12 files changed, 126 insertions, 27 deletions
diff --git a/ChangeLog b/ChangeLog
index 8387604d1..c63e20675 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -6,6 +6,15 @@
     [auth-passwd.c]
     auth_usercheck(3) can return NULL, so check for that. Report from
     mpech@. ok markus@
+   - markus@cvs.openbsd.org 2005/07/25 11:59:40
+     [kex.c kex.h myproposal.h packet.c packet.h servconf.c session.c]
+     [sshconnect2.c sshd.c sshd_config sshd_config.5]
+     add a new compression method that delays compression until the user
+     has been authenticated successfully and set compression to 'delayed'
+     for sshd.
+     this breaks older openssh clients (< 3.5) if they insist on
+     compression, so you have to re-enable compression in sshd_config.
+     ok djm@
 20050725
 - (dtucker) [configure.ac] Update zlib version check for CAN-2005-2096.
@@ -2870,4 +2879,4 @@
   - (djm) Trim deprecated options from INSTALL. Mention UsePAM
   - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
-$Id: ChangeLog,v 1.3856 2005/07/26 11:54:11 djm Exp $
+$Id: ChangeLog,v 1.3857 2005/07/26 11:54:56 djm Exp $
diff --git a/kex.c b/kex.c
index 06a3ad4cc..5dce335fe 100644
--- a/kex.c
+++ b/kex.c
@@ -23,7 +23,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: kex.c,v 1.63 2005/07/17 07:17:55 djm Exp $");
+RCSID("$OpenBSD: kex.c,v 1.64 2005/07/25 11:59:39 markus Exp $");
 #include <openssl/crypto.h>
@@ -275,10 +275,12 @@ choose_comp(Comp *comp, char *client, char *server)
        char *name = match_list(client, server, NULL);
        if (name == NULL)
                fatal("no matching comp found: client %s server %s", client, server);
-        if (strcmp(name, "zlib") == 0) {
+        if (strcmp(name, "zlib@openssh.com") == 0) {
-                comp->type = 1;
+                comp->type = COMP_DELAYED;
+        } else if (strcmp(name, "zlib") == 0) {
+                comp->type = COMP_ZLIB;
        } else if (strcmp(name, "none") == 0) {
-                comp->type = 0;
+                comp->type = COMP_NONE;
        } else {
                fatal("unsupported comp %s", name);
        }
diff --git a/kex.h b/kex.h
index 059d83cd5..3024a2717 100644
--- a/kex.h
+++ b/kex.h
@@ -1,4 +1,4 @@
-/*      $OpenBSD: kex.h,v 1.36 2005/06/17 02:44:32 djm Exp $    */
+/*      $OpenBSD: kex.h,v 1.37 2005/07/25 11:59:39 markus Exp $ */
 /*
 * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
@@ -35,6 +35,10 @@
 #define KEX_DH14        "diffie-hellman-group14-sha1"
 #define KEX_DHGEX       "diffie-hellman-group-exchange-sha1"
+#define COMP_NONE       0
+#define COMP_ZLIB       1
+#define COMP_DELAYED    2
 enum kex_init_proposals {
        PROPOSAL_KEX_ALGS,
        PROPOSAL_SERVER_HOST_KEY_ALGS,
diff --git a/myproposal.h b/myproposal.h
index 2edbe1624..d8cba1caf 100644
--- a/myproposal.h
+++ b/myproposal.h
@@ -1,4 +1,4 @@
-/*      $OpenBSD: myproposal.h,v 1.17 2005/05/23 23:32:46 djm Exp $     */
+/*      $OpenBSD: myproposal.h,v 1.18 2005/07/25 11:59:39 markus Exp $  */
 /*
 * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -36,7 +36,7 @@
        "hmac-md5,hmac-sha1,hmac-ripemd160," \
        "hmac-ripemd160@openssh.com," \
        "hmac-sha1-96,hmac-md5-96"
-#define KEX_DEFAULT_COMP        "none,zlib"
+#define KEX_DEFAULT_COMP        "none,zlib@openssh.com,zlib"
 #define KEX_DEFAULT_LANG        ""
diff --git a/packet.c b/packet.c
index d5b50f2f4..c855970fc 100644
--- a/packet.c
+++ b/packet.c
@@ -37,7 +37,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: packet.c,v 1.117 2005/06/17 02:44:32 djm Exp $");
+RCSID("$OpenBSD: packet.c,v 1.118 2005/07/25 11:59:39 markus Exp $");
 #include "openbsd-compat/sys-queue.h"
@@ -116,6 +116,12 @@ static int initialized = 0;
 /* Set to true if the connection is interactive. */
 static int interactive_mode = 0;
+/* Set to true if we are the server side. */
+static int server_side = 0;
+/* Set to true if we are authenticated. */
+static int after_authentication = 0;
 /* Session key information for Encryption and MAC */
 Newkeys *newkeys[MODE_MAX];
 static struct packet_state {
@@ -624,7 +630,9 @@ set_newkeys(int mode)
        /* Deleting the keys does not gain extra security */
        /* memset(enc->iv,  0, enc->block_size);
           memset(enc->key, 0, enc->key_len); */
-        if (comp->type != 0 && comp->enabled == 0) {
+        if ((comp->type == COMP_ZLIB ||
+            (comp->type == COMP_DELAYED && after_authentication)) &&
+            comp->enabled == 0) {
                packet_init_compression();
                if (mode == MODE_OUT)
                        buffer_compress_init_send(6);
@@ -645,6 +653,34 @@ set_newkeys(int mode)
 }
 /*
+ * Delayed compression for SSH2 is enabled after authentication:
+ * This happans on the server side after a SSH2_MSG_USERAUTH_SUCCESS is sent,
+ * and on the client side after a SSH2_MSG_USERAUTH_SUCCESS is received.
+ */
+static void
+packet_enable_delayed_compress(void)
+{
+        Comp *comp = NULL;
+        int mode;
+        /*
+         * Remember that we are past the authentication step, so rekeying
+         * with COMP_DELAYED will turn on compression immediately.
+         */
+        after_authentication = 1;
+        for (mode = 0; mode < MODE_MAX; mode++) {
+                comp = &newkeys[mode]->comp;
+                if (comp && !comp->enabled && comp->type == COMP_DELAYED) {
+                        if (mode == MODE_OUT)
+                                buffer_compress_init_send(6);
+                        else
+                                buffer_compress_init_recv();
+                        comp->enabled = 1;
+                }
+        }
+}
+/*
 * Finalize packet in SSH2 format (compress, mac, encrypt, enqueue)
 */
 static void
@@ -757,6 +793,8 @@ packet_send2_wrapped(void)
        if (type == SSH2_MSG_NEWKEYS)
                set_newkeys(MODE_OUT);
+        else if (type == SSH2_MSG_USERAUTH_SUCCESS && server_side)
+                packet_enable_delayed_compress();
 }
 static void
@@ -1099,6 +1137,8 @@ packet_read_poll2(u_int32_t *seqnr_p)
                packet_disconnect("Invalid ssh2 packet type: %d", type);
        if (type == SSH2_MSG_NEWKEYS)
                set_newkeys(MODE_IN);
+        else if (type == SSH2_MSG_USERAUTH_SUCCESS && !server_side)
+                packet_enable_delayed_compress();
 #ifdef PACKET_DEBUG
        fprintf(stderr, "read/plain[%d]:\r\n", type);
        buffer_dump(&incoming_packet);
@@ -1524,3 +1564,15 @@ packet_set_rekey_limit(u_int32_t bytes)
 {
        rekey_limit = bytes;
 }
+void
+packet_set_server(void)
+{
+        server_side = 1;
+}
+void
+packet_set_authenticated(void)
+{
+        after_authentication = 1;
+}
diff --git a/packet.h b/packet.h
index 1ab6d8572..8c23646aa 100644
--- a/packet.h
+++ b/packet.h
@@ -1,4 +1,4 @@
-/*      $OpenBSD: packet.h,v 1.42 2005/06/17 02:44:33 djm Exp $ */
+/*      $OpenBSD: packet.h,v 1.43 2005/07/25 11:59:40 markus Exp $      */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -30,6 +30,8 @@ u_int	 packet_get_protocol_flags(void);
 void     packet_start_compression(int);
 void     packet_set_interactive(int);
 int      packet_is_interactive(void);
+void     packet_set_server(void);
+void     packet_set_authenticated(void);
 void     packet_start(u_char);
 void     packet_put_char(int ch);
diff --git a/servconf.c b/servconf.c
index deec167be..7ef7b234e 100644
--- a/servconf.c
+++ b/servconf.c
@@ -10,7 +10,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: servconf.c,v 1.142 2005/06/17 02:44:33 djm Exp $");
+RCSID("$OpenBSD: servconf.c,v 1.143 2005/07/25 11:59:40 markus Exp $");
 #include "ssh.h"
 #include "log.h"
@@ -201,7 +201,7 @@ fill_default_server_options(ServerOptions *options)
        if (options->use_login == -1)
                options->use_login = 0;
        if (options->compression == -1)
-                options->compression = 1;
+                options->compression = COMP_DELAYED;
        if (options->allow_tcp_forwarding == -1)
                options->allow_tcp_forwarding = 1;
        if (options->gateway_ports == -1)
@@ -725,7 +725,23 @@ parse_flag:
        case sCompression:
                intptr = &options->compression;
-                goto parse_flag;
+                arg = strdelim(&cp);
+                if (!arg || *arg == '\0')
+                        fatal("%s line %d: missing yes/no/delayed "
+                            "argument.", filename, linenum);
+                value = 0;      /* silence compiler */
+                if (strcmp(arg, "delayed") == 0)
+                        value = COMP_DELAYED;
+                else if (strcmp(arg, "yes") == 0)
+                        value = COMP_ZLIB;
+                else if (strcmp(arg, "no") == 0)
+                        value = COMP_NONE;
+                else
+                        fatal("%s line %d: Bad yes/no/delayed "
+                            "argument: %s", filename, linenum, arg);
+                if (*intptr == -1)
+                        *intptr = value;
+                break;
        case sGatewayPorts:
                intptr = &options->gateway_ports;
diff --git a/session.c b/session.c
index 171c239e2..95084aec6 100644
--- a/session.c
+++ b/session.c
@@ -33,7 +33,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: session.c,v 1.185 2005/07/17 07:17:55 djm Exp $");
+RCSID("$OpenBSD: session.c,v 1.186 2005/07/25 11:59:40 markus Exp $");
 #include "ssh.h"
 #include "ssh1.h"
@@ -56,6 +56,7 @@ RCSID("$OpenBSD: session.c,v 1.185 2005/07/17 07:17:55 djm Exp $");
 #include "serverloop.h"
 #include "canohost.h"
 #include "session.h"
+#include "kex.h"
 #include "monitor_wrap.h"
 #if defined(KRB5) && defined(USE_AFS)
@@ -272,7 +273,7 @@ do_authenticated1(Authctxt *authctxt)
                                    compression_level);
                                break;
                        }
-                        if (!options.compression) {
+                        if (options.compression == COMP_NONE) {
                                debug2("compression disabled");
                                break;
                        }
diff --git a/sshconnect2.c b/sshconnect2.c
index 012ce2b42..baee664ea 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -23,7 +23,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.140 2005/07/17 07:17:55 djm Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.141 2005/07/25 11:59:40 markus Exp $");
 #include "openbsd-compat/sys-queue.h"
@@ -101,10 +101,10 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
            compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_STOC]);
        if (options.compression) {
                myproposal[PROPOSAL_COMP_ALGS_CTOS] =
-                myproposal[PROPOSAL_COMP_ALGS_STOC] = "zlib,none";
+                myproposal[PROPOSAL_COMP_ALGS_STOC] = "zlib@openssh.com,zlib,none";
        } else {
                myproposal[PROPOSAL_COMP_ALGS_CTOS] =
-                myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib";
+                myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib@openssh.com,zlib";
        }
        if (options.macs != NULL) {
                myproposal[PROPOSAL_MAC_ALGS_CTOS] =
diff --git a/sshd.c b/sshd.c
index 40da37513..92aa9bbd2 100644
--- a/sshd.c
+++ b/sshd.c
@@ -42,7 +42,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.311 2005/06/17 02:44:33 djm Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.312 2005/07/25 11:59:40 markus Exp $");
 #include <openssl/dh.h>
 #include <openssl/bn.h>
@@ -671,6 +671,12 @@ privsep_postauth(Authctxt *authctxt)
        /* It is safe now to apply the key state */
        monitor_apply_keystate(pmonitor);
+        /*
+         * Tell the packet layer that authentication was successful, since
+         * this information is not part of the key state.
+         */
+        packet_set_authenticated();
 }
 static char *
@@ -1621,6 +1627,7 @@ main(int ac, char **av)
         * not have a key.
         */
        packet_set_connection(sock_in, sock_out);
+        packet_set_server();
        /* Set SO_KEEPALIVE if requested. */
        if (options.tcp_keep_alive && packet_connection_is_on_socket() &&
@@ -1988,10 +1995,14 @@ do_ssh2_kex(void)
                myproposal[PROPOSAL_MAC_ALGS_CTOS] =
                myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
        }
-        if (!options.compression) {
+        if (options.compression == COMP_NONE) {
                myproposal[PROPOSAL_COMP_ALGS_CTOS] =
                myproposal[PROPOSAL_COMP_ALGS_STOC] = "none";
+        } else if (options.compression == COMP_DELAYED) {
+                myproposal[PROPOSAL_COMP_ALGS_CTOS] =
+                myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib@openssh.com";
        }
+        
        myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types();
        /* start key exchange */
diff --git a/sshd_config b/sshd_config
index 2c3afb920..1440c05ff 100644
--- a/sshd_config
+++ b/sshd_config
@@ -1,4 +1,4 @@
-#       $OpenBSD: sshd_config,v 1.71 2005/05/19 02:40:52 djm Exp $
+#       $OpenBSD: sshd_config,v 1.72 2005/07/25 11:59:40 markus Exp $
 # This is the sshd server system-wide configuration file.  See
 # sshd_config(5) for more information.
@@ -90,7 +90,7 @@
 #UseLogin no
 #UsePrivilegeSeparation yes
 #PermitUserEnvironment no
-#Compression yes
+#Compression delayed
 #ClientAliveInterval 0
 #ClientAliveCountMax 3
 #UseDNS yes
diff --git a/sshd_config.5 b/sshd_config.5
index cec2a2382..048e8924e 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.43 2005/05/23 23:32:46 djm Exp $
+.\" $OpenBSD: sshd_config.5,v 1.44 2005/07/25 11:59:40 markus Exp $
 .Dd September 25, 1999
 .Dt SSHD_CONFIG 5
 .Os
@@ -217,13 +217,15 @@ The default
 is 0, indicating that these messages will not be sent to the client.
 This option applies to protocol version 2 only.
 .It Cm Compression
-Specifies whether compression is allowed.
+Specifies whether compression is allowed, or delayed until
+the user has authenticated successfully.
 The argument must be
-.Dq yes
+.Dq yes ,
+.Dq delayed ,
 or
 .Dq no .
 The default is
-.Dq yes .
+.Dq delayed .
 .It Cm DenyGroups
 This keyword can be followed by a list of group name patterns, separated
 by spaces.