diff options
author | Colin Watson <cjwatson@debian.org> | 2007-12-24 10:29:57 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2007-12-24 10:29:57 +0000 |
commit | c3e531b12b2335b7fa5a6bcc9a309d3c523ff64b (patch) | |
tree | b72c0867348e7e7914d64af6fc5e25c728922e03 /ssh.c | |
parent | 6b222fdf3cb54c11a446df38e027fe7acf2220cb (diff) | |
parent | 70847d299887abb96f8703ca99db6d817b78960e (diff) |
* New upstream release (closes: #453367).
- CVE-2007-4752: Prevent ssh(1) from using a trusted X11 cookie if
creation of an untrusted cookie fails; found and fixed by Jan Pechanec
(closes: #444738).
- sshd(8) in new installations defaults to SSH Protocol 2 only. Existing
installations are unchanged.
- The SSH channel window size has been increased, and both ssh(1)
sshd(8) now send window updates more aggressively. These improves
performance on high-BDP (Bandwidth Delay Product) networks.
- ssh(1) and sshd(8) now preserve MAC contexts between packets, which
saves 2 hash calls per packet and results in 12-16% speedup for
arcfour256/hmac-md5.
- A new MAC algorithm has been added, UMAC-64 (RFC4418) as
"umac-64@openssh.com". UMAC-64 has been measured to be approximately
20% faster than HMAC-MD5.
- Failure to establish a ssh(1) TunnelForward is now treated as a fatal
error when the ExitOnForwardFailure option is set.
- ssh(1) returns a sensible exit status if the control master goes away
without passing the full exit status.
- When using a ProxyCommand in ssh(1), set the outgoing hostname with
gethostname(2), allowing hostbased authentication to work.
- Make scp(1) skip FIFOs rather than hanging (closes: #246774).
- Encode non-printing characters in scp(1) filenames. These could cause
copies to be aborted with a "protocol error".
- Handle SIGINT in sshd(8) privilege separation child process to ensure
that wtmp and lastlog records are correctly updated.
- Report GSSAPI mechanism in errors, for libraries that support multiple
mechanisms.
- Improve documentation for ssh-add(1)'s -d option.
- Rearrange and tidy GSSAPI code, removing server-only code being linked
into the client.
- Delay execution of ssh(1)'s LocalCommand until after all forwardings
have been established.
- In scp(1), do not truncate non-regular files.
- Improve exit message from ControlMaster clients.
- Prevent sftp-server(8) from reading until it runs out of buffer space,
whereupon it would exit with a fatal error (closes: #365541).
- pam_end() was not being called if authentication failed
(closes: #405041).
- Manual page datestamps updated (closes: #433181).
Diffstat (limited to 'ssh.c')
-rw-r--r-- | ssh.c | 88 |
1 files changed, 45 insertions, 43 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh.c,v 1.295 2007/01/03 03:01:40 stevesk Exp $ */ | 1 | /* $OpenBSD: ssh.c,v 1.301 2007/08/07 07:32:53 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -327,6 +327,7 @@ main(int ac, char **av) | |||
327 | options.gss_deleg_creds = 0; | 327 | options.gss_deleg_creds = 0; |
328 | break; | 328 | break; |
329 | case 'K': | 329 | case 'K': |
330 | options.gss_authentication = 1; | ||
330 | options.gss_deleg_creds = 1; | 331 | options.gss_deleg_creds = 1; |
331 | break; | 332 | break; |
332 | case 'i': | 333 | case 'i': |
@@ -861,6 +862,17 @@ ssh_init_forwarding(void) | |||
861 | "forwarding."); | 862 | "forwarding."); |
862 | } | 863 | } |
863 | } | 864 | } |
865 | |||
866 | /* Initiate tunnel forwarding. */ | ||
867 | if (options.tun_open != SSH_TUNMODE_NO) { | ||
868 | if (client_request_tun_fwd(options.tun_open, | ||
869 | options.tun_local, options.tun_remote) == -1) { | ||
870 | if (options.exit_on_forward_failure) | ||
871 | fatal("Could not request tunnel forwarding."); | ||
872 | else | ||
873 | error("Could not request tunnel forwarding."); | ||
874 | } | ||
875 | } | ||
864 | } | 876 | } |
865 | 877 | ||
866 | static void | 878 | static void |
@@ -1123,33 +1135,6 @@ ssh_session2_setup(int id, void *arg) | |||
1123 | packet_send(); | 1135 | packet_send(); |
1124 | } | 1136 | } |
1125 | 1137 | ||
1126 | if (options.tun_open != SSH_TUNMODE_NO) { | ||
1127 | Channel *c; | ||
1128 | int fd; | ||
1129 | |||
1130 | debug("Requesting tun."); | ||
1131 | if ((fd = tun_open(options.tun_local, | ||
1132 | options.tun_open)) >= 0) { | ||
1133 | c = channel_new("tun", SSH_CHANNEL_OPENING, fd, fd, -1, | ||
1134 | CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, | ||
1135 | 0, "tun", 1); | ||
1136 | c->datagram = 1; | ||
1137 | #if defined(SSH_TUN_FILTER) | ||
1138 | if (options.tun_open == SSH_TUNMODE_POINTOPOINT) | ||
1139 | channel_register_filter(c->self, sys_tun_infilter, | ||
1140 | sys_tun_outfilter); | ||
1141 | #endif | ||
1142 | packet_start(SSH2_MSG_CHANNEL_OPEN); | ||
1143 | packet_put_cstring("tun@openssh.com"); | ||
1144 | packet_put_int(c->self); | ||
1145 | packet_put_int(c->local_window_max); | ||
1146 | packet_put_int(c->local_maxpacket); | ||
1147 | packet_put_int(options.tun_open); | ||
1148 | packet_put_int(options.tun_remote); | ||
1149 | packet_send(); | ||
1150 | } | ||
1151 | } | ||
1152 | |||
1153 | client_session2_setup(id, tty_flag, subsystem_flag, getenv("TERM"), | 1138 | client_session2_setup(id, tty_flag, subsystem_flag, getenv("TERM"), |
1154 | NULL, fileno(stdin), &command, environ, &ssh_subsystem_reply); | 1139 | NULL, fileno(stdin), &command, environ, &ssh_subsystem_reply); |
1155 | 1140 | ||
@@ -1209,7 +1194,6 @@ ssh_session2(void) | |||
1209 | 1194 | ||
1210 | /* XXX should be pre-session */ | 1195 | /* XXX should be pre-session */ |
1211 | ssh_init_forwarding(); | 1196 | ssh_init_forwarding(); |
1212 | ssh_control_listener(); | ||
1213 | 1197 | ||
1214 | if (!no_shell_flag || (datafellows & SSH_BUG_DUMMYCHAN)) | 1198 | if (!no_shell_flag || (datafellows & SSH_BUG_DUMMYCHAN)) |
1215 | id = ssh_session2_open(); | 1199 | id = ssh_session2_open(); |
@@ -1219,6 +1203,9 @@ ssh_session2(void) | |||
1219 | options.permit_local_command) | 1203 | options.permit_local_command) |
1220 | ssh_local_cmd(options.local_command); | 1204 | ssh_local_cmd(options.local_command); |
1221 | 1205 | ||
1206 | /* Start listening for multiplex clients */ | ||
1207 | ssh_control_listener(); | ||
1208 | |||
1222 | /* If requested, let ssh continue in the background. */ | 1209 | /* If requested, let ssh continue in the background. */ |
1223 | if (fork_after_authentication_flag) | 1210 | if (fork_after_authentication_flag) |
1224 | if (daemon(1, 1) < 0) | 1211 | if (daemon(1, 1) < 0) |
@@ -1315,7 +1302,7 @@ static void | |||
1315 | control_client(const char *path) | 1302 | control_client(const char *path) |
1316 | { | 1303 | { |
1317 | struct sockaddr_un addr; | 1304 | struct sockaddr_un addr; |
1318 | int i, r, fd, sock, exitval, num_env, addr_len; | 1305 | int i, r, fd, sock, exitval[2], num_env, addr_len; |
1319 | Buffer m; | 1306 | Buffer m; |
1320 | char *term; | 1307 | char *term; |
1321 | extern char **environ; | 1308 | extern char **environ; |
@@ -1464,29 +1451,44 @@ control_client(const char *path) | |||
1464 | if (tty_flag) | 1451 | if (tty_flag) |
1465 | enter_raw_mode(); | 1452 | enter_raw_mode(); |
1466 | 1453 | ||
1467 | /* Stick around until the controlee closes the client_fd */ | 1454 | /* |
1468 | exitval = 0; | 1455 | * Stick around until the controlee closes the client_fd. |
1469 | for (;!control_client_terminate;) { | 1456 | * Before it does, it is expected to write this process' exit |
1470 | r = read(sock, &exitval, sizeof(exitval)); | 1457 | * value (one int). This process must read the value and wait for |
1458 | * the closure of the client_fd; if this one closes early, the | ||
1459 | * multiplex master will terminate early too (possibly losing data). | ||
1460 | */ | ||
1461 | exitval[0] = 0; | ||
1462 | for (i = 0; !control_client_terminate && i < (int)sizeof(exitval);) { | ||
1463 | r = read(sock, (char *)exitval + i, sizeof(exitval) - i); | ||
1471 | if (r == 0) { | 1464 | if (r == 0) { |
1472 | debug2("Received EOF from master"); | 1465 | debug2("Received EOF from master"); |
1473 | break; | 1466 | break; |
1474 | } | 1467 | } |
1475 | if (r > 0) | 1468 | if (r == -1) { |
1476 | debug2("Received exit status from master %d", exitval); | 1469 | if (errno == EINTR) |
1477 | if (r == -1 && errno != EINTR) | 1470 | continue; |
1478 | fatal("%s: read %s", __func__, strerror(errno)); | 1471 | fatal("%s: read %s", __func__, strerror(errno)); |
1472 | } | ||
1473 | i += r; | ||
1479 | } | 1474 | } |
1480 | 1475 | ||
1481 | if (control_client_terminate) | ||
1482 | debug2("Exiting on signal %d", control_client_terminate); | ||
1483 | |||
1484 | close(sock); | 1476 | close(sock); |
1485 | |||
1486 | leave_raw_mode(); | 1477 | leave_raw_mode(); |
1478 | if (i > (int)sizeof(int)) | ||
1479 | fatal("%s: master returned too much data (%d > %lu)", | ||
1480 | __func__, i, sizeof(int)); | ||
1481 | if (control_client_terminate) { | ||
1482 | debug2("Exiting on signal %d", control_client_terminate); | ||
1483 | exitval[0] = 255; | ||
1484 | } else if (i < (int)sizeof(int)) { | ||
1485 | debug2("Control master terminated unexpectedly"); | ||
1486 | exitval[0] = 255; | ||
1487 | } else | ||
1488 | debug2("Received exit status from master %d", exitval[0]); | ||
1487 | 1489 | ||
1488 | if (tty_flag && options.log_level > SYSLOG_LEVEL_QUIET) | 1490 | if (tty_flag && options.log_level > SYSLOG_LEVEL_QUIET) |
1489 | fprintf(stderr, "Connection to master closed.\r\n"); | 1491 | fprintf(stderr, "Shared connection to %s closed.\r\n", host); |
1490 | 1492 | ||
1491 | exit(exitval); | 1493 | exit(exitval[0]); |
1492 | } | 1494 | } |