if { (ac_try="$ac_link" | ||
15010 | case "(($ac_try" in | ||
15011 | *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; | ||
15012 | *) ac_try_echo=$ac_try;; | ||
15013 | esac | ||
15014 | eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 | ||
15015 | (eval "$ac_link") 2>conftest.er1 | ||
15016 | ac_status=$? | ||
15017 | grep -v '^ *+' conftest.er1 >conftest.err | ||
15018 | rm -f conftest.er1 | ||
15019 | cat conftest.err >&5 | ||
15020 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 | ||
15021 | (exit $ac_status); } && { | ||
15022 | test -z "$ac_c_werror_flag" || | ||
15023 | test ! -s conftest.err | ||
15024 | } && test -s conftest$ac_exeext && | ||
15025 | $as_test_x conftest$ac_exeext; then | ||
15026 | ac_cv_search_gethostbyname=$ac_res | ||
15027 | else | ||
15028 | echo "$as_me: failed program was:" >&5 | ||
15029 | sed 's/^/| /' conftest.$ac_ext >&5 | ||
15030 | |||
15031 | |||
15032 | fi | ||
15033 | |||
15034 | rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ | ||
15035 | conftest$ac_exeext | ||
15036 | if test "${ac_cv_search_gethostbyname+set}" = set; then | ||
15037 | break | ||
15038 | fi | ||
15039 | done | ||
15040 | if test "${ac_cv_search_gethostbyname+set}" = set; then | ||
15041 | : | ||
15042 | else | ||
15043 | ac_cv_search_gethostbyname=no | ||
15044 | fi | ||
15045 | rm conftest.$ac_ext | ||
15046 | LIBS=$ac_func_search_save_LIBS | ||
15047 | fi | ||
15048 | { echo "$as_me:$LINENO: result: $ac_cv_search_gethostbyname" >&5 | ||
15049 | echo "${ECHO_T}$ac_cv_search_gethostbyname" >&6; } | ||
15050 | ac_res=$ac_cv_search_gethostbyname | ||
15051 | if test "$ac_res" != no; then | ||
15052 | test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" | ||
15053 | |||
15054 | fi | ||
15055 | |||
14686 | 15056 | ||
14687 | 15057 | ||
14688 | for ac_func in strftime | 15058 | for ac_func in strftime |
@@ -16524,6 +16894,7 @@ fi | |||
16524 | 16894 | ||
16525 | 16895 | ||
16526 | 16896 | ||
16897 | |||
16527 | for ac_func in \ | 16898 | for ac_func in \ |
16528 | Blowfish_initstate \ | 16899 | Blowfish_initstate \ |
16529 | Blowfish_expandstate \ | 16900 | Blowfish_expandstate \ |
@@ -16579,6 +16950,7 @@ for ac_func in \ | |||
16579 | nsleep \ | 16950 | nsleep \ |
16580 | ogetaddrinfo \ | 16951 | ogetaddrinfo \ |
16581 | openlog_r \ | 16952 | openlog_r \ |
16953 | pledge \ | ||
16582 | poll \ | 16954 | poll \ |
16583 | prctl \ | 16955 | prctl \ |
16584 | pstat \ | 16956 | pstat \ |
@@ -20707,12 +21079,12 @@ openssl_engine=no | |||
20707 | # Check whether --with-ssl-engine was given. | 21079 | # Check whether --with-ssl-engine was given. |
20708 | if test "${with_ssl_engine+set}" = set; then | 21080 | if test "${with_ssl_engine+set}" = set; then |
20709 | withval=$with_ssl_engine; | 21081 | withval=$with_ssl_engine; |
20710 | if test "x$openssl" = "xno" ; then | 21082 | if test "x$withval" != "xno" ; then |
20711 | { { echo "$as_me:$LINENO: error: cannot use --with-ssl-engine when OpenSSL disabled" >&5 | 21083 | if test "x$openssl" = "xno" ; then |
21084 | { { echo "$as_me:$LINENO: error: cannot use --with-ssl-engine when OpenSSL disabled" >&5 | ||
20712 | echo "$as_me: error: cannot use --with-ssl-engine when OpenSSL disabled" >&2;} | 21085 | echo "$as_me: error: cannot use --with-ssl-engine when OpenSSL disabled" >&2;} |
20713 | { (exit 1); exit 1; }; } | 21086 | { (exit 1); exit 1; }; } |
20714 | fi | 21087 | fi |
20715 | if test "x$withval" != "xno" ; then | ||
20716 | openssl_engine=yes | 21088 | openssl_engine=yes |
20717 | fi | 21089 | fi |
20718 | 21090 | ||
@@ -20999,6 +21371,7 @@ cat confdefs.h >>conftest.$ac_ext | |||
20999 | cat >>conftest.$ac_ext <<_ACEOF | 21371 | cat >>conftest.$ac_ext <<_ACEOF |
21000 | /* end confdefs.h. */ | 21372 | /* end confdefs.h. */ |
21001 | 21373 | ||
21374 | #include <stdlib.h> | ||
21002 | #include <stdio.h> | 21375 | #include <stdio.h> |
21003 | #include <string.h> | 21376 | #include <string.h> |
21004 | #include <openssl/opensslv.h> | 21377 | #include <openssl/opensslv.h> |
@@ -21015,7 +21388,8 @@ main () | |||
21015 | if(fd == NULL) | 21388 | if(fd == NULL) |
21016 | exit(1); | 21389 | exit(1); |
21017 | 21390 | ||
21018 | if ((rc = fprintf(fd ,"%08x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0) | 21391 | if ((rc = fprintf(fd ,"%08lx (%s)\n", |
21392 | (unsigned long)OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0) | ||
21019 | exit(1); | 21393 | exit(1); |
21020 | 21394 | ||
21021 | exit(0); | 21395 | exit(0); |
@@ -21184,6 +21558,7 @@ cat >>conftest.$ac_ext <<_ACEOF | |||
21184 | 21558 | ||
21185 | #include <string.h> | 21559 | #include <string.h> |
21186 | #include <openssl/opensslv.h> | 21560 | #include <openssl/opensslv.h> |
21561 | #include <openssl/crypto.h> | ||
21187 | 21562 | ||
21188 | int | 21563 | int |
21189 | main () | 21564 | main () |
@@ -24145,7 +24520,19 @@ fi | |||
24145 | 24520 | ||
24146 | 24521 | ||
24147 | 24522 | ||
24148 | if test "x$sandbox_arg" = "xsystrace" || \ | 24523 | if test "x$sandbox_arg" = "xpledge" || \ |
24524 | ( test -z "$sandbox_arg" && test "x$ac_cv_func_pledge" = "xyes" ) ; then | ||
24525 | test "x$ac_cv_func_pledge" != "xyes" && \ | ||
24526 | { { echo "$as_me:$LINENO: error: pledge sandbox requires pledge(2) support" >&5 | ||
24527 | echo "$as_me: error: pledge sandbox requires pledge(2) support" >&2;} | ||
24528 | { (exit 1); exit 1; }; } | ||
24529 | SANDBOX_STYLE="pledge" | ||
24530 | |||
24531 | cat >>confdefs.h <<\_ACEOF | ||
24532 | #define SANDBOX_PLEDGE 1 | ||
24533 | _ACEOF | ||
24534 | |||
24535 | elif test "x$sandbox_arg" = "xsystrace" || \ | ||
24149 | ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then | 24536 | ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then |
24150 | test "x$have_systr_policy_kill" != "x1" && \ | 24537 | test "x$have_systr_policy_kill" != "x1" && \ |
24151 | { { echo "$as_me:$LINENO: error: systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support" >&5 | 24538 | { { echo "$as_me:$LINENO: error: systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support" >&5 |
@@ -24238,6 +24625,14 @@ cat >>confdefs.h <<\_ACEOF | |||
24238 | #define SANDBOX_RLIMIT 1 | 24625 | #define SANDBOX_RLIMIT 1 |
24239 | _ACEOF | 24626 | _ACEOF |
24240 | 24627 | ||
24628 | elif test "x$sandbox_arg" = "xsolaris" || \ | ||
24629 | ( test -z "$sandbox_arg" && test "x$SOLARIS_PRIVS" = "xyes" ) ; then | ||
24630 | SANDBOX_STYLE="solaris" | ||
24631 | |||
24632 | cat >>confdefs.h <<\_ACEOF | ||
24633 | #define SANDBOX_SOLARIS 1 | ||
24634 | _ACEOF | ||
24635 | |||
24241 | elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \ | 24636 | elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \ |
24242 | test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then | 24637 | test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then |
24243 | SANDBOX_STYLE="none" | 24638 | SANDBOX_STYLE="none" |
@@ -31719,6 +32114,9 @@ int | |||
31719 | main () | 32114 | main () |
31720 | { | 32115 | { |
31721 | 32116 | ||
32117 | struct __res_state *volatile p = &_res; /* force resolution of _res */ | ||
32118 | return 0; | ||
32119 | |||
31722 | ; | 32120 | ; |
31723 | return 0; | 32121 | return 0; |
31724 | } | 32122 | } |
@@ -36811,6 +37209,7 @@ echo " MD5 password support: $MD5_MSG" | |||
36811 | echo " libedit support: $LIBEDIT_MSG" | 37209 | echo " libedit support: $LIBEDIT_MSG" |
36812 | echo " Solaris process contract support: $SPC_MSG" | 37210 | echo " Solaris process contract support: $SPC_MSG" |
36813 | echo " Solaris project support: $SP_MSG" | 37211 | echo " Solaris project support: $SP_MSG" |
37212 | echo " Solaris privilege support: $SPP_MSG" | ||
36814 | echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" | 37213 | echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" |
36815 | echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" | 37214 | echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" |
36816 | echo " BSD Auth support: $BSD_AUTH_MSG" | 37215 | echo " BSD Auth support: $BSD_AUTH_MSG" |
diff --git a/configure.ac b/configure.ac index eec2b727c..c978c1104 100644 --- a/configure.ac +++ b/configure.ac | |||
@@ -140,7 +140,7 @@ else | |||
140 | fi | 140 | fi |
141 | 141 | ||
142 | AC_ARG_WITH([ssh1], | 142 | AC_ARG_WITH([ssh1], |
143 | [ --without-ssh1 Enable support for SSH protocol 1], | 143 | [ --with-ssh1 Enable support for SSH protocol 1], |
144 | [ | 144 | [ |
145 | if test "x$withval" = "xyes" ; then | 145 | if test "x$withval" = "xyes" ; then |
146 | if test "x$openssl" = "xno" ; then | 146 | if test "x$openssl" = "xno" ; then |
@@ -469,6 +469,11 @@ AC_CHECK_HEADERS([sys/un.h], [], [], [ | |||
469 | SIA_MSG="no" | 469 | SIA_MSG="no" |
470 | SPC_MSG="no" | 470 | SPC_MSG="no" |
471 | SP_MSG="no" | 471 | SP_MSG="no" |
472 | SPP_MSG="no" | ||
473 | |||
474 | # Support for Solaris/Illumos privileges (this test is used by both | ||
475 | # the --with-solaris-privs option and --with-sandbox=solaris). | ||
476 | SOLARIS_PRIVS="no" | ||
472 | 477 | ||
473 | # Check for some target-specific stuff | 478 | # Check for some target-specific stuff |
474 | case "$host" in | 479 | case "$host" in |
@@ -575,6 +580,8 @@ case "$host" in | |||
575 | LIBS="$LIBS /usr/lib/textreadmode.o" | 580 | LIBS="$LIBS /usr/lib/textreadmode.o" |
576 | AC_DEFINE([HAVE_CYGWIN], [1], [Define if you are on Cygwin]) | 581 | AC_DEFINE([HAVE_CYGWIN], [1], [Define if you are on Cygwin]) |
577 | AC_DEFINE([USE_PIPES], [1], [Use PIPES instead of a socketpair()]) | 582 | AC_DEFINE([USE_PIPES], [1], [Use PIPES instead of a socketpair()]) |
583 | AC_DEFINE([NO_UID_RESTORATION_TEST], [1], | ||
584 | [Define to disable UID restoration test]) | ||
578 | AC_DEFINE([DISABLE_SHADOW], [1], | 585 | AC_DEFINE([DISABLE_SHADOW], [1], |
579 | [Define if you want to disable shadow passwords]) | 586 | [Define if you want to disable shadow passwords]) |
580 | AC_DEFINE([NO_X11_UNIX_SOCKETS], [1], | 587 | AC_DEFINE([NO_X11_UNIX_SOCKETS], [1], |
@@ -661,6 +668,9 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) | |||
661 | supported by bsd-setproctitle.c]) | 668 | supported by bsd-setproctitle.c]) |
662 | AC_CHECK_FUNCS([sandbox_init]) | 669 | AC_CHECK_FUNCS([sandbox_init]) |
663 | AC_CHECK_HEADERS([sandbox.h]) | 670 | AC_CHECK_HEADERS([sandbox.h]) |
671 | AC_CHECK_LIB([sandbox], [sandbox_apply], [ | ||
672 | SSHDLIBS="$SSHDLIBS -lsandbox" | ||
673 | ]) | ||
664 | ;; | 674 | ;; |
665 | *-*-dragonfly*) | 675 | *-*-dragonfly*) |
666 | SSHDLIBS="$SSHDLIBS -lcrypt" | 676 | SSHDLIBS="$SSHDLIBS -lcrypt" |
@@ -913,13 +923,16 @@ mips-sony-bsd|mips-sony-newsos4) | |||
913 | else | 923 | else |
914 | AC_MSG_RESULT([no]) | 924 | AC_MSG_RESULT([no]) |
915 | fi | 925 | fi |
926 | AC_CHECK_FUNCS([setppriv]) | ||
927 | AC_CHECK_FUNCS([priv_basicset]) | ||
928 | AC_CHECK_HEADERS([priv.h]) | ||
916 | AC_ARG_WITH([solaris-contracts], | 929 | AC_ARG_WITH([solaris-contracts], |
917 | [ --with-solaris-contracts Enable Solaris process contracts (experimental)], | 930 | [ --with-solaris-contracts Enable Solaris process contracts (experimental)], |
918 | [ | 931 | [ |
919 | AC_CHECK_LIB([contract], [ct_tmpl_activate], | 932 | AC_CHECK_LIB([contract], [ct_tmpl_activate], |
920 | [ AC_DEFINE([USE_SOLARIS_PROCESS_CONTRACTS], [1], | 933 | [ AC_DEFINE([USE_SOLARIS_PROCESS_CONTRACTS], [1], |
921 | [Define if you have Solaris process contracts]) | 934 | [Define if you have Solaris process contracts]) |
922 | SSHDLIBS="$SSHDLIBS -lcontract" | 935 | LIBS="$LIBS -lcontract" |
923 | SPC_MSG="yes" ], ) | 936 | SPC_MSG="yes" ], ) |
924 | ], | 937 | ], |
925 | ) | 938 | ) |
@@ -929,10 +942,29 @@ mips-sony-bsd|mips-sony-newsos4) | |||
929 | AC_CHECK_LIB([project], [setproject], | 942 | AC_CHECK_LIB([project], [setproject], |
930 | [ AC_DEFINE([USE_SOLARIS_PROJECTS], [1], | 943 | [ AC_DEFINE([USE_SOLARIS_PROJECTS], [1], |
931 | [Define if you have Solaris projects]) | 944 | [Define if you have Solaris projects]) |
932 | SSHDLIBS="$SSHDLIBS -lproject" | 945 | LIBS="$LIBS -lproject" |
933 | SP_MSG="yes" ], ) | 946 | SP_MSG="yes" ], ) |
934 | ], | 947 | ], |
935 | ) | 948 | ) |
949 | AC_ARG_WITH([solaris-privs], | ||
950 | [ --with-solaris-privs Enable Solaris/Illumos privileges (experimental)], | ||
951 | [ | ||
952 | AC_MSG_CHECKING([for Solaris/Illumos privilege support]) | ||
953 | if test "x$ac_cv_func_setppriv" = "xyes" -a \ | ||
954 | "x$ac_cv_header_priv_h" = "xyes" ; then | ||
955 | SOLARIS_PRIVS=yes | ||
956 | AC_MSG_RESULT([found]) | ||
957 | AC_DEFINE([NO_UID_RESTORATION_TEST], [1], | ||
958 | [Define to disable UID restoration test]) | ||
959 | AC_DEFINE([USE_SOLARIS_PRIVS], [1], | ||
960 | [Define if you have Solaris privileges]) | ||
961 | SPP_MSG="yes" | ||
962 | else | ||
963 | AC_MSG_RESULT([not found]) | ||
964 | AC_MSG_ERROR([*** must have support for Solaris privileges to use --with-solaris-privs]) | ||
965 | fi | ||
966 | ], | ||
967 | ) | ||
936 | TEST_SHELL=$SHELL # let configure find us a capable shell | 968 | TEST_SHELL=$SHELL # let configure find us a capable shell |
937 | ;; | 969 | ;; |
938 | *-*-sunos4*) | 970 | *-*-sunos4*) |
@@ -1146,7 +1178,6 @@ AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], [[ exit(0); ]])], | |||
1146 | 1178 | ||
1147 | dnl Checks for header files. | 1179 | dnl Checks for header files. |
1148 | # Checks for libraries. | 1180 | # Checks for libraries. |
1149 | AC_CHECK_FUNC([yp_match], , [AC_CHECK_LIB([nsl], [yp_match])]) | ||
1150 | AC_CHECK_FUNC([setsockopt], , [AC_CHECK_LIB([socket], [setsockopt])]) | 1181 | AC_CHECK_FUNC([setsockopt], , [AC_CHECK_LIB([socket], [setsockopt])]) |
1151 | 1182 | ||
1152 | dnl IRIX and Solaris 2.5.1 have dirname() in libgen | 1183 | dnl IRIX and Solaris 2.5.1 have dirname() in libgen |
@@ -1310,8 +1341,10 @@ AC_SEARCH_LIBS([openpty], [util bsd]) | |||
1310 | AC_SEARCH_LIBS([updwtmp], [util bsd]) | 1341 | AC_SEARCH_LIBS([updwtmp], [util bsd]) |
1311 | AC_CHECK_FUNCS([fmt_scaled scan_scaled login logout openpty updwtmp logwtmp]) | 1342 | AC_CHECK_FUNCS([fmt_scaled scan_scaled login logout openpty updwtmp logwtmp]) |
1312 | 1343 | ||
1313 | # On some platforms, inet_ntop may be found in libresolv or libnsl. | 1344 | # On some platforms, inet_ntop and gethostbyname may be found in libresolv |
1345 | # or libnsl. | ||
1314 | AC_SEARCH_LIBS([inet_ntop], [resolv nsl]) | 1346 | AC_SEARCH_LIBS([inet_ntop], [resolv nsl]) |
1347 | AC_SEARCH_LIBS([gethostbyname], [resolv nsl]) | ||
1315 | 1348 | ||
1316 | AC_FUNC_STRFTIME | 1349 | AC_FUNC_STRFTIME |
1317 | 1350 | ||
@@ -1749,6 +1782,7 @@ AC_CHECK_FUNCS([ \ | |||
1749 | nsleep \ | 1782 | nsleep \ |
1750 | ogetaddrinfo \ | 1783 | ogetaddrinfo \ |
1751 | openlog_r \ | 1784 | openlog_r \ |
1785 | pledge \ | ||
1752 | poll \ | 1786 | poll \ |
1753 | prctl \ | 1787 | prctl \ |
1754 | pstat \ | 1788 | pstat \ |
@@ -2389,10 +2423,10 @@ openssl_engine=no | |||
2389 | AC_ARG_WITH([ssl-engine], | 2423 | AC_ARG_WITH([ssl-engine], |
2390 | [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ], | 2424 | [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ], |
2391 | [ | 2425 | [ |
2392 | if test "x$openssl" = "xno" ; then | ||
2393 | AC_MSG_ERROR([cannot use --with-ssl-engine when OpenSSL disabled]) | ||
2394 | fi | ||
2395 | if test "x$withval" != "xno" ; then | 2426 | if test "x$withval" != "xno" ; then |
2427 | if test "x$openssl" = "xno" ; then | ||
2428 | AC_MSG_ERROR([cannot use --with-ssl-engine when OpenSSL disabled]) | ||
2429 | fi | ||
2396 | openssl_engine=yes | 2430 | openssl_engine=yes |
2397 | fi | 2431 | fi |
2398 | ] | 2432 | ] |
@@ -2425,6 +2459,7 @@ if test "x$openssl" = "xyes" ; then | |||
2425 | AC_MSG_CHECKING([OpenSSL header version]) | 2459 | AC_MSG_CHECKING([OpenSSL header version]) |
2426 | AC_RUN_IFELSE( | 2460 | AC_RUN_IFELSE( |
2427 | [AC_LANG_PROGRAM([[ | 2461 | [AC_LANG_PROGRAM([[ |
2462 | #include <stdlib.h> | ||
2428 | #include <stdio.h> | 2463 | #include <stdio.h> |
2429 | #include <string.h> | 2464 | #include <string.h> |
2430 | #include <openssl/opensslv.h> | 2465 | #include <openssl/opensslv.h> |
@@ -2437,7 +2472,8 @@ if test "x$openssl" = "xyes" ; then | |||
2437 | if(fd == NULL) | 2472 | if(fd == NULL) |
2438 | exit(1); | 2473 | exit(1); |
2439 | 2474 | ||
2440 | if ((rc = fprintf(fd ,"%08x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0) | 2475 | if ((rc = fprintf(fd ,"%08lx (%s)\n", |
2476 | (unsigned long)OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0) | ||
2441 | exit(1); | 2477 | exit(1); |
2442 | 2478 | ||
2443 | exit(0); | 2479 | exit(0); |
@@ -2504,6 +2540,7 @@ if test "x$openssl" = "xyes" ; then | |||
2504 | [AC_LANG_PROGRAM([[ | 2540 | [AC_LANG_PROGRAM([[ |
2505 | #include <string.h> | 2541 | #include <string.h> |
2506 | #include <openssl/opensslv.h> | 2542 | #include <openssl/opensslv.h> |
2543 | #include <openssl/crypto.h> | ||
2507 | ]], [[ | 2544 | ]], [[ |
2508 | exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); | 2545 | exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); |
2509 | ]])], | 2546 | ]])], |
@@ -3078,7 +3115,7 @@ fi | |||
3078 | # Decide which sandbox style to use | 3115 | # Decide which sandbox style to use |
3079 | sandbox_arg="" | 3116 | sandbox_arg="" |
3080 | AC_ARG_WITH([sandbox], | 3117 | AC_ARG_WITH([sandbox], |
3081 | [ --with-sandbox=style Specify privilege separation sandbox (no, darwin, rlimit, systrace, seccomp_filter, capsicum)], | 3118 | [ --with-sandbox=style Specify privilege separation sandbox (no, capsicum, darwin, rlimit, seccomp_filter, systrace, pledge)], |
3082 | [ | 3119 | [ |
3083 | if test "x$withval" = "xyes" ; then | 3120 | if test "x$withval" = "xyes" ; then |
3084 | sandbox_arg="" | 3121 | sandbox_arg="" |
@@ -3174,7 +3211,13 @@ AC_RUN_IFELSE( | |||
3174 | [AC_MSG_WARN([cross compiling: assuming yes])] | 3211 | [AC_MSG_WARN([cross compiling: assuming yes])] |
3175 | ) | 3212 | ) |
3176 | 3213 | ||
3177 | if test "x$sandbox_arg" = "xsystrace" || \ | 3214 | if test "x$sandbox_arg" = "xpledge" || \ |
3215 | ( test -z "$sandbox_arg" && test "x$ac_cv_func_pledge" = "xyes" ) ; then | ||
3216 | test "x$ac_cv_func_pledge" != "xyes" && \ | ||
3217 | AC_MSG_ERROR([pledge sandbox requires pledge(2) support]) | ||
3218 | SANDBOX_STYLE="pledge" | ||
3219 | AC_DEFINE([SANDBOX_PLEDGE], [1], [Sandbox using pledge(2)]) | ||
3220 | elif test "x$sandbox_arg" = "xsystrace" || \ | ||
3178 | ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then | 3221 | ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then |
3179 | test "x$have_systr_policy_kill" != "x1" && \ | 3222 | test "x$have_systr_policy_kill" != "x1" && \ |
3180 | AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support]) | 3223 | AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support]) |
@@ -3227,6 +3270,10 @@ elif test "x$sandbox_arg" = "xrlimit" || \ | |||
3227 | AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit]) | 3270 | AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit]) |
3228 | SANDBOX_STYLE="rlimit" | 3271 | SANDBOX_STYLE="rlimit" |
3229 | AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)]) | 3272 | AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)]) |
3273 | elif test "x$sandbox_arg" = "xsolaris" || \ | ||
3274 | ( test -z "$sandbox_arg" && test "x$SOLARIS_PRIVS" = "xyes" ) ; then | ||
3275 | SANDBOX_STYLE="solaris" | ||
3276 | AC_DEFINE([SANDBOX_SOLARIS], [1], [Sandbox using Solaris/Illumos privileges]) | ||
3230 | elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \ | 3277 | elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \ |
3231 | test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then | 3278 | test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then |
3232 | SANDBOX_STYLE="none" | 3279 | SANDBOX_STYLE="none" |
@@ -4050,7 +4097,10 @@ AC_LINK_IFELSE([AC_LANG_PROGRAM([[ | |||
4050 | #include <arpa/nameser.h> | 4097 | #include <arpa/nameser.h> |
4051 | #include <resolv.h> | 4098 | #include <resolv.h> |
4052 | extern struct __res_state _res; | 4099 | extern struct __res_state _res; |
4053 | ]], [[ ]])], | 4100 | ]], [[ |
4101 | struct __res_state *volatile p = &_res; /* force resolution of _res */ | ||
4102 | return 0; | ||
4103 | ]],)], | ||
4054 | [AC_MSG_RESULT([yes]) | 4104 | [AC_MSG_RESULT([yes]) |
4055 | AC_DEFINE([HAVE__RES_EXTERN], [1], | 4105 | AC_DEFINE([HAVE__RES_EXTERN], [1], |
4056 | [Define if you have struct __res_state _res as an extern]) | 4106 | [Define if you have struct __res_state _res as an extern]) |
@@ -5037,6 +5087,7 @@ echo " MD5 password support: $MD5_MSG" | |||
5037 | echo " libedit support: $LIBEDIT_MSG" | 5087 | echo " libedit support: $LIBEDIT_MSG" |
5038 | echo " Solaris process contract support: $SPC_MSG" | 5088 | echo " Solaris process contract support: $SPC_MSG" |
5039 | echo " Solaris project support: $SP_MSG" | 5089 | echo " Solaris project support: $SP_MSG" |
5090 | echo " Solaris privilege support: $SPP_MSG" | ||
5040 | echo " systemd support: $SYSTEMD_MSG" | 5091 | echo " systemd support: $SYSTEMD_MSG" |
5041 | echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" | 5092 | echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" |
5042 | echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" | 5093 | echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" |
diff --git a/contrib/redhat/openssh.spec b/contrib/redhat/openssh.spec index 4c55227e5..2a55f454e 100644 --- a/contrib/redhat/openssh.spec +++ b/contrib/redhat/openssh.spec | |||
@@ -1,4 +1,4 @@ | |||
1 | %define ver 7.1p2 | 1 | %define ver 7.2p1 |
2 | %define rel 1 | 2 | %define rel 1 |
3 | 3 | ||
4 | # OpenSSH privilege separation requires a user & group ID | 4 | # OpenSSH privilege separation requires a user & group ID |
@@ -89,7 +89,7 @@ Requires: initscripts >= 5.20 | |||
89 | BuildRequires: perl, openssl-devel | 89 | BuildRequires: perl, openssl-devel |
90 | BuildRequires: /bin/login | 90 | BuildRequires: /bin/login |
91 | %if ! %{build6x} | 91 | %if ! %{build6x} |
92 | BuildPreReq: glibc-devel, pam | 92 | BuildRequires: glibc-devel, pam |
93 | %else | 93 | %else |
94 | BuildRequires: /usr/include/security/pam_appl.h | 94 | BuildRequires: /usr/include/security/pam_appl.h |
95 | %endif | 95 | %endif |
@@ -184,7 +184,7 @@ CFLAGS="$RPM_OPT_FLAGS -Os"; export CFLAGS | |||
184 | %endif | 184 | %endif |
185 | 185 | ||
186 | %if %{kerberos5} | 186 | %if %{kerberos5} |
187 | K5DIR=`rpm -ql krb5-devel | grep include/krb5.h | sed 's,\/include\/krb5.h,,'` | 187 | K5DIR=`rpm -ql krb5-devel | grep 'include/krb5\.h' | sed 's,\/include\/krb5.h,,'` |
188 | echo K5DIR=$K5DIR | 188 | echo K5DIR=$K5DIR |
189 | %endif | 189 | %endif |
190 | 190 | ||
@@ -192,7 +192,6 @@ echo K5DIR=$K5DIR | |||
192 | --sysconfdir=%{_sysconfdir}/ssh \ | 192 | --sysconfdir=%{_sysconfdir}/ssh \ |
193 | --libexecdir=%{_libexecdir}/openssh \ | 193 | --libexecdir=%{_libexecdir}/openssh \ |
194 | --datadir=%{_datadir}/openssh \ | 194 | --datadir=%{_datadir}/openssh \ |
195 | --with-rsh=%{_bindir}/rsh \ | ||
196 | --with-default-path=/usr/local/bin:/bin:/usr/bin \ | 195 | --with-default-path=/usr/local/bin:/bin:/usr/bin \ |
197 | --with-superuser-path=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin \ | 196 | --with-superuser-path=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin \ |
198 | --with-privsep-path=%{_var}/empty/sshd \ | 197 | --with-privsep-path=%{_var}/empty/sshd \ |
diff --git a/contrib/ssh-copy-id b/contrib/ssh-copy-id index ae88e9958..afde8b170 100644 --- a/contrib/ssh-copy-id +++ b/contrib/ssh-copy-id | |||
@@ -56,10 +56,13 @@ then | |||
56 | fi | 56 | fi |
57 | fi | 57 | fi |
58 | 58 | ||
59 | DEFAULT_PUB_ID_FILE=$(ls -t ${HOME}/.ssh/id*.pub 2>/dev/null | grep -v -- '-cert.pub$' | head -n 1) | 59 | DEFAULT_PUB_ID_FILE="$HOME/$(cd "$HOME" ; ls -t .ssh/id*.pub 2>/dev/null | grep -v -- '-cert.pub$' | head -n 1)" |
60 | 60 | ||
61 | usage () { | 61 | usage () { |
62 | printf 'Usage: %s [-h|-?|-n] [-i [identity_file]] [-p port] [[-o <ssh -o options>] ...] [user@]hostname\n' "$0" >&2 | 62 | printf 'Usage: %s [-h|-?|-f|-n] [-i [identity_file]] [-p port] [[-o <ssh -o options>] ...] [user@]hostname\n' "$0" >&2 |
63 | printf '\t-f: force mode -- copy keys without trying to check if they are already installed\n' >&2 | ||
64 | printf '\t-n: dry run -- no keys are actually copied\n' >&2 | ||
65 | printf '\t-h|-?: print this help\n' >&2 | ||
63 | exit 1 | 66 | exit 1 |
64 | } | 67 | } |
65 | 68 | ||
@@ -77,15 +80,18 @@ use_id_file() { | |||
77 | PUB_ID_FILE="$L_ID_FILE.pub" | 80 | PUB_ID_FILE="$L_ID_FILE.pub" |
78 | fi | 81 | fi |
79 | 82 | ||
80 | PRIV_ID_FILE=$(dirname "$PUB_ID_FILE")/$(basename "$PUB_ID_FILE" .pub) | 83 | [ "$FORCED" ] || PRIV_ID_FILE=$(dirname "$PUB_ID_FILE")/$(basename "$PUB_ID_FILE" .pub) |
81 | 84 | ||
82 | # check that the files are readable | 85 | # check that the files are readable |
83 | for f in $PUB_ID_FILE $PRIV_ID_FILE ; do | 86 | for f in "$PUB_ID_FILE" ${PRIV_ID_FILE:+"$PRIV_ID_FILE"} ; do |
84 | ErrMSG=$( { : < $f ; } 2>&1 ) || { | 87 | ErrMSG=$( { : < "$f" ; } 2>&1 ) || { |
85 | printf "\n%s: ERROR: failed to open ID file '%s': %s\n\n" "$0" "$f" "$(printf "%s\n" "$ErrMSG" | sed -e 's/.*: *//')" | 88 | local L_PRIVMSG="" |
89 | [ "$f" = "$PRIV_ID_FILE" ] && L_PRIVMSG=" (to install the contents of '$PUB_ID_FILE' anyway, look at the -f option)" | ||
90 | printf "\n%s: ERROR: failed to open ID file '%s': %s\n" "$0" "$f" "$(printf "%s\n%s\n" "$ErrMSG" "$L_PRIVMSG" | sed -e 's/.*: *//')" | ||
86 | exit 1 | 91 | exit 1 |
87 | } | 92 | } |
88 | done | 93 | done |
94 | printf '%s: INFO: Source of key(s) to be installed: "%s"\n' "$0" "$PUB_ID_FILE" >&2 | ||
89 | GET_ID="cat \"$PUB_ID_FILE\"" | 95 | GET_ID="cat \"$PUB_ID_FILE\"" |
90 | } | 96 | } |
91 | 97 | ||
@@ -121,7 +127,7 @@ do | |||
121 | } | 127 | } |
122 | shift | 128 | shift |
123 | ;; | 129 | ;; |
124 | -n|-h|-\?) | 130 | -f|-n|-h|-\?) |
125 | OPT="$1" | 131 | OPT="$1" |
126 | OPTARG= | 132 | OPTARG= |
127 | shift | 133 | shift |
@@ -154,6 +160,9 @@ do | |||
154 | -o|-p) | 160 | -o|-p) |
155 | SSH_OPTS="${SSH_OPTS:+$SSH_OPTS }$OPT '$(quote "$OPTARG")'" | 161 | SSH_OPTS="${SSH_OPTS:+$SSH_OPTS }$OPT '$(quote "$OPTARG")'" |
156 | ;; | 162 | ;; |
163 | -f) | ||
164 | FORCED=1 | ||
165 | ;; | ||
157 | -n) | 166 | -n) |
158 | DRY_RUN=1 | 167 | DRY_RUN=1 |
159 | ;; | 168 | ;; |
@@ -194,27 +203,35 @@ fi | |||
194 | populate_new_ids() { | 203 | populate_new_ids() { |
195 | local L_SUCCESS="$1" | 204 | local L_SUCCESS="$1" |
196 | 205 | ||
206 | if [ "$FORCED" ] ; then | ||
207 | NEW_IDS=$(eval $GET_ID) | ||
208 | return | ||
209 | fi | ||
210 | |||
197 | # repopulate "$@" inside this function | 211 | # repopulate "$@" inside this function |
198 | eval set -- "$SSH_OPTS" | 212 | eval set -- "$SSH_OPTS" |
199 | 213 | ||
200 | umask 0177 | 214 | umask 0177 |
201 | local L_TMP_ID_FILE=$(mktemp ~/.ssh/ssh-copy-id_id.XXXXXXXXXX) | 215 | local L_TMP_ID_FILE=$(mktemp ~/.ssh/ssh-copy-id_id.XXXXXXXXXX) |
202 | if test $? -ne 0 || test "x$L_TMP_ID_FILE" = "x" ; then | 216 | if test $? -ne 0 || test "x$L_TMP_ID_FILE" = "x" ; then |
203 | echo "mktemp failed" 1>&2 | 217 | printf '%s: ERROR: mktemp failed\n' "$0" >&2 |
204 | exit 1 | 218 | exit 1 |
205 | fi | 219 | fi |
206 | trap "rm -f $L_TMP_ID_FILE ${L_TMP_ID_FILE}.pub" EXIT TERM INT QUIT | 220 | local L_CLEANUP="rm -f \"$L_TMP_ID_FILE\" \"${L_TMP_ID_FILE}.stderr\"" |
221 | trap "$L_CLEANUP" EXIT TERM INT QUIT | ||
207 | printf '%s: INFO: attempting to log in with the new key(s), to filter out any that are already installed\n' "$0" >&2 | 222 | printf '%s: INFO: attempting to log in with the new key(s), to filter out any that are already installed\n' "$0" >&2 |
208 | NEW_IDS=$( | 223 | NEW_IDS=$( |
209 | eval $GET_ID | { | 224 | eval $GET_ID | { |
210 | while read ID ; do | 225 | while read ID || [ "$ID" ] ; do |
211 | printf '%s\n' "$ID" > $L_TMP_ID_FILE | 226 | printf '%s\n' "$ID" > "$L_TMP_ID_FILE" |
212 | 227 | ||
213 | # the next line assumes $PRIV_ID_FILE only set if using a single id file - this | 228 | # the next line assumes $PRIV_ID_FILE only set if using a single id file - this |
214 | # assumption will break if we implement the possibility of multiple -i options. | 229 | # assumption will break if we implement the possibility of multiple -i options. |
215 | # The point being that if file based, ssh needs the private key, which it cannot | 230 | # The point being that if file based, ssh needs the private key, which it cannot |
216 | # find if only given the contents of the .pub file in an unrelated tmpfile | 231 | # find if only given the contents of the .pub file in an unrelated tmpfile |
217 | ssh -i "${PRIV_ID_FILE:-$L_TMP_ID_FILE}" \ | 232 | ssh -i "${PRIV_ID_FILE:-$L_TMP_ID_FILE}" \ |
233 | -o ControlPath=none \ | ||
234 | -o LogLevel=INFO \ | ||
218 | -o PreferredAuthentications=publickey \ | 235 | -o PreferredAuthentications=publickey \ |
219 | -o IdentitiesOnly=yes "$@" exit 2>$L_TMP_ID_FILE.stderr </dev/null | 236 | -o IdentitiesOnly=yes "$@" exit 2>$L_TMP_ID_FILE.stderr </dev/null |
220 | if [ "$?" = "$L_SUCCESS" ] ; then | 237 | if [ "$?" = "$L_SUCCESS" ] ; then |
@@ -230,20 +247,21 @@ populate_new_ids() { | |||
230 | done | 247 | done |
231 | } | 248 | } |
232 | ) | 249 | ) |
233 | rm -f $L_TMP_ID_FILE* && trap - EXIT TERM INT QUIT | 250 | eval "$L_CLEANUP" && trap - EXIT TERM INT QUIT |
234 | 251 | ||
235 | if expr "$NEW_IDS" : "^ERROR: " >/dev/null ; then | 252 | if expr "$NEW_IDS" : "^ERROR: " >/dev/null ; then |
236 | printf '\n%s: %s\n\n' "$0" "$NEW_IDS" >&2 | 253 | printf '\n%s: %s\n\n' "$0" "$NEW_IDS" >&2 |
237 | exit 1 | 254 | exit 1 |
238 | fi | 255 | fi |
239 | if [ -z "$NEW_IDS" ] ; then | 256 | if [ -z "$NEW_IDS" ] ; then |
240 | printf '\n%s: WARNING: All keys were skipped because they already exist on the remote system.\n\n' "$0" >&2 | 257 | printf '\n%s: WARNING: All keys were skipped because they already exist on the remote system.\n' "$0" >&2 |
258 | printf '\t\t(if you think this is a mistake, you may want to use -f option)\n\n' "$0" >&2 | ||
241 | exit 0 | 259 | exit 0 |
242 | fi | 260 | fi |
243 | printf '%s: INFO: %d key(s) remain to be installed -- if you are prompted now it is to install the new keys\n' "$0" "$(printf '%s\n' "$NEW_IDS" | wc -l)" >&2 | 261 | printf '%s: INFO: %d key(s) remain to be installed -- if you are prompted now it is to install the new keys\n' "$0" "$(printf '%s\n' "$NEW_IDS" | wc -l)" >&2 |
244 | } | 262 | } |
245 | 263 | ||
246 | REMOTE_VERSION=$(ssh -v -o PreferredAuthentications=',' "$@" 2>&1 | | 264 | REMOTE_VERSION=$(ssh -v -o PreferredAuthentications=',' -o ControlPath=none "$@" 2>&1 | |
247 | sed -ne 's/.*remote software version //p') | 265 | sed -ne 's/.*remote software version //p') |
248 | 266 | ||
249 | case "$REMOTE_VERSION" in | 267 | case "$REMOTE_VERSION" in |
@@ -269,10 +287,9 @@ case "$REMOTE_VERSION" in | |||
269 | *) | 287 | *) |
270 | # Assuming that the remote host treats ~/.ssh/authorized_keys as one might expect | 288 | # Assuming that the remote host treats ~/.ssh/authorized_keys as one might expect |
271 | populate_new_ids 0 | 289 | populate_new_ids 0 |
272 | [ "$DRY_RUN" ] || printf '%s\n' "$NEW_IDS" | ssh "$@" " | 290 | # in ssh below - to defend against quirky remote shells: use 'exec sh -c' to get POSIX; 'cd' to be at $HOME; and all on one line, because tcsh. |
273 | umask 077 ; | 291 | [ "$DRY_RUN" ] || printf '%s\n' "$NEW_IDS" | \ |
274 | mkdir -p .ssh && cat >> .ssh/authorized_keys || exit 1 ; | 292 | ssh "$@" "exec sh -c 'cd ; umask 077 ; mkdir -p .ssh && cat >> .ssh/authorized_keys || exit 1 ; if type restorecon >/dev/null 2>&1 ; then restorecon -F .ssh .ssh/authorized_keys ; fi'" \ |
275 | if type restorecon >/dev/null 2>&1 ; then restorecon -F .ssh .ssh/authorized_keys ; fi" \ | ||
276 | || exit 1 | 293 | || exit 1 |
277 | ADDED=$(printf '%s\n' "$NEW_IDS" | wc -l) | 294 | ADDED=$(printf '%s\n' "$NEW_IDS" | wc -l) |
278 | ;; | 295 | ;; |
diff --git a/contrib/ssh-copy-id.1 b/contrib/ssh-copy-id.1 index 67a59e492..8850cceda 100644 --- a/contrib/ssh-copy-id.1 +++ b/contrib/ssh-copy-id.1 | |||
@@ -29,6 +29,7 @@ THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |||
29 | .Nd use locally available keys to authorise logins on a remote machine | 29 | .Nd use locally available keys to authorise logins on a remote machine |
30 | .Sh SYNOPSIS | 30 | .Sh SYNOPSIS |
31 | .Nm | 31 | .Nm |
32 | .Op Fl f | ||
32 | .Op Fl n | 33 | .Op Fl n |
33 | .Op Fl i Op Ar identity_file | 34 | .Op Fl i Op Ar identity_file |
34 | .Op Fl p Ar port | 35 | .Op Fl p Ar port |
@@ -76,6 +77,10 @@ is used. | |||
76 | Note that this can be used to ensure that the keys copied have the | 77 | Note that this can be used to ensure that the keys copied have the |
77 | comment one prefers and/or extra options applied, by ensuring that the | 78 | comment one prefers and/or extra options applied, by ensuring that the |
78 | key file has these set as preferred before the copy is attempted. | 79 | key file has these set as preferred before the copy is attempted. |
80 | .It Fl f | ||
81 | Forced mode: doesn't check if the keys are present on the remote server. | ||
82 | This means that it does not need the private key. Of course, this can result | ||
83 | in more than one copy of the key being installed on the remote system. | ||
79 | .It Fl n | 84 | .It Fl n |
80 | do a dry-run. Instead of installing keys on the remote system simply | 85 | do a dry-run. Instead of installing keys on the remote system simply |
81 | prints the key(s) that would have been installed. | 86 | prints the key(s) that would have been installed. |
diff --git a/contrib/suse/openssh.spec b/contrib/suse/openssh.spec index 3ee526805..53264c1fb 100644 --- a/contrib/suse/openssh.spec +++ b/contrib/suse/openssh.spec | |||
@@ -13,7 +13,7 @@ | |||
13 | 13 | ||
14 | Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation | 14 | Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation |
15 | Name: openssh | 15 | Name: openssh |
16 | Version: 7.1p2 | 16 | Version: 7.2p1 |
17 | URL: http://www.openssh.com/ | 17 | URL: http://www.openssh.com/ |
18 | Release: 1 | 18 | Release: 1 |
19 | Source0: openssh-%{version}.tar.gz | 19 | Source0: openssh-%{version}.tar.gz |
diff --git a/debian/.git-dpm b/debian/.git-dpm index e7130afa6..65e3d5e54 100644 --- a/debian/.git-dpm +++ b/debian/.git-dpm | |||
@@ -1,8 +1,8 @@ | |||
1 | # see git-dpm(1) from git-dpm package | 1 | # see git-dpm(1) from git-dpm package |
2 | 003a875a474100d250b6643270ef3874da6591d8 | 2 | 85e40e87a75fb80a0bf893ac05a417d6c353537d |
3 | 003a875a474100d250b6643270ef3874da6591d8 | 3 | 85e40e87a75fb80a0bf893ac05a417d6c353537d |
4 | eeff4de96f5d7365750dc56912c2c62b5c28db6b | 4 | c52a95cc4754e6630c96fe65ae0c65eb41d2c590 |
5 | eeff4de96f5d7365750dc56912c2c62b5c28db6b | 5 | c52a95cc4754e6630c96fe65ae0c65eb41d2c590 |
6 | openssh_7.1p2.orig.tar.gz | 6 | openssh_7.2p1.orig.tar.gz |
7 | 9202f5a2a50c8a55ecfb830609df1e1fde97f758 | 7 | d30a6fd472199ab5838a7668c0c5fd885fb8d371 |
8 | 1475829 | 8 | 1499707 |
diff --git a/debian/NEWS b/debian/NEWS index 4dc9ffd92..abbfcfcd0 100644 --- a/debian/NEWS +++ b/debian/NEWS | |||
@@ -1,3 +1,16 @@ | |||
1 | openssh (1:7.2p1-1) UNRELEASED; urgency=medium | ||
2 | |||
3 | OpenSSH 7.2 disables a number of legacy cryptographic algorithms by | ||
4 | default in ssh: | ||
5 | |||
6 | * Several ciphers blowfish-cbc, cast128-cbc, all arcfour variants and the | ||
7 | rijndael-cbc aliases for AES. | ||
8 | * MD5-based and truncated HMAC algorithms. | ||
9 | |||
10 | These algorithms are already disabled by default in sshd. | ||
11 | |||
12 | -- Colin Watson <cjwatson@debian.org> Mon, 29 Feb 2016 12:37:44 +0000 | ||
13 | |||
1 | openssh (1:7.1p1-2) unstable; urgency=medium | 14 | openssh (1:7.1p1-2) unstable; urgency=medium |
2 | 15 | ||
3 | OpenSSH 7.0 disables several pieces of weak, legacy, and/or unsafe | 16 | OpenSSH 7.0 disables several pieces of weak, legacy, and/or unsafe |
diff --git a/debian/changelog b/debian/changelog index dc9c82813..234cc9191 100644 --- a/debian/changelog +++ b/debian/changelog | |||
@@ -1,6 +1,56 @@ | |||
1 | openssh (1:7.1p2-3) UNRELEASED; urgency=medium | 1 | openssh (1:7.2p1-1) UNRELEASED; urgency=medium |
2 | 2 | ||
3 | * New upstream release (http://www.openssh.com/txt/release-7.2): | ||
4 | - This release disables a number of legacy cryptographic algorithms by | ||
5 | default in ssh: | ||
6 | + Several ciphers blowfish-cbc, cast128-cbc, all arcfour variants and | ||
7 | the rijndael-cbc aliases for AES. | ||
8 | + MD5-based and truncated HMAC algorithms. | ||
9 | These algorithms are already disabled by default in sshd. | ||
10 | - ssh(1), sshd(8): Remove unfinished and unused roaming code (was | ||
11 | already forcibly disabled in OpenSSH 7.1p2). | ||
12 | - ssh(1): Eliminate fallback from untrusted X11 forwarding to trusted | ||
13 | forwarding when the X server disables the SECURITY extension. | ||
14 | - ssh(1), sshd(8): Increase the minimum modulus size supported for | ||
15 | diffie-hellman-group-exchange to 2048 bits. | ||
16 | - sshd(8): Pre-auth sandboxing is now enabled by default (previous | ||
17 | releases enabled it for new installations via sshd_config). | ||
18 | - all: Add support for RSA signatures using SHA-256/512 hash algorithms | ||
19 | based on draft-rsa-dsa-sha2-256-03.txt and draft-ssh-ext-info-04.txt. | ||
20 | - ssh(1): Add an AddKeysToAgent client option which can be set to 'yes', | ||
21 | 'no', 'ask', or 'confirm', and defaults to 'no'. When enabled, a | ||
22 | private key that is used during authentication will be added to | ||
23 | ssh-agent if it is running (with confirmation enabled if set to | ||
24 | 'confirm'). | ||
25 | - sshd(8): Add a new authorized_keys option "restrict" that includes all | ||
26 | current and future key restrictions (no-*-forwarding, etc.). Also add | ||
27 | permissive versions of the existing restrictions, e.g. "no-pty" -> | ||
28 | "pty". This simplifies the task of setting up restricted keys and | ||
29 | ensures they are maximally-restricted, regardless of any permissions | ||
30 | we might implement in the future. | ||
31 | - ssh(1): Add ssh_config CertificateFile option to explicitly list | ||
32 | certificates. | ||
33 | - ssh-keygen(1): Allow ssh-keygen to change the key comment for all | ||
34 | supported formats (closes: #811125). | ||
35 | - ssh-keygen(1): Allow fingerprinting from standard input, e.g. | ||
36 | "ssh-keygen -lf -" (closes: #509058). | ||
37 | - ssh-keygen(1): Allow fingerprinting multiple public keys in a file, | ||
38 | e.g. "ssh-keygen -lf ~/.ssh/authorized_keys". | ||
39 | - sshd(8): Support "none" as an argument for sshd_config Foreground and | ||
40 | ChrootDirectory. Useful inside Match blocks to override a global | ||
41 | default. | ||
42 | - ssh-keygen(1): Support multiple certificates (one per line) and | ||
43 | reading from standard input (using "-f -") for "ssh-keygen -L" | ||
44 | - ssh-keyscan(1): Add "ssh-keyscan -c ..." flag to allow fetching | ||
45 | certificates instead of plain keys. | ||
46 | - ssh(1): Better handle anchored FQDNs (e.g. 'cvs.openbsd.org.') in | ||
47 | hostname canonicalisation - treat them as already canonical and remove | ||
48 | the trailing '.' before matching ssh_config. | ||
49 | - sftp(1): Existing destination directories should not terminate | ||
50 | recursive uploads (regression in OpenSSH 6.8; LP: #1553378). | ||
3 | * Use HTTPS for Vcs-* URLs, and link to cgit rather than gitweb. | 51 | * Use HTTPS for Vcs-* URLs, and link to cgit rather than gitweb. |
52 | * Restore slogin symlinks for compatibility, although they were removed | ||
53 | upstream. | ||
4 | 54 | ||
5 | -- Colin Watson <cjwatson@debian.org> Wed, 27 Jan 2016 13:04:38 +0000 | 55 | -- Colin Watson <cjwatson@debian.org> Wed, 27 Jan 2016 13:04:38 +0000 |
6 | 56 | ||
diff --git a/debian/openssh-client.install b/debian/openssh-client.install index 18e529f64..fd6819a7c 100755 --- a/debian/openssh-client.install +++ b/debian/openssh-client.install | |||
@@ -4,7 +4,6 @@ etc/ssh/moduli | |||
4 | etc/ssh/ssh_config | 4 | etc/ssh/ssh_config |
5 | usr/bin/scp | 5 | usr/bin/scp |
6 | usr/bin/sftp | 6 | usr/bin/sftp |
7 | usr/bin/slogin | ||
8 | usr/bin/ssh | 7 | usr/bin/ssh |
9 | usr/bin/ssh-add | 8 | usr/bin/ssh-add |
10 | usr/bin/ssh-agent | 9 | usr/bin/ssh-agent |
@@ -14,7 +13,6 @@ usr/lib/openssh/ssh-keysign | |||
14 | usr/lib/openssh/ssh-pkcs11-helper | 13 | usr/lib/openssh/ssh-pkcs11-helper |
15 | usr/share/man/man1/scp.1 | 14 | usr/share/man/man1/scp.1 |
16 | usr/share/man/man1/sftp.1 | 15 | usr/share/man/man1/sftp.1 |
17 | usr/share/man/man1/slogin.1 | ||
18 | usr/share/man/man1/ssh-add.1 | 16 | usr/share/man/man1/ssh-add.1 |
19 | usr/share/man/man1/ssh-agent.1 | 17 | usr/share/man/man1/ssh-agent.1 |
20 | usr/share/man/man1/ssh-keygen.1 | 18 | usr/share/man/man1/ssh-keygen.1 |
diff --git a/debian/openssh-client.links b/debian/openssh-client.links new file mode 100644 index 000000000..75d798afc --- /dev/null +++ b/debian/openssh-client.links | |||
@@ -0,0 +1,2 @@ | |||
1 | usr/bin/ssh usr/bin/slogin | ||
2 | usr/share/man/man1/ssh.1 usr/share/man/man1/slogin.1 | ||
diff --git a/debian/patches/auth-log-verbosity.patch b/debian/patches/auth-log-verbosity.patch index 3635e50ad..549570c5c 100644 --- a/debian/patches/auth-log-verbosity.patch +++ b/debian/patches/auth-log-verbosity.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | From a791d607756f04e41153c2297e5f9a608daa7335 Mon Sep 17 00:00:00 2001 | 1 | From d104554289d524d6f8c97cc93a8ff5aabbfcdd6c Mon Sep 17 00:00:00 2001 |
2 | From: Colin Watson <cjwatson@debian.org> | 2 | From: Colin Watson <cjwatson@debian.org> |
3 | Date: Sun, 9 Feb 2014 16:10:02 +0000 | 3 | Date: Sun, 9 Feb 2014 16:10:02 +0000 |
4 | Subject: Quieten logs when multiple from= restrictions are used | 4 | Subject: Quieten logs when multiple from= restrictions are used |
@@ -16,7 +16,7 @@ Patch-Name: auth-log-verbosity.patch | |||
16 | 4 files changed, 32 insertions(+), 9 deletions(-) | 16 | 4 files changed, 32 insertions(+), 9 deletions(-) |
17 | 17 | ||
18 | diff --git a/auth-options.c b/auth-options.c | 18 | diff --git a/auth-options.c b/auth-options.c |
19 | index e387697..f1e3ddf 100644 | 19 | index edbaf80..bda39df 100644 |
20 | --- a/auth-options.c | 20 | --- a/auth-options.c |
21 | +++ b/auth-options.c | 21 | +++ b/auth-options.c |
22 | @@ -58,9 +58,20 @@ int forced_tun_device = -1; | 22 | @@ -58,9 +58,20 @@ int forced_tun_device = -1; |
@@ -40,7 +40,7 @@ index e387697..f1e3ddf 100644 | |||
40 | auth_clear_options(void) | 40 | auth_clear_options(void) |
41 | { | 41 | { |
42 | no_agent_forwarding_flag = 0; | 42 | no_agent_forwarding_flag = 0; |
43 | @@ -293,10 +304,13 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) | 43 | @@ -314,10 +325,13 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) |
44 | /* FALLTHROUGH */ | 44 | /* FALLTHROUGH */ |
45 | case 0: | 45 | case 0: |
46 | free(patterns); | 46 | free(patterns); |
@@ -58,7 +58,7 @@ index e387697..f1e3ddf 100644 | |||
58 | auth_debug_add("Your host '%.200s' is not " | 58 | auth_debug_add("Your host '%.200s' is not " |
59 | "permitted to use this key for login.", | 59 | "permitted to use this key for login.", |
60 | remote_host); | 60 | remote_host); |
61 | @@ -519,11 +533,14 @@ parse_option_list(struct sshbuf *oblob, struct passwd *pw, | 61 | @@ -540,11 +554,14 @@ parse_option_list(struct sshbuf *oblob, struct passwd *pw, |
62 | break; | 62 | break; |
63 | case 0: | 63 | case 0: |
64 | /* no match */ | 64 | /* no match */ |
@@ -104,10 +104,10 @@ index cbd971b..4cf2163 100644 | |||
104 | * Go though the accepted keys, looking for the current key. If | 104 | * Go though the accepted keys, looking for the current key. If |
105 | * found, perform a challenge-response dialog to verify that the | 105 | * found, perform a challenge-response dialog to verify that the |
106 | diff --git a/auth2-pubkey.c b/auth2-pubkey.c | 106 | diff --git a/auth2-pubkey.c b/auth2-pubkey.c |
107 | index 5aa319c..1eee161 100644 | 107 | index 41b34ae..aace7ca 100644 |
108 | --- a/auth2-pubkey.c | 108 | --- a/auth2-pubkey.c |
109 | +++ b/auth2-pubkey.c | 109 | +++ b/auth2-pubkey.c |
110 | @@ -561,6 +561,7 @@ process_principals(FILE *f, char *file, struct passwd *pw, | 110 | @@ -566,6 +566,7 @@ process_principals(FILE *f, char *file, struct passwd *pw, |
111 | u_long linenum = 0; | 111 | u_long linenum = 0; |
112 | u_int i; | 112 | u_int i; |
113 | 113 | ||
@@ -115,7 +115,7 @@ index 5aa319c..1eee161 100644 | |||
115 | while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) { | 115 | while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) { |
116 | /* Skip leading whitespace. */ | 116 | /* Skip leading whitespace. */ |
117 | for (cp = line; *cp == ' ' || *cp == '\t'; cp++) | 117 | for (cp = line; *cp == ' ' || *cp == '\t'; cp++) |
118 | @@ -726,6 +727,7 @@ check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw) | 118 | @@ -731,6 +732,7 @@ check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw) |
119 | found_key = 0; | 119 | found_key = 0; |
120 | 120 | ||
121 | found = NULL; | 121 | found = NULL; |
@@ -123,7 +123,7 @@ index 5aa319c..1eee161 100644 | |||
123 | while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) { | 123 | while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) { |
124 | char *cp, *key_options = NULL; | 124 | char *cp, *key_options = NULL; |
125 | if (found != NULL) | 125 | if (found != NULL) |
126 | @@ -872,6 +874,7 @@ user_cert_trusted_ca(struct passwd *pw, Key *key) | 126 | @@ -878,6 +880,7 @@ user_cert_trusted_ca(struct passwd *pw, Key *key) |
127 | if (key_cert_check_authority(key, 0, 1, | 127 | if (key_cert_check_authority(key, 0, 1, |
128 | use_authorized_principals ? NULL : pw->pw_name, &reason) != 0) | 128 | use_authorized_principals ? NULL : pw->pw_name, &reason) != 0) |
129 | goto fail_reason; | 129 | goto fail_reason; |
diff --git a/debian/patches/authorized-keys-man-symlink.patch b/debian/patches/authorized-keys-man-symlink.patch index 2b1bd05f7..5a0dcd806 100644 --- a/debian/patches/authorized-keys-man-symlink.patch +++ b/debian/patches/authorized-keys-man-symlink.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | From 9769daa27369920a909debed3ee297c32f0c3ef7 Mon Sep 17 00:00:00 2001 | 1 | From 88659ca2f10e2401f887b9dd58f6361d7bfa08e4 Mon Sep 17 00:00:00 2001 |
2 | From: Tomas Pospisek <tpo_deb@sourcepole.ch> | 2 | From: Tomas Pospisek <tpo_deb@sourcepole.ch> |
3 | Date: Sun, 9 Feb 2014 16:10:07 +0000 | 3 | Date: Sun, 9 Feb 2014 16:10:07 +0000 |
4 | Subject: Install authorized_keys(5) as a symlink to sshd(8) | 4 | Subject: Install authorized_keys(5) as a symlink to sshd(8) |
@@ -13,7 +13,7 @@ Patch-Name: authorized-keys-man-symlink.patch | |||
13 | 1 file changed, 1 insertion(+) | 13 | 1 file changed, 1 insertion(+) |
14 | 14 | ||
15 | diff --git a/Makefile.in b/Makefile.in | 15 | diff --git a/Makefile.in b/Makefile.in |
16 | index 3d2a328..915c740 100644 | 16 | index 0954c63..85cde7f 100644 |
17 | --- a/Makefile.in | 17 | --- a/Makefile.in |
18 | +++ b/Makefile.in | 18 | +++ b/Makefile.in |
19 | @@ -324,6 +324,7 @@ install-files: | 19 | @@ -324,6 +324,7 @@ install-files: |
diff --git a/debian/patches/debian-banner.patch b/debian/patches/debian-banner.patch index eceac3ccf..7f8cdb172 100644 --- a/debian/patches/debian-banner.patch +++ b/debian/patches/debian-banner.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | From 1cbbbb90ae1a4f88f8090e1fdecee007b8d360f8 Mon Sep 17 00:00:00 2001 | 1 | From 3c79e49a4fbd8e4c84f6af6f1173563bda8b273b Mon Sep 17 00:00:00 2001 |
2 | From: Kees Cook <kees@debian.org> | 2 | From: Kees Cook <kees@debian.org> |
3 | Date: Sun, 9 Feb 2014 16:10:06 +0000 | 3 | Date: Sun, 9 Feb 2014 16:10:06 +0000 |
4 | Subject: Add DebianBanner server configuration option | 4 | Subject: Add DebianBanner server configuration option |
@@ -19,7 +19,7 @@ Patch-Name: debian-banner.patch | |||
19 | 4 files changed, 18 insertions(+), 1 deletion(-) | 19 | 4 files changed, 18 insertions(+), 1 deletion(-) |
20 | 20 | ||
21 | diff --git a/servconf.c b/servconf.c | 21 | diff --git a/servconf.c b/servconf.c |
22 | index ed3a88d..a778f44 100644 | 22 | index fad7c92..8ca9695 100644 |
23 | --- a/servconf.c | 23 | --- a/servconf.c |
24 | +++ b/servconf.c | 24 | +++ b/servconf.c |
25 | @@ -171,6 +171,7 @@ initialize_server_options(ServerOptions *options) | 25 | @@ -171,6 +171,7 @@ initialize_server_options(ServerOptions *options) |
@@ -30,16 +30,16 @@ index ed3a88d..a778f44 100644 | |||
30 | } | 30 | } |
31 | 31 | ||
32 | /* Returns 1 if a string option is unset or set to "none" or 0 otherwise. */ | 32 | /* Returns 1 if a string option is unset or set to "none" or 0 otherwise. */ |
33 | @@ -347,6 +348,8 @@ fill_default_server_options(ServerOptions *options) | 33 | @@ -359,6 +360,8 @@ fill_default_server_options(ServerOptions *options) |
34 | options->fwd_opts.streamlocal_bind_unlink = 0; | 34 | options->fwd_opts.streamlocal_bind_unlink = 0; |
35 | if (options->fingerprint_hash == -1) | 35 | if (options->fingerprint_hash == -1) |
36 | options->fingerprint_hash = SSH_FP_HASH_DEFAULT; | 36 | options->fingerprint_hash = SSH_FP_HASH_DEFAULT; |
37 | + if (options->debian_banner == -1) | 37 | + if (options->debian_banner == -1) |
38 | + options->debian_banner = 1; | 38 | + options->debian_banner = 1; |
39 | 39 | ||
40 | if (kex_assemble_names(KEX_SERVER_ENCRYPT, &options->ciphers) != 0 || | 40 | assemble_algorithms(options); |
41 | kex_assemble_names(KEX_SERVER_MAC, &options->macs) != 0 || | 41 | |
42 | @@ -430,6 +433,7 @@ typedef enum { | 42 | @@ -437,6 +440,7 @@ typedef enum { |
43 | sAuthenticationMethods, sHostKeyAgent, sPermitUserRC, | 43 | sAuthenticationMethods, sHostKeyAgent, sPermitUserRC, |
44 | sStreamLocalBindMask, sStreamLocalBindUnlink, | 44 | sStreamLocalBindMask, sStreamLocalBindUnlink, |
45 | sAllowStreamLocalForwarding, sFingerprintHash, | 45 | sAllowStreamLocalForwarding, sFingerprintHash, |
@@ -47,7 +47,7 @@ index ed3a88d..a778f44 100644 | |||
47 | sDeprecated, sUnsupported | 47 | sDeprecated, sUnsupported |
48 | } ServerOpCodes; | 48 | } ServerOpCodes; |
49 | 49 | ||
50 | @@ -577,6 +581,7 @@ static struct { | 50 | @@ -588,6 +592,7 @@ static struct { |
51 | { "streamlocalbindunlink", sStreamLocalBindUnlink, SSHCFG_ALL }, | 51 | { "streamlocalbindunlink", sStreamLocalBindUnlink, SSHCFG_ALL }, |
52 | { "allowstreamlocalforwarding", sAllowStreamLocalForwarding, SSHCFG_ALL }, | 52 | { "allowstreamlocalforwarding", sAllowStreamLocalForwarding, SSHCFG_ALL }, |
53 | { "fingerprinthash", sFingerprintHash, SSHCFG_GLOBAL }, | 53 | { "fingerprinthash", sFingerprintHash, SSHCFG_GLOBAL }, |
@@ -55,7 +55,7 @@ index ed3a88d..a778f44 100644 | |||
55 | { NULL, sBadOption, 0 } | 55 | { NULL, sBadOption, 0 } |
56 | }; | 56 | }; |
57 | 57 | ||
58 | @@ -1867,6 +1872,10 @@ process_server_config_line(ServerOptions *options, char *line, | 58 | @@ -1874,6 +1879,10 @@ process_server_config_line(ServerOptions *options, char *line, |
59 | options->fingerprint_hash = value; | 59 | options->fingerprint_hash = value; |
60 | break; | 60 | break; |
61 | 61 | ||
@@ -80,10 +80,10 @@ index 778ba17..161fa37 100644 | |||
80 | 80 | ||
81 | /* Information about the incoming connection as used by Match */ | 81 | /* Information about the incoming connection as used by Match */ |
82 | diff --git a/sshd.c b/sshd.c | 82 | diff --git a/sshd.c b/sshd.c |
83 | index 189d34a..8d17521 100644 | 83 | index c762190..57ae4ad 100644 |
84 | --- a/sshd.c | 84 | --- a/sshd.c |
85 | +++ b/sshd.c | 85 | +++ b/sshd.c |
86 | @@ -443,7 +443,8 @@ sshd_exchange_identification(int sock_in, int sock_out) | 86 | @@ -442,7 +442,8 @@ sshd_exchange_identification(int sock_in, int sock_out) |
87 | } | 87 | } |
88 | 88 | ||
89 | xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s", | 89 | xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s", |
@@ -94,10 +94,10 @@ index 189d34a..8d17521 100644 | |||
94 | options.version_addendum, newline); | 94 | options.version_addendum, newline); |
95 | 95 | ||
96 | diff --git a/sshd_config.5 b/sshd_config.5 | 96 | diff --git a/sshd_config.5 b/sshd_config.5 |
97 | index c8ee35d..b149bd3 100644 | 97 | index bc79a66..b565640 100644 |
98 | --- a/sshd_config.5 | 98 | --- a/sshd_config.5 |
99 | +++ b/sshd_config.5 | 99 | +++ b/sshd_config.5 |
100 | @@ -533,6 +533,11 @@ or | 100 | @@ -534,6 +534,11 @@ or |
101 | .Dq no . | 101 | .Dq no . |
102 | The default is | 102 | The default is |
103 | .Dq delayed . | 103 | .Dq delayed . |
diff --git a/debian/patches/debian-config.patch b/debian/patches/debian-config.patch index 0a5e2cd39..24f1a77ec 100644 --- a/debian/patches/debian-config.patch +++ b/debian/patches/debian-config.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | From 003a875a474100d250b6643270ef3874da6591d8 Mon Sep 17 00:00:00 2001 | 1 | From 85e40e87a75fb80a0bf893ac05a417d6c353537d Mon Sep 17 00:00:00 2001 |
2 | From: Colin Watson <cjwatson@debian.org> | 2 | From: Colin Watson <cjwatson@debian.org> |
3 | Date: Sun, 9 Feb 2014 16:10:18 +0000 | 3 | Date: Sun, 9 Feb 2014 16:10:18 +0000 |
4 | Subject: Various Debian-specific configuration changes | 4 | Subject: Various Debian-specific configuration changes |
@@ -32,10 +32,10 @@ Patch-Name: debian-config.patch | |||
32 | 6 files changed, 72 insertions(+), 4 deletions(-) | 32 | 6 files changed, 72 insertions(+), 4 deletions(-) |
33 | 33 | ||
34 | diff --git a/readconf.c b/readconf.c | 34 | diff --git a/readconf.c b/readconf.c |
35 | index b9442fd..ee46ad6 100644 | 35 | index cc1a633..dc22360 100644 |
36 | --- a/readconf.c | 36 | --- a/readconf.c |
37 | +++ b/readconf.c | 37 | +++ b/readconf.c |
38 | @@ -1749,7 +1749,7 @@ fill_default_options(Options * options) | 38 | @@ -1797,7 +1797,7 @@ fill_default_options(Options * options) |
39 | if (options->forward_x11 == -1) | 39 | if (options->forward_x11 == -1) |
40 | options->forward_x11 = 0; | 40 | options->forward_x11 = 0; |
41 | if (options->forward_x11_trusted == -1) | 41 | if (options->forward_x11_trusted == -1) |
@@ -45,10 +45,10 @@ index b9442fd..ee46ad6 100644 | |||
45 | options->forward_x11_timeout = 1200; | 45 | options->forward_x11_timeout = 1200; |
46 | if (options->exit_on_forward_failure == -1) | 46 | if (options->exit_on_forward_failure == -1) |
47 | diff --git a/ssh.1 b/ssh.1 | 47 | diff --git a/ssh.1 b/ssh.1 |
48 | index 05b7f10..649d6c3 100644 | 48 | index 74d9655..7fb9d30 100644 |
49 | --- a/ssh.1 | 49 | --- a/ssh.1 |
50 | +++ b/ssh.1 | 50 | +++ b/ssh.1 |
51 | @@ -755,6 +755,16 @@ directive in | 51 | @@ -760,6 +760,16 @@ directive in |
52 | .Xr ssh_config 5 | 52 | .Xr ssh_config 5 |
53 | for more information. | 53 | for more information. |
54 | .Pp | 54 | .Pp |
@@ -65,7 +65,7 @@ index 05b7f10..649d6c3 100644 | |||
65 | .It Fl x | 65 | .It Fl x |
66 | Disables X11 forwarding. | 66 | Disables X11 forwarding. |
67 | .Pp | 67 | .Pp |
68 | @@ -763,6 +773,17 @@ Enables trusted X11 forwarding. | 68 | @@ -768,6 +778,17 @@ Enables trusted X11 forwarding. |
69 | Trusted X11 forwardings are not subjected to the X11 SECURITY extension | 69 | Trusted X11 forwardings are not subjected to the X11 SECURITY extension |
70 | controls. | 70 | controls. |
71 | .Pp | 71 | .Pp |
@@ -84,7 +84,7 @@ index 05b7f10..649d6c3 100644 | |||
84 | Send log information using the | 84 | Send log information using the |
85 | .Xr syslog 3 | 85 | .Xr syslog 3 |
86 | diff --git a/ssh_config b/ssh_config | 86 | diff --git a/ssh_config b/ssh_config |
87 | index 228e5ab..c9386aa 100644 | 87 | index 4e879cd..5190b06 100644 |
88 | --- a/ssh_config | 88 | --- a/ssh_config |
89 | +++ b/ssh_config | 89 | +++ b/ssh_config |
90 | @@ -17,9 +17,10 @@ | 90 | @@ -17,9 +17,10 @@ |
@@ -99,7 +99,7 @@ index 228e5ab..c9386aa 100644 | |||
99 | # RhostsRSAAuthentication no | 99 | # RhostsRSAAuthentication no |
100 | # RSAAuthentication yes | 100 | # RSAAuthentication yes |
101 | # PasswordAuthentication yes | 101 | # PasswordAuthentication yes |
102 | @@ -48,3 +49,7 @@ | 102 | @@ -50,3 +51,7 @@ |
103 | # VisualHostKey no | 103 | # VisualHostKey no |
104 | # ProxyCommand ssh -q -W %h:%p gateway.example.com | 104 | # ProxyCommand ssh -q -W %h:%p gateway.example.com |
105 | # RekeyLimit 1G 1h | 105 | # RekeyLimit 1G 1h |
@@ -108,7 +108,7 @@ index 228e5ab..c9386aa 100644 | |||
108 | + GSSAPIAuthentication yes | 108 | + GSSAPIAuthentication yes |
109 | + GSSAPIDelegateCredentials no | 109 | + GSSAPIDelegateCredentials no |
110 | diff --git a/ssh_config.5 b/ssh_config.5 | 110 | diff --git a/ssh_config.5 b/ssh_config.5 |
111 | index d4928b8..81b9b74 100644 | 111 | index 0f52d14..51765c9 100644 |
112 | --- a/ssh_config.5 | 112 | --- a/ssh_config.5 |
113 | +++ b/ssh_config.5 | 113 | +++ b/ssh_config.5 |
114 | @@ -74,6 +74,22 @@ Since the first obtained value for each parameter is used, more | 114 | @@ -74,6 +74,22 @@ Since the first obtained value for each parameter is used, more |
@@ -134,7 +134,7 @@ index d4928b8..81b9b74 100644 | |||
134 | The configuration file has the following format: | 134 | The configuration file has the following format: |
135 | .Pp | 135 | .Pp |
136 | Empty lines and lines starting with | 136 | Empty lines and lines starting with |
137 | @@ -721,7 +737,8 @@ token used for the session will be set to expire after 20 minutes. | 137 | @@ -799,7 +815,8 @@ token used for the session will be set to expire after 20 minutes. |
138 | Remote clients will be refused access after this time. | 138 | Remote clients will be refused access after this time. |
139 | .Pp | 139 | .Pp |
140 | The default is | 140 | The default is |
@@ -145,10 +145,10 @@ index d4928b8..81b9b74 100644 | |||
145 | See the X11 SECURITY extension specification for full details on | 145 | See the X11 SECURITY extension specification for full details on |
146 | the restrictions imposed on untrusted clients. | 146 | the restrictions imposed on untrusted clients. |
147 | diff --git a/sshd_config b/sshd_config | 147 | diff --git a/sshd_config b/sshd_config |
148 | index 64786c9..d8338db 100644 | 148 | index f103298..d103ac5 100644 |
149 | --- a/sshd_config | 149 | --- a/sshd_config |
150 | +++ b/sshd_config | 150 | +++ b/sshd_config |
151 | @@ -125,7 +125,7 @@ UsePrivilegeSeparation sandbox # Default for new installations. | 151 | @@ -125,7 +125,7 @@ AuthorizedKeysFile .ssh/authorized_keys |
152 | #Banner none | 152 | #Banner none |
153 | 153 | ||
154 | # override default of no subsystems | 154 | # override default of no subsystems |
@@ -158,7 +158,7 @@ index 64786c9..d8338db 100644 | |||
158 | # Example of overriding settings on a per-user basis | 158 | # Example of overriding settings on a per-user basis |
159 | #Match User anoncvs | 159 | #Match User anoncvs |
160 | diff --git a/sshd_config.5 b/sshd_config.5 | 160 | diff --git a/sshd_config.5 b/sshd_config.5 |
161 | index 0828592..0be7250 100644 | 161 | index 4d255e5..2387b51 100644 |
162 | --- a/sshd_config.5 | 162 | --- a/sshd_config.5 |
163 | +++ b/sshd_config.5 | 163 | +++ b/sshd_config.5 |
164 | @@ -57,6 +57,31 @@ Arguments may optionally be enclosed in double quotes | 164 | @@ -57,6 +57,31 @@ Arguments may optionally be enclosed in double quotes |
diff --git a/debian/patches/dnssec-sshfp.patch b/debian/patches/dnssec-sshfp.patch index 725d26e81..8b33364e4 100644 --- a/debian/patches/dnssec-sshfp.patch +++ b/debian/patches/dnssec-sshfp.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | From 54d62ce82775d6a6f556cef7b1ff61412d2d0581 Mon Sep 17 00:00:00 2001 | 1 | From 094cc9bf1c7f873542a6c8dc25d0f8e61aa23318 Mon Sep 17 00:00:00 2001 |
2 | From: Colin Watson <cjwatson@debian.org> | 2 | From: Colin Watson <cjwatson@debian.org> |
3 | Date: Sun, 9 Feb 2014 16:10:01 +0000 | 3 | Date: Sun, 9 Feb 2014 16:10:01 +0000 |
4 | Subject: Force use of DNSSEC even if "options edns0" isn't in resolv.conf | 4 | Subject: Force use of DNSSEC even if "options edns0" isn't in resolv.conf |
diff --git a/debian/patches/doc-hash-tab-completion.patch b/debian/patches/doc-hash-tab-completion.patch index 646716fe5..2b203f5dc 100644 --- a/debian/patches/doc-hash-tab-completion.patch +++ b/debian/patches/doc-hash-tab-completion.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | From 6f8b6ab94f4c4351e49598f08abc6da16fe29740 Mon Sep 17 00:00:00 2001 | 1 | From 3aede5a89ef203b53ef86435fe4af709a39379c2 Mon Sep 17 00:00:00 2001 |
2 | From: Colin Watson <cjwatson@debian.org> | 2 | From: Colin Watson <cjwatson@debian.org> |
3 | Date: Sun, 9 Feb 2014 16:10:11 +0000 | 3 | Date: Sun, 9 Feb 2014 16:10:11 +0000 |
4 | Subject: Document that HashKnownHosts may break tab-completion | 4 | Subject: Document that HashKnownHosts may break tab-completion |
@@ -13,10 +13,10 @@ Patch-Name: doc-hash-tab-completion.patch | |||
13 | 1 file changed, 3 insertions(+) | 13 | 1 file changed, 3 insertions(+) |
14 | 14 | ||
15 | diff --git a/ssh_config.5 b/ssh_config.5 | 15 | diff --git a/ssh_config.5 b/ssh_config.5 |
16 | index 1e9c058..d4928b8 100644 | 16 | index ab8f271..0f52d14 100644 |
17 | --- a/ssh_config.5 | 17 | --- a/ssh_config.5 |
18 | +++ b/ssh_config.5 | 18 | +++ b/ssh_config.5 |
19 | @@ -809,6 +809,9 @@ Note that existing names and addresses in known hosts files | 19 | @@ -883,6 +883,9 @@ Note that existing names and addresses in known hosts files |
20 | will not be converted automatically, | 20 | will not be converted automatically, |
21 | but may be manually hashed using | 21 | but may be manually hashed using |
22 | .Xr ssh-keygen 1 . | 22 | .Xr ssh-keygen 1 . |
diff --git a/debian/patches/doc-upstart.patch b/debian/patches/doc-upstart.patch index b7a072414..3266c4707 100644 --- a/debian/patches/doc-upstart.patch +++ b/debian/patches/doc-upstart.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | From 17063f049ca0f00cb455eed0852405bc9abe6213 Mon Sep 17 00:00:00 2001 | 1 | From 2c7520d8d6245868704cf01dd572cce744663173 Mon Sep 17 00:00:00 2001 |
2 | From: Colin Watson <cjwatson@ubuntu.com> | 2 | From: Colin Watson <cjwatson@ubuntu.com> |
3 | Date: Sun, 9 Feb 2014 16:10:12 +0000 | 3 | Date: Sun, 9 Feb 2014 16:10:12 +0000 |
4 | Subject: Refer to ssh's Upstart job as well as its init script | 4 | Subject: Refer to ssh's Upstart job as well as its init script |
@@ -12,7 +12,7 @@ Patch-Name: doc-upstart.patch | |||
12 | 1 file changed, 4 insertions(+), 1 deletion(-) | 12 | 1 file changed, 4 insertions(+), 1 deletion(-) |
13 | 13 | ||
14 | diff --git a/sshd.8 b/sshd.8 | 14 | diff --git a/sshd.8 b/sshd.8 |
15 | index 42ba596..17b917c 100644 | 15 | index 58eefe9..4e75567 100644 |
16 | --- a/sshd.8 | 16 | --- a/sshd.8 |
17 | +++ b/sshd.8 | 17 | +++ b/sshd.8 |
18 | @@ -67,7 +67,10 @@ over an insecure network. | 18 | @@ -67,7 +67,10 @@ over an insecure network. |
diff --git a/debian/patches/gnome-ssh-askpass2-icon.patch b/debian/patches/gnome-ssh-askpass2-icon.patch index c3b601c76..ba2c684fd 100644 --- a/debian/patches/gnome-ssh-askpass2-icon.patch +++ b/debian/patches/gnome-ssh-askpass2-icon.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | From a1913369b4abfcebec320706e561591c1ed8640c Mon Sep 17 00:00:00 2001 | 1 | From 5e5d8faea814efa9368ccec343580b6dcd440d5e Mon Sep 17 00:00:00 2001 |
2 | From: Vincent Untz <vuntz@ubuntu.com> | 2 | From: Vincent Untz <vuntz@ubuntu.com> |
3 | Date: Sun, 9 Feb 2014 16:10:16 +0000 | 3 | Date: Sun, 9 Feb 2014 16:10:16 +0000 |
4 | Subject: Give the ssh-askpass-gnome window a default icon | 4 | Subject: Give the ssh-askpass-gnome window a default icon |
diff --git a/debian/patches/gssapi.patch b/debian/patches/gssapi.patch index 8bc83cace..aa9f25848 100644 --- a/debian/patches/gssapi.patch +++ b/debian/patches/gssapi.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | From 6a0a4b2f79889c9b0d5e2478a6ee5f51be38dcc9 Mon Sep 17 00:00:00 2001 | 1 | From 374db1757fc18bd6647539b80977e6907a2cecd4 Mon Sep 17 00:00:00 2001 |
2 | From: Simon Wilkinson <simon@sxw.org.uk> | 2 | From: Simon Wilkinson <simon@sxw.org.uk> |
3 | Date: Sun, 9 Feb 2014 16:09:48 +0000 | 3 | Date: Sun, 9 Feb 2014 16:09:48 +0000 |
4 | Subject: GSSAPI key exchange support | 4 | Subject: GSSAPI key exchange support |
@@ -22,12 +22,12 @@ Last-Updated: 2016-01-04 | |||
22 | Patch-Name: gssapi.patch | 22 | Patch-Name: gssapi.patch |
23 | --- | 23 | --- |
24 | ChangeLog.gssapi | 113 +++++++++++++++++++ | 24 | ChangeLog.gssapi | 113 +++++++++++++++++++ |
25 | Makefile.in | 5 +- | 25 | Makefile.in | 3 +- |
26 | auth-krb5.c | 17 ++- | 26 | auth-krb5.c | 17 ++- |
27 | auth.c | 3 +- | 27 | auth.c | 3 +- |
28 | auth2-gss.c | 48 +++++++- | 28 | auth2-gss.c | 48 +++++++- |
29 | auth2.c | 2 + | 29 | auth2.c | 2 + |
30 | clientloop.c | 13 +++ | 30 | clientloop.c | 15 ++- |
31 | config.h.in | 6 + | 31 | config.h.in | 6 + |
32 | configure.ac | 24 ++++ | 32 | configure.ac | 24 ++++ |
33 | gss-genr.c | 275 ++++++++++++++++++++++++++++++++++++++++++++- | 33 | gss-genr.c | 275 ++++++++++++++++++++++++++++++++++++++++++++- |
@@ -47,14 +47,14 @@ Patch-Name: gssapi.patch | |||
47 | servconf.h | 2 + | 47 | servconf.h | 2 + |
48 | ssh-gss.h | 41 ++++++- | 48 | ssh-gss.h | 41 ++++++- |
49 | ssh_config | 2 + | 49 | ssh_config | 2 + |
50 | ssh_config.5 | 36 +++++- | 50 | ssh_config.5 | 32 ++++++ |
51 | sshconnect2.c | 120 +++++++++++++++++++- | 51 | sshconnect2.c | 120 +++++++++++++++++++- |
52 | sshd.c | 110 ++++++++++++++++++ | 52 | sshd.c | 110 ++++++++++++++++++ |
53 | sshd_config | 2 + | 53 | sshd_config | 2 + |
54 | sshd_config.5 | 11 ++ | 54 | sshd_config.5 | 10 ++ |
55 | sshkey.c | 3 +- | 55 | sshkey.c | 3 +- |
56 | sshkey.h | 1 + | 56 | sshkey.h | 1 + |
57 | 33 files changed, 1955 insertions(+), 47 deletions(-) | 57 | 33 files changed, 1951 insertions(+), 46 deletions(-) |
58 | create mode 100644 ChangeLog.gssapi | 58 | create mode 100644 ChangeLog.gssapi |
59 | create mode 100644 kexgssc.c | 59 | create mode 100644 kexgssc.c |
60 | create mode 100644 kexgsss.c | 60 | create mode 100644 kexgsss.c |
@@ -179,19 +179,17 @@ index 0000000..f117a33 | |||
179 | + (from jbasney AT ncsa.uiuc.edu) | 179 | + (from jbasney AT ncsa.uiuc.edu) |
180 | + <gssapi-with-mic support is Bugzilla #1008> | 180 | + <gssapi-with-mic support is Bugzilla #1008> |
181 | diff --git a/Makefile.in b/Makefile.in | 181 | diff --git a/Makefile.in b/Makefile.in |
182 | index 40cc7aa..3d2a328 100644 | 182 | index d401787..0954c63 100644 |
183 | --- a/Makefile.in | 183 | --- a/Makefile.in |
184 | +++ b/Makefile.in | 184 | +++ b/Makefile.in |
185 | @@ -91,7 +91,8 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \ | 185 | @@ -92,6 +92,7 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \ |
186 | sc25519.o ge25519.o fe25519.o ed25519.o verify.o hash.o blocks.o \ | ||
187 | kex.o kexdh.o kexgex.o kexecdh.o kexc25519.o \ | 186 | kex.o kexdh.o kexgex.o kexecdh.o kexc25519.o \ |
188 | kexdhc.o kexgexc.o kexecdhc.o kexc25519c.o \ | 187 | kexdhc.o kexgexc.o kexecdhc.o kexc25519c.o \ |
189 | - kexdhs.o kexgexs.o kexecdhs.o kexc25519s.o | 188 | kexdhs.o kexgexs.o kexecdhs.o kexc25519s.o \ |
190 | + kexdhs.o kexgexs.o kexecdhs.o kexc25519s.o \ | 189 | + kexgssc.o \ |
191 | + kexgssc.o | 190 | platform-pledge.o |
192 | 191 | ||
193 | SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \ | 192 | SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \ |
194 | sshconnect.o sshconnect1.o sshconnect2.o mux.o \ | ||
195 | @@ -105,7 +106,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \ | 193 | @@ -105,7 +106,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \ |
196 | auth-skey.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o \ | 194 | auth-skey.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o \ |
197 | auth2-none.o auth2-passwd.o auth2-pubkey.o \ | 195 | auth2-none.o auth2-passwd.o auth2-pubkey.o \ |
@@ -200,9 +198,9 @@ index 40cc7aa..3d2a328 100644 | |||
200 | + auth2-gss.o gss-serv.o gss-serv-krb5.o kexgsss.o \ | 198 | + auth2-gss.o gss-serv.o gss-serv-krb5.o kexgsss.o \ |
201 | loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \ | 199 | loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \ |
202 | sftp-server.o sftp-common.o \ | 200 | sftp-server.o sftp-common.o \ |
203 | roaming_common.o roaming_serv.o \ | 201 | sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \ |
204 | diff --git a/auth-krb5.c b/auth-krb5.c | 202 | diff --git a/auth-krb5.c b/auth-krb5.c |
205 | index 0089b18..ec47869 100644 | 203 | index d1c5a2f..f019fb1 100644 |
206 | --- a/auth-krb5.c | 204 | --- a/auth-krb5.c |
207 | +++ b/auth-krb5.c | 205 | +++ b/auth-krb5.c |
208 | @@ -183,8 +183,13 @@ auth_krb5_password(Authctxt *authctxt, const char *password) | 206 | @@ -183,8 +183,13 @@ auth_krb5_password(Authctxt *authctxt, const char *password) |
@@ -374,10 +372,10 @@ index 7177962..3f49bdc 100644 | |||
374 | #endif | 372 | #endif |
375 | &method_passwd, | 373 | &method_passwd, |
376 | diff --git a/clientloop.c b/clientloop.c | 374 | diff --git a/clientloop.c b/clientloop.c |
377 | index 87ceb3d..fba1b54 100644 | 375 | index 9820455..1567e4a 100644 |
378 | --- a/clientloop.c | 376 | --- a/clientloop.c |
379 | +++ b/clientloop.c | 377 | +++ b/clientloop.c |
380 | @@ -115,6 +115,10 @@ | 378 | @@ -114,6 +114,10 @@ |
381 | #include "ssherr.h" | 379 | #include "ssherr.h" |
382 | #include "hostfile.h" | 380 | #include "hostfile.h" |
383 | 381 | ||
@@ -388,11 +386,14 @@ index 87ceb3d..fba1b54 100644 | |||
388 | /* import options */ | 386 | /* import options */ |
389 | extern Options options; | 387 | extern Options options; |
390 | 388 | ||
391 | @@ -1610,6 +1614,15 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id) | 389 | @@ -1662,9 +1666,18 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id) |
390 | break; | ||
391 | |||
392 | /* Do channel operations unless rekeying in progress. */ | 392 | /* Do channel operations unless rekeying in progress. */ |
393 | if (!rekeying) { | 393 | - if (!ssh_packet_is_rekeying(active_state)) |
394 | + if (!ssh_packet_is_rekeying(active_state)) { | ||
394 | channel_after_select(readset, writeset); | 395 | channel_after_select(readset, writeset); |
395 | + | 396 | |
396 | +#ifdef GSSAPI | 397 | +#ifdef GSSAPI |
397 | + if (options.gss_renewal_rekey && | 398 | + if (options.gss_renewal_rekey && |
398 | + ssh_gssapi_credentials_updated(NULL)) { | 399 | + ssh_gssapi_credentials_updated(NULL)) { |
@@ -400,15 +401,16 @@ index 87ceb3d..fba1b54 100644 | |||
400 | + need_rekeying = 1; | 401 | + need_rekeying = 1; |
401 | + } | 402 | + } |
402 | +#endif | 403 | +#endif |
404 | + } | ||
403 | + | 405 | + |
404 | if (need_rekeying || packet_need_rekeying()) { | 406 | /* Buffer input from the connection. */ |
405 | debug("need rekeying"); | 407 | client_process_net_input(readset); |
406 | active_state->kex->done = 0; | 408 | |
407 | diff --git a/config.h.in b/config.h.in | 409 | diff --git a/config.h.in b/config.h.in |
408 | index 7500df5..97accd8 100644 | 410 | index 89bf1b0..621c139 100644 |
409 | --- a/config.h.in | 411 | --- a/config.h.in |
410 | +++ b/config.h.in | 412 | +++ b/config.h.in |
411 | @@ -1623,6 +1623,9 @@ | 413 | @@ -1641,6 +1641,9 @@ |
412 | /* Use btmp to log bad logins */ | 414 | /* Use btmp to log bad logins */ |
413 | #undef USE_BTMP | 415 | #undef USE_BTMP |
414 | 416 | ||
@@ -418,21 +420,21 @@ index 7500df5..97accd8 100644 | |||
418 | /* Use libedit for sftp */ | 420 | /* Use libedit for sftp */ |
419 | #undef USE_LIBEDIT | 421 | #undef USE_LIBEDIT |
420 | 422 | ||
421 | @@ -1638,6 +1641,9 @@ | 423 | @@ -1656,6 +1659,9 @@ |
422 | /* Use PIPES instead of a socketpair() */ | 424 | /* Use PIPES instead of a socketpair() */ |
423 | #undef USE_PIPES | 425 | #undef USE_PIPES |
424 | 426 | ||
425 | +/* platform has the Security Authorization Session API */ | 427 | +/* platform has the Security Authorization Session API */ |
426 | +#undef USE_SECURITY_SESSION_API | 428 | +#undef USE_SECURITY_SESSION_API |
427 | + | 429 | + |
428 | /* Define if you have Solaris process contracts */ | 430 | /* Define if you have Solaris privileges */ |
429 | #undef USE_SOLARIS_PROCESS_CONTRACTS | 431 | #undef USE_SOLARIS_PRIVS |
430 | 432 | ||
431 | diff --git a/configure.ac b/configure.ac | 433 | diff --git a/configure.ac b/configure.ac |
432 | index 9b05c30..7a25603 100644 | 434 | index 7258cc0..5f1ff74 100644 |
433 | --- a/configure.ac | 435 | --- a/configure.ac |
434 | +++ b/configure.ac | 436 | +++ b/configure.ac |
435 | @@ -625,6 +625,30 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) | 437 | @@ -632,6 +632,30 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) |
436 | [Use tunnel device compatibility to OpenBSD]) | 438 | [Use tunnel device compatibility to OpenBSD]) |
437 | AC_DEFINE([SSH_TUN_PREPEND_AF], [1], | 439 | AC_DEFINE([SSH_TUN_PREPEND_AF], [1], |
438 | [Prepend the address family to IP tunnel traffic]) | 440 | [Prepend the address family to IP tunnel traffic]) |
@@ -1212,10 +1214,10 @@ index 53993d6..2f6baf7 100644 | |||
1212 | 1214 | ||
1213 | #endif | 1215 | #endif |
1214 | diff --git a/kex.c b/kex.c | 1216 | diff --git a/kex.c b/kex.c |
1215 | index b777b7d..390bb69 100644 | 1217 | index d371f47..913e923 100644 |
1216 | --- a/kex.c | 1218 | --- a/kex.c |
1217 | +++ b/kex.c | 1219 | +++ b/kex.c |
1218 | @@ -55,6 +55,10 @@ | 1220 | @@ -54,6 +54,10 @@ |
1219 | #include "sshbuf.h" | 1221 | #include "sshbuf.h" |
1220 | #include "digest.h" | 1222 | #include "digest.h" |
1221 | 1223 | ||
@@ -1226,7 +1228,7 @@ index b777b7d..390bb69 100644 | |||
1226 | #if OPENSSL_VERSION_NUMBER >= 0x00907000L | 1228 | #if OPENSSL_VERSION_NUMBER >= 0x00907000L |
1227 | # if defined(HAVE_EVP_SHA256) | 1229 | # if defined(HAVE_EVP_SHA256) |
1228 | # define evp_ssh_sha256 EVP_sha256 | 1230 | # define evp_ssh_sha256 EVP_sha256 |
1229 | @@ -97,6 +101,14 @@ static const struct kexalg kexalgs[] = { | 1231 | @@ -109,6 +113,14 @@ static const struct kexalg kexalgs[] = { |
1230 | #endif /* HAVE_EVP_SHA256 || !WITH_OPENSSL */ | 1232 | #endif /* HAVE_EVP_SHA256 || !WITH_OPENSSL */ |
1231 | { NULL, -1, -1, -1}, | 1233 | { NULL, -1, -1, -1}, |
1232 | }; | 1234 | }; |
@@ -1241,7 +1243,7 @@ index b777b7d..390bb69 100644 | |||
1241 | 1243 | ||
1242 | char * | 1244 | char * |
1243 | kex_alg_list(char sep) | 1245 | kex_alg_list(char sep) |
1244 | @@ -129,6 +141,10 @@ kex_alg_by_name(const char *name) | 1246 | @@ -141,6 +153,10 @@ kex_alg_by_name(const char *name) |
1245 | if (strcmp(k->name, name) == 0) | 1247 | if (strcmp(k->name, name) == 0) |
1246 | return k; | 1248 | return k; |
1247 | } | 1249 | } |
@@ -1253,10 +1255,10 @@ index b777b7d..390bb69 100644 | |||
1253 | } | 1255 | } |
1254 | 1256 | ||
1255 | diff --git a/kex.h b/kex.h | 1257 | diff --git a/kex.h b/kex.h |
1256 | index d71b532..ee46815 100644 | 1258 | index 1c58966..123ef83 100644 |
1257 | --- a/kex.h | 1259 | --- a/kex.h |
1258 | +++ b/kex.h | 1260 | +++ b/kex.h |
1259 | @@ -93,6 +93,9 @@ enum kex_exchange { | 1261 | @@ -92,6 +92,9 @@ enum kex_exchange { |
1260 | KEX_DH_GEX_SHA256, | 1262 | KEX_DH_GEX_SHA256, |
1261 | KEX_ECDH_SHA2, | 1263 | KEX_ECDH_SHA2, |
1262 | KEX_C25519_SHA256, | 1264 | KEX_C25519_SHA256, |
@@ -1266,7 +1268,7 @@ index d71b532..ee46815 100644 | |||
1266 | KEX_MAX | 1268 | KEX_MAX |
1267 | }; | 1269 | }; |
1268 | 1270 | ||
1269 | @@ -139,6 +142,12 @@ struct kex { | 1271 | @@ -140,6 +143,12 @@ struct kex { |
1270 | u_int flags; | 1272 | u_int flags; |
1271 | int hash_alg; | 1273 | int hash_alg; |
1272 | int ec_nid; | 1274 | int ec_nid; |
@@ -1279,7 +1281,7 @@ index d71b532..ee46815 100644 | |||
1279 | char *client_version_string; | 1281 | char *client_version_string; |
1280 | char *server_version_string; | 1282 | char *server_version_string; |
1281 | char *failed_choice; | 1283 | char *failed_choice; |
1282 | @@ -187,6 +196,11 @@ int kexecdh_server(struct ssh *); | 1284 | @@ -190,6 +199,11 @@ int kexecdh_server(struct ssh *); |
1283 | int kexc25519_client(struct ssh *); | 1285 | int kexc25519_client(struct ssh *); |
1284 | int kexc25519_server(struct ssh *); | 1286 | int kexc25519_server(struct ssh *); |
1285 | 1287 | ||
@@ -1935,10 +1937,10 @@ index 0000000..0847469 | |||
1935 | +} | 1937 | +} |
1936 | +#endif /* GSSAPI */ | 1938 | +#endif /* GSSAPI */ |
1937 | diff --git a/monitor.c b/monitor.c | 1939 | diff --git a/monitor.c b/monitor.c |
1938 | index a914209..2658aaa 100644 | 1940 | index ac7dd30..6c82023 100644 |
1939 | --- a/monitor.c | 1941 | --- a/monitor.c |
1940 | +++ b/monitor.c | 1942 | +++ b/monitor.c |
1941 | @@ -157,6 +157,8 @@ int mm_answer_gss_setup_ctx(int, Buffer *); | 1943 | @@ -156,6 +156,8 @@ int mm_answer_gss_setup_ctx(int, Buffer *); |
1942 | int mm_answer_gss_accept_ctx(int, Buffer *); | 1944 | int mm_answer_gss_accept_ctx(int, Buffer *); |
1943 | int mm_answer_gss_userok(int, Buffer *); | 1945 | int mm_answer_gss_userok(int, Buffer *); |
1944 | int mm_answer_gss_checkmic(int, Buffer *); | 1946 | int mm_answer_gss_checkmic(int, Buffer *); |
@@ -1947,7 +1949,7 @@ index a914209..2658aaa 100644 | |||
1947 | #endif | 1949 | #endif |
1948 | 1950 | ||
1949 | #ifdef SSH_AUDIT_EVENTS | 1951 | #ifdef SSH_AUDIT_EVENTS |
1950 | @@ -234,11 +236,18 @@ struct mon_table mon_dispatch_proto20[] = { | 1952 | @@ -233,11 +235,18 @@ struct mon_table mon_dispatch_proto20[] = { |
1951 | {MONITOR_REQ_GSSSTEP, MON_ISAUTH, mm_answer_gss_accept_ctx}, | 1953 | {MONITOR_REQ_GSSSTEP, MON_ISAUTH, mm_answer_gss_accept_ctx}, |
1952 | {MONITOR_REQ_GSSUSEROK, MON_AUTH, mm_answer_gss_userok}, | 1954 | {MONITOR_REQ_GSSUSEROK, MON_AUTH, mm_answer_gss_userok}, |
1953 | {MONITOR_REQ_GSSCHECKMIC, MON_ISAUTH, mm_answer_gss_checkmic}, | 1955 | {MONITOR_REQ_GSSCHECKMIC, MON_ISAUTH, mm_answer_gss_checkmic}, |
@@ -1966,7 +1968,7 @@ index a914209..2658aaa 100644 | |||
1966 | #ifdef WITH_OPENSSL | 1968 | #ifdef WITH_OPENSSL |
1967 | {MONITOR_REQ_MODULI, 0, mm_answer_moduli}, | 1969 | {MONITOR_REQ_MODULI, 0, mm_answer_moduli}, |
1968 | #endif | 1970 | #endif |
1969 | @@ -353,6 +362,10 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor) | 1971 | @@ -352,6 +361,10 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor) |
1970 | /* Permit requests for moduli and signatures */ | 1972 | /* Permit requests for moduli and signatures */ |
1971 | monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1); | 1973 | monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1); |
1972 | monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1); | 1974 | monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1); |
@@ -1977,7 +1979,7 @@ index a914209..2658aaa 100644 | |||
1977 | } else { | 1979 | } else { |
1978 | mon_dispatch = mon_dispatch_proto15; | 1980 | mon_dispatch = mon_dispatch_proto15; |
1979 | 1981 | ||
1980 | @@ -461,6 +474,10 @@ monitor_child_postauth(struct monitor *pmonitor) | 1982 | @@ -460,6 +473,10 @@ monitor_child_postauth(struct monitor *pmonitor) |
1981 | monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1); | 1983 | monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1); |
1982 | monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1); | 1984 | monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1); |
1983 | monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1); | 1985 | monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1); |
@@ -1988,7 +1990,7 @@ index a914209..2658aaa 100644 | |||
1988 | } else { | 1990 | } else { |
1989 | mon_dispatch = mon_dispatch_postauth15; | 1991 | mon_dispatch = mon_dispatch_postauth15; |
1990 | monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1); | 1992 | monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1); |
1991 | @@ -1864,6 +1881,13 @@ monitor_apply_keystate(struct monitor *pmonitor) | 1993 | @@ -1861,6 +1878,13 @@ monitor_apply_keystate(struct monitor *pmonitor) |
1992 | # endif | 1994 | # endif |
1993 | #endif /* WITH_OPENSSL */ | 1995 | #endif /* WITH_OPENSSL */ |
1994 | kex->kex[KEX_C25519_SHA256] = kexc25519_server; | 1996 | kex->kex[KEX_C25519_SHA256] = kexc25519_server; |
@@ -2002,7 +2004,7 @@ index a914209..2658aaa 100644 | |||
2002 | kex->load_host_public_key=&get_hostkey_public_by_type; | 2004 | kex->load_host_public_key=&get_hostkey_public_by_type; |
2003 | kex->load_host_private_key=&get_hostkey_private_by_type; | 2005 | kex->load_host_private_key=&get_hostkey_private_by_type; |
2004 | kex->host_key_index=&get_hostkey_index; | 2006 | kex->host_key_index=&get_hostkey_index; |
2005 | @@ -1963,6 +1987,9 @@ mm_answer_gss_setup_ctx(int sock, Buffer *m) | 2007 | @@ -1960,6 +1984,9 @@ mm_answer_gss_setup_ctx(int sock, Buffer *m) |
2006 | OM_uint32 major; | 2008 | OM_uint32 major; |
2007 | u_int len; | 2009 | u_int len; |
2008 | 2010 | ||
@@ -2012,7 +2014,7 @@ index a914209..2658aaa 100644 | |||
2012 | goid.elements = buffer_get_string(m, &len); | 2014 | goid.elements = buffer_get_string(m, &len); |
2013 | goid.length = len; | 2015 | goid.length = len; |
2014 | 2016 | ||
2015 | @@ -1990,6 +2017,9 @@ mm_answer_gss_accept_ctx(int sock, Buffer *m) | 2017 | @@ -1987,6 +2014,9 @@ mm_answer_gss_accept_ctx(int sock, Buffer *m) |
2016 | OM_uint32 flags = 0; /* GSI needs this */ | 2018 | OM_uint32 flags = 0; /* GSI needs this */ |
2017 | u_int len; | 2019 | u_int len; |
2018 | 2020 | ||
@@ -2022,7 +2024,7 @@ index a914209..2658aaa 100644 | |||
2022 | in.value = buffer_get_string(m, &len); | 2024 | in.value = buffer_get_string(m, &len); |
2023 | in.length = len; | 2025 | in.length = len; |
2024 | major = ssh_gssapi_accept_ctx(gsscontext, &in, &out, &flags); | 2026 | major = ssh_gssapi_accept_ctx(gsscontext, &in, &out, &flags); |
2025 | @@ -2007,6 +2037,7 @@ mm_answer_gss_accept_ctx(int sock, Buffer *m) | 2027 | @@ -2004,6 +2034,7 @@ mm_answer_gss_accept_ctx(int sock, Buffer *m) |
2026 | monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 0); | 2028 | monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 0); |
2027 | monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1); | 2029 | monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1); |
2028 | monitor_permit(mon_dispatch, MONITOR_REQ_GSSCHECKMIC, 1); | 2030 | monitor_permit(mon_dispatch, MONITOR_REQ_GSSCHECKMIC, 1); |
@@ -2030,7 +2032,7 @@ index a914209..2658aaa 100644 | |||
2030 | } | 2032 | } |
2031 | return (0); | 2033 | return (0); |
2032 | } | 2034 | } |
2033 | @@ -2018,6 +2049,9 @@ mm_answer_gss_checkmic(int sock, Buffer *m) | 2035 | @@ -2015,6 +2046,9 @@ mm_answer_gss_checkmic(int sock, Buffer *m) |
2034 | OM_uint32 ret; | 2036 | OM_uint32 ret; |
2035 | u_int len; | 2037 | u_int len; |
2036 | 2038 | ||
@@ -2040,7 +2042,7 @@ index a914209..2658aaa 100644 | |||
2040 | gssbuf.value = buffer_get_string(m, &len); | 2042 | gssbuf.value = buffer_get_string(m, &len); |
2041 | gssbuf.length = len; | 2043 | gssbuf.length = len; |
2042 | mic.value = buffer_get_string(m, &len); | 2044 | mic.value = buffer_get_string(m, &len); |
2043 | @@ -2044,7 +2078,11 @@ mm_answer_gss_userok(int sock, Buffer *m) | 2045 | @@ -2041,7 +2075,11 @@ mm_answer_gss_userok(int sock, Buffer *m) |
2044 | { | 2046 | { |
2045 | int authenticated; | 2047 | int authenticated; |
2046 | 2048 | ||
@@ -2053,7 +2055,7 @@ index a914209..2658aaa 100644 | |||
2053 | 2055 | ||
2054 | buffer_clear(m); | 2056 | buffer_clear(m); |
2055 | buffer_put_int(m, authenticated); | 2057 | buffer_put_int(m, authenticated); |
2056 | @@ -2057,5 +2095,73 @@ mm_answer_gss_userok(int sock, Buffer *m) | 2058 | @@ -2054,5 +2092,73 @@ mm_answer_gss_userok(int sock, Buffer *m) |
2057 | /* Monitor loop will terminate if authenticated */ | 2059 | /* Monitor loop will terminate if authenticated */ |
2058 | return (authenticated); | 2060 | return (authenticated); |
2059 | } | 2061 | } |
@@ -2142,7 +2144,7 @@ index 93b8b66..bc50ade 100644 | |||
2142 | 2144 | ||
2143 | struct mm_master; | 2145 | struct mm_master; |
2144 | diff --git a/monitor_wrap.c b/monitor_wrap.c | 2146 | diff --git a/monitor_wrap.c b/monitor_wrap.c |
2145 | index eac421b..81ceddb 100644 | 2147 | index c5db6df..74fbd2e 100644 |
2146 | --- a/monitor_wrap.c | 2148 | --- a/monitor_wrap.c |
2147 | +++ b/monitor_wrap.c | 2149 | +++ b/monitor_wrap.c |
2148 | @@ -1068,7 +1068,7 @@ mm_ssh_gssapi_checkmic(Gssctxt *ctx, gss_buffer_t gssbuf, gss_buffer_t gssmic) | 2150 | @@ -1068,7 +1068,7 @@ mm_ssh_gssapi_checkmic(Gssctxt *ctx, gss_buffer_t gssbuf, gss_buffer_t gssmic) |
@@ -2206,7 +2208,7 @@ index eac421b..81ceddb 100644 | |||
2206 | #endif /* GSSAPI */ | 2208 | #endif /* GSSAPI */ |
2207 | 2209 | ||
2208 | diff --git a/monitor_wrap.h b/monitor_wrap.h | 2210 | diff --git a/monitor_wrap.h b/monitor_wrap.h |
2209 | index de4a08f..9758290 100644 | 2211 | index eb820ae..403f8d0 100644 |
2210 | --- a/monitor_wrap.h | 2212 | --- a/monitor_wrap.h |
2211 | +++ b/monitor_wrap.h | 2213 | +++ b/monitor_wrap.h |
2212 | @@ -58,8 +58,10 @@ BIGNUM *mm_auth_rsa_generate_challenge(Key *); | 2214 | @@ -58,8 +58,10 @@ BIGNUM *mm_auth_rsa_generate_challenge(Key *); |
@@ -2222,10 +2224,10 @@ index de4a08f..9758290 100644 | |||
2222 | 2224 | ||
2223 | #ifdef USE_PAM | 2225 | #ifdef USE_PAM |
2224 | diff --git a/readconf.c b/readconf.c | 2226 | diff --git a/readconf.c b/readconf.c |
2225 | index cd01482..56e0f44 100644 | 2227 | index 69d4553..d2a3d4b 100644 |
2226 | --- a/readconf.c | 2228 | --- a/readconf.c |
2227 | +++ b/readconf.c | 2229 | +++ b/readconf.c |
2228 | @@ -147,6 +147,8 @@ typedef enum { | 2230 | @@ -148,6 +148,8 @@ typedef enum { |
2229 | oClearAllForwardings, oNoHostAuthenticationForLocalhost, | 2231 | oClearAllForwardings, oNoHostAuthenticationForLocalhost, |
2230 | oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, | 2232 | oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, |
2231 | oAddressFamily, oGssAuthentication, oGssDelegateCreds, | 2233 | oAddressFamily, oGssAuthentication, oGssDelegateCreds, |
@@ -2234,7 +2236,7 @@ index cd01482..56e0f44 100644 | |||
2234 | oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, | 2236 | oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, |
2235 | oSendEnv, oControlPath, oControlMaster, oControlPersist, | 2237 | oSendEnv, oControlPath, oControlMaster, oControlPersist, |
2236 | oHashKnownHosts, | 2238 | oHashKnownHosts, |
2237 | @@ -192,10 +194,19 @@ static struct { | 2239 | @@ -193,10 +195,19 @@ static struct { |
2238 | { "afstokenpassing", oUnsupported }, | 2240 | { "afstokenpassing", oUnsupported }, |
2239 | #if defined(GSSAPI) | 2241 | #if defined(GSSAPI) |
2240 | { "gssapiauthentication", oGssAuthentication }, | 2242 | { "gssapiauthentication", oGssAuthentication }, |
@@ -2254,7 +2256,7 @@ index cd01482..56e0f44 100644 | |||
2254 | #endif | 2256 | #endif |
2255 | { "fallbacktorsh", oDeprecated }, | 2257 | { "fallbacktorsh", oDeprecated }, |
2256 | { "usersh", oDeprecated }, | 2258 | { "usersh", oDeprecated }, |
2257 | @@ -894,10 +905,30 @@ parse_time: | 2259 | @@ -926,10 +937,30 @@ parse_time: |
2258 | intptr = &options->gss_authentication; | 2260 | intptr = &options->gss_authentication; |
2259 | goto parse_flag; | 2261 | goto parse_flag; |
2260 | 2262 | ||
@@ -2285,7 +2287,7 @@ index cd01482..56e0f44 100644 | |||
2285 | case oBatchMode: | 2287 | case oBatchMode: |
2286 | intptr = &options->batch_mode; | 2288 | intptr = &options->batch_mode; |
2287 | goto parse_flag; | 2289 | goto parse_flag; |
2288 | @@ -1601,7 +1632,12 @@ initialize_options(Options * options) | 2290 | @@ -1648,7 +1679,12 @@ initialize_options(Options * options) |
2289 | options->pubkey_authentication = -1; | 2291 | options->pubkey_authentication = -1; |
2290 | options->challenge_response_authentication = -1; | 2292 | options->challenge_response_authentication = -1; |
2291 | options->gss_authentication = -1; | 2293 | options->gss_authentication = -1; |
@@ -2298,7 +2300,7 @@ index cd01482..56e0f44 100644 | |||
2298 | options->password_authentication = -1; | 2300 | options->password_authentication = -1; |
2299 | options->kbd_interactive_authentication = -1; | 2301 | options->kbd_interactive_authentication = -1; |
2300 | options->kbd_interactive_devices = NULL; | 2302 | options->kbd_interactive_devices = NULL; |
2301 | @@ -1729,8 +1765,14 @@ fill_default_options(Options * options) | 2303 | @@ -1777,8 +1813,14 @@ fill_default_options(Options * options) |
2302 | options->challenge_response_authentication = 1; | 2304 | options->challenge_response_authentication = 1; |
2303 | if (options->gss_authentication == -1) | 2305 | if (options->gss_authentication == -1) |
2304 | options->gss_authentication = 0; | 2306 | options->gss_authentication = 0; |
@@ -2314,7 +2316,7 @@ index cd01482..56e0f44 100644 | |||
2314 | options->password_authentication = 1; | 2316 | options->password_authentication = 1; |
2315 | if (options->kbd_interactive_authentication == -1) | 2317 | if (options->kbd_interactive_authentication == -1) |
2316 | diff --git a/readconf.h b/readconf.h | 2318 | diff --git a/readconf.h b/readconf.h |
2317 | index bb2d552..e7e80c3 100644 | 2319 | index c84d068..37a0555 100644 |
2318 | --- a/readconf.h | 2320 | --- a/readconf.h |
2319 | +++ b/readconf.h | 2321 | +++ b/readconf.h |
2320 | @@ -45,7 +45,12 @@ typedef struct { | 2322 | @@ -45,7 +45,12 @@ typedef struct { |
@@ -2331,7 +2333,7 @@ index bb2d552..e7e80c3 100644 | |||
2331 | * authentication. */ | 2333 | * authentication. */ |
2332 | int kbd_interactive_authentication; /* Try keyboard-interactive auth. */ | 2334 | int kbd_interactive_authentication; /* Try keyboard-interactive auth. */ |
2333 | diff --git a/servconf.c b/servconf.c | 2335 | diff --git a/servconf.c b/servconf.c |
2334 | index 6c7a91e..cfe7029 100644 | 2336 | index b19d30e..b8af6dd 100644 |
2335 | --- a/servconf.c | 2337 | --- a/servconf.c |
2336 | +++ b/servconf.c | 2338 | +++ b/servconf.c |
2337 | @@ -117,8 +117,10 @@ initialize_server_options(ServerOptions *options) | 2339 | @@ -117,8 +117,10 @@ initialize_server_options(ServerOptions *options) |
@@ -2345,7 +2347,7 @@ index 6c7a91e..cfe7029 100644 | |||
2345 | options->password_authentication = -1; | 2347 | options->password_authentication = -1; |
2346 | options->kbd_interactive_authentication = -1; | 2348 | options->kbd_interactive_authentication = -1; |
2347 | options->challenge_response_authentication = -1; | 2349 | options->challenge_response_authentication = -1; |
2348 | @@ -275,10 +277,14 @@ fill_default_server_options(ServerOptions *options) | 2350 | @@ -287,10 +289,14 @@ fill_default_server_options(ServerOptions *options) |
2349 | options->kerberos_get_afs_token = 0; | 2351 | options->kerberos_get_afs_token = 0; |
2350 | if (options->gss_authentication == -1) | 2352 | if (options->gss_authentication == -1) |
2351 | options->gss_authentication = 0; | 2353 | options->gss_authentication = 0; |
@@ -2361,7 +2363,7 @@ index 6c7a91e..cfe7029 100644 | |||
2361 | if (options->password_authentication == -1) | 2363 | if (options->password_authentication == -1) |
2362 | options->password_authentication = 1; | 2364 | options->password_authentication = 1; |
2363 | if (options->kbd_interactive_authentication == -1) | 2365 | if (options->kbd_interactive_authentication == -1) |
2364 | @@ -412,6 +418,7 @@ typedef enum { | 2366 | @@ -419,6 +425,7 @@ typedef enum { |
2365 | sHostKeyAlgorithms, | 2367 | sHostKeyAlgorithms, |
2366 | sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile, | 2368 | sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile, |
2367 | sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor, | 2369 | sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor, |
@@ -2369,7 +2371,7 @@ index 6c7a91e..cfe7029 100644 | |||
2369 | sAcceptEnv, sPermitTunnel, | 2371 | sAcceptEnv, sPermitTunnel, |
2370 | sMatch, sPermitOpen, sForceCommand, sChrootDirectory, | 2372 | sMatch, sPermitOpen, sForceCommand, sChrootDirectory, |
2371 | sUsePrivilegeSeparation, sAllowAgentForwarding, | 2373 | sUsePrivilegeSeparation, sAllowAgentForwarding, |
2372 | @@ -485,12 +492,20 @@ static struct { | 2374 | @@ -492,12 +499,20 @@ static struct { |
2373 | #ifdef GSSAPI | 2375 | #ifdef GSSAPI |
2374 | { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, | 2376 | { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, |
2375 | { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, | 2377 | { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, |
@@ -2390,7 +2392,7 @@ index 6c7a91e..cfe7029 100644 | |||
2390 | { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, | 2392 | { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, |
2391 | { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, | 2393 | { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, |
2392 | { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, | 2394 | { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, |
2393 | @@ -1231,6 +1246,10 @@ process_server_config_line(ServerOptions *options, char *line, | 2395 | @@ -1242,6 +1257,10 @@ process_server_config_line(ServerOptions *options, char *line, |
2394 | intptr = &options->gss_authentication; | 2396 | intptr = &options->gss_authentication; |
2395 | goto parse_flag; | 2397 | goto parse_flag; |
2396 | 2398 | ||
@@ -2401,7 +2403,7 @@ index 6c7a91e..cfe7029 100644 | |||
2401 | case sGssCleanupCreds: | 2403 | case sGssCleanupCreds: |
2402 | intptr = &options->gss_cleanup_creds; | 2404 | intptr = &options->gss_cleanup_creds; |
2403 | goto parse_flag; | 2405 | goto parse_flag; |
2404 | @@ -1239,6 +1258,10 @@ process_server_config_line(ServerOptions *options, char *line, | 2406 | @@ -1250,6 +1269,10 @@ process_server_config_line(ServerOptions *options, char *line, |
2405 | intptr = &options->gss_strict_acceptor; | 2407 | intptr = &options->gss_strict_acceptor; |
2406 | goto parse_flag; | 2408 | goto parse_flag; |
2407 | 2409 | ||
@@ -2412,7 +2414,7 @@ index 6c7a91e..cfe7029 100644 | |||
2412 | case sPasswordAuthentication: | 2414 | case sPasswordAuthentication: |
2413 | intptr = &options->password_authentication; | 2415 | intptr = &options->password_authentication; |
2414 | goto parse_flag; | 2416 | goto parse_flag; |
2415 | @@ -2246,7 +2269,10 @@ dump_config(ServerOptions *o) | 2417 | @@ -2265,7 +2288,10 @@ dump_config(ServerOptions *o) |
2416 | #endif | 2418 | #endif |
2417 | #ifdef GSSAPI | 2419 | #ifdef GSSAPI |
2418 | dump_cfg_fmtint(sGssAuthentication, o->gss_authentication); | 2420 | dump_cfg_fmtint(sGssAuthentication, o->gss_authentication); |
@@ -2542,7 +2544,7 @@ index a99d7f0..914701b 100644 | |||
2542 | 2544 | ||
2543 | #endif /* _SSH_GSS_H */ | 2545 | #endif /* _SSH_GSS_H */ |
2544 | diff --git a/ssh_config b/ssh_config | 2546 | diff --git a/ssh_config b/ssh_config |
2545 | index 03a228f..228e5ab 100644 | 2547 | index 90fb63f..4e879cd 100644 |
2546 | --- a/ssh_config | 2548 | --- a/ssh_config |
2547 | +++ b/ssh_config | 2549 | +++ b/ssh_config |
2548 | @@ -26,6 +26,8 @@ | 2550 | @@ -26,6 +26,8 @@ |
@@ -2555,19 +2557,18 @@ index 03a228f..228e5ab 100644 | |||
2555 | # CheckHostIP yes | 2557 | # CheckHostIP yes |
2556 | # AddressFamily any | 2558 | # AddressFamily any |
2557 | diff --git a/ssh_config.5 b/ssh_config.5 | 2559 | diff --git a/ssh_config.5 b/ssh_config.5 |
2558 | index a47f3ca..cac8cda 100644 | 2560 | index caf13a6..9060d5b 100644 |
2559 | --- a/ssh_config.5 | 2561 | --- a/ssh_config.5 |
2560 | +++ b/ssh_config.5 | 2562 | +++ b/ssh_config.5 |
2561 | @@ -749,11 +749,45 @@ Specifies whether user authentication based on GSSAPI is allowed. | 2563 | @@ -826,10 +826,42 @@ The default is |
2564 | Specifies whether user authentication based on GSSAPI is allowed. | ||
2562 | The default is | 2565 | The default is |
2563 | .Dq no . | 2566 | .Dq no . |
2564 | Note that this option applies to protocol version 2 only. | ||
2565 | +.It Cm GSSAPIKeyExchange | 2567 | +.It Cm GSSAPIKeyExchange |
2566 | +Specifies whether key exchange based on GSSAPI may be used. When using | 2568 | +Specifies whether key exchange based on GSSAPI may be used. When using |
2567 | +GSSAPI key exchange the server need not have a host key. | 2569 | +GSSAPI key exchange the server need not have a host key. |
2568 | +The default is | 2570 | +The default is |
2569 | +.Dq no . | 2571 | +.Dq no . |
2570 | +Note that this option applies to protocol version 2 only. | ||
2571 | +.It Cm GSSAPIClientIdentity | 2572 | +.It Cm GSSAPIClientIdentity |
2572 | +If set, specifies the GSSAPI client identity that ssh should use when | 2573 | +If set, specifies the GSSAPI client identity that ssh should use when |
2573 | +connecting to the server. The default is unset, which means that the default | 2574 | +connecting to the server. The default is unset, which means that the default |
@@ -2581,8 +2582,6 @@ index a47f3ca..cac8cda 100644 | |||
2581 | Forward (delegate) credentials to the server. | 2582 | Forward (delegate) credentials to the server. |
2582 | The default is | 2583 | The default is |
2583 | .Dq no . | 2584 | .Dq no . |
2584 | -Note that this option applies to protocol version 2 only. | ||
2585 | +Note that this option applies to protocol version 2 connections using GSSAPI. | ||
2586 | +.It Cm GSSAPIRenewalForcesRekey | 2585 | +.It Cm GSSAPIRenewalForcesRekey |
2587 | +If set to | 2586 | +If set to |
2588 | +.Dq yes | 2587 | +.Dq yes |
@@ -2601,15 +2600,14 @@ index a47f3ca..cac8cda 100644 | |||
2601 | +command line will be passed untouched to the GSSAPI library. | 2600 | +command line will be passed untouched to the GSSAPI library. |
2602 | +The default is | 2601 | +The default is |
2603 | +.Dq no . | 2602 | +.Dq no . |
2604 | +This option only applies to protocol version 2 connections using GSSAPI. | ||
2605 | .It Cm HashKnownHosts | 2603 | .It Cm HashKnownHosts |
2606 | Indicates that | 2604 | Indicates that |
2607 | .Xr ssh 1 | 2605 | .Xr ssh 1 |
2608 | diff --git a/sshconnect2.c b/sshconnect2.c | 2606 | diff --git a/sshconnect2.c b/sshconnect2.c |
2609 | index 7751031..32e9b0d 100644 | 2607 | index f79c96b..b452eae 100644 |
2610 | --- a/sshconnect2.c | 2608 | --- a/sshconnect2.c |
2611 | +++ b/sshconnect2.c | 2609 | +++ b/sshconnect2.c |
2612 | @@ -160,6 +160,11 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) | 2610 | @@ -161,6 +161,11 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) |
2613 | struct kex *kex; | 2611 | struct kex *kex; |
2614 | int r; | 2612 | int r; |
2615 | 2613 | ||
@@ -2621,7 +2619,7 @@ index 7751031..32e9b0d 100644 | |||
2621 | xxx_host = host; | 2619 | xxx_host = host; |
2622 | xxx_hostaddr = hostaddr; | 2620 | xxx_hostaddr = hostaddr; |
2623 | 2621 | ||
2624 | @@ -193,6 +198,33 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) | 2622 | @@ -195,6 +200,33 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) |
2625 | order_hostkeyalgs(host, hostaddr, port)); | 2623 | order_hostkeyalgs(host, hostaddr, port)); |
2626 | } | 2624 | } |
2627 | 2625 | ||
@@ -2655,7 +2653,7 @@ index 7751031..32e9b0d 100644 | |||
2655 | if (options.rekey_limit || options.rekey_interval) | 2653 | if (options.rekey_limit || options.rekey_interval) |
2656 | packet_set_rekey_limits((u_int32_t)options.rekey_limit, | 2654 | packet_set_rekey_limits((u_int32_t)options.rekey_limit, |
2657 | (time_t)options.rekey_interval); | 2655 | (time_t)options.rekey_interval); |
2658 | @@ -211,10 +243,30 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) | 2656 | @@ -213,10 +245,30 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) |
2659 | # endif | 2657 | # endif |
2660 | #endif | 2658 | #endif |
2661 | kex->kex[KEX_C25519_SHA256] = kexc25519_client; | 2659 | kex->kex[KEX_C25519_SHA256] = kexc25519_client; |
@@ -2685,8 +2683,8 @@ index 7751031..32e9b0d 100644 | |||
2685 | + | 2683 | + |
2686 | dispatch_run(DISPATCH_BLOCK, &kex->done, active_state); | 2684 | dispatch_run(DISPATCH_BLOCK, &kex->done, active_state); |
2687 | 2685 | ||
2688 | if (options.use_roaming && !kex->roaming) { | 2686 | /* remove ext-info from the KEX proposals for rekeying */ |
2689 | @@ -306,6 +358,7 @@ int input_gssapi_token(int type, u_int32_t, void *); | 2687 | @@ -311,6 +363,7 @@ int input_gssapi_token(int type, u_int32_t, void *); |
2690 | int input_gssapi_hash(int type, u_int32_t, void *); | 2688 | int input_gssapi_hash(int type, u_int32_t, void *); |
2691 | int input_gssapi_error(int, u_int32_t, void *); | 2689 | int input_gssapi_error(int, u_int32_t, void *); |
2692 | int input_gssapi_errtok(int, u_int32_t, void *); | 2690 | int input_gssapi_errtok(int, u_int32_t, void *); |
@@ -2694,7 +2692,7 @@ index 7751031..32e9b0d 100644 | |||
2694 | #endif | 2692 | #endif |
2695 | 2693 | ||
2696 | void userauth(Authctxt *, char *); | 2694 | void userauth(Authctxt *, char *); |
2697 | @@ -321,6 +374,11 @@ static char *authmethods_get(void); | 2695 | @@ -326,6 +379,11 @@ static char *authmethods_get(void); |
2698 | 2696 | ||
2699 | Authmethod authmethods[] = { | 2697 | Authmethod authmethods[] = { |
2700 | #ifdef GSSAPI | 2698 | #ifdef GSSAPI |
@@ -2706,7 +2704,7 @@ index 7751031..32e9b0d 100644 | |||
2706 | {"gssapi-with-mic", | 2704 | {"gssapi-with-mic", |
2707 | userauth_gssapi, | 2705 | userauth_gssapi, |
2708 | NULL, | 2706 | NULL, |
2709 | @@ -627,19 +685,31 @@ userauth_gssapi(Authctxt *authctxt) | 2707 | @@ -656,19 +714,31 @@ userauth_gssapi(Authctxt *authctxt) |
2710 | static u_int mech = 0; | 2708 | static u_int mech = 0; |
2711 | OM_uint32 min; | 2709 | OM_uint32 min; |
2712 | int ok = 0; | 2710 | int ok = 0; |
@@ -2740,7 +2738,7 @@ index 7751031..32e9b0d 100644 | |||
2740 | ok = 1; /* Mechanism works */ | 2738 | ok = 1; /* Mechanism works */ |
2741 | } else { | 2739 | } else { |
2742 | mech++; | 2740 | mech++; |
2743 | @@ -736,8 +806,8 @@ input_gssapi_response(int type, u_int32_t plen, void *ctxt) | 2741 | @@ -765,8 +835,8 @@ input_gssapi_response(int type, u_int32_t plen, void *ctxt) |
2744 | { | 2742 | { |
2745 | Authctxt *authctxt = ctxt; | 2743 | Authctxt *authctxt = ctxt; |
2746 | Gssctxt *gssctxt; | 2744 | Gssctxt *gssctxt; |
@@ -2751,7 +2749,7 @@ index 7751031..32e9b0d 100644 | |||
2751 | 2749 | ||
2752 | if (authctxt == NULL) | 2750 | if (authctxt == NULL) |
2753 | fatal("input_gssapi_response: no authentication context"); | 2751 | fatal("input_gssapi_response: no authentication context"); |
2754 | @@ -850,6 +920,48 @@ input_gssapi_error(int type, u_int32_t plen, void *ctxt) | 2752 | @@ -879,6 +949,48 @@ input_gssapi_error(int type, u_int32_t plen, void *ctxt) |
2755 | free(lang); | 2753 | free(lang); |
2756 | return 0; | 2754 | return 0; |
2757 | } | 2755 | } |
@@ -2801,10 +2799,10 @@ index 7751031..32e9b0d 100644 | |||
2801 | 2799 | ||
2802 | int | 2800 | int |
2803 | diff --git a/sshd.c b/sshd.c | 2801 | diff --git a/sshd.c b/sshd.c |
2804 | index 43d4650..d659a68 100644 | 2802 | index 430569c..5cd9129 100644 |
2805 | --- a/sshd.c | 2803 | --- a/sshd.c |
2806 | +++ b/sshd.c | 2804 | +++ b/sshd.c |
2807 | @@ -126,6 +126,10 @@ | 2805 | @@ -125,6 +125,10 @@ |
2808 | #include "version.h" | 2806 | #include "version.h" |
2809 | #include "ssherr.h" | 2807 | #include "ssherr.h" |
2810 | 2808 | ||
@@ -2890,7 +2888,7 @@ index 43d4650..d659a68 100644 | |||
2890 | /* | 2888 | /* |
2891 | * We don't want to listen forever unless the other side | 2889 | * We don't want to listen forever unless the other side |
2892 | * successfully authenticates itself. So we set up an alarm which is | 2890 | * successfully authenticates itself. So we set up an alarm which is |
2893 | @@ -2569,6 +2630,48 @@ do_ssh2_kex(void) | 2891 | @@ -2571,6 +2632,48 @@ do_ssh2_kex(void) |
2894 | myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal( | 2892 | myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal( |
2895 | list_hostkey_types()); | 2893 | list_hostkey_types()); |
2896 | 2894 | ||
@@ -2939,7 +2937,7 @@ index 43d4650..d659a68 100644 | |||
2939 | /* start key exchange */ | 2937 | /* start key exchange */ |
2940 | if ((r = kex_setup(active_state, myproposal)) != 0) | 2938 | if ((r = kex_setup(active_state, myproposal)) != 0) |
2941 | fatal("kex_setup: %s", ssh_err(r)); | 2939 | fatal("kex_setup: %s", ssh_err(r)); |
2942 | @@ -2583,6 +2686,13 @@ do_ssh2_kex(void) | 2940 | @@ -2585,6 +2688,13 @@ do_ssh2_kex(void) |
2943 | # endif | 2941 | # endif |
2944 | #endif | 2942 | #endif |
2945 | kex->kex[KEX_C25519_SHA256] = kexc25519_server; | 2943 | kex->kex[KEX_C25519_SHA256] = kexc25519_server; |
@@ -2954,7 +2952,7 @@ index 43d4650..d659a68 100644 | |||
2954 | kex->client_version_string=client_version_string; | 2952 | kex->client_version_string=client_version_string; |
2955 | kex->server_version_string=server_version_string; | 2953 | kex->server_version_string=server_version_string; |
2956 | diff --git a/sshd_config b/sshd_config | 2954 | diff --git a/sshd_config b/sshd_config |
2957 | index 4d77f05..64786c9 100644 | 2955 | index a848d73..f103298 100644 |
2958 | --- a/sshd_config | 2956 | --- a/sshd_config |
2959 | +++ b/sshd_config | 2957 | +++ b/sshd_config |
2960 | @@ -84,6 +84,8 @@ AuthorizedKeysFile .ssh/authorized_keys | 2958 | @@ -84,6 +84,8 @@ AuthorizedKeysFile .ssh/authorized_keys |
@@ -2967,23 +2965,22 @@ index 4d77f05..64786c9 100644 | |||
2967 | # Set this to 'yes' to enable PAM authentication, account processing, | 2965 | # Set this to 'yes' to enable PAM authentication, account processing, |
2968 | # and session processing. If this is enabled, PAM authentication will | 2966 | # and session processing. If this is enabled, PAM authentication will |
2969 | diff --git a/sshd_config.5 b/sshd_config.5 | 2967 | diff --git a/sshd_config.5 b/sshd_config.5 |
2970 | index b18d340..5491c89 100644 | 2968 | index a37a3ac..c6d6858 100644 |
2971 | --- a/sshd_config.5 | 2969 | --- a/sshd_config.5 |
2972 | +++ b/sshd_config.5 | 2970 | +++ b/sshd_config.5 |
2973 | @@ -621,6 +621,12 @@ Specifies whether user authentication based on GSSAPI is allowed. | 2971 | @@ -623,6 +623,11 @@ The default is |
2972 | Specifies whether user authentication based on GSSAPI is allowed. | ||
2974 | The default is | 2973 | The default is |
2975 | .Dq no . | 2974 | .Dq no . |
2976 | Note that this option applies to protocol version 2 only. | ||
2977 | +.It Cm GSSAPIKeyExchange | 2975 | +.It Cm GSSAPIKeyExchange |
2978 | +Specifies whether key exchange based on GSSAPI is allowed. GSSAPI key exchange | 2976 | +Specifies whether key exchange based on GSSAPI is allowed. GSSAPI key exchange |
2979 | +doesn't rely on ssh keys to verify host identity. | 2977 | +doesn't rely on ssh keys to verify host identity. |
2980 | +The default is | 2978 | +The default is |
2981 | +.Dq no . | 2979 | +.Dq no . |
2982 | +Note that this option applies to protocol version 2 only. | ||
2983 | .It Cm GSSAPICleanupCredentials | 2980 | .It Cm GSSAPICleanupCredentials |
2984 | Specifies whether to automatically destroy the user's credentials cache | 2981 | Specifies whether to automatically destroy the user's credentials cache |
2985 | on logout. | 2982 | on logout. |
2986 | @@ -642,6 +648,11 @@ machine's default store. | 2983 | @@ -643,6 +648,11 @@ machine's default store. |
2987 | This facility is provided to assist with operation on multi homed machines. | 2984 | This facility is provided to assist with operation on multi homed machines. |
2988 | The default is | 2985 | The default is |
2989 | .Dq yes . | 2986 | .Dq yes . |
@@ -2996,28 +2993,28 @@ index b18d340..5491c89 100644 | |||
2996 | Specifies the key types that will be accepted for hostbased authentication | 2993 | Specifies the key types that will be accepted for hostbased authentication |
2997 | as a comma-separated pattern list. | 2994 | as a comma-separated pattern list. |
2998 | diff --git a/sshkey.c b/sshkey.c | 2995 | diff --git a/sshkey.c b/sshkey.c |
2999 | index 32dd8f2..5368e7c 100644 | 2996 | index 87b093e..e595b11 100644 |
3000 | --- a/sshkey.c | 2997 | --- a/sshkey.c |
3001 | +++ b/sshkey.c | 2998 | +++ b/sshkey.c |
3002 | @@ -112,6 +112,7 @@ static const struct keytype keytypes[] = { | 2999 | @@ -115,6 +115,7 @@ static const struct keytype keytypes[] = { |
3003 | # endif /* OPENSSL_HAS_NISTP521 */ | 3000 | # endif /* OPENSSL_HAS_NISTP521 */ |
3004 | # endif /* OPENSSL_HAS_ECC */ | 3001 | # endif /* OPENSSL_HAS_ECC */ |
3005 | #endif /* WITH_OPENSSL */ | 3002 | #endif /* WITH_OPENSSL */ |
3006 | + { "null", "null", KEY_NULL, 0, 0 }, | 3003 | + { "null", "null", KEY_NULL, 0, 0, 0 }, |
3007 | { NULL, NULL, -1, -1, 0 } | 3004 | { NULL, NULL, -1, -1, 0, 0 } |
3008 | }; | 3005 | }; |
3009 | 3006 | ||
3010 | @@ -200,7 +201,7 @@ key_alg_list(int certs_only, int plain_only) | 3007 | @@ -203,7 +204,7 @@ key_alg_list(int certs_only, int plain_only) |
3011 | const struct keytype *kt; | 3008 | const struct keytype *kt; |
3012 | 3009 | ||
3013 | for (kt = keytypes; kt->type != -1; kt++) { | 3010 | for (kt = keytypes; kt->type != -1; kt++) { |
3014 | - if (kt->name == NULL) | 3011 | - if (kt->name == NULL || kt->sigonly) |
3015 | + if (kt->name == NULL || kt->type == KEY_NULL) | 3012 | + if (kt->name == NULL || kt->sigonly || kt->type == KEY_NULL) |
3016 | continue; | 3013 | continue; |
3017 | if ((certs_only && !kt->cert) || (plain_only && kt->cert)) | 3014 | if ((certs_only && !kt->cert) || (plain_only && kt->cert)) |
3018 | continue; | 3015 | continue; |
3019 | diff --git a/sshkey.h b/sshkey.h | 3016 | diff --git a/sshkey.h b/sshkey.h |
3020 | index c8d3cdd..5cf4e5d 100644 | 3017 | index a20a14f..2259cbb 100644 |
3021 | --- a/sshkey.h | 3018 | --- a/sshkey.h |
3022 | +++ b/sshkey.h | 3019 | +++ b/sshkey.h |
3023 | @@ -62,6 +62,7 @@ enum sshkey_types { | 3020 | @@ -62,6 +62,7 @@ enum sshkey_types { |
diff --git a/debian/patches/helpful-wait-terminate.patch b/debian/patches/helpful-wait-terminate.patch index a19fe6c6d..935235b27 100644 --- a/debian/patches/helpful-wait-terminate.patch +++ b/debian/patches/helpful-wait-terminate.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | From 0a3d1df1344642161b1ee001a3885a1ee8ebc03b Mon Sep 17 00:00:00 2001 | 1 | From 5c2c0e042d57cee75528686f47b4c47db434ad8b Mon Sep 17 00:00:00 2001 |
2 | From: Matthew Vernon <matthew@debian.org> | 2 | From: Matthew Vernon <matthew@debian.org> |
3 | Date: Sun, 9 Feb 2014 16:09:56 +0000 | 3 | Date: Sun, 9 Feb 2014 16:09:56 +0000 |
4 | Subject: Mention ~& when waiting for forwarded connections to terminate | 4 | Subject: Mention ~& when waiting for forwarded connections to terminate |
@@ -12,10 +12,10 @@ Patch-Name: helpful-wait-terminate.patch | |||
12 | 1 file changed, 1 insertion(+), 1 deletion(-) | 12 | 1 file changed, 1 insertion(+), 1 deletion(-) |
13 | 13 | ||
14 | diff --git a/serverloop.c b/serverloop.c | 14 | diff --git a/serverloop.c b/serverloop.c |
15 | index 306ac36..68f0251 100644 | 15 | index 80d1db5..830f885 100644 |
16 | --- a/serverloop.c | 16 | --- a/serverloop.c |
17 | +++ b/serverloop.c | 17 | +++ b/serverloop.c |
18 | @@ -687,7 +687,7 @@ server_loop(pid_t pid, int fdin_arg, int fdout_arg, int fderr_arg) | 18 | @@ -683,7 +683,7 @@ server_loop(pid_t pid, int fdin_arg, int fdout_arg, int fderr_arg) |
19 | if (!channel_still_open()) | 19 | if (!channel_still_open()) |
20 | break; | 20 | break; |
21 | if (!waiting_termination) { | 21 | if (!waiting_termination) { |
diff --git a/debian/patches/keepalive-extensions.patch b/debian/patches/keepalive-extensions.patch index 9b5d38271..de0f73c59 100644 --- a/debian/patches/keepalive-extensions.patch +++ b/debian/patches/keepalive-extensions.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | From ea47a6eba9fce31a1b4cd909b7ba19541c9d9c9b Mon Sep 17 00:00:00 2001 | 1 | From a9c7a3f8b035fe820fd32283460b1a28e696d2fe Mon Sep 17 00:00:00 2001 |
2 | From: Richard Kettlewell <rjk@greenend.org.uk> | 2 | From: Richard Kettlewell <rjk@greenend.org.uk> |
3 | Date: Sun, 9 Feb 2014 16:09:52 +0000 | 3 | Date: Sun, 9 Feb 2014 16:09:52 +0000 |
4 | Subject: Various keepalive extensions | 4 | Subject: Various keepalive extensions |
@@ -26,10 +26,10 @@ Patch-Name: keepalive-extensions.patch | |||
26 | 3 files changed, 34 insertions(+), 4 deletions(-) | 26 | 3 files changed, 34 insertions(+), 4 deletions(-) |
27 | 27 | ||
28 | diff --git a/readconf.c b/readconf.c | 28 | diff --git a/readconf.c b/readconf.c |
29 | index 831072f..83582e3 100644 | 29 | index 559e4c7..fde6b41 100644 |
30 | --- a/readconf.c | 30 | --- a/readconf.c |
31 | +++ b/readconf.c | 31 | +++ b/readconf.c |
32 | @@ -160,6 +160,7 @@ typedef enum { | 32 | @@ -161,6 +161,7 @@ typedef enum { |
33 | oStreamLocalBindMask, oStreamLocalBindUnlink, oRevokedHostKeys, | 33 | oStreamLocalBindMask, oStreamLocalBindUnlink, oRevokedHostKeys, |
34 | oFingerprintHash, oUpdateHostkeys, oHostbasedKeyTypes, | 34 | oFingerprintHash, oUpdateHostkeys, oHostbasedKeyTypes, |
35 | oPubkeyAcceptedKeyTypes, | 35 | oPubkeyAcceptedKeyTypes, |
@@ -37,7 +37,7 @@ index 831072f..83582e3 100644 | |||
37 | oIgnoredUnknownOption, oDeprecated, oUnsupported | 37 | oIgnoredUnknownOption, oDeprecated, oUnsupported |
38 | } OpCodes; | 38 | } OpCodes; |
39 | 39 | ||
40 | @@ -290,6 +291,8 @@ static struct { | 40 | @@ -293,6 +294,8 @@ static struct { |
41 | { "hostbasedkeytypes", oHostbasedKeyTypes }, | 41 | { "hostbasedkeytypes", oHostbasedKeyTypes }, |
42 | { "pubkeyacceptedkeytypes", oPubkeyAcceptedKeyTypes }, | 42 | { "pubkeyacceptedkeytypes", oPubkeyAcceptedKeyTypes }, |
43 | { "ignoreunknown", oIgnoreUnknown }, | 43 | { "ignoreunknown", oIgnoreUnknown }, |
@@ -46,7 +46,7 @@ index 831072f..83582e3 100644 | |||
46 | 46 | ||
47 | { NULL, oBadOption } | 47 | { NULL, oBadOption } |
48 | }; | 48 | }; |
49 | @@ -1304,6 +1307,8 @@ parse_keytypes: | 49 | @@ -1350,6 +1353,8 @@ parse_keytypes: |
50 | goto parse_flag; | 50 | goto parse_flag; |
51 | 51 | ||
52 | case oServerAliveInterval: | 52 | case oServerAliveInterval: |
@@ -55,7 +55,7 @@ index 831072f..83582e3 100644 | |||
55 | intptr = &options->server_alive_interval; | 55 | intptr = &options->server_alive_interval; |
56 | goto parse_time; | 56 | goto parse_time; |
57 | 57 | ||
58 | @@ -1856,8 +1861,13 @@ fill_default_options(Options * options) | 58 | @@ -1906,8 +1911,13 @@ fill_default_options(Options * options) |
59 | options->rekey_interval = 0; | 59 | options->rekey_interval = 0; |
60 | if (options->verify_host_key_dns == -1) | 60 | if (options->verify_host_key_dns == -1) |
61 | options->verify_host_key_dns = 0; | 61 | options->verify_host_key_dns = 0; |
@@ -72,10 +72,10 @@ index 831072f..83582e3 100644 | |||
72 | options->server_alive_count_max = 3; | 72 | options->server_alive_count_max = 3; |
73 | if (options->control_master == -1) | 73 | if (options->control_master == -1) |
74 | diff --git a/ssh_config.5 b/ssh_config.5 | 74 | diff --git a/ssh_config.5 b/ssh_config.5 |
75 | index cac8cda..78e918a 100644 | 75 | index 9060d5b..bbf638b 100644 |
76 | --- a/ssh_config.5 | 76 | --- a/ssh_config.5 |
77 | +++ b/ssh_config.5 | 77 | +++ b/ssh_config.5 |
78 | @@ -233,8 +233,12 @@ Valid arguments are | 78 | @@ -268,8 +268,12 @@ The default is |
79 | If set to | 79 | If set to |
80 | .Dq yes , | 80 | .Dq yes , |
81 | passphrase/password querying will be disabled. | 81 | passphrase/password querying will be disabled. |
@@ -89,7 +89,7 @@ index cac8cda..78e918a 100644 | |||
89 | The argument must be | 89 | The argument must be |
90 | .Dq yes | 90 | .Dq yes |
91 | or | 91 | or |
92 | @@ -1476,8 +1480,15 @@ from the server, | 92 | @@ -1551,7 +1555,14 @@ from the server, |
93 | will send a message through the encrypted | 93 | will send a message through the encrypted |
94 | channel to request a response from the server. | 94 | channel to request a response from the server. |
95 | The default | 95 | The default |
@@ -98,7 +98,6 @@ index cac8cda..78e918a 100644 | |||
98 | +or 300 if the | 98 | +or 300 if the |
99 | +.Cm BatchMode | 99 | +.Cm BatchMode |
100 | +option is set. | 100 | +option is set. |
101 | This option applies to protocol version 2 only. | ||
102 | +.Cm ProtocolKeepAlives | 101 | +.Cm ProtocolKeepAlives |
103 | +and | 102 | +and |
104 | +.Cm SetupTimeOut | 103 | +.Cm SetupTimeOut |
@@ -106,7 +105,7 @@ index cac8cda..78e918a 100644 | |||
106 | .It Cm StreamLocalBindMask | 105 | .It Cm StreamLocalBindMask |
107 | Sets the octal file creation mode mask | 106 | Sets the octal file creation mode mask |
108 | .Pq umask | 107 | .Pq umask |
109 | @@ -1543,6 +1554,12 @@ Specifies whether the system should send TCP keepalive messages to the | 108 | @@ -1617,6 +1628,12 @@ Specifies whether the system should send TCP keepalive messages to the |
110 | other side. | 109 | other side. |
111 | If they are sent, death of the connection or crash of one | 110 | If they are sent, death of the connection or crash of one |
112 | of the machines will be properly noticed. | 111 | of the machines will be properly noticed. |
@@ -120,10 +119,10 @@ index cac8cda..78e918a 100644 | |||
120 | connections will die if the route is down temporarily, and some people | 119 | connections will die if the route is down temporarily, and some people |
121 | find it annoying. | 120 | find it annoying. |
122 | diff --git a/sshd_config.5 b/sshd_config.5 | 121 | diff --git a/sshd_config.5 b/sshd_config.5 |
123 | index 5491c89..c8ee35d 100644 | 122 | index c6d6858..bc79a66 100644 |
124 | --- a/sshd_config.5 | 123 | --- a/sshd_config.5 |
125 | +++ b/sshd_config.5 | 124 | +++ b/sshd_config.5 |
126 | @@ -1510,6 +1510,9 @@ This avoids infinitely hanging sessions. | 125 | @@ -1518,6 +1518,9 @@ This avoids infinitely hanging sessions. |
127 | .Pp | 126 | .Pp |
128 | To disable TCP keepalive messages, the value should be set to | 127 | To disable TCP keepalive messages, the value should be set to |
129 | .Dq no . | 128 | .Dq no . |
diff --git a/debian/patches/lintian-symlink-pickiness.patch b/debian/patches/lintian-symlink-pickiness.patch deleted file mode 100644 index a2a440fae..000000000 --- a/debian/patches/lintian-symlink-pickiness.patch +++ /dev/null | |||
@@ -1,32 +0,0 @@ | |||
1 | From c685ea67334abf73c014aa6ab9f833e9d28fdab8 Mon Sep 17 00:00:00 2001 | ||
2 | From: Colin Watson <cjwatson@debian.org> | ||
3 | Date: Sun, 9 Feb 2014 16:10:08 +0000 | ||
4 | Subject: Fix picky lintian errors about slogin symlinks | ||
5 | |||
6 | Apparently this breaks some SVR4 packaging systems, so upstream can't win | ||
7 | either way and opted to keep the status quo. We need this patch anyway. | ||
8 | |||
9 | Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1728 | ||
10 | Last-Update: 2013-09-14 | ||
11 | |||
12 | Patch-Name: lintian-symlink-pickiness.patch | ||
13 | --- | ||
14 | Makefile.in | 4 ++-- | ||
15 | 1 file changed, 2 insertions(+), 2 deletions(-) | ||
16 | |||
17 | diff --git a/Makefile.in b/Makefile.in | ||
18 | index 915c740..e161d0e 100644 | ||
19 | --- a/Makefile.in | ||
20 | +++ b/Makefile.in | ||
21 | @@ -330,9 +330,9 @@ install-files: | ||
22 | $(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8 | ||
23 | $(INSTALL) -m 644 ssh-pkcs11-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8 | ||
24 | -rm -f $(DESTDIR)$(bindir)/slogin | ||
25 | - ln -s ./ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin | ||
26 | + ln -s ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin | ||
27 | -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1 | ||
28 | - ln -s ./ssh.1 $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1 | ||
29 | + ln -s ssh.1 $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1 | ||
30 | |||
31 | install-sysconf: | ||
32 | if [ ! -d $(DESTDIR)$(sysconfdir) ]; then \ | ||
diff --git a/debian/patches/mention-ssh-keygen-on-keychange.patch b/debian/patches/mention-ssh-keygen-on-keychange.patch index a9c4cb7fc..7e6ad3996 100644 --- a/debian/patches/mention-ssh-keygen-on-keychange.patch +++ b/debian/patches/mention-ssh-keygen-on-keychange.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | From 89f2729da6734f2d5e3a31d2a75e817750f6cd95 Mon Sep 17 00:00:00 2001 | 1 | From cbec84cf05e5dbd6d8a739a7d01e1d242a006d20 Mon Sep 17 00:00:00 2001 |
2 | From: Scott Moser <smoser@ubuntu.com> | 2 | From: Scott Moser <smoser@ubuntu.com> |
3 | Date: Sun, 9 Feb 2014 16:10:03 +0000 | 3 | Date: Sun, 9 Feb 2014 16:10:03 +0000 |
4 | Subject: Mention ssh-keygen in ssh fingerprint changed warning | 4 | Subject: Mention ssh-keygen in ssh fingerprint changed warning |
@@ -13,10 +13,10 @@ Patch-Name: mention-ssh-keygen-on-keychange.patch | |||
13 | 1 file changed, 7 insertions(+), 1 deletion(-) | 13 | 1 file changed, 7 insertions(+), 1 deletion(-) |
14 | 14 | ||
15 | diff --git a/sshconnect.c b/sshconnect.c | 15 | diff --git a/sshconnect.c b/sshconnect.c |
16 | index cd467fd..bbde8af 100644 | 16 | index 8b8e760..fd67727 100644 |
17 | --- a/sshconnect.c | 17 | --- a/sshconnect.c |
18 | +++ b/sshconnect.c | 18 | +++ b/sshconnect.c |
19 | @@ -1078,9 +1078,13 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, | 19 | @@ -1081,9 +1081,13 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, |
20 | error("%s. This could either mean that", key_msg); | 20 | error("%s. This could either mean that", key_msg); |
21 | error("DNS SPOOFING is happening or the IP address for the host"); | 21 | error("DNS SPOOFING is happening or the IP address for the host"); |
22 | error("and its host key have changed at the same time."); | 22 | error("and its host key have changed at the same time."); |
@@ -31,7 +31,7 @@ index cd467fd..bbde8af 100644 | |||
31 | } | 31 | } |
32 | /* The host key has changed. */ | 32 | /* The host key has changed. */ |
33 | warn_changed_key(host_key); | 33 | warn_changed_key(host_key); |
34 | @@ -1088,6 +1092,8 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, | 34 | @@ -1091,6 +1095,8 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, |
35 | user_hostfiles[0]); | 35 | user_hostfiles[0]); |
36 | error("Offending %s key in %s:%lu", key_type(host_found->key), | 36 | error("Offending %s key in %s:%lu", key_type(host_found->key), |
37 | host_found->file, host_found->line); | 37 | host_found->file, host_found->line); |
diff --git a/debian/patches/no-openssl-version-status.patch b/debian/patches/no-openssl-version-status.patch index 194100f56..42463eed7 100644 --- a/debian/patches/no-openssl-version-status.patch +++ b/debian/patches/no-openssl-version-status.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | From dcc3ce03144d1560d878db8290c9f19dc0511f6f Mon Sep 17 00:00:00 2001 | 1 | From c2f77b15d182a5399d4548a57a471d6be7b25a87 Mon Sep 17 00:00:00 2001 |
2 | From: Kurt Roeckx <kurt@roeckx.be> | 2 | From: Kurt Roeckx <kurt@roeckx.be> |
3 | Date: Sun, 9 Feb 2014 16:10:14 +0000 | 3 | Date: Sun, 9 Feb 2014 16:10:14 +0000 |
4 | Subject: Don't check the status field of the OpenSSL version | 4 | Subject: Don't check the status field of the OpenSSL version |
diff --git a/debian/patches/openbsd-docs.patch b/debian/patches/openbsd-docs.patch index 9b1c38bfc..abeaad7a5 100644 --- a/debian/patches/openbsd-docs.patch +++ b/debian/patches/openbsd-docs.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | From eb8141e6ac12c0714e0951598fe44634327bfde7 Mon Sep 17 00:00:00 2001 | 1 | From 5a19d59c0b76162929545ad1bc92e7de69ce9a7b Mon Sep 17 00:00:00 2001 |
2 | From: Colin Watson <cjwatson@debian.org> | 2 | From: Colin Watson <cjwatson@debian.org> |
3 | Date: Sun, 9 Feb 2014 16:10:09 +0000 | 3 | Date: Sun, 9 Feb 2014 16:10:09 +0000 |
4 | Subject: Adjust various OpenBSD-specific references in manual pages | 4 | Subject: Adjust various OpenBSD-specific references in manual pages |
@@ -44,10 +44,10 @@ index ef0de08..149846c 100644 | |||
44 | .Sh SEE ALSO | 44 | .Sh SEE ALSO |
45 | .Xr ssh-keygen 1 , | 45 | .Xr ssh-keygen 1 , |
46 | diff --git a/ssh-keygen.1 b/ssh-keygen.1 | 46 | diff --git a/ssh-keygen.1 b/ssh-keygen.1 |
47 | index ed17a08..c560179 100644 | 47 | index 37a4fc2..24bed5f 100644 |
48 | --- a/ssh-keygen.1 | 48 | --- a/ssh-keygen.1 |
49 | +++ b/ssh-keygen.1 | 49 | +++ b/ssh-keygen.1 |
50 | @@ -174,9 +174,7 @@ key in | 50 | @@ -178,9 +178,7 @@ key in |
51 | .Pa ~/.ssh/id_ed25519 | 51 | .Pa ~/.ssh/id_ed25519 |
52 | or | 52 | or |
53 | .Pa ~/.ssh/id_rsa . | 53 | .Pa ~/.ssh/id_rsa . |
@@ -58,7 +58,7 @@ index ed17a08..c560179 100644 | |||
58 | .Pp | 58 | .Pp |
59 | Normally this program generates the key and asks for a file in which | 59 | Normally this program generates the key and asks for a file in which |
60 | to store the private key. | 60 | to store the private key. |
61 | @@ -223,9 +221,7 @@ For each of the key types (rsa1, rsa, dsa, ecdsa and ed25519) | 61 | @@ -227,9 +225,7 @@ For each of the key types (rsa1, rsa, dsa, ecdsa and ed25519) |
62 | for which host keys | 62 | for which host keys |
63 | do not exist, generate the host keys with the default key file path, | 63 | do not exist, generate the host keys with the default key file path, |
64 | an empty passphrase, default bits for the key type, and default comment. | 64 | an empty passphrase, default bits for the key type, and default comment. |
@@ -69,7 +69,7 @@ index ed17a08..c560179 100644 | |||
69 | .It Fl a Ar rounds | 69 | .It Fl a Ar rounds |
70 | When saving a new-format private key (i.e. an ed25519 key or any SSH protocol | 70 | When saving a new-format private key (i.e. an ed25519 key or any SSH protocol |
71 | 2 key when the | 71 | 2 key when the |
72 | @@ -638,7 +634,7 @@ option. | 72 | @@ -642,7 +638,7 @@ option. |
73 | Valid generator values are 2, 3, and 5. | 73 | Valid generator values are 2, 3, and 5. |
74 | .Pp | 74 | .Pp |
75 | Screened DH groups may be installed in | 75 | Screened DH groups may be installed in |
@@ -78,7 +78,7 @@ index ed17a08..c560179 100644 | |||
78 | It is important that this file contains moduli of a range of bit lengths and | 78 | It is important that this file contains moduli of a range of bit lengths and |
79 | that both ends of a connection share common moduli. | 79 | that both ends of a connection share common moduli. |
80 | .Sh CERTIFICATES | 80 | .Sh CERTIFICATES |
81 | @@ -837,7 +833,7 @@ on all machines | 81 | @@ -841,7 +837,7 @@ on all machines |
82 | where the user wishes to log in using public key authentication. | 82 | where the user wishes to log in using public key authentication. |
83 | There is no need to keep the contents of this file secret. | 83 | There is no need to keep the contents of this file secret. |
84 | .Pp | 84 | .Pp |
@@ -88,11 +88,11 @@ index ed17a08..c560179 100644 | |||
88 | The file format is described in | 88 | The file format is described in |
89 | .Xr moduli 5 . | 89 | .Xr moduli 5 . |
90 | diff --git a/ssh.1 b/ssh.1 | 90 | diff --git a/ssh.1 b/ssh.1 |
91 | index ff80022..4fba77f 100644 | 91 | index feb0e89..41e0aab 100644 |
92 | --- a/ssh.1 | 92 | --- a/ssh.1 |
93 | +++ b/ssh.1 | 93 | +++ b/ssh.1 |
94 | @@ -853,6 +853,10 @@ Protocol 1 is restricted to using only RSA keys, | 94 | @@ -852,6 +852,10 @@ implements public key authentication protocol automatically, |
95 | but protocol 2 may use any. | 95 | using one of the DSA, ECDSA, Ed25519 or RSA algorithms. |
96 | The HISTORY section of | 96 | The HISTORY section of |
97 | .Xr ssl 8 | 97 | .Xr ssl 8 |
98 | +(on non-OpenBSD systems, see | 98 | +(on non-OpenBSD systems, see |
@@ -103,7 +103,7 @@ index ff80022..4fba77f 100644 | |||
103 | .Pp | 103 | .Pp |
104 | The file | 104 | The file |
105 | diff --git a/sshd.8 b/sshd.8 | 105 | diff --git a/sshd.8 b/sshd.8 |
106 | index 2105979..42ba596 100644 | 106 | index 589841f..58eefe9 100644 |
107 | --- a/sshd.8 | 107 | --- a/sshd.8 |
108 | +++ b/sshd.8 | 108 | +++ b/sshd.8 |
109 | @@ -67,7 +67,7 @@ over an insecure network. | 109 | @@ -67,7 +67,7 @@ over an insecure network. |
@@ -115,16 +115,16 @@ index 2105979..42ba596 100644 | |||
115 | It forks a new | 115 | It forks a new |
116 | daemon for each incoming connection. | 116 | daemon for each incoming connection. |
117 | The forked daemons handle | 117 | The forked daemons handle |
118 | @@ -861,7 +861,7 @@ This file is for host-based authentication (see | 118 | @@ -891,7 +891,7 @@ This file is for host-based authentication (see |
119 | .Xr ssh 1 ) . | 119 | .Xr ssh 1 ) . |
120 | It should only be writable by root. | 120 | It should only be writable by root. |
121 | .Pp | 121 | .Pp |
122 | -.It Pa /etc/moduli | 122 | -.It Pa /etc/moduli |
123 | +.It Pa /etc/ssh/moduli | 123 | +.It Pa /etc/ssh/moduli |
124 | Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange". | 124 | Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange" |
125 | key exchange method. | ||
125 | The file format is described in | 126 | The file format is described in |
126 | .Xr moduli 5 . | 127 | @@ -993,7 +993,6 @@ The content of this file is not sensitive; it can be world-readable. |
127 | @@ -960,7 +960,6 @@ The content of this file is not sensitive; it can be world-readable. | ||
128 | .Xr ssh-keyscan 1 , | 128 | .Xr ssh-keyscan 1 , |
129 | .Xr chroot 2 , | 129 | .Xr chroot 2 , |
130 | .Xr hosts_access 5 , | 130 | .Xr hosts_access 5 , |
@@ -133,10 +133,10 @@ index 2105979..42ba596 100644 | |||
133 | .Xr sshd_config 5 , | 133 | .Xr sshd_config 5 , |
134 | .Xr inetd 8 , | 134 | .Xr inetd 8 , |
135 | diff --git a/sshd_config.5 b/sshd_config.5 | 135 | diff --git a/sshd_config.5 b/sshd_config.5 |
136 | index b149bd3..0828592 100644 | 136 | index b565640..4d255e5 100644 |
137 | --- a/sshd_config.5 | 137 | --- a/sshd_config.5 |
138 | +++ b/sshd_config.5 | 138 | +++ b/sshd_config.5 |
139 | @@ -374,8 +374,7 @@ This option is only available for protocol version 2. | 139 | @@ -375,8 +375,7 @@ then no banner is displayed. |
140 | By default, no banner is displayed. | 140 | By default, no banner is displayed. |
141 | .It Cm ChallengeResponseAuthentication | 141 | .It Cm ChallengeResponseAuthentication |
142 | Specifies whether challenge-response authentication is allowed (e.g. via | 142 | Specifies whether challenge-response authentication is allowed (e.g. via |
diff --git a/debian/patches/package-versioning.patch b/debian/patches/package-versioning.patch index fb7724f58..b41c066e3 100644 --- a/debian/patches/package-versioning.patch +++ b/debian/patches/package-versioning.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | From 3e38e90de2e2ead094624f4f140568574c40cae6 Mon Sep 17 00:00:00 2001 | 1 | From f7587633dc374db82455fe7a3fa921de5c4a897b Mon Sep 17 00:00:00 2001 |
2 | From: Matthew Vernon <matthew@debian.org> | 2 | From: Matthew Vernon <matthew@debian.org> |
3 | Date: Sun, 9 Feb 2014 16:10:05 +0000 | 3 | Date: Sun, 9 Feb 2014 16:10:05 +0000 |
4 | Subject: Include the Debian version in our identification | 4 | Subject: Include the Debian version in our identification |
@@ -19,10 +19,10 @@ Patch-Name: package-versioning.patch | |||
19 | 3 files changed, 9 insertions(+), 4 deletions(-) | 19 | 3 files changed, 9 insertions(+), 4 deletions(-) |
20 | 20 | ||
21 | diff --git a/sshconnect.c b/sshconnect.c | 21 | diff --git a/sshconnect.c b/sshconnect.c |
22 | index bbde8af..0ec1e54 100644 | 22 | index fd67727..07dfc9d 100644 |
23 | --- a/sshconnect.c | 23 | --- a/sshconnect.c |
24 | +++ b/sshconnect.c | 24 | +++ b/sshconnect.c |
25 | @@ -524,10 +524,10 @@ send_client_banner(int connection_out, int minor1) | 25 | @@ -527,10 +527,10 @@ send_client_banner(int connection_out, int minor1) |
26 | /* Send our own protocol version identification. */ | 26 | /* Send our own protocol version identification. */ |
27 | if (compat20) { | 27 | if (compat20) { |
28 | xasprintf(&client_version_string, "SSH-%d.%d-%.100s\r\n", | 28 | xasprintf(&client_version_string, "SSH-%d.%d-%.100s\r\n", |
@@ -33,13 +33,13 @@ index bbde8af..0ec1e54 100644 | |||
33 | - PROTOCOL_MAJOR_1, minor1, SSH_VERSION); | 33 | - PROTOCOL_MAJOR_1, minor1, SSH_VERSION); |
34 | + PROTOCOL_MAJOR_1, minor1, SSH_RELEASE); | 34 | + PROTOCOL_MAJOR_1, minor1, SSH_RELEASE); |
35 | } | 35 | } |
36 | if (roaming_atomicio(vwrite, connection_out, client_version_string, | 36 | if (atomicio(vwrite, connection_out, client_version_string, |
37 | strlen(client_version_string)) != strlen(client_version_string)) | 37 | strlen(client_version_string)) != strlen(client_version_string)) |
38 | diff --git a/sshd.c b/sshd.c | 38 | diff --git a/sshd.c b/sshd.c |
39 | index 1b49b26..189d34a 100644 | 39 | index bb093cc..c762190 100644 |
40 | --- a/sshd.c | 40 | --- a/sshd.c |
41 | +++ b/sshd.c | 41 | +++ b/sshd.c |
42 | @@ -443,7 +443,7 @@ sshd_exchange_identification(int sock_in, int sock_out) | 42 | @@ -442,7 +442,7 @@ sshd_exchange_identification(int sock_in, int sock_out) |
43 | } | 43 | } |
44 | 44 | ||
45 | xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s", | 45 | xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s", |
@@ -49,13 +49,13 @@ index 1b49b26..189d34a 100644 | |||
49 | options.version_addendum, newline); | 49 | options.version_addendum, newline); |
50 | 50 | ||
51 | diff --git a/version.h b/version.h | 51 | diff --git a/version.h b/version.h |
52 | index 41e1ea9..2969570 100644 | 52 | index 4189982..236dd87 100644 |
53 | --- a/version.h | 53 | --- a/version.h |
54 | +++ b/version.h | 54 | +++ b/version.h |
55 | @@ -3,4 +3,9 @@ | 55 | @@ -3,4 +3,9 @@ |
56 | #define SSH_VERSION "OpenSSH_7.1" | 56 | #define SSH_VERSION "OpenSSH_7.2" |
57 | 57 | ||
58 | #define SSH_PORTABLE "p2" | 58 | #define SSH_PORTABLE "p1" |
59 | -#define SSH_RELEASE SSH_VERSION SSH_PORTABLE | 59 | -#define SSH_RELEASE SSH_VERSION SSH_PORTABLE |
60 | +#define SSH_RELEASE_MINIMUM SSH_VERSION SSH_PORTABLE | 60 | +#define SSH_RELEASE_MINIMUM SSH_VERSION SSH_PORTABLE |
61 | +#ifdef SSH_EXTRAVERSION | 61 | +#ifdef SSH_EXTRAVERSION |
diff --git a/debian/patches/quieter-signals.patch b/debian/patches/quieter-signals.patch index 0dc3f1c32..51d5c09d0 100644 --- a/debian/patches/quieter-signals.patch +++ b/debian/patches/quieter-signals.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | From 72aec10a082f61d9a601b03ec57e0053e03397dd Mon Sep 17 00:00:00 2001 | 1 | From 754544297b321ab1ce1923e6aa9987bb82dd4fc5 Mon Sep 17 00:00:00 2001 |
2 | From: Peter Samuelson <peter@p12n.org> | 2 | From: Peter Samuelson <peter@p12n.org> |
3 | Date: Sun, 9 Feb 2014 16:09:55 +0000 | 3 | Date: Sun, 9 Feb 2014 16:09:55 +0000 |
4 | Subject: Reduce severity of "Killed by signal %d" | 4 | Subject: Reduce severity of "Killed by signal %d" |
@@ -22,10 +22,10 @@ Patch-Name: quieter-signals.patch | |||
22 | 1 file changed, 4 insertions(+), 2 deletions(-) | 22 | 1 file changed, 4 insertions(+), 2 deletions(-) |
23 | 23 | ||
24 | diff --git a/clientloop.c b/clientloop.c | 24 | diff --git a/clientloop.c b/clientloop.c |
25 | index fba1b54..5653cc4 100644 | 25 | index 1567e4a..3b6cacb 100644 |
26 | --- a/clientloop.c | 26 | --- a/clientloop.c |
27 | +++ b/clientloop.c | 27 | +++ b/clientloop.c |
28 | @@ -1716,8 +1716,10 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id) | 28 | @@ -1753,8 +1753,10 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id) |
29 | exit_status = 0; | 29 | exit_status = 0; |
30 | } | 30 | } |
31 | 31 | ||
diff --git a/debian/patches/restore-tcp-wrappers.patch b/debian/patches/restore-tcp-wrappers.patch index 13090ff06..47ccdda3c 100644 --- a/debian/patches/restore-tcp-wrappers.patch +++ b/debian/patches/restore-tcp-wrappers.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | From f1fe58341ea22a6f07e5e1de79aa0385c0ee0c6a Mon Sep 17 00:00:00 2001 | 1 | From 9496f70a8203592158275489519996476b2356af Mon Sep 17 00:00:00 2001 |
2 | From: Colin Watson <cjwatson@debian.org> | 2 | From: Colin Watson <cjwatson@debian.org> |
3 | Date: Tue, 7 Oct 2014 13:22:41 +0100 | 3 | Date: Tue, 7 Oct 2014 13:22:41 +0100 |
4 | Subject: Restore TCP wrappers support | 4 | Subject: Restore TCP wrappers support |
@@ -28,10 +28,10 @@ Patch-Name: restore-tcp-wrappers.patch | |||
28 | 3 files changed, 89 insertions(+) | 28 | 3 files changed, 89 insertions(+) |
29 | 29 | ||
30 | diff --git a/configure.ac b/configure.ac | 30 | diff --git a/configure.ac b/configure.ac |
31 | index 7a25603..128889a 100644 | 31 | index 5f1ff74..5d720f7 100644 |
32 | --- a/configure.ac | 32 | --- a/configure.ac |
33 | +++ b/configure.ac | 33 | +++ b/configure.ac |
34 | @@ -1448,6 +1448,62 @@ AC_ARG_WITH([skey], | 34 | @@ -1481,6 +1481,62 @@ AC_ARG_WITH([skey], |
35 | ] | 35 | ] |
36 | ) | 36 | ) |
37 | 37 | ||
@@ -94,7 +94,7 @@ index 7a25603..128889a 100644 | |||
94 | # Check whether user wants to use ldns | 94 | # Check whether user wants to use ldns |
95 | LDNS_MSG="no" | 95 | LDNS_MSG="no" |
96 | AC_ARG_WITH(ldns, | 96 | AC_ARG_WITH(ldns, |
97 | @@ -4953,6 +5009,7 @@ echo " KerberosV support: $KRB5_MSG" | 97 | @@ -5003,6 +5059,7 @@ echo " KerberosV support: $KRB5_MSG" |
98 | echo " SELinux support: $SELINUX_MSG" | 98 | echo " SELinux support: $SELINUX_MSG" |
99 | echo " Smartcard support: $SCARD_MSG" | 99 | echo " Smartcard support: $SCARD_MSG" |
100 | echo " S/KEY support: $SKEY_MSG" | 100 | echo " S/KEY support: $SKEY_MSG" |
@@ -103,10 +103,10 @@ index 7a25603..128889a 100644 | |||
103 | echo " libedit support: $LIBEDIT_MSG" | 103 | echo " libedit support: $LIBEDIT_MSG" |
104 | echo " Solaris process contract support: $SPC_MSG" | 104 | echo " Solaris process contract support: $SPC_MSG" |
105 | diff --git a/sshd.8 b/sshd.8 | 105 | diff --git a/sshd.8 b/sshd.8 |
106 | index 213b5fc..2105979 100644 | 106 | index 6c521f2..589841f 100644 |
107 | --- a/sshd.8 | 107 | --- a/sshd.8 |
108 | +++ b/sshd.8 | 108 | +++ b/sshd.8 |
109 | @@ -850,6 +850,12 @@ the user's home directory becomes accessible. | 109 | @@ -880,6 +880,12 @@ the user's home directory becomes accessible. |
110 | This file should be writable only by the user, and need not be | 110 | This file should be writable only by the user, and need not be |
111 | readable by anyone else. | 111 | readable by anyone else. |
112 | .Pp | 112 | .Pp |
@@ -119,7 +119,7 @@ index 213b5fc..2105979 100644 | |||
119 | .It Pa /etc/hosts.equiv | 119 | .It Pa /etc/hosts.equiv |
120 | This file is for host-based authentication (see | 120 | This file is for host-based authentication (see |
121 | .Xr ssh 1 ) . | 121 | .Xr ssh 1 ) . |
122 | @@ -953,6 +959,7 @@ The content of this file is not sensitive; it can be world-readable. | 122 | @@ -986,6 +992,7 @@ The content of this file is not sensitive; it can be world-readable. |
123 | .Xr ssh-keygen 1 , | 123 | .Xr ssh-keygen 1 , |
124 | .Xr ssh-keyscan 1 , | 124 | .Xr ssh-keyscan 1 , |
125 | .Xr chroot 2 , | 125 | .Xr chroot 2 , |
@@ -128,10 +128,10 @@ index 213b5fc..2105979 100644 | |||
128 | .Xr moduli 5 , | 128 | .Xr moduli 5 , |
129 | .Xr sshd_config 5 , | 129 | .Xr sshd_config 5 , |
130 | diff --git a/sshd.c b/sshd.c | 130 | diff --git a/sshd.c b/sshd.c |
131 | index d659a68..9275e0b 100644 | 131 | index 5cd9129..d1dd711 100644 |
132 | --- a/sshd.c | 132 | --- a/sshd.c |
133 | +++ b/sshd.c | 133 | +++ b/sshd.c |
134 | @@ -130,6 +130,13 @@ | 134 | @@ -129,6 +129,13 @@ |
135 | #include <Security/AuthSession.h> | 135 | #include <Security/AuthSession.h> |
136 | #endif | 136 | #endif |
137 | 137 | ||
diff --git a/debian/patches/scp-quoting.patch b/debian/patches/scp-quoting.patch index e8049d902..cd2685e3a 100644 --- a/debian/patches/scp-quoting.patch +++ b/debian/patches/scp-quoting.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | From efd79b5b880f473ef06d4659cf279b07a65de208 Mon Sep 17 00:00:00 2001 | 1 | From c2c79a52f66eee7b85b5241d08a70b2593a9bc9e Mon Sep 17 00:00:00 2001 |
2 | From: =?UTF-8?q?Nicolas=20Valc=C3=A1rcel?= <nvalcarcel@ubuntu.com> | 2 | From: =?UTF-8?q?Nicolas=20Valc=C3=A1rcel?= <nvalcarcel@ubuntu.com> |
3 | Date: Sun, 9 Feb 2014 16:09:59 +0000 | 3 | Date: Sun, 9 Feb 2014 16:09:59 +0000 |
4 | Subject: Adjust scp quoting in verbose mode | 4 | Subject: Adjust scp quoting in verbose mode |
@@ -17,7 +17,7 @@ Patch-Name: scp-quoting.patch | |||
17 | 1 file changed, 10 insertions(+), 2 deletions(-) | 17 | 1 file changed, 10 insertions(+), 2 deletions(-) |
18 | 18 | ||
19 | diff --git a/scp.c b/scp.c | 19 | diff --git a/scp.c b/scp.c |
20 | index 593fe89..e39294e 100644 | 20 | index 0bdd7cb..51bc2b7 100644 |
21 | --- a/scp.c | 21 | --- a/scp.c |
22 | +++ b/scp.c | 22 | +++ b/scp.c |
23 | @@ -190,8 +190,16 @@ do_local_cmd(arglist *a) | 23 | @@ -190,8 +190,16 @@ do_local_cmd(arglist *a) |
diff --git a/debian/patches/selinux-role.patch b/debian/patches/selinux-role.patch index 5fec9eae0..c632f0349 100644 --- a/debian/patches/selinux-role.patch +++ b/debian/patches/selinux-role.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | From 701eb985309b1c9fce617949298659843fce723d Mon Sep 17 00:00:00 2001 | 1 | From a00cba810338ce920de432e7797a45794bf280ba Mon Sep 17 00:00:00 2001 |
2 | From: Manoj Srivastava <srivasta@debian.org> | 2 | From: Manoj Srivastava <srivasta@debian.org> |
3 | Date: Sun, 9 Feb 2014 16:09:49 +0000 | 3 | Date: Sun, 9 Feb 2014 16:09:49 +0000 |
4 | Subject: Handle SELinux authorisation roles | 4 | Subject: Handle SELinux authorisation roles |
@@ -32,7 +32,7 @@ Patch-Name: selinux-role.patch | |||
32 | 16 files changed, 104 insertions(+), 31 deletions(-) | 32 | 16 files changed, 104 insertions(+), 31 deletions(-) |
33 | 33 | ||
34 | diff --git a/auth.h b/auth.h | 34 | diff --git a/auth.h b/auth.h |
35 | index 8b27575..3c2222f 100644 | 35 | index 2160154..3b3a085 100644 |
36 | --- a/auth.h | 36 | --- a/auth.h |
37 | +++ b/auth.h | 37 | +++ b/auth.h |
38 | @@ -62,6 +62,7 @@ struct Authctxt { | 38 | @@ -62,6 +62,7 @@ struct Authctxt { |
@@ -113,10 +113,10 @@ index 3f49bdc..6eb3cc7 100644 | |||
113 | if (auth2_setup_methods_lists(authctxt) != 0) | 113 | if (auth2_setup_methods_lists(authctxt) != 0) |
114 | packet_disconnect("no authentication methods enabled"); | 114 | packet_disconnect("no authentication methods enabled"); |
115 | diff --git a/monitor.c b/monitor.c | 115 | diff --git a/monitor.c b/monitor.c |
116 | index 2658aaa..c063ad1 100644 | 116 | index 6c82023..5be3fbf 100644 |
117 | --- a/monitor.c | 117 | --- a/monitor.c |
118 | +++ b/monitor.c | 118 | +++ b/monitor.c |
119 | @@ -127,6 +127,7 @@ int mm_answer_sign(int, Buffer *); | 119 | @@ -126,6 +126,7 @@ int mm_answer_sign(int, Buffer *); |
120 | int mm_answer_pwnamallow(int, Buffer *); | 120 | int mm_answer_pwnamallow(int, Buffer *); |
121 | int mm_answer_auth2_read_banner(int, Buffer *); | 121 | int mm_answer_auth2_read_banner(int, Buffer *); |
122 | int mm_answer_authserv(int, Buffer *); | 122 | int mm_answer_authserv(int, Buffer *); |
@@ -124,7 +124,7 @@ index 2658aaa..c063ad1 100644 | |||
124 | int mm_answer_authpassword(int, Buffer *); | 124 | int mm_answer_authpassword(int, Buffer *); |
125 | int mm_answer_bsdauthquery(int, Buffer *); | 125 | int mm_answer_bsdauthquery(int, Buffer *); |
126 | int mm_answer_bsdauthrespond(int, Buffer *); | 126 | int mm_answer_bsdauthrespond(int, Buffer *); |
127 | @@ -208,6 +209,7 @@ struct mon_table mon_dispatch_proto20[] = { | 127 | @@ -207,6 +208,7 @@ struct mon_table mon_dispatch_proto20[] = { |
128 | {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign}, | 128 | {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign}, |
129 | {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow}, | 129 | {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow}, |
130 | {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv}, | 130 | {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv}, |
@@ -132,7 +132,7 @@ index 2658aaa..c063ad1 100644 | |||
132 | {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner}, | 132 | {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner}, |
133 | {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword}, | 133 | {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword}, |
134 | #ifdef USE_PAM | 134 | #ifdef USE_PAM |
135 | @@ -879,6 +881,7 @@ mm_answer_pwnamallow(int sock, Buffer *m) | 135 | @@ -875,6 +877,7 @@ mm_answer_pwnamallow(int sock, Buffer *m) |
136 | else { | 136 | else { |
137 | /* Allow service/style information on the auth context */ | 137 | /* Allow service/style information on the auth context */ |
138 | monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1); | 138 | monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1); |
@@ -140,7 +140,7 @@ index 2658aaa..c063ad1 100644 | |||
140 | monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1); | 140 | monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1); |
141 | } | 141 | } |
142 | #ifdef USE_PAM | 142 | #ifdef USE_PAM |
143 | @@ -909,14 +912,37 @@ mm_answer_authserv(int sock, Buffer *m) | 143 | @@ -905,14 +908,37 @@ mm_answer_authserv(int sock, Buffer *m) |
144 | 144 | ||
145 | authctxt->service = buffer_get_string(m, NULL); | 145 | authctxt->service = buffer_get_string(m, NULL); |
146 | authctxt->style = buffer_get_string(m, NULL); | 146 | authctxt->style = buffer_get_string(m, NULL); |
@@ -180,7 +180,7 @@ index 2658aaa..c063ad1 100644 | |||
180 | return (0); | 180 | return (0); |
181 | } | 181 | } |
182 | 182 | ||
183 | @@ -1544,7 +1570,7 @@ mm_answer_pty(int sock, Buffer *m) | 183 | @@ -1541,7 +1567,7 @@ mm_answer_pty(int sock, Buffer *m) |
184 | res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty)); | 184 | res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty)); |
185 | if (res == 0) | 185 | if (res == 0) |
186 | goto error; | 186 | goto error; |
@@ -203,7 +203,7 @@ index bc50ade..2d82b8b 100644 | |||
203 | 203 | ||
204 | struct mm_master; | 204 | struct mm_master; |
205 | diff --git a/monitor_wrap.c b/monitor_wrap.c | 205 | diff --git a/monitor_wrap.c b/monitor_wrap.c |
206 | index 81ceddb..6799911 100644 | 206 | index 74fbd2e..eaf0a12 100644 |
207 | --- a/monitor_wrap.c | 207 | --- a/monitor_wrap.c |
208 | +++ b/monitor_wrap.c | 208 | +++ b/monitor_wrap.c |
209 | @@ -327,10 +327,10 @@ mm_auth2_read_banner(void) | 209 | @@ -327,10 +327,10 @@ mm_auth2_read_banner(void) |
@@ -251,13 +251,13 @@ index 81ceddb..6799911 100644 | |||
251 | int | 251 | int |
252 | mm_auth_password(Authctxt *authctxt, char *password) | 252 | mm_auth_password(Authctxt *authctxt, char *password) |
253 | diff --git a/monitor_wrap.h b/monitor_wrap.h | 253 | diff --git a/monitor_wrap.h b/monitor_wrap.h |
254 | index 9758290..57e740f 100644 | 254 | index 403f8d0..d9de551 100644 |
255 | --- a/monitor_wrap.h | 255 | --- a/monitor_wrap.h |
256 | +++ b/monitor_wrap.h | 256 | +++ b/monitor_wrap.h |
257 | @@ -41,7 +41,8 @@ void mm_log_handler(LogLevel, const char *, void *); | 257 | @@ -41,7 +41,8 @@ void mm_log_handler(LogLevel, const char *, void *); |
258 | int mm_is_monitor(void); | 258 | int mm_is_monitor(void); |
259 | DH *mm_choose_dh(int, int, int); | 259 | DH *mm_choose_dh(int, int, int); |
260 | int mm_key_sign(Key *, u_char **, u_int *, const u_char *, u_int); | 260 | int mm_key_sign(Key *, u_char **, u_int *, const u_char *, u_int, const char *); |
261 | -void mm_inform_authserv(char *, char *); | 261 | -void mm_inform_authserv(char *, char *); |
262 | +void mm_inform_authserv(char *, char *, char *); | 262 | +void mm_inform_authserv(char *, char *, char *); |
263 | +void mm_inform_authrole(char *); | 263 | +void mm_inform_authrole(char *); |
@@ -383,7 +383,7 @@ index ee313da..f35ec39 100644 | |||
383 | } | 383 | } |
384 | 384 | ||
385 | diff --git a/platform.h b/platform.h | 385 | diff --git a/platform.h b/platform.h |
386 | index 1c7a45d..436ae7c 100644 | 386 | index e687c99..823901b 100644 |
387 | --- a/platform.h | 387 | --- a/platform.h |
388 | +++ b/platform.h | 388 | +++ b/platform.h |
389 | @@ -27,7 +27,7 @@ void platform_post_fork_parent(pid_t child_pid); | 389 | @@ -27,7 +27,7 @@ void platform_post_fork_parent(pid_t child_pid); |
@@ -396,10 +396,10 @@ index 1c7a45d..436ae7c 100644 | |||
396 | char *platform_krb5_get_principal_name(const char *); | 396 | char *platform_krb5_get_principal_name(const char *); |
397 | int platform_sys_dir_uid(uid_t); | 397 | int platform_sys_dir_uid(uid_t); |
398 | diff --git a/session.c b/session.c | 398 | diff --git a/session.c b/session.c |
399 | index 5a64715..afac4a5 100644 | 399 | index 7a02500..99ec6f3 100644 |
400 | --- a/session.c | 400 | --- a/session.c |
401 | +++ b/session.c | 401 | +++ b/session.c |
402 | @@ -1487,7 +1487,7 @@ safely_chroot(const char *path, uid_t uid) | 402 | @@ -1489,7 +1489,7 @@ safely_chroot(const char *path, uid_t uid) |
403 | 403 | ||
404 | /* Set login name, uid, gid, and groups. */ | 404 | /* Set login name, uid, gid, and groups. */ |
405 | void | 405 | void |
@@ -407,17 +407,17 @@ index 5a64715..afac4a5 100644 | |||
407 | +do_setusercontext(struct passwd *pw, const char *role) | 407 | +do_setusercontext(struct passwd *pw, const char *role) |
408 | { | 408 | { |
409 | char *chroot_path, *tmp; | 409 | char *chroot_path, *tmp; |
410 | #ifdef USE_LIBIAF | 410 | |
411 | @@ -1518,7 +1518,7 @@ do_setusercontext(struct passwd *pw) | 411 | @@ -1517,7 +1517,7 @@ do_setusercontext(struct passwd *pw) |
412 | endgrent(); | 412 | endgrent(); |
413 | #endif | 413 | #endif |
414 | 414 | ||
415 | - platform_setusercontext_post_groups(pw); | 415 | - platform_setusercontext_post_groups(pw); |
416 | + platform_setusercontext_post_groups(pw, role); | 416 | + platform_setusercontext_post_groups(pw, role); |
417 | 417 | ||
418 | if (options.chroot_directory != NULL && | 418 | if (!in_chroot && options.chroot_directory != NULL && |
419 | strcasecmp(options.chroot_directory, "none") != 0) { | 419 | strcasecmp(options.chroot_directory, "none") != 0) { |
420 | @@ -1677,7 +1677,7 @@ do_child(Session *s, const char *command) | 420 | @@ -1674,7 +1674,7 @@ do_child(Session *s, const char *command) |
421 | 421 | ||
422 | /* Force a password change */ | 422 | /* Force a password change */ |
423 | if (s->authctxt->force_pwchange) { | 423 | if (s->authctxt->force_pwchange) { |
@@ -426,7 +426,7 @@ index 5a64715..afac4a5 100644 | |||
426 | child_close_fds(); | 426 | child_close_fds(); |
427 | do_pwchange(s); | 427 | do_pwchange(s); |
428 | exit(1); | 428 | exit(1); |
429 | @@ -1704,7 +1704,7 @@ do_child(Session *s, const char *command) | 429 | @@ -1701,7 +1701,7 @@ do_child(Session *s, const char *command) |
430 | /* When PAM is enabled we rely on it to do the nologin check */ | 430 | /* When PAM is enabled we rely on it to do the nologin check */ |
431 | if (!options.use_pam) | 431 | if (!options.use_pam) |
432 | do_nologin(pw); | 432 | do_nologin(pw); |
@@ -435,7 +435,7 @@ index 5a64715..afac4a5 100644 | |||
435 | /* | 435 | /* |
436 | * PAM session modules in do_setusercontext may have | 436 | * PAM session modules in do_setusercontext may have |
437 | * generated messages, so if this in an interactive | 437 | * generated messages, so if this in an interactive |
438 | @@ -2115,7 +2115,7 @@ session_pty_req(Session *s) | 438 | @@ -2112,7 +2112,7 @@ session_pty_req(Session *s) |
439 | tty_parse_modes(s->ttyfd, &n_bytes); | 439 | tty_parse_modes(s->ttyfd, &n_bytes); |
440 | 440 | ||
441 | if (!use_privsep) | 441 | if (!use_privsep) |
@@ -458,10 +458,10 @@ index 6a2f35e..ef6593c 100644 | |||
458 | const char *value); | 458 | const char *value); |
459 | 459 | ||
460 | diff --git a/sshd.c b/sshd.c | 460 | diff --git a/sshd.c b/sshd.c |
461 | index 9275e0b..1b49b26 100644 | 461 | index d1dd711..bb093cc 100644 |
462 | --- a/sshd.c | 462 | --- a/sshd.c |
463 | +++ b/sshd.c | 463 | +++ b/sshd.c |
464 | @@ -786,7 +786,7 @@ privsep_postauth(Authctxt *authctxt) | 464 | @@ -781,7 +781,7 @@ privsep_postauth(Authctxt *authctxt) |
465 | explicit_bzero(rnd, sizeof(rnd)); | 465 | explicit_bzero(rnd, sizeof(rnd)); |
466 | 466 | ||
467 | /* Drop privileges */ | 467 | /* Drop privileges */ |
diff --git a/debian/patches/series b/debian/patches/series index e612e0554..e5821f627 100644 --- a/debian/patches/series +++ b/debian/patches/series | |||
@@ -15,7 +15,6 @@ mention-ssh-keygen-on-keychange.patch | |||
15 | package-versioning.patch | 15 | package-versioning.patch |
16 | debian-banner.patch | 16 | debian-banner.patch |
17 | authorized-keys-man-symlink.patch | 17 | authorized-keys-man-symlink.patch |
18 | lintian-symlink-pickiness.patch | ||
19 | openbsd-docs.patch | 18 | openbsd-docs.patch |
20 | ssh-argv0.patch | 19 | ssh-argv0.patch |
21 | doc-hash-tab-completion.patch | 20 | doc-hash-tab-completion.patch |
diff --git a/debian/patches/shell-path.patch b/debian/patches/shell-path.patch index e60dfc4d3..953bae5d0 100644 --- a/debian/patches/shell-path.patch +++ b/debian/patches/shell-path.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | From ccc03dd81a15fa91155bbdfa6b84a0d6e37c43e4 Mon Sep 17 00:00:00 2001 | 1 | From 434f7bc6f37b86a449d3d975fad53233f4c141f2 Mon Sep 17 00:00:00 2001 |
2 | From: Colin Watson <cjwatson@debian.org> | 2 | From: Colin Watson <cjwatson@debian.org> |
3 | Date: Sun, 9 Feb 2014 16:10:00 +0000 | 3 | Date: Sun, 9 Feb 2014 16:10:00 +0000 |
4 | Subject: Look for $SHELL on the path for ProxyCommand/LocalCommand | 4 | Subject: Look for $SHELL on the path for ProxyCommand/LocalCommand |
@@ -16,10 +16,10 @@ Patch-Name: shell-path.patch | |||
16 | 1 file changed, 2 insertions(+), 2 deletions(-) | 16 | 1 file changed, 2 insertions(+), 2 deletions(-) |
17 | 17 | ||
18 | diff --git a/sshconnect.c b/sshconnect.c | 18 | diff --git a/sshconnect.c b/sshconnect.c |
19 | index 17fbe39..cd467fd 100644 | 19 | index 356ec79..8b8e760 100644 |
20 | --- a/sshconnect.c | 20 | --- a/sshconnect.c |
21 | +++ b/sshconnect.c | 21 | +++ b/sshconnect.c |
22 | @@ -231,7 +231,7 @@ ssh_proxy_connect(const char *host, u_short port, const char *proxy_command) | 22 | @@ -232,7 +232,7 @@ ssh_proxy_connect(const char *host, u_short port, const char *proxy_command) |
23 | /* Execute the proxy command. Note that we gave up any | 23 | /* Execute the proxy command. Note that we gave up any |
24 | extra privileges above. */ | 24 | extra privileges above. */ |
25 | signal(SIGPIPE, SIG_DFL); | 25 | signal(SIGPIPE, SIG_DFL); |
@@ -28,7 +28,7 @@ index 17fbe39..cd467fd 100644 | |||
28 | perror(argv[0]); | 28 | perror(argv[0]); |
29 | exit(1); | 29 | exit(1); |
30 | } | 30 | } |
31 | @@ -1471,7 +1471,7 @@ ssh_local_cmd(const char *args) | 31 | @@ -1499,7 +1499,7 @@ ssh_local_cmd(const char *args) |
32 | if (pid == 0) { | 32 | if (pid == 0) { |
33 | signal(SIGPIPE, SIG_DFL); | 33 | signal(SIGPIPE, SIG_DFL); |
34 | debug3("Executing %s -c \"%s\"", shell, args); | 34 | debug3("Executing %s -c \"%s\"", shell, args); |
diff --git a/debian/patches/sigstop.patch b/debian/patches/sigstop.patch index 0cf814455..e022fa53f 100644 --- a/debian/patches/sigstop.patch +++ b/debian/patches/sigstop.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | From 5af03fab96e1d53019d1c50282eb21ce3e581895 Mon Sep 17 00:00:00 2001 | 1 | From e66add5020e18f6dd9b942b46e02d9b20e24edcc Mon Sep 17 00:00:00 2001 |
2 | From: Colin Watson <cjwatson@debian.org> | 2 | From: Colin Watson <cjwatson@debian.org> |
3 | Date: Sun, 9 Feb 2014 16:10:17 +0000 | 3 | Date: Sun, 9 Feb 2014 16:10:17 +0000 |
4 | Subject: Support synchronisation with service supervisor using SIGSTOP | 4 | Subject: Support synchronisation with service supervisor using SIGSTOP |
@@ -13,7 +13,7 @@ Patch-Name: sigstop.patch | |||
13 | 1 file changed, 10 insertions(+) | 13 | 1 file changed, 10 insertions(+) |
14 | 14 | ||
15 | diff --git a/sshd.c b/sshd.c | 15 | diff --git a/sshd.c b/sshd.c |
16 | index 8d17521..5ccf175 100644 | 16 | index 57ae4ad..c2d42f5 100644 |
17 | --- a/sshd.c | 17 | --- a/sshd.c |
18 | +++ b/sshd.c | 18 | +++ b/sshd.c |
19 | @@ -2048,6 +2048,16 @@ main(int ac, char **av) | 19 | @@ -2048,6 +2048,16 @@ main(int ac, char **av) |
diff --git a/debian/patches/ssh-agent-setgid.patch b/debian/patches/ssh-agent-setgid.patch index ffab898c7..a2f23396e 100644 --- a/debian/patches/ssh-agent-setgid.patch +++ b/debian/patches/ssh-agent-setgid.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | From 7566d3563c174cc339da8b72833e66614cfc1458 Mon Sep 17 00:00:00 2001 | 1 | From d7698edca3667ffacae051582028eb3971928edc Mon Sep 17 00:00:00 2001 |
2 | From: Colin Watson <cjwatson@debian.org> | 2 | From: Colin Watson <cjwatson@debian.org> |
3 | Date: Sun, 9 Feb 2014 16:10:13 +0000 | 3 | Date: Sun, 9 Feb 2014 16:10:13 +0000 |
4 | Subject: Document consequences of ssh-agent being setgid in ssh-agent(1) | 4 | Subject: Document consequences of ssh-agent being setgid in ssh-agent(1) |
@@ -13,10 +13,10 @@ Patch-Name: ssh-agent-setgid.patch | |||
13 | 1 file changed, 15 insertions(+) | 13 | 1 file changed, 15 insertions(+) |
14 | 14 | ||
15 | diff --git a/ssh-agent.1 b/ssh-agent.1 | 15 | diff --git a/ssh-agent.1 b/ssh-agent.1 |
16 | index d0aa712..2a940d9 100644 | 16 | index c4b50bb..2fe2201 100644 |
17 | --- a/ssh-agent.1 | 17 | --- a/ssh-agent.1 |
18 | +++ b/ssh-agent.1 | 18 | +++ b/ssh-agent.1 |
19 | @@ -186,6 +186,21 @@ environment variable holds the agent's process ID. | 19 | @@ -193,6 +193,21 @@ environment variable holds the agent's process ID. |
20 | .Pp | 20 | .Pp |
21 | The agent exits automatically when the command given on the command | 21 | The agent exits automatically when the command given on the command |
22 | line terminates. | 22 | line terminates. |
diff --git a/debian/patches/ssh-argv0.patch b/debian/patches/ssh-argv0.patch index d3097fe10..f830f2cf2 100644 --- a/debian/patches/ssh-argv0.patch +++ b/debian/patches/ssh-argv0.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | From 078b7a5e7b89d20ce867e2c9839096be673b6ae0 Mon Sep 17 00:00:00 2001 | 1 | From 30dfe2ed8df15c27b53c883c1b718b13416299d5 Mon Sep 17 00:00:00 2001 |
2 | From: Colin Watson <cjwatson@debian.org> | 2 | From: Colin Watson <cjwatson@debian.org> |
3 | Date: Sun, 9 Feb 2014 16:10:10 +0000 | 3 | Date: Sun, 9 Feb 2014 16:10:10 +0000 |
4 | Subject: ssh(1): Refer to ssh-argv0(1) | 4 | Subject: ssh(1): Refer to ssh-argv0(1) |
@@ -18,10 +18,10 @@ Patch-Name: ssh-argv0.patch | |||
18 | 1 file changed, 1 insertion(+) | 18 | 1 file changed, 1 insertion(+) |
19 | 19 | ||
20 | diff --git a/ssh.1 b/ssh.1 | 20 | diff --git a/ssh.1 b/ssh.1 |
21 | index 4fba77f..05b7f10 100644 | 21 | index 41e0aab..74d9655 100644 |
22 | --- a/ssh.1 | 22 | --- a/ssh.1 |
23 | +++ b/ssh.1 | 23 | +++ b/ssh.1 |
24 | @@ -1574,6 +1574,7 @@ if an error occurred. | 24 | @@ -1561,6 +1561,7 @@ if an error occurred. |
25 | .Xr sftp 1 , | 25 | .Xr sftp 1 , |
26 | .Xr ssh-add 1 , | 26 | .Xr ssh-add 1 , |
27 | .Xr ssh-agent 1 , | 27 | .Xr ssh-agent 1 , |
diff --git a/debian/patches/ssh-vulnkey-compat.patch b/debian/patches/ssh-vulnkey-compat.patch index be725e357..f2bb35326 100644 --- a/debian/patches/ssh-vulnkey-compat.patch +++ b/debian/patches/ssh-vulnkey-compat.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | From 7f0a4ecb6694298414e6d84c0aa49c35b19cad1b Mon Sep 17 00:00:00 2001 | 1 | From 68e8163d9209f731c582fe5350002c51c9551983 Mon Sep 17 00:00:00 2001 |
2 | From: Colin Watson <cjwatson@ubuntu.com> | 2 | From: Colin Watson <cjwatson@ubuntu.com> |
3 | Date: Sun, 9 Feb 2014 16:09:50 +0000 | 3 | Date: Sun, 9 Feb 2014 16:09:50 +0000 |
4 | Subject: Accept obsolete ssh-vulnkey configuration options | 4 | Subject: Accept obsolete ssh-vulnkey configuration options |
@@ -17,10 +17,10 @@ Patch-Name: ssh-vulnkey-compat.patch | |||
17 | 2 files changed, 2 insertions(+) | 17 | 2 files changed, 2 insertions(+) |
18 | 18 | ||
19 | diff --git a/readconf.c b/readconf.c | 19 | diff --git a/readconf.c b/readconf.c |
20 | index 56e0f44..831072f 100644 | 20 | index d2a3d4b..559e4c7 100644 |
21 | --- a/readconf.c | 21 | --- a/readconf.c |
22 | +++ b/readconf.c | 22 | +++ b/readconf.c |
23 | @@ -181,6 +181,7 @@ static struct { | 23 | @@ -182,6 +182,7 @@ static struct { |
24 | { "passwordauthentication", oPasswordAuthentication }, | 24 | { "passwordauthentication", oPasswordAuthentication }, |
25 | { "kbdinteractiveauthentication", oKbdInteractiveAuthentication }, | 25 | { "kbdinteractiveauthentication", oKbdInteractiveAuthentication }, |
26 | { "kbdinteractivedevices", oKbdInteractiveDevices }, | 26 | { "kbdinteractivedevices", oKbdInteractiveDevices }, |
@@ -29,10 +29,10 @@ index 56e0f44..831072f 100644 | |||
29 | { "pubkeyauthentication", oPubkeyAuthentication }, | 29 | { "pubkeyauthentication", oPubkeyAuthentication }, |
30 | { "dsaauthentication", oPubkeyAuthentication }, /* alias */ | 30 | { "dsaauthentication", oPubkeyAuthentication }, /* alias */ |
31 | diff --git a/servconf.c b/servconf.c | 31 | diff --git a/servconf.c b/servconf.c |
32 | index cfe7029..ed3a88d 100644 | 32 | index b8af6dd..fad7c92 100644 |
33 | --- a/servconf.c | 33 | --- a/servconf.c |
34 | +++ b/servconf.c | 34 | +++ b/servconf.c |
35 | @@ -522,6 +522,7 @@ static struct { | 35 | @@ -533,6 +533,7 @@ static struct { |
36 | { "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL }, | 36 | { "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL }, |
37 | { "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL }, | 37 | { "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL }, |
38 | { "strictmodes", sStrictModes, SSHCFG_GLOBAL }, | 38 | { "strictmodes", sStrictModes, SSHCFG_GLOBAL }, |
diff --git a/debian/patches/syslog-level-silent.patch b/debian/patches/syslog-level-silent.patch index 255395666..5ac2fc593 100644 --- a/debian/patches/syslog-level-silent.patch +++ b/debian/patches/syslog-level-silent.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | From 25ead9080a3f98eafc64a9a9c4b6650d922a19fa Mon Sep 17 00:00:00 2001 | 1 | From c87856cd1b99bc4188b145b0689af5e1d1babe24 Mon Sep 17 00:00:00 2001 |
2 | From: Jonathan David Amery <jdamery@ysolde.ucam.org> | 2 | From: Jonathan David Amery <jdamery@ysolde.ucam.org> |
3 | Date: Sun, 9 Feb 2014 16:09:54 +0000 | 3 | Date: Sun, 9 Feb 2014 16:09:54 +0000 |
4 | Subject: "LogLevel SILENT" compatibility | 4 | Subject: "LogLevel SILENT" compatibility |
@@ -33,10 +33,10 @@ index ad12930..e68b84a 100644 | |||
33 | { "FATAL", SYSLOG_LEVEL_FATAL }, | 33 | { "FATAL", SYSLOG_LEVEL_FATAL }, |
34 | { "ERROR", SYSLOG_LEVEL_ERROR }, | 34 | { "ERROR", SYSLOG_LEVEL_ERROR }, |
35 | diff --git a/ssh.c b/ssh.c | 35 | diff --git a/ssh.c b/ssh.c |
36 | index 67c1ebf..eb73903 100644 | 36 | index f9ff91f..314dd52 100644 |
37 | --- a/ssh.c | 37 | --- a/ssh.c |
38 | +++ b/ssh.c | 38 | +++ b/ssh.c |
39 | @@ -1106,7 +1106,7 @@ main(int ac, char **av) | 39 | @@ -1119,7 +1119,7 @@ main(int ac, char **av) |
40 | /* Do not allocate a tty if stdin is not a tty. */ | 40 | /* Do not allocate a tty if stdin is not a tty. */ |
41 | if ((!isatty(fileno(stdin)) || stdin_null_flag) && | 41 | if ((!isatty(fileno(stdin)) || stdin_null_flag) && |
42 | options.request_tty != REQUEST_TTY_FORCE) { | 42 | options.request_tty != REQUEST_TTY_FORCE) { |
diff --git a/debian/patches/systemd-readiness.patch b/debian/patches/systemd-readiness.patch index 62ca0f284..3c2c67cda 100644 --- a/debian/patches/systemd-readiness.patch +++ b/debian/patches/systemd-readiness.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | From 9d88bc29443745ebf30004136ac18ced47292833 Mon Sep 17 00:00:00 2001 | 1 | From a7c8a6babe3b4c47fd00bdbefc22fc10d97b9a26 Mon Sep 17 00:00:00 2001 |
2 | From: Michael Biebl <biebl@debian.org> | 2 | From: Michael Biebl <biebl@debian.org> |
3 | Date: Mon, 21 Dec 2015 16:08:47 +0000 | 3 | Date: Mon, 21 Dec 2015 16:08:47 +0000 |
4 | Subject: Add systemd readiness notification support | 4 | Subject: Add systemd readiness notification support |
@@ -14,10 +14,10 @@ Patch-Name: systemd-readiness.patch | |||
14 | 2 files changed, 33 insertions(+) | 14 | 2 files changed, 33 insertions(+) |
15 | 15 | ||
16 | diff --git a/configure.ac b/configure.ac | 16 | diff --git a/configure.ac b/configure.ac |
17 | index 128889a..eec2b72 100644 | 17 | index 5d720f7..c978c11 100644 |
18 | --- a/configure.ac | 18 | --- a/configure.ac |
19 | +++ b/configure.ac | 19 | +++ b/configure.ac |
20 | @@ -4213,6 +4213,29 @@ AC_ARG_WITH([kerberos5], | 20 | @@ -4263,6 +4263,29 @@ AC_ARG_WITH([kerberos5], |
21 | AC_SUBST([GSSLIBS]) | 21 | AC_SUBST([GSSLIBS]) |
22 | AC_SUBST([K5LIBS]) | 22 | AC_SUBST([K5LIBS]) |
23 | 23 | ||
@@ -47,16 +47,16 @@ index 128889a..eec2b72 100644 | |||
47 | # Looking for programs, paths and files | 47 | # Looking for programs, paths and files |
48 | 48 | ||
49 | PRIVSEP_PATH=/var/empty | 49 | PRIVSEP_PATH=/var/empty |
50 | @@ -5014,6 +5037,7 @@ echo " MD5 password support: $MD5_MSG" | 50 | @@ -5065,6 +5088,7 @@ echo " libedit support: $LIBEDIT_MSG" |
51 | echo " libedit support: $LIBEDIT_MSG" | ||
52 | echo " Solaris process contract support: $SPC_MSG" | 51 | echo " Solaris process contract support: $SPC_MSG" |
53 | echo " Solaris project support: $SP_MSG" | 52 | echo " Solaris project support: $SP_MSG" |
53 | echo " Solaris privilege support: $SPP_MSG" | ||
54 | +echo " systemd support: $SYSTEMD_MSG" | 54 | +echo " systemd support: $SYSTEMD_MSG" |
55 | echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" | 55 | echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" |
56 | echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" | 56 | echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" |
57 | echo " BSD Auth support: $BSD_AUTH_MSG" | 57 | echo " BSD Auth support: $BSD_AUTH_MSG" |
58 | diff --git a/sshd.c b/sshd.c | 58 | diff --git a/sshd.c b/sshd.c |
59 | index 5ccf175..366ae92 100644 | 59 | index c2d42f5..8802d18 100644 |
60 | --- a/sshd.c | 60 | --- a/sshd.c |
61 | +++ b/sshd.c | 61 | +++ b/sshd.c |
62 | @@ -85,6 +85,10 @@ | 62 | @@ -85,6 +85,10 @@ |
diff --git a/debian/patches/user-group-modes.patch b/debian/patches/user-group-modes.patch index c2dbdcd7a..456944f6b 100644 --- a/debian/patches/user-group-modes.patch +++ b/debian/patches/user-group-modes.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | From a1010980d6906a140307825466934a21c3d4d228 Mon Sep 17 00:00:00 2001 | 1 | From 6f05f80017871238b4e50fc4e09d57d722416743 Mon Sep 17 00:00:00 2001 |
2 | From: Colin Watson <cjwatson@debian.org> | 2 | From: Colin Watson <cjwatson@debian.org> |
3 | Date: Sun, 9 Feb 2014 16:09:58 +0000 | 3 | Date: Sun, 9 Feb 2014 16:09:58 +0000 |
4 | Subject: Allow harmless group-writability | 4 | Subject: Allow harmless group-writability |
@@ -86,10 +86,10 @@ index bd6a026..782b7f8 100644 | |||
86 | "bad ownership or modes for directory %s", buf); | 86 | "bad ownership or modes for directory %s", buf); |
87 | return -1; | 87 | return -1; |
88 | diff --git a/misc.c b/misc.c | 88 | diff --git a/misc.c b/misc.c |
89 | index ddd2b2d..1c063ea 100644 | 89 | index de7e1fa..5704fa6 100644 |
90 | --- a/misc.c | 90 | --- a/misc.c |
91 | +++ b/misc.c | 91 | +++ b/misc.c |
92 | @@ -50,8 +50,9 @@ | 92 | @@ -51,8 +51,9 @@ |
93 | #include <netdb.h> | 93 | #include <netdb.h> |
94 | #ifdef HAVE_PATHS_H | 94 | #ifdef HAVE_PATHS_H |
95 | # include <paths.h> | 95 | # include <paths.h> |
@@ -100,7 +100,7 @@ index ddd2b2d..1c063ea 100644 | |||
100 | #ifdef SSH_TUN_OPENBSD | 100 | #ifdef SSH_TUN_OPENBSD |
101 | #include <net/if.h> | 101 | #include <net/if.h> |
102 | #endif | 102 | #endif |
103 | @@ -60,6 +61,7 @@ | 103 | @@ -61,6 +62,7 @@ |
104 | #include "misc.h" | 104 | #include "misc.h" |
105 | #include "log.h" | 105 | #include "log.h" |
106 | #include "ssh.h" | 106 | #include "ssh.h" |
@@ -108,7 +108,7 @@ index ddd2b2d..1c063ea 100644 | |||
108 | 108 | ||
109 | /* remove newline at end of string */ | 109 | /* remove newline at end of string */ |
110 | char * | 110 | char * |
111 | @@ -644,6 +646,71 @@ read_keyfile_line(FILE *f, const char *filename, char *buf, size_t bufsz, | 111 | @@ -647,6 +649,71 @@ read_keyfile_line(FILE *f, const char *filename, char *buf, size_t bufsz, |
112 | return -1; | 112 | return -1; |
113 | } | 113 | } |
114 | 114 | ||
@@ -216,7 +216,7 @@ index f35ec39..9a23e6e 100644 | |||
216 | - return 0; | 216 | - return 0; |
217 | -} | 217 | -} |
218 | diff --git a/readconf.c b/readconf.c | 218 | diff --git a/readconf.c b/readconf.c |
219 | index 83582e3..b9442fd 100644 | 219 | index fde6b41..cc1a633 100644 |
220 | --- a/readconf.c | 220 | --- a/readconf.c |
221 | +++ b/readconf.c | 221 | +++ b/readconf.c |
222 | @@ -39,6 +39,8 @@ | 222 | @@ -39,6 +39,8 @@ |
@@ -228,7 +228,7 @@ index 83582e3..b9442fd 100644 | |||
228 | #ifdef HAVE_UTIL_H | 228 | #ifdef HAVE_UTIL_H |
229 | #include <util.h> | 229 | #include <util.h> |
230 | #endif | 230 | #endif |
231 | @@ -1579,8 +1581,7 @@ read_config_file(const char *filename, struct passwd *pw, const char *host, | 231 | @@ -1626,8 +1628,7 @@ read_config_file(const char *filename, struct passwd *pw, const char *host, |
232 | 232 | ||
233 | if (fstat(fileno(f), &sb) == -1) | 233 | if (fstat(fileno(f), &sb) == -1) |
234 | fatal("fstat %s: %s", filename, strerror(errno)); | 234 | fatal("fstat %s: %s", filename, strerror(errno)); |
@@ -239,10 +239,10 @@ index 83582e3..b9442fd 100644 | |||
239 | } | 239 | } |
240 | 240 | ||
241 | diff --git a/ssh.1 b/ssh.1 | 241 | diff --git a/ssh.1 b/ssh.1 |
242 | index 2ea0a20..ff80022 100644 | 242 | index cc53343..feb0e89 100644 |
243 | --- a/ssh.1 | 243 | --- a/ssh.1 |
244 | +++ b/ssh.1 | 244 | +++ b/ssh.1 |
245 | @@ -1458,6 +1458,8 @@ The file format and configuration options are described in | 245 | @@ -1459,6 +1459,8 @@ The file format and configuration options are described in |
246 | .Xr ssh_config 5 . | 246 | .Xr ssh_config 5 . |
247 | Because of the potential for abuse, this file must have strict permissions: | 247 | Because of the potential for abuse, this file must have strict permissions: |
248 | read/write for the user, and not writable by others. | 248 | read/write for the user, and not writable by others. |
@@ -252,10 +252,10 @@ index 2ea0a20..ff80022 100644 | |||
252 | .It Pa ~/.ssh/environment | 252 | .It Pa ~/.ssh/environment |
253 | Contains additional definitions for environment variables; see | 253 | Contains additional definitions for environment variables; see |
254 | diff --git a/ssh_config.5 b/ssh_config.5 | 254 | diff --git a/ssh_config.5 b/ssh_config.5 |
255 | index 78e918a..1e9c058 100644 | 255 | index bbf638b..ab8f271 100644 |
256 | --- a/ssh_config.5 | 256 | --- a/ssh_config.5 |
257 | +++ b/ssh_config.5 | 257 | +++ b/ssh_config.5 |
258 | @@ -1757,6 +1757,8 @@ The format of this file is described above. | 258 | @@ -1830,6 +1830,8 @@ The format of this file is described above. |
259 | This file is used by the SSH client. | 259 | This file is used by the SSH client. |
260 | Because of the potential for abuse, this file must have strict permissions: | 260 | Because of the potential for abuse, this file must have strict permissions: |
261 | read/write for the user, and not accessible by others. | 261 | read/write for the user, and not accessible by others. |
@@ -850,4 +850,11 @@ struct winsize { | |||
850 | # endif /* gcc version */ | 850 | # endif /* gcc version */ |
851 | #endif /* __predict_true */ | 851 | #endif /* __predict_true */ |
852 | 852 | ||
853 | #if defined(HAVE_GLOB_H) && defined(GLOB_HAS_ALTDIRFUNC) && \ | ||
854 | defined(GLOB_HAS_GL_MATCHC) && defined(GLOB_HAS_GL_STATV) && \ | ||
855 | defined(HAVE_DECL_GLOB_NOMATCH) && HAVE_DECL_GLOB_NOMATCH != 0 && \ | ||
856 | !defined(BROKEN_GLOB) | ||
857 | # define USE_SYSTEM_GLOB | ||
858 | #endif | ||
859 | |||
853 | #endif /* _DEFINES_H */ | 860 | #endif /* _DEFINES_H */ |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: dh.h,v 1.13 2015/05/27 23:39:18 dtucker Exp $ */ | 1 | /* $OpenBSD: dh.h,v 1.14 2015/10/16 22:32:22 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2000 Niels Provos. All rights reserved. | 4 | * Copyright (c) 2000 Niels Provos. All rights reserved. |
@@ -44,8 +44,11 @@ int dh_pub_is_valid(DH *, BIGNUM *); | |||
44 | 44 | ||
45 | u_int dh_estimate(int); | 45 | u_int dh_estimate(int); |
46 | 46 | ||
47 | /* Min and max values from RFC4419. */ | 47 | /* |
48 | #define DH_GRP_MIN 1024 | 48 | * Max value from RFC4419. |
49 | * Miniumum increased in light of DH precomputation attacks. | ||
50 | */ | ||
51 | #define DH_GRP_MIN 2048 | ||
49 | #define DH_GRP_MAX 8192 | 52 | #define DH_GRP_MAX 8192 |
50 | 53 | ||
51 | /* | 54 | /* |
diff --git a/includes.h b/includes.h index 2893a54cd..497a038b2 100644 --- a/includes.h +++ b/includes.h | |||
@@ -32,12 +32,6 @@ | |||
32 | #ifdef HAVE_BSTRING_H | 32 | #ifdef HAVE_BSTRING_H |
33 | # include <bstring.h> | 33 | # include <bstring.h> |
34 | #endif | 34 | #endif |
35 | #if defined(HAVE_GLOB_H) && defined(GLOB_HAS_ALTDIRFUNC) && \ | ||
36 | defined(GLOB_HAS_GL_MATCHC) && defined(GLOB_HAS_GL_STATV) && \ | ||
37 | defined(HAVE_DECL_GLOB_NOMATCH) && HAVE_DECL_GLOB_NOMATCH != 0 && \ | ||
38 | !defined(BROKEN_GLOB) | ||
39 | # include <glob.h> | ||
40 | #endif | ||
41 | #ifdef HAVE_ENDIAN_H | 35 | #ifdef HAVE_ENDIAN_H |
42 | # include <endian.h> | 36 | # include <endian.h> |
43 | #endif | 37 | #endif |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: kex.c,v 1.109 2015/07/30 00:01:34 djm Exp $ */ | 1 | /* $OpenBSD: kex.c,v 1.117 2016/02/08 10:57:07 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -49,7 +49,6 @@ | |||
49 | #include "misc.h" | 49 | #include "misc.h" |
50 | #include "dispatch.h" | 50 | #include "dispatch.h" |
51 | #include "monitor.h" | 51 | #include "monitor.h" |
52 | #include "roaming.h" | ||
53 | 52 | ||
54 | #include "ssherr.h" | 53 | #include "ssherr.h" |
55 | #include "sshbuf.h" | 54 | #include "sshbuf.h" |
@@ -71,6 +70,19 @@ extern const EVP_MD *evp_ssh_sha256(void); | |||
71 | static int kex_choose_conf(struct ssh *); | 70 | static int kex_choose_conf(struct ssh *); |
72 | static int kex_input_newkeys(int, u_int32_t, void *); | 71 | static int kex_input_newkeys(int, u_int32_t, void *); |
73 | 72 | ||
73 | static const char *proposal_names[PROPOSAL_MAX] = { | ||
74 | "KEX algorithms", | ||
75 | "host key algorithms", | ||
76 | "ciphers ctos", | ||
77 | "ciphers stoc", | ||
78 | "MACs ctos", | ||
79 | "MACs stoc", | ||
80 | "compression ctos", | ||
81 | "compression stoc", | ||
82 | "languages ctos", | ||
83 | "languages stoc", | ||
84 | }; | ||
85 | |||
74 | struct kexalg { | 86 | struct kexalg { |
75 | char *name; | 87 | char *name; |
76 | u_int type; | 88 | u_int type; |
@@ -283,7 +295,7 @@ kex_buf2prop(struct sshbuf *raw, int *first_kex_follows, char ***propp) | |||
283 | for (i = 0; i < PROPOSAL_MAX; i++) { | 295 | for (i = 0; i < PROPOSAL_MAX; i++) { |
284 | if ((r = sshbuf_get_cstring(b, &(proposal[i]), NULL)) != 0) | 296 | if ((r = sshbuf_get_cstring(b, &(proposal[i]), NULL)) != 0) |
285 | goto out; | 297 | goto out; |
286 | debug2("kex_parse_kexinit: %s", proposal[i]); | 298 | debug2("%s: %s", proposal_names[i], proposal[i]); |
287 | } | 299 | } |
288 | /* first kex follows / reserved */ | 300 | /* first kex follows / reserved */ |
289 | if ((r = sshbuf_get_u8(b, &v)) != 0 || /* first_kex_follows */ | 301 | if ((r = sshbuf_get_u8(b, &v)) != 0 || /* first_kex_follows */ |
@@ -318,7 +330,14 @@ kex_prop_free(char **proposal) | |||
318 | static int | 330 | static int |
319 | kex_protocol_error(int type, u_int32_t seq, void *ctxt) | 331 | kex_protocol_error(int type, u_int32_t seq, void *ctxt) |
320 | { | 332 | { |
321 | error("Hm, kex protocol error: type %d seq %u", type, seq); | 333 | struct ssh *ssh = active_state; /* XXX */ |
334 | int r; | ||
335 | |||
336 | error("kex protocol error: type %d seq %u", type, seq); | ||
337 | if ((r = sshpkt_start(ssh, SSH2_MSG_UNIMPLEMENTED)) != 0 || | ||
338 | (r = sshpkt_put_u32(ssh, seq)) != 0 || | ||
339 | (r = sshpkt_send(ssh)) != 0) | ||
340 | return r; | ||
322 | return 0; | 341 | return 0; |
323 | } | 342 | } |
324 | 343 | ||
@@ -330,6 +349,20 @@ kex_reset_dispatch(struct ssh *ssh) | |||
330 | ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, &kex_input_kexinit); | 349 | ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, &kex_input_kexinit); |
331 | } | 350 | } |
332 | 351 | ||
352 | static int | ||
353 | kex_send_ext_info(struct ssh *ssh) | ||
354 | { | ||
355 | int r; | ||
356 | |||
357 | if ((r = sshpkt_start(ssh, SSH2_MSG_EXT_INFO)) != 0 || | ||
358 | (r = sshpkt_put_u32(ssh, 1)) != 0 || | ||
359 | (r = sshpkt_put_cstring(ssh, "server-sig-algs")) != 0 || | ||
360 | (r = sshpkt_put_cstring(ssh, "rsa-sha2-256,rsa-sha2-512")) != 0 || | ||
361 | (r = sshpkt_send(ssh)) != 0) | ||
362 | return r; | ||
363 | return 0; | ||
364 | } | ||
365 | |||
333 | int | 366 | int |
334 | kex_send_newkeys(struct ssh *ssh) | 367 | kex_send_newkeys(struct ssh *ssh) |
335 | { | 368 | { |
@@ -342,9 +375,51 @@ kex_send_newkeys(struct ssh *ssh) | |||
342 | debug("SSH2_MSG_NEWKEYS sent"); | 375 | debug("SSH2_MSG_NEWKEYS sent"); |
343 | debug("expecting SSH2_MSG_NEWKEYS"); | 376 | debug("expecting SSH2_MSG_NEWKEYS"); |
344 | ssh_dispatch_set(ssh, SSH2_MSG_NEWKEYS, &kex_input_newkeys); | 377 | ssh_dispatch_set(ssh, SSH2_MSG_NEWKEYS, &kex_input_newkeys); |
378 | if (ssh->kex->ext_info_c) | ||
379 | if ((r = kex_send_ext_info(ssh)) != 0) | ||
380 | return r; | ||
345 | return 0; | 381 | return 0; |
346 | } | 382 | } |
347 | 383 | ||
384 | int | ||
385 | kex_input_ext_info(int type, u_int32_t seq, void *ctxt) | ||
386 | { | ||
387 | struct ssh *ssh = ctxt; | ||
388 | struct kex *kex = ssh->kex; | ||
389 | u_int32_t i, ninfo; | ||
390 | char *name, *val, *found; | ||
391 | int r; | ||
392 | |||
393 | debug("SSH2_MSG_EXT_INFO received"); | ||
394 | ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, &kex_protocol_error); | ||
395 | if ((r = sshpkt_get_u32(ssh, &ninfo)) != 0) | ||
396 | return r; | ||
397 | for (i = 0; i < ninfo; i++) { | ||
398 | if ((r = sshpkt_get_cstring(ssh, &name, NULL)) != 0) | ||
399 | return r; | ||
400 | if ((r = sshpkt_get_cstring(ssh, &val, NULL)) != 0) { | ||
401 | free(name); | ||
402 | return r; | ||
403 | } | ||
404 | debug("%s: %s=<%s>", __func__, name, val); | ||
405 | if (strcmp(name, "server-sig-algs") == 0) { | ||
406 | found = match_list("rsa-sha2-256", val, NULL); | ||
407 | if (found) { | ||
408 | kex->rsa_sha2 = 256; | ||
409 | free(found); | ||
410 | } | ||
411 | found = match_list("rsa-sha2-512", val, NULL); | ||
412 | if (found) { | ||
413 | kex->rsa_sha2 = 512; | ||
414 | free(found); | ||
415 | } | ||
416 | } | ||
417 | free(name); | ||
418 | free(val); | ||
419 | } | ||
420 | return sshpkt_get_end(ssh); | ||
421 | } | ||
422 | |||
348 | static int | 423 | static int |
349 | kex_input_newkeys(int type, u_int32_t seq, void *ctxt) | 424 | kex_input_newkeys(int type, u_int32_t seq, void *ctxt) |
350 | { | 425 | { |
@@ -484,7 +559,7 @@ kex_free_newkeys(struct newkeys *newkeys) | |||
484 | newkeys->enc.key = NULL; | 559 | newkeys->enc.key = NULL; |
485 | } | 560 | } |
486 | if (newkeys->enc.iv) { | 561 | if (newkeys->enc.iv) { |
487 | explicit_bzero(newkeys->enc.iv, newkeys->enc.block_size); | 562 | explicit_bzero(newkeys->enc.iv, newkeys->enc.iv_len); |
488 | free(newkeys->enc.iv); | 563 | free(newkeys->enc.iv); |
489 | newkeys->enc.iv = NULL; | 564 | newkeys->enc.iv = NULL; |
490 | } | 565 | } |
@@ -527,6 +602,8 @@ kex_free(struct kex *kex) | |||
527 | free(kex->client_version_string); | 602 | free(kex->client_version_string); |
528 | free(kex->server_version_string); | 603 | free(kex->server_version_string); |
529 | free(kex->failed_choice); | 604 | free(kex->failed_choice); |
605 | free(kex->hostkey_alg); | ||
606 | free(kex->name); | ||
530 | free(kex); | 607 | free(kex); |
531 | } | 608 | } |
532 | 609 | ||
@@ -545,6 +622,25 @@ kex_setup(struct ssh *ssh, char *proposal[PROPOSAL_MAX]) | |||
545 | return 0; | 622 | return 0; |
546 | } | 623 | } |
547 | 624 | ||
625 | /* | ||
626 | * Request key re-exchange, returns 0 on success or a ssherr.h error | ||
627 | * code otherwise. Must not be called if KEX is incomplete or in-progress. | ||
628 | */ | ||
629 | int | ||
630 | kex_start_rekex(struct ssh *ssh) | ||
631 | { | ||
632 | if (ssh->kex == NULL) { | ||
633 | error("%s: no kex", __func__); | ||
634 | return SSH_ERR_INTERNAL_ERROR; | ||
635 | } | ||
636 | if (ssh->kex->done == 0) { | ||
637 | error("%s: requested twice", __func__); | ||
638 | return SSH_ERR_INTERNAL_ERROR; | ||
639 | } | ||
640 | ssh->kex->done = 0; | ||
641 | return kex_send_kexinit(ssh); | ||
642 | } | ||
643 | |||
548 | static int | 644 | static int |
549 | choose_enc(struct sshenc *enc, char *client, char *server) | 645 | choose_enc(struct sshenc *enc, char *client, char *server) |
550 | { | 646 | { |
@@ -609,6 +705,7 @@ choose_kex(struct kex *k, char *client, char *server) | |||
609 | 705 | ||
610 | k->name = match_list(client, server, NULL); | 706 | k->name = match_list(client, server, NULL); |
611 | 707 | ||
708 | debug("kex: algorithm: %s", k->name ? k->name : "(no match)"); | ||
612 | if (k->name == NULL) | 709 | if (k->name == NULL) |
613 | return SSH_ERR_NO_KEX_ALG_MATCH; | 710 | return SSH_ERR_NO_KEX_ALG_MATCH; |
614 | if ((kexalg = kex_alg_by_name(k->name)) == NULL) | 711 | if ((kexalg = kex_alg_by_name(k->name)) == NULL) |
@@ -622,15 +719,16 @@ choose_kex(struct kex *k, char *client, char *server) | |||
622 | static int | 719 | static int |
623 | choose_hostkeyalg(struct kex *k, char *client, char *server) | 720 | choose_hostkeyalg(struct kex *k, char *client, char *server) |
624 | { | 721 | { |
625 | char *hostkeyalg = match_list(client, server, NULL); | 722 | k->hostkey_alg = match_list(client, server, NULL); |
626 | 723 | ||
627 | if (hostkeyalg == NULL) | 724 | debug("kex: host key algorithm: %s", |
725 | k->hostkey_alg ? k->hostkey_alg : "(no match)"); | ||
726 | if (k->hostkey_alg == NULL) | ||
628 | return SSH_ERR_NO_HOSTKEY_ALG_MATCH; | 727 | return SSH_ERR_NO_HOSTKEY_ALG_MATCH; |
629 | k->hostkey_type = sshkey_type_from_name(hostkeyalg); | 728 | k->hostkey_type = sshkey_type_from_name(k->hostkey_alg); |
630 | if (k->hostkey_type == KEY_UNSPEC) | 729 | if (k->hostkey_type == KEY_UNSPEC) |
631 | return SSH_ERR_INTERNAL_ERROR; | 730 | return SSH_ERR_INTERNAL_ERROR; |
632 | k->hostkey_nid = sshkey_ecdsa_nid_from_name(hostkeyalg); | 731 | k->hostkey_nid = sshkey_ecdsa_nid_from_name(k->hostkey_alg); |
633 | free(hostkeyalg); | ||
634 | return 0; | 732 | return 0; |
635 | } | 733 | } |
636 | 734 | ||
@@ -669,8 +767,11 @@ kex_choose_conf(struct ssh *ssh) | |||
669 | u_int mode, ctos, need, dh_need, authlen; | 767 | u_int mode, ctos, need, dh_need, authlen; |
670 | int r, first_kex_follows; | 768 | int r, first_kex_follows; |
671 | 769 | ||
672 | if ((r = kex_buf2prop(kex->my, NULL, &my)) != 0 || | 770 | debug2("local %s KEXINIT proposal", kex->server ? "server" : "client"); |
673 | (r = kex_buf2prop(kex->peer, &first_kex_follows, &peer)) != 0) | 771 | if ((r = kex_buf2prop(kex->my, NULL, &my)) != 0) |
772 | goto out; | ||
773 | debug2("peer %s KEXINIT proposal", kex->server ? "client" : "server"); | ||
774 | if ((r = kex_buf2prop(kex->peer, &first_kex_follows, &peer)) != 0) | ||
674 | goto out; | 775 | goto out; |
675 | 776 | ||
676 | if (kex->server) { | 777 | if (kex->server) { |
@@ -681,18 +782,30 @@ kex_choose_conf(struct ssh *ssh) | |||
681 | sprop=peer; | 782 | sprop=peer; |
682 | } | 783 | } |
683 | 784 | ||
684 | /* Check whether server offers roaming */ | 785 | /* Check whether client supports ext_info_c */ |
685 | if (!kex->server) { | 786 | if (kex->server) { |
686 | char *roaming = match_list(KEX_RESUME, | 787 | char *ext; |
687 | peer[PROPOSAL_KEX_ALGS], NULL); | ||
688 | 788 | ||
689 | if (roaming) { | 789 | ext = match_list("ext-info-c", peer[PROPOSAL_KEX_ALGS], NULL); |
690 | kex->roaming = 1; | 790 | if (ext) { |
691 | free(roaming); | 791 | kex->ext_info_c = 1; |
792 | free(ext); | ||
692 | } | 793 | } |
693 | } | 794 | } |
694 | 795 | ||
695 | /* Algorithm Negotiation */ | 796 | /* Algorithm Negotiation */ |
797 | if ((r = choose_kex(kex, cprop[PROPOSAL_KEX_ALGS], | ||
798 | sprop[PROPOSAL_KEX_ALGS])) != 0) { | ||
799 | kex->failed_choice = peer[PROPOSAL_KEX_ALGS]; | ||
800 | peer[PROPOSAL_KEX_ALGS] = NULL; | ||
801 | goto out; | ||
802 | } | ||
803 | if ((r = choose_hostkeyalg(kex, cprop[PROPOSAL_SERVER_HOST_KEY_ALGS], | ||
804 | sprop[PROPOSAL_SERVER_HOST_KEY_ALGS])) != 0) { | ||
805 | kex->failed_choice = peer[PROPOSAL_SERVER_HOST_KEY_ALGS]; | ||
806 | peer[PROPOSAL_SERVER_HOST_KEY_ALGS] = NULL; | ||
807 | goto out; | ||
808 | } | ||
696 | for (mode = 0; mode < MODE_MAX; mode++) { | 809 | for (mode = 0; mode < MODE_MAX; mode++) { |
697 | if ((newkeys = calloc(1, sizeof(*newkeys))) == NULL) { | 810 | if ((newkeys = calloc(1, sizeof(*newkeys))) == NULL) { |
698 | r = SSH_ERR_ALLOC_FAIL; | 811 | r = SSH_ERR_ALLOC_FAIL; |
@@ -725,24 +838,12 @@ kex_choose_conf(struct ssh *ssh) | |||
725 | peer[ncomp] = NULL; | 838 | peer[ncomp] = NULL; |
726 | goto out; | 839 | goto out; |
727 | } | 840 | } |
728 | debug("kex: %s %s %s %s", | 841 | debug("kex: %s cipher: %s MAC: %s compression: %s", |
729 | ctos ? "client->server" : "server->client", | 842 | ctos ? "client->server" : "server->client", |
730 | newkeys->enc.name, | 843 | newkeys->enc.name, |
731 | authlen == 0 ? newkeys->mac.name : "<implicit>", | 844 | authlen == 0 ? newkeys->mac.name : "<implicit>", |
732 | newkeys->comp.name); | 845 | newkeys->comp.name); |
733 | } | 846 | } |
734 | if ((r = choose_kex(kex, cprop[PROPOSAL_KEX_ALGS], | ||
735 | sprop[PROPOSAL_KEX_ALGS])) != 0) { | ||
736 | kex->failed_choice = peer[PROPOSAL_KEX_ALGS]; | ||
737 | peer[PROPOSAL_KEX_ALGS] = NULL; | ||
738 | goto out; | ||
739 | } | ||
740 | if ((r = choose_hostkeyalg(kex, cprop[PROPOSAL_SERVER_HOST_KEY_ALGS], | ||
741 | sprop[PROPOSAL_SERVER_HOST_KEY_ALGS])) != 0) { | ||
742 | kex->failed_choice = peer[PROPOSAL_SERVER_HOST_KEY_ALGS]; | ||
743 | peer[PROPOSAL_SERVER_HOST_KEY_ALGS] = NULL; | ||
744 | goto out; | ||
745 | } | ||
746 | need = dh_need = 0; | 847 | need = dh_need = 0; |
747 | for (mode = 0; mode < MODE_MAX; mode++) { | 848 | for (mode = 0; mode < MODE_MAX; mode++) { |
748 | newkeys = kex->newkeys[mode]; | 849 | newkeys = kex->newkeys[mode]; |
@@ -828,8 +929,7 @@ derive_key(struct ssh *ssh, int id, u_int need, u_char *hash, u_int hashlen, | |||
828 | digest = NULL; | 929 | digest = NULL; |
829 | r = 0; | 930 | r = 0; |
830 | out: | 931 | out: |
831 | if (digest) | 932 | free(digest); |
832 | free(digest); | ||
833 | ssh_digest_free(hashctx); | 933 | ssh_digest_free(hashctx); |
834 | return r; | 934 | return r; |
835 | } | 935 | } |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: kex.h,v 1.73 2015/07/30 00:01:34 djm Exp $ */ | 1 | /* $OpenBSD: kex.h,v 1.76 2016/02/08 10:57:07 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. |
@@ -54,7 +54,6 @@ | |||
54 | #define KEX_DH14 "diffie-hellman-group14-sha1" | 54 | #define KEX_DH14 "diffie-hellman-group14-sha1" |
55 | #define KEX_DHGEX_SHA1 "diffie-hellman-group-exchange-sha1" | 55 | #define KEX_DHGEX_SHA1 "diffie-hellman-group-exchange-sha1" |
56 | #define KEX_DHGEX_SHA256 "diffie-hellman-group-exchange-sha256" | 56 | #define KEX_DHGEX_SHA256 "diffie-hellman-group-exchange-sha256" |
57 | #define KEX_RESUME "resume@appgate.com" | ||
58 | #define KEX_ECDH_SHA2_NISTP256 "ecdh-sha2-nistp256" | 57 | #define KEX_ECDH_SHA2_NISTP256 "ecdh-sha2-nistp256" |
59 | #define KEX_ECDH_SHA2_NISTP384 "ecdh-sha2-nistp384" | 58 | #define KEX_ECDH_SHA2_NISTP384 "ecdh-sha2-nistp384" |
60 | #define KEX_ECDH_SHA2_NISTP521 "ecdh-sha2-nistp521" | 59 | #define KEX_ECDH_SHA2_NISTP521 "ecdh-sha2-nistp521" |
@@ -132,10 +131,12 @@ struct kex { | |||
132 | u_int dh_need; | 131 | u_int dh_need; |
133 | int server; | 132 | int server; |
134 | char *name; | 133 | char *name; |
134 | char *hostkey_alg; | ||
135 | int hostkey_type; | 135 | int hostkey_type; |
136 | int hostkey_nid; | 136 | int hostkey_nid; |
137 | u_int kex_type; | 137 | u_int kex_type; |
138 | int roaming; | 138 | int rsa_sha2; |
139 | int ext_info_c; | ||
139 | struct sshbuf *my; | 140 | struct sshbuf *my; |
140 | struct sshbuf *peer; | 141 | struct sshbuf *peer; |
141 | sig_atomic_t done; | 142 | sig_atomic_t done; |
@@ -155,8 +156,8 @@ struct kex { | |||
155 | struct sshkey *(*load_host_public_key)(int, int, struct ssh *); | 156 | struct sshkey *(*load_host_public_key)(int, int, struct ssh *); |
156 | struct sshkey *(*load_host_private_key)(int, int, struct ssh *); | 157 | struct sshkey *(*load_host_private_key)(int, int, struct ssh *); |
157 | int (*host_key_index)(struct sshkey *, int, struct ssh *); | 158 | int (*host_key_index)(struct sshkey *, int, struct ssh *); |
158 | int (*sign)(struct sshkey *, struct sshkey *, | 159 | int (*sign)(struct sshkey *, struct sshkey *, u_char **, size_t *, |
159 | u_char **, size_t *, const u_char *, size_t, u_int); | 160 | const u_char *, size_t, const char *, u_int); |
160 | int (*kex[KEX_MAX])(struct ssh *); | 161 | int (*kex[KEX_MAX])(struct ssh *); |
161 | /* kex specific state */ | 162 | /* kex specific state */ |
162 | DH *dh; /* DH */ | 163 | DH *dh; /* DH */ |
@@ -183,9 +184,11 @@ void kex_prop_free(char **); | |||
183 | 184 | ||
184 | int kex_send_kexinit(struct ssh *); | 185 | int kex_send_kexinit(struct ssh *); |
185 | int kex_input_kexinit(int, u_int32_t, void *); | 186 | int kex_input_kexinit(int, u_int32_t, void *); |
187 | int kex_input_ext_info(int, u_int32_t, void *); | ||
186 | int kex_derive_keys(struct ssh *, u_char *, u_int, const struct sshbuf *); | 188 | int kex_derive_keys(struct ssh *, u_char *, u_int, const struct sshbuf *); |
187 | int kex_derive_keys_bn(struct ssh *, u_char *, u_int, const BIGNUM *); | 189 | int kex_derive_keys_bn(struct ssh *, u_char *, u_int, const BIGNUM *); |
188 | int kex_send_newkeys(struct ssh *); | 190 | int kex_send_newkeys(struct ssh *); |
191 | int kex_start_rekex(struct ssh *); | ||
189 | 192 | ||
190 | int kexdh_client(struct ssh *); | 193 | int kexdh_client(struct ssh *); |
191 | int kexdh_server(struct ssh *); | 194 | int kexdh_server(struct ssh *); |
diff --git a/kexc25519s.c b/kexc25519s.c index 240272533..4e77622b0 100644 --- a/kexc25519s.c +++ b/kexc25519s.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: kexc25519s.c,v 1.9 2015/04/27 00:37:53 dtucker Exp $ */ | 1 | /* $OpenBSD: kexc25519s.c,v 1.10 2015/12/04 16:41:28 markus Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. |
4 | * Copyright (c) 2010 Damien Miller. All rights reserved. | 4 | * Copyright (c) 2010 Damien Miller. All rights reserved. |
@@ -134,8 +134,8 @@ input_kex_c25519_init(int type, u_int32_t seq, void *ctxt) | |||
134 | } | 134 | } |
135 | 135 | ||
136 | /* sign H */ | 136 | /* sign H */ |
137 | if ((r = kex->sign(server_host_private, server_host_public, | 137 | if ((r = kex->sign(server_host_private, server_host_public, &signature, |
138 | &signature, &slen, hash, hashlen, ssh->compat)) < 0) | 138 | &slen, hash, hashlen, kex->hostkey_alg, ssh->compat)) < 0) |
139 | goto out; | 139 | goto out; |
140 | 140 | ||
141 | /* send server hostkey, ECDH pubkey 'Q_S' and signed H */ | 141 | /* send server hostkey, ECDH pubkey 'Q_S' and signed H */ |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: kexdhs.c,v 1.22 2015/01/26 06:10:03 djm Exp $ */ | 1 | /* $OpenBSD: kexdhs.c,v 1.23 2015/12/04 16:41:28 markus Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -181,8 +181,8 @@ input_kex_dh_init(int type, u_int32_t seq, void *ctxt) | |||
181 | } | 181 | } |
182 | 182 | ||
183 | /* sign H */ | 183 | /* sign H */ |
184 | if ((r = kex->sign(server_host_private, server_host_public, | 184 | if ((r = kex->sign(server_host_private, server_host_public, &signature, |
185 | &signature, &slen, hash, hashlen, ssh->compat)) < 0) | 185 | &slen, hash, hashlen, kex->hostkey_alg, ssh->compat)) < 0) |
186 | goto out; | 186 | goto out; |
187 | 187 | ||
188 | /* destroy_sensitive_data(); */ | 188 | /* destroy_sensitive_data(); */ |
diff --git a/kexecdhs.c b/kexecdhs.c index 0adb80e6a..ccdbf70b1 100644 --- a/kexecdhs.c +++ b/kexecdhs.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: kexecdhs.c,v 1.14 2015/01/26 06:10:03 djm Exp $ */ | 1 | /* $OpenBSD: kexecdhs.c,v 1.15 2015/12/04 16:41:28 markus Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. |
4 | * Copyright (c) 2010 Damien Miller. All rights reserved. | 4 | * Copyright (c) 2010 Damien Miller. All rights reserved. |
@@ -169,8 +169,8 @@ input_kex_ecdh_init(int type, u_int32_t seq, void *ctxt) | |||
169 | } | 169 | } |
170 | 170 | ||
171 | /* sign H */ | 171 | /* sign H */ |
172 | if ((r = kex->sign(server_host_private, server_host_public, | 172 | if ((r = kex->sign(server_host_private, server_host_public, &signature, |
173 | &signature, &slen, hash, hashlen, ssh->compat)) < 0) | 173 | &slen, hash, hashlen, kex->hostkey_alg, ssh->compat)) < 0) |
174 | goto out; | 174 | goto out; |
175 | 175 | ||
176 | /* destroy_sensitive_data(); */ | 176 | /* destroy_sensitive_data(); */ |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: kexgexs.c,v 1.25 2015/04/13 02:04:08 djm Exp $ */ | 1 | /* $OpenBSD: kexgexs.c,v 1.26 2015/12/04 16:41:28 markus Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Niels Provos. All rights reserved. | 3 | * Copyright (c) 2000 Niels Provos. All rights reserved. |
4 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2001 Markus Friedl. All rights reserved. |
@@ -220,8 +220,8 @@ input_kex_dh_gex_init(int type, u_int32_t seq, void *ctxt) | |||
220 | } | 220 | } |
221 | 221 | ||
222 | /* sign H */ | 222 | /* sign H */ |
223 | if ((r = kex->sign(server_host_private, server_host_public, | 223 | if ((r = kex->sign(server_host_private, server_host_public, &signature, |
224 | &signature, &slen, hash, hashlen, ssh->compat)) < 0) | 224 | &slen, hash, hashlen, kex->hostkey_alg, ssh->compat)) < 0) |
225 | goto out; | 225 | goto out; |
226 | 226 | ||
227 | /* destroy_sensitive_data(); */ | 227 | /* destroy_sensitive_data(); */ |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: key.c,v 1.128 2015/07/03 03:43:18 djm Exp $ */ | 1 | /* $OpenBSD: key.c,v 1.129 2015/12/04 16:41:28 markus Exp $ */ |
2 | /* | 2 | /* |
3 | * placed in the public domain | 3 | * placed in the public domain |
4 | */ | 4 | */ |
@@ -132,7 +132,7 @@ key_to_blob(const Key *key, u_char **blobp, u_int *lenp) | |||
132 | 132 | ||
133 | int | 133 | int |
134 | key_sign(const Key *key, u_char **sigp, u_int *lenp, | 134 | key_sign(const Key *key, u_char **sigp, u_int *lenp, |
135 | const u_char *data, u_int datalen) | 135 | const u_char *data, u_int datalen, const char *alg) |
136 | { | 136 | { |
137 | int r; | 137 | int r; |
138 | u_char *sig; | 138 | u_char *sig; |
@@ -143,7 +143,7 @@ key_sign(const Key *key, u_char **sigp, u_int *lenp, | |||
143 | if (lenp != NULL) | 143 | if (lenp != NULL) |
144 | *lenp = 0; | 144 | *lenp = 0; |
145 | if ((r = sshkey_sign(key, &sig, &siglen, | 145 | if ((r = sshkey_sign(key, &sig, &siglen, |
146 | data, datalen, datafellows)) != 0) { | 146 | data, datalen, alg, datafellows)) != 0) { |
147 | fatal_on_fatal_errors(r, __func__, 0); | 147 | fatal_on_fatal_errors(r, __func__, 0); |
148 | error("%s: %s", __func__, ssh_err(r)); | 148 | error("%s: %s", __func__, ssh_err(r)); |
149 | return -1; | 149 | return -1; |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: key.h,v 1.48 2015/07/03 03:43:18 djm Exp $ */ | 1 | /* $OpenBSD: key.h,v 1.49 2015/12/04 16:41:28 markus Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. |
@@ -84,7 +84,8 @@ int key_ec_validate_private(const EC_KEY *); | |||
84 | Key *key_from_blob(const u_char *, u_int); | 84 | Key *key_from_blob(const u_char *, u_int); |
85 | int key_to_blob(const Key *, u_char **, u_int *); | 85 | int key_to_blob(const Key *, u_char **, u_int *); |
86 | 86 | ||
87 | int key_sign(const Key *, u_char **, u_int *, const u_char *, u_int); | 87 | int key_sign(const Key *, u_char **, u_int *, const u_char *, u_int, |
88 | const char *); | ||
88 | int key_verify(const Key *, const u_char *, u_int, const u_char *, u_int); | 89 | int key_verify(const Key *, const u_char *, u_int, const u_char *, u_int); |
89 | 90 | ||
90 | void key_private_serialize(const Key *, struct sshbuf *); | 91 | void key_private_serialize(const Key *, struct sshbuf *); |
@@ -14,7 +14,7 @@ | |||
14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | 14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
15 | */ | 15 | */ |
16 | 16 | ||
17 | /* $OpenBSD: krl.c,v 1.33 2015/07/03 03:43:18 djm Exp $ */ | 17 | /* $OpenBSD: krl.c,v 1.37 2015/12/31 00:33:52 djm Exp $ */ |
18 | 18 | ||
19 | #include "includes.h" | 19 | #include "includes.h" |
20 | 20 | ||
@@ -723,7 +723,7 @@ ssh_krl_to_blob(struct ssh_krl *krl, struct sshbuf *buf, | |||
723 | if ((r = sshbuf_put(buf, KRL_MAGIC, sizeof(KRL_MAGIC) - 1)) != 0 || | 723 | if ((r = sshbuf_put(buf, KRL_MAGIC, sizeof(KRL_MAGIC) - 1)) != 0 || |
724 | (r = sshbuf_put_u32(buf, KRL_FORMAT_VERSION)) != 0 || | 724 | (r = sshbuf_put_u32(buf, KRL_FORMAT_VERSION)) != 0 || |
725 | (r = sshbuf_put_u64(buf, krl->krl_version)) != 0 || | 725 | (r = sshbuf_put_u64(buf, krl->krl_version)) != 0 || |
726 | (r = sshbuf_put_u64(buf, krl->generated_date) != 0) || | 726 | (r = sshbuf_put_u64(buf, krl->generated_date)) != 0 || |
727 | (r = sshbuf_put_u64(buf, krl->flags)) != 0 || | 727 | (r = sshbuf_put_u64(buf, krl->flags)) != 0 || |
728 | (r = sshbuf_put_string(buf, NULL, 0)) != 0 || | 728 | (r = sshbuf_put_string(buf, NULL, 0)) != 0 || |
729 | (r = sshbuf_put_cstring(buf, krl->comment)) != 0) | 729 | (r = sshbuf_put_cstring(buf, krl->comment)) != 0) |
@@ -772,7 +772,7 @@ ssh_krl_to_blob(struct ssh_krl *krl, struct sshbuf *buf, | |||
772 | goto out; | 772 | goto out; |
773 | 773 | ||
774 | if ((r = sshkey_sign(sign_keys[i], &sblob, &slen, | 774 | if ((r = sshkey_sign(sign_keys[i], &sblob, &slen, |
775 | sshbuf_ptr(buf), sshbuf_len(buf), 0)) != 0) | 775 | sshbuf_ptr(buf), sshbuf_len(buf), NULL, 0)) != 0) |
776 | goto out; | 776 | goto out; |
777 | KRL_DBG(("%s: signature sig len %zu", __func__, slen)); | 777 | KRL_DBG(("%s: signature sig len %zu", __func__, slen)); |
778 | if ((r = sshbuf_put_string(buf, sblob, slen)) != 0) | 778 | if ((r = sshbuf_put_string(buf, sblob, slen)) != 0) |
@@ -826,10 +826,8 @@ parse_revoked_certs(struct sshbuf *buf, struct ssh_krl *krl) | |||
826 | goto out; | 826 | goto out; |
827 | 827 | ||
828 | while (sshbuf_len(buf) > 0) { | 828 | while (sshbuf_len(buf) > 0) { |
829 | if (subsect != NULL) { | 829 | sshbuf_free(subsect); |
830 | sshbuf_free(subsect); | 830 | subsect = NULL; |
831 | subsect = NULL; | ||
832 | } | ||
833 | if ((r = sshbuf_get_u8(buf, &type)) != 0 || | 831 | if ((r = sshbuf_get_u8(buf, &type)) != 0 || |
834 | (r = sshbuf_froms(buf, &subsect)) != 0) | 832 | (r = sshbuf_froms(buf, &subsect)) != 0) |
835 | goto out; | 833 | goto out; |
@@ -1017,7 +1015,7 @@ ssh_krl_from_blob(struct sshbuf *buf, struct ssh_krl **krlp, | |||
1017 | } | 1015 | } |
1018 | /* Check signature over entire KRL up to this point */ | 1016 | /* Check signature over entire KRL up to this point */ |
1019 | if ((r = sshkey_verify(key, blob, blen, | 1017 | if ((r = sshkey_verify(key, blob, blen, |
1020 | sshbuf_ptr(buf), sshbuf_len(buf) - sig_off, 0)) != 0) | 1018 | sshbuf_ptr(buf), sig_off, 0)) != 0) |
1021 | goto out; | 1019 | goto out; |
1022 | /* Check if this key has already signed this KRL */ | 1020 | /* Check if this key has already signed this KRL */ |
1023 | for (i = 0; i < nca_used; i++) { | 1021 | for (i = 0; i < nca_used; i++) { |
@@ -1038,7 +1036,6 @@ ssh_krl_from_blob(struct sshbuf *buf, struct ssh_krl **krlp, | |||
1038 | ca_used = tmp_ca_used; | 1036 | ca_used = tmp_ca_used; |
1039 | ca_used[nca_used++] = key; | 1037 | ca_used[nca_used++] = key; |
1040 | key = NULL; | 1038 | key = NULL; |
1041 | break; | ||
1042 | } | 1039 | } |
1043 | 1040 | ||
1044 | if (sshbuf_len(copy) != 0) { | 1041 | if (sshbuf_len(copy) != 0) { |
@@ -1059,10 +1056,8 @@ ssh_krl_from_blob(struct sshbuf *buf, struct ssh_krl **krlp, | |||
1059 | if ((r = sshbuf_consume(copy, sects_off)) != 0) | 1056 | if ((r = sshbuf_consume(copy, sects_off)) != 0) |
1060 | goto out; | 1057 | goto out; |
1061 | while (sshbuf_len(copy) > 0) { | 1058 | while (sshbuf_len(copy) > 0) { |
1062 | if (sect != NULL) { | 1059 | sshbuf_free(sect); |
1063 | sshbuf_free(sect); | 1060 | sect = NULL; |
1064 | sect = NULL; | ||
1065 | } | ||
1066 | if ((r = sshbuf_get_u8(copy, &type)) != 0 || | 1061 | if ((r = sshbuf_get_u8(copy, &type)) != 0 || |
1067 | (r = sshbuf_froms(copy, §)) != 0) | 1062 | (r = sshbuf_froms(copy, §)) != 0) |
1068 | goto out; | 1063 | goto out; |
@@ -1105,7 +1100,7 @@ ssh_krl_from_blob(struct sshbuf *buf, struct ssh_krl **krlp, | |||
1105 | r = SSH_ERR_INVALID_FORMAT; | 1100 | r = SSH_ERR_INVALID_FORMAT; |
1106 | goto out; | 1101 | goto out; |
1107 | } | 1102 | } |
1108 | if (sshbuf_len(sect) > 0) { | 1103 | if (sect != NULL && sshbuf_len(sect) > 0) { |
1109 | error("KRL section contains unparsed data"); | 1104 | error("KRL section contains unparsed data"); |
1110 | r = SSH_ERR_INVALID_FORMAT; | 1105 | r = SSH_ERR_INVALID_FORMAT; |
1111 | goto out; | 1106 | goto out; |
@@ -14,7 +14,7 @@ | |||
14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | 14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
15 | */ | 15 | */ |
16 | 16 | ||
17 | /* $OpenBSD: krl.h,v 1.4 2015/01/13 19:06:49 djm Exp $ */ | 17 | /* $OpenBSD: krl.h,v 1.5 2015/12/30 23:46:14 djm Exp $ */ |
18 | 18 | ||
19 | #ifndef _KRL_H | 19 | #ifndef _KRL_H |
20 | #define _KRL_H | 20 | #define _KRL_H |
@@ -43,7 +43,6 @@ struct ssh_krl; | |||
43 | struct ssh_krl *ssh_krl_init(void); | 43 | struct ssh_krl *ssh_krl_init(void); |
44 | void ssh_krl_free(struct ssh_krl *krl); | 44 | void ssh_krl_free(struct ssh_krl *krl); |
45 | void ssh_krl_set_version(struct ssh_krl *krl, u_int64_t version); | 45 | void ssh_krl_set_version(struct ssh_krl *krl, u_int64_t version); |
46 | void ssh_krl_set_sign_key(struct ssh_krl *krl, const struct sshkey *sign_key); | ||
47 | int ssh_krl_set_comment(struct ssh_krl *krl, const char *comment); | 46 | int ssh_krl_set_comment(struct ssh_krl *krl, const char *comment); |
48 | int ssh_krl_revoke_cert_by_serial(struct ssh_krl *krl, | 47 | int ssh_krl_revoke_cert_by_serial(struct ssh_krl *krl, |
49 | const struct sshkey *ca_key, u_int64_t serial); | 48 | const struct sshkey *ca_key, u_int64_t serial); |
diff --git a/loginrec.c b/loginrec.c index 94ae81dc6..788553e92 100644 --- a/loginrec.c +++ b/loginrec.c | |||
@@ -150,6 +150,9 @@ | |||
150 | #include <sys/types.h> | 150 | #include <sys/types.h> |
151 | #include <sys/stat.h> | 151 | #include <sys/stat.h> |
152 | #include <sys/socket.h> | 152 | #include <sys/socket.h> |
153 | #ifdef HAVE_SYS_TIME_H | ||
154 | # include <sys/time.h> | ||
155 | #endif | ||
153 | 156 | ||
154 | #include <netinet/in.h> | 157 | #include <netinet/in.h> |
155 | 158 | ||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: misc.c,v 1.97 2015/04/24 01:36:00 deraadt Exp $ */ | 1 | /* $OpenBSD: misc.c,v 1.101 2016/01/20 09:22:39 dtucker Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * Copyright (c) 2005,2006 Damien Miller. All rights reserved. | 4 | * Copyright (c) 2005,2006 Damien Miller. All rights reserved. |
@@ -29,6 +29,7 @@ | |||
29 | #include <sys/types.h> | 29 | #include <sys/types.h> |
30 | #include <sys/ioctl.h> | 30 | #include <sys/ioctl.h> |
31 | #include <sys/socket.h> | 31 | #include <sys/socket.h> |
32 | #include <sys/time.h> | ||
32 | #include <sys/un.h> | 33 | #include <sys/un.h> |
33 | 34 | ||
34 | #include <limits.h> | 35 | #include <limits.h> |
@@ -606,6 +607,8 @@ percent_expand(const char *string, ...) | |||
606 | /* %% case */ | 607 | /* %% case */ |
607 | if (*string == '%') | 608 | if (*string == '%') |
608 | goto append; | 609 | goto append; |
610 | if (*string == '\0') | ||
611 | fatal("%s: invalid format", __func__); | ||
609 | for (j = 0; j < num_keys; j++) { | 612 | for (j = 0; j < num_keys; j++) { |
610 | if (strchr(keys[j].key, *string) != NULL) { | 613 | if (strchr(keys[j].key, *string) != NULL) { |
611 | i = strlcat(buf, keys[j].repl, sizeof(buf)); | 614 | i = strlcat(buf, keys[j].repl, sizeof(buf)); |
@@ -720,62 +723,63 @@ tun_open(int tun, int mode) | |||
720 | struct ifreq ifr; | 723 | struct ifreq ifr; |
721 | char name[100]; | 724 | char name[100]; |
722 | int fd = -1, sock; | 725 | int fd = -1, sock; |
726 | const char *tunbase = "tun"; | ||
727 | |||
728 | if (mode == SSH_TUNMODE_ETHERNET) | ||
729 | tunbase = "tap"; | ||
723 | 730 | ||
724 | /* Open the tunnel device */ | 731 | /* Open the tunnel device */ |
725 | if (tun <= SSH_TUNID_MAX) { | 732 | if (tun <= SSH_TUNID_MAX) { |
726 | snprintf(name, sizeof(name), "/dev/tun%d", tun); | 733 | snprintf(name, sizeof(name), "/dev/%s%d", tunbase, tun); |
727 | fd = open(name, O_RDWR); | 734 | fd = open(name, O_RDWR); |
728 | } else if (tun == SSH_TUNID_ANY) { | 735 | } else if (tun == SSH_TUNID_ANY) { |
729 | for (tun = 100; tun >= 0; tun--) { | 736 | for (tun = 100; tun >= 0; tun--) { |
730 | snprintf(name, sizeof(name), "/dev/tun%d", tun); | 737 | snprintf(name, sizeof(name), "/dev/%s%d", |
738 | tunbase, tun); | ||
731 | if ((fd = open(name, O_RDWR)) >= 0) | 739 | if ((fd = open(name, O_RDWR)) >= 0) |
732 | break; | 740 | break; |
733 | } | 741 | } |
734 | } else { | 742 | } else { |
735 | debug("%s: invalid tunnel %u", __func__, tun); | 743 | debug("%s: invalid tunnel %u", __func__, tun); |
736 | return (-1); | 744 | return -1; |
737 | } | 745 | } |
738 | 746 | ||
739 | if (fd < 0) { | 747 | if (fd < 0) { |
740 | debug("%s: %s open failed: %s", __func__, name, strerror(errno)); | 748 | debug("%s: %s open: %s", __func__, name, strerror(errno)); |
741 | return (-1); | 749 | return -1; |
742 | } | 750 | } |
743 | 751 | ||
744 | debug("%s: %s mode %d fd %d", __func__, name, mode, fd); | 752 | debug("%s: %s mode %d fd %d", __func__, name, mode, fd); |
745 | 753 | ||
746 | /* Set the tunnel device operation mode */ | 754 | /* Bring interface up if it is not already */ |
747 | snprintf(ifr.ifr_name, sizeof(ifr.ifr_name), "tun%d", tun); | 755 | snprintf(ifr.ifr_name, sizeof(ifr.ifr_name), "%s%d", tunbase, tun); |
748 | if ((sock = socket(PF_UNIX, SOCK_STREAM, 0)) == -1) | 756 | if ((sock = socket(PF_UNIX, SOCK_STREAM, 0)) == -1) |
749 | goto failed; | 757 | goto failed; |
750 | 758 | ||
751 | if (ioctl(sock, SIOCGIFFLAGS, &ifr) == -1) | 759 | if (ioctl(sock, SIOCGIFFLAGS, &ifr) == -1) { |
752 | goto failed; | 760 | debug("%s: get interface %s flags: %s", __func__, |
753 | 761 | ifr.ifr_name, strerror(errno)); | |
754 | /* Set interface mode */ | ||
755 | ifr.ifr_flags &= ~IFF_UP; | ||
756 | if (mode == SSH_TUNMODE_ETHERNET) | ||
757 | ifr.ifr_flags |= IFF_LINK0; | ||
758 | else | ||
759 | ifr.ifr_flags &= ~IFF_LINK0; | ||
760 | if (ioctl(sock, SIOCSIFFLAGS, &ifr) == -1) | ||
761 | goto failed; | 762 | goto failed; |
763 | } | ||
762 | 764 | ||
763 | /* Bring interface up */ | 765 | if (!(ifr.ifr_flags & IFF_UP)) { |
764 | ifr.ifr_flags |= IFF_UP; | 766 | ifr.ifr_flags |= IFF_UP; |
765 | if (ioctl(sock, SIOCSIFFLAGS, &ifr) == -1) | 767 | if (ioctl(sock, SIOCSIFFLAGS, &ifr) == -1) { |
766 | goto failed; | 768 | debug("%s: activate interface %s: %s", __func__, |
769 | ifr.ifr_name, strerror(errno)); | ||
770 | goto failed; | ||
771 | } | ||
772 | } | ||
767 | 773 | ||
768 | close(sock); | 774 | close(sock); |
769 | return (fd); | 775 | return fd; |
770 | 776 | ||
771 | failed: | 777 | failed: |
772 | if (fd >= 0) | 778 | if (fd >= 0) |
773 | close(fd); | 779 | close(fd); |
774 | if (sock >= 0) | 780 | if (sock >= 0) |
775 | close(sock); | 781 | close(sock); |
776 | debug("%s: failed to set %s mode %d: %s", __func__, name, | 782 | return -1; |
777 | mode, strerror(errno)); | ||
778 | return (-1); | ||
779 | #else | 783 | #else |
780 | error("Tunnel interfaces are not supported on this platform"); | 784 | error("Tunnel interfaces are not supported on this platform"); |
781 | return (-1); | 785 | return (-1); |
@@ -1174,7 +1178,7 @@ unix_listener(const char *path, int backlog, int unlink_first) | |||
1174 | void | 1178 | void |
1175 | sock_set_v6only(int s) | 1179 | sock_set_v6only(int s) |
1176 | { | 1180 | { |
1177 | #ifdef IPV6_V6ONLY | 1181 | #if defined(IPV6_V6ONLY) && !defined(__OpenBSD__) |
1178 | int on = 1; | 1182 | int on = 1; |
1179 | 1183 | ||
1180 | debug3("%s: set socket %d IPV6_V6ONLY", __func__, s); | 1184 | debug3("%s: set socket %d IPV6_V6ONLY", __func__, s); |
@@ -71,4 +71,4 @@ STANDARDS | |||
71 | the Secure Shell (SSH) Transport Layer Protocol, RFC 4419, March 2006, | 71 | the Secure Shell (SSH) Transport Layer Protocol, RFC 4419, March 2006, |
72 | 2006. | 72 | 2006. |
73 | 73 | ||
74 | OpenBSD 5.8 September 26, 2012 OpenBSD 5.8 | 74 | OpenBSD 5.9 September 26, 2012 OpenBSD 5.9 |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: monitor.c,v 1.150 2015/06/22 23:42:16 djm Exp $ */ | 1 | /* $OpenBSD: monitor.c,v 1.157 2016/02/15 23:32:37 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> | 3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> |
4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> | 4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> |
@@ -100,7 +100,6 @@ | |||
100 | #include "monitor_fdpass.h" | 100 | #include "monitor_fdpass.h" |
101 | #include "compat.h" | 101 | #include "compat.h" |
102 | #include "ssh2.h" | 102 | #include "ssh2.h" |
103 | #include "roaming.h" | ||
104 | #include "authfd.h" | 103 | #include "authfd.h" |
105 | #include "match.h" | 104 | #include "match.h" |
106 | #include "ssherr.h" | 105 | #include "ssherr.h" |
@@ -506,15 +505,10 @@ monitor_sync(struct monitor *pmonitor) | |||
506 | static void * | 505 | static void * |
507 | mm_zalloc(struct mm_master *mm, u_int ncount, u_int size) | 506 | mm_zalloc(struct mm_master *mm, u_int ncount, u_int size) |
508 | { | 507 | { |
509 | size_t len = (size_t) size * ncount; | 508 | if (size == 0 || ncount == 0 || ncount > SIZE_MAX / size) |
510 | void *address; | ||
511 | |||
512 | if (len == 0 || ncount > SIZE_MAX / size) | ||
513 | fatal("%s: mm_zalloc(%u, %u)", __func__, ncount, size); | 509 | fatal("%s: mm_zalloc(%u, %u)", __func__, ncount, size); |
514 | 510 | ||
515 | address = mm_malloc(mm, len); | 511 | return mm_malloc(mm, size * ncount); |
516 | |||
517 | return (address); | ||
518 | } | 512 | } |
519 | 513 | ||
520 | static void | 514 | static void |
@@ -709,17 +703,18 @@ mm_answer_sign(int sock, Buffer *m) | |||
709 | struct ssh *ssh = active_state; /* XXX */ | 703 | struct ssh *ssh = active_state; /* XXX */ |
710 | extern int auth_sock; /* XXX move to state struct? */ | 704 | extern int auth_sock; /* XXX move to state struct? */ |
711 | struct sshkey *key; | 705 | struct sshkey *key; |
712 | struct sshbuf *sigbuf; | 706 | struct sshbuf *sigbuf = NULL; |
713 | u_char *p; | 707 | u_char *p = NULL, *signature = NULL; |
714 | u_char *signature; | 708 | char *alg = NULL; |
715 | size_t datlen, siglen; | 709 | size_t datlen, siglen, alglen; |
716 | int r, keyid, is_proof = 0; | 710 | int r, keyid, is_proof = 0; |
717 | const char proof_req[] = "hostkeys-prove-00@openssh.com"; | 711 | const char proof_req[] = "hostkeys-prove-00@openssh.com"; |
718 | 712 | ||
719 | debug3("%s", __func__); | 713 | debug3("%s", __func__); |
720 | 714 | ||
721 | if ((r = sshbuf_get_u32(m, &keyid)) != 0 || | 715 | if ((r = sshbuf_get_u32(m, &keyid)) != 0 || |
722 | (r = sshbuf_get_string(m, &p, &datlen)) != 0) | 716 | (r = sshbuf_get_string(m, &p, &datlen)) != 0 || |
717 | (r = sshbuf_get_cstring(m, &alg, &alglen)) != 0) | ||
723 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | 718 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
724 | 719 | ||
725 | /* | 720 | /* |
@@ -746,7 +741,7 @@ mm_answer_sign(int sock, Buffer *m) | |||
746 | fatal("%s: sshbuf_new", __func__); | 741 | fatal("%s: sshbuf_new", __func__); |
747 | if ((r = sshbuf_put_cstring(sigbuf, proof_req)) != 0 || | 742 | if ((r = sshbuf_put_cstring(sigbuf, proof_req)) != 0 || |
748 | (r = sshbuf_put_string(sigbuf, session_id2, | 743 | (r = sshbuf_put_string(sigbuf, session_id2, |
749 | session_id2_len) != 0) || | 744 | session_id2_len)) != 0 || |
750 | (r = sshkey_puts(key, sigbuf)) != 0) | 745 | (r = sshkey_puts(key, sigbuf)) != 0) |
751 | fatal("%s: couldn't prepare private key " | 746 | fatal("%s: couldn't prepare private key " |
752 | "proof buffer: %s", __func__, ssh_err(r)); | 747 | "proof buffer: %s", __func__, ssh_err(r)); |
@@ -766,14 +761,14 @@ mm_answer_sign(int sock, Buffer *m) | |||
766 | } | 761 | } |
767 | 762 | ||
768 | if ((key = get_hostkey_by_index(keyid)) != NULL) { | 763 | if ((key = get_hostkey_by_index(keyid)) != NULL) { |
769 | if ((r = sshkey_sign(key, &signature, &siglen, p, datlen, | 764 | if ((r = sshkey_sign(key, &signature, &siglen, p, datlen, alg, |
770 | datafellows)) != 0) | 765 | datafellows)) != 0) |
771 | fatal("%s: sshkey_sign failed: %s", | 766 | fatal("%s: sshkey_sign failed: %s", |
772 | __func__, ssh_err(r)); | 767 | __func__, ssh_err(r)); |
773 | } else if ((key = get_hostkey_public_by_index(keyid, ssh)) != NULL && | 768 | } else if ((key = get_hostkey_public_by_index(keyid, ssh)) != NULL && |
774 | auth_sock > 0) { | 769 | auth_sock > 0) { |
775 | if ((r = ssh_agent_sign(auth_sock, key, &signature, &siglen, | 770 | if ((r = ssh_agent_sign(auth_sock, key, &signature, &siglen, |
776 | p, datlen, datafellows)) != 0) { | 771 | p, datlen, alg, datafellows)) != 0) { |
777 | fatal("%s: ssh_agent_sign failed: %s", | 772 | fatal("%s: ssh_agent_sign failed: %s", |
778 | __func__, ssh_err(r)); | 773 | __func__, ssh_err(r)); |
779 | } | 774 | } |
@@ -787,6 +782,7 @@ mm_answer_sign(int sock, Buffer *m) | |||
787 | if ((r = sshbuf_put_string(m, signature, siglen)) != 0) | 782 | if ((r = sshbuf_put_string(m, signature, siglen)) != 0) |
788 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | 783 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
789 | 784 | ||
785 | free(alg); | ||
790 | free(p); | 786 | free(p); |
791 | free(signature); | 787 | free(signature); |
792 | 788 | ||
@@ -1014,7 +1010,7 @@ mm_answer_bsdauthrespond(int sock, Buffer *m) | |||
1014 | char *response; | 1010 | char *response; |
1015 | int authok; | 1011 | int authok; |
1016 | 1012 | ||
1017 | if (authctxt->as == 0) | 1013 | if (authctxt->as == NULL) |
1018 | fatal("%s: no bsd auth session", __func__); | 1014 | fatal("%s: no bsd auth session", __func__); |
1019 | 1015 | ||
1020 | response = buffer_get_string(m, NULL); | 1016 | response = buffer_get_string(m, NULL); |
@@ -1083,7 +1079,8 @@ mm_answer_skeyrespond(int sock, Buffer *m) | |||
1083 | debug3("%s: sending authenticated: %d", __func__, authok); | 1079 | debug3("%s: sending authenticated: %d", __func__, authok); |
1084 | mm_request_send(sock, MONITOR_ANS_SKEYRESPOND, m); | 1080 | mm_request_send(sock, MONITOR_ANS_SKEYRESPOND, m); |
1085 | 1081 | ||
1086 | auth_method = "skey"; | 1082 | auth_method = "keyboard-interactive"; |
1083 | auth_submethod = "skey"; | ||
1087 | 1084 | ||
1088 | return (authok != 0); | 1085 | return (authok != 0); |
1089 | } | 1086 | } |
@@ -1492,7 +1489,7 @@ mm_answer_keyverify(int sock, Buffer *m) | |||
1492 | __func__, key, (verified == 1) ? "verified" : "unverified"); | 1489 | __func__, key, (verified == 1) ? "verified" : "unverified"); |
1493 | 1490 | ||
1494 | /* If auth was successful then record key to ensure it isn't reused */ | 1491 | /* If auth was successful then record key to ensure it isn't reused */ |
1495 | if (verified == 1) | 1492 | if (verified == 1 && key_blobtype == MM_USERKEY) |
1496 | auth2_record_userkey(authctxt, key); | 1493 | auth2_record_userkey(authctxt, key); |
1497 | else | 1494 | else |
1498 | key_free(key); | 1495 | key_free(key); |
@@ -1895,7 +1892,7 @@ monitor_apply_keystate(struct monitor *pmonitor) | |||
1895 | sshbuf_free(child_state); | 1892 | sshbuf_free(child_state); |
1896 | child_state = NULL; | 1893 | child_state = NULL; |
1897 | 1894 | ||
1898 | if ((kex = ssh->kex) != 0) { | 1895 | if ((kex = ssh->kex) != NULL) { |
1899 | /* XXX set callbacks */ | 1896 | /* XXX set callbacks */ |
1900 | #ifdef WITH_OPENSSL | 1897 | #ifdef WITH_OPENSSL |
1901 | kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; | 1898 | kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; |
diff --git a/monitor_wrap.c b/monitor_wrap.c index 679991178..eaf0a1294 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: monitor_wrap.c,v 1.85 2015/05/01 03:23:51 djm Exp $ */ | 1 | /* $OpenBSD: monitor_wrap.c,v 1.87 2016/01/14 16:17:40 markus Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> | 3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> |
4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> | 4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> |
@@ -80,7 +80,6 @@ | |||
80 | #include "channels.h" | 80 | #include "channels.h" |
81 | #include "session.h" | 81 | #include "session.h" |
82 | #include "servconf.h" | 82 | #include "servconf.h" |
83 | #include "roaming.h" | ||
84 | 83 | ||
85 | #include "ssherr.h" | 84 | #include "ssherr.h" |
86 | 85 | ||
@@ -218,7 +217,7 @@ mm_choose_dh(int min, int nbits, int max) | |||
218 | 217 | ||
219 | int | 218 | int |
220 | mm_key_sign(Key *key, u_char **sigp, u_int *lenp, | 219 | mm_key_sign(Key *key, u_char **sigp, u_int *lenp, |
221 | const u_char *data, u_int datalen) | 220 | const u_char *data, u_int datalen, const char *hostkey_alg) |
222 | { | 221 | { |
223 | struct kex *kex = *pmonitor->m_pkex; | 222 | struct kex *kex = *pmonitor->m_pkex; |
224 | Buffer m; | 223 | Buffer m; |
@@ -228,6 +227,7 @@ mm_key_sign(Key *key, u_char **sigp, u_int *lenp, | |||
228 | buffer_init(&m); | 227 | buffer_init(&m); |
229 | buffer_put_int(&m, kex->host_key_index(key, 0, active_state)); | 228 | buffer_put_int(&m, kex->host_key_index(key, 0, active_state)); |
230 | buffer_put_string(&m, data, datalen); | 229 | buffer_put_string(&m, data, datalen); |
230 | buffer_put_cstring(&m, hostkey_alg); | ||
231 | 231 | ||
232 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SIGN, &m); | 232 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SIGN, &m); |
233 | 233 | ||
diff --git a/monitor_wrap.h b/monitor_wrap.h index 57e740f89..d9de551c2 100644 --- a/monitor_wrap.h +++ b/monitor_wrap.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: monitor_wrap.h,v 1.27 2015/05/01 03:23:51 djm Exp $ */ | 1 | /* $OpenBSD: monitor_wrap.h,v 1.29 2015/12/04 16:41:28 markus Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> | 4 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> |
@@ -40,7 +40,7 @@ struct Authctxt; | |||
40 | void mm_log_handler(LogLevel, const char *, void *); | 40 | void mm_log_handler(LogLevel, const char *, void *); |
41 | int mm_is_monitor(void); | 41 | int mm_is_monitor(void); |
42 | DH *mm_choose_dh(int, int, int); | 42 | DH *mm_choose_dh(int, int, int); |
43 | int mm_key_sign(Key *, u_char **, u_int *, const u_char *, u_int); | 43 | int mm_key_sign(Key *, u_char **, u_int *, const u_char *, u_int, const char *); |
44 | void mm_inform_authserv(char *, char *, char *); | 44 | void mm_inform_authserv(char *, char *, char *); |
45 | void mm_inform_authrole(char *); | 45 | void mm_inform_authrole(char *); |
46 | struct passwd *mm_getpwnamallow(const char *); | 46 | struct passwd *mm_getpwnamallow(const char *); |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: mux.c,v 1.54 2015/08/19 23:18:26 djm Exp $ */ | 1 | /* $OpenBSD: mux.c,v 1.58 2016/01/13 23:04:47 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org> | 3 | * Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org> |
4 | * | 4 | * |
@@ -1354,16 +1354,18 @@ mux_session_confirm(int id, int success, void *arg) | |||
1354 | char *proto, *data; | 1354 | char *proto, *data; |
1355 | 1355 | ||
1356 | /* Get reasonable local authentication information. */ | 1356 | /* Get reasonable local authentication information. */ |
1357 | client_x11_get_proto(display, options.xauth_location, | 1357 | if (client_x11_get_proto(display, options.xauth_location, |
1358 | options.forward_x11_trusted, options.forward_x11_timeout, | 1358 | options.forward_x11_trusted, options.forward_x11_timeout, |
1359 | &proto, &data); | 1359 | &proto, &data) == 0) { |
1360 | /* Request forwarding with authentication spoofing. */ | 1360 | /* Request forwarding with authentication spoofing. */ |
1361 | debug("Requesting X11 forwarding with authentication " | 1361 | debug("Requesting X11 forwarding with authentication " |
1362 | "spoofing."); | 1362 | "spoofing."); |
1363 | x11_request_forwarding_with_spoofing(id, display, proto, | 1363 | x11_request_forwarding_with_spoofing(id, display, proto, |
1364 | data, 1); | 1364 | data, 1); |
1365 | client_expect_confirm(id, "X11 forwarding", CONFIRM_WARN); | 1365 | /* XXX exit_on_forward_failure */ |
1366 | /* XXX exit_on_forward_failure */ | 1366 | client_expect_confirm(id, "X11 forwarding", |
1367 | CONFIRM_WARN); | ||
1368 | } | ||
1367 | } | 1369 | } |
1368 | 1370 | ||
1369 | if (cctx->want_agent_fwd && options.forward_agent) { | 1371 | if (cctx->want_agent_fwd && options.forward_agent) { |
@@ -1744,7 +1746,7 @@ mux_client_forward(int fd, int cancel_flag, u_int ftype, struct Forward *fwd) | |||
1744 | fwd->connect_host ? fwd->connect_host : "", | 1746 | fwd->connect_host ? fwd->connect_host : "", |
1745 | fwd->connect_port); | 1747 | fwd->connect_port); |
1746 | if (muxclient_command == SSHMUX_COMMAND_FORWARD) | 1748 | if (muxclient_command == SSHMUX_COMMAND_FORWARD) |
1747 | fprintf(stdout, "%u\n", fwd->allocated_port); | 1749 | fprintf(stdout, "%i\n", fwd->allocated_port); |
1748 | break; | 1750 | break; |
1749 | case MUX_S_PERMISSION_DENIED: | 1751 | case MUX_S_PERMISSION_DENIED: |
1750 | e = buffer_get_string(&m, NULL); | 1752 | e = buffer_get_string(&m, NULL); |
@@ -1889,6 +1891,10 @@ mux_client_request_session(int fd) | |||
1889 | } | 1891 | } |
1890 | muxclient_request_id++; | 1892 | muxclient_request_id++; |
1891 | 1893 | ||
1894 | if (pledge("stdio proc tty", NULL) == -1) | ||
1895 | fatal("%s pledge(): %s", __func__, strerror(errno)); | ||
1896 | platform_pledge_mux(); | ||
1897 | |||
1892 | signal(SIGHUP, control_client_sighandler); | 1898 | signal(SIGHUP, control_client_sighandler); |
1893 | signal(SIGINT, control_client_sighandler); | 1899 | signal(SIGINT, control_client_sighandler); |
1894 | signal(SIGTERM, control_client_sighandler); | 1900 | signal(SIGTERM, control_client_sighandler); |
@@ -1996,6 +2002,10 @@ mux_client_request_stdio_fwd(int fd) | |||
1996 | mm_send_fd(fd, STDOUT_FILENO) == -1) | 2002 | mm_send_fd(fd, STDOUT_FILENO) == -1) |
1997 | fatal("%s: send fds failed", __func__); | 2003 | fatal("%s: send fds failed", __func__); |
1998 | 2004 | ||
2005 | if (pledge("stdio proc tty", NULL) == -1) | ||
2006 | fatal("%s pledge(): %s", __func__, strerror(errno)); | ||
2007 | platform_pledge_mux(); | ||
2008 | |||
1999 | debug3("%s: stdio forward request sent", __func__); | 2009 | debug3("%s: stdio forward request sent", __func__); |
2000 | 2010 | ||
2001 | /* Read their reply */ | 2011 | /* Read their reply */ |
@@ -2169,7 +2179,7 @@ muxclient(const char *path) | |||
2169 | case SSHMUX_COMMAND_ALIVE_CHECK: | 2179 | case SSHMUX_COMMAND_ALIVE_CHECK: |
2170 | if ((pid = mux_client_request_alive(sock)) == 0) | 2180 | if ((pid = mux_client_request_alive(sock)) == 0) |
2171 | fatal("%s: master alive check failed", __func__); | 2181 | fatal("%s: master alive check failed", __func__); |
2172 | fprintf(stderr, "Master running (pid=%d)\r\n", pid); | 2182 | fprintf(stderr, "Master running (pid=%u)\r\n", pid); |
2173 | exit(0); | 2183 | exit(0); |
2174 | case SSHMUX_COMMAND_TERMINATE: | 2184 | case SSHMUX_COMMAND_TERMINATE: |
2175 | mux_client_request_terminate(sock); | 2185 | mux_client_request_terminate(sock); |
diff --git a/myproposal.h b/myproposal.h index 46e5b988d..bdd05966f 100644 --- a/myproposal.h +++ b/myproposal.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: myproposal.h,v 1.47 2015/07/10 06:21:53 markus Exp $ */ | 1 | /* $OpenBSD: myproposal.h,v 1.50 2016/02/09 05:30:04 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
@@ -101,7 +101,9 @@ | |||
101 | "ssh-rsa-cert-v01@openssh.com," \ | 101 | "ssh-rsa-cert-v01@openssh.com," \ |
102 | HOSTKEY_ECDSA_METHODS \ | 102 | HOSTKEY_ECDSA_METHODS \ |
103 | "ssh-ed25519," \ | 103 | "ssh-ed25519," \ |
104 | "ssh-rsa" \ | 104 | "rsa-sha2-512," \ |
105 | "rsa-sha2-256," \ | ||
106 | "ssh-rsa" | ||
105 | 107 | ||
106 | /* the actual algorithms */ | 108 | /* the actual algorithms */ |
107 | 109 | ||
@@ -111,9 +113,7 @@ | |||
111 | AESGCM_CIPHER_MODES | 113 | AESGCM_CIPHER_MODES |
112 | 114 | ||
113 | #define KEX_CLIENT_ENCRYPT KEX_SERVER_ENCRYPT "," \ | 115 | #define KEX_CLIENT_ENCRYPT KEX_SERVER_ENCRYPT "," \ |
114 | "arcfour256,arcfour128," \ | 116 | "aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc" |
115 | "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \ | ||
116 | "aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se" | ||
117 | 117 | ||
118 | #define KEX_SERVER_MAC \ | 118 | #define KEX_SERVER_MAC \ |
119 | "umac-64-etm@openssh.com," \ | 119 | "umac-64-etm@openssh.com," \ |
@@ -127,18 +127,9 @@ | |||
127 | "hmac-sha2-512," \ | 127 | "hmac-sha2-512," \ |
128 | "hmac-sha1" | 128 | "hmac-sha1" |
129 | 129 | ||
130 | #define KEX_CLIENT_MAC KEX_SERVER_MAC "," \ | 130 | #define KEX_CLIENT_MAC KEX_SERVER_MAC |
131 | "hmac-md5-etm@openssh.com," \ | ||
132 | "hmac-ripemd160-etm@openssh.com," \ | ||
133 | "hmac-sha1-96-etm@openssh.com," \ | ||
134 | "hmac-md5-96-etm@openssh.com," \ | ||
135 | "hmac-md5," \ | ||
136 | "hmac-ripemd160," \ | ||
137 | "hmac-ripemd160@openssh.com," \ | ||
138 | "hmac-sha1-96," \ | ||
139 | "hmac-md5-96" | ||
140 | 131 | ||
141 | #else | 132 | #else /* WITH_OPENSSL */ |
142 | 133 | ||
143 | #define KEX_SERVER_KEX \ | 134 | #define KEX_SERVER_KEX \ |
144 | "curve25519-sha256@libssh.org" | 135 | "curve25519-sha256@libssh.org" |
@@ -235,18 +235,6 @@ packet_set_connection(int fd_in, int fd_out) | |||
235 | fatal("%s: ssh_packet_set_connection failed", __func__); | 235 | fatal("%s: ssh_packet_set_connection failed", __func__); |
236 | } | 236 | } |
237 | 237 | ||
238 | void | ||
239 | packet_backup_state(void) | ||
240 | { | ||
241 | ssh_packet_backup_state(active_state, backup_state); | ||
242 | } | ||
243 | |||
244 | void | ||
245 | packet_restore_state(void) | ||
246 | { | ||
247 | ssh_packet_restore_state(active_state, backup_state); | ||
248 | } | ||
249 | |||
250 | u_int | 238 | u_int |
251 | packet_get_char(void) | 239 | packet_get_char(void) |
252 | { | 240 | { |
@@ -39,8 +39,6 @@ do { \ | |||
39 | void packet_close(void); | 39 | void packet_close(void); |
40 | u_int packet_get_char(void); | 40 | u_int packet_get_char(void); |
41 | u_int packet_get_int(void); | 41 | u_int packet_get_int(void); |
42 | void packet_backup_state(void); | ||
43 | void packet_restore_state(void); | ||
44 | void packet_set_connection(int, int); | 42 | void packet_set_connection(int, int); |
45 | int packet_read_seqnr(u_int32_t *); | 43 | int packet_read_seqnr(u_int32_t *); |
46 | int packet_read_poll_seqnr(u_int32_t *); | 44 | int packet_read_poll_seqnr(u_int32_t *); |
@@ -127,8 +125,6 @@ void packet_disconnect(const char *, ...) | |||
127 | sshpkt_add_padding(active_state, (pad)) | 125 | sshpkt_add_padding(active_state, (pad)) |
128 | #define packet_send_ignore(nbytes) \ | 126 | #define packet_send_ignore(nbytes) \ |
129 | ssh_packet_send_ignore(active_state, (nbytes)) | 127 | ssh_packet_send_ignore(active_state, (nbytes)) |
130 | #define packet_need_rekeying() \ | ||
131 | ssh_packet_need_rekeying(active_state) | ||
132 | #define packet_set_server() \ | 128 | #define packet_set_server() \ |
133 | ssh_packet_set_server(active_state) | 129 | ssh_packet_set_server(active_state) |
134 | #define packet_set_authenticated() \ | 130 | #define packet_set_authenticated() \ |
diff --git a/openbsd-compat/bsd-misc.c b/openbsd-compat/bsd-misc.c index f7be415ec..2a788e47f 100644 --- a/openbsd-compat/bsd-misc.c +++ b/openbsd-compat/bsd-misc.c | |||
@@ -276,3 +276,11 @@ getpgid(pid_t pid) | |||
276 | return -1; | 276 | return -1; |
277 | } | 277 | } |
278 | #endif | 278 | #endif |
279 | |||
280 | #ifndef HAVE_PLEDGE | ||
281 | int | ||
282 | pledge(const char *promises, const char *paths[]) | ||
283 | { | ||
284 | return 0; | ||
285 | } | ||
286 | #endif | ||
diff --git a/openbsd-compat/bsd-misc.h b/openbsd-compat/bsd-misc.h index ff347a24b..0d81d1735 100644 --- a/openbsd-compat/bsd-misc.h +++ b/openbsd-compat/bsd-misc.h | |||
@@ -122,4 +122,8 @@ pid_t getpgid(pid_t); | |||
122 | # define krb5_free_error_message(a,b) do { } while(0) | 122 | # define krb5_free_error_message(a,b) do { } while(0) |
123 | #endif | 123 | #endif |
124 | 124 | ||
125 | #ifndef HAVE_PLEDGE | ||
126 | int pledge(const char *promises, const char *paths[]); | ||
127 | #endif | ||
128 | |||
125 | #endif /* _BSD_MISC_H */ | 129 | #endif /* _BSD_MISC_H */ |
diff --git a/openbsd-compat/bsd-poll.h b/openbsd-compat/bsd-poll.h index dcbb9ca40..17945f5b4 100644 --- a/openbsd-compat/bsd-poll.h +++ b/openbsd-compat/bsd-poll.h | |||
@@ -42,11 +42,11 @@ typedef unsigned int nfds_t; | |||
42 | #define POLLIN 0x0001 | 42 | #define POLLIN 0x0001 |
43 | #define POLLOUT 0x0004 | 43 | #define POLLOUT 0x0004 |
44 | #define POLLERR 0x0008 | 44 | #define POLLERR 0x0008 |
45 | #define POLLHUP 0x0010 | ||
46 | #define POLLNVAL 0x0020 | ||
45 | #if 0 | 47 | #if 0 |
46 | /* the following are currently not implemented */ | 48 | /* the following are currently not implemented */ |
47 | #define POLLPRI 0x0002 | 49 | #define POLLPRI 0x0002 |
48 | #define POLLHUP 0x0010 | ||
49 | #define POLLNVAL 0x0020 | ||
50 | #define POLLRDNORM 0x0040 | 50 | #define POLLRDNORM 0x0040 |
51 | #define POLLNORM POLLRDNORM | 51 | #define POLLNORM POLLRDNORM |
52 | #define POLLWRNORM POLLOUT | 52 | #define POLLWRNORM POLLOUT |
diff --git a/openbsd-compat/glob.c b/openbsd-compat/glob.c index 742b4b954..7c97e67f5 100644 --- a/openbsd-compat/glob.c +++ b/openbsd-compat/glob.c | |||
@@ -59,6 +59,7 @@ | |||
59 | */ | 59 | */ |
60 | 60 | ||
61 | #include "includes.h" | 61 | #include "includes.h" |
62 | #include "glob.h" | ||
62 | 63 | ||
63 | #include <sys/types.h> | 64 | #include <sys/types.h> |
64 | #include <sys/stat.h> | 65 | #include <sys/stat.h> |
diff --git a/openbsd-compat/glob.h b/openbsd-compat/glob.h index f8a7fa5ff..f069a05dc 100644 --- a/openbsd-compat/glob.h +++ b/openbsd-compat/glob.h | |||
@@ -42,11 +42,15 @@ | |||
42 | !defined(HAVE_DECL_GLOB_NOMATCH) || HAVE_DECL_GLOB_NOMATCH == 0 || \ | 42 | !defined(HAVE_DECL_GLOB_NOMATCH) || HAVE_DECL_GLOB_NOMATCH == 0 || \ |
43 | defined(BROKEN_GLOB) | 43 | defined(BROKEN_GLOB) |
44 | 44 | ||
45 | #ifndef _GLOB_H_ | 45 | #ifndef _COMPAT_GLOB_H_ |
46 | #define _GLOB_H_ | 46 | #define _COMPAT_GLOB_H_ |
47 | 47 | ||
48 | #include <sys/stat.h> | 48 | #include <sys/stat.h> |
49 | 49 | ||
50 | # define glob_t _ssh_compat_glob_t | ||
51 | # define glob(a, b, c, d) _ssh__compat_glob(a, b, c, d) | ||
52 | # define globfree(a) _ssh__compat_globfree(a) | ||
53 | |||
50 | struct stat; | 54 | struct stat; |
51 | typedef struct { | 55 | typedef struct { |
52 | int gl_pathc; /* Count of total paths so far. */ | 56 | int gl_pathc; /* Count of total paths so far. */ |
diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h index 1ff7114ef..8cc8a11b7 100644 --- a/openbsd-compat/openbsd-compat.h +++ b/openbsd-compat/openbsd-compat.h | |||
@@ -39,7 +39,6 @@ | |||
39 | /* OpenBSD function replacements */ | 39 | /* OpenBSD function replacements */ |
40 | #include "base64.h" | 40 | #include "base64.h" |
41 | #include "sigact.h" | 41 | #include "sigact.h" |
42 | #include "glob.h" | ||
43 | #include "readpassphrase.h" | 42 | #include "readpassphrase.h" |
44 | #include "vis.h" | 43 | #include "vis.h" |
45 | #include "getrrsetbyname.h" | 44 | #include "getrrsetbyname.h" |
diff --git a/openbsd-compat/port-solaris.c b/openbsd-compat/port-solaris.c index 25382f1c9..e36e412d7 100644 --- a/openbsd-compat/port-solaris.c +++ b/openbsd-compat/port-solaris.c | |||
@@ -227,3 +227,139 @@ solaris_set_default_project(struct passwd *pw) | |||
227 | } | 227 | } |
228 | } | 228 | } |
229 | #endif /* USE_SOLARIS_PROJECTS */ | 229 | #endif /* USE_SOLARIS_PROJECTS */ |
230 | |||
231 | #ifdef USE_SOLARIS_PRIVS | ||
232 | # ifdef HAVE_PRIV_H | ||
233 | # include <priv.h> | ||
234 | # endif | ||
235 | |||
236 | priv_set_t * | ||
237 | solaris_basic_privset(void) | ||
238 | { | ||
239 | priv_set_t *pset; | ||
240 | |||
241 | #ifdef HAVE_PRIV_BASICSET | ||
242 | if ((pset = priv_allocset()) == NULL) { | ||
243 | error("priv_allocset: %s", strerror(errno)); | ||
244 | return NULL; | ||
245 | } | ||
246 | priv_basicset(pset); | ||
247 | #else | ||
248 | if ((pset = priv_str_to_set("basic", ",", NULL)) == NULL) { | ||
249 | error("priv_str_to_set: %s", strerror(errno)); | ||
250 | return NULL; | ||
251 | } | ||
252 | #endif | ||
253 | return pset; | ||
254 | } | ||
255 | |||
256 | void | ||
257 | solaris_drop_privs_pinfo_net_fork_exec(void) | ||
258 | { | ||
259 | priv_set_t *pset = NULL, *npset = NULL; | ||
260 | |||
261 | /* | ||
262 | * Note: this variant avoids dropping DAC filesystem rights, in case | ||
263 | * the process calling it is running as root and should have the | ||
264 | * ability to read/write/chown any file on the system. | ||
265 | * | ||
266 | * We start with the basic set, then *add* the DAC rights to it while | ||
267 | * taking away other parts of BASIC we don't need. Then we intersect | ||
268 | * this with our existing PERMITTED set. In this way we keep any | ||
269 | * DAC rights we had before, while otherwise reducing ourselves to | ||
270 | * the minimum set of privileges we need to proceed. | ||
271 | * | ||
272 | * This also means we drop any other parts of "root" that we don't | ||
273 | * need (e.g. the ability to kill any process, create new device nodes | ||
274 | * etc etc). | ||
275 | */ | ||
276 | |||
277 | if ((pset = priv_allocset()) == NULL) | ||
278 | fatal("priv_allocset: %s", strerror(errno)); | ||
279 | if ((npset = solaris_basic_privset()) == NULL) | ||
280 | fatal("solaris_basic_privset: %s", strerror(errno)); | ||
281 | |||
282 | if (priv_addset(npset, PRIV_FILE_CHOWN) != 0 || | ||
283 | priv_addset(npset, PRIV_FILE_DAC_READ) != 0 || | ||
284 | priv_addset(npset, PRIV_FILE_DAC_SEARCH) != 0 || | ||
285 | priv_addset(npset, PRIV_FILE_DAC_WRITE) != 0 || | ||
286 | priv_addset(npset, PRIV_FILE_OWNER) != 0) | ||
287 | fatal("priv_addset: %s", strerror(errno)); | ||
288 | |||
289 | if (priv_delset(npset, PRIV_FILE_LINK_ANY) != 0 || | ||
290 | #ifdef PRIV_NET_ACCESS | ||
291 | priv_delset(npset, PRIV_NET_ACCESS) != 0 || | ||
292 | #endif | ||
293 | priv_delset(npset, PRIV_PROC_EXEC) != 0 || | ||
294 | priv_delset(npset, PRIV_PROC_FORK) != 0 || | ||
295 | priv_delset(npset, PRIV_PROC_INFO) != 0 || | ||
296 | priv_delset(npset, PRIV_PROC_SESSION) != 0) | ||
297 | fatal("priv_delset: %s", strerror(errno)); | ||
298 | |||
299 | if (getppriv(PRIV_PERMITTED, pset) != 0) | ||
300 | fatal("getppriv: %s", strerror(errno)); | ||
301 | |||
302 | priv_intersect(pset, npset); | ||
303 | |||
304 | if (setppriv(PRIV_SET, PRIV_PERMITTED, npset) != 0 || | ||
305 | setppriv(PRIV_SET, PRIV_LIMIT, npset) != 0 || | ||
306 | setppriv(PRIV_SET, PRIV_INHERITABLE, npset) != 0) | ||
307 | fatal("setppriv: %s", strerror(errno)); | ||
308 | |||
309 | priv_freeset(pset); | ||
310 | priv_freeset(npset); | ||
311 | } | ||
312 | |||
313 | void | ||
314 | solaris_drop_privs_root_pinfo_net(void) | ||
315 | { | ||
316 | priv_set_t *pset = NULL; | ||
317 | |||
318 | /* Start with "basic" and drop everything we don't need. */ | ||
319 | if ((pset = solaris_basic_privset()) == NULL) | ||
320 | fatal("solaris_basic_privset: %s", strerror(errno)); | ||
321 | |||
322 | if (priv_delset(pset, PRIV_FILE_LINK_ANY) != 0 || | ||
323 | #ifdef PRIV_NET_ACCESS | ||
324 | priv_delset(pset, PRIV_NET_ACCESS) != 0 || | ||
325 | #endif | ||
326 | priv_delset(pset, PRIV_PROC_INFO) != 0 || | ||
327 | priv_delset(pset, PRIV_PROC_SESSION) != 0) | ||
328 | fatal("priv_delset: %s", strerror(errno)); | ||
329 | |||
330 | if (setppriv(PRIV_SET, PRIV_PERMITTED, pset) != 0 || | ||
331 | setppriv(PRIV_SET, PRIV_LIMIT, pset) != 0 || | ||
332 | setppriv(PRIV_SET, PRIV_INHERITABLE, pset) != 0) | ||
333 | fatal("setppriv: %s", strerror(errno)); | ||
334 | |||
335 | priv_freeset(pset); | ||
336 | } | ||
337 | |||
338 | void | ||
339 | solaris_drop_privs_root_pinfo_net_exec(void) | ||
340 | { | ||
341 | priv_set_t *pset = NULL; | ||
342 | |||
343 | |||
344 | /* Start with "basic" and drop everything we don't need. */ | ||
345 | if ((pset = solaris_basic_privset()) == NULL) | ||
346 | fatal("solaris_basic_privset: %s", strerror(errno)); | ||
347 | |||
348 | if (priv_delset(pset, PRIV_FILE_LINK_ANY) != 0 || | ||
349 | #ifdef PRIV_NET_ACCESS | ||
350 | priv_delset(pset, PRIV_NET_ACCESS) != 0 || | ||
351 | #endif | ||
352 | priv_delset(pset, PRIV_PROC_EXEC) != 0 || | ||
353 | priv_delset(pset, PRIV_PROC_INFO) != 0 || | ||
354 | priv_delset(pset, PRIV_PROC_SESSION) != 0) | ||
355 | fatal("priv_delset: %s", strerror(errno)); | ||
356 | |||
357 | if (setppriv(PRIV_SET, PRIV_PERMITTED, pset) != 0 || | ||
358 | setppriv(PRIV_SET, PRIV_LIMIT, pset) != 0 || | ||
359 | setppriv(PRIV_SET, PRIV_INHERITABLE, pset) != 0) | ||
360 | fatal("setppriv: %s", strerror(errno)); | ||
361 | |||
362 | priv_freeset(pset); | ||
363 | } | ||
364 | |||
365 | #endif | ||
diff --git a/openbsd-compat/port-solaris.h b/openbsd-compat/port-solaris.h index cd442e78b..3a41ea8cd 100644 --- a/openbsd-compat/port-solaris.h +++ b/openbsd-compat/port-solaris.h | |||
@@ -26,5 +26,11 @@ void solaris_contract_pre_fork(void); | |||
26 | void solaris_contract_post_fork_child(void); | 26 | void solaris_contract_post_fork_child(void); |
27 | void solaris_contract_post_fork_parent(pid_t pid); | 27 | void solaris_contract_post_fork_parent(pid_t pid); |
28 | void solaris_set_default_project(struct passwd *); | 28 | void solaris_set_default_project(struct passwd *); |
29 | # ifdef USE_SOLARIS_PRIVS | ||
30 | priv_set_t *solaris_basic_privset(void); | ||
31 | void solaris_drop_privs_pinfo_net_fork_exec(void); | ||
32 | void solaris_drop_privs_root_pinfo_net(void); | ||
33 | void solaris_drop_privs_root_pinfo_net_exec(void); | ||
34 | # endif /* USE_SOLARIS_PRIVS */ | ||
29 | 35 | ||
30 | #endif | 36 | #endif |
diff --git a/openbsd-compat/realpath.c b/openbsd-compat/realpath.c index ba4cea938..a2f090e55 100644 --- a/openbsd-compat/realpath.c +++ b/openbsd-compat/realpath.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: realpath.c,v 1.13 2005/08/08 08:05:37 espie Exp $ */ | 1 | /* $OpenBSD: realpath.c,v 1.20 2015/10/13 20:55:37 millert Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2003 Constantin S. Svintsoff <kostik@iclub.nsu.ru> | 3 | * Copyright (c) 2003 Constantin S. Svintsoff <kostik@iclub.nsu.ru> |
4 | * | 4 | * |
@@ -42,6 +42,13 @@ | |||
42 | #include <stddef.h> | 42 | #include <stddef.h> |
43 | #include <string.h> | 43 | #include <string.h> |
44 | #include <unistd.h> | 44 | #include <unistd.h> |
45 | #include <limits.h> | ||
46 | |||
47 | #ifndef SYMLOOP_MAX | ||
48 | # define SYMLOOP_MAX 32 | ||
49 | #endif | ||
50 | |||
51 | /* A slightly modified copy of this file exists in libexec/ld.so */ | ||
45 | 52 | ||
46 | /* | 53 | /* |
47 | * char *realpath(const char *path, char resolved[PATH_MAX]); | 54 | * char *realpath(const char *path, char resolved[PATH_MAX]); |
@@ -51,16 +58,30 @@ | |||
51 | * in which case the path which caused trouble is left in (resolved). | 58 | * in which case the path which caused trouble is left in (resolved). |
52 | */ | 59 | */ |
53 | char * | 60 | char * |
54 | realpath(const char *path, char resolved[PATH_MAX]) | 61 | realpath(const char *path, char *resolved) |
55 | { | 62 | { |
56 | struct stat sb; | 63 | struct stat sb; |
57 | char *p, *q, *s; | 64 | char *p, *q, *s; |
58 | size_t left_len, resolved_len; | 65 | size_t left_len, resolved_len; |
59 | unsigned symlinks; | 66 | unsigned symlinks; |
60 | int serrno, slen; | 67 | int serrno, slen, mem_allocated; |
61 | char left[PATH_MAX], next_token[PATH_MAX], symlink[PATH_MAX]; | 68 | char left[PATH_MAX], next_token[PATH_MAX], symlink[PATH_MAX]; |
62 | 69 | ||
70 | if (path[0] == '\0') { | ||
71 | errno = ENOENT; | ||
72 | return (NULL); | ||
73 | } | ||
74 | |||
63 | serrno = errno; | 75 | serrno = errno; |
76 | |||
77 | if (resolved == NULL) { | ||
78 | resolved = malloc(PATH_MAX); | ||
79 | if (resolved == NULL) | ||
80 | return (NULL); | ||
81 | mem_allocated = 1; | ||
82 | } else | ||
83 | mem_allocated = 0; | ||
84 | |||
64 | symlinks = 0; | 85 | symlinks = 0; |
65 | if (path[0] == '/') { | 86 | if (path[0] == '/') { |
66 | resolved[0] = '/'; | 87 | resolved[0] = '/'; |
@@ -71,7 +92,10 @@ realpath(const char *path, char resolved[PATH_MAX]) | |||
71 | left_len = strlcpy(left, path + 1, sizeof(left)); | 92 | left_len = strlcpy(left, path + 1, sizeof(left)); |
72 | } else { | 93 | } else { |
73 | if (getcwd(resolved, PATH_MAX) == NULL) { | 94 | if (getcwd(resolved, PATH_MAX) == NULL) { |
74 | strlcpy(resolved, ".", PATH_MAX); | 95 | if (mem_allocated) |
96 | free(resolved); | ||
97 | else | ||
98 | strlcpy(resolved, ".", PATH_MAX); | ||
75 | return (NULL); | 99 | return (NULL); |
76 | } | 100 | } |
77 | resolved_len = strlen(resolved); | 101 | resolved_len = strlen(resolved); |
@@ -79,7 +103,7 @@ realpath(const char *path, char resolved[PATH_MAX]) | |||
79 | } | 103 | } |
80 | if (left_len >= sizeof(left) || resolved_len >= PATH_MAX) { | 104 | if (left_len >= sizeof(left) || resolved_len >= PATH_MAX) { |
81 | errno = ENAMETOOLONG; | 105 | errno = ENAMETOOLONG; |
82 | return (NULL); | 106 | goto err; |
83 | } | 107 | } |
84 | 108 | ||
85 | /* | 109 | /* |
@@ -94,7 +118,7 @@ realpath(const char *path, char resolved[PATH_MAX]) | |||
94 | s = p ? p : left + left_len; | 118 | s = p ? p : left + left_len; |
95 | if (s - left >= (ptrdiff_t)sizeof(next_token)) { | 119 | if (s - left >= (ptrdiff_t)sizeof(next_token)) { |
96 | errno = ENAMETOOLONG; | 120 | errno = ENAMETOOLONG; |
97 | return (NULL); | 121 | goto err; |
98 | } | 122 | } |
99 | memcpy(next_token, left, s - left); | 123 | memcpy(next_token, left, s - left); |
100 | next_token[s - left] = '\0'; | 124 | next_token[s - left] = '\0'; |
@@ -104,7 +128,7 @@ realpath(const char *path, char resolved[PATH_MAX]) | |||
104 | if (resolved[resolved_len - 1] != '/') { | 128 | if (resolved[resolved_len - 1] != '/') { |
105 | if (resolved_len + 1 >= PATH_MAX) { | 129 | if (resolved_len + 1 >= PATH_MAX) { |
106 | errno = ENAMETOOLONG; | 130 | errno = ENAMETOOLONG; |
107 | return (NULL); | 131 | goto err; |
108 | } | 132 | } |
109 | resolved[resolved_len++] = '/'; | 133 | resolved[resolved_len++] = '/'; |
110 | resolved[resolved_len] = '\0'; | 134 | resolved[resolved_len] = '\0'; |
@@ -135,23 +159,23 @@ realpath(const char *path, char resolved[PATH_MAX]) | |||
135 | resolved_len = strlcat(resolved, next_token, PATH_MAX); | 159 | resolved_len = strlcat(resolved, next_token, PATH_MAX); |
136 | if (resolved_len >= PATH_MAX) { | 160 | if (resolved_len >= PATH_MAX) { |
137 | errno = ENAMETOOLONG; | 161 | errno = ENAMETOOLONG; |
138 | return (NULL); | 162 | goto err; |
139 | } | 163 | } |
140 | if (lstat(resolved, &sb) != 0) { | 164 | if (lstat(resolved, &sb) != 0) { |
141 | if (errno == ENOENT && p == NULL) { | 165 | if (errno == ENOENT && p == NULL) { |
142 | errno = serrno; | 166 | errno = serrno; |
143 | return (resolved); | 167 | return (resolved); |
144 | } | 168 | } |
145 | return (NULL); | 169 | goto err; |
146 | } | 170 | } |
147 | if (S_ISLNK(sb.st_mode)) { | 171 | if (S_ISLNK(sb.st_mode)) { |
148 | if (symlinks++ > MAXSYMLINKS) { | 172 | if (symlinks++ > SYMLOOP_MAX) { |
149 | errno = ELOOP; | 173 | errno = ELOOP; |
150 | return (NULL); | 174 | goto err; |
151 | } | 175 | } |
152 | slen = readlink(resolved, symlink, sizeof(symlink) - 1); | 176 | slen = readlink(resolved, symlink, sizeof(symlink) - 1); |
153 | if (slen < 0) | 177 | if (slen < 0) |
154 | return (NULL); | 178 | goto err; |
155 | symlink[slen] = '\0'; | 179 | symlink[slen] = '\0'; |
156 | if (symlink[0] == '/') { | 180 | if (symlink[0] == '/') { |
157 | resolved[1] = 0; | 181 | resolved[1] = 0; |
@@ -174,15 +198,15 @@ realpath(const char *path, char resolved[PATH_MAX]) | |||
174 | if (slen + 1 >= | 198 | if (slen + 1 >= |
175 | (ptrdiff_t)sizeof(symlink)) { | 199 | (ptrdiff_t)sizeof(symlink)) { |
176 | errno = ENAMETOOLONG; | 200 | errno = ENAMETOOLONG; |
177 | return (NULL); | 201 | goto err; |
178 | } | 202 | } |
179 | symlink[slen] = '/'; | 203 | symlink[slen] = '/'; |
180 | symlink[slen + 1] = 0; | 204 | symlink[slen + 1] = 0; |
181 | } | 205 | } |
182 | left_len = strlcat(symlink, left, sizeof(left)); | 206 | left_len = strlcat(symlink, left, sizeof(symlink)); |
183 | if (left_len >= sizeof(left)) { | 207 | if (left_len >= sizeof(symlink)) { |
184 | errno = ENAMETOOLONG; | 208 | errno = ENAMETOOLONG; |
185 | return (NULL); | 209 | goto err; |
186 | } | 210 | } |
187 | } | 211 | } |
188 | left_len = strlcpy(left, symlink, sizeof(left)); | 212 | left_len = strlcpy(left, symlink, sizeof(left)); |
@@ -196,5 +220,10 @@ realpath(const char *path, char resolved[PATH_MAX]) | |||
196 | if (resolved_len > 1 && resolved[resolved_len - 1] == '/') | 220 | if (resolved_len > 1 && resolved[resolved_len - 1] == '/') |
197 | resolved[resolved_len - 1] = '\0'; | 221 | resolved[resolved_len - 1] = '\0'; |
198 | return (resolved); | 222 | return (resolved); |
223 | |||
224 | err: | ||
225 | if (mem_allocated) | ||
226 | free(resolved); | ||
227 | return (NULL); | ||
199 | } | 228 | } |
200 | #endif /* !defined(HAVE_REALPATH) || defined(BROKEN_REALPATH) */ | 229 | #endif /* !defined(HAVE_REALPATH) || defined(BROKEN_REALPATH) */ |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: packet.c,v 1.214 2015/08/20 22:32:42 deraadt Exp $ */ | 1 | /* $OpenBSD: packet.c,v 1.229 2016/02/17 22:20:14 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -83,7 +83,6 @@ | |||
83 | #include "channels.h" | 83 | #include "channels.h" |
84 | #include "ssh.h" | 84 | #include "ssh.h" |
85 | #include "packet.h" | 85 | #include "packet.h" |
86 | #include "roaming.h" | ||
87 | #include "ssherr.h" | 86 | #include "ssherr.h" |
88 | #include "sshbuf.h" | 87 | #include "sshbuf.h" |
89 | 88 | ||
@@ -181,8 +180,7 @@ struct session_state { | |||
181 | struct packet_state p_read, p_send; | 180 | struct packet_state p_read, p_send; |
182 | 181 | ||
183 | /* Volume-based rekeying */ | 182 | /* Volume-based rekeying */ |
184 | u_int64_t max_blocks_in, max_blocks_out; | 183 | u_int64_t max_blocks_in, max_blocks_out, rekey_limit; |
185 | u_int32_t rekey_limit; | ||
186 | 184 | ||
187 | /* Time-based rekeying */ | 185 | /* Time-based rekeying */ |
188 | u_int32_t rekey_interval; /* how often in seconds */ | 186 | u_int32_t rekey_interval; /* how often in seconds */ |
@@ -261,6 +259,14 @@ ssh_alloc_session_state(void) | |||
261 | return NULL; | 259 | return NULL; |
262 | } | 260 | } |
263 | 261 | ||
262 | /* Returns nonzero if rekeying is in progress */ | ||
263 | int | ||
264 | ssh_packet_is_rekeying(struct ssh *ssh) | ||
265 | { | ||
266 | return compat20 && | ||
267 | (ssh->state->rekeying || (ssh->kex != NULL && ssh->kex->done == 0)); | ||
268 | } | ||
269 | |||
264 | /* | 270 | /* |
265 | * Sets the descriptors used for communication. Disables encryption until | 271 | * Sets the descriptors used for communication. Disables encryption until |
266 | * packet_set_encryption_key is called. | 272 | * packet_set_encryption_key is called. |
@@ -338,7 +344,8 @@ ssh_packet_stop_discard(struct ssh *ssh) | |||
338 | sshbuf_ptr(state->incoming_packet), PACKET_MAX_SIZE, | 344 | sshbuf_ptr(state->incoming_packet), PACKET_MAX_SIZE, |
339 | NULL, 0); | 345 | NULL, 0); |
340 | } | 346 | } |
341 | logit("Finished discarding for %.200s", ssh_remote_ipaddr(ssh)); | 347 | logit("Finished discarding for %.200s port %d", |
348 | ssh_remote_ipaddr(ssh), ssh_remote_port(ssh)); | ||
342 | return SSH_ERR_MAC_INVALID; | 349 | return SSH_ERR_MAC_INVALID; |
343 | } | 350 | } |
344 | 351 | ||
@@ -455,16 +462,30 @@ ssh_packet_get_connection_out(struct ssh *ssh) | |||
455 | const char * | 462 | const char * |
456 | ssh_remote_ipaddr(struct ssh *ssh) | 463 | ssh_remote_ipaddr(struct ssh *ssh) |
457 | { | 464 | { |
465 | const int sock = ssh->state->connection_in; | ||
466 | |||
458 | /* Check whether we have cached the ipaddr. */ | 467 | /* Check whether we have cached the ipaddr. */ |
459 | if (ssh->remote_ipaddr == NULL) | 468 | if (ssh->remote_ipaddr == NULL) { |
460 | ssh->remote_ipaddr = ssh_packet_connection_is_on_socket(ssh) ? | 469 | if (ssh_packet_connection_is_on_socket(ssh)) { |
461 | get_peer_ipaddr(ssh->state->connection_in) : | 470 | ssh->remote_ipaddr = get_peer_ipaddr(sock); |
462 | strdup("UNKNOWN"); | 471 | ssh->remote_port = get_sock_port(sock, 0); |
463 | if (ssh->remote_ipaddr == NULL) | 472 | } else { |
464 | return "UNKNOWN"; | 473 | ssh->remote_ipaddr = strdup("UNKNOWN"); |
474 | ssh->remote_port = 0; | ||
475 | } | ||
476 | } | ||
465 | return ssh->remote_ipaddr; | 477 | return ssh->remote_ipaddr; |
466 | } | 478 | } |
467 | 479 | ||
480 | /* Returns the port number of the remote host. */ | ||
481 | |||
482 | int | ||
483 | ssh_remote_port(struct ssh *ssh) | ||
484 | { | ||
485 | (void)ssh_remote_ipaddr(ssh); /* Will lookup and cache. */ | ||
486 | return ssh->remote_port; | ||
487 | } | ||
488 | |||
468 | /* Closes the connection and clears and frees internal data structures. */ | 489 | /* Closes the connection and clears and frees internal data structures. */ |
469 | 490 | ||
470 | void | 491 | void |
@@ -519,10 +540,8 @@ ssh_packet_close(struct ssh *ssh) | |||
519 | error("%s: cipher_cleanup failed: %s", __func__, ssh_err(r)); | 540 | error("%s: cipher_cleanup failed: %s", __func__, ssh_err(r)); |
520 | if ((r = cipher_cleanup(&state->receive_context)) != 0) | 541 | if ((r = cipher_cleanup(&state->receive_context)) != 0) |
521 | error("%s: cipher_cleanup failed: %s", __func__, ssh_err(r)); | 542 | error("%s: cipher_cleanup failed: %s", __func__, ssh_err(r)); |
522 | if (ssh->remote_ipaddr) { | 543 | free(ssh->remote_ipaddr); |
523 | free(ssh->remote_ipaddr); | 544 | ssh->remote_ipaddr = NULL; |
524 | ssh->remote_ipaddr = NULL; | ||
525 | } | ||
526 | free(ssh->state); | 545 | free(ssh->state); |
527 | ssh->state = NULL; | 546 | ssh->state = NULL; |
528 | } | 547 | } |
@@ -941,7 +960,12 @@ ssh_set_newkeys(struct ssh *ssh, int mode) | |||
941 | max_blocks = &state->max_blocks_in; | 960 | max_blocks = &state->max_blocks_in; |
942 | } | 961 | } |
943 | if (state->newkeys[mode] != NULL) { | 962 | if (state->newkeys[mode] != NULL) { |
944 | debug("set_newkeys: rekeying"); | 963 | debug("set_newkeys: rekeying, input %llu bytes %llu blocks, " |
964 | "output %llu bytes %llu blocks", | ||
965 | (unsigned long long)state->p_read.bytes, | ||
966 | (unsigned long long)state->p_read.blocks, | ||
967 | (unsigned long long)state->p_send.bytes, | ||
968 | (unsigned long long)state->p_send.blocks); | ||
945 | if ((r = cipher_cleanup(cc)) != 0) | 969 | if ((r = cipher_cleanup(cc)) != 0) |
946 | return r; | 970 | return r; |
947 | enc = &state->newkeys[mode]->enc; | 971 | enc = &state->newkeys[mode]->enc; |
@@ -1009,9 +1033,55 @@ ssh_set_newkeys(struct ssh *ssh, int mode) | |||
1009 | if (state->rekey_limit) | 1033 | if (state->rekey_limit) |
1010 | *max_blocks = MIN(*max_blocks, | 1034 | *max_blocks = MIN(*max_blocks, |
1011 | state->rekey_limit / enc->block_size); | 1035 | state->rekey_limit / enc->block_size); |
1036 | debug("rekey after %llu blocks", (unsigned long long)*max_blocks); | ||
1012 | return 0; | 1037 | return 0; |
1013 | } | 1038 | } |
1014 | 1039 | ||
1040 | #define MAX_PACKETS (1U<<31) | ||
1041 | static int | ||
1042 | ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len) | ||
1043 | { | ||
1044 | struct session_state *state = ssh->state; | ||
1045 | u_int32_t out_blocks; | ||
1046 | |||
1047 | /* XXX client can't cope with rekeying pre-auth */ | ||
1048 | if (!state->after_authentication) | ||
1049 | return 0; | ||
1050 | |||
1051 | /* Haven't keyed yet or KEX in progress. */ | ||
1052 | if (ssh->kex == NULL || ssh_packet_is_rekeying(ssh)) | ||
1053 | return 0; | ||
1054 | |||
1055 | /* Peer can't rekey */ | ||
1056 | if (ssh->compat & SSH_BUG_NOREKEY) | ||
1057 | return 0; | ||
1058 | |||
1059 | /* | ||
1060 | * Permit one packet in or out per rekey - this allows us to | ||
1061 | * make progress when rekey limits are very small. | ||
1062 | */ | ||
1063 | if (state->p_send.packets == 0 && state->p_read.packets == 0) | ||
1064 | return 0; | ||
1065 | |||
1066 | /* Time-based rekeying */ | ||
1067 | if (state->rekey_interval != 0 && | ||
1068 | state->rekey_time + state->rekey_interval <= monotime()) | ||
1069 | return 1; | ||
1070 | |||
1071 | /* Always rekey when MAX_PACKETS sent in either direction */ | ||
1072 | if (state->p_send.packets > MAX_PACKETS || | ||
1073 | state->p_read.packets > MAX_PACKETS) | ||
1074 | return 1; | ||
1075 | |||
1076 | /* Rekey after (cipher-specific) maxiumum blocks */ | ||
1077 | out_blocks = roundup(outbound_packet_len, | ||
1078 | state->newkeys[MODE_OUT]->enc.block_size); | ||
1079 | return (state->max_blocks_out && | ||
1080 | (state->p_send.blocks + out_blocks > state->max_blocks_out)) || | ||
1081 | (state->max_blocks_in && | ||
1082 | (state->p_read.blocks > state->max_blocks_in)); | ||
1083 | } | ||
1084 | |||
1015 | /* | 1085 | /* |
1016 | * Delayed compression for SSH2 is enabled after authentication: | 1086 | * Delayed compression for SSH2 is enabled after authentication: |
1017 | * This happens on the server side after a SSH2_MSG_USERAUTH_SUCCESS is sent, | 1087 | * This happens on the server side after a SSH2_MSG_USERAUTH_SUCCESS is sent, |
@@ -1050,6 +1120,20 @@ ssh_packet_enable_delayed_compress(struct ssh *ssh) | |||
1050 | return 0; | 1120 | return 0; |
1051 | } | 1121 | } |
1052 | 1122 | ||
1123 | /* Used to mute debug logging for noisy packet types */ | ||
1124 | static int | ||
1125 | ssh_packet_log_type(u_char type) | ||
1126 | { | ||
1127 | switch (type) { | ||
1128 | case SSH2_MSG_CHANNEL_DATA: | ||
1129 | case SSH2_MSG_CHANNEL_EXTENDED_DATA: | ||
1130 | case SSH2_MSG_CHANNEL_WINDOW_ADJUST: | ||
1131 | return 0; | ||
1132 | default: | ||
1133 | return 1; | ||
1134 | } | ||
1135 | } | ||
1136 | |||
1053 | /* | 1137 | /* |
1054 | * Finalize packet in SSH2 format (compress, mac, encrypt, enqueue) | 1138 | * Finalize packet in SSH2 format (compress, mac, encrypt, enqueue) |
1055 | */ | 1139 | */ |
@@ -1078,7 +1162,8 @@ ssh_packet_send2_wrapped(struct ssh *ssh) | |||
1078 | aadlen = (mac && mac->enabled && mac->etm) || authlen ? 4 : 0; | 1162 | aadlen = (mac && mac->enabled && mac->etm) || authlen ? 4 : 0; |
1079 | 1163 | ||
1080 | type = (sshbuf_ptr(state->outgoing_packet))[5]; | 1164 | type = (sshbuf_ptr(state->outgoing_packet))[5]; |
1081 | 1165 | if (ssh_packet_log_type(type)) | |
1166 | debug3("send packet: type %u", type); | ||
1082 | #ifdef PACKET_DEBUG | 1167 | #ifdef PACKET_DEBUG |
1083 | fprintf(stderr, "plain: "); | 1168 | fprintf(stderr, "plain: "); |
1084 | sshbuf_dump(state->outgoing_packet, stderr); | 1169 | sshbuf_dump(state->outgoing_packet, stderr); |
@@ -1200,34 +1285,58 @@ ssh_packet_send2_wrapped(struct ssh *ssh) | |||
1200 | return r; | 1285 | return r; |
1201 | } | 1286 | } |
1202 | 1287 | ||
1288 | /* returns non-zero if the specified packet type is usec by KEX */ | ||
1289 | static int | ||
1290 | ssh_packet_type_is_kex(u_char type) | ||
1291 | { | ||
1292 | return | ||
1293 | type >= SSH2_MSG_TRANSPORT_MIN && | ||
1294 | type <= SSH2_MSG_TRANSPORT_MAX && | ||
1295 | type != SSH2_MSG_SERVICE_REQUEST && | ||
1296 | type != SSH2_MSG_SERVICE_ACCEPT && | ||
1297 | type != SSH2_MSG_EXT_INFO; | ||
1298 | } | ||
1299 | |||
1203 | int | 1300 | int |
1204 | ssh_packet_send2(struct ssh *ssh) | 1301 | ssh_packet_send2(struct ssh *ssh) |
1205 | { | 1302 | { |
1206 | struct session_state *state = ssh->state; | 1303 | struct session_state *state = ssh->state; |
1207 | struct packet *p; | 1304 | struct packet *p; |
1208 | u_char type; | 1305 | u_char type; |
1209 | int r; | 1306 | int r, need_rekey; |
1210 | 1307 | ||
1308 | if (sshbuf_len(state->outgoing_packet) < 6) | ||
1309 | return SSH_ERR_INTERNAL_ERROR; | ||
1211 | type = sshbuf_ptr(state->outgoing_packet)[5]; | 1310 | type = sshbuf_ptr(state->outgoing_packet)[5]; |
1311 | need_rekey = !ssh_packet_type_is_kex(type) && | ||
1312 | ssh_packet_need_rekeying(ssh, sshbuf_len(state->outgoing_packet)); | ||
1212 | 1313 | ||
1213 | /* during rekeying we can only send key exchange messages */ | 1314 | /* |
1214 | if (state->rekeying) { | 1315 | * During rekeying we can only send key exchange messages. |
1215 | if ((type < SSH2_MSG_TRANSPORT_MIN) || | 1316 | * Queue everything else. |
1216 | (type > SSH2_MSG_TRANSPORT_MAX) || | 1317 | */ |
1217 | (type == SSH2_MSG_SERVICE_REQUEST) || | 1318 | if ((need_rekey || state->rekeying) && !ssh_packet_type_is_kex(type)) { |
1218 | (type == SSH2_MSG_SERVICE_ACCEPT)) { | 1319 | if (need_rekey) |
1219 | debug("enqueue packet: %u", type); | 1320 | debug3("%s: rekex triggered", __func__); |
1220 | p = calloc(1, sizeof(*p)); | 1321 | debug("enqueue packet: %u", type); |
1221 | if (p == NULL) | 1322 | p = calloc(1, sizeof(*p)); |
1222 | return SSH_ERR_ALLOC_FAIL; | 1323 | if (p == NULL) |
1223 | p->type = type; | 1324 | return SSH_ERR_ALLOC_FAIL; |
1224 | p->payload = state->outgoing_packet; | 1325 | p->type = type; |
1225 | TAILQ_INSERT_TAIL(&state->outgoing, p, next); | 1326 | p->payload = state->outgoing_packet; |
1226 | state->outgoing_packet = sshbuf_new(); | 1327 | TAILQ_INSERT_TAIL(&state->outgoing, p, next); |
1227 | if (state->outgoing_packet == NULL) | 1328 | state->outgoing_packet = sshbuf_new(); |
1228 | return SSH_ERR_ALLOC_FAIL; | 1329 | if (state->outgoing_packet == NULL) |
1229 | return 0; | 1330 | return SSH_ERR_ALLOC_FAIL; |
1331 | if (need_rekey) { | ||
1332 | /* | ||
1333 | * This packet triggered a rekey, so send the | ||
1334 | * KEXINIT now. | ||
1335 | * NB. reenters this function via kex_start_rekex(). | ||
1336 | */ | ||
1337 | return kex_start_rekex(ssh); | ||
1230 | } | 1338 | } |
1339 | return 0; | ||
1231 | } | 1340 | } |
1232 | 1341 | ||
1233 | /* rekeying starts with sending KEXINIT */ | 1342 | /* rekeying starts with sending KEXINIT */ |
@@ -1243,10 +1352,22 @@ ssh_packet_send2(struct ssh *ssh) | |||
1243 | state->rekey_time = monotime(); | 1352 | state->rekey_time = monotime(); |
1244 | while ((p = TAILQ_FIRST(&state->outgoing))) { | 1353 | while ((p = TAILQ_FIRST(&state->outgoing))) { |
1245 | type = p->type; | 1354 | type = p->type; |
1355 | /* | ||
1356 | * If this packet triggers a rekex, then skip the | ||
1357 | * remaining packets in the queue for now. | ||
1358 | * NB. re-enters this function via kex_start_rekex. | ||
1359 | */ | ||
1360 | if (ssh_packet_need_rekeying(ssh, | ||
1361 | sshbuf_len(p->payload))) { | ||
1362 | debug3("%s: queued packet triggered rekex", | ||
1363 | __func__); | ||
1364 | return kex_start_rekex(ssh); | ||
1365 | } | ||
1246 | debug("dequeue packet: %u", type); | 1366 | debug("dequeue packet: %u", type); |
1247 | sshbuf_free(state->outgoing_packet); | 1367 | sshbuf_free(state->outgoing_packet); |
1248 | state->outgoing_packet = p->payload; | 1368 | state->outgoing_packet = p->payload; |
1249 | TAILQ_REMOVE(&state->outgoing, p, next); | 1369 | TAILQ_REMOVE(&state->outgoing, p, next); |
1370 | memset(p, 0, sizeof(*p)); | ||
1250 | free(p); | 1371 | free(p); |
1251 | if ((r = ssh_packet_send2_wrapped(ssh)) != 0) | 1372 | if ((r = ssh_packet_send2_wrapped(ssh)) != 0) |
1252 | return r; | 1373 | return r; |
@@ -1265,7 +1386,7 @@ int | |||
1265 | ssh_packet_read_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) | 1386 | ssh_packet_read_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) |
1266 | { | 1387 | { |
1267 | struct session_state *state = ssh->state; | 1388 | struct session_state *state = ssh->state; |
1268 | int len, r, ms_remain, cont; | 1389 | int len, r, ms_remain; |
1269 | fd_set *setp; | 1390 | fd_set *setp; |
1270 | char buf[8192]; | 1391 | char buf[8192]; |
1271 | struct timeval timeout, start, *timeoutp = NULL; | 1392 | struct timeval timeout, start, *timeoutp = NULL; |
@@ -1335,11 +1456,7 @@ ssh_packet_read_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) | |||
1335 | if (r == 0) | 1456 | if (r == 0) |
1336 | return SSH_ERR_CONN_TIMEOUT; | 1457 | return SSH_ERR_CONN_TIMEOUT; |
1337 | /* Read data from the socket. */ | 1458 | /* Read data from the socket. */ |
1338 | do { | 1459 | len = read(state->connection_in, buf, sizeof(buf)); |
1339 | cont = 0; | ||
1340 | len = roaming_read(state->connection_in, buf, | ||
1341 | sizeof(buf), &cont); | ||
1342 | } while (len == 0 && cont); | ||
1343 | if (len == 0) { | 1460 | if (len == 0) { |
1344 | r = SSH_ERR_CONN_CLOSED; | 1461 | r = SSH_ERR_CONN_CLOSED; |
1345 | goto out; | 1462 | goto out; |
@@ -1734,6 +1851,8 @@ ssh_packet_read_poll2(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) | |||
1734 | */ | 1851 | */ |
1735 | if ((r = sshbuf_get_u8(state->incoming_packet, typep)) != 0) | 1852 | if ((r = sshbuf_get_u8(state->incoming_packet, typep)) != 0) |
1736 | goto out; | 1853 | goto out; |
1854 | if (ssh_packet_log_type(*typep)) | ||
1855 | debug3("receive packet: type %u", *typep); | ||
1737 | if (*typep < SSH2_MSG_MIN || *typep >= SSH2_MSG_LOCAL_MIN) { | 1856 | if (*typep < SSH2_MSG_MIN || *typep >= SSH2_MSG_LOCAL_MIN) { |
1738 | if ((r = sshpkt_disconnect(ssh, | 1857 | if ((r = sshpkt_disconnect(ssh, |
1739 | "Invalid ssh2 packet type: %d", *typep)) != 0 || | 1858 | "Invalid ssh2 packet type: %d", *typep)) != 0 || |
@@ -1753,6 +1872,13 @@ ssh_packet_read_poll2(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) | |||
1753 | #endif | 1872 | #endif |
1754 | /* reset for next packet */ | 1873 | /* reset for next packet */ |
1755 | state->packlen = 0; | 1874 | state->packlen = 0; |
1875 | |||
1876 | /* do we need to rekey? */ | ||
1877 | if (ssh_packet_need_rekeying(ssh, 0)) { | ||
1878 | debug3("%s: rekex triggered", __func__); | ||
1879 | if ((r = kex_start_rekex(ssh)) != 0) | ||
1880 | return r; | ||
1881 | } | ||
1756 | out: | 1882 | out: |
1757 | return r; | 1883 | return r; |
1758 | } | 1884 | } |
@@ -1783,8 +1909,7 @@ ssh_packet_read_poll_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) | |||
1783 | if ((r = sshpkt_get_u8(ssh, NULL)) != 0 || | 1909 | if ((r = sshpkt_get_u8(ssh, NULL)) != 0 || |
1784 | (r = sshpkt_get_string(ssh, &msg, NULL)) != 0 || | 1910 | (r = sshpkt_get_string(ssh, &msg, NULL)) != 0 || |
1785 | (r = sshpkt_get_string(ssh, NULL, NULL)) != 0) { | 1911 | (r = sshpkt_get_string(ssh, NULL, NULL)) != 0) { |
1786 | if (msg) | 1912 | free(msg); |
1787 | free(msg); | ||
1788 | return r; | 1913 | return r; |
1789 | } | 1914 | } |
1790 | debug("Remote: %.900s", msg); | 1915 | debug("Remote: %.900s", msg); |
@@ -1798,8 +1923,9 @@ ssh_packet_read_poll_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) | |||
1798 | do_log2(ssh->state->server_side && | 1923 | do_log2(ssh->state->server_side && |
1799 | reason == SSH2_DISCONNECT_BY_APPLICATION ? | 1924 | reason == SSH2_DISCONNECT_BY_APPLICATION ? |
1800 | SYSLOG_LEVEL_INFO : SYSLOG_LEVEL_ERROR, | 1925 | SYSLOG_LEVEL_INFO : SYSLOG_LEVEL_ERROR, |
1801 | "Received disconnect from %s: %u: %.400s", | 1926 | "Received disconnect from %s port %d:" |
1802 | ssh_remote_ipaddr(ssh), reason, msg); | 1927 | "%u: %.400s", ssh_remote_ipaddr(ssh), |
1928 | ssh_remote_port(ssh), reason, msg); | ||
1803 | free(msg); | 1929 | free(msg); |
1804 | return SSH_ERR_DISCONNECTED; | 1930 | return SSH_ERR_DISCONNECTED; |
1805 | case SSH2_MSG_UNIMPLEMENTED: | 1931 | case SSH2_MSG_UNIMPLEMENTED: |
@@ -1827,8 +1953,9 @@ ssh_packet_read_poll_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) | |||
1827 | case SSH_MSG_DISCONNECT: | 1953 | case SSH_MSG_DISCONNECT: |
1828 | if ((r = sshpkt_get_string(ssh, &msg, NULL)) != 0) | 1954 | if ((r = sshpkt_get_string(ssh, &msg, NULL)) != 0) |
1829 | return r; | 1955 | return r; |
1830 | error("Received disconnect from %s: %.400s", | 1956 | error("Received disconnect from %s port %d: " |
1831 | ssh_remote_ipaddr(ssh), msg); | 1957 | "%.400s", ssh_remote_ipaddr(ssh), |
1958 | ssh_remote_port(ssh), msg); | ||
1832 | free(msg); | 1959 | free(msg); |
1833 | return SSH_ERR_DISCONNECTED; | 1960 | return SSH_ERR_DISCONNECTED; |
1834 | default: | 1961 | default: |
@@ -1918,19 +2045,22 @@ sshpkt_fatal(struct ssh *ssh, const char *tag, int r) | |||
1918 | { | 2045 | { |
1919 | switch (r) { | 2046 | switch (r) { |
1920 | case SSH_ERR_CONN_CLOSED: | 2047 | case SSH_ERR_CONN_CLOSED: |
1921 | logit("Connection closed by %.200s", ssh_remote_ipaddr(ssh)); | 2048 | logit("Connection closed by %.200s port %d", |
2049 | ssh_remote_ipaddr(ssh), ssh_remote_port(ssh)); | ||
1922 | cleanup_exit(255); | 2050 | cleanup_exit(255); |
1923 | case SSH_ERR_CONN_TIMEOUT: | 2051 | case SSH_ERR_CONN_TIMEOUT: |
1924 | logit("Connection to %.200s timed out", ssh_remote_ipaddr(ssh)); | 2052 | logit("Connection %s %.200s port %d timed out", |
2053 | ssh->state->server_side ? "from" : "to", | ||
2054 | ssh_remote_ipaddr(ssh), ssh_remote_port(ssh)); | ||
1925 | cleanup_exit(255); | 2055 | cleanup_exit(255); |
1926 | case SSH_ERR_DISCONNECTED: | 2056 | case SSH_ERR_DISCONNECTED: |
1927 | logit("Disconnected from %.200s", | 2057 | logit("Disconnected from %.200s port %d", |
1928 | ssh_remote_ipaddr(ssh)); | 2058 | ssh_remote_ipaddr(ssh), ssh_remote_port(ssh)); |
1929 | cleanup_exit(255); | 2059 | cleanup_exit(255); |
1930 | case SSH_ERR_SYSTEM_ERROR: | 2060 | case SSH_ERR_SYSTEM_ERROR: |
1931 | if (errno == ECONNRESET) { | 2061 | if (errno == ECONNRESET) { |
1932 | logit("Connection reset by %.200s", | 2062 | logit("Connection reset by %.200s port %d", |
1933 | ssh_remote_ipaddr(ssh)); | 2063 | ssh_remote_ipaddr(ssh), ssh_remote_port(ssh)); |
1934 | cleanup_exit(255); | 2064 | cleanup_exit(255); |
1935 | } | 2065 | } |
1936 | /* FALLTHROUGH */ | 2066 | /* FALLTHROUGH */ |
@@ -1940,15 +2070,17 @@ sshpkt_fatal(struct ssh *ssh, const char *tag, int r) | |||
1940 | case SSH_ERR_NO_KEX_ALG_MATCH: | 2070 | case SSH_ERR_NO_KEX_ALG_MATCH: |
1941 | case SSH_ERR_NO_HOSTKEY_ALG_MATCH: | 2071 | case SSH_ERR_NO_HOSTKEY_ALG_MATCH: |
1942 | if (ssh && ssh->kex && ssh->kex->failed_choice) { | 2072 | if (ssh && ssh->kex && ssh->kex->failed_choice) { |
1943 | fatal("Unable to negotiate with %.200s: %s. " | 2073 | fatal("Unable to negotiate with %.200s port %d: %s. " |
1944 | "Their offer: %s", ssh_remote_ipaddr(ssh), | 2074 | "Their offer: %s", ssh_remote_ipaddr(ssh), |
1945 | ssh_err(r), ssh->kex->failed_choice); | 2075 | ssh_remote_port(ssh), ssh_err(r), |
2076 | ssh->kex->failed_choice); | ||
1946 | } | 2077 | } |
1947 | /* FALLTHROUGH */ | 2078 | /* FALLTHROUGH */ |
1948 | default: | 2079 | default: |
1949 | fatal("%s%sConnection to %.200s: %s", | 2080 | fatal("%s%sConnection %s %.200s port %d: %s", |
1950 | tag != NULL ? tag : "", tag != NULL ? ": " : "", | 2081 | tag != NULL ? tag : "", tag != NULL ? ": " : "", |
1951 | ssh_remote_ipaddr(ssh), ssh_err(r)); | 2082 | ssh->state->server_side ? "from" : "to", |
2083 | ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), ssh_err(r)); | ||
1952 | } | 2084 | } |
1953 | } | 2085 | } |
1954 | 2086 | ||
@@ -2005,19 +2137,18 @@ ssh_packet_write_poll(struct ssh *ssh) | |||
2005 | { | 2137 | { |
2006 | struct session_state *state = ssh->state; | 2138 | struct session_state *state = ssh->state; |
2007 | int len = sshbuf_len(state->output); | 2139 | int len = sshbuf_len(state->output); |
2008 | int cont, r; | 2140 | int r; |
2009 | 2141 | ||
2010 | if (len > 0) { | 2142 | if (len > 0) { |
2011 | cont = 0; | 2143 | len = write(state->connection_out, |
2012 | len = roaming_write(state->connection_out, | 2144 | sshbuf_ptr(state->output), len); |
2013 | sshbuf_ptr(state->output), len, &cont); | ||
2014 | if (len == -1) { | 2145 | if (len == -1) { |
2015 | if (errno == EINTR || errno == EAGAIN || | 2146 | if (errno == EINTR || errno == EAGAIN || |
2016 | errno == EWOULDBLOCK) | 2147 | errno == EWOULDBLOCK) |
2017 | return 0; | 2148 | return 0; |
2018 | return SSH_ERR_SYSTEM_ERROR; | 2149 | return SSH_ERR_SYSTEM_ERROR; |
2019 | } | 2150 | } |
2020 | if (len == 0 && !cont) | 2151 | if (len == 0) |
2021 | return SSH_ERR_CONN_CLOSED; | 2152 | return SSH_ERR_CONN_CLOSED; |
2022 | if ((r = sshbuf_consume(state->output, len)) != 0) | 2153 | if ((r = sshbuf_consume(state->output, len)) != 0) |
2023 | return r; | 2154 | return r; |
@@ -2041,7 +2172,10 @@ ssh_packet_write_wait(struct ssh *ssh) | |||
2041 | NFDBITS), sizeof(fd_mask)); | 2172 | NFDBITS), sizeof(fd_mask)); |
2042 | if (setp == NULL) | 2173 | if (setp == NULL) |
2043 | return SSH_ERR_ALLOC_FAIL; | 2174 | return SSH_ERR_ALLOC_FAIL; |
2044 | ssh_packet_write_poll(ssh); | 2175 | if ((r = ssh_packet_write_poll(ssh)) != 0) { |
2176 | free(setp); | ||
2177 | return r; | ||
2178 | } | ||
2045 | while (ssh_packet_have_data_to_write(ssh)) { | 2179 | while (ssh_packet_have_data_to_write(ssh)) { |
2046 | memset(setp, 0, howmany(state->connection_out + 1, | 2180 | memset(setp, 0, howmany(state->connection_out + 1, |
2047 | NFDBITS) * sizeof(fd_mask)); | 2181 | NFDBITS) * sizeof(fd_mask)); |
@@ -2229,29 +2363,10 @@ ssh_packet_send_ignore(struct ssh *ssh, int nbytes) | |||
2229 | } | 2363 | } |
2230 | } | 2364 | } |
2231 | 2365 | ||
2232 | #define MAX_PACKETS (1U<<31) | ||
2233 | int | ||
2234 | ssh_packet_need_rekeying(struct ssh *ssh) | ||
2235 | { | ||
2236 | struct session_state *state = ssh->state; | ||
2237 | |||
2238 | if (ssh->compat & SSH_BUG_NOREKEY) | ||
2239 | return 0; | ||
2240 | return | ||
2241 | (state->p_send.packets > MAX_PACKETS) || | ||
2242 | (state->p_read.packets > MAX_PACKETS) || | ||
2243 | (state->max_blocks_out && | ||
2244 | (state->p_send.blocks > state->max_blocks_out)) || | ||
2245 | (state->max_blocks_in && | ||
2246 | (state->p_read.blocks > state->max_blocks_in)) || | ||
2247 | (state->rekey_interval != 0 && state->rekey_time + | ||
2248 | state->rekey_interval <= monotime()); | ||
2249 | } | ||
2250 | |||
2251 | void | 2366 | void |
2252 | ssh_packet_set_rekey_limits(struct ssh *ssh, u_int32_t bytes, time_t seconds) | 2367 | ssh_packet_set_rekey_limits(struct ssh *ssh, u_int64_t bytes, time_t seconds) |
2253 | { | 2368 | { |
2254 | debug3("rekey after %lld bytes, %d seconds", (long long)bytes, | 2369 | debug3("rekey after %llu bytes, %d seconds", (unsigned long long)bytes, |
2255 | (int)seconds); | 2370 | (int)seconds); |
2256 | ssh->state->rekey_limit = bytes; | 2371 | ssh->state->rekey_limit = bytes; |
2257 | ssh->state->rekey_interval = seconds; | 2372 | ssh->state->rekey_interval = seconds; |
@@ -2291,58 +2406,6 @@ ssh_packet_get_output(struct ssh *ssh) | |||
2291 | return (void *)ssh->state->output; | 2406 | return (void *)ssh->state->output; |
2292 | } | 2407 | } |
2293 | 2408 | ||
2294 | /* XXX TODO update roaming to new API (does not work anyway) */ | ||
2295 | /* | ||
2296 | * Save the state for the real connection, and use a separate state when | ||
2297 | * resuming a suspended connection. | ||
2298 | */ | ||
2299 | void | ||
2300 | ssh_packet_backup_state(struct ssh *ssh, | ||
2301 | struct ssh *backup_state) | ||
2302 | { | ||
2303 | struct ssh *tmp; | ||
2304 | |||
2305 | close(ssh->state->connection_in); | ||
2306 | ssh->state->connection_in = -1; | ||
2307 | close(ssh->state->connection_out); | ||
2308 | ssh->state->connection_out = -1; | ||
2309 | if (backup_state) | ||
2310 | tmp = backup_state; | ||
2311 | else | ||
2312 | tmp = ssh_alloc_session_state(); | ||
2313 | backup_state = ssh; | ||
2314 | ssh = tmp; | ||
2315 | } | ||
2316 | |||
2317 | /* XXX FIXME FIXME FIXME */ | ||
2318 | /* | ||
2319 | * Swap in the old state when resuming a connecion. | ||
2320 | */ | ||
2321 | void | ||
2322 | ssh_packet_restore_state(struct ssh *ssh, | ||
2323 | struct ssh *backup_state) | ||
2324 | { | ||
2325 | struct ssh *tmp; | ||
2326 | u_int len; | ||
2327 | int r; | ||
2328 | |||
2329 | tmp = backup_state; | ||
2330 | backup_state = ssh; | ||
2331 | ssh = tmp; | ||
2332 | ssh->state->connection_in = backup_state->state->connection_in; | ||
2333 | backup_state->state->connection_in = -1; | ||
2334 | ssh->state->connection_out = backup_state->state->connection_out; | ||
2335 | backup_state->state->connection_out = -1; | ||
2336 | len = sshbuf_len(backup_state->state->input); | ||
2337 | if (len > 0) { | ||
2338 | if ((r = sshbuf_putb(ssh->state->input, | ||
2339 | backup_state->state->input)) != 0) | ||
2340 | fatal("%s: %s", __func__, ssh_err(r)); | ||
2341 | sshbuf_reset(backup_state->state->input); | ||
2342 | add_recv_bytes(len); | ||
2343 | } | ||
2344 | } | ||
2345 | |||
2346 | /* Reset after_authentication and reset compression in post-auth privsep */ | 2409 | /* Reset after_authentication and reset compression in post-auth privsep */ |
2347 | static int | 2410 | static int |
2348 | ssh_packet_set_postauth(struct ssh *ssh) | 2411 | ssh_packet_set_postauth(struct ssh *ssh) |
@@ -2430,8 +2493,7 @@ newkeys_to_blob(struct sshbuf *m, struct ssh *ssh, int mode) | |||
2430 | goto out; | 2493 | goto out; |
2431 | r = sshbuf_put_stringb(m, b); | 2494 | r = sshbuf_put_stringb(m, b); |
2432 | out: | 2495 | out: |
2433 | if (b != NULL) | 2496 | sshbuf_free(b); |
2434 | sshbuf_free(b); | ||
2435 | return r; | 2497 | return r; |
2436 | } | 2498 | } |
2437 | 2499 | ||
@@ -2462,7 +2524,7 @@ ssh_packet_get_state(struct ssh *ssh, struct sshbuf *m) | |||
2462 | if ((r = kex_to_blob(m, ssh->kex)) != 0 || | 2524 | if ((r = kex_to_blob(m, ssh->kex)) != 0 || |
2463 | (r = newkeys_to_blob(m, ssh, MODE_OUT)) != 0 || | 2525 | (r = newkeys_to_blob(m, ssh, MODE_OUT)) != 0 || |
2464 | (r = newkeys_to_blob(m, ssh, MODE_IN)) != 0 || | 2526 | (r = newkeys_to_blob(m, ssh, MODE_IN)) != 0 || |
2465 | (r = sshbuf_put_u32(m, state->rekey_limit)) != 0 || | 2527 | (r = sshbuf_put_u64(m, state->rekey_limit)) != 0 || |
2466 | (r = sshbuf_put_u32(m, state->rekey_interval)) != 0 || | 2528 | (r = sshbuf_put_u32(m, state->rekey_interval)) != 0 || |
2467 | (r = sshbuf_put_u32(m, state->p_send.seqnr)) != 0 || | 2529 | (r = sshbuf_put_u32(m, state->p_send.seqnr)) != 0 || |
2468 | (r = sshbuf_put_u64(m, state->p_send.blocks)) != 0 || | 2530 | (r = sshbuf_put_u64(m, state->p_send.blocks)) != 0 || |
@@ -2493,11 +2555,6 @@ ssh_packet_get_state(struct ssh *ssh, struct sshbuf *m) | |||
2493 | (r = sshbuf_put_stringb(m, state->output)) != 0) | 2555 | (r = sshbuf_put_stringb(m, state->output)) != 0) |
2494 | return r; | 2556 | return r; |
2495 | 2557 | ||
2496 | if (compat20) { | ||
2497 | if ((r = sshbuf_put_u64(m, get_sent_bytes())) != 0 || | ||
2498 | (r = sshbuf_put_u64(m, get_recv_bytes())) != 0) | ||
2499 | return r; | ||
2500 | } | ||
2501 | return 0; | 2558 | return 0; |
2502 | } | 2559 | } |
2503 | 2560 | ||
@@ -2566,10 +2623,8 @@ newkeys_from_blob(struct sshbuf *m, struct ssh *ssh, int mode) | |||
2566 | newkey = NULL; | 2623 | newkey = NULL; |
2567 | r = 0; | 2624 | r = 0; |
2568 | out: | 2625 | out: |
2569 | if (newkey != NULL) | 2626 | free(newkey); |
2570 | free(newkey); | 2627 | sshbuf_free(b); |
2571 | if (b != NULL) | ||
2572 | sshbuf_free(b); | ||
2573 | return r; | 2628 | return r; |
2574 | } | 2629 | } |
2575 | 2630 | ||
@@ -2602,10 +2657,8 @@ kex_from_blob(struct sshbuf *m, struct kex **kexp) | |||
2602 | out: | 2657 | out: |
2603 | if (r != 0 || kexp == NULL) { | 2658 | if (r != 0 || kexp == NULL) { |
2604 | if (kex != NULL) { | 2659 | if (kex != NULL) { |
2605 | if (kex->my != NULL) | 2660 | sshbuf_free(kex->my); |
2606 | sshbuf_free(kex->my); | 2661 | sshbuf_free(kex->peer); |
2607 | if (kex->peer != NULL) | ||
2608 | sshbuf_free(kex->peer); | ||
2609 | free(kex); | 2662 | free(kex); |
2610 | } | 2663 | } |
2611 | if (kexp != NULL) | 2664 | if (kexp != NULL) |
@@ -2628,7 +2681,6 @@ ssh_packet_set_state(struct ssh *ssh, struct sshbuf *m) | |||
2628 | size_t ssh1keylen, rlen, slen, ilen, olen; | 2681 | size_t ssh1keylen, rlen, slen, ilen, olen; |
2629 | int r; | 2682 | int r; |
2630 | u_int ssh1cipher = 0; | 2683 | u_int ssh1cipher = 0; |
2631 | u_int64_t sent_bytes = 0, recv_bytes = 0; | ||
2632 | 2684 | ||
2633 | if (!compat20) { | 2685 | if (!compat20) { |
2634 | if ((r = sshbuf_get_u32(m, &state->remote_protocol_flags)) != 0 || | 2686 | if ((r = sshbuf_get_u32(m, &state->remote_protocol_flags)) != 0 || |
@@ -2651,7 +2703,7 @@ ssh_packet_set_state(struct ssh *ssh, struct sshbuf *m) | |||
2651 | if ((r = kex_from_blob(m, &ssh->kex)) != 0 || | 2703 | if ((r = kex_from_blob(m, &ssh->kex)) != 0 || |
2652 | (r = newkeys_from_blob(m, ssh, MODE_OUT)) != 0 || | 2704 | (r = newkeys_from_blob(m, ssh, MODE_OUT)) != 0 || |
2653 | (r = newkeys_from_blob(m, ssh, MODE_IN)) != 0 || | 2705 | (r = newkeys_from_blob(m, ssh, MODE_IN)) != 0 || |
2654 | (r = sshbuf_get_u32(m, &state->rekey_limit)) != 0 || | 2706 | (r = sshbuf_get_u64(m, &state->rekey_limit)) != 0 || |
2655 | (r = sshbuf_get_u32(m, &state->rekey_interval)) != 0 || | 2707 | (r = sshbuf_get_u32(m, &state->rekey_interval)) != 0 || |
2656 | (r = sshbuf_get_u32(m, &state->p_send.seqnr)) != 0 || | 2708 | (r = sshbuf_get_u32(m, &state->p_send.seqnr)) != 0 || |
2657 | (r = sshbuf_get_u64(m, &state->p_send.blocks)) != 0 || | 2709 | (r = sshbuf_get_u64(m, &state->p_send.blocks)) != 0 || |
@@ -2693,12 +2745,6 @@ ssh_packet_set_state(struct ssh *ssh, struct sshbuf *m) | |||
2693 | (r = sshbuf_put(state->output, output, olen)) != 0) | 2745 | (r = sshbuf_put(state->output, output, olen)) != 0) |
2694 | return r; | 2746 | return r; |
2695 | 2747 | ||
2696 | if (compat20) { | ||
2697 | if ((r = sshbuf_get_u64(m, &sent_bytes)) != 0 || | ||
2698 | (r = sshbuf_get_u64(m, &recv_bytes)) != 0) | ||
2699 | return r; | ||
2700 | roam_set_bytes(sent_bytes, recv_bytes); | ||
2701 | } | ||
2702 | if (sshbuf_len(m)) | 2748 | if (sshbuf_len(m)) |
2703 | return SSH_ERR_INVALID_FORMAT; | 2749 | return SSH_ERR_INVALID_FORMAT; |
2704 | debug3("%s: done", __func__); | 2750 | debug3("%s: done", __func__); |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: packet.h,v 1.66 2015/01/30 01:13:33 djm Exp $ */ | 1 | /* $OpenBSD: packet.h,v 1.70 2016/02/08 10:57:07 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
@@ -86,6 +86,7 @@ int ssh_packet_get_connection_in(struct ssh *); | |||
86 | int ssh_packet_get_connection_out(struct ssh *); | 86 | int ssh_packet_get_connection_out(struct ssh *); |
87 | void ssh_packet_close(struct ssh *); | 87 | void ssh_packet_close(struct ssh *); |
88 | void ssh_packet_set_encryption_key(struct ssh *, const u_char *, u_int, int); | 88 | void ssh_packet_set_encryption_key(struct ssh *, const u_char *, u_int, int); |
89 | int ssh_packet_is_rekeying(struct ssh *); | ||
89 | void ssh_packet_set_protocol_flags(struct ssh *, u_int); | 90 | void ssh_packet_set_protocol_flags(struct ssh *, u_int); |
90 | u_int ssh_packet_get_protocol_flags(struct ssh *); | 91 | u_int ssh_packet_get_protocol_flags(struct ssh *); |
91 | int ssh_packet_start_compression(struct ssh *, int); | 92 | int ssh_packet_start_compression(struct ssh *, int); |
@@ -143,15 +144,11 @@ int ssh_packet_get_state(struct ssh *, struct sshbuf *); | |||
143 | int ssh_packet_set_state(struct ssh *, struct sshbuf *); | 144 | int ssh_packet_set_state(struct ssh *, struct sshbuf *); |
144 | 145 | ||
145 | const char *ssh_remote_ipaddr(struct ssh *); | 146 | const char *ssh_remote_ipaddr(struct ssh *); |
147 | int ssh_remote_port(struct ssh *); | ||
146 | 148 | ||
147 | int ssh_packet_need_rekeying(struct ssh *); | 149 | void ssh_packet_set_rekey_limits(struct ssh *, u_int64_t, time_t); |
148 | void ssh_packet_set_rekey_limits(struct ssh *, u_int32_t, time_t); | ||
149 | time_t ssh_packet_get_rekey_timeout(struct ssh *); | 150 | time_t ssh_packet_get_rekey_timeout(struct ssh *); |
150 | 151 | ||
151 | /* XXX FIXME */ | ||
152 | void ssh_packet_backup_state(struct ssh *, struct ssh *); | ||
153 | void ssh_packet_restore_state(struct ssh *, struct ssh *); | ||
154 | |||
155 | void *ssh_packet_get_input(struct ssh *); | 152 | void *ssh_packet_get_input(struct ssh *); |
156 | void *ssh_packet_get_output(struct ssh *); | 153 | void *ssh_packet_get_output(struct ssh *); |
157 | 154 | ||
diff --git a/platform-pledge.c b/platform-pledge.c new file mode 100644 index 000000000..4a6ec15e1 --- /dev/null +++ b/platform-pledge.c | |||
@@ -0,0 +1,71 @@ | |||
1 | /* | ||
2 | * Copyright (c) 2015 Joyent, Inc | ||
3 | * Author: Alex Wilson <alex.wilson@joyent.com> | ||
4 | * | ||
5 | * Permission to use, copy, modify, and distribute this software for any | ||
6 | * purpose with or without fee is hereby granted, provided that the above | ||
7 | * copyright notice and this permission notice appear in all copies. | ||
8 | * | ||
9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES | ||
10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | ||
11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR | ||
12 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES | ||
13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN | ||
14 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF | ||
15 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | ||
16 | */ | ||
17 | |||
18 | #include "includes.h" | ||
19 | |||
20 | #include <sys/types.h> | ||
21 | |||
22 | #include <stdarg.h> | ||
23 | #include <unistd.h> | ||
24 | |||
25 | #include "platform.h" | ||
26 | |||
27 | #include "openbsd-compat/openbsd-compat.h" | ||
28 | |||
29 | /* | ||
30 | * Drop any fine-grained privileges that are not needed for post-startup | ||
31 | * operation of ssh-agent | ||
32 | * | ||
33 | * Should be as close as possible to pledge("stdio cpath unix id proc exec", ...) | ||
34 | */ | ||
35 | void | ||
36 | platform_pledge_agent(void) | ||
37 | { | ||
38 | #ifdef USE_SOLARIS_PRIVS | ||
39 | /* | ||
40 | * Note: Solaris priv dropping is closer to tame() than pledge(), but | ||
41 | * we will use what we have. | ||
42 | */ | ||
43 | solaris_drop_privs_root_pinfo_net(); | ||
44 | #endif | ||
45 | } | ||
46 | |||
47 | /* | ||
48 | * Drop any fine-grained privileges that are not needed for post-startup | ||
49 | * operation of sftp-server | ||
50 | */ | ||
51 | void | ||
52 | platform_pledge_sftp_server(void) | ||
53 | { | ||
54 | #ifdef USE_SOLARIS_PRIVS | ||
55 | solaris_drop_privs_pinfo_net_fork_exec(); | ||
56 | #endif | ||
57 | } | ||
58 | |||
59 | /* | ||
60 | * Drop any fine-grained privileges that are not needed for the post-startup | ||
61 | * operation of the SSH client mux | ||
62 | * | ||
63 | * Should be as close as possible to pledge("stdio proc tty", ...) | ||
64 | */ | ||
65 | void | ||
66 | platform_pledge_mux(void) | ||
67 | { | ||
68 | #ifdef USE_SOLARIS_PRIVS | ||
69 | solaris_drop_privs_root_pinfo_net_exec(); | ||
70 | #endif | ||
71 | } | ||
diff --git a/platform.h b/platform.h index 436ae7c4f..823901b65 100644 --- a/platform.h +++ b/platform.h | |||
@@ -31,3 +31,8 @@ void platform_setusercontext_post_groups(struct passwd *, const char *); | |||
31 | char *platform_get_krb5_client(const char *); | 31 | char *platform_get_krb5_client(const char *); |
32 | char *platform_krb5_get_principal_name(const char *); | 32 | char *platform_krb5_get_principal_name(const char *); |
33 | int platform_sys_dir_uid(uid_t); | 33 | int platform_sys_dir_uid(uid_t); |
34 | |||
35 | /* in platform-pledge.c */ | ||
36 | void platform_pledge_agent(void); | ||
37 | void platform_pledge_sftp_server(void); | ||
38 | void platform_pledge_mux(void); | ||
diff --git a/readconf.c b/readconf.c index ee46ad623..dc22360d1 100644 --- a/readconf.c +++ b/readconf.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: readconf.c,v 1.239 2015/07/30 00:01:34 djm Exp $ */ | 1 | /* $OpenBSD: readconf.c,v 1.250 2016/02/08 23:40:12 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -137,6 +137,7 @@ typedef enum { | |||
137 | oPasswordAuthentication, oRSAAuthentication, | 137 | oPasswordAuthentication, oRSAAuthentication, |
138 | oChallengeResponseAuthentication, oXAuthLocation, | 138 | oChallengeResponseAuthentication, oXAuthLocation, |
139 | oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward, | 139 | oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward, |
140 | oCertificateFile, oAddKeysToAgent, | ||
140 | oUser, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand, | 141 | oUser, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand, |
141 | oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts, | 142 | oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts, |
142 | oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression, | 143 | oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression, |
@@ -155,7 +156,7 @@ typedef enum { | |||
155 | oSendEnv, oControlPath, oControlMaster, oControlPersist, | 156 | oSendEnv, oControlPath, oControlMaster, oControlPersist, |
156 | oHashKnownHosts, | 157 | oHashKnownHosts, |
157 | oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, | 158 | oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, |
158 | oVisualHostKey, oUseRoaming, | 159 | oVisualHostKey, |
159 | oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown, oProxyUseFdpass, | 160 | oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown, oProxyUseFdpass, |
160 | oCanonicalDomains, oCanonicalizeHostname, oCanonicalizeMaxDots, | 161 | oCanonicalDomains, oCanonicalizeHostname, oCanonicalizeMaxDots, |
161 | oCanonicalizeFallbackLocal, oCanonicalizePermittedCNAMEs, | 162 | oCanonicalizeFallbackLocal, oCanonicalizePermittedCNAMEs, |
@@ -217,6 +218,8 @@ static struct { | |||
217 | { "identityfile", oIdentityFile }, | 218 | { "identityfile", oIdentityFile }, |
218 | { "identityfile2", oIdentityFile }, /* obsolete */ | 219 | { "identityfile2", oIdentityFile }, /* obsolete */ |
219 | { "identitiesonly", oIdentitiesOnly }, | 220 | { "identitiesonly", oIdentitiesOnly }, |
221 | { "certificatefile", oCertificateFile }, | ||
222 | { "addkeystoagent", oAddKeysToAgent }, | ||
220 | { "hostname", oHostName }, | 223 | { "hostname", oHostName }, |
221 | { "hostkeyalias", oHostKeyAlias }, | 224 | { "hostkeyalias", oHostKeyAlias }, |
222 | { "proxycommand", oProxyCommand }, | 225 | { "proxycommand", oProxyCommand }, |
@@ -275,7 +278,7 @@ static struct { | |||
275 | { "localcommand", oLocalCommand }, | 278 | { "localcommand", oLocalCommand }, |
276 | { "permitlocalcommand", oPermitLocalCommand }, | 279 | { "permitlocalcommand", oPermitLocalCommand }, |
277 | { "visualhostkey", oVisualHostKey }, | 280 | { "visualhostkey", oVisualHostKey }, |
278 | { "useroaming", oUseRoaming }, | 281 | { "useroaming", oDeprecated }, |
279 | { "kexalgorithms", oKexAlgorithms }, | 282 | { "kexalgorithms", oKexAlgorithms }, |
280 | { "ipqos", oIPQoS }, | 283 | { "ipqos", oIPQoS }, |
281 | { "requesttty", oRequestTTY }, | 284 | { "requesttty", oRequestTTY }, |
@@ -383,6 +386,30 @@ clear_forwardings(Options *options) | |||
383 | } | 386 | } |
384 | 387 | ||
385 | void | 388 | void |
389 | add_certificate_file(Options *options, const char *path, int userprovided) | ||
390 | { | ||
391 | int i; | ||
392 | |||
393 | if (options->num_certificate_files >= SSH_MAX_CERTIFICATE_FILES) | ||
394 | fatal("Too many certificate files specified (max %d)", | ||
395 | SSH_MAX_CERTIFICATE_FILES); | ||
396 | |||
397 | /* Avoid registering duplicates */ | ||
398 | for (i = 0; i < options->num_certificate_files; i++) { | ||
399 | if (options->certificate_file_userprovided[i] == userprovided && | ||
400 | strcmp(options->certificate_files[i], path) == 0) { | ||
401 | debug2("%s: ignoring duplicate key %s", __func__, path); | ||
402 | return; | ||
403 | } | ||
404 | } | ||
405 | |||
406 | options->certificate_file_userprovided[options->num_certificate_files] = | ||
407 | userprovided; | ||
408 | options->certificate_files[options->num_certificate_files++] = | ||
409 | xstrdup(path); | ||
410 | } | ||
411 | |||
412 | void | ||
386 | add_identity_file(Options *options, const char *dir, const char *filename, | 413 | add_identity_file(Options *options, const char *dir, const char *filename, |
387 | int userprovided) | 414 | int userprovided) |
388 | { | 415 | { |
@@ -433,7 +460,7 @@ default_ssh_port(void) | |||
433 | static int | 460 | static int |
434 | execute_in_shell(const char *cmd) | 461 | execute_in_shell(const char *cmd) |
435 | { | 462 | { |
436 | char *shell, *command_string; | 463 | char *shell; |
437 | pid_t pid; | 464 | pid_t pid; |
438 | int devnull, status; | 465 | int devnull, status; |
439 | extern uid_t original_real_uid; | 466 | extern uid_t original_real_uid; |
@@ -441,12 +468,6 @@ execute_in_shell(const char *cmd) | |||
441 | if ((shell = getenv("SHELL")) == NULL) | 468 | if ((shell = getenv("SHELL")) == NULL) |
442 | shell = _PATH_BSHELL; | 469 | shell = _PATH_BSHELL; |
443 | 470 | ||
444 | /* | ||
445 | * Use "exec" to avoid "sh -c" processes on some platforms | ||
446 | * (e.g. Solaris) | ||
447 | */ | ||
448 | xasprintf(&command_string, "exec %s", cmd); | ||
449 | |||
450 | /* Need this to redirect subprocess stdin/out */ | 471 | /* Need this to redirect subprocess stdin/out */ |
451 | if ((devnull = open(_PATH_DEVNULL, O_RDWR)) == -1) | 472 | if ((devnull = open(_PATH_DEVNULL, O_RDWR)) == -1) |
452 | fatal("open(/dev/null): %s", strerror(errno)); | 473 | fatal("open(/dev/null): %s", strerror(errno)); |
@@ -471,7 +492,7 @@ execute_in_shell(const char *cmd) | |||
471 | 492 | ||
472 | argv[0] = shell; | 493 | argv[0] = shell; |
473 | argv[1] = "-c"; | 494 | argv[1] = "-c"; |
474 | argv[2] = command_string; | 495 | argv[2] = xstrdup(cmd); |
475 | argv[3] = NULL; | 496 | argv[3] = NULL; |
476 | 497 | ||
477 | execv(argv[0], argv); | 498 | execv(argv[0], argv); |
@@ -486,7 +507,6 @@ execute_in_shell(const char *cmd) | |||
486 | fatal("%s: fork: %.100s", __func__, strerror(errno)); | 507 | fatal("%s: fork: %.100s", __func__, strerror(errno)); |
487 | 508 | ||
488 | close(devnull); | 509 | close(devnull); |
489 | free(command_string); | ||
490 | 510 | ||
491 | while (waitpid(pid, &status, 0) == -1) { | 511 | while (waitpid(pid, &status, 0) == -1) { |
492 | if (errno != EINTR && errno != EAGAIN) | 512 | if (errno != EINTR && errno != EAGAIN) |
@@ -519,12 +539,15 @@ match_cfg_line(Options *options, char **condition, struct passwd *pw, | |||
519 | */ | 539 | */ |
520 | port = options->port <= 0 ? default_ssh_port() : options->port; | 540 | port = options->port <= 0 ? default_ssh_port() : options->port; |
521 | ruser = options->user == NULL ? pw->pw_name : options->user; | 541 | ruser = options->user == NULL ? pw->pw_name : options->user; |
522 | if (options->hostname != NULL) { | 542 | if (post_canon) { |
543 | host = xstrdup(options->hostname); | ||
544 | } else if (options->hostname != NULL) { | ||
523 | /* NB. Please keep in sync with ssh.c:main() */ | 545 | /* NB. Please keep in sync with ssh.c:main() */ |
524 | host = percent_expand(options->hostname, | 546 | host = percent_expand(options->hostname, |
525 | "h", host_arg, (char *)NULL); | 547 | "h", host_arg, (char *)NULL); |
526 | } else | 548 | } else { |
527 | host = xstrdup(host_arg); | 549 | host = xstrdup(host_arg); |
550 | } | ||
528 | 551 | ||
529 | debug2("checking match for '%s' host %s originally %s", | 552 | debug2("checking match for '%s' host %s originally %s", |
530 | cp, host, original_host); | 553 | cp, host, original_host); |
@@ -710,6 +733,15 @@ static const struct multistate multistate_yesnoask[] = { | |||
710 | { "ask", 2 }, | 733 | { "ask", 2 }, |
711 | { NULL, -1 } | 734 | { NULL, -1 } |
712 | }; | 735 | }; |
736 | static const struct multistate multistate_yesnoaskconfirm[] = { | ||
737 | { "true", 1 }, | ||
738 | { "false", 0 }, | ||
739 | { "yes", 1 }, | ||
740 | { "no", 0 }, | ||
741 | { "ask", 2 }, | ||
742 | { "confirm", 3 }, | ||
743 | { NULL, -1 } | ||
744 | }; | ||
713 | static const struct multistate multistate_addressfamily[] = { | 745 | static const struct multistate multistate_addressfamily[] = { |
714 | { "inet", AF_INET }, | 746 | { "inet", AF_INET }, |
715 | { "inet6", AF_INET6 }, | 747 | { "inet6", AF_INET6 }, |
@@ -984,16 +1016,12 @@ parse_time: | |||
984 | if (scan_scaled(arg, &val64) == -1) | 1016 | if (scan_scaled(arg, &val64) == -1) |
985 | fatal("%.200s line %d: Bad number '%s': %s", | 1017 | fatal("%.200s line %d: Bad number '%s': %s", |
986 | filename, linenum, arg, strerror(errno)); | 1018 | filename, linenum, arg, strerror(errno)); |
987 | /* check for too-large or too-small limits */ | ||
988 | if (val64 > UINT_MAX) | ||
989 | fatal("%.200s line %d: RekeyLimit too large", | ||
990 | filename, linenum); | ||
991 | if (val64 != 0 && val64 < 16) | 1019 | if (val64 != 0 && val64 < 16) |
992 | fatal("%.200s line %d: RekeyLimit too small", | 1020 | fatal("%.200s line %d: RekeyLimit too small", |
993 | filename, linenum); | 1021 | filename, linenum); |
994 | } | 1022 | } |
995 | if (*activep && options->rekey_limit == -1) | 1023 | if (*activep && options->rekey_limit == -1) |
996 | options->rekey_limit = (u_int32_t)val64; | 1024 | options->rekey_limit = val64; |
997 | if (s != NULL) { /* optional rekey interval present */ | 1025 | if (s != NULL) { /* optional rekey interval present */ |
998 | if (strcmp(s, "none") == 0) { | 1026 | if (strcmp(s, "none") == 0) { |
999 | (void)strdelim(&s); /* discard */ | 1027 | (void)strdelim(&s); /* discard */ |
@@ -1018,6 +1046,24 @@ parse_time: | |||
1018 | } | 1046 | } |
1019 | break; | 1047 | break; |
1020 | 1048 | ||
1049 | case oCertificateFile: | ||
1050 | arg = strdelim(&s); | ||
1051 | if (!arg || *arg == '\0') | ||
1052 | fatal("%.200s line %d: Missing argument.", | ||
1053 | filename, linenum); | ||
1054 | if (*activep) { | ||
1055 | intptr = &options->num_certificate_files; | ||
1056 | if (*intptr >= SSH_MAX_CERTIFICATE_FILES) { | ||
1057 | fatal("%.200s line %d: Too many certificate " | ||
1058 | "files specified (max %d).", | ||
1059 | filename, linenum, | ||
1060 | SSH_MAX_CERTIFICATE_FILES); | ||
1061 | } | ||
1062 | add_certificate_file(options, arg, | ||
1063 | flags & SSHCONF_USERCONF); | ||
1064 | } | ||
1065 | break; | ||
1066 | |||
1021 | case oXAuthLocation: | 1067 | case oXAuthLocation: |
1022 | charptr=&options->xauth_location; | 1068 | charptr=&options->xauth_location; |
1023 | goto parse_string; | 1069 | goto parse_string; |
@@ -1417,10 +1463,6 @@ parse_keytypes: | |||
1417 | } | 1463 | } |
1418 | break; | 1464 | break; |
1419 | 1465 | ||
1420 | case oUseRoaming: | ||
1421 | intptr = &options->use_roaming; | ||
1422 | goto parse_flag; | ||
1423 | |||
1424 | case oRequestTTY: | 1466 | case oRequestTTY: |
1425 | intptr = &options->request_tty; | 1467 | intptr = &options->request_tty; |
1426 | multistate_ptr = multistate_requesttty; | 1468 | multistate_ptr = multistate_requesttty; |
@@ -1535,6 +1577,11 @@ parse_keytypes: | |||
1535 | charptr = &options->pubkey_key_types; | 1577 | charptr = &options->pubkey_key_types; |
1536 | goto parse_keytypes; | 1578 | goto parse_keytypes; |
1537 | 1579 | ||
1580 | case oAddKeysToAgent: | ||
1581 | intptr = &options->add_keys_to_agent; | ||
1582 | multistate_ptr = multistate_yesnoaskconfirm; | ||
1583 | goto parse_multistate; | ||
1584 | |||
1538 | case oDeprecated: | 1585 | case oDeprecated: |
1539 | debug("%s line %d: Deprecated option \"%s\"", | 1586 | debug("%s line %d: Deprecated option \"%s\"", |
1540 | filename, linenum, keyword); | 1587 | filename, linenum, keyword); |
@@ -1668,6 +1715,7 @@ initialize_options(Options * options) | |||
1668 | options->hostkeyalgorithms = NULL; | 1715 | options->hostkeyalgorithms = NULL; |
1669 | options->protocol = SSH_PROTO_UNKNOWN; | 1716 | options->protocol = SSH_PROTO_UNKNOWN; |
1670 | options->num_identity_files = 0; | 1717 | options->num_identity_files = 0; |
1718 | options->num_certificate_files = 0; | ||
1671 | options->hostname = NULL; | 1719 | options->hostname = NULL; |
1672 | options->host_key_alias = NULL; | 1720 | options->host_key_alias = NULL; |
1673 | options->proxy_command = NULL; | 1721 | options->proxy_command = NULL; |
@@ -1703,7 +1751,7 @@ initialize_options(Options * options) | |||
1703 | options->tun_remote = -1; | 1751 | options->tun_remote = -1; |
1704 | options->local_command = NULL; | 1752 | options->local_command = NULL; |
1705 | options->permit_local_command = -1; | 1753 | options->permit_local_command = -1; |
1706 | options->use_roaming = 0; | 1754 | options->add_keys_to_agent = -1; |
1707 | options->visual_host_key = -1; | 1755 | options->visual_host_key = -1; |
1708 | options->ip_qos_interactive = -1; | 1756 | options->ip_qos_interactive = -1; |
1709 | options->ip_qos_bulk = -1; | 1757 | options->ip_qos_bulk = -1; |
@@ -1814,6 +1862,8 @@ fill_default_options(Options * options) | |||
1814 | /* options->hostkeyalgorithms, default set in myproposals.h */ | 1862 | /* options->hostkeyalgorithms, default set in myproposals.h */ |
1815 | if (options->protocol == SSH_PROTO_UNKNOWN) | 1863 | if (options->protocol == SSH_PROTO_UNKNOWN) |
1816 | options->protocol = SSH_PROTO_2; | 1864 | options->protocol = SSH_PROTO_2; |
1865 | if (options->add_keys_to_agent == -1) | ||
1866 | options->add_keys_to_agent = 0; | ||
1817 | if (options->num_identity_files == 0) { | 1867 | if (options->num_identity_files == 0) { |
1818 | if (options->protocol & SSH_PROTO_1) { | 1868 | if (options->protocol & SSH_PROTO_1) { |
1819 | add_identity_file(options, "~/", | 1869 | add_identity_file(options, "~/", |
@@ -1887,7 +1937,6 @@ fill_default_options(Options * options) | |||
1887 | options->tun_remote = SSH_TUNID_ANY; | 1937 | options->tun_remote = SSH_TUNID_ANY; |
1888 | if (options->permit_local_command == -1) | 1938 | if (options->permit_local_command == -1) |
1889 | options->permit_local_command = 0; | 1939 | options->permit_local_command = 0; |
1890 | options->use_roaming = 0; | ||
1891 | if (options->visual_host_key == -1) | 1940 | if (options->visual_host_key == -1) |
1892 | options->visual_host_key = 0; | 1941 | options->visual_host_key = 0; |
1893 | if (options->ip_qos_interactive == -1) | 1942 | if (options->ip_qos_interactive == -1) |
@@ -2296,6 +2345,10 @@ dump_client_config(Options *o, const char *host) | |||
2296 | int i; | 2345 | int i; |
2297 | char vbuf[5]; | 2346 | char vbuf[5]; |
2298 | 2347 | ||
2348 | /* This is normally prepared in ssh_kex2 */ | ||
2349 | if (kex_assemble_names(KEX_DEFAULT_PK_ALG, &o->hostkeyalgorithms) != 0) | ||
2350 | fatal("%s: kex_assemble_names failed", __func__); | ||
2351 | |||
2299 | /* Most interesting options first: user, host, port */ | 2352 | /* Most interesting options first: user, host, port */ |
2300 | dump_cfg_string(oUser, o->user); | 2353 | dump_cfg_string(oUser, o->user); |
2301 | dump_cfg_string(oHostName, host); | 2354 | dump_cfg_string(oHostName, host); |
@@ -2356,7 +2409,7 @@ dump_client_config(Options *o, const char *host) | |||
2356 | dump_cfg_string(oBindAddress, o->bind_address); | 2409 | dump_cfg_string(oBindAddress, o->bind_address); |
2357 | dump_cfg_string(oCiphers, o->ciphers ? o->ciphers : KEX_CLIENT_ENCRYPT); | 2410 | dump_cfg_string(oCiphers, o->ciphers ? o->ciphers : KEX_CLIENT_ENCRYPT); |
2358 | dump_cfg_string(oControlPath, o->control_path); | 2411 | dump_cfg_string(oControlPath, o->control_path); |
2359 | dump_cfg_string(oHostKeyAlgorithms, o->hostkeyalgorithms ? o->hostkeyalgorithms : KEX_DEFAULT_PK_ALG); | 2412 | dump_cfg_string(oHostKeyAlgorithms, o->hostkeyalgorithms); |
2360 | dump_cfg_string(oHostKeyAlias, o->host_key_alias); | 2413 | dump_cfg_string(oHostKeyAlias, o->host_key_alias); |
2361 | dump_cfg_string(oHostbasedKeyTypes, o->hostbased_key_types); | 2414 | dump_cfg_string(oHostbasedKeyTypes, o->hostbased_key_types); |
2362 | dump_cfg_string(oKbdInteractiveDevices, o->kbd_interactive_devices); | 2415 | dump_cfg_string(oKbdInteractiveDevices, o->kbd_interactive_devices); |
@@ -2367,6 +2420,7 @@ dump_client_config(Options *o, const char *host) | |||
2367 | dump_cfg_string(oPKCS11Provider, o->pkcs11_provider); | 2420 | dump_cfg_string(oPKCS11Provider, o->pkcs11_provider); |
2368 | dump_cfg_string(oPreferredAuthentications, o->preferred_authentications); | 2421 | dump_cfg_string(oPreferredAuthentications, o->preferred_authentications); |
2369 | dump_cfg_string(oProxyCommand, o->proxy_command); | 2422 | dump_cfg_string(oProxyCommand, o->proxy_command); |
2423 | dump_cfg_string(oPubkeyAcceptedKeyTypes, o->pubkey_key_types); | ||
2370 | dump_cfg_string(oRevokedHostKeys, o->revoked_host_keys); | 2424 | dump_cfg_string(oRevokedHostKeys, o->revoked_host_keys); |
2371 | dump_cfg_string(oXAuthLocation, o->xauth_location); | 2425 | dump_cfg_string(oXAuthLocation, o->xauth_location); |
2372 | 2426 | ||
@@ -2435,8 +2489,8 @@ dump_client_config(Options *o, const char *host) | |||
2435 | printf("%s\n", iptos2str(o->ip_qos_bulk)); | 2489 | printf("%s\n", iptos2str(o->ip_qos_bulk)); |
2436 | 2490 | ||
2437 | /* oRekeyLimit */ | 2491 | /* oRekeyLimit */ |
2438 | printf("rekeylimit %lld %d\n", | 2492 | printf("rekeylimit %llu %d\n", |
2439 | (long long)o->rekey_limit, o->rekey_interval); | 2493 | (unsigned long long)o->rekey_limit, o->rekey_interval); |
2440 | 2494 | ||
2441 | /* oStreamLocalBindMask */ | 2495 | /* oStreamLocalBindMask */ |
2442 | printf("streamlocalbindmask 0%o\n", | 2496 | printf("streamlocalbindmask 0%o\n", |
diff --git a/readconf.h b/readconf.h index e7e80c344..37a055521 100644 --- a/readconf.h +++ b/readconf.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: readconf.h,v 1.110 2015/07/10 06:21:53 markus Exp $ */ | 1 | /* $OpenBSD: readconf.h,v 1.113 2016/01/14 16:17:40 markus Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
@@ -100,6 +100,13 @@ typedef struct { | |||
100 | int identity_file_userprovided[SSH_MAX_IDENTITY_FILES]; | 100 | int identity_file_userprovided[SSH_MAX_IDENTITY_FILES]; |
101 | struct sshkey *identity_keys[SSH_MAX_IDENTITY_FILES]; | 101 | struct sshkey *identity_keys[SSH_MAX_IDENTITY_FILES]; |
102 | 102 | ||
103 | int num_certificate_files; /* Number of extra certificates for ssh. */ | ||
104 | char *certificate_files[SSH_MAX_CERTIFICATE_FILES]; | ||
105 | int certificate_file_userprovided[SSH_MAX_CERTIFICATE_FILES]; | ||
106 | struct sshkey *certificates[SSH_MAX_CERTIFICATE_FILES]; | ||
107 | |||
108 | int add_keys_to_agent; | ||
109 | |||
103 | /* Local TCP/IP forward requests. */ | 110 | /* Local TCP/IP forward requests. */ |
104 | int num_local_forwards; | 111 | int num_local_forwards; |
105 | struct Forward *local_forwards; | 112 | struct Forward *local_forwards; |
@@ -135,8 +142,6 @@ typedef struct { | |||
135 | int permit_local_command; | 142 | int permit_local_command; |
136 | int visual_host_key; | 143 | int visual_host_key; |
137 | 144 | ||
138 | int use_roaming; | ||
139 | |||
140 | int request_tty; | 145 | int request_tty; |
141 | 146 | ||
142 | int proxy_use_fdpass; | 147 | int proxy_use_fdpass; |
@@ -199,5 +204,6 @@ void dump_client_config(Options *o, const char *host); | |||
199 | void add_local_forward(Options *, const struct Forward *); | 204 | void add_local_forward(Options *, const struct Forward *); |
200 | void add_remote_forward(Options *, const struct Forward *); | 205 | void add_remote_forward(Options *, const struct Forward *); |
201 | void add_identity_file(Options *, const char *, const char *, int); | 206 | void add_identity_file(Options *, const char *, const char *, int); |
207 | void add_certificate_file(Options *, const char *, int); | ||
202 | 208 | ||
203 | #endif /* READCONF_H */ | 209 | #endif /* READCONF_H */ |
diff --git a/readpass.c b/readpass.c index 869d86425..05c8cac1c 100644 --- a/readpass.c +++ b/readpass.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: readpass.c,v 1.50 2014/02/02 03:44:31 djm Exp $ */ | 1 | /* $OpenBSD: readpass.c,v 1.51 2015/12/11 00:20:04 mmcc Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -76,7 +76,7 @@ ssh_askpass(char *askpass, const char *msg) | |||
76 | close(p[0]); | 76 | close(p[0]); |
77 | if (dup2(p[1], STDOUT_FILENO) < 0) | 77 | if (dup2(p[1], STDOUT_FILENO) < 0) |
78 | fatal("ssh_askpass: dup2: %s", strerror(errno)); | 78 | fatal("ssh_askpass: dup2: %s", strerror(errno)); |
79 | execlp(askpass, askpass, msg, (char *) 0); | 79 | execlp(askpass, askpass, msg, (char *)NULL); |
80 | fatal("ssh_askpass: exec(%s): %s", askpass, strerror(errno)); | 80 | fatal("ssh_askpass: exec(%s): %s", askpass, strerror(errno)); |
81 | } | 81 | } |
82 | close(p[1]); | 82 | close(p[1]); |
diff --git a/regress/Makefile b/regress/Makefile index cba83f4d6..451909c1a 100644 --- a/regress/Makefile +++ b/regress/Makefile | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: Makefile,v 1.81 2015/05/21 06:44:25 djm Exp $ | 1 | # $OpenBSD: Makefile,v 1.82 2015/09/24 06:16:53 djm Exp $ |
2 | 2 | ||
3 | REGRESS_TARGETS= unit t1 t2 t3 t4 t5 t6 t7 t8 t9 t10 t11 t12 t-exec | 3 | REGRESS_TARGETS= unit t1 t2 t3 t4 t5 t6 t7 t8 t9 t10 t11 t12 t-exec |
4 | tests: prep $(REGRESS_TARGETS) | 4 | tests: prep $(REGRESS_TARGETS) |
@@ -74,7 +74,8 @@ LTESTS= connect \ | |||
74 | hostkey-agent \ | 74 | hostkey-agent \ |
75 | keygen-knownhosts \ | 75 | keygen-knownhosts \ |
76 | hostkey-rotate \ | 76 | hostkey-rotate \ |
77 | principals-command | 77 | principals-command \ |
78 | cert-file | ||
78 | 79 | ||
79 | 80 | ||
80 | # dhgex \ | 81 | # dhgex \ |
diff --git a/regress/agent-ptrace.sh b/regress/agent-ptrace.sh index 1912ca8f9..bb676d631 100644 --- a/regress/agent-ptrace.sh +++ b/regress/agent-ptrace.sh | |||
@@ -12,6 +12,11 @@ if have_prog uname ; then | |||
12 | esac | 12 | esac |
13 | fi | 13 | fi |
14 | 14 | ||
15 | if [ "x$USER" = "xroot" ]; then | ||
16 | echo "Skipped: running as root" | ||
17 | exit 0 | ||
18 | fi | ||
19 | |||
15 | if have_prog gdb ; then | 20 | if have_prog gdb ; then |
16 | : ok | 21 | : ok |
17 | else | 22 | else |
diff --git a/regress/cert-file.sh b/regress/cert-file.sh new file mode 100644 index 000000000..bad923ad0 --- /dev/null +++ b/regress/cert-file.sh | |||
@@ -0,0 +1,138 @@ | |||
1 | # $OpenBSD: cert-file.sh,v 1.2 2015/09/24 07:15:39 djm Exp $ | ||
2 | # Placed in the Public Domain. | ||
3 | |||
4 | tid="ssh with certificates" | ||
5 | |||
6 | rm -f $OBJ/user_ca_key* $OBJ/user_key* | ||
7 | rm -f $OBJ/cert_user_key* | ||
8 | |||
9 | # Create a CA key | ||
10 | ${SSHKEYGEN} -q -N '' -t ed25519 -f $OBJ/user_ca_key1 ||\ | ||
11 | fatal "ssh-keygen failed" | ||
12 | ${SSHKEYGEN} -q -N '' -t ed25519 -f $OBJ/user_ca_key2 ||\ | ||
13 | fatal "ssh-keygen failed" | ||
14 | |||
15 | # Make some keys and certificates. | ||
16 | ${SSHKEYGEN} -q -N '' -t ed25519 -f $OBJ/user_key1 || \ | ||
17 | fatal "ssh-keygen failed" | ||
18 | ${SSHKEYGEN} -q -N '' -t ed25519 -f $OBJ/user_key2 || \ | ||
19 | fatal "ssh-keygen failed" | ||
20 | # Move the certificate to a different address to better control | ||
21 | # when it is offered. | ||
22 | ${SSHKEYGEN} -q -s $OBJ/user_ca_key1 -I "regress user key for $USER" \ | ||
23 | -z $$ -n ${USER} $OBJ/user_key1 || | ||
24 | fail "couldn't sign user_key1 with user_ca_key1" | ||
25 | mv $OBJ/user_key1-cert.pub $OBJ/cert_user_key1_1.pub | ||
26 | ${SSHKEYGEN} -q -s $OBJ/user_ca_key2 -I "regress user key for $USER" \ | ||
27 | -z $$ -n ${USER} $OBJ/user_key1 || | ||
28 | fail "couldn't sign user_key1 with user_ca_key2" | ||
29 | mv $OBJ/user_key1-cert.pub $OBJ/cert_user_key1_2.pub | ||
30 | |||
31 | trace 'try with identity files' | ||
32 | opts="-F $OBJ/ssh_proxy -oIdentitiesOnly=yes" | ||
33 | opts2="$opts -i $OBJ/user_key1 -i $OBJ/user_key2" | ||
34 | echo "cert-authority $(cat $OBJ/user_ca_key1.pub)" > $OBJ/authorized_keys_$USER | ||
35 | |||
36 | for p in ${SSH_PROTOCOLS}; do | ||
37 | # Just keys should fail | ||
38 | ${SSH} $opts2 somehost exit 5$p | ||
39 | r=$? | ||
40 | if [ $r -eq 5$p ]; then | ||
41 | fail "ssh succeeded with no certs in protocol $p" | ||
42 | fi | ||
43 | |||
44 | # Keys with untrusted cert should fail. | ||
45 | opts3="$opts2 -oCertificateFile=$OBJ/cert_user_key1_2.pub" | ||
46 | ${SSH} $opts3 somehost exit 5$p | ||
47 | r=$? | ||
48 | if [ $r -eq 5$p ]; then | ||
49 | fail "ssh succeeded with bad cert in protocol $p" | ||
50 | fi | ||
51 | |||
52 | # Good cert with bad key should fail. | ||
53 | opts3="$opts -i $OBJ/user_key2" | ||
54 | opts3="$opts3 -oCertificateFile=$OBJ/cert_user_key1_1.pub" | ||
55 | ${SSH} $opts3 somehost exit 5$p | ||
56 | r=$? | ||
57 | if [ $r -eq 5$p ]; then | ||
58 | fail "ssh succeeded with no matching key in protocol $p" | ||
59 | fi | ||
60 | |||
61 | # Keys with one trusted cert, should succeed. | ||
62 | opts3="$opts2 -oCertificateFile=$OBJ/cert_user_key1_1.pub" | ||
63 | ${SSH} $opts3 somehost exit 5$p | ||
64 | r=$? | ||
65 | if [ $r -ne 5$p ]; then | ||
66 | fail "ssh failed with trusted cert and key in protocol $p" | ||
67 | fi | ||
68 | |||
69 | # Multiple certs and keys, with one trusted cert, should succeed. | ||
70 | opts3="$opts2 -oCertificateFile=$OBJ/cert_user_key1_2.pub" | ||
71 | opts3="$opts3 -oCertificateFile=$OBJ/cert_user_key1_1.pub" | ||
72 | ${SSH} $opts3 somehost exit 5$p | ||
73 | r=$? | ||
74 | if [ $r -ne 5$p ]; then | ||
75 | fail "ssh failed with multiple certs in protocol $p" | ||
76 | fi | ||
77 | |||
78 | #Keys with trusted certificate specified in config options, should succeed. | ||
79 | opts3="$opts2 -oCertificateFile=$OBJ/cert_user_key1_1.pub" | ||
80 | ${SSH} $opts3 somehost exit 5$p | ||
81 | r=$? | ||
82 | if [ $r -ne 5$p ]; then | ||
83 | fail "ssh failed with trusted cert in config in protocol $p" | ||
84 | fi | ||
85 | done | ||
86 | |||
87 | #next, using an agent in combination with the keys | ||
88 | SSH_AUTH_SOCK=/nonexistent ${SSHADD} -l > /dev/null 2>&1 | ||
89 | if [ $? -ne 2 ]; then | ||
90 | fatal "ssh-add -l did not fail with exit code 2" | ||
91 | fi | ||
92 | |||
93 | trace "start agent" | ||
94 | eval `${SSHAGENT} -s` > /dev/null | ||
95 | r=$? | ||
96 | if [ $r -ne 0 ]; then | ||
97 | fatal "could not start ssh-agent: exit code $r" | ||
98 | fi | ||
99 | |||
100 | # add private keys to agent | ||
101 | ${SSHADD} -k $OBJ/user_key2 > /dev/null 2>&1 | ||
102 | if [ $? -ne 0 ]; then | ||
103 | fatal "ssh-add did not succeed with exit code 0" | ||
104 | fi | ||
105 | ${SSHADD} -k $OBJ/user_key1 > /dev/null 2>&1 | ||
106 | if [ $? -ne 0 ]; then | ||
107 | fatal "ssh-add did not succeed with exit code 0" | ||
108 | fi | ||
109 | |||
110 | # try ssh with the agent and certificates | ||
111 | # note: ssh agent only uses certificates in protocol 2 | ||
112 | opts="-F $OBJ/ssh_proxy" | ||
113 | # with no certificates, shoud fail | ||
114 | ${SSH} -2 $opts somehost exit 52 | ||
115 | if [ $? -eq 52 ]; then | ||
116 | fail "ssh connect with agent in protocol 2 succeeded with no cert" | ||
117 | fi | ||
118 | |||
119 | #with an untrusted certificate, should fail | ||
120 | opts="$opts -oCertificateFile=$OBJ/cert_user_key1_2.pub" | ||
121 | ${SSH} -2 $opts somehost exit 52 | ||
122 | if [ $? -eq 52 ]; then | ||
123 | fail "ssh connect with agent in protocol 2 succeeded with bad cert" | ||
124 | fi | ||
125 | |||
126 | #with an additional trusted certificate, should succeed | ||
127 | opts="$opts -oCertificateFile=$OBJ/cert_user_key1_1.pub" | ||
128 | ${SSH} -2 $opts somehost exit 52 | ||
129 | if [ $? -ne 52 ]; then | ||
130 | fail "ssh connect with agent in protocol 2 failed with good cert" | ||
131 | fi | ||
132 | |||
133 | trace "kill agent" | ||
134 | ${SSHAGENT} -k > /dev/null | ||
135 | |||
136 | #cleanup | ||
137 | rm -f $OBJ/user_ca_key* $OBJ/user_key* | ||
138 | rm -f $OBJ/cert_user_key* | ||
diff --git a/regress/check-perm.c b/regress/check-perm.c new file mode 100644 index 000000000..dac307d24 --- /dev/null +++ b/regress/check-perm.c | |||
@@ -0,0 +1,205 @@ | |||
1 | /* | ||
2 | * Placed in the public domain | ||
3 | */ | ||
4 | |||
5 | /* $OpenBSD: modpipe.c,v 1.6 2013/11/21 03:16:47 djm Exp $ */ | ||
6 | |||
7 | #include "includes.h" | ||
8 | |||
9 | #include <sys/types.h> | ||
10 | #include <sys/stat.h> | ||
11 | #include <unistd.h> | ||
12 | #include <stdio.h> | ||
13 | #include <string.h> | ||
14 | #include <stdarg.h> | ||
15 | #include <stdlib.h> | ||
16 | #include <errno.h> | ||
17 | #include <pwd.h> | ||
18 | #ifdef HAVE_LIBGEN_H | ||
19 | #include <libgen.h> | ||
20 | #endif | ||
21 | |||
22 | static void | ||
23 | fatal(const char *fmt, ...) | ||
24 | { | ||
25 | va_list args; | ||
26 | |||
27 | va_start(args, fmt); | ||
28 | vfprintf(stderr, fmt, args); | ||
29 | fputc('\n', stderr); | ||
30 | va_end(args); | ||
31 | exit(1); | ||
32 | } | ||
33 | /* Based on session.c. NB. keep tests in sync */ | ||
34 | static void | ||
35 | safely_chroot(const char *path, uid_t uid) | ||
36 | { | ||
37 | const char *cp; | ||
38 | char component[PATH_MAX]; | ||
39 | struct stat st; | ||
40 | |||
41 | if (*path != '/') | ||
42 | fatal("chroot path does not begin at root"); | ||
43 | if (strlen(path) >= sizeof(component)) | ||
44 | fatal("chroot path too long"); | ||
45 | |||
46 | /* | ||
47 | * Descend the path, checking that each component is a | ||
48 | * root-owned directory with strict permissions. | ||
49 | */ | ||
50 | for (cp = path; cp != NULL;) { | ||
51 | if ((cp = strchr(cp, '/')) == NULL) | ||
52 | strlcpy(component, path, sizeof(component)); | ||
53 | else { | ||
54 | cp++; | ||
55 | memcpy(component, path, cp - path); | ||
56 | component[cp - path] = '\0'; | ||
57 | } | ||
58 | |||
59 | /* debug3("%s: checking '%s'", __func__, component); */ | ||
60 | |||
61 | if (stat(component, &st) != 0) | ||
62 | fatal("%s: stat(\"%s\"): %s", __func__, | ||
63 | component, strerror(errno)); | ||
64 | if (st.st_uid != 0 || (st.st_mode & 022) != 0) | ||
65 | fatal("bad ownership or modes for chroot " | ||
66 | "directory %s\"%s\"", | ||
67 | cp == NULL ? "" : "component ", component); | ||
68 | if (!S_ISDIR(st.st_mode)) | ||
69 | fatal("chroot path %s\"%s\" is not a directory", | ||
70 | cp == NULL ? "" : "component ", component); | ||
71 | |||
72 | } | ||
73 | |||
74 | if (chdir(path) == -1) | ||
75 | fatal("Unable to chdir to chroot path \"%s\": " | ||
76 | "%s", path, strerror(errno)); | ||
77 | } | ||
78 | |||
79 | /* from platform.c */ | ||
80 | int | ||
81 | platform_sys_dir_uid(uid_t uid) | ||
82 | { | ||
83 | if (uid == 0) | ||
84 | return 1; | ||
85 | #ifdef PLATFORM_SYS_DIR_UID | ||
86 | if (uid == PLATFORM_SYS_DIR_UID) | ||
87 | return 1; | ||
88 | #endif | ||
89 | return 0; | ||
90 | } | ||
91 | |||
92 | /* from auth.c */ | ||
93 | int | ||
94 | auth_secure_path(const char *name, struct stat *stp, const char *pw_dir, | ||
95 | uid_t uid, char *err, size_t errlen) | ||
96 | { | ||
97 | char buf[PATH_MAX], homedir[PATH_MAX]; | ||
98 | char *cp; | ||
99 | int comparehome = 0; | ||
100 | struct stat st; | ||
101 | |||
102 | if (realpath(name, buf) == NULL) { | ||
103 | snprintf(err, errlen, "realpath %s failed: %s", name, | ||
104 | strerror(errno)); | ||
105 | return -1; | ||
106 | } | ||
107 | if (pw_dir != NULL && realpath(pw_dir, homedir) != NULL) | ||
108 | comparehome = 1; | ||
109 | |||
110 | if (!S_ISREG(stp->st_mode)) { | ||
111 | snprintf(err, errlen, "%s is not a regular file", buf); | ||
112 | return -1; | ||
113 | } | ||
114 | if ((!platform_sys_dir_uid(stp->st_uid) && stp->st_uid != uid) || | ||
115 | (stp->st_mode & 022) != 0) { | ||
116 | snprintf(err, errlen, "bad ownership or modes for file %s", | ||
117 | buf); | ||
118 | return -1; | ||
119 | } | ||
120 | |||
121 | /* for each component of the canonical path, walking upwards */ | ||
122 | for (;;) { | ||
123 | if ((cp = dirname(buf)) == NULL) { | ||
124 | snprintf(err, errlen, "dirname() failed"); | ||
125 | return -1; | ||
126 | } | ||
127 | strlcpy(buf, cp, sizeof(buf)); | ||
128 | |||
129 | if (stat(buf, &st) < 0 || | ||
130 | (!platform_sys_dir_uid(st.st_uid) && st.st_uid != uid) || | ||
131 | (st.st_mode & 022) != 0) { | ||
132 | snprintf(err, errlen, | ||
133 | "bad ownership or modes for directory %s", buf); | ||
134 | return -1; | ||
135 | } | ||
136 | |||
137 | /* If are past the homedir then we can stop */ | ||
138 | if (comparehome && strcmp(homedir, buf) == 0) | ||
139 | break; | ||
140 | |||
141 | /* | ||
142 | * dirname should always complete with a "/" path, | ||
143 | * but we can be paranoid and check for "." too | ||
144 | */ | ||
145 | if ((strcmp("/", buf) == 0) || (strcmp(".", buf) == 0)) | ||
146 | break; | ||
147 | } | ||
148 | return 0; | ||
149 | } | ||
150 | |||
151 | static void | ||
152 | usage(void) | ||
153 | { | ||
154 | fprintf(stderr, "check-perm -m [chroot | keys-command] [path]\n"); | ||
155 | exit(1); | ||
156 | } | ||
157 | |||
158 | int | ||
159 | main(int argc, char **argv) | ||
160 | { | ||
161 | const char *path = "."; | ||
162 | char errmsg[256]; | ||
163 | int ch, mode = -1; | ||
164 | extern char *optarg; | ||
165 | extern int optind; | ||
166 | struct stat st; | ||
167 | |||
168 | while ((ch = getopt(argc, argv, "hm:")) != -1) { | ||
169 | switch (ch) { | ||
170 | case 'm': | ||
171 | if (strcasecmp(optarg, "chroot") == 0) | ||
172 | mode = 1; | ||
173 | else if (strcasecmp(optarg, "keys-command") == 0) | ||
174 | mode = 2; | ||
175 | else { | ||
176 | fprintf(stderr, "Invalid -m option\n"), | ||
177 | usage(); | ||
178 | } | ||
179 | break; | ||
180 | default: | ||
181 | usage(); | ||
182 | } | ||
183 | } | ||
184 | argc -= optind; | ||
185 | argv += optind; | ||
186 | |||
187 | if (argc > 1) | ||
188 | usage(); | ||
189 | else if (argc == 1) | ||
190 | path = argv[0]; | ||
191 | |||
192 | if (mode == 1) | ||
193 | safely_chroot(path, getuid()); | ||
194 | else if (mode == 2) { | ||
195 | if (stat(path, &st) < 0) | ||
196 | fatal("Could not stat %s: %s", path, strerror(errno)); | ||
197 | if (auth_secure_path(path, &st, NULL, 0, | ||
198 | errmsg, sizeof(errmsg)) != 0) | ||
199 | fatal("Unsafe %s: %s", path, errmsg); | ||
200 | } else { | ||
201 | fprintf(stderr, "Invalid mode\n"); | ||
202 | usage(); | ||
203 | } | ||
204 | return 0; | ||
205 | } | ||
diff --git a/regress/dhgex.sh b/regress/dhgex.sh index 57fca4a32..e7c573397 100644 --- a/regress/dhgex.sh +++ b/regress/dhgex.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: dhgex.sh,v 1.2 2014/04/21 22:15:37 djm Exp $ | 1 | # $OpenBSD: dhgex.sh,v 1.3 2015/10/23 02:22:01 dtucker Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="dhgex" | 4 | tid="dhgex" |
@@ -20,7 +20,9 @@ ssh_test_dhgex() | |||
20 | echo "Ciphers=$cipher" >> $OBJ/sshd_proxy | 20 | echo "Ciphers=$cipher" >> $OBJ/sshd_proxy |
21 | rm -f ${LOG} | 21 | rm -f ${LOG} |
22 | opts="-oKexAlgorithms=$kex -oCiphers=$cipher" | 22 | opts="-oKexAlgorithms=$kex -oCiphers=$cipher" |
23 | groupsz="1024<$bits<8192" | 23 | min=2048 |
24 | max=8192 | ||
25 | groupsz="$min<$bits<$max" | ||
24 | verbose "$tid bits $bits $kex $cipher" | 26 | verbose "$tid bits $bits $kex $cipher" |
25 | ${SSH} ${opts} $@ -vvv -F ${OBJ}/ssh_proxy somehost true | 27 | ${SSH} ${opts} $@ -vvv -F ${OBJ}/ssh_proxy somehost true |
26 | if [ $? -ne 0 ]; then | 28 | if [ $? -ne 0 ]; then |
diff --git a/regress/hostkey-rotate.sh b/regress/hostkey-rotate.sh index 3aa8c40c0..d69de3255 100644 --- a/regress/hostkey-rotate.sh +++ b/regress/hostkey-rotate.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: hostkey-rotate.sh,v 1.4 2015/07/10 06:23:25 markus Exp $ | 1 | # $OpenBSD: hostkey-rotate.sh,v 1.5 2015/09/04 04:23:10 djm Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="hostkey rotate" | 4 | tid="hostkey rotate" |
@@ -108,21 +108,3 @@ verbose "check rotate primary hostkey" | |||
108 | dossh -oStrictHostKeyChecking=yes -oHostKeyAlgorithms=ssh-rsa | 108 | dossh -oStrictHostKeyChecking=yes -oHostKeyAlgorithms=ssh-rsa |
109 | expect_nkeys 1 "learn hostkeys" | 109 | expect_nkeys 1 "learn hostkeys" |
110 | check_key_present ssh-rsa || fail "didn't learn changed key" | 110 | check_key_present ssh-rsa || fail "didn't learn changed key" |
111 | |||
112 | # $OpenBSD: hostkey-rotate.sh,v 1.4 2015/07/10 06:23:25 markus Exp $ | ||
113 | # Placed in the Public Domain. | ||
114 | |||
115 | tid="hostkey rotate" | ||
116 | |||
117 | # Prepare hostkeys file with one key | ||
118 | |||
119 | # Connect to sshd | ||
120 | |||
121 | # Check that other keys learned | ||
122 | |||
123 | # Change one hostkey (non primary) | ||
124 | |||
125 | # Connect to sshd | ||
126 | |||
127 | # Check that the key was replaced | ||
128 | |||
diff --git a/regress/keys-command.sh b/regress/keys-command.sh index 700273b66..af68cf15c 100644 --- a/regress/keys-command.sh +++ b/regress/keys-command.sh | |||
@@ -36,6 +36,12 @@ exec cat "$OBJ/authorized_keys_${LOGNAME}" | |||
36 | _EOF | 36 | _EOF |
37 | $SUDO chmod 0755 "$KEY_COMMAND" | 37 | $SUDO chmod 0755 "$KEY_COMMAND" |
38 | 38 | ||
39 | if ! $OBJ/check-perm -m keys-command $KEY_COMMAND ; then | ||
40 | echo "skipping: $KEY_COMMAND is unsuitable as AuthorizedKeysCommand" | ||
41 | $SUDO rm -f $KEY_COMMAND | ||
42 | exit 0 | ||
43 | fi | ||
44 | |||
39 | if [ -x $KEY_COMMAND ]; then | 45 | if [ -x $KEY_COMMAND ]; then |
40 | cp $OBJ/sshd_proxy $OBJ/sshd_proxy.bak | 46 | cp $OBJ/sshd_proxy $OBJ/sshd_proxy.bak |
41 | 47 | ||
diff --git a/regress/keyscan.sh b/regress/keyscan.sh index 886f3295a..f97364b76 100644 --- a/regress/keyscan.sh +++ b/regress/keyscan.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: keyscan.sh,v 1.4 2015/03/03 22:35:19 markus Exp $ | 1 | # $OpenBSD: keyscan.sh,v 1.5 2015/09/11 03:44:21 djm Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="keyscan" | 4 | tid="keyscan" |
@@ -8,7 +8,7 @@ rm -f ${OBJ}/host.dsa | |||
8 | 8 | ||
9 | start_sshd | 9 | start_sshd |
10 | 10 | ||
11 | KEYTYPES="rsa dsa" | 11 | KEYTYPES=`${SSH} -Q key-plain` |
12 | if ssh_version 1; then | 12 | if ssh_version 1; then |
13 | KEYTYPES="${KEYTYPES} rsa1" | 13 | KEYTYPES="${KEYTYPES} rsa1" |
14 | fi | 14 | fi |
diff --git a/regress/limit-keytype.sh b/regress/limit-keytype.sh index 2de037bd1..c0cf2fed6 100644 --- a/regress/limit-keytype.sh +++ b/regress/limit-keytype.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: limit-keytype.sh,v 1.1 2015/01/13 07:49:49 djm Exp $ | 1 | # $OpenBSD: limit-keytype.sh,v 1.4 2015/10/29 08:05:17 djm Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="restrict pubkey type" | 4 | tid="restrict pubkey type" |
@@ -20,18 +20,19 @@ ${SSHKEYGEN} -q -N '' -t rsa -f $OBJ/user_key2 || \ | |||
20 | fatal "ssh-keygen failed" | 20 | fatal "ssh-keygen failed" |
21 | ${SSHKEYGEN} -q -N '' -t rsa -f $OBJ/user_key3 || \ | 21 | ${SSHKEYGEN} -q -N '' -t rsa -f $OBJ/user_key3 || \ |
22 | fatal "ssh-keygen failed" | 22 | fatal "ssh-keygen failed" |
23 | ${SSHKEYGEN} -q -N '' -t dsa -f $OBJ/user_key4 || \ | ||
24 | fatal "ssh-keygen failed" | ||
23 | ${SSHKEYGEN} -q -s $OBJ/user_ca_key -I "regress user key for $USER" \ | 25 | ${SSHKEYGEN} -q -s $OBJ/user_ca_key -I "regress user key for $USER" \ |
24 | -z $$ -n ${USER},mekmitasdigoat $OBJ/user_key3 || | 26 | -z $$ -n ${USER},mekmitasdigoat $OBJ/user_key3 || |
25 | fatal "couldn't sign user_key1" | 27 | fatal "couldn't sign user_key1" |
26 | # Copy the private key alongside the cert to allow better control of when | 28 | # Copy the private key alongside the cert to allow better control of when |
27 | # it is offered. | 29 | # it is offered. |
28 | mv $OBJ/user_key3-cert.pub $OBJ/cert_user_key3.pub | 30 | mv $OBJ/user_key3-cert.pub $OBJ/cert_user_key3.pub |
29 | cp -p $OBJ/user_key3 $OBJ/cert_user_key3 | ||
30 | 31 | ||
31 | grep -v IdentityFile $OBJ/ssh_proxy.orig > $OBJ/ssh_proxy | 32 | grep -v IdentityFile $OBJ/ssh_proxy.orig > $OBJ/ssh_proxy |
32 | 33 | ||
33 | opts="-oProtocol=2 -F $OBJ/ssh_proxy -oIdentitiesOnly=yes" | 34 | opts="-oProtocol=2 -F $OBJ/ssh_proxy -oIdentitiesOnly=yes" |
34 | fullopts="$opts -i $OBJ/cert_user_key3 -i $OBJ/user_key1 -i $OBJ/user_key2" | 35 | certopts="$opts -i $OBJ/user_key3 -oCertificateFile=$OBJ/cert_user_key3.pub" |
35 | 36 | ||
36 | echo mekmitasdigoat > $OBJ/authorized_principals_$USER | 37 | echo mekmitasdigoat > $OBJ/authorized_principals_$USER |
37 | cat $OBJ/user_key1.pub > $OBJ/authorized_keys_$USER | 38 | cat $OBJ/user_key1.pub > $OBJ/authorized_keys_$USER |
@@ -53,28 +54,44 @@ prepare_config() { | |||
53 | prepare_config | 54 | prepare_config |
54 | 55 | ||
55 | # Check we can log in with all key types. | 56 | # Check we can log in with all key types. |
56 | ${SSH} $opts -i $OBJ/cert_user_key3 proxy true || fatal "cert failed" | 57 | ${SSH} $certopts proxy true || fatal "cert failed" |
57 | ${SSH} $opts -i $OBJ/user_key1 proxy true || fatal "key1 failed" | 58 | ${SSH} $opts -i $OBJ/user_key1 proxy true || fatal "key1 failed" |
58 | ${SSH} $opts -i $OBJ/user_key2 proxy true || fatal "key2 failed" | 59 | ${SSH} $opts -i $OBJ/user_key2 proxy true || fatal "key2 failed" |
59 | 60 | ||
60 | # Allow plain Ed25519 and RSA. The certificate should fail. | 61 | # Allow plain Ed25519 and RSA. The certificate should fail. |
61 | verbose "privsep=$privsep allow rsa,ed25519" | 62 | verbose "allow rsa,ed25519" |
62 | prepare_config "PubkeyAcceptedKeyTypes ssh-rsa,ssh-ed25519" | 63 | prepare_config "PubkeyAcceptedKeyTypes ssh-rsa,ssh-ed25519" |
63 | ${SSH} $opts -i $OBJ/cert_user_key3 proxy true && fatal "cert succeeded" | 64 | ${SSH} $certopts proxy true && fatal "cert succeeded" |
64 | ${SSH} $opts -i $OBJ/user_key1 proxy true || fatal "key1 failed" | 65 | ${SSH} $opts -i $OBJ/user_key1 proxy true || fatal "key1 failed" |
65 | ${SSH} $opts -i $OBJ/user_key2 proxy true || fatal "key2 failed" | 66 | ${SSH} $opts -i $OBJ/user_key2 proxy true || fatal "key2 failed" |
66 | 67 | ||
67 | # Allow Ed25519 only. | 68 | # Allow Ed25519 only. |
68 | verbose "privsep=$privsep allow ed25519" | 69 | verbose "allow ed25519" |
69 | prepare_config "PubkeyAcceptedKeyTypes ssh-ed25519" | 70 | prepare_config "PubkeyAcceptedKeyTypes ssh-ed25519" |
70 | ${SSH} $opts -i $OBJ/cert_user_key3 proxy true && fatal "cert succeeded" | 71 | ${SSH} $certopts proxy true && fatal "cert succeeded" |
71 | ${SSH} $opts -i $OBJ/user_key1 proxy true || fatal "key1 failed" | 72 | ${SSH} $opts -i $OBJ/user_key1 proxy true || fatal "key1 failed" |
72 | ${SSH} $opts -i $OBJ/user_key2 proxy true && fatal "key2 succeeded" | 73 | ${SSH} $opts -i $OBJ/user_key2 proxy true && fatal "key2 succeeded" |
73 | 74 | ||
74 | # Allow all certs. Plain keys should fail. | 75 | # Allow all certs. Plain keys should fail. |
75 | verbose "privsep=$privsep allow cert only" | 76 | verbose "allow cert only" |
76 | prepare_config "PubkeyAcceptedKeyTypes ssh-*-cert-v01@openssh.com" | 77 | prepare_config "PubkeyAcceptedKeyTypes ssh-*-cert-v01@openssh.com" |
77 | ${SSH} $opts -i $OBJ/cert_user_key3 proxy true || fatal "cert failed" | 78 | ${SSH} $certopts proxy true || fatal "cert failed" |
78 | ${SSH} $opts -i $OBJ/user_key1 proxy true && fatal "key1 succeeded" | 79 | ${SSH} $opts -i $OBJ/user_key1 proxy true && fatal "key1 succeeded" |
79 | ${SSH} $opts -i $OBJ/user_key2 proxy true && fatal "key2 succeeded" | 80 | ${SSH} $opts -i $OBJ/user_key2 proxy true && fatal "key2 succeeded" |
80 | 81 | ||
82 | # Allow RSA in main config, Ed25519 for non-existent user. | ||
83 | verbose "match w/ no match" | ||
84 | prepare_config "PubkeyAcceptedKeyTypes ssh-rsa" \ | ||
85 | "Match user x$USER" "PubkeyAcceptedKeyTypes +ssh-ed25519" | ||
86 | ${SSH} $certopts proxy true && fatal "cert succeeded" | ||
87 | ${SSH} $opts -i $OBJ/user_key1 proxy true && fatal "key1 succeeded" | ||
88 | ${SSH} $opts -i $OBJ/user_key2 proxy true || fatal "key2 failed" | ||
89 | |||
90 | # Allow only DSA in main config, Ed25519 for user. | ||
91 | verbose "match w/ matching" | ||
92 | prepare_config "PubkeyAcceptedKeyTypes ssh-dss" \ | ||
93 | "Match user $USER" "PubkeyAcceptedKeyTypes +ssh-ed25519" | ||
94 | ${SSH} $certopts proxy true || fatal "cert failed" | ||
95 | ${SSH} $opts -i $OBJ/user_key1 proxy true || fatal "key1 failed" | ||
96 | ${SSH} $opts -i $OBJ/user_key4 proxy true && fatal "key4 succeeded" | ||
97 | |||
diff --git a/regress/principals-command.sh b/regress/principals-command.sh index b90a8cf2c..c0be7e747 100644 --- a/regress/principals-command.sh +++ b/regress/principals-command.sh | |||
@@ -24,6 +24,13 @@ _EOF | |||
24 | test $? -eq 0 || fatal "couldn't prepare principals command" | 24 | test $? -eq 0 || fatal "couldn't prepare principals command" |
25 | $SUDO chmod 0755 "$PRINCIPALS_CMD" | 25 | $SUDO chmod 0755 "$PRINCIPALS_CMD" |
26 | 26 | ||
27 | if ! $OBJ/check-perm -m keys-command $PRINCIPALS_CMD ; then | ||
28 | echo "skipping: $PRINCIPALS_CMD is unsuitable as " \ | ||
29 | "AuthorizedPrincipalsCommand" | ||
30 | $SUDO rm -f $PRINCIPALS_CMD | ||
31 | exit 0 | ||
32 | fi | ||
33 | |||
27 | # Create a CA key and a user certificate. | 34 | # Create a CA key and a user certificate. |
28 | ${SSHKEYGEN} -q -N '' -t ed25519 -f $OBJ/user_ca_key || \ | 35 | ${SSHKEYGEN} -q -N '' -t ed25519 -f $OBJ/user_ca_key || \ |
29 | fatal "ssh-keygen of user_ca_key failed" | 36 | fatal "ssh-keygen of user_ca_key failed" |
diff --git a/regress/proxy-connect.sh b/regress/proxy-connect.sh index f816962b5..b7a43fabe 100644 --- a/regress/proxy-connect.sh +++ b/regress/proxy-connect.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: proxy-connect.sh,v 1.8 2015/03/03 22:35:19 markus Exp $ | 1 | # $OpenBSD: proxy-connect.sh,v 1.9 2016/02/17 02:24:17 djm Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="proxy connect" | 4 | tid="proxy connect" |
@@ -18,7 +18,8 @@ for ps in no yes; do | |||
18 | fail "ssh proxyconnect protocol $p privsep=$ps comp=$c failed" | 18 | fail "ssh proxyconnect protocol $p privsep=$ps comp=$c failed" |
19 | fi | 19 | fi |
20 | if [ "$SSH_CONNECTION" != "UNKNOWN 65535 UNKNOWN 65535" ]; then | 20 | if [ "$SSH_CONNECTION" != "UNKNOWN 65535 UNKNOWN 65535" ]; then |
21 | fail "bad SSH_CONNECTION protocol $p privsep=$ps comp=$c" | 21 | fail "bad SSH_CONNECTION protocol $p privsep=$ps comp=$c: " \ |
22 | "$SSH_CONNECTION" | ||
22 | fi | 23 | fi |
23 | done | 24 | done |
24 | done | 25 | done |
diff --git a/regress/rekey.sh b/regress/rekey.sh index 0d4444d03..ae145bc8b 100644 --- a/regress/rekey.sh +++ b/regress/rekey.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: rekey.sh,v 1.16 2015/02/14 12:43:16 markus Exp $ | 1 | # $OpenBSD: rekey.sh,v 1.17 2016/01/29 05:18:15 dtucker Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="rekey" | 4 | tid="rekey" |
@@ -137,13 +137,15 @@ for s in 5 10; do | |||
137 | done | 137 | done |
138 | 138 | ||
139 | verbose "rekeylimit parsing" | 139 | verbose "rekeylimit parsing" |
140 | for size in 16 1k 1K 1m 1M 1g 1G; do | 140 | for size in 16 1k 1K 1m 1M 1g 1G 4G 8G; do |
141 | for time in 1 1m 1M 1h 1H 1d 1D 1w 1W; do | 141 | for time in 1 1m 1M 1h 1H 1d 1D 1w 1W; do |
142 | case $size in | 142 | case $size in |
143 | 16) bytes=16 ;; | 143 | 16) bytes=16 ;; |
144 | 1k|1K) bytes=1024 ;; | 144 | 1k|1K) bytes=1024 ;; |
145 | 1m|1M) bytes=1048576 ;; | 145 | 1m|1M) bytes=1048576 ;; |
146 | 1g|1G) bytes=1073741824 ;; | 146 | 1g|1G) bytes=1073741824 ;; |
147 | 4g|4G) bytes=4294967296 ;; | ||
148 | 8g|8G) bytes=8589934592 ;; | ||
147 | esac | 149 | esac |
148 | case $time in | 150 | case $time in |
149 | 1) seconds=1 ;; | 151 | 1) seconds=1 ;; |
diff --git a/regress/setuid-allowed.c b/regress/setuid-allowed.c index 676d2661c..7a0527fd0 100644 --- a/regress/setuid-allowed.c +++ b/regress/setuid-allowed.c | |||
@@ -26,7 +26,7 @@ | |||
26 | #include <string.h> | 26 | #include <string.h> |
27 | #include <errno.h> | 27 | #include <errno.h> |
28 | 28 | ||
29 | void | 29 | static void |
30 | usage(void) | 30 | usage(void) |
31 | { | 31 | { |
32 | fprintf(stderr, "check-setuid [path]\n"); | 32 | fprintf(stderr, "check-setuid [path]\n"); |
diff --git a/regress/sftp-chroot.sh b/regress/sftp-chroot.sh index 23f7456e8..9c26eb680 100644 --- a/regress/sftp-chroot.sh +++ b/regress/sftp-chroot.sh | |||
@@ -12,6 +12,11 @@ if [ -z "$SUDO" ]; then | |||
12 | exit 0 | 12 | exit 0 |
13 | fi | 13 | fi |
14 | 14 | ||
15 | if ! $OBJ/check-perm -m chroot "$CHROOT" ; then | ||
16 | echo "skipped: $CHROOT is unsuitable as ChrootDirectory" | ||
17 | exit 0 | ||
18 | fi | ||
19 | |||
15 | $SUDO sh -c "echo mekmitastdigoat > $PRIVDATA" || \ | 20 | $SUDO sh -c "echo mekmitastdigoat > $PRIVDATA" || \ |
16 | fatal "create $PRIVDATA failed" | 21 | fatal "create $PRIVDATA failed" |
17 | 22 | ||
diff --git a/regress/unittests/sshkey/test_file.c b/regress/unittests/sshkey/test_file.c index c8a236937..906491f2b 100644 --- a/regress/unittests/sshkey/test_file.c +++ b/regress/unittests/sshkey/test_file.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: test_file.c,v 1.4 2015/07/07 14:53:30 markus Exp $ */ | 1 | /* $OpenBSD: test_file.c,v 1.5 2015/10/06 01:20:59 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Regress test for sshkey.h key management API | 3 | * Regress test for sshkey.h key management API |
4 | * | 4 | * |
@@ -54,8 +54,7 @@ sshkey_file_tests(void) | |||
54 | #ifdef WITH_SSH1 | 54 | #ifdef WITH_SSH1 |
55 | TEST_START("parse RSA1 from private"); | 55 | TEST_START("parse RSA1 from private"); |
56 | buf = load_file("rsa1_1"); | 56 | buf = load_file("rsa1_1"); |
57 | ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "rsa1_1", | 57 | ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); |
58 | &k1, NULL), 0); | ||
59 | sshbuf_free(buf); | 58 | sshbuf_free(buf); |
60 | ASSERT_PTR_NE(k1, NULL); | 59 | ASSERT_PTR_NE(k1, NULL); |
61 | a = load_bignum("rsa1_1.param.n"); | 60 | a = load_bignum("rsa1_1.param.n"); |
@@ -66,7 +65,7 @@ sshkey_file_tests(void) | |||
66 | TEST_START("parse RSA1 from private w/ passphrase"); | 65 | TEST_START("parse RSA1 from private w/ passphrase"); |
67 | buf = load_file("rsa1_1_pw"); | 66 | buf = load_file("rsa1_1_pw"); |
68 | ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, | 67 | ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, |
69 | (const char *)sshbuf_ptr(pw), "rsa1_1_pw", &k2, NULL), 0); | 68 | (const char *)sshbuf_ptr(pw), &k2, NULL), 0); |
70 | sshbuf_free(buf); | 69 | sshbuf_free(buf); |
71 | ASSERT_PTR_NE(k2, NULL); | 70 | ASSERT_PTR_NE(k2, NULL); |
72 | ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); | 71 | ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); |
@@ -104,8 +103,7 @@ sshkey_file_tests(void) | |||
104 | 103 | ||
105 | TEST_START("parse RSA from private"); | 104 | TEST_START("parse RSA from private"); |
106 | buf = load_file("rsa_1"); | 105 | buf = load_file("rsa_1"); |
107 | ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "rsa_1", | 106 | ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); |
108 | &k1, NULL), 0); | ||
109 | sshbuf_free(buf); | 107 | sshbuf_free(buf); |
110 | ASSERT_PTR_NE(k1, NULL); | 108 | ASSERT_PTR_NE(k1, NULL); |
111 | a = load_bignum("rsa_1.param.n"); | 109 | a = load_bignum("rsa_1.param.n"); |
@@ -122,7 +120,7 @@ sshkey_file_tests(void) | |||
122 | TEST_START("parse RSA from private w/ passphrase"); | 120 | TEST_START("parse RSA from private w/ passphrase"); |
123 | buf = load_file("rsa_1_pw"); | 121 | buf = load_file("rsa_1_pw"); |
124 | ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, | 122 | ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, |
125 | (const char *)sshbuf_ptr(pw), "rsa_1_pw", &k2, NULL), 0); | 123 | (const char *)sshbuf_ptr(pw), &k2, NULL), 0); |
126 | sshbuf_free(buf); | 124 | sshbuf_free(buf); |
127 | ASSERT_PTR_NE(k2, NULL); | 125 | ASSERT_PTR_NE(k2, NULL); |
128 | ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); | 126 | ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); |
@@ -131,8 +129,7 @@ sshkey_file_tests(void) | |||
131 | 129 | ||
132 | TEST_START("parse RSA from new-format"); | 130 | TEST_START("parse RSA from new-format"); |
133 | buf = load_file("rsa_n"); | 131 | buf = load_file("rsa_n"); |
134 | ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, | 132 | ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k2, NULL), 0); |
135 | "", "rsa_n", &k2, NULL), 0); | ||
136 | sshbuf_free(buf); | 133 | sshbuf_free(buf); |
137 | ASSERT_PTR_NE(k2, NULL); | 134 | ASSERT_PTR_NE(k2, NULL); |
138 | ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); | 135 | ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); |
@@ -142,7 +139,7 @@ sshkey_file_tests(void) | |||
142 | TEST_START("parse RSA from new-format w/ passphrase"); | 139 | TEST_START("parse RSA from new-format w/ passphrase"); |
143 | buf = load_file("rsa_n_pw"); | 140 | buf = load_file("rsa_n_pw"); |
144 | ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, | 141 | ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, |
145 | (const char *)sshbuf_ptr(pw), "rsa_n_pw", &k2, NULL), 0); | 142 | (const char *)sshbuf_ptr(pw), &k2, NULL), 0); |
146 | sshbuf_free(buf); | 143 | sshbuf_free(buf); |
147 | ASSERT_PTR_NE(k2, NULL); | 144 | ASSERT_PTR_NE(k2, NULL); |
148 | ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); | 145 | ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); |
@@ -197,8 +194,7 @@ sshkey_file_tests(void) | |||
197 | 194 | ||
198 | TEST_START("parse DSA from private"); | 195 | TEST_START("parse DSA from private"); |
199 | buf = load_file("dsa_1"); | 196 | buf = load_file("dsa_1"); |
200 | ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "dsa_1", | 197 | ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); |
201 | &k1, NULL), 0); | ||
202 | sshbuf_free(buf); | 198 | sshbuf_free(buf); |
203 | ASSERT_PTR_NE(k1, NULL); | 199 | ASSERT_PTR_NE(k1, NULL); |
204 | a = load_bignum("dsa_1.param.g"); | 200 | a = load_bignum("dsa_1.param.g"); |
@@ -215,7 +211,7 @@ sshkey_file_tests(void) | |||
215 | TEST_START("parse DSA from private w/ passphrase"); | 211 | TEST_START("parse DSA from private w/ passphrase"); |
216 | buf = load_file("dsa_1_pw"); | 212 | buf = load_file("dsa_1_pw"); |
217 | ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, | 213 | ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, |
218 | (const char *)sshbuf_ptr(pw), "dsa_1_pw", &k2, NULL), 0); | 214 | (const char *)sshbuf_ptr(pw), &k2, NULL), 0); |
219 | sshbuf_free(buf); | 215 | sshbuf_free(buf); |
220 | ASSERT_PTR_NE(k2, NULL); | 216 | ASSERT_PTR_NE(k2, NULL); |
221 | ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); | 217 | ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); |
@@ -224,8 +220,7 @@ sshkey_file_tests(void) | |||
224 | 220 | ||
225 | TEST_START("parse DSA from new-format"); | 221 | TEST_START("parse DSA from new-format"); |
226 | buf = load_file("dsa_n"); | 222 | buf = load_file("dsa_n"); |
227 | ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, | 223 | ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k2, NULL), 0); |
228 | "", "dsa_n", &k2, NULL), 0); | ||
229 | sshbuf_free(buf); | 224 | sshbuf_free(buf); |
230 | ASSERT_PTR_NE(k2, NULL); | 225 | ASSERT_PTR_NE(k2, NULL); |
231 | ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); | 226 | ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); |
@@ -235,7 +230,7 @@ sshkey_file_tests(void) | |||
235 | TEST_START("parse DSA from new-format w/ passphrase"); | 230 | TEST_START("parse DSA from new-format w/ passphrase"); |
236 | buf = load_file("dsa_n_pw"); | 231 | buf = load_file("dsa_n_pw"); |
237 | ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, | 232 | ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, |
238 | (const char *)sshbuf_ptr(pw), "dsa_n_pw", &k2, NULL), 0); | 233 | (const char *)sshbuf_ptr(pw), &k2, NULL), 0); |
239 | sshbuf_free(buf); | 234 | sshbuf_free(buf); |
240 | ASSERT_PTR_NE(k2, NULL); | 235 | ASSERT_PTR_NE(k2, NULL); |
241 | ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); | 236 | ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); |
@@ -291,8 +286,7 @@ sshkey_file_tests(void) | |||
291 | #ifdef OPENSSL_HAS_ECC | 286 | #ifdef OPENSSL_HAS_ECC |
292 | TEST_START("parse ECDSA from private"); | 287 | TEST_START("parse ECDSA from private"); |
293 | buf = load_file("ecdsa_1"); | 288 | buf = load_file("ecdsa_1"); |
294 | ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "ecdsa_1", | 289 | ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); |
295 | &k1, NULL), 0); | ||
296 | sshbuf_free(buf); | 290 | sshbuf_free(buf); |
297 | ASSERT_PTR_NE(k1, NULL); | 291 | ASSERT_PTR_NE(k1, NULL); |
298 | buf = load_text_file("ecdsa_1.param.curve"); | 292 | buf = load_text_file("ecdsa_1.param.curve"); |
@@ -315,7 +309,7 @@ sshkey_file_tests(void) | |||
315 | TEST_START("parse ECDSA from private w/ passphrase"); | 309 | TEST_START("parse ECDSA from private w/ passphrase"); |
316 | buf = load_file("ecdsa_1_pw"); | 310 | buf = load_file("ecdsa_1_pw"); |
317 | ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, | 311 | ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, |
318 | (const char *)sshbuf_ptr(pw), "ecdsa_1_pw", &k2, NULL), 0); | 312 | (const char *)sshbuf_ptr(pw), &k2, NULL), 0); |
319 | sshbuf_free(buf); | 313 | sshbuf_free(buf); |
320 | ASSERT_PTR_NE(k2, NULL); | 314 | ASSERT_PTR_NE(k2, NULL); |
321 | ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); | 315 | ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); |
@@ -324,8 +318,7 @@ sshkey_file_tests(void) | |||
324 | 318 | ||
325 | TEST_START("parse ECDSA from new-format"); | 319 | TEST_START("parse ECDSA from new-format"); |
326 | buf = load_file("ecdsa_n"); | 320 | buf = load_file("ecdsa_n"); |
327 | ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, | 321 | ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k2, NULL), 0); |
328 | "", "ecdsa_n", &k2, NULL), 0); | ||
329 | sshbuf_free(buf); | 322 | sshbuf_free(buf); |
330 | ASSERT_PTR_NE(k2, NULL); | 323 | ASSERT_PTR_NE(k2, NULL); |
331 | ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); | 324 | ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); |
@@ -335,7 +328,7 @@ sshkey_file_tests(void) | |||
335 | TEST_START("parse ECDSA from new-format w/ passphrase"); | 328 | TEST_START("parse ECDSA from new-format w/ passphrase"); |
336 | buf = load_file("ecdsa_n_pw"); | 329 | buf = load_file("ecdsa_n_pw"); |
337 | ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, | 330 | ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, |
338 | (const char *)sshbuf_ptr(pw), "ecdsa_n_pw", &k2, NULL), 0); | 331 | (const char *)sshbuf_ptr(pw), &k2, NULL), 0); |
339 | sshbuf_free(buf); | 332 | sshbuf_free(buf); |
340 | ASSERT_PTR_NE(k2, NULL); | 333 | ASSERT_PTR_NE(k2, NULL); |
341 | ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); | 334 | ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); |
@@ -391,8 +384,7 @@ sshkey_file_tests(void) | |||
391 | 384 | ||
392 | TEST_START("parse Ed25519 from private"); | 385 | TEST_START("parse Ed25519 from private"); |
393 | buf = load_file("ed25519_1"); | 386 | buf = load_file("ed25519_1"); |
394 | ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "ed25519_1", | 387 | ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); |
395 | &k1, NULL), 0); | ||
396 | sshbuf_free(buf); | 388 | sshbuf_free(buf); |
397 | ASSERT_PTR_NE(k1, NULL); | 389 | ASSERT_PTR_NE(k1, NULL); |
398 | ASSERT_INT_EQ(k1->type, KEY_ED25519); | 390 | ASSERT_INT_EQ(k1->type, KEY_ED25519); |
@@ -402,7 +394,7 @@ sshkey_file_tests(void) | |||
402 | TEST_START("parse Ed25519 from private w/ passphrase"); | 394 | TEST_START("parse Ed25519 from private w/ passphrase"); |
403 | buf = load_file("ed25519_1_pw"); | 395 | buf = load_file("ed25519_1_pw"); |
404 | ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, | 396 | ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, |
405 | (const char *)sshbuf_ptr(pw), "ed25519_1_pw", &k2, NULL), 0); | 397 | (const char *)sshbuf_ptr(pw), &k2, NULL), 0); |
406 | sshbuf_free(buf); | 398 | sshbuf_free(buf); |
407 | ASSERT_PTR_NE(k2, NULL); | 399 | ASSERT_PTR_NE(k2, NULL); |
408 | ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); | 400 | ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); |
diff --git a/regress/unittests/sshkey/test_fuzz.c b/regress/unittests/sshkey/test_fuzz.c index 1f08a2e43..1f414e0ac 100644 --- a/regress/unittests/sshkey/test_fuzz.c +++ b/regress/unittests/sshkey/test_fuzz.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: test_fuzz.c,v 1.4 2015/03/04 23:22:35 djm Exp $ */ | 1 | /* $OpenBSD: test_fuzz.c,v 1.6 2015/12/07 02:20:46 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Fuzz tests for key parsing | 3 | * Fuzz tests for key parsing |
4 | * | 4 | * |
@@ -72,13 +72,13 @@ public_fuzz(struct sshkey *k) | |||
72 | } | 72 | } |
73 | 73 | ||
74 | static void | 74 | static void |
75 | sig_fuzz(struct sshkey *k) | 75 | sig_fuzz(struct sshkey *k, const char *sig_alg) |
76 | { | 76 | { |
77 | struct fuzz *fuzz; | 77 | struct fuzz *fuzz; |
78 | u_char *sig, c[] = "some junk to be signed"; | 78 | u_char *sig, c[] = "some junk to be signed"; |
79 | size_t l; | 79 | size_t l; |
80 | 80 | ||
81 | ASSERT_INT_EQ(sshkey_sign(k, &sig, &l, c, sizeof(c), 0), 0); | 81 | ASSERT_INT_EQ(sshkey_sign(k, &sig, &l, c, sizeof(c), sig_alg, 0), 0); |
82 | ASSERT_SIZE_T_GT(l, 0); | 82 | ASSERT_SIZE_T_GT(l, 0); |
83 | fuzz = fuzz_begin(FUZZ_1_BIT_FLIP | /* too slow FUZZ_2_BIT_FLIP | */ | 83 | fuzz = fuzz_begin(FUZZ_1_BIT_FLIP | /* too slow FUZZ_2_BIT_FLIP | */ |
84 | FUZZ_1_BYTE_FLIP | FUZZ_2_BYTE_FLIP | | 84 | FUZZ_1_BYTE_FLIP | FUZZ_2_BYTE_FLIP | |
@@ -110,8 +110,7 @@ sshkey_fuzz_tests(void) | |||
110 | fuzz = fuzz_begin(FUZZ_1_BIT_FLIP | FUZZ_1_BYTE_FLIP | | 110 | fuzz = fuzz_begin(FUZZ_1_BIT_FLIP | FUZZ_1_BYTE_FLIP | |
111 | FUZZ_TRUNCATE_START | FUZZ_TRUNCATE_END, | 111 | FUZZ_TRUNCATE_START | FUZZ_TRUNCATE_END, |
112 | sshbuf_mutable_ptr(buf), sshbuf_len(buf)); | 112 | sshbuf_mutable_ptr(buf), sshbuf_len(buf)); |
113 | ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "key", | 113 | ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); |
114 | &k1, NULL), 0); | ||
115 | sshkey_free(k1); | 114 | sshkey_free(k1); |
116 | sshbuf_free(buf); | 115 | sshbuf_free(buf); |
117 | ASSERT_PTR_NE(fuzzed = sshbuf_new(), NULL); | 116 | ASSERT_PTR_NE(fuzzed = sshbuf_new(), NULL); |
@@ -119,8 +118,7 @@ sshkey_fuzz_tests(void) | |||
119 | for(; !fuzz_done(fuzz); fuzz_next(fuzz)) { | 118 | for(; !fuzz_done(fuzz); fuzz_next(fuzz)) { |
120 | r = sshbuf_put(fuzzed, fuzz_ptr(fuzz), fuzz_len(fuzz)); | 119 | r = sshbuf_put(fuzzed, fuzz_ptr(fuzz), fuzz_len(fuzz)); |
121 | ASSERT_INT_EQ(r, 0); | 120 | ASSERT_INT_EQ(r, 0); |
122 | if (sshkey_parse_private_fileblob(fuzzed, "", "key", | 121 | if (sshkey_parse_private_fileblob(fuzzed, "", &k1, NULL) == 0) |
123 | &k1, NULL) == 0) | ||
124 | sshkey_free(k1); | 122 | sshkey_free(k1); |
125 | sshbuf_reset(fuzzed); | 123 | sshbuf_reset(fuzzed); |
126 | } | 124 | } |
@@ -154,8 +152,7 @@ sshkey_fuzz_tests(void) | |||
154 | buf = load_file("rsa_1"); | 152 | buf = load_file("rsa_1"); |
155 | fuzz = fuzz_begin(FUZZ_BASE64, sshbuf_mutable_ptr(buf), | 153 | fuzz = fuzz_begin(FUZZ_BASE64, sshbuf_mutable_ptr(buf), |
156 | sshbuf_len(buf)); | 154 | sshbuf_len(buf)); |
157 | ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "key", | 155 | ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); |
158 | &k1, NULL), 0); | ||
159 | sshkey_free(k1); | 156 | sshkey_free(k1); |
160 | sshbuf_free(buf); | 157 | sshbuf_free(buf); |
161 | ASSERT_PTR_NE(fuzzed = sshbuf_new(), NULL); | 158 | ASSERT_PTR_NE(fuzzed = sshbuf_new(), NULL); |
@@ -163,8 +160,7 @@ sshkey_fuzz_tests(void) | |||
163 | for(; !fuzz_done(fuzz); fuzz_next(fuzz)) { | 160 | for(; !fuzz_done(fuzz); fuzz_next(fuzz)) { |
164 | r = sshbuf_put(fuzzed, fuzz_ptr(fuzz), fuzz_len(fuzz)); | 161 | r = sshbuf_put(fuzzed, fuzz_ptr(fuzz), fuzz_len(fuzz)); |
165 | ASSERT_INT_EQ(r, 0); | 162 | ASSERT_INT_EQ(r, 0); |
166 | if (sshkey_parse_private_fileblob(fuzzed, "", "key", | 163 | if (sshkey_parse_private_fileblob(fuzzed, "", &k1, NULL) == 0) |
167 | &k1, NULL) == 0) | ||
168 | sshkey_free(k1); | 164 | sshkey_free(k1); |
169 | sshbuf_reset(fuzzed); | 165 | sshbuf_reset(fuzzed); |
170 | } | 166 | } |
@@ -176,8 +172,7 @@ sshkey_fuzz_tests(void) | |||
176 | buf = load_file("rsa_n"); | 172 | buf = load_file("rsa_n"); |
177 | fuzz = fuzz_begin(FUZZ_BASE64, sshbuf_mutable_ptr(buf), | 173 | fuzz = fuzz_begin(FUZZ_BASE64, sshbuf_mutable_ptr(buf), |
178 | sshbuf_len(buf)); | 174 | sshbuf_len(buf)); |
179 | ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "key", | 175 | ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); |
180 | &k1, NULL), 0); | ||
181 | sshkey_free(k1); | 176 | sshkey_free(k1); |
182 | sshbuf_free(buf); | 177 | sshbuf_free(buf); |
183 | ASSERT_PTR_NE(fuzzed = sshbuf_new(), NULL); | 178 | ASSERT_PTR_NE(fuzzed = sshbuf_new(), NULL); |
@@ -185,8 +180,7 @@ sshkey_fuzz_tests(void) | |||
185 | for(; !fuzz_done(fuzz); fuzz_next(fuzz)) { | 180 | for(; !fuzz_done(fuzz); fuzz_next(fuzz)) { |
186 | r = sshbuf_put(fuzzed, fuzz_ptr(fuzz), fuzz_len(fuzz)); | 181 | r = sshbuf_put(fuzzed, fuzz_ptr(fuzz), fuzz_len(fuzz)); |
187 | ASSERT_INT_EQ(r, 0); | 182 | ASSERT_INT_EQ(r, 0); |
188 | if (sshkey_parse_private_fileblob(fuzzed, "", "key", | 183 | if (sshkey_parse_private_fileblob(fuzzed, "", &k1, NULL) == 0) |
189 | &k1, NULL) == 0) | ||
190 | sshkey_free(k1); | 184 | sshkey_free(k1); |
191 | sshbuf_reset(fuzzed); | 185 | sshbuf_reset(fuzzed); |
192 | } | 186 | } |
@@ -198,8 +192,7 @@ sshkey_fuzz_tests(void) | |||
198 | buf = load_file("dsa_1"); | 192 | buf = load_file("dsa_1"); |
199 | fuzz = fuzz_begin(FUZZ_BASE64, sshbuf_mutable_ptr(buf), | 193 | fuzz = fuzz_begin(FUZZ_BASE64, sshbuf_mutable_ptr(buf), |
200 | sshbuf_len(buf)); | 194 | sshbuf_len(buf)); |
201 | ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "key", | 195 | ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); |
202 | &k1, NULL), 0); | ||
203 | sshkey_free(k1); | 196 | sshkey_free(k1); |
204 | sshbuf_free(buf); | 197 | sshbuf_free(buf); |
205 | ASSERT_PTR_NE(fuzzed = sshbuf_new(), NULL); | 198 | ASSERT_PTR_NE(fuzzed = sshbuf_new(), NULL); |
@@ -207,8 +200,7 @@ sshkey_fuzz_tests(void) | |||
207 | for(; !fuzz_done(fuzz); fuzz_next(fuzz)) { | 200 | for(; !fuzz_done(fuzz); fuzz_next(fuzz)) { |
208 | r = sshbuf_put(fuzzed, fuzz_ptr(fuzz), fuzz_len(fuzz)); | 201 | r = sshbuf_put(fuzzed, fuzz_ptr(fuzz), fuzz_len(fuzz)); |
209 | ASSERT_INT_EQ(r, 0); | 202 | ASSERT_INT_EQ(r, 0); |
210 | if (sshkey_parse_private_fileblob(fuzzed, "", "key", | 203 | if (sshkey_parse_private_fileblob(fuzzed, "", &k1, NULL) == 0) |
211 | &k1, NULL) == 0) | ||
212 | sshkey_free(k1); | 204 | sshkey_free(k1); |
213 | sshbuf_reset(fuzzed); | 205 | sshbuf_reset(fuzzed); |
214 | } | 206 | } |
@@ -220,8 +212,7 @@ sshkey_fuzz_tests(void) | |||
220 | buf = load_file("dsa_n"); | 212 | buf = load_file("dsa_n"); |
221 | fuzz = fuzz_begin(FUZZ_BASE64, sshbuf_mutable_ptr(buf), | 213 | fuzz = fuzz_begin(FUZZ_BASE64, sshbuf_mutable_ptr(buf), |
222 | sshbuf_len(buf)); | 214 | sshbuf_len(buf)); |
223 | ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "key", | 215 | ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); |
224 | &k1, NULL), 0); | ||
225 | sshkey_free(k1); | 216 | sshkey_free(k1); |
226 | sshbuf_free(buf); | 217 | sshbuf_free(buf); |
227 | ASSERT_PTR_NE(fuzzed = sshbuf_new(), NULL); | 218 | ASSERT_PTR_NE(fuzzed = sshbuf_new(), NULL); |
@@ -229,8 +220,7 @@ sshkey_fuzz_tests(void) | |||
229 | for(; !fuzz_done(fuzz); fuzz_next(fuzz)) { | 220 | for(; !fuzz_done(fuzz); fuzz_next(fuzz)) { |
230 | r = sshbuf_put(fuzzed, fuzz_ptr(fuzz), fuzz_len(fuzz)); | 221 | r = sshbuf_put(fuzzed, fuzz_ptr(fuzz), fuzz_len(fuzz)); |
231 | ASSERT_INT_EQ(r, 0); | 222 | ASSERT_INT_EQ(r, 0); |
232 | if (sshkey_parse_private_fileblob(fuzzed, "", "key", | 223 | if (sshkey_parse_private_fileblob(fuzzed, "", &k1, NULL) == 0) |
233 | &k1, NULL) == 0) | ||
234 | sshkey_free(k1); | 224 | sshkey_free(k1); |
235 | sshbuf_reset(fuzzed); | 225 | sshbuf_reset(fuzzed); |
236 | } | 226 | } |
@@ -243,8 +233,7 @@ sshkey_fuzz_tests(void) | |||
243 | buf = load_file("ecdsa_1"); | 233 | buf = load_file("ecdsa_1"); |
244 | fuzz = fuzz_begin(FUZZ_BASE64, sshbuf_mutable_ptr(buf), | 234 | fuzz = fuzz_begin(FUZZ_BASE64, sshbuf_mutable_ptr(buf), |
245 | sshbuf_len(buf)); | 235 | sshbuf_len(buf)); |
246 | ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "key", | 236 | ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); |
247 | &k1, NULL), 0); | ||
248 | sshkey_free(k1); | 237 | sshkey_free(k1); |
249 | sshbuf_free(buf); | 238 | sshbuf_free(buf); |
250 | ASSERT_PTR_NE(fuzzed = sshbuf_new(), NULL); | 239 | ASSERT_PTR_NE(fuzzed = sshbuf_new(), NULL); |
@@ -252,8 +241,7 @@ sshkey_fuzz_tests(void) | |||
252 | for(; !fuzz_done(fuzz); fuzz_next(fuzz)) { | 241 | for(; !fuzz_done(fuzz); fuzz_next(fuzz)) { |
253 | r = sshbuf_put(fuzzed, fuzz_ptr(fuzz), fuzz_len(fuzz)); | 242 | r = sshbuf_put(fuzzed, fuzz_ptr(fuzz), fuzz_len(fuzz)); |
254 | ASSERT_INT_EQ(r, 0); | 243 | ASSERT_INT_EQ(r, 0); |
255 | if (sshkey_parse_private_fileblob(fuzzed, "", "key", | 244 | if (sshkey_parse_private_fileblob(fuzzed, "", &k1, NULL) == 0) |
256 | &k1, NULL) == 0) | ||
257 | sshkey_free(k1); | 245 | sshkey_free(k1); |
258 | sshbuf_reset(fuzzed); | 246 | sshbuf_reset(fuzzed); |
259 | } | 247 | } |
@@ -265,8 +253,7 @@ sshkey_fuzz_tests(void) | |||
265 | buf = load_file("ecdsa_n"); | 253 | buf = load_file("ecdsa_n"); |
266 | fuzz = fuzz_begin(FUZZ_BASE64, sshbuf_mutable_ptr(buf), | 254 | fuzz = fuzz_begin(FUZZ_BASE64, sshbuf_mutable_ptr(buf), |
267 | sshbuf_len(buf)); | 255 | sshbuf_len(buf)); |
268 | ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "key", | 256 | ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); |
269 | &k1, NULL), 0); | ||
270 | sshkey_free(k1); | 257 | sshkey_free(k1); |
271 | sshbuf_free(buf); | 258 | sshbuf_free(buf); |
272 | ASSERT_PTR_NE(fuzzed = sshbuf_new(), NULL); | 259 | ASSERT_PTR_NE(fuzzed = sshbuf_new(), NULL); |
@@ -274,8 +261,7 @@ sshkey_fuzz_tests(void) | |||
274 | for(; !fuzz_done(fuzz); fuzz_next(fuzz)) { | 261 | for(; !fuzz_done(fuzz); fuzz_next(fuzz)) { |
275 | r = sshbuf_put(fuzzed, fuzz_ptr(fuzz), fuzz_len(fuzz)); | 262 | r = sshbuf_put(fuzzed, fuzz_ptr(fuzz), fuzz_len(fuzz)); |
276 | ASSERT_INT_EQ(r, 0); | 263 | ASSERT_INT_EQ(r, 0); |
277 | if (sshkey_parse_private_fileblob(fuzzed, "", "key", | 264 | if (sshkey_parse_private_fileblob(fuzzed, "", &k1, NULL) == 0) |
278 | &k1, NULL) == 0) | ||
279 | sshkey_free(k1); | 265 | sshkey_free(k1); |
280 | sshbuf_reset(fuzzed); | 266 | sshbuf_reset(fuzzed); |
281 | } | 267 | } |
@@ -288,8 +274,7 @@ sshkey_fuzz_tests(void) | |||
288 | buf = load_file("ed25519_1"); | 274 | buf = load_file("ed25519_1"); |
289 | fuzz = fuzz_begin(FUZZ_BASE64, sshbuf_mutable_ptr(buf), | 275 | fuzz = fuzz_begin(FUZZ_BASE64, sshbuf_mutable_ptr(buf), |
290 | sshbuf_len(buf)); | 276 | sshbuf_len(buf)); |
291 | ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "key", | 277 | ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); |
292 | &k1, NULL), 0); | ||
293 | sshkey_free(k1); | 278 | sshkey_free(k1); |
294 | sshbuf_free(buf); | 279 | sshbuf_free(buf); |
295 | ASSERT_PTR_NE(fuzzed = sshbuf_new(), NULL); | 280 | ASSERT_PTR_NE(fuzzed = sshbuf_new(), NULL); |
@@ -297,8 +282,7 @@ sshkey_fuzz_tests(void) | |||
297 | for(; !fuzz_done(fuzz); fuzz_next(fuzz)) { | 282 | for(; !fuzz_done(fuzz); fuzz_next(fuzz)) { |
298 | r = sshbuf_put(fuzzed, fuzz_ptr(fuzz), fuzz_len(fuzz)); | 283 | r = sshbuf_put(fuzzed, fuzz_ptr(fuzz), fuzz_len(fuzz)); |
299 | ASSERT_INT_EQ(r, 0); | 284 | ASSERT_INT_EQ(r, 0); |
300 | if (sshkey_parse_private_fileblob(fuzzed, "", "key", | 285 | if (sshkey_parse_private_fileblob(fuzzed, "", &k1, NULL) == 0) |
301 | &k1, NULL) == 0) | ||
302 | sshkey_free(k1); | 286 | sshkey_free(k1); |
303 | sshbuf_reset(fuzzed); | 287 | sshbuf_reset(fuzzed); |
304 | } | 288 | } |
@@ -308,8 +292,7 @@ sshkey_fuzz_tests(void) | |||
308 | 292 | ||
309 | TEST_START("fuzz RSA public"); | 293 | TEST_START("fuzz RSA public"); |
310 | buf = load_file("rsa_1"); | 294 | buf = load_file("rsa_1"); |
311 | ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "key", | 295 | ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); |
312 | &k1, NULL), 0); | ||
313 | sshbuf_free(buf); | 296 | sshbuf_free(buf); |
314 | public_fuzz(k1); | 297 | public_fuzz(k1); |
315 | sshkey_free(k1); | 298 | sshkey_free(k1); |
@@ -323,8 +306,7 @@ sshkey_fuzz_tests(void) | |||
323 | 306 | ||
324 | TEST_START("fuzz DSA public"); | 307 | TEST_START("fuzz DSA public"); |
325 | buf = load_file("dsa_1"); | 308 | buf = load_file("dsa_1"); |
326 | ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "key", | 309 | ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); |
327 | &k1, NULL), 0); | ||
328 | sshbuf_free(buf); | 310 | sshbuf_free(buf); |
329 | public_fuzz(k1); | 311 | public_fuzz(k1); |
330 | sshkey_free(k1); | 312 | sshkey_free(k1); |
@@ -339,8 +321,7 @@ sshkey_fuzz_tests(void) | |||
339 | #ifdef OPENSSL_HAS_ECC | 321 | #ifdef OPENSSL_HAS_ECC |
340 | TEST_START("fuzz ECDSA public"); | 322 | TEST_START("fuzz ECDSA public"); |
341 | buf = load_file("ecdsa_1"); | 323 | buf = load_file("ecdsa_1"); |
342 | ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "key", | 324 | ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); |
343 | &k1, NULL), 0); | ||
344 | sshbuf_free(buf); | 325 | sshbuf_free(buf); |
345 | public_fuzz(k1); | 326 | public_fuzz(k1); |
346 | sshkey_free(k1); | 327 | sshkey_free(k1); |
@@ -355,8 +336,7 @@ sshkey_fuzz_tests(void) | |||
355 | 336 | ||
356 | TEST_START("fuzz Ed25519 public"); | 337 | TEST_START("fuzz Ed25519 public"); |
357 | buf = load_file("ed25519_1"); | 338 | buf = load_file("ed25519_1"); |
358 | ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "key", | 339 | ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); |
359 | &k1, NULL), 0); | ||
360 | sshbuf_free(buf); | 340 | sshbuf_free(buf); |
361 | public_fuzz(k1); | 341 | public_fuzz(k1); |
362 | sshkey_free(k1); | 342 | sshkey_free(k1); |
@@ -370,39 +350,51 @@ sshkey_fuzz_tests(void) | |||
370 | 350 | ||
371 | TEST_START("fuzz RSA sig"); | 351 | TEST_START("fuzz RSA sig"); |
372 | buf = load_file("rsa_1"); | 352 | buf = load_file("rsa_1"); |
373 | ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "key", | 353 | ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); |
374 | &k1, NULL), 0); | ||
375 | sshbuf_free(buf); | 354 | sshbuf_free(buf); |
376 | sig_fuzz(k1); | 355 | sig_fuzz(k1, "ssh-rsa"); |
356 | sshkey_free(k1); | ||
357 | TEST_DONE(); | ||
358 | |||
359 | TEST_START("fuzz RSA SHA256 sig"); | ||
360 | buf = load_file("rsa_1"); | ||
361 | ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); | ||
362 | sshbuf_free(buf); | ||
363 | sig_fuzz(k1, "rsa-sha2-256"); | ||
364 | sshkey_free(k1); | ||
365 | TEST_DONE(); | ||
366 | |||
367 | TEST_START("fuzz RSA SHA512 sig"); | ||
368 | buf = load_file("rsa_1"); | ||
369 | ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); | ||
370 | sshbuf_free(buf); | ||
371 | sig_fuzz(k1, "rsa-sha2-512"); | ||
377 | sshkey_free(k1); | 372 | sshkey_free(k1); |
378 | TEST_DONE(); | 373 | TEST_DONE(); |
379 | 374 | ||
380 | TEST_START("fuzz DSA sig"); | 375 | TEST_START("fuzz DSA sig"); |
381 | buf = load_file("dsa_1"); | 376 | buf = load_file("dsa_1"); |
382 | ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "key", | 377 | ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); |
383 | &k1, NULL), 0); | ||
384 | sshbuf_free(buf); | 378 | sshbuf_free(buf); |
385 | sig_fuzz(k1); | 379 | sig_fuzz(k1, NULL); |
386 | sshkey_free(k1); | 380 | sshkey_free(k1); |
387 | TEST_DONE(); | 381 | TEST_DONE(); |
388 | 382 | ||
389 | #ifdef OPENSSL_HAS_ECC | 383 | #ifdef OPENSSL_HAS_ECC |
390 | TEST_START("fuzz ECDSA sig"); | 384 | TEST_START("fuzz ECDSA sig"); |
391 | buf = load_file("ecdsa_1"); | 385 | buf = load_file("ecdsa_1"); |
392 | ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "key", | 386 | ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); |
393 | &k1, NULL), 0); | ||
394 | sshbuf_free(buf); | 387 | sshbuf_free(buf); |
395 | sig_fuzz(k1); | 388 | sig_fuzz(k1, NULL); |
396 | sshkey_free(k1); | 389 | sshkey_free(k1); |
397 | TEST_DONE(); | 390 | TEST_DONE(); |
398 | #endif | 391 | #endif |
399 | 392 | ||
400 | TEST_START("fuzz Ed25519 sig"); | 393 | TEST_START("fuzz Ed25519 sig"); |
401 | buf = load_file("ed25519_1"); | 394 | buf = load_file("ed25519_1"); |
402 | ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "key", | 395 | ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); |
403 | &k1, NULL), 0); | ||
404 | sshbuf_free(buf); | 396 | sshbuf_free(buf); |
405 | sig_fuzz(k1); | 397 | sig_fuzz(k1, NULL); |
406 | sshkey_free(k1); | 398 | sshkey_free(k1); |
407 | TEST_DONE(); | 399 | TEST_DONE(); |
408 | 400 | ||
diff --git a/regress/unittests/sshkey/test_sshkey.c b/regress/unittests/sshkey/test_sshkey.c index 9b3ce7ee4..1f160d1a7 100644 --- a/regress/unittests/sshkey/test_sshkey.c +++ b/regress/unittests/sshkey/test_sshkey.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: test_sshkey.c,v 1.7 2015/08/05 05:27:33 djm Exp $ */ | 1 | /* $OpenBSD: test_sshkey.c,v 1.9 2015/12/07 02:20:46 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Regress test for sshkey.h key management API | 3 | * Regress test for sshkey.h key management API |
4 | * | 4 | * |
@@ -52,7 +52,8 @@ put_opt(struct sshbuf *b, const char *name, const char *value) | |||
52 | 52 | ||
53 | static void | 53 | static void |
54 | build_cert(struct sshbuf *b, const struct sshkey *k, const char *type, | 54 | build_cert(struct sshbuf *b, const struct sshkey *k, const char *type, |
55 | const struct sshkey *sign_key, const struct sshkey *ca_key) | 55 | const struct sshkey *sign_key, const struct sshkey *ca_key, |
56 | const char *sig_alg) | ||
56 | { | 57 | { |
57 | struct sshbuf *ca_buf, *pk, *principals, *critopts, *exts; | 58 | struct sshbuf *ca_buf, *pk, *principals, *critopts, *exts; |
58 | u_char *sigblob; | 59 | u_char *sigblob; |
@@ -99,7 +100,7 @@ build_cert(struct sshbuf *b, const struct sshkey *k, const char *type, | |||
99 | ASSERT_INT_EQ(sshbuf_put_string(b, NULL, 0), 0); /* reserved */ | 100 | ASSERT_INT_EQ(sshbuf_put_string(b, NULL, 0), 0); /* reserved */ |
100 | ASSERT_INT_EQ(sshbuf_put_stringb(b, ca_buf), 0); /* signature key */ | 101 | ASSERT_INT_EQ(sshbuf_put_stringb(b, ca_buf), 0); /* signature key */ |
101 | ASSERT_INT_EQ(sshkey_sign(sign_key, &sigblob, &siglen, | 102 | ASSERT_INT_EQ(sshkey_sign(sign_key, &sigblob, &siglen, |
102 | sshbuf_ptr(b), sshbuf_len(b), 0), 0); | 103 | sshbuf_ptr(b), sshbuf_len(b), sig_alg, 0), 0); |
103 | ASSERT_INT_EQ(sshbuf_put_string(b, sigblob, siglen), 0); /* signature */ | 104 | ASSERT_INT_EQ(sshbuf_put_string(b, sigblob, siglen), 0); /* signature */ |
104 | 105 | ||
105 | free(sigblob); | 106 | free(sigblob); |
@@ -111,12 +112,13 @@ build_cert(struct sshbuf *b, const struct sshkey *k, const char *type, | |||
111 | } | 112 | } |
112 | 113 | ||
113 | static void | 114 | static void |
114 | signature_test(struct sshkey *k, struct sshkey *bad, const u_char *d, size_t l) | 115 | signature_test(struct sshkey *k, struct sshkey *bad, const char *sig_alg, |
116 | const u_char *d, size_t l) | ||
115 | { | 117 | { |
116 | size_t len; | 118 | size_t len; |
117 | u_char *sig; | 119 | u_char *sig; |
118 | 120 | ||
119 | ASSERT_INT_EQ(sshkey_sign(k, &sig, &len, d, l, 0), 0); | 121 | ASSERT_INT_EQ(sshkey_sign(k, &sig, &len, d, l, sig_alg, 0), 0); |
120 | ASSERT_SIZE_T_GT(len, 8); | 122 | ASSERT_SIZE_T_GT(len, 8); |
121 | ASSERT_PTR_NE(sig, NULL); | 123 | ASSERT_PTR_NE(sig, NULL); |
122 | ASSERT_INT_EQ(sshkey_verify(k, sig, len, d, l, 0), 0); | 124 | ASSERT_INT_EQ(sshkey_verify(k, sig, len, d, l, 0), 0); |
@@ -143,7 +145,7 @@ banana(u_char *s, size_t l) | |||
143 | } | 145 | } |
144 | 146 | ||
145 | static void | 147 | static void |
146 | signature_tests(struct sshkey *k, struct sshkey *bad) | 148 | signature_tests(struct sshkey *k, struct sshkey *bad, const char *sig_alg) |
147 | { | 149 | { |
148 | u_char i, buf[2049]; | 150 | u_char i, buf[2049]; |
149 | size_t lens[] = { | 151 | size_t lens[] = { |
@@ -155,7 +157,7 @@ signature_tests(struct sshkey *k, struct sshkey *bad) | |||
155 | test_subtest_info("%s key, banana length %zu", | 157 | test_subtest_info("%s key, banana length %zu", |
156 | sshkey_type(k), lens[i]); | 158 | sshkey_type(k), lens[i]); |
157 | banana(buf, lens[i]); | 159 | banana(buf, lens[i]); |
158 | signature_test(k, bad, buf, lens[i]); | 160 | signature_test(k, bad, sig_alg, buf, lens[i]); |
159 | } | 161 | } |
160 | } | 162 | } |
161 | 163 | ||
@@ -166,7 +168,7 @@ get_private(const char *n) | |||
166 | struct sshkey *ret; | 168 | struct sshkey *ret; |
167 | 169 | ||
168 | b = load_file(n); | 170 | b = load_file(n); |
169 | ASSERT_INT_EQ(sshkey_parse_private_fileblob(b, "", n, &ret, NULL), 0); | 171 | ASSERT_INT_EQ(sshkey_parse_private_fileblob(b, "", &ret, NULL), 0); |
170 | sshbuf_free(b); | 172 | sshbuf_free(b); |
171 | return ret; | 173 | return ret; |
172 | } | 174 | } |
@@ -469,7 +471,25 @@ sshkey_tests(void) | |||
469 | k1 = get_private("rsa_1"); | 471 | k1 = get_private("rsa_1"); |
470 | ASSERT_INT_EQ(sshkey_load_public(test_data_file("rsa_2.pub"), &k2, | 472 | ASSERT_INT_EQ(sshkey_load_public(test_data_file("rsa_2.pub"), &k2, |
471 | NULL), 0); | 473 | NULL), 0); |
472 | signature_tests(k1, k2); | 474 | signature_tests(k1, k2, "ssh-rsa"); |
475 | sshkey_free(k1); | ||
476 | sshkey_free(k2); | ||
477 | TEST_DONE(); | ||
478 | |||
479 | TEST_START("sign and verify RSA-SHA256"); | ||
480 | k1 = get_private("rsa_1"); | ||
481 | ASSERT_INT_EQ(sshkey_load_public(test_data_file("rsa_2.pub"), &k2, | ||
482 | NULL), 0); | ||
483 | signature_tests(k1, k2, "rsa-sha2-256"); | ||
484 | sshkey_free(k1); | ||
485 | sshkey_free(k2); | ||
486 | TEST_DONE(); | ||
487 | |||
488 | TEST_START("sign and verify RSA-SHA512"); | ||
489 | k1 = get_private("rsa_1"); | ||
490 | ASSERT_INT_EQ(sshkey_load_public(test_data_file("rsa_2.pub"), &k2, | ||
491 | NULL), 0); | ||
492 | signature_tests(k1, k2, "rsa-sha2-512"); | ||
473 | sshkey_free(k1); | 493 | sshkey_free(k1); |
474 | sshkey_free(k2); | 494 | sshkey_free(k2); |
475 | TEST_DONE(); | 495 | TEST_DONE(); |
@@ -478,7 +498,7 @@ sshkey_tests(void) | |||
478 | k1 = get_private("dsa_1"); | 498 | k1 = get_private("dsa_1"); |
479 | ASSERT_INT_EQ(sshkey_load_public(test_data_file("dsa_2.pub"), &k2, | 499 | ASSERT_INT_EQ(sshkey_load_public(test_data_file("dsa_2.pub"), &k2, |
480 | NULL), 0); | 500 | NULL), 0); |
481 | signature_tests(k1, k2); | 501 | signature_tests(k1, k2, NULL); |
482 | sshkey_free(k1); | 502 | sshkey_free(k1); |
483 | sshkey_free(k2); | 503 | sshkey_free(k2); |
484 | TEST_DONE(); | 504 | TEST_DONE(); |
@@ -488,7 +508,7 @@ sshkey_tests(void) | |||
488 | k1 = get_private("ecdsa_1"); | 508 | k1 = get_private("ecdsa_1"); |
489 | ASSERT_INT_EQ(sshkey_load_public(test_data_file("ecdsa_2.pub"), &k2, | 509 | ASSERT_INT_EQ(sshkey_load_public(test_data_file("ecdsa_2.pub"), &k2, |
490 | NULL), 0); | 510 | NULL), 0); |
491 | signature_tests(k1, k2); | 511 | signature_tests(k1, k2, NULL); |
492 | sshkey_free(k1); | 512 | sshkey_free(k1); |
493 | sshkey_free(k2); | 513 | sshkey_free(k2); |
494 | TEST_DONE(); | 514 | TEST_DONE(); |
@@ -498,7 +518,7 @@ sshkey_tests(void) | |||
498 | k1 = get_private("ed25519_1"); | 518 | k1 = get_private("ed25519_1"); |
499 | ASSERT_INT_EQ(sshkey_load_public(test_data_file("ed25519_2.pub"), &k2, | 519 | ASSERT_INT_EQ(sshkey_load_public(test_data_file("ed25519_2.pub"), &k2, |
500 | NULL), 0); | 520 | NULL), 0); |
501 | signature_tests(k1, k2); | 521 | signature_tests(k1, k2, NULL); |
502 | sshkey_free(k1); | 522 | sshkey_free(k1); |
503 | sshkey_free(k2); | 523 | sshkey_free(k2); |
504 | TEST_DONE(); | 524 | TEST_DONE(); |
@@ -508,7 +528,7 @@ sshkey_tests(void) | |||
508 | ASSERT_INT_EQ(sshkey_load_public(test_data_file("rsa_1.pub"), &k2, | 528 | ASSERT_INT_EQ(sshkey_load_public(test_data_file("rsa_1.pub"), &k2, |
509 | NULL), 0); | 529 | NULL), 0); |
510 | k3 = get_private("rsa_1"); | 530 | k3 = get_private("rsa_1"); |
511 | build_cert(b, k2, "ssh-rsa-cert-v01@openssh.com", k3, k1); | 531 | build_cert(b, k2, "ssh-rsa-cert-v01@openssh.com", k3, k1, NULL); |
512 | ASSERT_INT_EQ(sshkey_from_blob(sshbuf_ptr(b), sshbuf_len(b), &k4), | 532 | ASSERT_INT_EQ(sshkey_from_blob(sshbuf_ptr(b), sshbuf_len(b), &k4), |
513 | SSH_ERR_KEY_CERT_INVALID_SIGN_KEY); | 533 | SSH_ERR_KEY_CERT_INVALID_SIGN_KEY); |
514 | ASSERT_PTR_EQ(k4, NULL); | 534 | ASSERT_PTR_EQ(k4, NULL); |
@@ -1,45 +0,0 @@ | |||
1 | /* $OpenBSD: roaming.h,v 1.6 2011/12/07 05:44:38 djm Exp $ */ | ||
2 | /* | ||
3 | * Copyright (c) 2004-2009 AppGate Network Security AB | ||
4 | * | ||
5 | * Permission to use, copy, modify, and distribute this software for any | ||
6 | * purpose with or without fee is hereby granted, provided that the above | ||
7 | * copyright notice and this permission notice appear in all copies. | ||
8 | * | ||
9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES | ||
10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | ||
11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR | ||
12 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES | ||
13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN | ||
14 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF | ||
15 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | ||
16 | */ | ||
17 | |||
18 | #ifndef ROAMING_H | ||
19 | #define ROAMING_H | ||
20 | |||
21 | #define DEFAULT_ROAMBUF 65536 | ||
22 | #define MAX_ROAMBUF (2*1024*1024) /* XXX arbitrary */ | ||
23 | #define ROAMING_REQUEST "roaming@appgate.com" | ||
24 | |||
25 | extern int roaming_enabled; | ||
26 | extern int resume_in_progress; | ||
27 | |||
28 | void request_roaming(void); | ||
29 | int get_snd_buf_size(void); | ||
30 | int get_recv_buf_size(void); | ||
31 | void add_recv_bytes(u_int64_t); | ||
32 | int wait_for_roaming_reconnect(void); | ||
33 | void roaming_reply(int, u_int32_t, void *); | ||
34 | void set_out_buffer_size(size_t); | ||
35 | ssize_t roaming_write(int, const void *, size_t, int *); | ||
36 | ssize_t roaming_read(int, void *, size_t, int *); | ||
37 | size_t roaming_atomicio(ssize_t (*)(int, void *, size_t), int, void *, size_t); | ||
38 | u_int64_t get_recv_bytes(void); | ||
39 | u_int64_t get_sent_bytes(void); | ||
40 | void roam_set_bytes(u_int64_t, u_int64_t); | ||
41 | void resend_bytes(int, u_int64_t *); | ||
42 | void calculate_new_key(u_int64_t *, u_int64_t, u_int64_t); | ||
43 | int resume_kex(void); | ||
44 | |||
45 | #endif /* ROAMING */ | ||
diff --git a/roaming_client.c b/roaming_client.c deleted file mode 100644 index cb1328574..000000000 --- a/roaming_client.c +++ /dev/null | |||
@@ -1,271 +0,0 @@ | |||
1 | /* $OpenBSD: roaming_client.c,v 1.9 2015/01/27 12:54:06 okan Exp $ */ | ||
2 | /* | ||
3 | * Copyright (c) 2004-2009 AppGate Network Security AB | ||
4 | * | ||
5 | * Permission to use, copy, modify, and distribute this software for any | ||
6 | * purpose with or without fee is hereby granted, provided that the above | ||
7 | * copyright notice and this permission notice appear in all copies. | ||
8 | * | ||
9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES | ||
10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | ||
11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR | ||
12 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES | ||
13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN | ||
14 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF | ||
15 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | ||
16 | */ | ||
17 | |||
18 | #include "includes.h" | ||
19 | |||
20 | #include "openbsd-compat/sys-queue.h" | ||
21 | #include <sys/types.h> | ||
22 | #include <sys/socket.h> | ||
23 | |||
24 | #include <signal.h> | ||
25 | #include <string.h> | ||
26 | #include <unistd.h> | ||
27 | |||
28 | #include "xmalloc.h" | ||
29 | #include "buffer.h" | ||
30 | #include "channels.h" | ||
31 | #include "cipher.h" | ||
32 | #include "dispatch.h" | ||
33 | #include "clientloop.h" | ||
34 | #include "log.h" | ||
35 | #include "match.h" | ||
36 | #include "misc.h" | ||
37 | #include "packet.h" | ||
38 | #include "ssh.h" | ||
39 | #include "key.h" | ||
40 | #include "kex.h" | ||
41 | #include "readconf.h" | ||
42 | #include "roaming.h" | ||
43 | #include "ssh2.h" | ||
44 | #include "sshconnect.h" | ||
45 | #include "digest.h" | ||
46 | |||
47 | /* import */ | ||
48 | extern Options options; | ||
49 | extern char *host; | ||
50 | extern struct sockaddr_storage hostaddr; | ||
51 | extern int session_resumed; | ||
52 | |||
53 | static u_int32_t roaming_id; | ||
54 | static u_int64_t cookie; | ||
55 | static u_int64_t lastseenchall; | ||
56 | static u_int64_t key1, key2, oldkey1, oldkey2; | ||
57 | |||
58 | void | ||
59 | roaming_reply(int type, u_int32_t seq, void *ctxt) | ||
60 | { | ||
61 | if (type == SSH2_MSG_REQUEST_FAILURE) { | ||
62 | logit("Server denied roaming"); | ||
63 | return; | ||
64 | } | ||
65 | verbose("Roaming enabled"); | ||
66 | roaming_id = packet_get_int(); | ||
67 | cookie = packet_get_int64(); | ||
68 | key1 = oldkey1 = packet_get_int64(); | ||
69 | key2 = oldkey2 = packet_get_int64(); | ||
70 | set_out_buffer_size(packet_get_int() + get_snd_buf_size()); | ||
71 | roaming_enabled = 1; | ||
72 | } | ||
73 | |||
74 | void | ||
75 | request_roaming(void) | ||
76 | { | ||
77 | packet_start(SSH2_MSG_GLOBAL_REQUEST); | ||
78 | packet_put_cstring(ROAMING_REQUEST); | ||
79 | packet_put_char(1); | ||
80 | packet_put_int(get_recv_buf_size()); | ||
81 | packet_send(); | ||
82 | client_register_global_confirm(roaming_reply, NULL); | ||
83 | } | ||
84 | |||
85 | static void | ||
86 | roaming_auth_required(void) | ||
87 | { | ||
88 | u_char digest[SSH_DIGEST_MAX_LENGTH]; | ||
89 | Buffer b; | ||
90 | u_int64_t chall, oldchall; | ||
91 | |||
92 | chall = packet_get_int64(); | ||
93 | oldchall = packet_get_int64(); | ||
94 | if (oldchall != lastseenchall) { | ||
95 | key1 = oldkey1; | ||
96 | key2 = oldkey2; | ||
97 | } | ||
98 | lastseenchall = chall; | ||
99 | |||
100 | buffer_init(&b); | ||
101 | buffer_put_int64(&b, cookie); | ||
102 | buffer_put_int64(&b, chall); | ||
103 | if (ssh_digest_buffer(SSH_DIGEST_SHA1, &b, digest, sizeof(digest)) != 0) | ||
104 | fatal("%s: ssh_digest_buffer failed", __func__); | ||
105 | buffer_free(&b); | ||
106 | |||
107 | packet_start(SSH2_MSG_KEX_ROAMING_AUTH); | ||
108 | packet_put_int64(key1 ^ get_recv_bytes()); | ||
109 | packet_put_raw(digest, ssh_digest_bytes(SSH_DIGEST_SHA1)); | ||
110 | packet_send(); | ||
111 | |||
112 | oldkey1 = key1; | ||
113 | oldkey2 = key2; | ||
114 | calculate_new_key(&key1, cookie, chall); | ||
115 | calculate_new_key(&key2, cookie, chall); | ||
116 | |||
117 | debug("Received %llu bytes", (unsigned long long)get_recv_bytes()); | ||
118 | debug("Sent roaming_auth packet"); | ||
119 | } | ||
120 | |||
121 | int | ||
122 | resume_kex(void) | ||
123 | { | ||
124 | /* | ||
125 | * This should not happen - if the client sends the kex method | ||
126 | * resume@appgate.com then the kex is done in roaming_resume(). | ||
127 | */ | ||
128 | return 1; | ||
129 | } | ||
130 | |||
131 | static int | ||
132 | roaming_resume(void) | ||
133 | { | ||
134 | u_int64_t recv_bytes; | ||
135 | char *str = NULL, *kexlist = NULL, *c; | ||
136 | int i, type; | ||
137 | int timeout_ms = options.connection_timeout * 1000; | ||
138 | u_int len; | ||
139 | u_int32_t rnd = 0; | ||
140 | |||
141 | resume_in_progress = 1; | ||
142 | |||
143 | /* Exchange banners */ | ||
144 | ssh_exchange_identification(timeout_ms); | ||
145 | packet_set_nonblocking(); | ||
146 | |||
147 | /* Send a kexinit message with resume@appgate.com as only kex algo */ | ||
148 | packet_start(SSH2_MSG_KEXINIT); | ||
149 | for (i = 0; i < KEX_COOKIE_LEN; i++) { | ||
150 | if (i % 4 == 0) | ||
151 | rnd = arc4random(); | ||
152 | packet_put_char(rnd & 0xff); | ||
153 | rnd >>= 8; | ||
154 | } | ||
155 | packet_put_cstring(KEX_RESUME); | ||
156 | for (i = 1; i < PROPOSAL_MAX; i++) { | ||
157 | /* kex algorithm added so start with i=1 and not 0 */ | ||
158 | packet_put_cstring(""); /* Not used when we resume */ | ||
159 | } | ||
160 | packet_put_char(1); /* first kex_packet follows */ | ||
161 | packet_put_int(0); /* reserved */ | ||
162 | packet_send(); | ||
163 | |||
164 | /* Assume that resume@appgate.com will be accepted */ | ||
165 | packet_start(SSH2_MSG_KEX_ROAMING_RESUME); | ||
166 | packet_put_int(roaming_id); | ||
167 | packet_send(); | ||
168 | |||
169 | /* Read the server's kexinit and check for resume@appgate.com */ | ||
170 | if ((type = packet_read()) != SSH2_MSG_KEXINIT) { | ||
171 | debug("expected kexinit on resume, got %d", type); | ||
172 | goto fail; | ||
173 | } | ||
174 | for (i = 0; i < KEX_COOKIE_LEN; i++) | ||
175 | (void)packet_get_char(); | ||
176 | kexlist = packet_get_string(&len); | ||
177 | if (!kexlist | ||
178 | || (str = match_list(KEX_RESUME, kexlist, NULL)) == NULL) { | ||
179 | debug("server doesn't allow resume"); | ||
180 | goto fail; | ||
181 | } | ||
182 | free(str); | ||
183 | for (i = 1; i < PROPOSAL_MAX; i++) { | ||
184 | /* kex algorithm taken care of so start with i=1 and not 0 */ | ||
185 | free(packet_get_string(&len)); | ||
186 | } | ||
187 | i = packet_get_char(); /* first_kex_packet_follows */ | ||
188 | if (i && (c = strchr(kexlist, ','))) | ||
189 | *c = 0; | ||
190 | if (i && strcmp(kexlist, KEX_RESUME)) { | ||
191 | debug("server's kex guess (%s) was wrong, skipping", kexlist); | ||
192 | (void)packet_read(); /* Wrong guess - discard packet */ | ||
193 | } | ||
194 | |||
195 | /* | ||
196 | * Read the ROAMING_AUTH_REQUIRED challenge from the server and | ||
197 | * send ROAMING_AUTH | ||
198 | */ | ||
199 | if ((type = packet_read()) != SSH2_MSG_KEX_ROAMING_AUTH_REQUIRED) { | ||
200 | debug("expected roaming_auth_required, got %d", type); | ||
201 | goto fail; | ||
202 | } | ||
203 | roaming_auth_required(); | ||
204 | |||
205 | /* Read ROAMING_AUTH_OK from the server */ | ||
206 | if ((type = packet_read()) != SSH2_MSG_KEX_ROAMING_AUTH_OK) { | ||
207 | debug("expected roaming_auth_ok, got %d", type); | ||
208 | goto fail; | ||
209 | } | ||
210 | recv_bytes = packet_get_int64() ^ oldkey2; | ||
211 | debug("Peer received %llu bytes", (unsigned long long)recv_bytes); | ||
212 | resend_bytes(packet_get_connection_out(), &recv_bytes); | ||
213 | |||
214 | resume_in_progress = 0; | ||
215 | |||
216 | session_resumed = 1; /* Tell clientloop */ | ||
217 | |||
218 | return 0; | ||
219 | |||
220 | fail: | ||
221 | free(kexlist); | ||
222 | if (packet_get_connection_in() == packet_get_connection_out()) | ||
223 | close(packet_get_connection_in()); | ||
224 | else { | ||
225 | close(packet_get_connection_in()); | ||
226 | close(packet_get_connection_out()); | ||
227 | } | ||
228 | return 1; | ||
229 | } | ||
230 | |||
231 | int | ||
232 | wait_for_roaming_reconnect(void) | ||
233 | { | ||
234 | static int reenter_guard = 0; | ||
235 | int timeout_ms = options.connection_timeout * 1000; | ||
236 | int c; | ||
237 | |||
238 | if (reenter_guard != 0) | ||
239 | fatal("Server refused resume, roaming timeout may be exceeded"); | ||
240 | reenter_guard = 1; | ||
241 | |||
242 | fprintf(stderr, "[connection suspended, press return to resume]"); | ||
243 | fflush(stderr); | ||
244 | packet_backup_state(); | ||
245 | /* TODO Perhaps we should read from tty here */ | ||
246 | while ((c = fgetc(stdin)) != EOF) { | ||
247 | if (c == 'Z' - 64) { | ||
248 | kill(getpid(), SIGTSTP); | ||
249 | continue; | ||
250 | } | ||
251 | if (c != '\n' && c != '\r') | ||
252 | continue; | ||
253 | |||
254 | if (ssh_connect(host, NULL, &hostaddr, options.port, | ||
255 | options.address_family, 1, &timeout_ms, | ||
256 | options.tcp_keep_alive, options.use_privileged_port) == 0 && | ||
257 | roaming_resume() == 0) { | ||
258 | packet_restore_state(); | ||
259 | reenter_guard = 0; | ||
260 | fprintf(stderr, "[connection resumed]\n"); | ||
261 | fflush(stderr); | ||
262 | return 0; | ||
263 | } | ||
264 | |||
265 | fprintf(stderr, "[reconnect failed, press return to retry]"); | ||
266 | fflush(stderr); | ||
267 | } | ||
268 | fprintf(stderr, "[exiting]\n"); | ||
269 | fflush(stderr); | ||
270 | exit(0); | ||
271 | } | ||
diff --git a/roaming_common.c b/roaming_common.c deleted file mode 100644 index ea064605c..000000000 --- a/roaming_common.c +++ /dev/null | |||
@@ -1,241 +0,0 @@ | |||
1 | /* $OpenBSD: roaming_common.c,v 1.13 2015/01/27 12:54:06 okan Exp $ */ | ||
2 | /* | ||
3 | * Copyright (c) 2004-2009 AppGate Network Security AB | ||
4 | * | ||
5 | * Permission to use, copy, modify, and distribute this software for any | ||
6 | * purpose with or without fee is hereby granted, provided that the above | ||
7 | * copyright notice and this permission notice appear in all copies. | ||
8 | * | ||
9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES | ||
10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | ||
11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR | ||
12 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES | ||
13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN | ||
14 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF | ||
15 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | ||
16 | */ | ||
17 | |||
18 | #include "includes.h" | ||
19 | |||
20 | #include <sys/types.h> | ||
21 | #include <sys/socket.h> | ||
22 | #include <sys/uio.h> | ||
23 | |||
24 | #include <errno.h> | ||
25 | #include <stdarg.h> | ||
26 | #include <string.h> | ||
27 | #include <unistd.h> | ||
28 | |||
29 | #include "atomicio.h" | ||
30 | #include "log.h" | ||
31 | #include "packet.h" | ||
32 | #include "xmalloc.h" | ||
33 | #include "cipher.h" | ||
34 | #include "buffer.h" | ||
35 | #include "roaming.h" | ||
36 | #include "digest.h" | ||
37 | |||
38 | static size_t out_buf_size = 0; | ||
39 | static char *out_buf = NULL; | ||
40 | static size_t out_start; | ||
41 | static size_t out_last; | ||
42 | |||
43 | static u_int64_t write_bytes = 0; | ||
44 | static u_int64_t read_bytes = 0; | ||
45 | |||
46 | int roaming_enabled = 0; | ||
47 | int resume_in_progress = 0; | ||
48 | |||
49 | int | ||
50 | get_snd_buf_size(void) | ||
51 | { | ||
52 | int fd = packet_get_connection_out(); | ||
53 | int optval; | ||
54 | socklen_t optvallen = sizeof(optval); | ||
55 | |||
56 | if (getsockopt(fd, SOL_SOCKET, SO_SNDBUF, &optval, &optvallen) != 0) | ||
57 | optval = DEFAULT_ROAMBUF; | ||
58 | return optval; | ||
59 | } | ||
60 | |||
61 | int | ||
62 | get_recv_buf_size(void) | ||
63 | { | ||
64 | int fd = packet_get_connection_in(); | ||
65 | int optval; | ||
66 | socklen_t optvallen = sizeof(optval); | ||
67 | |||
68 | if (getsockopt(fd, SOL_SOCKET, SO_RCVBUF, &optval, &optvallen) != 0) | ||
69 | optval = DEFAULT_ROAMBUF; | ||
70 | return optval; | ||
71 | } | ||
72 | |||
73 | void | ||
74 | set_out_buffer_size(size_t size) | ||
75 | { | ||
76 | if (size == 0 || size > MAX_ROAMBUF) | ||
77 | fatal("%s: bad buffer size %lu", __func__, (u_long)size); | ||
78 | /* | ||
79 | * The buffer size can only be set once and the buffer will live | ||
80 | * as long as the session lives. | ||
81 | */ | ||
82 | if (out_buf == NULL) { | ||
83 | out_buf_size = size; | ||
84 | out_buf = xmalloc(size); | ||
85 | out_start = 0; | ||
86 | out_last = 0; | ||
87 | } | ||
88 | } | ||
89 | |||
90 | u_int64_t | ||
91 | get_recv_bytes(void) | ||
92 | { | ||
93 | return read_bytes; | ||
94 | } | ||
95 | |||
96 | void | ||
97 | add_recv_bytes(u_int64_t num) | ||
98 | { | ||
99 | read_bytes += num; | ||
100 | } | ||
101 | |||
102 | u_int64_t | ||
103 | get_sent_bytes(void) | ||
104 | { | ||
105 | return write_bytes; | ||
106 | } | ||
107 | |||
108 | void | ||
109 | roam_set_bytes(u_int64_t sent, u_int64_t recvd) | ||
110 | { | ||
111 | read_bytes = recvd; | ||
112 | write_bytes = sent; | ||
113 | } | ||
114 | |||
115 | static void | ||
116 | buf_append(const char *buf, size_t count) | ||
117 | { | ||
118 | if (count > out_buf_size) { | ||
119 | buf += count - out_buf_size; | ||
120 | count = out_buf_size; | ||
121 | } | ||
122 | if (count < out_buf_size - out_last) { | ||
123 | memcpy(out_buf + out_last, buf, count); | ||
124 | if (out_start > out_last) | ||
125 | out_start += count; | ||
126 | out_last += count; | ||
127 | } else { | ||
128 | /* data will wrap */ | ||
129 | size_t chunk = out_buf_size - out_last; | ||
130 | memcpy(out_buf + out_last, buf, chunk); | ||
131 | memcpy(out_buf, buf + chunk, count - chunk); | ||
132 | out_last = count - chunk; | ||
133 | out_start = out_last + 1; | ||
134 | } | ||
135 | } | ||
136 | |||
137 | ssize_t | ||
138 | roaming_write(int fd, const void *buf, size_t count, int *cont) | ||
139 | { | ||
140 | ssize_t ret; | ||
141 | |||
142 | ret = write(fd, buf, count); | ||
143 | if (ret > 0 && !resume_in_progress) { | ||
144 | write_bytes += ret; | ||
145 | if (out_buf_size > 0) | ||
146 | buf_append(buf, ret); | ||
147 | } | ||
148 | if (out_buf_size > 0 && | ||
149 | (ret == 0 || (ret == -1 && errno == EPIPE))) { | ||
150 | if (wait_for_roaming_reconnect() != 0) { | ||
151 | ret = 0; | ||
152 | *cont = 1; | ||
153 | } else { | ||
154 | ret = -1; | ||
155 | errno = EAGAIN; | ||
156 | } | ||
157 | } | ||
158 | return ret; | ||
159 | } | ||
160 | |||
161 | ssize_t | ||
162 | roaming_read(int fd, void *buf, size_t count, int *cont) | ||
163 | { | ||
164 | ssize_t ret = read(fd, buf, count); | ||
165 | if (ret > 0) { | ||
166 | if (!resume_in_progress) { | ||
167 | read_bytes += ret; | ||
168 | } | ||
169 | } else if (out_buf_size > 0 && | ||
170 | (ret == 0 || (ret == -1 && (errno == ECONNRESET | ||
171 | || errno == ECONNABORTED || errno == ETIMEDOUT | ||
172 | || errno == EHOSTUNREACH)))) { | ||
173 | debug("roaming_read failed for %d ret=%ld errno=%d", | ||
174 | fd, (long)ret, errno); | ||
175 | ret = 0; | ||
176 | if (wait_for_roaming_reconnect() == 0) | ||
177 | *cont = 1; | ||
178 | } | ||
179 | return ret; | ||
180 | } | ||
181 | |||
182 | size_t | ||
183 | roaming_atomicio(ssize_t(*f)(int, void*, size_t), int fd, void *buf, | ||
184 | size_t count) | ||
185 | { | ||
186 | size_t ret = atomicio(f, fd, buf, count); | ||
187 | |||
188 | if (f == vwrite && ret > 0 && !resume_in_progress) { | ||
189 | write_bytes += ret; | ||
190 | } else if (f == read && ret > 0 && !resume_in_progress) { | ||
191 | read_bytes += ret; | ||
192 | } | ||
193 | return ret; | ||
194 | } | ||
195 | |||
196 | void | ||
197 | resend_bytes(int fd, u_int64_t *offset) | ||
198 | { | ||
199 | size_t available, needed; | ||
200 | |||
201 | if (out_start < out_last) | ||
202 | available = out_last - out_start; | ||
203 | else | ||
204 | available = out_buf_size; | ||
205 | needed = write_bytes - *offset; | ||
206 | debug3("resend_bytes: resend %lu bytes from %llu", | ||
207 | (unsigned long)needed, (unsigned long long)*offset); | ||
208 | if (needed > available) | ||
209 | fatal("Needed to resend more data than in the cache"); | ||
210 | if (out_last < needed) { | ||
211 | int chunkend = needed - out_last; | ||
212 | atomicio(vwrite, fd, out_buf + out_buf_size - chunkend, | ||
213 | chunkend); | ||
214 | atomicio(vwrite, fd, out_buf, out_last); | ||
215 | } else { | ||
216 | atomicio(vwrite, fd, out_buf + (out_last - needed), needed); | ||
217 | } | ||
218 | } | ||
219 | |||
220 | /* | ||
221 | * Caclulate a new key after a reconnect | ||
222 | */ | ||
223 | void | ||
224 | calculate_new_key(u_int64_t *key, u_int64_t cookie, u_int64_t challenge) | ||
225 | { | ||
226 | u_char hash[SSH_DIGEST_MAX_LENGTH]; | ||
227 | Buffer b; | ||
228 | |||
229 | buffer_init(&b); | ||
230 | buffer_put_int64(&b, *key); | ||
231 | buffer_put_int64(&b, cookie); | ||
232 | buffer_put_int64(&b, challenge); | ||
233 | |||
234 | if (ssh_digest_buffer(SSH_DIGEST_SHA1, &b, hash, sizeof(hash)) != 0) | ||
235 | fatal("%s: digest_buffer failed", __func__); | ||
236 | |||
237 | buffer_clear(&b); | ||
238 | buffer_append(&b, hash, ssh_digest_bytes(SSH_DIGEST_SHA1)); | ||
239 | *key = buffer_get_int64(&b); | ||
240 | buffer_free(&b); | ||
241 | } | ||
diff --git a/roaming_dummy.c b/roaming_dummy.c deleted file mode 100644 index 837de695d..000000000 --- a/roaming_dummy.c +++ /dev/null | |||
@@ -1,72 +0,0 @@ | |||
1 | /* $OpenBSD: roaming_dummy.c,v 1.4 2015/01/19 19:52:16 markus Exp $ */ | ||
2 | /* | ||
3 | * Copyright (c) 2004-2009 AppGate Network Security AB | ||
4 | * | ||
5 | * Permission to use, copy, modify, and distribute this software for any | ||
6 | * purpose with or without fee is hereby granted, provided that the above | ||
7 | * copyright notice and this permission notice appear in all copies. | ||
8 | * | ||
9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES | ||
10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | ||
11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR | ||
12 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES | ||
13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN | ||
14 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF | ||
15 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | ||
16 | */ | ||
17 | |||
18 | /* | ||
19 | * This file is included in the client programs which should not | ||
20 | * support roaming. | ||
21 | */ | ||
22 | |||
23 | #include "includes.h" | ||
24 | |||
25 | #include <sys/types.h> | ||
26 | #include <unistd.h> | ||
27 | |||
28 | #include "roaming.h" | ||
29 | |||
30 | int resume_in_progress = 0; | ||
31 | |||
32 | u_int64_t | ||
33 | get_recv_bytes(void) | ||
34 | { | ||
35 | return 0; | ||
36 | } | ||
37 | |||
38 | u_int64_t | ||
39 | get_sent_bytes(void) | ||
40 | { | ||
41 | return 0; | ||
42 | } | ||
43 | |||
44 | void | ||
45 | roam_set_bytes(u_int64_t sent, u_int64_t recvd) | ||
46 | { | ||
47 | } | ||
48 | |||
49 | ssize_t | ||
50 | roaming_write(int fd, const void *buf, size_t count, int *cont) | ||
51 | { | ||
52 | return write(fd, buf, count); | ||
53 | } | ||
54 | |||
55 | ssize_t | ||
56 | roaming_read(int fd, void *buf, size_t count, int *cont) | ||
57 | { | ||
58 | if (cont) | ||
59 | *cont = 0; | ||
60 | return read(fd, buf, count); | ||
61 | } | ||
62 | |||
63 | void | ||
64 | add_recv_bytes(u_int64_t num) | ||
65 | { | ||
66 | } | ||
67 | |||
68 | int | ||
69 | resume_kex(void) | ||
70 | { | ||
71 | return 1; | ||
72 | } | ||
diff --git a/roaming_serv.c b/roaming_serv.c deleted file mode 100644 index 511ca8461..000000000 --- a/roaming_serv.c +++ /dev/null | |||
@@ -1,31 +0,0 @@ | |||
1 | /* $OpenBSD: roaming_serv.c,v 1.1 2009/10/24 11:18:23 andreas Exp $ */ | ||
2 | /* | ||
3 | * Copyright (c) 2004-2009 AppGate Network Security AB | ||
4 | * | ||
5 | * Permission to use, copy, modify, and distribute this software for any | ||
6 | * purpose with or without fee is hereby granted, provided that the above | ||
7 | * copyright notice and this permission notice appear in all copies. | ||
8 | * | ||
9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES | ||
10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | ||
11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR | ||
12 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES | ||
13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN | ||
14 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF | ||
15 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | ||
16 | */ | ||
17 | |||
18 | #include "includes.h" | ||
19 | |||
20 | #include <sys/types.h> | ||
21 | |||
22 | #include "roaming.h" | ||
23 | |||
24 | /* | ||
25 | * Wait for the roaming client to reconnect. Returns 0 if a connect ocurred. | ||
26 | */ | ||
27 | int | ||
28 | wait_for_roaming_reconnect(void) | ||
29 | { | ||
30 | return 1; | ||
31 | } | ||
diff --git a/sandbox-pledge.c b/sandbox-pledge.c new file mode 100644 index 000000000..d28fc2727 --- /dev/null +++ b/sandbox-pledge.c | |||
@@ -0,0 +1,77 @@ | |||
1 | /* $OpenBSD: sandbox-pledge.c,v 1.1 2015/10/09 01:37:08 deraadt Exp $ */ | ||
2 | /* | ||
3 | * Copyright (c) 2015 Theo de Raadt <deraadt@openbsd.org> | ||
4 | * | ||
5 | * Permission to use, copy, modify, and distribute this software for any | ||
6 | * purpose with or without fee is hereby granted, provided that the above | ||
7 | * copyright notice and this permission notice appear in all copies. | ||
8 | * | ||
9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES | ||
10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | ||
11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR | ||
12 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES | ||
13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN | ||
14 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF | ||
15 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | ||
16 | */ | ||
17 | |||
18 | #include "includes.h" | ||
19 | |||
20 | #ifdef SANDBOX_PLEDGE | ||
21 | |||
22 | #include <sys/types.h> | ||
23 | #include <sys/ioctl.h> | ||
24 | #include <sys/syscall.h> | ||
25 | #include <sys/socket.h> | ||
26 | #include <sys/wait.h> | ||
27 | |||
28 | #include <errno.h> | ||
29 | #include <limits.h> | ||
30 | #include <stdarg.h> | ||
31 | #include <stdio.h> | ||
32 | #include <stdlib.h> | ||
33 | #include <unistd.h> | ||
34 | #include <pwd.h> | ||
35 | |||
36 | #include "log.h" | ||
37 | #include "ssh-sandbox.h" | ||
38 | #include "xmalloc.h" | ||
39 | |||
40 | struct ssh_sandbox { | ||
41 | pid_t child_pid; | ||
42 | }; | ||
43 | |||
44 | struct ssh_sandbox * | ||
45 | ssh_sandbox_init(struct monitor *m) | ||
46 | { | ||
47 | struct ssh_sandbox *box; | ||
48 | |||
49 | debug3("%s: preparing pledge sandbox", __func__); | ||
50 | box = xcalloc(1, sizeof(*box)); | ||
51 | box->child_pid = 0; | ||
52 | |||
53 | return box; | ||
54 | } | ||
55 | |||
56 | void | ||
57 | ssh_sandbox_child(struct ssh_sandbox *box) | ||
58 | { | ||
59 | if (pledge("stdio", NULL) == -1) | ||
60 | fatal("%s: pledge()", __func__); | ||
61 | } | ||
62 | |||
63 | void | ||
64 | ssh_sandbox_parent_finish(struct ssh_sandbox *box) | ||
65 | { | ||
66 | free(box); | ||
67 | debug3("%s: finished", __func__); | ||
68 | } | ||
69 | |||
70 | void | ||
71 | ssh_sandbox_parent_preauth(struct ssh_sandbox *box, pid_t child_pid) | ||
72 | { | ||
73 | box->child_pid = child_pid; | ||
74 | /* Nothing to do here */ | ||
75 | } | ||
76 | |||
77 | #endif /* SANDBOX_PLEDGE */ | ||
diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c index 2462bcc88..d132e2646 100644 --- a/sandbox-seccomp-filter.c +++ b/sandbox-seccomp-filter.c | |||
@@ -147,6 +147,9 @@ static const struct sock_filter preauth_insns[] = { | |||
147 | #ifdef __NR_getpid | 147 | #ifdef __NR_getpid |
148 | SC_ALLOW(getpid), | 148 | SC_ALLOW(getpid), |
149 | #endif | 149 | #endif |
150 | #ifdef __NR_getrandom | ||
151 | SC_ALLOW(getrandom), | ||
152 | #endif | ||
150 | #ifdef __NR_gettimeofday | 153 | #ifdef __NR_gettimeofday |
151 | SC_ALLOW(gettimeofday), | 154 | SC_ALLOW(gettimeofday), |
152 | #endif | 155 | #endif |
diff --git a/sandbox-solaris.c b/sandbox-solaris.c new file mode 100644 index 000000000..343a01022 --- /dev/null +++ b/sandbox-solaris.c | |||
@@ -0,0 +1,108 @@ | |||
1 | /* | ||
2 | * Copyright (c) 2015 Joyent, Inc | ||
3 | * Author: Alex Wilson <alex.wilson@joyent.com> | ||
4 | * | ||
5 | * Permission to use, copy, modify, and distribute this software for any | ||
6 | * purpose with or without fee is hereby granted, provided that the above | ||
7 | * copyright notice and this permission notice appear in all copies. | ||
8 | * | ||
9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES | ||
10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | ||
11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR | ||
12 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES | ||
13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN | ||
14 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF | ||
15 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | ||
16 | */ | ||
17 | |||
18 | #include "includes.h" | ||
19 | |||
20 | #ifdef SANDBOX_SOLARIS | ||
21 | #ifndef USE_SOLARIS_PRIVS | ||
22 | # error "--with-solaris-privs must be used with the Solaris sandbox" | ||
23 | #endif | ||
24 | |||
25 | #include <sys/types.h> | ||
26 | |||
27 | #include <errno.h> | ||
28 | #include <stdarg.h> | ||
29 | #include <stdio.h> | ||
30 | #include <stdlib.h> | ||
31 | #include <string.h> | ||
32 | #include <unistd.h> | ||
33 | #ifdef HAVE_PRIV_H | ||
34 | # include <priv.h> | ||
35 | #endif | ||
36 | |||
37 | #include "log.h" | ||
38 | #include "ssh-sandbox.h" | ||
39 | #include "xmalloc.h" | ||
40 | |||
41 | struct ssh_sandbox { | ||
42 | priv_set_t *pset; | ||
43 | }; | ||
44 | |||
45 | struct ssh_sandbox * | ||
46 | ssh_sandbox_init(struct monitor *monitor) | ||
47 | { | ||
48 | struct ssh_sandbox *box = NULL; | ||
49 | |||
50 | box = xcalloc(1, sizeof(*box)); | ||
51 | |||
52 | /* Start with "basic" and drop everything we don't need. */ | ||
53 | box->pset = solaris_basic_privset(); | ||
54 | |||
55 | if (box->pset == NULL) { | ||
56 | free(box); | ||
57 | return NULL; | ||
58 | } | ||
59 | |||
60 | /* Drop everything except the ability to use already-opened files */ | ||
61 | if (priv_delset(box->pset, PRIV_FILE_LINK_ANY) != 0 || | ||
62 | #ifdef PRIV_NET_ACCESS | ||
63 | priv_delset(box->pset, PRIV_NET_ACCESS) != 0 || | ||
64 | #endif | ||
65 | priv_delset(box->pset, PRIV_PROC_EXEC) != 0 || | ||
66 | priv_delset(box->pset, PRIV_PROC_FORK) != 0 || | ||
67 | priv_delset(box->pset, PRIV_PROC_INFO) != 0 || | ||
68 | priv_delset(box->pset, PRIV_PROC_SESSION) != 0) { | ||
69 | free(box); | ||
70 | return NULL; | ||
71 | } | ||
72 | |||
73 | /* These may not be available on older Solaris-es */ | ||
74 | # if defined(PRIV_FILE_READ) && defined(PRIV_FILE_WRITE) | ||
75 | if (priv_delset(box->pset, PRIV_FILE_READ) != 0 || | ||
76 | priv_delset(box->pset, PRIV_FILE_WRITE) != 0) { | ||
77 | free(box); | ||
78 | return NULL; | ||
79 | } | ||
80 | # endif | ||
81 | |||
82 | return box; | ||
83 | } | ||
84 | |||
85 | void | ||
86 | ssh_sandbox_child(struct ssh_sandbox *box) | ||
87 | { | ||
88 | if (setppriv(PRIV_SET, PRIV_PERMITTED, box->pset) != 0 || | ||
89 | setppriv(PRIV_SET, PRIV_LIMIT, box->pset) != 0 || | ||
90 | setppriv(PRIV_SET, PRIV_INHERITABLE, box->pset) != 0) | ||
91 | fatal("setppriv: %s", strerror(errno)); | ||
92 | } | ||
93 | |||
94 | void | ||
95 | ssh_sandbox_parent_finish(struct ssh_sandbox *box) | ||
96 | { | ||
97 | priv_freeset(box->pset); | ||
98 | box->pset = NULL; | ||
99 | free(box); | ||
100 | } | ||
101 | |||
102 | void | ||
103 | ssh_sandbox_parent_preauth(struct ssh_sandbox *box, pid_t child_pid) | ||
104 | { | ||
105 | /* Nothing to do here */ | ||
106 | } | ||
107 | |||
108 | #endif /* SANDBOX_SOLARIS */ | ||
diff --git a/sandbox-systrace.c b/sandbox-systrace.c index 3830ed16c..b4d8d04ca 100644 --- a/sandbox-systrace.c +++ b/sandbox-systrace.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sandbox-systrace.c,v 1.17 2015/07/27 16:29:23 guenther Exp $ */ | 1 | /* $OpenBSD: sandbox-systrace.c,v 1.18 2015/10/02 01:39:26 deraadt Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2011 Damien Miller <djm@mindrot.org> | 3 | * Copyright (c) 2011 Damien Miller <djm@mindrot.org> |
4 | * | 4 | * |
@@ -50,9 +50,17 @@ struct sandbox_policy { | |||
50 | 50 | ||
51 | /* Permitted syscalls in preauth. Unlisted syscalls get SYSTR_POLICY_KILL */ | 51 | /* Permitted syscalls in preauth. Unlisted syscalls get SYSTR_POLICY_KILL */ |
52 | static const struct sandbox_policy preauth_policy[] = { | 52 | static const struct sandbox_policy preauth_policy[] = { |
53 | { SYS_clock_gettime, SYSTR_POLICY_PERMIT }, | ||
54 | { SYS_close, SYSTR_POLICY_PERMIT }, | ||
55 | { SYS_exit, SYSTR_POLICY_PERMIT }, | 53 | { SYS_exit, SYSTR_POLICY_PERMIT }, |
54 | #ifdef SYS_kbind | ||
55 | { SYS_kbind, SYSTR_POLICY_PERMIT }, | ||
56 | #endif | ||
57 | |||
58 | { SYS_getpid, SYSTR_POLICY_PERMIT }, | ||
59 | { SYS_getpgid, SYSTR_POLICY_PERMIT }, | ||
60 | { SYS_clock_gettime, SYSTR_POLICY_PERMIT }, | ||
61 | { SYS_gettimeofday, SYSTR_POLICY_PERMIT }, | ||
62 | { SYS_sigprocmask, SYSTR_POLICY_PERMIT }, | ||
63 | |||
56 | #ifdef SYS_getentropy | 64 | #ifdef SYS_getentropy |
57 | /* OpenBSD 5.6 and newer use getentropy(2) to seed arc4random(3). */ | 65 | /* OpenBSD 5.6 and newer use getentropy(2) to seed arc4random(3). */ |
58 | { SYS_getentropy, SYSTR_POLICY_PERMIT }, | 66 | { SYS_getentropy, SYSTR_POLICY_PERMIT }, |
@@ -60,27 +68,25 @@ static const struct sandbox_policy preauth_policy[] = { | |||
60 | /* Previous releases used sysctl(3)'s kern.arnd variable. */ | 68 | /* Previous releases used sysctl(3)'s kern.arnd variable. */ |
61 | { SYS___sysctl, SYSTR_POLICY_PERMIT }, | 69 | { SYS___sysctl, SYSTR_POLICY_PERMIT }, |
62 | #endif | 70 | #endif |
63 | { SYS_getpid, SYSTR_POLICY_PERMIT }, | 71 | #ifdef SYS_sendsyslog |
64 | { SYS_getpgid, SYSTR_POLICY_PERMIT }, | 72 | { SYS_sendsyslog, SYSTR_POLICY_PERMIT }, |
65 | { SYS_gettimeofday, SYSTR_POLICY_PERMIT }, | ||
66 | #ifdef SYS_kbind | ||
67 | { SYS_kbind, SYSTR_POLICY_PERMIT }, | ||
68 | #endif | 73 | #endif |
74 | |||
69 | { SYS_madvise, SYSTR_POLICY_PERMIT }, | 75 | { SYS_madvise, SYSTR_POLICY_PERMIT }, |
70 | { SYS_mmap, SYSTR_POLICY_PERMIT }, | 76 | { SYS_mmap, SYSTR_POLICY_PERMIT }, |
71 | { SYS_mprotect, SYSTR_POLICY_PERMIT }, | 77 | { SYS_mprotect, SYSTR_POLICY_PERMIT }, |
72 | { SYS_mquery, SYSTR_POLICY_PERMIT }, | 78 | { SYS_mquery, SYSTR_POLICY_PERMIT }, |
73 | { SYS_munmap, SYSTR_POLICY_PERMIT }, | 79 | { SYS_munmap, SYSTR_POLICY_PERMIT }, |
74 | { SYS_open, SYSTR_POLICY_NEVER }, | 80 | |
75 | { SYS_poll, SYSTR_POLICY_PERMIT }, | 81 | { SYS_poll, SYSTR_POLICY_PERMIT }, |
76 | { SYS_read, SYSTR_POLICY_PERMIT }, | ||
77 | { SYS_select, SYSTR_POLICY_PERMIT }, | 82 | { SYS_select, SYSTR_POLICY_PERMIT }, |
78 | #ifdef SYS_sendsyslog | 83 | { SYS_read, SYSTR_POLICY_PERMIT }, |
79 | { SYS_sendsyslog, SYSTR_POLICY_PERMIT }, | ||
80 | #endif | ||
81 | { SYS_shutdown, SYSTR_POLICY_PERMIT }, | ||
82 | { SYS_sigprocmask, SYSTR_POLICY_PERMIT }, | ||
83 | { SYS_write, SYSTR_POLICY_PERMIT }, | 84 | { SYS_write, SYSTR_POLICY_PERMIT }, |
85 | { SYS_shutdown, SYSTR_POLICY_PERMIT }, | ||
86 | { SYS_close, SYSTR_POLICY_PERMIT }, | ||
87 | |||
88 | { SYS_open, SYSTR_POLICY_NEVER }, | ||
89 | |||
84 | { -1, -1 } | 90 | { -1, -1 } |
85 | }; | 91 | }; |
86 | 92 | ||
@@ -72,6 +72,7 @@ DESCRIPTION | |||
72 | CanonicalizeHostname | 72 | CanonicalizeHostname |
73 | CanonicalizeMaxDots | 73 | CanonicalizeMaxDots |
74 | CanonicalizePermittedCNAMEs | 74 | CanonicalizePermittedCNAMEs |
75 | CertificateFile | ||
75 | ChallengeResponseAuthentication | 76 | ChallengeResponseAuthentication |
76 | CheckHostIP | 77 | CheckHostIP |
77 | Cipher | 78 | Cipher |
@@ -162,4 +163,4 @@ AUTHORS | |||
162 | Timo Rinne <tri@iki.fi> | 163 | Timo Rinne <tri@iki.fi> |
163 | Tatu Ylonen <ylo@cs.hut.fi> | 164 | Tatu Ylonen <ylo@cs.hut.fi> |
164 | 165 | ||
165 | OpenBSD 5.8 July 10, 2015 OpenBSD 5.8 | 166 | OpenBSD 5.9 September 25, 2015 OpenBSD 5.9 |
@@ -8,9 +8,9 @@ | |||
8 | .\" | 8 | .\" |
9 | .\" Created: Sun May 7 00:14:37 1995 ylo | 9 | .\" Created: Sun May 7 00:14:37 1995 ylo |
10 | .\" | 10 | .\" |
11 | .\" $OpenBSD: scp.1,v 1.67 2015/07/10 06:21:53 markus Exp $ | 11 | .\" $OpenBSD: scp.1,v 1.68 2015/09/25 18:19:54 jmc Exp $ |
12 | .\" | 12 | .\" |
13 | .Dd $Mdocdate: July 10 2015 $ | 13 | .Dd $Mdocdate: September 25 2015 $ |
14 | .Dt SCP 1 | 14 | .Dt SCP 1 |
15 | .Os | 15 | .Os |
16 | .Sh NAME | 16 | .Sh NAME |
@@ -133,6 +133,7 @@ For full details of the options listed below, and their possible values, see | |||
133 | .It CanonicalizeHostname | 133 | .It CanonicalizeHostname |
134 | .It CanonicalizeMaxDots | 134 | .It CanonicalizeMaxDots |
135 | .It CanonicalizePermittedCNAMEs | 135 | .It CanonicalizePermittedCNAMEs |
136 | .It CertificateFile | ||
136 | .It ChallengeResponseAuthentication | 137 | .It ChallengeResponseAuthentication |
137 | .It CheckHostIP | 138 | .It CheckHostIP |
138 | .It Cipher | 139 | .It Cipher |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: scp.c,v 1.182 2015/04/24 01:36:00 deraadt Exp $ */ | 1 | /* $OpenBSD: scp.c,v 1.184 2015/11/27 00:49:31 deraadt Exp $ */ |
2 | /* | 2 | /* |
3 | * scp - secure remote copy. This is basically patched BSD rcp which | 3 | * scp - secure remote copy. This is basically patched BSD rcp which |
4 | * uses ssh to do the data transfer (instead of using rcmd). | 4 | * uses ssh to do the data transfer (instead of using rcmd). |
@@ -492,6 +492,16 @@ main(int argc, char **argv) | |||
492 | if (!isatty(STDOUT_FILENO)) | 492 | if (!isatty(STDOUT_FILENO)) |
493 | showprogress = 0; | 493 | showprogress = 0; |
494 | 494 | ||
495 | if (pflag) { | ||
496 | /* Cannot pledge: -p allows setuid/setgid files... */ | ||
497 | } else { | ||
498 | if (pledge("stdio rpath wpath cpath fattr tty proc exec", | ||
499 | NULL) == -1) { | ||
500 | perror("pledge"); | ||
501 | exit(1); | ||
502 | } | ||
503 | } | ||
504 | |||
495 | remin = STDIN_FILENO; | 505 | remin = STDIN_FILENO; |
496 | remout = STDOUT_FILENO; | 506 | remout = STDOUT_FILENO; |
497 | 507 | ||
@@ -874,7 +884,7 @@ rsource(char *name, struct stat *statp) | |||
874 | return; | 884 | return; |
875 | } | 885 | } |
876 | last = strrchr(name, '/'); | 886 | last = strrchr(name, '/'); |
877 | if (last == 0) | 887 | if (last == NULL) |
878 | last = name; | 888 | last = name; |
879 | else | 889 | else |
880 | last++; | 890 | last++; |
diff --git a/servconf.c b/servconf.c index a778f44e9..8ca9695a2 100644 --- a/servconf.c +++ b/servconf.c | |||
@@ -1,5 +1,5 @@ | |||
1 | 1 | ||
2 | /* $OpenBSD: servconf.c,v 1.280 2015/08/06 14:53:21 deraadt Exp $ */ | 2 | /* $OpenBSD: servconf.c,v 1.285 2016/02/17 05:29:04 djm Exp $ */ |
3 | /* | 3 | /* |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
5 | * All rights reserved | 5 | * All rights reserved |
@@ -181,6 +181,20 @@ option_clear_or_none(const char *o) | |||
181 | return o == NULL || strcasecmp(o, "none") == 0; | 181 | return o == NULL || strcasecmp(o, "none") == 0; |
182 | } | 182 | } |
183 | 183 | ||
184 | static void | ||
185 | assemble_algorithms(ServerOptions *o) | ||
186 | { | ||
187 | if (kex_assemble_names(KEX_SERVER_ENCRYPT, &o->ciphers) != 0 || | ||
188 | kex_assemble_names(KEX_SERVER_MAC, &o->macs) != 0 || | ||
189 | kex_assemble_names(KEX_SERVER_KEX, &o->kex_algorithms) != 0 || | ||
190 | kex_assemble_names(KEX_DEFAULT_PK_ALG, | ||
191 | &o->hostkeyalgorithms) != 0 || | ||
192 | kex_assemble_names(KEX_DEFAULT_PK_ALG, | ||
193 | &o->hostbased_key_types) != 0 || | ||
194 | kex_assemble_names(KEX_DEFAULT_PK_ALG, &o->pubkey_key_types) != 0) | ||
195 | fatal("kex_assemble_names failed"); | ||
196 | } | ||
197 | |||
184 | void | 198 | void |
185 | fill_default_server_options(ServerOptions *options) | 199 | fill_default_server_options(ServerOptions *options) |
186 | { | 200 | { |
@@ -262,8 +276,6 @@ fill_default_server_options(ServerOptions *options) | |||
262 | options->hostbased_authentication = 0; | 276 | options->hostbased_authentication = 0; |
263 | if (options->hostbased_uses_name_from_packet_only == -1) | 277 | if (options->hostbased_uses_name_from_packet_only == -1) |
264 | options->hostbased_uses_name_from_packet_only = 0; | 278 | options->hostbased_uses_name_from_packet_only = 0; |
265 | if (options->hostkeyalgorithms == NULL) | ||
266 | options->hostkeyalgorithms = xstrdup(KEX_DEFAULT_PK_ALG); | ||
267 | if (options->rsa_authentication == -1) | 279 | if (options->rsa_authentication == -1) |
268 | options->rsa_authentication = 1; | 280 | options->rsa_authentication = 1; |
269 | if (options->pubkey_authentication == -1) | 281 | if (options->pubkey_authentication == -1) |
@@ -351,18 +363,11 @@ fill_default_server_options(ServerOptions *options) | |||
351 | if (options->debian_banner == -1) | 363 | if (options->debian_banner == -1) |
352 | options->debian_banner = 1; | 364 | options->debian_banner = 1; |
353 | 365 | ||
354 | if (kex_assemble_names(KEX_SERVER_ENCRYPT, &options->ciphers) != 0 || | 366 | assemble_algorithms(options); |
355 | kex_assemble_names(KEX_SERVER_MAC, &options->macs) != 0 || | ||
356 | kex_assemble_names(KEX_SERVER_KEX, &options->kex_algorithms) != 0 || | ||
357 | kex_assemble_names(KEX_DEFAULT_PK_ALG, | ||
358 | &options->hostbased_key_types) != 0 || | ||
359 | kex_assemble_names(KEX_DEFAULT_PK_ALG, | ||
360 | &options->pubkey_key_types) != 0) | ||
361 | fatal("%s: kex_assemble_names failed", __func__); | ||
362 | 367 | ||
363 | /* Turn privilege separation on by default */ | 368 | /* Turn privilege separation and sandboxing on by default */ |
364 | if (use_privsep == -1) | 369 | if (use_privsep == -1) |
365 | use_privsep = PRIVSEP_NOSANDBOX; | 370 | use_privsep = PRIVSEP_ON; |
366 | 371 | ||
367 | #define CLEAR_ON_NONE(v) \ | 372 | #define CLEAR_ON_NONE(v) \ |
368 | do { \ | 373 | do { \ |
@@ -377,6 +382,8 @@ fill_default_server_options(ServerOptions *options) | |||
377 | CLEAR_ON_NONE(options->trusted_user_ca_keys); | 382 | CLEAR_ON_NONE(options->trusted_user_ca_keys); |
378 | CLEAR_ON_NONE(options->revoked_keys_file); | 383 | CLEAR_ON_NONE(options->revoked_keys_file); |
379 | CLEAR_ON_NONE(options->authorized_principals_file); | 384 | CLEAR_ON_NONE(options->authorized_principals_file); |
385 | CLEAR_ON_NONE(options->adm_forced_command); | ||
386 | CLEAR_ON_NONE(options->chroot_directory); | ||
380 | for (i = 0; i < options->num_host_key_files; i++) | 387 | for (i = 0; i < options->num_host_key_files; i++) |
381 | CLEAR_ON_NONE(options->host_key_files[i]); | 388 | CLEAR_ON_NONE(options->host_key_files[i]); |
382 | for (i = 0; i < options->num_host_cert_files; i++) | 389 | for (i = 0; i < options->num_host_cert_files; i++) |
@@ -518,7 +525,11 @@ static struct { | |||
518 | { "listenaddress", sListenAddress, SSHCFG_GLOBAL }, | 525 | { "listenaddress", sListenAddress, SSHCFG_GLOBAL }, |
519 | { "addressfamily", sAddressFamily, SSHCFG_GLOBAL }, | 526 | { "addressfamily", sAddressFamily, SSHCFG_GLOBAL }, |
520 | { "printmotd", sPrintMotd, SSHCFG_GLOBAL }, | 527 | { "printmotd", sPrintMotd, SSHCFG_GLOBAL }, |
528 | #ifdef DISABLE_LASTLOG | ||
529 | { "printlastlog", sUnsupported, SSHCFG_GLOBAL }, | ||
530 | #else | ||
521 | { "printlastlog", sPrintLastLog, SSHCFG_GLOBAL }, | 531 | { "printlastlog", sPrintLastLog, SSHCFG_GLOBAL }, |
532 | #endif | ||
522 | { "ignorerhosts", sIgnoreRhosts, SSHCFG_GLOBAL }, | 533 | { "ignorerhosts", sIgnoreRhosts, SSHCFG_GLOBAL }, |
523 | { "ignoreuserknownhosts", sIgnoreUserKnownHosts, SSHCFG_GLOBAL }, | 534 | { "ignoreuserknownhosts", sIgnoreUserKnownHosts, SSHCFG_GLOBAL }, |
524 | { "x11forwarding", sX11Forwarding, SSHCFG_ALL }, | 535 | { "x11forwarding", sX11Forwarding, SSHCFG_ALL }, |
@@ -1348,16 +1359,12 @@ process_server_config_line(ServerOptions *options, char *line, | |||
1348 | if (scan_scaled(arg, &val64) == -1) | 1359 | if (scan_scaled(arg, &val64) == -1) |
1349 | fatal("%.200s line %d: Bad number '%s': %s", | 1360 | fatal("%.200s line %d: Bad number '%s': %s", |
1350 | filename, linenum, arg, strerror(errno)); | 1361 | filename, linenum, arg, strerror(errno)); |
1351 | /* check for too-large or too-small limits */ | ||
1352 | if (val64 > UINT_MAX) | ||
1353 | fatal("%.200s line %d: RekeyLimit too large", | ||
1354 | filename, linenum); | ||
1355 | if (val64 != 0 && val64 < 16) | 1362 | if (val64 != 0 && val64 < 16) |
1356 | fatal("%.200s line %d: RekeyLimit too small", | 1363 | fatal("%.200s line %d: RekeyLimit too small", |
1357 | filename, linenum); | 1364 | filename, linenum); |
1358 | } | 1365 | } |
1359 | if (*activep && options->rekey_limit == -1) | 1366 | if (*activep && options->rekey_limit == -1) |
1360 | options->rekey_limit = (u_int32_t)val64; | 1367 | options->rekey_limit = val64; |
1361 | if (cp != NULL) { /* optional rekey interval present */ | 1368 | if (cp != NULL) { /* optional rekey interval present */ |
1362 | if (strcmp(cp, "none") == 0) { | 1369 | if (strcmp(cp, "none") == 0) { |
1363 | (void)strdelim(&cp); /* discard */ | 1370 | (void)strdelim(&cp); /* discard */ |
@@ -2048,6 +2055,9 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) | |||
2048 | /* See comment in servconf.h */ | 2055 | /* See comment in servconf.h */ |
2049 | COPY_MATCH_STRING_OPTS(); | 2056 | COPY_MATCH_STRING_OPTS(); |
2050 | 2057 | ||
2058 | /* Arguments that accept '+...' need to be expanded */ | ||
2059 | assemble_algorithms(dst); | ||
2060 | |||
2051 | /* | 2061 | /* |
2052 | * The only things that should be below this point are string options | 2062 | * The only things that should be below this point are string options |
2053 | * which are only used after authentication. | 2063 | * which are only used after authentication. |
@@ -2055,8 +2065,17 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) | |||
2055 | if (preauth) | 2065 | if (preauth) |
2056 | return; | 2066 | return; |
2057 | 2067 | ||
2068 | /* These options may be "none" to clear a global setting */ | ||
2058 | M_CP_STROPT(adm_forced_command); | 2069 | M_CP_STROPT(adm_forced_command); |
2070 | if (option_clear_or_none(dst->adm_forced_command)) { | ||
2071 | free(dst->adm_forced_command); | ||
2072 | dst->adm_forced_command = NULL; | ||
2073 | } | ||
2059 | M_CP_STROPT(chroot_directory); | 2074 | M_CP_STROPT(chroot_directory); |
2075 | if (option_clear_or_none(dst->chroot_directory)) { | ||
2076 | free(dst->chroot_directory); | ||
2077 | dst->chroot_directory = NULL; | ||
2078 | } | ||
2060 | } | 2079 | } |
2061 | 2080 | ||
2062 | #undef M_CP_INTOPT | 2081 | #undef M_CP_INTOPT |
@@ -2290,7 +2309,9 @@ dump_config(ServerOptions *o) | |||
2290 | dump_cfg_fmtint(sChallengeResponseAuthentication, | 2309 | dump_cfg_fmtint(sChallengeResponseAuthentication, |
2291 | o->challenge_response_authentication); | 2310 | o->challenge_response_authentication); |
2292 | dump_cfg_fmtint(sPrintMotd, o->print_motd); | 2311 | dump_cfg_fmtint(sPrintMotd, o->print_motd); |
2312 | #ifndef DISABLE_LASTLOG | ||
2293 | dump_cfg_fmtint(sPrintLastLog, o->print_lastlog); | 2313 | dump_cfg_fmtint(sPrintLastLog, o->print_lastlog); |
2314 | #endif | ||
2294 | dump_cfg_fmtint(sX11Forwarding, o->x11_forwarding); | 2315 | dump_cfg_fmtint(sX11Forwarding, o->x11_forwarding); |
2295 | dump_cfg_fmtint(sX11UseLocalhost, o->x11_use_localhost); | 2316 | dump_cfg_fmtint(sX11UseLocalhost, o->x11_use_localhost); |
2296 | dump_cfg_fmtint(sPermitTTY, o->permit_tty); | 2317 | dump_cfg_fmtint(sPermitTTY, o->permit_tty); |
@@ -2374,7 +2395,7 @@ dump_config(ServerOptions *o) | |||
2374 | printf("ipqos %s ", iptos2str(o->ip_qos_interactive)); | 2395 | printf("ipqos %s ", iptos2str(o->ip_qos_interactive)); |
2375 | printf("%s\n", iptos2str(o->ip_qos_bulk)); | 2396 | printf("%s\n", iptos2str(o->ip_qos_bulk)); |
2376 | 2397 | ||
2377 | printf("rekeylimit %lld %d\n", (long long)o->rekey_limit, | 2398 | printf("rekeylimit %llu %d\n", (unsigned long long)o->rekey_limit, |
2378 | o->rekey_interval); | 2399 | o->rekey_interval); |
2379 | 2400 | ||
2380 | channel_print_adm_permitted_opens(); | 2401 | channel_print_adm_permitted_opens(); |
diff --git a/serverloop.c b/serverloop.c index 68f0251a1..830f88562 100644 --- a/serverloop.c +++ b/serverloop.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: serverloop.c,v 1.178 2015/02/20 22:17:21 djm Exp $ */ | 1 | /* $OpenBSD: serverloop.c,v 1.182 2016/02/08 10:57:07 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -78,7 +78,6 @@ | |||
78 | #include "dispatch.h" | 78 | #include "dispatch.h" |
79 | #include "auth-options.h" | 79 | #include "auth-options.h" |
80 | #include "serverloop.h" | 80 | #include "serverloop.h" |
81 | #include "roaming.h" | ||
82 | #include "ssherr.h" | 81 | #include "ssherr.h" |
83 | 82 | ||
84 | extern ServerOptions options; | 83 | extern ServerOptions options; |
@@ -399,11 +398,8 @@ process_input(fd_set *readset) | |||
399 | 398 | ||
400 | /* Read and buffer any input data from the client. */ | 399 | /* Read and buffer any input data from the client. */ |
401 | if (FD_ISSET(connection_in, readset)) { | 400 | if (FD_ISSET(connection_in, readset)) { |
402 | int cont = 0; | 401 | len = read(connection_in, buf, sizeof(buf)); |
403 | len = roaming_read(connection_in, buf, sizeof(buf), &cont); | ||
404 | if (len == 0) { | 402 | if (len == 0) { |
405 | if (cont) | ||
406 | return; | ||
407 | verbose("Connection closed by %.100s", | 403 | verbose("Connection closed by %.100s", |
408 | get_remote_ipaddr()); | 404 | get_remote_ipaddr()); |
409 | connection_closed = 1; | 405 | connection_closed = 1; |
@@ -824,7 +820,7 @@ void | |||
824 | server_loop2(Authctxt *authctxt) | 820 | server_loop2(Authctxt *authctxt) |
825 | { | 821 | { |
826 | fd_set *readset = NULL, *writeset = NULL; | 822 | fd_set *readset = NULL, *writeset = NULL; |
827 | int rekeying = 0, max_fd; | 823 | int max_fd; |
828 | u_int nalloc = 0; | 824 | u_int nalloc = 0; |
829 | u_int64_t rekey_timeout_ms = 0; | 825 | u_int64_t rekey_timeout_ms = 0; |
830 | 826 | ||
@@ -851,11 +847,11 @@ server_loop2(Authctxt *authctxt) | |||
851 | for (;;) { | 847 | for (;;) { |
852 | process_buffered_input_packets(); | 848 | process_buffered_input_packets(); |
853 | 849 | ||
854 | rekeying = (active_state->kex != NULL && !active_state->kex->done); | 850 | if (!ssh_packet_is_rekeying(active_state) && |
855 | 851 | packet_not_very_much_data_to_write()) | |
856 | if (!rekeying && packet_not_very_much_data_to_write()) | ||
857 | channel_output_poll(); | 852 | channel_output_poll(); |
858 | if (options.rekey_interval > 0 && compat20 && !rekeying) | 853 | if (options.rekey_interval > 0 && compat20 && |
854 | !ssh_packet_is_rekeying(active_state)) | ||
859 | rekey_timeout_ms = packet_get_rekey_timeout() * 1000; | 855 | rekey_timeout_ms = packet_get_rekey_timeout() * 1000; |
860 | else | 856 | else |
861 | rekey_timeout_ms = 0; | 857 | rekey_timeout_ms = 0; |
@@ -870,14 +866,8 @@ server_loop2(Authctxt *authctxt) | |||
870 | } | 866 | } |
871 | 867 | ||
872 | collect_children(); | 868 | collect_children(); |
873 | if (!rekeying) { | 869 | if (!ssh_packet_is_rekeying(active_state)) |
874 | channel_after_select(readset, writeset); | 870 | channel_after_select(readset, writeset); |
875 | if (packet_need_rekeying()) { | ||
876 | debug("need rekeying"); | ||
877 | active_state->kex->done = 0; | ||
878 | kex_send_kexinit(active_state); | ||
879 | } | ||
880 | } | ||
881 | process_input(readset); | 871 | process_input(readset); |
882 | if (connection_closed) | 872 | if (connection_closed) |
883 | break; | 873 | break; |
@@ -1201,7 +1191,7 @@ server_input_hostkeys_prove(struct sshbuf **respp) | |||
1201 | ssh->kex->session_id, ssh->kex->session_id_len)) != 0 || | 1191 | ssh->kex->session_id, ssh->kex->session_id_len)) != 0 || |
1202 | (r = sshkey_puts(key, sigbuf)) != 0 || | 1192 | (r = sshkey_puts(key, sigbuf)) != 0 || |
1203 | (r = ssh->kex->sign(key_prv, key_pub, &sig, &slen, | 1193 | (r = ssh->kex->sign(key_prv, key_pub, &sig, &slen, |
1204 | sshbuf_ptr(sigbuf), sshbuf_len(sigbuf), 0)) != 0 || | 1194 | sshbuf_ptr(sigbuf), sshbuf_len(sigbuf), NULL, 0)) != 0 || |
1205 | (r = sshbuf_put_string(resp, sig, slen)) != 0) { | 1195 | (r = sshbuf_put_string(resp, sig, slen)) != 0) { |
1206 | error("%s: couldn't prepare signature: %s", | 1196 | error("%s: couldn't prepare signature: %s", |
1207 | __func__, ssh_err(r)); | 1197 | __func__, ssh_err(r)); |
@@ -1265,7 +1255,8 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt) | |||
1265 | free(fwd.listen_host); | 1255 | free(fwd.listen_host); |
1266 | if ((resp = sshbuf_new()) == NULL) | 1256 | if ((resp = sshbuf_new()) == NULL) |
1267 | fatal("%s: sshbuf_new", __func__); | 1257 | fatal("%s: sshbuf_new", __func__); |
1268 | if ((r = sshbuf_put_u32(resp, allocated_listen_port)) != 0) | 1258 | if (allocated_listen_port != 0 && |
1259 | (r = sshbuf_put_u32(resp, allocated_listen_port)) != 0) | ||
1269 | fatal("%s: sshbuf_put_u32: %s", __func__, ssh_err(r)); | 1260 | fatal("%s: sshbuf_put_u32: %s", __func__, ssh_err(r)); |
1270 | } else if (strcmp(rtype, "cancel-tcpip-forward") == 0) { | 1261 | } else if (strcmp(rtype, "cancel-tcpip-forward") == 0) { |
1271 | struct Forward fwd; | 1262 | struct Forward fwd; |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: session.c,v 1.278 2015/04/24 01:36:00 deraadt Exp $ */ | 1 | /* $OpenBSD: session.c,v 1.280 2016/02/16 03:37:48 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
4 | * All rights reserved | 4 | * All rights reserved |
@@ -160,6 +160,7 @@ login_cap_t *lc; | |||
160 | #endif | 160 | #endif |
161 | 161 | ||
162 | static int is_child = 0; | 162 | static int is_child = 0; |
163 | static int in_chroot = 0; | ||
163 | 164 | ||
164 | /* Name and directory of socket for authentication agent forwarding. */ | 165 | /* Name and directory of socket for authentication agent forwarding. */ |
165 | static char *auth_sock_name = NULL; | 166 | static char *auth_sock_name = NULL; |
@@ -778,8 +779,8 @@ int | |||
778 | do_exec(Session *s, const char *command) | 779 | do_exec(Session *s, const char *command) |
779 | { | 780 | { |
780 | int ret; | 781 | int ret; |
781 | const char *forced = NULL; | 782 | const char *forced = NULL, *tty = NULL; |
782 | char session_type[1024], *tty = NULL; | 783 | char session_type[1024]; |
783 | 784 | ||
784 | if (options.adm_forced_command) { | 785 | if (options.adm_forced_command) { |
785 | original_command = command; | 786 | original_command = command; |
@@ -814,13 +815,14 @@ do_exec(Session *s, const char *command) | |||
814 | tty += 5; | 815 | tty += 5; |
815 | } | 816 | } |
816 | 817 | ||
817 | verbose("Starting session: %s%s%s for %s from %.200s port %d", | 818 | verbose("Starting session: %s%s%s for %s from %.200s port %d id %d", |
818 | session_type, | 819 | session_type, |
819 | tty == NULL ? "" : " on ", | 820 | tty == NULL ? "" : " on ", |
820 | tty == NULL ? "" : tty, | 821 | tty == NULL ? "" : tty, |
821 | s->pw->pw_name, | 822 | s->pw->pw_name, |
822 | get_remote_ipaddr(), | 823 | get_remote_ipaddr(), |
823 | get_remote_port()); | 824 | get_remote_port(), |
825 | s->self); | ||
824 | 826 | ||
825 | #ifdef SSH_AUDIT_EVENTS | 827 | #ifdef SSH_AUDIT_EVENTS |
826 | if (command != NULL) | 828 | if (command != NULL) |
@@ -1490,9 +1492,6 @@ void | |||
1490 | do_setusercontext(struct passwd *pw, const char *role) | 1492 | do_setusercontext(struct passwd *pw, const char *role) |
1491 | { | 1493 | { |
1492 | char *chroot_path, *tmp; | 1494 | char *chroot_path, *tmp; |
1493 | #ifdef USE_LIBIAF | ||
1494 | int doing_chroot = 0; | ||
1495 | #endif | ||
1496 | 1495 | ||
1497 | platform_setusercontext(pw); | 1496 | platform_setusercontext(pw); |
1498 | 1497 | ||
@@ -1520,7 +1519,7 @@ do_setusercontext(struct passwd *pw, const char *role) | |||
1520 | 1519 | ||
1521 | platform_setusercontext_post_groups(pw, role); | 1520 | platform_setusercontext_post_groups(pw, role); |
1522 | 1521 | ||
1523 | if (options.chroot_directory != NULL && | 1522 | if (!in_chroot && options.chroot_directory != NULL && |
1524 | strcasecmp(options.chroot_directory, "none") != 0) { | 1523 | strcasecmp(options.chroot_directory, "none") != 0) { |
1525 | tmp = tilde_expand_filename(options.chroot_directory, | 1524 | tmp = tilde_expand_filename(options.chroot_directory, |
1526 | pw->pw_uid); | 1525 | pw->pw_uid); |
@@ -1532,9 +1531,7 @@ do_setusercontext(struct passwd *pw, const char *role) | |||
1532 | /* Make sure we don't attempt to chroot again */ | 1531 | /* Make sure we don't attempt to chroot again */ |
1533 | free(options.chroot_directory); | 1532 | free(options.chroot_directory); |
1534 | options.chroot_directory = NULL; | 1533 | options.chroot_directory = NULL; |
1535 | #ifdef USE_LIBIAF | 1534 | in_chroot = 1; |
1536 | doing_chroot = 1; | ||
1537 | #endif | ||
1538 | } | 1535 | } |
1539 | 1536 | ||
1540 | #ifdef HAVE_LOGIN_CAP | 1537 | #ifdef HAVE_LOGIN_CAP |
@@ -1549,16 +1546,16 @@ do_setusercontext(struct passwd *pw, const char *role) | |||
1549 | (void) setusercontext(lc, pw, pw->pw_uid, LOGIN_SETUMASK); | 1546 | (void) setusercontext(lc, pw, pw->pw_uid, LOGIN_SETUMASK); |
1550 | #else | 1547 | #else |
1551 | # ifdef USE_LIBIAF | 1548 | # ifdef USE_LIBIAF |
1552 | /* In a chroot environment, the set_id() will always fail; typically | 1549 | /* |
1553 | * because of the lack of necessary authentication services and runtime | 1550 | * In a chroot environment, the set_id() will always fail; |
1554 | * such as ./usr/lib/libiaf.so, ./usr/lib/libpam.so.1, and ./etc/passwd | 1551 | * typically because of the lack of necessary authentication |
1555 | * We skip it in the internal sftp chroot case. | 1552 | * services and runtime such as ./usr/lib/libiaf.so, |
1556 | * We'll lose auditing and ACLs but permanently_set_uid will | 1553 | * ./usr/lib/libpam.so.1, and ./etc/passwd We skip it in the |
1557 | * take care of the rest. | 1554 | * internal sftp chroot case. We'll lose auditing and ACLs but |
1558 | */ | 1555 | * permanently_set_uid will take care of the rest. |
1559 | if ((doing_chroot == 0) && set_id(pw->pw_name) != 0) { | 1556 | */ |
1560 | fatal("set_id(%s) Failed", pw->pw_name); | 1557 | if (!in_chroot && set_id(pw->pw_name) != 0) |
1561 | } | 1558 | fatal("set_id(%s) Failed", pw->pw_name); |
1562 | # endif /* USE_LIBIAF */ | 1559 | # endif /* USE_LIBIAF */ |
1563 | /* Permanently switch to the desired uid. */ | 1560 | /* Permanently switch to the desired uid. */ |
1564 | permanently_set_uid(pw); | 1561 | permanently_set_uid(pw); |
@@ -1790,11 +1787,11 @@ do_child(Session *s, const char *command) | |||
1790 | #ifdef HAVE_LOGIN_CAP | 1787 | #ifdef HAVE_LOGIN_CAP |
1791 | r = login_getcapbool(lc, "requirehome", 0); | 1788 | r = login_getcapbool(lc, "requirehome", 0); |
1792 | #endif | 1789 | #endif |
1793 | if (r || options.chroot_directory == NULL || | 1790 | if (r || !in_chroot) { |
1794 | strcasecmp(options.chroot_directory, "none") == 0) | ||
1795 | fprintf(stderr, "Could not chdir to home " | 1791 | fprintf(stderr, "Could not chdir to home " |
1796 | "directory %s: %s\n", pw->pw_dir, | 1792 | "directory %s: %s\n", pw->pw_dir, |
1797 | strerror(errno)); | 1793 | strerror(errno)); |
1794 | } | ||
1798 | if (r) | 1795 | if (r) |
1799 | exit(1); | 1796 | exit(1); |
1800 | } | 1797 | } |
@@ -2503,7 +2500,12 @@ session_close(Session *s) | |||
2503 | { | 2500 | { |
2504 | u_int i; | 2501 | u_int i; |
2505 | 2502 | ||
2506 | debug("session_close: session %d pid %ld", s->self, (long)s->pid); | 2503 | verbose("Close session: user %s from %.200s port %d id %d", |
2504 | s->pw->pw_name, | ||
2505 | get_remote_ipaddr(), | ||
2506 | get_remote_port(), | ||
2507 | s->self); | ||
2508 | |||
2507 | if (s->ttyfd != -1) | 2509 | if (s->ttyfd != -1) |
2508 | session_pty_cleanup(s); | 2510 | session_pty_cleanup(s); |
2509 | free(s->term); | 2511 | free(s->term); |
diff --git a/sftp-client.c b/sftp-client.c index 5dbeb47c0..d49bfaaba 100644 --- a/sftp-client.c +++ b/sftp-client.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sftp-client.c,v 1.120 2015/05/28 04:50:53 djm Exp $ */ | 1 | /* $OpenBSD: sftp-client.c,v 1.121 2016/02/11 02:21:34 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org> | 3 | * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org> |
4 | * | 4 | * |
@@ -1760,7 +1760,7 @@ do_upload(struct sftp_conn *conn, const char *local_path, | |||
1760 | if (fsync_flag) | 1760 | if (fsync_flag) |
1761 | (void)do_fsync(conn, handle, handle_len); | 1761 | (void)do_fsync(conn, handle, handle_len); |
1762 | 1762 | ||
1763 | if (do_close(conn, handle, handle_len) != SSH2_FX_OK) | 1763 | if (do_close(conn, handle, handle_len) != 0) |
1764 | status = SSH2_FX_FAILURE; | 1764 | status = SSH2_FX_FAILURE; |
1765 | 1765 | ||
1766 | free(handle); | 1766 | free(handle); |
@@ -1773,12 +1773,11 @@ upload_dir_internal(struct sftp_conn *conn, const char *src, const char *dst, | |||
1773 | int depth, int preserve_flag, int print_flag, int resume, int fsync_flag) | 1773 | int depth, int preserve_flag, int print_flag, int resume, int fsync_flag) |
1774 | { | 1774 | { |
1775 | int ret = 0; | 1775 | int ret = 0; |
1776 | u_int status; | ||
1777 | DIR *dirp; | 1776 | DIR *dirp; |
1778 | struct dirent *dp; | 1777 | struct dirent *dp; |
1779 | char *filename, *new_src, *new_dst; | 1778 | char *filename, *new_src, *new_dst; |
1780 | struct stat sb; | 1779 | struct stat sb; |
1781 | Attrib a; | 1780 | Attrib a, *dirattrib; |
1782 | 1781 | ||
1783 | if (depth >= MAX_DIR_DEPTH) { | 1782 | if (depth >= MAX_DIR_DEPTH) { |
1784 | error("Maximum directory depth exceeded: %d levels", depth); | 1783 | error("Maximum directory depth exceeded: %d levels", depth); |
@@ -1805,17 +1804,18 @@ upload_dir_internal(struct sftp_conn *conn, const char *src, const char *dst, | |||
1805 | if (!preserve_flag) | 1804 | if (!preserve_flag) |
1806 | a.flags &= ~SSH2_FILEXFER_ATTR_ACMODTIME; | 1805 | a.flags &= ~SSH2_FILEXFER_ATTR_ACMODTIME; |
1807 | 1806 | ||
1808 | status = do_mkdir(conn, dst, &a, 0); | ||
1809 | /* | 1807 | /* |
1810 | * we lack a portable status for errno EEXIST, | 1808 | * sftp lacks a portable status value to match errno EEXIST, |
1811 | * so if we get a SSH2_FX_FAILURE back we must check | 1809 | * so if we get a failure back then we must check whether |
1812 | * if it was created successfully. | 1810 | * the path already existed and is a directory. |
1813 | */ | 1811 | */ |
1814 | if (status != SSH2_FX_OK) { | 1812 | if (do_mkdir(conn, dst, &a, 0) != 0) { |
1815 | if (status != SSH2_FX_FAILURE) | 1813 | if ((dirattrib = do_stat(conn, dst, 0)) == NULL) |
1816 | return -1; | 1814 | return -1; |
1817 | if (do_stat(conn, dst, 0) == NULL) | 1815 | if (!S_ISDIR(dirattrib->perm)) { |
1816 | error("\"%s\" exists but is not a directory", dst); | ||
1818 | return -1; | 1817 | return -1; |
1818 | } | ||
1819 | } | 1819 | } |
1820 | 1820 | ||
1821 | if ((dirp = opendir(src)) == NULL) { | 1821 | if ((dirp = opendir(src)) == NULL) { |
diff --git a/sftp-client.h b/sftp-client.h index f814b07d6..14a3b8182 100644 --- a/sftp-client.h +++ b/sftp-client.h | |||
@@ -21,6 +21,12 @@ | |||
21 | #ifndef _SFTP_CLIENT_H | 21 | #ifndef _SFTP_CLIENT_H |
22 | #define _SFTP_CLIENT_H | 22 | #define _SFTP_CLIENT_H |
23 | 23 | ||
24 | #ifdef USE_SYSTEM_GLOB | ||
25 | # include <glob.h> | ||
26 | #else | ||
27 | # include "openbsd-compat/glob.h" | ||
28 | #endif | ||
29 | |||
24 | typedef struct SFTP_DIRENT SFTP_DIRENT; | 30 | typedef struct SFTP_DIRENT SFTP_DIRENT; |
25 | 31 | ||
26 | struct SFTP_DIRENT { | 32 | struct SFTP_DIRENT { |
diff --git a/sftp-server-main.c b/sftp-server-main.c index 7e644ab89..c6ccd623e 100644 --- a/sftp-server-main.c +++ b/sftp-server-main.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sftp-server-main.c,v 1.4 2009/02/21 19:32:04 tobias Exp $ */ | 1 | /* $OpenBSD: sftp-server-main.c,v 1.5 2016/02/15 09:47:49 dtucker Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2008 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2008 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -26,6 +26,7 @@ | |||
26 | #include "log.h" | 26 | #include "log.h" |
27 | #include "sftp.h" | 27 | #include "sftp.h" |
28 | #include "misc.h" | 28 | #include "misc.h" |
29 | #include "xmalloc.h" | ||
29 | 30 | ||
30 | void | 31 | void |
31 | cleanup_exit(int i) | 32 | cleanup_exit(int i) |
@@ -38,6 +39,7 @@ main(int argc, char **argv) | |||
38 | { | 39 | { |
39 | struct passwd *user_pw; | 40 | struct passwd *user_pw; |
40 | 41 | ||
42 | ssh_malloc_init(); /* must be called before any mallocs */ | ||
41 | /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ | 43 | /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ |
42 | sanitise_stdfd(); | 44 | sanitise_stdfd(); |
43 | 45 | ||
diff --git a/sftp-server.0 b/sftp-server.0 index b971cef40..3b22ed2a0 100644 --- a/sftp-server.0 +++ b/sftp-server.0 | |||
@@ -93,4 +93,4 @@ HISTORY | |||
93 | AUTHORS | 93 | AUTHORS |
94 | Markus Friedl <markus@openbsd.org> | 94 | Markus Friedl <markus@openbsd.org> |
95 | 95 | ||
96 | OpenBSD 5.8 December 11, 2014 OpenBSD 5.8 | 96 | OpenBSD 5.9 December 11, 2014 OpenBSD 5.9 |
diff --git a/sftp-server.c b/sftp-server.c index eac11d7e6..e11a1b89b 100644 --- a/sftp-server.c +++ b/sftp-server.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sftp-server.c,v 1.107 2015/08/20 22:32:42 deraadt Exp $ */ | 1 | /* $OpenBSD: sftp-server.c,v 1.109 2016/02/15 09:47:49 dtucker Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000-2004 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000-2004 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -1513,6 +1513,7 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw) | |||
1513 | extern char *optarg; | 1513 | extern char *optarg; |
1514 | extern char *__progname; | 1514 | extern char *__progname; |
1515 | 1515 | ||
1516 | ssh_malloc_init(); /* must be called before any mallocs */ | ||
1516 | __progname = ssh_get_progname(argv[0]); | 1517 | __progname = ssh_get_progname(argv[0]); |
1517 | log_init(__progname, log_level, log_facility, log_stderr); | 1518 | log_init(__progname, log_level, log_facility, log_stderr); |
1518 | 1519 | ||
@@ -1598,6 +1599,9 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw) | |||
1598 | fatal("unable to make the process undumpable"); | 1599 | fatal("unable to make the process undumpable"); |
1599 | #endif /* defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE) */ | 1600 | #endif /* defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE) */ |
1600 | 1601 | ||
1602 | /* Drop any fine-grained privileges we don't need */ | ||
1603 | platform_pledge_sftp_server(); | ||
1604 | |||
1601 | if ((cp = getenv("SSH_CONNECTION")) != NULL) { | 1605 | if ((cp = getenv("SSH_CONNECTION")) != NULL) { |
1602 | client_addr = xstrdup(cp); | 1606 | client_addr = xstrdup(cp); |
1603 | if ((cp = strchr(client_addr, ' ')) == NULL) { | 1607 | if ((cp = strchr(client_addr, ' ')) == NULL) { |
@@ -1631,9 +1635,8 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw) | |||
1631 | if ((oqueue = sshbuf_new()) == NULL) | 1635 | if ((oqueue = sshbuf_new()) == NULL) |
1632 | fatal("%s: sshbuf_new failed", __func__); | 1636 | fatal("%s: sshbuf_new failed", __func__); |
1633 | 1637 | ||
1634 | set_size = howmany(max + 1, NFDBITS) * sizeof(fd_mask); | 1638 | rset = xcalloc(howmany(max + 1, NFDBITS), sizeof(fd_mask)); |
1635 | rset = xmalloc(set_size); | 1639 | wset = xcalloc(howmany(max + 1, NFDBITS), sizeof(fd_mask)); |
1636 | wset = xmalloc(set_size); | ||
1637 | 1640 | ||
1638 | if (homedir != NULL) { | 1641 | if (homedir != NULL) { |
1639 | if (chdir(homedir) != 0) { | 1642 | if (chdir(homedir) != 0) { |
@@ -1642,6 +1645,7 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw) | |||
1642 | } | 1645 | } |
1643 | } | 1646 | } |
1644 | 1647 | ||
1648 | set_size = howmany(max + 1, NFDBITS) * sizeof(fd_mask); | ||
1645 | for (;;) { | 1649 | for (;;) { |
1646 | memset(rset, 0, set_size); | 1650 | memset(rset, 0, set_size); |
1647 | memset(wset, 0, set_size); | 1651 | memset(wset, 0, set_size); |
@@ -108,6 +108,7 @@ DESCRIPTION | |||
108 | CanonicalizeHostname | 108 | CanonicalizeHostname |
109 | CanonicalizeMaxDots | 109 | CanonicalizeMaxDots |
110 | CanonicalizePermittedCNAMEs | 110 | CanonicalizePermittedCNAMEs |
111 | CertificateFile | ||
111 | ChallengeResponseAuthentication | 112 | ChallengeResponseAuthentication |
112 | CheckHostIP | 113 | CheckHostIP |
113 | Cipher | 114 | Cipher |
@@ -380,4 +381,4 @@ SEE ALSO | |||
380 | T. Ylonen and S. Lehtinen, SSH File Transfer Protocol, draft-ietf-secsh- | 381 | T. Ylonen and S. Lehtinen, SSH File Transfer Protocol, draft-ietf-secsh- |
381 | filexfer-00.txt, January 2001, work in progress material. | 382 | filexfer-00.txt, January 2001, work in progress material. |
382 | 383 | ||
383 | OpenBSD 5.8 January 30, 2015 OpenBSD 5.8 | 384 | OpenBSD 5.9 September 25, 2015 OpenBSD 5.9 |
@@ -1,4 +1,4 @@ | |||
1 | .\" $OpenBSD: sftp.1,v 1.101 2015/01/30 11:43:14 djm Exp $ | 1 | .\" $OpenBSD: sftp.1,v 1.102 2015/09/25 18:19:54 jmc Exp $ |
2 | .\" | 2 | .\" |
3 | .\" Copyright (c) 2001 Damien Miller. All rights reserved. | 3 | .\" Copyright (c) 2001 Damien Miller. All rights reserved. |
4 | .\" | 4 | .\" |
@@ -22,7 +22,7 @@ | |||
22 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 22 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
23 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 23 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
24 | .\" | 24 | .\" |
25 | .Dd $Mdocdate: January 30 2015 $ | 25 | .Dd $Mdocdate: September 25 2015 $ |
26 | .Dt SFTP 1 | 26 | .Dt SFTP 1 |
27 | .Os | 27 | .Os |
28 | .Sh NAME | 28 | .Sh NAME |
@@ -198,6 +198,7 @@ For full details of the options listed below, and their possible values, see | |||
198 | .It CanonicalizeHostname | 198 | .It CanonicalizeHostname |
199 | .It CanonicalizeMaxDots | 199 | .It CanonicalizeMaxDots |
200 | .It CanonicalizePermittedCNAMEs | 200 | .It CanonicalizePermittedCNAMEs |
201 | .It CertificateFile | ||
201 | .It ChallengeResponseAuthentication | 202 | .It ChallengeResponseAuthentication |
202 | .It CheckHostIP | 203 | .It CheckHostIP |
203 | .It Cipher | 204 | .It Cipher |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sftp.c,v 1.171 2015/08/20 22:32:42 deraadt Exp $ */ | 1 | /* $OpenBSD: sftp.c,v 1.172 2016/02/15 09:47:49 dtucker Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org> | 3 | * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org> |
4 | * | 4 | * |
@@ -2248,6 +2248,7 @@ main(int argc, char **argv) | |||
2248 | size_t num_requests = DEFAULT_NUM_REQUESTS; | 2248 | size_t num_requests = DEFAULT_NUM_REQUESTS; |
2249 | long long limit_kbps = 0; | 2249 | long long limit_kbps = 0; |
2250 | 2250 | ||
2251 | ssh_malloc_init(); /* must be called before any mallocs */ | ||
2251 | /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ | 2252 | /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ |
2252 | sanitise_stdfd(); | 2253 | sanitise_stdfd(); |
2253 | setlocale(LC_CTYPE, ""); | 2254 | setlocale(LC_CTYPE, ""); |
@@ -126,4 +126,4 @@ AUTHORS | |||
126 | created OpenSSH. Markus Friedl contributed the support for SSH protocol | 126 | created OpenSSH. Markus Friedl contributed the support for SSH protocol |
127 | versions 1.5 and 2.0. | 127 | versions 1.5 and 2.0. |
128 | 128 | ||
129 | OpenBSD 5.8 March 30, 2015 OpenBSD 5.8 | 129 | OpenBSD 5.9 March 30, 2015 OpenBSD 5.9 |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-add.c,v 1.123 2015/07/03 03:43:18 djm Exp $ */ | 1 | /* $OpenBSD: ssh-add.c,v 1.128 2016/02/15 09:47:49 dtucker Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -93,7 +93,7 @@ static int lifetime = 0; | |||
93 | /* User has to confirm key use */ | 93 | /* User has to confirm key use */ |
94 | static int confirm = 0; | 94 | static int confirm = 0; |
95 | 95 | ||
96 | /* we keep a cache of one passphrases */ | 96 | /* we keep a cache of one passphrase */ |
97 | static char *pass = NULL; | 97 | static char *pass = NULL; |
98 | static void | 98 | static void |
99 | clear_pass(void) | 99 | clear_pass(void) |
@@ -150,10 +150,8 @@ delete_file(int agent_fd, const char *filename, int key_only) | |||
150 | certpath, ssh_err(r)); | 150 | certpath, ssh_err(r)); |
151 | 151 | ||
152 | out: | 152 | out: |
153 | if (cert != NULL) | 153 | sshkey_free(cert); |
154 | sshkey_free(cert); | 154 | sshkey_free(public); |
155 | if (public != NULL) | ||
156 | sshkey_free(public); | ||
157 | free(certpath); | 155 | free(certpath); |
158 | free(comment); | 156 | free(comment); |
159 | 157 | ||
@@ -218,35 +216,32 @@ add_file(int agent_fd, const char *filename, int key_only) | |||
218 | close(fd); | 216 | close(fd); |
219 | 217 | ||
220 | /* At first, try empty passphrase */ | 218 | /* At first, try empty passphrase */ |
221 | if ((r = sshkey_parse_private_fileblob(keyblob, "", filename, | 219 | if ((r = sshkey_parse_private_fileblob(keyblob, "", &private, |
222 | &private, &comment)) != 0 && r != SSH_ERR_KEY_WRONG_PASSPHRASE) { | 220 | &comment)) != 0 && r != SSH_ERR_KEY_WRONG_PASSPHRASE) { |
223 | fprintf(stderr, "Error loading key \"%s\": %s\n", | 221 | fprintf(stderr, "Error loading key \"%s\": %s\n", |
224 | filename, ssh_err(r)); | 222 | filename, ssh_err(r)); |
225 | goto fail_load; | 223 | goto fail_load; |
226 | } | 224 | } |
227 | /* try last */ | 225 | /* try last */ |
228 | if (private == NULL && pass != NULL) { | 226 | if (private == NULL && pass != NULL) { |
229 | if ((r = sshkey_parse_private_fileblob(keyblob, pass, filename, | 227 | if ((r = sshkey_parse_private_fileblob(keyblob, pass, &private, |
230 | &private, &comment)) != 0 && | 228 | &comment)) != 0 && r != SSH_ERR_KEY_WRONG_PASSPHRASE) { |
231 | r != SSH_ERR_KEY_WRONG_PASSPHRASE) { | ||
232 | fprintf(stderr, "Error loading key \"%s\": %s\n", | 229 | fprintf(stderr, "Error loading key \"%s\": %s\n", |
233 | filename, ssh_err(r)); | 230 | filename, ssh_err(r)); |
234 | goto fail_load; | 231 | goto fail_load; |
235 | } | 232 | } |
236 | } | 233 | } |
237 | if (comment == NULL) | ||
238 | comment = xstrdup(filename); | ||
239 | if (private == NULL) { | 234 | if (private == NULL) { |
240 | /* clear passphrase since it did not work */ | 235 | /* clear passphrase since it did not work */ |
241 | clear_pass(); | 236 | clear_pass(); |
242 | snprintf(msg, sizeof msg, "Enter passphrase for %.200s%s: ", | 237 | snprintf(msg, sizeof msg, "Enter passphrase for %s%s: ", |
243 | comment, confirm ? " (will confirm each use)" : ""); | 238 | filename, confirm ? " (will confirm each use)" : ""); |
244 | for (;;) { | 239 | for (;;) { |
245 | pass = read_passphrase(msg, RP_ALLOW_STDIN); | 240 | pass = read_passphrase(msg, RP_ALLOW_STDIN); |
246 | if (strcmp(pass, "") == 0) | 241 | if (strcmp(pass, "") == 0) |
247 | goto fail_load; | 242 | goto fail_load; |
248 | if ((r = sshkey_parse_private_fileblob(keyblob, pass, | 243 | if ((r = sshkey_parse_private_fileblob(keyblob, pass, |
249 | filename, &private, NULL)) == 0) | 244 | &private, &comment)) == 0) |
250 | break; | 245 | break; |
251 | else if (r != SSH_ERR_KEY_WRONG_PASSPHRASE) { | 246 | else if (r != SSH_ERR_KEY_WRONG_PASSPHRASE) { |
252 | fprintf(stderr, | 247 | fprintf(stderr, |
@@ -254,16 +249,17 @@ add_file(int agent_fd, const char *filename, int key_only) | |||
254 | filename, ssh_err(r)); | 249 | filename, ssh_err(r)); |
255 | fail_load: | 250 | fail_load: |
256 | clear_pass(); | 251 | clear_pass(); |
257 | free(comment); | ||
258 | sshbuf_free(keyblob); | 252 | sshbuf_free(keyblob); |
259 | return -1; | 253 | return -1; |
260 | } | 254 | } |
261 | clear_pass(); | 255 | clear_pass(); |
262 | snprintf(msg, sizeof msg, | 256 | snprintf(msg, sizeof msg, |
263 | "Bad passphrase, try again for %.200s%s: ", comment, | 257 | "Bad passphrase, try again for %s%s: ", filename, |
264 | confirm ? " (will confirm each use)" : ""); | 258 | confirm ? " (will confirm each use)" : ""); |
265 | } | 259 | } |
266 | } | 260 | } |
261 | if (comment == NULL || *comment == '\0') | ||
262 | comment = xstrdup(filename); | ||
267 | sshbuf_free(keyblob); | 263 | sshbuf_free(keyblob); |
268 | 264 | ||
269 | if ((r = ssh_add_identity_constrained(agent_fd, private, comment, | 265 | if ((r = ssh_add_identity_constrained(agent_fd, private, comment, |
@@ -386,7 +382,7 @@ list_identities(int agent_fd, int do_fp) | |||
386 | if (do_fp) { | 382 | if (do_fp) { |
387 | fp = sshkey_fingerprint(idlist->keys[i], | 383 | fp = sshkey_fingerprint(idlist->keys[i], |
388 | fingerprint_hash, SSH_FP_DEFAULT); | 384 | fingerprint_hash, SSH_FP_DEFAULT); |
389 | printf("%d %s %s (%s)\n", | 385 | printf("%u %s %s (%s)\n", |
390 | sshkey_size(idlist->keys[i]), | 386 | sshkey_size(idlist->keys[i]), |
391 | fp == NULL ? "(null)" : fp, | 387 | fp == NULL ? "(null)" : fp, |
392 | idlist->comments[i], | 388 | idlist->comments[i], |
@@ -485,6 +481,7 @@ main(int argc, char **argv) | |||
485 | int r, i, ch, deleting = 0, ret = 0, key_only = 0; | 481 | int r, i, ch, deleting = 0, ret = 0, key_only = 0; |
486 | int xflag = 0, lflag = 0, Dflag = 0; | 482 | int xflag = 0, lflag = 0, Dflag = 0; |
487 | 483 | ||
484 | ssh_malloc_init(); /* must be called before any mallocs */ | ||
488 | /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ | 485 | /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ |
489 | sanitise_stdfd(); | 486 | sanitise_stdfd(); |
490 | 487 | ||
diff --git a/ssh-agent.0 b/ssh-agent.0 index 65bf6e70f..2cc5ac6e0 100644 --- a/ssh-agent.0 +++ b/ssh-agent.0 | |||
@@ -18,10 +18,10 @@ DESCRIPTION | |||
18 | using ssh(1). | 18 | using ssh(1). |
19 | 19 | ||
20 | The agent initially does not have any private keys. Keys are added using | 20 | The agent initially does not have any private keys. Keys are added using |
21 | ssh-add(1). Multiple identities may be stored in ssh-agent concurrently | 21 | ssh(1) (see AddKeysToAgent in ssh_config(5) for details) or ssh-add(1). |
22 | and ssh(1) will automatically use them if present. ssh-add(1) is also | 22 | Multiple identities may be stored in ssh-agent concurrently and ssh(1) |
23 | used to remove keys from ssh-agent and to query the keys that are held in | 23 | will automatically use them if present. ssh-add(1) is also used to |
24 | one. | 24 | remove keys from ssh-agent and to query the keys that are held in one. |
25 | 25 | ||
26 | The options are as follows: | 26 | The options are as follows: |
27 | 27 | ||
@@ -56,8 +56,8 @@ DESCRIPTION | |||
56 | for an identity with ssh-add(1) overrides this value. Without | 56 | for an identity with ssh-add(1) overrides this value. Without |
57 | this option the default maximum lifetime is forever. | 57 | this option the default maximum lifetime is forever. |
58 | 58 | ||
59 | If a commandline is given, this is executed as a subprocess of the agent. | 59 | If a command line is given, this is executed as a subprocess of the |
60 | When the command dies, so does the agent. | 60 | agent. When the command dies, so does the agent. |
61 | 61 | ||
62 | The idea is that the agent is run in the user's local PC, laptop, or | 62 | The idea is that the agent is run in the user's local PC, laptop, or |
63 | terminal. Authentication data need not be stored on any other machine, | 63 | terminal. Authentication data need not be stored on any other machine, |
@@ -109,4 +109,4 @@ AUTHORS | |||
109 | created OpenSSH. Markus Friedl contributed the support for SSH protocol | 109 | created OpenSSH. Markus Friedl contributed the support for SSH protocol |
110 | versions 1.5 and 2.0. | 110 | versions 1.5 and 2.0. |
111 | 111 | ||
112 | OpenBSD 5.8 April 24, 2015 OpenBSD 5.8 | 112 | OpenBSD 5.9 November 15, 2015 OpenBSD 5.9 |
diff --git a/ssh-agent.1 b/ssh-agent.1 index 2a940d9ff..2fe22013a 100644 --- a/ssh-agent.1 +++ b/ssh-agent.1 | |||
@@ -1,4 +1,4 @@ | |||
1 | .\" $OpenBSD: ssh-agent.1,v 1.59 2015/04/24 06:26:49 jmc Exp $ | 1 | .\" $OpenBSD: ssh-agent.1,v 1.62 2015/11/15 23:54:15 jmc Exp $ |
2 | .\" | 2 | .\" |
3 | .\" Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | .\" Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -34,7 +34,7 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .Dd $Mdocdate: April 24 2015 $ | 37 | .Dd $Mdocdate: November 15 2015 $ |
38 | .Dt SSH-AGENT 1 | 38 | .Dt SSH-AGENT 1 |
39 | .Os | 39 | .Os |
40 | .Sh NAME | 40 | .Sh NAME |
@@ -43,7 +43,7 @@ | |||
43 | .Sh SYNOPSIS | 43 | .Sh SYNOPSIS |
44 | .Nm ssh-agent | 44 | .Nm ssh-agent |
45 | .Op Fl c | s | 45 | .Op Fl c | s |
46 | .Op Fl Dd | 46 | .Op Fl \&Dd |
47 | .Op Fl a Ar bind_address | 47 | .Op Fl a Ar bind_address |
48 | .Op Fl E Ar fingerprint_hash | 48 | .Op Fl E Ar fingerprint_hash |
49 | .Op Fl t Ar life | 49 | .Op Fl t Ar life |
@@ -66,6 +66,13 @@ machines using | |||
66 | .Pp | 66 | .Pp |
67 | The agent initially does not have any private keys. | 67 | The agent initially does not have any private keys. |
68 | Keys are added using | 68 | Keys are added using |
69 | .Xr ssh 1 | ||
70 | (see | ||
71 | .Cm AddKeysToAgent | ||
72 | in | ||
73 | .Xr ssh_config 5 | ||
74 | for details) | ||
75 | or | ||
69 | .Xr ssh-add 1 . | 76 | .Xr ssh-add 1 . |
70 | Multiple identities may be stored in | 77 | Multiple identities may be stored in |
71 | .Nm | 78 | .Nm |
@@ -130,7 +137,7 @@ overrides this value. | |||
130 | Without this option the default maximum lifetime is forever. | 137 | Without this option the default maximum lifetime is forever. |
131 | .El | 138 | .El |
132 | .Pp | 139 | .Pp |
133 | If a commandline is given, this is executed as a subprocess of the agent. | 140 | If a command line is given, this is executed as a subprocess of the agent. |
134 | When the command dies, so does the agent. | 141 | When the command dies, so does the agent. |
135 | .Pp | 142 | .Pp |
136 | The idea is that the agent is run in the user's local PC, laptop, or | 143 | The idea is that the agent is run in the user's local PC, laptop, or |
diff --git a/ssh-agent.c b/ssh-agent.c index a335ea33d..c38906d94 100644 --- a/ssh-agent.c +++ b/ssh-agent.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-agent.c,v 1.204 2015/07/08 20:24:02 markus Exp $ */ | 1 | /* $OpenBSD: ssh-agent.c,v 1.212 2016/02/15 09:47:49 dtucker Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -368,6 +368,18 @@ process_authentication_challenge1(SocketEntry *e) | |||
368 | } | 368 | } |
369 | #endif | 369 | #endif |
370 | 370 | ||
371 | static char * | ||
372 | agent_decode_alg(struct sshkey *key, u_int flags) | ||
373 | { | ||
374 | if (key->type == KEY_RSA) { | ||
375 | if (flags & SSH_AGENT_RSA_SHA2_256) | ||
376 | return "rsa-sha2-256"; | ||
377 | else if (flags & SSH_AGENT_RSA_SHA2_512) | ||
378 | return "rsa-sha2-512"; | ||
379 | } | ||
380 | return NULL; | ||
381 | } | ||
382 | |||
371 | /* ssh2 only */ | 383 | /* ssh2 only */ |
372 | static void | 384 | static void |
373 | process_sign_request2(SocketEntry *e) | 385 | process_sign_request2(SocketEntry *e) |
@@ -389,7 +401,7 @@ process_sign_request2(SocketEntry *e) | |||
389 | if (flags & SSH_AGENT_OLD_SIGNATURE) | 401 | if (flags & SSH_AGENT_OLD_SIGNATURE) |
390 | compat = SSH_BUG_SIGBLOB; | 402 | compat = SSH_BUG_SIGBLOB; |
391 | if ((r = sshkey_from_blob(blob, blen, &key)) != 0) { | 403 | if ((r = sshkey_from_blob(blob, blen, &key)) != 0) { |
392 | error("%s: cannot parse key blob: %s", __func__, ssh_err(ok)); | 404 | error("%s: cannot parse key blob: %s", __func__, ssh_err(r)); |
393 | goto send; | 405 | goto send; |
394 | } | 406 | } |
395 | if ((id = lookup_identity(key, 2)) == NULL) { | 407 | if ((id = lookup_identity(key, 2)) == NULL) { |
@@ -401,8 +413,8 @@ process_sign_request2(SocketEntry *e) | |||
401 | goto send; | 413 | goto send; |
402 | } | 414 | } |
403 | if ((r = sshkey_sign(id->key, &signature, &slen, | 415 | if ((r = sshkey_sign(id->key, &signature, &slen, |
404 | data, dlen, compat)) != 0) { | 416 | data, dlen, agent_decode_alg(key, flags), compat)) != 0) { |
405 | error("%s: sshkey_sign: %s", __func__, ssh_err(ok)); | 417 | error("%s: sshkey_sign: %s", __func__, ssh_err(r)); |
406 | goto send; | 418 | goto send; |
407 | } | 419 | } |
408 | /* Success */ | 420 | /* Success */ |
@@ -1188,6 +1200,7 @@ main(int ac, char **av) | |||
1188 | size_t len; | 1200 | size_t len; |
1189 | mode_t prev_mask; | 1201 | mode_t prev_mask; |
1190 | 1202 | ||
1203 | ssh_malloc_init(); /* must be called before any mallocs */ | ||
1191 | /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ | 1204 | /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ |
1192 | sanitise_stdfd(); | 1205 | sanitise_stdfd(); |
1193 | 1206 | ||
@@ -1330,6 +1343,7 @@ main(int ac, char **av) | |||
1330 | printf(format, SSH_AUTHSOCKET_ENV_NAME, socket_name, | 1343 | printf(format, SSH_AUTHSOCKET_ENV_NAME, socket_name, |
1331 | SSH_AUTHSOCKET_ENV_NAME); | 1344 | SSH_AUTHSOCKET_ENV_NAME); |
1332 | printf("echo Agent pid %ld;\n", (long)parent_pid); | 1345 | printf("echo Agent pid %ld;\n", (long)parent_pid); |
1346 | fflush(stdout); | ||
1333 | goto skip; | 1347 | goto skip; |
1334 | } | 1348 | } |
1335 | pid = fork(); | 1349 | pid = fork(); |
@@ -1402,6 +1416,10 @@ skip: | |||
1402 | signal(SIGTERM, cleanup_handler); | 1416 | signal(SIGTERM, cleanup_handler); |
1403 | nalloc = 0; | 1417 | nalloc = 0; |
1404 | 1418 | ||
1419 | if (pledge("stdio cpath unix id proc exec", NULL) == -1) | ||
1420 | fatal("%s: pledge: %s", __progname, strerror(errno)); | ||
1421 | platform_pledge_agent(); | ||
1422 | |||
1405 | while (1) { | 1423 | while (1) { |
1406 | prepare_select(&readsetp, &writesetp, &max_fd, &nalloc, &tvp); | 1424 | prepare_select(&readsetp, &writesetp, &max_fd, &nalloc, &tvp); |
1407 | result = select(max_fd + 1, readsetp, writesetp, NULL, tvp); | 1425 | result = select(max_fd + 1, readsetp, writesetp, NULL, tvp); |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-dss.c,v 1.32 2014/06/24 01:13:21 djm Exp $ */ | 1 | /* $OpenBSD: ssh-dss.c,v 1.34 2015/12/11 04:21:12 mmcc Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -122,8 +122,7 @@ ssh_dss_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, | |||
122 | explicit_bzero(digest, sizeof(digest)); | 122 | explicit_bzero(digest, sizeof(digest)); |
123 | if (sig != NULL) | 123 | if (sig != NULL) |
124 | DSA_SIG_free(sig); | 124 | DSA_SIG_free(sig); |
125 | if (b != NULL) | 125 | sshbuf_free(b); |
126 | sshbuf_free(b); | ||
127 | return ret; | 126 | return ret; |
128 | } | 127 | } |
129 | 128 | ||
@@ -209,10 +208,8 @@ ssh_dss_verify(const struct sshkey *key, | |||
209 | explicit_bzero(digest, sizeof(digest)); | 208 | explicit_bzero(digest, sizeof(digest)); |
210 | if (sig != NULL) | 209 | if (sig != NULL) |
211 | DSA_SIG_free(sig); | 210 | DSA_SIG_free(sig); |
212 | if (b != NULL) | 211 | sshbuf_free(b); |
213 | sshbuf_free(b); | 212 | free(ktype); |
214 | if (ktype != NULL) | ||
215 | free(ktype); | ||
216 | if (sigblob != NULL) { | 213 | if (sigblob != NULL) { |
217 | explicit_bzero(sigblob, len); | 214 | explicit_bzero(sigblob, len); |
218 | free(sigblob); | 215 | free(sigblob); |
diff --git a/ssh-ecdsa.c b/ssh-ecdsa.c index 2c76f8b43..74912dfd9 100644 --- a/ssh-ecdsa.c +++ b/ssh-ecdsa.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-ecdsa.c,v 1.11 2014/06/24 01:13:21 djm Exp $ */ | 1 | /* $OpenBSD: ssh-ecdsa.c,v 1.12 2015/12/11 04:21:12 mmcc Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * Copyright (c) 2010 Damien Miller. All rights reserved. | 4 | * Copyright (c) 2010 Damien Miller. All rights reserved. |
@@ -99,10 +99,8 @@ ssh_ecdsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, | |||
99 | ret = 0; | 99 | ret = 0; |
100 | out: | 100 | out: |
101 | explicit_bzero(digest, sizeof(digest)); | 101 | explicit_bzero(digest, sizeof(digest)); |
102 | if (b != NULL) | 102 | sshbuf_free(b); |
103 | sshbuf_free(b); | 103 | sshbuf_free(bb); |
104 | if (bb != NULL) | ||
105 | sshbuf_free(bb); | ||
106 | if (sig != NULL) | 104 | if (sig != NULL) |
107 | ECDSA_SIG_free(sig); | 105 | ECDSA_SIG_free(sig); |
108 | return ret; | 106 | return ret; |
@@ -179,10 +177,8 @@ ssh_ecdsa_verify(const struct sshkey *key, | |||
179 | 177 | ||
180 | out: | 178 | out: |
181 | explicit_bzero(digest, sizeof(digest)); | 179 | explicit_bzero(digest, sizeof(digest)); |
182 | if (sigbuf != NULL) | 180 | sshbuf_free(sigbuf); |
183 | sshbuf_free(sigbuf); | 181 | sshbuf_free(b); |
184 | if (b != NULL) | ||
185 | sshbuf_free(b); | ||
186 | if (sig != NULL) | 182 | if (sig != NULL) |
187 | ECDSA_SIG_free(sig); | 183 | ECDSA_SIG_free(sig); |
188 | free(ktype); | 184 | free(ktype); |
diff --git a/ssh-keygen.0 b/ssh-keygen.0 index 07a45b36b..2b749ae9f 100644 --- a/ssh-keygen.0 +++ b/ssh-keygen.0 | |||
@@ -31,8 +31,11 @@ SYNOPSIS | |||
31 | 31 | ||
32 | DESCRIPTION | 32 | DESCRIPTION |
33 | ssh-keygen generates, manages and converts authentication keys for | 33 | ssh-keygen generates, manages and converts authentication keys for |
34 | ssh(1). ssh-keygen can create RSA keys for use by SSH protocol version 1 | 34 | ssh(1). ssh-keygen can create keys for use by SSH protocol versions 1 |
35 | and DSA, ECDSA, Ed25519 or RSA keys for use by SSH protocol version 2. | 35 | and 2. Protocol 1 should not be used and is only offered to support |
36 | legacy devices. It suffers from a number of cryptographic weaknesses and | ||
37 | doesn't support many of the advanced features available for protocol 2. | ||
38 | |||
36 | The type of key to be generated is specified with the -t option. If | 39 | The type of key to be generated is specified with the -t option. If |
37 | invoked without any arguments, ssh-keygen will generate an RSA key for | 40 | invoked without any arguments, ssh-keygen will generate an RSA key for |
38 | use in SSH protocol 2 connections. | 41 | use in SSH protocol 2 connections. |
@@ -194,7 +197,7 @@ DESCRIPTION | |||
194 | file or using the format described in the KEY REVOCATION LISTS | 197 | file or using the format described in the KEY REVOCATION LISTS |
195 | section. | 198 | section. |
196 | 199 | ||
197 | -L Prints the contents of a certificate. | 200 | -L Prints the contents of one or more certificates. |
198 | 201 | ||
199 | -l Show fingerprint of specified public key file. Private RSA1 keys | 202 | -l Show fingerprint of specified public key file. Private RSA1 keys |
200 | are also supported. For RSA and DSA keys ssh-keygen tries to | 203 | are also supported. For RSA and DSA keys ssh-keygen tries to |
@@ -275,11 +278,11 @@ DESCRIPTION | |||
275 | 278 | ||
276 | At present, no options are valid for host keys. | 279 | At present, no options are valid for host keys. |
277 | 280 | ||
278 | -o Causes ssh-keygen to save SSH protocol 2 private keys using the | 281 | -o Causes ssh-keygen to save private keys using the new OpenSSH |
279 | new OpenSSH format rather than the more compatible PEM format. | 282 | format rather than the more compatible PEM format. The new |
280 | The new format has increased resistance to brute-force password | 283 | format has increased resistance to brute-force password cracking |
281 | cracking but is not supported by versions of OpenSSH prior to | 284 | but is not supported by versions of OpenSSH prior to 6.5. |
282 | 6.5. Ed25519 keys always use the new private key format. | 285 | Ed25519 keys always use the new private key format. |
283 | 286 | ||
284 | -P passphrase | 287 | -P passphrase |
285 | Provides the (old) passphrase. | 288 | Provides the (old) passphrase. |
@@ -502,7 +505,7 @@ KEY REVOCATION LISTS | |||
502 | 505 | ||
503 | It is also possible, given a KRL, to test whether it revokes a particular | 506 | It is also possible, given a KRL, to test whether it revokes a particular |
504 | key (or keys). The -Q flag will query an existing KRL, testing each key | 507 | key (or keys). The -Q flag will query an existing KRL, testing each key |
505 | specified on the commandline. If any key listed on the command line has | 508 | specified on the command line. If any key listed on the command line has |
506 | been revoked (or an error encountered) then ssh-keygen will exit with a | 509 | been revoked (or an error encountered) then ssh-keygen will exit with a |
507 | non-zero exit status. A zero exit status will only be returned if no key | 510 | non-zero exit status. A zero exit status will only be returned if no key |
508 | was revoked. | 511 | was revoked. |
@@ -563,4 +566,4 @@ AUTHORS | |||
563 | created OpenSSH. Markus Friedl contributed the support for SSH protocol | 566 | created OpenSSH. Markus Friedl contributed the support for SSH protocol |
564 | versions 1.5 and 2.0. | 567 | versions 1.5 and 2.0. |
565 | 568 | ||
566 | OpenBSD 5.8 August 20, 2015 OpenBSD 5.8 | 569 | OpenBSD 5.9 February 17, 2016 OpenBSD 5.9 |
diff --git a/ssh-keygen.1 b/ssh-keygen.1 index c560179c8..24bed5f61 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1 | |||
@@ -1,4 +1,4 @@ | |||
1 | .\" $OpenBSD: ssh-keygen.1,v 1.127 2015/08/20 19:20:06 naddy Exp $ | 1 | .\" $OpenBSD: ssh-keygen.1,v 1.130 2016/02/17 07:38:19 jmc Exp $ |
2 | .\" | 2 | .\" |
3 | .\" Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | .\" Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -35,7 +35,7 @@ | |||
35 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 35 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
36 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 36 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
37 | .\" | 37 | .\" |
38 | .Dd $Mdocdate: August 20 2015 $ | 38 | .Dd $Mdocdate: February 17 2016 $ |
39 | .Dt SSH-KEYGEN 1 | 39 | .Dt SSH-KEYGEN 1 |
40 | .Os | 40 | .Os |
41 | .Sh NAME | 41 | .Sh NAME |
@@ -141,8 +141,12 @@ | |||
141 | generates, manages and converts authentication keys for | 141 | generates, manages and converts authentication keys for |
142 | .Xr ssh 1 . | 142 | .Xr ssh 1 . |
143 | .Nm | 143 | .Nm |
144 | can create RSA keys for use by SSH protocol version 1 and | 144 | can create keys for use by SSH protocol versions 1 and 2. |
145 | DSA, ECDSA, Ed25519 or RSA keys for use by SSH protocol version 2. | 145 | Protocol 1 should not be used |
146 | and is only offered to support legacy devices. | ||
147 | It suffers from a number of cryptographic weaknesses | ||
148 | and doesn't support many of the advanced features available for protocol 2. | ||
149 | .Pp | ||
146 | The type of key to be generated is specified with the | 150 | The type of key to be generated is specified with the |
147 | .Fl t | 151 | .Fl t |
148 | option. | 152 | option. |
@@ -372,7 +376,7 @@ using the format described in the | |||
372 | .Sx KEY REVOCATION LISTS | 376 | .Sx KEY REVOCATION LISTS |
373 | section. | 377 | section. |
374 | .It Fl L | 378 | .It Fl L |
375 | Prints the contents of a certificate. | 379 | Prints the contents of one or more certificates. |
376 | .It Fl l | 380 | .It Fl l |
377 | Show fingerprint of specified public key file. | 381 | Show fingerprint of specified public key file. |
378 | Private RSA1 keys are also supported. | 382 | Private RSA1 keys are also supported. |
@@ -470,7 +474,7 @@ At present, no options are valid for host keys. | |||
470 | .It Fl o | 474 | .It Fl o |
471 | Causes | 475 | Causes |
472 | .Nm | 476 | .Nm |
473 | to save SSH protocol 2 private keys using the new OpenSSH format rather than | 477 | to save private keys using the new OpenSSH format rather than |
474 | the more compatible PEM format. | 478 | the more compatible PEM format. |
475 | The new format has increased resistance to brute-force password cracking | 479 | The new format has increased resistance to brute-force password cracking |
476 | but is not supported by versions of OpenSSH prior to 6.5. | 480 | but is not supported by versions of OpenSSH prior to 6.5. |
@@ -777,7 +781,7 @@ It is also possible, given a KRL, to test whether it revokes a particular key | |||
777 | (or keys). | 781 | (or keys). |
778 | The | 782 | The |
779 | .Fl Q | 783 | .Fl Q |
780 | flag will query an existing KRL, testing each key specified on the commandline. | 784 | flag will query an existing KRL, testing each key specified on the command line. |
781 | If any key listed on the command line has been revoked (or an error encountered) | 785 | If any key listed on the command line has been revoked (or an error encountered) |
782 | then | 786 | then |
783 | .Nm | 787 | .Nm |
diff --git a/ssh-keygen.c b/ssh-keygen.c index 4e0a85554..478520123 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-keygen.c,v 1.277 2015/08/19 23:17:51 djm Exp $ */ | 1 | /* $OpenBSD: ssh-keygen.c,v 1.288 2016/02/15 09:47:49 dtucker Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -523,7 +523,7 @@ do_convert_private_ssh2_from_blob(u_char *blob, u_int blen) | |||
523 | sshbuf_free(b); | 523 | sshbuf_free(b); |
524 | 524 | ||
525 | /* try the key */ | 525 | /* try the key */ |
526 | if (sshkey_sign(key, &sig, &slen, data, sizeof(data), 0) != 0 || | 526 | if (sshkey_sign(key, &sig, &slen, data, sizeof(data), NULL, 0) != 0 || |
527 | sshkey_verify(key, sig, slen, data, sizeof(data), 0) != 0) { | 527 | sshkey_verify(key, sig, slen, data, sizeof(data), 0) != 0) { |
528 | sshkey_free(key); | 528 | sshkey_free(key); |
529 | free(sig); | 529 | free(sig); |
@@ -808,116 +808,162 @@ do_download(struct passwd *pw) | |||
808 | #endif /* ENABLE_PKCS11 */ | 808 | #endif /* ENABLE_PKCS11 */ |
809 | } | 809 | } |
810 | 810 | ||
811 | static struct sshkey * | ||
812 | try_read_key(char **cpp) | ||
813 | { | ||
814 | struct sshkey *ret; | ||
815 | int r; | ||
816 | |||
817 | if ((ret = sshkey_new(KEY_RSA1)) == NULL) | ||
818 | fatal("sshkey_new failed"); | ||
819 | /* Try RSA1 */ | ||
820 | if ((r = sshkey_read(ret, cpp)) == 0) | ||
821 | return ret; | ||
822 | /* Try modern */ | ||
823 | sshkey_free(ret); | ||
824 | if ((ret = sshkey_new(KEY_UNSPEC)) == NULL) | ||
825 | fatal("sshkey_new failed"); | ||
826 | if ((r = sshkey_read(ret, cpp)) == 0) | ||
827 | return ret; | ||
828 | /* Not a key */ | ||
829 | sshkey_free(ret); | ||
830 | return NULL; | ||
831 | } | ||
832 | |||
811 | static void | 833 | static void |
812 | do_fingerprint(struct passwd *pw) | 834 | fingerprint_one_key(const struct sshkey *public, const char *comment) |
813 | { | 835 | { |
814 | FILE *f; | 836 | char *fp = NULL, *ra = NULL; |
815 | struct sshkey *public; | ||
816 | char *comment = NULL, *cp, *ep, line[16*1024], *fp, *ra; | ||
817 | int r, i, skip = 0, num = 0, invalid = 1; | ||
818 | enum sshkey_fp_rep rep; | 837 | enum sshkey_fp_rep rep; |
819 | int fptype; | 838 | int fptype; |
820 | struct stat st; | ||
821 | 839 | ||
822 | fptype = print_bubblebabble ? SSH_DIGEST_SHA1 : fingerprint_hash; | 840 | fptype = print_bubblebabble ? SSH_DIGEST_SHA1 : fingerprint_hash; |
823 | rep = print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_DEFAULT; | 841 | rep = print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_DEFAULT; |
824 | if (!have_identity) | 842 | fp = sshkey_fingerprint(public, fptype, rep); |
825 | ask_filename(pw, "Enter file in which the key is"); | 843 | ra = sshkey_fingerprint(public, fingerprint_hash, SSH_FP_RANDOMART); |
844 | if (fp == NULL || ra == NULL) | ||
845 | fatal("%s: sshkey_fingerprint failed", __func__); | ||
846 | printf("%u %s %s (%s)\n", sshkey_size(public), fp, | ||
847 | comment ? comment : "no comment", sshkey_type(public)); | ||
848 | if (log_level >= SYSLOG_LEVEL_VERBOSE) | ||
849 | printf("%s\n", ra); | ||
850 | free(ra); | ||
851 | free(fp); | ||
852 | } | ||
853 | |||
854 | static void | ||
855 | fingerprint_private(const char *path) | ||
856 | { | ||
857 | struct stat st; | ||
858 | char *comment = NULL; | ||
859 | struct sshkey *public = NULL; | ||
860 | int r; | ||
861 | |||
826 | if (stat(identity_file, &st) < 0) | 862 | if (stat(identity_file, &st) < 0) |
827 | fatal("%s: %s", identity_file, strerror(errno)); | 863 | fatal("%s: %s", path, strerror(errno)); |
828 | if ((r = sshkey_load_public(identity_file, &public, &comment)) != 0) | 864 | if ((r = sshkey_load_public(path, &public, &comment)) != 0) { |
829 | debug2("Error loading public key \"%s\": %s", | 865 | debug("load public \"%s\": %s", path, ssh_err(r)); |
830 | identity_file, ssh_err(r)); | 866 | if ((r = sshkey_load_private(path, NULL, |
831 | else { | 867 | &public, &comment)) != 0) { |
832 | fp = sshkey_fingerprint(public, fptype, rep); | 868 | debug("load private \"%s\": %s", path, ssh_err(r)); |
833 | ra = sshkey_fingerprint(public, fingerprint_hash, | 869 | fatal("%s is not a key file.", path); |
834 | SSH_FP_RANDOMART); | 870 | } |
835 | if (fp == NULL || ra == NULL) | ||
836 | fatal("%s: sshkey_fingerprint fail", __func__); | ||
837 | printf("%u %s %s (%s)\n", sshkey_size(public), fp, comment, | ||
838 | sshkey_type(public)); | ||
839 | if (log_level >= SYSLOG_LEVEL_VERBOSE) | ||
840 | printf("%s\n", ra); | ||
841 | sshkey_free(public); | ||
842 | free(comment); | ||
843 | free(ra); | ||
844 | free(fp); | ||
845 | exit(0); | ||
846 | } | ||
847 | if (comment) { | ||
848 | free(comment); | ||
849 | comment = NULL; | ||
850 | } | 871 | } |
851 | 872 | ||
852 | if ((f = fopen(identity_file, "r")) == NULL) | 873 | fingerprint_one_key(public, comment); |
853 | fatal("%s: %s: %s", __progname, identity_file, strerror(errno)); | 874 | sshkey_free(public); |
875 | free(comment); | ||
876 | } | ||
854 | 877 | ||
855 | while (fgets(line, sizeof(line), f)) { | 878 | static void |
856 | if ((cp = strchr(line, '\n')) == NULL) { | 879 | do_fingerprint(struct passwd *pw) |
857 | error("line %d too long: %.40s...", | 880 | { |
858 | num + 1, line); | 881 | FILE *f; |
859 | skip = 1; | 882 | struct sshkey *public = NULL; |
883 | char *comment = NULL, *cp, *ep, line[SSH_MAX_PUBKEY_BYTES]; | ||
884 | int i, invalid = 1; | ||
885 | const char *path; | ||
886 | long int lnum = 0; | ||
887 | |||
888 | if (!have_identity) | ||
889 | ask_filename(pw, "Enter file in which the key is"); | ||
890 | path = identity_file; | ||
891 | |||
892 | if (strcmp(identity_file, "-") == 0) { | ||
893 | f = stdin; | ||
894 | path = "(stdin)"; | ||
895 | } else if ((f = fopen(path, "r")) == NULL) | ||
896 | fatal("%s: %s: %s", __progname, path, strerror(errno)); | ||
897 | |||
898 | while (read_keyfile_line(f, path, line, sizeof(line), &lnum) == 0) { | ||
899 | cp = line; | ||
900 | cp[strcspn(cp, "\n")] = '\0'; | ||
901 | /* Trim leading space and comments */ | ||
902 | cp = line + strspn(line, " \t"); | ||
903 | if (*cp == '#' || *cp == '\0') | ||
860 | continue; | 904 | continue; |
905 | |||
906 | /* | ||
907 | * Input may be plain keys, private keys, authorized_keys | ||
908 | * or known_hosts. | ||
909 | */ | ||
910 | |||
911 | /* | ||
912 | * Try private keys first. Assume a key is private if | ||
913 | * "SSH PRIVATE KEY" appears on the first line and we're | ||
914 | * not reading from stdin (XXX support private keys on stdin). | ||
915 | */ | ||
916 | if (lnum == 1 && strcmp(identity_file, "-") != 0 && | ||
917 | strstr(cp, "PRIVATE KEY") != NULL) { | ||
918 | fclose(f); | ||
919 | fingerprint_private(path); | ||
920 | exit(0); | ||
861 | } | 921 | } |
862 | num++; | 922 | |
863 | if (skip) { | 923 | /* |
864 | skip = 0; | 924 | * If it's not a private key, then this must be prepared to |
925 | * accept a public key prefixed with a hostname or options. | ||
926 | * Try a bare key first, otherwise skip the leading stuff. | ||
927 | */ | ||
928 | if ((public = try_read_key(&cp)) == NULL) { | ||
929 | i = strtol(cp, &ep, 10); | ||
930 | if (i == 0 || ep == NULL || | ||
931 | (*ep != ' ' && *ep != '\t')) { | ||
932 | int quoted = 0; | ||
933 | |||
934 | comment = cp; | ||
935 | for (; *cp && (quoted || (*cp != ' ' && | ||
936 | *cp != '\t')); cp++) { | ||
937 | if (*cp == '\\' && cp[1] == '"') | ||
938 | cp++; /* Skip both */ | ||
939 | else if (*cp == '"') | ||
940 | quoted = !quoted; | ||
941 | } | ||
942 | if (!*cp) | ||
943 | continue; | ||
944 | *cp++ = '\0'; | ||
945 | } | ||
946 | } | ||
947 | /* Retry after parsing leading hostname/key options */ | ||
948 | if (public == NULL && (public = try_read_key(&cp)) == NULL) { | ||
949 | debug("%s:%ld: not a public key", path, lnum); | ||
865 | continue; | 950 | continue; |
866 | } | 951 | } |
867 | *cp = '\0'; | ||
868 | 952 | ||
869 | /* Skip leading whitespace, empty and comment lines. */ | 953 | /* Find trailing comment, if any */ |
870 | for (cp = line; *cp == ' ' || *cp == '\t'; cp++) | 954 | for (; *cp == ' ' || *cp == '\t'; cp++) |
871 | ; | 955 | ; |
872 | if (!*cp || *cp == '\n' || *cp == '#') | 956 | if (*cp != '\0' && *cp != '#') |
873 | continue; | ||
874 | i = strtol(cp, &ep, 10); | ||
875 | if (i == 0 || ep == NULL || (*ep != ' ' && *ep != '\t')) { | ||
876 | int quoted = 0; | ||
877 | comment = cp; | 957 | comment = cp; |
878 | for (; *cp && (quoted || (*cp != ' ' && | 958 | |
879 | *cp != '\t')); cp++) { | 959 | fingerprint_one_key(public, comment); |
880 | if (*cp == '\\' && cp[1] == '"') | ||
881 | cp++; /* Skip both */ | ||
882 | else if (*cp == '"') | ||
883 | quoted = !quoted; | ||
884 | } | ||
885 | if (!*cp) | ||
886 | continue; | ||
887 | *cp++ = '\0'; | ||
888 | } | ||
889 | ep = cp; | ||
890 | if ((public = sshkey_new(KEY_RSA1)) == NULL) | ||
891 | fatal("sshkey_new failed"); | ||
892 | if ((r = sshkey_read(public, &cp)) != 0) { | ||
893 | cp = ep; | ||
894 | sshkey_free(public); | ||
895 | if ((public = sshkey_new(KEY_UNSPEC)) == NULL) | ||
896 | fatal("sshkey_new failed"); | ||
897 | if ((r = sshkey_read(public, &cp)) != 0) { | ||
898 | sshkey_free(public); | ||
899 | continue; | ||
900 | } | ||
901 | } | ||
902 | comment = *cp ? cp : comment; | ||
903 | fp = sshkey_fingerprint(public, fptype, rep); | ||
904 | ra = sshkey_fingerprint(public, fingerprint_hash, | ||
905 | SSH_FP_RANDOMART); | ||
906 | if (fp == NULL || ra == NULL) | ||
907 | fatal("%s: sshkey_fingerprint fail", __func__); | ||
908 | printf("%u %s %s (%s)\n", sshkey_size(public), fp, | ||
909 | comment ? comment : "no comment", sshkey_type(public)); | ||
910 | if (log_level >= SYSLOG_LEVEL_VERBOSE) | ||
911 | printf("%s\n", ra); | ||
912 | free(ra); | ||
913 | free(fp); | ||
914 | sshkey_free(public); | 960 | sshkey_free(public); |
915 | invalid = 0; | 961 | invalid = 0; /* One good key in the file is sufficient */ |
916 | } | 962 | } |
917 | fclose(f); | 963 | fclose(f); |
918 | 964 | ||
919 | if (invalid) | 965 | if (invalid) |
920 | fatal("%s is not a public key file.", identity_file); | 966 | fatal("%s is not a public key file.", path); |
921 | exit(0); | 967 | exit(0); |
922 | } | 968 | } |
923 | 969 | ||
@@ -1185,8 +1231,11 @@ do_known_hosts(struct passwd *pw, const char *name) | |||
1185 | foreach_options |= print_fingerprint ? HKF_WANT_PARSE_KEY : 0; | 1231 | foreach_options |= print_fingerprint ? HKF_WANT_PARSE_KEY : 0; |
1186 | if ((r = hostkeys_foreach(identity_file, | 1232 | if ((r = hostkeys_foreach(identity_file, |
1187 | hash_hosts ? known_hosts_hash : known_hosts_find_delete, &ctx, | 1233 | hash_hosts ? known_hosts_hash : known_hosts_find_delete, &ctx, |
1188 | name, NULL, foreach_options)) != 0) | 1234 | name, NULL, foreach_options)) != 0) { |
1235 | if (inplace) | ||
1236 | unlink(tmp); | ||
1189 | fatal("%s: hostkeys_foreach failed: %s", __func__, ssh_err(r)); | 1237 | fatal("%s: hostkeys_foreach failed: %s", __func__, ssh_err(r)); |
1238 | } | ||
1190 | 1239 | ||
1191 | if (inplace) | 1240 | if (inplace) |
1192 | fclose(ctx.out); | 1241 | fclose(ctx.out); |
@@ -1383,9 +1432,11 @@ do_change_comment(struct passwd *pw) | |||
1383 | identity_file, ssh_err(r)); | 1432 | identity_file, ssh_err(r)); |
1384 | } | 1433 | } |
1385 | } | 1434 | } |
1386 | /* XXX what about new-format keys? */ | 1435 | |
1387 | if (private->type != KEY_RSA1) { | 1436 | if (private->type != KEY_RSA1 && private->type != KEY_ED25519 && |
1388 | error("Comments are only supported for RSA1 keys."); | 1437 | !use_new_format) { |
1438 | error("Comments are only supported for RSA1 or keys stored in " | ||
1439 | "the new format (-o)."); | ||
1389 | explicit_bzero(passphrase, strlen(passphrase)); | 1440 | explicit_bzero(passphrase, strlen(passphrase)); |
1390 | sshkey_free(private); | 1441 | sshkey_free(private); |
1391 | exit(1); | 1442 | exit(1); |
@@ -1441,44 +1492,6 @@ do_change_comment(struct passwd *pw) | |||
1441 | exit(0); | 1492 | exit(0); |
1442 | } | 1493 | } |
1443 | 1494 | ||
1444 | static const char * | ||
1445 | fmt_validity(u_int64_t valid_from, u_int64_t valid_to) | ||
1446 | { | ||
1447 | char from[32], to[32]; | ||
1448 | static char ret[64]; | ||
1449 | time_t tt; | ||
1450 | struct tm *tm; | ||
1451 | |||
1452 | *from = *to = '\0'; | ||
1453 | if (valid_from == 0 && valid_to == 0xffffffffffffffffULL) | ||
1454 | return "forever"; | ||
1455 | |||
1456 | if (valid_from != 0) { | ||
1457 | /* XXX revisit INT_MAX in 2038 :) */ | ||
1458 | tt = valid_from > INT_MAX ? INT_MAX : valid_from; | ||
1459 | tm = localtime(&tt); | ||
1460 | strftime(from, sizeof(from), "%Y-%m-%dT%H:%M:%S", tm); | ||
1461 | } | ||
1462 | if (valid_to != 0xffffffffffffffffULL) { | ||
1463 | /* XXX revisit INT_MAX in 2038 :) */ | ||
1464 | tt = valid_to > INT_MAX ? INT_MAX : valid_to; | ||
1465 | tm = localtime(&tt); | ||
1466 | strftime(to, sizeof(to), "%Y-%m-%dT%H:%M:%S", tm); | ||
1467 | } | ||
1468 | |||
1469 | if (valid_from == 0) { | ||
1470 | snprintf(ret, sizeof(ret), "before %s", to); | ||
1471 | return ret; | ||
1472 | } | ||
1473 | if (valid_to == 0xffffffffffffffffULL) { | ||
1474 | snprintf(ret, sizeof(ret), "after %s", from); | ||
1475 | return ret; | ||
1476 | } | ||
1477 | |||
1478 | snprintf(ret, sizeof(ret), "from %s to %s", from, to); | ||
1479 | return ret; | ||
1480 | } | ||
1481 | |||
1482 | static void | 1495 | static void |
1483 | add_flag_option(struct sshbuf *c, const char *name) | 1496 | add_flag_option(struct sshbuf *c, const char *name) |
1484 | { | 1497 | { |
@@ -1572,7 +1585,7 @@ do_ca_sign(struct passwd *pw, int argc, char **argv) | |||
1572 | int r, i, fd; | 1585 | int r, i, fd; |
1573 | u_int n; | 1586 | u_int n; |
1574 | struct sshkey *ca, *public; | 1587 | struct sshkey *ca, *public; |
1575 | char *otmp, *tmp, *cp, *out, *comment, **plist = NULL; | 1588 | char valid[64], *otmp, *tmp, *cp, *out, *comment, **plist = NULL; |
1576 | FILE *f; | 1589 | FILE *f; |
1577 | 1590 | ||
1578 | #ifdef ENABLE_PKCS11 | 1591 | #ifdef ENABLE_PKCS11 |
@@ -1647,13 +1660,15 @@ do_ca_sign(struct passwd *pw, int argc, char **argv) | |||
1647 | fclose(f); | 1660 | fclose(f); |
1648 | 1661 | ||
1649 | if (!quiet) { | 1662 | if (!quiet) { |
1663 | sshkey_format_cert_validity(public->cert, | ||
1664 | valid, sizeof(valid)); | ||
1650 | logit("Signed %s key %s: id \"%s\" serial %llu%s%s " | 1665 | logit("Signed %s key %s: id \"%s\" serial %llu%s%s " |
1651 | "valid %s", sshkey_cert_type(public), | 1666 | "valid %s", sshkey_cert_type(public), |
1652 | out, public->cert->key_id, | 1667 | out, public->cert->key_id, |
1653 | (unsigned long long)public->cert->serial, | 1668 | (unsigned long long)public->cert->serial, |
1654 | cert_principals != NULL ? " for " : "", | 1669 | cert_principals != NULL ? " for " : "", |
1655 | cert_principals != NULL ? cert_principals : "", | 1670 | cert_principals != NULL ? cert_principals : "", |
1656 | fmt_validity(cert_valid_from, cert_valid_to)); | 1671 | valid); |
1657 | } | 1672 | } |
1658 | 1673 | ||
1659 | sshkey_free(public); | 1674 | sshkey_free(public); |
@@ -1687,7 +1702,7 @@ parse_absolute_time(const char *s) | |||
1687 | char buf[32], *fmt; | 1702 | char buf[32], *fmt; |
1688 | 1703 | ||
1689 | /* | 1704 | /* |
1690 | * POSIX strptime says "The application shall ensure that there | 1705 | * POSIX strptime says "The application shall ensure that there |
1691 | * is white-space or other non-alphanumeric characters between | 1706 | * is white-space or other non-alphanumeric characters between |
1692 | * any two conversion specifications" so arrange things this way. | 1707 | * any two conversion specifications" so arrange things this way. |
1693 | */ | 1708 | */ |
@@ -1851,31 +1866,18 @@ show_options(struct sshbuf *optbuf, int in_critical) | |||
1851 | } | 1866 | } |
1852 | 1867 | ||
1853 | static void | 1868 | static void |
1854 | do_show_cert(struct passwd *pw) | 1869 | print_cert(struct sshkey *key) |
1855 | { | 1870 | { |
1856 | struct sshkey *key; | 1871 | char valid[64], *key_fp, *ca_fp; |
1857 | struct stat st; | ||
1858 | char *key_fp, *ca_fp; | ||
1859 | u_int i; | 1872 | u_int i; |
1860 | int r; | ||
1861 | |||
1862 | if (!have_identity) | ||
1863 | ask_filename(pw, "Enter file in which the key is"); | ||
1864 | if (stat(identity_file, &st) < 0) | ||
1865 | fatal("%s: %s: %s", __progname, identity_file, strerror(errno)); | ||
1866 | if ((r = sshkey_load_public(identity_file, &key, NULL)) != 0) | ||
1867 | fatal("Cannot load public key \"%s\": %s", | ||
1868 | identity_file, ssh_err(r)); | ||
1869 | if (!sshkey_is_cert(key)) | ||
1870 | fatal("%s is not a certificate", identity_file); | ||
1871 | 1873 | ||
1872 | key_fp = sshkey_fingerprint(key, fingerprint_hash, SSH_FP_DEFAULT); | 1874 | key_fp = sshkey_fingerprint(key, fingerprint_hash, SSH_FP_DEFAULT); |
1873 | ca_fp = sshkey_fingerprint(key->cert->signature_key, | 1875 | ca_fp = sshkey_fingerprint(key->cert->signature_key, |
1874 | fingerprint_hash, SSH_FP_DEFAULT); | 1876 | fingerprint_hash, SSH_FP_DEFAULT); |
1875 | if (key_fp == NULL || ca_fp == NULL) | 1877 | if (key_fp == NULL || ca_fp == NULL) |
1876 | fatal("%s: sshkey_fingerprint fail", __func__); | 1878 | fatal("%s: sshkey_fingerprint fail", __func__); |
1879 | sshkey_format_cert_validity(key->cert, valid, sizeof(valid)); | ||
1877 | 1880 | ||
1878 | printf("%s:\n", identity_file); | ||
1879 | printf(" Type: %s %s certificate\n", sshkey_ssh_name(key), | 1881 | printf(" Type: %s %s certificate\n", sshkey_ssh_name(key), |
1880 | sshkey_cert_type(key)); | 1882 | sshkey_cert_type(key)); |
1881 | printf(" Public key: %s %s\n", sshkey_type(key), key_fp); | 1883 | printf(" Public key: %s %s\n", sshkey_type(key), key_fp); |
@@ -1883,8 +1885,7 @@ do_show_cert(struct passwd *pw) | |||
1883 | sshkey_type(key->cert->signature_key), ca_fp); | 1885 | sshkey_type(key->cert->signature_key), ca_fp); |
1884 | printf(" Key ID: \"%s\"\n", key->cert->key_id); | 1886 | printf(" Key ID: \"%s\"\n", key->cert->key_id); |
1885 | printf(" Serial: %llu\n", (unsigned long long)key->cert->serial); | 1887 | printf(" Serial: %llu\n", (unsigned long long)key->cert->serial); |
1886 | printf(" Valid: %s\n", | 1888 | printf(" Valid: %s\n", valid); |
1887 | fmt_validity(key->cert->valid_after, key->cert->valid_before)); | ||
1888 | printf(" Principals: "); | 1889 | printf(" Principals: "); |
1889 | if (key->cert->nprincipals == 0) | 1890 | if (key->cert->nprincipals == 0) |
1890 | printf("(none)\n"); | 1891 | printf("(none)\n"); |
@@ -1908,7 +1909,60 @@ do_show_cert(struct passwd *pw) | |||
1908 | printf("\n"); | 1909 | printf("\n"); |
1909 | show_options(key->cert->extensions, 0); | 1910 | show_options(key->cert->extensions, 0); |
1910 | } | 1911 | } |
1911 | exit(0); | 1912 | } |
1913 | |||
1914 | static void | ||
1915 | do_show_cert(struct passwd *pw) | ||
1916 | { | ||
1917 | struct sshkey *key = NULL; | ||
1918 | struct stat st; | ||
1919 | int r, is_stdin = 0, ok = 0; | ||
1920 | FILE *f; | ||
1921 | char *cp, line[SSH_MAX_PUBKEY_BYTES]; | ||
1922 | const char *path; | ||
1923 | long int lnum = 0; | ||
1924 | |||
1925 | if (!have_identity) | ||
1926 | ask_filename(pw, "Enter file in which the key is"); | ||
1927 | if (strcmp(identity_file, "-") != 0 && stat(identity_file, &st) < 0) | ||
1928 | fatal("%s: %s: %s", __progname, identity_file, strerror(errno)); | ||
1929 | |||
1930 | path = identity_file; | ||
1931 | if (strcmp(path, "-") == 0) { | ||
1932 | f = stdin; | ||
1933 | path = "(stdin)"; | ||
1934 | is_stdin = 1; | ||
1935 | } else if ((f = fopen(identity_file, "r")) == NULL) | ||
1936 | fatal("fopen %s: %s", identity_file, strerror(errno)); | ||
1937 | |||
1938 | while (read_keyfile_line(f, path, line, sizeof(line), &lnum) == 0) { | ||
1939 | sshkey_free(key); | ||
1940 | key = NULL; | ||
1941 | /* Trim leading space and comments */ | ||
1942 | cp = line + strspn(line, " \t"); | ||
1943 | if (*cp == '#' || *cp == '\0') | ||
1944 | continue; | ||
1945 | if ((key = sshkey_new(KEY_UNSPEC)) == NULL) | ||
1946 | fatal("key_new"); | ||
1947 | if ((r = sshkey_read(key, &cp)) != 0) { | ||
1948 | error("%s:%lu: invalid key: %s", path, | ||
1949 | lnum, ssh_err(r)); | ||
1950 | continue; | ||
1951 | } | ||
1952 | if (!sshkey_is_cert(key)) { | ||
1953 | error("%s:%lu is not a certificate", path, lnum); | ||
1954 | continue; | ||
1955 | } | ||
1956 | ok = 1; | ||
1957 | if (!is_stdin && lnum == 1) | ||
1958 | printf("%s:\n", path); | ||
1959 | else | ||
1960 | printf("%s:%lu:\n", path, lnum); | ||
1961 | print_cert(key); | ||
1962 | } | ||
1963 | sshkey_free(key); | ||
1964 | fclose(f); | ||
1965 | exit(ok ? 0 : 1); | ||
1912 | } | 1966 | } |
1913 | 1967 | ||
1914 | static void | 1968 | static void |
@@ -2112,8 +2166,7 @@ do_gen_krl(struct passwd *pw, int updating, int argc, char **argv) | |||
2112 | close(fd); | 2166 | close(fd); |
2113 | sshbuf_free(kbuf); | 2167 | sshbuf_free(kbuf); |
2114 | ssh_krl_free(krl); | 2168 | ssh_krl_free(krl); |
2115 | if (ca != NULL) | 2169 | sshkey_free(ca); |
2116 | sshkey_free(ca); | ||
2117 | } | 2170 | } |
2118 | 2171 | ||
2119 | static void | 2172 | static void |
@@ -2208,6 +2261,7 @@ main(int argc, char **argv) | |||
2208 | extern int optind; | 2261 | extern int optind; |
2209 | extern char *optarg; | 2262 | extern char *optarg; |
2210 | 2263 | ||
2264 | ssh_malloc_init(); /* must be called before any mallocs */ | ||
2211 | /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ | 2265 | /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ |
2212 | sanitise_stdfd(); | 2266 | sanitise_stdfd(); |
2213 | 2267 | ||
diff --git a/ssh-keyscan.0 b/ssh-keyscan.0 index 500c1dd30..5578cc504 100644 --- a/ssh-keyscan.0 +++ b/ssh-keyscan.0 | |||
@@ -4,7 +4,7 @@ NAME | |||
4 | ssh-keyscan M-bM-^@M-^S gather ssh public keys | 4 | ssh-keyscan M-bM-^@M-^S gather ssh public keys |
5 | 5 | ||
6 | SYNOPSIS | 6 | SYNOPSIS |
7 | ssh-keyscan [-46Hv] [-f file] [-p port] [-T timeout] [-t type] | 7 | ssh-keyscan [-46cHv] [-f file] [-p port] [-T timeout] [-t type] |
8 | [host | addrlist namelist] ... | 8 | [host | addrlist namelist] ... |
9 | 9 | ||
10 | DESCRIPTION | 10 | DESCRIPTION |
@@ -26,6 +26,8 @@ DESCRIPTION | |||
26 | 26 | ||
27 | -6 Forces ssh-keyscan to use IPv6 addresses only. | 27 | -6 Forces ssh-keyscan to use IPv6 addresses only. |
28 | 28 | ||
29 | -c Request certificates from target hosts instead of plain keys. | ||
30 | |||
29 | -f file | 31 | -f file |
30 | Read hosts or M-bM-^@M-^\addrlist namelistM-bM-^@M-^] pairs from file, one per line. | 32 | Read hosts or M-bM-^@M-^\addrlist namelistM-bM-^@M-^] pairs from file, one per line. |
31 | If - is supplied instead of a filename, ssh-keyscan will read | 33 | If - is supplied instead of a filename, ssh-keyscan will read |
@@ -106,4 +108,4 @@ BUGS | |||
106 | This is because it opens a connection to the ssh port, reads the public | 108 | This is because it opens a connection to the ssh port, reads the public |
107 | key, and drops the connection as soon as it gets the key. | 109 | key, and drops the connection as soon as it gets the key. |
108 | 110 | ||
109 | OpenBSD 5.8 August 30, 2014 OpenBSD 5.8 | 111 | OpenBSD 5.9 November 8, 2015 OpenBSD 5.9 |
diff --git a/ssh-keyscan.1 b/ssh-keyscan.1 index 6bbc480cd..d29d9d906 100644 --- a/ssh-keyscan.1 +++ b/ssh-keyscan.1 | |||
@@ -1,4 +1,4 @@ | |||
1 | .\" $OpenBSD: ssh-keyscan.1,v 1.36 2014/08/30 15:33:50 sobrado Exp $ | 1 | .\" $OpenBSD: ssh-keyscan.1,v 1.38 2015/11/08 23:24:03 jmc Exp $ |
2 | .\" | 2 | .\" |
3 | .\" Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. | 3 | .\" Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. |
4 | .\" | 4 | .\" |
@@ -6,7 +6,7 @@ | |||
6 | .\" permitted provided that due credit is given to the author and the | 6 | .\" permitted provided that due credit is given to the author and the |
7 | .\" OpenBSD project by leaving this copyright notice intact. | 7 | .\" OpenBSD project by leaving this copyright notice intact. |
8 | .\" | 8 | .\" |
9 | .Dd $Mdocdate: August 30 2014 $ | 9 | .Dd $Mdocdate: November 8 2015 $ |
10 | .Dt SSH-KEYSCAN 1 | 10 | .Dt SSH-KEYSCAN 1 |
11 | .Os | 11 | .Os |
12 | .Sh NAME | 12 | .Sh NAME |
@@ -15,7 +15,7 @@ | |||
15 | .Sh SYNOPSIS | 15 | .Sh SYNOPSIS |
16 | .Nm ssh-keyscan | 16 | .Nm ssh-keyscan |
17 | .Bk -words | 17 | .Bk -words |
18 | .Op Fl 46Hv | 18 | .Op Fl 46cHv |
19 | .Op Fl f Ar file | 19 | .Op Fl f Ar file |
20 | .Op Fl p Ar port | 20 | .Op Fl p Ar port |
21 | .Op Fl T Ar timeout | 21 | .Op Fl T Ar timeout |
@@ -54,6 +54,8 @@ to use IPv4 addresses only. | |||
54 | Forces | 54 | Forces |
55 | .Nm | 55 | .Nm |
56 | to use IPv6 addresses only. | 56 | to use IPv6 addresses only. |
57 | .It Fl c | ||
58 | Request certificates from target hosts instead of plain keys. | ||
57 | .It Fl f Ar file | 59 | .It Fl f Ar file |
58 | Read hosts or | 60 | Read hosts or |
59 | .Dq addrlist namelist | 61 | .Dq addrlist namelist |
diff --git a/ssh-keyscan.c b/ssh-keyscan.c index 57d88429b..7fe61e4e1 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-keyscan.c,v 1.101 2015/04/10 00:08:55 djm Exp $ */ | 1 | /* $OpenBSD: ssh-keyscan.c,v 1.105 2016/02/15 09:47:49 dtucker Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. | 3 | * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. |
4 | * | 4 | * |
@@ -60,6 +60,7 @@ int ssh_port = SSH_DEFAULT_PORT; | |||
60 | #define KT_ECDSA 8 | 60 | #define KT_ECDSA 8 |
61 | #define KT_ED25519 16 | 61 | #define KT_ED25519 16 |
62 | 62 | ||
63 | int get_cert = 0; | ||
63 | int get_keytypes = KT_RSA|KT_ECDSA|KT_ED25519; | 64 | int get_keytypes = KT_RSA|KT_ECDSA|KT_ED25519; |
64 | 65 | ||
65 | int hash_hosts = 0; /* Hash hostname on output */ | 66 | int hash_hosts = 0; /* Hash hostname on output */ |
@@ -267,11 +268,32 @@ keygrab_ssh2(con *c) | |||
267 | int r; | 268 | int r; |
268 | 269 | ||
269 | enable_compat20(); | 270 | enable_compat20(); |
270 | myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = | 271 | switch (c->c_keytype) { |
271 | c->c_keytype == KT_DSA ? "ssh-dss" : | 272 | case KT_DSA: |
272 | (c->c_keytype == KT_RSA ? "ssh-rsa" : | 273 | myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = get_cert ? |
273 | (c->c_keytype == KT_ED25519 ? "ssh-ed25519" : | 274 | "ssh-dss-cert-v01@openssh.com" : "ssh-dss"; |
274 | "ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521")); | 275 | break; |
276 | case KT_RSA: | ||
277 | myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = get_cert ? | ||
278 | "ssh-rsa-cert-v01@openssh.com" : "ssh-rsa"; | ||
279 | break; | ||
280 | case KT_ED25519: | ||
281 | myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = get_cert ? | ||
282 | "ssh-ed25519-cert-v01@openssh.com" : "ssh-ed25519"; | ||
283 | break; | ||
284 | case KT_ECDSA: | ||
285 | myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = get_cert ? | ||
286 | "ecdsa-sha2-nistp256-cert-v01@openssh.com," | ||
287 | "ecdsa-sha2-nistp384-cert-v01@openssh.com," | ||
288 | "ecdsa-sha2-nistp521-cert-v01@openssh.com" : | ||
289 | "ecdsa-sha2-nistp256," | ||
290 | "ecdsa-sha2-nistp384," | ||
291 | "ecdsa-sha2-nistp521"; | ||
292 | break; | ||
293 | default: | ||
294 | fatal("unknown key type %d", c->c_keytype); | ||
295 | break; | ||
296 | } | ||
275 | if ((r = kex_setup(c->c_ssh, myproposal)) != 0) { | 297 | if ((r = kex_setup(c->c_ssh, myproposal)) != 0) { |
276 | free(c->c_ssh); | 298 | free(c->c_ssh); |
277 | fprintf(stderr, "kex_setup: %s\n", ssh_err(r)); | 299 | fprintf(stderr, "kex_setup: %s\n", ssh_err(r)); |
@@ -296,23 +318,39 @@ keygrab_ssh2(con *c) | |||
296 | } | 318 | } |
297 | 319 | ||
298 | static void | 320 | static void |
299 | keyprint(con *c, struct sshkey *key) | 321 | keyprint_one(char *host, struct sshkey *key) |
300 | { | 322 | { |
301 | char *host = c->c_output_name ? c->c_output_name : c->c_name; | 323 | char *hostport; |
302 | char *hostport = NULL; | ||
303 | 324 | ||
304 | if (!key) | ||
305 | return; | ||
306 | if (hash_hosts && (host = host_hash(host, NULL, 0)) == NULL) | 325 | if (hash_hosts && (host = host_hash(host, NULL, 0)) == NULL) |
307 | fatal("host_hash failed"); | 326 | fatal("host_hash failed"); |
308 | 327 | ||
309 | hostport = put_host_port(host, ssh_port); | 328 | hostport = put_host_port(host, ssh_port); |
310 | fprintf(stdout, "%s ", hostport); | 329 | if (!get_cert) |
330 | fprintf(stdout, "%s ", hostport); | ||
311 | sshkey_write(key, stdout); | 331 | sshkey_write(key, stdout); |
312 | fputs("\n", stdout); | 332 | fputs("\n", stdout); |
313 | free(hostport); | 333 | free(hostport); |
314 | } | 334 | } |
315 | 335 | ||
336 | static void | ||
337 | keyprint(con *c, struct sshkey *key) | ||
338 | { | ||
339 | char *hosts = c->c_output_name ? c->c_output_name : c->c_name; | ||
340 | char *host, *ohosts; | ||
341 | |||
342 | if (key == NULL) | ||
343 | return; | ||
344 | if (get_cert || (!hash_hosts && ssh_port == SSH_DEFAULT_PORT)) { | ||
345 | keyprint_one(hosts, key); | ||
346 | return; | ||
347 | } | ||
348 | ohosts = hosts = xstrdup(hosts); | ||
349 | while ((host = strsep(&hosts, ",")) != NULL) | ||
350 | keyprint_one(host, key); | ||
351 | free(ohosts); | ||
352 | } | ||
353 | |||
316 | static int | 354 | static int |
317 | tcpconnect(char *host) | 355 | tcpconnect(char *host) |
318 | { | 356 | { |
@@ -369,6 +407,7 @@ conalloc(char *iname, char *oname, int keytype) | |||
369 | if (fdcon[s].c_status) | 407 | if (fdcon[s].c_status) |
370 | fatal("conalloc: attempt to reuse fdno %d", s); | 408 | fatal("conalloc: attempt to reuse fdno %d", s); |
371 | 409 | ||
410 | debug3("%s: oname %s kt %d", __func__, oname, keytype); | ||
372 | fdcon[s].c_fd = s; | 411 | fdcon[s].c_fd = s; |
373 | fdcon[s].c_status = CS_CON; | 412 | fdcon[s].c_status = CS_CON; |
374 | fdcon[s].c_namebase = namebase; | 413 | fdcon[s].c_namebase = namebase; |
@@ -639,7 +678,7 @@ static void | |||
639 | usage(void) | 678 | usage(void) |
640 | { | 679 | { |
641 | fprintf(stderr, | 680 | fprintf(stderr, |
642 | "usage: %s [-46Hv] [-f file] [-p port] [-T timeout] [-t type]\n" | 681 | "usage: %s [-46cHv] [-f file] [-p port] [-T timeout] [-t type]\n" |
643 | "\t\t [host | addrlist namelist] ...\n", | 682 | "\t\t [host | addrlist namelist] ...\n", |
644 | __progname); | 683 | __progname); |
645 | exit(1); | 684 | exit(1); |
@@ -657,6 +696,7 @@ main(int argc, char **argv) | |||
657 | extern int optind; | 696 | extern int optind; |
658 | extern char *optarg; | 697 | extern char *optarg; |
659 | 698 | ||
699 | ssh_malloc_init(); /* must be called before any mallocs */ | ||
660 | __progname = ssh_get_progname(argv[0]); | 700 | __progname = ssh_get_progname(argv[0]); |
661 | seed_rng(); | 701 | seed_rng(); |
662 | TAILQ_INIT(&tq); | 702 | TAILQ_INIT(&tq); |
@@ -667,11 +707,14 @@ main(int argc, char **argv) | |||
667 | if (argc <= 1) | 707 | if (argc <= 1) |
668 | usage(); | 708 | usage(); |
669 | 709 | ||
670 | while ((opt = getopt(argc, argv, "Hv46p:T:t:f:")) != -1) { | 710 | while ((opt = getopt(argc, argv, "cHv46p:T:t:f:")) != -1) { |
671 | switch (opt) { | 711 | switch (opt) { |
672 | case 'H': | 712 | case 'H': |
673 | hash_hosts = 1; | 713 | hash_hosts = 1; |
674 | break; | 714 | break; |
715 | case 'c': | ||
716 | get_cert = 1; | ||
717 | break; | ||
675 | case 'p': | 718 | case 'p': |
676 | ssh_port = a2port(optarg); | 719 | ssh_port = a2port(optarg); |
677 | if (ssh_port <= 0) { | 720 | if (ssh_port <= 0) { |
diff --git a/ssh-keysign.0 b/ssh-keysign.0 index 7db72c714..65d75f313 100644 --- a/ssh-keysign.0 +++ b/ssh-keysign.0 | |||
@@ -8,8 +8,7 @@ SYNOPSIS | |||
8 | 8 | ||
9 | DESCRIPTION | 9 | DESCRIPTION |
10 | ssh-keysign is used by ssh(1) to access the local host keys and generate | 10 | ssh-keysign is used by ssh(1) to access the local host keys and generate |
11 | the digital signature required during host-based authentication with SSH | 11 | the digital signature required during host-based authentication. |
12 | protocol version 2. | ||
13 | 12 | ||
14 | ssh-keysign is disabled by default and can only be enabled in the global | 13 | ssh-keysign is disabled by default and can only be enabled in the global |
15 | client configuration file /etc/ssh/ssh_config by setting EnableSSHKeysign | 14 | client configuration file /etc/ssh/ssh_config by setting EnableSSHKeysign |
@@ -50,4 +49,4 @@ HISTORY | |||
50 | AUTHORS | 49 | AUTHORS |
51 | Markus Friedl <markus@openbsd.org> | 50 | Markus Friedl <markus@openbsd.org> |
52 | 51 | ||
53 | OpenBSD 5.8 December 7, 2013 OpenBSD 5.8 | 52 | OpenBSD 5.9 February 17, 2016 OpenBSD 5.9 |
diff --git a/ssh-keysign.8 b/ssh-keysign.8 index 69d082954..19b0dbc53 100644 --- a/ssh-keysign.8 +++ b/ssh-keysign.8 | |||
@@ -1,4 +1,4 @@ | |||
1 | .\" $OpenBSD: ssh-keysign.8,v 1.14 2013/12/07 11:58:46 naddy Exp $ | 1 | .\" $OpenBSD: ssh-keysign.8,v 1.15 2016/02/17 07:38:19 jmc Exp $ |
2 | .\" | 2 | .\" |
3 | .\" Copyright (c) 2002 Markus Friedl. All rights reserved. | 3 | .\" Copyright (c) 2002 Markus Friedl. All rights reserved. |
4 | .\" | 4 | .\" |
@@ -22,7 +22,7 @@ | |||
22 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 22 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
23 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 23 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
24 | .\" | 24 | .\" |
25 | .Dd $Mdocdate: December 7 2013 $ | 25 | .Dd $Mdocdate: February 17 2016 $ |
26 | .Dt SSH-KEYSIGN 8 | 26 | .Dt SSH-KEYSIGN 8 |
27 | .Os | 27 | .Os |
28 | .Sh NAME | 28 | .Sh NAME |
@@ -35,7 +35,7 @@ | |||
35 | is used by | 35 | is used by |
36 | .Xr ssh 1 | 36 | .Xr ssh 1 |
37 | to access the local host keys and generate the digital signature | 37 | to access the local host keys and generate the digital signature |
38 | required during host-based authentication with SSH protocol version 2. | 38 | required during host-based authentication. |
39 | .Pp | 39 | .Pp |
40 | .Nm | 40 | .Nm |
41 | is disabled by default and can only be enabled in the | 41 | is disabled by default and can only be enabled in the |
diff --git a/ssh-keysign.c b/ssh-keysign.c index 1dca3e289..ac5034de8 100644 --- a/ssh-keysign.c +++ b/ssh-keysign.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-keysign.c,v 1.49 2015/07/03 03:56:25 djm Exp $ */ | 1 | /* $OpenBSD: ssh-keysign.c,v 1.52 2016/02/15 09:47:49 dtucker Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2002 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2002 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -34,6 +34,7 @@ | |||
34 | #include <stdlib.h> | 34 | #include <stdlib.h> |
35 | #include <string.h> | 35 | #include <string.h> |
36 | #include <unistd.h> | 36 | #include <unistd.h> |
37 | #include <errno.h> | ||
37 | 38 | ||
38 | #ifdef WITH_OPENSSL | 39 | #ifdef WITH_OPENSSL |
39 | #include <openssl/evp.h> | 40 | #include <openssl/evp.h> |
@@ -59,6 +60,8 @@ | |||
59 | 60 | ||
60 | struct ssh *active_state = NULL; /* XXX needed for linking */ | 61 | struct ssh *active_state = NULL; /* XXX needed for linking */ |
61 | 62 | ||
63 | extern char *__progname; | ||
64 | |||
62 | /* XXX readconf.c needs these */ | 65 | /* XXX readconf.c needs these */ |
63 | uid_t original_real_uid; | 66 | uid_t original_real_uid; |
64 | 67 | ||
@@ -179,6 +182,10 @@ main(int argc, char **argv) | |||
179 | u_int32_t rnd[256]; | 182 | u_int32_t rnd[256]; |
180 | #endif | 183 | #endif |
181 | 184 | ||
185 | ssh_malloc_init(); /* must be called before any mallocs */ | ||
186 | if (pledge("stdio rpath getpw dns id", NULL) != 0) | ||
187 | fatal("%s: pledge: %s", __progname, strerror(errno)); | ||
188 | |||
182 | /* Ensure that stdin and stdout are connected */ | 189 | /* Ensure that stdin and stdout are connected */ |
183 | if ((fd = open(_PATH_DEVNULL, O_RDWR)) < 2) | 190 | if ((fd = open(_PATH_DEVNULL, O_RDWR)) < 2) |
184 | exit(1); | 191 | exit(1); |
@@ -245,23 +252,26 @@ main(int argc, char **argv) | |||
245 | if (!found) | 252 | if (!found) |
246 | fatal("no hostkey found"); | 253 | fatal("no hostkey found"); |
247 | 254 | ||
255 | if (pledge("stdio dns", NULL) != 0) | ||
256 | fatal("%s: pledge: %s", __progname, strerror(errno)); | ||
257 | |||
248 | if ((b = sshbuf_new()) == NULL) | 258 | if ((b = sshbuf_new()) == NULL) |
249 | fatal("%s: sshbuf_new failed", __func__); | 259 | fatal("%s: sshbuf_new failed", __progname); |
250 | if (ssh_msg_recv(STDIN_FILENO, b) < 0) | 260 | if (ssh_msg_recv(STDIN_FILENO, b) < 0) |
251 | fatal("ssh_msg_recv failed"); | 261 | fatal("ssh_msg_recv failed"); |
252 | if ((r = sshbuf_get_u8(b, &rver)) != 0) | 262 | if ((r = sshbuf_get_u8(b, &rver)) != 0) |
253 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | 263 | fatal("%s: buffer error: %s", __progname, ssh_err(r)); |
254 | if (rver != version) | 264 | if (rver != version) |
255 | fatal("bad version: received %d, expected %d", rver, version); | 265 | fatal("bad version: received %d, expected %d", rver, version); |
256 | if ((r = sshbuf_get_u32(b, (u_int *)&fd)) != 0) | 266 | if ((r = sshbuf_get_u32(b, (u_int *)&fd)) != 0) |
257 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | 267 | fatal("%s: buffer error: %s", __progname, ssh_err(r)); |
258 | if (fd < 0 || fd == STDIN_FILENO || fd == STDOUT_FILENO) | 268 | if (fd < 0 || fd == STDIN_FILENO || fd == STDOUT_FILENO) |
259 | fatal("bad fd"); | 269 | fatal("bad fd"); |
260 | if ((host = get_local_name(fd)) == NULL) | 270 | if ((host = get_local_name(fd)) == NULL) |
261 | fatal("cannot get local name for fd"); | 271 | fatal("cannot get local name for fd"); |
262 | 272 | ||
263 | if ((r = sshbuf_get_string(b, &data, &dlen)) != 0) | 273 | if ((r = sshbuf_get_string(b, &data, &dlen)) != 0) |
264 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | 274 | fatal("%s: buffer error: %s", __progname, ssh_err(r)); |
265 | if (valid_request(pw, host, &key, data, dlen) < 0) | 275 | if (valid_request(pw, host, &key, data, dlen) < 0) |
266 | fatal("not a valid request"); | 276 | fatal("not a valid request"); |
267 | free(host); | 277 | free(host); |
@@ -277,19 +287,20 @@ main(int argc, char **argv) | |||
277 | if (!found) { | 287 | if (!found) { |
278 | if ((fp = sshkey_fingerprint(key, options.fingerprint_hash, | 288 | if ((fp = sshkey_fingerprint(key, options.fingerprint_hash, |
279 | SSH_FP_DEFAULT)) == NULL) | 289 | SSH_FP_DEFAULT)) == NULL) |
280 | fatal("%s: sshkey_fingerprint failed", __func__); | 290 | fatal("%s: sshkey_fingerprint failed", __progname); |
281 | fatal("no matching hostkey found for key %s %s", | 291 | fatal("no matching hostkey found for key %s %s", |
282 | sshkey_type(key), fp ? fp : ""); | 292 | sshkey_type(key), fp ? fp : ""); |
283 | } | 293 | } |
284 | 294 | ||
285 | if ((r = sshkey_sign(keys[i], &signature, &slen, data, dlen, 0)) != 0) | 295 | if ((r = sshkey_sign(keys[i], &signature, &slen, data, dlen, NULL, 0)) |
296 | != 0) | ||
286 | fatal("sshkey_sign failed: %s", ssh_err(r)); | 297 | fatal("sshkey_sign failed: %s", ssh_err(r)); |
287 | free(data); | 298 | free(data); |
288 | 299 | ||
289 | /* send reply */ | 300 | /* send reply */ |
290 | sshbuf_reset(b); | 301 | sshbuf_reset(b); |
291 | if ((r = sshbuf_put_string(b, signature, slen)) != 0) | 302 | if ((r = sshbuf_put_string(b, signature, slen)) != 0) |
292 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | 303 | fatal("%s: buffer error: %s", __progname, ssh_err(r)); |
293 | if (ssh_msg_send(STDOUT_FILENO, version, b) == -1) | 304 | if (ssh_msg_send(STDOUT_FILENO, version, b) == -1) |
294 | fatal("ssh_msg_send failed"); | 305 | fatal("ssh_msg_send failed"); |
295 | 306 | ||
diff --git a/ssh-pkcs11-client.c b/ssh-pkcs11-client.c index 8c74864aa..fac0167e6 100644 --- a/ssh-pkcs11-client.c +++ b/ssh-pkcs11-client.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-pkcs11-client.c,v 1.5 2014/06/24 01:13:21 djm Exp $ */ | 1 | /* $OpenBSD: ssh-pkcs11-client.c,v 1.6 2015/12/11 00:20:04 mmcc Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2010 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2010 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -173,7 +173,7 @@ pkcs11_start_helper(void) | |||
173 | close(pair[0]); | 173 | close(pair[0]); |
174 | close(pair[1]); | 174 | close(pair[1]); |
175 | execlp(_PATH_SSH_PKCS11_HELPER, _PATH_SSH_PKCS11_HELPER, | 175 | execlp(_PATH_SSH_PKCS11_HELPER, _PATH_SSH_PKCS11_HELPER, |
176 | (char *) 0); | 176 | (char *)NULL); |
177 | fprintf(stderr, "exec: %s: %s\n", _PATH_SSH_PKCS11_HELPER, | 177 | fprintf(stderr, "exec: %s: %s\n", _PATH_SSH_PKCS11_HELPER, |
178 | strerror(errno)); | 178 | strerror(errno)); |
179 | _exit(1); | 179 | _exit(1); |
diff --git a/ssh-pkcs11-helper.0 b/ssh-pkcs11-helper.0 index 7fac805ff..47aa7bdcd 100644 --- a/ssh-pkcs11-helper.0 +++ b/ssh-pkcs11-helper.0 | |||
@@ -22,4 +22,4 @@ HISTORY | |||
22 | AUTHORS | 22 | AUTHORS |
23 | Markus Friedl <markus@openbsd.org> | 23 | Markus Friedl <markus@openbsd.org> |
24 | 24 | ||
25 | OpenBSD 5.8 July 16, 2013 OpenBSD 5.8 | 25 | OpenBSD 5.9 July 16, 2013 OpenBSD 5.9 |
diff --git a/ssh-pkcs11-helper.c b/ssh-pkcs11-helper.c index f2d586395..53f41c555 100644 --- a/ssh-pkcs11-helper.c +++ b/ssh-pkcs11-helper.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-pkcs11-helper.c,v 1.11 2015/08/20 22:32:42 deraadt Exp $ */ | 1 | /* $OpenBSD: ssh-pkcs11-helper.c,v 1.12 2016/02/15 09:47:49 dtucker Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2010 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2010 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -280,6 +280,7 @@ main(int argc, char **argv) | |||
280 | 280 | ||
281 | extern char *__progname; | 281 | extern char *__progname; |
282 | 282 | ||
283 | ssh_malloc_init(); /* must be called before any mallocs */ | ||
283 | TAILQ_INIT(&pkcs11_keylist); | 284 | TAILQ_INIT(&pkcs11_keylist); |
284 | pkcs11_init(0); | 285 | pkcs11_init(0); |
285 | 286 | ||
diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c index 92614a52d..d1f750db0 100644 --- a/ssh-pkcs11.c +++ b/ssh-pkcs11.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-pkcs11.c,v 1.21 2015/07/18 08:02:17 djm Exp $ */ | 1 | /* $OpenBSD: ssh-pkcs11.c,v 1.22 2016/02/12 00:20:30 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2010 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2010 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -322,8 +322,10 @@ pkcs11_rsa_wrap(struct pkcs11_provider *provider, CK_ULONG slotidx, | |||
322 | k11->slotidx = slotidx; | 322 | k11->slotidx = slotidx; |
323 | /* identify key object on smartcard */ | 323 | /* identify key object on smartcard */ |
324 | k11->keyid_len = keyid_attrib->ulValueLen; | 324 | k11->keyid_len = keyid_attrib->ulValueLen; |
325 | k11->keyid = xmalloc(k11->keyid_len); | 325 | if (k11->keyid_len > 0) { |
326 | memcpy(k11->keyid, keyid_attrib->pValue, k11->keyid_len); | 326 | k11->keyid = xmalloc(k11->keyid_len); |
327 | memcpy(k11->keyid, keyid_attrib->pValue, k11->keyid_len); | ||
328 | } | ||
327 | k11->orig_finish = def->finish; | 329 | k11->orig_finish = def->finish; |
328 | memcpy(&k11->rsa_method, def, sizeof(k11->rsa_method)); | 330 | memcpy(&k11->rsa_method, def, sizeof(k11->rsa_method)); |
329 | k11->rsa_method.name = "pkcs11"; | 331 | k11->rsa_method.name = "pkcs11"; |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-rsa.c,v 1.53 2015/06/15 01:32:50 djm Exp $ */ | 1 | /* $OpenBSD: ssh-rsa.c,v 1.58 2015/12/11 04:21:12 mmcc Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000, 2003 Markus Friedl <markus@openbsd.org> | 3 | * Copyright (c) 2000, 2003 Markus Friedl <markus@openbsd.org> |
4 | * | 4 | * |
@@ -36,16 +36,56 @@ | |||
36 | 36 | ||
37 | static int openssh_RSA_verify(int, u_char *, size_t, u_char *, size_t, RSA *); | 37 | static int openssh_RSA_verify(int, u_char *, size_t, u_char *, size_t, RSA *); |
38 | 38 | ||
39 | static const char * | ||
40 | rsa_hash_alg_ident(int hash_alg) | ||
41 | { | ||
42 | switch (hash_alg) { | ||
43 | case SSH_DIGEST_SHA1: | ||
44 | return "ssh-rsa"; | ||
45 | case SSH_DIGEST_SHA256: | ||
46 | return "rsa-sha2-256"; | ||
47 | case SSH_DIGEST_SHA512: | ||
48 | return "rsa-sha2-512"; | ||
49 | } | ||
50 | return NULL; | ||
51 | } | ||
52 | |||
53 | static int | ||
54 | rsa_hash_alg_from_ident(const char *ident) | ||
55 | { | ||
56 | if (strcmp(ident, "ssh-rsa") == 0) | ||
57 | return SSH_DIGEST_SHA1; | ||
58 | if (strcmp(ident, "rsa-sha2-256") == 0) | ||
59 | return SSH_DIGEST_SHA256; | ||
60 | if (strcmp(ident, "rsa-sha2-512") == 0) | ||
61 | return SSH_DIGEST_SHA512; | ||
62 | return -1; | ||
63 | } | ||
64 | |||
65 | static int | ||
66 | rsa_hash_alg_nid(int type) | ||
67 | { | ||
68 | switch (type) { | ||
69 | case SSH_DIGEST_SHA1: | ||
70 | return NID_sha1; | ||
71 | case SSH_DIGEST_SHA256: | ||
72 | return NID_sha256; | ||
73 | case SSH_DIGEST_SHA512: | ||
74 | return NID_sha512; | ||
75 | default: | ||
76 | return -1; | ||
77 | } | ||
78 | } | ||
79 | |||
39 | /* RSASSA-PKCS1-v1_5 (PKCS #1 v2.0 signature) with SHA1 */ | 80 | /* RSASSA-PKCS1-v1_5 (PKCS #1 v2.0 signature) with SHA1 */ |
40 | int | 81 | int |
41 | ssh_rsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, | 82 | ssh_rsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, |
42 | const u_char *data, size_t datalen, u_int compat) | 83 | const u_char *data, size_t datalen, const char *alg_ident) |
43 | { | 84 | { |
44 | int hash_alg; | ||
45 | u_char digest[SSH_DIGEST_MAX_LENGTH], *sig = NULL; | 85 | u_char digest[SSH_DIGEST_MAX_LENGTH], *sig = NULL; |
46 | size_t slen; | 86 | size_t slen; |
47 | u_int dlen, len; | 87 | u_int dlen, len; |
48 | int nid, ret = SSH_ERR_INTERNAL_ERROR; | 88 | int nid, hash_alg, ret = SSH_ERR_INTERNAL_ERROR; |
49 | struct sshbuf *b = NULL; | 89 | struct sshbuf *b = NULL; |
50 | 90 | ||
51 | if (lenp != NULL) | 91 | if (lenp != NULL) |
@@ -53,16 +93,21 @@ ssh_rsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, | |||
53 | if (sigp != NULL) | 93 | if (sigp != NULL) |
54 | *sigp = NULL; | 94 | *sigp = NULL; |
55 | 95 | ||
56 | if (key == NULL || key->rsa == NULL || | 96 | if (alg_ident == NULL || strlen(alg_ident) == 0 || |
57 | sshkey_type_plain(key->type) != KEY_RSA) | 97 | strncmp(alg_ident, "ssh-rsa-cert", strlen("ssh-rsa-cert")) == 0) |
98 | hash_alg = SSH_DIGEST_SHA1; | ||
99 | else | ||
100 | hash_alg = rsa_hash_alg_from_ident(alg_ident); | ||
101 | if (key == NULL || key->rsa == NULL || hash_alg == -1 || | ||
102 | sshkey_type_plain(key->type) != KEY_RSA || | ||
103 | BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) | ||
58 | return SSH_ERR_INVALID_ARGUMENT; | 104 | return SSH_ERR_INVALID_ARGUMENT; |
59 | slen = RSA_size(key->rsa); | 105 | slen = RSA_size(key->rsa); |
60 | if (slen <= 0 || slen > SSHBUF_MAX_BIGNUM) | 106 | if (slen <= 0 || slen > SSHBUF_MAX_BIGNUM) |
61 | return SSH_ERR_INVALID_ARGUMENT; | 107 | return SSH_ERR_INVALID_ARGUMENT; |
62 | 108 | ||
63 | /* hash the data */ | 109 | /* hash the data */ |
64 | hash_alg = SSH_DIGEST_SHA1; | 110 | nid = rsa_hash_alg_nid(hash_alg); |
65 | nid = NID_sha1; | ||
66 | if ((dlen = ssh_digest_bytes(hash_alg)) == 0) | 111 | if ((dlen = ssh_digest_bytes(hash_alg)) == 0) |
67 | return SSH_ERR_INTERNAL_ERROR; | 112 | return SSH_ERR_INTERNAL_ERROR; |
68 | if ((ret = ssh_digest_memory(hash_alg, data, datalen, | 113 | if ((ret = ssh_digest_memory(hash_alg, data, datalen, |
@@ -91,7 +136,7 @@ ssh_rsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, | |||
91 | ret = SSH_ERR_ALLOC_FAIL; | 136 | ret = SSH_ERR_ALLOC_FAIL; |
92 | goto out; | 137 | goto out; |
93 | } | 138 | } |
94 | if ((ret = sshbuf_put_cstring(b, "ssh-rsa")) != 0 || | 139 | if ((ret = sshbuf_put_cstring(b, rsa_hash_alg_ident(hash_alg))) != 0 || |
95 | (ret = sshbuf_put_string(b, sig, slen)) != 0) | 140 | (ret = sshbuf_put_string(b, sig, slen)) != 0) |
96 | goto out; | 141 | goto out; |
97 | len = sshbuf_len(b); | 142 | len = sshbuf_len(b); |
@@ -111,15 +156,13 @@ ssh_rsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, | |||
111 | explicit_bzero(sig, slen); | 156 | explicit_bzero(sig, slen); |
112 | free(sig); | 157 | free(sig); |
113 | } | 158 | } |
114 | if (b != NULL) | 159 | sshbuf_free(b); |
115 | sshbuf_free(b); | ||
116 | return ret; | 160 | return ret; |
117 | } | 161 | } |
118 | 162 | ||
119 | int | 163 | int |
120 | ssh_rsa_verify(const struct sshkey *key, | 164 | ssh_rsa_verify(const struct sshkey *key, |
121 | const u_char *signature, size_t signaturelen, | 165 | const u_char *sig, size_t siglen, const u_char *data, size_t datalen) |
122 | const u_char *data, size_t datalen, u_int compat) | ||
123 | { | 166 | { |
124 | char *ktype = NULL; | 167 | char *ktype = NULL; |
125 | int hash_alg, ret = SSH_ERR_INTERNAL_ERROR; | 168 | int hash_alg, ret = SSH_ERR_INTERNAL_ERROR; |
@@ -132,13 +175,13 @@ ssh_rsa_verify(const struct sshkey *key, | |||
132 | BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) | 175 | BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) |
133 | return SSH_ERR_INVALID_ARGUMENT; | 176 | return SSH_ERR_INVALID_ARGUMENT; |
134 | 177 | ||
135 | if ((b = sshbuf_from(signature, signaturelen)) == NULL) | 178 | if ((b = sshbuf_from(sig, siglen)) == NULL) |
136 | return SSH_ERR_ALLOC_FAIL; | 179 | return SSH_ERR_ALLOC_FAIL; |
137 | if (sshbuf_get_cstring(b, &ktype, NULL) != 0) { | 180 | if (sshbuf_get_cstring(b, &ktype, NULL) != 0) { |
138 | ret = SSH_ERR_INVALID_FORMAT; | 181 | ret = SSH_ERR_INVALID_FORMAT; |
139 | goto out; | 182 | goto out; |
140 | } | 183 | } |
141 | if (strcmp("ssh-rsa", ktype) != 0) { | 184 | if ((hash_alg = rsa_hash_alg_from_ident(ktype)) == -1) { |
142 | ret = SSH_ERR_KEY_TYPE_MISMATCH; | 185 | ret = SSH_ERR_KEY_TYPE_MISMATCH; |
143 | goto out; | 186 | goto out; |
144 | } | 187 | } |
@@ -167,7 +210,6 @@ ssh_rsa_verify(const struct sshkey *key, | |||
167 | explicit_bzero(sigblob, diff); | 210 | explicit_bzero(sigblob, diff); |
168 | len = modlen; | 211 | len = modlen; |
169 | } | 212 | } |
170 | hash_alg = SSH_DIGEST_SHA1; | ||
171 | if ((dlen = ssh_digest_bytes(hash_alg)) == 0) { | 213 | if ((dlen = ssh_digest_bytes(hash_alg)) == 0) { |
172 | ret = SSH_ERR_INTERNAL_ERROR; | 214 | ret = SSH_ERR_INTERNAL_ERROR; |
173 | goto out; | 215 | goto out; |
@@ -183,10 +225,8 @@ ssh_rsa_verify(const struct sshkey *key, | |||
183 | explicit_bzero(sigblob, len); | 225 | explicit_bzero(sigblob, len); |
184 | free(sigblob); | 226 | free(sigblob); |
185 | } | 227 | } |
186 | if (ktype != NULL) | 228 | free(ktype); |
187 | free(ktype); | 229 | sshbuf_free(b); |
188 | if (b != NULL) | ||
189 | sshbuf_free(b); | ||
190 | explicit_bzero(digest, sizeof(digest)); | 230 | explicit_bzero(digest, sizeof(digest)); |
191 | return ret; | 231 | return ret; |
192 | } | 232 | } |
@@ -196,6 +236,7 @@ ssh_rsa_verify(const struct sshkey *key, | |||
196 | * http://www.rsasecurity.com/rsalabs/pkcs/pkcs-1/ | 236 | * http://www.rsasecurity.com/rsalabs/pkcs/pkcs-1/ |
197 | * ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.asn | 237 | * ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.asn |
198 | */ | 238 | */ |
239 | |||
199 | /* | 240 | /* |
200 | * id-sha1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) | 241 | * id-sha1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) |
201 | * oiw(14) secsig(3) algorithms(2) 26 } | 242 | * oiw(14) secsig(3) algorithms(2) 26 } |
@@ -209,25 +250,71 @@ static const u_char id_sha1[] = { | |||
209 | 0x04, 0x14 /* Octet string, length 0x14 (20), followed by sha1 hash */ | 250 | 0x04, 0x14 /* Octet string, length 0x14 (20), followed by sha1 hash */ |
210 | }; | 251 | }; |
211 | 252 | ||
253 | /* | ||
254 | * See http://csrc.nist.gov/groups/ST/crypto_apps_infra/csor/algorithms.html | ||
255 | * id-sha256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) | ||
256 | * organization(1) gov(101) csor(3) nistAlgorithm(4) hashAlgs(2) | ||
257 | * id-sha256(1) } | ||
258 | */ | ||
259 | static const u_char id_sha256[] = { | ||
260 | 0x30, 0x31, /* type Sequence, length 0x31 (49) */ | ||
261 | 0x30, 0x0d, /* type Sequence, length 0x0d (13) */ | ||
262 | 0x06, 0x09, /* type OID, length 0x09 */ | ||
263 | 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, /* id-sha256 */ | ||
264 | 0x05, 0x00, /* NULL */ | ||
265 | 0x04, 0x20 /* Octet string, length 0x20 (32), followed by sha256 hash */ | ||
266 | }; | ||
267 | |||
268 | /* | ||
269 | * See http://csrc.nist.gov/groups/ST/crypto_apps_infra/csor/algorithms.html | ||
270 | * id-sha512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) | ||
271 | * organization(1) gov(101) csor(3) nistAlgorithm(4) hashAlgs(2) | ||
272 | * id-sha256(3) } | ||
273 | */ | ||
274 | static const u_char id_sha512[] = { | ||
275 | 0x30, 0x51, /* type Sequence, length 0x51 (81) */ | ||
276 | 0x30, 0x0d, /* type Sequence, length 0x0d (13) */ | ||
277 | 0x06, 0x09, /* type OID, length 0x09 */ | ||
278 | 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, /* id-sha512 */ | ||
279 | 0x05, 0x00, /* NULL */ | ||
280 | 0x04, 0x40 /* Octet string, length 0x40 (64), followed by sha512 hash */ | ||
281 | }; | ||
282 | |||
283 | static int | ||
284 | rsa_hash_alg_oid(int hash_alg, const u_char **oidp, size_t *oidlenp) | ||
285 | { | ||
286 | switch (hash_alg) { | ||
287 | case SSH_DIGEST_SHA1: | ||
288 | *oidp = id_sha1; | ||
289 | *oidlenp = sizeof(id_sha1); | ||
290 | break; | ||
291 | case SSH_DIGEST_SHA256: | ||
292 | *oidp = id_sha256; | ||
293 | *oidlenp = sizeof(id_sha256); | ||
294 | break; | ||
295 | case SSH_DIGEST_SHA512: | ||
296 | *oidp = id_sha512; | ||
297 | *oidlenp = sizeof(id_sha512); | ||
298 | break; | ||
299 | default: | ||
300 | return SSH_ERR_INVALID_ARGUMENT; | ||
301 | } | ||
302 | return 0; | ||
303 | } | ||
304 | |||
212 | static int | 305 | static int |
213 | openssh_RSA_verify(int hash_alg, u_char *hash, size_t hashlen, | 306 | openssh_RSA_verify(int hash_alg, u_char *hash, size_t hashlen, |
214 | u_char *sigbuf, size_t siglen, RSA *rsa) | 307 | u_char *sigbuf, size_t siglen, RSA *rsa) |
215 | { | 308 | { |
216 | size_t ret, rsasize = 0, oidlen = 0, hlen = 0; | 309 | size_t rsasize = 0, oidlen = 0, hlen = 0; |
217 | int len, oidmatch, hashmatch; | 310 | int ret, len, oidmatch, hashmatch; |
218 | const u_char *oid = NULL; | 311 | const u_char *oid = NULL; |
219 | u_char *decrypted = NULL; | 312 | u_char *decrypted = NULL; |
220 | 313 | ||
314 | if ((ret = rsa_hash_alg_oid(hash_alg, &oid, &oidlen)) != 0) | ||
315 | return ret; | ||
221 | ret = SSH_ERR_INTERNAL_ERROR; | 316 | ret = SSH_ERR_INTERNAL_ERROR; |
222 | switch (hash_alg) { | 317 | hlen = ssh_digest_bytes(hash_alg); |
223 | case SSH_DIGEST_SHA1: | ||
224 | oid = id_sha1; | ||
225 | oidlen = sizeof(id_sha1); | ||
226 | hlen = 20; | ||
227 | break; | ||
228 | default: | ||
229 | goto done; | ||
230 | } | ||
231 | if (hashlen != hlen) { | 318 | if (hashlen != hlen) { |
232 | ret = SSH_ERR_INVALID_ARGUMENT; | 319 | ret = SSH_ERR_INVALID_ARGUMENT; |
233 | goto done; | 320 | goto done; |
@@ -8,22 +8,19 @@ SYNOPSIS | |||
8 | [-D [bind_address:]port] [-E log_file] [-e escape_char] | 8 | [-D [bind_address:]port] [-E log_file] [-e escape_char] |
9 | [-F configfile] [-I pkcs11] [-i identity_file] [-L address] | 9 | [-F configfile] [-I pkcs11] [-i identity_file] [-L address] |
10 | [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port] | 10 | [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port] |
11 | [-Q cipher | cipher-auth | mac | kex | key | protocol-version] | 11 | [-Q query_option] [-R address] [-S ctl_path] [-W host:port] |
12 | [-R address] [-S ctl_path] [-W host:port] [-w local_tun[:remote_tun]] | 12 | [-w local_tun[:remote_tun]] [user@]hostname [command] |
13 | [user@]hostname [command] | ||
14 | 13 | ||
15 | DESCRIPTION | 14 | DESCRIPTION |
16 | ssh (SSH client) is a program for logging into a remote machine and for | 15 | ssh (SSH client) is a program for logging into a remote machine and for |
17 | executing commands on a remote machine. It is intended to replace rlogin | 16 | executing commands on a remote machine. It is intended to provide secure |
18 | and rsh, and provide secure encrypted communications between two | 17 | encrypted communications between two untrusted hosts over an insecure |
19 | untrusted hosts over an insecure network. X11 connections, arbitrary TCP | 18 | network. X11 connections, arbitrary TCP ports and UNIX-domain sockets |
20 | ports and UNIX-domain sockets can also be forwarded over the secure | 19 | can also be forwarded over the secure channel. |
21 | channel. | ||
22 | 20 | ||
23 | ssh connects and logs into the specified hostname (with optional user | 21 | ssh connects and logs into the specified hostname (with optional user |
24 | name). The user must prove his/her identity to the remote machine using | 22 | name). The user must prove his/her identity to the remote machine using |
25 | one of several methods depending on the protocol version used (see | 23 | one of several methods (see below). |
26 | below). | ||
27 | 24 | ||
28 | If command is specified, it is executed on the remote host instead of a | 25 | If command is specified, it is executed on the remote host instead of a |
29 | login shell. | 26 | login shell. |
@@ -144,9 +141,11 @@ DESCRIPTION | |||
144 | ~/.ssh/id_ed25519 and ~/.ssh/id_rsa for protocol version 2. | 141 | ~/.ssh/id_ed25519 and ~/.ssh/id_rsa for protocol version 2. |
145 | Identity files may also be specified on a per-host basis in the | 142 | Identity files may also be specified on a per-host basis in the |
146 | configuration file. It is possible to have multiple -i options | 143 | configuration file. It is possible to have multiple -i options |
147 | (and multiple identities specified in configuration files). ssh | 144 | (and multiple identities specified in configuration files). If |
148 | will also try to load certificate information from the filename | 145 | no certificates have been explicitly specified by the |
149 | obtained by appending -cert.pub to identity filenames. | 146 | CertificateFile directive, ssh will also try to load certificate |
147 | information from the filename obtained by appending -cert.pub to | ||
148 | identity filenames. | ||
150 | 149 | ||
151 | -K Enables GSSAPI-based authentication and forwarding (delegation) | 150 | -K Enables GSSAPI-based authentication and forwarding (delegation) |
152 | of GSSAPI credentials to the server. | 151 | of GSSAPI credentials to the server. |
@@ -190,12 +189,12 @@ DESCRIPTION | |||
190 | details. | 189 | details. |
191 | 190 | ||
192 | -m mac_spec | 191 | -m mac_spec |
193 | Additionally, for protocol version 2 a comma-separated list of | 192 | A comma-separated list of MAC (message authentication code) |
194 | MAC (message authentication code) algorithms can be specified in | 193 | algorithms, specified in order of preference. See the MACs |
195 | order of preference. See the MACs keyword for more information. | 194 | keyword for more information. |
196 | 195 | ||
197 | -N Do not execute a remote command. This is useful for just | 196 | -N Do not execute a remote command. This is useful for just |
198 | forwarding ports (protocol version 2 only). | 197 | forwarding ports. |
199 | 198 | ||
200 | -n Redirects stdin from /dev/null (actually, prevents reading from | 199 | -n Redirects stdin from /dev/null (actually, prevents reading from |
201 | stdin). This must be used when ssh is run in the background. A | 200 | stdin). This must be used when ssh is run in the background. A |
@@ -224,6 +223,7 @@ DESCRIPTION | |||
224 | of the options listed below, and their possible values, see | 223 | of the options listed below, and their possible values, see |
225 | ssh_config(5). | 224 | ssh_config(5). |
226 | 225 | ||
226 | AddKeysToAgent | ||
227 | AddressFamily | 227 | AddressFamily |
228 | BatchMode | 228 | BatchMode |
229 | BindAddress | 229 | BindAddress |
@@ -232,6 +232,7 @@ DESCRIPTION | |||
232 | CanonicalizeHostname | 232 | CanonicalizeHostname |
233 | CanonicalizeMaxDots | 233 | CanonicalizeMaxDots |
234 | CanonicalizePermittedCNAMEs | 234 | CanonicalizePermittedCNAMEs |
235 | CertificateFile | ||
235 | ChallengeResponseAuthentication | 236 | ChallengeResponseAuthentication |
236 | CheckHostIP | 237 | CheckHostIP |
237 | Cipher | 238 | Cipher |
@@ -312,13 +313,14 @@ DESCRIPTION | |||
312 | Port to connect to on the remote host. This can be specified on | 313 | Port to connect to on the remote host. This can be specified on |
313 | a per-host basis in the configuration file. | 314 | a per-host basis in the configuration file. |
314 | 315 | ||
315 | -Q cipher | cipher-auth | mac | kex | key | protocol-version | 316 | -Q query_option |
316 | Queries ssh for the algorithms supported for the specified | 317 | Queries ssh for the algorithms supported for the specified |
317 | version 2. The available features are: cipher (supported | 318 | version 2. The available features are: cipher (supported |
318 | symmetric ciphers), cipher-auth (supported symmetric ciphers that | 319 | symmetric ciphers), cipher-auth (supported symmetric ciphers that |
319 | support authenticated encryption), mac (supported message | 320 | support authenticated encryption), mac (supported message |
320 | integrity codes), kex (key exchange algorithms), key (key types) | 321 | integrity codes), kex (key exchange algorithms), key (key types), |
321 | and protocol-version (supported SSH protocol versions). | 322 | key-cert (certificate key types), key-plain (non-certificate key |
323 | types), and protocol-version (supported SSH protocol versions). | ||
322 | 324 | ||
323 | -q Quiet mode. Causes most warning and diagnostic messages to be | 325 | -q Quiet mode. Causes most warning and diagnostic messages to be |
324 | suppressed. | 326 | suppressed. |
@@ -361,10 +363,9 @@ DESCRIPTION | |||
361 | ssh_config(5) for details. | 363 | ssh_config(5) for details. |
362 | 364 | ||
363 | -s May be used to request invocation of a subsystem on the remote | 365 | -s May be used to request invocation of a subsystem on the remote |
364 | system. Subsystems are a feature of the SSH2 protocol which | 366 | system. Subsystems facilitate the use of SSH as a secure |
365 | facilitate the use of SSH as a secure transport for other | 367 | transport for other applications (e.g. sftp(1)). The subsystem |
366 | applications (eg. sftp(1)). The subsystem is specified as the | 368 | is specified as the remote command. |
367 | remote command. | ||
368 | 369 | ||
369 | -T Disable pseudo-terminal allocation. | 370 | -T Disable pseudo-terminal allocation. |
370 | 371 | ||
@@ -383,8 +384,7 @@ DESCRIPTION | |||
383 | -W host:port | 384 | -W host:port |
384 | Requests that standard input and output on the client be | 385 | Requests that standard input and output on the client be |
385 | forwarded to host on port over the secure channel. Implies -N, | 386 | forwarded to host on port over the secure channel. Implies -N, |
386 | -T, ExitOnForwardFailure and ClearAllForwardings. Works with | 387 | -T, ExitOnForwardFailure and ClearAllForwardings. |
387 | Protocol version 2 only. | ||
388 | 388 | ||
389 | -w local_tun[:remote_tun] | 389 | -w local_tun[:remote_tun] |
390 | Requests tunnel device forwarding with the specified tun(4) | 390 | Requests tunnel device forwarding with the specified tun(4) |
@@ -427,20 +427,16 @@ DESCRIPTION | |||
427 | AUTHENTICATION | 427 | AUTHENTICATION |
428 | The OpenSSH SSH client supports SSH protocols 1 and 2. The default is to | 428 | The OpenSSH SSH client supports SSH protocols 1 and 2. The default is to |
429 | use protocol 2 only, though this can be changed via the Protocol option | 429 | use protocol 2 only, though this can be changed via the Protocol option |
430 | in ssh_config(5) or the -1 and -2 options (see above). Both protocols | 430 | in ssh_config(5) or the -1 and -2 options (see above). Protocol 1 should |
431 | support similar authentication methods, but protocol 2 is the default | 431 | not be used and is only offered to support legacy devices. It suffers |
432 | since it provides additional mechanisms for confidentiality (the traffic | 432 | from a number of cryptographic weaknesses and doesn't support many of the |
433 | is encrypted using AES, 3DES, Blowfish, CAST128, or Arcfour) and | 433 | advanced features available for protocol 2. |
434 | integrity (hmac-md5, hmac-sha1, hmac-sha2-256, hmac-sha2-512, umac-64, | ||
435 | umac-128, hmac-ripemd160). Protocol 1 lacks a strong mechanism for | ||
436 | ensuring the integrity of the connection. | ||
437 | 434 | ||
438 | The methods available for authentication are: GSSAPI-based | 435 | The methods available for authentication are: GSSAPI-based |
439 | authentication, host-based authentication, public key authentication, | 436 | authentication, host-based authentication, public key authentication, |
440 | challenge-response authentication, and password authentication. | 437 | challenge-response authentication, and password authentication. |
441 | Authentication methods are tried in the order specified above, though | 438 | Authentication methods are tried in the order specified above, though |
442 | protocol 2 has a configuration option to change the default order: | 439 | PreferredAuthentications can be used to change the default order. |
443 | PreferredAuthentications. | ||
444 | 440 | ||
445 | Host-based authentication works as follows: If the machine the user logs | 441 | Host-based authentication works as follows: If the machine the user logs |
446 | in from is listed in /etc/hosts.equiv or /etc/shosts.equiv on the remote | 442 | in from is listed in /etc/hosts.equiv or /etc/shosts.equiv on the remote |
@@ -463,10 +459,8 @@ AUTHENTICATION | |||
463 | creates a public/private key pair for authentication purposes. The | 459 | creates a public/private key pair for authentication purposes. The |
464 | server knows the public key, and only the user knows the private key. | 460 | server knows the public key, and only the user knows the private key. |
465 | ssh implements public key authentication protocol automatically, using | 461 | ssh implements public key authentication protocol automatically, using |
466 | one of the DSA, ECDSA, Ed25519 or RSA algorithms. Protocol 1 is | 462 | one of the DSA, ECDSA, Ed25519 or RSA algorithms. The HISTORY section of |
467 | restricted to using only RSA keys, but protocol 2 may use any. The | 463 | ssl(8) contains a brief discussion of the DSA and RSA algorithms. |
468 | HISTORY section of ssl(8) contains a brief discussion of the DSA and RSA | ||
469 | algorithms. | ||
470 | 464 | ||
471 | The file ~/.ssh/authorized_keys lists the public keys that are permitted | 465 | The file ~/.ssh/authorized_keys lists the public keys that are permitted |
472 | for logging in. When the user logs in, the ssh program tells the server | 466 | for logging in. When the user logs in, the ssh program tells the server |
@@ -475,13 +469,12 @@ AUTHENTICATION | |||
475 | the corresponding public key is authorized to accept the account. | 469 | the corresponding public key is authorized to accept the account. |
476 | 470 | ||
477 | The user creates his/her key pair by running ssh-keygen(1). This stores | 471 | The user creates his/her key pair by running ssh-keygen(1). This stores |
478 | the private key in ~/.ssh/identity (protocol 1), ~/.ssh/id_dsa (protocol | 472 | the private key in ~/.ssh/identity (protocol 1), ~/.ssh/id_dsa (DSA), |
479 | 2 DSA), ~/.ssh/id_ecdsa (protocol 2 ECDSA), ~/.ssh/id_ed25519 (protocol 2 | 473 | ~/.ssh/id_ecdsa (ECDSA), ~/.ssh/id_ed25519 (Ed25519), or ~/.ssh/id_rsa |
480 | Ed25519), or ~/.ssh/id_rsa (protocol 2 RSA) and stores the public key in | 474 | (RSA) and stores the public key in ~/.ssh/identity.pub (protocol 1), |
481 | ~/.ssh/identity.pub (protocol 1), ~/.ssh/id_dsa.pub (protocol 2 DSA), | 475 | ~/.ssh/id_dsa.pub (DSA), ~/.ssh/id_ecdsa.pub (ECDSA), |
482 | ~/.ssh/id_ecdsa.pub (protocol 2 ECDSA), ~/.ssh/id_ed25519.pub (protocol 2 | 476 | ~/.ssh/id_ed25519.pub (Ed25519), or ~/.ssh/id_rsa.pub (RSA) in the user's |
483 | Ed25519), or ~/.ssh/id_rsa.pub (protocol 2 RSA) in the user's home | 477 | home directory. The user should then copy the public key to |
484 | directory. The user should then copy the public key to | ||
485 | ~/.ssh/authorized_keys in his/her home directory on the remote machine. | 478 | ~/.ssh/authorized_keys in his/her home directory on the remote machine. |
486 | The authorized_keys file corresponds to the conventional ~/.rhosts file, | 479 | The authorized_keys file corresponds to the conventional ~/.rhosts file, |
487 | and has one key per line, though the lines can be very long. After this, | 480 | and has one key per line, though the lines can be very long. After this, |
@@ -495,15 +488,13 @@ AUTHENTICATION | |||
495 | more information. | 488 | more information. |
496 | 489 | ||
497 | The most convenient way to use public key or certificate authentication | 490 | The most convenient way to use public key or certificate authentication |
498 | may be with an authentication agent. See ssh-agent(1) for more | 491 | may be with an authentication agent. See ssh-agent(1) and (optionally) |
499 | information. | 492 | the AddKeysToAgent directive in ssh_config(5) for more information. |
500 | 493 | ||
501 | Challenge-response authentication works as follows: The server sends an | 494 | Challenge-response authentication works as follows: The server sends an |
502 | arbitrary "challenge" text, and prompts for a response. Protocol 2 | 495 | arbitrary "challenge" text, and prompts for a response. Examples of |
503 | allows multiple challenges and responses; protocol 1 is restricted to | 496 | challenge-response authentication include BSD Authentication (see |
504 | just one challenge/response. Examples of challenge-response | 497 | login.conf(5)) and PAM (some non-OpenBSD systems). |
505 | authentication include BSD Authentication (see login.conf(5)) and PAM | ||
506 | (some non-OpenBSD systems). | ||
507 | 498 | ||
508 | Finally, if other authentication methods fail, ssh prompts the user for a | 499 | Finally, if other authentication methods fail, ssh prompts the user for a |
509 | password. The password is sent to the remote host for checking; however, | 500 | password. The password is sent to the remote host for checking; however, |
@@ -565,8 +556,8 @@ ESCAPE CHARACTERS | |||
565 | 556 | ||
566 | ~? Display a list of escape characters. | 557 | ~? Display a list of escape characters. |
567 | 558 | ||
568 | ~B Send a BREAK to the remote system (only useful for SSH protocol | 559 | ~B Send a BREAK to the remote system (only useful if the peer |
569 | version 2 and if the peer supports it). | 560 | supports it). |
570 | 561 | ||
571 | ~C Open command line. Currently this allows the addition of port | 562 | ~C Open command line. Currently this allows the addition of port |
572 | forwardings using the -L, -R and -D options (see above). It also | 563 | forwardings using the -L, -R and -D options (see above). It also |
@@ -577,8 +568,8 @@ ESCAPE CHARACTERS | |||
577 | PermitLocalCommand option is enabled in ssh_config(5). Basic | 568 | PermitLocalCommand option is enabled in ssh_config(5). Basic |
578 | help is available, using the -h option. | 569 | help is available, using the -h option. |
579 | 570 | ||
580 | ~R Request rekeying of the connection (only useful for SSH protocol | 571 | ~R Request rekeying of the connection (only useful if the peer |
581 | version 2 and if the peer supports it). | 572 | supports it). |
582 | 573 | ||
583 | ~V Decrease the verbosity (LogLevel) when errors are being written | 574 | ~V Decrease the verbosity (LogLevel) when errors are being written |
584 | to stderr. | 575 | to stderr. |
@@ -892,12 +883,7 @@ FILES | |||
892 | /etc/ssh/ssh_host_ed25519_key | 883 | /etc/ssh/ssh_host_ed25519_key |
893 | /etc/ssh/ssh_host_rsa_key | 884 | /etc/ssh/ssh_host_rsa_key |
894 | These files contain the private parts of the host keys and are | 885 | These files contain the private parts of the host keys and are |
895 | used for host-based authentication. If protocol version 1 is | 886 | used for host-based authentication. |
896 | used, ssh must be setuid root, since the host key is readable | ||
897 | only by root. For protocol version 2, ssh uses ssh-keysign(8) to | ||
898 | access the host keys, eliminating the requirement that ssh be | ||
899 | setuid root when host-based authentication is used. By default | ||
900 | ssh is not setuid root. | ||
901 | 887 | ||
902 | /etc/ssh/ssh_known_hosts | 888 | /etc/ssh/ssh_known_hosts |
903 | Systemwide list of known host keys. This file should be prepared | 889 | Systemwide list of known host keys. This file should be prepared |
@@ -969,4 +955,4 @@ AUTHORS | |||
969 | created OpenSSH. Markus Friedl contributed the support for SSH protocol | 955 | created OpenSSH. Markus Friedl contributed the support for SSH protocol |
970 | versions 1.5 and 2.0. | 956 | versions 1.5 and 2.0. |
971 | 957 | ||
972 | OpenBSD 5.8 July 20, 2015 OpenBSD 5.8 | 958 | OpenBSD 5.9 February 17, 2016 OpenBSD 5.9 |
@@ -33,8 +33,8 @@ | |||
33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
35 | .\" | 35 | .\" |
36 | .\" $OpenBSD: ssh.1,v 1.361 2015/07/20 18:44:12 millert Exp $ | 36 | .\" $OpenBSD: ssh.1,v 1.369 2016/02/17 07:38:19 jmc Exp $ |
37 | .Dd $Mdocdate: July 20 2015 $ | 37 | .Dd $Mdocdate: February 17 2016 $ |
38 | .Dt SSH 1 | 38 | .Dt SSH 1 |
39 | .Os | 39 | .Os |
40 | .Sh NAME | 40 | .Sh NAME |
@@ -58,7 +58,7 @@ | |||
58 | .Op Fl O Ar ctl_cmd | 58 | .Op Fl O Ar ctl_cmd |
59 | .Op Fl o Ar option | 59 | .Op Fl o Ar option |
60 | .Op Fl p Ar port | 60 | .Op Fl p Ar port |
61 | .Op Fl Q Cm cipher | cipher-auth | mac | kex | key | protocol-version | 61 | .Op Fl Q Ar query_option |
62 | .Op Fl R Ar address | 62 | .Op Fl R Ar address |
63 | .Op Fl S Ar ctl_path | 63 | .Op Fl S Ar ctl_path |
64 | .Op Fl W Ar host : Ns Ar port | 64 | .Op Fl W Ar host : Ns Ar port |
@@ -70,8 +70,7 @@ | |||
70 | .Nm | 70 | .Nm |
71 | (SSH client) is a program for logging into a remote machine and for | 71 | (SSH client) is a program for logging into a remote machine and for |
72 | executing commands on a remote machine. | 72 | executing commands on a remote machine. |
73 | It is intended to replace rlogin and rsh, | 73 | It is intended to provide secure encrypted communications between |
74 | and provide secure encrypted communications between | ||
75 | two untrusted hosts over an insecure network. | 74 | two untrusted hosts over an insecure network. |
76 | X11 connections, arbitrary TCP ports and | 75 | X11 connections, arbitrary TCP ports and |
77 | .Ux Ns -domain | 76 | .Ux Ns -domain |
@@ -85,7 +84,7 @@ connects and logs into the specified | |||
85 | name). | 84 | name). |
86 | The user must prove | 85 | The user must prove |
87 | his/her identity to the remote machine using one of several methods | 86 | his/her identity to the remote machine using one of several methods |
88 | depending on the protocol version used (see below). | 87 | (see below). |
89 | .Pp | 88 | .Pp |
90 | If | 89 | If |
91 | .Ar command | 90 | .Ar command |
@@ -304,6 +303,9 @@ It is possible to have multiple | |||
304 | .Fl i | 303 | .Fl i |
305 | options (and multiple identities specified in | 304 | options (and multiple identities specified in |
306 | configuration files). | 305 | configuration files). |
306 | If no certificates have been explicitly specified by the | ||
307 | .Cm CertificateFile | ||
308 | directive, | ||
307 | .Nm | 309 | .Nm |
308 | will also try to load certificate information from the filename obtained | 310 | will also try to load certificate information from the filename obtained |
309 | by appending | 311 | by appending |
@@ -400,17 +402,15 @@ in | |||
400 | for details. | 402 | for details. |
401 | .Pp | 403 | .Pp |
402 | .It Fl m Ar mac_spec | 404 | .It Fl m Ar mac_spec |
403 | Additionally, for protocol version 2 a comma-separated list of MAC | 405 | A comma-separated list of MAC (message authentication code) algorithms, |
404 | (message authentication code) algorithms can | 406 | specified in order of preference. |
405 | be specified in order of preference. | ||
406 | See the | 407 | See the |
407 | .Cm MACs | 408 | .Cm MACs |
408 | keyword for more information. | 409 | keyword for more information. |
409 | .Pp | 410 | .Pp |
410 | .It Fl N | 411 | .It Fl N |
411 | Do not execute a remote command. | 412 | Do not execute a remote command. |
412 | This is useful for just forwarding ports | 413 | This is useful for just forwarding ports. |
413 | (protocol version 2 only). | ||
414 | .Pp | 414 | .Pp |
415 | .It Fl n | 415 | .It Fl n |
416 | Redirects stdin from | 416 | Redirects stdin from |
@@ -460,6 +460,7 @@ For full details of the options listed below, and their possible values, see | |||
460 | .Xr ssh_config 5 . | 460 | .Xr ssh_config 5 . |
461 | .Pp | 461 | .Pp |
462 | .Bl -tag -width Ds -offset indent -compact | 462 | .Bl -tag -width Ds -offset indent -compact |
463 | .It AddKeysToAgent | ||
463 | .It AddressFamily | 464 | .It AddressFamily |
464 | .It BatchMode | 465 | .It BatchMode |
465 | .It BindAddress | 466 | .It BindAddress |
@@ -468,6 +469,7 @@ For full details of the options listed below, and their possible values, see | |||
468 | .It CanonicalizeHostname | 469 | .It CanonicalizeHostname |
469 | .It CanonicalizeMaxDots | 470 | .It CanonicalizeMaxDots |
470 | .It CanonicalizePermittedCNAMEs | 471 | .It CanonicalizePermittedCNAMEs |
472 | .It CertificateFile | ||
471 | .It ChallengeResponseAuthentication | 473 | .It ChallengeResponseAuthentication |
472 | .It CheckHostIP | 474 | .It CheckHostIP |
473 | .It Cipher | 475 | .It Cipher |
@@ -550,7 +552,7 @@ Port to connect to on the remote host. | |||
550 | This can be specified on a | 552 | This can be specified on a |
551 | per-host basis in the configuration file. | 553 | per-host basis in the configuration file. |
552 | .Pp | 554 | .Pp |
553 | .It Fl Q Cm cipher | cipher-auth | mac | kex | key | protocol-version | 555 | .It Fl Q Ar query_option |
554 | Queries | 556 | Queries |
555 | .Nm | 557 | .Nm |
556 | for the algorithms supported for the specified version 2. | 558 | for the algorithms supported for the specified version 2. |
@@ -564,7 +566,11 @@ The available features are: | |||
564 | .Ar kex | 566 | .Ar kex |
565 | (key exchange algorithms), | 567 | (key exchange algorithms), |
566 | .Ar key | 568 | .Ar key |
567 | (key types) and | 569 | (key types), |
570 | .Ar key-cert | ||
571 | (certificate key types), | ||
572 | .Ar key-plain | ||
573 | (non-certificate key types), and | ||
568 | .Ar protocol-version | 574 | .Ar protocol-version |
569 | (supported SSH protocol versions). | 575 | (supported SSH protocol versions). |
570 | .Pp | 576 | .Pp |
@@ -656,8 +662,8 @@ for details. | |||
656 | .Pp | 662 | .Pp |
657 | .It Fl s | 663 | .It Fl s |
658 | May be used to request invocation of a subsystem on the remote system. | 664 | May be used to request invocation of a subsystem on the remote system. |
659 | Subsystems are a feature of the SSH2 protocol which facilitate the use | 665 | Subsystems facilitate the use of SSH |
660 | of SSH as a secure transport for other applications (eg.\& | 666 | as a secure transport for other applications (e.g.\& |
661 | .Xr sftp 1 ) . | 667 | .Xr sftp 1 ) . |
662 | The subsystem is specified as the remote command. | 668 | The subsystem is specified as the remote command. |
663 | .Pp | 669 | .Pp |
@@ -702,7 +708,6 @@ Implies | |||
702 | .Cm ExitOnForwardFailure | 708 | .Cm ExitOnForwardFailure |
703 | and | 709 | and |
704 | .Cm ClearAllForwardings . | 710 | .Cm ClearAllForwardings . |
705 | Works with Protocol version 2 only. | ||
706 | .Pp | 711 | .Pp |
707 | .It Fl w Xo | 712 | .It Fl w Xo |
708 | .Ar local_tun Ns Op : Ns Ar remote_tun | 713 | .Ar local_tun Ns Op : Ns Ar remote_tun |
@@ -808,15 +813,10 @@ or the | |||
808 | and | 813 | and |
809 | .Fl 2 | 814 | .Fl 2 |
810 | options (see above). | 815 | options (see above). |
811 | Both protocols support similar authentication methods, | 816 | Protocol 1 should not be used |
812 | but protocol 2 is the default since | 817 | and is only offered to support legacy devices. |
813 | it provides additional mechanisms for confidentiality | 818 | It suffers from a number of cryptographic weaknesses |
814 | (the traffic is encrypted using AES, 3DES, Blowfish, CAST128, or Arcfour) | 819 | and doesn't support many of the advanced features available for protocol 2. |
815 | and integrity (hmac-md5, hmac-sha1, | ||
816 | hmac-sha2-256, hmac-sha2-512, | ||
817 | umac-64, umac-128, hmac-ripemd160). | ||
818 | Protocol 1 lacks a strong mechanism for ensuring the | ||
819 | integrity of the connection. | ||
820 | .Pp | 820 | .Pp |
821 | The methods available for authentication are: | 821 | The methods available for authentication are: |
822 | GSSAPI-based authentication, | 822 | GSSAPI-based authentication, |
@@ -825,8 +825,9 @@ public key authentication, | |||
825 | challenge-response authentication, | 825 | challenge-response authentication, |
826 | and password authentication. | 826 | and password authentication. |
827 | Authentication methods are tried in the order specified above, | 827 | Authentication methods are tried in the order specified above, |
828 | though protocol 2 has a configuration option to change the default order: | 828 | though |
829 | .Cm PreferredAuthentications . | 829 | .Cm PreferredAuthentications |
830 | can be used to change the default order. | ||
830 | .Pp | 831 | .Pp |
831 | Host-based authentication works as follows: | 832 | Host-based authentication works as follows: |
832 | If the machine the user logs in from is listed in | 833 | If the machine the user logs in from is listed in |
@@ -870,8 +871,6 @@ The server knows the public key, and only the user knows the private key. | |||
870 | .Nm | 871 | .Nm |
871 | implements public key authentication protocol automatically, | 872 | implements public key authentication protocol automatically, |
872 | using one of the DSA, ECDSA, Ed25519 or RSA algorithms. | 873 | using one of the DSA, ECDSA, Ed25519 or RSA algorithms. |
873 | Protocol 1 is restricted to using only RSA keys, | ||
874 | but protocol 2 may use any. | ||
875 | The HISTORY section of | 874 | The HISTORY section of |
876 | .Xr ssl 8 | 875 | .Xr ssl 8 |
877 | (on non-OpenBSD systems, see | 876 | (on non-OpenBSD systems, see |
@@ -897,26 +896,26 @@ This stores the private key in | |||
897 | .Pa ~/.ssh/identity | 896 | .Pa ~/.ssh/identity |
898 | (protocol 1), | 897 | (protocol 1), |
899 | .Pa ~/.ssh/id_dsa | 898 | .Pa ~/.ssh/id_dsa |
900 | (protocol 2 DSA), | 899 | (DSA), |
901 | .Pa ~/.ssh/id_ecdsa | 900 | .Pa ~/.ssh/id_ecdsa |
902 | (protocol 2 ECDSA), | 901 | (ECDSA), |
903 | .Pa ~/.ssh/id_ed25519 | 902 | .Pa ~/.ssh/id_ed25519 |
904 | (protocol 2 Ed25519), | 903 | (Ed25519), |
905 | or | 904 | or |
906 | .Pa ~/.ssh/id_rsa | 905 | .Pa ~/.ssh/id_rsa |
907 | (protocol 2 RSA) | 906 | (RSA) |
908 | and stores the public key in | 907 | and stores the public key in |
909 | .Pa ~/.ssh/identity.pub | 908 | .Pa ~/.ssh/identity.pub |
910 | (protocol 1), | 909 | (protocol 1), |
911 | .Pa ~/.ssh/id_dsa.pub | 910 | .Pa ~/.ssh/id_dsa.pub |
912 | (protocol 2 DSA), | 911 | (DSA), |
913 | .Pa ~/.ssh/id_ecdsa.pub | 912 | .Pa ~/.ssh/id_ecdsa.pub |
914 | (protocol 2 ECDSA), | 913 | (ECDSA), |
915 | .Pa ~/.ssh/id_ed25519.pub | 914 | .Pa ~/.ssh/id_ed25519.pub |
916 | (protocol 2 Ed25519), | 915 | (Ed25519), |
917 | or | 916 | or |
918 | .Pa ~/.ssh/id_rsa.pub | 917 | .Pa ~/.ssh/id_rsa.pub |
919 | (protocol 2 RSA) | 918 | (RSA) |
920 | in the user's home directory. | 919 | in the user's home directory. |
921 | The user should then copy the public key | 920 | The user should then copy the public key |
922 | to | 921 | to |
@@ -944,14 +943,16 @@ The most convenient way to use public key or certificate authentication | |||
944 | may be with an authentication agent. | 943 | may be with an authentication agent. |
945 | See | 944 | See |
946 | .Xr ssh-agent 1 | 945 | .Xr ssh-agent 1 |
946 | and (optionally) the | ||
947 | .Cm AddKeysToAgent | ||
948 | directive in | ||
949 | .Xr ssh_config 5 | ||
947 | for more information. | 950 | for more information. |
948 | .Pp | 951 | .Pp |
949 | Challenge-response authentication works as follows: | 952 | Challenge-response authentication works as follows: |
950 | The server sends an arbitrary | 953 | The server sends an arbitrary |
951 | .Qq challenge | 954 | .Qq challenge |
952 | text, and prompts for a response. | 955 | text, and prompts for a response. |
953 | Protocol 2 allows multiple challenges and responses; | ||
954 | protocol 1 is restricted to just one challenge/response. | ||
955 | Examples of challenge-response authentication include | 956 | Examples of challenge-response authentication include |
956 | .Bx | 957 | .Bx |
957 | Authentication (see | 958 | Authentication (see |
@@ -1050,7 +1051,7 @@ at logout when waiting for forwarded connection / X11 sessions to terminate. | |||
1050 | Display a list of escape characters. | 1051 | Display a list of escape characters. |
1051 | .It Cm ~B | 1052 | .It Cm ~B |
1052 | Send a BREAK to the remote system | 1053 | Send a BREAK to the remote system |
1053 | (only useful for SSH protocol version 2 and if the peer supports it). | 1054 | (only useful if the peer supports it). |
1054 | .It Cm ~C | 1055 | .It Cm ~C |
1055 | Open command line. | 1056 | Open command line. |
1056 | Currently this allows the addition of port forwardings using the | 1057 | Currently this allows the addition of port forwardings using the |
@@ -1083,7 +1084,7 @@ Basic help is available, using the | |||
1083 | option. | 1084 | option. |
1084 | .It Cm ~R | 1085 | .It Cm ~R |
1085 | Request rekeying of the connection | 1086 | Request rekeying of the connection |
1086 | (only useful for SSH protocol version 2 and if the peer supports it). | 1087 | (only useful if the peer supports it). |
1087 | .It Cm ~V | 1088 | .It Cm ~V |
1088 | Decrease the verbosity | 1089 | Decrease the verbosity |
1089 | .Pq Ic LogLevel | 1090 | .Pq Ic LogLevel |
@@ -1553,20 +1554,6 @@ The file format and configuration options are described in | |||
1553 | .It Pa /etc/ssh/ssh_host_rsa_key | 1554 | .It Pa /etc/ssh/ssh_host_rsa_key |
1554 | These files contain the private parts of the host keys | 1555 | These files contain the private parts of the host keys |
1555 | and are used for host-based authentication. | 1556 | and are used for host-based authentication. |
1556 | If protocol version 1 is used, | ||
1557 | .Nm | ||
1558 | must be setuid root, since the host key is readable only by root. | ||
1559 | For protocol version 2, | ||
1560 | .Nm | ||
1561 | uses | ||
1562 | .Xr ssh-keysign 8 | ||
1563 | to access the host keys, | ||
1564 | eliminating the requirement that | ||
1565 | .Nm | ||
1566 | be setuid root when host-based authentication is used. | ||
1567 | By default | ||
1568 | .Nm | ||
1569 | is not setuid root. | ||
1570 | .Pp | 1557 | .Pp |
1571 | .It Pa /etc/ssh/ssh_known_hosts | 1558 | .It Pa /etc/ssh/ssh_known_hosts |
1572 | Systemwide list of known host keys. | 1559 | Systemwide list of known host keys. |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh.c,v 1.420 2015/07/30 00:01:34 djm Exp $ */ | 1 | /* $OpenBSD: ssh.c,v 1.436 2016/02/15 09:47:49 dtucker Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -105,7 +105,6 @@ | |||
105 | #include "match.h" | 105 | #include "match.h" |
106 | #include "msg.h" | 106 | #include "msg.h" |
107 | #include "uidswap.h" | 107 | #include "uidswap.h" |
108 | #include "roaming.h" | ||
109 | #include "version.h" | 108 | #include "version.h" |
110 | #include "ssherr.h" | 109 | #include "ssherr.h" |
111 | #include "myproposal.h" | 110 | #include "myproposal.h" |
@@ -203,11 +202,9 @@ usage(void) | |||
203 | fprintf(stderr, | 202 | fprintf(stderr, |
204 | "usage: ssh [-1246AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]\n" | 203 | "usage: ssh [-1246AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]\n" |
205 | " [-D [bind_address:]port] [-E log_file] [-e escape_char]\n" | 204 | " [-D [bind_address:]port] [-E log_file] [-e escape_char]\n" |
206 | " [-F configfile] [-I pkcs11] [-i identity_file]\n" | 205 | " [-F configfile] [-I pkcs11] [-i identity_file] [-L address]\n" |
207 | " [-L address] [-l login_name] [-m mac_spec]\n" | 206 | " [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]\n" |
208 | " [-O ctl_cmd] [-o option] [-p port]\n" | 207 | " [-Q query_option] [-R address] [-S ctl_path] [-W host:port]\n" |
209 | " [-Q cipher | cipher-auth | mac | kex | key]\n" | ||
210 | " [-R address] [-S ctl_path] [-W host:port]\n" | ||
211 | " [-w local_tun[:remote_tun]] [user@]hostname [command]\n" | 208 | " [-w local_tun[:remote_tun]] [user@]hostname [command]\n" |
212 | ); | 209 | ); |
213 | exit(255); | 210 | exit(255); |
@@ -252,7 +249,7 @@ resolve_host(const char *name, int port, int logerr, char *cname, size_t clen) | |||
252 | if (port <= 0) | 249 | if (port <= 0) |
253 | port = default_ssh_port(); | 250 | port = default_ssh_port(); |
254 | 251 | ||
255 | snprintf(strport, sizeof strport, "%u", port); | 252 | snprintf(strport, sizeof strport, "%d", port); |
256 | memset(&hints, 0, sizeof(hints)); | 253 | memset(&hints, 0, sizeof(hints)); |
257 | hints.ai_family = options.address_family == -1 ? | 254 | hints.ai_family = options.address_family == -1 ? |
258 | AF_UNSPEC : options.address_family; | 255 | AF_UNSPEC : options.address_family; |
@@ -406,6 +403,17 @@ resolve_canonicalize(char **hostp, int port) | |||
406 | return addrs; | 403 | return addrs; |
407 | } | 404 | } |
408 | 405 | ||
406 | /* If domain name is anchored, then resolve it now */ | ||
407 | if ((*hostp)[strlen(*hostp) - 1] == '.') { | ||
408 | debug3("%s: name is fully qualified", __func__); | ||
409 | fullhost = xstrdup(*hostp); | ||
410 | if ((addrs = resolve_host(fullhost, port, 0, | ||
411 | newname, sizeof(newname))) != NULL) | ||
412 | goto found; | ||
413 | free(fullhost); | ||
414 | goto notfound; | ||
415 | } | ||
416 | |||
409 | /* Don't apply canonicalization to sufficiently-qualified hostnames */ | 417 | /* Don't apply canonicalization to sufficiently-qualified hostnames */ |
410 | ndots = 0; | 418 | ndots = 0; |
411 | for (cp = *hostp; *cp != '\0'; cp++) { | 419 | for (cp = *hostp; *cp != '\0'; cp++) { |
@@ -429,6 +437,7 @@ resolve_canonicalize(char **hostp, int port) | |||
429 | free(fullhost); | 437 | free(fullhost); |
430 | continue; | 438 | continue; |
431 | } | 439 | } |
440 | found: | ||
432 | /* Remove trailing '.' */ | 441 | /* Remove trailing '.' */ |
433 | fullhost[strlen(fullhost) - 1] = '\0'; | 442 | fullhost[strlen(fullhost) - 1] = '\0'; |
434 | /* Follow CNAME if requested */ | 443 | /* Follow CNAME if requested */ |
@@ -440,6 +449,7 @@ resolve_canonicalize(char **hostp, int port) | |||
440 | *hostp = fullhost; | 449 | *hostp = fullhost; |
441 | return addrs; | 450 | return addrs; |
442 | } | 451 | } |
452 | notfound: | ||
443 | if (!options.canonicalize_fallback_local) | 453 | if (!options.canonicalize_fallback_local) |
444 | fatal("%s: Could not resolve host \"%s\"", __progname, *hostp); | 454 | fatal("%s: Could not resolve host \"%s\"", __progname, *hostp); |
445 | debug2("%s: host %s not found in any suffix", __func__, *hostp); | 455 | debug2("%s: host %s not found in any suffix", __func__, *hostp); |
@@ -506,7 +516,7 @@ main(int ac, char **av) | |||
506 | int i, r, opt, exit_status, use_syslog, config_test = 0; | 516 | int i, r, opt, exit_status, use_syslog, config_test = 0; |
507 | char *p, *cp, *line, *argv0, buf[PATH_MAX], *host_arg, *logfile; | 517 | char *p, *cp, *line, *argv0, buf[PATH_MAX], *host_arg, *logfile; |
508 | char thishost[NI_MAXHOST], shorthost[NI_MAXHOST], portstr[NI_MAXSERV]; | 518 | char thishost[NI_MAXHOST], shorthost[NI_MAXHOST], portstr[NI_MAXSERV]; |
509 | char cname[NI_MAXHOST]; | 519 | char cname[NI_MAXHOST], uidstr[32], *conn_hash_hex; |
510 | struct stat st; | 520 | struct stat st; |
511 | struct passwd *pw; | 521 | struct passwd *pw; |
512 | int timeout_ms; | 522 | int timeout_ms; |
@@ -516,8 +526,8 @@ main(int ac, char **av) | |||
516 | struct addrinfo *addrs = NULL; | 526 | struct addrinfo *addrs = NULL; |
517 | struct ssh_digest_ctx *md; | 527 | struct ssh_digest_ctx *md; |
518 | u_char conn_hash[SSH_DIGEST_MAX_LENGTH]; | 528 | u_char conn_hash[SSH_DIGEST_MAX_LENGTH]; |
519 | char *conn_hash_hex; | ||
520 | 529 | ||
530 | ssh_malloc_init(); /* must be called before any mallocs */ | ||
521 | /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ | 531 | /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ |
522 | sanitise_stdfd(); | 532 | sanitise_stdfd(); |
523 | 533 | ||
@@ -627,7 +637,7 @@ main(int ac, char **av) | |||
627 | use_syslog = 1; | 637 | use_syslog = 1; |
628 | break; | 638 | break; |
629 | case 'E': | 639 | case 'E': |
630 | logfile = xstrdup(optarg); | 640 | logfile = optarg; |
631 | break; | 641 | break; |
632 | case 'G': | 642 | case 'G': |
633 | config_test = 1; | 643 | config_test = 1; |
@@ -704,16 +714,18 @@ main(int ac, char **av) | |||
704 | options.gss_deleg_creds = 1; | 714 | options.gss_deleg_creds = 1; |
705 | break; | 715 | break; |
706 | case 'i': | 716 | case 'i': |
707 | if (stat(optarg, &st) < 0) { | 717 | p = tilde_expand_filename(optarg, original_real_uid); |
718 | if (stat(p, &st) < 0) | ||
708 | fprintf(stderr, "Warning: Identity file %s " | 719 | fprintf(stderr, "Warning: Identity file %s " |
709 | "not accessible: %s.\n", optarg, | 720 | "not accessible: %s.\n", p, |
710 | strerror(errno)); | 721 | strerror(errno)); |
711 | break; | 722 | else |
712 | } | 723 | add_identity_file(&options, NULL, p, 1); |
713 | add_identity_file(&options, NULL, optarg, 1); | 724 | free(p); |
714 | break; | 725 | break; |
715 | case 'I': | 726 | case 'I': |
716 | #ifdef ENABLE_PKCS11 | 727 | #ifdef ENABLE_PKCS11 |
728 | free(options.pkcs11_provider); | ||
717 | options.pkcs11_provider = xstrdup(optarg); | 729 | options.pkcs11_provider = xstrdup(optarg); |
718 | #else | 730 | #else |
719 | fprintf(stderr, "no support for PKCS#11.\n"); | 731 | fprintf(stderr, "no support for PKCS#11.\n"); |
@@ -798,6 +810,7 @@ main(int ac, char **av) | |||
798 | if (ciphers_valid(*optarg == '+' ? | 810 | if (ciphers_valid(*optarg == '+' ? |
799 | optarg + 1 : optarg)) { | 811 | optarg + 1 : optarg)) { |
800 | /* SSH2 only */ | 812 | /* SSH2 only */ |
813 | free(options.ciphers); | ||
801 | options.ciphers = xstrdup(optarg); | 814 | options.ciphers = xstrdup(optarg); |
802 | options.cipher = SSH_CIPHER_INVALID; | 815 | options.cipher = SSH_CIPHER_INVALID; |
803 | break; | 816 | break; |
@@ -817,9 +830,10 @@ main(int ac, char **av) | |||
817 | options.ciphers = xstrdup(KEX_CLIENT_ENCRYPT); | 830 | options.ciphers = xstrdup(KEX_CLIENT_ENCRYPT); |
818 | break; | 831 | break; |
819 | case 'm': | 832 | case 'm': |
820 | if (mac_valid(optarg)) | 833 | if (mac_valid(optarg)) { |
834 | free(options.macs); | ||
821 | options.macs = xstrdup(optarg); | 835 | options.macs = xstrdup(optarg); |
822 | else { | 836 | } else { |
823 | fprintf(stderr, "Unknown mac type '%s'\n", | 837 | fprintf(stderr, "Unknown mac type '%s'\n", |
824 | optarg); | 838 | optarg); |
825 | exit(255); | 839 | exit(255); |
@@ -897,8 +911,7 @@ main(int ac, char **av) | |||
897 | subsystem_flag = 1; | 911 | subsystem_flag = 1; |
898 | break; | 912 | break; |
899 | case 'S': | 913 | case 'S': |
900 | if (options.control_path != NULL) | 914 | free(options.control_path); |
901 | free(options.control_path); | ||
902 | options.control_path = xstrdup(optarg); | 915 | options.control_path = xstrdup(optarg); |
903 | break; | 916 | break; |
904 | case 'b': | 917 | case 'b': |
@@ -980,10 +993,8 @@ main(int ac, char **av) | |||
980 | */ | 993 | */ |
981 | if (use_syslog && logfile != NULL) | 994 | if (use_syslog && logfile != NULL) |
982 | fatal("Can't specify both -y and -E"); | 995 | fatal("Can't specify both -y and -E"); |
983 | if (logfile != NULL) { | 996 | if (logfile != NULL) |
984 | log_redirect_stderr_to(logfile); | 997 | log_redirect_stderr_to(logfile); |
985 | free(logfile); | ||
986 | } | ||
987 | log_init(argv0, | 998 | log_init(argv0, |
988 | options.log_level == -1 ? SYSLOG_LEVEL_INFO : options.log_level, | 999 | options.log_level == -1 ? SYSLOG_LEVEL_INFO : options.log_level, |
989 | SYSLOG_FACILITY_USER, !use_syslog); | 1000 | SYSLOG_FACILITY_USER, !use_syslog); |
@@ -1084,6 +1095,8 @@ main(int ac, char **av) | |||
1084 | "disabling"); | 1095 | "disabling"); |
1085 | options.update_hostkeys = 0; | 1096 | options.update_hostkeys = 0; |
1086 | } | 1097 | } |
1098 | if (options.connection_attempts <= 0) | ||
1099 | fatal("Invalid number of ConnectionAttempts"); | ||
1087 | #ifndef HAVE_CYGWIN | 1100 | #ifndef HAVE_CYGWIN |
1088 | if (original_effective_uid != 0) | 1101 | if (original_effective_uid != 0) |
1089 | options.use_privileged_port = 0; | 1102 | options.use_privileged_port = 0; |
@@ -1122,6 +1135,7 @@ main(int ac, char **av) | |||
1122 | strlcpy(shorthost, thishost, sizeof(shorthost)); | 1135 | strlcpy(shorthost, thishost, sizeof(shorthost)); |
1123 | shorthost[strcspn(thishost, ".")] = '\0'; | 1136 | shorthost[strcspn(thishost, ".")] = '\0'; |
1124 | snprintf(portstr, sizeof(portstr), "%d", options.port); | 1137 | snprintf(portstr, sizeof(portstr), "%d", options.port); |
1138 | snprintf(uidstr, sizeof(uidstr), "%d", pw->pw_uid); | ||
1125 | 1139 | ||
1126 | if ((md = ssh_digest_start(SSH_DIGEST_SHA1)) == NULL || | 1140 | if ((md = ssh_digest_start(SSH_DIGEST_SHA1)) == NULL || |
1127 | ssh_digest_update(md, thishost, strlen(thishost)) < 0 || | 1141 | ssh_digest_update(md, thishost, strlen(thishost)) < 0 || |
@@ -1164,6 +1178,7 @@ main(int ac, char **av) | |||
1164 | "p", portstr, | 1178 | "p", portstr, |
1165 | "r", options.user, | 1179 | "r", options.user, |
1166 | "u", pw->pw_name, | 1180 | "u", pw->pw_name, |
1181 | "i", uidstr, | ||
1167 | (char *)NULL); | 1182 | (char *)NULL); |
1168 | free(cp); | 1183 | free(cp); |
1169 | } | 1184 | } |
@@ -1184,6 +1199,7 @@ main(int ac, char **av) | |||
1184 | * have yet resolved the hostname. Do so now. | 1199 | * have yet resolved the hostname. Do so now. |
1185 | */ | 1200 | */ |
1186 | if (addrs == NULL && options.proxy_command == NULL) { | 1201 | if (addrs == NULL && options.proxy_command == NULL) { |
1202 | debug2("resolving \"%s\" port %d", host, options.port); | ||
1187 | if ((addrs = resolve_host(host, options.port, 1, | 1203 | if ((addrs = resolve_host(host, options.port, 1, |
1188 | cname, sizeof(cname))) == NULL) | 1204 | cname, sizeof(cname))) == NULL) |
1189 | cleanup_exit(255); /* resolve_host logs the error */ | 1205 | cleanup_exit(255); /* resolve_host logs the error */ |
@@ -1227,8 +1243,10 @@ main(int ac, char **av) | |||
1227 | sensitive_data.keys[i] = NULL; | 1243 | sensitive_data.keys[i] = NULL; |
1228 | 1244 | ||
1229 | PRIV_START; | 1245 | PRIV_START; |
1246 | #if WITH_SSH1 | ||
1230 | sensitive_data.keys[0] = key_load_private_type(KEY_RSA1, | 1247 | sensitive_data.keys[0] = key_load_private_type(KEY_RSA1, |
1231 | _PATH_HOST_KEY_FILE, "", NULL, NULL); | 1248 | _PATH_HOST_KEY_FILE, "", NULL, NULL); |
1249 | #endif | ||
1232 | #ifdef OPENSSL_HAS_ECC | 1250 | #ifdef OPENSSL_HAS_ECC |
1233 | sensitive_data.keys[1] = key_load_private_cert(KEY_ECDSA, | 1251 | sensitive_data.keys[1] = key_load_private_cert(KEY_ECDSA, |
1234 | _PATH_HOST_ECDSA_KEY_FILE, "", NULL); | 1252 | _PATH_HOST_ECDSA_KEY_FILE, "", NULL); |
@@ -1353,6 +1371,10 @@ main(int ac, char **av) | |||
1353 | options.identity_keys[i] = NULL; | 1371 | options.identity_keys[i] = NULL; |
1354 | } | 1372 | } |
1355 | } | 1373 | } |
1374 | for (i = 0; i < options.num_certificate_files; i++) { | ||
1375 | free(options.certificate_files[i]); | ||
1376 | options.certificate_files[i] = NULL; | ||
1377 | } | ||
1356 | 1378 | ||
1357 | exit_status = compat20 ? ssh_session2() : ssh_session(); | 1379 | exit_status = compat20 ? ssh_session2() : ssh_session(); |
1358 | packet_close(); | 1380 | packet_close(); |
@@ -1604,6 +1626,7 @@ ssh_session(void) | |||
1604 | struct winsize ws; | 1626 | struct winsize ws; |
1605 | char *cp; | 1627 | char *cp; |
1606 | const char *display; | 1628 | const char *display; |
1629 | char *proto = NULL, *data = NULL; | ||
1607 | 1630 | ||
1608 | /* Enable compression if requested. */ | 1631 | /* Enable compression if requested. */ |
1609 | if (options.compression) { | 1632 | if (options.compression) { |
@@ -1674,13 +1697,9 @@ ssh_session(void) | |||
1674 | display = getenv("DISPLAY"); | 1697 | display = getenv("DISPLAY"); |
1675 | if (display == NULL && options.forward_x11) | 1698 | if (display == NULL && options.forward_x11) |
1676 | debug("X11 forwarding requested but DISPLAY not set"); | 1699 | debug("X11 forwarding requested but DISPLAY not set"); |
1677 | if (options.forward_x11 && display != NULL) { | 1700 | if (options.forward_x11 && client_x11_get_proto(display, |
1678 | char *proto, *data; | 1701 | options.xauth_location, options.forward_x11_trusted, |
1679 | /* Get reasonable local authentication information. */ | 1702 | options.forward_x11_timeout, &proto, &data) == 0) { |
1680 | client_x11_get_proto(display, options.xauth_location, | ||
1681 | options.forward_x11_trusted, | ||
1682 | options.forward_x11_timeout, | ||
1683 | &proto, &data); | ||
1684 | /* Request forwarding with authentication spoofing. */ | 1703 | /* Request forwarding with authentication spoofing. */ |
1685 | debug("Requesting X11 forwarding with authentication " | 1704 | debug("Requesting X11 forwarding with authentication " |
1686 | "spoofing."); | 1705 | "spoofing."); |
@@ -1770,6 +1789,7 @@ ssh_session2_setup(int id, int success, void *arg) | |||
1770 | extern char **environ; | 1789 | extern char **environ; |
1771 | const char *display; | 1790 | const char *display; |
1772 | int interactive = tty_flag; | 1791 | int interactive = tty_flag; |
1792 | char *proto = NULL, *data = NULL; | ||
1773 | 1793 | ||
1774 | if (!success) | 1794 | if (!success) |
1775 | return; /* No need for error message, channels code sens one */ | 1795 | return; /* No need for error message, channels code sens one */ |
@@ -1777,12 +1797,9 @@ ssh_session2_setup(int id, int success, void *arg) | |||
1777 | display = getenv("DISPLAY"); | 1797 | display = getenv("DISPLAY"); |
1778 | if (display == NULL && options.forward_x11) | 1798 | if (display == NULL && options.forward_x11) |
1779 | debug("X11 forwarding requested but DISPLAY not set"); | 1799 | debug("X11 forwarding requested but DISPLAY not set"); |
1780 | if (options.forward_x11 && display != NULL) { | 1800 | if (options.forward_x11 && client_x11_get_proto(display, |
1781 | char *proto, *data; | 1801 | options.xauth_location, options.forward_x11_trusted, |
1782 | /* Get reasonable local authentication information. */ | 1802 | options.forward_x11_timeout, &proto, &data) == 0) { |
1783 | client_x11_get_proto(display, options.xauth_location, | ||
1784 | options.forward_x11_trusted, | ||
1785 | options.forward_x11_timeout, &proto, &data); | ||
1786 | /* Request forwarding with authentication spoofing. */ | 1803 | /* Request forwarding with authentication spoofing. */ |
1787 | debug("Requesting X11 forwarding with authentication " | 1804 | debug("Requesting X11 forwarding with authentication " |
1788 | "spoofing."); | 1805 | "spoofing."); |
@@ -1936,25 +1953,30 @@ ssh_session2(void) | |||
1936 | options.escape_char : SSH_ESCAPECHAR_NONE, id); | 1953 | options.escape_char : SSH_ESCAPECHAR_NONE, id); |
1937 | } | 1954 | } |
1938 | 1955 | ||
1956 | /* Loads all IdentityFile and CertificateFile keys */ | ||
1939 | static void | 1957 | static void |
1940 | load_public_identity_files(void) | 1958 | load_public_identity_files(void) |
1941 | { | 1959 | { |
1942 | char *filename, *cp, thishost[NI_MAXHOST]; | 1960 | char *filename, *cp, thishost[NI_MAXHOST]; |
1943 | char *pwdir = NULL, *pwname = NULL; | 1961 | char *pwdir = NULL, *pwname = NULL; |
1944 | int i = 0; | ||
1945 | Key *public; | 1962 | Key *public; |
1946 | struct passwd *pw; | 1963 | struct passwd *pw; |
1947 | u_int n_ids; | 1964 | int i; |
1965 | u_int n_ids, n_certs; | ||
1948 | char *identity_files[SSH_MAX_IDENTITY_FILES]; | 1966 | char *identity_files[SSH_MAX_IDENTITY_FILES]; |
1949 | Key *identity_keys[SSH_MAX_IDENTITY_FILES]; | 1967 | Key *identity_keys[SSH_MAX_IDENTITY_FILES]; |
1968 | char *certificate_files[SSH_MAX_CERTIFICATE_FILES]; | ||
1969 | struct sshkey *certificates[SSH_MAX_CERTIFICATE_FILES]; | ||
1950 | #ifdef ENABLE_PKCS11 | 1970 | #ifdef ENABLE_PKCS11 |
1951 | Key **keys; | 1971 | Key **keys; |
1952 | int nkeys; | 1972 | int nkeys; |
1953 | #endif /* PKCS11 */ | 1973 | #endif /* PKCS11 */ |
1954 | 1974 | ||
1955 | n_ids = 0; | 1975 | n_ids = n_certs = 0; |
1956 | memset(identity_files, 0, sizeof(identity_files)); | 1976 | memset(identity_files, 0, sizeof(identity_files)); |
1957 | memset(identity_keys, 0, sizeof(identity_keys)); | 1977 | memset(identity_keys, 0, sizeof(identity_keys)); |
1978 | memset(certificate_files, 0, sizeof(certificate_files)); | ||
1979 | memset(certificates, 0, sizeof(certificates)); | ||
1958 | 1980 | ||
1959 | #ifdef ENABLE_PKCS11 | 1981 | #ifdef ENABLE_PKCS11 |
1960 | if (options.pkcs11_provider != NULL && | 1982 | if (options.pkcs11_provider != NULL && |
@@ -1986,6 +2008,7 @@ load_public_identity_files(void) | |||
1986 | if (n_ids >= SSH_MAX_IDENTITY_FILES || | 2008 | if (n_ids >= SSH_MAX_IDENTITY_FILES || |
1987 | strcasecmp(options.identity_files[i], "none") == 0) { | 2009 | strcasecmp(options.identity_files[i], "none") == 0) { |
1988 | free(options.identity_files[i]); | 2010 | free(options.identity_files[i]); |
2011 | options.identity_files[i] = NULL; | ||
1989 | continue; | 2012 | continue; |
1990 | } | 2013 | } |
1991 | cp = tilde_expand_filename(options.identity_files[i], | 2014 | cp = tilde_expand_filename(options.identity_files[i], |
@@ -2004,7 +2027,12 @@ load_public_identity_files(void) | |||
2004 | if (++n_ids >= SSH_MAX_IDENTITY_FILES) | 2027 | if (++n_ids >= SSH_MAX_IDENTITY_FILES) |
2005 | continue; | 2028 | continue; |
2006 | 2029 | ||
2007 | /* Try to add the certificate variant too */ | 2030 | /* |
2031 | * If no certificates have been explicitly listed then try | ||
2032 | * to add the default certificate variant too. | ||
2033 | */ | ||
2034 | if (options.num_certificate_files != 0) | ||
2035 | continue; | ||
2008 | xasprintf(&cp, "%s-cert", filename); | 2036 | xasprintf(&cp, "%s-cert", filename); |
2009 | public = key_load_public(cp, NULL); | 2037 | public = key_load_public(cp, NULL); |
2010 | debug("identity file %s type %d", cp, | 2038 | debug("identity file %s type %d", cp, |
@@ -2021,14 +2049,50 @@ load_public_identity_files(void) | |||
2021 | continue; | 2049 | continue; |
2022 | } | 2050 | } |
2023 | identity_keys[n_ids] = public; | 2051 | identity_keys[n_ids] = public; |
2024 | /* point to the original path, most likely the private key */ | 2052 | identity_files[n_ids] = cp; |
2025 | identity_files[n_ids] = xstrdup(filename); | ||
2026 | n_ids++; | 2053 | n_ids++; |
2027 | } | 2054 | } |
2055 | |||
2056 | if (options.num_certificate_files > SSH_MAX_CERTIFICATE_FILES) | ||
2057 | fatal("%s: too many certificates", __func__); | ||
2058 | for (i = 0; i < options.num_certificate_files; i++) { | ||
2059 | cp = tilde_expand_filename(options.certificate_files[i], | ||
2060 | original_real_uid); | ||
2061 | filename = percent_expand(cp, "d", pwdir, | ||
2062 | "u", pwname, "l", thishost, "h", host, | ||
2063 | "r", options.user, (char *)NULL); | ||
2064 | free(cp); | ||
2065 | |||
2066 | public = key_load_public(filename, NULL); | ||
2067 | debug("certificate file %s type %d", filename, | ||
2068 | public ? public->type : -1); | ||
2069 | free(options.certificate_files[i]); | ||
2070 | options.certificate_files[i] = NULL; | ||
2071 | if (public == NULL) { | ||
2072 | free(filename); | ||
2073 | continue; | ||
2074 | } | ||
2075 | if (!key_is_cert(public)) { | ||
2076 | debug("%s: key %s type %s is not a certificate", | ||
2077 | __func__, filename, key_type(public)); | ||
2078 | key_free(public); | ||
2079 | free(filename); | ||
2080 | continue; | ||
2081 | } | ||
2082 | certificate_files[n_certs] = filename; | ||
2083 | certificates[n_certs] = public; | ||
2084 | ++n_certs; | ||
2085 | } | ||
2086 | |||
2028 | options.num_identity_files = n_ids; | 2087 | options.num_identity_files = n_ids; |
2029 | memcpy(options.identity_files, identity_files, sizeof(identity_files)); | 2088 | memcpy(options.identity_files, identity_files, sizeof(identity_files)); |
2030 | memcpy(options.identity_keys, identity_keys, sizeof(identity_keys)); | 2089 | memcpy(options.identity_keys, identity_keys, sizeof(identity_keys)); |
2031 | 2090 | ||
2091 | options.num_certificate_files = n_certs; | ||
2092 | memcpy(options.certificate_files, | ||
2093 | certificate_files, sizeof(certificate_files)); | ||
2094 | memcpy(options.certificates, certificates, sizeof(certificates)); | ||
2095 | |||
2032 | explicit_bzero(pwname, strlen(pwname)); | 2096 | explicit_bzero(pwname, strlen(pwname)); |
2033 | free(pwname); | 2097 | free(pwname); |
2034 | explicit_bzero(pwdir, strlen(pwdir)); | 2098 | explicit_bzero(pwdir, strlen(pwdir)); |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh.h,v 1.81 2015/08/04 05:23:06 djm Exp $ */ | 1 | /* $OpenBSD: ssh.h,v 1.83 2015/12/11 03:19:09 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
@@ -19,6 +19,12 @@ | |||
19 | #define SSH_DEFAULT_PORT 22 | 19 | #define SSH_DEFAULT_PORT 22 |
20 | 20 | ||
21 | /* | 21 | /* |
22 | * Maximum number of certificate files that can be specified | ||
23 | * in configuration files or on the command line. | ||
24 | */ | ||
25 | #define SSH_MAX_CERTIFICATE_FILES 100 | ||
26 | |||
27 | /* | ||
22 | * Maximum number of RSA authentication identity files that can be specified | 28 | * Maximum number of RSA authentication identity files that can be specified |
23 | * in configuration files or on the command line. | 29 | * in configuration files or on the command line. |
24 | */ | 30 | */ |
@@ -29,7 +35,7 @@ | |||
29 | * Current value permits 16kbit RSA and RSA1 keys and 8kbit DSA keys, with | 35 | * Current value permits 16kbit RSA and RSA1 keys and 8kbit DSA keys, with |
30 | * some room for options and comments. | 36 | * some room for options and comments. |
31 | */ | 37 | */ |
32 | #define SSH_MAX_PUBKEY_BYTES 8192 | 38 | #define SSH_MAX_PUBKEY_BYTES 16384 |
33 | 39 | ||
34 | /* | 40 | /* |
35 | * Major protocol version. Different version indicates major incompatibility | 41 | * Major protocol version. Different version indicates major incompatibility |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh2.h,v 1.15 2014/01/29 06:18:35 djm Exp $ */ | 1 | /* $OpenBSD: ssh2.h,v 1.17 2016/01/14 16:17:40 markus Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
@@ -80,6 +80,7 @@ | |||
80 | #define SSH2_MSG_DEBUG 4 | 80 | #define SSH2_MSG_DEBUG 4 |
81 | #define SSH2_MSG_SERVICE_REQUEST 5 | 81 | #define SSH2_MSG_SERVICE_REQUEST 5 |
82 | #define SSH2_MSG_SERVICE_ACCEPT 6 | 82 | #define SSH2_MSG_SERVICE_ACCEPT 6 |
83 | #define SSH2_MSG_EXT_INFO 7 | ||
83 | 84 | ||
84 | /* transport layer: alg negotiation */ | 85 | /* transport layer: alg negotiation */ |
85 | 86 | ||
@@ -164,13 +165,6 @@ | |||
164 | 165 | ||
165 | #define SSH2_EXTENDED_DATA_STDERR 1 | 166 | #define SSH2_EXTENDED_DATA_STDERR 1 |
166 | 167 | ||
167 | /* kex messages for resume@appgate.com */ | ||
168 | #define SSH2_MSG_KEX_ROAMING_RESUME 30 | ||
169 | #define SSH2_MSG_KEX_ROAMING_AUTH_REQUIRED 31 | ||
170 | #define SSH2_MSG_KEX_ROAMING_AUTH 32 | ||
171 | #define SSH2_MSG_KEX_ROAMING_AUTH_OK 33 | ||
172 | #define SSH2_MSG_KEX_ROAMING_AUTH_FAIL 34 | ||
173 | |||
174 | /* Certificate types for OpenSSH certificate keys extension */ | 168 | /* Certificate types for OpenSSH certificate keys extension */ |
175 | #define SSH2_CERT_TYPE_USER 1 | 169 | #define SSH2_CERT_TYPE_USER 1 |
176 | #define SSH2_CERT_TYPE_HOST 2 | 170 | #define SSH2_CERT_TYPE_HOST 2 |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh_api.c,v 1.4 2015/02/16 22:13:32 djm Exp $ */ | 1 | /* $OpenBSD: ssh_api.c,v 1.5 2015/12/04 16:41:28 markus Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2012 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2012 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -40,8 +40,8 @@ int _ssh_order_hostkeyalgs(struct ssh *); | |||
40 | int _ssh_verify_host_key(struct sshkey *, struct ssh *); | 40 | int _ssh_verify_host_key(struct sshkey *, struct ssh *); |
41 | struct sshkey *_ssh_host_public_key(int, int, struct ssh *); | 41 | struct sshkey *_ssh_host_public_key(int, int, struct ssh *); |
42 | struct sshkey *_ssh_host_private_key(int, int, struct ssh *); | 42 | struct sshkey *_ssh_host_private_key(int, int, struct ssh *); |
43 | int _ssh_host_key_sign(struct sshkey *, struct sshkey *, u_char **, | 43 | int _ssh_host_key_sign(struct sshkey *, struct sshkey *, |
44 | size_t *, const u_char *, size_t, u_int); | 44 | u_char **, size_t *, const u_char *, size_t, const char *, u_int); |
45 | 45 | ||
46 | /* | 46 | /* |
47 | * stubs for the server side implementation of kex. | 47 | * stubs for the server side implementation of kex. |
@@ -49,7 +49,7 @@ int _ssh_host_key_sign(struct sshkey *, struct sshkey *, u_char **, | |||
49 | */ | 49 | */ |
50 | int use_privsep = 0; | 50 | int use_privsep = 0; |
51 | int mm_sshkey_sign(struct sshkey *, u_char **, u_int *, | 51 | int mm_sshkey_sign(struct sshkey *, u_char **, u_int *, |
52 | u_char *, u_int, u_int); | 52 | u_char *, u_int, char *, u_int); |
53 | DH *mm_choose_dh(int, int, int); | 53 | DH *mm_choose_dh(int, int, int); |
54 | 54 | ||
55 | /* Define these two variables here so that they are part of the library */ | 55 | /* Define these two variables here so that they are part of the library */ |
@@ -58,7 +58,7 @@ u_int session_id2_len = 0; | |||
58 | 58 | ||
59 | int | 59 | int |
60 | mm_sshkey_sign(struct sshkey *key, u_char **sigp, u_int *lenp, | 60 | mm_sshkey_sign(struct sshkey *key, u_char **sigp, u_int *lenp, |
61 | u_char *data, u_int datalen, u_int compat) | 61 | u_char *data, u_int datalen, char *alg, u_int compat) |
62 | { | 62 | { |
63 | return (-1); | 63 | return (-1); |
64 | } | 64 | } |
@@ -530,8 +530,8 @@ _ssh_order_hostkeyalgs(struct ssh *ssh) | |||
530 | 530 | ||
531 | int | 531 | int |
532 | _ssh_host_key_sign(struct sshkey *privkey, struct sshkey *pubkey, | 532 | _ssh_host_key_sign(struct sshkey *privkey, struct sshkey *pubkey, |
533 | u_char **signature, size_t *slen, | 533 | u_char **signature, size_t *slen, const u_char *data, size_t dlen, |
534 | const u_char *data, size_t dlen, u_int compat) | 534 | const char *alg, u_int compat) |
535 | { | 535 | { |
536 | return sshkey_sign(privkey, signature, slen, data, dlen, compat); | 536 | return sshkey_sign(privkey, signature, slen, data, dlen, alg, compat); |
537 | } | 537 | } |
diff --git a/ssh_config b/ssh_config index c9386aadd..5190b06b1 100644 --- a/ssh_config +++ b/ssh_config | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: ssh_config,v 1.28 2013/09/16 11:35:43 sthen Exp $ | 1 | # $OpenBSD: ssh_config,v 1.30 2016/02/20 23:06:23 sobrado Exp $ |
2 | 2 | ||
3 | # This is the ssh client system-wide configuration file. See | 3 | # This is the ssh client system-wide configuration file. See |
4 | # ssh_config(5) for more information. This file provides defaults for | 4 | # ssh_config(5) for more information. This file provides defaults for |
@@ -37,8 +37,10 @@ Host * | |||
37 | # IdentityFile ~/.ssh/identity | 37 | # IdentityFile ~/.ssh/identity |
38 | # IdentityFile ~/.ssh/id_rsa | 38 | # IdentityFile ~/.ssh/id_rsa |
39 | # IdentityFile ~/.ssh/id_dsa | 39 | # IdentityFile ~/.ssh/id_dsa |
40 | # IdentityFile ~/.ssh/id_ecdsa | ||
41 | # IdentityFile ~/.ssh/id_ed25519 | ||
40 | # Port 22 | 42 | # Port 22 |
41 | # Protocol 2,1 | 43 | # Protocol 2 |
42 | # Cipher 3des | 44 | # Cipher 3des |
43 | # Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc | 45 | # Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc |
44 | # MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160 | 46 | # MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160 |
diff --git a/ssh_config.0 b/ssh_config.0 index 67133cd4d..b823c021c 100644 --- a/ssh_config.0 +++ b/ssh_config.0 | |||
@@ -59,7 +59,7 @@ DESCRIPTION | |||
59 | Match Restricts the following declarations (up to the next Host or | 59 | Match Restricts the following declarations (up to the next Host or |
60 | Match keyword) to be used only when the conditions following the | 60 | Match keyword) to be used only when the conditions following the |
61 | Match keyword are satisfied. Match conditions are specified | 61 | Match keyword are satisfied. Match conditions are specified |
62 | using one or more critera or the single token all which always | 62 | using one or more criteria or the single token all which always |
63 | matches. The available criteria keywords are: canonical, exec, | 63 | matches. The available criteria keywords are: canonical, exec, |
64 | host, originalhost, user, and localuser. The all criteria must | 64 | host, originalhost, user, and localuser. The all criteria must |
65 | appear alone or immediately after canonical. Other criteria may | 65 | appear alone or immediately after canonical. Other criteria may |
@@ -94,10 +94,23 @@ DESCRIPTION | |||
94 | matches against the name of the local user running ssh(1) (this | 94 | matches against the name of the local user running ssh(1) (this |
95 | keyword may be useful in system-wide ssh_config files). | 95 | keyword may be useful in system-wide ssh_config files). |
96 | 96 | ||
97 | AddKeysToAgent | ||
98 | Specifies whether keys should be automatically added to a running | ||
99 | ssh-agent(1). If this option is set to M-bM-^@M-^\yesM-bM-^@M-^] and a key is loaded | ||
100 | from a file, the key and its passphrase are added to the agent | ||
101 | with the default lifetime, as if by ssh-add(1). If this option | ||
102 | is set to M-bM-^@M-^\askM-bM-^@M-^], ssh will require confirmation using the | ||
103 | SSH_ASKPASS program before adding a key (see ssh-add(1) for | ||
104 | details). If this option is set to M-bM-^@M-^\confirmM-bM-^@M-^], each use of the | ||
105 | key must be confirmed, as if the -c option was specified to | ||
106 | ssh-add(1). If this option is set to M-bM-^@M-^\noM-bM-^@M-^], no keys are added to | ||
107 | the agent. The argument must be M-bM-^@M-^\yesM-bM-^@M-^], M-bM-^@M-^\confirmM-bM-^@M-^], M-bM-^@M-^\askM-bM-^@M-^], or | ||
108 | M-bM-^@M-^\noM-bM-^@M-^]. The default is M-bM-^@M-^\noM-bM-^@M-^]. | ||
109 | |||
97 | AddressFamily | 110 | AddressFamily |
98 | Specifies which address family to use when connecting. Valid | 111 | Specifies which address family to use when connecting. Valid |
99 | arguments are M-bM-^@M-^\anyM-bM-^@M-^], M-bM-^@M-^\inetM-bM-^@M-^] (use IPv4 only), or M-bM-^@M-^\inet6M-bM-^@M-^] (use IPv6 | 112 | arguments are M-bM-^@M-^\anyM-bM-^@M-^], M-bM-^@M-^\inetM-bM-^@M-^] (use IPv4 only), or M-bM-^@M-^\inet6M-bM-^@M-^] (use IPv6 |
100 | only). | 113 | only). The default is M-bM-^@M-^\anyM-bM-^@M-^]. |
101 | 114 | ||
102 | BatchMode | 115 | BatchMode |
103 | If set to M-bM-^@M-^\yesM-bM-^@M-^], passphrase/password querying will be disabled. | 116 | If set to M-bM-^@M-^\yesM-bM-^@M-^], passphrase/password querying will be disabled. |
@@ -157,6 +170,22 @@ DESCRIPTION | |||
157 | canonicalized to names in the M-bM-^@M-^\*.b.example.comM-bM-^@M-^] or | 170 | canonicalized to names in the M-bM-^@M-^\*.b.example.comM-bM-^@M-^] or |
158 | M-bM-^@M-^\*.c.example.comM-bM-^@M-^] domains. | 171 | M-bM-^@M-^\*.c.example.comM-bM-^@M-^] domains. |
159 | 172 | ||
173 | CertificateFile | ||
174 | Specifies a file from which the user's certificate is read. A | ||
175 | corresponding private key must be provided separately in order to | ||
176 | use this certificate either from an IdentityFile directive or -i | ||
177 | flag to ssh(1), via ssh-agent(1), or via a PKCS11Provider. | ||
178 | |||
179 | The file name may use the tilde syntax to refer to a user's home | ||
180 | directory or one of the following escape characters: M-bM-^@M-^X%dM-bM-^@M-^Y (local | ||
181 | user's home directory), M-bM-^@M-^X%uM-bM-^@M-^Y (local user name), M-bM-^@M-^X%lM-bM-^@M-^Y (local host | ||
182 | name), M-bM-^@M-^X%hM-bM-^@M-^Y (remote host name) or M-bM-^@M-^X%rM-bM-^@M-^Y (remote user name). | ||
183 | |||
184 | It is possible to have multiple certificate files specified in | ||
185 | configuration files; these certificates will be tried in | ||
186 | sequence. Multiple CertificateFile directives will add to the | ||
187 | list of certificates used for authentication. | ||
188 | |||
160 | ChallengeResponseAuthentication | 189 | ChallengeResponseAuthentication |
161 | Specifies whether to use challenge-response authentication. The | 190 | Specifies whether to use challenge-response authentication. The |
162 | argument to this keyword must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The default is | 191 | argument to this keyword must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The default is |
@@ -208,9 +237,7 @@ DESCRIPTION | |||
208 | chacha20-poly1305@openssh.com, | 237 | chacha20-poly1305@openssh.com, |
209 | aes128-ctr,aes192-ctr,aes256-ctr, | 238 | aes128-ctr,aes192-ctr,aes256-ctr, |
210 | aes128-gcm@openssh.com,aes256-gcm@openssh.com, | 239 | aes128-gcm@openssh.com,aes256-gcm@openssh.com, |
211 | arcfour256,arcfour128, | 240 | aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc |
212 | aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc, | ||
213 | aes192-cbc,aes256-cbc,arcfour | ||
214 | 241 | ||
215 | The list of available ciphers may also be obtained using the -Q | 242 | The list of available ciphers may also be obtained using the -Q |
216 | option of ssh(1) with an argument of M-bM-^@M-^\cipherM-bM-^@M-^]. | 243 | option of ssh(1) with an argument of M-bM-^@M-^\cipherM-bM-^@M-^]. |
@@ -282,13 +309,13 @@ DESCRIPTION | |||
282 | any domain name), M-bM-^@M-^X%hM-bM-^@M-^Y will be substituted by the target host | 309 | any domain name), M-bM-^@M-^X%hM-bM-^@M-^Y will be substituted by the target host |
283 | name, M-bM-^@M-^X%nM-bM-^@M-^Y will be substituted by the original target host name | 310 | name, M-bM-^@M-^X%nM-bM-^@M-^Y will be substituted by the original target host name |
284 | specified on the command line, M-bM-^@M-^X%pM-bM-^@M-^Y the destination port, M-bM-^@M-^X%rM-bM-^@M-^Y by | 311 | specified on the command line, M-bM-^@M-^X%pM-bM-^@M-^Y the destination port, M-bM-^@M-^X%rM-bM-^@M-^Y by |
285 | the remote login username, M-bM-^@M-^X%uM-bM-^@M-^Y by the username of the user | 312 | the remote login username, M-bM-^@M-^X%uM-bM-^@M-^Y by the username and M-bM-^@M-^X%iM-bM-^@M-^Y by the |
286 | running ssh(1), and M-bM-^@M-^X%CM-bM-^@M-^Y by a hash of the concatenation: | 313 | numeric user ID (uid) of the user running ssh(1), and M-bM-^@M-^X%CM-bM-^@M-^Y by a |
287 | %l%h%p%r. It is recommended that any ControlPath used for | 314 | hash of the concatenation: %l%h%p%r. It is recommended that any |
288 | opportunistic connection sharing include at least %h, %p, and %r | 315 | ControlPath used for opportunistic connection sharing include at |
289 | (or alternatively %C) and be placed in a directory that is not | 316 | least %h, %p, and %r (or alternatively %C) and be placed in a |
290 | writable by other users. This ensures that shared connections | 317 | directory that is not writable by other users. This ensures that |
291 | are uniquely identified. | 318 | shared connections are uniquely identified. |
292 | 319 | ||
293 | ControlPersist | 320 | ControlPersist |
294 | When used in conjunction with ControlMaster, specifies that the | 321 | When used in conjunction with ControlMaster, specifies that the |
@@ -342,8 +369,12 @@ DESCRIPTION | |||
342 | ExitOnForwardFailure | 369 | ExitOnForwardFailure |
343 | Specifies whether ssh(1) should terminate the connection if it | 370 | Specifies whether ssh(1) should terminate the connection if it |
344 | cannot set up all requested dynamic, tunnel, local, and remote | 371 | cannot set up all requested dynamic, tunnel, local, and remote |
345 | port forwardings. The argument must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The | 372 | port forwardings, (e.g. if either end is unable to bind and |
346 | default is M-bM-^@M-^\noM-bM-^@M-^]. | 373 | listen on a specified port). Note that ExitOnForwardFailure does |
374 | not apply to connections made over port forwardings and will not, | ||
375 | for example, cause ssh(1) to exit if TCP connections to the | ||
376 | ultimate forwarding destination fail. The argument must be M-bM-^@M-^\yesM-bM-^@M-^] | ||
377 | or M-bM-^@M-^\noM-bM-^@M-^]. The default is M-bM-^@M-^\noM-bM-^@M-^]. | ||
347 | 378 | ||
348 | FingerprintHash | 379 | FingerprintHash |
349 | Specifies the hash algorithm used when displaying key | 380 | Specifies the hash algorithm used when displaying key |
@@ -415,12 +446,11 @@ DESCRIPTION | |||
415 | 446 | ||
416 | GSSAPIAuthentication | 447 | GSSAPIAuthentication |
417 | Specifies whether user authentication based on GSSAPI is allowed. | 448 | Specifies whether user authentication based on GSSAPI is allowed. |
418 | The default is M-bM-^@M-^\noM-bM-^@M-^]. Note that this option applies to protocol | 449 | The default is M-bM-^@M-^\noM-bM-^@M-^]. |
419 | version 2 only. | ||
420 | 450 | ||
421 | GSSAPIDelegateCredentials | 451 | GSSAPIDelegateCredentials |
422 | Forward (delegate) credentials to the server. The default is | 452 | Forward (delegate) credentials to the server. The default is |
423 | M-bM-^@M-^\noM-bM-^@M-^]. Note that this option applies to protocol version 2 only. | 453 | M-bM-^@M-^\noM-bM-^@M-^]. |
424 | 454 | ||
425 | HashKnownHosts | 455 | HashKnownHosts |
426 | Indicates that ssh(1) should hash host names and addresses when | 456 | Indicates that ssh(1) should hash host names and addresses when |
@@ -434,8 +464,7 @@ DESCRIPTION | |||
434 | HostbasedAuthentication | 464 | HostbasedAuthentication |
435 | Specifies whether to try rhosts based authentication with public | 465 | Specifies whether to try rhosts based authentication with public |
436 | key authentication. The argument must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The | 466 | key authentication. The argument must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The |
437 | default is M-bM-^@M-^\noM-bM-^@M-^]. This option applies to protocol version 2 only | 467 | default is M-bM-^@M-^\noM-bM-^@M-^]. |
438 | and is similar to RhostsRSAAuthentication. | ||
439 | 468 | ||
440 | HostbasedKeyTypes | 469 | HostbasedKeyTypes |
441 | Specifies the key types that will be used for hostbased | 470 | Specifies the key types that will be used for hostbased |
@@ -455,11 +484,11 @@ DESCRIPTION | |||
455 | The -Q option of ssh(1) may be used to list supported key types. | 484 | The -Q option of ssh(1) may be used to list supported key types. |
456 | 485 | ||
457 | HostKeyAlgorithms | 486 | HostKeyAlgorithms |
458 | Specifies the protocol version 2 host key algorithms that the | 487 | Specifies the host key algorithms that the client wants to use in |
459 | client wants to use in order of preference. Alternately if the | 488 | order of preference. Alternately if the specified value begins |
460 | specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified | 489 | with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified key types will be |
461 | key types will be appended to the default set instead of | 490 | appended to the default set instead of replacing them. The |
462 | replacing them. The default for this option is: | 491 | default for this option is: |
463 | 492 | ||
464 | ecdsa-sha2-nistp256-cert-v01@openssh.com, | 493 | ecdsa-sha2-nistp256-cert-v01@openssh.com, |
465 | ecdsa-sha2-nistp384-cert-v01@openssh.com, | 494 | ecdsa-sha2-nistp384-cert-v01@openssh.com, |
@@ -496,8 +525,9 @@ DESCRIPTION | |||
496 | 525 | ||
497 | IdentitiesOnly | 526 | IdentitiesOnly |
498 | Specifies that ssh(1) should only use the authentication identity | 527 | Specifies that ssh(1) should only use the authentication identity |
499 | files configured in the ssh_config files, even if ssh-agent(1) or | 528 | and certificate files explicitly configured in the ssh_config |
500 | a PKCS11Provider offers more identities. The argument to this | 529 | files or passed on the ssh(1) command-line, even if ssh-agent(1) |
530 | or a PKCS11Provider offers more identities. The argument to this | ||
501 | keyword must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. This option is intended for | 531 | keyword must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. This option is intended for |
502 | situations where ssh-agent offers many different identities. The | 532 | situations where ssh-agent offers many different identities. The |
503 | default is M-bM-^@M-^\noM-bM-^@M-^]. | 533 | default is M-bM-^@M-^\noM-bM-^@M-^]. |
@@ -509,9 +539,10 @@ DESCRIPTION | |||
509 | ~/.ssh/id_ed25519 and ~/.ssh/id_rsa for protocol version 2. | 539 | ~/.ssh/id_ed25519 and ~/.ssh/id_rsa for protocol version 2. |
510 | Additionally, any identities represented by the authentication | 540 | Additionally, any identities represented by the authentication |
511 | agent will be used for authentication unless IdentitiesOnly is | 541 | agent will be used for authentication unless IdentitiesOnly is |
512 | set. ssh(1) will try to load certificate information from the | 542 | set. If no certificates have been explicitly specified by |
513 | filename obtained by appending -cert.pub to the path of a | 543 | CertificateFile, ssh(1) will try to load certificate information |
514 | specified IdentityFile. | 544 | from the filename obtained by appending -cert.pub to the path of |
545 | a specified IdentityFile. | ||
515 | 546 | ||
516 | The file name may use the tilde syntax to refer to a user's home | 547 | The file name may use the tilde syntax to refer to a user's home |
517 | directory or one of the following escape characters: M-bM-^@M-^X%dM-bM-^@M-^Y (local | 548 | directory or one of the following escape characters: M-bM-^@M-^X%dM-bM-^@M-^Y (local |
@@ -526,7 +557,9 @@ DESCRIPTION | |||
526 | 557 | ||
527 | IdentityFile may be used in conjunction with IdentitiesOnly to | 558 | IdentityFile may be used in conjunction with IdentitiesOnly to |
528 | select which identities in an agent are offered during | 559 | select which identities in an agent are offered during |
529 | authentication. | 560 | authentication. IdentityFile may also be used in conjunction |
561 | with CertificateFile in order to provide any certificate also | ||
562 | needed for authentication with the identity. | ||
530 | 563 | ||
531 | IgnoreUnknown | 564 | IgnoreUnknown |
532 | Specifies a pattern-list of unknown options to be ignored if they | 565 | Specifies a pattern-list of unknown options to be ignored if they |
@@ -620,11 +653,11 @@ DESCRIPTION | |||
620 | higher levels of verbose output. | 653 | higher levels of verbose output. |
621 | 654 | ||
622 | MACs Specifies the MAC (message authentication code) algorithms in | 655 | MACs Specifies the MAC (message authentication code) algorithms in |
623 | order of preference. The MAC algorithm is used in protocol | 656 | order of preference. The MAC algorithm is used for data |
624 | version 2 for data integrity protection. Multiple algorithms | 657 | integrity protection. Multiple algorithms must be comma- |
625 | must be comma-separated. If the specified value begins with a | 658 | separated. If the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, |
626 | M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified algorithms will be appended to | 659 | then the specified algorithms will be appended to the default set |
627 | the default set instead of replacing them. | 660 | instead of replacing them. |
628 | 661 | ||
629 | The algorithms that contain M-bM-^@M-^\-etmM-bM-^@M-^] calculate the MAC after | 662 | The algorithms that contain M-bM-^@M-^\-etmM-bM-^@M-^] calculate the MAC after |
630 | encryption (encrypt-then-mac). These are considered safer and | 663 | encryption (encrypt-then-mac). These are considered safer and |
@@ -634,13 +667,9 @@ DESCRIPTION | |||
634 | 667 | ||
635 | umac-64-etm@openssh.com,umac-128-etm@openssh.com, | 668 | umac-64-etm@openssh.com,umac-128-etm@openssh.com, |
636 | hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com, | 669 | hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com, |
670 | hmac-sha1-etm@openssh.com, | ||
637 | umac-64@openssh.com,umac-128@openssh.com, | 671 | umac-64@openssh.com,umac-128@openssh.com, |
638 | hmac-sha2-256,hmac-sha2-512, | 672 | hmac-sha2-256,hmac-sha2-512,hmac-sha1 |
639 | hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com, | ||
640 | hmac-ripemd160-etm@openssh.com, | ||
641 | hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com, | ||
642 | hmac-md5,hmac-sha1,hmac-ripemd160, | ||
643 | hmac-sha1-96,hmac-md5-96 | ||
644 | 673 | ||
645 | The list of available MAC algorithms may also be obtained using | 674 | The list of available MAC algorithms may also be obtained using |
646 | the -Q option of ssh(1) with an argument of M-bM-^@M-^\macM-bM-^@M-^]. | 675 | the -Q option of ssh(1) with an argument of M-bM-^@M-^\macM-bM-^@M-^]. |
@@ -677,10 +706,10 @@ DESCRIPTION | |||
677 | default is 22. | 706 | default is 22. |
678 | 707 | ||
679 | PreferredAuthentications | 708 | PreferredAuthentications |
680 | Specifies the order in which the client should try protocol 2 | 709 | Specifies the order in which the client should try authentication |
681 | authentication methods. This allows a client to prefer one | 710 | methods. This allows a client to prefer one method (e.g. |
682 | method (e.g. keyboard-interactive) over another method (e.g. | 711 | keyboard-interactive) over another method (e.g. password). The |
683 | password). The default is: | 712 | default is: |
684 | 713 | ||
685 | gssapi-with-mic,hostbased,publickey, | 714 | gssapi-with-mic,hostbased,publickey, |
686 | keyboard-interactive,password | 715 | keyboard-interactive,password |
@@ -690,7 +719,9 @@ DESCRIPTION | |||
690 | preference. The possible values are M-bM-^@M-^X1M-bM-^@M-^Y and M-bM-^@M-^X2M-bM-^@M-^Y. Multiple | 719 | preference. The possible values are M-bM-^@M-^X1M-bM-^@M-^Y and M-bM-^@M-^X2M-bM-^@M-^Y. Multiple |
691 | versions must be comma-separated. When this option is set to | 720 | versions must be comma-separated. When this option is set to |
692 | M-bM-^@M-^\2,1M-bM-^@M-^] ssh will try version 2 and fall back to version 1 if | 721 | M-bM-^@M-^\2,1M-bM-^@M-^] ssh will try version 2 and fall back to version 1 if |
693 | version 2 is not available. The default is M-bM-^@M-^X2M-bM-^@M-^Y. | 722 | version 2 is not available. The default is M-bM-^@M-^X2M-bM-^@M-^Y. Protocol 1 |
723 | suffers from a number of cryptographic weaknesses and should not | ||
724 | be used. It is only offered to support legacy devices. | ||
694 | 725 | ||
695 | ProxyCommand | 726 | ProxyCommand |
696 | Specifies the command to use to connect to the server. The | 727 | Specifies the command to use to connect to the server. The |
@@ -740,7 +771,6 @@ DESCRIPTION | |||
740 | PubkeyAuthentication | 771 | PubkeyAuthentication |
741 | Specifies whether to try public key authentication. The argument | 772 | Specifies whether to try public key authentication. The argument |
742 | to this keyword must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The default is M-bM-^@M-^\yesM-bM-^@M-^]. | 773 | to this keyword must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The default is M-bM-^@M-^\yesM-bM-^@M-^]. |
743 | This option applies to protocol version 2 only. | ||
744 | 774 | ||
745 | RekeyLimit | 775 | RekeyLimit |
746 | Specifies the maximum amount of data that may be transmitted | 776 | Specifies the maximum amount of data that may be transmitted |
@@ -755,7 +785,6 @@ DESCRIPTION | |||
755 | default value for RekeyLimit is M-bM-^@M-^\default noneM-bM-^@M-^], which means that | 785 | default value for RekeyLimit is M-bM-^@M-^\default noneM-bM-^@M-^], which means that |
756 | rekeying is performed after the cipher's default amount of data | 786 | rekeying is performed after the cipher's default amount of data |
757 | has been sent or received and no time based rekeying is done. | 787 | has been sent or received and no time based rekeying is done. |
758 | This option applies to protocol version 2 only. | ||
759 | 788 | ||
760 | RemoteForward | 789 | RemoteForward |
761 | Specifies that a TCP port on the remote machine be forwarded over | 790 | Specifies that a TCP port on the remote machine be forwarded over |
@@ -808,8 +837,7 @@ DESCRIPTION | |||
808 | 837 | ||
809 | SendEnv | 838 | SendEnv |
810 | Specifies what variables from the local environ(7) should be sent | 839 | Specifies what variables from the local environ(7) should be sent |
811 | to the server. Note that environment passing is only supported | 840 | to the server. The server must also support it, and the server |
812 | for protocol 2. The server must also support it, and the server | ||
813 | must be configured to accept these environment variables. Note | 841 | must be configured to accept these environment variables. Note |
814 | that the TERM environment variable is always sent whenever a | 842 | that the TERM environment variable is always sent whenever a |
815 | pseudo-terminal is requested as it is required by the protocol. | 843 | pseudo-terminal is requested as it is required by the protocol. |
@@ -838,15 +866,14 @@ DESCRIPTION | |||
838 | The default value is 3. If, for example, ServerAliveInterval | 866 | The default value is 3. If, for example, ServerAliveInterval |
839 | (see below) is set to 15 and ServerAliveCountMax is left at the | 867 | (see below) is set to 15 and ServerAliveCountMax is left at the |
840 | default, if the server becomes unresponsive, ssh will disconnect | 868 | default, if the server becomes unresponsive, ssh will disconnect |
841 | after approximately 45 seconds. This option applies to protocol | 869 | after approximately 45 seconds. |
842 | version 2 only. | ||
843 | 870 | ||
844 | ServerAliveInterval | 871 | ServerAliveInterval |
845 | Sets a timeout interval in seconds after which if no data has | 872 | Sets a timeout interval in seconds after which if no data has |
846 | been received from the server, ssh(1) will send a message through | 873 | been received from the server, ssh(1) will send a message through |
847 | the encrypted channel to request a response from the server. The | 874 | the encrypted channel to request a response from the server. The |
848 | default is 0, indicating that these messages will not be sent to | 875 | default is 0, indicating that these messages will not be sent to |
849 | the server. This option applies to protocol version 2 only. | 876 | the server. |
850 | 877 | ||
851 | StreamLocalBindMask | 878 | StreamLocalBindMask |
852 | Sets the octal file creation mode mask (umask) used when creating | 879 | Sets the octal file creation mode mask (umask) used when creating |
@@ -924,7 +951,7 @@ DESCRIPTION | |||
924 | graceful key rotation by allowing a server to send replacement | 951 | graceful key rotation by allowing a server to send replacement |
925 | public keys before old ones are removed. Additional hostkeys are | 952 | public keys before old ones are removed. Additional hostkeys are |
926 | only accepted if the key used to authenticate the host was | 953 | only accepted if the key used to authenticate the host was |
927 | already trusted or explicity accepted by the user. If | 954 | already trusted or explicitly accepted by the user. If |
928 | UpdateHostKeys is set to M-bM-^@M-^\askM-bM-^@M-^], then the user is asked to confirm | 955 | UpdateHostKeys is set to M-bM-^@M-^\askM-bM-^@M-^], then the user is asked to confirm |
929 | the modifications to the known_hosts file. Confirmation is | 956 | the modifications to the known_hosts file. Confirmation is |
930 | currently incompatible with ControlPersist, and will be disabled | 957 | currently incompatible with ControlPersist, and will be disabled |
@@ -960,8 +987,7 @@ DESCRIPTION | |||
960 | fingerprint match will be displayed, but the user will still need | 987 | fingerprint match will be displayed, but the user will still need |
961 | to confirm new host keys according to the StrictHostKeyChecking | 988 | to confirm new host keys according to the StrictHostKeyChecking |
962 | option. The argument must be M-bM-^@M-^\yesM-bM-^@M-^], M-bM-^@M-^\noM-bM-^@M-^], or M-bM-^@M-^\askM-bM-^@M-^]. The default | 989 | option. The argument must be M-bM-^@M-^\yesM-bM-^@M-^], M-bM-^@M-^\noM-bM-^@M-^], or M-bM-^@M-^\askM-bM-^@M-^]. The default |
963 | is M-bM-^@M-^\noM-bM-^@M-^]. Note that this option applies to protocol version 2 | 990 | is M-bM-^@M-^\noM-bM-^@M-^]. |
964 | only. | ||
965 | 991 | ||
966 | See also VERIFYING HOST KEYS in ssh(1). | 992 | See also VERIFYING HOST KEYS in ssh(1). |
967 | 993 | ||
@@ -1023,4 +1049,4 @@ AUTHORS | |||
1023 | created OpenSSH. Markus Friedl contributed the support for SSH protocol | 1049 | created OpenSSH. Markus Friedl contributed the support for SSH protocol |
1024 | versions 1.5 and 2.0. | 1050 | versions 1.5 and 2.0. |
1025 | 1051 | ||
1026 | OpenBSD 5.8 August 14, 2015 OpenBSD 5.8 | 1052 | OpenBSD 5.9 February 20, 2016 OpenBSD 5.9 |
diff --git a/ssh_config.5 b/ssh_config.5 index 81b9b740f..51765c99e 100644 --- a/ssh_config.5 +++ b/ssh_config.5 | |||
@@ -33,8 +33,8 @@ | |||
33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
35 | .\" | 35 | .\" |
36 | .\" $OpenBSD: ssh_config.5,v 1.215 2015/08/14 15:32:41 jmc Exp $ | 36 | .\" $OpenBSD: ssh_config.5,v 1.228 2016/02/20 23:01:46 sobrado Exp $ |
37 | .Dd $Mdocdate: August 14 2015 $ | 37 | .Dd $Mdocdate: February 20 2016 $ |
38 | .Dt SSH_CONFIG 5 | 38 | .Dt SSH_CONFIG 5 |
39 | .Os | 39 | .Os |
40 | .Sh NAME | 40 | .Sh NAME |
@@ -155,7 +155,7 @@ or | |||
155 | keyword) to be used only when the conditions following the | 155 | keyword) to be used only when the conditions following the |
156 | .Cm Match | 156 | .Cm Match |
157 | keyword are satisfied. | 157 | keyword are satisfied. |
158 | Match conditions are specified using one or more critera | 158 | Match conditions are specified using one or more criteria |
159 | or the single token | 159 | or the single token |
160 | .Cm all | 160 | .Cm all |
161 | which always matches. | 161 | which always matches. |
@@ -237,6 +237,39 @@ keyword matches against the name of the local user running | |||
237 | (this keyword may be useful in system-wide | 237 | (this keyword may be useful in system-wide |
238 | .Nm | 238 | .Nm |
239 | files). | 239 | files). |
240 | .It Cm AddKeysToAgent | ||
241 | Specifies whether keys should be automatically added to a running | ||
242 | .Xr ssh-agent 1 . | ||
243 | If this option is set to | ||
244 | .Dq yes | ||
245 | and a key is loaded from a file, the key and its passphrase are added to | ||
246 | the agent with the default lifetime, as if by | ||
247 | .Xr ssh-add 1 . | ||
248 | If this option is set to | ||
249 | .Dq ask , | ||
250 | .Nm ssh | ||
251 | will require confirmation using the | ||
252 | .Ev SSH_ASKPASS | ||
253 | program before adding a key (see | ||
254 | .Xr ssh-add 1 | ||
255 | for details). | ||
256 | If this option is set to | ||
257 | .Dq confirm , | ||
258 | each use of the key must be confirmed, as if the | ||
259 | .Fl c | ||
260 | option was specified to | ||
261 | .Xr ssh-add 1 . | ||
262 | If this option is set to | ||
263 | .Dq no , | ||
264 | no keys are added to the agent. | ||
265 | The argument must be | ||
266 | .Dq yes , | ||
267 | .Dq confirm , | ||
268 | .Dq ask , | ||
269 | or | ||
270 | .Dq no . | ||
271 | The default is | ||
272 | .Dq no . | ||
240 | .It Cm AddressFamily | 273 | .It Cm AddressFamily |
241 | Specifies which address family to use when connecting. | 274 | Specifies which address family to use when connecting. |
242 | Valid arguments are | 275 | Valid arguments are |
@@ -245,6 +278,8 @@ Valid arguments are | |||
245 | (use IPv4 only), or | 278 | (use IPv4 only), or |
246 | .Dq inet6 | 279 | .Dq inet6 |
247 | (use IPv6 only). | 280 | (use IPv6 only). |
281 | The default is | ||
282 | .Dq any . | ||
248 | .It Cm BatchMode | 283 | .It Cm BatchMode |
249 | If set to | 284 | If set to |
250 | .Dq yes , | 285 | .Dq yes , |
@@ -345,6 +380,41 @@ to be canonicalized to names in the | |||
345 | or | 380 | or |
346 | .Dq *.c.example.com | 381 | .Dq *.c.example.com |
347 | domains. | 382 | domains. |
383 | .It Cm CertificateFile | ||
384 | Specifies a file from which the user's certificate is read. | ||
385 | A corresponding private key must be provided separately in order | ||
386 | to use this certificate either | ||
387 | from an | ||
388 | .Cm IdentityFile | ||
389 | directive or | ||
390 | .Fl i | ||
391 | flag to | ||
392 | .Xr ssh 1 , | ||
393 | via | ||
394 | .Xr ssh-agent 1 , | ||
395 | or via a | ||
396 | .Cm PKCS11Provider . | ||
397 | .Pp | ||
398 | The file name may use the tilde | ||
399 | syntax to refer to a user's home directory or one of the following | ||
400 | escape characters: | ||
401 | .Ql %d | ||
402 | (local user's home directory), | ||
403 | .Ql %u | ||
404 | (local user name), | ||
405 | .Ql %l | ||
406 | (local host name), | ||
407 | .Ql %h | ||
408 | (remote host name) or | ||
409 | .Ql %r | ||
410 | (remote user name). | ||
411 | .Pp | ||
412 | It is possible to have multiple certificate files specified in | ||
413 | configuration files; these certificates will be tried in sequence. | ||
414 | Multiple | ||
415 | .Cm CertificateFile | ||
416 | directives will add to the list of certificates used for | ||
417 | authentication. | ||
348 | .It Cm ChallengeResponseAuthentication | 418 | .It Cm ChallengeResponseAuthentication |
349 | Specifies whether to use challenge-response authentication. | 419 | Specifies whether to use challenge-response authentication. |
350 | The argument to this keyword must be | 420 | The argument to this keyword must be |
@@ -438,9 +508,7 @@ The default is: | |||
438 | chacha20-poly1305@openssh.com, | 508 | chacha20-poly1305@openssh.com, |
439 | aes128-ctr,aes192-ctr,aes256-ctr, | 509 | aes128-ctr,aes192-ctr,aes256-ctr, |
440 | aes128-gcm@openssh.com,aes256-gcm@openssh.com, | 510 | aes128-gcm@openssh.com,aes256-gcm@openssh.com, |
441 | arcfour256,arcfour128, | 511 | aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc |
442 | aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc, | ||
443 | aes192-cbc,aes256-cbc,arcfour | ||
444 | .Ed | 512 | .Ed |
445 | .Pp | 513 | .Pp |
446 | The list of available ciphers may also be obtained using the | 514 | The list of available ciphers may also be obtained using the |
@@ -558,8 +626,11 @@ the destination port, | |||
558 | .Ql %r | 626 | .Ql %r |
559 | by the remote login username, | 627 | by the remote login username, |
560 | .Ql %u | 628 | .Ql %u |
561 | by the username of the user running | 629 | by the username and |
562 | .Xr ssh 1 , and | 630 | .Ql %i |
631 | by the numeric user ID (uid) of the user running | ||
632 | .Xr ssh 1 , | ||
633 | and | ||
563 | .Ql \&%C | 634 | .Ql \&%C |
564 | by a hash of the concatenation: %l%h%p%r. | 635 | by a hash of the concatenation: %l%h%p%r. |
565 | It is recommended that any | 636 | It is recommended that any |
@@ -659,7 +730,14 @@ data). | |||
659 | Specifies whether | 730 | Specifies whether |
660 | .Xr ssh 1 | 731 | .Xr ssh 1 |
661 | should terminate the connection if it cannot set up all requested | 732 | should terminate the connection if it cannot set up all requested |
662 | dynamic, tunnel, local, and remote port forwardings. | 733 | dynamic, tunnel, local, and remote port forwardings, (e.g.\& |
734 | if either end is unable to bind and listen on a specified port). | ||
735 | Note that | ||
736 | .Cm ExitOnForwardFailure | ||
737 | does not apply to connections made over port forwardings and will not, | ||
738 | for example, cause | ||
739 | .Xr ssh 1 | ||
740 | to exit if TCP connections to the ultimate forwarding destination fail. | ||
663 | The argument must be | 741 | The argument must be |
664 | .Dq yes | 742 | .Dq yes |
665 | or | 743 | or |
@@ -769,13 +847,11 @@ The default is | |||
769 | Specifies whether user authentication based on GSSAPI is allowed. | 847 | Specifies whether user authentication based on GSSAPI is allowed. |
770 | The default is | 848 | The default is |
771 | .Dq no . | 849 | .Dq no . |
772 | Note that this option applies to protocol version 2 only. | ||
773 | .It Cm GSSAPIKeyExchange | 850 | .It Cm GSSAPIKeyExchange |
774 | Specifies whether key exchange based on GSSAPI may be used. When using | 851 | Specifies whether key exchange based on GSSAPI may be used. When using |
775 | GSSAPI key exchange the server need not have a host key. | 852 | GSSAPI key exchange the server need not have a host key. |
776 | The default is | 853 | The default is |
777 | .Dq no . | 854 | .Dq no . |
778 | Note that this option applies to protocol version 2 only. | ||
779 | .It Cm GSSAPIClientIdentity | 855 | .It Cm GSSAPIClientIdentity |
780 | If set, specifies the GSSAPI client identity that ssh should use when | 856 | If set, specifies the GSSAPI client identity that ssh should use when |
781 | connecting to the server. The default is unset, which means that the default | 857 | connecting to the server. The default is unset, which means that the default |
@@ -789,7 +865,6 @@ hostname. | |||
789 | Forward (delegate) credentials to the server. | 865 | Forward (delegate) credentials to the server. |
790 | The default is | 866 | The default is |
791 | .Dq no . | 867 | .Dq no . |
792 | Note that this option applies to protocol version 2 connections using GSSAPI. | ||
793 | .It Cm GSSAPIRenewalForcesRekey | 868 | .It Cm GSSAPIRenewalForcesRekey |
794 | If set to | 869 | If set to |
795 | .Dq yes | 870 | .Dq yes |
@@ -808,7 +883,6 @@ the hostname entered on the | |||
808 | command line will be passed untouched to the GSSAPI library. | 883 | command line will be passed untouched to the GSSAPI library. |
809 | The default is | 884 | The default is |
810 | .Dq no . | 885 | .Dq no . |
811 | This option only applies to protocol version 2 connections using GSSAPI. | ||
812 | .It Cm HashKnownHosts | 886 | .It Cm HashKnownHosts |
813 | Indicates that | 887 | Indicates that |
814 | .Xr ssh 1 | 888 | .Xr ssh 1 |
@@ -838,9 +912,6 @@ or | |||
838 | .Dq no . | 912 | .Dq no . |
839 | The default is | 913 | The default is |
840 | .Dq no . | 914 | .Dq no . |
841 | This option applies to protocol version 2 only and | ||
842 | is similar to | ||
843 | .Cm RhostsRSAAuthentication . | ||
844 | .It Cm HostbasedKeyTypes | 915 | .It Cm HostbasedKeyTypes |
845 | Specifies the key types that will be used for hostbased authentication | 916 | Specifies the key types that will be used for hostbased authentication |
846 | as a comma-separated pattern list. | 917 | as a comma-separated pattern list. |
@@ -865,7 +936,7 @@ option of | |||
865 | .Xr ssh 1 | 936 | .Xr ssh 1 |
866 | may be used to list supported key types. | 937 | may be used to list supported key types. |
867 | .It Cm HostKeyAlgorithms | 938 | .It Cm HostKeyAlgorithms |
868 | Specifies the protocol version 2 host key algorithms | 939 | Specifies the host key algorithms |
869 | that the client wants to use in order of preference. | 940 | that the client wants to use in order of preference. |
870 | Alternately if the specified value begins with a | 941 | Alternately if the specified value begins with a |
871 | .Sq + | 942 | .Sq + |
@@ -917,9 +988,13 @@ specifications). | |||
917 | .It Cm IdentitiesOnly | 988 | .It Cm IdentitiesOnly |
918 | Specifies that | 989 | Specifies that |
919 | .Xr ssh 1 | 990 | .Xr ssh 1 |
920 | should only use the authentication identity files configured in the | 991 | should only use the authentication identity and certificate files explicitly |
992 | configured in the | ||
921 | .Nm | 993 | .Nm |
922 | files, | 994 | files |
995 | or passed on the | ||
996 | .Xr ssh 1 | ||
997 | command-line, | ||
923 | even if | 998 | even if |
924 | .Xr ssh-agent 1 | 999 | .Xr ssh-agent 1 |
925 | or a | 1000 | or a |
@@ -949,6 +1024,8 @@ Additionally, any identities represented by the authentication agent | |||
949 | will be used for authentication unless | 1024 | will be used for authentication unless |
950 | .Cm IdentitiesOnly | 1025 | .Cm IdentitiesOnly |
951 | is set. | 1026 | is set. |
1027 | If no certificates have been explicitly specified by | ||
1028 | .Cm CertificateFile , | ||
952 | .Xr ssh 1 | 1029 | .Xr ssh 1 |
953 | will try to load certificate information from the filename obtained by | 1030 | will try to load certificate information from the filename obtained by |
954 | appending | 1031 | appending |
@@ -982,6 +1059,11 @@ differs from that of other configuration directives). | |||
982 | may be used in conjunction with | 1059 | may be used in conjunction with |
983 | .Cm IdentitiesOnly | 1060 | .Cm IdentitiesOnly |
984 | to select which identities in an agent are offered during authentication. | 1061 | to select which identities in an agent are offered during authentication. |
1062 | .Cm IdentityFile | ||
1063 | may also be used in conjunction with | ||
1064 | .Cm CertificateFile | ||
1065 | in order to provide any certificate also needed for authentication with | ||
1066 | the identity. | ||
985 | .It Cm IgnoreUnknown | 1067 | .It Cm IgnoreUnknown |
986 | Specifies a pattern-list of unknown options to be ignored if they are | 1068 | Specifies a pattern-list of unknown options to be ignored if they are |
987 | encountered in configuration parsing. | 1069 | encountered in configuration parsing. |
@@ -1141,8 +1223,7 @@ DEBUG2 and DEBUG3 each specify higher levels of verbose output. | |||
1141 | .It Cm MACs | 1223 | .It Cm MACs |
1142 | Specifies the MAC (message authentication code) algorithms | 1224 | Specifies the MAC (message authentication code) algorithms |
1143 | in order of preference. | 1225 | in order of preference. |
1144 | The MAC algorithm is used in protocol version 2 | 1226 | The MAC algorithm is used for data integrity protection. |
1145 | for data integrity protection. | ||
1146 | Multiple algorithms must be comma-separated. | 1227 | Multiple algorithms must be comma-separated. |
1147 | If the specified value begins with a | 1228 | If the specified value begins with a |
1148 | .Sq + | 1229 | .Sq + |
@@ -1158,13 +1239,9 @@ The default is: | |||
1158 | .Bd -literal -offset indent | 1239 | .Bd -literal -offset indent |
1159 | umac-64-etm@openssh.com,umac-128-etm@openssh.com, | 1240 | umac-64-etm@openssh.com,umac-128-etm@openssh.com, |
1160 | hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com, | 1241 | hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com, |
1242 | hmac-sha1-etm@openssh.com, | ||
1161 | umac-64@openssh.com,umac-128@openssh.com, | 1243 | umac-64@openssh.com,umac-128@openssh.com, |
1162 | hmac-sha2-256,hmac-sha2-512, | 1244 | hmac-sha2-256,hmac-sha2-512,hmac-sha1 |
1163 | hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com, | ||
1164 | hmac-ripemd160-etm@openssh.com, | ||
1165 | hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com, | ||
1166 | hmac-md5,hmac-sha1,hmac-ripemd160, | ||
1167 | hmac-sha1-96,hmac-md5-96 | ||
1168 | .Ed | 1245 | .Ed |
1169 | .Pp | 1246 | .Pp |
1170 | The list of available MAC algorithms may also be obtained using the | 1247 | The list of available MAC algorithms may also be obtained using the |
@@ -1218,8 +1295,7 @@ private RSA key. | |||
1218 | Specifies the port number to connect on the remote host. | 1295 | Specifies the port number to connect on the remote host. |
1219 | The default is 22. | 1296 | The default is 22. |
1220 | .It Cm PreferredAuthentications | 1297 | .It Cm PreferredAuthentications |
1221 | Specifies the order in which the client should try protocol 2 | 1298 | Specifies the order in which the client should try authentication methods. |
1222 | authentication methods. | ||
1223 | This allows a client to prefer one method (e.g.\& | 1299 | This allows a client to prefer one method (e.g.\& |
1224 | .Cm keyboard-interactive ) | 1300 | .Cm keyboard-interactive ) |
1225 | over another method (e.g.\& | 1301 | over another method (e.g.\& |
@@ -1245,6 +1321,9 @@ will try version 2 and fall back to version 1 | |||
1245 | if version 2 is not available. | 1321 | if version 2 is not available. |
1246 | The default is | 1322 | The default is |
1247 | .Sq 2 . | 1323 | .Sq 2 . |
1324 | Protocol 1 suffers from a number of cryptographic weaknesses and should | ||
1325 | not be used. | ||
1326 | It is only offered to support legacy devices. | ||
1248 | .It Cm ProxyCommand | 1327 | .It Cm ProxyCommand |
1249 | Specifies the command to use to connect to the server. | 1328 | Specifies the command to use to connect to the server. |
1250 | The command | 1329 | The command |
@@ -1325,7 +1404,6 @@ or | |||
1325 | .Dq no . | 1404 | .Dq no . |
1326 | The default is | 1405 | The default is |
1327 | .Dq yes . | 1406 | .Dq yes . |
1328 | This option applies to protocol version 2 only. | ||
1329 | .It Cm RekeyLimit | 1407 | .It Cm RekeyLimit |
1330 | Specifies the maximum amount of data that may be transmitted before the | 1408 | Specifies the maximum amount of data that may be transmitted before the |
1331 | session key is renegotiated, optionally followed a maximum amount of | 1409 | session key is renegotiated, optionally followed a maximum amount of |
@@ -1351,7 +1429,6 @@ is | |||
1351 | .Dq default none , | 1429 | .Dq default none , |
1352 | which means that rekeying is performed after the cipher's default amount | 1430 | which means that rekeying is performed after the cipher's default amount |
1353 | of data has been sent or received and no time based rekeying is done. | 1431 | of data has been sent or received and no time based rekeying is done. |
1354 | This option applies to protocol version 2 only. | ||
1355 | .It Cm RemoteForward | 1432 | .It Cm RemoteForward |
1356 | Specifies that a TCP port on the remote machine be forwarded over | 1433 | Specifies that a TCP port on the remote machine be forwarded over |
1357 | the secure channel to the specified host and port from the local machine. | 1434 | the secure channel to the specified host and port from the local machine. |
@@ -1444,7 +1521,6 @@ Note that this option applies to protocol version 1 only. | |||
1444 | Specifies what variables from the local | 1521 | Specifies what variables from the local |
1445 | .Xr environ 7 | 1522 | .Xr environ 7 |
1446 | should be sent to the server. | 1523 | should be sent to the server. |
1447 | Note that environment passing is only supported for protocol 2. | ||
1448 | The server must also support it, and the server must be configured to | 1524 | The server must also support it, and the server must be configured to |
1449 | accept these environment variables. | 1525 | accept these environment variables. |
1450 | Note that the | 1526 | Note that the |
@@ -1492,7 +1568,6 @@ If, for example, | |||
1492 | .Cm ServerAliveCountMax | 1568 | .Cm ServerAliveCountMax |
1493 | is left at the default, if the server becomes unresponsive, | 1569 | is left at the default, if the server becomes unresponsive, |
1494 | ssh will disconnect after approximately 45 seconds. | 1570 | ssh will disconnect after approximately 45 seconds. |
1495 | This option applies to protocol version 2 only. | ||
1496 | .It Cm ServerAliveInterval | 1571 | .It Cm ServerAliveInterval |
1497 | Sets a timeout interval in seconds after which if no data has been received | 1572 | Sets a timeout interval in seconds after which if no data has been received |
1498 | from the server, | 1573 | from the server, |
@@ -1504,7 +1579,6 @@ is 0, indicating that these messages will not be sent to the server, | |||
1504 | or 300 if the | 1579 | or 300 if the |
1505 | .Cm BatchMode | 1580 | .Cm BatchMode |
1506 | option is set. | 1581 | option is set. |
1507 | This option applies to protocol version 2 only. | ||
1508 | .Cm ProtocolKeepAlives | 1582 | .Cm ProtocolKeepAlives |
1509 | and | 1583 | and |
1510 | .Cm SetupTimeOut | 1584 | .Cm SetupTimeOut |
@@ -1646,7 +1720,7 @@ Enabling this option allows learning alternate hostkeys for a server | |||
1646 | and supports graceful key rotation by allowing a server to send replacement | 1720 | and supports graceful key rotation by allowing a server to send replacement |
1647 | public keys before old ones are removed. | 1721 | public keys before old ones are removed. |
1648 | Additional hostkeys are only accepted if the key used to authenticate the | 1722 | Additional hostkeys are only accepted if the key used to authenticate the |
1649 | host was already trusted or explicity accepted by the user. | 1723 | host was already trusted or explicitly accepted by the user. |
1650 | If | 1724 | If |
1651 | .Cm UpdateHostKeys | 1725 | .Cm UpdateHostKeys |
1652 | is set to | 1726 | is set to |
@@ -1711,7 +1785,6 @@ or | |||
1711 | .Dq ask . | 1785 | .Dq ask . |
1712 | The default is | 1786 | The default is |
1713 | .Dq no . | 1787 | .Dq no . |
1714 | Note that this option applies to protocol version 2 only. | ||
1715 | .Pp | 1788 | .Pp |
1716 | See also VERIFYING HOST KEYS in | 1789 | See also VERIFYING HOST KEYS in |
1717 | .Xr ssh 1 . | 1790 | .Xr ssh 1 . |
diff --git a/sshbuf-getput-basic.c b/sshbuf-getput-basic.c index 8ff8a0a28..23e0fd7c1 100644 --- a/sshbuf-getput-basic.c +++ b/sshbuf-getput-basic.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshbuf-getput-basic.c,v 1.4 2015/01/14 15:02:39 djm Exp $ */ | 1 | /* $OpenBSD: sshbuf-getput-basic.c,v 1.5 2015/10/20 23:24:25 mmcc Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2011 Damien Miller | 3 | * Copyright (c) 2011 Damien Miller |
4 | * | 4 | * |
@@ -131,7 +131,7 @@ sshbuf_get_string_direct(struct sshbuf *buf, const u_char **valp, size_t *lenp) | |||
131 | *lenp = 0; | 131 | *lenp = 0; |
132 | if ((r = sshbuf_peek_string_direct(buf, &p, &len)) < 0) | 132 | if ((r = sshbuf_peek_string_direct(buf, &p, &len)) < 0) |
133 | return r; | 133 | return r; |
134 | if (valp != 0) | 134 | if (valp != NULL) |
135 | *valp = p; | 135 | *valp = p; |
136 | if (lenp != NULL) | 136 | if (lenp != NULL) |
137 | *lenp = len; | 137 | *lenp = len; |
@@ -168,7 +168,7 @@ sshbuf_peek_string_direct(const struct sshbuf *buf, const u_char **valp, | |||
168 | SSHBUF_DBG(("SSH_ERR_MESSAGE_INCOMPLETE")); | 168 | SSHBUF_DBG(("SSH_ERR_MESSAGE_INCOMPLETE")); |
169 | return SSH_ERR_MESSAGE_INCOMPLETE; | 169 | return SSH_ERR_MESSAGE_INCOMPLETE; |
170 | } | 170 | } |
171 | if (valp != 0) | 171 | if (valp != NULL) |
172 | *valp = p + 4; | 172 | *valp = p + 4; |
173 | if (lenp != NULL) | 173 | if (lenp != NULL) |
174 | *lenp = len; | 174 | *lenp = len; |
@@ -448,7 +448,7 @@ sshbuf_get_bignum2_bytes_direct(struct sshbuf *buf, | |||
448 | d++; | 448 | d++; |
449 | len--; | 449 | len--; |
450 | } | 450 | } |
451 | if (valp != 0) | 451 | if (valp != NULL) |
452 | *valp = d; | 452 | *valp = d; |
453 | if (lenp != NULL) | 453 | if (lenp != NULL) |
454 | *lenp = len; | 454 | *lenp = len; |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshbuf.c,v 1.4 2015/10/05 17:11:21 djm Exp $ */ | 1 | /* $OpenBSD: sshbuf.c,v 1.6 2016/01/12 23:42:54 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2011 Damien Miller | 3 | * Copyright (c) 2011 Damien Miller |
4 | * | 4 | * |
@@ -163,10 +163,8 @@ sshbuf_free(struct sshbuf *buf) | |||
163 | * If we are a child, the free our parent to decrement its reference | 163 | * If we are a child, the free our parent to decrement its reference |
164 | * count and possibly free it. | 164 | * count and possibly free it. |
165 | */ | 165 | */ |
166 | if (buf->parent != NULL) { | 166 | sshbuf_free(buf->parent); |
167 | sshbuf_free(buf->parent); | 167 | buf->parent = NULL; |
168 | buf->parent = NULL; | ||
169 | } | ||
170 | /* | 168 | /* |
171 | * If we are a parent with still-extant children, then don't free just | 169 | * If we are a parent with still-extant children, then don't free just |
172 | * yet. The last child's call to sshbuf_free should decrement our | 170 | * yet. The last child's call to sshbuf_free should decrement our |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshbuf.h,v 1.4 2015/01/14 15:02:39 djm Exp $ */ | 1 | /* $OpenBSD: sshbuf.h,v 1.6 2015/12/10 07:01:35 mmcc Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2011 Damien Miller | 3 | * Copyright (c) 2011 Damien Miller |
4 | * | 4 | * |
@@ -120,12 +120,12 @@ size_t sshbuf_len(const struct sshbuf *buf); | |||
120 | size_t sshbuf_avail(const struct sshbuf *buf); | 120 | size_t sshbuf_avail(const struct sshbuf *buf); |
121 | 121 | ||
122 | /* | 122 | /* |
123 | * Returns a read-only pointer to the start of the the data in buf | 123 | * Returns a read-only pointer to the start of the data in buf |
124 | */ | 124 | */ |
125 | const u_char *sshbuf_ptr(const struct sshbuf *buf); | 125 | const u_char *sshbuf_ptr(const struct sshbuf *buf); |
126 | 126 | ||
127 | /* | 127 | /* |
128 | * Returns a mutable pointer to the start of the the data in buf, or | 128 | * Returns a mutable pointer to the start of the data in buf, or |
129 | * NULL if the buffer is read-only. | 129 | * NULL if the buffer is read-only. |
130 | */ | 130 | */ |
131 | u_char *sshbuf_mutable_ptr(const struct sshbuf *buf); | 131 | u_char *sshbuf_mutable_ptr(const struct sshbuf *buf); |
@@ -241,45 +241,48 @@ int sshbuf_b64tod(struct sshbuf *buf, const char *b64); | |||
241 | 241 | ||
242 | /* Macros for decoding/encoding integers */ | 242 | /* Macros for decoding/encoding integers */ |
243 | #define PEEK_U64(p) \ | 243 | #define PEEK_U64(p) \ |
244 | (((u_int64_t)(((u_char *)(p))[0]) << 56) | \ | 244 | (((u_int64_t)(((const u_char *)(p))[0]) << 56) | \ |
245 | ((u_int64_t)(((u_char *)(p))[1]) << 48) | \ | 245 | ((u_int64_t)(((const u_char *)(p))[1]) << 48) | \ |
246 | ((u_int64_t)(((u_char *)(p))[2]) << 40) | \ | 246 | ((u_int64_t)(((const u_char *)(p))[2]) << 40) | \ |
247 | ((u_int64_t)(((u_char *)(p))[3]) << 32) | \ | 247 | ((u_int64_t)(((const u_char *)(p))[3]) << 32) | \ |
248 | ((u_int64_t)(((u_char *)(p))[4]) << 24) | \ | 248 | ((u_int64_t)(((const u_char *)(p))[4]) << 24) | \ |
249 | ((u_int64_t)(((u_char *)(p))[5]) << 16) | \ | 249 | ((u_int64_t)(((const u_char *)(p))[5]) << 16) | \ |
250 | ((u_int64_t)(((u_char *)(p))[6]) << 8) | \ | 250 | ((u_int64_t)(((const u_char *)(p))[6]) << 8) | \ |
251 | (u_int64_t)(((u_char *)(p))[7])) | 251 | (u_int64_t)(((const u_char *)(p))[7])) |
252 | #define PEEK_U32(p) \ | 252 | #define PEEK_U32(p) \ |
253 | (((u_int32_t)(((u_char *)(p))[0]) << 24) | \ | 253 | (((u_int32_t)(((const u_char *)(p))[0]) << 24) | \ |
254 | ((u_int32_t)(((u_char *)(p))[1]) << 16) | \ | 254 | ((u_int32_t)(((const u_char *)(p))[1]) << 16) | \ |
255 | ((u_int32_t)(((u_char *)(p))[2]) << 8) | \ | 255 | ((u_int32_t)(((const u_char *)(p))[2]) << 8) | \ |
256 | (u_int32_t)(((u_char *)(p))[3])) | 256 | (u_int32_t)(((const u_char *)(p))[3])) |
257 | #define PEEK_U16(p) \ | 257 | #define PEEK_U16(p) \ |
258 | (((u_int16_t)(((u_char *)(p))[0]) << 8) | \ | 258 | (((u_int16_t)(((const u_char *)(p))[0]) << 8) | \ |
259 | (u_int16_t)(((u_char *)(p))[1])) | 259 | (u_int16_t)(((const u_char *)(p))[1])) |
260 | 260 | ||
261 | #define POKE_U64(p, v) \ | 261 | #define POKE_U64(p, v) \ |
262 | do { \ | 262 | do { \ |
263 | ((u_char *)(p))[0] = (((u_int64_t)(v)) >> 56) & 0xff; \ | 263 | const u_int64_t __v = (v); \ |
264 | ((u_char *)(p))[1] = (((u_int64_t)(v)) >> 48) & 0xff; \ | 264 | ((u_char *)(p))[0] = (__v >> 56) & 0xff; \ |
265 | ((u_char *)(p))[2] = (((u_int64_t)(v)) >> 40) & 0xff; \ | 265 | ((u_char *)(p))[1] = (__v >> 48) & 0xff; \ |
266 | ((u_char *)(p))[3] = (((u_int64_t)(v)) >> 32) & 0xff; \ | 266 | ((u_char *)(p))[2] = (__v >> 40) & 0xff; \ |
267 | ((u_char *)(p))[4] = (((u_int64_t)(v)) >> 24) & 0xff; \ | 267 | ((u_char *)(p))[3] = (__v >> 32) & 0xff; \ |
268 | ((u_char *)(p))[5] = (((u_int64_t)(v)) >> 16) & 0xff; \ | 268 | ((u_char *)(p))[4] = (__v >> 24) & 0xff; \ |
269 | ((u_char *)(p))[6] = (((u_int64_t)(v)) >> 8) & 0xff; \ | 269 | ((u_char *)(p))[5] = (__v >> 16) & 0xff; \ |
270 | ((u_char *)(p))[7] = ((u_int64_t)(v)) & 0xff; \ | 270 | ((u_char *)(p))[6] = (__v >> 8) & 0xff; \ |
271 | ((u_char *)(p))[7] = __v & 0xff; \ | ||
271 | } while (0) | 272 | } while (0) |
272 | #define POKE_U32(p, v) \ | 273 | #define POKE_U32(p, v) \ |
273 | do { \ | 274 | do { \ |
274 | ((u_char *)(p))[0] = (((u_int64_t)(v)) >> 24) & 0xff; \ | 275 | const u_int32_t __v = (v); \ |
275 | ((u_char *)(p))[1] = (((u_int64_t)(v)) >> 16) & 0xff; \ | 276 | ((u_char *)(p))[0] = (__v >> 24) & 0xff; \ |
276 | ((u_char *)(p))[2] = (((u_int64_t)(v)) >> 8) & 0xff; \ | 277 | ((u_char *)(p))[1] = (__v >> 16) & 0xff; \ |
277 | ((u_char *)(p))[3] = ((u_int64_t)(v)) & 0xff; \ | 278 | ((u_char *)(p))[2] = (__v >> 8) & 0xff; \ |
279 | ((u_char *)(p))[3] = __v & 0xff; \ | ||
278 | } while (0) | 280 | } while (0) |
279 | #define POKE_U16(p, v) \ | 281 | #define POKE_U16(p, v) \ |
280 | do { \ | 282 | do { \ |
281 | ((u_char *)(p))[0] = (((u_int64_t)(v)) >> 8) & 0xff; \ | 283 | const u_int16_t __v = (v); \ |
282 | ((u_char *)(p))[1] = ((u_int64_t)(v)) & 0xff; \ | 284 | ((u_char *)(p))[0] = (__v >> 8) & 0xff; \ |
285 | ((u_char *)(p))[1] = __v & 0xff; \ | ||
283 | } while (0) | 286 | } while (0) |
284 | 287 | ||
285 | /* Internal definitions follow. Exposed for regress tests */ | 288 | /* Internal definitions follow. Exposed for regress tests */ |
diff --git a/sshconnect.c b/sshconnect.c index 0ec1e54e9..07dfc9da1 100644 --- a/sshconnect.c +++ b/sshconnect.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshconnect.c,v 1.263 2015/08/20 22:32:42 deraadt Exp $ */ | 1 | /* $OpenBSD: sshconnect.c,v 1.271 2016/01/14 22:56:56 markus Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -59,12 +59,12 @@ | |||
59 | #include "readconf.h" | 59 | #include "readconf.h" |
60 | #include "atomicio.h" | 60 | #include "atomicio.h" |
61 | #include "dns.h" | 61 | #include "dns.h" |
62 | #include "roaming.h" | ||
63 | #include "monitor_fdpass.h" | 62 | #include "monitor_fdpass.h" |
64 | #include "ssh2.h" | 63 | #include "ssh2.h" |
65 | #include "version.h" | 64 | #include "version.h" |
66 | #include "authfile.h" | 65 | #include "authfile.h" |
67 | #include "ssherr.h" | 66 | #include "ssherr.h" |
67 | #include "authfd.h" | ||
68 | 68 | ||
69 | char *client_version_string = NULL; | 69 | char *client_version_string = NULL; |
70 | char *server_version_string = NULL; | 70 | char *server_version_string = NULL; |
@@ -167,6 +167,7 @@ ssh_proxy_fdpass_connect(const char *host, u_short port, | |||
167 | 167 | ||
168 | if ((sock = mm_receive_fd(sp[1])) == -1) | 168 | if ((sock = mm_receive_fd(sp[1])) == -1) |
169 | fatal("proxy dialer did not pass back a connection"); | 169 | fatal("proxy dialer did not pass back a connection"); |
170 | close(sp[1]); | ||
170 | 171 | ||
171 | while (waitpid(pid, NULL, 0) == -1) | 172 | while (waitpid(pid, NULL, 0) == -1) |
172 | if (errno != EINTR) | 173 | if (errno != EINTR) |
@@ -432,7 +433,9 @@ ssh_connect_direct(const char *host, struct addrinfo *aitop, | |||
432 | char ntop[NI_MAXHOST], strport[NI_MAXSERV]; | 433 | char ntop[NI_MAXHOST], strport[NI_MAXSERV]; |
433 | struct addrinfo *ai; | 434 | struct addrinfo *ai; |
434 | 435 | ||
435 | debug2("ssh_connect: needpriv %d", needpriv); | 436 | debug2("%s: needpriv %d", __func__, needpriv); |
437 | memset(ntop, 0, sizeof(ntop)); | ||
438 | memset(strport, 0, sizeof(strport)); | ||
436 | 439 | ||
437 | for (attempt = 0; attempt < connection_attempts; attempt++) { | 440 | for (attempt = 0; attempt < connection_attempts; attempt++) { |
438 | if (attempt > 0) { | 441 | if (attempt > 0) { |
@@ -451,7 +454,7 @@ ssh_connect_direct(const char *host, struct addrinfo *aitop, | |||
451 | if (getnameinfo(ai->ai_addr, ai->ai_addrlen, | 454 | if (getnameinfo(ai->ai_addr, ai->ai_addrlen, |
452 | ntop, sizeof(ntop), strport, sizeof(strport), | 455 | ntop, sizeof(ntop), strport, sizeof(strport), |
453 | NI_NUMERICHOST|NI_NUMERICSERV) != 0) { | 456 | NI_NUMERICHOST|NI_NUMERICSERV) != 0) { |
454 | error("ssh_connect: getnameinfo failed"); | 457 | error("%s: getnameinfo failed", __func__); |
455 | continue; | 458 | continue; |
456 | } | 459 | } |
457 | debug("Connecting to %.200s [%.100s] port %s.", | 460 | debug("Connecting to %.200s [%.100s] port %s.", |
@@ -529,7 +532,7 @@ send_client_banner(int connection_out, int minor1) | |||
529 | xasprintf(&client_version_string, "SSH-%d.%d-%.100s\n", | 532 | xasprintf(&client_version_string, "SSH-%d.%d-%.100s\n", |
530 | PROTOCOL_MAJOR_1, minor1, SSH_RELEASE); | 533 | PROTOCOL_MAJOR_1, minor1, SSH_RELEASE); |
531 | } | 534 | } |
532 | if (roaming_atomicio(vwrite, connection_out, client_version_string, | 535 | if (atomicio(vwrite, connection_out, client_version_string, |
533 | strlen(client_version_string)) != strlen(client_version_string)) | 536 | strlen(client_version_string)) != strlen(client_version_string)) |
534 | fatal("write: %.100s", strerror(errno)); | 537 | fatal("write: %.100s", strerror(errno)); |
535 | chop(client_version_string); | 538 | chop(client_version_string); |
@@ -589,7 +592,7 @@ ssh_exchange_identification(int timeout_ms) | |||
589 | } | 592 | } |
590 | } | 593 | } |
591 | 594 | ||
592 | len = roaming_atomicio(read, connection_in, &buf[i], 1); | 595 | len = atomicio(read, connection_in, &buf[i], 1); |
593 | 596 | ||
594 | if (len != 1 && errno == EPIPE) | 597 | if (len != 1 && errno == EPIPE) |
595 | fatal("ssh_exchange_identification: " | 598 | fatal("ssh_exchange_identification: " |
@@ -925,7 +928,7 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, | |||
925 | options.fingerprint_hash, SSH_FP_RANDOMART); | 928 | options.fingerprint_hash, SSH_FP_RANDOMART); |
926 | if (fp == NULL || ra == NULL) | 929 | if (fp == NULL || ra == NULL) |
927 | fatal("%s: sshkey_fingerprint fail", __func__); | 930 | fatal("%s: sshkey_fingerprint fail", __func__); |
928 | logit("Host key fingerprint is %s\n%s\n", fp, ra); | 931 | logit("Host key fingerprint is %s\n%s", fp, ra); |
929 | free(ra); | 932 | free(ra); |
930 | free(fp); | 933 | free(fp); |
931 | } | 934 | } |
@@ -1242,8 +1245,9 @@ fail: | |||
1242 | int | 1245 | int |
1243 | verify_host_key(char *host, struct sockaddr *hostaddr, Key *host_key) | 1246 | verify_host_key(char *host, struct sockaddr *hostaddr, Key *host_key) |
1244 | { | 1247 | { |
1248 | u_int i; | ||
1245 | int r = -1, flags = 0; | 1249 | int r = -1, flags = 0; |
1246 | char *fp = NULL; | 1250 | char valid[64], *fp = NULL, *cafp = NULL; |
1247 | struct sshkey *plain = NULL; | 1251 | struct sshkey *plain = NULL; |
1248 | 1252 | ||
1249 | if ((fp = sshkey_fingerprint(host_key, | 1253 | if ((fp = sshkey_fingerprint(host_key, |
@@ -1253,8 +1257,31 @@ verify_host_key(char *host, struct sockaddr *hostaddr, Key *host_key) | |||
1253 | goto out; | 1257 | goto out; |
1254 | } | 1258 | } |
1255 | 1259 | ||
1256 | debug("Server host key: %s %s", | 1260 | if (sshkey_is_cert(host_key)) { |
1257 | compat20 ? sshkey_ssh_name(host_key) : sshkey_type(host_key), fp); | 1261 | if ((cafp = sshkey_fingerprint(host_key->cert->signature_key, |
1262 | options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) { | ||
1263 | error("%s: fingerprint CA key: %s", | ||
1264 | __func__, ssh_err(r)); | ||
1265 | r = -1; | ||
1266 | goto out; | ||
1267 | } | ||
1268 | sshkey_format_cert_validity(host_key->cert, | ||
1269 | valid, sizeof(valid)); | ||
1270 | debug("Server host certificate: %s %s, serial %llu " | ||
1271 | "ID \"%s\" CA %s %s valid %s", | ||
1272 | sshkey_ssh_name(host_key), fp, | ||
1273 | (unsigned long long)host_key->cert->serial, | ||
1274 | host_key->cert->key_id, | ||
1275 | sshkey_ssh_name(host_key->cert->signature_key), cafp, | ||
1276 | valid); | ||
1277 | for (i = 0; i < host_key->cert->nprincipals; i++) { | ||
1278 | debug2("Server host certificate hostname: %s", | ||
1279 | host_key->cert->principals[i]); | ||
1280 | } | ||
1281 | } else { | ||
1282 | debug("Server host key: %s %s", compat20 ? | ||
1283 | sshkey_ssh_name(host_key) : sshkey_type(host_key), fp); | ||
1284 | } | ||
1258 | 1285 | ||
1259 | if (sshkey_equal(previous_host_key, host_key)) { | 1286 | if (sshkey_equal(previous_host_key, host_key)) { |
1260 | debug2("%s: server host key %s %s matches cached key", | 1287 | debug2("%s: server host key %s %s matches cached key", |
@@ -1319,6 +1346,7 @@ verify_host_key(char *host, struct sockaddr *hostaddr, Key *host_key) | |||
1319 | out: | 1346 | out: |
1320 | sshkey_free(plain); | 1347 | sshkey_free(plain); |
1321 | free(fp); | 1348 | free(fp); |
1349 | free(cafp); | ||
1322 | if (r == 0 && host_key != NULL) { | 1350 | if (r == 0 && host_key != NULL) { |
1323 | key_free(previous_host_key); | 1351 | key_free(previous_host_key); |
1324 | previous_host_key = key_from_private(host_key); | 1352 | previous_host_key = key_from_private(host_key); |
@@ -1493,3 +1521,30 @@ ssh_local_cmd(const char *args) | |||
1493 | 1521 | ||
1494 | return (WEXITSTATUS(status)); | 1522 | return (WEXITSTATUS(status)); |
1495 | } | 1523 | } |
1524 | |||
1525 | void | ||
1526 | maybe_add_key_to_agent(char *authfile, Key *private, char *comment, | ||
1527 | char *passphrase) | ||
1528 | { | ||
1529 | int auth_sock = -1, r; | ||
1530 | |||
1531 | if (options.add_keys_to_agent == 0) | ||
1532 | return; | ||
1533 | |||
1534 | if ((r = ssh_get_authentication_socket(&auth_sock)) != 0) { | ||
1535 | debug3("no authentication agent, not adding key"); | ||
1536 | return; | ||
1537 | } | ||
1538 | |||
1539 | if (options.add_keys_to_agent == 2 && | ||
1540 | !ask_permission("Add key %s (%s) to agent?", authfile, comment)) { | ||
1541 | debug3("user denied adding this key"); | ||
1542 | return; | ||
1543 | } | ||
1544 | |||
1545 | if ((r = ssh_add_identity_constrained(auth_sock, private, comment, 0, | ||
1546 | (options.add_keys_to_agent == 3))) == 0) | ||
1547 | debug("identity added to agent: %s", authfile); | ||
1548 | else | ||
1549 | debug("could not add identity to agent: %s (%d)", authfile, r); | ||
1550 | } | ||
diff --git a/sshconnect.h b/sshconnect.h index 0ea6e99f6..cf1851a95 100644 --- a/sshconnect.h +++ b/sshconnect.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshconnect.h,v 1.28 2013/10/16 02:31:47 djm Exp $ */ | 1 | /* $OpenBSD: sshconnect.h,v 1.29 2015/11/15 22:26:49 jcs Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
@@ -55,6 +55,8 @@ void ssh_userauth2(const char *, const char *, char *, Sensitive *); | |||
55 | void ssh_put_password(char *); | 55 | void ssh_put_password(char *); |
56 | int ssh_local_cmd(const char *); | 56 | int ssh_local_cmd(const char *); |
57 | 57 | ||
58 | void maybe_add_key_to_agent(char *, Key *, char *, char *); | ||
59 | |||
58 | /* | 60 | /* |
59 | * Macros to raise/lower permissions. | 61 | * Macros to raise/lower permissions. |
60 | */ | 62 | */ |
diff --git a/sshconnect1.c b/sshconnect1.c index 016abbce5..bfc523bde 100644 --- a/sshconnect1.c +++ b/sshconnect1.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshconnect1.c,v 1.77 2015/01/14 20:05:27 djm Exp $ */ | 1 | /* $OpenBSD: sshconnect1.c,v 1.78 2015/11/15 22:26:49 jcs Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -221,7 +221,7 @@ try_rsa_authentication(int idx) | |||
221 | { | 221 | { |
222 | BIGNUM *challenge; | 222 | BIGNUM *challenge; |
223 | Key *public, *private; | 223 | Key *public, *private; |
224 | char buf[300], *passphrase, *comment, *authfile; | 224 | char buf[300], *passphrase = NULL, *comment, *authfile; |
225 | int i, perm_ok = 1, type, quit; | 225 | int i, perm_ok = 1, type, quit; |
226 | 226 | ||
227 | public = options.identity_keys[idx]; | 227 | public = options.identity_keys[idx]; |
@@ -283,13 +283,20 @@ try_rsa_authentication(int idx) | |||
283 | debug2("no passphrase given, try next key"); | 283 | debug2("no passphrase given, try next key"); |
284 | quit = 1; | 284 | quit = 1; |
285 | } | 285 | } |
286 | explicit_bzero(passphrase, strlen(passphrase)); | ||
287 | free(passphrase); | ||
288 | if (private != NULL || quit) | 286 | if (private != NULL || quit) |
289 | break; | 287 | break; |
290 | debug2("bad passphrase given, try again..."); | 288 | debug2("bad passphrase given, try again..."); |
291 | } | 289 | } |
292 | } | 290 | } |
291 | |||
292 | if (private != NULL) | ||
293 | maybe_add_key_to_agent(authfile, private, comment, passphrase); | ||
294 | |||
295 | if (passphrase != NULL) { | ||
296 | explicit_bzero(passphrase, strlen(passphrase)); | ||
297 | free(passphrase); | ||
298 | } | ||
299 | |||
293 | /* We no longer need the comment. */ | 300 | /* We no longer need the comment. */ |
294 | free(comment); | 301 | free(comment); |
295 | 302 | ||
diff --git a/sshconnect2.c b/sshconnect2.c index 32e9b0df2..b452eae24 100644 --- a/sshconnect2.c +++ b/sshconnect2.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshconnect2.c,v 1.226 2015/07/30 00:01:34 djm Exp $ */ | 1 | /* $OpenBSD: sshconnect2.c,v 1.239 2016/02/23 01:34:14 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * Copyright (c) 2008 Damien Miller. All rights reserved. | 4 | * Copyright (c) 2008 Damien Miller. All rights reserved. |
@@ -157,6 +157,7 @@ void | |||
157 | ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) | 157 | ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) |
158 | { | 158 | { |
159 | char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT }; | 159 | char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT }; |
160 | char *s; | ||
160 | struct kex *kex; | 161 | struct kex *kex; |
161 | int r; | 162 | int r; |
162 | 163 | ||
@@ -168,8 +169,9 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) | |||
168 | xxx_host = host; | 169 | xxx_host = host; |
169 | xxx_hostaddr = hostaddr; | 170 | xxx_hostaddr = hostaddr; |
170 | 171 | ||
171 | myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal( | 172 | if ((s = kex_names_cat(options.kex_algorithms, "ext-info-c")) == NULL) |
172 | options.kex_algorithms); | 173 | fatal("%s: kex_names_cat", __func__); |
174 | myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(s); | ||
173 | myproposal[PROPOSAL_ENC_ALGS_CTOS] = | 175 | myproposal[PROPOSAL_ENC_ALGS_CTOS] = |
174 | compat_cipher_proposal(options.ciphers); | 176 | compat_cipher_proposal(options.ciphers); |
175 | myproposal[PROPOSAL_ENC_ALGS_STOC] = | 177 | myproposal[PROPOSAL_ENC_ALGS_STOC] = |
@@ -269,10 +271,11 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) | |||
269 | 271 | ||
270 | dispatch_run(DISPATCH_BLOCK, &kex->done, active_state); | 272 | dispatch_run(DISPATCH_BLOCK, &kex->done, active_state); |
271 | 273 | ||
272 | if (options.use_roaming && !kex->roaming) { | 274 | /* remove ext-info from the KEX proposals for rekeying */ |
273 | debug("Roaming not allowed by server"); | 275 | myproposal[PROPOSAL_KEX_ALGS] = |
274 | options.use_roaming = 0; | 276 | compat_kex_proposal(options.kex_algorithms); |
275 | } | 277 | if ((r = kex_prop2buf(kex->my, myproposal)) != 0) |
278 | fatal("kex_prop2buf: %s", ssh_err(r)); | ||
276 | 279 | ||
277 | session_id2 = kex->session_id; | 280 | session_id2 = kex->session_id; |
278 | session_id2_len = kex->session_id_len; | 281 | session_id2_len = kex->session_id_len; |
@@ -336,6 +339,8 @@ struct cauthmethod { | |||
336 | int *batch_flag; /* flag in option struct that disables method */ | 339 | int *batch_flag; /* flag in option struct that disables method */ |
337 | }; | 340 | }; |
338 | 341 | ||
342 | int input_userauth_service_accept(int, u_int32_t, void *); | ||
343 | int input_userauth_ext_info(int, u_int32_t, void *); | ||
339 | int input_userauth_success(int, u_int32_t, void *); | 344 | int input_userauth_success(int, u_int32_t, void *); |
340 | int input_userauth_success_unexpected(int, u_int32_t, void *); | 345 | int input_userauth_success_unexpected(int, u_int32_t, void *); |
341 | int input_userauth_failure(int, u_int32_t, void *); | 346 | int input_userauth_failure(int, u_int32_t, void *); |
@@ -366,7 +371,7 @@ void userauth(Authctxt *, char *); | |||
366 | static int sign_and_send_pubkey(Authctxt *, Identity *); | 371 | static int sign_and_send_pubkey(Authctxt *, Identity *); |
367 | static void pubkey_prepare(Authctxt *); | 372 | static void pubkey_prepare(Authctxt *); |
368 | static void pubkey_cleanup(Authctxt *); | 373 | static void pubkey_cleanup(Authctxt *); |
369 | static Key *load_identity_file(char *, int); | 374 | static Key *load_identity_file(Identity *); |
370 | 375 | ||
371 | static Authmethod *authmethod_get(char *authlist); | 376 | static Authmethod *authmethod_get(char *authlist); |
372 | static Authmethod *authmethod_lookup(const char *name); | 377 | static Authmethod *authmethod_lookup(const char *name); |
@@ -417,30 +422,12 @@ void | |||
417 | ssh_userauth2(const char *local_user, const char *server_user, char *host, | 422 | ssh_userauth2(const char *local_user, const char *server_user, char *host, |
418 | Sensitive *sensitive) | 423 | Sensitive *sensitive) |
419 | { | 424 | { |
425 | struct ssh *ssh = active_state; | ||
420 | Authctxt authctxt; | 426 | Authctxt authctxt; |
421 | int type; | 427 | int r; |
422 | 428 | ||
423 | if (options.challenge_response_authentication) | 429 | if (options.challenge_response_authentication) |
424 | options.kbd_interactive_authentication = 1; | 430 | options.kbd_interactive_authentication = 1; |
425 | |||
426 | packet_start(SSH2_MSG_SERVICE_REQUEST); | ||
427 | packet_put_cstring("ssh-userauth"); | ||
428 | packet_send(); | ||
429 | debug("SSH2_MSG_SERVICE_REQUEST sent"); | ||
430 | packet_write_wait(); | ||
431 | type = packet_read(); | ||
432 | if (type != SSH2_MSG_SERVICE_ACCEPT) | ||
433 | fatal("Server denied authentication request: %d", type); | ||
434 | if (packet_remaining() > 0) { | ||
435 | char *reply = packet_get_string(NULL); | ||
436 | debug2("service_accept: %s", reply); | ||
437 | free(reply); | ||
438 | } else { | ||
439 | debug2("buggy server: service_accept w/o service"); | ||
440 | } | ||
441 | packet_check_eom(); | ||
442 | debug("SSH2_MSG_SERVICE_ACCEPT received"); | ||
443 | |||
444 | if (options.preferred_authentications == NULL) | 431 | if (options.preferred_authentications == NULL) |
445 | options.preferred_authentications = authmethods_get(); | 432 | options.preferred_authentications = authmethods_get(); |
446 | 433 | ||
@@ -462,21 +449,63 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host, | |||
462 | if (authctxt.method == NULL) | 449 | if (authctxt.method == NULL) |
463 | fatal("ssh_userauth2: internal error: cannot send userauth none request"); | 450 | fatal("ssh_userauth2: internal error: cannot send userauth none request"); |
464 | 451 | ||
465 | /* initial userauth request */ | 452 | if ((r = sshpkt_start(ssh, SSH2_MSG_SERVICE_REQUEST)) != 0 || |
466 | userauth_none(&authctxt); | 453 | (r = sshpkt_put_cstring(ssh, "ssh-userauth")) != 0 || |
454 | (r = sshpkt_send(ssh)) != 0) | ||
455 | fatal("%s: %s", __func__, ssh_err(r)); | ||
467 | 456 | ||
468 | dispatch_init(&input_userauth_error); | 457 | ssh_dispatch_init(ssh, &input_userauth_error); |
469 | dispatch_set(SSH2_MSG_USERAUTH_SUCCESS, &input_userauth_success); | 458 | ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, &input_userauth_ext_info); |
470 | dispatch_set(SSH2_MSG_USERAUTH_FAILURE, &input_userauth_failure); | 459 | ssh_dispatch_set(ssh, SSH2_MSG_SERVICE_ACCEPT, &input_userauth_service_accept); |
471 | dispatch_set(SSH2_MSG_USERAUTH_BANNER, &input_userauth_banner); | 460 | ssh_dispatch_run(ssh, DISPATCH_BLOCK, &authctxt.success, &authctxt); /* loop until success */ |
472 | dispatch_run(DISPATCH_BLOCK, &authctxt.success, &authctxt); /* loop until success */ | ||
473 | 461 | ||
474 | pubkey_cleanup(&authctxt); | 462 | pubkey_cleanup(&authctxt); |
475 | dispatch_range(SSH2_MSG_USERAUTH_MIN, SSH2_MSG_USERAUTH_MAX, NULL); | 463 | ssh_dispatch_range(ssh, SSH2_MSG_USERAUTH_MIN, SSH2_MSG_USERAUTH_MAX, NULL); |
476 | 464 | ||
477 | debug("Authentication succeeded (%s).", authctxt.method->name); | 465 | debug("Authentication succeeded (%s).", authctxt.method->name); |
478 | } | 466 | } |
479 | 467 | ||
468 | /* ARGSUSED */ | ||
469 | int | ||
470 | input_userauth_service_accept(int type, u_int32_t seqnr, void *ctxt) | ||
471 | { | ||
472 | Authctxt *authctxt = ctxt; | ||
473 | struct ssh *ssh = active_state; | ||
474 | int r; | ||
475 | |||
476 | if (ssh_packet_remaining(ssh) > 0) { | ||
477 | char *reply; | ||
478 | |||
479 | if ((r = sshpkt_get_cstring(ssh, &reply, NULL)) != 0) | ||
480 | goto out; | ||
481 | debug2("service_accept: %s", reply); | ||
482 | free(reply); | ||
483 | } else { | ||
484 | debug2("buggy server: service_accept w/o service"); | ||
485 | } | ||
486 | if ((r = sshpkt_get_end(ssh)) != 0) | ||
487 | goto out; | ||
488 | debug("SSH2_MSG_SERVICE_ACCEPT received"); | ||
489 | |||
490 | /* initial userauth request */ | ||
491 | userauth_none(authctxt); | ||
492 | |||
493 | ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, &input_userauth_error); | ||
494 | ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_SUCCESS, &input_userauth_success); | ||
495 | ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_FAILURE, &input_userauth_failure); | ||
496 | ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_BANNER, &input_userauth_banner); | ||
497 | r = 0; | ||
498 | out: | ||
499 | return r; | ||
500 | } | ||
501 | |||
502 | /* ARGSUSED */ | ||
503 | int | ||
504 | input_userauth_ext_info(int type, u_int32_t seqnr, void *ctxt) | ||
505 | { | ||
506 | return kex_input_ext_info(type, seqnr, active_state); | ||
507 | } | ||
508 | |||
480 | void | 509 | void |
481 | userauth(Authctxt *authctxt, char *authlist) | 510 | userauth(Authctxt *authctxt, char *authlist) |
482 | { | 511 | { |
@@ -1082,29 +1111,48 @@ input_userauth_passwd_changereq(int type, u_int32_t seqnr, void *ctxt) | |||
1082 | return 0; | 1111 | return 0; |
1083 | } | 1112 | } |
1084 | 1113 | ||
1114 | static const char * | ||
1115 | identity_sign_encode(struct identity *id) | ||
1116 | { | ||
1117 | struct ssh *ssh = active_state; | ||
1118 | |||
1119 | if (id->key->type == KEY_RSA) { | ||
1120 | switch (ssh->kex->rsa_sha2) { | ||
1121 | case 256: | ||
1122 | return "rsa-sha2-256"; | ||
1123 | case 512: | ||
1124 | return "rsa-sha2-512"; | ||
1125 | } | ||
1126 | } | ||
1127 | return key_ssh_name(id->key); | ||
1128 | } | ||
1129 | |||
1085 | static int | 1130 | static int |
1086 | identity_sign(struct identity *id, u_char **sigp, size_t *lenp, | 1131 | identity_sign(struct identity *id, u_char **sigp, size_t *lenp, |
1087 | const u_char *data, size_t datalen, u_int compat) | 1132 | const u_char *data, size_t datalen, u_int compat) |
1088 | { | 1133 | { |
1089 | Key *prv; | 1134 | Key *prv; |
1090 | int ret; | 1135 | int ret; |
1136 | const char *alg; | ||
1137 | |||
1138 | alg = identity_sign_encode(id); | ||
1091 | 1139 | ||
1092 | /* the agent supports this key */ | 1140 | /* the agent supports this key */ |
1093 | if (id->agent_fd) | 1141 | if (id->agent_fd != -1) |
1094 | return ssh_agent_sign(id->agent_fd, id->key, sigp, lenp, | 1142 | return ssh_agent_sign(id->agent_fd, id->key, sigp, lenp, |
1095 | data, datalen, compat); | 1143 | data, datalen, alg, compat); |
1096 | 1144 | ||
1097 | /* | 1145 | /* |
1098 | * we have already loaded the private key or | 1146 | * we have already loaded the private key or |
1099 | * the private key is stored in external hardware | 1147 | * the private key is stored in external hardware |
1100 | */ | 1148 | */ |
1101 | if (id->isprivate || (id->key->flags & SSHKEY_FLAG_EXT)) | 1149 | if (id->isprivate || (id->key->flags & SSHKEY_FLAG_EXT)) |
1102 | return (sshkey_sign(id->key, sigp, lenp, data, datalen, | 1150 | return (sshkey_sign(id->key, sigp, lenp, data, datalen, alg, |
1103 | compat)); | 1151 | compat)); |
1104 | /* load the private key from the file */ | 1152 | /* load the private key from the file */ |
1105 | if ((prv = load_identity_file(id->filename, id->userprovided)) == NULL) | 1153 | if ((prv = load_identity_file(id)) == NULL) |
1106 | return (-1); /* XXX return decent error code */ | 1154 | return SSH_ERR_KEY_NOT_FOUND; |
1107 | ret = sshkey_sign(prv, sigp, lenp, data, datalen, compat); | 1155 | ret = sshkey_sign(prv, sigp, lenp, data, datalen, alg, compat); |
1108 | sshkey_free(prv); | 1156 | sshkey_free(prv); |
1109 | return (ret); | 1157 | return (ret); |
1110 | } | 1158 | } |
@@ -1113,18 +1161,17 @@ static int | |||
1113 | sign_and_send_pubkey(Authctxt *authctxt, Identity *id) | 1161 | sign_and_send_pubkey(Authctxt *authctxt, Identity *id) |
1114 | { | 1162 | { |
1115 | Buffer b; | 1163 | Buffer b; |
1164 | Identity *private_id; | ||
1116 | u_char *blob, *signature; | 1165 | u_char *blob, *signature; |
1117 | u_int bloblen; | ||
1118 | size_t slen; | 1166 | size_t slen; |
1119 | u_int skip = 0; | 1167 | u_int bloblen, skip = 0; |
1120 | int ret = -1; | 1168 | int matched, ret = -1, have_sig = 1; |
1121 | int have_sig = 1; | ||
1122 | char *fp; | 1169 | char *fp; |
1123 | 1170 | ||
1124 | if ((fp = sshkey_fingerprint(id->key, options.fingerprint_hash, | 1171 | if ((fp = sshkey_fingerprint(id->key, options.fingerprint_hash, |
1125 | SSH_FP_DEFAULT)) == NULL) | 1172 | SSH_FP_DEFAULT)) == NULL) |
1126 | return 0; | 1173 | return 0; |
1127 | debug3("sign_and_send_pubkey: %s %s", key_type(id->key), fp); | 1174 | debug3("%s: %s %s", __func__, key_type(id->key), fp); |
1128 | free(fp); | 1175 | free(fp); |
1129 | 1176 | ||
1130 | if (key_to_blob(id->key, &blob, &bloblen) == 0) { | 1177 | if (key_to_blob(id->key, &blob, &bloblen) == 0) { |
@@ -1152,14 +1199,46 @@ sign_and_send_pubkey(Authctxt *authctxt, Identity *id) | |||
1152 | } else { | 1199 | } else { |
1153 | buffer_put_cstring(&b, authctxt->method->name); | 1200 | buffer_put_cstring(&b, authctxt->method->name); |
1154 | buffer_put_char(&b, have_sig); | 1201 | buffer_put_char(&b, have_sig); |
1155 | buffer_put_cstring(&b, key_ssh_name(id->key)); | 1202 | buffer_put_cstring(&b, identity_sign_encode(id)); |
1156 | } | 1203 | } |
1157 | buffer_put_string(&b, blob, bloblen); | 1204 | buffer_put_string(&b, blob, bloblen); |
1158 | 1205 | ||
1206 | /* | ||
1207 | * If the key is an certificate, try to find a matching private key | ||
1208 | * and use it to complete the signature. | ||
1209 | * If no such private key exists, return failure and continue with | ||
1210 | * other methods of authentication. | ||
1211 | */ | ||
1212 | if (key_is_cert(id->key)) { | ||
1213 | matched = 0; | ||
1214 | TAILQ_FOREACH(private_id, &authctxt->keys, next) { | ||
1215 | if (sshkey_equal_public(id->key, private_id->key) && | ||
1216 | id->key->type != private_id->key->type) { | ||
1217 | id = private_id; | ||
1218 | matched = 1; | ||
1219 | break; | ||
1220 | } | ||
1221 | } | ||
1222 | if (matched) { | ||
1223 | debug2("%s: using private key \"%s\"%s for " | ||
1224 | "certificate", __func__, id->filename, | ||
1225 | id->agent_fd != -1 ? " from agent" : ""); | ||
1226 | } else { | ||
1227 | /* XXX maybe verbose/error? */ | ||
1228 | debug("%s: no private key for certificate " | ||
1229 | "\"%s\"", __func__, id->filename); | ||
1230 | free(blob); | ||
1231 | buffer_free(&b); | ||
1232 | return 0; | ||
1233 | } | ||
1234 | } | ||
1235 | |||
1159 | /* generate signature */ | 1236 | /* generate signature */ |
1160 | ret = identity_sign(id, &signature, &slen, | 1237 | ret = identity_sign(id, &signature, &slen, |
1161 | buffer_ptr(&b), buffer_len(&b), datafellows); | 1238 | buffer_ptr(&b), buffer_len(&b), datafellows); |
1162 | if (ret != 0) { | 1239 | if (ret != 0) { |
1240 | if (ret != SSH_ERR_KEY_NOT_FOUND) | ||
1241 | error("%s: signing failed: %s", __func__, ssh_err(ret)); | ||
1163 | free(blob); | 1242 | free(blob); |
1164 | buffer_free(&b); | 1243 | buffer_free(&b); |
1165 | return 0; | 1244 | return 0; |
@@ -1222,7 +1301,7 @@ send_pubkey_test(Authctxt *authctxt, Identity *id) | |||
1222 | packet_put_cstring(authctxt->method->name); | 1301 | packet_put_cstring(authctxt->method->name); |
1223 | packet_put_char(have_sig); | 1302 | packet_put_char(have_sig); |
1224 | if (!(datafellows & SSH_BUG_PKAUTH)) | 1303 | if (!(datafellows & SSH_BUG_PKAUTH)) |
1225 | packet_put_cstring(key_ssh_name(id->key)); | 1304 | packet_put_cstring(identity_sign_encode(id)); |
1226 | packet_put_string(blob, bloblen); | 1305 | packet_put_string(blob, bloblen); |
1227 | free(blob); | 1306 | free(blob); |
1228 | packet_send(); | 1307 | packet_send(); |
@@ -1230,20 +1309,20 @@ send_pubkey_test(Authctxt *authctxt, Identity *id) | |||
1230 | } | 1309 | } |
1231 | 1310 | ||
1232 | static Key * | 1311 | static Key * |
1233 | load_identity_file(char *filename, int userprovided) | 1312 | load_identity_file(Identity *id) |
1234 | { | 1313 | { |
1235 | Key *private; | 1314 | Key *private = NULL; |
1236 | char prompt[300], *passphrase; | 1315 | char prompt[300], *passphrase, *comment; |
1237 | int r, perm_ok = 0, quit = 0, i; | 1316 | int r, perm_ok = 0, quit = 0, i; |
1238 | struct stat st; | 1317 | struct stat st; |
1239 | 1318 | ||
1240 | if (stat(filename, &st) < 0) { | 1319 | if (stat(id->filename, &st) < 0) { |
1241 | (userprovided ? logit : debug3)("no such identity: %s: %s", | 1320 | (id->userprovided ? logit : debug3)("no such identity: %s: %s", |
1242 | filename, strerror(errno)); | 1321 | id->filename, strerror(errno)); |
1243 | return NULL; | 1322 | return NULL; |
1244 | } | 1323 | } |
1245 | snprintf(prompt, sizeof prompt, | 1324 | snprintf(prompt, sizeof prompt, |
1246 | "Enter passphrase for key '%.100s': ", filename); | 1325 | "Enter passphrase for key '%.100s': ", id->filename); |
1247 | for (i = 0; i <= options.number_of_password_prompts; i++) { | 1326 | for (i = 0; i <= options.number_of_password_prompts; i++) { |
1248 | if (i == 0) | 1327 | if (i == 0) |
1249 | passphrase = ""; | 1328 | passphrase = ""; |
@@ -1255,8 +1334,8 @@ load_identity_file(char *filename, int userprovided) | |||
1255 | break; | 1334 | break; |
1256 | } | 1335 | } |
1257 | } | 1336 | } |
1258 | switch ((r = sshkey_load_private_type(KEY_UNSPEC, filename, | 1337 | switch ((r = sshkey_load_private_type(KEY_UNSPEC, id->filename, |
1259 | passphrase, &private, NULL, &perm_ok))) { | 1338 | passphrase, &private, &comment, &perm_ok))) { |
1260 | case 0: | 1339 | case 0: |
1261 | break; | 1340 | break; |
1262 | case SSH_ERR_KEY_WRONG_PASSPHRASE: | 1341 | case SSH_ERR_KEY_WRONG_PASSPHRASE: |
@@ -1270,20 +1349,25 @@ load_identity_file(char *filename, int userprovided) | |||
1270 | case SSH_ERR_SYSTEM_ERROR: | 1349 | case SSH_ERR_SYSTEM_ERROR: |
1271 | if (errno == ENOENT) { | 1350 | if (errno == ENOENT) { |
1272 | debug2("Load key \"%s\": %s", | 1351 | debug2("Load key \"%s\": %s", |
1273 | filename, ssh_err(r)); | 1352 | id->filename, ssh_err(r)); |
1274 | quit = 1; | 1353 | quit = 1; |
1275 | break; | 1354 | break; |
1276 | } | 1355 | } |
1277 | /* FALLTHROUGH */ | 1356 | /* FALLTHROUGH */ |
1278 | default: | 1357 | default: |
1279 | error("Load key \"%s\": %s", filename, ssh_err(r)); | 1358 | error("Load key \"%s\": %s", id->filename, ssh_err(r)); |
1280 | quit = 1; | 1359 | quit = 1; |
1281 | break; | 1360 | break; |
1282 | } | 1361 | } |
1362 | if (!quit && private != NULL && id->agent_fd == -1 && | ||
1363 | !(id->key && id->isprivate)) | ||
1364 | maybe_add_key_to_agent(id->filename, private, comment, | ||
1365 | passphrase); | ||
1283 | if (i > 0) { | 1366 | if (i > 0) { |
1284 | explicit_bzero(passphrase, strlen(passphrase)); | 1367 | explicit_bzero(passphrase, strlen(passphrase)); |
1285 | free(passphrase); | 1368 | free(passphrase); |
1286 | } | 1369 | } |
1370 | free(comment); | ||
1287 | if (private != NULL || quit) | 1371 | if (private != NULL || quit) |
1288 | break; | 1372 | break; |
1289 | } | 1373 | } |
@@ -1292,9 +1376,11 @@ load_identity_file(char *filename, int userprovided) | |||
1292 | 1376 | ||
1293 | /* | 1377 | /* |
1294 | * try keys in the following order: | 1378 | * try keys in the following order: |
1295 | * 1. agent keys that are found in the config file | 1379 | * 1. certificates listed in the config file |
1296 | * 2. other agent keys | 1380 | * 2. other input certificates |
1297 | * 3. keys that are only listed in the config file | 1381 | * 3. agent keys that are found in the config file |
1382 | * 4. other agent keys | ||
1383 | * 5. keys that are only listed in the config file | ||
1298 | */ | 1384 | */ |
1299 | static void | 1385 | static void |
1300 | pubkey_prepare(Authctxt *authctxt) | 1386 | pubkey_prepare(Authctxt *authctxt) |
@@ -1302,7 +1388,7 @@ pubkey_prepare(Authctxt *authctxt) | |||
1302 | struct identity *id, *id2, *tmp; | 1388 | struct identity *id, *id2, *tmp; |
1303 | struct idlist agent, files, *preferred; | 1389 | struct idlist agent, files, *preferred; |
1304 | struct sshkey *key; | 1390 | struct sshkey *key; |
1305 | int agent_fd, i, r, found; | 1391 | int agent_fd = -1, i, r, found; |
1306 | size_t j; | 1392 | size_t j; |
1307 | struct ssh_identitylist *idlist; | 1393 | struct ssh_identitylist *idlist; |
1308 | 1394 | ||
@@ -1320,6 +1406,7 @@ pubkey_prepare(Authctxt *authctxt) | |||
1320 | continue; | 1406 | continue; |
1321 | options.identity_keys[i] = NULL; | 1407 | options.identity_keys[i] = NULL; |
1322 | id = xcalloc(1, sizeof(*id)); | 1408 | id = xcalloc(1, sizeof(*id)); |
1409 | id->agent_fd = -1; | ||
1323 | id->key = key; | 1410 | id->key = key; |
1324 | id->filename = xstrdup(options.identity_files[i]); | 1411 | id->filename = xstrdup(options.identity_files[i]); |
1325 | id->userprovided = options.identity_file_userprovided[i]; | 1412 | id->userprovided = options.identity_file_userprovided[i]; |
@@ -1348,6 +1435,19 @@ pubkey_prepare(Authctxt *authctxt) | |||
1348 | free(id); | 1435 | free(id); |
1349 | } | 1436 | } |
1350 | } | 1437 | } |
1438 | /* list of certificates specified by user */ | ||
1439 | for (i = 0; i < options.num_certificate_files; i++) { | ||
1440 | key = options.certificates[i]; | ||
1441 | if (!key_is_cert(key) || key->cert == NULL || | ||
1442 | key->cert->type != SSH2_CERT_TYPE_USER) | ||
1443 | continue; | ||
1444 | id = xcalloc(1, sizeof(*id)); | ||
1445 | id->agent_fd = -1; | ||
1446 | id->key = key; | ||
1447 | id->filename = xstrdup(options.certificate_files[i]); | ||
1448 | id->userprovided = options.certificate_file_userprovided[i]; | ||
1449 | TAILQ_INSERT_TAIL(preferred, id, next); | ||
1450 | } | ||
1351 | /* list of keys supported by the agent */ | 1451 | /* list of keys supported by the agent */ |
1352 | if ((r = ssh_get_authentication_socket(&agent_fd)) != 0) { | 1452 | if ((r = ssh_get_authentication_socket(&agent_fd)) != 0) { |
1353 | if (r != SSH_ERR_AGENT_NOT_PRESENT) | 1453 | if (r != SSH_ERR_AGENT_NOT_PRESENT) |
@@ -1357,6 +1457,7 @@ pubkey_prepare(Authctxt *authctxt) | |||
1357 | if (r != SSH_ERR_AGENT_NO_IDENTITIES) | 1457 | if (r != SSH_ERR_AGENT_NO_IDENTITIES) |
1358 | debug("%s: ssh_fetch_identitylist: %s", | 1458 | debug("%s: ssh_fetch_identitylist: %s", |
1359 | __func__, ssh_err(r)); | 1459 | __func__, ssh_err(r)); |
1460 | close(agent_fd); | ||
1360 | } else { | 1461 | } else { |
1361 | for (j = 0; j < idlist->nkeys; j++) { | 1462 | for (j = 0; j < idlist->nkeys; j++) { |
1362 | found = 0; | 1463 | found = 0; |
@@ -1397,9 +1498,23 @@ pubkey_prepare(Authctxt *authctxt) | |||
1397 | TAILQ_REMOVE(&files, id, next); | 1498 | TAILQ_REMOVE(&files, id, next); |
1398 | TAILQ_INSERT_TAIL(preferred, id, next); | 1499 | TAILQ_INSERT_TAIL(preferred, id, next); |
1399 | } | 1500 | } |
1400 | TAILQ_FOREACH(id, preferred, next) { | 1501 | /* finally, filter by PubkeyAcceptedKeyTypes */ |
1401 | debug2("key: %s (%p),%s", id->filename, id->key, | 1502 | TAILQ_FOREACH_SAFE(id, preferred, next, id2) { |
1402 | id->userprovided ? " explicit" : ""); | 1503 | if (id->key != NULL && |
1504 | match_pattern_list(sshkey_ssh_name(id->key), | ||
1505 | options.pubkey_key_types, 0) != 1) { | ||
1506 | debug("Skipping %s key %s - " | ||
1507 | "not in PubkeyAcceptedKeyTypes", | ||
1508 | sshkey_ssh_name(id->key), id->filename); | ||
1509 | TAILQ_REMOVE(preferred, id, next); | ||
1510 | sshkey_free(id->key); | ||
1511 | free(id->filename); | ||
1512 | memset(id, 0, sizeof(*id)); | ||
1513 | continue; | ||
1514 | } | ||
1515 | debug2("key: %s (%p)%s%s", id->filename, id->key, | ||
1516 | id->userprovided ? ", explicit" : "", | ||
1517 | id->agent_fd != -1 ? ", agent" : ""); | ||
1403 | } | 1518 | } |
1404 | } | 1519 | } |
1405 | 1520 | ||
@@ -1413,8 +1528,7 @@ pubkey_cleanup(Authctxt *authctxt) | |||
1413 | for (id = TAILQ_FIRST(&authctxt->keys); id; | 1528 | for (id = TAILQ_FIRST(&authctxt->keys); id; |
1414 | id = TAILQ_FIRST(&authctxt->keys)) { | 1529 | id = TAILQ_FIRST(&authctxt->keys)) { |
1415 | TAILQ_REMOVE(&authctxt->keys, id, next); | 1530 | TAILQ_REMOVE(&authctxt->keys, id, next); |
1416 | if (id->key) | 1531 | sshkey_free(id->key); |
1417 | sshkey_free(id->key); | ||
1418 | free(id->filename); | 1532 | free(id->filename); |
1419 | free(id); | 1533 | free(id); |
1420 | } | 1534 | } |
@@ -1425,12 +1539,6 @@ try_identity(Identity *id) | |||
1425 | { | 1539 | { |
1426 | if (!id->key) | 1540 | if (!id->key) |
1427 | return (0); | 1541 | return (0); |
1428 | if (match_pattern_list(sshkey_ssh_name(id->key), | ||
1429 | options.pubkey_key_types, 0) != 1) { | ||
1430 | debug("Skipping %s key %s for not in PubkeyAcceptedKeyTypes", | ||
1431 | sshkey_ssh_name(id->key), id->filename); | ||
1432 | return (0); | ||
1433 | } | ||
1434 | if (key_type_plain(id->key->type) == KEY_RSA && | 1542 | if (key_type_plain(id->key->type) == KEY_RSA && |
1435 | (datafellows & SSH_BUG_RSASIGMD5) != 0) { | 1543 | (datafellows & SSH_BUG_RSASIGMD5) != 0) { |
1436 | debug("Skipped %s key %s for RSA/MD5 server", | 1544 | debug("Skipped %s key %s for RSA/MD5 server", |
@@ -1465,8 +1573,7 @@ userauth_pubkey(Authctxt *authctxt) | |||
1465 | } | 1573 | } |
1466 | } else { | 1574 | } else { |
1467 | debug("Trying private key: %s", id->filename); | 1575 | debug("Trying private key: %s", id->filename); |
1468 | id->key = load_identity_file(id->filename, | 1576 | id->key = load_identity_file(id); |
1469 | id->userprovided); | ||
1470 | if (id->key != NULL) { | 1577 | if (id->key != NULL) { |
1471 | if (try_identity(id)) { | 1578 | if (try_identity(id)) { |
1472 | id->isprivate = 1; | 1579 | id->isprivate = 1; |
@@ -1625,7 +1732,7 @@ ssh_keysign(struct sshkey *key, u_char **sigp, size_t *lenp, | |||
1625 | closefrom(sock + 1); | 1732 | closefrom(sock + 1); |
1626 | debug3("%s: [child] pid=%ld, exec %s", | 1733 | debug3("%s: [child] pid=%ld, exec %s", |
1627 | __func__, (long)getpid(), _PATH_SSH_KEY_SIGN); | 1734 | __func__, (long)getpid(), _PATH_SSH_KEY_SIGN); |
1628 | execl(_PATH_SSH_KEY_SIGN, _PATH_SSH_KEY_SIGN, (char *) 0); | 1735 | execl(_PATH_SSH_KEY_SIGN, _PATH_SSH_KEY_SIGN, (char *)NULL); |
1629 | fatal("%s: exec(%s): %s", __func__, _PATH_SSH_KEY_SIGN, | 1736 | fatal("%s: exec(%s): %s", __func__, _PATH_SSH_KEY_SIGN, |
1630 | strerror(errno)); | 1737 | strerror(errno)); |
1631 | } | 1738 | } |
@@ -1797,7 +1904,7 @@ userauth_hostbased(Authctxt *authctxt) | |||
1797 | r = ssh_keysign(private, &sig, &siglen, | 1904 | r = ssh_keysign(private, &sig, &siglen, |
1798 | sshbuf_ptr(b), sshbuf_len(b)); | 1905 | sshbuf_ptr(b), sshbuf_len(b)); |
1799 | else if ((r = sshkey_sign(private, &sig, &siglen, | 1906 | else if ((r = sshkey_sign(private, &sig, &siglen, |
1800 | sshbuf_ptr(b), sshbuf_len(b), datafellows)) != 0) | 1907 | sshbuf_ptr(b), sshbuf_len(b), NULL, datafellows)) != 0) |
1801 | debug("%s: sshkey_sign: %s", __func__, ssh_err(r)); | 1908 | debug("%s: sshkey_sign: %s", __func__, ssh_err(r)); |
1802 | if (r != 0) { | 1909 | if (r != 0) { |
1803 | error("sign using hostkey %s %s failed", | 1910 | error("sign using hostkey %s %s failed", |
@@ -146,11 +146,11 @@ DESCRIPTION | |||
146 | AUTHENTICATION | 146 | AUTHENTICATION |
147 | The OpenSSH SSH daemon supports SSH protocols 1 and 2. The default is to | 147 | The OpenSSH SSH daemon supports SSH protocols 1 and 2. The default is to |
148 | use protocol 2 only, though this can be changed via the Protocol option | 148 | use protocol 2 only, though this can be changed via the Protocol option |
149 | in sshd_config(5). Protocol 2 supports DSA, ECDSA, Ed25519 and RSA keys; | 149 | in sshd_config(5). Protocol 1 should not be used and is only offered to |
150 | protocol 1 only supports RSA keys. For both protocols, each host has a | 150 | support legacy devices. |
151 | host-specific key, normally 2048 bits, used to identify the host. | ||
152 | 151 | ||
153 | Forward security for protocol 1 is provided through an additional server | 152 | Each host has a host-specific key, used to identify the host. Partial |
153 | forward security for protocol 1 is provided through an additional server | ||
154 | key, normally 1024 bits, generated when the server starts. This key is | 154 | key, normally 1024 bits, generated when the server starts. This key is |
155 | normally regenerated every hour if it has been used, and is never stored | 155 | normally regenerated every hour if it has been used, and is never stored |
156 | on disk. Whenever a client connects, the daemon responds with its public | 156 | on disk. Whenever a client connects, the daemon responds with its public |
@@ -268,7 +268,7 @@ SSHRC | |||
268 | 268 | ||
269 | AUTHORIZED_KEYS FILE FORMAT | 269 | AUTHORIZED_KEYS FILE FORMAT |
270 | AuthorizedKeysFile specifies the files containing public keys for public | 270 | AuthorizedKeysFile specifies the files containing public keys for public |
271 | key authentication; if none is specified, the default is | 271 | key authentication; if this option is not specified, the default is |
272 | ~/.ssh/authorized_keys and ~/.ssh/authorized_keys2. Each line of the | 272 | ~/.ssh/authorized_keys and ~/.ssh/authorized_keys2. Each line of the |
273 | file contains one key (empty lines and lines starting with a M-bM-^@M-^X#M-bM-^@M-^Y are | 273 | file contains one key (empty lines and lines starting with a M-bM-^@M-^X#M-bM-^@M-^Y are |
274 | ignored as comments). Protocol 1 public keys consist of the following | 274 | ignored as comments). Protocol 1 public keys consist of the following |
@@ -298,6 +298,10 @@ AUTHORIZED_KEYS FILE FORMAT | |||
298 | The following option specifications are supported (note that option | 298 | The following option specifications are supported (note that option |
299 | keywords are case-insensitive): | 299 | keywords are case-insensitive): |
300 | 300 | ||
301 | agent-forwarding | ||
302 | Enable authentication agent forwarding previously disabled by the | ||
303 | restrict option. | ||
304 | |||
301 | cert-authority | 305 | cert-authority |
302 | Specifies that the listed key is a certification authority (CA) | 306 | Specifies that the listed key is a certification authority (CA) |
303 | that is trusted to validate signed certificates for user | 307 | that is trusted to validate signed certificates for user |
@@ -378,6 +382,9 @@ AUTHORIZED_KEYS FILE FORMAT | |||
378 | must be literal domains or addresses. A port specification of * | 382 | must be literal domains or addresses. A port specification of * |
379 | matches any port. | 383 | matches any port. |
380 | 384 | ||
385 | port-forwarding | ||
386 | Enable port forwarding previously disabled by the restrict | ||
387 | |||
381 | principals="principals" | 388 | principals="principals" |
382 | On a cert-authority line, specifies allowed principals for | 389 | On a cert-authority line, specifies allowed principals for |
383 | certificate authentication as a comma-separated list. At least | 390 | certificate authentication as a comma-separated list. At least |
@@ -386,11 +393,28 @@ AUTHORIZED_KEYS FILE FORMAT | |||
386 | ignored for keys that are not marked as trusted certificate | 393 | ignored for keys that are not marked as trusted certificate |
387 | signers using the cert-authority option. | 394 | signers using the cert-authority option. |
388 | 395 | ||
396 | pty Permits tty allocation previously disabled by the restrict | ||
397 | option. | ||
398 | |||
399 | restrict | ||
400 | Enable all restrictions, i.e. disable port, agent and X11 | ||
401 | forwarding, as well as disabling PTY allocation and execution of | ||
402 | ~/.ssh/rc. If any future restriction capabilities are added to | ||
403 | authorized_keys files they will be included in this set. | ||
404 | |||
389 | tunnel="n" | 405 | tunnel="n" |
390 | Force a tun(4) device on the server. Without this option, the | 406 | Force a tun(4) device on the server. Without this option, the |
391 | next available device will be used if the client requests a | 407 | next available device will be used if the client requests a |
392 | tunnel. | 408 | tunnel. |
393 | 409 | ||
410 | user-rc | ||
411 | Enables execution of ~/.ssh/rc previously disabled by the | ||
412 | restrict option. | ||
413 | |||
414 | X11-forwarding | ||
415 | Permits X11 forwarding previously disabled by the restrict | ||
416 | option. | ||
417 | |||
394 | An example authorized_keys file: | 418 | An example authorized_keys file: |
395 | 419 | ||
396 | # Comments allowed at start of line | 420 | # Comments allowed at start of line |
@@ -403,6 +427,10 @@ AUTHORIZED_KEYS FILE FORMAT | |||
403 | AAAAB5...21S== | 427 | AAAAB5...21S== |
404 | tunnel="0",command="sh /etc/netstart tun0" ssh-rsa AAAA...== | 428 | tunnel="0",command="sh /etc/netstart tun0" ssh-rsa AAAA...== |
405 | jane@example.net | 429 | jane@example.net |
430 | restrict,command="uptime" ssh-rsa AAAA1C8...32Tv== | ||
431 | user@example.net | ||
432 | restrict,pty,command="nethack" ssh-rsa AAAA1f8...IrrC5== | ||
433 | user@example.net | ||
406 | 434 | ||
407 | SSH_KNOWN_HOSTS FILE FORMAT | 435 | SSH_KNOWN_HOSTS FILE FORMAT |
408 | The /etc/ssh/ssh_known_hosts and ~/.ssh/known_hosts files contain host | 436 | The /etc/ssh/ssh_known_hosts and ~/.ssh/known_hosts files contain host |
@@ -552,7 +580,9 @@ FILES | |||
552 | 580 | ||
553 | /etc/moduli | 581 | /etc/moduli |
554 | Contains Diffie-Hellman groups used for the "Diffie-Hellman Group | 582 | Contains Diffie-Hellman groups used for the "Diffie-Hellman Group |
555 | Exchange". The file format is described in moduli(5). | 583 | Exchange" key exchange method. The file format is described in |
584 | moduli(5). If no usable groups are found in this file then fixed | ||
585 | internal groups will be used. | ||
556 | 586 | ||
557 | /etc/motd | 587 | /etc/motd |
558 | See motd(5). | 588 | See motd(5). |
@@ -632,4 +662,4 @@ AUTHORS | |||
632 | versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support | 662 | versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support |
633 | for privilege separation. | 663 | for privilege separation. |
634 | 664 | ||
635 | OpenBSD 5.8 July 3, 2015 OpenBSD 5.8 | 665 | OpenBSD 5.9 February 17, 2016 OpenBSD 5.9 |
@@ -33,8 +33,8 @@ | |||
33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
35 | .\" | 35 | .\" |
36 | .\" $OpenBSD: sshd.8,v 1.280 2015/07/03 03:49:45 djm Exp $ | 36 | .\" $OpenBSD: sshd.8,v 1.284 2016/02/17 07:38:19 jmc Exp $ |
37 | .Dd $Mdocdate: July 3 2015 $ | 37 | .Dd $Mdocdate: February 17 2016 $ |
38 | .Dt SSHD 8 | 38 | .Dt SSHD 8 |
39 | .Os | 39 | .Os |
40 | .Sh NAME | 40 | .Sh NAME |
@@ -278,14 +278,12 @@ though this can be changed via the | |||
278 | .Cm Protocol | 278 | .Cm Protocol |
279 | option in | 279 | option in |
280 | .Xr sshd_config 5 . | 280 | .Xr sshd_config 5 . |
281 | Protocol 2 supports DSA, ECDSA, Ed25519 and RSA keys; | 281 | Protocol 1 should not be used |
282 | protocol 1 only supports RSA keys. | 282 | and is only offered to support legacy devices. |
283 | For both protocols, | ||
284 | each host has a host-specific key, | ||
285 | normally 2048 bits, | ||
286 | used to identify the host. | ||
287 | .Pp | 283 | .Pp |
288 | Forward security for protocol 1 is provided through | 284 | Each host has a host-specific key, |
285 | used to identify the host. | ||
286 | Partial forward security for protocol 1 is provided through | ||
289 | an additional server key, | 287 | an additional server key, |
290 | normally 1024 bits, | 288 | normally 1024 bits, |
291 | generated when the server starts. | 289 | generated when the server starts. |
@@ -473,7 +471,7 @@ does not exist either, xauth is used to add the cookie. | |||
473 | .Cm AuthorizedKeysFile | 471 | .Cm AuthorizedKeysFile |
474 | specifies the files containing public keys for | 472 | specifies the files containing public keys for |
475 | public key authentication; | 473 | public key authentication; |
476 | if none is specified, the default is | 474 | if this option is not specified, the default is |
477 | .Pa ~/.ssh/authorized_keys | 475 | .Pa ~/.ssh/authorized_keys |
478 | and | 476 | and |
479 | .Pa ~/.ssh/authorized_keys2 . | 477 | .Pa ~/.ssh/authorized_keys2 . |
@@ -525,6 +523,10 @@ No spaces are permitted, except within double quotes. | |||
525 | The following option specifications are supported (note | 523 | The following option specifications are supported (note |
526 | that option keywords are case-insensitive): | 524 | that option keywords are case-insensitive): |
527 | .Bl -tag -width Ds | 525 | .Bl -tag -width Ds |
526 | .It Cm agent-forwarding | ||
527 | Enable authentication agent forwarding previously disabled by the | ||
528 | .Cm restrict | ||
529 | option. | ||
528 | .It Cm cert-authority | 530 | .It Cm cert-authority |
529 | Specifies that the listed key is a certification authority (CA) that is | 531 | Specifies that the listed key is a certification authority (CA) that is |
530 | trusted to validate signed certificates for user authentication. | 532 | trusted to validate signed certificates for user authentication. |
@@ -619,6 +621,9 @@ they must be literal domains or addresses. | |||
619 | A port specification of | 621 | A port specification of |
620 | .Cm * | 622 | .Cm * |
621 | matches any port. | 623 | matches any port. |
624 | .It Cm port-forwarding | ||
625 | Enable port forwarding previously disabled by the | ||
626 | .Cm restrict | ||
622 | .It Cm principals="principals" | 627 | .It Cm principals="principals" |
623 | On a | 628 | On a |
624 | .Cm cert-authority | 629 | .Cm cert-authority |
@@ -630,12 +635,33 @@ This option is ignored for keys that are not marked as trusted certificate | |||
630 | signers using the | 635 | signers using the |
631 | .Cm cert-authority | 636 | .Cm cert-authority |
632 | option. | 637 | option. |
638 | .It Cm pty | ||
639 | Permits tty allocation previously disabled by the | ||
640 | .Cm restrict | ||
641 | option. | ||
642 | .It Cm restrict | ||
643 | Enable all restrictions, i.e. disable port, agent and X11 forwarding, | ||
644 | as well as disabling PTY allocation | ||
645 | and execution of | ||
646 | .Pa ~/.ssh/rc . | ||
647 | If any future restriction capabilities are added to authorized_keys files | ||
648 | they will be included in this set. | ||
633 | .It Cm tunnel="n" | 649 | .It Cm tunnel="n" |
634 | Force a | 650 | Force a |
635 | .Xr tun 4 | 651 | .Xr tun 4 |
636 | device on the server. | 652 | device on the server. |
637 | Without this option, the next available device will be used if | 653 | Without this option, the next available device will be used if |
638 | the client requests a tunnel. | 654 | the client requests a tunnel. |
655 | .It Cm user-rc | ||
656 | Enables execution of | ||
657 | .Pa ~/.ssh/rc | ||
658 | previously disabled by the | ||
659 | .Cm restrict | ||
660 | option. | ||
661 | .It Cm X11-forwarding | ||
662 | Permits X11 forwarding previously disabled by the | ||
663 | .Cm restrict | ||
664 | option. | ||
639 | .El | 665 | .El |
640 | .Pp | 666 | .Pp |
641 | An example authorized_keys file: | 667 | An example authorized_keys file: |
@@ -650,6 +676,10 @@ permitopen="192.0.2.1:80",permitopen="192.0.2.2:25" ssh-dss | |||
650 | AAAAB5...21S== | 676 | AAAAB5...21S== |
651 | tunnel="0",command="sh /etc/netstart tun0" ssh-rsa AAAA...== | 677 | tunnel="0",command="sh /etc/netstart tun0" ssh-rsa AAAA...== |
652 | jane@example.net | 678 | jane@example.net |
679 | restrict,command="uptime" ssh-rsa AAAA1C8...32Tv== | ||
680 | user@example.net | ||
681 | restrict,pty,command="nethack" ssh-rsa AAAA1f8...IrrC5== | ||
682 | user@example.net | ||
653 | .Ed | 683 | .Ed |
654 | .Sh SSH_KNOWN_HOSTS FILE FORMAT | 684 | .Sh SSH_KNOWN_HOSTS FILE FORMAT |
655 | The | 685 | The |
@@ -865,9 +895,12 @@ This file is for host-based authentication (see | |||
865 | It should only be writable by root. | 895 | It should only be writable by root. |
866 | .Pp | 896 | .Pp |
867 | .It Pa /etc/ssh/moduli | 897 | .It Pa /etc/ssh/moduli |
868 | Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange". | 898 | Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange" |
899 | key exchange method. | ||
869 | The file format is described in | 900 | The file format is described in |
870 | .Xr moduli 5 . | 901 | .Xr moduli 5 . |
902 | If no usable groups are found in this file then fixed internal groups will | ||
903 | be used. | ||
871 | .Pp | 904 | .Pp |
872 | .It Pa /etc/motd | 905 | .It Pa /etc/motd |
873 | See | 906 | See |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshd.c,v 1.458 2015/08/20 22:32:42 deraadt Exp $ */ | 1 | /* $OpenBSD: sshd.c,v 1.465 2016/02/15 09:47:49 dtucker Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -125,7 +125,6 @@ | |||
125 | #include "ssh-gss.h" | 125 | #include "ssh-gss.h" |
126 | #endif | 126 | #endif |
127 | #include "monitor_wrap.h" | 127 | #include "monitor_wrap.h" |
128 | #include "roaming.h" | ||
129 | #include "ssh-sandbox.h" | 128 | #include "ssh-sandbox.h" |
130 | #include "version.h" | 129 | #include "version.h" |
131 | #include "ssherr.h" | 130 | #include "ssherr.h" |
@@ -453,7 +452,7 @@ sshd_exchange_identification(int sock_in, int sock_out) | |||
453 | options.version_addendum, newline); | 452 | options.version_addendum, newline); |
454 | 453 | ||
455 | /* Send our protocol version identification. */ | 454 | /* Send our protocol version identification. */ |
456 | if (roaming_atomicio(vwrite, sock_out, server_version_string, | 455 | if (atomicio(vwrite, sock_out, server_version_string, |
457 | strlen(server_version_string)) | 456 | strlen(server_version_string)) |
458 | != strlen(server_version_string)) { | 457 | != strlen(server_version_string)) { |
459 | logit("Could not write ident string to %s", get_remote_ipaddr()); | 458 | logit("Could not write ident string to %s", get_remote_ipaddr()); |
@@ -463,7 +462,7 @@ sshd_exchange_identification(int sock_in, int sock_out) | |||
463 | /* Read other sides version identification. */ | 462 | /* Read other sides version identification. */ |
464 | memset(buf, 0, sizeof(buf)); | 463 | memset(buf, 0, sizeof(buf)); |
465 | for (i = 0; i < sizeof(buf) - 1; i++) { | 464 | for (i = 0; i < sizeof(buf) - 1; i++) { |
466 | if (roaming_atomicio(read, sock_in, &buf[i], 1) != 1) { | 465 | if (atomicio(read, sock_in, &buf[i], 1) != 1) { |
467 | logit("Did not receive identification string from %s", | 466 | logit("Did not receive identification string from %s", |
468 | get_remote_ipaddr()); | 467 | get_remote_ipaddr()); |
469 | cleanup_exit(255); | 468 | cleanup_exit(255); |
@@ -648,25 +647,23 @@ privsep_preauth_child(void) | |||
648 | /* Demote the private keys to public keys. */ | 647 | /* Demote the private keys to public keys. */ |
649 | demote_sensitive_data(); | 648 | demote_sensitive_data(); |
650 | 649 | ||
651 | /* Change our root directory */ | 650 | /* Demote the child */ |
652 | if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1) | 651 | if (getuid() == 0 || geteuid() == 0) { |
653 | fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR, | 652 | /* Change our root directory */ |
654 | strerror(errno)); | 653 | if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1) |
655 | if (chdir("/") == -1) | 654 | fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR, |
656 | fatal("chdir(\"/\"): %s", strerror(errno)); | 655 | strerror(errno)); |
657 | 656 | if (chdir("/") == -1) | |
658 | /* Drop our privileges */ | 657 | fatal("chdir(\"/\"): %s", strerror(errno)); |
659 | debug3("privsep user:group %u:%u", (u_int)privsep_pw->pw_uid, | 658 | |
660 | (u_int)privsep_pw->pw_gid); | 659 | /* Drop our privileges */ |
661 | #if 0 | 660 | debug3("privsep user:group %u:%u", (u_int)privsep_pw->pw_uid, |
662 | /* XXX not ready, too heavy after chroot */ | 661 | (u_int)privsep_pw->pw_gid); |
663 | do_setusercontext(privsep_pw); | 662 | gidset[0] = privsep_pw->pw_gid; |
664 | #else | 663 | if (setgroups(1, gidset) < 0) |
665 | gidset[0] = privsep_pw->pw_gid; | 664 | fatal("setgroups: %.100s", strerror(errno)); |
666 | if (setgroups(1, gidset) < 0) | 665 | permanently_set_uid(privsep_pw); |
667 | fatal("setgroups: %.100s", strerror(errno)); | 666 | } |
668 | permanently_set_uid(privsep_pw); | ||
669 | #endif | ||
670 | } | 667 | } |
671 | 668 | ||
672 | static int | 669 | static int |
@@ -732,9 +729,7 @@ privsep_preauth(Authctxt *authctxt) | |||
732 | /* Arrange for logging to be sent to the monitor */ | 729 | /* Arrange for logging to be sent to the monitor */ |
733 | set_log_handler(mm_log_handler, pmonitor); | 730 | set_log_handler(mm_log_handler, pmonitor); |
734 | 731 | ||
735 | /* Demote the child */ | 732 | privsep_preauth_child(); |
736 | if (getuid() == 0 || geteuid() == 0) | ||
737 | privsep_preauth_child(); | ||
738 | setproctitle("%s", "[net]"); | 733 | setproctitle("%s", "[net]"); |
739 | if (box != NULL) | 734 | if (box != NULL) |
740 | ssh_sandbox_child(box); | 735 | ssh_sandbox_child(box); |
@@ -836,6 +831,12 @@ list_hostkey_types(void) | |||
836 | buffer_append(&b, ",", 1); | 831 | buffer_append(&b, ",", 1); |
837 | p = key_ssh_name(key); | 832 | p = key_ssh_name(key); |
838 | buffer_append(&b, p, strlen(p)); | 833 | buffer_append(&b, p, strlen(p)); |
834 | |||
835 | /* for RSA we also support SHA2 signatures */ | ||
836 | if (key->type == KEY_RSA) { | ||
837 | p = ",rsa-sha2-512,rsa-sha2-256"; | ||
838 | buffer_append(&b, p, strlen(p)); | ||
839 | } | ||
839 | break; | 840 | break; |
840 | } | 841 | } |
841 | /* If the private key has a cert peer, then list that too */ | 842 | /* If the private key has a cert peer, then list that too */ |
@@ -1271,8 +1272,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) | |||
1271 | for (;;) { | 1272 | for (;;) { |
1272 | if (received_sighup) | 1273 | if (received_sighup) |
1273 | sighup_restart(); | 1274 | sighup_restart(); |
1274 | if (fdset != NULL) | 1275 | free(fdset); |
1275 | free(fdset); | ||
1276 | fdset = xcalloc(howmany(maxfd + 1, NFDBITS), | 1276 | fdset = xcalloc(howmany(maxfd + 1, NFDBITS), |
1277 | sizeof(fd_mask)); | 1277 | sizeof(fd_mask)); |
1278 | 1278 | ||
@@ -1492,6 +1492,8 @@ main(int ac, char **av) | |||
1492 | Authctxt *authctxt; | 1492 | Authctxt *authctxt; |
1493 | struct connection_info *connection_info = get_connection_info(0, 0); | 1493 | struct connection_info *connection_info = get_connection_info(0, 0); |
1494 | 1494 | ||
1495 | ssh_malloc_init(); /* must be called before any mallocs */ | ||
1496 | |||
1495 | #ifdef HAVE_SECUREWARE | 1497 | #ifdef HAVE_SECUREWARE |
1496 | (void)set_auth_parameters(ac, av); | 1498 | (void)set_auth_parameters(ac, av); |
1497 | #endif | 1499 | #endif |
@@ -1552,7 +1554,7 @@ main(int ac, char **av) | |||
1552 | no_daemon_flag = 1; | 1554 | no_daemon_flag = 1; |
1553 | break; | 1555 | break; |
1554 | case 'E': | 1556 | case 'E': |
1555 | logfile = xstrdup(optarg); | 1557 | logfile = optarg; |
1556 | /* FALLTHROUGH */ | 1558 | /* FALLTHROUGH */ |
1557 | case 'e': | 1559 | case 'e': |
1558 | log_stderr = 1; | 1560 | log_stderr = 1; |
@@ -1654,10 +1656,8 @@ main(int ac, char **av) | |||
1654 | #endif | 1656 | #endif |
1655 | 1657 | ||
1656 | /* If requested, redirect the logs to the specified logfile. */ | 1658 | /* If requested, redirect the logs to the specified logfile. */ |
1657 | if (logfile != NULL) { | 1659 | if (logfile != NULL) |
1658 | log_redirect_stderr_to(logfile); | 1660 | log_redirect_stderr_to(logfile); |
1659 | free(logfile); | ||
1660 | } | ||
1661 | /* | 1661 | /* |
1662 | * Force logging to stderr until we have loaded the private host | 1662 | * Force logging to stderr until we have loaded the private host |
1663 | * key (unless started from inetd) | 1663 | * key (unless started from inetd) |
@@ -2619,24 +2619,26 @@ do_ssh1_kex(void) | |||
2619 | 2619 | ||
2620 | int | 2620 | int |
2621 | sshd_hostkey_sign(Key *privkey, Key *pubkey, u_char **signature, size_t *slen, | 2621 | sshd_hostkey_sign(Key *privkey, Key *pubkey, u_char **signature, size_t *slen, |
2622 | const u_char *data, size_t dlen, u_int flag) | 2622 | const u_char *data, size_t dlen, const char *alg, u_int flag) |
2623 | { | 2623 | { |
2624 | int r; | 2624 | int r; |
2625 | u_int xxx_slen, xxx_dlen = dlen; | 2625 | u_int xxx_slen, xxx_dlen = dlen; |
2626 | 2626 | ||
2627 | if (privkey) { | 2627 | if (privkey) { |
2628 | if (PRIVSEP(key_sign(privkey, signature, &xxx_slen, data, xxx_dlen) < 0)) | 2628 | if (PRIVSEP(key_sign(privkey, signature, &xxx_slen, data, xxx_dlen, |
2629 | alg) < 0)) | ||
2629 | fatal("%s: key_sign failed", __func__); | 2630 | fatal("%s: key_sign failed", __func__); |
2630 | if (slen) | 2631 | if (slen) |
2631 | *slen = xxx_slen; | 2632 | *slen = xxx_slen; |
2632 | } else if (use_privsep) { | 2633 | } else if (use_privsep) { |
2633 | if (mm_key_sign(pubkey, signature, &xxx_slen, data, xxx_dlen) < 0) | 2634 | if (mm_key_sign(pubkey, signature, &xxx_slen, data, xxx_dlen, |
2635 | alg) < 0) | ||
2634 | fatal("%s: pubkey_sign failed", __func__); | 2636 | fatal("%s: pubkey_sign failed", __func__); |
2635 | if (slen) | 2637 | if (slen) |
2636 | *slen = xxx_slen; | 2638 | *slen = xxx_slen; |
2637 | } else { | 2639 | } else { |
2638 | if ((r = ssh_agent_sign(auth_sock, pubkey, signature, slen, | 2640 | if ((r = ssh_agent_sign(auth_sock, pubkey, signature, slen, |
2639 | data, dlen, datafellows)) != 0) | 2641 | data, dlen, alg, datafellows)) != 0) |
2640 | fatal("%s: ssh_agent_sign failed: %s", | 2642 | fatal("%s: ssh_agent_sign failed: %s", |
2641 | __func__, ssh_err(r)); | 2643 | __func__, ssh_err(r)); |
2642 | } | 2644 | } |
@@ -2669,7 +2671,7 @@ do_ssh2_kex(void) | |||
2669 | } | 2671 | } |
2670 | 2672 | ||
2671 | if (options.rekey_limit || options.rekey_interval) | 2673 | if (options.rekey_limit || options.rekey_interval) |
2672 | packet_set_rekey_limits((u_int32_t)options.rekey_limit, | 2674 | packet_set_rekey_limits(options.rekey_limit, |
2673 | (time_t)options.rekey_interval); | 2675 | (time_t)options.rekey_interval); |
2674 | 2676 | ||
2675 | myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal( | 2677 | myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal( |
diff --git a/sshd_config b/sshd_config index d8338dbd2..d103ac55f 100644 --- a/sshd_config +++ b/sshd_config | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: sshd_config,v 1.97 2015/08/06 14:53:21 deraadt Exp $ | 1 | # $OpenBSD: sshd_config,v 1.98 2016/02/17 05:29:04 djm Exp $ |
2 | 2 | ||
3 | # This is the sshd server system-wide configuration file. See | 3 | # This is the sshd server system-wide configuration file. See |
4 | # sshd_config(5) for more information. | 4 | # sshd_config(5) for more information. |
@@ -109,7 +109,7 @@ AuthorizedKeysFile .ssh/authorized_keys | |||
109 | #PrintLastLog yes | 109 | #PrintLastLog yes |
110 | #TCPKeepAlive yes | 110 | #TCPKeepAlive yes |
111 | #UseLogin no | 111 | #UseLogin no |
112 | UsePrivilegeSeparation sandbox # Default for new installations. | 112 | #UsePrivilegeSeparation sandbox |
113 | #PermitUserEnvironment no | 113 | #PermitUserEnvironment no |
114 | #Compression delayed | 114 | #Compression delayed |
115 | #ClientAliveInterval 0 | 115 | #ClientAliveInterval 0 |
diff --git a/sshd_config.0 b/sshd_config.0 index aae7fb6af..8bda6a39f 100644 --- a/sshd_config.0 +++ b/sshd_config.0 | |||
@@ -19,17 +19,16 @@ DESCRIPTION | |||
19 | AcceptEnv | 19 | AcceptEnv |
20 | Specifies what environment variables sent by the client will be | 20 | Specifies what environment variables sent by the client will be |
21 | copied into the session's environ(7). See SendEnv in | 21 | copied into the session's environ(7). See SendEnv in |
22 | ssh_config(5) for how to configure the client. Note that | 22 | ssh_config(5) for how to configure the client. The TERM |
23 | environment passing is only supported for protocol 2, and that | 23 | environment variable is always sent whenever the client requests |
24 | the TERM environment variable is always sent whenever the client | 24 | a pseudo-terminal as it is required by the protocol. Variables |
25 | requests a pseudo-terminal as it is required by the protocol. | 25 | are specified by name, which may contain the wildcard characters |
26 | Variables are specified by name, which may contain the wildcard | 26 | M-bM-^@M-^X*M-bM-^@M-^Y and M-bM-^@M-^X?M-bM-^@M-^Y. Multiple environment variables may be separated by |
27 | characters M-bM-^@M-^X*M-bM-^@M-^Y and M-bM-^@M-^X?M-bM-^@M-^Y. Multiple environment variables may be | 27 | whitespace or spread across multiple AcceptEnv directives. Be |
28 | separated by whitespace or spread across multiple AcceptEnv | 28 | warned that some environment variables could be used to bypass |
29 | directives. Be warned that some environment variables could be | 29 | restricted user environments. For this reason, care should be |
30 | used to bypass restricted user environments. For this reason, | 30 | taken in the use of this directive. The default is not to accept |
31 | care should be taken in the use of this directive. The default | 31 | any environment variables. |
32 | is not to accept any environment variables. | ||
33 | 32 | ||
34 | AddressFamily | 33 | AddressFamily |
35 | Specifies which address family should be used by sshd(8). Valid | 34 | Specifies which address family should be used by sshd(8). Valid |
@@ -115,12 +114,11 @@ DESCRIPTION | |||
115 | AuthenticationMethods of M-bM-^@M-^\publickey,publickeyM-bM-^@M-^] will require | 114 | AuthenticationMethods of M-bM-^@M-^\publickey,publickeyM-bM-^@M-^] will require |
116 | successful authentication using two different public keys. | 115 | successful authentication using two different public keys. |
117 | 116 | ||
118 | This option is only available for SSH protocol 2 and will yield a | 117 | This option will yield a fatal error if enabled if protocol 1 is |
119 | fatal error if enabled if protocol 1 is also enabled. Note that | 118 | also enabled. Note that each authentication method listed should |
120 | each authentication method listed should also be explicitly | 119 | also be explicitly enabled in the configuration. The default is |
121 | enabled in the configuration. The default is not to require | 120 | not to require multiple authentication; successful completion of |
122 | multiple authentication; successful completion of a single | 121 | a single authentication method is sufficient. |
123 | authentication method is sufficient. | ||
124 | 122 | ||
125 | AuthorizedKeysCommand | 123 | AuthorizedKeysCommand |
126 | Specifies a program to be used to look up the user's public keys. | 124 | Specifies a program to be used to look up the user's public keys. |
@@ -162,8 +160,9 @@ DESCRIPTION | |||
162 | replaced by the username of that user. After expansion, | 160 | replaced by the username of that user. After expansion, |
163 | AuthorizedKeysFile is taken to be an absolute path or one | 161 | AuthorizedKeysFile is taken to be an absolute path or one |
164 | relative to the user's home directory. Multiple files may be | 162 | relative to the user's home directory. Multiple files may be |
165 | listed, separated by whitespace. The default is | 163 | listed, separated by whitespace. Alternately this option may be |
166 | M-bM-^@M-^\.ssh/authorized_keys .ssh/authorized_keys2M-bM-^@M-^]. | 164 | set to M-bM-^@M-^\noneM-bM-^@M-^] to skip checking for user keys in files. The |
165 | default is M-bM-^@M-^\.ssh/authorized_keys .ssh/authorized_keys2M-bM-^@M-^]. | ||
167 | 166 | ||
168 | AuthorizedPrincipalsCommand | 167 | AuthorizedPrincipalsCommand |
169 | Specifies a program to be used to generate the list of allowed | 168 | Specifies a program to be used to generate the list of allowed |
@@ -220,8 +219,7 @@ DESCRIPTION | |||
220 | 219 | ||
221 | Banner The contents of the specified file are sent to the remote user | 220 | Banner The contents of the specified file are sent to the remote user |
222 | before authentication is allowed. If the argument is M-bM-^@M-^\noneM-bM-^@M-^] then | 221 | before authentication is allowed. If the argument is M-bM-^@M-^\noneM-bM-^@M-^] then |
223 | no banner is displayed. This option is only available for | 222 | no banner is displayed. By default, no banner is displayed. |
224 | protocol version 2. By default, no banner is displayed. | ||
225 | 223 | ||
226 | ChallengeResponseAuthentication | 224 | ChallengeResponseAuthentication |
227 | Specifies whether challenge-response authentication is allowed | 225 | Specifies whether challenge-response authentication is allowed |
@@ -258,13 +256,13 @@ DESCRIPTION | |||
258 | (especially those outside the jail). Misconfiguration can lead | 256 | (especially those outside the jail). Misconfiguration can lead |
259 | to unsafe environments which sshd(8) cannot detect. | 257 | to unsafe environments which sshd(8) cannot detect. |
260 | 258 | ||
261 | The default is not to chroot(2). | 259 | The default is M-bM-^@M-^\noneM-bM-^@M-^], indicating not to chroot(2). |
262 | 260 | ||
263 | Ciphers | 261 | Ciphers |
264 | Specifies the ciphers allowed for protocol version 2. Multiple | 262 | Specifies the ciphers allowed. Multiple ciphers must be comma- |
265 | ciphers must be comma-separated. If the specified value begins | 263 | separated. If the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, |
266 | with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified ciphers will be appended | 264 | then the specified ciphers will be appended to the default set |
267 | to the default set instead of replacing them. | 265 | instead of replacing them. |
268 | 266 | ||
269 | The supported ciphers are: | 267 | The supported ciphers are: |
270 | 268 | ||
@@ -309,15 +307,14 @@ DESCRIPTION | |||
309 | The default value is 3. If ClientAliveInterval (see below) is | 307 | The default value is 3. If ClientAliveInterval (see below) is |
310 | set to 15, and ClientAliveCountMax is left at the default, | 308 | set to 15, and ClientAliveCountMax is left at the default, |
311 | unresponsive SSH clients will be disconnected after approximately | 309 | unresponsive SSH clients will be disconnected after approximately |
312 | 45 seconds. This option applies to protocol version 2 only. | 310 | 45 seconds. |
313 | 311 | ||
314 | ClientAliveInterval | 312 | ClientAliveInterval |
315 | Sets a timeout interval in seconds after which if no data has | 313 | Sets a timeout interval in seconds after which if no data has |
316 | been received from the client, sshd(8) will send a message | 314 | been received from the client, sshd(8) will send a message |
317 | through the encrypted channel to request a response from the | 315 | through the encrypted channel to request a response from the |
318 | client. The default is 0, indicating that these messages will | 316 | client. The default is 0, indicating that these messages will |
319 | not be sent to the client. This option applies to protocol | 317 | not be sent to the client. |
320 | version 2 only. | ||
321 | 318 | ||
322 | Compression | 319 | Compression |
323 | Specifies whether compression is allowed, or delayed until the | 320 | Specifies whether compression is allowed, or delayed until the |
@@ -362,7 +359,7 @@ DESCRIPTION | |||
362 | SSH_ORIGINAL_COMMAND environment variable. Specifying a command | 359 | SSH_ORIGINAL_COMMAND environment variable. Specifying a command |
363 | of M-bM-^@M-^\internal-sftpM-bM-^@M-^] will force the use of an in-process sftp | 360 | of M-bM-^@M-^\internal-sftpM-bM-^@M-^] will force the use of an in-process sftp |
364 | server that requires no support files when used with | 361 | server that requires no support files when used with |
365 | ChrootDirectory. | 362 | ChrootDirectory. The default is M-bM-^@M-^\noneM-bM-^@M-^]. |
366 | 363 | ||
367 | GatewayPorts | 364 | GatewayPorts |
368 | Specifies whether remote hosts are allowed to connect to ports | 365 | Specifies whether remote hosts are allowed to connect to ports |
@@ -379,13 +376,11 @@ DESCRIPTION | |||
379 | 376 | ||
380 | GSSAPIAuthentication | 377 | GSSAPIAuthentication |
381 | Specifies whether user authentication based on GSSAPI is allowed. | 378 | Specifies whether user authentication based on GSSAPI is allowed. |
382 | The default is M-bM-^@M-^\noM-bM-^@M-^]. Note that this option applies to protocol | 379 | The default is M-bM-^@M-^\noM-bM-^@M-^]. |
383 | version 2 only. | ||
384 | 380 | ||
385 | GSSAPICleanupCredentials | 381 | GSSAPICleanupCredentials |
386 | Specifies whether to automatically destroy the user's credentials | 382 | Specifies whether to automatically destroy the user's credentials |
387 | cache on logout. The default is M-bM-^@M-^\yesM-bM-^@M-^]. Note that this option | 383 | cache on logout. The default is M-bM-^@M-^\yesM-bM-^@M-^]. |
388 | applies to protocol version 2 only. | ||
389 | 384 | ||
390 | GSSAPIStrictAcceptorCheck | 385 | GSSAPIStrictAcceptorCheck |
391 | Determines whether to be strict about the identity of the GSSAPI | 386 | Determines whether to be strict about the identity of the GSSAPI |
@@ -416,9 +411,7 @@ DESCRIPTION | |||
416 | HostbasedAuthentication | 411 | HostbasedAuthentication |
417 | Specifies whether rhosts or /etc/hosts.equiv authentication | 412 | Specifies whether rhosts or /etc/hosts.equiv authentication |
418 | together with successful public key client host authentication is | 413 | together with successful public key client host authentication is |
419 | allowed (host-based authentication). This option is similar to | 414 | allowed (host-based authentication). The default is M-bM-^@M-^\noM-bM-^@M-^]. |
420 | RhostsRSAAuthentication and applies to protocol version 2 only. | ||
421 | The default is M-bM-^@M-^\noM-bM-^@M-^]. | ||
422 | 415 | ||
423 | HostbasedUsesNameFromPacketOnly | 416 | HostbasedUsesNameFromPacketOnly |
424 | Specifies whether or not the server will attempt to perform a | 417 | Specifies whether or not the server will attempt to perform a |
@@ -459,8 +452,8 @@ DESCRIPTION | |||
459 | read from the SSH_AUTH_SOCK environment variable. | 452 | read from the SSH_AUTH_SOCK environment variable. |
460 | 453 | ||
461 | HostKeyAlgorithms | 454 | HostKeyAlgorithms |
462 | Specifies the protocol version 2 host key algorithms that the | 455 | Specifies the host key algorithms that the server offers. The |
463 | server offers. The default for this option is: | 456 | default for this option is: |
464 | 457 | ||
465 | ecdsa-sha2-nistp256-cert-v01@openssh.com, | 458 | ecdsa-sha2-nistp256-cert-v01@openssh.com, |
466 | ecdsa-sha2-nistp384-cert-v01@openssh.com, | 459 | ecdsa-sha2-nistp384-cert-v01@openssh.com, |
@@ -585,11 +578,11 @@ DESCRIPTION | |||
585 | violates the privacy of users and is not recommended. | 578 | violates the privacy of users and is not recommended. |
586 | 579 | ||
587 | MACs Specifies the available MAC (message authentication code) | 580 | MACs Specifies the available MAC (message authentication code) |
588 | algorithms. The MAC algorithm is used in protocol version 2 for | 581 | algorithms. The MAC algorithm is used for data integrity |
589 | data integrity protection. Multiple algorithms must be comma- | 582 | protection. Multiple algorithms must be comma-separated. If the |
590 | separated. If the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, | 583 | specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified |
591 | then the specified algorithms will be appended to the default set | 584 | algorithms will be appended to the default set instead of |
592 | instead of replacing them. | 585 | replacing them. |
593 | 586 | ||
594 | The algorithms that contain M-bM-^@M-^\-etmM-bM-^@M-^] calculate the MAC after | 587 | The algorithms that contain M-bM-^@M-^\-etmM-bM-^@M-^] calculate the MAC after |
595 | encryption (encrypt-then-mac). These are considered safer and | 588 | encryption (encrypt-then-mac). These are considered safer and |
@@ -618,8 +611,9 @@ DESCRIPTION | |||
618 | 611 | ||
619 | umac-64-etm@openssh.com,umac-128-etm@openssh.com, | 612 | umac-64-etm@openssh.com,umac-128-etm@openssh.com, |
620 | hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com, | 613 | hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com, |
614 | hmac-sha1-etm@openssh.com, | ||
621 | umac-64@openssh.com,umac-128@openssh.com, | 615 | umac-64@openssh.com,umac-128@openssh.com, |
622 | hmac-sha2-256,hmac-sha2-512 | 616 | hmac-sha2-256,hmac-sha2-512,hmac-sha1 |
623 | 617 | ||
624 | The list of available MAC algorithms may also be obtained using | 618 | The list of available MAC algorithms may also be obtained using |
625 | the -Q option of ssh(1) with an argument of M-bM-^@M-^\macM-bM-^@M-^]. | 619 | the -Q option of ssh(1) with an argument of M-bM-^@M-^\macM-bM-^@M-^]. |
@@ -651,8 +645,9 @@ DESCRIPTION | |||
651 | AllowAgentForwarding, AllowGroups, AllowStreamLocalForwarding, | 645 | AllowAgentForwarding, AllowGroups, AllowStreamLocalForwarding, |
652 | AllowTcpForwarding, AllowUsers, AuthenticationMethods, | 646 | AllowTcpForwarding, AllowUsers, AuthenticationMethods, |
653 | AuthorizedKeysCommand, AuthorizedKeysCommandUser, | 647 | AuthorizedKeysCommand, AuthorizedKeysCommandUser, |
654 | AuthorizedKeysFile, AuthorizedPrincipalsFile, Banner, | 648 | AuthorizedKeysFile, AuthorizedPrincipalsCommand, |
655 | ChrootDirectory, DenyGroups, DenyUsers, ForceCommand, | 649 | AuthorizedPrincipalsCommandUser, AuthorizedPrincipalsFile, |
650 | Banner, ChrootDirectory, DenyGroups, DenyUsers, ForceCommand, | ||
656 | GatewayPorts, GSSAPIAuthentication, HostbasedAcceptedKeyTypes, | 651 | GatewayPorts, GSSAPIAuthentication, HostbasedAcceptedKeyTypes, |
657 | HostbasedAuthentication, HostbasedUsesNameFromPacketOnly, IPQoS, | 652 | HostbasedAuthentication, HostbasedUsesNameFromPacketOnly, IPQoS, |
658 | KbdInteractiveAuthentication, KerberosAuthentication, | 653 | KbdInteractiveAuthentication, KerberosAuthentication, |
@@ -670,8 +665,13 @@ DESCRIPTION | |||
670 | value, additional failures are logged. The default is 6. | 665 | value, additional failures are logged. The default is 6. |
671 | 666 | ||
672 | MaxSessions | 667 | MaxSessions |
673 | Specifies the maximum number of open sessions permitted per | 668 | Specifies the maximum number of open shell, login or subsystem |
674 | network connection. The default is 10. | 669 | (e.g. sftp) sessions permitted per network connection. Multiple |
670 | sessions may be established by clients that support connection | ||
671 | multiplexing. Setting MaxSessions to 1 will effectively disable | ||
672 | session multiplexing, whereas setting it to 0 will prevent all | ||
673 | shell, login and subsystem sessions while still permitting | ||
674 | forwarding. The default is 10. | ||
675 | 675 | ||
676 | MaxStartups | 676 | MaxStartups |
677 | Specifies the maximum number of concurrent unauthenticated | 677 | Specifies the maximum number of concurrent unauthenticated |
@@ -775,10 +775,14 @@ DESCRIPTION | |||
775 | Protocol | 775 | Protocol |
776 | Specifies the protocol versions sshd(8) supports. The possible | 776 | Specifies the protocol versions sshd(8) supports. The possible |
777 | values are M-bM-^@M-^X1M-bM-^@M-^Y and M-bM-^@M-^X2M-bM-^@M-^Y. Multiple versions must be comma- | 777 | values are M-bM-^@M-^X1M-bM-^@M-^Y and M-bM-^@M-^X2M-bM-^@M-^Y. Multiple versions must be comma- |
778 | separated. The default is M-bM-^@M-^X2M-bM-^@M-^Y. Note that the order of the | 778 | separated. The default is M-bM-^@M-^X2M-bM-^@M-^Y. Protocol 1 suffers from a number |
779 | protocol list does not indicate preference, because the client | 779 | of cryptographic weaknesses and should not be used. It is only |
780 | selects among multiple protocol versions offered by the server. | 780 | offered to support legacy devices. |
781 | Specifying M-bM-^@M-^\2,1M-bM-^@M-^] is identical to M-bM-^@M-^\1,2M-bM-^@M-^]. | 781 | |
782 | Note that the order of the protocol list does not indicate | ||
783 | preference, because the client selects among multiple protocol | ||
784 | versions offered by the server. Specifying M-bM-^@M-^\2,1M-bM-^@M-^] is identical to | ||
785 | M-bM-^@M-^\1,2M-bM-^@M-^]. | ||
782 | 786 | ||
783 | PubkeyAcceptedKeyTypes | 787 | PubkeyAcceptedKeyTypes |
784 | Specifies the key types that will be accepted for public key | 788 | Specifies the key types that will be accepted for public key |
@@ -799,8 +803,7 @@ DESCRIPTION | |||
799 | 803 | ||
800 | PubkeyAuthentication | 804 | PubkeyAuthentication |
801 | Specifies whether public key authentication is allowed. The | 805 | Specifies whether public key authentication is allowed. The |
802 | default is M-bM-^@M-^\yesM-bM-^@M-^]. Note that this option applies to protocol | 806 | default is M-bM-^@M-^\yesM-bM-^@M-^]. |
803 | version 2 only. | ||
804 | 807 | ||
805 | RekeyLimit | 808 | RekeyLimit |
806 | Specifies the maximum amount of data that may be transmitted | 809 | Specifies the maximum amount of data that may be transmitted |
@@ -814,8 +817,7 @@ DESCRIPTION | |||
814 | documented in the TIME FORMATS section. The default value for | 817 | documented in the TIME FORMATS section. The default value for |
815 | RekeyLimit is M-bM-^@M-^\default noneM-bM-^@M-^], which means that rekeying is | 818 | RekeyLimit is M-bM-^@M-^\default noneM-bM-^@M-^], which means that rekeying is |
816 | performed after the cipher's default amount of data has been sent | 819 | performed after the cipher's default amount of data has been sent |
817 | or received and no time based rekeying is done. This option | 820 | or received and no time based rekeying is done. |
818 | applies to protocol version 2 only. | ||
819 | 821 | ||
820 | RevokedKeys | 822 | RevokedKeys |
821 | Specifies revoked public keys file, or M-bM-^@M-^\noneM-bM-^@M-^] to not use one. | 823 | Specifies revoked public keys file, or M-bM-^@M-^\noneM-bM-^@M-^] to not use one. |
@@ -882,8 +884,7 @@ DESCRIPTION | |||
882 | M-bM-^@M-^\sftpM-bM-^@M-^] server. This may simplify configurations using | 884 | M-bM-^@M-^\sftpM-bM-^@M-^] server. This may simplify configurations using |
883 | ChrootDirectory to force a different filesystem root on clients. | 885 | ChrootDirectory to force a different filesystem root on clients. |
884 | 886 | ||
885 | By default no subsystems are defined. Note that this option | 887 | By default no subsystems are defined. |
886 | applies to protocol version 2 only. | ||
887 | 888 | ||
888 | SyslogFacility | 889 | SyslogFacility |
889 | Gives the facility code that is used when logging messages from | 890 | Gives the facility code that is used when logging messages from |
@@ -957,9 +958,10 @@ DESCRIPTION | |||
957 | that has the privilege of the authenticated user. The goal of | 958 | that has the privilege of the authenticated user. The goal of |
958 | privilege separation is to prevent privilege escalation by | 959 | privilege separation is to prevent privilege escalation by |
959 | containing any corruption within the unprivileged processes. The | 960 | containing any corruption within the unprivileged processes. The |
960 | default is M-bM-^@M-^\yesM-bM-^@M-^]. If UsePrivilegeSeparation is set to M-bM-^@M-^\sandboxM-bM-^@M-^] | 961 | argument must be M-bM-^@M-^\yesM-bM-^@M-^], M-bM-^@M-^\noM-bM-^@M-^], or M-bM-^@M-^\sandboxM-bM-^@M-^]. If |
961 | then the pre-authentication unprivileged process is subject to | 962 | UsePrivilegeSeparation is set to M-bM-^@M-^\sandboxM-bM-^@M-^] then the pre- |
962 | additional restrictions. | 963 | authentication unprivileged process is subject to additional |
964 | restrictions. The default is M-bM-^@M-^\sandboxM-bM-^@M-^]. | ||
963 | 965 | ||
964 | VersionAddendum | 966 | VersionAddendum |
965 | Optionally specifies additional text to append to the SSH | 967 | Optionally specifies additional text to append to the SSH |
@@ -1049,4 +1051,4 @@ AUTHORS | |||
1049 | versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support | 1051 | versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support |
1050 | for privilege separation. | 1052 | for privilege separation. |
1051 | 1053 | ||
1052 | OpenBSD 5.8 August 14, 2015 OpenBSD 5.8 | 1054 | OpenBSD 5.9 February 17, 2016 OpenBSD 5.9 |
diff --git a/sshd_config.5 b/sshd_config.5 index 0be7250b0..2387b51b8 100644 --- a/sshd_config.5 +++ b/sshd_config.5 | |||
@@ -33,8 +33,8 @@ | |||
33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
35 | .\" | 35 | .\" |
36 | .\" $OpenBSD: sshd_config.5,v 1.211 2015/08/14 15:32:41 jmc Exp $ | 36 | .\" $OpenBSD: sshd_config.5,v 1.220 2016/02/17 08:57:34 djm Exp $ |
37 | .Dd $Mdocdate: August 14 2015 $ | 37 | .Dd $Mdocdate: February 17 2016 $ |
38 | .Dt SSHD_CONFIG 5 | 38 | .Dt SSHD_CONFIG 5 |
39 | .Os | 39 | .Os |
40 | .Sh NAME | 40 | .Sh NAME |
@@ -95,8 +95,7 @@ See | |||
95 | in | 95 | in |
96 | .Xr ssh_config 5 | 96 | .Xr ssh_config 5 |
97 | for how to configure the client. | 97 | for how to configure the client. |
98 | Note that environment passing is only supported for protocol 2, and | 98 | The |
99 | that the | ||
100 | .Ev TERM | 99 | .Ev TERM |
101 | environment variable is always sent whenever the client | 100 | environment variable is always sent whenever the client |
102 | requests a pseudo-terminal as it is required by the protocol. | 101 | requests a pseudo-terminal as it is required by the protocol. |
@@ -251,7 +250,7 @@ of | |||
251 | .Dq publickey,publickey | 250 | .Dq publickey,publickey |
252 | will require successful authentication using two different public keys. | 251 | will require successful authentication using two different public keys. |
253 | .Pp | 252 | .Pp |
254 | This option is only available for SSH protocol 2 and will yield a fatal | 253 | This option will yield a fatal |
255 | error if enabled if protocol 1 is also enabled. | 254 | error if enabled if protocol 1 is also enabled. |
256 | Note that each authentication method listed should also be explicitly enabled | 255 | Note that each authentication method listed should also be explicitly enabled |
257 | in the configuration. | 256 | in the configuration. |
@@ -310,6 +309,9 @@ After expansion, | |||
310 | is taken to be an absolute path or one relative to the user's home | 309 | is taken to be an absolute path or one relative to the user's home |
311 | directory. | 310 | directory. |
312 | Multiple files may be listed, separated by whitespace. | 311 | Multiple files may be listed, separated by whitespace. |
312 | Alternately this option may be set to | ||
313 | .Dq none | ||
314 | to skip checking for user keys in files. | ||
313 | The default is | 315 | The default is |
314 | .Dq .ssh/authorized_keys .ssh/authorized_keys2 . | 316 | .Dq .ssh/authorized_keys .ssh/authorized_keys2 . |
315 | .It Cm AuthorizedPrincipalsCommand | 317 | .It Cm AuthorizedPrincipalsCommand |
@@ -395,7 +397,6 @@ authentication is allowed. | |||
395 | If the argument is | 397 | If the argument is |
396 | .Dq none | 398 | .Dq none |
397 | then no banner is displayed. | 399 | then no banner is displayed. |
398 | This option is only available for protocol version 2. | ||
399 | By default, no banner is displayed. | 400 | By default, no banner is displayed. |
400 | .It Cm ChallengeResponseAuthentication | 401 | .It Cm ChallengeResponseAuthentication |
401 | Specifies whether challenge-response authentication is allowed (e.g. via | 402 | Specifies whether challenge-response authentication is allowed (e.g. via |
@@ -453,10 +454,12 @@ Misconfiguration can lead to unsafe environments which | |||
453 | .Xr sshd 8 | 454 | .Xr sshd 8 |
454 | cannot detect. | 455 | cannot detect. |
455 | .Pp | 456 | .Pp |
456 | The default is not to | 457 | The default is |
458 | .Dq none , | ||
459 | indicating not to | ||
457 | .Xr chroot 2 . | 460 | .Xr chroot 2 . |
458 | .It Cm Ciphers | 461 | .It Cm Ciphers |
459 | Specifies the ciphers allowed for protocol version 2. | 462 | Specifies the ciphers allowed. |
460 | Multiple ciphers must be comma-separated. | 463 | Multiple ciphers must be comma-separated. |
461 | If the specified value begins with a | 464 | If the specified value begins with a |
462 | .Sq + | 465 | .Sq + |
@@ -537,7 +540,6 @@ If | |||
537 | .Cm ClientAliveCountMax | 540 | .Cm ClientAliveCountMax |
538 | is left at the default, unresponsive SSH clients | 541 | is left at the default, unresponsive SSH clients |
539 | will be disconnected after approximately 45 seconds. | 542 | will be disconnected after approximately 45 seconds. |
540 | This option applies to protocol version 2 only. | ||
541 | .It Cm ClientAliveInterval | 543 | .It Cm ClientAliveInterval |
542 | Sets a timeout interval in seconds after which if no data has been received | 544 | Sets a timeout interval in seconds after which if no data has been received |
543 | from the client, | 545 | from the client, |
@@ -546,7 +548,6 @@ will send a message through the encrypted | |||
546 | channel to request a response from the client. | 548 | channel to request a response from the client. |
547 | The default | 549 | The default |
548 | is 0, indicating that these messages will not be sent to the client. | 550 | is 0, indicating that these messages will not be sent to the client. |
549 | This option applies to protocol version 2 only. | ||
550 | .It Cm Compression | 551 | .It Cm Compression |
551 | Specifies whether compression is allowed, or delayed until | 552 | Specifies whether compression is allowed, or delayed until |
552 | the user has authenticated successfully. | 553 | the user has authenticated successfully. |
@@ -625,6 +626,8 @@ Specifying a command of | |||
625 | will force the use of an in-process sftp server that requires no support | 626 | will force the use of an in-process sftp server that requires no support |
626 | files when used with | 627 | files when used with |
627 | .Cm ChrootDirectory . | 628 | .Cm ChrootDirectory . |
629 | The default is | ||
630 | .Dq none . | ||
628 | .It Cm GatewayPorts | 631 | .It Cm GatewayPorts |
629 | Specifies whether remote hosts are allowed to connect to ports | 632 | Specifies whether remote hosts are allowed to connect to ports |
630 | forwarded for the client. | 633 | forwarded for the client. |
@@ -649,19 +652,16 @@ The default is | |||
649 | Specifies whether user authentication based on GSSAPI is allowed. | 652 | Specifies whether user authentication based on GSSAPI is allowed. |
650 | The default is | 653 | The default is |
651 | .Dq no . | 654 | .Dq no . |
652 | Note that this option applies to protocol version 2 only. | ||
653 | .It Cm GSSAPIKeyExchange | 655 | .It Cm GSSAPIKeyExchange |
654 | Specifies whether key exchange based on GSSAPI is allowed. GSSAPI key exchange | 656 | Specifies whether key exchange based on GSSAPI is allowed. GSSAPI key exchange |
655 | doesn't rely on ssh keys to verify host identity. | 657 | doesn't rely on ssh keys to verify host identity. |
656 | The default is | 658 | The default is |
657 | .Dq no . | 659 | .Dq no . |
658 | Note that this option applies to protocol version 2 only. | ||
659 | .It Cm GSSAPICleanupCredentials | 660 | .It Cm GSSAPICleanupCredentials |
660 | Specifies whether to automatically destroy the user's credentials cache | 661 | Specifies whether to automatically destroy the user's credentials cache |
661 | on logout. | 662 | on logout. |
662 | The default is | 663 | The default is |
663 | .Dq yes . | 664 | .Dq yes . |
664 | Note that this option applies to protocol version 2 only. | ||
665 | .It Cm GSSAPIStrictAcceptorCheck | 665 | .It Cm GSSAPIStrictAcceptorCheck |
666 | Determines whether to be strict about the identity of the GSSAPI acceptor | 666 | Determines whether to be strict about the identity of the GSSAPI acceptor |
667 | a client authenticates against. | 667 | a client authenticates against. |
@@ -709,9 +709,6 @@ may be used to list supported key types. | |||
709 | Specifies whether rhosts or /etc/hosts.equiv authentication together | 709 | Specifies whether rhosts or /etc/hosts.equiv authentication together |
710 | with successful public key client host authentication is allowed | 710 | with successful public key client host authentication is allowed |
711 | (host-based authentication). | 711 | (host-based authentication). |
712 | This option is similar to | ||
713 | .Cm RhostsRSAAuthentication | ||
714 | and applies to protocol version 2 only. | ||
715 | The default is | 712 | The default is |
716 | .Dq no . | 713 | .Dq no . |
717 | .It Cm HostbasedUsesNameFromPacketOnly | 714 | .It Cm HostbasedUsesNameFromPacketOnly |
@@ -782,7 +779,7 @@ is specified, the location of the socket will be read from the | |||
782 | .Ev SSH_AUTH_SOCK | 779 | .Ev SSH_AUTH_SOCK |
783 | environment variable. | 780 | environment variable. |
784 | .It Cm HostKeyAlgorithms | 781 | .It Cm HostKeyAlgorithms |
785 | Specifies the protocol version 2 host key algorithms | 782 | Specifies the host key algorithms |
786 | that the server offers. | 783 | that the server offers. |
787 | The default for this option is: | 784 | The default for this option is: |
788 | .Bd -literal -offset 3n | 785 | .Bd -literal -offset 3n |
@@ -1003,8 +1000,7 @@ DEBUG2 and DEBUG3 each specify higher levels of debugging output. | |||
1003 | Logging with a DEBUG level violates the privacy of users and is not recommended. | 1000 | Logging with a DEBUG level violates the privacy of users and is not recommended. |
1004 | .It Cm MACs | 1001 | .It Cm MACs |
1005 | Specifies the available MAC (message authentication code) algorithms. | 1002 | Specifies the available MAC (message authentication code) algorithms. |
1006 | The MAC algorithm is used in protocol version 2 | 1003 | The MAC algorithm is used for data integrity protection. |
1007 | for data integrity protection. | ||
1008 | Multiple algorithms must be comma-separated. | 1004 | Multiple algorithms must be comma-separated. |
1009 | If the specified value begins with a | 1005 | If the specified value begins with a |
1010 | .Sq + | 1006 | .Sq + |
@@ -1060,8 +1056,9 @@ The default is: | |||
1060 | .Bd -literal -offset indent | 1056 | .Bd -literal -offset indent |
1061 | umac-64-etm@openssh.com,umac-128-etm@openssh.com, | 1057 | umac-64-etm@openssh.com,umac-128-etm@openssh.com, |
1062 | hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com, | 1058 | hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com, |
1059 | hmac-sha1-etm@openssh.com, | ||
1063 | umac-64@openssh.com,umac-128@openssh.com, | 1060 | umac-64@openssh.com,umac-128@openssh.com, |
1064 | hmac-sha2-256,hmac-sha2-512 | 1061 | hmac-sha2-256,hmac-sha2-512,hmac-sha1 |
1065 | .Ed | 1062 | .Ed |
1066 | .Pp | 1063 | .Pp |
1067 | The list of available MAC algorithms may also be obtained using the | 1064 | The list of available MAC algorithms may also be obtained using the |
@@ -1131,6 +1128,8 @@ Available keywords are | |||
1131 | .Cm AuthorizedKeysCommand , | 1128 | .Cm AuthorizedKeysCommand , |
1132 | .Cm AuthorizedKeysCommandUser , | 1129 | .Cm AuthorizedKeysCommandUser , |
1133 | .Cm AuthorizedKeysFile , | 1130 | .Cm AuthorizedKeysFile , |
1131 | .Cm AuthorizedPrincipalsCommand , | ||
1132 | .Cm AuthorizedPrincipalsCommandUser , | ||
1134 | .Cm AuthorizedPrincipalsFile , | 1133 | .Cm AuthorizedPrincipalsFile , |
1135 | .Cm Banner , | 1134 | .Cm Banner , |
1136 | .Cm ChrootDirectory , | 1135 | .Cm ChrootDirectory , |
@@ -1174,7 +1173,15 @@ Once the number of failures reaches half this value, | |||
1174 | additional failures are logged. | 1173 | additional failures are logged. |
1175 | The default is 6. | 1174 | The default is 6. |
1176 | .It Cm MaxSessions | 1175 | .It Cm MaxSessions |
1177 | Specifies the maximum number of open sessions permitted per network connection. | 1176 | Specifies the maximum number of open shell, login or subsystem (e.g. sftp) |
1177 | sessions permitted per network connection. | ||
1178 | Multiple sessions may be established by clients that support connection | ||
1179 | multiplexing. | ||
1180 | Setting | ||
1181 | .Cm MaxSessions | ||
1182 | to 1 will effectively disable session multiplexing, whereas setting it to 0 | ||
1183 | will prevent all shell, login and subsystem sessions while still permitting | ||
1184 | forwarding. | ||
1178 | The default is 10. | 1185 | The default is 10. |
1179 | .It Cm MaxStartups | 1186 | .It Cm MaxStartups |
1180 | Specifies the maximum number of concurrent unauthenticated connections to the | 1187 | Specifies the maximum number of concurrent unauthenticated connections to the |
@@ -1364,6 +1371,10 @@ and | |||
1364 | Multiple versions must be comma-separated. | 1371 | Multiple versions must be comma-separated. |
1365 | The default is | 1372 | The default is |
1366 | .Sq 2 . | 1373 | .Sq 2 . |
1374 | Protocol 1 suffers from a number of cryptographic weaknesses and should | ||
1375 | not be used. | ||
1376 | It is only offered to support legacy devices. | ||
1377 | .Pp | ||
1367 | Note that the order of the protocol list does not indicate preference, | 1378 | Note that the order of the protocol list does not indicate preference, |
1368 | because the client selects among multiple protocol versions offered | 1379 | because the client selects among multiple protocol versions offered |
1369 | by the server. | 1380 | by the server. |
@@ -1398,7 +1409,6 @@ may be used to list supported key types. | |||
1398 | Specifies whether public key authentication is allowed. | 1409 | Specifies whether public key authentication is allowed. |
1399 | The default is | 1410 | The default is |
1400 | .Dq yes . | 1411 | .Dq yes . |
1401 | Note that this option applies to protocol version 2 only. | ||
1402 | .It Cm RekeyLimit | 1412 | .It Cm RekeyLimit |
1403 | Specifies the maximum amount of data that may be transmitted before the | 1413 | Specifies the maximum amount of data that may be transmitted before the |
1404 | session key is renegotiated, optionally followed a maximum amount of | 1414 | session key is renegotiated, optionally followed a maximum amount of |
@@ -1424,7 +1434,6 @@ is | |||
1424 | .Dq default none , | 1434 | .Dq default none , |
1425 | which means that rekeying is performed after the cipher's default amount | 1435 | which means that rekeying is performed after the cipher's default amount |
1426 | of data has been sent or received and no time based rekeying is done. | 1436 | of data has been sent or received and no time based rekeying is done. |
1427 | This option applies to protocol version 2 only. | ||
1428 | .It Cm RevokedKeys | 1437 | .It Cm RevokedKeys |
1429 | Specifies revoked public keys file, or | 1438 | Specifies revoked public keys file, or |
1430 | .Dq none | 1439 | .Dq none |
@@ -1511,7 +1520,6 @@ This may simplify configurations using | |||
1511 | to force a different filesystem root on clients. | 1520 | to force a different filesystem root on clients. |
1512 | .Pp | 1521 | .Pp |
1513 | By default no subsystems are defined. | 1522 | By default no subsystems are defined. |
1514 | Note that this option applies to protocol version 2 only. | ||
1515 | .It Cm SyslogFacility | 1523 | .It Cm SyslogFacility |
1516 | Gives the facility code that is used when logging messages from | 1524 | Gives the facility code that is used when logging messages from |
1517 | .Xr sshd 8 . | 1525 | .Xr sshd 8 . |
@@ -1627,14 +1635,19 @@ After successful authentication, another process will be created that has | |||
1627 | the privilege of the authenticated user. | 1635 | the privilege of the authenticated user. |
1628 | The goal of privilege separation is to prevent privilege | 1636 | The goal of privilege separation is to prevent privilege |
1629 | escalation by containing any corruption within the unprivileged processes. | 1637 | escalation by containing any corruption within the unprivileged processes. |
1630 | The default is | 1638 | The argument must be |
1631 | .Dq yes . | 1639 | .Dq yes , |
1640 | .Dq no , | ||
1641 | or | ||
1642 | .Dq sandbox . | ||
1632 | If | 1643 | If |
1633 | .Cm UsePrivilegeSeparation | 1644 | .Cm UsePrivilegeSeparation |
1634 | is set to | 1645 | is set to |
1635 | .Dq sandbox | 1646 | .Dq sandbox |
1636 | then the pre-authentication unprivileged process is subject to additional | 1647 | then the pre-authentication unprivileged process is subject to additional |
1637 | restrictions. | 1648 | restrictions. |
1649 | The default is | ||
1650 | .Dq sandbox . | ||
1638 | .It Cm VersionAddendum | 1651 | .It Cm VersionAddendum |
1639 | Optionally specifies additional text to append to the SSH protocol banner | 1652 | Optionally specifies additional text to append to the SSH protocol banner |
1640 | sent by the server upon connection. | 1653 | sent by the server upon connection. |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssherr.c,v 1.4 2015/02/16 22:13:32 djm Exp $ */ | 1 | /* $OpenBSD: ssherr.c,v 1.5 2015/09/13 14:39:16 tim Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2011 Damien Miller | 3 | * Copyright (c) 2011 Damien Miller |
4 | * | 4 | * |
@@ -104,7 +104,7 @@ ssh_err(int n) | |||
104 | case SSH_ERR_NEED_REKEY: | 104 | case SSH_ERR_NEED_REKEY: |
105 | return "rekeying not supported by peer"; | 105 | return "rekeying not supported by peer"; |
106 | case SSH_ERR_PASSPHRASE_TOO_SHORT: | 106 | case SSH_ERR_PASSPHRASE_TOO_SHORT: |
107 | return "passphrase is too short (minimum four characters)"; | 107 | return "passphrase is too short (minimum five characters)"; |
108 | case SSH_ERR_FILE_CHANGED: | 108 | case SSH_ERR_FILE_CHANGED: |
109 | return "file changed while reading"; | 109 | return "file changed while reading"; |
110 | case SSH_ERR_KEY_UNKNOWN_CIPHER: | 110 | case SSH_ERR_KEY_UNKNOWN_CIPHER: |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshkey.c,v 1.21 2015/08/19 23:19:01 djm Exp $ */ | 1 | /* $OpenBSD: sshkey.c,v 1.31 2015/12/11 04:21:12 mmcc Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. |
4 | * Copyright (c) 2008 Alexander von Gernler. All rights reserved. | 4 | * Copyright (c) 2008 Alexander von Gernler. All rights reserved. |
@@ -83,37 +83,40 @@ struct keytype { | |||
83 | int type; | 83 | int type; |
84 | int nid; | 84 | int nid; |
85 | int cert; | 85 | int cert; |
86 | int sigonly; | ||
86 | }; | 87 | }; |
87 | static const struct keytype keytypes[] = { | 88 | static const struct keytype keytypes[] = { |
88 | { "ssh-ed25519", "ED25519", KEY_ED25519, 0, 0 }, | 89 | { "ssh-ed25519", "ED25519", KEY_ED25519, 0, 0, 0 }, |
89 | { "ssh-ed25519-cert-v01@openssh.com", "ED25519-CERT", | 90 | { "ssh-ed25519-cert-v01@openssh.com", "ED25519-CERT", |
90 | KEY_ED25519_CERT, 0, 1 }, | 91 | KEY_ED25519_CERT, 0, 1, 0 }, |
91 | #ifdef WITH_OPENSSL | 92 | #ifdef WITH_OPENSSL |
92 | { NULL, "RSA1", KEY_RSA1, 0, 0 }, | 93 | { NULL, "RSA1", KEY_RSA1, 0, 0, 0 }, |
93 | { "ssh-rsa", "RSA", KEY_RSA, 0, 0 }, | 94 | { "ssh-rsa", "RSA", KEY_RSA, 0, 0, 0 }, |
94 | { "ssh-dss", "DSA", KEY_DSA, 0, 0 }, | 95 | { "rsa-sha2-256", "RSA", KEY_RSA, 0, 0, 1 }, |
96 | { "rsa-sha2-512", "RSA", KEY_RSA, 0, 0, 1 }, | ||
97 | { "ssh-dss", "DSA", KEY_DSA, 0, 0, 0 }, | ||
95 | # ifdef OPENSSL_HAS_ECC | 98 | # ifdef OPENSSL_HAS_ECC |
96 | { "ecdsa-sha2-nistp256", "ECDSA", KEY_ECDSA, NID_X9_62_prime256v1, 0 }, | 99 | { "ecdsa-sha2-nistp256", "ECDSA", KEY_ECDSA, NID_X9_62_prime256v1, 0, 0 }, |
97 | { "ecdsa-sha2-nistp384", "ECDSA", KEY_ECDSA, NID_secp384r1, 0 }, | 100 | { "ecdsa-sha2-nistp384", "ECDSA", KEY_ECDSA, NID_secp384r1, 0, 0 }, |
98 | # ifdef OPENSSL_HAS_NISTP521 | 101 | # ifdef OPENSSL_HAS_NISTP521 |
99 | { "ecdsa-sha2-nistp521", "ECDSA", KEY_ECDSA, NID_secp521r1, 0 }, | 102 | { "ecdsa-sha2-nistp521", "ECDSA", KEY_ECDSA, NID_secp521r1, 0, 0 }, |
100 | # endif /* OPENSSL_HAS_NISTP521 */ | 103 | # endif /* OPENSSL_HAS_NISTP521 */ |
101 | # endif /* OPENSSL_HAS_ECC */ | 104 | # endif /* OPENSSL_HAS_ECC */ |
102 | { "ssh-rsa-cert-v01@openssh.com", "RSA-CERT", KEY_RSA_CERT, 0, 1 }, | 105 | { "ssh-rsa-cert-v01@openssh.com", "RSA-CERT", KEY_RSA_CERT, 0, 1, 0 }, |
103 | { "ssh-dss-cert-v01@openssh.com", "DSA-CERT", KEY_DSA_CERT, 0, 1 }, | 106 | { "ssh-dss-cert-v01@openssh.com", "DSA-CERT", KEY_DSA_CERT, 0, 1, 0 }, |
104 | # ifdef OPENSSL_HAS_ECC | 107 | # ifdef OPENSSL_HAS_ECC |
105 | { "ecdsa-sha2-nistp256-cert-v01@openssh.com", "ECDSA-CERT", | 108 | { "ecdsa-sha2-nistp256-cert-v01@openssh.com", "ECDSA-CERT", |
106 | KEY_ECDSA_CERT, NID_X9_62_prime256v1, 1 }, | 109 | KEY_ECDSA_CERT, NID_X9_62_prime256v1, 1, 0 }, |
107 | { "ecdsa-sha2-nistp384-cert-v01@openssh.com", "ECDSA-CERT", | 110 | { "ecdsa-sha2-nistp384-cert-v01@openssh.com", "ECDSA-CERT", |
108 | KEY_ECDSA_CERT, NID_secp384r1, 1 }, | 111 | KEY_ECDSA_CERT, NID_secp384r1, 1, 0 }, |
109 | # ifdef OPENSSL_HAS_NISTP521 | 112 | # ifdef OPENSSL_HAS_NISTP521 |
110 | { "ecdsa-sha2-nistp521-cert-v01@openssh.com", "ECDSA-CERT", | 113 | { "ecdsa-sha2-nistp521-cert-v01@openssh.com", "ECDSA-CERT", |
111 | KEY_ECDSA_CERT, NID_secp521r1, 1 }, | 114 | KEY_ECDSA_CERT, NID_secp521r1, 1, 0 }, |
112 | # endif /* OPENSSL_HAS_NISTP521 */ | 115 | # endif /* OPENSSL_HAS_NISTP521 */ |
113 | # endif /* OPENSSL_HAS_ECC */ | 116 | # endif /* OPENSSL_HAS_ECC */ |
114 | #endif /* WITH_OPENSSL */ | 117 | #endif /* WITH_OPENSSL */ |
115 | { "null", "null", KEY_NULL, 0, 0 }, | 118 | { "null", "null", KEY_NULL, 0, 0, 0 }, |
116 | { NULL, NULL, -1, -1, 0 } | 119 | { NULL, NULL, -1, -1, 0, 0 } |
117 | }; | 120 | }; |
118 | 121 | ||
119 | const char * | 122 | const char * |
@@ -201,7 +204,7 @@ key_alg_list(int certs_only, int plain_only) | |||
201 | const struct keytype *kt; | 204 | const struct keytype *kt; |
202 | 205 | ||
203 | for (kt = keytypes; kt->type != -1; kt++) { | 206 | for (kt = keytypes; kt->type != -1; kt++) { |
204 | if (kt->name == NULL || kt->type == KEY_NULL) | 207 | if (kt->name == NULL || kt->sigonly || kt->type == KEY_NULL) |
205 | continue; | 208 | continue; |
206 | if ((certs_only && !kt->cert) || (plain_only && kt->cert)) | 209 | if ((certs_only && !kt->cert) || (plain_only && kt->cert)) |
207 | continue; | 210 | continue; |
@@ -418,20 +421,14 @@ cert_free(struct sshkey_cert *cert) | |||
418 | 421 | ||
419 | if (cert == NULL) | 422 | if (cert == NULL) |
420 | return; | 423 | return; |
421 | if (cert->certblob != NULL) | 424 | sshbuf_free(cert->certblob); |
422 | sshbuf_free(cert->certblob); | 425 | sshbuf_free(cert->critical); |
423 | if (cert->critical != NULL) | 426 | sshbuf_free(cert->extensions); |
424 | sshbuf_free(cert->critical); | 427 | free(cert->key_id); |
425 | if (cert->extensions != NULL) | ||
426 | sshbuf_free(cert->extensions); | ||
427 | if (cert->key_id != NULL) | ||
428 | free(cert->key_id); | ||
429 | for (i = 0; i < cert->nprincipals; i++) | 428 | for (i = 0; i < cert->nprincipals; i++) |
430 | free(cert->principals[i]); | 429 | free(cert->principals[i]); |
431 | if (cert->principals != NULL) | 430 | free(cert->principals); |
432 | free(cert->principals); | 431 | sshkey_free(cert->signature_key); |
433 | if (cert->signature_key != NULL) | ||
434 | sshkey_free(cert->signature_key); | ||
435 | explicit_bzero(cert, sizeof(*cert)); | 432 | explicit_bzero(cert, sizeof(*cert)); |
436 | free(cert); | 433 | free(cert); |
437 | } | 434 | } |
@@ -1217,7 +1214,7 @@ read_decimal_bignum(char **cpp, BIGNUM *v) | |||
1217 | return SSH_ERR_BIGNUM_TOO_LARGE; | 1214 | return SSH_ERR_BIGNUM_TOO_LARGE; |
1218 | if (cp[e] == '\0') | 1215 | if (cp[e] == '\0') |
1219 | skip = 0; | 1216 | skip = 0; |
1220 | else if (index(" \t\r\n", cp[e]) == NULL) | 1217 | else if (strchr(" \t\r\n", cp[e]) == NULL) |
1221 | return SSH_ERR_INVALID_FORMAT; | 1218 | return SSH_ERR_INVALID_FORMAT; |
1222 | cp[e] = '\0'; | 1219 | cp[e] = '\0'; |
1223 | if (BN_dec2bn(&v, cp) <= 0) | 1220 | if (BN_dec2bn(&v, cp) <= 0) |
@@ -1233,11 +1230,10 @@ sshkey_read(struct sshkey *ret, char **cpp) | |||
1233 | { | 1230 | { |
1234 | struct sshkey *k; | 1231 | struct sshkey *k; |
1235 | int retval = SSH_ERR_INVALID_FORMAT; | 1232 | int retval = SSH_ERR_INVALID_FORMAT; |
1236 | char *cp, *space; | 1233 | char *ep, *cp, *space; |
1237 | int r, type, curve_nid = -1; | 1234 | int r, type, curve_nid = -1; |
1238 | struct sshbuf *blob; | 1235 | struct sshbuf *blob; |
1239 | #ifdef WITH_SSH1 | 1236 | #ifdef WITH_SSH1 |
1240 | char *ep; | ||
1241 | u_long bits; | 1237 | u_long bits; |
1242 | #endif /* WITH_SSH1 */ | 1238 | #endif /* WITH_SSH1 */ |
1243 | 1239 | ||
@@ -1248,7 +1244,7 @@ sshkey_read(struct sshkey *ret, char **cpp) | |||
1248 | #ifdef WITH_SSH1 | 1244 | #ifdef WITH_SSH1 |
1249 | /* Get number of bits. */ | 1245 | /* Get number of bits. */ |
1250 | bits = strtoul(cp, &ep, 10); | 1246 | bits = strtoul(cp, &ep, 10); |
1251 | if (*cp == '\0' || index(" \t\r\n", *ep) == NULL || | 1247 | if (*cp == '\0' || strchr(" \t\r\n", *ep) == NULL || |
1252 | bits == 0 || bits > SSHBUF_MAX_BIGNUM * 8) | 1248 | bits == 0 || bits > SSHBUF_MAX_BIGNUM * 8) |
1253 | return SSH_ERR_INVALID_FORMAT; /* Bad bit count... */ | 1249 | return SSH_ERR_INVALID_FORMAT; /* Bad bit count... */ |
1254 | /* Get public exponent, public modulus. */ | 1250 | /* Get public exponent, public modulus. */ |
@@ -1256,10 +1252,10 @@ sshkey_read(struct sshkey *ret, char **cpp) | |||
1256 | return r; | 1252 | return r; |
1257 | if ((r = read_decimal_bignum(&ep, ret->rsa->n)) < 0) | 1253 | if ((r = read_decimal_bignum(&ep, ret->rsa->n)) < 0) |
1258 | return r; | 1254 | return r; |
1259 | *cpp = ep; | ||
1260 | /* validate the claimed number of bits */ | 1255 | /* validate the claimed number of bits */ |
1261 | if (BN_num_bits(ret->rsa->n) != (int)bits) | 1256 | if (BN_num_bits(ret->rsa->n) != (int)bits) |
1262 | return SSH_ERR_KEY_BITS_MISMATCH; | 1257 | return SSH_ERR_KEY_BITS_MISMATCH; |
1258 | *cpp = ep; | ||
1263 | retval = 0; | 1259 | retval = 0; |
1264 | #endif /* WITH_SSH1 */ | 1260 | #endif /* WITH_SSH1 */ |
1265 | break; | 1261 | break; |
@@ -1297,9 +1293,9 @@ sshkey_read(struct sshkey *ret, char **cpp) | |||
1297 | *space++ = '\0'; | 1293 | *space++ = '\0'; |
1298 | while (*space == ' ' || *space == '\t') | 1294 | while (*space == ' ' || *space == '\t') |
1299 | space++; | 1295 | space++; |
1300 | *cpp = space; | 1296 | ep = space; |
1301 | } else | 1297 | } else |
1302 | *cpp = cp + strlen(cp); | 1298 | ep = cp + strlen(cp); |
1303 | if ((r = sshbuf_b64tod(blob, cp)) != 0) { | 1299 | if ((r = sshbuf_b64tod(blob, cp)) != 0) { |
1304 | sshbuf_free(blob); | 1300 | sshbuf_free(blob); |
1305 | return r; | 1301 | return r; |
@@ -1330,8 +1326,9 @@ sshkey_read(struct sshkey *ret, char **cpp) | |||
1330 | ret->cert = k->cert; | 1326 | ret->cert = k->cert; |
1331 | k->cert = NULL; | 1327 | k->cert = NULL; |
1332 | } | 1328 | } |
1329 | switch (sshkey_type_plain(ret->type)) { | ||
1333 | #ifdef WITH_OPENSSL | 1330 | #ifdef WITH_OPENSSL |
1334 | if (sshkey_type_plain(ret->type) == KEY_RSA) { | 1331 | case KEY_RSA: |
1335 | if (ret->rsa != NULL) | 1332 | if (ret->rsa != NULL) |
1336 | RSA_free(ret->rsa); | 1333 | RSA_free(ret->rsa); |
1337 | ret->rsa = k->rsa; | 1334 | ret->rsa = k->rsa; |
@@ -1339,8 +1336,8 @@ sshkey_read(struct sshkey *ret, char **cpp) | |||
1339 | #ifdef DEBUG_PK | 1336 | #ifdef DEBUG_PK |
1340 | RSA_print_fp(stderr, ret->rsa, 8); | 1337 | RSA_print_fp(stderr, ret->rsa, 8); |
1341 | #endif | 1338 | #endif |
1342 | } | 1339 | break; |
1343 | if (sshkey_type_plain(ret->type) == KEY_DSA) { | 1340 | case KEY_DSA: |
1344 | if (ret->dsa != NULL) | 1341 | if (ret->dsa != NULL) |
1345 | DSA_free(ret->dsa); | 1342 | DSA_free(ret->dsa); |
1346 | ret->dsa = k->dsa; | 1343 | ret->dsa = k->dsa; |
@@ -1348,9 +1345,9 @@ sshkey_read(struct sshkey *ret, char **cpp) | |||
1348 | #ifdef DEBUG_PK | 1345 | #ifdef DEBUG_PK |
1349 | DSA_print_fp(stderr, ret->dsa, 8); | 1346 | DSA_print_fp(stderr, ret->dsa, 8); |
1350 | #endif | 1347 | #endif |
1351 | } | 1348 | break; |
1352 | # ifdef OPENSSL_HAS_ECC | 1349 | # ifdef OPENSSL_HAS_ECC |
1353 | if (sshkey_type_plain(ret->type) == KEY_ECDSA) { | 1350 | case KEY_ECDSA: |
1354 | if (ret->ecdsa != NULL) | 1351 | if (ret->ecdsa != NULL) |
1355 | EC_KEY_free(ret->ecdsa); | 1352 | EC_KEY_free(ret->ecdsa); |
1356 | ret->ecdsa = k->ecdsa; | 1353 | ret->ecdsa = k->ecdsa; |
@@ -1360,17 +1357,19 @@ sshkey_read(struct sshkey *ret, char **cpp) | |||
1360 | #ifdef DEBUG_PK | 1357 | #ifdef DEBUG_PK |
1361 | sshkey_dump_ec_key(ret->ecdsa); | 1358 | sshkey_dump_ec_key(ret->ecdsa); |
1362 | #endif | 1359 | #endif |
1363 | } | 1360 | break; |
1364 | # endif /* OPENSSL_HAS_ECC */ | 1361 | # endif /* OPENSSL_HAS_ECC */ |
1365 | #endif /* WITH_OPENSSL */ | 1362 | #endif /* WITH_OPENSSL */ |
1366 | if (sshkey_type_plain(ret->type) == KEY_ED25519) { | 1363 | case KEY_ED25519: |
1367 | free(ret->ed25519_pk); | 1364 | free(ret->ed25519_pk); |
1368 | ret->ed25519_pk = k->ed25519_pk; | 1365 | ret->ed25519_pk = k->ed25519_pk; |
1369 | k->ed25519_pk = NULL; | 1366 | k->ed25519_pk = NULL; |
1370 | #ifdef DEBUG_PK | 1367 | #ifdef DEBUG_PK |
1371 | /* XXX */ | 1368 | /* XXX */ |
1372 | #endif | 1369 | #endif |
1370 | break; | ||
1373 | } | 1371 | } |
1372 | *cpp = ep; | ||
1374 | retval = 0; | 1373 | retval = 0; |
1375 | /*XXXX*/ | 1374 | /*XXXX*/ |
1376 | sshkey_free(k); | 1375 | sshkey_free(k); |
@@ -1718,7 +1717,7 @@ sshkey_cert_copy(const struct sshkey *from_key, struct sshkey *to_key) | |||
1718 | 1717 | ||
1719 | if ((ret = sshbuf_putb(to->certblob, from->certblob)) != 0 || | 1718 | if ((ret = sshbuf_putb(to->certblob, from->certblob)) != 0 || |
1720 | (ret = sshbuf_putb(to->critical, from->critical)) != 0 || | 1719 | (ret = sshbuf_putb(to->critical, from->critical)) != 0 || |
1721 | (ret = sshbuf_putb(to->extensions, from->extensions) != 0)) | 1720 | (ret = sshbuf_putb(to->extensions, from->extensions)) != 0) |
1722 | return ret; | 1721 | return ret; |
1723 | 1722 | ||
1724 | to->serial = from->serial; | 1723 | to->serial = from->serial; |
@@ -1759,9 +1758,7 @@ sshkey_from_private(const struct sshkey *k, struct sshkey **pkp) | |||
1759 | struct sshkey *n = NULL; | 1758 | struct sshkey *n = NULL; |
1760 | int ret = SSH_ERR_INTERNAL_ERROR; | 1759 | int ret = SSH_ERR_INTERNAL_ERROR; |
1761 | 1760 | ||
1762 | if (pkp != NULL) | 1761 | *pkp = NULL; |
1763 | *pkp = NULL; | ||
1764 | |||
1765 | switch (k->type) { | 1762 | switch (k->type) { |
1766 | #ifdef WITH_OPENSSL | 1763 | #ifdef WITH_OPENSSL |
1767 | case KEY_DSA: | 1764 | case KEY_DSA: |
@@ -2175,7 +2172,7 @@ sshkey_froms(struct sshbuf *buf, struct sshkey **keyp) | |||
2175 | int | 2172 | int |
2176 | sshkey_sign(const struct sshkey *key, | 2173 | sshkey_sign(const struct sshkey *key, |
2177 | u_char **sigp, size_t *lenp, | 2174 | u_char **sigp, size_t *lenp, |
2178 | const u_char *data, size_t datalen, u_int compat) | 2175 | const u_char *data, size_t datalen, const char *alg, u_int compat) |
2179 | { | 2176 | { |
2180 | if (sigp != NULL) | 2177 | if (sigp != NULL) |
2181 | *sigp = NULL; | 2178 | *sigp = NULL; |
@@ -2195,7 +2192,7 @@ sshkey_sign(const struct sshkey *key, | |||
2195 | # endif /* OPENSSL_HAS_ECC */ | 2192 | # endif /* OPENSSL_HAS_ECC */ |
2196 | case KEY_RSA_CERT: | 2193 | case KEY_RSA_CERT: |
2197 | case KEY_RSA: | 2194 | case KEY_RSA: |
2198 | return ssh_rsa_sign(key, sigp, lenp, data, datalen, compat); | 2195 | return ssh_rsa_sign(key, sigp, lenp, data, datalen, alg); |
2199 | #endif /* WITH_OPENSSL */ | 2196 | #endif /* WITH_OPENSSL */ |
2200 | case KEY_ED25519: | 2197 | case KEY_ED25519: |
2201 | case KEY_ED25519_CERT: | 2198 | case KEY_ED25519_CERT: |
@@ -2227,7 +2224,7 @@ sshkey_verify(const struct sshkey *key, | |||
2227 | # endif /* OPENSSL_HAS_ECC */ | 2224 | # endif /* OPENSSL_HAS_ECC */ |
2228 | case KEY_RSA_CERT: | 2225 | case KEY_RSA_CERT: |
2229 | case KEY_RSA: | 2226 | case KEY_RSA: |
2230 | return ssh_rsa_verify(key, sig, siglen, data, dlen, compat); | 2227 | return ssh_rsa_verify(key, sig, siglen, data, dlen); |
2231 | #endif /* WITH_OPENSSL */ | 2228 | #endif /* WITH_OPENSSL */ |
2232 | case KEY_ED25519: | 2229 | case KEY_ED25519: |
2233 | case KEY_ED25519_CERT: | 2230 | case KEY_ED25519_CERT: |
@@ -2244,9 +2241,7 @@ sshkey_demote(const struct sshkey *k, struct sshkey **dkp) | |||
2244 | struct sshkey *pk; | 2241 | struct sshkey *pk; |
2245 | int ret = SSH_ERR_INTERNAL_ERROR; | 2242 | int ret = SSH_ERR_INTERNAL_ERROR; |
2246 | 2243 | ||
2247 | if (dkp != NULL) | 2244 | *dkp = NULL; |
2248 | *dkp = NULL; | ||
2249 | |||
2250 | if ((pk = calloc(1, sizeof(*pk))) == NULL) | 2245 | if ((pk = calloc(1, sizeof(*pk))) == NULL) |
2251 | return SSH_ERR_ALLOC_FAIL; | 2246 | return SSH_ERR_ALLOC_FAIL; |
2252 | pk->type = k->type; | 2247 | pk->type = k->type; |
@@ -2463,7 +2458,7 @@ sshkey_certify(struct sshkey *k, struct sshkey *ca) | |||
2463 | 2458 | ||
2464 | /* Sign the whole mess */ | 2459 | /* Sign the whole mess */ |
2465 | if ((ret = sshkey_sign(ca, &sig_blob, &sig_len, sshbuf_ptr(cert), | 2460 | if ((ret = sshkey_sign(ca, &sig_blob, &sig_len, sshbuf_ptr(cert), |
2466 | sshbuf_len(cert), 0)) != 0) | 2461 | sshbuf_len(cert), NULL, 0)) != 0) |
2467 | goto out; | 2462 | goto out; |
2468 | 2463 | ||
2469 | /* Append signature and we are done */ | 2464 | /* Append signature and we are done */ |
@@ -2473,12 +2468,9 @@ sshkey_certify(struct sshkey *k, struct sshkey *ca) | |||
2473 | out: | 2468 | out: |
2474 | if (ret != 0) | 2469 | if (ret != 0) |
2475 | sshbuf_reset(cert); | 2470 | sshbuf_reset(cert); |
2476 | if (sig_blob != NULL) | 2471 | free(sig_blob); |
2477 | free(sig_blob); | 2472 | free(ca_blob); |
2478 | if (ca_blob != NULL) | 2473 | sshbuf_free(principals); |
2479 | free(ca_blob); | ||
2480 | if (principals != NULL) | ||
2481 | sshbuf_free(principals); | ||
2482 | return ret; | 2474 | return ret; |
2483 | } | 2475 | } |
2484 | 2476 | ||
@@ -2539,6 +2531,43 @@ sshkey_cert_check_authority(const struct sshkey *k, | |||
2539 | return 0; | 2531 | return 0; |
2540 | } | 2532 | } |
2541 | 2533 | ||
2534 | size_t | ||
2535 | sshkey_format_cert_validity(const struct sshkey_cert *cert, char *s, size_t l) | ||
2536 | { | ||
2537 | char from[32], to[32], ret[64]; | ||
2538 | time_t tt; | ||
2539 | struct tm *tm; | ||
2540 | |||
2541 | *from = *to = '\0'; | ||
2542 | if (cert->valid_after == 0 && | ||
2543 | cert->valid_before == 0xffffffffffffffffULL) | ||
2544 | return strlcpy(s, "forever", l); | ||
2545 | |||
2546 | if (cert->valid_after != 0) { | ||
2547 | /* XXX revisit INT_MAX in 2038 :) */ | ||
2548 | tt = cert->valid_after > INT_MAX ? | ||
2549 | INT_MAX : cert->valid_after; | ||
2550 | tm = localtime(&tt); | ||
2551 | strftime(from, sizeof(from), "%Y-%m-%dT%H:%M:%S", tm); | ||
2552 | } | ||
2553 | if (cert->valid_before != 0xffffffffffffffffULL) { | ||
2554 | /* XXX revisit INT_MAX in 2038 :) */ | ||
2555 | tt = cert->valid_before > INT_MAX ? | ||
2556 | INT_MAX : cert->valid_before; | ||
2557 | tm = localtime(&tt); | ||
2558 | strftime(to, sizeof(to), "%Y-%m-%dT%H:%M:%S", tm); | ||
2559 | } | ||
2560 | |||
2561 | if (cert->valid_after == 0) | ||
2562 | snprintf(ret, sizeof(ret), "before %s", to); | ||
2563 | else if (cert->valid_before == 0xffffffffffffffffULL) | ||
2564 | snprintf(ret, sizeof(ret), "after %s", from); | ||
2565 | else | ||
2566 | snprintf(ret, sizeof(ret), "from %s to %s", from, to); | ||
2567 | |||
2568 | return strlcpy(s, ret, l); | ||
2569 | } | ||
2570 | |||
2542 | int | 2571 | int |
2543 | sshkey_private_serialize(const struct sshkey *key, struct sshbuf *b) | 2572 | sshkey_private_serialize(const struct sshkey *key, struct sshbuf *b) |
2544 | { | 2573 | { |
@@ -2702,7 +2731,7 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp) | |||
2702 | goto out; | 2731 | goto out; |
2703 | } | 2732 | } |
2704 | if ((r = sshkey_ec_validate_public(EC_KEY_get0_group(k->ecdsa), | 2733 | if ((r = sshkey_ec_validate_public(EC_KEY_get0_group(k->ecdsa), |
2705 | EC_KEY_get0_public_key(k->ecdsa)) != 0) || | 2734 | EC_KEY_get0_public_key(k->ecdsa))) != 0 || |
2706 | (r = sshkey_ec_validate_private(k->ecdsa)) != 0) | 2735 | (r = sshkey_ec_validate_private(k->ecdsa)) != 0) |
2707 | goto out; | 2736 | goto out; |
2708 | break; | 2737 | break; |
@@ -2720,7 +2749,7 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp) | |||
2720 | goto out; | 2749 | goto out; |
2721 | } | 2750 | } |
2722 | if ((r = sshkey_ec_validate_public(EC_KEY_get0_group(k->ecdsa), | 2751 | if ((r = sshkey_ec_validate_public(EC_KEY_get0_group(k->ecdsa), |
2723 | EC_KEY_get0_public_key(k->ecdsa)) != 0) || | 2752 | EC_KEY_get0_public_key(k->ecdsa))) != 0 || |
2724 | (r = sshkey_ec_validate_private(k->ecdsa)) != 0) | 2753 | (r = sshkey_ec_validate_private(k->ecdsa)) != 0) |
2725 | goto out; | 2754 | goto out; |
2726 | break; | 2755 | break; |
@@ -2742,10 +2771,10 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp) | |||
2742 | case KEY_RSA_CERT: | 2771 | case KEY_RSA_CERT: |
2743 | if ((r = sshkey_froms(buf, &k)) != 0 || | 2772 | if ((r = sshkey_froms(buf, &k)) != 0 || |
2744 | (r = sshkey_add_private(k)) != 0 || | 2773 | (r = sshkey_add_private(k)) != 0 || |
2745 | (r = sshbuf_get_bignum2(buf, k->rsa->d) != 0) || | 2774 | (r = sshbuf_get_bignum2(buf, k->rsa->d)) != 0 || |
2746 | (r = sshbuf_get_bignum2(buf, k->rsa->iqmp) != 0) || | 2775 | (r = sshbuf_get_bignum2(buf, k->rsa->iqmp)) != 0 || |
2747 | (r = sshbuf_get_bignum2(buf, k->rsa->p) != 0) || | 2776 | (r = sshbuf_get_bignum2(buf, k->rsa->p)) != 0 || |
2748 | (r = sshbuf_get_bignum2(buf, k->rsa->q) != 0) || | 2777 | (r = sshbuf_get_bignum2(buf, k->rsa->q)) != 0 || |
2749 | (r = rsa_generate_additional_parameters(k->rsa)) != 0) | 2778 | (r = rsa_generate_additional_parameters(k->rsa)) != 0) |
2750 | goto out; | 2779 | goto out; |
2751 | break; | 2780 | break; |
@@ -3432,9 +3461,9 @@ sshkey_private_rsa1_to_blob(struct sshkey *key, struct sshbuf *blob, | |||
3432 | 3461 | ||
3433 | /* Store public key. This will be in plain text. */ | 3462 | /* Store public key. This will be in plain text. */ |
3434 | if ((r = sshbuf_put_u32(encrypted, BN_num_bits(key->rsa->n))) != 0 || | 3463 | if ((r = sshbuf_put_u32(encrypted, BN_num_bits(key->rsa->n))) != 0 || |
3435 | (r = sshbuf_put_bignum1(encrypted, key->rsa->n) != 0) || | 3464 | (r = sshbuf_put_bignum1(encrypted, key->rsa->n)) != 0 || |
3436 | (r = sshbuf_put_bignum1(encrypted, key->rsa->e) != 0) || | 3465 | (r = sshbuf_put_bignum1(encrypted, key->rsa->e)) != 0 || |
3437 | (r = sshbuf_put_cstring(encrypted, comment) != 0)) | 3466 | (r = sshbuf_put_cstring(encrypted, comment)) != 0) |
3438 | goto out; | 3467 | goto out; |
3439 | 3468 | ||
3440 | /* Allocate space for the private part of the key in the buffer. */ | 3469 | /* Allocate space for the private part of the key in the buffer. */ |
@@ -3455,10 +3484,8 @@ sshkey_private_rsa1_to_blob(struct sshkey *key, struct sshbuf *blob, | |||
3455 | out: | 3484 | out: |
3456 | explicit_bzero(&ciphercontext, sizeof(ciphercontext)); | 3485 | explicit_bzero(&ciphercontext, sizeof(ciphercontext)); |
3457 | explicit_bzero(buf, sizeof(buf)); | 3486 | explicit_bzero(buf, sizeof(buf)); |
3458 | if (buffer != NULL) | 3487 | sshbuf_free(buffer); |
3459 | sshbuf_free(buffer); | 3488 | sshbuf_free(encrypted); |
3460 | if (encrypted != NULL) | ||
3461 | sshbuf_free(encrypted); | ||
3462 | 3489 | ||
3463 | return r; | 3490 | return r; |
3464 | } | 3491 | } |
@@ -3612,10 +3639,8 @@ sshkey_parse_public_rsa1_fileblob(struct sshbuf *blob, | |||
3612 | pub = NULL; | 3639 | pub = NULL; |
3613 | 3640 | ||
3614 | out: | 3641 | out: |
3615 | if (copy != NULL) | 3642 | sshbuf_free(copy); |
3616 | sshbuf_free(copy); | 3643 | sshkey_free(pub); |
3617 | if (pub != NULL) | ||
3618 | sshkey_free(pub); | ||
3619 | return r; | 3644 | return r; |
3620 | } | 3645 | } |
3621 | 3646 | ||
@@ -3727,14 +3752,10 @@ sshkey_parse_private_rsa1(struct sshbuf *blob, const char *passphrase, | |||
3727 | } | 3752 | } |
3728 | out: | 3753 | out: |
3729 | explicit_bzero(&ciphercontext, sizeof(ciphercontext)); | 3754 | explicit_bzero(&ciphercontext, sizeof(ciphercontext)); |
3730 | if (comment != NULL) | 3755 | free(comment); |
3731 | free(comment); | 3756 | sshkey_free(prv); |
3732 | if (prv != NULL) | 3757 | sshbuf_free(copy); |
3733 | sshkey_free(prv); | 3758 | sshbuf_free(decrypted); |
3734 | if (copy != NULL) | ||
3735 | sshbuf_free(copy); | ||
3736 | if (decrypted != NULL) | ||
3737 | sshbuf_free(decrypted); | ||
3738 | return r; | 3759 | return r; |
3739 | } | 3760 | } |
3740 | #endif /* WITH_SSH1 */ | 3761 | #endif /* WITH_SSH1 */ |
@@ -3824,8 +3845,7 @@ sshkey_parse_private_pem_fileblob(struct sshbuf *blob, int type, | |||
3824 | BIO_free(bio); | 3845 | BIO_free(bio); |
3825 | if (pk != NULL) | 3846 | if (pk != NULL) |
3826 | EVP_PKEY_free(pk); | 3847 | EVP_PKEY_free(pk); |
3827 | if (prv != NULL) | 3848 | sshkey_free(prv); |
3828 | sshkey_free(prv); | ||
3829 | return r; | 3849 | return r; |
3830 | } | 3850 | } |
3831 | #endif /* WITH_OPENSSL */ | 3851 | #endif /* WITH_OPENSSL */ |
@@ -3834,8 +3854,6 @@ int | |||
3834 | sshkey_parse_private_fileblob_type(struct sshbuf *blob, int type, | 3854 | sshkey_parse_private_fileblob_type(struct sshbuf *blob, int type, |
3835 | const char *passphrase, struct sshkey **keyp, char **commentp) | 3855 | const char *passphrase, struct sshkey **keyp, char **commentp) |
3836 | { | 3856 | { |
3837 | int r; | ||
3838 | |||
3839 | *keyp = NULL; | 3857 | *keyp = NULL; |
3840 | if (commentp != NULL) | 3858 | if (commentp != NULL) |
3841 | *commentp = NULL; | 3859 | *commentp = NULL; |
@@ -3857,8 +3875,8 @@ sshkey_parse_private_fileblob_type(struct sshbuf *blob, int type, | |||
3857 | return sshkey_parse_private2(blob, type, passphrase, | 3875 | return sshkey_parse_private2(blob, type, passphrase, |
3858 | keyp, commentp); | 3876 | keyp, commentp); |
3859 | case KEY_UNSPEC: | 3877 | case KEY_UNSPEC: |
3860 | if ((r = sshkey_parse_private2(blob, type, passphrase, keyp, | 3878 | if (sshkey_parse_private2(blob, type, passphrase, keyp, |
3861 | commentp)) == 0) | 3879 | commentp) == 0) |
3862 | return 0; | 3880 | return 0; |
3863 | #ifdef WITH_OPENSSL | 3881 | #ifdef WITH_OPENSSL |
3864 | return sshkey_parse_private_pem_fileblob(blob, type, | 3882 | return sshkey_parse_private_pem_fileblob(blob, type, |
@@ -3873,10 +3891,8 @@ sshkey_parse_private_fileblob_type(struct sshbuf *blob, int type, | |||
3873 | 3891 | ||
3874 | int | 3892 | int |
3875 | sshkey_parse_private_fileblob(struct sshbuf *buffer, const char *passphrase, | 3893 | sshkey_parse_private_fileblob(struct sshbuf *buffer, const char *passphrase, |
3876 | const char *filename, struct sshkey **keyp, char **commentp) | 3894 | struct sshkey **keyp, char **commentp) |
3877 | { | 3895 | { |
3878 | int r; | ||
3879 | |||
3880 | if (keyp != NULL) | 3896 | if (keyp != NULL) |
3881 | *keyp = NULL; | 3897 | *keyp = NULL; |
3882 | if (commentp != NULL) | 3898 | if (commentp != NULL) |
@@ -3884,13 +3900,11 @@ sshkey_parse_private_fileblob(struct sshbuf *buffer, const char *passphrase, | |||
3884 | 3900 | ||
3885 | #ifdef WITH_SSH1 | 3901 | #ifdef WITH_SSH1 |
3886 | /* it's a SSH v1 key if the public key part is readable */ | 3902 | /* it's a SSH v1 key if the public key part is readable */ |
3887 | if ((r = sshkey_parse_public_rsa1_fileblob(buffer, NULL, NULL)) == 0) { | 3903 | if (sshkey_parse_public_rsa1_fileblob(buffer, NULL, NULL) == 0) { |
3888 | return sshkey_parse_private_fileblob_type(buffer, KEY_RSA1, | 3904 | return sshkey_parse_private_fileblob_type(buffer, KEY_RSA1, |
3889 | passphrase, keyp, commentp); | 3905 | passphrase, keyp, commentp); |
3890 | } | 3906 | } |
3891 | #endif /* WITH_SSH1 */ | 3907 | #endif /* WITH_SSH1 */ |
3892 | if ((r = sshkey_parse_private_fileblob_type(buffer, KEY_UNSPEC, | 3908 | return sshkey_parse_private_fileblob_type(buffer, KEY_UNSPEC, |
3893 | passphrase, keyp, commentp)) == 0) | 3909 | passphrase, keyp, commentp); |
3894 | return 0; | ||
3895 | return r; | ||
3896 | } | 3910 | } |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshkey.h,v 1.9 2015/08/04 05:23:06 djm Exp $ */ | 1 | /* $OpenBSD: sshkey.h,v 1.12 2015/12/04 16:41:28 markus Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. |
@@ -142,6 +142,8 @@ int sshkey_certify(struct sshkey *, struct sshkey *); | |||
142 | int sshkey_cert_copy(const struct sshkey *, struct sshkey *); | 142 | int sshkey_cert_copy(const struct sshkey *, struct sshkey *); |
143 | int sshkey_cert_check_authority(const struct sshkey *, int, int, | 143 | int sshkey_cert_check_authority(const struct sshkey *, int, int, |
144 | const char *, const char **); | 144 | const char *, const char **); |
145 | size_t sshkey_format_cert_validity(const struct sshkey_cert *, | ||
146 | char *, size_t) __attribute__((__bounded__(__string__, 2, 3))); | ||
145 | 147 | ||
146 | int sshkey_ecdsa_nid_from_name(const char *); | 148 | int sshkey_ecdsa_nid_from_name(const char *); |
147 | int sshkey_curve_name_to_nid(const char *); | 149 | int sshkey_curve_name_to_nid(const char *); |
@@ -168,7 +170,7 @@ int sshkey_plain_to_blob(const struct sshkey *, u_char **, size_t *); | |||
168 | int sshkey_putb_plain(const struct sshkey *, struct sshbuf *); | 170 | int sshkey_putb_plain(const struct sshkey *, struct sshbuf *); |
169 | 171 | ||
170 | int sshkey_sign(const struct sshkey *, u_char **, size_t *, | 172 | int sshkey_sign(const struct sshkey *, u_char **, size_t *, |
171 | const u_char *, size_t, u_int); | 173 | const u_char *, size_t, const char *, u_int); |
172 | int sshkey_verify(const struct sshkey *, const u_char *, size_t, | 174 | int sshkey_verify(const struct sshkey *, const u_char *, size_t, |
173 | const u_char *, size_t, u_int); | 175 | const u_char *, size_t, u_int); |
174 | 176 | ||
@@ -187,17 +189,16 @@ int sshkey_private_to_fileblob(struct sshkey *key, struct sshbuf *blob, | |||
187 | int sshkey_parse_public_rsa1_fileblob(struct sshbuf *blob, | 189 | int sshkey_parse_public_rsa1_fileblob(struct sshbuf *blob, |
188 | struct sshkey **keyp, char **commentp); | 190 | struct sshkey **keyp, char **commentp); |
189 | int sshkey_parse_private_fileblob(struct sshbuf *buffer, | 191 | int sshkey_parse_private_fileblob(struct sshbuf *buffer, |
190 | const char *passphrase, const char *filename, struct sshkey **keyp, | 192 | const char *passphrase, struct sshkey **keyp, char **commentp); |
191 | char **commentp); | ||
192 | int sshkey_parse_private_fileblob_type(struct sshbuf *blob, int type, | 193 | int sshkey_parse_private_fileblob_type(struct sshbuf *blob, int type, |
193 | const char *passphrase, struct sshkey **keyp, char **commentp); | 194 | const char *passphrase, struct sshkey **keyp, char **commentp); |
194 | 195 | ||
195 | #ifdef SSHKEY_INTERNAL | 196 | #ifdef SSHKEY_INTERNAL |
196 | int ssh_rsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, | 197 | int ssh_rsa_sign(const struct sshkey *key, |
197 | const u_char *data, size_t datalen, u_int compat); | 198 | u_char **sigp, size_t *lenp, const u_char *data, size_t datalen, |
199 | const char *ident); | ||
198 | int ssh_rsa_verify(const struct sshkey *key, | 200 | int ssh_rsa_verify(const struct sshkey *key, |
199 | const u_char *signature, size_t signaturelen, | 201 | const u_char *sig, size_t siglen, const u_char *data, size_t datalen); |
200 | const u_char *data, size_t datalen, u_int compat); | ||
201 | int ssh_dss_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, | 202 | int ssh_dss_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, |
202 | const u_char *data, size_t datalen, u_int compat); | 203 | const u_char *data, size_t datalen, u_int compat); |
203 | int ssh_dss_verify(const struct sshkey *key, | 204 | int ssh_dss_verify(const struct sshkey *key, |
diff --git a/sshlogin.c b/sshlogin.c index 818312ff1..cea3e7697 100644 --- a/sshlogin.c +++ b/sshlogin.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshlogin.c,v 1.31 2015/01/20 23:14:00 deraadt Exp $ */ | 1 | /* $OpenBSD: sshlogin.c,v 1.32 2015/12/26 20:51:35 guenther Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -134,7 +134,7 @@ temporarily_use_uid(struct passwd *pw) | |||
134 | void | 134 | void |
135 | permanently_drop_suid(uid_t uid) | 135 | permanently_drop_suid(uid_t uid) |
136 | { | 136 | { |
137 | #ifndef HAVE_CYGWIN | 137 | #ifndef NO_UID_RESTORATION_TEST |
138 | uid_t old_uid = getuid(); | 138 | uid_t old_uid = getuid(); |
139 | #endif | 139 | #endif |
140 | 140 | ||
@@ -142,8 +142,14 @@ permanently_drop_suid(uid_t uid) | |||
142 | if (setresuid(uid, uid, uid) < 0) | 142 | if (setresuid(uid, uid, uid) < 0) |
143 | fatal("setresuid %u: %.100s", (u_int)uid, strerror(errno)); | 143 | fatal("setresuid %u: %.100s", (u_int)uid, strerror(errno)); |
144 | 144 | ||
145 | #ifndef HAVE_CYGWIN | 145 | #ifndef NO_UID_RESTORATION_TEST |
146 | /* Try restoration of UID if changed (test clearing of saved uid) */ | 146 | /* |
147 | * Try restoration of UID if changed (test clearing of saved uid). | ||
148 | * | ||
149 | * Note that we don't do this on Cygwin, or on Solaris-based platforms | ||
150 | * where fine-grained privileges are available (the user might be | ||
151 | * deliberately allowed the right to setuid back to root). | ||
152 | */ | ||
147 | if (old_uid != uid && | 153 | if (old_uid != uid && |
148 | (setuid(old_uid) != -1 || seteuid(old_uid) != -1)) | 154 | (setuid(old_uid) != -1 || seteuid(old_uid) != -1)) |
149 | fatal("%s: was able to restore old [e]uid", __func__); | 155 | fatal("%s: was able to restore old [e]uid", __func__); |
@@ -199,7 +205,7 @@ restore_uid(void) | |||
199 | void | 205 | void |
200 | permanently_set_uid(struct passwd *pw) | 206 | permanently_set_uid(struct passwd *pw) |
201 | { | 207 | { |
202 | #ifndef HAVE_CYGWIN | 208 | #ifndef NO_UID_RESTORATION_TEST |
203 | uid_t old_uid = getuid(); | 209 | uid_t old_uid = getuid(); |
204 | gid_t old_gid = getgid(); | 210 | gid_t old_gid = getgid(); |
205 | #endif | 211 | #endif |
@@ -227,7 +233,7 @@ permanently_set_uid(struct passwd *pw) | |||
227 | if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) < 0) | 233 | if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) < 0) |
228 | fatal("setresuid %u: %.100s", (u_int)pw->pw_uid, strerror(errno)); | 234 | fatal("setresuid %u: %.100s", (u_int)pw->pw_uid, strerror(errno)); |
229 | 235 | ||
230 | #ifndef HAVE_CYGWIN | 236 | #ifndef NO_UID_RESTORATION_TEST |
231 | /* Try restoration of GID if changed (test clearing of saved gid) */ | 237 | /* Try restoration of GID if changed (test clearing of saved gid) */ |
232 | if (old_gid != pw->pw_gid && pw->pw_uid != 0 && | 238 | if (old_gid != pw->pw_gid && pw->pw_uid != 0 && |
233 | (setgid(old_gid) != -1 || setegid(old_gid) != -1)) | 239 | (setgid(old_gid) != -1 || setegid(old_gid) != -1)) |
@@ -241,7 +247,7 @@ permanently_set_uid(struct passwd *pw) | |||
241 | (u_int)pw->pw_gid); | 247 | (u_int)pw->pw_gid); |
242 | } | 248 | } |
243 | 249 | ||
244 | #ifndef HAVE_CYGWIN | 250 | #ifndef NO_UID_RESTORATION_TEST |
245 | /* Try restoration of UID if changed (test clearing of saved uid) */ | 251 | /* Try restoration of UID if changed (test clearing of saved uid) */ |
246 | if (old_uid != pw->pw_uid && | 252 | if (old_uid != pw->pw_uid && |
247 | (setuid(old_uid) != -1 || seteuid(old_uid) != -1)) | 253 | (setuid(old_uid) != -1 || seteuid(old_uid) != -1)) |
@@ -1,8 +1,8 @@ | |||
1 | /* $OpenBSD: version.h,v 1.75 2015/08/21 03:45:26 djm Exp $ */ | 1 | /* $OpenBSD: version.h,v 1.76 2016/02/23 09:14:34 djm Exp $ */ |
2 | 2 | ||
3 | #define SSH_VERSION "OpenSSH_7.1" | 3 | #define SSH_VERSION "OpenSSH_7.2" |
4 | 4 | ||
5 | #define SSH_PORTABLE "p2" | 5 | #define SSH_PORTABLE "p1" |
6 | #define SSH_RELEASE_MINIMUM SSH_VERSION SSH_PORTABLE | 6 | #define SSH_RELEASE_MINIMUM SSH_VERSION SSH_PORTABLE |
7 | #ifdef SSH_EXTRAVERSION | 7 | #ifdef SSH_EXTRAVERSION |
8 | #define SSH_RELEASE SSH_RELEASE_MINIMUM " " SSH_EXTRAVERSION | 8 | #define SSH_RELEASE SSH_RELEASE_MINIMUM " " SSH_EXTRAVERSION |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: xmalloc.c,v 1.32 2015/04/24 01:36:01 deraadt Exp $ */ | 1 | /* $OpenBSD: xmalloc.c,v 1.33 2016/02/15 09:47:49 dtucker Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -26,6 +26,16 @@ | |||
26 | #include "xmalloc.h" | 26 | #include "xmalloc.h" |
27 | #include "log.h" | 27 | #include "log.h" |
28 | 28 | ||
29 | void | ||
30 | ssh_malloc_init(void) | ||
31 | { | ||
32 | #if defined(__OpenBSD__) | ||
33 | extern char *malloc_options; | ||
34 | |||
35 | malloc_options = "S"; | ||
36 | #endif /* __OpenBSD__ */ | ||
37 | } | ||
38 | |||
29 | void * | 39 | void * |
30 | xmalloc(size_t size) | 40 | xmalloc(size_t size) |
31 | { | 41 | { |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: xmalloc.h,v 1.15 2015/04/24 01:36:01 deraadt Exp $ */ | 1 | /* $OpenBSD: xmalloc.h,v 1.16 2016/02/15 09:47:49 dtucker Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
@@ -16,6 +16,7 @@ | |||
16 | * called by a name other than "ssh" or "Secure Shell". | 16 | * called by a name other than "ssh" or "Secure Shell". |
17 | */ | 17 | */ |
18 | 18 | ||
19 | void ssh_malloc_init(void); | ||
19 | void *xmalloc(size_t); | 20 | void *xmalloc(size_t); |
20 | void *xcalloc(size_t, size_t); | 21 | void *xcalloc(size_t, size_t); |
21 | void *xreallocarray(void *, size_t, size_t); | 22 | void *xreallocarray(void *, size_t, size_t); |