summaryrefslogtreecommitdiff
path: root/authfd.c
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2014-10-07 13:33:15 +0100
committerColin Watson <cjwatson@debian.org>2014-10-07 14:27:30 +0100
commitf0b009aea83e9ff3a50be30f51012099a5143c16 (patch)
tree3825e6f7e3b7ea4481d06ed89aba9a7a95150df5 /authfd.c
parent47f0bad4330b16ec3bad870fcf9839c196e42c12 (diff)
parent762c062828f5a8f6ed189ed6e44ad38fd92f8b36 (diff)
Merge 6.7p1.
* New upstream release (http://www.openssh.com/txt/release-6.7): - sshd(8): The default set of ciphers and MACs has been altered to remove unsafe algorithms. In particular, CBC ciphers and arcfour* are disabled by default. The full set of algorithms remains available if configured explicitly via the Ciphers and MACs sshd_config options. - ssh(1), sshd(8): Add support for Unix domain socket forwarding. A remote TCP port may be forwarded to a local Unix domain socket and vice versa or both ends may be a Unix domain socket (closes: #236718). - ssh(1), ssh-keygen(1): Add support for SSHFP DNS records for ED25519 key types. - sftp(1): Allow resumption of interrupted uploads. - ssh(1): When rekeying, skip file/DNS lookups of the hostkey if it is the same as the one sent during initial key exchange. - sshd(8): Allow explicit ::1 and 127.0.0.1 forwarding bind addresses when GatewayPorts=no; allows client to choose address family. - sshd(8): Add a sshd_config PermitUserRC option to control whether ~/.ssh/rc is executed, mirroring the no-user-rc authorized_keys option. - ssh(1): Add a %C escape sequence for LocalCommand and ControlPath that expands to a unique identifer based on a hash of the tuple of (local host, remote user, hostname, port). Helps avoid exceeding miserly pathname limits for Unix domain sockets in multiplexing control paths. - sshd(8): Make the "Too many authentication failures" message include the user, source address, port and protocol in a format similar to the authentication success / failure messages. - Use CLOCK_BOOTTIME in preference to CLOCK_MONOTONIC when it is available. It considers time spent suspended, thereby ensuring timeouts (e.g. for expiring agent keys) fire correctly (closes: #734553). - Use prctl() to prevent sftp-server from accessing /proc/self/{mem,maps}. * Restore TCP wrappers support, removed upstream in 6.7. It is true that dropping this reduces preauth attack surface in sshd. On the other hand, this support seems to be quite widely used, and abruptly dropping it (from the perspective of users who don't read openssh-unix-dev) could easily cause more serious problems in practice. It's not entirely clear what the right long-term answer for Debian is, but it at least probably doesn't involve dropping this feature shortly before a freeze. * Replace patch to disable OpenSSL version check with an updated version of Kurt Roeckx's patch from #732940 to just avoid checking the status field.
Diffstat (limited to 'authfd.c')
-rw-r--r--authfd.c22
1 files changed, 17 insertions, 5 deletions
diff --git a/authfd.c b/authfd.c
index cea3f97b4..2d5a8dd5b 100644
--- a/authfd.c
+++ b/authfd.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: authfd.c,v 1.92 2014/01/31 16:39:19 tedu Exp $ */ 1/* $OpenBSD: authfd.c,v 1.93 2014/04/29 18:01:49 markus Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -41,9 +41,6 @@
41#include <sys/un.h> 41#include <sys/un.h>
42#include <sys/socket.h> 42#include <sys/socket.h>
43 43
44#include <openssl/evp.h>
45#include <openssl/crypto.h>
46
47#include <fcntl.h> 44#include <fcntl.h>
48#include <stdlib.h> 45#include <stdlib.h>
49#include <signal.h> 46#include <signal.h>
@@ -313,8 +310,10 @@ ssh_get_first_identity(AuthenticationConnection *auth, char **comment, int versi
313Key * 310Key *
314ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int version) 311ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int version)
315{ 312{
313#ifdef WITH_SSH1
316 int keybits; 314 int keybits;
317 u_int bits; 315 u_int bits;
316#endif
318 u_char *blob; 317 u_char *blob;
319 u_int blen; 318 u_int blen;
320 Key *key = NULL; 319 Key *key = NULL;
@@ -328,6 +327,7 @@ ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int versio
328 * error if the packet is too short or contains corrupt data. 327 * error if the packet is too short or contains corrupt data.
329 */ 328 */
330 switch (version) { 329 switch (version) {
330#ifdef WITH_SSH1
331 case 1: 331 case 1:
332 key = key_new(KEY_RSA1); 332 key = key_new(KEY_RSA1);
333 bits = buffer_get_int(&auth->identities); 333 bits = buffer_get_int(&auth->identities);
@@ -339,6 +339,7 @@ ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int versio
339 logit("Warning: identity keysize mismatch: actual %d, announced %u", 339 logit("Warning: identity keysize mismatch: actual %d, announced %u",
340 BN_num_bits(key->rsa->n), bits); 340 BN_num_bits(key->rsa->n), bits);
341 break; 341 break;
342#endif
342 case 2: 343 case 2:
343 blob = buffer_get_string(&auth->identities, &blen); 344 blob = buffer_get_string(&auth->identities, &blen);
344 *comment = buffer_get_string(&auth->identities, NULL); 345 *comment = buffer_get_string(&auth->identities, NULL);
@@ -361,6 +362,7 @@ ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int versio
361 * supported) and 1 corresponding to protocol version 1.1. 362 * supported) and 1 corresponding to protocol version 1.1.
362 */ 363 */
363 364
365#ifdef WITH_SSH1
364int 366int
365ssh_decrypt_challenge(AuthenticationConnection *auth, 367ssh_decrypt_challenge(AuthenticationConnection *auth,
366 Key* key, BIGNUM *challenge, 368 Key* key, BIGNUM *challenge,
@@ -410,6 +412,7 @@ ssh_decrypt_challenge(AuthenticationConnection *auth,
410 buffer_free(&buffer); 412 buffer_free(&buffer);
411 return success; 413 return success;
412} 414}
415#endif
413 416
414/* ask agent to sign data, returns -1 on error, 0 on success */ 417/* ask agent to sign data, returns -1 on error, 0 on success */
415int 418int
@@ -457,6 +460,7 @@ ssh_agent_sign(AuthenticationConnection *auth,
457 460
458/* Encode key for a message to the agent. */ 461/* Encode key for a message to the agent. */
459 462
463#ifdef WITH_SSH1
460static void 464static void
461ssh_encode_identity_rsa1(Buffer *b, RSA *key, const char *comment) 465ssh_encode_identity_rsa1(Buffer *b, RSA *key, const char *comment)
462{ 466{
@@ -470,6 +474,7 @@ ssh_encode_identity_rsa1(Buffer *b, RSA *key, const char *comment)
470 buffer_put_bignum(b, key->p); /* ssh key->q, SSL key->p */ 474 buffer_put_bignum(b, key->p); /* ssh key->q, SSL key->p */
471 buffer_put_cstring(b, comment); 475 buffer_put_cstring(b, comment);
472} 476}
477#endif
473 478
474static void 479static void
475ssh_encode_identity_ssh2(Buffer *b, Key *key, const char *comment) 480ssh_encode_identity_ssh2(Buffer *b, Key *key, const char *comment)
@@ -493,6 +498,7 @@ ssh_add_identity_constrained(AuthenticationConnection *auth, Key *key,
493 buffer_init(&msg); 498 buffer_init(&msg);
494 499
495 switch (key->type) { 500 switch (key->type) {
501#ifdef WITH_SSH1
496 case KEY_RSA1: 502 case KEY_RSA1:
497 type = constrained ? 503 type = constrained ?
498 SSH_AGENTC_ADD_RSA_ID_CONSTRAINED : 504 SSH_AGENTC_ADD_RSA_ID_CONSTRAINED :
@@ -500,6 +506,8 @@ ssh_add_identity_constrained(AuthenticationConnection *auth, Key *key,
500 buffer_put_char(&msg, type); 506 buffer_put_char(&msg, type);
501 ssh_encode_identity_rsa1(&msg, key->rsa, comment); 507 ssh_encode_identity_rsa1(&msg, key->rsa, comment);
502 break; 508 break;
509#endif
510#ifdef WITH_OPENSSL
503 case KEY_RSA: 511 case KEY_RSA:
504 case KEY_RSA_CERT: 512 case KEY_RSA_CERT:
505 case KEY_RSA_CERT_V00: 513 case KEY_RSA_CERT_V00:
@@ -508,6 +516,7 @@ ssh_add_identity_constrained(AuthenticationConnection *auth, Key *key,
508 case KEY_DSA_CERT_V00: 516 case KEY_DSA_CERT_V00:
509 case KEY_ECDSA: 517 case KEY_ECDSA:
510 case KEY_ECDSA_CERT: 518 case KEY_ECDSA_CERT:
519#endif
511 case KEY_ED25519: 520 case KEY_ED25519:
512 case KEY_ED25519_CERT: 521 case KEY_ED25519_CERT:
513 type = constrained ? 522 type = constrained ?
@@ -552,12 +561,15 @@ ssh_remove_identity(AuthenticationConnection *auth, Key *key)
552 561
553 buffer_init(&msg); 562 buffer_init(&msg);
554 563
564#ifdef WITH_SSH1
555 if (key->type == KEY_RSA1) { 565 if (key->type == KEY_RSA1) {
556 buffer_put_char(&msg, SSH_AGENTC_REMOVE_RSA_IDENTITY); 566 buffer_put_char(&msg, SSH_AGENTC_REMOVE_RSA_IDENTITY);
557 buffer_put_int(&msg, BN_num_bits(key->rsa->n)); 567 buffer_put_int(&msg, BN_num_bits(key->rsa->n));
558 buffer_put_bignum(&msg, key->rsa->e); 568 buffer_put_bignum(&msg, key->rsa->e);
559 buffer_put_bignum(&msg, key->rsa->n); 569 buffer_put_bignum(&msg, key->rsa->n);
560 } else if (key->type != KEY_UNSPEC) { 570 } else
571#endif
572 if (key->type != KEY_UNSPEC) {
561 key_to_blob(key, &blob, &blen); 573 key_to_blob(key, &blob, &blen);
562 buffer_put_char(&msg, SSH2_AGENTC_REMOVE_IDENTITY); 574 buffer_put_char(&msg, SSH2_AGENTC_REMOVE_IDENTITY);
563 buffer_put_string(&msg, blob, blen); 575 buffer_put_string(&msg, blob, blen);