summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authordjm@openbsd.org <djm@openbsd.org>2017-04-30 23:11:45 +0000
committerDamien Miller <djm@mindrot.org>2017-05-01 09:38:46 +1000
commit99f95ba82673d33215dce17bfa1512b57f54ec09 (patch)
treea2fcb5c8410cf2d524b25609271b4197728779d5
parent56912dea6ef63dae4eb1194e5d88973a7c6c5740 (diff)
upstream commit
remove options.protocol and client Protocol configuration knob ok markus@ Upstream-ID: 5a967f5d06e2d004b0235457b6de3a9a314e9366
-rw-r--r--compat.c4
-rw-r--r--readconf.c57
-rw-r--r--readconf.h3
-rw-r--r--ssh.c6
-rw-r--r--sshconnect.c49
5 files changed, 26 insertions, 93 deletions
diff --git a/compat.c b/compat.c
index aa50d2ce8..945fd349b 100644
--- a/compat.c
+++ b/compat.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: compat.c,v 1.101 2017/04/30 23:10:43 djm Exp $ */ 1/* $OpenBSD: compat.c,v 1.102 2017/04/30 23:11:45 djm Exp $ */
2/* 2/*
3 * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved. 3 * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved.
4 * 4 *
@@ -232,8 +232,6 @@ proto_spec(const char *spec)
232 return ret; 232 return ret;
233 for ((p = strsep(&q, SEP)); p && *p != '\0'; (p = strsep(&q, SEP))) { 233 for ((p = strsep(&q, SEP)); p && *p != '\0'; (p = strsep(&q, SEP))) {
234 switch (atoi(p)) { 234 switch (atoi(p)) {
235 case 1:
236 break;
237 case 2: 235 case 2:
238 ret |= SSH_PROTO_2; 236 ret |= SSH_PROTO_2;
239 break; 237 break;
diff --git a/readconf.c b/readconf.c
index 975f00ff4..963c648b9 100644
--- a/readconf.c
+++ b/readconf.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: readconf.c,v 1.272 2017/04/30 23:10:43 djm Exp $ */ 1/* $OpenBSD: readconf.c,v 1.273 2017/04/30 23:11:45 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -152,7 +152,7 @@ typedef enum {
152 oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts, 152 oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts,
153 oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression, 153 oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression,
154 oCompressionLevel, oTCPKeepAlive, oNumberOfPasswordPrompts, 154 oCompressionLevel, oTCPKeepAlive, oNumberOfPasswordPrompts,
155 oUsePrivilegedPort, oLogFacility, oLogLevel, oCiphers, oProtocol, oMacs, 155 oUsePrivilegedPort, oLogFacility, oLogLevel, oCiphers, oMacs,
156 oPubkeyAuthentication, 156 oPubkeyAuthentication,
157 oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias, 157 oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
158 oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication, 158 oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
@@ -171,7 +171,7 @@ typedef enum {
171 oStreamLocalBindMask, oStreamLocalBindUnlink, oRevokedHostKeys, 171 oStreamLocalBindMask, oStreamLocalBindUnlink, oRevokedHostKeys,
172 oFingerprintHash, oUpdateHostkeys, oHostbasedKeyTypes, 172 oFingerprintHash, oUpdateHostkeys, oHostbasedKeyTypes,
173 oPubkeyAcceptedKeyTypes, oProxyJump, 173 oPubkeyAcceptedKeyTypes, oProxyJump,
174 oIgnoredUnknownOption, oDeprecated, oUnsupported 174 oIgnore, oIgnoredUnknownOption, oDeprecated, oUnsupported
175} OpCodes; 175} OpCodes;
176 176
177/* Textual representations of the tokens. */ 177/* Textual representations of the tokens. */
@@ -181,6 +181,7 @@ static struct {
181 OpCodes opcode; 181 OpCodes opcode;
182} keywords[] = { 182} keywords[] = {
183 /* Deprecated options */ 183 /* Deprecated options */
184 { "protocol", oIgnore }, /* NB. silently ignored */
184 { "fallbacktorsh", oDeprecated }, 185 { "fallbacktorsh", oDeprecated },
185 { "globalknownhostsfile2", oDeprecated }, 186 { "globalknownhostsfile2", oDeprecated },
186 { "rhostsauthentication", oDeprecated }, 187 { "rhostsauthentication", oDeprecated },
@@ -242,7 +243,6 @@ static struct {
242 { "cipher", oCipher }, 243 { "cipher", oCipher },
243 { "ciphers", oCiphers }, 244 { "ciphers", oCiphers },
244 { "macs", oMacs }, 245 { "macs", oMacs },
245 { "protocol", oProtocol },
246 { "remoteforward", oRemoteForward }, 246 { "remoteforward", oRemoteForward },
247 { "localforward", oLocalForward }, 247 { "localforward", oLocalForward },
248 { "user", oUser }, 248 { "user", oUser },
@@ -866,6 +866,8 @@ process_config_line_depth(Options *options, struct passwd *pw, const char *host,
866 case oBadOption: 866 case oBadOption:
867 /* don't panic, but count bad options */ 867 /* don't panic, but count bad options */
868 return -1; 868 return -1;
869 case oIgnore:
870 return 0;
869 case oIgnoredUnknownOption: 871 case oIgnoredUnknownOption:
870 debug("%s line %d: Ignored unknown option \"%s\"", 872 debug("%s line %d: Ignored unknown option \"%s\"",
871 filename, linenum, keyword); 873 filename, linenum, keyword);
@@ -1236,19 +1238,6 @@ parse_keytypes:
1236 *charptr = xstrdup(arg); 1238 *charptr = xstrdup(arg);
1237 break; 1239 break;
1238 1240
1239 case oProtocol:
1240 intptr = &options->protocol;
1241 arg = strdelim(&s);
1242 if (!arg || *arg == '\0')
1243 fatal("%.200s line %d: Missing argument.", filename, linenum);
1244 value = proto_spec(arg);
1245 if (value == SSH_PROTO_UNKNOWN)
1246 fatal("%.200s line %d: Bad protocol spec '%s'.",
1247 filename, linenum, arg ? arg : "<NONE>");
1248 if (*activep && *intptr == SSH_PROTO_UNKNOWN)
1249 *intptr = value;
1250 break;
1251
1252 case oLogLevel: 1241 case oLogLevel:
1253 log_level_ptr = &options->log_level; 1242 log_level_ptr = &options->log_level;
1254 arg = strdelim(&s); 1243 arg = strdelim(&s);
@@ -1827,7 +1816,6 @@ initialize_options(Options * options)
1827 options->macs = NULL; 1816 options->macs = NULL;
1828 options->kex_algorithms = NULL; 1817 options->kex_algorithms = NULL;
1829 options->hostkeyalgorithms = NULL; 1818 options->hostkeyalgorithms = NULL;
1830 options->protocol = SSH_PROTO_UNKNOWN;
1831 options->num_identity_files = 0; 1819 options->num_identity_files = 0;
1832 options->num_certificate_files = 0; 1820 options->num_certificate_files = 0;
1833 options->hostname = NULL; 1821 options->hostname = NULL;
@@ -1984,27 +1972,16 @@ fill_default_options(Options * options)
1984 if (options->cipher == -1) 1972 if (options->cipher == -1)
1985 options->cipher = SSH_CIPHER_NOT_SET; 1973 options->cipher = SSH_CIPHER_NOT_SET;
1986 /* options->hostkeyalgorithms, default set in myproposals.h */ 1974 /* options->hostkeyalgorithms, default set in myproposals.h */
1987 if (options->protocol == SSH_PROTO_UNKNOWN)
1988 options->protocol = SSH_PROTO_2;
1989 if (options->add_keys_to_agent == -1) 1975 if (options->add_keys_to_agent == -1)
1990 options->add_keys_to_agent = 0; 1976 options->add_keys_to_agent = 0;
1991 if (options->num_identity_files == 0) { 1977 if (options->num_identity_files == 0) {
1992 if (options->protocol & SSH_PROTO_1) { 1978 add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_RSA, 0);
1993 add_identity_file(options, "~/", 1979 add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_DSA, 0);
1994 _PATH_SSH_CLIENT_IDENTITY, 0);
1995 }
1996 if (options->protocol & SSH_PROTO_2) {
1997 add_identity_file(options, "~/",
1998 _PATH_SSH_CLIENT_ID_RSA, 0);
1999 add_identity_file(options, "~/",
2000 _PATH_SSH_CLIENT_ID_DSA, 0);
2001#ifdef OPENSSL_HAS_ECC 1980#ifdef OPENSSL_HAS_ECC
2002 add_identity_file(options, "~/", 1981 add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_ECDSA, 0);
2003 _PATH_SSH_CLIENT_ID_ECDSA, 0);
2004#endif 1982#endif
2005 add_identity_file(options, "~/", 1983 add_identity_file(options, "~/",
2006 _PATH_SSH_CLIENT_ID_ED25519, 0); 1984 _PATH_SSH_CLIENT_ID_ED25519, 0);
2007 }
2008 } 1985 }
2009 if (options->escape_char == -1) 1986 if (options->escape_char == -1)
2010 options->escape_char = '~'; 1987 options->escape_char = '~';
@@ -2395,17 +2372,6 @@ fmt_intarg(OpCodes code, int val)
2395 return fmt_multistate_int(val, multistate_canonicalizehostname); 2372 return fmt_multistate_int(val, multistate_canonicalizehostname);
2396 case oFingerprintHash: 2373 case oFingerprintHash:
2397 return ssh_digest_alg_name(val); 2374 return ssh_digest_alg_name(val);
2398 case oProtocol:
2399 switch (val) {
2400 case SSH_PROTO_1:
2401 return "1";
2402 case SSH_PROTO_2:
2403 return "2";
2404 case (SSH_PROTO_1|SSH_PROTO_2):
2405 return "2,1";
2406 default:
2407 return "UNKNOWN";
2408 }
2409 default: 2375 default:
2410 switch (val) { 2376 switch (val) {
2411 case 0: 2377 case 0:
@@ -2550,7 +2516,6 @@ dump_client_config(Options *o, const char *host)
2550 dump_cfg_fmtint(oNoHostAuthenticationForLocalhost, o->no_host_authentication_for_localhost); 2516 dump_cfg_fmtint(oNoHostAuthenticationForLocalhost, o->no_host_authentication_for_localhost);
2551 dump_cfg_fmtint(oPasswordAuthentication, o->password_authentication); 2517 dump_cfg_fmtint(oPasswordAuthentication, o->password_authentication);
2552 dump_cfg_fmtint(oPermitLocalCommand, o->permit_local_command); 2518 dump_cfg_fmtint(oPermitLocalCommand, o->permit_local_command);
2553 dump_cfg_fmtint(oProtocol, o->protocol);
2554 dump_cfg_fmtint(oProxyUseFdpass, o->proxy_use_fdpass); 2519 dump_cfg_fmtint(oProxyUseFdpass, o->proxy_use_fdpass);
2555 dump_cfg_fmtint(oPubkeyAuthentication, o->pubkey_authentication); 2520 dump_cfg_fmtint(oPubkeyAuthentication, o->pubkey_authentication);
2556 dump_cfg_fmtint(oRequestTTY, o->request_tty); 2521 dump_cfg_fmtint(oRequestTTY, o->request_tty);
diff --git a/readconf.h b/readconf.h
index d62428101..f53864854 100644
--- a/readconf.h
+++ b/readconf.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: readconf.h,v 1.118 2017/04/28 03:20:27 dtucker Exp $ */ 1/* $OpenBSD: readconf.h,v 1.119 2017/04/30 23:11:45 djm Exp $ */
2 2
3/* 3/*
4 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -75,7 +75,6 @@ typedef struct {
75 char *macs; /* SSH2 macs in order of preference. */ 75 char *macs; /* SSH2 macs in order of preference. */
76 char *hostkeyalgorithms; /* SSH2 server key types in order of preference. */ 76 char *hostkeyalgorithms; /* SSH2 server key types in order of preference. */
77 char *kex_algorithms; /* SSH2 kex methods in order of preference. */ 77 char *kex_algorithms; /* SSH2 kex methods in order of preference. */
78 int protocol; /* Protocol in order of preference. */
79 char *hostname; /* Real host to connect. */ 78 char *hostname; /* Real host to connect. */
80 char *host_key_alias; /* hostname alias for .ssh/known_hosts */ 79 char *host_key_alias; /* hostname alias for .ssh/known_hosts */
81 char *proxy_command; /* Proxy command for connecting the host. */ 80 char *proxy_command; /* Proxy command for connecting the host. */
diff --git a/ssh.c b/ssh.c
index 38c8e837f..766a1790d 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh.c,v 1.453 2017/04/30 23:10:43 djm Exp $ */ 1/* $OpenBSD: ssh.c,v 1.454 2017/04/30 23:11:45 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -609,10 +609,10 @@ main(int ac, char **av)
609 "ACD:E:F:GI:J:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) { 609 "ACD:E:F:GI:J:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) {
610 switch (opt) { 610 switch (opt) {
611 case '1': 611 case '1':
612 options.protocol = SSH_PROTO_1; 612 fatal("SSH protocol v.1 is no longer supported");
613 break; 613 break;
614 case '2': 614 case '2':
615 options.protocol = SSH_PROTO_2; 615 /* Ignored */
616 break; 616 break;
617 case '4': 617 case '4':
618 options.address_family = AF_INET; 618 options.address_family = AF_INET;
diff --git a/sshconnect.c b/sshconnect.c
index 26ffbc802..d48f2e06c 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshconnect.c,v 1.274 2017/04/30 23:10:43 djm Exp $ */ 1/* $OpenBSD: sshconnect.c,v 1.275 2017/04/30 23:11:45 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -549,7 +549,7 @@ ssh_exchange_identification(int timeout_ms)
549 int remote_major, remote_minor, mismatch; 549 int remote_major, remote_minor, mismatch;
550 int connection_in = packet_get_connection_in(); 550 int connection_in = packet_get_connection_in();
551 int connection_out = packet_get_connection_out(); 551 int connection_out = packet_get_connection_out();
552 int minor1 = PROTOCOL_MINOR_1, client_banner_sent = 0; 552 int client_banner_sent = 0;
553 u_int i, n; 553 u_int i, n;
554 size_t len; 554 size_t len;
555 int fdsetsz, remaining, rc; 555 int fdsetsz, remaining, rc;
@@ -559,15 +559,9 @@ ssh_exchange_identification(int timeout_ms)
559 fdsetsz = howmany(connection_in + 1, NFDBITS) * sizeof(fd_mask); 559 fdsetsz = howmany(connection_in + 1, NFDBITS) * sizeof(fd_mask);
560 fdset = xcalloc(1, fdsetsz); 560 fdset = xcalloc(1, fdsetsz);
561 561
562 /* 562 enable_compat20();
563 * If we are SSH2-only then we can send the banner immediately and 563 send_client_banner(connection_out, 0);
564 * save a round-trip. 564 client_banner_sent = 1;
565 */
566 if (options.protocol == SSH_PROTO_2) {
567 enable_compat20();
568 send_client_banner(connection_out, 0);
569 client_banner_sent = 1;
570 }
571 565
572 /* Read other side's version identification. */ 566 /* Read other side's version identification. */
573 remaining = timeout_ms; 567 remaining = timeout_ms;
@@ -635,50 +629,27 @@ ssh_exchange_identification(int timeout_ms)
635 629
636 switch (remote_major) { 630 switch (remote_major) {
637 case 1: 631 case 1:
638 if (remote_minor == 99 && 632 if (remote_minor == 99)
639 (options.protocol & SSH_PROTO_2) &&
640 !(options.protocol & SSH_PROTO_1_PREFERRED)) {
641 enable_compat20(); 633 enable_compat20();
642 break; 634 else
643 }
644 if (!(options.protocol & SSH_PROTO_1)) {
645 mismatch = 1; 635 mismatch = 1;
646 break;
647 }
648 if (remote_minor < 3) {
649 fatal("Remote machine has too old SSH software version.");
650 } else if (remote_minor == 3 || remote_minor == 4) {
651 /* We speak 1.3, too. */
652 enable_compat13();
653 minor1 = 3;
654 if (options.forward_agent) {
655 logit("Agent forwarding disabled for protocol 1.3");
656 options.forward_agent = 0;
657 }
658 }
659 break; 636 break;
660 case 2: 637 case 2:
661 if (options.protocol & SSH_PROTO_2) { 638 enable_compat20();
662 enable_compat20(); 639 break;
663 break;
664 }
665 /* FALLTHROUGH */
666 default: 640 default:
667 mismatch = 1; 641 mismatch = 1;
668 break; 642 break;
669 } 643 }
670 if (mismatch) 644 if (mismatch)
671 fatal("Protocol major versions differ: %d vs. %d", 645 fatal("Protocol major versions differ: %d vs. %d",
672 (options.protocol & SSH_PROTO_2) ? PROTOCOL_MAJOR_2 : PROTOCOL_MAJOR_1, 646 PROTOCOL_MAJOR_2, remote_major);
673 remote_major);
674 if ((datafellows & SSH_BUG_DERIVEKEY) != 0) 647 if ((datafellows & SSH_BUG_DERIVEKEY) != 0)
675 fatal("Server version \"%.100s\" uses unsafe key agreement; " 648 fatal("Server version \"%.100s\" uses unsafe key agreement; "
676 "refusing connection", remote_version); 649 "refusing connection", remote_version);
677 if ((datafellows & SSH_BUG_RSASIGMD5) != 0) 650 if ((datafellows & SSH_BUG_RSASIGMD5) != 0)
678 logit("Server version \"%.100s\" uses unsafe RSA signature " 651 logit("Server version \"%.100s\" uses unsafe RSA signature "
679 "scheme; disabling use of RSA keys", remote_version); 652 "scheme; disabling use of RSA keys", remote_version);
680 if (!client_banner_sent)
681 send_client_banner(connection_out, minor1);
682 chop(server_version_string); 653 chop(server_version_string);
683} 654}
684 655