import openssh-5.2p1-gsskex-all-20090726.patch

1 files changed, 97 insertions, 54 deletions

diff --git a/readconf.c b/readconf.c
index 3aedd6f5a..484db3e5f 100644
--- a/readconf.c
+++ b/readconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.c,v 1.167 2008/06/26 11:46:31 grunk Exp $ */
+/* $OpenBSD: readconf.c,v 1.176 2009/02/12 03:00:56 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -127,12 +127,11 @@ typedef enum {
         oClearAllForwardings, oNoHostAuthenticationForLocalhost,
         oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
         oAddressFamily, oGssAuthentication, oGssDelegateCreds,
-        oGssKeyEx,
-        oGssTrustDns,
+        oGssTrustDns, oGssKeyEx, oGssClientIdentity, oGssRenewalRekey,
         oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
         oSendEnv, oControlPath, oControlMaster, oHashKnownHosts,
         oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,
-        oVisualHostKey,
+        oVisualHostKey, oZeroKnowledgePasswordAuthentication,
         oDeprecated, oUnsupported
 } OpCodes;
 
@@ -169,16 +168,20 @@ static struct {
         { "gssapikeyexchange", oGssKeyEx },
         { "gssapidelegatecredentials", oGssDelegateCreds },
         { "gssapitrustdns", oGssTrustDns },
+        { "gssapiclientidentity", oGssClientIdentity },
+        { "gssapirenewalforcesrekey", oGssRenewalRekey },
 #else
         { "gssapiauthentication", oUnsupported },
         { "gssapikeyexchange", oUnsupported },
         { "gssapidelegatecredentials", oUnsupported },
         { "gssapitrustdns", oUnsupported },
+        { "gssapiclientidentity", oUnsupported },
+        { "gssapirenewalforcesrekey", oUnsupported },
 #endif
         { "fallbacktorsh", oDeprecated },
         { "usersh", oDeprecated },
         { "identityfile", oIdentityFile },
-        { "identityfile2", oIdentityFile },                     /* alias */
+        { "identityfile2", oIdentityFile },                     /* obsolete */
         { "identitiesonly", oIdentitiesOnly },
         { "hostname", oHostName },
         { "hostkeyalias", oHostKeyAlias },
@@ -194,8 +197,8 @@ static struct {
         { "host", oHost },
         { "escapechar", oEscapeChar },
         { "globalknownhostsfile", oGlobalKnownHostsFile },
-        { "userknownhostsfile", oUserKnownHostsFile },          /* obsolete */
-        { "globalknownhostsfile2", oGlobalKnownHostsFile2 },
+        { "globalknownhostsfile2", oGlobalKnownHostsFile2 },    /* obsolete */
+        { "userknownhostsfile", oUserKnownHostsFile },
         { "userknownhostsfile2", oUserKnownHostsFile2 },        /* obsolete */
         { "connectionattempts", oConnectionAttempts },
         { "batchmode", oBatchMode },
@@ -234,6 +237,13 @@ static struct {
         { "localcommand", oLocalCommand },
         { "permitlocalcommand", oPermitLocalCommand },
         { "visualhostkey", oVisualHostKey },
+#ifdef JPAKE
+        { "zeroknowledgepasswordauthentication",
+            oZeroKnowledgePasswordAuthentication },
+#else
+        { "zeroknowledgepasswordauthentication", oUnsupported },
+#endif
+
         { NULL, oBadOption }
 };
 
@@ -255,10 +265,9 @@ add_local_forward(Options *options, const Forward *newfwd)
                 fatal("Too many local forwards (max %d).", SSH_MAX_FORWARDS_PER_DIRECTION);
         fwd = &options->local_forwards[options->num_local_forwards++];
 
-        fwd->listen_host = (newfwd->listen_host == NULL) ?
-            NULL : xstrdup(newfwd->listen_host);
+        fwd->listen_host = newfwd->listen_host;
         fwd->listen_port = newfwd->listen_port;
-        fwd->connect_host = xstrdup(newfwd->connect_host);
+        fwd->connect_host = newfwd->connect_host;
         fwd->connect_port = newfwd->connect_port;
 }
 
@@ -276,10 +285,9 @@ add_remote_forward(Options *options, const Forward *newfwd)
                     SSH_MAX_FORWARDS_PER_DIRECTION);
         fwd = &options->remote_forwards[options->num_remote_forwards++];
 
-        fwd->listen_host = (newfwd->listen_host == NULL) ?
-            NULL : xstrdup(newfwd->listen_host);
+        fwd->listen_host = newfwd->listen_host;
         fwd->listen_port = newfwd->listen_port;
-        fwd->connect_host = xstrdup(newfwd->connect_host);
+        fwd->connect_host = newfwd->connect_host;
         fwd->connect_port = newfwd->connect_port;
 }
 
@@ -418,6 +426,10 @@ parse_flag:
                 intptr = &options->password_authentication;
                 goto parse_flag;
 
+        case oZeroKnowledgePasswordAuthentication:
+                intptr = &options->zero_knowledge_password_authentication;
+                goto parse_flag;
+
         case oKbdInteractiveAuthentication:
                 intptr = &options->kbd_interactive_authentication;
                 goto parse_flag;
@@ -451,7 +463,7 @@ parse_flag:
                 goto parse_flag;
 
         case oGssKeyEx:
-                intptr = &options->gss_keyex;
+                intptr = &options->gss_keyex;
                 goto parse_flag;
 
         case oGssDelegateCreds:
@@ -462,6 +474,14 @@ parse_flag:
                 intptr = &options->gss_trust_dns;
                 goto parse_flag;
 
+        case oGssClientIdentity:
+                charptr = &options->gss_client_identity;
+                goto parse_string;
+
+        case oGssRenewalRekey:
+                intptr = &options->gss_renewal_rekey;
+                goto parse_flag;
+
         case oBatchMode:
                 intptr = &options->batch_mode;
                 goto parse_flag;
@@ -720,56 +740,40 @@ parse_int:
 
         case oLocalForward:
         case oRemoteForward:
+        case oDynamicForward:
                 arg = strdelim(&s);
                 if (arg == NULL || *arg == '\0')
                         fatal("%.200s line %d: Missing port argument.",
                             filename, linenum);
-                arg2 = strdelim(&s);
-                if (arg2 == NULL || *arg2 == '\0')
-                        fatal("%.200s line %d: Missing target argument.",
-                            filename, linenum);
 
-                /* construct a string for parse_forward */
-                snprintf(fwdarg, sizeof(fwdarg), "%s:%s", arg, arg2);
+                if (opcode == oLocalForward ||
+                    opcode == oRemoteForward) {
+                        arg2 = strdelim(&s);
+                        if (arg2 == NULL || *arg2 == '\0')
+                                fatal("%.200s line %d: Missing target argument.",
+                                    filename, linenum);
+
+                        /* construct a string for parse_forward */
+                        snprintf(fwdarg, sizeof(fwdarg), "%s:%s", arg, arg2);
+                } else if (opcode == oDynamicForward) {
+                        strlcpy(fwdarg, arg, sizeof(fwdarg));
+                }
 
-                if (parse_forward(&fwd, fwdarg) == 0)
+                if (parse_forward(&fwd, fwdarg,
+                    opcode == oDynamicForward ? 1 : 0,
+                    opcode == oRemoteForward ? 1 : 0) == 0)
                         fatal("%.200s line %d: Bad forwarding specification.",
                             filename, linenum);
 
                 if (*activep) {
-                        if (opcode == oLocalForward)
+                        if (opcode == oLocalForward ||
+                            opcode == oDynamicForward)
                                 add_local_forward(options, &fwd);
                         else if (opcode == oRemoteForward)
                                 add_remote_forward(options, &fwd);
                 }
                 break;
 
-        case oDynamicForward:
-                arg = strdelim(&s);
-                if (!arg || *arg == '\0')
-                        fatal("%.200s line %d: Missing port argument.",
-                            filename, linenum);
-                memset(&fwd, '\0', sizeof(fwd));
-                fwd.connect_host = "socks";
-                fwd.listen_host = hpdelim(&arg);
-                if (fwd.listen_host == NULL ||
-                    strlen(fwd.listen_host) >= NI_MAXHOST)
-                        fatal("%.200s line %d: Bad forwarding specification.",
-                            filename, linenum);
-                if (arg) {
-                        fwd.listen_port = a2port(arg);
-                        fwd.listen_host = cleanhostname(fwd.listen_host);
-                } else {
-                        fwd.listen_port = a2port(fwd.listen_host);
-                        fwd.listen_host = NULL;
-                }
-                if (fwd.listen_port == 0)
-                        fatal("%.200s line %d: Badly formatted port number.",
-                            filename, linenum);
-                if (*activep)
-                        add_local_forward(options, &fwd);
-                break;
-
         case oClearAllForwardings:
                 intptr = &options->clear_forwardings;
                 goto parse_flag;
@@ -973,7 +977,6 @@ read_config_file(const char *filename, const char *host, Options *options,
         int active, linenum;
         int bad_options = 0;
 
-        /* Open the file. */
         if ((f = fopen(filename, "r")) == NULL)
                 return 0;
 
@@ -1033,6 +1036,8 @@ initialize_options(Options * options)
         options->gss_keyex = -1;
         options->gss_deleg_creds = -1;
         options->gss_trust_dns = -1;
+        options->gss_renewal_rekey = -1;
+        options->gss_client_identity = NULL;
         options->password_authentication = -1;
         options->kbd_interactive_authentication = -1;
         options->kbd_interactive_devices = NULL;
@@ -1088,6 +1093,7 @@ initialize_options(Options * options)
         options->local_command = NULL;
         options->permit_local_command = -1;
         options->visual_host_key = -1;
+        options->zero_knowledge_password_authentication = -1;
 }
 
 /*
@@ -1128,6 +1134,8 @@ fill_default_options(Options * options)
                 options->gss_deleg_creds = 0;
         if (options->gss_trust_dns == -1)
                 options->gss_trust_dns = 0;
+        if (options->gss_renewal_rekey == -1)
+                options->gss_renewal_rekey = 0;
         if (options->password_authentication == -1)
                 options->password_authentication = 1;
         if (options->kbd_interactive_authentication == -1)
@@ -1228,6 +1236,8 @@ fill_default_options(Options * options)
                 options->permit_local_command = 0;
         if (options->visual_host_key == -1)
                 options->visual_host_key = 0;
+        if (options->zero_knowledge_password_authentication == -1)
+                options->zero_knowledge_password_authentication = 0;
         /* options->local_command should not be set by default */
         /* options->proxy_command should not be set by default */
         /* options->user will be set in the main program if appropriate */
@@ -1239,11 +1249,14 @@ fill_default_options(Options * options)
 /*
  * parse_forward
  * parses a string containing a port forwarding specification of the form:
+ *   dynamicfwd == 0
  *      [listenhost:]listenport:connecthost:connectport
+ *   dynamicfwd == 1
+ *      [listenhost:]listenport
  * returns number of arguments parsed or zero on error
  */
 int
-parse_forward(Forward *fwd, const char *fwdspec)
+parse_forward(Forward *fwd, const char *fwdspec, int dynamicfwd, int remotefwd)
 {
         int i;
         char *p, *cp, *fwdarg[4];
@@ -1260,11 +1273,23 @@ parse_forward(Forward *fwd, const char *fwdspec)
                 if ((fwdarg[i] = hpdelim(&cp)) == NULL)
                         break;
 
-        /* Check for trailing garbage in 4-arg case*/
+        /* Check for trailing garbage */
         if (cp != NULL)
                 i = 0;  /* failure */
 
         switch (i) {
+        case 1:
+                fwd->listen_host = NULL;
+                fwd->listen_port = a2port(fwdarg[0]);
+                fwd->connect_host = xstrdup("socks");
+                break;
+
+        case 2:
+                fwd->listen_host = xstrdup(cleanhostname(fwdarg[0]));
+                fwd->listen_port = a2port(fwdarg[1]);
+                fwd->connect_host = xstrdup("socks");
+                break;
+
         case 3:
                 fwd->listen_host = NULL;
                 fwd->listen_port = a2port(fwdarg[0]);
@@ -1284,19 +1309,37 @@ parse_forward(Forward *fwd, const char *fwdspec)
 
         xfree(p);
 
-        if (fwd->listen_port == 0 || fwd->connect_port == 0)
+        if (dynamicfwd) {
+                if (!(i == 1 || i == 2))
+                        goto fail_free;
+        } else {
+                if (!(i == 3 || i == 4))
+                        goto fail_free;
+                if (fwd->connect_port <= 0)
+                        goto fail_free;
+        }
+
+        if (fwd->listen_port < 0 || (!remotefwd && fwd->listen_port == 0))
                 goto fail_free;
 
         if (fwd->connect_host != NULL &&
             strlen(fwd->connect_host) >= NI_MAXHOST)
                 goto fail_free;
+        if (fwd->listen_host != NULL &&
+            strlen(fwd->listen_host) >= NI_MAXHOST)
+                goto fail_free;
+
 
         return (i);
 
  fail_free:
-        if (fwd->connect_host != NULL)
+        if (fwd->connect_host != NULL) {
                 xfree(fwd->connect_host);
-        if (fwd->listen_host != NULL)
+                fwd->connect_host = NULL;
+        }
+        if (fwd->listen_host != NULL) {
                 xfree(fwd->listen_host);
+                fwd->listen_host = NULL;
+        }
         return (0);
 }