diff options
author | djm@openbsd.org <djm@openbsd.org> | 2015-07-30 00:01:34 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2015-07-30 12:32:16 +1000 |
commit | f9eca249d4961f28ae4b09186d7dc91de74b5895 (patch) | |
tree | f4c86ae2043499a6ed7f8c736f0cd5e1f483102c /sshconnect2.c | |
parent | 5cefe769105a2a2e3ca7479d28d9a325d5ef0163 (diff) |
upstream commit
Allow ssh_config and sshd_config kex parameters options be
prefixed by a '+' to indicate that the specified items be appended to the
default rather than replacing it.
approach suggested by dtucker@, feedback dlg@, ok markus@
Upstream-ID: 0f901137298fc17095d5756ff1561a7028e8882a
Diffstat (limited to 'sshconnect2.c')
-rw-r--r-- | sshconnect2.c | 33 |
1 files changed, 12 insertions, 21 deletions
diff --git a/sshconnect2.c b/sshconnect2.c index 34dbf9a77..775103185 100644 --- a/sshconnect2.c +++ b/sshconnect2.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshconnect2.c,v 1.225 2015/07/10 06:21:53 markus Exp $ */ | 1 | /* $OpenBSD: sshconnect2.c,v 1.226 2015/07/30 00:01:34 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * Copyright (c) 2008 Damien Miller. All rights reserved. | 4 | * Copyright (c) 2008 Damien Miller. All rights reserved. |
@@ -163,18 +163,12 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) | |||
163 | xxx_host = host; | 163 | xxx_host = host; |
164 | xxx_hostaddr = hostaddr; | 164 | xxx_hostaddr = hostaddr; |
165 | 165 | ||
166 | if (options.ciphers == (char *)-1) { | 166 | myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal( |
167 | logit("No valid ciphers for protocol version 2 given, using defaults."); | 167 | options.kex_algorithms); |
168 | options.ciphers = NULL; | ||
169 | } | ||
170 | if (options.ciphers != NULL) { | ||
171 | myproposal[PROPOSAL_ENC_ALGS_CTOS] = | ||
172 | myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers; | ||
173 | } | ||
174 | myproposal[PROPOSAL_ENC_ALGS_CTOS] = | 168 | myproposal[PROPOSAL_ENC_ALGS_CTOS] = |
175 | compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_CTOS]); | 169 | compat_cipher_proposal(options.ciphers); |
176 | myproposal[PROPOSAL_ENC_ALGS_STOC] = | 170 | myproposal[PROPOSAL_ENC_ALGS_STOC] = |
177 | compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_STOC]); | 171 | compat_cipher_proposal(options.ciphers); |
178 | if (options.compression) { | 172 | if (options.compression) { |
179 | myproposal[PROPOSAL_COMP_ALGS_CTOS] = | 173 | myproposal[PROPOSAL_COMP_ALGS_CTOS] = |
180 | myproposal[PROPOSAL_COMP_ALGS_STOC] = "zlib@openssh.com,zlib,none"; | 174 | myproposal[PROPOSAL_COMP_ALGS_STOC] = "zlib@openssh.com,zlib,none"; |
@@ -182,14 +176,15 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) | |||
182 | myproposal[PROPOSAL_COMP_ALGS_CTOS] = | 176 | myproposal[PROPOSAL_COMP_ALGS_CTOS] = |
183 | myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib@openssh.com,zlib"; | 177 | myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib@openssh.com,zlib"; |
184 | } | 178 | } |
185 | if (options.macs != NULL) { | 179 | myproposal[PROPOSAL_MAC_ALGS_CTOS] = |
186 | myproposal[PROPOSAL_MAC_ALGS_CTOS] = | 180 | myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs; |
187 | myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs; | 181 | if (options.hostkeyalgorithms != NULL) { |
188 | } | 182 | if (kex_assemble_names(KEX_DEFAULT_PK_ALG, |
189 | if (options.hostkeyalgorithms != NULL) | 183 | &options.hostkeyalgorithms) != 0) |
184 | fatal("%s: kex_assemble_namelist", __func__); | ||
190 | myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = | 185 | myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = |
191 | compat_pkalg_proposal(options.hostkeyalgorithms); | 186 | compat_pkalg_proposal(options.hostkeyalgorithms); |
192 | else { | 187 | } else { |
193 | /* Enforce default */ | 188 | /* Enforce default */ |
194 | options.hostkeyalgorithms = xstrdup(KEX_DEFAULT_PK_ALG); | 189 | options.hostkeyalgorithms = xstrdup(KEX_DEFAULT_PK_ALG); |
195 | /* Prefer algorithms that we already have keys for */ | 190 | /* Prefer algorithms that we already have keys for */ |
@@ -197,10 +192,6 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) | |||
197 | compat_pkalg_proposal( | 192 | compat_pkalg_proposal( |
198 | order_hostkeyalgs(host, hostaddr, port)); | 193 | order_hostkeyalgs(host, hostaddr, port)); |
199 | } | 194 | } |
200 | if (options.kex_algorithms != NULL) | ||
201 | myproposal[PROPOSAL_KEX_ALGS] = options.kex_algorithms; | ||
202 | myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal( | ||
203 | myproposal[PROPOSAL_KEX_ALGS]); | ||
204 | 195 | ||
205 | if (options.rekey_limit || options.rekey_interval) | 196 | if (options.rekey_limit || options.rekey_interval) |
206 | packet_set_rekey_limits((u_int32_t)options.rekey_limit, | 197 | packet_set_rekey_limits((u_int32_t)options.rekey_limit, |