summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authormarkus@openbsd.org <markus@openbsd.org>2016-01-14 16:17:39 +0000
committerDamien Miller <djm@mindrot.org>2016-01-27 16:54:10 +1100
commita306863831c57ec5fad918687cc5d289ee8e2635 (patch)
tree0321a74bc4a9be03ad303d35306555ca0908ee25
parent6ef49e83e30688504552ac10875feabd5521565f (diff)
upstream commit
remove roaming support; ok djm@ Upstream-ID: 2cab8f4b197bc95776fb1c8dc2859dad0c64dc56
Diffstat
-rw-r--r--Makefile.in15
-rw-r--r--clientloop.c9
-rw-r--r--kex.c14
-rw-r--r--kex.h4
-rw-r--r--monitor.c3
-rw-r--r--monitor_wrap.c3
-rw-r--r--opacket.c12
-rw-r--r--opacket.h2
-rw-r--r--packet.c84
-rw-r--r--packet.h6
-rw-r--r--readconf.c12
-rw-r--r--readconf.h4
-rw-r--r--roaming.h45
-rw-r--r--roaming_client.c271
-rw-r--r--roaming_common.c241
-rw-r--r--roaming_dummy.c72
-rw-r--r--roaming_serv.c31
-rw-r--r--serverloop.c8
-rw-r--r--ssh.c3
-rw-r--r--ssh2.h9
-rw-r--r--sshconnect.c7
-rw-r--r--sshconnect2.c6
-rw-r--r--sshd.c7
23 files changed, 37 insertions, 831 deletions
diff --git a/Makefile.in b/Makefile.in
index 9e326411c..a8984c8fb 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -95,8 +95,7 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \
95 platform-pledge.o 95 platform-pledge.o
96 96
97SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \ 97SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \
98 sshconnect.o sshconnect1.o sshconnect2.o mux.o \ 98 sshconnect.o sshconnect1.o sshconnect2.o mux.o
99 roaming_common.o roaming_client.o
100 99
101SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \ 100SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \
102 audit.o audit-bsm.o audit-linux.o platform.o \ 101 audit.o audit-bsm.o audit-linux.o platform.o \
@@ -109,7 +108,6 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \
109 auth2-gss.o gss-serv.o gss-serv-krb5.o \ 108 auth2-gss.o gss-serv.o gss-serv-krb5.o \
110 loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \ 109 loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \
111 sftp-server.o sftp-common.o \ 110 sftp-server.o sftp-common.o \
112 roaming_common.o roaming_serv.o \
113 sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \ 111 sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \
114 sandbox-seccomp-filter.o sandbox-capsicum.o sandbox-pledge.o \ 112 sandbox-seccomp-filter.o sandbox-capsicum.o sandbox-pledge.o \
115 sandbox-solaris.o 113 sandbox-solaris.o
@@ -180,14 +178,14 @@ ssh-agent$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-agent.o ssh-pkcs11-client.o
180ssh-keygen$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keygen.o 178ssh-keygen$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keygen.o
181 $(LD) -o $@ ssh-keygen.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) 179 $(LD) -o $@ ssh-keygen.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
182 180
183ssh-keysign$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keysign.o roaming_dummy.o readconf.o 181ssh-keysign$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keysign.o readconf.o
184 $(LD) -o $@ ssh-keysign.o readconf.o roaming_dummy.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) 182 $(LD) -o $@ ssh-keysign.o readconf.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
185 183
186ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-pkcs11-helper.o ssh-pkcs11.o 184ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-pkcs11-helper.o ssh-pkcs11.o
187 $(LD) -o $@ ssh-pkcs11-helper.o ssh-pkcs11.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) 185 $(LD) -o $@ ssh-pkcs11-helper.o ssh-pkcs11.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
188 186
189ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o roaming_dummy.o 187ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o
190 $(LD) -o $@ ssh-keyscan.o roaming_dummy.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS) 188 $(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
191 189
192sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o sftp-server-main.o 190sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o sftp-server-main.o
193 $(LD) -o $@ sftp-server.o sftp-common.o sftp-server-main.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) 191 $(LD) -o $@ sftp-server.o sftp-common.o sftp-server-main.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
@@ -484,8 +482,7 @@ regress/unittests/bitmap/test_bitmap$(EXEEXT): ${UNITTESTS_TEST_BITMAP_OBJS} \
484 482
485UNITTESTS_TEST_KEX_OBJS=\ 483UNITTESTS_TEST_KEX_OBJS=\
486 regress/unittests/kex/tests.o \ 484 regress/unittests/kex/tests.o \
487 regress/unittests/kex/test_kex.o \ 485 regress/unittests/kex/test_kex.o
488 roaming_dummy.o
489 486
490regress/unittests/kex/test_kex$(EXEEXT): ${UNITTESTS_TEST_KEX_OBJS} \ 487regress/unittests/kex/test_kex$(EXEEXT): ${UNITTESTS_TEST_KEX_OBJS} \
491 regress/unittests/test_helper/libtest_helper.a libssh.a 488 regress/unittests/test_helper/libtest_helper.a libssh.a
diff --git a/clientloop.c b/clientloop.c
index c0386d56b..d324e297b 100644
--- a/clientloop.c
+++ b/clientloop.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: clientloop.c,v 1.279 2016/01/13 23:04:47 djm Exp $ */ 1/* $OpenBSD: clientloop.c,v 1.280 2016/01/14 16:17:39 markus Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -111,7 +111,6 @@
111#include "sshpty.h" 111#include "sshpty.h"
112#include "match.h" 112#include "match.h"
113#include "msg.h" 113#include "msg.h"
114#include "roaming.h"
115#include "ssherr.h" 114#include "ssherr.h"
116#include "hostfile.h" 115#include "hostfile.h"
117 116
@@ -756,7 +755,7 @@ client_suspend_self(Buffer *bin, Buffer *bout, Buffer *berr)
756static void 755static void
757client_process_net_input(fd_set *readset) 756client_process_net_input(fd_set *readset)
758{ 757{
759 int len, cont = 0; 758 int len;
760 char buf[SSH_IOBUFSZ]; 759 char buf[SSH_IOBUFSZ];
761 760
762 /* 761 /*
@@ -765,8 +764,8 @@ client_process_net_input(fd_set *readset)
765 */ 764 */
766 if (FD_ISSET(connection_in, readset)) { 765 if (FD_ISSET(connection_in, readset)) {
767 /* Read as much as possible. */ 766 /* Read as much as possible. */
768 len = roaming_read(connection_in, buf, sizeof(buf), &cont); 767 len = read(connection_in, buf, sizeof(buf));
769 if (len == 0 && cont == 0) { 768 if (len == 0) {
770 /* 769 /*
771 * Received EOF. The remote host has closed the 770 * Received EOF. The remote host has closed the
772 * connection. 771 * connection.
diff --git a/kex.c b/kex.c
index 2dba1c56b..335b789fc 100644
--- a/kex.c
+++ b/kex.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: kex.c,v 1.115 2015/12/13 22:42:23 djm Exp $ */ 1/* $OpenBSD: kex.c,v 1.116 2016/01/14 16:17:39 markus Exp $ */
2/* 2/*
3 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
4 * 4 *
@@ -49,7 +49,6 @@
49#include "misc.h" 49#include "misc.h"
50#include "dispatch.h" 50#include "dispatch.h"
51#include "monitor.h" 51#include "monitor.h"
52#include "roaming.h"
53 52
54#include "ssherr.h" 53#include "ssherr.h"
55#include "sshbuf.h" 54#include "sshbuf.h"
@@ -748,17 +747,6 @@ kex_choose_conf(struct ssh *ssh)
748 sprop=peer; 747 sprop=peer;
749 } 748 }
750 749
751 /* Check whether server offers roaming */
752 if (!kex->server) {
753 char *roaming = match_list(KEX_RESUME,
754 peer[PROPOSAL_KEX_ALGS], NULL);
755
756 if (roaming) {
757 kex->roaming = 1;
758 free(roaming);
759 }
760 }
761
762 /* Check whether client supports ext_info_c */ 750 /* Check whether client supports ext_info_c */
763 if (kex->server) { 751 if (kex->server) {
764 char *ext; 752 char *ext;
diff --git a/kex.h b/kex.h
index 25ccf2e0e..24d4aa15f 100644
--- a/kex.h
+++ b/kex.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: kex.h,v 1.74 2015/12/04 16:41:28 markus Exp $ */ 1/* $OpenBSD: kex.h,v 1.75 2016/01/14 16:17:39 markus Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. 4 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
@@ -54,7 +54,6 @@
54#define KEX_DH14 "diffie-hellman-group14-sha1" 54#define KEX_DH14 "diffie-hellman-group14-sha1"
55#define KEX_DHGEX_SHA1 "diffie-hellman-group-exchange-sha1" 55#define KEX_DHGEX_SHA1 "diffie-hellman-group-exchange-sha1"
56#define KEX_DHGEX_SHA256 "diffie-hellman-group-exchange-sha256" 56#define KEX_DHGEX_SHA256 "diffie-hellman-group-exchange-sha256"
57#define KEX_RESUME "resume@appgate.com"
58#define KEX_ECDH_SHA2_NISTP256 "ecdh-sha2-nistp256" 57#define KEX_ECDH_SHA2_NISTP256 "ecdh-sha2-nistp256"
59#define KEX_ECDH_SHA2_NISTP384 "ecdh-sha2-nistp384" 58#define KEX_ECDH_SHA2_NISTP384 "ecdh-sha2-nistp384"
60#define KEX_ECDH_SHA2_NISTP521 "ecdh-sha2-nistp521" 59#define KEX_ECDH_SHA2_NISTP521 "ecdh-sha2-nistp521"
@@ -133,7 +132,6 @@ struct kex {
133 int hostkey_type; 132 int hostkey_type;
134 int hostkey_nid; 133 int hostkey_nid;
135 u_int kex_type; 134 u_int kex_type;
136 int roaming;
137 int rsa_sha2; 135 int rsa_sha2;
138 int ext_info_c; 136 int ext_info_c;
139 struct sshbuf *my; 137 struct sshbuf *my;
diff --git a/monitor.c b/monitor.c
index b3edd648b..b7fe74b13 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: monitor.c,v 1.155 2015/12/04 16:41:28 markus Exp $ */ 1/* $OpenBSD: monitor.c,v 1.156 2016/01/14 16:17:39 markus Exp $ */
2/* 2/*
3 * Copyright 2002 Niels Provos <provos@citi.umich.edu> 3 * Copyright 2002 Niels Provos <provos@citi.umich.edu>
4 * Copyright 2002 Markus Friedl <markus@openbsd.org> 4 * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -100,7 +100,6 @@
100#include "monitor_fdpass.h" 100#include "monitor_fdpass.h"
101#include "compat.h" 101#include "compat.h"
102#include "ssh2.h" 102#include "ssh2.h"
103#include "roaming.h"
104#include "authfd.h" 103#include "authfd.h"
105#include "match.h" 104#include "match.h"
106#include "ssherr.h" 105#include "ssherr.h"
diff --git a/monitor_wrap.c b/monitor_wrap.c
index d4bfaf372..c5db6df48 100644
--- a/monitor_wrap.c
+++ b/monitor_wrap.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: monitor_wrap.c,v 1.86 2015/12/04 16:41:28 markus Exp $ */ 1/* $OpenBSD: monitor_wrap.c,v 1.87 2016/01/14 16:17:40 markus Exp $ */
2/* 2/*
3 * Copyright 2002 Niels Provos <provos@citi.umich.edu> 3 * Copyright 2002 Niels Provos <provos@citi.umich.edu>
4 * Copyright 2002 Markus Friedl <markus@openbsd.org> 4 * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -80,7 +80,6 @@
80#include "channels.h" 80#include "channels.h"
81#include "session.h" 81#include "session.h"
82#include "servconf.h" 82#include "servconf.h"
83#include "roaming.h"
84 83
85#include "ssherr.h" 84#include "ssherr.h"
86 85
diff --git a/opacket.c b/opacket.c
index b9160d59d..5970dd377 100644
--- a/opacket.c
+++ b/opacket.c
@@ -235,18 +235,6 @@ packet_set_connection(int fd_in, int fd_out)
235 fatal("%s: ssh_packet_set_connection failed", __func__); 235 fatal("%s: ssh_packet_set_connection failed", __func__);
236} 236}
237 237
238void
239packet_backup_state(void)
240{
241 ssh_packet_backup_state(active_state, backup_state);
242}
243
244void
245packet_restore_state(void)
246{
247 ssh_packet_restore_state(active_state, backup_state);
248}
249
250u_int 238u_int
251packet_get_char(void) 239packet_get_char(void)
252{ 240{
diff --git a/opacket.h b/opacket.h
index a0a60e550..b14b6769a 100644
--- a/opacket.h
+++ b/opacket.h
@@ -39,8 +39,6 @@ do { \
39void packet_close(void); 39void packet_close(void);
40u_int packet_get_char(void); 40u_int packet_get_char(void);
41u_int packet_get_int(void); 41u_int packet_get_int(void);
42void packet_backup_state(void);
43void packet_restore_state(void);
44void packet_set_connection(int, int); 42void packet_set_connection(int, int);
45int packet_read_seqnr(u_int32_t *); 43int packet_read_seqnr(u_int32_t *);
46int packet_read_poll_seqnr(u_int32_t *); 44int packet_read_poll_seqnr(u_int32_t *);
diff --git a/packet.c b/packet.c
index 27e85e3a1..9cf200cc3 100644
--- a/packet.c
+++ b/packet.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: packet.c,v 1.221 2015/12/11 04:21:12 mmcc Exp $ */ 1/* $OpenBSD: packet.c,v 1.222 2016/01/14 16:17:40 markus Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -83,7 +83,6 @@
83#include "channels.h" 83#include "channels.h"
84#include "ssh.h" 84#include "ssh.h"
85#include "packet.h" 85#include "packet.h"
86#include "roaming.h"
87#include "ssherr.h" 86#include "ssherr.h"
88#include "sshbuf.h" 87#include "sshbuf.h"
89 88
@@ -1279,7 +1278,7 @@ int
1279ssh_packet_read_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) 1278ssh_packet_read_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)
1280{ 1279{
1281 struct session_state *state = ssh->state; 1280 struct session_state *state = ssh->state;
1282 int len, r, ms_remain, cont; 1281 int len, r, ms_remain;
1283 fd_set *setp; 1282 fd_set *setp;
1284 char buf[8192]; 1283 char buf[8192];
1285 struct timeval timeout, start, *timeoutp = NULL; 1284 struct timeval timeout, start, *timeoutp = NULL;
@@ -1349,11 +1348,7 @@ ssh_packet_read_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)
1349 if (r == 0) 1348 if (r == 0)
1350 return SSH_ERR_CONN_TIMEOUT; 1349 return SSH_ERR_CONN_TIMEOUT;
1351 /* Read data from the socket. */ 1350 /* Read data from the socket. */
1352 do { 1351 len = read(state->connection_in, buf, sizeof(buf));
1353 cont = 0;
1354 len = roaming_read(state->connection_in, buf,
1355 sizeof(buf), &cont);
1356 } while (len == 0 && cont);
1357 if (len == 0) { 1352 if (len == 0) {
1358 r = SSH_ERR_CONN_CLOSED; 1353 r = SSH_ERR_CONN_CLOSED;
1359 goto out; 1354 goto out;
@@ -2025,19 +2020,18 @@ ssh_packet_write_poll(struct ssh *ssh)
2025{ 2020{
2026 struct session_state *state = ssh->state; 2021 struct session_state *state = ssh->state;
2027 int len = sshbuf_len(state->output); 2022 int len = sshbuf_len(state->output);
2028 int cont, r; 2023 int r;
2029 2024
2030 if (len > 0) { 2025 if (len > 0) {
2031 cont = 0; 2026 len = write(state->connection_out,
2032 len = roaming_write(state->connection_out, 2027 sshbuf_ptr(state->output), len);
2033 sshbuf_ptr(state->output), len, &cont);
2034 if (len == -1) { 2028 if (len == -1) {
2035 if (errno == EINTR || errno == EAGAIN || 2029 if (errno == EINTR || errno == EAGAIN ||
2036 errno == EWOULDBLOCK) 2030 errno == EWOULDBLOCK)
2037 return 0; 2031 return 0;
2038 return SSH_ERR_SYSTEM_ERROR; 2032 return SSH_ERR_SYSTEM_ERROR;
2039 } 2033 }
2040 if (len == 0 && !cont) 2034 if (len == 0)
2041 return SSH_ERR_CONN_CLOSED; 2035 return SSH_ERR_CONN_CLOSED;
2042 if ((r = sshbuf_consume(state->output, len)) != 0) 2036 if ((r = sshbuf_consume(state->output, len)) != 0)
2043 return r; 2037 return r;
@@ -2314,58 +2308,6 @@ ssh_packet_get_output(struct ssh *ssh)
2314 return (void *)ssh->state->output; 2308 return (void *)ssh->state->output;
2315} 2309}
2316 2310
2317/* XXX TODO update roaming to new API (does not work anyway) */
2318/*
2319 * Save the state for the real connection, and use a separate state when
2320 * resuming a suspended connection.
2321 */
2322void
2323ssh_packet_backup_state(struct ssh *ssh,
2324 struct ssh *backup_state)
2325{
2326 struct ssh *tmp;
2327
2328 close(ssh->state->connection_in);
2329 ssh->state->connection_in = -1;
2330 close(ssh->state->connection_out);
2331 ssh->state->connection_out = -1;
2332 if (backup_state)
2333 tmp = backup_state;
2334 else
2335 tmp = ssh_alloc_session_state();
2336 backup_state = ssh;
2337 ssh = tmp;
2338}
2339
2340/* XXX FIXME FIXME FIXME */
2341/*
2342 * Swap in the old state when resuming a connecion.
2343 */
2344void
2345ssh_packet_restore_state(struct ssh *ssh,
2346 struct ssh *backup_state)
2347{
2348 struct ssh *tmp;
2349 u_int len;
2350 int r;
2351
2352 tmp = backup_state;
2353 backup_state = ssh;
2354 ssh = tmp;
2355 ssh->state->connection_in = backup_state->state->connection_in;
2356 backup_state->state->connection_in = -1;
2357 ssh->state->connection_out = backup_state->state->connection_out;
2358 backup_state->state->connection_out = -1;
2359 len = sshbuf_len(backup_state->state->input);
2360 if (len > 0) {
2361 if ((r = sshbuf_putb(ssh->state->input,
2362 backup_state->state->input)) != 0)
2363 fatal("%s: %s", __func__, ssh_err(r));
2364 sshbuf_reset(backup_state->state->input);
2365 add_recv_bytes(len);
2366 }
2367}
2368
2369/* Reset after_authentication and reset compression in post-auth privsep */ 2311/* Reset after_authentication and reset compression in post-auth privsep */
2370static int 2312static int
2371ssh_packet_set_postauth(struct ssh *ssh) 2313ssh_packet_set_postauth(struct ssh *ssh)
@@ -2515,11 +2457,6 @@ ssh_packet_get_state(struct ssh *ssh, struct sshbuf *m)
2515 (r = sshbuf_put_stringb(m, state->output)) != 0) 2457 (r = sshbuf_put_stringb(m, state->output)) != 0)
2516 return r; 2458 return r;
2517 2459
2518 if (compat20) {
2519 if ((r = sshbuf_put_u64(m, get_sent_bytes())) != 0 ||
2520 (r = sshbuf_put_u64(m, get_recv_bytes())) != 0)
2521 return r;
2522 }
2523 return 0; 2460 return 0;
2524} 2461}
2525 2462
@@ -2646,7 +2583,6 @@ ssh_packet_set_state(struct ssh *ssh, struct sshbuf *m)
2646 size_t ssh1keylen, rlen, slen, ilen, olen; 2583 size_t ssh1keylen, rlen, slen, ilen, olen;
2647 int r; 2584 int r;
2648 u_int ssh1cipher = 0; 2585 u_int ssh1cipher = 0;
2649 u_int64_t sent_bytes = 0, recv_bytes = 0;
2650 2586
2651 if (!compat20) { 2587 if (!compat20) {
2652 if ((r = sshbuf_get_u32(m, &state->remote_protocol_flags)) != 0 || 2588 if ((r = sshbuf_get_u32(m, &state->remote_protocol_flags)) != 0 ||
@@ -2711,12 +2647,6 @@ ssh_packet_set_state(struct ssh *ssh, struct sshbuf *m)
2711 (r = sshbuf_put(state->output, output, olen)) != 0) 2647 (r = sshbuf_put(state->output, output, olen)) != 0)
2712 return r; 2648 return r;
2713 2649
2714 if (compat20) {
2715 if ((r = sshbuf_get_u64(m, &sent_bytes)) != 0 ||
2716 (r = sshbuf_get_u64(m, &recv_bytes)) != 0)
2717 return r;
2718 roam_set_bytes(sent_bytes, recv_bytes);
2719 }
2720 if (sshbuf_len(m)) 2650 if (sshbuf_len(m))
2721 return SSH_ERR_INVALID_FORMAT; 2651 return SSH_ERR_INVALID_FORMAT;
2722 debug3("%s: done", __func__); 2652 debug3("%s: done", __func__);
diff --git a/packet.h b/packet.h
index bc2e2ba2e..c8f36eb7f 100644
--- a/packet.h
+++ b/packet.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: packet.h,v 1.67 2015/12/11 03:24:25 djm Exp $ */ 1/* $OpenBSD: packet.h,v 1.68 2016/01/14 16:17:40 markus Exp $ */
2 2
3/* 3/*
4 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -149,10 +149,6 @@ int ssh_packet_need_rekeying(struct ssh *);
149void ssh_packet_set_rekey_limits(struct ssh *, u_int32_t, time_t); 149void ssh_packet_set_rekey_limits(struct ssh *, u_int32_t, time_t);
150time_t ssh_packet_get_rekey_timeout(struct ssh *); 150time_t ssh_packet_get_rekey_timeout(struct ssh *);
151 151
152/* XXX FIXME */
153void ssh_packet_backup_state(struct ssh *, struct ssh *);
154void ssh_packet_restore_state(struct ssh *, struct ssh *);
155
156void *ssh_packet_get_input(struct ssh *); 152void *ssh_packet_get_input(struct ssh *);
157void *ssh_packet_get_output(struct ssh *); 153void *ssh_packet_get_output(struct ssh *);
158 154
diff --git a/readconf.c b/readconf.c
index bf1250738..8e9a25da7 100644
--- a/readconf.c
+++ b/readconf.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: readconf.c,v 1.247 2016/01/14 14:34:34 deraadt Exp $ */ 1/* $OpenBSD: readconf.c,v 1.248 2016/01/14 16:17:40 markus Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -152,7 +152,7 @@ typedef enum {
152 oSendEnv, oControlPath, oControlMaster, oControlPersist, 152 oSendEnv, oControlPath, oControlMaster, oControlPersist,
153 oHashKnownHosts, 153 oHashKnownHosts,
154 oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, 154 oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,
155 oVisualHostKey, oUseRoaming, 155 oVisualHostKey,
156 oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown, oProxyUseFdpass, 156 oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown, oProxyUseFdpass,
157 oCanonicalDomains, oCanonicalizeHostname, oCanonicalizeMaxDots, 157 oCanonicalDomains, oCanonicalizeHostname, oCanonicalizeMaxDots,
158 oCanonicalizeFallbackLocal, oCanonicalizePermittedCNAMEs, 158 oCanonicalizeFallbackLocal, oCanonicalizePermittedCNAMEs,
@@ -263,7 +263,7 @@ static struct {
263 { "localcommand", oLocalCommand }, 263 { "localcommand", oLocalCommand },
264 { "permitlocalcommand", oPermitLocalCommand }, 264 { "permitlocalcommand", oPermitLocalCommand },
265 { "visualhostkey", oVisualHostKey }, 265 { "visualhostkey", oVisualHostKey },
266 { "useroaming", oUseRoaming }, 266 { "useroaming", oDeprecated },
267 { "kexalgorithms", oKexAlgorithms }, 267 { "kexalgorithms", oKexAlgorithms },
268 { "ipqos", oIPQoS }, 268 { "ipqos", oIPQoS },
269 { "requesttty", oRequestTTY }, 269 { "requesttty", oRequestTTY },
@@ -1425,10 +1425,6 @@ parse_keytypes:
1425 } 1425 }
1426 break; 1426 break;
1427 1427
1428 case oUseRoaming:
1429 intptr = &options->use_roaming;
1430 goto parse_flag;
1431
1432 case oRequestTTY: 1428 case oRequestTTY:
1433 intptr = &options->request_tty; 1429 intptr = &options->request_tty;
1434 multistate_ptr = multistate_requesttty; 1430 multistate_ptr = multistate_requesttty;
@@ -1713,7 +1709,6 @@ initialize_options(Options * options)
1713 options->tun_remote = -1; 1709 options->tun_remote = -1;
1714 options->local_command = NULL; 1710 options->local_command = NULL;
1715 options->permit_local_command = -1; 1711 options->permit_local_command = -1;
1716 options->use_roaming = 0;
1717 options->add_keys_to_agent = -1; 1712 options->add_keys_to_agent = -1;
1718 options->visual_host_key = -1; 1713 options->visual_host_key = -1;
1719 options->ip_qos_interactive = -1; 1714 options->ip_qos_interactive = -1;
@@ -1889,7 +1884,6 @@ fill_default_options(Options * options)
1889 options->tun_remote = SSH_TUNID_ANY; 1884 options->tun_remote = SSH_TUNID_ANY;
1890 if (options->permit_local_command == -1) 1885 if (options->permit_local_command == -1)
1891 options->permit_local_command = 0; 1886 options->permit_local_command = 0;
1892 options->use_roaming = 0;
1893 if (options->visual_host_key == -1) 1887 if (options->visual_host_key == -1)
1894 options->visual_host_key = 0; 1888 options->visual_host_key = 0;
1895 if (options->ip_qos_interactive == -1) 1889 if (options->ip_qos_interactive == -1)
diff --git a/readconf.h b/readconf.h
index 2034bfd9d..c84d068bd 100644
--- a/readconf.h
+++ b/readconf.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: readconf.h,v 1.112 2015/11/15 22:26:49 jcs Exp $ */ 1/* $OpenBSD: readconf.h,v 1.113 2016/01/14 16:17:40 markus Exp $ */
2 2
3/* 3/*
4 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -137,8 +137,6 @@ typedef struct {
137 int permit_local_command; 137 int permit_local_command;
138 int visual_host_key; 138 int visual_host_key;
139 139
140 int use_roaming;
141
142 int request_tty; 140 int request_tty;
143 141
144 int proxy_use_fdpass; 142 int proxy_use_fdpass;
diff --git a/roaming.h b/roaming.h
index da069f878..e69de29bb 100644
--- a/roaming.h
+++ b/roaming.h
@@ -1,45 +0,0 @@
1/* $OpenBSD: roaming.h,v 1.6 2011/12/07 05:44:38 djm Exp $ */
2/*
3 * Copyright (c) 2004-2009 AppGate Network Security AB
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#ifndef ROAMING_H
19#define ROAMING_H
20
21#define DEFAULT_ROAMBUF 65536
22#define MAX_ROAMBUF (2*1024*1024) /* XXX arbitrary */
23#define ROAMING_REQUEST "roaming@appgate.com"
24
25extern int roaming_enabled;
26extern int resume_in_progress;
27
28void request_roaming(void);
29int get_snd_buf_size(void);
30int get_recv_buf_size(void);
31void add_recv_bytes(u_int64_t);
32int wait_for_roaming_reconnect(void);
33void roaming_reply(int, u_int32_t, void *);
34void set_out_buffer_size(size_t);
35ssize_t roaming_write(int, const void *, size_t, int *);
36ssize_t roaming_read(int, void *, size_t, int *);
37size_t roaming_atomicio(ssize_t (*)(int, void *, size_t), int, void *, size_t);
38u_int64_t get_recv_bytes(void);
39u_int64_t get_sent_bytes(void);
40void roam_set_bytes(u_int64_t, u_int64_t);
41void resend_bytes(int, u_int64_t *);
42void calculate_new_key(u_int64_t *, u_int64_t, u_int64_t);
43int resume_kex(void);
44
45#endif /* ROAMING */
diff --git a/roaming_client.c b/roaming_client.c
deleted file mode 100644
index cb1328574..000000000
--- a/roaming_client.c
+++ /dev/null
@@ -1,271 +0,0 @@
1/* $OpenBSD: roaming_client.c,v 1.9 2015/01/27 12:54:06 okan Exp $ */
2/*
3 * Copyright (c) 2004-2009 AppGate Network Security AB
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include "includes.h"
19
20#include "openbsd-compat/sys-queue.h"
21#include <sys/types.h>
22#include <sys/socket.h>
23
24#include <signal.h>
25#include <string.h>
26#include <unistd.h>
27
28#include "xmalloc.h"
29#include "buffer.h"
30#include "channels.h"
31#include "cipher.h"
32#include "dispatch.h"
33#include "clientloop.h"
34#include "log.h"
35#include "match.h"
36#include "misc.h"
37#include "packet.h"
38#include "ssh.h"
39#include "key.h"
40#include "kex.h"
41#include "readconf.h"
42#include "roaming.h"
43#include "ssh2.h"
44#include "sshconnect.h"
45#include "digest.h"
46
47/* import */
48extern Options options;
49extern char *host;
50extern struct sockaddr_storage hostaddr;
51extern int session_resumed;
52
53static u_int32_t roaming_id;
54static u_int64_t cookie;
55static u_int64_t lastseenchall;
56static u_int64_t key1, key2, oldkey1, oldkey2;
57
58void
59roaming_reply(int type, u_int32_t seq, void *ctxt)
60{
61 if (type == SSH2_MSG_REQUEST_FAILURE) {
62 logit("Server denied roaming");
63 return;
64 }
65 verbose("Roaming enabled");
66 roaming_id = packet_get_int();
67 cookie = packet_get_int64();
68 key1 = oldkey1 = packet_get_int64();
69 key2 = oldkey2 = packet_get_int64();
70 set_out_buffer_size(packet_get_int() + get_snd_buf_size());
71 roaming_enabled = 1;
72}
73
74void
75request_roaming(void)
76{
77 packet_start(SSH2_MSG_GLOBAL_REQUEST);
78 packet_put_cstring(ROAMING_REQUEST);
79 packet_put_char(1);
80 packet_put_int(get_recv_buf_size());
81 packet_send();
82 client_register_global_confirm(roaming_reply, NULL);
83}
84
85static void
86roaming_auth_required(void)
87{
88 u_char digest[SSH_DIGEST_MAX_LENGTH];
89 Buffer b;
90 u_int64_t chall, oldchall;
91
92 chall = packet_get_int64();
93 oldchall = packet_get_int64();
94 if (oldchall != lastseenchall) {
95 key1 = oldkey1;
96 key2 = oldkey2;
97 }
98 lastseenchall = chall;
99
100 buffer_init(&b);
101 buffer_put_int64(&b, cookie);
102 buffer_put_int64(&b, chall);
103 if (ssh_digest_buffer(SSH_DIGEST_SHA1, &b, digest, sizeof(digest)) != 0)
104 fatal("%s: ssh_digest_buffer failed", __func__);
105 buffer_free(&b);
106
107 packet_start(SSH2_MSG_KEX_ROAMING_AUTH);
108 packet_put_int64(key1 ^ get_recv_bytes());
109 packet_put_raw(digest, ssh_digest_bytes(SSH_DIGEST_SHA1));
110 packet_send();
111
112 oldkey1 = key1;
113 oldkey2 = key2;
114 calculate_new_key(&key1, cookie, chall);
115 calculate_new_key(&key2, cookie, chall);
116
117 debug("Received %llu bytes", (unsigned long long)get_recv_bytes());
118 debug("Sent roaming_auth packet");
119}
120
121int
122resume_kex(void)
123{
124 /*
125 * This should not happen - if the client sends the kex method
126 * resume@appgate.com then the kex is done in roaming_resume().
127 */
128 return 1;
129}
130
131static int
132roaming_resume(void)
133{
134 u_int64_t recv_bytes;
135 char *str = NULL, *kexlist = NULL, *c;
136 int i, type;
137 int timeout_ms = options.connection_timeout * 1000;
138 u_int len;
139 u_int32_t rnd = 0;
140
141 resume_in_progress = 1;
142
143 /* Exchange banners */
144 ssh_exchange_identification(timeout_ms);
145 packet_set_nonblocking();
146
147 /* Send a kexinit message with resume@appgate.com as only kex algo */
148 packet_start(SSH2_MSG_KEXINIT);
149 for (i = 0; i < KEX_COOKIE_LEN; i++) {
150 if (i % 4 == 0)
151 rnd = arc4random();
152 packet_put_char(rnd & 0xff);
153 rnd >>= 8;
154 }
155 packet_put_cstring(KEX_RESUME);
156 for (i = 1; i < PROPOSAL_MAX; i++) {
157 /* kex algorithm added so start with i=1 and not 0 */
158 packet_put_cstring(""); /* Not used when we resume */
159 }
160 packet_put_char(1); /* first kex_packet follows */
161 packet_put_int(0); /* reserved */
162 packet_send();
163
164 /* Assume that resume@appgate.com will be accepted */
165 packet_start(SSH2_MSG_KEX_ROAMING_RESUME);
166 packet_put_int(roaming_id);
167 packet_send();
168
169 /* Read the server's kexinit and check for resume@appgate.com */
170 if ((type = packet_read()) != SSH2_MSG_KEXINIT) {
171 debug("expected kexinit on resume, got %d", type);
172 goto fail;
173 }
174 for (i = 0; i < KEX_COOKIE_LEN; i++)
175 (void)packet_get_char();
176 kexlist = packet_get_string(&len);
177 if (!kexlist
178 || (str = match_list(KEX_RESUME, kexlist, NULL)) == NULL) {
179 debug("server doesn't allow resume");
180 goto fail;
181 }
182 free(str);
183 for (i = 1; i < PROPOSAL_MAX; i++) {
184 /* kex algorithm taken care of so start with i=1 and not 0 */
185 free(packet_get_string(&len));
186 }
187 i = packet_get_char(); /* first_kex_packet_follows */
188 if (i && (c = strchr(kexlist, ',')))
189 *c = 0;
190 if (i && strcmp(kexlist, KEX_RESUME)) {
191 debug("server's kex guess (%s) was wrong, skipping", kexlist);
192 (void)packet_read(); /* Wrong guess - discard packet */
193 }
194
195 /*
196 * Read the ROAMING_AUTH_REQUIRED challenge from the server and
197 * send ROAMING_AUTH
198 */
199 if ((type = packet_read()) != SSH2_MSG_KEX_ROAMING_AUTH_REQUIRED) {
200 debug("expected roaming_auth_required, got %d", type);
201 goto fail;
202 }
203 roaming_auth_required();
204
205 /* Read ROAMING_AUTH_OK from the server */
206 if ((type = packet_read()) != SSH2_MSG_KEX_ROAMING_AUTH_OK) {
207 debug("expected roaming_auth_ok, got %d", type);
208 goto fail;
209 }
210 recv_bytes = packet_get_int64() ^ oldkey2;
211 debug("Peer received %llu bytes", (unsigned long long)recv_bytes);
212 resend_bytes(packet_get_connection_out(), &recv_bytes);
213
214 resume_in_progress = 0;
215
216 session_resumed = 1; /* Tell clientloop */
217
218 return 0;
219
220fail:
221 free(kexlist);
222 if (packet_get_connection_in() == packet_get_connection_out())
223 close(packet_get_connection_in());
224 else {
225 close(packet_get_connection_in());
226 close(packet_get_connection_out());
227 }
228 return 1;
229}
230
231int
232wait_for_roaming_reconnect(void)
233{
234 static int reenter_guard = 0;
235 int timeout_ms = options.connection_timeout * 1000;
236 int c;
237
238 if (reenter_guard != 0)
239 fatal("Server refused resume, roaming timeout may be exceeded");
240 reenter_guard = 1;
241
242 fprintf(stderr, "[connection suspended, press return to resume]");
243 fflush(stderr);
244 packet_backup_state();
245 /* TODO Perhaps we should read from tty here */
246 while ((c = fgetc(stdin)) != EOF) {
247 if (c == 'Z' - 64) {
248 kill(getpid(), SIGTSTP);
249 continue;
250 }
251 if (c != '\n' && c != '\r')
252 continue;
253
254 if (ssh_connect(host, NULL, &hostaddr, options.port,
255 options.address_family, 1, &timeout_ms,
256 options.tcp_keep_alive, options.use_privileged_port) == 0 &&
257 roaming_resume() == 0) {
258 packet_restore_state();
259 reenter_guard = 0;
260 fprintf(stderr, "[connection resumed]\n");
261 fflush(stderr);
262 return 0;
263 }
264
265 fprintf(stderr, "[reconnect failed, press return to retry]");
266 fflush(stderr);
267 }
268 fprintf(stderr, "[exiting]\n");
269 fflush(stderr);
270 exit(0);
271}
diff --git a/roaming_common.c b/roaming_common.c
deleted file mode 100644
index ea064605c..000000000
--- a/roaming_common.c
+++ /dev/null
@@ -1,241 +0,0 @@
1/* $OpenBSD: roaming_common.c,v 1.13 2015/01/27 12:54:06 okan Exp $ */
2/*
3 * Copyright (c) 2004-2009 AppGate Network Security AB
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include "includes.h"
19
20#include <sys/types.h>
21#include <sys/socket.h>
22#include <sys/uio.h>
23
24#include <errno.h>
25#include <stdarg.h>
26#include <string.h>
27#include <unistd.h>
28
29#include "atomicio.h"
30#include "log.h"
31#include "packet.h"
32#include "xmalloc.h"
33#include "cipher.h"
34#include "buffer.h"
35#include "roaming.h"
36#include "digest.h"
37
38static size_t out_buf_size = 0;
39static char *out_buf = NULL;
40static size_t out_start;
41static size_t out_last;
42
43static u_int64_t write_bytes = 0;
44static u_int64_t read_bytes = 0;
45
46int roaming_enabled = 0;
47int resume_in_progress = 0;
48
49int
50get_snd_buf_size(void)
51{
52 int fd = packet_get_connection_out();
53 int optval;
54 socklen_t optvallen = sizeof(optval);
55
56 if (getsockopt(fd, SOL_SOCKET, SO_SNDBUF, &optval, &optvallen) != 0)
57 optval = DEFAULT_ROAMBUF;
58 return optval;
59}
60
61int
62get_recv_buf_size(void)
63{
64 int fd = packet_get_connection_in();
65 int optval;
66 socklen_t optvallen = sizeof(optval);
67
68 if (getsockopt(fd, SOL_SOCKET, SO_RCVBUF, &optval, &optvallen) != 0)
69 optval = DEFAULT_ROAMBUF;
70 return optval;
71}
72
73void
74set_out_buffer_size(size_t size)
75{
76 if (size == 0 || size > MAX_ROAMBUF)
77 fatal("%s: bad buffer size %lu", __func__, (u_long)size);
78 /*
79 * The buffer size can only be set once and the buffer will live
80 * as long as the session lives.
81 */
82 if (out_buf == NULL) {
83 out_buf_size = size;
84 out_buf = xmalloc(size);
85 out_start = 0;
86 out_last = 0;
87 }
88}
89
90u_int64_t
91get_recv_bytes(void)
92{
93 return read_bytes;
94}
95
96void
97add_recv_bytes(u_int64_t num)
98{
99 read_bytes += num;
100}
101
102u_int64_t
103get_sent_bytes(void)
104{
105 return write_bytes;
106}
107
108void
109roam_set_bytes(u_int64_t sent, u_int64_t recvd)
110{
111 read_bytes = recvd;
112 write_bytes = sent;
113}
114
115static void
116buf_append(const char *buf, size_t count)
117{
118 if (count > out_buf_size) {
119 buf += count - out_buf_size;
120 count = out_buf_size;
121 }
122 if (count < out_buf_size - out_last) {
123 memcpy(out_buf + out_last, buf, count);
124 if (out_start > out_last)
125 out_start += count;
126 out_last += count;
127 } else {
128 /* data will wrap */
129 size_t chunk = out_buf_size - out_last;
130 memcpy(out_buf + out_last, buf, chunk);
131 memcpy(out_buf, buf + chunk, count - chunk);
132 out_last = count - chunk;
133 out_start = out_last + 1;
134 }
135}
136
137ssize_t
138roaming_write(int fd, const void *buf, size_t count, int *cont)
139{
140 ssize_t ret;
141
142 ret = write(fd, buf, count);
143 if (ret > 0 && !resume_in_progress) {
144 write_bytes += ret;
145 if (out_buf_size > 0)
146 buf_append(buf, ret);
147 }
148 if (out_buf_size > 0 &&
149 (ret == 0 || (ret == -1 && errno == EPIPE))) {
150 if (wait_for_roaming_reconnect() != 0) {
151 ret = 0;
152 *cont = 1;
153 } else {
154 ret = -1;
155 errno = EAGAIN;
156 }
157 }
158 return ret;
159}
160
161ssize_t
162roaming_read(int fd, void *buf, size_t count, int *cont)
163{
164 ssize_t ret = read(fd, buf, count);
165 if (ret > 0) {
166 if (!resume_in_progress) {
167 read_bytes += ret;
168 }
169 } else if (out_buf_size > 0 &&
170 (ret == 0 || (ret == -1 && (errno == ECONNRESET
171 || errno == ECONNABORTED || errno == ETIMEDOUT
172 || errno == EHOSTUNREACH)))) {
173 debug("roaming_read failed for %d ret=%ld errno=%d",
174 fd, (long)ret, errno);
175 ret = 0;
176 if (wait_for_roaming_reconnect() == 0)
177 *cont = 1;
178 }
179 return ret;
180}
181
182size_t
183roaming_atomicio(ssize_t(*f)(int, void*, size_t), int fd, void *buf,
184 size_t count)
185{
186 size_t ret = atomicio(f, fd, buf, count);
187
188 if (f == vwrite && ret > 0 && !resume_in_progress) {
189 write_bytes += ret;
190 } else if (f == read && ret > 0 && !resume_in_progress) {
191 read_bytes += ret;
192 }
193 return ret;
194}
195
196void
197resend_bytes(int fd, u_int64_t *offset)
198{
199 size_t available, needed;
200
201 if (out_start < out_last)
202 available = out_last - out_start;
203 else
204 available = out_buf_size;
205 needed = write_bytes - *offset;
206 debug3("resend_bytes: resend %lu bytes from %llu",
207 (unsigned long)needed, (unsigned long long)*offset);
208 if (needed > available)
209 fatal("Needed to resend more data than in the cache");
210 if (out_last < needed) {
211 int chunkend = needed - out_last;
212 atomicio(vwrite, fd, out_buf + out_buf_size - chunkend,
213 chunkend);
214 atomicio(vwrite, fd, out_buf, out_last);
215 } else {
216 atomicio(vwrite, fd, out_buf + (out_last - needed), needed);
217 }
218}
219
220/*
221 * Caclulate a new key after a reconnect
222 */
223void
224calculate_new_key(u_int64_t *key, u_int64_t cookie, u_int64_t challenge)
225{
226 u_char hash[SSH_DIGEST_MAX_LENGTH];
227 Buffer b;
228
229 buffer_init(&b);
230 buffer_put_int64(&b, *key);
231 buffer_put_int64(&b, cookie);
232 buffer_put_int64(&b, challenge);
233
234 if (ssh_digest_buffer(SSH_DIGEST_SHA1, &b, hash, sizeof(hash)) != 0)
235 fatal("%s: digest_buffer failed", __func__);
236
237 buffer_clear(&b);
238 buffer_append(&b, hash, ssh_digest_bytes(SSH_DIGEST_SHA1));
239 *key = buffer_get_int64(&b);
240 buffer_free(&b);
241}
diff --git a/roaming_dummy.c b/roaming_dummy.c
deleted file mode 100644
index 837de695d..000000000
--- a/roaming_dummy.c
+++ /dev/null
@@ -1,72 +0,0 @@
1/* $OpenBSD: roaming_dummy.c,v 1.4 2015/01/19 19:52:16 markus Exp $ */
2/*
3 * Copyright (c) 2004-2009 AppGate Network Security AB
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18/*
19 * This file is included in the client programs which should not
20 * support roaming.
21 */
22
23#include "includes.h"
24
25#include <sys/types.h>
26#include <unistd.h>
27
28#include "roaming.h"
29
30int resume_in_progress = 0;
31
32u_int64_t
33get_recv_bytes(void)
34{
35 return 0;
36}
37
38u_int64_t
39get_sent_bytes(void)
40{
41 return 0;
42}
43
44void
45roam_set_bytes(u_int64_t sent, u_int64_t recvd)
46{
47}
48
49ssize_t
50roaming_write(int fd, const void *buf, size_t count, int *cont)
51{
52 return write(fd, buf, count);
53}
54
55ssize_t
56roaming_read(int fd, void *buf, size_t count, int *cont)
57{
58 if (cont)
59 *cont = 0;
60 return read(fd, buf, count);
61}
62
63void
64add_recv_bytes(u_int64_t num)
65{
66}
67
68int
69resume_kex(void)
70{
71 return 1;
72}
diff --git a/roaming_serv.c b/roaming_serv.c
deleted file mode 100644
index 511ca8461..000000000
--- a/roaming_serv.c
+++ /dev/null
@@ -1,31 +0,0 @@
1/* $OpenBSD: roaming_serv.c,v 1.1 2009/10/24 11:18:23 andreas Exp $ */
2/*
3 * Copyright (c) 2004-2009 AppGate Network Security AB
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include "includes.h"
19
20#include <sys/types.h>
21
22#include "roaming.h"
23
24/*
25 * Wait for the roaming client to reconnect. Returns 0 if a connect ocurred.
26 */
27int
28wait_for_roaming_reconnect(void)
29{
30 return 1;
31}
diff --git a/serverloop.c b/serverloop.c
index 85fc8d3af..47bc168b2 100644
--- a/serverloop.c
+++ b/serverloop.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: serverloop.c,v 1.180 2015/12/04 16:41:28 markus Exp $ */ 1/* $OpenBSD: serverloop.c,v 1.181 2016/01/14 16:17:40 markus Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -78,7 +78,6 @@
78#include "dispatch.h" 78#include "dispatch.h"
79#include "auth-options.h" 79#include "auth-options.h"
80#include "serverloop.h" 80#include "serverloop.h"
81#include "roaming.h"
82#include "ssherr.h" 81#include "ssherr.h"
83 82
84extern ServerOptions options; 83extern ServerOptions options;
@@ -399,11 +398,8 @@ process_input(fd_set *readset)
399 398
400 /* Read and buffer any input data from the client. */ 399 /* Read and buffer any input data from the client. */
401 if (FD_ISSET(connection_in, readset)) { 400 if (FD_ISSET(connection_in, readset)) {
402 int cont = 0; 401 len = read(connection_in, buf, sizeof(buf));
403 len = roaming_read(connection_in, buf, sizeof(buf), &cont);
404 if (len == 0) { 402 if (len == 0) {
405 if (cont)
406 return;
407 verbose("Connection closed by %.100s", 403 verbose("Connection closed by %.100s",
408 get_remote_ipaddr()); 404 get_remote_ipaddr());
409 connection_closed = 1; 405 connection_closed = 1;
diff --git a/ssh.c b/ssh.c
index ecaf3022a..993ea1721 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh.c,v 1.434 2016/01/14 14:34:34 deraadt Exp $ */ 1/* $OpenBSD: ssh.c,v 1.435 2016/01/14 16:17:40 markus Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -105,7 +105,6 @@
105#include "match.h" 105#include "match.h"
106#include "msg.h" 106#include "msg.h"
107#include "uidswap.h" 107#include "uidswap.h"
108#include "roaming.h"
109#include "version.h" 108#include "version.h"
110#include "ssherr.h" 109#include "ssherr.h"
111#include "myproposal.h" 110#include "myproposal.h"
diff --git a/ssh2.h b/ssh2.h
index bdff6c5bd..5d1918bf8 100644
--- a/ssh2.h
+++ b/ssh2.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh2.h,v 1.16 2015/12/04 16:41:28 markus Exp $ */ 1/* $OpenBSD: ssh2.h,v 1.17 2016/01/14 16:17:40 markus Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2000 Markus Friedl. All rights reserved. 4 * Copyright (c) 2000 Markus Friedl. All rights reserved.
@@ -165,13 +165,6 @@
165 165
166#define SSH2_EXTENDED_DATA_STDERR 1 166#define SSH2_EXTENDED_DATA_STDERR 1
167 167
168/* kex messages for resume@appgate.com */
169#define SSH2_MSG_KEX_ROAMING_RESUME 30
170#define SSH2_MSG_KEX_ROAMING_AUTH_REQUIRED 31
171#define SSH2_MSG_KEX_ROAMING_AUTH 32
172#define SSH2_MSG_KEX_ROAMING_AUTH_OK 33
173#define SSH2_MSG_KEX_ROAMING_AUTH_FAIL 34
174
175/* Certificate types for OpenSSH certificate keys extension */ 168/* Certificate types for OpenSSH certificate keys extension */
176#define SSH2_CERT_TYPE_USER 1 169#define SSH2_CERT_TYPE_USER 1
177#define SSH2_CERT_TYPE_HOST 2 170#define SSH2_CERT_TYPE_HOST 2
diff --git a/sshconnect.c b/sshconnect.c
index 9dcbdeb66..a22710d9f 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshconnect.c,v 1.269 2015/11/20 01:45:29 djm Exp $ */ 1/* $OpenBSD: sshconnect.c,v 1.270 2016/01/14 16:17:40 markus Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -59,7 +59,6 @@
59#include "readconf.h" 59#include "readconf.h"
60#include "atomicio.h" 60#include "atomicio.h"
61#include "dns.h" 61#include "dns.h"
62#include "roaming.h"
63#include "monitor_fdpass.h" 62#include "monitor_fdpass.h"
64#include "ssh2.h" 63#include "ssh2.h"
65#include "version.h" 64#include "version.h"
@@ -532,7 +531,7 @@ send_client_banner(int connection_out, int minor1)
532 xasprintf(&client_version_string, "SSH-%d.%d-%.100s\n", 531 xasprintf(&client_version_string, "SSH-%d.%d-%.100s\n",
533 PROTOCOL_MAJOR_1, minor1, SSH_VERSION); 532 PROTOCOL_MAJOR_1, minor1, SSH_VERSION);
534 } 533 }
535 if (roaming_atomicio(vwrite, connection_out, client_version_string, 534 if (atomicio(vwrite, connection_out, client_version_string,
536 strlen(client_version_string)) != strlen(client_version_string)) 535 strlen(client_version_string)) != strlen(client_version_string))
537 fatal("write: %.100s", strerror(errno)); 536 fatal("write: %.100s", strerror(errno));
538 chop(client_version_string); 537 chop(client_version_string);
@@ -592,7 +591,7 @@ ssh_exchange_identification(int timeout_ms)
592 } 591 }
593 } 592 }
594 593
595 len = roaming_atomicio(read, connection_in, &buf[i], 1); 594 len = atomicio(read, connection_in, &buf[i], 1);
596 595
597 if (len != 1 && errno == EPIPE) 596 if (len != 1 && errno == EPIPE)
598 fatal("ssh_exchange_identification: " 597 fatal("ssh_exchange_identification: "
diff --git a/sshconnect2.c b/sshconnect2.c
index 6c79a7920..1f918533f 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshconnect2.c,v 1.235 2015/12/11 02:31:47 mmcc Exp $ */ 1/* $OpenBSD: sshconnect2.c,v 1.236 2016/01/14 16:17:40 markus Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * Copyright (c) 2008 Damien Miller. All rights reserved. 4 * Copyright (c) 2008 Damien Miller. All rights reserved.
@@ -219,10 +219,6 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port)
219 219
220 dispatch_run(DISPATCH_BLOCK, &kex->done, active_state); 220 dispatch_run(DISPATCH_BLOCK, &kex->done, active_state);
221 221
222 if (options.use_roaming && !kex->roaming) {
223 debug("Roaming not allowed by server");
224 options.use_roaming = 0;
225 }
226 /* remove ext-info from the KEX proposals for rekeying */ 222 /* remove ext-info from the KEX proposals for rekeying */
227 myproposal[PROPOSAL_KEX_ALGS] = 223 myproposal[PROPOSAL_KEX_ALGS] =
228 compat_kex_proposal(options.kex_algorithms); 224 compat_kex_proposal(options.kex_algorithms);
diff --git a/sshd.c b/sshd.c
index 5d2e0a03c..7504bff6d 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshd.c,v 1.462 2015/12/10 17:08:40 mmcc Exp $ */ 1/* $OpenBSD: sshd.c,v 1.463 2016/01/14 16:17:40 markus Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -121,7 +121,6 @@
121#include "ssh-gss.h" 121#include "ssh-gss.h"
122#endif 122#endif
123#include "monitor_wrap.h" 123#include "monitor_wrap.h"
124#include "roaming.h"
125#include "ssh-sandbox.h" 124#include "ssh-sandbox.h"
126#include "version.h" 125#include "version.h"
127#include "ssherr.h" 126#include "ssherr.h"
@@ -437,7 +436,7 @@ sshd_exchange_identification(int sock_in, int sock_out)
437 options.version_addendum, newline); 436 options.version_addendum, newline);
438 437
439 /* Send our protocol version identification. */ 438 /* Send our protocol version identification. */
440 if (roaming_atomicio(vwrite, sock_out, server_version_string, 439 if (atomicio(vwrite, sock_out, server_version_string,
441 strlen(server_version_string)) 440 strlen(server_version_string))
442 != strlen(server_version_string)) { 441 != strlen(server_version_string)) {
443 logit("Could not write ident string to %s", get_remote_ipaddr()); 442 logit("Could not write ident string to %s", get_remote_ipaddr());
@@ -447,7 +446,7 @@ sshd_exchange_identification(int sock_in, int sock_out)
447 /* Read other sides version identification. */ 446 /* Read other sides version identification. */
448 memset(buf, 0, sizeof(buf)); 447 memset(buf, 0, sizeof(buf));
449 for (i = 0; i < sizeof(buf) - 1; i++) { 448 for (i = 0; i < sizeof(buf) - 1; i++) {
450 if (roaming_atomicio(read, sock_in, &buf[i], 1) != 1) { 449 if (atomicio(read, sock_in, &buf[i], 1) != 1) {
451 logit("Did not receive identification string from %s", 450 logit("Did not receive identification string from %s",
452 get_remote_ipaddr()); 451 get_remote_ipaddr());
453 cleanup_exit(255); 452 cleanup_exit(255);
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-29 07:12:46 +0000