- (djm) Sync with OpenBSD:

   - markus@cvs.openbsd.org  2000/10/14 04:01:15
     [cipher.c]
     debug3
   - markus@cvs.openbsd.org  2000/10/14 04:07:23
     [scp.c]
     remove spaces from arguments; from djm@mindrot.org
   - markus@cvs.openbsd.org  2000/10/14 06:09:46
     [ssh.1]
     Cipher is for SSH-1 only
   - markus@cvs.openbsd.org  2000/10/14 06:12:09
     [servconf.c servconf.h serverloop.c session.c sshd.8]
     AllowTcpForwarding; from naddy@
   - markus@cvs.openbsd.org  2000/10/14 06:16:56
     [auth2.c compat.c compat.h sshconnect2.c version.h]
     OpenSSH_2.3; note that is is not complete, but the version number
     needs to be changed for interoperability reasons
   - markus@cvs.openbsd.org  2000/10/14 06:19:45
     [auth-rsa.c]
     do not send RSA challenge if key is not allowed by key-options; from
     eivind@ThinkSec.com
   - markus@cvs.openbsd.org  2000/10/15 08:14:01
     [rijndael.c session.c]
     typos; from stevesk@sweden.hp.com
   - markus@cvs.openbsd.org  2000/10/15 08:18:31
     [rijndael.c]
     typo
 - Copy manpages back over from OpenBSD - too tedious to wade through diffs

16 files changed, 111 insertions, 47 deletions

diff --git a/ChangeLog b/ChangeLog
index 552bcfcaf..74eee27b9 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,32 @@
+20001016
+ - (djm) Sync with OpenBSD:
+   - markus@cvs.openbsd.org  2000/10/14 04:01:15
+     [cipher.c]
+     debug3
+   - markus@cvs.openbsd.org  2000/10/14 04:07:23
+     [scp.c]
+     remove spaces from arguments; from djm@mindrot.org
+   - markus@cvs.openbsd.org  2000/10/14 06:09:46
+     [ssh.1]
+     Cipher is for SSH-1 only
+   - markus@cvs.openbsd.org  2000/10/14 06:12:09
+     [servconf.c servconf.h serverloop.c session.c sshd.8]
+     AllowTcpForwarding; from naddy@
+   - markus@cvs.openbsd.org  2000/10/14 06:16:56
+     [auth2.c compat.c compat.h sshconnect2.c version.h]
+     OpenSSH_2.3; note that is is not complete, but the version number 
+     needs to be changed for interoperability reasons
+   - markus@cvs.openbsd.org  2000/10/14 06:19:45
+     [auth-rsa.c]
+     do not send RSA challenge if key is not allowed by key-options; from
+     eivind@ThinkSec.com
+   - markus@cvs.openbsd.org  2000/10/15 08:14:01
+     [rijndael.c session.c]
+     typos; from stevesk@sweden.hp.com
+   - markus@cvs.openbsd.org  2000/10/15 08:18:31
+     [rijndael.c]
+     typo
+
 20001015
  - (djm) Fix ssh2 hang on background processes at logout.
 
diff --git a/auth-rsa.c b/auth-rsa.c
index 522f01f84..e8bfa1651 100644
--- a/auth-rsa.c
+++ b/auth-rsa.c
@@ -14,7 +14,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth-rsa.c,v 1.31 2000/10/11 19:59:52 markus Exp $");
+RCSID("$OpenBSD: auth-rsa.c,v 1.32 2000/10/14 12:19:45 markus Exp $");
 
 #include "rsa.h"
 #include "packet.h"
@@ -231,6 +231,12 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n)
                         }
                 } else
                         options = NULL;
+                /*
+                 * If our options do not allow this key to be used,
+                 * do not send challenge.
+                 */
+                if (!auth_parse_options(pw, options, linenum))
+                        continue;
 
                 /* Parse the key from the line. */
                 if (!auth_rsa_read_key(&cp, &bits, pk->e, pk->n)) {
@@ -269,9 +275,8 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n)
                  * Break out of the loop if authentication was successful;
                  * otherwise continue searching.
                  */
-                authenticated = auth_parse_options(pw, options, linenum);
-                if (authenticated)
-                        break;
+                authenticated = 1;
+                break;
         }
 
         /* Restore the privileged uid. */
diff --git a/auth2.c b/auth2.c
index f34b586d4..60f8f98e6 100644
--- a/auth2.c
+++ b/auth2.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth2.c,v 1.19 2000/10/11 20:27:23 markus Exp $");
+RCSID("$OpenBSD: auth2.c,v 1.20 2000/10/14 12:16:56 markus Exp $");
 
 #ifdef HAVE_OSF_SIA
 # include <sia.h>
@@ -442,10 +442,10 @@ userauth_pubkey(Authctxt *authctxt)
                         sig = packet_get_string(&slen);
                         packet_done();
                         buffer_init(&b);
-                        if (datafellows & SSH_COMPAT_SESSIONID_ENCODING) {
-                                buffer_put_string(&b, session_id2, session_id2_len);
-                        } else {
+                        if (datafellows & SSH_OLD_SESSIONID) {
                                 buffer_append(&b, session_id2, session_id2_len);
+                        } else {
+                                buffer_put_string(&b, session_id2, session_id2_len);
                         }
                         /* reconstruct packet */
                         buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
diff --git a/cipher.c b/cipher.c
index 226e4256a..b9c1b28ab 100644
--- a/cipher.c
+++ b/cipher.c
@@ -35,7 +35,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: cipher.c,v 1.35 2000/10/13 18:59:13 markus Exp $");
+RCSID("$OpenBSD: cipher.c,v 1.36 2000/10/14 10:01:15 markus Exp $");
 
 #include "ssh.h"
 #include "xmalloc.h"
@@ -488,10 +488,10 @@ ciphers_valid(const char *names)
                         xfree(ciphers);
                         return 0;
                 } else {
-                        debug("cipher ok: %s [%s]", p, names);
+                        debug3("cipher ok: %s [%s]", p, names);
                 }
         }
-        debug("ciphers ok: [%s]", names);
+        debug3("ciphers ok: [%s]", names);
         xfree(ciphers);
         return 1;
 }
diff --git a/compat.c b/compat.c
index 71d12010c..0e12b77c6 100644
--- a/compat.c
+++ b/compat.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: compat.c,v 1.24 2000/10/10 20:20:45 markus Exp $");
+RCSID("$OpenBSD: compat.c,v 1.25 2000/10/14 12:16:56 markus Exp $");
 
 #include "ssh.h"
 #include "packet.h"
@@ -62,13 +62,18 @@ compat_datafellows(const char *version)
                 char    *pat;
                 int     bugs;
         } check[] = {
-                {"^.*MindTerm",         0},
-                {"^2\\.1\\.0 ",         SSH_BUG_SIGBLOB|SSH_BUG_HMAC},
-                {"^2\\.0\\.",           SSH_BUG_SIGBLOB|SSH_BUG_HMAC|SSH_BUG_PUBKEYAUTH|SSH_BUG_X11FWD},
-                {"^2\\.[23]\\.0 ",      SSH_BUG_HMAC|SSH_COMPAT_SESSIONID_ENCODING},
-                {"^2\\.[2-9]\\.",       SSH_COMPAT_SESSIONID_ENCODING},
-                {"^2\\.",               SSH_BUG_HMAC|SSH_COMPAT_SESSIONID_ENCODING},
-                {NULL,                  0}
+                { "^OpenSSH-2\\.[01]",  SSH_OLD_SESSIONID },
+                { "^OpenSSH_2\\.2",     SSH_OLD_SESSIONID },
+                { "MindTerm",           0 },
+                { "^2\\.1\\.0 ",        SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
+                                        SSH_OLD_SESSIONID },
+                { "^2\\.0\\.",          SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
+                                        SSH_OLD_SESSIONID|
+                                        SSH_BUG_PUBKEYAUTH|SSH_BUG_X11FWD },
+                { "^2\\.[23]\\.0 ",     SSH_BUG_HMAC},
+                { "^2\\.[2-9]\\.",      0 },
+                { "^2\\.",              SSH_BUG_HMAC},          /* XXX fallback */
+                { NULL,                 0 }
         };
         /* process table, return first match */
         for (i = 0; check[i].pat; i++) {
diff --git a/compat.h b/compat.h
index 5be188b79..f14efafa7 100644
--- a/compat.h
+++ b/compat.h
@@ -21,7 +21,7 @@
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
-/* RCSID("$OpenBSD: compat.h,v 1.10 2000/09/07 20:27:50 deraadt Exp $"); */
+/* RCSID("$OpenBSD: compat.h,v 1.11 2000/10/14 12:16:56 markus Exp $"); */
 
 #ifndef COMPAT_H
 #define COMPAT_H
@@ -35,7 +35,7 @@
 #define SSH_BUG_PUBKEYAUTH      0x02
 #define SSH_BUG_HMAC            0x04
 #define SSH_BUG_X11FWD          0x08
-#define SSH_COMPAT_SESSIONID_ENCODING           0x10
+#define SSH_OLD_SESSIONID       0x10
 
 void    enable_compat13(void);
 void    enable_compat20(void);
diff --git a/scp.c b/scp.c
index 8d5a251b5..75e50ce25 100644
--- a/scp.c
+++ b/scp.c
@@ -75,7 +75,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: scp.c,v 1.41 2000/10/11 20:03:27 markus Exp $");
+RCSID("$OpenBSD: scp.c,v 1.42 2000/10/14 10:07:21 markus Exp $");
 
 #include "ssh.h"
 #include "xmalloc.h"
@@ -266,13 +266,13 @@ main(argc, argv)
                 case 'o':
                 case 'c':
                 case 'i':
-                        addargs("-%c %s", ch, optarg);
+                        addargs("-%c%s", ch, optarg);
                         break;
                 case 'P':
-                        addargs("-p %s", optarg);
+                        addargs("-p%s", optarg);
                         break;
                 case 'B':
-                        addargs("-o Batchmode yes");
+                        addargs("-oBatchmode yes");
                         break;
                 case 'p':
                         pflag = 1;
diff --git a/servconf.c b/servconf.c
index e90defe61..76702a836 100644
--- a/servconf.c
+++ b/servconf.c
@@ -10,7 +10,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: servconf.c,v 1.52 2000/10/11 20:14:39 markus Exp $");
+RCSID("$OpenBSD: servconf.c,v 1.53 2000/10/14 12:12:09 markus Exp $");
 
 #include "ssh.h"
 #include "servconf.h"
@@ -67,6 +67,7 @@ initialize_server_options(ServerOptions *options)
 #endif
         options->permit_empty_passwd = -1;
         options->use_login = -1;
+        options->allow_tcp_forwarding = -1;
         options->num_allow_users = 0;
         options->num_deny_users = 0;
         options->num_allow_groups = 0;
@@ -159,6 +160,8 @@ fill_default_server_options(ServerOptions *options)
                 options->permit_empty_passwd = 0;
         if (options->use_login == -1)
                 options->use_login = 0;
+        if (options->allow_tcp_forwarding == -1)
+                options->allow_tcp_forwarding = 1;
         if (options->protocol == SSH_PROTO_UNKNOWN)
                 options->protocol = SSH_PROTO_1|SSH_PROTO_2;
         if (options->gateway_ports == -1)
@@ -189,7 +192,8 @@ typedef enum {
         sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,
         sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset,
         sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives, sCheckMail,
-        sUseLogin, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
+        sUseLogin, sAllowTcpForwarding,
+        sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
         sIgnoreUserKnownHosts, sHostDSAKeyFile, sCiphers, sProtocol, sPidFile,
         sGatewayPorts, sDSAAuthentication, sXAuthLocation, sSubsystem, sMaxStartups
 } ServerOpCodes;
@@ -240,6 +244,7 @@ static struct {
         { "uselogin", sUseLogin },
         { "randomseed", sRandomSeedFile },
         { "keepalive", sKeepAlives },
+        { "allowtcpforwarding", sAllowTcpForwarding },
         { "allowusers", sAllowUsers },
         { "denyusers", sDenyUsers },
         { "allowgroups", sAllowGroups },
@@ -573,6 +578,10 @@ parse_flag:
                                 *intptr = (LogLevel) value;
                         break;
 
+                case sAllowTcpForwarding:
+                        intptr = &options->allow_tcp_forwarding;
+                        goto parse_flag;
+
                 case sAllowUsers:
                         while ((arg = strdelim(&cp)) && *arg != '\0') {
                                 if (options->num_allow_users >= MAX_ALLOW_USERS)
diff --git a/servconf.h b/servconf.h
index ef0790c7b..0188b9b89 100644
--- a/servconf.h
+++ b/servconf.h
@@ -11,7 +11,7 @@
  * called by a name other than "ssh" or "Secure Shell".
  */
 
-/* RCSID("$OpenBSD: servconf.h,v 1.29 2000/10/11 20:14:39 markus Exp $"); */
+/* RCSID("$OpenBSD: servconf.h,v 1.30 2000/10/14 12:12:09 markus Exp $"); */
 
 #ifndef SERVCONF_H
 #define SERVCONF_H
@@ -86,6 +86,7 @@ typedef struct {
         int     permit_empty_passwd;    /* If false, do not permit empty
                                          * passwords. */
         int     use_login;      /* If true, login(1) is used */
+        int     allow_tcp_forwarding;
         unsigned int num_allow_users;
         char   *allow_users[MAX_ALLOW_USERS];
         unsigned int num_deny_users;
diff --git a/serverloop.c b/serverloop.c
index 0c07a2821..d98d74c25 100644
--- a/serverloop.c
+++ b/serverloop.c
@@ -49,6 +49,8 @@
 #include "dispatch.h"
 #include "auth-options.h"
 
+extern ServerOptions options;
+
 static Buffer stdin_buffer;     /* Buffer for stdin data. */
 static Buffer stdout_buffer;    /* Buffer for stdout data. */
 static Buffer stderr_buffer;    /* Buffer for stderr data. */
@@ -749,7 +751,7 @@ input_direct_tcpip(void)
            originator, originator_port, target, target_port);
 
         /* XXX check permission */
-        if (no_port_forwarding_flag) {
+        if (no_port_forwarding_flag || !options.allow_tcp_forwarding) {
                 xfree(target);
                 xfree(originator);
                 return -1;
diff --git a/session.c b/session.c
index 9a213923c..4325ed3a4 100644
--- a/session.c
+++ b/session.c
@@ -33,7 +33,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: session.c,v 1.38 2000/10/11 20:27:23 markus Exp $");
+RCSID("$OpenBSD: session.c,v 1.40 2000/10/15 14:14:01 markus Exp $");
 
 #include "xmalloc.h"
 #include "ssh.h"
@@ -236,7 +236,7 @@ do_authenticated(struct passwd * pw)
          * by the client telling us, so we can equally well trust the client
          * not to request anything bogus.)
          */
-        if (!no_port_forwarding_flag)
+        if (!no_port_forwarding_flag && options.allow_tcp_forwarding)
                 channel_permit_all_opens();
 
         s = session_new();
@@ -388,6 +388,10 @@ do_authenticated(struct passwd * pw)
                                 debug("Port forwarding not permitted for this authentication.");
                                 break;
                         }
+                        if (!options.allow_tcp_forwarding) {
+                                debug("Port forwarding not permitted.");
+                                break;
+                        }
                         debug("Received TCP/IP port forwarding request.");
                         channel_input_port_forward_request(pw->pw_uid == 0, options.gateway_ports);
                         success = 1;
diff --git a/sftp-server.8 b/sftp-server.8
index 2a7ba258b..fb4706c43 100644
--- a/sftp-server.8
+++ b/sftp-server.8
@@ -36,20 +36,20 @@ is a program that speaks the server side of SFTP protocol
 to stdout and expects client requests from stdin.
 .Nm
 is not intended to be called directly, but from
-.Xr sshd 8 
+.Xr sshd 8
 using the
 .Cm Subsystem
 option.
 See
-.Xr sshd 8 
+.Xr sshd 8
 for more information.
-.Sh HISTORY
-.Nm
-first appeared in OpenBSD 2.8.
-.Sh AUTHOR
-Markus Friedl <markus@openbsd.org>
 .Sh SEE ALSO
 .Xr ssh 1 ,
 .Xr ssh-add 1 ,
 .Xr ssh-keygen 1 ,
-.Xr sshd 8 ,
+.Xr sshd 8
+.Sh AUTHOR
+Markus Friedl <markus@openbsd.org>
+.Sh HISTORY
+.Nm
+first appeared in OpenBSD 2.8 .
diff --git a/ssh.1 b/ssh.1
index a73a07c65..dac24a43c 100644
--- a/ssh.1
+++ b/ssh.1
@@ -627,7 +627,8 @@ If the option is set to
 .Dq no ,
 the check will not be executed.
 .It Cm Cipher
-Specifies the cipher to use for encrypting the session.
+Specifies the cipher to use for encrypting the session
+in protocol version 1
 Currently,
 .Dq blowfish ,
 and
@@ -640,7 +641,7 @@ Specifies the ciphers allowed for protocol version 2
 in order of preference.
 Multiple ciphers must be comma-separated.
 The default is
-.Dq 3des-cbc,blowfish-cbc,arcfour,cast128-cbc .
+.Dq 3des-cbc,blowfish-cbc,cast128-cbc,arcfour .
 .It Cm Compression
 Specifies whether to use compression.
 The argument must be
diff --git a/sshconnect2.c b/sshconnect2.c
index ca459f62c..1f3b5a261 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.25 2000/10/12 09:59:19 markus Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.26 2000/10/14 12:16:56 markus Exp $");
 
 #include <openssl/bn.h>
 #include <openssl/rsa.h>
@@ -657,12 +657,12 @@ sign_and_send_pubkey(Authctxt *authctxt, Key *k, sign_cb_fn *sign_callback)
 
         /* data to be signed */
         buffer_init(&b);
-        if (datafellows & SSH_COMPAT_SESSIONID_ENCODING) {
-                buffer_put_string(&b, session_id2, session_id2_len);
-                skip = buffer_len(&b);
-        } else {
+        if (datafellows & SSH_OLD_SESSIONID) {
                 buffer_append(&b, session_id2, session_id2_len);
                 skip = session_id2_len; 
+        } else {
+                buffer_put_string(&b, session_id2, session_id2_len);
+                skip = buffer_len(&b);
         }
         buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
         buffer_put_cstring(&b, authctxt->server_user);
diff --git a/sshd.8 b/sshd.8
index 29ad2144a..a474d2fd1 100644
--- a/sshd.8
+++ b/sshd.8
@@ -303,6 +303,14 @@ wildcards in the patterns.
 Only group names are valid; a numerical group ID isn't recognized.
 By default login is allowed regardless of the primary group.
 .Pp
+.It Cm AllowTcpForwarding
+Specifies whether TCP forwarding is permitted.
+The default is
+.Dq yes .
+Note that disabling TCP forwarding does not improve security unless
+users are also denied shell access, as they can always install their
+own forwarders.
+.Pp
 .It Cm AllowUsers
 This keyword can be followed by a number of user names, separated
 by spaces.
diff --git a/version.h b/version.h
index f015025f2..3522a327c 100644
--- a/version.h
+++ b/version.h
@@ -1 +1 @@
-#define SSH_VERSION     "OpenSSH_2.2.0p2"
+#define SSH_VERSION     "OpenSSH_2.3.0p1"