summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog3214
-rw-r--r--INSTALL3
-rw-r--r--Makefile.in19
-rw-r--r--README2
-rw-r--r--auth-pam.c2
-rw-r--r--auth2-pubkey.c23
-rw-r--r--auth2.c12
-rw-r--r--channels.c81
-rw-r--r--channels.h5
-rw-r--r--clientloop.c29
-rw-r--r--compat.c48
-rw-r--r--config.h.in3
-rwxr-xr-xconfigure143
-rw-r--r--configure.ac65
-rw-r--r--contrib/cygwin/ssh-host-config43
-rw-r--r--contrib/redhat/openssh.spec2
-rw-r--r--contrib/suse/openssh.spec2
-rw-r--r--digest-openssl.c4
-rw-r--r--hostfile.c19
-rw-r--r--kex.c41
-rw-r--r--krl.c7
-rw-r--r--log.c5
-rw-r--r--match.c46
-rw-r--r--match.h3
-rw-r--r--misc.c17
-rw-r--r--monitor.c7
-rw-r--r--mux.c7
-rw-r--r--openbsd-compat/bsd-misc.c8
-rw-r--r--openbsd-compat/bsd-misc.h4
-rw-r--r--openbsd-compat/fmt_scaled.c34
-rw-r--r--packet.c80
-rw-r--r--packet.h9
-rw-r--r--pathnames.h9
-rw-r--r--readconf.c104
-rw-r--r--regress/Makefile1
-rw-r--r--regress/agent-getpeereid.sh8
-rw-r--r--regress/allow-deny-users.sh2
-rw-r--r--regress/cert-file.sh53
-rw-r--r--regress/forwarding.sh44
-rw-r--r--regress/integrity.sh5
-rw-r--r--regress/test-exec.sh4
-rw-r--r--regress/unittests/Makefile7
-rw-r--r--regress/unittests/conversion/Makefile10
-rw-r--r--regress/unittests/conversion/tests.c51
-rw-r--r--regress/unittests/match/tests.c21
-rw-r--r--regress/unittests/test_helper/test_helper.c13
-rw-r--r--regress/unittests/test_helper/test_helper.h17
-rw-r--r--regress/unittests/utf8/tests.c65
-rw-r--r--sandbox-seccomp-filter.c110
-rw-r--r--servconf.c35
-rw-r--r--serverloop.c36
-rw-r--r--sftp-client.c13
-rw-r--r--sftp.c40
-rw-r--r--ssh-agent.c18
-rw-r--r--ssh-keygen.c42
-rw-r--r--ssh-keyscan.c20
-rw-r--r--ssh.c10
-rw-r--r--ssh_config.033
-rw-r--r--ssh_config.530
-rw-r--r--sshconnect.c4
-rw-r--r--sshconnect1.c8
-rw-r--r--sshconnect2.c77
-rw-r--r--sshd.06
-rw-r--r--sshd.86
-rw-r--r--sshd.c24
-rw-r--r--sshd_config3
-rw-r--r--sshd_config.043
-rw-r--r--sshd_config.550
-rw-r--r--sshkey.c64
-rw-r--r--sshkey.h4
-rw-r--r--utf8.c6
-rw-r--r--version.h4
72 files changed, 2471 insertions, 2616 deletions
diff --git a/ChangeLog b/ChangeLog
index d48aba33c..48f648d78 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,1174 @@
1commit d38f05dbdd291212bc95ea80648b72b7177e9f4e
2Author: Darren Tucker <dtucker@zip.com.au>
3Date: Mon Mar 20 13:38:27 2017 +1100
4
5 Add llabs() implementation.
6
7commit 72536316a219b7394996a74691a5d4ec197480f7
8Author: Damien Miller <djm@mindrot.org>
9Date: Mon Mar 20 12:23:04 2017 +1100
10
11 crank version numbers
12
13commit 3be52bc36bdfd24ded7e0f46999e7db520fb4e3f
14Author: djm@openbsd.org <djm@openbsd.org>
15Date: Mon Mar 20 01:18:59 2017 +0000
16
17 upstream commit
18
19 openssh-7.5
20
21 Upstream-ID: b8b9a4a949427c393cd868215e1724ceb3467ee5
22
23commit db84e52fe9cfad57f22e7e23c5fbf00092385129
24Author: Damien Miller <djm@mindrot.org>
25Date: Mon Mar 20 12:07:20 2017 +1100
26
27 I'm a doofus.
28
29 Unbreak obvious syntax error.
30
31commit 89f04852db27643717c9c3a2b0dde97ae50099ee
32Author: Damien Miller <djm@mindrot.org>
33Date: Mon Mar 20 11:53:34 2017 +1100
34
35 on Cygwin, check paths from server for backslashes
36
37 Pointed out by Jann Horn of Google Project Zero
38
39commit 7ef1f9bafc2cc8d97ff2fbd4f280002b6e8ea5d9
40Author: Damien Miller <djm@mindrot.org>
41Date: Mon Mar 20 11:48:34 2017 +1100
42
43 Yet another synonym for ASCII: "646"
44
45 Used by NetBSD; this unbreaks mprintf() and friends there for the C
46 locale (caught by dtucker@ and his menagerie of test systems).
47
48commit 9165abfea3f68a0c684a6ed2e575e59bc31a3a6b
49Author: Damien Miller <djm@mindrot.org>
50Date: Mon Mar 20 09:58:34 2017 +1100
51
52 create test mux socket in /tmp
53
54 Creating the socket in $OBJ could blow past the (quite limited)
55 path limit for Unix domain sockets. As a bandaid for bz#2660,
56 reported by Colin Watson; ok dtucker@
57
58commit 2adbe1e63bc313d03e8e84e652cc623af8ebb163
59Author: markus@openbsd.org <markus@openbsd.org>
60Date: Wed Mar 15 07:07:39 2017 +0000
61
62 upstream commit
63
64 disallow KEXINIT before NEWKEYS; ok djm; report by
65 vegard.nossum at oracle.com
66
67 Upstream-ID: 3668852d1f145050e62f1da08917de34cb0c5234
68
69commit 2fbf91684d76d38b9cf06550b69c9e41bca5a71c
70Author: Darren Tucker <dtucker@zip.com.au>
71Date: Thu Mar 16 14:05:46 2017 +1100
72
73 Include includes.h for compat bits.
74
75commit b55f634e96b9c5b0cd991e23a9ca181bec4bdbad
76Author: Darren Tucker <dtucker@zip.com.au>
77Date: Thu Mar 16 13:45:17 2017 +1100
78
79 Wrap stdint.h in #ifdef HAVE_STDINT_H
80
81commit 55a1117d7342a0bf8b793250cf314bab6b482b99
82Author: Damien Miller <djm@mindrot.org>
83Date: Thu Mar 16 11:22:42 2017 +1100
84
85 Adapt Cygwin config script to privsep knob removal
86
87 Patch from Corinna Vinschen.
88
89commit 1a321bfdb91defe3c4d9cca5651724ae167e5436
90Author: deraadt@openbsd.org <deraadt@openbsd.org>
91Date: Wed Mar 15 03:52:30 2017 +0000
92
93 upstream commit
94
95 accidents happen to the best of us; ok djm
96
97 Upstream-ID: b7a9dbd71011ffde95e06f6945fe7197dedd1604
98
99commit 25f837646be8c2017c914d34be71ca435dfc0e07
100Author: djm@openbsd.org <djm@openbsd.org>
101Date: Wed Mar 15 02:25:09 2017 +0000
102
103 upstream commit
104
105 fix regression in 7.4: deletion of PKCS#11-hosted keys
106 would fail unless they were specified by full physical pathname. Report and
107 fix from Jakub Jelen via bz#2682; ok dtucker@
108
109 Upstream-ID: 5b5bc20ca11cacb5d5eb29c3f93fd18425552268
110
111commit a8c5eeacf032a7d3408957e45dd7603cc1baf55f
112Author: djm@openbsd.org <djm@openbsd.org>
113Date: Wed Mar 15 02:19:09 2017 +0000
114
115 upstream commit
116
117 Fix segfault when sshd attempts to load RSA1 keys (can
118 only happen when protocol v.1 support is enabled for the client). Reported by
119 Jakub Jelen in bz#2686; ok dtucker
120
121 Upstream-ID: 8fdaec2ba4b5f65db1d094f6714ce64b25d871d7
122
123commit 66705948c0639a7061a0d0753266da7685badfec
124Author: djm@openbsd.org <djm@openbsd.org>
125Date: Tue Mar 14 07:19:07 2017 +0000
126
127 upstream commit
128
129 Mark the sshd_config UsePrivilegeSeparation option as
130 deprecated, effectively making privsep mandatory in sandboxing mode. ok
131 markus@ deraadt@
132
133 (note: this doesn't remove the !privsep code paths, though that will
134 happen eventually).
135
136 Upstream-ID: b4c52666256c4dd865f8ce9431af5d6ce2d74a0a
137
138commit f86586b03fe6cd8f595289bde200a94bc2c191af
139Author: Damien Miller <djm@mindrot.org>
140Date: Tue Mar 14 18:26:29 2017 +1100
141
142 Make seccomp-bpf sandbox work on Linux/X32
143
144 Allow clock_gettime syscall with X32 bit masked off. Apparently
145 this is required for at least some kernel versions. bz#2142
146 Patch mostly by Colin Watson. ok dtucker@
147
148commit 2429cf78dd2a9741ce27ba25ac41c535274a0af6
149Author: Damien Miller <djm@mindrot.org>
150Date: Tue Mar 14 18:01:52 2017 +1100
151
152 require OpenSSL >=1.0.1
153
154commit e3ea335abeab731c68f2b2141bee85a4b0bf680f
155Author: Damien Miller <djm@mindrot.org>
156Date: Tue Mar 14 17:48:43 2017 +1100
157
158 Remove macro trickery; no binary change
159
160 This stops the SC_ALLOW(), SC_ALLOW_ARG() and SC_DENY() macros
161 prepending __NR_ to the syscall number parameter and just makes
162 them explicit in the macro invocations.
163
164 No binary change in stripped object file before/after.
165
166commit 5f1596e11d55539678c41f68aed358628d33d86f
167Author: Damien Miller <djm@mindrot.org>
168Date: Tue Mar 14 13:15:18 2017 +1100
169
170 support ioctls for ICA crypto card on Linux/s390
171
172 Based on patch from Eduardo Barretto; ok dtucker@
173
174commit b1b22dd0df2668b322dda174e501dccba2cf5c44
175Author: Darren Tucker <dtucker@zip.com.au>
176Date: Tue Mar 14 14:19:36 2017 +1100
177
178 Plumb conversion test into makefile.
179
180commit f57783f1ddfb4cdfbd612c6beb5ec01cb5b9a6b9
181Author: dtucker@openbsd.org <dtucker@openbsd.org>
182Date: Tue Mar 14 01:20:29 2017 +0000
183
184 upstream commit
185
186 Add unit test for convtime().
187
188 Upstream-Regress-ID: 8717bc0ca4c21120f6dd3a1d3b7a363f707c31e1
189
190commit 8884b7247d094cd11ff9e39c325ba928c5bdbc6c
191Author: dtucker@openbsd.org <dtucker@openbsd.org>
192Date: Tue Mar 14 01:10:07 2017 +0000
193
194 upstream commit
195
196 Add ASSERT_LONG_* helpers.
197
198 Upstream-Regress-ID: fe15beaea8f5063c7f21b0660c722648e3d76431
199
200commit c6774d21185220c0ba11e8fd204bf0ad1a432071
201Author: dtucker@openbsd.org <dtucker@openbsd.org>
202Date: Tue Mar 14 00:55:37 2017 +0000
203
204 upstream commit
205
206 Fix convtime() overflow test on boundary condition,
207 spotted by & ok djm.
208
209 Upstream-ID: 51f14c507ea87a3022e63f574100613ab2ba5708
210
211commit f5746b40cfe6d767c8e128fe50c43274b31cd594
212Author: dtucker@openbsd.org <dtucker@openbsd.org>
213Date: Tue Mar 14 00:25:03 2017 +0000
214
215 upstream commit
216
217 Check for integer overflow when parsing times in
218 convtime(). Reported by nicolas.iooss at m4x.org, ok djm@
219
220 Upstream-ID: 35e6a4e98f6fa24df50bfb8ba1307cf70e966f13
221
222commit f5907982f42a8d88a430b8a46752cbb7859ba979
223Author: Darren Tucker <dtucker@zip.com.au>
224Date: Tue Mar 14 13:38:15 2017 +1100
225
226 Add a "unit" target to run only unit tests.
227
228commit 9e96b41682aed793fadbea5ccd472f862179fb02
229Author: Damien Miller <djm@mindrot.org>
230Date: Tue Mar 14 12:24:47 2017 +1100
231
232 Fix weakness in seccomp-bpf sandbox arg inspection
233
234 Syscall arguments are passed via an array of 64-bit values in struct
235 seccomp_data, but we were only inspecting the bottom 32 bits and not
236 even those correctly for BE systems.
237
238 Fortunately, the only case argument inspection was used was in the
239 socketcall filtering so using this for sandbox escape seems
240 impossible.
241
242 ok dtucker
243
244commit 8ff3fc3f2f7c13e8968717bc2b895ee32c441275
245Author: djm@openbsd.org <djm@openbsd.org>
246Date: Sat Mar 11 23:44:16 2017 +0000
247
248 upstream commit
249
250 regress tests for loading certificates without public keys;
251 bz#2617 based on patch from Adam Eijdenberg; ok markus@ dtucker@
252
253 Upstream-Regress-ID: 0145d19328ed995b73fe2d9da33596b17429d0d0
254
255commit 1e24552716194db8f2f620587b876158a9ef56ad
256Author: djm@openbsd.org <djm@openbsd.org>
257Date: Sat Mar 11 23:40:26 2017 +0000
258
259 upstream commit
260
261 allow ssh to use certificates accompanied by a private
262 key file but no corresponding plain *.pub public key. bz#2617 based on patch
263 from Adam Eijdenberg; ok dtucker@ markus@
264
265 Upstream-ID: 295668dca2c39505281577217583ddd2bd4b00b9
266
267commit 0fb1a617a07b8df5de188dd5a0c8bf293d4bfc0e
268Author: markus@openbsd.org <markus@openbsd.org>
269Date: Sat Mar 11 13:07:35 2017 +0000
270
271 upstream commit
272
273 Don't count the initial block twice when computing how
274 many bytes to discard for the work around for the attacks against CBC-mode.
275 ok djm@; report from Jean Paul, Kenny, Martin and Torben @ RHUL
276
277 Upstream-ID: f445f509a4e0a7ba3b9c0dae7311cb42458dc1e2
278
279commit ef653dd5bd5777132d9f9ee356225f9ee3379504
280Author: dtucker@openbsd.org <dtucker@openbsd.org>
281Date: Fri Mar 10 07:18:32 2017 +0000
282
283 upstream commit
284
285 krl.c
286
287 Upstream-ID: fc5e695d5d107d730182e2da7b23f00b489e0ee1
288
289commit d94c1dfef2ea30ca67b1204ada7c3b537c54f4d0
290Author: Damien Miller <djm@mindrot.org>
291Date: Sun Mar 12 10:48:14 2017 +1100
292
293 sync fmt_scaled.c with OpenBSD
294
295 revision 1.13
296 date: 2017/03/11 23:37:23; author: djm; state: Exp; lines: +14 -1; commitid: jnFKyHkB3CEiEZ2R;
297 fix signed integer overflow in scan_scaled. Found by Nicolas Iooss
298 using AFL against ssh_config. ok deraadt@ millert@
299 ----------------------------
300 revision 1.12
301 date: 2013/11/29 19:00:51; author: deraadt; state: Exp; lines: +6 -5;
302 fairly simple unsigned char casts for ctype
303 ok krw
304 ----------------------------
305 revision 1.11
306 date: 2012/11/12 14:07:20; author: halex; state: Exp; lines: +4 -2;
307 make scan_scaled set errno to EINVAL rather than ERANGE if it encounters
308 an invalid multiplier, like the man page says it should
309
310 "looks sensible" deraadt@, ok ian@
311 ----------------------------
312 revision 1.10
313 date: 2009/06/20 15:00:04; author: martynas; state: Exp; lines: +4 -4;
314 use llabs instead of the home-grown version; and some comment changes
315 ok ian@, millert@
316 ----------------------------
317
318commit 894221a63fa061e52e414ca58d47edc5fe645968
319Author: djm@openbsd.org <djm@openbsd.org>
320Date: Fri Mar 10 05:01:13 2017 +0000
321
322 upstream commit
323
324 When updating hostkeys, accept RSA keys if
325 HostkeyAlgorithms contains any RSA keytype. Previously, ssh could ignore RSA
326 keys when any of the ssh-rsa-sha2-* methods was enabled in HostkeyAlgorithms
327 nit ssh-rsa (SHA1 signatures) was not. bz#2650 reported by Luis Ressel; ok
328 dtucker@
329
330 Upstream-ID: c5e8cfee15c42f4a05d126158a0766ea06da79d2
331
332commit dd3e2298663f4cc1a06bc69582d00dcfee27d73c
333Author: djm@openbsd.org <djm@openbsd.org>
334Date: Fri Mar 10 04:24:55 2017 +0000
335
336 upstream commit
337
338 make hostname matching really insensitive to case;
339 bz#2685, reported by Petr Cerny; ok dtucker@
340
341 Upstream-ID: e467622ff154269e36ba8b6c9e3d105e1c4a9253
342
343commit 77a9be9446697fe8b5499fe651f4a82a71a4b51f
344Author: djm@openbsd.org <djm@openbsd.org>
345Date: Fri Mar 10 03:52:48 2017 +0000
346
347 upstream commit
348
349 reword a comment to make it fit 80 columns
350
351 Upstream-ID: 4ef509a66b96c7314bbcc87027c2af71fa9d0ba4
352
353commit 61b8ef6a66efaec07e023342cb94a10bdc2254dc
354Author: djm@openbsd.org <djm@openbsd.org>
355Date: Fri Mar 10 04:27:32 2017 +0000
356
357 upstream commit
358
359 better match sshd config parser behaviour: fatal() if
360 line is overlong, increase line buffer to match sshd's; bz#2651 reported by
361 Don Fong; ok dtucker@
362
363 Upstream-ID: b175ae7e0ba403833f1ee566edf10f67443ccd18
364
365commit db2597207e69912f2592cd86a1de8e948a9d7ffb
366Author: djm@openbsd.org <djm@openbsd.org>
367Date: Fri Mar 10 04:26:06 2017 +0000
368
369 upstream commit
370
371 ensure hostname is lower-case before hashing it;
372 bz#2591 reported by Griff Miller II; ok dtucker@
373
374 Upstream-ID: c3b8b93804f376bd00d859b8bcd9fc0d86b4db17
375
376commit df9936936c695f85c1038bd706d62edf752aca4b
377Author: djm@openbsd.org <djm@openbsd.org>
378Date: Fri Mar 10 04:24:55 2017 +0000
379
380 upstream commit
381
382 make hostname matching really insensitive to case;
383 bz#2685, reported by Petr Cerny; ok dtucker@
384
385 Upstream-ID: e632b7a9bf0d0558d5ff56dab98b7cca6c3db549
386
387commit 67eed24bfa7645d88fa0b883745fccb22a0e527e
388Author: dtucker@openbsd.org <dtucker@openbsd.org>
389Date: Fri Mar 10 04:11:00 2017 +0000
390
391 upstream commit
392
393 Remove old null check from config dumper. Patch from
394 jjelen at redhat.com vi bz#2687, ok djm@
395
396 Upstream-ID: 824ab71467b78c4bab0dd1b3a38e8bc5f63dd528
397
398commit 183ba55aaaecca0206184b854ad6155df237adbe
399Author: djm@openbsd.org <djm@openbsd.org>
400Date: Fri Mar 10 04:07:20 2017 +0000
401
402 upstream commit
403
404 fix regression in 7.4 server-sig-algs, where we were
405 accidentally excluding SHA2 RSA signature methods. bz#2680, patch from Nuno
406 Goncalves; ok dtucker@
407
408 Upstream-ID: 81ac8bfb30960447740b9b8f6a214dcf322f12e8
409
410commit 66be4fe8c4435af5bbc82998501a142a831f1181
411Author: dtucker@openbsd.org <dtucker@openbsd.org>
412Date: Fri Mar 10 03:53:11 2017 +0000
413
414 upstream commit
415
416 Check for NULL return value from key_new. Patch from
417 jjelen at redhat.com via bz#2687, ok djm@
418
419 Upstream-ID: 059e33cd43cba88dc8caf0b1936fd4dd88fd5b8e
420
421commit ec2892b5c7fea199914cb3a6afb3af38f84990bf
422Author: djm@openbsd.org <djm@openbsd.org>
423Date: Fri Mar 10 03:52:48 2017 +0000
424
425 upstream commit
426
427 reword a comment to make it fit 80 columns
428
429 Upstream-ID: b4b48b4487c0821d16e812c40c9b09f03b28e349
430
431commit 7fadbb6da3f4122de689165651eb39985e1cba85
432Author: dtucker@openbsd.org <dtucker@openbsd.org>
433Date: Fri Mar 10 03:48:57 2017 +0000
434
435 upstream commit
436
437 Check for NULL argument to sshkey_read. Patch from
438 jjelen at redhat.com via bz#2687, ok djm@
439
440 Upstream-ID: c2d00c2ea50c4861d271d0a586f925cc64a87e0e
441
442commit 5a06b9e019e2b0b0f65a223422935b66f3749de3
443Author: dtucker@openbsd.org <dtucker@openbsd.org>
444Date: Fri Mar 10 03:45:40 2017 +0000
445
446 upstream commit
447
448 Plug some mem leaks mostly on error paths. From jjelen
449 at redhat.com via bz#2687, ok djm@
450
451 Upstream-ID: 3fb030149598957a51b7c8beb32bf92cf30c96f2
452
453commit f6edbe9febff8121f26835996b1229b5064d31b7
454Author: dtucker@openbsd.org <dtucker@openbsd.org>
455Date: Fri Mar 10 03:24:48 2017 +0000
456
457 upstream commit
458
459 Plug mem leak on GLOB_NOMATCH case. From jjelen at
460 redhat.com via bz#2687, ok djm@
461
462 Upstream-ID: 8016a7ae97719d3aa55fb723fc2ad3200058340d
463
464commit 566b3a46e89a2fda2db46f04f2639e92da64a120
465Author: dtucker@openbsd.org <dtucker@openbsd.org>
466Date: Fri Mar 10 03:22:40 2017 +0000
467
468 upstream commit
469
470 Plug descriptor leaks of auth_sock. From jjelen at
471 redhat.com via bz#2687, ok djm@
472
473 Upstream-ID: 248acb99a5ed2fdca37d1aa33c0fcee7be286d88
474
475commit 8a2834454c73dfc1eb96453c0e97690595f3f4c2
476Author: djm@openbsd.org <djm@openbsd.org>
477Date: Fri Mar 10 03:18:24 2017 +0000
478
479 upstream commit
480
481 correctly hash hosts with a port number. Reported by Josh
482 Powers in bz#2692; ok dtucker@
483
484 Upstream-ID: 468e357ff143e00acc05bdd2803a696b3d4b6442
485
486commit 9747b9c742de409633d4753bf1a752cbd211e2d3
487Author: djm@openbsd.org <djm@openbsd.org>
488Date: Fri Mar 10 03:15:58 2017 +0000
489
490 upstream commit
491
492 don't truncate off \r\n from long stderr lines; bz#2688,
493 reported by Brian Dyson; ok dtucker@
494
495 Upstream-ID: cdfdc4ba90639af807397ce996153c88af046ca4
496
497commit 4a4b75adac862029a1064577eb5af299b1580cdd
498Author: dtucker@openbsd.org <dtucker@openbsd.org>
499Date: Fri Mar 10 02:59:51 2017 +0000
500
501 upstream commit
502
503 Validate digest arg in ssh_digest_final; from jjelen at
504 redhat.com via bz#2687, ok djm@
505
506 Upstream-ID: dbe5494dfddfe523fab341a3dab5a79e7338f878
507
508commit bee0167be2340d8de4bdc1ab1064ec957c85a447
509Author: Darren Tucker <dtucker@zip.com.au>
510Date: Fri Mar 10 13:40:18 2017 +1100
511
512 Check for NULL from malloc.
513
514 Part of bz#2687, from jjelen at redhat.com.
515
516commit da39b09d43b137a5a3d071b51589e3efb3701238
517Author: Darren Tucker <dtucker@zip.com.au>
518Date: Fri Mar 10 13:22:32 2017 +1100
519
520 If OSX is using launchd, remove screen no.
521
522 Check for socket with and without screen number. From Apple and Jakob
523 Schlyter via bz#2341, with contributions from Ron Frederick, ok djm@
524
525commit 8fb15311a011517eb2394bb95a467c209b8b336c
526Author: djm@openbsd.org <djm@openbsd.org>
527Date: Wed Mar 8 12:07:47 2017 +0000
528
529 upstream commit
530
531 quote [host]:port in generated ProxyJump commandline; the
532 [ / ] characters can confuse some shells (e.g. zsh). Reported by Lauri
533 Tirkkonen via bugs@
534
535 Upstream-ID: 65cdd161460e1351c3d778e974c1c2a4fa4bc182
536
537commit 18501151cf272a15b5f2c5e777f2e0933633c513
538Author: dtucker@openbsd.org <dtucker@openbsd.org>
539Date: Mon Mar 6 02:03:20 2017 +0000
540
541 upstream commit
542
543 Check l->hosts before dereferencing; fixes potential null
544 pointer deref. ok djm@
545
546 Upstream-ID: 81c0327c6ec361da794b5c680601195cc23d1301
547
548commit d072370793f1a20f01ad827ba8fcd3b8f2c46165
549Author: dtucker@openbsd.org <dtucker@openbsd.org>
550Date: Mon Mar 6 00:44:51 2017 +0000
551
552 upstream commit
553
554 linenum is unsigned long so use %lu in log formats. ok
555 deraadt@
556
557 Upstream-ID: 9dc582d9bb887ebe0164e030d619fc20b1a4ea08
558
559commit 12d3767ba4c84c32150cbe6ff6494498780f12c9
560Author: djm@openbsd.org <djm@openbsd.org>
561Date: Fri Mar 3 06:13:11 2017 +0000
562
563 upstream commit
564
565 fix ssh-keygen -H accidentally corrupting known_hosts that
566 contained already-hashed entries. HKF_MATCH_HOST_HASHED is only set by
567 hostkeys_foreach() when hostname matching is in use, so we need to look for
568 the hash marker explicitly.
569
570 Upstream-ID: da82ad653b93e8a753580d3cf5cd448bc2520528
571
572commit d7abb771bd5a941b26144ba400a34563a1afa589
573Author: djm@openbsd.org <djm@openbsd.org>
574Date: Tue Feb 28 06:10:08 2017 +0000
575
576 upstream commit
577
578 small memleak: free fd_set on connection timeout (though
579 we are heading to exit anyway). From Tom Rix in bz#2683
580
581 Upstream-ID: 10e3dadbb8199845b66581473711642d9e6741c4
582
583commit 78142e3ab3887e53a968d6e199bcb18daaf2436e
584Author: jmc@openbsd.org <jmc@openbsd.org>
585Date: Mon Feb 27 14:30:33 2017 +0000
586
587 upstream commit
588
589 errant dot; from klemens nanni
590
591 Upstream-ID: 83d93366a5acf47047298c5d3ebc5e7426f37921
592
593commit 8071a6924c12bb51406a9a64a4b2892675112c87
594Author: djm@openbsd.org <djm@openbsd.org>
595Date: Fri Feb 24 03:16:34 2017 +0000
596
597 upstream commit
598
599 might as well set the listener socket CLOEXEC
600
601 Upstream-ID: 9c538433d6a0ca79f5f21decc5620e46fb68ab57
602
603commit d5499190559ebe374bcdfa8805408646ceffad64
604Author: djm@openbsd.org <djm@openbsd.org>
605Date: Sun Feb 19 00:11:29 2017 +0000
606
607 upstream commit
608
609 add test cases for C locale; ok schwarze@
610
611 Upstream-Regress-ID: 783d75de35fbc923d46e2a5e6cee30f8f381ba87
612
613commit 011c8ffbb0275281a0cf330054cf21be10c43e37
614Author: djm@openbsd.org <djm@openbsd.org>
615Date: Sun Feb 19 00:10:57 2017 +0000
616
617 upstream commit
618
619 Add a common nl_langinfo(CODESET) alias for US-ASCII
620 "ANSI_X3.4-1968" that is used by Linux. Fixes mprintf output truncation for
621 non-UTF-8 locales on Linux spotted by dtucker@; ok deraadt@ schwarze@
622
623 Upstream-ID: c6808956ebffd64066f9075d839f74ff0dd60719
624
625commit 0c4430a19b73058a569573492f55e4c9eeaae67b
626Author: dtucker@openbsd.org <dtucker@openbsd.org>
627Date: Tue Feb 7 23:03:11 2017 +0000
628
629 upstream commit
630
631 Remove deprecated SSH1 options RSAAuthentication and
632 RhostsRSAAuthentication from regression test sshd_config.
633
634 Upstream-Regress-ID: 8066b753d9dce7cf02ff87af5c727ff680d99491
635
636commit 3baa4cdd197c95d972ec3d07f1c0d08f2d7d9199
637Author: dtucker@openbsd.org <dtucker@openbsd.org>
638Date: Fri Feb 17 02:32:05 2017 +0000
639
640 upstream commit
641
642 Do not show rsa1 key type in usage when compiled without
643 SSH1 support.
644
645 Upstream-ID: 068b5c41357a02f319957746fa4e84ea73960f57
646
647commit ecc35893715f969e98fee118481f404772de4132
648Author: dtucker@openbsd.org <dtucker@openbsd.org>
649Date: Fri Feb 17 02:31:14 2017 +0000
650
651 upstream commit
652
653 ifdef out "rsa1" from the list of supported keytypes when
654 compiled without SSH1 support. Found by kdunlop at guralp.com, ok djm@
655
656 Upstream-ID: cea93a26433d235bb1d64b1d990f19a9c160a70f
657
658commit 10577c6d96a55b877a960b2d0b75edef1b9945af
659Author: djm@openbsd.org <djm@openbsd.org>
660Date: Fri Feb 17 02:04:15 2017 +0000
661
662 upstream commit
663
664 For ProxyJump/-J, surround host name with brackets to
665 allow literal IPv6 addresses. From Dick Visser; ok dtucker@
666
667 Upstream-ID: 3a5d3b0171250daf6a5235e91bce09c1d5746bf1
668
669commit b2afdaf1b52231aa23d2153f4a8c5a60a694dda4
670Author: jsg@openbsd.org <jsg@openbsd.org>
671Date: Wed Feb 15 23:38:31 2017 +0000
672
673 upstream commit
674
675 Fix memory leaks in match_filter_list() error paths.
676
677 ok dtucker@ markus@
678
679 Upstream-ID: c7f96ac0877f6dc9188bbc908100a8d246cc7f0e
680
681commit 6d5a41b38b55258213ecfaae9df7a758caa752a1
682Author: djm@openbsd.org <djm@openbsd.org>
683Date: Wed Feb 15 01:46:47 2017 +0000
684
685 upstream commit
686
687 fix division by zero crash in "df" output when server
688 returns zero total filesystem blocks/inodes. Spotted by Guido Vranken; ok
689 dtucker@
690
691 Upstream-ID: 6fb6c2ae6b289aa07b6232dbc0be54682ef5419f
692
693commit bd5d7d239525d595ecea92765334af33a45d9d63
694Author: Darren Tucker <dtucker@zip.com.au>
695Date: Sun Feb 12 15:45:15 2017 +1100
696
697 ifdef out EVP_R_PRIVATE_KEY_DECODE_ERROR
698
699 EVP_R_PRIVATE_KEY_DECODE_ERROR was added in OpenSSL 1.0.0 so ifdef out
700 for the benefit of OpenSSL versions prior to that.
701
702commit 155d540d00ff55f063421ec182ec8ff2b7ab6cbe
703Author: djm@openbsd.org <djm@openbsd.org>
704Date: Fri Feb 10 04:34:50 2017 +0000
705
706 upstream commit
707
708 bring back r1.34 that was backed out for problems loading
709 public keys:
710
711 translate OpenSSL error codes to something more
712 meaninful; bz#2522 reported by Jakub Jelen, ok dtucker@
713
714 with additional fix from Jakub Jelen to solve the backout.
715 bz#2525 bz#2523 re-ok dtucker@
716
717 Upstream-ID: a9d5bc0306f4473d9b4f4484f880e95f3c1cc031
718
719commit a287c5ad1e0bf9811c7b9221979b969255076019
720Author: djm@openbsd.org <djm@openbsd.org>
721Date: Fri Feb 10 03:36:40 2017 +0000
722
723 upstream commit
724
725 Sanitise escape sequences in key comments sent to printf
726 but preserve valid UTF-8 when the locale supports it; bz#2520 ok dtucker@
727
728 Upstream-ID: e8eed28712ba7b22d49be534237eed019875bd1e
729
730commit e40269be388972848aafcca7060111c70aab5b87
731Author: millert@openbsd.org <millert@openbsd.org>
732Date: Wed Feb 8 20:32:43 2017 +0000
733
734 upstream commit
735
736 Avoid printf %s NULL. From semarie@, OK djm@
737
738 Upstream-ID: 06beef7344da0208efa9275d504d60d2a5b9266c
739
740commit 5b90709ab8704dafdb31e5651073b259d98352bc
741Author: djm@openbsd.org <djm@openbsd.org>
742Date: Mon Feb 6 09:22:51 2017 +0000
743
744 upstream commit
745
746 Restore \r\n newline sequence for server ident string. The CR
747 got lost in the flensing of SSHv1. Pointed out by Stef Bon
748
749 Upstream-ID: 5333fd43ce5396bf5999496096fac5536e678fac
750
751commit 97c31c46ee2e6b46dfffdfc4f90bbbf188064cbc
752Author: djm@openbsd.org <djm@openbsd.org>
753Date: Fri Feb 3 23:01:42 2017 +0000
754
755 upstream commit
756
757 unit test for match_filter_list() function; still want a
758 better name for this...
759
760 Upstream-Regress-ID: 840ad6118552c35111f0a897af9c8d93ab8de92a
761
762commit f1a193464a7b77646f0d0cedc929068e4a413ab4
763Author: djm@openbsd.org <djm@openbsd.org>
764Date: Fri Feb 3 23:05:57 2017 +0000
765
766 upstream commit
767
768 use ssh_packet_set_log_preamble() to include connection
769 username in packet log messages, e.g.
770
771 Connection closed by invalid user foo 10.1.1.1 port 44056 [preauth]
772
773 ok markus@ bz#113
774
775 Upstream-ID: 3591b88bdb5416d6066fb3d49d8fff2375bf1a15
776
777commit 07edd7e9537ab32aa52abb5fb2a915c350fcf441
778Author: djm@openbsd.org <djm@openbsd.org>
779Date: Fri Feb 3 23:03:33 2017 +0000
780
781 upstream commit
782
783 add ssh_packet_set_log_preamble() to allow inclusion of a
784 preamble string in disconnect messages; ok markus@
785
786 Upstream-ID: 34cb41182cd76d414c214ccb01c01707849afead
787
788commit 68bc8cfa7642d3ccbf2cd64281c16b8b9205be59
789Author: djm@openbsd.org <djm@openbsd.org>
790Date: Fri Feb 3 23:01:19 2017 +0000
791
792 upstream commit
793
794 support =- for removing methods from algorithms lists,
795 e.g. Ciphers=-*cbc; suggested by Cristian Ionescu-Idbohrn in bz#2671 "I like
796 it" markus@
797
798 Upstream-ID: c78c38f9f81a963b33d0eade559f6048add24a6d
799
800commit c924b2ef941028a1f31e6e94f54dfeeeef462a4e
801Author: djm@openbsd.org <djm@openbsd.org>
802Date: Fri Feb 3 05:05:56 2017 +0000
803
804 upstream commit
805
806 allow form-feed characters at EOL; bz#2431 ok dtucker@
807
808 Upstream-ID: 1f453afaba6da2ae69d6afdf1ae79a917552f1a2
809
810commit 523db8540b720c4d21ab0ff6f928476c70c38aab
811Author: Damien Miller <djm@mindrot.org>
812Date: Fri Feb 3 16:01:22 2017 +1100
813
814 prefer to use ldns-config to find libldns
815
816 Should fix bz#2603 - "Build with ldns and without kerberos support
817 fails if ldns compiled with kerberos support" by including correct
818 cflags/libs
819
820 ok dtucker@
821
822commit c998bf0afa1a01257a53793eba57941182e9e0b7
823Author: dtucker@openbsd.org <dtucker@openbsd.org>
824Date: Fri Feb 3 02:56:00 2017 +0000
825
826 upstream commit
827
828 Make ssh_packet_set_rekey_limits take u32 for the number of
829 seconds until rekeying (negative values are rejected at config parse time).
830 This allows the removal of some casts and a signed vs unsigned comparison
831 warning.
832
833 rekey_time is cast to int64 for the comparison which is a no-op
834 on OpenBSD, but should also do the right thing in -portable on
835 anything still using 32bit time_t (until the system time actually
836 wraps, anyway).
837
838 some early guidance deraadt@, ok djm@
839
840 Upstream-ID: c9f18613afb994a07e7622eb326f49de3d123b6c
841
842commit 3ec5fa4ba97d4c4853620daea26a33b9f1fe3422
843Author: jsg@openbsd.org <jsg@openbsd.org>
844Date: Thu Feb 2 10:54:25 2017 +0000
845
846 upstream commit
847
848 In vasnmprintf() return an error if malloc fails and
849 don't set a function argument to the address of free'd memory.
850
851 ok djm@
852
853 Upstream-ID: 1efffffff2f51d53c9141f245b90ac23d33b9779
854
855commit 858252fb1d451ebb0969cf9749116c8f0ee42753
856Author: dtucker@openbsd.org <dtucker@openbsd.org>
857Date: Wed Feb 1 02:59:09 2017 +0000
858
859 upstream commit
860
861 Return true reason for port forwarding failures where
862 feasible rather than always "administratively prohibited". bz#2674, ok djm@
863
864 Upstream-ID: d901d9887951774e604ca970e1827afaaef9e419
865
866commit 6ba9f893838489add6ec4213c7a997b425e4a9e0
867Author: dtucker@openbsd.org <dtucker@openbsd.org>
868Date: Mon Jan 30 23:27:39 2017 +0000
869
870 upstream commit
871
872 Small correction to the known_hosts section on when it is
873 updated. Patch from lkppo at free.fr some time ago, pointed out by smallm at
874 sdf.org
875
876 Upstream-ID: 1834d7af179dea1a12ad2137f84566664af225d5
877
878commit c61d5ec3c11e7ff9779b6127421d9f166cf10915
879Author: Darren Tucker <dtucker@zip.com.au>
880Date: Fri Feb 3 14:10:34 2017 +1100
881
882 Remove _XOPEN_SOURCE from wide char detection.
883
884 Having _XOPEN_SOURCE unconditionally causes problems on some platforms
885 and configurations, notably Solaris 64-bit binaries. It was there for
886 the benefit of Linux put the required bits in the *-*linux* section.
887
888 Patch from yvoinov at gmail.com.
889
890commit f25ee13b3e81fd80efeb871dc150fe49d7fc8afd
891Author: djm@openbsd.org <djm@openbsd.org>
892Date: Mon Jan 30 05:22:14 2017 +0000
893
894 upstream commit
895
896 fully unbreak: some $SSH invocations did not have -F
897 specified and could pick up the ~/.ssh/config of the user running the tests
898
899 Upstream-Regress-ID: f362d1892c0d3e66212d5d3fc02d915c58ef6b89
900
901commit 6956e21fb26652887475fe77ea40d2efcf25908b
902Author: djm@openbsd.org <djm@openbsd.org>
903Date: Mon Jan 30 04:54:07 2017 +0000
904
905 upstream commit
906
907 partially unbreak: was not specifying hostname on some
908 $SSH invocations
909
910 Upstream-Regress-ID: bc8a5e98e57bad0a92ef4f34ed91c1d18294e2cc
911
912commit 52763dd3fe0a4678dafdf7aeb32286e514130afc
913Author: djm@openbsd.org <djm@openbsd.org>
914Date: Mon Jan 30 01:03:00 2017 +0000
915
916 upstream commit
917
918 revise keys/principals command hang fix (bz#2655) to
919 consume entire output, avoiding sending SIGPIPE to subprocesses early; ok
920 dtucker@
921
922 Upstream-ID: 7cb04b31a61f8c78c4e48ceededcd2fd5c4ee1bc
923
924commit 381a2615a154a82c4c53b787f4a564ef894fe9ac
925Author: djm@openbsd.org <djm@openbsd.org>
926Date: Mon Jan 30 00:38:50 2017 +0000
927
928 upstream commit
929
930 small cleanup post SSHv1 removal:
931
932 remove SSHv1-isms in commented examples
933
934 reorder token table to group deprecated and compile-time conditional tokens
935 better
936
937 fix config dumping code for some compile-time conditional options that
938 weren't being correctly skipped (SSHv1 and PKCS#11)
939
940 Upstream-ID: f2e96b3cb3158d857c5a91ad2e15925df3060105
941
942commit 4833d01591b7eb049489d9558b65f5553387ed43
943Author: djm@openbsd.org <djm@openbsd.org>
944Date: Mon Jan 30 00:34:01 2017 +0000
945
946 upstream commit
947
948 some explicit NULL tests when dumping configured
949 forwardings; from Karsten Weiss
950
951 Upstream-ID: 40957b8dea69672b0e50df6b4a91a94e3e37f72d
952
953commit 326e2fae9f2e3e067b5651365eba86b35ee5a6b2
954Author: djm@openbsd.org <djm@openbsd.org>
955Date: Mon Jan 30 00:32:28 2017 +0000
956
957 upstream commit
958
959 misplaced braces in test; from Karsten Weiss
960
961 Upstream-ID: f7b794074d3aae8e35b69a91d211c599c94afaae
962
963commit 3e032a95e46bfaea9f9e857678ac8fa5f63997fb
964Author: djm@openbsd.org <djm@openbsd.org>
965Date: Mon Jan 30 00:32:03 2017 +0000
966
967 upstream commit
968
969 don't dereference authctxt before testing != NULL, it
970 causes compilers to make assumptions; from Karsten Weiss
971
972 Upstream-ID: 794243aad1e976ebc717885b7a97a25e00c031b2
973
974commit 01cfaa2b1cfb84f3cdd32d1bf82b120a8d30e057
975Author: djm@openbsd.org <djm@openbsd.org>
976Date: Fri Jan 6 02:51:16 2017 +0000
977
978 upstream commit
979
980 use correct ssh-add program; bz#2654, from Colin Watson
981
982 Upstream-Regress-ID: 7042a36e1bdaec6562f6e57e9d047efe9c7a6030
983
984commit e5c7ec67cdc42ae2584085e0fc5cc5ee91133cf5
985Author: dtucker@openbsd.org <dtucker@openbsd.org>
986Date: Fri Jan 6 02:26:10 2017 +0000
987
988 upstream commit
989
990 Account for timeouts in the integrity tests as failures.
991
992 If the first test in a series for a given MAC happens to modify the low
993 bytes of a packet length, then ssh will time out and this will be
994 interpreted as a test failure. Patch from cjwatson at debian.org via
995 bz#2658.
996
997 Upstream-Regress-ID: e7467613b0badedaa300bc6fc7495ec2f44e2fb9
998
999commit dbaf599b61bd6e0f8469363a8c8e7f633b334018
1000Author: dtucker@openbsd.org <dtucker@openbsd.org>
1001Date: Fri Jan 6 02:09:25 2017 +0000
1002
1003 upstream commit
1004
1005 Make forwarding test less racy by using unix domain
1006 sockets instead of TCP ports where possible. Patch from cjwatson at
1007 debian.org via bz#2659.
1008
1009 Upstream-Regress-ID: 4756375aac5916ef9d25452a1c1d5fa9e90299a9
1010
1011commit 9390b0031ebd6eb5488d3bc4d4333c528dffc0a6
1012Author: dtucker@openbsd.org <dtucker@openbsd.org>
1013Date: Sun Jan 29 21:35:23 2017 +0000
1014
1015 upstream commit
1016
1017 Fix typo in ~C error message for bad port forward
1018 cancellation. bz#2672, from Brad Marshall via Colin Watson and Ubuntu's
1019 bugtracker.
1020
1021 Upstream-ID: 0d4a7e5ead6cc59c9a44b4c1e5435ab3aada09af
1022
1023commit 4ba15462ca38883b8a61a1eccc093c79462d5414
1024Author: guenther@openbsd.org <guenther@openbsd.org>
1025Date: Sat Jan 21 11:32:04 2017 +0000
1026
1027 upstream commit
1028
1029 The POSIX APIs that that sockaddrs all ignore the s*_len
1030 field in the incoming socket, so userspace doesn't need to set it unless it
1031 has its own reasons for tracking the size along with the sockaddr.
1032
1033 ok phessler@ deraadt@ florian@
1034
1035 Upstream-ID: ca6e49e2f22f2b9e81d6d924b90ecd7e422e7437
1036
1037commit a1187bd3ef3e4940af849ca953a1b849dae78445
1038Author: jmc@openbsd.org <jmc@openbsd.org>
1039Date: Fri Jan 6 16:28:12 2017 +0000
1040
1041 upstream commit
1042
1043 keep the tokens list sorted;
1044
1045 Upstream-ID: b96239dae4fb3aa94146bb381afabcc7740a1638
1046
1047commit b64077f9767634715402014f509e58decf1e140d
1048Author: djm@openbsd.org <djm@openbsd.org>
1049Date: Fri Jan 6 09:27:52 2017 +0000
1050
1051 upstream commit
1052
1053 fix previous
1054
1055 Upstream-ID: c107d6a69bc22325d79fbf78a2a62e04bcac6895
1056
1057commit 5e820e9ea2e949aeb93071fe31c80b0c42f2b2de
1058Author: djm@openbsd.org <djm@openbsd.org>
1059Date: Fri Jan 6 03:53:58 2017 +0000
1060
1061 upstream commit
1062
1063 show a useful error message when included config files
1064 can't be opened; bz#2653, ok dtucker@
1065
1066 Upstream-ID: f598b73b5dfe497344cec9efc9386b4e5a3cb95b
1067
1068commit 13bd2e2d622d01dc85d22b94520a5b243d006049
1069Author: djm@openbsd.org <djm@openbsd.org>
1070Date: Fri Jan 6 03:45:41 2017 +0000
1071
1072 upstream commit
1073
1074 sshd_config is documented to set
1075 GSSAPIStrictAcceptorCheck=yes by default, so actually make it do this.
1076 bz#2637 ok dtucker
1077
1078 Upstream-ID: 99ef8ac51f17f0f7aec166cb2e34228d4d72a665
1079
1080commit f89b928534c9e77f608806a217d39a2960cc7fd0
1081Author: djm@openbsd.org <djm@openbsd.org>
1082Date: Fri Jan 6 03:41:58 2017 +0000
1083
1084 upstream commit
1085
1086 Avoid confusing error message when attempting to use
1087 ssh-keyscan built without SSH protocol v.1 to scan for v.1 keys; bz#2583
1088
1089 Upstream-ID: 5d214abd3a21337d67c6dcc5aa6f313298d0d165
1090
1091commit 0999533014784579aa6f01c2d3a06e3e8804b680
1092Author: dtucker@openbsd.org <dtucker@openbsd.org>
1093Date: Fri Jan 6 02:34:54 2017 +0000
1094
1095 upstream commit
1096
1097 Re-add '%k' token for AuthorizedKeysCommand which was
1098 lost during the re-org in rev 1.235. bz#2656, from jboning at gmail.com.
1099
1100 Upstream-ID: 2884e203c02764d7b3fe7472710d9c24bdc73e38
1101
1102commit 51045869fa084cdd016fdd721ea760417c0a3bf3
1103Author: djm@openbsd.org <djm@openbsd.org>
1104Date: Wed Jan 4 05:37:40 2017 +0000
1105
1106 upstream commit
1107
1108 unbreak Unix domain socket forwarding for root; ok
1109 markus@
1110
1111 Upstream-ID: 6649c76eb7a3fa15409373295ca71badf56920a2
1112
1113commit 58fca12ba967ea5c768653535604e1522d177e44
1114Author: Darren Tucker <dtucker@zip.com.au>
1115Date: Mon Jan 16 09:08:32 2017 +1100
1116
1117 Remove LOGIN_PROGRAM.
1118
1119 UseLogin is gone, remove leftover. bz#2665, from cjwatson at debian.org
1120
1121commit b108ce92aae0ca0376dce9513d953be60e449ae1
1122Author: djm@openbsd.org <djm@openbsd.org>
1123Date: Wed Jan 4 02:21:43 2017 +0000
1124
1125 upstream commit
1126
1127 relax PKCS#11 whitelist a bit to allow libexec as well as
1128 lib directories.
1129
1130 Upstream-ID: cf5617958e2e2d39f8285fd3bc63b557da484702
1131
1132commit c7995f296b9222df2846f56ecf61e5ae13d7a53d
1133Author: djm@openbsd.org <djm@openbsd.org>
1134Date: Tue Jan 3 05:46:51 2017 +0000
1135
1136 upstream commit
1137
1138 check number of entries in SSH2_FXP_NAME response; avoids
1139 unreachable overflow later. Reported by Jann Horn
1140
1141 Upstream-ID: b6b2b434a6d6035b1644ca44f24cd8104057420f
1142
1143commit ddd3d34e5c7979ca6f4a3a98a7d219a4ed3d98c2
1144Author: djm@openbsd.org <djm@openbsd.org>
1145Date: Fri Dec 30 22:08:02 2016 +0000
1146
1147 upstream commit
1148
1149 fix deadlock when keys/principals command produces a lot of
1150 output and a key is matched early; bz#2655, patch from jboning AT gmail.com
1151
1152 Upstream-ID: e19456429bf99087ea994432c16d00a642060afe
1153
1154commit 30eee7d1b2fec33c14870cc11910610be5d2aa6f
1155Author: Darren Tucker <dtucker@zip.com.au>
1156Date: Tue Dec 20 12:16:11 2016 +1100
1157
1158 Re-add missing "Prerequisites" header and fix typo
1159
1160 Patch from HARUYAMA Seigo <haruyama at unixuser org>.
1161
1162commit c8c60f3663165edd6a52632c6ddbfabfce1ca865
1163Author: djm@openbsd.org <djm@openbsd.org>
1164Date: Mon Dec 19 22:35:23 2016 +0000
1165
1166 upstream commit
1167
1168 use standard /bin/sh equality test; from Mike Frysinger
1169
1170 Upstream-Regress-ID: 7b6f0b63525f399844c8ac211003acb8e4b0bec2
1171
1commit 4a354fc231174901f2629437c2a6e924a2dd6772 1172commit 4a354fc231174901f2629437c2a6e924a2dd6772
2Author: Damien Miller <djm@mindrot.org> 1173Author: Damien Miller <djm@mindrot.org>
3Date: Mon Dec 19 15:59:26 2016 +1100 1174Date: Mon Dec 19 15:59:26 2016 +1100
@@ -8221,2046 +9392,3 @@ Date: Wed Mar 11 00:48:39 2015 +0000
8221 9392
8222 add back the changes from rev 1.206, djm reverted this by 9393 add back the changes from rev 1.206, djm reverted this by
8223 mistake in rev 1.207 9394 mistake in rev 1.207
8224
8225commit 4d24b3b6a4a6383e05e7da26d183b79fa8663697
8226Author: Damien Miller <djm@mindrot.org>
8227Date: Fri Mar 20 09:11:59 2015 +1100
8228
8229 remove error() accidentally inserted for debugging
8230
8231 pointed out by Christian Hesse
8232
8233commit 9f82e5a9042f2d872e98f48a876fcab3e25dd9bb
8234Author: Tim Rice <tim@multitalents.net>
8235Date: Mon Mar 16 22:49:20 2015 -0700
8236
8237 portability fix: Solaris systems may not have a grep that understands -q
8238
8239commit 8ef691f7d9ef500257a549d0906d78187490668f
8240Author: Damien Miller <djm@google.com>
8241Date: Wed Mar 11 10:35:26 2015 +1100
8242
8243 fix compile with clang
8244
8245commit 4df590cf8dc799e8986268d62019b487a8ed63ad
8246Author: Damien Miller <djm@google.com>
8247Date: Wed Mar 11 10:02:39 2015 +1100
8248
8249 make unit tests work for !OPENSSH_HAS_ECC
8250
8251commit 307bb40277ca2c32e97e61d70d1ed74b571fd6ba
8252Author: djm@openbsd.org <djm@openbsd.org>
8253Date: Sat Mar 7 04:41:48 2015 +0000
8254
8255 upstream commit
8256
8257 unbreak for w/SSH1 (default) case; ok markus@ deraadt@
8258
8259commit b44ee0c998fb4c5f3c3281f2398af5ce42840b6f
8260Author: Damien Miller <djm@mindrot.org>
8261Date: Thu Mar 5 18:39:20 2015 -0800
8262
8263 unbreak hostkeys test for w/ SSH1 case
8264
8265commit 55e5bdeb519cb60cc18b7ba0545be581fb8598b4
8266Author: djm@openbsd.org <djm@openbsd.org>
8267Date: Fri Mar 6 01:40:56 2015 +0000
8268
8269 upstream commit
8270
8271 fix sshkey_certify() return value for unsupported key types;
8272 ok markus@ deraadt@
8273
8274commit be8f658e550a434eac04256bfbc4289457a24e99
8275Author: Damien Miller <djm@mindrot.org>
8276Date: Wed Mar 4 15:38:03 2015 -0800
8277
8278 update version numbers to match version.h
8279
8280commit ac5e8acefa253eb5e5ba186e34236c0e8007afdc
8281Author: djm@openbsd.org <djm@openbsd.org>
8282Date: Wed Mar 4 23:22:35 2015 +0000
8283
8284 upstream commit
8285
8286 make these work with !SSH1; ok markus@ deraadt@
8287
8288commit 2f04af92f036b0c87a23efb259c37da98cd81fe6
8289Author: djm@openbsd.org <djm@openbsd.org>
8290Date: Wed Mar 4 21:12:59 2015 +0000
8291
8292 upstream commit
8293
8294 make ssh-add -D work with !SSH1 agent
8295
8296commit a05adf95d2af6abb2b7826ddaa7a0ec0cdc1726b
8297Author: Damien Miller <djm@mindrot.org>
8298Date: Wed Mar 4 00:55:48 2015 -0800
8299
8300 netcat needs poll.h portability goop
8301
8302commit dad2b1892b4c1b7e58df483a8c5b983c4454e099
8303Author: markus@openbsd.org <markus@openbsd.org>
8304Date: Tue Mar 3 22:35:19 2015 +0000
8305
8306 upstream commit
8307
8308 make it possible to run tests w/o ssh1 support; ok djm@
8309
8310commit d48a22601bdd3eec054794c535f4ae8d8ae4c6e2
8311Author: djm@openbsd.org <djm@openbsd.org>
8312Date: Wed Mar 4 18:53:53 2015 +0000
8313
8314 upstream commit
8315
8316 crank; ok markus, deraadt
8317
8318commit bbffb23daa0b002dd9f296e396a9ab8a5866b339
8319Author: Damien Miller <djm@mindrot.org>
8320Date: Tue Mar 3 13:50:27 2015 -0800
8321
8322 more --without-ssh1 fixes
8323
8324commit 6c2039286f503e2012a58a1d109e389016e7a99b
8325Author: Damien Miller <djm@mindrot.org>
8326Date: Tue Mar 3 13:48:48 2015 -0800
8327
8328 fix merge both that broke --without-ssh1 compile
8329
8330commit 111dfb225478a76f89ecbcd31e96eaf1311b59d3
8331Author: djm@openbsd.org <djm@openbsd.org>
8332Date: Tue Mar 3 21:21:13 2015 +0000
8333
8334 upstream commit
8335
8336 add SSH1 Makefile knob to make it easier to build without
8337 SSH1 support; ok markus@
8338
8339commit 3f7f5e6c5d2aa3f6710289c1a30119e534e56c5c
8340Author: djm@openbsd.org <djm@openbsd.org>
8341Date: Tue Mar 3 20:42:49 2015 +0000
8342
8343 upstream commit
8344
8345 expand __unused to full __attribute__ for better portability
8346
8347commit 2fab9b0f8720baf990c931e3f68babb0bf9949c6
8348Author: Damien Miller <djm@mindrot.org>
8349Date: Wed Mar 4 07:41:27 2015 +1100
8350
8351 avoid warning
8352
8353commit d1bc844322461f882b4fd2277ba9a8d4966573d2
8354Author: Damien Miller <djm@mindrot.org>
8355Date: Wed Mar 4 06:31:45 2015 +1100
8356
8357 Revert "define __unused to nothing if not already defined"
8358
8359 This reverts commit 1598419e38afbaa8aa5df8dd6b0af98301e2c908.
8360
8361 Some system headers have objects named __unused
8362
8363commit 00797e86b2d98334d1bb808f65fa1fd47f328ff1
8364Author: Damien Miller <djm@mindrot.org>
8365Date: Wed Mar 4 05:02:45 2015 +1100
8366
8367 check for crypt and DES_crypt in openssl block
8368
8369 fixes builds on systems that use DES_crypt; based on patch
8370 from Roumen Petrov
8371
8372commit 1598419e38afbaa8aa5df8dd6b0af98301e2c908
8373Author: Damien Miller <djm@mindrot.org>
8374Date: Wed Mar 4 04:59:13 2015 +1100
8375
8376 define __unused to nothing if not already defined
8377
8378 fixes builds on BSD/OS
8379
8380commit d608a51daad4f14ad6ab43d7cf74ef4801cc3fe9
8381Author: djm@openbsd.org <djm@openbsd.org>
8382Date: Tue Mar 3 17:53:40 2015 +0000
8383
8384 upstream commit
8385
8386 reorder logic for better portability; patch from Roumen
8387 Petrov
8388
8389commit 68d2dfc464fbcdf8d6387884260f9801f4352393
8390Author: djm@openbsd.org <djm@openbsd.org>
8391Date: Tue Mar 3 06:48:58 2015 +0000
8392
8393 upstream commit
8394
8395 Allow "ssh -Q protocol-version" to list supported SSH
8396 protocol versions. Useful for detecting builds without SSH v.1 support; idea
8397 and ok markus@
8398
8399commit 39e2f1229562e1195169905607bc12290d21f021
8400Author: millert@openbsd.org <millert@openbsd.org>
8401Date: Sun Mar 1 15:44:40 2015 +0000
8402
8403 upstream commit
8404
8405 Make sure we only call getnameinfo() for AF_INET or AF_INET6
8406 sockets. getpeername() of a Unix domain socket may return without error on
8407 some systems without actually setting ss_family so getnameinfo() was getting
8408 called with ss_family set to AF_UNSPEC. OK djm@
8409
8410commit e47536ba9692d271b8ad89078abdecf0a1c11707
8411Author: Damien Miller <djm@mindrot.org>
8412Date: Sat Feb 28 08:20:11 2015 -0800
8413
8414 portability fixes for regress/netcat.c
8415
8416 Mostly avoiding "err(1, NULL)"
8417
8418commit 02973ad5f6f49d8420e50a392331432b0396c100
8419Author: Damien Miller <djm@mindrot.org>
8420Date: Sat Feb 28 08:05:27 2015 -0800
8421
8422 twiddle another test for portability
8423
8424 from Tom G. Christensen
8425
8426commit f7f3116abf2a6e2f309ab096b08c58d19613e5d0
8427Author: Damien Miller <djm@mindrot.org>
8428Date: Fri Feb 27 15:52:49 2015 -0800
8429
8430 twiddle test for portability
8431
8432commit 1ad3a77cc9d5568f5437ff99d377aa7a41859b83
8433Author: Damien Miller <djm@mindrot.org>
8434Date: Thu Feb 26 20:33:22 2015 -0800
8435
8436 make regress/netcat.c fd passing (more) portable
8437
8438commit 9e1cfca7e1fe9cf8edb634fc894e43993e4da1ea
8439Author: Damien Miller <djm@mindrot.org>
8440Date: Thu Feb 26 20:32:58 2015 -0800
8441
8442 create OBJ/valgrind-out before running unittests
8443
8444commit bd58853102cee739f0e115e6d4b5334332ab1442
8445Author: Damien Miller <djm@mindrot.org>
8446Date: Wed Feb 25 16:58:22 2015 -0800
8447
8448 valgrind support
8449
8450commit f43d17269194761eded9e89f17456332f4c83824
8451Author: djm@openbsd.org <djm@openbsd.org>
8452Date: Thu Feb 26 20:45:47 2015 +0000
8453
8454 upstream commit
8455
8456 don't printf NULL key comments; reported by Tom Christensen
8457
8458commit 6e6458b476ec854db33e3e68ebf4f489d0ab3df8
8459Author: djm@openbsd.org <djm@openbsd.org>
8460Date: Wed Feb 25 23:05:47 2015 +0000
8461
8462 upstream commit
8463
8464 zero cmsgbuf before use; we initialise the bits we use
8465 but valgrind still spams warning on it
8466
8467commit a63cfa26864b93ab6afefad0b630e5358ed8edfa
8468Author: djm@openbsd.org <djm@openbsd.org>
8469Date: Wed Feb 25 19:54:02 2015 +0000
8470
8471 upstream commit
8472
8473 fix small memory leak when UpdateHostkeys=no
8474
8475commit e6b950341dd75baa8526f1862bca39e52f5b879b
8476Author: Tim Rice <tim@multitalents.net>
8477Date: Wed Feb 25 09:56:48 2015 -0800
8478
8479 Revert "Work around finicky USL linker so netcat will build."
8480
8481 This reverts commit d1db656021d0cd8c001a6692f772f1de29b67c8b.
8482
8483 No longer needed with commit 678e473e2af2e4802f24dd913985864d9ead7fb3
8484
8485commit 6f621603f9cff2a5d6016a404c96cb2f8ac2dec0
8486Author: djm@openbsd.org <djm@openbsd.org>
8487Date: Wed Feb 25 17:29:38 2015 +0000
8488
8489 upstream commit
8490
8491 don't leak validity of user in "too many authentication
8492 failures" disconnect message; reported by Sebastian Reitenbach
8493
8494commit 6288e3a935494df12519164f52ca5c8c65fc3ca5
8495Author: naddy@openbsd.org <naddy@openbsd.org>
8496Date: Tue Feb 24 15:24:05 2015 +0000
8497
8498 upstream commit
8499
8500 add -v (show ASCII art) to -l's synopsis; ok djm@
8501
8502commit 678e473e2af2e4802f24dd913985864d9ead7fb3
8503Author: Darren Tucker <dtucker@zip.com.au>
8504Date: Thu Feb 26 04:12:58 2015 +1100
8505
8506 Remove dependency on xmalloc.
8507
8508 Remove ssh_get_progname's dependency on xmalloc, which should reduce
8509 link order problems. ok djm@
8510
8511commit 5d5ec165c5b614b03678afdad881f10e25832e46
8512Author: Darren Tucker <dtucker@zip.com.au>
8513Date: Wed Feb 25 15:32:49 2015 +1100
8514
8515 Restrict ECDSA and ECDH tests.
8516
8517 ifdef out some more ECDSA and ECDH tests when built against an OpenSSL
8518 that does not have eliptic curve functionality.
8519
8520commit 1734e276d99b17e92d4233fac7aef3a3180aaca7
8521Author: Darren Tucker <dtucker@zip.com.au>
8522Date: Wed Feb 25 13:40:45 2015 +1100
8523
8524 Move definition of _NSIG.
8525
8526 _NSIG is only unsed in one file, so move it there prevent redefinition
8527 warnings reported by Kevin Brott.
8528
8529commit a47ead7c95cfbeb72721066c4da2312e5b1b9f3d
8530Author: Darren Tucker <dtucker@zip.com.au>
8531Date: Wed Feb 25 13:17:40 2015 +1100
8532
8533 Add includes.h for compatibility stuff.
8534
8535commit 38806bda6d2e48ad32812b461eebe17672ada771
8536Author: Damien Miller <djm@mindrot.org>
8537Date: Tue Feb 24 16:50:06 2015 -0800
8538
8539 include netdb.h to look for MAXHOSTNAMELEN; ok tim
8540
8541commit d1db656021d0cd8c001a6692f772f1de29b67c8b
8542Author: Tim Rice <tim@multitalents.net>
8543Date: Tue Feb 24 10:42:08 2015 -0800
8544
8545 Work around finicky USL linker so netcat will build.
8546
8547commit cb030ce25f555737e8ba97bdd7883ac43f3ff2a3
8548Author: Damien Miller <djm@mindrot.org>
8549Date: Tue Feb 24 09:23:04 2015 -0800
8550
8551 include includes.h to avoid build failure on AIX
8552
8553commit 13af342458f5064144abbb07e5ac9bbd4eb42567
8554Author: Tim Rice <tim@multitalents.net>
8555Date: Tue Feb 24 07:56:47 2015 -0800
8556
8557 Original portability patch from djm@ for platforms missing err.h.
8558 Fix name space clash on Solaris 10. Still more to do for Solaris 10
8559 to deal with msghdr structure differences. ok djm@
8560
8561commit 910209203d0cd60c5083901cbcc0b7b44d9f48d2
8562Author: Tim Rice <tim@multitalents.net>
8563Date: Mon Feb 23 22:06:56 2015 -0800
8564
8565 cleaner way fix dispatch.h portion of commit
8566 a88dd1da119052870bb2654c1a32c51971eade16
8567 (some systems have sig_atomic_t in signal.h, some in sys/signal.h)
8568 Sounds good to me djm@
8569
8570commit 676c38d7cbe65b76bbfff796861bb6615cc6a596
8571Author: Tim Rice <tim@multitalents.net>
8572Date: Mon Feb 23 21:51:33 2015 -0800
8573
8574 portability fix: if we can't dind a better define for HOST_NAME_MAX, use 255
8575
8576commit 1221b22023dce38cbc90ba77eae4c5d78c77a5e6
8577Author: Tim Rice <tim@multitalents.net>
8578Date: Mon Feb 23 21:50:34 2015 -0800
8579
8580 portablity fix: s/__inline__/inline/
8581
8582commit 4c356308a88d309c796325bb75dce90ca16591d5
8583Author: Darren Tucker <dtucker@zip.com.au>
8584Date: Tue Feb 24 13:49:31 2015 +1100
8585
8586 Wrap stdint.h includes in HAVE_STDINT_H.
8587
8588commit c9c88355c6a27a908e7d1e5003a2b35ea99c1614
8589Author: Darren Tucker <dtucker@zip.com.au>
8590Date: Tue Feb 24 13:43:57 2015 +1100
8591
8592 Add AI_NUMERICSERV to fake-rfc2553.
8593
8594 Our getaddrinfo implementation always returns numeric values already.
8595
8596commit ef342ab1ce6fb9a4b30186c89c309d0ae9d0eeb4
8597Author: Darren Tucker <dtucker@zip.com.au>
8598Date: Tue Feb 24 13:39:57 2015 +1100
8599
8600 Include OpenSSL's objects.h before bn.h.
8601
8602 Prevents compile errors on some platforms (at least old GCCs and AIX's
8603 XLC compilers).
8604
8605commit dcc8997d116f615195aa7c9ec019fb36c28c6228
8606Author: Darren Tucker <dtucker@zip.com.au>
8607Date: Tue Feb 24 12:30:59 2015 +1100
8608
8609 Convert two macros into functions.
8610
8611 Convert packet_send_debug and packet_disconnect from macros to
8612 functions. Some older GCCs (2.7.x, 2.95.x) see to have problems with
8613 variadic macros with only one argument so we convert these two into
8614 functions. ok djm@
8615
8616commit 2285c30d51b7e2052c6526445abe7e7cc7e170a1
8617Author: djm@openbsd.org <djm@openbsd.org>
8618Date: Mon Feb 23 22:21:21 2015 +0000
8619
8620 upstream commit
8621
8622 further silence spurious error message even when -v is
8623 specified (e.g. to get visual host keys); reported by naddy@
8624
8625commit 9af21979c00652029e160295e988dea40758ece2
8626Author: Damien Miller <djm@mindrot.org>
8627Date: Tue Feb 24 09:04:32 2015 +1100
8628
8629 don't include stdint.h unless HAVE_STDINT_H set
8630
8631commit 62f678dd51660d6f8aee1da33d3222c5de10a89e
8632Author: Damien Miller <djm@mindrot.org>
8633Date: Tue Feb 24 09:02:54 2015 +1100
8634
8635 nother sys/queue.h -> sys-queue.h fix
8636
8637 spotted by Tom Christensen
8638
8639commit b3c19151cba2c0ed01b27f55de0d723ad07ca98f
8640Author: djm@openbsd.org <djm@openbsd.org>
8641Date: Mon Feb 23 20:32:15 2015 +0000
8642
8643 upstream commit
8644
8645 fix a race condition by using a mux socket rather than an
8646 ineffectual wait statement
8647
8648commit a88dd1da119052870bb2654c1a32c51971eade16
8649Author: Damien Miller <djm@mindrot.org>
8650Date: Tue Feb 24 06:30:29 2015 +1100
8651
8652 various include fixes for portable
8653
8654commit 5248429b5ec524d0a65507cff0cdd6e0cb99effd
8655Author: djm@openbsd.org <djm@openbsd.org>
8656Date: Mon Feb 23 16:55:51 2015 +0000
8657
8658 upstream commit
8659
8660 add an XXX to remind me to improve sshkey_load_public
8661
8662commit e94e4b07ef2eaead38b085a60535df9981cdbcdb
8663Author: djm@openbsd.org <djm@openbsd.org>
8664Date: Mon Feb 23 16:55:31 2015 +0000
8665
8666 upstream commit
8667
8668 silence a spurious error message when listing
8669 fingerprints for known_hosts; bz#2342
8670
8671commit f2293a65392b54ac721f66bc0b44462e8d1d81f8
8672Author: djm@openbsd.org <djm@openbsd.org>
8673Date: Mon Feb 23 16:33:25 2015 +0000
8674
8675 upstream commit
8676
8677 fix setting/clearing of TTY raw mode around
8678 UpdateHostKeys=ask confirmation question; reported by Herb Goldman
8679
8680commit f2004cd1adf34492eae0a44b1ef84e0e31b06088
8681Author: Darren Tucker <dtucker@zip.com.au>
8682Date: Mon Feb 23 05:04:21 2015 +1100
8683
8684 Repair for non-ECC OpenSSL.
8685
8686 Ifdef out the ECC parts when building with an OpenSSL that doesn't have
8687 it.
8688
8689commit 37f9220db8d1a52c75894c3de1e5f2ae5bd71b6f
8690Author: Darren Tucker <dtucker@zip.com.au>
8691Date: Mon Feb 23 03:07:24 2015 +1100
8692
8693 Wrap stdint.h includes in ifdefs.
8694
8695commit f81f1bbc5b892c8614ea740b1f92735652eb43f0
8696Author: Tim Rice <tim@multitalents.net>
8697Date: Sat Feb 21 18:12:10 2015 -0800
8698
8699 out of tree build fix
8700
8701commit 2e13a1e4d22f3b503c3bfc878562cc7386a1d1ae
8702Author: Tim Rice <tim@multitalents.net>
8703Date: Sat Feb 21 18:08:51 2015 -0800
8704
8705 mkdir kex unit test directory so testing out of tree builds works
8706
8707commit 1797f49b1ba31e8700231cd6b1d512d80bb50d2c
8708Author: halex@openbsd.org <halex@openbsd.org>
8709Date: Sat Feb 21 21:46:57 2015 +0000
8710
8711 upstream commit
8712
8713 make "ssh-add -d" properly remove a corresponding
8714 certificate, and also not whine and fail if there is none
8715
8716 ok djm@
8717
8718commit 7faaa32da83a609059d95dbfcb0649fdb04caaf6
8719Author: Damien Miller <djm@mindrot.org>
8720Date: Sun Feb 22 07:57:27 2015 +1100
8721
8722 mkdir hostkey and bitmap unit test directories
8723
8724commit bd49da2ef197efac5e38f5399263a8b47990c538
8725Author: djm@openbsd.org <djm@openbsd.org>
8726Date: Fri Feb 20 23:46:01 2015 +0000
8727
8728 upstream commit
8729
8730 sort options useable under Match case-insensitively; prodded
8731 jmc@
8732
8733commit 1a779a0dd6cd8b4a1a40ea33b5415ab8408128ac
8734Author: djm@openbsd.org <djm@openbsd.org>
8735Date: Sat Feb 21 20:51:02 2015 +0000
8736
8737 upstream commit
8738
8739 correct paths to configuration files being written/updated;
8740 they live in $OBJ not cwd; some by Roumen Petrov
8741
8742commit 28ba006c1acddff992ae946d0bc0b500b531ba6b
8743Author: Darren Tucker <dtucker@zip.com.au>
8744Date: Sat Feb 21 15:41:07 2015 +1100
8745
8746 More correct checking of HAVE_DECL_AI_NUMERICSERV.
8747
8748commit e50e8c97a9cecae1f28febccaa6ca5ab3bc10f54
8749Author: Darren Tucker <dtucker@zip.com.au>
8750Date: Sat Feb 21 15:10:33 2015 +1100
8751
8752 Add null declaration of AI_NUMERICINFO.
8753
8754 Some platforms (older FreeBSD and DragonFly versions) do have
8755 getaddrinfo() but do not have AI_NUMERICINFO. so define it to zero
8756 in those cases.
8757
8758commit 18a208d6a460d707a45916db63a571e805f5db46
8759Author: djm@openbsd.org <djm@openbsd.org>
8760Date: Fri Feb 20 22:40:32 2015 +0000
8761
8762 upstream commit
8763
8764 more options that are available under Match; bz#2353 reported
8765 by calestyo AT scientia.net
8766
8767commit 44732de06884238049f285f1455b2181baa7dc82
8768Author: djm@openbsd.org <djm@openbsd.org>
8769Date: Fri Feb 20 22:17:21 2015 +0000
8770
8771 upstream commit
8772
8773 UpdateHostKeys fixes:
8774
8775 I accidentally changed the format of the hostkeys@openssh.com messages
8776 last week without changing the extension name, and this has been causing
8777 connection failures for people who are running -current. First reported
8778 by sthen@
8779
8780 s/hostkeys@openssh.com/hostkeys-00@openssh.com/
8781 Change the name of the proof message too, and reorder it a little.
8782
8783 Also, UpdateHostKeys=ask is incompatible with ControlPersist (no TTY
8784 available to read the response) so disable UpdateHostKeys if it is in
8785 ask mode and ControlPersist is active (and document this)
8786
8787commit 13a39414d25646f93e6d355521d832a03aaaffe2
8788Author: djm@openbsd.org <djm@openbsd.org>
8789Date: Tue Feb 17 00:14:05 2015 +0000
8790
8791 upstream commit
8792
8793 Regression: I broke logging of public key fingerprints in
8794 1.46. Pointed out by Pontus Lundkvist
8795
8796commit 773dda25e828c4c9a52f7bdce6e1e5924157beab
8797Author: Damien Miller <djm@mindrot.org>
8798Date: Fri Jan 30 23:10:17 2015 +1100
8799
8800 repair --without-openssl; broken in refactor
8801
8802commit e89c780886b23600de1e1c8d74aabd1ff61f43f0
8803Author: Damien Miller <djm@google.com>
8804Date: Tue Feb 17 10:04:55 2015 +1100
8805
8806 hook up hostkeys unittest to portable Makefiles
8807
8808commit 0abf41f99aa16ff09b263bead242d6cb2dbbcf99
8809Author: djm@openbsd.org <djm@openbsd.org>
8810Date: Mon Feb 16 22:21:03 2015 +0000
8811
8812 upstream commit
8813
8814 enable hostkeys unit tests
8815
8816commit 68a5d647ccf0fb6782b2f749433a1eee5bc9044b
8817Author: djm@openbsd.org <djm@openbsd.org>
8818Date: Mon Feb 16 22:20:50 2015 +0000
8819
8820 upstream commit
8821
8822 check string/memory compare arguments aren't NULL
8823
8824commit ef575ef20d09f20722e26b45dab80b3620469687
8825Author: djm@openbsd.org <djm@openbsd.org>
8826Date: Mon Feb 16 22:18:34 2015 +0000
8827
8828 upstream commit
8829
8830 unit tests for hostfile.c code, just hostkeys_foreach so
8831 far
8832
8833commit 8ea3365e6aa2759ccf5c76eaea62cbc8a280b0e7
8834Author: markus@openbsd.org <markus@openbsd.org>
8835Date: Sat Feb 14 12:43:16 2015 +0000
8836
8837 upstream commit
8838
8839 test server rekey limit
8840
8841commit ce63c4b063c39b2b22d4ada449c9e3fbde788cb3
8842Author: djm@openbsd.org <djm@openbsd.org>
8843Date: Mon Feb 16 22:30:03 2015 +0000
8844
8845 upstream commit
8846
8847 partial backout of:
8848
8849 revision 1.441
8850 date: 2015/01/31 20:30:05; author: djm; state: Exp; lines: +17 -10; commitid
8851 : x8klYPZMJSrVlt3O;
8852 Let sshd load public host keys even when private keys are missing.
8853 Allows sshd to advertise additional keys for future key rotation.
8854 Also log fingerprint of hostkeys loaded; ok markus@
8855
8856 hostkey updates now require access to the private key, so we can't
8857 load public keys only. The improved log messages (fingerprints of keys
8858 loaded) are kept.
8859
8860commit 523463a3a2a9bfc6cfc5afa01bae9147f76a37cc
8861Author: djm@openbsd.org <djm@openbsd.org>
8862Date: Mon Feb 16 22:13:32 2015 +0000
8863
8864 upstream commit
8865
8866 Revise hostkeys@openssh.com hostkey learning extension.
8867
8868 The client will not ask the server to prove ownership of the private
8869 halves of any hitherto-unseen hostkeys it offers to the client.
8870
8871 Allow UpdateHostKeys option to take an 'ask' argument to let the
8872 user manually review keys offered.
8873
8874 ok markus@
8875
8876commit 6c5c949782d86a6e7d58006599c7685bfcd01685
8877Author: djm@openbsd.org <djm@openbsd.org>
8878Date: Mon Feb 16 22:08:57 2015 +0000
8879
8880 upstream commit
8881
8882 Refactor hostkeys_foreach() and dependent code Deal with
8883 IP addresses (i.e. CheckHostIP) Don't clobber known_hosts when nothing
8884 changed ok markus@ as part of larger commit
8885
8886commit 51b082ccbe633dc970df1d1f4c9c0497115fe721
8887Author: miod@openbsd.org <miod@openbsd.org>
8888Date: Mon Feb 16 18:26:26 2015 +0000
8889
8890 upstream commit
8891
8892 Declare ge25519_base as extern, to prevent it from
8893 becoming a common. Gets us rid of ``lignment 4 of symbol
8894 `crypto_sign_ed25519_ref_ge25519_base' in mod_ge25519.o is smaller than 16 in
8895 mod_ed25519.o'' warnings at link time.
8896
8897commit 02db468bf7e3281a8e3c058ced571b38b6407c34
8898Author: markus@openbsd.org <markus@openbsd.org>
8899Date: Fri Feb 13 18:57:00 2015 +0000
8900
8901 upstream commit
8902
8903 make rekey_limit for sshd w/privsep work; ok djm@
8904 dtucker@
8905
8906commit 8ec67d505bd23c8bf9e17b7a364b563a07a58ec8
8907Author: dtucker@openbsd.org <dtucker@openbsd.org>
8908Date: Thu Feb 12 20:34:19 2015 +0000
8909
8910 upstream commit
8911
8912 Prevent sshd spamming syslog with
8913 "ssh_dispatch_run_fatal: disconnected". ok markus@
8914
8915commit d4c0295d1afc342057ba358237acad6be8af480b
8916Author: djm@openbsd.org <djm@openbsd.org>
8917Date: Wed Feb 11 01:20:38 2015 +0000
8918
8919 upstream commit
8920
8921 Some packet error messages show the address of the peer,
8922 but might be generated after the socket to the peer has suffered a TCP reset.
8923 In these cases, getpeername() won't work so cache the address earlier.
8924
8925 spotted in the wild via deraadt@ and tedu@
8926
8927commit 4af1709cf774475ce5d1bc3ddcc165f6c222897d
8928Author: jsg@openbsd.org <jsg@openbsd.org>
8929Date: Mon Feb 9 23:22:37 2015 +0000
8930
8931 upstream commit
8932
8933 fix some leaks in error paths ok markus@
8934
8935commit fd36834871d06a03e1ff8d69e41992efa1bbf85f
8936Author: millert@openbsd.org <millert@openbsd.org>
8937Date: Fri Feb 6 23:21:59 2015 +0000
8938
8939 upstream commit
8940
8941 SIZE_MAX is standard, we should be using it in preference to
8942 the obsolete SIZE_T_MAX. OK miod@ beck@
8943
8944commit 1910a286d7771eab84c0b047f31c0a17505236fa
8945Author: millert@openbsd.org <millert@openbsd.org>
8946Date: Thu Feb 5 12:59:57 2015 +0000
8947
8948 upstream commit
8949
8950 Include stdint.h, not limits.h to get SIZE_MAX. OK guenther@
8951
8952commit ce4f59b2405845584f45e0b3214760eb0008c06c
8953Author: deraadt@openbsd.org <deraadt@openbsd.org>
8954Date: Tue Feb 3 08:07:20 2015 +0000
8955
8956 upstream commit
8957
8958 missing ; djm and mlarkin really having great
8959 interactions recently
8960
8961commit 5d34aa94938abb12b877a25be51862757f25d54b
8962Author: halex@openbsd.org <halex@openbsd.org>
8963Date: Tue Feb 3 00:34:14 2015 +0000
8964
8965 upstream commit
8966
8967 slightly extend the passphrase prompt if running with -c
8968 in order to give the user a chance to notice if unintentionally running
8969 without it
8970
8971 wording tweak and ok djm@
8972
8973commit cb3bde373e80902c7d5d0db429f85068d19b2918
8974Author: djm@openbsd.org <djm@openbsd.org>
8975Date: Mon Feb 2 22:48:53 2015 +0000
8976
8977 upstream commit
8978
8979 handle PKCS#11 C_Login returning
8980 CKR_USER_ALREADY_LOGGED_IN; based on patch from Yuri Samoilenko; ok markus@
8981
8982commit 15ad750e5ec3cc69765b7eba1ce90060e7083399
8983Author: djm@openbsd.org <djm@openbsd.org>
8984Date: Mon Feb 2 07:41:40 2015 +0000
8985
8986 upstream commit
8987
8988 turn UpdateHostkeys off by default until I figure out
8989 mlarkin@'s warning message; requested by deraadt@
8990
8991commit 3cd5103c1e1aaa59bd66f7f52f6ebbcd5deb12f9
8992Author: deraadt@openbsd.org <deraadt@openbsd.org>
8993Date: Mon Feb 2 01:57:44 2015 +0000
8994
8995 upstream commit
8996
8997 increasing encounters with difficult DNS setups in
8998 darknets has convinced me UseDNS off by default is better ok djm
8999
9000commit 6049a548a8a68ff0bbe581ab1748ea6a59ecdc38
9001Author: djm@openbsd.org <djm@openbsd.org>
9002Date: Sat Jan 31 20:30:05 2015 +0000
9003
9004 upstream commit
9005
9006 Let sshd load public host keys even when private keys are
9007 missing. Allows sshd to advertise additional keys for future key rotation.
9008 Also log fingerprint of hostkeys loaded; ok markus@
9009
9010commit 46347ed5968f582661e8a70a45f448e0179ca0ab
9011Author: djm@openbsd.org <djm@openbsd.org>
9012Date: Fri Jan 30 11:43:14 2015 +0000
9013
9014 upstream commit
9015
9016 Add a ssh_config HostbasedKeyType option to control which
9017 host public key types are tried during hostbased authentication.
9018
9019 This may be used to prevent too many keys being sent to the server,
9020 and blowing past its MaxAuthTries limit.
9021
9022 bz#2211 based on patch by Iain Morgan; ok markus@
9023
9024commit 802660cb70453fa4d230cb0233bc1bbdf8328de1
9025Author: djm@openbsd.org <djm@openbsd.org>
9026Date: Fri Jan 30 10:44:49 2015 +0000
9027
9028 upstream commit
9029
9030 set a timeout to prevent hangs when talking to busted
9031 servers; ok markus@
9032
9033commit 86936ec245a15c7abe71a0722610998b0a28b194
9034Author: djm@openbsd.org <djm@openbsd.org>
9035Date: Fri Jan 30 01:11:39 2015 +0000
9036
9037 upstream commit
9038
9039 regression test for 'wildcard CA' serial/key ID revocations
9040
9041commit 4509b5d4a4fa645a022635bfa7e86d09b285001f
9042Author: djm@openbsd.org <djm@openbsd.org>
9043Date: Fri Jan 30 01:13:33 2015 +0000
9044
9045 upstream commit
9046
9047 avoid more fatal/exit in the packet.c paths that
9048 ssh-keyscan uses; feedback and "looks good" markus@
9049
9050commit 669aee994348468af8b4b2ebd29b602cf2860b22
9051Author: djm@openbsd.org <djm@openbsd.org>
9052Date: Fri Jan 30 01:10:33 2015 +0000
9053
9054 upstream commit
9055
9056 permit KRLs that revoke certificates by serial number or
9057 key ID without scoping to a particular CA; ok markus@
9058
9059commit 7a2c368477e26575d0866247d3313da4256cb2b5
9060Author: djm@openbsd.org <djm@openbsd.org>
9061Date: Fri Jan 30 00:59:19 2015 +0000
9062
9063 upstream commit
9064
9065 missing parentheses after if in do_convert_from() broke
9066 private key conversion from other formats some time in 2010; bz#2345 reported
9067 by jjelen AT redhat.com
9068
9069commit 25f5f78d8bf5c22d9cea8b49de24ebeee648a355
9070Author: djm@openbsd.org <djm@openbsd.org>
9071Date: Fri Jan 30 00:22:25 2015 +0000
9072
9073 upstream commit
9074
9075 fix ssh protocol 1, spotted by miod@
9076
9077commit 9ce86c926dfa6e0635161b035e3944e611cbccf0
9078Author: djm@openbsd.org <djm@openbsd.org>
9079Date: Wed Jan 28 22:36:00 2015 +0000
9080
9081 upstream commit
9082
9083 update to new API (key_fingerprint => sshkey_fingerprint)
9084 check sshkey_fingerprint return values; ok markus
9085
9086commit 9125525c37bf73ad3ee4025520889d2ce9d10f29
9087Author: djm@openbsd.org <djm@openbsd.org>
9088Date: Wed Jan 28 22:05:31 2015 +0000
9089
9090 upstream commit
9091
9092 avoid fatal() calls in packet code makes ssh-keyscan more
9093 reliable against server failures ok dtucker@ markus@
9094
9095commit fae7bbe544cba7a9e5e4ab47ff6faa3d978646eb
9096Author: djm@openbsd.org <djm@openbsd.org>
9097Date: Wed Jan 28 21:15:47 2015 +0000
9098
9099 upstream commit
9100
9101 avoid fatal() calls in packet code makes ssh-keyscan more
9102 reliable against server failures ok dtucker@ markus@
9103
9104commit 1a3d14f6b44a494037c7deab485abe6496bf2c60
9105Author: djm@openbsd.org <djm@openbsd.org>
9106Date: Wed Jan 28 11:07:25 2015 +0000
9107
9108 upstream commit
9109
9110 remove obsolete comment
9111
9112commit 80c25b7bc0a71d75c43a4575d9a1336f589eb639
9113Author: okan@openbsd.org <okan@openbsd.org>
9114Date: Tue Jan 27 12:54:06 2015 +0000
9115
9116 upstream commit
9117
9118 Since r1.2 removed the use of PRI* macros, inttypes.h is
9119 no longer required.
9120
9121 ok djm@
9122
9123commit 69ff64f69615c2a21c97cb5878a0996c21423257
9124Author: Damien Miller <djm@mindrot.org>
9125Date: Tue Jan 27 23:07:43 2015 +1100
9126
9127 compile on systems without TCP_MD5SIG (e.g. OSX)
9128
9129commit 358964f3082fb90b2ae15bcab07b6105cfad5a43
9130Author: Damien Miller <djm@mindrot.org>
9131Date: Tue Jan 27 23:07:25 2015 +1100
9132
9133 use ssh-keygen under test rather than system's
9134
9135commit a2c95c1bf33ea53038324d1fdd774bc953f98236
9136Author: Damien Miller <djm@mindrot.org>
9137Date: Tue Jan 27 23:06:59 2015 +1100
9138
9139 OSX lacks HOST_NAME_MAX, has _POSIX_HOST_NAME_MAX
9140
9141commit ade31d7b6f608a19b85bee29a7a00b1e636a2919
9142Author: Damien Miller <djm@mindrot.org>
9143Date: Tue Jan 27 23:06:23 2015 +1100
9144
9145 these need active_state defined to link on OSX
9146
9147 temporary measure until active_state goes away entirely
9148
9149commit e56aa87502f22c5844918c10190e8b4f785f067b
9150Author: djm@openbsd.org <djm@openbsd.org>
9151Date: Tue Jan 27 12:01:36 2015 +0000
9152
9153 upstream commit
9154
9155 use printf instead of echo -n to reduce diff against
9156 -portable
9157
9158commit 9f7637f56eddfaf62ce3c0af89c25480f2cf1068
9159Author: jmc@openbsd.org <jmc@openbsd.org>
9160Date: Mon Jan 26 13:55:29 2015 +0000
9161
9162 upstream commit
9163
9164 sort previous;
9165
9166commit 3076ee7d530d5b16842fac7a6229706c7e5acd26
9167Author: djm@openbsd.org <djm@openbsd.org>
9168Date: Mon Jan 26 13:36:53 2015 +0000
9169
9170 upstream commit
9171
9172 properly restore umask
9173
9174commit d411d395556b73ba1b9e451516a0bd6697c4b03d
9175Author: djm@openbsd.org <djm@openbsd.org>
9176Date: Mon Jan 26 06:12:18 2015 +0000
9177
9178 upstream commit
9179
9180 regression test for host key rotation
9181
9182commit fe8a3a51699afbc6407a8fae59b73349d01e49f8
9183Author: djm@openbsd.org <djm@openbsd.org>
9184Date: Mon Jan 26 06:11:28 2015 +0000
9185
9186 upstream commit
9187
9188 adapt to sshkey API tweaks
9189
9190commit 7dd355fb1f0038a3d5cdca57ebab4356c7a5b434
9191Author: miod@openbsd.org <miod@openbsd.org>
9192Date: Sat Jan 24 10:39:21 2015 +0000
9193
9194 upstream commit
9195
9196 Move -lz late in the linker commandline for things to
9197 build on static arches.
9198
9199commit 0dad3b806fddb93c475b30853b9be1a25d673a33
9200Author: miod@openbsd.org <miod@openbsd.org>
9201Date: Fri Jan 23 21:21:23 2015 +0000
9202
9203 upstream commit
9204
9205 -Wpointer-sign is supported by gcc 4 only.
9206
9207commit 2b3b1c1e4bd9577b6e780c255c278542ea66c098
9208Author: djm@openbsd.org <djm@openbsd.org>
9209Date: Tue Jan 20 22:58:57 2015 +0000
9210
9211 upstream commit
9212
9213 use SUBDIR to recuse into unit tests; makes "make obj"
9214 actually work
9215
9216commit 1d1092bff8db27080155541212b420703f8b9c92
9217Author: djm@openbsd.org <djm@openbsd.org>
9218Date: Mon Jan 26 12:16:36 2015 +0000
9219
9220 upstream commit
9221
9222 correct description of UpdateHostKeys in ssh_config.5 and
9223 add it to -o lists for ssh, scp and sftp; pointed out by jmc@
9224
9225commit 5104db7cbd6cdd9c5971f4358e74414862fc1022
9226Author: djm@openbsd.org <djm@openbsd.org>
9227Date: Mon Jan 26 06:10:03 2015 +0000
9228
9229 upstream commit
9230
9231 correctly match ECDSA subtype (== curve) for
9232 offered/recevied host keys. Fixes connection-killing host key mismatches when
9233 a server offers multiple ECDSA keys with different curve type (an extremely
9234 unlikely configuration).
9235
9236 ok markus, "looks mechanical" deraadt@
9237
9238commit 8d4f87258f31cb6def9b3b55b6a7321d84728ff2
9239Author: djm@openbsd.org <djm@openbsd.org>
9240Date: Mon Jan 26 03:04:45 2015 +0000
9241
9242 upstream commit
9243
9244 Host key rotation support.
9245
9246 Add a hostkeys@openssh.com protocol extension (global request) for
9247 a server to inform a client of all its available host key after
9248 authentication has completed. The client may record the keys in
9249 known_hosts, allowing it to upgrade to better host key algorithms
9250 and a server to gracefully rotate its keys.
9251
9252 The client side of this is controlled by a UpdateHostkeys config
9253 option (default on).
9254
9255 ok markus@
9256
9257commit 60b1825262b1f1e24fc72050b907189c92daf18e
9258Author: djm@openbsd.org <djm@openbsd.org>
9259Date: Mon Jan 26 02:59:11 2015 +0000
9260
9261 upstream commit
9262
9263 small refactor and add some convenience functions; ok
9264 markus
9265
9266commit a5a3e3328ddce91e76f71ff479022d53e35c60c9
9267Author: jmc@openbsd.org <jmc@openbsd.org>
9268Date: Thu Jan 22 21:00:42 2015 +0000
9269
9270 upstream commit
9271
9272 heirarchy -> hierarchy;
9273
9274commit dcff5810a11195c57e1b3343c0d6b6f2b9974c11
9275Author: deraadt@openbsd.org <deraadt@openbsd.org>
9276Date: Thu Jan 22 20:24:41 2015 +0000
9277
9278 upstream commit
9279
9280 Provide a warning about chroot misuses (which sadly, seem
9281 to have become quite popular because shiny). sshd cannot detect/manage/do
9282 anything about these cases, best we can do is warn in the right spot in the
9283 man page. ok markus
9284
9285commit 087266ec33c76fc8d54ac5a19efacf2f4a4ca076
9286Author: deraadt@openbsd.org <deraadt@openbsd.org>
9287Date: Tue Jan 20 23:14:00 2015 +0000
9288
9289 upstream commit
9290
9291 Reduce use of <sys/param.h> and transition to <limits.h>
9292 throughout. ok djm markus
9293
9294commit 57e783c8ba2c0797f93977e83b2a8644a03065d8
9295Author: markus@openbsd.org <markus@openbsd.org>
9296Date: Tue Jan 20 20:16:21 2015 +0000
9297
9298 upstream commit
9299
9300 kex_setup errors are fatal()
9301
9302commit 1d6424a6ff94633c221297ae8f42d54e12a20912
9303Author: djm@openbsd.org <djm@openbsd.org>
9304Date: Tue Jan 20 08:02:33 2015 +0000
9305
9306 upstream commit
9307
9308 this test would accidentally delete agent.sh if run without
9309 obj/
9310
9311commit 12b5f50777203e12575f1b08568281e447249ed3
9312Author: djm@openbsd.org <djm@openbsd.org>
9313Date: Tue Jan 20 07:56:44 2015 +0000
9314
9315 upstream commit
9316
9317 make this compile with KERBEROS5 enabled
9318
9319commit e2cc6bef08941256817d44d146115b3478586ad4
9320Author: djm@openbsd.org <djm@openbsd.org>
9321Date: Tue Jan 20 07:55:33 2015 +0000
9322
9323 upstream commit
9324
9325 fix hostkeys in agent; ok markus@
9326
9327commit 1ca3e2155aa5d3801a7ae050f85c71f41fcb95b1
9328Author: Damien Miller <djm@mindrot.org>
9329Date: Tue Jan 20 10:11:31 2015 +1100
9330
9331 fix kex test
9332
9333commit c78a578107c7e6dcf5d30a2f34cb6581bef14029
9334Author: markus@openbsd.org <markus@openbsd.org>
9335Date: Mon Jan 19 20:45:25 2015 +0000
9336
9337 upstream commit
9338
9339 finally enable the KEX tests I wrote some years ago...
9340
9341commit 31821d7217e686667d04935aeec99e1fc4a46e7e
9342Author: markus@openbsd.org <markus@openbsd.org>
9343Date: Mon Jan 19 20:42:31 2015 +0000
9344
9345 upstream commit
9346
9347 adapt to new error message (SSH_ERR_MAC_INVALID)
9348
9349commit d3716ca19e510e95d956ae14d5b367e364bff7f1
9350Author: djm@openbsd.org <djm@openbsd.org>
9351Date: Mon Jan 19 17:31:13 2015 +0000
9352
9353 upstream commit
9354
9355 this test was broken in at least two ways, such that it
9356 wasn't checking that a KRL was not excluding valid keys
9357
9358commit 3f797653748e7c2b037dacb57574c01d9ef3b4d3
9359Author: markus@openbsd.org <markus@openbsd.org>
9360Date: Mon Jan 19 20:32:39 2015 +0000
9361
9362 upstream commit
9363
9364 switch ssh-keyscan from setjmp to multiple ssh transport
9365 layer instances ok djm@
9366
9367commit f582f0e917bb0017b00944783cd5f408bf4b0b5e
9368Author: markus@openbsd.org <markus@openbsd.org>
9369Date: Mon Jan 19 20:30:23 2015 +0000
9370
9371 upstream commit
9372
9373 add experimental api for packet layer; ok djm@
9374
9375commit 48b3b2ba75181f11fca7f327058a591f4426cade
9376Author: markus@openbsd.org <markus@openbsd.org>
9377Date: Mon Jan 19 20:20:20 2015 +0000
9378
9379 upstream commit
9380
9381 store compat flags in struct ssh; ok djm@
9382
9383commit 57d10cbe861a235dd269c74fb2fe248469ecee9d
9384Author: markus@openbsd.org <markus@openbsd.org>
9385Date: Mon Jan 19 20:16:15 2015 +0000
9386
9387 upstream commit
9388
9389 adapt kex to sshbuf and struct ssh; ok djm@
9390
9391commit 3fdc88a0def4f86aa88a5846ac079dc964c0546a
9392Author: markus@openbsd.org <markus@openbsd.org>
9393Date: Mon Jan 19 20:07:45 2015 +0000
9394
9395 upstream commit
9396
9397 move dispatch to struct ssh; ok djm@
9398
9399commit 091c302829210c41e7f57c3f094c7b9c054306f0
9400Author: markus@openbsd.org <markus@openbsd.org>
9401Date: Mon Jan 19 19:52:16 2015 +0000
9402
9403 upstream commit
9404
9405 update packet.c & isolate, introduce struct ssh a) switch
9406 packet.c to buffer api and isolate per-connection info into struct ssh b)
9407 (de)serialization of the state is moved from monitor to packet.c c) the old
9408 packet.c API is implemented in opacket.[ch] d) compress.c/h is removed and
9409 integrated into packet.c with and ok djm@
9410
9411commit 4e62cc68ce4ba20245d208b252e74e91d3785b74
9412Author: djm@openbsd.org <djm@openbsd.org>
9413Date: Mon Jan 19 17:35:48 2015 +0000
9414
9415 upstream commit
9416
9417 fix format strings in (disabled) debugging
9418
9419commit d85e06245907d49a2cd0cfa0abf59150ad616f42
9420Author: djm@openbsd.org <djm@openbsd.org>
9421Date: Mon Jan 19 06:01:32 2015 +0000
9422
9423 upstream commit
9424
9425 be a bit more careful in these tests to ensure that
9426 known_hosts is clean
9427
9428commit 7947810eab5fe0ad311f32a48f4d4eb1f71be6cf
9429Author: djm@openbsd.org <djm@openbsd.org>
9430Date: Sun Jan 18 22:00:18 2015 +0000
9431
9432 upstream commit
9433
9434 regression test for known_host file editing using
9435 ssh-keygen (-H / -R / -F) after hostkeys_foreach() change; feedback and ok
9436 markus@
9437
9438commit 3a2b09d147a565d8a47edf37491e149a02c0d3a3
9439Author: djm@openbsd.org <djm@openbsd.org>
9440Date: Sun Jan 18 19:54:46 2015 +0000
9441
9442 upstream commit
9443
9444 more and better key tests
9445
9446 test signatures and verification
9447 test certificate generation
9448 flesh out nested cert test
9449
9450 removes most of the XXX todo markers
9451
9452commit 589e69fd82724cfc9738f128e4771da2e6405d0d
9453Author: djm@openbsd.org <djm@openbsd.org>
9454Date: Sun Jan 18 19:53:58 2015 +0000
9455
9456 upstream commit
9457
9458 make the signature fuzzing test much more rigorous:
9459 ensure that the fuzzed input cases do not match the original (using new
9460 fuzz_matches_original() function) and check that the verification fails in
9461 each case
9462
9463commit 80603c0daa2538c349c1c152405580b164d5475f
9464Author: djm@openbsd.org <djm@openbsd.org>
9465Date: Sun Jan 18 19:52:44 2015 +0000
9466
9467 upstream commit
9468
9469 add a fuzz_matches_original() function to the fuzzer to
9470 detect fuzz cases that are identical to the original data. Hacky
9471 implementation, but very useful when you need the fuzz to be different, e.g.
9472 when verifying signature
9473
9474commit 87d5495bd337e358ad69c524fcb9495208c0750b
9475Author: djm@openbsd.org <djm@openbsd.org>
9476Date: Sun Jan 18 19:50:55 2015 +0000
9477
9478 upstream commit
9479
9480 better dumps from the fuzzer (shown on errors) -
9481 include the original data as well as the fuzzed copy.
9482
9483commit d59ec478c453a3fff05badbbfd96aa856364f2c2
9484Author: djm@openbsd.org <djm@openbsd.org>
9485Date: Sun Jan 18 19:47:55 2015 +0000
9486
9487 upstream commit
9488
9489 enable hostkey-agent.sh test
9490
9491commit 26b3425170bf840e4b095e1c10bf25a0a3e3a105
9492Author: djm@openbsd.org <djm@openbsd.org>
9493Date: Sat Jan 17 18:54:30 2015 +0000
9494
9495 upstream commit
9496
9497 unit test for hostkeys in ssh-agent
9498
9499commit 9e06a0fb23ec55d9223b26a45bb63c7649e2f2f2
9500Author: markus@openbsd.org <markus@openbsd.org>
9501Date: Thu Jan 15 23:41:29 2015 +0000
9502
9503 upstream commit
9504
9505 add kex unit tests
9506
9507commit d2099dec6da21ae627f6289aedae6bc1d41a22ce
9508Author: deraadt@openbsd.org <deraadt@openbsd.org>
9509Date: Mon Jan 19 00:32:54 2015 +0000
9510
9511 upstream commit
9512
9513 djm, your /usr/include tree is old
9514
9515commit 2b3c3c76c30dc5076fe09d590f5b26880f148a54
9516Author: djm@openbsd.org <djm@openbsd.org>
9517Date: Sun Jan 18 21:51:19 2015 +0000
9518
9519 upstream commit
9520
9521 some feedback from markus@: comment hostkeys_foreach()
9522 context and avoid a member in it.
9523
9524commit cecb30bc2ba6d594366e657d664d5c494b6c8a7f
9525Author: djm@openbsd.org <djm@openbsd.org>
9526Date: Sun Jan 18 21:49:42 2015 +0000
9527
9528 upstream commit
9529
9530 make ssh-keygen use hostkeys_foreach(). Removes some
9531 horrendous code; ok markus@
9532
9533commit ec3d065df3a9557ea96b02d061fd821a18c1a0b9
9534Author: djm@openbsd.org <djm@openbsd.org>
9535Date: Sun Jan 18 21:48:09 2015 +0000
9536
9537 upstream commit
9538
9539 convert load_hostkeys() (hostkey ordering and
9540 known_host matching) to use the new hostkey_foreach() iterator; ok markus
9541
9542commit c29811cc480a260e42fd88849fc86a80c1e91038
9543Author: djm@openbsd.org <djm@openbsd.org>
9544Date: Sun Jan 18 21:40:23 2015 +0000
9545
9546 upstream commit
9547
9548 introduce hostkeys_foreach() to allow iteration over a
9549 known_hosts file or controlled subset thereof. This will allow us to pull out
9550 some ugly and duplicated code, and will be used to implement hostkey rotation
9551 later.
9552
9553 feedback and ok markus
9554
9555commit f101d8291da01bbbfd6fb8c569cfd0cc61c0d346
9556Author: deraadt@openbsd.org <deraadt@openbsd.org>
9557Date: Sun Jan 18 14:01:00 2015 +0000
9558
9559 upstream commit
9560
9561 string truncation due to sizeof(size) ok djm markus
9562
9563commit 35d6022b55b7969fc10c261cb6aa78cc4a5fcc41
9564Author: djm@openbsd.org <djm@openbsd.org>
9565Date: Sun Jan 18 13:33:34 2015 +0000
9566
9567 upstream commit
9568
9569 avoid trailing ',' in host key algorithms
9570
9571commit 7efb455789a0cb76bdcdee91c6060a3dc8f5c007
9572Author: djm@openbsd.org <djm@openbsd.org>
9573Date: Sun Jan 18 13:22:28 2015 +0000
9574
9575 upstream commit
9576
9577 infer key length correctly when user specified a fully-
9578 qualified key name instead of using the -b bits option; ok markus@
9579
9580commit 83f8ffa6a55ccd0ce9d8a205e3e7439ec18fedf5
9581Author: djm@openbsd.org <djm@openbsd.org>
9582Date: Sat Jan 17 18:53:34 2015 +0000
9583
9584 upstream commit
9585
9586 fix hostkeys on ssh agent; found by unit test I'm about
9587 to commit
9588
9589commit 369d61f17657b814124268f99c033e4dc6e436c1
9590Author: schwarze@openbsd.org <schwarze@openbsd.org>
9591Date: Fri Jan 16 16:20:23 2015 +0000
9592
9593 upstream commit
9594
9595 garbage collect empty .No macros mandoc warns about
9596
9597commit bb8b442d32dbdb8521d610e10d8b248d938bd747
9598Author: djm@openbsd.org <djm@openbsd.org>
9599Date: Fri Jan 16 15:55:07 2015 +0000
9600
9601 upstream commit
9602
9603 regression: incorrect error message on
9604 otherwise-successful ssh-keygen -A. Reported by Dmitry Orlov, via deraadt@
9605
9606commit 9010902954a40b59d0bf3df3ccbc3140a653e2bc
9607Author: djm@openbsd.org <djm@openbsd.org>
9608Date: Fri Jan 16 07:19:48 2015 +0000
9609
9610 upstream commit
9611
9612 when hostname canonicalisation is enabled, try to parse
9613 hostnames as addresses before looking them up for canonicalisation. fixes
9614 bz#2074 and avoids needless DNS lookups in some cases; ok markus
9615
9616commit 2ae4f337b2a5fb2841b6b0053b49496fef844d1c
9617Author: deraadt@openbsd.org <deraadt@openbsd.org>
9618Date: Fri Jan 16 06:40:12 2015 +0000
9619
9620 upstream commit
9621
9622 Replace <sys/param.h> with <limits.h> and other less
9623 dirty headers where possible. Annotate <sys/param.h> lines with their
9624 current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1,
9625 LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of
9626 MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution.
9627 These are the files confirmed through binary verification. ok guenther,
9628 millert, doug (helped with the verification protocol)
9629
9630commit 3c4726f4c24118e8f1bb80bf75f1456c76df072c
9631Author: markus@openbsd.org <markus@openbsd.org>
9632Date: Thu Jan 15 21:38:50 2015 +0000
9633
9634 upstream commit
9635
9636 remove xmalloc, switch to sshbuf
9637
9638commit e17ac01f8b763e4b83976b9e521e90a280acc097
9639Author: markus@openbsd.org <markus@openbsd.org>
9640Date: Thu Jan 15 21:37:14 2015 +0000
9641
9642 upstream commit
9643
9644 switch to sshbuf
9645
9646commit ddef9995a1fa6c7a8ff3b38bfe6cf724bebf13d0
9647Author: naddy@openbsd.org <naddy@openbsd.org>
9648Date: Thu Jan 15 18:32:54 2015 +0000
9649
9650 upstream commit
9651
9652 handle UMAC128 initialization like UMAC; ok djm@ markus@
9653
9654commit f14564c1f7792446bca143580aef0e7ac25dcdae
9655Author: djm@openbsd.org <djm@openbsd.org>
9656Date: Thu Jan 15 11:04:36 2015 +0000
9657
9658 upstream commit
9659
9660 fix regression reported by brad@ for passworded keys without
9661 agent present
9662
9663commit 45c0fd70bb2a88061319dfff20cb12ef7b1bc47e
9664Author: Damien Miller <djm@mindrot.org>
9665Date: Thu Jan 15 22:08:23 2015 +1100
9666
9667 make bitmap test compile
9668
9669commit d333f89abf7179021e5c3f28673f469abe032062
9670Author: djm@openbsd.org <djm@openbsd.org>
9671Date: Thu Jan 15 07:36:28 2015 +0000
9672
9673 upstream commit
9674
9675 unit tests for KRL bitmap
9676
9677commit 7613f828f49c55ff356007ae9645038ab6682556
9678Author: markus@openbsd.org <markus@openbsd.org>
9679Date: Wed Jan 14 09:58:21 2015 +0000
9680
9681 upstream commit
9682
9683 re-add comment about full path
9684
9685commit 6c43b48b307c41cd656b415621a644074579a578
9686Author: markus@openbsd.org <markus@openbsd.org>
9687Date: Wed Jan 14 09:54:38 2015 +0000
9688
9689 upstream commit
9690
9691 don't reset to the installed sshd; connect before
9692 reconfigure, too
9693
9694commit 771bb47a1df8b69061f09462e78aa0b66cd594bf
9695Author: djm@openbsd.org <djm@openbsd.org>
9696Date: Tue Jan 13 14:51:51 2015 +0000
9697
9698 upstream commit
9699
9700 implement a SIGINFO handler so we can discern a stuck
9701 fuzz test from a merely glacial one; prompted by and ok markus
9702
9703commit cfaa57962f8536f3cf0fd7daf4d6a55d6f6de45f
9704Author: djm@openbsd.org <djm@openbsd.org>
9705Date: Tue Jan 13 08:23:26 2015 +0000
9706
9707 upstream commit
9708
9709 use $SSH instead of installed ssh to allow override;
9710 spotted by markus@
9711
9712commit 0920553d0aee117a596b03ed5b49b280d34a32c5
9713Author: djm@openbsd.org <djm@openbsd.org>
9714Date: Tue Jan 13 07:49:49 2015 +0000
9715
9716 upstream commit
9717
9718 regress test for PubkeyAcceptedKeyTypes; ok markus@
9719
9720commit 27ca1a5c0095eda151934bca39a77e391f875d17
9721Author: markus@openbsd.org <markus@openbsd.org>
9722Date: Mon Jan 12 20:13:27 2015 +0000
9723
9724 upstream commit
9725
9726 unbreak parsing of pubkey comments; with gerhard; ok
9727 djm/deraadt
9728
9729commit 55358f0b4e0b83bc0df81c5f854c91b11e0bb4dc
9730Author: djm@openbsd.org <djm@openbsd.org>
9731Date: Mon Jan 12 11:46:32 2015 +0000
9732
9733 upstream commit
9734
9735 fatal if soft-PKCS11 library is missing rather (rather
9736 than continue and fail with a more cryptic error)
9737
9738commit c3554cdd2a1a62434b8161017aa76fa09718a003
9739Author: djm@openbsd.org <djm@openbsd.org>
9740Date: Mon Jan 12 11:12:38 2015 +0000
9741
9742 upstream commit
9743
9744 let this test all supporte key types; pointed out/ok
9745 markus@
9746
9747commit 1129dcfc5a3e508635004bcc05a3574cb7687167
9748Author: djm@openbsd.org <djm@openbsd.org>
9749Date: Thu Jan 15 09:40:00 2015 +0000
9750
9751 upstream commit
9752
9753 sync ssh-keysign, ssh-keygen and some dependencies to the
9754 new buffer/key API; mostly mechanical, ok markus@
9755
9756commit e4ebf5586452bf512da662ac277aaf6ecf0efe7c
9757Author: djm@openbsd.org <djm@openbsd.org>
9758Date: Thu Jan 15 07:57:08 2015 +0000
9759
9760 upstream commit
9761
9762 remove commented-out test code now that it has moved to a
9763 proper unit test
9764
9765commit e81cba066c1e9eb70aba0f6e7c0ff220611b370f
9766Author: djm@openbsd.org <djm@openbsd.org>
9767Date: Wed Jan 14 20:54:29 2015 +0000
9768
9769 upstream commit
9770
9771 whitespace
9772
9773commit 141efe49542f7156cdbc2e4cd0a041d8b1aab622
9774Author: djm@openbsd.org <djm@openbsd.org>
9775Date: Wed Jan 14 20:05:27 2015 +0000
9776
9777 upstream commit
9778
9779 move authfd.c and its tentacles to the new buffer/key
9780 API; ok markus@
9781
9782commit 0088c57af302cda278bd26d8c3ae81d5b6f7c289
9783Author: djm@openbsd.org <djm@openbsd.org>
9784Date: Wed Jan 14 19:33:41 2015 +0000
9785
9786 upstream commit
9787
9788 fix small regression: ssh-agent would return a success
9789 message but an empty signature if asked to sign using an unknown key; ok
9790 markus@
9791
9792commit b03ebe2c22b8166e4f64c37737f4278676e3488d
9793Author: Damien Miller <djm@mindrot.org>
9794Date: Thu Jan 15 03:08:58 2015 +1100
9795
9796 more --without-openssl
9797
9798 fix some regressions caused by upstream merges
9799
9800 enable KRLs now that they no longer require BIGNUMs
9801
9802commit bc42cc6fe784f36df225c44c93b74830027cb5a2
9803Author: Damien Miller <djm@mindrot.org>
9804Date: Thu Jan 15 03:08:29 2015 +1100
9805
9806 kludge around tun API mismatch betterer
9807
9808commit c332110291089b624fa0951fbf2d1ee6de525b9f
9809Author: Damien Miller <djm@mindrot.org>
9810Date: Thu Jan 15 02:59:51 2015 +1100
9811
9812 some systems lack SO_REUSEPORT
9813
9814commit 83b9678a62cbdc74eb2031cf1e1e4ffd58e233ae
9815Author: Damien Miller <djm@mindrot.org>
9816Date: Thu Jan 15 02:35:50 2015 +1100
9817
9818 fix merge botch
9819
9820commit 0cdc5a3eb6fb383569a4da2a30705d9b90428d6b
9821Author: Damien Miller <djm@mindrot.org>
9822Date: Thu Jan 15 02:35:33 2015 +1100
9823
9824 unbreak across API change
9825
9826commit 6e2549ac2b5e7f96cbc2d83a6e0784b120444b47
9827Author: Damien Miller <djm@mindrot.org>
9828Date: Thu Jan 15 02:30:18 2015 +1100
9829
9830 need includes.h for portable OpenSSH
9831
9832commit 72ef7c148c42db7d5632a29f137f8b87b579f2d9
9833Author: Damien Miller <djm@mindrot.org>
9834Date: Thu Jan 15 02:21:31 2015 +1100
9835
9836 support --without-openssl at configure time
9837
9838 Disables and removes dependency on OpenSSL. Many features don't
9839 work and the set of crypto options is greatly restricted. This
9840 will only work on system with native arc4random or /dev/urandom.
9841
9842 Considered highly experimental for now.
9843
9844commit 4f38c61c68ae7e3f9ee4b3c38bc86cd39f65ece9
9845Author: Damien Miller <djm@mindrot.org>
9846Date: Thu Jan 15 02:28:00 2015 +1100
9847
9848 add files missed in last commit
9849
9850commit a165bab605f7be55940bb8fae977398e8c96a46d
9851Author: djm@openbsd.org <djm@openbsd.org>
9852Date: Wed Jan 14 15:02:39 2015 +0000
9853
9854 upstream commit
9855
9856 avoid BIGNUM in KRL code by using a simple bitmap;
9857 feedback and ok markus
9858
9859commit 7d845f4a0b7ec97887be204c3760e44de8bf1f32
9860Author: djm@openbsd.org <djm@openbsd.org>
9861Date: Wed Jan 14 13:54:13 2015 +0000
9862
9863 upstream commit
9864
9865 update sftp client and server to new buffer API. pretty
9866 much just mechanical changes; with & ok markus
9867
9868commit 139ca81866ec1b219c717d17061e5e7ad1059e2a
9869Author: markus@openbsd.org <markus@openbsd.org>
9870Date: Wed Jan 14 13:09:09 2015 +0000
9871
9872 upstream commit
9873
9874 switch to sshbuf/sshkey; with & ok djm@
9875
9876commit 81bfbd0bd35683de5d7f2238b985e5f8150a9180
9877Author: Damien Miller <djm@mindrot.org>
9878Date: Wed Jan 14 21:48:18 2015 +1100
9879
9880 support --without-openssl at configure time
9881
9882 Disables and removes dependency on OpenSSL. Many features don't
9883 work and the set of crypto options is greatly restricted. This
9884 will only work on system with native arc4random or /dev/urandom.
9885
9886 Considered highly experimental for now.
9887
9888commit 54924b53af15ccdcbb9f89984512b5efef641a31
9889Author: djm@openbsd.org <djm@openbsd.org>
9890Date: Wed Jan 14 10:46:28 2015 +0000
9891
9892 upstream commit
9893
9894 avoid an warning for the !OPENSSL case
9895
9896commit ae8b463217f7c9b66655bfc3945c050ffdaeb861
9897Author: markus@openbsd.org <markus@openbsd.org>
9898Date: Wed Jan 14 10:30:34 2015 +0000
9899
9900 upstream commit
9901
9902 swith auth-options to new sshbuf/sshkey; ok djm@
9903
9904commit 540e891191b98b89ee90aacf5b14a4a68635e763
9905Author: djm@openbsd.org <djm@openbsd.org>
9906Date: Wed Jan 14 10:29:45 2015 +0000
9907
9908 upstream commit
9909
9910 make non-OpenSSL aes-ctr work on sshd w/ privsep; ok
9911 markus@
9912
9913commit 60c2c4ea5e1ad0ddfe8b2877b78ed5143be79c53
9914Author: markus@openbsd.org <markus@openbsd.org>
9915Date: Wed Jan 14 10:24:42 2015 +0000
9916
9917 upstream commit
9918
9919 remove unneeded includes, sync my copyright across files
9920 & whitespace; ok djm@
9921
9922commit 128343bcdb0b60fc826f2733df8cf979ec1627b4
9923Author: markus@openbsd.org <markus@openbsd.org>
9924Date: Tue Jan 13 19:31:40 2015 +0000
9925
9926 upstream commit
9927
9928 adapt mac.c to ssherr.h return codes (de-fatal) and
9929 simplify dependencies ok djm@
9930
9931commit e7fd952f4ea01f09ceb068721a5431ac2fd416ed
9932Author: djm@openbsd.org <djm@openbsd.org>
9933Date: Tue Jan 13 19:04:35 2015 +0000
9934
9935 upstream commit
9936
9937 sync changes from libopenssh; prepared by markus@ mostly
9938 debug output tweaks, a couple of error return value changes and some other
9939 minor stuff
9940
9941commit 76c0480a85675f03a1376167cb686abed01a3583
9942Author: Damien Miller <djm@mindrot.org>
9943Date: Tue Jan 13 19:38:18 2015 +1100
9944
9945 add --without-ssh1 option to configure
9946
9947 Allows disabling support for SSH protocol 1.
9948
9949commit 1f729f0614d1376c3332fa1edb6a5e5cec7e9e03
9950Author: djm@openbsd.org <djm@openbsd.org>
9951Date: Tue Jan 13 07:39:19 2015 +0000
9952
9953 upstream commit
9954
9955 add sshd_config HostbasedAcceptedKeyTypes and
9956 PubkeyAcceptedKeyTypes options to allow sshd to control what public key types
9957 will be accepted. Currently defaults to all. Feedback & ok markus@
9958
9959commit 816d1538c24209a93ba0560b27c4fda57c3fff65
9960Author: markus@openbsd.org <markus@openbsd.org>
9961Date: Mon Jan 12 20:13:27 2015 +0000
9962
9963 upstream commit
9964
9965 unbreak parsing of pubkey comments; with gerhard; ok
9966 djm/deraadt
9967
9968commit 0097565f849851812df610b7b6b3c4bd414f6c62
9969Author: markus@openbsd.org <markus@openbsd.org>
9970Date: Mon Jan 12 19:22:46 2015 +0000
9971
9972 upstream commit
9973
9974 missing error assigment on sshbuf_put_string()
9975
9976commit a7f49dcb527dd17877fcb8d5c3a9a6f550e0bba5
9977Author: djm@openbsd.org <djm@openbsd.org>
9978Date: Mon Jan 12 15:18:07 2015 +0000
9979
9980 upstream commit
9981
9982 apparently memcpy(x, NULL, 0) is undefined behaviour
9983 according to C99 (cf. sections 7.21.1 and 7.1.4), so check skip memcpy calls
9984 when length==0; ok markus@
9985
9986commit 905fe30fca82f38213763616d0d26eb6790bde33
9987Author: markus@openbsd.org <markus@openbsd.org>
9988Date: Mon Jan 12 14:05:19 2015 +0000
9989
9990 upstream commit
9991
9992 free->sshkey_free; ok djm@
9993
9994commit f067cca2bc20c86b110174c3fef04086a7f57b13
9995Author: markus@openbsd.org <markus@openbsd.org>
9996Date: Mon Jan 12 13:29:27 2015 +0000
9997
9998 upstream commit
9999
10000 allow WITH_OPENSSL w/o WITH_SSH1; ok djm@
10001
10002commit c4bfafcc2a9300d9cfb3c15e75572d3a7d74670d
10003Author: djm@openbsd.org <djm@openbsd.org>
10004Date: Thu Jan 8 13:10:58 2015 +0000
10005
10006 upstream commit
10007
10008 adjust for sshkey_load_file() API change
10009
10010commit e752c6d547036c602b89e9e704851463bd160e32
10011Author: djm@openbsd.org <djm@openbsd.org>
10012Date: Thu Jan 8 13:44:36 2015 +0000
10013
10014 upstream commit
10015
10016 fix ssh_config FingerprintHash evaluation order; from Petr
10017 Lautrbach
10018
10019commit ab24ab847b0fc94c8d5e419feecff0bcb6d6d1bf
10020Author: djm@openbsd.org <djm@openbsd.org>
10021Date: Thu Jan 8 10:15:45 2015 +0000
10022
10023 upstream commit
10024
10025 reorder hostbased key attempts to better match the
10026 default hostkey algorithms order in myproposal.h; ok markus@
10027
10028commit 1195f4cb07ef4b0405c839293c38600b3e9bdb46
10029Author: djm@openbsd.org <djm@openbsd.org>
10030Date: Thu Jan 8 10:14:08 2015 +0000
10031
10032 upstream commit
10033
10034 deprecate key_load_private_pem() and
10035 sshkey_load_private_pem() interfaces. Refactor the generic key loading API to
10036 not require pathnames to be specified (they weren't really used).
10037
10038 Fixes a few other things en passant:
10039
10040 Makes ed25519 keys work for hostbased authentication (ssh-keysign
10041 previously used the PEM-only routines).
10042
10043 Fixes key comment regression bz#2306: key pathnames were being lost as
10044 comment fields.
10045
10046 ok markus@
10047
10048commit febbe09e4e9aff579b0c5cc1623f756862e4757d
10049Author: tedu@openbsd.org <tedu@openbsd.org>
10050Date: Wed Jan 7 18:15:07 2015 +0000
10051
10052 upstream commit
10053
10054 workaround for the Meyer, et al, Bleichenbacher Side
10055 Channel Attack. fake up a bignum key before RSA decryption. discussed/ok djm
10056 markus
10057
10058commit 5191df927db282d3123ca2f34a04d8d96153911a
10059Author: djm@openbsd.org <djm@openbsd.org>
10060Date: Tue Dec 23 22:42:48 2014 +0000
10061
10062 upstream commit
10063
10064 KNF and add a little more debug()
10065
10066commit 8abd80315d3419b20e6938f74d37e2e2b547f0b7
10067Author: jmc@openbsd.org <jmc@openbsd.org>
10068Date: Mon Dec 22 09:26:31 2014 +0000
10069
10070 upstream commit
10071
10072 add fingerprinthash to the options list;
10073
10074commit 296ef0560f60980da01d83b9f0e1a5257826536f
10075Author: jmc@openbsd.org <jmc@openbsd.org>
10076Date: Mon Dec 22 09:24:59 2014 +0000
10077
10078 upstream commit
10079
10080 tweak previous;
10081
10082commit 462082eacbd37778a173afb6b84c6f4d898a18b5
10083Author: Damien Miller <djm@google.com>
10084Date: Tue Dec 30 08:16:11 2014 +1100
10085
10086 avoid uninitialised free of ldns_res
10087
10088 If an invalid rdclass was passed to getrrsetbyname() then
10089 this would execute a free on an uninitialised pointer.
10090 OpenSSH only ever calls this with a fixed and valid rdclass.
10091
10092 Reported by Joshua Rogers
10093
10094commit 01b63498801053f131a0740eb9d13faf35d636c8
10095Author: Damien Miller <djm@google.com>
10096Date: Mon Dec 29 18:10:18 2014 +1100
10097
10098 pull updated OpenBSD BCrypt PBKDF implementation
10099
10100 Includes fix for 1 byte output overflow for large key length
10101 requests (not reachable in OpenSSH).
10102
10103 Pointed out by Joshua Rogers
10104
10105commit c528c1b4af2f06712177b3de9b30705752f7cbcb
10106Author: Damien Miller <djm@google.com>
10107Date: Tue Dec 23 15:26:13 2014 +1100
10108
10109 fix variable name for IPv6 case in construct_utmpx
10110
10111 patch from writeonce AT midipix.org via bz#2296
10112
10113commit 293cac52dcda123244b2e594d15592e5e481c55e
10114Author: Damien Miller <djm@google.com>
10115Date: Mon Dec 22 16:30:42 2014 +1100
10116
10117 include and use OpenBSD netcat in regress/
10118
10119commit 8f6784f0cb56dc4fd00af3e81a10050a5785228d
10120Author: djm@openbsd.org <djm@openbsd.org>
10121Date: Mon Dec 22 09:05:17 2014 +0000
10122
10123 upstream commit
10124
10125 mention ssh -Q feature to list supported { MAC, cipher,
10126 KEX, key } algorithms in more places and include the query string used to
10127 list the relevant information; bz#2288
10128
10129commit 449e11b4d7847079bd0a2daa6e3e7ea03d8ef700
10130Author: jmc@openbsd.org <jmc@openbsd.org>
10131Date: Mon Dec 22 08:24:17 2014 +0000
10132
10133 upstream commit
10134
10135 tweak previous;
10136
10137commit 4bea0ab3290c0b9dd2aa199e932de8e7e18062d6
10138Author: djm@openbsd.org <djm@openbsd.org>
10139Date: Mon Dec 22 08:06:03 2014 +0000
10140
10141 upstream commit
10142
10143 regression test for multiple required pubkey authentication;
10144 ok markus@
10145
10146commit f1c4d8ec52158b6f57834b8cd839605b0a33e7f2
10147Author: djm@openbsd.org <djm@openbsd.org>
10148Date: Mon Dec 22 08:04:23 2014 +0000
10149
10150 upstream commit
10151
10152 correct description of what will happen when a
10153 AuthorizedKeysCommand is specified but AuthorizedKeysCommandUser is not (sshd
10154 will refuse to start)
10155
10156commit 161cf419f412446635013ac49e8c660cadc36080
10157Author: djm@openbsd.org <djm@openbsd.org>
10158Date: Mon Dec 22 07:55:51 2014 +0000
10159
10160 upstream commit
10161
10162 make internal handling of filename arguments of "none"
10163 more consistent with ssh. "none" arguments are now replaced with NULL when
10164 the configuration is finalised.
10165
10166 Simplifies checking later on (just need to test not-NULL rather than
10167 that + strcmp) and cleans up some inconsistencies. ok markus@
10168
10169commit f69b69b8625be447b8826b21d87713874dac25a6
10170Author: djm@openbsd.org <djm@openbsd.org>
10171Date: Mon Dec 22 07:51:30 2014 +0000
10172
10173 upstream commit
10174
10175 remember which public keys have been used for
10176 authentication and refuse to accept previously-used keys.
10177
10178 This allows AuthenticationMethods=publickey,publickey to require
10179 that users authenticate using two _different_ pubkeys.
10180
10181 ok markus@
10182
10183commit 46ac2ed4677968224c4ca825bc98fc68dae183f0
10184Author: djm@openbsd.org <djm@openbsd.org>
10185Date: Mon Dec 22 07:24:11 2014 +0000
10186
10187 upstream commit
10188
10189 fix passing of wildcard forward bind addresses when
10190 connection multiplexing is in use; patch from Sami Hartikainen via bz#2324;
10191 ok dtucker@
10192
10193commit 0d1b241a262e4d0a6bbfdd595489ab1b853c43a1
10194Author: djm@openbsd.org <djm@openbsd.org>
10195Date: Mon Dec 22 06:14:29 2014 +0000
10196
10197 upstream commit
10198
10199 make this slightly easier to diff against portable
10200
10201commit 0715bcdddbf68953964058f17255bf54734b8737
10202Author: Damien Miller <djm@mindrot.org>
10203Date: Mon Dec 22 13:47:07 2014 +1100
10204
10205 add missing regress output file
10206
10207commit 1e30483c8ad2c2f39445d4a4b6ab20c241e40593
10208Author: djm@openbsd.org <djm@openbsd.org>
10209Date: Mon Dec 22 02:15:52 2014 +0000
10210
10211 upstream commit
10212
10213 adjust for new SHA256 key fingerprints and
10214 slightly-different MD5 hex fingerprint format
10215
10216commit 6b40567ed722df98593ad8e6a2d2448fc2b4b151
10217Author: djm@openbsd.org <djm@openbsd.org>
10218Date: Mon Dec 22 01:14:49 2014 +0000
10219
10220 upstream commit
10221
10222 poll changes to netcat (usr.bin/netcat.c r1.125) broke
10223 this test; fix it by ensuring more stdio fds are sent to devnull
10224
10225commit a5375ccb970f49dddf7d0ef63c9b713ede9e7260
10226Author: jmc@openbsd.org <jmc@openbsd.org>
10227Date: Sun Dec 21 23:35:14 2014 +0000
10228
10229 upstream commit
10230
10231 tweak previous;
10232
10233commit b79efde5c3badf5ce4312fe608d8307eade533c5
10234Author: djm@openbsd.org <djm@openbsd.org>
10235Date: Sun Dec 21 23:12:42 2014 +0000
10236
10237 upstream commit
10238
10239 document FingerprintHash here too
10240
10241commit d16bdd8027dd116afa01324bb071a4016cdc1a75
10242Author: Damien Miller <djm@mindrot.org>
10243Date: Mon Dec 22 10:18:09 2014 +1100
10244
10245 missing include for base64 encoding
10246
10247commit 56d1c83cdd1ac76f1c6bd41e01e80dad834f3994
10248Author: djm@openbsd.org <djm@openbsd.org>
10249Date: Sun Dec 21 22:27:55 2014 +0000
10250
10251 upstream commit
10252
10253 Add FingerprintHash option to control algorithm used for
10254 key fingerprints. Default changes from MD5 to SHA256 and format from hex to
10255 base64.
10256
10257 Feedback and ok naddy@ markus@
10258
10259commit 058f839fe15c51be8b3a844a76ab9a8db550be4f
10260Author: djm@openbsd.org <djm@openbsd.org>
10261Date: Thu Dec 18 23:58:04 2014 +0000
10262
10263 upstream commit
10264
10265 don't count partial authentication success as a failure
10266 against MaxAuthTries; ok deraadt@
diff --git a/INSTALL b/INSTALL
index 6bc80b68f..92106bf02 100644
--- a/INSTALL
+++ b/INSTALL
@@ -1,3 +1,4 @@
11. Prerequisites
1---------------- 2----------------
2 3
3A C compiler. Any C89 or better compiler should work. Where supported, 4A C compiler. Any C89 or better compiler should work. Where supported,
@@ -231,7 +232,7 @@ manually using the following commands:
231 232
232 ssh-keygen -t [type] -f /etc/ssh/ssh_host_key -N "" 233 ssh-keygen -t [type] -f /etc/ssh/ssh_host_key -N ""
233 234
234for each of the types you wish to generate (rsa, dsa or ecdsaa) or 235for each of the types you wish to generate (rsa, dsa or ecdsa) or
235 236
236 ssh-keygen -A 237 ssh-keygen -A
237 238
diff --git a/Makefile.in b/Makefile.in
index e10f3742a..5870e9e6e 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -236,6 +236,8 @@ clean: regressclean
236 rm -f regress/unittests/sshkey/test_sshkey 236 rm -f regress/unittests/sshkey/test_sshkey
237 rm -f regress/unittests/bitmap/*.o 237 rm -f regress/unittests/bitmap/*.o
238 rm -f regress/unittests/bitmap/test_bitmap 238 rm -f regress/unittests/bitmap/test_bitmap
239 rm -f regress/unittests/conversion/*.o
240 rm -f regress/unittests/conversion/test_conversion
239 rm -f regress/unittests/hostkeys/*.o 241 rm -f regress/unittests/hostkeys/*.o
240 rm -f regress/unittests/hostkeys/test_hostkeys 242 rm -f regress/unittests/hostkeys/test_hostkeys
241 rm -f regress/unittests/kex/*.o 243 rm -f regress/unittests/kex/*.o
@@ -262,6 +264,8 @@ distclean: regressclean
262 rm -f regress/unittests/sshkey/test_sshkey 264 rm -f regress/unittests/sshkey/test_sshkey
263 rm -f regress/unittests/bitmap/*.o 265 rm -f regress/unittests/bitmap/*.o
264 rm -f regress/unittests/bitmap/test_bitmap 266 rm -f regress/unittests/bitmap/test_bitmap
267 rm -f regress/unittests/conversion/*.o
268 rm -f regress/unittests/conversion/test_conversion
265 rm -f regress/unittests/hostkeys/*.o 269 rm -f regress/unittests/hostkeys/*.o
266 rm -f regress/unittests/hostkeys/test_hostkeys 270 rm -f regress/unittests/hostkeys/test_hostkeys
267 rm -f regress/unittests/kex/*.o 271 rm -f regress/unittests/kex/*.o
@@ -426,6 +430,8 @@ regress-prep:
426 mkdir -p `pwd`/regress/unittests/sshkey 430 mkdir -p `pwd`/regress/unittests/sshkey
427 [ -d `pwd`/regress/unittests/bitmap ] || \ 431 [ -d `pwd`/regress/unittests/bitmap ] || \
428 mkdir -p `pwd`/regress/unittests/bitmap 432 mkdir -p `pwd`/regress/unittests/bitmap
433 [ -d `pwd`/regress/unittests/conversion ] || \
434 mkdir -p `pwd`/regress/unittests/conversion
429 [ -d `pwd`/regress/unittests/hostkeys ] || \ 435 [ -d `pwd`/regress/unittests/hostkeys ] || \
430 mkdir -p `pwd`/regress/unittests/hostkeys 436 mkdir -p `pwd`/regress/unittests/hostkeys
431 [ -d `pwd`/regress/unittests/kex ] || \ 437 [ -d `pwd`/regress/unittests/kex ] || \
@@ -503,6 +509,16 @@ regress/unittests/bitmap/test_bitmap$(EXEEXT): ${UNITTESTS_TEST_BITMAP_OBJS} \
503 regress/unittests/test_helper/libtest_helper.a \ 509 regress/unittests/test_helper/libtest_helper.a \
504 -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) 510 -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
505 511
512UNITTESTS_TEST_CONVERSION_OBJS=\
513 regress/unittests/conversion/tests.o
514
515regress/unittests/conversion/test_conversion$(EXEEXT): \
516 ${UNITTESTS_TEST_CONVERSION_OBJS} \
517 regress/unittests/test_helper/libtest_helper.a libssh.a
518 $(LD) -o $@ $(LDFLAGS) $(UNITTESTS_TEST_CONVERSION_OBJS) \
519 regress/unittests/test_helper/libtest_helper.a \
520 -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
521
506UNITTESTS_TEST_KEX_OBJS=\ 522UNITTESTS_TEST_KEX_OBJS=\
507 regress/unittests/kex/tests.o \ 523 regress/unittests/kex/tests.o \
508 regress/unittests/kex/test_kex.o 524 regress/unittests/kex/test_kex.o
@@ -558,13 +574,14 @@ regress-binaries: regress/modpipe$(EXEEXT) \
558 regress/unittests/sshbuf/test_sshbuf$(EXEEXT) \ 574 regress/unittests/sshbuf/test_sshbuf$(EXEEXT) \
559 regress/unittests/sshkey/test_sshkey$(EXEEXT) \ 575 regress/unittests/sshkey/test_sshkey$(EXEEXT) \
560 regress/unittests/bitmap/test_bitmap$(EXEEXT) \ 576 regress/unittests/bitmap/test_bitmap$(EXEEXT) \
577 regress/unittests/conversion/test_conversion$(EXEEXT) \
561 regress/unittests/hostkeys/test_hostkeys$(EXEEXT) \ 578 regress/unittests/hostkeys/test_hostkeys$(EXEEXT) \
562 regress/unittests/kex/test_kex$(EXEEXT) \ 579 regress/unittests/kex/test_kex$(EXEEXT) \
563 regress/unittests/match/test_match$(EXEEXT) \ 580 regress/unittests/match/test_match$(EXEEXT) \
564 regress/unittests/utf8/test_utf8$(EXEEXT) \ 581 regress/unittests/utf8/test_utf8$(EXEEXT) \
565 regress/misc/kexfuzz/kexfuzz$(EXEEXT) 582 regress/misc/kexfuzz/kexfuzz$(EXEEXT)
566 583
567tests interop-tests t-exec: regress-prep regress-binaries $(TARGETS) 584tests interop-tests t-exec unit: regress-prep regress-binaries $(TARGETS)
568 BUILDDIR=`pwd`; \ 585 BUILDDIR=`pwd`; \
569 TEST_SSH_SCP="$${BUILDDIR}/scp"; \ 586 TEST_SSH_SCP="$${BUILDDIR}/scp"; \
570 TEST_SSH_SSH="$${BUILDDIR}/ssh"; \ 587 TEST_SSH_SSH="$${BUILDDIR}/ssh"; \
diff --git a/README b/README
index 60594eeb9..bda852548 100644
--- a/README
+++ b/README
@@ -1,4 +1,4 @@
1See https://www.openssh.com/releasenotes.html#7.4p1 for the release notes. 1See https://www.openssh.com/releasenotes.html#7.5p1 for the release notes.
2 2
3Please read https://www.openssh.com/report.html for bug reporting 3Please read https://www.openssh.com/report.html for bug reporting
4instructions and note that we do not use Github for bug reporting or 4instructions and note that we do not use Github for bug reporting or
diff --git a/auth-pam.c b/auth-pam.c
index 7d8b2926b..bc8e5e02d 100644
--- a/auth-pam.c
+++ b/auth-pam.c
@@ -830,6 +830,8 @@ fake_password(const char *wire_password)
830 fatal("%s: password length too long: %zu", __func__, l); 830 fatal("%s: password length too long: %zu", __func__, l);
831 831
832 ret = malloc(l + 1); 832 ret = malloc(l + 1);
833 if (ret == NULL)
834 return NULL;
833 for (i = 0; i < l; i++) 835 for (i = 0; i < l; i++)
834 ret[i] = junk[i % (sizeof(junk) - 1)]; 836 ret[i] = junk[i % (sizeof(junk) - 1)];
835 ret[i] = '\0'; 837 ret[i] = '\0';
diff --git a/auth2-pubkey.c b/auth2-pubkey.c
index 20f3309e1..3e5706f4d 100644
--- a/auth2-pubkey.c
+++ b/auth2-pubkey.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth2-pubkey.c,v 1.60 2016/11/30 02:57:40 djm Exp $ */ 1/* $OpenBSD: auth2-pubkey.c,v 1.62 2017/01/30 01:03:00 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * 4 *
@@ -564,9 +564,12 @@ process_principals(FILE *f, char *file, struct passwd *pw,
564{ 564{
565 char line[SSH_MAX_PUBKEY_BYTES], *cp, *ep, *line_opts; 565 char line[SSH_MAX_PUBKEY_BYTES], *cp, *ep, *line_opts;
566 u_long linenum = 0; 566 u_long linenum = 0;
567 u_int i; 567 u_int i, found_principal = 0;
568 568
569 while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) { 569 while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) {
570 /* Always consume entire input */
571 if (found_principal)
572 continue;
570 /* Skip leading whitespace. */ 573 /* Skip leading whitespace. */
571 for (cp = line; *cp == ' ' || *cp == '\t'; cp++) 574 for (cp = line; *cp == ' ' || *cp == '\t'; cp++)
572 ; 575 ;
@@ -599,11 +602,12 @@ process_principals(FILE *f, char *file, struct passwd *pw,
599 if (auth_parse_options(pw, line_opts, 602 if (auth_parse_options(pw, line_opts,
600 file, linenum) != 1) 603 file, linenum) != 1)
601 continue; 604 continue;
602 return 1; 605 found_principal = 1;
606 continue;
603 } 607 }
604 } 608 }
605 } 609 }
606 return 0; 610 return found_principal;
607} 611}
608 612
609static int 613static int
@@ -727,6 +731,9 @@ match_principals_command(struct passwd *user_pw, const struct sshkey *key)
727 731
728 ok = process_principals(f, NULL, pw, cert); 732 ok = process_principals(f, NULL, pw, cert);
729 733
734 fclose(f);
735 f = NULL;
736
730 if (exited_cleanly(pid, "AuthorizedPrincipalsCommand", command) != 0) 737 if (exited_cleanly(pid, "AuthorizedPrincipalsCommand", command) != 0)
731 goto out; 738 goto out;
732 739
@@ -768,6 +775,9 @@ check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw)
768 char *cp, *key_options = NULL, *fp = NULL; 775 char *cp, *key_options = NULL, *fp = NULL;
769 const char *reason = NULL; 776 const char *reason = NULL;
770 777
778 /* Always consume entrire file */
779 if (found_key)
780 continue;
771 if (found != NULL) 781 if (found != NULL)
772 key_free(found); 782 key_free(found);
773 found = key_new(key_is_cert(key) ? KEY_UNSPEC : key->type); 783 found = key_new(key_is_cert(key) ? KEY_UNSPEC : key->type);
@@ -854,7 +864,7 @@ check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw)
854 file, linenum, key_type(found), fp); 864 file, linenum, key_type(found), fp);
855 free(fp); 865 free(fp);
856 found_key = 1; 866 found_key = 1;
857 break; 867 continue;
858 } 868 }
859 } 869 }
860 if (found != NULL) 870 if (found != NULL)
@@ -1050,6 +1060,9 @@ user_key_command_allowed2(struct passwd *user_pw, Key *key)
1050 1060
1051 ok = check_authkeys_file(f, options.authorized_keys_command, key, pw); 1061 ok = check_authkeys_file(f, options.authorized_keys_command, key, pw);
1052 1062
1063 fclose(f);
1064 f = NULL;
1065
1053 if (exited_cleanly(pid, "AuthorizedKeysCommand", command) != 0) 1066 if (exited_cleanly(pid, "AuthorizedKeysCommand", command) != 0)
1054 goto out; 1067 goto out;
1055 1068
diff --git a/auth2.c b/auth2.c
index 9108b8612..97dd2ef0a 100644
--- a/auth2.c
+++ b/auth2.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth2.c,v 1.136 2016/05/02 08:49:03 djm Exp $ */ 1/* $OpenBSD: auth2.c,v 1.137 2017/02/03 23:05:57 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * 4 *
@@ -212,6 +212,7 @@ input_service_request(int type, u_int32_t seq, void *ctxt)
212static int 212static int
213input_userauth_request(int type, u_int32_t seq, void *ctxt) 213input_userauth_request(int type, u_int32_t seq, void *ctxt)
214{ 214{
215 struct ssh *ssh = active_state; /* XXX */
215 Authctxt *authctxt = ctxt; 216 Authctxt *authctxt = ctxt;
216 Authmethod *m = NULL; 217 Authmethod *m = NULL;
217 char *user, *service, *method, *style = NULL; 218 char *user, *service, *method, *style = NULL;
@@ -235,9 +236,10 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
235 authctxt->user = xstrdup(user); 236 authctxt->user = xstrdup(user);
236 if (authctxt->pw && strcmp(service, "ssh-connection")==0) { 237 if (authctxt->pw && strcmp(service, "ssh-connection")==0) {
237 authctxt->valid = 1; 238 authctxt->valid = 1;
238 debug2("input_userauth_request: setting up authctxt for %s", user); 239 debug2("%s: setting up authctxt for %s",
240 __func__, user);
239 } else { 241 } else {
240 logit("input_userauth_request: invalid user %s", user); 242 /* Invalid user, fake password information */
241 authctxt->pw = fakepw(); 243 authctxt->pw = fakepw();
242#ifdef SSH_AUDIT_EVENTS 244#ifdef SSH_AUDIT_EVENTS
243 PRIVSEP(audit_event(SSH_INVALID_USER)); 245 PRIVSEP(audit_event(SSH_INVALID_USER));
@@ -247,6 +249,8 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
247 if (options.use_pam) 249 if (options.use_pam)
248 PRIVSEP(start_pam(authctxt)); 250 PRIVSEP(start_pam(authctxt));
249#endif 251#endif
252 ssh_packet_set_log_preamble(ssh, "%suser %s",
253 authctxt->valid ? "authenticating " : "invalid ", user);
250 setproctitle("%s%s", authctxt->valid ? user : "unknown", 254 setproctitle("%s%s", authctxt->valid ? user : "unknown",
251 use_privsep ? " [net]" : ""); 255 use_privsep ? " [net]" : "");
252 authctxt->service = xstrdup(service); 256 authctxt->service = xstrdup(service);
@@ -292,6 +296,7 @@ void
292userauth_finish(Authctxt *authctxt, int authenticated, const char *method, 296userauth_finish(Authctxt *authctxt, int authenticated, const char *method,
293 const char *submethod) 297 const char *submethod)
294{ 298{
299 struct ssh *ssh = active_state; /* XXX */
295 char *methods; 300 char *methods;
296 int partial = 0; 301 int partial = 0;
297 302
@@ -353,6 +358,7 @@ userauth_finish(Authctxt *authctxt, int authenticated, const char *method,
353 packet_write_wait(); 358 packet_write_wait();
354 /* now we can break out */ 359 /* now we can break out */
355 authctxt->success = 1; 360 authctxt->success = 1;
361 ssh_packet_set_log_preamble(ssh, "user %s", authctxt->user);
356 } else { 362 } else {
357 363
358 /* Allow initial try of "none" auth without failure penalty */ 364 /* Allow initial try of "none" auth without failure penalty */
diff --git a/channels.c b/channels.c
index bef8ad6aa..d030fcdd9 100644
--- a/channels.c
+++ b/channels.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: channels.c,v 1.356 2016/10/18 17:32:54 dtucker Exp $ */ 1/* $OpenBSD: channels.c,v 1.357 2017/02/01 02:59:09 dtucker Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -3065,7 +3065,7 @@ channel_input_port_open(int type, u_int32_t seq, void *ctxt)
3065 } 3065 }
3066 packet_check_eom(); 3066 packet_check_eom();
3067 c = channel_connect_to_port(host, host_port, 3067 c = channel_connect_to_port(host, host_port,
3068 "connected socket", originator_string); 3068 "connected socket", originator_string, NULL, NULL);
3069 free(originator_string); 3069 free(originator_string);
3070 free(host); 3070 free(host);
3071 if (c == NULL) { 3071 if (c == NULL) {
@@ -4026,9 +4026,13 @@ channel_connect_ctx_free(struct channel_connect *cctx)
4026 memset(cctx, 0, sizeof(*cctx)); 4026 memset(cctx, 0, sizeof(*cctx));
4027} 4027}
4028 4028
4029/* Return CONNECTING channel to remote host:port or local socket path */ 4029/*
4030 * Return CONNECTING channel to remote host:port or local socket path,
4031 * passing back the failure reason if appropriate.
4032 */
4030static Channel * 4033static Channel *
4031connect_to(const char *name, int port, char *ctype, char *rname) 4034connect_to_reason(const char *name, int port, char *ctype, char *rname,
4035 int *reason, const char **errmsg)
4032{ 4036{
4033 struct addrinfo hints; 4037 struct addrinfo hints;
4034 int gaierr; 4038 int gaierr;
@@ -4069,7 +4073,12 @@ connect_to(const char *name, int port, char *ctype, char *rname)
4069 hints.ai_family = IPv4or6; 4073 hints.ai_family = IPv4or6;
4070 hints.ai_socktype = SOCK_STREAM; 4074 hints.ai_socktype = SOCK_STREAM;
4071 snprintf(strport, sizeof strport, "%d", port); 4075 snprintf(strport, sizeof strport, "%d", port);
4072 if ((gaierr = getaddrinfo(name, strport, &hints, &cctx.aitop)) != 0) { 4076 if ((gaierr = getaddrinfo(name, strport, &hints, &cctx.aitop))
4077 != 0) {
4078 if (errmsg != NULL)
4079 *errmsg = ssh_gai_strerror(gaierr);
4080 if (reason != NULL)
4081 *reason = SSH2_OPEN_CONNECT_FAILED;
4073 error("connect_to %.100s: unknown host (%s)", name, 4082 error("connect_to %.100s: unknown host (%s)", name,
4074 ssh_gai_strerror(gaierr)); 4083 ssh_gai_strerror(gaierr));
4075 return NULL; 4084 return NULL;
@@ -4092,6 +4101,13 @@ connect_to(const char *name, int port, char *ctype, char *rname)
4092 return c; 4101 return c;
4093} 4102}
4094 4103
4104/* Return CONNECTING channel to remote host:port or local socket path */
4105static Channel *
4106connect_to(const char *name, int port, char *ctype, char *rname)
4107{
4108 return connect_to_reason(name, port, ctype, rname, NULL, NULL);
4109}
4110
4095/* 4111/*
4096 * returns either the newly connected channel or the downstream channel 4112 * returns either the newly connected channel or the downstream channel
4097 * that needs to deal with this connection. 4113 * that needs to deal with this connection.
@@ -4136,7 +4152,8 @@ channel_connect_by_listen_path(const char *path, char *ctype, char *rname)
4136 4152
4137/* Check if connecting to that port is permitted and connect. */ 4153/* Check if connecting to that port is permitted and connect. */
4138Channel * 4154Channel *
4139channel_connect_to_port(const char *host, u_short port, char *ctype, char *rname) 4155channel_connect_to_port(const char *host, u_short port, char *ctype,
4156 char *rname, int *reason, const char **errmsg)
4140{ 4157{
4141 int i, permit, permit_adm = 1; 4158 int i, permit, permit_adm = 1;
4142 4159
@@ -4161,9 +4178,11 @@ channel_connect_to_port(const char *host, u_short port, char *ctype, char *rname
4161 if (!permit || !permit_adm) { 4178 if (!permit || !permit_adm) {
4162 logit("Received request to connect to host %.100s port %d, " 4179 logit("Received request to connect to host %.100s port %d, "
4163 "but the request was denied.", host, port); 4180 "but the request was denied.", host, port);
4181 if (reason != NULL)
4182 *reason = SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED;
4164 return NULL; 4183 return NULL;
4165 } 4184 }
4166 return connect_to(host, port, ctype, rname); 4185 return connect_to_reason(host, port, ctype, rname, reason, errmsg);
4167} 4186}
4168 4187
4169/* Check if connecting to that path is permitted and connect. */ 4188/* Check if connecting to that path is permitted and connect. */
@@ -4354,6 +4373,33 @@ connect_local_xsocket(u_int dnr)
4354 return connect_local_xsocket_path(buf); 4373 return connect_local_xsocket_path(buf);
4355} 4374}
4356 4375
4376#ifdef __APPLE__
4377static int
4378is_path_to_xsocket(const char *display, char *path, size_t pathlen)
4379{
4380 struct stat sbuf;
4381
4382 if (strlcpy(path, display, pathlen) >= pathlen) {
4383 error("%s: display path too long", __func__);
4384 return 0;
4385 }
4386 if (display[0] != '/')
4387 return 0;
4388 if (stat(path, &sbuf) == 0) {
4389 return 1;
4390 } else {
4391 char *dot = strrchr(path, '.');
4392 if (dot != NULL) {
4393 *dot = '\0';
4394 if (stat(path, &sbuf) == 0) {
4395 return 1;
4396 }
4397 }
4398 }
4399 return 0;
4400}
4401#endif
4402
4357int 4403int
4358x11_connect_display(void) 4404x11_connect_display(void)
4359{ 4405{
@@ -4375,15 +4421,22 @@ x11_connect_display(void)
4375 * connection to the real X server. 4421 * connection to the real X server.
4376 */ 4422 */
4377 4423
4378 /* Check if the display is from launchd. */
4379#ifdef __APPLE__ 4424#ifdef __APPLE__
4380 if (strncmp(display, "/tmp/launch", 11) == 0) { 4425 /* Check if display is a path to a socket (as set by launchd). */
4381 sock = connect_local_xsocket_path(display); 4426 {
4382 if (sock < 0) 4427 char path[PATH_MAX];
4383 return -1;
4384 4428
4385 /* OK, we now have a connection to the display. */ 4429 if (is_path_to_xsocket(display, path, sizeof(path))) {
4386 return sock; 4430 debug("x11_connect_display: $DISPLAY is launchd");
4431
4432 /* Create a socket. */
4433 sock = connect_local_xsocket_path(path);
4434 if (sock < 0)
4435 return -1;
4436
4437 /* OK, we now have a connection to the display. */
4438 return sock;
4439 }
4387 } 4440 }
4388#endif 4441#endif
4389 /* 4442 /*
diff --git a/channels.h b/channels.h
index 09c3c3655..ce43236d5 100644
--- a/channels.h
+++ b/channels.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: channels.h,v 1.120 2016/10/18 17:32:54 dtucker Exp $ */ 1/* $OpenBSD: channels.h,v 1.121 2017/02/01 02:59:09 dtucker Exp $ */
2 2
3/* 3/*
4 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -275,7 +275,8 @@ void channel_update_permitted_opens(int, int);
275void channel_clear_permitted_opens(void); 275void channel_clear_permitted_opens(void);
276void channel_clear_adm_permitted_opens(void); 276void channel_clear_adm_permitted_opens(void);
277void channel_print_adm_permitted_opens(void); 277void channel_print_adm_permitted_opens(void);
278Channel *channel_connect_to_port(const char *, u_short, char *, char *); 278Channel *channel_connect_to_port(const char *, u_short, char *, char *, int *,
279 const char **);
279Channel *channel_connect_to_path(const char *, char *, char *); 280Channel *channel_connect_to_path(const char *, char *, char *);
280Channel *channel_connect_stdio_fwd(const char*, u_short, int, int); 281Channel *channel_connect_stdio_fwd(const char*, u_short, int, int);
281Channel *channel_connect_by_listen_address(const char *, u_short, 282Channel *channel_connect_by_listen_address(const char *, u_short,
diff --git a/clientloop.c b/clientloop.c
index 4289a4081..064816234 100644
--- a/clientloop.c
+++ b/clientloop.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: clientloop.c,v 1.289 2016/09/30 09:19:13 markus Exp $ */ 1/* $OpenBSD: clientloop.c,v 1.291 2017/03/10 05:01:13 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -991,7 +991,7 @@ process_cmdline(void)
991 CHANNEL_CANCEL_PORT_STATIC, 991 CHANNEL_CANCEL_PORT_STATIC,
992 &options.fwd_opts) > 0; 992 &options.fwd_opts) > 0;
993 if (!ok) { 993 if (!ok) {
994 logit("Unkown port forwarding."); 994 logit("Unknown port forwarding.");
995 goto out; 995 goto out;
996 } 996 }
997 logit("Canceled forwarding."); 997 logit("Canceled forwarding.");
@@ -2391,6 +2391,26 @@ client_global_hostkeys_private_confirm(int type, u_int32_t seq, void *_ctx)
2391} 2391}
2392 2392
2393/* 2393/*
2394 * Returns non-zero if the key is accepted by HostkeyAlgorithms.
2395 * Made slightly less trivial by the multiple RSA signature algorithm names.
2396 */
2397static int
2398key_accepted_by_hostkeyalgs(const struct sshkey *key)
2399{
2400 const char *ktype = sshkey_ssh_name(key);
2401 const char *hostkeyalgs = options.hostkeyalgorithms != NULL ?
2402 options.hostkeyalgorithms : KEX_DEFAULT_PK_ALG;
2403
2404 if (key == NULL || key->type == KEY_UNSPEC)
2405 return 0;
2406 if (key->type == KEY_RSA &&
2407 (match_pattern_list("rsa-sha2-256", hostkeyalgs, 0) == 1 ||
2408 match_pattern_list("rsa-sha2-512", hostkeyalgs, 0) == 1))
2409 return 1;
2410 return match_pattern_list(ktype, hostkeyalgs, 0) == 1;
2411}
2412
2413/*
2394 * Handle hostkeys-00@openssh.com global request to inform the client of all 2414 * Handle hostkeys-00@openssh.com global request to inform the client of all
2395 * the server's hostkeys. The keys are checked against the user's 2415 * the server's hostkeys. The keys are checked against the user's
2396 * HostkeyAlgorithms preference before they are accepted. 2416 * HostkeyAlgorithms preference before they are accepted.
@@ -2436,10 +2456,7 @@ client_input_hostkeys(void)
2436 sshkey_type(key), fp); 2456 sshkey_type(key), fp);
2437 free(fp); 2457 free(fp);
2438 2458
2439 /* Check that the key is accepted in HostkeyAlgorithms */ 2459 if (!key_accepted_by_hostkeyalgs(key)) {
2440 if (match_pattern_list(sshkey_ssh_name(key),
2441 options.hostkeyalgorithms ? options.hostkeyalgorithms :
2442 KEX_DEFAULT_PK_ALG, 0) != 1) {
2443 debug3("%s: %s key not permitted by HostkeyAlgorithms", 2460 debug3("%s: %s key not permitted by HostkeyAlgorithms",
2444 __func__, sshkey_ssh_name(key)); 2461 __func__, sshkey_ssh_name(key));
2445 continue; 2462 continue;
diff --git a/compat.c b/compat.c
index 69a104fbf..1e80cfa9a 100644
--- a/compat.c
+++ b/compat.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: compat.c,v 1.99 2016/05/24 02:31:57 dtucker Exp $ */ 1/* $OpenBSD: compat.c,v 1.100 2017/02/03 23:01:19 djm Exp $ */
2/* 2/*
3 * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved. 3 * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved.
4 * 4 *
@@ -37,6 +37,7 @@
37#include "compat.h" 37#include "compat.h"
38#include "log.h" 38#include "log.h"
39#include "match.h" 39#include "match.h"
40#include "kex.h"
40 41
41int compat13 = 0; 42int compat13 = 0;
42int compat20 = 0; 43int compat20 = 0;
@@ -250,42 +251,14 @@ proto_spec(const char *spec)
250 return ret; 251 return ret;
251} 252}
252 253
253/*
254 * Filters a proposal string, excluding any algorithm matching the 'filter'
255 * pattern list.
256 */
257static char *
258filter_proposal(char *proposal, const char *filter)
259{
260 Buffer b;
261 char *orig_prop, *fix_prop;
262 char *cp, *tmp;
263
264 buffer_init(&b);
265 tmp = orig_prop = xstrdup(proposal);
266 while ((cp = strsep(&tmp, ",")) != NULL) {
267 if (match_pattern_list(cp, filter, 0) != 1) {
268 if (buffer_len(&b) > 0)
269 buffer_append(&b, ",", 1);
270 buffer_append(&b, cp, strlen(cp));
271 } else
272 debug2("Compat: skipping algorithm \"%s\"", cp);
273 }
274 buffer_append(&b, "\0", 1);
275 fix_prop = xstrdup((char *)buffer_ptr(&b));
276 buffer_free(&b);
277 free(orig_prop);
278
279 return fix_prop;
280}
281
282char * 254char *
283compat_cipher_proposal(char *cipher_prop) 255compat_cipher_proposal(char *cipher_prop)
284{ 256{
285 if (!(datafellows & SSH_BUG_BIGENDIANAES)) 257 if (!(datafellows & SSH_BUG_BIGENDIANAES))
286 return cipher_prop; 258 return cipher_prop;
287 debug2("%s: original cipher proposal: %s", __func__, cipher_prop); 259 debug2("%s: original cipher proposal: %s", __func__, cipher_prop);
288 cipher_prop = filter_proposal(cipher_prop, "aes*"); 260 if ((cipher_prop = match_filter_list(cipher_prop, "aes*")) == NULL)
261 fatal("match_filter_list failed");
289 debug2("%s: compat cipher proposal: %s", __func__, cipher_prop); 262 debug2("%s: compat cipher proposal: %s", __func__, cipher_prop);
290 if (*cipher_prop == '\0') 263 if (*cipher_prop == '\0')
291 fatal("No supported ciphers found"); 264 fatal("No supported ciphers found");
@@ -298,7 +271,8 @@ compat_pkalg_proposal(char *pkalg_prop)
298 if (!(datafellows & SSH_BUG_RSASIGMD5)) 271 if (!(datafellows & SSH_BUG_RSASIGMD5))
299 return pkalg_prop; 272 return pkalg_prop;
300 debug2("%s: original public key proposal: %s", __func__, pkalg_prop); 273 debug2("%s: original public key proposal: %s", __func__, pkalg_prop);
301 pkalg_prop = filter_proposal(pkalg_prop, "ssh-rsa"); 274 if ((pkalg_prop = match_filter_list(pkalg_prop, "ssh-rsa")) == NULL)
275 fatal("match_filter_list failed");
302 debug2("%s: compat public key proposal: %s", __func__, pkalg_prop); 276 debug2("%s: compat public key proposal: %s", __func__, pkalg_prop);
303 if (*pkalg_prop == '\0') 277 if (*pkalg_prop == '\0')
304 fatal("No supported PK algorithms found"); 278 fatal("No supported PK algorithms found");
@@ -312,10 +286,14 @@ compat_kex_proposal(char *p)
312 return p; 286 return p;
313 debug2("%s: original KEX proposal: %s", __func__, p); 287 debug2("%s: original KEX proposal: %s", __func__, p);
314 if ((datafellows & SSH_BUG_CURVE25519PAD) != 0) 288 if ((datafellows & SSH_BUG_CURVE25519PAD) != 0)
315 p = filter_proposal(p, "curve25519-sha256@libssh.org"); 289 if ((p = match_filter_list(p,
290 "curve25519-sha256@libssh.org")) == NULL)
291 fatal("match_filter_list failed");
316 if ((datafellows & SSH_OLD_DHGEX) != 0) { 292 if ((datafellows & SSH_OLD_DHGEX) != 0) {
317 p = filter_proposal(p, "diffie-hellman-group-exchange-sha256"); 293 if ((p = match_filter_list(p,
318 p = filter_proposal(p, "diffie-hellman-group-exchange-sha1"); 294 "diffie-hellman-group-exchange-sha256,"
295 "diffie-hellman-group-exchange-sha1")) == NULL)
296 fatal("match_filter_list failed");
319 } 297 }
320 debug2("%s: compat KEX proposal: %s", __func__, p); 298 debug2("%s: compat KEX proposal: %s", __func__, p);
321 if (*p == '\0') 299 if (*p == '\0')
diff --git a/config.h.in b/config.h.in
index 75e02ab45..b65420e4a 100644
--- a/config.h.in
+++ b/config.h.in
@@ -736,6 +736,9 @@
736/* Define to 1 if you have the <linux/seccomp.h> header file. */ 736/* Define to 1 if you have the <linux/seccomp.h> header file. */
737#undef HAVE_LINUX_SECCOMP_H 737#undef HAVE_LINUX_SECCOMP_H
738 738
739/* Define to 1 if you have the `llabs' function. */
740#undef HAVE_LLABS
741
739/* Define to 1 if you have the <locale.h> header file. */ 742/* Define to 1 if you have the <locale.h> header file. */
740#undef HAVE_LOCALE_H 743#undef HAVE_LOCALE_H
741 744
diff --git a/configure b/configure
index ec3a98ffc..5eaaa392f 100755
--- a/configure
+++ b/configure
@@ -647,6 +647,7 @@ COMMENT_OUT_ECC
647TEST_SSH_ECC 647TEST_SSH_ECC
648LIBEDIT 648LIBEDIT
649PKGCONFIG 649PKGCONFIG
650LDNSCONFIG
650COMMENT_OUT_RSA1 651COMMENT_OUT_RSA1
651LD 652LD
652PATH_PASSWD_PROG 653PATH_PASSWD_PROG
@@ -7593,6 +7594,7 @@ $as_echo "#define USE_BTMP 1" >>confdefs.h
7593 use_pie=auto 7594 use_pie=auto
7594 check_for_libcrypt_later=1 7595 check_for_libcrypt_later=1
7595 check_for_openpty_ctty_bug=1 7596 check_for_openpty_ctty_bug=1
7597 CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE"
7596 7598
7597$as_echo "#define PAM_TTY_KLUDGE 1" >>confdefs.h 7599$as_echo "#define PAM_TTY_KLUDGE 1" >>confdefs.h
7598 7600
@@ -9958,22 +9960,131 @@ LDNS_MSG="no"
9958# Check whether --with-ldns was given. 9960# Check whether --with-ldns was given.
9959if test "${with_ldns+set}" = set; then : 9961if test "${with_ldns+set}" = set; then :
9960 withval=$with_ldns; 9962 withval=$with_ldns;
9961 if test "x$withval" != "xno" ; then 9963 ldns=""
9964 if test "x$withval" = "xyes" ; then
9965 if test -n "$ac_tool_prefix"; then
9966 # Extract the first word of "${ac_tool_prefix}ldns-config", so it can be a program name with args.
9967set dummy ${ac_tool_prefix}ldns-config; ac_word=$2
9968{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
9969$as_echo_n "checking for $ac_word... " >&6; }
9970if ${ac_cv_path_LDNSCONFIG+:} false; then :
9971 $as_echo_n "(cached) " >&6
9972else
9973 case $LDNSCONFIG in
9974 [\\/]* | ?:[\\/]*)
9975 ac_cv_path_LDNSCONFIG="$LDNSCONFIG" # Let the user override the test with a path.
9976 ;;
9977 *)
9978 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
9979for as_dir in $PATH
9980do
9981 IFS=$as_save_IFS
9982 test -z "$as_dir" && as_dir=.
9983 for ac_exec_ext in '' $ac_executable_extensions; do
9984 if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
9985 ac_cv_path_LDNSCONFIG="$as_dir/$ac_word$ac_exec_ext"
9986 $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
9987 break 2
9988 fi
9989done
9990 done
9991IFS=$as_save_IFS
9962 9992
9963 if test "x$withval" != "xyes" ; then 9993 ;;
9964 CPPFLAGS="$CPPFLAGS -I${withval}/include" 9994esac
9965 LDFLAGS="$LDFLAGS -L${withval}/lib" 9995fi
9966 fi 9996LDNSCONFIG=$ac_cv_path_LDNSCONFIG
9997if test -n "$LDNSCONFIG"; then
9998 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LDNSCONFIG" >&5
9999$as_echo "$LDNSCONFIG" >&6; }
10000else
10001 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
10002$as_echo "no" >&6; }
10003fi
9967 10004
9968 10005
9969$as_echo "#define HAVE_LDNS 1" >>confdefs.h 10006fi
10007if test -z "$ac_cv_path_LDNSCONFIG"; then
10008 ac_pt_LDNSCONFIG=$LDNSCONFIG
10009 # Extract the first word of "ldns-config", so it can be a program name with args.
10010set dummy ldns-config; ac_word=$2
10011{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
10012$as_echo_n "checking for $ac_word... " >&6; }
10013if ${ac_cv_path_ac_pt_LDNSCONFIG+:} false; then :
10014 $as_echo_n "(cached) " >&6
10015else
10016 case $ac_pt_LDNSCONFIG in
10017 [\\/]* | ?:[\\/]*)
10018 ac_cv_path_ac_pt_LDNSCONFIG="$ac_pt_LDNSCONFIG" # Let the user override the test with a path.
10019 ;;
10020 *)
10021 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
10022for as_dir in $PATH
10023do
10024 IFS=$as_save_IFS
10025 test -z "$as_dir" && as_dir=.
10026 for ac_exec_ext in '' $ac_executable_extensions; do
10027 if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
10028 ac_cv_path_ac_pt_LDNSCONFIG="$as_dir/$ac_word$ac_exec_ext"
10029 $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
10030 break 2
10031 fi
10032done
10033 done
10034IFS=$as_save_IFS
9970 10035
9971 LIBS="-lldns $LIBS" 10036 ;;
9972 LDNS_MSG="yes" 10037esac
10038fi
10039ac_pt_LDNSCONFIG=$ac_cv_path_ac_pt_LDNSCONFIG
10040if test -n "$ac_pt_LDNSCONFIG"; then
10041 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_pt_LDNSCONFIG" >&5
10042$as_echo "$ac_pt_LDNSCONFIG" >&6; }
10043else
10044 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
10045$as_echo "no" >&6; }
10046fi
9973 10047
9974 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ldns support" >&5 10048 if test "x$ac_pt_LDNSCONFIG" = x; then
10049 LDNSCONFIG="no"
10050 else
10051 case $cross_compiling:$ac_tool_warned in
10052yes:)
10053{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
10054$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
10055ac_tool_warned=yes ;;
10056esac
10057 LDNSCONFIG=$ac_pt_LDNSCONFIG
10058 fi
10059else
10060 LDNSCONFIG="$ac_cv_path_LDNSCONFIG"
10061fi
10062
10063 if test "x$PKGCONFIG" = "xno"; then
10064 CPPFLAGS="$CPPFLAGS -I${withval}/include"
10065 LDFLAGS="$LDFLAGS -L${withval}/lib"
10066 LIBS="-lldns $LIBS"
10067 ldns=yes
10068 else
10069 LIBS="$LIBS `$LDNSCONFIG --libs`"
10070 CPPFLAGS="$CPPFLAGS `$LDNSCONFIG --cflags`"
10071 fi
10072 elif test "x$withval" != "xno" ; then
10073 CPPFLAGS="$CPPFLAGS -I${withval}/include"
10074 LDFLAGS="$LDFLAGS -L${withval}/lib"
10075 LIBS="-lldns $LIBS"
10076 ldns=yes
10077 fi
10078
10079 # Verify that it works.
10080 if test "x$ldns" = "xyes" ; then
10081
10082$as_echo "#define HAVE_LDNS 1" >>confdefs.h
10083
10084 LDNS_MSG="yes"
10085 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ldns support" >&5
9975$as_echo_n "checking for ldns support... " >&6; } 10086$as_echo_n "checking for ldns support... " >&6; }
9976 cat confdefs.h - <<_ACEOF >conftest.$ac_ext 10087 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
9977/* end confdefs.h. */ 10088/* end confdefs.h. */
9978 10089
9979#include <stdio.h> 10090#include <stdio.h>
@@ -9996,8 +10107,7 @@ $as_echo "no" >&6; }
9996fi 10107fi
9997rm -f core conftest.err conftest.$ac_objext \ 10108rm -f core conftest.err conftest.$ac_objext \
9998 conftest$ac_exeext conftest.$ac_ext 10109 conftest$ac_exeext conftest.$ac_ext
9999 fi 10110 fi
10000
10001 10111
10002fi 10112fi
10003 10113
@@ -10558,6 +10668,7 @@ for ac_func in \
10558 inet_ntoa \ 10668 inet_ntoa \
10559 inet_ntop \ 10669 inet_ntop \
10560 innetgr \ 10670 innetgr \
10671 llabs \
10561 login_getcapbool \ 10672 login_getcapbool \
10562 md5_crypt \ 10673 md5_crypt \
10563 memmove \ 10674 memmove \
@@ -10637,8 +10748,6 @@ fi
10637done 10748done
10638 10749
10639 10750
10640saved_CFLAGS="$CFLAGS"
10641CFLAGS="$CFLAGS -D_XOPEN_SOURCE"
10642for ac_func in mblen mbtowc nl_langinfo wcwidth 10751for ac_func in mblen mbtowc nl_langinfo wcwidth
10643do : 10752do :
10644 as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` 10753 as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
@@ -10651,7 +10760,6 @@ _ACEOF
10651fi 10760fi
10652done 10761done
10653 10762
10654CFLAGS="$saved_CFLAGS"
10655 10763
10656TEST_SSH_UTF8=${TEST_SSH_UTF8:=yes} 10764TEST_SSH_UTF8=${TEST_SSH_UTF8:=yes}
10657{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for utf8 locale support" >&5 10765{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for utf8 locale support" >&5
@@ -12373,8 +12481,8 @@ if ac_fn_c_try_run "$LINENO"; then :
12373 ssl_library_ver=`cat conftest.ssllibver` 12481 ssl_library_ver=`cat conftest.ssllibver`
12374 # Check version is supported. 12482 # Check version is supported.
12375 case "$ssl_library_ver" in 12483 case "$ssl_library_ver" in
12376 0090[0-7]*|009080[0-5]*) 12484 10000*|0*)
12377 as_fn_error $? "OpenSSL >= 0.9.8f required (have \"$ssl_library_ver\")" "$LINENO" 5 12485 as_fn_error $? "OpenSSL >= 1.0.1 required (have \"$ssl_library_ver\")" "$LINENO" 5
12378 ;; 12486 ;;
12379 *) ;; 12487 *) ;;
12380 esac 12488 esac
@@ -20282,6 +20390,7 @@ echo " Smartcard support: $SCARD_MSG"
20282echo " S/KEY support: $SKEY_MSG" 20390echo " S/KEY support: $SKEY_MSG"
20283echo " MD5 password support: $MD5_MSG" 20391echo " MD5 password support: $MD5_MSG"
20284echo " libedit support: $LIBEDIT_MSG" 20392echo " libedit support: $LIBEDIT_MSG"
20393echo " libldns support: $LDNS_MSG"
20285echo " Solaris process contract support: $SPC_MSG" 20394echo " Solaris process contract support: $SPC_MSG"
20286echo " Solaris project support: $SP_MSG" 20395echo " Solaris project support: $SP_MSG"
20287echo " Solaris privilege support: $SPP_MSG" 20396echo " Solaris privilege support: $SPP_MSG"
diff --git a/configure.ac b/configure.ac
index eb9f45dcc..c2878e3d4 100644
--- a/configure.ac
+++ b/configure.ac
@@ -740,6 +740,9 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
740 use_pie=auto 740 use_pie=auto
741 check_for_libcrypt_later=1 741 check_for_libcrypt_later=1
742 check_for_openpty_ctty_bug=1 742 check_for_openpty_ctty_bug=1
743 dnl Target SUSv3/POSIX.1-2001 plus BSD specifics.
744 dnl _DEFAULT_SOURCE is the new name for _BSD_SOURCE
745 CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE"
743 AC_DEFINE([PAM_TTY_KLUDGE], [1], 746 AC_DEFINE([PAM_TTY_KLUDGE], [1],
744 [Work around problematic Linux PAM modules handling of PAM_TTY]) 747 [Work around problematic Linux PAM modules handling of PAM_TTY])
745 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"], 748 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"],
@@ -1471,36 +1474,47 @@ AC_ARG_WITH([skey],
1471LDNS_MSG="no" 1474LDNS_MSG="no"
1472AC_ARG_WITH(ldns, 1475AC_ARG_WITH(ldns,
1473 [ --with-ldns[[=PATH]] Use ldns for DNSSEC support (optionally in PATH)], 1476 [ --with-ldns[[=PATH]] Use ldns for DNSSEC support (optionally in PATH)],
1474 [ 1477 [
1475 if test "x$withval" != "xno" ; then 1478 ldns=""
1476 1479 if test "x$withval" = "xyes" ; then
1477 if test "x$withval" != "xyes" ; then 1480 AC_PATH_TOOL([LDNSCONFIG], [ldns-config], [no])
1478 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1481 if test "x$PKGCONFIG" = "xno"; then
1479 LDFLAGS="$LDFLAGS -L${withval}/lib" 1482 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1480 fi 1483 LDFLAGS="$LDFLAGS -L${withval}/lib"
1481 1484 LIBS="-lldns $LIBS"
1482 AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support]) 1485 ldns=yes
1483 LIBS="-lldns $LIBS" 1486 else
1484 LDNS_MSG="yes" 1487 LIBS="$LIBS `$LDNSCONFIG --libs`"
1488 CPPFLAGS="$CPPFLAGS `$LDNSCONFIG --cflags`"
1489 fi
1490 elif test "x$withval" != "xno" ; then
1491 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1492 LDFLAGS="$LDFLAGS -L${withval}/lib"
1493 LIBS="-lldns $LIBS"
1494 ldns=yes
1495 fi
1485 1496
1486 AC_MSG_CHECKING([for ldns support]) 1497 # Verify that it works.
1487 AC_LINK_IFELSE( 1498 if test "x$ldns" = "xyes" ; then
1488 [AC_LANG_SOURCE([[ 1499 AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support])
1500 LDNS_MSG="yes"
1501 AC_MSG_CHECKING([for ldns support])
1502 AC_LINK_IFELSE(
1503 [AC_LANG_SOURCE([[
1489#include <stdio.h> 1504#include <stdio.h>
1490#include <stdlib.h> 1505#include <stdlib.h>
1491#include <stdint.h> 1506#include <stdint.h>
1492#include <ldns/ldns.h> 1507#include <ldns/ldns.h>
1493int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); } 1508int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); }
1494 ]]) 1509 ]])
1495 ], 1510 ],
1496 [AC_MSG_RESULT(yes)], 1511 [AC_MSG_RESULT(yes)],
1497 [ 1512 [
1498 AC_MSG_RESULT(no) 1513 AC_MSG_RESULT(no)
1499 AC_MSG_ERROR([** Incomplete or missing ldns libraries.]) 1514 AC_MSG_ERROR([** Incomplete or missing ldns libraries.])
1500 ]) 1515 ])
1501 fi 1516 fi
1502 ] 1517])
1503)
1504 1518
1505# Check whether user wants libedit support 1519# Check whether user wants libedit support
1506LIBEDIT_MSG="no" 1520LIBEDIT_MSG="no"
@@ -1703,6 +1717,7 @@ AC_CHECK_FUNCS([ \
1703 inet_ntoa \ 1717 inet_ntoa \
1704 inet_ntop \ 1718 inet_ntop \
1705 innetgr \ 1719 innetgr \
1720 llabs \
1706 login_getcapbool \ 1721 login_getcapbool \
1707 md5_crypt \ 1722 md5_crypt \
1708 memmove \ 1723 memmove \
@@ -1771,11 +1786,8 @@ AC_CHECK_FUNCS([ \
1771 warn \ 1786 warn \
1772]) 1787])
1773 1788
1774dnl Wide character support. Linux man page says it needs _XOPEN_SOURCE. 1789dnl Wide character support.
1775saved_CFLAGS="$CFLAGS"
1776CFLAGS="$CFLAGS -D_XOPEN_SOURCE"
1777AC_CHECK_FUNCS([mblen mbtowc nl_langinfo wcwidth]) 1790AC_CHECK_FUNCS([mblen mbtowc nl_langinfo wcwidth])
1778CFLAGS="$saved_CFLAGS"
1779 1791
1780TEST_SSH_UTF8=${TEST_SSH_UTF8:=yes} 1792TEST_SSH_UTF8=${TEST_SSH_UTF8:=yes}
1781AC_MSG_CHECKING([for utf8 locale support]) 1793AC_MSG_CHECKING([for utf8 locale support])
@@ -2520,8 +2532,8 @@ if test "x$openssl" = "xyes" ; then
2520 ssl_library_ver=`cat conftest.ssllibver` 2532 ssl_library_ver=`cat conftest.ssllibver`
2521 # Check version is supported. 2533 # Check version is supported.
2522 case "$ssl_library_ver" in 2534 case "$ssl_library_ver" in
2523 0090[[0-7]]*|009080[[0-5]]*) 2535 10000*|0*)
2524 AC_MSG_ERROR([OpenSSL >= 0.9.8f required (have "$ssl_library_ver")]) 2536 AC_MSG_ERROR([OpenSSL >= 1.0.1 required (have "$ssl_library_ver")])
2525 ;; 2537 ;;
2526 *) ;; 2538 *) ;;
2527 esac 2539 esac
@@ -5083,6 +5095,7 @@ echo " Smartcard support: $SCARD_MSG"
5083echo " S/KEY support: $SKEY_MSG" 5095echo " S/KEY support: $SKEY_MSG"
5084echo " MD5 password support: $MD5_MSG" 5096echo " MD5 password support: $MD5_MSG"
5085echo " libedit support: $LIBEDIT_MSG" 5097echo " libedit support: $LIBEDIT_MSG"
5098echo " libldns support: $LDNS_MSG"
5086echo " Solaris process contract support: $SPC_MSG" 5099echo " Solaris process contract support: $SPC_MSG"
5087echo " Solaris project support: $SP_MSG" 5100echo " Solaris project support: $SP_MSG"
5088echo " Solaris privilege support: $SPP_MSG" 5101echo " Solaris privilege support: $SPP_MSG"
diff --git a/contrib/cygwin/ssh-host-config b/contrib/cygwin/ssh-host-config
index d934d09b5..db6aaa08a 100644
--- a/contrib/cygwin/ssh-host-config
+++ b/contrib/cygwin/ssh-host-config
@@ -63,7 +63,6 @@ sshd_config_configured=no
63port_number=22 63port_number=22
64service_name=sshd 64service_name=sshd
65strictmodes=yes 65strictmodes=yes
66privsep_used=yes
67cygwin_value="" 66cygwin_value=""
68user_account= 67user_account=
69password_value= 68password_value=
@@ -140,33 +139,21 @@ sshd_strictmodes() {
140 139
141# ====================================================================== 140# ======================================================================
142# Routine: sshd_privsep 141# Routine: sshd_privsep
143# MODIFIES: privsep_used 142# Try to create ssshd user account
144# ====================================================================== 143# ======================================================================
145sshd_privsep() { 144sshd_privsep() {
146 local ret=0 145 local ret=0
147 146
148 if [ "${sshd_config_configured}" != "yes" ] 147 if [ "${sshd_config_configured}" != "yes" ]
149 then 148 then
150 echo 149 if ! csih_create_unprivileged_user sshd
151 csih_inform "Privilege separation is set to 'sandbox' by default since"
152 csih_inform "OpenSSH 6.1. This is unsupported by Cygwin and has to be set"
153 csih_inform "to 'yes' or 'no'."
154 csih_inform "However, using privilege separation requires a non-privileged account"
155 csih_inform "called 'sshd'."
156 csih_inform "For more info on privilege separation read /usr/share/doc/openssh/README.privsep."
157 if csih_request "Should privilege separation be used?"
158 then 150 then
159 privsep_used=yes 151 csih_error_recoverable "Could not create user 'sshd'!"
160 if ! csih_create_unprivileged_user sshd 152 csih_error_recoverable "You will not be able to run an sshd service"
161 then 153 csih_error_recoverable "under a privileged account successfully."
162 csih_error_recoverable "Couldn't create user 'sshd'!" 154 csih_error_recoverable "Make sure to create a non-privileged user 'sshd'"
163 csih_error_recoverable "Privilege separation set to 'no' again!" 155 csih_error_recoverable "manually before trying to run the service!"
164 csih_error_recoverable "Check your ${SYSCONFDIR}/sshd_config file!" 156 let ++ret
165 let ++ret
166 privsep_used=no
167 fi
168 else
169 privsep_used=no
170 fi 157 fi
171 fi 158 fi
172 return $ret 159 return $ret
@@ -202,18 +189,6 @@ sshd_config_tweak() {
202 let ++ret 189 let ++ret
203 fi 190 fi
204 fi 191 fi
205 if [ "${sshd_config_configured}" != "yes" ]
206 then
207 /usr/bin/sed -i -e "
208 s/^#\?UsePrivilegeSeparation .*/UsePrivilegeSeparation ${privsep_used}/" \
209 ${SYSCONFDIR}/sshd_config
210 if [ $? -ne 0 ]
211 then
212 csih_warning "Setting privilege separation failed!"
213 csih_warning "Check your ${SYSCONFDIR}/sshd_config file!"
214 let ++ret
215 fi
216 fi
217 return $ret 192 return $ret
218} # --- End of sshd_config_tweak --- # 193} # --- End of sshd_config_tweak --- #
219 194
@@ -693,7 +668,7 @@ then
693 fi 668 fi
694fi 669fi
695 670
696# handle sshd_config (and privsep) 671# handle sshd_config
697csih_install_config "${SYSCONFDIR}/sshd_config" "${SYSCONFDIR}/defaults" || let ++warning_cnt 672csih_install_config "${SYSCONFDIR}/sshd_config" "${SYSCONFDIR}/defaults" || let ++warning_cnt
698if ! /usr/bin/cmp "${SYSCONFDIR}/sshd_config" "${SYSCONFDIR}/defaults/${SYSCONFDIR}/sshd_config" >/dev/null 2>&1 673if ! /usr/bin/cmp "${SYSCONFDIR}/sshd_config" "${SYSCONFDIR}/defaults/${SYSCONFDIR}/sshd_config" >/dev/null 2>&1
699then 674then
diff --git a/contrib/redhat/openssh.spec b/contrib/redhat/openssh.spec
index 666097c5e..7de45457a 100644
--- a/contrib/redhat/openssh.spec
+++ b/contrib/redhat/openssh.spec
@@ -1,4 +1,4 @@
1%define ver 7.4p1 1%define ver 7.5p1
2%define rel 1 2%define rel 1
3 3
4# OpenSSH privilege separation requires a user & group ID 4# OpenSSH privilege separation requires a user & group ID
diff --git a/contrib/suse/openssh.spec b/contrib/suse/openssh.spec
index 4c4bbb69c..e62be39d0 100644
--- a/contrib/suse/openssh.spec
+++ b/contrib/suse/openssh.spec
@@ -13,7 +13,7 @@
13 13
14Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation 14Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation
15Name: openssh 15Name: openssh
16Version: 7.4p1 16Version: 7.5p1
17URL: https://www.openssh.com/ 17URL: https://www.openssh.com/
18Release: 1 18Release: 1
19Source0: openssh-%{version}.tar.gz 19Source0: openssh-%{version}.tar.gz
diff --git a/digest-openssl.c b/digest-openssl.c
index 13b63c2f0..c55ceb93f 100644
--- a/digest-openssl.c
+++ b/digest-openssl.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: digest-openssl.c,v 1.5 2014/12/21 22:27:56 djm Exp $ */ 1/* $OpenBSD: digest-openssl.c,v 1.6 2017/03/10 02:59:51 dtucker Exp $ */
2/* 2/*
3 * Copyright (c) 2013 Damien Miller <djm@mindrot.org> 3 * Copyright (c) 2013 Damien Miller <djm@mindrot.org>
4 * 4 *
@@ -158,7 +158,7 @@ ssh_digest_final(struct ssh_digest_ctx *ctx, u_char *d, size_t dlen)
158 const struct ssh_digest *digest = ssh_digest_by_alg(ctx->alg); 158 const struct ssh_digest *digest = ssh_digest_by_alg(ctx->alg);
159 u_int l = dlen; 159 u_int l = dlen;
160 160
161 if (dlen > UINT_MAX) 161 if (digest == NULL || dlen > UINT_MAX)
162 return SSH_ERR_INVALID_ARGUMENT; 162 return SSH_ERR_INVALID_ARGUMENT;
163 if (dlen < digest->digest_len) /* No truncation allowed */ 163 if (dlen < digest->digest_len) /* No truncation allowed */
164 return SSH_ERR_INVALID_ARGUMENT; 164 return SSH_ERR_INVALID_ARGUMENT;
diff --git a/hostfile.c b/hostfile.c
index 4548fbab3..e23faa969 100644
--- a/hostfile.c
+++ b/hostfile.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: hostfile.c,v 1.67 2016/09/17 18:00:27 tedu Exp $ */ 1/* $OpenBSD: hostfile.c,v 1.68 2017/03/10 04:26:06 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -419,19 +419,24 @@ write_host_entry(FILE *f, const char *host, const char *ip,
419 const struct sshkey *key, int store_hash) 419 const struct sshkey *key, int store_hash)
420{ 420{
421 int r, success = 0; 421 int r, success = 0;
422 char *hashed_host = NULL; 422 char *hashed_host = NULL, *lhost;
423
424 lhost = xstrdup(host);
425 lowercase(lhost);
423 426
424 if (store_hash) { 427 if (store_hash) {
425 if ((hashed_host = host_hash(host, NULL, 0)) == NULL) { 428 if ((hashed_host = host_hash(lhost, NULL, 0)) == NULL) {
426 error("%s: host_hash failed", __func__); 429 error("%s: host_hash failed", __func__);
430 free(lhost);
427 return 0; 431 return 0;
428 } 432 }
429 fprintf(f, "%s ", hashed_host); 433 fprintf(f, "%s ", hashed_host);
430 } else if (ip != NULL) 434 } else if (ip != NULL)
431 fprintf(f, "%s,%s ", host, ip); 435 fprintf(f, "%s,%s ", lhost, ip);
432 else 436 else {
433 fprintf(f, "%s ", host); 437 fprintf(f, "%s ", lhost);
434 438 }
439 free(lhost);
435 if ((r = sshkey_write(key, f)) == 0) 440 if ((r = sshkey_write(key, f)) == 0)
436 success = 1; 441 success = 1;
437 else 442 else
diff --git a/kex.c b/kex.c
index 6a94bc535..cf4ac0dc5 100644
--- a/kex.c
+++ b/kex.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: kex.c,v 1.127 2016/10/10 19:28:48 markus Exp $ */ 1/* $OpenBSD: kex.c,v 1.131 2017/03/15 07:07:39 markus Exp $ */
2/* 2/*
3 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
4 * 4 *
@@ -178,7 +178,7 @@ kex_names_valid(const char *names)
178char * 178char *
179kex_names_cat(const char *a, const char *b) 179kex_names_cat(const char *a, const char *b)
180{ 180{
181 char *ret = NULL, *tmp = NULL, *cp, *p; 181 char *ret = NULL, *tmp = NULL, *cp, *p, *m;
182 size_t len; 182 size_t len;
183 183
184 if (a == NULL || *a == '\0') 184 if (a == NULL || *a == '\0')
@@ -195,8 +195,10 @@ kex_names_cat(const char *a, const char *b)
195 } 195 }
196 strlcpy(ret, a, len); 196 strlcpy(ret, a, len);
197 for ((p = strsep(&cp, ",")); p && *p != '\0'; (p = strsep(&cp, ","))) { 197 for ((p = strsep(&cp, ",")); p && *p != '\0'; (p = strsep(&cp, ","))) {
198 if (match_list(ret, p, NULL) != NULL) 198 if ((m = match_list(ret, p, NULL)) != NULL) {
199 free(m);
199 continue; /* Algorithm already present */ 200 continue; /* Algorithm already present */
201 }
200 if (strlcat(ret, ",", len) >= len || 202 if (strlcat(ret, ",", len) >= len ||
201 strlcat(ret, p, len) >= len) { 203 strlcat(ret, p, len) >= len) {
202 free(tmp); 204 free(tmp);
@@ -211,7 +213,8 @@ kex_names_cat(const char *a, const char *b)
211/* 213/*
212 * Assemble a list of algorithms from a default list and a string from a 214 * Assemble a list of algorithms from a default list and a string from a
213 * configuration file. The user-provided string may begin with '+' to 215 * configuration file. The user-provided string may begin with '+' to
214 * indicate that it should be appended to the default. 216 * indicate that it should be appended to the default or '-' that the
217 * specified names should be removed.
215 */ 218 */
216int 219int
217kex_assemble_names(const char *def, char **list) 220kex_assemble_names(const char *def, char **list)
@@ -222,14 +225,18 @@ kex_assemble_names(const char *def, char **list)
222 *list = strdup(def); 225 *list = strdup(def);
223 return 0; 226 return 0;
224 } 227 }
225 if (**list != '+') { 228 if (**list == '+') {
226 return 0; 229 if ((ret = kex_names_cat(def, *list + 1)) == NULL)
230 return SSH_ERR_ALLOC_FAIL;
231 free(*list);
232 *list = ret;
233 } else if (**list == '-') {
234 if ((ret = match_filter_list(def, *list + 1)) == NULL)
235 return SSH_ERR_ALLOC_FAIL;
236 free(*list);
237 *list = ret;
227 } 238 }
228 239
229 if ((ret = kex_names_cat(def, *list + 1)) == NULL)
230 return SSH_ERR_ALLOC_FAIL;
231 free(*list);
232 *list = ret;
233 return 0; 240 return 0;
234} 241}
235 242
@@ -334,7 +341,6 @@ kex_reset_dispatch(struct ssh *ssh)
334{ 341{
335 ssh_dispatch_range(ssh, SSH2_MSG_TRANSPORT_MIN, 342 ssh_dispatch_range(ssh, SSH2_MSG_TRANSPORT_MIN,
336 SSH2_MSG_TRANSPORT_MAX, &kex_protocol_error); 343 SSH2_MSG_TRANSPORT_MAX, &kex_protocol_error);
337 ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, &kex_input_kexinit);
338} 344}
339 345
340static int 346static int
@@ -343,7 +349,7 @@ kex_send_ext_info(struct ssh *ssh)
343 int r; 349 int r;
344 char *algs; 350 char *algs;
345 351
346 if ((algs = sshkey_alg_list(0, 1, ',')) == NULL) 352 if ((algs = sshkey_alg_list(0, 1, 1, ',')) == NULL)
347 return SSH_ERR_ALLOC_FAIL; 353 return SSH_ERR_ALLOC_FAIL;
348 if ((r = sshpkt_start(ssh, SSH2_MSG_EXT_INFO)) != 0 || 354 if ((r = sshpkt_start(ssh, SSH2_MSG_EXT_INFO)) != 0 ||
349 (r = sshpkt_put_u32(ssh, 1)) != 0 || 355 (r = sshpkt_put_u32(ssh, 1)) != 0 ||
@@ -424,6 +430,7 @@ kex_input_newkeys(int type, u_int32_t seq, void *ctxt)
424 430
425 debug("SSH2_MSG_NEWKEYS received"); 431 debug("SSH2_MSG_NEWKEYS received");
426 ssh_dispatch_set(ssh, SSH2_MSG_NEWKEYS, &kex_protocol_error); 432 ssh_dispatch_set(ssh, SSH2_MSG_NEWKEYS, &kex_protocol_error);
433 ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, &kex_input_kexinit);
427 if ((r = sshpkt_get_end(ssh)) != 0) 434 if ((r = sshpkt_get_end(ssh)) != 0)
428 return r; 435 return r;
429 if ((r = ssh_set_newkeys(ssh, MODE_IN)) != 0) 436 if ((r = ssh_set_newkeys(ssh, MODE_IN)) != 0)
@@ -538,6 +545,7 @@ kex_new(struct ssh *ssh, char *proposal[PROPOSAL_MAX], struct kex **kexp)
538 goto out; 545 goto out;
539 kex->done = 0; 546 kex->done = 0;
540 kex_reset_dispatch(ssh); 547 kex_reset_dispatch(ssh);
548 ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, &kex_input_kexinit);
541 r = 0; 549 r = 0;
542 *kexp = kex; 550 *kexp = kex;
543 out: 551 out:
@@ -646,8 +654,10 @@ choose_enc(struct sshenc *enc, char *client, char *server)
646 654
647 if (name == NULL) 655 if (name == NULL)
648 return SSH_ERR_NO_CIPHER_ALG_MATCH; 656 return SSH_ERR_NO_CIPHER_ALG_MATCH;
649 if ((enc->cipher = cipher_by_name(name)) == NULL) 657 if ((enc->cipher = cipher_by_name(name)) == NULL) {
658 free(name);
650 return SSH_ERR_INTERNAL_ERROR; 659 return SSH_ERR_INTERNAL_ERROR;
660 }
651 enc->name = name; 661 enc->name = name;
652 enc->enabled = 0; 662 enc->enabled = 0;
653 enc->iv = NULL; 663 enc->iv = NULL;
@@ -665,8 +675,10 @@ choose_mac(struct ssh *ssh, struct sshmac *mac, char *client, char *server)
665 675
666 if (name == NULL) 676 if (name == NULL)
667 return SSH_ERR_NO_MAC_ALG_MATCH; 677 return SSH_ERR_NO_MAC_ALG_MATCH;
668 if (mac_setup(mac, name) < 0) 678 if (mac_setup(mac, name) < 0) {
679 free(name);
669 return SSH_ERR_INTERNAL_ERROR; 680 return SSH_ERR_INTERNAL_ERROR;
681 }
670 /* truncate the key */ 682 /* truncate the key */
671 if (ssh->compat & SSH_BUG_HMAC) 683 if (ssh->compat & SSH_BUG_HMAC)
672 mac->key_len = 16; 684 mac->key_len = 16;
@@ -690,6 +702,7 @@ choose_comp(struct sshcomp *comp, char *client, char *server)
690 } else if (strcmp(name, "none") == 0) { 702 } else if (strcmp(name, "none") == 0) {
691 comp->type = COMP_NONE; 703 comp->type = COMP_NONE;
692 } else { 704 } else {
705 free(name);
693 return SSH_ERR_INTERNAL_ERROR; 706 return SSH_ERR_INTERNAL_ERROR;
694 } 707 }
695 comp->name = name; 708 comp->name = name;
diff --git a/krl.c b/krl.c
index e271a1934..3f28178b7 100644
--- a/krl.c
+++ b/krl.c
@@ -14,7 +14,7 @@
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15 */ 15 */
16 16
17/* $OpenBSD: krl.c,v 1.38 2016/09/12 01:22:38 deraadt Exp $ */ 17/* $OpenBSD: krl.c,v 1.39 2017/03/10 07:18:32 dtucker Exp $ */
18 18
19#include "includes.h" 19#include "includes.h"
20 20
@@ -1089,7 +1089,7 @@ ssh_krl_from_blob(struct sshbuf *buf, struct ssh_krl **krlp,
1089 break; 1089 break;
1090 case KRL_SECTION_SIGNATURE: 1090 case KRL_SECTION_SIGNATURE:
1091 /* Handled above, but still need to stay in synch */ 1091 /* Handled above, but still need to stay in synch */
1092 sshbuf_reset(sect); 1092 sshbuf_free(sect);
1093 sect = NULL; 1093 sect = NULL;
1094 if ((r = sshbuf_skip_string(copy)) != 0) 1094 if ((r = sshbuf_skip_string(copy)) != 0)
1095 goto out; 1095 goto out;
@@ -1288,7 +1288,8 @@ ssh_krl_file_contains_key(const char *path, const struct sshkey *key)
1288 debug2("%s: checking KRL %s", __func__, path); 1288 debug2("%s: checking KRL %s", __func__, path);
1289 r = ssh_krl_check_key(krl, key); 1289 r = ssh_krl_check_key(krl, key);
1290 out: 1290 out:
1291 close(fd); 1291 if (fd != -1)
1292 close(fd);
1292 sshbuf_free(krlbuf); 1293 sshbuf_free(krlbuf);
1293 ssh_krl_free(krl); 1294 ssh_krl_free(krl);
1294 if (r != 0) 1295 if (r != 0)
diff --git a/log.c b/log.c
index 2b59c4274..d0f86cf6f 100644
--- a/log.c
+++ b/log.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: log.c,v 1.48 2016/07/15 05:01:58 dtucker Exp $ */ 1/* $OpenBSD: log.c,v 1.49 2017/03/10 03:15:58 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -453,7 +453,8 @@ do_log(LogLevel level, const char *fmt, va_list args)
453 tmp_handler(level, fmtbuf, log_handler_ctx); 453 tmp_handler(level, fmtbuf, log_handler_ctx);
454 log_handler = tmp_handler; 454 log_handler = tmp_handler;
455 } else if (log_on_stderr) { 455 } else if (log_on_stderr) {
456 snprintf(msgbuf, sizeof msgbuf, "%s\r\n", fmtbuf); 456 snprintf(msgbuf, sizeof msgbuf, "%.*s\r\n",
457 (int)sizeof msgbuf - 3, fmtbuf);
457 (void)write(log_stderr_fd, msgbuf, strlen(msgbuf)); 458 (void)write(log_stderr_fd, msgbuf, strlen(msgbuf));
458 } else { 459 } else {
459#if defined(HAVE_OPENLOG_R) && defined(SYSLOG_DATA_INIT) 460#if defined(HAVE_OPENLOG_R) && defined(SYSLOG_DATA_INIT)
diff --git a/match.c b/match.c
index c15dcd1ef..3cf40306b 100644
--- a/match.c
+++ b/match.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: match.c,v 1.33 2016/11/06 05:46:37 djm Exp $ */ 1/* $OpenBSD: match.c,v 1.37 2017/03/10 04:24:55 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -42,9 +42,11 @@
42#include <ctype.h> 42#include <ctype.h>
43#include <stdlib.h> 43#include <stdlib.h>
44#include <string.h> 44#include <string.h>
45#include <stdio.h>
45 46
46#include "xmalloc.h" 47#include "xmalloc.h"
47#include "match.h" 48#include "match.h"
49#include "misc.h"
48 50
49/* 51/*
50 * Returns true if the given string matches the pattern (which may contain ? 52 * Returns true if the given string matches the pattern (which may contain ?
@@ -145,7 +147,7 @@ match_pattern_list(const char *string, const char *pattern, int dolower)
145 if (subi >= sizeof(sub) - 1) 147 if (subi >= sizeof(sub) - 1)
146 return 0; 148 return 0;
147 149
148 /* If the subpattern was terminated by a comma, skip the comma. */ 150 /* If the subpattern was terminated by a comma, then skip it. */
149 if (i < len && pattern[i] == ',') 151 if (i < len && pattern[i] == ',')
150 i++; 152 i++;
151 153
@@ -177,7 +179,13 @@ match_pattern_list(const char *string, const char *pattern, int dolower)
177int 179int
178match_hostname(const char *host, const char *pattern) 180match_hostname(const char *host, const char *pattern)
179{ 181{
180 return match_pattern_list(host, pattern, 1); 182 char *hostcopy = xstrdup(host);
183 int r;
184
185 lowercase(hostcopy);
186 r = match_pattern_list(hostcopy, pattern, 1);
187 free(hostcopy);
188 return r;
181} 189}
182 190
183/* 191/*
@@ -284,3 +292,35 @@ match_list(const char *client, const char *server, u_int *next)
284 free(s); 292 free(s);
285 return NULL; 293 return NULL;
286} 294}
295
296/*
297 * Filters a comma-separated list of strings, excluding any entry matching
298 * the 'filter' pattern list. Caller must free returned string.
299 */
300char *
301match_filter_list(const char *proposal, const char *filter)
302{
303 size_t len = strlen(proposal) + 1;
304 char *fix_prop = malloc(len);
305 char *orig_prop = strdup(proposal);
306 char *cp, *tmp;
307
308 if (fix_prop == NULL || orig_prop == NULL) {
309 free(orig_prop);
310 free(fix_prop);
311 return NULL;
312 }
313
314 tmp = orig_prop;
315 *fix_prop = '\0';
316 while ((cp = strsep(&tmp, ",")) != NULL) {
317 if (match_pattern_list(cp, filter, 0) != 1) {
318 if (*fix_prop != '\0')
319 strlcat(fix_prop, ",", len);
320 strlcat(fix_prop, cp, len);
321 }
322 }
323 free(orig_prop);
324 return fix_prop;
325}
326
diff --git a/match.h b/match.h
index db97ca8f7..937ba0412 100644
--- a/match.h
+++ b/match.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: match.h,v 1.16 2015/05/04 06:10:48 djm Exp $ */ 1/* $OpenBSD: match.h,v 1.17 2017/02/03 23:01:19 djm Exp $ */
2 2
3/* 3/*
4 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -20,6 +20,7 @@ int match_hostname(const char *, const char *);
20int match_host_and_ip(const char *, const char *, const char *); 20int match_host_and_ip(const char *, const char *, const char *);
21int match_user(const char *, const char *, const char *, const char *); 21int match_user(const char *, const char *, const char *, const char *);
22char *match_list(const char *, const char *, u_int *); 22char *match_list(const char *, const char *, u_int *);
23char *match_filter_list(const char *, const char *);
23 24
24/* addrmatch.c */ 25/* addrmatch.c */
25int addr_match_list(const char *, const char *); 26int addr_match_list(const char *, const char *);
diff --git a/misc.c b/misc.c
index 65c9222aa..cfd32729a 100644
--- a/misc.c
+++ b/misc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: misc.c,v 1.107 2016/11/30 00:28:31 dtucker Exp $ */ 1/* $OpenBSD: misc.c,v 1.109 2017/03/14 00:55:37 dtucker Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * Copyright (c) 2005,2006 Damien Miller. All rights reserved. 4 * Copyright (c) 2005,2006 Damien Miller. All rights reserved.
@@ -306,7 +306,7 @@ a2tun(const char *s, int *remote)
306long 306long
307convtime(const char *s) 307convtime(const char *s)
308{ 308{
309 long total, secs; 309 long total, secs, multiplier = 1;
310 const char *p; 310 const char *p;
311 char *endp; 311 char *endp;
312 312
@@ -333,23 +333,28 @@ convtime(const char *s)
333 break; 333 break;
334 case 'm': 334 case 'm':
335 case 'M': 335 case 'M':
336 secs *= MINUTES; 336 multiplier = MINUTES;
337 break; 337 break;
338 case 'h': 338 case 'h':
339 case 'H': 339 case 'H':
340 secs *= HOURS; 340 multiplier = HOURS;
341 break; 341 break;
342 case 'd': 342 case 'd':
343 case 'D': 343 case 'D':
344 secs *= DAYS; 344 multiplier = DAYS;
345 break; 345 break;
346 case 'w': 346 case 'w':
347 case 'W': 347 case 'W':
348 secs *= WEEKS; 348 multiplier = WEEKS;
349 break; 349 break;
350 default: 350 default:
351 return -1; 351 return -1;
352 } 352 }
353 if (secs >= LONG_MAX / multiplier)
354 return -1;
355 secs *= multiplier;
356 if (total >= LONG_MAX - secs)
357 return -1;
353 total += secs; 358 total += secs;
354 if (total < 0) 359 if (total < 0)
355 return -1; 360 return -1;
diff --git a/monitor.c b/monitor.c
index 43f484709..96d22b7e4 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: monitor.c,v 1.166 2016/09/28 16:33:06 djm Exp $ */ 1/* $OpenBSD: monitor.c,v 1.167 2017/02/03 23:05:57 djm Exp $ */
2/* 2/*
3 * Copyright 2002 Niels Provos <provos@citi.umich.edu> 3 * Copyright 2002 Niels Provos <provos@citi.umich.edu>
4 * Copyright 2002 Markus Friedl <markus@openbsd.org> 4 * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -283,6 +283,7 @@ monitor_permit_authentications(int permit)
283void 283void
284monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor) 284monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor)
285{ 285{
286 struct ssh *ssh = active_state; /* XXX */
286 struct mon_table *ent; 287 struct mon_table *ent;
287 int authenticated = 0, partial = 0; 288 int authenticated = 0, partial = 0;
288 289
@@ -356,6 +357,7 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor)
356 357
357 debug("%s: %s has been authenticated by privileged process", 358 debug("%s: %s has been authenticated by privileged process",
358 __func__, authctxt->user); 359 __func__, authctxt->user);
360 ssh_packet_set_log_preamble(ssh, "user %s", authctxt->user);
359 361
360 mm_get_keystate(pmonitor); 362 mm_get_keystate(pmonitor);
361 363
@@ -695,6 +697,7 @@ mm_answer_sign(int sock, Buffer *m)
695int 697int
696mm_answer_pwnamallow(int sock, Buffer *m) 698mm_answer_pwnamallow(int sock, Buffer *m)
697{ 699{
700 struct ssh *ssh = active_state; /* XXX */
698 char *username; 701 char *username;
699 struct passwd *pwent; 702 struct passwd *pwent;
700 int allowed = 0; 703 int allowed = 0;
@@ -739,6 +742,8 @@ mm_answer_pwnamallow(int sock, Buffer *m)
739 buffer_put_cstring(m, pwent->pw_shell); 742 buffer_put_cstring(m, pwent->pw_shell);
740 743
741 out: 744 out:
745 ssh_packet_set_log_preamble(ssh, "%suser %s",
746 authctxt->valid ? "authenticating" : "invalid ", authctxt->user);
742 buffer_put_string(m, &options, sizeof(options)); 747 buffer_put_string(m, &options, sizeof(options));
743 748
744#define M_CP_STROPT(x) do { \ 749#define M_CP_STROPT(x) do { \
diff --git a/mux.c b/mux.c
index 265c5f12b..2d6639c5c 100644
--- a/mux.c
+++ b/mux.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: mux.c,v 1.63 2016/10/19 23:21:56 dtucker Exp $ */ 1/* $OpenBSD: mux.c,v 1.64 2017/01/21 11:32:04 guenther Exp $ */
2/* 2/*
3 * Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org> 3 * Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org>
4 * 4 *
@@ -2161,7 +2161,6 @@ int
2161muxclient(const char *path) 2161muxclient(const char *path)
2162{ 2162{
2163 struct sockaddr_un addr; 2163 struct sockaddr_un addr;
2164 socklen_t sun_len;
2165 int sock; 2164 int sock;
2166 u_int pid; 2165 u_int pid;
2167 2166
@@ -2185,8 +2184,6 @@ muxclient(const char *path)
2185 2184
2186 memset(&addr, '\0', sizeof(addr)); 2185 memset(&addr, '\0', sizeof(addr));
2187 addr.sun_family = AF_UNIX; 2186 addr.sun_family = AF_UNIX;
2188 sun_len = offsetof(struct sockaddr_un, sun_path) +
2189 strlen(path) + 1;
2190 2187
2191 if (strlcpy(addr.sun_path, path, 2188 if (strlcpy(addr.sun_path, path,
2192 sizeof(addr.sun_path)) >= sizeof(addr.sun_path)) 2189 sizeof(addr.sun_path)) >= sizeof(addr.sun_path))
@@ -2196,7 +2193,7 @@ muxclient(const char *path)
2196 if ((sock = socket(PF_UNIX, SOCK_STREAM, 0)) < 0) 2193 if ((sock = socket(PF_UNIX, SOCK_STREAM, 0)) < 0)
2197 fatal("%s socket(): %s", __func__, strerror(errno)); 2194 fatal("%s socket(): %s", __func__, strerror(errno));
2198 2195
2199 if (connect(sock, (struct sockaddr *)&addr, sun_len) == -1) { 2196 if (connect(sock, (struct sockaddr *)&addr, sizeof(addr)) == -1) {
2200 switch (muxclient_command) { 2197 switch (muxclient_command) {
2201 case SSHMUX_COMMAND_OPEN: 2198 case SSHMUX_COMMAND_OPEN:
2202 case SSHMUX_COMMAND_STDIO_FWD: 2199 case SSHMUX_COMMAND_STDIO_FWD:
diff --git a/openbsd-compat/bsd-misc.c b/openbsd-compat/bsd-misc.c
index 6f3bc8f1d..cfd73260a 100644
--- a/openbsd-compat/bsd-misc.c
+++ b/openbsd-compat/bsd-misc.c
@@ -301,3 +301,11 @@ mbtowc(wchar_t *pwc, const char *s, size_t n)
301 return 1; 301 return 1;
302} 302}
303#endif 303#endif
304
305#ifndef HAVE_LLABS
306long long
307llabs(long long j)
308{
309 return (j < 0 ? -j : j);
310}
311#endif
diff --git a/openbsd-compat/bsd-misc.h b/openbsd-compat/bsd-misc.h
index 6f08b09fa..70a538f04 100644
--- a/openbsd-compat/bsd-misc.h
+++ b/openbsd-compat/bsd-misc.h
@@ -135,4 +135,8 @@ void errx(int, const char *, ...) __attribute__((format(printf, 2, 3)));
135void warn(const char *, ...) __attribute__((format(printf, 1, 2))); 135void warn(const char *, ...) __attribute__((format(printf, 1, 2)));
136#endif 136#endif
137 137
138#ifndef HAVE_LLABS
139long long llabs(long long);
140#endif
141
138#endif /* _BSD_MISC_H */ 142#endif /* _BSD_MISC_H */
diff --git a/openbsd-compat/fmt_scaled.c b/openbsd-compat/fmt_scaled.c
index edd682a49..e5533b2de 100644
--- a/openbsd-compat/fmt_scaled.c
+++ b/openbsd-compat/fmt_scaled.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: fmt_scaled.c,v 1.9 2007/03/20 03:42:52 tedu Exp $ */ 1/* $OpenBSD: fmt_scaled.c,v 1.13 2017/03/11 23:37:23 djm Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2001, 2002, 2003 Ian F. Darwin. All rights reserved. 4 * Copyright (c) 2001, 2002, 2003 Ian F. Darwin. All rights reserved.
@@ -69,7 +69,7 @@ static long long scale_factors[] = {
69 69
70#define MAX_DIGITS (SCALE_LENGTH * 3) /* XXX strlen(sprintf("%lld", -1)? */ 70#define MAX_DIGITS (SCALE_LENGTH * 3) /* XXX strlen(sprintf("%lld", -1)? */
71 71
72/** Convert the given input string "scaled" into numeric in "result". 72/* Convert the given input string "scaled" into numeric in "result".
73 * Return 0 on success, -1 and errno set on error. 73 * Return 0 on success, -1 and errno set on error.
74 */ 74 */
75int 75int
@@ -81,7 +81,7 @@ scan_scaled(char *scaled, long long *result)
81 long long scale_fact = 1, whole = 0, fpart = 0; 81 long long scale_fact = 1, whole = 0, fpart = 0;
82 82
83 /* Skip leading whitespace */ 83 /* Skip leading whitespace */
84 while (isascii(*p) && isspace(*p)) 84 while (isascii((unsigned char)*p) && isspace((unsigned char)*p))
85 ++p; 85 ++p;
86 86
87 /* Then at most one leading + or - */ 87 /* Then at most one leading + or - */
@@ -108,7 +108,8 @@ scan_scaled(char *scaled, long long *result)
108 * (but note that E for Exa might look like e to some!). 108 * (but note that E for Exa might look like e to some!).
109 * Advance 'p' to end, to get scale factor. 109 * Advance 'p' to end, to get scale factor.
110 */ 110 */
111 for (; isascii(*p) && (isdigit(*p) || *p=='.'); ++p) { 111 for (; isascii((unsigned char)*p) &&
112 (isdigit((unsigned char)*p) || *p=='.'); ++p) {
112 if (*p == '.') { 113 if (*p == '.') {
113 if (fract_digits > 0) { /* oops, more than one '.' */ 114 if (fract_digits > 0) { /* oops, more than one '.' */
114 errno = EINVAL; 115 errno = EINVAL;
@@ -124,6 +125,10 @@ scan_scaled(char *scaled, long long *result)
124 /* ignore extra fractional digits */ 125 /* ignore extra fractional digits */
125 continue; 126 continue;
126 fract_digits++; /* for later scaling */ 127 fract_digits++; /* for later scaling */
128 if (fpart >= LLONG_MAX / 10) {
129 errno = ERANGE;
130 return -1;
131 }
127 fpart *= 10; 132 fpart *= 10;
128 fpart += i; 133 fpart += i;
129 } else { /* normal digit */ 134 } else { /* normal digit */
@@ -131,6 +136,10 @@ scan_scaled(char *scaled, long long *result)
131 errno = ERANGE; 136 errno = ERANGE;
132 return -1; 137 return -1;
133 } 138 }
139 if (whole >= LLONG_MAX / 10) {
140 errno = ERANGE;
141 return -1;
142 }
134 whole *= 10; 143 whole *= 10;
135 whole += i; 144 whole += i;
136 } 145 }
@@ -150,17 +159,22 @@ scan_scaled(char *scaled, long long *result)
150 /* Validate scale factor, and scale whole and fraction by it. */ 159 /* Validate scale factor, and scale whole and fraction by it. */
151 for (i = 0; i < SCALE_LENGTH; i++) { 160 for (i = 0; i < SCALE_LENGTH; i++) {
152 161
153 /** Are we there yet? */ 162 /* Are we there yet? */
154 if (*p == scale_chars[i] || 163 if (*p == scale_chars[i] ||
155 *p == tolower(scale_chars[i])) { 164 *p == tolower((unsigned char)scale_chars[i])) {
156 165
157 /* If it ends with alphanumerics after the scale char, bad. */ 166 /* If it ends with alphanumerics after the scale char, bad. */
158 if (isalnum(*(p+1))) { 167 if (isalnum((unsigned char)*(p+1))) {
159 errno = EINVAL; 168 errno = EINVAL;
160 return -1; 169 return -1;
161 } 170 }
162 scale_fact = scale_factors[i]; 171 scale_fact = scale_factors[i];
163 172
173 if (whole >= LLONG_MAX / scale_fact) {
174 errno = ERANGE;
175 return -1;
176 }
177
164 /* scale whole part */ 178 /* scale whole part */
165 whole *= scale_fact; 179 whole *= scale_fact;
166 180
@@ -181,7 +195,9 @@ scan_scaled(char *scaled, long long *result)
181 return 0; 195 return 0;
182 } 196 }
183 } 197 }
184 errno = ERANGE; 198
199 /* Invalid unit or character */
200 errno = EINVAL;
185 return -1; 201 return -1;
186} 202}
187 203
@@ -196,7 +212,7 @@ fmt_scaled(long long number, char *result)
196 unsigned int i; 212 unsigned int i;
197 unit_type unit = NONE; 213 unit_type unit = NONE;
198 214
199 abval = (number < 0LL) ? -number : number; /* no long long_abs yet */ 215 abval = llabs(number);
200 216
201 /* Not every negative long long has a positive representation. 217 /* Not every negative long long has a positive representation.
202 * Also check for numbers that are just too darned big to format 218 * Also check for numbers that are just too darned big to format
diff --git a/packet.c b/packet.c
index ad1f6b497..2f3a2ec70 100644
--- a/packet.c
+++ b/packet.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: packet.c,v 1.243 2016/10/11 21:47:45 djm Exp $ */ 1/* $OpenBSD: packet.c,v 1.247 2017/03/11 13:07:35 markus Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -353,6 +353,25 @@ ssh_packet_get_mux(struct ssh *ssh)
353} 353}
354 354
355int 355int
356ssh_packet_set_log_preamble(struct ssh *ssh, const char *fmt, ...)
357{
358 va_list args;
359 int r;
360
361 free(ssh->log_preamble);
362 if (fmt == NULL)
363 ssh->log_preamble = NULL;
364 else {
365 va_start(args, fmt);
366 r = vasprintf(&ssh->log_preamble, fmt, args);
367 va_end(args);
368 if (r < 0 || ssh->log_preamble == NULL)
369 return SSH_ERR_ALLOC_FAIL;
370 }
371 return 0;
372}
373
374int
356ssh_packet_stop_discard(struct ssh *ssh) 375ssh_packet_stop_discard(struct ssh *ssh)
357{ 376{
358 struct session_state *state = ssh->state; 377 struct session_state *state = ssh->state;
@@ -1049,7 +1068,7 @@ ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len)
1049 1068
1050 /* Time-based rekeying */ 1069 /* Time-based rekeying */
1051 if (state->rekey_interval != 0 && 1070 if (state->rekey_interval != 0 &&
1052 state->rekey_time + state->rekey_interval <= monotime()) 1071 (int64_t)state->rekey_time + state->rekey_interval <= monotime())
1053 return 1; 1072 return 1;
1054 1073
1055 /* Always rekey when MAX_PACKETS sent in either direction */ 1074 /* Always rekey when MAX_PACKETS sent in either direction */
@@ -1447,8 +1466,10 @@ ssh_packet_read_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)
1447 break; 1466 break;
1448 } 1467 }
1449 } 1468 }
1450 if (r == 0) 1469 if (r == 0) {
1451 return SSH_ERR_CONN_TIMEOUT; 1470 r = SSH_ERR_CONN_TIMEOUT;
1471 goto out;
1472 }
1452 /* Read data from the socket. */ 1473 /* Read data from the socket. */
1453 len = read(state->connection_in, buf, sizeof(buf)); 1474 len = read(state->connection_in, buf, sizeof(buf));
1454 if (len == 0) { 1475 if (len == 0) {
@@ -1829,11 +1850,11 @@ ssh_packet_read_poll2(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)
1829 if (r != SSH_ERR_MAC_INVALID) 1850 if (r != SSH_ERR_MAC_INVALID)
1830 goto out; 1851 goto out;
1831 logit("Corrupted MAC on input."); 1852 logit("Corrupted MAC on input.");
1832 if (need > PACKET_MAX_SIZE) 1853 if (need + block_size > PACKET_MAX_SIZE)
1833 return SSH_ERR_INTERNAL_ERROR; 1854 return SSH_ERR_INTERNAL_ERROR;
1834 return ssh_packet_start_discard(ssh, enc, mac, 1855 return ssh_packet_start_discard(ssh, enc, mac,
1835 sshbuf_len(state->incoming_packet), 1856 sshbuf_len(state->incoming_packet),
1836 PACKET_MAX_SIZE - need); 1857 PACKET_MAX_SIZE - need - block_size);
1837 } 1858 }
1838 /* Remove MAC from input buffer */ 1859 /* Remove MAC from input buffer */
1839 DBG(debug("MAC #%d ok", state->p_read.seqnr)); 1860 DBG(debug("MAC #%d ok", state->p_read.seqnr));
@@ -2074,27 +2095,36 @@ ssh_packet_send_debug(struct ssh *ssh, const char *fmt,...)
2074 fatal("%s: %s", __func__, ssh_err(r)); 2095 fatal("%s: %s", __func__, ssh_err(r));
2075} 2096}
2076 2097
2098static void
2099fmt_connection_id(struct ssh *ssh, char *s, size_t l)
2100{
2101 snprintf(s, l, "%.200s%s%s port %d",
2102 ssh->log_preamble ? ssh->log_preamble : "",
2103 ssh->log_preamble ? " " : "",
2104 ssh_remote_ipaddr(ssh), ssh_remote_port(ssh));
2105}
2106
2077/* 2107/*
2078 * Pretty-print connection-terminating errors and exit. 2108 * Pretty-print connection-terminating errors and exit.
2079 */ 2109 */
2080void 2110void
2081sshpkt_fatal(struct ssh *ssh, const char *tag, int r) 2111sshpkt_fatal(struct ssh *ssh, const char *tag, int r)
2082{ 2112{
2113 char remote_id[512];
2114
2115 fmt_connection_id(ssh, remote_id, sizeof(remote_id));
2116
2083 switch (r) { 2117 switch (r) {
2084 case SSH_ERR_CONN_CLOSED: 2118 case SSH_ERR_CONN_CLOSED:
2085 logdie("Connection closed by %.200s port %d", 2119 logdie("Connection closed by %s", remote_id);
2086 ssh_remote_ipaddr(ssh), ssh_remote_port(ssh));
2087 case SSH_ERR_CONN_TIMEOUT: 2120 case SSH_ERR_CONN_TIMEOUT:
2088 logdie("Connection %s %.200s port %d timed out", 2121 logdie("Connection %s %s timed out",
2089 ssh->state->server_side ? "from" : "to", 2122 ssh->state->server_side ? "from" : "to", remote_id);
2090 ssh_remote_ipaddr(ssh), ssh_remote_port(ssh));
2091 case SSH_ERR_DISCONNECTED: 2123 case SSH_ERR_DISCONNECTED:
2092 logdie("Disconnected from %.200s port %d", 2124 logdie("Disconnected from %s", remote_id);
2093 ssh_remote_ipaddr(ssh), ssh_remote_port(ssh));
2094 case SSH_ERR_SYSTEM_ERROR: 2125 case SSH_ERR_SYSTEM_ERROR:
2095 if (errno == ECONNRESET) 2126 if (errno == ECONNRESET)
2096 logdie("Connection reset by %.200s port %d", 2127 logdie("Connection reset by %s", remote_id);
2097 ssh_remote_ipaddr(ssh), ssh_remote_port(ssh));
2098 /* FALLTHROUGH */ 2128 /* FALLTHROUGH */
2099 case SSH_ERR_NO_CIPHER_ALG_MATCH: 2129 case SSH_ERR_NO_CIPHER_ALG_MATCH:
2100 case SSH_ERR_NO_MAC_ALG_MATCH: 2130 case SSH_ERR_NO_MAC_ALG_MATCH:
@@ -2102,17 +2132,16 @@ sshpkt_fatal(struct ssh *ssh, const char *tag, int r)
2102 case SSH_ERR_NO_KEX_ALG_MATCH: 2132 case SSH_ERR_NO_KEX_ALG_MATCH:
2103 case SSH_ERR_NO_HOSTKEY_ALG_MATCH: 2133 case SSH_ERR_NO_HOSTKEY_ALG_MATCH:
2104 if (ssh && ssh->kex && ssh->kex->failed_choice) { 2134 if (ssh && ssh->kex && ssh->kex->failed_choice) {
2105 logdie("Unable to negotiate with %.200s port %d: %s. " 2135 logdie("Unable to negotiate with %s: %s. "
2106 "Their offer: %s", ssh_remote_ipaddr(ssh), 2136 "Their offer: %s", remote_id, ssh_err(r),
2107 ssh_remote_port(ssh), ssh_err(r),
2108 ssh->kex->failed_choice); 2137 ssh->kex->failed_choice);
2109 } 2138 }
2110 /* FALLTHROUGH */ 2139 /* FALLTHROUGH */
2111 default: 2140 default:
2112 logdie("%s%sConnection %s %.200s port %d: %s", 2141 logdie("%s%sConnection %s %s: %s",
2113 tag != NULL ? tag : "", tag != NULL ? ": " : "", 2142 tag != NULL ? tag : "", tag != NULL ? ": " : "",
2114 ssh->state->server_side ? "from" : "to", 2143 ssh->state->server_side ? "from" : "to",
2115 ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), ssh_err(r)); 2144 remote_id, ssh_err(r));
2116 } 2145 }
2117} 2146}
2118 2147
@@ -2125,7 +2154,7 @@ sshpkt_fatal(struct ssh *ssh, const char *tag, int r)
2125void 2154void
2126ssh_packet_disconnect(struct ssh *ssh, const char *fmt,...) 2155ssh_packet_disconnect(struct ssh *ssh, const char *fmt,...)
2127{ 2156{
2128 char buf[1024]; 2157 char buf[1024], remote_id[512];
2129 va_list args; 2158 va_list args;
2130 static int disconnecting = 0; 2159 static int disconnecting = 0;
2131 int r; 2160 int r;
@@ -2138,12 +2167,13 @@ ssh_packet_disconnect(struct ssh *ssh, const char *fmt,...)
2138 * Format the message. Note that the caller must make sure the 2167 * Format the message. Note that the caller must make sure the
2139 * message is of limited size. 2168 * message is of limited size.
2140 */ 2169 */
2170 fmt_connection_id(ssh, remote_id, sizeof(remote_id));
2141 va_start(args, fmt); 2171 va_start(args, fmt);
2142 vsnprintf(buf, sizeof(buf), fmt, args); 2172 vsnprintf(buf, sizeof(buf), fmt, args);
2143 va_end(args); 2173 va_end(args);
2144 2174
2145 /* Display the error locally */ 2175 /* Display the error locally */
2146 logit("Disconnecting: %.100s", buf); 2176 logit("Disconnecting %s: %.100s", remote_id, buf);
2147 2177
2148 /* 2178 /*
2149 * Send the disconnect message to the other side, and wait 2179 * Send the disconnect message to the other side, and wait
@@ -2396,10 +2426,10 @@ ssh_packet_send_ignore(struct ssh *ssh, int nbytes)
2396} 2426}
2397 2427
2398void 2428void
2399ssh_packet_set_rekey_limits(struct ssh *ssh, u_int64_t bytes, time_t seconds) 2429ssh_packet_set_rekey_limits(struct ssh *ssh, u_int64_t bytes, u_int32_t seconds)
2400{ 2430{
2401 debug3("rekey after %llu bytes, %d seconds", (unsigned long long)bytes, 2431 debug3("rekey after %llu bytes, %u seconds", (unsigned long long)bytes,
2402 (int)seconds); 2432 (unsigned int)seconds);
2403 ssh->state->rekey_limit = bytes; 2433 ssh->state->rekey_limit = bytes;
2404 ssh->state->rekey_interval = seconds; 2434 ssh->state->rekey_interval = seconds;
2405} 2435}
diff --git a/packet.h b/packet.h
index bfe7da615..0d25b352c 100644
--- a/packet.h
+++ b/packet.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: packet.h,v 1.74 2016/10/11 21:47:45 djm Exp $ */ 1/* $OpenBSD: packet.h,v 1.76 2017/02/03 23:03:33 djm Exp $ */
2 2
3/* 3/*
4 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -62,6 +62,9 @@ struct ssh {
62 char *local_ipaddr; 62 char *local_ipaddr;
63 int local_port; 63 int local_port;
64 64
65 /* Optional preamble for log messages (e.g. username) */
66 char *log_preamble;
67
65 /* Dispatcher table */ 68 /* Dispatcher table */
66 dispatch_fn *dispatch[DISPATCH_MAX]; 69 dispatch_fn *dispatch[DISPATCH_MAX];
67 /* number of packets to ignore in the dispatcher */ 70 /* number of packets to ignore in the dispatcher */
@@ -104,6 +107,8 @@ void ssh_packet_set_server(struct ssh *);
104void ssh_packet_set_authenticated(struct ssh *); 107void ssh_packet_set_authenticated(struct ssh *);
105void ssh_packet_set_mux(struct ssh *); 108void ssh_packet_set_mux(struct ssh *);
106int ssh_packet_get_mux(struct ssh *); 109int ssh_packet_get_mux(struct ssh *);
110int ssh_packet_set_log_preamble(struct ssh *, const char *, ...)
111 __attribute__((format(printf, 2, 3)));
107 112
108int ssh_packet_log_type(u_char); 113int ssh_packet_log_type(u_char);
109 114
@@ -154,7 +159,7 @@ int ssh_remote_port(struct ssh *);
154const char *ssh_local_ipaddr(struct ssh *); 159const char *ssh_local_ipaddr(struct ssh *);
155int ssh_local_port(struct ssh *); 160int ssh_local_port(struct ssh *);
156 161
157void ssh_packet_set_rekey_limits(struct ssh *, u_int64_t, time_t); 162void ssh_packet_set_rekey_limits(struct ssh *, u_int64_t, u_int32_t);
158time_t ssh_packet_get_rekey_timeout(struct ssh *); 163time_t ssh_packet_get_rekey_timeout(struct ssh *);
159 164
160void *ssh_packet_get_input(struct ssh *); 165void *ssh_packet_get_input(struct ssh *);
diff --git a/pathnames.h b/pathnames.h
index f5e11ab15..a8deb9fc6 100644
--- a/pathnames.h
+++ b/pathnames.h
@@ -166,15 +166,6 @@
166#define _PATH_LS "ls" 166#define _PATH_LS "ls"
167#endif 167#endif
168 168
169/* path to login program */
170#ifndef LOGIN_PROGRAM
171# ifdef LOGIN_PROGRAM_FALLBACK
172# define LOGIN_PROGRAM LOGIN_PROGRAM_FALLBACK
173# else
174# define LOGIN_PROGRAM "/usr/bin/login"
175# endif
176#endif /* LOGIN_PROGRAM */
177
178/* Askpass program define */ 169/* Askpass program define */
179#ifndef ASKPASS_PROGRAM 170#ifndef ASKPASS_PROGRAM
180#define ASKPASS_PROGRAM "/usr/lib/ssh/ssh-askpass" 171#define ASKPASS_PROGRAM "/usr/lib/ssh/ssh-askpass"
diff --git a/readconf.c b/readconf.c
index fa3fab8f0..9d59493f0 100644
--- a/readconf.c
+++ b/readconf.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: readconf.c,v 1.262 2016/10/25 04:08:13 jsg Exp $ */ 1/* $OpenBSD: readconf.c,v 1.270 2017/03/10 04:27:32 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -93,7 +93,7 @@
93 93
94 Host books.com 94 Host books.com
95 RemoteForward 9999 shadows.cs.hut.fi:9999 95 RemoteForward 9999 shadows.cs.hut.fi:9999
96 Cipher 3des 96 Ciphers 3des-cbc
97 97
98 Host fascist.blob.com 98 Host fascist.blob.com
99 Port 23123 99 Port 23123
@@ -108,7 +108,7 @@
108 PublicKeyAuthentication no 108 PublicKeyAuthentication no
109 109
110 Host *.su 110 Host *.su
111 Cipher none 111 Ciphers aes128-ctr
112 PasswordAuthentication no 112 PasswordAuthentication no
113 113
114 Host vpn.fake.com 114 Host vpn.fake.com
@@ -180,6 +180,44 @@ static struct {
180 const char *name; 180 const char *name;
181 OpCodes opcode; 181 OpCodes opcode;
182} keywords[] = { 182} keywords[] = {
183 /* Deprecated options */
184 { "fallbacktorsh", oDeprecated },
185 { "globalknownhostsfile2", oDeprecated },
186 { "rhostsauthentication", oDeprecated },
187 { "userknownhostsfile2", oDeprecated },
188 { "useroaming", oDeprecated },
189 { "usersh", oDeprecated },
190
191 /* Unsupported options */
192 { "afstokenpassing", oUnsupported },
193 { "kerberosauthentication", oUnsupported },
194 { "kerberostgtpassing", oUnsupported },
195
196 /* Sometimes-unsupported options */
197#if defined(GSSAPI)
198 { "gssapiauthentication", oGssAuthentication },
199 { "gssapidelegatecredentials", oGssDelegateCreds },
200# else
201 { "gssapiauthentication", oUnsupported },
202 { "gssapidelegatecredentials", oUnsupported },
203#endif
204#ifdef ENABLE_PKCS11
205 { "smartcarddevice", oPKCS11Provider },
206 { "pkcs11provider", oPKCS11Provider },
207# else
208 { "smartcarddevice", oUnsupported },
209 { "pkcs11provider", oUnsupported },
210#endif
211#ifdef WITH_SSH1
212 { "rsaauthentication", oRSAAuthentication },
213 { "rhostsrsaauthentication", oRhostsRSAAuthentication },
214 { "compressionlevel", oCompressionLevel },
215# else
216 { "rsaauthentication", oUnsupported },
217 { "rhostsrsaauthentication", oUnsupported },
218 { "compressionlevel", oUnsupported },
219#endif
220
183 { "forwardagent", oForwardAgent }, 221 { "forwardagent", oForwardAgent },
184 { "forwardx11", oForwardX11 }, 222 { "forwardx11", oForwardX11 },
185 { "forwardx11trusted", oForwardX11Trusted }, 223 { "forwardx11trusted", oForwardX11Trusted },
@@ -188,30 +226,15 @@ static struct {
188 { "xauthlocation", oXAuthLocation }, 226 { "xauthlocation", oXAuthLocation },
189 { "gatewayports", oGatewayPorts }, 227 { "gatewayports", oGatewayPorts },
190 { "useprivilegedport", oUsePrivilegedPort }, 228 { "useprivilegedport", oUsePrivilegedPort },
191 { "rhostsauthentication", oDeprecated },
192 { "passwordauthentication", oPasswordAuthentication }, 229 { "passwordauthentication", oPasswordAuthentication },
193 { "kbdinteractiveauthentication", oKbdInteractiveAuthentication }, 230 { "kbdinteractiveauthentication", oKbdInteractiveAuthentication },
194 { "kbdinteractivedevices", oKbdInteractiveDevices }, 231 { "kbdinteractivedevices", oKbdInteractiveDevices },
195 { "rsaauthentication", oRSAAuthentication },
196 { "pubkeyauthentication", oPubkeyAuthentication }, 232 { "pubkeyauthentication", oPubkeyAuthentication },
197 { "dsaauthentication", oPubkeyAuthentication }, /* alias */ 233 { "dsaauthentication", oPubkeyAuthentication }, /* alias */
198 { "rhostsrsaauthentication", oRhostsRSAAuthentication },
199 { "hostbasedauthentication", oHostbasedAuthentication }, 234 { "hostbasedauthentication", oHostbasedAuthentication },
200 { "challengeresponseauthentication", oChallengeResponseAuthentication }, 235 { "challengeresponseauthentication", oChallengeResponseAuthentication },
201 { "skeyauthentication", oChallengeResponseAuthentication }, /* alias */ 236 { "skeyauthentication", oChallengeResponseAuthentication }, /* alias */
202 { "tisauthentication", oChallengeResponseAuthentication }, /* alias */ 237 { "tisauthentication", oChallengeResponseAuthentication }, /* alias */
203 { "kerberosauthentication", oUnsupported },
204 { "kerberostgtpassing", oUnsupported },
205 { "afstokenpassing", oUnsupported },
206#if defined(GSSAPI)
207 { "gssapiauthentication", oGssAuthentication },
208 { "gssapidelegatecredentials", oGssDelegateCreds },
209#else
210 { "gssapiauthentication", oUnsupported },
211 { "gssapidelegatecredentials", oUnsupported },
212#endif
213 { "fallbacktorsh", oDeprecated },
214 { "usersh", oDeprecated },
215 { "identityfile", oIdentityFile }, 238 { "identityfile", oIdentityFile },
216 { "identityfile2", oIdentityFile }, /* obsolete */ 239 { "identityfile2", oIdentityFile }, /* obsolete */
217 { "identitiesonly", oIdentitiesOnly }, 240 { "identitiesonly", oIdentitiesOnly },
@@ -233,15 +256,12 @@ static struct {
233 { "match", oMatch }, 256 { "match", oMatch },
234 { "escapechar", oEscapeChar }, 257 { "escapechar", oEscapeChar },
235 { "globalknownhostsfile", oGlobalKnownHostsFile }, 258 { "globalknownhostsfile", oGlobalKnownHostsFile },
236 { "globalknownhostsfile2", oDeprecated },
237 { "userknownhostsfile", oUserKnownHostsFile }, 259 { "userknownhostsfile", oUserKnownHostsFile },
238 { "userknownhostsfile2", oDeprecated },
239 { "connectionattempts", oConnectionAttempts }, 260 { "connectionattempts", oConnectionAttempts },
240 { "batchmode", oBatchMode }, 261 { "batchmode", oBatchMode },
241 { "checkhostip", oCheckHostIP }, 262 { "checkhostip", oCheckHostIP },
242 { "stricthostkeychecking", oStrictHostKeyChecking }, 263 { "stricthostkeychecking", oStrictHostKeyChecking },
243 { "compression", oCompression }, 264 { "compression", oCompression },
244 { "compressionlevel", oCompressionLevel },
245 { "tcpkeepalive", oTCPKeepAlive }, 265 { "tcpkeepalive", oTCPKeepAlive },
246 { "keepalive", oTCPKeepAlive }, /* obsolete */ 266 { "keepalive", oTCPKeepAlive }, /* obsolete */
247 { "numberofpasswordprompts", oNumberOfPasswordPrompts }, 267 { "numberofpasswordprompts", oNumberOfPasswordPrompts },
@@ -250,13 +270,6 @@ static struct {
250 { "preferredauthentications", oPreferredAuthentications }, 270 { "preferredauthentications", oPreferredAuthentications },
251 { "hostkeyalgorithms", oHostKeyAlgorithms }, 271 { "hostkeyalgorithms", oHostKeyAlgorithms },
252 { "bindaddress", oBindAddress }, 272 { "bindaddress", oBindAddress },
253#ifdef ENABLE_PKCS11
254 { "smartcarddevice", oPKCS11Provider },
255 { "pkcs11provider", oPKCS11Provider },
256#else
257 { "smartcarddevice", oUnsupported },
258 { "pkcs11provider", oUnsupported },
259#endif
260 { "clearallforwardings", oClearAllForwardings }, 273 { "clearallforwardings", oClearAllForwardings },
261 { "enablesshkeysign", oEnableSSHKeysign }, 274 { "enablesshkeysign", oEnableSSHKeysign },
262 { "verifyhostkeydns", oVerifyHostKeyDNS }, 275 { "verifyhostkeydns", oVerifyHostKeyDNS },
@@ -277,7 +290,6 @@ static struct {
277 { "localcommand", oLocalCommand }, 290 { "localcommand", oLocalCommand },
278 { "permitlocalcommand", oPermitLocalCommand }, 291 { "permitlocalcommand", oPermitLocalCommand },
279 { "visualhostkey", oVisualHostKey }, 292 { "visualhostkey", oVisualHostKey },
280 { "useroaming", oDeprecated },
281 { "kexalgorithms", oKexAlgorithms }, 293 { "kexalgorithms", oKexAlgorithms },
282 { "ipqos", oIPQoS }, 294 { "ipqos", oIPQoS },
283 { "requesttty", oRequestTTY }, 295 { "requesttty", oRequestTTY },
@@ -830,11 +842,11 @@ process_config_line_depth(Options *options, struct passwd *pw, const char *host,
830 activep = &cmdline; 842 activep = &cmdline;
831 } 843 }
832 844
833 /* Strip trailing whitespace */ 845 /* Strip trailing whitespace. Allow \f (form feed) at EOL only */
834 if ((len = strlen(line)) == 0) 846 if ((len = strlen(line)) == 0)
835 return 0; 847 return 0;
836 for (len--; len > 0; len--) { 848 for (len--; len > 0; len--) {
837 if (strchr(WHITESPACE, line[len]) == NULL) 849 if (strchr(WHITESPACE "\f", line[len]) == NULL)
838 break; 850 break;
839 line[len] = '\0'; 851 line[len] = '\0';
840 } 852 }
@@ -1182,7 +1194,7 @@ parse_int:
1182 arg = strdelim(&s); 1194 arg = strdelim(&s);
1183 if (!arg || *arg == '\0') 1195 if (!arg || *arg == '\0')
1184 fatal("%.200s line %d: Missing argument.", filename, linenum); 1196 fatal("%.200s line %d: Missing argument.", filename, linenum);
1185 if (!ciphers_valid(*arg == '+' ? arg + 1 : arg)) 1197 if (*arg != '-' && !ciphers_valid(*arg == '+' ? arg + 1 : arg))
1186 fatal("%.200s line %d: Bad SSH2 cipher spec '%s'.", 1198 fatal("%.200s line %d: Bad SSH2 cipher spec '%s'.",
1187 filename, linenum, arg ? arg : "<NONE>"); 1199 filename, linenum, arg ? arg : "<NONE>");
1188 if (*activep && options->ciphers == NULL) 1200 if (*activep && options->ciphers == NULL)
@@ -1193,7 +1205,7 @@ parse_int:
1193 arg = strdelim(&s); 1205 arg = strdelim(&s);
1194 if (!arg || *arg == '\0') 1206 if (!arg || *arg == '\0')
1195 fatal("%.200s line %d: Missing argument.", filename, linenum); 1207 fatal("%.200s line %d: Missing argument.", filename, linenum);
1196 if (!mac_valid(*arg == '+' ? arg + 1 : arg)) 1208 if (*arg != '-' && !mac_valid(*arg == '+' ? arg + 1 : arg))
1197 fatal("%.200s line %d: Bad SSH2 Mac spec '%s'.", 1209 fatal("%.200s line %d: Bad SSH2 Mac spec '%s'.",
1198 filename, linenum, arg ? arg : "<NONE>"); 1210 filename, linenum, arg ? arg : "<NONE>");
1199 if (*activep && options->macs == NULL) 1211 if (*activep && options->macs == NULL)
@@ -1205,7 +1217,8 @@ parse_int:
1205 if (!arg || *arg == '\0') 1217 if (!arg || *arg == '\0')
1206 fatal("%.200s line %d: Missing argument.", 1218 fatal("%.200s line %d: Missing argument.",
1207 filename, linenum); 1219 filename, linenum);
1208 if (!kex_names_valid(*arg == '+' ? arg + 1 : arg)) 1220 if (*arg != '-' &&
1221 !kex_names_valid(*arg == '+' ? arg + 1 : arg))
1209 fatal("%.200s line %d: Bad SSH2 KexAlgorithms '%s'.", 1222 fatal("%.200s line %d: Bad SSH2 KexAlgorithms '%s'.",
1210 filename, linenum, arg ? arg : "<NONE>"); 1223 filename, linenum, arg ? arg : "<NONE>");
1211 if (*activep && options->kex_algorithms == NULL) 1224 if (*activep && options->kex_algorithms == NULL)
@@ -1219,7 +1232,8 @@ parse_keytypes:
1219 if (!arg || *arg == '\0') 1232 if (!arg || *arg == '\0')
1220 fatal("%.200s line %d: Missing argument.", 1233 fatal("%.200s line %d: Missing argument.",
1221 filename, linenum); 1234 filename, linenum);
1222 if (!sshkey_names_valid2(*arg == '+' ? arg + 1 : arg, 1)) 1235 if (*arg != '-' &&
1236 !sshkey_names_valid2(*arg == '+' ? arg + 1 : arg, 1))
1223 fatal("%s line %d: Bad key types '%s'.", 1237 fatal("%s line %d: Bad key types '%s'.",
1224 filename, linenum, arg ? arg : "<NONE>"); 1238 filename, linenum, arg ? arg : "<NONE>");
1225 if (*activep && *charptr == NULL) 1239 if (*activep && *charptr == NULL)
@@ -1486,6 +1500,7 @@ parse_keytypes:
1486 if (r == GLOB_NOMATCH) { 1500 if (r == GLOB_NOMATCH) {
1487 debug("%.200s line %d: include %s matched no " 1501 debug("%.200s line %d: include %s matched no "
1488 "files",filename, linenum, arg2); 1502 "files",filename, linenum, arg2);
1503 free(arg2);
1489 continue; 1504 continue;
1490 } else if (r != 0 || gl.gl_pathc < 0) 1505 } else if (r != 0 || gl.gl_pathc < 0)
1491 fatal("%.200s line %d: glob failed for %s.", 1506 fatal("%.200s line %d: glob failed for %s.",
@@ -1502,6 +1517,11 @@ parse_keytypes:
1502 flags | SSHCONF_CHECKPERM | 1517 flags | SSHCONF_CHECKPERM |
1503 (oactive ? 0 : SSHCONF_NEVERMATCH), 1518 (oactive ? 0 : SSHCONF_NEVERMATCH),
1504 activep, depth + 1); 1519 activep, depth + 1);
1520 if (r != 1 && errno != ENOENT) {
1521 fatal("Can't open user config file "
1522 "%.100s: %.100s", gl.gl_pathv[i],
1523 strerror(errno));
1524 }
1505 /* 1525 /*
1506 * don't let Match in includes clobber the 1526 * don't let Match in includes clobber the
1507 * containing file's Match state. 1527 * containing file's Match state.
@@ -1700,7 +1720,7 @@ read_config_file_depth(const char *filename, struct passwd *pw,
1700 int flags, int *activep, int depth) 1720 int flags, int *activep, int depth)
1701{ 1721{
1702 FILE *f; 1722 FILE *f;
1703 char line[1024]; 1723 char line[4096];
1704 int linenum; 1724 int linenum;
1705 int bad_options = 0; 1725 int bad_options = 0;
1706 1726
@@ -1730,6 +1750,8 @@ read_config_file_depth(const char *filename, struct passwd *pw,
1730 while (fgets(line, sizeof(line), f)) { 1750 while (fgets(line, sizeof(line), f)) {
1731 /* Update line number counter. */ 1751 /* Update line number counter. */
1732 linenum++; 1752 linenum++;
1753 if (strlen(line) == sizeof(line) - 1)
1754 fatal("%s line %d too long", filename, linenum);
1733 if (process_config_line_depth(options, pw, host, original_host, 1755 if (process_config_line_depth(options, pw, host, original_host,
1734 line, filename, linenum, activep, flags, depth) != 0) 1756 line, filename, linenum, activep, flags, depth) != 0)
1735 bad_options++; 1757 bad_options++;
@@ -2446,10 +2468,10 @@ dump_cfg_forwards(OpCodes code, u_int count, const struct Forward *fwds)
2446 /* oDynamicForward */ 2468 /* oDynamicForward */
2447 for (i = 0; i < count; i++) { 2469 for (i = 0; i < count; i++) {
2448 fwd = &fwds[i]; 2470 fwd = &fwds[i];
2449 if (code == oDynamicForward && 2471 if (code == oDynamicForward && fwd->connect_host != NULL &&
2450 strcmp(fwd->connect_host, "socks") != 0) 2472 strcmp(fwd->connect_host, "socks") != 0)
2451 continue; 2473 continue;
2452 if (code == oLocalForward && 2474 if (code == oLocalForward && fwd->connect_host != NULL &&
2453 strcmp(fwd->connect_host, "socks") == 0) 2475 strcmp(fwd->connect_host, "socks") == 0)
2454 continue; 2476 continue;
2455 printf("%s", lookup_opcode_name(code)); 2477 printf("%s", lookup_opcode_name(code));
@@ -2522,8 +2544,10 @@ dump_client_config(Options *o, const char *host)
2522 dump_cfg_fmtint(oProxyUseFdpass, o->proxy_use_fdpass); 2544 dump_cfg_fmtint(oProxyUseFdpass, o->proxy_use_fdpass);
2523 dump_cfg_fmtint(oPubkeyAuthentication, o->pubkey_authentication); 2545 dump_cfg_fmtint(oPubkeyAuthentication, o->pubkey_authentication);
2524 dump_cfg_fmtint(oRequestTTY, o->request_tty); 2546 dump_cfg_fmtint(oRequestTTY, o->request_tty);
2547#ifdef WITH_RSA1
2525 dump_cfg_fmtint(oRhostsRSAAuthentication, o->rhosts_rsa_authentication); 2548 dump_cfg_fmtint(oRhostsRSAAuthentication, o->rhosts_rsa_authentication);
2526 dump_cfg_fmtint(oRSAAuthentication, o->rsa_authentication); 2549 dump_cfg_fmtint(oRSAAuthentication, o->rsa_authentication);
2550#endif
2527 dump_cfg_fmtint(oStreamLocalBindUnlink, o->fwd_opts.streamlocal_bind_unlink); 2551 dump_cfg_fmtint(oStreamLocalBindUnlink, o->fwd_opts.streamlocal_bind_unlink);
2528 dump_cfg_fmtint(oStrictHostKeyChecking, o->strict_host_key_checking); 2552 dump_cfg_fmtint(oStrictHostKeyChecking, o->strict_host_key_checking);
2529 dump_cfg_fmtint(oTCPKeepAlive, o->tcp_keep_alive); 2553 dump_cfg_fmtint(oTCPKeepAlive, o->tcp_keep_alive);
@@ -2535,7 +2559,9 @@ dump_client_config(Options *o, const char *host)
2535 2559
2536 /* Integer options */ 2560 /* Integer options */
2537 dump_cfg_int(oCanonicalizeMaxDots, o->canonicalize_max_dots); 2561 dump_cfg_int(oCanonicalizeMaxDots, o->canonicalize_max_dots);
2562#ifdef WITH_SSH1
2538 dump_cfg_int(oCompressionLevel, o->compression_level); 2563 dump_cfg_int(oCompressionLevel, o->compression_level);
2564#endif
2539 dump_cfg_int(oConnectionAttempts, o->connection_attempts); 2565 dump_cfg_int(oConnectionAttempts, o->connection_attempts);
2540 dump_cfg_int(oForwardX11Timeout, o->forward_x11_timeout); 2566 dump_cfg_int(oForwardX11Timeout, o->forward_x11_timeout);
2541 dump_cfg_int(oNumberOfPasswordPrompts, o->number_of_password_prompts); 2567 dump_cfg_int(oNumberOfPasswordPrompts, o->number_of_password_prompts);
@@ -2555,7 +2581,9 @@ dump_client_config(Options *o, const char *host)
2555 dump_cfg_string(oLocalCommand, o->local_command); 2581 dump_cfg_string(oLocalCommand, o->local_command);
2556 dump_cfg_string(oLogLevel, log_level_name(o->log_level)); 2582 dump_cfg_string(oLogLevel, log_level_name(o->log_level));
2557 dump_cfg_string(oMacs, o->macs ? o->macs : KEX_CLIENT_MAC); 2583 dump_cfg_string(oMacs, o->macs ? o->macs : KEX_CLIENT_MAC);
2584#ifdef ENABLE_PKCS11
2558 dump_cfg_string(oPKCS11Provider, o->pkcs11_provider); 2585 dump_cfg_string(oPKCS11Provider, o->pkcs11_provider);
2586#endif
2559 dump_cfg_string(oPreferredAuthentications, o->preferred_authentications); 2587 dump_cfg_string(oPreferredAuthentications, o->preferred_authentications);
2560 dump_cfg_string(oPubkeyAcceptedKeyTypes, o->pubkey_key_types); 2588 dump_cfg_string(oPubkeyAcceptedKeyTypes, o->pubkey_key_types);
2561 dump_cfg_string(oRevokedHostKeys, o->revoked_host_keys); 2589 dump_cfg_string(oRevokedHostKeys, o->revoked_host_keys);
diff --git a/regress/Makefile b/regress/Makefile
index c2dba4fdf..b23496b98 100644
--- a/regress/Makefile
+++ b/regress/Makefile
@@ -222,6 +222,7 @@ unit:
222 $$V ${.OBJDIR}/unittests/sshkey/test_sshkey \ 222 $$V ${.OBJDIR}/unittests/sshkey/test_sshkey \
223 -d ${.CURDIR}/unittests/sshkey/testdata ; \ 223 -d ${.CURDIR}/unittests/sshkey/testdata ; \
224 $$V ${.OBJDIR}/unittests/bitmap/test_bitmap ; \ 224 $$V ${.OBJDIR}/unittests/bitmap/test_bitmap ; \
225 $$V ${.OBJDIR}/unittests/conversion/test_conversion ; \
225 $$V ${.OBJDIR}/unittests/kex/test_kex ; \ 226 $$V ${.OBJDIR}/unittests/kex/test_kex ; \
226 $$V ${.OBJDIR}/unittests/hostkeys/test_hostkeys \ 227 $$V ${.OBJDIR}/unittests/hostkeys/test_hostkeys \
227 -d ${.CURDIR}/unittests/hostkeys/testdata ; \ 228 -d ${.CURDIR}/unittests/hostkeys/testdata ; \
diff --git a/regress/agent-getpeereid.sh b/regress/agent-getpeereid.sh
index 91621a59c..34bced154 100644
--- a/regress/agent-getpeereid.sh
+++ b/regress/agent-getpeereid.sh
@@ -1,4 +1,4 @@
1# $OpenBSD: agent-getpeereid.sh,v 1.7 2016/09/26 21:34:38 bluhm Exp $ 1# $OpenBSD: agent-getpeereid.sh,v 1.8 2017/01/06 02:51:16 djm Exp $
2# Placed in the Public Domain. 2# Placed in the Public Domain.
3 3
4tid="disallow agent attach from other uid" 4tid="disallow agent attach from other uid"
@@ -32,17 +32,17 @@ if [ $r -ne 0 ]; then
32else 32else
33 chmod 644 ${SSH_AUTH_SOCK} 33 chmod 644 ${SSH_AUTH_SOCK}
34 34
35 ssh-add -l > /dev/null 2>&1 35 ${SSHADD} -l > /dev/null 2>&1
36 r=$? 36 r=$?
37 if [ $r -ne 1 ]; then 37 if [ $r -ne 1 ]; then
38 fail "ssh-add failed with $r != 1" 38 fail "ssh-add failed with $r != 1"
39 fi 39 fi
40 if test -z "$sudo" ; then 40 if test -z "$sudo" ; then
41 # doas 41 # doas
42 ${SUDO} -n -u ${UNPRIV} ssh-add -l 2>/dev/null 42 ${SUDO} -n -u ${UNPRIV} ${SSHADD} -l 2>/dev/null
43 else 43 else
44 # sudo 44 # sudo
45 < /dev/null ${SUDO} -S -u ${UNPRIV} ssh-add -l 2>/dev/null 45 < /dev/null ${SUDO} -S -u ${UNPRIV} ${SSHADD} -l 2>/dev/null
46 fi 46 fi
47 r=$? 47 r=$?
48 if [ $r -lt 2 ]; then 48 if [ $r -lt 2 ]; then
diff --git a/regress/allow-deny-users.sh b/regress/allow-deny-users.sh
index 32a269afa..86805e193 100644
--- a/regress/allow-deny-users.sh
+++ b/regress/allow-deny-users.sh
@@ -4,7 +4,7 @@
4tid="AllowUsers/DenyUsers" 4tid="AllowUsers/DenyUsers"
5 5
6me="$LOGNAME" 6me="$LOGNAME"
7if [ "x$me" == "x" ]; then 7if [ "x$me" = "x" ]; then
8 me=`whoami` 8 me=`whoami`
9fi 9fi
10other="nobody" 10other="nobody"
diff --git a/regress/cert-file.sh b/regress/cert-file.sh
index b184e7fea..43b8e0201 100644
--- a/regress/cert-file.sh
+++ b/regress/cert-file.sh
@@ -1,4 +1,4 @@
1# $OpenBSD: cert-file.sh,v 1.4 2016/12/16 02:48:55 djm Exp $ 1# $OpenBSD: cert-file.sh,v 1.5 2017/03/11 23:44:16 djm Exp $
2# Placed in the Public Domain. 2# Placed in the Public Domain.
3 3
4tid="ssh with certificates" 4tid="ssh with certificates"
@@ -17,24 +17,59 @@ ${SSHKEYGEN} -q -N '' -t ed25519 -f $OBJ/user_key1 || \
17 fatal "ssh-keygen failed" 17 fatal "ssh-keygen failed"
18${SSHKEYGEN} -q -N '' -t ed25519 -f $OBJ/user_key2 || \ 18${SSHKEYGEN} -q -N '' -t ed25519 -f $OBJ/user_key2 || \
19 fatal "ssh-keygen failed" 19 fatal "ssh-keygen failed"
20${SSHKEYGEN} -q -N '' -t ed25519 -f $OBJ/user_key3 || \
21 fatal "ssh-keygen failed"
22${SSHKEYGEN} -q -N '' -t ed25519 -f $OBJ/user_key4 || \
23 fatal "ssh-keygen failed"
24${SSHKEYGEN} -q -N '' -t ed25519 -f $OBJ/user_key5 || \
25 fatal "ssh-keygen failed"
26
20# Move the certificate to a different address to better control 27# Move the certificate to a different address to better control
21# when it is offered. 28# when it is offered.
22${SSHKEYGEN} -q -s $OBJ/user_ca_key1 -I "regress user key for $USER" \ 29${SSHKEYGEN} -q -s $OBJ/user_ca_key1 -I "regress user key for $USER" \
23 -z $$ -n ${USER} $OBJ/user_key1 || 30 -z $$ -n ${USER} $OBJ/user_key1 ||
24 fail "couldn't sign user_key1 with user_ca_key1" 31 fatal "couldn't sign user_key1 with user_ca_key1"
25mv $OBJ/user_key1-cert.pub $OBJ/cert_user_key1_1.pub 32mv $OBJ/user_key1-cert.pub $OBJ/cert_user_key1_1.pub
26${SSHKEYGEN} -q -s $OBJ/user_ca_key2 -I "regress user key for $USER" \ 33${SSHKEYGEN} -q -s $OBJ/user_ca_key2 -I "regress user key for $USER" \
27 -z $$ -n ${USER} $OBJ/user_key1 || 34 -z $$ -n ${USER} $OBJ/user_key1 ||
28 fail "couldn't sign user_key1 with user_ca_key2" 35 fatal "couldn't sign user_key1 with user_ca_key2"
29mv $OBJ/user_key1-cert.pub $OBJ/cert_user_key1_2.pub 36mv $OBJ/user_key1-cert.pub $OBJ/cert_user_key1_2.pub
37${SSHKEYGEN} -q -s $OBJ/user_ca_key1 -I "regress user key for $USER" \
38 -z $$ -n ${USER} $OBJ/user_key3 ||
39 fatal "couldn't sign user_key3 with user_ca_key1"
40rm $OBJ/user_key3.pub # to test use of private key w/o public half.
41${SSHKEYGEN} -q -s $OBJ/user_ca_key1 -I "regress user key for $USER" \
42 -z $$ -n ${USER} $OBJ/user_key4 ||
43 fatal "couldn't sign user_key4 with user_ca_key1"
44rm $OBJ/user_key4 $OBJ/user_key4.pub # to test no matching pub/private key case.
30 45
31trace 'try with identity files' 46trace 'try with identity files'
32opts="-F $OBJ/ssh_proxy -oIdentitiesOnly=yes" 47opts="-F $OBJ/ssh_proxy -oIdentitiesOnly=yes"
33opts2="$opts -i $OBJ/user_key1 -i $OBJ/user_key2" 48opts2="$opts -i $OBJ/user_key1 -i $OBJ/user_key2"
34echo "cert-authority $(cat $OBJ/user_ca_key1.pub)" > $OBJ/authorized_keys_$USER 49echo "cert-authority $(cat $OBJ/user_ca_key1.pub)" > $OBJ/authorized_keys_$USER
35 50
51# Make a clean config that doesn't have any pre-added identities.
52cat $OBJ/ssh_proxy | grep -v IdentityFile > $OBJ/no_identity_config
53
54# XXX: verify that certificate used was what we expect. Needs exposure of
55# keys via enviornment variable or similar.
56
36for p in ${SSH_PROTOCOLS}; do 57for p in ${SSH_PROTOCOLS}; do
58 # Key with no .pub should work - finding the equivalent *-cert.pub.
59 verbose "protocol $p: identity cert with no plain public file"
60 ${SSH} -F $OBJ/no_identity_config -oIdentitiesOnly=yes \
61 -i $OBJ/user_key3 somehost exit 5$p
62 [ $? -ne 5$p ] && fail "ssh failed"
63
64 # CertificateFile matching private key with no .pub file should work.
65 verbose "protocol $p: CertificateFile with no plain public file"
66 ${SSH} -F $OBJ/no_identity_config -oIdentitiesOnly=yes \
67 -oCertificateFile=$OBJ/user_key3-cert.pub \
68 -i $OBJ/user_key3 somehost exit 5$p
69 [ $? -ne 5$p ] && fail "ssh failed"
70
37 # Just keys should fail 71 # Just keys should fail
72 verbose "protocol $p: plain keys"
38 ${SSH} $opts2 somehost exit 5$p 73 ${SSH} $opts2 somehost exit 5$p
39 r=$? 74 r=$?
40 if [ $r -eq 5$p ]; then 75 if [ $r -eq 5$p ]; then
@@ -42,6 +77,7 @@ for p in ${SSH_PROTOCOLS}; do
42 fi 77 fi
43 78
44 # Keys with untrusted cert should fail. 79 # Keys with untrusted cert should fail.
80 verbose "protocol $p: untrusted cert"
45 opts3="$opts2 -oCertificateFile=$OBJ/cert_user_key1_2.pub" 81 opts3="$opts2 -oCertificateFile=$OBJ/cert_user_key1_2.pub"
46 ${SSH} $opts3 somehost exit 5$p 82 ${SSH} $opts3 somehost exit 5$p
47 r=$? 83 r=$?
@@ -50,6 +86,7 @@ for p in ${SSH_PROTOCOLS}; do
50 fi 86 fi
51 87
52 # Good cert with bad key should fail. 88 # Good cert with bad key should fail.
89 verbose "protocol $p: good cert, bad key"
53 opts3="$opts -i $OBJ/user_key2" 90 opts3="$opts -i $OBJ/user_key2"
54 opts3="$opts3 -oCertificateFile=$OBJ/cert_user_key1_1.pub" 91 opts3="$opts3 -oCertificateFile=$OBJ/cert_user_key1_1.pub"
55 ${SSH} $opts3 somehost exit 5$p 92 ${SSH} $opts3 somehost exit 5$p
@@ -59,6 +96,7 @@ for p in ${SSH_PROTOCOLS}; do
59 fi 96 fi
60 97
61 # Keys with one trusted cert, should succeed. 98 # Keys with one trusted cert, should succeed.
99 verbose "protocol $p: single trusted"
62 opts3="$opts2 -oCertificateFile=$OBJ/cert_user_key1_1.pub" 100 opts3="$opts2 -oCertificateFile=$OBJ/cert_user_key1_1.pub"
63 ${SSH} $opts3 somehost exit 5$p 101 ${SSH} $opts3 somehost exit 5$p
64 r=$? 102 r=$?
@@ -67,6 +105,7 @@ for p in ${SSH_PROTOCOLS}; do
67 fi 105 fi
68 106
69 # Multiple certs and keys, with one trusted cert, should succeed. 107 # Multiple certs and keys, with one trusted cert, should succeed.
108 verbose "protocol $p: multiple trusted"
70 opts3="$opts2 -oCertificateFile=$OBJ/cert_user_key1_2.pub" 109 opts3="$opts2 -oCertificateFile=$OBJ/cert_user_key1_2.pub"
71 opts3="$opts3 -oCertificateFile=$OBJ/cert_user_key1_1.pub" 110 opts3="$opts3 -oCertificateFile=$OBJ/cert_user_key1_1.pub"
72 ${SSH} $opts3 somehost exit 5$p 111 ${SSH} $opts3 somehost exit 5$p
@@ -74,14 +113,6 @@ for p in ${SSH_PROTOCOLS}; do
74 if [ $r -ne 5$p ]; then 113 if [ $r -ne 5$p ]; then
75 fail "ssh failed with multiple certs in protocol $p" 114 fail "ssh failed with multiple certs in protocol $p"
76 fi 115 fi
77
78 #Keys with trusted certificate specified in config options, should succeed.
79 opts3="$opts2 -oCertificateFile=$OBJ/cert_user_key1_1.pub"
80 ${SSH} $opts3 somehost exit 5$p
81 r=$?
82 if [ $r -ne 5$p ]; then
83 fail "ssh failed with trusted cert in config in protocol $p"
84 fi
85done 116done
86 117
87#next, using an agent in combination with the keys 118#next, using an agent in combination with the keys
diff --git a/regress/forwarding.sh b/regress/forwarding.sh
index 2539db9b7..45c596d7d 100644
--- a/regress/forwarding.sh
+++ b/regress/forwarding.sh
@@ -1,4 +1,4 @@
1# $OpenBSD: forwarding.sh,v 1.16 2016/04/14 23:57:17 djm Exp $ 1# $OpenBSD: forwarding.sh,v 1.19 2017/01/30 05:22:14 djm Exp $
2# Placed in the Public Domain. 2# Placed in the Public Domain.
3 3
4tid="local and remote forwarding" 4tid="local and remote forwarding"
@@ -10,8 +10,7 @@ start_sshd
10base=33 10base=33
11last=$PORT 11last=$PORT
12fwd="" 12fwd=""
13CTL=$OBJ/ctl-sock 13CTL=/tmp/openssh.regress.ctl-sock.$$
14rm -f $CTL
15 14
16for j in 0 1 2; do 15for j in 0 1 2; do
17 for i in 0 1 2; do 16 for i in 0 1 2; do
@@ -29,7 +28,8 @@ for p in ${SSH_PROTOCOLS}; do
29 q=$p 28 q=$p
30 fi 29 fi
31 trace "start forwarding, fork to background" 30 trace "start forwarding, fork to background"
32 ${SSH} -$p -F $OBJ/ssh_config -f $fwd somehost sleep 10 31 rm -f $CTL
32 ${SSH} -S $CTL -M -$p -F $OBJ/ssh_config -f $fwd somehost sleep 10
33 33
34 trace "transfer over forwarded channels and check result" 34 trace "transfer over forwarded channels and check result"
35 ${SSH} -$q -F $OBJ/ssh_config -p$last -o 'ConnectionAttempts=4' \ 35 ${SSH} -$q -F $OBJ/ssh_config -p$last -o 'ConnectionAttempts=4' \
@@ -37,7 +37,7 @@ for p in ${SSH_PROTOCOLS}; do
37 test -s ${COPY} || fail "failed copy of ${DATA}" 37 test -s ${COPY} || fail "failed copy of ${DATA}"
38 cmp ${DATA} ${COPY} || fail "corrupted copy of ${DATA}" 38 cmp ${DATA} ${COPY} || fail "corrupted copy of ${DATA}"
39 39
40 sleep 10 40 ${SSH} -F $OBJ/ssh_config -S $CTL -O exit somehost
41done 41done
42 42
43for p in ${SSH_PROTOCOLS}; do 43for p in ${SSH_PROTOCOLS}; do
@@ -52,7 +52,7 @@ for d in L R; do
52 -$d ${base}04:127.0.0.1:$PORT \ 52 -$d ${base}04:127.0.0.1:$PORT \
53 -oExitOnForwardFailure=yes somehost true 53 -oExitOnForwardFailure=yes somehost true
54 if [ $? != 0 ]; then 54 if [ $? != 0 ]; then
55 fail "connection failed, should not" 55 fatal "connection failed, should not"
56 else 56 else
57 # this one should fail 57 # this one should fail
58 ${SSH} -q -$p -F $OBJ/ssh_config \ 58 ${SSH} -q -$p -F $OBJ/ssh_config \
@@ -75,30 +75,32 @@ for p in ${SSH_PROTOCOLS}; do
75 ${SSH} -$p -F $OBJ/ssh_config -oClearAllForwardings=yes somehost true 75 ${SSH} -$p -F $OBJ/ssh_config -oClearAllForwardings=yes somehost true
76 76
77 trace "clear local forward proto $p" 77 trace "clear local forward proto $p"
78 ${SSH} -$p -f -F $OBJ/ssh_config -L ${base}01:127.0.0.1:$PORT \ 78 rm -f $CTL
79 ${SSH} -S $CTL -M -$p -f -F $OBJ/ssh_config -L ${base}01:127.0.0.1:$PORT \
79 -oClearAllForwardings=yes somehost sleep 10 80 -oClearAllForwardings=yes somehost sleep 10
80 if [ $? != 0 ]; then 81 if [ $? != 0 ]; then
81 fail "connection failed with cleared local forwarding" 82 fail "connection failed with cleared local forwarding"
82 else 83 else
83 # this one should fail 84 # this one should fail
84 ${SSH} -$p -F $OBJ/ssh_config -p ${base}01 true \ 85 ${SSH} -$p -F $OBJ/ssh_config -p ${base}01 somehost true \
85 >>$TEST_REGRESS_LOGFILE 2>&1 && \ 86 >>$TEST_REGRESS_LOGFILE 2>&1 && \
86 fail "local forwarding not cleared" 87 fail "local forwarding not cleared"
87 fi 88 fi
88 sleep 10 89 ${SSH} -F $OBJ/ssh_config -S $CTL -O exit somehost
89 90
90 trace "clear remote forward proto $p" 91 trace "clear remote forward proto $p"
91 ${SSH} -$p -f -F $OBJ/ssh_config -R ${base}01:127.0.0.1:$PORT \ 92 rm -f $CTL
93 ${SSH} -S $CTL -M -$p -f -F $OBJ/ssh_config -R ${base}01:127.0.0.1:$PORT \
92 -oClearAllForwardings=yes somehost sleep 10 94 -oClearAllForwardings=yes somehost sleep 10
93 if [ $? != 0 ]; then 95 if [ $? != 0 ]; then
94 fail "connection failed with cleared remote forwarding" 96 fail "connection failed with cleared remote forwarding"
95 else 97 else
96 # this one should fail 98 # this one should fail
97 ${SSH} -$p -F $OBJ/ssh_config -p ${base}01 true \ 99 ${SSH} -$p -F $OBJ/ssh_config -p ${base}01 somehost true \
98 >>$TEST_REGRESS_LOGFILE 2>&1 && \ 100 >>$TEST_REGRESS_LOGFILE 2>&1 && \
99 fail "remote forwarding not cleared" 101 fail "remote forwarding not cleared"
100 fi 102 fi
101 sleep 10 103 ${SSH} -F $OBJ/ssh_config -S $CTL -O exit somehost
102done 104done
103 105
104for p in 2; do 106for p in 2; do
@@ -115,6 +117,7 @@ echo "LocalForward ${base}01 127.0.0.1:$PORT" >> $OBJ/ssh_config
115echo "RemoteForward ${base}02 127.0.0.1:${base}01" >> $OBJ/ssh_config 117echo "RemoteForward ${base}02 127.0.0.1:${base}01" >> $OBJ/ssh_config
116for p in ${SSH_PROTOCOLS}; do 118for p in ${SSH_PROTOCOLS}; do
117 trace "config file: start forwarding, fork to background" 119 trace "config file: start forwarding, fork to background"
120 rm -f $CTL
118 ${SSH} -S $CTL -M -$p -F $OBJ/ssh_config -f somehost sleep 10 121 ${SSH} -S $CTL -M -$p -F $OBJ/ssh_config -f somehost sleep 10
119 122
120 trace "config file: transfer over forwarded channels and check result" 123 trace "config file: transfer over forwarded channels and check result"
@@ -123,21 +126,24 @@ for p in ${SSH_PROTOCOLS}; do
123 test -s ${COPY} || fail "failed copy of ${DATA}" 126 test -s ${COPY} || fail "failed copy of ${DATA}"
124 cmp ${DATA} ${COPY} || fail "corrupted copy of ${DATA}" 127 cmp ${DATA} ${COPY} || fail "corrupted copy of ${DATA}"
125 128
126 ${SSH} -S $CTL -O exit somehost 129 ${SSH} -F $OBJ/ssh_config -S $CTL -O exit somehost
127done 130done
128 131
129for p in 2; do 132for p in 2; do
130 trace "transfer over chained unix domain socket forwards and check result" 133 trace "transfer over chained unix domain socket forwards and check result"
131 rm -f $OBJ/unix-[123].fwd 134 rm -f $OBJ/unix-[123].fwd
132 ${SSH} -f -F $OBJ/ssh_config -R${base}01:[$OBJ/unix-1.fwd] somehost sleep 10 135 rm -f $CTL $CTL.[123]
133 ${SSH} -f -F $OBJ/ssh_config -L[$OBJ/unix-1.fwd]:[$OBJ/unix-2.fwd] somehost sleep 10 136 ${SSH} -S $CTL -M -f -F $OBJ/ssh_config -R${base}01:[$OBJ/unix-1.fwd] somehost sleep 10
134 ${SSH} -f -F $OBJ/ssh_config -R[$OBJ/unix-2.fwd]:[$OBJ/unix-3.fwd] somehost sleep 10 137 ${SSH} -S $CTL.1 -M -f -F $OBJ/ssh_config -L[$OBJ/unix-1.fwd]:[$OBJ/unix-2.fwd] somehost sleep 10
135 ${SSH} -f -F $OBJ/ssh_config -L[$OBJ/unix-3.fwd]:127.0.0.1:$PORT somehost sleep 10 138 ${SSH} -S $CTL.2 -M -f -F $OBJ/ssh_config -R[$OBJ/unix-2.fwd]:[$OBJ/unix-3.fwd] somehost sleep 10
139 ${SSH} -S $CTL.3 -M -f -F $OBJ/ssh_config -L[$OBJ/unix-3.fwd]:127.0.0.1:$PORT somehost sleep 10
136 ${SSH} -F $OBJ/ssh_config -p${base}01 -o 'ConnectionAttempts=4' \ 140 ${SSH} -F $OBJ/ssh_config -p${base}01 -o 'ConnectionAttempts=4' \
137 somehost cat ${DATA} > ${COPY} 141 somehost cat ${DATA} > ${COPY}
138 test -s ${COPY} || fail "failed copy ${DATA}" 142 test -s ${COPY} || fail "failed copy ${DATA}"
139 cmp ${DATA} ${COPY} || fail "corrupted copy of ${DATA}" 143 cmp ${DATA} ${COPY} || fail "corrupted copy of ${DATA}"
140 144
141 #wait 145 ${SSH} -F $OBJ/ssh_config -S $CTL -O exit somehost
142 sleep 10 146 ${SSH} -F $OBJ/ssh_config -S $CTL.1 -O exit somehost
147 ${SSH} -F $OBJ/ssh_config -S $CTL.2 -O exit somehost
148 ${SSH} -F $OBJ/ssh_config -S $CTL.3 -O exit somehost
143done 149done
diff --git a/regress/integrity.sh b/regress/integrity.sh
index 39d310deb..1df2924f5 100644
--- a/regress/integrity.sh
+++ b/regress/integrity.sh
@@ -1,12 +1,10 @@
1# $OpenBSD: integrity.sh,v 1.19 2016/11/25 02:56:49 dtucker Exp $ 1# $OpenBSD: integrity.sh,v 1.20 2017/01/06 02:26:10 dtucker Exp $
2# Placed in the Public Domain. 2# Placed in the Public Domain.
3 3
4tid="integrity" 4tid="integrity"
5cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak 5cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak
6 6
7# start at byte 2900 (i.e. after kex) and corrupt at different offsets 7# start at byte 2900 (i.e. after kex) and corrupt at different offsets
8# XXX the test hangs if we modify the low bytes of the packet length
9# XXX and ssh tries to read...
10tries=10 8tries=10
11startoffset=2900 9startoffset=2900
12macs=`${SSH} -Q mac` 10macs=`${SSH} -Q mac`
@@ -27,6 +25,7 @@ for m in $macs; do
27 elen=0 25 elen=0
28 epad=0 26 epad=0
29 emac=0 27 emac=0
28 etmo=0
30 ecnt=0 29 ecnt=0
31 skip=0 30 skip=0
32 for off in `jot $tries $startoffset`; do 31 for off in `jot $tries $startoffset`; do
diff --git a/regress/test-exec.sh b/regress/test-exec.sh
index bfa48803b..dc033cd96 100644
--- a/regress/test-exec.sh
+++ b/regress/test-exec.sh
@@ -1,4 +1,4 @@
1# $OpenBSD: test-exec.sh,v 1.58 2016/12/16 01:06:27 dtucker Exp $ 1# $OpenBSD: test-exec.sh,v 1.59 2017/02/07 23:03:11 dtucker Exp $
2# Placed in the Public Domain. 2# Placed in the Public Domain.
3 3
4#SUDO=sudo 4#SUDO=sudo
@@ -444,12 +444,10 @@ Host *
444 User $USER 444 User $USER
445 GlobalKnownHostsFile $OBJ/known_hosts 445 GlobalKnownHostsFile $OBJ/known_hosts
446 UserKnownHostsFile $OBJ/known_hosts 446 UserKnownHostsFile $OBJ/known_hosts
447 RSAAuthentication yes
448 PubkeyAuthentication yes 447 PubkeyAuthentication yes
449 ChallengeResponseAuthentication no 448 ChallengeResponseAuthentication no
450 HostbasedAuthentication no 449 HostbasedAuthentication no
451 PasswordAuthentication no 450 PasswordAuthentication no
452 RhostsRSAAuthentication no
453 BatchMode yes 451 BatchMode yes
454 StrictHostKeyChecking yes 452 StrictHostKeyChecking yes
455 LogLevel DEBUG3 453 LogLevel DEBUG3
diff --git a/regress/unittests/Makefile b/regress/unittests/Makefile
index e70b16644..e975f6ca4 100644
--- a/regress/unittests/Makefile
+++ b/regress/unittests/Makefile
@@ -1,5 +1,6 @@
1# $OpenBSD: Makefile,v 1.7 2016/08/19 06:44:13 djm Exp $ 1# $OpenBSD: Makefile,v 1.9 2017/03/14 01:20:29 dtucker Exp $
2REGRESS_FAIL_EARLY= yes 2
3SUBDIR= test_helper sshbuf sshkey bitmap kex hostkeys utf8 match 3REGRESS_FAIL_EARLY?= yes
4SUBDIR= test_helper sshbuf sshkey bitmap kex hostkeys utf8 match conversion
4 5
5.include <bsd.subdir.mk> 6.include <bsd.subdir.mk>
diff --git a/regress/unittests/conversion/Makefile b/regress/unittests/conversion/Makefile
new file mode 100644
index 000000000..cde97dc28
--- /dev/null
+++ b/regress/unittests/conversion/Makefile
@@ -0,0 +1,10 @@
1# $OpenBSD: Makefile,v 1.1 2017/03/14 01:20:29 dtucker Exp $
2
3PROG=test_conversion
4SRCS=tests.c
5REGRESS_TARGETS=run-regress-${PROG}
6
7run-regress-${PROG}: ${PROG}
8 env ${TEST_ENV} ./${PROG}
9
10.include <bsd.regress.mk>
diff --git a/regress/unittests/conversion/tests.c b/regress/unittests/conversion/tests.c
new file mode 100644
index 000000000..6dd77ef42
--- /dev/null
+++ b/regress/unittests/conversion/tests.c
@@ -0,0 +1,51 @@
1/* $OpenBSD: tests.c,v 1.1 2017/03/14 01:20:29 dtucker Exp $ */
2/*
3 * Regress test for conversions
4 *
5 * Placed in the public domain
6 */
7
8#include "includes.h"
9
10#include <sys/types.h>
11#include <sys/param.h>
12#include <stdio.h>
13#ifdef HAVE_STDINT_H
14#include <stdint.h>
15#endif
16#include <stdlib.h>
17#include <string.h>
18
19#include "../test_helper/test_helper.h"
20
21#include "misc.h"
22
23void
24tests(void)
25{
26 char buf[1024];
27
28 TEST_START("conversion_convtime");
29 ASSERT_LONG_EQ(convtime("0"), 0);
30 ASSERT_LONG_EQ(convtime("1"), 1);
31 ASSERT_LONG_EQ(convtime("1S"), 1);
32 /* from the examples in the comment above the function */
33 ASSERT_LONG_EQ(convtime("90m"), 5400);
34 ASSERT_LONG_EQ(convtime("1h30m"), 5400);
35 ASSERT_LONG_EQ(convtime("2d"), 172800);
36 ASSERT_LONG_EQ(convtime("1w"), 604800);
37
38 /* negative time is not allowed */
39 ASSERT_LONG_EQ(convtime("-7"), -1);
40 ASSERT_LONG_EQ(convtime("-9d"), -1);
41
42 /* overflow */
43 snprintf(buf, sizeof buf, "%llu", (unsigned long long)LONG_MAX + 1);
44 ASSERT_LONG_EQ(convtime(buf), -1);
45
46 /* overflow with multiplier */
47 snprintf(buf, sizeof buf, "%lluM", (unsigned long long)LONG_MAX/60 + 1);
48 ASSERT_LONG_EQ(convtime(buf), -1);
49 ASSERT_LONG_EQ(convtime("1000000000000000000000w"), -1);
50 TEST_DONE();
51}
diff --git a/regress/unittests/match/tests.c b/regress/unittests/match/tests.c
index 7ff319c16..e1593367b 100644
--- a/regress/unittests/match/tests.c
+++ b/regress/unittests/match/tests.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tests.c,v 1.3 2016/09/21 17:03:54 djm Exp $ */ 1/* $OpenBSD: tests.c,v 1.4 2017/02/03 23:01:42 djm Exp $ */
2/* 2/*
3 * Regress test for matching functions 3 * Regress test for matching functions
4 * 4 *
@@ -103,6 +103,25 @@ tests(void)
103 /* XXX negated ASSERT_INT_EQ(addr_match_list("127.0.0.1", "!127.0.0.2,10.0.0.1"), 1); */ 103 /* XXX negated ASSERT_INT_EQ(addr_match_list("127.0.0.1", "!127.0.0.2,10.0.0.1"), 1); */
104 TEST_DONE(); 104 TEST_DONE();
105 105
106#define CHECK_FILTER(string,filter,expected) \
107 do { \
108 char *result = match_filter_list((string), (filter)); \
109 ASSERT_STRING_EQ(result, expected); \
110 free(result); \
111 } while (0)
112
113 TEST_START("match_filter_list");
114 CHECK_FILTER("a,b,c", "", "a,b,c");
115 CHECK_FILTER("a,b,c", "a", "b,c");
116 CHECK_FILTER("a,b,c", "b", "a,c");
117 CHECK_FILTER("a,b,c", "c", "a,b");
118 CHECK_FILTER("a,b,c", "a,b", "c");
119 CHECK_FILTER("a,b,c", "a,c", "b");
120 CHECK_FILTER("a,b,c", "b,c", "a");
121 CHECK_FILTER("a,b,c", "a,b,c", "");
122 CHECK_FILTER("a,b,c", "b,c", "a");
123 CHECK_FILTER("", "a,b,c", "");
124 TEST_DONE();
106/* 125/*
107 * XXX TODO 126 * XXX TODO
108 * int match_host_and_ip(const char *, const char *, const char *); 127 * int match_host_and_ip(const char *, const char *, const char *);
diff --git a/regress/unittests/test_helper/test_helper.c b/regress/unittests/test_helper/test_helper.c
index 26ca26b5e..f855137fb 100644
--- a/regress/unittests/test_helper/test_helper.c
+++ b/regress/unittests/test_helper/test_helper.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: test_helper.c,v 1.6 2015/03/03 20:42:49 djm Exp $ */ 1/* $OpenBSD: test_helper.c,v 1.7 2017/03/14 01:10:07 dtucker Exp $ */
2/* 2/*
3 * Copyright (c) 2011 Damien Miller <djm@mindrot.org> 3 * Copyright (c) 2011 Damien Miller <djm@mindrot.org>
4 * 4 *
@@ -442,6 +442,17 @@ assert_u_int(const char *file, int line, const char *a1, const char *a2,
442} 442}
443 443
444void 444void
445assert_long(const char *file, int line, const char *a1, const char *a2,
446 long aa1, long aa2, enum test_predicate pred)
447{
448 TEST_CHECK(aa1, aa2, pred);
449 test_header(file, line, a1, a2, "LONG", pred);
450 fprintf(stderr, "%12s = %ld / 0x%lx\n", a1, aa1, aa1);
451 fprintf(stderr, "%12s = %ld / 0x%lx\n", a2, aa2, aa2);
452 test_die();
453}
454
455void
445assert_long_long(const char *file, int line, const char *a1, const char *a2, 456assert_long_long(const char *file, int line, const char *a1, const char *a2,
446 long long aa1, long long aa2, enum test_predicate pred) 457 long long aa1, long long aa2, enum test_predicate pred)
447{ 458{
diff --git a/regress/unittests/test_helper/test_helper.h b/regress/unittests/test_helper/test_helper.h
index 1d9c66986..615b7832b 100644
--- a/regress/unittests/test_helper/test_helper.h
+++ b/regress/unittests/test_helper/test_helper.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: test_helper.h,v 1.6 2015/01/18 19:52:44 djm Exp $ */ 1/* $OpenBSD: test_helper.h,v 1.7 2017/03/14 01:10:07 dtucker Exp $ */
2/* 2/*
3 * Copyright (c) 2011 Damien Miller <djm@mindrot.org> 3 * Copyright (c) 2011 Damien Miller <djm@mindrot.org>
4 * 4 *
@@ -67,6 +67,9 @@ void assert_size_t(const char *file, int line,
67void assert_u_int(const char *file, int line, 67void assert_u_int(const char *file, int line,
68 const char *a1, const char *a2, 68 const char *a1, const char *a2,
69 u_int aa1, u_int aa2, enum test_predicate pred); 69 u_int aa1, u_int aa2, enum test_predicate pred);
70void assert_long(const char *file, int line,
71 const char *a1, const char *a2,
72 long aa1, long aa2, enum test_predicate pred);
70void assert_long_long(const char *file, int line, 73void assert_long_long(const char *file, int line,
71 const char *a1, const char *a2, 74 const char *a1, const char *a2,
72 long long aa1, long long aa2, enum test_predicate pred); 75 long long aa1, long long aa2, enum test_predicate pred);
@@ -110,6 +113,8 @@ void assert_u64(const char *file, int line,
110 assert_size_t(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_EQ) 113 assert_size_t(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_EQ)
111#define ASSERT_U_INT_EQ(a1, a2) \ 114#define ASSERT_U_INT_EQ(a1, a2) \
112 assert_u_int(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_EQ) 115 assert_u_int(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_EQ)
116#define ASSERT_LONG_EQ(a1, a2) \
117 assert_long(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_EQ)
113#define ASSERT_LONG_LONG_EQ(a1, a2) \ 118#define ASSERT_LONG_LONG_EQ(a1, a2) \
114 assert_long_long(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_EQ) 119 assert_long_long(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_EQ)
115#define ASSERT_CHAR_EQ(a1, a2) \ 120#define ASSERT_CHAR_EQ(a1, a2) \
@@ -139,6 +144,8 @@ void assert_u64(const char *file, int line,
139 assert_size_t(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_NE) 144 assert_size_t(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_NE)
140#define ASSERT_U_INT_NE(a1, a2) \ 145#define ASSERT_U_INT_NE(a1, a2) \
141 assert_u_int(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_NE) 146 assert_u_int(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_NE)
147#define ASSERT_LONG_NE(a1, a2) \
148 assert_long(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_NE)
142#define ASSERT_LONG_LONG_NE(a1, a2) \ 149#define ASSERT_LONG_LONG_NE(a1, a2) \
143 assert_long_long(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_NE) 150 assert_long_long(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_NE)
144#define ASSERT_CHAR_NE(a1, a2) \ 151#define ASSERT_CHAR_NE(a1, a2) \
@@ -166,6 +173,8 @@ void assert_u64(const char *file, int line,
166 assert_size_t(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_LT) 173 assert_size_t(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_LT)
167#define ASSERT_U_INT_LT(a1, a2) \ 174#define ASSERT_U_INT_LT(a1, a2) \
168 assert_u_int(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_LT) 175 assert_u_int(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_LT)
176#define ASSERT_LONG_LT(a1, a2) \
177 assert_long(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_LT)
169#define ASSERT_LONG_LONG_LT(a1, a2) \ 178#define ASSERT_LONG_LONG_LT(a1, a2) \
170 assert_long_long(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_LT) 179 assert_long_long(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_LT)
171#define ASSERT_CHAR_LT(a1, a2) \ 180#define ASSERT_CHAR_LT(a1, a2) \
@@ -193,6 +202,8 @@ void assert_u64(const char *file, int line,
193 assert_size_t(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_LE) 202 assert_size_t(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_LE)
194#define ASSERT_U_INT_LE(a1, a2) \ 203#define ASSERT_U_INT_LE(a1, a2) \
195 assert_u_int(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_LE) 204 assert_u_int(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_LE)
205#define ASSERT_LONG_LE(a1, a2) \
206 assert_long(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_LE)
196#define ASSERT_LONG_LONG_LE(a1, a2) \ 207#define ASSERT_LONG_LONG_LE(a1, a2) \
197 assert_long_long(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_LE) 208 assert_long_long(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_LE)
198#define ASSERT_CHAR_LE(a1, a2) \ 209#define ASSERT_CHAR_LE(a1, a2) \
@@ -220,6 +231,8 @@ void assert_u64(const char *file, int line,
220 assert_size_t(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_GT) 231 assert_size_t(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_GT)
221#define ASSERT_U_INT_GT(a1, a2) \ 232#define ASSERT_U_INT_GT(a1, a2) \
222 assert_u_int(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_GT) 233 assert_u_int(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_GT)
234#define ASSERT_LONG_GT(a1, a2) \
235 assert_long(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_GT)
223#define ASSERT_LONG_LONG_GT(a1, a2) \ 236#define ASSERT_LONG_LONG_GT(a1, a2) \
224 assert_long_long(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_GT) 237 assert_long_long(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_GT)
225#define ASSERT_CHAR_GT(a1, a2) \ 238#define ASSERT_CHAR_GT(a1, a2) \
@@ -247,6 +260,8 @@ void assert_u64(const char *file, int line,
247 assert_size_t(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_GE) 260 assert_size_t(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_GE)
248#define ASSERT_U_INT_GE(a1, a2) \ 261#define ASSERT_U_INT_GE(a1, a2) \
249 assert_u_int(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_GE) 262 assert_u_int(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_GE)
263#define ASSERT_LONG_GE(a1, a2) \
264 assert_long(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_GE)
250#define ASSERT_LONG_LONG_GE(a1, a2) \ 265#define ASSERT_LONG_LONG_GE(a1, a2) \
251 assert_long_long(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_GE) 266 assert_long_long(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_GE)
252#define ASSERT_CHAR_GE(a1, a2) \ 267#define ASSERT_CHAR_GE(a1, a2) \
diff --git a/regress/unittests/utf8/tests.c b/regress/unittests/utf8/tests.c
index 31f9fe9c3..f0bbca509 100644
--- a/regress/unittests/utf8/tests.c
+++ b/regress/unittests/utf8/tests.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tests.c,v 1.3 2016/12/19 04:55:18 djm Exp $ */ 1/* $OpenBSD: tests.c,v 1.4 2017/02/19 00:11:29 djm Exp $ */
2/* 2/*
3 * Regress test for the utf8.h *mprintf() API 3 * Regress test for the utf8.h *mprintf() API
4 * 4 *
@@ -15,10 +15,7 @@
15 15
16#include "utf8.h" 16#include "utf8.h"
17 17
18void badarg(void); 18static void
19void one(const char *, const char *, int, int, int, const char *);
20
21void
22badarg(void) 19badarg(void)
23{ 20{
24 char buf[16]; 21 char buf[16];
@@ -33,8 +30,8 @@ badarg(void)
33 TEST_DONE(); 30 TEST_DONE();
34} 31}
35 32
36void 33static void
37one(const char *name, const char *mbs, int width, 34one(int utf8, const char *name, const char *mbs, int width,
38 int wantwidth, int wantlen, const char *wants) 35 int wantwidth, int wantlen, const char *wants)
39{ 36{
40 char buf[16]; 37 char buf[16];
@@ -43,7 +40,7 @@ one(const char *name, const char *mbs, int width,
43 40
44 if (wantlen == -2) 41 if (wantlen == -2)
45 wantlen = strlen(wants); 42 wantlen = strlen(wants);
46 (void)strlcpy(buf, "utf8_", sizeof(buf)); 43 (void)strlcpy(buf, utf8 ? "utf8_" : "c_", sizeof(buf));
47 (void)strlcat(buf, name, sizeof(buf)); 44 (void)strlcat(buf, name, sizeof(buf));
48 TEST_START(buf); 45 TEST_START(buf);
49 wp = wantwidth == -2 ? NULL : &width; 46 wp = wantwidth == -2 ? NULL : &width;
@@ -65,19 +62,41 @@ tests(void)
65 TEST_DONE(); 62 TEST_DONE();
66 63
67 badarg(); 64 badarg();
68 one("empty", "", 2, 0, 0, ""); 65 one(1, "empty", "", 2, 0, 0, "");
69 one("ascii", "x", -2, -2, -2, "x"); 66 one(1, "ascii", "x", -2, -2, -2, "x");
70 one("newline", "a\nb", -2, -2, -2, "a\nb"); 67 one(1, "newline", "a\nb", -2, -2, -2, "a\nb");
71 one("cr", "a\rb", -2, -2, -2, "a\rb"); 68 one(1, "cr", "a\rb", -2, -2, -2, "a\rb");
72 one("tab", "a\tb", -2, -2, -2, "a\tb"); 69 one(1, "tab", "a\tb", -2, -2, -2, "a\tb");
73 one("esc", "\033x", -2, -2, -2, "\\033x"); 70 one(1, "esc", "\033x", -2, -2, -2, "\\033x");
74 one("inv_badbyte", "\377x", -2, -2, -2, "\\377x"); 71 one(1, "inv_badbyte", "\377x", -2, -2, -2, "\\377x");
75 one("inv_nocont", "\341x", -2, -2, -2, "\\341x"); 72 one(1, "inv_nocont", "\341x", -2, -2, -2, "\\341x");
76 one("inv_nolead", "a\200b", -2, -2, -2, "a\\200b"); 73 one(1, "inv_nolead", "a\200b", -2, -2, -2, "a\\200b");
77 one("sz_ascii", "1234567890123456", -2, -2, 16, "123456789012345"); 74 one(1, "sz_ascii", "1234567890123456", -2, -2, 16, "123456789012345");
78 one("sz_esc", "123456789012\033", -2, -2, 16, "123456789012"); 75 one(1, "sz_esc", "123456789012\033", -2, -2, 16, "123456789012");
79 one("width_ascii", "123", 2, 2, -1, "12"); 76 one(1, "width_ascii", "123", 2, 2, -1, "12");
80 one("width_double", "a\343\201\201", 2, 1, -1, "a"); 77 one(1, "width_double", "a\343\201\201", 2, 1, -1, "a");
81 one("double_fit", "a\343\201\201", 3, 3, 4, "a\343\201\201"); 78 one(1, "double_fit", "a\343\201\201", 3, 3, 4, "a\343\201\201");
82 one("double_spc", "a\343\201\201", 4, 3, 4, "a\343\201\201"); 79 one(1, "double_spc", "a\343\201\201", 4, 3, 4, "a\343\201\201");
80
81 TEST_START("C_setlocale");
82 loc = setlocale(LC_CTYPE, "C");
83 ASSERT_PTR_NE(loc, NULL);
84 TEST_DONE();
85
86 badarg();
87 one(0, "empty", "", 2, 0, 0, "");
88 one(0, "ascii", "x", -2, -2, -2, "x");
89 one(0, "newline", "a\nb", -2, -2, -2, "a\nb");
90 one(0, "cr", "a\rb", -2, -2, -2, "a\rb");
91 one(0, "tab", "a\tb", -2, -2, -2, "a\tb");
92 one(0, "esc", "\033x", -2, -2, -2, "\\033x");
93 one(0, "inv_badbyte", "\377x", -2, -2, -2, "\\377x");
94 one(0, "inv_nocont", "\341x", -2, -2, -2, "\\341x");
95 one(0, "inv_nolead", "a\200b", -2, -2, -2, "a\\200b");
96 one(0, "sz_ascii", "1234567890123456", -2, -2, 16, "123456789012345");
97 one(0, "sz_esc", "123456789012\033", -2, -2, 16, "123456789012");
98 one(0, "width_ascii", "123", 2, 2, -1, "12");
99 one(0, "width_double", "a\343\201\201", 2, 1, -1, "a");
100 one(0, "double_fit", "a\343\201\201", 7, 5, -1, "a\\343");
101 one(0, "double_spc", "a\343\201\201", 13, 13, 13, "a\\343\\201\\201");
83} 102}
diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
index 2e1ed2c52..3a1aedce7 100644
--- a/sandbox-seccomp-filter.c
+++ b/sandbox-seccomp-filter.c
@@ -73,19 +73,35 @@
73# define SECCOMP_FILTER_FAIL SECCOMP_RET_TRAP 73# define SECCOMP_FILTER_FAIL SECCOMP_RET_TRAP
74#endif /* SANDBOX_SECCOMP_FILTER_DEBUG */ 74#endif /* SANDBOX_SECCOMP_FILTER_DEBUG */
75 75
76#if __BYTE_ORDER == __LITTLE_ENDIAN
77# define ARG_LO_OFFSET 0
78# define ARG_HI_OFFSET sizeof(uint32_t)
79#elif __BYTE_ORDER == __BIG_ENDIAN
80# define ARG_LO_OFFSET sizeof(uint32_t)
81# define ARG_HI_OFFSET 0
82#else
83#error "Unknown endianness"
84#endif
85
76/* Simple helpers to avoid manual errors (but larger BPF programs). */ 86/* Simple helpers to avoid manual errors (but larger BPF programs). */
77#define SC_DENY(_nr, _errno) \ 87#define SC_DENY(_nr, _errno) \
78 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, __NR_ ## _nr, 0, 1), \ 88 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, (_nr), 0, 1), \
79 BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ERRNO|(_errno)) 89 BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ERRNO|(_errno))
80#define SC_ALLOW(_nr) \ 90#define SC_ALLOW(_nr) \
81 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, __NR_ ## _nr, 0, 1), \ 91 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, (_nr), 0, 1), \
82 BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW) 92 BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW)
83#define SC_ALLOW_ARG(_nr, _arg_nr, _arg_val) \ 93#define SC_ALLOW_ARG(_nr, _arg_nr, _arg_val) \
84 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, __NR_ ## _nr, 0, 4), \ 94 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, (_nr), 0, 6), \
85 /* load first syscall argument */ \ 95 /* load and test first syscall argument, low word */ \
86 BPF_STMT(BPF_LD+BPF_W+BPF_ABS, \ 96 BPF_STMT(BPF_LD+BPF_W+BPF_ABS, \
87 offsetof(struct seccomp_data, args[(_arg_nr)])), \ 97 offsetof(struct seccomp_data, args[(_arg_nr)]) + ARG_LO_OFFSET), \
88 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, (_arg_val), 0, 1), \ 98 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, \
99 ((_arg_val) & 0xFFFFFFFF), 0, 3), \
100 /* load and test first syscall argument, high word */ \
101 BPF_STMT(BPF_LD+BPF_W+BPF_ABS, \
102 offsetof(struct seccomp_data, args[(_arg_nr)]) + ARG_HI_OFFSET), \
103 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, \
104 (((uint32_t)((uint64_t)(_arg_val) >> 32)) & 0xFFFFFFFF), 0, 1), \
89 BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW), \ 105 BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW), \
90 /* reload syscall number; all rules expect it in accumulator */ \ 106 /* reload syscall number; all rules expect it in accumulator */ \
91 BPF_STMT(BPF_LD+BPF_W+BPF_ABS, \ 107 BPF_STMT(BPF_LD+BPF_W+BPF_ABS, \
@@ -104,108 +120,122 @@ static const struct sock_filter preauth_insns[] = {
104 120
105 /* Syscalls to non-fatally deny */ 121 /* Syscalls to non-fatally deny */
106#ifdef __NR_lstat 122#ifdef __NR_lstat
107 SC_DENY(lstat, EACCES), 123 SC_DENY(__NR_lstat, EACCES),
108#endif 124#endif
109#ifdef __NR_lstat64 125#ifdef __NR_lstat64
110 SC_DENY(lstat64, EACCES), 126 SC_DENY(__NR_lstat64, EACCES),
111#endif 127#endif
112#ifdef __NR_fstat 128#ifdef __NR_fstat
113 SC_DENY(fstat, EACCES), 129 SC_DENY(__NR_fstat, EACCES),
114#endif 130#endif
115#ifdef __NR_fstat64 131#ifdef __NR_fstat64
116 SC_DENY(fstat64, EACCES), 132 SC_DENY(__NR_fstat64, EACCES),
117#endif 133#endif
118#ifdef __NR_open 134#ifdef __NR_open
119 SC_DENY(open, EACCES), 135 SC_DENY(__NR_open, EACCES),
120#endif 136#endif
121#ifdef __NR_openat 137#ifdef __NR_openat
122 SC_DENY(openat, EACCES), 138 SC_DENY(__NR_openat, EACCES),
123#endif 139#endif
124#ifdef __NR_newfstatat 140#ifdef __NR_newfstatat
125 SC_DENY(newfstatat, EACCES), 141 SC_DENY(__NR_newfstatat, EACCES),
126#endif 142#endif
127#ifdef __NR_stat 143#ifdef __NR_stat
128 SC_DENY(stat, EACCES), 144 SC_DENY(__NR_stat, EACCES),
129#endif 145#endif
130#ifdef __NR_stat64 146#ifdef __NR_stat64
131 SC_DENY(stat64, EACCES), 147 SC_DENY(__NR_stat64, EACCES),
132#endif 148#endif
133 149
134 /* Syscalls to permit */ 150 /* Syscalls to permit */
135#ifdef __NR_brk 151#ifdef __NR_brk
136 SC_ALLOW(brk), 152 SC_ALLOW(__NR_brk),
137#endif 153#endif
138#ifdef __NR_clock_gettime 154#ifdef __NR_clock_gettime
139 SC_ALLOW(clock_gettime), 155 SC_ALLOW(__NR_clock_gettime),
140#endif 156#endif
141#ifdef __NR_close 157#ifdef __NR_close
142 SC_ALLOW(close), 158 SC_ALLOW(__NR_close),
143#endif 159#endif
144#ifdef __NR_exit 160#ifdef __NR_exit
145 SC_ALLOW(exit), 161 SC_ALLOW(__NR_exit),
146#endif 162#endif
147#ifdef __NR_exit_group 163#ifdef __NR_exit_group
148 SC_ALLOW(exit_group), 164 SC_ALLOW(__NR_exit_group),
149#endif 165#endif
150#ifdef __NR_getpgid 166#ifdef __NR_getpgid
151 SC_ALLOW(getpgid), 167 SC_ALLOW(__NR_getpgid),
152#endif 168#endif
153#ifdef __NR_getpid 169#ifdef __NR_getpid
154 SC_ALLOW(getpid), 170 SC_ALLOW(__NR_getpid),
155#endif 171#endif
156#ifdef __NR_getrandom 172#ifdef __NR_getrandom
157 SC_ALLOW(getrandom), 173 SC_ALLOW(__NR_getrandom),
158#endif 174#endif
159#ifdef __NR_gettimeofday 175#ifdef __NR_gettimeofday
160 SC_ALLOW(gettimeofday), 176 SC_ALLOW(__NR_gettimeofday),
161#endif 177#endif
162#ifdef __NR_madvise 178#ifdef __NR_madvise
163 SC_ALLOW(madvise), 179 SC_ALLOW(__NR_madvise),
164#endif 180#endif
165#ifdef __NR_mmap 181#ifdef __NR_mmap
166 SC_ALLOW(mmap), 182 SC_ALLOW(__NR_mmap),
167#endif 183#endif
168#ifdef __NR_mmap2 184#ifdef __NR_mmap2
169 SC_ALLOW(mmap2), 185 SC_ALLOW(__NR_mmap2),
170#endif 186#endif
171#ifdef __NR_mremap 187#ifdef __NR_mremap
172 SC_ALLOW(mremap), 188 SC_ALLOW(__NR_mremap),
173#endif 189#endif
174#ifdef __NR_munmap 190#ifdef __NR_munmap
175 SC_ALLOW(munmap), 191 SC_ALLOW(__NR_munmap),
176#endif 192#endif
177#ifdef __NR__newselect 193#ifdef __NR__newselect
178 SC_ALLOW(_newselect), 194 SC_ALLOW(__NR__newselect),
179#endif 195#endif
180#ifdef __NR_poll 196#ifdef __NR_poll
181 SC_ALLOW(poll), 197 SC_ALLOW(__NR_poll),
182#endif 198#endif
183#ifdef __NR_pselect6 199#ifdef __NR_pselect6
184 SC_ALLOW(pselect6), 200 SC_ALLOW(__NR_pselect6),
185#endif 201#endif
186#ifdef __NR_read 202#ifdef __NR_read
187 SC_ALLOW(read), 203 SC_ALLOW(__NR_read),
188#endif 204#endif
189#ifdef __NR_rt_sigprocmask 205#ifdef __NR_rt_sigprocmask
190 SC_ALLOW(rt_sigprocmask), 206 SC_ALLOW(__NR_rt_sigprocmask),
191#endif 207#endif
192#ifdef __NR_select 208#ifdef __NR_select
193 SC_ALLOW(select), 209 SC_ALLOW(__NR_select),
194#endif 210#endif
195#ifdef __NR_shutdown 211#ifdef __NR_shutdown
196 SC_ALLOW(shutdown), 212 SC_ALLOW(__NR_shutdown),
197#endif 213#endif
198#ifdef __NR_sigprocmask 214#ifdef __NR_sigprocmask
199 SC_ALLOW(sigprocmask), 215 SC_ALLOW(__NR_sigprocmask),
200#endif 216#endif
201#ifdef __NR_time 217#ifdef __NR_time
202 SC_ALLOW(time), 218 SC_ALLOW(__NR_time),
203#endif 219#endif
204#ifdef __NR_write 220#ifdef __NR_write
205 SC_ALLOW(write), 221 SC_ALLOW(__NR_write),
206#endif 222#endif
207#ifdef __NR_socketcall 223#ifdef __NR_socketcall
208 SC_ALLOW_ARG(socketcall, 0, SYS_SHUTDOWN), 224 SC_ALLOW_ARG(__NR_socketcall, 0, SYS_SHUTDOWN),
225#endif
226#if defined(__NR_ioctl) && defined(__s390__)
227 /* Allow ioctls for ICA crypto card on s390 */
228 SC_ALLOW_ARG(__NR_ioctl, 1, Z90STAT_STATUS_MASK),
229 SC_ALLOW_ARG(__NR_ioctl, 1, ICARSAMODEXPO),
230 SC_ALLOW_ARG(__NR_ioctl, 1, ICARSACRT),
231#endif
232#if defined(__x86_64__) && defined(__ILP32__) && defined(__X32_SYSCALL_BIT)
233 /*
234 * On Linux x32, the clock_gettime VDSO falls back to the
235 * x86-64 syscall under some circumstances, e.g.
236 * https://bugs.debian.org/849923
237 */
238 SC_ALLOW(__NR_clock_gettime & ~__X32_SYSCALL_BIT);
209#endif 239#endif
210 240
211 /* Default deny */ 241 /* Default deny */
diff --git a/servconf.c b/servconf.c
index 795ddbab7..56b831652 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1,5 +1,5 @@
1 1
2/* $OpenBSD: servconf.c,v 1.301 2016/11/30 03:00:05 djm Exp $ */ 2/* $OpenBSD: servconf.c,v 1.306 2017/03/14 07:19:07 djm Exp $ */
3/* 3/*
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5 * All rights reserved 5 * All rights reserved
@@ -270,7 +270,7 @@ fill_default_server_options(ServerOptions *options)
270 if (options->gss_cleanup_creds == -1) 270 if (options->gss_cleanup_creds == -1)
271 options->gss_cleanup_creds = 1; 271 options->gss_cleanup_creds = 1;
272 if (options->gss_strict_acceptor == -1) 272 if (options->gss_strict_acceptor == -1)
273 options->gss_strict_acceptor = 0; 273 options->gss_strict_acceptor = 1;
274 if (options->password_authentication == -1) 274 if (options->password_authentication == -1)
275 options->password_authentication = 1; 275 options->password_authentication = 1;
276 if (options->kbd_interactive_authentication == -1) 276 if (options->kbd_interactive_authentication == -1)
@@ -535,7 +535,7 @@ static struct {
535 { "clientalivecountmax", sClientAliveCountMax, SSHCFG_ALL }, 535 { "clientalivecountmax", sClientAliveCountMax, SSHCFG_ALL },
536 { "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_ALL }, 536 { "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_ALL },
537 { "authorizedkeysfile2", sDeprecated, SSHCFG_ALL }, 537 { "authorizedkeysfile2", sDeprecated, SSHCFG_ALL },
538 { "useprivilegeseparation", sUsePrivilegeSeparation, SSHCFG_GLOBAL}, 538 { "useprivilegeseparation", sDeprecated, SSHCFG_GLOBAL},
539 { "acceptenv", sAcceptEnv, SSHCFG_ALL }, 539 { "acceptenv", sAcceptEnv, SSHCFG_ALL },
540 { "permittunnel", sPermitTunnel, SSHCFG_ALL }, 540 { "permittunnel", sPermitTunnel, SSHCFG_ALL },
541 { "permittty", sPermitTTY, SSHCFG_ALL }, 541 { "permittty", sPermitTTY, SSHCFG_ALL },
@@ -966,6 +966,15 @@ process_server_config_line(ServerOptions *options, char *line,
966 long long val64; 966 long long val64;
967 const struct multistate *multistate_ptr; 967 const struct multistate *multistate_ptr;
968 968
969 /* Strip trailing whitespace. Allow \f (form feed) at EOL only */
970 if ((len = strlen(line)) == 0)
971 return 0;
972 for (len--; len > 0; len--) {
973 if (strchr(WHITESPACE "\f", line[len]) == NULL)
974 break;
975 line[len] = '\0';
976 }
977
969 cp = line; 978 cp = line;
970 if ((arg = strdelim(&cp)) == NULL) 979 if ((arg = strdelim(&cp)) == NULL)
971 return 0; 980 return 0;
@@ -1168,7 +1177,8 @@ process_server_config_line(ServerOptions *options, char *line,
1168 if (!arg || *arg == '\0') 1177 if (!arg || *arg == '\0')
1169 fatal("%s line %d: Missing argument.", 1178 fatal("%s line %d: Missing argument.",
1170 filename, linenum); 1179 filename, linenum);
1171 if (!sshkey_names_valid2(*arg == '+' ? arg + 1 : arg, 1)) 1180 if (*arg != '-' &&
1181 !sshkey_names_valid2(*arg == '+' ? arg + 1 : arg, 1))
1172 fatal("%s line %d: Bad key types '%s'.", 1182 fatal("%s line %d: Bad key types '%s'.",
1173 filename, linenum, arg ? arg : "<NONE>"); 1183 filename, linenum, arg ? arg : "<NONE>");
1174 if (*activep && *charptr == NULL) 1184 if (*activep && *charptr == NULL)
@@ -1364,11 +1374,6 @@ process_server_config_line(ServerOptions *options, char *line,
1364 intptr = &options->disable_forwarding; 1374 intptr = &options->disable_forwarding;
1365 goto parse_flag; 1375 goto parse_flag;
1366 1376
1367 case sUsePrivilegeSeparation:
1368 intptr = &use_privsep;
1369 multistate_ptr = multistate_privsep;
1370 goto parse_multistate;
1371
1372 case sAllowUsers: 1377 case sAllowUsers:
1373 while ((arg = strdelim(&cp)) && *arg != '\0') { 1378 while ((arg = strdelim(&cp)) && *arg != '\0') {
1374 if (options->num_allow_users >= MAX_ALLOW_USERS) 1379 if (options->num_allow_users >= MAX_ALLOW_USERS)
@@ -1427,7 +1432,7 @@ process_server_config_line(ServerOptions *options, char *line,
1427 arg = strdelim(&cp); 1432 arg = strdelim(&cp);
1428 if (!arg || *arg == '\0') 1433 if (!arg || *arg == '\0')
1429 fatal("%s line %d: Missing argument.", filename, linenum); 1434 fatal("%s line %d: Missing argument.", filename, linenum);
1430 if (!ciphers_valid(*arg == '+' ? arg + 1 : arg)) 1435 if (*arg != '-' && !ciphers_valid(*arg == '+' ? arg + 1 : arg))
1431 fatal("%s line %d: Bad SSH2 cipher spec '%s'.", 1436 fatal("%s line %d: Bad SSH2 cipher spec '%s'.",
1432 filename, linenum, arg ? arg : "<NONE>"); 1437 filename, linenum, arg ? arg : "<NONE>");
1433 if (options->ciphers == NULL) 1438 if (options->ciphers == NULL)
@@ -1438,7 +1443,7 @@ process_server_config_line(ServerOptions *options, char *line,
1438 arg = strdelim(&cp); 1443 arg = strdelim(&cp);
1439 if (!arg || *arg == '\0') 1444 if (!arg || *arg == '\0')
1440 fatal("%s line %d: Missing argument.", filename, linenum); 1445 fatal("%s line %d: Missing argument.", filename, linenum);
1441 if (!mac_valid(*arg == '+' ? arg + 1 : arg)) 1446 if (*arg != '-' && !mac_valid(*arg == '+' ? arg + 1 : arg))
1442 fatal("%s line %d: Bad SSH2 mac spec '%s'.", 1447 fatal("%s line %d: Bad SSH2 mac spec '%s'.",
1443 filename, linenum, arg ? arg : "<NONE>"); 1448 filename, linenum, arg ? arg : "<NONE>");
1444 if (options->macs == NULL) 1449 if (options->macs == NULL)
@@ -1450,7 +1455,8 @@ process_server_config_line(ServerOptions *options, char *line,
1450 if (!arg || *arg == '\0') 1455 if (!arg || *arg == '\0')
1451 fatal("%s line %d: Missing argument.", 1456 fatal("%s line %d: Missing argument.",
1452 filename, linenum); 1457 filename, linenum);
1453 if (!kex_names_valid(*arg == '+' ? arg + 1 : arg)) 1458 if (*arg != '-' &&
1459 !kex_names_valid(*arg == '+' ? arg + 1 : arg))
1454 fatal("%s line %d: Bad SSH2 KexAlgorithms '%s'.", 1460 fatal("%s line %d: Bad SSH2 KexAlgorithms '%s'.",
1455 filename, linenum, arg ? arg : "<NONE>"); 1461 filename, linenum, arg ? arg : "<NONE>");
1456 if (options->kex_algorithms == NULL) 1462 if (options->kex_algorithms == NULL)
@@ -2096,8 +2102,6 @@ fmt_intarg(ServerOpCodes code, int val)
2096 return fmt_multistate_int(val, multistate_gatewayports); 2102 return fmt_multistate_int(val, multistate_gatewayports);
2097 case sCompression: 2103 case sCompression:
2098 return fmt_multistate_int(val, multistate_compression); 2104 return fmt_multistate_int(val, multistate_compression);
2099 case sUsePrivilegeSeparation:
2100 return fmt_multistate_int(val, multistate_privsep);
2101 case sAllowTcpForwarding: 2105 case sAllowTcpForwarding:
2102 return fmt_multistate_int(val, multistate_tcpfwd); 2106 return fmt_multistate_int(val, multistate_tcpfwd);
2103 case sAllowStreamLocalForwarding: 2107 case sAllowStreamLocalForwarding:
@@ -2148,8 +2152,6 @@ dump_cfg_fmtint(ServerOpCodes code, int val)
2148static void 2152static void
2149dump_cfg_string(ServerOpCodes code, const char *val) 2153dump_cfg_string(ServerOpCodes code, const char *val)
2150{ 2154{
2151 if (val == NULL)
2152 return;
2153 printf("%s %s\n", lookup_opcode_name(code), 2155 printf("%s %s\n", lookup_opcode_name(code),
2154 val == NULL ? "none" : val); 2156 val == NULL ? "none" : val);
2155} 2157}
@@ -2275,7 +2277,6 @@ dump_config(ServerOptions *o)
2275 dump_cfg_fmtint(sDisableForwarding, o->disable_forwarding); 2277 dump_cfg_fmtint(sDisableForwarding, o->disable_forwarding);
2276 dump_cfg_fmtint(sAllowStreamLocalForwarding, o->allow_streamlocal_forwarding); 2278 dump_cfg_fmtint(sAllowStreamLocalForwarding, o->allow_streamlocal_forwarding);
2277 dump_cfg_fmtint(sStreamLocalBindUnlink, o->fwd_opts.streamlocal_bind_unlink); 2279 dump_cfg_fmtint(sStreamLocalBindUnlink, o->fwd_opts.streamlocal_bind_unlink);
2278 dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep);
2279 dump_cfg_fmtint(sFingerprintHash, o->fingerprint_hash); 2280 dump_cfg_fmtint(sFingerprintHash, o->fingerprint_hash);
2280 2281
2281 /* string arguments */ 2282 /* string arguments */
diff --git a/serverloop.c b/serverloop.c
index c4e4699da..2976f5594 100644
--- a/serverloop.c
+++ b/serverloop.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: serverloop.c,v 1.189 2016/12/14 00:36:34 djm Exp $ */ 1/* $OpenBSD: serverloop.c,v 1.191 2017/02/01 02:59:09 dtucker Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -430,7 +430,7 @@ server_input_keep_alive(int type, u_int32_t seq, void *ctxt)
430} 430}
431 431
432static Channel * 432static Channel *
433server_request_direct_tcpip(void) 433server_request_direct_tcpip(int *reason, const char **errmsg)
434{ 434{
435 Channel *c = NULL; 435 Channel *c = NULL;
436 char *target, *originator; 436 char *target, *originator;
@@ -449,11 +449,13 @@ server_request_direct_tcpip(void)
449 if ((options.allow_tcp_forwarding & FORWARD_LOCAL) != 0 && 449 if ((options.allow_tcp_forwarding & FORWARD_LOCAL) != 0 &&
450 !no_port_forwarding_flag && !options.disable_forwarding) { 450 !no_port_forwarding_flag && !options.disable_forwarding) {
451 c = channel_connect_to_port(target, target_port, 451 c = channel_connect_to_port(target, target_port,
452 "direct-tcpip", "direct-tcpip"); 452 "direct-tcpip", "direct-tcpip", reason, errmsg);
453 } else { 453 } else {
454 logit("refused local port forward: " 454 logit("refused local port forward: "
455 "originator %s port %d, target %s port %d", 455 "originator %s port %d, target %s port %d",
456 originator, originator_port, target, target_port); 456 originator, originator_port, target, target_port);
457 if (reason != NULL)
458 *reason = SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED;
457 } 459 }
458 460
459 free(originator); 461 free(originator);
@@ -468,6 +470,10 @@ server_request_direct_streamlocal(void)
468 Channel *c = NULL; 470 Channel *c = NULL;
469 char *target, *originator; 471 char *target, *originator;
470 u_short originator_port; 472 u_short originator_port;
473 struct passwd *pw = the_authctxt->pw;
474
475 if (pw == NULL || !the_authctxt->valid)
476 fatal("server_input_global_request: no/invalid user");
471 477
472 target = packet_get_string(NULL); 478 target = packet_get_string(NULL);
473 originator = packet_get_string(NULL); 479 originator = packet_get_string(NULL);
@@ -480,7 +486,7 @@ server_request_direct_streamlocal(void)
480 /* XXX fine grained permissions */ 486 /* XXX fine grained permissions */
481 if ((options.allow_streamlocal_forwarding & FORWARD_LOCAL) != 0 && 487 if ((options.allow_streamlocal_forwarding & FORWARD_LOCAL) != 0 &&
482 !no_port_forwarding_flag && !options.disable_forwarding && 488 !no_port_forwarding_flag && !options.disable_forwarding &&
483 use_privsep) { 489 (pw->pw_uid == 0 || use_privsep)) {
484 c = channel_connect_to_path(target, 490 c = channel_connect_to_path(target,
485 "direct-streamlocal@openssh.com", "direct-streamlocal"); 491 "direct-streamlocal@openssh.com", "direct-streamlocal");
486 } else { 492 } else {
@@ -577,7 +583,8 @@ server_input_channel_open(int type, u_int32_t seq, void *ctxt)
577{ 583{
578 Channel *c = NULL; 584 Channel *c = NULL;
579 char *ctype; 585 char *ctype;
580 int rchan; 586 const char *errmsg = NULL;
587 int rchan, reason = SSH2_OPEN_CONNECT_FAILED;
581 u_int rmaxpack, rwindow, len; 588 u_int rmaxpack, rwindow, len;
582 589
583 ctype = packet_get_string(&len); 590 ctype = packet_get_string(&len);
@@ -591,7 +598,7 @@ server_input_channel_open(int type, u_int32_t seq, void *ctxt)
591 if (strcmp(ctype, "session") == 0) { 598 if (strcmp(ctype, "session") == 0) {
592 c = server_request_session(); 599 c = server_request_session();
593 } else if (strcmp(ctype, "direct-tcpip") == 0) { 600 } else if (strcmp(ctype, "direct-tcpip") == 0) {
594 c = server_request_direct_tcpip(); 601 c = server_request_direct_tcpip(&reason, &errmsg);
595 } else if (strcmp(ctype, "direct-streamlocal@openssh.com") == 0) { 602 } else if (strcmp(ctype, "direct-streamlocal@openssh.com") == 0) {
596 c = server_request_direct_streamlocal(); 603 c = server_request_direct_streamlocal();
597 } else if (strcmp(ctype, "tun@openssh.com") == 0) { 604 } else if (strcmp(ctype, "tun@openssh.com") == 0) {
@@ -614,9 +621,9 @@ server_input_channel_open(int type, u_int32_t seq, void *ctxt)
614 debug("server_input_channel_open: failure %s", ctype); 621 debug("server_input_channel_open: failure %s", ctype);
615 packet_start(SSH2_MSG_CHANNEL_OPEN_FAILURE); 622 packet_start(SSH2_MSG_CHANNEL_OPEN_FAILURE);
616 packet_put_int(rchan); 623 packet_put_int(rchan);
617 packet_put_int(SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED); 624 packet_put_int(reason);
618 if (!(datafellows & SSH_BUG_OPENFAILURE)) { 625 if (!(datafellows & SSH_BUG_OPENFAILURE)) {
619 packet_put_cstring("open failed"); 626 packet_put_cstring(errmsg ? errmsg : "open failed");
620 packet_put_cstring(""); 627 packet_put_cstring("");
621 } 628 }
622 packet_send(); 629 packet_send();
@@ -702,6 +709,10 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt)
702 int want_reply; 709 int want_reply;
703 int r, success = 0, allocated_listen_port = 0; 710 int r, success = 0, allocated_listen_port = 0;
704 struct sshbuf *resp = NULL; 711 struct sshbuf *resp = NULL;
712 struct passwd *pw = the_authctxt->pw;
713
714 if (pw == NULL || !the_authctxt->valid)
715 fatal("server_input_global_request: no/invalid user");
705 716
706 rtype = packet_get_string(NULL); 717 rtype = packet_get_string(NULL);
707 want_reply = packet_get_char(); 718 want_reply = packet_get_char();
@@ -709,12 +720,8 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt)
709 720
710 /* -R style forwarding */ 721 /* -R style forwarding */
711 if (strcmp(rtype, "tcpip-forward") == 0) { 722 if (strcmp(rtype, "tcpip-forward") == 0) {
712 struct passwd *pw;
713 struct Forward fwd; 723 struct Forward fwd;
714 724
715 pw = the_authctxt->pw;
716 if (pw == NULL || !the_authctxt->valid)
717 fatal("server_input_global_request: no/invalid user");
718 memset(&fwd, 0, sizeof(fwd)); 725 memset(&fwd, 0, sizeof(fwd));
719 fwd.listen_host = packet_get_string(NULL); 726 fwd.listen_host = packet_get_string(NULL);
720 fwd.listen_port = (u_short)packet_get_int(); 727 fwd.listen_port = (u_short)packet_get_int();
@@ -762,9 +769,10 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt)
762 /* check permissions */ 769 /* check permissions */
763 if ((options.allow_streamlocal_forwarding & FORWARD_REMOTE) == 0 770 if ((options.allow_streamlocal_forwarding & FORWARD_REMOTE) == 0
764 || no_port_forwarding_flag || options.disable_forwarding || 771 || no_port_forwarding_flag || options.disable_forwarding ||
765 !use_privsep) { 772 (pw->pw_uid != 0 && !use_privsep)) {
766 success = 0; 773 success = 0;
767 packet_send_debug("Server has disabled port forwarding."); 774 packet_send_debug("Server has disabled "
775 "streamlocal forwarding.");
768 } else { 776 } else {
769 /* Start listening on the socket */ 777 /* Start listening on the socket */
770 success = channel_setup_remote_fwd_listener( 778 success = channel_setup_remote_fwd_listener(
diff --git a/sftp-client.c b/sftp-client.c
index e65c15c8f..a6e832270 100644
--- a/sftp-client.c
+++ b/sftp-client.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sftp-client.c,v 1.125 2016/09/12 01:22:38 deraadt Exp $ */ 1/* $OpenBSD: sftp-client.c,v 1.126 2017/01/03 05:46:51 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org> 3 * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
4 * 4 *
@@ -67,6 +67,13 @@ extern int showprogress;
67/* Maximum depth to descend in directory trees */ 67/* Maximum depth to descend in directory trees */
68#define MAX_DIR_DEPTH 64 68#define MAX_DIR_DEPTH 64
69 69
70/* Directory separator characters */
71#ifdef HAVE_CYGWIN
72# define SFTP_DIRECTORY_CHARS "/\\"
73#else /* HAVE_CYGWIN */
74# define SFTP_DIRECTORY_CHARS "/"
75#endif /* HAVE_CYGWIN */
76
70struct sftp_conn { 77struct sftp_conn {
71 int fd_in; 78 int fd_in;
72 int fd_out; 79 int fd_out;
@@ -587,6 +594,8 @@ do_lsreaddir(struct sftp_conn *conn, const char *path, int print_flag,
587 594
588 if ((r = sshbuf_get_u32(msg, &count)) != 0) 595 if ((r = sshbuf_get_u32(msg, &count)) != 0)
589 fatal("%s: buffer error: %s", __func__, ssh_err(r)); 596 fatal("%s: buffer error: %s", __func__, ssh_err(r));
597 if (count > SSHBUF_SIZE_MAX)
598 fatal("%s: nonsensical number of entries", __func__);
590 if (count == 0) 599 if (count == 0)
591 break; 600 break;
592 debug3("Received %d SSH2_FXP_NAME responses", count); 601 debug3("Received %d SSH2_FXP_NAME responses", count);
@@ -617,7 +626,7 @@ do_lsreaddir(struct sftp_conn *conn, const char *path, int print_flag,
617 * These can be used to attack recursive ops 626 * These can be used to attack recursive ops
618 * (e.g. send '../../../../etc/passwd') 627 * (e.g. send '../../../../etc/passwd')
619 */ 628 */
620 if (strchr(filename, '/') != NULL) { 629 if (strpbrk(filename, SFTP_DIRECTORY_CHARS) != NULL) {
621 error("Server sent suspect path \"%s\" " 630 error("Server sent suspect path \"%s\" "
622 "during readdir of \"%s\"", filename, path); 631 "during readdir of \"%s\"", filename, path);
623 } else if (dir) { 632 } else if (dir) {
diff --git a/sftp.c b/sftp.c
index 2b8fdabfb..76add3908 100644
--- a/sftp.c
+++ b/sftp.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sftp.c,v 1.177 2016/10/18 12:41:22 millert Exp $ */ 1/* $OpenBSD: sftp.c,v 1.178 2017/02/15 01:46:47 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org> 3 * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
4 * 4 *
@@ -969,23 +969,34 @@ static int
969do_df(struct sftp_conn *conn, const char *path, int hflag, int iflag) 969do_df(struct sftp_conn *conn, const char *path, int hflag, int iflag)
970{ 970{
971 struct sftp_statvfs st; 971 struct sftp_statvfs st;
972 char s_used[FMT_SCALED_STRSIZE]; 972 char s_used[FMT_SCALED_STRSIZE], s_avail[FMT_SCALED_STRSIZE];
973 char s_avail[FMT_SCALED_STRSIZE]; 973 char s_root[FMT_SCALED_STRSIZE], s_total[FMT_SCALED_STRSIZE];
974 char s_root[FMT_SCALED_STRSIZE]; 974 char s_icapacity[16], s_dcapacity[16];
975 char s_total[FMT_SCALED_STRSIZE];
976 unsigned long long ffree;
977 975
978 if (do_statvfs(conn, path, &st, 1) == -1) 976 if (do_statvfs(conn, path, &st, 1) == -1)
979 return -1; 977 return -1;
978 if (st.f_files == 0)
979 strlcpy(s_icapacity, "ERR", sizeof(s_icapacity));
980 else {
981 snprintf(s_icapacity, sizeof(s_icapacity), "%3llu%%",
982 (unsigned long long)(100 * (st.f_files - st.f_ffree) /
983 st.f_files));
984 }
985 if (st.f_blocks == 0)
986 strlcpy(s_dcapacity, "ERR", sizeof(s_dcapacity));
987 else {
988 snprintf(s_dcapacity, sizeof(s_dcapacity), "%3llu%%",
989 (unsigned long long)(100 * (st.f_blocks - st.f_bfree) /
990 st.f_blocks));
991 }
980 if (iflag) { 992 if (iflag) {
981 ffree = st.f_files ? (100 * (st.f_files - st.f_ffree) / st.f_files) : 0;
982 printf(" Inodes Used Avail " 993 printf(" Inodes Used Avail "
983 "(root) %%Capacity\n"); 994 "(root) %%Capacity\n");
984 printf("%11llu %11llu %11llu %11llu %3llu%%\n", 995 printf("%11llu %11llu %11llu %11llu %s\n",
985 (unsigned long long)st.f_files, 996 (unsigned long long)st.f_files,
986 (unsigned long long)(st.f_files - st.f_ffree), 997 (unsigned long long)(st.f_files - st.f_ffree),
987 (unsigned long long)st.f_favail, 998 (unsigned long long)st.f_favail,
988 (unsigned long long)st.f_ffree, ffree); 999 (unsigned long long)st.f_ffree, s_icapacity);
989 } else if (hflag) { 1000 } else if (hflag) {
990 strlcpy(s_used, "error", sizeof(s_used)); 1001 strlcpy(s_used, "error", sizeof(s_used));
991 strlcpy(s_avail, "error", sizeof(s_avail)); 1002 strlcpy(s_avail, "error", sizeof(s_avail));
@@ -996,21 +1007,18 @@ do_df(struct sftp_conn *conn, const char *path, int hflag, int iflag)
996 fmt_scaled(st.f_bfree * st.f_frsize, s_root); 1007 fmt_scaled(st.f_bfree * st.f_frsize, s_root);
997 fmt_scaled(st.f_blocks * st.f_frsize, s_total); 1008 fmt_scaled(st.f_blocks * st.f_frsize, s_total);
998 printf(" Size Used Avail (root) %%Capacity\n"); 1009 printf(" Size Used Avail (root) %%Capacity\n");
999 printf("%7sB %7sB %7sB %7sB %3llu%%\n", 1010 printf("%7sB %7sB %7sB %7sB %s\n",
1000 s_total, s_used, s_avail, s_root, 1011 s_total, s_used, s_avail, s_root, s_dcapacity);
1001 (unsigned long long)(100 * (st.f_blocks - st.f_bfree) /
1002 st.f_blocks));
1003 } else { 1012 } else {
1004 printf(" Size Used Avail " 1013 printf(" Size Used Avail "
1005 "(root) %%Capacity\n"); 1014 "(root) %%Capacity\n");
1006 printf("%12llu %12llu %12llu %12llu %3llu%%\n", 1015 printf("%12llu %12llu %12llu %12llu %s\n",
1007 (unsigned long long)(st.f_frsize * st.f_blocks / 1024), 1016 (unsigned long long)(st.f_frsize * st.f_blocks / 1024),
1008 (unsigned long long)(st.f_frsize * 1017 (unsigned long long)(st.f_frsize *
1009 (st.f_blocks - st.f_bfree) / 1024), 1018 (st.f_blocks - st.f_bfree) / 1024),
1010 (unsigned long long)(st.f_frsize * st.f_bavail / 1024), 1019 (unsigned long long)(st.f_frsize * st.f_bavail / 1024),
1011 (unsigned long long)(st.f_frsize * st.f_bfree / 1024), 1020 (unsigned long long)(st.f_frsize * st.f_bfree / 1024),
1012 (unsigned long long)(100 * (st.f_blocks - st.f_bfree) / 1021 s_dcapacity);
1013 st.f_blocks));
1014 } 1022 }
1015 return 0; 1023 return 0;
1016} 1024}
diff --git a/ssh-agent.c b/ssh-agent.c
index 395213553..b987562b9 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-agent.c,v 1.215 2016/11/30 03:07:37 djm Exp $ */ 1/* $OpenBSD: ssh-agent.c,v 1.218 2017/03/15 03:52:30 deraadt Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -89,7 +89,7 @@
89#endif 89#endif
90 90
91#ifndef DEFAULT_PKCS11_WHITELIST 91#ifndef DEFAULT_PKCS11_WHITELIST
92# define DEFAULT_PKCS11_WHITELIST "/usr/lib/*,/usr/local/lib/*" 92# define DEFAULT_PKCS11_WHITELIST "/usr/lib*/*,/usr/local/lib*/*"
93#endif 93#endif
94 94
95typedef enum { 95typedef enum {
@@ -821,7 +821,7 @@ send:
821static void 821static void
822process_remove_smartcard_key(SocketEntry *e) 822process_remove_smartcard_key(SocketEntry *e)
823{ 823{
824 char *provider = NULL, *pin = NULL; 824 char *provider = NULL, *pin = NULL, canonical_provider[PATH_MAX];
825 int r, version, success = 0; 825 int r, version, success = 0;
826 Identity *id, *nxt; 826 Identity *id, *nxt;
827 Idtab *tab; 827 Idtab *tab;
@@ -831,6 +831,13 @@ process_remove_smartcard_key(SocketEntry *e)
831 fatal("%s: buffer error: %s", __func__, ssh_err(r)); 831 fatal("%s: buffer error: %s", __func__, ssh_err(r));
832 free(pin); 832 free(pin);
833 833
834 if (realpath(provider, canonical_provider) == NULL) {
835 verbose("failed PKCS#11 add of \"%.100s\": realpath: %s",
836 provider, strerror(errno));
837 goto send;
838 }
839
840 debug("%s: remove %.100s", __func__, canonical_provider);
834 for (version = 1; version < 3; version++) { 841 for (version = 1; version < 3; version++) {
835 tab = idtab_lookup(version); 842 tab = idtab_lookup(version);
836 for (id = TAILQ_FIRST(&tab->idlist); id; id = nxt) { 843 for (id = TAILQ_FIRST(&tab->idlist); id; id = nxt) {
@@ -838,18 +845,19 @@ process_remove_smartcard_key(SocketEntry *e)
838 /* Skip file--based keys */ 845 /* Skip file--based keys */
839 if (id->provider == NULL) 846 if (id->provider == NULL)
840 continue; 847 continue;
841 if (!strcmp(provider, id->provider)) { 848 if (!strcmp(canonical_provider, id->provider)) {
842 TAILQ_REMOVE(&tab->idlist, id, next); 849 TAILQ_REMOVE(&tab->idlist, id, next);
843 free_identity(id); 850 free_identity(id);
844 tab->nentries--; 851 tab->nentries--;
845 } 852 }
846 } 853 }
847 } 854 }
848 if (pkcs11_del_provider(provider) == 0) 855 if (pkcs11_del_provider(canonical_provider) == 0)
849 success = 1; 856 success = 1;
850 else 857 else
851 error("process_remove_smartcard_key:" 858 error("process_remove_smartcard_key:"
852 " pkcs11_del_provider failed"); 859 " pkcs11_del_provider failed");
860send:
853 free(provider); 861 free(provider);
854 send_status(e, success); 862 send_status(e, success);
855} 863}
diff --git a/ssh-keygen.c b/ssh-keygen.c
index 2a7939bfc..f17af036b 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-keygen.c,v 1.292 2016/09/12 03:29:16 dtucker Exp $ */ 1/* $OpenBSD: ssh-keygen.c,v 1.299 2017/03/10 04:26:06 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -37,6 +37,7 @@
37#include <string.h> 37#include <string.h>
38#include <unistd.h> 38#include <unistd.h>
39#include <limits.h> 39#include <limits.h>
40#include <locale.h>
40 41
41#include "xmalloc.h" 42#include "xmalloc.h"
42#include "sshkey.h" 43#include "sshkey.h"
@@ -57,6 +58,7 @@
57#include "atomicio.h" 58#include "atomicio.h"
58#include "krl.h" 59#include "krl.h"
59#include "digest.h" 60#include "digest.h"
61#include "utf8.h"
60 62
61#ifdef WITH_OPENSSL 63#ifdef WITH_OPENSSL
62# define DEFAULT_KEY_TYPE_NAME "rsa" 64# define DEFAULT_KEY_TYPE_NAME "rsa"
@@ -843,7 +845,7 @@ fingerprint_one_key(const struct sshkey *public, const char *comment)
843 ra = sshkey_fingerprint(public, fingerprint_hash, SSH_FP_RANDOMART); 845 ra = sshkey_fingerprint(public, fingerprint_hash, SSH_FP_RANDOMART);
844 if (fp == NULL || ra == NULL) 846 if (fp == NULL || ra == NULL)
845 fatal("%s: sshkey_fingerprint failed", __func__); 847 fatal("%s: sshkey_fingerprint failed", __func__);
846 printf("%u %s %s (%s)\n", sshkey_size(public), fp, 848 mprintf("%u %s %s (%s)\n", sshkey_size(public), fp,
847 comment ? comment : "no comment", sshkey_type(public)); 849 comment ? comment : "no comment", sshkey_type(public));
848 if (log_level >= SYSLOG_LEVEL_VERBOSE) 850 if (log_level >= SYSLOG_LEVEL_VERBOSE)
849 printf("%s\n", ra); 851 printf("%s\n", ra);
@@ -1082,6 +1084,7 @@ known_hosts_hash(struct hostkey_foreach_line *l, void *_ctx)
1082 struct known_hosts_ctx *ctx = (struct known_hosts_ctx *)_ctx; 1084 struct known_hosts_ctx *ctx = (struct known_hosts_ctx *)_ctx;
1083 char *hashed, *cp, *hosts, *ohosts; 1085 char *hashed, *cp, *hosts, *ohosts;
1084 int has_wild = l->hosts && strcspn(l->hosts, "*?!") != strlen(l->hosts); 1086 int has_wild = l->hosts && strcspn(l->hosts, "*?!") != strlen(l->hosts);
1087 int was_hashed = l->hosts && l->hosts[0] == HASH_DELIM;
1085 1088
1086 switch (l->status) { 1089 switch (l->status) {
1087 case HKF_STATUS_OK: 1090 case HKF_STATUS_OK:
@@ -1090,11 +1093,10 @@ known_hosts_hash(struct hostkey_foreach_line *l, void *_ctx)
1090 * Don't hash hosts already already hashed, with wildcard 1093 * Don't hash hosts already already hashed, with wildcard
1091 * characters or a CA/revocation marker. 1094 * characters or a CA/revocation marker.
1092 */ 1095 */
1093 if ((l->match & HKF_MATCH_HOST_HASHED) != 0 || 1096 if (was_hashed || has_wild || l->marker != MRK_NONE) {
1094 has_wild || l->marker != MRK_NONE) {
1095 fprintf(ctx->out, "%s\n", l->line); 1097 fprintf(ctx->out, "%s\n", l->line);
1096 if (has_wild && !find_host) { 1098 if (has_wild && !find_host) {
1097 logit("%s:%ld: ignoring host name " 1099 logit("%s:%lu: ignoring host name "
1098 "with wildcard: %.64s", l->path, 1100 "with wildcard: %.64s", l->path,
1099 l->linenum, l->hosts); 1101 l->linenum, l->hosts);
1100 } 1102 }
@@ -1106,6 +1108,7 @@ known_hosts_hash(struct hostkey_foreach_line *l, void *_ctx)
1106 */ 1108 */
1107 ohosts = hosts = xstrdup(l->hosts); 1109 ohosts = hosts = xstrdup(l->hosts);
1108 while ((cp = strsep(&hosts, ",")) != NULL && *cp != '\0') { 1110 while ((cp = strsep(&hosts, ",")) != NULL && *cp != '\0') {
1111 lowercase(cp);
1109 if ((hashed = host_hash(cp, NULL, 0)) == NULL) 1112 if ((hashed = host_hash(cp, NULL, 0)) == NULL)
1110 fatal("hash_host failed"); 1113 fatal("hash_host failed");
1111 fprintf(ctx->out, "%s %s\n", hashed, l->rawkey); 1114 fprintf(ctx->out, "%s %s\n", hashed, l->rawkey);
@@ -1116,7 +1119,7 @@ known_hosts_hash(struct hostkey_foreach_line *l, void *_ctx)
1116 case HKF_STATUS_INVALID: 1119 case HKF_STATUS_INVALID:
1117 /* Retain invalid lines, but mark file as invalid. */ 1120 /* Retain invalid lines, but mark file as invalid. */
1118 ctx->invalid = 1; 1121 ctx->invalid = 1;
1119 logit("%s:%ld: invalid line", l->path, l->linenum); 1122 logit("%s:%lu: invalid line", l->path, l->linenum);
1120 /* FALLTHROUGH */ 1123 /* FALLTHROUGH */
1121 default: 1124 default:
1122 fprintf(ctx->out, "%s\n", l->line); 1125 fprintf(ctx->out, "%s\n", l->line);
@@ -1150,14 +1153,14 @@ known_hosts_find_delete(struct hostkey_foreach_line *l, void *_ctx)
1150 */ 1153 */
1151 ctx->found_key = 1; 1154 ctx->found_key = 1;
1152 if (!quiet) 1155 if (!quiet)
1153 printf("# Host %s found: line %ld\n", 1156 printf("# Host %s found: line %lu\n",
1154 ctx->host, l->linenum); 1157 ctx->host, l->linenum);
1155 } 1158 }
1156 return 0; 1159 return 0;
1157 } else if (find_host) { 1160 } else if (find_host) {
1158 ctx->found_key = 1; 1161 ctx->found_key = 1;
1159 if (!quiet) { 1162 if (!quiet) {
1160 printf("# Host %s found: line %ld %s\n", 1163 printf("# Host %s found: line %lu %s\n",
1161 ctx->host, 1164 ctx->host,
1162 l->linenum, l->marker == MRK_CA ? "CA" : 1165 l->linenum, l->marker == MRK_CA ? "CA" :
1163 (l->marker == MRK_REVOKE ? "REVOKED" : "")); 1166 (l->marker == MRK_REVOKE ? "REVOKED" : ""));
@@ -1166,7 +1169,7 @@ known_hosts_find_delete(struct hostkey_foreach_line *l, void *_ctx)
1166 known_hosts_hash(l, ctx); 1169 known_hosts_hash(l, ctx);
1167 else if (print_fingerprint) { 1170 else if (print_fingerprint) {
1168 fp = sshkey_fingerprint(l->key, fptype, rep); 1171 fp = sshkey_fingerprint(l->key, fptype, rep);
1169 printf("%s %s %s %s\n", ctx->host, 1172 mprintf("%s %s %s %s\n", ctx->host,
1170 sshkey_type(l->key), fp, l->comment); 1173 sshkey_type(l->key), fp, l->comment);
1171 free(fp); 1174 free(fp);
1172 } else 1175 } else
@@ -1177,7 +1180,7 @@ known_hosts_find_delete(struct hostkey_foreach_line *l, void *_ctx)
1177 /* Retain non-matching hosts when deleting */ 1180 /* Retain non-matching hosts when deleting */
1178 if (l->status == HKF_STATUS_INVALID) { 1181 if (l->status == HKF_STATUS_INVALID) {
1179 ctx->invalid = 1; 1182 ctx->invalid = 1;
1180 logit("%s:%ld: invalid line", l->path, l->linenum); 1183 logit("%s:%lu: invalid line", l->path, l->linenum);
1181 } 1184 }
1182 fprintf(ctx->out, "%s\n", l->line); 1185 fprintf(ctx->out, "%s\n", l->line);
1183 } 1186 }
@@ -1317,7 +1320,7 @@ do_change_passphrase(struct passwd *pw)
1317 fatal("Failed to load key %s: %s", identity_file, ssh_err(r)); 1320 fatal("Failed to load key %s: %s", identity_file, ssh_err(r));
1318 } 1321 }
1319 if (comment) 1322 if (comment)
1320 printf("Key has comment '%s'\n", comment); 1323 mprintf("Key has comment '%s'\n", comment);
1321 1324
1322 /* Ask the new passphrase (twice). */ 1325 /* Ask the new passphrase (twice). */
1323 if (identity_new_passphrase) { 1326 if (identity_new_passphrase) {
@@ -1441,7 +1444,10 @@ do_change_comment(struct passwd *pw)
1441 sshkey_free(private); 1444 sshkey_free(private);
1442 exit(1); 1445 exit(1);
1443 } 1446 }
1444 printf("Key now has comment '%s'\n", comment); 1447 if (comment)
1448 printf("Key now has comment '%s'\n", comment);
1449 else
1450 printf("Key now has no comment\n");
1445 1451
1446 if (identity_comment) { 1452 if (identity_comment) {
1447 strlcpy(new_comment, identity_comment, sizeof(new_comment)); 1453 strlcpy(new_comment, identity_comment, sizeof(new_comment));
@@ -2203,11 +2209,17 @@ do_check_krl(struct passwd *pw, int argc, char **argv)
2203 exit(ret); 2209 exit(ret);
2204} 2210}
2205 2211
2212#ifdef WITH_SSH1
2213# define RSA1_USAGE " | rsa1"
2214#else
2215# define RSA1_USAGE ""
2216#endif
2217
2206static void 2218static void
2207usage(void) 2219usage(void)
2208{ 2220{
2209 fprintf(stderr, 2221 fprintf(stderr,
2210 "usage: ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa | rsa1]\n" 2222 "usage: ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa%s]\n"
2211 " [-N new_passphrase] [-C comment] [-f output_keyfile]\n" 2223 " [-N new_passphrase] [-C comment] [-f output_keyfile]\n"
2212 " ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f keyfile]\n" 2224 " ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f keyfile]\n"
2213 " ssh-keygen -i [-m key_format] [-f input_keyfile]\n" 2225 " ssh-keygen -i [-m key_format] [-f input_keyfile]\n"
@@ -2215,7 +2227,7 @@ usage(void)
2215 " ssh-keygen -y [-f input_keyfile]\n" 2227 " ssh-keygen -y [-f input_keyfile]\n"
2216 " ssh-keygen -c [-P passphrase] [-C comment] [-f keyfile]\n" 2228 " ssh-keygen -c [-P passphrase] [-C comment] [-f keyfile]\n"
2217 " ssh-keygen -l [-v] [-E fingerprint_hash] [-f input_keyfile]\n" 2229 " ssh-keygen -l [-v] [-E fingerprint_hash] [-f input_keyfile]\n"
2218 " ssh-keygen -B [-f input_keyfile]\n"); 2230 " ssh-keygen -B [-f input_keyfile]\n", RSA1_USAGE);
2219#ifdef ENABLE_PKCS11 2231#ifdef ENABLE_PKCS11
2220 fprintf(stderr, 2232 fprintf(stderr,
2221 " ssh-keygen -D pkcs11\n"); 2233 " ssh-keygen -D pkcs11\n");
@@ -2280,6 +2292,8 @@ main(int argc, char **argv)
2280 2292
2281 seed_rng(); 2293 seed_rng();
2282 2294
2295 msetlocale();
2296
2283 /* we need this for the home * directory. */ 2297 /* we need this for the home * directory. */
2284 pw = getpwuid(getuid()); 2298 pw = getpwuid(getuid());
2285 if (!pw) 2299 if (!pw)
diff --git a/ssh-keyscan.c b/ssh-keyscan.c
index c30d54e62..1f95239a3 100644
--- a/ssh-keyscan.c
+++ b/ssh-keyscan.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-keyscan.c,v 1.106 2016/05/02 10:26:04 djm Exp $ */ 1/* $OpenBSD: ssh-keyscan.c,v 1.109 2017/03/10 04:26:06 djm Exp $ */
2/* 2/*
3 * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. 3 * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
4 * 4 *
@@ -321,16 +321,18 @@ keygrab_ssh2(con *c)
321} 321}
322 322
323static void 323static void
324keyprint_one(char *host, struct sshkey *key) 324keyprint_one(const char *host, struct sshkey *key)
325{ 325{
326 char *hostport; 326 char *hostport;
327 327 const char *known_host, *hashed;
328 if (hash_hosts && (host = host_hash(host, NULL, 0)) == NULL)
329 fatal("host_hash failed");
330 328
331 hostport = put_host_port(host, ssh_port); 329 hostport = put_host_port(host, ssh_port);
330 lowercase(hostport);
331 if (hash_hosts && (hashed = host_hash(host, NULL, 0)) == NULL)
332 fatal("host_hash failed");
333 known_host = hash_hosts ? hashed : hostport;
332 if (!get_cert) 334 if (!get_cert)
333 fprintf(stdout, "%s ", hostport); 335 fprintf(stdout, "%s ", known_host);
334 sshkey_write(key, stdout); 336 sshkey_write(key, stdout);
335 fputs("\n", stdout); 337 fputs("\n", stdout);
336 free(hostport); 338 free(hostport);
@@ -752,10 +754,13 @@ main(int argc, char **argv)
752 tname = strtok(optarg, ","); 754 tname = strtok(optarg, ",");
753 while (tname) { 755 while (tname) {
754 int type = sshkey_type_from_name(tname); 756 int type = sshkey_type_from_name(tname);
757
755 switch (type) { 758 switch (type) {
759#ifdef WITH_SSH1
756 case KEY_RSA1: 760 case KEY_RSA1:
757 get_keytypes |= KT_RSA1; 761 get_keytypes |= KT_RSA1;
758 break; 762 break;
763#endif
759 case KEY_DSA: 764 case KEY_DSA:
760 get_keytypes |= KT_DSA; 765 get_keytypes |= KT_DSA;
761 break; 766 break;
@@ -769,7 +774,8 @@ main(int argc, char **argv)
769 get_keytypes |= KT_ED25519; 774 get_keytypes |= KT_ED25519;
770 break; 775 break;
771 case KEY_UNSPEC: 776 case KEY_UNSPEC:
772 fatal("unknown key type %s", tname); 777 default:
778 fatal("Unknown key type \"%s\"", tname);
773 } 779 }
774 tname = strtok(NULL, ","); 780 tname = strtok(NULL, ",");
775 } 781 }
diff --git a/ssh.c b/ssh.c
index ee0b16dc2..32b27bbc2 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh.c,v 1.448 2016/12/06 07:48:01 djm Exp $ */ 1/* $OpenBSD: ssh.c,v 1.451 2017/03/10 04:07:20 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -684,11 +684,11 @@ main(int ac, char **av)
684 else if (strcmp(optarg, "kex") == 0) 684 else if (strcmp(optarg, "kex") == 0)
685 cp = kex_alg_list('\n'); 685 cp = kex_alg_list('\n');
686 else if (strcmp(optarg, "key") == 0) 686 else if (strcmp(optarg, "key") == 0)
687 cp = sshkey_alg_list(0, 0, '\n'); 687 cp = sshkey_alg_list(0, 0, 0, '\n');
688 else if (strcmp(optarg, "key-cert") == 0) 688 else if (strcmp(optarg, "key-cert") == 0)
689 cp = sshkey_alg_list(1, 0, '\n'); 689 cp = sshkey_alg_list(1, 0, 0, '\n');
690 else if (strcmp(optarg, "key-plain") == 0) 690 else if (strcmp(optarg, "key-plain") == 0)
691 cp = sshkey_alg_list(0, 1, '\n'); 691 cp = sshkey_alg_list(0, 1, 0, '\n');
692 else if (strcmp(optarg, "protocol-version") == 0) { 692 else if (strcmp(optarg, "protocol-version") == 0) {
693#ifdef WITH_SSH1 693#ifdef WITH_SSH1
694 cp = xstrdup("1\n2"); 694 cp = xstrdup("1\n2");
@@ -1103,7 +1103,7 @@ main(int ac, char **av)
1103 options.proxy_use_fdpass = 0; 1103 options.proxy_use_fdpass = 0;
1104 snprintf(port_s, sizeof(port_s), "%d", options.jump_port); 1104 snprintf(port_s, sizeof(port_s), "%d", options.jump_port);
1105 xasprintf(&options.proxy_command, 1105 xasprintf(&options.proxy_command,
1106 "ssh%s%s%s%s%s%s%s%s%s%.*s -W %%h:%%p %s", 1106 "ssh%s%s%s%s%s%s%s%s%s%.*s -W '[%%h]:%%p' %s",
1107 /* Optional "-l user" argument if jump_user set */ 1107 /* Optional "-l user" argument if jump_user set */
1108 options.jump_user == NULL ? "" : " -l ", 1108 options.jump_user == NULL ? "" : " -l ",
1109 options.jump_user == NULL ? "" : options.jump_user, 1109 options.jump_user == NULL ? "" : options.jump_user,
diff --git a/ssh_config.0 b/ssh_config.0
index 4ca9a5ff8..ade8e6562 100644
--- a/ssh_config.0
+++ b/ssh_config.0
@@ -201,7 +201,9 @@ DESCRIPTION
201 preference. Multiple ciphers must be comma-separated. If the 201 preference. Multiple ciphers must be comma-separated. If the
202 specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified 202 specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified
203 ciphers will be appended to the default set instead of replacing 203 ciphers will be appended to the default set instead of replacing
204 them. 204 them. If the specified value begins with a M-bM-^@M-^X-M-bM-^@M-^Y character, then
205 the specified ciphers (including wildcards) will be removed from
206 the default set instead of replacing them.
205 207
206 The supported ciphers are: 208 The supported ciphers are:
207 209
@@ -448,7 +450,10 @@ DESCRIPTION
448 authentication as a comma-separated pattern list. Alternately if 450 authentication as a comma-separated pattern list. Alternately if
449 the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the 451 the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the
450 specified key types will be appended to the default set instead 452 specified key types will be appended to the default set instead
451 of replacing them. The default for this option is: 453 of replacing them. If the specified value begins with a M-bM-^@M-^X-M-bM-^@M-^Y
454 character, then the specified key types (including wildcards)
455 will be removed from the default set instead of replacing them.
456 The default for this option is:
452 457
453 ecdsa-sha2-nistp256-cert-v01@openssh.com, 458 ecdsa-sha2-nistp256-cert-v01@openssh.com,
454 ecdsa-sha2-nistp384-cert-v01@openssh.com, 459 ecdsa-sha2-nistp384-cert-v01@openssh.com,
@@ -464,8 +469,10 @@ DESCRIPTION
464 Specifies the host key algorithms that the client wants to use in 469 Specifies the host key algorithms that the client wants to use in
465 order of preference. Alternately if the specified value begins 470 order of preference. Alternately if the specified value begins
466 with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified key types will be 471 with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified key types will be
467 appended to the default set instead of replacing them. The 472 appended to the default set instead of replacing them. If the
468 default for this option is: 473 specified value begins with a M-bM-^@M-^X-M-bM-^@M-^Y character, then the specified
474 key types (including wildcards) will be removed from the default
475 set instead of replacing them. The default for this option is:
469 476
470 ecdsa-sha2-nistp256-cert-v01@openssh.com, 477 ecdsa-sha2-nistp256-cert-v01@openssh.com,
471 ecdsa-sha2-nistp384-cert-v01@openssh.com, 478 ecdsa-sha2-nistp384-cert-v01@openssh.com,
@@ -591,7 +598,9 @@ DESCRIPTION
591 algorithms must be comma-separated. Alternately if the specified 598 algorithms must be comma-separated. Alternately if the specified
592 value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified methods 599 value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified methods
593 will be appended to the default set instead of replacing them. 600 will be appended to the default set instead of replacing them.
594 The default is: 601 If the specified value begins with a M-bM-^@M-^X-M-bM-^@M-^Y character, then the
602 specified methods (including wildcards) will be removed from the
603 default set instead of replacing them. The default is:
595 604
596 curve25519-sha256,curve25519-sha256@libssh.org, 605 curve25519-sha256,curve25519-sha256@libssh.org,
597 ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, 606 ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
@@ -644,7 +653,10 @@ DESCRIPTION
644 integrity protection. Multiple algorithms must be comma- 653 integrity protection. Multiple algorithms must be comma-
645 separated. If the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, 654 separated. If the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character,
646 then the specified algorithms will be appended to the default set 655 then the specified algorithms will be appended to the default set
647 instead of replacing them. 656 instead of replacing them. If the specified value begins with a
657 M-bM-^@M-^X-M-bM-^@M-^Y character, then the specified algorithms (including
658 wildcards) will be removed from the default set instead of
659 replacing them.
648 660
649 The algorithms that contain "-etm" calculate the MAC after 661 The algorithms that contain "-etm" calculate the MAC after
650 encryption (encrypt-then-mac). These are considered safer and 662 encryption (encrypt-then-mac). These are considered safer and
@@ -667,7 +679,7 @@ DESCRIPTION
667 machine on each of the machines and the user will get many 679 machine on each of the machines and the user will get many
668 warnings about changed host keys. However, this option disables 680 warnings about changed host keys. However, this option disables
669 host authentication for localhost. The argument to this keyword 681 host authentication for localhost. The argument to this keyword
670 must be yes or no. (the default). 682 must be yes or no (the default).
671 683
672 NumberOfPasswordPrompts 684 NumberOfPasswordPrompts
673 Specifies the number of password prompts before giving up. The 685 Specifies the number of password prompts before giving up. The
@@ -753,7 +765,10 @@ DESCRIPTION
753 authentication as a comma-separated pattern list. Alternately if 765 authentication as a comma-separated pattern list. Alternately if
754 the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the key 766 the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the key
755 types after it will be appended to the default instead of 767 types after it will be appended to the default instead of
756 replacing it. The default for this option is: 768 replacing it. If the specified value begins with a M-bM-^@M-^X-M-bM-^@M-^Y
769 character, then the specified key types (including wildcards)
770 will be removed from the default set instead of replacing them.
771 The default for this option is:
757 772
758 ecdsa-sha2-nistp256-cert-v01@openssh.com, 773 ecdsa-sha2-nistp256-cert-v01@openssh.com,
759 ecdsa-sha2-nistp384-cert-v01@openssh.com, 774 ecdsa-sha2-nistp384-cert-v01@openssh.com,
@@ -1074,4 +1089,4 @@ AUTHORS
1074 created OpenSSH. Markus Friedl contributed the support for SSH protocol 1089 created OpenSSH. Markus Friedl contributed the support for SSH protocol
1075 versions 1.5 and 2.0. 1090 versions 1.5 and 2.0.
1076 1091
1077OpenBSD 6.0 October 15, 2016 OpenBSD 6.0 1092OpenBSD 6.0 February 27, 2017 OpenBSD 6.0
diff --git a/ssh_config.5 b/ssh_config.5
index 591365f34..532745b2f 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -33,8 +33,8 @@
33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35.\" 35.\"
36.\" $OpenBSD: ssh_config.5,v 1.240 2016/10/15 19:56:25 jmc Exp $ 36.\" $OpenBSD: ssh_config.5,v 1.242 2017/02/27 14:30:33 jmc Exp $
37.Dd $Mdocdate: October 15 2016 $ 37.Dd $Mdocdate: February 27 2017 $
38.Dt SSH_CONFIG 5 38.Dt SSH_CONFIG 5
39.Os 39.Os
40.Sh NAME 40.Sh NAME
@@ -415,6 +415,10 @@ If the specified value begins with a
415.Sq + 415.Sq +
416character, then the specified ciphers will be appended to the default set 416character, then the specified ciphers will be appended to the default set
417instead of replacing them. 417instead of replacing them.
418If the specified value begins with a
419.Sq -
420character, then the specified ciphers (including wildcards) will be removed
421from the default set instead of replacing them.
418.Pp 422.Pp
419The supported ciphers are: 423The supported ciphers are:
420.Bd -literal -offset indent 424.Bd -literal -offset indent
@@ -784,6 +788,10 @@ Alternately if the specified value begins with a
784.Sq + 788.Sq +
785character, then the specified key types will be appended to the default set 789character, then the specified key types will be appended to the default set
786instead of replacing them. 790instead of replacing them.
791If the specified value begins with a
792.Sq -
793character, then the specified key types (including wildcards) will be removed
794from the default set instead of replacing them.
787The default for this option is: 795The default for this option is:
788.Bd -literal -offset 3n 796.Bd -literal -offset 3n
789ecdsa-sha2-nistp256-cert-v01@openssh.com, 797ecdsa-sha2-nistp256-cert-v01@openssh.com,
@@ -807,6 +815,10 @@ Alternately if the specified value begins with a
807.Sq + 815.Sq +
808character, then the specified key types will be appended to the default set 816character, then the specified key types will be appended to the default set
809instead of replacing them. 817instead of replacing them.
818If the specified value begins with a
819.Sq -
820character, then the specified key types (including wildcards) will be removed
821from the default set instead of replacing them.
810The default for this option is: 822The default for this option is:
811.Bd -literal -offset 3n 823.Bd -literal -offset 3n
812ecdsa-sha2-nistp256-cert-v01@openssh.com, 824ecdsa-sha2-nistp256-cert-v01@openssh.com,
@@ -1027,6 +1039,10 @@ Alternately if the specified value begins with a
1027.Sq + 1039.Sq +
1028character, then the specified methods will be appended to the default set 1040character, then the specified methods will be appended to the default set
1029instead of replacing them. 1041instead of replacing them.
1042If the specified value begins with a
1043.Sq -
1044character, then the specified methods (including wildcards) will be removed
1045from the default set instead of replacing them.
1030The default is: 1046The default is:
1031.Bd -literal -offset indent 1047.Bd -literal -offset indent
1032curve25519-sha256,curve25519-sha256@libssh.org, 1048curve25519-sha256,curve25519-sha256@libssh.org,
@@ -1102,6 +1118,10 @@ If the specified value begins with a
1102.Sq + 1118.Sq +
1103character, then the specified algorithms will be appended to the default set 1119character, then the specified algorithms will be appended to the default set
1104instead of replacing them. 1120instead of replacing them.
1121If the specified value begins with a
1122.Sq -
1123character, then the specified algorithms (including wildcards) will be removed
1124from the default set instead of replacing them.
1105.Pp 1125.Pp
1106The algorithms that contain 1126The algorithms that contain
1107.Qq -etm 1127.Qq -etm
@@ -1127,7 +1147,7 @@ However, this option disables host authentication for localhost.
1127The argument to this keyword must be 1147The argument to this keyword must be
1128.Cm yes 1148.Cm yes
1129or 1149or
1130.Cm no . 1150.Cm no
1131(the default). 1151(the default).
1132.It Cm NumberOfPasswordPrompts 1152.It Cm NumberOfPasswordPrompts
1133Specifies the number of password prompts before giving up. 1153Specifies the number of password prompts before giving up.
@@ -1264,6 +1284,10 @@ Alternately if the specified value begins with a
1264.Sq + 1284.Sq +
1265character, then the key types after it will be appended to the default 1285character, then the key types after it will be appended to the default
1266instead of replacing it. 1286instead of replacing it.
1287If the specified value begins with a
1288.Sq -
1289character, then the specified key types (including wildcards) will be removed
1290from the default set instead of replacing them.
1267The default for this option is: 1291The default for this option is:
1268.Bd -literal -offset 3n 1292.Bd -literal -offset 3n
1269ecdsa-sha2-nistp256-cert-v01@openssh.com, 1293ecdsa-sha2-nistp256-cert-v01@openssh.com,
diff --git a/sshconnect.c b/sshconnect.c
index 96b91ce1a..948b638ad 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshconnect.c,v 1.272 2016/09/12 01:22:38 deraadt Exp $ */ 1/* $OpenBSD: sshconnect.c,v 1.273 2017/03/10 03:22:40 dtucker Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1532,6 +1532,7 @@ maybe_add_key_to_agent(char *authfile, Key *private, char *comment,
1532 if (options.add_keys_to_agent == 2 && 1532 if (options.add_keys_to_agent == 2 &&
1533 !ask_permission("Add key %s (%s) to agent?", authfile, comment)) { 1533 !ask_permission("Add key %s (%s) to agent?", authfile, comment)) {
1534 debug3("user denied adding this key"); 1534 debug3("user denied adding this key");
1535 close(auth_sock);
1535 return; 1536 return;
1536 } 1537 }
1537 1538
@@ -1540,4 +1541,5 @@ maybe_add_key_to_agent(char *authfile, Key *private, char *comment,
1540 debug("identity added to agent: %s", authfile); 1541 debug("identity added to agent: %s", authfile);
1541 else 1542 else
1542 debug("could not add identity to agent: %s (%d)", authfile, r); 1543 debug("could not add identity to agent: %s (%d)", authfile, r);
1544 close(auth_sock);
1543} 1545}
diff --git a/sshconnect1.c b/sshconnect1.c
index a04536184..dc00b4cd0 100644
--- a/sshconnect1.c
+++ b/sshconnect1.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshconnect1.c,v 1.79 2016/09/19 07:52:42 natano Exp $ */ 1/* $OpenBSD: sshconnect1.c,v 1.80 2017/03/10 03:53:11 dtucker Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -520,7 +520,8 @@ ssh_kex(char *host, struct sockaddr *hostaddr)
520 cookie[i] = packet_get_char(); 520 cookie[i] = packet_get_char();
521 521
522 /* Get the public key. */ 522 /* Get the public key. */
523 server_key = key_new(KEY_RSA1); 523 if ((server_key = key_new(KEY_RSA1)) == NULL)
524 fatal("%s: key_new(KEY_RSA1) failed", __func__);
524 bits = packet_get_int(); 525 bits = packet_get_int();
525 packet_get_bignum(server_key->rsa->e); 526 packet_get_bignum(server_key->rsa->e);
526 packet_get_bignum(server_key->rsa->n); 527 packet_get_bignum(server_key->rsa->n);
@@ -532,7 +533,8 @@ ssh_kex(char *host, struct sockaddr *hostaddr)
532 logit("Warning: This may be due to an old implementation of ssh."); 533 logit("Warning: This may be due to an old implementation of ssh.");
533 } 534 }
534 /* Get the host key. */ 535 /* Get the host key. */
535 host_key = key_new(KEY_RSA1); 536 if ((host_key = key_new(KEY_RSA1)) == NULL)
537 fatal("%s: key_new(KEY_RSA1) failed", __func__);
536 bits = packet_get_int(); 538 bits = packet_get_int();
537 packet_get_bignum(host_key->rsa->e); 539 packet_get_bignum(host_key->rsa->e);
538 packet_get_bignum(host_key->rsa->n); 540 packet_get_bignum(host_key->rsa->n);
diff --git a/sshconnect2.c b/sshconnect2.c
index 103a2b36a..f8a54beea 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshconnect2.c,v 1.251 2016/12/04 23:54:02 djm Exp $ */ 1/* $OpenBSD: sshconnect2.c,v 1.255 2017/03/11 23:40:26 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * Copyright (c) 2008 Damien Miller. All rights reserved. 4 * Copyright (c) 2008 Damien Miller. All rights reserved.
@@ -193,8 +193,8 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port)
193 } 193 }
194 194
195 if (options.rekey_limit || options.rekey_interval) 195 if (options.rekey_limit || options.rekey_interval)
196 packet_set_rekey_limits((u_int32_t)options.rekey_limit, 196 packet_set_rekey_limits(options.rekey_limit,
197 (time_t)options.rekey_interval); 197 options.rekey_interval);
198 198
199 /* start key exchange */ 199 /* start key exchange */
200 if ((r = kex_setup(active_state, myproposal)) != 0) 200 if ((r = kex_setup(active_state, myproposal)) != 0)
@@ -934,14 +934,14 @@ input_userauth_passwd_changereq(int type, u_int32_t seqnr, void *ctxt)
934 Authctxt *authctxt = ctxt; 934 Authctxt *authctxt = ctxt;
935 char *info, *lang, *password = NULL, *retype = NULL; 935 char *info, *lang, *password = NULL, *retype = NULL;
936 char prompt[150]; 936 char prompt[150];
937 const char *host = options.host_key_alias ? options.host_key_alias : 937 const char *host;
938 authctxt->host;
939 938
940 debug2("input_userauth_passwd_changereq"); 939 debug2("input_userauth_passwd_changereq");
941 940
942 if (authctxt == NULL) 941 if (authctxt == NULL)
943 fatal("input_userauth_passwd_changereq: " 942 fatal("input_userauth_passwd_changereq: "
944 "no authentication context"); 943 "no authentication context");
944 host = options.host_key_alias ? options.host_key_alias : authctxt->host;
945 945
946 info = packet_get_string(NULL); 946 info = packet_get_string(NULL);
947 lang = packet_get_string(NULL); 947 lang = packet_get_string(NULL);
@@ -996,11 +996,11 @@ input_userauth_passwd_changereq(int type, u_int32_t seqnr, void *ctxt)
996} 996}
997 997
998static const char * 998static const char *
999identity_sign_encode(struct identity *id) 999key_sign_encode(const struct sshkey *key)
1000{ 1000{
1001 struct ssh *ssh = active_state; 1001 struct ssh *ssh = active_state;
1002 1002
1003 if (id->key->type == KEY_RSA) { 1003 if (key->type == KEY_RSA) {
1004 switch (ssh->kex->rsa_sha2) { 1004 switch (ssh->kex->rsa_sha2) {
1005 case 256: 1005 case 256:
1006 return "rsa-sha2-256"; 1006 return "rsa-sha2-256";
@@ -1008,7 +1008,7 @@ identity_sign_encode(struct identity *id)
1008 return "rsa-sha2-512"; 1008 return "rsa-sha2-512";
1009 } 1009 }
1010 } 1010 }
1011 return key_ssh_name(id->key); 1011 return key_ssh_name(key);
1012} 1012}
1013 1013
1014static int 1014static int
@@ -1017,31 +1017,50 @@ identity_sign(struct identity *id, u_char **sigp, size_t *lenp,
1017{ 1017{
1018 Key *prv; 1018 Key *prv;
1019 int ret; 1019 int ret;
1020 const char *alg;
1021
1022 alg = identity_sign_encode(id);
1023 1020
1024 /* the agent supports this key */ 1021 /* the agent supports this key */
1025 if (id->agent_fd != -1) 1022 if (id->key != NULL && id->agent_fd != -1)
1026 return ssh_agent_sign(id->agent_fd, id->key, sigp, lenp, 1023 return ssh_agent_sign(id->agent_fd, id->key, sigp, lenp,
1027 data, datalen, alg, compat); 1024 data, datalen, key_sign_encode(id->key), compat);
1028 1025
1029 /* 1026 /*
1030 * we have already loaded the private key or 1027 * we have already loaded the private key or
1031 * the private key is stored in external hardware 1028 * the private key is stored in external hardware
1032 */ 1029 */
1033 if (id->isprivate || (id->key->flags & SSHKEY_FLAG_EXT)) 1030 if (id->key != NULL &&
1034 return (sshkey_sign(id->key, sigp, lenp, data, datalen, alg, 1031 (id->isprivate || (id->key->flags & SSHKEY_FLAG_EXT)))
1035 compat)); 1032 return (sshkey_sign(id->key, sigp, lenp, data, datalen,
1033 key_sign_encode(id->key), compat));
1034
1036 /* load the private key from the file */ 1035 /* load the private key from the file */
1037 if ((prv = load_identity_file(id)) == NULL) 1036 if ((prv = load_identity_file(id)) == NULL)
1038 return SSH_ERR_KEY_NOT_FOUND; 1037 return SSH_ERR_KEY_NOT_FOUND;
1039 ret = sshkey_sign(prv, sigp, lenp, data, datalen, alg, compat); 1038 ret = sshkey_sign(prv, sigp, lenp, data, datalen,
1039 key_sign_encode(prv), compat);
1040 sshkey_free(prv); 1040 sshkey_free(prv);
1041 return (ret); 1041 return (ret);
1042} 1042}
1043 1043
1044static int 1044static int
1045id_filename_matches(Identity *id, Identity *private_id)
1046{
1047 const char *suffixes[] = { ".pub", "-cert.pub", NULL };
1048 size_t len = strlen(id->filename), plen = strlen(private_id->filename);
1049 size_t i, slen;
1050
1051 if (strcmp(id->filename, private_id->filename) == 0)
1052 return 1;
1053 for (i = 0; suffixes[i]; i++) {
1054 slen = strlen(suffixes[i]);
1055 if (len > slen && plen == len - slen &&
1056 strcmp(id->filename + (len - slen), suffixes[i]) == 0 &&
1057 memcmp(id->filename, private_id->filename, plen) == 0)
1058 return 1;
1059 }
1060 return 0;
1061}
1062
1063static int
1045sign_and_send_pubkey(Authctxt *authctxt, Identity *id) 1064sign_and_send_pubkey(Authctxt *authctxt, Identity *id)
1046{ 1065{
1047 Buffer b; 1066 Buffer b;
@@ -1083,7 +1102,7 @@ sign_and_send_pubkey(Authctxt *authctxt, Identity *id)
1083 } else { 1102 } else {
1084 buffer_put_cstring(&b, authctxt->method->name); 1103 buffer_put_cstring(&b, authctxt->method->name);
1085 buffer_put_char(&b, have_sig); 1104 buffer_put_char(&b, have_sig);
1086 buffer_put_cstring(&b, identity_sign_encode(id)); 1105 buffer_put_cstring(&b, key_sign_encode(id->key));
1087 } 1106 }
1088 buffer_put_string(&b, blob, bloblen); 1107 buffer_put_string(&b, blob, bloblen);
1089 1108
@@ -1103,6 +1122,24 @@ sign_and_send_pubkey(Authctxt *authctxt, Identity *id)
1103 break; 1122 break;
1104 } 1123 }
1105 } 1124 }
1125 /*
1126 * Exact key matches are preferred, but also allow
1127 * filename matches for non-PKCS#11/agent keys that
1128 * didn't load public keys. This supports the case
1129 * of keeping just a private key file and public
1130 * certificate on disk.
1131 */
1132 if (!matched && !id->isprivate && id->agent_fd == -1 &&
1133 (id->key->flags & SSHKEY_FLAG_EXT) == 0) {
1134 TAILQ_FOREACH(private_id, &authctxt->keys, next) {
1135 if (private_id->key == NULL &&
1136 id_filename_matches(id, private_id)) {
1137 id = private_id;
1138 matched = 1;
1139 break;
1140 }
1141 }
1142 }
1106 if (matched) { 1143 if (matched) {
1107 debug2("%s: using private key \"%s\"%s for " 1144 debug2("%s: using private key \"%s\"%s for "
1108 "certificate", __func__, id->filename, 1145 "certificate", __func__, id->filename,
@@ -1181,7 +1218,7 @@ send_pubkey_test(Authctxt *authctxt, Identity *id)
1181 packet_put_cstring(authctxt->method->name); 1218 packet_put_cstring(authctxt->method->name);
1182 packet_put_char(have_sig); 1219 packet_put_char(have_sig);
1183 if (!(datafellows & SSH_BUG_PKAUTH)) 1220 if (!(datafellows & SSH_BUG_PKAUTH))
1184 packet_put_cstring(identity_sign_encode(id)); 1221 packet_put_cstring(key_sign_encode(id->key));
1185 packet_put_string(blob, bloblen); 1222 packet_put_string(blob, bloblen);
1186 free(blob); 1223 free(blob);
1187 packet_send(); 1224 packet_send();
@@ -1632,7 +1669,7 @@ ssh_keysign(struct sshkey *key, u_char **sigp, size_t *lenp,
1632 if ((b = sshbuf_new()) == NULL) 1669 if ((b = sshbuf_new()) == NULL)
1633 fatal("%s: sshbuf_new failed", __func__); 1670 fatal("%s: sshbuf_new failed", __func__);
1634 /* send # of sock, data to be signed */ 1671 /* send # of sock, data to be signed */
1635 if ((r = sshbuf_put_u32(b, sock) != 0) || 1672 if ((r = sshbuf_put_u32(b, sock)) != 0 ||
1636 (r = sshbuf_put_string(b, data, datalen)) != 0) 1673 (r = sshbuf_put_string(b, data, datalen)) != 0)
1637 fatal("%s: buffer error: %s", __func__, ssh_err(r)); 1674 fatal("%s: buffer error: %s", __func__, ssh_err(r));
1638 if (ssh_msg_send(to[1], version, b) == -1) 1675 if (ssh_msg_send(to[1], version, b) == -1)
diff --git a/sshd.0 b/sshd.0
index 089244c93..6cd5f038c 100644
--- a/sshd.0
+++ b/sshd.0
@@ -398,8 +398,8 @@ SSH_KNOWN_HOSTS FILE FORMAT
398 The /etc/ssh/ssh_known_hosts and ~/.ssh/known_hosts files contain host 398 The /etc/ssh/ssh_known_hosts and ~/.ssh/known_hosts files contain host
399 public keys for all known hosts. The global file should be prepared by 399 public keys for all known hosts. The global file should be prepared by
400 the administrator (optional), and the per-user file is maintained 400 the administrator (optional), and the per-user file is maintained
401 automatically: whenever the user connects from an unknown host, its key 401 automatically: whenever the user connects to an unknown host, its key is
402 is added to the per-user file. 402 added to the per-user file.
403 403
404 Each line in these files contains the following fields: markers 404 Each line in these files contains the following fields: markers
405 (optional), hostnames, keytype, base64-encoded key, comment. The fields 405 (optional), hostnames, keytype, base64-encoded key, comment. The fields
@@ -623,4 +623,4 @@ AUTHORS
623 versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support 623 versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support
624 for privilege separation. 624 for privilege separation.
625 625
626OpenBSD 6.0 November 30, 2016 OpenBSD 6.0 626OpenBSD 6.0 January 30, 2017 OpenBSD 6.0
diff --git a/sshd.8 b/sshd.8
index 41fc5051a..7725a692c 100644
--- a/sshd.8
+++ b/sshd.8
@@ -33,8 +33,8 @@
33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35.\" 35.\"
36.\" $OpenBSD: sshd.8,v 1.287 2016/11/30 02:57:40 djm Exp $ 36.\" $OpenBSD: sshd.8,v 1.288 2017/01/30 23:27:39 dtucker Exp $
37.Dd $Mdocdate: November 30 2016 $ 37.Dd $Mdocdate: January 30 2017 $
38.Dt SSHD 8 38.Dt SSHD 8
39.Os 39.Os
40.Sh NAME 40.Sh NAME
@@ -631,7 +631,7 @@ and
631files contain host public keys for all known hosts. 631files contain host public keys for all known hosts.
632The global file should 632The global file should
633be prepared by the administrator (optional), and the per-user file is 633be prepared by the administrator (optional), and the per-user file is
634maintained automatically: whenever the user connects from an unknown host, 634maintained automatically: whenever the user connects to an unknown host,
635its key is added to the per-user file. 635its key is added to the per-user file.
636.Pp 636.Pp
637Each line in these files contains the following fields: markers (optional), 637Each line in these files contains the following fields: markers (optional),
diff --git a/sshd.c b/sshd.c
index 1dc4d182a..010a2c38a 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshd.c,v 1.480 2016/12/09 03:04:29 djm Exp $ */ 1/* $OpenBSD: sshd.c,v 1.485 2017/03/15 03:52:30 deraadt Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -362,14 +362,14 @@ sshd_exchange_identification(struct ssh *ssh, int sock_in, int sock_out)
362{ 362{
363 u_int i; 363 u_int i;
364 int remote_major, remote_minor; 364 int remote_major, remote_minor;
365 char *s, *newline = "\n"; 365 char *s;
366 char buf[256]; /* Must not be larger than remote_version. */ 366 char buf[256]; /* Must not be larger than remote_version. */
367 char remote_version[256]; /* Must be at least as big as buf. */ 367 char remote_version[256]; /* Must be at least as big as buf. */
368 368
369 xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s", 369 xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s\r\n",
370 PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION, 370 PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION,
371 *options.version_addendum == '\0' ? "" : " ", 371 *options.version_addendum == '\0' ? "" : " ",
372 options.version_addendum, newline); 372 options.version_addendum);
373 373
374 /* Send our protocol version identification. */ 374 /* Send our protocol version identification. */
375 if (atomicio(vwrite, sock_out, server_version_string, 375 if (atomicio(vwrite, sock_out, server_version_string,
@@ -1046,6 +1046,11 @@ server_listen(void)
1046 close(listen_sock); 1046 close(listen_sock);
1047 continue; 1047 continue;
1048 } 1048 }
1049 if (fcntl(listen_sock, F_SETFD, FD_CLOEXEC) == -1) {
1050 verbose("socket: CLOEXEC: %s", strerror(errno));
1051 close(listen_sock);
1052 continue;
1053 }
1049 /* 1054 /*
1050 * Set socket options. 1055 * Set socket options.
1051 * Allow local port reuse in TIME_WAIT. 1056 * Allow local port reuse in TIME_WAIT.
@@ -1670,6 +1675,15 @@ main(int ac, char **av)
1670 continue; 1675 continue;
1671 key = key_load_private(options.host_key_files[i], "", NULL); 1676 key = key_load_private(options.host_key_files[i], "", NULL);
1672 pubkey = key_load_public(options.host_key_files[i], NULL); 1677 pubkey = key_load_public(options.host_key_files[i], NULL);
1678
1679 if ((pubkey != NULL && pubkey->type == KEY_RSA1) ||
1680 (key != NULL && key->type == KEY_RSA1)) {
1681 verbose("Ignoring RSA1 key %s",
1682 options.host_key_files[i]);
1683 key_free(key);
1684 key_free(pubkey);
1685 continue;
1686 }
1673 if (pubkey == NULL && key != NULL) 1687 if (pubkey == NULL && key != NULL)
1674 pubkey = key_demote(key); 1688 pubkey = key_demote(key);
1675 sensitive_data.host_keys[i] = key; 1689 sensitive_data.host_keys[i] = key;
@@ -2154,7 +2168,7 @@ do_ssh2_kex(void)
2154 2168
2155 if (options.rekey_limit || options.rekey_interval) 2169 if (options.rekey_limit || options.rekey_interval)
2156 packet_set_rekey_limits(options.rekey_limit, 2170 packet_set_rekey_limits(options.rekey_limit,
2157 (time_t)options.rekey_interval); 2171 options.rekey_interval);
2158 2172
2159 myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal( 2173 myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal(
2160 list_hostkey_types()); 2174 list_hostkey_types());
diff --git a/sshd_config b/sshd_config
index 9f09e4a6e..4eb2e02e0 100644
--- a/sshd_config
+++ b/sshd_config
@@ -1,4 +1,4 @@
1# $OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $ 1# $OpenBSD: sshd_config,v 1.101 2017/03/14 07:19:07 djm Exp $
2 2
3# This is the sshd server system-wide configuration file. See 3# This is the sshd server system-wide configuration file. See
4# sshd_config(5) for more information. 4# sshd_config(5) for more information.
@@ -93,7 +93,6 @@ AuthorizedKeysFile .ssh/authorized_keys
93#PrintLastLog yes 93#PrintLastLog yes
94#TCPKeepAlive yes 94#TCPKeepAlive yes
95#UseLogin no 95#UseLogin no
96#UsePrivilegeSeparation sandbox
97#PermitUserEnvironment no 96#PermitUserEnvironment no
98#Compression delayed 97#Compression delayed
99#ClientAliveInterval 0 98#ClientAliveInterval 0
diff --git a/sshd_config.0 b/sshd_config.0
index 022c05226..b0160aa87 100644
--- a/sshd_config.0
+++ b/sshd_config.0
@@ -238,7 +238,9 @@ DESCRIPTION
238 Specifies the ciphers allowed. Multiple ciphers must be comma- 238 Specifies the ciphers allowed. Multiple ciphers must be comma-
239 separated. If the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, 239 separated. If the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character,
240 then the specified ciphers will be appended to the default set 240 then the specified ciphers will be appended to the default set
241 instead of replacing them. 241 instead of replacing them. If the specified value begins with a
242 M-bM-^@M-^X-M-bM-^@M-^Y character, then the specified ciphers (including wildcards)
243 will be removed from the default set instead of replacing them.
242 244
243 The supported ciphers are: 245 The supported ciphers are:
244 246
@@ -378,7 +380,10 @@ DESCRIPTION
378 authentication as a comma-separated pattern list. Alternately if 380 authentication as a comma-separated pattern list. Alternately if
379 the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the 381 the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the
380 specified key types will be appended to the default set instead 382 specified key types will be appended to the default set instead
381 of replacing them. The default for this option is: 383 of replacing them. If the specified value begins with a M-bM-^@M-^X-M-bM-^@M-^Y
384 character, then the specified key types (including wildcards)
385 will be removed from the default set instead of replacing them.
386 The default for this option is:
382 387
383 ecdsa-sha2-nistp256-cert-v01@openssh.com, 388 ecdsa-sha2-nistp256-cert-v01@openssh.com,
384 ecdsa-sha2-nistp384-cert-v01@openssh.com, 389 ecdsa-sha2-nistp384-cert-v01@openssh.com,
@@ -503,7 +508,10 @@ DESCRIPTION
503 algorithms must be comma-separated. Alternately if the specified 508 algorithms must be comma-separated. Alternately if the specified
504 value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified methods 509 value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified methods
505 will be appended to the default set instead of replacing them. 510 will be appended to the default set instead of replacing them.
506 The supported algorithms are: 511 If the specified value begins with a M-bM-^@M-^X-M-bM-^@M-^Y character, then the
512 specified methods (including wildcards) will be removed from the
513 default set instead of replacing them. The supported algorithms
514 are:
507 515
508 curve25519-sha256 516 curve25519-sha256
509 curve25519-sha256@libssh.org 517 curve25519-sha256@libssh.org
@@ -555,7 +563,9 @@ DESCRIPTION
555 protection. Multiple algorithms must be comma-separated. If the 563 protection. Multiple algorithms must be comma-separated. If the
556 specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified 564 specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified
557 algorithms will be appended to the default set instead of 565 algorithms will be appended to the default set instead of
558 replacing them. 566 replacing them. If the specified value begins with a M-bM-^@M-^X-M-bM-^@M-^Y
567 character, then the specified algorithms (including wildcards)
568 will be removed from the default set instead of replacing them.
559 569
560 The algorithms that contain "-etm" calculate the MAC after 570 The algorithms that contain "-etm" calculate the MAC after
561 encryption (encrypt-then-mac). These are considered safer and 571 encryption (encrypt-then-mac). These are considered safer and
@@ -751,7 +761,10 @@ DESCRIPTION
751 authentication as a comma-separated pattern list. Alternately if 761 authentication as a comma-separated pattern list. Alternately if
752 the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the 762 the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the
753 specified key types will be appended to the default set instead 763 specified key types will be appended to the default set instead
754 of replacing them. The default for this option is: 764 of replacing them. If the specified value begins with a M-bM-^@M-^X-M-bM-^@M-^Y
765 character, then the specified key types (including wildcards)
766 will be removed from the default set instead of replacing them.
767 The default for this option is:
755 768
756 ecdsa-sha2-nistp256-cert-v01@openssh.com, 769 ecdsa-sha2-nistp256-cert-v01@openssh.com,
757 ecdsa-sha2-nistp384-cert-v01@openssh.com, 770 ecdsa-sha2-nistp384-cert-v01@openssh.com,
@@ -891,18 +904,6 @@ DESCRIPTION
891 If UsePAM is enabled, you will not be able to run sshd(8) as a 904 If UsePAM is enabled, you will not be able to run sshd(8) as a
892 non-root user. The default is no. 905 non-root user. The default is no.
893 906
894 UsePrivilegeSeparation
895 Specifies whether sshd(8) separates privileges by creating an
896 unprivileged child process to deal with incoming network traffic.
897 After successful authentication, another process will be created
898 that has the privilege of the authenticated user. The goal of
899 privilege separation is to prevent privilege escalation by
900 containing any corruption within the unprivileged processes. The
901 argument must be yes, no, or sandbox. If UsePrivilegeSeparation
902 is set to sandbox then the pre-authentication unprivileged
903 process is subject to additional restrictions. The default is
904 sandbox.
905
906 VersionAddendum 907 VersionAddendum
907 Optionally specifies additional text to append to the SSH 908 Optionally specifies additional text to append to the SSH
908 protocol banner sent by the server upon connection. The default 909 protocol banner sent by the server upon connection. The default
@@ -988,12 +989,12 @@ TOKENS
988 %t The key or certificate type. 989 %t The key or certificate type.
989 %u The username. 990 %u The username.
990 991
991 AuthorizedKeysCommand accepts the tokens %%, %f, %h, %t, and %u. 992 AuthorizedKeysCommand accepts the tokens %%, %f, %h, %k, %t, and %u.
992 993
993 AuthorizedKeysFile accepts the tokens %%, %h, and %u. 994 AuthorizedKeysFile accepts the tokens %%, %h, and %u.
994 995
995 AuthorizedPrincipalsCommand accepts the tokens %%, %F, %f, %K, %k, %h, 996 AuthorizedPrincipalsCommand accepts the tokens %%, %F, %f, %h, %i, %K,
996 %i, %s, %T, %t, and %u. 997 %k, %s, %T, %t, and %u.
997 998
998 AuthorizedPrincipalsFile accepts the tokens %%, %h, and %u. 999 AuthorizedPrincipalsFile accepts the tokens %%, %h, and %u.
999 1000
@@ -1016,4 +1017,4 @@ AUTHORS
1016 versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support 1017 versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support
1017 for privilege separation. 1018 for privilege separation.
1018 1019
1019OpenBSD 6.0 November 30, 2016 OpenBSD 6.0 1020OpenBSD 6.0 March 14, 2017 OpenBSD 6.0
diff --git a/sshd_config.5 b/sshd_config.5
index 32b29d240..ac6ccc793 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -33,8 +33,8 @@
33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35.\" 35.\"
36.\" $OpenBSD: sshd_config.5,v 1.239 2016/11/30 03:00:05 djm Exp $ 36.\" $OpenBSD: sshd_config.5,v 1.243 2017/03/14 07:19:07 djm Exp $
37.Dd $Mdocdate: November 30 2016 $ 37.Dd $Mdocdate: March 14 2017 $
38.Dt SSHD_CONFIG 5 38.Dt SSHD_CONFIG 5
39.Os 39.Os
40.Sh NAME 40.Sh NAME
@@ -437,6 +437,10 @@ If the specified value begins with a
437.Sq + 437.Sq +
438character, then the specified ciphers will be appended to the default set 438character, then the specified ciphers will be appended to the default set
439instead of replacing them. 439instead of replacing them.
440If the specified value begins with a
441.Sq -
442character, then the specified ciphers (including wildcards) will be removed
443from the default set instead of replacing them.
440.Pp 444.Pp
441The supported ciphers are: 445The supported ciphers are:
442.Pp 446.Pp
@@ -649,6 +653,10 @@ Alternately if the specified value begins with a
649.Sq + 653.Sq +
650character, then the specified key types will be appended to the default set 654character, then the specified key types will be appended to the default set
651instead of replacing them. 655instead of replacing them.
656If the specified value begins with a
657.Sq -
658character, then the specified key types (including wildcards) will be removed
659from the default set instead of replacing them.
652The default for this option is: 660The default for this option is:
653.Bd -literal -offset 3n 661.Bd -literal -offset 3n
654ecdsa-sha2-nistp256-cert-v01@openssh.com, 662ecdsa-sha2-nistp256-cert-v01@openssh.com,
@@ -843,6 +851,10 @@ Alternately if the specified value begins with a
843.Sq + 851.Sq +
844character, then the specified methods will be appended to the default set 852character, then the specified methods will be appended to the default set
845instead of replacing them. 853instead of replacing them.
854If the specified value begins with a
855.Sq -
856character, then the specified methods (including wildcards) will be removed
857from the default set instead of replacing them.
846The supported algorithms are: 858The supported algorithms are:
847.Pp 859.Pp
848.Bl -item -compact -offset indent 860.Bl -item -compact -offset indent
@@ -933,6 +945,10 @@ If the specified value begins with a
933.Sq + 945.Sq +
934character, then the specified algorithms will be appended to the default set 946character, then the specified algorithms will be appended to the default set
935instead of replacing them. 947instead of replacing them.
948If the specified value begins with a
949.Sq -
950character, then the specified algorithms (including wildcards) will be removed
951from the default set instead of replacing them.
936.Pp 952.Pp
937The algorithms that contain 953The algorithms that contain
938.Qq -etm 954.Qq -etm
@@ -1280,6 +1296,10 @@ Alternately if the specified value begins with a
1280.Sq + 1296.Sq +
1281character, then the specified key types will be appended to the default set 1297character, then the specified key types will be appended to the default set
1282instead of replacing them. 1298instead of replacing them.
1299If the specified value begins with a
1300.Sq -
1301character, then the specified key types (including wildcards) will be removed
1302from the default set instead of replacing them.
1283The default for this option is: 1303The default for this option is:
1284.Bd -literal -offset 3n 1304.Bd -literal -offset 3n
1285ecdsa-sha2-nistp256-cert-v01@openssh.com, 1305ecdsa-sha2-nistp256-cert-v01@openssh.com,
@@ -1474,28 +1494,6 @@ is enabled, you will not be able to run
1474as a non-root user. 1494as a non-root user.
1475The default is 1495The default is
1476.Cm no . 1496.Cm no .
1477.It Cm UsePrivilegeSeparation
1478Specifies whether
1479.Xr sshd 8
1480separates privileges by creating an unprivileged child process
1481to deal with incoming network traffic.
1482After successful authentication, another process will be created that has
1483the privilege of the authenticated user.
1484The goal of privilege separation is to prevent privilege
1485escalation by containing any corruption within the unprivileged processes.
1486The argument must be
1487.Cm yes ,
1488.Cm no ,
1489or
1490.Cm sandbox .
1491If
1492.Cm UsePrivilegeSeparation
1493is set to
1494.Cm sandbox
1495then the pre-authentication unprivileged process is subject to additional
1496restrictions.
1497The default is
1498.Cm sandbox .
1499.It Cm VersionAddendum 1497.It Cm VersionAddendum
1500Optionally specifies additional text to append to the SSH protocol banner 1498Optionally specifies additional text to append to the SSH protocol banner
1501sent by the server upon connection. 1499sent by the server upon connection.
@@ -1644,13 +1642,13 @@ The username.
1644.El 1642.El
1645.Pp 1643.Pp
1646.Cm AuthorizedKeysCommand 1644.Cm AuthorizedKeysCommand
1647accepts the tokens %%, %f, %h, %t, and %u. 1645accepts the tokens %%, %f, %h, %k, %t, and %u.
1648.Pp 1646.Pp
1649.Cm AuthorizedKeysFile 1647.Cm AuthorizedKeysFile
1650accepts the tokens %%, %h, and %u. 1648accepts the tokens %%, %h, and %u.
1651.Pp 1649.Pp
1652.Cm AuthorizedPrincipalsCommand 1650.Cm AuthorizedPrincipalsCommand
1653accepts the tokens %%, %F, %f, %K, %k, %h, %i, %s, %T, %t, and %u. 1651accepts the tokens %%, %F, %f, %h, %i, %K, %k, %s, %T, %t, and %u.
1654.Pp 1652.Pp
1655.Cm AuthorizedPrincipalsFile 1653.Cm AuthorizedPrincipalsFile
1656accepts the tokens %%, %h, and %u. 1654accepts the tokens %%, %h, and %u.
diff --git a/sshkey.c b/sshkey.c
index c01da6c39..53a7674b5 100644
--- a/sshkey.c
+++ b/sshkey.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshkey.c,v 1.41 2016/10/24 01:09:17 dtucker Exp $ */ 1/* $OpenBSD: sshkey.c,v 1.45 2017/03/10 04:07:20 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
4 * Copyright (c) 2008 Alexander von Gernler. All rights reserved. 4 * Copyright (c) 2008 Alexander von Gernler. All rights reserved.
@@ -89,7 +89,9 @@ static const struct keytype keytypes[] = {
89 { "ssh-ed25519-cert-v01@openssh.com", "ED25519-CERT", 89 { "ssh-ed25519-cert-v01@openssh.com", "ED25519-CERT",
90 KEY_ED25519_CERT, 0, 1, 0 }, 90 KEY_ED25519_CERT, 0, 1, 0 },
91#ifdef WITH_OPENSSL 91#ifdef WITH_OPENSSL
92# ifdef WITH_SSH1
92 { NULL, "RSA1", KEY_RSA1, 0, 0, 0 }, 93 { NULL, "RSA1", KEY_RSA1, 0, 0, 0 },
94# endif
93 { "ssh-rsa", "RSA", KEY_RSA, 0, 0, 0 }, 95 { "ssh-rsa", "RSA", KEY_RSA, 0, 0, 0 },
94 { "rsa-sha2-256", "RSA", KEY_RSA, 0, 0, 1 }, 96 { "rsa-sha2-256", "RSA", KEY_RSA, 0, 0, 1 },
95 { "rsa-sha2-512", "RSA", KEY_RSA, 0, 0, 1 }, 97 { "rsa-sha2-512", "RSA", KEY_RSA, 0, 0, 1 },
@@ -195,14 +197,16 @@ sshkey_ecdsa_nid_from_name(const char *name)
195} 197}
196 198
197char * 199char *
198sshkey_alg_list(int certs_only, int plain_only, char sep) 200sshkey_alg_list(int certs_only, int plain_only, int include_sigonly, char sep)
199{ 201{
200 char *tmp, *ret = NULL; 202 char *tmp, *ret = NULL;
201 size_t nlen, rlen = 0; 203 size_t nlen, rlen = 0;
202 const struct keytype *kt; 204 const struct keytype *kt;
203 205
204 for (kt = keytypes; kt->type != -1; kt++) { 206 for (kt = keytypes; kt->type != -1; kt++) {
205 if (kt->name == NULL || kt->sigonly) 207 if (kt->name == NULL)
208 continue;
209 if (!include_sigonly && kt->sigonly)
206 continue; 210 continue;
207 if ((certs_only && !kt->cert) || (plain_only && kt->cert)) 211 if ((certs_only && !kt->cert) || (plain_only && kt->cert))
208 continue; 212 continue;
@@ -1237,6 +1241,9 @@ sshkey_read(struct sshkey *ret, char **cpp)
1237 u_long bits; 1241 u_long bits;
1238#endif /* WITH_SSH1 */ 1242#endif /* WITH_SSH1 */
1239 1243
1244 if (ret == NULL)
1245 return SSH_ERR_INVALID_ARGUMENT;
1246
1240 cp = *cpp; 1247 cp = *cpp;
1241 1248
1242 switch (ret->type) { 1249 switch (ret->type) {
@@ -3786,7 +3793,46 @@ sshkey_parse_private_pem_fileblob(struct sshbuf *blob, int type,
3786 3793
3787 if ((pk = PEM_read_bio_PrivateKey(bio, NULL, NULL, 3794 if ((pk = PEM_read_bio_PrivateKey(bio, NULL, NULL,
3788 (char *)passphrase)) == NULL) { 3795 (char *)passphrase)) == NULL) {
3789 r = SSH_ERR_KEY_WRONG_PASSPHRASE; 3796 unsigned long pem_err = ERR_peek_last_error();
3797 int pem_reason = ERR_GET_REASON(pem_err);
3798
3799 /*
3800 * Translate OpenSSL error codes to determine whether
3801 * passphrase is required/incorrect.
3802 */
3803 switch (ERR_GET_LIB(pem_err)) {
3804 case ERR_LIB_PEM:
3805 switch (pem_reason) {
3806 case PEM_R_BAD_PASSWORD_READ:
3807 case PEM_R_PROBLEMS_GETTING_PASSWORD:
3808 case PEM_R_BAD_DECRYPT:
3809 r = SSH_ERR_KEY_WRONG_PASSPHRASE;
3810 goto out;
3811 default:
3812 r = SSH_ERR_INVALID_FORMAT;
3813 goto out;
3814 }
3815 case ERR_LIB_EVP:
3816 switch (pem_reason) {
3817 case EVP_R_BAD_DECRYPT:
3818 r = SSH_ERR_KEY_WRONG_PASSPHRASE;
3819 goto out;
3820 case EVP_R_BN_DECODE_ERROR:
3821 case EVP_R_DECODE_ERROR:
3822#ifdef EVP_R_PRIVATE_KEY_DECODE_ERROR
3823 case EVP_R_PRIVATE_KEY_DECODE_ERROR:
3824#endif
3825 r = SSH_ERR_INVALID_FORMAT;
3826 goto out;
3827 default:
3828 r = SSH_ERR_LIBCRYPTO_ERROR;
3829 goto out;
3830 }
3831 case ERR_LIB_ASN1:
3832 r = SSH_ERR_INVALID_FORMAT;
3833 goto out;
3834 }
3835 r = SSH_ERR_LIBCRYPTO_ERROR;
3790 goto out; 3836 goto out;
3791 } 3837 }
3792 if (pk->type == EVP_PKEY_RSA && 3838 if (pk->type == EVP_PKEY_RSA &&
@@ -3860,6 +3906,8 @@ int
3860sshkey_parse_private_fileblob_type(struct sshbuf *blob, int type, 3906sshkey_parse_private_fileblob_type(struct sshbuf *blob, int type,
3861 const char *passphrase, struct sshkey **keyp, char **commentp) 3907 const char *passphrase, struct sshkey **keyp, char **commentp)
3862{ 3908{
3909 int r = SSH_ERR_INTERNAL_ERROR;
3910
3863 if (keyp != NULL) 3911 if (keyp != NULL)
3864 *keyp = NULL; 3912 *keyp = NULL;
3865 if (commentp != NULL) 3913 if (commentp != NULL)
@@ -3882,9 +3930,11 @@ sshkey_parse_private_fileblob_type(struct sshbuf *blob, int type,
3882 return sshkey_parse_private2(blob, type, passphrase, 3930 return sshkey_parse_private2(blob, type, passphrase,
3883 keyp, commentp); 3931 keyp, commentp);
3884 case KEY_UNSPEC: 3932 case KEY_UNSPEC:
3885 if (sshkey_parse_private2(blob, type, passphrase, keyp, 3933 r = sshkey_parse_private2(blob, type, passphrase, keyp,
3886 commentp) == 0) 3934 commentp);
3887 return 0; 3935 /* Do not fallback to PEM parser if only passphrase is wrong. */
3936 if (r == 0 || r == SSH_ERR_KEY_WRONG_PASSPHRASE)
3937 return r;
3888#ifdef WITH_OPENSSL 3938#ifdef WITH_OPENSSL
3889 return sshkey_parse_private_pem_fileblob(blob, type, 3939 return sshkey_parse_private_pem_fileblob(blob, type,
3890 passphrase, keyp); 3940 passphrase, keyp);
diff --git a/sshkey.h b/sshkey.h
index f39363842..1b9e42f45 100644
--- a/sshkey.h
+++ b/sshkey.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshkey.h,v 1.14 2016/09/12 23:31:27 djm Exp $ */ 1/* $OpenBSD: sshkey.h,v 1.15 2017/03/10 04:07:20 djm Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. 4 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
@@ -156,7 +156,7 @@ int sshkey_ec_validate_private(const EC_KEY *);
156const char *sshkey_ssh_name(const struct sshkey *); 156const char *sshkey_ssh_name(const struct sshkey *);
157const char *sshkey_ssh_name_plain(const struct sshkey *); 157const char *sshkey_ssh_name_plain(const struct sshkey *);
158int sshkey_names_valid2(const char *, int); 158int sshkey_names_valid2(const char *, int);
159char *sshkey_alg_list(int, int, char); 159char *sshkey_alg_list(int, int, int, char);
160 160
161int sshkey_from_blob(const u_char *, size_t, struct sshkey **); 161int sshkey_from_blob(const u_char *, size_t, struct sshkey **);
162int sshkey_fromb(struct sshbuf *, struct sshkey **); 162int sshkey_fromb(struct sshbuf *, struct sshkey **);
diff --git a/utf8.c b/utf8.c
index 87fa9e89a..dead79b8a 100644
--- a/utf8.c
+++ b/utf8.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: utf8.c,v 1.3 2016/05/30 12:57:21 schwarze Exp $ */ 1/* $OpenBSD: utf8.c,v 1.5 2017/02/19 00:10:57 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org> 3 * Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
4 * 4 *
@@ -60,7 +60,8 @@ dangerous_locale(void) {
60 char *loc; 60 char *loc;
61 61
62 loc = nl_langinfo(CODESET); 62 loc = nl_langinfo(CODESET);
63 return strcmp(loc, "US-ASCII") && strcmp(loc, "UTF-8"); 63 return strcmp(loc, "US-ASCII") != 0 && strcmp(loc, "UTF-8") != 0 &&
64 strcmp(loc, "ANSI_X3.4-1968") != 0 && strcmp(loc, "646") != 0;
64} 65}
65 66
66static int 67static int
@@ -116,6 +117,7 @@ vasnmprintf(char **str, size_t maxsz, int *wp, const char *fmt, va_list ap)
116 sz = strlen(src) + 1; 117 sz = strlen(src) + 1;
117 if ((dst = malloc(sz)) == NULL) { 118 if ((dst = malloc(sz)) == NULL) {
118 free(src); 119 free(src);
120 ret = -1;
119 goto fail; 121 goto fail;
120 } 122 }
121 123
diff --git a/version.h b/version.h
index 269ebcdaf..c86e2097c 100644
--- a/version.h
+++ b/version.h
@@ -1,6 +1,6 @@
1/* $OpenBSD: version.h,v 1.78 2016/12/19 04:55:51 djm Exp $ */ 1/* $OpenBSD: version.h,v 1.79 2017/03/20 01:18:59 djm Exp $ */
2 2
3#define SSH_VERSION "OpenSSH_7.4" 3#define SSH_VERSION "OpenSSH_7.5"
4 4
5#define SSH_PORTABLE "p1" 5#define SSH_PORTABLE "p1"
6#define SSH_RELEASE SSH_VERSION SSH_PORTABLE 6#define SSH_RELEASE SSH_VERSION SSH_PORTABLE