Import openssh_6.7p1.orig.tar.gz

1 files changed, 30 insertions, 3 deletions

diff --git a/monitor.c b/monitor.c
index 531c4f9a8..dbe29f128 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor.c,v 1.131 2014/02/02 03:44:31 djm Exp $ */
+/* $OpenBSD: monitor.c,v 1.135 2014/07/15 15:54:14 millert Exp $ */
 /*
  * Copyright 2002 Niels Provos <provos@citi.umich.edu>
  * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -40,9 +40,10 @@
 #endif
 #include <pwd.h>
 #include <signal.h>
-#include <stdarg.h>
 #include <stdlib.h>
 #include <string.h>
+#include <stdarg.h>
+#include <stdio.h>
 #include <unistd.h>
 #ifdef HAVE_POLL_H
 #include <poll.h>
@@ -56,7 +57,9 @@
 #include <skey.h>
 #endif
 
+#ifdef WITH_OPENSSL
 #include <openssl/dh.h>
+#endif
 
 #include "openbsd-compat/sys-queue.h"
 #include "atomicio.h"
@@ -84,6 +87,7 @@
 #include "sshlogin.h"
 #include "canohost.h"
 #include "log.h"
+#include "misc.h"
 #include "servconf.h"
 #include "monitor.h"
 #include "monitor_mm.h"
@@ -92,7 +96,6 @@
 #endif
 #include "monitor_wrap.h"
 #include "monitor_fdpass.h"
-#include "misc.h"
 #include "compat.h"
 #include "ssh2.h"
 #include "roaming.h"
@@ -185,7 +188,10 @@ int mm_answer_audit_command(int, Buffer *);
 static int monitor_read_log(struct monitor *);
 
 static Authctxt *authctxt;
+
+#ifdef WITH_SSH1
 static BIGNUM *ssh1_challenge = NULL;   /* used for ssh1 rsa auth */
+#endif
 
 /* local state for key verify */
 static u_char *key_blob = NULL;
@@ -215,7 +221,9 @@ struct mon_table {
 #define MON_PERMIT      0x1000  /* Request is permitted */
 
 struct mon_table mon_dispatch_proto20[] = {
+#ifdef WITH_OPENSSL
     {MONITOR_REQ_MODULI, MON_ONCE, mm_answer_moduli},
+#endif
     {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign},
     {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow},
     {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv},
@@ -252,7 +260,9 @@ struct mon_table mon_dispatch_proto20[] = {
 };
 
 struct mon_table mon_dispatch_postauth20[] = {
+#ifdef WITH_OPENSSL
     {MONITOR_REQ_MODULI, 0, mm_answer_moduli},
+#endif
     {MONITOR_REQ_SIGN, 0, mm_answer_sign},
     {MONITOR_REQ_PTY, 0, mm_answer_pty},
     {MONITOR_REQ_PTYCLEANUP, 0, mm_answer_pty_cleanup},
@@ -265,6 +275,7 @@ struct mon_table mon_dispatch_postauth20[] = {
 };
 
 struct mon_table mon_dispatch_proto15[] = {
+#ifdef WITH_SSH1
     {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow},
     {MONITOR_REQ_SESSKEY, MON_ONCE, mm_answer_sesskey},
     {MONITOR_REQ_SESSID, MON_ONCE, mm_answer_sessid},
@@ -292,10 +303,12 @@ struct mon_table mon_dispatch_proto15[] = {
 #ifdef SSH_AUDIT_EVENTS
     {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
 #endif
+#endif /* WITH_SSH1 */
     {0, 0, NULL}
 };
 
 struct mon_table mon_dispatch_postauth15[] = {
+#ifdef WITH_SSH1
     {MONITOR_REQ_PTY, MON_ONCE, mm_answer_pty},
     {MONITOR_REQ_PTYCLEANUP, MON_ONCE, mm_answer_pty_cleanup},
     {MONITOR_REQ_TERM, 0, mm_answer_term},
@@ -303,6 +316,7 @@ struct mon_table mon_dispatch_postauth15[] = {
     {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
     {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT|MON_ONCE, mm_answer_audit_command},
 #endif
+#endif /* WITH_SSH1 */
     {0, 0, NULL}
 };
 
@@ -457,6 +471,9 @@ monitor_child_postauth(struct monitor *pmonitor)
         signal(SIGHUP, &monitor_child_handler);
         signal(SIGTERM, &monitor_child_handler);
         signal(SIGINT, &monitor_child_handler);
+#ifdef SIGXFSZ
+        signal(SIGXFSZ, SIG_IGN);
+#endif
 
         if (compat20) {
                 mon_dispatch = mon_dispatch_postauth20;
@@ -630,6 +647,7 @@ monitor_reset_key_state(void)
         hostbased_chost = NULL;
 }
 
+#ifdef WITH_OPENSSL
 int
 mm_answer_moduli(int sock, Buffer *m)
 {
@@ -664,6 +682,7 @@ mm_answer_moduli(int sock, Buffer *m)
         mm_request_send(sock, MONITOR_ANS_MODULI, m);
         return (0);
 }
+#endif
 
 extern AuthenticationConnection *auth_conn;
 
@@ -1166,6 +1185,7 @@ mm_answer_keyallowed(int sock, Buffer *m)
                             cuser, chost);
                         auth_method = "hostbased";
                         break;
+#ifdef WITH_SSH1
                 case MM_RSAHOSTKEY:
                         key->type = KEY_RSA1; /* XXX */
                         allowed = options.rhosts_rsa_authentication &&
@@ -1175,6 +1195,7 @@ mm_answer_keyallowed(int sock, Buffer *m)
                                 auth_clear_options();
                         auth_method = "rsa";
                         break;
+#endif
                 default:
                         fatal("%s: unknown key type %d", __func__, type);
                         break;
@@ -1511,6 +1532,7 @@ mm_answer_pty_cleanup(int sock, Buffer *m)
         return (0);
 }
 
+#ifdef WITH_SSH1
 int
 mm_answer_sesskey(int sock, Buffer *m)
 {
@@ -1688,6 +1710,7 @@ mm_answer_rsa_response(int sock, Buffer *m)
 
         return (success);
 }
+#endif
 
 int
 mm_answer_term(int sock, Buffer *req)
@@ -1792,6 +1815,8 @@ monitor_apply_keystate(struct monitor *pmonitor)
         if (options.compression)
                 mm_init_compression(pmonitor->m_zlib);
 
+        packet_set_postauth();
+
         if (options.rekey_limit || options.rekey_interval)
                 packet_set_rekey_limits((u_int32_t)options.rekey_limit,
                     (time_t)options.rekey_interval);
@@ -1828,11 +1853,13 @@ mm_get_kex(Buffer *m)
             timingsafe_bcmp(kex->session_id, session_id2, session_id2_len) != 0)
                 fatal("mm_get_get: internal error: bad session id");
         kex->we_need = buffer_get_int(m);
+#ifdef WITH_OPENSSL
         kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;
         kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server;
         kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
         kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
         kex->kex[KEX_ECDH_SHA2] = kexecdh_server;
+#endif
         kex->kex[KEX_C25519_SHA256] = kexc25519_server;
         kex->server = 1;
         kex->hostkey_type = buffer_get_int(m);