* New upstream release (LP: #535029).

- After a transition period of about 10 years, this release disables SSH protocol 1 by default. Clients and servers that need to use the legacy protocol must explicitly enable it in ssh_config / sshd_config or on the command-line. - Remove the libsectok/OpenSC-based smartcard code and add support for PKCS#11 tokens. This support is enabled by default in the Debian packaging, since it now doesn't involve additional library dependencies (closes: #231472, LP: #16918). - Add support for certificate authentication of users and hosts using a new, minimal OpenSSH certificate format (closes: #482806). - Added a 'netcat mode' to ssh(1): "ssh -W host:port ...". - Add the ability to revoke keys in sshd(8) and ssh(1). (For the Debian package, this overlaps with the key blacklisting facility added in openssh 1:4.7p1-9, but with different file formats and slightly different scopes; for the moment, I've roughly merged the two.) - Various multiplexing improvements, including support for requesting port-forwardings via the multiplex protocol (closes: #360151). - Allow setting an explicit umask on the sftp-server(8) commandline to override whatever default the user has (closes: #496843). - Many sftp client improvements, including tab-completion, more options, and recursive transfer support for get/put (LP: #33378). The old mget/mput commands never worked properly and have been removed (closes: #270399, #428082). - Do not prompt for a passphrase if we fail to open a keyfile, and log the reason why the open failed to debug (closes: #431538). - Prevent sftp from crashing when given a "-" without a command. Also, allow whitespace to follow a "-" (closes: #531561).
author: Colin Watson <cjwatson@debian.org> 2010-03-31 10:46:28 +0100
committer: Colin Watson <cjwatson@debian.org> 2010-03-31 10:46:28 +0100
commit: efd3d4522636ae029488c2e9730b60c88e257d2e (patch)
tree: 31e02ac3f16090ce8c53448677356b2b7f423683 /authfile.c
parent: bbec4db36d464ea1d464a707625125f9fd5c7b5e (diff)
parent: d1a87e462e1db89f19cd960588d0c6b287cb5ccc (diff)
1 files changed, 80 insertions, 3 deletions
diff --git a/authfile.c b/authfile.c
index 0d837b9bd..4d0823209 100644
--- a/authfile.c
+++ b/authfile.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: authfile.c,v 1.76 2006/08/03 03:34:41 deraadt Exp $ */
+/* $OpenBSD: authfile.c,v 1.80 2010/03/04 10:36:03 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -47,6 +47,9 @@
 #include <openssl/evp.h>
 #include <openssl/pem.h>
+/* compatibility with old or broken OpenSSL versions */
+#include "openbsd-compat/openssl-compat.h"
 #include <errno.h>
 #include <fcntl.h>
 #include <stdarg.h>
@@ -185,7 +188,11 @@ key_save_private_pem(Key *key, const char *filename, const char *_passphrase,
        int success = 0;
        int len = strlen(_passphrase);
        u_char *passphrase = (len > 0) ? (u_char *)_passphrase : NULL;
+#if (OPENSSL_VERSION_NUMBER < 0x00907000L)
        const EVP_CIPHER *cipher = (len > 0) ? EVP_des_ede3_cbc() : NULL;
+#else
+        const EVP_CIPHER *cipher = (len > 0) ? EVP_aes_128_cbc() : NULL;
+#endif
        if (len > 0 && len <= 4) {
                error("passphrase too short: have %d bytes, need > 4", len);
@@ -553,8 +560,13 @@ key_load_private_type(int type, const char *filename, const char *passphrase,
        int fd;
        fd = open(filename, O_RDONLY);
-        if (fd < 0)
+        if (fd < 0) {
+                debug("could not open key file '%s': %s", filename,
+                    strerror(errno));
+                if (perm_ok != NULL)
+                        *perm_ok = 0;
                return NULL;
+        }
        if (!key_perm_ok(fd, filename)) {
                if (perm_ok != NULL)
                        *perm_ok = 0;
@@ -589,8 +601,11 @@ key_load_private(const char *filename, const char *passphrase,
        int fd;
        fd = open(filename, O_RDONLY);
-        if (fd < 0)
+        if (fd < 0) {
+                debug("could not open key file '%s': %s", filename,
+                    strerror(errno));
                return NULL;
+        }
        if (!key_perm_ok(fd, filename)) {
                error("bad permissions: ignore key: %s", filename);
                close(fd);
@@ -679,6 +694,67 @@ key_load_public(const char *filename, char **commentp)
        return NULL;
 }
+/*
+ * Returns 1 if the specified "key" is listed in the file "filename",
+ * 0 if the key is not listed or -1 on error.
+ * If strict_type is set then the key type must match exactly,
+ * otherwise a comparison that ignores certficiate data is performed.
+ */
+int
+key_in_file(Key *key, const char *filename, int strict_type)
+{
+        FILE *f;
+        char line[SSH_MAX_PUBKEY_BYTES];
+        char *cp;
+        u_long linenum = 0;
+        int ret = 0;
+        Key *pub;
+        int (*key_compare)(const Key *, const Key *) = strict_type ?
+            key_equal : key_equal_public;
+        if ((f = fopen(filename, "r")) == NULL) {
+                if (errno == ENOENT) {
+                        debug("%s: keyfile \"%s\" missing", __func__, filename);
+                        return 0;
+                } else {
+                        error("%s: could not open keyfile \"%s\": %s", __func__,
+                            filename, strerror(errno));
+                        return -1;
+                }
+        }
+        while (read_keyfile_line(f, filename, line, sizeof(line),
+                    &linenum) != -1) {
+                cp = line;
+                /* Skip leading whitespace. */
+                for (; *cp && (*cp == ' ' || *cp == '\t'); cp++)
+                        ;
+                /* Skip comments and empty lines */
+                switch (*cp) {
+                case '#':
+                case '\n':
+                case '\0':
+                        continue;
+                }
+                pub = key_new(KEY_UNSPEC);
+                if (key_read(pub, &cp) != 1) {
+                        key_free(pub);
+                        continue;
+                }
+                if (key_compare(key, pub)) {
+                        ret = 1;
+                        key_free(pub);
+                        break;
+                }
+                key_free(pub);
+        }
+        fclose(f);
+        return ret;
+}
 /* Scan a blacklist of known-vulnerable keys in blacklist_file. */
 static int
 blacklisted_key_in_file(const Key *key, const char *blacklist_file, char **fp)
@@ -815,3 +891,4 @@ blacklisted_key(const Key *key, char **fp)
        key_free(public);
        return ret;
 }
author	Colin Watson <cjwatson@debian.org>	2010-03-31 10:46:28 +0100
committer	Colin Watson <cjwatson@debian.org>	2010-03-31 10:46:28 +0100
commit	efd3d4522636ae029488c2e9730b60c88e257d2e (patch)
tree	31e02ac3f16090ce8c53448677356b2b7f423683 /authfile.c
parent	bbec4db36d464ea1d464a707625125f9fd5c7b5e (diff)
parent	d1a87e462e1db89f19cd960588d0c6b287cb5ccc (diff)

diff --git a/authfile.c b/authfile.c index 0d837b9bd..4d0823209 100644 --- a/authfile.c +++ b/authfile.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: authfile.c,v 1.76 2006/08/03 03:34:41 deraadt Exp $ */	1	/* $OpenBSD: authfile.c,v 1.80 2010/03/04 10:36:03 djm Exp $ */
2	/*	2	/*
3	* Author: Tatu Ylonen <ylo@cs.hut.fi>	3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -47,6 +47,9 @@
47	#include <openssl/evp.h>	47	#include <openssl/evp.h>
48	#include <openssl/pem.h>	48	#include <openssl/pem.h>
49		49
		50	/* compatibility with old or broken OpenSSL versions */
		51	#include "openbsd-compat/openssl-compat.h"
		52
50	#include <errno.h>	53	#include <errno.h>
51	#include <fcntl.h>	54	#include <fcntl.h>
52	#include <stdarg.h>	55	#include <stdarg.h>
@@ -185,7 +188,11 @@ key_save_private_pem(Key key, const char filename, const char *_passphrase,
185	int success = 0;	188	int success = 0;
186	int len = strlen(_passphrase);	189	int len = strlen(_passphrase);
187	u_char passphrase = (len > 0) ? (u_char )_passphrase : NULL;	190	u_char passphrase = (len > 0) ? (u_char )_passphrase : NULL;
		191	#if (OPENSSL_VERSION_NUMBER < 0x00907000L)
188	const EVP_CIPHER *cipher = (len > 0) ? EVP_des_ede3_cbc() : NULL;	192	const EVP_CIPHER *cipher = (len > 0) ? EVP_des_ede3_cbc() : NULL;
		193	#else
		194	const EVP_CIPHER *cipher = (len > 0) ? EVP_aes_128_cbc() : NULL;
		195	#endif
189		196
190	if (len > 0 && len <= 4) {	197	if (len > 0 && len <= 4) {
191	error("passphrase too short: have %d bytes, need > 4", len);	198	error("passphrase too short: have %d bytes, need > 4", len);
@@ -553,8 +560,13 @@ key_load_private_type(int type, const char filename, const char passphrase,
553	int fd;	560	int fd;
554		561
555	fd = open(filename, O_RDONLY);	562	fd = open(filename, O_RDONLY);
556	if (fd < 0)	563	if (fd < 0) {
		564	debug("could not open key file '%s': %s", filename,
		565	strerror(errno));
		566	if (perm_ok != NULL)
		567	*perm_ok = 0;
557	return NULL;	568	return NULL;
		569	}
558	if (!key_perm_ok(fd, filename)) {	570	if (!key_perm_ok(fd, filename)) {
559	if (perm_ok != NULL)	571	if (perm_ok != NULL)
560	*perm_ok = 0;	572	*perm_ok = 0;
@@ -589,8 +601,11 @@ key_load_private(const char filename, const char passphrase,
589	int fd;	601	int fd;
590		602
591	fd = open(filename, O_RDONLY);	603	fd = open(filename, O_RDONLY);
592	if (fd < 0)	604	if (fd < 0) {
		605	debug("could not open key file '%s': %s", filename,
		606	strerror(errno));
593	return NULL;	607	return NULL;
		608	}
594	if (!key_perm_ok(fd, filename)) {	609	if (!key_perm_ok(fd, filename)) {
595	error("bad permissions: ignore key: %s", filename);	610	error("bad permissions: ignore key: %s", filename);
596	close(fd);	611	close(fd);
@@ -679,6 +694,67 @@ key_load_public(const char filename, char *commentp)
679	return NULL;	694	return NULL;
680	}	695	}
681		696
		697	/*
		698	* Returns 1 if the specified "key" is listed in the file "filename",
		699	* 0 if the key is not listed or -1 on error.
		700	* If strict_type is set then the key type must match exactly,
		701	* otherwise a comparison that ignores certficiate data is performed.
		702	*/
		703	int
		704	key_in_file(Key key, const char filename, int strict_type)
		705	{
		706	FILE *f;
		707	char line[SSH_MAX_PUBKEY_BYTES];
		708	char *cp;
		709	u_long linenum = 0;
		710	int ret = 0;
		711	Key *pub;
		712	int (key_compare)(const Key , const Key *) = strict_type ?
		713	key_equal : key_equal_public;
		714
		715	if ((f = fopen(filename, "r")) == NULL) {
		716	if (errno == ENOENT) {
		717	debug("%s: keyfile \"%s\" missing", __func__, filename);
		718	return 0;
		719	} else {
		720	error("%s: could not open keyfile \"%s\": %s", __func__,
		721	filename, strerror(errno));
		722	return -1;
		723	}
		724	}
		725
		726	while (read_keyfile_line(f, filename, line, sizeof(line),
		727	&linenum) != -1) {
		728	cp = line;
		729
		730	/* Skip leading whitespace. */
		731	for (; cp && (cp == ' ' \|\| *cp == '\t'); cp++)
		732	;
		733
		734	/* Skip comments and empty lines */
		735	switch (*cp) {
		736	case '#':
		737	case '\n':
		738	case '\0':
		739	continue;
		740	}
		741
		742	pub = key_new(KEY_UNSPEC);
		743	if (key_read(pub, &cp) != 1) {
		744	key_free(pub);
		745	continue;
		746	}
		747	if (key_compare(key, pub)) {
		748	ret = 1;
		749	key_free(pub);
		750	break;
		751	}
		752	key_free(pub);
		753	}
		754	fclose(f);
		755	return ret;
		756	}
		757
682	/* Scan a blacklist of known-vulnerable keys in blacklist_file. */	758	/* Scan a blacklist of known-vulnerable keys in blacklist_file. */
683	static int	759	static int
684	blacklisted_key_in_file(const Key key, const char blacklist_file, char **fp)	760	blacklisted_key_in_file(const Key key, const char blacklist_file, char **fp)
@@ -815,3 +891,4 @@ blacklisted_key(const Key key, char *fp)
815	key_free(public);	891	key_free(public);
816	return ret;	892	return ret;
817	}	893	}
		894