summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--.cvsignore29
-rw-r--r--ChangeLog4332
-rw-r--r--ChangeLog.gssapi20
-rw-r--r--Makefile.in7
-rw-r--r--PROTOCOL13
-rw-r--r--README4
-rw-r--r--addrmatch.c7
-rw-r--r--auth-options.c6
-rw-r--r--auth.c2
-rw-r--r--auth.h6
-rw-r--r--auth2-chall.c10
-rw-r--r--auth2-gss.c11
-rw-r--r--auth2-jpake.c557
-rw-r--r--auth2.c13
-rw-r--r--canohost.c4
-rw-r--r--canohost.h4
-rw-r--r--channels.c187
-rw-r--r--channels.h8
-rw-r--r--cipher.c49
-rw-r--r--cipher.h3
-rw-r--r--clientloop.c55
-rw-r--r--compat.c2
-rw-r--r--compat.h2
-rw-r--r--config.h.in9
-rwxr-xr-xconfigure399
-rw-r--r--configure.ac46
-rw-r--r--contrib/caldera/openssh.spec8
-rwxr-xr-xcontrib/caldera/ssh-host-keygen10
-rw-r--r--contrib/caldera/sshd.pam2
-rw-r--r--contrib/cygwin/Makefile4
-rw-r--r--contrib/cygwin/ssh-host-config241
-rw-r--r--contrib/redhat/openssh.spec4
-rw-r--r--contrib/redhat/sshd.pam2
-rw-r--r--contrib/sshd.pam.generic2
-rw-r--r--contrib/suse/openssh.spec4
-rw-r--r--contrib/suse/rc.sshd6
-rw-r--r--debian/changelog31
-rw-r--r--defines.h8
-rw-r--r--dispatch.c3
-rw-r--r--gss-genr.c116
-rw-r--r--gss-serv-krb5.c70
-rw-r--r--gss-serv.c161
-rw-r--r--jpake.c604
-rw-r--r--jpake.h134
-rw-r--r--kex.c2
-rw-r--r--kex.h1
-rw-r--r--kexgexs.c27
-rw-r--r--kexgssc.c25
-rw-r--r--kexgsss.c25
-rw-r--r--key.c7
-rw-r--r--loginrec.c139
-rw-r--r--misc.c27
-rw-r--r--moduli.02
-rw-r--r--monitor.c288
-rw-r--r--monitor.h10
-rw-r--r--monitor_fdpass.c29
-rw-r--r--monitor_wrap.c191
-rw-r--r--monitor_wrap.h25
-rw-r--r--myproposal.h9
-rw-r--r--nchan.c10
-rw-r--r--openbsd-compat/.cvsignore1
-rw-r--r--openbsd-compat/bsd-poll.c5
-rw-r--r--openbsd-compat/port-uw.c4
-rw-r--r--openbsd-compat/xcrypt.c2
-rw-r--r--openbsd-compat/xmmap.c5
-rw-r--r--packet.c72
-rw-r--r--pathnames.h10
-rw-r--r--readconf.c145
-rw-r--r--readconf.h13
-rw-r--r--regress/conch-ciphers.sh3
-rw-r--r--regress/putty-ciphers.sh7
-rw-r--r--regress/putty-kex.sh3
-rw-r--r--regress/putty-transfer.sh3
-rw-r--r--scard/.cvsignore2
-rw-r--r--schnorr.c409
-rw-r--r--scp.02
-rw-r--r--scp.c4
-rw-r--r--servconf.c66
-rw-r--r--servconf.h13
-rw-r--r--serverloop.c18
-rw-r--r--session.c18
-rw-r--r--sftp-server-main.c5
-rw-r--r--sftp-server.02
-rw-r--r--sftp.08
-rw-r--r--sftp.115
-rw-r--r--sftp.c81
-rw-r--r--ssh-add.02
-rw-r--r--ssh-agent.02
-rw-r--r--ssh-gss.h28
-rw-r--r--ssh-keygen.04
-rw-r--r--ssh-keygen.15
-rw-r--r--ssh-keygen.c18
-rw-r--r--ssh-keyscan.06
-rw-r--r--ssh-keyscan.18
-rw-r--r--ssh-keyscan.c9
-rw-r--r--ssh-keysign.02
-rw-r--r--ssh-rand-helper.02
-rw-r--r--ssh.020
-rw-r--r--ssh.123
-rw-r--r--ssh.c55
-rw-r--r--ssh2.h9
-rw-r--r--ssh_config5
-rw-r--r--ssh_config.025
-rw-r--r--ssh_config.548
-rw-r--r--sshconnect.c10
-rw-r--r--sshconnect2.c353
-rw-r--r--sshd.05
-rw-r--r--sshd.86
-rw-r--r--sshd.c13
-rw-r--r--sshd_config.021
-rw-r--r--sshd_config.521
-rw-r--r--sshpty.c9
-rw-r--r--ttymodes.c7
-rw-r--r--uidswap.c10
-rw-r--r--version.h4
115 files changed, 4998 insertions, 4660 deletions
diff --git a/.cvsignore b/.cvsignore
deleted file mode 100644
index b893c972d..000000000
--- a/.cvsignore
+++ /dev/null
@@ -1,29 +0,0 @@
1*.0
2*.out
3Makefile
4autom4te.cache
5buildit.sh
6buildpkg.sh
7config.cache
8config.h
9config.h.in
10config.log
11config.status
12configure
13openssh.xml
14opensshd.init
15scp
16sftp
17sftp-server
18ssh
19ssh-add
20ssh-agent
21ssh-keygen
22ssh-keyscan
23ssh-keysign
24ssh-rand-helper
25ssh_prng_cmds
26sshd
27stamp-h.in
28survey
29survey.sh
diff --git a/ChangeLog b/ChangeLog
index 3d08a80d3..f802c0d7f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,497 @@
120090223
2 - (djm) OpenBSD CVS Sync
3 - djm@cvs.openbsd.org 2009/02/22 23:50:57
4 [ssh_config.5 sshd_config.5]
5 don't advertise experimental options
6 - djm@cvs.openbsd.org 2009/02/22 23:59:25
7 [sshd_config.5]
8 missing period
9 - djm@cvs.openbsd.org 2009/02/23 00:06:15
10 [version.h]
11 openssh-5.2
12 - (djm) [README] update for 5.2
13 - (djm) Release openssh-5.2p1
14
1520090222
16 - (djm) OpenBSD CVS Sync
17 - tobias@cvs.openbsd.org 2009/02/21 19:32:04
18 [misc.c sftp-server-main.c ssh-keygen.c]
19 Added missing newlines in error messages.
20 ok dtucker
21
2220090221
23 - (djm) OpenBSD CVS Sync
24 - djm@cvs.openbsd.org 2009/02/17 01:28:32
25 [ssh_config]
26 sync with revised default ciphers; pointed out by dkrause@
27 - djm@cvs.openbsd.org 2009/02/18 04:31:21
28 [schnorr.c]
29 signature should hash over the entire group, not just the generator
30 (this is still disabled code)
31 - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
32 [contrib/suse/openssh.spec] Prepare for 5.2p1
33
3420090216
35 - (djm) [regress/conch-ciphers.sh regress/putty-ciphers.sh]
36 [regress/putty-kex.sh regress/putty-transfer.sh] Downgrade disabled
37 interop tests from FATAL error to a warning. Allows some interop
38 tests to proceed if others are missing necessary prerequisites.
39 - (djm) [configure.ac] support GNU/kFreeBSD and GNU/kOpensolaris
40 systems; patch from Aurelien Jarno via rmh AT aybabtu.com
41
4220090214
43 - (djm) OpenBSD CVS Sync
44 - dtucker@cvs.openbsd.org 2009/02/02 11:15:14
45 [sftp.c]
46 Initialize a few variables to prevent spurious "may be used
47 uninitialized" warnings from newer gcc's. ok djm@
48 - djm@cvs.openbsd.org 2009/02/12 03:00:56
49 [canohost.c canohost.h channels.c channels.h clientloop.c readconf.c]
50 [readconf.h serverloop.c ssh.c]
51 support remote port forwarding with a zero listen port (-R0:...) to
52 dyamically allocate a listen port at runtime (this is actually
53 specified in rfc4254); bz#1003 ok markus@
54 - djm@cvs.openbsd.org 2009/02/12 03:16:01
55 [serverloop.c]
56 tighten check for -R0:... forwarding: only allow dynamic allocation
57 if want_reply is set in the packet
58 - djm@cvs.openbsd.org 2009/02/12 03:26:22
59 [monitor.c]
60 some paranoia: check that the serialised key is really KEY_RSA before
61 diddling its internals
62 - djm@cvs.openbsd.org 2009/02/12 03:42:09
63 [ssh.1]
64 document -R0:... usage
65 - djm@cvs.openbsd.org 2009/02/12 03:44:25
66 [ssh.1]
67 consistency: Dq => Ql
68 - djm@cvs.openbsd.org 2009/02/12 03:46:17
69 [ssh_config.5]
70 document RemoteForward usage with 0 listen port
71 - jmc@cvs.openbsd.org 2009/02/12 07:34:20
72 [ssh_config.5]
73 kill trailing whitespace;
74 - markus@cvs.openbsd.org 2009/02/13 11:50:21
75 [packet.c]
76 check for enc !=NULL in packet_start_discard
77 - djm@cvs.openbsd.org 2009/02/14 06:35:49
78 [PROTOCOL]
79 mention that eow and no-more-sessions extensions are sent only to
80 OpenSSH peers
81
8220090212
83 - (djm) [sshpty.c] bz#1419: OSX uses cloning ptys that automagically
84 set ownership and modes, so avoid explicitly setting them
85 - (djm) [configure.ac loginrec.c] bz#1421: fix lastlog support for OSX.
86 OSX provides a getlastlogxbyname function that automates the reading of
87 a lastlog file. Also, the pututxline function will update lastlog so
88 there is no need for loginrec.c to do it explicitly. Collapse some
89 overly verbose code while I'm in there.
90
9120090201
92 - (dtucker) [defines.h sshconnect.c] INET6_ADDRSTRLEN is now needed in
93 channels.c too, so move the definition for non-IP6 platforms to defines.h
94 where it can be shared.
95
9620090129
97 - (tim) [contrib/cygwin/ssh-host-config] Patch from Corinna Vinschen.
98 If the CYGWIN environment variable is empty, the installer script
99 should not install the service with an empty CYGWIN variable, but
100 rather without setting CYGWNI entirely.
101 - (tim) [contrib/cygwin/ssh-host-config] Whitespace cleanup. No code changes.
102
10320090128
104 - (tim) [contrib/cygwin/ssh-host-config] Patch from Corinna Vinschen.
105 Changes to work on Cygwin 1.5.x as well as on the new Cygwin 1.7.x.
106 The information given for the setting of the CYGWIN environment variable
107 is wrong for both releases so I just removed it, together with the
108 unnecessary (Cygwin 1.5.x) or wrong (Cygwin 1.7.x) default setting.
109
11020081228
111 - (djm) OpenBSD CVS Sync
112 - stevesk@cvs.openbsd.org 2008/12/09 03:20:42
113 [channels.c servconf.c]
114 channel_print_adm_permitted_opens() should deal with all the printing
115 for that config option. suggested by markus@; ok markus@ djm@
116 dtucker@
117 - djm@cvs.openbsd.org 2008/12/09 04:32:22
118 [auth2-chall.c]
119 replace by-hand string building with xasprinf(); ok deraadt@
120 - sobrado@cvs.openbsd.org 2008/12/09 15:35:00
121 [sftp.1 sftp.c]
122 update for the synopses displayed by the 'help' command, there are a
123 few missing flags; add 'bye' to the output of 'help'; sorting and spacing.
124 jmc@ suggested replacing .Oo/.Oc with a single .Op macro.
125 ok jmc@
126 - stevesk@cvs.openbsd.org 2008/12/09 22:37:33
127 [clientloop.c]
128 fix typo in error message
129 - stevesk@cvs.openbsd.org 2008/12/10 03:55:20
130 [addrmatch.c]
131 o cannot be NULL here but use xfree() to be consistent; ok djm@
132 - stevesk@cvs.openbsd.org 2008/12/29 01:12:36
133 [ssh-keyscan.1]
134 fix example, default key type is rsa for 3+ years; from
135 frederic.perrin@resel.fr
136 - stevesk@cvs.openbsd.org 2008/12/29 02:23:26
137 [pathnames.h]
138 no need to escape single quotes in comments
139 - okan@cvs.openbsd.org 2008/12/30 00:46:56
140 [sshd_config.5]
141 add AllowAgentForwarding to available Match keywords list
142 ok djm
143 - djm@cvs.openbsd.org 2009/01/01 21:14:35
144 [channels.c]
145 call channel destroy callbacks on receipt of open failure messages.
146 fixes client hangs when connecting to a server that has MaxSessions=0
147 set spotted by imorgan AT nas.nasa.gov; ok markus@
148 - djm@cvs.openbsd.org 2009/01/01 21:17:36
149 [kexgexs.c]
150 fix hash calculation for KEXGEX: hash over the original client-supplied
151 values and not the sanity checked versions that we acutally use;
152 bz#1540 reported by john.smith AT arrows.demon.co.uk
153 ok markus@
154 - djm@cvs.openbsd.org 2009/01/14 01:38:06
155 [channels.c]
156 support SOCKS4A protocol, from dwmw2 AT infradead.org via bz#1482;
157 "looks ok" markus@
158 - stevesk@cvs.openbsd.org 2009/01/15 17:38:43
159 [readconf.c]
160 1) use obsolete instead of alias for consistency
161 2) oUserKnownHostsFile not obsolete but oGlobalKnownHostsFile2 is
162 so move the comment.
163 3) reorder so like options are together
164 ok djm@
165 - djm@cvs.openbsd.org 2009/01/22 09:46:01
166 [channels.c channels.h session.c]
167 make Channel->path an allocated string, saving a few bytes here and
168 there and fixing bz#1380 in the process; ok markus@
169 - djm@cvs.openbsd.org 2009/01/22 09:49:57
170 [channels.c]
171 oops! I committed the wrong version of the Channel->path diff,
172 it was missing some tweaks suggested by stevesk@
173 - djm@cvs.openbsd.org 2009/01/22 10:02:34
174 [clientloop.c misc.c readconf.c readconf.h servconf.c servconf.h]
175 [serverloop.c ssh-keyscan.c ssh.c sshd.c]
176 make a2port() return -1 when it encounters an invalid port number
177 rather than 0, which it will now treat as valid (needed for future work)
178 adjust current consumers of a2port() to check its return value is <= 0,
179 which in turn required some things to be converted from u_short => int
180 make use of int vs. u_short consistent in some other places too
181 feedback & ok markus@
182 - djm@cvs.openbsd.org 2009/01/22 10:09:16
183 [auth-options.c]
184 another chunk of a2port() diff that got away. wtfdjm??
185 - djm@cvs.openbsd.org 2009/01/23 07:58:11
186 [myproposal.h]
187 prefer CTR modes and revised arcfour (i.e w/ discard) modes to CBC
188 modes; ok markus@
189 - naddy@cvs.openbsd.org 2009/01/24 17:10:22
190 [ssh_config.5 sshd_config.5]
191 sync list of preferred ciphers; ok djm@
192 - markus@cvs.openbsd.org 2009/01/26 09:58:15
193 [cipher.c cipher.h packet.c]
194 Work around the CPNI-957037 Plaintext Recovery Attack by always
195 reading 256K of data on packet size or HMAC errors (in CBC mode only).
196 Help, feedback and ok djm@
197 Feedback from Martin Albrecht and Paterson Kenny
198
19920090107
200 - (djm) [uidswap.c] bz#1412: Support >16 supplemental groups in OS X.
201 Patch based on one from vgiffin AT apple.com; ok dtucker@
202 - (djm) [channels.c] bz#1419: support "on demand" X11 forwarding via
203 launchd on OS X; patch from vgiffin AT apple.com, slightly tweaked;
204 ok dtucker@
205 - (djm) [contrib/ssh-copy-id.1 contrib/ssh-copy-id] bz#1492: Make
206 ssh-copy-id copy id_rsa.pub by default (instead of the legacy "identity"
207 key). Patch from cjwatson AT debian.org
208
20920090107
210 - (tim) [configure.ac defines.h openbsd-compat/port-uw.c
211 openbsd-compat/xcrypt.c] Add SECUREWARE support to OpenServer 6 SVR5 ABI.
212 OK djm@ dtucker@
213 - (tim) [configure.ac] Move check_for_libcrypt_later=1 in *-*-sysv5*) section.
214 OpenServer 6 doesn't need libcrypt.
215
21620081209
217 - (djm) OpenBSD CVS Sync
218 - djm@cvs.openbsd.org 2008/12/09 02:38:18
219 [clientloop.c]
220 The ~C escape handler does not work correctly for multiplexed sessions -
221 it opens a commandline on the master session, instead of on the slave
222 that requested it. Disable it on slave sessions until such time as it
223 is fixed; bz#1543 report from Adrian Bridgett via Colin Watson
224 ok markus@
225 - djm@cvs.openbsd.org 2008/12/09 02:39:59
226 [sftp.c]
227 Deal correctly with failures in remote stat() operation in sftp,
228 correcting fail-on-error behaviour in batchmode. bz#1541 report and
229 fix from anedvedicky AT gmail.com; ok markus@
230 - djm@cvs.openbsd.org 2008/12/09 02:58:16
231 [readconf.c]
232 don't leave junk (free'd) pointers around in Forward *fwd argument on
233 failure; avoids double-free in ~C -L handler when given an invalid
234 forwarding specification; bz#1539 report from adejong AT debian.org
235 via Colin Watson; ok markus@ dtucker@
236 - djm@cvs.openbsd.org 2008/12/09 03:02:37
237 [sftp.1 sftp.c]
238 correct sftp(1) and corresponding usage syntax;
239 bz#1518 patch from imorgan AT nas.nasa.gov; ok deraadt@ improved diff jmc@
240
24120081208
242 - (djm) [configure.ac] bz#1538: better test for ProPolice/SSP: actually
243 use some stack in main().
244 Report and suggested fix from vapier AT gentoo.org
245 - (djm) OpenBSD CVS Sync
246 - markus@cvs.openbsd.org 2008/12/02 19:01:07
247 [clientloop.c]
248 we have to use the recipient's channel number (RFC 4254) for
249 SSH2_MSG_CHANNEL_SUCCESS/SSH2_MSG_CHANNEL_FAILURE messages,
250 otherwise we trigger 'Non-public channel' error messages on sshd
251 systems with clientkeepalive enabled; noticed by sturm; ok djm;
252 - markus@cvs.openbsd.org 2008/12/02 19:08:59
253 [serverloop.c]
254 backout 1.149, since it's not necessary and openssh clients send
255 broken CHANNEL_FAILURE/SUCCESS messages since about 2004; ok djm@
256 - markus@cvs.openbsd.org 2008/12/02 19:09:38
257 [channels.c]
258 s/remote_id/id/ to be more consistent with other code; ok djm@
259
26020081201
261 - (dtucker) [contrib/cygwin/{Makefile,ssh-host-config}] Add new doc files
262 and tweak the is-sshd-running check in ssh-host-config. Patch from
263 vinschen at redhat com.
264 - (dtucker) OpenBSD CVS Sync
265 - markus@cvs.openbsd.org 2008/11/21 15:47:38
266 [packet.c]
267 packet_disconnect() on padding error, too. should reduce the success
268 probability for the CPNI-957037 Plaintext Recovery Attack to 2^-18
269 ok djm@
270 - dtucker@cvs.openbsd.org 2008/11/30 11:59:26
271 [monitor_fdpass.c]
272 Retry sendmsg/recvmsg on EAGAIN and EINTR; ok djm@
273
27420081123
275 - (dtucker) [monitor_fdpass.c] Reduce diff vs OpenBSD by moving some
276 declarations, removing an unnecessary union member and adding whitespace.
277 cmsgbuf.tmp thing spotted by des at des no, ok djm some time ago.
278
27920081118
280 - (tim) [addrmatch.c configure.ac] Some platforms do not have sin6_scope_id
281 member of sockaddr_in6. Also reported in Bug 1491 by David Leonard. OK and
282 feedback by djm@
283
28420081111
285 - (dtucker) OpenBSD CVS Sync
286 - jmc@cvs.openbsd.org 2008/11/05 11:22:54
287 [servconf.c]
288 passord -> password;
289 fixes user/5975 from Rene Maroufi
290 - stevesk@cvs.openbsd.org 2008/11/07 00:42:12
291 [ssh-keygen.c]
292 spelling/typo in comment
293 - stevesk@cvs.openbsd.org 2008/11/07 18:50:18
294 [nchan.c]
295 add space to some log/debug messages for readability; ok djm@ markus@
296 - dtucker@cvs.openbsd.org 2008/11/07 23:34:48
297 [auth2-jpake.c]
298 Move JPAKE define to make life easier for portable. ok djm@
299 - tobias@cvs.openbsd.org 2008/11/09 12:34:47
300 [session.c ssh.1]
301 typo fixed (overriden -> overridden)
302 ok espie, jmc
303 - stevesk@cvs.openbsd.org 2008/11/11 02:58:09
304 [servconf.c]
305 USE_AFS not referenced so remove #ifdef. fixes sshd -T not printing
306 kerberosgetafstoken. ok dtucker@
307 (Id sync only, we still want the ifdef in portable)
308 - stevesk@cvs.openbsd.org 2008/11/11 03:55:11
309 [channels.c]
310 for sshd -T print 'permitopen any' vs. 'permitopen' for case of no
311 permitopen's; ok and input dtucker@
312 - djm@cvs.openbsd.org 2008/11/10 02:06:35
313 [regress/putty-ciphers.sh]
314 PuTTY supports AES CTR modes, so interop test against them too
315
31620081105
317 - OpenBSD CVS Sync
318 - djm@cvs.openbsd.org 2008/11/03 08:59:41
319 [servconf.c]
320 include MaxSessions in sshd -T output; patch from imorgan AT nas.nasa.gov
321 - djm@cvs.openbsd.org 2008/11/04 07:58:09
322 [auth.c]
323 need unistd.h for close() prototype
324 (ID sync only)
325 - djm@cvs.openbsd.org 2008/11/04 08:22:13
326 [auth.h auth2.c monitor.c monitor.h monitor_wrap.c monitor_wrap.h]
327 [readconf.c readconf.h servconf.c servconf.h ssh2.h ssh_config.5]
328 [sshconnect2.c sshd_config.5 jpake.c jpake.h schnorr.c auth2-jpake.c]
329 [Makefile.in]
330 Add support for an experimental zero-knowledge password authentication
331 method using the J-PAKE protocol described in F. Hao, P. Ryan,
332 "Password Authenticated Key Exchange by Juggling", 16th Workshop on
333 Security Protocols, Cambridge, April 2008.
334
335 This method allows password-based authentication without exposing
336 the password to the server. Instead, the client and server exchange
337 cryptographic proofs to demonstrate of knowledge of the password while
338 revealing nothing useful to an attacker or compromised endpoint.
339
340 This is experimental, work-in-progress code and is presently
341 compiled-time disabled (turn on -DJPAKE in Makefile.inc).
342
343 "just commit it. It isn't too intrusive." deraadt@
344 - stevesk@cvs.openbsd.org 2008/11/04 19:18:00
345 [readconf.c]
346 because parse_forward() is now used to parse all forward types (DLR),
347 and it malloc's space for host variables, we don't need to malloc
348 here. fixes small memory leaks.
349
350 previously dynamic forwards were not parsed in parse_forward() and
351 space was not malloc'd in that case.
352
353 ok djm@
354 - stevesk@cvs.openbsd.org 2008/11/05 03:23:09
355 [clientloop.c ssh.1]
356 add dynamic forward escape command line; ok djm@
357
35820081103
359 - OpenBSD CVS Sync
360 - sthen@cvs.openbsd.org 2008/07/24 23:55:30
361 [ssh-keygen.1]
362 Add "ssh-keygen -F -l" to synopsis (displays fingerprint from
363 known_hosts). ok djm@
364 - grunk@cvs.openbsd.org 2008/07/25 06:56:35
365 [ssh_config]
366 Add VisualHostKey to example file, ok djm@
367 - grunk@cvs.openbsd.org 2008/07/25 07:05:16
368 [key.c]
369 In random art visualization, make sure to use the end marker only at the
370 end. Initial diff by Dirk Loss, tweaks and ok djm@
371 - markus@cvs.openbsd.org 2008/07/31 14:48:28
372 [sshconnect2.c]
373 don't allocate space for empty banners; report t8m at centrum.cz;
374 ok deraadt
375 - krw@cvs.openbsd.org 2008/08/02 04:29:51
376 [ssh_config.5]
377 whitepsace -> whitespace. From Matthew Clarke via bugs@.
378 - djm@cvs.openbsd.org 2008/08/21 04:09:57
379 [session.c]
380 allow ForceCommand internal-sftp with arguments. based on patch from
381 michael.barabanov AT gmail.com; ok markus@
382 - djm@cvs.openbsd.org 2008/09/06 12:24:13
383 [kex.c]
384 OpenSSL 0.9.8h supplies a real EVP_sha256 so we do not need our
385 replacement anymore
386 (ID sync only for portable - we still need this)
387 - markus@cvs.openbsd.org 2008/09/11 14:22:37
388 [compat.c compat.h nchan.c ssh.c]
389 only send eow and no-more-sessions requests to openssh 5 and newer;
390 fixes interop problems with broken ssh v2 implementations; ok djm@
391 - millert@cvs.openbsd.org 2008/10/02 14:39:35
392 [session.c]
393 Convert an unchecked strdup to xstrdup. OK deraadt@
394 - jmc@cvs.openbsd.org 2008/10/03 13:08:12
395 [sshd.8]
396 do not give an example of how to chmod files: we can presume the user
397 knows that. removes an ambiguity in the permission of authorized_keys;
398 ok deraadt
399 - deraadt@cvs.openbsd.org 2008/10/03 23:56:28
400 [sshconnect2.c]
401 Repair strnvis() buffersize of 4*n+1, with termination gauranteed by the
402 function.
403 spotted by des@freebsd, who commited an incorrect fix to the freebsd tree
404 and (as is fairly typical) did not report the problem to us. But this fix
405 is correct.
406 ok djm
407 - djm@cvs.openbsd.org 2008/10/08 23:34:03
408 [ssh.1 ssh.c]
409 Add -y option to force logging via syslog rather than stderr.
410 Useful for daemonised ssh connection (ssh -f). Patch originally from
411 and ok'd by markus@
412 - djm@cvs.openbsd.org 2008/10/09 03:50:54
413 [servconf.c sshd_config.5]
414 support setting PermitEmptyPasswords in a Match block
415 requested in PR3891; ok dtucker@
416 - jmc@cvs.openbsd.org 2008/10/09 06:54:22
417 [ssh.c]
418 add -y to usage();
419 - stevesk@cvs.openbsd.org 2008/10/10 04:55:16
420 [scp.c]
421 spelling in comment; ok djm@
422 - stevesk@cvs.openbsd.org 2008/10/10 05:00:12
423 [key.c]
424 typo in error message; ok djm@
425 - stevesk@cvs.openbsd.org 2008/10/10 16:43:27
426 [ssh_config.5]
427 use 'Privileged ports can be forwarded only when logging in as root on
428 the remote machine.' for RemoteForward just like ssh.1 -R.
429 ok djm@ jmc@
430 - stevesk@cvs.openbsd.org 2008/10/14 18:11:33
431 [sshconnect.c]
432 use #define ROQUIET here; no binary change. ok dtucker@
433 - stevesk@cvs.openbsd.org 2008/10/17 18:36:24
434 [ssh_config.5]
435 correct and clarify VisualHostKey; ok jmc@
436 - stevesk@cvs.openbsd.org 2008/10/30 19:31:16
437 [clientloop.c sshd.c]
438 don't need to #include "monitor_fdpass.h"
439 - stevesk@cvs.openbsd.org 2008/10/31 15:05:34
440 [dispatch.c]
441 remove unused #define DISPATCH_MIN; ok markus@
442 - djm@cvs.openbsd.org 2008/11/01 04:50:08
443 [sshconnect2.c]
444 sprinkle ARGSUSED on dispatch handlers
445 nuke stale unusued prototype
446 - stevesk@cvs.openbsd.org 2008/11/01 06:43:33
447 [channels.c]
448 fix some typos in log messages; ok djm@
449 - sobrado@cvs.openbsd.org 2008/11/01 11:14:36
450 [ssh-keyscan.1 ssh-keyscan.c]
451 the ellipsis is not an optional argument; while here, improve spacing.
452 - stevesk@cvs.openbsd.org 2008/11/01 17:40:33
453 [clientloop.c readconf.c readconf.h ssh.c]
454 merge dynamic forward parsing into parse_forward();
455 'i think this is OK' djm@
456 - stevesk@cvs.openbsd.org 2008/11/02 00:16:16
457 [ttymodes.c]
458 protocol 2 tty modes support is now 7.5 years old so remove these
459 debug3()s; ok deraadt@
460 - stevesk@cvs.openbsd.org 2008/11/03 01:07:02
461 [readconf.c]
462 remove valueless comment
463 - stevesk@cvs.openbsd.org 2008/11/03 02:44:41
464 [readconf.c]
465 fix comment
466 - (djm) [contrib/caldera/ssh-host-keygen contrib/suse/rc.sshd]
467 Make example scripts generate keys with default sizes rather than fixed,
468 non-default 1024 bits; patch from imorgan AT nas.nasa.gov
469 - (djm) [contrib/sshd.pam.generic contrib/caldera/sshd.pam]
470 [contrib/redhat/sshd.pam] Move pam_nologin to account group from
471 incorrect auth group in example files;
472 patch from imorgan AT nas.nasa.gov
473
47420080906
475 - (dtucker) [config.guess config.sub] Update to latest versions from
476 http://git.savannah.gnu.org/gitweb/ (2008-04-14 and 2008-06-16
477 respectively).
478
47920080830
480 - (dtucker) [openbsd-compat/bsd-poll.c] correctly check for number of FDs
481 larger than FD_SETSIZE (OpenSSH only ever uses poll with one fd). Patch
482 from Nicholas Marriott.
483
48420080721
485 - (djm) OpenBSD CVS Sync
486 - djm@cvs.openbsd.org 2008/07/23 07:36:55
487 [servconf.c]
488 do not try to print options that have been compile-time disabled
489 in config test mode (sshd -T); report from nix-corp AT esperi.org.uk
490 ok dtucker@
491 - (djm) [servconf.c] Print UsePAM option in config test mode (when it
492 has been compiled in); report from nix-corp AT esperi.org.uk
493 ok dtucker@
494
120080721 49520080721
2 - (djm) OpenBSD CVS Sync 496 - (djm) OpenBSD CVS Sync
3 - jmc@cvs.openbsd.org 2008/07/18 22:51:01 497 - jmc@cvs.openbsd.org 2008/07/18 22:51:01
@@ -873,3841 +1367,3 @@
873 [contrib/suse/openssh.spec] Crank version numbers in RPM spec files 1367 [contrib/suse/openssh.spec] Crank version numbers in RPM spec files
874 - (djm) [README] Update link to release notes 1368 - (djm) [README] Update link to release notes
875 - (djm) Release 5.0p1 1369 - (djm) Release 5.0p1
876
87720080315
878 - (djm) [regress/test-exec.sh] Quote putty-related variables in case they are
879 empty; report and patch from Peter Stuge
880 - (djm) [regress/test-exec.sh] Silence noise from detection of putty
881 commands; report from Peter Stuge
882 - (djm) [session.c] Relocate incorrectly-placed closefrom() that was causing
883 crashes when used with ChrootDirectory
884
885
88620080327
887 - (dtucker) Cache selinux status earlier so we know if it's enabled after a
888 chroot. Allows ChrootDirectory to work with selinux support compiled in
889 but not enabled. Using it with selinux enabled will require some selinux
890 support inside the chroot. "looks sane" djm@
891 - (djm) Fix RCS ident in sftp-server-main.c
892 - (djm) OpenBSD CVS sync:
893 - jmc@cvs.openbsd.org 2008/02/11 07:58:28
894 [ssh.1 sshd.8 sshd_config.5]
895 bump Mdocdate for pages committed in "febuary", necessary because
896 of a typo in rcs.c;
897 - deraadt@cvs.openbsd.org 2008/03/13 01:49:53
898 [monitor_fdpass.c]
899 Correct CMSG_SPACE and CMSG_LEN usage everywhere in the tree. Due to
900 an extensive discussion with otto, kettenis, millert, and hshoexer
901 - deraadt@cvs.openbsd.org 2008/03/15 16:19:02
902 [monitor_fdpass.c]
903 Repair the simple cases for msg_controllen where it should just be
904 CMSG_SIZE(sizeof(int)), not sizeof(buffer) which may be larger because
905 of alignment; ok kettenis hshoexer
906 - djm@cvs.openbsd.org 2008/03/23 12:54:01
907 [sftp-client.c]
908 prefer POSIX-style file renaming over filexfer rename behaviour if the
909 server supports the posix-rename@openssh.com extension.
910 Note that the old (filexfer) behaviour would refuse to clobber an
911 existing file. Users who depended on this should adjust their sftp(1)
912 usage.
913 ok deraadt@ markus@
914 - deraadt@cvs.openbsd.org 2008/03/24 16:11:07
915 [monitor_fdpass.c]
916 msg_controllen has to be CMSG_SPACE so that the kernel can account for
917 each cmsg_len (ie. msg_controllen = sum of CMSG_ALIGN(cmsg_len). This
918 works now that kernel fd passing has been fixed to accept a bit of
919 sloppiness because of this ABI repair.
920 lots of discussion with kettenis
921 - djm@cvs.openbsd.org 2008/03/25 11:58:02
922 [session.c sshd_config.5]
923 ignore ~/.ssh/rc if a sshd_config ForceCommand is specified;
924 from dtucker@ ok deraadt@ djm@
925 - djm@cvs.openbsd.org 2008/03/25 23:01:41
926 [session.c]
927 last patch had backwards test; spotted by termim AT gmail.com
928 - djm@cvs.openbsd.org 2008/03/26 21:28:14
929 [auth-options.c auth-options.h session.c sshd.8]
930 add no-user-rc authorized_keys option to disable execution of ~/.ssh/rc
931 - djm@cvs.openbsd.org 2008/03/27 00:16:49
932 [version.h]
933 openssh-4.9
934 - djm@cvs.openbsd.org 2008/03/24 21:46:54
935 [regress/sftp-badcmds.sh]
936 disable no-replace rename test now that we prefer a POSIX rename; spotted
937 by dkrause@
938 - (djm) [configure.ac] fix alignment of --without-stackprotect description
939 - (djm) [configure.ac] --with-selinux too
940 - (djm) [regress/Makefile] cleanup PuTTY interop test droppings
941 - (djm) [README] Update link to release notes
942 - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
943 [contrib/suse/openssh.spec] Crank version numbers in RPM spec files
944 - (djm) Release 4.9p1
945
94620080315
947 - (djm) [regress/test-exec.sh] Quote putty-related variables in case they are
948 empty; report and patch from Peter Stuge
949 - (djm) [regress/test-exec.sh] Silence noise from detection of putty
950 commands; report from Peter Stuge
951 - (djm) [session.c] Relocate incorrectly-placed closefrom() that was causing
952 crashes when used with ChrootDirectory
953
95420080314
955 - (tim) [regress/sftp-cmds.sh] s/cd/lcd/ in lls test. Reported by
956 vinschen at redhat.com. Add () to put echo commands in subshell for lls test
957 I mistakenly left out of last commit.
958 - (tim) [regress/localcommand.sh] Shell portability fix. Reported by imorgan at
959 nas.nasa.gov
960
96120080313
962 - (djm) [Makefile.in regress/Makefile] Fix interop-tests target (note to
963 self: make changes to Makefile.in next time, not the generated Makefile).
964 - (djm) [Makefile.in regress/test-exec.sh] Find installed plink(1) and
965 puttygen(1) by $PATH
966 - (tim) [scp.c] Use poll.h if available, fall back to sys/poll.h if not. Patch
967 by vinschen at redhat.com.
968 - (tim) [regress/sftp-cmds.sh regress/ssh2putty.sh] Shell portability fixes
969 from vinschen at redhat.com and imorgan at nas.nasa.gov
970
97120080312
972 - (djm) OpenBSD CVS Sync
973 - dtucker@cvs.openbsd.org 2007/10/29 06:57:13
974 [regress/Makefile regress/localcommand.sh]
975 Add simple regress test for LocalCommand; ok djm@
976 - jmc@cvs.openbsd.org 2007/11/25 15:35:09
977 [regress/agent-getpeereid.sh regress/agent.sh]
978 more existant -> existent, from Martynas Venckus;
979 pfctl changes: ok henning
980 ssh changes: ok deraadt
981 - djm@cvs.openbsd.org 2007/12/12 05:04:03
982 [regress/sftp-cmds.sh]
983 unbreak lls command and add a regress test that would have caught the
984 breakage; spotted by mouring@
985 NB. sftp code change already committed.
986 - djm@cvs.openbsd.org 2007/12/21 04:13:53
987 [regress/Makefile regress/test-exec.sh regress/putty-ciphers.sh]
988 [regress/putty-kex.sh regress/putty-transfer.sh regress/ssh2putty.sh]
989 basic (crypto, kex and transfer) interop regression tests against putty
990 To run these, install putty and run "make interop-tests" from the build
991 directory - the tests aren't run by default yet.
992
99320080311
994 - (dtucker) [auth-pam.c monitor.c session.c sshd.c] Bug #926: Move
995 pam_open_session and pam_close_session into the privsep monitor, which
996 will ensure that pam_session_close is called as root. Patch from Tomas
997 Mraz.
998
99920080309
1000 - (dtucker) [configure.ac] It turns out gcc's -fstack-protector-all doesn't
1001 always work for all platforms and versions, so test what we can and
1002 add a configure flag to turn it of if needed. ok djm@
1003 - (dtucker) [openbsd-compat/port-aix.{c,h}] Remove AIX specific initgroups
1004 implementation. It's not needed to fix bug #1081 and breaks the build
1005 on some AIX configurations.
1006 - (dtucker) [openbsd-compat/regress/strtonumtest.c] Bug #1347: Use platform's
1007 equivalent of LLONG_MAX for the compat regression tests, which makes them
1008 run on AIX and HP-UX. Patch from David Leonard.
1009 - (dtucker) [configure.ac] Run stack-protector tests with -Werror to catch
1010 platforms where gcc understands the option but it's not supported (and
1011 thus generates a warning).
1012
101320080307
1014 - (djm) OpenBSD CVS Sync
1015 - jmc@cvs.openbsd.org 2008/02/11 07:58:28
1016 [ssh.1 sshd.8 sshd_config.5]
1017 bump Mdocdate for pages committed in "febuary", necessary because
1018 of a typo in rcs.c;
1019 - djm@cvs.openbsd.org 2008/02/13 22:38:17
1020 [servconf.h session.c sshd.c]
1021 rekey arc4random and OpenSSL RNG in postauth child
1022 closefrom fds > 2 before shell/command execution
1023 ok markus@
1024 - mbalmer@cvs.openbsd.org 2008/02/14 13:10:31
1025 [sshd.c]
1026 When started in configuration test mode (-t) do not check that sshd is
1027 being started with an absolute path.
1028 ok djm
1029 - markus@cvs.openbsd.org 2008/02/20 15:25:26
1030 [session.c]
1031 correct boolean encoding for coredump; der Mouse via dugsong
1032 - djm@cvs.openbsd.org 2008/02/22 05:58:56
1033 [session.c]
1034 closefrom() call was too early, delay it until just before we execute
1035 the user's rc files (if any).
1036 - dtucker@cvs.openbsd.org 2008/02/22 20:44:02
1037 [clientloop.c packet.c packet.h serverloop.c]
1038 Allow all SSH2 packet types, including UNIMPLEMENTED to reset the
1039 keepalive timer (bz #1307). ok markus@
1040 - djm@cvs.openbsd.org 2008/02/27 20:21:15
1041 [sftp-server.c]
1042 add an extension method "posix-rename@openssh.com" to perform POSIX atomic
1043 rename() operations. based on patch from miklos AT szeredi.hu in bz#1400;
1044 ok dtucker@ markus@
1045 - deraadt@cvs.openbsd.org 2008/03/02 18:19:35
1046 [monitor_fdpass.c]
1047 use a union to ensure alignment of the cmsg (pay attention: various other
1048 parts of the tree need this treatment too); ok djm
1049 - deraadt@cvs.openbsd.org 2008/03/04 21:15:42
1050 [version.h]
1051 crank version; from djm
1052 - (tim) [regress/sftp-glob.sh] Shell portability fix.
1053
105420080302
1055 - (dtucker) [configure.ac] FreeBSD's glob() doesn't behave the way we expect
1056 either, so use our own.
1057
105820080229
1059 - (dtucker) [openbsd-compat/bsd-poll.c] We don't check for select(2) in
1060 configure (and there's not much point, as openssh won't work without it)
1061 so HAVE_SELECT is not defined and the poll(2) compat code doesn't get
1062 built in. Remove HAVE_SELECT so we can build on platforms without poll.
1063 - (dtucker) [scp.c] Include sys/poll.h inside HAVE_SYS_POLL_H.
1064 - (djm) [contrib/gnome-ssh-askpass2.h] Keep askpass windown on top. From
1065 Debian patch via bernd AT openbsd.org
1066
106720080228
1068 - (dtucker) [configure.ac] Add -fstack-protector to LDFLAGS too, fixes
1069 linking problems on AIX with gcc 4.1.x.
1070 - (dtucker) [includes.h ssh-add.c ssh-agent.c ssh-keygen.c ssh.c sshd.c
1071 openbsd-compat/openssl-compat.{c,h}] Bug #1437 Move the OpenSSL compat
1072 header to after OpenSSL headers, since some versions of OpenSSL have
1073 SSLeay_add_all_algorithms as a macro already.
1074 - (dtucker) [key.c defines.h openbsd-compat/openssl-compat.h] Move old OpenSSL
1075 compat glue into openssl-compat.h.
1076 - (dtucker) [configure.ac openbsd-compat/port-aix.{c,h}] Bug #1081: Implement
1077 getgrouplist via getgrset on AIX, rather than iterating over getgrent.
1078 This allows, eg, Match and AllowGroups directives to work with NIS and
1079 LDAP groups.
1080 - (dtucker) [sshd.c] Bug #1042: make log messages for tcpwrappers use the
1081 same SyslogFacility as the rest of sshd. Patch from William Knox,
1082 ok djm@.
1083
108420080225
1085 - (dtucker) [openbsd-compat/fake-rfc2553.h] rename ssh_gai_strerror hack
1086 since it now conflicts with the helper function in misc.c. From
1087 vinschen AT redhat.com.
1088 - (dtucker) [configure.ac audit-bsm.c] Bug #1420: Add a local implementation
1089 of aug_get_machine for systems that don't have their own (eg OS X, FreeBSD).
1090 Help and testing from csjp at FreeBSD org, vgiffin at apple com. ok djm@
1091 - (dtucker) [includes.h openbsd-compat/openssl-compat.c] Bug #1437: reshuffle
1092 headers so ./configure --with-ssl-engine actually works. Patch from
1093 Ian Lister.
1094
109520080224
1096 - (tim) [contrib/cygwin/ssh-host-config]
1097 Grammar changes on SYSCONFDIR LOCALSTATEDIR messages.
1098 Check more thoroughly that it's possible to create the /var/empty directory.
1099 Patch by vinschen AT redhat.com
1100
110120080210
1102 - OpenBSD CVS Sync
1103 - chl@cvs.openbsd.org 2008/01/11 07:22:28
1104 [sftp-client.c sftp-client.h]
1105 disable unused functions
1106 initially from tobias@, but disabled them by placing them in
1107 "#ifdef notyet" which was asked by djm@
1108 ok djm@ tobias@
1109 - djm@cvs.openbsd.org 2008/01/19 19:13:28
1110 [ssh.1]
1111 satisfy the pedants: -q does not suppress all diagnostic messages (e.g.
1112 some commandline parsing warnings go unconditionally to stdout).
1113 - djm@cvs.openbsd.org 2008/01/19 20:48:53
1114 [clientloop.c]
1115 fd leak on session multiplexing error path. Report and patch from
1116 gregory_shively AT fanniemae.com
1117 - djm@cvs.openbsd.org 2008/01/19 20:51:26
1118 [ssh.c]
1119 ignore SIGPIPE in multiplex client mode - we can receive this if the
1120 server runs out of fds on us midway. Report and patch from
1121 gregory_shively AT fanniemae.com
1122 - djm@cvs.openbsd.org 2008/01/19 22:04:57
1123 [sftp-client.c]
1124 fix remote handle leak in do_download() local file open error path;
1125 report and fix from sworley AT chkno.net
1126 - djm@cvs.openbsd.org 2008/01/19 22:22:58
1127 [ssh-keygen.c]
1128 when hashing individual hosts (ssh-keygen -Hf hostname), make sure we
1129 hash just the specified hostname and not the entire hostspec from the
1130 keyfile. It may be of the form "hostname,ipaddr", which would lead to
1131 a hash that never matches. report and fix from jp AT devnull.cz
1132 - djm@cvs.openbsd.org 2008/01/19 22:37:19
1133 [ssh-keygen.c]
1134 unbreak line numbering (broken in revision 1.164), fix error message
1135 - djm@cvs.openbsd.org 2008/01/19 23:02:40
1136 [channels.c]
1137 When we added support for specified bind addresses for port forwards, we
1138 added a quirk SSH_OLD_FORWARD_ADDR. There is a bug in our handling of
1139 this for -L port forwards that causes the client to listen on both v4
1140 and v6 addresses when connected to a server with this quirk, despite
1141 having set 0.0.0.0 as a bind_address.
1142 report and patch from Jan.Pechanec AT Sun.COM; ok dtucker@
1143 - djm@cvs.openbsd.org 2008/01/19 23:09:49
1144 [readconf.c readconf.h sshconnect2.c]
1145 promote rekeylimit to a int64 so it can hold the maximum useful limit
1146 of 2^32; report and patch from Jan.Pechanec AT Sun.COM, ok dtucker@
1147 - djm@cvs.openbsd.org 2008/01/20 00:38:30
1148 [sftp.c]
1149 When uploading, correctly handle the case of an unquoted filename with
1150 glob metacharacters that match a file exactly but not as a glob, e.g. a
1151 file called "[abcd]". report and test cases from duncan2nd AT gmx.de
1152 - djm@cvs.openbsd.org 2008/01/21 17:24:30
1153 [sftp-server.c]
1154 Remove the fixed 100 handle limit in sftp-server and allocate as many
1155 as we have available file descriptors. Patch from miklos AT szeredi.hu;
1156 ok dtucker@ markus@
1157 - djm@cvs.openbsd.org 2008/01/21 19:20:17
1158 [sftp-client.c]
1159 when a remote write error occurs during an upload, ensure that ACKs for
1160 all issued requests are properly drained. patch from t8m AT centrum.cz
1161 - dtucker@cvs.openbsd.org 2008/01/23 01:56:54
1162 [clientloop.c packet.c serverloop.c]
1163 Revert the change for bz #1307 as it causes connection aborts if an IGNORE
1164 packet arrives while we're waiting in packet_read_expect (and possibly
1165 elsewhere).
1166 - jmc@cvs.openbsd.org 2008/01/31 20:06:50
1167 [scp.1]
1168 explain how to handle local file names containing colons;
1169 requested by Tamas TEVESZ
1170 ok dtucker
1171 - markus@cvs.openbsd.org 2008/02/04 21:53:00
1172 [session.c sftp-server.c sftp.h]
1173 link sftp-server into sshd; feedback and ok djm@
1174 - mcbride@cvs.openbsd.org 2008/02/09 12:15:43
1175 [ssh.1 sshd.8]
1176 Document the correct permissions for the ~/.ssh/ directory.
1177 ok jmc
1178 - djm@cvs.openbsd.org 2008/02/10 09:55:37
1179 [sshd_config.5]
1180 mantion that "internal-sftp" is useful with ForceCommand too
1181 - djm@cvs.openbsd.org 2008/02/10 10:54:29
1182 [servconf.c session.c]
1183 delay ~ expansion for ChrootDirectory so it expands to the logged-in user's
1184 home, rather than the user who starts sshd (probably root)
1185
118620080119
1187 - (djm) Silence noice from expr in ssh-copy-id; patch from
1188 mikel AT mikelward.com
1189 - (djm) Only listen for IPv6 connections on AF_INET6 sockets; patch from
1190 tsr2600 AT gmail.com
1191
119220080102
1193 - (dtucker) [configure.ac] Fix message for -fstack-protector-all test.
1194
119520080101
1196 - (dtucker) OpenBSD CVS Sync
1197 - dtucker@cvs.openbsd.org 2007/12/31 10:41:31
1198 [readconf.c servconf.c]
1199 Prevent strict-aliasing warnings on newer gcc versions. bz #1355, patch
1200 from Dmitry V. Levin, ok djm@
1201 - dtucker@cvs.openbsd.org 2007/12/31 15:27:04
1202 [sshd.c]
1203 When in inetd mode, have sshd generate a Protocol 1 ephemeral server
1204 key only for connections where the client chooses Protocol 1 as opposed
1205 to when it's enabled in the server's config. Speeds up Protocol 2
1206 connections to inetd-mode servers that also allow Protocol 1. bz #440,
1207 based on a patch from bruno at wolff.to, ok markus@
1208 - dtucker@cvs.openbsd.org 2008/01/01 08:47:04
1209 [misc.c]
1210 spaces -> tabs from my previous commit
1211 - dtucker@cvs.openbsd.org 2008/01/01 09:06:39
1212 [scp.c]
1213 If scp -p encounters a pre-epoch timestamp, use the epoch which is
1214 as close as we can get given that it's used unsigned. Add a little
1215 debugging while there. bz #828, ok djm@
1216 - dtucker@cvs.openbsd.org 2008/01/01 09:27:33
1217 [sshd_config.5 servconf.c]
1218 Allow PermitRootLogin in a Match block. Allows for, eg, permitting root
1219 only from the local network. ok markus@, man page bit ok jmc@
1220 - dtucker@cvs.openbsd.org 2008/01/01 08:51:20
1221 [moduli]
1222 Updated moduli file; ok djm@
1223
122420071231
1225 - (dtucker) [configure.ac openbsd-compat/glob.{c,h}] Bug #1407: force use of
1226 builtin glob implementation on Mac OS X. Based on a patch from
1227 vgiffin at apple.
1228
122920071229
1230 - (dtucker) OpenBSD CVS Sync
1231 - djm@cvs.openbsd.org 2007/12/12 05:04:03
1232 [sftp.c]
1233 unbreak lls command and add a regress test that would have caught the
1234 breakage; spotted by mouring@
1235 - dtucker@cvs.openbsd.org 2007/12/27 14:22:08
1236 [servconf.c canohost.c misc.c channels.c sshconnect.c misc.h ssh-keyscan.c
1237 sshd.c]
1238 Add a small helper function to consistently handle the EAI_SYSTEM error
1239 code of getaddrinfo. Prompted by vgiffin at apple com via bz #1417.
1240 ok markus@ stevesk@
1241 - dtucker@cvs.openbsd.org 2007/12/28 15:32:24
1242 [clientloop.c serverloop.c packet.c]
1243 Make SSH2_MSG_UNIMPLEMENTED and SSH2_MSG_IGNORE messages reset the
1244 ServerAlive and ClientAlive timers. Prevents dropping a connection
1245 when these are enabled but the peer does not support our keepalives.
1246 bz #1307, ok djm@.
1247 - dtucker@cvs.openbsd.org 2007/12/28 22:34:47
1248 [clientloop.c]
1249 Use the correct packet maximum sizes for remote port and agent forwarding.
1250 Prevents the server from killing the connection if too much data is queued
1251 and an excessively large packet gets sent. bz #1360, ok djm@.
1252
125320071202
1254 - (dtucker) [configure.ac] Enable -fstack-protector-all on systems where
1255 gcc supports it. ok djm@
1256 - (dtucker) [scp.c] Update $OpenBSD tag missing from rev 1.175 and remove
1257 leftover debug code.
1258 - (dtucker) OpenBSD CVS Sync
1259 - dtucker@cvs.openbsd.org 2007/10/29 00:52:45
1260 [auth2-gss.c]
1261 Allow build without -DGSSAPI; ok deraadt@
1262 (Id sync only, Portable already has the ifdefs)
1263 - dtucker@cvs.openbsd.org 2007/10/29 01:55:04
1264 [ssh.c]
1265 Plug tiny mem leaks in ControlPath and ProxyCommand option processing;
1266 ok djm@
1267 - dtucker@cvs.openbsd.org 2007/10/29 04:08:08
1268 [monitor_wrap.c monitor.c]
1269 Send config block back to slave for invalid users too so options
1270 set by a Match block (eg Banner) behave the same for non-existent
1271 users. Found by and ok djm@
1272 - dtucker@cvs.openbsd.org 2007/10/29 06:51:59
1273 [ssh_config.5]
1274 ProxyCommand and LocalCommand use the user's shell, not /bin/sh; ok djm@
1275 - dtucker@cvs.openbsd.org 2007/10/29 06:54:50
1276 [ssh.c]
1277 Make LocalCommand work for Protocol 1 too; ok djm@
1278 - jmc@cvs.openbsd.org 2007/10/29 07:48:19
1279 [ssh_config.5]
1280 clean up after previous macro removal;
1281 - djm@cvs.openbsd.org 2007/11/03 00:36:14
1282 [clientloop.c]
1283 fix memory leak in process_cmdline(), patch from Jan.Pechanec AT Sun.COM;
1284 ok dtucker@
1285 - deraadt@cvs.openbsd.org 2007/11/03 01:24:06
1286 [ssh.c]
1287 bz #1377: getpwuid results were being clobbered by another getpw* call
1288 inside tilde_expand_filename(); save the data we need carefully
1289 ok djm
1290 - dtucker@cvs.openbsd.org 2007/11/03 02:00:32
1291 [ssh.c]
1292 Use xstrdup/xfree when saving pwname and pwdir; ok deraadt@
1293 - deraadt@cvs.openbsd.org 2007/11/03 02:03:49
1294 [ssh.c]
1295 avoid errno trashing in signal handler; ok dtucker
1296
129720071030
1298 - (djm) OpenBSD CVS Sync
1299 - djm@cvs.openbsd.org 2007/10/29 23:49:41
1300 [openbsd-compat/sys-tree.h]
1301 remove extra backslash at the end of RB_PROTOTYPE, report from
1302 Jan.Pechanec AT Sun.COM; ok deraadt@
1303
130420071026
1305 - (djm) OpenBSD CVS Sync
1306 - stevesk@cvs.openbsd.org 2007/09/11 23:49:09
1307 [sshpty.c]
1308 remove #if defined block not needed; ok markus@ dtucker@
1309 (NB. RCD ID sync only for portable)
1310 - djm@cvs.openbsd.org 2007/09/21 03:05:23
1311 [ssh_config.5]
1312 document KbdInteractiveAuthentication in ssh_config.5;
1313 patch from dkg AT fifthhorseman.net
1314 - djm@cvs.openbsd.org 2007/09/21 08:15:29
1315 [auth-bsdauth.c auth-passwd.c auth.c auth.h auth1.c auth2-chall.c]
1316 [monitor.c monitor_wrap.c]
1317 unifdef -DBSD_AUTH
1318 unifdef -USKEY
1319 These options have been in use for some years;
1320 ok markus@ "no objection" millert@
1321 (NB. RCD ID sync only for portable)
1322 - canacar@cvs.openbsd.org 2007/09/25 23:48:57
1323 [ssh-agent.c]
1324 When adding a key that already exists, update the properties
1325 (time, confirm, comment) instead of discarding them. ok djm@ markus@
1326 - ray@cvs.openbsd.org 2007/09/27 00:15:57
1327 [dh.c]
1328 Don't return -1 on error in dh_pub_is_valid(), since it evaluates
1329 to true.
1330 Also fix a typo.
1331 Initial diff from Matthew Dempsky, input from djm.
1332 OK djm, markus.
1333 - dtucker@cvs.openbsd.org 2007/09/29 00:25:51
1334 [auth2.c]
1335 Remove unused prototype. ok djm@
1336 - chl@cvs.openbsd.org 2007/10/02 17:49:58
1337 [ssh-keygen.c]
1338 handles zero-sized strings that fgets can return
1339 properly removes trailing newline
1340 removes an unused variable
1341 correctly counts line number
1342 "looks ok" ray@ markus@
1343 - markus@cvs.openbsd.org 2007/10/22 19:10:24
1344 [readconf.c]
1345 make sure that both the local and remote port are correct when
1346 parsing -L; Jan Pechanec (bz #1378)
1347 - djm@cvs.openbsd.org 2007/10/24 03:30:02
1348 [sftp.c]
1349 rework argument splitting and parsing to cope correctly with common
1350 shell escapes and make handling of escaped characters consistent
1351 with sh(1) and between sftp commands (especially between ones that
1352 glob their arguments and ones that don't).
1353 parse command flags using getopt(3) rather than hand-rolled parsers.
1354 ok dtucker@
1355 - djm@cvs.openbsd.org 2007/10/24 03:44:02
1356 [scp.c]
1357 factor out network read/write into an atomicio()-like function, and
1358 use it to handle short reads, apply bandwidth limits and update
1359 counters. make network IO non-blocking, so a small trickle of
1360 reads/writes has a chance of updating the progress meter; bz #799
1361 ok dtucker@
1362 - djm@cvs.openbsd.org 2006/08/29 09:44:00
1363 [regress/sftp-cmds.sh]
1364 clean up our mess
1365 - markus@cvs.openbsd.org 2006/11/06 09:27:43
1366 [regress/cfgmatch.sh]
1367 fix quoting for non-(c)sh login shells.
1368 - dtucker@cvs.openbsd.org 2006/12/13 08:36:36
1369 [regress/cfgmatch.sh]
1370 Additional test for multiple PermitOpen entries. ok djm@
1371 - pvalchev@cvs.openbsd.org 2007/06/07 19:41:46
1372 [regress/cipher-speed.sh regress/try-ciphers.sh]
1373 test umac-64@openssh.com
1374 ok djm@
1375 - djm@cvs.openbsd.org 2007/10/24 03:32:35
1376 [regress/sftp-cmds.sh regress/sftp-glob.sh regress/test-exec.sh]
1377 comprehensive tests for sftp escaping its interaction with globbing;
1378 ok dtucker@
1379 - djm@cvs.openbsd.org 2007/10/26 05:30:01
1380 [regress/sftp-glob.sh regress/test-exec.sh]
1381 remove "echo -E" crap that I added in last commit and use printf(1) for
1382 cases where we strictly require echo not to reprocess escape characters.
1383 - deraadt@cvs.openbsd.org 2005/11/28 17:50:12
1384 [openbsd-compat/glob.c]
1385 unused arg in internal static API
1386 - jakob@cvs.openbsd.org 2007/10/11 18:36:41
1387 [openbsd-compat/getrrsetbyname.c openbsd-compat/getrrsetbyname.h]
1388 use RRSIG instead of SIG for DNSSEC. ok djm@
1389 - otto@cvs.openbsd.org 2006/10/21 09:55:03
1390 [openbsd-compat/base64.c]
1391 remove calls to abort(3) that can't happen anyway; from
1392 <bret dot lambert at gmail.com>; ok millert@ deraadt@
1393 - frantzen@cvs.openbsd.org 2004/04/24 18:11:46
1394 [openbsd-compat/sys-tree.h]
1395 sync to Niels Provos' version. avoid unused variable warning in
1396 RB_NEXT()
1397 - tdeval@cvs.openbsd.org 2004/11/24 18:10:42
1398 [openbsd-compat/sys-tree.h]
1399 typo
1400 - grange@cvs.openbsd.org 2004/05/04 16:59:32
1401 [openbsd-compat/sys-queue.h]
1402 Remove useless ``elm'' argument from the SIMPLEQ_REMOVE_HEAD macro.
1403 This matches our SLIST behaviour and NetBSD's SIMPLEQ as well.
1404 ok millert krw deraadt
1405 - deraadt@cvs.openbsd.org 2005/02/25 13:29:30
1406 [openbsd-compat/sys-queue.h]
1407 minor white spacing
1408 - otto@cvs.openbsd.org 2005/10/17 20:19:42
1409 [openbsd-compat/sys-queue.h]
1410 Performing certain operations on queue.h data structurs produced
1411 funny results. An example is calling LIST_REMOVE on the same
1412 element twice. This will not fail, but result in a data structure
1413 referencing who knows what. Prevent these accidents by NULLing some
1414 fields on remove and replace. This way, either a panic or segfault
1415 will be produced on the faulty operation.
1416 - otto@cvs.openbsd.org 2005/10/24 20:25:14
1417 [openbsd-compat/sys-queue.h]
1418 Partly backout. NOLIST, used in LISTs is probably interfering.
1419 requested by deraadt@
1420 - otto@cvs.openbsd.org 2005/10/25 06:37:47
1421 [openbsd-compat/sys-queue.h]
1422 Some uvm problem is being exposed with the more strict macros.
1423 Revert until we've found out what's causing the panics.
1424 - otto@cvs.openbsd.org 2005/11/25 08:06:25
1425 [openbsd-compat/sys-queue.h]
1426 Introduce debugging aid for queue macros. Disabled by default; but
1427 developers are encouraged to run with this enabled.
1428 ok krw@ fgsch@ deraadt@
1429 - otto@cvs.openbsd.org 2007/04/30 18:42:34
1430 [openbsd-compat/sys-queue.h]
1431 Enable QUEUE_MACRO_DEBUG on DIAGNOSTIC kernels.
1432 Input and okays from krw@, millert@, otto@, deraadt@, miod@.
1433 - millert@cvs.openbsd.org 2004/10/07 16:56:11
1434 GLOB_NOESCAPE is POSIX so move it out of the #ifndef _POSIX_SOURCE
1435 block.
1436 (NB. mostly an RCS ID sync, as portable strips out the conditionals)
1437 - (djm) [regress/sftp-cmds.sh]
1438 Use more restrictive glob to pick up test files from /bin - some platforms
1439 ship broken symlinks there which could spoil the test.
1440 - (djm) [openbsd-compat/bindresvport.c]
1441 Sync RCS ID after irrelevant (for portable OpenSSH) header shuffling
1442
144320070927
1444 - (dtucker) [configure.ac atomicio.c] Fall back to including <sys/poll.h> if
1445 we don't have <poll.h> (eq QNX). From bacon at cs nyu edu.
1446 - (dtucker) [configure.ac defines.h] Shadow expiry does not work on QNX6
1447 so disable it for that platform. From bacon at cs nyu edu.
1448
144920070921
1450 - (djm) [atomicio.c] Fix spin avoidance for platforms that define
1451 EWOULDBLOCK; patch from ben AT psc.edu
1452
145320070917
1454 - (djm) OpenBSD CVS Sync
1455 - djm@cvs.openbsd.org 2007/08/23 02:49:43
1456 [auth-passwd.c auth.c session.c]
1457 unifdef HAVE_LOGIN_CAP; ok deraadt@ millert@
1458 NB. RCS ID sync only for portable
1459 - djm@cvs.openbsd.org 2007/08/23 02:55:51
1460 [auth-passwd.c auth.c session.c]
1461 missed include bits from last commit
1462 NB. RCS ID sync only for portable
1463 - djm@cvs.openbsd.org 2007/08/23 03:06:10
1464 [auth.h]
1465 login_cap.h doesn't belong here
1466 NB. RCS ID sync only for portable
1467 - djm@cvs.openbsd.org 2007/08/23 03:22:16
1468 [auth2-none.c sshd_config sshd_config.5]
1469 Support "Banner=none" to disable displaying of the pre-login banner;
1470 ok dtucker@ deraadt@
1471 - djm@cvs.openbsd.org 2007/08/23 03:23:26
1472 [sshconnect.c]
1473 Execute ProxyCommands with $SHELL rather than /bin/sh unconditionally
1474 - djm@cvs.openbsd.org 2007/09/04 03:21:03
1475 [clientloop.c monitor.c monitor_fdpass.c monitor_fdpass.h]
1476 [monitor_wrap.c ssh.c]
1477 make file descriptor passing code return an error rather than call fatal()
1478 when it encounters problems, and use this to make session multiplexing
1479 masters survive slaves failing to pass all stdio FDs; ok markus@
1480 - djm@cvs.openbsd.org 2007/09/04 11:15:56
1481 [ssh.c sshconnect.c sshconnect.h]
1482 make ssh(1)'s ConnectTimeout option apply to both the TCP connection and
1483 SSH banner exchange (previously it just covered the TCP connection).
1484 This allows callers of ssh(1) to better detect and deal with stuck servers
1485 that accept a TCP connection but don't progress the protocol, and also
1486 makes ConnectTimeout useful for connections via a ProxyCommand;
1487 feedback and "looks ok" markus@
1488 - sobrado@cvs.openbsd.org 2007/09/09 11:38:01
1489 [ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.c]
1490 sort synopsis and options in ssh-agent(1); usage is lowercase
1491 ok jmc@
1492 - stevesk@cvs.openbsd.org 2007/09/11 04:36:29
1493 [sshpty.c]
1494 sort #include
1495 NB. RCS ID sync only
1496 - gilles@cvs.openbsd.org 2007/09/11 15:47:17
1497 [session.c ssh-keygen.c sshlogin.c]
1498 use strcspn to properly overwrite '\n' in fgets returned buffer
1499 ok pyr@, ray@, millert@, moritz@, chl@
1500 - stevesk@cvs.openbsd.org 2007/09/11 23:49:09
1501 [sshpty.c]
1502 remove #if defined block not needed; ok markus@ dtucker@
1503 NB. RCS ID sync only
1504 - stevesk@cvs.openbsd.org 2007/09/12 19:39:19
1505 [umac.c]
1506 use xmalloc() and xfree(); ok markus@ pvalchev@
1507 - djm@cvs.openbsd.org 2007/09/13 04:39:04
1508 [sftp-server.c]
1509 fix incorrect test when setting syslog facility; from Jan Pechanec
1510 - djm@cvs.openbsd.org 2007/09/16 00:55:52
1511 [sftp-client.c]
1512 use off_t instead of u_int64_t for file offsets, matching what the
1513 progressmeter code expects; bz #842
1514 - (tim) [defines.h] Fix regression in long password support on OpenServer 6.
1515 Problem report and additional testing rac AT tenzing.org.
1516
151720070914
1518 - (dtucker) [openbsd-compat/bsd-asprintf.c] Plug mem leak in error path.
1519 Patch from Jan.Pechanec at sun com.
1520
152120070910
1522 - (dtucker) [openbsd-compat/regress/closefromtest.c] Bug #1358: Always
1523 return 0 on successful test. From David.Leonard at quest com.
1524 - (tim) [configure.ac] Autoconf didn't define HAVE_LIBIAF because we
1525 did a AC_CHECK_FUNCS within the AC_CHECK_LIB test.
1526
152720070817
1528 - (dtucker) [sshd.8] Many Linux variants use a single "!" to denote locked
1529 accounts and that's what the code looks for, so make man page and code
1530 agree. Pointed out by Roumen Petrov.
1531 - (dtucker) [INSTALL] Group the parts describing random options and PAM
1532 implementations together which is hopefully more coherent.
1533 - (dtucker) [INSTALL] the pid file is sshd.pid not ssh.pid.
1534 - (dtucker) [INSTALL] Give PAM its own heading.
1535 - (dtucker) [INSTALL] Link to tcpwrappers.
1536
153720070816
1538 - (dtucker) [session.c] Call PAM cleanup functions for unauthenticated
1539 connections too. Based on a patch from Sandro Wefel, with & ok djm@
1540
154120070815
1542 - (dtucker) OpenBSD CVS Sync
1543 - markus@cvs.openbsd.org 2007/08/15 08:14:46
1544 [clientloop.c]
1545 do NOT fall back to the trused x11 cookie if generation of an untrusted
1546 cookie fails; from Jan Pechanec, via security-alert at sun.com;
1547 ok dtucker
1548 - markus@cvs.openbsd.org 2007/08/15 08:16:49
1549 [version.h]
1550 openssh 4.7
1551 - stevesk@cvs.openbsd.org 2007/08/15 12:13:41
1552 [ssh_config.5]
1553 tun device forwarding now honours ExitOnForwardFailure; ok markus@
1554 - (dtucker) [openbsd-compat/bsd-cray.c] Remove debug from signal handler.
1555 ok djm@
1556 - (dtucker) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec
1557 contrib/suse/openssh.spec] Crank version.
1558
155920070813
1560 - (dtucker) [session.c] Bug #1339: ensure that pam_setcred() is always
1561 called with PAM_ESTABLISH_CRED at least once, which resolves a problem
1562 with pam_dhkeys. Patch from David Leonard, ok djm@
1563
156420070810
1565 - (dtucker) [auth-pam.c] Use sigdie here too. ok djm@
1566 - (dtucker) [configure.ac] Bug #1343: Set DISABLE_FD_PASSING for QNX6. From
1567 Matt Kraai, ok djm@
1568
156920070809
1570 - (dtucker) [openbsd-compat/port-aix.c] Comment typo.
1571 - (dtucker) [README.platform] Document the interaction between PermitRootLogin
1572 and the AIX native login restrictions.
1573 - (dtucker) [defines.h] Remove _PATH_{CSHELL,SHELLS} which aren't
1574 used anywhere and are a potential source of warnings.
1575
157620070808
1577 - (djm) OpenBSD CVS Sync
1578 - ray@cvs.openbsd.org 2007/07/12 05:48:05
1579 [key.c]
1580 Delint: remove some unreachable statements, from Bret Lambert.
1581 OK markus@ and dtucker@.
1582 - sobrado@cvs.openbsd.org 2007/08/06 19:16:06
1583 [scp.1 scp.c]
1584 the ellipsis is not an optional argument; while here, sync the usage
1585 and synopsis of commands
1586 lots of good ideas by jmc@
1587 ok jmc@
1588 - djm@cvs.openbsd.org 2007/08/07 07:32:53
1589 [clientloop.c clientloop.h ssh.c]
1590 bz#1232: ensure that any specified LocalCommand is executed after the
1591 tunnel device is opened. Also, make failures to open a tunnel device
1592 fatal when ExitOnForwardFailure is active.
1593 Reported by h.goebel AT goebel-consult.de; ok dtucker markus reyk deraadt
1594
159520070724
1596 - (tim) [openssh.xml.in] make FMRI match what package scripts use.
1597 - (tim) [openbsd-compat/regress/closefromtest.c] Bug 1345: fix open() call.
1598 Report/patch by David.Leonard AT quest.com (and Bernhard Simon)
1599 - (tim) [buildpkg.sh.in openssh.xml.in] Allow more flexibility where smf(5)
1600 - (tim) [buildpkg.sh.in] s|$FAKE_ROOT/${sysconfdir}|$FAKE_ROOT${sysconfdir}|
1601
160220070628
1603 - (djm) bz#1325: Fix SELinux in permissive mode where it would
1604 incorrectly fatal() on errors. patch from cjwatson AT debian.org;
1605 ok dtucker
1606
160720070625
1608 - (dtucker) OpenBSD CVS Sync
1609 - djm@cvs.openbsd.org 2007/06/13 00:21:27
1610 [scp.c]
1611 don't ftruncate() non-regular files; bz#1236 reported by wood AT
1612 xmission.com; ok dtucker@
1613 - djm@cvs.openbsd.org 2007/06/14 21:43:25
1614 [ssh.c]
1615 handle EINTR when waiting for mux exit status properly
1616 - djm@cvs.openbsd.org 2007/06/14 22:48:05
1617 [ssh.c]
1618 when waiting for the multiplex exit status, read until the master end
1619 writes an entire int of data *and* closes the client_fd; fixes mux
1620 regression spotted by dtucker, ok dtucker@
1621 - djm@cvs.openbsd.org 2007/06/19 02:04:43
1622 [atomicio.c]
1623 if the fd passed to atomicio/atomiciov() is non blocking, then poll() to
1624 avoid a spin if it is not yet ready for reading/writing; ok dtucker@
1625 - dtucker@cvs.openbsd.org 2007/06/25 08:20:03
1626 [channels.c]
1627 Correct test for window updates every three packets; prevents sending
1628 window updates for every single packet. ok markus@
1629 - dtucker@cvs.openbsd.org 2007/06/25 12:02:27
1630 [atomicio.c]
1631 Include <poll.h> like the man page says rather than <sys/poll.h>. ok djm@
1632 - (dtucker) [atomicio.c] Test for EWOULDBLOCK in atomiciov to match
1633 atomicio.
1634 - (dtucker) [atomicio.c configure.ac openbsd-compat/Makefile.in
1635 openbsd-compat/bsd-poll.{c,h} openbsd-compat/openbsd-compat.h]
1636 Add an implementation of poll() built on top of select(2). Code from
1637 OpenNTPD with changes suggested by djm. ok djm@
1638
163920070614
1640 - (dtucker) [cipher-ctr.c umac.c openbsd-compat/openssl-compat.h] Move the
1641 USE_BUILTIN_RIJNDAEL compat goop to openssl-compat.h so it can be
1642 shared with umac.c. Allows building with OpenSSL 0.9.5 again including
1643 umac support. With tim@ djm@, ok djm.
1644 - (dtucker) [openbsd-compat/openssl-compat.h] Merge USE_BUILTIN_RIJNDAEL
1645 sections. Fixes builds with early OpenSSL 0.9.6 versions.
1646 - (dtucker) [openbsd-compat/openssl-compat.h] Remove redundant definition
1647 of USE_BUILTIN_RIJNDAEL since the <0.9.6 test is covered by the
1648 subsequent <0.9.7 test.
1649
165020070612
1651 - (dtucker) OpenBSD CVS Sync
1652 - markus@cvs.openbsd.org 2007/06/11 09:14:00
1653 [channels.h]
1654 increase default channel windows; ok djm
1655 - djm@cvs.openbsd.org 2007/06/12 07:41:00
1656 [ssh-add.1]
1657 better document ssh-add's -d option (delete identies from agent), bz#1224
1658 new text based on some provided by andrewmc-debian AT celt.dias.ie;
1659 ok dtucker@
1660 - djm@cvs.openbsd.org 2007/06/12 08:20:00
1661 [ssh-gss.h gss-serv.c gss-genr.c]
1662 relocate server-only GSSAPI code from libssh to server; bz #1225
1663 patch from simon AT sxw.org.uk; ok markus@ dtucker@
1664 - djm@cvs.openbsd.org 2007/06/12 08:24:20
1665 [scp.c]
1666 make scp try to skip FIFOs rather than blocking when nothing is listening.
1667 depends on the platform supporting sane O_NONBLOCK semantics for open
1668 on FIFOs (apparently POSIX does not mandate this), which OpenBSD does.
1669 bz #856; report by cjwatson AT debian.org; ok markus@
1670 - djm@cvs.openbsd.org 2007/06/12 11:11:08
1671 [ssh.c]
1672 fix slave exit value when a control master goes away without passing the
1673 full exit status by ensuring that the slave reads a full int. bz#1261
1674 reported by frekko AT gmail.com; ok markus@ dtucker@
1675 - djm@cvs.openbsd.org 2007/06/12 11:15:17
1676 [ssh.c ssh.1]
1677 Add "-K" flag for ssh to set GSSAPIAuthentication=yes and
1678 GSSAPIDelegateCredentials=yes. This is symmetric with -k (disable GSSAPI)
1679 and is useful for hosts with /home on Kerberised NFS; bz #1312
1680 patch from Markus.Kuhn AT cl.cam.ac.uk; ok dtucker@ markus@
1681 - djm@cvs.openbsd.org 2007/06/12 11:45:27
1682 [ssh.c]
1683 improved exit message from multiplex slave sessions; bz #1262
1684 reported by alexandre.nunes AT gmail.com; ok dtucker@
1685 - dtucker@cvs.openbsd.org 2007/06/12 11:56:15
1686 [gss-genr.c]
1687 Pass GSS OID to gss_display_status to provide better information in
1688 error messages. Patch from Simon Wilkinson via bz 1220. ok djm@
1689 - jmc@cvs.openbsd.org 2007/06/12 13:41:03
1690 [ssh-add.1]
1691 identies -> identities;
1692 - jmc@cvs.openbsd.org 2007/06/12 13:43:55
1693 [ssh.1]
1694 add -K to SYNOPSIS;
1695 - dtucker@cvs.openbsd.org 2007/06/12 13:54:28
1696 [scp.c]
1697 Encode filename with strnvis if the name contains a newline (which can't
1698 be represented in the scp protocol), from bz #891. ok markus@
1699
170020070611
1701 - (djm) Bugzilla #1306: silence spurious error messages from hang-on-exit
1702 fix; tested by dtucker@ and jochen.kirn AT gmail.com
1703 - pvalchev@cvs.openbsd.org 2007/06/07 19:37:34
1704 [kex.h mac.c mac.h monitor_wrap.c myproposal.h packet.c ssh.1]
1705 [ssh_config.5 sshd.8 sshd_config.5]
1706 Add a new MAC algorithm for data integrity, UMAC-64 (not default yet,
1707 must specify umac-64@openssh.com). Provides about 20% end-to-end speedup
1708 compared to hmac-md5. Represents a different approach to message
1709 authentication to that of HMAC that may be beneficial if HMAC based on
1710 one of its underlying hash algorithms is found to be vulnerable to a
1711 new attack. http://www.ietf.org/rfc/rfc4418.txt
1712 in conjunction with and OK djm@
1713 - pvalchev@cvs.openbsd.org 2007/06/08 04:40:40
1714 [ssh_config]
1715 Add a "MACs" line after "Ciphers" with the default MAC algorithms,
1716 to ease people who want to tweak both (eg. for performance reasons).
1717 ok deraadt@ djm@ dtucker@
1718 - jmc@cvs.openbsd.org 2007/06/08 07:43:46
1719 [ssh_config.5]
1720 put the MAC list into a display, like we do for ciphers,
1721 since groff has trouble handling wide lines;
1722 - jmc@cvs.openbsd.org 2007/06/08 07:48:09
1723 [sshd_config.5]
1724 oops, here too: put the MAC list into a display, like we do for
1725 ciphers, since groff has trouble with wide lines;
1726 - markus@cvs.openbsd.org 2007/06/11 08:04:44
1727 [channels.c]
1728 send 'window adjust' messages every tree packets and do not wait
1729 until 50% of the window is consumed. ok djm dtucker
1730 - (djm) [configure.ac umac.c] If platform doesn't provide swap32(3), then
1731 fallback to provided bit-swizzing functions
1732 - (dtucker) [openbsd-compat/bsd-misc.c] According to the spec the "remainder"
1733 argument to nanosleep may be NULL. Currently this never happens in OpenSSH,
1734 but check anyway in case this changes or the code gets used elsewhere.
1735 - (dtucker) [includes.h] Bug #1243: HAVE_PATHS -> HAVE_PATHS_H. Should
1736 prevent warnings about redefinitions of various things in paths.h.
1737 Spotted by cartmanltd at hotmail.com.
1738
173920070605
1740 - (dtucker) OpenBSD CVS Sync
1741 - djm@cvs.openbsd.org 2007/05/22 10:18:52
1742 [sshd.c]
1743 zap double include; from p_nowaczyk AT o2.pl
1744 (not required in -portable, Id sync only)
1745 - djm@cvs.openbsd.org 2007/05/30 05:58:13
1746 [kex.c]
1747 tidy: KNF, ARGSUSED and u_int
1748 - jmc@cvs.openbsd.org 2007/05/31 19:20:16
1749 [scp.1 ssh_config.5 sftp-server.8 ssh-agent.1 sshd_config.5 sftp.1
1750 ssh-keygen.1 ssh-keyscan.1 ssh-add.1 sshd.8 ssh.1 ssh-keysign.8]
1751 convert to new .Dd format;
1752 (We will need to teach mdoc2man.awk to understand this too.)
1753 - djm@cvs.openbsd.org 2007/05/31 23:34:29
1754 [packet.c]
1755 gc unreachable code; spotted by Tavis Ormandy
1756 - djm@cvs.openbsd.org 2007/06/02 09:04:58
1757 [bufbn.c]
1758 memory leak on error path; from arnaud.lacombe.1 AT ulaval.ca
1759 - djm@cvs.openbsd.org 2007/06/05 06:52:37
1760 [kex.c monitor_wrap.c packet.c mac.h kex.h mac.c]
1761 Preserve MAC ctx between packets, saving 2xhash calls per-packet.
1762 Yields around a 12-16% end-to-end speedup for arcfour256/hmac-md5
1763 patch from markus@ tested dtucker@ and myself, ok markus@ and me (I'm
1764 committing at his request)
1765 - (dtucker) [mdoc2man.awk] Teach it to deal with $Mdocdate tags that
1766 OpenBSD's cvs now adds.
1767 - (dtucker) [mdoc2man.awk] Remove trailing "$" from Mdocdate regex so
1768 mindrot's cvs doesn't expand it on us.
1769 - (dtucker) [mdoc2man.awk] Add support for %R references, used for RFCs.
1770
177120070520
1772 - (dtucker) OpenBSD CVS Sync
1773 - stevesk@cvs.openbsd.org 2007/04/14 22:01:58
1774 [auth2.c]
1775 remove unused macro; from Dmitry V. Levin <ldv@altlinux.org>
1776 - stevesk@cvs.openbsd.org 2007/04/18 01:12:43
1777 [sftp-server.c]
1778 cast "%llu" format spec to (unsigned long long); do not assume a
1779 u_int64_t arg is the same as 'unsigned long long'.
1780 from Dmitry V. Levin <ldv@altlinux.org>
1781 ok markus@ 'Yes, that looks correct' millert@
1782 - dtucker@cvs.openbsd.org 2007/04/23 10:15:39
1783 [servconf.c]
1784 Remove debug() left over from development. ok deraadt@
1785 - djm@cvs.openbsd.org 2007/05/17 07:50:31
1786 [log.c]
1787 save and restore errno when logging; ok deraadt@
1788 - djm@cvs.openbsd.org 2007/05/17 07:55:29
1789 [sftp-server.c]
1790 bz#1286 stop reading and processing commands when input or output buffer
1791 is nearly full, otherwise sftp-server would happily try to grow the
1792 input/output buffers past the maximum supported by the buffer API and
1793 promptly fatal()
1794 based on patch from Thue Janus Kristensen; feedback & ok dtucker@
1795 - djm@cvs.openbsd.org 2007/05/17 20:48:13
1796 [sshconnect2.c]
1797 fall back to gethostname() when the outgoing connection is not
1798 on a socket, such as is the case when ProxyCommand is used.
1799 Gives hostbased auth an opportunity to work; bz#616, report
1800 and feedback stuart AT kaloram.com; ok markus@
1801 - djm@cvs.openbsd.org 2007/05/17 20:52:13
1802 [monitor.c]
1803 pass received SIGINT from monitor to postauth child so it can clean
1804 up properly. bz#1196, patch from senthilkumar_sen AT hotpop.com;
1805 ok markus@
1806 - jolan@cvs.openbsd.org 2007/05/17 23:53:41
1807 [sshconnect2.c]
1808 djm owes me a vb and a tism cd for breaking ssh compilation
1809 - (dtucker) [auth-pam.c] malloc+memset -> calloc. Patch from
1810 ldv at altlinux.org.
1811 - (dtucker) [auth-pam.c] Return empty string if fgets fails in
1812 sshpam_tty_conv. Patch from ldv at altlinux.org.
1813
181420070509
1815 - (tim) [configure.ac] Bug #1287: Add missing test for ucred.h.
1816
181720070429
1818 - (dtucker) [openbsd-compat/bsd-misc.c] Include unistd.h and sys/types.h
1819 for select(2) prototype.
1820 - (dtucker) [auth-shadow.c loginrec.c] Include time.h for time(2) prototype.
1821 - (dtucker) [configure.ac openbsd-compat/getrrsetbyname.c] Bug #1299: Use the
1822 platform's _res if it has one. Should fix problem of DNSSEC record lookups
1823 on NetBSD as reported by Curt Sampson.
1824 - (dtucker) [openbsd-compat/xmmap.c] Include stdlib.h for mkstemp prototype.
1825 - (dtucker) [configure.ac defines.h] Have configure check for MAXSYMLINKS
1826 so we don't get redefinition warnings.
1827 - (dtucker) [openbsd-compat/xmmap.c] Include stdlib.h for mkstemp prototype.
1828 - (dtucker) [configure.ac defines.h] Prevent warnings about __attribute__
1829 __nonnull__ for versions of GCC that don't support it.
1830 - (dtucker) [configure.ac defines.h] Have configure check for offsetof
1831 to prevent redefinition warnings.
1832
183320070406
1834 - (dtucker) [INSTALL] Update the systems that have PAM as standard. Link
1835 to OpenPAM too.
1836 - (dtucker) [INSTALL] prngd lives at sourceforge these days.
1837
183820070326
1839 - (tim) [auth.c configure.ac defines.h session.c openbsd-compat/port-uw.c
1840 openbsd-compat/port-uw.h openbsd-compat/xcrypt.c] Rework libiaf test/defines
1841 to account for IRIX having libiaf but not set_id(). Patch with & ok dtucker@
1842
184320070325
1844 - (dtucker) [Makefile.in configure.ac] Replace single-purpose LIBSELINUX,
1845 LIBWRAP and LIBPAM variables in Makefile with the general-purpose
1846 SSHDLIBS. "I like" djm@
1847
184820070321
1849 - (dtucker) OpenBSD CVS Sync
1850 - dtucker@cvs.openbsd.org 2007/03/09 05:20:06
1851 [servconf.c sshd.c]
1852 Move C/R -> kbdint special case to after the defaults have been
1853 loaded, which makes ChallengeResponse default to yes again. This
1854 was broken by the Match changes and not fixed properly subsequently.
1855 Found by okan at demirmen.com, ok djm@ "please do it" deraadt@
1856 - djm@cvs.openbsd.org 2007/03/19 01:01:29
1857 [sshd_config]
1858 Disable the legacy SSH protocol 1 for new installations via
1859 a configuration override. In the future, we will change the
1860 server's default itself so users who need the legacy protocol
1861 will need to turn it on explicitly
1862 - dtucker@cvs.openbsd.org 2007/03/19 12:16:42
1863 [ssh-agent.c]
1864 Remove the signal handler that checks if the agent's parent process
1865 has gone away, instead check when the select loop returns. Record when
1866 the next key will expire when scanning for expired keys. Set the select
1867 timeout to whichever of these two things happens next. With djm@, with &
1868 ok deraadt@ markus@
1869 - tedu@cvs.openbsd.org 2007/03/20 03:56:12
1870 [readconf.c clientloop.c]
1871 remove some bogus *p tests from charles longeau
1872 ok deraadt millert
1873 - jmc@cvs.openbsd.org 2007/03/20 15:57:15
1874 [sshd.8]
1875 - let synopsis and description agree for -f
1876 - sort FILES
1877 - +.Xr ssh-keyscan 1 ,
1878 from Igor Sobrado
1879 - (dtucker) [configure.ac openbsd-compat/bsd-getpeereid.c] Bug #1287: Use
1880 getpeerucred to implement getpeereid (currently only Solaris 10 and up).
1881 Patch by Jan.Pechanec at Sun.
1882 - (dtucker) [regress/agent-getpeereid.sh] Do peereid test if we have
1883 HAVE_GETPEERUCRED too. Also from Jan Pechanec.
1884
188520070313
1886 - (dtucker) [entropy.c scard-opensc.c ssh-rand-helper.c] Bug #1294: include
1887 string.h to prevent warnings, from vapier at gentoo.org.
1888 - (dtucker) [LICENCE] Add Daniel Walsh as a copyright holder for the
1889 selinux bits in -portable.
1890 - (dtucker) [cipher-3des1.c cipher-bf1.c] The OpenSSL 0.9.8e problem in
1891 bug #1291 also affects Protocol 1 3des. While at it, use compat-openssl.h
1892 in cipher-bf1.c. Patch from Juan Gallego.
1893 - (dtucker) [README.platform] Info about blibpath on AIX.
1894
189520070306
1896 - (djm) OpenBSD CVS Sync
1897 - jmc@cvs.openbsd.org 2007/03/01 16:19:33
1898 [sshd_config.5]
1899 sort the `match' keywords;
1900 - djm@cvs.openbsd.org 2007/03/06 10:13:14
1901 [version.h]
1902 openssh-4.6; "please" deraadt@
1903 - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
1904 [contrib/suse/openssh.spec] crank spec files for release
1905 - (djm) [README] correct link to release notes
1906 - (djm) Release 4.6p1
1907
190820070304
1909 - (djm) [configure.ac] add a --without-openssl-header-check option to
1910 configure, as some platforms (OS X) ship OpenSSL headers whose version
1911 does not match that of the shipping library. ok dtucker@
1912 - (dtucker) [openbsd-compat/openssl-compat.h] Bug #1291: Work around a
1913 bug in OpenSSL 0.9.8e that prevents aes256-ctr, aes192-ctr and arcfour256
1914 ciphers from working correctly (disconnects with "Bad packet length"
1915 errors) as found by Ben Harris. ok djm@
1916
191720070303
1918 - (dtucker) [regress/agent-ptrace.sh] Make ttrace gdb error a little more
1919 general to cover newer gdb versions on HP-UX.
1920
192120070302
1922 - (dtucker) [configure.ac] For Cygwin, read files in textmode (which allows
1923 CRLF as well as LF lineendings) and write in binary mode. Patch from
1924 vinschen at redhat.com.
1925 - (dtucker) [INSTALL] Update to autoconf-2.61.
1926
192720070301
1928 - (dtucker) OpenBSD CVS Sync
1929 - dtucker@cvs.openbsd.org 2007/03/01 10:28:02
1930 [auth2.c sshd_config.5 servconf.c]
1931 Remove ChallengeResponseAuthentication support inside a Match
1932 block as its interaction with KbdInteractive makes it difficult to
1933 support. Also, relocate the CR/kbdint option special-case code into
1934 servconf. "please commit" djm@, ok markus@ for the relocation.
1935 - (tim) [buildpkg.sh.in openssh.xml.in] Clean up Solaris 10 smf(5) bits.
1936 "Looks sane" dtucker@
1937
193820070228
1939 - (dtucker) OpenBSD CVS Sync
1940 - dtucker@cvs.openbsd.org 2007/02/28 00:55:30
1941 [ssh-agent.c]
1942 Remove expired keys periodically so they don't remain in memory when
1943 the agent is entirely idle, as noted by David R. Piegdon. This is the
1944 simple fix, a more efficient one will be done later. With markus,
1945 deraadt, with & ok djm.
1946
194720070225
1948 - (dtucker) OpenBSD CVS Sync
1949 - djm@cvs.openbsd.org 2007/02/20 10:25:14
1950 [clientloop.c]
1951 set maximum packet and window sizes the same for multiplexed clients
1952 as normal connections; ok markus@
1953 - dtucker@cvs.openbsd.org 2007/02/21 11:00:05
1954 [sshd.c]
1955 Clear alarm() before restarting sshd on SIGHUP. Without this, if there's
1956 a SIGALRM pending (for SSH1 key regeneration) when sshd is SIGHUP'ed, the
1957 newly exec'ed sshd will get the SIGALRM and not have a handler for it,
1958 and the default action will terminate the listening sshd. Analysis and
1959 patch from andrew at gaul.org.
1960 - dtucker@cvs.openbsd.org 2007/02/22 12:58:40
1961 [servconf.c]
1962 Check activep so Match and GatewayPorts work together; ok markus@
1963 - ray@cvs.openbsd.org 2007/02/24 03:30:11
1964 [moduli.c]
1965 - strlen returns size_t, not int.
1966 - Pass full buffer size to fgets.
1967 OK djm@, millert@, and moritz@.
1968
196920070219
1970 - (dtucker) OpenBSD CVS Sync
1971 - jmc@cvs.openbsd.org 2007/01/10 13:23:22
1972 [ssh_config.5]
1973 do not use a list for SYNOPSIS;
1974 this is actually part of a larger report sent by eric s. raymond
1975 and forwarded by brad, but i only read half of it. spotted by brad.
1976 - jmc@cvs.openbsd.org 2007/01/12 20:20:41
1977 [ssh-keygen.1 ssh-keygen.c]
1978 more secsh -> rfc 4716 updates;
1979 spotted by wiz@netbsd
1980 ok markus
1981 - dtucker@cvs.openbsd.org 2007/01/17 23:22:52
1982 [readconf.c]
1983 Honour activep for times (eg ServerAliveInterval) while parsing
1984 ssh_config and ~/.ssh/config so they work properly with Host directives.
1985 From mario.lorenz@wincor-nixdorf.com via bz #1275. ok markus@
1986 - stevesk@cvs.openbsd.org 2007/01/21 01:41:54
1987 [auth-skey.c kex.c ssh-keygen.c session.c clientloop.c]
1988 spaces
1989 - stevesk@cvs.openbsd.org 2007/01/21 01:45:35
1990 [readconf.c]
1991 spaces
1992 - djm@cvs.openbsd.org 2007/01/22 11:32:50
1993 [sftp-client.c]
1994 return error from do_upload() when a write fails. fixes bz#1252: zero
1995 exit status from sftp when uploading to a full device. report from
1996 jirkat AT atlas.cz; ok dtucker@
1997 - djm@cvs.openbsd.org 2007/01/22 13:06:21
1998 [scp.c]
1999 fix detection of whether we should show progress meter or not: scp
2000 tested isatty(stderr) but wrote the progress meter to stdout. This patch
2001 makes it test stdout. bz#1265 reported by junkmail AT bitsculpture.com;
2002 of dtucker@
2003 - stevesk@cvs.openbsd.org 2007/02/14 14:32:00
2004 [bufbn.c]
2005 typos in comments; ok jmc@
2006 - dtucker@cvs.openbsd.org 2007/02/19 10:45:58
2007 [monitor_wrap.c servconf.c servconf.h monitor.c sshd_config.5]
2008 Teach Match how handle config directives that are used before
2009 authentication. This allows configurations such as permitting password
2010 authentication from the local net only while requiring pubkey from
2011 offsite. ok djm@, man page bits ok jmc@
2012 - (dtucker) [contrib/findssl.sh] Add "which" as a shell function since some
2013 platforms don't have it. Patch from dleonard at vintela.com.
2014 - (dtucker) [openbsd-compat/getrrsetbyname.c] Don't attempt to calloc
2015 an array for signatures when there are none since "calloc(0, n) returns
2016 NULL on some platforms (eg Tru64), which is explicitly permitted by
2017 POSIX. Diagnosis and patch by svallet genoscope.cns.fr.
2018
201920070128
2020 - (djm) [channels.c serverloop.c] Fix so-called "hang on exit" (bz #52)
2021 when closing a tty session when a background process still holds tty
2022 fds open. Great detective work and patch by Marc Aurele La France,
2023 slightly tweaked by me; ok dtucker@
2024
202520070123
2026 - (dtucker) [openbsd-compat/bsd-snprintf.c] Static declarations for public
2027 library interfaces aren't very helpful. Fix up the DOPR_OUTCH macro
2028 so it works properly and modify its callers so that they don't pre or
2029 post decrement arguments that are conditionally evaluated. While there,
2030 put SNPRINTF_CONST back as it prevents build failures in some
2031 configurations. ok djm@ (for most of it)
2032
203320070122
2034 - (djm) [ssh-rand-helper.8] manpage nits;
2035 from dleonard AT vintela.com (bz#1529)
2036
203720070117
2038 - (dtucker) [packet.c] Re-remove in_systm.h since it's already in includes.h
2039 and multiple including it causes problems on old IRIXes. (It snuck back
2040 in during a sync.) Found (again) by Georg Schwarz.
2041
204220070114
2043 - (dtucker) [ssh-keygen.c] av -> argv to match earlier sync.
2044 - (djm) [openbsd-compat/bsd-snprintf.c] Fix integer overflow in return
2045 value of snprintf replacement, similar to bugs in various libc
2046 implementations. This overflow is not exploitable in OpenSSH.
2047 While I'm fiddling with it, make it a fair bit faster by inlining the
2048 append-char routine; ok dtucker@
2049
205020070105
2051 - (djm) OpenBSD CVS Sync
2052 - deraadt@cvs.openbsd.org 2006/11/14 19:41:04
2053 [ssh-keygen.c]
2054 use argc and argv not some made up short form
2055 - ray@cvs.openbsd.org 2006/11/23 01:35:11
2056 [misc.c sftp.c]
2057 Don't access buf[strlen(buf) - 1] for zero-length strings.
2058 ``ok by me'' djm@.
2059 - markus@cvs.openbsd.org 2006/12/11 21:25:46
2060 [ssh-keygen.1 ssh.1]
2061 add rfc 4716 (public key format); ok jmc
2062 - djm@cvs.openbsd.org 2006/12/12 03:58:42
2063 [channels.c compat.c compat.h]
2064 bz #1019: some ssh.com versions apparently can't cope with the
2065 remote port forwarding bind_address being a hostname, so send
2066 them an address for cases where they are not explicitly
2067 specified (wildcard or localhost bind). reported by daveroth AT
2068 acm.org; ok dtucker@ deraadt@
2069 - dtucker@cvs.openbsd.org 2006/12/13 08:34:39
2070 [servconf.c]
2071 Make PermitOpen work with multiple values like the man pages says.
2072 bz #1267 with details from peter at dmtz.com, with & ok djm@
2073 - dtucker@cvs.openbsd.org 2006/12/14 10:01:14
2074 [servconf.c]
2075 Make "PermitOpen all" first-match within a block to match the way other
2076 options work. ok markus@ djm@
2077 - jmc@cvs.openbsd.org 2007/01/02 09:57:25
2078 [sshd_config.5]
2079 do not use lists for SYNOPSIS;
2080 from eric s. raymond via brad
2081 - stevesk@cvs.openbsd.org 2007/01/03 00:53:38
2082 [ssh-keygen.c]
2083 remove small dead code; arnaud.lacombe.1@ulaval.ca via Coverity scan
2084 - stevesk@cvs.openbsd.org 2007/01/03 03:01:40
2085 [auth2-chall.c channels.c dns.c sftp.c ssh-keygen.c ssh.c]
2086 spaces
2087 - stevesk@cvs.openbsd.org 2007/01/03 04:09:15
2088 [sftp.c]
2089 ARGSUSED for lint
2090 - stevesk@cvs.openbsd.org 2007/01/03 07:22:36
2091 [sftp-server.c]
2092 spaces
2093
209420061205
2095 - (djm) [auth.c] Fix NULL pointer dereference in fakepw(). Crash would
2096 occur if the server did not have the privsep user and an invalid user
2097 tried to login and both privsep and krb5 auth are disabled; ok dtucker@
2098 - (djm) [bsd-asprintf.c] Better test for bad vsnprintf lengths; ok dtucker@
2099
210020061108
2101 - (dtucker) OpenBSD CVS Sync
2102 - markus@cvs.openbsd.org 2006/11/07 13:02:07
2103 [dh.c]
2104 BN_hex2bn returns int; from dtucker@
2105
210620061107
2107 - (dtucker) [sshd.c] Use privsep_pw if we have it, but only require it
2108 if we absolutely need it. Pointed out by Corinna, ok djm@
2109 - (dtucker) OpenBSD CVS Sync
2110 - markus@cvs.openbsd.org 2006/11/06 21:25:28
2111 [auth-rsa.c kexgexc.c kexdhs.c key.c ssh-dss.c sshd.c kexgexs.c
2112 ssh-keygen.c bufbn.c moduli.c scard.c kexdhc.c sshconnect1.c dh.c rsa.c]
2113 add missing checks for openssl return codes; with & ok djm@
2114 - markus@cvs.openbsd.org 2006/11/07 10:31:31
2115 [monitor.c version.h]
2116 correctly check for bad signatures in the monitor, otherwise the monitor
2117 and the unpriv process can get out of sync. with dtucker@, ok djm@,
2118 dtucker@
2119 - (dtucker) [README contrib/{caldera,redhat,contrib}/openssh.spec] Bump
2120 versions.
2121 - (dtucker) Release 4.5p1.
2122
212320061105
2124 - (djm) OpenBSD CVS Sync
2125 - otto@cvs.openbsd.org 2006/10/28 18:08:10
2126 [ssh.1]
2127 correct/expand example of usage of -w; ok jmc@ stevesk@
2128 - markus@cvs.openbsd.org 2006/10/31 16:33:12
2129 [kexdhc.c kexdhs.c kexgexc.c kexgexs.c]
2130 check DH_compute_key() for -1 even if it should not happen because of
2131 earlier calls to dh_pub_is_valid(); report krahmer at suse.de; ok djm
2132
213320061101
2134 - (dtucker) [openbsd-compat/port-solaris.c] Bug #1255: Make only hwerr
2135 events fatal in Solaris process contract support and tell it to signal
2136 only processes in the same process group when something happens.
2137 Based on information from andrew.benham at thus.net and similar to
2138 a patch from Chad Mynhier. ok djm@
2139
214020061027
2141- (djm) [auth.c] gc some dead code
2142
214320061023
2144 - (djm) OpenBSD CVS Sync
2145 - ray@cvs.openbsd.org 2006/09/30 17:48:22
2146 [sftp.c]
2147 Clear errno before calling the strtol functions.
2148 From Paul Stoeber <x0001 at x dot de1 dot cc>.
2149 OK deraadt@.
2150 - djm@cvs.openbsd.org 2006/10/06 02:29:19
2151 [ssh-agent.c ssh-keyscan.c ssh.c]
2152 sys/resource.h needs sys/time.h; prompted by brad@
2153 (NB. Id sync only for portable)
2154 - djm@cvs.openbsd.org 2006/10/09 23:36:11
2155 [session.c]
2156 xmalloc -> xcalloc that was missed previously, from portable
2157 (NB. Id sync only for portable, obviously)
2158 - markus@cvs.openbsd.org 2006/10/10 10:12:45
2159 [sshconnect.c]
2160 sleep before retrying (not after) since sleep changes errno; fixes
2161 pr 5250; rad@twig.com; ok dtucker djm
2162 - markus@cvs.openbsd.org 2006/10/11 12:38:03
2163 [clientloop.c serverloop.c]
2164 exit instead of doing a blocking tcp send if we detect a client/server
2165 timeout, since the tcp sendqueue might be already full (of alive
2166 requests); ok dtucker, report mpf
2167 - djm@cvs.openbsd.org 2006/10/22 02:25:50
2168 [sftp-client.c]
2169 cancel progress meter when upload write fails; ok deraadt@
2170 - (tim) [Makefile.in scard/Makefile.in] Add datarootdir= lines to keep
2171 autoconf 2.60 from complaining.
2172
217320061018
2174 - (dtucker) OpenBSD CVS Sync
2175 - ray@cvs.openbsd.org 2006/09/25 04:55:38
2176 [ssh-keyscan.1 ssh.1]
2177 Change "a SSH" to "an SSH". Hurray, I'm not the only one who
2178 pronounces "SSH" as "ess-ess-aich".
2179 OK jmc@ and stevesk@.
2180 - (dtucker) [sshd.c] Reshuffle storing of pw struct; prevents warnings
2181 on older versions of OS X. ok djm@
2182
218320061016
2184 - (dtucker) [monitor_fdpass.c] Include sys/in.h, required for cmsg macros
2185 on older (2.0) Linuxes. Based on patch from thmo-13 at gmx de.
2186
218720061006
2188 - (tim) [buildpkg.sh.in] Use uname -r instead of -v in OS_VER for Solaris.
2189 Differentiate between OpenServer 5 and OpenServer 6
2190 - (dtucker) [configure.ac] Set put -lselinux into $LIBS while testing for
2191 SELinux functions so they're detected correctly. Patch from pebenito at
2192 gentoo.org.
2193 - (tim) [buildpkg.sh.in] Some systems have really limited nawk (OpenServer).
2194 Allow setting alternate awk in openssh-config.local.
2195
219620061003
2197 - (tim) [configure.ac] Move CHECK_HEADERS test before platform specific
2198 section so additional platform specific CHECK_HEADER tests will work
2199 correctly. Fixes "<net/if_tap.h> on FreeBSD" problem report by des AT des.no
2200 Feedback and "seems like a good idea" dtucker@
2201
220220061001
2203 - (dtucker) [audit-bsm.c] Include errno.h. Pointed out by des at des.no.
2204
220520060929
2206 - (dtucker) [configure.ac] Bug #1239: Fix configure test for OpenSSH engine
2207 support. Patch from andrew.benham at thus net.
2208
220920060928
2210 - (dtucker) [entropy.c] Bug #1238: include signal.h to fix compilation error
2211 on Solaris 8 w/out /dev/random or prngd. Patch from rl at
2212 math.technion.ac.il.
2213
221420060926
2215 - (dtucker) [bufaux.h] nuke bufaux.h; it's already gone from OpenBSD and not
2216 referenced any more. ok djm@
2217 - (dtucker) [sftp-server.8] Resync; spotted by djm@
2218 - (dtucker) Release 4.4p1.
2219
222020060924
2221 - (tim) [configure.ac] Remove CFLAGS hack for UnixWare 1.x/2.x (added
2222 to rev 1.308) to work around broken gcc 2.x header file.
2223
222420060923
2225 - (dtucker) [configure.ac] Bug #1234: Put opensc libs into $LIBS rather than
2226 $LDFLAGS. Patch from vapier at gentoo org.
2227
222820060922
2229 - (dtucker) [packet.c canohost.c] Include arpa/inet.h for htonl macros on
2230 some platforms (eg HP-UX 11.00). From santhi.amirta at gmail com.
2231
223220060921
2233 - (dtucker) OpenBSD CVS Sync
2234 - otto@cvs.openbsd.org 2006/09/19 05:52:23
2235 [sftp.c]
2236 Use S_IS* macros insted of masking with S_IF* flags. The latter may
2237 have multiple bits set, which lead to surprising results. Spotted by
2238 Paul Stoeber, more to come. ok millert@ pedro@ jaredy@ djm@
2239 - markus@cvs.openbsd.org 2006/09/19 21:14:08
2240 [packet.c]
2241 client NULL deref on protocol error; Tavis Ormandy, Google Security Team
2242 - (dtucker) [defines.h] Include unistd.h before defining getpgrp; fixes
2243 build error on Ultrix. From Bernhard Simon.
2244
224520060918
2246 - (dtucker) [configure.ac] On AIX, check to see if the compiler will allow
2247 macro redefinitions, and if not, remove "-qlanglvl=ansi" from the flags.
2248 Allows build out of the box with older VAC and XLC compilers. Found by
2249 David Bronder and Bernhard Simon.
2250 - (dtucker) [openbsd-compat/port-aix.{c,h}] Reduce scope of includes.
2251 Prevents macro redefinition warnings of "RDONLY".
2252
225320060916
2254 - OpenBSD CVS Sync
2255 - djm@cvs.openbsd.org 2006/09/16 19:53:37
2256 [deattack.c deattack.h packet.c]
2257 limit maximum work performed by the CRC compensation attack detector,
2258 problem reported by Tavis Ormandy, Google Security Team;
2259 ok markus@ deraadt@
2260 - (djm) Add openssh.xml to .cvsignore and sort it
2261 - (dtucker) [auth-pam.c] Propogate TZ environment variable to PAM auth
2262 process so that any logging it does is with the right timezone. From
2263 Scott Strickler, ok djm@.
2264 - (dtucker) [monitor.c] Correctly handle auditing of single commands when
2265 using Protocol 1. From jhb at freebsd.
2266 - (djm) [sshd.c] Fix warning/API abuse; ok dtucker@
2267 - (dtucker) [INSTALL] Add info about audit support.
2268
226920060912
2270 - (djm) [Makefile.in buildpkg.sh.in configure.ac openssh.xml.in]
2271 Support SMF in Solaris Packages if enabled by configure. Patch from
2272 Chad Mynhier, tested by dtucker@
2273
227420060911
2275 - (dtucker) [cipher-aes.c] Include string.h for memcpy and friends. Noted
2276 by Pekka Savola.
2277
227820060910
2279 - (dtucker) [contrib/aix/buildbff.sh] Ensure that perl is available.
2280 - (dtucker) [configure.ac] Add -lcrypt to let DragonFly build OOTB.
2281
228220060909
2283 - (dtucker) [openbsd-compat/bsd-snprintf.c] Add stdarg.h.
2284 - (dtucker) [contrib/aix/buildbff.sh] Always create privsep user.
2285 - (dtucker) [buildpkg.sh.in] Always create privsep user. ok djm@
2286
228720060908
2288 - (dtucker) [auth-sia.c] Add includes required for build on Tru64. Patch
2289 from Chris Adams.
2290 - (dtucker) [configure.ac] The BSM header test needs time.h in some cases.
2291
229220060907
2293 - (djm) [sshd.c auth.c] Set up fakepw() with privsep uid/gid, so it can
2294 be used to drop privilege to; fixes Solaris GSSAPI crash reported by
2295 Magnus Abrante; suggestion and feedback dtucker@
2296 NB. this change will require that the privilege separation user must
2297 exist on all the time, not just when UsePrivilegeSeparation=yes
2298 - (tim) [configure.ac] s/BROKEN_UPDWTMP/BROKEN_UPDWTMPX/ on SCO OSR6
2299 - (dtucker) [loginrec.c] Wrap paths.h in HAVE_PATHS_H.
2300 - (dtucker) [regress/cfgmatch.sh] stop_client is racy, so give us a better
2301 chance of winning.
2302
230320060905
2304 - (dtucker) [configure.ac] s/AC_DEFINES/AC_DEFINE/ spotted by Roumen Petrov.
2305 - (dtucker) [loginrec.c] Include paths.h for _PATH_BTMP.
2306
230720060904
2308 - (dtucker) [configure.ac] Define BROKEN_UPDWTMP on SCO OSR6 as the native
2309 updwdtmp seems to generate invalid wtmp entries. From Roger Cornelius,
2310 ok djm@
2311
231220060903
2313 - (dtucker) [configure.ac openbsd-compat/openbsd-compat.h] Check for
2314 declaration of writev(2) and declare it ourselves if necessary. Makes
2315 the atomiciov() calls build on really old systems. ok djm@
2316
231720060902
2318 - (dtucker) [openbsd-compat/port-irix.c] Add errno.h, found by Iain Morgan.
2319 - (dtucker) [ssh-keyscan.c ssh-rand-helper.c ssh.c sshconnect.c
2320 openbsd-compat/bindresvport.c openbsd-compat/getrrsetbyname.c
2321 openbsd-compat/port-tun.c openbsd-compat/rresvport.c] Include <arpa/inet.h>
2322 for hton* and ntoh* macros. Required on (at least) HP-UX since we define
2323 _XOPEN_SOURCE_EXTENDED. Found by santhi.amirta at gmail com.
2324
232520060901
2326 - (djm) [audit-bsm.c audit.c auth-bsdauth.c auth-chall.c auth-pam.c]
2327 [auth-rsa.c auth-shadow.c auth-sia.c auth1.c auth2-chall.c]
2328 [auth2-gss.c auth2-kbdint.c auth2-none.c authfd.c authfile.c]
2329 [cipher-3des1.c cipher-aes.c cipher-bf1.c cipher-ctr.c clientloop.c]
2330 [dh.c dns.c entropy.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c]
2331 [kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c loginrec.c mac.c]
2332 [md5crypt.c monitor.c monitor_wrap.c readconf.c rsa.c]
2333 [scard-opensc.c scard.c session.c ssh-add.c ssh-agent.c ssh-dss.c]
2334 [ssh-keygen.c ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c]
2335 [sshconnect1.c sshconnect2.c sshd.c]
2336 [openbsd-compat/bsd-cray.c openbsd-compat/port-aix.c]
2337 [openbsd-compat/port-linux.c openbsd-compat/port-solaris.c]
2338 [openbsd-compat/port-uw.c]
2339 Lots of headers for SCO OSR6, mainly adding stdarg.h for log.h;
2340 compile problems reported by rac AT tenzing.org
2341 - (djm) [includes.h monitor.c openbsd-compat/bindresvport.c]
2342 [openbsd-compat/rresvport.c] Some more headers: netinet/in.h
2343 sys/socket.h and unistd.h in various places
2344 - (dtucker) [openbsd-compat/bsd-cygwin_util.c] Fix implict declaration
2345 warnings for binary_open and binary_close. Patch from Corinna Vinschen.
2346 - (dtucker) [configure.ac includes.h openbsd-compat/glob.{c,h}] Explicitly
2347 test for GLOB_NOMATCH and use our glob functions if it's not found.
2348 Stops sftp from segfaulting when attempting to get a nonexistent file on
2349 Cygwin (previous versions of OpenSSH didn't use the native glob). Partly
2350 from and tested by Corinna Vinschen.
2351 - (dtucker) [README contrib/{caldera,redhat,suse}/openssh.spec] Crank
2352 versions.
2353
235420060831
2355 - (djm) [CREDITS LICENCE Makefile.in auth.c configure.ac includes.h ]
2356 [platform.c platform.h sshd.c openbsd-compat/Makefile.in]
2357 [openbsd-compat/openbsd-compat.h openbsd-compat/port-solaris.c]
2358 [openbsd-compat/port-solaris.h] Add support for Solaris process
2359 contracts, enabled with --use-solaris-contracts. Patch from Chad
2360 Mynhier, tweaked by dtucker@ and myself; ok dtucker@
2361 - (dtucker) [contrib/cygwin/ssh-host-config] Add SeTcbPrivilege privilege
2362 while setting up the ssh service account. Patch from Corinna Vinschen.
2363
236420060830
2365 - (djm) OpenBSD CVS Sync
2366 - dtucker@cvs.openbsd.org 2006/08/21 08:14:01
2367 [sshd_config.5]
2368 Document HostbasedUsesNameFromPacketOnly. Corrections from jmc@,
2369 ok jmc@ djm@
2370 - dtucker@cvs.openbsd.org 2006/08/21 08:15:57
2371 [sshd.8]
2372 Add more detail about what permissions are and aren't accepted for
2373 authorized_keys files. Corrections jmc@, ok djm@, "looks good" jmc@
2374 - djm@cvs.openbsd.org 2006/08/29 10:40:19
2375 [channels.c session.c]
2376 normalise some inconsistent (but harmless) NULL pointer checks
2377 spotted by the Stanford SATURN tool, via Isil Dillig;
2378 ok markus@ deraadt@
2379 - dtucker@cvs.openbsd.org 2006/08/29 12:02:30
2380 [gss-genr.c]
2381 Work around a problem in Heimdal that occurs when KRB5CCNAME file is
2382 missing, by checking whether or not kerberos allocated us a context
2383 before attempting to free it. Patch from Simon Wilkinson, tested by
2384 biorn@, ok djm@
2385 - dtucker@cvs.openbsd.org 2006/08/30 00:06:51
2386 [sshconnect2.c]
2387 Fix regression where SSH2 banner is printed at loglevels ERROR and FATAL
2388 where previously it weren't. bz #1221, found by Dean Kopesky, ok djm@
2389 - djm@cvs.openbsd.org 2006/08/30 00:14:37
2390 [version.h]
2391 crank to 4.4
2392 - (djm) [openbsd-compat/xcrypt.c] needs unistd.h
2393 - (dtucker) [auth.c openbsd-compat/port-aix.c] Bug #1207: always call
2394 loginsuccess on AIX immediately after authentication to clear the failed
2395 login count. Previously this would only happen when an interactive
2396 session starts (ie when a pty is allocated) but this means that accounts
2397 that have primarily non-interactive sessions (eg scp's) may gradually
2398 accumulate enough failures to lock out an account. This change may have
2399 a side effect of creating two audit records, one with a tty of "ssh"
2400 corresponding to the authentication and one with the allocated pty per
2401 interactive session.
2402
240320060824
2404 - (dtucker) [openbsd-compat/basename.c] Include errno.h.
2405 - (dtucker) [openbsd-compat/bsd-misc.c] Add includes needed for select(2) on
2406 older systems.
2407 - (dtucker) [openbsd-compat/bsd-misc.c] Include <sys/select.h> for select(2)
2408 on POSIX systems.
2409 - (dtucker) [openbsd-compat/bsd-openpty.c] Include for ioctl(2).
2410 - (dtucker) [openbsd-compat/rresvport.c] Include <stdlib.h> for malloc.
2411 - (dtucker) [openbsd-compat/xmmap.c] Move #define HAVE_MMAP to prevent
2412 unused variable warning when we have a broken or missing mmap(2).
2413
241420060822
2415 - (dtucker) [Makefile.in] Bug #1177: fix incorrect path for sshrc in
2416 Makefile. Patch from santhi.amirta at gmail, ok djm.
2417
241820060820
2419 - (dtucker) [log.c] Move ifdef to prevent unused variable warning.
2420 - (dtucker) [configure.ac] Save $LIBS during PAM library tests and restore
2421 afterward. Removes the need to mangle $LIBS later to remove -lpam and -ldl.
2422 - (dtucker) [configure.ac] Relocate --with-pam parts in preparation for
2423 fixing bug #1181. No changes yet.
2424 - (dtucker) [configure.ac] Bug #1181: Explicitly test to see if OpenSSL
2425 (0.9.8a and presumably newer) requires -ldl to successfully link.
2426 - (dtucker) [configure.ac] Remove errant "-".
2427
242820060819
2429 - (djm) OpenBSD CVS Sync
2430 - djm@cvs.openbsd.org 2006/08/18 22:41:29
2431 [gss-genr.c]
2432 GSSAPI error code should be 0 and not -1; from simon@sxw.org.uk
2433 - (dtucker) [openbsd-compat/regress/Makefile.in] Add $(EXEEXT) and add a
2434 single rule for the test progs.
2435
243620060818
2437 - (dtucker) [configure.ac openbsd-compat/bsd-closefrom.c] Resync with
2438 closefrom.c from sudo.
2439 - (dtucker) [openbsd-compat/bsd-closefrom.c] Comment out rcsid.
2440 - (dtucker) [openbsd-compat/regress/snprintftest.c] Newline on error.
2441 - (dtucker) [openbsd-compat/regress/Makefile.in] Use implicit rules for the
2442 test progs instead; they work better than what we have.
2443 - (djm) OpenBSD CVS Sync
2444 - stevesk@cvs.openbsd.org 2006/08/06 01:13:32
2445 [compress.c monitor.c monitor_wrap.c]
2446 "zlib.h" can be <zlib.h>; ok djm@ markus@
2447 - miod@cvs.openbsd.org 2006/08/12 20:46:46
2448 [monitor.c monitor_wrap.c]
2449 Revert previous include file ordering change, for ssh to compile under
2450 gcc2 (or until openssl include files are cleaned of parameter names
2451 in function prototypes)
2452 - dtucker@cvs.openbsd.org 2006/08/14 12:40:25
2453 [servconf.c servconf.h sshd_config.5]
2454 Add ability to match groups to Match keyword in sshd_config. Feedback
2455 djm@, stevesk@, ok stevesk@.
2456 - djm@cvs.openbsd.org 2006/08/16 11:47:15
2457 [sshd.c]
2458 factor inetd connection, TCP listen and main TCP accept loop out of
2459 main() into separate functions to improve readability; ok markus@
2460 - deraadt@cvs.openbsd.org 2006/08/18 09:13:26
2461 [log.c log.h sshd.c]
2462 make signal handler termination path shorter; risky code pointed out by
2463 mark dowd; ok djm markus
2464 - markus@cvs.openbsd.org 2006/08/18 09:15:20
2465 [auth.h session.c sshd.c]
2466 delay authentication related cleanups until we're authenticated and
2467 all alarms have been cancelled; ok deraadt
2468 - djm@cvs.openbsd.org 2006/08/18 10:27:16
2469 [misc.h]
2470 reorder so prototypes are sorted by the files they refer to; no
2471 binary change
2472 - djm@cvs.openbsd.org 2006/08/18 13:54:54
2473 [gss-genr.c ssh-gss.h sshconnect2.c]
2474 bz #1218 - disable SPNEGO as per RFC4462; diff from simon AT sxw.org.uk
2475 ok markus@
2476 - djm@cvs.openbsd.org 2006/08/18 14:40:34
2477 [gss-genr.c ssh-gss.h]
2478 constify host argument to match the rest of the GSSAPI functions and
2479 unbreak compilation with -Werror
2480 - (djm) Disable sigdie() for platforms that cannot safely syslog inside
2481 a signal handler (basically all of them, excepting OpenBSD);
2482 ok dtucker@
2483
248420060817
2485 - (dtucker) [openbsd-compat/fake-rfc2553.c openbsd-compat/setproctitle.c]
2486 Include stdlib.h for malloc and friends.
2487 - (dtucker) [configure.ac openbsd-compat/bsd-closefrom.c] Use F_CLOSEM fcntl
2488 for closefrom() on AIX. Pointed out by William Ahern.
2489 - (dtucker) [openbsd-compat/regress/{Makefile.in,closefromtest.c}] Regress
2490 test for closefrom() in compat code.
2491
249220060816
2493 - (djm) [audit-bsm.c] Sprinkle in some headers
2494
249520060815
2496 - (dtucker) [LICENCE] Add Reyk to the list for the compat dir.
2497
249820060806
2499 - (djm) [openbsd-compat/bsd-getpeereid.c] Add some headers to quiet warnings
2500 on Solaris 10
2501
250220060806
2503 - (dtucker) [defines.h] With the includes.h changes we no longer get the
2504 name clash on "YES" so we can remove the workaround for it.
2505 - (dtucker) [openbsd-compat/{bsd-asprintf.c,bsd-openpty.c,bsd-snprintf.c,
2506 glob.c}] Include stdlib.h for malloc and friends in compat code.
2507
250820060805
2509 - (djm) OpenBSD CVS Sync
2510 - stevesk@cvs.openbsd.org 2006/07/24 13:58:22
2511 [sshconnect.c]
2512 disable tunnel forwarding when no strict host key checking
2513 and key changed; ok djm@ markus@ dtucker@
2514 - stevesk@cvs.openbsd.org 2006/07/25 02:01:34
2515 [scard.c]
2516 need #include <string.h>
2517 - stevesk@cvs.openbsd.org 2006/07/25 02:59:21
2518 [channels.c clientloop.c packet.c scp.c serverloop.c sftp-client.c]
2519 [sftp-server.c ssh-agent.c ssh-keyscan.c sshconnect.c sshd.c]
2520 move #include <sys/time.h> out of includes.h
2521 - stevesk@cvs.openbsd.org 2006/07/26 02:35:17
2522 [atomicio.c auth.c dh.c authfile.c buffer.c clientloop.c kex.c]
2523 [groupaccess.c gss-genr.c kexgexs.c misc.c monitor.c monitor_mm.c]
2524 [packet.c scp.c serverloop.c session.c sftp-client.c sftp-common.c]
2525 [sftp-server.c sftp.c ssh-add.c ssh-agent.c ssh-keygen.c sshlogin.c]
2526 [uidswap.c xmalloc.c]
2527 move #include <sys/param.h> out of includes.h
2528 - stevesk@cvs.openbsd.org 2006/07/26 13:57:17
2529 [authfd.c authfile.c dh.c canohost.c channels.c clientloop.c compat.c]
2530 [hostfile.c kex.c log.c misc.c moduli.c monitor.c packet.c readpass.c]
2531 [scp.c servconf.c session.c sftp-server.c sftp.c ssh-add.c ssh-agent.c]
2532 [ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh.c sshconnect.c]
2533 [sshconnect1.c sshd.c xmalloc.c]
2534 move #include <stdlib.h> out of includes.h
2535 - jmc@cvs.openbsd.org 2006/07/27 08:00:50
2536 [ssh_config.5]
2537 avoid confusing wording in HashKnownHosts:
2538 originally spotted by alan amesbury;
2539 ok deraadt
2540 - jmc@cvs.openbsd.org 2006/07/27 08:00:50
2541 [ssh_config.5]
2542 avoid confusing wording in HashKnownHosts:
2543 originally spotted by alan amesbury;
2544 ok deraadt
2545 - dtucker@cvs.openbsd.org 2006/08/01 11:34:36
2546 [sshconnect.c]
2547 Allow fallback to known_hosts entries without port qualifiers for
2548 non-standard ports too, so that all existing known_hosts entries will be
2549 recognised. Requested by, feedback and ok markus@
2550 - stevesk@cvs.openbsd.org 2006/08/01 23:22:48
2551 [auth-passwd.c auth-rhosts.c auth-rsa.c auth.c auth.h auth1.c]
2552 [auth2-chall.c auth2-pubkey.c authfile.c buffer.c canohost.c]
2553 [channels.c clientloop.c dh.c dns.c dns.h hostfile.c kex.c kexdhc.c]
2554 [kexgexc.c kexgexs.c key.c key.h log.c misc.c misc.h moduli.c]
2555 [monitor_wrap.c packet.c progressmeter.c readconf.c readpass.c scp.c]
2556 [servconf.c session.c sftp-client.c sftp-common.c sftp-server.c sftp.c]
2557 [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh.c sshconnect.c]
2558 [sshconnect1.c sshconnect2.c sshd.c sshlogin.c sshtty.c uuencode.c]
2559 [uuencode.h xmalloc.c]
2560 move #include <stdio.h> out of includes.h
2561 - stevesk@cvs.openbsd.org 2006/08/01 23:36:12
2562 [authfile.c channels.c progressmeter.c scard.c servconf.c ssh.c]
2563 clean extra spaces
2564 - deraadt@cvs.openbsd.org 2006/08/03 03:34:42
2565 [OVERVIEW atomicio.c atomicio.h auth-bsdauth.c auth-chall.c auth-krb5.c]
2566 [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
2567 [auth-rsa.c auth-skey.c auth.c auth.h auth1.c auth2-chall.c auth2-gss.c]
2568 [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c ]
2569 [auth2-pubkey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufbn.c]
2570 [buffer.c buffer.h canohost.c channels.c channels.h cipher-3des1.c]
2571 [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
2572 [compress.c deattack.c dh.c dispatch.c dns.c dns.h fatal.c groupaccess.c]
2573 [groupaccess.h gss-genr.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c]
2574 [kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c]
2575 [key.h log.c log.h mac.c match.c md-sha256.c misc.c misc.h moduli.c]
2576 [monitor.c monitor_fdpass.c monitor_mm.c monitor_mm.h monitor_wrap.c]
2577 [monitor_wrap.h msg.c nchan.c packet.c progressmeter.c readconf.c]
2578 [readconf.h readpass.c rsa.c scard.c scard.h scp.c servconf.c servconf.h]
2579 [serverloop.c session.c session.h sftp-client.c sftp-common.c]
2580 [sftp-common.h sftp-glob.c sftp-server.c sftp.c ssh-add.c ssh-agent.c]
2581 [ssh-dss.c ssh-gss.h ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rsa.c]
2582 [ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c]
2583 [sshd.c sshlogin.c sshlogin.h sshpty.c sshpty.h sshtty.c ttymodes.c]
2584 [uidswap.c uidswap.h uuencode.c uuencode.h xmalloc.c xmalloc.h]
2585 [loginrec.c loginrec.h openbsd-compat/port-aix.c openbsd-compat/port-tun.h]
2586 almost entirely get rid of the culture of ".h files that include .h files"
2587 ok djm, sort of ok stevesk
2588 makes the pain stop in one easy step
2589 NB. portable commit contains everything *except* removing includes.h, as
2590 that will take a fair bit more work as we move headers that are required
2591 for portability workarounds to defines.h. (also, this step wasn't "easy")
2592 - stevesk@cvs.openbsd.org 2006/08/04 20:46:05
2593 [monitor.c session.c ssh-agent.c]
2594 spaces
2595 - (djm) [auth-pam.c defines.h] Move PAM related bits to auth-pam.c
2596 - (djm) [auth-pam.c auth.c bufaux.h entropy.c openbsd-compat/port-tun.c]
2597 remove last traces of bufaux.h - it was merged into buffer.h in the big
2598 includes.h commit
2599 - (djm) [auth.c loginrec.c] Missing netinet/in.h for loginrec
2600 - (djm) [openbsd-compat/regress/snprintftest.c]
2601 [openbsd-compat/regress/strduptest.c] Add missing includes so they pass
2602 compilation with "-Wall -Werror"
2603 - (djm) [auth-pam.c auth-shadow.c auth2-none.c cleanup.c sshd.c]
2604 [openbsd-compat/port-tun.c openbsd-compat/port-tun.h] Sprinkle more
2605 includes for Linux in
2606 - (dtucker) [cleanup.c] Need defines.h for __dead.
2607 - (dtucker) [auth2-gss.c] We still need the #ifdef GSSAPI in -portable.
2608 - (dtucker) [openbsd-compat/{bsd-arc4random.c,port-tun.c,xmmap.c}] Lots of
2609 #include stdarg.h, needed for log.h.
2610 - (dtucker) [entropy.c] Needs unistd.h too.
2611 - (dtucker) [ssh-rand-helper.c] Needs stdarg.h for log.h.
2612 - (dtucker) [openbsd-compat/getrrsetbyname.c] Nees stdlib.h for malloc.
2613 - (dtucker) [openbsd-compat/strtonum.c] Include stdlib.h for strtoll,
2614 otherwise it is implicitly declared as returning an int.
2615 - (dtucker) OpenBSD CVS Sync
2616 - dtucker@cvs.openbsd.org 2006/08/05 07:52:52
2617 [auth2-none.c sshd.c monitor_wrap.c]
2618 Add headers required to build with KERBEROS5=no. ok djm@
2619 - dtucker@cvs.openbsd.org 2006/08/05 08:00:33
2620 [auth-skey.c]
2621 Add headers required to build with -DSKEY. ok djm@
2622 - dtucker@cvs.openbsd.org 2006/08/05 08:28:24
2623 [monitor_wrap.c auth-skey.c auth2-chall.c]
2624 Zap unused variables in -DSKEY code. ok djm@
2625 - dtucker@cvs.openbsd.org 2006/08/05 08:34:04
2626 [packet.c]
2627 Typo in comment
2628 - (dtucker) [openbsd-compat/bsd-cygwin_util.c] Add headers required to compile
2629 on Cygwin.
2630 - (dtucker) [openbsd-compat/fake-rfc2553.c] Add headers needed for inet_ntoa.
2631 - (dtucker) [auth-skey.c] monitor_wrap.h needs ssh-gss.h.
2632 - (dtucker) [audit.c audit.h] Repair headers.
2633 - (dtucker) [audit-bsm.c] Add additional headers now required.
2634
263520060804
2636 - (dtucker) [configure.ac] The "crippled AES" test does not work on recent
2637 versions of Solaris, so use AC_LINK_IFELSE to actually link the test program
2638 rather than just compiling it. Spotted by dlg@.
2639
264020060802
2641 - (dtucker) [openbsd-compat/daemon.c] Add unistd.h for fork() prototype.
2642
264320060725
2644 - (dtucker) [openbsd-compat/xmmap.c] Need fcntl.h for O_RDRW.
2645
264620060724
2647 - (djm) OpenBSD CVS Sync
2648 - jmc@cvs.openbsd.org 2006/07/12 13:39:55
2649 [sshd_config.5]
2650 - new sentence, new line
2651 - s/The the/The/
2652 - kill a bad comma
2653 - stevesk@cvs.openbsd.org 2006/07/12 22:28:52
2654 [auth-options.c canohost.c channels.c includes.h readconf.c]
2655 [servconf.c ssh-keyscan.c ssh.c sshconnect.c sshd.c]
2656 move #include <netdb.h> out of includes.h; ok djm@
2657 - stevesk@cvs.openbsd.org 2006/07/12 22:42:32
2658 [includes.h ssh.c ssh-rand-helper.c]
2659 move #include <stddef.h> out of includes.h
2660 - stevesk@cvs.openbsd.org 2006/07/14 01:15:28
2661 [monitor_wrap.h]
2662 don't need incompletely-typed 'struct passwd' now with
2663 #include <pwd.h>; ok markus@
2664 - stevesk@cvs.openbsd.org 2006/07/17 01:31:10
2665 [authfd.c authfile.c channels.c cleanup.c clientloop.c groupaccess.c]
2666 [includes.h log.c misc.c msg.c packet.c progressmeter.c readconf.c]
2667 [readpass.c scp.c servconf.c sftp-client.c sftp-server.c sftp.c]
2668 [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh.c]
2669 [sshconnect.c sshlogin.c sshpty.c uidswap.c]
2670 move #include <unistd.h> out of includes.h
2671 - dtucker@cvs.openbsd.org 2006/07/17 12:02:24
2672 [auth-options.c]
2673 Use '\0' rather than 0 to terminates strings; ok djm@
2674 - dtucker@cvs.openbsd.org 2006/07/17 12:06:00
2675 [channels.c channels.h servconf.c sshd_config.5]
2676 Add PermitOpen directive to sshd_config which is equivalent to the
2677 "permitopen" key option. Allows server admin to allow TCP port
2678 forwarding only two specific host/port pairs. Useful when combined
2679 with Match.
2680 If permitopen is used in both sshd_config and a key option, both
2681 must allow a given connection before it will be permitted.
2682 Note that users can still use external forwarders such as netcat,
2683 so to be those must be controlled too for the limits to be effective.
2684 Feedback & ok djm@, man page corrections & ok jmc@.
2685 - jmc@cvs.openbsd.org 2006/07/18 07:50:40
2686 [sshd_config.5]
2687 tweak; ok dtucker
2688 - jmc@cvs.openbsd.org 2006/07/18 07:56:28
2689 [scp.1]
2690 replace DIAGNOSTICS with .Ex;
2691 - jmc@cvs.openbsd.org 2006/07/18 08:03:09
2692 [ssh-agent.1 sshd_config.5]
2693 mark up angle brackets;
2694 - dtucker@cvs.openbsd.org 2006/07/18 08:22:23
2695 [sshd_config.5]
2696 Clarify description of Match, with minor correction from jmc@
2697 - stevesk@cvs.openbsd.org 2006/07/18 22:27:55
2698 [dh.c]
2699 remove unneeded includes; ok djm@
2700 - dtucker@cvs.openbsd.org 2006/07/19 08:56:41
2701 [servconf.c sshd_config.5]
2702 Add support for X11Forwaring, X11DisplayOffset and X11UseLocalhost to
2703 Match. ok djm@
2704 - dtucker@cvs.openbsd.org 2006/07/19 13:07:10
2705 [servconf.c servconf.h session.c sshd.8 sshd_config sshd_config.5]
2706 Add ForceCommand keyword to sshd_config, equivalent to the "command="
2707 key option, man page entry and example in sshd_config.
2708 Feedback & ok djm@, man page corrections & ok jmc@
2709 - stevesk@cvs.openbsd.org 2006/07/20 15:26:15
2710 [auth1.c serverloop.c session.c sshconnect2.c]
2711 missed some needed #include <unistd.h> when KERBEROS5=no; issue from
2712 massimo@cedoc.mo.it
2713 - dtucker@cvs.openbsd.org 2006/07/21 12:43:36
2714 [channels.c channels.h servconf.c servconf.h sshd_config.5]
2715 Make PermitOpen take a list of permitted ports and act more like most
2716 other keywords (ie the first match is the effective setting). This
2717 also makes it easier to override a previously set PermitOpen. ok djm@
2718 - stevesk@cvs.openbsd.org 2006/07/21 21:13:30
2719 [channels.c]
2720 more ARGSUSED (lint) for dispatch table-driven functions; ok djm@
2721 - stevesk@cvs.openbsd.org 2006/07/21 21:26:55
2722 [progressmeter.c]
2723 ARGSUSED for signal handler
2724 - stevesk@cvs.openbsd.org 2006/07/22 19:08:54
2725 [includes.h moduli.c progressmeter.c scp.c sftp-common.c]
2726 [sftp-server.c ssh-agent.c sshlogin.c]
2727 move #include <time.h> out of includes.h
2728 - stevesk@cvs.openbsd.org 2006/07/22 20:48:23
2729 [atomicio.c auth-options.c auth-passwd.c auth-rhosts.c auth-rsa.c]
2730 [auth.c auth1.c auth2-chall.c auth2-hostbased.c auth2-passwd.c auth2.c]
2731 [authfd.c authfile.c bufaux.c bufbn.c buffer.c canohost.c channels.c]
2732 [cipher-3des1.c cipher-bf1.c cipher-ctr.c cipher.c clientloop.c]
2733 [compat.c deattack.c dh.c dns.c gss-genr.c gss-serv.c hostfile.c]
2734 [includes.h kex.c kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c log.c]
2735 [mac.c match.c md-sha256.c misc.c moduli.c monitor.c monitor_fdpass.c]
2736 [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c rsa.c]
2737 [progressmeter.c readconf.c readpass.c scp.c servconf.c serverloop.c]
2738 [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c sftp.c]
2739 [ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c]
2740 [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c sshconnect2.c]
2741 [sshd.c sshlogin.c sshpty.c ttymodes.c uidswap.c xmalloc.c]
2742 move #include <string.h> out of includes.h
2743 - stevesk@cvs.openbsd.org 2006/07/23 01:11:05
2744 [auth.h dispatch.c kex.h sftp-client.c]
2745 #include <signal.h> for sig_atomic_t; need this prior to <sys/param.h>
2746 move
2747 - (djm) [acss.c auth-krb5.c auth-options.c auth-pam.c auth-shadow.c]
2748 [canohost.c channels.c cipher-acss.c defines.h dns.c gss-genr.c]
2749 [gss-serv-krb5.c gss-serv.c log.h loginrec.c logintest.c readconf.c]
2750 [servconf.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rand-helper.c]
2751 [ssh.c sshconnect.c sshd.c openbsd-compat/bindresvport.c]
2752 [openbsd-compat/bsd-arc4random.c openbsd-compat/bsd-misc.c]
2753 [openbsd-compat/getrrsetbyname.c openbsd-compat/glob.c]
2754 [openbsd-compat/mktemp.c openbsd-compat/port-linux.c]
2755 [openbsd-compat/port-tun.c openbsd-compat/readpassphrase.c]
2756 [openbsd-compat/setproctitle.c openbsd-compat/xmmap.c]
2757 make the portable tree compile again - sprinkle unistd.h and string.h
2758 back in. Don't redefine __unused, as it turned out to be used in
2759 headers on Linux, and replace its use in auth-pam.c with ARGSUSED
2760 - (djm) [openbsd-compat/glob.c]
2761 Move get_arg_max() into the ifdef HAVE_GLOB block so that it compiles
2762 on OpenBSD (or other platforms with a decent glob implementation) with
2763 -Werror
2764 - (djm) [uuencode.c]
2765 Add resolv.h, is it contains the prototypes for __b64_ntop/__b64_pton on
2766 some platforms
2767 - (djm) [session.c]
2768 fix compile error with -Werror -Wall: 'path' is only used in
2769 do_setup_env() if HAVE_LOGIN_CAP is not defined
2770 - (djm) [openbsd-compat/basename.c openbsd-compat/bsd-closefrom.c]
2771 [openbsd-compat/bsd-cray.c openbsd-compat/bsd-openpty.c]
2772 [openbsd-compat/bsd-snprintf.c openbsd-compat/fake-rfc2553.c]
2773 [openbsd-compat/port-aix.c openbsd-compat/port-irix.c]
2774 [openbsd-compat/rresvport.c]
2775 These look to need string.h and/or unistd.h (based on a grep for function
2776 names)
2777 - (djm) [Makefile.in]
2778 Remove generated openbsd-compat/regress/Makefile in distclean target
2779 - (djm) [regress/Makefile regress/agent-getpeereid.sh regress/cfgmatch.sh]
2780 [regress/cipher-speed.sh regress/forcecommand.sh regress/forwarding.sh]
2781 Sync regress tests to -current; include dtucker@'s new cfgmatch and
2782 forcecommand tests. Add cipher-speed.sh test (not linked in yet)
2783 - (dtucker) [cleanup.c] Since config.h defines _LARGE_FILES on AIX, including
2784 system headers before defines.h will cause conflicting definitions.
2785 - (dtucker) [regress/forcecommand.sh] Portablize.
2786
278720060713
2788 - (dtucker) [auth-krb5.c auth-pam.c] Still more errno.h
2789
279020060712
2791 - (dtucker) [configure.ac defines.h] Only define SHUT_RD (and friends) and
2792 O_NONBLOCK if they're really needed. Fixes build errors on HP-UX, old
2793 Linuxes and probably more.
2794 - (dtucker) [configure.ac] OpenBSD needs <sys/types.h> before <sys/socket.h>
2795 for SHUT_RD.
2796 - (dtucker) [openbsd-compat/port-tun.c] OpenBSD needs <netinet/in.h> before
2797 <netinet/ip.h>.
2798 - (dtucker) OpenBSD CVS Sync
2799 - stevesk@cvs.openbsd.org 2006/07/10 16:01:57
2800 [sftp-glob.c sftp-common.h sftp.c]
2801 buffer.h only needed in sftp-common.h and remove some unneeded
2802 user includes; ok djm@
2803 - jmc@cvs.openbsd.org 2006/07/10 16:04:21
2804 [sshd.8]
2805 s/and and/and/
2806 - stevesk@cvs.openbsd.org 2006/07/10 16:37:36
2807 [readpass.c log.h scp.c fatal.c xmalloc.c includes.h ssh-keyscan.c misc.c
2808 auth.c packet.c log.c]
2809 move #include <stdarg.h> out of includes.h; ok markus@
2810 - dtucker@cvs.openbsd.org 2006/07/11 10:12:07
2811 [ssh.c]
2812 Only copy the part of environment variable that we actually use. Prevents
2813 ssh bailing when SendEnv is used and an environment variable with a really
2814 long value exists. ok djm@
2815 - markus@cvs.openbsd.org 2006/07/11 18:50:48
2816 [clientloop.c ssh.1 ssh.c channels.c ssh_config.5 readconf.h session.c
2817 channels.h readconf.c]
2818 add ExitOnForwardFailure: terminate the connection if ssh(1)
2819 cannot set up all requested dynamic, local, and remote port
2820 forwardings. ok djm, dtucker, stevesk, jmc
2821 - stevesk@cvs.openbsd.org 2006/07/11 20:07:25
2822 [scp.c auth.c monitor.c serverloop.c sftp-server.c sshpty.c readpass.c
2823 sshd.c monitor_wrap.c monitor_fdpass.c ssh-agent.c ttymodes.c atomicio.c
2824 includes.h session.c sshlogin.c monitor_mm.c packet.c sshconnect2.c
2825 sftp-client.c nchan.c clientloop.c sftp.c misc.c canohost.c channels.c
2826 ssh-keygen.c progressmeter.c uidswap.c msg.c readconf.c sshconnect.c]
2827 move #include <errno.h> out of includes.h; ok markus@
2828 - stevesk@cvs.openbsd.org 2006/07/11 20:16:43
2829 [ssh.c]
2830 cast asterisk field precision argument to int to remove warning;
2831 ok markus@
2832 - stevesk@cvs.openbsd.org 2006/07/11 20:27:56
2833 [authfile.c ssh.c]
2834 need <errno.h> here also (it's also included in <openssl/err.h>)
2835 - dtucker@cvs.openbsd.org 2006/07/12 11:34:58
2836 [sshd.c servconf.h servconf.c sshd_config.5 auth.c]
2837 Add support for conditional directives to sshd_config via a "Match"
2838 keyword, which works similarly to the "Host" directive in ssh_config.
2839 Lines after a Match line override the default set in the main section
2840 if the condition on the Match line is true, eg
2841 AllowTcpForwarding yes
2842 Match User anoncvs
2843 AllowTcpForwarding no
2844 will allow port forwarding by all users except "anoncvs".
2845 Currently only a very small subset of directives are supported.
2846 ok djm@
2847 - (dtucker) [loginrec.c openbsd-compat/xmmap.c openbsd-compat/bindresvport.c
2848 openbsd-compat/glob.c openbsd-compat/mktemp.c openbsd-compat/port-tun.c
2849 openbsd-compat/readpassphrase.c openbsd-compat/strtonum.c] Include <errno.h>.
2850 - (dtucker) [openbsd-compat/setproctitle.c] Include stdarg.h.
2851 - (dtucker) [ssh-keyscan.c ssh-rand-helper.c] More errno.h here too.
2852 - (dtucker) [openbsd-compat/openbsd-compat.h] v*printf needs stdarg.h.
2853 - (dtucker) [openbsd-compat/bsd-asprintf.c openbsd-compat/port-aix.c
2854 openbsd-compat/rresvport.c] More errno.h.
2855
285620060711
2857 - (dtucker) [configure.ac ssh-keygen.c openbsd-compat/bsd-openpty.c
2858 openbsd-compat/daemon.c] Add includes needed by open(2). Conditionally
2859 include paths.h. Fixes build error on Solaris.
2860 - (dtucker) [entropy.c] More fcntl.h, this time on AIX (and probably
2861 others).
2862
286320060710
2864 - (dtucker) [INSTALL] New autoconf version: 2.60.
2865 - OpenBSD CVS Sync
2866 - djm@cvs.openbsd.org 2006/06/14 10:50:42
2867 [sshconnect.c]
2868 limit the number of pre-banner characters we will accept; ok markus@
2869 - djm@cvs.openbsd.org 2006/06/26 10:36:15
2870 [clientloop.c]
2871 mention optional bind_address in runtime port forwarding setup
2872 command-line help. patch from santhi.amirta AT gmail.com
2873 - stevesk@cvs.openbsd.org 2006/07/02 17:12:58
2874 [ssh.1 ssh.c ssh_config.5 sshd_config.5]
2875 more details and clarity for tun(4) device forwarding; ok and help
2876 jmc@
2877 - stevesk@cvs.openbsd.org 2006/07/02 18:36:47
2878 [gss-serv-krb5.c gss-serv.c]
2879 no "servconf.h" needed here
2880 (gss-serv-krb5.c change not applied, portable needs the server options)
2881 - stevesk@cvs.openbsd.org 2006/07/02 22:45:59
2882 [groupaccess.c groupaccess.h includes.h session.c sftp-common.c sshpty.c]
2883 move #include <grp.h> out of includes.h
2884 (portable needed uidswap.c too)
2885 - stevesk@cvs.openbsd.org 2006/07/02 23:01:55
2886 [clientloop.c ssh.1]
2887 use -KR[bind_address:]port here; ok djm@
2888 - stevesk@cvs.openbsd.org 2006/07/03 08:54:20
2889 [includes.h ssh.c sshconnect.c sshd.c]
2890 move #include "version.h" out of includes.h; ok markus@
2891 - stevesk@cvs.openbsd.org 2006/07/03 17:59:32
2892 [channels.c includes.h]
2893 move #include <arpa/inet.h> out of includes.h; old ok djm@
2894 (portable needed session.c too)
2895 - stevesk@cvs.openbsd.org 2006/07/05 02:42:09
2896 [canohost.c hostfile.c includes.h misc.c packet.c readconf.c]
2897 [serverloop.c sshconnect.c uuencode.c]
2898 move #include <netinet/in.h> out of includes.h; ok deraadt@
2899 (also ssh-rand-helper.c logintest.c loginrec.c)
2900 - djm@cvs.openbsd.org 2006/07/06 10:47:05
2901 [servconf.c servconf.h session.c sshd_config.5]
2902 support arguments to Subsystem commands; ok markus@
2903 - djm@cvs.openbsd.org 2006/07/06 10:47:57
2904 [sftp-server.8 sftp-server.c]
2905 add commandline options to enable logging of transactions; ok markus@
2906 - stevesk@cvs.openbsd.org 2006/07/06 16:03:53
2907 [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c]
2908 [auth-rhosts.c auth-rsa.c auth.c auth.h auth2-hostbased.c]
2909 [auth2-pubkey.c auth2.c includes.h misc.c misc.h monitor.c]
2910 [monitor_wrap.c monitor_wrap.h scp.c serverloop.c session.c]
2911 [session.h sftp-common.c ssh-add.c ssh-keygen.c ssh-keysign.c]
2912 [ssh.c sshconnect.c sshconnect.h sshd.c sshpty.c sshpty.h uidswap.c]
2913 [uidswap.h]
2914 move #include <pwd.h> out of includes.h; ok markus@
2915 - stevesk@cvs.openbsd.org 2006/07/06 16:22:39
2916 [ssh-keygen.c]
2917 move #include "dns.h" up
2918 - stevesk@cvs.openbsd.org 2006/07/06 17:36:37
2919 [monitor_wrap.h]
2920 typo in comment
2921 - stevesk@cvs.openbsd.org 2006/07/08 21:47:12
2922 [authfd.c canohost.c clientloop.c dns.c dns.h includes.h]
2923 [monitor_fdpass.c nchan.c packet.c servconf.c sftp.c ssh-agent.c]
2924 [ssh-keyscan.c ssh.c sshconnect.h sshd.c sshlogin.h]
2925 move #include <sys/socket.h> out of includes.h
2926 - stevesk@cvs.openbsd.org 2006/07/08 21:48:53
2927 [monitor.c session.c]
2928 missed these from last commit:
2929 move #include <sys/socket.h> out of includes.h
2930 - stevesk@cvs.openbsd.org 2006/07/08 23:30:06
2931 [log.c]
2932 move user includes after /usr/include files
2933 - stevesk@cvs.openbsd.org 2006/07/09 15:15:11
2934 [auth2-none.c authfd.c authfile.c includes.h misc.c monitor.c]
2935 [readpass.c scp.c serverloop.c sftp-client.c sftp-server.c]
2936 [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c]
2937 [sshlogin.c sshpty.c]
2938 move #include <fcntl.h> out of includes.h
2939 - stevesk@cvs.openbsd.org 2006/07/09 15:27:59
2940 [ssh-add.c]
2941 use O_RDONLY vs. 0 in open(); no binary change
2942 - djm@cvs.openbsd.org 2006/07/10 11:24:54
2943 [sftp-server.c]
2944 remove optind - it isn't used here
2945 - djm@cvs.openbsd.org 2006/07/10 11:25:53
2946 [sftp-server.c]
2947 don't log variables that aren't yet set
2948 - (djm) [loginrec.c ssh-rand-helper.c sshd.c openbsd-compat/glob.c]
2949 [openbsd-compat/mktemp.c openbsd-compat/openbsd-compat.h]
2950 [openbsd-compat/port-tun.c openbsd-compat/readpassphrase.c]
2951 [openbsd-compat/xcrypt.c] Fix includes.h fallout, mainly fcntl.h
2952 - OpenBSD CVS Sync
2953 - djm@cvs.openbsd.org 2006/07/10 12:03:20
2954 [scp.c]
2955 duplicate argv at the start of main() because it gets modified later;
2956 pointed out by deraadt@ ok markus@
2957 - djm@cvs.openbsd.org 2006/07/10 12:08:08
2958 [channels.c]
2959 fix misparsing of SOCKS 5 packets that could result in a crash;
2960 reported by mk@ ok markus@
2961 - dtucker@cvs.openbsd.org 2006/07/10 12:46:51
2962 [misc.c misc.h sshd.8 sshconnect.c]
2963 Add port identifier to known_hosts for non-default ports, based originally
2964 on a patch from Devin Nate in bz#910.
2965 For any connection using the default port or using a HostKeyAlias the
2966 format is unchanged, otherwise the host name or address is enclosed
2967 within square brackets in the same format as sshd's ListenAddress.
2968 Tested by many, ok markus@.
2969 - (dtucker) [openbsd-compat/openbsd-compat.h] Need to include <sys/socket.h>
2970 for struct sockaddr on platforms that use the fake-rfc stuff.
2971
297220060706
2973 - (dtucker) [configure.ac] Try AIX blibpath test in different order when
2974 compiling with gcc. gcc 4.1.x will accept (but ignore) -b flags so
2975 configure would not select the correct libpath linker flags.
2976 - (dtucker) [INSTALL] A bit more info on autoconf.
2977
297820060705
2979 - (dtucker) [ssh-rand-helper.c] Don't exit if mkdir fails because the
2980 target already exists.
2981
298220060630
2983 - (dtucker) [openbsd-compat/openbsd-compat.h] SNPRINTF_CONST for snprintf
2984 declaration too. Patch from russ at sludge.net.
2985 - (dtucker) [openbsd-compat/getrrsetbyname.c] Undef _res before defining it,
2986 prevents warnings on platforms where _res is in the system headers.
2987 - (dtucker) [INSTALL] Bug #1202: Note when autoconf is required and which
2988 version.
2989
299020060627
2991 - (dtucker) [configure.ac] Bug #1203: Add missing '[', which causes problems
2992 with autoconf 2.60. Patch from vapier at gentoo.org.
2993
299420060625
2995 - (dtucker) [channels.c serverloop.c] Apply the bug #1102 workaround to ptys
2996 only, otherwise sshd can hang exiting non-interactive sessions.
2997
299820060624
2999 - (dtucker) [configure.ac] Bug #1193: Define PASSWD_NEEDS_USERNAME on Solaris.
3000 Works around limitation in Solaris' passwd program for changing passwords
3001 where the username is longer than 8 characters. ok djm@
3002 - (dtucker) [serverloop.c] Get ifdef/ifndef the right way around for the bug
3003 #1102 workaround.
3004
300520060623
3006 - (dtucker) [README.platform configure.ac openbsd-compat/port-tun.c] Add
3007 tunnel support for Mac OS X/Darwin via a third-party tun driver. Patch
3008 from reyk@, tested by anil@
3009 - (dtucker) [channels.c configure.ac serverloop.c] Bug #1102: Around AIX
3010 4.3.3 ML3 or so, the AIX pty layer starting passing zero-length writes
3011 on the pty slave as zero-length reads on the pty master, which sshd
3012 interprets as the descriptor closing. Since most things don't do zero
3013 length writes this rarely matters, but occasionally it happens, and when
3014 it does the SSH pty session appears to hang, so we add a special case for
3015 this condition. ok djm@
3016
301720060613
3018 - (djm) [getput.h] This file has been replaced by functions in misc.c
3019 - OpenBSD CVS Sync
3020 - djm@cvs.openbsd.org 2006/05/08 10:49:48
3021 [sshconnect2.c]
3022 uint32_t -> u_int32_t (which we use everywhere else)
3023 (Id sync only - portable already had this)
3024 - markus@cvs.openbsd.org 2006/05/16 09:00:00
3025 [clientloop.c]
3026 missing free; from Kylene Hall
3027 - markus@cvs.openbsd.org 2006/05/17 12:43:34
3028 [scp.c sftp.c ssh-agent.c ssh-keygen.c sshconnect.c]
3029 fix leak; coverity via Kylene Jo Hall
3030 - miod@cvs.openbsd.org 2006/05/18 21:27:25
3031 [kexdhc.c kexgexc.c]
3032 paramter -> parameter
3033 - dtucker@cvs.openbsd.org 2006/05/29 12:54:08
3034 [ssh_config.5]
3035 Add gssapi-with-mic to PreferredAuthentications default list; ok jmc
3036 - dtucker@cvs.openbsd.org 2006/05/29 12:56:33
3037 [ssh_config]
3038 Add GSSAPIAuthentication and GSSAPIDelegateCredentials to examples in
3039 sample ssh_config. ok markus@
3040 - jmc@cvs.openbsd.org 2006/05/29 16:10:03
3041 [ssh_config.5]
3042 oops - previous was too long; split the list of auths up
3043 - mk@cvs.openbsd.org 2006/05/30 11:46:38
3044 [ssh-add.c]
3045 Sync usage() with man page and reality.
3046 ok deraadt dtucker
3047 - jmc@cvs.openbsd.org 2006/05/29 16:13:23
3048 [ssh.1]
3049 add GSSAPI to the list of authentication methods supported;
3050 - mk@cvs.openbsd.org 2006/05/30 11:46:38
3051 [ssh-add.c]
3052 Sync usage() with man page and reality.
3053 ok deraadt dtucker
3054 - markus@cvs.openbsd.org 2006/06/01 09:21:48
3055 [sshd.c]
3056 call get_remote_ipaddr() early; fixes logging after client disconnects;
3057 report mpf@; ok dtucker@
3058 - markus@cvs.openbsd.org 2006/06/06 10:20:20
3059 [readpass.c sshconnect.c sshconnect.h sshconnect2.c uidswap.c]
3060 replace remaining setuid() calls with permanently_set_uid() and
3061 check seteuid() return values; report Marcus Meissner; ok dtucker djm
3062 - markus@cvs.openbsd.org 2006/06/08 14:45:49
3063 [readpass.c sshconnect.c sshconnect2.c uidswap.c uidswap.h]
3064 do not set the gid, noted by solar; ok djm
3065 - djm@cvs.openbsd.org 2006/06/13 01:18:36
3066 [ssh-agent.c]
3067 always use a format string, even when printing a constant
3068 - djm@cvs.openbsd.org 2006/06/13 02:17:07
3069 [ssh-agent.c]
3070 revert; i am on drugs. spotted by alexander AT beard.se
3071
307220060521
3073 - (dtucker) [auth.c monitor.c] Now that we don't log from both the monitor
3074 and slave, we can remove the special-case handling in the audit hook in
3075 auth_log.
3076
307720060517
3078 - (dtucker) [ssh-rand-helper.c] Check return code of mkdir and fix file
3079 pointer leak. From kjhall at us.ibm.com, found by coverity.
3080
308120060515
3082 - (dtucker) [openbsd-compat/getrrsetbyname.c] Use _compat_res instead of
3083 _res, prevents problems on some platforms that have _res as a global but
3084 don't have getrrsetbyname(), eg IRIX 5.3. Found and tested by
3085 georg.schwarz at freenet.de, ok djm@.
3086 - (dtucker) [defines.h] Find a value for IOV_MAX or use a conservative
3087 default. Patch originally from tim@, ok djm
3088 - (dtucker) [auth-pam.c] Bug #1188: pass result of do_pam_account back and
3089 do not allow kbdint again after the PAM account check fails. ok djm@
3090
309120060506
3092 - (dtucker) OpenBSD CVS Sync
3093 - dtucker@cvs.openbsd.org 2006/04/25 08:02:27
3094 [authfile.c authfile.h sshconnect2.c ssh.c sshconnect1.c]
3095 Prevent ssh from trying to open private keys with bad permissions more than
3096 once or prompting for their passphrases (which it subsequently ignores
3097 anyway), similar to a previous change in ssh-add. bz #1186, ok djm@
3098 - djm@cvs.openbsd.org 2006/05/04 14:55:23
3099 [dh.c]
3100 tighter DH exponent checks here too; feedback and ok markus@
3101 - djm@cvs.openbsd.org 2006/04/01 05:37:46
3102 [OVERVIEW]
3103 $OpenBSD$ in here too
3104 - dtucker@cvs.openbsd.org 2006/05/06 08:35:40
3105 [auth-krb5.c]
3106 Add $OpenBSD$ in comment here too
3107
310820060504
3109 - (dtucker) [auth-pam.c groupaccess.c monitor.c monitor_wrap.c scard-opensc.c
3110 session.c ssh-rand-helper.c sshd.c openbsd-compat/bsd-cygwin_util.c
3111 openbsd-compat/setproctitle.c] Convert malloc(foo*bar) -> calloc(foo,bar)
3112 in Portable-only code; since calloc zeros, remove now-redundant memsets.
3113 Also add a couple of sanity checks. With & ok djm@
3114
311520060503
3116 - (dtucker) [packet.c] Remove in_systm.h since it's also in includes.h
3117 and double including it on IRIX 5.3 causes problems. From Georg Schwarz,
3118 "no objections" tim@
3119
312020060423
3121 - (djm) OpenBSD CVS Sync
3122 - deraadt@cvs.openbsd.org 2006/04/01 05:42:20
3123 [scp.c]
3124 minimal lint cleanup (unused crud, and some size_t); ok djm
3125 - djm@cvs.openbsd.org 2006/04/01 05:50:29
3126 [scp.c]
3127 xasprintification; ok deraadt@
3128 - djm@cvs.openbsd.org 2006/04/01 05:51:34
3129 [atomicio.c]
3130 ANSIfy; requested deraadt@
3131 - dtucker@cvs.openbsd.org 2006/04/02 08:34:52
3132 [ssh-keysign.c]
3133 sessionid can be 32 bytes now too when sha256 kex is used; ok djm@
3134 - djm@cvs.openbsd.org 2006/04/03 07:10:38
3135 [gss-genr.c]
3136 GSSAPI buffers shouldn't be nul-terminated, spotted in bugzilla #1066
3137 by dleonard AT vintela.com. use xasprintf() to simplify code while in
3138 there; "looks right" deraadt@
3139 - djm@cvs.openbsd.org 2006/04/16 00:48:52
3140 [buffer.c buffer.h channels.c]
3141 Fix condition where we could exit with a fatal error when an input
3142 buffer became too large and the remote end had advertised a big window.
3143 The problem was a mismatch in the backoff math between the channels code
3144 and the buffer code, so make a buffer_check_alloc() function that the
3145 channels code can use to propsectivly check whether an incremental
3146 allocation will succeed. bz #1131, debugged with the assistance of
3147 cove AT wildpackets.com; ok dtucker@ deraadt@
3148 - djm@cvs.openbsd.org 2006/04/16 00:52:55
3149 [atomicio.c atomicio.h]
3150 introduce atomiciov() function that wraps readv/writev to retry
3151 interrupted transfers like atomicio() does for read/write;
3152 feedback deraadt@ dtucker@ stevesk@ ok deraadt@
3153 - djm@cvs.openbsd.org 2006/04/16 00:54:10
3154 [sftp-client.c]
3155 avoid making a tiny 4-byte write to send the packet length of sftp
3156 commands, which would result in a separate tiny packet on the wire by
3157 using atomiciov(writev, ...) to write the length and the command in one
3158 pass; ok deraadt@
3159 - djm@cvs.openbsd.org 2006/04/16 07:59:00
3160 [atomicio.c]
3161 reorder sanity test so that it cannot dereference past the end of the
3162 iov array; well spotted canacar@!
3163 - dtucker@cvs.openbsd.org 2006/04/18 10:44:28
3164 [bufaux.c bufbn.c Makefile.in]
3165 Move Buffer bignum functions into their own file, bufbn.c. This means
3166 that sftp and sftp-server (which use the Buffer functions in bufaux.c
3167 but not the bignum ones) no longer need to be linked with libcrypto.
3168 ok markus@
3169 - djm@cvs.openbsd.org 2006/04/20 09:27:09
3170 [auth.h clientloop.c dispatch.c dispatch.h kex.h]
3171 replace the last non-sig_atomic_t flag used in a signal handler with a
3172 sig_atomic_t, unfortunately with some knock-on effects in other (non-
3173 signal) contexts in which it is used; ok markus@
3174 - markus@cvs.openbsd.org 2006/04/20 09:47:59
3175 [sshconnect.c]
3176 simplify; ok djm@
3177 - djm@cvs.openbsd.org 2006/04/20 21:53:44
3178 [includes.h session.c sftp.c]
3179 Switch from using pipes to socketpairs for communication between
3180 sftp/scp and ssh, and between sshd and its subprocesses. This saves
3181 a file descriptor per session and apparently makes userland ppp over
3182 ssh work; ok markus@ deraadt@ (ID Sync only - portable makes this
3183 decision on a per-platform basis)
3184 - djm@cvs.openbsd.org 2006/04/22 04:06:51
3185 [uidswap.c]
3186 use setres[ug]id() to permanently revoke privileges; ok deraadt@
3187 (ID Sync only - portable already uses setres[ug]id() whenever possible)
3188 - stevesk@cvs.openbsd.org 2006/04/22 18:29:33
3189 [crc32.c]
3190 remove extra spaces
3191 - (djm) [auth.h dispatch.h kex.h] sprinkle in signal.h to get
3192 sig_atomic_t
3193
319420060421
3195 - (djm) [Makefile.in configure.ac session.c sshpty.c]
3196 [contrib/redhat/sshd.init openbsd-compat/Makefile.in]
3197 [openbsd-compat/openbsd-compat.h openbsd-compat/port-linux.c]
3198 [openbsd-compat/port-linux.h] Add support for SELinux, setting
3199 the execution and TTY contexts. based on patch from Daniel Walsh,
3200 bz #880; ok dtucker@
3201
320220060418
3203 - (djm) [canohost.c] Reorder IP options check so that it isn't broken
3204 by mapped addresses; bz #1179 reported by markw wtech-llc.com;
3205 ok dtucker@
3206
320720060331
3208 - OpenBSD CVS Sync
3209 - deraadt@cvs.openbsd.org 2006/03/27 01:21:18
3210 [xmalloc.c]
3211 we can do the size & nmemb check before the integer overflow check;
3212 evol
3213 - deraadt@cvs.openbsd.org 2006/03/27 13:03:54
3214 [dh.c]
3215 use strtonum() instead of atoi(), limit dhg size to 64k; ok djm
3216 - djm@cvs.openbsd.org 2006/03/27 23:15:46
3217 [sftp.c]
3218 always use a format string for addargs; spotted by mouring@
3219 - deraadt@cvs.openbsd.org 2006/03/28 00:12:31
3220 [README.tun ssh.c]
3221 spacing
3222 - deraadt@cvs.openbsd.org 2006/03/28 01:52:28
3223 [channels.c]
3224 do not accept unreasonable X ports numbers; ok djm
3225 - deraadt@cvs.openbsd.org 2006/03/28 01:53:43
3226 [ssh-agent.c]
3227 use strtonum() to parse the pid from the file, and range check it
3228 better; ok djm
3229 - djm@cvs.openbsd.org 2006/03/30 09:41:25
3230 [channels.c]
3231 ARGSUSED for dispatch table-driven functions
3232 - djm@cvs.openbsd.org 2006/03/30 09:58:16
3233 [authfd.c bufaux.c deattack.c gss-serv.c mac.c misc.c misc.h]
3234 [monitor_wrap.c msg.c packet.c sftp-client.c sftp-server.c ssh-agent.c]
3235 replace {GET,PUT}_XXBIT macros with functionally similar functions,
3236 silencing a heap of lint warnings. also allows them to use
3237 __bounded__ checking which can't be applied to macros; requested
3238 by and feedback from deraadt@
3239 - djm@cvs.openbsd.org 2006/03/30 10:41:25
3240 [ssh.c ssh_config.5]
3241 add percent escape chars to the IdentityFile option, bz #1159 based
3242 on a patch by imaging AT math.ualberta.ca; feedback and ok dtucker@
3243 - dtucker@cvs.openbsd.org 2006/03/30 11:05:17
3244 [ssh-keygen.c]
3245 Correctly handle truncated files while converting keys; ok djm@
3246 - dtucker@cvs.openbsd.org 2006/03/30 11:40:21
3247 [auth.c monitor.c]
3248 Prevent duplicate log messages when privsep=yes; ok djm@
3249 - jmc@cvs.openbsd.org 2006/03/31 09:09:30
3250 [ssh_config.5]
3251 kill trailing whitespace;
3252 - djm@cvs.openbsd.org 2006/03/31 09:13:56
3253 [ssh_config.5]
3254 remote user escape is %r not %h; spotted by jmc@
3255
325620060326
3257 - OpenBSD CVS Sync
3258 - jakob@cvs.openbsd.org 2006/03/15 08:46:44
3259 [ssh-keygen.c]
3260 if no key file are given when printing the DNS host record, use the
3261 host key file(s) as default. ok djm@
3262 - biorn@cvs.openbsd.org 2006/03/16 10:31:45
3263 [scp.c]
3264 Try to display errormessage even if remout == -1
3265 ok djm@, markus@
3266 - djm@cvs.openbsd.org 2006/03/17 22:31:50
3267 [authfd.c]
3268 another unreachable found by lint
3269 - djm@cvs.openbsd.org 2006/03/17 22:31:11
3270 [authfd.c]
3271 unreachanble statement, found by lint
3272 - djm@cvs.openbsd.org 2006/03/19 02:22:32
3273 [serverloop.c]
3274 memory leaks detected by Coverity via elad AT netbsd.org;
3275 ok deraadt@ dtucker@
3276 - djm@cvs.openbsd.org 2006/03/19 02:22:56
3277 [sftp.c]
3278 more memory leaks detected by Coverity via elad AT netbsd.org;
3279 deraadt@ ok
3280 - djm@cvs.openbsd.org 2006/03/19 02:23:26
3281 [hostfile.c]
3282 FILE* leak detected by Coverity via elad AT netbsd.org;
3283 ok deraadt@
3284 - djm@cvs.openbsd.org 2006/03/19 02:24:05
3285 [dh.c readconf.c servconf.c]
3286 potential NULL pointer dereferences detected by Coverity
3287 via elad AT netbsd.org; ok deraadt@
3288 - djm@cvs.openbsd.org 2006/03/19 07:41:30
3289 [sshconnect2.c]
3290 memory leaks detected by Coverity via elad AT netbsd.org;
3291 deraadt@ ok
3292 - dtucker@cvs.openbsd.org 2006/03/19 11:51:52
3293 [servconf.c]
3294 Correct strdelim null test; ok djm@
3295 - deraadt@cvs.openbsd.org 2006/03/19 18:52:11
3296 [auth1.c authfd.c channels.c]
3297 spacing
3298 - deraadt@cvs.openbsd.org 2006/03/19 18:53:12
3299 [kex.c kex.h monitor.c myproposal.h session.c]
3300 spacing
3301 - deraadt@cvs.openbsd.org 2006/03/19 18:56:41
3302 [clientloop.c progressmeter.c serverloop.c sshd.c]
3303 ARGSUSED for signal handlers
3304 - deraadt@cvs.openbsd.org 2006/03/19 18:59:49
3305 [ssh-keyscan.c]
3306 please lint
3307 - deraadt@cvs.openbsd.org 2006/03/19 18:59:30
3308 [ssh.c]
3309 spacing
3310 - deraadt@cvs.openbsd.org 2006/03/19 18:59:09
3311 [authfile.c]
3312 whoever thought that break after return was a good idea needs to
3313 get their head examimed
3314 - djm@cvs.openbsd.org 2006/03/20 04:09:44
3315 [monitor.c]
3316 memory leaks detected by Coverity via elad AT netbsd.org;
3317 deraadt@ ok
3318 that should be all of them now
3319 - djm@cvs.openbsd.org 2006/03/20 11:38:46
3320 [key.c]
3321 (really) last of the Coverity diffs: avoid possible NULL deref in
3322 key_free. via elad AT netbsd.org; markus@ ok
3323 - deraadt@cvs.openbsd.org 2006/03/20 17:10:19
3324 [auth.c key.c misc.c packet.c ssh-add.c]
3325 in a switch (), break after return or goto is stupid
3326 - deraadt@cvs.openbsd.org 2006/03/20 17:13:16
3327 [key.c]
3328 djm did a typo
3329 - deraadt@cvs.openbsd.org 2006/03/20 17:17:23
3330 [ssh-rsa.c]
3331 in a switch (), break after return or goto is stupid
3332 - deraadt@cvs.openbsd.org 2006/03/20 18:14:02
3333 [channels.c clientloop.c monitor_wrap.c monitor_wrap.h serverloop.c]
3334 [ssh.c sshpty.c sshpty.h]
3335 sprinkle u_int throughout pty subsystem, ok markus
3336 - deraadt@cvs.openbsd.org 2006/03/20 18:17:20
3337 [auth1.c auth2.c sshd.c]
3338 sprinkle some ARGSUSED for table driven functions (which sometimes
3339 must ignore their args)
3340 - deraadt@cvs.openbsd.org 2006/03/20 18:26:55
3341 [channels.c monitor.c session.c session.h ssh-agent.c ssh-keygen.c]
3342 [ssh-rsa.c ssh.c sshlogin.c]
3343 annoying spacing fixes getting in the way of real diffs
3344 - deraadt@cvs.openbsd.org 2006/03/20 18:27:50
3345 [monitor.c]
3346 spacing
3347 - deraadt@cvs.openbsd.org 2006/03/20 18:35:12
3348 [channels.c]
3349 x11_fake_data is only ever used as u_char *
3350 - deraadt@cvs.openbsd.org 2006/03/20 18:41:43
3351 [dns.c]
3352 cast xstrdup to propert u_char *
3353 - deraadt@cvs.openbsd.org 2006/03/20 18:42:27
3354 [canohost.c match.c ssh.c sshconnect.c]
3355 be strict with tolower() casting
3356 - deraadt@cvs.openbsd.org 2006/03/20 18:48:34
3357 [channels.c fatal.c kex.c packet.c serverloop.c]
3358 spacing
3359 - deraadt@cvs.openbsd.org 2006/03/20 21:11:53
3360 [ttymodes.c]
3361 spacing
3362 - djm@cvs.openbsd.org 2006/03/25 00:05:41
3363 [auth-bsdauth.c auth-skey.c auth.c auth2-chall.c channels.c]
3364 [clientloop.c deattack.c gss-genr.c kex.c key.c misc.c moduli.c]
3365 [monitor.c monitor_wrap.c packet.c scard.c sftp-server.c ssh-agent.c]
3366 [ssh-keyscan.c ssh.c sshconnect.c sshconnect2.c sshd.c uuencode.c]
3367 [xmalloc.c xmalloc.h]
3368 introduce xcalloc() and xasprintf() failure-checked allocations
3369 functions and use them throughout openssh
3370
3371 xcalloc is particularly important because malloc(nmemb * size) is a
3372 dangerous idiom (subject to integer overflow) and it is time for it
3373 to die
3374
3375 feedback and ok deraadt@
3376 - djm@cvs.openbsd.org 2006/03/25 01:13:23
3377 [buffer.c channels.c deattack.c misc.c scp.c session.c sftp-client.c]
3378 [sftp-server.c ssh-agent.c ssh-rsa.c xmalloc.c xmalloc.h auth-pam.c]
3379 [uidswap.c]
3380 change OpenSSH's xrealloc() function from being xrealloc(p, new_size)
3381 to xrealloc(p, new_nmemb, new_itemsize).
3382
3383 realloc is particularly prone to integer overflows because it is
3384 almost always allocating "n * size" bytes, so this is a far safer
3385 API; ok deraadt@
3386 - djm@cvs.openbsd.org 2006/03/25 01:30:23
3387 [sftp.c]
3388 "abormally" is a perfectly cromulent word, but "abnormally" is better
3389 - djm@cvs.openbsd.org 2006/03/25 13:17:03
3390 [atomicio.c auth-bsdauth.c auth-chall.c auth-options.c auth-passwd.c]
3391 [auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth-skey.c auth.c auth1.c]
3392 [auth2-chall.c auth2-hostbased.c auth2-kbdint.c auth2-none.c]
3393 [auth2-passwd.c auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c]
3394 [buffer.c canohost.c channels.c cipher-3des1.c cipher-bf1.c]
3395 [cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c compress.c]
3396 [deattack.c dh.c dispatch.c fatal.c groupaccess.c hostfile.c kex.c]
3397 [kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c]
3398 [mac.c match.c md-sha256.c misc.c monitor.c monitor_fdpass.c]
3399 [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c progressmeter.c]
3400 [readconf.c readpass.c rsa.c scard.c scp.c servconf.c serverloop.c]
3401 [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c]
3402 [sftp.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c]
3403 [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
3404 [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
3405 [uidswap.c uuencode.c xmalloc.c]
3406 Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that
3407 Theo nuked - our scripts to sync -portable need them in the files
3408 - deraadt@cvs.openbsd.org 2006/03/25 18:29:35
3409 [auth-rsa.c authfd.c packet.c]
3410 needed casts (always will be needed)
3411 - deraadt@cvs.openbsd.org 2006/03/25 18:30:55
3412 [clientloop.c serverloop.c]
3413 spacing
3414 - deraadt@cvs.openbsd.org 2006/03/25 18:36:15
3415 [sshlogin.c sshlogin.h]
3416 nicer size_t and time_t types
3417 - deraadt@cvs.openbsd.org 2006/03/25 18:40:14
3418 [ssh-keygen.c]
3419 cast strtonum() result to right type
3420 - deraadt@cvs.openbsd.org 2006/03/25 18:41:45
3421 [ssh-agent.c]
3422 mark two more signal handlers ARGSUSED
3423 - deraadt@cvs.openbsd.org 2006/03/25 18:43:30
3424 [channels.c]
3425 use strtonum() instead of atoi() [limit X screens to 400, sorry]
3426 - deraadt@cvs.openbsd.org 2006/03/25 18:56:55
3427 [bufaux.c channels.c packet.c]
3428 remove (char *) casts to a function that accepts void * for the arg
3429 - deraadt@cvs.openbsd.org 2006/03/25 18:58:10
3430 [channels.c]
3431 delete cast not required
3432 - djm@cvs.openbsd.org 2006/03/25 22:22:43
3433 [atomicio.h auth-options.h auth.h auth2-gss.c authfd.h authfile.h]
3434 [bufaux.h buffer.h canohost.h channels.h cipher.h clientloop.h]
3435 [compat.h compress.h crc32.c crc32.h deattack.h dh.h dispatch.h]
3436 [dns.c dns.h getput.h groupaccess.h gss-genr.c gss-serv-krb5.c]
3437 [gss-serv.c hostfile.h includes.h kex.h key.h log.h mac.h match.h]
3438 [misc.h monitor.h monitor_fdpass.h monitor_mm.h monitor_wrap.h msg.h]
3439 [myproposal.h packet.h pathnames.h progressmeter.h readconf.h rsa.h]
3440 [scard.h servconf.h serverloop.h session.h sftp-common.h sftp.h]
3441 [ssh-gss.h ssh.h ssh1.h ssh2.h sshconnect.h sshlogin.h sshpty.h]
3442 [ttymodes.h uidswap.h uuencode.h xmalloc.h]
3443 standardise spacing in $OpenBSD$ tags; requested by deraadt@
3444 - deraadt@cvs.openbsd.org 2006/03/26 01:31:48
3445 [uuencode.c]
3446 typo
3447
344820060325
3449 - OpenBSD CVS Sync
3450 - djm@cvs.openbsd.org 2006/03/16 04:24:42
3451 [ssh.1]
3452 Add RFC4419 (Diffie-Hellman group exchange KEX) to the list of SSH RFCs
3453 that OpenSSH supports
3454 - deraadt@cvs.openbsd.org 2006/03/19 18:51:18
3455 [atomicio.c auth-bsdauth.c auth-chall.c auth-krb5.c auth-options.c]
3456 [auth-pam.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c]
3457 [auth-shadow.c auth-skey.c auth.c auth1.c auth2-chall.c]
3458 [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c]
3459 [auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c buffer.c]
3460 [canohost.c channels.c cipher-3des1.c cipher-acss.c cipher-aes.c]
3461 [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
3462 [compress.c deattack.c dh.c dispatch.c dns.c entropy.c fatal.c]
3463 [groupaccess.c hostfile.c includes.h kex.c kexdh.c kexdhc.c]
3464 [kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c loginrec.c]
3465 [loginrec.h logintest.c mac.c match.c md-sha256.c md5crypt.c misc.c]
3466 [monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c msg.c]
3467 [nchan.c packet.c progressmeter.c readconf.c readpass.c rsa.c]
3468 [scard.c scp.c servconf.c serverloop.c session.c sftp-client.c]
3469 [sftp-common.c sftp-glob.c sftp-server.c sftp.c ssh-add.c]
3470 [ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c]
3471 [ssh-rand-helper.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
3472 [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
3473 [uidswap.c uuencode.c xmalloc.c openbsd-compat/bsd-arc4random.c]
3474 [openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-cygwin_util.c]
3475 [openbsd-compat/bsd-getpeereid.c openbsd-compat/bsd-misc.c]
3476 [openbsd-compat/bsd-nextstep.c openbsd-compat/bsd-snprintf.c]
3477 [openbsd-compat/bsd-waitpid.c openbsd-compat/fake-rfc2553.c]
3478 RCSID() can die
3479 - deraadt@cvs.openbsd.org 2006/03/19 18:53:12
3480 [kex.h myproposal.h]
3481 spacing
3482 - djm@cvs.openbsd.org 2006/03/20 04:07:22
3483 [auth2-gss.c]
3484 GSSAPI related leaks detected by Coverity via elad AT netbsd.org;
3485 reviewed by simon AT sxw.org.uk; deraadt@ ok
3486 - djm@cvs.openbsd.org 2006/03/20 04:07:49
3487 [gss-genr.c]
3488 more GSSAPI related leaks detected by Coverity via elad AT netbsd.org;
3489 reviewed by simon AT sxw.org.uk; deraadt@ ok
3490 - djm@cvs.openbsd.org 2006/03/20 04:08:18
3491 [gss-serv.c]
3492 last lot of GSSAPI related leaks detected by Coverity via
3493 elad AT netbsd.org; reviewed by simon AT sxw.org.uk; deraadt@ ok
3494 - deraadt@cvs.openbsd.org 2006/03/20 18:14:02
3495 [monitor_wrap.h sshpty.h]
3496 sprinkle u_int throughout pty subsystem, ok markus
3497 - deraadt@cvs.openbsd.org 2006/03/20 18:26:55
3498 [session.h]
3499 annoying spacing fixes getting in the way of real diffs
3500 - deraadt@cvs.openbsd.org 2006/03/20 18:41:43
3501 [dns.c]
3502 cast xstrdup to propert u_char *
3503 - jakob@cvs.openbsd.org 2006/03/22 21:16:24
3504 [ssh.1]
3505 simplify SSHFP example; ok jmc@
3506 - djm@cvs.openbsd.org 2006/03/22 21:27:15
3507 [deattack.c deattack.h]
3508 remove IV support from the CRC attack detector, OpenSSH has never used
3509 it - it only applied to IDEA-CFB, which we don't support.
3510 prompted by NetBSD Coverity report via elad AT netbsd.org;
3511 feedback markus@ "nuke it" deraadt@
3512
351320060318
3514 - (djm) [auth-pam.c] Fix memleak in error path, from Coverity via
3515 elad AT NetBSD.org
3516 - (dtucker) [openbsd-compat/bsd-snprintf.c] Bug #1173: make fmtint() take
3517 a LLONG rather than a long. Fixes scp'ing of large files on platforms
3518 with missing/broken snprintfs. Patch from e.borovac at bom.gov.au.
3519
352020060316
3521 - (dtucker) [entropy.c] Add headers for WIFEXITED and friends.
3522 - (dtucker) [configure.ac md-sha256.c] NetBSD has sha2.h in
3523 /usr/include/crypto. Hint from djm@.
3524 - (tim) [kex.c myproposal.h md-sha256.c openbsd-compat/sha2.c,h]
3525 Disable sha256 when openssl < 0.9.7. Patch from djm@.
3526 - (djm) [kex.c] Slightly more clean deactivation of dhgex-sha256 on old
3527 OpenSSL; ok tim
3528
352920060315
3530 - (djm) OpenBSD CVS Sync:
3531 - msf@cvs.openbsd.org 2006/02/06 15:54:07
3532 [ssh.1]
3533 - typo fix
3534 ok jmc@
3535 - jmc@cvs.openbsd.org 2006/02/06 21:44:47
3536 [ssh.1]
3537 make this a little less ambiguous...
3538 - stevesk@cvs.openbsd.org 2006/02/07 01:08:04
3539 [auth-rhosts.c includes.h]
3540 move #include <netgroup.h> out of includes.h; ok markus@
3541 - stevesk@cvs.openbsd.org 2006/02/07 01:18:09
3542 [includes.h ssh-agent.c ssh-keyscan.c sshconnect2.c]
3543 move #include <sys/queue.h> out of includes.h; ok markus@
3544 - stevesk@cvs.openbsd.org 2006/02/07 01:42:00
3545 [channels.c clientloop.c clientloop.h includes.h packet.h]
3546 [serverloop.c sshpty.c sshpty.h sshtty.c ttymodes.c]
3547 move #include <termios.h> out of includes.h; ok markus@
3548 - stevesk@cvs.openbsd.org 2006/02/07 01:52:50
3549 [sshtty.c]
3550 "log.h" not needed
3551 - stevesk@cvs.openbsd.org 2006/02/07 03:47:05
3552 [hostfile.c]
3553 "packet.h" not needed
3554 - stevesk@cvs.openbsd.org 2006/02/07 03:59:20
3555 [deattack.c]
3556 duplicate #include
3557 - stevesk@cvs.openbsd.org 2006/02/08 12:15:27
3558 [auth.c clientloop.c includes.h misc.c monitor.c readpass.c]
3559 [session.c sftp.c ssh-agent.c ssh-keysign.c ssh.c sshconnect.c]
3560 [sshd.c sshpty.c]
3561 move #include <paths.h> out of includes.h; ok markus@
3562 - stevesk@cvs.openbsd.org 2006/02/08 12:32:49
3563 [includes.h misc.c]
3564 move #include <netinet/tcp.h> out of includes.h; ok markus@
3565 - stevesk@cvs.openbsd.org 2006/02/08 13:15:44
3566 [gss-serv.c monitor.c]
3567 small KNF
3568 - stevesk@cvs.openbsd.org 2006/02/08 14:16:59
3569 [sshconnect.c]
3570 <openssl/bn.h> not needed
3571 - stevesk@cvs.openbsd.org 2006/02/08 14:31:30
3572 [includes.h ssh-agent.c ssh-keyscan.c ssh.c]
3573 move #include <sys/resource.h> out of includes.h; ok markus@
3574 - stevesk@cvs.openbsd.org 2006/02/08 14:38:18
3575 [includes.h packet.c]
3576 move #include <netinet/in_systm.h> and <netinet/ip.h> out of
3577 includes.h; ok markus@
3578 - stevesk@cvs.openbsd.org 2006/02/08 23:51:24
3579 [includes.h scp.c sftp-glob.c sftp-server.c]
3580 move #include <dirent.h> out of includes.h; ok markus@
3581 - stevesk@cvs.openbsd.org 2006/02/09 00:32:07
3582 [includes.h]
3583 #include <sys/endian.h> not needed; ok djm@
3584 NB. ID Sync only - we still need this (but it may move later)
3585 - jmc@cvs.openbsd.org 2006/02/09 10:10:47
3586 [sshd.8]
3587 - move some text into a CAVEATS section
3588 - merge the COMMAND EXECUTION... section into AUTHENTICATION
3589 - stevesk@cvs.openbsd.org 2006/02/10 00:27:13
3590 [channels.c clientloop.c includes.h misc.c progressmeter.c sftp.c]
3591 [ssh.c sshd.c sshpty.c]
3592 move #include <sys/ioctl.h> out of includes.h; ok markus@
3593 - stevesk@cvs.openbsd.org 2006/02/10 01:44:27
3594 [includes.h monitor.c readpass.c scp.c serverloop.c session.c]
3595 [sftp.c sshconnect.c sshconnect2.c sshd.c]
3596 move #include <sys/wait.h> out of includes.h; ok markus@
3597 - otto@cvs.openbsd.org 2006/02/11 19:31:18
3598 [atomicio.c]
3599 type correctness; from Ray Lai in PR 5011; ok millert@
3600 - djm@cvs.openbsd.org 2006/02/12 06:45:34
3601 [ssh.c ssh_config.5]
3602 add a %l expansion code to the ControlPath, which is filled in with the
3603 local hostname at runtime. Requested by henning@ to avoid some problems
3604 with /home on NFS; ok dtucker@
3605 - djm@cvs.openbsd.org 2006/02/12 10:44:18
3606 [readconf.c]
3607 raise error when the user specifies a RekeyLimit that is smaller than 16
3608 (the smallest of our cipher's blocksize) or big enough to cause integer
3609 wraparound; ok & feedback dtucker@
3610 - jmc@cvs.openbsd.org 2006/02/12 10:49:44
3611 [ssh_config.5]
3612 slight rewording; ok djm
3613 - jmc@cvs.openbsd.org 2006/02/12 10:52:41
3614 [sshd.8]
3615 rework the description of authorized_keys a little;
3616 - jmc@cvs.openbsd.org 2006/02/12 17:57:19
3617 [sshd.8]
3618 sort the list of options permissable w/ authorized_keys;
3619 ok djm dtucker
3620 - jmc@cvs.openbsd.org 2006/02/13 10:16:39
3621 [sshd.8]
3622 no need to subsection the authorized_keys examples - instead, convert
3623 this to look like an actual file. also use proto 2 keys, and use IETF
3624 example addresses;
3625 - jmc@cvs.openbsd.org 2006/02/13 10:21:25
3626 [sshd.8]
3627 small tweaks for the ssh_known_hosts section;
3628 - jmc@cvs.openbsd.org 2006/02/13 11:02:26
3629 [sshd.8]
3630 turn this into an example ssh_known_hosts file; ok djm
3631 - jmc@cvs.openbsd.org 2006/02/13 11:08:43
3632 [sshd.8]
3633 - avoid nasty line split
3634 - `*' does not need to be escaped
3635 - jmc@cvs.openbsd.org 2006/02/13 11:27:25
3636 [sshd.8]
3637 sort FILES and use a -compact list;
3638 - david@cvs.openbsd.org 2006/02/15 05:08:24
3639 [sftp-client.c]
3640 typo in comment; ok djm@
3641 - jmc@cvs.openbsd.org 2006/02/15 16:53:20
3642 [ssh.1]
3643 remove the IETF draft references and replace them with some updated RFCs;
3644 - jmc@cvs.openbsd.org 2006/02/15 16:55:33
3645 [sshd.8]
3646 remove ietf draft references; RFC list now maintained in ssh.1;
3647 - jmc@cvs.openbsd.org 2006/02/16 09:05:34
3648 [sshd.8]
3649 sync some of the FILES entries w/ ssh.1;
3650 - jmc@cvs.openbsd.org 2006/02/19 19:52:10
3651 [sshd.8]
3652 move the sshrc stuff out of FILES, and into its own section:
3653 FILES is not a good place to document how stuff works;
3654 - jmc@cvs.openbsd.org 2006/02/19 20:02:17
3655 [sshd.8]
3656 sync the (s)hosts.equiv FILES entries w/ those from ssh.1;
3657 - jmc@cvs.openbsd.org 2006/02/19 20:05:00
3658 [sshd.8]
3659 grammar;
3660 - jmc@cvs.openbsd.org 2006/02/19 20:12:25
3661 [ssh_config.5]
3662 add some vertical space;
3663 - stevesk@cvs.openbsd.org 2006/02/20 16:36:15
3664 [authfd.c channels.c includes.h session.c ssh-agent.c ssh.c]
3665 move #include <sys/un.h> out of includes.h; ok djm@
3666 - stevesk@cvs.openbsd.org 2006/02/20 17:02:44
3667 [clientloop.c includes.h monitor.c progressmeter.c scp.c]
3668 [serverloop.c session.c sftp.c ssh-agent.c ssh.c sshd.c]
3669 move #include <signal.h> out of includes.h; ok markus@
3670 - stevesk@cvs.openbsd.org 2006/02/20 17:19:54
3671 [auth-rhosts.c auth-rsa.c auth.c auth2-none.c auth2-pubkey.c]
3672 [authfile.c clientloop.c includes.h readconf.c scp.c session.c]
3673 [sftp-client.c sftp-common.c sftp-common.h sftp-glob.c]
3674 [sftp-server.c sftp.c ssh-add.c ssh-keygen.c ssh.c sshconnect.c]
3675 [sshconnect2.c sshd.c sshpty.c]
3676 move #include <sys/stat.h> out of includes.h; ok markus@
3677 - stevesk@cvs.openbsd.org 2006/02/22 00:04:45
3678 [canohost.c clientloop.c includes.h match.c readconf.c scp.c ssh.c]
3679 [sshconnect.c]
3680 move #include <ctype.h> out of includes.h; ok djm@
3681 - jmc@cvs.openbsd.org 2006/02/24 10:25:14
3682 [ssh_config.5]
3683 add section on patterns;
3684 from dtucker + myself
3685 - jmc@cvs.openbsd.org 2006/02/24 10:33:54
3686 [sshd_config.5]
3687 signpost to PATTERNS;
3688 - jmc@cvs.openbsd.org 2006/02/24 10:37:07
3689 [ssh_config.5]
3690 tidy up the refs to PATTERNS;
3691 - jmc@cvs.openbsd.org 2006/02/24 10:39:52
3692 [sshd.8]
3693 signpost to PATTERNS section;
3694 - jmc@cvs.openbsd.org 2006/02/24 20:22:16
3695 [ssh-keysign.8 ssh_config.5 sshd_config.5]
3696 some consistency fixes;
3697 - jmc@cvs.openbsd.org 2006/02/24 20:31:31
3698 [ssh.1 ssh_config.5 sshd.8 sshd_config.5]
3699 more consistency fixes;
3700 - jmc@cvs.openbsd.org 2006/02/24 23:20:07
3701 [ssh_config.5]
3702 some grammar/wording fixes;
3703 - jmc@cvs.openbsd.org 2006/02/24 23:43:57
3704 [sshd_config.5]
3705 some grammar/wording fixes;
3706 - jmc@cvs.openbsd.org 2006/02/24 23:51:17
3707 [sshd_config.5]
3708 oops - bits i missed;
3709 - jmc@cvs.openbsd.org 2006/02/25 12:26:17
3710 [ssh_config.5]
3711 document the possible values for KbdInteractiveDevices;
3712 help/ok dtucker
3713 - jmc@cvs.openbsd.org 2006/02/25 12:28:34
3714 [sshd_config.5]
3715 document the order in which allow/deny directives are processed;
3716 help/ok dtucker
3717 - jmc@cvs.openbsd.org 2006/02/26 17:17:18
3718 [ssh_config.5]
3719 move PATTERNS to the end of the main body; requested by dtucker
3720 - jmc@cvs.openbsd.org 2006/02/26 18:01:13
3721 [sshd_config.5]
3722 subsection is pointless here;
3723 - jmc@cvs.openbsd.org 2006/02/26 18:03:10
3724 [ssh_config.5]
3725 comma;
3726 - djm@cvs.openbsd.org 2006/02/28 01:10:21
3727 [session.c]
3728 fix logout recording when privilege separation is disabled, analysis and
3729 patch from vinschen at redhat.com; tested by dtucker@ ok deraadt@
3730 NB. ID sync only - patch already in portable
3731 - djm@cvs.openbsd.org 2006/03/04 04:12:58
3732 [serverloop.c]
3733 move a debug() outside of a signal handler; ok markus@ a little while back
3734 - djm@cvs.openbsd.org 2006/03/12 04:23:07
3735 [ssh.c]
3736 knf nit
3737 - djm@cvs.openbsd.org 2006/03/13 08:16:00
3738 [sshd.c]
3739 don't log that we are listening on a socket before the listen() call
3740 actually succeeds, bz #1162 reported by Senthil Kumar; ok dtucker@
3741 - dtucker@cvs.openbsd.org 2006/03/13 08:33:00
3742 [packet.c]
3743 Set TCP_NODELAY for all connections not just "interactive" ones. Fixes
3744 poor performance and protocol stalls under some network conditions (mindrot
3745 bugs #556 and #981). Patch originally from markus@, ok djm@
3746 - dtucker@cvs.openbsd.org 2006/03/13 08:43:16
3747 [ssh-keygen.c]
3748 Make ssh-keygen handle CR and CRLF line termination when converting IETF
3749 format keys, in adition to vanilla LF. mindrot #1157, tested by Chris
3750 Pepper, ok djm@
3751 - dtucker@cvs.openbsd.org 2006/03/13 10:14:29
3752 [misc.c ssh_config.5 sshd_config.5]
3753 Allow config directives to contain whitespace by surrounding them by double
3754 quotes. mindrot #482, man page help from jmc@, ok djm@
3755 - dtucker@cvs.openbsd.org 2006/03/13 10:26:52
3756 [authfile.c authfile.h ssh-add.c]
3757 Make ssh-add check file permissions before attempting to load private
3758 key files multiple times; it will fail anyway and this prevents confusing
3759 multiple prompts and warnings. mindrot #1138, ok djm@
3760 - djm@cvs.openbsd.org 2006/03/14 00:15:39
3761 [canohost.c]
3762 log the originating address and not just the name when a reverse
3763 mapping check fails, requested by linux AT linuon.com
3764 - markus@cvs.openbsd.org 2006/03/14 16:32:48
3765 [ssh_config.5 sshd_config.5]
3766 *AliveCountMax applies to protcol v2 only; ok dtucker, djm
3767 - djm@cvs.openbsd.org 2006/03/07 09:07:40
3768 [kex.c kex.h monitor.c myproposal.h ssh-keyscan.c sshconnect2.c sshd.c]
3769 Implement the diffie-hellman-group-exchange-sha256 key exchange method
3770 using the SHA256 code in libc (and wrapper to make it into an OpenSSL
3771 EVP), interop tested against CVS PuTTY
3772 NB. no portability bits committed yet
3773 - (djm) [configure.ac defines.h kex.c md-sha256.c]
3774 [openbsd-compat/sha2.h openbsd-compat/openbsd-compat.h]
3775 [openbsd-compat/sha2.c] First stab at portability glue for SHA256
3776 KEX support, should work with libc SHA256 support or OpenSSL
3777 EVP_sha256 if present
3778 - (djm) [includes.h] Restore accidentally dropped netinet/in.h
3779 - (djm) [Makefile.in openbsd-compat/Makefile.in] Add added files
3780 - (djm) [md-sha256.c configure.ac] md-sha256.c needs sha2.h if present
3781 - (djm) [regress/.cvsignore] Ignore Makefile here
3782 - (djm) [loginrec.c] Need stat.h
3783 - (djm) [openbsd-compat/sha2.h] Avoid include macro clash with
3784 system sha2.h
3785 - (djm) [ssh-rand-helper.c] Needs a bunch of headers
3786 - (djm) [ssh-agent.c] Restore dropped stat.h
3787 - (djm) [openbsd-compat/sha2.h openbsd-compat/sha2.c] Comment out
3788 SHA384, which we don't need and doesn't compile without tweaks
3789 - (djm) [auth-pam.c clientloop.c includes.h monitor.c session.c]
3790 [sftp-client.c ssh-keysign.c ssh.c sshconnect.c sshconnect2.c]
3791 [sshd.c openbsd-compat/bsd-misc.c openbsd-compat/bsd-openpty.c]
3792 [openbsd-compat/glob.c openbsd-compat/mktemp.c]
3793 [openbsd-compat/readpassphrase.c] Lots of include fixes for
3794 OpenSolaris
3795 - (tim) [includes.h] put sys/stat.h back in to quiet some "macro redefined:"
3796 - (tim) [openssh/sshpty.c openssh/openbsd-compat/port-tun.c] put in some
3797 includes removed from includes.h
3798 - (dtucker) [configure.ac] Fix glob test conversion to AC_TRY_COMPILE
3799 - (djm) [includes.h] Put back paths.h, it is needed in defines.h
3800 - (dtucker) [openbsd-compat/openbsd-compat.h] AIX (at least) needs
3801 sys/ioctl.h for struct winsize.
3802 - (dtucker) [configure.ac] login_cap.h requires sys/types.h on NetBSD.
3803
380420060313
3805 - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong)
3806 since not all platforms support it. Instead, use internal equivalent while
3807 computing LLONG_MIN and LLONG_MAX. Remove special case for alpha-dec-osf*
3808 as it's no longer required. Tested by Bernhard Simon, ok djm@
3809
381020060304
3811 - (dtucker) [contrib/cygwin/ssh-host-config] Require use of lastlog as a
3812 file rather than directory, required as Cygwin will be importing lastlog(1).
3813 Also tightens up permissions on the file. Patch from vinschen@redhat.com.
3814 - (dtucker) [gss-serv-krb5.c] Bug #1166: Correct #ifdefs for gssapi_krb5.h
3815 includes. Patch from gentoo.riverrat at gmail.com.
3816
381720060226
3818 - (dtucker) [configure.ac] Bug #1156: QNX apparently needs SSHD_ACQUIRES_CTTY
3819 patch from kraai at ftbfs.org.
3820
382120060223
3822 - (dtucker) [sshd_config sshd_config.5] Update UsePAM to reflect current
3823 reality. Pointed out by tryponraj at gmail.com.
3824
382520060222
3826 - (dtucker) [openbsd-compat/openssl-compat.{c,h}] Minor tidy up: only
3827 compile in compat code if required.
3828
382920060221
3830 - (dtucker) [openbsd-compat/openssl-compat.h] Prevent warning about
3831 redefinition of SSLeay_add_all_algorithms.
3832
383320060220
3834 - (dtucker) [INSTALL configure.ac openbsd-compat/openssl-compat.{c,h}]
3835 Add optional enabling of OpenSSL's (hardware) Engine support, via
3836 configure --with-ssl-engine. Based in part on a diff by michal at
3837 logix.cz.
3838
383920060219
3840 - (dtucker) [Makefile.in configure.ac, added openbsd-compat/regress/]
3841 Add first attempt at regress tests for compat library. ok djm@
3842
384320060214
3844 - (tim) [buildpkg.sh.in] Make the names consistent.
3845 s/pkg_post_make_install_fixes.sh/pkg-post-make-install-fixes.sh/ OK dtucker@
3846
384720060212
3848 - (dtucker) [openbsd-compat/bsd-cygwin_util.c] Make loop counter unsigned
3849 to silence compiler warning, from vinschen at redhat.com.
3850 - (tim) [configure.ac] Bug #1149. Disable /etc/default/login check for QNX.
3851 - (dtucker) [README version.h contrib/caldera/openssh.spec
3852 contrib/redhat/openssh.spec contrib/suse/openssh.spec] Bump version
3853 strings to match 4.3p2 release.
3854
385520060208
3856 - (tim) [session.c] Logout records were not updated on systems with
3857 post auth privsep disabled due to bug 1086 changes. Analysis and patch
3858 by vinschen at redhat.com. OK tim@, dtucker@.
3859 - (dtucker) [configure.ac] Typo in Ultrix and NewsOS sections (NEED_SETPRGP
3860 -> NEED_SETPGRP), reported by Bernhard Simon. ok tim@
3861
386220060206
3863 - (tim) [configure.ac] Remove unnecessary tests for net/if.h and
3864 netinet/in_systm.h. OK dtucker@.
3865
386620060205
3867 - (tim) [configure.ac] Add AC_REVISION. Add sys/time.h to lastlog.h test
3868 for Solaris. OK dtucker@.
3869 - (tim) [configure.ac] Bug #1149. Changes in QNX section only. Patch by
3870 kraai at ftbfs.org.
3871
387220060203
3873 - (tim) [configure.ac] test for egrep (AC_PROG_EGREP) before first
3874 AC_CHECK_HEADERS test. Without it, if AC_CHECK_HEADERS is first run
3875 by a platform specific check, builtin standard includes tests will be
3876 skipped on the other platforms.
3877 Analysis and suggestion by vinschen at redhat.com, patch by dtucker@.
3878 OK tim@, djm@.
3879
388020060202
3881 - (dtucker) [configure.ac] Bug #1148: Fix "crippled AES" test so that it
3882 works with picky compilers. Patch from alex.kiernan at thus.net.
3883
388420060201
3885 - (djm) [regress/test-exec.sh] Try 'logname' as well as 'whoami' to
3886 determine the user's login name - needed for regress tests on Solaris
3887 10 and OpenSolaris
3888 - (djm) OpenBSD CVS Sync
3889 - jmc@cvs.openbsd.org 2006/02/01 09:06:50
3890 [sshd.8]
3891 - merge sections on protocols 1 and 2 into a single section
3892 - remove configuration file section
3893 ok markus
3894 - jmc@cvs.openbsd.org 2006/02/01 09:11:41
3895 [sshd.8]
3896 small tweak;
3897 - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
3898 [contrib/suse/openssh.spec] Update versions ahead of release
3899 - markus@cvs.openbsd.org 2006/02/01 11:27:22
3900 [version.h]
3901 openssh 4.3
3902 - (djm) Release OpenSSH 4.3p1
3903
390420060131
3905 - (djm) OpenBSD CVS Sync
3906 - jmc@cvs.openbsd.org 2006/01/20 11:21:45
3907 [ssh_config.5]
3908 - word change, agreed w/ markus
3909 - consistency fixes
3910 - jmc@cvs.openbsd.org 2006/01/25 09:04:34
3911 [sshd.8]
3912 move the options description up the page, and a few additional tweaks
3913 whilst in here;
3914 ok markus
3915 - jmc@cvs.openbsd.org 2006/01/25 09:07:22
3916 [sshd.8]
3917 move subsections to full sections;
3918 - jmc@cvs.openbsd.org 2006/01/26 08:47:56
3919 [ssh.1]
3920 add a section on verifying host keys in dns;
3921 written with a lot of help from jakob;
3922 feedback dtucker/markus;
3923 ok markus
3924 - reyk@cvs.openbsd.org 2006/01/30 12:22:22
3925 [channels.c]
3926 mark channel as write failed or dead instead of read failed on error
3927 of the channel output filter.
3928 ok markus@
3929 - jmc@cvs.openbsd.org 2006/01/30 13:37:49
3930 [ssh.1]
3931 remove an incorrect sentence;
3932 reported by roumen petrov;
3933 ok djm markus
3934 - djm@cvs.openbsd.org 2006/01/31 10:19:02
3935 [misc.c misc.h scp.c sftp.c]
3936 fix local arbitrary command execution vulnerability on local/local and
3937 remote/remote copies (CVE-2006-0225, bz #1094), patch by
3938 t8m AT centrum.cz, polished by dtucker@ and myself; ok markus@
3939 - djm@cvs.openbsd.org 2006/01/31 10:35:43
3940 [scp.c]
3941 "scp a b c" shouldn't clobber "c" when it is not a directory, report and
3942 fix from biorn@; ok markus@
3943 - (djm) Sync regress tests to OpenBSD:
3944 - dtucker@cvs.openbsd.org 2005/03/10 10:20:39
3945 [regress/forwarding.sh]
3946 Regress test for ClearAllForwardings (bz #994); ok markus@
3947 - dtucker@cvs.openbsd.org 2005/04/25 09:54:09
3948 [regress/multiplex.sh]
3949 Don't call cleanup in multiplex as test-exec will cleanup anyway
3950 found by tim@, ok djm@
3951 NB. ID sync only, we already had this
3952 - djm@cvs.openbsd.org 2005/05/20 23:14:15
3953 [regress/test-exec.sh]
3954 force addressfamily=inet for tests, unbreaking dynamic-forward regress for
3955 recently committed nc SOCKS5 changes
3956 - djm@cvs.openbsd.org 2005/05/24 04:10:54
3957 [regress/try-ciphers.sh]
3958 oops, new arcfour modes here too
3959 - markus@cvs.openbsd.org 2005/06/30 11:02:37
3960 [regress/scp.sh]
3961 allow SUDO=sudo; from Alexander Bluhm
3962 - grunk@cvs.openbsd.org 2005/11/14 21:25:56
3963 [regress/agent-getpeereid.sh]
3964 all other scripts in this dir use $SUDO, not 'sudo', so pull this even
3965 ok markus@
3966 - dtucker@cvs.openbsd.org 2005/12/14 04:36:39
3967 [regress/scp-ssh-wrapper.sh]
3968 Fix assumption about how many args scp will pass; ok djm@
3969 NB. ID sync only, we already had this
3970 - djm@cvs.openbsd.org 2006/01/27 06:49:21
3971 [scp.sh]
3972 regress test for local to local scp copies; ok dtucker@
3973 - djm@cvs.openbsd.org 2006/01/31 10:23:23
3974 [scp.sh]
3975 regression test for CVE-2006-0225 written by dtucker@
3976 - djm@cvs.openbsd.org 2006/01/31 10:36:33
3977 [scp.sh]
3978 regress test for "scp a b c" where "c" is not a directory
3979
398020060129
3981 - (dtucker) [configure.ac opensshd.init.in] Bug #1144: Use /bin/sh for the
3982 opensshd.init script interpretter if /sbin/sh does not exist. ok tim@
3983
398420060120
3985 - (dtucker) OpenBSD CVS Sync
3986 - jmc@cvs.openbsd.org 2006/01/15 17:37:05
3987 [ssh.1]
3988 correction from deraadt
3989 - jmc@cvs.openbsd.org 2006/01/18 10:53:29
3990 [ssh.1]
3991 add a section on ssh-based vpn, based on reyk's README.tun;
3992 - dtucker@cvs.openbsd.org 2006/01/20 00:14:55
3993 [scp.1 ssh.1 ssh_config.5 sftp.1]
3994 Document RekeyLimit. Based on patch from jan.iven at cern.ch from mindrot
3995 #1056 with feedback from jmc, djm and markus; ok jmc@ djm@
3996
399720060114
3998 - (djm) OpenBSD CVS Sync
3999 - jmc@cvs.openbsd.org 2006/01/06 13:27:32
4000 [ssh.1]
4001 weed out some duplicate info in the known_hosts FILES entries;
4002 ok djm
4003 - jmc@cvs.openbsd.org 2006/01/06 13:29:10
4004 [ssh.1]
4005 final round of whacking FILES for duplicate info, and some consistency
4006 fixes;
4007 ok djm
4008 - jmc@cvs.openbsd.org 2006/01/12 14:44:12
4009 [ssh.1]
4010 split sections on tcp and x11 forwarding into two sections.
4011 add an example in the tcp section, based on sth i wrote for ssh faq;
4012 help + ok: djm markus dtucker
4013 - jmc@cvs.openbsd.org 2006/01/12 18:48:48
4014 [ssh.1]
4015 refer to `TCP' rather than `TCP/IP' in the context of connection
4016 forwarding;
4017 ok markus
4018 - jmc@cvs.openbsd.org 2006/01/12 22:20:00
4019 [sshd.8]
4020 refer to TCP forwarding, rather than TCP/IP forwarding;
4021 - jmc@cvs.openbsd.org 2006/01/12 22:26:02
4022 [ssh_config.5]
4023 refer to TCP forwarding, rather than TCP/IP forwarding;
4024 - jmc@cvs.openbsd.org 2006/01/12 22:34:12
4025 [ssh.1]
4026 back out a sentence - AUTHENTICATION already documents this;
4027
402820060109
4029 - (dtucker) [contrib/cygwin/ssh-host-config] Make sshd service depend on
4030 tcpip service so it's always started after IP is up. Patch from
4031 vinschen at redhat.com.
4032
403320060106
4034 - (djm) OpenBSD CVS Sync
4035 - jmc@cvs.openbsd.org 2006/01/03 16:31:10
4036 [ssh.1]
4037 move FILES to a -compact list, and make each files an item in that list.
4038 this avoids nastly line wrap when we have long pathnames, and treats
4039 each file as a separate item;
4040 remove the .Pa too, since it is useless.
4041 - jmc@cvs.openbsd.org 2006/01/03 16:35:30
4042 [ssh.1]
4043 use a larger width for the ENVIRONMENT list;
4044 - jmc@cvs.openbsd.org 2006/01/03 16:52:36
4045 [ssh.1]
4046 put FILES in some sort of order: sort by pathname
4047 - jmc@cvs.openbsd.org 2006/01/03 16:55:18
4048 [ssh.1]
4049 tweak the description of ~/.ssh/environment
4050 - jmc@cvs.openbsd.org 2006/01/04 18:42:46
4051 [ssh.1]
4052 chop out some duplication in the .{r,s}hosts/{h,sh}osts.equiv FILES
4053 entries;
4054 ok markus
4055 - jmc@cvs.openbsd.org 2006/01/04 18:45:01
4056 [ssh.1]
4057 remove .Xr's to rsh(1) and telnet(1): they are hardly needed;
4058 - jmc@cvs.openbsd.org 2006/01/04 19:40:24
4059 [ssh.1]
4060 +.Xr ssh-keyscan 1 ,
4061 - jmc@cvs.openbsd.org 2006/01/04 19:50:09
4062 [ssh.1]
4063 -.Xr gzip 1 ,
4064 - djm@cvs.openbsd.org 2006/01/05 23:43:53
4065 [misc.c]
4066 check that stdio file descriptors are actually closed before clobbering
4067 them in sanitise_stdfd(). problems occurred when a lower numbered fd was
4068 closed, but higher ones weren't. spotted by, and patch tested by
4069 Frédéric Olivié
4070
407120060103
4072 - (djm) [channels.c] clean up harmless merge error, from reyk@
4073
407420060103
4075 - (djm) OpenBSD CVS Sync
4076 - jmc@cvs.openbsd.org 2006/01/02 17:09:49
4077 [ssh_config.5 sshd_config.5]
4078 some corrections from michael knudsen;
4079
408020060102
4081 - (djm) [README.tun] Add README.tun, missed during sync of tun(4) support
4082 - (djm) OpenBSD CVS Sync
4083 - jmc@cvs.openbsd.org 2005/12/31 10:46:17
4084 [ssh.1]
4085 merge the "LOGIN SESSION AND REMOTE EXECUTION" and "SERVER
4086 AUTHENTICATION" sections into "AUTHENTICATION";
4087 some rewording done to make the text read better, plus some
4088 improvements from djm;
4089 ok djm
4090 - jmc@cvs.openbsd.org 2005/12/31 13:44:04
4091 [ssh.1]
4092 clean up ENVIRONMENT a little;
4093 - jmc@cvs.openbsd.org 2005/12/31 13:45:19
4094 [ssh.1]
4095 .Nm does not require an argument;
4096 - stevesk@cvs.openbsd.org 2006/01/01 08:59:27
4097 [includes.h misc.c]
4098 move <net/if.h>; ok djm@
4099 - stevesk@cvs.openbsd.org 2006/01/01 10:08:48
4100 [misc.c]
4101 no trailing "\n" for debug()
4102 - djm@cvs.openbsd.org 2006/01/02 01:20:31
4103 [sftp-client.c sftp-common.h sftp-server.c]
4104 use a common max. packet length, no binary change
4105 - reyk@cvs.openbsd.org 2006/01/02 07:53:44
4106 [misc.c]
4107 clarify tun(4) opening - set the mode and bring the interface up. also
4108 (re)sets the tun(4) layer 2 LINK0 flag for existing tunnel interfaces.
4109 suggested and ok by djm@
4110 - jmc@cvs.openbsd.org 2006/01/02 12:31:06
4111 [ssh.1]
4112 start to cut some duplicate info from FILES;
4113 help/ok djm
4114
411520060101
4116 - (djm) [Makefile.in configure.ac includes.h misc.c]
4117 [openbsd-compat/port-tun.c openbsd-compat/port-tun.h] Add support
4118 for tunnel forwarding for FreeBSD and NetBSD. NetBSD's support is
4119 limited to IPv4 tunnels only, and most versions don't support the
4120 tap(4) device at all.
4121 - (djm) [configure.ac] Fix linux/if_tun.h test
4122 - (djm) [openbsd-compat/port-tun.c] Linux needs linux/if.h too
4123
412420051229
4125 - (djm) OpenBSD CVS Sync
4126 - stevesk@cvs.openbsd.org 2005/12/28 22:46:06
4127 [canohost.c channels.c clientloop.c]
4128 use 'break-in' for consistency; ok deraadt@ ok and input jmc@
4129 - reyk@cvs.openbsd.org 2005/12/30 15:56:37
4130 [channels.c channels.h clientloop.c]
4131 add channel output filter interface.
4132 ok djm@, suggested by markus@
4133 - jmc@cvs.openbsd.org 2005/12/30 16:59:00
4134 [sftp.1]
4135 do not suggest that interactive authentication will work
4136 with the -b flag;
4137 based on a diff from john l. scarfone;
4138 ok djm
4139 - stevesk@cvs.openbsd.org 2005/12/31 01:38:45
4140 [ssh.1]
4141 document -MM; ok djm@
4142 - (djm) [openbsd-compat/port-tun.c openbsd-compat/port-tun.h configure.ac]
4143 [serverloop.c ssh.c openbsd-compat/Makefile.in]
4144 [openbsd-compat/openbsd-compat.h] Implement tun(4) forwarding
4145 compatability support for Linux, diff from reyk@
4146 - (djm) [configure.ac] Disable Linux tun(4) compat code if linux/tun.h does
4147 not exist
4148 - (djm) [configure.ac] oops, make that linux/if_tun.h
4149
415020051229
4151 - (tim) [buildpkg.sh.in] grep for $SSHDUID instead of $SSHDGID on /etc/passwd
4152
415320051224
4154 - (djm) OpenBSD CVS Sync
4155 - jmc@cvs.openbsd.org 2005/12/20 21:59:43
4156 [ssh.1]
4157 merge the sections on protocols 1 and 2 into one section on
4158 authentication;
4159 feedback djm dtucker
4160 ok deraadt markus dtucker
4161 - jmc@cvs.openbsd.org 2005/12/20 22:02:50
4162 [ssh.1]
4163 .Ss -> .Sh: subsections have not made this page more readable
4164 - jmc@cvs.openbsd.org 2005/12/20 22:09:41
4165 [ssh.1]
4166 move info on ssh return values and config files up into the main
4167 description;
4168 - jmc@cvs.openbsd.org 2005/12/21 11:48:16
4169 [ssh.1]
4170 -L and -R descriptions are now above, not below, ~C description;
4171 - jmc@cvs.openbsd.org 2005/12/21 11:57:25
4172 [ssh.1]
4173 options now described `above', rather than `later';
4174 - jmc@cvs.openbsd.org 2005/12/21 12:53:31
4175 [ssh.1]
4176 -Y does X11 forwarding too;
4177 ok markus
4178 - stevesk@cvs.openbsd.org 2005/12/21 22:44:26
4179 [sshd.8]
4180 clarify precedence of -p, Port, ListenAddress; ok and help jmc@
4181 - jmc@cvs.openbsd.org 2005/12/22 10:31:40
4182 [ssh_config.5]
4183 put the description of "UsePrivilegedPort" in the correct place;
4184 - jmc@cvs.openbsd.org 2005/12/22 11:23:42
4185 [ssh.1]
4186 expand the description of -w somewhat;
4187 help/ok reyk
4188 - jmc@cvs.openbsd.org 2005/12/23 14:55:53
4189 [ssh.1]
4190 - sync the description of -e w/ synopsis
4191 - simplify the description of -I
4192 - note that -I is only available if support compiled in, and that it
4193 isn't by default
4194 feedback/ok djm@
4195 - jmc@cvs.openbsd.org 2005/12/23 23:46:23
4196 [ssh.1]
4197 less mark up for -c;
4198 - djm@cvs.openbsd.org 2005/12/24 02:27:41
4199 [session.c sshd.c]
4200 eliminate some code duplicated in privsep and non-privsep paths, and
4201 explicitly clear SIGALRM handler; "groovy" deraadt@
4202
420320051220
4204 - (dtucker) OpenBSD CVS Sync
4205 - reyk@cvs.openbsd.org 2005/12/13 15:03:02
4206 [serverloop.c]
4207 if forced_tun_device is not set, it is -1 and not SSH_TUNID_ANY
4208 - jmc@cvs.openbsd.org 2005/12/16 18:07:08
4209 [ssh.1]
4210 move the option descriptions up the page: start of a restructure;
4211 ok markus deraadt
4212 - jmc@cvs.openbsd.org 2005/12/16 18:08:53
4213 [ssh.1]
4214 simplify a sentence;
4215 - jmc@cvs.openbsd.org 2005/12/16 18:12:22
4216 [ssh.1]
4217 make the description of -c a little nicer;
4218 - jmc@cvs.openbsd.org 2005/12/16 18:14:40
4219 [ssh.1]
4220 signpost the protocol sections;
4221 - stevesk@cvs.openbsd.org 2005/12/17 21:13:05
4222 [ssh_config.5 session.c]
4223 spelling: fowarding, fowarded
4224 - stevesk@cvs.openbsd.org 2005/12/17 21:36:42
4225 [ssh_config.5]
4226 spelling: intented -> intended
4227 - dtucker@cvs.openbsd.org 2005/12/20 04:41:07
4228 [ssh.c]
4229 exit(255) on error to match description in ssh(1); bz #1137; ok deraadt@
4230
423120051219
4232 - (dtucker) [cipher-aes.c cipher-ctr.c cipher.c configure.ac
4233 openbsd-compat/openssl-compat.h] Check for and work around broken AES
4234 ciphers >128bit on (some) Solaris 10 systems. ok djm@
4235
423620051217
4237 - (dtucker) [defines.h] HP-UX system headers define "YES" and "NO" which
4238 scp.c also uses, so undef them here.
4239 - (dtucker) [configure.ac openbsd-compat/bsd-snprintf.c] Bug #1133: Our
4240 snprintf replacement can have a conflicting declaration in HP-UX's system
4241 headers (const vs. no const) so we now check for and work around it. Patch
4242 from the dynamic duo of David Leonard and Ted Percival.
4243
424420051214
4245 - (dtucker) OpenBSD CVS Sync (regress/)
4246 - dtucker@cvs.openbsd.org 2005/12/30 04:36:39
4247 [regress/scp-ssh-wrapper.sh]
4248 Fix assumption about how many args scp will pass; ok djm@
4249
425020051213
4251 - (djm) OpenBSD CVS Sync
4252 - jmc@cvs.openbsd.org 2005/11/30 11:18:27
4253 [ssh.1]
4254 timezone -> time zone
4255 - jmc@cvs.openbsd.org 2005/11/30 11:45:20
4256 [ssh.1]
4257 avoid ambiguities in describing TZ;
4258 ok djm@
4259 - reyk@cvs.openbsd.org 2005/12/06 22:38:28
4260 [auth-options.c auth-options.h channels.c channels.h clientloop.c]
4261 [misc.c misc.h readconf.c readconf.h scp.c servconf.c servconf.h]
4262 [serverloop.c sftp.c ssh.1 ssh.c ssh_config ssh_config.5 sshconnect.c]
4263 [sshconnect.h sshd.8 sshd_config sshd_config.5]
4264 Add support for tun(4) forwarding over OpenSSH, based on an idea and
4265 initial channel code bits by markus@. This is a simple and easy way to
4266 use OpenSSH for ad hoc virtual private network connections, e.g.
4267 administrative tunnels or secure wireless access. It's based on a new
4268 ssh channel and works similar to the existing TCP forwarding support,
4269 except that it depends on the tun(4) network interface on both ends of
4270 the connection for layer 2 or layer 3 tunneling. This diff also adds
4271 support for LocalCommand in the ssh(1) client.
4272 ok djm@, markus@, jmc@ (manpages), tested and discussed with others
4273 - djm@cvs.openbsd.org 2005/12/07 03:52:22
4274 [clientloop.c]
4275 reyk forgot to compile with -Werror (missing header)
4276 - jmc@cvs.openbsd.org 2005/12/07 10:52:13
4277 [ssh.1]
4278 - avoid line split in SYNOPSIS
4279 - add args to -w
4280 - kill trailing whitespace
4281 - jmc@cvs.openbsd.org 2005/12/08 14:59:44
4282 [ssh.1 ssh_config.5]
4283 make `!command' a little clearer;
4284 ok reyk
4285 - jmc@cvs.openbsd.org 2005/12/08 15:06:29
4286 [ssh_config.5]
4287 keep options in order;
4288 - reyk@cvs.openbsd.org 2005/12/08 18:34:11
4289 [auth-options.c includes.h misc.c misc.h readconf.c servconf.c]
4290 [serverloop.c ssh.c ssh_config.5 sshd_config.5 configure.ac]
4291 two changes to the new ssh tunnel support. this breaks compatibility
4292 with the initial commit but is required for a portable approach.
4293 - make the tunnel id u_int and platform friendly, use predefined types.
4294 - support configuration of layer 2 (ethernet) or layer 3
4295 (point-to-point, default) modes. configuration is done using the
4296 Tunnel (yes|point-to-point|ethernet|no) option is ssh_config(5) and
4297 restricted by the PermitTunnel (yes|point-to-point|ethernet|no) option
4298 in sshd_config(5).
4299 ok djm@, man page bits by jmc@
4300 - jmc@cvs.openbsd.org 2005/12/08 21:37:50
4301 [ssh_config.5]
4302 new sentence, new line;
4303 - markus@cvs.openbsd.org 2005/12/12 13:46:18
4304 [channels.c channels.h session.c]
4305 make sure protocol messages for internal channels are ignored.
4306 allow adjust messages for non-open channels; with and ok djm@
4307 - (djm) [misc.c] Disable tunnel code for non-OpenBSD (for now), enable
4308 again by providing a sys_tun_open() function for your platform and
4309 setting the CUSTOM_SYS_TUN_OPEN define. More work is required to match
4310 OpenBSD's tunnel protocol, which prepends the address family to the
4311 packet
4312
431320051201
4314 - (djm) [envpass.sh] Remove regress script that was accidentally committed
4315 in top level directory and not noticed for over a year :)
4316
431720051129
4318 - (tim) [ssh-keygen.c] Move DSA length test after setting default when
4319 bits == 0.
4320 - (dtucker) OpenBSD CVS Sync
4321 - dtucker@cvs.openbsd.org 2005/11/29 02:04:55
4322 [ssh-keygen.c]
4323 Populate default key sizes before checking them; from & ok tim@
4324 - (tim) [configure.ac sshd.8] Enable locked account check (a "*LK*" string)
4325 for UnixWare.
4326
432720051128
4328 - (dtucker) [regress/yes-head.sh] Work around breakage caused by some
4329 versions of GNU head. Based on patch from zappaman at buraphalinux.org
4330 - (dtucker) [includes.h] Bug #1122: __USE_GNU is a glibc internal macro, use
4331 _GNU_SOURCE instead. Patch from t8m at centrum.cz.
4332 - (dtucker) OpenBSD CVS Sync
4333 - dtucker@cvs.openbsd.org 2005/11/28 05:16:53
4334 [ssh-keygen.1 ssh-keygen.c]
4335 Enforce DSA key length of exactly 1024 bits to comply with FIPS-186-2,
4336 increase minumum RSA key size to 768 bits and update man page to reflect
4337 these. Patch originally bz#1119 (senthilkumar_sen at hotpop.com),
4338 ok djm@, grudging ok deraadt@.
4339 - dtucker@cvs.openbsd.org 2005/11/28 06:02:56
4340 [ssh-agent.1]
4341 Update agent socket path templates to reflect reality, correct xref for
4342 time formats. bz#1121, patch from openssh at roumenpetrov.info, ok djm@
4343
434420051126
4345 - (dtucker) [configure.ac] Bug #1126: AIX 5.2 and 5.3 (and presumably newer,
4346 when they're available) need the real UID set otherwise pam_chauthtok will
4347 set ADMCHG after changing the password, forcing the user to change it
4348 again immediately.
4349
435020051125
4351 - (dtucker) [configure.ac] Apply tim's fix for older systems where the
4352 resolver state in resolv.h is "state" not "__res_state". With slight
4353 modification by me to also work on old AIXes. ok djm@
4354 - (dtucker) [progressmeter.c scp.c sftp-server.c] Use correct casts for
4355 snprintf formats, fixes warnings on some 64 bit platforms. Patch from
4356 shaw at vranix.com, ok djm@
4357
435820051124
4359 - (djm) [configure.ac openbsd-compat/Makefile.in openbsd-compat/bsd-asprintf.c
4360 openbsd-compat/bsd-snprintf.c openbsd-compat/openbsd-compat.h] Add an
4361 asprintf() implementation, after syncing our {v,}snprintf() implementation
4362 with some extra fixes from Samba's version. With help and debugging from
4363 dtucker and tim; ok dtucker@
4364 - (dtucker) [configure.ac] Fix typos in comments and AC_SEARCH_LIB argument
4365 order in Reliant Unix block. Patch from johane at lysator.liu.se.
4366 - (dtucker) [regress/test-exec.sh] Use 1024 bit keys since we generate so
4367 many and use them only once. Speeds up testing on older/slower hardware.
4368
436920051122
4370 - (dtucker) OpenBSD CVS Sync
4371 - deraadt@cvs.openbsd.org 2005/11/12 18:37:59
4372 [ssh-add.c]
4373 space
4374 - deraadt@cvs.openbsd.org 2005/11/12 18:38:15
4375 [scp.c]
4376 avoid close(-1), as in rcp; ok cloder
4377 - millert@cvs.openbsd.org 2005/11/15 11:59:54
4378 [includes.h]
4379 Include sys/queue.h explicitly instead of assuming some other header
4380 will pull it in. At the moment it gets pulled in by sys/select.h
4381 (which ssh has no business including) via event.h. OK markus@
4382 (ID sync only in -portable)
4383 - dtucker@cvs.openbsd.org 2005/11/21 09:42:10
4384 [auth-krb5.c]
4385 Perform Kerberos calls even for invalid users to prevent leaking
4386 information about account validity. bz #975, patch originally from
4387 Senthil Kumar, sanity checked by Simon Wilkinson, tested by djm@, biorn@,
4388 ok markus@
4389 - dtucker@cvs.openbsd.org 2005/11/22 03:36:03
4390 [hostfile.c]
4391 Correct format/arguments to debug call; spotted by shaw at vranix.com
4392 ok djm@
4393 - (dtucker) [loginrec.c] Add casts to prevent compiler warnings, patch
4394 from shaw at vranix.com.
4395
439620051120
4397 - (dtucker) [openbsd-compat/openssl-compat.h] Add comment explaining what
4398 is going on.
4399
440020051112
4401 - (dtucker) [openbsd-compat/getrrsetbyname.c] Restore Portable-specific
4402 ifdef lost during sync. Spotted by tim@.
4403 - (dtucker) [openbsd-compat/{realpath.c,stroll.c,rresvport.c}] $OpenBSD tag.
4404 - (dtucker) [configure.ac] Use "$AWK" instead of "awk" in gcc version test.
4405 - (dtucker) [configure.ac] Remove duplicate utimes() check. ok djm@
4406 - (dtucker) [regress/reconfigure.sh] Fix potential race in the reconfigure
4407 test: if sshd takes too long to reconfigure the subsequent connection will
4408 fail. Zap pidfile before HUPing sshd which will rewrite it when it's ready.
4409
441020051110
4411 - (dtucker) [openbsd-compat/setenv.c] Merge changes for __findenv from
4412 OpenBSD getenv.c revs 1.4 - 1.8 (ANSIfication of arguments, removal of
4413 "register").
4414 - (dtucker) [openbsd-compat/setenv.c] Make __findenv static, remove
4415 unnecessary prototype.
4416 - (dtucker) [openbsd-compat/setenv.c] Sync changes from OpenBSD setenv.c
4417 revs 1.7 - 1.9.
4418 - (dtucker) [auth-krb5.c] Fix -Wsign-compare warning in non-Heimdal path.
4419 Patch from djm@.
4420 - (dtucker) [configure.ac] Disable pointer-sign warnings on gcc 4.0+
4421 since they're not useful right now. Patch from djm@.
4422 - (dtucker) [openbsd-compat/getgrouplist.c] Sync OpenBSD revs 1.10 - 1.2 (ANSI
4423 prototypes, removal of "register").
4424 - (dtucker) [openbsd-compat/strlcat.c] Sync OpenBSD revs 1.11 - 1.12 (removal
4425 of "register").
4426 - (dtucker) [openbsd-compat/{LOTS}] Move the "OPENBSD ORIGINAL" markers to
4427 after the copyright notices. Having them at the top next to the CVSIDs
4428 guarantees a conflict for each and every sync.
4429 - (dtucker) [openbsd-compat/strlcpy.c] Update from OpenBSD 1.8 -> 1.10.
4430 - (dtucker) [openbsd-compat/sigact.h] Add "OPENBSD ORIGINAL" marker.
4431 - (dtucker) [openbsd-compat/strmode.c] Update from OpenBSD 1.5 -> 1.7.
4432 Removal of rcsid, "whiteout" inode type.
4433 - (dtucker) [openbsd-compat/basename.c] Update from OpenBSD 1.11 -> 1.14.
4434 Removal of rcsid, will no longer strlcpy parts of the string.
4435 - (dtucker) [openbsd-compat/strtoll.c] Update from OpenBSD 1.4 -> 1.5.
4436 - (dtucker) [openbsd-compat/strtoul.c] Update from OpenBSD 1.5 -> 1.7.
4437 - (dtucker) [openbsd-compat/readpassphrase.c] Update from OpenBSD 1.16 -> 1.18.
4438 - (dtucker) [openbsd-compat/readpassphrase.h] Update from OpenBSD 1.3 -> 1.5.
4439 - (dtucker) [openbsd-compat/glob.c] Update from OpenBSD 1.22 -> 1.25.
4440 - (dtucker) [openbsd-compat/glob.h] Update from OpenBSD 1.8 -> 1.9.
4441 - (dtucker) [openbsd-compat/getcwd.c] Update from OpenBSD 1.9 -> 1.14.
4442 - (dtucker) [openbsd-compat/getcwd.c] Replace lstat with fstat to match up
4443 with OpenBSD code since we don't support platforms without fstat any more.
4444 - (dtucker) [openbsd-compat/inet_aton.c] Update from OpenBSD 1.7 -> 1.9.
4445 - (dtucker) [openbsd-compat/inet_ntoa.c] Update from OpenBSD 1.4 -> 1.6.
4446 - (dtucker) [openbsd-compat/inet_ntop.c] Update from OpenBSD 1.5 -> 1.7.
4447 - (dtucker) [openbsd-compat/daemon.c] Update from OpenBSD 1.5 -> 1.6.
4448 - (dtucker) [openbsd-compat/strsep.c] Update from OpenBSD 1.5 -> 1.6.
4449 - (dtucker) [openbsd-compat/daemon.c] Update from OpenBSD 1.10 -> 1.13.
4450 - (dtucker) [openbsd-compat/mktemp.c] Update from OpenBSD 1.17 -> 1.19.
4451 - (dtucker) [openbsd-compat/rresvport.c] Update from OpenBSD 1.6 -> 1.8.
4452 - (dtucker) [openbsd-compat/bindresvport.c] Add "OPENBSD ORIGINAL" marker.
4453 - (dtucker) [openbsd-compat/bindresvport.c] Update from OpenBSD 1.16 -> 1.17.
4454 - (dtucker) [openbsd-compat/sigact.c] Update from OpenBSD 1.3 -> 1.4.
4455 Id and copyright sync only, there were no substantial changes we need.
4456 - (dtucker) [openbsd-compat/bsd-closefrom.c openbsd-compat/base64.c]
4457 -Wsign-compare fixes from djm.
4458 - (dtucker) [openbsd-compat/sigact.h] Update from OpenBSD 1.2 -> 1.3.
4459 Id and copyright sync only, there were no substantial changes we need.
4460 - (dtucker) [configure.ac] Try to get the gcc version number in a way that
4461 doesn't change between versions, and use a safer default.
4462
446320051105
4464 - (djm) OpenBSD CVS Sync
4465 - markus@cvs.openbsd.org 2005/10/07 11:13:57
4466 [ssh-keygen.c]
4467 change DSA default back to 1024, as it's defined for 1024 bits only
4468 and this causes interop problems with other clients. moreover,
4469 in order to improve the security of DSA you need to change more
4470 components of DSA key generation (e.g. the internal SHA1 hash);
4471 ok deraadt
4472 - djm@cvs.openbsd.org 2005/10/10 10:23:08
4473 [channels.c channels.h clientloop.c serverloop.c session.c]
4474 fix regression I introduced in 4.2: X11 forwardings initiated after
4475 a session has exited (e.g. "(sleep 5; xterm) &") would not start.
4476 bz #1086 reported by t8m AT centrum.cz; ok markus@ dtucker@
4477 - djm@cvs.openbsd.org 2005/10/11 23:37:37
4478 [channels.c]
4479 bz #1076 set SO_REUSEADDR on X11 forwarding listner sockets, preventing
4480 bind() failure when a previous connection's listeners are in TIME_WAIT,
4481 reported by plattner AT inf.ethz.ch; ok dtucker@
4482 - stevesk@cvs.openbsd.org 2005/10/13 14:03:01
4483 [auth2-gss.c gss-genr.c gss-serv.c]
4484 remove unneeded #includes; ok markus@
4485 - stevesk@cvs.openbsd.org 2005/10/13 14:20:37
4486 [gss-serv.c]
4487 spelling in comments
4488 - stevesk@cvs.openbsd.org 2005/10/13 19:08:08
4489 [gss-serv-krb5.c gss-serv.c]
4490 unused declarations; ok deraadt@
4491 (id sync only for gss-serv-krb5.c)
4492 - stevesk@cvs.openbsd.org 2005/10/13 19:13:41
4493 [dns.c]
4494 unneeded #include, unused declaration, little knf; ok deraadt@
4495 - stevesk@cvs.openbsd.org 2005/10/13 22:24:31
4496 [auth2-gss.c gss-genr.c gss-serv.c monitor.c]
4497 KNF; ok djm@
4498 - stevesk@cvs.openbsd.org 2005/10/14 02:17:59
4499 [ssh-keygen.c ssh.c sshconnect2.c]
4500 no trailing "\n" for log functions; ok djm@
4501 - stevesk@cvs.openbsd.org 2005/10/14 02:29:37
4502 [channels.c clientloop.c]
4503 free()->xfree(); ok djm@
4504 - stevesk@cvs.openbsd.org 2005/10/15 15:28:12
4505 [sshconnect.c]
4506 make external definition static; ok deraadt@
4507 - stevesk@cvs.openbsd.org 2005/10/17 13:45:05
4508 [dns.c]
4509 fix memory leaks from 2 sources:
4510 1) key_fingerprint_raw()
4511 2) malloc in dns_read_rdata()
4512 ok jakob@
4513 - stevesk@cvs.openbsd.org 2005/10/17 14:01:28
4514 [dns.c]
4515 remove #ifdef LWRES; ok jakob@
4516 - stevesk@cvs.openbsd.org 2005/10/17 14:13:35
4517 [dns.c dns.h]
4518 more cleanups; ok jakob@
4519 - djm@cvs.openbsd.org 2005/10/30 01:23:19
4520 [ssh_config.5]
4521 mention control socket fallback behaviour, reported by
4522 tryponraj AT gmail.com
4523 - djm@cvs.openbsd.org 2005/10/30 04:01:03
4524 [ssh-keyscan.c]
4525 make ssh-keygen discard junk from server before SSH- ident, spotted by
4526 dave AT cirt.net; ok dtucker@
4527 - djm@cvs.openbsd.org 2005/10/30 04:03:24
4528 [ssh.c]
4529 fix misleading debug message; ok dtucker@
4530 - dtucker@cvs.openbsd.org 2005/10/30 08:29:29
4531 [canohost.c sshd.c]
4532 Check for connections with IP options earlier and drop silently. ok djm@
4533 - jmc@cvs.openbsd.org 2005/10/30 08:43:47
4534 [ssh_config.5]
4535 remove trailing whitespace;
4536 - djm@cvs.openbsd.org 2005/10/30 08:52:18
4537 [clientloop.c packet.c serverloop.c session.c ssh-agent.c ssh-keygen.c]
4538 [ssh.c sshconnect.c sshconnect1.c sshd.c]
4539 no need to escape single quotes in comments, no binary change
4540 - dtucker@cvs.openbsd.org 2005/10/31 06:15:04
4541 [sftp.c]
4542 Fix sorting with "ls -1" command. From Robert Tsai, "looks right" deraadt@
4543 - djm@cvs.openbsd.org 2005/10/31 11:12:49
4544 [ssh-keygen.1 ssh-keygen.c]
4545 generate a protocol 2 RSA key by default
4546 - djm@cvs.openbsd.org 2005/10/31 11:48:29
4547 [serverloop.c]
4548 make sure we clean up wtmp, etc. file when we receive a SIGTERM,
4549 SIGINT or SIGQUIT when running without privilege separation (the
4550 normal privsep case is already OK). Patch mainly by dtucker@ and
4551 senthilkumar_sen AT hotpop.com; ok dtucker@
4552 - jmc@cvs.openbsd.org 2005/10/31 19:55:25
4553 [ssh-keygen.1]
4554 grammar;
4555 - dtucker@cvs.openbsd.org 2005/11/03 13:38:29
4556 [canohost.c]
4557 Cache reverse lookups with and without DNS separately; ok markus@
4558 - djm@cvs.openbsd.org 2005/11/04 05:15:59
4559 [kex.c kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c]
4560 remove hardcoded hash lengths in key exchange code, allowing
4561 implementation of KEX methods with different hashes (e.g. SHA-256);
4562 ok markus@ dtucker@ stevesk@
4563 - djm@cvs.openbsd.org 2005/11/05 05:01:15
4564 [bufaux.c]
4565 Fix leaks in error paths, bz #1109 and #1110 reported by kremenek AT
4566 cs.stanford.edu; ok dtucker@
4567 - (dtucker) [README.platform] Add PAM section.
4568 - (djm) [openbsd-compat/getrrsetbyname.c] Sync to latest OpenBSD version,
4569 resolving memory leak bz#1111 reported by kremenek AT cs.stanford.edu;
4570 ok dtucker@
4571
457220051102
4573 - (dtucker) [openbsd-compat/bsd-misc.c] Bug #1108: fix broken strdup().
4574 Reported by olavi at ipunplugged.com and antoine.brodin at laposte.net
4575 via FreeBSD.
4576
457720051030
4578 - (djm) [contrib/suse/openssh.spec contrib/suse/rc.
4579 sshd contrib/suse/sysconfig.ssh] Bug #1106: Updated SuSE spec and init
4580 files from imorgan AT nas.nasa.gov
4581 - (dtucker) [session.c] Bug #1045do not check /etc/nologin when PAM is
4582 enabled, instead allow PAM to handle it. Note that on platforms using PAM,
4583 the pam_nologin module should be added to sshd's session stack in order to
4584 maintain exising behaviour. Based on patch and discussion from t8m at
4585 centrum.cz, ok djm@
4586
458720051025
4588 - (dtucker) [configure.ac] Relocate LLONG_MAX calculation to after the
4589 sizeof(long long) checks, to make fixing bug #1104 easier (no changes
4590 yet).
4591 - (dtucker) [configure.ac] Bug #1104: Tru64's printf family doesn't
4592 understand "%lld", even though the compiler has "long long", so handle
4593 it as a special case. Patch tested by mcaskill.scott at epa.gov.
4594 - (dtucker) [contrib/cygwin/ssh-user-config] Remove duplicate yes/no
4595 prompt. Patch from vinschen at redhat.com.
4596
459720051017
4598 - (dtucker) [configure.ac] Bug #1097: Fix configure for cross-compiling.
4599 /etc/default/login report and testing from aabaker at iee.org, corrections
4600 from tim@.
4601
460220051009
4603 - (dtucker) [configure.ac defines.h openbsd-compat/vis.{c,h}] Sync current
4604 versions from OpenBSD. ok djm@
4605
460620051008
4607 - (dtucker) [configure.ac] Bug #1098: define $MAIL for HP-UX; report from
4608 brian.smith at agilent com.
4609 - (djm) [configure.ac] missing 'test' call for -with-Werror test
4610
461120051005
4612 - (dtucker) [configure.ac sshd.8] Enable locked account check (a prepended
4613 "*LOCKED*" string) for FreeBSD. Patch jeremie at le-hen.org and
4614 senthilkumar_sen at hotpop.com.
4615
461620051003
4617 - (dtucker) OpenBSD CVS Sync
4618 - markus@cvs.openbsd.org 2005/09/07 08:53:53
4619 [channels.c]
4620 enforce chanid != NULL; ok djm
4621 - markus@cvs.openbsd.org 2005/09/09 19:18:05
4622 [clientloop.c]
4623 typo; from mark at mcs.vuw.ac.nz, bug #1082
4624 - djm@cvs.openbsd.org 2005/09/13 23:40:07
4625 [sshd.c ssh.c misc.h sftp.c ssh-keygen.c ssh-keysign.c sftp-server.c
4626 scp.c misc.c ssh-keyscan.c ssh-add.c ssh-agent.c]
4627 ensure that stdio fds are attached; ok deraadt@
4628 - djm@cvs.openbsd.org 2005/09/19 11:37:34
4629 [ssh_config.5 ssh.1]
4630 mention ability to specify bind_address for DynamicForward and -D options;
4631 bz#1077 spotted by Haruyama Seigo
4632 - djm@cvs.openbsd.org 2005/09/19 11:47:09
4633 [sshd.c]
4634 stop connection abort on rekey with delayed compression enabled when
4635 post-auth privsep is disabled (e.g. when root is logged in); ok dtucker@
4636 - djm@cvs.openbsd.org 2005/09/19 11:48:10
4637 [gss-serv.c]
4638 typo
4639 - jmc@cvs.openbsd.org 2005/09/19 15:38:27
4640 [ssh.1]
4641 some more .Bk/.Ek to avoid ugly line split;
4642 - jmc@cvs.openbsd.org 2005/09/19 15:42:44
4643 [ssh.c]
4644 update -D usage here too;
4645 - djm@cvs.openbsd.org 2005/09/19 23:31:31
4646 [ssh.1]
4647 spelling nit from stevesk@
4648 - djm@cvs.openbsd.org 2005/09/21 23:36:54
4649 [sshd_config.5]
4650 aquire -> acquire, from stevesk@
4651 - djm@cvs.openbsd.org 2005/09/21 23:37:11
4652 [sshd.c]
4653 change label at markus@'s request
4654 - jaredy@cvs.openbsd.org 2005/09/30 20:34:26
4655 [ssh-keyscan.1]
4656 deploy .An -nosplit; ok jmc
4657 - dtucker@cvs.openbsd.org 2005/10/03 07:44:42
4658 [canohost.c]
4659 Relocate check_ip_options call to prevent logging of garbage for
4660 connections with IP options set. bz#1092 from David Leonard,
4661 "looks good" deraadt@
4662 - (dtucker) [regress/README.regress] Bug #989: Document limitation that scp
4663 is required in the system path for the multiplex test to work.
4664
466520050930
4666 - (dtucker) [openbsd-compat/openbsd-compat.h] Bug #1096: Add prototype
4667 for strtoll. Patch from o.flebbe at science-computing.de.
4668 - (dtucker) [monitor.c] Bug #1087: Send loginmsg to preauth privsep
4669 child during PAM account check without clearing it. This restores the
4670 post-login warnings such as LDAP password expiry. Patch from Tomas Mraz
4671 with help from several others.
4672
467320050929
4674 - (dtucker) [monitor_wrap.c] Remove duplicate definition of loginmsg
4675 introduced during sync.
4676
467720050928
4678 - (dtucker) [entropy.c] Use u_char for receiving RNG seed for consistency.
4679 - (dtucker) [auth-pam.c] Bug #1028: send final non-query messages from
4680 PAM via keyboard-interactive. Patch tested by the folks at Vintela.
4681
468220050927
4683 - (dtucker) [entropy.c] Remove unnecessary tests for getuid and geteuid
4684 calls, since they can't possibly fail. ok djm@
4685 - (dtucker) [entropy.c entropy.h sshd.c] Pass RNG seed to the reexec'ed
4686 process when sshd relies on ssh-random-helper. Should result in faster
4687 logins on systems without a real random device or prngd. ok djm@
4688
468920050924
4690 - (dtucker) [auth2.c] Move start_pam() calls out of if-else block to remove
4691 duplicate call. ok djm@
4692
469320050922
4694 - (dtucker) [configure.ac] Use -R linker flag for libedit too; patch from
4695 skeleten at shillest.net.
4696 - (dtucker) [configure.ac] Fix help for --with-opensc; patch from skeleten at
4697 shillest.net.
4698
469920050919
4700 - (tim) [aclocal.m4 configure.ac] Delete acconfig.h and add templates to
4701 AC_DEFINE and AC_DEFINE_UNQUOTED to quiet autoconf 2.59 warning messages.
4702 ok dtucker@
4703
470420050912
4705 - (tim) [configure.ac] Bug 1078. Fix --without-kerberos5. Reported by
4706 Mike Frysinger.
4707
470820050908
4709 - (tim) [defines.h openbsd-compat/port-uw.c] Add long password support to
4710 OpenServer 6 and add osr5bigcrypt support so when someone migrates
4711 passwords between UnixWare and OpenServer they will still work. OK dtucker@
4712
4713$Id: ChangeLog,v 1.5095 2008/07/21 08:22:25 djm Exp $
diff --git a/ChangeLog.gssapi b/ChangeLog.gssapi
index 5c110d0d8..927b98bc9 100644
--- a/ChangeLog.gssapi
+++ b/ChangeLog.gssapi
@@ -1,3 +1,23 @@
120090615
2 - [ gss-genr.c gss-serv.c kexgssc.c kexgsss.c monitor.c sshconnect2.c
3 sshd.c ]
4 Fix issues identified by Greg Hudson following a code review
5 Check return value of gss_indicate_mechs
6 Protect GSSAPI calls in monitor, so they can only be used if enabled
7 Check return values of bignum functions in key exchange
8 Use BN_clear_free to clear other side's DH value
9 Make ssh_gssapi_id_kex more robust
10 Only configure kex table pointers if GSSAPI is enabled
11 Don't leak mechanism list, or gss mechanism list
12 Cast data.length before printing
13 If serverkey isn't provided, use an empty string, rather than NULL
14
1520090201
16 - [ gss-genr.c gss-serv.c kex.h kexgssc.c readconf.c readconf.h ssh-gss.h
17 ssh_config.5 sshconnet2.c ]
18 Add support for the GSSAPIClientIdentity option, which allows the user
19 to specify which GSSAPI identity to use to contact a given server
20
120080404 2120080404
2 - [ gss-serv.c ] 22 - [ gss-serv.c ]
3 Add code to actually implement GSSAPIStrictAcceptCheck, which had somehow 23 Add code to actually implement GSSAPIStrictAcceptCheck, which had somehow
diff --git a/Makefile.in b/Makefile.in
index 2fdc7adba..fc3aabdc1 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -1,4 +1,4 @@
1# $Id: Makefile.in,v 1.297 2008/07/08 14:21:12 djm Exp $ 1# $Id: Makefile.in,v 1.298 2008/11/05 05:20:46 djm Exp $
2 2
3# uncomment if you run a non bourne compatable shell. Ie. csh 3# uncomment if you run a non bourne compatable shell. Ie. csh
4#SHELL = @SH@ 4#SHELL = @SH@
@@ -73,7 +73,8 @@ LIBSSH_OBJS=acss.o authfd.o authfile.o bufaux.o bufbn.o buffer.o \
73 atomicio.o key.o dispatch.o kex.o mac.o uidswap.o uuencode.o misc.o \ 73 atomicio.o key.o dispatch.o kex.o mac.o uidswap.o uuencode.o misc.o \
74 monitor_fdpass.o rijndael.o ssh-dss.o ssh-rsa.o dh.o kexdh.o \ 74 monitor_fdpass.o rijndael.o ssh-dss.o ssh-rsa.o dh.o kexdh.o \
75 kexgex.o kexdhc.o kexgexc.o scard.o msg.o progressmeter.o dns.o \ 75 kexgex.o kexdhc.o kexgexc.o scard.o msg.o progressmeter.o dns.o \
76 entropy.o scard-opensc.o gss-genr.o umac.o kexgssc.o 76 entropy.o scard-opensc.o gss-genr.o umac.o jpake.o schnorr.o \
77 kexgssc.o
77 78
78SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \ 79SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \
79 sshconnect.o sshconnect1.o sshconnect2.o mux.o 80 sshconnect.o sshconnect1.o sshconnect2.o mux.o
@@ -83,7 +84,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \
83 auth.o auth1.o auth2.o auth-options.o session.o \ 84 auth.o auth1.o auth2.o auth-options.o session.o \
84 auth-chall.o auth2-chall.o groupaccess.o \ 85 auth-chall.o auth2-chall.o groupaccess.o \
85 auth-skey.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o \ 86 auth-skey.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o \
86 auth2-none.o auth2-passwd.o auth2-pubkey.o \ 87 auth2-none.o auth2-passwd.o auth2-pubkey.o auth2-jpake.o \
87 monitor_mm.o monitor.o monitor_wrap.o kexdhs.o kexgexs.o \ 88 monitor_mm.o monitor.o monitor_wrap.o kexdhs.o kexgexs.o \
88 auth-krb5.o \ 89 auth-krb5.o \
89 auth2-gss.o gss-serv.o gss-serv-krb5.o kexgsss.o\ 90 auth2-gss.o gss-serv.o gss-serv-krb5.o kexgsss.o\
diff --git a/PROTOCOL b/PROTOCOL
index 37fd536d9..5aada630d 100644
--- a/PROTOCOL
+++ b/PROTOCOL
@@ -64,6 +64,12 @@ remain open after a "eow@openssh.com" has been sent and more data may
64still be sent in the other direction. This message does not consume 64still be sent in the other direction. This message does not consume
65window space and may be sent even if no window space is available. 65window space and may be sent even if no window space is available.
66 66
67NB. due to certain broken SSH implementations aborting upon receipt
68of this message (in contravention of RFC4254 section 5.4), this
69message is only sent to OpenSSH peers (identified by banner).
70Other SSH implementations may be whitelisted to receive this message
71upon request.
72
674. connection: disallow additional sessions extension 734. connection: disallow additional sessions extension
68 "no-more-sessions@openssh.com" 74 "no-more-sessions@openssh.com"
69 75
@@ -87,6 +93,11 @@ connection.
87Note that this is not a general defence against compromised clients 93Note that this is not a general defence against compromised clients
88(that is impossible), but it thwarts a simple attack. 94(that is impossible), but it thwarts a simple attack.
89 95
96NB. due to certain broken SSH implementations aborting upon receipt
97of this message, the no-more-sessions request is only sent to OpenSSH
98servers (identified by banner). Other SSH implementations may be
99whitelisted to receive this message upon request.
100
905. connection: Tunnel forward extension "tun@openssh.com" 1015. connection: Tunnel forward extension "tun@openssh.com"
91 102
92OpenSSH supports layer 2 and layer 3 tunnelling via the "tun@openssh.com" 103OpenSSH supports layer 2 and layer 3 tunnelling via the "tun@openssh.com"
@@ -240,4 +251,4 @@ The values of the f_flag bitmask are as follows:
240Both the "statvfs@openssh.com" and "fstatvfs@openssh.com" extensions are 251Both the "statvfs@openssh.com" and "fstatvfs@openssh.com" extensions are
241advertised in the SSH_FXP_VERSION hello with version "2". 252advertised in the SSH_FXP_VERSION hello with version "2".
242 253
243$OpenBSD: PROTOCOL,v 1.11 2008/07/05 05:16:01 djm Exp $ 254$OpenBSD: PROTOCOL,v 1.12 2009/02/14 06:35:49 djm Exp $
diff --git a/README b/README
index 183d92f70..9de00c093 100644
--- a/README
+++ b/README
@@ -1,4 +1,4 @@
1See http://www.openssh.com/txt/release-5.1 for the release notes. 1See http://www.openssh.com/txt/release-5.2 for the release notes.
2 2
3- A Japanese translation of this document and of the OpenSSH FAQ is 3- A Japanese translation of this document and of the OpenSSH FAQ is
4- available at http://www.unixuser.org/~haruyama/security/openssh/index.html 4- available at http://www.unixuser.org/~haruyama/security/openssh/index.html
@@ -62,4 +62,4 @@ References -
62[6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9 62[6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9
63[7] http://www.openssh.com/faq.html 63[7] http://www.openssh.com/faq.html
64 64
65$Id: README,v 1.69 2008/07/21 08:21:52 djm Exp $ 65$Id: README,v 1.70 2009/02/23 00:11:57 djm Exp $
diff --git a/addrmatch.c b/addrmatch.c
index 2086afe84..d39885b7b 100644
--- a/addrmatch.c
+++ b/addrmatch.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: addrmatch.c,v 1.3 2008/06/10 23:06:19 djm Exp $ */ 1/* $OpenBSD: addrmatch.c,v 1.4 2008/12/10 03:55:20 stevesk Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2004-2008 Damien Miller <djm@mindrot.org> 4 * Copyright (c) 2004-2008 Damien Miller <djm@mindrot.org>
@@ -31,6 +31,7 @@
31 31
32#include "match.h" 32#include "match.h"
33#include "log.h" 33#include "log.h"
34#include "xmalloc.h"
34 35
35struct xaddr { 36struct xaddr {
36 sa_family_t af; 37 sa_family_t af;
@@ -97,7 +98,9 @@ addr_sa_to_xaddr(struct sockaddr *sa, socklen_t slen, struct xaddr *xa)
97 return -1; 98 return -1;
98 xa->af = AF_INET6; 99 xa->af = AF_INET6;
99 memcpy(&xa->v6, &in6->sin6_addr, sizeof(xa->v6)); 100 memcpy(&xa->v6, &in6->sin6_addr, sizeof(xa->v6));
101#ifdef HAVE_STRUCT_SOCKADDR_IN6_SIN6_SCOPE_ID
100 xa->scope_id = in6->sin6_scope_id; 102 xa->scope_id = in6->sin6_scope_id;
103#endif
101 break; 104 break;
102 default: 105 default:
103 return -1; 106 return -1;
@@ -415,7 +418,7 @@ addr_match_list(const char *addr, const char *_list)
415 goto foundit; 418 goto foundit;
416 } 419 }
417 } 420 }
418 free(o); 421 xfree(o);
419 422
420 return ret; 423 return ret;
421} 424}
diff --git a/auth-options.c b/auth-options.c
index 25361455e..ab085c233 100644
--- a/auth-options.c
+++ b/auth-options.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth-options.c,v 1.43 2008/06/10 23:06:19 djm Exp $ */ 1/* $OpenBSD: auth-options.c,v 1.44 2009/01/22 10:09:16 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -255,7 +255,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
255 cp = "permitopen=\""; 255 cp = "permitopen=\"";
256 if (strncasecmp(opts, cp, strlen(cp)) == 0) { 256 if (strncasecmp(opts, cp, strlen(cp)) == 0) {
257 char *host, *p; 257 char *host, *p;
258 u_short port; 258 int port;
259 char *patterns = xmalloc(strlen(opts) + 1); 259 char *patterns = xmalloc(strlen(opts) + 1);
260 260
261 opts += strlen(cp); 261 opts += strlen(cp);
@@ -293,7 +293,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
293 goto bad_option; 293 goto bad_option;
294 } 294 }
295 host = cleanhostname(host); 295 host = cleanhostname(host);
296 if (p == NULL || (port = a2port(p)) == 0) { 296 if (p == NULL || (port = a2port(p)) <= 0) {
297 debug("%.100s, line %lu: Bad permitopen port " 297 debug("%.100s, line %lu: Bad permitopen port "
298 "<%.100s>", file, linenum, p ? p : ""); 298 "<%.100s>", file, linenum, p ? p : "");
299 auth_debug_add("%.100s, line %lu: " 299 auth_debug_add("%.100s, line %lu: "
diff --git a/auth.c b/auth.c
index af6b052bf..ae2cdec57 100644
--- a/auth.c
+++ b/auth.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth.c,v 1.79 2008/07/02 12:03:51 dtucker Exp $ */ 1/* $OpenBSD: auth.c,v 1.80 2008/11/04 07:58:09 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * 4 *
diff --git a/auth.h b/auth.h
index b998198aa..6c015cfb6 100644
--- a/auth.h
+++ b/auth.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth.h,v 1.61 2008/07/02 12:03:51 dtucker Exp $ */ 1/* $OpenBSD: auth.h,v 1.62 2008/11/04 08:22:12 djm Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2000 Markus Friedl. All rights reserved. 4 * Copyright (c) 2000 Markus Friedl. All rights reserved.
@@ -61,6 +61,7 @@ struct Authctxt {
61 char *style; 61 char *style;
62 char *role; 62 char *role;
63 void *kbdintctxt; 63 void *kbdintctxt;
64 void *jpake_ctx;
64#ifdef BSD_AUTH 65#ifdef BSD_AUTH
65 auth_session_t *as; 66 auth_session_t *as;
66#endif 67#endif
@@ -158,6 +159,9 @@ int bsdauth_respond(void *, u_int, char **);
158int skey_query(void *, char **, char **, u_int *, char ***, u_int **); 159int skey_query(void *, char **, char **, u_int *, char ***, u_int **);
159int skey_respond(void *, u_int, char **); 160int skey_respond(void *, u_int, char **);
160 161
162void auth2_jpake_get_pwdata(Authctxt *, BIGNUM **, char **, char **);
163void auth2_jpake_stop(Authctxt *);
164
161int allowed_user(struct passwd *); 165int allowed_user(struct passwd *);
162struct passwd * getpwnamallow(const char *user); 166struct passwd * getpwnamallow(const char *user);
163 167
diff --git a/auth2-chall.c b/auth2-chall.c
index d816578c6..e6dbffe22 100644
--- a/auth2-chall.c
+++ b/auth2-chall.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth2-chall.c,v 1.33 2007/09/21 08:15:29 djm Exp $ */ 1/* $OpenBSD: auth2-chall.c,v 1.34 2008/12/09 04:32:22 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2001 Markus Friedl. All rights reserved. 3 * Copyright (c) 2001 Markus Friedl. All rights reserved.
4 * Copyright (c) 2001 Per Allansson. All rights reserved. 4 * Copyright (c) 2001 Per Allansson. All rights reserved.
@@ -281,7 +281,7 @@ input_userauth_info_response(int type, u_int32_t seq, void *ctxt)
281{ 281{
282 Authctxt *authctxt = ctxt; 282 Authctxt *authctxt = ctxt;
283 KbdintAuthctxt *kbdintctxt; 283 KbdintAuthctxt *kbdintctxt;
284 int authenticated = 0, res, len; 284 int authenticated = 0, res;
285 u_int i, nresp; 285 u_int i, nresp;
286 char **response = NULL, *method; 286 char **response = NULL, *method;
287 287
@@ -330,11 +330,7 @@ input_userauth_info_response(int type, u_int32_t seq, void *ctxt)
330 break; 330 break;
331 } 331 }
332 332
333 len = strlen("keyboard-interactive") + 2 + 333 xasprintf(&method, "keyboard-interactive/%s", kbdintctxt->device->name);
334 strlen(kbdintctxt->device->name);
335 method = xmalloc(len);
336 snprintf(method, len, "keyboard-interactive/%s",
337 kbdintctxt->device->name);
338 334
339 if (!authctxt->postponed) { 335 if (!authctxt->postponed) {
340 if (authenticated) { 336 if (authenticated) {
diff --git a/auth2-gss.c b/auth2-gss.c
index 9f76f59bd..a192d282f 100644
--- a/auth2-gss.c
+++ b/auth2-gss.c
@@ -1,7 +1,7 @@
1/* $OpenBSD: auth2-gss.c,v 1.16 2007/10/29 00:52:45 dtucker Exp $ */ 1/* $OpenBSD: auth2-gss.c,v 1.16 2007/10/29 00:52:45 dtucker Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. 4 * Copyright (c) 2001-2007 Simon Wilkinson. All rights reserved.
5 * 5 *
6 * Redistribution and use in source and binary forms, with or without 6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions 7 * modification, are permitted provided that the following conditions
@@ -77,7 +77,8 @@ userauth_gsskeyex(Authctxt *authctxt)
77 /* gss_kex_context is NULL with privsep, so we can't check it here */ 77 /* gss_kex_context is NULL with privsep, so we can't check it here */
78 if (!GSS_ERROR(PRIVSEP(ssh_gssapi_checkmic(gss_kex_context, 78 if (!GSS_ERROR(PRIVSEP(ssh_gssapi_checkmic(gss_kex_context,
79 &gssbuf, &mic)))) 79 &gssbuf, &mic))))
80 authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user)); 80 authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user,
81 authctxt->pw));
81 82
82 buffer_free(&b); 83 buffer_free(&b);
83 xfree(mic.value); 84 xfree(mic.value);
@@ -277,7 +278,8 @@ input_gssapi_exchange_complete(int type, u_int32_t plen, void *ctxt)
277 278
278 packet_check_eom(); 279 packet_check_eom();
279 280
280 authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user)); 281 authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user,
282 authctxt->pw));
281 283
282 authctxt->postponed = 0; 284 authctxt->postponed = 0;
283 dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL); 285 dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
@@ -312,7 +314,8 @@ input_gssapi_mic(int type, u_int32_t plen, void *ctxt)
312 gssbuf.length = buffer_len(&b); 314 gssbuf.length = buffer_len(&b);
313 315
314 if (!GSS_ERROR(PRIVSEP(ssh_gssapi_checkmic(gssctxt, &gssbuf, &mic)))) 316 if (!GSS_ERROR(PRIVSEP(ssh_gssapi_checkmic(gssctxt, &gssbuf, &mic))))
315 authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user)); 317 authenticated =
318 PRIVSEP(ssh_gssapi_userok(authctxt->user, authctxt->pw));
316 else 319 else
317 logit("GSSAPI MIC check failed"); 320 logit("GSSAPI MIC check failed");
318 321
diff --git a/auth2-jpake.c b/auth2-jpake.c
new file mode 100644
index 000000000..efe7ff2a3
--- /dev/null
+++ b/auth2-jpake.c
@@ -0,0 +1,557 @@
1/* $OpenBSD: auth2-jpake.c,v 1.2 2008/11/07 23:34:48 dtucker Exp $ */
2/*
3 * Copyright (c) 2008 Damien Miller. All rights reserved.
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18/*
19 * Server side of zero-knowledge password auth using J-PAKE protocol
20 * as described in:
21 *
22 * F. Hao, P. Ryan, "Password Authenticated Key Exchange by Juggling",
23 * 16th Workshop on Security Protocols, Cambridge, April 2008
24 *
25 * http://grouper.ieee.org/groups/1363/Research/contributions/hao-ryan-2008.pdf
26 */
27
28#ifdef JPAKE
29
30#include <sys/types.h>
31#include <sys/param.h>
32
33#include <pwd.h>
34#include <stdio.h>
35#include <string.h>
36#include <login_cap.h>
37
38#include <openssl/bn.h>
39#include <openssl/evp.h>
40
41#include "xmalloc.h"
42#include "ssh2.h"
43#include "key.h"
44#include "hostfile.h"
45#include "buffer.h"
46#include "auth.h"
47#include "packet.h"
48#include "dispatch.h"
49#include "log.h"
50#include "servconf.h"
51#include "auth-options.h"
52#include "canohost.h"
53#ifdef GSSAPI
54#include "ssh-gss.h"
55#endif
56#include "monitor_wrap.h"
57
58#include "jpake.h"
59
60/*
61 * XXX options->permit_empty_passwd (at the moment, they will be refused
62 * anyway because they will mismatch on fake salt.
63 */
64
65/* Dispatch handlers */
66static void input_userauth_jpake_client_step1(int, u_int32_t, void *);
67static void input_userauth_jpake_client_step2(int, u_int32_t, void *);
68static void input_userauth_jpake_client_confirm(int, u_int32_t, void *);
69
70static int auth2_jpake_start(Authctxt *);
71
72/* import */
73extern ServerOptions options;
74extern u_char *session_id2;
75extern u_int session_id2_len;
76
77/*
78 * Attempt J-PAKE authentication.
79 */
80static int
81userauth_jpake(Authctxt *authctxt)
82{
83 int authenticated = 0;
84
85 packet_check_eom();
86
87 debug("jpake-01@openssh.com requested");
88
89 if (authctxt->user != NULL) {
90 if (authctxt->jpake_ctx == NULL)
91 authctxt->jpake_ctx = jpake_new();
92 if (options.zero_knowledge_password_authentication)
93 authenticated = auth2_jpake_start(authctxt);
94 }
95
96 return authenticated;
97}
98
99Authmethod method_jpake = {
100 "jpake-01@openssh.com",
101 userauth_jpake,
102 &options.zero_knowledge_password_authentication
103};
104
105/* Clear context and callbacks */
106void
107auth2_jpake_stop(Authctxt *authctxt)
108{
109 /* unregister callbacks */
110 dispatch_set(SSH2_MSG_USERAUTH_JPAKE_CLIENT_STEP1, NULL);
111 dispatch_set(SSH2_MSG_USERAUTH_JPAKE_CLIENT_STEP2, NULL);
112 dispatch_set(SSH2_MSG_USERAUTH_JPAKE_CLIENT_CONFIRM, NULL);
113 if (authctxt->jpake_ctx != NULL) {
114 jpake_free(authctxt->jpake_ctx);
115 authctxt->jpake_ctx = NULL;
116 }
117}
118
119/* Returns 1 if 'c' is a valid crypt(3) salt character, 0 otherwise */
120static int
121valid_crypt_salt(int c)
122{
123 if (c >= 'A' && c <= 'Z')
124 return 1;
125 if (c >= 'a' && c <= 'z')
126 return 1;
127 if (c >= '.' && c <= '9')
128 return 1;
129 return 0;
130}
131
132/*
133 * Derive fake salt as H(username || first_private_host_key)
134 * This provides relatively stable fake salts for non-existent
135 * users and avoids the jpake method becoming an account validity
136 * oracle.
137 */
138static void
139derive_rawsalt(const char *username, u_char *rawsalt, u_int len)
140{
141 u_char *digest;
142 u_int digest_len;
143 Buffer b;
144 Key *k;
145
146 buffer_init(&b);
147 buffer_put_cstring(&b, username);
148 if ((k = get_hostkey_by_index(0)) == NULL ||
149 (k->flags & KEY_FLAG_EXT))
150 fatal("%s: no hostkeys", __func__);
151 switch (k->type) {
152 case KEY_RSA1:
153 case KEY_RSA:
154 if (k->rsa->p == NULL || k->rsa->q == NULL)
155 fatal("%s: RSA key missing p and/or q", __func__);
156 buffer_put_bignum2(&b, k->rsa->p);
157 buffer_put_bignum2(&b, k->rsa->q);
158 break;
159 case KEY_DSA:
160 if (k->dsa->priv_key == NULL)
161 fatal("%s: DSA key missing priv_key", __func__);
162 buffer_put_bignum2(&b, k->dsa->priv_key);
163 break;
164 default:
165 fatal("%s: unknown key type %d", __func__, k->type);
166 }
167 if (hash_buffer(buffer_ptr(&b), buffer_len(&b), EVP_sha256(),
168 &digest, &digest_len) != 0)
169 fatal("%s: hash_buffer", __func__);
170 buffer_free(&b);
171 if (len > digest_len)
172 fatal("%s: not enough bytes for rawsalt (want %u have %u)",
173 __func__, len, digest_len);
174 memcpy(rawsalt, digest, len);
175 bzero(digest, digest_len);
176 xfree(digest);
177}
178
179/* ASCII an integer [0, 64) for inclusion in a password/salt */
180static char
181pw_encode64(u_int i64)
182{
183 const u_char e64[] =
184 "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
185 return e64[i64 % 64];
186}
187
188/* Generate ASCII salt bytes for user */
189static char *
190makesalt(u_int want, const char *user)
191{
192 u_char rawsalt[32];
193 static char ret[33];
194 u_int i;
195
196 if (want > sizeof(ret) - 1)
197 fatal("%s: want %u", __func__, want);
198
199 derive_rawsalt(user, rawsalt, sizeof(rawsalt));
200 bzero(ret, sizeof(ret));
201 for (i = 0; i < want; i++)
202 ret[i] = pw_encode64(rawsalt[i]);
203 bzero(rawsalt, sizeof(rawsalt));
204
205 return ret;
206}
207
208/*
209 * Select the system's default password hashing scheme and generate
210 * a stable fake salt under it for use by a non-existent account.
211 * Prevents jpake method being used to infer the validity of accounts.
212 */
213static void
214fake_salt_and_scheme(Authctxt *authctxt, char **salt, char **scheme)
215{
216 char *rounds_s, *style;
217 long long rounds;
218 login_cap_t *lc;
219
220
221 if ((lc = login_getclass(authctxt->pw->pw_class)) == NULL &&
222 (lc = login_getclass(NULL)) == NULL)
223 fatal("%s: login_getclass failed", __func__);
224 style = login_getcapstr(lc, "localcipher", NULL, NULL);
225 if (style == NULL)
226 style = xstrdup("blowfish,6");
227 login_close(lc);
228
229 if ((rounds_s = strchr(style, ',')) != NULL)
230 *rounds_s++ = '\0';
231 rounds = strtonum(rounds_s, 1, 1<<31, NULL);
232
233 if (strcmp(style, "md5") == 0) {
234 xasprintf(salt, "$1$%s$", makesalt(8, authctxt->user));
235 *scheme = xstrdup("md5");
236 } else if (strcmp(style, "old") == 0) {
237 *salt = xstrdup(makesalt(2, authctxt->user));
238 *scheme = xstrdup("crypt");
239 } else if (strcmp(style, "newsalt") == 0) {
240 rounds = MAX(rounds, 7250);
241 rounds = MIN(rounds, (1<<24) - 1);
242 xasprintf(salt, "_%c%c%c%c%s",
243 pw_encode64(rounds), pw_encode64(rounds >> 6),
244 pw_encode64(rounds >> 12), pw_encode64(rounds >> 18),
245 makesalt(4, authctxt->user));
246 *scheme = xstrdup("crypt-extended");
247 } else {
248 /* Default to blowfish */
249 rounds = MAX(rounds, 3);
250 rounds = MIN(rounds, 31);
251 xasprintf(salt, "$2a$%02lld$%s", rounds,
252 makesalt(22, authctxt->user));
253 *scheme = xstrdup("bcrypt");
254 }
255 xfree(style);
256 debug3("%s: fake %s salt for user %s: %s",
257 __func__, *scheme, authctxt->user, *salt);
258}
259
260/*
261 * Fetch password hashing scheme, password salt and derive shared secret
262 * for user. If user does not exist, a fake but stable and user-unique
263 * salt will be returned.
264 */
265void
266auth2_jpake_get_pwdata(Authctxt *authctxt, BIGNUM **s,
267 char **hash_scheme, char **salt)
268{
269 char *cp;
270 u_char *secret;
271 u_int secret_len, salt_len;
272
273#ifdef JPAKE_DEBUG
274 debug3("%s: valid %d pw %.5s...", __func__,
275 authctxt->valid, authctxt->pw->pw_passwd);
276#endif
277
278 *salt = NULL;
279 *hash_scheme = NULL;
280 if (authctxt->valid) {
281 if (strncmp(authctxt->pw->pw_passwd, "$2$", 3) == 0 &&
282 strlen(authctxt->pw->pw_passwd) > 28) {
283 /*
284 * old-variant bcrypt:
285 * "$2$", 2 digit rounds, "$", 22 bytes salt
286 */
287 salt_len = 3 + 2 + 1 + 22 + 1;
288 *salt = xmalloc(salt_len);
289 strlcpy(*salt, authctxt->pw->pw_passwd, salt_len);
290 *hash_scheme = xstrdup("bcrypt");
291 } else if (strncmp(authctxt->pw->pw_passwd, "$2a$", 4) == 0 &&
292 strlen(authctxt->pw->pw_passwd) > 29) {
293 /*
294 * current-variant bcrypt:
295 * "$2a$", 2 digit rounds, "$", 22 bytes salt
296 */
297 salt_len = 4 + 2 + 1 + 22 + 1;
298 *salt = xmalloc(salt_len);
299 strlcpy(*salt, authctxt->pw->pw_passwd, salt_len);
300 *hash_scheme = xstrdup("bcrypt");
301 } else if (strncmp(authctxt->pw->pw_passwd, "$1$", 3) == 0 &&
302 strlen(authctxt->pw->pw_passwd) > 5) {
303 /*
304 * md5crypt:
305 * "$1$", salt until "$"
306 */
307 cp = strchr(authctxt->pw->pw_passwd + 3, '$');
308 if (cp != NULL) {
309 salt_len = (cp - authctxt->pw->pw_passwd) + 1;
310 *salt = xmalloc(salt_len);
311 strlcpy(*salt, authctxt->pw->pw_passwd,
312 salt_len);
313 *hash_scheme = xstrdup("md5crypt");
314 }
315 } else if (strncmp(authctxt->pw->pw_passwd, "_", 1) == 0 &&
316 strlen(authctxt->pw->pw_passwd) > 9) {
317 /*
318 * BSDI extended crypt:
319 * "_", 4 digits count, 4 chars salt
320 */
321 salt_len = 1 + 4 + 4 + 1;
322 *salt = xmalloc(salt_len);
323 strlcpy(*salt, authctxt->pw->pw_passwd, salt_len);
324 *hash_scheme = xstrdup("crypt-extended");
325 } else if (strlen(authctxt->pw->pw_passwd) == 13 &&
326 valid_crypt_salt(authctxt->pw->pw_passwd[0]) &&
327 valid_crypt_salt(authctxt->pw->pw_passwd[1])) {
328 /*
329 * traditional crypt:
330 * 2 chars salt
331 */
332 salt_len = 2 + 1;
333 *salt = xmalloc(salt_len);
334 strlcpy(*salt, authctxt->pw->pw_passwd, salt_len);
335 *hash_scheme = xstrdup("crypt");
336 }
337 if (*salt == NULL) {
338 debug("%s: unrecognised crypt scheme for user %s",
339 __func__, authctxt->pw->pw_name);
340 }
341 }
342 if (*salt == NULL)
343 fake_salt_and_scheme(authctxt, salt, hash_scheme);
344
345 if (hash_buffer(authctxt->pw->pw_passwd,
346 strlen(authctxt->pw->pw_passwd), EVP_sha256(),
347 &secret, &secret_len) != 0)
348 fatal("%s: hash_buffer", __func__);
349 if ((*s = BN_bin2bn(secret, secret_len, NULL)) == NULL)
350 fatal("%s: BN_bin2bn (secret)", __func__);
351#ifdef JPAKE_DEBUG
352 debug3("%s: salt = %s (len %u)", __func__,
353 *salt, (u_int)strlen(*salt));
354 debug3("%s: scheme = %s", __func__, *hash_scheme);
355 JPAKE_DEBUG_BN((*s, "%s: s = ", __func__));
356#endif
357 bzero(secret, secret_len);
358 xfree(secret);
359}
360
361/*
362 * Being authentication attempt.
363 * Note, sets authctxt->postponed while in subprotocol
364 */
365static int
366auth2_jpake_start(Authctxt *authctxt)
367{
368 struct jpake_ctx *pctx = authctxt->jpake_ctx;
369 u_char *x3_proof, *x4_proof;
370 u_int x3_proof_len, x4_proof_len;
371 char *salt, *hash_scheme;
372
373 debug("%s: start", __func__);
374
375 PRIVSEP(jpake_step1(pctx->grp,
376 &pctx->server_id, &pctx->server_id_len,
377 &pctx->x3, &pctx->x4, &pctx->g_x3, &pctx->g_x4,
378 &x3_proof, &x3_proof_len,
379 &x4_proof, &x4_proof_len));
380
381 PRIVSEP(auth2_jpake_get_pwdata(authctxt, &pctx->s,
382 &hash_scheme, &salt));
383
384 if (!use_privsep)
385 JPAKE_DEBUG_CTX((pctx, "step 1 sending in %s", __func__));
386
387 packet_start(SSH2_MSG_USERAUTH_JPAKE_SERVER_STEP1);
388 packet_put_cstring(hash_scheme);
389 packet_put_cstring(salt);
390 packet_put_string(pctx->server_id, pctx->server_id_len);
391 packet_put_bignum2(pctx->g_x3);
392 packet_put_bignum2(pctx->g_x4);
393 packet_put_string(x3_proof, x3_proof_len);
394 packet_put_string(x4_proof, x4_proof_len);
395 packet_send();
396 packet_write_wait();
397
398 bzero(hash_scheme, strlen(hash_scheme));
399 bzero(salt, strlen(salt));
400 xfree(hash_scheme);
401 xfree(salt);
402 bzero(x3_proof, x3_proof_len);
403 bzero(x4_proof, x4_proof_len);
404 xfree(x3_proof);
405 xfree(x4_proof);
406
407 /* Expect step 1 packet from peer */
408 dispatch_set(SSH2_MSG_USERAUTH_JPAKE_CLIENT_STEP1,
409 input_userauth_jpake_client_step1);
410
411 authctxt->postponed = 1;
412 return 0;
413}
414
415/* ARGSUSED */
416static void
417input_userauth_jpake_client_step1(int type, u_int32_t seq, void *ctxt)
418{
419 Authctxt *authctxt = ctxt;
420 struct jpake_ctx *pctx = authctxt->jpake_ctx;
421 u_char *x1_proof, *x2_proof, *x4_s_proof;
422 u_int x1_proof_len, x2_proof_len, x4_s_proof_len;
423
424 /* Disable this message */
425 dispatch_set(SSH2_MSG_USERAUTH_JPAKE_CLIENT_STEP1, NULL);
426
427 /* Fetch step 1 values */
428 if ((pctx->g_x1 = BN_new()) == NULL ||
429 (pctx->g_x2 = BN_new()) == NULL)
430 fatal("%s: BN_new", __func__);
431 pctx->client_id = packet_get_string(&pctx->client_id_len);
432 packet_get_bignum2(pctx->g_x1);
433 packet_get_bignum2(pctx->g_x2);
434 x1_proof = packet_get_string(&x1_proof_len);
435 x2_proof = packet_get_string(&x2_proof_len);
436 packet_check_eom();
437
438 if (!use_privsep)
439 JPAKE_DEBUG_CTX((pctx, "step 1 received in %s", __func__));
440
441 PRIVSEP(jpake_step2(pctx->grp, pctx->s, pctx->g_x3,
442 pctx->g_x1, pctx->g_x2, pctx->x4,
443 pctx->client_id, pctx->client_id_len,
444 pctx->server_id, pctx->server_id_len,
445 x1_proof, x1_proof_len,
446 x2_proof, x2_proof_len,
447 &pctx->b,
448 &x4_s_proof, &x4_s_proof_len));
449
450 bzero(x1_proof, x1_proof_len);
451 bzero(x2_proof, x2_proof_len);
452 xfree(x1_proof);
453 xfree(x2_proof);
454
455 if (!use_privsep)
456 JPAKE_DEBUG_CTX((pctx, "step 2 sending in %s", __func__));
457
458 /* Send values for step 2 */
459 packet_start(SSH2_MSG_USERAUTH_JPAKE_SERVER_STEP2);
460 packet_put_bignum2(pctx->b);
461 packet_put_string(x4_s_proof, x4_s_proof_len);
462 packet_send();
463 packet_write_wait();
464
465 bzero(x4_s_proof, x4_s_proof_len);
466 xfree(x4_s_proof);
467
468 /* Expect step 2 packet from peer */
469 dispatch_set(SSH2_MSG_USERAUTH_JPAKE_CLIENT_STEP2,
470 input_userauth_jpake_client_step2);
471}
472
473/* ARGSUSED */
474static void
475input_userauth_jpake_client_step2(int type, u_int32_t seq, void *ctxt)
476{
477 Authctxt *authctxt = ctxt;
478 struct jpake_ctx *pctx = authctxt->jpake_ctx;
479 u_char *x2_s_proof;
480 u_int x2_s_proof_len;
481
482 /* Disable this message */
483 dispatch_set(SSH2_MSG_USERAUTH_JPAKE_CLIENT_STEP2, NULL);
484
485 if ((pctx->a = BN_new()) == NULL)
486 fatal("%s: BN_new", __func__);
487
488 /* Fetch step 2 values */
489 packet_get_bignum2(pctx->a);
490 x2_s_proof = packet_get_string(&x2_s_proof_len);
491 packet_check_eom();
492
493 if (!use_privsep)
494 JPAKE_DEBUG_CTX((pctx, "step 2 received in %s", __func__));
495
496 /* Derive shared key and calculate confirmation hash */
497 PRIVSEP(jpake_key_confirm(pctx->grp, pctx->s, pctx->a,
498 pctx->x4, pctx->g_x3, pctx->g_x4, pctx->g_x1, pctx->g_x2,
499 pctx->server_id, pctx->server_id_len,
500 pctx->client_id, pctx->client_id_len,
501 session_id2, session_id2_len,
502 x2_s_proof, x2_s_proof_len,
503 &pctx->k,
504 &pctx->h_k_sid_sessid, &pctx->h_k_sid_sessid_len));
505
506 bzero(x2_s_proof, x2_s_proof_len);
507 xfree(x2_s_proof);
508
509 if (!use_privsep)
510 JPAKE_DEBUG_CTX((pctx, "confirm sending in %s", __func__));
511
512 /* Send key confirmation proof */
513 packet_start(SSH2_MSG_USERAUTH_JPAKE_SERVER_CONFIRM);
514 packet_put_string(pctx->h_k_sid_sessid, pctx->h_k_sid_sessid_len);
515 packet_send();
516 packet_write_wait();
517
518 /* Expect confirmation from peer */
519 dispatch_set(SSH2_MSG_USERAUTH_JPAKE_CLIENT_CONFIRM,
520 input_userauth_jpake_client_confirm);
521}
522
523/* ARGSUSED */
524static void
525input_userauth_jpake_client_confirm(int type, u_int32_t seq, void *ctxt)
526{
527 Authctxt *authctxt = ctxt;
528 struct jpake_ctx *pctx = authctxt->jpake_ctx;
529 int authenticated = 0;
530
531 /* Disable this message */
532 dispatch_set(SSH2_MSG_USERAUTH_JPAKE_CLIENT_CONFIRM, NULL);
533
534 pctx->h_k_cid_sessid = packet_get_string(&pctx->h_k_cid_sessid_len);
535 packet_check_eom();
536
537 if (!use_privsep)
538 JPAKE_DEBUG_CTX((pctx, "confirm received in %s", __func__));
539
540 /* Verify expected confirmation hash */
541 if (PRIVSEP(jpake_check_confirm(pctx->k,
542 pctx->client_id, pctx->client_id_len,
543 session_id2, session_id2_len,
544 pctx->h_k_cid_sessid, pctx->h_k_cid_sessid_len)) == 1)
545 authenticated = authctxt->valid ? 1 : 0;
546 else
547 debug("%s: confirmation mismatch", __func__);
548
549 /* done */
550 authctxt->postponed = 0;
551 jpake_free(authctxt->jpake_ctx);
552 authctxt->jpake_ctx = NULL;
553 userauth_finish(authctxt, authenticated, method_jpake.name);
554}
555
556#endif /* JPAKE */
557
diff --git a/auth2.c b/auth2.c
index 3849b07ab..1f6530ab7 100644
--- a/auth2.c
+++ b/auth2.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth2.c,v 1.119 2008/07/04 23:30:16 djm Exp $ */ 1/* $OpenBSD: auth2.c,v 1.120 2008/11/04 08:22:12 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * 4 *
@@ -72,6 +72,9 @@ extern Authmethod method_hostbased;
72extern Authmethod method_gsskeyex; 72extern Authmethod method_gsskeyex;
73extern Authmethod method_gssapi; 73extern Authmethod method_gssapi;
74#endif 74#endif
75#ifdef JPAKE
76extern Authmethod method_jpake;
77#endif
75 78
76Authmethod *authmethods[] = { 79Authmethod *authmethods[] = {
77 &method_none, 80 &method_none,
@@ -80,6 +83,9 @@ Authmethod *authmethods[] = {
80 &method_gsskeyex, 83 &method_gsskeyex,
81 &method_gssapi, 84 &method_gssapi,
82#endif 85#endif
86#ifdef JPAKE
87 &method_jpake,
88#endif
83 &method_passwd, 89 &method_passwd,
84 &method_kbdint, 90 &method_kbdint,
85 &method_hostbased, 91 &method_hostbased,
@@ -265,8 +271,12 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
265 } 271 }
266 /* reset state */ 272 /* reset state */
267 auth2_challenge_stop(authctxt); 273 auth2_challenge_stop(authctxt);
274#ifdef JPAKE
275 auth2_jpake_stop(authctxt);
276#endif
268 277
269#ifdef GSSAPI 278#ifdef GSSAPI
279 /* XXX move to auth2_gssapi_stop() */
270 dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL); 280 dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
271 dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE, NULL); 281 dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE, NULL);
272#endif 282#endif
@@ -345,7 +355,6 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method)
345 } else { 355 } else {
346 356
347 /* Allow initial try of "none" auth without failure penalty */ 357 /* Allow initial try of "none" auth without failure penalty */
348 /* Don't count server configuration issues against the client */
349 if (!authctxt->server_caused_failure && 358 if (!authctxt->server_caused_failure &&
350 (authctxt->attempt > 1 || strcmp(method, "none") != 0)) 359 (authctxt->attempt > 1 || strcmp(method, "none") != 0))
351 authctxt->failures++; 360 authctxt->failures++;
diff --git a/canohost.c b/canohost.c
index 42011fd0a..7138f48d0 100644
--- a/canohost.c
+++ b/canohost.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: canohost.c,v 1.63 2008/06/12 00:03:49 dtucker Exp $ */ 1/* $OpenBSD: canohost.c,v 1.64 2009/02/12 03:00:56 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -342,7 +342,7 @@ get_remote_name_or_ip(u_int utmp_len, int use_dns)
342 342
343/* Returns the local/remote port for the socket. */ 343/* Returns the local/remote port for the socket. */
344 344
345static int 345int
346get_sock_port(int sock, int local) 346get_sock_port(int sock, int local)
347{ 347{
348 struct sockaddr_storage from; 348 struct sockaddr_storage from;
diff --git a/canohost.h b/canohost.h
index e33e8941b..d9b41ffe5 100644
--- a/canohost.h
+++ b/canohost.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: canohost.h,v 1.9 2006/03/25 22:22:42 djm Exp $ */ 1/* $OpenBSD: canohost.h,v 1.10 2009/02/12 03:00:56 djm Exp $ */
2 2
3/* 3/*
4 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -23,5 +23,7 @@ char *get_local_name(int);
23 23
24int get_remote_port(void); 24int get_remote_port(void);
25int get_local_port(void); 25int get_local_port(void);
26int get_sock_port(int, int);
27
26 28
27void ipv64_normalise_mapped(struct sockaddr_storage *, socklen_t *); 29void ipv64_normalise_mapped(struct sockaddr_storage *, socklen_t *);
diff --git a/channels.c b/channels.c
index c293eadf1..f0b8aa7d0 100644
--- a/channels.c
+++ b/channels.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: channels.c,v 1.286 2008/07/16 11:52:19 djm Exp $ */ 1/* $OpenBSD: channels.c,v 1.295 2009/02/12 03:00:56 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -296,6 +296,7 @@ channel_new(char *ctype, int type, int rfd, int wfd, int efd,
296 buffer_init(&c->input); 296 buffer_init(&c->input);
297 buffer_init(&c->output); 297 buffer_init(&c->output);
298 buffer_init(&c->extended); 298 buffer_init(&c->extended);
299 c->path = NULL;
299 c->ostate = CHAN_OUTPUT_OPEN; 300 c->ostate = CHAN_OUTPUT_OPEN;
300 c->istate = CHAN_INPUT_OPEN; 301 c->istate = CHAN_INPUT_OPEN;
301 c->flags = 0; 302 c->flags = 0;
@@ -402,6 +403,10 @@ channel_free(Channel *c)
402 xfree(c->remote_name); 403 xfree(c->remote_name);
403 c->remote_name = NULL; 404 c->remote_name = NULL;
404 } 405 }
406 if (c->path) {
407 xfree(c->path);
408 c->path = NULL;
409 }
405 while ((cc = TAILQ_FIRST(&c->status_confirms)) != NULL) { 410 while ((cc = TAILQ_FIRST(&c->status_confirms)) != NULL) {
406 if (cc->abandon_cb != NULL) 411 if (cc->abandon_cb != NULL)
407 cc->abandon_cb(c, cc->ctx); 412 cc->abandon_cb(c, cc->ctx);
@@ -691,7 +696,7 @@ channel_register_open_confirm(int id, channel_callback_fn *fn, void *ctx)
691 Channel *c = channel_lookup(id); 696 Channel *c = channel_lookup(id);
692 697
693 if (c == NULL) { 698 if (c == NULL) {
694 logit("channel_register_open_comfirm: %d: bad id", id); 699 logit("channel_register_open_confirm: %d: bad id", id);
695 return; 700 return;
696 } 701 }
697 c->open_confirm = fn; 702 c->open_confirm = fn;
@@ -980,7 +985,7 @@ static int
980channel_decode_socks4(Channel *c, fd_set *readset, fd_set *writeset) 985channel_decode_socks4(Channel *c, fd_set *readset, fd_set *writeset)
981{ 986{
982 char *p, *host; 987 char *p, *host;
983 u_int len, have, i, found; 988 u_int len, have, i, found, need;
984 char username[256]; 989 char username[256];
985 struct { 990 struct {
986 u_int8_t version; 991 u_int8_t version;
@@ -996,10 +1001,20 @@ channel_decode_socks4(Channel *c, fd_set *readset, fd_set *writeset)
996 if (have < len) 1001 if (have < len)
997 return 0; 1002 return 0;
998 p = buffer_ptr(&c->input); 1003 p = buffer_ptr(&c->input);
1004
1005 need = 1;
1006 /* SOCKS4A uses an invalid IP address 0.0.0.x */
1007 if (p[4] == 0 && p[5] == 0 && p[6] == 0 && p[7] != 0) {
1008 debug2("channel %d: socks4a request", c->self);
1009 /* ... and needs an extra string (the hostname) */
1010 need = 2;
1011 }
1012 /* Check for terminating NUL on the string(s) */
999 for (found = 0, i = len; i < have; i++) { 1013 for (found = 0, i = len; i < have; i++) {
1000 if (p[i] == '\0') { 1014 if (p[i] == '\0') {
1001 found = 1; 1015 found++;
1002 break; 1016 if (found == need)
1017 break;
1003 } 1018 }
1004 if (i > 1024) { 1019 if (i > 1024) {
1005 /* the peer is probably sending garbage */ 1020 /* the peer is probably sending garbage */
@@ -1008,7 +1023,7 @@ channel_decode_socks4(Channel *c, fd_set *readset, fd_set *writeset)
1008 return -1; 1023 return -1;
1009 } 1024 }
1010 } 1025 }
1011 if (!found) 1026 if (found < need)
1012 return 0; 1027 return 0;
1013 buffer_get(&c->input, (char *)&s4_req.version, 1); 1028 buffer_get(&c->input, (char *)&s4_req.version, 1);
1014 buffer_get(&c->input, (char *)&s4_req.command, 1); 1029 buffer_get(&c->input, (char *)&s4_req.command, 1);
@@ -1018,23 +1033,46 @@ channel_decode_socks4(Channel *c, fd_set *readset, fd_set *writeset)
1018 p = buffer_ptr(&c->input); 1033 p = buffer_ptr(&c->input);
1019 len = strlen(p); 1034 len = strlen(p);
1020 debug2("channel %d: decode socks4: user %s/%d", c->self, p, len); 1035 debug2("channel %d: decode socks4: user %s/%d", c->self, p, len);
1036 len++; /* trailing '\0' */
1021 if (len > have) 1037 if (len > have)
1022 fatal("channel %d: decode socks4: len %d > have %d", 1038 fatal("channel %d: decode socks4: len %d > have %d",
1023 c->self, len, have); 1039 c->self, len, have);
1024 strlcpy(username, p, sizeof(username)); 1040 strlcpy(username, p, sizeof(username));
1025 buffer_consume(&c->input, len); 1041 buffer_consume(&c->input, len);
1026 buffer_consume(&c->input, 1); /* trailing '\0' */
1027 1042
1028 host = inet_ntoa(s4_req.dest_addr); 1043 if (c->path != NULL) {
1029 strlcpy(c->path, host, sizeof(c->path)); 1044 xfree(c->path);
1045 c->path = NULL;
1046 }
1047 if (need == 1) { /* SOCKS4: one string */
1048 host = inet_ntoa(s4_req.dest_addr);
1049 c->path = xstrdup(host);
1050 } else { /* SOCKS4A: two strings */
1051 have = buffer_len(&c->input);
1052 p = buffer_ptr(&c->input);
1053 len = strlen(p);
1054 debug2("channel %d: decode socks4a: host %s/%d",
1055 c->self, p, len);
1056 len++; /* trailing '\0' */
1057 if (len > have)
1058 fatal("channel %d: decode socks4a: len %d > have %d",
1059 c->self, len, have);
1060 if (len > NI_MAXHOST) {
1061 error("channel %d: hostname \"%.100s\" too long",
1062 c->self, p);
1063 return -1;
1064 }
1065 c->path = xstrdup(p);
1066 buffer_consume(&c->input, len);
1067 }
1030 c->host_port = ntohs(s4_req.dest_port); 1068 c->host_port = ntohs(s4_req.dest_port);
1031 1069
1032 debug2("channel %d: dynamic request: socks4 host %s port %u command %u", 1070 debug2("channel %d: dynamic request: socks4 host %s port %u command %u",
1033 c->self, host, c->host_port, s4_req.command); 1071 c->self, c->path, c->host_port, s4_req.command);
1034 1072
1035 if (s4_req.command != 1) { 1073 if (s4_req.command != 1) {
1036 debug("channel %d: cannot handle: socks4 cn %d", 1074 debug("channel %d: cannot handle: %s cn %d",
1037 c->self, s4_req.command); 1075 c->self, need == 1 ? "SOCKS4" : "SOCKS4A", s4_req.command);
1038 return -1; 1076 return -1;
1039 } 1077 }
1040 s4_rsp.version = 0; /* vn: 0 for reply */ 1078 s4_rsp.version = 0; /* vn: 0 for reply */
@@ -1065,7 +1103,7 @@ channel_decode_socks5(Channel *c, fd_set *readset, fd_set *writeset)
1065 u_int8_t atyp; 1103 u_int8_t atyp;
1066 } s5_req, s5_rsp; 1104 } s5_req, s5_rsp;
1067 u_int16_t dest_port; 1105 u_int16_t dest_port;
1068 u_char *p, dest_addr[255+1]; 1106 u_char *p, dest_addr[255+1], ntop[INET6_ADDRSTRLEN];
1069 u_int have, need, i, found, nmethods, addrlen, af; 1107 u_int have, need, i, found, nmethods, addrlen, af;
1070 1108
1071 debug2("channel %d: decode socks5", c->self); 1109 debug2("channel %d: decode socks5", c->self);
@@ -1138,10 +1176,22 @@ channel_decode_socks5(Channel *c, fd_set *readset, fd_set *writeset)
1138 buffer_get(&c->input, (char *)&dest_addr, addrlen); 1176 buffer_get(&c->input, (char *)&dest_addr, addrlen);
1139 buffer_get(&c->input, (char *)&dest_port, 2); 1177 buffer_get(&c->input, (char *)&dest_port, 2);
1140 dest_addr[addrlen] = '\0'; 1178 dest_addr[addrlen] = '\0';
1141 if (s5_req.atyp == SSH_SOCKS5_DOMAIN) 1179 if (c->path != NULL) {
1142 strlcpy(c->path, (char *)dest_addr, sizeof(c->path)); 1180 xfree(c->path);
1143 else if (inet_ntop(af, dest_addr, c->path, sizeof(c->path)) == NULL) 1181 c->path = NULL;
1144 return -1; 1182 }
1183 if (s5_req.atyp == SSH_SOCKS5_DOMAIN) {
1184 if (addrlen >= NI_MAXHOST) {
1185 error("channel %d: dynamic request: socks5 hostname "
1186 "\"%.100s\" too long", c->self, dest_addr);
1187 return -1;
1188 }
1189 c->path = xstrdup(dest_addr);
1190 } else {
1191 if (inet_ntop(af, dest_addr, ntop, sizeof(ntop)) == NULL)
1192 return -1;
1193 c->path = xstrdup(ntop);
1194 }
1145 c->host_port = ntohs(dest_port); 1195 c->host_port = ntohs(dest_port);
1146 1196
1147 debug2("channel %d: dynamic request: socks5 host %s port %u command %u", 1197 debug2("channel %d: dynamic request: socks5 host %s port %u command %u",
@@ -1370,7 +1420,8 @@ channel_post_port_listener(Channel *c, fd_set *readset, fd_set *writeset)
1370 c->local_window_max, c->local_maxpacket, 0, rtype, 1); 1420 c->local_window_max, c->local_maxpacket, 0, rtype, 1);
1371 nc->listening_port = c->listening_port; 1421 nc->listening_port = c->listening_port;
1372 nc->host_port = c->host_port; 1422 nc->host_port = c->host_port;
1373 strlcpy(nc->path, c->path, sizeof(nc->path)); 1423 if (c->path != NULL)
1424 nc->path = xstrdup(c->path);
1374 1425
1375 if (nextstate == SSH_CHANNEL_DYNAMIC) { 1426 if (nextstate == SSH_CHANNEL_DYNAMIC) {
1376 /* 1427 /*
@@ -2311,8 +2362,8 @@ channel_input_open_failure(int type, u_int32_t seq, void *ctxt)
2311 xfree(lang); 2362 xfree(lang);
2312 } 2363 }
2313 packet_check_eom(); 2364 packet_check_eom();
2314 /* Free the channel. This will also close the socket. */ 2365 /* Schedule the channel for cleanup/deletion. */
2315 channel_free(c); 2366 chan_mark_dead(c);
2316} 2367}
2317 2368
2318/* ARGSUSED */ 2369/* ARGSUSED */
@@ -2377,18 +2428,18 @@ channel_input_status_confirm(int type, u_int32_t seq, void *ctxt)
2377{ 2428{
2378 Channel *c; 2429 Channel *c;
2379 struct channel_confirm *cc; 2430 struct channel_confirm *cc;
2380 int remote_id; 2431 int id;
2381 2432
2382 /* Reset keepalive timeout */ 2433 /* Reset keepalive timeout */
2383 keep_alive_timeouts = 0; 2434 keep_alive_timeouts = 0;
2384 2435
2385 remote_id = packet_get_int(); 2436 id = packet_get_int();
2386 packet_check_eom(); 2437 packet_check_eom();
2387 2438
2388 debug2("channel_input_confirm: type %d id %d", type, remote_id); 2439 debug2("channel_input_status_confirm: type %d id %d", type, id);
2389 2440
2390 if ((c = channel_lookup(remote_id)) == NULL) { 2441 if ((c = channel_lookup(id)) == NULL) {
2391 logit("channel_input_success_failure: %d: unknown", remote_id); 2442 logit("channel_input_status_confirm: %d: unknown", id);
2392 return; 2443 return;
2393 } 2444 }
2394 ; 2445 ;
@@ -2409,7 +2460,8 @@ channel_set_af(int af)
2409} 2460}
2410 2461
2411static int 2462static int
2412channel_setup_fwd_listener(int type, const char *listen_addr, u_short listen_port, 2463channel_setup_fwd_listener(int type, const char *listen_addr,
2464 u_short listen_port, int *allocated_listen_port,
2413 const char *host_to_connect, u_short port_to_connect, int gateway_ports) 2465 const char *host_to_connect, u_short port_to_connect, int gateway_ports)
2414{ 2466{
2415 Channel *c; 2467 Channel *c;
@@ -2417,6 +2469,7 @@ channel_setup_fwd_listener(int type, const char *listen_addr, u_short listen_por
2417 struct addrinfo hints, *ai, *aitop; 2469 struct addrinfo hints, *ai, *aitop;
2418 const char *host, *addr; 2470 const char *host, *addr;
2419 char ntop[NI_MAXHOST], strport[NI_MAXSERV]; 2471 char ntop[NI_MAXHOST], strport[NI_MAXSERV];
2472 in_port_t *lport_p;
2420 2473
2421 host = (type == SSH_CHANNEL_RPORT_LISTENER) ? 2474 host = (type == SSH_CHANNEL_RPORT_LISTENER) ?
2422 listen_addr : host_to_connect; 2475 listen_addr : host_to_connect;
@@ -2426,7 +2479,7 @@ channel_setup_fwd_listener(int type, const char *listen_addr, u_short listen_por
2426 error("No forward host name."); 2479 error("No forward host name.");
2427 return 0; 2480 return 0;
2428 } 2481 }
2429 if (strlen(host) > SSH_CHANNEL_PATH_LEN - 1) { 2482 if (strlen(host) >= NI_MAXHOST) {
2430 error("Forward host name too long."); 2483 error("Forward host name too long.");
2431 return 0; 2484 return 0;
2432 } 2485 }
@@ -2485,10 +2538,29 @@ channel_setup_fwd_listener(int type, const char *listen_addr, u_short listen_por
2485 } 2538 }
2486 return 0; 2539 return 0;
2487 } 2540 }
2488 2541 if (allocated_listen_port != NULL)
2542 *allocated_listen_port = 0;
2489 for (ai = aitop; ai; ai = ai->ai_next) { 2543 for (ai = aitop; ai; ai = ai->ai_next) {
2490 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) 2544 switch (ai->ai_family) {
2545 case AF_INET:
2546 lport_p = &((struct sockaddr_in *)ai->ai_addr)->
2547 sin_port;
2548 break;
2549 case AF_INET6:
2550 lport_p = &((struct sockaddr_in6 *)ai->ai_addr)->
2551 sin6_port;
2552 break;
2553 default:
2491 continue; 2554 continue;
2555 }
2556 /*
2557 * If allocating a port for -R forwards, then use the
2558 * same port for all address families.
2559 */
2560 if (type == SSH_CHANNEL_RPORT_LISTENER && listen_port == 0 &&
2561 allocated_listen_port != NULL && *allocated_listen_port > 0)
2562 *lport_p = htons(*allocated_listen_port);
2563
2492 if (getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, sizeof(ntop), 2564 if (getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, sizeof(ntop),
2493 strport, sizeof(strport), NI_NUMERICHOST|NI_NUMERICSERV) != 0) { 2565 strport, sizeof(strport), NI_NUMERICHOST|NI_NUMERICSERV) != 0) {
2494 error("channel_setup_fwd_listener: getnameinfo failed"); 2566 error("channel_setup_fwd_listener: getnameinfo failed");
@@ -2504,7 +2576,8 @@ channel_setup_fwd_listener(int type, const char *listen_addr, u_short listen_por
2504 2576
2505 channel_set_reuseaddr(sock); 2577 channel_set_reuseaddr(sock);
2506 2578
2507 debug("Local forwarding listening on %s port %s.", ntop, strport); 2579 debug("Local forwarding listening on %s port %s.",
2580 ntop, strport);
2508 2581
2509 /* Bind the socket to the address. */ 2582 /* Bind the socket to the address. */
2510 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) { 2583 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
@@ -2523,11 +2596,24 @@ channel_setup_fwd_listener(int type, const char *listen_addr, u_short listen_por
2523 close(sock); 2596 close(sock);
2524 continue; 2597 continue;
2525 } 2598 }
2599
2600 /*
2601 * listen_port == 0 requests a dynamically allocated port -
2602 * record what we got.
2603 */
2604 if (type == SSH_CHANNEL_RPORT_LISTENER && listen_port == 0 &&
2605 allocated_listen_port != NULL &&
2606 *allocated_listen_port == 0) {
2607 *allocated_listen_port = get_sock_port(sock, 1);
2608 debug("Allocated listen port %d",
2609 *allocated_listen_port);
2610 }
2611
2526 /* Allocate a channel number for the socket. */ 2612 /* Allocate a channel number for the socket. */
2527 c = channel_new("port listener", type, sock, sock, -1, 2613 c = channel_new("port listener", type, sock, sock, -1,
2528 CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 2614 CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT,
2529 0, "port listener", 1); 2615 0, "port listener", 1);
2530 strlcpy(c->path, host, sizeof(c->path)); 2616 c->path = xstrdup(host);
2531 c->host_port = port_to_connect; 2617 c->host_port = port_to_connect;
2532 c->listening_port = listen_port; 2618 c->listening_port = listen_port;
2533 success = 1; 2619 success = 1;
@@ -2549,8 +2635,7 @@ channel_cancel_rport_listener(const char *host, u_short port)
2549 Channel *c = channels[i]; 2635 Channel *c = channels[i];
2550 2636
2551 if (c != NULL && c->type == SSH_CHANNEL_RPORT_LISTENER && 2637 if (c != NULL && c->type == SSH_CHANNEL_RPORT_LISTENER &&
2552 strncmp(c->path, host, sizeof(c->path)) == 0 && 2638 strcmp(c->path, host) == 0 && c->listening_port == port) {
2553 c->listening_port == port) {
2554 debug2("%s: close channel %d", __func__, i); 2639 debug2("%s: close channel %d", __func__, i);
2555 channel_free(c); 2640 channel_free(c);
2556 found = 1; 2641 found = 1;
@@ -2566,17 +2651,18 @@ channel_setup_local_fwd_listener(const char *listen_host, u_short listen_port,
2566 const char *host_to_connect, u_short port_to_connect, int gateway_ports) 2651 const char *host_to_connect, u_short port_to_connect, int gateway_ports)
2567{ 2652{
2568 return channel_setup_fwd_listener(SSH_CHANNEL_PORT_LISTENER, 2653 return channel_setup_fwd_listener(SSH_CHANNEL_PORT_LISTENER,
2569 listen_host, listen_port, host_to_connect, port_to_connect, 2654 listen_host, listen_port, NULL, host_to_connect, port_to_connect,
2570 gateway_ports); 2655 gateway_ports);
2571} 2656}
2572 2657
2573/* protocol v2 remote port fwd, used by sshd */ 2658/* protocol v2 remote port fwd, used by sshd */
2574int 2659int
2575channel_setup_remote_fwd_listener(const char *listen_address, 2660channel_setup_remote_fwd_listener(const char *listen_address,
2576 u_short listen_port, int gateway_ports) 2661 u_short listen_port, int *allocated_listen_port, int gateway_ports)
2577{ 2662{
2578 return channel_setup_fwd_listener(SSH_CHANNEL_RPORT_LISTENER, 2663 return channel_setup_fwd_listener(SSH_CHANNEL_RPORT_LISTENER,
2579 listen_address, listen_port, NULL, 0, gateway_ports); 2664 listen_address, listen_port, allocated_listen_port,
2665 NULL, 0, gateway_ports);
2580} 2666}
2581 2667
2582/* 2668/*
@@ -2791,10 +2877,16 @@ channel_print_adm_permitted_opens(void)
2791{ 2877{
2792 int i; 2878 int i;
2793 2879
2880 printf("permitopen");
2881 if (num_adm_permitted_opens == 0) {
2882 printf(" any\n");
2883 return;
2884 }
2794 for (i = 0; i < num_adm_permitted_opens; i++) 2885 for (i = 0; i < num_adm_permitted_opens; i++)
2795 if (permitted_adm_opens[i].host_to_connect != NULL) 2886 if (permitted_adm_opens[i].host_to_connect != NULL)
2796 printf(" %s:%d", permitted_adm_opens[i].host_to_connect, 2887 printf(" %s:%d", permitted_adm_opens[i].host_to_connect,
2797 permitted_adm_opens[i].port_to_connect); 2888 permitted_adm_opens[i].port_to_connect);
2889 printf("\n");
2798} 2890}
2799 2891
2800/* Try to start non-blocking connect to next host in cctx list */ 2892/* Try to start non-blocking connect to next host in cctx list */
@@ -3078,7 +3170,7 @@ x11_create_display_inet(int x11_display_offset, int x11_use_localhost,
3078} 3170}
3079 3171
3080static int 3172static int
3081connect_local_xsocket(u_int dnr) 3173connect_local_xsocket_path(const char *pathname)
3082{ 3174{
3083 int sock; 3175 int sock;
3084 struct sockaddr_un addr; 3176 struct sockaddr_un addr;
@@ -3088,7 +3180,7 @@ connect_local_xsocket(u_int dnr)
3088 error("socket: %.100s", strerror(errno)); 3180 error("socket: %.100s", strerror(errno));
3089 memset(&addr, 0, sizeof(addr)); 3181 memset(&addr, 0, sizeof(addr));
3090 addr.sun_family = AF_UNIX; 3182 addr.sun_family = AF_UNIX;
3091 snprintf(addr.sun_path, sizeof addr.sun_path, _PATH_UNIX_X, dnr); 3183 strlcpy(addr.sun_path, pathname, sizeof addr.sun_path);
3092 if (connect(sock, (struct sockaddr *)&addr, sizeof(addr)) == 0) 3184 if (connect(sock, (struct sockaddr *)&addr, sizeof(addr)) == 0)
3093 return sock; 3185 return sock;
3094 close(sock); 3186 close(sock);
@@ -3096,6 +3188,14 @@ connect_local_xsocket(u_int dnr)
3096 return -1; 3188 return -1;
3097} 3189}
3098 3190
3191static int
3192connect_local_xsocket(u_int dnr)
3193{
3194 char buf[1024];
3195 snprintf(buf, sizeof buf, _PATH_UNIX_X, dnr);
3196 return connect_local_xsocket_path(buf);
3197}
3198
3099int 3199int
3100x11_connect_display(void) 3200x11_connect_display(void)
3101{ 3201{
@@ -3117,6 +3217,17 @@ x11_connect_display(void)
3117 * connection to the real X server. 3217 * connection to the real X server.
3118 */ 3218 */
3119 3219
3220 /* Check if the display is from launchd. */
3221#ifdef __APPLE__
3222 if (strncmp(display, "/tmp/launch", 11) == 0) {
3223 sock = connect_local_xsocket_path(display);
3224 if (sock < 0)
3225 return -1;
3226
3227 /* OK, we now have a connection to the display. */
3228 return sock;
3229 }
3230#endif
3120 /* 3231 /*
3121 * Check if it is a unix domain socket. Unix domain displays are in 3232 * Check if it is a unix domain socket. Unix domain displays are in
3122 * one of the following formats: unix:d[.s], :d[.s], ::d[.s] 3233 * one of the following formats: unix:d[.s], :d[.s], ::d[.s]
diff --git a/channels.h b/channels.h
index 108b36068..1488ed7e5 100644
--- a/channels.h
+++ b/channels.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: channels.h,v 1.96 2008/06/15 20:06:26 djm Exp $ */ 1/* $OpenBSD: channels.h,v 1.98 2009/02/12 03:00:56 djm Exp $ */
2 2
3/* 3/*
4 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -55,8 +55,6 @@
55#define SSH_CHANNEL_ZOMBIE 14 /* Almost dead. */ 55#define SSH_CHANNEL_ZOMBIE 14 /* Almost dead. */
56#define SSH_CHANNEL_MAX_TYPE 15 56#define SSH_CHANNEL_MAX_TYPE 15
57 57
58#define SSH_CHANNEL_PATH_LEN 256
59
60struct Channel; 58struct Channel;
61typedef struct Channel Channel; 59typedef struct Channel Channel;
62 60
@@ -105,7 +103,7 @@ struct Channel {
105 Buffer output; /* data received over encrypted connection for 103 Buffer output; /* data received over encrypted connection for
106 * send on socket */ 104 * send on socket */
107 Buffer extended; 105 Buffer extended;
108 char path[SSH_CHANNEL_PATH_LEN]; 106 char *path;
109 /* path for unix domain sockets, or host name for forwards */ 107 /* path for unix domain sockets, or host name for forwards */
110 int listening_port; /* port being listened for forwards */ 108 int listening_port; /* port being listened for forwards */
111 int host_port; /* remote port to connect for forwards */ 109 int host_port; /* remote port to connect for forwards */
@@ -247,7 +245,7 @@ int channel_request_remote_forwarding(const char *, u_short,
247int channel_setup_local_fwd_listener(const char *, u_short, 245int channel_setup_local_fwd_listener(const char *, u_short,
248 const char *, u_short, int); 246 const char *, u_short, int);
249void channel_request_rforward_cancel(const char *host, u_short port); 247void channel_request_rforward_cancel(const char *host, u_short port);
250int channel_setup_remote_fwd_listener(const char *, u_short, int); 248int channel_setup_remote_fwd_listener(const char *, u_short, int *, int);
251int channel_cancel_rport_listener(const char *, u_short); 249int channel_cancel_rport_listener(const char *, u_short);
252 250
253/* x11 forwarding */ 251/* x11 forwarding */
diff --git a/cipher.c b/cipher.c
index b264063c4..bb5c0ac3a 100644
--- a/cipher.c
+++ b/cipher.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: cipher.c,v 1.81 2006/08/03 03:34:42 deraadt Exp $ */ 1/* $OpenBSD: cipher.c,v 1.82 2009/01/26 09:58:15 markus Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -63,31 +63,32 @@ struct Cipher {
63 u_int block_size; 63 u_int block_size;
64 u_int key_len; 64 u_int key_len;
65 u_int discard_len; 65 u_int discard_len;
66 u_int cbc_mode;
66 const EVP_CIPHER *(*evptype)(void); 67 const EVP_CIPHER *(*evptype)(void);
67} ciphers[] = { 68} ciphers[] = {
68 { "none", SSH_CIPHER_NONE, 8, 0, 0, EVP_enc_null }, 69 { "none", SSH_CIPHER_NONE, 8, 0, 0, 0, EVP_enc_null },
69 { "des", SSH_CIPHER_DES, 8, 8, 0, EVP_des_cbc }, 70 { "des", SSH_CIPHER_DES, 8, 8, 0, 1, EVP_des_cbc },
70 { "3des", SSH_CIPHER_3DES, 8, 16, 0, evp_ssh1_3des }, 71 { "3des", SSH_CIPHER_3DES, 8, 16, 0, 1, evp_ssh1_3des },
71 { "blowfish", SSH_CIPHER_BLOWFISH, 8, 32, 0, evp_ssh1_bf }, 72 { "blowfish", SSH_CIPHER_BLOWFISH, 8, 32, 0, 1, evp_ssh1_bf },
72 73
73 { "3des-cbc", SSH_CIPHER_SSH2, 8, 24, 0, EVP_des_ede3_cbc }, 74 { "3des-cbc", SSH_CIPHER_SSH2, 8, 24, 0, 1, EVP_des_ede3_cbc },
74 { "blowfish-cbc", SSH_CIPHER_SSH2, 8, 16, 0, EVP_bf_cbc }, 75 { "blowfish-cbc", SSH_CIPHER_SSH2, 8, 16, 0, 1, EVP_bf_cbc },
75 { "cast128-cbc", SSH_CIPHER_SSH2, 8, 16, 0, EVP_cast5_cbc }, 76 { "cast128-cbc", SSH_CIPHER_SSH2, 8, 16, 0, 1, EVP_cast5_cbc },
76 { "arcfour", SSH_CIPHER_SSH2, 8, 16, 0, EVP_rc4 }, 77 { "arcfour", SSH_CIPHER_SSH2, 8, 16, 0, 0, EVP_rc4 },
77 { "arcfour128", SSH_CIPHER_SSH2, 8, 16, 1536, EVP_rc4 }, 78 { "arcfour128", SSH_CIPHER_SSH2, 8, 16, 1536, 0, EVP_rc4 },
78 { "arcfour256", SSH_CIPHER_SSH2, 8, 32, 1536, EVP_rc4 }, 79 { "arcfour256", SSH_CIPHER_SSH2, 8, 32, 1536, 0, EVP_rc4 },
79 { "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, 0, EVP_aes_128_cbc }, 80 { "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, 0, 1, EVP_aes_128_cbc },
80 { "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, 0, EVP_aes_192_cbc }, 81 { "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, 0, 1, EVP_aes_192_cbc },
81 { "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, 0, EVP_aes_256_cbc }, 82 { "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, 0, 1, EVP_aes_256_cbc },
82 { "rijndael-cbc@lysator.liu.se", 83 { "rijndael-cbc@lysator.liu.se",
83 SSH_CIPHER_SSH2, 16, 32, 0, EVP_aes_256_cbc }, 84 SSH_CIPHER_SSH2, 16, 32, 0, 1, EVP_aes_256_cbc },
84 { "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, 0, evp_aes_128_ctr }, 85 { "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, 0, 0, evp_aes_128_ctr },
85 { "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, 0, evp_aes_128_ctr }, 86 { "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, 0, 0, evp_aes_128_ctr },
86 { "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, 0, evp_aes_128_ctr }, 87 { "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, 0, 0, evp_aes_128_ctr },
87#ifdef USE_CIPHER_ACSS 88#ifdef USE_CIPHER_ACSS
88 { "acss@openssh.org", SSH_CIPHER_SSH2, 16, 5, 0, EVP_acss }, 89 { "acss@openssh.org", SSH_CIPHER_SSH2, 16, 5, 0, 0, EVP_acss },
89#endif 90#endif
90 { NULL, SSH_CIPHER_INVALID, 0, 0, 0, NULL } 91 { NULL, SSH_CIPHER_INVALID, 0, 0, 0, 0, NULL }
91}; 92};
92 93
93/*--*/ 94/*--*/
@@ -111,6 +112,12 @@ cipher_get_number(const Cipher *c)
111} 112}
112 113
113u_int 114u_int
115cipher_is_cbc(const Cipher *c)
116{
117 return (c->cbc_mode);
118}
119
120u_int
114cipher_mask_ssh1(int client) 121cipher_mask_ssh1(int client)
115{ 122{
116 u_int mask = 0; 123 u_int mask = 0;
diff --git a/cipher.h b/cipher.h
index 49bbc1682..3dd2270bb 100644
--- a/cipher.h
+++ b/cipher.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: cipher.h,v 1.36 2006/03/25 22:22:42 djm Exp $ */ 1/* $OpenBSD: cipher.h,v 1.37 2009/01/26 09:58:15 markus Exp $ */
2 2
3/* 3/*
4 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -81,6 +81,7 @@ void cipher_cleanup(CipherContext *);
81void cipher_set_key_string(CipherContext *, Cipher *, const char *, int); 81void cipher_set_key_string(CipherContext *, Cipher *, const char *, int);
82u_int cipher_blocksize(const Cipher *); 82u_int cipher_blocksize(const Cipher *);
83u_int cipher_keylen(const Cipher *); 83u_int cipher_keylen(const Cipher *);
84u_int cipher_is_cbc(const Cipher *);
84 85
85u_int cipher_get_number(const Cipher *); 86u_int cipher_get_number(const Cipher *);
86void cipher_get_keyiv(CipherContext *, u_char *, u_int); 87void cipher_get_keyiv(CipherContext *, u_char *, u_int);
diff --git a/clientloop.c b/clientloop.c
index abe5609de..16a162803 100644
--- a/clientloop.c
+++ b/clientloop.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: clientloop.c,v 1.201 2008/07/16 11:51:14 djm Exp $ */ 1/* $OpenBSD: clientloop.c,v 1.209 2009/02/12 03:00:56 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -107,10 +107,13 @@
107#include "atomicio.h" 107#include "atomicio.h"
108#include "sshpty.h" 108#include "sshpty.h"
109#include "misc.h" 109#include "misc.h"
110#include "monitor_fdpass.h"
111#include "match.h" 110#include "match.h"
112#include "msg.h" 111#include "msg.h"
113 112
113#ifdef GSSAPI
114#include "ssh-gss.h"
115#endif
116
114/* import options */ 117/* import options */
115extern Options options; 118extern Options options;
116 119
@@ -770,8 +773,8 @@ process_cmdline(void)
770 void (*handler)(int); 773 void (*handler)(int);
771 char *s, *cmd, *cancel_host; 774 char *s, *cmd, *cancel_host;
772 int delete = 0; 775 int delete = 0;
773 int local = 0; 776 int local = 0, remote = 0, dynamic = 0;
774 u_short cancel_port; 777 int cancel_port;
775 Forward fwd; 778 Forward fwd;
776 779
777 bzero(&fwd, sizeof(fwd)); 780 bzero(&fwd, sizeof(fwd));
@@ -795,6 +798,8 @@ process_cmdline(void)
795 "Request local forward"); 798 "Request local forward");
796 logit(" -R[bind_address:]port:host:hostport " 799 logit(" -R[bind_address:]port:host:hostport "
797 "Request remote forward"); 800 "Request remote forward");
801 logit(" -D[bind_address:]port "
802 "Request dynamic forward");
798 logit(" -KR[bind_address:]port " 803 logit(" -KR[bind_address:]port "
799 "Cancel remote forward"); 804 "Cancel remote forward");
800 if (!options.permit_local_command) 805 if (!options.permit_local_command)
@@ -814,17 +819,22 @@ process_cmdline(void)
814 delete = 1; 819 delete = 1;
815 s++; 820 s++;
816 } 821 }
817 if (*s != 'L' && *s != 'R') { 822 if (*s == 'L')
823 local = 1;
824 else if (*s == 'R')
825 remote = 1;
826 else if (*s == 'D')
827 dynamic = 1;
828 else {
818 logit("Invalid command."); 829 logit("Invalid command.");
819 goto out; 830 goto out;
820 } 831 }
821 if (*s == 'L') 832
822 local = 1; 833 if ((local || dynamic) && delete) {
823 if (local && delete) {
824 logit("Not supported."); 834 logit("Not supported.");
825 goto out; 835 goto out;
826 } 836 }
827 if ((!local || delete) && !compat20) { 837 if (remote && delete && !compat20) {
828 logit("Not supported for SSH protocol version 1."); 838 logit("Not supported for SSH protocol version 1.");
829 goto out; 839 goto out;
830 } 840 }
@@ -842,17 +852,17 @@ process_cmdline(void)
842 cancel_port = a2port(cancel_host); 852 cancel_port = a2port(cancel_host);
843 cancel_host = NULL; 853 cancel_host = NULL;
844 } 854 }
845 if (cancel_port == 0) { 855 if (cancel_port <= 0) {
846 logit("Bad forwarding close port"); 856 logit("Bad forwarding close port");
847 goto out; 857 goto out;
848 } 858 }
849 channel_request_rforward_cancel(cancel_host, cancel_port); 859 channel_request_rforward_cancel(cancel_host, cancel_port);
850 } else { 860 } else {
851 if (!parse_forward(&fwd, s)) { 861 if (!parse_forward(&fwd, s, dynamic, remote)) {
852 logit("Bad forwarding specification."); 862 logit("Bad forwarding specification.");
853 goto out; 863 goto out;
854 } 864 }
855 if (local) { 865 if (local || dynamic) {
856 if (channel_setup_local_fwd_listener(fwd.listen_host, 866 if (channel_setup_local_fwd_listener(fwd.listen_host,
857 fwd.listen_port, fwd.connect_host, 867 fwd.listen_port, fwd.connect_host,
858 fwd.connect_port, options.gateway_ports) < 0) { 868 fwd.connect_port, options.gateway_ports) < 0) {
@@ -1041,7 +1051,6 @@ process_escapes(Channel *c, Buffer *bin, Buffer *bout, Buffer *berr,
1041Supported escape sequences:\r\n\ 1051Supported escape sequences:\r\n\
1042 %c. - terminate session\r\n\ 1052 %c. - terminate session\r\n\
1043 %cB - send a BREAK to the remote system\r\n\ 1053 %cB - send a BREAK to the remote system\r\n\
1044 %cC - open a command line\r\n\
1045 %cR - Request rekey (SSH protocol 2 only)\r\n\ 1054 %cR - Request rekey (SSH protocol 2 only)\r\n\
1046 %c# - list forwarded connections\r\n\ 1055 %c# - list forwarded connections\r\n\
1047 %c? - this message\r\n\ 1056 %c? - this message\r\n\
@@ -1050,8 +1059,7 @@ Supported escape sequences:\r\n\
1050 escape_char, escape_char, 1059 escape_char, escape_char,
1051 escape_char, escape_char, 1060 escape_char, escape_char,
1052 escape_char, escape_char, 1061 escape_char, escape_char,
1053 escape_char, escape_char, 1062 escape_char, escape_char);
1054 escape_char);
1055 } else { 1063 } else {
1056 snprintf(string, sizeof string, 1064 snprintf(string, sizeof string,
1057"%c?\r\n\ 1065"%c?\r\n\
@@ -1086,6 +1094,8 @@ Supported escape sequences:\r\n\
1086 continue; 1094 continue;
1087 1095
1088 case 'C': 1096 case 'C':
1097 if (c && c->ctl_fd != -1)
1098 goto noescape;
1089 process_cmdline(); 1099 process_cmdline();
1090 continue; 1100 continue;
1091 1101
@@ -1428,6 +1438,13 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id)
1428 /* Do channel operations unless rekeying in progress. */ 1438 /* Do channel operations unless rekeying in progress. */
1429 if (!rekeying) { 1439 if (!rekeying) {
1430 channel_after_select(readset, writeset); 1440 channel_after_select(readset, writeset);
1441
1442 if (options.gss_renewal_rekey &&
1443 ssh_gssapi_credentials_updated(GSS_C_NO_CONTEXT)) {
1444 debug("credentials updated - forcing rekey");
1445 need_rekeying = 1;
1446 }
1447
1431 if (need_rekeying || packet_need_rekeying()) { 1448 if (need_rekeying || packet_need_rekeying()) {
1432 debug("need rekeying"); 1449 debug("need rekeying");
1433 xxx_kex->done = 0; 1450 xxx_kex->done = 0;
@@ -1639,7 +1656,7 @@ client_request_forwarded_tcpip(const char *request_type, int rchan)
1639{ 1656{
1640 Channel *c = NULL; 1657 Channel *c = NULL;
1641 char *listen_address, *originator_address; 1658 char *listen_address, *originator_address;
1642 int listen_port, originator_port; 1659 u_short listen_port, originator_port;
1643 1660
1644 /* Get rest of the packet */ 1661 /* Get rest of the packet */
1645 listen_address = packet_get_string(NULL); 1662 listen_address = packet_get_string(NULL);
@@ -1665,7 +1682,7 @@ client_request_x11(const char *request_type, int rchan)
1665{ 1682{
1666 Channel *c = NULL; 1683 Channel *c = NULL;
1667 char *originator; 1684 char *originator;
1668 int originator_port; 1685 u_short originator_port;
1669 int sock; 1686 int sock;
1670 1687
1671 if (!options.forward_x11) { 1688 if (!options.forward_x11) {
@@ -1729,7 +1746,7 @@ client_request_tun_fwd(int tun_mode, int local_tun, int remote_tun)
1729 return 0; 1746 return 0;
1730 1747
1731 if (!compat20) { 1748 if (!compat20) {
1732 error("Tunnel forwarding is not support for protocol 1"); 1749 error("Tunnel forwarding is not supported for protocol 1");
1733 return -1; 1750 return -1;
1734 } 1751 }
1735 1752
@@ -1853,7 +1870,7 @@ client_input_channel_req(int type, u_int32_t seq, void *ctxt)
1853 if (reply) { 1870 if (reply) {
1854 packet_start(success ? 1871 packet_start(success ?
1855 SSH2_MSG_CHANNEL_SUCCESS : SSH2_MSG_CHANNEL_FAILURE); 1872 SSH2_MSG_CHANNEL_SUCCESS : SSH2_MSG_CHANNEL_FAILURE);
1856 packet_put_int(id); 1873 packet_put_int(c->remote_id);
1857 packet_send(); 1874 packet_send();
1858 } 1875 }
1859 xfree(rtype); 1876 xfree(rtype);
diff --git a/compat.c b/compat.c
index 8aa43f0f8..df3541df7 100644
--- a/compat.c
+++ b/compat.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: compat.c,v 1.77 2006/12/12 03:58:42 djm Exp $ */ 1/* $OpenBSD: compat.c,v 1.78 2008/09/11 14:22:37 markus Exp $ */
2/* 2/*
3 * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved. 3 * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved.
4 * 4 *
diff --git a/compat.h b/compat.h
index 5bd89ea73..16cf282a7 100644
--- a/compat.h
+++ b/compat.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: compat.h,v 1.41 2006/12/12 03:58:42 djm Exp $ */ 1/* $OpenBSD: compat.h,v 1.42 2008/09/11 14:22:37 markus Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 1999, 2000, 2001 Markus Friedl. All rights reserved. 4 * Copyright (c) 1999, 2000, 2001 Markus Friedl. All rights reserved.
diff --git a/config.h.in b/config.h.in
index 855829e93..a1b719751 100644
--- a/config.h.in
+++ b/config.h.in
@@ -380,6 +380,9 @@
380/* Define to 1 if you have the `getgrset' function. */ 380/* Define to 1 if you have the `getgrset' function. */
381#undef HAVE_GETGRSET 381#undef HAVE_GETGRSET
382 382
383/* Define to 1 if you have the `getlastlogxbyname' function. */
384#undef HAVE_GETLASTLOGXBYNAME
385
383/* Define to 1 if you have the `getluid' function. */ 386/* Define to 1 if you have the `getluid' function. */
384#undef HAVE_GETLUID 387#undef HAVE_GETLUID
385 388
@@ -897,6 +900,9 @@
897/* define if you have struct sockaddr_in6 data type */ 900/* define if you have struct sockaddr_in6 data type */
898#undef HAVE_STRUCT_SOCKADDR_IN6 901#undef HAVE_STRUCT_SOCKADDR_IN6
899 902
903/* Define to 1 if `sin6_scope_id' is member of `struct sockaddr_in6'. */
904#undef HAVE_STRUCT_SOCKADDR_IN6_SIN6_SCOPE_ID
905
900/* define if you have struct sockaddr_storage data type */ 906/* define if you have struct sockaddr_storage data type */
901#undef HAVE_STRUCT_SOCKADDR_STORAGE 907#undef HAVE_STRUCT_SOCKADDR_STORAGE
902 908
@@ -1158,6 +1164,9 @@
1158/* Define if you want Kerberos 5 support */ 1164/* Define if you want Kerberos 5 support */
1159#undef KRB5 1165#undef KRB5
1160 1166
1167/* Define if pututxline updates lastlog too */
1168#undef LASTLOG_WRITE_PUTUTXLINE
1169
1161/* Define if you want TCP Wrappers support */ 1170/* Define if you want TCP Wrappers support */
1162#undef LIBWRAP 1171#undef LIBWRAP
1163 1172
diff --git a/configure b/configure
index f4662e922..1fe8a20e9 100755
--- a/configure
+++ b/configure
@@ -1,5 +1,5 @@
1#! /bin/sh 1#! /bin/sh
2# From configure.ac Revision: 1.409 . 2# From configure.ac Revision: 1.415 .
3# Guess values for system-dependent variables and create Makefiles. 3# Guess values for system-dependent variables and create Makefiles.
4# Generated by GNU Autoconf 2.61 for OpenSSH Portable. 4# Generated by GNU Autoconf 2.61 for OpenSSH Portable.
5# 5#
@@ -5461,7 +5461,7 @@ rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
5461 5461
5462 # -fstack-protector-all doesn't always work for some GCC versions 5462 # -fstack-protector-all doesn't always work for some GCC versions
5463 # and/or platforms, so we test if we can. If it's not supported 5463 # and/or platforms, so we test if we can. If it's not supported
5464 # on a give platform gcc will emit a warning so we use -Werror. 5464 # on a given platform gcc will emit a warning so we use -Werror.
5465 if test "x$use_stack_protector" = "x1"; then 5465 if test "x$use_stack_protector" = "x1"; then
5466 for t in -fstack-protector-all -fstack-protector; do 5466 for t in -fstack-protector-all -fstack-protector; do
5467 { echo "$as_me:$LINENO: checking if $CC supports $t" >&5 5467 { echo "$as_me:$LINENO: checking if $CC supports $t" >&5
@@ -5477,8 +5477,8 @@ cat confdefs.h >>conftest.$ac_ext
5477cat >>conftest.$ac_ext <<_ACEOF 5477cat >>conftest.$ac_ext <<_ACEOF
5478/* end confdefs.h. */ 5478/* end confdefs.h. */
5479 5479
5480#include <stdlib.h> 5480#include <stdio.h>
5481int main(void){return 0;} 5481int main(void){char x[256]; snprintf(x, sizeof(x), "XXX"); return 0;}
5482 5482
5483_ACEOF 5483_ACEOF
5484rm -f conftest.$ac_objext conftest$ac_exeext 5484rm -f conftest.$ac_objext conftest$ac_exeext
@@ -5518,8 +5518,8 @@ cat confdefs.h >>conftest.$ac_ext
5518cat >>conftest.$ac_ext <<_ACEOF 5518cat >>conftest.$ac_ext <<_ACEOF
5519/* end confdefs.h. */ 5519/* end confdefs.h. */
5520 5520
5521#include <stdlib.h> 5521#include <stdio.h>
5522int main(void){exit(0);} 5522int main(void){char x[256]; snprintf(x, sizeof(x), "XXX"); return 0;}
5523 5523
5524_ACEOF 5524_ACEOF
5525rm -f conftest$ac_exeext 5525rm -f conftest$ac_exeext
@@ -7365,6 +7365,11 @@ _ACEOF
7365 7365
7366 #include <bsm/audit.h> 7366 #include <bsm/audit.h>
7367 7367
7368cat >>confdefs.h <<\_ACEOF
7369#define LASTLOG_WRITE_PUTUTXLINE 1
7370_ACEOF
7371
7372
7368fi 7373fi
7369 7374
7370 { echo "$as_me:$LINENO: checking if we have the Security Authorization Session API" >&5 7375 { echo "$as_me:$LINENO: checking if we have the Security Authorization Session API" >&5
@@ -7792,7 +7797,7 @@ _ACEOF
7792_ACEOF 7797_ACEOF
7793 7798
7794 ;; 7799 ;;
7795*-*-k*bsd*-gnu) 7800*-*-k*bsd*-gnu | *-*-kopensolaris*-gnu)
7796 check_for_libcrypt_later=1 7801 check_for_libcrypt_later=1
7797 cat >>confdefs.h <<\_ACEOF 7802 cat >>confdefs.h <<\_ACEOF
7798#define PAM_TTY_KLUDGE 1 7803#define PAM_TTY_KLUDGE 1
@@ -8885,7 +8890,6 @@ _ACEOF
8885 ;; 8890 ;;
8886# UnixWare 7.x, OpenUNIX 8 8891# UnixWare 7.x, OpenUNIX 8
8887*-*-sysv5*) 8892*-*-sysv5*)
8888 check_for_libcrypt_later=1
8889 8893
8890cat >>confdefs.h <<\_ACEOF 8894cat >>confdefs.h <<\_ACEOF
8891#define UNIXWARE_LONG_PASSWORDS 1 8895#define UNIXWARE_LONG_PASSWORDS 1
@@ -8923,11 +8927,181 @@ _ACEOF
8923#define BROKEN_UPDWTMPX 1 8927#define BROKEN_UPDWTMPX 1
8924_ACEOF 8928_ACEOF
8925 8929
8930 { echo "$as_me:$LINENO: checking for getluid in -lprot" >&5
8931echo $ECHO_N "checking for getluid in -lprot... $ECHO_C" >&6; }
8932if test "${ac_cv_lib_prot_getluid+set}" = set; then
8933 echo $ECHO_N "(cached) $ECHO_C" >&6
8934else
8935 ac_check_lib_save_LIBS=$LIBS
8936LIBS="-lprot $LIBS"
8937cat >conftest.$ac_ext <<_ACEOF
8938/* confdefs.h. */
8939_ACEOF
8940cat confdefs.h >>conftest.$ac_ext
8941cat >>conftest.$ac_ext <<_ACEOF
8942/* end confdefs.h. */
8943
8944/* Override any GCC internal prototype to avoid an error.
8945 Use char because int might match the return type of a GCC
8946 builtin and then its argument prototype would still apply. */
8947#ifdef __cplusplus
8948extern "C"
8949#endif
8950char getluid ();
8951int
8952main ()
8953{
8954return getluid ();
8955 ;
8956 return 0;
8957}
8958_ACEOF
8959rm -f conftest.$ac_objext conftest$ac_exeext
8960if { (ac_try="$ac_link"
8961case "(($ac_try" in
8962 *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
8963 *) ac_try_echo=$ac_try;;
8964esac
8965eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
8966 (eval "$ac_link") 2>conftest.er1
8967 ac_status=$?
8968 grep -v '^ *+' conftest.er1 >conftest.err
8969 rm -f conftest.er1
8970 cat conftest.err >&5
8971 echo "$as_me:$LINENO: \$? = $ac_status" >&5
8972 (exit $ac_status); } && {
8973 test -z "$ac_c_werror_flag" ||
8974 test ! -s conftest.err
8975 } && test -s conftest$ac_exeext &&
8976 $as_test_x conftest$ac_exeext; then
8977 ac_cv_lib_prot_getluid=yes
8978else
8979 echo "$as_me: failed program was:" >&5
8980sed 's/^/| /' conftest.$ac_ext >&5
8981
8982 ac_cv_lib_prot_getluid=no
8983fi
8984
8985rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
8986 conftest$ac_exeext conftest.$ac_ext
8987LIBS=$ac_check_lib_save_LIBS
8988fi
8989{ echo "$as_me:$LINENO: result: $ac_cv_lib_prot_getluid" >&5
8990echo "${ECHO_T}$ac_cv_lib_prot_getluid" >&6; }
8991if test $ac_cv_lib_prot_getluid = yes; then
8992 LIBS="$LIBS -lprot"
8993
8994
8995for ac_func in getluid setluid
8996do
8997as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
8998{ echo "$as_me:$LINENO: checking for $ac_func" >&5
8999echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
9000if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
9001 echo $ECHO_N "(cached) $ECHO_C" >&6
9002else
9003 cat >conftest.$ac_ext <<_ACEOF
9004/* confdefs.h. */
9005_ACEOF
9006cat confdefs.h >>conftest.$ac_ext
9007cat >>conftest.$ac_ext <<_ACEOF
9008/* end confdefs.h. */
9009/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
9010 For example, HP-UX 11i <limits.h> declares gettimeofday. */
9011#define $ac_func innocuous_$ac_func
9012
9013/* System header to define __stub macros and hopefully few prototypes,
9014 which can conflict with char $ac_func (); below.
9015 Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
9016 <limits.h> exists even on freestanding compilers. */
9017
9018#ifdef __STDC__
9019# include <limits.h>
9020#else
9021# include <assert.h>
9022#endif
9023
9024#undef $ac_func
9025
9026/* Override any GCC internal prototype to avoid an error.
9027 Use char because int might match the return type of a GCC
9028 builtin and then its argument prototype would still apply. */
9029#ifdef __cplusplus
9030extern "C"
9031#endif
9032char $ac_func ();
9033/* The GNU C library defines this for functions which it implements
9034 to always fail with ENOSYS. Some functions are actually named
9035 something starting with __ and the normal name is an alias. */
9036#if defined __stub_$ac_func || defined __stub___$ac_func
9037choke me
9038#endif
9039
9040int
9041main ()
9042{
9043return $ac_func ();
9044 ;
9045 return 0;
9046}
9047_ACEOF
9048rm -f conftest.$ac_objext conftest$ac_exeext
9049if { (ac_try="$ac_link"
9050case "(($ac_try" in
9051 *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
9052 *) ac_try_echo=$ac_try;;
9053esac
9054eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
9055 (eval "$ac_link") 2>conftest.er1
9056 ac_status=$?
9057 grep -v '^ *+' conftest.er1 >conftest.err
9058 rm -f conftest.er1
9059 cat conftest.err >&5
9060 echo "$as_me:$LINENO: \$? = $ac_status" >&5
9061 (exit $ac_status); } && {
9062 test -z "$ac_c_werror_flag" ||
9063 test ! -s conftest.err
9064 } && test -s conftest$ac_exeext &&
9065 $as_test_x conftest$ac_exeext; then
9066 eval "$as_ac_var=yes"
9067else
9068 echo "$as_me: failed program was:" >&5
9069sed 's/^/| /' conftest.$ac_ext >&5
9070
9071 eval "$as_ac_var=no"
9072fi
9073
9074rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
9075 conftest$ac_exeext conftest.$ac_ext
9076fi
9077ac_res=`eval echo '${'$as_ac_var'}'`
9078 { echo "$as_me:$LINENO: result: $ac_res" >&5
9079echo "${ECHO_T}$ac_res" >&6; }
9080if test `eval echo '${'$as_ac_var'}'` = yes; then
9081 cat >>confdefs.h <<_ACEOF
9082#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
9083_ACEOF
9084
9085fi
9086done
9087
9088 cat >>confdefs.h <<\_ACEOF
9089#define HAVE_SECUREWARE 1
9090_ACEOF
9091
9092 cat >>confdefs.h <<\_ACEOF
9093#define DISABLE_SHADOW 1
9094_ACEOF
9095
9096
9097fi
9098
8926 ;; 9099 ;;
8927 *) cat >>confdefs.h <<\_ACEOF 9100 *) cat >>confdefs.h <<\_ACEOF
8928#define LOCKED_PASSWD_STRING "*LK*" 9101#define LOCKED_PASSWD_STRING "*LK*"
8929_ACEOF 9102_ACEOF
8930 9103
9104 check_for_libcrypt_later=1
8931 ;; 9105 ;;
8932 esac 9106 esac
8933 ;; 9107 ;;
@@ -14916,6 +15090,100 @@ fi
14916done 15090done
14917 15091
14918 15092
15093for ac_func in getlastlogxbyname
15094do
15095as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
15096{ echo "$as_me:$LINENO: checking for $ac_func" >&5
15097echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
15098if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
15099 echo $ECHO_N "(cached) $ECHO_C" >&6
15100else
15101 cat >conftest.$ac_ext <<_ACEOF
15102/* confdefs.h. */
15103_ACEOF
15104cat confdefs.h >>conftest.$ac_ext
15105cat >>conftest.$ac_ext <<_ACEOF
15106/* end confdefs.h. */
15107/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
15108 For example, HP-UX 11i <limits.h> declares gettimeofday. */
15109#define $ac_func innocuous_$ac_func
15110
15111/* System header to define __stub macros and hopefully few prototypes,
15112 which can conflict with char $ac_func (); below.
15113 Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
15114 <limits.h> exists even on freestanding compilers. */
15115
15116#ifdef __STDC__
15117# include <limits.h>
15118#else
15119# include <assert.h>
15120#endif
15121
15122#undef $ac_func
15123
15124/* Override any GCC internal prototype to avoid an error.
15125 Use char because int might match the return type of a GCC
15126 builtin and then its argument prototype would still apply. */
15127#ifdef __cplusplus
15128extern "C"
15129#endif
15130char $ac_func ();
15131/* The GNU C library defines this for functions which it implements
15132 to always fail with ENOSYS. Some functions are actually named
15133 something starting with __ and the normal name is an alias. */
15134#if defined __stub_$ac_func || defined __stub___$ac_func
15135choke me
15136#endif
15137
15138int
15139main ()
15140{
15141return $ac_func ();
15142 ;
15143 return 0;
15144}
15145_ACEOF
15146rm -f conftest.$ac_objext conftest$ac_exeext
15147if { (ac_try="$ac_link"
15148case "(($ac_try" in
15149 *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
15150 *) ac_try_echo=$ac_try;;
15151esac
15152eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
15153 (eval "$ac_link") 2>conftest.er1
15154 ac_status=$?
15155 grep -v '^ *+' conftest.er1 >conftest.err
15156 rm -f conftest.er1
15157 cat conftest.err >&5
15158 echo "$as_me:$LINENO: \$? = $ac_status" >&5
15159 (exit $ac_status); } && {
15160 test -z "$ac_c_werror_flag" ||
15161 test ! -s conftest.err
15162 } && test -s conftest$ac_exeext &&
15163 $as_test_x conftest$ac_exeext; then
15164 eval "$as_ac_var=yes"
15165else
15166 echo "$as_me: failed program was:" >&5
15167sed 's/^/| /' conftest.$ac_ext >&5
15168
15169 eval "$as_ac_var=no"
15170fi
15171
15172rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
15173 conftest$ac_exeext conftest.$ac_ext
15174fi
15175ac_res=`eval echo '${'$as_ac_var'}'`
15176 { echo "$as_me:$LINENO: result: $ac_res" >&5
15177echo "${ECHO_T}$ac_res" >&6; }
15178if test `eval echo '${'$as_ac_var'}'` = yes; then
15179 cat >>confdefs.h <<_ACEOF
15180#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
15181_ACEOF
15182
15183fi
15184done
15185
15186
14919{ echo "$as_me:$LINENO: checking for daemon" >&5 15187{ echo "$as_me:$LINENO: checking for daemon" >&5
14920echo $ECHO_N "checking for daemon... $ECHO_C" >&6; } 15188echo $ECHO_N "checking for daemon... $ECHO_C" >&6; }
14921if test "${ac_cv_func_daemon+set}" = set; then 15189if test "${ac_cv_func_daemon+set}" = set; then
@@ -22642,6 +22910,121 @@ cat >>confdefs.h <<\_ACEOF
22642#define HAVE_STRUCT_IN6_ADDR 1 22910#define HAVE_STRUCT_IN6_ADDR 1
22643_ACEOF 22911_ACEOF
22644 22912
22913
22914 { echo "$as_me:$LINENO: checking for struct sockaddr_in6.sin6_scope_id" >&5
22915echo $ECHO_N "checking for struct sockaddr_in6.sin6_scope_id... $ECHO_C" >&6; }
22916if test "${ac_cv_member_struct_sockaddr_in6_sin6_scope_id+set}" = set; then
22917 echo $ECHO_N "(cached) $ECHO_C" >&6
22918else
22919 cat >conftest.$ac_ext <<_ACEOF
22920/* confdefs.h. */
22921_ACEOF
22922cat confdefs.h >>conftest.$ac_ext
22923cat >>conftest.$ac_ext <<_ACEOF
22924/* end confdefs.h. */
22925
22926#ifdef HAVE_SYS_TYPES_H
22927#include <sys/types.h>
22928#endif
22929#include <netinet/in.h>
22930
22931
22932int
22933main ()
22934{
22935static struct sockaddr_in6 ac_aggr;
22936if (ac_aggr.sin6_scope_id)
22937return 0;
22938 ;
22939 return 0;
22940}
22941_ACEOF
22942rm -f conftest.$ac_objext
22943if { (ac_try="$ac_compile"
22944case "(($ac_try" in
22945 *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
22946 *) ac_try_echo=$ac_try;;
22947esac
22948eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
22949 (eval "$ac_compile") 2>conftest.er1
22950 ac_status=$?
22951 grep -v '^ *+' conftest.er1 >conftest.err
22952 rm -f conftest.er1
22953 cat conftest.err >&5
22954 echo "$as_me:$LINENO: \$? = $ac_status" >&5
22955 (exit $ac_status); } && {
22956 test -z "$ac_c_werror_flag" ||
22957 test ! -s conftest.err
22958 } && test -s conftest.$ac_objext; then
22959 ac_cv_member_struct_sockaddr_in6_sin6_scope_id=yes
22960else
22961 echo "$as_me: failed program was:" >&5
22962sed 's/^/| /' conftest.$ac_ext >&5
22963
22964 cat >conftest.$ac_ext <<_ACEOF
22965/* confdefs.h. */
22966_ACEOF
22967cat confdefs.h >>conftest.$ac_ext
22968cat >>conftest.$ac_ext <<_ACEOF
22969/* end confdefs.h. */
22970
22971#ifdef HAVE_SYS_TYPES_H
22972#include <sys/types.h>
22973#endif
22974#include <netinet/in.h>
22975
22976
22977int
22978main ()
22979{
22980static struct sockaddr_in6 ac_aggr;
22981if (sizeof ac_aggr.sin6_scope_id)
22982return 0;
22983 ;
22984 return 0;
22985}
22986_ACEOF
22987rm -f conftest.$ac_objext
22988if { (ac_try="$ac_compile"
22989case "(($ac_try" in
22990 *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
22991 *) ac_try_echo=$ac_try;;
22992esac
22993eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
22994 (eval "$ac_compile") 2>conftest.er1
22995 ac_status=$?
22996 grep -v '^ *+' conftest.er1 >conftest.err
22997 rm -f conftest.er1
22998 cat conftest.err >&5
22999 echo "$as_me:$LINENO: \$? = $ac_status" >&5
23000 (exit $ac_status); } && {
23001 test -z "$ac_c_werror_flag" ||
23002 test ! -s conftest.err
23003 } && test -s conftest.$ac_objext; then
23004 ac_cv_member_struct_sockaddr_in6_sin6_scope_id=yes
23005else
23006 echo "$as_me: failed program was:" >&5
23007sed 's/^/| /' conftest.$ac_ext >&5
23008
23009 ac_cv_member_struct_sockaddr_in6_sin6_scope_id=no
23010fi
23011
23012rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
23013fi
23014
23015rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
23016fi
23017{ echo "$as_me:$LINENO: result: $ac_cv_member_struct_sockaddr_in6_sin6_scope_id" >&5
23018echo "${ECHO_T}$ac_cv_member_struct_sockaddr_in6_sin6_scope_id" >&6; }
23019if test $ac_cv_member_struct_sockaddr_in6_sin6_scope_id = yes; then
23020
23021cat >>confdefs.h <<_ACEOF
23022#define HAVE_STRUCT_SOCKADDR_IN6_SIN6_SCOPE_ID 1
23023_ACEOF
23024
23025
23026fi
23027
22645fi 23028fi
22646 23029
22647{ echo "$as_me:$LINENO: checking for struct addrinfo" >&5 23030{ echo "$as_me:$LINENO: checking for struct addrinfo" >&5
diff --git a/configure.ac b/configure.ac
index 991e0fef3..396fc974a 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,4 +1,4 @@
1# $Id: configure.ac,v 1.409 2008/07/09 11:07:19 djm Exp $ 1# $Id: configure.ac,v 1.415 2009/02/16 04:37:03 djm Exp $
2# 2#
3# Copyright (c) 1999-2004 Damien Miller 3# Copyright (c) 1999-2004 Damien Miller
4# 4#
@@ -15,7 +15,7 @@
15# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 16
17AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) 17AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
18AC_REVISION($Revision: 1.409 $) 18AC_REVISION($Revision: 1.415 $)
19AC_CONFIG_SRCDIR([ssh.c]) 19AC_CONFIG_SRCDIR([ssh.c])
20 20
21AC_CONFIG_HEADER(config.h) 21AC_CONFIG_HEADER(config.h)
@@ -126,7 +126,7 @@ int main(void){char b[10]; memset(b, 0, sizeof(b));}
126 126
127 # -fstack-protector-all doesn't always work for some GCC versions 127 # -fstack-protector-all doesn't always work for some GCC versions
128 # and/or platforms, so we test if we can. If it's not supported 128 # and/or platforms, so we test if we can. If it's not supported
129 # on a give platform gcc will emit a warning so we use -Werror. 129 # on a given platform gcc will emit a warning so we use -Werror.
130 if test "x$use_stack_protector" = "x1"; then 130 if test "x$use_stack_protector" = "x1"; then
131 for t in -fstack-protector-all -fstack-protector; do 131 for t in -fstack-protector-all -fstack-protector; do
132 AC_MSG_CHECKING(if $CC supports $t) 132 AC_MSG_CHECKING(if $CC supports $t)
@@ -136,8 +136,8 @@ int main(void){char b[10]; memset(b, 0, sizeof(b));}
136 LDFLAGS="$LDFLAGS $t -Werror" 136 LDFLAGS="$LDFLAGS $t -Werror"
137 AC_LINK_IFELSE( 137 AC_LINK_IFELSE(
138 [AC_LANG_SOURCE([ 138 [AC_LANG_SOURCE([
139#include <stdlib.h> 139#include <stdio.h>
140int main(void){return 0;} 140int main(void){char x[[256]]; snprintf(x, sizeof(x), "XXX"); return 0;}
141 ])], 141 ])],
142 [ AC_MSG_RESULT(yes) 142 [ AC_MSG_RESULT(yes)
143 CFLAGS="$saved_CFLAGS $t" 143 CFLAGS="$saved_CFLAGS $t"
@@ -145,8 +145,8 @@ int main(void){return 0;}
145 AC_MSG_CHECKING(if $t works) 145 AC_MSG_CHECKING(if $t works)
146 AC_RUN_IFELSE( 146 AC_RUN_IFELSE(
147 [AC_LANG_SOURCE([ 147 [AC_LANG_SOURCE([
148#include <stdlib.h> 148#include <stdio.h>
149int main(void){exit(0);} 149int main(void){char x[[256]]; snprintf(x, sizeof(x), "XXX"); return 0;}
150 ])], 150 ])],
151 [ AC_MSG_RESULT(yes) 151 [ AC_MSG_RESULT(yes)
152 break ], 152 break ],
@@ -473,11 +473,6 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
473 [Use tunnel device compatibility to OpenBSD]) 473 [Use tunnel device compatibility to OpenBSD])
474 AC_DEFINE(SSH_TUN_PREPEND_AF, 1, 474 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
475 [Prepend the address family to IP tunnel traffic]) 475 [Prepend the address family to IP tunnel traffic])
476 m4_pattern_allow(AU_IPv)
477 AC_CHECK_DECL(AU_IPv4, [],
478 AC_DEFINE(AU_IPv4, 0, [System only supports IPv4 audit records])
479 [#include <bsm/audit.h>]
480 )
481 AC_MSG_CHECKING(if we have the Security Authorization Session API) 476 AC_MSG_CHECKING(if we have the Security Authorization Session API)
482 AC_TRY_COMPILE([#include <Security/AuthSession.h>], 477 AC_TRY_COMPILE([#include <Security/AuthSession.h>],
483 [SessionCreate(0, 0);], 478 [SessionCreate(0, 0);],
@@ -502,6 +497,13 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
502 fi], 497 fi],
503 [AC_MSG_RESULT(no)] 498 [AC_MSG_RESULT(no)]
504 ) 499 )
500 m4_pattern_allow(AU_IPv)
501 AC_CHECK_DECL(AU_IPv4, [],
502 AC_DEFINE(AU_IPv4, 0, [System only supports IPv4 audit records])
503 [#include <bsm/audit.h>]
504 AC_DEFINE(LASTLOG_WRITE_PUTUTXLINE, 1,
505 [Define if pututxline updates lastlog too])
506 )
505 ;; 507 ;;
506*-*-dragonfly*) 508*-*-dragonfly*)
507 SSHDLIBS="$SSHDLIBS -lcrypt" 509 SSHDLIBS="$SSHDLIBS -lcrypt"
@@ -585,7 +587,7 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
585 AC_DEFINE(WITH_ABBREV_NO_TTY) 587 AC_DEFINE(WITH_ABBREV_NO_TTY)
586 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*") 588 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
587 ;; 589 ;;
588*-*-k*bsd*-gnu) 590*-*-k*bsd*-gnu | *-*-kopensolaris*-gnu)
589 check_for_libcrypt_later=1 591 check_for_libcrypt_later=1
590 AC_DEFINE(PAM_TTY_KLUDGE) 592 AC_DEFINE(PAM_TTY_KLUDGE)
591 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!") 593 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!")
@@ -761,7 +763,6 @@ mips-sony-bsd|mips-sony-newsos4)
761 ;; 763 ;;
762# UnixWare 7.x, OpenUNIX 8 764# UnixWare 7.x, OpenUNIX 8
763*-*-sysv5*) 765*-*-sysv5*)
764 check_for_libcrypt_later=1
765 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars]) 766 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
766 AC_DEFINE(USE_PIPES) 767 AC_DEFINE(USE_PIPES)
767 AC_DEFINE(SETEUID_BREAKS_SETUID) 768 AC_DEFINE(SETEUID_BREAKS_SETUID)
@@ -774,8 +775,14 @@ mips-sony-bsd|mips-sony-newsos4)
774 AC_DEFINE(BROKEN_LIBIAF, 1, 775 AC_DEFINE(BROKEN_LIBIAF, 1,
775 [ia_uinfo routines not supported by OS yet]) 776 [ia_uinfo routines not supported by OS yet])
776 AC_DEFINE(BROKEN_UPDWTMPX) 777 AC_DEFINE(BROKEN_UPDWTMPX)
778 AC_CHECK_LIB(prot, getluid,[ LIBS="$LIBS -lprot"
779 AC_CHECK_FUNCS(getluid setluid,,,-lprot)
780 AC_DEFINE(HAVE_SECUREWARE)
781 AC_DEFINE(DISABLE_SHADOW)
782 ],,)
777 ;; 783 ;;
778 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*") 784 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
785 check_for_libcrypt_later=1
779 ;; 786 ;;
780 esac 787 esac
781 ;; 788 ;;
@@ -1536,6 +1543,8 @@ AC_CHECK_FUNCS(utmpname)
1536dnl Checks for utmpx functions 1543dnl Checks for utmpx functions
1537AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline ) 1544AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1538AC_CHECK_FUNCS(setutxent utmpxname) 1545AC_CHECK_FUNCS(setutxent utmpxname)
1546dnl Checks for lastlog functions
1547AC_CHECK_FUNCS(getlastlogxbyname)
1539 1548
1540AC_CHECK_FUNC(daemon, 1549AC_CHECK_FUNC(daemon,
1541 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])], 1550 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
@@ -2857,6 +2866,15 @@ AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2857if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then 2866if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2858 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1, 2867 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
2859 [define if you have struct in6_addr data type]) 2868 [define if you have struct in6_addr data type])
2869
2870dnl Now check for sin6_scope_id
2871 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id],,,
2872 [
2873#ifdef HAVE_SYS_TYPES_H
2874#include <sys/types.h>
2875#endif
2876#include <netinet/in.h>
2877 ])
2860fi 2878fi
2861 2879
2862AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [ 2880AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
diff --git a/contrib/caldera/openssh.spec b/contrib/caldera/openssh.spec
index 32d175d4b..42dbcfeeb 100644
--- a/contrib/caldera/openssh.spec
+++ b/contrib/caldera/openssh.spec
@@ -17,11 +17,11 @@
17#old cvs stuff. please update before use. may be deprecated. 17#old cvs stuff. please update before use. may be deprecated.
18%define use_stable 1 18%define use_stable 1
19%if %{use_stable} 19%if %{use_stable}
20 %define version 5.1p1 20 %define version 5.2p1
21 %define cvs %{nil} 21 %define cvs %{nil}
22 %define release 1 22 %define release 1
23%else 23%else
24 %define version 5.1p1 24 %define version 5.2p1
25 %define cvs cvs20050315 25 %define cvs cvs20050315
26 %define release 0r1 26 %define release 0r1
27%endif 27%endif
@@ -251,7 +251,7 @@ install -m 0755 contrib/caldera/ssh-host-keygen $SKG
251# install remaining docs 251# install remaining docs
252DocD="%{buildroot}%{_defaultdocdir}/%{name}-%{version}" 252DocD="%{buildroot}%{_defaultdocdir}/%{name}-%{version}"
253mkdir -p $DocD/%{askpass} 253mkdir -p $DocD/%{askpass}
254cp -a CREDITS ChangeLog LICENCE OVERVIEW README* TODO $DocD 254cp -a CREDITS ChangeLog LICENCE OVERVIEW README* TODO PROTOCOL* $DocD
255install -p -m 0444 %{SOURCE3} $DocD/faq.html 255install -p -m 0444 %{SOURCE3} $DocD/faq.html
256cp -a %{askpass}/{README,ChangeLog,TODO,SshAskpass*.ad} $DocD/%{askpass} 256cp -a %{askpass}/{README,ChangeLog,TODO,SshAskpass*.ad} $DocD/%{askpass}
257%if %{use_stable} 257%if %{use_stable}
@@ -358,4 +358,4 @@ fi
358* Mon Jan 01 1998 ... 358* Mon Jan 01 1998 ...
359Template Version: 1.31 359Template Version: 1.31
360 360
361$Id: openssh.spec,v 1.65 2008/07/21 08:21:53 djm Exp $ 361$Id: openssh.spec,v 1.66 2009/02/21 07:03:05 djm Exp $
diff --git a/contrib/caldera/ssh-host-keygen b/contrib/caldera/ssh-host-keygen
index 3c5c17182..86382ddfb 100755
--- a/contrib/caldera/ssh-host-keygen
+++ b/contrib/caldera/ssh-host-keygen
@@ -1,6 +1,6 @@
1#! /bin/sh 1#! /bin/sh
2# 2#
3# $Id: ssh-host-keygen,v 1.2 2003/11/21 12:48:57 djm Exp $ 3# $Id: ssh-host-keygen,v 1.3 2008/11/03 09:16:01 djm Exp $
4# 4#
5# This script is normally run only *once* for a given host 5# This script is normally run only *once* for a given host
6# (in a given period of time) -- on updates/upgrades/recovery 6# (in a given period of time) -- on updates/upgrades/recovery
@@ -15,16 +15,16 @@ if [ -f $keydir/ssh_host_key -o \
15 -f $keydir/ssh_host_key.pub ]; then 15 -f $keydir/ssh_host_key.pub ]; then
16 echo "You already have an SSH1 RSA host key in $keydir/ssh_host_key." 16 echo "You already have an SSH1 RSA host key in $keydir/ssh_host_key."
17else 17else
18 echo "Generating 1024 bit SSH1 RSA host key." 18 echo "Generating SSH1 RSA host key."
19 $keygen -b 1024 -t rsa1 -f $keydir/ssh_host_key -C '' -N '' 19 $keygen -t rsa1 -f $keydir/ssh_host_key -C '' -N ''
20fi 20fi
21 21
22if [ -f $keydir/ssh_host_rsa_key -o \ 22if [ -f $keydir/ssh_host_rsa_key -o \
23 -f $keydir/ssh_host_rsa_key.pub ]; then 23 -f $keydir/ssh_host_rsa_key.pub ]; then
24 echo "You already have an SSH2 RSA host key in $keydir/ssh_host_rsa_key." 24 echo "You already have an SSH2 RSA host key in $keydir/ssh_host_rsa_key."
25else 25else
26 echo "Generating 1024 bit SSH2 RSA host key." 26 echo "Generating SSH2 RSA host key."
27 $keygen -b 1024 -t rsa -f $keydir/ssh_host_rsa_key -C '' -N '' 27 $keygen -t rsa -f $keydir/ssh_host_rsa_key -C '' -N ''
28fi 28fi
29 29
30if [ -f $keydir/ssh_host_dsa_key -o \ 30if [ -f $keydir/ssh_host_dsa_key -o \
diff --git a/contrib/caldera/sshd.pam b/contrib/caldera/sshd.pam
index 26dcb34d9..f050a9aee 100644
--- a/contrib/caldera/sshd.pam
+++ b/contrib/caldera/sshd.pam
@@ -1,6 +1,6 @@
1#%PAM-1.0 1#%PAM-1.0
2auth required /lib/security/pam_pwdb.so shadow nodelay 2auth required /lib/security/pam_pwdb.so shadow nodelay
3auth required /lib/security/pam_nologin.so 3account required /lib/security/pam_nologin.so
4account required /lib/security/pam_pwdb.so 4account required /lib/security/pam_pwdb.so
5password required /lib/security/pam_cracklib.so 5password required /lib/security/pam_cracklib.so
6password required /lib/security/pam_pwdb.so shadow nullok use_authtok 6password required /lib/security/pam_pwdb.so shadow nullok use_authtok
diff --git a/contrib/cygwin/Makefile b/contrib/cygwin/Makefile
index 3e2d26404..2ebd143dc 100644
--- a/contrib/cygwin/Makefile
+++ b/contrib/cygwin/Makefile
@@ -38,11 +38,13 @@ install-sshdoc:
38 $(INSTALL) -m 644 $(srcdir)/ChangeLog $(DESTDIR)$(sshdocdir)/ChangeLog 38 $(INSTALL) -m 644 $(srcdir)/ChangeLog $(DESTDIR)$(sshdocdir)/ChangeLog
39 $(INSTALL) -m 644 $(srcdir)/LICENCE $(DESTDIR)$(sshdocdir)/LICENCE 39 $(INSTALL) -m 644 $(srcdir)/LICENCE $(DESTDIR)$(sshdocdir)/LICENCE
40 $(INSTALL) -m 644 $(srcdir)/OVERVIEW $(DESTDIR)$(sshdocdir)/OVERVIEW 40 $(INSTALL) -m 644 $(srcdir)/OVERVIEW $(DESTDIR)$(sshdocdir)/OVERVIEW
41 $(INSTALL) -m 644 $(srcdir)/PROTOCOL $(DESTDIR)$(sshdocdir)/PROTOCOL
42 $(INSTALL) -m 644 $(srcdir)/PROTOCOL.agent $(DESTDIR)$(sshdocdir)/PROTOCOL.agent
41 $(INSTALL) -m 644 $(srcdir)/README $(DESTDIR)$(sshdocdir)/README 43 $(INSTALL) -m 644 $(srcdir)/README $(DESTDIR)$(sshdocdir)/README
42 $(INSTALL) -m 644 $(srcdir)/README.dns $(DESTDIR)$(sshdocdir)/README.dns 44 $(INSTALL) -m 644 $(srcdir)/README.dns $(DESTDIR)$(sshdocdir)/README.dns
45 $(INSTALL) -m 644 $(srcdir)/README.platform $(DESTDIR)$(sshdocdir)/README.platform
43 $(INSTALL) -m 644 $(srcdir)/README.privsep $(DESTDIR)$(sshdocdir)/README.privsep 46 $(INSTALL) -m 644 $(srcdir)/README.privsep $(DESTDIR)$(sshdocdir)/README.privsep
44 $(INSTALL) -m 644 $(srcdir)/README.smartcard $(DESTDIR)$(sshdocdir)/README.smartcard 47 $(INSTALL) -m 644 $(srcdir)/README.smartcard $(DESTDIR)$(sshdocdir)/README.smartcard
45 $(INSTALL) -m 644 $(srcdir)/RFC.nroff $(DESTDIR)$(sshdocdir)/RFC.nroff
46 $(INSTALL) -m 644 $(srcdir)/TODO $(DESTDIR)$(sshdocdir)/TODO 48 $(INSTALL) -m 644 $(srcdir)/TODO $(DESTDIR)$(sshdocdir)/TODO
47 $(INSTALL) -m 644 $(srcdir)/WARNING.RNG $(DESTDIR)$(sshdocdir)/WARNING.RNG 49 $(INSTALL) -m 644 $(srcdir)/WARNING.RNG $(DESTDIR)$(sshdocdir)/WARNING.RNG
48 50
diff --git a/contrib/cygwin/ssh-host-config b/contrib/cygwin/ssh-host-config
index bbb6da4c4..57e728fbc 100644
--- a/contrib/cygwin/ssh-host-config
+++ b/contrib/cygwin/ssh-host-config
@@ -25,7 +25,7 @@ source ${CSIH_SCRIPT}
25port_number=22 25port_number=22
26privsep_configured=no 26privsep_configured=no
27privsep_used=yes 27privsep_used=yes
28cygwin_value="ntsec" 28cygwin_value=""
29password_value= 29password_value=
30 30
31# ====================================================================== 31# ======================================================================
@@ -37,13 +37,13 @@ create_host_keys() {
37 csih_inform "Generating ${SYSCONFDIR}/ssh_host_key" 37 csih_inform "Generating ${SYSCONFDIR}/ssh_host_key"
38 ssh-keygen -t rsa1 -f ${SYSCONFDIR}/ssh_host_key -N '' > /dev/null 38 ssh-keygen -t rsa1 -f ${SYSCONFDIR}/ssh_host_key -N '' > /dev/null
39 fi 39 fi
40 40
41 if [ ! -f "${SYSCONFDIR}/ssh_host_rsa_key" ] 41 if [ ! -f "${SYSCONFDIR}/ssh_host_rsa_key" ]
42 then 42 then
43 csih_inform "Generating ${SYSCONFDIR}/ssh_host_rsa_key" 43 csih_inform "Generating ${SYSCONFDIR}/ssh_host_rsa_key"
44 ssh-keygen -t rsa -f ${SYSCONFDIR}/ssh_host_rsa_key -N '' > /dev/null 44 ssh-keygen -t rsa -f ${SYSCONFDIR}/ssh_host_rsa_key -N '' > /dev/null
45 fi 45 fi
46 46
47 if [ ! -f "${SYSCONFDIR}/ssh_host_dsa_key" ] 47 if [ ! -f "${SYSCONFDIR}/ssh_host_dsa_key" ]
48 then 48 then
49 csih_inform "Generating ${SYSCONFDIR}/ssh_host_dsa_key" 49 csih_inform "Generating ${SYSCONFDIR}/ssh_host_dsa_key"
@@ -75,12 +75,12 @@ update_services_file() {
75 _spaces=" # " 75 _spaces=" # "
76 fi 76 fi
77 _serv_tmp="${_my_etcdir}/srv.out.$$" 77 _serv_tmp="${_my_etcdir}/srv.out.$$"
78 78
79 mount -t -f "${_win_etcdir}" "${_my_etcdir}" 79 mount -o text -f "${_win_etcdir}" "${_my_etcdir}"
80 80
81 # Depends on the above mount 81 # Depends on the above mount
82 _wservices=`cygpath -w "${_services}"` 82 _wservices=`cygpath -w "${_services}"`
83 83
84 # Remove sshd 22/port from services 84 # Remove sshd 22/port from services
85 if [ `grep -q 'sshd[ \t][ \t]*22' "${_services}"; echo $?` -eq 0 ] 85 if [ `grep -q 'sshd[ \t][ \t]*22' "${_services}"; echo $?` -eq 0 ]
86 then 86 then
@@ -89,16 +89,16 @@ update_services_file() {
89 then 89 then
90 if mv "${_serv_tmp}" "${_services}" 90 if mv "${_serv_tmp}" "${_services}"
91 then 91 then
92 csih_inform "Removing sshd from ${_wservices}" 92 csih_inform "Removing sshd from ${_wservices}"
93 else 93 else
94 csih_warning "Removing sshd from ${_wservices} failed!" 94 csih_warning "Removing sshd from ${_wservices} failed!"
95 fi 95 fi
96 rm -f "${_serv_tmp}" 96 rm -f "${_serv_tmp}"
97 else 97 else
98 csih_warning "Removing sshd from ${_wservices} failed!" 98 csih_warning "Removing sshd from ${_wservices} failed!"
99 fi 99 fi
100 fi 100 fi
101 101
102 # Add ssh 22/tcp and ssh 22/udp to services 102 # Add ssh 22/tcp and ssh 22/udp to services
103 if [ `grep -q 'ssh[ \t][ \t]*22' "${_services}"; echo $?` -ne 0 ] 103 if [ `grep -q 'ssh[ \t][ \t]*22' "${_services}"; echo $?` -ne 0 ]
104 then 104 then
@@ -106,9 +106,9 @@ update_services_file() {
106 then 106 then
107 if mv "${_serv_tmp}" "${_services}" 107 if mv "${_serv_tmp}" "${_services}"
108 then 108 then
109 csih_inform "Added ssh to ${_wservices}" 109 csih_inform "Added ssh to ${_wservices}"
110 else 110 else
111 csih_warning "Adding ssh to ${_wservices} failed!" 111 csih_warning "Adding ssh to ${_wservices} failed!"
112 fi 112 fi
113 rm -f "${_serv_tmp}" 113 rm -f "${_serv_tmp}"
114 else 114 else
@@ -134,16 +134,16 @@ sshd_privsep() {
134 csih_inform "For more info on privilege separation read /usr/share/doc/openssh/README.privsep." 134 csih_inform "For more info on privilege separation read /usr/share/doc/openssh/README.privsep."
135 if csih_request "Should privilege separation be used?" 135 if csih_request "Should privilege separation be used?"
136 then 136 then
137 privsep_used=yes 137 privsep_used=yes
138 if ! csih_create_unprivileged_user sshd 138 if ! csih_create_unprivileged_user sshd
139 then 139 then
140 csih_warning "Couldn't create user 'sshd'!" 140 csih_warning "Couldn't create user 'sshd'!"
141 csih_warning "Privilege separation set to 'no' again!" 141 csih_warning "Privilege separation set to 'no' again!"
142 csih_warning "Check your ${SYSCONFDIR}/sshd_config file!" 142 csih_warning "Check your ${SYSCONFDIR}/sshd_config file!"
143 privsep_used=no 143 privsep_used=no
144 fi 144 fi
145 else 145 else
146 privsep_used=no 146 privsep_used=no
147 fi 147 fi
148 else 148 else
149 # On 9x don't use privilege separation. Since security isn't 149 # On 9x don't use privilege separation. Since security isn't
@@ -151,7 +151,7 @@ sshd_privsep() {
151 privsep_used=no 151 privsep_used=no
152 fi 152 fi
153 fi 153 fi
154 154
155 # Create default sshd_config from skeleton files in /etc/defaults/etc or 155 # Create default sshd_config from skeleton files in /etc/defaults/etc or
156 # modify to add the missing privsep configuration option 156 # modify to add the missing privsep configuration option
157 if cmp "${SYSCONFDIR}/sshd_config" "${SYSCONFDIR}/defaults/${SYSCONFDIR}/sshd_config" >/dev/null 2>&1 157 if cmp "${SYSCONFDIR}/sshd_config" "${SYSCONFDIR}/defaults/${SYSCONFDIR}/sshd_config" >/dev/null 2>&1
@@ -161,8 +161,8 @@ sshd_privsep() {
161 sed -e "s/^#UsePrivilegeSeparation yes/UsePrivilegeSeparation ${privsep_used}/ 161 sed -e "s/^#UsePrivilegeSeparation yes/UsePrivilegeSeparation ${privsep_used}/
162 s/^#Port 22/Port ${port_number}/ 162 s/^#Port 22/Port ${port_number}/
163 s/^#StrictModes yes/StrictModes no/" \ 163 s/^#StrictModes yes/StrictModes no/" \
164 < ${SYSCONFDIR}/sshd_config \ 164 < ${SYSCONFDIR}/sshd_config \
165 > "${sshdconfig_tmp}" 165 > "${sshdconfig_tmp}"
166 mv "${sshdconfig_tmp}" ${SYSCONFDIR}/sshd_config 166 mv "${sshdconfig_tmp}" ${SYSCONFDIR}/sshd_config
167 elif [ "${privsep_configured}" != "yes" ] 167 elif [ "${privsep_configured}" != "yes" ]
168 then 168 then
@@ -193,19 +193,19 @@ update_inetd_conf() {
193 # will be replaced by a file in inetd.d/ 193 # will be replaced by a file in inetd.d/
194 if [ `grep -q '^[# \t]*ssh' "${_inetcnf}"; echo $?` -eq 0 ] 194 if [ `grep -q '^[# \t]*ssh' "${_inetcnf}"; echo $?` -eq 0 ]
195 then 195 then
196 grep -v '^[# \t]*ssh' "${_inetcnf}" >> "${_inetcnf_tmp}" 196 grep -v '^[# \t]*ssh' "${_inetcnf}" >> "${_inetcnf_tmp}"
197 if [ -f "${_inetcnf_tmp}" ] 197 if [ -f "${_inetcnf_tmp}" ]
198 then 198 then
199 if mv "${_inetcnf_tmp}" "${_inetcnf}" 199 if mv "${_inetcnf_tmp}" "${_inetcnf}"
200 then 200 then
201 csih_inform "Removed ssh[d] from ${_inetcnf}" 201 csih_inform "Removed ssh[d] from ${_inetcnf}"
202 else 202 else
203 csih_warning "Removing ssh[d] from ${_inetcnf} failed!" 203 csih_warning "Removing ssh[d] from ${_inetcnf} failed!"
204 fi 204 fi
205 rm -f "${_inetcnf_tmp}" 205 rm -f "${_inetcnf_tmp}"
206 else 206 else
207 csih_warning "Removing ssh[d] from ${_inetcnf} failed!" 207 csih_warning "Removing ssh[d] from ${_inetcnf} failed!"
208 fi 208 fi
209 fi 209 fi
210 fi 210 fi
211 211
@@ -214,13 +214,13 @@ update_inetd_conf() {
214 then 214 then
215 if [ "${_with_comment}" -eq 0 ] 215 if [ "${_with_comment}" -eq 0 ]
216 then 216 then
217 sed -e 's/@COMMENT@[ \t]*//' < "${_sshd_inetd_conf}" > "${_sshd_inetd_conf_tmp}" 217 sed -e 's/@COMMENT@[ \t]*//' < "${_sshd_inetd_conf}" > "${_sshd_inetd_conf_tmp}"
218 else 218 else
219 sed -e 's/@COMMENT@[ \t]*/# /' < "${_sshd_inetd_conf}" > "${_sshd_inetd_conf_tmp}" 219 sed -e 's/@COMMENT@[ \t]*/# /' < "${_sshd_inetd_conf}" > "${_sshd_inetd_conf_tmp}"
220 fi 220 fi
221 mv "${_sshd_inetd_conf_tmp}" "${_sshd_inetd_conf}" 221 mv "${_sshd_inetd_conf_tmp}" "${_sshd_inetd_conf}"
222 csih_inform "Updated ${_sshd_inetd_conf}" 222 csih_inform "Updated ${_sshd_inetd_conf}"
223 fi 223 fi
224 224
225 elif [ -f "${_inetcnf}" ] 225 elif [ -f "${_inetcnf}" ]
226 then 226 then
@@ -233,26 +233,26 @@ update_inetd_conf() {
233 grep -v '^[# \t]*sshd' "${_inetcnf}" >> "${_inetcnf_tmp}" 233 grep -v '^[# \t]*sshd' "${_inetcnf}" >> "${_inetcnf_tmp}"
234 if [ -f "${_inetcnf_tmp}" ] 234 if [ -f "${_inetcnf_tmp}" ]
235 then 235 then
236 if mv "${_inetcnf_tmp}" "${_inetcnf}" 236 if mv "${_inetcnf_tmp}" "${_inetcnf}"
237 then 237 then
238 csih_inform "Removed sshd from ${_inetcnf}" 238 csih_inform "Removed sshd from ${_inetcnf}"
239 else 239 else
240 csih_warning "Removing sshd from ${_inetcnf} failed!" 240 csih_warning "Removing sshd from ${_inetcnf} failed!"
241 fi 241 fi
242 rm -f "${_inetcnf_tmp}" 242 rm -f "${_inetcnf_tmp}"
243 else 243 else
244 csih_warning "Removing sshd from ${_inetcnf} failed!" 244 csih_warning "Removing sshd from ${_inetcnf} failed!"
245 fi 245 fi
246 fi 246 fi
247 247
248 # Add ssh line to inetd.conf 248 # Add ssh line to inetd.conf
249 if [ `grep -q '^[# \t]*ssh' "${_inetcnf}"; echo $?` -ne 0 ] 249 if [ `grep -q '^[# \t]*ssh' "${_inetcnf}"; echo $?` -ne 0 ]
250 then 250 then
251 if [ "${_with_comment}" -eq 0 ] 251 if [ "${_with_comment}" -eq 0 ]
252 then 252 then
253 echo 'ssh stream tcp nowait root /usr/sbin/sshd sshd -i' >> "${_inetcnf}" 253 echo 'ssh stream tcp nowait root /usr/sbin/sshd sshd -i' >> "${_inetcnf}"
254 else 254 else
255 echo '# ssh stream tcp nowait root /usr/sbin/sshd sshd -i' >> "${_inetcnf}" 255 echo '# ssh stream tcp nowait root /usr/sbin/sshd sshd -i' >> "${_inetcnf}"
256 fi 256 fi
257 csih_inform "Added ssh to ${_inetcnf}" 257 csih_inform "Added ssh to ${_inetcnf}"
258 fi 258 fi
@@ -278,80 +278,83 @@ install_service() {
278 echo -e "${_csih_QUERY_STR} Do you want to install sshd as a service?" 278 echo -e "${_csih_QUERY_STR} Do you want to install sshd as a service?"
279 if csih_request "(Say \"no\" if it is already installed as a service)" 279 if csih_request "(Say \"no\" if it is already installed as a service)"
280 then 280 then
281 csih_inform "Note that the CYGWIN variable must contain at least \"ntsec\"" 281 csih_get_cygenv "${cygwin_value}"
282 csih_inform "for sshd to be able to change user context without password." 282
283 csih_get_cygenv "${cygwin_value}" 283 if ( csih_is_nt2003 || [ "$csih_FORCE_PRIVILEGED_USER" = "yes" ] )
284 284 then
285 if ( csih_is_nt2003 || [ "$csih_FORCE_PRIVILEGED_USER" = "yes" ] ) 285 csih_inform "On Windows Server 2003, Windows Vista, and above, the"
286 then 286 csih_inform "SYSTEM account cannot setuid to other users -- a capability"
287 csih_inform "On Windows Server 2003, Windows Vista, and above, the" 287 csih_inform "sshd requires. You need to have or to create a privileged"
288 csih_inform "SYSTEM account cannot setuid to other users -- a capability" 288 csih_inform "account. This script will help you do so."
289 csih_inform "sshd requires. You need to have or to create a privileged" 289 echo
290 csih_inform "account. This script will help you do so." 290 if ! csih_create_privileged_user "${password_value}"
291 echo 291 then
292 if ! csih_create_privileged_user "${password_value}" 292 csih_error_recoverable "There was a serious problem creating a privileged user."
293 then 293 csih_request "Do you want to proceed anyway?" || exit 1
294 csih_error_recoverable "There was a serious problem creating a privileged user." 294 fi
295 csih_request "Do you want to proceed anyway?" || exit 1 295 fi
296 fi 296
297 fi 297 # never returns empty if NT or above
298 298 run_service_as=$(csih_service_should_run_as)
299 # never returns empty if NT or above 299
300 run_service_as=$(csih_service_should_run_as) 300 if [ "${run_service_as}" = "${csih_PRIVILEGED_USERNAME}" ]
301 301 then
302 if [ "${run_service_as}" = "${csih_PRIVILEGED_USERNAME}" ] 302 password="${csih_PRIVILEGED_PASSWORD}"
303 then 303 if [ -z "${password}" ]
304 password="${csih_PRIVILEGED_PASSWORD}" 304 then
305 if [ -z "${password}" ] 305 csih_get_value "Please enter the password for user '${run_service_as}':" "-s"
306 then 306 password="${csih_value}"
307 csih_get_value "Please enter the password for user '${run_service_as}':" "-s" 307 fi
308 password="${csih_value}" 308 fi
309 fi 309
310 fi 310 # at this point, we either have $run_service_as = "system" and $password is empty,
311 311 # or $run_service_as is some privileged user and (hopefully) $password contains
312 # at this point, we either have $run_service_as = "system" and $password is empty, 312 # the correct password. So, from here out, we use '-z "${password}"' to discriminate
313 # or $run_service_as is some privileged user and (hopefully) $password contains 313 # the two cases.
314 # the correct password. So, from here out, we use '-z "${password}"' to discriminate 314
315 # the two cases. 315 csih_check_user "${run_service_as}"
316 316
317 csih_check_user "${run_service_as}" 317 if [ -n "${csih_cygenv}" ]
318 318 then
319 if [ -z "${password}" ] 319 cygwin_env="-e CYGWIN=\"${csih_cygenv}\""
320 then 320 fi
321 if cygrunsrv -I sshd -d "CYGWIN sshd" -p /usr/sbin/sshd -a "-D" -y tcpip \ 321 if [ -z "${password}" ]
322 -e CYGWIN="${csih_cygenv}" 322 then
323 then 323 if eval cygrunsrv -I sshd -d \"CYGWIN sshd\" -p /usr/sbin/sshd \
324 echo 324 -a "-D" -y tcpip ${cygwin_env}
325 csih_inform "The sshd service has been installed under the LocalSystem" 325 then
326 csih_inform "account (also known as SYSTEM). To start the service now, call" 326 echo
327 csih_inform "\`net start sshd' or \`cygrunsrv -S sshd'. Otherwise, it" 327 csih_inform "The sshd service has been installed under the LocalSystem"
328 csih_inform "will start automatically after the next reboot." 328 csih_inform "account (also known as SYSTEM). To start the service now, call"
329 fi 329 csih_inform "\`net start sshd' or \`cygrunsrv -S sshd'. Otherwise, it"
330 else 330 csih_inform "will start automatically after the next reboot."
331 if cygrunsrv -I sshd -d "CYGWIN sshd" -p /usr/sbin/sshd -a "-D" -y tcpip \ 331 fi
332 -e CYGWIN="${csih_cygenv}" -u "${run_service_as}" -w "${password}" 332 else
333 then 333 if eval cygrunsrv -I sshd -d \"CYGWIN sshd\" -p /usr/sbin/sshd \
334 -a "-D" -y tcpip ${cygwin_env} \
335 -u "${run_service_as}" -w "${password}"
336 then
334 echo 337 echo
335 csih_inform "The sshd service has been installed under the '${run_service_as}'" 338 csih_inform "The sshd service has been installed under the '${run_service_as}'"
336 csih_inform "account. To start the service now, call \`net start sshd' or" 339 csih_inform "account. To start the service now, call \`net start sshd' or"
337 csih_inform "\`cygrunsrv -S sshd'. Otherwise, it will start automatically" 340 csih_inform "\`cygrunsrv -S sshd'. Otherwise, it will start automatically"
338 csih_inform "after the next reboot." 341 csih_inform "after the next reboot."
339 fi 342 fi
340 fi 343 fi
341 344
342 # now, if successfully installed, set ownership of the affected files 345 # now, if successfully installed, set ownership of the affected files
343 if cygrunsrv -Q sshd >/dev/null 2>&1 346 if cygrunsrv -Q sshd >/dev/null 2>&1
344 then 347 then
345 chown "${run_service_as}" ${SYSCONFDIR}/ssh* 348 chown "${run_service_as}" ${SYSCONFDIR}/ssh*
346 chown "${run_service_as}".544 ${LOCALSTATEDIR}/empty 349 chown "${run_service_as}".544 ${LOCALSTATEDIR}/empty
347 chown "${run_service_as}".544 ${LOCALSTATEDIR}/log/lastlog 350 chown "${run_service_as}".544 ${LOCALSTATEDIR}/log/lastlog
348 if [ -f ${LOCALSTATEDIR}/log/sshd.log ] 351 if [ -f ${LOCALSTATEDIR}/log/sshd.log ]
349 then 352 then
350 chown "${run_service_as}".544 ${LOCALSTATEDIR}/log/sshd.log 353 chown "${run_service_as}".544 ${LOCALSTATEDIR}/log/sshd.log
351 fi 354 fi
352 else 355 else
353 csih_warning "Something went wrong installing the sshd service." 356 csih_warning "Something went wrong installing the sshd service."
354 fi 357 fi
355 fi # user allowed us to install as service 358 fi # user allowed us to install as service
356 fi # service not yet installed 359 fi # service not yet installed
357 fi # csih_is_nt 360 fi # csih_is_nt
@@ -456,7 +459,7 @@ done
456 459
457# Check for running ssh/sshd processes first. Refuse to do anything while 460# Check for running ssh/sshd processes first. Refuse to do anything while
458# some ssh processes are still running 461# some ssh processes are still running
459if ps -ef | grep -v grep | grep -q ssh 462if ps -ef | grep -q '/sshd\?$'
460then 463then
461 echo 464 echo
462 csih_error "There are still ssh processes running. Please shut them down first." 465 csih_error "There are still ssh processes running. Please shut them down first."
@@ -475,9 +478,9 @@ setfacl -m u:system:rwx "${LOCALSTATEDIR}/log"
475# Create /var/log/lastlog if not already exists 478# Create /var/log/lastlog if not already exists
476if [ -e ${LOCALSTATEDIR}/log/lastlog -a ! -f ${LOCALSTATEDIR}/log/lastlog ] 479if [ -e ${LOCALSTATEDIR}/log/lastlog -a ! -f ${LOCALSTATEDIR}/log/lastlog ]
477then 480then
478 echo 481 echo
479 csih_error_multi "${LOCALSTATEDIR}/log/lastlog exists, but is not a file." \ 482 csih_error_multi "${LOCALSTATEDIR}/log/lastlog exists, but is not a file." \
480 "Cannot create ssh host configuration." 483 "Cannot create ssh host configuration."
481fi 484fi
482if [ ! -e ${LOCALSTATEDIR}/log/lastlog ] 485if [ ! -e ${LOCALSTATEDIR}/log/lastlog ]
483then 486then
@@ -520,7 +523,7 @@ sshd_privsep
520 523
521 524
522 525
523update_services_file 526update_services_file
524update_inetd_conf 527update_inetd_conf
525install_service 528install_service
526 529
diff --git a/contrib/redhat/openssh.spec b/contrib/redhat/openssh.spec
index bb9e4d616..10bdc1989 100644
--- a/contrib/redhat/openssh.spec
+++ b/contrib/redhat/openssh.spec
@@ -1,4 +1,4 @@
1%define ver 5.1p1 1%define ver 5.2p1
2%define rel 1 2%define rel 1
3 3
4# OpenSSH privilege separation requires a user & group ID 4# OpenSSH privilege separation requires a user & group ID
@@ -333,7 +333,7 @@ fi
333 333
334%files 334%files
335%defattr(-,root,root) 335%defattr(-,root,root)
336%doc CREDITS ChangeLog INSTALL LICENCE OVERVIEW README* RFC* TODO WARNING* 336%doc CREDITS ChangeLog INSTALL LICENCE OVERVIEW README* PROTOCOL* TODO WARNING*
337%attr(0755,root,root) %{_bindir}/scp 337%attr(0755,root,root) %{_bindir}/scp
338%attr(0644,root,root) %{_mandir}/man1/scp.1* 338%attr(0644,root,root) %{_mandir}/man1/scp.1*
339%attr(0755,root,root) %dir %{_sysconfdir}/ssh 339%attr(0755,root,root) %dir %{_sysconfdir}/ssh
diff --git a/contrib/redhat/sshd.pam b/contrib/redhat/sshd.pam
index e48607766..ffa5adbe5 100644
--- a/contrib/redhat/sshd.pam
+++ b/contrib/redhat/sshd.pam
@@ -1,6 +1,6 @@
1#%PAM-1.0 1#%PAM-1.0
2auth required pam_stack.so service=system-auth 2auth required pam_stack.so service=system-auth
3auth required pam_nologin.so 3account required pam_nologin.so
4account required pam_stack.so service=system-auth 4account required pam_stack.so service=system-auth
5password required pam_stack.so service=system-auth 5password required pam_stack.so service=system-auth
6session required pam_stack.so service=system-auth 6session required pam_stack.so service=system-auth
diff --git a/contrib/sshd.pam.generic b/contrib/sshd.pam.generic
index cf5af3024..215f0fe30 100644
--- a/contrib/sshd.pam.generic
+++ b/contrib/sshd.pam.generic
@@ -1,6 +1,6 @@
1#%PAM-1.0 1#%PAM-1.0
2auth required /lib/security/pam_unix.so shadow nodelay 2auth required /lib/security/pam_unix.so shadow nodelay
3auth required /lib/security/pam_nologin.so 3account required /lib/security/pam_nologin.so
4account required /lib/security/pam_unix.so 4account required /lib/security/pam_unix.so
5password required /lib/security/pam_cracklib.so 5password required /lib/security/pam_cracklib.so
6password required /lib/security/pam_unix.so shadow nullok use_authtok 6password required /lib/security/pam_unix.so shadow nullok use_authtok
diff --git a/contrib/suse/openssh.spec b/contrib/suse/openssh.spec
index 7bd9e0569..62f43e137 100644
--- a/contrib/suse/openssh.spec
+++ b/contrib/suse/openssh.spec
@@ -13,7 +13,7 @@
13 13
14Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation 14Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation
15Name: openssh 15Name: openssh
16Version: 5.1p1 16Version: 5.2p1
17URL: http://www.openssh.com/ 17URL: http://www.openssh.com/
18Release: 1 18Release: 1
19Source0: openssh-%{version}.tar.gz 19Source0: openssh-%{version}.tar.gz
@@ -200,7 +200,7 @@ fi
200 200
201%files 201%files
202%defattr(-,root,root) 202%defattr(-,root,root)
203%doc ChangeLog OVERVIEW README* 203%doc ChangeLog OVERVIEW README* PROTOCOL*
204%doc TODO CREDITS LICENCE 204%doc TODO CREDITS LICENCE
205%attr(0755,root,root) %dir %{_sysconfdir}/ssh 205%attr(0755,root,root) %dir %{_sysconfdir}/ssh
206%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ssh_config 206%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ssh_config
diff --git a/contrib/suse/rc.sshd b/contrib/suse/rc.sshd
index 573960bfa..4d4880d7e 100644
--- a/contrib/suse/rc.sshd
+++ b/contrib/suse/rc.sshd
@@ -45,17 +45,17 @@ case "$1" in
45 start) 45 start)
46 if ! test -f /etc/ssh/ssh_host_key ; then 46 if ! test -f /etc/ssh/ssh_host_key ; then
47 echo Generating /etc/ssh/ssh_host_key. 47 echo Generating /etc/ssh/ssh_host_key.
48 ssh-keygen -t rsa1 -b 1024 -f /etc/ssh/ssh_host_key -N '' 48 ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key -N ''
49 fi 49 fi
50 if ! test -f /etc/ssh/ssh_host_dsa_key ; then 50 if ! test -f /etc/ssh/ssh_host_dsa_key ; then
51 echo Generating /etc/ssh/ssh_host_dsa_key. 51 echo Generating /etc/ssh/ssh_host_dsa_key.
52 52
53 ssh-keygen -t dsa -b 1024 -f /etc/ssh/ssh_host_dsa_key -N '' 53 ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N ''
54 fi 54 fi
55 if ! test -f /etc/ssh/ssh_host_rsa_key ; then 55 if ! test -f /etc/ssh/ssh_host_rsa_key ; then
56 echo Generating /etc/ssh/ssh_host_rsa_key. 56 echo Generating /etc/ssh/ssh_host_rsa_key.
57 57
58 ssh-keygen -t rsa -b 1024 -f /etc/ssh/ssh_host_rsa_key -N '' 58 ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''
59 fi 59 fi
60 echo -n "Starting SSH daemon" 60 echo -n "Starting SSH daemon"
61 ## Start daemon with startproc(8). If this fails 61 ## Start daemon with startproc(8). If this fails
diff --git a/debian/changelog b/debian/changelog
index eaab6b72b..a057465b2 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,5 +1,32 @@
1openssh (1:5.1p1-9) UNRELEASED; urgency=low 1openssh (1:5.2p1-1) UNRELEASED; urgency=low
2 2
3 * New upstream release (closes: #536182). Yes, I know 5.3p1 has been out
4 for a while, but there's no GSSAPI patch available for it yet.
5 - Change the default cipher order to prefer the AES CTR modes and the
6 revised "arcfour256" mode to CBC mode ciphers that are susceptible to
7 CPNI-957037 "Plaintext Recovery Attack Against SSH".
8 - Add countermeasures to mitigate CPNI-957037-style attacks against the
9 SSH protocol's use of CBC-mode ciphers. Upon detection of an invalid
10 packet length or Message Authentication Code, ssh/sshd will continue
11 reading up to the maximum supported packet length rather than
12 immediately terminating the connection. This eliminates most of the
13 known differences in behaviour that leaked information about the
14 plaintext of injected data which formed the basis of this attack
15 (closes: #506115, LP: #379329).
16 - ForceCommand directive now accepts commandline arguments for the
17 internal-sftp server (closes: #524423, LP: #362511).
18 - Add AllowAgentForwarding to available Match keywords list (closes:
19 #540623).
20 - Make ssh(1) send the correct channel number for
21 SSH2_MSG_CHANNEL_SUCCESS and SSH2_MSG_CHANNEL_FAILURE messages to
22 avoid triggering 'Non-public channel' error messages on sshd(8) in
23 openssh-5.1.
24 - Avoid printing 'Non-public channel' warnings in sshd(8), since the
25 ssh(1) has sent incorrect channel numbers since ~2004 (this reverts a
26 behaviour introduced in openssh-5.1; closes: #496017).
27 * Update to GSSAPI patch from
28 http://www.sxw.org.uk/computing/patches/openssh-5.2p1-gsskex-all-20090726.patch,
29 including cascading credentials support (LP: #416958).
3 * Use x11.pc when compiling/linking gnome-ssh-askpass2 (closes: #555951). 30 * Use x11.pc when compiling/linking gnome-ssh-askpass2 (closes: #555951).
4 * Moved to bzr.debian.org; add Vcs-Bzr and Vcs-Browser control fields. 31 * Moved to bzr.debian.org; add Vcs-Bzr and Vcs-Browser control fields.
5 * Add debian/README.source with instructions on bzr handling. 32 * Add debian/README.source with instructions on bzr handling.
diff --git a/defines.h b/defines.h
index a8203ebbb..536ec4978 100644
--- a/defines.h
+++ b/defines.h
@@ -25,7 +25,7 @@
25#ifndef _DEFINES_H 25#ifndef _DEFINES_H
26#define _DEFINES_H 26#define _DEFINES_H
27 27
28/* $Id: defines.h,v 1.151 2008/07/04 13:10:49 djm Exp $ */ 28/* $Id: defines.h,v 1.153 2009/02/01 11:19:54 dtucker Exp $ */
29 29
30 30
31/* Constants */ 31/* Constants */
@@ -698,7 +698,7 @@ struct winsize {
698# define CUSTOM_SYS_AUTH_PASSWD 1 698# define CUSTOM_SYS_AUTH_PASSWD 1
699#endif 699#endif
700 700
701#if defined(HAVE_LIBIAF) && defined(HAVE_SET_ID) 701#if defined(HAVE_LIBIAF) && defined(HAVE_SET_ID) && !defined(HAVE_SECUREWARE)
702# define CUSTOM_SYS_AUTH_PASSWD 1 702# define CUSTOM_SYS_AUTH_PASSWD 1
703#endif 703#endif
704#if defined(HAVE_LIBIAF) && defined(HAVE_SET_ID) && !defined(BROKEN_LIBIAF) 704#if defined(HAVE_LIBIAF) && defined(HAVE_SET_ID) && !defined(BROKEN_LIBIAF)
@@ -738,4 +738,8 @@ struct winsize {
738# define EWOULDBLOCK EAGAIN 738# define EWOULDBLOCK EAGAIN
739#endif 739#endif
740 740
741#ifndef INET6_ADDRSTRLEN /* for non IPv6 machines */
742#define INET6_ADDRSTRLEN 46
743#endif
744
741#endif /* _DEFINES_H */ 745#endif /* _DEFINES_H */
diff --git a/dispatch.c b/dispatch.c
index d6b63be4b..64bb80947 100644
--- a/dispatch.c
+++ b/dispatch.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dispatch.c,v 1.21 2006/08/03 03:34:42 deraadt Exp $ */ 1/* $OpenBSD: dispatch.c,v 1.22 2008/10/31 15:05:34 stevesk Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * 4 *
@@ -37,7 +37,6 @@
37#include "packet.h" 37#include "packet.h"
38#include "compat.h" 38#include "compat.h"
39 39
40#define DISPATCH_MIN 0
41#define DISPATCH_MAX 255 40#define DISPATCH_MAX 255
42 41
43dispatch_fn *dispatch[DISPATCH_MAX]; 42dispatch_fn *dispatch[DISPATCH_MAX];
diff --git a/gss-genr.c b/gss-genr.c
index 822a08212..c51fa727d 100644
--- a/gss-genr.c
+++ b/gss-genr.c
@@ -1,7 +1,7 @@
1/* $OpenBSD: gss-genr.c,v 1.19 2007/06/12 11:56:15 dtucker Exp $ */ 1/* $OpenBSD: gss-genr.c,v 1.19 2007/06/12 11:56:15 dtucker Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2001-2007 Simon Wilkinson. All rights reserved. 4 * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved.
5 * 5 *
6 * Redistribution and use in source and binary forms, with or without 6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions 7 * modification, are permitted provided that the following conditions
@@ -76,19 +76,20 @@ ssh_gssapi_oid_table_ok() {
76 */ 76 */
77 77
78char * 78char *
79ssh_gssapi_client_mechanisms(const char *host) { 79ssh_gssapi_client_mechanisms(const char *host, const char *client) {
80 gss_OID_set gss_supported; 80 gss_OID_set gss_supported;
81 OM_uint32 min_status; 81 OM_uint32 min_status;
82 82
83 gss_indicate_mechs(&min_status, &gss_supported); 83 if (GSS_ERROR(gss_indicate_mechs(&min_status, &gss_supported)))
84 return NULL;
84 85
85 return(ssh_gssapi_kex_mechs(gss_supported, ssh_gssapi_check_mechanism, 86 return(ssh_gssapi_kex_mechs(gss_supported, ssh_gssapi_check_mechanism,
86 host)); 87 host, client));
87} 88}
88 89
89char * 90char *
90ssh_gssapi_kex_mechs(gss_OID_set gss_supported, ssh_gssapi_check_fn *check, 91ssh_gssapi_kex_mechs(gss_OID_set gss_supported, ssh_gssapi_check_fn *check,
91 const char *data) { 92 const char *host, const char *client) {
92 Buffer buf; 93 Buffer buf;
93 size_t i; 94 size_t i;
94 int oidpos, enclen; 95 int oidpos, enclen;
@@ -112,7 +113,7 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_supported, ssh_gssapi_check_fn *check,
112 oidpos = 0; 113 oidpos = 0;
113 for (i = 0; i < gss_supported->count; i++) { 114 for (i = 0; i < gss_supported->count; i++) {
114 if (gss_supported->elements[i].length < 128 && 115 if (gss_supported->elements[i].length < 128 &&
115 (*check)(NULL, &(gss_supported->elements[i]), data)) { 116 (*check)(NULL, &(gss_supported->elements[i]), host, client)) {
116 117
117 deroid[0] = SSH_GSS_OIDTYPE; 118 deroid[0] = SSH_GSS_OIDTYPE;
118 deroid[1] = gss_supported->elements[i].length; 119 deroid[1] = gss_supported->elements[i].length;
@@ -171,12 +172,18 @@ ssh_gssapi_id_kex(Gssctxt *ctx, char *name, int kex_type) {
171 172
172 switch (kex_type) { 173 switch (kex_type) {
173 case KEX_GSS_GRP1_SHA1: 174 case KEX_GSS_GRP1_SHA1:
175 if (strlen(name) < sizeof(KEX_GSS_GRP1_SHA1_ID))
176 return GSS_C_NO_OID;
174 name += sizeof(KEX_GSS_GRP1_SHA1_ID) - 1; 177 name += sizeof(KEX_GSS_GRP1_SHA1_ID) - 1;
175 break; 178 break;
176 case KEX_GSS_GRP14_SHA1: 179 case KEX_GSS_GRP14_SHA1:
180 if (strlen(name) < sizeof(KEX_GSS_GRP14_SHA1_ID))
181 return GSS_C_NO_OID;
177 name += sizeof(KEX_GSS_GRP14_SHA1_ID) - 1; 182 name += sizeof(KEX_GSS_GRP14_SHA1_ID) - 1;
178 break; 183 break;
179 case KEX_GSS_GEX_SHA1: 184 case KEX_GSS_GEX_SHA1:
185 if (strlen(name) < sizeof(KEX_GSS_GEX_SHA1_ID))
186 return GSS_C_NO_OID;
180 name += sizeof(KEX_GSS_GEX_SHA1_ID) - 1; 187 name += sizeof(KEX_GSS_GEX_SHA1_ID) - 1;
181 break; 188 break;
182 default: 189 default:
@@ -345,7 +352,7 @@ ssh_gssapi_init_ctx(Gssctxt *ctx, int deleg_creds, gss_buffer_desc *recv_tok,
345 } 352 }
346 353
347 ctx->major = gss_init_sec_context(&ctx->minor, 354 ctx->major = gss_init_sec_context(&ctx->minor,
348 GSS_C_NO_CREDENTIAL, &ctx->context, ctx->name, ctx->oid, 355 ctx->client_creds, &ctx->context, ctx->name, ctx->oid,
349 GSS_C_MUTUAL_FLAG | GSS_C_INTEG_FLAG | deleg_flag, 356 GSS_C_MUTUAL_FLAG | GSS_C_INTEG_FLAG | deleg_flag,
350 0, NULL, recv_tok, NULL, send_tok, flags, NULL); 357 0, NULL, recv_tok, NULL, send_tok, flags, NULL);
351 358
@@ -375,6 +382,37 @@ ssh_gssapi_import_name(Gssctxt *ctx, const char *host)
375} 382}
376 383
377OM_uint32 384OM_uint32
385ssh_gssapi_client_identity(Gssctxt *ctx, const char *name)
386{
387 gss_buffer_desc gssbuf;
388 gss_name_t gssname;
389 OM_uint32 status;
390 gss_OID_set oidset;
391
392 gssbuf.value = (void *) name;
393 gssbuf.length = strlen(gssbuf.value);
394
395 gss_create_empty_oid_set(&status, &oidset);
396 gss_add_oid_set_member(&status, ctx->oid, &oidset);
397
398 ctx->major = gss_import_name(&ctx->minor, &gssbuf,
399 GSS_C_NT_USER_NAME, &gssname);
400
401 if (!ctx->major)
402 ctx->major = gss_acquire_cred(&ctx->minor,
403 gssname, 0, oidset, GSS_C_INITIATE,
404 &ctx->client_creds, NULL, NULL);
405
406 gss_release_name(&status, &gssname);
407 gss_release_oid_set(&status, &oidset);
408
409 if (ctx->major)
410 ssh_gssapi_error(ctx);
411
412 return(ctx->major);
413}
414
415OM_uint32
378ssh_gssapi_sign(Gssctxt *ctx, gss_buffer_t buffer, gss_buffer_t hash) 416ssh_gssapi_sign(Gssctxt *ctx, gss_buffer_t buffer, gss_buffer_t hash)
379{ 417{
380 if (ctx == NULL) 418 if (ctx == NULL)
@@ -413,7 +451,8 @@ ssh_gssapi_buildmic(Buffer *b, const char *user, const char *service,
413} 451}
414 452
415int 453int
416ssh_gssapi_check_mechanism(Gssctxt **ctx, gss_OID oid, const char *host) 454ssh_gssapi_check_mechanism(Gssctxt **ctx, gss_OID oid, const char *host,
455 const char *client)
417{ 456{
418 gss_buffer_desc token = GSS_C_EMPTY_BUFFER; 457 gss_buffer_desc token = GSS_C_EMPTY_BUFFER;
419 OM_uint32 major, minor; 458 OM_uint32 major, minor;
@@ -431,6 +470,10 @@ ssh_gssapi_check_mechanism(Gssctxt **ctx, gss_OID oid, const char *host)
431 ssh_gssapi_build_ctx(ctx); 470 ssh_gssapi_build_ctx(ctx);
432 ssh_gssapi_set_oid(*ctx, oid); 471 ssh_gssapi_set_oid(*ctx, oid);
433 major = ssh_gssapi_import_name(*ctx, host); 472 major = ssh_gssapi_import_name(*ctx, host);
473
474 if (!GSS_ERROR(major) && client)
475 major = ssh_gssapi_client_identity(*ctx, client);
476
434 if (!GSS_ERROR(major)) { 477 if (!GSS_ERROR(major)) {
435 major = ssh_gssapi_init_ctx(*ctx, 0, GSS_C_NO_BUFFER, &token, 478 major = ssh_gssapi_init_ctx(*ctx, 0, GSS_C_NO_BUFFER, &token,
436 NULL); 479 NULL);
@@ -446,4 +489,61 @@ ssh_gssapi_check_mechanism(Gssctxt **ctx, gss_OID oid, const char *host)
446 return (!GSS_ERROR(major)); 489 return (!GSS_ERROR(major));
447} 490}
448 491
492int
493ssh_gssapi_credentials_updated(Gssctxt *ctxt) {
494 static gss_name_t saved_name = GSS_C_NO_NAME;
495 static OM_uint32 saved_lifetime = 0;
496 static gss_OID saved_mech = GSS_C_NO_OID;
497 static gss_name_t name;
498 static OM_uint32 last_call = 0;
499 OM_uint32 lifetime, now, major, minor;
500 int equal;
501 gss_cred_usage_t usage = GSS_C_INITIATE;
502
503 now = time(NULL);
504
505 if (ctxt) {
506 debug("Rekey has happened - updating saved versions");
507
508 if (saved_name != GSS_C_NO_NAME)
509 gss_release_name(&minor, &saved_name);
510
511 major = gss_inquire_cred(&minor, GSS_C_NO_CREDENTIAL,
512 &saved_name, &saved_lifetime, NULL, NULL);
513
514 if (!GSS_ERROR(major)) {
515 saved_mech = ctxt->oid;
516 saved_lifetime+= now;
517 } else {
518 /* Handle the error */
519 }
520 return 0;
521 }
522
523 if (now - last_call < 10)
524 return 0;
525
526 last_call = now;
527
528 if (saved_mech == GSS_C_NO_OID)
529 return 0;
530
531 major = gss_inquire_cred(&minor, GSS_C_NO_CREDENTIAL,
532 &name, &lifetime, NULL, NULL);
533 if (major == GSS_S_CREDENTIALS_EXPIRED)
534 return 0;
535 else if (GSS_ERROR(major))
536 return 0;
537
538 major = gss_compare_name(&minor, saved_name, name, &equal);
539 gss_release_name(&minor, &name);
540 if (GSS_ERROR(major))
541 return 0;
542
543 if (equal && (saved_lifetime < lifetime + now - 10))
544 return 1;
545
546 return 0;
547}
548
449#endif /* GSSAPI */ 549#endif /* GSSAPI */
diff --git a/gss-serv-krb5.c b/gss-serv-krb5.c
index b400081f6..e7170ee41 100644
--- a/gss-serv-krb5.c
+++ b/gss-serv-krb5.c
@@ -1,7 +1,7 @@
1/* $OpenBSD: gss-serv-krb5.c,v 1.7 2006/08/03 03:34:42 deraadt Exp $ */ 1/* $OpenBSD: gss-serv-krb5.c,v 1.7 2006/08/03 03:34:42 deraadt Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. 4 * Copyright (c) 2001-2007 Simon Wilkinson. All rights reserved.
5 * 5 *
6 * Redistribution and use in source and binary forms, with or without 6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions 7 * modification, are permitted provided that the following conditions
@@ -190,6 +190,71 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client)
190 return; 190 return;
191} 191}
192 192
193int
194ssh_gssapi_krb5_updatecreds(ssh_gssapi_ccache *store,
195 ssh_gssapi_client *client)
196{
197 krb5_ccache ccache = NULL;
198 krb5_principal principal = NULL;
199 char *name = NULL;
200 krb5_error_code problem;
201 OM_uint32 maj_status, min_status;
202
203 if ((problem = krb5_cc_resolve(krb_context, store->envval, &ccache))) {
204 logit("krb5_cc_resolve(): %.100s",
205 krb5_get_err_text(krb_context, problem));
206 return 0;
207 }
208
209 /* Find out who the principal in this cache is */
210 if ((problem = krb5_cc_get_principal(krb_context, ccache,
211 &principal))) {
212 logit("krb5_cc_get_principal(): %.100s",
213 krb5_get_err_text(krb_context, problem));
214 krb5_cc_close(krb_context, ccache);
215 return 0;
216 }
217
218 if ((problem = krb5_unparse_name(krb_context, principal, &name))) {
219 logit("krb5_unparse_name(): %.100s",
220 krb5_get_err_text(krb_context, problem));
221 krb5_free_principal(krb_context, principal);
222 krb5_cc_close(krb_context, ccache);
223 return 0;
224 }
225
226
227 if (strcmp(name,client->exportedname.value)!=0) {
228 debug("Name in local credentials cache differs. Not storing");
229 krb5_free_principal(krb_context, principal);
230 krb5_cc_close(krb_context, ccache);
231 krb5_free_unparsed_name(krb_context, name);
232 return 0;
233 }
234 krb5_free_unparsed_name(krb_context, name);
235
236 /* Name matches, so lets get on with it! */
237
238 if ((problem = krb5_cc_initialize(krb_context, ccache, principal))) {
239 logit("krb5_cc_initialize(): %.100s",
240 krb5_get_err_text(krb_context, problem));
241 krb5_free_principal(krb_context, principal);
242 krb5_cc_close(krb_context, ccache);
243 return 0;
244 }
245
246 krb5_free_principal(krb_context, principal);
247
248 if ((maj_status = gss_krb5_copy_ccache(&min_status, client->creds,
249 ccache))) {
250 logit("gss_krb5_copy_ccache() failed. Sorry!");
251 krb5_cc_close(krb_context, ccache);
252 return 0;
253 }
254
255 return 1;
256}
257
193ssh_gssapi_mech gssapi_kerberos_mech = { 258ssh_gssapi_mech gssapi_kerberos_mech = {
194 "toWM5Slw5Ew8Mqkay+al2g==", 259 "toWM5Slw5Ew8Mqkay+al2g==",
195 "Kerberos", 260 "Kerberos",
@@ -197,7 +262,8 @@ ssh_gssapi_mech gssapi_kerberos_mech = {
197 NULL, 262 NULL,
198 &ssh_gssapi_krb5_userok, 263 &ssh_gssapi_krb5_userok,
199 NULL, 264 NULL,
200 &ssh_gssapi_krb5_storecreds 265 &ssh_gssapi_krb5_storecreds,
266 &ssh_gssapi_krb5_updatecreds
201}; 267};
202 268
203#endif /* KRB5 */ 269#endif /* KRB5 */
diff --git a/gss-serv.c b/gss-serv.c
index 9227b797c..365e48d88 100644
--- a/gss-serv.c
+++ b/gss-serv.c
@@ -1,7 +1,7 @@
1/* $OpenBSD: gss-serv.c,v 1.22 2008/05/08 12:02:23 djm Exp $ */ 1/* $OpenBSD: gss-serv.c,v 1.22 2008/05/08 12:02:23 djm Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2001-2008 Simon Wilkinson. All rights reserved. 4 * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved.
5 * 5 *
6 * Redistribution and use in source and binary forms, with or without 6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions 7 * modification, are permitted provided that the following conditions
@@ -46,6 +46,7 @@
46#include "session.h" 46#include "session.h"
47#include "misc.h" 47#include "misc.h"
48#include "servconf.h" 48#include "servconf.h"
49#include "uidswap.h"
49 50
50#include "ssh-gss.h" 51#include "ssh-gss.h"
51#include "monitor_wrap.h" 52#include "monitor_wrap.h"
@@ -54,10 +55,10 @@ extern ServerOptions options;
54 55
55static ssh_gssapi_client gssapi_client = 56static ssh_gssapi_client gssapi_client =
56 { GSS_C_EMPTY_BUFFER, GSS_C_EMPTY_BUFFER, 57 { GSS_C_EMPTY_BUFFER, GSS_C_EMPTY_BUFFER,
57 GSS_C_NO_CREDENTIAL, NULL, {NULL, NULL, NULL}}; 58 GSS_C_NO_CREDENTIAL, GSS_C_NO_NAME, NULL, {NULL, NULL, NULL}, 0, 0};
58 59
59ssh_gssapi_mech gssapi_null_mech = 60ssh_gssapi_mech gssapi_null_mech =
60 { NULL, NULL, {0, NULL}, NULL, NULL, NULL, NULL}; 61 { NULL, NULL, {0, NULL}, NULL, NULL, NULL, NULL, NULL};
61 62
62#ifdef KRB5 63#ifdef KRB5
63extern ssh_gssapi_mech gssapi_kerberos_mech; 64extern ssh_gssapi_mech gssapi_kerberos_mech;
@@ -131,12 +132,13 @@ ssh_gssapi_server_mechanisms() {
131 132
132 ssh_gssapi_supported_oids(&supported); 133 ssh_gssapi_supported_oids(&supported);
133 return (ssh_gssapi_kex_mechs(supported, &ssh_gssapi_server_check_mech, 134 return (ssh_gssapi_kex_mechs(supported, &ssh_gssapi_server_check_mech,
134 NULL)); 135 NULL, NULL));
135} 136}
136 137
137/* Unprivileged */ 138/* Unprivileged */
138int 139int
139ssh_gssapi_server_check_mech(Gssctxt **dum, gss_OID oid, const char *data) { 140ssh_gssapi_server_check_mech(Gssctxt **dum, gss_OID oid, const char *data,
141 const char *dummy) {
140 Gssctxt *ctx = NULL; 142 Gssctxt *ctx = NULL;
141 int res; 143 int res;
142 144
@@ -156,7 +158,9 @@ ssh_gssapi_supported_oids(gss_OID_set *oidset)
156 gss_OID_set supported; 158 gss_OID_set supported;
157 159
158 gss_create_empty_oid_set(&min_status, oidset); 160 gss_create_empty_oid_set(&min_status, oidset);
159 gss_indicate_mechs(&min_status, &supported); 161
162 if (GSS_ERROR(gss_indicate_mechs(&min_status, &supported)))
163 return;
160 164
161 while (supported_mechs[i]->name != NULL) { 165 while (supported_mechs[i]->name != NULL) {
162 if (GSS_ERROR(gss_test_oid_set_member(&min_status, 166 if (GSS_ERROR(gss_test_oid_set_member(&min_status,
@@ -280,8 +284,48 @@ OM_uint32
280ssh_gssapi_getclient(Gssctxt *ctx, ssh_gssapi_client *client) 284ssh_gssapi_getclient(Gssctxt *ctx, ssh_gssapi_client *client)
281{ 285{
282 int i = 0; 286 int i = 0;
287 int equal = 0;
288 gss_name_t new_name = GSS_C_NO_NAME;
289 gss_buffer_desc ename = GSS_C_EMPTY_BUFFER;
290
291 if (options.gss_store_rekey && client->used && ctx->client_creds) {
292 if (client->mech->oid.length != ctx->oid->length ||
293 (memcmp(client->mech->oid.elements,
294 ctx->oid->elements, ctx->oid->length) !=0)) {
295 debug("Rekeyed credentials have different mechanism");
296 return GSS_S_COMPLETE;
297 }
298
299 if ((ctx->major = gss_inquire_cred_by_mech(&ctx->minor,
300 ctx->client_creds, ctx->oid, &new_name,
301 NULL, NULL, NULL))) {
302 ssh_gssapi_error(ctx);
303 return (ctx->major);
304 }
305
306 ctx->major = gss_compare_name(&ctx->minor, client->name,
307 new_name, &equal);
308
309 if (GSS_ERROR(ctx->major)) {
310 ssh_gssapi_error(ctx);
311 return (ctx->major);
312 }
313
314 if (!equal) {
315 debug("Rekeyed credentials have different name");
316 return GSS_S_COMPLETE;
317 }
283 318
284 gss_buffer_desc ename; 319 debug("Marking rekeyed credentials for export");
320
321 gss_release_name(&ctx->minor, &client->name);
322 gss_release_cred(&ctx->minor, &client->creds);
323 client->name = new_name;
324 client->creds = ctx->client_creds;
325 ctx->client_creds = GSS_C_NO_CREDENTIAL;
326 client->updated = 1;
327 return GSS_S_COMPLETE;
328 }
285 329
286 client->mech = NULL; 330 client->mech = NULL;
287 331
@@ -296,6 +340,13 @@ ssh_gssapi_getclient(Gssctxt *ctx, ssh_gssapi_client *client)
296 if (client->mech == NULL) 340 if (client->mech == NULL)
297 return GSS_S_FAILURE; 341 return GSS_S_FAILURE;
298 342
343 if (ctx->client_creds &&
344 (ctx->major = gss_inquire_cred_by_mech(&ctx->minor,
345 ctx->client_creds, ctx->oid, &client->name, NULL, NULL, NULL))) {
346 ssh_gssapi_error(ctx);
347 return (ctx->major);
348 }
349
299 if ((ctx->major = gss_display_name(&ctx->minor, ctx->client, 350 if ((ctx->major = gss_display_name(&ctx->minor, ctx->client,
300 &client->displayname, NULL))) { 351 &client->displayname, NULL))) {
301 ssh_gssapi_error(ctx); 352 ssh_gssapi_error(ctx);
@@ -313,6 +364,8 @@ ssh_gssapi_getclient(Gssctxt *ctx, ssh_gssapi_client *client)
313 return (ctx->major); 364 return (ctx->major);
314 } 365 }
315 366
367 gss_release_buffer(&ctx->minor, &ename);
368
316 /* We can't copy this structure, so we just move the pointer to it */ 369 /* We can't copy this structure, so we just move the pointer to it */
317 client->creds = ctx->client_creds; 370 client->creds = ctx->client_creds;
318 ctx->client_creds = GSS_C_NO_CREDENTIAL; 371 ctx->client_creds = GSS_C_NO_CREDENTIAL;
@@ -360,7 +413,7 @@ ssh_gssapi_do_child(char ***envp, u_int *envsizep)
360 413
361/* Privileged */ 414/* Privileged */
362int 415int
363ssh_gssapi_userok(char *user) 416ssh_gssapi_userok(char *user, struct passwd *pw)
364{ 417{
365 OM_uint32 lmin; 418 OM_uint32 lmin;
366 419
@@ -370,9 +423,11 @@ ssh_gssapi_userok(char *user)
370 return 0; 423 return 0;
371 } 424 }
372 if (gssapi_client.mech && gssapi_client.mech->userok) 425 if (gssapi_client.mech && gssapi_client.mech->userok)
373 if ((*gssapi_client.mech->userok)(&gssapi_client, user)) 426 if ((*gssapi_client.mech->userok)(&gssapi_client, user)) {
427 gssapi_client.used = 1;
428 gssapi_client.store.owner = pw;
374 return 1; 429 return 1;
375 else { 430 } else {
376 /* Destroy delegated credentials if userok fails */ 431 /* Destroy delegated credentials if userok fails */
377 gss_release_buffer(&lmin, &gssapi_client.displayname); 432 gss_release_buffer(&lmin, &gssapi_client.displayname);
378 gss_release_buffer(&lmin, &gssapi_client.exportedname); 433 gss_release_buffer(&lmin, &gssapi_client.exportedname);
@@ -385,4 +440,90 @@ ssh_gssapi_userok(char *user)
385 return (0); 440 return (0);
386} 441}
387 442
443/* These bits are only used for rekeying. The unpriviledged child is running
444 * as the user, the monitor is root.
445 *
446 * In the child, we want to :
447 * *) Ask the monitor to store our credentials into the store we specify
448 * *) If it succeeds, maybe do a PAM update
449 */
450
451/* Stuff for PAM */
452
453#ifdef USE_PAM
454static int ssh_gssapi_simple_conv(int n, const struct pam_message **msg,
455 struct pam_response **resp, void *data)
456{
457 return (PAM_CONV_ERR);
458}
459#endif
460
461void
462ssh_gssapi_rekey_creds() {
463 int ok;
464 int ret;
465#ifdef USE_PAM
466 pam_handle_t *pamh = NULL;
467 struct pam_conv pamconv = {ssh_gssapi_simple_conv, NULL};
468 char *envstr;
469#endif
470
471 if (gssapi_client.store.filename == NULL &&
472 gssapi_client.store.envval == NULL &&
473 gssapi_client.store.envvar == NULL)
474 return;
475
476 ok = PRIVSEP(ssh_gssapi_update_creds(&gssapi_client.store));
477
478 if (!ok)
479 return;
480
481 debug("Rekeyed credentials stored successfully");
482
483 /* Actually managing to play with the ssh pam stack from here will
484 * be next to impossible. In any case, we may want different options
485 * for rekeying. So, use our own :)
486 */
487#ifdef USE_PAM
488 if (!use_privsep) {
489 debug("Not even going to try and do PAM with privsep disabled");
490 return;
491 }
492
493 ret = pam_start("sshd-rekey", gssapi_client.store.owner->pw_name,
494 &pamconv, &pamh);
495 if (ret)
496 return;
497
498 xasprintf(&envstr, "%s=%s", gssapi_client.store.envvar,
499 gssapi_client.store.envval);
500
501 ret = pam_putenv(pamh, envstr);
502 if (!ret)
503 pam_setcred(pamh, PAM_REINITIALIZE_CRED);
504 pam_end(pamh, PAM_SUCCESS);
505#endif
506}
507
508int
509ssh_gssapi_update_creds(ssh_gssapi_ccache *store) {
510 int ok = 0;
511
512 /* Check we've got credentials to store */
513 if (!gssapi_client.updated)
514 return 0;
515
516 gssapi_client.updated = 0;
517
518 temporarily_use_uid(gssapi_client.store.owner);
519 if (gssapi_client.mech && gssapi_client.mech->updatecreds)
520 ok = (*gssapi_client.mech->updatecreds)(store, &gssapi_client);
521 else
522 debug("No update function for this mechanism");
523
524 restore_uid();
525
526 return ok;
527}
528
388#endif 529#endif
diff --git a/jpake.c b/jpake.c
new file mode 100644
index 000000000..565f2e255
--- /dev/null
+++ b/jpake.c
@@ -0,0 +1,604 @@
1/* $OpenBSD: jpake.c,v 1.1 2008/11/04 08:22:12 djm Exp $ */
2/*
3 * Copyright (c) 2008 Damien Miller. All rights reserved.
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18/*
19 * Shared components of zero-knowledge password auth using J-PAKE protocol
20 * as described in:
21 *
22 * F. Hao, P. Ryan, "Password Authenticated Key Exchange by Juggling",
23 * 16th Workshop on Security Protocols, Cambridge, April 2008
24 *
25 * http://grouper.ieee.org/groups/1363/Research/contributions/hao-ryan-2008.pdf
26 */
27
28#include "includes.h"
29
30#include <sys/types.h>
31
32#include <stdio.h>
33#include <string.h>
34#include <stdarg.h>
35
36#include <openssl/bn.h>
37#include <openssl/evp.h>
38
39#include "xmalloc.h"
40#include "ssh2.h"
41#include "key.h"
42#include "hostfile.h"
43#include "auth.h"
44#include "buffer.h"
45#include "packet.h"
46#include "dispatch.h"
47#include "log.h"
48
49#include "jpake.h"
50
51#ifdef JPAKE
52
53/* RFC3526 group 5, 1536 bits */
54#define JPAKE_GROUP_G "2"
55#define JPAKE_GROUP_P \
56 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74" \
57 "020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F1437" \
58 "4FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" \
59 "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF05" \
60 "98DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB" \
61 "9ED529077096966D670C354E4ABC9804F1746C08CA237327FFFFFFFFFFFFFFFF"
62
63struct jpake_group *
64jpake_default_group(void)
65{
66 struct jpake_group *ret;
67
68 ret = xmalloc(sizeof(*ret));
69 ret->p = ret->q = ret->g = NULL;
70 if (BN_hex2bn(&ret->p, JPAKE_GROUP_P) == 0 ||
71 BN_hex2bn(&ret->g, JPAKE_GROUP_G) == 0)
72 fatal("%s: BN_hex2bn", __func__);
73 /* Subgroup order is p/2 (p is a safe prime) */
74 if ((ret->q = BN_new()) == NULL)
75 fatal("%s: BN_new", __func__);
76 if (BN_rshift1(ret->q, ret->p) != 1)
77 fatal("%s: BN_rshift1", __func__);
78
79 return ret;
80}
81
82/*
83 * Generate uniformly distributed random number in range (1, high).
84 * Return number on success, NULL on failure.
85 */
86BIGNUM *
87bn_rand_range_gt_one(const BIGNUM *high)
88{
89 BIGNUM *r, *tmp;
90 int success = -1;
91
92 if ((tmp = BN_new()) == NULL) {
93 error("%s: BN_new", __func__);
94 return NULL;
95 }
96 if ((r = BN_new()) == NULL) {
97 error("%s: BN_new failed", __func__);
98 goto out;
99 }
100 if (BN_set_word(tmp, 2) != 1) {
101 error("%s: BN_set_word(tmp, 2)", __func__);
102 goto out;
103 }
104 if (BN_sub(tmp, high, tmp) == -1) {
105 error("%s: BN_sub failed (tmp = high - 2)", __func__);
106 goto out;
107 }
108 if (BN_rand_range(r, tmp) == -1) {
109 error("%s: BN_rand_range failed", __func__);
110 goto out;
111 }
112 if (BN_set_word(tmp, 2) != 1) {
113 error("%s: BN_set_word(tmp, 2)", __func__);
114 goto out;
115 }
116 if (BN_add(r, r, tmp) == -1) {
117 error("%s: BN_add failed (r = r + 2)", __func__);
118 goto out;
119 }
120 success = 0;
121 out:
122 BN_clear_free(tmp);
123 if (success == 0)
124 return r;
125 BN_clear_free(r);
126 return NULL;
127}
128
129/*
130 * Hash contents of buffer 'b' with hash 'md'. Returns 0 on success,
131 * with digest via 'digestp' (caller to free) and length via 'lenp'.
132 * Returns -1 on failure.
133 */
134int
135hash_buffer(const u_char *buf, u_int len, const EVP_MD *md,
136 u_char **digestp, u_int *lenp)
137{
138 u_char digest[EVP_MAX_MD_SIZE];
139 u_int digest_len;
140 EVP_MD_CTX evp_md_ctx;
141 int success = -1;
142
143 EVP_MD_CTX_init(&evp_md_ctx);
144
145 if (EVP_DigestInit_ex(&evp_md_ctx, md, NULL) != 1) {
146 error("%s: EVP_DigestInit_ex", __func__);
147 goto out;
148 }
149 if (EVP_DigestUpdate(&evp_md_ctx, buf, len) != 1) {
150 error("%s: EVP_DigestUpdate", __func__);
151 goto out;
152 }
153 if (EVP_DigestFinal_ex(&evp_md_ctx, digest, &digest_len) != 1) {
154 error("%s: EVP_DigestFinal_ex", __func__);
155 goto out;
156 }
157 *digestp = xmalloc(digest_len);
158 *lenp = digest_len;
159 memcpy(*digestp, digest, *lenp);
160 success = 0;
161 out:
162 EVP_MD_CTX_cleanup(&evp_md_ctx);
163 bzero(digest, sizeof(digest));
164 digest_len = 0;
165 return success;
166}
167
168/* print formatted string followed by bignum */
169void
170jpake_debug3_bn(const BIGNUM *n, const char *fmt, ...)
171{
172 char *out, *h;
173 va_list args;
174
175 out = NULL;
176 va_start(args, fmt);
177 vasprintf(&out, fmt, args);
178 va_end(args);
179 if (out == NULL)
180 fatal("%s: vasprintf failed", __func__);
181
182 if (n == NULL)
183 debug3("%s(null)", out);
184 else {
185 h = BN_bn2hex(n);
186 debug3("%s0x%s", out, h);
187 free(h);
188 }
189 free(out);
190}
191
192/* print formatted string followed by buffer contents in hex */
193void
194jpake_debug3_buf(const u_char *buf, u_int len, const char *fmt, ...)
195{
196 char *out, h[65];
197 u_int i, j;
198 va_list args;
199
200 out = NULL;
201 va_start(args, fmt);
202 vasprintf(&out, fmt, args);
203 va_end(args);
204 if (out == NULL)
205 fatal("%s: vasprintf failed", __func__);
206
207 debug3("%s length %u%s", out, len, buf == NULL ? " (null)" : "");
208 free(out);
209 if (buf == NULL)
210 return;
211
212 *h = '\0';
213 for (i = j = 0; i < len; i++) {
214 snprintf(h + j, sizeof(h) - j, "%02x", buf[i]);
215 j += 2;
216 if (j >= sizeof(h) - 1 || i == len - 1) {
217 debug3(" %s", h);
218 *h = '\0';
219 j = 0;
220 }
221 }
222}
223
224struct jpake_ctx *
225jpake_new(void)
226{
227 struct jpake_ctx *ret;
228
229 ret = xcalloc(1, sizeof(*ret));
230
231 ret->grp = jpake_default_group();
232
233 ret->s = ret->k = NULL;
234 ret->x1 = ret->x2 = ret->x3 = ret->x4 = NULL;
235 ret->g_x1 = ret->g_x2 = ret->g_x3 = ret->g_x4 = NULL;
236 ret->a = ret->b = NULL;
237
238 ret->client_id = ret->server_id = NULL;
239 ret->h_k_cid_sessid = ret->h_k_sid_sessid = NULL;
240
241 debug3("%s: alloc %p", __func__, ret);
242
243 return ret;
244}
245
246
247void
248jpake_free(struct jpake_ctx *pctx)
249{
250 debug3("%s: free %p", __func__, pctx);
251
252#define JPAKE_BN_CLEAR_FREE(v) \
253 do { \
254 if ((v) != NULL) { \
255 BN_clear_free(v); \
256 (v) = NULL; \
257 } \
258 } while (0)
259#define JPAKE_BUF_CLEAR_FREE(v, l) \
260 do { \
261 if ((v) != NULL) { \
262 bzero((v), (l)); \
263 xfree(v); \
264 (v) = NULL; \
265 (l) = 0; \
266 } \
267 } while (0)
268
269 JPAKE_BN_CLEAR_FREE(pctx->s);
270 JPAKE_BN_CLEAR_FREE(pctx->k);
271 JPAKE_BN_CLEAR_FREE(pctx->x1);
272 JPAKE_BN_CLEAR_FREE(pctx->x2);
273 JPAKE_BN_CLEAR_FREE(pctx->x3);
274 JPAKE_BN_CLEAR_FREE(pctx->x4);
275 JPAKE_BN_CLEAR_FREE(pctx->g_x1);
276 JPAKE_BN_CLEAR_FREE(pctx->g_x2);
277 JPAKE_BN_CLEAR_FREE(pctx->g_x3);
278 JPAKE_BN_CLEAR_FREE(pctx->g_x4);
279 JPAKE_BN_CLEAR_FREE(pctx->a);
280 JPAKE_BN_CLEAR_FREE(pctx->b);
281
282 JPAKE_BUF_CLEAR_FREE(pctx->client_id, pctx->client_id_len);
283 JPAKE_BUF_CLEAR_FREE(pctx->server_id, pctx->server_id_len);
284 JPAKE_BUF_CLEAR_FREE(pctx->h_k_cid_sessid, pctx->h_k_cid_sessid_len);
285 JPAKE_BUF_CLEAR_FREE(pctx->h_k_sid_sessid, pctx->h_k_sid_sessid_len);
286
287#undef JPAKE_BN_CLEAR_FREE
288#undef JPAKE_BUF_CLEAR_FREE
289
290 bzero(pctx, sizeof(pctx));
291 xfree(pctx);
292}
293
294/* dump entire jpake_ctx. NB. includes private values! */
295void
296jpake_dump(struct jpake_ctx *pctx, const char *fmt, ...)
297{
298 char *out;
299 va_list args;
300
301 out = NULL;
302 va_start(args, fmt);
303 vasprintf(&out, fmt, args);
304 va_end(args);
305 if (out == NULL)
306 fatal("%s: vasprintf failed", __func__);
307
308 debug3("%s: %s (ctx at %p)", __func__, out, pctx);
309 if (pctx == NULL) {
310 free(out);
311 return;
312 }
313
314#define JPAKE_DUMP_BN(a) do { \
315 if ((a) != NULL) \
316 JPAKE_DEBUG_BN(((a), "%s = ", #a)); \
317 } while (0)
318#define JPAKE_DUMP_BUF(a, b) do { \
319 if ((a) != NULL) \
320 JPAKE_DEBUG_BUF((a, b, "%s", #a)); \
321 } while (0)
322
323 JPAKE_DUMP_BN(pctx->s);
324 JPAKE_DUMP_BN(pctx->k);
325 JPAKE_DUMP_BN(pctx->x1);
326 JPAKE_DUMP_BN(pctx->x2);
327 JPAKE_DUMP_BN(pctx->x3);
328 JPAKE_DUMP_BN(pctx->x4);
329 JPAKE_DUMP_BN(pctx->g_x1);
330 JPAKE_DUMP_BN(pctx->g_x2);
331 JPAKE_DUMP_BN(pctx->g_x3);
332 JPAKE_DUMP_BN(pctx->g_x4);
333 JPAKE_DUMP_BN(pctx->a);
334 JPAKE_DUMP_BN(pctx->b);
335
336 JPAKE_DUMP_BUF(pctx->client_id, pctx->client_id_len);
337 JPAKE_DUMP_BUF(pctx->server_id, pctx->server_id_len);
338 JPAKE_DUMP_BUF(pctx->h_k_cid_sessid, pctx->h_k_cid_sessid_len);
339 JPAKE_DUMP_BUF(pctx->h_k_sid_sessid, pctx->h_k_sid_sessid_len);
340
341 debug3("%s: %s done", __func__, out);
342 free(out);
343}
344
345/* Shared parts of step 1 exchange calculation */
346void
347jpake_step1(struct jpake_group *grp,
348 u_char **id, u_int *id_len,
349 BIGNUM **priv1, BIGNUM **priv2, BIGNUM **g_priv1, BIGNUM **g_priv2,
350 u_char **priv1_proof, u_int *priv1_proof_len,
351 u_char **priv2_proof, u_int *priv2_proof_len)
352{
353 BN_CTX *bn_ctx;
354
355 if ((bn_ctx = BN_CTX_new()) == NULL)
356 fatal("%s: BN_CTX_new", __func__);
357
358 /* Random nonce to prevent replay */
359 *id = xmalloc(KZP_ID_LEN);
360 *id_len = KZP_ID_LEN;
361 arc4random_buf(*id, *id_len);
362
363 /*
364 * x1/x3 is a random element of Zq
365 * x2/x4 is a random element of Z*q
366 * We also exclude [1] from x1/x3 candidates and [0, 1] from
367 * x2/x4 candiates to avoid possible degeneracy (i.e. g^0, g^1).
368 */
369 if ((*priv1 = bn_rand_range_gt_one(grp->q)) == NULL ||
370 (*priv2 = bn_rand_range_gt_one(grp->q)) == NULL)
371 fatal("%s: bn_rand_range_gt_one", __func__);
372
373 /*
374 * client: g_x1 = g^x1 mod p / server: g_x3 = g^x3 mod p
375 * client: g_x2 = g^x2 mod p / server: g_x4 = g^x4 mod p
376 */
377 if ((*g_priv1 = BN_new()) == NULL ||
378 (*g_priv2 = BN_new()) == NULL)
379 fatal("%s: BN_new", __func__);
380 if (BN_mod_exp(*g_priv1, grp->g, *priv1, grp->p, bn_ctx) == -1)
381 fatal("%s: BN_mod_exp", __func__);
382 if (BN_mod_exp(*g_priv2, grp->g, *priv2, grp->p, bn_ctx) == -1)
383 fatal("%s: BN_mod_exp", __func__);
384
385 /* Generate proofs for holding x1/x3 and x2/x4 */
386 if (schnorr_sign(grp->p, grp->q, grp->g,
387 *priv1, *g_priv1, *id, *id_len,
388 priv1_proof, priv1_proof_len) != 0)
389 fatal("%s: schnorr_sign", __func__);
390 if (schnorr_sign(grp->p, grp->q, grp->g,
391 *priv2, *g_priv2, *id, *id_len,
392 priv2_proof, priv2_proof_len) != 0)
393 fatal("%s: schnorr_sign", __func__);
394
395 BN_CTX_free(bn_ctx);
396}
397
398/* Shared parts of step 2 exchange calculation */
399void
400jpake_step2(struct jpake_group *grp, BIGNUM *s,
401 BIGNUM *mypub1, BIGNUM *theirpub1, BIGNUM *theirpub2, BIGNUM *mypriv2,
402 const u_char *theirid, u_int theirid_len,
403 const u_char *myid, u_int myid_len,
404 const u_char *theirpub1_proof, u_int theirpub1_proof_len,
405 const u_char *theirpub2_proof, u_int theirpub2_proof_len,
406 BIGNUM **newpub,
407 u_char **newpub_exponent_proof, u_int *newpub_exponent_proof_len)
408{
409 BN_CTX *bn_ctx;
410 BIGNUM *tmp, *exponent;
411
412 /* Validate peer's step 1 values */
413 if (BN_cmp(theirpub1, BN_value_one()) <= 0)
414 fatal("%s: theirpub1 <= 1", __func__);
415 if (BN_cmp(theirpub2, BN_value_one()) <= 0)
416 fatal("%s: theirpub2 <= 1", __func__);
417
418 if (schnorr_verify(grp->p, grp->q, grp->g, theirpub1,
419 theirid, theirid_len, theirpub1_proof, theirpub1_proof_len) != 1)
420 fatal("%s: schnorr_verify theirpub1 failed", __func__);
421 if (schnorr_verify(grp->p, grp->q, grp->g, theirpub2,
422 theirid, theirid_len, theirpub2_proof, theirpub2_proof_len) != 1)
423 fatal("%s: schnorr_verify theirpub2 failed", __func__);
424
425 if ((bn_ctx = BN_CTX_new()) == NULL)
426 fatal("%s: BN_CTX_new", __func__);
427
428 if ((*newpub = BN_new()) == NULL ||
429 (tmp = BN_new()) == NULL ||
430 (exponent = BN_new()) == NULL)
431 fatal("%s: BN_new", __func__);
432
433 /*
434 * client: exponent = x2 * s mod p
435 * server: exponent = x4 * s mod p
436 */
437 if (BN_mod_mul(exponent, mypriv2, s, grp->q, bn_ctx) != 1)
438 fatal("%s: BN_mod_mul (exponent = mypriv2 * s mod p)",
439 __func__);
440
441 /*
442 * client: tmp = g^(x1 + x3 + x4) mod p
443 * server: tmp = g^(x1 + x2 + x3) mod p
444 */
445 if (BN_mod_mul(tmp, mypub1, theirpub1, grp->p, bn_ctx) != 1)
446 fatal("%s: BN_mod_mul (tmp = mypub1 * theirpub1 mod p)",
447 __func__);
448 if (BN_mod_mul(tmp, tmp, theirpub2, grp->p, bn_ctx) != 1)
449 fatal("%s: BN_mod_mul (tmp = tmp * theirpub2 mod p)", __func__);
450
451 /*
452 * client: a = tmp^exponent = g^((x1+x3+x4) * x2 * s) mod p
453 * server: b = tmp^exponent = g^((x1+x2+x3) * x4 * s) mod p
454 */
455 if (BN_mod_exp(*newpub, tmp, exponent, grp->p, bn_ctx) != 1)
456 fatal("%s: BN_mod_mul (newpub = tmp^exponent mod p)", __func__);
457
458 JPAKE_DEBUG_BN((tmp, "%s: tmp = ", __func__));
459 JPAKE_DEBUG_BN((exponent, "%s: exponent = ", __func__));
460
461 /* Note the generator here is 'tmp', not g */
462 if (schnorr_sign(grp->p, grp->q, tmp, exponent, *newpub,
463 myid, myid_len,
464 newpub_exponent_proof, newpub_exponent_proof_len) != 0)
465 fatal("%s: schnorr_sign newpub", __func__);
466
467 BN_clear_free(tmp); /* XXX stash for later use? */
468 BN_clear_free(exponent); /* XXX stash for later use? (yes, in conf) */
469
470 BN_CTX_free(bn_ctx);
471}
472
473/* Confirmation hash calculation */
474void
475jpake_confirm_hash(const BIGNUM *k,
476 const u_char *endpoint_id, u_int endpoint_id_len,
477 const u_char *sess_id, u_int sess_id_len,
478 u_char **confirm_hash, u_int *confirm_hash_len)
479{
480 Buffer b;
481
482 /*
483 * Calculate confirmation proof:
484 * client: H(k || client_id || session_id)
485 * server: H(k || server_id || session_id)
486 */
487 buffer_init(&b);
488 buffer_put_bignum2(&b, k);
489 buffer_put_string(&b, endpoint_id, endpoint_id_len);
490 buffer_put_string(&b, sess_id, sess_id_len);
491 if (hash_buffer(buffer_ptr(&b), buffer_len(&b), EVP_sha256(),
492 confirm_hash, confirm_hash_len) != 0)
493 fatal("%s: hash_buffer", __func__);
494 buffer_free(&b);
495}
496
497/* Shared parts of key derivation and confirmation calculation */
498void
499jpake_key_confirm(struct jpake_group *grp, BIGNUM *s, BIGNUM *step2_val,
500 BIGNUM *mypriv2, BIGNUM *mypub1, BIGNUM *mypub2,
501 BIGNUM *theirpub1, BIGNUM *theirpub2,
502 const u_char *my_id, u_int my_id_len,
503 const u_char *their_id, u_int their_id_len,
504 const u_char *sess_id, u_int sess_id_len,
505 const u_char *theirpriv2_s_proof, u_int theirpriv2_s_proof_len,
506 BIGNUM **k,
507 u_char **confirm_hash, u_int *confirm_hash_len)
508{
509 BN_CTX *bn_ctx;
510 BIGNUM *tmp;
511
512 if ((bn_ctx = BN_CTX_new()) == NULL)
513 fatal("%s: BN_CTX_new", __func__);
514 if ((tmp = BN_new()) == NULL ||
515 (*k = BN_new()) == NULL)
516 fatal("%s: BN_new", __func__);
517
518 /* Validate step 2 values */
519 if (BN_cmp(step2_val, BN_value_one()) <= 0)
520 fatal("%s: step2_val <= 1", __func__);
521
522 /*
523 * theirpriv2_s_proof is calculated with a different generator:
524 * tmp = g^(mypriv1+mypriv2+theirpub1) = g^mypub1*g^mypub2*g^theirpub1
525 * Calculate it here so we can check the signature.
526 */
527 if (BN_mod_mul(tmp, mypub1, mypub2, grp->p, bn_ctx) != 1)
528 fatal("%s: BN_mod_mul (tmp = mypub1 * mypub2 mod p)", __func__);
529 if (BN_mod_mul(tmp, tmp, theirpub1, grp->p, bn_ctx) != 1)
530 fatal("%s: BN_mod_mul (tmp = tmp * theirpub1 mod p)", __func__);
531
532 JPAKE_DEBUG_BN((tmp, "%s: tmp = ", __func__));
533
534 if (schnorr_verify(grp->p, grp->q, tmp, step2_val,
535 their_id, their_id_len,
536 theirpriv2_s_proof, theirpriv2_s_proof_len) != 1)
537 fatal("%s: schnorr_verify theirpriv2_s_proof failed", __func__);
538
539 /*
540 * Derive shared key:
541 * client: k = (b / g^(x2*x4*s))^x2 = g^((x1+x3)*x2*x4*s)
542 * server: k = (a / g^(x2*x4*s))^x4 = g^((x1+x3)*x2*x4*s)
543 *
544 * Computed as:
545 * client: k = (g_x4^(q - (x2 * s)) * b)^x2 mod p
546 * server: k = (g_x2^(q - (x4 * s)) * b)^x4 mod p
547 */
548 if (BN_mul(tmp, mypriv2, s, bn_ctx) != 1)
549 fatal("%s: BN_mul (tmp = mypriv2 * s)", __func__);
550 if (BN_mod_sub(tmp, grp->q, tmp, grp->q, bn_ctx) != 1)
551 fatal("%s: BN_mod_sub (tmp = q - tmp mod q)", __func__);
552 if (BN_mod_exp(tmp, theirpub2, tmp, grp->p, bn_ctx) != 1)
553 fatal("%s: BN_mod_exp (tmp = theirpub2^tmp) mod p", __func__);
554 if (BN_mod_mul(tmp, tmp, step2_val, grp->p, bn_ctx) != 1)
555 fatal("%s: BN_mod_mul (tmp = tmp * step2_val) mod p", __func__);
556 if (BN_mod_exp(*k, tmp, mypriv2, grp->p, bn_ctx) != 1)
557 fatal("%s: BN_mod_exp (k = tmp^mypriv2) mod p", __func__);
558
559 BN_CTX_free(bn_ctx);
560 BN_clear_free(tmp);
561
562 jpake_confirm_hash(*k, my_id, my_id_len, sess_id, sess_id_len,
563 confirm_hash, confirm_hash_len);
564}
565
566/*
567 * Calculate and check confirmation hash from peer. Returns 1 on success
568 * 0 on failure/mismatch.
569 */
570int
571jpake_check_confirm(const BIGNUM *k,
572 const u_char *peer_id, u_int peer_id_len,
573 const u_char *sess_id, u_int sess_id_len,
574 const u_char *peer_confirm_hash, u_int peer_confirm_hash_len)
575{
576 u_char *expected_confirm_hash;
577 u_int expected_confirm_hash_len;
578 int success = 0;
579
580 /* Calculate and verify expected confirmation hash */
581 jpake_confirm_hash(k, peer_id, peer_id_len, sess_id, sess_id_len,
582 &expected_confirm_hash, &expected_confirm_hash_len);
583
584 JPAKE_DEBUG_BUF((expected_confirm_hash, expected_confirm_hash_len,
585 "%s: expected confirm hash", __func__));
586 JPAKE_DEBUG_BUF((peer_confirm_hash, peer_confirm_hash_len,
587 "%s: received confirm hash", __func__));
588
589 if (peer_confirm_hash_len != expected_confirm_hash_len)
590 error("%s: confirmation length mismatch (my %u them %u)",
591 __func__, expected_confirm_hash_len, peer_confirm_hash_len);
592 else if (memcmp(peer_confirm_hash, expected_confirm_hash,
593 expected_confirm_hash_len) == 0)
594 success = 1;
595 bzero(expected_confirm_hash, expected_confirm_hash_len);
596 xfree(expected_confirm_hash);
597 debug3("%s: success = %d", __func__, success);
598 return success;
599}
600
601/* XXX main() function with tests */
602
603#endif /* JPAKE */
604
diff --git a/jpake.h b/jpake.h
new file mode 100644
index 000000000..a3d800cd3
--- /dev/null
+++ b/jpake.h
@@ -0,0 +1,134 @@
1/* $OpenBSD: jpake.h,v 1.1 2008/11/04 08:22:13 djm Exp $ */
2/*
3 * Copyright (c) 2008 Damien Miller. All rights reserved.
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#ifndef JPAKE_H
19#define JPAKE_H
20
21#include <sys/types.h>
22
23#include <openssl/bn.h>
24
25/* Set JPAKE_DEBUG in CFLAGS for privacy-violating debugging */
26#ifndef JPAKE_DEBUG
27# define JPAKE_DEBUG_BN(a)
28# define JPAKE_DEBUG_BUF(a)
29# define JPAKE_DEBUG_CTX(a)
30#else
31# define JPAKE_DEBUG_BN(a) jpake_debug3_bn a
32# define JPAKE_DEBUG_BUF(a) jpake_debug3_buf a
33# define JPAKE_DEBUG_CTX(a) jpake_dump a
34#endif /* SCHNORR_DEBUG */
35
36struct jpake_group {
37 BIGNUM *p, *q, *g;
38};
39
40#define KZP_ID_LEN 16 /* Length of client and server IDs */
41
42struct jpake_ctx {
43 /* Parameters */
44 struct jpake_group *grp;
45
46 /* Private values shared by client and server */
47 BIGNUM *s; /* Secret (salted, crypted password) */
48 BIGNUM *k; /* Derived key */
49
50 /* Client private values (NULL for server) */
51 BIGNUM *x1; /* random in Zq */
52 BIGNUM *x2; /* random in Z*q */
53
54 /* Server private values (NULL for server) */
55 BIGNUM *x3; /* random in Zq */
56 BIGNUM *x4; /* random in Z*q */
57
58 /* Step 1: C->S */
59 u_char *client_id; /* Anti-replay nonce */
60 u_int client_id_len;
61 BIGNUM *g_x1; /* g^x1 */
62 BIGNUM *g_x2; /* g^x2 */
63
64 /* Step 1: S->C */
65 u_char *server_id; /* Anti-replay nonce */
66 u_int server_id_len;
67 BIGNUM *g_x3; /* g^x3 */
68 BIGNUM *g_x4; /* g^x4 */
69
70 /* Step 2: C->S */
71 BIGNUM *a; /* g^((x1+x3+x4)*x2*s) */
72
73 /* Step 2: S->C */
74 BIGNUM *b; /* g^((x1+x2+x3)*x4*s) */
75
76 /* Confirmation: C->S */
77 u_char *h_k_cid_sessid; /* H(k || client_id || session_id) */
78 u_int h_k_cid_sessid_len;
79
80 /* Confirmation: S->C */
81 u_char *h_k_sid_sessid; /* H(k || server_id || session_id) */
82 u_int h_k_sid_sessid_len;
83};
84
85/* jpake.c */
86struct jpake_group *jpake_default_group(void);
87BIGNUM *bn_rand_range_gt_one(const BIGNUM *high);
88int hash_buffer(const u_char *, u_int, const EVP_MD *, u_char **, u_int *);
89void jpake_debug3_bn(const BIGNUM *, const char *, ...)
90 __attribute__((__nonnull__ (2)))
91 __attribute__((format(printf, 2, 3)));
92void jpake_debug3_buf(const u_char *, u_int, const char *, ...)
93 __attribute__((__nonnull__ (3)))
94 __attribute__((format(printf, 3, 4)));
95void jpake_dump(struct jpake_ctx *, const char *, ...)
96 __attribute__((__nonnull__ (2)))
97 __attribute__((format(printf, 2, 3)));
98struct jpake_ctx *jpake_new(void);
99void jpake_free(struct jpake_ctx *);
100
101void jpake_step1(struct jpake_group *, u_char **, u_int *,
102 BIGNUM **, BIGNUM **, BIGNUM **, BIGNUM **,
103 u_char **, u_int *, u_char **, u_int *);
104
105void jpake_step2(struct jpake_group *, BIGNUM *,
106 BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *,
107 const u_char *, u_int, const u_char *, u_int,
108 const u_char *, u_int, const u_char *, u_int,
109 BIGNUM **, u_char **, u_int *);
110
111void jpake_confirm_hash(const BIGNUM *,
112 const u_char *, u_int,
113 const u_char *, u_int,
114 u_char **, u_int *);
115
116void jpake_key_confirm(struct jpake_group *, BIGNUM *, BIGNUM *,
117 BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *,
118 const u_char *, u_int, const u_char *, u_int,
119 const u_char *, u_int, const u_char *, u_int,
120 BIGNUM **, u_char **, u_int *);
121
122int jpake_check_confirm(const BIGNUM *, const u_char *, u_int,
123 const u_char *, u_int, const u_char *, u_int);
124
125/* schnorr.c */
126int schnorr_sign(const BIGNUM *, const BIGNUM *, const BIGNUM *,
127 const BIGNUM *, const BIGNUM *, const u_char *, u_int ,
128 u_char **, u_int *);
129int schnorr_verify(const BIGNUM *, const BIGNUM *, const BIGNUM *,
130 const BIGNUM *, const u_char *, u_int,
131 const u_char *, u_int);
132
133#endif /* JPAKE_H */
134
diff --git a/kex.c b/kex.c
index 5c8361bac..9696850aa 100644
--- a/kex.c
+++ b/kex.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: kex.c,v 1.79 2007/06/05 06:52:37 djm Exp $ */ 1/* $OpenBSD: kex.c,v 1.80 2008/09/06 12:24:13 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
4 * 4 *
diff --git a/kex.h b/kex.h
index bd763a074..e8af7a4fd 100644
--- a/kex.h
+++ b/kex.h
@@ -126,6 +126,7 @@ struct Kex {
126 int gss_deleg_creds; 126 int gss_deleg_creds;
127 int gss_trust_dns; 127 int gss_trust_dns;
128 char *gss_host; 128 char *gss_host;
129 char *gss_client;
129#endif 130#endif
130 char *client_version_string; 131 char *client_version_string;
131 char *server_version_string; 132 char *server_version_string;
diff --git a/kexgexs.c b/kexgexs.c
index a037f57f2..76a0f8ca7 100644
--- a/kexgexs.c
+++ b/kexgexs.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: kexgexs.c,v 1.10 2006/11/06 21:25:28 markus Exp $ */ 1/* $OpenBSD: kexgexs.c,v 1.11 2009/01/01 21:17:36 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Niels Provos. All rights reserved. 3 * Copyright (c) 2000 Niels Provos. All rights reserved.
4 * Copyright (c) 2001 Markus Friedl. All rights reserved. 4 * Copyright (c) 2001 Markus Friedl. All rights reserved.
@@ -56,7 +56,8 @@ kexgex_server(Kex *kex)
56 DH *dh; 56 DH *dh;
57 u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL; 57 u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL;
58 u_int sbloblen, klen, slen, hashlen; 58 u_int sbloblen, klen, slen, hashlen;
59 int min = -1, max = -1, nbits = -1, type, kout; 59 int omin = -1, min = -1, omax = -1, max = -1, onbits = -1, nbits = -1;
60 int type, kout;
60 61
61 if (kex->load_host_key == NULL) 62 if (kex->load_host_key == NULL)
62 fatal("Cannot load hostkey"); 63 fatal("Cannot load hostkey");
@@ -68,27 +69,29 @@ kexgex_server(Kex *kex)
68 switch (type) { 69 switch (type) {
69 case SSH2_MSG_KEX_DH_GEX_REQUEST: 70 case SSH2_MSG_KEX_DH_GEX_REQUEST:
70 debug("SSH2_MSG_KEX_DH_GEX_REQUEST received"); 71 debug("SSH2_MSG_KEX_DH_GEX_REQUEST received");
71 min = packet_get_int(); 72 omin = min = packet_get_int();
72 nbits = packet_get_int(); 73 onbits = nbits = packet_get_int();
73 max = packet_get_int(); 74 omax = max = packet_get_int();
74 min = MAX(DH_GRP_MIN, min); 75 min = MAX(DH_GRP_MIN, min);
75 max = MIN(DH_GRP_MAX, max); 76 max = MIN(DH_GRP_MAX, max);
77 nbits = MAX(DH_GRP_MIN, nbits);
78 nbits = MIN(DH_GRP_MAX, nbits);
76 break; 79 break;
77 case SSH2_MSG_KEX_DH_GEX_REQUEST_OLD: 80 case SSH2_MSG_KEX_DH_GEX_REQUEST_OLD:
78 debug("SSH2_MSG_KEX_DH_GEX_REQUEST_OLD received"); 81 debug("SSH2_MSG_KEX_DH_GEX_REQUEST_OLD received");
79 nbits = packet_get_int(); 82 onbits = nbits = packet_get_int();
80 min = DH_GRP_MIN;
81 max = DH_GRP_MAX;
82 /* unused for old GEX */ 83 /* unused for old GEX */
84 omin = min = DH_GRP_MIN;
85 omax = max = DH_GRP_MAX;
83 break; 86 break;
84 default: 87 default:
85 fatal("protocol error during kex, no DH_GEX_REQUEST: %d", type); 88 fatal("protocol error during kex, no DH_GEX_REQUEST: %d", type);
86 } 89 }
87 packet_check_eom(); 90 packet_check_eom();
88 91
89 if (max < min || nbits < min || max < nbits) 92 if (omax < omin || onbits < omin || omax < onbits)
90 fatal("DH_GEX_REQUEST, bad parameters: %d !< %d !< %d", 93 fatal("DH_GEX_REQUEST, bad parameters: %d !< %d !< %d",
91 min, nbits, max); 94 omin, onbits, omax);
92 95
93 /* Contact privileged parent */ 96 /* Contact privileged parent */
94 dh = PRIVSEP(choose_dh(min, nbits, max)); 97 dh = PRIVSEP(choose_dh(min, nbits, max));
@@ -149,7 +152,7 @@ kexgex_server(Kex *kex)
149 key_to_blob(server_host_key, &server_host_key_blob, &sbloblen); 152 key_to_blob(server_host_key, &server_host_key_blob, &sbloblen);
150 153
151 if (type == SSH2_MSG_KEX_DH_GEX_REQUEST_OLD) 154 if (type == SSH2_MSG_KEX_DH_GEX_REQUEST_OLD)
152 min = max = -1; 155 omin = min = omax = max = -1;
153 156
154 /* calc H */ 157 /* calc H */
155 kexgex_hash( 158 kexgex_hash(
@@ -159,7 +162,7 @@ kexgex_server(Kex *kex)
159 buffer_ptr(&kex->peer), buffer_len(&kex->peer), 162 buffer_ptr(&kex->peer), buffer_len(&kex->peer),
160 buffer_ptr(&kex->my), buffer_len(&kex->my), 163 buffer_ptr(&kex->my), buffer_len(&kex->my),
161 server_host_key_blob, sbloblen, 164 server_host_key_blob, sbloblen,
162 min, nbits, max, 165 omin, onbits, omax,
163 dh->p, dh->g, 166 dh->p, dh->g,
164 dh_client_pub, 167 dh_client_pub,
165 dh->pub_key, 168 dh->pub_key,
diff --git a/kexgssc.c b/kexgssc.c
index 7c4a56f45..39be40531 100644
--- a/kexgssc.c
+++ b/kexgssc.c
@@ -1,5 +1,5 @@
1/* 1/*
2 * Copyright (c) 2001-2006 Simon Wilkinson. All rights reserved. 2 * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved.
3 * 3 *
4 * Redistribution and use in source and binary forms, with or without 4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions 5 * modification, are permitted provided that the following conditions
@@ -59,6 +59,7 @@ kexgss_client(Kex *kex) {
59 BIGNUM *g = NULL; 59 BIGNUM *g = NULL;
60 u_char *kbuf, *hash; 60 u_char *kbuf, *hash;
61 u_char *serverhostkey = NULL; 61 u_char *serverhostkey = NULL;
62 u_char *empty = "";
62 char *msg; 63 char *msg;
63 char *lang; 64 char *lang;
64 int type = 0; 65 int type = 0;
@@ -73,7 +74,11 @@ kexgss_client(Kex *kex) {
73 74
74 if (ssh_gssapi_import_name(ctxt, kex->gss_host)) 75 if (ssh_gssapi_import_name(ctxt, kex->gss_host))
75 fatal("Couldn't import hostname"); 76 fatal("Couldn't import hostname");
76 77
78 if (kex->gss_client &&
79 ssh_gssapi_client_identity(ctxt, kex->gss_client))
80 fatal("Couldn't acquire client credentials");
81
77 switch (kex->kex_type) { 82 switch (kex->kex_type) {
78 case KEX_GSS_GRP1_SHA1: 83 case KEX_GSS_GRP1_SHA1:
79 dh = dh_new_group1(); 84 dh = dh_new_group1();
@@ -245,9 +250,16 @@ kexgss_client(Kex *kex) {
245 klen = DH_size(dh); 250 klen = DH_size(dh);
246 kbuf = xmalloc(klen); 251 kbuf = xmalloc(klen);
247 kout = DH_compute_key(kbuf, dh_server_pub, dh); 252 kout = DH_compute_key(kbuf, dh_server_pub, dh);
253 if (kout < 0)
254 fatal("DH_compute_key: failed");
248 255
249 shared_secret = BN_new(); 256 shared_secret = BN_new();
250 BN_bin2bn(kbuf,kout, shared_secret); 257 if (shared_secret == NULL)
258 fatal("kexgss_client: BN_new failed");
259
260 if (BN_bin2bn(kbuf, kout, shared_secret) == NULL)
261 fatal("kexdh_client: BN_bin2bn failed");
262
251 memset(kbuf, 0, klen); 263 memset(kbuf, 0, klen);
252 xfree(kbuf); 264 xfree(kbuf);
253 265
@@ -258,7 +270,7 @@ kexgss_client(Kex *kex) {
258 kex->server_version_string, 270 kex->server_version_string,
259 buffer_ptr(&kex->my), buffer_len(&kex->my), 271 buffer_ptr(&kex->my), buffer_len(&kex->my),
260 buffer_ptr(&kex->peer), buffer_len(&kex->peer), 272 buffer_ptr(&kex->peer), buffer_len(&kex->peer),
261 serverhostkey, slen, /* server host key */ 273 (serverhostkey ? serverhostkey : empty), slen,
262 dh->pub_key, /* e */ 274 dh->pub_key, /* e */
263 dh_server_pub, /* f */ 275 dh_server_pub, /* f */
264 shared_secret, /* K */ 276 shared_secret, /* K */
@@ -272,7 +284,7 @@ kexgss_client(Kex *kex) {
272 kex->server_version_string, 284 kex->server_version_string,
273 buffer_ptr(&kex->my), buffer_len(&kex->my), 285 buffer_ptr(&kex->my), buffer_len(&kex->my),
274 buffer_ptr(&kex->peer), buffer_len(&kex->peer), 286 buffer_ptr(&kex->peer), buffer_len(&kex->peer),
275 serverhostkey, slen, 287 (serverhostkey ? serverhostkey : empty), slen,
276 min, nbits, max, 288 min, nbits, max,
277 dh->p, dh->g, 289 dh->p, dh->g,
278 dh->pub_key, 290 dh->pub_key,
@@ -306,6 +318,9 @@ kexgss_client(Kex *kex) {
306 memcpy(kex->session_id, hash, kex->session_id_len); 318 memcpy(kex->session_id, hash, kex->session_id_len);
307 } 319 }
308 320
321 if (kex->gss_deleg_creds)
322 ssh_gssapi_credentials_updated(ctxt);
323
309 if (gss_kex_context == NULL) 324 if (gss_kex_context == NULL)
310 gss_kex_context = ctxt; 325 gss_kex_context = ctxt;
311 else 326 else
diff --git a/kexgsss.c b/kexgsss.c
index 3ca23bbb2..0c3eeaa63 100644
--- a/kexgsss.c
+++ b/kexgsss.c
@@ -1,5 +1,5 @@
1/* 1/*
2 * Copyright (c) 2001-2006 Simon Wilkinson. All rights reserved. 2 * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved.
3 * 3 *
4 * Redistribution and use in source and binary forms, with or without 4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions 5 * modification, are permitted provided that the following conditions
@@ -42,6 +42,9 @@
42#include "dh.h" 42#include "dh.h"
43#include "ssh-gss.h" 43#include "ssh-gss.h"
44#include "monitor_wrap.h" 44#include "monitor_wrap.h"
45#include "servconf.h"
46
47extern ServerOptions options;
45 48
46void 49void
47kexgss_server(Kex *kex) 50kexgss_server(Kex *kex)
@@ -67,6 +70,7 @@ kexgss_server(Kex *kex)
67 BIGNUM *dh_client_pub = NULL; 70 BIGNUM *dh_client_pub = NULL;
68 int type = 0; 71 int type = 0;
69 gss_OID oid; 72 gss_OID oid;
73 char *mechs;
70 74
71 /* Initialise GSSAPI */ 75 /* Initialise GSSAPI */
72 76
@@ -75,7 +79,8 @@ kexgss_server(Kex *kex)
75 * into life 79 * into life
76 */ 80 */
77 if (!ssh_gssapi_oid_table_ok()) 81 if (!ssh_gssapi_oid_table_ok())
78 ssh_gssapi_server_mechanisms(); 82 if ((mechs = ssh_gssapi_server_mechanisms()))
83 xfree(mechs);
79 84
80 debug2("%s: Identifying %s", __func__, kex->name); 85 debug2("%s: Identifying %s", __func__, kex->name);
81 oid = ssh_gssapi_id_kex(NULL, kex->name, kex->kex_type); 86 oid = ssh_gssapi_id_kex(NULL, kex->name, kex->kex_type);
@@ -191,9 +196,16 @@ kexgss_server(Kex *kex)
191 klen = DH_size(dh); 196 klen = DH_size(dh);
192 kbuf = xmalloc(klen); 197 kbuf = xmalloc(klen);
193 kout = DH_compute_key(kbuf, dh_client_pub, dh); 198 kout = DH_compute_key(kbuf, dh_client_pub, dh);
199 if (kout < 0)
200 fatal("DH_compute_key: failed");
194 201
195 shared_secret = BN_new(); 202 shared_secret = BN_new();
196 BN_bin2bn(kbuf, kout, shared_secret); 203 if (shared_secret == NULL)
204 fatal("kexgss_server: BN_new failed");
205
206 if (BN_bin2bn(kbuf, kout, shared_secret) == NULL)
207 fatal("kexgss_server: BN_bin2bn failed");
208
197 memset(kbuf, 0, klen); 209 memset(kbuf, 0, klen);
198 xfree(kbuf); 210 xfree(kbuf);
199 211
@@ -228,7 +240,7 @@ kexgss_server(Kex *kex)
228 fatal("%s: Unexpected KEX type %d", __func__, kex->kex_type); 240 fatal("%s: Unexpected KEX type %d", __func__, kex->kex_type);
229 } 241 }
230 242
231 BN_free(dh_client_pub); 243 BN_clear_free(dh_client_pub);
232 244
233 if (kex->session_id == NULL) { 245 if (kex->session_id == NULL) {
234 kex->session_id_len = hashlen; 246 kex->session_id_len = hashlen;
@@ -267,5 +279,10 @@ kexgss_server(Kex *kex)
267 kex_derive_keys(kex, hash, hashlen, shared_secret); 279 kex_derive_keys(kex, hash, hashlen, shared_secret);
268 BN_clear_free(shared_secret); 280 BN_clear_free(shared_secret);
269 kex_finish(kex); 281 kex_finish(kex);
282
283 /* If this was a rekey, then save out any delegated credentials we
284 * just exchanged. */
285 if (options.gss_store_rekey)
286 ssh_gssapi_rekey_creds();
270} 287}
271#endif /* GSSAPI */ 288#endif /* GSSAPI */
diff --git a/key.c b/key.c
index 484b97f67..327aa4e7f 100644
--- a/key.c
+++ b/key.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: key.c,v 1.78 2008/07/07 23:32:51 stevesk Exp $ */ 1/* $OpenBSD: key.c,v 1.80 2008/10/10 05:00:12 stevesk Exp $ */
2/* 2/*
3 * read_bignum(): 3 * read_bignum():
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -369,7 +369,8 @@ key_fingerprint_randomart(u_char *dgst_raw, u_int dgst_raw_len, const Key *k)
369 y = MIN(y, FLDSIZE_Y - 1); 369 y = MIN(y, FLDSIZE_Y - 1);
370 370
371 /* augment the field */ 371 /* augment the field */
372 field[x][y]++; 372 if (field[x][y] < len - 2)
373 field[x][y]++;
373 input = input >> 2; 374 input = input >> 2;
374 } 375 }
375 } 376 }
@@ -427,7 +428,7 @@ key_fingerprint(const Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep)
427 retval = key_fingerprint_randomart(dgst_raw, dgst_raw_len, k); 428 retval = key_fingerprint_randomart(dgst_raw, dgst_raw_len, k);
428 break; 429 break;
429 default: 430 default:
430 fatal("key_fingerprint_ex: bad digest representation %d", 431 fatal("key_fingerprint: bad digest representation %d",
431 dgst_rep); 432 dgst_rep);
432 break; 433 break;
433 } 434 }
diff --git a/loginrec.c b/loginrec.c
index b41114198..f4af06736 100644
--- a/loginrec.c
+++ b/loginrec.c
@@ -1456,25 +1456,14 @@ syslogin_write_entry(struct logininfo *li)
1456 **/ 1456 **/
1457 1457
1458#ifdef USE_LASTLOG 1458#ifdef USE_LASTLOG
1459#define LL_FILE 1
1460#define LL_DIR 2
1461#define LL_OTHER 3
1462
1463static void
1464lastlog_construct(struct logininfo *li, struct lastlog *last)
1465{
1466 /* clear the structure */
1467 memset(last, '\0', sizeof(*last));
1468
1469 line_stripname(last->ll_line, li->line, sizeof(last->ll_line));
1470 strlcpy(last->ll_host, li->hostname,
1471 MIN_SIZEOF(last->ll_host, li->hostname));
1472 last->ll_time = li->tv_sec;
1473}
1474 1459
1460#if !defined(LASTLOG_WRITE_PUTUTXLINE) || !defined(HAVE_GETLASTLOGXBYNAME)
1461/* open the file (using filemode) and seek to the login entry */
1475static int 1462static int
1476lastlog_filetype(char *filename) 1463lastlog_openseek(struct logininfo *li, int *fd, int filemode)
1477{ 1464{
1465 off_t offset;
1466 char lastlog_file[1024];
1478 struct stat st; 1467 struct stat st;
1479 1468
1480 if (stat(LASTLOG_FILE, &st) != 0) { 1469 if (stat(LASTLOG_FILE, &st) != 0) {
@@ -1482,34 +1471,12 @@ lastlog_filetype(char *filename)
1482 LASTLOG_FILE, strerror(errno)); 1471 LASTLOG_FILE, strerror(errno));
1483 return (0); 1472 return (0);
1484 } 1473 }
1485 if (S_ISDIR(st.st_mode)) 1474 if (S_ISDIR(st.st_mode)) {
1486 return (LL_DIR);
1487 else if (S_ISREG(st.st_mode))
1488 return (LL_FILE);
1489 else
1490 return (LL_OTHER);
1491}
1492
1493
1494/* open the file (using filemode) and seek to the login entry */
1495static int
1496lastlog_openseek(struct logininfo *li, int *fd, int filemode)
1497{
1498 off_t offset;
1499 int type;
1500 char lastlog_file[1024];
1501
1502 type = lastlog_filetype(LASTLOG_FILE);
1503 switch (type) {
1504 case LL_FILE:
1505 strlcpy(lastlog_file, LASTLOG_FILE,
1506 sizeof(lastlog_file));
1507 break;
1508 case LL_DIR:
1509 snprintf(lastlog_file, sizeof(lastlog_file), "%s/%s", 1475 snprintf(lastlog_file, sizeof(lastlog_file), "%s/%s",
1510 LASTLOG_FILE, li->username); 1476 LASTLOG_FILE, li->username);
1511 break; 1477 } else if (S_ISREG(st.st_mode)) {
1512 default: 1478 strlcpy(lastlog_file, LASTLOG_FILE, sizeof(lastlog_file));
1479 } else {
1513 logit("%s: %.100s is not a file or directory!", __func__, 1480 logit("%s: %.100s is not a file or directory!", __func__,
1514 LASTLOG_FILE); 1481 LASTLOG_FILE);
1515 return (0); 1482 return (0);
@@ -1522,7 +1489,7 @@ lastlog_openseek(struct logininfo *li, int *fd, int filemode)
1522 return (0); 1489 return (0);
1523 } 1490 }
1524 1491
1525 if (type == LL_FILE) { 1492 if (S_ISREG(st.st_mode)) {
1526 /* find this uid's offset in the lastlog file */ 1493 /* find this uid's offset in the lastlog file */
1527 offset = (off_t) ((long)li->uid * sizeof(struct lastlog)); 1494 offset = (off_t) ((long)li->uid * sizeof(struct lastlog));
1528 1495
@@ -1535,52 +1502,74 @@ lastlog_openseek(struct logininfo *li, int *fd, int filemode)
1535 1502
1536 return (1); 1503 return (1);
1537} 1504}
1505#endif /* !LASTLOG_WRITE_PUTUTXLINE || !HAVE_GETLASTLOGXBYNAME */
1538 1506
1539static int 1507#ifdef LASTLOG_WRITE_PUTUTXLINE
1540lastlog_perform_login(struct logininfo *li) 1508int
1509lastlog_write_entry(struct logininfo *li)
1541{ 1510{
1542 struct lastlog last; 1511 switch(li->type) {
1543 int fd; 1512 case LTYPE_LOGIN:
1544 1513 return 1; /* lastlog written by pututxline */
1545 /* create our struct lastlog */ 1514 default:
1546 lastlog_construct(li, &last); 1515 logit("lastlog_write_entry: Invalid type field");
1547 1516 return 0;
1548 if (!lastlog_openseek(li, &fd, O_RDWR|O_CREAT))
1549 return (0);
1550
1551 /* write the entry */
1552 if (atomicio(vwrite, fd, &last, sizeof(last)) != sizeof(last)) {
1553 close(fd);
1554 logit("%s: Error writing to %s: %s", __func__,
1555 LASTLOG_FILE, strerror(errno));
1556 return (0);
1557 } 1517 }
1558
1559 close(fd);
1560 return (1);
1561} 1518}
1562 1519#else /* LASTLOG_WRITE_PUTUTXLINE */
1563int 1520int
1564lastlog_write_entry(struct logininfo *li) 1521lastlog_write_entry(struct logininfo *li)
1565{ 1522{
1523 struct lastlog last;
1524 int fd;
1525
1566 switch(li->type) { 1526 switch(li->type) {
1567 case LTYPE_LOGIN: 1527 case LTYPE_LOGIN:
1568 return (lastlog_perform_login(li)); 1528 /* create our struct lastlog */
1529 memset(&last, '\0', sizeof(last));
1530 line_stripname(last.ll_line, li->line, sizeof(last.ll_line));
1531 strlcpy(last.ll_host, li->hostname,
1532 MIN_SIZEOF(last.ll_host, li->hostname));
1533 last.ll_time = li->tv_sec;
1534
1535 if (!lastlog_openseek(li, &fd, O_RDWR|O_CREAT))
1536 return (0);
1537
1538 /* write the entry */
1539 if (atomicio(vwrite, fd, &last, sizeof(last)) != sizeof(last)) {
1540 close(fd);
1541 logit("%s: Error writing to %s: %s", __func__,
1542 LASTLOG_FILE, strerror(errno));
1543 return (0);
1544 }
1545
1546 close(fd);
1547 return (1);
1569 default: 1548 default:
1570 logit("%s: Invalid type field", __func__); 1549 logit("%s: Invalid type field", __func__);
1571 return (0); 1550 return (0);
1572 } 1551 }
1573} 1552}
1553#endif /* LASTLOG_WRITE_PUTUTXLINE */
1574 1554
1575static void 1555#ifdef HAVE_GETLASTLOGXBYNAME
1576lastlog_populate_entry(struct logininfo *li, struct lastlog *last) 1556int
1557lastlog_get_entry(struct logininfo *li)
1577{ 1558{
1578 line_fullname(li->line, last->ll_line, sizeof(li->line)); 1559 struct lastlogx l, *ll;
1579 strlcpy(li->hostname, last->ll_host,
1580 MIN_SIZEOF(li->hostname, last->ll_host));
1581 li->tv_sec = last->ll_time;
1582}
1583 1560
1561 if ((ll = getlastlogxbyname(li->username, &l)) == NULL) {
1562 memset(&l, '\0', sizeof(l));
1563 ll = &l;
1564 }
1565 line_fullname(li->line, ll->ll_line, sizeof(li->line));
1566 strlcpy(li->hostname, ll->ll_host,
1567 MIN_SIZEOF(li->hostname, ll->ll_host));
1568 li->tv_sec = ll->ll_tv.tv_sec;
1569 li->tv_usec = ll->ll_tv.tv_usec;
1570 return (1);
1571}
1572#else /* HAVE_GETLASTLOGXBYNAME */
1584int 1573int
1585lastlog_get_entry(struct logininfo *li) 1574lastlog_get_entry(struct logininfo *li)
1586{ 1575{
@@ -1598,7 +1587,10 @@ lastlog_get_entry(struct logininfo *li)
1598 memset(&last, '\0', sizeof(last)); 1587 memset(&last, '\0', sizeof(last));
1599 /* FALLTHRU */ 1588 /* FALLTHRU */
1600 case sizeof(last): 1589 case sizeof(last):
1601 lastlog_populate_entry(li, &last); 1590 line_fullname(li->line, last.ll_line, sizeof(li->line));
1591 strlcpy(li->hostname, last.ll_host,
1592 MIN_SIZEOF(li->hostname, last.ll_host));
1593 li->tv_sec = last.ll_time;
1602 return (1); 1594 return (1);
1603 case -1: 1595 case -1:
1604 error("%s: Error reading from %s: %s", __func__, 1596 error("%s: Error reading from %s: %s", __func__,
@@ -1613,6 +1605,7 @@ lastlog_get_entry(struct logininfo *li)
1613 /* NOTREACHED */ 1605 /* NOTREACHED */
1614 return (0); 1606 return (0);
1615} 1607}
1608#endif /* HAVE_GETLASTLOGXBYNAME */
1616#endif /* USE_LASTLOG */ 1609#endif /* USE_LASTLOG */
1617 1610
1618#ifdef USE_BTMP 1611#ifdef USE_BTMP
diff --git a/misc.c b/misc.c
index 8b303f16f..143dbf0e2 100644
--- a/misc.c
+++ b/misc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: misc.c,v 1.69 2008/06/13 01:38:23 dtucker Exp $ */ 1/* $OpenBSD: misc.c,v 1.71 2009/02/21 19:32:04 tobias Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * Copyright (c) 2005,2006 Damien Miller. All rights reserved. 4 * Copyright (c) 2005,2006 Damien Miller. All rights reserved.
@@ -221,23 +221,19 @@ pwcopy(struct passwd *pw)
221 221
222/* 222/*
223 * Convert ASCII string to TCP/IP port number. 223 * Convert ASCII string to TCP/IP port number.
224 * Port must be >0 and <=65535. 224 * Port must be >=0 and <=65535.
225 * Return 0 if invalid. 225 * Return -1 if invalid.
226 */ 226 */
227int 227int
228a2port(const char *s) 228a2port(const char *s)
229{ 229{
230 long port; 230 long long port;
231 char *endp; 231 const char *errstr;
232
233 errno = 0;
234 port = strtol(s, &endp, 0);
235 if (s == endp || *endp != '\0' ||
236 (errno == ERANGE && (port == LONG_MIN || port == LONG_MAX)) ||
237 port <= 0 || port > 65535)
238 return 0;
239 232
240 return port; 233 port = strtonum(s, 0, 65535, &errstr);
234 if (errstr != NULL)
235 return -1;
236 return (int)port;
241} 237}
242 238
243int 239int
@@ -718,7 +714,8 @@ sanitise_stdfd(void)
718 int nullfd, dupfd; 714 int nullfd, dupfd;
719 715
720 if ((nullfd = dupfd = open(_PATH_DEVNULL, O_RDWR)) == -1) { 716 if ((nullfd = dupfd = open(_PATH_DEVNULL, O_RDWR)) == -1) {
721 fprintf(stderr, "Couldn't open /dev/null: %s", strerror(errno)); 717 fprintf(stderr, "Couldn't open /dev/null: %s\n",
718 strerror(errno));
722 exit(1); 719 exit(1);
723 } 720 }
724 while (++dupfd <= 2) { 721 while (++dupfd <= 2) {
@@ -726,7 +723,7 @@ sanitise_stdfd(void)
726 if (fcntl(dupfd, F_GETFL, 0) >= 0) 723 if (fcntl(dupfd, F_GETFL, 0) >= 0)
727 continue; 724 continue;
728 if (dup2(nullfd, dupfd) == -1) { 725 if (dup2(nullfd, dupfd) == -1) {
729 fprintf(stderr, "dup2: %s", strerror(errno)); 726 fprintf(stderr, "dup2: %s\n", strerror(errno));
730 exit(1); 727 exit(1);
731 } 728 }
732 } 729 }
diff --git a/moduli.0 b/moduli.0
index 55a315fab..d4c0d4e67 100644
--- a/moduli.0
+++ b/moduli.0
@@ -69,4 +69,4 @@ SEE ALSO
69 Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer 69 Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer
70 Protocol, RFC 4419, 2006. 70 Protocol, RFC 4419, 2006.
71 71
72OpenBSD 4.4 June 26, 2008 2 72OpenBSD 4.5 June 26, 2008 2
diff --git a/monitor.c b/monitor.c
index 5305911a4..74f7e05b0 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: monitor.c,v 1.99 2008/07/10 18:08:11 markus Exp $ */ 1/* $OpenBSD: monitor.c,v 1.101 2009/02/12 03:26:22 djm Exp $ */
2/* 2/*
3 * Copyright 2002 Niels Provos <provos@citi.umich.edu> 3 * Copyright 2002 Niels Provos <provos@citi.umich.edu>
4 * Copyright 2002 Markus Friedl <markus@openbsd.org> 4 * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -87,6 +87,7 @@
87#include "misc.h" 87#include "misc.h"
88#include "compat.h" 88#include "compat.h"
89#include "ssh2.h" 89#include "ssh2.h"
90#include "jpake.h"
90 91
91#ifdef GSSAPI 92#ifdef GSSAPI
92static Gssctxt *gsscontext = NULL; 93static Gssctxt *gsscontext = NULL;
@@ -150,6 +151,11 @@ int mm_answer_rsa_challenge(int, Buffer *);
150int mm_answer_rsa_response(int, Buffer *); 151int mm_answer_rsa_response(int, Buffer *);
151int mm_answer_sesskey(int, Buffer *); 152int mm_answer_sesskey(int, Buffer *);
152int mm_answer_sessid(int, Buffer *); 153int mm_answer_sessid(int, Buffer *);
154int mm_answer_jpake_get_pwdata(int, Buffer *);
155int mm_answer_jpake_step1(int, Buffer *);
156int mm_answer_jpake_step2(int, Buffer *);
157int mm_answer_jpake_key_confirm(int, Buffer *);
158int mm_answer_jpake_check_confirm(int, Buffer *);
153 159
154#ifdef USE_PAM 160#ifdef USE_PAM
155int mm_answer_pam_start(int, Buffer *); 161int mm_answer_pam_start(int, Buffer *);
@@ -166,6 +172,7 @@ int mm_answer_gss_accept_ctx(int, Buffer *);
166int mm_answer_gss_userok(int, Buffer *); 172int mm_answer_gss_userok(int, Buffer *);
167int mm_answer_gss_checkmic(int, Buffer *); 173int mm_answer_gss_checkmic(int, Buffer *);
168int mm_answer_gss_sign(int, Buffer *); 174int mm_answer_gss_sign(int, Buffer *);
175int mm_answer_gss_updatecreds(int, Buffer *);
169#endif 176#endif
170 177
171#ifdef SSH_AUDIT_EVENTS 178#ifdef SSH_AUDIT_EVENTS
@@ -238,6 +245,13 @@ struct mon_table mon_dispatch_proto20[] = {
238 {MONITOR_REQ_GSSCHECKMIC, MON_ISAUTH, mm_answer_gss_checkmic}, 245 {MONITOR_REQ_GSSCHECKMIC, MON_ISAUTH, mm_answer_gss_checkmic},
239 {MONITOR_REQ_GSSSIGN, MON_ONCE, mm_answer_gss_sign}, 246 {MONITOR_REQ_GSSSIGN, MON_ONCE, mm_answer_gss_sign},
240#endif 247#endif
248#ifdef JPAKE
249 {MONITOR_REQ_JPAKE_GET_PWDATA, MON_ONCE, mm_answer_jpake_get_pwdata},
250 {MONITOR_REQ_JPAKE_STEP1, MON_ISAUTH, mm_answer_jpake_step1},
251 {MONITOR_REQ_JPAKE_STEP2, MON_ONCE, mm_answer_jpake_step2},
252 {MONITOR_REQ_JPAKE_KEY_CONFIRM, MON_ONCE, mm_answer_jpake_key_confirm},
253 {MONITOR_REQ_JPAKE_CHECK_CONFIRM, MON_AUTH, mm_answer_jpake_check_confirm},
254#endif
241 {0, 0, NULL} 255 {0, 0, NULL}
242}; 256};
243 257
@@ -246,6 +260,7 @@ struct mon_table mon_dispatch_postauth20[] = {
246 {MONITOR_REQ_GSSSETUP, 0, mm_answer_gss_setup_ctx}, 260 {MONITOR_REQ_GSSSETUP, 0, mm_answer_gss_setup_ctx},
247 {MONITOR_REQ_GSSSTEP, 0, mm_answer_gss_accept_ctx}, 261 {MONITOR_REQ_GSSSTEP, 0, mm_answer_gss_accept_ctx},
248 {MONITOR_REQ_GSSSIGN, 0, mm_answer_gss_sign}, 262 {MONITOR_REQ_GSSSIGN, 0, mm_answer_gss_sign},
263 {MONITOR_REQ_GSSUPCREDS, 0, mm_answer_gss_updatecreds},
249#endif 264#endif
250 {MONITOR_REQ_MODULI, 0, mm_answer_moduli}, 265 {MONITOR_REQ_MODULI, 0, mm_answer_moduli},
251 {MONITOR_REQ_SIGN, 0, mm_answer_sign}, 266 {MONITOR_REQ_SIGN, 0, mm_answer_sign},
@@ -392,6 +407,15 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor)
392 if (!authenticated) 407 if (!authenticated)
393 authctxt->failures++; 408 authctxt->failures++;
394 } 409 }
410#ifdef JPAKE
411 /* Cleanup JPAKE context after authentication */
412 if (ent->flags & MON_AUTHDECIDE) {
413 if (authctxt->jpake_ctx != NULL) {
414 jpake_free(authctxt->jpake_ctx);
415 authctxt->jpake_ctx = NULL;
416 }
417 }
418#endif
395 } 419 }
396 420
397 if (!authctxt->valid) 421 if (!authctxt->valid)
@@ -1519,7 +1543,9 @@ mm_answer_rsa_challenge(int sock, Buffer *m)
1519 fatal("%s: key type mismatch", __func__); 1543 fatal("%s: key type mismatch", __func__);
1520 if ((key = key_from_blob(blob, blen)) == NULL) 1544 if ((key = key_from_blob(blob, blen)) == NULL)
1521 fatal("%s: received bad key", __func__); 1545 fatal("%s: received bad key", __func__);
1522 1546 if (key->type != KEY_RSA)
1547 fatal("%s: received bad key type %d", __func__, key->type);
1548 key->type = KEY_RSA1;
1523 if (ssh1_challenge) 1549 if (ssh1_challenge)
1524 BN_clear_free(ssh1_challenge); 1550 BN_clear_free(ssh1_challenge);
1525 ssh1_challenge = auth_rsa_generate_challenge(key); 1551 ssh1_challenge = auth_rsa_generate_challenge(key);
@@ -1717,9 +1743,11 @@ mm_get_kex(Buffer *m)
1717 kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; 1743 kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
1718 kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; 1744 kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
1719#ifdef GSSAPI 1745#ifdef GSSAPI
1720 kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_server; 1746 if (options.gss_keyex) {
1721 kex->kex[KEX_GSS_GRP14_SHA1] = kexgss_server; 1747 kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_server;
1722 kex->kex[KEX_GSS_GEX_SHA1] = kexgss_server; 1748 kex->kex[KEX_GSS_GRP14_SHA1] = kexgss_server;
1749 kex->kex[KEX_GSS_GEX_SHA1] = kexgss_server;
1750 }
1723#endif 1751#endif
1724 kex->server = 1; 1752 kex->server = 1;
1725 kex->hostkey_type = buffer_get_int(m); 1753 kex->hostkey_type = buffer_get_int(m);
@@ -1920,6 +1948,9 @@ mm_answer_gss_setup_ctx(int sock, Buffer *m)
1920 OM_uint32 major; 1948 OM_uint32 major;
1921 u_int len; 1949 u_int len;
1922 1950
1951 if (!options.gss_authentication && !options.gss_keyex)
1952 fatal("In GSSAPI monitor when GSSAPI is disabled");
1953
1923 goid.elements = buffer_get_string(m, &len); 1954 goid.elements = buffer_get_string(m, &len);
1924 goid.length = len; 1955 goid.length = len;
1925 1956
@@ -1947,6 +1978,9 @@ mm_answer_gss_accept_ctx(int sock, Buffer *m)
1947 OM_uint32 flags = 0; /* GSI needs this */ 1978 OM_uint32 flags = 0; /* GSI needs this */
1948 u_int len; 1979 u_int len;
1949 1980
1981 if (!options.gss_authentication && !options.gss_keyex)
1982 fatal("In GSSAPI monitor when GSSAPI is disabled");
1983
1950 in.value = buffer_get_string(m, &len); 1984 in.value = buffer_get_string(m, &len);
1951 in.length = len; 1985 in.length = len;
1952 major = ssh_gssapi_accept_ctx(gsscontext, &in, &out, &flags); 1986 major = ssh_gssapi_accept_ctx(gsscontext, &in, &out, &flags);
@@ -1976,6 +2010,9 @@ mm_answer_gss_checkmic(int sock, Buffer *m)
1976 OM_uint32 ret; 2010 OM_uint32 ret;
1977 u_int len; 2011 u_int len;
1978 2012
2013 if (!options.gss_authentication && !options.gss_keyex)
2014 fatal("In GSSAPI monitor when GSSAPI is disabled");
2015
1979 gssbuf.value = buffer_get_string(m, &len); 2016 gssbuf.value = buffer_get_string(m, &len);
1980 gssbuf.length = len; 2017 gssbuf.length = len;
1981 mic.value = buffer_get_string(m, &len); 2018 mic.value = buffer_get_string(m, &len);
@@ -2002,7 +2039,11 @@ mm_answer_gss_userok(int sock, Buffer *m)
2002{ 2039{
2003 int authenticated; 2040 int authenticated;
2004 2041
2005 authenticated = authctxt->valid && ssh_gssapi_userok(authctxt->user); 2042 if (!options.gss_authentication && !options.gss_keyex)
2043 fatal("In GSSAPI monitor when GSSAPI is disabled");
2044
2045 authenticated = authctxt->valid &&
2046 ssh_gssapi_userok(authctxt->user, authctxt->pw);
2006 2047
2007 buffer_clear(m); 2048 buffer_clear(m);
2008 buffer_put_int(m, authenticated); 2049 buffer_put_int(m, authenticated);
@@ -2024,10 +2065,14 @@ mm_answer_gss_sign(int socket, Buffer *m)
2024 OM_uint32 major, minor; 2065 OM_uint32 major, minor;
2025 u_int len; 2066 u_int len;
2026 2067
2068 if (!options.gss_authentication && !options.gss_keyex)
2069 fatal("In GSSAPI monitor when GSSAPI is disabled");
2070
2027 data.value = buffer_get_string(m, &len); 2071 data.value = buffer_get_string(m, &len);
2028 data.length = len; 2072 data.length = len;
2029 if (data.length != 20) 2073 if (data.length != 20)
2030 fatal("%s: data length incorrect: %d", __func__, data.length); 2074 fatal("%s: data length incorrect: %d", __func__,
2075 (int) data.length);
2031 2076
2032 /* Save the session ID on the first time around */ 2077 /* Save the session ID on the first time around */
2033 if (session_id2_len == 0) { 2078 if (session_id2_len == 0) {
@@ -2049,8 +2094,237 @@ mm_answer_gss_sign(int socket, Buffer *m)
2049 2094
2050 /* Turn on getpwnam permissions */ 2095 /* Turn on getpwnam permissions */
2051 monitor_permit(mon_dispatch, MONITOR_REQ_PWNAM, 1); 2096 monitor_permit(mon_dispatch, MONITOR_REQ_PWNAM, 1);
2097
2098 /* And credential updating, for when rekeying */
2099 monitor_permit(mon_dispatch, MONITOR_REQ_GSSUPCREDS, 1);
2052 2100
2053 return (0); 2101 return (0);
2054} 2102}
2055 2103
2104int
2105mm_answer_gss_updatecreds(int socket, Buffer *m) {
2106 ssh_gssapi_ccache store;
2107 int ok;
2108
2109 store.filename = buffer_get_string(m, NULL);
2110 store.envvar = buffer_get_string(m, NULL);
2111 store.envval = buffer_get_string(m, NULL);
2112
2113 ok = ssh_gssapi_update_creds(&store);
2114
2115 xfree(store.filename);
2116 xfree(store.envvar);
2117 xfree(store.envval);
2118
2119 buffer_clear(m);
2120 buffer_put_int(m, ok);
2121
2122 mm_request_send(socket, MONITOR_ANS_GSSUPCREDS, m);
2123
2124 return(0);
2125}
2126
2056#endif /* GSSAPI */ 2127#endif /* GSSAPI */
2128
2129#ifdef JPAKE
2130int
2131mm_answer_jpake_step1(int sock, Buffer *m)
2132{
2133 struct jpake_ctx *pctx;
2134 u_char *x3_proof, *x4_proof;
2135 u_int x3_proof_len, x4_proof_len;
2136
2137 if (!options.zero_knowledge_password_authentication)
2138 fatal("zero_knowledge_password_authentication disabled");
2139
2140 if (authctxt->jpake_ctx != NULL)
2141 fatal("%s: authctxt->jpake_ctx already set (%p)",
2142 __func__, authctxt->jpake_ctx);
2143 authctxt->jpake_ctx = pctx = jpake_new();
2144
2145 jpake_step1(pctx->grp,
2146 &pctx->server_id, &pctx->server_id_len,
2147 &pctx->x3, &pctx->x4, &pctx->g_x3, &pctx->g_x4,
2148 &x3_proof, &x3_proof_len,
2149 &x4_proof, &x4_proof_len);
2150
2151 JPAKE_DEBUG_CTX((pctx, "step1 done in %s", __func__));
2152
2153 buffer_clear(m);
2154
2155 buffer_put_string(m, pctx->server_id, pctx->server_id_len);
2156 buffer_put_bignum2(m, pctx->g_x3);
2157 buffer_put_bignum2(m, pctx->g_x4);
2158 buffer_put_string(m, x3_proof, x3_proof_len);
2159 buffer_put_string(m, x4_proof, x4_proof_len);
2160
2161 debug3("%s: sending step1", __func__);
2162 mm_request_send(sock, MONITOR_ANS_JPAKE_STEP1, m);
2163
2164 bzero(x3_proof, x3_proof_len);
2165 bzero(x4_proof, x4_proof_len);
2166 xfree(x3_proof);
2167 xfree(x4_proof);
2168
2169 monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_GET_PWDATA, 1);
2170 monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_STEP1, 0);
2171
2172 return 0;
2173}
2174
2175int
2176mm_answer_jpake_get_pwdata(int sock, Buffer *m)
2177{
2178 struct jpake_ctx *pctx = authctxt->jpake_ctx;
2179 char *hash_scheme, *salt;
2180
2181 if (pctx == NULL)
2182 fatal("%s: pctx == NULL", __func__);
2183
2184 auth2_jpake_get_pwdata(authctxt, &pctx->s, &hash_scheme, &salt);
2185
2186 buffer_clear(m);
2187 /* pctx->s is sensitive, not returned to slave */
2188 buffer_put_cstring(m, hash_scheme);
2189 buffer_put_cstring(m, salt);
2190
2191 debug3("%s: sending pwdata", __func__);
2192 mm_request_send(sock, MONITOR_ANS_JPAKE_GET_PWDATA, m);
2193
2194 bzero(hash_scheme, strlen(hash_scheme));
2195 bzero(salt, strlen(salt));
2196 xfree(hash_scheme);
2197 xfree(salt);
2198
2199 monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_STEP2, 1);
2200
2201 return 0;
2202}
2203
2204int
2205mm_answer_jpake_step2(int sock, Buffer *m)
2206{
2207 struct jpake_ctx *pctx = authctxt->jpake_ctx;
2208 u_char *x1_proof, *x2_proof, *x4_s_proof;
2209 u_int x1_proof_len, x2_proof_len, x4_s_proof_len;
2210
2211 if (pctx == NULL)
2212 fatal("%s: pctx == NULL", __func__);
2213
2214 if ((pctx->g_x1 = BN_new()) == NULL ||
2215 (pctx->g_x2 = BN_new()) == NULL)
2216 fatal("%s: BN_new", __func__);
2217 buffer_get_bignum2(m, pctx->g_x1);
2218 buffer_get_bignum2(m, pctx->g_x2);
2219 pctx->client_id = buffer_get_string(m, &pctx->client_id_len);
2220 x1_proof = buffer_get_string(m, &x1_proof_len);
2221 x2_proof = buffer_get_string(m, &x2_proof_len);
2222
2223 jpake_step2(pctx->grp, pctx->s, pctx->g_x3,
2224 pctx->g_x1, pctx->g_x2, pctx->x4,
2225 pctx->client_id, pctx->client_id_len,
2226 pctx->server_id, pctx->server_id_len,
2227 x1_proof, x1_proof_len,
2228 x2_proof, x2_proof_len,
2229 &pctx->b,
2230 &x4_s_proof, &x4_s_proof_len);
2231
2232 JPAKE_DEBUG_CTX((pctx, "step2 done in %s", __func__));
2233
2234 bzero(x1_proof, x1_proof_len);
2235 bzero(x2_proof, x2_proof_len);
2236 xfree(x1_proof);
2237 xfree(x2_proof);
2238
2239 buffer_clear(m);
2240
2241 buffer_put_bignum2(m, pctx->b);
2242 buffer_put_string(m, x4_s_proof, x4_s_proof_len);
2243
2244 debug3("%s: sending step2", __func__);
2245 mm_request_send(sock, MONITOR_ANS_JPAKE_STEP2, m);
2246
2247 bzero(x4_s_proof, x4_s_proof_len);
2248 xfree(x4_s_proof);
2249
2250 monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_KEY_CONFIRM, 1);
2251
2252 return 0;
2253}
2254
2255int
2256mm_answer_jpake_key_confirm(int sock, Buffer *m)
2257{
2258 struct jpake_ctx *pctx = authctxt->jpake_ctx;
2259 u_char *x2_s_proof;
2260 u_int x2_s_proof_len;
2261
2262 if (pctx == NULL)
2263 fatal("%s: pctx == NULL", __func__);
2264
2265 if ((pctx->a = BN_new()) == NULL)
2266 fatal("%s: BN_new", __func__);
2267 buffer_get_bignum2(m, pctx->a);
2268 x2_s_proof = buffer_get_string(m, &x2_s_proof_len);
2269
2270 jpake_key_confirm(pctx->grp, pctx->s, pctx->a,
2271 pctx->x4, pctx->g_x3, pctx->g_x4, pctx->g_x1, pctx->g_x2,
2272 pctx->server_id, pctx->server_id_len,
2273 pctx->client_id, pctx->client_id_len,
2274 session_id2, session_id2_len,
2275 x2_s_proof, x2_s_proof_len,
2276 &pctx->k,
2277 &pctx->h_k_sid_sessid, &pctx->h_k_sid_sessid_len);
2278
2279 JPAKE_DEBUG_CTX((pctx, "key_confirm done in %s", __func__));
2280
2281 bzero(x2_s_proof, x2_s_proof_len);
2282 buffer_clear(m);
2283
2284 /* pctx->k is sensitive, not sent */
2285 buffer_put_string(m, pctx->h_k_sid_sessid, pctx->h_k_sid_sessid_len);
2286
2287 debug3("%s: sending confirmation hash", __func__);
2288 mm_request_send(sock, MONITOR_ANS_JPAKE_KEY_CONFIRM, m);
2289
2290 monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_CHECK_CONFIRM, 1);
2291
2292 return 0;
2293}
2294
2295int
2296mm_answer_jpake_check_confirm(int sock, Buffer *m)
2297{
2298 int authenticated = 0;
2299 u_char *peer_confirm_hash;
2300 u_int peer_confirm_hash_len;
2301 struct jpake_ctx *pctx = authctxt->jpake_ctx;
2302
2303 if (pctx == NULL)
2304 fatal("%s: pctx == NULL", __func__);
2305
2306 peer_confirm_hash = buffer_get_string(m, &peer_confirm_hash_len);
2307
2308 authenticated = jpake_check_confirm(pctx->k,
2309 pctx->client_id, pctx->client_id_len,
2310 session_id2, session_id2_len,
2311 peer_confirm_hash, peer_confirm_hash_len) && authctxt->valid;
2312
2313 JPAKE_DEBUG_CTX((pctx, "check_confirm done in %s", __func__));
2314
2315 bzero(peer_confirm_hash, peer_confirm_hash_len);
2316 xfree(peer_confirm_hash);
2317
2318 buffer_clear(m);
2319 buffer_put_int(m, authenticated);
2320
2321 debug3("%s: sending result %d", __func__, authenticated);
2322 mm_request_send(sock, MONITOR_ANS_JPAKE_CHECK_CONFIRM, m);
2323
2324 monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_STEP1, 1);
2325
2326 auth_method = "jpake-01@openssh.com";
2327 return authenticated;
2328}
2329
2330#endif /* JPAKE */
diff --git a/monitor.h b/monitor.h
index 835ff7290..5cebb356b 100644
--- a/monitor.h
+++ b/monitor.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: monitor.h,v 1.14 2006/03/25 22:22:43 djm Exp $ */ 1/* $OpenBSD: monitor.h,v 1.15 2008/11/04 08:22:13 djm Exp $ */
2 2
3/* 3/*
4 * Copyright 2002 Niels Provos <provos@citi.umich.edu> 4 * Copyright 2002 Niels Provos <provos@citi.umich.edu>
@@ -54,6 +54,7 @@ enum monitor_reqtype {
54 MONITOR_REQ_GSSUSEROK, MONITOR_ANS_GSSUSEROK, 54 MONITOR_REQ_GSSUSEROK, MONITOR_ANS_GSSUSEROK,
55 MONITOR_REQ_GSSCHECKMIC, MONITOR_ANS_GSSCHECKMIC, 55 MONITOR_REQ_GSSCHECKMIC, MONITOR_ANS_GSSCHECKMIC,
56 MONITOR_REQ_GSSSIGN, MONITOR_ANS_GSSSIGN, 56 MONITOR_REQ_GSSSIGN, MONITOR_ANS_GSSSIGN,
57 MONITOR_REQ_GSSUPCREDS, MONITOR_ANS_GSSUPCREDS,
57 MONITOR_REQ_PAM_START, 58 MONITOR_REQ_PAM_START,
58 MONITOR_REQ_PAM_ACCOUNT, MONITOR_ANS_PAM_ACCOUNT, 59 MONITOR_REQ_PAM_ACCOUNT, MONITOR_ANS_PAM_ACCOUNT,
59 MONITOR_REQ_PAM_INIT_CTX, MONITOR_ANS_PAM_INIT_CTX, 60 MONITOR_REQ_PAM_INIT_CTX, MONITOR_ANS_PAM_INIT_CTX,
@@ -61,7 +62,12 @@ enum monitor_reqtype {
61 MONITOR_REQ_PAM_RESPOND, MONITOR_ANS_PAM_RESPOND, 62 MONITOR_REQ_PAM_RESPOND, MONITOR_ANS_PAM_RESPOND,
62 MONITOR_REQ_PAM_FREE_CTX, MONITOR_ANS_PAM_FREE_CTX, 63 MONITOR_REQ_PAM_FREE_CTX, MONITOR_ANS_PAM_FREE_CTX,
63 MONITOR_REQ_AUDIT_EVENT, MONITOR_REQ_AUDIT_COMMAND, 64 MONITOR_REQ_AUDIT_EVENT, MONITOR_REQ_AUDIT_COMMAND,
64 MONITOR_REQ_TERM 65 MONITOR_REQ_TERM,
66 MONITOR_REQ_JPAKE_STEP1, MONITOR_ANS_JPAKE_STEP1,
67 MONITOR_REQ_JPAKE_GET_PWDATA, MONITOR_ANS_JPAKE_GET_PWDATA,
68 MONITOR_REQ_JPAKE_STEP2, MONITOR_ANS_JPAKE_STEP2,
69 MONITOR_REQ_JPAKE_KEY_CONFIRM, MONITOR_ANS_JPAKE_KEY_CONFIRM,
70 MONITOR_REQ_JPAKE_CHECK_CONFIRM, MONITOR_ANS_JPAKE_CHECK_CONFIRM,
65}; 71};
66 72
67struct mm_master; 73struct mm_master;
diff --git a/monitor_fdpass.c b/monitor_fdpass.c
index 28296d64b..3d3a78391 100644
--- a/monitor_fdpass.c
+++ b/monitor_fdpass.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: monitor_fdpass.c,v 1.17 2008/03/24 16:11:07 deraadt Exp $ */ 1/* $OpenBSD: monitor_fdpass.c,v 1.18 2008/11/30 11:59:26 dtucker Exp $ */
2/* 2/*
3 * Copyright 2001 Niels Provos <provos@citi.umich.edu> 3 * Copyright 2001 Niels Provos <provos@citi.umich.edu>
4 * All rights reserved. 4 * All rights reserved.
@@ -69,17 +69,16 @@ mm_send_fd(int sock, int fd)
69{ 69{
70#if defined(HAVE_SENDMSG) && (defined(HAVE_ACCRIGHTS_IN_MSGHDR) || defined(HAVE_CONTROL_IN_MSGHDR)) 70#if defined(HAVE_SENDMSG) && (defined(HAVE_ACCRIGHTS_IN_MSGHDR) || defined(HAVE_CONTROL_IN_MSGHDR))
71 struct msghdr msg; 71 struct msghdr msg;
72 struct iovec vec;
73 char ch = '\0';
74 ssize_t n;
75#ifndef HAVE_ACCRIGHTS_IN_MSGHDR 72#ifndef HAVE_ACCRIGHTS_IN_MSGHDR
76 union { 73 union {
77 struct cmsghdr hdr; 74 struct cmsghdr hdr;
78 char tmp[CMSG_SPACE(sizeof(int))];
79 char buf[CMSG_SPACE(sizeof(int))]; 75 char buf[CMSG_SPACE(sizeof(int))];
80 } cmsgbuf; 76 } cmsgbuf;
81 struct cmsghdr *cmsg; 77 struct cmsghdr *cmsg;
82#endif 78#endif
79 struct iovec vec;
80 char ch = '\0';
81 ssize_t n;
83 82
84 memset(&msg, 0, sizeof(msg)); 83 memset(&msg, 0, sizeof(msg));
85#ifdef HAVE_ACCRIGHTS_IN_MSGHDR 84#ifdef HAVE_ACCRIGHTS_IN_MSGHDR
@@ -100,7 +99,10 @@ mm_send_fd(int sock, int fd)
100 msg.msg_iov = &vec; 99 msg.msg_iov = &vec;
101 msg.msg_iovlen = 1; 100 msg.msg_iovlen = 1;
102 101
103 if ((n = sendmsg(sock, &msg, 0)) == -1) { 102 while ((n = sendmsg(sock, &msg, 0)) == -1 && (errno == EAGAIN ||
103 errno == EINTR))
104 debug3("%s: sendmsg(%d): %s", __func__, fd, strerror(errno));
105 if (n == -1) {
104 error("%s: sendmsg(%d): %s", __func__, fd, 106 error("%s: sendmsg(%d): %s", __func__, fd,
105 strerror(errno)); 107 strerror(errno));
106 return -1; 108 return -1;
@@ -123,10 +125,6 @@ mm_receive_fd(int sock)
123{ 125{
124#if defined(HAVE_RECVMSG) && (defined(HAVE_ACCRIGHTS_IN_MSGHDR) || defined(HAVE_CONTROL_IN_MSGHDR)) 126#if defined(HAVE_RECVMSG) && (defined(HAVE_ACCRIGHTS_IN_MSGHDR) || defined(HAVE_CONTROL_IN_MSGHDR))
125 struct msghdr msg; 127 struct msghdr msg;
126 struct iovec vec;
127 ssize_t n;
128 char ch;
129 int fd;
130#ifndef HAVE_ACCRIGHTS_IN_MSGHDR 128#ifndef HAVE_ACCRIGHTS_IN_MSGHDR
131 union { 129 union {
132 struct cmsghdr hdr; 130 struct cmsghdr hdr;
@@ -134,6 +132,10 @@ mm_receive_fd(int sock)
134 } cmsgbuf; 132 } cmsgbuf;
135 struct cmsghdr *cmsg; 133 struct cmsghdr *cmsg;
136#endif 134#endif
135 struct iovec vec;
136 ssize_t n;
137 char ch;
138 int fd;
137 139
138 memset(&msg, 0, sizeof(msg)); 140 memset(&msg, 0, sizeof(msg));
139 vec.iov_base = &ch; 141 vec.iov_base = &ch;
@@ -148,10 +150,14 @@ mm_receive_fd(int sock)
148 msg.msg_controllen = sizeof(cmsgbuf.buf); 150 msg.msg_controllen = sizeof(cmsgbuf.buf);
149#endif 151#endif
150 152
151 if ((n = recvmsg(sock, &msg, 0)) == -1) { 153 while ((n = recvmsg(sock, &msg, 0)) == -1 && (errno == EAGAIN ||
154 errno == EINTR))
155 debug3("%s: recvmsg: %s", __func__, strerror(errno));
156 if (n == -1) {
152 error("%s: recvmsg: %s", __func__, strerror(errno)); 157 error("%s: recvmsg: %s", __func__, strerror(errno));
153 return -1; 158 return -1;
154 } 159 }
160
155 if (n != 1) { 161 if (n != 1) {
156 error("%s: recvmsg: expected received 1 got %ld", 162 error("%s: recvmsg: expected received 1 got %ld",
157 __func__, (long)n); 163 __func__, (long)n);
@@ -169,6 +175,7 @@ mm_receive_fd(int sock)
169 error("%s: no message header", __func__); 175 error("%s: no message header", __func__);
170 return -1; 176 return -1;
171 } 177 }
178
172 if (!cmsg_type_is_broken() && cmsg->cmsg_type != SCM_RIGHTS) { 179 if (!cmsg_type_is_broken() && cmsg->cmsg_type != SCM_RIGHTS) {
173 error("%s: expected type %d got %d", __func__, 180 error("%s: expected type %d got %d", __func__,
174 SCM_RIGHTS, cmsg->cmsg_type); 181 SCM_RIGHTS, cmsg->cmsg_type);
diff --git a/monitor_wrap.c b/monitor_wrap.c
index 125f879c5..92e04901d 100644
--- a/monitor_wrap.c
+++ b/monitor_wrap.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: monitor_wrap.c,v 1.63 2008/07/10 18:08:11 markus Exp $ */ 1/* $OpenBSD: monitor_wrap.c,v 1.64 2008/11/04 08:22:13 djm Exp $ */
2/* 2/*
3 * Copyright 2002 Niels Provos <provos@citi.umich.edu> 3 * Copyright 2002 Niels Provos <provos@citi.umich.edu>
4 * Copyright 2002 Markus Friedl <markus@openbsd.org> 4 * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -40,6 +40,7 @@
40 40
41#include <openssl/bn.h> 41#include <openssl/bn.h>
42#include <openssl/dh.h> 42#include <openssl/dh.h>
43#include <openssl/evp.h>
43 44
44#include "openbsd-compat/sys-queue.h" 45#include "openbsd-compat/sys-queue.h"
45#include "xmalloc.h" 46#include "xmalloc.h"
@@ -70,7 +71,7 @@
70#include "atomicio.h" 71#include "atomicio.h"
71#include "monitor_fdpass.h" 72#include "monitor_fdpass.h"
72#include "misc.h" 73#include "misc.h"
73#include "servconf.h" 74#include "jpake.h"
74 75
75#include "channels.h" 76#include "channels.h"
76#include "session.h" 77#include "session.h"
@@ -1256,7 +1257,7 @@ mm_ssh_gssapi_checkmic(Gssctxt *ctx, gss_buffer_t gssbuf, gss_buffer_t gssmic)
1256} 1257}
1257 1258
1258int 1259int
1259mm_ssh_gssapi_userok(char *user) 1260mm_ssh_gssapi_userok(char *user, struct passwd *pw)
1260{ 1261{
1261 Buffer m; 1262 Buffer m;
1262 int authenticated = 0; 1263 int authenticated = 0;
@@ -1296,4 +1297,188 @@ mm_ssh_gssapi_sign(Gssctxt *ctx, gss_buffer_desc *data, gss_buffer_desc *hash)
1296 return(major); 1297 return(major);
1297} 1298}
1298 1299
1300int
1301mm_ssh_gssapi_update_creds(ssh_gssapi_ccache *store)
1302{
1303 Buffer m;
1304 int ok;
1305
1306 buffer_init(&m);
1307
1308 buffer_put_cstring(&m, store->filename ? store->filename : "");
1309 buffer_put_cstring(&m, store->envvar ? store->envvar : "");
1310 buffer_put_cstring(&m, store->envval ? store->envval : "");
1311
1312 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSUPCREDS, &m);
1313 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSUPCREDS, &m);
1314
1315 ok = buffer_get_int(&m);
1316
1317 buffer_free(&m);
1318
1319 return (ok);
1320}
1321
1299#endif /* GSSAPI */ 1322#endif /* GSSAPI */
1323
1324#ifdef JPAKE
1325void
1326mm_auth2_jpake_get_pwdata(Authctxt *authctxt, BIGNUM **s,
1327 char **hash_scheme, char **salt)
1328{
1329 Buffer m;
1330
1331 debug3("%s entering", __func__);
1332
1333 buffer_init(&m);
1334 mm_request_send(pmonitor->m_recvfd,
1335 MONITOR_REQ_JPAKE_GET_PWDATA, &m);
1336
1337 debug3("%s: waiting for MONITOR_ANS_JPAKE_GET_PWDATA", __func__);
1338 mm_request_receive_expect(pmonitor->m_recvfd,
1339 MONITOR_ANS_JPAKE_GET_PWDATA, &m);
1340
1341 *hash_scheme = buffer_get_string(&m, NULL);
1342 *salt = buffer_get_string(&m, NULL);
1343
1344 buffer_free(&m);
1345}
1346
1347void
1348mm_jpake_step1(struct jpake_group *grp,
1349 u_char **id, u_int *id_len,
1350 BIGNUM **priv1, BIGNUM **priv2, BIGNUM **g_priv1, BIGNUM **g_priv2,
1351 u_char **priv1_proof, u_int *priv1_proof_len,
1352 u_char **priv2_proof, u_int *priv2_proof_len)
1353{
1354 Buffer m;
1355
1356 debug3("%s entering", __func__);
1357
1358 buffer_init(&m);
1359 mm_request_send(pmonitor->m_recvfd,
1360 MONITOR_REQ_JPAKE_STEP1, &m);
1361
1362 debug3("%s: waiting for MONITOR_ANS_JPAKE_STEP1", __func__);
1363 mm_request_receive_expect(pmonitor->m_recvfd,
1364 MONITOR_ANS_JPAKE_STEP1, &m);
1365
1366 if ((*priv1 = BN_new()) == NULL ||
1367 (*priv2 = BN_new()) == NULL ||
1368 (*g_priv1 = BN_new()) == NULL ||
1369 (*g_priv2 = BN_new()) == NULL)
1370 fatal("%s: BN_new", __func__);
1371
1372 *id = buffer_get_string(&m, id_len);
1373 /* priv1 and priv2 are, well, private */
1374 buffer_get_bignum2(&m, *g_priv1);
1375 buffer_get_bignum2(&m, *g_priv2);
1376 *priv1_proof = buffer_get_string(&m, priv1_proof_len);
1377 *priv2_proof = buffer_get_string(&m, priv2_proof_len);
1378
1379 buffer_free(&m);
1380}
1381
1382void
1383mm_jpake_step2(struct jpake_group *grp, BIGNUM *s,
1384 BIGNUM *mypub1, BIGNUM *theirpub1, BIGNUM *theirpub2, BIGNUM *mypriv2,
1385 const u_char *theirid, u_int theirid_len,
1386 const u_char *myid, u_int myid_len,
1387 const u_char *theirpub1_proof, u_int theirpub1_proof_len,
1388 const u_char *theirpub2_proof, u_int theirpub2_proof_len,
1389 BIGNUM **newpub,
1390 u_char **newpub_exponent_proof, u_int *newpub_exponent_proof_len)
1391{
1392 Buffer m;
1393
1394 debug3("%s entering", __func__);
1395
1396 buffer_init(&m);
1397 /* monitor already has all bignums except theirpub1, theirpub2 */
1398 buffer_put_bignum2(&m, theirpub1);
1399 buffer_put_bignum2(&m, theirpub2);
1400 /* monitor already knows our id */
1401 buffer_put_string(&m, theirid, theirid_len);
1402 buffer_put_string(&m, theirpub1_proof, theirpub1_proof_len);
1403 buffer_put_string(&m, theirpub2_proof, theirpub2_proof_len);
1404
1405 mm_request_send(pmonitor->m_recvfd,
1406 MONITOR_REQ_JPAKE_STEP2, &m);
1407
1408 debug3("%s: waiting for MONITOR_ANS_JPAKE_STEP2", __func__);
1409 mm_request_receive_expect(pmonitor->m_recvfd,
1410 MONITOR_ANS_JPAKE_STEP2, &m);
1411
1412 if ((*newpub = BN_new()) == NULL)
1413 fatal("%s: BN_new", __func__);
1414
1415 buffer_get_bignum2(&m, *newpub);
1416 *newpub_exponent_proof = buffer_get_string(&m,
1417 newpub_exponent_proof_len);
1418
1419 buffer_free(&m);
1420}
1421
1422void
1423mm_jpake_key_confirm(struct jpake_group *grp, BIGNUM *s, BIGNUM *step2_val,
1424 BIGNUM *mypriv2, BIGNUM *mypub1, BIGNUM *mypub2,
1425 BIGNUM *theirpub1, BIGNUM *theirpub2,
1426 const u_char *my_id, u_int my_id_len,
1427 const u_char *their_id, u_int their_id_len,
1428 const u_char *sess_id, u_int sess_id_len,
1429 const u_char *theirpriv2_s_proof, u_int theirpriv2_s_proof_len,
1430 BIGNUM **k,
1431 u_char **confirm_hash, u_int *confirm_hash_len)
1432{
1433 Buffer m;
1434
1435 debug3("%s entering", __func__);
1436
1437 buffer_init(&m);
1438 /* monitor already has all bignums except step2_val */
1439 buffer_put_bignum2(&m, step2_val);
1440 /* monitor already knows all the ids */
1441 buffer_put_string(&m, theirpriv2_s_proof, theirpriv2_s_proof_len);
1442
1443 mm_request_send(pmonitor->m_recvfd,
1444 MONITOR_REQ_JPAKE_KEY_CONFIRM, &m);
1445
1446 debug3("%s: waiting for MONITOR_ANS_JPAKE_KEY_CONFIRM", __func__);
1447 mm_request_receive_expect(pmonitor->m_recvfd,
1448 MONITOR_ANS_JPAKE_KEY_CONFIRM, &m);
1449
1450 /* 'k' is sensitive and stays in the monitor */
1451 *confirm_hash = buffer_get_string(&m, confirm_hash_len);
1452
1453 buffer_free(&m);
1454}
1455
1456int
1457mm_jpake_check_confirm(const BIGNUM *k,
1458 const u_char *peer_id, u_int peer_id_len,
1459 const u_char *sess_id, u_int sess_id_len,
1460 const u_char *peer_confirm_hash, u_int peer_confirm_hash_len)
1461{
1462 Buffer m;
1463 int success = 0;
1464
1465 debug3("%s entering", __func__);
1466
1467 buffer_init(&m);
1468 /* k is dummy in slave, ignored */
1469 /* monitor knows all the ids */
1470 buffer_put_string(&m, peer_confirm_hash, peer_confirm_hash_len);
1471 mm_request_send(pmonitor->m_recvfd,
1472 MONITOR_REQ_JPAKE_CHECK_CONFIRM, &m);
1473
1474 debug3("%s: waiting for MONITOR_ANS_JPAKE_CHECK_CONFIRM", __func__);
1475 mm_request_receive_expect(pmonitor->m_recvfd,
1476 MONITOR_ANS_JPAKE_CHECK_CONFIRM, &m);
1477
1478 success = buffer_get_int(&m);
1479 buffer_free(&m);
1480
1481 debug3("%s: success = %d", __func__, success);
1482 return success;
1483}
1484#endif /* JPAKE */
diff --git a/monitor_wrap.h b/monitor_wrap.h
index 5920a90b2..0b85bea6f 100644
--- a/monitor_wrap.h
+++ b/monitor_wrap.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: monitor_wrap.h,v 1.20 2006/08/03 03:34:42 deraadt Exp $ */ 1/* $OpenBSD: monitor_wrap.h,v 1.21 2008/11/04 08:22:13 djm Exp $ */
2 2
3/* 3/*
4 * Copyright 2002 Niels Provos <provos@citi.umich.edu> 4 * Copyright 2002 Niels Provos <provos@citi.umich.edu>
@@ -58,9 +58,10 @@ BIGNUM *mm_auth_rsa_generate_challenge(Key *);
58OM_uint32 mm_ssh_gssapi_server_ctx(Gssctxt **, gss_OID); 58OM_uint32 mm_ssh_gssapi_server_ctx(Gssctxt **, gss_OID);
59OM_uint32 mm_ssh_gssapi_accept_ctx(Gssctxt *, 59OM_uint32 mm_ssh_gssapi_accept_ctx(Gssctxt *,
60 gss_buffer_desc *, gss_buffer_desc *, OM_uint32 *); 60 gss_buffer_desc *, gss_buffer_desc *, OM_uint32 *);
61int mm_ssh_gssapi_userok(char *user); 61int mm_ssh_gssapi_userok(char *user, struct passwd *);
62OM_uint32 mm_ssh_gssapi_checkmic(Gssctxt *, gss_buffer_t, gss_buffer_t); 62OM_uint32 mm_ssh_gssapi_checkmic(Gssctxt *, gss_buffer_t, gss_buffer_t);
63OM_uint32 mm_ssh_gssapi_sign(Gssctxt *, gss_buffer_t, gss_buffer_t); 63OM_uint32 mm_ssh_gssapi_sign(Gssctxt *, gss_buffer_t, gss_buffer_t);
64int mm_ssh_gssapi_update_creds(ssh_gssapi_ccache *);
64#endif 65#endif
65 66
66#ifdef USE_PAM 67#ifdef USE_PAM
@@ -103,6 +104,26 @@ int mm_bsdauth_respond(void *, u_int, char **);
103int mm_skey_query(void *, char **, char **, u_int *, char ***, u_int **); 104int mm_skey_query(void *, char **, char **, u_int *, char ***, u_int **);
104int mm_skey_respond(void *, u_int, char **); 105int mm_skey_respond(void *, u_int, char **);
105 106
107/* jpake */
108struct jpake_group;
109void mm_auth2_jpake_get_pwdata(struct Authctxt *, BIGNUM **, char **, char **);
110void mm_jpake_step1(struct jpake_group *, u_char **, u_int *,
111 BIGNUM **, BIGNUM **, BIGNUM **, BIGNUM **,
112 u_char **, u_int *, u_char **, u_int *);
113void mm_jpake_step2(struct jpake_group *, BIGNUM *,
114 BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *,
115 const u_char *, u_int, const u_char *, u_int,
116 const u_char *, u_int, const u_char *, u_int,
117 BIGNUM **, u_char **, u_int *);
118void mm_jpake_key_confirm(struct jpake_group *, BIGNUM *, BIGNUM *,
119 BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *,
120 const u_char *, u_int, const u_char *, u_int,
121 const u_char *, u_int, const u_char *, u_int,
122 BIGNUM **, u_char **, u_int *);
123int mm_jpake_check_confirm(const BIGNUM *,
124 const u_char *, u_int, const u_char *, u_int, const u_char *, u_int);
125
126
106/* zlib allocation hooks */ 127/* zlib allocation hooks */
107 128
108void *mm_zalloc(struct mm_master *, u_int, u_int); 129void *mm_zalloc(struct mm_master *, u_int, u_int);
diff --git a/myproposal.h b/myproposal.h
index 87a9e5820..7bca3bcae 100644
--- a/myproposal.h
+++ b/myproposal.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: myproposal.h,v 1.22 2007/06/07 19:37:34 pvalchev Exp $ */ 1/* $OpenBSD: myproposal.h,v 1.23 2009/01/23 07:58:11 djm Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2000 Markus Friedl. All rights reserved. 4 * Copyright (c) 2000 Markus Friedl. All rights reserved.
@@ -41,11 +41,12 @@
41#endif 41#endif
42 42
43#define KEX_DEFAULT_PK_ALG "ssh-rsa,ssh-dss" 43#define KEX_DEFAULT_PK_ALG "ssh-rsa,ssh-dss"
44
44#define KEX_DEFAULT_ENCRYPT \ 45#define KEX_DEFAULT_ENCRYPT \
46 "aes128-ctr,aes192-ctr,aes256-ctr," \
47 "arcfour256,arcfour128," \
45 "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \ 48 "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \
46 "arcfour128,arcfour256,arcfour," \ 49 "aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se"
47 "aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se," \
48 "aes128-ctr,aes192-ctr,aes256-ctr"
49#define KEX_DEFAULT_MAC \ 50#define KEX_DEFAULT_MAC \
50 "hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160," \ 51 "hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160," \
51 "hmac-ripemd160@openssh.com," \ 52 "hmac-ripemd160@openssh.com," \
diff --git a/nchan.c b/nchan.c
index d31c69b2f..160445e5a 100644
--- a/nchan.c
+++ b/nchan.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: nchan.c,v 1.60 2008/06/30 12:16:02 djm Exp $ */ 1/* $OpenBSD: nchan.c,v 1.62 2008/11/07 18:50:18 stevesk Exp $ */
2/* 2/*
3 * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved. 3 * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved.
4 * 4 *
@@ -486,12 +486,12 @@ chan_shutdown_write(Channel *c)
486 if (c->sock != -1) { 486 if (c->sock != -1) {
487 if (shutdown(c->sock, SHUT_WR) < 0) 487 if (shutdown(c->sock, SHUT_WR) < 0)
488 debug2("channel %d: chan_shutdown_write: " 488 debug2("channel %d: chan_shutdown_write: "
489 "shutdown() failed for fd%d: %.100s", 489 "shutdown() failed for fd %d: %.100s",
490 c->self, c->sock, strerror(errno)); 490 c->self, c->sock, strerror(errno));
491 } else { 491 } else {
492 if (channel_close_fd(&c->wfd) < 0) 492 if (channel_close_fd(&c->wfd) < 0)
493 logit("channel %d: chan_shutdown_write: " 493 logit("channel %d: chan_shutdown_write: "
494 "close() failed for fd%d: %.100s", 494 "close() failed for fd %d: %.100s",
495 c->self, c->wfd, strerror(errno)); 495 c->self, c->wfd, strerror(errno));
496 } 496 }
497} 497}
@@ -510,13 +510,13 @@ chan_shutdown_read(Channel *c)
510 if (shutdown(c->sock, SHUT_RD) < 0 510 if (shutdown(c->sock, SHUT_RD) < 0
511 && errno != ENOTCONN) 511 && errno != ENOTCONN)
512 error("channel %d: chan_shutdown_read: " 512 error("channel %d: chan_shutdown_read: "
513 "shutdown() failed for fd%d [i%d o%d]: %.100s", 513 "shutdown() failed for fd %d [i%d o%d]: %.100s",
514 c->self, c->sock, c->istate, c->ostate, 514 c->self, c->sock, c->istate, c->ostate,
515 strerror(errno)); 515 strerror(errno));
516 } else { 516 } else {
517 if (channel_close_fd(&c->rfd) < 0) 517 if (channel_close_fd(&c->rfd) < 0)
518 logit("channel %d: chan_shutdown_read: " 518 logit("channel %d: chan_shutdown_read: "
519 "close() failed for fd%d: %.100s", 519 "close() failed for fd %d: %.100s",
520 c->self, c->rfd, strerror(errno)); 520 c->self, c->rfd, strerror(errno));
521 } 521 }
522} 522}
diff --git a/openbsd-compat/.cvsignore b/openbsd-compat/.cvsignore
deleted file mode 100644
index f3c7a7c5d..000000000
--- a/openbsd-compat/.cvsignore
+++ /dev/null
@@ -1 +0,0 @@
1Makefile
diff --git a/openbsd-compat/bsd-poll.c b/openbsd-compat/bsd-poll.c
index 284db3a1f..f899d7a24 100644
--- a/openbsd-compat/bsd-poll.c
+++ b/openbsd-compat/bsd-poll.c
@@ -1,4 +1,4 @@
1/* $Id: bsd-poll.c,v 1.3 2008/04/04 05:16:36 djm Exp $ */ 1/* $Id: bsd-poll.c,v 1.4 2008/08/29 21:32:38 dtucker Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2004, 2005, 2007 Darren Tucker (dtucker at zip com au). 4 * Copyright (c) 2004, 2005, 2007 Darren Tucker (dtucker at zip com au).
@@ -46,11 +46,12 @@ poll(struct pollfd *fds, nfds_t nfds, int timeout)
46 struct timeval tv, *tvp = NULL; 46 struct timeval tv, *tvp = NULL;
47 47
48 for (i = 0; i < nfds; i++) { 48 for (i = 0; i < nfds; i++) {
49 fd = fds[i].fd;
49 if (fd >= FD_SETSIZE) { 50 if (fd >= FD_SETSIZE) {
50 errno = EINVAL; 51 errno = EINVAL;
51 return -1; 52 return -1;
52 } 53 }
53 maxfd = MAX(maxfd, fds[i].fd); 54 maxfd = MAX(maxfd, fd);
54 } 55 }
55 56
56 nmemb = howmany(maxfd + 1 , NFDBITS); 57 nmemb = howmany(maxfd + 1 , NFDBITS);
diff --git a/openbsd-compat/port-uw.c b/openbsd-compat/port-uw.c
index ebc229a6a..be9905a6a 100644
--- a/openbsd-compat/port-uw.c
+++ b/openbsd-compat/port-uw.c
@@ -25,7 +25,7 @@
25 25
26#include "includes.h" 26#include "includes.h"
27 27
28#ifdef HAVE_LIBIAF 28#if defined(HAVE_LIBIAF) && !defined(HAVE_SECUREWARE)
29#include <sys/types.h> 29#include <sys/types.h>
30#ifdef HAVE_CRYPT_H 30#ifdef HAVE_CRYPT_H
31# include <crypt.h> 31# include <crypt.h>
@@ -145,5 +145,5 @@ get_iaf_password(struct passwd *pw)
145 fatal("ia_openinfo: Unable to open the shadow passwd file"); 145 fatal("ia_openinfo: Unable to open the shadow passwd file");
146} 146}
147#endif /* USE_LIBIAF */ 147#endif /* USE_LIBIAF */
148#endif /* HAVE_LIBIAF */ 148#endif /* HAVE_LIBIAF and not HAVE_SECUREWARE */
149 149
diff --git a/openbsd-compat/xcrypt.c b/openbsd-compat/xcrypt.c
index d8636bb39..6291e2884 100644
--- a/openbsd-compat/xcrypt.c
+++ b/openbsd-compat/xcrypt.c
@@ -28,7 +28,7 @@
28#include <unistd.h> 28#include <unistd.h>
29#include <pwd.h> 29#include <pwd.h>
30 30
31# ifdef HAVE_CRYPT_H 31# if defined(HAVE_CRYPT_H) && !defined(HAVE_SECUREWARE)
32# include <crypt.h> 32# include <crypt.h>
33# endif 33# endif
34 34
diff --git a/openbsd-compat/xmmap.c b/openbsd-compat/xmmap.c
index 23efe3888..04c6babc2 100644
--- a/openbsd-compat/xmmap.c
+++ b/openbsd-compat/xmmap.c
@@ -23,7 +23,7 @@
23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 */ 24 */
25 25
26/* $Id: xmmap.c,v 1.14 2007/06/11 02:52:24 djm Exp $ */ 26/* $Id: xmmap.c,v 1.15 2009/02/16 04:21:40 djm Exp $ */
27 27
28#include "includes.h" 28#include "includes.h"
29 29
@@ -71,7 +71,8 @@ xmmap(size_t size)
71 fatal("mkstemp(\"%s\"): %s", 71 fatal("mkstemp(\"%s\"): %s",
72 MM_SWAP_TEMPLATE, strerror(errno)); 72 MM_SWAP_TEMPLATE, strerror(errno));
73 unlink(tmpname); 73 unlink(tmpname);
74 ftruncate(tmpfd, size); 74 if (ftruncate(tmpfd, size) != 0)
75 fatal("%s: ftruncate: %s", __func__, strerror(errno));
75 address = mmap(NULL, size, PROT_WRITE|PROT_READ, MAP_SHARED, 76 address = mmap(NULL, size, PROT_WRITE|PROT_READ, MAP_SHARED,
76 tmpfd, (off_t)0); 77 tmpfd, (off_t)0);
77 close(tmpfd); 78 close(tmpfd);
diff --git a/packet.c b/packet.c
index 3cb3decd9..5afc84ce0 100644
--- a/packet.c
+++ b/packet.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: packet.c,v 1.157 2008/07/10 18:08:11 markus Exp $ */ 1/* $OpenBSD: packet.c,v 1.160 2009/02/13 11:50:21 markus Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -84,6 +84,8 @@
84#define DBG(x) 84#define DBG(x)
85#endif 85#endif
86 86
87#define PACKET_MAX_SIZE (256 * 1024)
88
87/* 89/*
88 * This variable contains the file descriptors used for communicating with 90 * This variable contains the file descriptors used for communicating with
89 * the other side. connection_in is used for reading; connection_out for 91 * the other side. connection_in is used for reading; connection_out for
@@ -160,6 +162,10 @@ static u_int ssh1_keylen;
160/* roundup current message to extra_pad bytes */ 162/* roundup current message to extra_pad bytes */
161static u_char extra_pad = 0; 163static u_char extra_pad = 0;
162 164
165/* XXX discard incoming data after MAC error */
166static u_int packet_discard = 0;
167static Mac *packet_discard_mac = NULL;
168
163struct packet { 169struct packet {
164 TAILQ_ENTRY(packet) next; 170 TAILQ_ENTRY(packet) next;
165 u_char type; 171 u_char type;
@@ -209,6 +215,36 @@ packet_set_timeout(int timeout, int count)
209 packet_timeout_ms = timeout * count * 1000; 215 packet_timeout_ms = timeout * count * 1000;
210} 216}
211 217
218static void
219packet_stop_discard(void)
220{
221 if (packet_discard_mac) {
222 char buf[1024];
223
224 memset(buf, 'a', sizeof(buf));
225 while (buffer_len(&incoming_packet) < PACKET_MAX_SIZE)
226 buffer_append(&incoming_packet, buf, sizeof(buf));
227 (void) mac_compute(packet_discard_mac,
228 p_read.seqnr,
229 buffer_ptr(&incoming_packet),
230 PACKET_MAX_SIZE);
231 }
232 logit("Finished discarding for %.200s", get_remote_ipaddr());
233 cleanup_exit(255);
234}
235
236static void
237packet_start_discard(Enc *enc, Mac *mac, u_int packet_length, u_int discard)
238{
239 if (enc == NULL || !cipher_is_cbc(enc->cipher))
240 packet_disconnect("Packet corrupt");
241 if (packet_length != PACKET_MAX_SIZE && mac && mac->enabled)
242 packet_discard_mac = mac;
243 if (buffer_len(&input) >= discard)
244 packet_stop_discard();
245 packet_discard = discard - buffer_len(&input);
246}
247
212/* Returns 1 if remote host is connected via socket, 0 if not. */ 248/* Returns 1 if remote host is connected via socket, 0 if not. */
213 249
214int 250int
@@ -1127,6 +1163,9 @@ packet_read_poll2(u_int32_t *seqnr_p)
1127 Mac *mac = NULL; 1163 Mac *mac = NULL;
1128 Comp *comp = NULL; 1164 Comp *comp = NULL;
1129 1165
1166 if (packet_discard)
1167 return SSH_MSG_NONE;
1168
1130 if (newkeys[MODE_IN] != NULL) { 1169 if (newkeys[MODE_IN] != NULL) {
1131 enc = &newkeys[MODE_IN]->enc; 1170 enc = &newkeys[MODE_IN]->enc;
1132 mac = &newkeys[MODE_IN]->mac; 1171 mac = &newkeys[MODE_IN]->mac;
@@ -1148,12 +1187,14 @@ packet_read_poll2(u_int32_t *seqnr_p)
1148 block_size); 1187 block_size);
1149 cp = buffer_ptr(&incoming_packet); 1188 cp = buffer_ptr(&incoming_packet);
1150 packet_length = get_u32(cp); 1189 packet_length = get_u32(cp);
1151 if (packet_length < 1 + 4 || packet_length > 256 * 1024) { 1190 if (packet_length < 1 + 4 || packet_length > PACKET_MAX_SIZE) {
1152#ifdef PACKET_DEBUG 1191#ifdef PACKET_DEBUG
1153 buffer_dump(&incoming_packet); 1192 buffer_dump(&incoming_packet);
1154#endif 1193#endif
1155 packet_disconnect("Bad packet length %-10u", 1194 logit("Bad packet length %u.", packet_length);
1156 packet_length); 1195 packet_start_discard(enc, mac, packet_length,
1196 PACKET_MAX_SIZE);
1197 return SSH_MSG_NONE;
1157 } 1198 }
1158 DBG(debug("input: packet len %u", packet_length+4)); 1199 DBG(debug("input: packet len %u", packet_length+4));
1159 buffer_consume(&input, block_size); 1200 buffer_consume(&input, block_size);
@@ -1165,7 +1206,9 @@ packet_read_poll2(u_int32_t *seqnr_p)
1165 if (need % block_size != 0) { 1206 if (need % block_size != 0) {
1166 logit("padding error: need %d block %d mod %d", 1207 logit("padding error: need %d block %d mod %d",
1167 need, block_size, need % block_size); 1208 need, block_size, need % block_size);
1168 packet_disconnect("Bad packet length %-10u", packet_length); 1209 packet_start_discard(enc, mac, packet_length,
1210 PACKET_MAX_SIZE - block_size);
1211 return SSH_MSG_NONE;
1169 } 1212 }
1170 /* 1213 /*
1171 * check if the entire packet has been received and 1214 * check if the entire packet has been received and
@@ -1188,11 +1231,19 @@ packet_read_poll2(u_int32_t *seqnr_p)
1188 macbuf = mac_compute(mac, p_read.seqnr, 1231 macbuf = mac_compute(mac, p_read.seqnr,
1189 buffer_ptr(&incoming_packet), 1232 buffer_ptr(&incoming_packet),
1190 buffer_len(&incoming_packet)); 1233 buffer_len(&incoming_packet));
1191 if (memcmp(macbuf, buffer_ptr(&input), mac->mac_len) != 0) 1234 if (memcmp(macbuf, buffer_ptr(&input), mac->mac_len) != 0) {
1192 packet_disconnect("Corrupted MAC on input."); 1235 logit("Corrupted MAC on input.");
1236 if (need > PACKET_MAX_SIZE)
1237 fatal("internal error need %d", need);
1238 packet_start_discard(enc, mac, packet_length,
1239 PACKET_MAX_SIZE - need);
1240 return SSH_MSG_NONE;
1241 }
1242
1193 DBG(debug("MAC #%d ok", p_read.seqnr)); 1243 DBG(debug("MAC #%d ok", p_read.seqnr));
1194 buffer_consume(&input, mac->mac_len); 1244 buffer_consume(&input, mac->mac_len);
1195 } 1245 }
1246 /* XXX now it's safe to use fatal/packet_disconnect */
1196 if (seqnr_p != NULL) 1247 if (seqnr_p != NULL)
1197 *seqnr_p = p_read.seqnr; 1248 *seqnr_p = p_read.seqnr;
1198 if (++p_read.seqnr == 0) 1249 if (++p_read.seqnr == 0)
@@ -1325,6 +1376,13 @@ packet_read_poll(void)
1325void 1376void
1326packet_process_incoming(const char *buf, u_int len) 1377packet_process_incoming(const char *buf, u_int len)
1327{ 1378{
1379 if (packet_discard) {
1380 keep_alive_timeouts = 0; /* ?? */
1381 if (len >= packet_discard)
1382 packet_stop_discard();
1383 packet_discard -= len;
1384 return;
1385 }
1328 buffer_append(&input, buf, len); 1386 buffer_append(&input, buf, len);
1329} 1387}
1330 1388
diff --git a/pathnames.h b/pathnames.h
index e07123437..9f0030d46 100644
--- a/pathnames.h
+++ b/pathnames.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: pathnames.h,v 1.16 2006/03/25 22:22:43 djm Exp $ */ 1/* $OpenBSD: pathnames.h,v 1.17 2008/12/29 02:23:26 stevesk Exp $ */
2 2
3/* 3/*
4 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -61,7 +61,7 @@
61#define _PATH_SSH_DAEMON_PID_FILE _PATH_SSH_PIDDIR "/sshd.pid" 61#define _PATH_SSH_DAEMON_PID_FILE _PATH_SSH_PIDDIR "/sshd.pid"
62 62
63/* 63/*
64 * The directory in user\'s home directory in which the files reside. The 64 * The directory in user's home directory in which the files reside. The
65 * directory should be world-readable (though not all files are). 65 * directory should be world-readable (though not all files are).
66 */ 66 */
67#define _PATH_SSH_USER_DIR ".ssh" 67#define _PATH_SSH_USER_DIR ".ssh"
@@ -84,9 +84,9 @@
84#define _PATH_SSH_CLIENT_ID_RSA ".ssh/id_rsa" 84#define _PATH_SSH_CLIENT_ID_RSA ".ssh/id_rsa"
85 85
86/* 86/*
87 * Configuration file in user\'s home directory. This file need not be 87 * Configuration file in user's home directory. This file need not be
88 * readable by anyone but the user him/herself, but does not contain anything 88 * readable by anyone but the user him/herself, but does not contain anything
89 * particularly secret. If the user\'s home directory resides on an NFS 89 * particularly secret. If the user's home directory resides on an NFS
90 * volume where root is mapped to nobody, this may need to be world-readable. 90 * volume where root is mapped to nobody, this may need to be world-readable.
91 */ 91 */
92#define _PATH_SSH_USER_CONFFILE ".ssh/config" 92#define _PATH_SSH_USER_CONFFILE ".ssh/config"
@@ -94,7 +94,7 @@
94/* 94/*
95 * File containing a list of those rsa keys that permit logging in as this 95 * File containing a list of those rsa keys that permit logging in as this
96 * user. This file need not be readable by anyone but the user him/herself, 96 * user. This file need not be readable by anyone but the user him/herself,
97 * but does not contain anything particularly secret. If the user\'s home 97 * but does not contain anything particularly secret. If the user's home
98 * directory resides on an NFS volume where root is mapped to nobody, this 98 * directory resides on an NFS volume where root is mapped to nobody, this
99 * may need to be world-readable. (This file is read by the daemon which is 99 * may need to be world-readable. (This file is read by the daemon which is
100 * running as root.) 100 * running as root.)
diff --git a/readconf.c b/readconf.c
index 043673ced..be27e75bc 100644
--- a/readconf.c
+++ b/readconf.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: readconf.c,v 1.167 2008/06/26 11:46:31 grunk Exp $ */ 1/* $OpenBSD: readconf.c,v 1.176 2009/02/12 03:00:56 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -130,12 +130,11 @@ typedef enum {
130 oClearAllForwardings, oNoHostAuthenticationForLocalhost, 130 oClearAllForwardings, oNoHostAuthenticationForLocalhost,
131 oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, 131 oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
132 oAddressFamily, oGssAuthentication, oGssDelegateCreds, 132 oAddressFamily, oGssAuthentication, oGssDelegateCreds,
133 oGssKeyEx, 133 oGssTrustDns, oGssKeyEx, oGssClientIdentity, oGssRenewalRekey,
134 oGssTrustDns,
135 oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, 134 oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
136 oSendEnv, oControlPath, oControlMaster, oHashKnownHosts, 135 oSendEnv, oControlPath, oControlMaster, oHashKnownHosts,
137 oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, 136 oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,
138 oVisualHostKey, 137 oVisualHostKey, oZeroKnowledgePasswordAuthentication,
139 oProtocolKeepAlives, oSetupTimeOut, 138 oProtocolKeepAlives, oSetupTimeOut,
140 oDeprecated, oUnsupported 139 oDeprecated, oUnsupported
141} OpCodes; 140} OpCodes;
@@ -174,16 +173,20 @@ static struct {
174 { "gssapikeyexchange", oGssKeyEx }, 173 { "gssapikeyexchange", oGssKeyEx },
175 { "gssapidelegatecredentials", oGssDelegateCreds }, 174 { "gssapidelegatecredentials", oGssDelegateCreds },
176 { "gssapitrustdns", oGssTrustDns }, 175 { "gssapitrustdns", oGssTrustDns },
176 { "gssapiclientidentity", oGssClientIdentity },
177 { "gssapirenewalforcesrekey", oGssRenewalRekey },
177#else 178#else
178 { "gssapiauthentication", oUnsupported }, 179 { "gssapiauthentication", oUnsupported },
179 { "gssapikeyexchange", oUnsupported }, 180 { "gssapikeyexchange", oUnsupported },
180 { "gssapidelegatecredentials", oUnsupported }, 181 { "gssapidelegatecredentials", oUnsupported },
181 { "gssapitrustdns", oUnsupported }, 182 { "gssapitrustdns", oUnsupported },
183 { "gssapiclientidentity", oUnsupported },
184 { "gssapirenewalforcesrekey", oUnsupported },
182#endif 185#endif
183 { "fallbacktorsh", oDeprecated }, 186 { "fallbacktorsh", oDeprecated },
184 { "usersh", oDeprecated }, 187 { "usersh", oDeprecated },
185 { "identityfile", oIdentityFile }, 188 { "identityfile", oIdentityFile },
186 { "identityfile2", oIdentityFile }, /* alias */ 189 { "identityfile2", oIdentityFile }, /* obsolete */
187 { "identitiesonly", oIdentitiesOnly }, 190 { "identitiesonly", oIdentitiesOnly },
188 { "hostname", oHostName }, 191 { "hostname", oHostName },
189 { "hostkeyalias", oHostKeyAlias }, 192 { "hostkeyalias", oHostKeyAlias },
@@ -199,8 +202,8 @@ static struct {
199 { "host", oHost }, 202 { "host", oHost },
200 { "escapechar", oEscapeChar }, 203 { "escapechar", oEscapeChar },
201 { "globalknownhostsfile", oGlobalKnownHostsFile }, 204 { "globalknownhostsfile", oGlobalKnownHostsFile },
202 { "userknownhostsfile", oUserKnownHostsFile }, /* obsolete */ 205 { "globalknownhostsfile2", oGlobalKnownHostsFile2 }, /* obsolete */
203 { "globalknownhostsfile2", oGlobalKnownHostsFile2 }, 206 { "userknownhostsfile", oUserKnownHostsFile },
204 { "userknownhostsfile2", oUserKnownHostsFile2 }, /* obsolete */ 207 { "userknownhostsfile2", oUserKnownHostsFile2 }, /* obsolete */
205 { "connectionattempts", oConnectionAttempts }, 208 { "connectionattempts", oConnectionAttempts },
206 { "batchmode", oBatchMode }, 209 { "batchmode", oBatchMode },
@@ -239,8 +242,15 @@ static struct {
239 { "localcommand", oLocalCommand }, 242 { "localcommand", oLocalCommand },
240 { "permitlocalcommand", oPermitLocalCommand }, 243 { "permitlocalcommand", oPermitLocalCommand },
241 { "visualhostkey", oVisualHostKey }, 244 { "visualhostkey", oVisualHostKey },
245#ifdef JPAKE
246 { "zeroknowledgepasswordauthentication",
247 oZeroKnowledgePasswordAuthentication },
248#else
249 { "zeroknowledgepasswordauthentication", oUnsupported },
250#endif
242 { "protocolkeepalives", oProtocolKeepAlives }, 251 { "protocolkeepalives", oProtocolKeepAlives },
243 { "setuptimeout", oSetupTimeOut }, 252 { "setuptimeout", oSetupTimeOut },
253
244 { NULL, oBadOption } 254 { NULL, oBadOption }
245}; 255};
246 256
@@ -262,10 +272,9 @@ add_local_forward(Options *options, const Forward *newfwd)
262 fatal("Too many local forwards (max %d).", SSH_MAX_FORWARDS_PER_DIRECTION); 272 fatal("Too many local forwards (max %d).", SSH_MAX_FORWARDS_PER_DIRECTION);
263 fwd = &options->local_forwards[options->num_local_forwards++]; 273 fwd = &options->local_forwards[options->num_local_forwards++];
264 274
265 fwd->listen_host = (newfwd->listen_host == NULL) ? 275 fwd->listen_host = newfwd->listen_host;
266 NULL : xstrdup(newfwd->listen_host);
267 fwd->listen_port = newfwd->listen_port; 276 fwd->listen_port = newfwd->listen_port;
268 fwd->connect_host = xstrdup(newfwd->connect_host); 277 fwd->connect_host = newfwd->connect_host;
269 fwd->connect_port = newfwd->connect_port; 278 fwd->connect_port = newfwd->connect_port;
270} 279}
271 280
@@ -283,10 +292,9 @@ add_remote_forward(Options *options, const Forward *newfwd)
283 SSH_MAX_FORWARDS_PER_DIRECTION); 292 SSH_MAX_FORWARDS_PER_DIRECTION);
284 fwd = &options->remote_forwards[options->num_remote_forwards++]; 293 fwd = &options->remote_forwards[options->num_remote_forwards++];
285 294
286 fwd->listen_host = (newfwd->listen_host == NULL) ? 295 fwd->listen_host = newfwd->listen_host;
287 NULL : xstrdup(newfwd->listen_host);
288 fwd->listen_port = newfwd->listen_port; 296 fwd->listen_port = newfwd->listen_port;
289 fwd->connect_host = xstrdup(newfwd->connect_host); 297 fwd->connect_host = newfwd->connect_host;
290 fwd->connect_port = newfwd->connect_port; 298 fwd->connect_port = newfwd->connect_port;
291} 299}
292 300
@@ -425,6 +433,10 @@ parse_flag:
425 intptr = &options->password_authentication; 433 intptr = &options->password_authentication;
426 goto parse_flag; 434 goto parse_flag;
427 435
436 case oZeroKnowledgePasswordAuthentication:
437 intptr = &options->zero_knowledge_password_authentication;
438 goto parse_flag;
439
428 case oKbdInteractiveAuthentication: 440 case oKbdInteractiveAuthentication:
429 intptr = &options->kbd_interactive_authentication; 441 intptr = &options->kbd_interactive_authentication;
430 goto parse_flag; 442 goto parse_flag;
@@ -462,7 +474,7 @@ parse_flag:
462 goto parse_flag; 474 goto parse_flag;
463 475
464 case oGssKeyEx: 476 case oGssKeyEx:
465 intptr = &options->gss_keyex; 477 intptr = &options->gss_keyex;
466 goto parse_flag; 478 goto parse_flag;
467 479
468 case oGssDelegateCreds: 480 case oGssDelegateCreds:
@@ -473,6 +485,14 @@ parse_flag:
473 intptr = &options->gss_trust_dns; 485 intptr = &options->gss_trust_dns;
474 goto parse_flag; 486 goto parse_flag;
475 487
488 case oGssClientIdentity:
489 charptr = &options->gss_client_identity;
490 goto parse_string;
491
492 case oGssRenewalRekey:
493 intptr = &options->gss_renewal_rekey;
494 goto parse_flag;
495
476 case oBatchMode: 496 case oBatchMode:
477 intptr = &options->batch_mode; 497 intptr = &options->batch_mode;
478 goto parse_flag; 498 goto parse_flag;
@@ -731,56 +751,40 @@ parse_int:
731 751
732 case oLocalForward: 752 case oLocalForward:
733 case oRemoteForward: 753 case oRemoteForward:
754 case oDynamicForward:
734 arg = strdelim(&s); 755 arg = strdelim(&s);
735 if (arg == NULL || *arg == '\0') 756 if (arg == NULL || *arg == '\0')
736 fatal("%.200s line %d: Missing port argument.", 757 fatal("%.200s line %d: Missing port argument.",
737 filename, linenum); 758 filename, linenum);
738 arg2 = strdelim(&s);
739 if (arg2 == NULL || *arg2 == '\0')
740 fatal("%.200s line %d: Missing target argument.",
741 filename, linenum);
742 759
743 /* construct a string for parse_forward */ 760 if (opcode == oLocalForward ||
744 snprintf(fwdarg, sizeof(fwdarg), "%s:%s", arg, arg2); 761 opcode == oRemoteForward) {
762 arg2 = strdelim(&s);
763 if (arg2 == NULL || *arg2 == '\0')
764 fatal("%.200s line %d: Missing target argument.",
765 filename, linenum);
745 766
746 if (parse_forward(&fwd, fwdarg) == 0) 767 /* construct a string for parse_forward */
768 snprintf(fwdarg, sizeof(fwdarg), "%s:%s", arg, arg2);
769 } else if (opcode == oDynamicForward) {
770 strlcpy(fwdarg, arg, sizeof(fwdarg));
771 }
772
773 if (parse_forward(&fwd, fwdarg,
774 opcode == oDynamicForward ? 1 : 0,
775 opcode == oRemoteForward ? 1 : 0) == 0)
747 fatal("%.200s line %d: Bad forwarding specification.", 776 fatal("%.200s line %d: Bad forwarding specification.",
748 filename, linenum); 777 filename, linenum);
749 778
750 if (*activep) { 779 if (*activep) {
751 if (opcode == oLocalForward) 780 if (opcode == oLocalForward ||
781 opcode == oDynamicForward)
752 add_local_forward(options, &fwd); 782 add_local_forward(options, &fwd);
753 else if (opcode == oRemoteForward) 783 else if (opcode == oRemoteForward)
754 add_remote_forward(options, &fwd); 784 add_remote_forward(options, &fwd);
755 } 785 }
756 break; 786 break;
757 787
758 case oDynamicForward:
759 arg = strdelim(&s);
760 if (!arg || *arg == '\0')
761 fatal("%.200s line %d: Missing port argument.",
762 filename, linenum);
763 memset(&fwd, '\0', sizeof(fwd));
764 fwd.connect_host = "socks";
765 fwd.listen_host = hpdelim(&arg);
766 if (fwd.listen_host == NULL ||
767 strlen(fwd.listen_host) >= NI_MAXHOST)
768 fatal("%.200s line %d: Bad forwarding specification.",
769 filename, linenum);
770 if (arg) {
771 fwd.listen_port = a2port(arg);
772 fwd.listen_host = cleanhostname(fwd.listen_host);
773 } else {
774 fwd.listen_port = a2port(fwd.listen_host);
775 fwd.listen_host = NULL;
776 }
777 if (fwd.listen_port == 0)
778 fatal("%.200s line %d: Badly formatted port number.",
779 filename, linenum);
780 if (*activep)
781 add_local_forward(options, &fwd);
782 break;
783
784 case oClearAllForwardings: 788 case oClearAllForwardings:
785 intptr = &options->clear_forwardings; 789 intptr = &options->clear_forwardings;
786 goto parse_flag; 790 goto parse_flag;
@@ -986,7 +990,6 @@ read_config_file(const char *filename, const char *host, Options *options,
986 int active, linenum; 990 int active, linenum;
987 int bad_options = 0; 991 int bad_options = 0;
988 992
989 /* Open the file. */
990 if ((f = fopen(filename, "r")) == NULL) 993 if ((f = fopen(filename, "r")) == NULL)
991 return 0; 994 return 0;
992 995
@@ -1065,6 +1068,8 @@ initialize_options(Options * options)
1065 options->gss_keyex = -1; 1068 options->gss_keyex = -1;
1066 options->gss_deleg_creds = -1; 1069 options->gss_deleg_creds = -1;
1067 options->gss_trust_dns = -1; 1070 options->gss_trust_dns = -1;
1071 options->gss_renewal_rekey = -1;
1072 options->gss_client_identity = NULL;
1068 options->password_authentication = -1; 1073 options->password_authentication = -1;
1069 options->kbd_interactive_authentication = -1; 1074 options->kbd_interactive_authentication = -1;
1070 options->kbd_interactive_devices = NULL; 1075 options->kbd_interactive_devices = NULL;
@@ -1121,6 +1126,7 @@ initialize_options(Options * options)
1121 options->local_command = NULL; 1126 options->local_command = NULL;
1122 options->permit_local_command = -1; 1127 options->permit_local_command = -1;
1123 options->visual_host_key = -1; 1128 options->visual_host_key = -1;
1129 options->zero_knowledge_password_authentication = -1;
1124} 1130}
1125 1131
1126/* 1132/*
@@ -1161,6 +1167,8 @@ fill_default_options(Options * options)
1161 options->gss_deleg_creds = 0; 1167 options->gss_deleg_creds = 0;
1162 if (options->gss_trust_dns == -1) 1168 if (options->gss_trust_dns == -1)
1163 options->gss_trust_dns = 0; 1169 options->gss_trust_dns = 0;
1170 if (options->gss_renewal_rekey == -1)
1171 options->gss_renewal_rekey = 0;
1164 if (options->password_authentication == -1) 1172 if (options->password_authentication == -1)
1165 options->password_authentication = 1; 1173 options->password_authentication = 1;
1166 if (options->kbd_interactive_authentication == -1) 1174 if (options->kbd_interactive_authentication == -1)
@@ -1268,6 +1276,8 @@ fill_default_options(Options * options)
1268 options->permit_local_command = 0; 1276 options->permit_local_command = 0;
1269 if (options->visual_host_key == -1) 1277 if (options->visual_host_key == -1)
1270 options->visual_host_key = 0; 1278 options->visual_host_key = 0;
1279 if (options->zero_knowledge_password_authentication == -1)
1280 options->zero_knowledge_password_authentication = 0;
1271 /* options->local_command should not be set by default */ 1281 /* options->local_command should not be set by default */
1272 /* options->proxy_command should not be set by default */ 1282 /* options->proxy_command should not be set by default */
1273 /* options->user will be set in the main program if appropriate */ 1283 /* options->user will be set in the main program if appropriate */
@@ -1279,11 +1289,14 @@ fill_default_options(Options * options)
1279/* 1289/*
1280 * parse_forward 1290 * parse_forward
1281 * parses a string containing a port forwarding specification of the form: 1291 * parses a string containing a port forwarding specification of the form:
1292 * dynamicfwd == 0
1282 * [listenhost:]listenport:connecthost:connectport 1293 * [listenhost:]listenport:connecthost:connectport
1294 * dynamicfwd == 1
1295 * [listenhost:]listenport
1283 * returns number of arguments parsed or zero on error 1296 * returns number of arguments parsed or zero on error
1284 */ 1297 */
1285int 1298int
1286parse_forward(Forward *fwd, const char *fwdspec) 1299parse_forward(Forward *fwd, const char *fwdspec, int dynamicfwd, int remotefwd)
1287{ 1300{
1288 int i; 1301 int i;
1289 char *p, *cp, *fwdarg[4]; 1302 char *p, *cp, *fwdarg[4];
@@ -1300,11 +1313,23 @@ parse_forward(Forward *fwd, const char *fwdspec)
1300 if ((fwdarg[i] = hpdelim(&cp)) == NULL) 1313 if ((fwdarg[i] = hpdelim(&cp)) == NULL)
1301 break; 1314 break;
1302 1315
1303 /* Check for trailing garbage in 4-arg case*/ 1316 /* Check for trailing garbage */
1304 if (cp != NULL) 1317 if (cp != NULL)
1305 i = 0; /* failure */ 1318 i = 0; /* failure */
1306 1319
1307 switch (i) { 1320 switch (i) {
1321 case 1:
1322 fwd->listen_host = NULL;
1323 fwd->listen_port = a2port(fwdarg[0]);
1324 fwd->connect_host = xstrdup("socks");
1325 break;
1326
1327 case 2:
1328 fwd->listen_host = xstrdup(cleanhostname(fwdarg[0]));
1329 fwd->listen_port = a2port(fwdarg[1]);
1330 fwd->connect_host = xstrdup("socks");
1331 break;
1332
1308 case 3: 1333 case 3:
1309 fwd->listen_host = NULL; 1334 fwd->listen_host = NULL;
1310 fwd->listen_port = a2port(fwdarg[0]); 1335 fwd->listen_port = a2port(fwdarg[0]);
@@ -1324,12 +1349,26 @@ parse_forward(Forward *fwd, const char *fwdspec)
1324 1349
1325 xfree(p); 1350 xfree(p);
1326 1351
1327 if (fwd->listen_port == 0 || fwd->connect_port == 0) 1352 if (dynamicfwd) {
1353 if (!(i == 1 || i == 2))
1354 goto fail_free;
1355 } else {
1356 if (!(i == 3 || i == 4))
1357 goto fail_free;
1358 if (fwd->connect_port <= 0)
1359 goto fail_free;
1360 }
1361
1362 if (fwd->listen_port < 0 || (!remotefwd && fwd->listen_port == 0))
1328 goto fail_free; 1363 goto fail_free;
1329 1364
1330 if (fwd->connect_host != NULL && 1365 if (fwd->connect_host != NULL &&
1331 strlen(fwd->connect_host) >= NI_MAXHOST) 1366 strlen(fwd->connect_host) >= NI_MAXHOST)
1332 goto fail_free; 1367 goto fail_free;
1368 if (fwd->listen_host != NULL &&
1369 strlen(fwd->listen_host) >= NI_MAXHOST)
1370 goto fail_free;
1371
1333 1372
1334 return (i); 1373 return (i);
1335 1374
@@ -1340,7 +1379,7 @@ parse_forward(Forward *fwd, const char *fwdspec)
1340 } 1379 }
1341 if (fwd->listen_host != NULL) { 1380 if (fwd->listen_host != NULL) {
1342 xfree(fwd->listen_host); 1381 xfree(fwd->listen_host);
1343 fwd->connect_host = NULL; 1382 fwd->listen_host = NULL;
1344 } 1383 }
1345 return (0); 1384 return (0);
1346} 1385}
diff --git a/readconf.h b/readconf.h
index 42bfdf662..c3b2f96ee 100644
--- a/readconf.h
+++ b/readconf.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: readconf.h,v 1.74 2008/06/26 11:46:31 grunk Exp $ */ 1/* $OpenBSD: readconf.h,v 1.78 2009/02/12 03:00:56 djm Exp $ */
2 2
3/* 3/*
4 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -20,9 +20,9 @@
20 20
21typedef struct { 21typedef struct {
22 char *listen_host; /* Host (address) to listen on. */ 22 char *listen_host; /* Host (address) to listen on. */
23 u_short listen_port; /* Port to forward. */ 23 int listen_port; /* Port to forward. */
24 char *connect_host; /* Host to connect. */ 24 char *connect_host; /* Host to connect. */
25 u_short connect_port; /* Port to connect on connect_host. */ 25 int connect_port; /* Port to connect on connect_host. */
26} Forward; 26} Forward;
27/* Data structure for representing option data. */ 27/* Data structure for representing option data. */
28 28
@@ -44,13 +44,16 @@ typedef struct {
44 int challenge_response_authentication; 44 int challenge_response_authentication;
45 /* Try S/Key or TIS, authentication. */ 45 /* Try S/Key or TIS, authentication. */
46 int gss_authentication; /* Try GSS authentication */ 46 int gss_authentication; /* Try GSS authentication */
47 int gss_keyex; /* Try GSS key exchange */ 47 int gss_keyex; /* Try GSS key exchange */
48 int gss_deleg_creds; /* Delegate GSS credentials */ 48 int gss_deleg_creds; /* Delegate GSS credentials */
49 int gss_trust_dns; /* Trust DNS for GSS canonicalization */ 49 int gss_trust_dns; /* Trust DNS for GSS canonicalization */
50 int gss_renewal_rekey; /* Credential renewal forces rekey */
51 char *gss_client_identity; /* Principal to initiate GSSAPI with */
50 int password_authentication; /* Try password 52 int password_authentication; /* Try password
51 * authentication. */ 53 * authentication. */
52 int kbd_interactive_authentication; /* Try keyboard-interactive auth. */ 54 int kbd_interactive_authentication; /* Try keyboard-interactive auth. */
53 char *kbd_interactive_devices; /* Keyboard-interactive auth devices. */ 55 char *kbd_interactive_devices; /* Keyboard-interactive auth devices. */
56 int zero_knowledge_password_authentication; /* Try jpake */
54 int use_blacklisted_keys; /* If true, send */ 57 int use_blacklisted_keys; /* If true, send */
55 int batch_mode; /* Batch mode: do not ask for passwords. */ 58 int batch_mode; /* Batch mode: do not ask for passwords. */
56 int check_host_ip; /* Also keep track of keys for IP address */ 59 int check_host_ip; /* Also keep track of keys for IP address */
@@ -136,7 +139,7 @@ typedef struct {
136void initialize_options(Options *); 139void initialize_options(Options *);
137void fill_default_options(Options *); 140void fill_default_options(Options *);
138int read_config_file(const char *, const char *, Options *, int); 141int read_config_file(const char *, const char *, Options *, int);
139int parse_forward(Forward *, const char *); 142int parse_forward(Forward *, const char *, int, int);
140 143
141int 144int
142process_config_line(Options *, const char *, char *, const char *, int, int *); 145process_config_line(Options *, const char *, char *, const char *, int, int *);
diff --git a/regress/conch-ciphers.sh b/regress/conch-ciphers.sh
index 84b190618..5b65cd993 100644
--- a/regress/conch-ciphers.sh
+++ b/regress/conch-ciphers.sh
@@ -7,7 +7,8 @@ DATA=/bin/ls
7COPY=${OBJ}/copy 7COPY=${OBJ}/copy
8 8
9if test "x$REGRESS_INTEROP_CONCH" != "xyes" ; then 9if test "x$REGRESS_INTEROP_CONCH" != "xyes" ; then
10 fatal "conch interop tests not enabled" 10 echo "conch interop tests not enabled"
11 exit 0
11fi 12fi
12 13
13start_sshd 14start_sshd
diff --git a/regress/putty-ciphers.sh b/regress/putty-ciphers.sh
index 40435ef41..928ea60d2 100644
--- a/regress/putty-ciphers.sh
+++ b/regress/putty-ciphers.sh
@@ -1,4 +1,4 @@
1# $OpenBSD: putty-ciphers.sh,v 1.2 2008/06/30 10:31:11 djm Exp $ 1# $OpenBSD: putty-ciphers.sh,v 1.3 2008/11/10 02:06:35 djm Exp $
2# Placed in the Public Domain. 2# Placed in the Public Domain.
3 3
4tid="putty ciphers" 4tid="putty ciphers"
@@ -7,10 +7,11 @@ DATA=/bin/ls
7COPY=${OBJ}/copy 7COPY=${OBJ}/copy
8 8
9if test "x$REGRESS_INTEROP_PUTTY" != "xyes" ; then 9if test "x$REGRESS_INTEROP_PUTTY" != "xyes" ; then
10 fatal "putty interop tests not enabled" 10 echo "putty interop tests not enabled"
11 exit 0
11fi 12fi
12 13
13for c in aes blowfish 3des arcfour ; do 14for c in aes blowfish 3des arcfour aes128-ctr aes192-ctr aes256-ctr ; do
14 verbose "$tid: cipher $c" 15 verbose "$tid: cipher $c"
15 cp ${OBJ}/.putty/sessions/localhost_proxy \ 16 cp ${OBJ}/.putty/sessions/localhost_proxy \
16 ${OBJ}/.putty/sessions/cipher_$c 17 ${OBJ}/.putty/sessions/cipher_$c
diff --git a/regress/putty-kex.sh b/regress/putty-kex.sh
index 2534b8575..293885a8a 100644
--- a/regress/putty-kex.sh
+++ b/regress/putty-kex.sh
@@ -7,7 +7,8 @@ DATA=/bin/ls
7COPY=${OBJ}/copy 7COPY=${OBJ}/copy
8 8
9if test "x$REGRESS_INTEROP_PUTTY" != "xyes" ; then 9if test "x$REGRESS_INTEROP_PUTTY" != "xyes" ; then
10 fatal "putty interop tests not enabled" 10 echo "putty interop tests not enabled"
11 exit 0
11fi 12fi
12 13
13for k in dh-gex-sha1 dh-group1-sha1 dh-group14-sha1 ; do 14for k in dh-gex-sha1 dh-group1-sha1 dh-group14-sha1 ; do
diff --git a/regress/putty-transfer.sh b/regress/putty-transfer.sh
index 6b21f3be7..9e1e1550a 100644
--- a/regress/putty-transfer.sh
+++ b/regress/putty-transfer.sh
@@ -7,7 +7,8 @@ DATA=/bin/ls
7COPY=${OBJ}/copy 7COPY=${OBJ}/copy
8 8
9if test "x$REGRESS_INTEROP_PUTTY" != "xyes" ; then 9if test "x$REGRESS_INTEROP_PUTTY" != "xyes" ; then
10 fatal "putty interop tests not enabled" 10 echo "putty interop tests not enabled"
11 exit 0
11fi 12fi
12 13
13# XXX support protocol 1 too 14# XXX support protocol 1 too
diff --git a/scard/.cvsignore b/scard/.cvsignore
deleted file mode 100644
index 5349d34ae..000000000
--- a/scard/.cvsignore
+++ /dev/null
@@ -1,2 +0,0 @@
1Makefile
2Ssh.bin
diff --git a/schnorr.c b/schnorr.c
new file mode 100644
index 000000000..546975072
--- /dev/null
+++ b/schnorr.c
@@ -0,0 +1,409 @@
1/* $OpenBSD: schnorr.c,v 1.2 2009/02/18 04:31:21 djm Exp $ */
2/*
3 * Copyright (c) 2008 Damien Miller. All rights reserved.
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18/*
19 * Implementation of Schnorr signatures / zero-knowledge proofs, based on
20 * description in:
21 *
22 * F. Hao, P. Ryan, "Password Authenticated Key Exchange by Juggling",
23 * 16th Workshop on Security Protocols, Cambridge, April 2008
24 *
25 * http://grouper.ieee.org/groups/1363/Research/contributions/hao-ryan-2008.pdf
26 */
27
28#include "includes.h"
29
30#include <sys/types.h>
31
32#include <string.h>
33#include <stdarg.h>
34#include <stdio.h>
35
36#include <openssl/evp.h>
37#include <openssl/bn.h>
38
39#include "xmalloc.h"
40#include "buffer.h"
41#include "log.h"
42
43#include "jpake.h"
44
45/* #define SCHNORR_DEBUG */ /* Privacy-violating debugging */
46/* #define SCHNORR_MAIN */ /* Include main() selftest */
47
48/* XXX */
49/* Parametise signature hash? (sha256, sha1, etc.) */
50/* Signature format - include type name, hash type, group params? */
51
52#ifndef SCHNORR_DEBUG
53# define SCHNORR_DEBUG_BN(a)
54# define SCHNORR_DEBUG_BUF(a)
55#else
56# define SCHNORR_DEBUG_BN(a) jpake_debug3_bn a
57# define SCHNORR_DEBUG_BUF(a) jpake_debug3_buf a
58#endif /* SCHNORR_DEBUG */
59
60/*
61 * Calculate hash component of Schnorr signature H(g || g^v || g^x || id)
62 * using SHA1. Returns signature as bignum or NULL on error.
63 */
64static BIGNUM *
65schnorr_hash(const BIGNUM *p, const BIGNUM *q, const BIGNUM *g,
66 const BIGNUM *g_v, const BIGNUM *g_x,
67 const u_char *id, u_int idlen)
68{
69 u_char *digest;
70 u_int digest_len;
71 BIGNUM *h;
72 EVP_MD_CTX evp_md_ctx;
73 Buffer b;
74 int success = -1;
75
76 if ((h = BN_new()) == NULL) {
77 error("%s: BN_new", __func__);
78 return NULL;
79 }
80
81 buffer_init(&b);
82 EVP_MD_CTX_init(&evp_md_ctx);
83
84 /* h = H(g || p || q || g^v || g^x || id) */
85 buffer_put_bignum2(&b, g);
86 buffer_put_bignum2(&b, p);
87 buffer_put_bignum2(&b, q);
88 buffer_put_bignum2(&b, g_v);
89 buffer_put_bignum2(&b, g_x);
90 buffer_put_string(&b, id, idlen);
91
92 SCHNORR_DEBUG_BUF((buffer_ptr(&b), buffer_len(&b),
93 "%s: hashblob", __func__));
94 if (hash_buffer(buffer_ptr(&b), buffer_len(&b), EVP_sha256(),
95 &digest, &digest_len) != 0) {
96 error("%s: hash_buffer", __func__);
97 goto out;
98 }
99 if (BN_bin2bn(digest, (int)digest_len, h) == NULL) {
100 error("%s: BN_bin2bn", __func__);
101 goto out;
102 }
103 success = 0;
104 SCHNORR_DEBUG_BN((h, "%s: h = ", __func__));
105 out:
106 buffer_free(&b);
107 EVP_MD_CTX_cleanup(&evp_md_ctx);
108 bzero(digest, digest_len);
109 xfree(digest);
110 digest_len = 0;
111 if (success == 0)
112 return h;
113 BN_clear_free(h);
114 return NULL;
115}
116
117/*
118 * Generate Schnorr signature to prove knowledge of private value 'x' used
119 * in public exponent g^x, under group defined by 'grp_p', 'grp_q' and 'grp_g'
120 * 'idlen' bytes from 'id' will be included in the signature hash as an anti-
121 * replay salt.
122 * On success, 0 is returned and *siglen bytes of signature are returned in
123 * *sig (caller to free). Returns -1 on failure.
124 */
125int
126schnorr_sign(const BIGNUM *grp_p, const BIGNUM *grp_q, const BIGNUM *grp_g,
127 const BIGNUM *x, const BIGNUM *g_x, const u_char *id, u_int idlen,
128 u_char **sig, u_int *siglen)
129{
130 int success = -1;
131 Buffer b;
132 BIGNUM *h, *tmp, *v, *g_v, *r;
133 BN_CTX *bn_ctx;
134
135 SCHNORR_DEBUG_BN((x, "%s: x = ", __func__));
136 SCHNORR_DEBUG_BN((g_x, "%s: g_x = ", __func__));
137
138 /* Avoid degenerate cases: g^0 yields a spoofable signature */
139 if (BN_cmp(g_x, BN_value_one()) <= 0) {
140 error("%s: g_x < 1", __func__);
141 return -1;
142 }
143
144 h = g_v = r = tmp = v = NULL;
145 if ((bn_ctx = BN_CTX_new()) == NULL) {
146 error("%s: BN_CTX_new", __func__);
147 goto out;
148 }
149 if ((g_v = BN_new()) == NULL ||
150 (r = BN_new()) == NULL ||
151 (tmp = BN_new()) == NULL) {
152 error("%s: BN_new", __func__);
153 goto out;
154 }
155
156 /*
157 * v must be a random element of Zq, so 1 <= v < q
158 * we also exclude v = 1, since g^1 looks dangerous
159 */
160 if ((v = bn_rand_range_gt_one(grp_p)) == NULL) {
161 error("%s: bn_rand_range2", __func__);
162 goto out;
163 }
164 SCHNORR_DEBUG_BN((v, "%s: v = ", __func__));
165
166 /* g_v = g^v mod p */
167 if (BN_mod_exp(g_v, grp_g, v, grp_p, bn_ctx) == -1) {
168 error("%s: BN_mod_exp (g^v mod p)", __func__);
169 goto out;
170 }
171 SCHNORR_DEBUG_BN((g_v, "%s: g_v = ", __func__));
172
173 /* h = H(g || g^v || g^x || id) */
174 if ((h = schnorr_hash(grp_p, grp_q, grp_g, g_v, g_x,
175 id, idlen)) == NULL) {
176 error("%s: schnorr_hash failed", __func__);
177 goto out;
178 }
179
180 /* r = v - xh mod q */
181 if (BN_mod_mul(tmp, x, h, grp_q, bn_ctx) == -1) {
182 error("%s: BN_mod_mul (tmp = xv mod q)", __func__);
183 goto out;
184 }
185 if (BN_mod_sub(r, v, tmp, grp_q, bn_ctx) == -1) {
186 error("%s: BN_mod_mul (r = v - tmp)", __func__);
187 goto out;
188 }
189 SCHNORR_DEBUG_BN((r, "%s: r = ", __func__));
190
191 /* Signature is (g_v, r) */
192 buffer_init(&b);
193 /* XXX sigtype-hash as string? */
194 buffer_put_bignum2(&b, g_v);
195 buffer_put_bignum2(&b, r);
196 *siglen = buffer_len(&b);
197 *sig = xmalloc(*siglen);
198 memcpy(*sig, buffer_ptr(&b), *siglen);
199 SCHNORR_DEBUG_BUF((buffer_ptr(&b), buffer_len(&b),
200 "%s: sigblob", __func__));
201 buffer_free(&b);
202 success = 0;
203 out:
204 BN_CTX_free(bn_ctx);
205 if (h != NULL)
206 BN_clear_free(h);
207 if (v != NULL)
208 BN_clear_free(v);
209 BN_clear_free(r);
210 BN_clear_free(g_v);
211 BN_clear_free(tmp);
212
213 return success;
214}
215
216/*
217 * Verify Schnorr signature 'sig' of length 'siglen' against public exponent
218 * g_x (g^x) under group defined by 'grp_p', 'grp_q' and 'grp_g'.
219 * Signature hash will be salted with 'idlen' bytes from 'id'.
220 * Returns -1 on failure, 0 on incorrect signature or 1 on matching signature.
221 */
222int
223schnorr_verify(const BIGNUM *grp_p, const BIGNUM *grp_q, const BIGNUM *grp_g,
224 const BIGNUM *g_x, const u_char *id, u_int idlen,
225 const u_char *sig, u_int siglen)
226{
227 int success = -1;
228 Buffer b;
229 BIGNUM *g_v, *h, *r, *g_xh, *g_r, *expected;
230 BN_CTX *bn_ctx;
231 u_int rlen;
232
233 SCHNORR_DEBUG_BN((g_x, "%s: g_x = ", __func__));
234
235 /* Avoid degenerate cases: g^0 yields a spoofable signature */
236 if (BN_cmp(g_x, BN_value_one()) <= 0) {
237 error("%s: g_x < 1", __func__);
238 return -1;
239 }
240
241 g_v = h = r = g_xh = g_r = expected = NULL;
242 if ((bn_ctx = BN_CTX_new()) == NULL) {
243 error("%s: BN_CTX_new", __func__);
244 goto out;
245 }
246 if ((g_v = BN_new()) == NULL ||
247 (r = BN_new()) == NULL ||
248 (g_xh = BN_new()) == NULL ||
249 (g_r = BN_new()) == NULL ||
250 (expected = BN_new()) == NULL) {
251 error("%s: BN_new", __func__);
252 goto out;
253 }
254
255 /* Extract g^v and r from signature blob */
256 buffer_init(&b);
257 buffer_append(&b, sig, siglen);
258 SCHNORR_DEBUG_BUF((buffer_ptr(&b), buffer_len(&b),
259 "%s: sigblob", __func__));
260 buffer_get_bignum2(&b, g_v);
261 buffer_get_bignum2(&b, r);
262 rlen = buffer_len(&b);
263 buffer_free(&b);
264 if (rlen != 0) {
265 error("%s: remaining bytes in signature %d", __func__, rlen);
266 goto out;
267 }
268 buffer_free(&b);
269 SCHNORR_DEBUG_BN((g_v, "%s: g_v = ", __func__));
270 SCHNORR_DEBUG_BN((r, "%s: r = ", __func__));
271
272 /* h = H(g || g^v || g^x || id) */
273 if ((h = schnorr_hash(grp_p, grp_q, grp_g, g_v, g_x,
274 id, idlen)) == NULL) {
275 error("%s: schnorr_hash failed", __func__);
276 goto out;
277 }
278
279 /* g_xh = (g^x)^h */
280 if (BN_mod_exp(g_xh, g_x, h, grp_p, bn_ctx) == -1) {
281 error("%s: BN_mod_exp (g_x^h mod p)", __func__);
282 goto out;
283 }
284 SCHNORR_DEBUG_BN((g_xh, "%s: g_xh = ", __func__));
285
286 /* g_r = g^r */
287 if (BN_mod_exp(g_r, grp_g, r, grp_p, bn_ctx) == -1) {
288 error("%s: BN_mod_exp (g_x^h mod p)", __func__);
289 goto out;
290 }
291 SCHNORR_DEBUG_BN((g_r, "%s: g_r = ", __func__));
292
293 /* expected = g^r * g_xh */
294 if (BN_mod_mul(expected, g_r, g_xh, grp_p, bn_ctx) == -1) {
295 error("%s: BN_mod_mul (expected = g_r mod p)", __func__);
296 goto out;
297 }
298 SCHNORR_DEBUG_BN((expected, "%s: expected = ", __func__));
299
300 /* Check g_v == expected */
301 success = BN_cmp(expected, g_v) == 0;
302 out:
303 BN_CTX_free(bn_ctx);
304 if (h != NULL)
305 BN_clear_free(h);
306 BN_clear_free(g_v);
307 BN_clear_free(r);
308 BN_clear_free(g_xh);
309 BN_clear_free(g_r);
310 BN_clear_free(expected);
311 return success;
312}
313
314#ifdef SCHNORR_MAIN
315static void
316schnorr_selftest_one(const BIGNUM *grp_p, const BIGNUM *grp_q,
317 const BIGNUM *grp_g, const BIGNUM *x)
318{
319 BIGNUM *g_x;
320 u_char *sig;
321 u_int siglen;
322 BN_CTX *bn_ctx;
323
324 if ((bn_ctx = BN_CTX_new()) == NULL)
325 fatal("%s: BN_CTX_new", __func__);
326 if ((g_x = BN_new()) == NULL)
327 fatal("%s: BN_new", __func__);
328
329 if (BN_mod_exp(g_x, grp_g, x, grp_p, bn_ctx) == -1)
330 fatal("%s: g_x", __func__);
331 if (schnorr_sign(grp_p, grp_q, grp_g, x, g_x, "junk", 4, &sig, &siglen))
332 fatal("%s: schnorr_sign", __func__);
333 if (schnorr_verify(grp_p, grp_q, grp_g, g_x, "junk", 4,
334 sig, siglen) != 1)
335 fatal("%s: verify fail", __func__);
336 if (schnorr_verify(grp_p, grp_q, grp_g, g_x, "JUNK", 4,
337 sig, siglen) != 0)
338 fatal("%s: verify should have failed (bad ID)", __func__);
339 sig[4] ^= 1;
340 if (schnorr_verify(grp_p, grp_q, grp_g, g_x, "junk", 4,
341 sig, siglen) != 0)
342 fatal("%s: verify should have failed (bit error)", __func__);
343 xfree(sig);
344 BN_free(g_x);
345 BN_CTX_free(bn_ctx);
346}
347
348static void
349schnorr_selftest(void)
350{
351 BIGNUM *x;
352 struct jpake_group *grp;
353 u_int i;
354 char *hh;
355
356 grp = jpake_default_group();
357 if ((x = BN_new()) == NULL)
358 fatal("%s: BN_new", __func__);
359 SCHNORR_DEBUG_BN((grp->p, "%s: grp->p = ", __func__));
360 SCHNORR_DEBUG_BN((grp->q, "%s: grp->q = ", __func__));
361 SCHNORR_DEBUG_BN((grp->g, "%s: grp->g = ", __func__));
362
363 /* [1, 20) */
364 for (i = 1; i < 20; i++) {
365 printf("x = %u\n", i);
366 fflush(stdout);
367 if (BN_set_word(x, i) != 1)
368 fatal("%s: set x word", __func__);
369 schnorr_selftest_one(grp->p, grp->q, grp->g, x);
370 }
371
372 /* 100 x random [0, p) */
373 for (i = 0; i < 100; i++) {
374 if (BN_rand_range(x, grp->p) != 1)
375 fatal("%s: BN_rand_range", __func__);
376 hh = BN_bn2hex(x);
377 printf("x = (random) 0x%s\n", hh);
378 free(hh);
379 fflush(stdout);
380 schnorr_selftest_one(grp->p, grp->q, grp->g, x);
381 }
382
383 /* [q-20, q) */
384 if (BN_set_word(x, 20) != 1)
385 fatal("%s: BN_set_word (x = 20)", __func__);
386 if (BN_sub(x, grp->q, x) != 1)
387 fatal("%s: BN_sub (q - x)", __func__);
388 for (i = 0; i < 19; i++) {
389 hh = BN_bn2hex(x);
390 printf("x = (q - %d) 0x%s\n", 20 - i, hh);
391 free(hh);
392 fflush(stdout);
393 schnorr_selftest_one(grp->p, grp->q, grp->g, x);
394 if (BN_add(x, x, BN_value_one()) != 1)
395 fatal("%s: BN_add (x + 1)", __func__);
396 }
397 BN_free(x);
398}
399
400int
401main(int argc, char **argv)
402{
403 log_init(argv[0], SYSLOG_LEVEL_DEBUG3, SYSLOG_FACILITY_USER, 1);
404
405 schnorr_selftest();
406 return 0;
407}
408#endif
409
diff --git a/scp.0 b/scp.0
index b6b9d919c..26b3fc728 100644
--- a/scp.0
+++ b/scp.0
@@ -145,4 +145,4 @@ AUTHORS
145 Timo Rinne <tri@iki.fi> 145 Timo Rinne <tri@iki.fi>
146 Tatu Ylonen <ylo@cs.hut.fi> 146 Tatu Ylonen <ylo@cs.hut.fi>
147 147
148OpenBSD 4.4 July 12, 2008 3 148OpenBSD 4.5 July 12, 2008 3
diff --git a/scp.c b/scp.c
index e2eee035d..3b7ca5a8d 100644
--- a/scp.c
+++ b/scp.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: scp.c,v 1.163 2008/06/13 18:55:22 dtucker Exp $ */ 1/* $OpenBSD: scp.c,v 1.164 2008/10/10 04:55:16 stevesk Exp $ */
2/* 2/*
3 * scp - secure remote copy. This is basically patched BSD rcp which 3 * scp - secure remote copy. This is basically patched BSD rcp which
4 * uses ssh to do the data transfer (instead of using rcmd). 4 * uses ssh to do the data transfer (instead of using rcmd).
@@ -442,7 +442,7 @@ main(int argc, char **argv)
442 } 442 }
443 /* 443 /*
444 * Finally check the exit status of the ssh process, if one was forked 444 * Finally check the exit status of the ssh process, if one was forked
445 * and no error has occured yet 445 * and no error has occurred yet
446 */ 446 */
447 if (do_cmd_pid != -1 && errs == 0) { 447 if (do_cmd_pid != -1 && errs == 0) {
448 if (remin != -1) 448 if (remin != -1)
diff --git a/servconf.c b/servconf.c
index 66ce39026..c1f2bc2af 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: servconf.c,v 1.186 2008/07/04 03:44:59 djm Exp $ */ 1/* $OpenBSD: servconf.c,v 1.194 2009/01/22 10:02:34 djm Exp $ */
2/* 2/*
3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4 * All rights reserved 4 * All rights reserved
@@ -42,8 +42,8 @@
42#include "channels.h" 42#include "channels.h"
43#include "groupaccess.h" 43#include "groupaccess.h"
44 44
45static void add_listen_addr(ServerOptions *, char *, u_short); 45static void add_listen_addr(ServerOptions *, char *, int);
46static void add_one_listen_addr(ServerOptions *, char *, u_short); 46static void add_one_listen_addr(ServerOptions *, char *, int);
47 47
48/* Use of privilege separation or not */ 48/* Use of privilege separation or not */
49extern int use_privsep; 49extern int use_privsep;
@@ -95,6 +95,7 @@ initialize_server_options(ServerOptions *options)
95 options->gss_keyex = -1; 95 options->gss_keyex = -1;
96 options->gss_cleanup_creds = -1; 96 options->gss_cleanup_creds = -1;
97 options->gss_strict_acceptor = -1; 97 options->gss_strict_acceptor = -1;
98 options->gss_store_rekey = -1;
98 options->password_authentication = -1; 99 options->password_authentication = -1;
99 options->kbd_interactive_authentication = -1; 100 options->kbd_interactive_authentication = -1;
100 options->challenge_response_authentication = -1; 101 options->challenge_response_authentication = -1;
@@ -130,6 +131,7 @@ initialize_server_options(ServerOptions *options)
130 options->num_permitted_opens = -1; 131 options->num_permitted_opens = -1;
131 options->adm_forced_command = NULL; 132 options->adm_forced_command = NULL;
132 options->chroot_directory = NULL; 133 options->chroot_directory = NULL;
134 options->zero_knowledge_password_authentication = -1;
133} 135}
134 136
135void 137void
@@ -218,6 +220,8 @@ fill_default_server_options(ServerOptions *options)
218 options->gss_cleanup_creds = 1; 220 options->gss_cleanup_creds = 1;
219 if (options->gss_strict_acceptor == -1) 221 if (options->gss_strict_acceptor == -1)
220 options->gss_strict_acceptor = 1; 222 options->gss_strict_acceptor = 1;
223 if (options->gss_store_rekey == -1)
224 options->gss_store_rekey = 0;
221 if (options->password_authentication == -1) 225 if (options->password_authentication == -1)
222 options->password_authentication = 1; 226 options->password_authentication = 1;
223 if (options->kbd_interactive_authentication == -1) 227 if (options->kbd_interactive_authentication == -1)
@@ -267,6 +271,8 @@ fill_default_server_options(ServerOptions *options)
267 options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS; 271 options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS;
268 if (options->permit_tun == -1) 272 if (options->permit_tun == -1)
269 options->permit_tun = SSH_TUNMODE_NO; 273 options->permit_tun = SSH_TUNMODE_NO;
274 if (options->zero_knowledge_password_authentication == -1)
275 options->zero_knowledge_password_authentication = 0;
270 276
271 /* Turn privilege separation on by default */ 277 /* Turn privilege separation on by default */
272 if (use_privsep == -1) 278 if (use_privsep == -1)
@@ -309,10 +315,11 @@ typedef enum {
309 sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, 315 sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
310 sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, 316 sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
311 sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor, 317 sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor,
312 sGssKeyEx, 318 sGssKeyEx, sGssStoreRekey,
313 sAcceptEnv, sPermitTunnel, 319 sAcceptEnv, sPermitTunnel,
314 sMatch, sPermitOpen, sForceCommand, sChrootDirectory, 320 sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
315 sUsePrivilegeSeparation, sAllowAgentForwarding, 321 sUsePrivilegeSeparation, sAllowAgentForwarding,
322 sZeroKnowledgePasswordAuthentication,
316 sDeprecated, sUnsupported 323 sDeprecated, sUnsupported
317} ServerOpCodes; 324} ServerOpCodes;
318 325
@@ -374,12 +381,14 @@ static struct {
374 { "gssapicleanupcreds", sGssCleanupCreds, SSHCFG_GLOBAL }, 381 { "gssapicleanupcreds", sGssCleanupCreds, SSHCFG_GLOBAL },
375 { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL }, 382 { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL },
376 { "gssapikeyexchange", sGssKeyEx, SSHCFG_GLOBAL }, 383 { "gssapikeyexchange", sGssKeyEx, SSHCFG_GLOBAL },
384 { "gssapistorecredentialsonrekey", sGssStoreRekey, SSHCFG_GLOBAL },
377#else 385#else
378 { "gssapiauthentication", sUnsupported, SSHCFG_ALL }, 386 { "gssapiauthentication", sUnsupported, SSHCFG_ALL },
379 { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL }, 387 { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL },
380 { "gssapicleanupcreds", sUnsupported, SSHCFG_GLOBAL }, 388 { "gssapicleanupcreds", sUnsupported, SSHCFG_GLOBAL },
381 { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL }, 389 { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL },
382 { "gssapikeyexchange", sUnsupported, SSHCFG_GLOBAL }, 390 { "gssapikeyexchange", sUnsupported, SSHCFG_GLOBAL },
391 { "gssapistorecredentialsonrekey", sUnsupported, SSHCFG_GLOBAL },
383#endif 392#endif
384 { "gssusesessionccache", sUnsupported, SSHCFG_GLOBAL }, 393 { "gssusesessionccache", sUnsupported, SSHCFG_GLOBAL },
385 { "gssapiusesessioncredcache", sUnsupported, SSHCFG_GLOBAL }, 394 { "gssapiusesessioncredcache", sUnsupported, SSHCFG_GLOBAL },
@@ -387,6 +396,11 @@ static struct {
387 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, 396 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL },
388 { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, 397 { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL },
389 { "skeyauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, /* alias */ 398 { "skeyauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, /* alias */
399#ifdef JPAKE
400 { "zeroknowledgepasswordauthentication", sZeroKnowledgePasswordAuthentication, SSHCFG_ALL },
401#else
402 { "zeroknowledgepasswordauthentication", sUnsupported, SSHCFG_ALL },
403#endif
390 { "checkmail", sDeprecated, SSHCFG_GLOBAL }, 404 { "checkmail", sDeprecated, SSHCFG_GLOBAL },
391 { "listenaddress", sListenAddress, SSHCFG_GLOBAL }, 405 { "listenaddress", sListenAddress, SSHCFG_GLOBAL },
392 { "addressfamily", sAddressFamily, SSHCFG_GLOBAL }, 406 { "addressfamily", sAddressFamily, SSHCFG_GLOBAL },
@@ -400,7 +414,7 @@ static struct {
400 { "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL }, 414 { "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL },
401 { "strictmodes", sStrictModes, SSHCFG_GLOBAL }, 415 { "strictmodes", sStrictModes, SSHCFG_GLOBAL },
402 { "permitblacklistedkeys", sPermitBlacklistedKeys, SSHCFG_GLOBAL }, 416 { "permitblacklistedkeys", sPermitBlacklistedKeys, SSHCFG_GLOBAL },
403 { "permitemptypasswords", sEmptyPasswd, SSHCFG_GLOBAL }, 417 { "permitemptypasswords", sEmptyPasswd, SSHCFG_ALL },
404 { "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL }, 418 { "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL },
405 { "uselogin", sUseLogin, SSHCFG_GLOBAL }, 419 { "uselogin", sUseLogin, SSHCFG_GLOBAL },
406 { "compression", sCompression, SSHCFG_GLOBAL }, 420 { "compression", sCompression, SSHCFG_GLOBAL },
@@ -471,7 +485,7 @@ parse_token(const char *cp, const char *filename,
471} 485}
472 486
473static void 487static void
474add_listen_addr(ServerOptions *options, char *addr, u_short port) 488add_listen_addr(ServerOptions *options, char *addr, int port)
475{ 489{
476 u_int i; 490 u_int i;
477 491
@@ -487,7 +501,7 @@ add_listen_addr(ServerOptions *options, char *addr, u_short port)
487} 501}
488 502
489static void 503static void
490add_one_listen_addr(ServerOptions *options, char *addr, u_short port) 504add_one_listen_addr(ServerOptions *options, char *addr, int port)
491{ 505{
492 struct addrinfo hints, *ai, *aitop; 506 struct addrinfo hints, *ai, *aitop;
493 char strport[NI_MAXSERV]; 507 char strport[NI_MAXSERV];
@@ -497,7 +511,7 @@ add_one_listen_addr(ServerOptions *options, char *addr, u_short port)
497 hints.ai_family = options->address_family; 511 hints.ai_family = options->address_family;
498 hints.ai_socktype = SOCK_STREAM; 512 hints.ai_socktype = SOCK_STREAM;
499 hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0; 513 hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
500 snprintf(strport, sizeof strport, "%u", port); 514 snprintf(strport, sizeof strport, "%d", port);
501 if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0) 515 if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0)
502 fatal("bad addr or host: %s (%s)", 516 fatal("bad addr or host: %s (%s)",
503 addr ? addr : "<NULL>", 517 addr ? addr : "<NULL>",
@@ -653,7 +667,7 @@ process_server_config_line(ServerOptions *options, char *line,
653 SyslogFacility *log_facility_ptr; 667 SyslogFacility *log_facility_ptr;
654 LogLevel *log_level_ptr; 668 LogLevel *log_level_ptr;
655 ServerOpCodes opcode; 669 ServerOpCodes opcode;
656 u_short port; 670 int port;
657 u_int i, flags = 0; 671 u_int i, flags = 0;
658 size_t len; 672 size_t len;
659 673
@@ -710,7 +724,7 @@ process_server_config_line(ServerOptions *options, char *line,
710 fatal("%s line %d: missing port number.", 724 fatal("%s line %d: missing port number.",
711 filename, linenum); 725 filename, linenum);
712 options->ports[options->num_ports++] = a2port(arg); 726 options->ports[options->num_ports++] = a2port(arg);
713 if (options->ports[options->num_ports-1] == 0) 727 if (options->ports[options->num_ports-1] <= 0)
714 fatal("%s line %d: Badly formatted port number.", 728 fatal("%s line %d: Badly formatted port number.",
715 filename, linenum); 729 filename, linenum);
716 break; 730 break;
@@ -763,7 +777,7 @@ process_server_config_line(ServerOptions *options, char *line,
763 p = cleanhostname(p); 777 p = cleanhostname(p);
764 if (arg == NULL) 778 if (arg == NULL)
765 port = 0; 779 port = 0;
766 else if ((port = a2port(arg)) == 0) 780 else if ((port = a2port(arg)) <= 0)
767 fatal("%s line %d: bad port number", filename, linenum); 781 fatal("%s line %d: bad port number", filename, linenum);
768 782
769 add_listen_addr(options, p, port); 783 add_listen_addr(options, p, port);
@@ -914,10 +928,18 @@ process_server_config_line(ServerOptions *options, char *line,
914 intptr = &options->gss_strict_acceptor; 928 intptr = &options->gss_strict_acceptor;
915 goto parse_flag; 929 goto parse_flag;
916 930
931 case sGssStoreRekey:
932 intptr = &options->gss_store_rekey;
933 goto parse_flag;
934
917 case sPasswordAuthentication: 935 case sPasswordAuthentication:
918 intptr = &options->password_authentication; 936 intptr = &options->password_authentication;
919 goto parse_flag; 937 goto parse_flag;
920 938
939 case sZeroKnowledgePasswordAuthentication:
940 intptr = &options->zero_knowledge_password_authentication;
941 goto parse_flag;
942
921 case sKbdInteractiveAuthentication: 943 case sKbdInteractiveAuthentication:
922 intptr = &options->kbd_interactive_authentication; 944 intptr = &options->kbd_interactive_authentication;
923 goto parse_flag; 945 goto parse_flag;
@@ -1284,7 +1306,7 @@ process_server_config_line(ServerOptions *options, char *line,
1284 fatal("%s line %d: missing host in PermitOpen", 1306 fatal("%s line %d: missing host in PermitOpen",
1285 filename, linenum); 1307 filename, linenum);
1286 p = cleanhostname(p); 1308 p = cleanhostname(p);
1287 if (arg == NULL || (port = a2port(arg)) == 0) 1309 if (arg == NULL || (port = a2port(arg)) <= 0)
1288 fatal("%s line %d: bad port number in " 1310 fatal("%s line %d: bad port number in "
1289 "PermitOpen", filename, linenum); 1311 "PermitOpen", filename, linenum);
1290 if (*activep && n == -1) 1312 if (*activep && n == -1)
@@ -1409,7 +1431,9 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth)
1409 M_CP_INTOPT(kerberos_authentication); 1431 M_CP_INTOPT(kerberos_authentication);
1410 M_CP_INTOPT(hostbased_authentication); 1432 M_CP_INTOPT(hostbased_authentication);
1411 M_CP_INTOPT(kbd_interactive_authentication); 1433 M_CP_INTOPT(kbd_interactive_authentication);
1434 M_CP_INTOPT(zero_knowledge_password_authentication);
1412 M_CP_INTOPT(permit_root_login); 1435 M_CP_INTOPT(permit_root_login);
1436 M_CP_INTOPT(permit_empty_passwd);
1413 1437
1414 M_CP_INTOPT(allow_tcp_forwarding); 1438 M_CP_INTOPT(allow_tcp_forwarding);
1415 M_CP_INTOPT(allow_agent_forwarding); 1439 M_CP_INTOPT(allow_agent_forwarding);
@@ -1471,7 +1495,7 @@ fmt_intarg(ServerOpCodes code, int val)
1471 if (code == sPermitRootLogin) { 1495 if (code == sPermitRootLogin) {
1472 switch (val) { 1496 switch (val) {
1473 case PERMIT_NO_PASSWD: 1497 case PERMIT_NO_PASSWD:
1474 return "without-passord"; 1498 return "without-password";
1475 case PERMIT_FORCED_ONLY: 1499 case PERMIT_FORCED_ONLY:
1476 return "forced-commands-only"; 1500 return "forced-commands-only";
1477 case PERMIT_YES: 1501 case PERMIT_YES:
@@ -1576,11 +1600,15 @@ dump_config(ServerOptions *o)
1576 } 1600 }
1577 1601
1578 /* integer arguments */ 1602 /* integer arguments */
1603#ifdef USE_PAM
1604 dump_cfg_int(sUsePAM, o->use_pam);
1605#endif
1579 dump_cfg_int(sServerKeyBits, o->server_key_bits); 1606 dump_cfg_int(sServerKeyBits, o->server_key_bits);
1580 dump_cfg_int(sLoginGraceTime, o->login_grace_time); 1607 dump_cfg_int(sLoginGraceTime, o->login_grace_time);
1581 dump_cfg_int(sKeyRegenerationTime, o->key_regeneration_time); 1608 dump_cfg_int(sKeyRegenerationTime, o->key_regeneration_time);
1582 dump_cfg_int(sX11DisplayOffset, o->x11_display_offset); 1609 dump_cfg_int(sX11DisplayOffset, o->x11_display_offset);
1583 dump_cfg_int(sMaxAuthTries, o->max_authtries); 1610 dump_cfg_int(sMaxAuthTries, o->max_authtries);
1611 dump_cfg_int(sMaxSessions, o->max_sessions);
1584 dump_cfg_int(sClientAliveInterval, o->client_alive_interval); 1612 dump_cfg_int(sClientAliveInterval, o->client_alive_interval);
1585 dump_cfg_int(sClientAliveCountMax, o->client_alive_count_max); 1613 dump_cfg_int(sClientAliveCountMax, o->client_alive_count_max);
1586 1614
@@ -1594,14 +1622,24 @@ dump_config(ServerOptions *o)
1594 o->hostbased_uses_name_from_packet_only); 1622 o->hostbased_uses_name_from_packet_only);
1595 dump_cfg_fmtint(sRSAAuthentication, o->rsa_authentication); 1623 dump_cfg_fmtint(sRSAAuthentication, o->rsa_authentication);
1596 dump_cfg_fmtint(sPubkeyAuthentication, o->pubkey_authentication); 1624 dump_cfg_fmtint(sPubkeyAuthentication, o->pubkey_authentication);
1625#ifdef KRB5
1597 dump_cfg_fmtint(sKerberosAuthentication, o->kerberos_authentication); 1626 dump_cfg_fmtint(sKerberosAuthentication, o->kerberos_authentication);
1598 dump_cfg_fmtint(sKerberosOrLocalPasswd, o->kerberos_or_local_passwd); 1627 dump_cfg_fmtint(sKerberosOrLocalPasswd, o->kerberos_or_local_passwd);
1599 dump_cfg_fmtint(sKerberosTicketCleanup, o->kerberos_ticket_cleanup); 1628 dump_cfg_fmtint(sKerberosTicketCleanup, o->kerberos_ticket_cleanup);
1629# ifdef USE_AFS
1600 dump_cfg_fmtint(sKerberosGetAFSToken, o->kerberos_get_afs_token); 1630 dump_cfg_fmtint(sKerberosGetAFSToken, o->kerberos_get_afs_token);
1631# endif
1632#endif
1633#ifdef GSSAPI
1601 dump_cfg_fmtint(sGssAuthentication, o->gss_authentication); 1634 dump_cfg_fmtint(sGssAuthentication, o->gss_authentication);
1602 dump_cfg_fmtint(sGssKeyEx, o->gss_keyex); 1635 dump_cfg_fmtint(sGssKeyEx, o->gss_keyex);
1603 dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds); 1636 dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds);
1604 dump_cfg_fmtint(sGssStrictAcceptor, o->gss_strict_acceptor); 1637 dump_cfg_fmtint(sGssStrictAcceptor, o->gss_strict_acceptor);
1638#endif
1639#ifdef JPAKE
1640 dump_cfg_fmtint(sZeroKnowledgePasswordAuthentication,
1641 o->zero_knowledge_password_authentication);
1642#endif
1605 dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication); 1643 dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication);
1606 dump_cfg_fmtint(sKbdInteractiveAuthentication, 1644 dump_cfg_fmtint(sKbdInteractiveAuthentication,
1607 o->kbd_interactive_authentication); 1645 o->kbd_interactive_authentication);
@@ -1661,7 +1699,5 @@ dump_config(ServerOptions *o)
1661 } 1699 }
1662 dump_cfg_string(sPermitTunnel, s); 1700 dump_cfg_string(sPermitTunnel, s);
1663 1701
1664 printf("permitopen");
1665 channel_print_adm_permitted_opens(); 1702 channel_print_adm_permitted_opens();
1666 printf("\n");
1667} 1703}
diff --git a/servconf.h b/servconf.h
index cb91b7629..3852b1bae 100644
--- a/servconf.h
+++ b/servconf.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: servconf.h,v 1.85 2008/06/10 04:50:25 dtucker Exp $ */ 1/* $OpenBSD: servconf.h,v 1.87 2009/01/22 10:02:34 djm Exp $ */
2 2
3/* 3/*
4 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -41,9 +41,9 @@
41#define INTERNAL_SFTP_NAME "internal-sftp" 41#define INTERNAL_SFTP_NAME "internal-sftp"
42 42
43typedef struct { 43typedef struct {
44 u_int num_ports; 44 u_int num_ports;
45 u_int ports_from_cmdline; 45 u_int ports_from_cmdline;
46 u_short ports[MAX_PORTS]; /* Port number to listen on. */ 46 int ports[MAX_PORTS]; /* Port number to listen on. */
47 char *listen_addr; /* Address on which the server listens. */ 47 char *listen_addr; /* Address on which the server listens. */
48 struct addrinfo *listen_addrs; /* Addresses on which the server listens. */ 48 struct addrinfo *listen_addrs; /* Addresses on which the server listens. */
49 int address_family; /* Address family used by the server. */ 49 int address_family; /* Address family used by the server. */
@@ -91,13 +91,16 @@ typedef struct {
91 int kerberos_get_afs_token; /* If true, try to get AFS token if 91 int kerberos_get_afs_token; /* If true, try to get AFS token if
92 * authenticated with Kerberos. */ 92 * authenticated with Kerberos. */
93 int gss_authentication; /* If true, permit GSSAPI authentication */ 93 int gss_authentication; /* If true, permit GSSAPI authentication */
94 int gss_keyex; /* If true, permit GSSAPI key exchange */ 94 int gss_keyex; /* If true, permit GSSAPI key exchange */
95 int gss_cleanup_creds; /* If true, destroy cred cache on logout */ 95 int gss_cleanup_creds; /* If true, destroy cred cache on logout */
96 int gss_strict_acceptor; /* If true, restrict the GSSAPI acceptor name */ 96 int gss_strict_acceptor; /* If true, restrict the GSSAPI acceptor name */
97 int gss_store_rekey;
97 int password_authentication; /* If true, permit password 98 int password_authentication; /* If true, permit password
98 * authentication. */ 99 * authentication. */
99 int kbd_interactive_authentication; /* If true, permit */ 100 int kbd_interactive_authentication; /* If true, permit */
100 int challenge_response_authentication; 101 int challenge_response_authentication;
102 int zero_knowledge_password_authentication;
103 /* If true, permit jpake auth */
101 int permit_blacklisted_keys; /* If true, permit */ 104 int permit_blacklisted_keys; /* If true, permit */
102 int permit_empty_passwd; /* If false, do not permit empty 105 int permit_empty_passwd; /* If false, do not permit empty
103 * passwords. */ 106 * passwords. */
diff --git a/serverloop.c b/serverloop.c
index 6a3e2af10..f6419b592 100644
--- a/serverloop.c
+++ b/serverloop.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: serverloop.c,v 1.153 2008/06/30 12:15:39 djm Exp $ */ 1/* $OpenBSD: serverloop.c,v 1.157 2009/02/12 03:16:01 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -942,7 +942,7 @@ server_request_direct_tcpip(void)
942{ 942{
943 Channel *c; 943 Channel *c;
944 char *target, *originator; 944 char *target, *originator;
945 int target_port, originator_port; 945 u_short target_port, originator_port;
946 946
947 target = packet_get_string(NULL); 947 target = packet_get_string(NULL);
948 target_port = packet_get_int(); 948 target_port = packet_get_int();
@@ -1095,7 +1095,7 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt)
1095{ 1095{
1096 char *rtype; 1096 char *rtype;
1097 int want_reply; 1097 int want_reply;
1098 int success = 0; 1098 int success = 0, allocated_listen_port = 0;
1099 1099
1100 rtype = packet_get_string(NULL); 1100 rtype = packet_get_string(NULL);
1101 want_reply = packet_get_char(); 1101 want_reply = packet_get_char();
@@ -1117,7 +1117,8 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt)
1117 1117
1118 /* check permissions */ 1118 /* check permissions */
1119 if (!options.allow_tcp_forwarding || 1119 if (!options.allow_tcp_forwarding ||
1120 no_port_forwarding_flag 1120 no_port_forwarding_flag ||
1121 (!want_reply && listen_port == 0)
1121#ifndef NO_IPPORT_RESERVED_CONCEPT 1122#ifndef NO_IPPORT_RESERVED_CONCEPT
1122 || (listen_port < IPPORT_RESERVED && pw->pw_uid != 0) 1123 || (listen_port < IPPORT_RESERVED && pw->pw_uid != 0)
1123#endif 1124#endif
@@ -1127,7 +1128,8 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt)
1127 } else { 1128 } else {
1128 /* Start listening on the port */ 1129 /* Start listening on the port */
1129 success = channel_setup_remote_fwd_listener( 1130 success = channel_setup_remote_fwd_listener(
1130 listen_address, listen_port, options.gateway_ports); 1131 listen_address, listen_port,
1132 &allocated_listen_port, options.gateway_ports);
1131 } 1133 }
1132 xfree(listen_address); 1134 xfree(listen_address);
1133 } else if (strcmp(rtype, "cancel-tcpip-forward") == 0) { 1135 } else if (strcmp(rtype, "cancel-tcpip-forward") == 0) {
@@ -1149,6 +1151,8 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt)
1149 if (want_reply) { 1151 if (want_reply) {
1150 packet_start(success ? 1152 packet_start(success ?
1151 SSH2_MSG_REQUEST_SUCCESS : SSH2_MSG_REQUEST_FAILURE); 1153 SSH2_MSG_REQUEST_SUCCESS : SSH2_MSG_REQUEST_FAILURE);
1154 if (success && allocated_listen_port > 0)
1155 packet_put_int(allocated_listen_port);
1152 packet_send(); 1156 packet_send();
1153 packet_write_wait(); 1157 packet_write_wait();
1154 } 1158 }
@@ -1202,9 +1206,9 @@ server_init_dispatch_20(void)
1202 dispatch_set(SSH2_MSG_CHANNEL_REQUEST, &server_input_channel_req); 1206 dispatch_set(SSH2_MSG_CHANNEL_REQUEST, &server_input_channel_req);
1203 dispatch_set(SSH2_MSG_CHANNEL_WINDOW_ADJUST, &channel_input_window_adjust); 1207 dispatch_set(SSH2_MSG_CHANNEL_WINDOW_ADJUST, &channel_input_window_adjust);
1204 dispatch_set(SSH2_MSG_GLOBAL_REQUEST, &server_input_global_request); 1208 dispatch_set(SSH2_MSG_GLOBAL_REQUEST, &server_input_global_request);
1205 dispatch_set(SSH2_MSG_CHANNEL_SUCCESS, &channel_input_status_confirm);
1206 dispatch_set(SSH2_MSG_CHANNEL_FAILURE, &channel_input_status_confirm);
1207 /* client_alive */ 1209 /* client_alive */
1210 dispatch_set(SSH2_MSG_CHANNEL_SUCCESS, &server_input_keep_alive);
1211 dispatch_set(SSH2_MSG_CHANNEL_FAILURE, &server_input_keep_alive);
1208 dispatch_set(SSH2_MSG_REQUEST_SUCCESS, &server_input_keep_alive); 1212 dispatch_set(SSH2_MSG_REQUEST_SUCCESS, &server_input_keep_alive);
1209 dispatch_set(SSH2_MSG_REQUEST_FAILURE, &server_input_keep_alive); 1213 dispatch_set(SSH2_MSG_REQUEST_FAILURE, &server_input_keep_alive);
1210 /* rekeying */ 1214 /* rekeying */
diff --git a/session.c b/session.c
index 93babf957..f2549e0cd 100644
--- a/session.c
+++ b/session.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: session.c,v 1.241 2008/06/16 13:22:53 dtucker Exp $ */ 1/* $OpenBSD: session.c,v 1.245 2009/01/22 09:46:01 djm Exp $ */
2/* 2/*
3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4 * All rights reserved 4 * All rights reserved
@@ -95,6 +95,12 @@
95#include <kafs.h> 95#include <kafs.h>
96#endif 96#endif
97 97
98#define IS_INTERNAL_SFTP(c) \
99 (!strncmp(c, INTERNAL_SFTP_NAME, sizeof(INTERNAL_SFTP_NAME) - 1) && \
100 (c[sizeof(INTERNAL_SFTP_NAME) - 1] == '\0' || \
101 c[sizeof(INTERNAL_SFTP_NAME) - 1] == ' ' || \
102 c[sizeof(INTERNAL_SFTP_NAME) - 1] == '\t'))
103
98/* func */ 104/* func */
99 105
100Session *session_new(void); 106Session *session_new(void);
@@ -228,7 +234,7 @@ auth_input_request_forwarding(struct passwd * pw)
228 SSH_CHANNEL_AUTH_SOCKET, sock, sock, -1, 234 SSH_CHANNEL_AUTH_SOCKET, sock, sock, -1,
229 CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT, 235 CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT,
230 0, "auth socket", 1); 236 0, "auth socket", 1);
231 strlcpy(nc->path, auth_sock_name, sizeof(nc->path)); 237 nc->path = xstrdup(auth_sock_name);
232 return 1; 238 return 1;
233 239
234 authsock_err: 240 authsock_err:
@@ -781,7 +787,7 @@ do_exec(Session *s, const char *command)
781 if (options.adm_forced_command) { 787 if (options.adm_forced_command) {
782 original_command = command; 788 original_command = command;
783 command = options.adm_forced_command; 789 command = options.adm_forced_command;
784 if (strcmp(INTERNAL_SFTP_NAME, command) == 0) 790 if (IS_INTERNAL_SFTP(command))
785 s->is_subsystem = SUBSYSTEM_INT_SFTP; 791 s->is_subsystem = SUBSYSTEM_INT_SFTP;
786 else if (s->is_subsystem) 792 else if (s->is_subsystem)
787 s->is_subsystem = SUBSYSTEM_EXT; 793 s->is_subsystem = SUBSYSTEM_EXT;
@@ -789,7 +795,7 @@ do_exec(Session *s, const char *command)
789 } else if (forced_command) { 795 } else if (forced_command) {
790 original_command = command; 796 original_command = command;
791 command = forced_command; 797 command = forced_command;
792 if (strcmp(INTERNAL_SFTP_NAME, command) == 0) 798 if (IS_INTERNAL_SFTP(command))
793 s->is_subsystem = SUBSYSTEM_INT_SFTP; 799 s->is_subsystem = SUBSYSTEM_INT_SFTP;
794 else if (s->is_subsystem) 800 else if (s->is_subsystem)
795 s->is_subsystem = SUBSYSTEM_EXT; 801 s->is_subsystem = SUBSYSTEM_EXT;
@@ -926,7 +932,7 @@ check_quietlogin(Session *s, const char *command)
926 932
927/* 933/*
928 * Sets the value of the given variable in the environment. If the variable 934 * Sets the value of the given variable in the environment. If the variable
929 * already exists, its value is overriden. 935 * already exists, its value is overridden.
930 */ 936 */
931void 937void
932child_set_env(char ***envp, u_int *envsizep, const char *name, 938child_set_env(char ***envp, u_int *envsizep, const char *name,
@@ -1789,7 +1795,7 @@ do_child(Session *s, const char *command)
1789 char *p, *args; 1795 char *p, *args;
1790 1796
1791 setproctitle("%s@internal-sftp-server", s->pw->pw_name); 1797 setproctitle("%s@internal-sftp-server", s->pw->pw_name);
1792 args = strdup(command ? command : "sftp-server"); 1798 args = xstrdup(command ? command : "sftp-server");
1793 for (i = 0, (p = strtok(args, " ")); p; (p = strtok(NULL, " "))) 1799 for (i = 0, (p = strtok(args, " ")); p; (p = strtok(NULL, " ")))
1794 if (i < ARGV_MAX - 1) 1800 if (i < ARGV_MAX - 1)
1795 argv[i++] = p; 1801 argv[i++] = p;
diff --git a/sftp-server-main.c b/sftp-server-main.c
index 2b14569e4..7e644ab89 100644
--- a/sftp-server-main.c
+++ b/sftp-server-main.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sftp-server-main.c,v 1.3 2008/03/26 23:44:41 djm Exp $ */ 1/* $OpenBSD: sftp-server-main.c,v 1.4 2009/02/21 19:32:04 tobias Exp $ */
2/* 2/*
3 * Copyright (c) 2008 Markus Friedl. All rights reserved. 3 * Copyright (c) 2008 Markus Friedl. All rights reserved.
4 * 4 *
@@ -42,7 +42,8 @@ main(int argc, char **argv)
42 sanitise_stdfd(); 42 sanitise_stdfd();
43 43
44 if ((user_pw = getpwuid(getuid())) == NULL) { 44 if ((user_pw = getpwuid(getuid())) == NULL) {
45 fprintf(stderr, "No user found for uid %lu", (u_long)getuid()); 45 fprintf(stderr, "No user found for uid %lu\n",
46 (u_long)getuid());
46 return 1; 47 return 1;
47 } 48 }
48 49
diff --git a/sftp-server.0 b/sftp-server.0
index 941e99e14..510ceb64b 100644
--- a/sftp-server.0
+++ b/sftp-server.0
@@ -47,4 +47,4 @@ HISTORY
47AUTHORS 47AUTHORS
48 Markus Friedl <markus@openbsd.org> 48 Markus Friedl <markus@openbsd.org>
49 49
50OpenBSD 4.4 July 18, 2008 1 50OpenBSD 4.5 July 18, 2008 1
diff --git a/sftp.0 b/sftp.0
index 965e1fa18..4835c4f28 100644
--- a/sftp.0
+++ b/sftp.0
@@ -7,8 +7,8 @@ SYNOPSIS
7 sftp [-1Cv] [-B buffer_size] [-b batchfile] [-F ssh_config] 7 sftp [-1Cv] [-B buffer_size] [-b batchfile] [-F ssh_config]
8 [-o ssh_option] [-P sftp_server_path] [-R num_requests] [-S program] 8 [-o ssh_option] [-P sftp_server_path] [-R num_requests] [-S program]
9 [-s subsystem | sftp_server] host 9 [-s subsystem | sftp_server] host
10 sftp [[user@]host[:file [file]]] 10 sftp [user@]host[:file ...]
11 sftp [[user@]host[:dir[/]]] 11 sftp [user@]host[:dir[/]]
12 sftp -b batchfile [user@]host 12 sftp -b batchfile [user@]host
13 13
14DESCRIPTION 14DESCRIPTION
@@ -257,7 +257,7 @@ INTERACTIVE COMMANDS
257 version 257 version
258 Display the sftp protocol version. 258 Display the sftp protocol version.
259 259
260 ! command 260 !command
261 Execute command in local shell. 261 Execute command in local shell.
262 262
263 ! Escape to local shell. 263 ! Escape to local shell.
@@ -271,4 +271,4 @@ SEE ALSO
271 T. Ylonen and S. Lehtinen, SSH File Transfer Protocol, draft-ietf-secsh- 271 T. Ylonen and S. Lehtinen, SSH File Transfer Protocol, draft-ietf-secsh-
272 filexfer-00.txt, January 2001, work in progress material. 272 filexfer-00.txt, January 2001, work in progress material.
273 273
274OpenBSD 4.4 July 15, 2008 5 274OpenBSD 4.5 December 9, 2008 5
diff --git a/sftp.1 b/sftp.1
index b4f9a6884..37ccb3a38 100644
--- a/sftp.1
+++ b/sftp.1
@@ -1,4 +1,4 @@
1.\" $OpenBSD: sftp.1,v 1.67 2008/07/15 02:23:14 djm Exp $ 1.\" $OpenBSD: sftp.1,v 1.69 2008/12/09 15:35:00 sobrado Exp $
2.\" 2.\"
3.\" Copyright (c) 2001 Damien Miller. All rights reserved. 3.\" Copyright (c) 2001 Damien Miller. All rights reserved.
4.\" 4.\"
@@ -22,7 +22,7 @@
22.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 22.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 23.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24.\" 24.\"
25.Dd $Mdocdate: July 15 2008 $ 25.Dd $Mdocdate: December 9 2008 $
26.Dt SFTP 1 26.Dt SFTP 1
27.Os 27.Os
28.Sh NAME 28.Sh NAME
@@ -43,13 +43,12 @@
43.Ar host 43.Ar host
44.Ek 44.Ek
45.Nm sftp 45.Nm sftp
46.Oo Oo Ar user Ns @ Oc Ns 46.Oo Ar user Ns @ Oc Ns
47.Ar host Ns Oo : Ns Ar file Oo 47.Ar host Ns Op : Ns Ar
48.Ar file Oc Oc Oc
49.Nm sftp 48.Nm sftp
50.Oo Oo Ar user Ns @ Oc Ns 49.Oo Ar user Ns @ Oc Ns
51.Ar host Ns Oo : Ns Ar dir Ns 50.Ar host Ns Oo : Ns Ar dir Ns
52.Oo Ar / Oc Oc Oc 51.Op Ar / Oc
53.Nm sftp 52.Nm sftp
54.Fl b Ar batchfile 53.Fl b Ar batchfile
55.Oo Ar user Ns @ Oc Ns Ar host 54.Oo Ar user Ns @ Oc Ns Ar host
@@ -442,7 +441,7 @@ to
442Display the 441Display the
443.Nm 442.Nm
444protocol version. 443protocol version.
445.It Ic \&! Ar command 444.It Ic \&! Ns Ar command
446Execute 445Execute
447.Ar command 446.Ar command
448in local shell. 447in local shell.
diff --git a/sftp.c b/sftp.c
index e1aa49d0f..66bd111b1 100644
--- a/sftp.c
+++ b/sftp.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sftp.c,v 1.103 2008/07/13 22:16:03 djm Exp $ */ 1/* $OpenBSD: sftp.c,v 1.107 2009/02/02 11:15:14 dtucker Exp $ */
2/* 2/*
3 * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org> 3 * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
4 * 4 *
@@ -207,36 +207,37 @@ cmd_interrupt(int signo)
207static void 207static void
208help(void) 208help(void)
209{ 209{
210 printf("Available commands:\n"); 210 printf("Available commands:\n"
211 printf("cd path Change remote directory to 'path'\n"); 211 "bye Quit sftp\n"
212 printf("lcd path Change local directory to 'path'\n"); 212 "cd path Change remote directory to 'path'\n"
213 printf("chgrp grp path Change group of file 'path' to 'grp'\n"); 213 "chgrp grp path Change group of file 'path' to 'grp'\n"
214 printf("chmod mode path Change permissions of file 'path' to 'mode'\n"); 214 "chmod mode path Change permissions of file 'path' to 'mode'\n"
215 printf("chown own path Change owner of file 'path' to 'own'\n"); 215 "chown own path Change owner of file 'path' to 'own'\n"
216 printf("df [path] Display statistics for current directory or\n"); 216 "df [-hi] [path] Display statistics for current directory or\n"
217 printf(" filesystem containing 'path'\n"); 217 " filesystem containing 'path'\n"
218 printf("help Display this help text\n"); 218 "exit Quit sftp\n"
219 printf("get remote-path [local-path] Download file\n"); 219 "get [-P] remote-path [local-path] Download file\n"
220 printf("lls [ls-options [path]] Display local directory listing\n"); 220 "help Display this help text\n"
221 printf("ln oldpath newpath Symlink remote file\n"); 221 "lcd path Change local directory to 'path'\n"
222 printf("lmkdir path Create local directory\n"); 222 "lls [ls-options [path]] Display local directory listing\n"
223 printf("lpwd Print local working directory\n"); 223 "lmkdir path Create local directory\n"
224 printf("ls [path] Display remote directory listing\n"); 224 "ln oldpath newpath Symlink remote file\n"
225 printf("lumask umask Set local umask to 'umask'\n"); 225 "lpwd Print local working directory\n"
226 printf("mkdir path Create remote directory\n"); 226 "ls [-1aflnrSt] [path] Display remote directory listing\n"
227 printf("progress Toggle display of progress meter\n"); 227 "lumask umask Set local umask to 'umask'\n"
228 printf("put local-path [remote-path] Upload file\n"); 228 "mkdir path Create remote directory\n"
229 printf("pwd Display remote working directory\n"); 229 "progress Toggle display of progress meter\n"
230 printf("exit Quit sftp\n"); 230 "put [-P] local-path [remote-path] Upload file\n"
231 printf("quit Quit sftp\n"); 231 "pwd Display remote working directory\n"
232 printf("rename oldpath newpath Rename remote file\n"); 232 "quit Quit sftp\n"
233 printf("rmdir path Remove remote directory\n"); 233 "rename oldpath newpath Rename remote file\n"
234 printf("rm path Delete remote file\n"); 234 "rm path Delete remote file\n"
235 printf("symlink oldpath newpath Symlink remote file\n"); 235 "rmdir path Remove remote directory\n"
236 printf("version Show SFTP version\n"); 236 "symlink oldpath newpath Symlink remote file\n"
237 printf("!command Execute 'command' in local shell\n"); 237 "version Show SFTP version\n"
238 printf("! Escape to local shell\n"); 238 "!command Execute 'command' in local shell\n"
239 printf("? Synonym for help\n"); 239 "! Escape to local shell\n"
240 "? Synonym for help\n");
240} 241}
241 242
242static void 243static void
@@ -1234,8 +1235,8 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd,
1234 int err_abort) 1235 int err_abort)
1235{ 1236{
1236 char *path1, *path2, *tmp; 1237 char *path1, *path2, *tmp;
1237 int pflag, lflag, iflag, hflag, cmdnum, i; 1238 int pflag = 0, lflag = 0, iflag = 0, hflag = 0, cmdnum, i;
1238 unsigned long n_arg; 1239 unsigned long n_arg = 0;
1239 Attrib a, *aa; 1240 Attrib a, *aa;
1240 char path_buf[MAXPATHLEN]; 1241 char path_buf[MAXPATHLEN];
1241 int err = 0; 1242 int err = 0;
@@ -1386,17 +1387,19 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd,
1386 remote_glob(conn, path1, GLOB_NOCHECK, NULL, &g); 1387 remote_glob(conn, path1, GLOB_NOCHECK, NULL, &g);
1387 for (i = 0; g.gl_pathv[i] && !interrupted; i++) { 1388 for (i = 0; g.gl_pathv[i] && !interrupted; i++) {
1388 if (!(aa = do_stat(conn, g.gl_pathv[i], 0))) { 1389 if (!(aa = do_stat(conn, g.gl_pathv[i], 0))) {
1389 if (err != 0 && err_abort) 1390 if (err_abort) {
1391 err = -1;
1390 break; 1392 break;
1391 else 1393 } else
1392 continue; 1394 continue;
1393 } 1395 }
1394 if (!(aa->flags & SSH2_FILEXFER_ATTR_UIDGID)) { 1396 if (!(aa->flags & SSH2_FILEXFER_ATTR_UIDGID)) {
1395 error("Can't get current ownership of " 1397 error("Can't get current ownership of "
1396 "remote file \"%s\"", g.gl_pathv[i]); 1398 "remote file \"%s\"", g.gl_pathv[i]);
1397 if (err != 0 && err_abort) 1399 if (err_abort) {
1400 err = -1;
1398 break; 1401 break;
1399 else 1402 } else
1400 continue; 1403 continue;
1401 } 1404 }
1402 aa->flags &= SSH2_FILEXFER_ATTR_UIDGID; 1405 aa->flags &= SSH2_FILEXFER_ATTR_UIDGID;
@@ -1668,8 +1671,8 @@ usage(void)
1668 "usage: %s [-1Cv] [-B buffer_size] [-b batchfile] [-F ssh_config]\n" 1671 "usage: %s [-1Cv] [-B buffer_size] [-b batchfile] [-F ssh_config]\n"
1669 " [-o ssh_option] [-P sftp_server_path] [-R num_requests]\n" 1672 " [-o ssh_option] [-P sftp_server_path] [-R num_requests]\n"
1670 " [-S program] [-s subsystem | sftp_server] host\n" 1673 " [-S program] [-s subsystem | sftp_server] host\n"
1671 " %s [[user@]host[:file [file]]]\n" 1674 " %s [user@]host[:file ...]\n"
1672 " %s [[user@]host[:dir[/]]]\n" 1675 " %s [user@]host[:dir[/]]\n"
1673 " %s -b batchfile [user@]host\n", __progname, __progname, __progname, __progname); 1676 " %s -b batchfile [user@]host\n", __progname, __progname, __progname, __progname);
1674 exit(1); 1677 exit(1);
1675} 1678}
diff --git a/ssh-add.0 b/ssh-add.0
index 3652bb5e5..2ef77d339 100644
--- a/ssh-add.0
+++ b/ssh-add.0
@@ -103,4 +103,4 @@ AUTHORS
103 ated OpenSSH. Markus Friedl contributed the support for SSH protocol 103 ated OpenSSH. Markus Friedl contributed the support for SSH protocol
104 versions 1.5 and 2.0. 104 versions 1.5 and 2.0.
105 105
106OpenBSD 4.4 June 12, 2007 2 106OpenBSD 4.5 June 12, 2007 2
diff --git a/ssh-agent.0 b/ssh-agent.0
index 90348a6b2..c21943212 100644
--- a/ssh-agent.0
+++ b/ssh-agent.0
@@ -114,4 +114,4 @@ AUTHORS
114 ated OpenSSH. Markus Friedl contributed the support for SSH protocol 114 ated OpenSSH. Markus Friedl contributed the support for SSH protocol
115 versions 1.5 and 2.0. 115 versions 1.5 and 2.0.
116 116
117OpenBSD 4.4 June 5, 2007 2 117OpenBSD 4.5 June 5, 2007 2
diff --git a/ssh-gss.h b/ssh-gss.h
index 4e9e357b5..31d5a0835 100644
--- a/ssh-gss.h
+++ b/ssh-gss.h
@@ -1,6 +1,6 @@
1/* $OpenBSD: ssh-gss.h,v 1.10 2007/06/12 08:20:00 djm Exp $ */ 1/* $OpenBSD: ssh-gss.h,v 1.10 2007/06/12 08:20:00 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. 3 * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved.
4 * 4 *
5 * Redistribution and use in source and binary forms, with or without 5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions 6 * modification, are permitted provided that the following conditions
@@ -75,6 +75,7 @@ typedef struct {
75 char *filename; 75 char *filename;
76 char *envvar; 76 char *envvar;
77 char *envval; 77 char *envval;
78 struct passwd *owner;
78 void *data; 79 void *data;
79} ssh_gssapi_ccache; 80} ssh_gssapi_ccache;
80 81
@@ -82,8 +83,11 @@ typedef struct {
82 gss_buffer_desc displayname; 83 gss_buffer_desc displayname;
83 gss_buffer_desc exportedname; 84 gss_buffer_desc exportedname;
84 gss_cred_id_t creds; 85 gss_cred_id_t creds;
86 gss_name_t name;
85 struct ssh_gssapi_mech_struct *mech; 87 struct ssh_gssapi_mech_struct *mech;
86 ssh_gssapi_ccache store; 88 ssh_gssapi_ccache store;
89 int used;
90 int updated;
87} ssh_gssapi_client; 91} ssh_gssapi_client;
88 92
89typedef struct ssh_gssapi_mech_struct { 93typedef struct ssh_gssapi_mech_struct {
@@ -94,6 +98,7 @@ typedef struct ssh_gssapi_mech_struct {
94 int (*userok) (ssh_gssapi_client *, char *); 98 int (*userok) (ssh_gssapi_client *, char *);
95 int (*localname) (ssh_gssapi_client *, char **); 99 int (*localname) (ssh_gssapi_client *, char **);
96 void (*storecreds) (ssh_gssapi_client *); 100 void (*storecreds) (ssh_gssapi_client *);
101 int (*updatecreds) (ssh_gssapi_ccache *, ssh_gssapi_client *);
97} ssh_gssapi_mech; 102} ssh_gssapi_mech;
98 103
99typedef struct { 104typedef struct {
@@ -104,7 +109,7 @@ typedef struct {
104 gss_OID oid; /* client */ 109 gss_OID oid; /* client */
105 gss_cred_id_t creds; /* server */ 110 gss_cred_id_t creds; /* server */
106 gss_name_t client; /* server */ 111 gss_name_t client; /* server */
107 gss_cred_id_t client_creds; /* server */ 112 gss_cred_id_t client_creds; /* both */
108} Gssctxt; 113} Gssctxt;
109 114
110extern ssh_gssapi_mech *supported_mechs[]; 115extern ssh_gssapi_mech *supported_mechs[];
@@ -128,16 +133,21 @@ void ssh_gssapi_build_ctx(Gssctxt **);
128void ssh_gssapi_delete_ctx(Gssctxt **); 133void ssh_gssapi_delete_ctx(Gssctxt **);
129OM_uint32 ssh_gssapi_sign(Gssctxt *, gss_buffer_t, gss_buffer_t); 134OM_uint32 ssh_gssapi_sign(Gssctxt *, gss_buffer_t, gss_buffer_t);
130void ssh_gssapi_buildmic(Buffer *, const char *, const char *, const char *); 135void ssh_gssapi_buildmic(Buffer *, const char *, const char *, const char *);
131int ssh_gssapi_check_mechanism(Gssctxt **, gss_OID, const char *); 136int ssh_gssapi_check_mechanism(Gssctxt **, gss_OID, const char *, const char *);
137OM_uint32 ssh_gssapi_client_identity(Gssctxt *, const char *);
138int ssh_gssapi_credentials_updated(Gssctxt *);
132 139
133/* In the server */ 140/* In the server */
134typedef int ssh_gssapi_check_fn(Gssctxt **, gss_OID, const char *); 141typedef int ssh_gssapi_check_fn(Gssctxt **, gss_OID, const char *,
135char *ssh_gssapi_client_mechanisms(const char *host); 142 const char *);
136char *ssh_gssapi_kex_mechs(gss_OID_set, ssh_gssapi_check_fn *, const char *); 143char *ssh_gssapi_client_mechanisms(const char *, const char *);
144char *ssh_gssapi_kex_mechs(gss_OID_set, ssh_gssapi_check_fn *, const char *,
145 const char *);
137gss_OID ssh_gssapi_id_kex(Gssctxt *, char *, int); 146gss_OID ssh_gssapi_id_kex(Gssctxt *, char *, int);
138int ssh_gssapi_server_check_mech(Gssctxt **,gss_OID, const char *); 147int ssh_gssapi_server_check_mech(Gssctxt **,gss_OID, const char *,
148 const char *);
139OM_uint32 ssh_gssapi_server_ctx(Gssctxt **, gss_OID); 149OM_uint32 ssh_gssapi_server_ctx(Gssctxt **, gss_OID);
140int ssh_gssapi_userok(char *name); 150int ssh_gssapi_userok(char *name, struct passwd *);
141OM_uint32 ssh_gssapi_checkmic(Gssctxt *, gss_buffer_t, gss_buffer_t); 151OM_uint32 ssh_gssapi_checkmic(Gssctxt *, gss_buffer_t, gss_buffer_t);
142void ssh_gssapi_do_child(char ***, u_int *); 152void ssh_gssapi_do_child(char ***, u_int *);
143void ssh_gssapi_cleanup_creds(void); 153void ssh_gssapi_cleanup_creds(void);
@@ -145,6 +155,8 @@ void ssh_gssapi_storecreds(void);
145 155
146char *ssh_gssapi_server_mechanisms(void); 156char *ssh_gssapi_server_mechanisms(void);
147int ssh_gssapi_oid_table_ok(); 157int ssh_gssapi_oid_table_ok();
158
159int ssh_gssapi_update_creds(ssh_gssapi_ccache *store);
148#endif /* GSSAPI */ 160#endif /* GSSAPI */
149 161
150#endif /* _SSH_GSS_H */ 162#endif /* _SSH_GSS_H */
diff --git a/ssh-keygen.0 b/ssh-keygen.0
index ca8b5cf8c..b08d43b6d 100644
--- a/ssh-keygen.0
+++ b/ssh-keygen.0
@@ -14,7 +14,7 @@ SYNOPSIS
14 ssh-keygen -l [-f input_keyfile] 14 ssh-keygen -l [-f input_keyfile]
15 ssh-keygen -B [-f input_keyfile] 15 ssh-keygen -B [-f input_keyfile]
16 ssh-keygen -D reader 16 ssh-keygen -D reader
17 ssh-keygen -F hostname [-f known_hosts_file] 17 ssh-keygen -F hostname [-f known_hosts_file] [-l]
18 ssh-keygen -H [-f known_hosts_file] 18 ssh-keygen -H [-f known_hosts_file]
19 ssh-keygen -R hostname [-f known_hosts_file] 19 ssh-keygen -R hostname [-f known_hosts_file]
20 ssh-keygen -U reader [-f input_keyfile] 20 ssh-keygen -U reader [-f input_keyfile]
@@ -286,4 +286,4 @@ AUTHORS
286 created OpenSSH. Markus Friedl contributed the support for SSH protocol 286 created OpenSSH. Markus Friedl contributed the support for SSH protocol
287 versions 1.5 and 2.0. 287 versions 1.5 and 2.0.
288 288
289OpenBSD 4.4 June 12, 2008 5 289OpenBSD 4.5 July 24, 2008 5
diff --git a/ssh-keygen.1 b/ssh-keygen.1
index cd6064f37..34f0204dd 100644
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -1,4 +1,4 @@
1.\" $OpenBSD: ssh-keygen.1,v 1.78 2008/06/12 19:10:09 jmc Exp $ 1.\" $OpenBSD: ssh-keygen.1,v 1.79 2008/07/24 23:55:30 sthen Exp $
2.\" 2.\"
3.\" -*- nroff -*- 3.\" -*- nroff -*-
4.\" 4.\"
@@ -37,7 +37,7 @@
37.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 37.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
38.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 38.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
39.\" 39.\"
40.Dd $Mdocdate: June 12 2008 $ 40.Dd $Mdocdate: July 24 2008 $
41.Dt SSH-KEYGEN 1 41.Dt SSH-KEYGEN 1
42.Os 42.Os
43.Sh NAME 43.Sh NAME
@@ -83,6 +83,7 @@
83.Nm ssh-keygen 83.Nm ssh-keygen
84.Fl F Ar hostname 84.Fl F Ar hostname
85.Op Fl f Ar known_hosts_file 85.Op Fl f Ar known_hosts_file
86.Op Fl l
86.Nm ssh-keygen 87.Nm ssh-keygen
87.Fl H 88.Fl H
88.Op Fl f Ar known_hosts_file 89.Op Fl f Ar known_hosts_file
diff --git a/ssh-keygen.c b/ssh-keygen.c
index f7e284062..5765cff08 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-keygen.c,v 1.171 2008/07/13 21:22:52 sthen Exp $ */ 1/* $OpenBSD: ssh-keygen.c,v 1.173 2009/02/21 19:32:04 tobias Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -135,7 +135,7 @@ ask_filename(struct passwd *pw, const char *prompt)
135 name = _PATH_SSH_CLIENT_ID_RSA; 135 name = _PATH_SSH_CLIENT_ID_RSA;
136 break; 136 break;
137 default: 137 default:
138 fprintf(stderr, "bad key type"); 138 fprintf(stderr, "bad key type\n");
139 exit(1); 139 exit(1);
140 break; 140 break;
141 } 141 }
@@ -421,7 +421,7 @@ do_convert_from_ssh2(struct passwd *pw)
421 PEM_write_RSAPrivateKey(stdout, k->rsa, NULL, NULL, 0, NULL, NULL)) : 421 PEM_write_RSAPrivateKey(stdout, k->rsa, NULL, NULL, 0, NULL, NULL)) :
422 key_write(k, stdout); 422 key_write(k, stdout);
423 if (!ok) { 423 if (!ok) {
424 fprintf(stderr, "key write failed"); 424 fprintf(stderr, "key write failed\n");
425 exit(1); 425 exit(1);
426 } 426 }
427 key_free(k); 427 key_free(k);
@@ -1015,11 +1015,11 @@ do_change_comment(struct passwd *pw)
1015 } 1015 }
1016 f = fdopen(fd, "w"); 1016 f = fdopen(fd, "w");
1017 if (f == NULL) { 1017 if (f == NULL) {
1018 printf("fdopen %s failed", identity_file); 1018 printf("fdopen %s failed\n", identity_file);
1019 exit(1); 1019 exit(1);
1020 } 1020 }
1021 if (!key_write(public, f)) 1021 if (!key_write(public, f))
1022 fprintf(stderr, "write key failed"); 1022 fprintf(stderr, "write key failed\n");
1023 key_free(public); 1023 key_free(public);
1024 fprintf(f, " %s\n", new_comment); 1024 fprintf(f, " %s\n", new_comment);
1025 fclose(f); 1025 fclose(f);
@@ -1366,7 +1366,7 @@ main(int argc, char **argv)
1366 printf("Generating public/private %s key pair.\n", key_type_name); 1366 printf("Generating public/private %s key pair.\n", key_type_name);
1367 private = key_generate(type, bits); 1367 private = key_generate(type, bits);
1368 if (private == NULL) { 1368 if (private == NULL) {
1369 fprintf(stderr, "key_generate failed"); 1369 fprintf(stderr, "key_generate failed\n");
1370 exit(1); 1370 exit(1);
1371 } 1371 }
1372 public = key_from_private(private); 1372 public = key_from_private(private);
@@ -1426,7 +1426,7 @@ passphrase_again:
1426 if (identity_comment) { 1426 if (identity_comment) {
1427 strlcpy(comment, identity_comment, sizeof(comment)); 1427 strlcpy(comment, identity_comment, sizeof(comment));
1428 } else { 1428 } else {
1429 /* Create default commend field for the passphrase. */ 1429 /* Create default comment field for the passphrase. */
1430 snprintf(comment, sizeof comment, "%s@%s", pw->pw_name, hostname); 1430 snprintf(comment, sizeof comment, "%s@%s", pw->pw_name, hostname);
1431 } 1431 }
1432 1432
@@ -1456,11 +1456,11 @@ passphrase_again:
1456 } 1456 }
1457 f = fdopen(fd, "w"); 1457 f = fdopen(fd, "w");
1458 if (f == NULL) { 1458 if (f == NULL) {
1459 printf("fdopen %s failed", identity_file); 1459 printf("fdopen %s failed\n", identity_file);
1460 exit(1); 1460 exit(1);
1461 } 1461 }
1462 if (!key_write(public, f)) 1462 if (!key_write(public, f))
1463 fprintf(stderr, "write key failed"); 1463 fprintf(stderr, "write key failed\n");
1464 fprintf(f, " %s\n", comment); 1464 fprintf(f, " %s\n", comment);
1465 fclose(f); 1465 fclose(f);
1466 1466
diff --git a/ssh-keyscan.0 b/ssh-keyscan.0
index 5cd68816c..dadfd4b63 100644
--- a/ssh-keyscan.0
+++ b/ssh-keyscan.0
@@ -5,7 +5,7 @@ NAME
5 5
6SYNOPSIS 6SYNOPSIS
7 ssh-keyscan [-46Hv] [-f file] [-p port] [-T timeout] [-t type] 7 ssh-keyscan [-46Hv] [-f file] [-p port] [-T timeout] [-t type]
8 [host | addrlist namelist] [...] 8 [host | addrlist namelist] ...
9 9
10DESCRIPTION 10DESCRIPTION
11 ssh-keyscan is a utility for gathering the public ssh host keys of a num- 11 ssh-keyscan is a utility for gathering the public ssh host keys of a num-
@@ -80,7 +80,7 @@ FILES
80 /etc/ssh/ssh_known_hosts 80 /etc/ssh/ssh_known_hosts
81 81
82EXAMPLES 82EXAMPLES
83 Print the rsa1 host key for machine hostname: 83 Print the rsa host key for machine hostname:
84 84
85 $ ssh-keyscan hostname 85 $ ssh-keyscan hostname
86 86
@@ -104,4 +104,4 @@ BUGS
104 This is because it opens a connection to the ssh port, reads the public 104 This is because it opens a connection to the ssh port, reads the public
105 key, and drops the connection as soon as it gets the key. 105 key, and drops the connection as soon as it gets the key.
106 106
107OpenBSD 4.4 April 30, 2008 2 107OpenBSD 4.5 December 29, 2008 2
diff --git a/ssh-keyscan.1 b/ssh-keyscan.1
index 8a4f3bcba..4a5864566 100644
--- a/ssh-keyscan.1
+++ b/ssh-keyscan.1
@@ -1,4 +1,4 @@
1.\" $OpenBSD: ssh-keyscan.1,v 1.24 2008/04/30 10:14:03 djm Exp $ 1.\" $OpenBSD: ssh-keyscan.1,v 1.26 2008/12/29 01:12:36 stevesk Exp $
2.\" 2.\"
3.\" Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. 3.\" Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
4.\" 4.\"
@@ -6,7 +6,7 @@
6.\" permitted provided that due credit is given to the author and the 6.\" permitted provided that due credit is given to the author and the
7.\" OpenBSD project by leaving this copyright notice intact. 7.\" OpenBSD project by leaving this copyright notice intact.
8.\" 8.\"
9.Dd $Mdocdate: April 30 2008 $ 9.Dd $Mdocdate: December 29 2008 $
10.Dt SSH-KEYSCAN 1 10.Dt SSH-KEYSCAN 1
11.Os 11.Os
12.Sh NAME 12.Sh NAME
@@ -21,7 +21,7 @@
21.Op Fl T Ar timeout 21.Op Fl T Ar timeout
22.Op Fl t Ar type 22.Op Fl t Ar type
23.Op Ar host | addrlist namelist 23.Op Ar host | addrlist namelist
24.Op Ar ... 24.Ar ...
25.Ek 25.Ek
26.Sh DESCRIPTION 26.Sh DESCRIPTION
27.Nm 27.Nm
@@ -137,7 +137,7 @@ or
137.Pa /etc/ssh/ssh_known_hosts 137.Pa /etc/ssh/ssh_known_hosts
138.Sh EXAMPLES 138.Sh EXAMPLES
139Print the 139Print the
140.Pa rsa1 140.Pa rsa
141host key for machine 141host key for machine
142.Pa hostname : 142.Pa hostname :
143.Bd -literal 143.Bd -literal
diff --git a/ssh-keyscan.c b/ssh-keyscan.c
index d81077764..9a91be499 100644
--- a/ssh-keyscan.c
+++ b/ssh-keyscan.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-keyscan.c,v 1.76 2008/04/30 10:14:03 djm Exp $ */ 1/* $OpenBSD: ssh-keyscan.c,v 1.78 2009/01/22 10:02:34 djm Exp $ */
2/* 2/*
3 * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. 3 * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
4 * 4 *
@@ -713,8 +713,9 @@ fatal(const char *fmt,...)
713static void 713static void
714usage(void) 714usage(void)
715{ 715{
716 fprintf(stderr, "usage: %s [-46Hv] [-f file] [-p port] [-T timeout] [-t type]\n" 716 fprintf(stderr,
717 "\t\t [host | addrlist namelist] [...]\n", 717 "usage: %s [-46Hv] [-f file] [-p port] [-T timeout] [-t type]\n"
718 "\t\t [host | addrlist namelist] ...\n",
718 __progname); 719 __progname);
719 exit(1); 720 exit(1);
720} 721}
@@ -747,7 +748,7 @@ main(int argc, char **argv)
747 break; 748 break;
748 case 'p': 749 case 'p':
749 ssh_port = a2port(optarg); 750 ssh_port = a2port(optarg);
750 if (ssh_port == 0) { 751 if (ssh_port <= 0) {
751 fprintf(stderr, "Bad port '%s'\n", optarg); 752 fprintf(stderr, "Bad port '%s'\n", optarg);
752 exit(1); 753 exit(1);
753 } 754 }
diff --git a/ssh-keysign.0 b/ssh-keysign.0
index 07ffeca5c..5da5e5388 100644
--- a/ssh-keysign.0
+++ b/ssh-keysign.0
@@ -39,4 +39,4 @@ HISTORY
39AUTHORS 39AUTHORS
40 Markus Friedl <markus@openbsd.org> 40 Markus Friedl <markus@openbsd.org>
41 41
42OpenBSD 4.4 May 31, 2007 1 42OpenBSD 4.5 May 31, 2007 1
diff --git a/ssh-rand-helper.0 b/ssh-rand-helper.0
index e1d31c1cd..690e14159 100644
--- a/ssh-rand-helper.0
+++ b/ssh-rand-helper.0
@@ -48,4 +48,4 @@ AUTHORS
48SEE ALSO 48SEE ALSO
49 ssh(1), ssh-add(1), ssh-keygen(1), sshd(8) 49 ssh(1), ssh-add(1), ssh-keygen(1), sshd(8)
50 50
51OpenBSD 4.4 April 14, 2002 1 51OpenBSD 4.5 April 14, 2002 1
diff --git a/ssh.0 b/ssh.0
index 21e5ac9a3..1788bf9cc 100644
--- a/ssh.0
+++ b/ssh.0
@@ -4,7 +4,7 @@ NAME
4 ssh - OpenSSH SSH client (remote login program) 4 ssh - OpenSSH SSH client (remote login program)
5 5
6SYNOPSIS 6SYNOPSIS
7 ssh [-1246AaCfgKkMNnqsTtVvXxY] [-b bind_address] [-c cipher_spec] 7 ssh [-1246AaCfgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]
8 [-D [bind_address:]port] [-e escape_char] [-F configfile] 8 [-D [bind_address:]port] [-e escape_char] [-F configfile]
9 [-i identity_file] [-L [bind_address:]port:host:hostport] 9 [-i identity_file] [-L [bind_address:]port:host:hostport]
10 [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port] 10 [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]
@@ -304,12 +304,15 @@ DESCRIPTION
304 [bind_address/]host/port/hostport. 304 [bind_address/]host/port/hostport.
305 305
306 By default, the listening socket on the server will be bound to 306 By default, the listening socket on the server will be bound to
307 the loopback interface only. This may be overriden by specifying 307 the loopback interface only. This may be overridden by specify-
308 a bind_address. An empty bind_address, or the address `*', indi- 308 ing a bind_address. An empty bind_address, or the address `*',
309 cates that the remote socket should listen on all interfaces. 309 indicates that the remote socket should listen on all interfaces.
310 Specifying a remote bind_address will only succeed if the serv- 310 Specifying a remote bind_address will only succeed if the serv-
311 er's GatewayPorts option is enabled (see sshd_config(5)). 311 er's GatewayPorts option is enabled (see sshd_config(5)).
312 312
313 If the port argument is `0', the listen port will be dynamically
314 allocated on the server and reported to the client at run time.
315
313 -S ctl_path 316 -S ctl_path
314 Specifies the location of a control socket for connection shar- 317 Specifies the location of a control socket for connection shar-
315 ing. Refer to the description of ControlPath and ControlMaster 318 ing. Refer to the description of ControlPath and ControlMaster
@@ -365,6 +368,9 @@ DESCRIPTION
365 -Y Enables trusted X11 forwarding. Trusted X11 forwardings are not 368 -Y Enables trusted X11 forwarding. Trusted X11 forwardings are not
366 subjected to the X11 SECURITY extension controls. 369 subjected to the X11 SECURITY extension controls.
367 370
371 -y Send log information using the syslog(3) system module. By de-
372 fault this information is sent to stderr.
373
368 ssh may additionally obtain configuration data from a per-user configura- 374 ssh may additionally obtain configuration data from a per-user configura-
369 tion file and a system-wide configuration file. The file format and con- 375 tion file and a system-wide configuration file. The file format and con-
370 figuration options are described in ssh_config(5). 376 figuration options are described in ssh_config(5).
@@ -500,8 +506,8 @@ ESCAPE CHARACTERS
500 version 2 and if the peer supports it). 506 version 2 and if the peer supports it).
501 507
502 ~C Open command line. Currently this allows the addition of port 508 ~C Open command line. Currently this allows the addition of port
503 forwardings using the -L and -R options (see above). It also al- 509 forwardings using the -L, -R and -D options (see above). It also
504 lows the cancellation of existing remote port-forwardings using 510 allows the cancellation of existing remote port-forwardings using
505 -KR[bind_address:]port. !command allows the user to execute a 511 -KR[bind_address:]port. !command allows the user to execute a
506 local command if the PermitLocalCommand option is enabled in 512 local command if the PermitLocalCommand option is enabled in
507 ssh_config(5). Basic help is available, using the -h option. 513 ssh_config(5). Basic help is available, using the -h option.
@@ -864,4 +870,4 @@ AUTHORS
864 created OpenSSH. Markus Friedl contributed the support for SSH protocol 870 created OpenSSH. Markus Friedl contributed the support for SSH protocol
865 versions 1.5 and 2.0. 871 versions 1.5 and 2.0.
866 872
867OpenBSD 4.4 July 2, 2008 14 873OpenBSD 4.5 February 12, 2009 14
diff --git a/ssh.1 b/ssh.1
index 1229201da..d77f19b9d 100644
--- a/ssh.1
+++ b/ssh.1
@@ -34,8 +34,8 @@
34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36.\" 36.\"
37.\" $OpenBSD: ssh.1,v 1.277 2008/07/02 13:47:39 djm Exp $ 37.\" $OpenBSD: ssh.1,v 1.282 2009/02/12 03:44:25 djm Exp $
38.Dd $Mdocdate: July 2 2008 $ 38.Dd $Mdocdate: February 12 2009 $
39.Dt SSH 1 39.Dt SSH 1
40.Os 40.Os
41.Sh NAME 41.Sh NAME
@@ -43,7 +43,7 @@
43.Nd OpenSSH SSH client (remote login program) 43.Nd OpenSSH SSH client (remote login program)
44.Sh SYNOPSIS 44.Sh SYNOPSIS
45.Nm ssh 45.Nm ssh
46.Op Fl 1246AaCfgKkMNnqsTtVvXxY 46.Op Fl 1246AaCfgKkMNnqsTtVvXxYy
47.Op Fl b Ar bind_address 47.Op Fl b Ar bind_address
48.Op Fl c Ar cipher_spec 48.Op Fl c Ar cipher_spec
49.Oo Fl D\ \& 49.Oo Fl D\ \&
@@ -568,6 +568,13 @@ will only succeed if the server's
568.Cm GatewayPorts 568.Cm GatewayPorts
569option is enabled (see 569option is enabled (see
570.Xr sshd_config 5 ) . 570.Xr sshd_config 5 ) .
571.Pp
572If the
573.Ar port
574argument is
575.Ql 0 ,
576the listen port will be dynamically allocated on the server and reported
577to the client at run time.
571.It Fl S Ar ctl_path 578.It Fl S Ar ctl_path
572Specifies the location of a control socket for connection sharing, 579Specifies the location of a control socket for connection sharing,
573or the string 580or the string
@@ -666,6 +673,11 @@ Disables X11 forwarding.
666Enables trusted X11 forwarding. 673Enables trusted X11 forwarding.
667Trusted X11 forwardings are not subjected to the X11 SECURITY extension 674Trusted X11 forwardings are not subjected to the X11 SECURITY extension
668controls. 675controls.
676.It Fl y
677Send log information using the
678.Xr syslog 3
679system module.
680By default this information is sent to stderr.
669.El 681.El
670.Pp 682.Pp
671.Nm 683.Nm
@@ -901,9 +913,10 @@ Send a BREAK to the remote system
901.It Cm ~C 913.It Cm ~C
902Open command line. 914Open command line.
903Currently this allows the addition of port forwardings using the 915Currently this allows the addition of port forwardings using the
904.Fl L 916.Fl L ,
905and
906.Fl R 917.Fl R
918and
919.Fl D
907options (see above). 920options (see above).
908It also allows the cancellation of existing remote port-forwardings 921It also allows the cancellation of existing remote port-forwardings
909using 922using
diff --git a/ssh.c b/ssh.c
index 2b55e6397..9e1a4b797 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh.c,v 1.318 2008/07/02 13:47:39 djm Exp $ */ 1/* $OpenBSD: ssh.c,v 1.324 2009/02/12 03:00:56 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -179,7 +179,7 @@ static void
179usage(void) 179usage(void)
180{ 180{
181 fprintf(stderr, 181 fprintf(stderr,
182"usage: ssh [-1246AaCfgKkMNnqsTtVvXxY] [-b bind_address] [-c cipher_spec]\n" 182"usage: ssh [-1246AaCfgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]\n"
183" [-D [bind_address:]port] [-e escape_char] [-F configfile]\n" 183" [-D [bind_address:]port] [-e escape_char] [-F configfile]\n"
184" [-i identity_file] [-L [bind_address:]port:host:hostport]\n" 184" [-i identity_file] [-L [bind_address:]port:host:hostport]\n"
185" [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]\n" 185" [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]\n"
@@ -203,7 +203,7 @@ void muxserver_listen(void);
203int 203int
204main(int ac, char **av) 204main(int ac, char **av)
205{ 205{
206 int i, opt, exit_status; 206 int i, opt, exit_status, use_syslog;
207 char *p, *cp, *line, buf[256]; 207 char *p, *cp, *line, buf[256];
208 struct stat st; 208 struct stat st;
209 struct passwd *pw; 209 struct passwd *pw;
@@ -269,10 +269,11 @@ main(int ac, char **av)
269 269
270 /* Parse command-line arguments. */ 270 /* Parse command-line arguments. */
271 host = NULL; 271 host = NULL;
272 use_syslog = 0;
272 273
273 again: 274 again:
274 while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx" 275 while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx"
275 "ACD:F:I:KL:MNO:PR:S:TVw:XY")) != -1) { 276 "ACD:F:I:KL:MNO:PR:S:TVw:XYy")) != -1) {
276 switch (opt) { 277 switch (opt) {
277 case '1': 278 case '1':
278 options.protocol = SSH_PROTO_1; 279 options.protocol = SSH_PROTO_1;
@@ -299,6 +300,9 @@ main(int ac, char **av)
299 case 'X': 300 case 'X':
300 options.forward_x11 = 1; 301 options.forward_x11 = 1;
301 break; 302 break;
303 case 'y':
304 use_syslog = 1;
305 break;
302 case 'Y': 306 case 'Y':
303 options.forward_x11 = 1; 307 options.forward_x11 = 1;
304 options.forward_x11_trusted = 1; 308 options.forward_x11_trusted = 1;
@@ -444,7 +448,7 @@ main(int ac, char **av)
444 break; 448 break;
445 case 'p': 449 case 'p':
446 options.port = a2port(optarg); 450 options.port = a2port(optarg);
447 if (options.port == 0) { 451 if (options.port <= 0) {
448 fprintf(stderr, "Bad port '%s'\n", optarg); 452 fprintf(stderr, "Bad port '%s'\n", optarg);
449 exit(255); 453 exit(255);
450 } 454 }
@@ -454,7 +458,7 @@ main(int ac, char **av)
454 break; 458 break;
455 459
456 case 'L': 460 case 'L':
457 if (parse_forward(&fwd, optarg)) 461 if (parse_forward(&fwd, optarg, 0, 0))
458 add_local_forward(&options, &fwd); 462 add_local_forward(&options, &fwd);
459 else { 463 else {
460 fprintf(stderr, 464 fprintf(stderr,
@@ -465,7 +469,7 @@ main(int ac, char **av)
465 break; 469 break;
466 470
467 case 'R': 471 case 'R':
468 if (parse_forward(&fwd, optarg)) { 472 if (parse_forward(&fwd, optarg, 0, 1)) {
469 add_remote_forward(&options, &fwd); 473 add_remote_forward(&options, &fwd);
470 } else { 474 } else {
471 fprintf(stderr, 475 fprintf(stderr,
@@ -476,30 +480,14 @@ main(int ac, char **av)
476 break; 480 break;
477 481
478 case 'D': 482 case 'D':
479 cp = p = xstrdup(optarg); 483 if (parse_forward(&fwd, optarg, 1, 0)) {
480 memset(&fwd, '\0', sizeof(fwd)); 484 add_local_forward(&options, &fwd);
481 fwd.connect_host = "socks";
482 if ((fwd.listen_host = hpdelim(&cp)) == NULL) {
483 fprintf(stderr, "Bad dynamic forwarding "
484 "specification '%.100s'\n", optarg);
485 exit(255);
486 }
487 if (cp != NULL) {
488 fwd.listen_port = a2port(cp);
489 fwd.listen_host =
490 cleanhostname(fwd.listen_host);
491 } else { 485 } else {
492 fwd.listen_port = a2port(fwd.listen_host); 486 fprintf(stderr,
493 fwd.listen_host = NULL; 487 "Bad dynamic forwarding specification "
494 } 488 "'%s'\n", optarg);
495
496 if (fwd.listen_port == 0) {
497 fprintf(stderr, "Bad dynamic port '%s'\n",
498 optarg);
499 exit(255); 489 exit(255);
500 } 490 }
501 add_local_forward(&options, &fwd);
502 xfree(p);
503 break; 491 break;
504 492
505 case 'C': 493 case 'C':
@@ -619,7 +607,7 @@ main(int ac, char **av)
619 */ 607 */
620 log_init(av[0], 608 log_init(av[0],
621 options.log_level == -1 ? SYSLOG_LEVEL_INFO : options.log_level, 609 options.log_level == -1 ? SYSLOG_LEVEL_INFO : options.log_level,
622 SYSLOG_FACILITY_USER, 1); 610 SYSLOG_FACILITY_USER, !use_syslog);
623 611
624 /* 612 /*
625 * Read per-user configuration file. Ignore the system wide config 613 * Read per-user configuration file. Ignore the system wide config
@@ -645,7 +633,7 @@ main(int ac, char **av)
645 channel_set_af(options.address_family); 633 channel_set_af(options.address_family);
646 634
647 /* reinit */ 635 /* reinit */
648 log_init(av[0], options.log_level, SYSLOG_FACILITY_USER, 1); 636 log_init(av[0], options.log_level, SYSLOG_FACILITY_USER, !use_syslog);
649 637
650 seed_rng(); 638 seed_rng();
651 639
@@ -854,9 +842,16 @@ ssh_confirm_remote_forward(int type, u_int32_t seq, void *ctxt)
854{ 842{
855 Forward *rfwd = (Forward *)ctxt; 843 Forward *rfwd = (Forward *)ctxt;
856 844
845 /* XXX verbose() on failure? */
857 debug("remote forward %s for: listen %d, connect %s:%d", 846 debug("remote forward %s for: listen %d, connect %s:%d",
858 type == SSH2_MSG_REQUEST_SUCCESS ? "success" : "failure", 847 type == SSH2_MSG_REQUEST_SUCCESS ? "success" : "failure",
859 rfwd->listen_port, rfwd->connect_host, rfwd->connect_port); 848 rfwd->listen_port, rfwd->connect_host, rfwd->connect_port);
849 if (type == SSH2_MSG_REQUEST_SUCCESS && rfwd->listen_port == 0) {
850 logit("Allocated port %u for remote forward to %s:%d",
851 packet_get_int(),
852 rfwd->connect_host, rfwd->connect_port);
853 }
854
860 if (type == SSH2_MSG_REQUEST_FAILURE) { 855 if (type == SSH2_MSG_REQUEST_FAILURE) {
861 if (options.exit_on_forward_failure) 856 if (options.exit_on_forward_failure)
862 fatal("Error: remote port forwarding failed for " 857 fatal("Error: remote port forwarding failed for "
diff --git a/ssh2.h b/ssh2.h
index cf56bc4ee..1c33dc268 100644
--- a/ssh2.h
+++ b/ssh2.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh2.h,v 1.10 2006/03/25 22:22:43 djm Exp $ */ 1/* $OpenBSD: ssh2.h,v 1.11 2008/11/04 08:22:13 djm Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2000 Markus Friedl. All rights reserved. 4 * Copyright (c) 2000 Markus Friedl. All rights reserved.
@@ -111,6 +111,12 @@
111#define SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ 60 111#define SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ 60
112#define SSH2_MSG_USERAUTH_INFO_REQUEST 60 112#define SSH2_MSG_USERAUTH_INFO_REQUEST 60
113#define SSH2_MSG_USERAUTH_INFO_RESPONSE 61 113#define SSH2_MSG_USERAUTH_INFO_RESPONSE 61
114#define SSH2_MSG_USERAUTH_JPAKE_CLIENT_STEP1 60
115#define SSH2_MSG_USERAUTH_JPAKE_SERVER_STEP1 61
116#define SSH2_MSG_USERAUTH_JPAKE_CLIENT_STEP2 62
117#define SSH2_MSG_USERAUTH_JPAKE_SERVER_STEP2 63
118#define SSH2_MSG_USERAUTH_JPAKE_CLIENT_CONFIRM 64
119#define SSH2_MSG_USERAUTH_JPAKE_SERVER_CONFIRM 65
114 120
115/* connection protocol: generic */ 121/* connection protocol: generic */
116 122
@@ -159,3 +165,4 @@
159#define SSH2_OPEN_RESOURCE_SHORTAGE 4 165#define SSH2_OPEN_RESOURCE_SHORTAGE 4
160 166
161#define SSH2_EXTENDED_DATA_STDERR 1 167#define SSH2_EXTENDED_DATA_STDERR 1
168
diff --git a/ssh_config b/ssh_config
index 122f6331e..b8c420c23 100644
--- a/ssh_config
+++ b/ssh_config
@@ -1,4 +1,4 @@
1# $OpenBSD: ssh_config,v 1.23 2007/06/08 04:40:40 pvalchev Exp $ 1# $OpenBSD: ssh_config,v 1.25 2009/02/17 01:28:32 djm Exp $
2 2
3# This is the ssh client system-wide configuration file. See 3# This is the ssh client system-wide configuration file. See
4# ssh_config(5) for more information. This file provides defaults for 4# ssh_config(5) for more information. This file provides defaults for
@@ -40,12 +40,13 @@ Host *
40# Port 22 40# Port 22
41# Protocol 2,1 41# Protocol 2,1
42# Cipher 3des 42# Cipher 3des
43# Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc 43# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
44# MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160 44# MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
45# EscapeChar ~ 45# EscapeChar ~
46# Tunnel no 46# Tunnel no
47# TunnelDevice any:any 47# TunnelDevice any:any
48# PermitLocalCommand no 48# PermitLocalCommand no
49# VisualHostKey no
49 SendEnv LANG LC_* 50 SendEnv LANG LC_*
50 HashKnownHosts yes 51 HashKnownHosts yes
51 GSSAPIAuthentication yes 52 GSSAPIAuthentication yes
diff --git a/ssh_config.0 b/ssh_config.0
index e2e645854..e5ded8e31 100644
--- a/ssh_config.0
+++ b/ssh_config.0
@@ -41,7 +41,7 @@ DESCRIPTION
41 Host Restricts the following declarations (up to the next Host key- 41 Host Restricts the following declarations (up to the next Host key-
42 word) to be only for those hosts that match one of the patterns 42 word) to be only for those hosts that match one of the patterns
43 given after the keyword. If more than one pattern is provided, 43 given after the keyword. If more than one pattern is provided,
44 they should be separated by whitepsace. A single `*' as a pat- 44 they should be separated by whitespace. A single `*' as a pat-
45 tern can be used to provide global defaults for all hosts. The 45 tern can be used to provide global defaults for all hosts. The
46 host is the hostname argument given on the command line (i.e. the 46 host is the hostname argument given on the command line (i.e. the
47 name is not converted to a canonicalized host name before match- 47 name is not converted to a canonicalized host name before match-
@@ -93,9 +93,9 @@ DESCRIPTION
93 ``arcfour128'', ``arcfour256'', ``arcfour'', ``blowfish-cbc'', 93 ``arcfour128'', ``arcfour256'', ``arcfour'', ``blowfish-cbc'',
94 and ``cast128-cbc''. The default is: 94 and ``cast128-cbc''. The default is:
95 95
96 aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128, 96 aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,
97 arcfour256,arcfour,aes192-cbc,aes256-cbc,aes128-ctr, 97 aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,
98 aes192-ctr,aes256-ctr 98 aes256-cbc,arcfour
99 99
100 ClearAllForwardings 100 ClearAllForwardings
101 Specifies that all local, remote, and dynamic port forwardings 101 Specifies that all local, remote, and dynamic port forwardings
@@ -463,8 +463,11 @@ DESCRIPTION
463 specified by enclosing addresses in square brackets or by using 463 specified by enclosing addresses in square brackets or by using
464 an alternative syntax: [bind_address/]port and host/hostport. 464 an alternative syntax: [bind_address/]port and host/hostport.
465 Multiple forwardings may be specified, and additional forwardings 465 Multiple forwardings may be specified, and additional forwardings
466 can be given on the command line. Only the superuser can forward 466 can be given on the command line. Privileged ports can be for-
467 privileged ports. 467 warded only when logging in as root on the remote machine.
468
469 If the port argument is `0', the listen port will be dynamically
470 allocated on the server and reported to the client at run time.
468 471
469 If the bind_address is not specified, the default is to only bind 472 If the bind_address is not specified, the default is to only bind
470 to loopback addresses. If the bind_address is `*' or an empty 473 to loopback addresses. If the bind_address is `*' or an empty
@@ -609,9 +612,11 @@ DESCRIPTION
609 612
610 VisualHostKey 613 VisualHostKey
611 If this flag is set to ``yes'', an ASCII art representation of 614 If this flag is set to ``yes'', an ASCII art representation of
612 the remote host key fingerprint is printed additionally to the 615 the remote host key fingerprint is printed in addition to the hex
613 hex fingerprint string. If this flag is set to ``no'', only the 616 fingerprint string at login and for unknown host keys. If this
614 hex fingerprint string will be printed. The default is ``no''. 617 flag is set to ``no'', no fingerprint strings are printed at lo-
618 gin and only the hex fingerprint string will be printed for un-
619 known host keys. The default is ``no''.
615 620
616 XAuthLocation 621 XAuthLocation
617 Specifies the full pathname of the xauth(1) program. The default 622 Specifies the full pathname of the xauth(1) program. The default
@@ -662,4 +667,4 @@ AUTHORS
662 ated OpenSSH. Markus Friedl contributed the support for SSH protocol 667 ated OpenSSH. Markus Friedl contributed the support for SSH protocol
663 versions 1.5 and 2.0. 668 versions 1.5 and 2.0.
664 669
665OpenBSD 4.4 June 26, 2008 11 670OpenBSD 4.5 February 22, 2009 11
diff --git a/ssh_config.5 b/ssh_config.5
index 1b8b8da5d..76e451079 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -34,8 +34,8 @@
34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36.\" 36.\"
37.\" $OpenBSD: ssh_config.5,v 1.111 2008/06/26 11:46:31 grunk Exp $ 37.\" $OpenBSD: ssh_config.5,v 1.119 2009/02/22 23:50:57 djm Exp $
38.Dd $Mdocdate: June 26 2008 $ 38.Dd $Mdocdate: February 22 2009 $
39.Dt SSH_CONFIG 5 39.Dt SSH_CONFIG 5
40.Os 40.Os
41.Sh NAME 41.Sh NAME
@@ -119,7 +119,7 @@ Restricts the following declarations (up to the next
119.Cm Host 119.Cm Host
120keyword) to be only for those hosts that match one of the patterns 120keyword) to be only for those hosts that match one of the patterns
121given after the keyword. 121given after the keyword.
122If more than one pattern is provided, they should be separated by whitepsace. 122If more than one pattern is provided, they should be separated by whitespace.
123A single 123A single
124.Ql * 124.Ql *
125as a pattern can be used to provide global 125as a pattern can be used to provide global
@@ -224,9 +224,9 @@ and
224.Dq cast128-cbc . 224.Dq cast128-cbc .
225The default is: 225The default is:
226.Bd -literal -offset 3n 226.Bd -literal -offset 3n
227aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128, 227aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,
228arcfour256,arcfour,aes192-cbc,aes256-cbc,aes128-ctr, 228aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,
229aes192-ctr,aes256-ctr 229aes256-cbc,arcfour
230.Ed 230.Ed
231.It Cm ClearAllForwardings 231.It Cm ClearAllForwardings
232Specifies that all local, remote, and dynamic port forwardings 232Specifies that all local, remote, and dynamic port forwardings
@@ -505,18 +505,28 @@ GSSAPI key exchange the server need not have a host key.
505The default is 505The default is
506.Dq no . 506.Dq no .
507Note that this option applies to protocol version 2 only. 507Note that this option applies to protocol version 2 only.
508.It Cm GSSAPIClientIdentity
509If set, specifies the GSSAPI client identity that ssh should use when
510connecting to the server. The default is unset, which means that the default
511identity will be used.
508.It Cm GSSAPIDelegateCredentials 512.It Cm GSSAPIDelegateCredentials
509Forward (delegate) credentials to the server. 513Forward (delegate) credentials to the server.
510The default is 514The default is
511.Dq no . 515.Dq no .
512Note that this option applies to protocol version 2 only. 516Note that this option applies to protocol version 2 connections using GSSAPI.
517.It Cm GSSAPIRenewalForcesRekey
518If set to
519.Dq yes
520then renewal of the client's GSSAPI credentials will force the rekeying of the
521ssh connection. With a compatible server, this can delegate the renewed
522credentials to a session on the server.
523The default is
524.Dq no .
513.It Cm GSSAPITrustDns 525.It Cm GSSAPITrustDns
514Set to 526Set to
515.Dq yes 527.Dq yes to indicate that the DNS is trusted to securely canonicalize
516to indicate that the DNS is trusted to securely canonicalize
517the name of the host being connected to. If 528the name of the host being connected to. If
518.Dq no , 529.Dq no, the hostname entered on the
519the hostname entered on the
520command line will be passed untouched to the GSSAPI library. 530command line will be passed untouched to the GSSAPI library.
521The default is 531The default is
522.Dq no . 532.Dq no .
@@ -852,7 +862,15 @@ and
852.Ar host Ns / Ns Ar hostport . 862.Ar host Ns / Ns Ar hostport .
853Multiple forwardings may be specified, and additional 863Multiple forwardings may be specified, and additional
854forwardings can be given on the command line. 864forwardings can be given on the command line.
855Only the superuser can forward privileged ports. 865Privileged ports can be forwarded only when
866logging in as root on the remote machine.
867.Pp
868If the
869.Ar port
870argument is
871.Ql 0 ,
872the listen port will be dynamically allocated on the server and reported
873to the client at run time.
856.Pp 874.Pp
857If the 875If the
858.Ar bind_address 876.Ar bind_address
@@ -1138,10 +1156,12 @@ in
1138If this flag is set to 1156If this flag is set to
1139.Dq yes , 1157.Dq yes ,
1140an ASCII art representation of the remote host key fingerprint is 1158an ASCII art representation of the remote host key fingerprint is
1141printed additionally to the hex fingerprint string. 1159printed in addition to the hex fingerprint string at login and
1160for unknown host keys.
1142If this flag is set to 1161If this flag is set to
1143.Dq no , 1162.Dq no ,
1144only the hex fingerprint string will be printed. 1163no fingerprint strings are printed at login and
1164only the hex fingerprint string will be printed for unknown host keys.
1145The default is 1165The default is
1146.Dq no . 1166.Dq no .
1147.It Cm XAuthLocation 1167.It Cm XAuthLocation
diff --git a/sshconnect.c b/sshconnect.c
index 0e3001201..e7354486b 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshconnect.c,v 1.211 2008/07/01 07:24:22 dtucker Exp $ */ 1/* $OpenBSD: sshconnect.c,v 1.212 2008/10/14 18:11:33 stevesk Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -70,10 +70,6 @@ extern uid_t original_real_uid;
70extern uid_t original_effective_uid; 70extern uid_t original_effective_uid;
71extern pid_t proxy_command_pid; 71extern pid_t proxy_command_pid;
72 72
73#ifndef INET6_ADDRSTRLEN /* for non IPv6 machines */
74#define INET6_ADDRSTRLEN 46
75#endif
76
77static int show_other_keys(const char *, Key *); 73static int show_other_keys(const char *, Key *);
78static void warn_changed_key(Key *); 74static void warn_changed_key(Key *);
79 75
@@ -741,8 +737,8 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
741 if (options.host_key_alias == NULL && port != 0 && 737 if (options.host_key_alias == NULL && port != 0 &&
742 port != SSH_DEFAULT_PORT) { 738 port != SSH_DEFAULT_PORT) {
743 debug("checking without port identifier"); 739 debug("checking without port identifier");
744 if (check_host_key(hostname, hostaddr, 0, host_key, 2, 740 if (check_host_key(hostname, hostaddr, 0, host_key,
745 user_hostfile, system_hostfile) == 0) { 741 ROQUIET, user_hostfile, system_hostfile) == 0) {
746 debug("found matching key w/out port"); 742 debug("found matching key w/out port");
747 break; 743 break;
748 } 744 }
diff --git a/sshconnect2.c b/sshconnect2.c
index 185e7b204..bb72db5dd 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1,6 +1,7 @@
1/* $OpenBSD: sshconnect2.c,v 1.166 2008/07/17 08:48:00 djm Exp $ */ 1/* $OpenBSD: sshconnect2.c,v 1.170 2008/11/04 08:22:13 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * Copyright (c) 2008 Damien Miller. All rights reserved.
4 * 5 *
5 * Redistribution and use in source and binary forms, with or without 6 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions 7 * modification, are permitted provided that the following conditions
@@ -67,6 +68,7 @@
67#include "msg.h" 68#include "msg.h"
68#include "pathnames.h" 69#include "pathnames.h"
69#include "uidswap.h" 70#include "uidswap.h"
71#include "jpake.h"
70 72
71#ifdef GSSAPI 73#ifdef GSSAPI
72#include "ssh-gss.h" 74#include "ssh-gss.h"
@@ -121,7 +123,7 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
121 else 123 else
122 gss_host = host; 124 gss_host = host;
123 125
124 gss = ssh_gssapi_client_mechanisms(gss_host); 126 gss = ssh_gssapi_client_mechanisms(gss_host, options.gss_client_identity);
125 if (gss) { 127 if (gss) {
126 debug("Offering GSSAPI proposal: %s", gss); 128 debug("Offering GSSAPI proposal: %s", gss);
127 xasprintf(&myproposal[PROPOSAL_KEX_ALGS], 129 xasprintf(&myproposal[PROPOSAL_KEX_ALGS],
@@ -164,6 +166,7 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
164 orig = myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS]; 166 orig = myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS];
165 xasprintf(&myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS], 167 xasprintf(&myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS],
166 "%s,null", orig); 168 "%s,null", orig);
169 xfree(gss);
167 } 170 }
168#endif 171#endif
169 172
@@ -177,18 +180,23 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
177 kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; 180 kex->kex[KEX_DH_GEX_SHA1] = kexgex_client;
178 kex->kex[KEX_DH_GEX_SHA256] = kexgex_client; 181 kex->kex[KEX_DH_GEX_SHA256] = kexgex_client;
179#ifdef GSSAPI 182#ifdef GSSAPI
180 kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_client; 183 if (options.gss_keyex) {
181 kex->kex[KEX_GSS_GRP14_SHA1] = kexgss_client; 184 kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_client;
182 kex->kex[KEX_GSS_GEX_SHA1] = kexgss_client; 185 kex->kex[KEX_GSS_GRP14_SHA1] = kexgss_client;
186 kex->kex[KEX_GSS_GEX_SHA1] = kexgss_client;
187 }
183#endif 188#endif
184 kex->client_version_string=client_version_string; 189 kex->client_version_string=client_version_string;
185 kex->server_version_string=server_version_string; 190 kex->server_version_string=server_version_string;
186 kex->verify_host_key=&verify_host_key_callback; 191 kex->verify_host_key=&verify_host_key_callback;
187 192
188#ifdef GSSAPI 193#ifdef GSSAPI
189 kex->gss_deleg_creds = options.gss_deleg_creds; 194 if (options.gss_keyex) {
190 kex->gss_trust_dns = options.gss_trust_dns; 195 kex->gss_deleg_creds = options.gss_deleg_creds;
191 kex->gss_host = gss_host; 196 kex->gss_trust_dns = options.gss_trust_dns;
197 kex->gss_client = options.gss_client_identity;
198 kex->gss_host = gss_host;
199 }
192#endif 200#endif
193 201
194 xxx_kex = kex; 202 xxx_kex = kex;
@@ -247,6 +255,7 @@ struct Authctxt {
247struct Authmethod { 255struct Authmethod {
248 char *name; /* string to compare against server's list */ 256 char *name; /* string to compare against server's list */
249 int (*userauth)(Authctxt *authctxt); 257 int (*userauth)(Authctxt *authctxt);
258 void (*cleanup)(Authctxt *authctxt);
250 int *enabled; /* flag in option struct that enables method */ 259 int *enabled; /* flag in option struct that enables method */
251 int *batch_flag; /* flag in option struct that disables method */ 260 int *batch_flag; /* flag in option struct that disables method */
252}; 261};
@@ -258,13 +267,18 @@ void input_userauth_error(int, u_int32_t, void *);
258void input_userauth_info_req(int, u_int32_t, void *); 267void input_userauth_info_req(int, u_int32_t, void *);
259void input_userauth_pk_ok(int, u_int32_t, void *); 268void input_userauth_pk_ok(int, u_int32_t, void *);
260void input_userauth_passwd_changereq(int, u_int32_t, void *); 269void input_userauth_passwd_changereq(int, u_int32_t, void *);
270void input_userauth_jpake_server_step1(int, u_int32_t, void *);
271void input_userauth_jpake_server_step2(int, u_int32_t, void *);
272void input_userauth_jpake_server_confirm(int, u_int32_t, void *);
261 273
262int userauth_none(Authctxt *); 274int userauth_none(Authctxt *);
263int userauth_pubkey(Authctxt *); 275int userauth_pubkey(Authctxt *);
264int userauth_passwd(Authctxt *); 276int userauth_passwd(Authctxt *);
265int userauth_kbdint(Authctxt *); 277int userauth_kbdint(Authctxt *);
266int userauth_hostbased(Authctxt *); 278int userauth_hostbased(Authctxt *);
267int userauth_kerberos(Authctxt *); 279int userauth_jpake(Authctxt *);
280
281void userauth_jpake_cleanup(Authctxt *);
268 282
269#ifdef GSSAPI 283#ifdef GSSAPI
270int userauth_gssapi(Authctxt *authctxt); 284int userauth_gssapi(Authctxt *authctxt);
@@ -295,6 +309,7 @@ Authmethod authmethods[] = {
295 NULL}, 309 NULL},
296 {"gssapi-with-mic", 310 {"gssapi-with-mic",
297 userauth_gssapi, 311 userauth_gssapi,
312 NULL,
298 &options.gss_authentication, 313 &options.gss_authentication,
299 NULL}, 314 NULL},
300 {"gssapi", 315 {"gssapi",
@@ -304,25 +319,37 @@ Authmethod authmethods[] = {
304#endif 319#endif
305 {"hostbased", 320 {"hostbased",
306 userauth_hostbased, 321 userauth_hostbased,
322 NULL,
307 &options.hostbased_authentication, 323 &options.hostbased_authentication,
308 NULL}, 324 NULL},
309 {"publickey", 325 {"publickey",
310 userauth_pubkey, 326 userauth_pubkey,
327 NULL,
311 &options.pubkey_authentication, 328 &options.pubkey_authentication,
312 NULL}, 329 NULL},
330#ifdef JPAKE
331 {"jpake-01@openssh.com",
332 userauth_jpake,
333 userauth_jpake_cleanup,
334 &options.zero_knowledge_password_authentication,
335 &options.batch_mode},
336#endif
313 {"keyboard-interactive", 337 {"keyboard-interactive",
314 userauth_kbdint, 338 userauth_kbdint,
339 NULL,
315 &options.kbd_interactive_authentication, 340 &options.kbd_interactive_authentication,
316 &options.batch_mode}, 341 &options.batch_mode},
317 {"password", 342 {"password",
318 userauth_passwd, 343 userauth_passwd,
344 NULL,
319 &options.password_authentication, 345 &options.password_authentication,
320 &options.batch_mode}, 346 &options.batch_mode},
321 {"none", 347 {"none",
322 userauth_none, 348 userauth_none,
323 NULL, 349 NULL,
350 NULL,
324 NULL}, 351 NULL},
325 {NULL, NULL, NULL, NULL} 352 {NULL, NULL, NULL, NULL, NULL}
326}; 353};
327 354
328void 355void
@@ -390,6 +417,9 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host,
390void 417void
391userauth(Authctxt *authctxt, char *authlist) 418userauth(Authctxt *authctxt, char *authlist)
392{ 419{
420 if (authctxt->method != NULL && authctxt->method->cleanup != NULL)
421 authctxt->method->cleanup(authctxt);
422
393 if (authctxt->methoddata) { 423 if (authctxt->methoddata) {
394 xfree(authctxt->methoddata); 424 xfree(authctxt->methoddata);
395 authctxt->methoddata = NULL; 425 authctxt->methoddata = NULL;
@@ -422,6 +452,7 @@ userauth(Authctxt *authctxt, char *authlist)
422 } 452 }
423} 453}
424 454
455/* ARGSUSED */
425void 456void
426input_userauth_error(int type, u_int32_t seq, void *ctxt) 457input_userauth_error(int type, u_int32_t seq, void *ctxt)
427{ 458{
@@ -429,6 +460,7 @@ input_userauth_error(int type, u_int32_t seq, void *ctxt)
429 "type %d", type); 460 "type %d", type);
430} 461}
431 462
463/* ARGSUSED */
432void 464void
433input_userauth_banner(int type, u_int32_t seq, void *ctxt) 465input_userauth_banner(int type, u_int32_t seq, void *ctxt)
434{ 466{
@@ -438,12 +470,11 @@ input_userauth_banner(int type, u_int32_t seq, void *ctxt)
438 debug3("input_userauth_banner"); 470 debug3("input_userauth_banner");
439 raw = packet_get_string(&len); 471 raw = packet_get_string(&len);
440 lang = packet_get_string(NULL); 472 lang = packet_get_string(NULL);
441 if (options.log_level >= SYSLOG_LEVEL_INFO) { 473 if (len > 0 && options.log_level >= SYSLOG_LEVEL_INFO) {
442 if (len > 65536) 474 if (len > 65536)
443 len = 65536; 475 len = 65536;
444 msg = xmalloc(len * 4 + 1); /* max expansion from strnvis() */ 476 msg = xmalloc(len * 4 + 1); /* max expansion from strnvis() */
445 strnvis(msg, raw, len * 4 + 1, VIS_SAFE|VIS_OCTAL); 477 strnvis(msg, raw, len * 4 + 1, VIS_SAFE|VIS_OCTAL);
446 msg[len*4] = '\0';
447 fprintf(stderr, "%s", msg); 478 fprintf(stderr, "%s", msg);
448 xfree(msg); 479 xfree(msg);
449 } 480 }
@@ -451,6 +482,7 @@ input_userauth_banner(int type, u_int32_t seq, void *ctxt)
451 xfree(lang); 482 xfree(lang);
452} 483}
453 484
485/* ARGSUSED */
454void 486void
455input_userauth_success(int type, u_int32_t seq, void *ctxt) 487input_userauth_success(int type, u_int32_t seq, void *ctxt)
456{ 488{
@@ -468,6 +500,7 @@ input_userauth_success(int type, u_int32_t seq, void *ctxt)
468 authctxt->success = 1; /* break out */ 500 authctxt->success = 1; /* break out */
469} 501}
470 502
503/* ARGSUSED */
471void 504void
472input_userauth_failure(int type, u_int32_t seq, void *ctxt) 505input_userauth_failure(int type, u_int32_t seq, void *ctxt)
473{ 506{
@@ -488,6 +521,8 @@ input_userauth_failure(int type, u_int32_t seq, void *ctxt)
488 521
489 userauth(authctxt, authlist); 522 userauth(authctxt, authlist);
490} 523}
524
525/* ARGSUSED */
491void 526void
492input_userauth_pk_ok(int type, u_int32_t seq, void *ctxt) 527input_userauth_pk_ok(int type, u_int32_t seq, void *ctxt)
493{ 528{
@@ -567,26 +602,30 @@ userauth_gssapi(Authctxt *authctxt)
567 static u_int mech = 0; 602 static u_int mech = 0;
568 OM_uint32 min; 603 OM_uint32 min;
569 int ok = 0; 604 int ok = 0;
570 char *gss_host = NULL; 605 const char *gss_host;
571 int old_gssapi_method; 606 int old_gssapi_method;
572 607
573 if (options.gss_trust_dns) 608 if (options.gss_trust_dns)
574 gss_host = (char *)get_canonical_hostname(1); 609 gss_host = get_canonical_hostname(1);
575 else 610 else
576 gss_host = (char *)authctxt->host; 611 gss_host = authctxt->host;
577 612
578 /* Try one GSSAPI method at a time, rather than sending them all at 613 /* Try one GSSAPI method at a time, rather than sending them all at
579 * once. */ 614 * once. */
580 615
581 if (gss_supported == NULL) 616 if (gss_supported == NULL)
582 gss_indicate_mechs(&min, &gss_supported); 617 if (GSS_ERROR(gss_indicate_mechs(&min, &gss_supported))) {
618 gss_supported = NULL;
619 return 0;
620 }
583 621
584 /* Check to see if the mechanism is usable before we offer it */ 622 /* Check to see if the mechanism is usable before we offer it */
585 while (mech < gss_supported->count && !ok) { 623 while (mech < gss_supported->count && !ok) {
586 /* My DER encoding requires length<128 */ 624 /* My DER encoding requires length<128 */
587 if (gss_supported->elements[mech].length < 128 && 625 if (gss_supported->elements[mech].length < 128 &&
588 ssh_gssapi_check_mechanism(&gssctxt, 626 ssh_gssapi_check_mechanism(&gssctxt,
589 &gss_supported->elements[mech], gss_host)) { 627 &gss_supported->elements[mech], gss_host,
628 options.gss_client_identity)) {
590 ok = 1; /* Mechanism works */ 629 ok = 1; /* Mechanism works */
591 } else { 630 } else {
592 mech++; 631 mech++;
@@ -691,6 +730,7 @@ process_gssapi_token(void *ctxt, gss_buffer_t recv_tok)
691 return status; 730 return status;
692} 731}
693 732
733/* ARGSUSED */
694void 734void
695input_gssapi_response(int type, u_int32_t plen, void *ctxt) 735input_gssapi_response(int type, u_int32_t plen, void *ctxt)
696{ 736{
@@ -736,6 +776,7 @@ input_gssapi_response(int type, u_int32_t plen, void *ctxt)
736 } 776 }
737} 777}
738 778
779/* ARGSUSED */
739void 780void
740input_gssapi_token(int type, u_int32_t plen, void *ctxt) 781input_gssapi_token(int type, u_int32_t plen, void *ctxt)
741{ 782{
@@ -763,6 +804,7 @@ input_gssapi_token(int type, u_int32_t plen, void *ctxt)
763 } 804 }
764} 805}
765 806
807/* ARGSUSED */
766void 808void
767input_gssapi_errtok(int type, u_int32_t plen, void *ctxt) 809input_gssapi_errtok(int type, u_int32_t plen, void *ctxt)
768{ 810{
@@ -792,6 +834,7 @@ input_gssapi_errtok(int type, u_int32_t plen, void *ctxt)
792 /* Server will be returning a failed packet after this one */ 834 /* Server will be returning a failed packet after this one */
793} 835}
794 836
837/* ARGSUSED */
795void 838void
796input_gssapi_error(int type, u_int32_t plen, void *ctxt) 839input_gssapi_error(int type, u_int32_t plen, void *ctxt)
797{ 840{
@@ -898,9 +941,11 @@ userauth_passwd(Authctxt *authctxt)
898 941
899 return 1; 942 return 1;
900} 943}
944
901/* 945/*
902 * parse PASSWD_CHANGEREQ, prompt user and send SSH2_MSG_USERAUTH_REQUEST 946 * parse PASSWD_CHANGEREQ, prompt user and send SSH2_MSG_USERAUTH_REQUEST
903 */ 947 */
948/* ARGSUSED */
904void 949void
905input_userauth_passwd_changereq(int type, u_int32_t seqnr, void *ctxt) 950input_userauth_passwd_changereq(int type, u_int32_t seqnr, void *ctxt)
906{ 951{
@@ -965,6 +1010,209 @@ input_userauth_passwd_changereq(int type, u_int32_t seqnr, void *ctxt)
965 &input_userauth_passwd_changereq); 1010 &input_userauth_passwd_changereq);
966} 1011}
967 1012
1013#ifdef JPAKE
1014static char *
1015pw_encrypt(const char *password, const char *crypt_scheme, const char *salt)
1016{
1017 /* OpenBSD crypt(3) handles all of these */
1018 if (strcmp(crypt_scheme, "crypt") == 0 ||
1019 strcmp(crypt_scheme, "bcrypt") == 0 ||
1020 strcmp(crypt_scheme, "md5crypt") == 0 ||
1021 strcmp(crypt_scheme, "crypt-extended") == 0)
1022 return xstrdup(crypt(password, salt));
1023 error("%s: unsupported password encryption scheme \"%.100s\"",
1024 __func__, crypt_scheme);
1025 return NULL;
1026}
1027
1028static BIGNUM *
1029jpake_password_to_secret(Authctxt *authctxt, const char *crypt_scheme,
1030 const char *salt)
1031{
1032 char prompt[256], *password, *crypted;
1033 u_char *secret;
1034 u_int secret_len;
1035 BIGNUM *ret;
1036
1037 snprintf(prompt, sizeof(prompt), "%.30s@%.128s's password (JPAKE): ",
1038 authctxt->server_user, authctxt->host);
1039 password = read_passphrase(prompt, 0);
1040
1041 if ((crypted = pw_encrypt(password, crypt_scheme, salt)) == NULL) {
1042 logit("Disabling %s authentication", authctxt->method->name);
1043 authctxt->method->enabled = NULL;
1044 /* Continue with an empty password to fail gracefully */
1045 crypted = xstrdup("");
1046 }
1047
1048#ifdef JPAKE_DEBUG
1049 debug3("%s: salt = %s", __func__, salt);
1050 debug3("%s: scheme = %s", __func__, crypt_scheme);
1051 debug3("%s: crypted = %s", __func__, crypted);
1052#endif
1053
1054 if (hash_buffer(crypted, strlen(crypted), EVP_sha256(),
1055 &secret, &secret_len) != 0)
1056 fatal("%s: hash_buffer", __func__);
1057
1058 bzero(password, strlen(password));
1059 bzero(crypted, strlen(crypted));
1060 xfree(password);
1061 xfree(crypted);
1062
1063 if ((ret = BN_bin2bn(secret, secret_len, NULL)) == NULL)
1064 fatal("%s: BN_bin2bn (secret)", __func__);
1065 bzero(secret, secret_len);
1066 xfree(secret);
1067
1068 return ret;
1069}
1070
1071/* ARGSUSED */
1072void
1073input_userauth_jpake_server_step1(int type, u_int32_t seq, void *ctxt)
1074{
1075 Authctxt *authctxt = ctxt;
1076 struct jpake_ctx *pctx = authctxt->methoddata;
1077 u_char *x3_proof, *x4_proof, *x2_s_proof;
1078 u_int x3_proof_len, x4_proof_len, x2_s_proof_len;
1079 char *crypt_scheme, *salt;
1080
1081 /* Disable this message */
1082 dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_STEP1, NULL);
1083
1084 if ((pctx->g_x3 = BN_new()) == NULL ||
1085 (pctx->g_x4 = BN_new()) == NULL)
1086 fatal("%s: BN_new", __func__);
1087
1088 /* Fetch step 1 values */
1089 crypt_scheme = packet_get_string(NULL);
1090 salt = packet_get_string(NULL);
1091 pctx->server_id = packet_get_string(&pctx->server_id_len);
1092 packet_get_bignum2(pctx->g_x3);
1093 packet_get_bignum2(pctx->g_x4);
1094 x3_proof = packet_get_string(&x3_proof_len);
1095 x4_proof = packet_get_string(&x4_proof_len);
1096 packet_check_eom();
1097
1098 JPAKE_DEBUG_CTX((pctx, "step 1 received in %s", __func__));
1099
1100 /* Obtain password and derive secret */
1101 pctx->s = jpake_password_to_secret(authctxt, crypt_scheme, salt);
1102 bzero(crypt_scheme, strlen(crypt_scheme));
1103 bzero(salt, strlen(salt));
1104 xfree(crypt_scheme);
1105 xfree(salt);
1106 JPAKE_DEBUG_BN((pctx->s, "%s: s = ", __func__));
1107
1108 /* Calculate step 2 values */
1109 jpake_step2(pctx->grp, pctx->s, pctx->g_x1,
1110 pctx->g_x3, pctx->g_x4, pctx->x2,
1111 pctx->server_id, pctx->server_id_len,
1112 pctx->client_id, pctx->client_id_len,
1113 x3_proof, x3_proof_len,
1114 x4_proof, x4_proof_len,
1115 &pctx->a,
1116 &x2_s_proof, &x2_s_proof_len);
1117
1118 bzero(x3_proof, x3_proof_len);
1119 bzero(x4_proof, x4_proof_len);
1120 xfree(x3_proof);
1121 xfree(x4_proof);
1122
1123 JPAKE_DEBUG_CTX((pctx, "step 2 sending in %s", __func__));
1124
1125 /* Send values for step 2 */
1126 packet_start(SSH2_MSG_USERAUTH_JPAKE_CLIENT_STEP2);
1127 packet_put_bignum2(pctx->a);
1128 packet_put_string(x2_s_proof, x2_s_proof_len);
1129 packet_send();
1130
1131 bzero(x2_s_proof, x2_s_proof_len);
1132 xfree(x2_s_proof);
1133
1134 /* Expect step 2 packet from peer */
1135 dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_STEP2,
1136 input_userauth_jpake_server_step2);
1137}
1138
1139/* ARGSUSED */
1140void
1141input_userauth_jpake_server_step2(int type, u_int32_t seq, void *ctxt)
1142{
1143 Authctxt *authctxt = ctxt;
1144 struct jpake_ctx *pctx = authctxt->methoddata;
1145 u_char *x4_s_proof;
1146 u_int x4_s_proof_len;
1147
1148 /* Disable this message */
1149 dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_STEP2, NULL);
1150
1151 if ((pctx->b = BN_new()) == NULL)
1152 fatal("%s: BN_new", __func__);
1153
1154 /* Fetch step 2 values */
1155 packet_get_bignum2(pctx->b);
1156 x4_s_proof = packet_get_string(&x4_s_proof_len);
1157 packet_check_eom();
1158
1159 JPAKE_DEBUG_CTX((pctx, "step 2 received in %s", __func__));
1160
1161 /* Derive shared key and calculate confirmation hash */
1162 jpake_key_confirm(pctx->grp, pctx->s, pctx->b,
1163 pctx->x2, pctx->g_x1, pctx->g_x2, pctx->g_x3, pctx->g_x4,
1164 pctx->client_id, pctx->client_id_len,
1165 pctx->server_id, pctx->server_id_len,
1166 session_id2, session_id2_len,
1167 x4_s_proof, x4_s_proof_len,
1168 &pctx->k,
1169 &pctx->h_k_cid_sessid, &pctx->h_k_cid_sessid_len);
1170
1171 bzero(x4_s_proof, x4_s_proof_len);
1172 xfree(x4_s_proof);
1173
1174 JPAKE_DEBUG_CTX((pctx, "confirm sending in %s", __func__));
1175
1176 /* Send key confirmation proof */
1177 packet_start(SSH2_MSG_USERAUTH_JPAKE_CLIENT_CONFIRM);
1178 packet_put_string(pctx->h_k_cid_sessid, pctx->h_k_cid_sessid_len);
1179 packet_send();
1180
1181 /* Expect confirmation from peer */
1182 dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_CONFIRM,
1183 input_userauth_jpake_server_confirm);
1184}
1185
1186/* ARGSUSED */
1187void
1188input_userauth_jpake_server_confirm(int type, u_int32_t seq, void *ctxt)
1189{
1190 Authctxt *authctxt = ctxt;
1191 struct jpake_ctx *pctx = authctxt->methoddata;
1192
1193 /* Disable this message */
1194 dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_CONFIRM, NULL);
1195
1196 pctx->h_k_sid_sessid = packet_get_string(&pctx->h_k_sid_sessid_len);
1197 packet_check_eom();
1198
1199 JPAKE_DEBUG_CTX((pctx, "confirm received in %s", __func__));
1200
1201 /* Verify expected confirmation hash */
1202 if (jpake_check_confirm(pctx->k,
1203 pctx->server_id, pctx->server_id_len,
1204 session_id2, session_id2_len,
1205 pctx->h_k_sid_sessid, pctx->h_k_sid_sessid_len) == 1)
1206 debug("%s: %s success", __func__, authctxt->method->name);
1207 else {
1208 debug("%s: confirmation mismatch", __func__);
1209 /* XXX stash this so if auth succeeds then we can warn/kill */
1210 }
1211
1212 userauth_jpake_cleanup(authctxt);
1213}
1214#endif /* JPAKE */
1215
968static int 1216static int
969identity_sign(Identity *id, u_char **sigp, u_int *lenp, 1217identity_sign(Identity *id, u_char **sigp, u_int *lenp,
970 u_char *data, u_int datalen) 1218 u_char *data, u_int datalen)
@@ -1541,6 +1789,76 @@ userauth_hostbased(Authctxt *authctxt)
1541 return 1; 1789 return 1;
1542} 1790}
1543 1791
1792#ifdef JPAKE
1793int
1794userauth_jpake(Authctxt *authctxt)
1795{
1796 struct jpake_ctx *pctx;
1797 u_char *x1_proof, *x2_proof;
1798 u_int x1_proof_len, x2_proof_len;
1799 static int attempt = 0; /* XXX share with userauth_password's? */
1800
1801 if (attempt++ >= options.number_of_password_prompts)
1802 return 0;
1803 if (attempt != 1)
1804 error("Permission denied, please try again.");
1805
1806 if (authctxt->methoddata != NULL)
1807 fatal("%s: authctxt->methoddata already set (%p)",
1808 __func__, authctxt->methoddata);
1809
1810 authctxt->methoddata = pctx = jpake_new();
1811
1812 /*
1813 * Send request immediately, to get the protocol going while
1814 * we do the initial computations.
1815 */
1816 packet_start(SSH2_MSG_USERAUTH_REQUEST);
1817 packet_put_cstring(authctxt->server_user);
1818 packet_put_cstring(authctxt->service);
1819 packet_put_cstring(authctxt->method->name);
1820 packet_send();
1821 packet_write_wait();
1822
1823 jpake_step1(pctx->grp,
1824 &pctx->client_id, &pctx->client_id_len,
1825 &pctx->x1, &pctx->x2, &pctx->g_x1, &pctx->g_x2,
1826 &x1_proof, &x1_proof_len,
1827 &x2_proof, &x2_proof_len);
1828
1829 JPAKE_DEBUG_CTX((pctx, "step 1 sending in %s", __func__));
1830
1831 packet_start(SSH2_MSG_USERAUTH_JPAKE_CLIENT_STEP1);
1832 packet_put_string(pctx->client_id, pctx->client_id_len);
1833 packet_put_bignum2(pctx->g_x1);
1834 packet_put_bignum2(pctx->g_x2);
1835 packet_put_string(x1_proof, x1_proof_len);
1836 packet_put_string(x2_proof, x2_proof_len);
1837 packet_send();
1838
1839 bzero(x1_proof, x1_proof_len);
1840 bzero(x2_proof, x2_proof_len);
1841 xfree(x1_proof);
1842 xfree(x2_proof);
1843
1844 /* Expect step 1 packet from peer */
1845 dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_STEP1,
1846 input_userauth_jpake_server_step1);
1847
1848 return 1;
1849}
1850
1851void
1852userauth_jpake_cleanup(Authctxt *authctxt)
1853{
1854 debug3("%s: clean up", __func__);
1855 if (authctxt->methoddata != NULL) {
1856 jpake_free(authctxt->methoddata);
1857 authctxt->methoddata = NULL;
1858 }
1859}
1860#endif /* JPAKE */
1861
1544/* find auth method */ 1862/* find auth method */
1545 1863
1546/* 1864/*
@@ -1642,3 +1960,4 @@ authmethods_get(void)
1642 buffer_free(&b); 1960 buffer_free(&b);
1643 return list; 1961 return list;
1644} 1962}
1963
diff --git a/sshd.0 b/sshd.0
index 04d64776e..d6f02324e 100644
--- a/sshd.0
+++ b/sshd.0
@@ -458,8 +458,7 @@ FILES
458 are writable by other users, then the file could be modified or 458 are writable by other users, then the file could be modified or
459 replaced by unauthorized users. In this case, sshd will not al- 459 replaced by unauthorized users. In this case, sshd will not al-
460 low it to be used unless the StrictModes option has been set to 460 low it to be used unless the StrictModes option has been set to
461 ``no''. The recommended permissions can be set by executing 461 ``no''.
462 ``chmod go-w ~/ ~/.ssh ~/.ssh/authorized_keys''.
463 462
464 ~/.ssh/environment 463 ~/.ssh/environment
465 This file is read into the environment at login (if it exists). 464 This file is read into the environment at login (if it exists).
@@ -572,4 +571,4 @@ CAVEATS
572 System security is not improved unless rshd, rlogind, and rexecd are dis- 571 System security is not improved unless rshd, rlogind, and rexecd are dis-
573 abled (thus completely disabling rlogin and rsh into the machine). 572 abled (thus completely disabling rlogin and rsh into the machine).
574 573
575OpenBSD 4.4 July 2, 2008 9 574OpenBSD 4.5 October 3, 2008 9
diff --git a/sshd.8 b/sshd.8
index ae7957648..9541c2f35 100644
--- a/sshd.8
+++ b/sshd.8
@@ -34,8 +34,8 @@
34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36.\" 36.\"
37.\" $OpenBSD: sshd.8,v 1.246 2008/07/02 02:24:18 djm Exp $ 37.\" $OpenBSD: sshd.8,v 1.247 2008/10/03 13:08:12 jmc Exp $
38.Dd $Mdocdate: July 2 2008 $ 38.Dd $Mdocdate: October 3 2008 $
39.Dt SSHD 8 39.Dt SSHD 8
40.Os 40.Os
41.Sh NAME 41.Sh NAME
@@ -744,8 +744,6 @@ will not allow it to be used unless the
744.Cm StrictModes 744.Cm StrictModes
745option has been set to 745option has been set to
746.Dq no . 746.Dq no .
747The recommended permissions can be set by executing
748.Dq chmod go-w ~/ ~/.ssh ~/.ssh/authorized_keys .
749.Pp 747.Pp
750.It ~/.ssh/environment 748.It ~/.ssh/environment
751This file is read into the environment at login (if it exists). 749This file is read into the environment at login (if it exists).
diff --git a/sshd.c b/sshd.c
index 9e03cf3ef..f61d79ec7 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshd.c,v 1.364 2008/07/10 18:08:11 markus Exp $ */ 1/* $OpenBSD: sshd.c,v 1.366 2009/01/22 10:02:34 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -117,7 +117,6 @@
117#include "ssh-gss.h" 117#include "ssh-gss.h"
118#endif 118#endif
119#include "monitor_wrap.h" 119#include "monitor_wrap.h"
120#include "monitor_fdpass.h"
121#include "version.h" 120#include "version.h"
122 121
123#ifdef USE_SECURITY_SESSION_API 122#ifdef USE_SECURITY_SESSION_API
@@ -1373,7 +1372,7 @@ main(int ac, char **av)
1373 exit(1); 1372 exit(1);
1374 } 1373 }
1375 options.ports[options.num_ports++] = a2port(optarg); 1374 options.ports[options.num_ports++] = a2port(optarg);
1376 if (options.ports[options.num_ports-1] == 0) { 1375 if (options.ports[options.num_ports-1] <= 0) {
1377 fprintf(stderr, "Bad port number.\n"); 1376 fprintf(stderr, "Bad port number.\n");
1378 exit(1); 1377 exit(1);
1379 } 1378 }
@@ -2354,9 +2353,11 @@ do_ssh2_kex(void)
2354 kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; 2353 kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
2355 kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; 2354 kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
2356#ifdef GSSAPI 2355#ifdef GSSAPI
2357 kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_server; 2356 if (options.gss_keyex) {
2358 kex->kex[KEX_GSS_GRP14_SHA1] = kexgss_server; 2357 kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_server;
2359 kex->kex[KEX_GSS_GEX_SHA1] = kexgss_server; 2358 kex->kex[KEX_GSS_GRP14_SHA1] = kexgss_server;
2359 kex->kex[KEX_GSS_GEX_SHA1] = kexgss_server;
2360 }
2360#endif 2361#endif
2361 kex->server = 1; 2362 kex->server = 1;
2362 kex->client_version_string=client_version_string; 2363 kex->client_version_string=client_version_string;
diff --git a/sshd_config.0 b/sshd_config.0
index 15a6c9004..067f757de 100644
--- a/sshd_config.0
+++ b/sshd_config.0
@@ -122,9 +122,9 @@ DESCRIPTION
122 ``arcfour256'', ``arcfour'', ``blowfish-cbc'', and 122 ``arcfour256'', ``arcfour'', ``blowfish-cbc'', and
123 ``cast128-cbc''. The default is: 123 ``cast128-cbc''. The default is:
124 124
125 aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128, 125 aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,
126 arcfour256,arcfour,aes192-cbc,aes256-cbc,aes128-ctr, 126 aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,
127 aes192-ctr,aes256-ctr 127 aes256-cbc,arcfour
128 128
129 ClientAliveCountMax 129 ClientAliveCountMax
130 Sets the number of client alive messages (see below) which may be 130 Sets the number of client alive messages (see below) which may be
@@ -337,13 +337,14 @@ DESCRIPTION
337 example, ``192.0.2.0/33'' and ``192.0.2.0/8'' respectively. 337 example, ``192.0.2.0/33'' and ``192.0.2.0/8'' respectively.
338 338
339 Only a subset of keywords may be used on the lines following a 339 Only a subset of keywords may be used on the lines following a
340 Match keyword. Available keywords are AllowTcpForwarding, 340 Match keyword. Available keywords are AllowAgentForwarding,
341 Banner, ChrootDirectory, ForceCommand, GatewayPorts, 341 AllowTcpForwarding, Banner, ChrootDirectory, ForceCommand,
342 GSSAPIAuthentication, HostbasedAuthentication, 342 GatewayPorts, GSSAPIAuthentication, HostbasedAuthentication,
343 KbdInteractiveAuthentication, KerberosAuthentication, 343 KbdInteractiveAuthentication, KerberosAuthentication,
344 MaxAuthTries, MaxSessions, PasswordAuthentication, PermitOpen, 344 MaxAuthTries, MaxSessions, PasswordAuthentication,
345 PermitRootLogin, RhostsRSAAuthentication, RSAAuthentication, 345 PermitEmptyPasswords, PermitOpen, PermitRootLogin,
346 X11DisplayOffset, X11Forwarding, and X11UseLocalHost. 346 RhostsRSAAuthentication, RSAAuthentication, X11DisplayOffset,
347 X11Forwarding and X11UseLocalHost.
347 348
348 MaxAuthTries 349 MaxAuthTries
349 Specifies the maximum number of authentication attempts permitted 350 Specifies the maximum number of authentication attempts permitted
@@ -627,4 +628,4 @@ AUTHORS
627 versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support 628 versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support
628 for privilege separation. 629 for privilege separation.
629 630
630OpenBSD 4.4 July 2, 2008 10 631OpenBSD 4.5 February 22, 2009 10
diff --git a/sshd_config.5 b/sshd_config.5
index d5f19ea3d..15bd8d988 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -34,8 +34,8 @@
34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36.\" 36.\"
37.\" $OpenBSD: sshd_config.5,v 1.96 2008/07/02 02:24:18 djm Exp $ 37.\" $OpenBSD: sshd_config.5,v 1.102 2009/02/22 23:59:25 djm Exp $
38.Dd $Mdocdate: July 2 2008 $ 38.Dd $Mdocdate: February 22 2009 $
39.Dt SSHD_CONFIG 5 39.Dt SSHD_CONFIG 5
40.Os 40.Os
41.Sh NAME 41.Sh NAME
@@ -267,9 +267,9 @@ and
267.Dq cast128-cbc . 267.Dq cast128-cbc .
268The default is: 268The default is:
269.Bd -literal -offset 3n 269.Bd -literal -offset 3n
270aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128, 270aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,
271arcfour256,arcfour,aes192-cbc,aes256-cbc,aes128-ctr, 271aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,
272aes192-ctr,aes256-ctr 272aes256-cbc,arcfour
273.Ed 273.Ed
274.It Cm ClientAliveCountMax 274.It Cm ClientAliveCountMax
275Sets the number of client alive messages (see below) which may be 275Sets the number of client alive messages (see below) which may be
@@ -402,7 +402,7 @@ The default is
402.Dq no . 402.Dq no .
403Note that this option applies to protocol version 2 only. 403Note that this option applies to protocol version 2 only.
404.It Cm GSSAPIKeyExchange 404.It Cm GSSAPIKeyExchange
405Specifies whether key exchange based on GSSAPI is allowed. GSSAPI key exchange 405Specifies whether key exchange based on GSSAPI is allowed. GSSAPI key exchange
406doesn't rely on ssh keys to verify host identity. 406doesn't rely on ssh keys to verify host identity.
407The default is 407The default is
408.Dq no . 408.Dq no .
@@ -430,6 +430,11 @@ Note that this option applies only to protocol version 2 GSSAPI connections,
430and setting it to 430and setting it to
431.Dq no 431.Dq no
432may only work with recent Kerberos GSSAPI libraries. 432may only work with recent Kerberos GSSAPI libraries.
433.It Cm GSSAPIStoreCredentialsOnRekey
434Controls whether the user's GSSAPI credentials should be updated following a
435successful connection rekeying. This option can be used to accepted renewed
436or updated credentials from a compatible client. The default is
437.Dq no .
433.It Cm HostbasedAuthentication 438.It Cm HostbasedAuthentication
434Specifies whether rhosts or /etc/hosts.equiv authentication together 439Specifies whether rhosts or /etc/hosts.equiv authentication together
435with successful public key client host authentication is allowed 440with successful public key client host authentication is allowed
@@ -643,6 +648,7 @@ Only a subset of keywords may be used on the lines following a
643.Cm Match 648.Cm Match
644keyword. 649keyword.
645Available keywords are 650Available keywords are
651.Cm AllowAgentForwarding ,
646.Cm AllowTcpForwarding , 652.Cm AllowTcpForwarding ,
647.Cm Banner , 653.Cm Banner ,
648.Cm ChrootDirectory , 654.Cm ChrootDirectory ,
@@ -655,12 +661,13 @@ Available keywords are
655.Cm MaxAuthTries , 661.Cm MaxAuthTries ,
656.Cm MaxSessions , 662.Cm MaxSessions ,
657.Cm PasswordAuthentication , 663.Cm PasswordAuthentication ,
664.Cm PermitEmptyPasswords ,
658.Cm PermitOpen , 665.Cm PermitOpen ,
659.Cm PermitRootLogin , 666.Cm PermitRootLogin ,
660.Cm RhostsRSAAuthentication , 667.Cm RhostsRSAAuthentication ,
661.Cm RSAAuthentication , 668.Cm RSAAuthentication ,
662.Cm X11DisplayOffset , 669.Cm X11DisplayOffset ,
663.Cm X11Forwarding , 670.Cm X11Forwarding
664and 671and
665.Cm X11UseLocalHost . 672.Cm X11UseLocalHost .
666.It Cm MaxAuthTries 673.It Cm MaxAuthTries
diff --git a/sshpty.c b/sshpty.c
index 5a0d1a7ad..bbbc0fefe 100644
--- a/sshpty.c
+++ b/sshpty.c
@@ -46,6 +46,13 @@
46#define O_NOCTTY 0 46#define O_NOCTTY 0
47#endif 47#endif
48 48
49#ifdef __APPLE__
50# include <AvailabilityMacros.h>
51# if (MAC_OS_X_VERSION_MAX_ALLOWED >= MAC_OS_X_VERSION_10_5)
52# define __APPLE_PRIVPTY__
53# endif
54#endif
55
49/* 56/*
50 * Allocates and opens a pty. Returns 0 if no pty could be allocated, or 57 * Allocates and opens a pty. Returns 0 if no pty could be allocated, or
51 * nonzero if a pty was successfully allocated. On success, open file 58 * nonzero if a pty was successfully allocated. On success, open file
@@ -78,10 +85,12 @@ pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, size_t namebuflen)
78void 85void
79pty_release(const char *tty) 86pty_release(const char *tty)
80{ 87{
88#ifndef __APPLE_PRIVPTY__
81 if (chown(tty, (uid_t) 0, (gid_t) 0) < 0) 89 if (chown(tty, (uid_t) 0, (gid_t) 0) < 0)
82 error("chown %.100s 0 0 failed: %.100s", tty, strerror(errno)); 90 error("chown %.100s 0 0 failed: %.100s", tty, strerror(errno));
83 if (chmod(tty, (mode_t) 0666) < 0) 91 if (chmod(tty, (mode_t) 0666) < 0)
84 error("chmod %.100s 0666 failed: %.100s", tty, strerror(errno)); 92 error("chmod %.100s 0666 failed: %.100s", tty, strerror(errno));
93#endif /* __APPLE_PRIVPTY__ */
85} 94}
86 95
87/* Makes the tty the process's controlling tty and sets it to sane modes. */ 96/* Makes the tty the process's controlling tty and sets it to sane modes. */
diff --git a/ttymodes.c b/ttymodes.c
index e116b1999..6f51b8a70 100644
--- a/ttymodes.c
+++ b/ttymodes.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ttymodes.c,v 1.28 2008/07/07 00:31:41 stevesk Exp $ */ 1/* $OpenBSD: ttymodes.c,v 1.29 2008/11/02 00:16:16 stevesk Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -311,11 +311,9 @@ tty_make_modes(int fd, struct termios *tiop)
311 311
312 /* Store input and output baud rates. */ 312 /* Store input and output baud rates. */
313 baud = speed_to_baud(cfgetospeed(&tio)); 313 baud = speed_to_baud(cfgetospeed(&tio));
314 debug3("tty_make_modes: ospeed %d", baud);
315 buffer_put_char(&buf, tty_op_ospeed); 314 buffer_put_char(&buf, tty_op_ospeed);
316 buffer_put_int(&buf, baud); 315 buffer_put_int(&buf, baud);
317 baud = speed_to_baud(cfgetispeed(&tio)); 316 baud = speed_to_baud(cfgetispeed(&tio));
318 debug3("tty_make_modes: ispeed %d", baud);
319 buffer_put_char(&buf, tty_op_ispeed); 317 buffer_put_char(&buf, tty_op_ispeed);
320 buffer_put_int(&buf, baud); 318 buffer_put_int(&buf, baud);
321 319
@@ -359,7 +357,6 @@ tty_parse_modes(int fd, int *n_bytes_ptr)
359 357
360 if (compat20) { 358 if (compat20) {
361 *n_bytes_ptr = packet_get_int(); 359 *n_bytes_ptr = packet_get_int();
362 debug3("tty_parse_modes: SSH2 n_bytes %d", *n_bytes_ptr);
363 if (*n_bytes_ptr == 0) 360 if (*n_bytes_ptr == 0)
364 return; 361 return;
365 get_arg = packet_get_int; 362 get_arg = packet_get_int;
@@ -391,7 +388,6 @@ tty_parse_modes(int fd, int *n_bytes_ptr)
391 case TTY_OP_ISPEED_PROTO2: 388 case TTY_OP_ISPEED_PROTO2:
392 n_bytes += 4; 389 n_bytes += 4;
393 baud = packet_get_int(); 390 baud = packet_get_int();
394 debug3("tty_parse_modes: ispeed %d", baud);
395 if (failure != -1 && 391 if (failure != -1 &&
396 cfsetispeed(&tio, baud_to_speed(baud)) == -1) 392 cfsetispeed(&tio, baud_to_speed(baud)) == -1)
397 error("cfsetispeed failed for %d", baud); 393 error("cfsetispeed failed for %d", baud);
@@ -402,7 +398,6 @@ tty_parse_modes(int fd, int *n_bytes_ptr)
402 case TTY_OP_OSPEED_PROTO2: 398 case TTY_OP_OSPEED_PROTO2:
403 n_bytes += 4; 399 n_bytes += 4;
404 baud = packet_get_int(); 400 baud = packet_get_int();
405 debug3("tty_parse_modes: ospeed %d", baud);
406 if (failure != -1 && 401 if (failure != -1 &&
407 cfsetospeed(&tio, baud_to_speed(baud)) == -1) 402 cfsetospeed(&tio, baud_to_speed(baud)) == -1)
408 error("cfsetospeed failed for %d", baud); 403 error("cfsetospeed failed for %d", baud);
diff --git a/uidswap.c b/uidswap.c
index 91d878c30..837648396 100644
--- a/uidswap.c
+++ b/uidswap.c
@@ -233,6 +233,16 @@ permanently_set_uid(struct passwd *pw)
233 fatal("setgid %u: %.100s", (u_int)pw->pw_gid, strerror(errno)); 233 fatal("setgid %u: %.100s", (u_int)pw->pw_gid, strerror(errno));
234#endif 234#endif
235 235
236#ifdef __APPLE__
237 /*
238 * OS X requires initgroups after setgid to opt back into
239 * memberd support for >16 supplemental groups.
240 */
241 if (initgroups(pw->pw_name, pw->pw_gid) < 0)
242 fatal("initgroups %.100s %u: %.100s",
243 pw->pw_name, (u_int)pw->pw_gid, strerror(errno));
244#endif
245
236#if defined(HAVE_SETRESUID) && !defined(BROKEN_SETRESUID) 246#if defined(HAVE_SETRESUID) && !defined(BROKEN_SETRESUID)
237 if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) < 0) 247 if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) < 0)
238 fatal("setresuid %u: %.100s", (u_int)pw->pw_uid, strerror(errno)); 248 fatal("setresuid %u: %.100s", (u_int)pw->pw_uid, strerror(errno));
diff --git a/version.h b/version.h
index e2866b9c5..79af60194 100644
--- a/version.h
+++ b/version.h
@@ -1,6 +1,6 @@
1/* $OpenBSD: version.h,v 1.54 2008/07/21 08:19:07 djm Exp $ */ 1/* $OpenBSD: version.h,v 1.55 2009/02/23 00:06:15 djm Exp $ */
2 2
3#define SSH_VERSION "OpenSSH_5.1" 3#define SSH_VERSION "OpenSSH_5.2"
4 4
5#define SSH_PORTABLE "p1" 5#define SSH_PORTABLE "p1"
6#ifdef SSH_EXTRAVERSION 6#ifdef SSH_EXTRAVERSION