* New upstream release (LP: #535029).

- After a transition period of about 10 years, this release disables SSH protocol 1 by default. Clients and servers that need to use the legacy protocol must explicitly enable it in ssh_config / sshd_config or on the command-line. - Remove the libsectok/OpenSC-based smartcard code and add support for PKCS#11 tokens. This support is enabled by default in the Debian packaging, since it now doesn't involve additional library dependencies (closes: #231472, LP: #16918). - Add support for certificate authentication of users and hosts using a new, minimal OpenSSH certificate format (closes: #482806). - Added a 'netcat mode' to ssh(1): "ssh -W host:port ...". - Add the ability to revoke keys in sshd(8) and ssh(1). (For the Debian package, this overlaps with the key blacklisting facility added in openssh 1:4.7p1-9, but with different file formats and slightly different scopes; for the moment, I've roughly merged the two.) - Various multiplexing improvements, including support for requesting port-forwardings via the multiplex protocol (closes: #360151). - Allow setting an explicit umask on the sftp-server(8) commandline to override whatever default the user has (closes: #496843). - Many sftp client improvements, including tab-completion, more options, and recursive transfer support for get/put (LP: #33378). The old mget/mput commands never worked properly and have been removed (closes: #270399, #428082). - Do not prompt for a passphrase if we fail to open a keyfile, and log the reason why the open failed to debug (closes: #431538). - Prevent sftp from crashing when given a "-" without a command. Also, allow whitespace to follow a "-" (closes: #531561).
author: Colin Watson <cjwatson@debian.org> 2010-03-31 10:46:28 +0100
committer: Colin Watson <cjwatson@debian.org> 2010-03-31 10:46:28 +0100
commit: efd3d4522636ae029488c2e9730b60c88e257d2e (patch)
tree: 31e02ac3f16090ce8c53448677356b2b7f423683 /sshconnect2.c
parent: bbec4db36d464ea1d464a707625125f9fd5c7b5e (diff)
parent: d1a87e462e1db89f19cd960588d0c6b287cb5ccc (diff)
1 files changed, 43 insertions, 20 deletions
diff --git a/sshconnect2.c b/sshconnect2.c
index bc8d206ae..f10f6bf8c 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect2.c,v 1.171 2009/03/05 07:18:19 djm Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.180 2010/02/26 20:29:54 djm Exp $ */
 /*
 * Copyright (c) 2000 Markus Friedl.  All rights reserved.
 * Copyright (c) 2008 Damien Miller.  All rights reserved.
@@ -32,6 +32,7 @@
 #include <sys/stat.h>
 #include <errno.h>
+#include <fcntl.h>
 #include <netdb.h>
 #include <pwd.h>
 #include <signal.h>
@@ -204,6 +205,11 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
        dispatch_run(DISPATCH_BLOCK, &kex->done, kex);
+        if (options.use_roaming && !kex->roaming) {
+                debug("Roaming not allowed by server");
+                options.use_roaming = 0;
+        }
        session_id2 = kex->session_id;
        session_id2_len = kex->session_id_len;
@@ -262,6 +268,7 @@ struct Authmethod {
 };
 void    input_userauth_success(int, u_int32_t, void *);
+void    input_userauth_success_unexpected(int, u_int32_t, void *);
 void    input_userauth_failure(int, u_int32_t, void *);
 void    input_userauth_banner(int, u_int32_t, void *);
 void    input_userauth_error(int, u_int32_t, void *);
@@ -485,12 +492,15 @@ void
 input_userauth_success(int type, u_int32_t seq, void *ctxt)
 {
        Authctxt *authctxt = ctxt;
        if (authctxt == NULL)
                fatal("input_userauth_success: no authentication context");
        if (authctxt->authlist) {
                xfree(authctxt->authlist);
                authctxt->authlist = NULL;
        }
+        if (authctxt->method != NULL && authctxt->method->cleanup != NULL)
+                authctxt->method->cleanup(authctxt);
        if (authctxt->methoddata) {
                xfree(authctxt->methoddata);
                authctxt->methoddata = NULL;
@@ -498,6 +508,18 @@ input_userauth_success(int type, u_int32_t seq, void *ctxt)
        authctxt->success = 1;                  /* break out */
 }
+void
+input_userauth_success_unexpected(int type, u_int32_t seq, void *ctxt)
+{
+        Authctxt *authctxt = ctxt;
+        if (authctxt == NULL)
+                fatal("%s: no authentication context", __func__);
+        fatal("Unexpected authentication success during %s.",
+            authctxt->method->name);
+}
 /* ARGSUSED */
 void
 input_userauth_failure(int type, u_int32_t seq, void *ctxt)
@@ -892,6 +914,8 @@ userauth_passwd(Authctxt *authctxt)
        static int attempt = 0;
        char prompt[150];
        char *password;
+        const char *host = options.host_key_alias ?  options.host_key_alias :
+            authctxt->host;
        if (attempt++ >= options.number_of_password_prompts)
                return 0;
@@ -900,7 +924,7 @@ userauth_passwd(Authctxt *authctxt)
                error("Permission denied, please try again.");
        snprintf(prompt, sizeof(prompt), "%.30s@%.128s's password: ",
-            authctxt->server_user, authctxt->host);
+            authctxt->server_user, host);
        password = read_passphrase(prompt, 0);
        packet_start(SSH2_MSG_USERAUTH_REQUEST);
        packet_put_cstring(authctxt->server_user);
@@ -929,6 +953,8 @@ input_userauth_passwd_changereq(int type, u_int32_t seqnr, void *ctxt)
        Authctxt *authctxt = ctxt;
        char *info, *lang, *password = NULL, *retype = NULL;
        char prompt[150];
+        const char *host = options.host_key_alias ? options.host_key_alias :
+            authctxt->host;
        debug2("input_userauth_passwd_changereq");
@@ -949,7 +975,7 @@ input_userauth_passwd_changereq(int type, u_int32_t seqnr, void *ctxt)
        packet_put_char(1);                     /* additional info */
        snprintf(prompt, sizeof(prompt),
            "Enter %.30s@%.128s's old password: ",
-            authctxt->server_user, authctxt->host);
+            authctxt->server_user, host);
        password = read_passphrase(prompt, 0);
        packet_put_cstring(password);
        memset(password, 0, strlen(password));
@@ -958,7 +984,7 @@ input_userauth_passwd_changereq(int type, u_int32_t seqnr, void *ctxt)
        while (password == NULL) {
                snprintf(prompt, sizeof(prompt),
                    "Enter %.30s@%.128s's new password: ",
-                    authctxt->server_user, authctxt->host);
+                    authctxt->server_user, host);
                password = read_passphrase(prompt, RP_ALLOW_EOF);
                if (password == NULL) {
                        /* bail out */
@@ -966,7 +992,7 @@ input_userauth_passwd_changereq(int type, u_int32_t seqnr, void *ctxt)
                }
                snprintf(prompt, sizeof(prompt),
                    "Retype %.30s@%.128s's new password: ",
-                    authctxt->server_user, authctxt->host);
+                    authctxt->server_user, host);
                retype = read_passphrase(prompt, 0);
                if (strcmp(password, retype) != 0) {
                        memset(password, 0, strlen(password));
@@ -1334,7 +1360,7 @@ load_identity_file(char *filename)
 {
        Key *private;
        char prompt[300], *passphrase;
-        int perm_ok, quit, i;
+        int perm_ok = 0, quit, i;
        struct stat st;
        if (stat(filename, &st) < 0) {
@@ -1397,6 +1423,8 @@ pubkey_prepare(Authctxt *authctxt)
                key = options.identity_keys[i];
                if (key && key->type == KEY_RSA1)
                        continue;
+                if (key && key->cert && key->cert->type != SSH2_CERT_TYPE_USER)
+                        continue;
                options.identity_keys[i] = NULL;
                id = xcalloc(1, sizeof(*id));
                id->key = key;
@@ -1600,7 +1628,7 @@ ssh_keysign(Key *key, u_char **sigp, u_int *lenp,
        debug2("ssh_keysign called");
        if (stat(_PATH_SSH_KEY_SIGN, &st) < 0) {
-                error("ssh_keysign: no installed: %s", strerror(errno));
+                error("ssh_keysign: not installed: %s", strerror(errno));
                return -1;
        }
        if (fflush(stdout) != 0)
@@ -1618,6 +1646,8 @@ ssh_keysign(Key *key, u_char **sigp, u_int *lenp,
                return -1;
        }
        if (pid == 0) {
+                /* keep the socket on exec */
+                fcntl(packet_get_connection_in(), F_SETFD, 0);
                permanently_drop_suid(getuid());
                close(from[0]);
                if (dup2(from[1], STDOUT_FILENO) < 0)
@@ -1670,10 +1700,10 @@ userauth_hostbased(Authctxt *authctxt)
        Sensitive *sensitive = authctxt->sensitive;
        Buffer b;
        u_char *signature, *blob;
-        char *chost, *pkalg, *p, myname[NI_MAXHOST];
+        char *chost, *pkalg, *p;
        const char *service;
        u_int blen, slen;
-        int ok, i, len, found = 0;
+        int ok, i, found = 0;
        /* check for a useful key */
        for (i = 0; i < sensitive->nkeys; i++) {
@@ -1694,23 +1724,13 @@ userauth_hostbased(Authctxt *authctxt)
                return 0;
        }
        /* figure out a name for the client host */
-        p = NULL;
+        p = get_local_name(packet_get_connection_in());
-        if (packet_connection_is_on_socket())
-                p = get_local_name(packet_get_connection_in());
-        if (p == NULL) {
-                if (gethostname(myname, sizeof(myname)) == -1) {
-                        verbose("userauth_hostbased: gethostname: %s", 
-                            strerror(errno));
-                } else
-                        p = xstrdup(myname);
-        }
        if (p == NULL) {
                error("userauth_hostbased: cannot get local ipaddr/name");
                key_free(private);
                xfree(blob);
                return 0;
        }
-        len = strlen(p) + 2;
        xasprintf(&chost, "%s.", p);
        debug2("userauth_hostbased: chost %s", chost);
        xfree(p);
@@ -1821,6 +1841,8 @@ userauth_jpake(Authctxt *authctxt)
        /* Expect step 1 packet from peer */
        dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_STEP1,
            input_userauth_jpake_server_step1);
+        dispatch_set(SSH2_MSG_USERAUTH_SUCCESS,
+            &input_userauth_success_unexpected);
        return 1;
 }
@@ -1833,6 +1855,7 @@ userauth_jpake_cleanup(Authctxt *authctxt)
                jpake_free(authctxt->methoddata);
                authctxt->methoddata = NULL;
        }
+        dispatch_set(SSH2_MSG_USERAUTH_SUCCESS, &input_userauth_success);
 }
 #endif /* JPAKE */
author	Colin Watson <cjwatson@debian.org>	2010-03-31 10:46:28 +0100
committer	Colin Watson <cjwatson@debian.org>	2010-03-31 10:46:28 +0100
commit	efd3d4522636ae029488c2e9730b60c88e257d2e (patch)
tree	31e02ac3f16090ce8c53448677356b2b7f423683 /sshconnect2.c
parent	bbec4db36d464ea1d464a707625125f9fd5c7b5e (diff)
parent	d1a87e462e1db89f19cd960588d0c6b287cb5ccc (diff)