diff options
author | markus@openbsd.org <markus@openbsd.org> | 2016-01-14 16:17:39 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2016-01-27 16:54:10 +1100 |
commit | a306863831c57ec5fad918687cc5d289ee8e2635 (patch) | |
tree | 0321a74bc4a9be03ad303d35306555ca0908ee25 | |
parent | 6ef49e83e30688504552ac10875feabd5521565f (diff) |
upstream commit
remove roaming support; ok djm@
Upstream-ID: 2cab8f4b197bc95776fb1c8dc2859dad0c64dc56
-rw-r--r-- | Makefile.in | 15 | ||||
-rw-r--r-- | clientloop.c | 9 | ||||
-rw-r--r-- | kex.c | 14 | ||||
-rw-r--r-- | kex.h | 4 | ||||
-rw-r--r-- | monitor.c | 3 | ||||
-rw-r--r-- | monitor_wrap.c | 3 | ||||
-rw-r--r-- | opacket.c | 12 | ||||
-rw-r--r-- | opacket.h | 2 | ||||
-rw-r--r-- | packet.c | 84 | ||||
-rw-r--r-- | packet.h | 6 | ||||
-rw-r--r-- | readconf.c | 12 | ||||
-rw-r--r-- | readconf.h | 4 | ||||
-rw-r--r-- | roaming.h | 45 | ||||
-rw-r--r-- | roaming_client.c | 271 | ||||
-rw-r--r-- | roaming_common.c | 241 | ||||
-rw-r--r-- | roaming_dummy.c | 72 | ||||
-rw-r--r-- | roaming_serv.c | 31 | ||||
-rw-r--r-- | serverloop.c | 8 | ||||
-rw-r--r-- | ssh.c | 3 | ||||
-rw-r--r-- | ssh2.h | 9 | ||||
-rw-r--r-- | sshconnect.c | 7 | ||||
-rw-r--r-- | sshconnect2.c | 6 | ||||
-rw-r--r-- | sshd.c | 7 |
23 files changed, 37 insertions, 831 deletions
diff --git a/Makefile.in b/Makefile.in index 9e326411c..a8984c8fb 100644 --- a/Makefile.in +++ b/Makefile.in | |||
@@ -95,8 +95,7 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \ | |||
95 | platform-pledge.o | 95 | platform-pledge.o |
96 | 96 | ||
97 | SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \ | 97 | SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \ |
98 | sshconnect.o sshconnect1.o sshconnect2.o mux.o \ | 98 | sshconnect.o sshconnect1.o sshconnect2.o mux.o |
99 | roaming_common.o roaming_client.o | ||
100 | 99 | ||
101 | SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \ | 100 | SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \ |
102 | audit.o audit-bsm.o audit-linux.o platform.o \ | 101 | audit.o audit-bsm.o audit-linux.o platform.o \ |
@@ -109,7 +108,6 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \ | |||
109 | auth2-gss.o gss-serv.o gss-serv-krb5.o \ | 108 | auth2-gss.o gss-serv.o gss-serv-krb5.o \ |
110 | loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \ | 109 | loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \ |
111 | sftp-server.o sftp-common.o \ | 110 | sftp-server.o sftp-common.o \ |
112 | roaming_common.o roaming_serv.o \ | ||
113 | sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \ | 111 | sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \ |
114 | sandbox-seccomp-filter.o sandbox-capsicum.o sandbox-pledge.o \ | 112 | sandbox-seccomp-filter.o sandbox-capsicum.o sandbox-pledge.o \ |
115 | sandbox-solaris.o | 113 | sandbox-solaris.o |
@@ -180,14 +178,14 @@ ssh-agent$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-agent.o ssh-pkcs11-client.o | |||
180 | ssh-keygen$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keygen.o | 178 | ssh-keygen$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keygen.o |
181 | $(LD) -o $@ ssh-keygen.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) | 179 | $(LD) -o $@ ssh-keygen.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) |
182 | 180 | ||
183 | ssh-keysign$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keysign.o roaming_dummy.o readconf.o | 181 | ssh-keysign$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keysign.o readconf.o |
184 | $(LD) -o $@ ssh-keysign.o readconf.o roaming_dummy.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) | 182 | $(LD) -o $@ ssh-keysign.o readconf.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) |
185 | 183 | ||
186 | ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-pkcs11-helper.o ssh-pkcs11.o | 184 | ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-pkcs11-helper.o ssh-pkcs11.o |
187 | $(LD) -o $@ ssh-pkcs11-helper.o ssh-pkcs11.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) | 185 | $(LD) -o $@ ssh-pkcs11-helper.o ssh-pkcs11.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) |
188 | 186 | ||
189 | ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o roaming_dummy.o | 187 | ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o |
190 | $(LD) -o $@ ssh-keyscan.o roaming_dummy.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS) | 188 | $(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS) |
191 | 189 | ||
192 | sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o sftp-server-main.o | 190 | sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o sftp-server-main.o |
193 | $(LD) -o $@ sftp-server.o sftp-common.o sftp-server-main.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) | 191 | $(LD) -o $@ sftp-server.o sftp-common.o sftp-server-main.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) |
@@ -484,8 +482,7 @@ regress/unittests/bitmap/test_bitmap$(EXEEXT): ${UNITTESTS_TEST_BITMAP_OBJS} \ | |||
484 | 482 | ||
485 | UNITTESTS_TEST_KEX_OBJS=\ | 483 | UNITTESTS_TEST_KEX_OBJS=\ |
486 | regress/unittests/kex/tests.o \ | 484 | regress/unittests/kex/tests.o \ |
487 | regress/unittests/kex/test_kex.o \ | 485 | regress/unittests/kex/test_kex.o |
488 | roaming_dummy.o | ||
489 | 486 | ||
490 | regress/unittests/kex/test_kex$(EXEEXT): ${UNITTESTS_TEST_KEX_OBJS} \ | 487 | regress/unittests/kex/test_kex$(EXEEXT): ${UNITTESTS_TEST_KEX_OBJS} \ |
491 | regress/unittests/test_helper/libtest_helper.a libssh.a | 488 | regress/unittests/test_helper/libtest_helper.a libssh.a |
diff --git a/clientloop.c b/clientloop.c index c0386d56b..d324e297b 100644 --- a/clientloop.c +++ b/clientloop.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: clientloop.c,v 1.279 2016/01/13 23:04:47 djm Exp $ */ | 1 | /* $OpenBSD: clientloop.c,v 1.280 2016/01/14 16:17:39 markus Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -111,7 +111,6 @@ | |||
111 | #include "sshpty.h" | 111 | #include "sshpty.h" |
112 | #include "match.h" | 112 | #include "match.h" |
113 | #include "msg.h" | 113 | #include "msg.h" |
114 | #include "roaming.h" | ||
115 | #include "ssherr.h" | 114 | #include "ssherr.h" |
116 | #include "hostfile.h" | 115 | #include "hostfile.h" |
117 | 116 | ||
@@ -756,7 +755,7 @@ client_suspend_self(Buffer *bin, Buffer *bout, Buffer *berr) | |||
756 | static void | 755 | static void |
757 | client_process_net_input(fd_set *readset) | 756 | client_process_net_input(fd_set *readset) |
758 | { | 757 | { |
759 | int len, cont = 0; | 758 | int len; |
760 | char buf[SSH_IOBUFSZ]; | 759 | char buf[SSH_IOBUFSZ]; |
761 | 760 | ||
762 | /* | 761 | /* |
@@ -765,8 +764,8 @@ client_process_net_input(fd_set *readset) | |||
765 | */ | 764 | */ |
766 | if (FD_ISSET(connection_in, readset)) { | 765 | if (FD_ISSET(connection_in, readset)) { |
767 | /* Read as much as possible. */ | 766 | /* Read as much as possible. */ |
768 | len = roaming_read(connection_in, buf, sizeof(buf), &cont); | 767 | len = read(connection_in, buf, sizeof(buf)); |
769 | if (len == 0 && cont == 0) { | 768 | if (len == 0) { |
770 | /* | 769 | /* |
771 | * Received EOF. The remote host has closed the | 770 | * Received EOF. The remote host has closed the |
772 | * connection. | 771 | * connection. |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: kex.c,v 1.115 2015/12/13 22:42:23 djm Exp $ */ | 1 | /* $OpenBSD: kex.c,v 1.116 2016/01/14 16:17:39 markus Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -49,7 +49,6 @@ | |||
49 | #include "misc.h" | 49 | #include "misc.h" |
50 | #include "dispatch.h" | 50 | #include "dispatch.h" |
51 | #include "monitor.h" | 51 | #include "monitor.h" |
52 | #include "roaming.h" | ||
53 | 52 | ||
54 | #include "ssherr.h" | 53 | #include "ssherr.h" |
55 | #include "sshbuf.h" | 54 | #include "sshbuf.h" |
@@ -748,17 +747,6 @@ kex_choose_conf(struct ssh *ssh) | |||
748 | sprop=peer; | 747 | sprop=peer; |
749 | } | 748 | } |
750 | 749 | ||
751 | /* Check whether server offers roaming */ | ||
752 | if (!kex->server) { | ||
753 | char *roaming = match_list(KEX_RESUME, | ||
754 | peer[PROPOSAL_KEX_ALGS], NULL); | ||
755 | |||
756 | if (roaming) { | ||
757 | kex->roaming = 1; | ||
758 | free(roaming); | ||
759 | } | ||
760 | } | ||
761 | |||
762 | /* Check whether client supports ext_info_c */ | 750 | /* Check whether client supports ext_info_c */ |
763 | if (kex->server) { | 751 | if (kex->server) { |
764 | char *ext; | 752 | char *ext; |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: kex.h,v 1.74 2015/12/04 16:41:28 markus Exp $ */ | 1 | /* $OpenBSD: kex.h,v 1.75 2016/01/14 16:17:39 markus Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. |
@@ -54,7 +54,6 @@ | |||
54 | #define KEX_DH14 "diffie-hellman-group14-sha1" | 54 | #define KEX_DH14 "diffie-hellman-group14-sha1" |
55 | #define KEX_DHGEX_SHA1 "diffie-hellman-group-exchange-sha1" | 55 | #define KEX_DHGEX_SHA1 "diffie-hellman-group-exchange-sha1" |
56 | #define KEX_DHGEX_SHA256 "diffie-hellman-group-exchange-sha256" | 56 | #define KEX_DHGEX_SHA256 "diffie-hellman-group-exchange-sha256" |
57 | #define KEX_RESUME "resume@appgate.com" | ||
58 | #define KEX_ECDH_SHA2_NISTP256 "ecdh-sha2-nistp256" | 57 | #define KEX_ECDH_SHA2_NISTP256 "ecdh-sha2-nistp256" |
59 | #define KEX_ECDH_SHA2_NISTP384 "ecdh-sha2-nistp384" | 58 | #define KEX_ECDH_SHA2_NISTP384 "ecdh-sha2-nistp384" |
60 | #define KEX_ECDH_SHA2_NISTP521 "ecdh-sha2-nistp521" | 59 | #define KEX_ECDH_SHA2_NISTP521 "ecdh-sha2-nistp521" |
@@ -133,7 +132,6 @@ struct kex { | |||
133 | int hostkey_type; | 132 | int hostkey_type; |
134 | int hostkey_nid; | 133 | int hostkey_nid; |
135 | u_int kex_type; | 134 | u_int kex_type; |
136 | int roaming; | ||
137 | int rsa_sha2; | 135 | int rsa_sha2; |
138 | int ext_info_c; | 136 | int ext_info_c; |
139 | struct sshbuf *my; | 137 | struct sshbuf *my; |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: monitor.c,v 1.155 2015/12/04 16:41:28 markus Exp $ */ | 1 | /* $OpenBSD: monitor.c,v 1.156 2016/01/14 16:17:39 markus Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> | 3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> |
4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> | 4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> |
@@ -100,7 +100,6 @@ | |||
100 | #include "monitor_fdpass.h" | 100 | #include "monitor_fdpass.h" |
101 | #include "compat.h" | 101 | #include "compat.h" |
102 | #include "ssh2.h" | 102 | #include "ssh2.h" |
103 | #include "roaming.h" | ||
104 | #include "authfd.h" | 103 | #include "authfd.h" |
105 | #include "match.h" | 104 | #include "match.h" |
106 | #include "ssherr.h" | 105 | #include "ssherr.h" |
diff --git a/monitor_wrap.c b/monitor_wrap.c index d4bfaf372..c5db6df48 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: monitor_wrap.c,v 1.86 2015/12/04 16:41:28 markus Exp $ */ | 1 | /* $OpenBSD: monitor_wrap.c,v 1.87 2016/01/14 16:17:40 markus Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> | 3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> |
4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> | 4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> |
@@ -80,7 +80,6 @@ | |||
80 | #include "channels.h" | 80 | #include "channels.h" |
81 | #include "session.h" | 81 | #include "session.h" |
82 | #include "servconf.h" | 82 | #include "servconf.h" |
83 | #include "roaming.h" | ||
84 | 83 | ||
85 | #include "ssherr.h" | 84 | #include "ssherr.h" |
86 | 85 | ||
@@ -235,18 +235,6 @@ packet_set_connection(int fd_in, int fd_out) | |||
235 | fatal("%s: ssh_packet_set_connection failed", __func__); | 235 | fatal("%s: ssh_packet_set_connection failed", __func__); |
236 | } | 236 | } |
237 | 237 | ||
238 | void | ||
239 | packet_backup_state(void) | ||
240 | { | ||
241 | ssh_packet_backup_state(active_state, backup_state); | ||
242 | } | ||
243 | |||
244 | void | ||
245 | packet_restore_state(void) | ||
246 | { | ||
247 | ssh_packet_restore_state(active_state, backup_state); | ||
248 | } | ||
249 | |||
250 | u_int | 238 | u_int |
251 | packet_get_char(void) | 239 | packet_get_char(void) |
252 | { | 240 | { |
@@ -39,8 +39,6 @@ do { \ | |||
39 | void packet_close(void); | 39 | void packet_close(void); |
40 | u_int packet_get_char(void); | 40 | u_int packet_get_char(void); |
41 | u_int packet_get_int(void); | 41 | u_int packet_get_int(void); |
42 | void packet_backup_state(void); | ||
43 | void packet_restore_state(void); | ||
44 | void packet_set_connection(int, int); | 42 | void packet_set_connection(int, int); |
45 | int packet_read_seqnr(u_int32_t *); | 43 | int packet_read_seqnr(u_int32_t *); |
46 | int packet_read_poll_seqnr(u_int32_t *); | 44 | int packet_read_poll_seqnr(u_int32_t *); |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: packet.c,v 1.221 2015/12/11 04:21:12 mmcc Exp $ */ | 1 | /* $OpenBSD: packet.c,v 1.222 2016/01/14 16:17:40 markus Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -83,7 +83,6 @@ | |||
83 | #include "channels.h" | 83 | #include "channels.h" |
84 | #include "ssh.h" | 84 | #include "ssh.h" |
85 | #include "packet.h" | 85 | #include "packet.h" |
86 | #include "roaming.h" | ||
87 | #include "ssherr.h" | 86 | #include "ssherr.h" |
88 | #include "sshbuf.h" | 87 | #include "sshbuf.h" |
89 | 88 | ||
@@ -1279,7 +1278,7 @@ int | |||
1279 | ssh_packet_read_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) | 1278 | ssh_packet_read_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) |
1280 | { | 1279 | { |
1281 | struct session_state *state = ssh->state; | 1280 | struct session_state *state = ssh->state; |
1282 | int len, r, ms_remain, cont; | 1281 | int len, r, ms_remain; |
1283 | fd_set *setp; | 1282 | fd_set *setp; |
1284 | char buf[8192]; | 1283 | char buf[8192]; |
1285 | struct timeval timeout, start, *timeoutp = NULL; | 1284 | struct timeval timeout, start, *timeoutp = NULL; |
@@ -1349,11 +1348,7 @@ ssh_packet_read_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) | |||
1349 | if (r == 0) | 1348 | if (r == 0) |
1350 | return SSH_ERR_CONN_TIMEOUT; | 1349 | return SSH_ERR_CONN_TIMEOUT; |
1351 | /* Read data from the socket. */ | 1350 | /* Read data from the socket. */ |
1352 | do { | 1351 | len = read(state->connection_in, buf, sizeof(buf)); |
1353 | cont = 0; | ||
1354 | len = roaming_read(state->connection_in, buf, | ||
1355 | sizeof(buf), &cont); | ||
1356 | } while (len == 0 && cont); | ||
1357 | if (len == 0) { | 1352 | if (len == 0) { |
1358 | r = SSH_ERR_CONN_CLOSED; | 1353 | r = SSH_ERR_CONN_CLOSED; |
1359 | goto out; | 1354 | goto out; |
@@ -2025,19 +2020,18 @@ ssh_packet_write_poll(struct ssh *ssh) | |||
2025 | { | 2020 | { |
2026 | struct session_state *state = ssh->state; | 2021 | struct session_state *state = ssh->state; |
2027 | int len = sshbuf_len(state->output); | 2022 | int len = sshbuf_len(state->output); |
2028 | int cont, r; | 2023 | int r; |
2029 | 2024 | ||
2030 | if (len > 0) { | 2025 | if (len > 0) { |
2031 | cont = 0; | 2026 | len = write(state->connection_out, |
2032 | len = roaming_write(state->connection_out, | 2027 | sshbuf_ptr(state->output), len); |
2033 | sshbuf_ptr(state->output), len, &cont); | ||
2034 | if (len == -1) { | 2028 | if (len == -1) { |
2035 | if (errno == EINTR || errno == EAGAIN || | 2029 | if (errno == EINTR || errno == EAGAIN || |
2036 | errno == EWOULDBLOCK) | 2030 | errno == EWOULDBLOCK) |
2037 | return 0; | 2031 | return 0; |
2038 | return SSH_ERR_SYSTEM_ERROR; | 2032 | return SSH_ERR_SYSTEM_ERROR; |
2039 | } | 2033 | } |
2040 | if (len == 0 && !cont) | 2034 | if (len == 0) |
2041 | return SSH_ERR_CONN_CLOSED; | 2035 | return SSH_ERR_CONN_CLOSED; |
2042 | if ((r = sshbuf_consume(state->output, len)) != 0) | 2036 | if ((r = sshbuf_consume(state->output, len)) != 0) |
2043 | return r; | 2037 | return r; |
@@ -2314,58 +2308,6 @@ ssh_packet_get_output(struct ssh *ssh) | |||
2314 | return (void *)ssh->state->output; | 2308 | return (void *)ssh->state->output; |
2315 | } | 2309 | } |
2316 | 2310 | ||
2317 | /* XXX TODO update roaming to new API (does not work anyway) */ | ||
2318 | /* | ||
2319 | * Save the state for the real connection, and use a separate state when | ||
2320 | * resuming a suspended connection. | ||
2321 | */ | ||
2322 | void | ||
2323 | ssh_packet_backup_state(struct ssh *ssh, | ||
2324 | struct ssh *backup_state) | ||
2325 | { | ||
2326 | struct ssh *tmp; | ||
2327 | |||
2328 | close(ssh->state->connection_in); | ||
2329 | ssh->state->connection_in = -1; | ||
2330 | close(ssh->state->connection_out); | ||
2331 | ssh->state->connection_out = -1; | ||
2332 | if (backup_state) | ||
2333 | tmp = backup_state; | ||
2334 | else | ||
2335 | tmp = ssh_alloc_session_state(); | ||
2336 | backup_state = ssh; | ||
2337 | ssh = tmp; | ||
2338 | } | ||
2339 | |||
2340 | /* XXX FIXME FIXME FIXME */ | ||
2341 | /* | ||
2342 | * Swap in the old state when resuming a connecion. | ||
2343 | */ | ||
2344 | void | ||
2345 | ssh_packet_restore_state(struct ssh *ssh, | ||
2346 | struct ssh *backup_state) | ||
2347 | { | ||
2348 | struct ssh *tmp; | ||
2349 | u_int len; | ||
2350 | int r; | ||
2351 | |||
2352 | tmp = backup_state; | ||
2353 | backup_state = ssh; | ||
2354 | ssh = tmp; | ||
2355 | ssh->state->connection_in = backup_state->state->connection_in; | ||
2356 | backup_state->state->connection_in = -1; | ||
2357 | ssh->state->connection_out = backup_state->state->connection_out; | ||
2358 | backup_state->state->connection_out = -1; | ||
2359 | len = sshbuf_len(backup_state->state->input); | ||
2360 | if (len > 0) { | ||
2361 | if ((r = sshbuf_putb(ssh->state->input, | ||
2362 | backup_state->state->input)) != 0) | ||
2363 | fatal("%s: %s", __func__, ssh_err(r)); | ||
2364 | sshbuf_reset(backup_state->state->input); | ||
2365 | add_recv_bytes(len); | ||
2366 | } | ||
2367 | } | ||
2368 | |||
2369 | /* Reset after_authentication and reset compression in post-auth privsep */ | 2311 | /* Reset after_authentication and reset compression in post-auth privsep */ |
2370 | static int | 2312 | static int |
2371 | ssh_packet_set_postauth(struct ssh *ssh) | 2313 | ssh_packet_set_postauth(struct ssh *ssh) |
@@ -2515,11 +2457,6 @@ ssh_packet_get_state(struct ssh *ssh, struct sshbuf *m) | |||
2515 | (r = sshbuf_put_stringb(m, state->output)) != 0) | 2457 | (r = sshbuf_put_stringb(m, state->output)) != 0) |
2516 | return r; | 2458 | return r; |
2517 | 2459 | ||
2518 | if (compat20) { | ||
2519 | if ((r = sshbuf_put_u64(m, get_sent_bytes())) != 0 || | ||
2520 | (r = sshbuf_put_u64(m, get_recv_bytes())) != 0) | ||
2521 | return r; | ||
2522 | } | ||
2523 | return 0; | 2460 | return 0; |
2524 | } | 2461 | } |
2525 | 2462 | ||
@@ -2646,7 +2583,6 @@ ssh_packet_set_state(struct ssh *ssh, struct sshbuf *m) | |||
2646 | size_t ssh1keylen, rlen, slen, ilen, olen; | 2583 | size_t ssh1keylen, rlen, slen, ilen, olen; |
2647 | int r; | 2584 | int r; |
2648 | u_int ssh1cipher = 0; | 2585 | u_int ssh1cipher = 0; |
2649 | u_int64_t sent_bytes = 0, recv_bytes = 0; | ||
2650 | 2586 | ||
2651 | if (!compat20) { | 2587 | if (!compat20) { |
2652 | if ((r = sshbuf_get_u32(m, &state->remote_protocol_flags)) != 0 || | 2588 | if ((r = sshbuf_get_u32(m, &state->remote_protocol_flags)) != 0 || |
@@ -2711,12 +2647,6 @@ ssh_packet_set_state(struct ssh *ssh, struct sshbuf *m) | |||
2711 | (r = sshbuf_put(state->output, output, olen)) != 0) | 2647 | (r = sshbuf_put(state->output, output, olen)) != 0) |
2712 | return r; | 2648 | return r; |
2713 | 2649 | ||
2714 | if (compat20) { | ||
2715 | if ((r = sshbuf_get_u64(m, &sent_bytes)) != 0 || | ||
2716 | (r = sshbuf_get_u64(m, &recv_bytes)) != 0) | ||
2717 | return r; | ||
2718 | roam_set_bytes(sent_bytes, recv_bytes); | ||
2719 | } | ||
2720 | if (sshbuf_len(m)) | 2650 | if (sshbuf_len(m)) |
2721 | return SSH_ERR_INVALID_FORMAT; | 2651 | return SSH_ERR_INVALID_FORMAT; |
2722 | debug3("%s: done", __func__); | 2652 | debug3("%s: done", __func__); |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: packet.h,v 1.67 2015/12/11 03:24:25 djm Exp $ */ | 1 | /* $OpenBSD: packet.h,v 1.68 2016/01/14 16:17:40 markus Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
@@ -149,10 +149,6 @@ int ssh_packet_need_rekeying(struct ssh *); | |||
149 | void ssh_packet_set_rekey_limits(struct ssh *, u_int32_t, time_t); | 149 | void ssh_packet_set_rekey_limits(struct ssh *, u_int32_t, time_t); |
150 | time_t ssh_packet_get_rekey_timeout(struct ssh *); | 150 | time_t ssh_packet_get_rekey_timeout(struct ssh *); |
151 | 151 | ||
152 | /* XXX FIXME */ | ||
153 | void ssh_packet_backup_state(struct ssh *, struct ssh *); | ||
154 | void ssh_packet_restore_state(struct ssh *, struct ssh *); | ||
155 | |||
156 | void *ssh_packet_get_input(struct ssh *); | 152 | void *ssh_packet_get_input(struct ssh *); |
157 | void *ssh_packet_get_output(struct ssh *); | 153 | void *ssh_packet_get_output(struct ssh *); |
158 | 154 | ||
diff --git a/readconf.c b/readconf.c index bf1250738..8e9a25da7 100644 --- a/readconf.c +++ b/readconf.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: readconf.c,v 1.247 2016/01/14 14:34:34 deraadt Exp $ */ | 1 | /* $OpenBSD: readconf.c,v 1.248 2016/01/14 16:17:40 markus Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -152,7 +152,7 @@ typedef enum { | |||
152 | oSendEnv, oControlPath, oControlMaster, oControlPersist, | 152 | oSendEnv, oControlPath, oControlMaster, oControlPersist, |
153 | oHashKnownHosts, | 153 | oHashKnownHosts, |
154 | oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, | 154 | oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, |
155 | oVisualHostKey, oUseRoaming, | 155 | oVisualHostKey, |
156 | oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown, oProxyUseFdpass, | 156 | oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown, oProxyUseFdpass, |
157 | oCanonicalDomains, oCanonicalizeHostname, oCanonicalizeMaxDots, | 157 | oCanonicalDomains, oCanonicalizeHostname, oCanonicalizeMaxDots, |
158 | oCanonicalizeFallbackLocal, oCanonicalizePermittedCNAMEs, | 158 | oCanonicalizeFallbackLocal, oCanonicalizePermittedCNAMEs, |
@@ -263,7 +263,7 @@ static struct { | |||
263 | { "localcommand", oLocalCommand }, | 263 | { "localcommand", oLocalCommand }, |
264 | { "permitlocalcommand", oPermitLocalCommand }, | 264 | { "permitlocalcommand", oPermitLocalCommand }, |
265 | { "visualhostkey", oVisualHostKey }, | 265 | { "visualhostkey", oVisualHostKey }, |
266 | { "useroaming", oUseRoaming }, | 266 | { "useroaming", oDeprecated }, |
267 | { "kexalgorithms", oKexAlgorithms }, | 267 | { "kexalgorithms", oKexAlgorithms }, |
268 | { "ipqos", oIPQoS }, | 268 | { "ipqos", oIPQoS }, |
269 | { "requesttty", oRequestTTY }, | 269 | { "requesttty", oRequestTTY }, |
@@ -1425,10 +1425,6 @@ parse_keytypes: | |||
1425 | } | 1425 | } |
1426 | break; | 1426 | break; |
1427 | 1427 | ||
1428 | case oUseRoaming: | ||
1429 | intptr = &options->use_roaming; | ||
1430 | goto parse_flag; | ||
1431 | |||
1432 | case oRequestTTY: | 1428 | case oRequestTTY: |
1433 | intptr = &options->request_tty; | 1429 | intptr = &options->request_tty; |
1434 | multistate_ptr = multistate_requesttty; | 1430 | multistate_ptr = multistate_requesttty; |
@@ -1713,7 +1709,6 @@ initialize_options(Options * options) | |||
1713 | options->tun_remote = -1; | 1709 | options->tun_remote = -1; |
1714 | options->local_command = NULL; | 1710 | options->local_command = NULL; |
1715 | options->permit_local_command = -1; | 1711 | options->permit_local_command = -1; |
1716 | options->use_roaming = 0; | ||
1717 | options->add_keys_to_agent = -1; | 1712 | options->add_keys_to_agent = -1; |
1718 | options->visual_host_key = -1; | 1713 | options->visual_host_key = -1; |
1719 | options->ip_qos_interactive = -1; | 1714 | options->ip_qos_interactive = -1; |
@@ -1889,7 +1884,6 @@ fill_default_options(Options * options) | |||
1889 | options->tun_remote = SSH_TUNID_ANY; | 1884 | options->tun_remote = SSH_TUNID_ANY; |
1890 | if (options->permit_local_command == -1) | 1885 | if (options->permit_local_command == -1) |
1891 | options->permit_local_command = 0; | 1886 | options->permit_local_command = 0; |
1892 | options->use_roaming = 0; | ||
1893 | if (options->visual_host_key == -1) | 1887 | if (options->visual_host_key == -1) |
1894 | options->visual_host_key = 0; | 1888 | options->visual_host_key = 0; |
1895 | if (options->ip_qos_interactive == -1) | 1889 | if (options->ip_qos_interactive == -1) |
diff --git a/readconf.h b/readconf.h index 2034bfd9d..c84d068bd 100644 --- a/readconf.h +++ b/readconf.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: readconf.h,v 1.112 2015/11/15 22:26:49 jcs Exp $ */ | 1 | /* $OpenBSD: readconf.h,v 1.113 2016/01/14 16:17:40 markus Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
@@ -137,8 +137,6 @@ typedef struct { | |||
137 | int permit_local_command; | 137 | int permit_local_command; |
138 | int visual_host_key; | 138 | int visual_host_key; |
139 | 139 | ||
140 | int use_roaming; | ||
141 | |||
142 | int request_tty; | 140 | int request_tty; |
143 | 141 | ||
144 | int proxy_use_fdpass; | 142 | int proxy_use_fdpass; |
@@ -1,45 +0,0 @@ | |||
1 | /* $OpenBSD: roaming.h,v 1.6 2011/12/07 05:44:38 djm Exp $ */ | ||
2 | /* | ||
3 | * Copyright (c) 2004-2009 AppGate Network Security AB | ||
4 | * | ||
5 | * Permission to use, copy, modify, and distribute this software for any | ||
6 | * purpose with or without fee is hereby granted, provided that the above | ||
7 | * copyright notice and this permission notice appear in all copies. | ||
8 | * | ||
9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES | ||
10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | ||
11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR | ||
12 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES | ||
13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN | ||
14 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF | ||
15 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | ||
16 | */ | ||
17 | |||
18 | #ifndef ROAMING_H | ||
19 | #define ROAMING_H | ||
20 | |||
21 | #define DEFAULT_ROAMBUF 65536 | ||
22 | #define MAX_ROAMBUF (2*1024*1024) /* XXX arbitrary */ | ||
23 | #define ROAMING_REQUEST "roaming@appgate.com" | ||
24 | |||
25 | extern int roaming_enabled; | ||
26 | extern int resume_in_progress; | ||
27 | |||
28 | void request_roaming(void); | ||
29 | int get_snd_buf_size(void); | ||
30 | int get_recv_buf_size(void); | ||
31 | void add_recv_bytes(u_int64_t); | ||
32 | int wait_for_roaming_reconnect(void); | ||
33 | void roaming_reply(int, u_int32_t, void *); | ||
34 | void set_out_buffer_size(size_t); | ||
35 | ssize_t roaming_write(int, const void *, size_t, int *); | ||
36 | ssize_t roaming_read(int, void *, size_t, int *); | ||
37 | size_t roaming_atomicio(ssize_t (*)(int, void *, size_t), int, void *, size_t); | ||
38 | u_int64_t get_recv_bytes(void); | ||
39 | u_int64_t get_sent_bytes(void); | ||
40 | void roam_set_bytes(u_int64_t, u_int64_t); | ||
41 | void resend_bytes(int, u_int64_t *); | ||
42 | void calculate_new_key(u_int64_t *, u_int64_t, u_int64_t); | ||
43 | int resume_kex(void); | ||
44 | |||
45 | #endif /* ROAMING */ | ||
diff --git a/roaming_client.c b/roaming_client.c deleted file mode 100644 index cb1328574..000000000 --- a/roaming_client.c +++ /dev/null | |||
@@ -1,271 +0,0 @@ | |||
1 | /* $OpenBSD: roaming_client.c,v 1.9 2015/01/27 12:54:06 okan Exp $ */ | ||
2 | /* | ||
3 | * Copyright (c) 2004-2009 AppGate Network Security AB | ||
4 | * | ||
5 | * Permission to use, copy, modify, and distribute this software for any | ||
6 | * purpose with or without fee is hereby granted, provided that the above | ||
7 | * copyright notice and this permission notice appear in all copies. | ||
8 | * | ||
9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES | ||
10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | ||
11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR | ||
12 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES | ||
13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN | ||
14 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF | ||
15 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | ||
16 | */ | ||
17 | |||
18 | #include "includes.h" | ||
19 | |||
20 | #include "openbsd-compat/sys-queue.h" | ||
21 | #include <sys/types.h> | ||
22 | #include <sys/socket.h> | ||
23 | |||
24 | #include <signal.h> | ||
25 | #include <string.h> | ||
26 | #include <unistd.h> | ||
27 | |||
28 | #include "xmalloc.h" | ||
29 | #include "buffer.h" | ||
30 | #include "channels.h" | ||
31 | #include "cipher.h" | ||
32 | #include "dispatch.h" | ||
33 | #include "clientloop.h" | ||
34 | #include "log.h" | ||
35 | #include "match.h" | ||
36 | #include "misc.h" | ||
37 | #include "packet.h" | ||
38 | #include "ssh.h" | ||
39 | #include "key.h" | ||
40 | #include "kex.h" | ||
41 | #include "readconf.h" | ||
42 | #include "roaming.h" | ||
43 | #include "ssh2.h" | ||
44 | #include "sshconnect.h" | ||
45 | #include "digest.h" | ||
46 | |||
47 | /* import */ | ||
48 | extern Options options; | ||
49 | extern char *host; | ||
50 | extern struct sockaddr_storage hostaddr; | ||
51 | extern int session_resumed; | ||
52 | |||
53 | static u_int32_t roaming_id; | ||
54 | static u_int64_t cookie; | ||
55 | static u_int64_t lastseenchall; | ||
56 | static u_int64_t key1, key2, oldkey1, oldkey2; | ||
57 | |||
58 | void | ||
59 | roaming_reply(int type, u_int32_t seq, void *ctxt) | ||
60 | { | ||
61 | if (type == SSH2_MSG_REQUEST_FAILURE) { | ||
62 | logit("Server denied roaming"); | ||
63 | return; | ||
64 | } | ||
65 | verbose("Roaming enabled"); | ||
66 | roaming_id = packet_get_int(); | ||
67 | cookie = packet_get_int64(); | ||
68 | key1 = oldkey1 = packet_get_int64(); | ||
69 | key2 = oldkey2 = packet_get_int64(); | ||
70 | set_out_buffer_size(packet_get_int() + get_snd_buf_size()); | ||
71 | roaming_enabled = 1; | ||
72 | } | ||
73 | |||
74 | void | ||
75 | request_roaming(void) | ||
76 | { | ||
77 | packet_start(SSH2_MSG_GLOBAL_REQUEST); | ||
78 | packet_put_cstring(ROAMING_REQUEST); | ||
79 | packet_put_char(1); | ||
80 | packet_put_int(get_recv_buf_size()); | ||
81 | packet_send(); | ||
82 | client_register_global_confirm(roaming_reply, NULL); | ||
83 | } | ||
84 | |||
85 | static void | ||
86 | roaming_auth_required(void) | ||
87 | { | ||
88 | u_char digest[SSH_DIGEST_MAX_LENGTH]; | ||
89 | Buffer b; | ||
90 | u_int64_t chall, oldchall; | ||
91 | |||
92 | chall = packet_get_int64(); | ||
93 | oldchall = packet_get_int64(); | ||
94 | if (oldchall != lastseenchall) { | ||
95 | key1 = oldkey1; | ||
96 | key2 = oldkey2; | ||
97 | } | ||
98 | lastseenchall = chall; | ||
99 | |||
100 | buffer_init(&b); | ||
101 | buffer_put_int64(&b, cookie); | ||
102 | buffer_put_int64(&b, chall); | ||
103 | if (ssh_digest_buffer(SSH_DIGEST_SHA1, &b, digest, sizeof(digest)) != 0) | ||
104 | fatal("%s: ssh_digest_buffer failed", __func__); | ||
105 | buffer_free(&b); | ||
106 | |||
107 | packet_start(SSH2_MSG_KEX_ROAMING_AUTH); | ||
108 | packet_put_int64(key1 ^ get_recv_bytes()); | ||
109 | packet_put_raw(digest, ssh_digest_bytes(SSH_DIGEST_SHA1)); | ||
110 | packet_send(); | ||
111 | |||
112 | oldkey1 = key1; | ||
113 | oldkey2 = key2; | ||
114 | calculate_new_key(&key1, cookie, chall); | ||
115 | calculate_new_key(&key2, cookie, chall); | ||
116 | |||
117 | debug("Received %llu bytes", (unsigned long long)get_recv_bytes()); | ||
118 | debug("Sent roaming_auth packet"); | ||
119 | } | ||
120 | |||
121 | int | ||
122 | resume_kex(void) | ||
123 | { | ||
124 | /* | ||
125 | * This should not happen - if the client sends the kex method | ||
126 | * resume@appgate.com then the kex is done in roaming_resume(). | ||
127 | */ | ||
128 | return 1; | ||
129 | } | ||
130 | |||
131 | static int | ||
132 | roaming_resume(void) | ||
133 | { | ||
134 | u_int64_t recv_bytes; | ||
135 | char *str = NULL, *kexlist = NULL, *c; | ||
136 | int i, type; | ||
137 | int timeout_ms = options.connection_timeout * 1000; | ||
138 | u_int len; | ||
139 | u_int32_t rnd = 0; | ||
140 | |||
141 | resume_in_progress = 1; | ||
142 | |||
143 | /* Exchange banners */ | ||
144 | ssh_exchange_identification(timeout_ms); | ||
145 | packet_set_nonblocking(); | ||
146 | |||
147 | /* Send a kexinit message with resume@appgate.com as only kex algo */ | ||
148 | packet_start(SSH2_MSG_KEXINIT); | ||
149 | for (i = 0; i < KEX_COOKIE_LEN; i++) { | ||
150 | if (i % 4 == 0) | ||
151 | rnd = arc4random(); | ||
152 | packet_put_char(rnd & 0xff); | ||
153 | rnd >>= 8; | ||
154 | } | ||
155 | packet_put_cstring(KEX_RESUME); | ||
156 | for (i = 1; i < PROPOSAL_MAX; i++) { | ||
157 | /* kex algorithm added so start with i=1 and not 0 */ | ||
158 | packet_put_cstring(""); /* Not used when we resume */ | ||
159 | } | ||
160 | packet_put_char(1); /* first kex_packet follows */ | ||
161 | packet_put_int(0); /* reserved */ | ||
162 | packet_send(); | ||
163 | |||
164 | /* Assume that resume@appgate.com will be accepted */ | ||
165 | packet_start(SSH2_MSG_KEX_ROAMING_RESUME); | ||
166 | packet_put_int(roaming_id); | ||
167 | packet_send(); | ||
168 | |||
169 | /* Read the server's kexinit and check for resume@appgate.com */ | ||
170 | if ((type = packet_read()) != SSH2_MSG_KEXINIT) { | ||
171 | debug("expected kexinit on resume, got %d", type); | ||
172 | goto fail; | ||
173 | } | ||
174 | for (i = 0; i < KEX_COOKIE_LEN; i++) | ||
175 | (void)packet_get_char(); | ||
176 | kexlist = packet_get_string(&len); | ||
177 | if (!kexlist | ||
178 | || (str = match_list(KEX_RESUME, kexlist, NULL)) == NULL) { | ||
179 | debug("server doesn't allow resume"); | ||
180 | goto fail; | ||
181 | } | ||
182 | free(str); | ||
183 | for (i = 1; i < PROPOSAL_MAX; i++) { | ||
184 | /* kex algorithm taken care of so start with i=1 and not 0 */ | ||
185 | free(packet_get_string(&len)); | ||
186 | } | ||
187 | i = packet_get_char(); /* first_kex_packet_follows */ | ||
188 | if (i && (c = strchr(kexlist, ','))) | ||
189 | *c = 0; | ||
190 | if (i && strcmp(kexlist, KEX_RESUME)) { | ||
191 | debug("server's kex guess (%s) was wrong, skipping", kexlist); | ||
192 | (void)packet_read(); /* Wrong guess - discard packet */ | ||
193 | } | ||
194 | |||
195 | /* | ||
196 | * Read the ROAMING_AUTH_REQUIRED challenge from the server and | ||
197 | * send ROAMING_AUTH | ||
198 | */ | ||
199 | if ((type = packet_read()) != SSH2_MSG_KEX_ROAMING_AUTH_REQUIRED) { | ||
200 | debug("expected roaming_auth_required, got %d", type); | ||
201 | goto fail; | ||
202 | } | ||
203 | roaming_auth_required(); | ||
204 | |||
205 | /* Read ROAMING_AUTH_OK from the server */ | ||
206 | if ((type = packet_read()) != SSH2_MSG_KEX_ROAMING_AUTH_OK) { | ||
207 | debug("expected roaming_auth_ok, got %d", type); | ||
208 | goto fail; | ||
209 | } | ||
210 | recv_bytes = packet_get_int64() ^ oldkey2; | ||
211 | debug("Peer received %llu bytes", (unsigned long long)recv_bytes); | ||
212 | resend_bytes(packet_get_connection_out(), &recv_bytes); | ||
213 | |||
214 | resume_in_progress = 0; | ||
215 | |||
216 | session_resumed = 1; /* Tell clientloop */ | ||
217 | |||
218 | return 0; | ||
219 | |||
220 | fail: | ||
221 | free(kexlist); | ||
222 | if (packet_get_connection_in() == packet_get_connection_out()) | ||
223 | close(packet_get_connection_in()); | ||
224 | else { | ||
225 | close(packet_get_connection_in()); | ||
226 | close(packet_get_connection_out()); | ||
227 | } | ||
228 | return 1; | ||
229 | } | ||
230 | |||
231 | int | ||
232 | wait_for_roaming_reconnect(void) | ||
233 | { | ||
234 | static int reenter_guard = 0; | ||
235 | int timeout_ms = options.connection_timeout * 1000; | ||
236 | int c; | ||
237 | |||
238 | if (reenter_guard != 0) | ||
239 | fatal("Server refused resume, roaming timeout may be exceeded"); | ||
240 | reenter_guard = 1; | ||
241 | |||
242 | fprintf(stderr, "[connection suspended, press return to resume]"); | ||
243 | fflush(stderr); | ||
244 | packet_backup_state(); | ||
245 | /* TODO Perhaps we should read from tty here */ | ||
246 | while ((c = fgetc(stdin)) != EOF) { | ||
247 | if (c == 'Z' - 64) { | ||
248 | kill(getpid(), SIGTSTP); | ||
249 | continue; | ||
250 | } | ||
251 | if (c != '\n' && c != '\r') | ||
252 | continue; | ||
253 | |||
254 | if (ssh_connect(host, NULL, &hostaddr, options.port, | ||
255 | options.address_family, 1, &timeout_ms, | ||
256 | options.tcp_keep_alive, options.use_privileged_port) == 0 && | ||
257 | roaming_resume() == 0) { | ||
258 | packet_restore_state(); | ||
259 | reenter_guard = 0; | ||
260 | fprintf(stderr, "[connection resumed]\n"); | ||
261 | fflush(stderr); | ||
262 | return 0; | ||
263 | } | ||
264 | |||
265 | fprintf(stderr, "[reconnect failed, press return to retry]"); | ||
266 | fflush(stderr); | ||
267 | } | ||
268 | fprintf(stderr, "[exiting]\n"); | ||
269 | fflush(stderr); | ||
270 | exit(0); | ||
271 | } | ||
diff --git a/roaming_common.c b/roaming_common.c deleted file mode 100644 index ea064605c..000000000 --- a/roaming_common.c +++ /dev/null | |||
@@ -1,241 +0,0 @@ | |||
1 | /* $OpenBSD: roaming_common.c,v 1.13 2015/01/27 12:54:06 okan Exp $ */ | ||
2 | /* | ||
3 | * Copyright (c) 2004-2009 AppGate Network Security AB | ||
4 | * | ||
5 | * Permission to use, copy, modify, and distribute this software for any | ||
6 | * purpose with or without fee is hereby granted, provided that the above | ||
7 | * copyright notice and this permission notice appear in all copies. | ||
8 | * | ||
9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES | ||
10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | ||
11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR | ||
12 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES | ||
13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN | ||
14 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF | ||
15 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | ||
16 | */ | ||
17 | |||
18 | #include "includes.h" | ||
19 | |||
20 | #include <sys/types.h> | ||
21 | #include <sys/socket.h> | ||
22 | #include <sys/uio.h> | ||
23 | |||
24 | #include <errno.h> | ||
25 | #include <stdarg.h> | ||
26 | #include <string.h> | ||
27 | #include <unistd.h> | ||
28 | |||
29 | #include "atomicio.h" | ||
30 | #include "log.h" | ||
31 | #include "packet.h" | ||
32 | #include "xmalloc.h" | ||
33 | #include "cipher.h" | ||
34 | #include "buffer.h" | ||
35 | #include "roaming.h" | ||
36 | #include "digest.h" | ||
37 | |||
38 | static size_t out_buf_size = 0; | ||
39 | static char *out_buf = NULL; | ||
40 | static size_t out_start; | ||
41 | static size_t out_last; | ||
42 | |||
43 | static u_int64_t write_bytes = 0; | ||
44 | static u_int64_t read_bytes = 0; | ||
45 | |||
46 | int roaming_enabled = 0; | ||
47 | int resume_in_progress = 0; | ||
48 | |||
49 | int | ||
50 | get_snd_buf_size(void) | ||
51 | { | ||
52 | int fd = packet_get_connection_out(); | ||
53 | int optval; | ||
54 | socklen_t optvallen = sizeof(optval); | ||
55 | |||
56 | if (getsockopt(fd, SOL_SOCKET, SO_SNDBUF, &optval, &optvallen) != 0) | ||
57 | optval = DEFAULT_ROAMBUF; | ||
58 | return optval; | ||
59 | } | ||
60 | |||
61 | int | ||
62 | get_recv_buf_size(void) | ||
63 | { | ||
64 | int fd = packet_get_connection_in(); | ||
65 | int optval; | ||
66 | socklen_t optvallen = sizeof(optval); | ||
67 | |||
68 | if (getsockopt(fd, SOL_SOCKET, SO_RCVBUF, &optval, &optvallen) != 0) | ||
69 | optval = DEFAULT_ROAMBUF; | ||
70 | return optval; | ||
71 | } | ||
72 | |||
73 | void | ||
74 | set_out_buffer_size(size_t size) | ||
75 | { | ||
76 | if (size == 0 || size > MAX_ROAMBUF) | ||
77 | fatal("%s: bad buffer size %lu", __func__, (u_long)size); | ||
78 | /* | ||
79 | * The buffer size can only be set once and the buffer will live | ||
80 | * as long as the session lives. | ||
81 | */ | ||
82 | if (out_buf == NULL) { | ||
83 | out_buf_size = size; | ||
84 | out_buf = xmalloc(size); | ||
85 | out_start = 0; | ||
86 | out_last = 0; | ||
87 | } | ||
88 | } | ||
89 | |||
90 | u_int64_t | ||
91 | get_recv_bytes(void) | ||
92 | { | ||
93 | return read_bytes; | ||
94 | } | ||
95 | |||
96 | void | ||
97 | add_recv_bytes(u_int64_t num) | ||
98 | { | ||
99 | read_bytes += num; | ||
100 | } | ||
101 | |||
102 | u_int64_t | ||
103 | get_sent_bytes(void) | ||
104 | { | ||
105 | return write_bytes; | ||
106 | } | ||
107 | |||
108 | void | ||
109 | roam_set_bytes(u_int64_t sent, u_int64_t recvd) | ||
110 | { | ||
111 | read_bytes = recvd; | ||
112 | write_bytes = sent; | ||
113 | } | ||
114 | |||
115 | static void | ||
116 | buf_append(const char *buf, size_t count) | ||
117 | { | ||
118 | if (count > out_buf_size) { | ||
119 | buf += count - out_buf_size; | ||
120 | count = out_buf_size; | ||
121 | } | ||
122 | if (count < out_buf_size - out_last) { | ||
123 | memcpy(out_buf + out_last, buf, count); | ||
124 | if (out_start > out_last) | ||
125 | out_start += count; | ||
126 | out_last += count; | ||
127 | } else { | ||
128 | /* data will wrap */ | ||
129 | size_t chunk = out_buf_size - out_last; | ||
130 | memcpy(out_buf + out_last, buf, chunk); | ||
131 | memcpy(out_buf, buf + chunk, count - chunk); | ||
132 | out_last = count - chunk; | ||
133 | out_start = out_last + 1; | ||
134 | } | ||
135 | } | ||
136 | |||
137 | ssize_t | ||
138 | roaming_write(int fd, const void *buf, size_t count, int *cont) | ||
139 | { | ||
140 | ssize_t ret; | ||
141 | |||
142 | ret = write(fd, buf, count); | ||
143 | if (ret > 0 && !resume_in_progress) { | ||
144 | write_bytes += ret; | ||
145 | if (out_buf_size > 0) | ||
146 | buf_append(buf, ret); | ||
147 | } | ||
148 | if (out_buf_size > 0 && | ||
149 | (ret == 0 || (ret == -1 && errno == EPIPE))) { | ||
150 | if (wait_for_roaming_reconnect() != 0) { | ||
151 | ret = 0; | ||
152 | *cont = 1; | ||
153 | } else { | ||
154 | ret = -1; | ||
155 | errno = EAGAIN; | ||
156 | } | ||
157 | } | ||
158 | return ret; | ||
159 | } | ||
160 | |||
161 | ssize_t | ||
162 | roaming_read(int fd, void *buf, size_t count, int *cont) | ||
163 | { | ||
164 | ssize_t ret = read(fd, buf, count); | ||
165 | if (ret > 0) { | ||
166 | if (!resume_in_progress) { | ||
167 | read_bytes += ret; | ||
168 | } | ||
169 | } else if (out_buf_size > 0 && | ||
170 | (ret == 0 || (ret == -1 && (errno == ECONNRESET | ||
171 | || errno == ECONNABORTED || errno == ETIMEDOUT | ||
172 | || errno == EHOSTUNREACH)))) { | ||
173 | debug("roaming_read failed for %d ret=%ld errno=%d", | ||
174 | fd, (long)ret, errno); | ||
175 | ret = 0; | ||
176 | if (wait_for_roaming_reconnect() == 0) | ||
177 | *cont = 1; | ||
178 | } | ||
179 | return ret; | ||
180 | } | ||
181 | |||
182 | size_t | ||
183 | roaming_atomicio(ssize_t(*f)(int, void*, size_t), int fd, void *buf, | ||
184 | size_t count) | ||
185 | { | ||
186 | size_t ret = atomicio(f, fd, buf, count); | ||
187 | |||
188 | if (f == vwrite && ret > 0 && !resume_in_progress) { | ||
189 | write_bytes += ret; | ||
190 | } else if (f == read && ret > 0 && !resume_in_progress) { | ||
191 | read_bytes += ret; | ||
192 | } | ||
193 | return ret; | ||
194 | } | ||
195 | |||
196 | void | ||
197 | resend_bytes(int fd, u_int64_t *offset) | ||
198 | { | ||
199 | size_t available, needed; | ||
200 | |||
201 | if (out_start < out_last) | ||
202 | available = out_last - out_start; | ||
203 | else | ||
204 | available = out_buf_size; | ||
205 | needed = write_bytes - *offset; | ||
206 | debug3("resend_bytes: resend %lu bytes from %llu", | ||
207 | (unsigned long)needed, (unsigned long long)*offset); | ||
208 | if (needed > available) | ||
209 | fatal("Needed to resend more data than in the cache"); | ||
210 | if (out_last < needed) { | ||
211 | int chunkend = needed - out_last; | ||
212 | atomicio(vwrite, fd, out_buf + out_buf_size - chunkend, | ||
213 | chunkend); | ||
214 | atomicio(vwrite, fd, out_buf, out_last); | ||
215 | } else { | ||
216 | atomicio(vwrite, fd, out_buf + (out_last - needed), needed); | ||
217 | } | ||
218 | } | ||
219 | |||
220 | /* | ||
221 | * Caclulate a new key after a reconnect | ||
222 | */ | ||
223 | void | ||
224 | calculate_new_key(u_int64_t *key, u_int64_t cookie, u_int64_t challenge) | ||
225 | { | ||
226 | u_char hash[SSH_DIGEST_MAX_LENGTH]; | ||
227 | Buffer b; | ||
228 | |||
229 | buffer_init(&b); | ||
230 | buffer_put_int64(&b, *key); | ||
231 | buffer_put_int64(&b, cookie); | ||
232 | buffer_put_int64(&b, challenge); | ||
233 | |||
234 | if (ssh_digest_buffer(SSH_DIGEST_SHA1, &b, hash, sizeof(hash)) != 0) | ||
235 | fatal("%s: digest_buffer failed", __func__); | ||
236 | |||
237 | buffer_clear(&b); | ||
238 | buffer_append(&b, hash, ssh_digest_bytes(SSH_DIGEST_SHA1)); | ||
239 | *key = buffer_get_int64(&b); | ||
240 | buffer_free(&b); | ||
241 | } | ||
diff --git a/roaming_dummy.c b/roaming_dummy.c deleted file mode 100644 index 837de695d..000000000 --- a/roaming_dummy.c +++ /dev/null | |||
@@ -1,72 +0,0 @@ | |||
1 | /* $OpenBSD: roaming_dummy.c,v 1.4 2015/01/19 19:52:16 markus Exp $ */ | ||
2 | /* | ||
3 | * Copyright (c) 2004-2009 AppGate Network Security AB | ||
4 | * | ||
5 | * Permission to use, copy, modify, and distribute this software for any | ||
6 | * purpose with or without fee is hereby granted, provided that the above | ||
7 | * copyright notice and this permission notice appear in all copies. | ||
8 | * | ||
9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES | ||
10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | ||
11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR | ||
12 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES | ||
13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN | ||
14 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF | ||
15 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | ||
16 | */ | ||
17 | |||
18 | /* | ||
19 | * This file is included in the client programs which should not | ||
20 | * support roaming. | ||
21 | */ | ||
22 | |||
23 | #include "includes.h" | ||
24 | |||
25 | #include <sys/types.h> | ||
26 | #include <unistd.h> | ||
27 | |||
28 | #include "roaming.h" | ||
29 | |||
30 | int resume_in_progress = 0; | ||
31 | |||
32 | u_int64_t | ||
33 | get_recv_bytes(void) | ||
34 | { | ||
35 | return 0; | ||
36 | } | ||
37 | |||
38 | u_int64_t | ||
39 | get_sent_bytes(void) | ||
40 | { | ||
41 | return 0; | ||
42 | } | ||
43 | |||
44 | void | ||
45 | roam_set_bytes(u_int64_t sent, u_int64_t recvd) | ||
46 | { | ||
47 | } | ||
48 | |||
49 | ssize_t | ||
50 | roaming_write(int fd, const void *buf, size_t count, int *cont) | ||
51 | { | ||
52 | return write(fd, buf, count); | ||
53 | } | ||
54 | |||
55 | ssize_t | ||
56 | roaming_read(int fd, void *buf, size_t count, int *cont) | ||
57 | { | ||
58 | if (cont) | ||
59 | *cont = 0; | ||
60 | return read(fd, buf, count); | ||
61 | } | ||
62 | |||
63 | void | ||
64 | add_recv_bytes(u_int64_t num) | ||
65 | { | ||
66 | } | ||
67 | |||
68 | int | ||
69 | resume_kex(void) | ||
70 | { | ||
71 | return 1; | ||
72 | } | ||
diff --git a/roaming_serv.c b/roaming_serv.c deleted file mode 100644 index 511ca8461..000000000 --- a/roaming_serv.c +++ /dev/null | |||
@@ -1,31 +0,0 @@ | |||
1 | /* $OpenBSD: roaming_serv.c,v 1.1 2009/10/24 11:18:23 andreas Exp $ */ | ||
2 | /* | ||
3 | * Copyright (c) 2004-2009 AppGate Network Security AB | ||
4 | * | ||
5 | * Permission to use, copy, modify, and distribute this software for any | ||
6 | * purpose with or without fee is hereby granted, provided that the above | ||
7 | * copyright notice and this permission notice appear in all copies. | ||
8 | * | ||
9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES | ||
10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | ||
11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR | ||
12 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES | ||
13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN | ||
14 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF | ||
15 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | ||
16 | */ | ||
17 | |||
18 | #include "includes.h" | ||
19 | |||
20 | #include <sys/types.h> | ||
21 | |||
22 | #include "roaming.h" | ||
23 | |||
24 | /* | ||
25 | * Wait for the roaming client to reconnect. Returns 0 if a connect ocurred. | ||
26 | */ | ||
27 | int | ||
28 | wait_for_roaming_reconnect(void) | ||
29 | { | ||
30 | return 1; | ||
31 | } | ||
diff --git a/serverloop.c b/serverloop.c index 85fc8d3af..47bc168b2 100644 --- a/serverloop.c +++ b/serverloop.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: serverloop.c,v 1.180 2015/12/04 16:41:28 markus Exp $ */ | 1 | /* $OpenBSD: serverloop.c,v 1.181 2016/01/14 16:17:40 markus Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -78,7 +78,6 @@ | |||
78 | #include "dispatch.h" | 78 | #include "dispatch.h" |
79 | #include "auth-options.h" | 79 | #include "auth-options.h" |
80 | #include "serverloop.h" | 80 | #include "serverloop.h" |
81 | #include "roaming.h" | ||
82 | #include "ssherr.h" | 81 | #include "ssherr.h" |
83 | 82 | ||
84 | extern ServerOptions options; | 83 | extern ServerOptions options; |
@@ -399,11 +398,8 @@ process_input(fd_set *readset) | |||
399 | 398 | ||
400 | /* Read and buffer any input data from the client. */ | 399 | /* Read and buffer any input data from the client. */ |
401 | if (FD_ISSET(connection_in, readset)) { | 400 | if (FD_ISSET(connection_in, readset)) { |
402 | int cont = 0; | 401 | len = read(connection_in, buf, sizeof(buf)); |
403 | len = roaming_read(connection_in, buf, sizeof(buf), &cont); | ||
404 | if (len == 0) { | 402 | if (len == 0) { |
405 | if (cont) | ||
406 | return; | ||
407 | verbose("Connection closed by %.100s", | 403 | verbose("Connection closed by %.100s", |
408 | get_remote_ipaddr()); | 404 | get_remote_ipaddr()); |
409 | connection_closed = 1; | 405 | connection_closed = 1; |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh.c,v 1.434 2016/01/14 14:34:34 deraadt Exp $ */ | 1 | /* $OpenBSD: ssh.c,v 1.435 2016/01/14 16:17:40 markus Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -105,7 +105,6 @@ | |||
105 | #include "match.h" | 105 | #include "match.h" |
106 | #include "msg.h" | 106 | #include "msg.h" |
107 | #include "uidswap.h" | 107 | #include "uidswap.h" |
108 | #include "roaming.h" | ||
109 | #include "version.h" | 108 | #include "version.h" |
110 | #include "ssherr.h" | 109 | #include "ssherr.h" |
111 | #include "myproposal.h" | 110 | #include "myproposal.h" |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh2.h,v 1.16 2015/12/04 16:41:28 markus Exp $ */ | 1 | /* $OpenBSD: ssh2.h,v 1.17 2016/01/14 16:17:40 markus Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
@@ -165,13 +165,6 @@ | |||
165 | 165 | ||
166 | #define SSH2_EXTENDED_DATA_STDERR 1 | 166 | #define SSH2_EXTENDED_DATA_STDERR 1 |
167 | 167 | ||
168 | /* kex messages for resume@appgate.com */ | ||
169 | #define SSH2_MSG_KEX_ROAMING_RESUME 30 | ||
170 | #define SSH2_MSG_KEX_ROAMING_AUTH_REQUIRED 31 | ||
171 | #define SSH2_MSG_KEX_ROAMING_AUTH 32 | ||
172 | #define SSH2_MSG_KEX_ROAMING_AUTH_OK 33 | ||
173 | #define SSH2_MSG_KEX_ROAMING_AUTH_FAIL 34 | ||
174 | |||
175 | /* Certificate types for OpenSSH certificate keys extension */ | 168 | /* Certificate types for OpenSSH certificate keys extension */ |
176 | #define SSH2_CERT_TYPE_USER 1 | 169 | #define SSH2_CERT_TYPE_USER 1 |
177 | #define SSH2_CERT_TYPE_HOST 2 | 170 | #define SSH2_CERT_TYPE_HOST 2 |
diff --git a/sshconnect.c b/sshconnect.c index 9dcbdeb66..a22710d9f 100644 --- a/sshconnect.c +++ b/sshconnect.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshconnect.c,v 1.269 2015/11/20 01:45:29 djm Exp $ */ | 1 | /* $OpenBSD: sshconnect.c,v 1.270 2016/01/14 16:17:40 markus Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -59,7 +59,6 @@ | |||
59 | #include "readconf.h" | 59 | #include "readconf.h" |
60 | #include "atomicio.h" | 60 | #include "atomicio.h" |
61 | #include "dns.h" | 61 | #include "dns.h" |
62 | #include "roaming.h" | ||
63 | #include "monitor_fdpass.h" | 62 | #include "monitor_fdpass.h" |
64 | #include "ssh2.h" | 63 | #include "ssh2.h" |
65 | #include "version.h" | 64 | #include "version.h" |
@@ -532,7 +531,7 @@ send_client_banner(int connection_out, int minor1) | |||
532 | xasprintf(&client_version_string, "SSH-%d.%d-%.100s\n", | 531 | xasprintf(&client_version_string, "SSH-%d.%d-%.100s\n", |
533 | PROTOCOL_MAJOR_1, minor1, SSH_VERSION); | 532 | PROTOCOL_MAJOR_1, minor1, SSH_VERSION); |
534 | } | 533 | } |
535 | if (roaming_atomicio(vwrite, connection_out, client_version_string, | 534 | if (atomicio(vwrite, connection_out, client_version_string, |
536 | strlen(client_version_string)) != strlen(client_version_string)) | 535 | strlen(client_version_string)) != strlen(client_version_string)) |
537 | fatal("write: %.100s", strerror(errno)); | 536 | fatal("write: %.100s", strerror(errno)); |
538 | chop(client_version_string); | 537 | chop(client_version_string); |
@@ -592,7 +591,7 @@ ssh_exchange_identification(int timeout_ms) | |||
592 | } | 591 | } |
593 | } | 592 | } |
594 | 593 | ||
595 | len = roaming_atomicio(read, connection_in, &buf[i], 1); | 594 | len = atomicio(read, connection_in, &buf[i], 1); |
596 | 595 | ||
597 | if (len != 1 && errno == EPIPE) | 596 | if (len != 1 && errno == EPIPE) |
598 | fatal("ssh_exchange_identification: " | 597 | fatal("ssh_exchange_identification: " |
diff --git a/sshconnect2.c b/sshconnect2.c index 6c79a7920..1f918533f 100644 --- a/sshconnect2.c +++ b/sshconnect2.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshconnect2.c,v 1.235 2015/12/11 02:31:47 mmcc Exp $ */ | 1 | /* $OpenBSD: sshconnect2.c,v 1.236 2016/01/14 16:17:40 markus Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * Copyright (c) 2008 Damien Miller. All rights reserved. | 4 | * Copyright (c) 2008 Damien Miller. All rights reserved. |
@@ -219,10 +219,6 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) | |||
219 | 219 | ||
220 | dispatch_run(DISPATCH_BLOCK, &kex->done, active_state); | 220 | dispatch_run(DISPATCH_BLOCK, &kex->done, active_state); |
221 | 221 | ||
222 | if (options.use_roaming && !kex->roaming) { | ||
223 | debug("Roaming not allowed by server"); | ||
224 | options.use_roaming = 0; | ||
225 | } | ||
226 | /* remove ext-info from the KEX proposals for rekeying */ | 222 | /* remove ext-info from the KEX proposals for rekeying */ |
227 | myproposal[PROPOSAL_KEX_ALGS] = | 223 | myproposal[PROPOSAL_KEX_ALGS] = |
228 | compat_kex_proposal(options.kex_algorithms); | 224 | compat_kex_proposal(options.kex_algorithms); |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshd.c,v 1.462 2015/12/10 17:08:40 mmcc Exp $ */ | 1 | /* $OpenBSD: sshd.c,v 1.463 2016/01/14 16:17:40 markus Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -121,7 +121,6 @@ | |||
121 | #include "ssh-gss.h" | 121 | #include "ssh-gss.h" |
122 | #endif | 122 | #endif |
123 | #include "monitor_wrap.h" | 123 | #include "monitor_wrap.h" |
124 | #include "roaming.h" | ||
125 | #include "ssh-sandbox.h" | 124 | #include "ssh-sandbox.h" |
126 | #include "version.h" | 125 | #include "version.h" |
127 | #include "ssherr.h" | 126 | #include "ssherr.h" |
@@ -437,7 +436,7 @@ sshd_exchange_identification(int sock_in, int sock_out) | |||
437 | options.version_addendum, newline); | 436 | options.version_addendum, newline); |
438 | 437 | ||
439 | /* Send our protocol version identification. */ | 438 | /* Send our protocol version identification. */ |
440 | if (roaming_atomicio(vwrite, sock_out, server_version_string, | 439 | if (atomicio(vwrite, sock_out, server_version_string, |
441 | strlen(server_version_string)) | 440 | strlen(server_version_string)) |
442 | != strlen(server_version_string)) { | 441 | != strlen(server_version_string)) { |
443 | logit("Could not write ident string to %s", get_remote_ipaddr()); | 442 | logit("Could not write ident string to %s", get_remote_ipaddr()); |
@@ -447,7 +446,7 @@ sshd_exchange_identification(int sock_in, int sock_out) | |||
447 | /* Read other sides version identification. */ | 446 | /* Read other sides version identification. */ |
448 | memset(buf, 0, sizeof(buf)); | 447 | memset(buf, 0, sizeof(buf)); |
449 | for (i = 0; i < sizeof(buf) - 1; i++) { | 448 | for (i = 0; i < sizeof(buf) - 1; i++) { |
450 | if (roaming_atomicio(read, sock_in, &buf[i], 1) != 1) { | 449 | if (atomicio(read, sock_in, &buf[i], 1) != 1) { |
451 | logit("Did not receive identification string from %s", | 450 | logit("Did not receive identification string from %s", |
452 | get_remote_ipaddr()); | 451 | get_remote_ipaddr()); |
453 | cleanup_exit(255); | 452 | cleanup_exit(255); |